From 1db59c85d7d81146179ba82d1fd463723f6ec5d9 Mon Sep 17 00:00:00 2001 From: "donatohorn@gmail.com" Date: Sun, 17 Jul 2022 20:42:31 -0300 Subject: [PATCH 001/537] [pt-br] add content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md --- .../configure-runasusername.md | 148 ++++++++++++++++++ .../windows/run-as-username-container.yaml | 17 ++ .../examples/windows/run-as-username-pod.yaml | 14 ++ 3 files changed, 179 insertions(+) create mode 100644 content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md create mode 100644 content/pt-br/examples/windows/run-as-username-container.yaml create mode 100644 content/pt-br/examples/windows/run-as-username-pod.yaml diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md new file mode 100644 index 0000000000000..f976f0aca994a --- /dev/null +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md @@ -0,0 +1,148 @@ +--- +title: Configurando `RunAsUserName` Para Pods e Contêineres Windows +content_type: task +weight: 20 +update_date: 2022-07-17 +origin_version: 1.24 +contributors: DonatoHorn +reviewers: +--- + + + +{{< feature-state for_k8s_version="v1.18" state="stable" >}} + +Esta página mostra como usar a configuração `runAsUserName` para Pods +e contêineres que serão executados em nós Windows. Isso é aproximadamente +equivalente à configuração `runAsUser` específica do Linux, permitindo a você +executar aplicativos em um contêiner com um nome de usuário diferente do padrão. + +## {{% heading "prerequisites" %}} + +Você precisa ter um cluster Kubernetes, e a ferramenta de linha de comando Kubectl +deve ser configurada para se comunicar com o seu cluster. Espera-se que o cluster +tenha nós `worker Windows`, onde os Pods com contêineres executando as cargas de trabalho do Windows, +serão agendados. + + + +## Defina o nome de usuário para um Pod + +Para especificar o nome de usuário com o qual executar os processos de contêiner do Pod, +inclua o campo `securityContext` ([SecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) +na especificação do Pod, e dentro dela, o campo `WindowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) +contendo o campo `runAsUserName`. + +As opções de contexto de segurança do Windows que você especificar para um Pod, +se aplicam a todos os Contêineres do Pod, inclusive os de inicialização. + +Aqui está um arquivo de configuração para um Pod do Windows que possui o campo +`runAsUserName` definido: + +{{< codenew file="windows/run-as-username-pod.yaml" >}} + +Crie o Pod: + +```shell +kubectl apply -f https://k8s.io/examples/windows/run-as-username-pod.yaml +``` + +Verifique se o contêiner do pod está em execução: + +```shell +kubectl get pod run-as-username-pod-demo +``` + +Abra um shell para o Contêiner em execução: + +```shell +kubectl exec -it run-as-username-pod-demo -- powershell +``` + +Verifique se o shell está executando com o nome de usuário correto: + +```powershell +echo $env:USERNAME +``` + +A saída deve ser: + +``` +ContainerUser +``` + +## Defina o nome de usuário para o Contêiner + +Para especificar o nome de usuário com o qual executar os processos de um Contêiner, +inclua o campo `SecurityContext` ([SecurityContext] +(/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) +no manifesto do Contêiner, e dentro dele, o campo `WindowsOptions` +([WindowsSecurityContextOptions] (/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) +contendo o campo `runAsUserName`. + +As opções de contexto de segurança do Windows que você especificar para um Contêiner, +se aplicam apenas a esse Contêiner individual, e substituem as configurações feitas +no nível do Pod. + +Aqui está o arquivo de configuração para um pod que possui um Contêiner, +e o campo `runAsUserName` está definido no nível do Pod e no nível do Contêiner: + +{{< codenew file="windows/run-as-username-container.yaml" >}} + +Crie o Pod: + +```shell +kubectl apply -f https://k8s.io/examples/windows/run-as-username-container.yaml +``` + +Verifique se o Contêiner do Pod está em execução: + +```shell +kubectl get pod run-as-username-container-demo +``` + +Abra um shell para o contêiner em execução: + +```shell +kubectl exec -it run-as-username-container-demo -- powershell +``` + +Verifique se o shell está executando o usuário correto, (aquele definido no nível do Contêiner): + +```powershell +echo $env:USERNAME +``` + +A saída deve ser: + +``` +ContainerAdministrator +``` + +## Limitações de nomes de usuários no Windows + +Para usar esse recurso, o valor definido no campo `runAsUserName` deve ser um nome +de usuário válido. Deve ter o seguinte formato: `DOMAIN\USER`, onde ` DOMAIN\` +é opcional. Os nomes de usuário do Windows não diferenciam letras maiúsculas +e minúsculas. Além disso, existem algumas restrições em relação ao `DOMÍNIO` e `USUÁRIO`: +- O campo `runAsUserName`: não pode estar vazio, e não pode conter caracteres + de contrôle (Valores ASCII : `0x00-0x1F`, `0x7F`) +- O nome de `DOMÍNIO` NetBios, ou um nome de DNS: cada um com suas próprias restrições: + - Nomes NetBios: máximo de 15 caracteres, não podem iniciar com `.` (ponto), + e não podem conter os seguintes caracteres: `\ / : * ? " < > |` + - Nomes DNS: máximo de 255 caracteres, contendo apenas caracteres alfanuméricos, + pontos, e traços, e não podem iniciar ou terminar com um `.` (ponto) ou `-` (traço). +- O `USUÁRIO`: deve ter no máximo 20 caracteres, não pode conter *somente* pontos ou espaços, + e não pode conter os seguintes caracteres: `" / \ [ ] : ; | = , + * ? < > @`. + +Exemplos de valores aceitáveis para o campo `runAsUserName`: `ContainerAdministrator`, +`ContainerUser`, `NT AUTHORITY\NETWORK SERVICE`, `NT AUTHORITY\LOCAL SERVICE`. + +Para mais informações sobre estas limitações, verifique [aqui](https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and) e [aqui](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1). + +## {{% heading "whatsnext" %}} + +* [Guia para agendar contêineres Windows em Kubernetes](/docs/concepts/windows/user-guide/) +* [Gerenciando Identidade de Cargas de Trabalho com Contas de Serviço Gerenciadas em Grupo (GMSA)](/docs/concepts/windows/user-guide/#managing-workload-identity-with-group-managed-service-accounts) +* [Configure GMSA para pods e contêineres Windows](/docs/tasks/configure-pod-container/configure-gmsa/) + diff --git a/content/pt-br/examples/windows/run-as-username-container.yaml b/content/pt-br/examples/windows/run-as-username-container.yaml new file mode 100644 index 0000000000000..77b7b2d18813b --- /dev/null +++ b/content/pt-br/examples/windows/run-as-username-container.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Pod +metadata: + name: run-as-username-container-demo +spec: + securityContext: + windowsOptions: + runAsUserName: "ContainerUser" + containers: + - name: run-as-username-demo + image: mcr.microsoft.com/windows/servercore:ltsc2019 + command: ["ping", "-t", "localhost"] + securityContext: + windowsOptions: + runAsUserName: "ContainerAdministrator" + nodeSelector: + kubernetes.io/os: windows diff --git a/content/pt-br/examples/windows/run-as-username-pod.yaml b/content/pt-br/examples/windows/run-as-username-pod.yaml new file mode 100644 index 0000000000000..d62bf93efc9b3 --- /dev/null +++ b/content/pt-br/examples/windows/run-as-username-pod.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: run-as-username-pod-demo +spec: + securityContext: + windowsOptions: + runAsUserName: "ContainerUser" + containers: + - name: run-as-username-demo + image: mcr.microsoft.com/windows/servercore:ltsc2019 + command: ["ping", "-t", "localhost"] + nodeSelector: + kubernetes.io/os: windows \ No newline at end of file From 9b53715daa3cf596890f54c6308e158c65383902 Mon Sep 17 00:00:00 2001 From: "donatohorn@gmail.com" Date: Mon, 18 Jul 2022 00:13:38 -0300 Subject: [PATCH 002/537] [pt-br] add content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md --- .../configure-volume-storage.md | 146 ++++++++++++++++++ .../pt-br/examples/pods/storage/redis.yaml | 14 ++ 2 files changed, 160 insertions(+) create mode 100644 content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md create mode 100644 content/pt-br/examples/pods/storage/redis.yaml diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md new file mode 100644 index 0000000000000..396804ac8a3db --- /dev/null +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -0,0 +1,146 @@ +--- +title: Configurando um Pod Para Usar um Volume Para Armazenamento +content_type: task +weight: 50 +update_date: 2022-07-18 +origin_version: 1.24 +contributors: DonatoHorn +reviewers: +--- + + + +Esta página mostra como configurar um Pod para usar um Volume para armazenamento. + +O sistema de arquivos de um contêiner apenas existe enquanto o contêiner existir. +Então, quando um contêiner termina e reinicia, as alterações do sistema de arquivos +são perdidas. +Para um armazenamento mais consistente, independente do contêiner, você pode usar um +[Volume](/docs/concepts/storage/volumes/). Isso é especialmente importante para aplicações +`stateful`, tal como armazenamentos chave-valor (tal como Redis) e bancos de dados. + + + +## {{% heading "prerequisites" %}} + + +{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} + + + + + +## Configure um volume para um Pod + +Neste exercício, você cria um Pod que executa um contêiner. Este Pod tem um +Volume do tipo [emptyDir](/docs/concepts/storage/volumes/#emptydir) +que persiste durante a existência do Pod, mesmo que o contêiner termine e +reinicie. Aqui está o arquivo de configuração para o pod: + +{{< codenew file="pods/storage/redis.yaml" >}} + +1. Crie o Pod: + + ```shell + kubectl apply -f https://k8s.io/examples/pods/storage/redis.yaml + ``` + +1. Verifique se o contêiner do pod está funcionando, e então procure por mudanças no Pod: + + ```shell + kubectl get pod redis --watch + ``` + + A saída se parece com isso: + + ```shell + NAME READY STATUS RESTARTS AGE + redis 1/1 Running 0 13s + ``` + +1. Em outro terminal, pegue um shell para o contêiner em execução: + + ```shell + kubectl exec -it redis -- /bin/bash + ``` + +1. No seu shell, vá para `/data/redis`, e então crie um arquivo: + + ```shell + root@redis:/data# cd /data/redis/ + root@redis:/data/redis# echo Hello > test-file + ``` + +1. No seu shell, liste os processos em execução: + + ```shell + root@redis:/data/redis# apt-get update + root@redis:/data/redis# apt-get install procps + root@redis:/data/redis# ps aux + ``` + + A saída é semelhante a esta: + + ```shell + USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND + redis 1 0.1 0.1 33308 3828 ? Ssl 00:46 0:00 redis-server *:6379 + root 12 0.0 0.0 20228 3020 ? Ss 00:47 0:00 /bin/bash + root 15 0.0 0.0 17500 2072 ? R+ 00:48 0:00 ps aux + ``` + +1. Em seu shell, encerre o processo do Redis: + + ```shell + root@redis:/data/redis# kill + ``` + + Onde `` é o process ID (PID) do Redis. + +1. No seu terminal original, preste atenção nas mudanças no Pod do Redis. +Eventualmente, você vai ver algo assim: + + ```shell + NAME READY STATUS RESTARTS AGE + redis 1/1 Running 0 13s + redis 0/1 Completed 0 6m + redis 1/1 Running 1 6m + ``` + +Neste ponto, o Contêiner terminou e reiniciou. Isso porque o Pod do Redis tem uma +[`restartPolicy`](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core) +de `Always`. + +1. Abra um shell dentro do Contêiner reiniciado: + + ```shell + kubectl exec -it redis -- /bin/bash + ``` + +1. No seu shell, vá para `/data/redis`, e verifique se `test-file` ainda está lá. + ```shell + root@redis:/data/redis# cd /data/redis/ + root@redis:/data/redis# ls + test-file + ``` + +1. Exclua o pod que você criou para este exercício: + + ```shell + kubectl delete pod redis + ``` + + + +## {{% heading "whatsnext" %}} + + +* Veja [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core). + +* Veja [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core). + +* Além do armazenamento de disco local fornecido por `emptyDir`, o Kubernetes +suporta muitas soluções de armazenamento diferentes, conectadas via rede, incluindo PD na +GCE e EBS na EC2, que são preferidos para dados críticos e vão lidar com os +detalhes, como montar e desmontar os dispositivos nos Nós. Veja +[Volumes](/docs/concepts/storage/volumes/) para mais detalhes. + diff --git a/content/pt-br/examples/pods/storage/redis.yaml b/content/pt-br/examples/pods/storage/redis.yaml new file mode 100644 index 0000000000000..cb06456d4b315 --- /dev/null +++ b/content/pt-br/examples/pods/storage/redis.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: redis +spec: + containers: + - name: redis + image: redis + volumeMounts: + - name: redis-storage + mountPath: /data/redis + volumes: + - name: redis-storage + emptyDir: {} From 0ccc0ffaa884ea8b7c1d2187a94fd779745f4f66 Mon Sep 17 00:00:00 2001 From: "donatohorn@gmail.com" Date: Fri, 22 Jul 2022 17:42:45 -0300 Subject: [PATCH 003/537] [pt-br] content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md --- .../tasks/configure-pod-container/configure-volume-storage.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md index 396804ac8a3db..8687c19ab7485 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -2,10 +2,6 @@ title: Configurando um Pod Para Usar um Volume Para Armazenamento content_type: task weight: 50 -update_date: 2022-07-18 -origin_version: 1.24 -contributors: DonatoHorn -reviewers: --- From 545c2fddfe2d03cba5ff95cbed28a8c082265e9a Mon Sep 17 00:00:00 2001 From: "donatohorn@gmail.com" Date: Fri, 22 Jul 2022 17:51:14 -0300 Subject: [PATCH 004/537] [pt-br] content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md --- .../tasks/configure-pod-container/configure-runasusername.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md index f976f0aca994a..16b1d01f747fe 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md @@ -2,10 +2,6 @@ title: Configurando `RunAsUserName` Para Pods e Contêineres Windows content_type: task weight: 20 -update_date: 2022-07-17 -origin_version: 1.24 -contributors: DonatoHorn -reviewers: --- From 075fc7e4abd75efa0232cad0971b3e434eaf614b Mon Sep 17 00:00:00 2001 From: "donatohorn@gmail.com" Date: Sat, 13 Aug 2022 13:46:44 -0300 Subject: [PATCH 005/537] [pt-br] add content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md --- .../configure-runasusername.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md index 16b1d01f747fe..4116a9c5f8993 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md @@ -30,7 +30,7 @@ na especificação do Pod, e dentro dela, o campo `WindowsOptions` ([WindowsSecu contendo o campo `runAsUserName`. As opções de contexto de segurança do Windows que você especificar para um Pod, -se aplicam a todos os Contêineres do Pod, inclusive os de inicialização. +se aplicam a todos os contêineres do Pod, inclusive os de inicialização. Aqui está um arquivo de configuração para um Pod do Windows que possui o campo `runAsUserName` definido: @@ -49,7 +49,7 @@ Verifique se o contêiner do pod está em execução: kubectl get pod run-as-username-pod-demo ``` -Abra um shell para o Contêiner em execução: +Abra um shell para o contêiner em execução: ```shell kubectl exec -it run-as-username-pod-demo -- powershell @@ -67,21 +67,21 @@ A saída deve ser: ContainerUser ``` -## Defina o nome de usuário para o Contêiner +## Defina o nome de usuário para o contêiner -Para especificar o nome de usuário com o qual executar os processos de um Contêiner, +Para especificar o nome de usuário com o qual executar os processos de um contêiner, inclua o campo `SecurityContext` ([SecurityContext] (/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) -no manifesto do Contêiner, e dentro dele, o campo `WindowsOptions` +no manifesto do contêiner, e dentro dele, o campo `WindowsOptions` ([WindowsSecurityContextOptions] (/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) contendo o campo `runAsUserName`. -As opções de contexto de segurança do Windows que você especificar para um Contêiner, -se aplicam apenas a esse Contêiner individual, e substituem as configurações feitas +As opções de contexto de segurança do Windows que você especificar para um contêiner, +se aplicam apenas a esse contêiner individual, e substituem as configurações feitas no nível do Pod. -Aqui está o arquivo de configuração para um pod que possui um Contêiner, -e o campo `runAsUserName` está definido no nível do Pod e no nível do Contêiner: +Aqui está o arquivo de configuração para um pod que possui um contêiner, +e o campo `runAsUserName` está definido no nível do Pod e no nível do contêiner: {{< codenew file="windows/run-as-username-container.yaml" >}} @@ -91,7 +91,7 @@ Crie o Pod: kubectl apply -f https://k8s.io/examples/windows/run-as-username-container.yaml ``` -Verifique se o Contêiner do Pod está em execução: +Verifique se o contêiner do Pod está em execução: ```shell kubectl get pod run-as-username-container-demo @@ -103,7 +103,7 @@ Abra um shell para o contêiner em execução: kubectl exec -it run-as-username-container-demo -- powershell ``` -Verifique se o shell está executando o usuário correto, (aquele definido no nível do Contêiner): +Verifique se o shell está executando o usuário correto, (aquele definido no nível do contêiner): ```powershell echo $env:USERNAME @@ -122,7 +122,7 @@ de usuário válido. Deve ter o seguinte formato: `DOMAIN\USER`, onde ` DOMAIN\` é opcional. Os nomes de usuário do Windows não diferenciam letras maiúsculas e minúsculas. Além disso, existem algumas restrições em relação ao `DOMÍNIO` e `USUÁRIO`: - O campo `runAsUserName`: não pode estar vazio, e não pode conter caracteres - de contrôle (Valores ASCII : `0x00-0x1F`, `0x7F`) + de controle (Valores ASCII : `0x00-0x1F`, `0x7F`) - O nome de `DOMÍNIO` NetBios, ou um nome de DNS: cada um com suas próprias restrições: - Nomes NetBios: máximo de 15 caracteres, não podem iniciar com `.` (ponto), e não podem conter os seguintes caracteres: `\ / : * ? " < > |` From f73467052e2c0832af25e08a0f5ddcec92eadd6e Mon Sep 17 00:00:00 2001 From: "donatohorn@gmail.com" Date: Wed, 17 Aug 2022 23:58:00 -0300 Subject: [PATCH 006/537] [pt-br] add content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md --- .../tasks/configure-pod-container/configure-runasusername.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md index 4116a9c5f8993..76f5b5e30e3a3 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md @@ -138,7 +138,7 @@ Para mais informações sobre estas limitações, verifique [aqui](https://suppo ## {{% heading "whatsnext" %}} -* [Guia para agendar contêineres Windows em Kubernetes](/docs/concepts/windows/user-guide/) +* [Guia Para Agendar Contêineres Windows em Kubernetes](/docs/concepts/windows/user-guide/) * [Gerenciando Identidade de Cargas de Trabalho com Contas de Serviço Gerenciadas em Grupo (GMSA)](/docs/concepts/windows/user-guide/#managing-workload-identity-with-group-managed-service-accounts) -* [Configure GMSA para pods e contêineres Windows](/docs/tasks/configure-pod-container/configure-gmsa/) +* [Configure GMSA Para Pods e Contêineres Windows](/docs/tasks/configure-pod-container/configure-gmsa/) From 743b9f37e7042cf19677c2ddb0ad802d25b6ce6f Mon Sep 17 00:00:00 2001 From: Bishal Das Date: Thu, 25 Aug 2022 09:46:03 +0530 Subject: [PATCH 007/537] Add docker.md Signed-off-by: Bishal Das --- content/hi/docs/reference/glossary/docker.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 content/hi/docs/reference/glossary/docker.md diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md new file mode 100644 index 0000000000000..1e15be707a334 --- /dev/null +++ b/content/hi/docs/reference/glossary/docker.md @@ -0,0 +1,18 @@ +--- +title: डोकर (Docker) +id: docker +date: 2018-04-12 +full_link: https://docs.docker.com/engine/ +short_description: > + डोकर एक सॉफ्टवेयर प्रौद्योगिकी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे कंटेनर भी कहा जाता है। + +aka: +tags: + - fundamental +--- + +डोकर (विशेष रूप से, डोकर इंजन) एक सॉफ्टवेयर प्रौद्योगिकी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे {{< glossary_tooltip text="कंटेनर" term_id="container" >}} भी कहा जाता है। + + + +डोकर लिनक्स कर्नेल के संसाधन अलगाव सुविधाओं का उपयोग करता है जैसे कि cgroups और कर्नेल नेमस्पेस, और एक संघ-सक्षम फ़ाइल सिस्टम जैसे कि OverlayFS और अन्य स्वतंत्र कंटेनरों को एक लिनक्स इंस्टेंस के भीतर चलाने की अनुमति देते हैं, वर्चुअल मशीन (भीएम) को शुरू करने और बनाए रखने के ऊपरी हिस्से से बचते हैं। From ed5091b2cdf8cc09e47d9e2b6e968d3922ab95c7 Mon Sep 17 00:00:00 2001 From: Bishal das <70086051+bishal7679@users.noreply.github.com> Date: Thu, 25 Aug 2022 11:24:31 +0530 Subject: [PATCH 008/537] Update content/hi/docs/reference/glossary/docker.md Co-authored-by: divya-mohan0209 --- content/hi/docs/reference/glossary/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md index 1e15be707a334..a260593f25439 100644 --- a/content/hi/docs/reference/glossary/docker.md +++ b/content/hi/docs/reference/glossary/docker.md @@ -4,7 +4,7 @@ id: docker date: 2018-04-12 full_link: https://docs.docker.com/engine/ short_description: > - डोकर एक सॉफ्टवेयर प्रौद्योगिकी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे कंटेनर भी कहा जाता है। + डोकर एक सॉफ्टवेयर टैकनोलजी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे कंटेनर भी कहा जाता है। aka: tags: From 9d9d32cdb5ed27924ffe7bdc98f016fc4c92c6cc Mon Sep 17 00:00:00 2001 From: Bishal das <70086051+bishal7679@users.noreply.github.com> Date: Thu, 25 Aug 2022 11:24:43 +0530 Subject: [PATCH 009/537] Update content/hi/docs/reference/glossary/docker.md Co-authored-by: divya-mohan0209 --- content/hi/docs/reference/glossary/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md index a260593f25439..abb4822fd104c 100644 --- a/content/hi/docs/reference/glossary/docker.md +++ b/content/hi/docs/reference/glossary/docker.md @@ -11,7 +11,7 @@ tags: - fundamental --- -डोकर (विशेष रूप से, डोकर इंजन) एक सॉफ्टवेयर प्रौद्योगिकी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे {{< glossary_tooltip text="कंटेनर" term_id="container" >}} भी कहा जाता है। +डोकर (विशेष रूप से, डोकर इंजन) एक सॉफ्टवेयर टैकनोलजी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे {{< glossary_tooltip text="कंटेनर" term_id="container" >}} भी कहा जाता है। From 1518132f9c320caf64603e464f221b9d7f0b77ce Mon Sep 17 00:00:00 2001 From: Joe McMahon Date: Mon, 24 Oct 2022 00:57:07 -0700 Subject: [PATCH 010/537] 31483: clarify monitoring language - Original wording seemed to be tacitly encouraging Prometheus as the preferred monitoring solution, and was confusing to non-native speakers as written. - Remove direct references to Prometheus. - Emphasize that the Kubernetes docs are not in the business of telling you how to monitor Kubernetes. - Note that any monitoring should understand OpenMetrics. - Link to the CNCF landscape site, picking out the options for anyone who isn't sure what options they have - Note that the specific choice is part of the overall design of the infrastructure platform. --- .../debug-cluster/resource-usage-monitoring.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md b/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md index 3c270b8122fc9..adc63ece40985 100644 --- a/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md +++ b/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md @@ -57,10 +57,17 @@ respond to these metrics by automatically scaling or adapting the cluster based on its current state, using mechanisms such as the Horizontal Pod Autoscaler. The monitoring pipeline fetches metrics from the kubelet and then exposes them to Kubernetes via an adapter by implementing either the -`custom.metrics.k8s.io` or `external.metrics.k8s.io` API. +`custom.metrics.k8s.io` or `external.metrics.k8s.io` API. -[Prometheus](https://prometheus.io), a CNCF project, can natively monitor Kubernetes, nodes, and Prometheus itself. -Full metrics pipeline projects that are not part of the CNCF are outside the scope of Kubernetes documentation. +Integration of a full metrics pipeline into your Kubernetes implementation is outside +the scope of Kubernetes documentation because of the very wide scope of possible +solutions. + +The choice of monitoring platform depends heavily on your needs, budget, and technical resources. +Kubernetes does not recommend any specific metrics pipeline; [many options](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars) are available. +Your monitoring system should be capable of handling the [OpenMetrics](https://openmetrics.io/) metrics +transmission standard, and needs to chosen to best fit in to your overall design and deployment of +your infrastructure platform. ## {{% heading "whatsnext" %}} From 036695740e313400984e5953b01ae67b4ed56fa6 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 22 Aug 2022 20:19:46 +0800 Subject: [PATCH 011/537] Format markdown on the ingress-minikube page This PR adjusts the indentation and line-wrapping on the ingress-minikube page. --- .../ingress-minikube.md | 184 ++++++++++-------- 1 file changed, 103 insertions(+), 81 deletions(-) diff --git a/content/en/docs/tasks/access-application-cluster/ingress-minikube.md b/content/en/docs/tasks/access-application-cluster/ingress-minikube.md index 251bebbaeff4e..9459b7b665350 100644 --- a/content/en/docs/tasks/access-application-cluster/ingress-minikube.md +++ b/content/en/docs/tasks/access-application-cluster/ingress-minikube.md @@ -7,20 +7,18 @@ min-kubernetes-server-version: 1.19 -An [Ingress](/docs/concepts/services-networking/ingress/) is an API object that defines rules which allow external access -to services in a cluster. An [Ingress controller](/docs/concepts/services-networking/ingress-controllers/) fulfills the rules set in the Ingress. - -This page shows you how to set up a simple Ingress which routes requests to Service web or web2 depending on the HTTP URI. - +An [Ingress](/docs/concepts/services-networking/ingress/) is an API object that defines rules +which allow external access to services in a cluster. An +[Ingress controller](/docs/concepts/services-networking/ingress-controllers/) +fulfills the rules set in the Ingress. +This page shows you how to set up a simple Ingress which routes requests to Service 'web' or +'web2' depending on the HTTP URI. ## {{% heading "prerequisites" %}} - {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} -If you are using an older Kubernetes version, switch to the documentation -for that version. - +If you are using an older Kubernetes version, switch to the documentation for that version. ### Create a Minikube cluster @@ -37,49 +35,60 @@ Locally 1. To enable the NGINX Ingress controller, run the following command: - ```shell - minikube addons enable ingress - ``` + ```shell + minikube addons enable ingress + ``` 1. Verify that the NGINX Ingress controller is running {{< tabs name="tab_with_md" >}} {{% tab name="minikube v1.19 or later" %}} -```shell -kubectl get pods -n ingress-nginx -``` - {{< note >}}It can take up to a minute before you see these pods running OK.{{< /note >}} + + ```shell + kubectl get pods -n ingress-nginx + ``` + + {{< note >}} + It can take up to a minute before you see these pods running OK. + {{< /note >}} The output is similar to: -``` -NAME READY STATUS RESTARTS AGE -ingress-nginx-admission-create-g9g49 0/1 Completed 0 11m -ingress-nginx-admission-patch-rqp78 0/1 Completed 1 11m -ingress-nginx-controller-59b45fb494-26npt 1/1 Running 0 11m -``` + ```none + NAME READY STATUS RESTARTS AGE + ingress-nginx-admission-create-g9g49 0/1 Completed 0 11m + ingress-nginx-admission-patch-rqp78 0/1 Completed 1 11m + ingress-nginx-controller-59b45fb494-26npt 1/1 Running 0 11m + ``` {{% /tab %}} + {{% tab name="minikube v1.18.1 or earlier" %}} -```shell -kubectl get pods -n kube-system -``` - {{< note >}}It can take up to a minute before you see these pods running OK.{{< /note >}} + + ```shell + kubectl get pods -n kube-system + ``` + + {{< note >}} + It can take up to a minute before you see these pods running OK. + {{< /note >}} The output is similar to: -``` -NAME READY STATUS RESTARTS AGE -default-http-backend-59868b7dd6-xb8tq 1/1 Running 0 1m -kube-addon-manager-minikube 1/1 Running 0 3m -kube-dns-6dcb57bcc8-n4xd4 3/3 Running 0 2m -kubernetes-dashboard-5498ccf677-b8p5h 1/1 Running 0 2m -nginx-ingress-controller-5984b97644-rnkrg 1/1 Running 0 1m -storage-provisioner 1/1 Running 0 2m -``` - - Make sure that you see a Pod with a name that starts with `nginx-ingress-controller-`. + ```none + NAME READY STATUS RESTARTS AGE + default-http-backend-59868b7dd6-xb8tq 1/1 Running 0 1m + kube-addon-manager-minikube 1/1 Running 0 3m + kube-dns-6dcb57bcc8-n4xd4 3/3 Running 0 2m + kubernetes-dashboard-5498ccf677-b8p5h 1/1 Running 0 2m + nginx-ingress-controller-5984b97644-rnkrg 1/1 Running 0 1m + storage-provisioner 1/1 Running 0 2m + ``` + + Make sure that you see a Pod with a name that starts with `nginx-ingress-controller-`. + {{% /tab %}} + {{< /tabs >}} ## Deploy a hello, world app @@ -92,7 +101,7 @@ storage-provisioner 1/1 Running 0 2m The output should be: - ``` + ```none deployment.apps/web created ``` @@ -104,19 +113,19 @@ storage-provisioner 1/1 Running 0 2m The output should be: - ``` + ```none service/web exposed ``` 1. Verify the Service is created and is available on a node port: - ```shell + ```shell kubectl get service web ``` The output is similar to: - ``` + ```none NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE web NodePort 10.104.133.249 8080:31637/TCP 12m ``` @@ -129,26 +138,31 @@ storage-provisioner 1/1 Running 0 2m The output is similar to: - ``` + ```none http://172.17.0.15:31637 ``` - {{< note >}}Katacoda environment only: at the top of the terminal panel, click the plus sign, and then click **Select port to view on Host 1**. Enter the NodePort, in this case `31637`, and then click **Display Port**.{{< /note >}} + {{< note >}} + Katacoda environment only: at the top of the terminal panel, click the plus sign, + and then click **Select port to view on Host 1**. Enter the NodePort value, + in this case `31637`, and then click **Display Port**. + {{< /note >}} The output is similar to: - ``` + ```none Hello, world! Version: 1.0.0 Hostname: web-55b8c6998d-8k564 ``` - You can now access the sample app via the Minikube IP address and NodePort. The next step lets you access - the app using the Ingress resource. + You can now access the sample application via the Minikube IP address and NodePort. + The next step lets you access the application using the Ingress resource. ## Create an Ingress -The following manifest defines an Ingress that sends traffic to your Service via hello-world.info. +The following manifest defines an Ingress that sends traffic to your Service via +`hello-world.info`. 1. Create `example-ingress.yaml` from the following file: @@ -162,7 +176,7 @@ The following manifest defines an Ingress that sends traffic to your Service via The output should be: - ``` + ```none ingress.networking.k8s.io/example-ingress created ``` @@ -172,11 +186,13 @@ The following manifest defines an Ingress that sends traffic to your Service via kubectl get ingress ``` - {{< note >}}This can take a couple of minutes.{{< /note >}} + {{< note >}} + This can take a couple of minutes. + {{< /note >}} - You should see an IPv4 address in the ADDRESS column; for example: + You should see an IPv4 address in the `ADDRESS` column; for example: - ``` + ```none NAME CLASS HOSTS ADDRESS PORTS AGE example-ingress hello-world.info 172.17.0.15 80 38s ``` @@ -184,30 +200,35 @@ The following manifest defines an Ingress that sends traffic to your Service via 1. Add the following line to the bottom of the `/etc/hosts` file on your computer (you will need administrator access): - ``` + ```none 172.17.0.15 hello-world.info ``` - {{< note >}}If you are running Minikube locally, use `minikube ip` to get the external IP. The IP address displayed within the ingress list will be the internal IP.{{< /note >}} + {{< note >}} + If you are running Minikube locally, use `minikube ip` to get the external IP. + The IP address displayed within the ingress list will be the internal IP. + {{< /note >}} - After you make this change, your web browser sends requests for - hello-world.info URLs to Minikube. + After you make this change, your web browser sends requests for + `hello-world.info` URLs to Minikube. 1. Verify that the Ingress controller is directing traffic: - ```shell - curl hello-world.info - ``` + ```shell + curl hello-world.info + ``` - You should see: + You should see: - ``` - Hello, world! - Version: 1.0.0 - Hostname: web-55b8c6998d-8k564 - ``` + ```none + Hello, world! + Version: 1.0.0 + Hostname: web-55b8c6998d-8k564 + ``` - {{< note >}}If you are running Minikube locally, you can visit hello-world.info from your browser.{{< /note >}} + {{< note >}} + If you are running Minikube locally, you can visit `hello-world.info` from your browser. + {{< /note >}} ## Create a second Deployment @@ -216,9 +237,10 @@ The following manifest defines an Ingress that sends traffic to your Service via ```shell kubectl create deployment web2 --image=gcr.io/google-samples/hello-app:2.0 ``` + The output should be: - ``` + ```none deployment.apps/web2 created ``` @@ -230,7 +252,7 @@ The following manifest defines an Ingress that sends traffic to your Service via The output should be: - ``` + ```none service/web2 exposed ``` @@ -240,13 +262,13 @@ The following manifest defines an Ingress that sends traffic to your Service via following lines at the end: ```yaml - - path: /v2 - pathType: Prefix - backend: - service: - name: web2 - port: - number: 8080 + - path: /v2 + pathType: Prefix + backend: + service: + name: web2 + port: + number: 8080 ``` 1. Apply the changes: @@ -257,7 +279,7 @@ The following manifest defines an Ingress that sends traffic to your Service via You should see: - ``` + ```none ingress.networking/example-ingress configured ``` @@ -271,7 +293,7 @@ The following manifest defines an Ingress that sends traffic to your Service via The output is similar to: - ``` + ```none Hello, world! Version: 1.0.0 Hostname: web-55b8c6998d-8k564 @@ -285,16 +307,16 @@ The following manifest defines an Ingress that sends traffic to your Service via The output is similar to: - ``` + ```none Hello, world! Version: 2.0.0 Hostname: web2-75cd47646f-t8cjk ``` - {{< note >}}If you are running Minikube locally, you can visit hello-world.info and hello-world.info/v2 from your browser.{{< /note >}} - - - + {{< note >}} + If you are running Minikube locally, you can visit `hello-world.info` and + `hello-world.info/v2` from your browser. + {{< /note >}} ## {{% heading "whatsnext" %}} From 07097ddc28e6e20cb40481ab73d1a9637aa31b45 Mon Sep 17 00:00:00 2001 From: Mauren Berti Date: Tue, 13 Dec 2022 08:07:15 -0500 Subject: [PATCH 012/537] [en] Add information on when to use country codes. --- content/en/docs/contribute/localization.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/en/docs/contribute/localization.md b/content/en/docs/contribute/localization.md index b14f4900e51b1..f90fe8c873d21 100644 --- a/content/en/docs/contribute/localization.md +++ b/content/en/docs/contribute/localization.md @@ -39,6 +39,10 @@ standard](https://www.loc.gov/standards/iso639-2/php/code_list.php) to find your localization's two-letter language code. For example, the two-letter code for Korean is `ko`. +Some languages use a lowercase version of the country code as defined by the +ISO-3166 along with their language codes. For example, the Brazilian Portuguese +language code is `pt-br`. + ### Fork and clone the repo First, [create your own @@ -88,6 +92,11 @@ You'll need to know the two-letter language code for your language. Consult the to find your localization's two-letter language code. For example, the two-letter code for Korean is `ko`. +If the language you are starting a localization for is spoken in various places +with significative differences between the variants, it might make sense to +combine the lowercased ISO-3166 country code with the language two-letter code. +For example, Brazilian Portuguese is localized as `pt-br`. + When you start a new localization, you must localize all the [minimum required content](#minimum-required-content) before the Kubernetes project can publish your changes to the live From 2a75a0d17be50292413b008ba3babbbaf44e8405 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paulo=20Gon=C3=A7alves=20Lima?= Date: Thu, 15 Dec 2022 02:07:51 -0300 Subject: [PATCH 013/537] [pt-br] Translating page: Customizing DNS Service Done: + Introduction + CoreDNS TODO: - CoreDNS ConfigMap options - Configuration of Stub-domain and upstream nameserver using CoreDNS - Example kubernetes#13939 --- .../dns-custom-nameservers.md | 187 ++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md diff --git a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md new file mode 100644 index 0000000000000..6e95c8bdaf0b6 --- /dev/null +++ b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md @@ -0,0 +1,187 @@ +--- +reviewers: +- bowei +- zihongz +title: Customizing DNS Service +content_type: task +min-kubernetes-server-version: v1.12 +--- + + +Essa pagina explica como configurar o seu DNS +{{< glossary_tooltip text="Pod(s)" term_id="pod" >}} e personalizar o processo de resolução de DNS no seu cluster. + +## {{% heading "prerequisites" %}} + +{{< include "task-tutorial-prereqs.md" >}} + +Seu cluster deve estar executando o complemento CoreDNS. + +{{% version-check %}} + + + +## Introdução + +DNS é um serviço integrado do Kubernetes que é integrado automaticamente usando o _gerenciador de complementos_ [cluster add-on](http://releases.k8s.io/master/cluster/addons/README.md). + +{{< note >}} +O Serviço CoreDNS é chamado de `kube-dns` no campo `metadata.name`. +O objetivo é garantir maior interoperabilidade com cargas de trabalho que dependiam do nome de serviço legado `kube-dns` para resolver endereços internos ao cluster. +Usando o serviço chamado `kube-dns` abstrai o detalhe de implementação de qual provedor de DNS está sendo executado por trás desse nome comum. +{{< /note >}} + +Se você estiver executando o CoreDNS como um Deployment, ele geralmente será exposto como um Serviço do Kubernetes com o endereço de IP estático. +O kubelet passa informações de resolução de DNS para cada contêiner com a flag `--cluster-dns=`. + +Os nomes DNS também precisam de domínios. Você configura o domínio local no kubelet com a flag `--cluster-domain=`. + +O servidor DNS suporta pesquisas de encaminhamento (registros A e AAAA), pesquisas de porta (registros SRV), pesquisas de endereço de IP reverso (registros PTR) e muito mais. Para mais informações, veja [DNS para Serviços e Pods](/docs/concepts/services-networking/dns-pod-service/). + +Se a `dnsPolicy` de um Pod estiver definida como `default`, ele herda a configuração de resolução de nome do nó em que o Pod é executado. A resolução de DNS do Pod deve se comportar da mesma forma que o nó. +Veja [Problemas conhecidos](/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues).. + +Se você não quiser isso, ou se quiser uma configuração de DNS diferente para os pods, pode usar a flag `--resolv-conf` do kubelet. Defina essa flag como "" para impedir que os Pods herdem a configuração do DNS. Defina-a como um caminho de arquivo válido para especificar um arquivo diferente de `/etc/resolv.conf` para a herança de DNS. + +## CoreDNS + +CoreDNS é um servidor oficial de DNS de propósito geral que pode atuar como DNS do cluster, +cumprindo com as [especificações DNS](https://github.com/kubernetes/dns/blob/master/docs/specification.md). + +### CoreDNS ConfigMap options + +CoreDNS is a DNS server that is modular and pluggable, with plugins adding new functionalities. +The CoreDNS server can be configured by maintaining a [Corefile](https://coredns.io/2017/07/23/corefile-explained/), +which is the CoreDNS configuration file. As a cluster administrator, you can modify the +{{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} for the CoreDNS Corefile to +change how DNS service discovery behaves for that cluster. + +In Kubernetes, CoreDNS is installed with the following default Corefile configuration: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + } +``` + +The Corefile configuration includes the following [plugins](https://coredns.io/plugins/) of CoreDNS: + +* [errors](https://coredns.io/plugins/errors/): Errors are logged to stdout. +* [health](https://coredns.io/plugins/health/): Health of CoreDNS is reported to + `http://localhost:8080/health`. In this extended syntax `lameduck` will make theuprocess + unhealthy then wait for 5 seconds before the process is shut down. +* [ready](https://coredns.io/plugins/ready/): An HTTP endpoint on port 8181 will return 200 OK, + when all plugins that are able to signal readiness have done so. +* [kubernetes](https://coredns.io/plugins/kubernetes/): CoreDNS will reply to DNS queries + based on IP of the Services and Pods. You can find [more details](https://coredns.io/plugins/kubernetes/) + about this plugin on the CoreDNS website. + - `ttl` allows you to set a custom TTL for responses. The default is 5 seconds. + The minimum TTL allowed is 0 seconds, and the maximum is capped at 3600 seconds. + Setting TTL to 0 will prevent records from being cached. + - The `pods insecure` option is provided for backward compatibility with `kube-dns`. + - You can use the `pods verified` option, which returns an A record only if there exists a pod + in the same namespace with a matching IP. + - The `pods disabled` option can be used if you don't use pod records. +* [prometheus](https://coredns.io/plugins/metrics/): Metrics of CoreDNS are available at + `http://localhost:9153/metrics` in the [Prometheus](https://prometheus.io/) format + (also known as OpenMetrics). +* [forward](https://coredns.io/plugins/forward/): Any queries that are not within the Kubernetes + cluster domain are forwarded to predefined resolvers (/etc/resolv.conf). +* [cache](https://coredns.io/plugins/cache/): This enables a frontend cache. +* [loop](https://coredns.io/plugins/loop/): Detects simple forwarding loops and + halts the CoreDNS process if a loop is found. +* [reload](https://coredns.io/plugins/reload): Allows automatic reload of a changed Corefile. + After you edit the ConfigMap configuration, allow two minutes for your changes to take effect. +* [loadbalance](https://coredns.io/plugins/loadbalance): This is a round-robin DNS loadbalancer + that randomizes the order of A, AAAA, and MX records in the answer. + +You can modify the default CoreDNS behavior by modifying the ConfigMap. + +### Configuration of Stub-domain and upstream nameserver using CoreDNS + +CoreDNS has the ability to configure stub-domains and upstream nameservers +using the [forward plugin](https://coredns.io/plugins/forward/). + +#### Example + +If a cluster operator has a [Consul](https://www.consul.io/) domain server located at "10.150.0.1", +and all Consul names have the suffix ".consul.local". To configure it in CoreDNS, +the cluster administrator creates the following stanza in the CoreDNS ConfigMap. + +``` +consul.local:53 { + errors + cache 30 + forward . 10.150.0.1 +} +``` + +To explicitly force all non-cluster DNS lookups to go through a specific nameserver at 172.16.0.1, +point the `forward` to the nameserver instead of `/etc/resolv.conf` + +``` +forward . 172.16.0.1 +``` + +The final ConfigMap along with the default `Corefile` configuration looks like: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + errors + health + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + } + prometheus :9153 + forward . 172.16.0.1 + cache 30 + loop + reload + loadbalance + } + consul.local:53 { + errors + cache 30 + forward . 10.150.0.1 + } +``` + +{{< note >}} +CoreDNS does not support FQDNs for stub-domains and nameservers (eg: "ns.foo.com"). +During translation, all FQDN nameservers will be omitted from the CoreDNS config. +{{< /note >}} + +## {{% heading "whatsnext" %}} + +- Read [Debugging DNS Resolution](/docs/tasks/administer-cluster/dns-debugging-resolution/) + From a17b10da26c59e9b77d2a49b093d33cb63b0e0f7 Mon Sep 17 00:00:00 2001 From: "donatohorn@gmail.com" Date: Thu, 15 Dec 2022 08:22:18 -0300 Subject: [PATCH 014/537] [pt-br] Add content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md --- .../configure-runasusername.md | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md index 76f5b5e30e3a3..ca8d0e1a9c36e 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-runasusername.md @@ -1,5 +1,5 @@ --- -title: Configurando `RunAsUserName` Para Pods e Contêineres Windows +title: Configurando RunAsUserName Para Pods e Contêineres Windows content_type: task weight: 20 --- @@ -17,7 +17,7 @@ executar aplicativos em um contêiner com um nome de usuário diferente do padr Você precisa ter um cluster Kubernetes, e a ferramenta de linha de comando Kubectl deve ser configurada para se comunicar com o seu cluster. Espera-se que o cluster -tenha nós `worker Windows`, onde os Pods com contêineres executando as cargas de trabalho do Windows, +tenha nós de carga de trabalho Windows, onde os Pods com contêineres executando as cargas de trabalho do Windows, serão agendados. @@ -25,14 +25,14 @@ serão agendados. ## Defina o nome de usuário para um Pod Para especificar o nome de usuário com o qual executar os processos de contêiner do Pod, -inclua o campo `securityContext` ([SecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) +inclua o campo `securityContext` ([PodSecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) na especificação do Pod, e dentro dela, o campo `WindowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) contendo o campo `runAsUserName`. As opções de contexto de segurança do Windows que você especificar para um Pod, se aplicam a todos os contêineres do Pod, inclusive os de inicialização. -Aqui está um arquivo de configuração para um Pod do Windows que possui o campo +Veja abaixo um arquivo de configuração para um Pod do Windows que possui o campo `runAsUserName` definido: {{< codenew file="windows/run-as-username-pod.yaml" >}} @@ -43,7 +43,7 @@ Crie o Pod: kubectl apply -f https://k8s.io/examples/windows/run-as-username-pod.yaml ``` -Verifique se o contêiner do pod está em execução: +Verifique se o contêiner do Pod está em execução: ```shell kubectl get pod run-as-username-pod-demo @@ -70,10 +70,9 @@ ContainerUser ## Defina o nome de usuário para o contêiner Para especificar o nome de usuário com o qual executar os processos de um contêiner, -inclua o campo `SecurityContext` ([SecurityContext] -(/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) +inclua o campo `SecurityContext` ([SecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) no manifesto do contêiner, e dentro dele, o campo `WindowsOptions` -([WindowsSecurityContextOptions] (/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) +([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) contendo o campo `runAsUserName`. As opções de contexto de segurança do Windows que você especificar para um contêiner, @@ -120,15 +119,15 @@ ContainerAdministrator Para usar esse recurso, o valor definido no campo `runAsUserName` deve ser um nome de usuário válido. Deve ter o seguinte formato: `DOMAIN\USER`, onde ` DOMAIN\` é opcional. Os nomes de usuário do Windows não diferenciam letras maiúsculas -e minúsculas. Além disso, existem algumas restrições em relação ao `DOMÍNIO` e `USUÁRIO`: +e minúsculas. Além disso, existem algumas restrições em relação ao `DOMAIN` e `USER`: - O campo `runAsUserName`: não pode estar vazio, e não pode conter caracteres de controle (Valores ASCII : `0x00-0x1F`, `0x7F`) -- O nome de `DOMÍNIO` NetBios, ou um nome de DNS: cada um com suas próprias restrições: +- O nome de `DOMAIN` NetBios, ou um nome de DNS, cada um com suas próprias restrições: - Nomes NetBios: máximo de 15 caracteres, não podem iniciar com `.` (ponto), e não podem conter os seguintes caracteres: `\ / : * ? " < > |` - Nomes DNS: máximo de 255 caracteres, contendo apenas caracteres alfanuméricos, pontos, e traços, e não podem iniciar ou terminar com um `.` (ponto) ou `-` (traço). -- O `USUÁRIO`: deve ter no máximo 20 caracteres, não pode conter *somente* pontos ou espaços, +- O `USER`: deve ter no máximo 20 caracteres, não pode conter *somente* pontos ou espaços, e não pode conter os seguintes caracteres: `" / \ [ ] : ; | = , + * ? < > @`. Exemplos de valores aceitáveis para o campo `runAsUserName`: `ContainerAdministrator`, From 497a8c07df6df88ca52ddbbc1ebeefc14c1ef8a9 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Sat, 17 Dec 2022 09:55:24 +0800 Subject: [PATCH 015/537] Normalize cloud-controller concept page This PR wraps the long lines in the cloud-controller page where appropriate. It also removes some useless empty lines, fixes a numbered list by removing explicit numbering, fixes a link to source code. --- .../concepts/architecture/cloud-controller.md | 72 +++++++++++-------- 1 file changed, 42 insertions(+), 30 deletions(-) diff --git a/content/en/docs/concepts/architecture/cloud-controller.md b/content/en/docs/concepts/architecture/cloud-controller.md index 07a89110abfe7..c074833315262 100644 --- a/content/en/docs/concepts/architecture/cloud-controller.md +++ b/content/en/docs/concepts/architecture/cloud-controller.md @@ -17,8 +17,6 @@ components. The cloud-controller-manager is structured using a plugin mechanism that allows different cloud providers to integrate their platforms with Kubernetes. - - ## Design @@ -48,10 +46,10 @@ when new servers are created in your cloud infrastructure. The node controller o hosts running inside your tenancy with the cloud provider. The node controller performs the following functions: 1. Update a Node object with the corresponding server's unique identifier obtained from the cloud provider API. -2. Annotating and labelling the Node object with cloud-specific information, such as the region the node +1. Annotating and labelling the Node object with cloud-specific information, such as the region the node is deployed into and the resources (CPU, memory, etc) that it has available. -3. Obtain the node's hostname and network addresses. -4. Verifying the node's health. In case a node becomes unresponsive, this controller checks with +1. Obtain the node's hostname and network addresses. +1. Verifying the node's health. In case a node becomes unresponsive, this controller checks with your cloud provider's API to see if the server has been deactivated / deleted / terminated. If the node has been deleted from the cloud, the controller deletes the Node object from your Kubernetes cluster. @@ -88,13 +86,13 @@ to read and modify Node objects. `v1/Node`: -- Get -- List -- Create -- Update -- Patch -- Watch -- Delete +- get +- list +- create +- update +- patch +- watch +- delete ### Route controller {#authorization-route-controller} @@ -103,37 +101,42 @@ routes appropriately. It requires Get access to Node objects. `v1/Node`: -- Get +- get ### Service controller {#authorization-service-controller} -The service controller listens to Service object Create, Update and Delete events and then configures Endpoints for those Services appropriately (for EndpointSlices, the kube-controller-manager manages these on demand). +The service controller watches for Service object **create**, **update** and **delete** events and then +configures Endpoints for those Services appropriately (for EndpointSlices, the +kube-controller-manager manages these on demand). -To access Services, it requires List, and Watch access. To update Services, it requires Patch and Update access. +To access Services, it requires **list**, and **watch** access. To update Services, it requires +**patch** and **update** access. -To set up Endpoints resources for the Services, it requires access to Create, List, Get, Watch, and Update. +To set up Endpoints resources for the Services, it requires access to **create**, **list**, +**get**, **watch**, and **update**. `v1/Service`: -- List -- Get -- Watch -- Patch -- Update +- list +- get +- watch +- patch +- update ### Others {#authorization-miscellaneous} -The implementation of the core of the cloud controller manager requires access to create Event objects, and to ensure secure operation, it requires access to create ServiceAccounts. +The implementation of the core of the cloud controller manager requires access to create Event +objects, and to ensure secure operation, it requires access to create ServiceAccounts. `v1/Event`: -- Create -- Patch -- Update +- create +- patch +- update `v1/ServiceAccount`: -- Create +- create The {{< glossary_tooltip term_id="rbac" text="RBAC" >}} ClusterRole for the cloud controller manager looks like: @@ -206,12 +209,21 @@ rules: [Cloud Controller Manager Administration](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager) has instructions on running and managing the cloud controller manager. -To upgrade a HA control plane to use the cloud controller manager, see [Migrate Replicated Control Plane To Use Cloud Controller Manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/). +To upgrade a HA control plane to use the cloud controller manager, see +[Migrate Replicated Control Plane To Use Cloud Controller Manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/). Want to know how to implement your own cloud controller manager, or extend an existing project? -The cloud controller manager uses Go interfaces to allow implementations from any cloud to be plugged in. Specifically, it uses the `CloudProvider` interface defined in [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.21/cloud.go#L42-L69) from [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider). +The cloud controller manager uses Go interfaces to allow implementations from any cloud to be plugged in. +Specifically, it uses the `CloudProvider` interface defined in +[`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.26/cloud.go#L43-L69) from +[kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider). + +The implementation of the shared controllers highlighted in this document (Node, Route, and Service), +and some scaffolding along with the shared cloudprovider interface, is part of the Kubernetes core. +Implementations specific to cloud providers are outside the core of Kubernetes and implement the +`CloudProvider` interface. -The implementation of the shared controllers highlighted in this document (Node, Route, and Service), and some scaffolding along with the shared cloudprovider interface, is part of the Kubernetes core. Implementations specific to cloud providers are outside the core of Kubernetes and implement the `CloudProvider` interface. +For more information about developing plugins, see +[Developing Cloud Controller Manager](/docs/tasks/administer-cluster/developing-cloud-controller-manager/). -For more information about developing plugins, see [Developing Cloud Controller Manager](/docs/tasks/administer-cluster/developing-cloud-controller-manager/). From 8cb04691a3025d61c5e630a5636ec2e97d170f4a Mon Sep 17 00:00:00 2001 From: EuricoAbreu Date: Tue, 20 Dec 2022 02:38:52 -0300 Subject: [PATCH 016/537] [pt-br] Add /docs/concepts/security/windows-security.md --- .../concepts/security/windows-security.md | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 content/pt-br/docs/concepts/security/windows-security.md diff --git a/content/pt-br/docs/concepts/security/windows-security.md b/content/pt-br/docs/concepts/security/windows-security.md new file mode 100644 index 0000000000000..4d6573afb2936 --- /dev/null +++ b/content/pt-br/docs/concepts/security/windows-security.md @@ -0,0 +1,56 @@ +--- +reviewers: + - +title: Segurança para Nós Windows +content_type: concept +weight: 40 +--- + + + +Esta página descreve considerações de segurança e boas práticas específicas para o sistema operacional Windows. + + + +## Proteção para dados Secret nos Nós + +No Windows, os dados do Secret são escritos em texto claro no Nó local do +armazenamento (em comparação ao uso de tmpfs / in-memory filesystems no Linux). Como um cluster +operador, você deve tomar as duas medidas adicionais a seguir: + +1. Use arquivos ACLs para assegurar a localização do arquivo Secrets. +2. Aplicar criptografia à nível de volume usando + [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server). + +## Usuários dos Contêineres + +[RunAsUsername](/docs/tasks/configure-pod-container/configure-runasusername) +pode ser especificado para Pods com Windows ou contêiner para executar os processos do contêiner como usuário específico. Isto é aproximadamente equivalente a +[RunAsUser](/docs/concepts/security/pod-security-policy/#users-and-groups). + +Os contêineres Windows oferecem duas contas de usuário padrão, ContainerUser e ContainerAdministrator. As diferenças entre estas duas contas de usuário são cobertas em +[When to use ContainerAdmin and ContainerUser user accounts](https://docs.microsoft.com/virtualization/windowscontainers/manage-containers/container-security#when-to-use-containeradmin-and-containeruser-user-accounts) +dentro da documentação da Microsoft _Secure Windows containers_. + +Os usuários locais podem ser adicionados as imagens do contêiner durante o processo de construção do mesmo. + +{{< note >}} + +- Imagens baseadas no [Nano Server](https://hub.docker.com/_/microsoft-windows-nanoserver) rodam como + `ContainerUser` por padrão. +- Imagens baseadas no [Server Core](https://hub.docker.com/_/microsoft-windows-servercore) rodam como + `ContainerAdministrator` por padrão. + +{{< /note >}} + +Contêineres Windows também podem rodar como identidades do Active Directory usando +[Group Managed Service Accounts](/docs/tasks/configure-pod-container/configure-gmsa/) + +## Isolamento de segurança a nível do Pod + +Mecanismos de contexto de segurança de Pod específicos para Linux (como SELinux, AppArmor, Seccomp, ou capabilities customizados para POSIX) não são suportados nos nós do Windows. + +Contêineres privilegiados [não são suportados](/docs/concepts/windows/intro/#compatibility-v1-pod-spec-containers-securitycontext) +no Windows. +Em vez disso, [HostProcess containers](/docs/tasks/configure-pod-container/create-hostprocess-pod) +podem ser usados no Windows para realizar muitas das tarefas realizadas por contêineres privilegiados no Linux. From e4bb93e036aaeeda6b3b5b48d738d06f52d11a9d Mon Sep 17 00:00:00 2001 From: Bishal Das <70086051+bishal7679@users.noreply.github.com> Date: Tue, 20 Dec 2022 13:19:35 +0530 Subject: [PATCH 017/537] Update content/hi/docs/reference/glossary/docker.md Co-authored-by: divya-mohan0209 --- content/hi/docs/reference/glossary/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md index abb4822fd104c..fa2f223cc4848 100644 --- a/content/hi/docs/reference/glossary/docker.md +++ b/content/hi/docs/reference/glossary/docker.md @@ -15,4 +15,4 @@ tags: -डोकर लिनक्स कर्नेल के संसाधन अलगाव सुविधाओं का उपयोग करता है जैसे कि cgroups और कर्नेल नेमस्पेस, और एक संघ-सक्षम फ़ाइल सिस्टम जैसे कि OverlayFS और अन्य स्वतंत्र कंटेनरों को एक लिनक्स इंस्टेंस के भीतर चलाने की अनुमति देते हैं, वर्चुअल मशीन (भीएम) को शुरू करने और बनाए रखने के ऊपरी हिस्से से बचते हैं। +डॉकर लिनक्स कर्नेल के संसाधन अलगाव सुविधाओं का उपयोग करता है जैसे कि cgroups और कर्नेल नेमस्पेस, और एक संघ-सक्षम फ़ाइल सिस्टम जैसे कि OverlayFS और अन्य स्वतंत्र कंटेनरों को एक लिनक्स इंस्टेंस के भीतर चलाने की अनुमति देता है| इससे वर्चुअल मशीन (वीएम) को शुरू करने और बनाए रखने के ओवरहेड से बच सकते हैं| From 820c2462c2a123263cb966fa0225c04bcd5a2439 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paulo=20Gon=C3=A7alves=20Lima?= Date: Tue, 20 Dec 2022 14:34:12 -0300 Subject: [PATCH 018/537] [pt-br] Translating page: Customizing DNS Service Done: + CoreDNS ConfigMap options + Configuration of Stub-domain and upstream nameserver using CoreDNS + Example --- .../dns-custom-nameservers.md | 107 ++++++++---------- 1 file changed, 48 insertions(+), 59 deletions(-) diff --git a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md index 6e95c8bdaf0b6..f2c72efedf480 100644 --- a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md +++ b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md @@ -2,7 +2,7 @@ reviewers: - bowei - zihongz -title: Customizing DNS Service +title: Personalizando o Serviço DNS content_type: task min-kubernetes-server-version: v1.12 --- @@ -50,13 +50,13 @@ cumprindo com as [especificações DNS](https://github.com/kubernetes/dns/blob/m ### CoreDNS ConfigMap options -CoreDNS is a DNS server that is modular and pluggable, with plugins adding new functionalities. -The CoreDNS server can be configured by maintaining a [Corefile](https://coredns.io/2017/07/23/corefile-explained/), -which is the CoreDNS configuration file. As a cluster administrator, you can modify the -{{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} for the CoreDNS Corefile to -change how DNS service discovery behaves for that cluster. +CoreDNS é um servidor DNS que é modular e plugável, com plugins que adicionam novas funcionalidades. +O servidor CoreDNS pode ser configurado por um [Corefile](https://coredns.io/2017/07/23/corefile-explained/), +que é o arquivo de configuração do CoreDNS. Como administrador de cluster, você pode modificar o +{{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} para o arquivo Corefile do CoreDNS para +mudar como o descobrimento de serviços DNS se comporta para esse cluster. -In Kubernetes, CoreDNS is installed with the following default Corefile configuration: +Em Kubernetes, o CoreDNS é instalado com a seguinte configuração padrão do Corefile: ```yaml apiVersion: v1 @@ -86,51 +86,42 @@ data: } ``` -The Corefile configuration includes the following [plugins](https://coredns.io/plugins/) of CoreDNS: - -* [errors](https://coredns.io/plugins/errors/): Errors are logged to stdout. -* [health](https://coredns.io/plugins/health/): Health of CoreDNS is reported to - `http://localhost:8080/health`. In this extended syntax `lameduck` will make theuprocess - unhealthy then wait for 5 seconds before the process is shut down. -* [ready](https://coredns.io/plugins/ready/): An HTTP endpoint on port 8181 will return 200 OK, - when all plugins that are able to signal readiness have done so. -* [kubernetes](https://coredns.io/plugins/kubernetes/): CoreDNS will reply to DNS queries - based on IP of the Services and Pods. You can find [more details](https://coredns.io/plugins/kubernetes/) - about this plugin on the CoreDNS website. - - `ttl` allows you to set a custom TTL for responses. The default is 5 seconds. - The minimum TTL allowed is 0 seconds, and the maximum is capped at 3600 seconds. - Setting TTL to 0 will prevent records from being cached. - - The `pods insecure` option is provided for backward compatibility with `kube-dns`. - - You can use the `pods verified` option, which returns an A record only if there exists a pod - in the same namespace with a matching IP. - - The `pods disabled` option can be used if you don't use pod records. -* [prometheus](https://coredns.io/plugins/metrics/): Metrics of CoreDNS are available at - `http://localhost:9153/metrics` in the [Prometheus](https://prometheus.io/) format - (also known as OpenMetrics). -* [forward](https://coredns.io/plugins/forward/): Any queries that are not within the Kubernetes - cluster domain are forwarded to predefined resolvers (/etc/resolv.conf). -* [cache](https://coredns.io/plugins/cache/): This enables a frontend cache. -* [loop](https://coredns.io/plugins/loop/): Detects simple forwarding loops and - halts the CoreDNS process if a loop is found. -* [reload](https://coredns.io/plugins/reload): Allows automatic reload of a changed Corefile. - After you edit the ConfigMap configuration, allow two minutes for your changes to take effect. -* [loadbalance](https://coredns.io/plugins/loadbalance): This is a round-robin DNS loadbalancer - that randomizes the order of A, AAAA, and MX records in the answer. - -You can modify the default CoreDNS behavior by modifying the ConfigMap. - -### Configuration of Stub-domain and upstream nameserver using CoreDNS - -CoreDNS has the ability to configure stub-domains and upstream nameservers -using the [forward plugin](https://coredns.io/plugins/forward/). - -#### Example - -If a cluster operator has a [Consul](https://www.consul.io/) domain server located at "10.150.0.1", -and all Consul names have the suffix ".consul.local". To configure it in CoreDNS, -the cluster administrator creates the following stanza in the CoreDNS ConfigMap. - -``` +A configuração do Corefile inclui os seguintes [plugins](https://coredns.io/plugins/) do CoreDNS: + +* [errors](https://coredns.io/plugins/errors/): Erros são registrados para stdout. +* [health](https://coredns.io/plugins/health/): A saúde do CoreDNS é reportada para +`http://localhost:8080/health`. Nesta sintaxe estendida, `lameduck` fará o processo +insalubre, esperando por 5 segundos antes que o processo seja encerrado. +* [ready](https://coredns.io/plugins/ready/): Um endpoint HTTP na porta 8181 retornará 200 OK, quando todos os plugins que são capazes de sinalizar prontidão tiverem feito isso. +* [kubernetes](https://coredns.io/plugins/kubernetes/): O CoreDNS responderá a consultas DNS + baseado no IP dos Serviços e Pods. Você pode encontrar [mais detalhes em](https://coredns.io/plugins/kubernetes/). + sobre este plugin no site do CoreDNS. + * `ttl` permite que você defina um TTL personalizado para as respostas. O padrão é 5 segundos. O TTL mínimo permitido é de 0 segundos e o máximo é de 3600 segundos. Definir o TTL como 0 impedirá que os registros sejam armazenados em cache. + * A opção `pods insecure` é fornecida para retrocompatibilidade com o `kube-dns`. + * Você pode usar a opção `pods verified`, que retorna um registro A somente se houver um pod no mesmo namespace com um IP correspondente. + * A opção `pods disabled` pode ser usada se você não usar registros de pod. +* [prometheus](https://coredns.io/plugins/metrics/): As métricas do CoreDNS estão disponíveis em `http://localhost:9153/metrics` no formato [Prometheus](https://prometheus.io/) + (também conhecido como OpenMetrics). +* [forward](https://coredns.io/plugins/forward/): Qualquer consulta que não esteja no domínio do cluster do Kubernetes é encaminhada para resolutores predefinidos (/etc/resolv.conf). +* [cache](https://coredns.io/plugins/cache/): Habilita um cache de frontend. +* [loop](https://coredns.io/plugins/loop/): Detecta loops de encaminhamento simples e interrompe o processo do CoreDNS se um loop for encontrado. +* [reload](https://coredns.io/plugins/reload): Permite a recarga automática de um Corefile que foi alterado. + Depois de editar a configuração do ConfigMap, é necessario dois minutos para que as alterações entrem em vigor. +* [loadbalance](https://coredns.io/plugins/loadbalance): Este é um balanceador de carga DNS round-robin que randomiza a ordem dos registros A, AAAA e MX na resposta. + +Você pode modificar o comportamento padrão do CoreDNS modificando o ConfigMap. + +### Configuração de domínio Stub e upstream nameserver usando o CoreDNS + +O CoreDNS tem a capacidade de configurar domínios Stub e upstream nameservers usando o plugin [forward](https://coredns.io/plugins/forward/). + +#### Exemplo + +Se um operador de cluster possui um servidor de domínio [Consul](https://www.consul.io/) localizado em "10.150.0.1" +e todos os nomes Consul possuem o sufixo ".consul.local". Para configurá-lo no CoreDNS, +o administrador do cluster cria a seguinte stanza no ConfigMap do CoreDNS. + +```config consul.local:53 { errors cache 30 @@ -138,14 +129,13 @@ consul.local:53 { } ``` -To explicitly force all non-cluster DNS lookups to go through a specific nameserver at 172.16.0.1, -point the `forward` to the nameserver instead of `/etc/resolv.conf` +Para forçar explicitamente que todas as pesquisas de DNS fora do cluster passem por um nameserver específico em 172.16.0.1, aponte o `forward` para o nameserver em vez de `/etc/resolv.conf`. -``` +```config forward . 172.16.0.1 ``` -The final ConfigMap along with the default `Corefile` configuration looks like: +O ConfigMap final, juntamente com a configuração padrão do `Corefile`, é: ```yaml apiVersion: v1 @@ -177,11 +167,10 @@ data: ``` {{< note >}} -CoreDNS does not support FQDNs for stub-domains and nameservers (eg: "ns.foo.com"). -During translation, all FQDN nameservers will be omitted from the CoreDNS config. +O CoreDNS não suporta FQDNs para domínios Stub e nameservers (por exemplo, "ns.foo.com"). Durante a tradução, todos os nameservers FQDN serão omitidos da configuração do CoreDNS. {{< /note >}} ## {{% heading "whatsnext" %}} -- Read [Debugging DNS Resolution](/docs/tasks/administer-cluster/dns-debugging-resolution/) +- Leia [Depurando a resolução DNS](/docs/tasks/administer-cluster/dns-debugging-resolution/) From 668c3fd39c4c412feec4d1134a9dec88188cdded Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sat, 24 Dec 2022 19:27:40 -0300 Subject: [PATCH 019/537] Add /pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade --- .../generated/kubeadm_upgrade_apply.md | 151 ++++++++++++++++++ .../kubeadm/generated/kubeadm_upgrade_diff.md | 100 ++++++++++++ .../kubeadm/generated/kubeadm_upgrade_node.md | 115 +++++++++++++ .../kubeadm/generated/kubeadm_upgrade_plan.md | 125 +++++++++++++++ .../setup-tools/kubeadm/kubeadm-upgrade.md | 41 +++++ 5 files changed, 532 insertions(+) create mode 100644 content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md create mode 100644 content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md create mode 100644 content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md create mode 100644 content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md create mode 100644 content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md new file mode 100644 index 0000000000000..6cb9bbe87aa36 --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md @@ -0,0 +1,151 @@ + + +Atualiza o cluster Kubernetes para uma versão específica + +### Sinopse + +Atualiza o cluster Kubernetes para uma versão específica + +``` +kubeadm upgrade apply [versão] +``` + +### Opções + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--allow-experimental-upgrades

Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões candidatas alfa/beta/release do Kubernetes.

--allow-release-candidate-upgrades

Exibe as versões candidatas a lançamento do Kubernetes como uma alternativa de atualização e permite a atualização para versões candidatas a lançamento do Kubernetes.

--certificate-renewal     Padrão: true

Executa a renovação dos certificados usados pelo componente alterado durante as atualizações.

--config string

Caminho para um arquivo de configuração do kubeadm.

--dry-run

Não aplica as modificações; apenas exibe as alterações que seriam efetuadas.

--etcd-upgrade     Padrão: true

Atualiza o etcd.

--feature-gates string

Um conjunto de pares chave=valor que descreve feature gates para várias funcionalidades. As opções são:
+PublicKeysECDSA=true|false (ALPHA - padrão=false)
RootlessControlPlane=true|false (ALPHA - padrão=false)
UnversionedKubeletConfigMap=true|false (padrão=true) +

-f, --force

Força a atualização, embora alguns requisitos possam não ser atendidos. Isso também implica o modo não interativo.

-h, --help

ajuda para apply

--ignore-preflight-errors strings

Uma lista de verificações para as quais erros serão exibidos como avisos. Exemplos: 'IsPrivilegedUser,Swap'. O valor 'all' ignora erros de todas as verificações.

--kubeconfig string     Padrão: "/etc/kubernetes/admin.conf"

O arquivo kubeconfig a ser usado para se comunicar com o cluster. Se a flag não estiver definida, um conjunto de locais predefinidos pode ser pesquisado por um arquivo kubeconfig existente.

--patches string

Caminho para um diretório que contém os arquivos chamados "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou apenas "etcd.json". "target" pode ser um dos "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" pode ser um dos "strategic", "merge" ou "json" e eles correspondem aos formatos de patch suportados pelo kubectl. O padrão "patchtype" é "strategic". "extension" deve ser "json" ou "yaml". "suffix" é uma string opcional que pode ser usada para determinar quais patches alpha-numerically serão aplicados primeiro.

--print-config

Especifica se o arquivo de configuração que será usado na atualização deve ser exibido ou não.

-y, --yes

Executa a atualização e não solicita um prompt de confirmação (modo não interativo).

+ +### Opções herdadas de comandos superiores + + ++++ + + + + + + + + + + +
--rootfs string

[EXPERIMENTAL] O caminho para o sistema de arquivos raiz 'real' do host.

diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md new file mode 100644 index 0000000000000..475d78766bbcd --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md @@ -0,0 +1,100 @@ + + +Mostra quais diferenças serão aplicadas aos manifestos dos Pods estáticos existentes. Veja também: kubeadm upgrade apply --dry-run + +### Sinopse + +Mostra quais diferenças serão aplicadas aos manifestos dos Pods estáticos existentes. Veja também: kubeadm upgrade apply --dry-run + +``` +kubeadm upgrade diff [versão] [flags] +``` + +### Opções + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--api-server-manifest string     Padrão: "/etc/kubernetes/manifests/kube-apiserver.yaml"

Caminho para o manifesto do servidor API

--config string

Caminho para um arquivo de configuração do kubeadm.

-c, --context-lines int     Padrão: 3

Quantidade de linhas de contexto do diff

--controller-manager-manifest string     Padrão: "/etc/kubernetes/manifests/kube-controller-manager.yaml"

Caminho para o manifesto do gerenciador

-h, --help

Ajuda para o diff

--kubeconfig string     Padrão: "/etc/kubernetes/admin.conf"

O arquivo kubeconfig a ser usado para se comunicar com o cluster. Se a flag não estiver definida, um conjunto de locais predefinidos pode ser pesquisado por um arquivo kubeconfig existente.

--scheduler-manifest string     Padrão: "/etc/kubernetes/manifests/kube-scheduler.yaml"

Caminho para o manifesto do scheduler

+ +### Opções herdadas de comandos superiores + + ++++ + + + + + + + + + + +
--rootfs string

[EXPERIMENTAL] O caminho para o sistema de arquivos raiz 'real' do host.

diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md new file mode 100644 index 0000000000000..03846f98b6cfb --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md @@ -0,0 +1,115 @@ + + +Comando para atualização de um nó no cluster + +### Sinopse + +Comando para atualização de um nó no cluster + +O comando "node" executa as seguintes fases: + +``` +preflight Executa as verificações de atualização pre-flight do nó +control-plane Atualiza a instância da camada de gerenciamento implantada neste nó, se houver +kubelet-config Atualiza a configuração do kubelet para este nó +``` + +``` +kubeadm upgrade node [flags] +``` + +### Opções + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--certificate-renewal     Padrão: true

Executa a renovação dos certificados usados pelo componente alterado durante as atualizações.

--dry-run

Não aplica as modificações; apenas exibe as alterações que seriam efetuadas.

--etcd-upgrade     Padrão: true

Atualiza o etcd.

-h, --help

ajuda para node

--ignore-preflight-errors strings

Uma lista de verificações para as quais erros serão exibidos como avisos. Exemplos: 'IsPrivilegedUser,Swap'. O valor 'all' ignora erros de todas as verificações.

--kubeconfig string     Padrão: "/etc/kubernetes/admin.conf"

O arquivo kubeconfig a ser usado para se comunicar com o cluster. Se a flag não estiver definida, um conjunto de locais predefinidos pode ser pesquisado por um arquivo kubeconfig existente.

--patches string

Caminho para um diretório que contém os arquivos chamados "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou apenas "etcd.json". "target" pode ser um dos "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" pode ser um dos "strategic", "merge" ou "json" e eles correspondem aos formatos de patch suportados pelo kubectl. O padrão "patchtype" é "strategic". "extension" deve ser "json" ou "yaml". "suffix" é uma string opcional que pode ser usada para determinar quais patches alpha-numerically serão aplicados primeiro.

--skip-phases strings

Exibe as fases a serem ignoradas

+ +### Opções herdadas de comandos superiores + + ++++ + + + + + + + + + + +
--rootfs string

[EXPERIMENTAL] O caminho para o sistema de arquivos raiz 'real' do host.

diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md new file mode 100644 index 0000000000000..5f97c80c79764 --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md @@ -0,0 +1,125 @@ + + +Verifique quais versões estão disponíveis para atualizar e verifique se o seu cluster atual é atualizável. +Para pular a verificação da Internet, passe o parâmetro opcional [versão] + +### Sinopse + +Verifique quais versões estão disponíveis para atualizar e verifique se o seu cluster atual é atualizável. +Para pular a verificação da Internet, passe o parâmetro opcional [versão] + +``` +kubeadm upgrade plan [versão] [flags] +``` + +### Opções + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--allow-experimental-upgrades

Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões candidatas alfa/beta/release do Kubernetes.

--allow-release-candidate-upgrades

Exibe as versões candidatas a lançamento do Kubernetes como uma alternativa de atualização e permite a atualização para versões candidatas a lançamento do Kubernetes.

--config string

Caminho para um arquivo de configuração kubeadm.

--feature-gates string

Um conjunto de pares chave=valor que descreve feature gates para várias funcionalidades. As opções são:
+PublicKeysECDSA=true|false (ALPHA - padrão=false)
RootlessControlPlane=true|false (ALPHA - padrão=false)
UnversionedKubeletConfigMap=true|false (padrão=true) +

-h, --help

ajuda para plan

--ignore-preflight-errors strings

Uma lista de verificações para as quais erros serão exibidos como avisos. Exemplos: 'IsPrivilegedUser,Swap'. O valor 'all' ignora erros de todas as verificações.

--kubeconfig string     Padrão: "/etc/kubernetes/admin.conf"

O arquivo kubeconfig a ser usado para se comunicar com o cluster. Se a flag não estiver definida, um conjunto de locais predefinidos pode ser pesquisado por um arquivo kubeconfig existente.

-o, --output string     Padrão: "text"

EXPERIMENTAL: Formato de saída. Um dos: text|json|yaml.

--print-config

Especifica se o arquivo de configuração que será usado na atualização deve ser exibido ou não.

--show-managed-fields

Se verdadeiro, mentém os managedFields ao exibir os objetos no formato JSON ou YAML.

+ +### Opções herdadas de comandos superiores + + ++++ + + + + + + + + + + +
--rootfs string

[EXPERIMENTAL] O caminho para o sistema de arquivos raiz 'real' do host.

diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md b/content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md new file mode 100644 index 0000000000000..b1073fcb2b0ec --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md @@ -0,0 +1,41 @@ +--- +title: kubeadm upgrade +content_type: conceito +weight: 40 +--- + +`kubeadm upgrade` é um comando de fácil uso que envolve uma lógica de atualização complexa por trás de um comando, com suporte para planejar e executar de fato uma atualização. + + + +## Guia do kubeadm upgrade + +As etapas para realizar uma atualização usando kubeadm estão descritas [neste documento](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/). +Para versões mais antigas do kubeadm, consulte os conjuntos de documentação mais antigos do site Kubernetes. + +Você pode usar o `kubeadm upgrade diff` para ver as alterações que seriam aplicadas aos manifestos de Pod estático. + +No Kubernetes v1.15.0 e posteriores, o `kubeadm upgrade apply` e `kubeadm upgrade node` também renovarão automaticamente os certificados gerenciados pelo kubeadm neste nó, incluindo aqueles armazenados nos arquivos do kubeconfig. +É possível optar por não renovar usando a flag `--certificate-renewal=false`. +Para mais detalhes sobre a renovação dos certificados, consulte a [documentação de gerenciamento de certificados](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs). + +{{< note >}} +Os comandos `kubeadm upgrade apply` e `kubeadm upgrade plan` tem uma flag legada `--config` que possibilita reconfigurar o cluster enquanto realiza o planejamento ou a atualização do nó específico da camada de gerenciamento. +Esteja ciente de que o fluxo de trabalho da atualização não foi projetado para este cenário e existe relatos de resultados inesperados. +{{}} + +## kubeadm upgrade plan {#cmd-upgrade-plan} +{{< include "generated/kubeadm_upgrade_plan.md" >}} + +## kubeadm upgrade apply {#cmd-upgrade-apply} +{{< include "generated/kubeadm_upgrade_apply.md" >}} + +## kubeadm upgrade diff {#cmd-upgrade-diff} +{{< include "generated/kubeadm_upgrade_diff.md" >}} + +## kubeadm upgrade node {#cmd-upgrade-node} +{{< include "generated/kubeadm_upgrade_node.md" >}} + +## {{% heading "whatsnext" %}} + +* [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config/) se você inicializou seu cluster usando kubeadm v1.7.x ou inferior, para configurar seu cluster para `kubeadm upgrade` From 530ac858c4814c722dd99311080a0a8a94b125c6 Mon Sep 17 00:00:00 2001 From: mgoodwin1989 Date: Mon, 2 Jan 2023 18:33:58 -0500 Subject: [PATCH 020/537] Update endpoint-slices.md Fixed grammatical error --- content/en/docs/concepts/services-networking/endpoint-slices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/services-networking/endpoint-slices.md b/content/en/docs/concepts/services-networking/endpoint-slices.md index 5e84c43bdd77e..5d83300032771 100644 --- a/content/en/docs/concepts/services-networking/endpoint-slices.md +++ b/content/en/docs/concepts/services-networking/endpoint-slices.md @@ -104,7 +104,7 @@ the pod is also terminating. {{< note >}} -Although `serving` is almost identical to `ready`, it was added to prevent break the existing meaning +Although `serving` is almost identical to `ready`, it was added to prevent breaking the existing meaning of `ready`. It may be unexpected for existing clients if `ready` could be `true` for terminating endpoints, since historically terminating endpoints were never included in the Endpoints or EndpointSlice API to begin with. For this reason, `ready` is _always_ `false` for terminating From 001249edfdb3f528fbf96782ce5ba5fbc28305c2 Mon Sep 17 00:00:00 2001 From: Manish Kumar Date: Mon, 22 Aug 2022 16:24:44 +0530 Subject: [PATCH 021/537] Register and document RBAC autoupdate Update content/en/docs/reference/labels-annotations-taints/_index.md Co-authored-by: Tim Bannister --- .../reference/labels-annotations-taints/_index.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index c915d80790f89..7d8c76241ed11 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -635,6 +635,17 @@ or updating objects that contain Pod templates, such as Deployments, Jobs, State See [Enforcing Pod Security at the Namespace Level](/docs/concepts/security/pod-security-admission) for more information. +### rbac.authorization.kubernetes.io/autoupdate + +Example: `rbac.authorization.kubernetes.io/autoupdate: "false"` + +Used on: ClusterRole, ClusterRoleBinding, Role, RoleBinding + +When this annotation is set to `true`, default RBAC ClusterRole and ClusterRoleBinding objects are automatically updated at server start to add missing permissions and subjects (extra permissions and subjects are left in place). To prevent autoupdating a particular role or rolebinding, set this annotation to `false`. +If you create your own ClusterRole and set this annotation, `kubectl auth reconcile` +(which allows reconciling arbitrary RBAC objects in a {{< glossary_tooltip text="manifest" term_id="manifest" >}}) respects this annotation and does not automatically add missing permissions and +subjects. + ### kubernetes.io/psp (deprecated) {#kubernetes-io-psp} Example: `kubernetes.io/psp: restricted` From a44fddfba0f383a10d35e0850e3278a2c5a66a73 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Fri, 11 Nov 2022 09:10:16 +0000 Subject: [PATCH 022/537] Remove old, unused images --- static/images/docs/Kubemark_architecture.png | Bin 30417 -> 0 bytes static/images/docs/all-lines.png | Bin 226552 -> 0 bytes static/images/docs/bigquery-logging.png | Bin 57417 -> 0 bytes static/images/docs/cloud-logging-console.png | Bin 87825 -> 0 bytes static/images/docs/dynamic.png | Bin 72373 -> 0 bytes static/images/docs/dynatrace.png | Bin 37471 -> 0 bytes static/images/docs/external_access.png | Bin 292367 -> 0 bytes .../images/docs/federation-high-level-arch.png | Bin 31793 -> 0 bytes static/images/docs/git_workflow.png | Bin 114745 -> 0 bytes .../images/docs/horizontal-pod-autoscaler.png | Bin 21898 -> 0 bytes static/images/docs/k8s-docker.png | Bin 52545 -> 0 bytes static/images/docs/k8s-firewall.png | Bin 88722 -> 0 bytes static/images/docs/k8s-guestbook.png | Bin 44000 -> 0 bytes static/images/docs/k8s-singlenode-docker.png | Bin 31801 -> 0 bytes static/images/docs/kibana.png | Bin 82617 -> 0 bytes static/images/docs/node-allocatable.png | Bin 17673 -> 0 bytes static/images/docs/ovs-networking.png | Bin 105445 -> 0 bytes static/images/docs/perf-test-result-1.png | Bin 97114 -> 0 bytes static/images/docs/perf-test-result-2.png | Bin 95896 -> 0 bytes static/images/docs/perf-test-result-3.png | Bin 98942 -> 0 bytes static/images/docs/perf-test-result-4.png | Bin 53264 -> 0 bytes static/images/docs/perf-test-result-5.png | Bin 55285 -> 0 bytes static/images/docs/perf-test-result-6.png | Bin 56613 -> 0 bytes static/images/docs/pleg.png | Bin 49079 -> 0 bytes static/images/docs/pod-cache.png | Bin 51394 -> 0 bytes static/images/docs/pr_workflow.png | Bin 80793 -> 0 bytes static/images/docs/releasing.png | Bin 30693 -> 0 bytes static/images/docs/services-detail.png | Bin 68514 -> 0 bytes .../images/docs/services-iptables-overview.png | Bin 32514 -> 0 bytes static/images/docs/services-overview.png | Bin 43306 -> 0 bytes .../docs/stackdriver-event-exporter-filter.png | Bin 49513 -> 0 bytes .../stackdriver-event-exporter-resource.png | Bin 105378 -> 0 bytes static/images/docs/static.png | Bin 36583 -> 0 bytes static/images/docs/synth-logger.png | Bin 89284 -> 0 bytes static/images/docs/warning.png | Bin 2363 -> 0 bytes 35 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 static/images/docs/Kubemark_architecture.png delete mode 100644 static/images/docs/all-lines.png delete mode 100644 static/images/docs/bigquery-logging.png delete mode 100644 static/images/docs/cloud-logging-console.png delete mode 100644 static/images/docs/dynamic.png delete mode 100644 static/images/docs/dynatrace.png delete mode 100644 static/images/docs/external_access.png delete mode 100644 static/images/docs/federation-high-level-arch.png delete mode 100644 static/images/docs/git_workflow.png delete mode 100644 static/images/docs/horizontal-pod-autoscaler.png delete mode 100644 static/images/docs/k8s-docker.png delete mode 100755 static/images/docs/k8s-firewall.png delete mode 100755 static/images/docs/k8s-guestbook.png delete mode 100644 static/images/docs/k8s-singlenode-docker.png delete mode 100644 static/images/docs/kibana.png delete mode 100644 static/images/docs/node-allocatable.png delete mode 100755 static/images/docs/ovs-networking.png delete mode 100644 static/images/docs/perf-test-result-1.png delete mode 100644 static/images/docs/perf-test-result-2.png delete mode 100644 static/images/docs/perf-test-result-3.png delete mode 100644 static/images/docs/perf-test-result-4.png delete mode 100644 static/images/docs/perf-test-result-5.png delete mode 100644 static/images/docs/perf-test-result-6.png delete mode 100644 static/images/docs/pleg.png delete mode 100644 static/images/docs/pod-cache.png delete mode 100644 static/images/docs/pr_workflow.png delete mode 100644 static/images/docs/releasing.png delete mode 100644 static/images/docs/services-detail.png delete mode 100644 static/images/docs/services-iptables-overview.png delete mode 100644 static/images/docs/services-overview.png delete mode 100644 static/images/docs/stackdriver-event-exporter-filter.png delete mode 100644 static/images/docs/stackdriver-event-exporter-resource.png delete mode 100644 static/images/docs/static.png delete mode 100644 static/images/docs/synth-logger.png delete mode 100644 static/images/docs/warning.png diff --git a/static/images/docs/Kubemark_architecture.png b/static/images/docs/Kubemark_architecture.png deleted file mode 100644 index 479ad8b11f490d49fe977e28a253e6f1a4c4b263..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 30417 zcmeFZRX~(o_clIsm%z}i0>V&AH;AB;V!+TnG)VUV5;9UEEh&N`%@9hf2$G}ZfP^3n z-JRb(@I3GHd*Ao>Klq=02j7VY<9+XY@3q%n>sr^kHqUjn)hS4sNkJeG#a)ft4?rM% z2nd9ePD}{=Qo7#V4+43o-My{+(06R5i7dg`=3|TO%V%Gox!te71{YPSC%8dP9QIr` z(Oe3ji@WpD%hUMG106cM^p}#FzPt_nX z%<*CL+M@>;gQ60d!S`PChKoK2wl-cm{hIxnKKL#|!nGTs?ykrKTj`Dxbl-w>i@uAOzhMnIJCXed% zz~u*}HN&dYA3bad>kU?%?_Rw09v4}EzP4_SK0l2ahAwl7Osl~D+JBUaV`&8V(i2D^ z$YCfM zAxPcJv0-^N!_fbKA02XqZSEAxZtVhZ?)M`4(pXS4lce7@R@20BkkPMfv#)G50IP1>|0R8s%{2ejgW~&`yIVEv z{_9oULgzWt`F^<(;-bjmu?$9F)QorG>-uV?LHSpa)PI}cp^?`{&9HYLc15L4!Z+T& z0<7bV(Zm{T>^L7Vi|hf^QPxg{tR)lbxEiDfSPd|&tlfXT(j%dTwZtSt@`HQWxBu&b z|7A>IL;rrh)}s(Rhs!Up1-ib3j!V-*iT^bXV4ueN(y@D5v#$p102!5aR+kS6B@3zgPDee0pzI&5x_6Sc1pI!yw z9RaRX&>=ZAaV*`PmR;oVH+yuCKd&7{)Wf45*XgP`)e`JCG)I~4kAkZrh#wO=9G6l; zIwK9A{=ig8n)zw!av@;>u-^%?r8Rra#egHje$b2PC~ncBUsx3;3vF-J5^b?Ofs+A4 zDv>#3?qT<0?6~;Bz4sO*kj|=wcVf4#=eEeI@p#uW73YLi2$qc8*33*B`KBHhcnaM3?tW{fWW@cUS&uwNJnN;-U*59eM z1=zio;5A#DUk@%dGKo1L_l?~*SbMEj^k?MRX+e#!R7d@pd*4am+Vh63W!es-J?W~` zp%0I}g9usm8$jH$Pq0UHc=8G0WHq8l&dya}UHIn8rO&yMxr78v%#C~BY2*5Y6xMg- zjKW*?r(9K@fOIMX50L!mG|`56oWny*phSpblM9?Qj;FR=42Oug!Y?bRGTtDL#etQF zI(+0OGg}8ofc4O}Ez62szx+2$hs1FK)1gTE#JAYq;nRbo6QAMuZHq%br7oS6_#ijU zlRvJtskoGpo)ubs^5!_>wmEc?vHj*V&*Zm9>V-~v#q9!&w;jYGGp})2oszbn&zk2f zid<1JtNs3z6>r(CL~ul(=CSOPTKj)RpDR%ELli#l&I~mTF0?Pc=tK=hgJx>?h-aCY za4hdVKigdTu-%dq=;>USpGhvsl~5)wch!^!kE{1-v=u+$2L6n-8wl(`52n~iRLOwj z;_q1teOCgA2FM`npYM9R`qlReHR= z3|Qqrz+yWoi~zTDapSirg%f}7c7T4RJuZ@*NK_@^R40EQy=#zNbkcZd7{~l~C52*F zHHicL3_ff_a$F!Yj%=YdA@LSmI4lv03gcq8L2dRlhe>_6DVLko zC8_V_1BqLLkvQPdAQs_2U2Uut*j$Sx7R=I2Aco8x~&0F!iabtcu#Y?5`c+`5>WL`&Jr1$+tZ(mh~Pa#pMs-H`)6H~og@>GjOaIxfmH&^pdwM+}sc;+!=)NAOxUKbb4_K51k9XNW z4(y-`YpZ};qPj{LUsD;!;JnMW3K6uW{A4&X6h8ay<$JUxalUec&kD%lU>&E zS|b?KCng_6m`Kv*pZNX3NyD&oY8FSwSIm`;HgWB0>lI`E3ox|);U2#Yk(nbliHO2c zxaJ*~$(1p3d@(>^f4JGVw(j8tP5|JQ3gTs0Jr>6O;vg2nW~Dp;KoLXk4P*E%$RmCN zV6MKfEM?#3U(b^{S_0?``@=;FXGItO<;jnMbcoIIi6{WU0U@}BMeC2<6r}Gl6j2&0~ zg;wI8fwA%T;uY*FvUsjx{bM!AkpJz(Ye4Ot7zy zOJDg5!T_JaF3&seGFDv9{{M4109Xw$0}OJ3z0_66u!9De{l{{s3Z_Er9BX$m`_>#M zyVuI2E^P+Pz19PZ@W^Wg&Q)dodeTg)nL0GPgBy>QT$GPrh4ap__gJxZ1~s2X@osIK z006_=e;vrjkg4?(zv?ZU+H(i1US|_Obn4bz_N1r!nMujM?Dt)hfNn{`9p-O-TP+V9 zKVp$k5RpUHIsgGyp_COjsXKb?KJNuU%OpqsWA17QWyI-zW&%<4dto3ipLk80eLVTh z6#=f+$w&;S$Rofxd6E*$6>!kZvEs?r)rvQ=-1_}^zD2S2xB8*ijGa!0TVKBZ5@{b1 z3pDU}>8(7w$4w=~r15|54TKOv{IGj6V87IEODXVACk~uSs@t3_%3?aJ->svk23nD66F8m+TQh2hRSmH$<2CGxJPRF_|*792;{dP%V6^i5{s3 zFZxvlgED}`*s7|Y%*73qOPL{On<1$x2r0#$N;eY&+oQys&dGq|k1n~t53J%>K2f?u zMqL6W+)c?J-D`1dpDp$-#o@B;nMulIVX|R& zar=p-NahWqm}zOG@E8r^K%!yRVLHPCwptr9sPH*BYkPkz?_^2pa0QUU4;sG*NAu3$ z7vpE)e@>*(HIB@|5yJw-3{==D%}!x?rSqO%ASnkXarogoum-KK`gQ#2!m*76e<11J zcGH>}!_xzi;Y1zbLh@5I+@p!7@Dw=8%xIu)+BhG6IsGF>12W14UoFAVsn3>`XPBw{l>oqzkCuh_pP0DkUZ|E zTWRw(8tuZi*0)92P@JclGmG-dPDdZ<2Tt$y$N%QDLE$QWPCBky$3au#udeLB7?@wd z*J6C|l5pJy07=(uI_TZP^7z_S@>um{Rtlh;S+-V##rAr_NFW7O-xwYvhEwO}3ZwF! zqKPYTVQu0B~pNA}jD&{8mtnIV!!5XQ`;b%&SnN9a> z;||6xUAg{AB}5e$cVM>rnavl~pN@T)9`SfhMEy6M5N@)9B9+%_ocfKmO&^CBy<+W+ zzSo*(4cZsRtv>rZtzG5@Ehz9YrFR67{KDHZ+r(%Z(Lf%^lEzU8sb;6K2AON&aS43_ zIHx#?>qyQy`3sBa{9Y0^;;-sueW7AIgb1?!!pN1vH~lEdv9{p$OAO`X)8Y0 ztO+BdTdblrtgqkRQ)WVf4qgRiFN&8D$S$SJ7wDn5hd<0!F<<}pRECg%gW*weU7B=y zoiB51of<^DiCW>UX)B1%Pa6A7SJ>`a zbbIFDw<*O|jZwGK#DwDBCocO=%|{6_*HD4LXlghe2tGKaw#ubIjwi)&p|6Hkqitqo z)b}*d$bwinIMJjH^HsWtiBApIX4ktb3@*nvEf|rCB)}nyIVKWwUt28U!vprFmTW=#RLU7PyJ>)HT8}$JXAYxQm|h=7h>OYxsyW zNV3s(%u3r|6${bUQ^1i>s*!s3c0r2QLG~5FVp9Ydf2lDQOc9F~pJB$=eQvL)4{P%) za*HHSPP2H^g5u8Fj2IcfeGeQngRfrNMRWur^wow3PHxaI&phS=X9C1fC~n(l{K2X9 zDegV;6c#_QNXWrJh0G;I?waK|w656ir36a99esfSZgZ~M?bJ4#tYgC<;%8=Na1jKJ}z0fkYwVoK#>9SzIKyn=KQT+H_r6dYh z_j5px(iNT4?_$5jbBQ~csd-49zIjn@(4qxTdS!4_V%!RaQQVQybU0cx(61F#a1zYd z7h-`ftSp!m$~Ro$IIV3Gp}J}P5&e99&LX)4H5xHfZSSZ)Z;s!&JjQA`k3|T5deVN# zgCl=_qSxe2)^-w=AHP6*Kjf}!AnZk#MfcxVrOW!__SberKH9jI*;-KoFwE3Wc(laV zznk(6C-IH*>TFB9WJg!Cw*_Y;Qv=`RTc@S#aHEaP0kKH2$ED8N8j7(Q)JhH6r=tm% z>G#tK=NdV_kP*iXv>DMpx{K5~bsyFenTn*OfIrNj};L>3TW;<1| zn=(VJhRk$hLVFXY7V-^UQkCLN$ml!4pB0X6sGNco#?M;L3cb1mdOt-~ zSI&N;7)82Y08qrd_!kw8?Ra|~zv4Bo9~VqyF+m=IAvj<~RKfMnde9&KaFdD0lgQm6 zAvYR*{ILti8Ji-vi*^#I7DQeUo(>i;nt^iBt6w>v)H!}5nA)tG3A!A9@76BkfpN?( zKk}0P1Ynk>g8veTaeB#nw@qImJEVUg%=vFDd^y-t7!AeAqp6SW(~s*)L!Sorvm6c% z{f+D|NYrqANb|n156iEmTJh?bTQcvE7nt>LVio}Sc@fSTmvrAn@xb`YAur-@?0-S) z0$CeibpQ28Rk)%jz@n;WcS$%0)mV(r8uZKUbK|)~kQM*48bCB-Ex7HBCj`6?%fqJr z3zpc1sKq{)V4M#4E#iXXxL66>iE>18~;+RY+tzU`^G*cn_&&gyE zUT5{|aX<7ASd-^sX*p&;T<7h}PHj4v55aVUz&9l0ekD=L)jI}pc0?!gcx=n8SI5!? zmNXx?Ijz*Y9|jz=iAbM+obK_!F2>@rr2Pxh3{g~o_!nj|n$$L0dnK)@^heHyWHq04L?oNlQ6r@7}0G0W331VHvPPiBD3%S#u91W1_-5N#1f&VhYFE}2l{mab+6#`q_-{O-9LuFiO ziQ&H6$WtW>Q@r4>j^!sK$A?bbJqoxRzUJH8CQM9?PkOchy8S=g`IZ0f1l2q|w1>D* z%EWi?@X(FY)W~c6Q`ubb)`&Gb{Gv9*Cm&7S>&pa zT|>es6`L00P7G>>V|RhNg;$Om+g4%bgDG2Rh8s@762XvW`$&CxBnXz*O!8Z3>PGn>Q$6hri+Wl&oR;fz@g6MmvoS^;QmMMTU z@4OfQyJleFKx1a;9*VoSHu?owWQ^`?*vxBaT}Js)9|Wx^)WR(boQ+S-BiLH^bajGZ z<$^{4m9M^274YS&U*a|MM|~_h4ApU4UX4u3jCW5=2Jl zaqB32l5pLraj^+GKbkxA@#8fAJ2XOoMchL4ZSyA&Yt2&OGvHAH9hAR=GwSp4Q^bT4 zLzd`B(PJo89;Pqd-kcMO0!SBZti^7xN`RRJA8L%SbMLOB^Y~?>C;~j0NA#$)qTewE?#hkJLMpO7qHc;SzddFxZ_Mfd5uejdK@bk zPz?RYTo(k8(R9AqH?|vwKZ$0GJEnZO-zY3;r@PUYsbhonNQEM5`w8-3ptpnu7z0NZ zP5>u*$Gt*XrYT`5EN3n9^=@Z&x<;T3M>7@mic;LGi{;fGy=m0sV6z8wJ*sf76gxn4 zA6=3+z;afR<>3I%vv5Vr)&eBZbPJ%K1Lu6&JvY8 z2Iz`W5Xqw&@Vgrq_Qq~35~^Eq`h=wc-d?054H-Wg%c)vDUv`DoHI9@7NU_Me7@tj? zb^W}2(d9<2|1i@we(}XI!{$@eXBL=FcF@lkZ0!hbGwa+B<9+dGGjE-~b|xPByv`$# zP*QnRno06bsCmKT(q(`(W8aoUL2+=##~s(3su|8U>|~QZLF8TAm=5<}Ly0e6YRjx` z9wQK1GYu&HXLq@f8-!5XZ-dO#3*P(b7}LQG!jV?*3HRCN^;)J_*MQe*{{BScZ|DwAlFT`f2xsH#-oN z2sPdn?{a3&ybkQ=F!o9M_c`1^0+Eu1bDXzyye_E98S9hew=QT(a#CO{M#fPE`^&_9 zG4`di0tqk&aH!RP8%u<5L5%B5-z4FheWj0@Gc1uD*h3>F-q%5l-g-dn@Uj&@+yh zQ}folHFJ-Ry;Mh@+IC(T1MxT%>^NMq=+J-!QbcDWPo#J~;Ng5o&fMv{n5KBSWX0qU zyRTmI`U^&3k(G~s&M7tP#xY)IPJilbO?GWZ6*&PvyS`^9`p!|XoU*k^iq&Bim#C51 zv3@gq_uDU;2EkZNGvuQ<>dcn?`P-p8drh|K<8dG3@T${08+0QLPC;k3EXEwc@w5E0 z9U?huf*sPSO&mE4Bh1yOwv?o}4_U=_bIb134sQ_>_KqtgK5zBcyk>YZxd~MC)2E?5 z^^APPGJ_~w;%6TqKBIaa)>a*{*p@XGIY9^@mO=l7mtlaX=SISmVVk{~F01}OnXcpI z5npvV`H_VN4#Vj4!OgF?!V*S1q#1;JWxE!i%IRr^yM)n31{ZX@vAR#52(BUEa=31B zmGx_0ijB@iG938#2alrX*8CRi4g>0@&J83i|8$mFS!SxUdl=U_ z9#jsX(YpQ_j#RTB&H*c_LGI3@t~J}*{aMb1ITRiGa_VJ4?wKd1b&aD|w)ezAhQFx1Vv2D%_83-OYx*G|K|;vjHY1YGNm4D)krH2d|1n{Z z6sPaz<%?(lwhL7qVddZI4oVrBiNt-c_b> zQB-{%FY8IlEF;OZVTxv?A6ef5>5e{3Ik#Wm_(4B9#M+U%u}GP&gNzeoTcIU0P^tCp zw|d9Nde^w)g<0*+cv;*;5RD+q@f`GyTib4~Rqv6ptb%0RO)*(qXoXhF9P?8MUW(g` z_ErLo&!W{P=C?QftA#r7eYs6uTQR-EEo!15Ee?$_@kZP5!t@+ZCi8F3e|x(Bm^m+R z$7#HX%2A;pwt$jkg_=MBJNoT=s`ljx-64|qxLrjhgN4*XG142}cJFMjp~TBj@WWW!p# z%m@GRE`D4%1w>me*uNo;;UxENYkNYSPN11#(c@ty^nia@VDlIJP5h5YDkP7S!0FUn zgO+*Exx)Dy_4Q8P4efI~T;eOa>fcnxym#>-2OL)uFa`(b zZ%p2BUSFlpEf}5LRMg(+JJ%>hXImonu25*(eeB#sOGg9`Rv{5 z3aL7S6vxipIcE2u!xuoqw7GQ>KJFwNc~)WCIyHKI)tA&2!4%&58{j#TY9;ovz_PJ> z&z3bad+mmEYPBy=)n6H}F_e-Tnfv9NzfIwrRKj{s(5$^&*0;gMfSRBFB;;MWYG~RP z;)BIeLXo`L?*rm88#er3Z2%gMV_|_IURGvPFEzYRSm#Rj&!|}vn?|r2E{U?I zalC(+aLQfT?V1PK14@FCEw|x`why1pe!tnlkYn$8qL26Z=ei!gdCih1`J+OD2zcj9 zMp4V#@gnfK0}lReKzd~LQ7iepJ8x_Fx&v`kV-TtDXy&^52^C%S4VbL23YB&A`IiG1 zbzRm%=ey(KReM)+)!Y|I&jW_W#KvMei9Y}YV}qWYg87}+mpcb=s`ev!d1VCrqy0P~ zHMgmN3RzVLEF4k&ykcrbBBBmc_+Sq%gHQaN`#*kxCp1Wk+bmI3~eSTeVB7o4RkGa~1V*csO-5>i1_8G^W_qB#o; z2EzJeb;t&knglzsT$2a>xp92edm=x7qG^899A9qM>j@U<1(A;C9P%iOq+% zz zd@Rf~N#E`BY2{>c>9>QamHKx16tlf~Mhwd_Z17dtB@Dd4_^{s;NRnIvow59ZC#95kUOb7TGvUNzdvq4}Z~|BkImpd3 z5}_)vkXEGt=QP)N9Uu-5RNEsX_Qw+#O}nbq ziM;ZYvG;%!q{^_^Ccw=Z*SsRI#xYTW!o?d#6MUXkie7pofE6H(7e`1%fFm+!o7mVN zEFWhK=kbLT28Dv#x1YCuDoL{{Ny2S|qVltU-(K9@44E*3(X8H=x&3U)$_Sua_abUz zdy?O&(m1=(Kws6^xd-XPa6Ab=C9u(~+MT=zs%~-EFW!Ns3~{}e_$3W+2cSA@a`NeYlgEsUBei@8xO4(O_zK2l$=JTF()cVlHxI@h8>rZ-%e>fwWnZmRA z0|8Sz7pEHNC8aq3veUL_Jb5D0oVWZ3T008yHA!9OZ1d_ZF_tcwZ>%2p#K38Lki$dY zxbhs35xk21PPpcF!moL+|5}8w@vQHI37||o!3v_V+A{QJ2RlC!_IrAEBNMD!;KJRE?jRyCARGRq}kqOVbMG%K`*s31I}H8dI6rauxxVDT_@*f^*j z#91cb9AcKIhTIg?F(Sz=)QT&K-r2s<{o*|#1oq^ENgWK)4T?d1R!F@l@W4=CGZ%MQ z=%U6pT?yl}4%(B>7;~m7!5CGx8GCE|WqYoVbQ&m{`B4z4gn@0T(_Di~nR&Eh@27hg zO$FV}Ys7t_0#dlKRej$0toCEl3E>`sagG=R>Gk?D_g`v!w1!vp8q3I`UxN`=e`f2u za|t?<6c%Hh@nM!GahXLK{JQtTn>Acr)nJJ-OQv%5YuAC+VvP_r*Sg#dQRLZ#;=vtIgJbdj? zBa8}@kX)l}-+qx7?QUvcYf#xVH%T)h)=X>Tb)&xMHjW;)jDr1mjk0Wyq5rGc$WuGd zBgmTb9lO(!z-u9zB1e%n`<_QpT1aNKkwcsxm-DMazJp>LfzC!gZqe zZ#S!r@kv*5;zT-#JEJwD0p=N};6w9o7x~>fE&ffLJXLOS66W#mbr4@Q##xrU;f!!y= zc5(@o-_FdLr`EQqNcMuyRv6`S+vo}>cXnTD+xO1knAIIHwBQ_|u+-=(|D4NFd?r~s z41s`gO9>z|QZcHtAi_mK#?uHe4i7GM(Kx>f!Xd)XUKQvw;z}{tna_-=8F6$Z*=D^R zk?0-N$aAL&E7IlfQ@@Csw-}J4%|QVY_CK%wRRp3eF~~6}!LNmtYR$??d^WpbglMm4 z=OT5X&e~yCkyRp1tC%(Yh722K)YbD7$*obs?tza*;MLxl7Qe;o<}6}i;NwE1@^fQdz{RT7CnRQF&WNx_U>An7EoU`iCe93En`Wi z;@6m#N$r(s)wk+PoV7Xj+&Fx_m{6@vClU(^52Afm5r_`{sYx{)zxvb!&a^1Ts#D54 z0YtoZfU-DgA<}$fGTqSQ18)^~V5cKHAmscLLYPZBN-p&s2*CPr0BNWccaZaTB7gM* zA>=^<6M^6CdG^T9^YZLmHFzA11<&9q>q$T13uk;}v|&b!>H?swn#NzfK61sw3FpoL zI(~_b{YsATNUX&3{udHLF_c9We7SfdN!!sDu2M}YPP_^?%a}UM2#2u+V4j+XG9rSE z!MjH7Uv8-X@v#=!#PK3K&!~es86?u|n64Uw@ASfnJNGt?R3Tgh_Y9P)RzZ>=fLF`P z)8;+s72Q*imIr7M_6-WhN@xZ9H@}^cyh3z?_o=A)2oJ4qRT$%MxKA!t5*U>2k9`Y{ zQJwHDP0PDtelsr1k;Pm(S9BR91IH6&F=VvakZfwM3<<`~vwX~7CVGxxrDYOmcLv$` z$;UCgGm_8}Zc5IyEYGla zw=M-o99~q#%#r9m;`c=2YBq*pnV_2r4-Y2zFui09^=c zRckzKkY!%H*{9IoSL$MV$zKr9>qknPO=nZ2cidcS?~Qm?;it-8C$Fh=wgIZ%CxHwhnyEn%TM`Pk=+bd-DSEmn}?e3kJ(E`GOi)}TBqxBSpaAx3Aakwa-)7Rprml@6CsZ+9y3|WG zk%5(Xf62pf2*B>f>H?a#7Y1`Tzi_m_NLxk;fWicPw%9>l#I(s_4&F-o&wpF=0Gue$ zTLS2xTIVXj*I_qdm6q+m6Tq@Bm`oN%tPL*vWAkC)@jBQ3>slFCv4rsNAat&hBOV^` z@THdRhcU|X_vZ+c8e3qY*vg584(5zyUH?*tW#B@c&{fyWTnFEoMEvhh5J8Q7CcF;) zITWq2EwR5CQVMdc`Ba_d!Yy2^5wT383QX@vzQ>mJW~n+{ z^jDr*Nx!~L@Ca1$TeWR3^VW;%-+^YPk3S|l0HiiX{C*M8Ubx`nGH9R$WrQNnz{6ir zpG+Jr|EB~bpCGqgh~rS>5&SQv86e*C)Qpr6K9hkru;MX;Cu(&iIe=ho51{X{w$ES9 zZ4Yo&Ol`t)wAh|NR?xhizxd$RAKG{tAX))Y1>pNp`CfShY`<@6XIfFvPk^(fEc%^x zi<8krAwl1_hBnA2RJUodAgM7Z**iX8__W)-+yU=@+i(zq7D1N~_%^Wa#a;mt1c4!R!7Z zaL}s43pH0s$B2*4_SVR-z7^iAVCdKyhRLoM2+6Tv7DzQqGYOnrL<1EUR;c!B^<&3@ zsWNejBG9P_Jhdw1fYOcy0RlO6gRA_&dItE3sh>^rB$B5P2%v!HV%3u53dmf2w$_<} zqSqO;y&wAH`1o9WU%wJ~i+0 z^yso-v#|1UUQ}?}5ca@dT>OEF!cbv?WVLmeN!ltbjg4nAk;23f*g+z*%1R*&YePj( zo$n>GQg58~PMt!%=WNWnaB#l}blzh;{vq0gOJn_3v?P4D9}wlCOVZWn%9GgIL>f}- zK=`+k=I;RJrO##B)4 zwJSJMe1t{VzdOc*Yyf9CiX7@R)hwTR%l_qGVF74gxuCe24?i?}AliV8r2jf;UE2Q8 zJ1(O-h#>dnTcujuRhAKKgca?#<@|s{O;h9JkH=learitiND1E%yb`sF$KCn4-hb{I zM0{>hR|U~bcnZjC$QXoHwl`jRM}d=gb^20-OrX1`>g;}3&E`KXmo4wsqJ@^fO*w_P z)H#n!@L{}HL#_J&(M^K;?gZtzVj(ohL8&<#6A7+$q%yF|u)p$>DhAF+0L-NFWRzC1a+Ehl%AseqGuX%x?46fKSH2w>mp#=MR{lzqtQlkWSWIB86nX!?KsrOUKsqB2(HlThvBL%p z+;5ob4UerduVKn-*VRcM(?;QnxUGG}*z(+Yv2Zjs?^F9FpeYm_uXyI`{gp=Dvz+&) zyXA-*WvwI-1sf9_{fz_9yW-^ca5OYR@mup(wgtk$fkkiJoYJfengjhLQLXC?#%{`W z%dHQM#*=7!Y;{_7v zhR4cirQb%gZEwcOdMt~i?Ld)Ee`>>WS;MEjj;H)0#P1ToM_)@22qoO;HtNI~kwk8! zIY$(`Ka7&Q?BjgK3feBGw`JTe+t0R{6~narO?vwj!(3r(oVg>1o-z$sP0r!P0GD{6 zJ!zsmQ&cV3c>9*{shz&CXsq49t4~sjbRqx_1!DCb^mOYb{$c99mU15 zeNh-a3)AM9sM(`(jv8x9Gb6v@AmAKEeqnvkiIWwt{B5_JQ~NBm(bv6hR;NG7c_V}eK;Rddx{vY7f^QI+Qeidr?(;YHf zg*YCU9xHuGj}v{MQuO5ESriV9;_^;+a!GVas%_TP!&-MUo6PPT$7x1rOxj}yvk0&% z6+~exG2ZjEFUbM77by{n%J<772$jSm8T>nOK1NevX$8J~6p9lI?U2 z3!kvkYcKDOH$QBlN`;`4Q&$cqU6^~Pg}N=!BF>O+wCNZ~yq{t+DFCA()c(WvyvvO` zFM?eVws}D>jc>eJS$IP^K|=Z3d+Gbzb4dU?P(cwB9&=ANeEp3XOBxC~ABuJ-|M*T{fLA8vd%UzM(fZ9rl{%AgBUk-QPOg(we5 zNFr4cISLJ*@bl66ix-7s~+B%k{$8o3Wq zpo57tC-p|1{&cPY{m(7Os9Kqr{m-1?p$>r~x zr_WbjdyDJ5^vf4S!h&G#KvKYj=r8Bh3zl!Pe^FQp1#dR-jk{V4eAT5@!f8`fy#Z$c za(9mzkpW1kbIIZzftQ4T2Gdox>ko|Q|0L;@kwO@c=+N}mMuTJ!DWNJz@eoCu{bK-6 zTqFpDsS09)CMrnIXn%HjyC@Jq0vO}QTV_53!%rG0==t#ofir(tB;1vX^LU34`c*+O zq;2Mem5WfANU z1@HH7@xR0It>6fLD%VOSrU&QXub+m3Bz~UKArhBDL&1t6PR$NOJN0)`20f3~T3 zo6#@jto_K179Pc!WR8@g#T7a;OR!hA{RSv-a!L&<^UY8edv;)ANCpV{%k2w=>{?>o zRP#Vp<8UH*IyT6&anI&CE%h^gqtTBQ`@^%&Qvyx?LS{>K7e|?nTxw*B%5}L`a2c1;fY&tO=&j;>w<*$7?MyPE;Ei=O`ACE#!PUEY1l{19@;j|62$Fzx z3zV^f;9E(h0?CRwJMmU6-vH}-f!i_HyzC4E0Tt3jq#Ww(5eqn!zZfd<%JRFKEUv{~ zR`c1gW9Aa`CmPj=vA5KAG!F~f77XpOhKh0(9r!e5EkB|1fkwm^MmS*)DpA|DYrXMX z08Pn0K4hjE0&c>Wt6-~Q|2gtLBy>PC{+$mF-E_mqfM;R51@~rCtWCZtp{mx;Ii?xp z`PngM`KzCPQg~3|uJA!tPkhz(3*0;lC2|bY7t_B?eQ#oXE%d%?9s!!prcGXz-}m%~ zS>xabv?`oDvGNBCj3&zfL_l3Iwvp%n=bSwLKHKjd4(5Li;1WaTP3A93zOnx7_9m3( zcia`N!!}H<^=}tOC|S7WwU@oQBXJahIbYm4&N?fPW2+8mH27YBFeU3v9#G%%Gx+3w zM;!m{^7T=@qM7?_O)Qq~8tSKCB==m^_?)=<0F~sBl3H5P&o_5sm-JB_%70vDJIJse zSbzqT`*D83*$z<86R`o(N>4bW#8(ljD!$GK(e}FOcW%k2q(!_jXuN5=JS}S=jMSJC z7NSkR0*JCnJ0LNeg+ zl{@F_{#&}NArs;X$5u)Aeg-N2TwSlU>iEONlxkcd(m%RDhK!!h7R1B-ETYQho0Z3- z22-w8{v>F7fDh*uWAi72fC$O^qdjL5&Z`%6aM((g`Cdg=J$FQDXO30=y$6(O z5Tk)G(ZK>8#r>})hfXA?@9mZEs47KQf#gXI3elu&@`FgePm&Q*XsUFM!9-#yILSkO zm>$01dmf{FW@Ib*akOR(pUOS0SURZN+R$Do56f+s=uU*xld}5U>YGMpCJ4_PopISw z&=d8JI4&w{W8LK$bR3&%x9P$`g+zM*1wP06lUk;m@lNlR;saVSARU*rNsgrT*?nOrviAZcP1yt+R)U~M8Kk%kX5$8J%q@jsPLK!sW1 zu!;o1YS0>Rg2AeHwWaUc^mGad3Oo6ZXPN2jX!9o3lwxPx#a>*EU(o2e z5x?Zw*Cx_yMiJm%3J5pn;X|8)DRZiR7(UY6zc((J-1W!b9EOI@wPP|!+FA7*v36ML z9Pyf=ki&iQhlK=8RDvDkSK&l4ex{qNk7RqnSKPvY+)8Bdd?t-Q5XfB#@>kfVJns#4 z9)SicT&wg(i7*_;^Wrxl8MILILR?$I=Yafn<(;)+u<@Q^OQ5z+77y-bL~;(*BQbi1 zQ22TE6;$<#j?Af25eF71=eC$iZDe*yoP8V+kO_KRWcLts$Lv-mF177L_-Di9Jr}jN zy@wVZefl*Lf&N2jGfC;U-~I47lg{ZaT581p#fTAB*sDJLE#U7~9LWbnq4EzM@9p@U z(}i3AtD|s1@HMC+I?bce68@xX4B0_va22vhZx9EFz<%S4d!eeNrF0dWCDZWl8vm#$ zAT-t{Y9~QoPu?oiOPj+1FK%6EM}K2^os}eB)-0lLrwgoXrX(k>CDyDb&3D|+mFI#u zzk1Q@RusJCch`T(r6A`pk(>w_6URn^u}S8kdS;^I@@Byr9zcepUd8W=bi63At? zA2;-b3^GOs6=5M<4mwG|{=o1- z5yKbi@C!0Q3lBnA>4AS$s=2B(qzn}8BjdoZeWG;@5hh5uWTL5A+d-YkMBiDNkE_96 zT(YgLei|WdRt8TNPd*LId;0oVQa>}rRz|mjx0MKmw=Hvaw%fgJ^ZqU_Txu36E&XaV zq=jvOJ$}mB=}RjSC&7m3X{XMgV=3pe?}rNSCF!Pl;soNhf%~{~9lauN0fFI%C*^&Q z%Z$_I0VWE9134ly`I`s@*kATIRDK4WioC|)F%D77!aMm#O99C%&t-2^%p|eRi3@ce zqyeM|v3k#gr>-`~u3m#rUT?1_3nrR*21?a9Xug+u`^M*H%&nmnF6;Xss>#5)O4jST zgHj+>5YaRqH7+C0>xFkc!^rXaZ=qDR9kq6>Hz7nEO5nY_wIm&G+deHR90TFYE=#x^ zI8Oc3f5O;m(#y~q7)2rKt% zM)^ftoX1a6cp7F{=wVgwUk3f3=Ds_g%Kz{GAR|sjA+jkE$EL{4ipXp@%61$($;u{D zvdi9OBqHZz&+M#YWF{jcTQ1!9BSdm!))kV@ z(wPY4KVPC2M!)SeJ*l@bXw{vXLdvLNsSc|JNe#P(;B&*xVN960G+)`#5_`kK4CMu` z@Ee)5CMTJ6GRRyB-7}|hlyrT}=E zJ~CR^WrYIdTP%Go0<&eVZXIkNsbx-7^#B z_(F-fN6gsn}t#bCzV#=TpL;;P-?SqYNPsFG*% zy-ST3w3eI>|93HMW6XX=b*yK&+}wvU@wIbjni`6n#j?y>G`I(!^8*T)t zqm+zy?$qN#ui=jd)tg&ZJ^gscP=p)|5uEWB*MuGgW-#gCGahFsbHNV?ybfl^SK8}a zE_VOY30Zee!#`rRfU$PT;+O0I0yGQ|z+y&G)O4iT@!^gm+Np0%ft2M0G&)fcWGJt8 z=xLUejuXVB%-kx?O4ygku2}B8aA1m)Of>R8Kab7-YV**pP(H%;8nuPG+>YFr=&^bU z%<*!63e`!6_GR07peymAZ>r_+d z#unjGiswrC9xnR12x5E4Ji==azgjD2_{HpB3(Yt1q(^WTDpIg#q;S;T_U})k4w-tgbu^+G#WSh72c>P~wU0AWIjCuyEf#diQM%GG zj7phLt}v3_3T>vF(x{$G^>p=ref^jFdsA@)$`=K}Ri~+sU@mMr5gP$);@caFF-o6F zD&MZzw3=K#cgx%UDeq-J-9Yd)NdH>?dmgk4~P!O2@d~dOgj$h zo)xv_moj&d{Y}yrJ`hvz1;6XG*BzrJ&0ToGX=lWC<68o4j|DePhO#%#tgw3f8Zq6+ zZmGq5+2vy>BPFcZM$`8X7{`~@|KtUI{4#NwNiG?np?9_Ab0SNlA%TZven_T2j3Pk$ zrYccpe5^Q1B!k*YtFKr@^BN|K|5HA`!T zW0R*gA=9=1V3UVE?Sc|aGguT`HW|$H{0!Y>XVP^m=s?hSlH!Dk*a418Oo4=%^@VgH0BI9>j1 zU_2nViBrT^`Md`x7ztT}E7rk9bjHak(fkz5NdzcylVrlZ7fgNw1?bdZsx$dT&i#%o zL-Ro_V>y6fTs%#oAw!DoigS!mL7)X5KiNKd~?9YmN$yZ;E-KvbFh0Ys?bPXQUU z43;u=@V?k$nVR>jwV1EVz!*YyF>LRTDjt4L!fpsh91={9gz>3a{h@7>whDm3y? zlfAMCHtLakLT`Bu7ZD8KC8H+)Le^DuoRPm(Ku_K=peOVUkQ(xjKbGfgQy@Xi9tBkFfJidCc=xAOtsRgxB3$!F zzf(DSe4%)>X_*`HKZ?;niPRVUD!_1Gftyefka1BQG=SeCA z6D3e!P^|Bc&++`ZK})Vj92$`}m~bqV4YbypynWtKCzXkmON|4$oje6p~) ziY)C^?;XL;95HCQDy9&udLp0Rv|Ku#TDvn9Dkve24cSV#I}B8=pFTPPAgPCmC#?G3 z&{tNezH+;0lG`V+HkKWmOE)d5e@4E3pY3?)gBOpQYFOg={tT1bUG>`UQ2z8X zjBAA0$%k^sd)-#;af01l(irPu0+HnwEXp2aCrb^5m~7S;;A_h!({^< z?z>BQp8x36{uh}eGi_0CF(5O(O645f#MfOXX#y6St3-o9Y4W5D>L&SVC&gYDyutU+ZQy zE0C(@Xy=09fxvN+J*A2tQ;X5&LM2d^Q|+pnAT|`ik0~kRjLAlaCqJdRQvhSG;`@sXZ64@q4Qzg8k ztK8js`@3(oAT=OW|J%tuH)0kva^mf6$MR4rWU0>}+av6^{rLRX&ye?v1r`!w-|wE?w0s#WrMc&c%kf8wphxE(ruu5?mh@^C+K`wbMF{=*aA?=Wa z>(8>E|Lb*veHmFXqgx+rXFKfL9@Hd`S79B*jfuI&ug9&H(sUU3HmG({0 zBcyif>80DNP-SzwbtEg!4>+0*wZ~uVj^;zxmy>UJ8kJ1tF;y&R3O)P1ago34GYCG$ z1~Ozx@Kq}>OI^5rD9XliDkE6#8iaSgw$8`ua*J1`uYwe&3bSyJjZz7+_kN^ zy)tD3NT^otD+U5{!X}QZ7S2yt?E=#v(OFiD^HH?ry>TFW2DmU1-P5?N_vp9x_E@PQ zslwv@?L-%>3c;iyt4AMpytt|gBAQZB(qrZ0o~z$wRG{MB5!J?#dvNl z#h|8JDh7=_?*%cMw}f|QYo(=X-Fx0CK4<}HRdbkF)X@sD#83b;#KH2b_aZG%8hekTjC;t%-q%>@LgN z`8ju>o0`MlCeVU0mxw>ae1cGO#5sf?ora~$#PlJvbN*--P}1g3S`PuTfqfbjruulR zHEjkLjEeu}Y~F_^GF%m{Q$Rhpy*!F(Ve^$f_MY#}8iqE7R~N3{uWnfdWQXA+{A$|q zUHh}_b&kIHQ3Zecx(fqI&;Lw%Q|4U~uF3-3?DWJpfg&-QkpRW;I6{%BIvM^ok`Dj_ z*5J|s3nSgf-!cQlWNV)ABpCcj2OQH{_#K3-rz3%9X9J$7=F#&S ze?Ur78kFXh_w=4+G~ih85EjIuQ?}tTb|bbQ76Lq%YFG!)76P}2lmYX+ADbge18T#?5M_lY{+61Z^HdFf zR?FvL4!3O4>gE@!LPeDO7U1oCa6@6@ZS zC{a{LD@HJ{9$qXm+nE$+<)jqcAea1nKk`Q-nix%^VE%P7aqnv(yc^^Wl?D`tUCoAD zGt*hm4AaSzux3XSd|QM?50T(CF_#xUTI=u&AW0All5t_Wl7t4Lu^IosSxjzEGqwuCF&h0nF|(r^MK(gjhO^f_*xNxvnb))5@NAK4Jz5l7Gnv*_TV0|KIghW;-mo@oX}IA8Ly zl3A7h<`ahH$-cya&2>J6s7RvGLZWS0>%R3Zh%4~+)*Biwm1&G8KLEhTNf*EP01$_R z*W+=}-`^O(4EgM^+mnwA$p2v$X~e8TL(C0i4#Lj24Y&zSI7RrT#6@U^9G|D^v`kHZ zFJhih24}Da?YtDxxx|5<5K;>mEsFV-DVwlGwjIgavb(ZkK-)niPHeb1Ne$6cOHPE& zFX#`+_UC+DO^;%bj8)A=Q6Kekwr?O7O<%Ia9(#8Ca=z~ld^d|fmmCm{Mb6- zD?AEr9U(M&H*yS!WfUmE@YXi|yf1Uiv5g)`YC#33++)W^q zOVzTi0KukL8L5!j`gGep(`InQOQcf#cwf(awj;qq0eAleyqjyVG(I5lAhnpa>I) z4<6^Q*5QA?{HUsM7*Zw|*V$jcKTjQ*n^nJPSGzP6nx39$j<=jkq{rpEb}_qsJ-p`` zLHOP;vDn%e;%DdLZb2mD5eDR1e{N2=nO%hCr+b2Ic73Lqee}*fJ6o?J|LtIJihV0z zl!9VnpM>=UG>5A&;P*J(vNkL1?~aru|GKi82%oF-e&KtC2~S&&+@W=ba#B(Uy=>0z zXZdAS0;69@ybdo3}fL%+uN{9=sBL|rsR!h@~;UFwQ(-%22gFBDRu{S$h{_KN_& zL3qqsT>dYhMo4(M-;vtNcDO4_`1Q#am$Fr5eU+kzmM#Cg>j?3GL>`M zSx5q8W4}d{nL!kB6su~7TDO?(&)WuZc~koGT7y=2*txvdY~DZ5?mZP&W`c2&2N3cB z^XnS|eu8zJT`$x0RdYJSY=8~UD70ROy1t+X>z@N_{N{j$&d6Xo3d+9dos!i}sY#vr2j~olARb7J*sW?$zOTN@hfUYy zN_w*tlKY00kv`pc375QsSiMucFN^EtsT_vZP&y8;`l*err~$Ep$L+?Q4lVZ<4H$mvScXxQG}NZrrxwd-2p_Y#0;)Oe*xjDAkWa{JcsKSD*qn-@;yGpfUKh; zMEvB(?j8`|Y~C0HWS}e@AzD6BRExqIlj5aks5$4~9IJJYvC17Og zkki6Qq)p$jXOJOa6dxY8tVIb8)6eT^h+N&pr@r(Vu$LqxNxfCb~ahmw`qxJykVO0dw*&W6j1< zuL+lw_lJfipV!>D+raM3l86Wx&nSnHPxnn*xd>QCoCH~{B0-cWb2)wBH- z$q^4(a}@$v8HQ7kQJORv5e{zndvh^o z*`OL1;GNUt{~p2hDZo7BP$^0rS~LD*y8<1oh{zC-FItW4e0S3f=M^awi<!hk`BSl#VXU8%*G1ZC6%i$`lnr+o`~ zB73T!uGUtbQTjrnZNcfa&Te@1$v!-!X8L&fXh?> z74}rMwCTh4bqP0KXrKCf=1+*!rKSo04DS4-&lmgBr{X!3(55CPMEx}YfEeW-iT)=_06AU%`Wnqg)IzkR39zP}H8wydizrk4RA| zPgDGMGx1`R1Y;=cD4a+L9ssonV5gtDEoJK9%uZ-&K(PYkyAo*OAr!+|gA4R&eIz6e z6i98+Z>vQP5A;IYPJEcqkJ0u0nJ2sWNecQ`+)J?dhp-G^&>(JgilzJ72hR32xT!RO z$`Np%A=~xEn42s1JBM|rw=1B(IQ?$+svdJ?8W+Qv0kCfvaLL#0t;h0=KuEB?zgS2C z{CAK<$VNL35$HGyri9PRC=f*bxdiVX`NBUFAY~nuGEC59T z2$U^0W?j-M3_(%>Vm3c^?i3#e(L5yV5pyG#NRhHJmEI4HTbj1fD|)Ge-#of$h!KA0 z*9GSr3lE2XgS0xQO8{=?=%;h{a-ZH9@P*o8ykz&^(u+0y=YWyDC!rF-8p8s7)I7$o zE>u~MsmuDd6)%Ale&q!5aoP!f0JlOrZMeC4MN)LjcHafIL#kHt=pN*9AK*&Q4#p=0 zLPk11aW01OggrpEg5}Ec`Z=`J`G6I3B0}5j15kenhn6dz{MCIy)Z&OG$0!sSR*?|9Lk7u$mp|S(a{lA`0qa$JRck~LKT#++4Ey>J zzX?A3#A0Kv^Qm2q17EkSwTdD~-pN$%8PUt$rb7Z>f0HzR0larbifA^k5FeJIS)m@% zQ-v{0W>TDPTae?BglXF0`sy}-98XMw^dNI-i%$;9b1`EPf26su`6kC<6utpj`r* zxl^yG(DkkP9R`s2Pb1bwn`-0UIngL8V;wH~g3m3HV1CE|9e{v=6405xpzkC^xSN4`G0FV(jo&^Syg@Xj# zE#E4-tM}9P#@!r--X3>KkaE?99p0=`nH` zd9-jHF0-~Sb2weuOXdHns2PAm-aRl%D1=hpAi>TMy#~x5XB7F2b{o<_I;5m#JLkY9 zIJ|1zc$JC)i#`Jkvnje#%zdYV#(z9|X)411z@9<%D=18^O9~{8hMeC{Eagfx)j@>D zp#AS!)EwdX9IZfI4f3GH!2VR3DMrx`7*yTx{M&iFLWgw+6jl@@fUv#EkXy7+;_?_j z;=Fox_{*`cr`sUsoWV;1>C5T5I$HhNTS1whgI>#^=lx0Fg;D0mD-ZNuktF+Uwh$0- zOHJv#6UEdWVr%_NoV5G`&CFyZn{`})R(~m`8zUxOGL*A!7_WG*FQG(4lf3bV6PZgL zqJ?UxxtizWI~%V?h%vu3sCCcr zvs;UW{CG`j&w~dQW|?w*ndG5ku{q#%)8#olZT1`E2g$!hD6)*q$zMN84dB8EukU(< zd1x+^q#w52HH~W5b)WX`vTapKDIdF7d+@Gcn91dlLlXXT%Y9H_IJr_|UEN$vNH=$y zwR$Mm{wm7Fe~w7aCTRJV@R2_CAldx-=*o;diW3`Ay7~1% zDS7Dh*VW@E4q3|TDH&IId3i<#hm2oGi*Naf&2s1_6H;f*c+BF52+kPT>~A zh^;##D$#LwKVVybXS?5?k2beLAc9jpU&pu(tE<0CF)~L5O%Ek1^vb##Df)E5-)8jT zN@haAP;kN(bpKYor!*UTWqk1+J*PSa)SeB-kEUgkxI+bN%L=X7h8JZJHn_6B^P$Kt zAvNo$^XUk}U=)A9M(|IoScCo=I$l;0Lyn+3GDfK9AJ}teXk6HM`EAl(b$oBN7meXc z^6k<^E^YpF_NdMgXR;{m$BXJyYKq{MtuwGU_?w!7LzX4=ZVVsESU z#?lYpewLHK--go&eZG?LxVUebpGpS_ONSl}zGW$k#(zG%qI+#KqEk2gQ5>gfbT4O; z+V=IKe2bz~a|~_fc5iNrCU2xA-?D+yLXGW4*O+=JE%Vo5tI7kj(q7I8$+q>#j$i0i zE~Xfibvw?s1OKky8(aD*OF&UsiIr>6>cZWupk6{4)Xf0}-B{}#nordcZ|Omk8X+yz zR7e&LVtd#^23gOE6HS2*lkB)lzj^1Uz zuPXc}cay^7)HGXq)vWC}hLI3V?JM*$fv%`hF~{78!Y|%wqPAC*)pTc+d}|}Fp^K-X zhK0#nb7W#~{F*I}h=;m)=uT*f-EIe_+a+)v{u9&B8JFTcbI_P0-3brmugt}FZzb$S z9&+ol_6H}vTYY?_=4OWyz~*e_&&BlF|)3Fl1;bNW0{kNSG<<}Q|&bB z6yWkLCF{u@5kK(LOHvoy167V9ix_snOCilQ$D1ZW#-*9uI2@`tG(K)w6V$mn4_g~6 z%|>5gQv(;9{_=ptzv*k{tp0hUcl59hOxX~1ly|2jn=^h&i^G z)8OI5KMtNg%Qs2No=&e1+$^oA9naB9V;!$_)3PRj!PF@dwyTXEKVE+QQneE;mRNxu z`uUSNP0GdQQ<>23TjA)T?atBcnuD*cyQZ1#&k$dv=rZ1ggwhv~D{a3(>_O$Yv zK(YSx65m{9r=;_Jny7}@cE>8oqu$=(zZbNsYVkL{K~DA~$^bMiG*&g8qISFz`D+fQ zG{CGV%gy5CRK0Rh;8A=9ys6W6Ar2ao{-1oiz>C>mj zP8^&YZD=vw(~6CYa3#1WLN=cOlX#oo<0TJmI zkywOu!x`)MZr}5sKhAZXbG~zZ>yN#q*7H2~ea|_^7<0_^=&F(o**^Mx+qP{Zlasxy zx^3I;i`%wsrzP2r@7!K&+l&A0xFsQXjf8}xdr)~`+qR?Il#Zf)hGVv z%~br`viu7t`KjnM6Cbj&kp$dkdSxawHTB`oIi|EFw}&G$v7IB0o|pHV391~RQL5GQ z`^;8-&!jVUC^_!Ox!#Snq{a#d7cH0QUAvdx8LWR;yr!X{(eAY5RrcojsQ?Mw!GFEB z)3~OP{{3RxH>RCAf4?~Tg5~zEzhC@A_7B(Jf0LM#-1z6;FD_m@sLivwCbX1wE`B6+ z%&x|AsKu%_>aU7cI}k{)|~o_==abj2FCuRFC=m`P{0$lteVFX5NCmO}Quc6XJr z2Dh&T_qp`eu8t1;MfH#hU0t3vAAPp0`{Gouj=sLnP>{glX!B42_20ifx~<^Adn&;< zgCsIMzJ}Za@~_(oabn&cN=l7SxJg<3f3&v7iFy_qRQhO?9{u}A|0HwX-Dz?!HvLIq z+^qJ5d}NpsV@43^mR50k^Bb=+<+m3i|J?BCXP>OySIZJUb78A5YLrdpN($o&Q)1}6 zrtR!e#fO{n()FxzmbX@BhN^pQU8SX^uU(^NxvUcD=eIqkAu2qaikaDWepDrXBtI{2 zakAU2K-*cU_uEU!q@*P8TlOWoG9gShmX@;~<=(6FwO_wpd$1=eDvDn~z|7Q?NznfN zm{V$U@>Tf;(|rAG9uAHfH<7!$$r2-}B)DknYa>n`IdbGYy&|rftzX{Z`0s<=CR|S2 zp&72wr$x{%?*4S}Sl#FM5y~#^@d=4B{0g6_7*0iP{wc`+kk!Fqin3Z)^yOImDMghxb0ya+_w4r$&+hoFJQBF)Nn|90s0ZKi<3kl|Q$y~X zJtepLy_e!x&j?VFW_wJ>uXF3YS z<#DOWhcJuBKYMloPdqSiL!t&tryMKDLgLp>VDpa^^X?jRqTj#!5~Wg{P=Qr@R)zQ4 z_`+&lUY=dW%9o)T+3?Q}J%gVfwH5$L0vZ*R}KK<;x zM^vZLqk4Wozf4^AQ^Y+&Z+ft2{90GZ@6OPv{u1&5!A8phem=fe8#(MLDk>^|M-`s) zy?*)fWn$t_Z0e^66#Y4dJE|QHo=}jL!y1k*cx1O9p{90f5?$K4XOCS+&dZDp>()2d zz1J37&H4CaZ18XWY}cAlmZ2{}`P!MB8d+SNoH}JLlfAC}iX_eEeDp#0M^+9Tm-c_~ zpt`!6)Gx=PCH4FF@6Aav`J+$R1F%4B{`;B5ye2wwhlht_1njuExO$50`bV3SvSpqB zMy9S$9Qlp%e98UoE#eBTWbz|>S(bW|3k09I76tYXKbo65J8@wsw^YvY&_)Z_4jB@b z`6r%am1{j(hHFcae_BnYRBOrwEN@D3u>7ht8zr@5BU7f9$f_w8yhOP;(V6eLWV@J_ z$gZ8a_+bz8<42Ep5A7eS4%r${&n9OQ(KIlawii5h{P+X1BdMv>I|moL?UZF@kNSU& zy)ZWvBEINRULC^BeAc)ICt6BHL0p#5^=OidmGEiLWg!?jdz-@Y|3==yMXk5xfeMg~`OeS!O&sR}jEt<(Sg{FmZL zZ?tMt=c|pyeGZyfNT5lhX!Xj|$>2Yza_qcfUQ2op|J6?$^A^^J=nh}5&)64u!=&n# z2wRi)h(}wZ@n;8b)fG17ovtkvPWQO#$HvBHW@aixbN27vvF7XHv5GUU94GW7AtAeE zELAySO1Lj{#JyaD%I?n!az%z)Qk>0kyeZS8S;!L#Si4gLJNE_OX~YeL7~J|~f#>!TD$ zO62ZcyH-v_u|87m>gmbgR=IiIhH9tb>iig?Jv%!+T_@i(=)(IV@%6O=B(2&$J{2uvtp3-oUDM2L`}XZ>zp}Tm@rrbkv6eb@ z)%3=F?M!tQ>Vg(^nak4BeZE^8t*x!Jfx~|WKbe@A;P|LgOEK1x{Ch+84MUAfmtq(b ze;$9OAe$n^ZL_SL^ZQ1avE!-3VSJi0M#o-VIvS(w@k3dP$H9ZT%{h>A_P1qwOnUEj z8R>Z{AMbpZwRfTRqNiU)9I=^{3gdn~SAH*)Qq{nq(wU$hr_`P#Ly_KEYE%{A(kALY z%i1(Iv2lBFaB!mG?syvcgQV0{>8Rn)pFfjFr4<&s)P}RIElyrhP?%^*YuZ@q7k8gE zmXN)4>C#Ep1Ai0RsWz8wfoY$o)ER86elCwC=s7&vCsQLSd7g}XIJ1>IT@v?Rs=8Xu zucBI0%y5VDET0-l^Y^4Dv*SAw>ywH_>mJ1P(wN@c;%L0};<9%5NuTm7^Rl0hhb7X> zsgk6yYWkYor&N{KBqscFfhJe<|0Bj zlwCdPCj)9Kj zcjh5iIKNC}XQ*yK_QW%?v9Te#@sPg+ZF`Cx(lxUC@=UH+TAuQ}ax`VWChRzVK|8ZB zD=T=Y7&%Ag@?}bi@bGZkcQaq&gk61>dR-kH9F)>pO!IS#Xy3#jz4;{3q2AL-t;|$2 zyH0e>q#JCU;^46O_Tmx}-`4tE)6mcmBl&{{(;;^;0fD8n>Qw)(%6pnN>1~8B3M^v& zv*ObShQnmD-GV8pm=x%?DhE=8d#meMvlXUBk3ViWaDseUd3~%;rE6Yr%D_`JF?s&c zZ`+CEUL{w!__u^r&k5c&*u4C0R@5j+Yvz=(w1J^fmZ?I2qheL7UU)>ru1f>O3C@yg z)b~c*+bGg~w>E(@jPliofBkye@cYY`FW5BN_ut2yl4L@-d3an)bPpdsT<*EVB;uCy zyy+?LO;t5D3I@ReC!xE3ejbYx7aV`dI`7L|US8hZSX*m&bsk>>(0%)Mk>tS6JCu&q zjIOLFPULC*BHJw)!XzpkL_fSV^%sZUwmM?tyKm0LjrADk<@Qta*RHZ1CgbA`pR2n( zQ1j^QSaVfl@zvFAGe7T}M*7cc&Nkye*9Dfl`!`RJe7s8`cIdzXmVjf`4qU%}JZBGx zROJ^?mwA|2GbhqCM;Aea+r-!V^GSq%SjqaoNT?jk7qcJTwL0shr_IoAuKqjQzTjcq zrxNSoAmAaFdx_OH^B`&Z*CBM@m56Z%=M+Qkof9K2dN{k zsxtj8#(MAiugMTfT_rVQ*#q*p3#Ezf>BeSJuvp6k$%*N3obRNOFmKw)ohG9b zSCHj+QYm)8U5t~H)H~_#Z*#xCLiL_V6#nxX<<{8ZyY}}hdqv4@{|(l+({I=O`vb~v zl>hxVw{PFyM*H^%JNf=!1N#4YiRS}LOSwkb?_271Nwio7ciS01e8nE^+4A@8?N>Mg z5?jXJYTL+AsY$8)5I25yD51b)k3n8y+ylwP%1OJ5B;O5w!3{>5#p1g`qp+S=yk zW=6U7d?w9(EaY-CHPK~9B6W`CNszEqH1qv^^I~<5fbTOGDHpC-I$%^MdPAGpGRI1AzQOg=& z)UN)3ztfsOu*#3l{NK~B8{yxWb)%@8Fh0(n;!{r}B_}VBd<1N0TO`cMc_q7DdA$dD7ZC>sN_f7m)ZgCgunYjdM!<-ze3(4;|-!a&v zlcd~vY4obiReAUL=~-#_c)Fc0NyDzT~oj-qGI*FHqO>#$b^79uil+p&KbT3kC-U2QPLX4<6Fxj_$NprAEF|oP4;4~278VDjctu3s<>odM7VbZIum@n(XWXUiLa-Wjm2Hs~AAP@b=R3WC zMF0Eu@B8~xN*HVL$29nd=H#3ykkq<$>l~41JWL#QDbs2?k>8ooPFV2pCM4G7_5Aqp zYsO75m~`)6!wYMcmX<~beeOMYkS-G&#)^aWh;gZ=Mz;S$%!vp&%AMuq?<(+wNrzo{dRTCDNL_MxW4adeZ z^fO%yXJr)ih@|{D_l`XPwLn%@cC@!lfF-%4WCa|HJ35f;A5IRAvDS1touZ74jI1nx zj7N#!m*oDw2|a-C){X=_?+%Y|lV<@L)@tGPC?xXTDjcx|OP`YE!(Z)=v=W zH*enH@hhipW1Gl9rAx{fKi}@5;)Gdis-L4wCKlYT?PaRZo%ly1<`*JnO(Kn3fer8TzT z(Rm4EwcKN29|eU5MIF{kM_XG{l4|FNrO5RaHNVK{`5xUw0ERG&BS$^*bsU*Ld)x(sBcRTPpsa6U}03 zW_FU5HHYO6YQ^WYMm=u2rnyW`Rv{rFF|l~ckM}9DFVS%pnAwrox$1r{1_u_xT;o+4iifgIX%L(;9j4^l8PU zX4!Bjh!1m8+W&6Uz^U(5OqzLI2|~{DQ6>vbzkV4P)L)Mo%tWvt`cqR+1WC7~Yw+*~ zx@&1YYbRVUyPT4iHZnYXfg!l7tLyRO{SqWG6hPobaUW41SS0V~^eIb8Nzu^IKw5eB z>>1)7|8~JG7Cm_IKsZi`KPRhUrNk?D#_G|dN1dIW{-MRi#el^^aZ1FvNXgATS;(%QPj*gDn+3~TlUw7Zk3(Cuq3knKC4riziI>hTYj5pNAnO1@R zO9P$m2VOWNKn2@vaEfrijYJ#euUxU=*SUI?l8`W5J?WCq`%>}&xyeQvE|Z>~euSRh z=;lo;OG|71m=8Cu8eDvqkYE6vSVg5d+dw?9>Z3z!vpEBwIVB4#&JLq%OhfA8t7HDg zCMGG#$vIneG&Cymp7Wz0=%saadq9j3NXRsr+1!gv3T@roEG&kQLh`tZkRL8g{6#TY z$Ml#bYPPdI=BmdTri(ovyXzeQL(-Rb`q{O{$Na&T0o|p$u?-hcgh(GPj0p7`>sZR| z-+foeg@>0nx3I8n*fCdM4?O!s#OuOBepCabMwQ4vfBuk?57&SFI?nsHlV?I^9J0V}caV(?Cpe31D+6(dCcH+&GojX>Cn=rocZp zHy3Oc$<`?M)jt_7XH_HvEbVw)o@#D!v_+rh;(Dx#g2N_9wUg!Cx%`wAK$_gH#=1Jy zkxxdw(T(ko9+AzcQK!6kaTKREtz}`NGh#vTI8l>Uk;fiuvR#$`^yyRQOT(l~H*el# zlfz}n9{?sSki6M>=|=CoWgm5VVe8Wp_l8@NSR=?a(${5{uapgDGJ@)51m+RZD znTRp-mzP!<5m{~P_gRsq)TLwoP&px8{~j4plRrpBCA2vuQLdj59_~2RQ&L)5+SR2U zr$ood7#AM?aXjF<)b;Dv-Q6!-X$nR@$>SpRyNa8-emy0aW`Xp;s-cug{-f8VYO1O~ zHnl2he>6DT%l!MaN8dYdoc3o7anikNZJjYKys4S?hI{18&!b#E2k7WDu3h{5+tjF; zy?|6%m_Unoh>j*Wm7>(`bX*<+G?bH*vo?gRMfmtC?1Wa7 zl!~!vj3%pWc=G)GeDFJ$Zvp~^*p8V@vNpT)yIKX@$wx^701sC6%RLH80y?d;UcWY+ zsX!^OtCL@lx-;2c*00&vwzjt4!^0~TK~sM2c@|xr3D)XvLDEV0FK7zhmn!&i``TJZtfFNYYDTM={J1pW z3Xs`aeooHSC=&>x)YQ}r3}5e;43CVYAMZkOA!igyuK4`N3!*ZO)a&eQjkRM)%#RXl zQg_ew4!c<1-H>6th;ydMk(r%sHpIS{1$1NJ!(A+%_2-{sEop3W0U;qxjg6`Qfg>9^ z9mO?sHdzqzi;I_mwI1t^m4%|&8@zrz=014%>mEM$-N&@M&Lt$>D zTU}Q6p?bQB=vW6;NHxx?s=ofz+DG}nVR^#2bdUO4xudr7T0&LZ-@Es$;WwIVU%p7=kR(s|Q=;sw+UJU?qw=1m4?+an@UgJmS%|2ssS$Me z>ECJHSYLmRK8XCmr$Kx6fMWrP{cb|yI9QOT`C}$Ka&H27B(fL2eajvY{`~oymND&i zGb@oM;AjWq7>>>+13LmxDe;%~j^QOJX829SrF zuoO#Vf3A=^I%>}U(i1sBU!N%^=ka8u-Qy-Z0d#(p<3+R#4D5=!orU5WOy}H0u&e-M znFs$RzwZl@IYo0=<-$!$8bbd`xdt>qHJzBh(1+Nw;2t30-)AoG9z>{i|v6-8Ut+t_EyE=Lu!Tfg^}db*9Rt?7Xxz!B#R zU9eGPi=CJ3h2j<#7VxH#-|y_$^X7Q37vXdEp^}mkkV*aQqL(i}80FUF5!q;bd?VFz zt4$1Gl(CkJAOi}Sv%`3AnX98?UOVA@OatyaksVDyGzx(K!1}bJTE2gOt9?3!Pgpo+ z($v}ceD?ub+P9iqnQ7aI_9diTlqAZee2e(XZzm`! zDVYwDA&W!YG}bEYp3Lykyq7LI-7)y5SJ%mD9*@y+Sq~StE$TMs%e$x(bG{|4^k15M zJAL~C;k5Iwngg_6B~CGKyC<1Ks_|Q6wTGkYs}fK9Ob-wQX{UJUgM98qo2)=$J`rI7 zE=w0H-5bpwK>pw^*?tiNdfNNoUlw!c@41xeMVSOi53NnT3%()R3=XYr<0cZ1wZ8jd zpiGayh_2cJj4;kaGNHlrCXHuBfu_`qNWZCtl!{Y{uB9)xK}LGqQIa^1du)M+RtuQ_ zjZc!D*Z~yx9lQ6B_F3~7z8LrNyL(rM=LcaSE@*byLNr2vaO%2-2Ku&l@80cZ7Vmhj zo?briV{CGy^LM<9zmTwIyE)(Uw)Fg$VR|)_ewW@Za=wXE2De|n*c=@Fw=tQ;t8w(U zb0J$qLC^uJy^GpsJ$mf|R{aWDA$t$_f-=kC$JUv1+S|9>R>ZT`aribt;U7gTH; z{2rX<>Paod5~sD}=nIa0gMx`PLd~fT0-iRb6T9Y5-TS@Ienro2 zX{7z@*bnjBCPm#4c_v-fXgJ8;r@Ua7H#Rnwmk&7l_CW5!(2U!uQ>VCSNvBv}l%Zdi znwskJD{s)HjPul~40VDDJB{vXYN@?sWQuZfkW=UsCZ0Ue*c@K{`LL)a_}n2~N$T%B zj~f$SmAgL9I$n#y59r@LS@C1o@5&psB|D95fCn&0K8@S;6CP#a)61K?1;>{-H@-eQ z2hPUL9Xuqse*1ydHYDWXpFfT6eh39J{4fu41r6`?>7WsJuU!MjROEp!QIgEf%_Ss0 z?rNc+@!;U5BF}Q!2uU`u2pIUn75+ZgXpsX%|di(mGrm#;b z-xDfb%bl|;e8+bg9cBs{K}APP29+&3&CQ;}X>oJ%)UZn#Gy*ziW@aWPABcPQ<;8td zO~PfB|4f+){1cGaF}e8l>sPC_OM7(fAWc1b^g1(hQuZgnlfOSa4!2%k+10)m(B$x8 z3;r14@M1_0$B*x5pjZcC0Ua(q&JhwV>$;!v?9j>;J=WXx)|U%IX&bNe*KDZqgsO(K zM%U9YGJ0#(?TWsdHr1b{$`m3Kp8V?7D^5Mi+l2ZB7vH|u8)WvIcTPD+1*P*AlYC26 zQe;j#@kL`>sg#)+kI}dFi>Tapy33sj#=XttqEKH2@yK8{miGNgmk}Kb|xL%5Bn6~URNS^MSkE?2X z8M#|_C5&mTjBTTGV?CR6U+nC0@AmHocH1*I@$KxvdA;|JB%!kg_czECM#yfgOq#9v z9uxg;pf}b%;%QqdGJI*3aLQZeZOeLTxri+Dz*x7gL+L*{$K`^3XrdGDzC zBu_`px4+w#?VBvKY9;6`vz$d`K3qw?cI0W+s@CY=w*7V}+EyXPw=INkJ2!kD*;cx3 zk~!-rpZF-bxfC%6^(K`~HF2b%kdi;x!JENd_KHdK?USif>f0>K^LvZi+a-7De`<7H zUXL1LmnRkNoFp z>WdTkO()pc$``w=cHcDwIOC~U{wccDGxz5cg+bAIWe$K9yn+J)0vaWQa1>Gcg zZRsvU@DT8UcV*Q-i7mq=S3Tq{e0(;OLd1kT7bp7He+$IbC8(A<41HSaRVC3tiPBR`GP#022D36D%y3lA7N(RvYE= z@$^2w9hyo{EypF=}Bdn%vDKupgsP2{TI zefLhvyl9<&C^iyT&2G0ka|pa23J;Cc%Sd%~bq|qve&yo^mTmv}q<8XyqqwpioHTD!RU1qO8AD*ALQaEvNtu&ZPboJ56_?m_WvadUi z%7wRDwh|V0-+f7%&ZC(#0M*N%GP^yU+es)6(ylKdvxwU?x^rxKs%%=GL~h=L#nl(|T>QU%z$`iqlAZ`p;$RDx_Yb{liM! zsbOupa%(ItL2TiN8Ui7C+EFeXTmt~DGl3~2Ej9IvZIQvFv%5o`32mZiulsHg45mv) zm?Ua~8HMqD&|{&4vaqtVkKR9GdkB^yJ=b2TtmfMf<)enNv$zs>24Thx|Ln1KEsB0) zg_gvpK@uQQZ%N<0GmQ_Q(d+}8nkOtO9;d7gZ5ko6(TUlss1Qz8GGk+(h!>2 zcKhgKx1__9L6$&{t`t2AG%M=fTCNuFnq0(b=Mxdp)zeo|;dS`=*f4r_p05e`3jyC8kvSTKS?GqCd;+r!exM|zClPPaucKPVP7tj^r{k=qXa@f_H z6Q!_%Xh~}2{et%e{E7&G&zXLGIuh@h)j*{xuaTu&;x_XWJ`9-P5(bcpDprnK~z2h2WCbLcJ-Lx|X_xsA;vY>Ec%!%x}_KP(X1^G_yO_y5Pp`2{`0c=zAW zpoF+YnrQi~O%}Ch>S$UljeN3MKK%2g`L)w zYrWI!w&vN_5yv=Yup{lEV2V9!QfKEg7xVe^Wyj2ZFPCW2%6s3YJ5LZs+P;5xoGxDi z<%QGl>r>w2f`V=%jd3vd#qry8eF-{(_RjJ8JUfr`d)o3g3RAdex?fFG_0x23y=`EN z{0=S{aztRNRl{Ioh$P8p&j&pq6a-zp|dR>gohLPucTSO4yv^U-Ib+?$6TMQ6@b8#$S2}0QU z{QmlEqU3=`v3vZ|WdDabub9KDmfoMc?GkK!Dz%F!`|nk(b@*(&H8|AYP@r|Fa(m9s z1h3iJ{3fwAg#N1N!$rmZQa7LO1lcC{vKmh?l^&NrQN8-!9V?_jnCvl9j0BjqPibdW7A-m#Pk+3zgwk zu{yE1_|1XXxSF1ETaUWMK!?Uj82RN)t<1I<+fsB!8HAi(IlDf&^78n?r%k&vhaha% z+o+z8kEBWUypb60*v6URs7Rv(Tpd_l(=-YJ26I){auQaMtqm*?L6F zB$|J8T$O@r5|HK$J3E9%)M~4iR7KcZpNe|An3xO`qkLs@CA z{-KbyDp$wT(T7GgKqR8SuyFcR$~9^!DHYg^PAbQLC4Wmaib7vqovfHU%?iMco^ScE}m%$o0FA#H}q&`@≥5K-Vm^RVyk20yOSCh9J^W#;X@@rgoQfkeg5ABK0liEgEI!L1P`oM=9J@AMkigACOc z1zo&1zx?|ByDpDQ?t5dLutugfj2r8Hp40F#$c4|3h;O-91<>r+L+&--EQ7W#ILgvO zyFpWoK$C5e`0~KrCH!tAhngU$)D*Ic=h9Rh?@eiK?dK4?Sn-HWMa{drHm=9G3dfxe znNIDbv)ou+fU7tbP6*H-7(8XuvqzqE_1|_LWTLc*pNi(zgE(zlG8}~>99MM}TNf7@ zIS-Gn??S7F@8(>>h2WbfcWFi0@W;UE-hQ%;oknWLqa0=`5xe|Ov}x4Sudk8ju)(P8 zTwD!0(<0NL!>P0&G?na6_{9~BnfQA^X`wIQrgYK9_9LN zo{+NgPX59Hu;%f)bxSCYs|Wx=o`aNrl`*^RLH5SZcH>oUFAE)mBaP8p*p!`@NJvT3 zGc!d|z;X;f{TQ{`BamEp-Gw$^lMDUD>Fri28B$|TLj1+GMP$Xg+->fxf`Xb!&C7-Q z@~^vmaNkyXb;?cB@AP@f4%?LbQ{wIggAeY!vyg4v?x`N+)35G)%UUY1Dv>=vDNU_% zqGH%^tKG5yjluC9l5JfD+L_O9x9+ZXpbvtPJ*Vto|1|oJt+B929vM7BODhepYm`Z+ zWx*+;Q35(t_qt!vEiax5Z~d?5lQ!1T2Ay;)0SJfqIy*a?s_^Xl>i3QVyB?Hn8@^4 z7RZN#kJL>${`mMuq=`P+L(Di~)kpD1VqwMXF*9 z9K(o6*F4eL^3aun_4->r1jmCy2Ai4Zj5RdjB)I-~L-q!ptII%#gQ4qNu7fUVw)`

elmyOf#;$03R`?sB0>T6b#szAEySUxw(jpAh*P(A7AW z)vz%syH=t)RyN?b>qcd%fOW@v`dWml?_5kjnp^1)mc5p4P8@n2q}33?=tMhcQ@LJo zlD3i{yz=_VYM*jm_%eUmoSuQ#k<%=!A|kOg(kj%@^d&4R%6L$~WxIxEV5ZTE!kEOG zo+r1Y=V%tQUd2j|9ugwX47HR?M9XjOi6wVyYcAo+umo;_$FSy>=uW&HDAQG;PHU;n zx*Yetb5&(2kg>XL$vK=gxB8WQIx~mgQ2_b2kv+jf0Q{Jff%0B<}!}4Kx2U?BqdQWj@;jW_^e&u zyN-^Io}M1C1SAo!t&JtF+hDZqJw09+Yj}K!_b2GyY`25_Yho9GS6JAyG4_Jb_2$(+ z9Z?!oA7BU2rywTL=R?K5>qE>w7ntE1&C0R`a-93!aNK`>tOZV(&5dc_emIKN)oH68 z02B@KGCsn|AJ3#?etBt|2pRbUC_-{zLTf9c+$Zc)o0uW%y~ zr(ri3UtgJ9n&?FDl7^O6U0**wIvT3g5@>l|LoePI^0M3b>oi&(eGwSa`sG{3oB+`i z&YA?!XI!HgHYu*qEnS-nj+Bw&K;0CIvmLH`Qsz1xkM(|Q(c*P-_n7u(Z&~G?)D}rM z_7t!W4AY>!0|fiZBe2$?htaiXX11OuKmVeU(Xo`b$;rkrmsbZfBC!FOzguY2nJyk8 zkAhLHS%%r0@5cLWQYvkkI%fPaXs%$c<~L}-Y5jL@*p3qs9Q^!I_bfV3CHSmbXlZqR zesnOJ$3P!*O$QF}8hw6f7VmzaF$A4L3bExI7+gU`;yLmic9dC^-Tg=SCx{9J)&ofj z?K#+;L2%sxZqc)g>~-bVD|G_0MWY$M&!S$JZXnQF_pZZbixKK(aya^Ro)4NjuY}Ekg_a{+t~9&Gi*f3($HZJT*4{#k~1v zkNg;T>f&_2xK&%m6Hbk({>p@r6`&EZ#g3bh0w*qPOPMd5uIL5|D!DcCSbFH;f#dNW z;~cbu;}XY7j2YeghCQ2HFXS>`6JP%$dF4v|)_T*H$WqTOOy!BYB6^<0o2dvWP5 z$PTY@4dud`8PqMNI5i$`pKg2~8(Ax8(pD&R~WM#E7TiRR1+H(vNuxqC?~!Kv+|rN&V{L#v$H3>p$Kl7A?a zTpVy>23mKzBLaLkJ6un}C}doq4ZBvFVvI|-O;N59F^)kIaoYBiQmDv>FbXe1WB^%R z-&~tM=?@lj5=u4TlunVYp0o2pINKEnQ8xVD0{vc}m{_Exq!gc?8N9QH>1u)kEKXH{ zbg&lTpu=O-k1Jpkr`_0cWau+4ER45WftP^oY8F_wCd);j*8fMvOz>XpL^m))-Ri$g z@eAK1DV)!2O<79x_I+8eh=E@MhrFWGIv#E!3>_JGPM!x+hNOo>NF~u@y973@sjpvw z^haCw!?FNM66Cqs`uYe~3(#SrHi@pG$0qD^TBS~7xE7q7n34q5YD%U1<0iuFvuuc* zATM7BiqA*i(7(A@w7$L$9?0hAV65?|MR#`qheIhrY;wj8 zPX6<_BD4-186SXH+yOMT1mDdSBpgKk5jr{R!>R0b*wS(^ zYv4jic5t0+ft>`0gxGoiV-llZ;y8?VAR7DH378~X9JosX9W%G^Wc@5+9Y2D&3I9Ln zORF+RN_NHS8}`cAw}xs8r^HPMANw(n!}e6 z=B6q3Q=FXe;-KhX)zn<>xEW$%YN{%aW(t(mcNmJmAOw6>@DHT#FeEClP>A3y!`0FD zCBkRX_tSk*ExX3&LKdAzcc+#u-B&LFNXxjL*$m>-G$;6?4h-{CauDwGaVdeTK?s_Vp>mqP=%N z{K5U@p5&dJIFRCmV~;r%?o+3Jy88gA;e!11L5OXHfGso07dkAtmfke zmr)S{5+5cm_uOhCV-U252X7(?!3s6EA}1$ws2H{d@jvf(z>qkRM7#kcgRKRFtrY&` z`rEzj4VV_euwuquqT8V1`FYnq_Yt&z3w z1rrTUm^YaA>m9p~A3L_XG~E>ctUzt|gHK@z3B=hc{u`l`R16Fv#x1BuSuOp;o}lx`9?hRVsl^eAfax1;|w{a}5INIvm{G zeenMZyA~LvR0t@cF2eb@3e?m|3xk>zFS4$XkhbDE^KVC!n#~KePt%f?Ntv146i;u} zx1OAi&b}>L?sPZ>mUUz>sX$t9aPI%03=LnJ$tsf;mu=}A&!IoVju&x4ah6fEdN&J? zK?RVhOT8y{6@Ud@`Mn2Ee6Fgp!SEC?2+o)hFMU~W1-L41lf>_g;m4gA(L|sVp983m zPRap$oX9?fnM9m?)ON&-e<%*|R968}Z-9=-Bw*Wv5D;IR$OnAeMM?{UCUjba-m*)h zwS|RNi6h&Qf~;0ctyelp&7)323+h9_I-*|7e?ax1SLEOTi*Jl6BZU*ixvm}uc@9t7 z@wEcOegPF~3MP?a?==@G6{LZLu&`WgJ1#1H`Em|v2QE9(5HqsiVOP1ah^_&a<$wf) z_5{zV3la}|ZMT2{egqnzBH%X#Y`T8nFVVz^7j!TJjKhmK@E)^oCP<)f8JXH+Vf?($ z`Z5wYk>kU7OO&U(D>F;R?HM%m^d{{E8(rg#gk#|0+@xlSex<~o;wgBAN%pT7U}@^~ zsZ+#^hd4qIR6--gs=s2~+pU|@@bO{d)97fk{7yK9LA4)CAFp-*d_{~w-6syu!nDC} z*GJ4cTf-QYH%tQV5C^V-wH3Po-aaAogBWxek)V`7QeFBP$a5;-?9DIx<3~E5ZlxhI ziYhlwvm`^)MH%B_BaW&9a=V6oPCl(m&Nxo?VS~)s})+-Cyz8e6}uoks0`6aUl=x3WLJ87kz z;kQ}DY0xroSfq9UECK>H;(dr!WDxgRH$bI;HyqP+l`fNAM2+OfYc*^af0?2$v~u9? z9-JmlWKXvoY{lVe|YdX!y}TG&EEtNgCcA;;ImJVnn2Y$5;wE|05XX+B)+a zl(kNvU`{IkZteWt9yULrGV(}MW zm+cuK_Y?Jdn1a!KSj2I4s;0sDbZxlM_7&| z_*UfR&S0Ny%#tJ~nsCQNFoXq$N`=agb}Q0CLY2|s^Oo0)jDF(5`n={Ez&r7m`jb{I zjfS9^mgpjyX`5?BL38SQ)>lAEo#-_Fzz4+hc!)@NLINn7ABF=DO1Mn-+2nWraA!Bx z5_6g8Ai{*Egr=xN`|l&mvhwpUrpDN!JE4suf}a6EH|kqB&i<-ROYkWzEL;TZ_%Y@L zoZpFLt7BJw-nK_jD+-+~!2fBNGJui82M>O7(7kzc2#^Lnj;G<_XQ2QA)hJ>>xa%zk z4^N190~T@SBPkE)hQiY`A8dZ`s+{QWnVOKi(rH!fF5!WXWsS zub(!kSg+@)#O5Bi`a~31(6We$jm3Hj2=MW7>6OkCyIl}1J0s?x3!)!uusIuTX$#G> z4|?*n@0O>;!}{SaTx6=Z3?K4v#?Y^NNDDLp)AYyDjT##2JZBGgU@vKzg@vW12ZT{f zYM!z9o_y)E+9654WLN@S0B3?A zK)*62R_!nud$RM6&Rg^5Ji{58Q=&YQqZW0O5}zr9L=Q>`TbGj&(`r_ z4BpT^;DtM(6kEe>Nu*i$R&+#!B*_J*(Qin{UxFDu$F^%``nD8SWT(G=JyV|D4M2kv z4kZTCO05G!43}JbE0Oe6Xw~M4IE`NAcTcA`xe@jnlLu`|U99zvnAKBLi_jLKWxL=q z0ZL6(#+P$Atiy}L@>WA#-K?8PM$run4%9bf$EBkS>*-U1`DMHwK76QSTf$bJ+4;hY z5TM#s>FXPn+7PRy`*rDwE{L{vX4I}`UG8?EH&&%+F z3t#yB&ECzX^qh-84@+zg}CnowSK35`vh=S4~h)@Df1@m{A>Z#rLI#t|d;;B;F z6(yw;;-Y7*q0XQS8Xh0NIp3lTlsFU@VE$?$qmjF5)(fYA7%4>c$8uXBWuA5C+4zy^ zcXN%y_0bV7mEIE-(cWdCkxP@^=xuzg;Ij5xN4K0v=#eHZ1qPuZtxS$pk#s;MF>C$3 zD=f$rV_ZDt^WSlL{vZ)PX1EaE`%8DdEjxwslEw)YTMLVqk@xT2%QZYc?if6@o18(` z$1;w2-FIpi~C?qX4q-SGh$U-=1oQz2bfTO64YxrXSmvKF^?_ zhr6m?_?1h|9U%Sgxpcd1$Yp7%daZtw-?iESHF$~O9$qcH=wjvyAFr8NU%ugvcOMz~ z%tJM~0AuDrWAQx1&jj%G^$lk=^!f(v^r&eYdZlgI2Fl^TP()DCs?U54J1!H&rRBIX zYhwPM>e1!>pJ41IV;0jr7UneeeHckq%y)AgMdrwP%bmP${G0ZEW22}rc;_~Qw(jC%W|2B4ex`&UB)kF9|B!u@LT95TdYqEz5ANR51*!Gmu@ zMaZ1DMj8w9^6Jq4CnIYB!>+0Mv$*IpKiZ5Vk0EfMm0>zp*Cm`598MUUK$ zwlw66>mX%#(EW@;*G@fgA+*^bQ~9pX$N*)&Y?k4o#VG#HojdIrMhJv5^X5cSI_{mj zcRMl^8P`%F`{RRCaEyYEK7Bi%66iIxD&siun@XzenaThZL5N&QEzw~>}1qBAyV@rX*5#JZAJI(|oqVblh6h|!J zfbX-;R#7IRqM|^LMfeUN8 z!dP2ddwGfch&P~#okB*$WZT}|ql|*~1AqaT{ELTZ`RI|HBe4QUpd%rQL?tX-h87b$ zb-+DRI*H>qaichuSY>=bL_Z2jLyUl=79R0vnCuU*RJn)~jNqDR38QE~>$$X8hHuXT0wq8{_05CfirF-$&kh=lbA}qV`+!TxhVk$8x}GR=JNa4?*og<523@0g>?* zzFw3D@QBXtZaQje0FFV_Zt&%-tSsmy*xvlyT&%q!f>$%j*~JB7(HtNe^sF-c6_HqB z5s04U?U{|DiD?;*>LM`FFp|UEe1hKO3I_r^-z+!Ua2I(tE8-~{7j(` zU0vw={iV*N@!W3IQfwzqfcbaS*K=Z0v%Ov8^|h&v+~a4@I-+Z?mZnthv*F?7^cEA* zz+Q2&u?W1Pq9vSqum~g|qlb#5NxSYn2y2@BBd@?k%cE1cU%M?MGZP})3JwUi3%$!} z{0r!fD4ZgAj-G`6{|E98coGIo1kRqt&b2_IfEddUJyfi?8w-V)CY3x+kWI6Go(ji5 z7WwU$ru%XkFV47E%Z6vXdL`&FZ;lSHm$x^Xup1j2AkhHfmL?{$Vb8ifKgEc#k^M^R{bOfmf`^PGUBZk7WU;B-VF(%sCH0%&Zkx3wE{Gxo}p=I zY|IB~2;)98LzR6&^aN+s*VwNt&D`y$Owk)QC~-8wMTqjdddf5BrRn}H92z8#i`j|e z-(M^~Rt*1zOF(52La_S$qW^T}8?VeVrv&Ajd*3=sPMkZ}^6i^Fq8qJxiEk6#Mbls@ zcZ!a;GR3_)uc1+i7M_Wg;ec<&PkBmIFf_6`F`IHD73PAuxjB>xy3^XmmX_KuyhYce zG!{7y%a2;8yHFm@F$L{;Ap@jz*>&B2$0(77NeNEBYzmjEU)_!IE>F$VTC zvMiKIvIIBJ^g+DGS;u(MnQKw3a`z+-P*U3CleEyVg166{tG=obE@#4Ptkc~jYr$|j;QxFjqV+9XrQ{i-@ETSJy`~V-MUL-Fu_$_;Tz?6OZV{yxfqhYkVIluY`EU(K*SdW-*Sx3=k68EvbdGj3V z!lBXTVuv9lc<9oQ?ld)1R13_Tw==0(Jii~z3JiYdr2X?$6iw=VQig^s{Wn-6YIjpG z?H{7W{fQwYQdAE!Gb@`v-btIfPwdUEyX?6Cz`!JSOJssGCqA~c9PFD*OG~rr6@H!y zs>Y9c1Xl(sfiE%#1eBpPZ5Wj0CItp5s*Pow!TOa7tZ9} zno$4*#^0_{)m9Y=;F~c`KT&Vtti)>)6c8}h?W(W82@4Fs*-?!nz(+5IuTke{pYo(el?7f;Yrx&)3+OcWyxK{BE# zB9%94H@mO^P3@D|*aPCtyWg@29VFmeT{Aa@(;jmv#40%*H&ek=g znW2$s-V}!igF|*ZWi9s6_ix`kQ7_K6*47fCGS0AZF;$l~K_cGb!kHBT*+{wD{*wF{*4TDHGkU z>gr@b^?2#-?R1E|`CI5LWz zru9rrhLE9qczAF)b)vT?=Jbmq=P97kbv#+TQKFcip2&wHBO?Pc$a(VQmFX5siI)f& z=o~(YRS3WJ{T-h|xI6WQuODdLUTp$5J9Fkti`Hej3&;Y#6F6xn(sS>IW5xtY0Si90xZ#vjkBR9WQ^?g;c9^S60&b^?`=5#khWOx1%-q# z@Ta|y>`J}N7^#SqNy3HA6|X4lw@|s4520FYP6hF|@LHwC% zOT8>Dy{+R0y6?otf?OBs+}R$5=1VP0nqKYX9Ve0|p0GbagJuE!bIvf}FBbe%$4qyc zlmRzN3hS${4`inZ=K}wWjfI6}-@YA;Irs1HDA-j|YS?x$yX6i16x&|z3O?Z1R@c%p ziwjTu9jQu>?2Smivay)~v^U{(I)!Hv>tGdauD;&hn%Y`_uQre9R%*&ZJW6680x1`= z&tts21_UcjC#S#9#*Rpu#PQkT)TBjx&Rn;I+CnVL~IC1qr2Z)O+aa**a zsQa`$>l-4~TIHxff2g0$>FI7tsb~wz3vZB$Mdq zS#_QE6}bii{l?l-B6wu@*uLWIO6Q#R9gk-G(-*JIhPJh-$10JXQeK|#!y1fK)P(O1 z#kX%O7wxcY(rR+3`89Z~RuZLEZ|YPvH;2wR>kTVto(TTb*oYtqrUEco+6HcgeE8se z{mR5lA>?%pj5=`surN1kxVI!C{AWj)l!8d=DP<3r78Oz4uarIeG3V0VyEUZqtvM9F zJUl!CA|gh(2kgP2%f$vXCi4z#KD2up^RYpY0pgr#X^cL(vg88R`_7$&+u#3s5H3b= zxuVZL9z}In2Ume*d>1J*9vN&$$|osT)^}VHL;l@CiO9Z4i?k3x#Su5R< zsv?IY={APj3LIZ>79n7fW@#ReY*7d_>jB8>=H`anWfQU8)6;X7A>DO;bhUE3Zv`vL zvi?%%lcZBeGTmYzTc6!i-+wBcYi6Kw3!ppRxdK->a4tQ4{k7#~uA@hdkTNdT@y;F* zFs=Oc>lPwBgd=7x?XMP z>?|T6;5{&TKTDR5v}|Dh&!3@sCfReNs17c0s-Yw8>ROC^fGygOs{wK^l;FL+2HB+< z&0Xj)ucV}*CdRtmB=XAp%O<9#*1*?A{VpwfR3h=mpuz-JJBru!4PTQO9QpwEH4_)h zQjb3h3v0z?0J6l3#R1-M=~&lMYAajGD8lV%y-bq3HcN%LkDMPo4yi9TU%QQ!1XMg*drQVsvl$9@xV-X-@XWNj;PxV zbaX6k-Xy2ZTQ@?~d4C;M<|!!^t@?9bDU+IK1>goED46;C6jjalyDTDB9Xu6n>i8F? zrcV=G~Uc^&D>Ko?&PAHtV?@&A-Q&IVmhm4TTwjjQ!sC!9$x!@`jYReWu;k z^ao7kX*dJ1QA=BUP;E~C{7FOvVEqE?DLsGn(W8}LxoN-8_& zvUNi(8&P0<=*D-F3s;G*%&Dm(C_`3SrphFy z$&*mez7N%n6?3#QH#djN2)3*Lj%`Mv0wz`u>3@sLso^hBTnYro9HzJq3KU{G(tq4)Qu>VS0W~ieU^~tWT9b4nuxQ> zw`X7Fc752mr{U$e`>p1X;X|uT>ypdompN($+%;sw&}jADN$UA>XsyE|K$0o@K{;5h>KbcjBn~NMg^*f0e%s~N>Ji{VX4O- zU1;6S4^sH@y9>>WQ&(IHgr6~w*t^Qg`aXQvfE0f5$A{f9Jx7Iw_g^pU{OX+=YfM-_ zAI|mpUW$6gvQ-r5O6BDey@l{S`!zI_hhz(A9Z?p9MQGER*@@y;8)W9*{=6!qC3P*M6@SX3Etp`BNZ1x-l5Do z=Qp@V*7|uc?cZJ9+cn-QDJ!F_W8Js!E&3H`Z{TPa6BQ+zIAi}ET~#h z;skni%?P!cUMo@=d9J<4JY7<(+g>&xh5c>Z#s{-aB&r!2?&_)P8E|L#R<6)IT|<53^y#a|BWp~csksJ-GWPUM z;A{?nGV%Cy^z?v3?lWgp)35BB-#N{U_;d~^3EUGt{~^!Tb|1SwG*_aXF17j6`VCvv zOLKvBq9qRzRCH5vc%8UKF60CkpXz<=M(kCeJxFC@Vq=d*DsB=U>qWJ@wXKBCvOX9V zwYctm65vM1#j%V-LLc|mkj{EBgP?~b6_PO6W31uMfO~l$7sYS>X&qRj8OC)iKL2t0 zr+!s3$`?TtTO@sV9j<20cNB?VNmc)Iz?b^JC&6o?8u>ORI5(HnQInx^%vz_nkC;1Q3Zx(nm}~i-}p}&TFUI%-`;6 z^zh#MgToI9Ao_=N*pK_9+Z_-!yGSW!XyOhe7@hUY@j0p(lp+b%1Il^pL#^tDJ6QuZ z%m2*JksrJ*4fY7Jzy2(!sD zinrU{=ZsI#9W;UC2v~-L(LH%L0+qP$+S{+9)d>IJYCEFmi9$H`!5eG~gszoVId_D5 zIb@f_iaC-qoNM~mFXLHKwaA*``{gc0R8wMbcq)h+&9;YM_u=D z$C&Bv*s&u zD5@btQv)hcUS5tp2Y_ubRYQOfwnDvV#{P)d5ES3pnv)A#O)+lLjRt#RW!U;KpDWeUE*%j?_;5jiG~1?RoiBV< zvrnW%sw-^dK!BZt0}Jp?G^3#b1*Su6@oe6UFHV^1j`-H2v6hfFfd^YxUw`iG+3L?) zq%u#q4lpsfU<>1gfo*6|Keeat;E(yEjrrix`MPXb0dj$J8mgXPbCA{g0Fwd>eg||4 zA`=SgSuFb@E5Jd!e7(2DyBAWV#Py~}O$`Q+OH@9{{C*o*2NEB@9xWbvu&wlgNt&xW zI=cj%^U27tl$ZYqZf7)~epFhLdx9@8ppZyUe_+;w zs)CwXD7~y~9rRuVaD>p?9qD_FY$qb54g~o0R3jAOneSm?S#LO+s8MLt*;#Te)Z9%z z907a;wJ(64I1!sKM-K}K%p!|LrhNdyrQba{1?pMkSsKTYh@zJNqx?iXz{I$J1O{Fx zHDjc21JOfx6L(wS8Q4Y|d08hJq{ZWro12?{Nk)7eMR5+lBzYsAKd0u~)55?V(Ey(` z;8uf$D7BFebgdUlKA-NC4%|Y#ud0$B*9De^nko=E44}0bJ`*f(wCOJcBNDoyqOH9t zKy|~)N(?kI^xI#)dPPo3I@=moz@PK?58>^Tkj1+!8#0YSRi@O6$g_{jH6Z^ZK zEE^;*`aGFAMR|YDIOPhD`%imUAVbl-x+$?-#RmLJ_kSO*V!R+2dkeI#xayjMesr3` z8%Ka?MUJ}jveX}=4?>>9NME|aakNfCRz?e9< z1gMChK%X8-tpKI}cCr{cQW8xoLcMGg>C`UPvsBd7sLeB1v_0-Tu+r2gWL+y7wt8gg z!Ib{zaPssm;AY_|=?E*2KKy`g1|Y$Zquwy3QRMIa*NSXmgapX4&i2g1Or19ZjmL$I zcX_1~BpDzJL(YP}Q!SgO$ksTT6= zCB~vlx4!0*__k5XaIXLvmk<|6`GYqUA0NM*JHS#8F#&NTM5zDKmjuhSH=P5bA@}tw zan#2u)#dXBpYgTvQT9yUymU5@m6esMR(i`qa!Jy4j!2Q1WlviSo;T8hsaRbdGZRyRb+^j0*abclwLW)ebeC(wrI>jeAyBK~rFO5$ z%%WKYMI8A$dh+NSR-^Xi2r_f*es1nlr}g;9((Eid#rA*}WU7F8%5kDCgFRwWibEFZ zFgRMqC_|_m+e+Sb7gcs-tgd9GRf?%5``VHS?4xPS7nU5HibxRY87LWzB&WK|0ynoV zH0^%;_<<}omv?veX)cAj_wTDTuA};fHxU3^Bzug(ACfFfz|8=b0%#9Q%O%@w*VACI zg=VDz2YL?G>;!Ds(+N)J`}Z%ClDxC5>JT4?2cGWr4c|^Fii+Uo%`tFtaPH1M``FL` zPFwIdCUaIJvsYWn&iT4gj?T`Ek3QfzW38m|PzJq2jpFgc&I;y*FD%`#5!VmtrK;m1 z(Hk1S@hQ%VDIhO57fhThXeAA4t&VDb7qJ5*P;3B(HcQA<{(AeWLg-C&%=EEYu4G zKYwnBWr0@V_8mKnGR$5&orVh*9$$n!7ocRc3^wDBB?nj zz{;e5+>RjJQ16R-6f@g6w_x6TB%u$#ZBuvz)obM7kv?B!r_o2ME4;hF@V)2`z!H zF@NvFm;Z~bb!0?zy?dsoIsXaJ!Bl4!*!hb{zYa1n5q0}W68XUuzs!_I9_os^70rQ~ zdJZJ}gVj4yCdUoS-Gq-E`A}PXo@=kGi;F5f5k7rTyaPm!yEs3(zwbkL_3+^r07ocq zYT_ZfTUljxMXAEl1AmKz|0>g$ImoSO*(A9X=CH$wB@))v&>9hF0@rNsL(;mz2rk`g z*S;)$pIchGse6W>UnN;pT3`m(@3FDijZO!Lf*?D)bcP06OY!NHiyP>Z;_hb;Uqg;F zVt;nwp1(`2V60O8)znYco=y)?l{dc z9qFSUE(kAp^{M6W-@nx}=w+3vL;x@W7xla5!`mo!_Uy{q+5l8g=->c`U0PW1dpigi z$;^ykH+*p@1gDRzA3@~Lmq{BO^hj?}QX|)?nL+29eec7hFyAYC+0sKyVh~ZvHcJk{B4w(bCdB=!1iXWb9a^>CKx&5D>zO3!NUbK(K+@qiv!3 z(xPkX+S;)lb+Rbb!%SkJD3UeUz8OaTDF}#G)6F9;&(DHeiRgupUUPzcGmxbow-y^0 z2cCn#(WB&oe{l!Lg6!?=S|w&kynCoHBqkv&tXf+Dn6ZtiDd`aXWktmTrk)eg{rH;LBV_1XxCX16v0Nzi~e-S)@sy zzkET9`4{8})RzLJ-00_?r!Gp?tS+FeN;Rv@S z;A%(qKJ@XaM*0d`osQu)<%;PT6Q=CPAH+|d%)wd(Um!u;70YlNbIT&fYte?0IRGN9 zLezKJb#!%slO#&qV<4lct$=AGyh;897BX}`Uv(K1RtpA#XID7<50@&`-5D<)S zlig0jWU>UW3oIpIt8OkX?vOkq@7e(A2ug%=j*|;0nb7P{IOohSCRPIOMO^o`vNP^~ zf5qlH4s>+T|1i=b=VXNH?G_Fhs7-e5-iV;KC z7M6N+Wfy+;t)Z6@2VozyE+~88rUCByUzmUb{Q{v1pM>5yDDn<7{m+Ms!1#rMcg>EM zj~-nHL`@_U1JlJ5MAdN%O;*r)0CL;rNk5H3?tzB@7y*UzO&k)o1DcnQZ-v5>0%6`{ zqAeBOMZ{_`u+fOBx!_;}Lqi~^IP)RMz}gT7hckxfF8%;E4RDq-r%tJTw~LWk0lNk7 z1LaJ9Ufz%>EGQeBn`aPABqb#QW!EI;@**qi1qV}9OblJ84b)7K+RR3kVxrhp8efThf4?=_mIP$Kr(Ce{myqPXy8b;kM z#cceGH1Z%cH0Sl}UtQS;k1;7+Qqw^FgP@FaN&=e5xq*FI^O@Fp>T8}*j{&?eC~?Rz z;3vYo&_m%lfr5tP`Mi`=B}n}6Y6pI6k5-O)29ec^AcPc4pr!=j8j2@e`5}=z@o(P} zi90Ck(5b&6Y6h4C0R?dwOdq7qF}69+Q-;z>*S9;LXrLCUoe*#{@9BaUF;qXa_9J z46t4E0r|!j#RPhqn;=<%mIh`pIs`U1ZoIfc=Pca9&KaP4gCeSHCx5TU;Vpx=MgJFQNoIF z#ct(NK;|2CAq8&Muqu&~k^-v`QDPm7pGbcLwF#?m3;ITcgJ-d^82k6Fx%ni#pTxv4 zZ)O%bg3^^MQXZ=gpk@_31T7zfjo`2Z&hIeuD1wpevJdP9 zVsn;Q>_Co+zs0J?gMefMd&;lc2Hanehk$4LT+$fe^?%hL` zk8I*Go0KPNVEhRQf+s)@ygo=R!S6}wSv>!CAb$1=l0I?U!730UKvt!=-wmePBIrV3 zv3p_I)@&1?5^x>sfoxs6cyZF}hr@k6w)dRwp=QU#&%!nV8yD2TM4Kx|DQf!rE6{u- z8t5Q&{Qh<*2MZhv>6InAmR(4Q>NZd!w;8IeE-#br+-V3}5ZFv8?vaG`72iD?9Gjgt zU5bVSZW%c#y6<&35_kEE;xPOCYz1U!nQuh@J>>L3DaHxcAw3VU1knVoeqgXr&`1GE z04ER~7{pHOi#h6woaw%f0kl9+p5cxv!LY$2j@dPd_>J9wq8I}7Tqc$}pb=olFR7@g zfG~;=7Z4Qmy%uX_EJfq#b2eq@Rsw%D(B_uB|FQ~8ZGvBs9f!KAuzCMi;1YIM9 zTkYL)tKURJtiQj@HsG%WJ_|Au5k^C_zK(S?LMzI|K8H6m33fI+uUf=E*5CM&sG zrXCoLHu%?`9yFTy3`@`+f_1M6J{8EI!2Tp9Zs--|Fl-Ka3z%qNE8rOOf*lV^D)2B6 z;}JO}PMpZX3@h~RscHc>juQD@NF!BLQ0WXM9{6ybsK`Rjhj{%|(F`o#9Y?YYZM`r1H-vux2uQH}Ws%()6_u94m=;wRoYaJjpqd!t}ePd$bh3x8vPy`YQ;?>CBc5eI177( z46p%udR&pJ)%cthFE)TU9{TSyCcT%yKx1L)#bSXC!=pzl?7XVA-g!r7F`*>hBnH76 zY9VB#c+EKIxVgFKN~01JX=_W33FrmURXp8j=;^2LkA~bFnzQ!yyLbUOp93Vnx<{Eaal>og`lM=9r|AZX+XVQaax=z);JMj>3?)v6! zQ_m=JNg}ZU@`8BaQd_RG}Z9T zjE%MRJ(R!TSYZ4tlI_{n4W@vGj~`o@A4CrqfekS(`{86SsQcJ5;O#hH!B=_Jr9Du*)>Vjo@4_HkTpaXJK_?q>=Yaw8`2zLwB%=srtK>9Y}+o0M5 zG5CLseA48(d{@L!QvDttt`$(i zIwmp&6jCjj$?WhO$Tu_Jy*(az9QrRQ8iDhG@_1_nV6^R1`z8Mu>=9sXjyh!M=T9MY>yZ)? znQ%yZ&?%(!Pr)&XD22!$FaS;p{z%-?2wjL1oC?86<7fO!w-8SOm%yy;3}m1# zN7?AEFY*t@u@`^K&) z3IldYAQ8pJ8y_8oEKC%!B1Xak1wD4(*LSxM{(N)fauireXtDyBMyCm4EC-NCS`D7$e`Sg!dftv_s9`Bmm#1h zICo5%_xQ_(#l@{M-wp2=cbpm_bp6_Wl^RebsqEn_LnCm)MKRP0CgWIfZ#0fOcGM3R zB2St7^M}av0$af``Z%nXb|%%?Lu60%&LH;c;O3p^wTTPHT0*&%sqczn8k1(Y>OOw7 zK-!IUCvN|fqHF>gFOd%qjB16X2Itq8FJDk~l8}(pENP;#ZhQCcckIIjmsFliuttDA zdJh>26pvYpR8&4YIF2T5J~9v-z|!xxxl|!6twAN{ms5b6lR#J`()@yj?)17qK~`fG z+Jde+gfftKE~6Bm=`C)5|K1eOpLiT&*P@I}7B&Gwjt}x5NrYqrNeuG;O7$I4Av<<& zj2hRJ;=uz3jWl5by3I7R%QDJS>c)``lAn%miUzsM!}wrx1>69S1T?J;Kcl zP#O0c7y)douY)^jBD<@J4L^qxP$feHAZ>ikTbWgiS-=Xih=UqJ5pe3leoO|&<3x6X zAWv^jtFwY{chIoc3V;d1N6KI1FtPUnzcor5_??&parn!U%==6xX&m?O-1ap-Ie7^A zizN0HB16qKV!?uyFLS{uRh?*FhqRO^O(m59F#|Vl&*BW=5a$ubuo@e;;Gdw9I?wwT zq-QWU5wd^+&adr!D~-$xZJoXfk8?02;pD8Ts$$1zu=MngaPGmC)+FaZr-v^(e#Mx5 z0Q1mia-{C5u}>32^Z>({_QfCc&;i7N*Mx;z;okr8^XH#z*FfPiFmMM~6KQZ2^R3&r zadgfiD_mJ!t$9v_EPzOdK6(U!ozMb@poj=+?LoZTj__=a^RMO=MO<1$csT4Pz>)`%D=W(y+$$W85fS^e_Y=nOPGBg}-OZ>+uq1X-eI8xn z+FPAd@V9*Ly9*THI0Lc9V*}GXLxWOHO+Nf-;|M@49I65*$rkdIl$4O6K9%Rft)V6H z4RIJJwyBMc5r)oyW6bafoe)+Tg+(A3;KDmofS06JB= z%-8pVHG?ndA`e3333_7QEx9#2&@S{G7l-XxxPJ z;`+wMiU$jH5)c<->zfH4ph`>E&S7QCA&m-aFol!j&89)(P5Dd%& zIVPCU6~hO2D1?LNhZ3-*Sg#QD9(?0jT%1*tr@-t{BJ17b>e>l8HCz!+ZBUc2Pw?lK zL$tn2xG9Jbb`Ok_pabb7?m0(|mi)DA{fIfqv#3AtHF`JNfFEFQb3=m(vGLu8Lj>-C zF$dtEL~?^FJ3HGX)bAB9sv3OMwK%*hNCaTvK}&q7{0h&LIvg!&6Vo~+6PLJC#^ zw6=aHAW%{Q#4f7B8HU0G{WpsQvm*NyYtUm+>;N+L%t?0KFES*w_ZUcsv#;3}%zUxMBh6 z?~n+7{1|p(Lr<&k(wFi3Zr*o)I5{}D?JOIAY)y^q(W6JlYZTNpKzRTRfewuvXBf^2 z$U6$I@6(h6H!@t~_~O#i7~54e9BA%lp>W51pgF!_A?2~Lv74r*RnuSl`}-kmP$^JM zbwlGFuw`H%xhWNoB~DyD4GmMccwjL0$XRXSJ8Ik!5}xZi+z}5yT*ttw2c93cFjP|L z)Tuq2lVfA#hbe(}p!9)o`+0 z=~6>hndH>y7U~-tt#Odm>`L>W;>Dzrrlye`(Y_I`jzpve?DGKUU@HRcV-x800D-MG z;*JHOGZWT0g6-@c^9V-(GQ*mWM)&UB8$ZFvBC+jAE`qLJ2UnCC4oS2nk1{+Os_}6H zD-{IoXvI|3!q%m3r}4Lci2oZg5nS! zPUL)vZa3AeI%#8Lv&<9S2r(n}%OMt)j=f|}PX&&Y*jA!LHso=}eMd7pVh_M>Fqi+5jZ}T+Hz}48=tgOTI-Wy*pb`Dr{s( zcSm;ma!TgO;4Y8u*6BpA^uwf&({lB`QYyD2yFw<^kL)bzy#gR0VQVckFp(-YY53EO zXz$F}%SukL>7c0yF+J?do-{qDc`(amy+Nv0S5GgMtms|#QO2n&U`dbT&&w%oppqLgTQ z0H|^0FEc@SN|I*v)#P+C&!nc!6R|r#-TB)}4m)%@SQ=>ZNE6Clt(<7`jo#WM(7xXE z+CM5GIajVCePA*Fj}n1QlIwD+IaXn zu0cL=Z@}`Bg!VkWb=2dy0Sohk*3JBf;uoO@Ojsde=3wcno% zVs5IOOb^|oDfb(hDySj(u$D!uMT;@#f^!u2rpM!4-ck@&0i~k$uQfs|D;F|SBHW1* zSM&P?$8L?sojbBijr#mwtUV}~$kFg>2c6|B3V&dsv=q9F{eP%+N)io?2wkt%`t@$G zrt?!HcZ1Gy>F;0Ia~nD8s-5sWzbal?rp_=T8j?1F)&a2-jv^3MemZ}&72mj@SLW}E zZTj@TbMyo|?nsEyY)_tkcx7o%`&jO_L$u7Dd{+(oTl5Zb7HGyhaA`V!P^zDB5wR-t zd?OVm?*On8iBo@V?J!CZI1KovWfdA0RJ3h&*>(Oc*gIN0DQVAgwCp-zGv4djd#~n1 z*1rR95AE5ia9K7Jm3hMZ&Ppe6RG8gBI!2ZdTBA_0@;KjjLOkm`9M&`KNQUB8Y;a(O zuu0Ky?1vl)tnv~272q?=JN>4{oMY(=j-~f;6=f##)F?*&o=-iu!L~G)BUAr}e)L4s zPNwQI*&4}XHP3v$Q9kqAmT^`?8=7lYqJpGdD&Rd)-tLfzw zueAE`Af!F{-2GkcX}aE1{QdrB`CUJrp6u#~8jIE_?X$R}QY4#Au9{u(ao2I%xQRV? z44W6b!`63Hwti-{n(8hyqzn!CMxtFxy=yn6L?hc~VBCtb%dYtW>!_&CNGZQ}>uL8~ zvwI$2Ax(b`H=t1mD*eRC6|m|-^tcm)!% z9-MpwxPPp2faYKg(*1rKvYzvzs>8!oOIvc^)|+Mv!$H20z(Sd9;ARdiYy?wle)iY1 z<2-D}B!qpL!dv^cBoEWeVN505BV19yvullXTOl4v?anF&9;I{9U@OIeROSLoyn zvsA_O$j}XBxp2fWlyA=BZx;BB?e=SIj40Vh(XUExW^H{A@F|hp);*~As%i>2fT8AOs7KUfxZy{`44~>QKI2lyR$Ti=t?!_ zqXY%GjCwX0)0-i6Q*KA!Gx6-*G|(Lc6u%ry+q$oF&1EWwPc-=Qtx== z-mQj@6*ez6-=XiIXEf$@>3Nf1iz`E7rYb(0h4je#U#s5=mZ~!ElWV*Uo2#vP#kO7D zy=85#+O>1tfP8+do{~oR0z>!e^_9a#>P22ld6&j-4^z$vH8yi3$5W~KuyFI42Ud&>ITRVy{hAaUev+ay zgO5*YG4H`d`edu4iqiPImU~NzS8~}J8ioD(na*q^(NdUe`_Z-SJ7bLRefQsg6{Du{ zW0N6UdK>F6dW>#W$xWXC z&o8*`*>`G6pxsd*I0VX_(1Ha$IY&>BO=R(1qp!;C>f#8u# zbn!87Zrpvxu|Ostu6iooK(3{r0^&)A#KX5U z1-h`*qY%~6*PnW8JEQf(=h=x1LKAnC^S}D~OEL(_^{SXhJSraT7rv6n7bcIg2J5DxA^c{iZ|Ev>oW@H;Ghq?)%jY!^JhcgABfzruW!TS)lTBu$Kt?$I=3$} z>VngTQW=Hl%n@ON?7u)JgDn!q|M>~xkEQdkb-R#;48sLWa>0r1;RUqWFzNSC#XjGE z{~``QD<3ynUP*_Jz;iYG>KeR?CNBN+3uHU%YJS!pk-ebu>`Hnj$=Vrk~BV?Vo4pG2VZj zmY3C5p`l`wYg~=E11<^Z!JB{8 z{r~G8d2udSrLOIVm4TTVFuV${t%{6{2_RYsz2JI{5pn0zQgCKbR>0Ks=)Wdu_kaDm zOw`OG`cwGYIy!pHXCMC0J5CO*)Boi|R1Sd&ascDCBR|3LhvtCbd(3y*d~X*ID^fsD z7_JB44he9I#&NiWV31MlujwPZ{_8$%7oPj8dJ&EOV=)~GTtgsY=edJg(fnkOlNNVbBP`-R$dIUzU)8)k4HD6>x%YS@}+1Vok5TpkbuFzM4gBJ z>-v9|4u_xgw1{yY?{|<#P|y3an+odU-vm>4L{bEmfINb{A5{~87-(eb^8R^gveNh3 z+nyD$Ra4zZuRIgnt5c_X-rd$WH|JJv@8rAEULc#SQ+Vf4V?HQ%aN>bLvX+eZpU)-j z|3oJnWrm>{pcd5S-vR`NtqQQzA})<5i0z;}W)rIkDWi%vtA2=n!6a_9+LA5xxQLJ>TA_EqM*&a=;&hs2Tw0`}8Dcc- zJzQLt!9=2>qJsSsh6>@a_M1}5ZokR#U+mg5{!<_XFG^baA;91gUBTsNOgD z?(s+72WS~Bs$Eo6eo_;ap4k%|3VRRc{`1QunK_$sk`(0m!k_*Q?c_^R&j7mzBmh)3 zpb6nR4FSL9^ET#lhCw~n11FQ;eFwJ}W@%(<8&-COiu%$0=fRHONJ%BvLg>Y=Frc7o*lxPSqs7w9OtaF{BTt7)S&vY3_Lt8;;clU|rESNf^y!D_u)qb8 zh*k_~=|t^!D*LaMB>(s?+3P~m?FIitG>(^2lO9Kt{&wD3I`!|DOu@0>>ETC>iB$jo zoADd!cXzAjZbC7483h=v7xT=gNm8!T=l+Ieq%RrxF_r2JR`ESz2a* zd$p#r`=49M-1+jG>bWR0cte^B_5_|Ig^@Kv11Jki&*}bs)f5~WyF32-ebHrJwMy{+ z=b=+1FH!vW_f?+<{P$g_tNdRZN#m8t4u=1_g!WvL|B6|imS4U9c^!U}Lc}!jKhMaK znV3!fd*vjHQUCw;v0>lF=H~3fxdtw)|NAbHJ$nV}@G?B?_?}jvZUjjB|9XCIS)w6O zpEmp3QE>e8q%!~YR2R0so|~WLX}r5tIrTbLfqTu=NM811O;jWuyAM0($CRY5)MviZJE6tPWBYa2<&UxyTz*_QUHyNpnMNs@yG9SNEj6q? z`@+TH%Tu$la{t8VviVyxbG)VWZwaOvX!82iNEJ0VT7oA{w={#*({HN|sj((MJERs=dy15K{K) zp)P*AO_LZ#oyy-(_%gAwrtwUk`OS_IJWYcqHolfkcdwi8g44Rw($+bakSQj{0F%ue z(YQ2AJv!1Q8wDh03>R5K=;c~VVP(b?@MoEi{)+(B#*C8o1C2xLr_MVHDWA`4k31Y% zCqN~XkY*XqB@yz9hmz9A?Iu694Bbx}l7v{yz)6vB7m`ym`cVIZC+L5iNbQT=&j>Qe zsbR>h@3y`rNoi(EOZT$S*gGXYD-Y&s?)5w5AZwJNGZ)>d+V^?i)GfC$&$`rDyMQ*( zADNiGg16f|kM>wwjI^`y=pv8IBn{OE;l{vgrNf&MJyc(w-WM3@`IFAL`A&xyzK}k$ z$rRMo&y|PTha?5tV>#6s&6y6&$gubFd-oV=w~?GqwBT_H$O~s?kM(Nr6DF1UJXZp` z!jLU`Pp=6CN6;o(ykisPl1Q6uzq>hqy74;6^{S`vNKC0VANAtrGcVU1kpRJJ4}wD! zLTapXP+%1se+tZA)25d@`&?zB*yE}lqqMPAjEUBBGap}eOcjDYS+gKLXBW@uw_Z-ifGN=r%k0iINn0ttWg2^hPdI@P)+hK`!MJJbvJ;f;ooUn?tpcbg@^^yQCk z++d0_LqiO+6fpG{S_H6a9n2*l_*8kGnUgc-dW|~*wzT5l9UNEYk9LN$(^-4dTepH! zc%G{O7GX$L$IKCG8VpVPsLkjyXH;Zced`S5x)BY~lmP2C{=1Q{FQP9Wj_Hpum)(L# z>$^LB%=Gj^cZYSOra|6uU&(JWhuAW!GYz&?1U<`(NtUa)1;|a|K`o>_wYUnDTOnsD zJaX7U3>`)cC^s;O7ZM5MvJ{NvH>&tm@sV_36e0%knLgIIG~5jc-0><9O(KVY%4?SS zWMqRtaD%DU?c3NM_)Fwh?TcY%Jy08f&JY|LdX;`;csK&ht$bb<+B6gRcMlFGu~YCi zLaTx?1KNUQW%ZcZ26sFcjF(G?Ergr}(Io=&lV#|zl0n@7@u6)T40sS;LPBT)Yh~IC zR9@+W8AHWjVrF)v-tKqp5eiw@mZ5DRLnj#fIy2MC!J%Ww7QMUjYl%@&+`8QDGVSn^ zaK3l16vjp{(R>q^k`8~PSM9L;!lX)Q>Wz&DQLa2yJQ7^@dF0BjS^@L7#c65g?(XsI z6shX5=r`=$%Nfhb+lVIe0V=Z6J{2_$Y3VBP1pBl}kK8E7N;WoT$H=tf@mva}eb==PWUfNQYahTEyiKv5v27mOc)Kul0k!?b^ zg_x^Z@!m2tV56=2qE-6d;NI-4tf`5KAtIKHu?^sz&x%VuU-=^N8QgvFE|6Nvl>czu zL@9ukXiKcpKh)Rn_T6^mqiOz^FDmz|k(J=MyBCN5b$BYrM{Qz5^if>lX!;(Wpw z@-+=fBr&!VEzI<3mH(s(l8y!m1w z1mZKisbDt>|1Cp9c;^sJe4C~i5TDKjn8YC6s;H1uqX%{BrN;5pKtAPmG>nl+3n_yL zS%QKLycfM};s}t6QTvaNtMXsh4t<5O?v*RFG1XvEgAjn>q;G}pAGyRLL+6rk6e&s( zaS*OkDRCkZIF||b;U(vbI7l9)@L;4Bx*6!Prgu()77GjoCgnCDv%tc3uM8cR0u43w z#vr*A22xVf(qg1M-0~2>s92(b>kRNM)D`o*rmeQd=v{ z*g6<*$`b@93^gA5t4>c~c!9x};7cIxAl8BxO`H$}$Iv3zd2@?(l$Pjby2{X@@rTc= zs;VLm0mRf_Oqtv-%u6csTgf8s4lq;r#x;(l@POjcGwtNdjs=qo;m&iFrOvioov6qL z)9wXjbKQ5ye)IFy=|~BBO?L5(Be>lk;A8`Nc1gWMpt}J$6{ltTn~I8x7cYnw zw=IkU0bplhoCZ&jy(o+7@YC`aJeeTjpbFzs$n3Ow)jnZg42OTHpk8-cDTHIpAS&kV zw}C4>4h@AZH=bna?-FapgJE0^ARC8*1@72w2oznsSp<9+ahE6T6ft4bPWNE9AtO@_ znw(7FDqNT0zyqgF3n46OU-pj9&fEQEJ>A{ir7#1)3csM{pxuIDO$47DEu+RjmXTY6wt|U!9K%gvnn4&jd9dey%6u|<^ALqpKGDe?6>$tkQ zN+cuwi028yqXsYr_6#E_CK9_)pwXUzA-fX}CExj+N+r-pzvmii)&t=Rn)xt>!|Qt6 z11AV-vRWK2slq1VT+k~MTQGt7DmD%lS&rk8MNn6V3j3mr0{fgbYRS+^UfyVbt^0WetwWoG?)q& zTkEqQvS(q$k;ud}-ftXW0_+G)@FA-qjDoVq+#P6Uj)68&ZuLYN4vQDt9iWy19<IXmdYG_7>$Q9y2@2%TL8^c-+H*hkXILh`9hy^*fl~Xh2~D93rcG3WUsM%!oj2Jb~g&T)Ygoi?N;0p+8xw zSOUl>UfQ>b0Wn1X(dQU!F-_>cV+vqarXt1rfE|RXs((QrFcpmbaQzq`-yvpZ5MhY} zetK!6Qf$&3%to1wX zFVcU&i?MwfUJ;kS0XG|P7LG?+0mTHx3`ZfHG?3rT{Q3oIfPX6y)Vg#jP%j$?2PR}| zWOZI;)})Jo0Q_u#2}l_LlA*W<+Hw{X62bM+(fMd+03Z$2BlLeEYU{9a1aA-o>?AQ~ zDZva^d;)-2w{q6iJ8yfi*mR;G#<*i{p2kjrZG;ej{{myx%YFxH4S~=JXH2MV+{!(X zHG<*69WjCBjYEON|MJ|-{k*-TGOyZ!ZYUhaa!^&JlcB>|30fK!6y&9taSTKc5d^;% zki+0ja;ZOG0&Q{e(TyMSe?8sv6a@efNmU;D-1j?=ARFbwaR6Eq#)v3p*r5sGP;7uD z2`EKE!UOzIE(I-3O<@rcph__QhdKA#9t>Lo6C0_KiVE57FPMrhBm{#m@A?+d(G2;c z^|Hy%e|*7!&m)clw!pN=4zq-@^8K8%&(3*mmML+AXa_+_u3k3LOOTlv<3`ZUVDA7A z3*6zSCNc0Sho9Ek>Z%IkOqE?PKrMxEyc*1^vK3{)o#SRP%ms%6-0Vt9ptt$@KMt3m z!Q$rN<%hNA+wc0-XYiIIq%p|Mo;{m#5OYnyzI`4OgYn@AAYjE1$w(hQAfh6;WBX!Z z;7w5abAnJKDcOIg5DTuPva%8~wd6on-y~U=1o`R0?|9H+V7%z9(UX$!KZAD6RXhXP zI~uZh(NJ@<%WJtg!E*&kl#fXa4pkh9PaFUm0_8%Ulxiy*&UO2YK6vRA?rk4_*%w3L z2oGLueSM6zw=KQ+l%2xYU|#~JjU=*Rs)7(Ratfj!UE)>xP6#%>eanOmp}jrqmN6Ze zNJ@aTBU|gl1`Cy}OULDQO7Sz`)uB69Jw}|SN*C4g%?jTapTuba0D?1^HsaV+{eQxsf@XcyLkvr z-}M5TQ*AwMHb^VxHdnGgFV=h2{FnxDqQh$ObhG%r0|#Iq_bf7!I4|w&bC8l%L~kK| z!;T%mcp2P2#ORfO9@}6lQD=8Ipv9_U_~BwEHBpcNJIGfBa<|SLtQ7!-8NCSN7g`z^ z2le+o+3tH=n;Y1$MBlE&L?h(YSFcEp=<$&E{)lWB~ARxMLS?{bAc0au6dY zCx;^SO|b#ymfEk$g#VnK6%hT1pF9J2rl2Vbu z8?-sPJ3FCu?<}{S{lt3cP&R%?P7WI@s}rqSG-o#Ws~s5H8@3O&0$p90cs_Z`PL;m1 zt&NjH7SnFf54`vSV_O0C!!ybJ?Sb&iP7V&U;%so^v>lR-RNQ~)(DP@{8tn|UwHcLe zYGn!Y^WOm_AEeok6H4tzDCN{(#sDusBs8eWp)-R8 z8cId~j~giEz*v3DTZ(Qy(jznp33?KSMew$r#R7%g0oSCLjqKVG#y9K~*mdH~&zeRP z5?Iyf!E{fG$3f{6y@1MZiEDRe5Kj<3#lAS6{Q=e^B0Pxt_{Ek&%&^M^W8cRprqzOr zA|*Rp84lOG8R5i&XONql3&)&rF4#jFuQ!>)*1uGUp8Xn9ee6NY*J#$!Q|^>gL*~Lw z0ju~GRHBNhf*{F49!virDvE(AzPeh5i6^6JQ2T3duXx{2P%l6%eyx>NKQSoE&%se$ zU;ipEuN6~ixW9XIHN1OwrnK+(*qAmbnp0C*omNnEdAPfah8#R_Alb5{yu5G10r?xh zZvKUAE!fw<&oG?JQh-U?EARU>#%sZu8zRQ5B{E>V+Zo^?DJcaDY2mW^!LXvd$j-&Z z1)DJtr50Cl+#+>1s-RjTG?`;IEF&ogaAH^>;^Ck^xcZlw1_d=%Ld!8PuPve_v#+rb zvod!??a=tIUq40f;JCw&B6#6dgV#tZgVpC^1b75az%fmuP-WQ;A_+$<{1@5axPU-Q zef?3yNPd3IxTe^FTwA=k8TBvzF@B4vC=-JbetqM}_S2ol0@A7iI$Jb>7-mrvy1zh~ zUJeA-Ed}8H(g*jGa)3SwR-Zcw((dGRyz*yF;7~x%mfdPmpf`<-%uF!0)xx3Ktvde} z<`Pv^Z7cgJpSatX4rw4Ot0Y{e1_naU9Q9>)=1t*&QtD-Ds?S}jud$>uEkY2AoSh9o zM8{G@m4w06HRy!Byrs+AI45poXy^fM10a@Tj>A|4IOeOWyoFxTQd6TQ^VWgkFyyTN zvS7}2zCj#-B#2+?0-+p{s*ciP3PZn*(4Uc01AQ6$dIyO$44?}OquC!Is6jRg+Qipe zXXKxm<>{=ht#Rnr;P-iXNnP0EId*Qqb#rCR#P_~A3T!N6P?Yh7+dpP<;&sx(;v#4e z_zsxB_&vBpd2%vk|1W27);@h252G*?{K=~BN6aIpma2SxFr(1#0_$LEvmMLwhw4UH zzxcIU1mmoH@W6Y=Px}?j1+lWWMxIX8B|mvG3m>mfruh@$|A(|UkIJ!q`@S_ul1f5S zgrpQgl0+p@$xxRNT`GmQXz>3Nsv`Vy zzt^&^YoR*N^Ei%u-?#0%eFr;RTJmR!r41&Qih~E^aFXn4pfiWRn3%IPPbiqZR173Y+sTc~C=`GUm#HXmtn-e~LaeHF_tzT#XFHNv#m zPg&GRpw->9X_Ed5n`5u)1)|1<7hj1QNlHtj>ckErZ<JBb?Eq06UXq=e#pVXu=rPf^GM@CVz;lv31vQC8MFutfU~62lWG6s?8G z;-&DIqHw6{Wlde(=vqtRxmal_{?OglEoUhwA}mbHo7+?D_AM0yCDUvYvAp9DQTU7K zhW3$?!n`Y78Bmy(Y-Y$qx9F@qV^}9N|;_Jr$Fzl5>VgCGM=ZZ!QMT z1a?9N`^E_+2-v}xG3Lh)kIL&Ye+S$jaiONXxiX^Bs~87U!*cTa=jd6=J#(I9BqI@c zui9hp-Q*&dv)9Yqbu8uR=}u+)DF*}x+Y_&VAFIk^Rtw`jnm7z82qYAH9$HYVhqqV3 zHEt4j^1J*9Q_GhX6+`iRR#fDu7`?mavDsMX;1LA7+sdl=YwOZ|3G(vty3n%7wb(an zB-%Qg)EPz{{{8zpMyK9{^_{fz;+#2i9Nj58v07r5Y4o*qMkbB7jNw{r8|NoksEXL9 zsK<&L4;nmJz3&Q^*UZy+o%;QBx|v+}G$!KsafxGh=shBnpPX`wtE0+di#;_PsUIT2 z3|oFURUb2Kc00=9H{p!l))hx4&t)zuFG=FZ877g(6S+osuF{B}*d12~|3)pOrAvm7 zHEdWsM(nl5iLx@$Ro}CChwu#uFQz5(jsxBp7uDyo+nFNq;pgw4HTzn0mI{P}BE~`o zXPHO0v75KNX^tBx<(Ok+PMYkyYgKMh72_O6WhW+b1Ot2-eM}V9FJqCjm*u2PqS-8t=yrmrR4#gf_?$wLS|hY*wi1g9OGlKGXF@jrKOeCHDuTET|bhn z=9&s16d;FFSVe!YrSaxIh#D=F`}t^Om?GFRIuG=$km6Bvl7SYI>p&S6_;YM(4?)rv zw0x?hI|N7}7)oBehdhYxR)g-=LZ7ZldU`uJj3fd-l&y^i6bN__M-`R=oGzD{dj&F0(A3=g2GZev{GFZ-zjPl&xs2)B5!O2}-kYDBKz5w#F@*r8YdhTnHIKQs8L z`mr^T;3~??=ay`yqa~^AGg{U4D`K8Ght?QI_$%K1-^qQLQDVP}`{^mOcpd$2%exgFEGl4HwtT+k0{QUW^wzezh&bA}Iu% zjX@}66iP~pC$?f`!OH#^k|>?Ilms~1e|>R@tH11pT*)zH@2J1ZC!=sWShnfF5-LXfb<+a54Hzk=yl!p@}1xX}bo!b{4 z$k8Y(-(FVhHP6E0g?3-B;XUs4l55(mw{yo1{3>}*CMJOewX5Wv(RETcevb%LE9RaFLFK?vH*mv+CV}gV^VPCg)&}rtH2hCd1)a!*d8Uc4Ld1e{P z-12@VmPsW>4hq)l;Zm-^{fVxWH%2mFw@wqCYku@et=G1snQbrjs`nk6R`yiOf>tiq z!9(w)SEjzYx+_ieBImurQw;eY*PHk>cQkod^__L(BSHp4BP!x&g@wI@iq04wcrYRa zQ{Kp5)&bo!NB9Ief(iD%abDu_YD-(6tv7=7N&6)~wZ3biCZ znlGSHnmcz>_Il)IQ$t(Z+JZIPJx1kxSJ8AS(O#cn3xnO^swa^5HveVlNv5c; z<7QpO(sxn)LGiZ+*8L{nEKlM-7m$QMp}7jqX)$%bsl^|CmD<#|y-$hu3M|hX?7NRE zi)-mP7>C(+ei%fgmyYHhNhv8mg%_2Tm9Jl`M$sY{(A#1;1N?)xH(D$`^l*4;=| zyGgcb{U%GfC1YM488sKw7$kGwD!taUO=PAyc!snKfr^768>--P~725KPfg81g>w#frq! zu7B*i|13kh%O0?F>ALhvc2`*{?OJu!8rw>oQVOmK%AdvJbSWEef16G0Mu+r+$BTOwTP6L-eCZHZcdk_I zcw%r+&`O`bTaKDzx_^DzcKaTn|4xXaFTR3I$?1T%8hPQ;U$e!0bz0m5=8@cV8z?R( zZxnnNpxd=TtTbrm=SGN+P*M3v-W*m{RSp8DMhtSO66a>1kr18PLJ!4zot{+UsuMeW z)acv4kfQvR8Lv9ODKrW^nU;*|BhgAmSQ;B|sM)X;{!7$-`wmGaS+2c%) zylnUh{ONB#{P9dQL!T8Y#zz!?on7(+B@s?N;(o+HssB(|X(Jv!D;nWy}A;mw`im-0>TjUIZ8uJ39|y=c5q z{p|&%QDro5J&is$G_aDB)ZEzOkc>MxI50*i4piA9dSO%HO_jewjZD5UCCv0PQ59su zqU5_l66?>O)7z{3fqaIR4tOUuRK4!3hEZpmyONB>S}pmU^-q>di8wAkQ)IfbrKzU( z5;-hXG>?HDy5`N>W_%f#0TeE=9z(V8WAJGqX)PWz;NAF^aZcQFtxZl&_g%EP1@E}= zO&u$9W0>+e+vrT5eDuWAom+?nXUKHayywwdNlPchSWs&yo5_9`^V_hJR*absUP(;F zK>xje464}YG;y%nHV*Ezsqe-8ly3}c(MRP_L$n9paPeL3`36B5R$7vDG-KA>h)kRx zS68{CflJ2_p^Hd*TI;3DmKps0Q9=pD(BpYwp?$gw#9$k`SdLPb&m&=KZ^pEIsv9>3 zU2oVDpJaMO)W^wB`CZLb!!5;b8Oonc4@)rQp&l~mC@a)fcn15^=X*rFu3{)7B?IPm zbQ)p$-yeZN5CeZwpqiiIy>RrYbS9v=vp2EQOSAtrZiK-B3ci-10%tELees5|Fh}9d zt-S6YQ|7+s>(zXAH6Fn1uAf(8EfRx*#Ez};=_s!R9=Pu`@vq?1PInZzLp>7;R-4;0 zF|JAe&4Zp+hAZo~p9~r@AhpZKNK%kVB1q2$Ppa&wXsa@QJgxo@Tk@4s1Asa?6Q(1* zk0r%Hhy}Fa?K3YX$)x}5yp*L4{TJv@*wh5nLD;ysn>t!AoRtONfmvudEy&RY2tqt$6spa?bYEfgKv- z+8^a?>}k{^kY#z#In7LXsiEOst7L#^?Rj}Sm2S=lSTa^qENm@)?M%I3H!k*>j=ug= zPdl~^_r-ILIPv9x&e9%&o-*32dD1pzsc#_X^OGilVS`g?O)ygXu%+;Way(N4cn<9J zef$T>2I)!b`e*&jKL*spO%DY#ZKRw!T5%+#w}V&%`_mfP5|+jg0kYzArj zIJxlo^Pto@?GhiBP{^8Xraa_PR#)GjaGudWiW5KyI0y@3-al5-8h5(3YTi;?+b6BN zR<4Z85;^%Y4yeyRw}-1?QtV$xtrg=2xj(C4S<2YCdX-30Dj7rSeS~Vx-n{w7MVrlq zsAKUFqHCK9CJQZ7Hj)uoTqPvTvb=QViUIaoxei(ihZuw~nt0)DDMvD%@%*NXT5DYO z3;j=@D{U~+V6G?d;fjvdl9xpBf^7K3?$8=`F=wA?bp23;vB=bV%EUvZuc>h7QNV%C z>iXv&_mz0%_LINWzdSu8f#CCf{wzq^rsDMoN=G$o0Z-u=`$$wWvlyPG`$W*0;{=0$ zjr-dM62wi@)U>!#I(N9ZsL|esUy8Im>ivSH&wdsj^c;-j%`e9%Dnp73`S2=ljim)s zZfnyc(A5J@`cVj=Nsy?Z5;Efr&rd4Z{k`YUDy)|vSOc}qKI7@(At*IUOSgG=q$VZJ zIcGIWMI|ySs`TZ{7JVPAHMJH}0`QA7;^6GnG~V~e?3nU!XJGN}ewKe;RC_>ZCOjBF)=n218?4_WrpNUsB&w(+G{Q~F5t+41LdiXBG!AcNO@0Y;VU<^xMD(misvvT zF$}MQe_`Fi;&65$$ZQbSV z?M~U;9)(uW0$%V`&j?E~+V~A3S_G16Q9y z{ZlCqum-%XLrpoamXdr0;q0t^NHwUk{!A^lASmk}dk# zE=41}&4QNJ*45!m%9zM^>SR4Vi7#PJKkU*v*|M=&NY#g!^JB+ud;9nz7aCw5`zj^q zOvC54xhoWEag_v_ayG|$UiC5`D`viQ%+ZRT#o7XIFQBc6$4f8U)t~k;x^)qsNRaxx zyW^T_=iUiAL7JRp@wKH`2-w>Xb04I&_POH5k;OwiCmOrKVd7$Vd6_(Ho%r8e059wj z@;x0Y%=$%&8l6A^o^W2^UmB_SV?I`rX~M^`5-qBK1;r zUNC+E%H>n;8<`$|utmd0dBv#Fqvx(BwV;Sy1KL7KNeTab`__D3Q>bX4okL%3uZ-57 zH-5z}xk!Z!TY&!Me3Z({D@87nV*ZgK8`u)r$|~|E)^3@stLy#oQ9nyL*g?ZZqPE%R zIJ9~cMw!EZ!6}q^o4}>#qioaUBP!eRoZ{Gl8bx8>w)6G-(x=Sb7!My=M@;cY*h-vj z)AaNhkX9R8FNRAXW8w)nYf`Y%-lnaj)cX1g-C2p_oP=7ynli{zS?@Ve1XjeWiXVrr zvGI_Myw}IjG5-5sA)1QkjHut3zp3_Ms?K==-V~wITY7z%KW(GJA^k!OG@uc+F(((< z)zsWPKBa~6Bt9EPA{fsX7H*`}=>A*T{l2JZg03zTTCz7pW9L4&w^@2qNLK#z>VY10 z{g#aG*>0@jz|H#n`TUQFdOeMh5g+fsg|pgVld^Qkz=4!0A1@nbcI+~XyO*H$=l5@_ z>-Ch=bkn+0td&lRw#_umQ zLLHWfrw2k%3Lc-X)_7#c!Wv&rH5O^(Jn{9ewrEz%(`%EeLdT7r?x{Fv=+Mh0_3Wwa zq|6_78V*x=>=(YcJzVAS{{6j^^>hPMS8Kl+ma6d#AlUpID>dxhvUUJ@^K-W#^`&1} zVDTq1Gh4T}U(4HdnEqvLqjU^^(6{HmEi*?|EB2Y*$@v#w0ZINF(R^kc0Jy^elru2> zzIK>-%MHq!u79jKbNaCPNsP3xH~J_U_PWeqi_tvBsNcMMC90X5+wFc|=+o);Uqnl*o2rAf#HdOf-mu<6VxPR*ScsQrv)lxSx!I2LT6UMnOA@N zX~oI_hbg8%m0hhmHRA}p&g0ra$w_6+C`TDqlBn(;#~iMnu$E{P#4sX`WDo3 zQZL6-HS#^q$+LTE9#7ZYWPfbU*ntOLxgC|g2C2bvToeUof6>z=_3}Z< z5Kz_B_PR)2d?j&A=8`Q0=7`7G>J`~vE6_w~JFxdo*f#=F@eo0cPPx<0MEF?EvUg!(EGf8!%( zr~|N(Zt4|ZV64kofsqT^$^-3T|K+U`#C`>X1YZVX|fSnmC%(D z0IjpV>R=@>fz>;?fdjC(PNt^!wZsma@XH!!iq!f>GRxFe)Y=?wyNAZz+glg(*ef(= z#(s~j`p?yM6LSys(8%*sJ{TGbba?Y})vxj6#tj`dtdKkR^y!KDcl<6YJinCx87x|9 z#;)i!W$0uDOw#kqRLqDhO~}exex($!)LS#j|DlRSlY=)_4;<(_n=L^P=Yp_~{(uB7^$fSp&tA>b8&t5s(EbOZh%x=-Koic-O6Agwyezgf}i<;B=38Y|X%RCfQ3PEhvW zjjab9w~ibU=~T^&(W1XZ#$nmj*f?F_t9ykwI0i>RK2JnXRMhqt_2lZ}VoAotqu36D z(OUJfq5E{T5{?4wf$`%D9kdh;_SnI}kqg0O2`-6C##`W&sDcdlvWcU{Q}S64Wt&NXEvE&8{w zDw~n4Ah&gQut5A(*VD$JWFWw+s-DyLaOp7tY0!Fl7cO2Lo=!J|M`cn%g7D%=fioE?6jfA6B?~dAQn3kE77wj~ zcS||3?b0m^Rez^=Y8D2xdyT?xEjZ%j;h|+>$)-rHFVoLv$&yhatEd2o+szw`)BnWN?@J z0|Eid#_-K*X3DxBwvX3F6Qrc{taTUmcP%Zc!~v>Z;3=rN84w_vN(6OY^;-rgUYYM| zy?jM1p&hqvxeTnL_Z~vdqDB4PwXw?mb!W=D$Xn?yX)dWNJid08qFr3Y1 z5h|G!1UD}a=ZpRmO*Ckta?RvN22JQEY4gjwvCuNaOa2}NB2*^Ef zSR+d=pB)me^1F`JgSTmdn!=%nm4BPIg-!ou4fdj`1NnxE_lOGfjsKb!Q{3tA0jE9Z zzQ5@K(~ma~3Y{iS$D5ib8|?r#uUGE=xnQAs0Jg(|sN}_C1VcgC2bOXeA(m7Kjzxz- z{Z>t^UAJ~^Qe^J?J4tw#3_NfS$pSqBJ>9CSo!`QI0#4mnr#kbT+7||Ts0@n7@A-B> zU|-wEeZBtsF-4nm4q_5`gVEi^SCC!ypev|Y{4?aHk+i0zT=(~=Y<4>s-U1tYb{V$@ z`fOz0JcrCQt(PqMiHH1+j11cJ-Sp&&`F}spF%TZTsV%`UuT{;5^9zb24pKVul1z0| z`#8eWh^)Rux!RH=!k*j>yZ8;9!lf74n#PLX10xhV;)dVv0yb3vP${^C2<|a~Te)P( zfT2V0;xw?ad0ku`w7w4J1n91Ju^mjC)&U2DVdVSU+c&LRHNr?n%wLe_MSaPo9F*N2 z=%fXG1H@h*XnM-yby5^F$4q1bpnYxGy7hW``Yu`m4lzztVmP)2#=?;`H5E6KVJGLn zH=x~Ojh-K^6FYX~$h^|hWnAA{FXSA&2R2@MqDL(g_4K|B9aXn7Ie*o|$e~s(r?azt zAn{^1hX^&-0d@(81q_jUpTYd0;y`4DEzJ5}ccYxrdDN7F#}hI7xd=GNwVob)M*I8Fr{0XtY%*Pb&)0QRsrwT!o&U4Z5ti-MOg zUZmo{vd`yheSJSsOy?Gji`r@72$L#y$`u?j+;s#{3K$H>f^*tbH8t_;yU)7nVNM5i zlLyA9yQ32SQ-~(wex?={l70HLdW;f#?8;aeh?&Q1-9K3sbV5YnPEO)}Rh#v=T0ELq z!MnOnke6&4%cSDu{G?3=+gK5Wg;%n(D>vNm?_$ymIi^RZEcW*!w#*UeK6cYk`<{^~ zxaQ$#dd_HE3(-#kQUGHIhRDF4s%8RfSFRx-5U{%5$;%fn7Es=q4mv+}%a$$3TL28P z#Suuo${W!=RE1AwB1DD(RCGF>eIr}smwQf3^1V@*@$poz4}BCLx9YbKFrQZWOm?9d z8EFy;)fAWK6dZqg<8=cgf}sd42G4J3SXi({I^}X9 zGIrG>>T4@rA_NUoggAe(=A-mh&Fryf{QMh=&XZYAw!5(7;t!Ma9Gbr*_)c zp(Nwe@e3@R(fI&Tp_N03UJ?Ja(bMzWqetR-THK@N+pVD;+wDR0#dg6YAMWy^vC z1AQ$aSHA+vVe(Z{a;CJQ`pyVC;#&)3M88TxqGo^?@Xb6)_SZ2q5!AeePoBV;4&U|) zeWb33p`Pr=RDh%%?RU*AV~V%*wAH^oC)fF8TGl1D$qfr~atQHCzI-{TwwUT{r?`~W zF9wG3JH8|jTInrVA*@nLwA9C%XAS(e_;Gd|HHQ#6fj3D7M-c;ggd`U^yB)**FU%RD z8@il_Uqo6z6g)!L-!NSbx!kCY-5zW39QQMwfNo>Pu~l@ zuiHL@ri?%XJc^mx!iNbisZTF+XL_TvTxN&#w157=e3+^oyV53y59vER;F-GPgTlX? zA|8t-C&Eu_Yh~C8rEk2ty6=(<8e)Mir(#BHs#NoaN^w6KdHMDa2gY|bZuFT(>{+gZ zvKgQLs6b4{Igu23f+MLDO~l{Y@jg@WVK$P%wIQqWFL5`+6&WQmAWkT9!L|A-@{1!X zs003KNBbO&e!0-6Evu4*d%=mAS|YG*$^MzL(X978$J6fM!VV6Ge@?&O5RcO7KYGq6 zXs!@Z{0E77Yau(~5rS=(^AexN`&v&KQ8{WD2003B@HcH5ez4(kRud_jzRHtB5lsa@{!PY8naN)LrntJ%s;W7At;vB0G|jqoi#pNl z2qqDB5PRobQk*b&?Z@iN!moqE!WMw60R=n003t0eDM^xCG04Odk~OW`SGZelZo-2E zPp;p7vH42`U>-k@IVr!y{V4q(J$Z8c`B(nW=IY|=iYP|n;952nhE|aa6r5+9{`y$t z6&B>0LAuBbC`FWb0uJ%mQCrGfv~LZQ^zl&4*OHu9GPK|F)J4+sN|e9t9flwXRu8YW z&DFJ@f{M~S}{L&Lm0S-gKF}tFVH7RJ>Oy7SbV3( zat~9pJT247g{)hTs^VE&U!z^GN^|rj6 zZ{BCNT4~(aFjJ?b67^B$cpq)JF*o**Y{a+Be=N+91m%~OGNP!7sX~$27$+KdY(b9X zr`+%Sxhq!|pfbBZcwa=UrRlQd&CZ-69U)V02YCPJvr;!;yNv0Vx1cpWZ-PTLJ#zi&IZ!MTNZ#P;6uC_zJQPdgh>^p4nt^K%jzDz(# z{cT`2X6laL$h)b{H|UyhUQx4P2D4BOBpHMG7SBgk`M?oZ7O!l7I0fbwBaCdLnZ1E{ z*m4Hq#w_glsC4+$dj}%w!<0`W`{{ahWzWyo%QvF@@~iz+Q_~7wHrD3aN4;al4y%~t zN4VdM4Ov^!H#%%>_fGn)lLohGv847E!HC!%2k)p#vUYu*kzVh%^rb!8U5&4e335!g zO__5|TKbe;YO90&OxKK%=-VFK{*~oP=q;u)SHV z%=Vnt+c!oWKz!R;e2CVQw)pH|uR)=Sn?A#h}^fLTH z(7jw}m=VzH+g9ETlhjq;*=KpxK1ZEcBQd|c#FANO@4ji=nrSCBRY`xok4VX-4<)z4WD?J&gj{i zrF}452F!ynYlgs%lEhe+CYhhJ8gtZY+PTp1MeB7%M%$iHE!Ue6vt)(dZp{Mpx!9-R zzGog&>MWhU>DFQ2p}Fl@cH@B0JWnn z9NyNUD{e^8xSz;p$$Ckn?ImzZe`eRqEEA$+H#kF+Cxo(qFzl&{xxKLXY0xA8Ey4juvpxJ0ul{9)k#@%*)FB0 z@3La2XBuC4!6bO1WGkW`qr084mi<~X!6FO6*LaYY)G6eP%AsR>-cD;W2DLy%2e8a3fiAKQR6Z6*+{?LBu{lO5GyN?>a9MAVr zFFmR(4&cC;m>raghVyx-8Y1SdXV%+SLIM!#mf7V>dp%Y%)i7K8$tfF$etOfj zO2&lXJ1sou02K8LEB8bVoK*n9AA4lX+hnf@KH?R{e|~)%%dgM7QtFd&|IBjV@#6x} z_u+0b%P&DK_8GRvGf&?f+gJA=g~NT`-!(UCrG$?}F_iQXTDj4F;L?i&zPG)v&z?}oD!Qy;<4*|s6@X`d-a)hDS9x9{=4b|y_~Ga~j*Zk+Mr-{(=D za_sF z?VdWh{+RQzA$tmM-l3wPPJNNoA{?pl~iGwTpo>G%Ip5Lnf z&hwwYiKUzoSx4{0YMO=2j=Wf7By;zj?Tn~nrfc0kiBzROe{pcIl%X>Au3k3L`5+4;~CxNoEA5@a&ljj&cAtF4|Ud=U%x% zbc_t%pWrevM%?d(TZUGCRunTF6lnRLko)NZYW6aX1%C;xpDEIj54#5 z2|#8LT4Q|-`eKN5>r1CMAc!V5UtBhcH5irR?Li($lA>%70RrVN=!9uteMJ2pz6LXSKATQ)0dbyesa9*lFx`9Y(O8 ziZ?eH`3~*1FG5Rl5Su9p2kFqHe* z@%{cGSKH&l_V0I;r`Vx98?U2tY)u(mI(v|ejPmx#U4h}37c^hNsXQdauYCKHAwIvr zqU+s;i<5UI*Yvr5Xq1XsP+(yF&mBip*2+6VlpL(U8w3(tdwJCG;l9y#(@;$8efmz) zN#})jBbXcr zmNHJ}RnLV}UjJ=gCzd!|{6pV7EsAge5Re{r#A<^!X838TyYLu6AOY-(l~Uqf0Ew`hJ6DM?{> z8WS%@MnC-_IplyvjKM#nD!~>m_?Q2}Eobq@4ZZ)%b?blrHc>>tXZW8#0x3RRlyfiA>i>9SUw;d~#OY9Q zA^+$1$ECPwWxsNJkpB7q_*$s`Mfv%4iA$^19Xu6-|IY(%;#{r&oX7w9IhiH7E5rql zkLYiouXom3FD`8p+mX1;;rs|?@qHmHQV%4!Xuiq1I^^h^QL=}|x{VmKH8-fIjESL1 zNJxUPPDsxImbaAeJkQYztl!iW{PW|xO>6h|FhA1KQP`22Kls;)TLo{Mca+-deLm$c z^`HN=#0Q1u6dUzY+Wg}G`cJh%UnSpj|MP|a`z@#Pd=&JA=l*|ui&1d5w)RDtE)BzO zVPC_&KFfb=+_V4uS>xsZ^`rm&vAXhJ_5ues3w}oxymFg-*wlT^l3BvOJsRm7PR<`K zyTxka|NCw68uK~}ZcB$GkcW+5$>K5p>=b*83V&*U%t2m?*W|x9yZ=Hs81D8tLNhuBon0vIl>gp1xQ`cFTR6n|2$vZ=dR? zjL!nh$i|`KtFGR}nrh6^J*5{re8>&5Ub>VCH`*5lQVZ3-?n}cafhJz<=o5}C-1hd* zD(<(osM@}lE4udX5B0dmnX1gRjKn}R#v*)CQJ0kUkP(N~A|AhVn|yM9X;0ZM=`%ll z&nfMe;UZW2^dNQ}z985(x4+-i?hF+lo*2M(Zv z7bJIFxNz;pjplu>bChMiR%UnO3=^R`j}aEqzw?N`VU@K_p9`}Ah)R%oMaD2}40sHl z_@GllWUb*f*Q_~54sb+%b?a}4BE%-?Oqz6Nq1v;PnEQ0WHF7WnN@_@Kkm?zhU-0OW zn!389;P$5}&A~gGK?FG)3|YqB9*+VrHkJhQH;KMMCxsPHJjpg3aX5WJK!OYXd!Oko z8wrHONDW;z*N1xNp*@w;_wGJN%}rFhJNijB8iO%0$KZ`mRg^k3yJW+ur58ymBX^Rh z8&Ij^`ul8C$l1YW_if*tNr$Fu1kUtT7Vm1Tib}twUIl>qS4nmH7Va*IhtA zP)d|ccWd{)t!n+PvGfwo8uDCMFhnkRpTvT#e z(^tQ_eh|&xU-EEiVwom`+VHpv@*(af<(#>7>kmH)Vl1vRo|`v+z1e^Ae&AnZrHGL4 z2*`PP#^AnnJdtqktbj7c>?FwuWvI7UcbIh|55pOL_g8q z($bZLOE8?_;|B-#3Yg_l+>8z*N{J|S|U+~3aMo0!v(hwOMg^05;*OiXgl)`0in>#YK%U{5c+5 zOJ#v6DYZ%La&xTL43(=qbSqDuZ8zA*8^<#ZHAG!)E!zu*ujyUbts0FujKUQT^q8X( zP5pQIGk=3ukI`CD{SUI94-K7uJlA1Y^E5+wNioc>51Yyu71nx{=NqL60mp-ZW%(EiaJBoj2%3Yi@Uu#`)_hH1`z_~Z3cLJSra;TA zP^!ddC#RL>=g+Cp6r^AOu8UWflTb7I=#`n4wu#Z^b)i@=0#*g%3Y-OAKhfAIE1-T@ ziTR(ta)rXJvfqJ`$Q#Vh%^GnST78VgVblB0Y2`b@;Zw8a9;)jcCVFW0#Vc3Vrj<#G z87D7hjI%jl1qCw)5jFrenoCixBWm2=QIw;T+6dX%J={o82F%U89R*K z9s#A`U1I*cbta#aC3_DIyTJ$yOLmaDi7`(dwD1Mc zAwG83kgL|6`c~cE4!AiIm{QWB#@l z8eFl@4o!gNg@ctn5ye;DYfhY4TwYEUK3g^7YS~w$_%|M3aCLFP1$%{;7dF@|k+;yD zU|GCLZ0Nkvk}`6ztYt<`aI|6&t96B&{D5p^b-!iTkkwqkWxO z4Yvajw%cr*z)+46Z_d-brhOR<%kGC~(=|c3fo+vdNx;PV{#{lgFqpg;kE*@r&ed{t zZMO#yt;S+1ssACca+TMrf=oe!O%zM^)<%Wbv(@A(vbGfxl$*0xNKn|7c)oC9cKz@t zaRukBavO%s*rj{dh;15&xl=~|=NG$m*yZ!``ub!_>}G&Wb;rLlKqUg!`liQl?Y)2N z(07wSxloRHRlEdiyfRbH&V|{}W5G^sevX+TrH!IgKI`J@Rm8?DP>e3vJ}@@pq{V-H z-j++gky3}x7kIi~Yey+zOe_TIE0nUe}!ny8zrs?a~ zr**BoyH-9$bC%*N~wCSUz*`oCF{Tpdpk-aY@sS; zt?>$>OvG^i%f15veMAlf<~oF%o|W36;9#&YdGWr6;?y_9q#q@zl5rJR0-nF3zIRJo zrO%DDv<5cZ*Pl2W1xA;+Wg%O`%#B0rO~$%qw>LL!ELD=-@3dx324;_1PjhZ>Y&Zmm z;NgP@>j}cGjZzMe3EwF>-MLx;gNdrqGkD37kUI?->PBd!(FPF%dscZ znsAYbKMe*(4EoEGLn>v}@V8n`YS5FpmEAyOWJMbjXx( zcn>Hm@6B~UH`IGwD`&#Fvu8LQ{qs35~=p-Kf zh(0GZ6*JT8TZ%h4TVNAh$A(lQ(2G=S4(NDYPvMOZ#6(5y=vLmQyAmIOFNz>;!O*Zr z-1oU=W(d>^Ni$|n?^Rzs3W$>9fkXeM(zX;4L)D0W;sG#}tZi&Ee%?T3!d%a@5VGQ- zgB!7aNM3xwDp@7s@z@{uF5A#lS|uYlitSVED&){f42964HS{t4mXCa60%LHbctTQA zDID5EgIzgAsQVMGl8Ga5o!I=4g@!hmUF_tE6EdRYH9h00r;pIWdhim~c#rr3K>%No zMx~OdaPET#YfvA%>+GbeCvT7qkpDs_Y)o}jo-BE2cG`^_8}lEqS@Jp}a@Ks6z$%S0 zpV*$a!;Q~hzC2J|l#9JS;blKjSQ(@R^RO#_9d>Kv*OB*u3zz9rd%q%FEsx>9!hs=F20KF#&@W&Du?o||cX zdLcHepLrb`&YyReD;&~sdwHJ6BQKx6XCwBZQ>F|m_uZ8Fj>nADV$#2ln4jA~Bs5%> z9qfjwj(MqzG;ymzyhPOf)IU8;EQ$4{!5MgSKO7nylT7B!5iFeAb>qg5C%JQ;)D)u4 zsj2>TfutV99{BNlVEE&Y6bQL05FMzbVzoyajdnre>fo@@((-imAUfhxN7vPAuCTQQ zPyySR{HYvO)KzPXGet1Ik9Q6a%dctutrntFcM!NAUIMFl=IK;&qcM}o{sY&HQ7)s# z`3md99&GbXPFBBU?@;4f5D1HP|19d-#ba=UlRYxH+J4+WE7%lITZ0h(%p2AveBG66+rcm?qa0)DsnuntP+&giS?W5 zv-89r>Y;|xE1B7XVBy!V;Tl9d{zw)nphnu-1&uoVEncpV18FTy$3+nd9B!&IG3MRJ zi``qb?&FX+utT`B_)aH8G4yC*``&nh`! zjpUI7uAKueEtnBs`MnHE2A?>_V#D*2M|G`B#tdKva@AV-v1@~djJT+^)A+D_W0_ey zKjF1Wz~82Vd>V=ohxg4-nli_0ylwjV+K~WAhT7};6j=WgS&rnEHLOHjGAZUMdvmUZ zL{L4qWI~@eP)67??(ggO=3p~k)lN(IP=r%-!-e8+ge-K<@WhVKB{A$7&g+Z-d{zZSyIw{`ry~$ zHxvZtbA5eGTwJKlM@CCj(B5}02M6bqRa5@s3p^-bj!e8N$?;PbNAfDj)1*d*bYkSs z&=e*P{+WX9+eilLBO?L=f@kg&HKGVasmtk zmpqTgmJP`7juF@i3bx~CrENbSlNq-SFACyTHa({=gxM3kprnNdfbJc0NIoMuo4R^> zsM<4AQw5Pv{6nw~kBi8!*T4|G#Jq8bIm@%RGz>gBzcSr*5j$(SXEsdSz+qBDbR@?s z^c38=y~ndE|1qi;oti2m>bYeLLaO<5=jMrD;*&A-oigPHYvo3&bkt)f=3VSi@_L&; zhYZko`|;^4%gATWZJ&!owoaTFBk4DriVplQBmp|MuIGnYz!aE}x?$GI6Hb8rv$t>A z*^20+@@i3AR_Zv=EiT78?={OGg2A*DSybH` zbl^dXfgcCmFS%LDGA*Laezml1hq_QQQ1XykLs9bml1*BAnEJp2nRXl4(KdB#RX8M8 zHrqCJCjG$9zkjxjIQ+S~`t)&h!}3Q?XkH_Hrw^X!v@fVo#H0uw+o2&-W{yrGZCo`CpANtmt@UUs!404Q zf@Of>5z9_-$ei@kC$SS57OKmyu6n?oaMgb6OT5LeubDss)Ni1vKn^i6y;bL+45uAH zzk8ZeH5LyO5rYtJ#Wjf99QIKKW-3R(L%^00hCzl#hP&t zk?d9Np^E~5a~g~^M$1unk6jgVi0{;DT(_?81>+lABzTD{HfaL)!3V3b4qmu=VV}Tz zJep%CPLx$M(21R=EW;(*j7DJ0QQKw9qN1a*R~#?9pY=UxzyR*hLb+NGT{IGJX74Yk zrB)Ltp@9!oj-amo_Ip=nr?Q*`XX_tAYyGs3;30VH)=*uK9;$UT0EqLj7{9yc?=2o= z{Jlt6x=W}6&lZ;icU3l4)(iA0&}Sgy=E`hoKXaYf#!sJu;->?dQgT6l0twFAwsG1n z=agKI`n}nyX=!-m%jgV0zxV$FJx9f6_z*9Czm=CPMw*=hU?5 zn3(O}-W-D5;_7Olw0JRgiTQE*HY-+4$Gqd0$&feY<%K7vM&vqRW-xB~b&I^IqUmyC zjkV3}BD-dElRq37MkT<*gGdNHVX1@V@|D||639G(81VM(t(2^((b}r>Pl(@v8R@~B z-B@uO%<$p0mF*oJi;`c`RI-wO1)idu0)&}&Lbu-xL6G^gXM*A#b^pfT)jx+loYK#l zN={9VWf(JSgix=tKU?H>zScU{QkkdHXNLoNro*NVJsfOa9G_Nj!>K-KowDqHa6ry% z)x)N0Ay#UUIB4Jn5A2Y0e1dDSim#!Jl2YHO=~TI$m;Gm-*$ps7MTW~O$i=@n^$*jw zadZ&VVW`}rBLDtdva5`ejo71O_k{6>M z@Eg7NG!1TEV=ve$=j%BKkwa9y=Y6jz;X>^V93$#z9rD(%*bP z@!wp4+jM3uV9E_0TR!J&=VYL3fo>E|K^ab?cjV34MRH>z>&A-wQhF;-b89-*r=S6n04f9jZ3zoi-n!4}60S-s(N>E`iFfq!`NKgM-l2k|q-@a>4uThKIvwIvi{V{gG zD}?)M1HP$L+~v=5LfA0r1GGgVAZX2*T5wzOuVSZwnWO)73^w9aK)`_ZS6B5s@L)%G z*X~)f0#2TM&#B)_Qhu+J8#(qZ@oc0zQN3Rk6dahJ3hf+gQtmegOW40HtUZ@~o zRrFdfAIZGjv3G#)?~P!1V9{3#@QWH`06rSd^ZgLdDnfmS?n&iRhgi z%62kv;KN$4GWTC}m$(tUJ$fiTw_b-Xhw-%4dpdli&o8DYuNENP0w|D%!@N-#$FV!Oz z#_e#4f$N?sg_1iCSqs!}_b4cObw^EQ6j+c4y zGyX=|?}5iO7ip2CB+Y!d2z4>_cG`st=D@+PzR<9=oD>h7*{fGCt#fK}PiR_E*$h!q z`pdzIx`9SeS~`sQWIsRQss|L0JanMf-joU~;;3WC;`FzB(SFYw;mMT6V-zBs>({TN zY4_(=*w~curnpPf_jGzwwLskg8@7|}{rLLM$4~pg1$!@DXe7GP!1%ph{<81oKtO92W ziBxljyX!1JX9cTStY=T5;b2*%{YK8-o1!KouCuWMm319&Mi>9Pj~{9B1Lr5LZq2qz z2LGz$Mhm3QZ02O9Lg#E_E1*YPgi$No3Ai)>>*m@g16mgMRnS(WnB*gZ;=cHc3BaFnGAJu&ihhnc&k~BZiPx(u<6bm+m!8*TVsl zKmEce*~hF>;MpMx3YQt#Q88jujY7lyDaVeWu4y4ms8F?e)R-|}xQPH@sBbwh*3Stk z2O8ab;t6^^|7)dtXP({{8Y=cjw!`WlWkFwXUS5$NHY44*I*a=B?OWSSy9%J5$?IOH zKeh`f$mvi@xpXO2^f=+&-x>{dlF8<8*KFO+ejKryS~w&pFs2cp9yuvM~9j zV46g!hJP;g>$PjLtMzgR^azGDrw~=p_%gZw$2^=LH+y&xj>*(tMOJ}>Zr=39d0^Iv32^dxvS6RjPg?8je0OJ?RNQ*H zC>+?OrdV59d9{9;=dq}bsX%(VHs!pw_U0#%>dNDA>XlK@a(SUl6~?y3Xn4e7YP;pe z4!P@RHVtPD4h@Tnjm1xjy@JP#n_62{y8Jx6e zr%nj_Iqbz5*DOB_bC{X1{OP6~SFc{QaA7!@Qba_WOHl&%F*oZnWAWrTXQivc{}q{TF`F^QxBEO4IW$u z{MYzd9+n;M>Jou?eD6S--FGy}ESOwp)4ic@YioMH_Sx}3`xUmm5d(wUb8#-b`hUoJ z4{)sizyCX1MyVu8LXt{46Kz5&8j>VwA<7I*Nm(To744*`B%!DzEu^BfgwiCMG*F6& z`|PI@L=4zGY=bn;COSM&C&D*W*RISI+6)cCl(nnm32IMQ;m&b-S~j> zxF-SXfq^d@FICuG6mi=mF!s)*?Fd?~Ki)p|jTXr@9->{K+L^NXWP zJWLb);?cX@_dq~Pm=!y7<^zt%yq!yLfD+R5ftrTyhN@#J&F9TqTXzkfth*N)^B;V2 zm>KE(@(Jcc_iKz>b&9)XlU58Y2Dl@U#bvsR3%eHAZ9U=9c6o*E7MTYgzSqv-y}o-_ z`qm2;LvJOe{7*mW99{*fB-x@?()zT1uOi(wmnkO>51-37e%SA)PoC^Ka%8;c(^EhC zWqf@9{u2Gyw`GECvTmikq&Qv{W*Zb-pD=Emr_$t%BE}R6@HGhm!Dizf54Ge%9kXGR zY%7DdAu|5d7)UFo${7YNNF3&7wDPQGKA-+oK8zcJ$W)M(Jv1qVNhJ@d^3mq76A=(l zGC}sbnMBlYVv+9+ zZ`E1fW>h~hMok$e?k0?^A5Kw4IKh zn-~CEbqc4-L&`4KjZK7267Fm_POUBYE~MkOWnVCMq1eDPvDcOJmcyYpPp{Lzk; zEwO*a4M$fIW|j$`O`HnRrD5Xoap5624r8Kb(taB^ z#m?2+$AAQig2VURFp(WCs)Z~6!*ocpOg&kaVAnHsCo8?@Hbh}Uq{1P`ihK7w`8+rU z;z#>B#p|z#Qh>AN{;UdY3z07lyn-SA`X$f;746wseq+^bkP4tou1^z!Y^b4u{wToP zc*yXnM<<2AOM2DM+Dbnh{-j@9Bss*nudiMmp9mfVk0^xy1-CR{vm~>eN@*dgY1o_W zCS}=hvh7H0(2wp?C(eu8ey67M=I-kzk}6}PWF;*Kcw-e(1#j+XUEwJHs?Urwv47;A zUM*atkd82x5?6C<-Ib>=!OL;585*L9w>fMmwa}ZAk}H@rIH{CpWo39rJ&}u`M!DMq zEgA1xYwk%)ZKB1@F=~@i#w+87UwR{m3B#GIK1|m%l}54z^n#iX4uE-+>vmx~;G zJMZ+|d54^BLMF_H{rdK543{YqpZ#*yv~KV^OPFi+;DHbKE-|9m6zRSbOg9AqDDf&s z_PWT4FNkoaCs!Iqge;&4j4Sy7E=RfAf6Pkta83AMcKyS9_X=e7N5?BRD<7jIc~>YC z6G3^8dIBb!)7ZjMz%ooXx3{o45g!K5WoO;s2%_XHPo4YjFs4oXqwha_$R1IqReYbh z+wrU4?XWzNo~{qi`(ugH-w77_DqLRiMYT-SJ~6KQJ^D_}089YMo>2*}TdWPfZS14T ze85jXNx0>7pb}rl%Lo4JL?7T=(K8~jS5t)9zOd0~u{fW>GWSn^lj#!id#yMn0%!B5 zhw;x(Yft+hd1ZtziZi95@-S49Uo$JmQ0S(I1hxg6GDrMf%tok$Y|Z@k6|{ zg-qX~3GUYOXHGO()T85X5GL1dF%AtMK~5diL?*OLQUGN%!X`!c@i#pKUe_q=Me?*{@{M;i+G} zyR^(H*9F7!sf67 z=XSC>_Eem+eX^!73T5hUjf@*6!~if>=|Fo)M*=I_s?s%O^pRdl1&{i+UTz52#s5L<$OP!WnMz`! z(W9UFH^XY2Sy1{nV)kJ}ckc1bz0^!=ctFsGbd0Bmi!Y`&KtB58&9#&sCU963+Gs2? zf6}hWI6fNvX8AM;3sWIf?e!HGZ*Ow?2^-}k*m_tla})}DPWiYdqYdi0iwyQp7hY?7 zeW(l~NSMq@?9Pl33LZIZyQSUY#Vk0jSt~3o!g0~q&x^EIMV{igM7jMo>RqD0o!8$- zZ#91Hn(wb)U`7D+QSX+LAy%Fd789emC0c4t4ekPT!4kmfP8WcVb z-rYZkDNP_(xT?wM>7o_+J)11944OIJcC+HfQ|jG5ajhs>L}|+2-iYK5ee&oYjzUt} zzYdzSyyROgRoWtvNKen|nu4-rM$JDr%~a313e_k$=u?vR!lj4HHA9|)2osX=_!Ey_ zxqU_DY-igMR^1F?Ui zha;4- zGWTcn+HSdN(?6hE=N(BL0Q>eSe|yxWVjom^{zi#j%oDUvwa@J5xA%v*+i!BM1n1oVQ$YXX75qklzU}gyS8!lMHj-<7a0`E_;ko*ZT$0{9}J}Jw9vl$6(%x*S0EO9 z<@RPTu!a!YAsNm+;q|1QWka#MZrwV~kE;R#UI0=P#6lkS%YD9KcU=6?Brn7TyqQt2&`4@{|`t%_tVX=+EMe++cBNZKSz75jJTenIj*!T_FAIuGp z)rQ_I=9Fhkk6A5gMyvN83=>n|_{5qH=jHqm-SOl90)ZiVrN!{{Rtq#k)+HbelqpOG znHfJiqyIGY!Vi~^=`$m|ddtvIRvIp$EvP`6^(lBm;`bkbCUJB`i!uZj3jPpnVcSD= zSm-P-C06+MbS~c{|4C}Q8nU#!WR+2od-m+X_6A4sg{DVs_MyUeP%gnfVy86x=7ye) z{5Hm|Sczjx^RsdF*RK;jo+JVaaSD91i5l}N@pw*$T1Ve5KR1JG0bl}mlMG6eA;bkP zT{`jcuJhw7)EmMk2AWkKu}f`lZyoi1w0Xx%y%^Pz;+MNJSqIe2?c$3)GoWrKk*7(= z@^F@Xl~o?p7ST$nRjanBh{!HHv&t4M+`-|r{ZNFbM-vkGO}o0byU3Kj|EZ%SyQiz= zvN2&xzbDznUp8UXhyi!=(8z56)Qk-oojsfn5+=MNxMRTk^X1zN4@a|=REuoH)@mG? zdvUakTFf(D#W`&por2tP#flZh5s{s}L~)7w60(xw;}hPVezKNts_Ok4(Ho(;B_Ay8 zq@YEq4ELE*+z(LUBUn=5juiJBIGIEhI#1!23E$aToINIJEABPb6ItkS9B% z2t0-IOfxfoS=g)=P$1pC)HItW9RArok@E7lesweLYe+~Z`T;&afC#_78X}Qqy`rcG zXuRIk&nErn4C*5>buwedJ$pHFuphr=irS3_W;}W{y)wDbJ-4HS{PX@^uXHh=rC_EV zNl8L#ex+e!baqkE+Q~tIdD`(4q|A?4vd!m2i#gLN2p$nyd4-?&Ss*-?_bjo

#9~@#s#afj=TayG~ zAOMafzS8YmX$6FXzLz7jqO`PawB7PsHa80p3%MjG_?=9L@tUS`DsO9KgXPfuu8)u2a|?HWdb<3L8UjLG zAuYz;nl{#CsOcZ-);3kAr>EZ;qc!zb3mr`IDH?2!n|^!$UZ5YpHMBoVJax*AW{`G< z+J5D@afzdcZJWmV!YgA|ng9(a++HjpGV$6wBxJ&Pm@<+*Td#*bB0ZK?L7`|deGdq(>LOU$QG z(|5qPZC$QKtou6Rwre9-1W>&>XQ)R4KGI~#v` zA|9G@);j(*0jk=u)HUqD(SLq219x=%rf)BeA7sA&*-G~rSke2b-16)DWfc`S{rnh1 zr_H5)bED@EYB2T!pCUWScITp-!Q(`t%)~^qWv9KGHiVaq8!-YGkzBt%;$ewQc#0ns zY94AP^K~0t>mFT&3F*>1@jsn;XWPEcRc*o}?j@$2aA5(ZzZ#>Jqmb?N=9KY?umhj! zbi)K`cyg%+(j305YR!JZjJLapBN9+W2(E66yV5zFn0R%j8n5|m`%O}p!61%~BGqVa zc71h2);WvtrNgxP48tdOF8$UqAQ>5$_wMzSN6k#cnIRt5(DY$Ox~w1NBPn5{V{b+F z$+IaqpwhOS!k(tNd^6*$r zaL4iTC>;3I@3=OevfexXmV$S$o7r+&?Kr|YJotRAbdDIh%T2t!PW83FUb0=+reQNL z0O7iPMfBdSCev0Kg(|)x0Oie{9VQV4Pi&H6#+VdHB$k>P9GtvK`|C2Qn(~jMm`$mt zjJib);qfzX7n5fy3oae4mH4qCzw@}2PI$vwgpOQ;l?$pzddn_HfR$Js!Mr=-m$WB>xaPS2T>Nw0^D^pIC)Bl_Gsay?aLW$w7(ll2U7WLN4H zM$4S3I1+!`*oM6_0adW>bJ0ZO1F^9^`t%`Z6mD)|q6L|ow1UKCHNLglZrOy=6Bw7q z_Xtkkt5<<`o_btD)KB=N4i?(6K1f8VjS-+b=55}zcm1~?KSJP60K>nLMwx4= z1se+9W0B;~&Uz_%LfZL@?@HTCPh>FMk;lLH-qEoEt|j(TQ5EuXa+f-Zdu*lAgu66e zzXeeMYEe>+qBTsM3hyJYLczVrpwD;a3bVm#hRGC46R;y&W344N;O(Gp#-Y5}EI+zt zE8V?$*D6{_q@n&=&VkUi+8AJES-FwgK z3i-5f3Ra44J+5R<_9is!o?A=1D{RqZ1XU;@elFkk>|68oDZ`_aAMpd-t0koY6^y>HYaK$pVhBHJIZ>G~j2W}24Mra@5) zy9Vp#^b%p%!M1G(a5pojiqg+66(fxom=twTs=*O+Q=wz1`ftD-eU-_R{JgX4DZ()kKKb%%*AqV>WZ~~$Vj*~;5$7(0s?$_1`|En~ z#Ug`0tW^#n{1lWfv@_g2?XPoJyLg2^h3-~A0EHWBGP^jSk9utaD=Sr}E@0|8yvj^n&gGxY&Cr!w46C3c^pq_w$t>!ARJoV9w{myizFgR>y-{Pv zFhn3TD=SRBe^n2bI~)wR7X3Sy2{U3ZXw?oL!+SYd%7?{_p!>Y>x;iG9F|V4pj~wSK zs(Y~3s*uh%SSxr#m}VbO>eM$dI9=+&ZN+Y9DKbaHlrXpVt*DbY>N(vH+;ijEi*&SR z*drhSM2ML>W7e#gUArz{xKQ)6)lpLe|3R!3`y%s7mxBI%`s9GNIh>OX87f9wbb_HFd~>Tij7UvZdeWZP*hZE}xNXC%Wje3*D&FNAaWj zdPNj;3Kz>LIcZs;Nmzt5@+iP4&EB4t+zEP$28R4FiVii9jrA+61yP%ZhQK>Ao`6m} z>SH~4{(2lbEd-sqC$!{sX9KQf54g7poR;-!k6AvRj4aryY^~N)NK0mJQ_pl;~ z6B`i4&^(iRi>e33&Vg4wS8gk+EpTP}=lk~Ow#ji;r#MaFmZLg}Mer%=MNjY^Y-6>m6JQqZUDkv8u{DJ!#1pi3y zIDrOCSQl-RG7PLPq?7yFbJ066RRXH-xi!%q(J(izq0tNzIkpJ4t++T>T;kt`MUH+b zl}Cez*@9COg#`myxUbrml99x$Hizei!-p&CS$wO#zNwA*0;BtEYes%o*%c`R;Oq3s z4aWY}X5wMwz;62vxqP`ad6xF*;M5DlO6TPj%qqv_M9 z16VLPvpgwPtmBi5m)A@4QoTh6>sfth)Mdlz8nHN>amVc&2saB9j(h}x!D`SJxP6TY z>-0hQt*wz#92@Pcrn`*oa|;2{E+-efykZ&R0BTUb$-YlB!!eHEmAVs6&@x(341 zQPbXYTg8)Ey!Z`XbA~oD^f1!bfy&wh_XJOEa@;{Ahg^Qa6@9vGyU3L`Af!Ejn*lld z#+C*b78~Lvu!eQn124?LA04BO5+xKJdU8ej=$cVM^JBc3*3seH8q0KjL;;M z;{3D&2N#Fh>izop6E`!31IpE{M(Wjzz5o4WbV^`z-G2NAG)weJ`LTCv8ygziIQV($ zk;>HwBDeu$!=ri5NYz^=hq;Q6U8;C(- z`2mm!Ap;j|ms(y{Hut1WG7R%`qa}7?q+63-YR5sibEkZ)746fYgC&bebDi29Ya089 z%lTW{x*TXmXrk}v%@MQkz&W+V!<@O+59MmB>>T4$sj0G)rUvN=>nv2IV0ty$A`@z< zv10={vUu=(@NA(Ta$7MQ6wE*CC5G~u^J!1lKLYVP<&8+*`*qd9ee2UC+xBHya;4lh#GKVP2Ai*R(F7hBE{AU zXJ;1J!ZZ41HMYMGmU|_z{U{2DmcK*!9H3YRW^pCLJfh-WS(5 zj7qRMpPr7WVVja7#^Cz;ow0H7nL)Irut=Icd~u@?cRxK@ZKSKDqq%VDGCroMNsV}6 z;9BlXt)0Rl3i1x674o%mq~YP~tQTraj3v;;!WCXswRGryFdz`7dU}M6-2<^cD&0w6 ztn%fRn9V<215`PcFJ7S0gaYsb=M0=)TwcEBNuoL0I?(qo$hphc$uvos?}4VJE3$a; zSvVd(ex&rFzJMb~xkIM#Yn+bkL0%R$=^Z3apcP#0oF=-nk3}cPXI{Q6h#q+w5Qvz- zD4!p>8G;w1EU&Arl`!m!=?E$Xj~}urp-j$@T~#vr%_?*AFh~8VbJpN8>i<6esG<9P zYAwELJRl<_3kMY^rBB?irlzxJ&V<$-*6I0$cS`$CfCTG4 zW|14g1EioGgLK@>6kkY^ZT@_*cds}qD2?v8n%@ZT=IZoH(qh6PT^i^$vvJ08ioToC zrw_)~%hCPDJR<$Uc&KHy?Y`-QT0UnkrA0VX?LmHc+{RcdHy@t|%P+ck!ZCuTsQwYV zodTU}wdJL`4;o-}qzqtG*@*}nYD187hhR+xD!kR8@jBy%$k=Ot)s7>j@8jp z8*;zjscIfgs{JkyWcl58ddid^gOy~_6AaydHa&f2vRz*_H3qVPC;?RCyjZ#NEgS=6 zJ+B?&!p)G!wcN|gX~~k!&2{sXZllwa)f<&$J9f?IC(p*--7s+p6O?VAGZXp?MpTr6 zW=E*h2(vDB&H6|}{{+dv3}n=2H-;`*Ph-o|ZR$hDq$?QQiKqs={k6iX+OH zxeOfX*H6AFUra*!(&;1DEVa4R6yA*p6^l7>2Bq1$e`~28q$9F8#vklPEy`uhSR0u; zl8H78IH21ovwHRq&Kh_Mu7{Zn`T1s`2HHfLNQR9SfIDX@6;!8&VfO@{NIkq!tKTr{kt?ii%`@d}HT_?kJ^G z0T}?D>MARnKbM}wlLqWZ>B%Bgk!A}v@smS7#&n)X^()*ms49I7d_%5j9V~%EYz;R3 zxGnU?4MH>~tT#~E0GvYeH4nMAHy*KpqO9>6yfeg3<>f}ErX476@b-%Ry~cFA;;7xb zS%v&Azqwt*9coy%kQgU%=4 zGL|=kpaa#uf^;DT-238K-}{S%gDEb~j`y&^j>mR>Q;Mx`Mp6>QB1ATdk#6_p2;bjb z;4CR6RnW|0dz>&qXm7djPT1-J`#v}{GNbEiHkSZeugVQv266_AnQfXqm(d=8*+!== zk?JAe`?`!tGVGW9nHC*8b}^>3XjBVQPn|e~!rLtk;rV0cBqH2@b9J7rZI==d)^R?{ zjlP#QCPEvoUS0M%j1V2VE1o0m*YijB1Zfq&wW7S-Y|2N{tUZfbX6W>UgJInePIGC5 zM^sTQA9X7G=R*I72vS1up|rDJ&@PQy88)x{vojYNcR#BlGUyZZz}@F(eEaI{0Gtoq zDcc6p?6tmDkk(pSq91{1>umq|SWQ`oWEQ}%@}Z(S;+iA2N<&QI@+Ps$?CAjtUIX;U zTje8qrlCB;PB1ZC6JV{z3iJc6RQkZff=>n%~*FlvSY(VP=VCUm_LyvQlsiGuYFVQjJm< z?&21vK}0~Och_+>qap(A4BdFzg)|1tC1_~LDZx#%$1oV1c17BHRx=-i*{`J_MKSFK zf_wvP?aCqUUlX3Mv2n%g*TMWe=Zr4a@^v?olZDWtnD@Jp*!LPr5b?%8y0SGqc#u;1 zx!{uzs3cGnN|*Kq1;_{(dOm@g=^v!Pg-e$x%+A-ZpEVe5I2Wj>U_(%lkjA+2JgqJM zO*7B17+aAnh%WEsVgJQ6ZZuu_Y;C4YaYrQK#e;Za=)lqIXe_;E&WuJ9u-y_lCerUS zMei<;Pv~~}xe$JEb$6!;GdAfowso2PeKN2%8iA9ShJ$1IYcfpq4xK~HDyf^R-=ZMC zhW&2cy3y+4rGTkdoz92SAQE1tD%}dHlJ;ZCd_83ZDWSE;C?J;P*{ytgy)QNeQ8bAR zVD4jOcpF#A>c#3ai>RV7$6+HzJohj%{@d2Mylz>3c(IFm5u0lg)+3@yl$DJFYHqUv z0`HzyjeEO1Kiq0qaaPdR-Fz+{1<^+;*k1-2_?F!^knd3LW?V=Y0Gnm%#b=Jk49EKm& zDAXx+ZEAQod5_ed)|;?Fv}K?fm_v<>_GOH(7c=s?v83wcwC)Wp^Bf$|WOh@yTYUtR zLKJtn9=H~w@z6=r81hWA*^C;4p4$oJz_Zq6@G1Wcp|oOuxvfO{z>R|}^XS+TI<=^% zP))nBuDxm$-i4!i<+tAZuu7Cu@az_INg4*`dncVa^BK4flHWyj!h~zwHPk)fDueb< zHxI|-{^8T7Y15_^Dz?sLu7VJH9T5R4?O|>%<}r?FjT3qT_2s`Xa9_1vbzEuaqPrrZ zf-aF$wl|uqjG~rWz(4Xd30(a5*n=NI^$SWY=aj?t3vHUVcJ-!pYu9dCv13sB^pRwm zPnC}Zp6K@?j}igmx$4ZEfdhSKW9FxsMGbZ5&LH|aE)?w;`b?&qRGh7-+PiDKwzezM zu*?B+reVRp3@M5HqAo5sRx5w;D8IK8PhJ|xS@@O&2pZ`vU3*1e=%nob4m`#WI@;=g zO82PYy#P7|in#n2;+Y0dJ&gEdji0J%joa#|e{B5Pp?!R$NNMIUON9*rhdO;5#XjO5F!`?{$eN22~#Nq#^Boe5uNQVc>|7|&b=L;y%d4)1>DhWz{9FujXlI8 z+nkQJ?=ewcQkR#tt*?zinZcFYtHB6TG9 z#^ywwQ2h}p##WKt=g8%Mdl&R-^1Dx>);?X@{OX2xO}ge4qW$CO*7}@tM*SmQ(6hud z7n6oGBzU$%1pP?#<=~Fp;*EM!7o4pRlG)Ss$H27aAQOdBr>o^2pQf9HhQ9vW|5MZK z#w9%*o%8ExrqEqE*QBQXGBR}TYb`fcK}vkZ6`iWr_F~U}4$Q23xhJU0@008AJ~IE? znzL5QF~ntdlgycck@I{5iUM8}`*z@1>ZUnj+aPLg)qO)j>zqQx>@TXBbgeEhMAJs` za&Tuv#hLVUI*ZQw1W)a34{5Mo=YB+nxBI`8Q13onNpe!!r5>-(y>klueLd>F0!SM4|2Sql?-O-KUu*W_*|;fz8Q zvYt$3$ug{Jch|06b*u%X;PVp~DtEocz65<9+O_2T?j1Xt8XHG$dafnjI7TR8vm6(t zy!p&aGL_ahSgFlc;|8j#8qh81{M;v+A@W*BjS4#ZIPBGmP8-^})IYGO%|{E(zU=MJ zG1b40?*2Woh-L$;(VR;IlC~>`@rEg>!&=%>cZ;QsZ_ZQ?kWR-$!{2kNx@-(rcT^}O zXGKebT$=y)YlZ)JJ1;IozeH_?=dFP2n^UrG4H>@Y>+8?Qgdg>PzbYz3@yGriD&5|k z`Cu8nUR)+sRUr}p(5l(bRk`<}8`X(7{)`*g<$rwx-`*HoCR!+4B@4q%T%(_0Zk++Ke`(HYm6Nhj4U%y=V3A>N%9waXR-|ryo zOb@sG|Nix6!R4~i9nU*9;nZ$wV$+rU9BUHBk-v=oCwwCAl zq6gbXJNF$NFh*5jz@>@*^@#Z(6vFbyPCXm;!|&Ia@%xni`?WOA3H$%OLsKtPpWyk6 zQ|Gq#xnHsMzkXR`XV~tN(5*gp|NS;)2byY2IG8;3(~3Yz@V~y}cHXg&x1o1Lpv~ws z6@(e+7xZ`aJ04Rk)3LL5Y@ulEuDQyCl;ygL5Be!Qk=rsd>Vrj!E}gIM4Gx)YY#Mi0 zTZu)YV_h@0qhs5#fqg5h6AgSFTNK;qav_IKh8V(P{2gw7AG zTOTqvKS2F#SnU;uG-hVEnC+mt$2O%Si@e+}!y#{YUEiWcr`J}C{7xo**}YAA1M0~= zIt#AJWc|)6wY|P#NJI0>SFY2Sbq*GND2;#W7_M12GSDh6xTAdoc{v+*OxqKtxz9}c z=HoYBVs4uAU&{>ruq@Q&5KBJ6W}C|)q(@%aiUwH$>M5R1U;zr!2i%jcbRR#$EK%Y? z@qlyta(erURN=7ooydPDR$XcF*-{Vu7yjx@z!As=kq)m1<2tmeMxe0Ml&@ z3!0o#7B*G#PN~u28~Y;T!a@qaF0Z*Raj;_HnOo00bBv5u0d%(KO?r~Qsh>ijy@LZ4 z(|@96@aY~=m@=oql<6LM&#$S86rXFfHYfcE4eXbxsUusnNqR8<>e?C6UG`Js?207w zz?9;SjSl*b^A6s8-2ZKA_!z5&iTj-HzO9<8DB0yk0to`Pw$2z${wm!HSd?l{wonrd z4}3)@E?7>;@}$W!FcyJVB+XBqJ`I~cmd5(QIGzq>XNP4$Sp_EiKjz~S^a z4Gsj$B#7_Q<;yG0TBj;mLO2umz)v;=h@+6kJgA8{SEpy=d9ewLY0?PswI7qb29#rSPn_;Y# z{qrxqk2yh4I5-?Aa7K=Nt7Bu(odET7E(=Bv8&>lA^>vL4M^5P3jF5>o5?d+h0D-b^ zA3~S%Y+1dn?k^zW01x7H(z-9xV+PKIfdeO>L}OD~?)kpqcwo%&>%R6~+QVCJ6fAcB zdodysmIdk0p3N3XPd?X+CZgiUpbTkD?_4Ui=r}=}3@Ii}&R*`!!uFu1>=C$K=o*lq zgO&uuUDQC5ibw;eZ5o;ifZUhlpdodJLzK8#I(8S5;)fV>5#LZ%qSv}gQ^2L@Znz*} zdf4Wc_=EG;Zq>O5MDp$!P zOc*cYCciw~wEOG^K4BVJ+HMrvKjyW0@rs-*IV7$Su7R{2A|IslX4`j$bUvqhi0t20 zJPgUc6gV6J6qr-xm4Icuaw@Wzk1y8mGTU(iZX%1ai$0Kq3ZoW(Mlw?Vf(r-mv83A5 z*e_pjc~<;r#R*ciV{gLf0#6G0hq}7UDd+j@sM;3|(X1kr1|&EjAZw99NW8*KD!oUK zNZ2Bj%h#~M_h&bKrx-Wq#n+V2lFxBCHkN~d<}GG@mkq?fi1T++yzSwz$BEK>Lw&RAm=>;tbhEq%)9?c6jFRjtL_=CPmZ+ zPMLBCFc18le*~2L{Qdiq6fGxvd$*MeWw*C*Zk+IcaE*1E(q$i{gj2-K! z9c$FGP`~H)OHRI60`;eXh7Z}{RjKWGfS9Eb`uc=`qG3ZgGko~N;-Gnsj>5r^nVAVQ z1{H`%ShblV88%n=*>pZ77jUF8s0W{Mgt<+e8{7;{P_9Av_R9PB>*#FI0{y7+lQaj( zCrNnz!7Tj}d|Ift{`nfJ94!P4-_s?m?dWMw=+M9SvVzK!uqAP6Ug17qWPDP_p3VJZkEvo$za*rm&-8Z?45Y`;;w5}@0&C*i$LDSd!Q!8%D* zUi}9AD~riOc>X>&2c=Ipp_3fH@wZP<(D>^s*BVc+8M_%^klYrQVqXG2$WB{l@Fn)PekjnN-R zM*GScC+VF9{9*>5iOFK^*ekiYSW+__gkjQi$Ey?tY_-V3@B}|L**}Ji9g2P=E%N`i z&-3h0?{+h|^}>?#On5#DGy>Sz+6QoOEBd5u+km4;De{BVdmWN>c1jzvjspEC7u8v1 zFtx9UHdQ;k#MfdtL#!FhLHjvEFaEOj1%JKH?3oe)q1ldWNn4cus;_a+B~R+r-JF z#hn1C^L>3KYumPI-xg1gbA$FIT;K)A&H;A;=yYlA$kgxGqsKcO%(b<17yCw>^~!#U z!hp2h9Vd{fpg*n9oYHSU!g<_yw_QgTig>P5r5)mQVAT#MB$zg``>V6H?=JZ9OMoh+V@ZMj-!+R2Ey!MMDcA&83^q)GSq;jEa1 z4^N7lqk8yf~vF zvbNq1TH)+mjfZAjf#O9W@|W~NTSrH|p4$=U10Y!n^2Vid{s+HdM>|>SKfq97l*=ti zKR>@c#hT9$>VL1wJAUX;C81fgh|lJ|WWrtl{+sX$@WjA)h}_^}CEPJC{*8G$P`5Dj z5Qos+yQg`T7}-+G>Y_B+tUH8!i`>;r;^w44*eoY0-ZAsu1s^ytAzwi{g6suKmZJ#? zt*du)ErQ(PBP2QI{VG8a2_qiu^awb5Jv0hk{VZTHqr@_p@cg0nI218vaQzA&Yfe;)^I< z+OylPTBBK{G+}R-{N8=8#&uKa2p7;882_}gxX3g|6AkrUwcH+%itv_CawN^^^>AJA z_O4vJ_I$10vy*B%));O#fB~_*g{i^RdK3@DqF&&cP`VsC(cDuq_W1F<0=;&+cbpD_aJ62&SRPx1OhZ0)o))F! zKeP*PJx7ZD^9NZ)9hDeH)TFt=K{9j1j@^V(g(pMxa2gPv@!rW!^e-2wt#N+t(UysZwg$ zk~f-|8p1%oA+jaR%5mcY1`l~v)KQh;FCl4p>zvhZSExwOEvA-)^}C24H^(}ZX>2rtZif`1xpb}^u^I(^xxuA|A*Z_VkyD9}e^zlu<59j2pkCBL;wA@+GAus*6 zL2p?}TU3 z%}P!(3?w9)ltKZp7%d6>i6a1!c$fK>6diQv9RFV&WFuWjBMxM1QTU=I6^M7xNOY|J z>(+I&%}3 zy?5TBV&>B~3fLID)_d`{`OgAhOz>;EET6B65+e(aVGKpG%GPX~DdiR4?&V2@DEED{ z#eD&K2MRT+2PchR6VecglcLTw72jk#GsHhwHaw81LbjKrxH%L@f!1nP4lg)7IzM0{ zyywV~r4Jq`j9$dpBI|X`Y;JC850O+aVh|b}7^DPb^eE(q6k}k|)~WWJe?A=JQ}Ha6 zPjSn(ZEdZs49CzhFjz_7fzU>nac!$-lw6i5sH#ROEJGrFp5nosXpfwnG3y@+gDKfj zD0m^rSFD)-{PG^1zT_tJ@ClcOCVA;B`ug@p8;2{0i{K?o-^V~Gj#zYa=ww2PQwpMYA{wKG0>MnKbIpvgHd^K9B+_xYxY_bKMNv!@?+1~3p(9oxo8c_J? zQ8(T0VP;C43ZQ!6!+ee{2y*x+Uy-svhxMhxOqI|z#{&!wT!I9pUM+uEtQECA-5U|A znA*;8$yd7U&0+SQb7>gK0VcSsce1oU$V?lDWk6ws=taK zv*X^gOmU!IVvD&HM!Kj9CIH-y*m;$dzg_ zG?uc*X~6>Q2rK9&{I2zW^h(kGMsKH#-;+999}89KrsBn?pVvcOlOXIz5Hhut)6|w% zOC%4t57{AP3-ZCagi-fRbSvHidOzE=RWfad(~hVp)se2ZIfon%0JAe~K=^)oKtZ?t zW8?vMJ{gFQJX+3Fd;I6(5a;2VSlR78a3;HC2GDa#$v?XR__?ldL@)Cg@ znH{cKjF^Vv1|e3uuI{{Z+bmVh2QGfP<&sB;cD0Ht_b^JVa8|wBRb`LQ(HDI}btjA; zzbeRBp_;6jn5jUmT+5b9Tjo^v+f|F@W9WW{=)qkf>*!;ve5ctT**U=!IXUPhNdo%) z`#1FE61@ZNgfsDnyqy0eSkU1somp8v_^3;o#;c`f(ss&&RCd0L@h(5pqf=Z-7P(u^ zPGBg{Bj9bBG4faCqcxrLKd5w@`culP_l+eZ(oX!9f(IlZ&PDaR_-DP9lHu}_8Y3U% zHB?vE190l@rB`>Ecdm!hrr=Ha4|c$v}j!U-gycI4~J9oRTtljC3_=Rs6Aw z)1eOM`U}~TsqYO|Rj4pA#5i)&bJKy>d#M+>*hn6XC!>wyB**^zbH;uP5e__;LJ^u! zQe==4AxpLGz;!_x%$EI2etm)EB#H+ros0z+r6c!j7up9jU7tei=1*%w9fouTQwSaOcCFKL#QDZn$5en(h5-Po2v&iMA-F&~Vmk$>^+DcK7VB z`QLk;oRoFe-&?&1(wI|q)D;O?ahruTePmvyIAur=UqIQqO>Im}fxD7~t4Ni8D<^eF z#*PJP>FMS5%>WRS#s&Pr?XhREs*2Op@P0)BG~Kp(W9P@kHg?;A{#;4ay(~I*cGp7D zIW6Q+;<>ZFtUf2<(kWVTSo-IHkT>G}DI*QpYIO@A=FVffCBre(D#GPY1TFJCA}EQ^ z%rXvANX&ZjNy*^0$DcD_aZB^C+IX;Z(J0V zbP;7SXa<(i4f^{2YqVUYrVvS&9Q^0adT@$UdS@vu$(PS%f(`^&LgvL3tVM_|0bk8ip!A$Y zn7q04d>C`WBqCltuBbv<4nbX|KxdOaULx(>!Zj``9#2oPe|4>&R#eQ(aOgK~&%0xO zuYBch)gkHN#A0%r*q7&&W&9sG<%Oe?^@a`^@&&AhW?MB9_0FThLbA1$wRQ7MMsGvGBEuBwRz4{)Eu8vlz zasqG_Z<(vAKV!_3XY~0zjI=-i6o2^)LA9r&qwjPnDx}w*cPNUH;SzuOkgS=RMo|*_ zB`;sRSo`HEDQocb?CT#tW|yt8w3O8U4J5M`qbHX?r|sBrX^nQErDKqa)bVQBItsV;LwSB)H7z4SXvzY*LTrx^t<81{Te=U1WI($Gid7aAJcJ$A(o%_ut9 z$;xMWKev0Xicl(Q6dvA-3(1#A0={lPl&D@|wvtPLMxQ<@&+B=8)myVKUyeK_m*JEx z?mj!Mg5F#0^1jWDclxkkVWBr-;Ioc1Jp7do$kx@u;udWb1`PAkwd>a(H}bTj(rMk8 zmE-#g=0Wn_b+UbK{`>t3gppH*qGHJvf3XAoFjq2vfMtRA=>ENXp!b4jearK(tZZb7 zd=B8Qc%O#5N zLFqtAa0yt<@UNSi-h>p#G^=43cuhYa#`*$L3Of2!)KA6AjR2Vyto(ErIBwq$E9sWXipJ zg(LUH(Lp_}c^Ox}bY0U%v5ReyHjS4s#^>1dZrq5;b`XGRY4sc+xuTE*?qpTbFaij3 zk+U&#$7CS{0-9Rne&9coS!DWc=Rd>^>_ppz7A8}6>+jK?Pj5ebI9yvh+~p9jn!VBQ zCf+kmQ~PAQSRGH)SM(cT2K!!B+`f=*KlEGaNtySn>PQ5ryx5{BwqQNiD%qD1CeH^h zRV}&jKRPUevG}#vUuwrNP?&K0nTJH=xP>W5W<*X97hf_66(e~D{a+l8T3wSii0I)`AO;d0qG)SV$2FN!KgGr%7Co_d0}EQ7nuaqNEV7Fb+nvJ zOB+^x%0_omxF$AeHuc8lI;oYJfGj-oFI4GF+?xEgc%|dpl29Dp%=yt#s8wnIv2?Ki z_b~VV3L~BMwr&**$#aQNF1q35IM1gYR5*#Lh3MqaX?(@@GIrOi7cZnFB?(-gHf2iK z73ylmnP(aXyXi46D|PBgE$gSm9{=indFV^+Ns~Hxl%xpoq8V$=-;aJ~Q6|`Kj~}0{ zv}LAlJDr{%SEq-_uJY@%9(wb-ZIhL{Spt9iO?4 zTz=nPJQf{mM2-N;j^hr+$FD9~)u2o@K4#dk87E6apE0~~42R;Q?u(q9{?aDk%k_u? zPbANQmsWMyMXsn301Pc#c%Nj<^ydYUJtHtUm=Cx!tW(pr*T=7bfMIKxbocIBo8y6) z9Xnubj5+tSvk5q4bf#<8Smy4?OG>4#Aw)LAVTRHcGtJLWlXsR*fSKXs;SG23P13th z&J*H|o*Jb_{ZVI|s`E2oIhdh5yNI`TTS_8&FIB~@XQDVAlZg{qOk@A;b~(gFWp=3%!?&r~&x<7yYx(+MglrehKTtUuCmrVgNQUPr}vPWu6 zp~3(I7)ke{%?d@Cg~!i1sUKr6DLn~{!>}dkVS#O*Vv#QdorVra<3wgKioyjB4$n0E zhIb5LlJnG)sefLF)wU3uwT%&~+zvjz!vEgL9)y5p$48Wy z7#pu8AdBM>xC6k5>bZxkBs>&aJerN8I>!mqf6!m3Bub+#lx|}Q=L&O3BMV~G1-ZlF z1H;c=+Q2}ecL{$|M|qWB6h$jXQl7^ z5!-j~UdkMLimKHgqd6pA<(&VrLv2>s(Y$Tm;Y-fr$Jz2wA3765vgxVQw?q#L3r|u; zadwB7udTjoWo>;JQfuneyWn&@$KywjUI)>lyyFhpaa`+jLPK)jvF%zt6^j~KDlaQ5 zA=huc!G?^3YSo|bi){?%C|6u?FKK9KfSXn*r1?LN?^;FWGAXKXy75=y+!m-@o+z5P z;R+YY)H0(_&yA(ji*jWbgqiID4L)?}GobkUfDI{5q!8n%>tMzloHrxvzGDc@T=Kzy z90KZHN*nNh4kYLu^^vYyN;S@{zkEb9ij*ffnlht=*w`!vlbn<{t3s&-&5TtFxR{Oi z`XMb|FbQPDL}HQ63+d#aIvDYYbnnN5yuvqPx@s$}yB;qr-ZmuKQN zs7lxLN6<&0|4VMDmFu;v<1k`FE{(4`Ww&wGmHAzQSE2EeG-uhaer%OeR%)aepe^e0 z>eVYmnyP6p|2j|KRy+1seEc=cWbARIuslZ4XA;@`mr0aw$58U%_@qv7;r5nUpZ#h6 zI2uqK%AGicftiou2Gt=N-h{MBL>o0bM^yKrkm=PctfH&xTL2lEyq9~lCg+cq>6DtM z*c6Ld!O`F#qI+CUtAlRbJay_e1#w!%qr;;T}KVGr=J$gxwiHR&Y46dJ}B|R zOg?*|oB`W}Q{igd5giTKZK~666YV_2E0s|SSzpw{WH3^I2Dg37p^d;{ATzeG1NArz zgMdeprU7FQcybJgjuYUvYXGPMpFC(0EsF_?Vy4P)$d`O*;ywl976wkSmisHr88$5K zct}TIwT?IIs~Y>s=lAqPssU<1GtV{>%E7WDhh0<$4^E-3m^_5;=5FAz%~95ZZwC-U zx|{kLTRo5xtpaVg0qACBWo12{r5|Pn8%G9n#AJ0>;l-N7fSX-$3=$M#0Xc%ce*1Qf zSlWL5+7OZ;=UaVFH(XOQdk?oe1v3Q%VRgO1x$p>(j)yve*Yf4d297_EBM}i1d3ho1 z1~Pyp^9fXzk(M4memtY5tp3NTqr09YBXAgEFm5Srl}#5gtYY%C2eehix+;oGN-8o4 z#=;v3;bW;^L-yZ?GqId9#hB6nCK;ru`^_~IB>#^V;F2CbKh&|j-H*rmSH6KC;)&<4 zA1Ax@78O1C&|7B_#|jSK_uy85x#|RL;1Gf?qQ3wkpKot(#KjC?Bt#E@7=w+HflH-> z!ub%^)_oRbmku6$PT~2k)Q?j0Zj#bLJXWWNA)9LdnCL_iE5I@IY#ka5WcA=H=b*jLw6DhdMB zr@tE=!^8qK90a?byu0~mc~R&c2j42N1YrW0Y1`LPv;c>KX6-I?^}at}%KH(;U4uW@ z_>*WYIq64tB&RKn89FECPkJw<7m|I)08s+2iWE+IjwcBj$MwO35t9cJvzAhZnGADW zRBFN5OPA=ToK=^5dNTG+gXO~M1mFv48K=Xf6@*akJ5CU5%lL^cfjYXnLfH+6aQ-<$ z8}3JDZqa^#Xfo*NJOoRR|bCl@=lOcGL zY(Iba;J$qMZ;DhlUrS31?f|l7_*lrZECSBcS1G!E8yK;>P86zmwnE}EFnOT3B?}e^ z8Ur%*iFk#lV#6!qZL66}+s(5AGrNA{2KHtA_jL2SYT5fg9*Cp@W>V-ev*#mIk_p@wbOg){g>Hp$&aZ8e8zn_saV;#m z5yZrmy%VgWPJe;Bx}~64J5*nvsmr?t6v+R(a!EKXBDx+lV;*h0uI*R9<^LJo&u7Yj~Hca?Wqsv2hbdlw9Dz zdi(Y*7Z!~v4S|HzRbqI8SJ-@eVzk)7;UnW-92OsNr?MfF8w|4W1E{7bqK>zD z;`3v2hTPUKp;^rz8P#mMtRo@0T)a@kT2QJGKW_HAk=iLOZJLht>EvX_FoZD8*WX{O z(*ad9D#2pofBx%jyHZmz)_ac9m??AEFZO!Ms*%m#ULACQfse*w6ck+<85Y>vd+1Cu zaznhpTjpg;)vv})D4fWwZHgF1-F2UMB744c$VQ7UdO3Ur!Y-~ZTUVj#V!9H2FcN*2 zdGV#oA0JC#(VqNf?(QE+N5p&r8{=_vt$T z&|&x$ghg~2^;)smM5LYj|}N(XF)9FizUMa&vHS*JCoXzxh^c8T1Io2>#29H z#+=PA+Hrz%9WN4>((27-HORXj*I*n|my7~ztHnqVS(cTH z>NDs&ZktY!Bc*vbIZ!x2gCW}CKBk$HDS8P;-x?t$UVspW!g@4?FrQ!8obJ242(jWi zf<)n;#QwOzK!_BGDG?}^PY(`XbiE@?<(-`V8W7nb!%6Dl~At_^NY|A{1 z1Q3w@%xrX+7U)*05>6D7*{COP8*i)1&$&^e6i7J*Jx41r&hX_O;Z-rEc%Un}1Tnn6>Sfwhz1k5hmuga7e9TO+28@=K+vvu|# zJUH2;VAf6-)%Qj3$L#5B+qUz_`Nk>E3!X8jv1uphgc0*>Si#jIU0Ly6&Nb)M$$*Y@ z5sauicGMgjGIKni6n8N$1}NEkj~@?!FJ^3|knUTApM9u_LgBg}Z(+LX2}ocrkn+t5 zC|Zf`))>F0xT@;-tD`ILcflvM&E51&QS)cTo4IHIhP0MdfhFuFs}3reHxb}o5Ia5i zpRMj*UNF(buPQ4KIm+w_W3N$x&zwD*Sk!i475aXc)Lrv^_oinxRomjD3Ui!)?v}F) z`8q4%61SY~Avwp+u8C7dMpBYWo$)!Jne+H5PQ2H=qCAIfuZI6WWW9M@k89iZO{J2M zB1s5I2&E#S6rvQFDitcBL6l($(L_laluSt_NtB{VhLj|kDN4~GjfBjZdcWto-s|~1 z_jCK_TGvAB_dCzy*oST3wr!7zi0BqvTDRF>8A=5tC#0T70}KT9*6ZmPs3u`>&?Nn$ z_*Hg2bJ+RH6_J%otj9xMtsMEhPGWqAUxEji;XWnAKm%sqx#x5#J^$xeU0nqc3%oX% zBZG|50otovEzEs-191$jNrUoxTFNnIpM77&7j zA6oMQ#TdKiaU`&)qRec;U1;f8rvIEewf#T&U@%+zLhPZ!qB>V9!Rr`*H1fJcPaW8X zNR^bYh;4G+@~*N2=^X(T2M&a~&S>-!6IU--@KETKv|Vl{`67$0zf?^=ZrgH&13mNQ zRb(2Wq1XQt7U7vNz9V7u7N13J1;Ldm(;hbrtK#Ob3A!;OMzu%-lGD$3nU83D#fJY*F{4k zqL+r4Lg0(5+tTeONR(6}EC=}B3LGnB#C+MZUOyQ<@)u0YzA#H#GGk@W>51@N@K3zU zQzIa)ad&?(Bx0`2Eh-6~xv)rrVxOaiOE3~jVLy9DZN>ug3m4_+f1mO)+v4EZ0ZtsY z6Ax~4JNdJ5AA~jN8G_9?%tjJZ=?59zS+NE~%Cz0LEG?cEBRYIA@R7z@M#;iTguQ`* zq_iU&|439nV0y(i62o76eZZZbxw4Or_gk1Zf6-FfCuTjppGSqyo#?-G8g-Esvd

|233n1z|>GVau307RYr4Zoi66;J^hjQUqEz!VzF%h{%_vDpU___VSZX#+HfyW zdE4d7Jr~S<+yS&k7G#8*Y<5h(cc98}*r#VtVR;=U2x;UZ4L<$qX zt7Ftywe>Pdh0n_F-jyb=#^~w6;Np3!dw|Fj_*?Vv8}%TB1j7N z-B1^*B`j01-0gc&w@{qsLejF=6BCu(*1Pi7@N&iUyN94S^1j(Rv2^81VV?qDo87Sk zPrN4N5Czln_0g(A)a)*ypnEg)R=+pz&To$U+g@JlyVt=Q{F&=T54~0I6%6FJ@812+ ziN4lar@LY8T2;2GH%Psbx|@X5DR{P>YDHj=FZaMhXrahN@WM8ER_TTfp1N^(iNn?k zzm@3>+;s2j5myt@xT_F1&3-|3}vV7opy_0}FHI|?TNtUA1Q?6~=bEQU)2eW|g`9^5|}1b8JRjE1wk zJn>RvdwcKAviB}|c*(zU-m-aflxfll30dDSwmN;rw)Bov=^0L@6RWI1)zK7Ey z%6tww<5$aq;g@Kl;E+u{G52AddQbnB7n#i*F0Q4%P@4}dJbQG;&VOjzls`Wt06nMo zq@lu;q3rwni|TH;tq_a|sobO9O1cq0J_Pt>oE!dyE5e{}2skv+0!;OFpC19mr{}3K zIrH4K$<*AOt*dX`G|rS8o`1HfG$7%va;M~!(S=Qxf9tx7${XAbH1IR5y*X~}4s#hL zaNE5elkX&a`#$<;fW6#%vBjxl&%C;QTXo{Z@HNW=3N0)x#TN~=`>L!tcf~#b&VBQJ z|Aaf0@dPNlw=7#cuksP;(dN~0yXDKNZ+g>#v>i;2zyAkf_s7w>g?IbA9#lBvcAF6g zdJ`2{_uBl}xWD2#{~W(mg8W2@`j?`VBdGDG@XMlx;xo>=GH%@-j+Tqk?C?7vCZkXM z41so^QRZ_BiPx*vT{idAva|<%gLQ)9MY;b{3#hk z{WhLwtfFJ>s(c7aOCbf7*WcfHPonMHT&uELX>Ei~WLIDHS|xioH(P_P`!@b?vmP|B z4404Zd>YGCYfpGnKLDI@UVBHq!#lG3EAvqEcK(bN%I0OzG3%0-mYnOe3Cd-H1%Dzc zQ{T6$uBAotMI+$nbOz(}R_;~W^Tv2JKOA!BeDSNew`Lj@vdbifJWnaj*mO+CP5$@t z(TmngW$3Wh>;qGOB8zh4yvTRh^ziizt@bRN@qK>i278!d8?+{+iX1qdMKXxFH$3oO zNlB1a=d$D-*F?Jf@{_d=XoZ!JoVdGPA+%sewNK|mue0NA2Rx*PVP%1}x<31FE9Tp) z@pICn`tARh2FLd)j2q_MWA>u{N=B?#6YTgEik||dC4L@3VWhk)thJX6gFne!u?8zx z^R$MryBwCYp;aJ5x5;f|B+hzXhAx8w{W?mgjA82pYNC&R+!_~`;D*a~6NYK6m9`eA zk-tvfhWJ7WQLpz!_%aDzp`Yq^ej3wr2`_yU0>N(i_XyMKwAo4Ta7!oG8j zBXpHL0#r&dO~te?U#WY{$aUcXQ{=>wo_rAvR*>}9_4#}4VC1bvPY(}|764I@HKm#Z z%VKS+Xg-)DN*7^p29##`XZ<4Uu30}u#{KHJ!*t`ZGZ z{Wkp*dL7W`uZ#`Q)sDE@S8VdEF=B?mi_q$`cdT~!%5LY@bLugCaq?2JMk?A4I@{Dm zM;sNz|H%OQ`B_vvxMJ{~-PvgSpegqS_@z9q^fAymnk6jXVtWpVI(gEvVw%hGzbM0? z)*n45dgFk!H5pgz)xeStxS++iZn48bE&8tBklfiax3E!Ao-1x}(!cM$OK2%>dtM_> z(_8<69uL$`TVfJPh+LVoemTv3Me6dAQKb-9g=!5CBv_LQgVKkaRm_VDm|BCW!_=wA zdfBd45MQuY;$mQf?uo#MU8jr^WI~EPj?0=YGA_Aj*fdeDEM57)JexF} z?G7&i6nRvn3WZ?X`}Yqwj&ZiA8|$0Bi<*^oX`a=P?#E7^oN#d7^cgegEb9(3XlL>U zeeuqgtHUp!(Wn`D@4*9|#XD=hnNcxhXQOrMKy}10;6r=+gCs+TQ(OSIHrn{_XmXi|pki9QU?)#<(_x|(8k9CtYD=HruZw(y0sc&rcn>9;^ zS*S8G%BNPxbN=DZr6adI>u&mC{h39@RHHD@4Y#s<$W(Mfa8Lg`puqRvtOn$-Wey;d?>RH1A&)=XVOiH%=^UqLx-D4k?X*4$R|AoDJQ#S+lkJ)osaDW8tXEwDR zUgM7$;?w-%U1VMqj9<(0n5TN%x-NI=(y^1n& zhZq-rx7hUT?AxU~Sxd0j2=17$s_SJfxR*CXc-m+tMFs@9HI8pXe!-tmorO?@_N z|49l6+6pudr4TUSTCz!kvD$vZNEbjOWi3n{aoa(cTgm=37f|oyX=j|HErgAdNn9FYjFx%+H~t zzMob;v0qCvixvk8^Ru^W@fG}SCz~mB;2%r3^}FjS(ETj z?=NO;CcC7qy~lL(0gM%FVpU8CymS3BJ{$~_k~UFRw;v&vEcfpI#+ioqCHfx$v3mC{*ma9VjW{=saRofY0Z-a%Bx-GfwsaBmLT8*Tz;xq?ktCUpl0t`$kU?GjJpp=bj`>8%j=5 zxjuHngun+6v5W_&qflD`e-nWlbbD-=u~Tb%{d#fu-TTLNV48y2;o&&-q#|&p{Yvpc zcls(gEf*v-3~zvyzIJo~)$`AcSYM6}2~gh0&(oAH16gi62aZG&fL`E?+E}=Y6OL4j z37&R)=LGe8mg%D{qv!mh04HDJEkHOV%>-S4BxZ<_rj=F2zJ2=$m4z2gBVMyY6x*?m z^Xd7MMy(ni)<8SOPlckP5J&~_>e_Z%qo|2(4&Q>q!UE;8hccgrL>v)uA}eT(?7hu9 zo{dqDRVf7(qfVvwb+63me)4nC&q`I;H>R=pLju8c2j z`HBzblpDp(GMM$zYwIp6Wf@_Q0W)_>j)?COnPZB|Q!URUs3_cg3_${LBiA~ycg&V& zh2LJzUNXbj1u&0KtZhzD!D$Su9Snn%ig#9^wBN3kU~CBE_cICkZddRiA~KTGRCo3a z0fp^zjtkT>q_Ehlg-qK{AWKljqByi%*_}u zBantNLu-HFr_!6j&1Q`^zVgsXco}`?B$olQU^frWx-?zZD-$T&gV7|9^!0SB5w)+2 zW~5$e>$1Q463f#QlWQ{WNgVw%aJ-F^hJw(SvG2^mnvoD@y!NLXBUMr?)PN5P6{E4> zR#e2NYp{aCo#hMiw%0mKqws-Qi4p^pQ&8s>X&hbyjDo?=Nu1F=>Wz5V(WX7#nt0ul zm6N00m*}%%!J;=e`v0yq9C)tS#-aQT16z6mSTKhUAHM5!>58hSPxBv|MgcBnwC_8< z^!al_b58v9%}4yC;R6p?p9qvlP85n3@WsYW+i7`08Z-G*g4)FP8vj7Iv#;1u!HRdm zNgzYHy}Ckou4OqOh_w^QQ}8FQAG1%YzCQfFT!7-&`}Rr76hqy{)@_QOqloW#o%kC9 z5smfLArtd8W(15saEh@HQ$)ze1l!|3)Z5qr&02<_>07`Gur}TRVE)F(>AWoMM)Spj znXi3rhRXe2xMBQDyoLxT$XL7Hrr!wM9Vk7Xf&384bb}=O_6U{jd;@Tk`AJVd9iqJv;R81`{Rwv91eZ4Pp_m!(xr{LcPvtrb!Bw#+}{Urwmi4M-w zkj~7?V&S5|KL?6NoV&-t+SwV0&_TH|&+guJ{n&N!dyVI!A#WSHrdDrrXuTd_pAhUn zZ>hS;?B1^LRs^55K4n~7V{29(qY&jbQEYzyopUWL%HyqP9-MH!=X~4Bnunc#I(|>D zz257!zvA`pS|1F&OW(h{e`4yAxb1f{9LDE}+KrVFdxEYVqW~PpdCW{&XMjgeoVc<4 zES~?y*kSS{@p-h(urK7kfy-$_hNZ(`^98n!4^Gbb6?;-nfAWVUzd1uD)j#5X{zJ*8 zp&^sAtzBb#L9N;tU+X=^jw#PvGcGR@*nbKue+La%y(l1RfgpksC{ysj3EWsV*U1Ih zEaKRws6C1A(|dA3MnI4!Tm{BI%DP8tUGXbQ%PL`=NO~PQfCPUQ5xRc6~`&vrtJrLT`B0`|b?`(>pVKEeu{L^c#dA!I^rjOZ`RT@nR zHxHFd|616-!+DwOFOl@Y-zGd(U8*rVETFkx1<42E1sF*AhH_KI)`(%F9-Cr3LOL?tbNZ(%DjY3#H#r8-L8tEdW zvPN4q#?G*NYWlA&XPZ&C4V_r5a#rzW=ezUCA&6noDEvv8*|1xted$*vb!k23Qx$64PZSJANl}fsBI>A6eJm3kr z3y&F#96#N#fH#Wzg`U@d*>Kgu`(nSZQhbNQ@jxqSqY3RJ@KmN0g^u0RUjgPV|D3&T zJ;9!Rs5LzTg}ufIhpHrGEy~A4Ut8eL5% z#S2UeZD4@2XXjC}fBE9=(^c3t1y4t5anaXW-qNqeC0JZ$Z9G;VGP6<4+f7(?*@JY7 zaVnvZ5gK*fs!L9#w7;acX^2`dOb|rqupfyebY=dnnt*f{F1%-4&FG)0E=eDn57oqm zxzPpP4i`K6jXc-)*ERbPu?6x_3M|x!bijS_A-&J-1+nejvuAhr?Rj>%89!sQdThIT zs4@1{wF*g@vtFf`M3B?N1w;62nac8QC?ZSDH%55AbDp$ifvNspkl$W30{2=1Q z32#msFIlk4F6p35dsb1AjvP$8yJ3&DOuldkJ_cUO0wb_(L107#YQJ}9n{2;+2M-^f zOwOc*N5IEK`fN_lKLC2uhxVPY==9=Nj?A19Pnf=$MA}_)3bsi*$pnarkm#&2R1m0- zI3SRIg^U|zi(ra1jl8FAVH=c6NZ|GJP=4Y#+rw|m>BTPSNKR~?7s=*>7}Srb{tr)F zrOzmw<1p~dT9NN{l8_Rp$@GMHXck^nJd!_3GnUektc4OH%A?p+Y}InhGZ>%%te z@P#2Y;*$Qpbl%Du%1gkeXw&TN zpV!K`Zmi6}$at1nE;vd-;U-u#8E*asg7dZwG!;9$6DZnUTv~ytG5p%PPM#HyNW&3P zlb@cKmy_MA84TQO6#STAiM3bJyCad(NQH;pZI2>TYukurO+!+HvxFTnzGM_+giJ*B08zrXt7@7Hu6sNsmf z`w<`@0sFw;vA0)#W&${j`>6+qjZy~UW`J{iN{S0gC_*mzcBJIZ%1T`gjgK$@m>+U~ z?-2r+ots384L@}9QLl$)DzZIU#)z6VI{KMJZPh^)!4!c`0ZZj%1TG{>N=s%JAm6^B ze>j-n7lk@nF%SNN%dk9q_&+t2_rfBG{!+uO=b~T^th~+2BeqIT1u!cuKFeQe;ji-qaY{{{+ zr$DFdSh8c~&waaiPy)(A;n{ca!3}JdLb^+}(&zR}ny^Dr7N0`D z{;BrWpH5Ps-$CxFs-`CS`+MjhE#t%|bdIA`RHl3X5MF@*JB}SYi7{+e)^woupdw!O zlji4d5{+u{<@r|ovpmqN;noZs;0dH36XN1(vHgKK)n{APA-kLb@vHm`6&u^E6Q5}7 z==2lo9@(F{XO5Rg-f&iSjve5ow#UrAq{#8&miMk-#N@w1QQ#=x3rKpG91g!^F=VT; zwUCR_5quzoPFAIn*)1!0#ff!PStJ7SPV z@wV2dJyx!Q8i|Mh)~!0avuU6NA3*Hqf`TN(tWiNhXh+hRP}T}0$AjkY^Jl3u40hW_{pdtyixdh$?MKJ z6dm2s=}k2rKE6OC*OCB9yI;R4j{`xiHVrZzhacx}9)zKr3!R(&SMjUAiAMo8)2vf0 z@@P}?a&qKH6ygm-(Z&)#5;ElY^t3c+^b}#}&tP1wLaH&KNxr0mqMv{P0p|wW1;<7s zoZ~_~#+m5KdB4vE3=sKpNA9uZ5fVrFn*w_cERR9mg7dY6eBS&P*S(CX&C z4s9#rqi}JH>@_ai30^)xrJrWO4qRM!bwbF;!Ar?6>;`(8C~UW31ehu1c)zA`tNk)}kL~mV-6n1)J=15MAT` zY5eh_$DVS|1pI%IB@g;WYrQPQsKHTTEz2|#E*JiYEp{Xs^jfpT2R?$SX7|9B|Gj98j!CAR<2T{72N%2E0Q-$Mukq zk)y?u?WuKm0MPZEFVs{^WsDAde1RWD+EMCLQc$3b!nsOpPk$aA_P`m9)_8@`VuzP# zQ8=SwI9t6ZF!1Kz(_D=N3s%Rv(Bc9VJoB7UGeX6LWdn4dY#HYE!=7i67L1P-J2&^0 z6SmQ(Zlh{|tc~GW-LhmpZrwF>$j^9^FJDfF6+}$DaN!|pc<9?DC3A$@ss-m6*USw zsj@3(Ljr4QAt5=hTQ_BMli9h=Mlmq;3jR1U4P)OO3oRIe(vBpzZ2O#I?PL7N*D=zxmU*S>Ja!|IG*R{)4$ z+j@9>B*z-O6O$|n0+q+*PG(mB0Rvc*Lux%C^^U>U%V@loEiNkOW2gmX73y~1*lZCDM%u=CNn5i;F zbh>B_zrlw6nAYl(H8pXvz$1@|Hy=`is!CcKXcN9QH&$k8ENU`aTV7*J%4U0KXUPjL zoIb&nBgfvgeZy0Kf02FWSVnVwpzxuLe$!okc)* z_4`JAc96lWix<03xe9ssO^27z0rcr}fsc6Z94f_ZO#85^#sr3`?)q2Tr`HTz<=uT! z|2#YW)wiW(EEES1{tmC>))y6%pPikQ;4^io;zlnxaT$1Q@^&xAF? zSa>FMY1gk^gD%E&3#|iBfo%tQb`w&=KQ3l~p95tfr>&K=j!`2F*F8A@i-~zxiVrur zl#)`)rFrtC-&&ia;-m~UPiaFLNd1>`a}lDcsjFvQy7Uu%M|Rw)uUqFPK0&nRJMIdP z6jFm;EN*gjy!wC#`%f+#C3%x$|KbJ4L2tQ_@S!ky7X+K%ZaU%Sl^YZ9$X?^eI7DTa zR!9Xp(6W2$8*q8!;|uQHbAux%bL9$902MM?f2u7S4tAT-ff3CfJbILS=@KioZcQ_< zFvuD0wc^Pc{Zp$zG8F|2Jeq==8tNJv8tUrnp{B=g_G=wJ@6^%>#g3X@I}*h($CUhS zZm%G2c$c!m@F<4L!&^k#Lq&}w_pi6Nf2@CXj$)`KJA>Zb={GqBn04;hu@_WSg>x0{ZgxQj z27&Mk?)#JjQG{L&IXHS>D%Z-vS2wgI%Bbd1Qi>U3U`?Im7laqWMHaPzC~*P{`aG(r z82G*~eIf_Y;d;kagF|Hi$*|M3lCzKWzH_$4Wd zA@`Kju#cM@Ryb%V&{=HRvgJTn7+%j}#V(Q)d;2?t8jEh*!2obo*Uy2{!=0DiF-)@* zj=fR2oS5JS8xb*chI)8OuReXmpU4`@Kpj7IQ+y$ovsb!1`%!-`U_;H<;iBVOxPvp@ zX4+n1GsfJ<%aayAuc#3GSBJpZEXPv&$jCx zP@(i&xS=}dK|z5%O%U+x^L&Htyb~%OD#yA&aG~@g-ffx^JgL#onhYd-L?#_OQ0(Y(uXX0Mg~^Up#>;lBY|D8%=j)A5pBVXT-x{(i z+3J>Xcy0UH9#vEE+0$s7GI{a_{l#Be{VHQD_qK;F7-ty3v`Zme#x6B);AHer{iQI~ zh}p84|z47Wqu}$=fKJ^Ice0 z&E4lJ2r{0)h0cum7OTLtf8tzVe7e&@B;`8RtnpvVhcs6Q1}_LPoMdr&jfTR5(Zf`u zde&Ff%lkQ(z7jjLraJ6;&s?dv-0Xoc0gFq2@AA#;`&ad4Z?T0ih@ESE&R&dv;>-@O zzi}s%vtoMPa$nlZqO|VC@ZORRTNS(4^fD{1nqe{b#f@m!me1EzOc+f-6>!86nkKx< z>-g8lZ|gqUUX^g%IOvIQm`?P!xbm*xDc=G?HT8yXJ-e~i(LC{q{lPzVX$j3rlBJXr zGY`G+?&IBjMbvn>ayQEOcH2qu%8~)1->o04)36o+YIo6Al=P^!k#eplO+~4=I6KeV z`|EUBEAmB;t1RK3HA{5Q4eCcIUUpIRhCs4$n&qM2o86-h{!`+7v2X5W1160bZ{BVh ztd_)9tH2yKbMEUEll&y1GaoIzf3G)960$8_JX6|N+Rx(R9^YQ-RS&%E(l2;6Gc&^V zg9>pkCyfoRo~wKJUc7Ya?8ws$A2%;7eLO??g23^c-FxFnyhIjHI6~n-apdz+SEnl( z<2w3hAk(aj3_vWA%aebow5MFZ+u{vly6`Zog6isvg2 zRsGfXj(hF$Th%o-G5ZT*@dQ@ym4ZH4kKfn3%hFzbwccrvy88&NF zzTdvMYsx3XNiK6Ui)?BsdxcX&-1aCedu~=`^Sb2Zlsbd1_E?!;$;O}jR z=R2h`s`i}Rcp=&;?$L(SuR9z!hAEA2iod?LOLS+7kFVv>Z*gzjH|{wzV79DJV(Hh1 zTJ_EMr~MkLGxA1Pd6$0D+EM<(?&&Z8MO~r4-I(r&$uIx> zwVrRhZ~SgHCKa>|J@m3lMSs@6OC5APl*lI>VuiqCF)==EZCTyaR#;kDH3&>?p&_qY zCzGXs-~8W@ZhzMNN$b;ZpU+T@iF2NgyVa!-m)I>tBuloc*?YftLp(foT*JtWIZfS; z`F0C=)SR2H`0t7hgFEXk6wJ$;GNSf!*ROINVO52gu;`+uuteVey47#V%OxAWZ%pwi zJZ3lTlE@M5Lyx6Q(uF^h&^IovMQY|)(f|B;3}^d%7*!w=KEA4BNR?DlE%;JF+NbJw z64||qYc9(LeDtXD^ZI``fULfjF8+L{X&Co9s0bb~!Tj{1pI!2|)|shBJy<)k!s@?2 z{ofBI({=vZk#28`%6$ucea7^){8{ot^y|1gY&`hy#}@tr9R{U4r+Ripe05G&9k|Io zcyxZ#@|i7xGrk)Hf+y<-BlKST1?y3h-9+p=v!-+lV;&;9@ZD?5xL-xv(p zn~{>zv*-W&gZMp^5`WIlsZ)y>_J4mSHtK8^@BCluR-P+&|DXG6#9n6_S4cchPBQ;? z;EvV6|M4Skb@hno`@cSB?@9lz&H2ARz4vqP9dbtg%GfQMCXJBvH%>gL65Np1y0~v2 zzu4Wrd*D*V2}dw@1<;br{P#mV4g!P4QXuPDuhX+fEQfrF*q9a%b2ii%*YMG3=cCp! zLIX*sJ!X9KJAT<;ACdtSRRQM5$%X;(^y$n*-vu05ylT}ATtlE9IVuP&3S3A^8$Zc2 zSGh~?oZC1n(uppeU*p!W8xf?BRlVO+wTu=@`kw{O#p5HcJ<38&o!L9<31%$kHkQKKIxY>1$sBZm*?uM2ztbb6ddoe17vsuwepVIyD96a>^8Zb$9(-uL|g6gP|-w(Fb9ha2y&MKK0Lm3(ks z`HoAhsUR-%0Q4U%+Tt{gxjYg!bTDgPZt7{`tu-(7Ged%)2lmFvHa zPA&SC_{15oKdO|UI$l-TM0U$qgB(}Z?r6NPiVawtq9W;ERDW%}pHYIc$)#wqpRAGc zRNB~h{YIuDSaq6Z?$aj8Kf@&*8EHTOOHWCey6yc5n!Ud_Q0t)FQR)+M7QO{ zeKL_J+uOkd7}JwhK{T$dYj)|U7>Y|Sz_Ljs<7v8tj*@*PMmRwXvSY~yb>!CD$JzPO z@p=wu5>61|CDk+=pUw6d)q|6v<=^%Clf+2+YF<@O( z026VlP?!JQDM)ZRlI+=SUkn`20u_uY*c$Z_8y!fnIoanJhi!0n_T46N?=FfLuo*1cdrqc`7_j` zcD-wiO7zbCI(GDEo$kt2tNO;FZ(_Um;*{AV7KPlF&{j0xc}*?aG@{35T_p(nm7>$8 zPHkN-7j3$gwiPT8q2oc7*7tzi-)osKEgvnM>2$k1<`xXf<<+g@GrwZ&$M}Gj0?~dn zPAg7Mryo9oL9>PTCf?9xu!^(>OhTi&Xtg`qU1las6zR#!Gn>Xo#>TokJMU}oqG!k8 zXs(nwNWlD~MGW0Fq}@u&*?vtJDW@{&yDG2m{>3Rw^x9ut&9zB;c=s;kke>?X%qb9Q zD9OvCEx`exzM-M)xf0Cm2M+`b3@xpl>l`DLrt0ZEbg15uGL`{1fGLm{Hnw9%bliG1tlbE-cCkOBU6Wn#v< z8)6emnNCepe4l~EOp_L?$U-mjV4hf28>zCL|K&f75u;KG6F&|NB<~ARr3faOxF%Yt zftR3EN-vvVoA>_Z4IcxT#d_Tjs+8Jm2(#ZD{d)|l7o40v=HNVlZJzmKW(`d)nEgP1 zL%uxv;5^0<^v5v^Thl%>k;J=_CKG8hL1o9zow?a3##$vv72rVBZ4i~JFY1ozzu%|pSFN^UXrVn;m}k=rx>O|h z8pSTTwXWBCb4XiRiIp1hr-NI)SMV-`jrI3DtZ#W?^=c1xDP)R?jB=N5|9981xJ z2e9bKjJ$gK)Ym!rOO#4zn%Tq?_Xv0wKFFDeE(IvZu5NwHf~qZBzLZ?f7jN037gfqG z*}4ud@}j!@{A9&pVo0`<%j&%ZBG%f>t^agEz!=2-07gbAJn4i!E0HxAVIxfkNZS-V z`x1CY(qcqd@?-txso22kBrzdK{m|U}9WufnVIy#;DozBmW)$O_K6Jo~Ez~ljn!F|Vz+{W;d#In|Z4PcN_%=Xc|wR00753!3lfo00Iix)ld z!6U8d|MTuBAMWH-0wiZZ4fiw}6C}*k8X#hf53#(De~RrQ#}A?iyt<1o-hJz74O^?& zk-*hsUvSLv<6E>(<8ld3=fy~g(DdzE6wouQ9s>o(LfLetVijUI*;O zAOLsje4Gd#GgI%Qq${JOl)CUQIw&}d^p;;_Ag?;Rx+=mRZRlX%Vo0%`&tGrsIFdE(W461{lS^Hy{q*6_HH@wtN(cRSlHVOJly6YEWHFa zJq(GSefzQsK^P<6y({30IWk?KRuG2q{ixekyDOJTJI@>2thUuqxMfVyinv9k(1hP*$Gw5&vSxdR@#(dOocV_l)7(M3uhr z0Jgz)Fs1nFQ`%1yk?~tcIZGEYs1gwosoIiMp&B0v9RW`J`pLgWzVgU?v7S$;AGdMC z2Ix~;OsC?h%oK{Jz#;A8pMVs>cZjyuHa3f0I3>c9qpJA&p|%V7lN9q8CQ5d5!L|$2 zm>-fz4n=F5y>s6cfshFYnkUuOJBgnVHu$6Zp0D?WDNP?WY7GybX&z?quyM^)Gt&kK zBN`T{b&!rQlOsTe!6y$135b2V?%_`N?a)aUwtdhlDSVVtGM z$S?g@_hG|~jov+Wl?%np4gAdl9T<{fiwe2Mz`zIRS%Eel4^?66)Ike$6as-}qfPfZ z93>1jk6gF({4?GY1SRx>F~}8BY2k7}AbHOA6$=;UU|X8*52Duw*1+C_%sXlPcz0-3 zKW|J6p3QKfd(vW)*zH&h@V2sgSOZtR$lo#4$$Ca4V=2`2c}_+33-WglgotUZ)}F+ScN{GEUYAsv`|7q5=f_;;M~`*rip&3l_fQpL1T z;Mn@yYv_R3dCW|eBGp5e_N6LPIA|1tv9TtR0O9VhjEz}UqJqV8_3+bcCmrLbiWxp` z-7?__V(ph3zSdjP`Vd|{uHSFm#N*!D$DU16?x0Utd9waEWU?dU7)lL*BQd|F%u!hs zj_82`P`oGE6VDHUZ9trtF5+|_p0HvE<7DP(gA^6>yGC*w_Zsz+k-^ErS)rBF#&0q& zU{0|q&yF(IWkm$zoxBqZlHmsAChCK3QMS?5shHG2roo<{R6IpXEAhF=pM#}NY`euX zAZ^_0B}<}6IEdQ#`kK<4@zMrep{MZqQ7`c)gdLznnd59T4s?KBhPf&p6+QyQ*A zQNff9I|sln%p_{hC@x0ocjpfGXm0-aLjDKNEfZ7F{%ZX}gMiN|LIeqS%GYn-1mP6U z!lMe#rKIGsUIRha%Q$|D566Pr#XR$Iv+mu74%Qm@Fh=SVl)1X3&(57Y#REF{9wj9u zh%CI|N)hfL*=1yAhV0v?p{Z#CM+Iu>fdkr;CSCFA+HGtcXr|iG;RSYz-a&Kn30Yt-pZD@FM*KI72pO=+=23^x|>*)NAqy=vm!Gk_xrdt1@Q#YxoskKm3@%MAG zv+0F|-SBw-%v>{xo)sdgeq1fYlH6=T>qW}`onsPQ>V#6s{Me*Mn!L1YcHLec$kG)& zip0;9(b~W}NIRdYpJAPfNkw6Q2QqN;=dG&VGgV|EGToeufqY^`>Do*~wUp-5-Cy5p z3dY~oG|6?%C-4}sDs4SmGYDjcZONAB_ZlTom49o);Jy3nwRHV!Gog9v2YS>N7Wx&{ z``+(Slp+798lzejS)#UnT;Fp?svJd}{Q&NF?bp)O90X?`YbaO`pEuU78vy>!*-jgL z0YyE6A5l@!2}j07o5r~P^p=4W8?OjM9Z`Mrm4QVX7#Kft(t&7adErE~Y0~Tw-A8q6 z+5bSN4t~$<5scBtPcVz$bFcYx;nDcw`RU(F=%_yjHvRM@xWatkOj`cQ{ zj*K2_NVkd&11w5`Y4B}~7bjhyzPzpYKzGAL0M6iX-XIJr+iPxJFTEyqmk(>mh;cEoZ+N^~IxC`mA(Vl=m@8-r8Ojt-Ox{gT6xG(P8c=OIX2o7X>ZduK$HG&T+f-pQ3>WGT`u? zSrB^#u>?K9f0pkxkoCEn8dIhOX>+{q}4*AY!yr**w?hOoy=AS1vLaIMY!*!i16U^niJ7MgTOST&E-(TSF|Z+!FS7NYRLzzvld zg>X5_$~H3?qvnElRB_`FL7CAa?&MU>wn>XU^Ip>MV#;#d#syaorS%N&aQdxpX%SY9 zkqTW0XHWoussN3XA2JEdP&b43@2|oy_191(KL>@_1slI#?-gp?@VV1NUlaZ(bE^)c z{H;absH9ict*f5A(NJ0sgLx(PK*%sh5tVlz~ zC(A2$m6g>IyuQ|EO7vDN*Eg5YkNY4@G>^g|+T10%e)8adf;N8kV13#C0 zmmDR5bP-JdWge}5+WX~rF5k| z&;2^{X1xb8h`~R6s0E-~V+_*kv*0iR5c8;^1KYTIwng%l2M#Q$_ke^AJ3&Jl7AewR z_yhOu%}=uwrsiCMCr>>24^q!_yo#Jd~$2I8+$!wJorwEEPMXkGQq-E~AcJ_QNv`1-X+($pEF>L~sW1P9|{LE)kowE|R;1`#XIoO3xWSf0fpr@T&ug9x<8 zwS#xeh1C*Y)>^e-CCfvZ7h|0!K0+4WSwTSomjKfK5~D$cGk(b&%9<1c@AAmY@%cwk zctQMxu83WA%f6jbQc_I2_cVA>m_QW#^Scw5F=}Z7e*DPG7c(+^&+C(k;C+Sw}KYfC-M6XlrA|?jBu=(h^x3 z`#(P3X=rOx#H+g}Bt0zLW?b$^@N3+Z#}orS9RMop4dHleCV9ez<+tcurz(YIXMe4} ze;!X&m^`iM}cp6UY$nX&<@)uU!CNpy~ES_wHD))3@IV;~O9P&)tq`tYyUD$7rq zizO{yW@R-iGeGllnE0+un?7-<6MmVqEqA+j28}T^emFP8eHOd1iHVDQv^KN8V1v7R+OEx;p}W9as#I}KcXPZb ztZ0qzSYc}mX{QCjMoWvruwm&-#{z=tJKPi-8^r?!cLAcJi*a+C#?r>v;^U=Gw2^e8 zEcbZx=F4QAIF3@qvu9tCtFUCNN6dr3nqD)^=Wdz;>__-qd@2{gZ-h!p`|S=G4@LyUC&E?l7L(lFC!r4cO)B#r2q%JH)| zk?PoUgi^vicl##NE-@cdUi%D|?!a`^_xWo_v41-MXZP(ByHlzyKL6~HtJ$xI-|R=6 z{?qf?)}z^m$9q);Mno>I_?cnxRF1VqIbSqJ<5qvC@e{cwQpIKM+NQ=vRtVq{siW9C z(18z7e%d5b<>hr2(E{7>Bq;J$zZ)qV%pbu|6lWEx4Mwfm;UyaC(55*YC7uAHbSR)G zbQTe3peF|zCvt7=5-bYVYQnrykwyG0CNADKuMi&}h>^PMvNJL;0FTdE9{-Rf0`?VH zquF-`t+@1U9P*)Y>gxSNiq}uBhUHOPyJ~0k=x9?^wrp-@*ntWsG}N4zlB1kBVD^Z9 zNAF#HvHqi8JzwOB^QKLkusH!C**biQP+nMc8(GUqYCii>0P+q&=>m=9Hd26)j?%_& zkQltv3oBRwr?XqJe8Q0>k8ZBb6#C}t*B#c5Hj!1o^TS&|yaY=FkU>uMI}UlwgP#Yfr8N|$0aN{n5t`r z)b*+jH80$4x|ev~UEoT8MgQmK)Wbr1AZ+rC+%Kl`w|ee1%CkEO4IbseWP|a6i>_!@ zja7KC-F7F?^Cz$AZKs}*U~6hts>?6wX}4kp3?fawZJfxz-6No1P})gr zNLEPlZ|)of$3->;vV?6&g-=N8=83YyhAoVAqWSxpK6QTQ48oAKKMP)+r{>ew(prMXV)STI$fNOR4&G}d z*HEYFhAkOkC0$fdADeS%?t~+-^8f7m?te2j%sw&T23y zox%r3XOOh`1(v;-r?swMl4tk+v`G{yD%cBhLxLP#v#;djeB+t&Jy4rNXLxYujxJh4 zTG6odL3h`b2=Mj6->vwqw_Q1#S4jL_j!q_^@aUv9`wt#m#1b0*cC;xNy`VraP8_7; zx)h6WmfnOEE7GlfIYr3@pZMHpDj9m2FJHFMSOAJ)G)%=kWA|@igg9vu+9BpjPE5X# zrBDO6fpsol{(}CM#skmuF(^guylIZ};p9{Ice3|%+}N=Q=#&Nzj){yEQH=mG% zUAL4a5omJ5(8|C=-~aQ3ib<&PW(pYUepXmTzF}T~w$EzSu4OA$P&o+3X$u!FWZg4U zPx=UP35js9`HL4j2vm9?LUi<5-{(=4bFlooYOih2EMC`L&VXtj8y2)Fc|+vS(DKx| zr7|WHu6U>Ax;|jJNcpOoCss~!S#^b>6Gg_I#!azzv-01cU3w0OTzDdL$42+T0|}4K zpGpy97*}J(Xm79l)r9j;k{>g22cH}PHYExVn6f8I1)_4L8{x=N?1sCI5r9Pu+?Z%Jqy|ck_GYsXAKY6m?mH@SGmxsEn zUvI{W%Y_SvX*!D8l>;qN8D~PUMg^@c&_S_*#uGumAu}OiIB4dDCb;`}B@h&h6E(H9 z50wfbRoECXuQ%`-*6=gcTi(7skH%-#HT=AE{phlXhFfu7*l>WG+Fhkt>hcELKg~{B zjDtTFK~vKit?n2Z(*#^UbLKYHO=aZ|%2%2(kgC4DdV!q)#{d$`28&glD5`(l`i0Di ztqRQa)`^CXHOEZk5mlsZoF9j*#$H2zik2oYOlu!|1yc2wxF{hK=9A4oiP2TZ#0?h+7JX=(6|UnssjmY$I>;5#o)0cbi zmp}M-&$T0~3J0+;L-3FxtwKsxP*Cu_Dp20v?hA&Ds-TXQxO?XjeGFxFtX`ifYptoN z!RD)^gQN=em-jL2hyo5E&>XPA$sX08Impi4yYs*Kxl>W#xdjN_@#V|oUUTlZr!2^2MmXtKpVUXT7R`1QZ zGi^zJyCr*giXJ@*FSMuY_IFxR^4JBth<2@0B^vMOq6EmB`X;M!E?_6U{MG*QAnLr@)I&J4m>`k}Hc15{B@CXuT zG4l$b5{7nEtQW28to7(HC>EgDkC1f4j!tm?ryIiN&yyC53q(^?)IGsGTzZEZZ$QlO znvYUxlW$lh45OKt^Om1w7XyNjqXnotC=79%4+mSM2PI$!h|B-*-=jq9wgpUzgt7yI zrAC`zfeo0lsOTg8EA0ej!F~h)DLauxaMpDN1IPdg@NjMbex5^RWkn2n0w739vCVg) z&VX$c5fdlEDsiDmMkGmTtZZqY`C`~3zopaaK6e5Ryd`a6XY`keEoKLkj+t2)muc3< zXsu(%y$}pJJ6X-+^y9D&eF&nY7Yh-nhEPkDjA`gcs*~M(VrIzp(bG9ed>ziT9C&~M zd0>l|*AJ#B;La?ONbre$+a{>dyr!>oalygy_t}OSlP7;;zXDIM;^aqCeW7Xa&pnTt z@wuaE`m;;z{IfRtZ{3>|rN(pS#7^C;s;|G&XS8$OhJ`!FG6f-Dl&|cw;EZgr6T(PT zD(LOtnKFlUj;duFrepi!f)ckmbM_)fii_Ig6ZuUtL+yqY%XB$&NJA8{slVe{wQl~| z88-7Gm*ULY*~`ubAHw}cvcYfMbM_1q(~Bk7fPhHbR%5B&l1hmK-gsdDev!^Fl0ToG znJ@(8twZH4&rrsoYoiZRL1xUZg7R{0>R1)o;*t`!2eCN`!4LU}1PhRf>h2HOh-!0G zK;aLz$Wm^Q&i5KQ&sroRUe>YyJ zXbf$WWO7{{3seZ@9ehRoPSV#amd8%&7v)R*HKR$E+B_ z3bh}tkn)bV48-`3_HVubuySyi6mj(Qju9{kn}WKUEl)RZitO=)Tn0&m3cLK-;k>-5 z*2hM%hXrfo^!v;>moJ?_-$XgKW}OZqhx$DBljI5if%~3H(eEz~e+y ziUncvn?CNRs5n563+GJ$CHbE&srj=VdA3U>rZ$nonzthXAA6v8DaMqGGxy$WA1z4Q` z%D7)&BV9Bzl^Qc#%(@*su#QP1h2*D>4wq4z9+!wtFlc%hJHOQF#rkh79=@>Z#?WEI zZn!=>M;}VO!Y0LuO>P;JXuG#^0SRgAgXI4|vfc!o%e7tqFR3V`l1zoNq*5VCBO0s} zq9jEk5*pB)G@xjp#Hvs-R7w(>OUV#wrH~9whLos8A(Z%ip5DEW|K9uG@gB$9TC4ba zp8LLr^E%J-`q@^wM|sE)@RjRx3%b=*R+s)5u(w9vPNWx;U6Gkp`d_Q7Ev>C{U9M4d zZT@0JC(E`I-d7ZX$YOrqpRnvJYM(mtm0vy6JyjXMD0;8l{_JWwd3oOSfSG-}6$tha z6P4%e-G4)^zAypkoJ~kv=L_c=7=sTNBkx1fM2a0B8a6 zn(toE!E}R6YGhhDJt&ukQ;<5VUc7hDhaAa)2d#BDyi_4ci>3&Wk@6_2$xj9*1FaJj zIHXK7>EGa`kIv~yfFd-3(_&4TOgf?Pb`WXqIcy{7s)Uk$O2=zqB^iF9RW7&YPR{VG zaQ*wBppm|{VUo7?vg@wLe)L|{yjE4?zFAieacgUPlOqj;*3DPYjyQUBUzaBi;w50w z0BN)p$Rf%x@Q>J)Be{3U=)i33KtA)s82s?PIgApXBuoFae!ba+;$1#IY;`a+2{STv zSigS7^5vfz8h-1kssybCcx8f@H7NyP@yp@&8+Sm|W0=R()pVwV33dI+$jE*>B_y(; z4j~ycH4&IPOTfmjxqZCL3l=PkxC}&nMBai+xeO&*^;adW5`Z?y)9|aG-kq{4<-v;b%Zfv$JQ%S};?*)my8>w8s*`;PK#`=kqt; zu`V_G5*$1+z;XI;mZ)XPmu6+LJ1}DaW{w#(-++iUn)hg>5#P2F4o+=tq)TE!2?Iyw zE3Sd_le?VPtbzA2JUfLlU~PZd$Xh)S9n0Hv=fffSMhYU|GKOX;H3s-#4pB3ADQs8? zDGN}hx#|%Fav6!#6Q@4`@OqX=?&&8g0`+oH0vwjfoEw|j0(T1&N*iTXsPc3-B~IEu z>s!gvm6_AeF7Bt+Cv|VvfL{r&7y8I{{;eT{x4J&KBNAw67wexN*{O)Q1JF8W6$LFY z@QgmI`ec3>H_2h9rv4GeOvt1kIbWUdpi_rT@XHp0$R!K0E|Iam=6^FD$LFR{io6Bz zO+v@%jEZ(ABV-E=Zp!sPd!(v9J}N7_g*P}qd`u?=`T3ntH{& zmhQ6OskxzQ4-a~7*#gF)_u^$mMHgAj%3JHv1(E0VJ+|r49Z;*KSb$mo0%@4~S^M5- zslZ|%Yt(y7oSe?GhIvaM{nqq#=c)xkd|#(FZR4{Jy0Tw#kL+L7ySJ60x5t9O)jMZ2 z2LAf@&W{Hw;}0AxXnxk%Yv`BZAgU8L739CIl~t>pw6Yz_)4@3)#=**!@OIi|#zmO+ zsn3X5NCe$7HEL19K9`^78i*Qs z%9PB3=M{qEFJI1AI~u@7%!{iOz0>HSV7`CJPJHVM?}>3@i}#Em5f;Q-jS0U02CS3K z6nRv(RDgZ5d3`KB{Vs69XlHV-L~*R4;<$hRB%fwex=H@M)yX~TkF3413nJJnj=b6 zzB5i=_a;kN2n^wGMWsStiK)}3;pgN+{U^QRbxazh<@;T|o_H#?!Oem4G1I3VATUF- zpzd~{q@u785wPdJy#Z(xD19yaVg zTpuV#)mgp6Lc(|=pEgf*8gk9}ELtwfsg{|zXPB%p4t*at_pr+8q?==QfO#-I5y;%h z$;l?a!lx%(yVg8PuH+q7gCtn87~T_E<(zQoA}1y79&S~iru-wT*~WQKydR7%{V$WN zC=5Vn9IZu6gT#C&xpe^Onu_o_dhUKBB}A`&jH&T(U&9{V|CnV^^={BKW(536ti&I?&wMq0aAJXbPDIxgUwTWkQ)J-0$NjUa(E;O`c%b?c_n#9AY2^Oc?zf|I`i@RKGYhQiBNMj-t zr2}VOUP+6NmB^WD+qz<~xQ|rkt|oEU&y_>$m;aibq8Bc=a9$`j>yLSYf&1IcE&pLn zp;3=t_O;`If2kNRt?yk@zgd`lnkQkA3>Lre`1}&87s6LrhlN}Ky-1C|{n3Q?D?bXz zCFBw+ji961TI$%8(f%q)tzlBRWw?YcBSnJd=gm`@H;2VvyLnTuVk4sOai9_8&X6Nd zJLiY0amL@!_LS|>AE;6F^G8D(NM@p@VUo#UTce=dCau5Glyi=tbbL9@%`g23AC zb7H=J8sfRK?R}->9gThx#kOtRrX{D<^$CT(+nX^sj0iqHcH_4Zin|Ye^qZ$9GQ^ zWBAqmi$~!6_BW?(rA1Z49tVBAy=~aLb)AoQetej_Y`)W~Ri#%}z~lq&ei^fGl>`G9 zAVB`72((>b(EY|W>5z3IEI^^H}2Tc!3$$8`t9qAXN)ZHVVQ|rc=7di}`6Cyya(==i)9+6R6_#9gxE;e&XPvZ`*|5QYQ2l z^@H6~YVTrrhfXXz|{<@`oTcN@Mj_c%ttGvc|U0;c{_TetP$D(&|heFwC9&ybS}emj8%H)!^E zY>LrugoOcD3i7Hw-f%%jG{x z=&N^0vNg`n$jZ{Ph-}jKOe~oFS0YE^fSmR;ygv#hX`S9Qj9Y0bn;w%KGU}6yw(UDG zxG8#s$#WbJ5w+Zy8)tsO$xoh^Q{#{~yJl)$;mf}EqGBgypqJ9*D?@DTS4@KMvYyYQcHe6^dh|~{ylD;)#kf(xmaw%!zl@?hZr$AL-+WVB0*I6C ziiAC8>G^7+y=Uo-t?9n>px)HVEx)nq90(?zB^^bcU7zIHYJ(!2zWEQi!!q`=WaY&o zruSv$W*!PwIRGNq@$)AG7#7t?Wb?8JTQdE6-~L;ehAmrGQkn)d6EAsqqT8W>ty4U! zbblP^DOa*2s(bYaDM%hnA`f~#LA1v$9wlAcv;MGn#xtVbxJjZO#52L_-w)rX?wbC2*&zTFVc~Vz zbVIg@VNj^jsN1yXIBZJ~D;&LDF@2ec>C9Y<2 zsl>g;YFf-A2T>6tX$!GUM)Xr+i9e&oEJtxlIfzHuY6<84aE|hXr%L*z+N1VQZ13n` zHK_-M3cMwk_u2Gvmr>AE_$0H?N1jQG5BW!Vq z|21##--ZnZczy^Lm}r(LRUGBE0;5S}2b~OZr~#=9G;oW&0vqS8uqBg|S^BxvQ^o;U zHS*?}svqGj9kgW=bEUevy3TGBYAb$Kd2IM{69BS?83%a9sli8Z>4Jq|Vj}JuT`gx6 zHv6_p)TZUjmy>$5C7u)%>}jqI{+X68hxiITpXy!@?F`EG1ic-P!P5ADDI3sMSL zoKFk#E*IBBpBp-8kPe2MbxY|aFut+DuyOtBeu3Gs8lP4iz6EV)-aB*47qAP0l&#Me z)wO!Z3!4W?%TQfjy-d%T{9yRf+e9TnxR_jaRAJJ;@5RdaF*se?wqB_=KHXir!baYe zLy9066CRr<*pheUme3{U)v&|^DoBPQl6n9Yv?s}LHB}~?&fErxOUogH*TCtz=2c@{ zyCr(sw((fT09v`+J%=!C6~uZ7FyKd3BR11&&>b5etpD`s7114l#57#Xx8NfH4KhX_ z$n!U5q&Vy=?O4tjIe4)T^jXM755}&^Vgh)B>`By{nD9_r!s*&emR!#SP^*!Z294NgF+fs$CZ7)W4B@RX5G3aBv2e=+kMi# z0{gD^-mqbOvk6BFyB2Wh&)Sit@q98sLCk)r{%GTsXZu2mfzvuqE#F9+X$XCj`cxzR zu%xX9&b4OcwQ`e19(|;i!}Sf)wJQ^k{H1)bBf-Ifnn&?m;9dF&U@Q*+6zMsz0m5wM z!7~L?H*b*)meH??!UDF6sYoUNhVX;}amdD6ybV{g7pza8(kmu2nvWcm@PV_iW5*Py zlv_7%1{C-Bl*u@wwDbqJebB*&?34xNnLeFARFr@73BszUPvMRSM_AKUX&hRmu8zT3 zjnhA$&(Tx!+%0rYJvBEq4LW?-_RdD;+=5yUYcF^^)VHAD>`0u9RWam0UJE=X{ogTN zSq6H_oBPG4#zn^0Q@}FQ$^7TdZPA_%_DmQ&uj`$9+UNcdXVbnpve5+|cKLgLXSBEc z_;K^vwf^GbQ)omH3IxAZ@>H7q%pVm|zv8`K;&K9+AbiTQAAqIQQapC{u^OMX(G=)h z#jvMTX-c=oZ28@PWO;E`W4`MArcvR3LJ73~QpjI#+sCJT?E7{w%wl>)hJ44551}GH z=5jjOTvIlCL8g`_3MCB<*Q|ZwLA&oVhXkT<_)(2TU4FgR7Lg&lPtGcwqm;4q#_N6B zdr!4opE_;0o!j$G8RenSB<$?+>+~7yLWaRvOIQ6suNvckmEma__0L+TYyQC;xGIz7 zBnTVTjXvDw zt3*%7;b<(rPylP9s!%WpCvEA3{-$n4IpAJ#uY+NdgRt@htn~Qf&4M^q*sr2;05BfX z!b`QjfvHJXX_$2UN}lZ)5LTCVW<_!t>Ek!dd0n%DaP91Kvl*%_lF8Bh$pUl=kBUi) zasT&7@4!)1PFYR@fLGw1FjPoM)_W#;(9wpJ1OW&@E;IH!kj&JmXYCpK5M>!X(IFZ3 z`2g;ml{Kqoqyvjs7zfc1=yTzQA4RaH3H)z=}F@#fq#RGL*J!pz0--vq0IdTk<{tA6%yW@%1WW$Sf^*3 zV8wDDZ>}kBSx)l>&J-zwr7rkwNx6;WJL`gn48Elf8{a|$a@^^=g@xYq)(nGWe(ikM z#W=||^2}t9;WhPNSm!7$R(d62!>J+v%>`I74JM>gp1;38XgzU>-r|l!rU=g6Bw4}S ziMI)sL|}&y$A(#BSV;5KJ|Tgf(oeJL41`fivjv!JL4~AahV`>SX*MH?bsioMn2JNn z!AnI(Mon7GQ>l_|oIE=UI1GeCQOVfYxVpLBfwB(VPbmxAU_IXmz0BpP!7+N6gA!I_ z#E6r&OO`Nf=6wS`>#p<_HiDv-l^wTyx_65Pg`|=a0Yu&W^dr}k5PfI|OhTRA-N($e ztO|QgR;RL+AG*ZO4jZgqCU0=)`BvLN@E3-03>1xzC{c6K$Iw%z;^0@)P)Kh;Ox&O) zM|!!jynz#+j7Y*XVpZJu(Ha_p3-RaH8-23?y^+WcK)%3tsMg;NK1n$ZjYZ-00#+VZ z%ff0tIsZHdYNC0#t5knkO;%Gy;)+RM0Ku3Se2Q<0(8VSBqIDww2w{e4$h^>fn`lZdY*w+Mrde`XGz+ZrzR~xw(Q%5J+QY|>>xFNL z7ry_GY!3MPqPX6NbAECJ^SdWZR5f{?nd!(Y1#)R_YaB=((?eX%`J6bGBiF z1}$2)?7!GgBz)c@v;|5JVWB(i(ug@c+9~MqC2LRi&-~GubP!i!d#d7 zt#VgeR9f0E@)Pmvd2uln!?T)ikoAeDTXEUuxFbL`fX=L{YJ}g4%pp7=$1S^hj))He zFD4~59IHOop)gCNc9j@A)+M%%qU_zf@6p|zqv(^knS7D`7y4LAd^-r5&4{6$Xu|dT zT2nJvK_T+Q3H4+11nsIyZ&@WP)B+5%ejQu1Nsya_7DCy&2M|Om2G14X{NAOMvVcCz zG_4tM{+C@r?Niv2r~)}ZFcc;rFCX-n_rzOUz^1>y3$LzTF#Kp6?URry2m=f@c_{Z7 zS3_wNq|x}$zU&2sr97smEj(G7eq8-3*Y@}&4zO%^F%?BcmPywBqeXOMv6EdTgIaYh z3<@s%FDid9!>uR`F@y>WoBb(z8wSp-6UzD648!wXZLO?=f;V^~lYxNY23NU&U~ZS` zq9D=nyk*5i9mJe%Zn&4gmJ$5b@kyufqox#Y-OKP({{PuaET~_2`2RIoznPlq8znH- ziHFby)V0YpI6lb*&(y zs{=Qzj~>M<+mt8b978 z)dq4GM*s|hcW`h~g7f!ZA!-0^Pa-1~4#hE2po)gE12GG#H5y_Xas~$iH$3zFg$vZb znh>8=RVfo^Ysf&#rC}kD@$>o`##m@%WoJ`H4MRh2lAKuN$~S=mda20uKO*PT%3td0 zaFQ@mf;L1H1Qgd{jUtER_HCQwGMsU_N)-7VAjWTKdr3@;q>5b8!Chb8z_DQTZJh`` z8Q@yiO!zQR7-3>gp1d^Hf*{Lh2iNh>>@iB2Qfa8HEU>MS2V1}q`Xa>S2dP@o4Hks2 z=Yb_#H*dxk1Y_Fq6DE|o>T*A8U1P{2WCmJ#n{tvBQGsfOZ+ft`S9S{5rcjr`$pn{f zHmRxXnPYEn52i~Si)IMUEY>IdT`s`7_3OLkx8x$YVrw-s&bI^=0t2yN1q+zrkqP4) zyKv|Xq&;2`-z%H1u6vo$EUN&?g^gHFP2*TB@L*=v^^{7Rg~_rVSDS zacvJE0kjj&)WmdEU9;H^dyu{oUnvlH0ZV>uK8oiAbs6NGB9> zfRNh>4mAI~j*3c^pdK8a1Cw-zpb6^i#D_lJwP*xtGl3dUPu)4&vqyQNp+aPC)S{&Z zFumyG60rxqejU0wLs49M7}~GVQ-s0K-5WptD>0V-j^TP0gYKY{=O75Net0J}4{r7xv}L z4ju>$;!4QkV8F-VEOGxRF!Yt40lF}JXuGm~&tOOhCZYK_ z_)1FN-_aazHRdul2ni4C9|KKqw+Vs#k2{>p_cR6$I1-b+;;XJp3pSYiWzQl&+EX zcQ$@tL>Ii?N-X2=}zjt&3 z&-&*n7pCvp8D&0{9#%oYef@e#Z`qoS%+BOwWhv@ak1v9T#?}T3f1}g0?j9wDpdF>K zgt7%|U3gcmkCfr3Gi9`t>Aef04;3Q|OkwEZxh~XIWUg`Jp62Gp19a`_?y4Pi7UKqn zWlS`LwH`dYQ`1{+^D{u^dHZ$-uNS|K5hMIm4p4r|wJA$vb3~>nNnN&~xF&Xk8EMgL zO9hUUJxq@@Il>fEh*s}iz!%U7u;>G8lXpXGSx!Vtwdo`U(0I~bqHv?VbE3kF(eVAw zV4fD35cuFhHxHaEeJL@~(T>o)NJGYY$r8Z=DDEOD4^scYk;YtT)`~M;LpwMTtatn^ z@;M96@zH^Vu-;;$?k4O}@V!QFa`ea%fSw=ZOEALwc+%Dklr+(U14wVouX&+@(v$Iw zqbsE)2n0l6@+rzr))-I{A5k-T^hwxFhu>IQzGAdkWx)RomP@*`U5cQc^ z`TF%Q?j2c|26h-5@n}T(HXJ54=VV;&B;Ha8VQRqKw$=ML4~FUO-^$9-eb&z<{$q7u zHKv4$-XLHP)(x18qZT3mGa*g*<8)j@pa_r}*6&&YJ_jrxVi#Riie-eUHK)tU%Gt@O z7@7f#_2#YqE9^1n7ktas&W=V8LB~hRpjo;0KqBaDfd2kcSEuw>S5xB|A|)kYZ=;UF)Q<9;(Lxy0{Cf=XNjip7S3kHaZY1v!t+_9rbcNd@Vz)4(09=K-IqTl{y8@MWYnc=@R8?{4 zf3a+aUko!z=00t2w@GdZ@~a7tl_qObmiukmKdWjF)M~?yis*hTrzGK*t>-1)j*~uk6}OmQ{)gY zYYEhYOeZ80zvv%Avi;Od0DNA&utEUCn}At>ui8P*w2kJ%g#}bFvmS>GJUuWCjvseQ zRTXJ}M#2SV1r!X_2gD~P_tR?Xd%1Zz9Pu?-p&s@d#U+COxC*@uZ`#Rvlm?!H;lpbd zoqE3E2KSiO<8}_tDUOasyjR+Dh2)JCM-jy%Je9V2c|nF6JJOYZ{iCjEq*%qig%nk6 z^K#sChHa6Z?Org6y1Xp>Xird&JUzJe*^?)%-V%#0pdX{2WB;p_r)P?FqNJD@08u*U z{(VXTgz(OG?H1if%lfN4~13xAb+y+8=^_O`~XS*P&SHDmsIWx9LdxK+8_<)RF zhfU7EBnIfuvP>>xIWpLpoK*Tg30Jz;UPt93<9R?*yVt0hJd2o!Q5m%3gLyS>Hen3nNXQXJxGd_XeBLO?P2hi#HFuyZ27If*0N49K=Go zKSu%-5s9#Yf!vW~fB)4(PbBH-;Fsu;*m67JH~$r;)YNO<2aXe9~0JmQ$P8{F{15CO1e5O=9oP)k$_S%^;*TO`K1G<{~9v=Ow}@l zC~5ezBzA^L@l$_YHP4ve_nB94`?kpV*rKX+SKI6d*v~T?UduKkrsI*Jp*YKVh23Ad zICGu^tdQdRPXz}szc5e>L&00}xpkdhnt3&i6qW-Tw-uMBclgYk+Vsr zkF-u?kf;9u4{f zVNS>pSy^vb+b`F7<}r>hF&N2t+STymVX)MU7`NrI7B8-tMipa`aK}1v3o`uQ$7jW| zxEW&^${N%zH-10CSg;}8^4EA>GaMicb05AsdUjC)PoL8*=GWBHqPxs_?D2o`PSTf5 zp}cEdcga!7sN&Yt3AA#QFuG>YI_^F@f6qSoXmId(w^uB9u=2fu*-Vc;1$0r}pPPT~ znZ}=amEt&?(<;)d7hUvkadjCC?EuX6k6>zmxSSH?#`@Q&wX!8!r(^1SV4EFsvpT^aL7qEUo$HEWrq4^^CHiEOK`<^IE+^OS zQP$hH-6KxBpQiCsbchT^h3ao!Qa^X~iT!)79M_aVy2~{`lmB>I?LWQJKg4AG+-{yE zIMBAQjEjlsk)5)zw6=p8I8(P!HCrr7pi1mXoBCh2yJ8O?EOe5wk-(etY>}bQ#@X3z z;nG=fQ;hjp3gsU8;sH;SuP|)Zf&b46_|I4WNBi@OgWGz#JxMh_Z#yx4xQ^}QtR3tj z&{`IfVm!>~|NilZ9bjRn0KI_7(6c&$_Vm%T;#0A=-a1sg+}zx@HqU`y5t`=nCH8H(tauabdA2brOe>K_KNFv`K$GhU}h%f zMB)BFKSiglVf^Uku%u$$_36c>fn!o;Dp|||!Pt{F;(z`zUSV#t>fgOf2OPTh-|oNv z^@V(%cm5h~v$x}$e~%+IjZaSq@B4rJ)pq5o#g-1*-WU4}o6}x&$^ZZSS1Uu+egET6 z^Is1vR5UkL_}nPgl?NgAU35p9kji+-Fd~%L5)O z9lgq>`k&vh)1%o$BW32pVu_sTBmU2SafGqh);gChIDGHx$oQwIQ1cLKZ5bTd%rE$_Z1KMTZL3tCSIy(Pkqs>s zw!ud?4<*5*<%EBnJ9>1tcI3IIPvu2|71e_;J`Svm>$=o6alrQh4$l%NH$T;jn*?P2 z=n=(LYv1{bp=#oOM9btd|8>4A42wl8CO;w6iHq>&9=n;}5$MmJUezW}n(*FYj90 zS+3S>{yW^@u}JX6g^O?G?iuzTBr2%8E3jdVt{G#D`}Q;xj3EWm!XfJ6O3CJNb1g-U zcpj1Q%QR&dIs8r*+1T8xH>PYVvZqp33C7X`mGVr4$@Q4yhq9}6>y(jvL+jx3Gg%ar zS|6VcqY`8!9y0C^)0^QOt3KA3-gDk3~a2c*~y^g{T3@fSey)MdQ% zkCeT5(Ftt?jFQPWAba}Gwhdr5j>{e!hMu!dOiDL)B9?eVq{i%9MX>*GHk!(Ng zD6YNyGWEeQqdX!A=pO8A|V)r}hf#c~TWzugI_2}3e#Q;9~P~mYbHqgNFk(0x^$ingwF_n|JlXQ#LRRW z!^^jSdTNg7}Kfix&A!7;)sY#1y zF7Y$at-c>K3Fs~viLjCq6moc~NRn2+u{AWzZ27xb_vDkLzxyC*^mbM;lE%$a%_OYC z#qRYF>jtlHb#;nc8%HP$UjU;hZ03h=-st4lPuXrSK%IshO| zBDP(`W*Arz|Ldmh_h|7@I-L_gf8w#qr0Qtp{x^oE**JYzcy=tTAxwc;ZD|i{k*#o` zBD8ChAAQ1z6I>3-KP%W46kmshjUTGuwRoXNTQFmIBuW^JNhs>&S5`hSDiBjR1i0+C zR4l;J!Bx1P@{{mq!&sgj^?WE0O+Gd&#++)FhsIq51Oijt_PKODon7w8BPwF$-jI9& zalsQVYu?y~2VPp4me(Q~E_QwSdPm1tq7wgYgSO#jP7;QnM*a_)byN&J4l|2Y|sR(uz?`y7uo40EM`VOG4X&y8fLU^ z^)@e3ahL9dbWJt zH*`@DR)CsJgYJoQl1hsi7=HNHjK~onE^ZAIk(f& z6rUL46As6y=1hEvI}i91>eH^*lh;)EnpAUgh%&&H&+9i+*`8+L(b0G$PQ#)Dvy<=J z??F#*!M)l|vM>hYi^}^u0TV^DQ%EwVr}WG;WU`7&?woPFxMpF?!KUQVDJn;Y6pyY< zjB~oOCVoloiJUr-{KwI&;WAR6K(3G1ppz18P9>MfW{v5FE&!OKB=wPrY}Y)g(`I5O zp*+{hNpmB`@5Nw@PENuYHz0jjdjwKXXOEg5#EHWKDH*Na- z{CxlDg1&BIi>8srw%!1}R&e~;HLptlO4(;HvCxnZEXe3J+SxMqtG!)r+xAd3Ch6df zfUDUx-_WjN%;3?y>w(cq`C-G>+cC=%s3a$*k&JaC0pN(|C;s{8`ns3GvN)gyk2+Za z;^*N_nX(LDB1S`~oq=1B$b7&gAZKB{FAASpUT~BjWZ#Wg{hFE__hH0 zF-5MhN`Im0iYWhQUMMy|QsUx_3Ae%`oV?*QI83*v(!)H$4a7jDshc06Wgs5JzWNKt z^66)ozglRtG&NyGpsgp1i3QrCSu5{v`Fz4^OwyX1W>sx7^lwZ605|w#4DHC7F8ZcUaVFNdgtdY)x)J$M{Yy#k6 za^`)1xWo#Ix5N^^wF@mQLZYKr&JI-j(Q`fZ!dF@s_BYI4-QvBAtql;wxxflP9|d0& z|5ArHdPrpCRD|b1%PXOj!$bnUJFVsD7tvrC`kt88b$ra10^~cK|78C{ikwROw2>bdnH!mUjWR4kF3Q5 z=fF00(uN0;*K)y+$_KydPUllRW1B(+&QjQAROrn@k zZ6&B1L`)KHa#{2C=?omm9$@ZU8Y_O^|E`qhbz?aU$a9R(V7;_py3EgqRvd4LXlxpQbMVeLCKa`Ch0Rj$4QuI0g_8*ah?mEeT@=y7>*? zuB6>tt2OH|7ns+w0d9!Pk#E})22@OY|M_T(cGtEr3O;o)rVE#tfX#|cAu#*Qj7CGX z_;nx0+Ivo&D(Xo_q3?zHAV?Z)B%W&NM1$wL;|3iB4}e1Kjk9F1@#5Eu1MXan9Y9hC z)P_U!ope4m(WqEAx&Ut{?i&Rrb2f73<1`JkVyY8X$!_0H>k@0>`h2dq-^D9e7${?; z{E68~MM*EWNHkq+hFky&So!+*r~1HF-O(nY^sH)wFyrLxF|By#v{}n$WBJRMa9d%( zvhUb2XX%KOXCwR`~4o4eT@%7 zv1K&wttqEGz)uA(KHHX&v~!ds`(y*50GBYQ?RBM$BKYG+j8b*(j)}ho+ZhX_g+_jR z4>n$i-p%CZ1dg@TKYUtL$O6#B>CgTdo`d4BckjM^{Tof7I1!3Ias@pqrZ*3`=;sFeav$ z(kFNV4%s;6c`cNgOG_Y+g=OncN@ViLvJ1rwp*Z2Cqi@7`B$l}UfithYRPVo7>uIKQ z-`PitMD~u@`{V;5HhX3S#;8-KaH3yLUiGir>C%el&qFb)T#j2r?y6KMo9izx9A&~f zd0iX~(i+oGP2aJR=Lr*xVy%);7v}Y_T~*KOTffDhaDIVsN9Rc4Q;FsT^-`)0J3Amr zg@5Qf{cLLX*@Jtq%4b8u`9+R$eG+d4SO>({Gnir_!D$Fz*4FUT5s&~(0_n+SYc+Ky zUr@-6?Wt>qqV439Ne>hpK51xb+NG|_p#6D))3p)k}yP z$pxO4lL#PZGWXzFLK^sXf7_0e*~2s+GEW7hHTyDy4eEJ$m6+>7O63d1x-CCjbb7|l zt(3bki5rK>^zqLuD=Vw4G{DRqKR*i2IJdjZxN(i(`ZI-e_zFtc(%j6Ts!lwjS@>xlJW}n;AZ4Aa}VrM zcmoeO{fw|P4ap zly!+LD5+$S6u&{lcW=jA2Q7;A_mo)%yMAsa(th$8mfuL-5t>Wgv0tV~j zr(&ad0@_eSgTqW+GuC1c6wUmwQ8nfUCt2M|^nDMpMRGy8wh~%l6hY~6aUzLpcNW~% z(n{ZMp>Q}y#MjAZsNDCE?uYO1XFq2VRQ8EOh}aZ2);)I^4X+1ry^7fRMQ&PhI7Svj zMI^oWIrrM>k5hWorN1;%27VnS zBFTq?io1ZoIlbEG6nDz#kWN;n&5x`@$2y8_Onpa&QxDCG-M(~^s7OzCj_#j!IL962 z!awqfl7ou0XwNQDI3^sMbECB+phgTnoMW?MhV-wr!7L;{Gi6h*T94q4uz0ugiymw0 z=_*JDW@mOMd#JZhF4C2p@a%SA#>^ZR!up7T*PMJZgb~RnhhW={d!Oe2nJ=*E4mv2Y zZ{XJQ%HoxjJ@{de?fU3=lKSxthyW+PH|LN*?&4(#Zf#If@l&j8{mJQvyOL4c|EH&w z)jwGL6LKJkEl*R3*-edxd#iHL;>dU`%{#8XI=zF{OPq=``d(S^pXs1t3NI*zo;#}c zn8_D>2h7>(4^K$f7&8XfKcS1lcQa434_qo(Av_|EzoX#_tZzq*7{My{>=b4{@OAJ^ zqjrWh!Kj(79{*-#jhHzzoqslx%IfaNTt-AS>td?H&j;!cUUc=VnEHMrl9R^el`j^* z*vUv?-16%r-dw)jhmBKy?D4--RTRFkY9S(`viO(`*1G`3+ls$Q)#xi(Qzi`b* zL1pg>&poWXBUfzV>jm)?vXK>l8Y152t z3DKC3QK-S?%#3SdG67EqA`%x`#O=Iw;vZjuzLk=Cr*^TbOexQ(HgeC|qlae2>N8^i zet||_iprPnfy>ypZ(q^}sl;#wV#96YPp07p%_N`N4H^iPIZB2y3}KyT`j@TvRd0An z6K)y3dDDdd=mUa|v1a=x(Rbyp){+4Roft*7Gt`75jRSd!e8|d=E5!VIIR4HaU_iS} zlz?g8Ocg^Nz&`NM$MJ2*il7qCiY+W}d#EJl2e}5nrI@Iw6%^t2*m7-nOT~g;O0U=A zHlbe;Cb8szNh}H%hL{4KA7X<1;C?2d7@+`-q2Q3`n2;z1j~2Q!KFV&Y;s;U!uDQ?r zbzyykn#p~84>vc0hT|#6tIne0nBiBn`r+D*Q7*Mvb2G%2`w-rX&i38ssvQ~_40LF37m?bMu!KZ^qq^k0jva~$*Z4%50Rk3%JLai@?<1SLC6O(7D*fbo! zmFa-NPv71eoo;rK_Q@1u6K!66I_4rX_d{(h4IL!ke+ho?k7v3FTt(UjN(|DkP8YZk zNyJf34;7ZpZ15pLrh*yaX-EM(U(Zi2gKS7?@&nd-1YH0yGiVW~2(#Zoii*>~v?xm% z!zxMy2pkor@~l>Y0K2EVi<7@ZLx$!$@Jbi31U25>v^1=}AMwFq)Gxa#n)i(wIHIG} zVJ)s;2|x>Mw}~?U$hCmP^7g?VhRj+66crT43_6(J{;t2D3gpRArr{|R`c#A0-Anq( zj$>T#>fW=?WqWx9Tx@2qGqpEt+J0fB&$k?i3~-qMP8>Qbm=OYIyST&~sx*E322l+y z6^6@lkYs>af}g}{;6AA+V_J2`#eABsn2kJqAa*?zhKIv|(zIqp4mp}c$)ug&gqts= zI$aDZdd=gInb4Cxc7`Xh=qp~l2_h%9C*{tp- z6O0BZC`d4koI9H%2|^=h@@Q2mauzI4#>yU!4aMOKCn=m}M;zO0NX$joMRy|fV=u3M z;Q#P>A@cHc^XdYse)Fwa-cjVr=WUSpjjw0lIvIuvVUT1&!;hGX6@BAVRJKio*k=D9@EN7L;`RA10EPY%o^8p@eXgNSI z8^Y*&7!L2B)pMrc;ooP7|MDcvx9_pAP)wBL#gjNh#RTg%#QspcTe&E7A4czZ=1ROs z$Uk!+XB8CWjF!9)8x0n%W57Yo=Yq=xu(hYgw?_k;)Yx-$?hEc`x@K&?Q}-Tf*AAW0 z;R&)Qlp0!cp)zydqWKs*mMI}fE%D~qJYB$wloSj(MdU;6$bb5uhFB$E0S5~ zGjyeoPH2oj6i z>zm`+SEb#(izG)!RW%l)+MDK6qrOrH0!T#aif3!ZTIfR;11JKyWjn{2gmLXMWfOY! z7U?;%m*U;}osIV(*4T|VK*>nGNRz^BBlf%G-Tljxu&%S`MyejTO2GwdQm6unLym3E zT5<>yrco-uj$|ezd-wwiYhpB?FJ2lN5n|F0e||x%kqWHgyAl}HmuUv^K~E#7lHLlq z4ABt8Yk%p*3pcRkA9Eb|0$k?F2M|PtZuqVGXNK@|Ioc5Z=xrSWtvP!(Hews)&+YZ9 zju|3y*a8k9B?t;i(noM`_tdEIGiD4c9kHc0*MGZi?J|8Ob0qZ3Sv|&fun?GS>@_&^ zoVo&Jj6*D3&JdSZPoJ8pNV7UaGFwaU)LVidr4>|?y2sx4D+&q<%F2e?_cRHG-o{Q) zBJjfto9!pDKezruG?ffLJi}BTA)_rtd3o`$zIN9Tol?FKj*%wOP_V&)j@BqyZ~P&Z z0|@sZ&wu@Tq~v+D`wc;?{u9Yzv{vY_(y83uGb}73a+qKE_2pUtj-RJPLeL8Y?Q%4< zz{cvDjV9mE=0?U+x}Jgp55!oQW$>rjH6mzj1`L4RrhTQ4jU^HKI?WgfX!7QSzoqA3 zMhO=h9TxoaKN}3H(XXLSr7!Mln@6Dp6&ENvZ(X67I~+PWckV1N1gnfs7NL~N*)9sfnlb7>7MINIqGIs4`Q)9|s?O7=HFauZjeLBz82-&S>f^ZoT{F^`tW1y4ccFi$ztyId&Ro<36=!% z*-OeUFLT=6+o4*_*Su#4M(oR}jMlsGmU$Y>9=GbF* zP@f|;(Yt=gU%qP+$~t2DWHw}k8LBv3p?2-r?Haxk!~)0(%5RXOX!@m(@oX0Wq2;83 zhp*JZNO9MfU5Waps4FMIedRd%%Q8XOv}Fr^lB`*(Af`tstx3_{ z|KYCyN80_>otlx-g(30h&KZs*Z7NQi?zhFA5Ke@_lYW&^r1n25sM?cl*ot^DF*;ylIy zcFAQ>ah6(JkH=7pYAz)5?+e9(f=e$Sz(7bi>wk;PwPc%PHh8P2lCTEX`N;;?u=KSR zJ>Qn%7l}qpSlhgF=P$%MVmY4*WBpH_9BL%ZUzyE1G4d5INJ6qX2Vp?)8Rj1xBo7@u z8a;8%5$p}NY=M3#NX+`}4;pk@?J>wLPJ~RYgaCqeG9|?mdN{?w+w@&&Y+tq;&rh(U zE-yw)q8MwKshjn8d{>Ju z2t0x8%Ln@I$tSxAOB7TnS)}&Y=ywswpm6(%ynw_Gn^`D2uU_4_WeYUj+sBWW(B+Hy z9XN8N3q~?LU!YmC0*g_EnE?^M3zsm{OM@k{cXxHH@l#QGvlBVwjS`4G1*9G|4imkoFJo*^ANtpEO5;gLY5jtf@% zjI343*#=faS(Nc_9c2+C6AR;09V(4c+cFjtu3P}OKv5YR0iM%l)G9v~`M2L4J7JMq zO0%OJ7Xqh@5PVBqj*I0^jF)VDn?^xqWZTcRTY2ZlVMB9Des@Q_?Dr%~WP!&b8OwF9 zGQHDQ&6PZ%p>Wp7Y@K$|oZv`@FDsl5Dr63~v`mdVpdq%^$Y|i`F`D<=8m2Y>s_6_b zo4&xyC}?IuTY7iXjq%qe3fk!pZwjXTecrFkLYN=9%e`>ck*~1OdRGv9LN29l%2SFT z^ikxXv4aj8&WigbIayy@q}asFEZAxcD|}S$#y$uPj#t0;I5K=)z1X@kyL;OQDoiGG zGTlqObcyT(poMagt>CEeIB=rP570(rR7hE0I6ZyWPu+4mHs)e3!<3xXEMrX1Z&E6y z3Tz4f^<%w{PbWoUbwk5bmupaKV7DO|JW|8t44f9BSHO}sa2Bu_UOv6D;b{r~8Aj6F zeEhDJCb~$JFQ%C#K++czlz^gu$j%={HF4p>r~pSsMCiq!?i73!<`4X#!l5>{w$KMe zWdx5~e&G+BvnumuHW&|YZ{n(lVs$d}LM7ORI8TjO9;4o)aRDBdcl8u{<$a?*pxl-F z;V`i4>)UDVY}pt+cI+uFN0I42>1Mfq8}(V{`5<>Xvf>{ok?>aUxyiOCkz2QJ~+2|b&aQ%v5qEqL;T z)3NG`XiUKrAd|$zwTup^h)>x%K^sAu1g*H16;oLjk^lTNM_^^f!0V-jO}PRghTlT7 z!2C15$C>};0t~XxWs)as_xY8z=pOeA+K_a3FZqFJmfB{6!kph zn>bm{EF$hA`GRs4_c-4D36r001^UZ9CHMHf9D_b>cMwO%e*ACAmYsYpX$Jsm3G3Fo z6J9|so2Qo5wb+q$J+AB52iM$AN@@_GFvBd`Dbkr>s6|KQ@V&;|hhAHes-x~|emn&2+|PCj`{$pc7@ z+#BWyO*kR&qcCWd*O`;I)-oujO4JC$_(@FB*+01KnX75)?D_Nm1v01Ta$V>-EYnM= zv&OLPC+Gr$ZTA&($Dd@1#MB94x!~|m%L@l()s+LA@62a?{G1>ZQ9K#Y`<9ieTX)Wz z_Xxpmgi&36<-Z>`V$}5FZIwO>a}_t2O=bm>y9XRqbXG9svXY04dN;G48sVf(NcKur zKFzV#(bjgmGFq}C0XhcR8W>KgLi%xIxA zW48x|hR%!@4mv=IJSD((%|vJ@g8(CGe`B z$YDJtynVUqC=FZw!=S;u6z@h}_M?LbniFJzJ9q5@hw=g9ym(OqGa58>)c#mtmOOmu%xsmQ$f#QS;2hpG4pW)5 zdPI`C!s#hRuUif@5tMrM>a{(|VPMhaNRL%-RK-vQO*1gqgG~dLkiI{sK!5?As4`kC zg9>$}q@0!tFAyIG>Iv!13(pqqeK>sGJ5FGh*K{o{>4&QYLOJ`_8|GNE>XuLWXzaVj zMh{n4q9`I+VH^U)$5uPc=4iuqqnN5%1jiL9{zO#Nedou6mOq=wbEHPZ+=n8r0aKB_ zbEliWh`7=7xthj~O?f|EmW*CukU#vO+G7arj3Ci2uyN@;#R`0Mk=`d#Q?=K(m%8eL zGXjH6Tj!~hHu}c$-$Wf6HA1=vmzX+OTudwk70Ss89%WbF3MP@!(E}9jvi?>wJB7?c zp-pguO8Dh%+GI7g_khBzs)&7JvapZq8kyQ)*w-B+u?myif{AqKeOY8tPNQE-WU!G(>fBs!!7eBY_(OIv4Uz}-i zukFY*xd6PG#P?@`W>aep5>-9#%Zzd$ZYU{?CnQI0_3>>hGT~@FjIWx_g`8bRUy{&|*#;4*#R) zeVJ)DytlPsO3JKLixaG>49&;N8T2VU&eAuu3u4zWRiwFR%LgkRPw{z;uCc^KaW$d@JnOigfbi8W)#7+O;I~D@Crzun8uAx>;v5Pv8=pHu)zC zw7|HFz_pYt%N8y~!Cy}(f_X$-X8cFY!|@C`e@a{LAL^lMb4Lt()89y%k6?~_JVyY` z7>^ew>G(@h%5uu}7&yxwJ{}$2P3Yyb@Fh0hc|#m0Yye)k^erm?Y-afnr7utwaira+ zi)t0Ho9GFt5}hO>Nxl^9H6s^c)Cb4$4-mI{-00Cq^DuNYh1QGJ^3lBJ)>dXzuy|>5 zxb~ud57GLFgYdxY6gZANl%G>$$mu7cx49L&V6jgYpitz`^Q0h!2@Xm9_S5>`-tyU+ zR()}@aTAoMA4@V!^!u1x&o12Y1``E0YqXL~|qzLjx*wadL3N}8Qupk@%c)=C} z@hGQ9>v#}RL)cwK!4_$uFuBiVZTCOR?i@q=4qhpH_`KDa`c-?Yk575ycL3v5Bh7`> zcWmC%^zEhMhONZYkI9X{->8U}*l_t5@T(Cx(@W1pv1i6Fue>w02EGyd9T^bN2P?Ezn|o_dU!X;_!QfcBa>xKh_g` z`&JeOcD$B-bGdYl>uH7HfGH!gYx^}6?<;xgofjl8a9z=T{EXjx=eqG(uWj25aC9mC zH!MyAH5qUL1)t|fXN6?i*@)CBtXPF%k)FPrQm4edl~;}xV{->B&Q26vgaF3V9TlO4 zxoPS_bFhxi7r(_)Hv~{$htKYGx?|VHAS&ZU9DOineRoOv9W7L|;DOXYFJHaV+ji?sMMXtU&Ifu=SOF>8S6a(JfjD}EY23%T-O>79?=T6W z{3*Ua?Jtw(%qAE)PMlbrnHkGhY4I?szCoYL<|yt`=CIUHit9)WDVj?!fnu=7g*vxMg$PO-rU6so{~%WRgz-z`B-8t4}-! zwi6SjwF@xXLEDRq!y2qdem`;B)h?&&H3UNfki>{u983&VAmsLyXcMHfaTtNYAH;e^ zAT%%@YS|I4Gahj>v*cB&eC1D#jRTe#Ej)CEg;QZO?$}914LJE^82ecSP6N1L z78t(r2>*}?;R>^UfbrSf-l-fdi9h>iH{d~(WW6w4 ztLKjZTf6911E6$26~QeFj(Obx8cD{2VguDQ4zVJ6;yOjhEN`DYIc&WvOK0Cx7uN0o zJ89b8mcF{EN?*{g((SWHa=;NL76*cY;3U@3zQ%S!VPMr#i1;XG#^eC$O#$|~ROE6B z3Oc%p&tw)!9cU&GldEyK5jn70ghsH4`B5d-GGf*ZIl?u<-kp zNRpY|_7R0|eFvCPqtSZ&KeFCDoXfp!`%WZ6RFY(>Bxy2}N~lDsC`m#{5|ts%WGa<1 z#402SO_HK$RFO(nL>Zb#4Tc6SRGPe>b6wm0JkNc-{c&yUYAyVn=XW@c{n!V%Pblmk zPDUD`u`IG4RPS_&GbH%6tYv1ez~XXZ?w`|w?Bqu%>=FtR)R6^FliO`D`ezVEMpg&d8R;v%!b4IA7Q*Re9e@E-%ihw?x)1*(n!LayF6yYL(lBZ9n%TAUli~}4qME<6VzJxX8{nmQitP$90!sn@xOtGOVM`!{y&VPfC*c1ItAe14S?V>(z8rt zTKhHa_>d-^u)t^_VnA`kRRJ) zIl&9|ym$I$K6m2&{WHJqFo6tja_T8kGi zPME!7^7w=>WNd6SuE(HruhU$R>WOZ9OJv#gQ zS!Lx1A@k`H(jGVsoI#>}!<}n4F*HCf4<8rVN5)Ohk1wuGF)#>bP!3<|-s1$1vyZr4 z7~?}5I{;wixa^;<5F$2kbV0Tulp7aP&E=+Hjsk84)3#T(#F$qvrxT9o43+B2)gw!D zTCV;YH)>SGD3#DgxQo=1&%5~a%Qt=YRMhOh)4f!5e;0?PM9Rzzg_DX*9Xn1+Wezuq zlO19t-5^ROn@1CPEkk!7DMDQ#0sEu3pK{El)x>IvcUHNX*(MY0<`KFV))%RZFzVu& zb<+2^JFJR`&6d=P(K9sMmNWGC5tnhWC!N2fjEWIb=mGRI6`j^7i0bs(UbXSvw?kHk zTaH|~uJ}Yed|nQ&E$GL9-+PZ#-(669e3#m|xJJFy511xMNJxP7`ktKY?Ka5l!4fI^ z-BvHhV{lBUwH;a4Z3^1BrkuyW|8A5s0$I6RA#TfrR&Zw&Xc zeB1kvj|2n-^&B+EE`)vZlkx?$q*s`Nij?$^zd&a|`Zug^$~CY2heMfu{pO7u<}0_e zk!YA>6?MsTx!Pl3v9(5IlUO)K$%zxNr)!@r$~LQX9eru1ZD&kK=yPv^7+!}-?GnU^ohw*50Z=aIONmT-i|>G zF@Cu@IUaF!ge35j85dKcQn{hOk*SUD^)2qfP5*5Y(y^<2jbv0>{#v=E`1-el8`&a^ z$vFFaNXc(6(=|3$)A!zuWwqn6;P7veUE>G*n0@~Ic{Ro}t3-yjW(}tN<~SGY)k|eU z(AEZt`QyviuV$1VQR!v2u~gW zzP5G^ygWI7)!ZS8H#`FwkGKv&xD9ScqCxs!ug1C05c^@yQG{LR;iE@|WZE77U@5@T zIlOIFhb+fAg|d)csJi|*RH-gP>Uq{q(q;QF9bkPkI8Vrj{l&G|$SLb=WrH^c)hPoQ zJOlue^CT6$9JcNlVSqw{kpu`0-4i_d;5BQOnhmqxyZ&#e~<%cq%JN^&DW-@9*Db_S$=)7_0vh57YgA@Wh~NGPnBY zWkmh1Cn;jzc3~z&GHIqALD-a-b}tSfo%m$p{zs;u|DlWKr-#b-Y5u+OM@+|phbxVC zw2g|v{w(;Xrp*}+j+>smE(r90UF{Qs5=dR)rqX`5+VvxoDoX6fkvlm`>X_C{ROxkf z;d@=jC_u!Z`VrL=)UI}SmMV&G*~Q4lxm4xl96-zGBtBd)SaqDZymf&OPRu*rB7WI> z)4^%)?;QWUBC=jmyfs5)FdxG~ z-`IJ|eP;~YL(K*_7)EK&vF+U3PM#q=TA20QEbrk-baaNKO(HiuAkb02&43o{Dw+*v zGUD}z;)QpSu^xPVBzrh@+4^6sO@8@h1AVTFj(d-^s?|E7(v=gqvgP{q(*>1aqv)Pr zfa^Ow-_f}lZZ0k-|D|&9O^I4V`%`EusS}#>V&=-gz52Yf7{S$uQ2U#)r0@%9t&gDFt4`Sc(VpgQ^y^D*LD9rK0eJYNnvv zksV(B%51r;o{al*Gm;dpETE`1S&%= zgYeXuXQ>qXj%6%A9rCZyH><*TLprbZZW^q3*SdeChhpX7QrR6j1GiZasW~%Q4?zux zlJ}S??;g*~RV=)pS6XG1x7TXTdwsk2kS!R-?%uwAhP%7^?W+AwC3V|DfW5sVzqSYv z3dnY)+y2WjWr4+zFd{FM?az?BnIIWnO3Qg&Eb5|R)ugKhxqt23cXeaCc-BU}ZZRR8 zQ^|TE?hW641jt48P-#^$@$6pj=H(O?7a#DM^J!&3>UOKR`YNxK#VNDLsANi0^kMSl zjWd;gzlndv-k;z)$Z7H)oS(0C|9Mhd+s60~s*`^(&j%NXmYd`J?Rke(uGFE_ZDvBFvn6q#tcZ~X5ZQkY@}a{8 zi+29du2J&dDIWf=r|fgT*;fwT?Yt%;HHRt?C^Th{Z)R6S7PAdu3=812ljA zh2X%79lbaPgVYTT2X6hCr`l+hY1h&E0PuU(usyIQ7&%kQ;CU@CUnuyKi)(Zw1?Myk z71a!KwwF&eF9KQdTd(6}rlp5a8@^)rq#M97U|oXffp^kV zW%A_nLnV4zPQBk{3aQGYV@2E6*k?*-WpC(Iay(|*)!YxlnV1vSCw;)ag8UEL-aUJG zL3DH|oq6(|(tC=QU+|rbXmGGB94{Q0$=C~71iPQOn`bzAa{8$QtTBaMHw!mf{MZk1 z6L=A?I@psqf^Oxj`og%wFNi_Kq*>V%X25*9`_nbQQu|aKQ zQdxd)vnVH5!w8#R(XZkc1}gVGM&%0H0e?*J*9UBC-R^K`it&Xshp>*U7a}KCC*Pvx zcqC!|*R-^Rh@;Q)QuU+6kJxZ}RJykW3}oVkJo)6<#QOYba5TRXA4=bNd+_(cWjZlgTP-tL~ckJy%@*rK1oU3b^keNWlh3KiA7AU0{AZeypT0$9ZllM6U%4gh#~|V2uQ^v%hBe zJK_pSMxo%^ziRBRn?dW=UF8QuTcJuyz2#_E&%kHbO;2j}AKC$f&}3jNqp?-Yg5}A~ zaBT8uc-kGkk<1a96DRU>%=WSfWzzt2%-^TmXKY;eqf|`WP7oCfg|v|WK#GT zj)|DRFEJdO(Ly0aAWR-eWl6rfMeB3S!)bI_iBM`6Q7{@RRZ+b&%TOOK(w+}H7$1CS zYK-E5hE85wC}P;#wuk$GT~)WI%0?#w|C!!#!cUCxSk*u|J8~?TkzvmL;{XH zoy{{8|Bx$`nOlq_)tMhbG`8qH+rK+egVEHY1q*sD9>vB^$V)Vnj4vN9(Q|dgx%?WL zcUSxkQszKi>#w9_3NFn@DLFAwQ_~x&tf_c^d`S@0@cY1=U|s<nA(LFA0<8?~E+YGcEm}HnER;q)oGQ>0s;XETTYY?-7jms0 zOm0|UK6$d&Z8^$2TF?s@On#)-`xwvxm|`625(iP1T=8Yg#xA+~l=5R-1wWiYHWN@L zg1XXJHziki0ot0*u^SbGC|D-0k&V|$?|oE}$}1^JG$N@fDAM$xy2Ov8O;63(KD*-L z+;9=(bO9cDH4-S3?g+6rB#@e$CjeTwz6S9S2ss8+j0kOE3IHC_F>DRLK24Rtx&Uz1 zk)}xCv2^SkdaLQsp`!4)q84(tYRWzzYYZXNLUMeH;%&yhVLn*?Z_zmjvBgl>`fCv!3GoLNhZ0U$?>!vD)c(*<4~Zf9+e zZs?4`AbHpx)V{S5o+Lqdzh2tlb=IhJ=#HP%JCc!#20k@(gU$tJ7#EWW0O%?t_`+W< zNv6sEkBrsxF0KF$+I!WaX_fb;HaAE6uUUG_44J*WuGk9t^3OAZR!Z2E#@?% zVB_Jb*Y%XS2Replt99DYVe>33L{uJjAX?)Ht0}ALC9dMQcCDf7?yXzJq|4xc?_YLC zvTxtMefmHHXRM<%Wy`N}iH3@$K-UU8`RmGVs#; z926W(SH>pX&k$|$#chQeT)UmCv|=L~H=wqlN2kRl=Y8QxCtVO%NBN6oGuLsAGNZ}R z@wm>Y@>b&)@G^Go1XQ?A{+6SK5C`CAjNf#nF9*GinR!IXG}!02Swe$rr0dR4q67Q% zk{EtyEvMJ?88aB|M8x--Zcl}NZ1`J03t6|>@e?&{7)Vo?V6tayZM1y^cOgqPaUI=3)Zv|2f?K_u; zi*RkmEALky5%m-5FhKeWLK{+F@Nw@sd1$l;zbc;4s@vU1tD2Q4&aL(rbKB0;w zqiLJc2C=LpxVNSVC8*BM^#K9&@IC?UgWqTb_&G1`Q(4_{xcAK4zib~!y1GttJskGk zuDh@@qwGu`cw9)QxMybvUy~l zkb%I0aW2g)Fm)Y$;X7Ac)MYK#S*#sSqV*sUf?@G8!KU)e*|U(mQuB6bRKP<3@-<4E z%m4#rPRzybMR0BY!$Cwu9spis*RB}7$k{ov2~z2KuB-fFBK(+=%mT%Rf?ihKFCk;) z(+j$2)z#&GK~<{sS#sztrpI`F`9f}v_JHq?CkVS`yQo%75XP_i`j`2o(Qad_OmhRu z09IVOeZPhcxFU5Ke}`0VfXgB@Y=ZP@>C*O%my)-h7@v|_wqh=87axsGQ zF-X{^P(p@yw&6 zwYB#TyrFVe4i-MGIZKk+HL#5tIK^Glp4kC>H0Vy}@jRylU}yKBre|a+P&89JeJ9_KZwys~Kz$R{- zsQ!HJ?AeBTdXXcM9q{k&+O87UH6I%40sl$mhKhF=%xd?9eX1<}8V)Em#nkc&;{%yMQ4mczbsju`qVGq0f@U$;Iw=24#3KjIq{$)Q<-DUI zL2fTxkEk9fYa*xi`WK-B2+oIt28a4%ih!6sb4`9UCanq&aTDYP@P?i9gh|Ax7;P=B z4QwY~65X9iawps%;CGxk#J)fX5K=%={q}-EazW#lfZqlHuFhXi9zMiZMf&S3Yz7b+ zU}QQ!RI`}5;u*v_4jzjuF(lXUJ+JBO zg!gkVSx%a9>2;hQs;fUQeN(7wWVD4t9fTcM{iVy6AqW;6SE(uy!qt2(f_sKl5FImM z>BWm(yfHUoi}zSl{D2f7!Ev2GUs!O+WVml?0hdA{ z@$q3$GY;sZ9zd^qe<<~cYN;_uC%S@AW>X#DgpgmeWlZ6t{b>}0T_;?qlO@7%sE z;aN6y)qMFPHUO`g&j|iDY0IyNwY5p9-IrFle{3fNgHD|al#jDzw}s;v1@x^zId_1y z$0(HFy2WW=tGyS4&y!piJX-4Kd<`DsZ0N;)N^y-?(AJFKdGj@|0aJY{j8;u62S>R zZ}C9vC7@6f3ewPU?)Y&ZI9PH=hfkXH6rt&LCPzxt|2jbt88yh?Iqy<-_Lc85Js?2G zLXQ3d*8mtP?8I#+noIn}<7Kn;wJg;*N;1a!~C*}O!yBn(tqXTqIx^Hl)! zavDr)>m8Pv7buu1Or>g7mCM0A8A9P2z@}zOccY7+-vV3L!9noK#R+%6p&z?-0Fp5- zGTz52=OQj%UwE(-lNk-sofhI_HYsOmu|{N6Oba=MYlfbCSOSY3cM39X`)s2NymU#a zOb5)EsS2j6Zf>WJ9b4|{dEZ%lj87G#qC-zH%V54pZ3yX=Yl*WZzo=;2Csl`gK90pP;5g&cpHJ62$?SiJ9kMdRUsSGkNlF@BlWak&X^#>_Xs5 zP|%r(2)H*=f6aVLHCL+dl6?;^?*5MXeCvE~O&dK>&AuBtTlTU8DIB3c{_B4Odk{JV zLP25EBDswA;GYRD8n)*!A`>q!lZg|BY@IDmAn4fjE?!Lk2kne$68=8ux7iA4bosyV zjgRu$5m2J$=)dy~k6bTxC2#xCN!-MQ28lWd-}k^@fF8)X64T7{jGFpOKrV-8Hg!4b zv)-ejYmrePaWo6f6oPoD(t-b&*J1J0x6?*$D;7`(4?brns*hUX?EDxuY^Gx_jE|DU z^u2qREnOPr;S?04r(xSmW)?R&4Yy4q>=6oBeo6EOTw6SM8aE;~(4JD*P}}i_)y3z` znw6WEM;Zs56i_SZL2!DvJr&|O5;j}k8MHszNFK3Pua!H1E#*olj~jRQ;lm9u#heQi zk#v|S$B|sKMpuyV0uT}7N72Sm3XKI5+mzH))L;v-K#?8ZsY|&`&x~b8T4v@@iGf7A z_qZo$rKO}Ua#HYU2#RLtPb1494rN<6)L|-`ubrJoE-y{gAT*WZ4sKv@a0fwq)3?`p zpMAugIBx9Nk0esoePwC~b|UCru50RZH^s(2!}2O3!UF7N1oFlzE~PJW-eUcz9SGTQkh&4CNb* z7Fh^FG(kh2kW9xfh4f|iXk$PkV2XUg9&W-oGAMIH+?XuJi*1G?%~4=?0wtQVleXHg$l?o73PgWoCchhA92B|JsrS)kz1Bn z-neb+R;De~W7!U{h5pbU@~!81t_Dd@nCmwD|mdn$DR|$ zO-F4-ByAaoap-SrE^ZZVPvW8W5*JrB32)G-SPv&kRp3nczT;iTH0LXUZZh>{^9QRy;JP2Twrv^< z>zsROB!+s8CeP`LV7u;A_&z|)e%`z@=xMmLtwUjRM6|TDfH0uMFG;!22IiL+>dBKs z650n%6YC^moJ0E)@q5&2)GX95yBojLCcr{u-vMqudHncpnsGHAN4Cz-pFcM}w;-j9 zdkUI)EUr2$r(T+*_bdlPBos&7ec*=X^J}2QmXw%--kM%bw9|6=PiPYFD|57>o|m<| z`ytxt>GlF@Us1tbMM@JlEHhaU0VWrmgKX!QKk|98WH7;2QJ%O?`kW=3SAcji<|F=9 zR5S`x2wLNjCMJyGB(@>28ARv;G~5|hRzg%fBW&P6{!mmY8~Xlbl?|m1kmwne2KsU! zxtDL>9=W`hCAvk>`Rc5s56C-}Ndv~F@hyVO@k|(1X(2%P+0})|QGUz3AZYXiAP^lW z*sj0a{trHTE7q}hf?K1h0G&Do(E136F`87 zXY5wYysU5Nv=#DYj-8fOtkN=H-ygbJzOPNLQe{Fi5rj4-acfLqJlqmU8n-6cN`Py- zKSFsLK#iZM(W|EgVKg*IO8xrLR2K5dsWxJ!W#Nm+-Xy%oLy?C%vj0wEn^4wz`T1QI zh(BxIU-!O$VnCx?nbA(^{v|qLkMsI{y^7M)($J-7^p~8(=U%XA zkxlE=(&y))vG6@GC+nAWqU@llN`Zy;-YvvY)ATSTqTJBZI!>`8v`5j>B5SSxWA6zq zFZ8w|;|wbJ8Sj_ZY=fe!bMhoFkK>5<1P5|>e0iGbTJ7Lzrf$7fLXsMv0cF9E8hp^CVW$($=Ei6ZXW>kz=2;} zq#SAE@Jd)&^>TOCv17>z2{kQ=58q|wIX`&Y8MQs8@jEvb#tk~seh{I!3JnQTgeR|K zT)aNCSCTc>UGwLcc^0U@R1+W~xPE7x#yFjZq0gv^e?^&g(FKNuX%ao(!amN7E! za5=Z=8)^5`h5-b=YwsGi$A@(>Np(EvpqZKKfhfT!&$mu1QXQKm;h~z!g%eWm=629! z+-G_O#-PMLNO&ZgH!-x^1i&Y|Ge|O0YxHO^V?xP~e*WvGC!^u;BMLni-fPi*ECz2t zh|<6um4k!z3P!d;lsB;dz=05Ga1yuQfBIzRU8x9@F*S7~j${Gbw&k{Mm_)_~Ulw_1 zvg3P+eFqNMe%7NC;5mX`NIh@Ip@%Z$@kCe;G?p-$aBp*0gk>H|t7q-iLlz5G&Rf=L z@q;gfS93w|vn@{yTDr6m#DP)BygWx)ZVD}VeoV8r_oh@lF zkTAqn5Ab{sqa7POlROGgG_ELJIW3!RyKG3Wz2KZDM2mC7=}ITvc}wLx-mUnM|Gu(U zNbS~DrsxJNp;#T+>S?nDcLoH<{O*w#|4L7Pwt2*vwtV;)=%GU0uR*jDi}++^;m;XNHQJMEUkM8>=9Mvi3`{5DJ7 zWq<$0w5R2&+jJj*Luz@Ble>ga!^dh!4}2{>`I^F^4`nSHg?gzlm?VNvGckS>c5BZz zyS^P^w9LN*$5L#!2nJu|Z+iHK_~c(R5NI?y zqpdqVomlk6-kzS8QVyxv;=691ICTo~#Jd0!hF0!wEAtCwdJeaTiKVh<#*!sVa=(O+ z88qxRGGD!277aJ+z4v8w?N}@Ab3f&m%eM_$v4-|7Q=)Y1*To2r@H`mhQReR| zbIpe*TWeq_T;512s;e?3P0QwYZi0rS&59wxSIS%78XkLL_`{9=-fJ_G)KyXqAMNI} z$u28!qUd)X{Isx-UAI-+r3=phP__5|jaYt+LSvPrS9W7I)_%}_^Sc;wOe`MPN85Gx z(N^WU8s;`~-k4fSDz^<8tpSIEN6BE2wcxK9mil&Ua$&EJ%AeMQZL$zQ|HpHAO0>Je z({d8i{&lV!W&5&VQy(d4o1<{Yfoy8_^_W4XKxm2sV=+UO3MB1GlC` zWVlYX({OReCM%ujW(7YDP5-4Oi+6fFEZBL2imYufxe%-7)4-M2isg@&j^zxpU?62<~>6E!;`wMrq z+Xw7RzEEDtbzumUBTAy9$FhMgARl5bT6%HXQagEi*t!(0X}e_g z+@Y?02f$q)94yrIzkmOR*;U{zKB8XFy)-6$OO<;AR4&@orkdYQ&k7~umMi54Upv+C z@vpsmJp|J_a}Rq)nd^p`=;vh+Fo^6i--pn9T6+2EbdG>DWM5b=M2H2K6Nk5o_wBSZ zRh5-Zy`>cjfIzT9P%el6KJ=rym%w;>8CibPTyeZd;c%NXCr|D^ca|>$jo%?NcaZ42 zJ|HMOq>hztq>>C7qA%)RdgBVRlEOmyGMzovUOqk&{X;K#vP{4;7?3eebQ)s>`WYxu z9tcl6a4{-T8=IZXZQZB3d)BEha@Sv8c_uU6p6{~1yKA7!OqQd?+qB<`TC|5h*wxxH;7f4(OTvm zzoU*-w83z<{HA8ibkIZ8g={C3Mbs{As1Ny@}YHF_iZ z+fcf&gQnZFligQl4eF+o=O;Vgd>M3+PgptLLzySPZQ~?;A9)Konu6L*!*uTT+jX;Y zzlKCsetyE1JLbyeCl&HN_`=fpxl@t|Ghq3t#{{n>psL94_jG@HBwJhQ=|XHgkM?_* zRT(l8sNzU%7vS}&6~s7vu3qg&K*%;mAJ=Z zB$}g)gam4QrTOz~vCIM!F#L9}F?Q<^|LH!pwgb+lh8CaO&B-)Gf! zU?MSb{hVBj)0oC+qs8LTqbvNmVQ`htEV%|RH|yg`3fCUYUT>!M+|V#rcZY_HyCN55!`3HWAfP_x@I_{s|=gd{A<3j_6 z{~B~_lk4AY9rX-R1uf}7z^ID z>}yYFS;ap$J}fA@yX4x+Se25(qkbyU54MH)wrN);`lw_t7+Lx0%%84i`#z`7zHa@K zsGlqKv-;1eKksj~Ol$pG6nAXd{MiRG3)1TKJanobIiv41JLp+>S3>&JblCCy$Shqmxp%%>qZd6Emn~7+*(ko&Eo_RypBpQOI+qupSF9Y~ z{9|SQ#@3+3AD4Fi=q)!}Gs&}l#M2ck*TnC8Qg?09538mvMZJbtNNB1@r{muUA@;&T zzel^KOyGnvG^~H|LhXJ-KH2l}0`bVBEIL$Lwiodu-{q9%-wIXd-H~$-B{errvX9)3 zumOFy^8{1zFC#Ec<=f|eJGzGj+*)n=d(jNhx66G?vQ`-bryv_sg)e*M%H(u=%Ww0p z|5F4m+0(mLe9XIR&QrR&w|Ogz+PnoRaehZ2%ddq!H2XhZIb*SN!Q3nNBFuk15Yej# zjhioD&(&7FYVFp>3p0;^OZEJXkz4xt^TzWlcM+S>{iH-%&2oOI<8S?*7NSvj!%S}& zEf!fJd<^h^2zsw049BLf$p6bE4o-}Y`@JvM(mL0i7#FI#Vf=7W1tFm2`K$pg#nmE5 z-w_}EE;>udCg~OlaM`>k(mcfRkY#u* z{qvZ$lmy-eX&VY{m|})IfnlR#{8eOk=J3nWetCa9BPs*55%&{4lzcr zTek;i-kEN(8I&2br2B3||5pS_h;~ZfHENB&)VxZ51f1=cm*HCw6I11_A1eD_p)}ok zAfJ{VO{+_Mb?P@S4cYX5V%sn%o*9?a|Id&A_rvV)#+8Xfeddv>nZxnIw$rNn@^Y^K ze@D0cT1a>XvS5{`E`#>(Rd9J?_$A59Eb>59_aFcN`q65AE#$`LSK~b1c-l;gARMPd z37vg-5&!o$d0mSr!>pxiXZ)sh!Xy2E|CJ~h`2YU98_Q$QiOl-e^xwHKH?FzQzTfwC z-2eOKe6tWopWcBWEHgar{nsZmwY2}Mpy11lD_hTr?7H)I*nif?|NU5&GZLhR{@2Ip zHr4w7{oUDj?RxIb<9biMuKT|}>5lH<>Vqu**I!B8SYGx1$bUag^}?FFmft^5wU@WS z!pm@>l$E`FT%(u;WBhmrqyPE_Bj48!$;YkXUxk4D^nPNQ*@LCZiL#q2sKDO0cioQu zKVdW>ld$dFA0#B&ydH4f8K%+5;z>4%#Gho^A^irzU5S&!$!`{NVrf<4e#y>xw{&)w zy+YU|=`SX{hwk8lz@_nYfnM47GFdS2B zZdlF}W`|&VMSX0Lt-vE6O_=jNAHZpeNF5y=pU&J6O(?LC*fACXT}3;~H&u;)(6X>= z(5>`pX!XG3v|KxP3Lc=?F;2PF#)d*H8mMe+U_b@8f)NThgFY^d1)oa{%98fx>;RPjcEquSzIH-}de?SaDs zIRINan)aln4N1OJ{~JGqy>OCu?cCYSSPF6$_M}vtl`flHuWVXNeNQI~2x2>H7Lu#) zilOjdmyx1OgN!DfaUW2pe#rMW$Bc`xSH?RRHi4Jn5c!=B4ps1E<|cV9^R)MZ_yBIs zLY2#D->T5#o;vVY+|HfA-!K<4No>&nprTnb##@?pr#G8k8;e! zT>=QlYQ_vao>%OJ>qD6>&o!z~z)OeFOfx_&)j5eSW$fi%>R?Uk>LpxV&!2CpJ5CY3 zz|71{E$F&97~vv30LU6~(C+;9%~(&bg}Kq1xt57<-e0povjgqq3|%y+5TFKgKZx_7 zyXQVFaQ1t8uV5xzPr$x@3JUAk1`OvN&o2vCo4YiuiacZq31J2gYwlfjMi}!%0Gp!K zB0AEW0ZzfstrI`Mo4{Eb?1}%VFz()wOE0%m4uZe?bXs~U5~U0`AdN_XO&v{qDiG~F zexJNQ)0m;sR?BDFJ!EnLU;?Nlt*B$3TQ11L*nq&g>(-sK*6_`j4WZFzs>yTP3iEgy zEzB06Ko^$-)YbcdD-$*Y26S(qwxNCz!##`fDqf zV~r9Q<}-{)Gr=XS(d6#?c3`l@>k>h#Kn-Lkh-T>$u54{B5M?0g+)>C7gwTxfu5T5n zad}SXym@&zZ)pj<$JxJAO?@O+lw^O^mv4c_OkoVCgBl+aj(B_p$X`VTTaPSh-_jP9 zOTFG1ceX}oRIqQDmNQ8_|2@@l;lkx!UdQWw0jV^Ny!jGf5FSrUyv(IT^Ky6`q@u20 z4^_jzEd`<;LtIWiZ|{beBKh*DW`ap&u^238%R2-dg++z44RfStCp)KLIQ(S;&z1+v z@`HxzTwR!--v$pL#0>9F0e@nbsx2)&i33Ido%Fa=MQGW{8Y;I_Aam3#14BO9G+S;S zzY`3x&O&#>_9DlD>b|aJ{(DXk+$k8yN|yyFZ-1p~6{1`|a`t{Nl3gz?Tqz9E2+mbI zI@(UL$a$5&KXk(HVaIx4(hc{S5m!Xl+*PYqfp-BJK0LV^o}|!}0`o)}&0na9 z&chfjz+iNKwh(uCl%{|rFLUhW7jQLzS@ZeIM0mf5%b+ANGOWMyrW1=d4p%0=1RkjG zkgZ!|7#$lcv+E{_3xE}1&ON?vy?0QCmxyCg(8oI$IBPIr~$=}^zsjdz7Xylx@|FK#GYHp_bcM!& z`5OJ3TU*i3kmQ>8=?8n9y$bz!lImQ|B%b%GM`yNuS{lIu;drjw|_zz>+(&0CF_ zLoRlH7bfKVTn1)^O6FKqUAqfiI<9C2+JLVEe?1E&SJ`aG3;B;&aT?;#&Ay{`@;!? zE0Y;O)q$7GiLk>nkMxn2##~EC+ysI>`Ex|L;K$QeCQFTQE6|03Gp`rr9~*-HT$fo% zna)L*EnGN1hTIeEjQaFpUCB=$>v|~|`Ioiz_n|j#-rSp<3I?1HoT@M@CAmfTLenaCS(5ZacUo?A&#(?H$-n93~3=``_1-8e<{H`{I*aHdhb7m_md!K7rkN6t1YZokj~qS9yP{fX@ev2#a=jYT#i7V6 z{R|mFJB{rtgsz>c=PcoPq|O0!pE7>@XWrBzxEnmbrc_nyIk)1~GDufudH!gW5ZjlI zfhv3q=~AWGTTh;(ne{0D!dy%MZJ5MN`Q0)9tag&*q*1Ezz2Cizf1{-#Cm|6DMn+OV z)^UZ(qh5N8U`z?3-Zi2M|0;fUbSNJ<8uO~69Wxi)O6P9D!34Ti@wY%qK{b5G5oo~d z%`XPBr9oQmwNSR8YEJtqg>wF8tkR_2>1QTFzk)of!bYR z&o*|+{+aUix&FAAvmd(;evI9AWW9yCeZPJ;<2DVsd0h9L&q|*i1-IM=44m~rv7pyw zty@Y`PI3e73x=xqj0x{KZ{PEM%NCvcT-pA5!>O*yFblCU$?HG0|BP|LKeu&-_(*2_(sCaS=Q!9jy}WU-GTvz~A;Q6lf^miyB7x!qtnwEX;sP0JT}Dz2lVW;j*oDTWQuJMJ;Tu)|skCoaJn zi7%YGI)FJg^LRKYyA^feg8Q|W+#6?db;x&>93E5VN%L=qa-G6do-|DQ&w-eKETfmM;&?z z2k7DgStR+BARAaaV-Og%x{fU zg&=2;s#e|%=Jp~2#%f$LM*jQf97A*aO2{f%_d#*(bzx-Bp~S6wgcre2cfPje3VDL{ znZeEXk5Hra78A3@r=IN()r?ifTy=GGg}SwQPyxSbUQ-*LetbEU+?TJT|N0u8wxY;6 z<%dCxV{X-*I|Fvz#D5vKP*qi)$3howZYJ1XdUOQ{L?Nl7t~prl83eJO_R@7SFbLdT*8>p`qYXqBENK8@>Z~DB!@RD_0pa9F+n4u50SQcjjJ1O>T@nx3gEy zzdp#|b}9Fat){-Qv0$4?^~E1)anbTXomMG|(pE6Tmj$$E9*#;0rU?KvGMimlI)twbSj6{9CYw##BC1sl2ULX z&q!ZC$+x8E=T>?m_(BhEB;5=wK6R>ZL!nIfEV&yX@cW(Kqj*p%%ZC*Q#r53I0S&%I zeYW*%cptl3;J7d)XK6tOQ~Y)3)-7-FaRVhxOvm83u`}D?Z9z>hUiyq(@h8N_u06yi*XGkV*ix<<<2!007 ztjGA|>?s^VIzmp2X8LTjXASGs}L-l8p59u?o8|tR|F}vPQ;@ z^2^Q9QBz^p(Bix0<-K1YBXJMk@_&ma;EaE}--94W004M`KX{OAn#{FC@51`ykIo#! zO>^G_5uA~iw%BO-Q@lgr#Da(777Kr$b_E*hRUOU#0P6V9?x8f}_U8+Kj+FPLiaB#T?hp%FUcJqC^aBBYhM-P)SIB8T12^Y&& z8Vxy|#ObD}qVlY1g}K^8zQ)m|Cp;-p<#OoX5|>s8YEYDx!bN817^xl^6-A@V4qB}8 zJ*fHq2#^JqA8DilPhNGB34#FpXF^m$LPP10bn&H;E*mpu3>}#<>z+C0g&{S5IBwi{ z{8$K$fxie!avakYzRO*DrOwM0Q;dpAOMZ2%hgXPV)?$z(? z8oagJe2(76dfs;3WP^UA57##H7KzZd(^~n^LQ(lVec#oq2lr>s`ZU;7lf%Pm`77QNE2$Q5lFCExto>&-9H9Kc#``0-HGU5l5#4V_N!4HC{fd;E=Bm?4vxu27OD624 z`vH@{VFpVh)yFNl`U~FZ{ctpvx8Aoud-m*=IGF)^_IUXFcQ43UY8eGKG*%3SYU^o$ zhJ^hV>yo9#molE_yt%1E4%0cx4k~<#!75{S55=SG!Qa1My#EruxDetOZSPXWb6yo_ zZ9n{rFgy+!KQ5`F;t;Ko+Uyz>uV+on{^hf};Y<_xJCg-xlvVp$zJko_+;x zB2+S*I6)S;*_fJ^&X6wSf%YFT;Ady6F^D5p&(OXy!v0L4Ycp_XvomYsHE?x8U)pj*^nHo$1kvUoQj^vq4x3XfXVPaJ@F47(Q zefMwFl^wme@BS7@&A`3%%0$S>@HLpRCj7Qa-|eD-b4hQk@+K3kZ6!c#DO9-cn+iA?+Ji$5KM{)=VPA+V}K;_=`!m|OYYf%5)5*7YbB-(>Thip03 zw(0&&&o8hjDIPRu@8?oL#BEII2oinGq>ZqpQqBteC9n<3n`ZDro~`?9e%U|(#dpW< z3evWo{SN&*sF``h*Z#ACdr6O$aDW$^Sg&I}jV^rqNGKM-5t3%aDNR zchLVvR3E(a7Rl2W-YK7o9SI$wcY!=*Dk>%ZQ2%punGJ- z)(W{=PELyW?`h6fnh@kQdi9Fh#=Bhjcwvnv7Nwk20*&lO5{f*R>X&ABUR3LuG+XV73r4J&Wr~?O3Ua@z=peGxpamnxr5J*$X zo?3E^a{)ecT0%mJ_gT_wi5c7Nq1YtD$%NzqtkZcBsk5hQo5iIS&F@x)a}h-5-FWe$ zTYpsVf=3_t6`~ew0=liM7X;U=W|nSIQ77nCy>Ah?Mc`8obmA|E&E8J4o36Jk1}cWR z`giEmv@fz371SWhJW{MRdisl{&&i-*v#5;Nxl{7{Bx@MH zBp6-vqJD#W!ZGf3ZUtxGU}-CeBU8Uz*0d56j}pcngn--Iqw}0vWxi6AZUlJc$&(>w zn>KF-iR2tg5I;!)#IZz@HYoMtJje6bCpj-%I8tF3U8(ii57cx$MMaU9R16$!umO8E zC8b#Jny#oTLmb9$wH$imS=eEN+T>T+`^wdW8qic~CgnV69jcz2dTqoiw>l9;OR#wy z&P5)K4%ymQ$<6hQ)6k1*|GZc8pOIbL%xCAy^eAwW^Sc7c8|09+M3apxCW6aZ8i@$? z!Y}%w)vD{z8kbBT%GGPKK^MIpEaT~q;|USq{ZJGGGglbfUe3&E4!%TD3_@eB{S%cF z7TK8S{q3$J5t%}oinRuSE0JrMEb)jbwF3HrveebNfSWOVYBRWQ&xC^S-AiFB_nw@N z=ULkFN9?nX{`1r4aDyR8nt3F#@EJ5_w2Mi_SC|A+6@+gbDeb_Mq4cln_l5bKjFeQ= z@;+6!pw8vi|LvtGU51yb0en>xA6wf>tb7ioeeLLg4laLjK>D2Z+$E?P!PULJ9r2=k zvA+5KGJb6bsh8jbOtFdA3NT?480QDPGC9ac8!#Z7_*c)1E}wu(N;kpIqVSb@u8pb4 zym>u`Zs#h{)PKA`sx(q$PQ0n#pqPGH z0F`&SvT5%D4NCStF{Y(6#*aTuKl>D858TV!W&>2S7wHsUh9Yi8;qXLIg#Z1w-Q)|7 z!}nMpTC(a{b%l)$GnvId7Vmg{_x5c#@TK%5jN-uMuoI_$g03qzxr=k0AmB%IosdMv zB@Y=iXg$dRtTgz!z6(9|>SNoUq_{8ORmGk``K6#P>1DqIAzU*-4k{kza zfb+Bkh(TGgkSOU(C`blVKT>}#9<cO`PVrb7dz|-p9wF-$LF}Yy3e-RlYkb64TA`Z z$_Aj&^4*w$O0h-=b|cl*jaJbG6SA?g*`5VOv$V>?V^3=81Zvu-J;?Sp(Q0uHVNw}6 z?Ze!-h&>WN!)}g~5Q3XmJBUp^{b1^~^pun)>dSm1q#JVqY;$G6A9O)JX}TQlz4-BC z6Y7hgBH5nZGUY`_nR#*h<()pg-Q(Va2kZIv;*m2E@^pW?EC^hMV%m3%te6tCY0f0d zTviULw88+7=fyX!vt8VG`_#KlbOO$sx~gu_HDt*`bU$8$M+gKZ93Pq+8`&BbR z%+a6+Fsz%0+r6slLD~rfJ|n$p7Tr9b0J5>qiJhRpCOtD12puwV7?r- zgxn+^^<~eBsLvB+@c&QJ?X*5{(mFdU75AT{dYaQ60gJKmgO^R4u9%^+ zL?=e`B$Q<*vHqA(;S#0(5Zv$B(WA~-q5dcE^wCjTirJ}py*yW8MBwY~y)P{-*G>x@ za2lCIlPB}$j?5di;UMRQg)3T@6O0pqu7DLsjS_}n%8L}E1&@4)5iAGp6y}N1GiAW} z(mC(B zGHn>6Ff@4IdBV1{XETH2@JY4x9#C+>fg1BN=GRF{ED2#&$6eTdjaNz$$DhcmA!Rzo z#>T)iW2@B9?W*v?#_}Ts1SDHoS=X6y*VP#SzljFp5X_N<2e%y9yLT;TK7*_)<3kSN6TtzDl38ZftF6(|*i-Zl@uW7@ zOHt-Pqf4Z*gjoZi;87NB=%TczcvGkLxN)lia>cWES!OCCt16<`a&lVI6jk+XA|87~W?r|c<;fX+fq26;lyAb z)e&?xzkORjZ{jv2ZwxPU9J;5EnoQnWOUn;}k7BJv`$$!F=jGB^6C^UKrv$w0A-#&@7XVnM{eiP0)r%5`1W437N+Dg&hjpE4))7!ELt z76E_>D-Yax$QX-3W1WLpQ7}OY-_4scQZCRPwo|lMe9&OUJp3fM9JrQV zdT{E~u=ah8ft@xJ*%hSrELybFLowDW%4<0d7xoQY6wF3>>{CwhX&%4Joz(_h2lzkQRybp0c}#k;VN&XvAM>FG+Sn z96b0#J{{g-PzeAVk0`Etq{)!$RzJ)avE7QKfnJbeURWm7Kd@}^YC+6Av?$3co7RC3 zKeckq2QQ{YlvLL+hQh4?0DA7l3v30 zjwKKKL0ZY+cvs(%s_{q@xh_2HyCnUmPenRKeF3q7YP9D+ly3B52p(;ptL;c!ol_j2 zlhaIv&3czwFrTD*VVO+%^Ii0h)E+gNu<6HkiJ z4KEgUw70jid&+iaF*XGkcy�>gs-Z2JV<+xwsUA9${gC)?P@r8dmH4xR+u_rcQT{ z(wkIrSKK&ShAv-x`a#swXUk*WXh`s^263`*b24z#$k5$hHW+QVPk%HajY7^94n!8S zqhjV9YybLH^J6&$9H=&5K>s6;QB0YNDHVTk$wH&U zY%PAUzPPtQz^u6rx{(IgvGF^D7WMF?>i6Vn5cU!-(#mH6Kc^W+1|6{`e3LG0%`g^+ zFg@#RegE+zRtRhP0Zhx7Ar6REHp`H$cF437Opw(j!otFCOXMTB=;-*>divVD`SUaL zq7Ghy^(dx}e72^(zLSksWqX1o0SrdK`8f;t2MC3fXpr{!XMP}&5t_p{m6XxlLPJyf z1e@VlVWGj~$)UFshQ3rSC@Pvv*FR@Y-wA_g0^C>PLV&W|=;2gXSD}^VNXI^UhN2XU zodS`A0{E{EsTF`bw+s}8K?4U0iq(c$h%bTUA;hc|Kgk)x)?~tWb-Z>Ff-n%Qn{enK6D~7H^*mw+iq|w+KutXYmh+LP3SOzI<-tpQsx}% z#y(Xhewe~80FSYItU1tiUa4M2` z0ixSI+BlyaEU{@hOAv0}LGbaWF{$E50r}`{J{H7r&VcQDU}iRlJ5V4`UDFn%q~^b)MTTik}CeP)<`IOexSCd zwUZ0)6T4!-s-qtBe9PYV8ldq{1zvY37Nb{pze~W&#J{&(hwFKZ78ygCWRaup&o9xN>G-zYjeG7MFx*2*)_* zsxaLKY-UQcqme|8ZMnIAtyb?HOWbvoR%KBm_HR)4TX3v4^h8e&FgchD0~BvdkE?zB zcz=t!eU1Y&ujvamF{eBJ>XzVFje`$xp)iWo89JCx0}u`00?Q;%_48sCGrfGm(GA`3 zH10OID$VhW|Kiv7cDTg-cTNL1Cg!3}Zi;x6$kmOCzh9icbkDblUk{7lp`S%B3O+>B zhTTH|!DLf(efXSXQTL~;aH_1T5;!~@;uaJ3SY@xp;nn#-%mGb{k)j9JY9>jRijBSW zhQbiNe~o!c_xxA?A6f4mkM-aF|C3p$vqF-JlC+VeWfdX2lC+S7q?AfUR#8ZyVI)#X zNs;zKDwGy!4^ou2N*egxU;S>M>-M=m-~PI;w{@Q9>p70&aXbdx*;lWcxzI=fETF0K zGkD6a#;EJ$qV3jYwOLEN{iT)iaUDx^+{oD?pr@2+bqgs|t*j~-svMq2=wln`Ib%$4 zcge!<*;6IMu6dY7|9zA9;+D)&r2|t7w|w(6?AmGh#{=UPT>K7C`$6U#Q34JQ`QG;i zoTwdj@+5r8yRAza9;c?Hw1MIQk71~Puq`+?h|eWPX&CGb&WfB}dgbM)lm;)`WOs;L zV}w%(Rsr{omh+GSgxK>qDu=bVz+T`WkWTOSIyxPhFcZRaJ&wGNuscMNP14bUOSs9? zG$}v@;3rk0fZNss7txDB>>V6?4PG7q$IaWf4U$J4u4!WO5g8YTl}PNhEa~{LTe4{kqyYRVqnV=sw!Qi|3TE}(?)gKrtx(!YS2X|Ss!GtAyv7) z4?mRT2D6jBk}BYW9%|7Nov<9?W_2l-X?%J4X8C8QPM+NO*R~arEx_B{k!1D_mJwDm z3uv&|x|Cp}{u|9zU0onhI~_*+k|`&*08)l@$LkJ%Qfm6gI~uO{JaY@{zvPLpqMzFY%}3=Ga(? zkEJx7mzHVc`~k*mV(~qfO84*gYJ0?sAT&Prmu;(WrAht_>4c{pzi^5J+ zX?|0`%@2m=59rdR%Ok(j^j7ijZ)S+KPV6&Df80547xlGvoi42z)^#zZ5Q5{SjvY#r zPbJrW{0d$-V|0P3<-{pZ$Zy&5q=peYHi!D7*I;Q+cp8O8;)lhx8V14I_Xj`C$%-hE zWxzVey_g=Z9l7~(wQij|YwYjiy3slJIUhHN7`4pPCP@qVQmP{%$hu)7S#S7w6~d^- zOmCM#B!ilA&l6GKnz?GupFa;Fn}V`rE(eC-E6I_1zjF7s1N#mP$uZIYwv(AB>}YFC zOJW@R_m@RPaTbd{j$p)gp}s zj&gAC#I;plCh2)M=8e?FF+<~TN?Co#3dcIZPvr4qEJ9)3(sjSDqs~OopK{UX*4i7) zL@l3xSwI1sTSKLQIzRD3R`ol|2B~Q&Lipv+mw;N-U<`J>2@hJZz!=VZQ$U~dzvhHg za4BOKp&|QfW#Ba%Ew15osynGQOnPaO&tpxAtb}s*@S(QL)5O-Kn`Rc2F(I`i^6KTEi0&u;lXLXoUOX` z!MT;x>ARyY`Bwv&xwyDMQ@V3t?KXE8>}UBa7#eeo%J0a_{QA0~;mQ+HsgA6uy*vqC zV$9a9c}I?Pl29)1-TSD%#`L`xbB8PE9y?~2TVwX{Pz_;QOAa4$M@qW;X2l*;tZOKM zIYx5II{jI8)_>5_1W1`{_B3sb)E^W1Q0DI`j!zl|PV|7>r+*KvTVSM-r|XvR(ByJ1 zFvjsCM_eH?;T8B(S3$~ORHJjptFXp*jHxK|>F<=IvtHkuJ$x6A^#sB7F8OYx8nRtl zt24lJk1d%?BtGgB)xODcbH{yq&JbFz`~7=J-V0o%*;LtiN|*A_`+h+)L|PIxb>Hew zkJg_z4+?!7INtI|(o+-D*>7)dG^@kRMWts?i8_scS$g66W3)Sg#o{3~wsJKEKE2e| zn2wT}Cr=)VTA~?R<1}WG$~V>3cejpgDW6}Oxz~hR6wPaC?4}PMO=E?!@=Gn+BNd{a z{>Y2Qr+4*T*2mi*WD*cpS@Vm-R`hqhjR3LAZ<>Qav4;`eXrKb`H zqQSuv5&i>O0&9$G+&}y4<`TEC)mp1W5nV37hU+V{h%@L@myb7q5Wy}ek=g-l zOdeucCRp#S8u^OH4c-x5;R#vd%$5@#85^lbK`p3_&z&k zSEj~G>AkK5?OQQBcJ&GP{lsd(c=zHx%pKY5d}frhv`gz4cf&^~7ESZ=%EtRZUf$0& zW`3SC8+^IF>fhMFMPq(X-elIDT<)13#DLv|{wc zZS_Z>4ngOS1&i+@_n{zO2M&0GD|wC_Z5ivd$Vq-zeE*Y)V@&}}X2c1+vcaRIKma9hyY4tM&C)WNnAjTWUTmg$ zlYS|TX+Ox@%Fe!CyIEn{s#EbSN<25!%5bHRzSI4k&9VB_7au~hC$(y<{ix7q8{jw@ zzkz|8ixiBa_>^ERKP)fzW^kJK;Fe#fw-U35KVVGme#vTtsqCV&pv5FWb{%#L552d6 z=Pm9?&VSkvR|Lfg%7eZyP2oS-O0^xo-h|j4G%s_REmKQm_J;T|Z`Q1-HF1$u;0OC~IplXL*(M^|VMGVG{g~_bBLrK3L`?(IAePO8x`DB0WJ&(XllOg3aRVL99x^6CFYm0R>Q>U8^i^*$P<}bq#mVQp zczFLUH{Y0PoU=%$pNaus`B%@WT_ue`(xV-9B*r%^SP8)!m4S4UyBV!8u zuppv@8@On07+e}!Tp1Y|E(w87*W3&awRuXG@YsF`QNW?uyR$Ut&4u12$4gavf!NTU zLv?h%FzIG$B3ulA#)or&vm_XmQXO^M#cZHPUOMu87%md@#SeW?0sGDBsjG;U1X3Ha z>mXn#{5TC`|16_psxJXFRh+VB)hbNnbiTiHd#fqyAt0;Q7pawDz6*u?DPu+2{77#- zIk{N=Tve5m>@#wBwmRn?R30CuQi~0vwknhr_<@Xp%O4Etu?2XY9>YSpr+CHb4yCV` z7HD7*Levo08oLmhcSdO#;h^38!zeh<%_VxiPx)qKgAFUr0SE{UG?Znia2Xl>6)lMI zVz?lZEq${BvHuV12!O)%v|Pvoxg^1G@~S^9IO9JL`s{t*Ra2&1ZPanAdGG+Tys2KS z-JzSeZf){YZK~>279g7lKZ1SymWp!PrMZYQ8JO@9bAYoywttwc5C#6Q4z9c4bB~`o zR*$F!jWQr&z|x}fhNaR=QSm#j9|8pEZ$?=H(9IMPd##hO=)3I|+h`uWaie^{iI48x zbIfy&-n6N^r2FEunCM7jBzeS5?Qh-dKjytU@5F}pRb<5e| zjql!}dq=fOL4n*WAfSM~xzekO3l&2&9uoDjVLUhq7FArWMI0!f(gg zWdkb(@ULrsBOCwe*wZao(9JA^cf0-5Ye4Qv72m%LJgjd)7g>G)l(&*~BmWB9Cn)GF zhzkChr%tV!KmP@*gt7+Ko@rl2UK!!BIQs3rsT6xHbKU#5Z!ITT!wn|S0kR(Kc1X_F zw`TfPXWs&$sujn;ge0i~m%r#B94>Wd{}B*c;>H{X5i~bN7s*a^@eOPC!Pny2C+3ZJ zLKS-S$dU0J->!MtBV)KnaPNi@G5`2+lxa6_R=@x8`lITkb%6ly@B&!%g7Y4~2k?xl zK`1$;r4t8DNac?$gDA=4Wna7I85kM0a|#JWE}n0B&`0;usCk!z$7yPMvZSbII0*5u zSC6%GQ^~G=SA1cJax4R6XJ=&>rHX^)48vhQ^JdvZ`<)JBUK|1_1S+eaI?vtDPl$OH znr?6e&zf3B7TPD~PHr6;@tOjtgzC#eOKg z`=#$8ucgdmi|{L_4&5n8u|P7pv!F!#wGV1|2m!ofx-l3Y9Lko5z0rv?0KDf-oD;9a=`cD*Wm!oWE-Y1b>5Pnw&$YEChpOpr z*sq}XM3@GAd@=@S7V1$5XMzQvrlv_$Go-Fm;}eQXN}HmixmdSatmLGz_b*;Ysu=|= zdQ3H<| z>3n>p?Ei29KEGf?(E{>ms3BB^j!}NW(ZPZBih&%S$#L75i~>?|$DSj#D&r0euFqtm ztXR3SWLVMSJN?l7bMHhB*tuY@y%+HXF5t$VU#~gKOnPMqef*FU!JWI1V%1u7jV|>n zggrK8fG#spS;-8Y#I35W02t8?GV{#b$k2B`)+P7#P=R1vw|=wJvE#>?0S}h# z6t`DYWoEsu=Yh0{ARNe&H?a;TZ7wSA)EdHZO-i!p6M>x^O?($trA0@c>Z&6aB+1-SvDq0w--IiHuk|C+xGJK~s1IN##hb34Rn+f3)RWoEdOQB8LGk(<(UYVsPSUdWL z%m+Gf6=0w$_8mz(HF9V@WDW{R4mO+ z-H%krDYi{NehZCLf8z}ZC!{CYdwDe=TVc4!b|m*)zIhO>2TbumGFkC4XIs}@kuu7# zR~|&b7cB|t(A1l3-!Zzn=Wu%m9hjMfQ`x%G`WYQBe_CWY@0QsXH|` z4b|1{exv)z0Xsf0#B@+izSAfpB~@o=1nq`DS2{=RunkA1Fe5{uL2PcjK5Vt)Mz(MC=1e%0Z;gT!CDr^ztjtO{CZ3aGH_Q z4H+_4`cN_0Er3}^&YypB>z3{Qdx%+M2Ji{qh zJ6M!p31R#se+DA^x%205c%DGJ#rZH@VKU6+*{6JW0#v)^U8c;Wd|`gTp}7pWR=yOY zdItv~`iQaUSIi!`deGl!C7r|V0;0#*Z~9P~j)U2#-r^3z?lH_=1dPhjaflD=QwkRIUiM*%>o}h@Ua<2C7?TUoiham^t)`m7cX8=?}ffx zG67;DkPDR;uOQ;#NA4>i5?uS?=oLY+172n;-SX4}3_d<%=wvgq)MZQQwK!%GzcA<- zVY|pz3lTU!1r`2ZKJR(diFoqg?=%7AibfB{!rpN!wUV#laj>{DS=^!uMgv|{u7|2w zmCIgCO!jPVzB%eZ&YtM#GMWb{4Kz|88XB@|e5pT?FtUy{HaTea5JVLm&GQMzy*LE6 zI%qf?zH}B2dA$&#@o*(9gSmfyB_(swRsPI1Pd&O;EGyLTIz7 zQ%t`cH`~n;6=hJ0H;hGUnhl9V=iqAN|xWI)G4gWY%FfHd4K`b&hx)hbt z_n$w7d{a{qW#EB(-mH}8$T(SwaQfJ3_!W}+aKOoj^O1*kFYBkBx(JWa$&Rf*XIiwY zBqk-{HVC@T@?QI;)>OU}IT_9hH4_DKCY3sQE8aLTgHvlI(V#gFu4Ez$!xvVQLsbCt zCiTuTbp?{92(CXrJ#z=ppj69l zyjdaGIy1%K3D=aA)Nuv!{A_pR`tE?}ap=H-JrmdJVR?kuf}@)ui0U=yj@Qu$b^On&K*~BMevnp3M8l@A=hxUzHMmmVvvB<#K(`eqK%Yh^l@-E z*ohA_S5$A_Tq+aZT!R{qdR1Vfje_}f9#RG$U}@g3%<#^Y$_|=o6`rZd$;I}8uK%j*r@Xl9C%G_ z>2UVO_3IV`5*W*iBsF?$p)@X@7~1^WN;(pI(S3~nZj;OnbRY_^(a#TcFj%#E^{0o& zsa!iab|?fbL{s3^L9{^FVLi^@F;;9(adqscH* zC|SqJz$2NSTl4Q0QFXB~+bRvEyuMx{WjJ*-9?Y{2&!|n5nq?ec?-}$ONZB+Da*O1R zGEOcD{V}|&yWU;X#k*|sz~M=BbFzcvH7d{I^)`zDu(+&^JN}Ly=O>cHIh=#Y-@`+X z8=dYI-y|LnS{`hC)CCgP!yI;NCEN;^U4xOifXjRVmHUl`ZDilQ)4)B%29% z1an`TzQakjgYv+I4L^wf$FyduzeKlk+mcjstT(lcBFl}A=Anbv|5y#E%-f< zg^Of|ou@E-9sBJRk=ziQA%ZR!8i>}#sYBcP*THe1jyq3HG1&fo&HEoLCAYQFC7T1c z2CZM8q}+vkk5t3EozVdtyeBg>sRH~Hx@BNsAV(5(r#`o&eIw|Tq0=K%Eeh?pqp=R2 zM#-qD^M}XR1M^7}Fc%Yp*EKUDzU(}FO5uqUZncpk70UvEiW$^4Ef-ueDl2U^uP2}} z=vVW>`Nx+L*|@fhZ2|5(fByX2n1okeHh&JsHv~U;1UvG(g^En5G7h$KYXA((Ml25u zq@o$7{T7FQ6us!Q)QycZO5B*i@Mjp=@hXya(D-s7k1abXGeOs7E&gs2-AsGd8dAh| zF>fn>*I#jK*6CxcgkppHw_sN-avLAYpTsx>gEWMQ@?HzTxIp`YxPhS1X59JN(&F!; z+{Pr&bGd${XVApG+~_5Fo40La9*;3Y&`ZhvOrj@EN}m`m6x191QfyjqT79JPcth!*R!k)l1kf8XSdGrFVX@{$#*r`LXcWzML^Y+vniLl!KknNGQgQqb1gy6XK8pdmCN z5nCa7=RChWcO-d>{3)rlTc`8$$>EwlO{$(OW`AdT?Bv~f%E+1cm{=q zJ7?M*S`SHo)s(PfTRv>9@m+;S9jmDL(rY~H={p|SW(bZZyLLsnCm%n4JbZ4i?KqzG z>BGca&Z5HkY6^BJ6r^a&p{?`jPv3uqUn1lfZC5rGalH>-FQ0Drlf_I}<7y8Ftxn3* zxwNS-?=DQb7t2MITeCr7{6z+^NFTJHiO5fdi?GkZklvMHJ5a}|U)Ec$+~)Y463@lmm-<~~E%7UaiG&AI0qi>uUSXooIHh)-8vZ?c+0K z_(dwvRCMT9i5zqY6Iv1|-NfnM@zcEqtAI3UYu%*fVpRbmMAfdBATT zDi0`oA!Lpfvi}Njin*>+`RrLRqArE0H`r|g+2yqza?L+AP5axH)q#LgVm_ju0OKrr z(mYv{^$e5;$TdE=RcH1iIp*z`rQM?H-@pG;@keNxesB_D&2%en#}xI;I)XGGiy63K z#@UL}ox;7P`YVMC)&gN+VKjW?p-9HX9@ypbZ4G&|roZAIm>dz61(d5sDw;KQbDtI| zdvw=)%VA=38f40RF3o@G{a8+Hc;NQ3pYQCyc1*IaK5Su|t6~;*F#NCR*QlVo+Z$U) zS$aprZc07XajjZCsei{dG)Mbb&t-v?rv*mnD`Kr^fq;;eZteH1hQs^%O$`iyxw`lO@^(yK}-c{d1yTaDQf7^^NA%oxGx z@b{!%{imoKDM7^oj+ilSBG#yjytj(Sp6qElv%9vzy}-(Qe^#4WxS1Xq(Ry{3mM?e3dq-$(VIm*2YPThWA0vHI)( z+f7-$J@4;l1GoSCAAhL-TKQk^L-y({1-<|KZI^xJ&7U#$*?vUvKYxekEGwCnLMwvB z?RyP*1($V~`t{EL?@v;6OS0_ioe=gs~5HJiQ6M3U$ljz;Um6-Vsf z@L=+Q|NG-ITh0mwzyIs6UiRHCE^O)l^3YFzhz20+3C`}{N2zAUEmtk%%3{p*-L z#QSCJ7rQxYMFER*2`pBc$V>A(66T3-wSc#67~fN}L{JR3s)fj{Rg^C+FAZtlA3SKg z1ojB@w>RTtGu~-0=)AzKHBzg~$BuyuHs1N!Pkcdx|90D6w&O&$rH_aJ`thxo|FD0= z%RFbf<0DVb8lP^rq(@xU^!Gp30rm_7A6$u+IV+2PSw|(#e!Xmj`c;ntTAnRa_~9N~ zpg&%9>!T8isOnpr{pM{O{VwJ8yHCc~gpwCMJGwqC4nDd{yjgnXIW2=fLH#uetU%mklyEGhkNe?w{tHdnTv`VOfFesk_FfF0c=e$KtU72SM~*Py;B7+AQ0q!W zXK1rTNO(Z>MqKk;j%Hstd`HGqMB$19&Z9>z!`ytAMY$C`=cC^U$G!>}#vFC1b2!}5DEy=(MzMmJ7}asMg3l^OcS zt^cDb(Jz~f^38+uhh5h$?J56u#H712gWdAQecXN}j=I#Z{Jf*qtAF8T-`kExXG?aUJJ>PRO-F?%E?`Jhll%7% zJi0zj;^=0Y%nq(aFb^T5mEsq;2(UD=@rtJ&+IMVmQ+c!7x2r41GQRAnSg_V`D`#~E zvNdw~fV=24o5%+Rup8{xFL3-N++n$ifnX79GfOL_hbr6Jr>t&y`BD{m3)%syIp)+L z>F|%EOMh)_G?`bd|N3T;-0LYxU3$OzDiwCwl6gdS_GNV2ez7AiHOfoZcP#vTp)|Gp z!P&)Hqpd7E?fa>vZs6<}c4^JEm?g6Umo6EVv*g^+2!*-#b}E@aoH;!A)e{Htn_Y$u zz0oB?z0&|$O9iVik&{=$pZbvG#r`G=N7sMe@N&&d;~;e#uiN8R-k!5z8G~G=zBGa5 zw{8uR73{a)je+U}nSR2AG)=1lmuFd1!z%HCwpNDhX_Rs2GIo}yT<6W1lZGRWo7-LA z<>F$DQ8W>j#l;0`VGW029fMXBliJwkbP8`@>0T7zR%C1JbAFJDnTxc;M6eMoK>zD;y}57&Q1kh7BXdbpQo=QKbn=-U zuuZ1z8jg0F`fJ%cJBvOGJuiRya(O^W0Ak?@{0=Y~(2IQV7AlN$XU_(kKlpy?b=REn z3lw9uV{mk%M1Xw%g^Gy}Ys4F~&_yaRA(fRGfKEiC&h#3LiU|q;O8fb$J*9OdoQ{}% z0`uy%>(<%roj4Bm0q)cvmKc2&bF=tEO9J-}2#eYN>tXTRdq=wFF^Ltl`m81p;l4e4 z)_?rC)XS?y>7{IRsg=Dwbv2azRaBm1mN;YI#pdlC;TDC>CY^`LU-1KvcHq&|0&2pP zi}M1fk-j;7{dq!wt`-(iF2lWY^-c6r;%-UwLFp~72ho*9&o@KsXSj%GT40{ZZQxW4 zDjORb5;Y%ZRZG4aNWL-U4yy(TZ2Y?JQSQq-U~KR+nAx`Is08N?2~o;x_$-~@esjo1 zn@66*3}j-mu#i3Il%V;mS6@?_ci9M$42IC#+?+=WT86myB*!QnzLjrLlA8J^iH%7jh+{ z(^@I6lb$`dHKQfoq>;d)ykp16sYE7JV>L+Z`rrghcnF;%mP3Kpv1;otKEHc*e2n^mKHv3WeaW zX3SC^p?C9#Mrt<4C;1GcM@uN2*taiSL02S+bL}mG7NDreD~eD@o=i!LyQfTx&(bmb zwBZzGBq!%M=bBEsThPJ~f0>`(-~JQi$m!!DbKbdqD|IueSJQDTo|V$v*m>e=IxkRk zpr+iK=Aes!nwa-iW3yp@j_CtP1xuDG6G6G*raZJIGz;>fr2!KS3|jbJbiZ_o6V@2n zn;iKcF2E-O3@u_`Yq6qXLSo2bqV5*6=Rr*kH??jTeNz!z2p~zoSCDh@@OhOl&o8IJo?|xftTEBF(m? z#SR4Z_H8(2npWq}om(3eq^YSX_%S`tqLg4RTT!tkOIxjM=FpiSgkWYIir_J0#~wd+ zOvpT;zcyMDoAnm!BKn0nj*jAGm?{ntX4meAAJ;7ph?563x65)?mqz zi1X{oQH57SYY!N~akcqYn^*>#4EnN&^;Py!4$lU4K1GS_;)znMT za(mebK@5e#S7oUCLqtMTfK2-1WAm&iG!%y5@7Td`m=Y74pRakzhDKiS`gI@)upq20 zePttXsGNvT5~L>f;q2Lu@oE&QsN^&bbWl8~-NZzO?pmzdPqrk_2dQdpGUq3;TU;4j zD%&)zX!#c|gp8RA9OA35ia}azEFkc0mARFt_xZT0i{#0>>%X_?*DUejT76C*lw2(T z>u3HBuZ2Y^?^EoP)t04~%Qo!&-80Ia(P$CAR~dIWjYzc~D4TU~S3cgSXx*m_A@uq0 z!cA%-ZCwan5Y$?SnbvmnHgiOVsjsiEtr+9H%zz=7(-5mfoS`~?iD`cs`22Fngi)h7 zk;VJzGSY$UQ!1qrB^b_KzupuqXMT^vsV(Gd@rXh4rN}m!8SvWS@j_7qIA*}YU7xJl z6ZnvkEI2!{cR!3>3Y{{gsh>MT5nd#W2Z@9O3}n7EH+w7y%X$k;LFLC6G4%nN7bb5Vn>HwhBuMN={rLL0-(9tp>ibPW;$I^WnIPWG%B|t(SX}wUE4sw;l9x>J zt`OTd>QU~Jrm~yNBGiG%q0Y7kc>eAg)Tkbnaq|tcxcozt6JJAm!2y%`?h{~2l*r)9 zefd^O$6Mq3%(3Rve)HzzvvWyh_2GpKxiDpPb0h5pfgA@u(!wih$`-nA9fwy=&OT}} zOrJSE@2+Rxz9SU7(3nwgW6b-tx8d^4+bh%hN`JfFyXK(z$S(4waEAbyg#0AG$5pI6 z216`55?0%wPyT+X$-RX?0tYj~@MF2TPuWMf4dvwt(>av`^`KJ7S(!d_zT`c1%^Vr} z^Z6RLaFXqKc?&;j4H|?-9AHQgh?BD?HX2z*1*~6n(c3*|Q7jYC0@Yz5GcJxhc8IL3 zEP(ZW8G|c2A5bSgJF~2R?P**esU7TWY$mR3kdJcbEQOgOWIQ-HI53F#&}FAJcWJT+ zxfs$s*HgYqQSLM&)ZENb-ajrpgk>4SALOU3$qB2Ph_3x}Eg@4Im#s7IrP2`9zzNr_ zT?^xNDQ}$5oSQ-{fwWvk(VQpv5(&lK*|R~Q*NmSh;6+gQfxC%2Wc8|5V{~*Z?d<%| zH*i>Px#hE#53L=9?e6Z&u=_1I=pK9uy5uK zr3Q;1`Gub|j!U|CYP;66$eV9eRaC-mE#q@9vN&M;Zs3|gt%&yZV@4{PgBapi^Oc1X zbM2LV%Cs*dptr)JymtM%|C5teWygOVeq)w;vAe-!H@Um`K2QO-{{GF%)Sn>l_8Fwn zR5WroJ}cRGdYsxp>|=W8%X8AjoD5sps%$5?39WIfd=@V3*{>f~p*NkoK3*BEZD#RX z|9NzrZr2NE-Zj9ci#UUkkEF@dSufpcyTAVS%P^iQ(#%_K=OsL$R(x%XCrLCs0yx0A%jbTVxHDg<1%~1XMzR(URp`cvUEW{2!lK1kZ%U#;E5vs#Qj_wRLsj?k>z2 zz+7=6HB_?;3AyB)i>F|1q2LBh{(MTxW8>bXzo!jdHcV__l*;#*yebXbAcex!ey<}G zdJgEg{c_HD`Is!I)fg!B@73$!_=o*%tEHu-306B7@@F;6px5!m_P=7I`;YW*xpC+3 z`)~FoI>U{PjSUQ(hbxD^ICOQ_`&;vi58OYk+PutJvv5?V&l6Axj_9hY=Fx9!8fQtE zZf76rr2NwN*$W%Mdmuv zSu@e=&pOs~rfSDLc=%8vVl?>}FbilazH)eZ6a?|y)K$^6!kA$gJO-B|W8)(3Vu~t! zDi^b}e(ye$>Eo)EwB?#dl)%fotFit1mvDG3Rr-^lcrdZZfcQ)~!Ky;1mcDmoNx(#c zKJcqx$Yf7jZ^f{-8VPs_`%^vt39CmQ!SY^g&A4)i_*ge4cuv666@{dC2f7^_H`mN zF@^d*E;T!4?)qBeuy?cwJtT?MmOL`Qday>NdZXGHX<#(8HF$X@(9Gp-x$TsOWZ=8&OF~)jV0W?PmWX>hWn2OuBCSPFj1E zoIr$lOj7Zu-MO=d<#5O*1*bx;YzMDwPMS^Xn^=nW&t;a{iffe#Jl7f+3g68>^Ci;_x^yQz3B zsRko=T4T+PuD;VaL)s8-Af}e0Gqj%qNh{oBIVB5ci~gTXtT54pLUfJ&wXyGF+r$IR z%`aRKrZr4%jwKaId?sj>o{nUD0mrCvO0Yy_5tDy%g3z@EP>7s5H733umsSA3JFC3A zbIC#}1D4A_gY)6z{hLB&BHL2h&tXn;uOnZ0@}y+HD|O3BM$^?rNk7%)x5~g^pH%0= zGxA%*R$SS^kQaa7WJB53i)YWOm^(5fZtc}at5iq+#wzL|d^*ml>qysX&K-FsE9({8 zh{F>}J@b2Pk16}(c8KR(yL(q;7FoBrTIyG9kGj|uGKmqG8f5NDf~E9NbJ91{XZtF- zd$F2Udac>FeNE=i*ijVC zLBM}>$9j4zR;>cmzH~=dzVP(vsGyZ|<~(JXW*|4duv*bICgiTZf^H(iL~K1FSRx_p zt5;F~6+Ug_t+a=S?E5EbLPY!n?Fc>_Yb89DX(E+bHNJtccZrW;&qLRRstgWblB`sI z7r{Sk1=o9Cn%C5_E)}X7lJ|;`u@Z*xL zTN2(nXiVFG?@Q3dqQlJtmV0v8lJ2p1=T@6YC2?21oFN~K9i0d4<48mb5-jvC1-ekR}1fObr|RBM^aX~^|uQu1jHlB^1$VI@op0jV)>9;Lus`68X8hx zlQ%_Y8H>*|M@>0iZ4VUut75Q|YPeNZ=Kdv6(?B$>R58ZOL1oZ zaRa$`;717*0mJcAr*JV-QB2kb)GSbQvO6#8n3woZ-GDRDWYGci>byAWX*y9UDOFPu zqEd3wQ4P>?;;cx+pFZIyhb@ZdSis3W8=5>zz@KXB6xs>YF=Orqb?{ zSGd3lCM4!S2&%87MI2D6UG*U)B2~O*uyLXKV7om*SXgm{>>9P;SkFq?QshQUu)p;7 zUcO?5$5SuMdLJ_pFnVZH_gWp};MV0FaHs@uh&))|GFWy1*v`j5t=9k6WR>U{w=$D*0{oM;+V^fa zE0XkL{7Y)c7dqE%VNGb$?93(vk?v&Nf1<6@C6lW)vn7OME zWZ8T?v`t`(wJXX>N}5tg(wrlynBnY@A+fH5-LTE;9tqzrS_Pw5l@%YcbqI}V` z!gWUC`*!6K?;78byURdDK*!Kw#$<_d%^mMkLoo@7R4=D+N3;f@gBlEB)f7`sOb!UM zus$xKtVTGi9j#x95bBF~13tfru7&Ebp;M+#?ZCQ)SIN%$k`9gBCRrz3T^87m*-4)B zQw|a!60D^$6C62iT<_9+_76cNu~|7>fiP2;Xpy(|0h>_ns7!ewyoSg1!F&$UTKHH- zsB>BRr6;w=UVXCym+?L6>D?t~V|qbn-h0~yQ&T|}i`0UWhN8^h&rja_FaQ9+TUbxC zmhTjXki-Fa@TR7ao^SZvF#gYC3x<>4QAC5D)b;1gMXc%0LJSNElTx(of54dS;S9I`jpl! zX9iJj=aj8|gLVuehOm@#O;L3G)g88KFW58YePDWAaHxg(w>Ex}78PPoIW`baBdnbHTs# zf)4^y6#I)s5w$|}E012R>FJ|K7{6^V*{dA`k~7WD4&hn!Ku_ec*m%Evf1t(}695>! z!#*++BUrLtA(xnP=omNcJ&@dgkQ*THg32Aw^+d5ZEjn_6a zdX37`4(o-ef{v>3!-v0XM@W|DV^zVYjL2Z~j04(TOmg9trem>Pcpim*Ug>W~MfjaahZC`9G2Sq-bw)}6 zLxl~TaXP)!$^aKygN>5T$WjNxG}PQ_%^UBQJTG>$CK~dW(>=5iNcnYF7$7+0mP$y2Di16liOTpi5u2b}F z3k&`@2Zu0X&m0Y9w)E!B+{ZcFy*isao}1fGO%4CIc{prx`J(yb0B___m_ujB)sBmj zb#5m+Fi|sFzPDMmzEz@752^J}cc&e2G=MvL z|GuKz8|4J&Tv7_UdeMEe_t3SUiGr7it*nUG(6JwX(sBAkis&a0H{)t58<4LRR-)0p789X zPtut)V?E1&-PVF}t=qe3b(~myJ${i~^C065-+ujGDX}_yCk$)E5Jc9M9P_&K{oBn> zy+wj1e49|T?MzF1O1HD>dYJnowDh<`F&8Q;`HOr`&H?wkvC9FOR(1xRX0A^Y#tX=zTsVEIWyN~jtwjC_AmZI8OV56 zD!gll)cz1ESZbo*WiNFFu!u3Uu5JKpjRjJv3dEG{s$*OIjSGcHytsF5eqJ> zDObOInc?rAXA>eDc$1^7w9BZuXC2C>uLnS5q=PzWEdwK`!}?T7Onb!qv$Ro83Oeqb z-&6?7{rleuia2DO7Nst0mB?)cDO~XNqCVu^#HyF0jzLY&7s3Y8>Y47ki<%5O0&RfO zcq1IpzyiU_aF7s5GF?UzLPLh-WwP@4kNh zA0{${sQ?r}?k9ytJ3U-oAh5D}rI(5m?hQq6qbyiN=(k&Ab&|h)`2tX|e%(6O5L~7$V$0J=G5v-JVYcrJbuSZ$OfR`jSFj(VG9ac> zS7QcC5nm=5`GI)WF>$W+;rR{wHXMf61c(79?mv$AYw5bKnGdXX2*{~>*G@+lqs@+T zNB;w%*uX&fs2h<3p!8zD?Hy-uVXB*t)YsoJFCi%_CoD`1cL`o3o^qVgz@S@0q+8>^tz0!^3 zm=Po38GFv0S;OtXC>8pGYZtf9n}i%?i9dJ<4`}{8bn5i4^mTo-H&sOa;3PBLs-Rzd zIJ0zN(b-0vBgl18vng;9qS?@NzB@j&cpn09o3`n6*gE4^y72iIR}|2sgBKw?CX&u1 z=cv&(v1^d+!i*BGA6YuSaAB-5c6i8Vf(Uyy*)y<@MEIsoxgS4Uc5gd>UsWvDcepv+ zh*dzfv_fZYpZaq+Ewav9B&j|j?hJHpb=gksdz{5){uZh4a5}srOPd;-7Qc8K^F1zT z(_SSyq+OfNTO2iN;MTW&^80`$pw-|Xx6BvETEli$Bjg{ovVHAl|J20y;KI{l`p_`D zt87d(JC)6P;`ZZKO|j8Rs$evYJ20L%sJ{4ba{5vug8qjKAScI{GFw)9cw_;Goz+{e zMugN$q7o>HF&v>K=OdvLK`+N6JvY}MLpBy9Gnb4zcPc8vt0rn%Vc1H8+cU91D1k9d zXWOy7>*^e5%-E5TAgBVl3Xo4u79vDWa72Cm6^sNAO|0Ph{=rYaluEOxb-s6MRD6<1 z-D~mUSurDfoNdNiq$uU~;L8Dc4PfS_aiTKB?HmOWG*H1jfJxfNk5rpN!Y6O= zdPJvQqWF5ahR^Q%g)6k@&^?<>jOW*3YEEg(VMF)!=@f~C8akAGGiF$eIBY(oUeJ!wD=iLCJHJ&x zMCT2cSI=i^iy6jrMe-O+k9C)DQ@grnvdJ4R4%E-l(K0I)G}nH7StPgy5j6bai{zv& z**-h17cE{av;Uya6FhcG>+;?8WNRelHfH-osDq*L-FLpYKp$JM;Pb0jS3W!y45rSl zc++2L_s`Jo-6e%^KR7Yo-sQ*U)eP_`Jv`#~fcScj^R3&qp%mFvWv6I9V*bTPWahG! zCr%W+Au(4QKmG|A1%L^q3oYBMSp+G9m~B(hz4GkYo_ouZ-Gj5^HqRY7R!1kyQbEf< zXH`;L<(dFBR88>XF~cArx@+6ZHPf*9+mHi2Ha?-C z#emCdOiOYfWa+lHw*Yd|wr{DxlX9cEQA47AUjS>x_rN4rYgMlIdJ z<$$(~PT_8uPVXm5m3`&ve#RSy7$(*?V%q-0v%B6q%hAo$VJ?z=3h##=`|z!WUSWGC zCp^4_+pDe^U=iME{?lpU9#r?u&R4^GNMhQ7@km#Cug{s+1~J&c zI!Le?=Jx;cj7!vAMOjH{XJVorBQTh~OP98B9cOBH>H2}~o5Aa4X0ts<7a0<@dt}V~ zxpRXd<1M@V%Zt!Brm2Q&n>FX?dKpw5`fedxA5pHj)4C=rVuE~#?<7Y>P7F{_70e_& zLOq%pjQ?HLMmPAH<$zX=5PI%{0;_Uwyy;58e*bf9fD(=1`IgUl|&a9|v3w$wtSw zi6fP}a6Mx-E=O#_SL4YsKgaIUmpe8s!+NZbJ<%Iv;3F%Y{urklbhD?)0R%xY(AVc4 z8FRb$)shDfR?`aW+p;!Kl-Va9K)eo<6N6~l2PbZ69xKK83P42WKRjmfQ<&;$>gk=J zRb)PtsfZ6Z))xUNKPjB>4fia5Kg!q0MtyZ*k9`Mozov{CESrV2NLw2gG{LK>zBUWV z{mwml6sXd(tCZ(Hv#71@3$=#~!8H95wBDIRYXD*dpR=yfP;pe<0y7-@)(z>h$!z5A z!eO7n)6`C+7Web>_OAW*3vL?{Hy8o2TepTF*+CPmxGvhV)P9oG-Sb3lTRJQ>lG!Wq z^_^d*E&2510AM_R{AQK4UcGs<$lYCBXZ-r#(0?$$8b2bkBmBO#nA{BHa1p4)ffs?{ z33m_Ew5l}?U1X9OTAUVXIVdIzP42#8mFae`KC72c-MnQBN?V}CyCz$$+PPICr!rM% zS$^ZOA?3V(E|Q0Uu!Q0jUk9)_=F6<$xpSY<>HPWhe1h2Awzf8nmB<{A36fiDYfMSg zM=yq^NC_lZW&$Ackx~8deOy(j;21xlt5@tjjvz0K{V6)`S2+2Ai&)G|1etVp8BrxT zxn^W6TeuL1N;Q{Kj71QtlaKoiTm%2R2>tEUvrsGeLikXtYW;<`F`vfRXuGBmTYLV( zg@LjFC%gG_I!+Blp->k>HfE^$Y!n}vx#$3(D9sQLLEfk>rEqHE0SF{Sx%2n{ekdvU z^Bs5(toroq@xzBdg%+pZM6qs+wuBI%y?a5-Cr+H(XrvOQ(0BaFef#PtCc&Yi-U>nX zEUz|DavR^h4%!=I9#U{lb#+a>{r*^99l3qc!HjoiXF8;;VgqZhFp`IWxRw3i3bB|T?V);C{>)IFiSc38cfC?4|wyQ;)rh*j*rT|MINm}eb zoR=3ukwvkOC!BaM2!gk%2qEr~Cu6?Zz}%4s%*HnrNzT0xS{Aol4L)Vd&!3}4j_fKY zw=haUvR?yK$!k}yf?xoBMn0T(=j$9-S2JmaKg0BGW2agnqTvt8ZYHIg$$VX$<$iof4mqOtBtMa5wsu~FaVn!HUmwo1HTF7T&t2qG zrP=rW5~dzKwn)kgG;P*5K6}RF$E#k=*(;e~jio7IKiGRy^`UN056*RP5TeC708Vml z5Fp*^%ZG&|@o5J0IM=)v+*QK<9_}JwyT?_m;6QRGS&lhuhZl?F@ZvvGy`=th`dv6~ zc*X#=GT5nYfB!lt3IUnCu19j6X78z;Cv(y)&v|soj|G~tv)6%2Np{WD7L=F}r3CX6 z03T4l587T_hio-=;dLPPzSBFG3}-eLHVTH<;>DQoe7AY(XB{WD^!Y<$^M9)3fy0L% zr2=DIh5TAv{~15!_!O>0vWBFoNl0Mp$n_`G1*17WEH4WBo zh#&cA!p0{=kVV*#e#rDPT#pD%U4A;KSP`jUD+aa4oPsDma zwUiL7r=nxJQlp-{c+pOM3Xw037>R9V814w>U>Zx+<^~$ZN6PBx=!m*(vI*>VF#&uR zpGS&~wAof%gY-XytBdaiQ%97&d&HcEx;pV*CIJ~>MSd?YPZ~T}#%+|rE*ZJ<_Kl@= zUxFrThe?e&o$P+nKdsGnj-t6^xCvtp7#}Jc~~$Knll$JEDD)KO`aRH_O#<>8cc|kY8PX*SWD0{NANiUZ(aBfip7@%y{0b` zpWCm>xWh+7alFuMru2|)5O7!(;UD%Eb;s8b@5FweDP%okmV#2| z?2%d2V$w@yi{X+7!@n$CsDfG2wU+a8o6O$E%6CL8>|B0^NHs~FAw#xQtlN|Z86a%Z zD8(-OWN99|PcQBEpto;-lQ*>x#x}Hm5$|`S{%ftgr6yTfJ!KmTbd^mBza^Qjo?d$vMdYv*AEYt6%MP~bK zzP|XW#Fth7A6M@I*7M)?|FBI(`u+a@`?{~=I_~Q}zI^NRdB0!dJfG)ts8<|ZF z96UYMT?)qX;ltK@wHzO{b$O#X%_X=0rZ!ESrvVGOlP0(tekkGW!r~dE z*{DGJa5pkrWdoN|2`~DopY97;>^pmj{0Y0=x8U7Sr(*$ zP|&{a|22JMn9<@zg}sawJ{*g;NSV|8DP!=jzmuvBHZs?6H{?2A+}y8oaMy~!l97+r z_cK<|4p$o6)k{YIxnJM@8kTuX%b5y`?8#-FdqT%1VU#Hcam)xK5%+s_b(q~5CpsfG zx7^EU{W)SDbjYgSoM{XVuq>De6@W4_C9H6b@Lw(a4gtKzjb+Lx+YB zi2pDoztWrijkDJP={!n{^rcTr6C@J*g=yeSkmg_uXjElEluXr@yfXb6aYP5n$Ccq!&kK?)XEMv95 zwExDnH^Z$q?%c+R+;`IyO&>jeJnfD543{q|U6o0bc?TPiSr8xkpU@EBF2Qk}+T28~ zdw1`^#ATiQ`xa~4>++^`M#`-U(U5+%xG7G5dF$#eKUPf{vs<}Gy|Y~ZHoudfYV~pt zbZh@ESNC_B#lRU`Y)j@(v#*15vSLsCU12~2(4$;%Vq38cSiaP-pP#C-1JrR_75vO; zjw#V7Z|`i9F?fl}$X%Pb*C9Lo>JPV$mIxUWG(kEHSDY?hzRoT#n$jdqVxg8aE546J zXkqR=k?FbmWg3<}U5mm~q|5Z-6KpjZiDt}h`sB%zFJ8D1XEn%T0yP(Cm9ulkLRZND z>3y`HSPwr?b~Gu&J@TnmNW%q;roaXdl52o>n-Zj9^O`Y3Wge|l`PMr1N5|$ES8?}| z9U((X)-uj!1_fj)D8sV1_qJ0k@fNoblQ|Ziv!yEB>G|(n5}$UbH=)OX(B^bO6H)cs zZ@qN{>$)dT03G3;*eOTNOBbzE$&e~9T#T$WIayO&ce9yap5|JMkK#Xp-@A4U(Xte4 zo<8pW2P5a4$sI=mHYI%+-f`};V&z(5V*8Bto{9A-=YI9I30&9H3Q*HQ^JQN7)Zmsw zN;QvZyrJQ{wxO!}Cs$q#SY@&9!BJb|og?O66h9}oQ*HgChX+IdC@PxrtdQXxJnYYe zKIFNkG^_;N%_vbYHl;QIBu(^_*V&0f?V&^JvSslOQPy2PFVG5!?EI0vdGeaiCAcpteG$bb*`v-;G9k)^kARQEvj zZS!Yv?gNGWU@mmf$|^CPSUbg*sus}4)%RBII=f+4g)KdrP zy!UE>%rm`T0U`pLnHOlFD(f$Gct?ZbGGAYg=<7P;6ip%31xdE(?EJR>j8uz`tlq`fmj}!w8S)TX(#=1f6q3 zHFV(SoGe$#mzLYU=f5O{y7qFx@%X_5xb%e9&bt<_d_&E2c8$=PQRr~1sGse zkJSMS^<|`dTB0YH?%#LI!(*zW`R7c>6O0$=J0?z;V6uF=*-K=2m}>U(eO1KlHQA2N zS;Xp_Mr7_BhAOre7N5U;dyMnU%-E$zH^h{L5?3Y>s--S>90j*_Z0<#A{S|NO21d4o z_#|Qn!4b}LVAdiBtJXm;h-IBZ=$1*75V6C*Gd$3E0caiZf)6hG4 zNvRMjBvm{(A%|rd$KIpzADt7b4f^)&yVTcr?Z+qMOU|NSAWcw^8{MfLX>B_gFW=@dKs^nCtyytbX5z zzPH4#Sc7Q9SuNr^q+d(8OB)scy!5_>tu2N++pcW>EQHrSet8_+rP;sdS=A*qHGP-L-3ecy-nTE@S?r+B zBZ^ADyVO2v^v+`#uAjw`57ZF=ik#m|AN{Z{j*UITEk|DpL)Yk~)>G$PiCbM5f`I*G zI?C+W0#DU7i^+At5ZN1VLO-;P87sfV7LC(^o058a(wk`8>EYjHco|rKYu|tlGr9*Q z4=gMg5*QFoS4hpsu+WYb@CGrt;*-Y8gX^yj0LS_bjz&j(rzyfmKEym}+gvj81gOu^QFOmuZO}b;;NP`f za^yBjPLj5{0}erME-VWh1qJh}V%&dR1Jp+zR}@RKQ`~A;a(T*|^y#(vMjG+smd^(= zW`zT(GCo@wXEOHJ!&7se|M3tTPH4!%>q;Ki|9f`Rxl6ospBcyVb3K&Z^S9ZUs z=sK!LOBkC5}rr*3d5Sj<}AF4Kg zs+0>{<-g@X*$a>iL4HHD`hvf|RO*(Aub=&P2s9v^^VBmbv0H8o{rDLFaO#`lOLpw+0&{|vSJ5825VaVJ*5!PEB0s*z*I zdY^`(4XB0tlO@0~tU-kyJpd-~@Ff-ZKl(kM4`7a-IX2kKi%+cu z6?+kxaj%&XDK*gHKZG%hDLNcl^Y7db6FfQkx4 z=s}=&(c|rB&lbX?p*3Jm>BGDu+Q5$FZVU(+T(fZ4LB@^e!1Ad>xkn@$w0d?`eO4lG zJS^1a^{)eSr>uA-ZFmGE0K3HU`=>ewppl<5N2O06%r1KL?CH5|*`3!bH1m5+C>k}# z#LWczILP#>?Np*vUQl4UTY^`uniBYO3jj36$-apYA(kqZm7H*^fqeG9^t{wik_<-J93y@Qj-@`akOg)8MtHl ziTnb17T=HNS*87I+%pwsRr`ic5&|yWu*&N?U4G{=W?W!?(Z=drna)C z(TbtB=;**67|nDl&BE9y(H}T9I?Cch#DQ!TL_zcEoR1VzN}es?l;f{tXI%h z;G?1=_1Y00kaH+-qAj#^_d$hL)RX4y^ry z+0%UTOh>L9_(d2-hN%xsOb0YisFLVApwIdXMnB8AEkNNM6j#D?q0onEK4$ET&?7bs zmsn1#f`hT{ctI`C-BJ-?!OrmRZ+xbw30qbmvqKYQ)r}iE^gZkvE^n!!ee^Ox|G1cc zHq|Z$fa4>bI(bs?aOEwtsc-99uusA?xTyXqYD_X6#SGXi_%-J6Kc;4848i_TaKYXO zaJ)rShkCkiSIE&0OebOe4zt~hIB>mFRQZ1Bg z^x3cK);|EtglldH@`eq&T~!tBJ6pUK!%Y|l3ir9ij_HXh_OJK?{f)l`6A@)KwB#(O zCGZV|v8F$X*R%>vA3xry%RfySWMdN{Wu&j#*FD~)S8GV_wPQ1G)r#thMM##;0)N!wV7M18Pji$s{lhK(D+ z3+)w|=8V?YS2YaK==cpe4^C60StG=ZF~s&hV0fN<(2Ix`2438V1qDC2BrNwLM9(-f z{K;h#_wCf8bh|?E2D;<0;f@qZ0#ia&)-VczBG&H$4UF3iKM_2mgwgdFzc{($yLRv1 zGTL19E?>4x?&c8&nsIS;>DGPDO63>IceuTzbyA-FXp!NBP~;7ByLO$AxJeOG#n!YEz2~X_0RteVYDL=Z&>x zW#WEj8#-Ew{zV1xK&IUrdp3z50fK}ggq0cy1jROnyM6DZ%K48E|5|JoQ|hAId!wnQ zn1ob2-7!a{oucF+LfVw1!|EP9*tTuk>UUM82u0{O;eAnF{%CEb9OH=N1Vq;tukRry z@uj<(fes^EET$(+NKE%duml*)So(s}G_ebPtVV2)NTKUDPW`0svsAfO6no zVH@x!SZ36XmBhlA2eYcF_&5P}2He^p-(3TR3-X;0AO z%Axd_D_nj4{O^MWoBs^xQ=t!7u^6f=GiMG_@O_aG4eol{_$H*d(Fb>fat}rZ{fOT0}tqvhmy3U_@xX!nDq{cYJ6F4IwkxFmk8$geg zZB#2Yu5V#&dN|-ZRzIo_>n*1OfjosCgGIUc^b0n$-XrefrKp zic5h2a98TNL-0Z1pr&-dyF9FzA*K@#Um$1jUw9K;x($f2n6UceB#$c+8&_#;D?=wG zy3GfR7FdsA24+&Z?`I&!z)Hn~vm1$i&mCIaCOSHmckV=8Pp80=m6oOyzi`1#t0#Xe z^q&s}s);U&sZ8*A4Z)mIlseetFwIunRZeb!$kYwB<-NzRc*SUv!i~kzrP@FsSpsth zs4oDFj2UR2^b7VQ@-C!eTO*R!)tB+EqMawBHe59*GTYQJ>cPExS->9+C84}R$}mi{ z1nXb!NY&fVA3j_I_k*$uq9A+#mVc^mG4*ba5;*~bW3MwZpr{4;Yg1#Er>y5J5-0=8 zC_GZ80mNEzOmV()@M7j(RJ1KafwGiGW@c{AXS!2eJrV=tmrr>;q zAGpiSMb?dRG!?9DnNh{Fb3ucHqpKDNHYkm5Ie58PLSms7XB?S*l!4G5XnZ8khCZ6A zX!_&R^Qo*W0|UVzS0K%!w369c)d{!Gmkkd3P|sz^D2N2@v)?I5SHal+m(&^u4J17+ zO#ne?;kap7F@U^mFx2>FYC%qDCE9?c*myYEj)%Ule~B>#XA9>dDB#{#*oq`A5^iKD z(7=pqCp|-N5&Ux2l&K5Oxg9xt_;%x$#HF`>K7e8dqZ3L2s+=Y8NKnJmqa5=srr(R6 z9UC2uF|VJyyT}b#gfF?TMa#pVg;iMw@%gC&t_2FJi?h8=?WuVsjPcm!fSLy-o59CI zI0Bp?P}Jm4=8|W9c>1}!y?kzJjB)*LI(hjK#9T2kqV}=uRgtm86UG;hY*-EoMXD3{ z9#snbTb@u)7@Wt7W@;ZCA4Fs(GC)OBD*a@gdP;I0M~Kb^`V>|PrxC^#u;pop{FW`d z1ko$~-Bp$GOvv%Ep#X{6xijokIu&x3+c_%Nz1OQ4sm`P3#yf)O^b?F*0s9>k#|VDS zc}=_4@6fu=`rw}lxilDd{muD#B+%ZirSa!2r&Z8{HKY`jBy)$}9{$ii_o|6v-NRmE z)aDvw7{@w$nl6moDJ4lGpAS&`S+>02XCs`W(DZW~e||x~ z!cQB?@ly4nv*nib-qTiTJZtR47cA(%xqrm0dGkn6Kwhf2C;Z`hyRKLZDeqdeY?;kE zS!4I{YrG3QZN=tBF`XoEZuo)okk90{ef!=t>+E|y6eay>Vo$U-t(Lk%)DDKO$Y%zcXWa}|M^6NVZZ+UG0>`X*DukAoA zw)t&gGm@>+#D1D^aN_7xxs~t`Aw|U5+2VLDgK*Lh=xB}1BRn2bM{-!rJYLH&62EVs z>G4`{LKi*GOXc`WtQL>Avf1zWJNmNW^;_9qRrkgRz4_e!8- ze|YWAdAOh6?{P~FqQs>)6A@|1JeC=-BfPYv9a3LkXn#VxO#gd_CezbEnU=F)X)ohm@jRt!V?)?E!Ej_ z+r&SuVkzS=))c(X&##$EqcmqB`Go+p_pea$2DjAD&U7SEGFn#&3IaZoK6@I^?%H*e zQs&_0`BkYz=olk?}SyPp)S5EoJ$WEa!yTt|Bmh3MYcJU z3B=|l--RL^5>ipoXpU7NEy2SA_p7*@TdcR@F44Vv3xk}0&X>r{=pjcN7;O2YtCjYQ z#Rd$Jxk%!2$H(&=4x?0MY4rF@(K`o|GlbJIVY_g#V7Yu*zZ^P zHJ8axjn2%DpD7?pr05+dXK>A$HR{*_(c<#42Tgm7?IZ;OUQxMFEVnP^o~1SY!(x`1SquA0VAD>DjwE zeO{UawKLfmG}N5apYUGh1=3U9pXVvE?J&i-S|s;`f!~%nk8v!eEdVKSw4GbkxMuBI z-_)u*@U%6$kxEgiak67afcj?Cw1gnI%(FpBh&rtAgt+{nJO_a(xap5tnZCu3zVJls zbl|xenG&`G8-j5d47T2~5j%ERa(uIGZh4qZ)s)LasBv%k8Y|jG?5Ag#2WGz%X zY-4L_+5SHJa>k~262_#RWf-2m=}tF~mT6k?%&$Qf2h47y7^q=_Z>6KS*JDhMs`Zgc z35l0>UiT6%Xsqoi2k08>{5Q%c*2zvdUr;RzJ+Nxcr{{OsAYVLPvQk4oTa z3uVrZ>A@2=Qkk$@N}qT9CU_ZapYAsL#Vfx8S6f^8=Jx1W7oGK@wr|(b)#aLk14OS6 zep?!RGr;_K?U^%YgdX=xant+vXjEg?`jvcK$w`c-KZ$fLEqHTS)VTDi2&6%wG9L9x z;+Zy|7Ak#o-1Gs})Cq_lIWdhDD3P$L;=c859>aGp^uq-Eaz*7U1`}uL?7}VGo0{lRe2NrYp4j_2ki`wHRsE z9ar4EVE%=S4C%tdoMwd9O78nYDXZ~Gwsq5q!3zdCD2Dny05HH_kwy?K#MajKvrSl| z;CI8nK;{m@U=qe@;q8pp;@?RDlXDLHSO7Yrz?EgTaxwG9WaZ^6^l!ngm9^lGiV>Yw z&p>~Q{}vTocu$-t4tNm;KhPwZ-5Pz}>p$~&=sm}$OtqUdVfb(|j@~sj(JG=Xxy7}v z_obCKDn4E{z>Om_8`ZaoNtkO^KSB>;V|&Sd#^Y3$Gj?=l*@C)wLR@a_mOE=eXm1^p($)T_p;O zmt*WOKWEe^YVb|M|Ng{`B?t-heen_|` zam-G~;_U*8Q`0`m$|Moto{9TdM#4~!ZV2pchGnNZon$Hs$}Jh>4hkkK**1y%0A$YL zb(5Q}JTZU0s&g$XpB=t;o zM@#z5gc>dkt^fvKIQ8_;vl&-=u`pGtX6t>O9E%{q5Xsn>@ao1-pQd6r0}lUrf^UIX zH-jHjo>1pQv3~{iU2mK*S<8 ziv9a9aB?Ef0!MzXNg7~63m}Cf7PwMYhSTe)1ePr)lW6Tp%#)Bq8?}g?bi^>0!Yrvu zd`lgu!2`Oaa?ja_*w3$)?|AM*+$89(R8w?GTDP5VIKnXcBM|{(BK5)vv~)?cxujY6 zxItpA7&mdll*{x7EVa7G)tfeT@*trrkCbIuaX=7Zpwf0f?B!TZ&E)iSDaCf?uh7;( zjT-LpD_0@E!2uD#ni^1yo0sX}pD{gc#!YAd;?>oaskuZQD2LdYK9GPnsxX9zG>a0( zI3r%5LKrh<-}fon4M|UN zr6}2iUsY*l;#v6i9l6S=QJWGF9L zG7%B@iSfnh>DrSfU0^Lk!mcx{MGWxj75;MXkykTY>blhgun?z1uppN#r;fI^4O`av zQ8~g42GesK-}6K4f{j0vwA{#wK$AJ~z|Hc`2TKExAlCh!nA4q_pW`us<^ZU7W%k}9 zM>cV&V$Qq98gHeBw{PFRcwwv?%&iQ7V(s@Us7h+npC1qEe(W_%8Kk9kXyWRq+unB% zj+5VT^Tklg0w!hgiz{0hnB2T6xUH(GWzai>9Za=Kd-<)Mm6O^_Sz4Jo#0r>CPd}-L z_GX)uYG}TcDT#4$TRa{vKDtrhco}Di8H9}2r}yJH`sWuV$PJ%8n_o6!gtqn@#)ArG z#ZdQaK8aV$sLEdZzY2OV50mEo@;VD&+*Wo^yWycZs#(eImUNU3gJfXKq@tQS66?WAK4>2iHx%_jj&& zwte-i^RWu&>)yGCU9s1WH5QLI8B?GCUC%nJP;JkEwOi7M7n<&vS2-o*UiYiIkxP8P zU-EI2_V?Au96Eh`!Mm>h&G(lal}we>FZDa67%3zT2t^OwHt6lNbTRGpO_vS=huKCl@ z{Bx0C<-M%x2g=2wk2D+PBW2~Wy?^$gP5YVooM`cG1Et!h`5L&Utj?-dGH&d;r7>JB zrt?zN{*MoCdW}M6O|+&VC<5KK&x2R(cG0#PvO|7|F7Z>krZ3yixB1w#&I7^IG`nnx zv(%Txoj*&pds5_*KhOKQ9e6GOY{?q2%<(s`FF$xxJUR4Zko&9>pK1GyS_Xw*7!cq* zFlckpcfHRwG4t+Oc(oTT*_g64Db(zvT1NL{n~qLAc;fZ)owoL&rc-{=C%WW$?I0nV z9veI^_h<32r?%P2B{fw>q4%XO)E3OENS-`9G_7N8rroFh?X7!9bX|GPOJ9{jxgs#b z!Sb*}=IfQEyC|XjX87yJUNOd0DM{||uZ@>(z3D$DQYuGz?;kClw19?vA&0gq1ZGa| zRl3~RT;$pDy3;k!%Ym^51Kp189bP-`he?CA#<)ILJG>Iq zMrTU}jCUNr!!08trTUh)!$MJ!vVj+J1LnO7uzzl};&82M(9`S#J6rFT&YF4tv-;UA zK^K2Yx91Kc4+;6Hdn%SJZ&6CR7%5SC{A6ZY{*bjce=e6#5n0or@tgo7S~9hziOms( z65>;}7WIwHR=ar3Ea>96AmtUAOY-GZT03Wlo$`w|HcRQQF8aHZF>-#9dR3QXJ0`Oa z{R?R>zFzd}#?dlm$|fAmVP!<0jSCj}U1?X)tacP?>-6c<(F)VXvSTTi0oi{uLf*VY z)5t*n*&D+f=^xdO*;k(XHC5lU|0~xicfQqLJCpy;%5qrAwgL&AeO3sHQ2SGK`KYe! zOv~T+wS9H^<5$Vr;EgyzctORBj1)31~-Q9UOVxrVROg5 zy63k)57EuBI9NiBf}527=FSZkp4NWjf~Q_A?6O}fRb^R={_o zv|_*0&)5wc{*HdxG7l{su3=pzmlVn@?qmB!wEgj!=o=s3 z^f3s^)z?_6-d#fE#WjvB2)a1aY^}Vsxp>xJdFdTu*+U5l#X|edn?kSaJx_eUr!n(1?b^S`Q4M!L6g}kvYCdqMk&p1XE9c?rY)r=tHyT*+^@{QLG%YH^ zGaSj3ogn=@Wz*I%$)|t)ooL-I<6w<_UjFbc3PMiC-v=QlN>n47;_cf8hBvNRx^&q0 z=&~1#Til0b+Uyek!m5(Z?Nb}pZ*9vKd;IKg$R{PSFQx5@O3r^jRebs*=bAizfRZz- zT+unJYBEDE8NGgcwkiHg0I7y+X46HGcK z_FjoT*LAK$-SYH)C(_LMh0<658c%V#rxbF<^k2S<@Q=FJpC}PKe%xtERON~O+~hsW z-gi#3TVL8ESbpAr$D$bhKJODNc5>K>p&^*BJwgDR6rK99_W|Qj$@-yV4@PeI-x)9` z^DRSvc&saNZ!jdx&OrCn81YAB0%SCFjGO?G^nb*UgtiTCd#mKE8d2R8oVtZ%jsKZf zVjyGH_y3Ea`OhDAg%LklQT;kbQCQ@|JP@$irLc;x;4dQ z(|`Y}?Y6z+u44N0Kfl`-%kcla&j0_PZnsS|JE71Sp09JH$Lr?*eiCh$MQ;4>-^P>B znv_$YF@4(U{}m1M*Q0Z-N5SAgoE6_-#P0f z6X?ShTG;S2Z%I!#%W^8JaG`d1;Yk_G|2}TSE9vF)FbgdJd^ZMIefFeaPa_sO6Q9AE zI*NsVLL!k{Y&A)S>znCll5D5Dudu>p3h0BH`{cdXy=b+p(()$X`5Jitu&qS0o%4bP zdpzPTwET|0#v=rNye%IV$UbX|Bk=v)O`S#Crw=&$!!!3R&EI4jY-+Cm%%}2{>L2Q( z_zN~xXK5`Dg18f>lkDkpFs{lx-iLtgkp;J_oX8Tsf0h#*AVrJq!rSSKJs!lS(c{J~ zudWxOL&e2mD7ej=Cpa7?-enL412UGUm#= zcPj!3>b$(toNr5Oh!ZWaHlZS!-a^IdSx|U<0@8P)NqX-dTP{IlK#-xjc5LP!a@gka z(N?Y`W$w}Cc}{xh>Tci0;%8F7>}n}2hQ^E`1-bspm17BwcxcTUJiIS|-j|sr#W=9J z>#w=GG;=tkbq_CP_;Y0RVz|K9=_DVoC@}+Ola`Tbewdr$tT(^Vzjst4&0~AR;&w&e zqcAODN`QG1B|c0pltzOwpOIg`f6tkZ(J=U;qd%j1qocu6KyF*D&0xPcl#tBYenEZ( zt^m6OLwkZedTQGT%tP{EY*YR-g~P>s(g@81Av5{9hO_LjQCWZ8eGn}HgcN34!CheyhN&N^i3>FQnyJY;iR zNEBY#Wr(h>gYG`MbJ8I0O*S^Lf^g;R9FG|*b}FtLqe*oQHPYYsE0~@`{$Y`_sJ6Lm z8GZ@%%dh>Gh7E+(E+7{Jc(Xpt7a&g2KYDxL-}Ds2RCL5t@cuuPqcpbDKB2|;^?h{f zH~y%P&yF84Y#6Z!H*TEBlwyI=`rW#9s`{zQKl^Pq3ri+bvQP3ve192@vhbl;^5|&u zYX2}HrruChQ_FkgU*I|{#=@Yr6+rgc<;_zK5V^@CdsVns@mF) zhQ+uKCT(r+0W_FnLq8b z8Wd?3d-Jtm_s$eOb1938@$DZxZY~lM&rpsYX_@aF@Pf}+4Z{%qTrJ`;V&K5=U(#^Q z8vu}DNx`{|+Pz!dz{hUJU6U154}zW>dhY8YTX%vPMFeuLp&^zh<{!|4hUKG)p-8QsEljD^J~EMc!84kplEdESgwt6J%cONZof z^fMN$a?-)uMi5Oi$uLU+CP!Dgi3c%k!cFF*STo9bo8pO!Vk^|oQ;*m$ruAN4sjgY+ zwN2O?QI5X)iUJd7l!C>kD2)79^|4m$A6lrJBOT`Rbf|SF@rs-+{kAxozA!u;7|^!! z*Z6lil}GbWkH$a{x{3eT$5mB=(`;6i9zm=OLm#eX+;k~z>fbhKm~aBHPG36r*I)~4 z>+V~cjrQl?@0;XNF)<*wH%7Q1jaw-s=b!-B--Sj`4L*^i!@NkB@U_>Q}j} zwU~{dq+lpZ7D4-lOIXWYzC88EKCU$C1b#~9>C@i1&X~^gfD`ywACIHSL>{C$4+|{2 zllNGDh~5S~R#aB*H)X?FC{oxf*3|{GxfX2rVmc%HwXoCCXs=x>m`&y8y5xFF{!nx@ zF)?A&O$MZ98dvyTZ$QjDxD-Ug^oTSI3J8EqcKq5pu6}_K0`^39E^KoqB|h(Gc`jVY zx{~Z!23euL%;C@GomA|sI<7GA-`q6qE~LJApXn|uOY5~`N7wMus`xnGSZBG)0wOd3 z1R=K+#h<?1uhxS9#5Y2RNLz#7OsaTKq8deNz)1f{)uB_8DG4@GC&6&~~i{kpUqA z8$3Q_vi}VB$o%5qA@5w=I|m0X!hVLCFs*u9_#q2(G8^t58o$up-RRCec%hZin%tD{ zE1Hb(h{2_sq&Gq_s#uzkM}F{=Q72%XU-d_W3yQG-c-1_-J1n&7IokO9c*6j+&nN^< zg9q3IILT@B{uRTS`wWR;hLzk!{#m%bjxjPr@56@<@i6LNZo*|63>Q7Jd5gKg0)Pj! zU{m{RmN{+GdYDKI%-O_t=4UGC`Zn>7uuhM$Fx%7bB5VOh`V>0c6QHf9-OdT7Rq)hS z5&|Dynl$B@Y6OB@NQt zGFzY#fM{T%$YBEM>QTOLuX7S4AakLXm6SBl)=`Nujhf2g4d{72H!CxfZw^H(r~2L| zTVI1jf;Xsl_;n&3Wb*pX ztR~nE&79TLIPFcxk4`yT4aa6JGz6+hYir4zQiHK$uRR;FxqqQ}-I% z7DBLupv1AwI`hR&h6}>0PyEW;w{D>Vo{I|oT~#u-W#92Dw)o>DAnY-=IXF2LkJ*A= zlyZdMP!Pw9vw0xwxCU!dc=H)vd~2tkrTu0F&WAI_d6u!13P`xkxnj9<*k1Q4D>KsW z;#*Y%dy*mKMPwelm7_?_Nn^tG(<_`6{|t?(hK4(yjRL8UixYbpC{|*#esNqA1~0Qq zJJTKCsZ2-YHv*{IlAQ88B;PkI+|6;RV%3=ZIjNg={#LmZ_GeQ2xF3(lUNU9A{HhvP8MZCecu*oL!LD|0yZ+GR-pdNBN;~lwg-#xrDAfvH&g!ju2^qsh;=d&hOl@S=f`M$g3CTm?LH1*B88J zIzjc!f}0Xo6lRs?IVwS58WLirr{~5R!z4p6#sKZ(;7LofoDWPN7&tP*gA*?+=rP}^ zlS&KTw7q>by6{O*HaVv#9SXl2N*F7usEkgSsamW|Z^&loe!qd`4hLbnnVB$dFa9*A zYuG!y{}3*eE+49|AHXsc2Go**$(~6{^@^Y%gcG%X@~hP=u%b;&_?>d>7#Fdp=YW+x zd?o4Tddh62?5H35h9VSUQE4^_CFjtfAQz?fYELV;i_f`TVjjW2>#53)DP|@MOxRUMG!zifu3tmr{P>YudLwrsWe2B{ zi8xgi1c!igPk0Nb=N6r=KJ(zg14eac6TU#C&MPRu)b16t5fTE4s^na3o#^T32M2z! zudn6tTKa^?LspfNBa!KdjKe6zFGa4c=Z@54$HH!V&vkL3>j~4yaGD17#@9DXdw>^*XFF8G!0KjeL&b(N? zjM4&r;04xe)}?4VT!D9q9~Lol*c{S7Kr`5k;XnMe%CS_Jn>gN}<{!{=sVP1qOoaYX z@41=2WBw5j6zJC?=?&={yGG%_bIfd5i z6{XiN^k$M+`u(Zn8WVKqkfh!xz#FKoUD70i5HH%}mj1f>w@6Fc-yB??I5p2CStR>S z`iC_zS&P4KA(FW9i^Rfbj{76MLkv>{TFmInJ9b>>2EihF3bS7ycbZ}@D;OPNw~Q68 z^1mSLQ!>|#+-J29fdbSHOcy;=$C8c5ri?9x?q6BW_cI%5*!G<} zf5H90JSnNsB|!bab-@cp4G#782NK41MYmOW&*xCZ1c z!>FQVYq_@|4Tf13&`n7g8x&8aGqql7&Haw8xWwYnxjSLEK>*0qzQmaeixNeSyDDyP z_Zfd9$z?>#p(c1r*BefpShnhEX{iS_PUHj?;^zd*csOB9AeL-BEm5YAa+c%BL-jsR zuq_HwkqhBe0aQ)yO8FVFZCfvi+<+HXlv|+HadGgqIC?`bM#sj^0^2ug#ax9t4)G3u zC=?3V5P(MQR2m8@sU%a*%~yFgmCedG5e(pSj9&*BQg0GbFvR)6$_mu(aW?_ZB#f~> z45{gIhXZLmV=!S<$uvbnL*!)`XS!LG`VJ50fPjECYtH88enBQNVBo+-qk4yzsv^=O zZR=yb0UT;rMbTeHAnFDf;_~xyNbsb}-GXu>-q^;6&tMp}L}%^`ABW8RcCFh`i6}Su zK7vPgYfYxpN%~`-`S36DCHt-MIcS@e<&a5Hf%7_!y7zpv7E;+E)aH{N!N(>pF7-7DX&$^GNWB}NaX9s3Be%){;`ddW~uXKF*SU~=oigG2VZ zt2}I+;7vjdx)89bu5TL%97_92y8}>cplOW6 zF2xbyj#N?CyyN3!BF)0JZV!mrUeP$_SJWx8bo@J$tW)y1NXd<+IOHXR46Yd^oK(%X~}ju&ZmsSr6i@Kc$oi5<#p4Jr9e@rT)K2AQ+UN* zy}}#M9yl-uFXr(l08s%cXrHfK@uaDUTxa|0%^MyUC>eNC(eTgb+E>2CACD%Mc8bUi z(qRaE;a;J>QYa8`LN~WViHTOnYY`?A!RM%}w0r!I`&TO}{&IK#J-}(emW(}LALvC@ z&dx`8b=}K#?%d7PB{YfG0xz6CEhH9?O89W*?v!p_yV6f%=>}vp!B~N!6j6X~ga_;p zZUh(_8>al_bm!dqr@i7F_j@OSc2@l6(UT{aOjJ6*SYMTG8D4-5TM@PRE0{X7VRZnx zD=dd^#Qd*o80>F~jKLkf00b2kCDyKiaZ})1tNm4)-V*lCkZoo5nT{-lo3EpKkJg6X zHvGW1H5Vu`%br*$OviMNs>#9LKAC)q@86;SLMoqjc$~X}`#s7b^I5Z1IE^>GzM+I3 zl?ucuRUtI(97hb?H2C~#MP)TLU%AQZ`iSoIO_*u+t6fM6fE1+&?KDxbXU`S5d7p@s zcw>|^+<;|?K#q)ZY7it=N@GuOEuL{c#qTNGOq^E$JRn@q9ok0d>O#W05;tU)Yt}_S zA0GrxteT;juHB`jAJQH3C@XJ1FI?JZp*26n*M z*&iJ(Vl3l7c0C`6=83Z*Nxt7$|9EFTw1C4u*m98=75kUiq*Kfd8Dgos4{{#nKt2+! z#A1*KE1fqd;G7%iuh6Bx21$>P$AZr)rMhiHCp9OIeDT=79=M4BQqcH#=CVt=SP91M z{J=~{$nW}VKD$RAnDn2VX1o4Z*-xdVp}WsS-+YbOLPrsD46_z&ZENKBRHU3Jriq2O zgp|4Dl82|~C^*(9=2#%h<2`%iHLf^Eg-@MCL|(C1Jf2d!ckO~SFjKqNgep#?G>3M| z4%xCNPoG+T+DpfB0otY(>ERPkSSn~gVNgWxuxuG>C{5*EkNjKlKy|+;det+~-~SZh zA=N%mbHEkqcNH6HSj?P>7mG->sKf|`dPm)R%ui^kv|MQxXg#qcWz`H@F%qEvGRMdG z5Q?jix}IL*!Y>=Qa@DFrXT8qK>XDmw9XT?e@RW1Cu>*UD1DnM>uY)W*`_UVIv^@Sv zGg9BtE6t&|iVCrNx&z7GY|t9cR9anv_{*=C~>^d?M5y!kq; zR^rD=$_9dDx9ql99S}f;SwHqPI1=|JS3LQKzgyaTzI}Z?gVLus0*SapmoAWMx48)! zs+5kFp=EfL-ng;zM9Df$t+N6V3 zeYcwQz}lX&kFo@>2*Jb&Y!c)L%>jFRtIME?6FUG~pml>(z524I;j%A{U1Q_4mAwaw z%fM<+ym2Rovl=*~G3nFeU3X$>GrJ`SDSC$47xt^0oN>BY09b(su=^(YM?u(Ny%JMK4-y3lx_xy zt~ea_-uB*xD;6;CHW{byG5&Gf2xdw%gq*(Ii(nedz; zz2rRlz(I>`dD$DgMm-96fQFtsuEGYfBNi?x8?O58h*b@dv2=`OSYX5pptnhwOW?%oTaq$&4E1mzhp18V9-+(d8J} z*4KvxC7AVrS;h+nA7PoyZCnX9+6LMOldhE@T8wZhFL4=kWOEX3-T@4=xa%p#ToTw}I@@hq>7E(ATe z#Cat;y8Zj5mO`I~Px6!gLy#_mNO0jH-9_Vqb0f4{)rcMCFDX>7RaAhnJj6F&V>?Ts z-^5j?AWmSvcXcn@_1!xkF6P-ModBi<&jL_6P#RpR2@0hVZs*kYHK=FVkfw!n`AlBk z?>~R|zm#HF7F^%97NDwOWexRw`jO890!gdSxPj_JODk1rTK%o!fr>H|a~fHDa&rUG z8&KaTIcpji0=EHCmNd2Tb%j)7>0IXvl%xQ&CI=~vz!~wDlUFk!aE$TQUw|sdgMnBZ zaVVgl244iX5ui@E)2NbB9A3sLQTyO+JSxcu(fUxsgbR0NurZ+VN)^bnUwM>l2dV{n z@Cc!q6DF(E4jK(l+`L3=`50NL#sdpBgmQ?Hl5&Uu0bqt;IIM4XhHC7WlIM|rt1|Y^ zrII%@iy+Hwh%8oSj4wIf9U6*=8niaqRgCom*!~dZU0lOBpkoIJHT>~_A7X|NVmquq zo23pPz@Niv2mGbNVQ|G*ibmAeK52mBoU~vdCk9lIl`-ar9s5tfv0GUmPWqo12a&Qvc`?dRD)<1@A?ImO!=98AuaXDKZUDk$w{z z9O`U#m}(^ZVmlDw!ShcoJqJrcN6|{F=Wd5LXUKC=3+poP7hD z?OXWjCdxVH*0`o{0#J@K?gSX4E~CSo)Xz4{31DPeZ$aq{mQSJ__iJ%+G5-&ZFTFOE zE8^mZ(MH-^IdoX@^q_k^?HnEJ*ieklsLP4)WReDo023a8Ur1vcWgahw0)}ddKVmb> zEbOM#zhUjLAw#<2^_%pZN#(x%`}sH+&)X)9l2k6|QE|D9Ot{6-KrIVdSGZs+zA)dN zr|1j>2yjozqJ}h#d5%=>ER$PVMjG46>wcI!&@IYQmqr2-J?~%5X=A`hAWiZ2r!zB$ z;F*8-E)i0mMn)o;^TO({M{ns zmAIhd0vE+2h^Y+nuB`Kq+@>wrf8{GeQ$tZeYqS2Z}LQTG41 z0FEzYYlaf-x?ox|V{Py;Y*&Z}23<|z?pVSp`7FryPC_n%xvUbTS z@0boFAa(RAP(1Ked`=#TJkhf3=-RgP?d#Vu#cOcEQk2QOu1M}8$ju<-T`^)OS2B?1 z2jW(_IW^h@O(BLORLLuGX;HWVbsUe0Gh8+>vAcBXGE{LV{iwStHiA>4dvI6@GaO!^ zVEk&(V;WC^b3;{DN^gG4RS0flifaVwfX(qTxdlH50%(#z?$%g- zRsR;Q+Vu7cqs~y)a)g$=*;3I+wejlpYaZM|f1c_ekP42ty&^FuzLQeD2Ll}R)6!)Td~1}hu4lZhNk+y!dY4B$Z+y?5ySypam;rsu zaxf$yb%I6=NmBmDp8B%8wr@8?EXmO{H^#*_*)GJmhkrx;bD&wir43g&*BhB=l!^lW z?yD6A17~K?Ozl}6dML9AxtrDF_E zJ199H6(j3`N=iT$w!fw`MA$jNJR6XU4vLM$p)DsZ-PU|E+sN8-pQ%ul05t(z^fwGJ z(%mNjI{lUh%rDayyo-SK0Br{P#(n+%U9jB;Rv|_}w3Ru_N&Za^QMeTih60C}u`@Ot z3x!x?Qj`IakdJeTCO;nc-HryTF1R{?lsB8}z z*}x~_!;~sK#rb>>HPieE{loknRSbAyV~wj-hbV;9N3&12{_`-DDzl_j*b5K z4X+Vy(Rz~i3JO+QSy93&e3(RGhGenKLwMed2;gJ9p%!9nUOdB!e9-UWvQjB)FV`1R z8URBKjlB-IKW&pU;K}^?Hcu0cBhO;y^mGpsVsKwBO2$)z4%`I9C;v@DQRe!bw&jcr zO_J%8_U=JzkCTMX2s*9TNeUS!Ptpi6Xic)`K{;{b@@<2k|KzYX2~lhBx~qJEw3y@D zdTiCWX{yO-H4sE)z!FA}FWC!O{19t{c(PObK#zN1*W?2xHG#!t~O2rbDcdSw=6(m-VR zHrCc-=ry@i-3^#?@aEp4D8UaCCly8|oVg$t%-~j2%LE3BHi{<wB$u*r7FH5ZRZ@Qnl!H@`i)cRf|y)UKPDcoVceXITaN-S&81xd%l zF=MIBnT7`j1=Z?I-O&2M1xKS@PDArbxU#5Ix-Xpw<d=N1WnO%Y zU9_N5DrqekQhS&8zMboL?A%#QvavxlO_y+mAY*5wYND=9iv5gi8lM}VuOdL`GZ9LU@_7Q~3Fv*tbs!hrT;^7;<-&mtUSan95(A;#s&^guAC# zoRNkhrcGF{aMu%o;qggJQ3hl4F>cGCO%T!W{K8s6gvRfAR9`=~ptD)*N0aB7M|7CA z%a|&c26jz-UHEvl<*OC#bQ$auh=9rVIy);G?K`Bje<{Bvsz~r7DE8R1y)0h%~%c>q1{F7tP>jd5lHhnz;On?-u_bpx;!Pa7$ZwAWbqcv5UAptyGS{W81P>g%7Gw09L z-=D>MD_3}*(X5zctRT$VWKz(mhZ^N9dpeA{~@TItjy-o|6{6RLVQDH+Y@a~*B$JhJGAy%daL)TkIwhL={*!lYXcFd|2 z6`7fxC$}`JIksEZhRkI?sAH$y{8pseyEnDfV|=>zcW_2wrP;*tMhO~z&VUp%_;w4+ zwWPzYdqH#ATlRv@t5a+FNBP-0hiL*H>U0vEzkp~QelhEES$%#Jrxur8c_3b<03t>f z%0KjEwq5}pyn9!^On>+RQnoWxx-~bL#kvBQK(1Mas5RAga)bx)#DmX1QWpE(4YoNr zDF^a2=K%GwmBLlPQ%(PZ$i86;f!eV{_E}y3-Oc^-R#|hkj*Ie=QH@lT7+6Q|nYHky z^)-vVf0sJe&(cv8zJ=)>_*NK{(5P|tHCWbFRk_n&DM)MdF-SeVr9L6YE~YxhuV5Xe zQLC;;U-uurJ{cV zI{XDhYte*IaE&pS3QyMbePMXVYt+G=NU77nKtQRPh8}w*203!zbUMBQd zp(Z;pAWY-X;lpE2XJD&1VS+31#)l^q47q5_u{3=^JGgxPkXN1IWFAHFRx$dP+&jcC zh=~qJ>CfhSyIgyOU%h$rJw+einybB5bpZV%7X-*nxP%~og!}h``;7ftf4+i0V7G1l zQm#^eX=Q`#3g+}Qao&>>I3on=$2`IA!_O~o4;?6zI4X|4*UI+qe<`+jxnGQoY#E)z z%8R0+jwzw8S=vX}wjHb&>DS@(Zj^$m06t>&q*C#PlB;0W)01yPU)t4OX%(@ER*e|4 zj|gPf?lFmXX@JLm{`z&my+JKqc9rK*{TCG>CWkU(J7Y#|<$iKW(|cGyKW+D1CE&`U zTxW({UadOP4pK!6=E>>ASkS=y;Wi7uZPuX|xv3^2$z*vqRB&dtv6qrhOiJz%$ zc*+;|Iww0jmIod$a%m2X@sWcw{r-Ay&I03Rx1LPlX-oMJ3kca6KRMqbRPtr-_670x zR_6QR(!6vj`6rH`tF6au*b{>PsFjr~q(c9N8Sx1TF*_&8mSOwqHk?N8nXIf-cw)a~ z?l3mqHa8QsW+_Hln>YU@`6e|j&A!)9k-DTA6ApL!Dqj$SHHa9ZLgpT~QIL>s1*ElKSrMQG}yd&s-(t+%zOI`MB2vRk`12FH!SJJN!T08yCC{) z!fNtF1>tlkxrc2GBJ}n_U3$Ybz-O{iJNWfN)sI_QT{fbUJrzTT4AC4R5hgSDL`tfR zJ_kR2$$Hf1u=_qZQ2`O~ot3o-P*L)Lvs5@}QKqt$ z`d-)P`YiDuE{HWa`383~lv-fQ%I2H~>|w^=71L)V*=UxHOQS~sq@(fWB>Qc7Xz;BT zt8B+x;-}nFHm^jOLA0Hw;DKT1@&f`SgEXwPKayFHl z?C?H_>YCXG`q&{>K8M5pSW7`oE3N_HkBO;G{j5AtDxoScI9Na7_k{0Tx1Lk+8xXWo z`guWZfNjR9=^p#+O~+_ff}~NG=4ff(x?lDd)^_XIA-d|dJvSHyKjY$K0=N94JT6eCX zsi{dIzu{G4uQV&sK~-Hn1j{*)0)Z7=Yg>~% zq2%u)n}$nN6fjk?kLPuQb$FCdme+Lp``Fm7X(Cz9A|h20c^i(1u{*+Ha3rMfo+nRFwnUg>>VU7^I`Yb7|1-IT zbwfRMEIq$n=D!vx=#LVrXw8!1A7caKZditGib#B~{d2}pnaj7|%1{b7 zBLAkV8qp$)Dd%>2sjfrsf%dj+*^)J}!M7s^ZUl`vZ@*VK)D&1{{(spg8DH^Y#dPe> zumy6Tk<1XO25B$THCtaHCw={|DNlRY4#A`#N0xo^gBf}cWb~94lND%d+wbW1Z>$7x zP~nZuS~TeD(d4<}&);aMEXB)G%<2&SfYZ{A!D2cb0z{`#Gna*vw*{I=4@ zUCo`&V;4}od>DAd24;>mYeb!;&jZa{0~H1hBGpjx!<1upp2x~(^K#nh!mN>7AO^=v zPkXw^-FEMAgs1px&VTaEqZfrsN+;+ice+d@n)KAGCF77~sDN6*I4us9hI3@i4Z6VT9(AK#&| zpkGtUQOACpf@emYrqFnK>0DC&`KHZzRe(DBw7kV2{=b77$h|7#vj8B8Aeq2wE;gC@ zXVG@AynzLNtKBn7Z!6YVN37vmolIlZ$4m6?cYmdy`GcY6VmPWXo{)&CR&(<*0;B_d zfZis}8!IEhmQ7K{>mJQ_NmpL1&YRX+=kN{t z6`K7L4@*qxq@|_1jYP{H*f?iQmeG`?&9VI6`+MQAqt|5jfqZYRZtE{8iGC=2cMnD* z@IV+Zb)E)wHq=&C&02g6Fg58x2-@1;TKd=G5UTAQMXNA|! zgC*O4Icv$9eXV>4XxWO2iv!|gzhuz!vX7zpCK#-k0mfeC8udenS`D24HEn!U0WvZxa9VwPn!}Wr1i??3_2+VYzRo`KqX!vHg zB&vn%aqUi^IDpV;nRz)t^Hb(K^w{0 zBX$-mW(|#jJ%6W_(W(O4XK?utx4J6)Z*V<$2X5b_pGFby;#v~ z*2f{mnuPCws>(BkuE;OM1145%cJ2(D5q9zdJ0I&oW>(A;iCqTD5Z?08s_2-Q`+$G3 zu{F>Gec`+&RH09R6IFooL!n&Y;AO+h5?!EimBf3d&);b5SZSirh5*W58TkBf`L;DerI)sldTkI>AG9V?jiq`fVo zbe%pez0jyoPS%n5I`z64y0z?xkP)22&mCT?`m{4voFWIR)630D<_VdWz`0;9XS=@p zy>_TLWPZnT^WM1FQFf+Ec4G}57G*^nxL-b=b|%bYhnLFY(&JAu<=vz$cDW9noV#_* zM04XbB$!8zIJ((q%gDI8>^q|9{!uJmPcK|gzv}DL&C~9cY}HM3eTe6ahNEL@a`HQ) zPrpC@{{2cU-JX-YtD9R0TprBZ*vyrujHE;jj^V_z(?vxK!zV&oXpF+PoWk9&1mUWySrlws(D;YXASw03z%y!|c9<8rW z`o|_R$N3MQC=h1;#YufF&@vAPbd`#4%dz-j3r-~gJS;7>YDmR|wWg{HxiYwHW;S z?_}l3*5#vgLCZE#eHT#u$50;}ZXcrdLLdD3imcV8^TFok=0eyM7zFdYvN9SItkxk^ zaiYWoZG)1@J-)$U#IaZ6vHAJ!Q4GEr7o=57R~3H=3Qcp(DK0A7Ca-zv0z|%Ojgeq! zlm7`JsT}PYJ6<`XtKdPH5mu#6=Z+C2%_RAPb$jXO{Gy^jUW{9BoelO))<_NeQUlaR z+r{YTWZ=Lj2n^Koi$n@G0l5k-y8x)&dCqi2i4ZtoQzfwV9-2eEn~IvJ9RPxyC*atp;o{k!jgc;ONxfjYncPrvB;vLU2hrYl0J zB}yTrVU4Er^HFSiK8HIM3VFp_mp&BL&-okH>vI#-O8RmE_VSy-UZ~fByF3qzdo~VtV*SxMod0-oN_?Dbf z4NZy3`0*ot^XqsUj`k6Qn+;?lZ$IJ9#j+ty@9 zL{zXD88BAi%&zmBq&`c-aZ4n-J{Zd3g8UJ%&hV=}=JrBGpev5s4HLHjU_^Fw|iYb8*pl7otNb4-)>>c(7-4dw- z`2S-br(gzO?xv896TpBsxc)54Y5G5t?5l5jI!R=+M2B%BFvU$P) zAn?n*R#U@ik~)5Q|M@$LaeqaZ^Lop7L284X{>kP+cXhvImXr*g{Z;yz%`J;JE2uA^ zN<84m04PX7Mrs&yPMPeGBE9}T9Xk>LOb>VyIi*l#V@~xCZ*s?|ESDF|7<)9Q4A#_~ zijWZwLAX_E+q#QP+(djCxfOV^JQbe%n}@gbem;pK=XRT_>gt^AY`i_D?N9O?;Bt#e zC71IXCpK;a#gTUU(fo<(vP3yk51%~o!j+Uk3&*0Q#Kc#PXVrGOa{tj6c!FB&+0r|5 z^yrn4$yn47fR4F39?CW|SNjiO#vePDRgMM7{ST+np9Rwf#rKoGbT2^|#prIeK9qu4 zQ2DU2F>lBvM)0p7#ySUHae~uP(iu_?S`TU&-SfV3B%`&yp+V-?Wi&#=rmXX!5MX=A ztF>D+d*)1;?KT_UHY3dFV@(Abr+;`;_os{BQg) z%cKyr!r*Lp*=xIT9e^nNB%U^&%;aesRVzfIWL>rA8$&`I4w?MN($X{C31#22wzhz# zbBUeKjnIVAh9Gxuf5*4Q*l^$fZ%jx>ID8~;;{%_bzLkol5@ScHs}SL&+Z7b7Hgyr= zF`d2Dj;T`zc-pfZBONCW9T_6<{t!86&vB>y9{-RU%*dk`T zkQg48)y2+(cioD;-Te7VcF9m#pldN%=sfZB^(DQmjz~r zW{iAK<7K}h31kVSut)!l7cZl2^L2PHEDU&trWhX}j)$H9X2bnoSVr=MV%uzo+539J zDTJj2J|u7efH|2@gbw+K=1K!?ZvOVE{^QD`-&mTwrv9SPv+%hZC$RqY^=+qFx=F|N zb7O{p;{tpRXa#GQI@ju*^TYXeUzHE7lyi2SK>Ko+HJpOH9s&;pI`$L#a}VhuKQAo& zLGKApNc5O;0%B~Xpr!mGOPYoeF{TE+)SXkKRfY*QyV8%=y z#kjKUYQ(YGy4Ob{T+H;Hj^EjwoI#_Px7H2JnsorVPq!?C20`IV{U-D^I1nk{UKiUq7m{1>mX#S6kzp#Kc9s zL|gja9mYmi2;4b+n#PT74euo-pbHJENJNsw!JF+7g9siN`6Auxc{iqc2$QeZ*2Y)2 zb@%k*8<^-|iZKb-M@%(nQL`D{L;b1`K-}r$-n@Um?W|q86S{(}!__yRd4Np`<;7{R+$>4jlOO!@nbi z1U;UOTEu=Ic!F6WVj93YCpA@md?i-jrSUq)rG}M2ga=Xs=e=?DY5`4VVIgXsoV+}~ z9xf@$;})YT7Nwe%tPK!7!QJ3QU1W3@>L<_UyyuyzK&WW+m2`b+Yp!7*+>uV+(oHef zwQGeS%PE1;Eg=j~hi~TRth zD>qAbp`S1IQ#%RsWVWG!0aFa`vZaY2gq8>|t*)M<9|nI6OKsPjQM*nKxbWr0m}mzK z9K%#tv*oezQYs}#XWJ<h}sgG{5Rlj_;T~N1NAKi< zPv9=RqIfb^KU%LPW~5qOQ$q&>D+$pGEXmeZ$w9W=-jw6%*fAmOnW={!6<4e`A3luw zD;oF<*NvJRH~y^hK@4LWIznyuvqTQ8xbP2g+t9lG7VKNoOHyDnHT-(cUTRS6O!R4fnY*RT54+e?lH z`r!df!n3oVFYW7AJGjKEWrPa8%zLVYZ|DygF~_5-d>oTZV{Ou{tk&SrPubg=tNX*y z4qUM|XAorgi5a)Jsij z&hg{3bLuyLY790vj0KwGZC5-KwN|=vZFAywov&E*c)d=x&tUbO>rqm8@wgU_=*Gr3 zE?qhbD?6tig7(LAwgANN0_c+#ySTK{RiGTu`sv=}Wh+($VbDvXn2x}x;;H8J&B?hf zmtc`BJTUbhBUtM^<|&xkcp09Ew9lAtxc`lT02&@<3nx`~%>gDG;vh&`Z`?lQWWSCG zH>j|-*WGS|jlc4v3~XgC3%&-NSMN$L)G3sYH`~3_PS@#m*`JpbhCB#=)gQI{}#Np7!gMe%AhDB^#IW5-a6JTfjzG*OHW? z<3OL}?&;ao*hsWW2iD3Ul?s0a14u(`6g`XxPnP-CZ05;}iL3sGZrHwjRR={l2;3K} zGcplpNNrs7_NQIjsatC@FkWI<;p(nlY%K7$#j1#yXu_>_3y%MB_r)!ya^&mvo@0KZ zL4=HSwdE1I***p-l<`-$;RAs4nf?Sl=#KR8#0RGLwEydrEX|BU!-$H-=A?e4Hy@U3 zV9Xph;ssq7QHXJ~#i!(f+G)8xLswYj{)%IQAE8b08g1<{q~n0Mg)uv}sT!Qr zU;+tMdX5&5G#TlU&ae|r(OO$!wVIC5-gj8Vf&EoJiXjj`kW1-Bo&@K#k=IFa{LTuU z;y`EIfB#ap=N;90R_RXg$t3=ckExuSQH!Vr?aSUhogE!!I9vfv+%QG!W!gC`Dl(Ec z8Xq0vUd?du*VnJG^C^8`{H+-ToH@Z%Bns1(s1Ol;MjQs$Gua*v0H1-#vLZe4g|Zbe z)G`u0QqY3~MYA8JB?lSqUXE2t0UT}|2}BV1vRSB!KUecos8jQ6WE;g+gr9leQfJw3iRtKs9_zrj14_HnKB-LD7pvgr z>`o3saIjzT1JAU8l&86}rJRJ&j(u7YW8?@enuy1F9gXJ4GHYd*Ht*ThKm z<@u%&qWPKy=iP&YC+p4mIAdHVFO}dJ!6De>dBih{Q-=C3DJi*$D)IW`b+Pm}5;mh; z42wURbw8Y$VfEH)+#erB!@irn+1s`~KHYg& zr~c%Dl^9wQW%?|r-&YyU%BN8q+aq#Wxb;_xv9pPm$*zB)U~#`+|G}l@Yc)T%k-K#g zKQv;pdS9*H5;6E--$3&Y$%4R05afQRv`v%bzUizD`WM9#7OOiyl@2dblXEvKSnzQcnPnk`CtUwjJ508FYGZWW?#R54;s)-Pg%2H$&{oR*gU?&D+2Fu^l5`mqJn zk&D5vQ{9Z%OPa-R`11A*+QeMkMu-<9^vc~GIu!W}5seeLjNYLJ#>Rvzgeo7m)!Dp} zu7d;dam*HNiSQ1!egnLey#JzogN#p>!H^ezUsfo|RH?;<16WqYT)TC2VPsC<#oD9O zg8~D6O*9NfY)Z0o!hzJPcY|V#oqA+w(a->T(^s!v#m$)Wr#F^?|N6J~70K#_)hCG8 zJy+Clqor3Y)v(G`@bwCRRvR{{;Qtua>L_YY)HYf=>nD}NMm>*$0jW#gr?%Vu_iy_5 z&-RWF8S^yYR+dEg@$eM!-jP3iB5?3LCVTg#*x8@<&))8>er~Oo-2Yg@{=;k zm!G!IbY{q+X3JK58D3g0l3ho%3!<~(1>f}eEdT4TY985MAzeUl@9q|}-9yrICY#2X z?XpR~^*oR^a>D<+@V=}~pT$)F?=O(39i;8>{~c??I|gab5%cqk@iGVn8~WdWpTf=W a;;&9#zjgMJhlLpb%$nh7cf!VN>wf`%>059B diff --git a/static/images/docs/bigquery-logging.png b/static/images/docs/bigquery-logging.png deleted file mode 100644 index b7a6f94c288e973636ac31a9d870157a8e7ae7dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 57417 zcmeEtRajh2ups$KAQ0T0;KAK3z+i&~hrxpD;I1JAch6uGTn5+R0fJj_ch|vPmOppz zKJ4C?ec5mK`?gb4@xxI^(gDV`d zT?_%?J%T(yLc=rTaLLaTcLu`$q&F*RO1ja(HvO3+>*f{9IKo$pQ`!-v( zhcjsrwIb8k(=KjCx}ekJu87rt?cy{X+?&g7X%B@6UJpUyOLB9AUQm813H?R32Cx2B zzqG{_{jGc)m&o~do(Kr?$l?Ez00DuPoR;ZtCC>GZmMKBKLaq3nP9`J`<(Bt zpLA+bsTu-XoACesIUael^=ZwoZT6!>&pH01JNM{!gQ z5=D{u%t#eG{KHg}DLG;yJ<}f&CU+Gc1>D&s<1Tp3l2I}myCm+0;-e5iI>vVWv#B~s zVENE_B@tiO;W{K-?v$7~d706zV$o8g_@aEIq+cRcdX+dC*nRS~oBXf^J@+*@0|lLdMw^uO>p6*1bYVP8&=59k0osQ>H%$cOdF{Rd zFE!OwS67b?edhRS+8cviY^C2W)$R!!R3%%ouk*f_*Q9MIYQHv@cUY+eFCdXp>WHp< z#$@`vKm3oTw=gAp{6pYd)qHj$dTKREih#V2JZG(_2|-y1=EP#jH;p3tso*Jtp~e6h~cOmv!;EZ?${%$j?;P2y@&S0Fa1BOE^dSjUItqvxl>{H zy#Hc|`0}N3F4i~J~Lca74VaJaZSzb&W z@l^~v5Dayjog*G(7fbuO0@nCZ*GY#Jti#dVmc>PA=7{EL-nZ$ zox);>llk9SZFOvpHuAOxJD+VV!SODO@Ti-JNI_YW>V?YSmttl0fti_^k+HwOU(oOF zB1_aKEiFwaB~!?4Uv7$j>>!*tbNCUU+NDR3UNHkk?}x|6edcuC!EEW!!9(|yL_I~S z`ap6Lf|n4qjAdJ^8$t3Hz8JMpC8N2!c#Ai$eEG#+mLXEyi??| zmx+U^J(kvt1w(4rkt$lRx_0h;l z!K2M=OH@9cJyH(%9u_vHho&o$I>G9M6iB1xFfIESqXx}sxZwX2!JS&pVx{9y?@dch zozRlMe&HlEX2RD#^{H~)csneNC?wmFW6^6x8pBg~g}i4s>MK1?((G}`iE--EF)F?1 zKTuroJ8PffB?H~h_0%f=BL0P)LE64WE~z-3^N=MtOgU3XQ%_IfbVMkgR(|c|ZGiRt zuW(dsTgRWNw(O5XL}dBhXAaR{yZ26STkO-vZaS|xW^Q@j=JLPOIJKvvA@ZVLe=Vh2 zo0B79$#-$DC}Qg9Ju{NH(sYfqY~?24M++jbVO}w47tMia+r(mym|R#$;OaV535XiT zPMGlcG{fkH?4*;$38MH?XLin;SddN|{G}^YE^b6^D~WlNx8kW`()_b0f4RlCisRPB zzV&ii5H~bn>uIuBeQRsWawLOT-2Wkpm|G`B)bGyqh1L7EnY4i#VLG`JZYtCHP_K0H z6Q6en4J*x7@%{U%QMTeI!cE7YD!=Ng0PaQ@cDz*ksF}E~yf{zkqL#N)uO9r9*$!C^ z9{XruOH{|lniZ|}KuVqL3CI!-c2&;8bxrW5o?k`(IvVMsp@PJ9D0!f$ZFIzp1*o>q z?7U`s<{v}b98K)1uhQ?+%z0`4JJDg=i2;whxv^qGJiljfJW!B=%+1Y}l$1ba?#GLb z+?FFPx7+FMXUP?P)h(8zS)Vxs)GjsLTwS9ybZO)JYf8Gqez)ng|=H=si5h+%k z%Flp(NNM;$UjiaqD*viW874`?<*mtISO`QBWqJ)S98ou#9v0NGy7K&V9Y3J9tB_da zDZPBbhF@{!nJKfV{Fndb+>K%YZ~m@JIkUF^cZ$E&RhN+e-kE@b^B-ziPDoDU@4NSV z?^XW}{gM~-fA*uq`SVa3*%*D8_g_SQ5iZnPPaw5B+CZTUDp?{q$yC%OWo4`^EM%u9 ze=%J3=A2BYCc68N`TbW0(0^qm4e-uTc$#wGgLEW#Kkwr0eOYb`H@IY&;>OROeVgp% zNqB$Jwu+G7-I-#^S0nzAXfx%0eH*W9trpfFWBHT^stfn2GWjt~*(TG=osNdghIYMi zlpU=HA*Az)i)@e!(Oe*lUn@s1&yi^OrjzTl#OFQ*)qvH5@~@~Wb|RZ#hP`P9?TbTC zCn`)nUaKW!W}G+k6~lcHeAPDIF;*Uz3LBDg`0MF`8FTW*ka3XxY4XC zkZP;1VuCO8uyJuo0eVhQlAPvo^DMGf`Sd4Y3KsXP$I@PKe%f^88~Tc#IfWFUtRpDh z&K!DdW1pMk^v-hS;8AG9`zRI0F04G7b`AJM#Q!jSoI7_palQ18;7tSsoB1r^YE^Fm z&2sx&JM*{Ognv5|`z!z9lohKCTHyLx*NVft^VH8@RIc`1>dG4td&@7z-9A%p@Dn`c z;Tr1i)CC>w379t9Ojl4WpF7Q@B6v7J8Z1{~o@Zpfm+9p{uCtk%)S!CsmhzH0m4L}Z zfxuzmhk)bQ%_X1X4qa{3)0QodyPc>uk_G8JPPR6AZO7oQ4Z<(Z7c|G0cq=a5U++NL z=6&V+#=d=cd+PU9ir1qA;d@YR0}T$FdLRm0`#`Nf>HWpjB-tgeRr6~tr#ZVX@t|NZ2& zl7-1Z?UlXl=Bs1CIb+w|EI&)Ahs%NNdmAGR;GY8SZ~Dg2QyU(QZinrmQWa+uXt8U5 z{!AlS?N{gJ?VH>hA##=g&8sRHDP)sVG8{OtTXDjFIx+e@W#qLLoSatH^IXp5zk$45 zyis&(w<t%G) zY{Sj_RDKk{Qwj#SPT#`YomK879G7n-lAq~1l~`-_4}^U8%v6LQHqpo#J6i9f9N_iJ zEfd_2Om6WN!j0Ei{wF1^#4bkhbpEY}XA#zTJsHw@JV}#P{eqgb^+{lV()-Tj@h-L=$>(R6zw! z%Vc_b`KL#1()h#NuL*l&xfm5&_^}cd4DMUsxWrbBl9{iJmCKKG+FOL7{Y`mX$wlI^~?fqGD|e{@O6Ypt6yGRR8! zaNwR6%jkU2y_*hqNe>&ZHh6YU|E?V2+V{}ov;xsdlEKH@6iylC+sVU<$0@EZhv@`t zn`j-s9-KXHm-6W|vY*3dbZC*wW6Kg+~z7lT1o}#6PGu>Am>vGUnu$!$v@xMqz77arQlSlK(etbk zTO^?|kiWq$Ki?l)GdR5a9yk3H#_KZ`6`9p~nU_xPnHR^PMy>fG7;Z0uQJfY`=d!49 z_S17~a9~(ZS-UoYUXvziaa}K=i`LM(JzoCj_<2I*wyC>J0h#LNw7Y!|*{GziP@VXF6?YGa> zeVmNJMRS+xP}pxG9y2U#)f$I$iF?`j2(5853q5#yx1gU!PQ3&GkW0*q&3V^2(anne zJVua~HSR$ALmj^f8VY`H`jaLF0JtUJS;AOU*sAGTo+l`n7A)tSOIqqY7UU*hPMH}8 z*Yi@WNh#)#rSeZb961VrY7J}M=e_1jLPpldtT+4~OEgWZD=od%=kTc)61WKN< zN2Z47tF0KMzZjgcKE z!YR;?AvxnajBh3_pulz4)M!K-#a7IiJ_dC%PQal>!@b1!Fb@oij5bX-5Wj3h@A)V% z^RWHhFb&_I1$spMN{w(Yq6HIwZxS#`;kn^=8b{q=h?l~C?ABYbReC;*7$c>GO?~uR ze#C(=y#kAvnmS@i(1_6`rnSGlB~F{66iwB~vDbbnP|iHP$@AE5wA$BDY4TYjDoif^ zYR}NRmc9St@NFo_G|5MOwMz1~4BS~IV(Z@etf)}LTQdnV*^$M?uA6LJUe@-mWRw(T z`z*_ZUZD{JGDQcQ>Ejw(;RPIkpByTO;$lbQf}H$4NP5Thjk8pKdL$LUGEZzUteh%y;9A~ zNv?Kg5J(}^V{kKkpXzQmk*wmZblbe~DR&X*+kf;#XP0vqig}2;QqJZ;u9-JD)5~T! zpYueWD|i1|8!SK&SpIESi6tAj;M4-#99cLl;CE4|KvP_fGbB^0&|Hydh`Z^xOgES8K^ zLhQ*`jDlkiR5s|Z`E)!ei>(Sv53Tc`T`RyQB-q&9U*WBvi}(dY{zPy58UN{&$E>+ZBLgfvED2a+i}*N!n`LeN z=x2CJtXsq4*kMp@oUD7=(h_<6I3K?h@*)| z!tsisTL(D&qT`^wKeT9GFv1R3(;Ab6O&oFb_`I%Ov9A|s&{pq|jI8oWD#da9UdCo5 z?Uuyz=9~qiVPc3I&zU4DCXUS7>OBqIJZueY*lsWyhvTfvf??$4hG<>eZ4o+XKE@!z z#OPnMe26(1Z#7x6afnuhr2UJg8j!GHRf)VM_szhKWAl)O>X5)wIM?zY37J}y1Y1AB z24B5jV6*#J1nmA-h23g*_U4Gz)e%t`6*DEdR5J8yz~nE<{IAidNl}B%A=roZ4ZNoX zIAelvpMXk#XQ2eH!KydIOa0+1&0)@qp_YA z-=$jP@u-~0tnOJ77Td2pBN5QST1Yu+YQuzPtHRt=j#{%zyh+Ez-ix>8Z1G(Uyid#}Y?(89cP%@sy~JW{5( zwckDb>*dI*YY50JAUciMG5=8}M4?uV_l2j6C!|!I>;`oY&YOoH$e-4!JPMLck;{;Y zW)jbb1sR<;?c&ssVifhamYJ$YQVU`VQhGiuAncr7t@dDcx9XP566(=MYf;xNp97LA z!54U9?u#=*z}`aK%N3;W^1;)KrsYA=({CUEJSG^bQU*0WMSg)Ca+J1!*N1b$NrjazAP#0BDuW?*Y4xxfTp!Fl#Oj>vSMyS;6M<8uxNuTa+9+Cj|&tXW~g{z6onHVT{?lSMZ4)-ivp^l?gb zd2ufAW;HPo(0V!lV}tLh#q9Rh@cj4T7b>avJJB#V-otwD-Z9b#mE|GW!d6%(RzF~j z`?4u?TeuEy@uuxWrtY@5ScKQd@c9o#`nu1t3{_co>oMYnx0W|8bc*2ixvU79ZNw@i zXpgqqVrHm^&DJP=C)OK}BY;Iuonvv`-{40J#!Mmu>tDEBi=Pwuf>rc}g+f)Tb#5zr?JAkw zp?FxcaSL`FAkThgXNwB6W3pA+OS08GEC!(milCVMI0ZaFB-T|pOTS^{t_BdXjL%@! z6#F>Z*&wneM6F`5Xh-f0^g6MK@T-=g<+(!rQ>Z`Z*WnEgR1wmv1+?>SHNU?2qURAJ zk!;7EKNX)UvW;508FXJx4K zDQq+q#z*vYUpja3&0(JCwokZoTYQ(|DT^+$GjyeDTKUQ!9@@jnDX4~T7UFT-PJlVV zo!I?L4N?1mzu8F6XKe*-fjRGZZTCoa`?+(Z<+G(>B{%!y{E}mS^@ttOwdBm%a~s{H zOoX#?HqTQH!{^+ei>`dE2C2o13ek-#wWfuL!tVR2T zDqPpc#}KNHTg)AGUORtRqZU>4l-De_)bt@%9d}TLJ#*a8USTYGh~u1?1v{GDAv2RA zWiv2KgCyOOdvmX+04sWWm=&jJF2H|RMUTG6tlC#7cTnpbmwT>OQH+hjnWRrM<$ZsJm?Np}w^`X0da97q^Ntf<3QsG)spvY|k@SqWe<(h$mD($=c@ zfOeza>nkwCZfUE9!jw^;O)He1W%|N zPlb|zE4Oc{P+W=wG_n6vMENGYi?+7?uf7YKvH0`-{q}6WyMgo@J#(6?7W-=$=0;6@!)^zG$zh;DY`Y4H9>q#+xHg4lK@v$dm8%a&QRqh%xPer#cs|b z->*XTi+64HNB0fLlu$UN@YLZf(tH?@S8MpbE)8_Bw-dN{{xar!^ zRj-g{egf(D;W!1qJDkfLWQ^yse7qSCZrCHHrXK}yDTy_SdouDA_jtWq&vd0{zDA8b zv9@Q)%NR1ne*W z+aT6Wz?J=C{Jn_fjg)aPk+K6;x#KKcoC`$@_;Pt;lHSJ+_#MgTH+z6Vw>aJN@q|{` zFHlfcsn{#Ui{D+8Z+V~nUISv|tVsGY!SwpR6t{WJDLDY3I4|Sf6f{wO*d`K9HylVY zTlX_pGH)9d{a6xFmE}b(oLwPt+B(lj9R-t8G&P(PC*zq^%o-209jsRCW(G7QX|N@S z857wgBMFJ2H>I2o9_79qh@+wYCTn+*V`)K6g_!O!Nmg|3>u-W_45ihn6CRI%4oZ=V zfT~Dzu#sw5(sYrcje&(_U87<=FeLClV*z;U+}S9fes*pP?^VPy0w%pVg-+K$Hp?nx z`b_l3NJSgl6cX{)=AY11Er~{%gvlwP=3C2N_;{Z68E8g|6Y}HrnLQEK3wXDDvIrs^cij2mX) zu(B#OXRygyPo$m13?j8DH}bXiAU-Dht<6qOT6wC7m4&@tl}=%Xqy6&gZC<_WyZ}9K z^h8{aEB^yuWAyi^^KC!I$do46tx__ruN?)^#PbS<6N?$s;zT~Sy{1{GF0O8`<_$`yEU;Fh+9@3?1sLl}+cz z0|1BsdR0M`*bHseXLMe72^%_hwV9qm^J=_AP{kiV%L$=tav3E&Tguf#uV5zWm^7m@ zv(zDv;V43m2qn7w}*v;!%Vp~%QF#d?9+LZ>#E`NLF%;xNqR6(w@H%0 z?z1$NYV-3);rtR}pz*kjs=LHqhGIw0KGW|>^NwOp1*;!(K_=LaClQ~ zL2`_5zlAQdq<`0sigvyz&&)k$sesd0W@efn`fft^9{xN$HrI(4TySZ{1Gy{h$g1T@ zbIR=9oaD(2@pUT$KokwbA-B=zR=J*C*p}de+XLM43qo^mC46eN%{av=w%m~kFO8R5 zG&EO;7D^M?J(M3yD@@Khthz-K02ENP^H9l}a!MN^osHP6(j#B~LCXvPN+B+Zo*3d@ z3EJhe1;}ZI6=hR_N}~=9r(p^mSm=1KmiOnd>V=1!@TVqilk}eNVilj6j~>_utCyZl zHyzidENykD*b2{Ghs>fjcFC}@d4WokpYD;LrZhsrij-8tV(W3tohRVu(_p8T>$ClH zpv3VEnF7EiB`su8rIjxn$j{5)_*={?)N?%wM@2(Tt+7Xng}luLP9PK3>A4PluI)(amG zFETh5tA?fy9l#pR&-2$6>BVZVXAzREG41C}lg}PiMhJUw>Ly8M4(|{3Jf-dUa{EWl z#RU~+u4hv^M>Dn{f|0wDjUTUvx5c zPvwu<%J)y>qnM=*T9L7Y80*!pz!ggMV%rtC)0lGE_JoNVt&H#2%|hr>;+pe!Lwuqi z=uuPi1xB^ULd-oj$$Kv7ttRP`tsA`-u;hILNEl7dcj`JEVLm#ibk%cf!l1IFQ`Y2B z%t@7fSg$vPCnTJ4P3HkH&jxj{>?t8ubAjY;-j#2GNRd65S$Lxdn?wp#U5FvR)7qH| z1UEBarZUKOhJXw-nP~>9Zp9@97?}ISqnYZnhl1sH(T;F!Oi3-artm~f-}+CR)>75REJkt#F{^wpA$V5raRL+}o93GwOC z&#xMMG@91-M|Zh=Aq#4P!}-UmE95$f{q@lJh4n`v=@|FA^(ZHOVD`iv`6)N1W~9uh z8%5g!NJ`bjWjriQ?Yxvf*5&A4?;|6o1%7j=YgsvN*S^kh>GQswM1(bPd+h6;b zx35#=u84(^wK>UVa&!Im0umHzJ<*rH%=B^Qy=H02o)J|D@rIsuQq=5jF8cSEnubZb zXD$a!RUn~Zy^^tX_Z-H^sa&z=0Rg*TEq_Y+z=dcX*Oh7TMi-U2H14Nuat|jhe=QSF z43%0^LHUivnW(#C9~qkl{5 zQ(~A}&G6Gq`x{aaenhZJlAvfv|X8rN(!x`PL5q&8S6! z!~>=!WEC`*xIbHJ-`;o)Wh3T?rsGpbFm}Y!85vynlr-`r#0;cP6WC%l#H`=4C@TSm zmkr|O9{S?T>Ne|tVho^SXI8jT95jJ(BKyHMqR;fZpTw)$URYOstdj%`6f>##T|d|@EM6F-WBgPxcu$?rb|^S+ zFmDc~S<}M!gCs+`ZJmsG&k`z^F>@f@qi9b*<2`M(^4Op}hVP=Ul)q6aIY}{pU(ApK zhID?);mfrcp5T>uW(*HAiOw=W7u5pd!D`xn>Nb?uJ8bn@?2Ut3riN2XR6kj1$O6Sn z62r}kt9bxDjdN)Ey9zxMRVw<0Y*@Va^_gV9(_dA5D4gZ28@_z<51+hCcQCW{%h!ws zE(jXU#TcZKmU(GEgZ-nFVJR3hga1;-Phc9q%Hlb2{$-EbZ*dkm;WeNJXM;@?_R^CB z&tH56VoaArf)mFc4jcYW@M?BFqHZkH7Kie!2Zr?&A@d&tfAU)kj`KD?D}EpzHCTJk zXC;_u_lEVVAr?t5ENru>W*N~f6(mQ}Rm+FuBZAA5u^|)ilUO~fjG;`gbBzd_u>+Ao ziZiEbgZ0f(7VA_t(b#RJsVpLY>&HUn78u56wSnd^Xr};~kNg6_h7~_PzRR8(a+)c< zm?W89H*Me&7`AEJ+p-i6%;~#eUW?}r-r(L<1Xl)!;X&KmvMtfs7c@608y_+fKD}55 zO9C{lXSq_#P3{rAJ`Lol&gW5rJfDLU&E6)fQpx{a`6k1I90@-j?QsAMG7k34@;$SiE((<%JG3f%n|eEGT5^Vl;c?8SprqnDwl z9AbJj9w-%a=V~kezy@3^z1xUE97e4R#nkpD;q5v0sOp|izJX!0Xo&3d-3^WKnSDbmsz_Fc1xxb2tlLT-!mXEu5e#wqO zjPM6}pF~M=?ww%7COBj+ddY@E4Rc`Ux`QM8_F3JSu+N4sx6(`77y|%6HQtGLldL~y zX^bXqz$mu7vyQQ6YYZJV-KNuxupUuv0|`<4AUke6j$&G(Y80(OA>$47} z5!~pPE?y)|_%%N^c0Vuva+*wVm>RMB4f{NKwlEW64EWR+uN~RdzEGChV&34H{j?j+ zLSLYE>SV_S9gxIjzZQioTGO26=OA9ayT!ZoZse|A<@Gbw6Rak-RPS8wn*EH@uGN7A zdko@1|FE7}-e{UtDYEvb#A{9XDM_jRI^b54ySrW1d~+GS_oU`=kh#>M9jX-&Z>6Cs zk>w}2ayd8_LZ^OlaOEgYE0cNT@0=x&QnzCCzO5>8C3|h0$WNl4kHUf1*2hZAYRTR} z7d1Vld?IGwj!^JTd3Rk(-NGWohL2T!l{byTQp%UB$1qR3 z|HtbKDt|jv?YJ@(@S(0IU4aIF{kMBsg#FX}p3`+wIHyCD3Bxj;ryUbz;*qVm>r?}C z8DVa1Xbo;+3f%8(`y0Ee(x{8L(BPH3U^^WN-MB?Sx7`3Au4?-Fxu%X`EZ=V2`$L&!=D{_DgdHcE z=|kT&%V_iDQhQ56I8b$GHg$`1#TU8~KcYfbF9O1#wNZ9br2^UzW9+T$&bcosi{zu!C1S58hpC zl;!mg)r-1DnzLZj*>E#{-Aft2^g&nAuC}(xr8MELVuQmZU^i8+jwxTw%9Jw4}u6ghs+}9ZHY+Ph%8t1r@ zkmDX1{eKv_48o_S>*kP(lhR+N-HB`N)Vgq12;&eX0^rGEvG3w3Q(42OfHo5yEyid8r^-)Fjr@kqD3$GY8-AMfSjzSzz@ChmDI6_AC-88lBU z(iXJHOZTm#pdQKqGOF>sXwGG!-anTyuPoH!O|R?^Y67bBOWf$_0_g;YIATa2Nd|qi zdP^OSHv;gYdsbk4L1A1hnE0X7lz*OgKfm}nZ+sxO%drIxE_JNn`V|n?ny@k(4`*B z!gp`%D#k=o;U$2{6+t?uqkC`>W0Q0P*ovh=^ne!|9}n+m8UKD54xAj3*wuVq>Zxl% z&$QNh=ciI;dV}+2CYxArrc2GWM&o5ND{Mgqf3M&+rPs(;c3^F(loySFrjA!@EqkQ1K7Gh_kMQuyHP2-S zi@vPM)}TFeG<=>lVXgPx0~=fQ7N$3yXff5!;;amm7YLA>wZ6WK;Md_3Ip1&}AQ2v} zvfKM;^gUi^&YCNY|2YjauWHD1NoW7iw{UwN?icss`&`>X$IdB@Lg`6QjgW%LF(~!$ zES;{n1c?3X<=h`}Fu1d6F0GiaUG}j(=SRC2mC5KnP`BfwX`sfTi*`>L+vah7jNun9 zwU7KIL>xlcD$x+gDWGprquE;{((C-yuwu{m9g3~1kDUc9iy>vp_3rD9uZ)Ao0w6NW z!1!OZtY67Q@>&B*n5y__`(K1#QGA zwvI{r!!j|(MANGnUea19I+r;Nr617IRdEFPyLJzszKE_pMgXus(N-+k6^8-Bt1Xr` zPG)^X_QhT{?2qbpNk`rVB9hV`!Ywg@Z7Lz@e$eJCrSm329VMpJ#KNN{r9tK9nf5=n zOAnp<+kDg(T2H0p4;9$)&QD>cJHiFqd^wXj4<^^-!Cg(T!u{Rd-KVv_c$!286$)ie z#QzZ_``P861Y>kx1*Dfaj2)Hv zfa+f&zid&;Au>CW!iSfP`p4*P@KK`0Ph<#RI&9tB&jMTN3-a)9pc%Q(Ib>!gfgS-i zc7{w#*HZ^qlNb4UuS;7v4^e#3wIA`_Macx6&E{*ZgN&X?#B={SfiOy_#2M^Woy;^* zYeRi69Ic0m?i(ta)g@}4O{MuoL)DGm9+o8321{~TFanaSeHP7{r;}d-fXmSaui@4D z2f(P>kjH#kd40a4CSl%=ON4M#eK=7Eo%~D_j<$iKd&|%BUP~U2bbHd@%~=VGECh>H zy*J)TR(SlJE0;%%4|V0(v^6Jdz@4@2K?~R=9e*0~HSpAyetLJ#oyYSQ*JIAh9WiyY z^=BTckD4YD64rU^<513qhVMjc=F06`j!uq?cmEMU+LVp)*hFA-^Y(9(h&c>;EUg|GOkm6K~)JFVr8o=n?*9e_#6%sCdAr=yjAG1ZtEc3E1e3eHPJ1 z{`(RdG?ptH>k0YajZOYvghs3#uBuyWHMUdF_80Ka@=GNRizef7ZK{0=<4T2y5f0`P!TWZq3@hVH~vyQBw!nxfzeUQ ze?fGF%j8DnD1PTKmV@4{cN=?RwT{|*a=u1Dki%&W@uyNC9_MlQ?Q6(l)Bky5zAI_X zllG2~4ee6hsAbiPC(T%Y{`r3zC9~;AN555eBUbU$6=iT^H6^0?^ zc=&Z=y|@&JFMt{^Yo@`3Ul0Vv;9X=&-cOskJ%?b>2=sqCGP9!X|Fp9Sq4tIb{GA=3 zB6Lqa|3%^ba(z2N^{?WS`#K1NcDWLD$cNY%2^W}E_vF4t2F%R37OiO&Ys|EaKu29YXPhd$>Jqc# zeN{JJfXV&^mM62dcrL7+L>|zP+gr1!L`cG9>>2w5c|r`tMg`&21(xT7!c~c7#HI4YI_bu*c0R{B(>u zdPrl5iIMxTJX(Ym4-DR0E$j+=$=-a)nz}r0aX#)ZE08mFlSNiVM(2p;(GqW*ay1m> zpVVB98QAeIuFlP+A>MxwR1EbXzfRM>XHvpO2Egwks9uKSKOP2X0n$ns{j(a!dB!y! zYo2vECp9mWG(seJH}*QOuM`iS8mw)fy1E$wCB&mo(3c*=-`Ln=yR}n#g{=*N!$jfq?Rv<&omqH@N&qkgMsMy;Dj0@LTv1WE<37B<@3tgw34H zbo%K`XKFi@!si!lM2_{`faO!A5k`=As6Vga(oc+A{?p4>jwiiZU}{Ct4S8ood%BD9PXY zc7M`S<+(URq@Uov&!th{DUc#1H&FGyIn@@6%Lxi|;klTPz%K2wjG@9-orTvDxw3R| zpbfsW2vt!FQ6H+ydAWNWq1b;;tzMxAJq9gM(Cu=hwHm*i^)Yf|HUwh$XIs_=30xqT zWP_(I%U0*WuHvfEKGfs3tr%Lm&ueZmuQ{pIXk#^3h57#wzT`_jSZGZJj|tP|j3{jh z#%#FC$bLN53^~LmYE{_3>vtg3QFaZ*o1-aWGj7s$Y<(-}+Cul^B@B;b*nSVBjr?Bs zQ2e&zcmv*35ppR^E^5D}lG@PL`q@}!CS$30Whvk+h^j0f{-+`)CMH`&SSW0Mz~AWd zAT`g;VLI4l{5P-Q#N_EMA-g-PS5;8hd{YV~?|Jjavy(nDwn1L`t${+p=*VL}_k9Wq z;lR_uCiDrG?KJ-#za3%)0g~e#>_&a`Z6ypBVpEgdc^K$xN-gn!RGV@zEV;XMIG`pJ zVspomCVjeqm8`VTf@c>KI9YA$qQj2_t`7VNdmjSk@9k*^Mk;;zqis}#17=7_N9r*z zW9P@l;)}Sk%kF|+BwqHWxefeyWx&r%zPRhT*A?IQVZ=Vb`?5kzK+OBf08`}WX8of2 z)^lS|Tlv0?TX<7p*V_?}~`1YQ_UfqTR9?hcf zy5`N_1<2*JfR&S0?{t0D1jw8ZS_oh&^a;Ka_ER0xH>dh2^Pbe*4)_ZF6mLVjB#;ky z77$Tz+A3$5!VFs(cI$SDsK^(&NimvTkKe!_rj#(U<+o`xJwr zhJ7hcE(*W*XtsB7dDs?gqqrcVu^aUSE*;yyRFNUzFRr zW8N}CSG;oufIyhrQ?odmW_*()!qn{jtx8jp&{I^Px3`S}&$m^Yu`>JNx)-14zYp%u z-3CxoH#ve(4mI528c)^gbC0Q4Bg~@FV`pGi;fA`y2L%OD>|$AL&H#70UO85=`14En z_Hu%kadR%)(N-vvDDD-Y)1>~JX_6~g0g>6D8c0I^IdAFT_ z9B{KfkIXO*ISN4I<9(CG0bw~PF=5i2cq&vZz^@3-VM=ZZSlVD#q*rZ$R~h*_a?NMk z%su}6P_9$6ZLIpRJUF_-5TSCIA}k~X!VqiLXn_+3MAGe36w91}JZrZ~6@M?ke|t_S zc9RQz_}p(mx1muIv)g|ZldK>;X2zvUVRYS)QnO%}W4%SG;_h0car*2aGB@Vre$8Be zzdqPf->~DCz{!1_Rz|<~_|Y#EIOW`TjZ(a`$jfRVb~AlY@w{hc5S^{}pRoXuCAo~X zr*p|UAJS4p?;f^G2sDQ&DF~EoulU>mu`Op`K8QW^l4#1BEtt|Lf)_qAZuNC%OGyLv zPq|+kzoZg=b@b^!JS9mkDYjW)r||oTCq01}+uCw&rkEdb9AE+23+#n@dqS+c2PwgR zlV;vG`8UHtgK5vRH}e|=iT!3?HZDqsXGA?1kNXfz&&l}m_gI!ix)kSxK&)J zm8Q7j_H^N&xOa+qp!x6OSf)TIJoo;5v_98#kR~T*%Ha;UoifGz4mdULy-Kr^4F%F6 zPm9($L*(&N%YCn6L(_ynS7OaPPlOdKSKs?< zR^a^5A5$XdIgyO61Fi!dYHBS8p;r422WIpSqHqoUCdmppigbzIbCJ=5XpDgGa;M=L z$~^lzTGuBo9+jDd8{xEtS^W1th9TOL_OM?rBBQ6?HNtsVj8qNMtAa5*o~^rReSip~ zO;?K=39Ji|!Uh2YzOnbaUWN{r!5i&c(qo@FNM5&ob_(^r{K5{?>$7Gp3%g-Kf*I`< zZi@!Dx?@^$p96q@j&@4<0_jX#3DVhi_aXaz9bZZtAZ|m?qsx!Iylz`48_xhG=Qm(B zZ zbH{3gUz`MG)V>IfLR__L4Wt@tAoGE~Ul<2GCFU<2?p!y3qQCV}~C`AN(?^!)D-40AKIO7QU{ic6oeTmL~I(xZ(?VmVv>^R{wCPQV(J zU4!wgoHrU=A-lONDkaOqs!nn!8c&1gUACgbr{*2Z|W9-rD=iLB*6ucWdg7bE;$8M-& zfeJy0xSzmrKtM**^{Q#W&GUKzuhGp+1LCXIicIvDy4-hp;vWoYTl8J#oz2Eu(;mqE zb9n4TJ9QPbM+oY*T0uWA1dqh^AhSbjI0SzRn#{K8)y7woX=7xtg1}Ou_44d}y|9i}Q$?lk#3OzS^axQ*U+y$}!H`?AZ zEUu<&7u;B|AR)LXxJz)C;1=8=1h>ZBJwbyz1a}DTZo%E%oyJ{G=Xu`m%$fP-&$-S_ z|LWems(RI`s#UAjeeboiS+QlZo`2?W|EX^*!TWW|`hMy5_4GtED{V7^U@otgcW~{Y zG^b*>Fm9Rc0~@ae@7)ke ziVWkhwmej3g2r!$E79X!|9Ib>z=0iEY6K?d_x7Ss`vX_TML_B zKKejdS-7FnkjEKLrLKa(VjHvd9I^Mky^WQ7mV&=I;5UYS+6+o>q8r6}#kdu(Rr7X2 znoLb)Hat%%>wL#%-lALBr#E`e&dgKD4#{Ij;N}%PNYG3#XOu3fR5FsSyVoxh^D~bc ztmu24nTU-nZ2LR)2AOv*4x)g)-~F(?TQa2aOilSX-MK6n$ z!GELrmHzcpulw=aGPTL)wVXJ7ydz=*!Y)fC0*%&K1Kd7K#YHx)5)xlSJT*g8&9PU_ zTLs$oh2tH7D{5i52nDI?wGF>j-O?1d4?JBh9uR>TB|ncRxaC4X6RTxu2<2=1L|d|S zVwd{o7DcUb;o!zqHm;VQ4>9br+9GV~)Nu*LD!K2tRdGqOwb4qiWpI;??uUW)Dh@(@ zuUrupIq>^!ceG>f3ar>WtJhR-rE*e!%CJ?QClv_bFS=;>DwKaT6(!)v*`w2T@ zG^f%7FZg`1RxiD8__us|pKNlAcW~vAq|ct@T$&*ty%d)dQp!h~#=c>6a$rbFx^{Kb zK%)XOj74vWN5R+j~^v{upWPX*C_g-b- z+&2oiueN>h-M2BZz|yaHD>(T3*RVUgEMDr*)o~;=16S*c^?>Qs-eD z2UHmZ5`WRx;}V$sF8xG5B$#KL=~-Hi-MA+E zApDz&{T;%`B{+|^C;E9?lgp4qQRsEIm%#<8&NID4#+F;Py&N&0*ylex&wUP&6+!P^ z(Gda}mK4DHPy3riYoHa+vdbHv%X4R@Q`^r!!hD+Pa*FC^Rn@h%kLJ~Ujy-$9>Z5bk zo_VvXd$xqU1pep*2tQaa?7tDI&h(Fl>Rf+drBYa&F%v+`x@->5+XzibUHrgqm)pJk zl|laZ%nq_}p^1#S>&vg-FILR(04c5E!DcDuJ0TrCt7}GyXU(cQfzP{)kQKFYzxG8| zZ6I=bcTr2-TDPnu-`>#cvTv%^~8?Z=#P~(q)De_ zJ3nz87+?k~Z)PL(a4A5Og?}VcUN`NX>Yn{HheWd{#BkA_@Me8!E~!LrI;7>C4O%;6 z4^i7S`Z-fuE^a>MWYj-aONupC2Ly`_px69LF>fK?pdD?Gu-Z@rk@ zyr1|nvhe~P{ytwA^4j~z7<16 zv=ce&B`=^9Un|7wZozr`N;b~MwrkF;=MgQB0Fcg@RqY~gDdiBd6Zw5<9_ti34s|L~ z{ed2CXn}$%L56Fe`@7evl%*Um8zZ|3{|MhOvT}pZ_;VJNj}$V}E|mm4GOJ5d@zH2Z zke3|@$p+nuf13yGs>zAY;TtJgQ=7A4YYuk<2H-n7lA4L@z!4Gn-Y@d2qqH=1S|JNI zr}WgW=`MqO>qH*DXg41pJkV#(@4Z-|KKK>@2#2CUf(6hb*iz1tLBcQ=u?53D$)$m# ztFL%1Yu1L_!Dkw+JZNK}DvHA{8Iv)zAuHl=9V-03jt6J_dD&JMjf`pb`=; z%^EK<2LS1!JiMHxirAH3)}aJ-I-=J#V_;*16yme(c7@k^#KsAe=>s-LJP8^$E!CJr z(wJ$8%bD@M8ylPnW@NZ|vC7^}uWd>qF^^06~2m=57RI|Ak1 zD=o9xa&?R8n*Oq>rQ;0+n!L_J=A)DF4Bt_OlP`v*rR0WFG^$!Dl|_&J*^gI`&NFTJ zwNhmhMSN;bV{T!4*4OTiY=Et|X|i-4+n?6_7hS)kf|);v04WweTuJq(UvIvvn_-dz z%+7m1^*S-s(8{W*C4pblY8ChzsrI(8xY@E~Qweh}y64Dj&Bl zL-hr7nx57M>)Wi31hdf@yFFH#47`)Qucm%M0e8D(>Nn5#Lp04Kx-DuCoBHif&nyVK zZEu(j`c&4({DkO93!pt680KRuW%*uDc$XN}+sN;Efv>;zPW4F<;1n|2GG6a6dxve> zFnX*s_|GrLDEVoFhuY|HnuDN#2{g)3SWn+f=A8{hV6NGJ&JBPPIy)N2$?P)LBSi`2mT7FPRDL_qMw+^(Gk_?&Wm>dv1Q~DZlRt0K3BU*4TrCoYumPtY8C6 zUPGUwTXz2^l-@9P)19(2&{RB^1;PAr--T2B$>g&C@$qyYk&_59fZ?5%_@&k`YG#o* zbmX~G1=9-FcOFZ-4vQS2X;eQAlUHt;7mAYh12_E=$)nEl6 zmXwE`Nv`4iOul5l#r9^SY5A z*2{fe-mX?^aDUA{v6#)B9;SS6PLN2(o>;cz<+_5rsKfMKQkdlVoG4iIsdGX%3X{H7jWjcfpJd z4JM{7#GJtk0k%4Km8|fa1#+N*U}#|d$vZL^feH{7Kix)X)RUl*;~?0}y%t~iBVmFU zd=&gHL-l=k%VF>JX)nslSF@$3Qvxp@Pg%2+uXr43nYP}75-5^ixe`>8mwAu@-?ieJ zpR}PWxcsG~*7ZwPYGtLeJ69=Ktxi$sEC4WD6kpOR9Uz}KSsYh7#k~FY1EI5$vB8sG z!3wB8b>>aZ>Qwe&`IG*%j zBj-n9`P*0DBi`;dGK_%L!}@#Qc8$KFcg*C_m{Qc~-Vy!g5V_qOg+bR^GY@`X*S7#h z{EVeC2EaepZL`_neS%A4i@-mg9f;-x*M4#vKtm&VUwOSl{aA{OB-U|Nq9E8hjCPqr ztC$@k?iA-2b^!kR8P3(uRf*H{?j~r6^vUD725WX z9M1kq22Sns+7t=9MC3}vsAY!F<)feLX>0DaOfO<631*^nzHs98bBS)2r9_JG6_@IR z$rCOAb*fL&+m&UzV6-(^S*ghT0S6Wfl>4c@Z`1b^mC>ecv6S+dx{p;`E3fNci*xsJ zHl_F(&@x|pmbliINE8orTUct+5~#V398|4J=No-|X6md%G`>r}Wc{v9fHJV?9PBNE zu0tjz2LNGDH9t(P*RDVedj}tC--i1l^0bOYO^0mny%Mn!1pSwB}CIcF=|*V@rdzM)hVlI9Yf!c^*mO1p!;?p7AVkt5yQ(h?m1 zZDX`^pD|;Ch$Yc`=|3a#guC?aLrY0`f=a5u#QDTYTa$HO-ykGa9cW2y2B|A>nuf?p z?t`SBPJ^TOl^Zs&PAlYSA#9>D_k%|*NsZYjR0usbEd$UkPmg?fIJ~G03L-dyhOxkY zX67VAntxv=WWw;0r2({B7JdFSnJ4n~=9qhVf6;(itI`>V3{bR}Fa90IjW&>MZhnB6 zH9L!*9E~MtKV%@g#XMZFNwS-ZC`x=;_YC1dKDSN6S0;1+h;G*0VD>=qB(fl(3?{`8 z-nUxOKODOSaZ_C5G*)&TQ?H(Zu78-!G3J~r(2wIs$nsGH!*c1XdmL+wWE`piz8i)R zp9(`=T+u}(OGscx#B(?#;} zF7h;L#F-opuZbIlmmUEEw0mih5{otW?9!i;^nG$Ba~Fg9c~Pi6*?uq04~Aq--N)O zHGa@y7XTb_;I$&9hdLe^v%-)mABAIA3y-=ddn@;XY;__lxiy12jm9lhSldSyut7Ao z1=c2}T*s6I1=D}HnuFDngtI0HMkpChTpke{#YdCEodp3~P=H82$D=Vmg()ZRGtkjA zQkVZHopXr!1?u)bP^SR4d0_-{;;&rLNR}4&Un-o_#sk**c3GojOR}Ycexe;CE!&0lLYgsTZ<4AFJ$?PaFI(}; z2%r1CdDvRMa$&@aM962~^At?hvQ#B=6q7JTM7?053sfp)Iz-cCZk=XTve=^)!ZIag zkn;9%S;Cf=RNUG~%th+0R3I_nLqHb-l|wQ7quQHP8zyV*C_VUt?)KpnT(0G(MbueA>%q0x&5d>+3@wYcr$j*=l$$jHwvAW(_BO8V zhQz4MS0_7}70%cUJ@RClHt%ywMg+xn*JlHoHS5PcWp=riV{rbn4q39@j}`q3CKT>qB zmb!)moz+#1cgj<48m_t~vlm#3=q~fRc(y`S`wS;40U|jffKS0>d*ltk!$jw|Cmh#O z?5OJQ_?$2q@wl*XAKay)*q-tpC$UX8E`4~G$HG%rh?4ws=l!9J3rA4ySXo?b*-Rhj z?Qfdu97z7dVMdN^=>^F7EWyxDq0Ebds{B>dJ!22*+qRn$@Ha|igPXkMjV+)4p)K4Y8Z>mRxP!b(1lgOa|ipuk*y96DsZxe5QCJ~%g(~_?uxV2 zi#Ds#eyeYAcYArW_Fw|$2xrnwlN|V&+=$raO%$+~v)g{9^duu zOXt-__<0t`MhSYc!tfn-J&b;bbGWQW)o9KSvl=DsV{T~Bw69?-)>}@=+I&|}m)j+* z9r>iiCHq$Fhe94zhg(Qvaghyw)K9%u^R3XUh8z5lFhsjaNDjd;ad5kM`qw28eXhD2H6Dh}IPCy{8b#ZpFWhh;)ptX($|n|&E8d_bd?O;<%*v8CKq z#!%;GF*|&pCE`O7TeG#+Xlb?-j}L+9ml|1dR*sTbxa8GB0~GtvY*lQfWDx-Pz*Mb? zDIXD@O_RJ@QK`iys`f>hw$&ddUYOhUW4x@*CnXaKxv84LkDnGCY3y@WB$HLyzu<<`LW)hXm9b5UJG{Ob+aqMbGs3a*lTQf$9>zwXnzJiDUTMj5g2AxW4PPCCf8M!hkR0rc`XcJS-G|gQV9au-^0eTlDtdf5@uXwNz))X=TJ8 zm&bKqR*a8&c?ID{KvMn6WePmMd9Qmayx_HK>!d3S>O7{&SxvkqwtO0bJnhl8?G&F{ zH9%nP13}s}t4$(kxdbx7(GtXs?VWg+li*t)!L9LL!sVqa(TGs&NawY%wukrS{MyA{ z1D5p!naMY#pP8;^ZnD*jw>Xa3X!AYc-PeC}^&MbobBY< z%hVhBpD$urN)`>j9GaJ0GO9qb^-7i7rs9^^hl8S?)#UJuS)x>(Tp};`jq!iG$!>XV z!0*k{4PrV!G8l~^c)fZ}C|yqaY=_^>-mhd5xqF)2l#v)u{%Ws)K@iuKPx^>`-TKLH zvim(*R9;1QU`Sy0O9Ww4>lbQwT=)7AZ?FQ!b%vIDcm1og4x61nAjD-CWA<&0Cgc_a zSxodY!jA!}vqwrW34yHUl4BIVyu0w6Z*1)xca$h0yJy({b3?jUbLuS~-JwWsi`j|t zwp`s_za#lZvz|BF7P{D8X)cs_yUov{!vnEo7PK!{r#4Hcgu-;H_4Ng7#WDQg1nb|a zry>dVF7GZ_tEF{Kl(nbV3J8=FpsW|}29(-FTTF8FZTjfpvVQlQnwV0)PR~4L)@S4u z53V_!erCF+;vHc-Vrg>K=WzMr}Gm1-KS#Fw|Y7D>3fxgkhqly!Usq| zV)w&Glh{RUPUGD&BbwCdx(O2+<}2;?(_5ocum-pD96qE;5rix-hPmhBBa>@}^a~Ae zHfJ!;s(ur8tA8fBH3iCfG4Pgv8&ZtR>A8Gz{Znx&>_*V(2R1Jbx9iyV+WYn$(!fe~ z$oHgI-LrlsEsMx>J7P<_42xSwxb_GPel|LJ0iS&Pm$y4+b9q;scZmo6-LGoxqB~~Y z4Cn}_9;skCNPBo_BgAOwMtn7HPjR@d9wed=vCL|SGn1e1hOJyJ!b^x!*A(4;4k>Q9 zdGpoW6UWuROFJJwZdUn5$n3sWhWimxeyg*CofaTP|LS)1Z{x6>Pf!Pt<~_#jz#i3L zr5}FL zvyk-fkU$2{mD!br|L?cI3U*2Quj_q8vMT=+fbaqnztzl^ zJ3qtyQ~v|o=~sx!`{y#g3$vo|zttjm|2LZbbl}Yi{FUo=XWbvdIsEq>0lhf-;m(Qu zBtB1|8rZ*6PPF6l=@|s`AHh+4mD~SI+EL#k{d$&$D0Gqi$CLAZlJ?dj{kvC8h}Z$) z7T=iVpZ`-Qf|u(W`M<dK+f#ys(|re9Ldu<{B84xHMhOd z^i%<_hi6c)s~yA+7bzF4g4LF>)GPE*-UL7h`)${{wud->J3L+p7a&}z;n}Y3H}2Ax zD-~O=*UD3@`=2qwXV2Jk%Rp=IxR93)-~MH`TzbSW^gr+U36Y{BxMuWUpvwGn6I{+8 z`5#rVS+t_HSGIIxka1Jva~`>)q5o&vh?m`Na3;8Dd?SY!+cMDwL;3$ZUB(MHxH>fA zaR-Da8Z_rTe8Ybh+Ulh$mc&dMaaEI<2Wgo)vo5zg4YiDbRYYzEvsT7&sRGrq`E9M zEu{!}`FPbSf!k~bu#PJCG2>*xMqqX1zw^bhe*OO@&D;A`1@_R!9z?W-BGhLp6 zio1QuWObJdW&Fy!E%a&GPzn9EEsrx=z{H#JtH@3ZTZ2YA)!F%U)RpkDhZuE4R<#W zp-Ck?X~QAv4ch&>(f)j-U}$r@pEa9O2KHXRsQmC=%M}*D-)QWw!A5=b>N~(1*>p>7(gX9cg%)2>2->X&^)=`Yo7 zOuPKu&?LO6Ul!|E#{>ku(zSl2aaw-_bPN?d)jXU^|M~Sf z=rZo$rUnX-%y|A|I5oaeU(3_Fnj2H`T0@YsI-z|9BJ#3Hb#sUlDN?$oB&WqXDX3Zl z!=7>B$;(8v_aOaU%xlIQA!}qScF>>47&W4?T&|B5WUr z(^geAeJ$n{qugyCo1LygZ~kc7KpzBVd9rIJ81B=(Ry=?!*^4zrJ8@KLt7KoeIN~|KZnHm<*tUUe(kGjUw>YNU zio;|B+krM?>Ca7-H%)gEMWTH~pwq>?Dg6gt3dA|6j|crdAsFw!PmSP=I_jlzSbx-M zo?aw|{m32dNzH7j_7pd8DcqI+-%H;skt^uib%pgOnH??UuND-a0 z&D8ytaflEkPY7h{kyLBdC8xAE~8Jm zpt6tuW@F!NNy|(O+q@yI>mp5_xl)vnZszLdj zZ*4w3WwxJ-C6Z2`%~m~OY2)LsX-2;;3$|a2PdMCL)ZUC7&Ynt+M8At^8l2RB(MivI zU1nOlTmPKsyLVsyFt|pqytlVk;`0*Kmof{=z;V2P*~+Yiymn#eO8ZD-e}Pj8b)hY_ zh~wpA@9^o#v-XBF{@SYj6Oz|;CP^AXv|DO;`%6e>nNIz=zGGwKL8bqfeS2+qAz6F( zhfjj{Vs-~j{=J$Q8JW>J(!N3~nMt4wG%sC;q#)RtC=798QCyZ7^=2Mu((ugK7nM_m zxj0-TWR;?9(lO-G=GFUtV~8LY*HxPgPB=_HY7aUuRW2l;Za96oCMeeL>r(3H7?n#dFE0}h*6h;3bHU~gtkn)a*@K~2 z&^>fj4h}vS!&}?T>}P;&<3Yfr>fgUYiND5i6JX`}h<^6e`!I;2Rm&sj6ZBFRP?oiX zuXq5uP2UlUd1#;9lgz8m{PHK3SSo4Ofr-TG`N)UJk&7^s*qBit#+RyJTs*Gwj1n=u>Wq+*upe zkH&*a-0o^^^};}qRQQ|NpR_M0WZCZ-t zU3C+XGr(;CZC};xski#Hya(1RGjRknp#j@PixciQdzJG`kmWR61hPiL>1PEwB(w8* z$z>(H1Aw%-+?XAkhpqEE5Cnal%4};F(9W+Dx5w(smDa8unV6nsNRTA|w$G>AY^vO* zV@c2qM|r!B{?`L&l5i*Sj#3fXc2coNLd>czqffgZ;|!k>V687~pr$HrE3SF^a(iq= zlUBh$i+$FZ0wp3>{wZ;+2_FIhEnJbWf7m{fq$_7Gm;8DpSoPo!nTji~CigG-Nz2)r z*=hR^#p*sTzhM?vZVZWN=%gcp{TpT%(QfMB1gxSBx}^JFWlyTxXC(*uF%VXHN&Gja z$}gM8bxjgv5p!|>?|XmaGbK|D1K+WbVv&)i2Ao6eRvZqEdw0c^GSac&Jw;4F(6Gxl zyI;?ag*lNC8=X`M8{p3M5%(U20$)!E* zxeufM)!RGecS&7SQ7V|LuASxcF1>u)(|=<|wX(yf5{0yd4$`bPR8sTrm%OZp4Rz+H z``FeNl$OkY(@A_c!r{IIa+M1y`mjvblp=c2H0iW3(e}KvYv{N7EWgKoW9XX0yAqv1_r4wCbz*<5(dil*VQQ`q=4pxs#YaSMKFe9v>7! z;^8TLNcJ9D-^Yz{vZExiyk9VZ$3rcY-UPa1S~E(Jqs*phK2E~qbI7N7OTUVx0Q7V& zFX^?7inROe3AE{DxG2G!v-s*)ua;|`WM-@eWSoGNwTxz1+h-*YQpbbk-jetE6q0>r zPsT#oUH7dUsU|F9v7+@9I~$*~Qm@x0TiN$G%+>@^02;AJd1sviuEq*#I3Uty@;XxH z^YGHy`9SP7$x?W+V>*Z!=rAu~Z$a6sonHimJY)ItoM)~w;ymqTFJg~~(gD&@_T(;P z^(VEJ2Zd%R^2Ss_L6@Du#xc%4X@KXo5V^wXR%@gdAa%RhLX9-mEYHcO7Q@K=xYbgh z5{n{ap1x8uh}AQxQ+kaA~??gW;=7d>L{DxgMib7kQ|JhBLHgq1n{Qi`xflbkELZ zva24{ee__jZ)BwG@`QbVowf?NtkzWsbz%}iozN^6(Pc!WB8>Q%LKdVpS1GRk=`+P= zC-zzPrpU^!nqwo#+LXlE%O$5Qkk0v4LN;G7|E-}I+K#)Tc0Ax~ zejm{;N)gnrWo2^y5*BPlLX;Q-SVdIcjig6R;JJk<=fG!loPDd3c2-ft4MnO_?od~5 zth`(41B7(M8Bug=XCg+*7cYhOjC)q}=0DTWae^1C>{ddTYm#o74jFoF7MFzM8gjR5 zyJ~!gHq4Bmpidx}69mCgKY8h^zMi2XJ>hkyTOLM2k@Jrt}|jXYW9u(y`mC~Aq&uCQA=Jd%`Itt2Y?M}2M8p=TWh z{}b&TRC(uF4pz)|yOb*zqroD1!y-|Wzco zKstjRUxhVUCokrmPzhOb=*T7TJ?i{chBB^#kLl;*n+-uxwDT>^6hJ2mS{>RqrynTWAXSWDlq5uh~U-Y zlY);U=@Tv6`474knXjjS$N*@s5Yd@1?UJLRF zF5e8$t$NqjP&4r}j_(&PH{6^+jM@nmMgC9pivQdWS4IjiYP+V&Q(X=}4+AehHt-drr)ZU}y|J7$Hh4Eh7pvEX_!!suGn{z&2hVrV zomuK3@B+Bd=z}sYCnd#IYM`as0ya6ehj;NmVhhAzY){fxHrknduJzf=x60JJeB}0r zxXNJy83|vH9mdrCe#9J{KVOa@iflxHUa0!1vFi zI!R~aIqbH>etn$@rW-?vGIXp8)XCeIvUX4PcAv`OADbazFoy>AuUP4UG8%1sG{E*@ ziXU9+Bfx9@U?h@1sm*8Tvg9QZ@~cL^eTkF`;7Zu}sEH0i=4)2FQ66c8mB@b+_Co>v zK~v;?H@DwW3`>o%#}@?L zwI(02_c&7ckYZ1E;bHFlW1JOo=% zA3$i&gzE!c(_P`?1JrqXD9&LaFkjP+Da8#}>e-44Xwv3(cb+J*zd46AZ1J`txN8Pq8F-phEzz+?wMic<+W<{UB1q5g004g{~w^P(Av%Bwtt?|*Ah;v!grsPqj8OUqiiRu z^ZULhlLO@G0)9EvU7|e_L8p_$bWS^S5*9g?mV2}C4nTl{g@b_RyS;z&0FpweiD;zK zqcIS(z1P;%C#pSrpjKXAe>+WRQDKQBe6iV;cbPL*4FKve{i}NQGvu?fTj^+4FWUZzgan z$9`<(Mt%QPJ>hi~IOdXl`lm>yb3E5~P+;^l0rl9~*suzT54!;bSJeKHVv#qr~K z4Wfg2V@BCOmV`9NBkO$^ZMMz`S;Rg3 zX{5>MEtr8tpZ>56DZlYL!l6;`=|1NGqIwVJEU1C6!w`nDG4&Mfle4yKR;w%p84&Cy zG-jvc(%$aQAvLI5OnBF-of~s}%PEC=_fzR06I<}r+$FYmSFy5g3LsTH!r~l=K#-

7!K;Kt+n^!Itz`|sG&-slXR3Slujy+W4N{$E2U;t=QGO|TWq){Ba;LE z@u5MEyk!{&FbX=I;|Utb2hQ+=PjKtMTVC4Z_mxp{N9pCWHPqI%WuYmRt4Y+^Cmy7; zrYrW{%h5|o#3=g5MVCgv0ZPV|CB6>4kB7#7YKP(2t^Q|PHPZ3H7mMt-8+0Y_L=e0( z14+Em+K~u>UnOl8+WY`OGon{tCrJw}siA0rV8y~)rxF-g34tk}c|x|`zRL_n2I-cv zJ-=h+{)BhvIhi(1oq=}E`(;hoV^vD$eld6m3_@0qugk9C;x$2PW@~QhGSIL~l9&0A zb$z_xOYIVrRk)&|si-4UP(aafZ)?5b+-LN5Rj&awGr1_oOBZShWbYr>is4O+yXe^! zPu3eOCGeLQ>jH|12PLzuaiSNV!-I3PZ|aWiRn=#q5Da(jkG#{dx-VOV(8*paF+By6 z(i5>^$oh)=&oX0@DJp8)jmwJ{R5f9QCKoKj)XBqo6lJE+UcKiai7Y3l1F6s0>qA_% zl9FnZR#g{xnn}~Qp|s%SsI&oo|j|Kh$v6 zA^No18=JW8aCGwk1|ko|nm0Xweg>8ZCQv|+2_>64eu<{NbDMA??PhEAyZEFu zbq+SX`XGYX#&Ry+s&A(AX5q^Rfm6HG+g)$K$<-rk9k9{lcBg!J-0y+~{L}BgOs@6S zK3`Ak3vlya!^ctyo08fRJ?x>q&nf7Cr|;u6`-p{iYb(;8tQETzL+)dJ3_B1W(hGBx z2KjLu)9-Q^#`JY^T0&`076+zdJ7nv7{_gtpo!R;Hf$~P`Xwj#9ltpml8H`Sm4|mH~ z;!XW|m&m>QSb{G7Yl@6pM`@!dx75_`RO}#lrrneMWaX(A?v{w{ps|Xxr}!~_1VKA+ zs-we>k(`{@Wg{I-RQ$xF+vol^(_Y96ZDkTEgCGevyU@Uc{f!W(^s3HZu#p?aU4C;5 z6%rDDS)O&<;0!(Vu;96M8`+~8bGn*#C~s`b-@V+W;~R5f^LaU+&322fURhiQ565t% z9WOlR{6Wj*dp^g?0K3#RMz?!(#hxqnGZ1a6IZd~ueROm0M`*tCc0bKozRNvhKfY_> zBNH&ZlxlOkY>CSNbc)t~#;9D~$45r7l1EcIAA4wFAa2D+dFV%)HCW3B(-FBP>PSi7 zOJxXZX2e{H7&T|i5s?^6W~}0%s=dy^q%GZEwA{Hd%{iX&`RrU~=f)*^Fq&P?y2VHy zyJhTEc)o~Cwp_%DT5@S-O#1Nt4L99D05O?FMz6<{dW}_sAJK%E5sxdi;B1@rXJ?fq zw3K}DKPdTm5KeX7?WHkN`al^q-B<+tzQBw5djQC7u|lnQB$d>>%eu0Qg|J$FgJR1| z&4qNeYGHwO<<`|rV(M1itjic^j_BV3osZ41lZEbj%$1u6`t5tMoa)IxfTk z(!7%~2o<1?XM_QMS*Ml{AME*FYSk1UQ<0<-lX1F1Jz>vWZPy$hQ$e!SB9oVWDVn*k z%@B@(@F`U8bRaqVA^e@A+WqUy)m*%2F0z8RPUjuX1)Iz^=CEW zN6D*es23nW1I9I*t)GjZ_GAdHp9M@?>;BZgpQ5$qBI446;9f%Lm)q`C@smEkL%!fM z$ZSFVvK}jzFog9_I(A6`gkmgNi$R{25HiByU54Q1jQjmQh#oO{Rf(7wn)^9&bbALd zD{JI~XwF&r=4!xyAgbKn5n5<)$fWG8?_^R}CNYy6tGLk5z^@Mqt2QvcafuNYtjoX7 z{)`;Bc(dw~es^=6A^w(ObeAKsC`7Ywi(I!Oc%R$XQ*2}ZonUiWylnP(1Ly#=EonAt zi9@*G!3H6(ak=rVv&4Epx7!JJu+kp{;IwAs*a!+zYJn?H+d1vYdye5?QnZ59U*6YsZrY+k*|tBXkEjK&P_5Sxwlo1 z@7QfAXCfC$ghaWqkU=1>MtUvExCVM8_3P|PLY|I(y88?T{VOC;*9=a+^ zA(hj7e{%KndB^=|XhUVk^~Y=%fNmdfxh+AEk&Z($nnzBffMfliam^xm1 zBdb}pP+Xj06H~Nr)wisMxCyi6(KJJR%fB;~v`SP@W+utSCTKqy*TfGX0wN+05z;C7 zm~Z55KCNscBLTjZg+|4GYb+cVkPVwGJW3wBr*K6&R#Oc63w}-p8!dIH8m=%m7`yFe zIDgHtrL1myAOmdt>zWwV$h{<*jYcvw?%BlBYy$XJU{#G$zsRP4f<=8|y#% zZF+^x!T)-}E9dT&tPQ%<0C`7wNI;(cx!L9|fP$Deqi{}ri%1ZZVGP|erHRVg=n#*S z`>a{x{Vy~~{VSpKd(Wu?h4!_wI{_}2Q$q2oxkiV*T%`jDK(}IlFq!ukpnJHHIR7D6Fz|Ah@SdreHb#i$sa%11bM z$=Bb&usBhX{SQvr1pnX4G5ibgKA@ui_`I-g~Tc-cd^hE&tJJ&haJf~)6oZ1Qe+iW&BH&0#OpN1m7r$mQkDb|7eU-0Gs3)21n zAAmMhdKH9)?tHd@|9743KSu1`Yp=NqWlxTeGaL4WSAxdMcpP?zz4&;V^v{}dz}Ux? zkS>j%a6>K@*7XSd;*&H_?72@4Pi*1 zBV#jKY(U-&RBqhbkN^WO?`F{7Z*VDw=Jb@Izu^(1X_xB zo#(F0(;6Q{8wgpc1ijN0+(B62*4tGNu&SCGxGV_?yo($o8AG0@85A$U1I0CW0Y^~)tnVM@-t91=a;=@>;7EI9Xfv%H zBY`1mms(wRjgi&*{S=|_z)uZ&%(aqg5NFkEvVC5~F1NPPo1Jy`J%w?LbM%6NPnW1; z97D1Zk*-FflOQzPh%D9r{Xh+*(I(30;ZJZk~Dr4=s)7d~pdt9hkRZ**g?w;>agL*~_|Fd3*hD)-@$vB_-u8E`RKU8Kswfpub9}Op z4AHv!g%m-}iJoN4_Hs0&LD)h;Ioc7~XORV8jZfpG(ox8J6(A%sHXwfF_wc7nMo-Ljmnv>Kn4!zV{ zUJ@UMywgD(8nA2xG%(TaVb@`Z2Q{m7GH#3 zs46&eKo$WZ?gmFxQlpWVFd+mY*Hmuvj&yZ2?PrhMc^-EBsr@_u>6*e$!nq|${rC_z zv+{StAk|F!?Z!>0>UkTCac{f;qxZ&xYBeDA)KhFPns3xl{e79)x!Jj%@A4r8jMY<1 zvU0w8xDvw-w$}etP;DS#r@8i&6Z*g^+({ zcJdALv9+b=Zk5<4nPNz4lXA^!GfEdDHq(A5wNnAOO;ZjZjW$W>uFsd~y5UkvV{p%WN9`+7%o z&gzlLpNpZ(iGW{^>tobaHvLpr!BhyONF@qPR(qS|D+Q5`V=*eVHMKRuPhIR|-*w^9 zjs>pW8(qPE*yv1JvE09gYLD5~YP*NoXJ&RB5Y`h$WXD)l@k$1<%kavZ?N8$2d4->b zJxD-$r27v2kr$L;&2x?0B27cyI* z{L{zVo=xKEO+50=Hz{<)zgjm*gIvc!l48&rybHc=lYa4zUn$Su_!+|{-A?UX#02?I8P5%kD z111INfO1uExrO?An}hy1arQjs?YXO)k<{TPxS}km1QwX*1x(C;$DEviPhf=Bt-g*o z8{PcYH z_NqKQUT<}7Zu&hqXC80sY*v=u`0mKmw>Nkh(_Tni`Clo}$RPll-}Yb7VtW%u=^?mY zl_Lo8l;7>)>T6P0OZlJsvaxc(N3+LH{*z9A6kh?C>rtFWWWNO$Mg}H@o!sYf;?>QX z*DE{#cJvJbAhiCpGxVIeN9cU;ly@m3gwUPF?Q<{~R1X6SWO$dXF1K8s#KQbagm@5( zFu?B9^=*<3cWBjkK8JV9HHO~?|mwZ@Xd_pz#On`rV+!4E${`c>9PmWv!nyX;PPS@^8>yMzA zhlbcXRs%ZUyJeo73czRx5CEh$x*mysB&ye)P!2B_J9IYP)yhfAe|fT!AMJZ5GSPWbK)zpvBqoi3Lf&%fp-U*30dk zzTx0K|OoDm~bNrJKK^B z^vDiK5Jw07mRz^V-rrl7xZIqN?WGAkn{*BM3BTTV2dXH=yGySvw!>(xyfK3UF3u%s zB>XPnlC5{k(DGKq?eX!QgxlTq9!)^NqU<%WAWO8)X`|NBXy2NpA`sD4v*&cd>30qv z92hhJc;7kKn7I^P8zR^dmo~LkT)io+``%V*||Zg z=qQ07EyPk}0?E)2g<;rUwKuna+cjEKRsv%mp3IMDu_=OpXTW@m+IN+qootGjUs$+V zTrZ^{S-7zw**uxr*}wn^d#;ILqu)Glbzho2o=F)%+C^bEu6JF(FoH<>UQO$Rnzorj zZx;ND11>Kj1L3q63FyyxL7=9YI>)&waUmg45XylGqDL@vw(bUmjt=TQFcilHVm_0kV763|Z z)sgt|8+5o@=3{@8sxSVt!9FErX;I((WB~58?-+1+e+P%Xg*QzZBnY3QauTNi;b}y( z-?Qf+n=p{r4H%Ymvp#ieB-Z-Qsob#H!~Ude4flYiZ8+3^!|0$FuydbgWE>baUrw|- z&C{$?oE}es`b7Q1D={+l(Y!n^5>#vJoD7?e_PBoZUG1chPPSfr@3gOT3~;`ZU7Am6 zYWuiBiJ9%`403jMu4uhjbll&kZVLu}^z-?~09(xS{e_u#`HI>L=@JaRBvmA&lQRJa z~k1iovwJM&(x!9DQ!|UEj|C-bw2k zaB`mHw)(v^^1xq5$m^gTzb(Nj+pEHl;bb2lSWtZrW(uu&a*QNfzd_+}SZ@QYjxz^o z^2Wt;iR3kxlX0t0Oc>L}{ybs}L0#^-I@@jR9{@MJ4))lg+e7lcxZcQF5bMosg`e#~ zH0^8oYpY}*^{yanca@cmBz#P{gd1qOl7&KvIS$2#v17a9ln z1T57aO~@`DXO-7JgPoo3m*Pq`e}>olEv;}K7?{LJ_^;0P&!n9wqT|*I)&+`W^k-7s zz4bmgpQtNu>D-;4c{Us9vEJTo91y_3r8f3BLSeDJFvmz_Wv=yTB2w@GFg5XlR9ogw zOi~+=+m6?~i_I6?t&Iac;B#v*-_Uj#lj4C90;p}^`Ckqh z)+c)3g?n?}_Ez}qop6@r82g-ma^669g|D2HBP@mPxdDdv>jFN68%r(jvl1<6q@@vX zwU(mo1%a^NTyUaEdO5GJ90b;1RZ+woHs{pCL=SFbV?9#J5hpjL8eVbs2N_McILU*s zv+)K{F#IOv9gUywQwcXY(SjPl`by*=*D0Q~s32a;V@J`m()SkAgXlUTLbqW`oa}V6VE79jR|q14WKlFmH-P%ia0iJJAJX_AJR*W8?eMiqE#G zMYm<=2gWx!Gy@VVHe0_YaGhGC(;oWR-dynS-AVYb4;SVbBl@4IHP3QM_`*+SR2_?q z=WkZ?e4lf|+_y$%8F2#ce|LYIe(P_xunj7B<>Gr80NIWDT%6!Oas8)%OUpbt&1nC- zhaa;251YG)`#(JVSt9@N@T+8P6$ZfC3+@wC_m?u~JPVC2KR^1>Z71R*F6MKJF(`VC z^8In-{eY*g7!iKg|GPQA@UKjc#$Tlb#s9FyZ;t+>l;FQ{8w5(4%`j1t!4}Vpt)4NV zqKP64i|p5gGL=$N4m$9ZtT6HoOc^!lS4G&?Rj=fT8l?Lv;IprFw(+2RVyWxy#~<3% z31z&5H7dh6MLCoo>jJhTu;y{rl{@49WQsl`{Gq=rA$J>Uz9}jo@+z}nrI^LSDO{a_&VX>T#qFt zUV)f2{Z;=H8#GXm^{A%I`i<$vkC4WCdAW4qB)1jbao;27_kB=DS9+{C=?+$Tw`EsK zuv%{Y=;N2GSN83dd=klRBZ^ZYqX>%UUh+fayoO}As%y+2axs|lKQsz{c+nbZ&KaX8 zLS#)RIfSLg3lvb`NtF*^GO*5%I0+!`2IO$Fvy|LdARJ|ysLG!H3uXCY{AGk3Am|r* zzN)E8!=|L8(GYcVl|nICeB2j(L^oMR0%;A7^dm#J=Yzc#+srC-M1y+8>3fY-N#)ED zca)vXjLTnB>?T{Bl2=t^r!qxx-SzaOZf6j8-p8INdOT)CNz!o^`n3l$S;}Rnbs=9- zyh@eC#^MyicABhM94%Igr+;Mj6*CZgO?Wfea^Rs^_J!Fy4^b5#uGD+(UzZf@_f$8H zHwnd=oNO&nTp~4K>L*(d!YOclE$^sURx)!gi&4OWB9@r_cO}8q~#*yMOJV*onmUXd` zZe|rqX6(lIDvi2Kv4~bA5)~iW70~SYc^95&t1R1I%&?LHt}?r6fo^nmjd>NU1yA%a zs%Lq1LgtLr?7rYn4IvhUT|7jH%=ze*M&5k6TyaOae*{e1()dZh6h&-A&$&%Otv3^j z9N(G?o2kzz9ij#$sq3ae>>91LzM-Y4B_J#6aOYb#gn_F;Z6npWiTs4_{9FP@-}JEG zJ!fEu%q3K{r82RO8Gfz!sfZ?8}Z4VW|nA`kwNZrUR`IeS3przF}Kx z$!hATKwlMVP;VtF+Rhm-bU9Df4HcssTYpZ{ifN(MPc}pvfgCcS;PS@I3rR)$!PBGw z7(pZJN43e)TxryPKw`&CR<$CG*bq)$TkG4cc}S@^VvY&nxWcur8UD#+8N4C%Lj9Yb zWfm`ag0>uGWVCfn;tymzi8$rZQgHXNh+fYJsBRivNUW2c3v{%VSwwIk+i1&6TALuA z`IkbiS=>l`^L?5Cp`7(9w+gZ}(2>(J+vt2w&zjNx%Z?>y@mf--)U20a1(}os1vQSQ zIh@3sOD_!l`K40FFdJDKMTWVTkBlU(pH%5L^3E?QfyM($#w3+`XotgGn5GZn_{qaI zHnAfKKF23|C9j1@&o76jQKIYUj+BCp9y1m2yXo_s+jHx)7KE6hDDo@5!eDof@RLtK z@2;@x#EG-W1~J)>{jx%ULMndjSfFmJ23`%OfBNcz1A1RVM6`3=iipU)JLA;G&QFc4 zhUaO1-Tov2O;mDM?_7%QScC`=MNfPvp2FId5iVW!q%B;Y^$KLD0gtRsZF2Al20dCv z31L{|CycosX*E9hF{Ydb0zKx*|C+qG4wfAJKFDwQYo~06O};dvIQQtb)L&(OkciG` z7`xZbGSg2Xi#l8=xqvKs*j!dcneu(~21U}YMbxE5C7(}EQ6fYoSx9bzN@W?{QrBoX zGiJZ-t&o1{xW?iSrOKhNZyshvWit0$#NTg9*HpmROCk66$&b4673MSI^RpN$xdO9> zO#gtM{peb-6AK*5l)24*tN>Lo*%^8PKm|su4mtr4boP z;Jnng%Qvnb1Et37l1|9Nj>9D}oH;Rgb}H>mQft0QoN7tXeFzb9I)_sf)bdp@NkPx-`8j0L?U#vOS^ zxq#~^s+|DT-pga{ZpGLRj9-(5P+LSdnUX9Ei#1HsMT0(@_i7=Xf$LI~n{&WV))Uy; zNW6{IznOi2bGmxGcx6!N?8)qA7e({PMtW%JuMoarKS)LWqY&kyZq-$g%-s_!8 zBQr^=_7ePZUT}A+}SK&ALpt2%qqBc#2>fA@CJLnTF}df_JbY# z#y23}LW;hvszbegl*Bq8DQkJyb;elpA9Fm*x1^83Q~9+j*pLk7#aYINUlsL1;Qn znCm_O36Kj6k?yp$pl8{!B+tqnHl|@}?(@C25ue^9ZR0c$xqxUbujDleQNHxl2^P&L zbw_7?I2a*Tsn^jHo99Vsw2ryd3Gz?HJG0jORwNL{5Gkk98xT67X8B}FjWtWb?#-~Z zR(yP>bq)As@^_>yd>PQ7^w8PU!)lJuu>6 zFcy)6xFnEKLtGyqF0U3_=MmZx!rrA3Yr@mpq${E^?*2JxP5Y9pbc_r(t4tmyUZo|c z)~54kMJwsiu@edrZ+U$15;u_W_USK3uuyh{!+2{HXYDOlrRPbT`%&7diOFLa?Hhmh z_&RjsJ6GY)m#;Bp>#UE)x98-)7{xXJL_#2y%b0vB3*OE_1LNsH`NeY0zp;Z;-A>jk zz%qDpf}uX(UXk^D%KJDji!ZQmf4}SmpV~3&^Fky1QYP|XfB)JI;`TT_!a-1OaGBd- z;i5l_lt70C;;`W8RF0ZD86yntawvSKRI-f|U{~-C&w%a1U}2vai~PQB;B({YMv?JX_; zeJV{ecMeW1=&+v|^BCmw1&rRLD8XY@TZ5I0&4bvBx0jP+T4+*Rb_lC{Qr>O?PDFh6!n6BgwdVhkEegFIjiBF6Ss|OEo{gIv9+6|3acUo+1jZu7P^95aUG5I(NBgZ`KYt zr9#PzqmIawk$`BSZbv^4sY-&9*0HXF81pv>V&l$6^5`}>;@6HOFnDSDk!Uxan^i_wglzPqVPk<)wnZ-YpcN7_ z?aUYn(Tr0ZmEAief2c@hmeloz0H$K}SO;JePHWcjL(9T^mZyqpgqjq5ubu%m~j?@;X{U51q3ZLzpJbXpFxGJgK4g>1+Rl;pS zB4Bqp_ctM_HlOWrrg-HlckGcE)9t6rX6AGs4aXS_Uii0azvl@~+N<5WvErx7eM#Zq zSx|B?(?6>K0!iu5Rcde4So~m@-nzf~P0Jid2^wwl*qJ}@E`8~sa347{tZsSyIc;oP z+I(;OVTZJv!_39~iu_!z*0<$gW{kAs&vM!{w@3Q2`&YI9DL{wi=-tx|pK7^b1~!e_ z{bwL)52Xdqy#T%@QML4#eXMqSU`g?CQzMsxHrO>;r^7tF*}9&ad}Vw2Xy9fRG!Q%Z ziK0J1aQr2nfzyDfGF;*!V+vaM4o_*qx8t$tf%IliHg$^b`{yS9`ygR7O2q{89?y&| zyx&V_Qm`4`en&SZs?Sdnvqd^ix`Sp^!mqiVeaC?9AYZP~S|xMOxIts(?_L1cC}B$c zcO8S3UO)cmdd$EpDjv+ndNY{n$*ZruUT~!nbGEx`KO;(Ly2a#yomzu>h@mjKBN*FB*2)3V2LQnKvFYSAm z6P5W{DnKQlERsGMjZitWe^l24uVdh;3|P^Zk8z0s6H*2r8#gFAg*`9%u`USk-Oy6X zfr9X2+MH`rK^5#s_q-$3lfQIat(pc=Gd!c!V>UE!t0=*eiyBUIwZ)E}X~h?QXG8dicLbEpy19WJPOm zG5f}YvJfS&`ZHpfA3TT2OU5!2uzdd>db=esfqeSQ#$l?oYx8;F<2ioi31D{-`APY# zV?vu0ql_qh&ZsUslAEixOyu_*#!y`QX0DQ(`19_sWri`_pHBzQ_2_?c0bMfl?5^D= z#YfJp!K=VKg9L2Bxg8B#V}5Q-U0C4n{Z=*8wcQWDyaaX~NRw#MbXi$=*aqJ>2?G(J zXQSN+CAbbB%c-W{6|(*7d*-xkjNStpn7Z-jZtd$mS3+VAU>0sRBkVxk%e+I&7*xAC zCQbU~bu-x*UA@Q$3P&$KgEYG{OzN1ZI9ccZf*j zD$hp8WRC;j5;KFu1fSu=oAt~1cxIq3{oipE-GG2yL2b&aE>1XbI(N6Z;45dgX~tp$x$s(4frfj|U<%wkBi&FpSq>-G4DG5K51 z$Z(vOUC>4*Ne?r75aaB@-xnghUDkOUclbu@f1bqW5^3xP7FSa^-0!xhH^PzL|eY zi8LrWTe;``{8j76FGRd9YIrMYx#Zle`Q4@Tg6u5XMy{+@T0HSz+O41h5<6}pdQzHt zuEknP&XG4iIt8_+iit$C$9~q;Cnm=UNeQteEUfD3^$Yny3+;PKQaCI_LSK+W9kxmS zGlmk7lu)5#i)5i2v#~kugZU4JT3s!bBr8RQ6TIvy>}N8#uoq4aA`+^AYzU)|jFOV} zDuF-+$I0Ftl47EnKZXYSf`Ph%C#Rw!anhYPTl?rvfronygDr^d^%;`_O0lWQ~V8!7E=@PZfBf=fU#dcBbvFrGSEZB+4(4y$045+E~aA`7A+W>jeAwa zDuGO7sHEb%BAPA}53Gu}ZF;3kkE!x3E8kYwcnR^#;PG}m-qz*VNlkIRpE8i)f_)0# zU>JjBpo?XMgd05afCd+S`&3_(SmKP0>?SFcL2@=64T4( z+7rkSX2U&|AHx@W9yNZM;;i8tgAQd6u0`pted#?K?~@|jXeO?)A7)h0pVZfm?AJmm zmX^jTn<(?PHa%uM_B>4aLGR$t{$id-0-1|CI4(qparz8G?6ok`NTVTa8q9Ib(R85Tu0{#9x3HHBBzO-^= z_yGc;=5BScxR+;AQ!}PNyC9Z3)=5wV_JqtBJ&W$z-pVa)l&#vG4AD5#I;I=fde}ml z6L$Jw2sq3TvctwF&Ey$4LqPF~WK>{kyxoV7Pw0^nbFEr-`psaP!F3Bjd);CA$V*Al z+qqFoq!GVvFE?kFwzOY%L?6NlO|v(YH2vzb^s#~RY0UDq+NXV|Rz6KF{N%Jd9Z1U_ zkL=?>*w4ekb*`0dPH9EWcji5H84Wcy6~<9GvS2q}M5ynhuAl?p|CR!b+wDV(EyK2i zXgtL5(!5We{OQ2+nZ#{&@b$ggC3gcHlR59T61|0cy8zJ5?eRLGQ2_@zYOetYXnM^L z(O|^r0Fmt2GP>CZ6*tPPwdd{ z6}?TO<8A<9M7l37&%J%NhOHO$W6b>nZw$k{FHUldKapE|dQRlz0pZHKowe+p8xLL* z^G%!Yr~W_?g$jOXI8!q-!yOi}m-_CaY0gzd3FUX?SJAKLbU*I3q@O_T2oTfVXN5fG z_6PJn#;p3Z9NfU95;05O)Hy5&Lbvd!rfr&dE$_hzj10n?-j0EZlrzv-JyAfvzxu_V zBe0+>mELEF&S^XLmih#5C@(yl1{KbXF2aLrt7kWbre8&uMfyB+J|HQsrbrV7U*5&|hb1fhk36kVL z`IZi?^(~mPPpLD*LM_;#)^VQSKy!9^XIS0%*b+pm&PAdri1DH|4dx?)@f`vaq-_l1?%7B>8Kj{Z4IpKZlO-utdOoOZC!f?-LISha+ zgc?L(vYAru{Ts38OQQnvvn^tHJ(~Cf|0(l!!DLSg1O)ryAe0XfNy9b|fS zr^=25P5f26nkCCZK;j*<(kWf5K7*H~XFVWw`P2=izUaHG5pg_~i<>x~2Tn8iLxv#{ z4Szb_b0Npc?SKfCmcXkhjEFlTr1GTY$sdQvnPm^9S>ZlR0NUhL=*vW4q$4fzGy8@O}%590lWM-)nCYiE^ois)cg{$=3^|65hA7-v}1{QKxh5d2p+5Fo{&pJk5s{?6Js!o}0qhon9agcM_!~sXOx~H7w=FfrL7%C&6X;A3q z=ApmU6RB`lSU_fwF3ailL}ok0*@|*mC!JjJPd?QSzNwwxgCDb@s86;%V~Kpnfu;@fctmxg943k;09B-&*hY_WPsPvI4+ZO&K=f& z)Q%`|L1EDL1my&_WGG2OeA^?}g49@YnHv6~_Pe({qO9^5NcY7rQ-PU-<3IWpplV7l zj{Jp1tsf!x4pO@XD6Su!HUsm;j+-H>_01U1QDQc;oeMEYh=rO2w;biM+KB%|31ewg zW{EIJmiu$!rNIcqusUr;Q6bj`1gcOMd*%WHzDTR#$&V6hRZ9r>70zA*-DJWf+lP=c z-*7Em3h!Ax5Pmjjgsjj0=}iHku}EYmqJX6Q82A~D`|T#-mnW?47^QL2mlu9e_qxz8Fh0i^2UHW*~s3MLWiax)%(i05JEu14$6 z)Ng%rpn2x-u!bzKc61=os!w^#DMfXPoZgetEG4F8T*DQm~=0#Uq6Iy z(K}qURvZ^&izNP=8RN5uW?~webh7!U^+~H?3~Rr*_bt=A{}bgXb&>cYBGTz=l?I!K z7&Okwg@uF8CB#{sv9+h>Te{07Sal*^ms9^2#>rdA=@N!lj9}9E_qZWOF*(ukQ}%@n z@3l~IW51Z#{{`YCjQsp%_Ujctd3v9U1tSQg;oVCauKeVmNyq03Af2UkQ72>H3dzf( zMNp7YuBt2XIv-Db;u%l0irQ9rEP>Iwxc@h52ME?8$+IlqM%JUF;luuz&!Q!5S^eXU zC`6$f(%CwtORL>OqBxu=nG!1vK|Ju=~;SPR6P zitx~|yq@%Drxf1~-KiAYdKA1`lXJX6QZ*DG1}3AaNk#=5DPcsU>kL!q76+2+yf7&p zKYSlERHgGm=hS$-nB{FMS0!sMe}j;pIkMXbz*yH4|7pWCzX zCM@{)_@g~_-P6%>gAgmTnf{?_FQpk8-|ZBqx;kxSjk*NYJvH0E=|Qu1FXPr{+krge z*quhJU!69!_*t)mQ^;n3e4Vxt?$A={es0s+h9tk;QVTK=Li~;^z1FFly(5U(T-;Xi zt*R^2<FL_?sapzlDu~8Ow;hzd{=l; z^bNYUva2R67U<~4@q2-6Xo0SB#2t8bBe_8dzM8Whz#dy*M{lJ&OUrpQiizeHfD=dr&0dg$Hcj5x+l}*x=esqD?!*CS zd{cdJ7~61)a9RgTVS%30rb}e1U;NryGR@s`b#kGPlTOR;r4Ydj+&&rN7*-Rr>q9f>12_unC&a(*u!HJ6N?cN|Cm zQPC+79GN*Q9Rlgn;NaEi>qMg3fJDAECPh97=#^eOqfu;`>noLc2RDOoRi$TKan8=* zsM1J`8ryFYkGI2HLM9$+^kR*;NbGvi@|>){{F^t8bG<(2bK=2GUhKJCEH&(?i(-W4 zvNgpRF!}WZMTc5)a^=4O7CLOslfDY?I>V6fYbTB3wIuK921nS*7Nh8Zp=bMrYo*FMX~t@0Q7nP@ioPOMO+N4Ys7TX z6Qh@=#V<>SQyuaqdf1Qw@n&gFsgt~A_Zy##1wMhFHS#^>@|HS%2M`~v!pJyua5a(5zp7eLZ& zWH74v@7!@cfIDvgJiIPIOsMiY?EkCQxNI@`6AHx6rDh(@z`jaiL7wQl!&-GQuSQ~$ zc}}UP3!746AcVr@ZXurGW~}_n8yQBYgcv z;#46fjq|*~-_gr`@4d8~*_C4$4)w^6ID5!bSUr3SrW}gmIDyGs0t?CerA z&dPX|hFPj1e|Usn*YLQY8-=It{~1%?*7A2}loo z_ks6)y(}7{L~3{G0AIvT^;~e~Jbp6N3Re%CMvlU$q zhDuO~s)dFrbgZ&D23)ml2S`#&D;avTtY@5c{SIFXwMD3h#zN>nRK=I-tbU^}2aGnq z12vcuiU1$F`%1=1og}OR@^mcP+_EN7)frBc39ej=a6yVnMtb`bcfKQ1jFh7Th1RdY zbPGtXME7%x!E$NvBtC=nqRobTTRE)@$|H3+P`qqYLn_|>B**S>I}PiMcrC9W*6S+u z)aj^QDF&saWDCqz{+?hYy@7-5rY4nxNTaIA-a(|tprBEPJ zynNW5M~-mK1Rsfh)NpZZZjIN2+8)0-B~GVkYdAWJiuwMbgZHIZ#KmdMgXbYi#a|if zry5CwE*lCIz31G08H(L`wfM4IYX*C68q9tuHk#^|MkS~gkF4Nz5A)@z`SkrP?m_81 ziB|A9=JKo3A%|ILDu^&CX6EhSFdeVIaLzEgJBfED8p*1~NP)(5f95K#9DulunMa`u`xsD!qAZA#H3@(jUb4W+flHQY)grtErht*tkcV>d$I7VvUqDk$mxu5)Gt#(<+84p* ze|Fsb#io<+#(3Li1_#IlhZqH?sA^^hTn&{n0Tmdx=T6=^A%!GFEJmv*rRwqFFBrMc z?X90WrSYHZCzI$5x>8$(4rNa@%LpN7d)5=Rp9Fmjcp}ecwVX@a#Vf;arl}CCFYlzMLp8y6oSkNj^bR;ezAB!VG+s3TV{1zYK$0 zdm_mFtWOFPZv8yT$>e|eq{$W*olbOPa^gB30DblI%t5WrTeBlt5wWrR%g$JHrVsYt z)Q(dXF^e%B|FFYml8l*m@k(O~AwfAcl^V@a8_Jy~O=jSRQ`k#q8!sI>2ln(Au zM^xR7ErXN|kbw{KnB-RxRHR01Y;fIFPx0+~tCg2tX`T@CkGwvzy|m4jw}O7~#y@IK zK{oMH4UelCUeBFnLr7(iHV8zMC@=j&vqP$5$U>P!#JhY?2U!K&ep7S%gP=E4PyMo* z&tK^;VQ5qmyM(p^Z0{xAZKGSlwXxoBTKa)D#_{1#7fe-jLbZ(=68 zu0wX8wgEDqm&Iu~QqHA-6QoIB2mAMuf#)@|hdY0pw43sbr|((~EmhB%--72qt3S}4 z0sAipH$Wm0$3aP@I z;DKPqai+zo?h#w?iyQwY-DeZZ3w8bTuYEU!C*P|ft$fLzj! zfTut%7V3D$O6c76LuJ*|p?}kZ3>_|%swV)q95Cgi=(}VuK)Dwfy|{Y1zXK zb6IDvfTOZ-I%~JxHhMjH>+sD$AmpLbrNl;U6g#m)D2<4 z73Z)4?mz;WwA(k7V(_LFUA6$0JnWBWOCXn~(3)34XrEp}^&4~+>y$K&5S6QdX-JQ6 zl2aC)4%(20Xou|`LY!X0Yr-5&Ic5(Oy-K-i`ncvsJ7UnE@;XU`{9z%$Z+1hbaMdDt zZ4-F9IYi;q%nc7l_yToP#`AtB{o3x3)35)b<|iO5dsT3R?%pp2Y-15^|NYvc{~V?M z$-~AA2a1g{d26x{Y|L+Z!i3> znE9CEi*^@Uf5u$V)Oo-XiagqQS;^9v0L{7t;3zP{vhZ`4x0D*;V|=@gH1=UNnP+Mg zHSPAy?C$Ti$g8nWMZ9H9SUx;$&MemHNXberc+Y-stz*3!SdP&p3MJ9?#wvt;hq%y+oxfp(Zko5 zp{*pbzk%qwd0b>fue4hXEU*Rwvx_{Lk zm$Q}m7ls*SEyQ;i>k}8g`6?g$z~lh~6!k29Kgc{dakz>HaHY8l(0P}JEd^`EGsoL_ zf!;J*kkv%}L3^X7_{@BYm-uPvh*0I;zz>w3<$e6Ug`kuxR@1T;-CsY z1XFU5mV%}Ju}WTIM5I{vk=axIVu$xCrM%Wp{Nf%UWfC})CzZF^87UryRG2CBJM-6A zVUO=vgFEG-0jFLJMQx+;$Yy)g$4%p)LqM5T#^P+-`uhCKaJi?H_5+@WO#l0fOpE3RoJf_Zjmfv+)q1w82~}-wnY1i=rBwrD(LGSQn9i?6Hx)qAV4NvEEAWK9VletI-5lGMQa9`1)anq6unlHY$`nHC!>ZtUQX4!76@5`=I9q59RY8Yao{S2S56WmZw8E`BuSx z`bQ5H$khVJMXNt}R$T_nz4BT0rCErY@0MJ+T}tTkY%OX<+^rdB2SV90bJKi+V*?I3 zI&$M#fhspzh4y3KxAZ~g!h}H>V{!HuUmvzsc75^~43G+WJ6E{d~WczrI^< zBYN}{-S35<{x4UW{kBwm-NzV*3eW|poG5Jw9Yl|apu7d15L{%-3e^1BlF3}m*BL9* z8+qSYs|@|tdN!?CUd~ask)D72?M+DlD#(X9YOuR5O7#T`^mg6L(t*o{rD;fX^Ev23 zIzycXqwX#Z@AyZh!9(eibU4_wnnLwrb*L@bT@+)z;0?U_jnLryjI}h)8RghFs)?Gf zEk@(D8&3xE9R_~-{bXI6>|4_GABA?B(-t$HcCOGGyy*RU=vD=Z++Ne2G=UvA6YB%+alp_fRWCYgQ zvMZJSl1zmb8PHS8njeh2NE({U!q**1s}q&+R+n8G`bGt;m4*&-j#BS0O&^;a-Zdf3 zdF1ZDnC)_^>OvdTG_?LDel>&Ne;eg>p|%s8EJz)+C@rJq!5K`I%s$@Bqx$|+a^e?J z_gKkD-5NbY4A5i3P|rfqN2ZyIGcR5J7V~$M7`xe7`1J&~@jnOLPNdUS?2fhwJ<<|A zluKvDd~5KA%yQpz`nr~- zaJs3K8E(NTTUbMl%PT{8D;r4iLYqREo^OqHTqGhtQKM_H)YOts9R2#)GAsM)H|r5J zS>b^Ef@g2#{A*Roi#hT)W!Ja1P+B66&TmnL2Dr4%dJ}|!CQ8Mk!yGNMUw;8EID@gB z<}q?1ZJK-!sAe92HEY+qQ+8AO=l+d=x}}k)jGBEkx2GjB=e=eV5^qZkpZ+sLB9)XP(Az%T)CG5DgAQu=ZeB9K?L5;dwYo+zb%gC_+?l{*M^Gnoh$n+rV9I; zEn}f&ct-1Ff!5vk!O=CEcwnv+;`HReZ{wY0nR)_He}rt*bTh3+qd}%+*&qweD^`md zh$VROxCkaev!_Ibhm$Q*Sj+fm`}!HqLZ!dT>cUrSD@9mtnDY32U17^7j1Ua< z_y#?H88%kgVOeN$m`}8Cn#VQ&7-1zJ$9VzlxGQ&XFUdk?LvOq&f4_`<#r!kHj@UyA z#kSJdLSc7X+Bx$#;HPn~ny>RzbHr{tXQYR+tTE`A4x>cpnnSzm_PTfHPwsXE)aAqC zsC}h^_4u#cT^7!Y%s)w&>GK_maYB3RJoyO&%>VTD)znohyV?NNsiY4BMu~ zydkq5V8AhOWbU^Xmc+(n-~NANz}ix#Bd6D;J45AxeLS8A@b%9JlGpw#=_2S=0&xJ5NbZ3D-Oyi^6)MZA-H1i~mf9_BujQ`-K<8xbp@ zgVhADtP@Qht-_hg%`#6;N^h3Gp>O!Aw;tUzxAYVX*6C;Inr5ksGk9u!v(SO{zxTbSrR>D^f;WAqe0LUtOKP)4>$KjFd(W7-vgd|!Rq zxq7Y?mDS>B$ZT}nKm5_=y~T#v&{x6<26MEsgXt6OUvzwKd0M4UQWPq#AUtB5JT3j*GGoLpdi@I zO4k9+oDJO#L6V8rFUNdvUk?{Xhx1VD&q7j=iTYL7_*Y9`d6GVnjVYiIDq%n{%y*)9 zzTP_?=m{O)@M|pIXTG$=BLNE82nXVjPD`$aR}O_yQ!yLvCo|=YYzedmkSeHYcem@1 zvHK{6K=PdR2ov-PS_c7|YnGSVw4-Bnj_RY8ujP9u20q?|laRaIrkeAG>Uyk~z@QA4 z>oM>$k-%S)b(}D7^6gVT38X0@b*8yi4CEMUn`P^0f#WcZWn`XUm8CMaEw(R+vt`SQ7}Dz z1S%8pw>S#eZY-Y`ZG`mO_YWLayEBydBRH|f;h*xJrqs6+$u${%(SR|#0$*b&)NGU) zotJ{umhpj)2_LRc4}Z@ZseR=0wT2#LzY!oE1?s0t&Nta9CS~Q<<$=ZVP`%RfYNr1- z4y@zxN^_z=x0K`EmvOXx58mxmpy@+MO60X&(=^^!JHGJ~fM1!ert>`Zj9GB6 z56fKaRZV+3*us#hnBj(5Tkj`%S=ytUfb`+>~@+Mp(exRrsjgd8qtL+G!{Kq%8$-Vefd-b+dYmb`$RApFF#^lHpvcKn9PeS z@=W!5lZF{d4pv?DMv#Pk-{l$PxpMT2QX{-kBc#w}^cKKr=OWcs|0v?1n%rTPSL%=o zXxMq=IZRJxbVE!RWri}{U9l2&*gJL}n3DFT3!@De_TO2w==3qo$!3SHj=u)uP+oK( z%|>`|NhtE9bqPKEwZ+PO1DugU16Kd|6>9@Zw&Y%=V=IcZ=s+1C)XMOM{2+ zTo|yG)|NS8>vMg%FMF+=97=2&_STWH}xr)E!k)oaiF!X<6+v%ug8ZZ(Z zG*XUO+rJPJGyh}r=eu7a+li7|{f3(Z>yDtf`&FPG&%mo58j0I2s^i-X!(&5Z)|%}H z!60YXhJueReFxf z!8236uXsNfC0WMcRThoq7duXaYKxWglZ}#vKt^L|$!ho>Ve1zU-`X9YMPgMSZQo@Z z!1fybD$A0jae@dU|F6odX@;C%%M>&k1LVG0hOeyoW6%M)@bUExV#(JT z%O!rn4r-5UcYBda z9f}_2Y`)<>K~%30!!{?$`q*Og$xpjqTzl>|k_!o878T^(A8`0ln;bdTty2%};ev{YOwC&b*aR212sgNtPQ0{8 z<&ju@T`^w-)Bk9-QbP(XIGDCrW~cdpRzCey*S8^}iRa>nwiMdnU44z`CMbU1s;=p^ z=}s}gMTCfIct^%^J)oHM7Cw-TlUZl=+MK<_J^Rm`vl=YZ0FPv<`2oov=(ff%tIEWpm_2@*d0*OYPY5`3!rH&#!&5Q=`$&mJbPGm`z`3I|UsI zuCjxfp{Qz>WJG<{r@8w-uR*=|Z&r4bqm2pN`CRUg`8V{0FmA?9qdVLUR@h6(x^i;t zFLPQDz-ew&+MQjzk8P(n6Cl&{aJzZOL%E{wgAqO*hXgZ=usju1#Z7Bxb&?+SRcg9; zfHjioUw`eT9B6??LfCu34$@~e9G1`BKq~(h0%}x}w0NfL#$SJVP_p&%0Vgz$MryG? zg0Io}eg=C>IUS5F36BMX1?U@1U{HV^%P?ATd41=;f7vZKXKp7VTF>ro9CTU12km4F z%iskms*q^GLbF94#cnACV}5#`{Lqwm@23HWUxc?U{bKcY;~ufCN6!%vP-$ngv`u2! zZSTLFEY#}&Q53~;EhaZ2Y({OF8V)=8=xi*ElqH`u=r1E= zoqZ!8zwq&zM7U>2Kyb2EfSaz=FlOaxAL)nzkEIIzL~}2GQ$YWUjyo*mf62~=yH_#E zh@@=$NjbsnXmlJJXk&CHF!$TL9;j;7D;Pn8;7IRHcQ)Q-do+m70?) zU{k2c!^Dg;hxkD92|-Gz5urF|KzEnkttLvC=C9|iruX`0<~+)%2r zxIMS1n18T(!dfzad z*rX1eJ-pW}XjVuR(=*0u2xaAFL3luwH=o33@fPx)3vCRet)w84!j&akGT^taFsC+! zfH$3s)ulM0!2Bl!gAZ5sFt<*_LtNd=wp9emY<7w8HJ6&hboE3tm2Oe!{kiiFYKrU% z0&c$Cg<1WNqs6{~-lQMe1-;|9QK3l{OWg@Z0ikP431O=WxV2O+u9bALO_edB-ZQZVt%?P;(A`-&K=*M73k~BwHdhUv{_48}?s1HoMyRneAZ9)boh* zk9S02zAMZnjgc^E+HC*3aT*(-B(FcJk>G+5Pw|-g1=Z#Wbz-&T}6Z(hLTF3EL z4reE1hZemJvmfY7>q;elD^5IDzYulLK37=bfhfbHT`iY%akSkOP#M<)#Mz6>8#{OK z%EXnijL>P`SIPxb&9RP|Z5hjN80+DDT3+wGtQ*PzJ(M^*1t8HnTA;7HT~$zO^lBEk z$zSV?BmiA!iFkz)IQJkQQ`iyE5*ihNBnnJgy}ldT4Ja@T19#Rl5d~>wh1Z^!XP3uk zj29C-@;}I;y6QZR%zg1Lc4&>6L!^X%T-T_6rw4+tnMEVY{jak50hT!JxAfD)#5539o7W z7L+a`Bz}x8l?o6jop}7Jeio|@Tbo{ZKEk)NnG&-P!ZZ!*vBCB^_-9*W7skklTFEq- z9+@HUlrQm2C9kAwdyjQ@F3>#Zs`K%Y@J)kMxBXx(V(sLOSKDi6j6f2z1Z_URyZj<@aqRE-IM!d9)X8#EW0n(N}{@rzTw(g`p|;-Y4pM zVTo7!;&I+C1CW}(lhyq+0flD~f|*27wEp z1pN*D2+f~^RlVN!tZI)umby diff --git a/static/images/docs/cloud-logging-console.png b/static/images/docs/cloud-logging-console.png deleted file mode 100644 index fae0aecbc53d78d3f5304da70b4b429e684a9134..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 87825 zcmb@tWmH^Evp-6nBoKlHw*U$51P>4(A%k0RcXxLflHeZP2X}Xe;10nV+}(#^fI;q% z=bZmp_pbNDJ$K#xWu|*~S5;ScS5@!+Rme9vag5g_uaS_DFeD`aibzN=fJjKs++O{I zsL@^{eUJEg?j$0q{OZ-K#dY~LM3LB8RNYz0&eYk>z|jQB%+}7vgvH6o(Zs~o$=uHQ z^m&I664E;)Nx&Cn_q3yBug}UR55i~TYa?HhbNFKUjrbe+~VWwCFo6~g2WJ88S#V~|g~Bi>^+)Y{GuKJK$!PHf&&3AuqvA-$N_Qc?X0h3J}AcRad=CNQO{P4{HF$R0EVPmf;@T&z=vGA91K^+MJ!w3k*e+tF*xaXzIcxPIzoY<`Pj_ zE+5z-QG*n|n?mfSlb&1F$ahE|})*ocE7~84gfo)hL|oMjrqekykGGx5vc&KQMSd#&To|jSJy zY}9YC!E!(wzN`b!E$*BC&X}B{gnvq;jS{ekc~#F>)9xHkj;f|~$gyA^--8Qp1L2#T zhI&Ac6{3CEJ|B&0b;2X(&3ybrEFp^yKij~)^+j}zDJ5lby*k%=Sb`8QkMl#<*@}*5 z5L+6>q?)BrBFL%Ns!w`YF9p)L4G*^))@i|f5*x|B!@+TO*ixDWr(e#6qEjl^nC(u^ zU8p04bSELJKq2~sN*%Ro(t^=|4LjODI_CExx_4q$yAGDQXueLxYR$?=AN_s{`09yY z0b5FLw9p6Z)^V8RUbIJMR+il&~t}DMFQqgMmr{ zIqqM5ockmrJuSMvnG?;6RfVQe;WRhe1`qdiUH?!bQ2yn`laSx9wwU|hM5u-&w(bZI zp)4gyk;>zYF)9qF$}kXPgO3B4hqWkPyKGDQgVLDO0&2$+C@FYohSFkVTiJ4&gJy-Py_Kip|FT4CBpYM> z7+08=J)sSuI4PFhJLro6EZ05sYG$94M5M1d=*Qp1>hq^4dSp)qtm9xu*WGP3sCm*e zuljmrfvZbRWAnm-1YC|MdL5Uwot87f#(8bqy`|cLBD^I`hKXq%?G)K zaMxSQkoNEq_{rfyY_;Ea>QY8EkyU4)E4d7yIt3e)6mMs1P*iJLYD0T}{$%(Nx>xb) z)vaqh9pCZcevFn0J9ob+DzC^@eK7EfZwl-2Ri10`UJf=lFN8xf)L2(kX}l_j3(I@3 zv0XfNEW{p7wzup;mT1;-nzZR`GGh^|#ldr=B-nJhS-a3!I#=^U3xJ zE|i9XD_l*JikD}iWHAqzXbvC%Wr;pD@rN|K{mGoi%~(3DSX^!)@mUqfwOy(2`1ohTdKYrzg>;TBc|EOy?k_T>2G*$R$;z3 z*Zp(^g1Z59UC*D|eWr81x!6vXN&{@dI@)6_wk5WpT|ca1)_~U@|1O8`v&+-*E;vvs z#fq8)Gu~j8lbAJBos9keGLlG{E)CwDPc8!S)DDj7{@0u$HT+XV__y-=@O$WAg(BJW z{cClRkXVEMHL*y)w|{y5D{*65Trgl5W57WQg_tFBfC{_{%?PvemXGHt6 z*rC5%q&v|JEG;wXO(PhWWpg=zoaC;!Ma3-#c&i zMMOsaD_ADy#n~AVm-!zXRZ5y{QeInh3ZYg(k$(r;IG4ufv~$JO`7-EVY5voA|A%@@ z@ARR9%UU6%0z{=JVkM5(+iN@H@_2}Vl$FQK+=y|G5+181h7umn`S!rEvBkS(; zJcLsYAK4VpDLCgnc{%{+^Ahs;CnltiklsT<dg`|&61}TFW>-+(MwIhJ=VmlDU;LH< zI41CNT{k>J0A5x;`PDP$C%Na6-r`zX^i1yKTyM#ar6ljnnm7u~pnSjmzLVd5B&RLc zczX=!CdY4mxds}oAvomrJ6RHq6^&~Y{%D`%=9>^~T|YD|><#OFWX?YNv5HQ*1O6%n zn6)At1GQWVhtYd|-W0UX^eYY?aP4-NE9fvRPZ%I~H?M3^9sE^yx4H_Vn=Q-!d4795 z5JUvGd?@LiiMzPH^VK^PaLg?T(r3Oq`3ExaIqO>Zv4ocYzU(ZxqoSEruSO*yL)fc* zL|e9w1z>EoU=HAU*mXjT5?F>Hzb9-x|C@YL>MQWUq|fict=njiXjQjfZ!AMlPg7wg zlZ5i{k(D4J?!H25<6*74y?grO^53=l$75-hfw+Mj3m$b9BfX`YBQCtuJ?eS9ghg29 zLxDyla9|LnHr6!;%CFWGFTD!bOSc(c5{u` z{`Y93=Xc1B_oV`-XSyF2p=iQsyI!7;u1E9H&-1p;T>4TDifshjdAYjHk7?Rz7WbK%@EKb?|6;*FwwYFy?yCA>M{8)FZXrd^K5^H&=1SL+R*r zIwKEOSup+*W9!2`RBo%NDp-ltop{dEK?VEvHMTBNQ;-{(k*dP4XYN8(FdwDR+6v zdajJe(FlH3o8Hp3YQI}5haK(~JOQkMVe5xV2+*UPg#uWd>`P?Ju zw&QWObtSLC570xaypYSRgqu~%^mSHm@mJ+XZCOVnPmH}hHhQx<7M(ph6;CWu`-iTk zyT{if&#^2}ti1S2We;fM(uCE3I+f97#i8WZ1V2V)ho-sSDy-Ll zgF45WKJ_@+MH9MFkw>GQH#$VhmY}5p-wv20FDCDbpCq-`quXt@o@FeF7%;6-)#cP} z*R`nuKke>0sqoerT6;pai*QA7d=kh9OiBptBju@9aU>kmY1~=!PA6S#NQ`T-Ur*6T zm?J%UY|l%jdiNrIv=W9pN8NGQ+am!P8x}sZQff-a*cjP2r4e#DsCmu4gu1P!G`xY) z&CwCok(M)4uJ7G`j+>wAu5>dx@4kiragOEDt=E;qd(!K4ujfKi=-$pQk&t_9p@}KnTKN{f&d zr`=&M!G$0d=)UIl<|DkpWqKgUvf|4n(VE~{;EA=aB)7}{td>A2;aA&H(un<>V_#9X zD`Vm&rd#)co*^kF?&jL+!>=n?spAI^t09&#E~mWiNhuaLir=0VDbk)fjso6z8Xu?k z^;u-3fAGLi`e;WX(arqVM&Q4v2>y`8@g!Eg_N5TepgwN-qxZR|nhM*N&fo6#QTtp) ziO@ufcBaOod=K@Ak$;1j6Yk?{|L#Sq<864)DL?I{9+%nQb0Fd*sPi9U7Riu- z?(WTzWKJ?N)W76En{BPHPuv2^qJy*D;dOuOkiK)KAG-ZF8I}J)=KozV_CLYN{||8# zBC>n&z1yig_^3?BzLM-CH|6pe5im9z*MYqn)$p5wX_%OT5p{3F5fM+ zkKHwS!}^dhblSba5y8NFsM=B4i6rxIz5S~f_bXL@1jq`v`-Hs)16vPQAoF&)ENO#1 z1aqz|c0yz?1z$B(aQd>YwpD$>g~B{TvV$)`%v!U=l&u-kmzbL5G`IJ*%mM{te>mt* zuc|qts#*?*G=yyzn8L zqzd<~#pnIdYLoQ$UGOHrY38;<_UdV0wbKDQi{FJUn*fB!YIUBGkufGV*2&2U>e;5v z3cI+tfI=feL#y>#+%NYg&d$!RLNN~3)-V2uiLBr5*SO)M0lZH_Q6WkZWMpr+y7I;{ zDyb9g&QNMOh1>@HMT@irWRYQsi(s3T2UeKeNo_>XZiHT%P6NsYhwfY93XCuwQwj-| zE+EgM#Bj#WMrFd zMRi_nFS;j2!wTeIp`s>#@EL^nOP_w08z;;oAK%ky$K6W!T zhxa;t{aT7nP|Oi}9g2#ZKv7ZXo7Z_+HnQk3G`WeQ7{ZI-(ZMvD#G0*e))s}6)`WjA{dt;@D5!oNu`>PrF5cdo5FhJ(ah%6I;&>k=8BR19rZP=*PT4>~{ zPKWVTF)lt-3mmeI(Y`w(Z0-Ce)xN5eGE%peD`egBARAeQd2CxNs?~y8Es71*!us5y zeQ;L6tm|l7K;9m3HD2^tgR9#B{7gaU4oIQ?vQP8uS8HLFR1s0I&D=$?Ktkn z>T1V{IyC!Rt%sC^QdngDuI~A4zk1EZ<^EJvRh3q~H3JLFv2qodlc@&$_RX70li>uT z{>Z%C+)}NEvHt#kYaTmrbsp>KL7`8VVClA3+X&q(8(5daa9e!8|KTCg#P6b^hYr-x zc$+d&5`cnbO2llF6tnegak8d5l1v~WKHlXBqE=hY!zP-aTz>&gdS8v%Q9M8Mv=h2o z^OYDxRaBbeT1#9ia21YMS;i4lS}dK6f<=(R|K({;V`9>3aX5DA2$iSXPdIlRqY9%eMU>h$9?Ns#;F z##>Wy!n|E(=b&;sZH=4ks2FDFL&iZ4bhv2c9^Mt?^tih=OE_gQ zw+|dnYQ9dMx!I}qfn<1;e13-$4nA%D=&{u3u$fVk{_SIv=>_L0K5D~~U!7K)yYymy z-d@{Fr&)4Vo`ksML*0r=nsRx3!iSqv4F-X(A=ffl78@bEcp(QUt5HuqTTL})+kwvY zLtr>Z2%z+1laDmWay!eYzuntNVm+aZPffH+s=?>ssE*;5<16uMW?(2s&61tYWTGB0 zIVR>}JA+bX)JUL%*Fa69XBMFeA+3F#Mjsmc;dMKwChF&|_J3AUjl;}^_ z(~-@mn*Bo3XA0M1k-vB~Uk~2%5gfV9WL@vIU`3k!-3z{5io2;bJobDG>bDYNO{hf5^ z1atg|+2(2#+3?WNE#w+S0LZr9S|1)BzPGoBunVc9J7aIOL`8ecby|YWw};~GTF?88 zq6BF}4PhtC&!0bE^?@ya|NdR8ux5KcGmBu{Gv1VLn~9LN=emSgA^){D(Js^04$%vR zTD$_ABw-qAF6WIq?w~La9MOrSR{gGQsFhI$CMv3j=U_Q59abp_mjnlg!^q{rBTS+v zL;aIM-@!~+zI-y#?PWGh&K{7xy>(DP__onpINy=W)$nLy@+StTAT!(9BRmVjvtJC5$n}Y+hD(U7i_Kxpogrl*dBFNdM?{?=S|u%l~LIdi3khpO6~0 zGCg*qu`vh%W%oLURgCjba|U$*qp{m`s~s714AkUy{!xAGUe!b|w|EvO4#LD#>py+H z78rvb+Q)|&`F0!?>>i!|;NirPSLu~^xoeeBsi+PLxU+E`m!pFgNI zbGi6v+4M2`9}&i_=g*&Cs5NSDr|VAnYPAl?nvW1tRhZL)}I} zAACiRrrs;@9KOJ*04>!SiXk-E!)K*5t`#g%t35JbsV{;UPY>TP79Kdt^cpX%}t!gX#{fH>gae-vJx-Gw-*GK0uD97Nki@tW>*h6{rH0|VvsTBm^i zlV7}eG^i}Oveo4ulUy89?s~$*5c8I{)M6-Rj^H{~rL_Png_qTRik3iF#}@OAG#DD= z+emdB(Txi?HV_UD3BSXHX~Aakx@tG!X^NoFOgTmsu84?8hOR^A0B~u+P-5|euZV>C z-c*N-FGw^mX8o9a6}jQ&5VMt>t-5?2Es(lb)~+| z#m(#JVBvOi5o=_+P|E1_-$x835VB)Bma>x)QoE*feR+3*ds_y%VWX~u0Co=xPq>+X z&Uj=AaTTr^MWX~DTRo*!f5Wg}d?U4iFJxop4rWx~@9!@})&jgg3Xyh9KQi+VD>@|n zySA#0)gDw7wk8b=n9FZ+IrDqvG=OPT;)~a0c9P;RIN36wCxqgW-q)YVbUSK)E>)78k_uUdboS#n!8X^&Nx zYO`9k>v|_^;1dw8_l9P733p{|JJbH?2}3c=&~>~lmH@OW=(ll)rjTrnQSMf&$t3&! z{wzmX#KdO$mhl`!oN2y*Fg@>aM2Qda-;(_%febTeOHj{Uf4D(`SoK3@?u^qX#c7#%b>hJSil20t3^pwKKD0$2C0 zkJ5*qT4m7m6>b4ZJMNU?=+2w8ROxEiDe?;F`aYn{oy^vG_YAkk#VFy`Q3=vGWKp`o z9t?jBRQhhRwyiej#*OnJqk1aU@LyMpDE;XhpNz$+ZT1P_|6yy< z7>4r=BFh54eT(b+l{S@6`l9$Ft+&xo;^G}KN?HG|-72WShlPeokUem8sj}tUJF}bt zgJs&9N2{Pon14;P4l4Y*uxuaU?y?(w4zKXhSez61H{>&HE@Mj!afH1_)%MBOS@29r zUr_2M7O5e>bdSklw~*071ZOoD-#mvR>1|j0?vW{3y@p+Ve%JriR@VatJYBEeC&*Kr zUT%2ZC+BAuWnA;tUA=ZTmGb#evVbDO@r~Bnylgtcu!>FI6GX62y}Mk*y}}n*MLuW& z4bSUW2nbpvo2>+5fLn8}tkWlX)on&*Ak=%Vc9KRLG1b+WWz#zXV5{lIuMzS;*}cAc zrx=1~SK<8k81alsA%^SX`wSt&%1xwc5loiz&VZjq-%iOMHEy#ae$c?(wjBXKZN2V< zSS`h+ZnNS+e5CbTifj4fuKo;o1_DBh1f{L}RhANR^X0I`xR`hl(I~lg%l!^dH!WP! za=5+Oc36eK1j@5qB{xU28>0vKqbximTfW-Mb$|5jR@~h&xgZ?SgKtVI*nLk{+Stvr z>(pR95I4T;K!2a}QAJWCe(GZiI;!qIVHT_8)cI3WB5v$ zPA;t`TT+IF<>&Ml2PVA>H5}~m_+<3Kb52@0Z_lv)b@qO za!XH)rI2RERDpocq}qD`h894O0x2$8rm2SPA7wqhuMttzxH+#=h_?ng7&G40eKRdJ z_h}+i$0XzD;^L|`AoTR|;uW@aNbQ$E=d%#A@$XRF$Iar--`2Kv^$$r|KBt6$@V0t~ z-oi+zj3m~i(A7l8&v;{S5KU?k*kO5ur8&YHy}j0>nRYD#fHtv~--SWjXem7TRRG`x#L zFTseo+PS!p7BwW=h(M-do0D6u z7asnU!n2UqmvO@Yjvd5wvZLMOb2O>VYumA&#zg}H-?xwGm+H4=*VEc$9Ez%;#iGU6 z7WYJ^Op@ zV|}eciYkQ~Z#<4!&QJU@`_9_j^OnKE3NJ> zz`*MDmPlB#i`I!wyD)Y82fmDRthpg>>}N7S$1lfZm7@y)#NK5$C3I9)h|}00=24vR z*4wHa4cL$&Lo8N{;GYV&a<6B&1n9mAv%TyM@TlSt{XIgTCsd>U4KAw~pS$l~l}%p* zz+KO=Z;c2Wn;YY10l!uqe4Q5iDT4`Dy{>wvr9&~#_@mJxMaM)!&c*0r!dpAP$ODUS zexi867V225U6TPDKBSmKX1yamrLqLFE;{coWfA`*|I}m;B zW8W?{R|nisY8mDUvY$CKnF8 z{#S>v8ae(pjaB_+^Qn=NksIlqDlMQ;RDl|&a5pJg^S*OQk&$U!w6=_5Z4z8&!{`9k&gx+!Gl;M%wy+{2~;Ag(zb@^19>{f@< zZ&L(3sUzVc6U#zsFl++@!+4<<4=)~@AI)X$59HyDa_<6N2u&6edCHgSyxg??qls|{ zU<=Y;SZv8wR#pJUkF|xvEori=j++9Yu;QVIb1cgEsGhc)0XHr~(L6e)y|+;%Vh|i` zNn@x>485jI8aR%SFj|*0YNQ~$xKpv%*0EGIS^9<8d1i}G2-dCa>sSdHaN2KV2CIaU zKh<3p{mfvUPX1_yh+*N)FS_c?9n*Ih>difdF-btmb zGF7)A%!D9;(Mc*!KJw^LU(a}lthOm&`^BvM$%^^V4n)=ANeJE|phOZ&_K>h*a-4#7 z_9c$2|Dzv{bd{e?D+`RGUQL>V`Rk`~T=00<*;{$$VH|Fmj2GqMX3BDMY4j@L`dcq9 zjDv%jIA2>=LX?*c9i9uGC4OR!p-r~+lQ`R0cFcG)nGI^`ms$EE}TQ59!;G-qMfTk?6=q;mt?1t2o^fI#In4}=vDgs0HMh)3v5JJv_^`eb`(e;Be6VAAX^V17 zW1GbT|88BeV9QvqrIolCfX3vAuU>^i)I1vUXT$YkrFh|dS_x&#AGZF8HRUMuyg?N~qY6@~ z^bXN@BN`aY7>YK8*Zx`*(#suQ*2zEQLs`4jSsTvSNvBIiRn1k{WGXXc!l-&em{B{? z@sOjtg^>@6#c>^>*3GDA2QI_ggLEOL{KaknX$416(@@$Q6}O*sd~+Weq?SwN`r9`3 zUlwgp76iN7^fSX>moJ|<(aX`$wI3DJ7l#1Q3U)ODw5jtI7H1!HI+&Y8Sncy)D=6cH zBq*lq{uv^xHJh4Gv1?L;IE72CesRQUR5XxS>gzG-**?{+x3%f}C5U}MusF52sD&r$ zwb|e_97Y)}!)~!DCc80N*YXo5@us>gQvC<#S@`66BL@M$^?36<5g*eW^E~L|aLpHW zk!3|=UOrV5M+~a8;zBU4Dv>iyxGIwxXDf(GF*sX-R&bmik2%={Lo@S>6&F~Z$9rx< zb$qveI>v4E;Tv8BNQzIzB-;erh42+k#>PKC)q`xZ$#IL9G7>{qeET}+)Tf%a z8y0WRjc;};@Y|zp%|^bhIFu6-k@FM0@fQzAb7Vs&1FsGK zlhD`jly2!y;(a{8`#glwRJmmCEl-rw96X4wSJZ=pGWy-Cp6Rq>hqL7zFwdU(@}ZvD zr`wt?i!sVjj_lWwxLcM@-Sr!2ZoQ{FX0~8;FJHXwV)gcU>R&0?Ar;`0x89~9l*CS$ z8M6R?3t|OovCjGNL~cDP(aw|jmYZZP9%RPUcBVbfNh$B_pVQeAJp;l1^XEByym~UKrVKM0(S{lNfcEhvIU$73_Q9peKhU|6El*<3fhwt?w_Ja=LPCpwkA$y;m&#CD*OY;i*W2V2eE9^R?dyeoA~SUgKd zv+eYc-GC$mSA(uNoO!M{5R+_S>!SE7TOM)h!@)G2{g|}Yy-R(#xbz}Yb3Cbro%OwB zKW=w%9J&HNAGv6$*cY1Qo3!7g7cuhOEi6$J{x=G`hWTIKb^b!^Dyw`+^Sm0OK>wHp zw6l02gOr#!=P^1NEl$JK2+8s9-%Qp)xpyh=I|N7Hy)t1y9iGi2eqo6Jn(ym$V7|T1 z=~)0n!QLRtVBKKa8V1TFj(wASn zAFWl0Gw;t*sqHMCh*m;e+&H$wO-Ka|^?i?ky7urnYO9c$Th|HBYElsha930&t#&fD z8?2ruvXYm574mubnTZqly z4RP05xa#o+1rycp^!?&-rNLH9(i*^yUSLx$l9rh|rzUc0sL)Q--f`zNR%XnnhQukn z3BTFbFkyM&DFC+wan9=4?Hrw^u64=n%F!I+DY+HQSUXs>6fimu7No5h7Gb_p0SU#4 z1HXVUSKXF&79`ufO%3yZ5H@yQj^NP2Jo(6Raxq`U?vgPo1FjiD-eQKQsxP~mOG0ZK z^ssn*E;iyEaPyfT0KwjnQ3;o0l2^nfv{9+m)bYtzx5HmaO>}h?I<0p?%~aFzh$;wI zfTF1#mP3uG5ZC1HRc}sp$sWSv)z%w(G*}wHN=$MsUH@;iR@UQh?>CPN3iF1C#z?W8kLRG}a z>I6%mCX?^krpqI$`;xMw#IN}RwXaJ%-6!clsoqYO^A$pIF^(^6z6UzIdwznIdc#BRVZadha7n5Kwo1XsGm0!SK?BX7w99Li=5F!x(L4he-zdg3fTqVcsj5d6JR=$s~Mi0_>Wc9ySBWKP+DzGxA7t zz+a_vx+pg=hq8HDA&I;KLKAz};-dl_fpRv<#01z4saRoASjM6XoGunbG`*st06XEb zZ!>A}icua5E!O=@FHtaZ(Y0D!!!6vj0qW|PvlQGy7?G~Ql-S7-RWbjWl;*6Hsdn1H z6eFIL!a9e0h;AxAHdHgeFpeD~r})0*yt$!%sinkP1F}DL@d9C5LKoEHfSmXKt;Xqp zDtik9a+EMN$DIxq)Ma%=l-1RhMY6^x^PZJ%D)ij4MNEKzMyi16p)JPvGz(8)3^7j2 z`xM!buvcN~36xRGZ*oikqI=CQ&+5XaEWEifD!wFQc=892YVvWu*Q>0M_D?Ww$6l#U zNg@j$)F4&8-QyVxeH9ig&EW|zH0H1wX-*!=Y7DNd)DRf@XT!*60kRUGdYs-B=S^!q z`^Mv#=^&GDMcXqWOQC}+wc(2mh;y!gu43&C1$Q^PW@Y{Q>%JR~?2SQ}!!DT?Bg(Gq z4JWQ)o*wj=kX&?4ewFAZ4o1VB=C@)jH5sH9jmPvNbG;~g4P&p-QtMQNY2OP;tY-?Q z)_s=MfNu5`R#pZV=7o4>Tpu6)#LJc#s+>6o-j>yLbx|hdml$o(6$zAYlLAUWwfw5_ zH4biH0%Eb5lrYv~4Joq;YNe9>fD zW(k$+zS6v8wZ)IB5gs90Zo5R1c-#u48?}6>3I^EhUL%}yERg7s($i{;2}ii8dvM4~ z<#ZH{>A=tV@72dnRFoSy!^)w^WfPZ$u1xTQ1kK4LVqspPsril7bR%DPZeEQF5WmH@ zW7To<3{cS|-EKU;EiR7Avn)o%>j2A?R$Z-*93Hx+)foQ|tPTdsfDv0kCOgjxwdK}_ zbJByL7x29|eApq`jPGQqru=Ui(rq?*-GFOXT8eyE+it>wx1+qP-cFZO4SGZ>FcXa( z;`7^n@s69FR4R(r57~pF{zt)TLJvEsId)No!HADk!rtz=rmk@Rqe9*&@AIKQsvQly zQBI;FZ!#J`Fj6u;yph#u>B^v?TNNakL0lWJPs>x0a?y3Rw~6-dUPj3Ve+x6T&>YFV zj)lsL*Ww*XezIYd)F4oS%bFZZqE)q5m3(blcIxiR<~i`*Q2PYl`lNVISITc_Q_3U! zo{`ylR;*3_?m*I#BcC-1FGKIKRz0h7pK^8^Et}n}e|GssP1LX!ZFbh%dQ5gpM6KeL zF_{>vV}YyPGRVl80F}5V*10%27P+q0&iRU;)7Y{wluL=u(vr@agNCmtYsX5rr_|ps zpAOfx;xd}I6zmY?HeK+wqz;_HMnOilyj~@n&ac9nxVycL__ECF%gey9kGQCHZ2Ck^ zol9oq$NyjW6yt$kuB{tW3L4Q3)~bqo4}#IhSBq#3iYbr{vy=11bS|YS2lgefV!;#! zh0v10>S{Fb)YwGyYAEr6-Dqw>VOgLz32^GHf3q1S%x`s9z;mWi((K~y50kNASP+82 z_VaI%XPM_4>=MjS064c-75#cn-mBl>HV!6(RZP+eG^}kis}amM=C)}-$)P@lYF8cD z6^quq8=ujqPjFFHfh0mHEiqbczT4km0*$&b z1#o-D@Kuc#;*>uzF~JyL4Cz5!7}vQRs#0E@pNB+7)<4EL8Wwm2qo*9y~%}#S|QAbTlDO5fKpq zy|`!&@X#UALLkNIL%pt!_jL4S*S64;*wV$mCsl_zf8-#jKF0hQ*Ejx&CS`-^j zSxsFfNeCG$b}f8RyT{Q)QIv;Y@6|?PcFk}pH5{3yJ<`wWRKGG8zT%WlS5jA3|NQy0 zl$4aNF6iC?;)jg!`qir>eiz2!jj$LrZvMmVA*aTpB$(23{ylV#Ljk9II!^vOX4jy& zvdHh4QD<`TLy|3#V$-#f{ZW#aazTmaH}FblC_zC8*w?v}Wt2(jWv`vDqv$bHI`BpP zLJV16j+R&-M|tFr=;0pIj?2(W{6c&v!C7JaCt?P$d4=p+K;Kq912tHIW^MuRoc&H2Nh zu@O@z#IMup5*2-U6=XAUu`{Lc$Il+FNxn!X(076WB%PFI-eVy^Nk8AkB_yaSD?6L(|9NP3 zIn19hC+a)LXxf8Cy7YUBTW79^HRwT>OSbzu9NRo$?CTl3|014Nup}Qo)>)mBM{-&o zVJ((#j~3))qO4!J?AXb=*;#*!b&#aS3CXRkRd&qqeg3?$AtYN}N9P`~VO^cyJz>9K z+yNpE!k@Is*B(sd+k#(pxI6*N{wR#4@qNXhsCkA2BZ7+tHr|mSYBM=MAH1|@vvLgk zi_v$+Ljdz(AOA(?r$77882S^9QQxt@05<;D|GCAJ6#sjaJpvtu04(wIqa&I7@}!nE zH!m1gE!m1{AGGdr5CG3R)w8a!>cLvp()fSrk9j`(jN8`@>5~PPeBRsp_*8j9g8;f^ zvVV28L`{aoqFw(B(qAM0iO4b_VK>foeCWu?V{Y7E3KM8@y5U5?_(@?S8;EQEtGRHn z-6*NB?NXyzLPy)uP@eoB4V(?(=3d=||5$el_-!X5{`#8M+5YY$l(PD-~Vy6qY^ znnBNb3+r-2Nd){r*UL9mHHhj!#@@7#tjI5PWUu7i}iqde>QChf<W;jg%%shD~E&q@*>T`%3r3l#t~6)cSl-lPb+2 zFTW`?^c+z~+39@JGCe(wyJK-$M#j=G?qhm*Hz%KDb#Op@vl7JqoYZ^HQ5#F)#x0}; zM)Bz8(UC`C3zVAR%D&*FQ&dvwNbGGT6i&0KB1bak%-XXrZyIX#9BN!p!`vmIDyZA8 z#ml)gzR{L@XBaH8Hsn5=p;8#vlXwn@sAgLk@DhUW1hKu*L-?=@?u={T?N2kWiYJ`p z=YpwQ4YqZW$<&bT&AG?pVYbI==dP&|P*Ye_V2VxN7oiJ%r0b^i~`$ z6>svaRLZ8GBk}%VlNc+=w9)fX+O%V{2oI{kuu0V*Bih%fwK|oQdsn^|>mv$^{sB7r zW6!qvqm3^7r~W68j}0>K5G(JBMX#N2k^W7Nay2^YKjgJfD+J~@tHkEi)HJTdzW#h0 z5Zd2Gk(l~mgj0Ce;;V*{!Cf!>_2P%T=oOnVun*9Ko(5f66l}8dU>z%xNXX<_wl;PXRx5F-K1x5NTyM`7c&(S%KStcNwhY1AI zC#FoyE?F%sR=^K=5=9@@!6s1*Y{9#Hh|Z^5{<%tGdh3%tIr)2Dh^J8omC zA8fl?<>@bGcH8VjpA5|jN|~O0AyJ$2{a#AP@OWBIrxTpBE6?%EN)0Vr4D4tyN!FC| zWzH|$=%$IIpZhUjZ`1w_@HVZ+Bi&AUuupMk-uIti1;LR3+(cvNJ1BUOHPuT9r^(r6 zWHVyS8%#K5{vPwt!m}A2NwX``2fjBiRzdHFhy-N-TQ}zu5|osorT00uF~}A4{p}Z> z^J*k&#h4G9{hhuDNcdja?(7G2>}bd7;ZxvwHQFpfUZhOimXLnySAY;&nJG_TgOSofUf?NzX}`8@akD8o5v0@1*UK*9?z&!Z zRiLb`*Apqz5B23KGmxqK-7o!t`9wB!jH@1ERs@$uy}E67QUJjCcDJ545~g*lYfM2& zNlazs>>D^T5&y&02NbMv`vMyqLz~3uu6Oz|4ol8+8+tkd5X{h|I4vaq^6tiHqJ~`U zL$15!?4Dn$oc6U_Uq0_qO)F%5vU9Yfbs6vp$-e)?*MfioTis6vH5&P6=~p`?IVnQN zZx8~kwNKPf4|~&|LjjOlsFm0v+lJBB{g#TEj0)GU_Z)gHv;**u!!9zb6!&ruJ=dL% zl!nF}lrb23_YG`TD{ap63W7dcU3FHb#R5?@u^1&8z0s+`C`c#o`j{@FD8wGBa=M?i zx#w=vxc03vuG!)c7FD53rs12Yn$b^@_(*q?k@$imLt4a1eMQ|wD7x0>5k^Z1 zY3fE{qbK*uU5~>&M5HzeH+uVSxNZNm-|y)>Ek=&Ag-V|DVq-l~NBT`R_q4ZVHXbYxl8}?3ern-*!-jWR7Mnq}| zmiTtNCI5&#Q2115*c%|bsGDYx59-cQ?H67-U|{Zt{$+yXjERV{nf{+HO1sU|<@#)$ zjO+;r{@dpO0nC0Kut5v@KlyLS|DUtXo*>uhq2JDCImeHg3HbS+IDEgNp`i@xot!X0 z`V23DOKxA4C$UM%vOs)!)MbrjbXq@pEd-q+Go{L^JgWNbKbegaHAPC#wI3+|x>lDW z!g0v4CcB#Z+UG1w&B~PbE^E>iUS2%oEx{zMGy0xSOyKyeA76a;>^p)H2y+4vn8tDD z6_09Ky-hUC(tkZ7ZO64-y#l@aVe$=pXym4Zj!nq=9jhCp7>4Hl&{I4J!6Z7K%1{^b zSTQgf)zZ${$3Ov*c6{`sqQnVx6XNxl8BB-~=}fvG3ybZKAmx2%+V(=T>}FVKLHHho zU(RUQDI=uoaG&2BxtT`jCEuxNtbC8zvBAjTvyEy<1mcP}51)zZxfL6$u^3m{3g-uP zjWmS;+-P>;3|J`95P!sf1~~a=r(0n{))$2yZ^Pz%WRW>-Q4v{_-&RaBN8S-un9b$;nE)G|KnIt`8#XW7}4*BM_faRk;zU zdtAE8AKa)ohxp|Cq5xzRNHtY<>xw)pm!;gn{MoJ`nT$aJCZ@3xXK2KZb&gqM1!N>F z7;!sXR=soeAx~-$5iH=*{!rm-t$Rw^$#k;Xt_*6tqDNL`MIC6e7Y8a|8>&>=fVLUDWMydrqXf@axy}Pk4(10j) zbhbV0Eqg@tYIuFs?G(rjHz zuo9t`Ti53mAj|zl4{%n%=3$#>aXrqLjEg=<^k#ol#?@qfT6JpVkMW!PYcY_p@}vm9 zh{kMwz*Jup1x3?Y#AQr^(VD#PRci=gVd#r7`we?B$@tHJ zaJ8OSLYuMHIiI~J*11bu@h<@A-LJGYrar1aN{nawCF9LALoB%jH;GT=n^4f=*V|c4 zb;He!Kg6~i#!`Y_Y=*RD*niD{s&RliA4Ud!g2LQ?u#HKumRmN&qad_lU*#&-wzQO@ zN*|g%YKkjbHN%iqmOCU)?vpD{T7iF@<#QRma_p^RAs)*R=+COzW}I7klQVSFDtsTW zG^E+_T;il=CyYuw@-3g^)}E=bm*CHb9A05Y4@U^0xR6d3U)^!UWkL*_ID6%nQ;H(! zVCZ{}nI5DF2+7do>b%2(7qmdUeSQr#1)6&-b|Zi8dmwL@`-;;Q=wN*MkH;+O;)S;J zY!KP`McD!2xHxYw8bx&zYjN~U7{eXL)dBPAsyuhppkH9G!`PP11eiSUa2 zu^hmd+teq9^;*c9FQ>)vYbNl$Q@*?OqtiR~io}ME#Nm#l@)oSu$@~x4blmC@V3dwY z9m3+0{ehsC;3as#Nb*In0JcW>%l=3oSghnbta!VDxK#{$I?CpUjMB>^3SaC(v>YNl z4wqIz4iqbkk%z64;S*zyCM=TjM#nz=b94{aP&X`&!x$`6Qafd}k}kcpbBWP5$JsDF z8uD17Y#u$Hl=9fykfK;}6{(O?!YN_N4)>g9&GR0Jlh|cp+3l@w^)dU0&>&x4_MSzd zqHdD39@op*3YmkI8MSgPW<{6ZJ@)Wgg3Y2Fad{HPVnl)oDYg(pX2;>lmeQ^4|Ha%} zM#T|z;hGJE0D%C(-2()7x8SZJxCD215AN<7AdS1b1Pku&?(RNCzWd!fvqskaIsJpx zbXQeZ9o^^I@7^a>_|LvK!_-zfruV}rVM>-Z!$q}B5>9LSZSSBr#!gE;aZRTh26h*N zbk~v$W&Z=rZmUTk`=ESBdVT`^?<}e`7K!cO?k*>)CHxPWc+ACCx!8zpfc_eK zDHe4AL@>9;Cp{}gMMFy^(zu?_N3WM=)GP8Z8Yfy`%V9psXfr5S(ll6*lQcSi8^UFV{$wmi+D<9BkB9{G(q%dw-@1EU{_L1*k|df5Zxp%-_E zS;3DZs?ezSvKj33J8C-inXMlV!ADnd?16Goz=N5iJx6;T=`Eg!n9KRTlyhG}gbAkc z`pPjR0Scb;h%y=GSM$m0n3%~-Z%483!?j+5^Kv}g;)WxSCSswoWykc?+{19RQ)98Q zCGjZ3Qxq9I2xDzEgfiixLitF?91cZA?SboFOy{zC3<>eDp~Rt8>Adb$1Mw@NMOB0{ zmJz=%Ke-6qyc{h&b|x!W6Wr(h%q8@%zd-n?e{cbqBpf7dYjIHT9V^%~8{Z}q=b#y- za?8a!5m8YfQ2(`gzNp#xbfwmO7N}OBa&^4!d(3JF7Hsg7?WbqqC;3OK-wSi{s!Zw5 zuaLt0l~~wZANOm*@@~-sAM&FoUSmD`*DIQNC(s>AJI;$>UKfl%FNcUzsmyE%X`yuy zDoBQGnaSNp=va-t8lS%8rZ!de{Ir(l$lk(9do&2n6&7PE{e_-K+5(EyMk-5ejM%h8@NBhnY76vvpF7i z8TAGmacjf-el+Vj`^uA~p?tDY6(>rJ#0(JgN0smwCW{H?sS~ITC-QhG2@wP-bYIy- zEqg2V^)T0+C3l-J`j`xidec>AF)xZ?b}qVHloaZLqNTkh_4u8~5l^UJTlV5V^Pv;J zBgT#6K&MOJZ}diLcXfPqoa|4YO%z7LfA=G+n9ISW55E2b@p-xm%l5WLab4TF)Oo+m z;VQQbgb$Ysk-w@O0iVZR`bXI8scm*aT`d`y5=N<=_a$(YazBYRch|dM_;v-PHRErS zptiLHV2@uG*Sq?fOei4+CdIBDzt`wXtqdk;?xYTZsBPboNx3mLRr82}2gYjpN@!a* zIbezXkp*wn_XY=3gmep4Ua8%IhU^63939%q@RR6h z0(@o&q{i;-lF~Wp(+DlHM5|#$bg&3P+T^CwLb@)u!fhv}AjqaUgJAtiqbI9CF9;jlf$qxEJQvR|5_MVi#P$p<@VS8HGG@99b- z$z1!Avi;C|5Ci8kdsyCs6FpkMqabVu>=Ii(Zn{&wNz2@Qa8A9?$Zxa_j==sTBGMW3a(8r1G zIU=pqOm?j}p5dKK@Jkkc(<{V6V@M#%d)+%cSkw>kOqVM~Suh>=D^UK#Q3o{KD9t}s z$D83h$uTU-XtB~9kOhIVKgrTPjR4{Zn}Kn*x3`yQ@%Hw1@%RSND*&O5K!0r1EQ^jt z4iUD)JiQ>91QG?IJ$cT0wJNl6WTHdDf;#N=S^9Z@EuC>#%7Peu(ztjaE5(V>Bt(4w z8edrP5wMy;kRqIjC~$ld-!)uy>p0kfQQ9G+Pl2-PWAAfj$L7-aFifO$>n~C!C1YUI z7l*6_SveqbxVwL)`~(N}E{UhsVOmMZ-d5Y*1->|qm}gzkxZIkQ<5>2mD%uiCxW2zS z|7n$%LSmfe&Z2y5Li6vYodgh)#y#>GZ>b1LKJ(M;_YdRmIu;x|(Hs3+;~;}FAGfR> zMsTa4_`^g$cbO(*k0di272m>v*dkYRAe;jgfQ z<1R6MM%ZU3G~-iQa!ww$E!BN+Agku>;&K{Ukd3{Tj#fo8gufsJtiTy)g_1TCkM#K1 z;@A$vLGN)Mpv9!c*T91ixVwRw!E0rs%~0nq1WVB?jiG7rT-Eo{s;v6jJbD=R(Bf{* zub1wmxEG1fWN)jDv*yx|SHGTy3mmVw>J0%BAHuy3YPnJ2qyLyuy6jwhvLV}&lJ>l_ zp2oc^OUUQcl(y+wb~qQbC>zH)D*6e8a=lb-u^Z&hq#RfzF za@n5l!%2@&))FWjoSuYZ_`F4*WgmaKbeTkVGrybjv@MXAKk^f`8PQqE?0K=Q{k+&sR%R{Q_XS1+{+IJ8h>mSL39{IimlvRwuI*AkP^9O4>zg{_ zALF|2as4!zaIV94^0JoxjmvgJ*v>p&gu$z7_tmM@_`1vnixv{puT_z z$GLX%EQj$C_b&4AdI%mZ`M7bySy|s{a_PcDFy<}qD9pfUdye9Lxp1U&GVlHrI=Ok? z(W9kI@h&zw95aEbzho+aS4ND_;}nFvFPG)YcP=|ai5%M>Yn@t0*ba1DfpxfC=tKDnas-FMl zZZr2U8ZX&Wq7bVL{Ly#7k@@2367NR7g!=wrkkFbDfc|9dLx$isg+J#4l+ zq7?oA__e0piYr0bdwC^8*%@wp2a8mQWGefKRmR9A#J3;aTZKr}hRufgnR?~uhB{;T zc7qS~#P58HRm%DHSdazvPj{#j2pvee)|(H^516OTpdWuRe|s`h$QlgPLzd@+W_&1$AeG&ijti(IDtrCIo$!9OD_qd%1o_Y5lu3|=AA zY2%6c94`2*NHaTO)QBYJ`|n9?IE*+7O~_wTAYqkRcT(LVuE`%h^SczZ^5LeDr`>8ex`>UkLQGZe1{EPq%LS2 z3;Zua$Bk{j7H(2*p4M}f8vH+hz(B>Om7}3lP^YTpf(ONjFl%arh2*CzlposNt1DE|$IOYGYicEobVHrtH_=X)LLIQW#-_4^I6k&70H}z zV+)=b8Aej>()%mNl{*Jd8yl&~3)>&~InPQpSgu)|HS}>z$I;9NHg6J!kt*Kz;**B@ zE_kl+Go728Be}jNH#j|J*VfnSdk(WL)g^=s(-jXBG>9n3H?Q7`rPx^p*vX?A?(=P{ zf+PQRhq30}L5l{>GHR7F=~Nce@Qp_LtcB`ZwBixj@4d0y(+NTILo&pLub+#{^&R;`5azvqGAj#hkjxqFneULNlYM)(tJ_pu7edj)!70@UJ z|3O!%u*WlRz2d!C@2_dPte+l72m>Vg>p(jcA%Qdqd@}eQFG+m0_L}O&d91V5qbD6 zl~2b365z4#H!r7G5IUQS zUKG}8i(^UkLITBe`5*uxoYfDT+t-*@$Hq}%PgTkz-N5fdgi&yC9**l*-FOJXdN%ADtq2XU zXzQQ9=`Y*fKJ|F@g}y&>H`s zEHx_p01=^8qqg|*LYgkcl^_f7n5sAA_CX+X{2}t()fk00qVsT5#DeV!?M_)w8d)hY zTtYm#nC3&4O-8%U_30A)W8>s2{zO_SjzauNf{cWH7hz7Fky{WJ8RHYJ)8aF`qbA32 zi1CPWFvOo66cnfQ24IsoIs<`~JLLUp_oN$>Wmd!%Y`e;GecXK}uX@+UGd9?5u* zDSNxr9<NL?M|`jx(T#p`NsWJu#Pc3j2Lu}m6uol3j`6YaK$MmQR%zz;?+ z7%Wmg>ue_g>!{HFDNqEzWzftdN=?W8Y)z~&T)UX{&U+)Ai!vB)ws7`vfkQVqj0;#B zxPI`Lul`!j?w}y(bAgr>^&iWx`yK20S@kGi8o&2TewG)PL#9#A(6KNYk|IqQ# ztC*m^>*E_T&|`Ed;{uR@rseCNUoIQS=L>y__66$d33Sd`1+F*B&mjAz?9r1?65Va1 zA}BG-Izl5RxhP z;KyAkn+GnUA+6`o{}{;xK5vj9owM3*dmt|_?>~^hqVBZ)HS-5n^YY8{?W#_jM~dNm zvrAGE+|V75H6)j7R^_EH3RjX-CyK$-VT}X;(56~;VHkJQ(pPd2c<1E^oVGmT|`vE z_(D}!p!m`eVPMfni0|m9$-7%M(b!oq^Ox6YORNIV{NdAE+alI#xC8XYJxiJa2jjGX zhwwV?$ZdyRhRd>Y;hnlW71Lm zLZFOP_<<#_(~TV=sG(e&%lSkRc*8l_cv5Ty$`*hXL=HYFVm}FX8IYc_z4_e_F*dtA zW0XXhx7_~_lnGyopR_zS>v<5*?$4lS6kqYUwLfTOV{a^%syiV)KF@pFzN))1!rJos zl3Bgfp6b-1!|gPfqa;~4cncUsD36QJVy%c)j{z(!C(FGWj+nEW>2b;>?Tz*$1?*VE zc%$~@LXOJZ67mCZpqSzWi@wMv#7w(V$7@Xo^*_UKfqtY2X;8?GTt69KB&;`nsv|T< zd}Gv+eG-ZO4DP4Bb}Yr)<~}%(E>WZf;G)74355E~Z+0a!#;5*{KKjreR<<`Q$e)1q zYlL*m#Q^nUoh9zHLnpB8?2n^>0)ZX=_`^LvKkHSh(zHF^O2Oq~Z&k#O3pPr5SvoB+=`j3==@v=4`aT)M=&0qxu8V71Zp#bb21o@LoEF_}bvGFj*)U zX*c>pDlI>h<@(SuGE4!TBXQ93nYkM|&&4Z7%iF{{VFivTRyM8GW&r_Y`wnap^>Z0^@UPguU_9%}E-L%>mSjO6yCd+8`$m>-HrWzqaF5?Id@AZgCs2W<-W z4~evEbC~`)a<~R0N0w=~?kXJV?i5`VkmK=iySFL?)qVyG%=`8LA`mT{*d-X7eXg8` zT37PAX;CNUaWAP?*>d2m~~rBb&3;cZSY&*Dz$ZS5|SXu zuXQkB?CGlyr1n02qL2O&H9|%*=efi+aU6&(KHT$P2j-wZ{mH;1LT;b36g;KiH@2Yp3mfLaBQ{H_xj(L z0FVgA+58y>2qCV4jBO2xqQJT@m{kA2U-~ijf@kl}H_Nq}cWgL-)nHw-=xvCN;(>WN z?;hE|hK20b9d5gij)CFy{{;u4kyw>?3|c3@_T^zW^($s2X-*A2J|?F+rs5??DiwAzayedhx#8F>CDln{HC8Tr+}`e)Z_ zwS*1RSh+{}Xebew1D?_!h8B(`LBE!-Q`2+UiltI306w7f6;z;Bub|{wviLa?Xanle ze-(4drMkYTDsc}#nYc^4&P1B9E?$^60|2!%Fm#nl4Ya0CUAz79xNhw4Z{G{j;~{3`=T>r zPQ7rP&4H_XTp~0LytPK8OF2M&YWI_kR7*v%Sq%>VdVApjqnMh7s_<70nT%}U;P+#A zBM%DmWk%c%-2DLRdKCl25m13d{`B{H2kw^Vv^=8vTZOOv>b2>~hZi3fRZgg-$OO3A zc1(WNIQg~I+Kk;x?op1o77s&IPz|bA*;ij6itYgwpY3fg2uf!7@yAaVikRibDp8w< zKU9Hi!1)`dB?~pX%I|)k)FA84iiUXfM@eiYM}^8f@@%KZ5`8I!TH5*?g<+ifE%U)m zvq2Py0>3b-c{L1r(i&{dWy^|^4c#x(=({R2$+0t392ugEC|XtZG>Mbwn5O0%P8dfe z%6CQZ7$$wa#EioU+gyrgySb7REsQ!EE9n)keDB#hrN%t8WxM=tZO= zHK1@5Y#pygAo;s2{YF%d7pgo@?>|(}apPvcVY`>%b$=oMG0;@rEXJXM`QQgVsO3v3 zRPApA*nfI=>B6?v7ienqo#81}iqH{$>>3+a<&8?Cfy93^F)N6+upeZP&o^Eg`o~a^ zReG?)=$aO?_b1WI8NlVrx1$Z#)-2x)O;j+#5y!Kq(8g!9I~iL_Z1|8B?kkbzYUjm& z(%rO|`Y=HPLGwO?)5*2d1Dn`l<07HbNNez{hYaN3+ZvBQiXs|=)^|pJa%1Y)iMM8X zER%&3Vwa-ciOj|)gO83w^w-BLVb^MjRPKlAc%x0KmT{nrVmT3=AEIJH_D zwv>-~IeXPS^|T$Nw8hB)nc3LAXPMRC`+x9r8GG{<7;yg=Cwt~V`hVhN#mlhBpkMLq zmu0e+fs%)d1OO{rO6?Q16w;5q^R4=rpsalV1qUUUj`EBApN^Y&iHqZSg@Q>m0d5)| zRBQ>WEu8){Bd>0K(s#Nxx$Cj#?mi#^*T^b3zsyw}w!fBG46~-S?@^IDH1MUb#0%ed zFS?Kip63Y|3`k@9GzP%14b1lWDXTfn9A$N1_CX-FX-!u4N)K!Q*h zaje9%#6`*ebw30iy)}o0i@M*#i-TwgtY%dM)+hUsqU~6P^4h>Ea zHb{P?n_2NaET{*}{MO6et-~qsxH4qZhHsX|E!Y+_cpjpVn`V>$nz-tH4Vh3ZoK^z` z)1CEe*TxfDfYrZY0nU`*aPBwZ1OZ1(b6q!c$((s7iT; zf1SEf2MetjTC$YwiPSM@>xYSrxum`bmKg#!Q0oPKN!5Ab)@ z`}LV}qlq>Usg70424-?*Tunt8NDTH5l(v-=FI+0yfQze(v(1vmy`q=}`5B}=zJ{b0 zPt9luWHyR^WTj?Ow5zMDj>&F&FIIVO7hJ#;s*y9BXfyyaNHP2jr?nlX^ewD5!}habiXDg_h80bL zMv*D2bdbsloXaObZYvW~)$Czw=N4H9oh-lF+wpbF)O;fOK{<^1qP|W7U9T-Im(-A2 zY9PGU;#paHdCYiD+~TVmol;g-j^vjTOw4#%6=dB6FxX7PP&=7)1}P4)(DcQP#gBvV?=E%kG`2VO`m_ax36x0I4eHgv%$N)+l-3BWfv52 z2Gr}PZI6+Le%cvxmW)#@H$^%!8B7-l5@N<$5sZB7+@g3ESIt`|_m5?P=J0-!Ru)cw zJ*QnoFfRSclAq_B+iJx1GK24kWoT;&R<2IUP;TQ5>cdIqBwO^z-8L5hb$lQ5?d=1) z!Z7JaQdy}BPJeNCVt=r&$*6x3!%00md0C&qYY8$bCO?cw)M)1n=q)L4&2?sZ^Y54( zWpLVyQYA#5f4m>dDgM8q;m2;Jud50YIa#r9XxLwVKYaH)&!gt#A|c{^F#q`qUF64W z{zzLtm%2Pr?jRp$U);AxLz3b@@~ZP#o%lPM_F=`d`AZ(vwDtKmJq${tf%)|WB^H*8 z%S>MVs|(jo=|T}UCLfJUwZUvS@Wjts9o{c1i{4-<>RWJZoOQXY`{Ys6>M*>KJlryU zN!3QQ-ImcUiUiHF_f=<}&)X2wadNL3ym(wUZ}I8VCw=ttzPT~ocsk7|&6>Y@1*UfS zJA4$VzK?>FFk-#*>JK_A9q`6*tG9KHkur^TfyTV!=zaBa?-My zq^J;}2HGI=RFfsS3}Y^Lw=dG#4J@Rhcgo8!6y&|)<(e&e)nR$`9>n)>{GXOEx=wm! zxvyPxUvH>D<68kz%$dj#K9hPpc3ZD)bqcUi;Tp;3I!YoS&`miaJNAfHHWAUpKD>^2 zAm6%Xcw*UH*f6gUoO& zt6=4#miN&Hc6iHg>KxVi_#FzSf#-$I!Yc=4R3a=GyY8w-=~Lf+<-dx)rx)tWTDi&I zOe%l!7;VP1TJ+dB_O*1_Ph90?|E2fw^VZEmuoK}6E@ri!1cH$6%7jkUU>aY2-h)|r zHsCl#rXnYu($tuv&0zI84|p_+cOIwS2`nb8i1)hCx4C8|LdOrSeRE+y1A0f^gps(&u?F?^)*quwTh)$;0r(t3Q3}i&f+G zn(8V0E)k=9PiR8B+QX1R485=86LVNnTWT}IQyQwyRl~C|@&FK#xkVp|E0>qQTdvu7 zp=`YjJyJ#*L4n82bfNORlK?&8O~5s^{SI^+fErl-8D2-N)=b&!=8qcbFlIc!YieiWfVxd-c9i%166@zs z8=XZLe$Kh3=0byhvx}W^T++QhUWI|v$XvmPI`ojK@{s|!yB#9LlCeZk$ zE{e?OIU`K$L#gN1(09^axVeF?;UcY9gC)SSz0038H=1&s8@6W2<2v(=5hR|+|G6@& z*#zb`!CTv503|CF**7{uBK-sA$kn@A$^oo{m&3d`#&X&a0)qMUQBGu3%G8J1Md}nEs1@0rx9_e}FtzfN1Hbz!@<0!3Q`qw~yOz`x@tT%-plyetUwI|ba`CB>5vW25}}{@B-Y&@uKNgL=Ykbtg;xzIl_H z2lifc-~S-55kGi4?Y+R5?2_Y1V!bh7X-fHlA@^c00+6!{5;A%6mxzDJWbX&cQR_K? zH&x2Dm*?iN3?5%zyqcF+W@j-82)vFLSd#|PQBX)?fK6Ew@1H=aWRlL<@gT3(c1ht&K&&A&(qC4ioiQ&2-8^$@;j*g+Tg~1M^<$FLV{SGR423J>hiV( zBg=qFv@kVeq~^HkZA9JH!h}bnC-UfUha%st(K{$P1;(Gp`LR%i&W)&j5k~nnBdcMu zg|LrL5eSR~z)CAzHwjx>R<^9P6kpjSsEas3vQ=MaGEW9ItOp~^@CqA|2st>9a+?2` zH=Etg3iP9aX34cj4+hl7ZcOL)eoA|mtNpGQ!s?O#_0+uHLew9bY;u!)LH4P2@Z>!x z|5cak+;! z4wpvr>G$QH3>Rkh$Kft^=aCFPk0S^6zDv#7N~HP>a{J5(5)j!zqw)L*(yhZq{G-Px z#nROjCp!feVkCnFqCj&L{!7c?z-7zzmCmYpm8`cF+abH)R?8ISA%*vSdalQAX1hb> zC?6(ZPciX2BBswdHl!&Yt~xzOWIYdJH}t;$?~tHS-qO-iR8*uOgNXnKcYhw`jR2xc zk|K$@y1fkw3WDL+8RuU|19RmWz5bjjq#p@OE(?FHvb}}b{XG$aN)fA(OXGVU$NO4; z$Xo0j&}H%oB%UcL)8^D≈ZYB7jVnfs_BTPkDR9?`!bTlFS_R@}ynt^B03o>&hQX zc)TBbHWJTt&dVPXx$vnFS}6+zavLw0J#^;<2|p-pUrvfW?l3x!hO~YZP3zk{_j&Ov zBJ~Xk2}`W`wkC_xu?0Ma4GqNy{sJg*=Q)bxDG5y#`9K82DL#ngd7pWdVx`~R z+uxvSD=qK1ue{UczGX@n1LUt1UlhPSkB6d#qA8!g^$ImhhYk|#rI08#%c>^8S^GS%ynWbW z4I&*cH_@(4EE`?eM3M8hTGoJ4NhHMkF^7lcc2b@O9NY*JBsI=AtD%1vik$K=b6{`X zmJxUIAtL=T)yb6QJPnH3cv^!#zO9+(nfJ|j*GP4}t0Vt6dy0+xE&t|qIm}+Ge*CN6 z?*4Mwc@@y~>1r2R)GrcxKbR%@WT(Jd=1Pxg1R(N2CZuS9S^@@l6Um+J^I3ryvf%{P_r)@gLZ!f*XOrTSj15z+5i4_P>YtQ+!#7Fn0W zBK@vSG1}1=U7S(CRZpO4T9E~jP|YT0_hpdk%BuH1REHwqfk3nBI;%KK87u%&HZ%=K zvXwAnoZ9E|r4AMCNJ~9r!`McTPz`<8U29QVNoHxbq?72fYfaxyI@OT7fOUDZ;)i}P z-d?!=Qzu8?ncx$kBQSnrDFoymDxNZ)vwp4R@t;d+)KWSiLA6*12MCG3tg1tJ>^=Ld z<{mYL!y#D@4-Xbjy@Y!;ld_br@|}ts)0&$f{Mc=Uv%?Kfyn#)>;1fopj89EQkseU+ zi!T8I+1^Xno5t&%@t6S^bDu^)BW&{WU}z=c;c3fb^@(OdtGr+0JD~dMxo%s1EmXUe z)vl5ROVXEEY=eAoSoik>L|pre(#@DxHIvip4W$$kfp14#`_`Imx74XU(^$Ar!FdBM z=@)b=Dz38H;1EPqR3Gb7x&c5*RCM(e5xCf=NptPme}8InG1;nPVpU2#qOhEq+f%{F zuLV~8yo;uc>uMdV#(DZ}g##-i1rju?sNFLC_j0&Lt(dQRo=;;N7pgg?l&aW9iW$Z) zYFx8?ddgvJT^~{vVMV{6%1taTfp6#x%esVMir+&_tCC$(A;UV^@AT~2!!ENIHwAbG zHIbeG&i($Ptrq926~UO(f?KcY#ai8Qbfebsor)6|&O>}sXdhgyn9SW{F|(o}i4p1n zITf&V3v1exW=33@>GjFNx0JXtM#X5bC6H^`y+7hn>6x34m}|%2Mf&j{ z2)t2#WtT8EZw-hS&mUxSeK7q$l!+eTi-IF<)(c(){-S&5uBDKv#4@*}~OEnUZqm9C6?!gU1e>T73=8uWWcr@Uqji&(| zr3rQD{7Dmy9I2bc9=oOu5=)t-5#Nm3(Es=z%>G}wH8T-o(tJ!!Yn?x%GG>{(R9a12 zPGvl!)zIws+9LK*iag*RwFatM(JN~V^|M8Dfg}-dKJ|6>gY2i&#FnW~wA@@%;PW=! zp(lVITMms2m>vhJLMA@w$w)c$XCaZJ=o@C|HF!PVNY8iZv#6{L>6=Jv=P%FE={zck zpfG;NY!yKl;+i%*CZmSAi7KgWY0z$Q+U*25ESeeBrWre>bV4c)<(#X0KNkCr>3~Ko zRXhUdjOEAh2op4`RX_dA!6wy2L0L=c=!zFZ#Bl))4c#n-gL z=|+j|=SRsc3@zL2I;KJ=p^`#HrO{&c<6&hRE}0+j&>+{Hn`2GcAGZ&l;PZEPJ9ed+ z{hrp=sY9AdEh8dUS0Ty@ip^iG3hC9eY3s^L=IXx!IfChnn0{Nz#eH0%Uu{w@211+6 zzg6d@ZaC5c!L0ahhE(jQzwbGljy%yN-vge8POa3f*RkM@Iw^;_TtW|mpvDpV`$v!e zwy6KB)|GE>Ug3?^*Z-Zdq7OEFswbK7$4syb6!18yQeBQ@ld`%x!H~E5PK^b5S z=4q4@0wPmPNueYK2|x(uRs$QC!3qeXXe{?asHz{xTx=VLyh$AtEo79_3>%+jhDnaG z$jOCZw`Gi^6gQq~xy@afDEr6ebjbR#Au9(s3V*uUOMe^8E=q$LI7IMJl(6EF0>uy7 zA6^_RHj;gb7B{R@907HIF|1iRC@=m8_V0J@nINMZJPa*nA~EcZb~^O&=DzyrUmUx| z(YWWUkATSXK8xU#2stq{c;B5Yms;G&g2O?SI+8^*I72MoGn-wxNs~VLxPW~vSkHeM zfP5mP|jNs{`=nD$A*KVkOraHW*^OCWm5hCK_)=11fU7Kbi znrIm6ygjrtL>b?cVac>)KdT&s)Ix_E`4e`a8t6k}sivsa*g3@fz?Ry;$DaAQqX_d$ zku$=}dsfexuTyE0dTNjssa!=XHo0U47>4^q^1*$6cdb8`AWqb%iO(r0)9w2*1i2)00Jbpr$ypG?c zOk>!)FI_LoS!`!hOj@ZFnC0wR3i?mk`GGM7_b^a^d)@#?>P37{l3!077lHbiqEH+` zQHelm)U7Z`9!;3Q&g{ZM?#J=D^LtzyxLw_+4D{?DPa<6fDS2I;RfdstyfTEY+w1rh3BRtLGGJ z0;4EtldFft-CA2NOIMAFonylffjF#c+d^&Kj+Y(caAz3WnOaSroM-rsA|k1&4GY^) zO`ov7kUm?V@(kb>n9g;Buz*r>Y?2LYAAk?e`E_IR^OQdEM1xR%C~2~;M||0L zAR+{*0@vi2l5yaT%b?}<tcnZa2oN5V9fU|%{Sz6-CnP+P z0wbQ1HbFfD+UIW$c3Ejpx6(+#tYf1`X+f!FedmzUh^o?LC;8{U;zv0yWo44a8xVJh z%ZUdwM0p$oaZ@FgMR^Ii0<^=^8V*JW_~aYIc+gmMKqe^EnrFTUCq z5TZ;?<2XHxAxT?$O*=yrh(6!I64018p_>Ovue6fVf`QK5r38Unz(T9K4)T(%KTBvI z5D5x;-*>8sepj0wLyana82Nyhc|qe`Hm zmdfAwF;v}w8zu2QhX_^M;6^(Txvi%f+Z4J{!8bK^C{)ZTttOsk3n9&XC)-e}&#!Wc za~#+Zx*JTW`zPp}xZHaTjB1Ykf&OI|Jygn)*|K#Wo~Z~0g=Lx=m_z1?!FsOq3ww1N z2+ES$2|`-xMR<)DvBe2Yn;K#8*LZ)K1|?CN1~BsrFwD6(B?p+q6kH)H4q`vrYAxu1 zf1{n$Rc`3^Dyur0n#Ptg@r!^5zMRJQ^~3$0ocYaoU5sJ8Wo;Qp)%_H)z1$-`JHw+q zP|oJmQ%b8))j?MFMd2dB^-EEF3y!!(RxuGsxKg~|qmHh)At83ocX*KWx(Ay|Su`e+ zyc-&ai_Fe3_8Z<~*c}lyJxQXNW1=zGprqjEP^_;iB$<<|DP5sXLQE{!Qa=#B>+RC^ z)AYu_x0D?j_1euT-gm!!&PL=-NPDlD#N}s4|>??(N z$7dW(ZK3i@7`uP7stYlobkfHv%g-01!3YWnfVP^Mo!zzJAOYkw5r=IK24a4sjv}H{ zf0@bfjrmt>5B3e)Gru6RJ>>R|znn)_!%^EAg^vw`K%RNLi;>h9+FovdT1Vk|Ev)FO zZC{@5)vAqn_Z*^;j$J6kgsig2o!HmIQ%f!iLKls5cw0EMydpdX`F ziJU?|BI_<^&QwkQG~eD&4*_wYBSmtS^=!hlk0xW?y$S*DHUGN#IIz2S_%|y2P2*O8 zni61Ouvsm^`k4ZW31`c+a2K`sIZg%xGu)34ejWT_Bo38SB}zqG8u>$#sm-8r0aYwW z`w+2^nkZXL%3?bCGI6(PUB}_6AnWRW)Etq9`urklT{!qS9hoNgySvrhrusHABK4p) z70`T0;XSXKOR-ZzJ^6afa)RW;y!35>_!%*iZ;D?{B~p0=5L+tMbC;K`piGByuEEeD zq>(effsgj{uO zdai*_C{@fGM$)iVBWb^a)6R1V=gg>taf-Fos>pww@eqO5(&}eyEcX6RCUo0cvlH;R zoUL{GiFrC=$}838EtD)Rx!9aO6x2oFX#MIVKjDK3ldT5x<{6xJ_Ex=9GPI58_eS(M z#E{_~UYT(@%iRvwR$9TkQasAf!ajac*Zs-m2zMn zuaV_GgFWlEX^NtdZJ^|Jv7Nc1MBytVBd{>v8+RN%?bo84O`ujGmq}$2Jzq+aJDztB zRW_!e7EX#hGI21bk;)`{=j^=6)@opzIiX?5F-rJ&H^=Xmo)bKOAOerB2Lg%R+P1z- zxi*UtrLeJI-*-#=0J85$1v#;BWqD1wHs$uM`%^lu)#U&i|B(op{x@+;9RzK|h+)(#ql9;2MD zIKC3aQcX!IqI(7A0;eCD>;bzhlZR#w-=y=Mrsrulne4o?NngG^kCAF6h&sAYV5h)q zdY!J2p?9&1&3%j=MvTLtk%-a{0099CCv)CyfNzS<<$A_n=yuv(tc5f9w;bJH`Ozyj zd^X>#B|y|>6GyVd>y)p=VCp4WRByQoo`I5~7+vJ`J^Lb;pU01i-tF+0yPG@@48e*6 zi{OTp#s2+djXCM_lxef|;!;U}c}^p`A(ZtlY@=tX*)OBkpJB9rBMo7PMu!b_W@^;97da_eDpJO2&J1s=V5vKOKSaz zFJD~SdV~H>PJ&3W3XQ?5?V1k|0kO0^EY?hRfGz?go0N((mU{OyDp4!C{>u2I>=M|_ zQ#{LIe+n7~6l_fAdVFnI6x^xfc&qK({h7Y~<{+nFaJa9vkNioZ*Sx%3Jj+gFvDo8;fxvDPAt|z0V3R?hR%SNO zRcSB)R(}=%Cbe6XW1Ycw9@RN=E-~q7GbVo#M)(6KHxhxN%>}65i?#A;VjJO&ssvBJ zH`pXLt7*ZK4`<+_zXu629;WqCMECOcfA~K*d&{7@g05}z;I4t-?rtHtLvV-SZovue z?gaPX?(XjH!5xCTyUot?eD60?Q#CbH(?6g%!r6Vgdv)*bYuz_ke|%vOk2^ldj|}mT zOXpp?{(f%}Rgj-TxkNgS_t7bEE_JrWsCNdj9Vn?N01q5YA(~Nz_6wj#kfWi;iUJ(- zq;Cag9a$jA0By#w>7Tqo&}_QvzIG5cF+DAbkfDIb`|%+ukb*^QasPz{B%{zTd1}^H z<==Kdv_2{6VD=#aE9|_#W^T9bDBpd2M##LF+|*w_PPmVT_Pyina3&+QX_SQ0V0ks| ztD036^@y?NXhb764M+h7B@k6QLbvK-*BA9T*PHAYcL+&wfPaczhI>b4Bt&p?ai1P? zLXjXWJKn9k2o?n-wS0i?67GMt3Hk8-f7?ASn`KR834F}T3uFL>STR3EgoOd6qJILI zfORi`e!~X!0^7>)|2cu0b?Es-vODSg^QV0DCAP0%zdKA-AZg9;1lPI^)dA${mCi*I zJg9r;XDd`VAX*^7dfP*jGu$KzyLI18^6$v6Lr(r;xr0Xr{PJtCBq4{OdIGK2`OJ>E z%hy#QR%;sz_gveGU;N6}^WF#`!9a_FsvXb70$4#}R9E>}Q1_WL45yxOY?VV0xLv?z z>Cl;7U*sfMtU6+5nVgF+tlFx;^HwnuNPiTeEcvy+$-|GD_jE8zbZa}^=CIB~6usuc zAy#zv+!WK-4$w_iulz&CN~Qy5-J~caLC$Q|Fh5O&_19Ym+1sac!3k0ma*!i1}V49=zXj zvSZ$W$ix3qBw+ieNWewqi`{+Z*c@aSt3Yii2EOdC7N8mJrT$+0q@Uf_`$rhjf>N1Ao z{f?MDzx@22L&UWgYEpOeo83x=aLr+7<(Uve1*K)0a}7Y#U4HvE89@Y9C*wf<2oDI( znLaWiKtcI^Ol`ctG^u95eaKt9qJK+5HifHb)Ay7_1Mx!Q8)uV^ zJzVE1cn8(-pWQ>w*Y6}FNdo(dDE^B3BT!2?9Vb~ZBL!${R$tBn<2K3!6^s~=}x-T zw=o}Ci0*NpcCN%!57{n)_bxW(kE;(iYy0gs0c|}*j)af5=l;X8n&<}+|UhZKx{w( zQLG?q3|B31cc17Fn{C(UG_Xf23o9%4jK3ag*F9B14}CLT<9%kzANRJBXagrc>fd?q zR?>V@L)_la77Z`giIO_sdgJ9Y!>=yV-LFTmHugU*QjO%11FKf(qykY{lb@MDASHfh zck+=-<<)$OQV|hpE))TavXVxq&j<%(e)@rXEc-@6E*G4C4zUwnT^R}Z_9G2@Lpu07 z*YY*i^ivqNZ%#n=6=B<+8_e={b0?8A+z|2dF!@V`e$!VVX;>^?!v13dD6cB@|NY&c zhziktLg9bhQkLg)(pZIBEZ12nn1>s{~ZQr(Qltrq% zE_^oL1V%YN-X2RnK1Q0%pMA>pvT8<^>MO0b8{R87Ddag-v|&IT#f=}1+{}MI(q<79 z>c2mCbZtJnBx~4v!*Ni5eZQPYes0sHqkXH)Iq%e>u*>*c#8U{tgmMpU3MN&s*=BU} zU<2j5T;jvyuwQ_H04n&?wc74==dw_n@-ar#5dgG56Fq&mwESC@;MFscmc_N#-=m!? zu!}OHNk-s_m$#3T=z$aO<{clK_j4o{6`Xf_?n{-$qg}WVfzG(S_}o8fwvW-Xm1;!> z>ksFZ&n!rw0h8xaqArZfcT-2Og^kybx4CR;@0WQ5EGaX9>}AwW$;!}6N$q6jtNU9x z;=k?b^zcAAh2rV>@|oI}@RY4WJsO8UlNcw&m|XZ=&dd`TM822yyA7Fq>gikf^Zj%4 zdh1(%dj9JM#2KZVH(Zt;OibE}R_@oANd^ZBR%;{i3h=#ozfvo6j#UB_D=zRq;RI)A zcmrZg0Gjo$#9BtNx9F{n_L|la07^T6#ClNZ%Vi(R$G+{m>AbBo1q!b=kdd8Z5$@@g z@=?V$6dWFB_8j5a(E?8!zLq2QHtJZoA+`!G;f69lf+et-JzS7aL{1gEJ zK@bANEA}%TXSMGCbQ0kAF76&JleXuH*5>nR-PCtJ=^Y?jPRq$e=KuN{ygpUAj!IzI z{uA9XH7$&xtFoCP)k7cHTz`(x^PHCgvY7r?(KgcFD=0dtY_st)@QhO47ZVljM3op< zRrX?TT~Ql>Z$H)a6-EBO*lf5NSc(BpXwCZdQH{^CzI*Iiko3M3m%{_f#kw zu2MGs&H&t9PJdBGY0D?f7#sD>QU?5e^-} z6=G3v^NCBN;P>J<>NSP0xb-|z=hTBq99<9!!Ij-gpGXl8ZPgatzUR^b-Dw1Fke*vh zbtiO3Cr$J74GmE>?w!*{e#Xx^%QBYZJ9neVc>;}Xpktq$dOHue4%8^x7Bx&BchOeT ztBdfTT9huF+&x>Aak#fc9|cB3ufwESSOxKJ#TS=RvPn{DlW)~>%;|U&$~Ehoi6rV) zaV#vo(cOagehY1}xQ)O*L&HC-Twuy;eYtUFDE|n}QqRQYUIu3r+J^d_QT-m^r0U+G ztG7PK_uB@ny^BOdf0jCU>S$;ntqhkt0B{=Uf4%26S}^f{xXxRbRn-u%?>P^ivxR}6 zYYHkiyy1iuUt2hy$5YFhiCYZz?6hy;m@e|aoLCn(5)wt%DZkDaoAluR zRV*T-w)FOPJuK0@TxnI4`eP3t=Daw+i{m+9KDRGXB_9g_Ga$#Wt1C{u<&s|(CB9ybg`OOxE znIn$ikwn1IF?5TUjcn5BYz}d8ad4~{5V$f%5R)(Ilh!>rRReOOBIgdS$+oIz(X#Qf zhzNlf5S=(eUgyKIG_6nIwFU>ntkMqhobfYmc5r(3!6etpt22$tAN1l@_}Rbi8Zmvzo)OZ(na`7_iv>CQ$$L&h=&Vip%f6`X&prJ+{qB2}hi9WjaQ9HZ3gk)jX<^yH!N#e1J-i?p-s`8}@pV{?!h4xC*L zpKSJvLbb~b6!_UI`TFOiMMcSB_jZC@M$^LT;<@zey%v(a6Z0(9!(zx6j5>)}4?|yli|mxez&-GUn$Ojg*>6 z@9G>{vm+>RrB8O!t;X*O=}+V=YO)OzPSrgCKv7n{@xzAQApsKojuW3hNl?f+V0R-8 z*HXD*;|J2GZbd!!ue=w$)L|`nzu4E&5X+k?Y1!4}b2H{6JVGB?)Rg}Xx37*-`*bd; zq6@ZFz-S)CT`k$gx3*c2UxbR&Wnb9M>ef|45qGzqM1|>o!Yw^MU1&X~&8y))B45x^ zHj$5f04^ty&!6nRbpGJMK{e=?`TATs^NHmTPP8mIJ|$HzX3|4Sd~FN#@}@#sBP~+G z2Gt9JG>P$Ge;#stINvCccd5( ztt1jVZXd(RDs{iNsU<$ok>}7dFib#0gT+}QB4(!dns*ia4rM684wE+=%r-$)u!v9E zABtZlBa(xbQx&nLRt;X8b9#2vTV0! z7wok`Keeyp6E>`bK3Nuh9SA8qPO2DZf}b+F$KQsenP8YOg@O_+Lz2>`Qp)g5SCFFA zfuOA-f;vk*(dHfTvrqdT+0RiB&`=#1G~gAO@)I-+9!`kh{fExfXdD9&sQjafv;n`N z$rsNRP@UtZw0g9&uIUR_Efr@$2`k3gKWV4NN{PdkEC~s+Qja^jN=Js^N=b$j5fAkU z4UZ{ENox`P^K2}s%1+ep6_3g-O`ExNhDNq~`nV^pAF4s*E7nd_<9s500Tm_@@ruU5 zOsk6mYkE_l?zK7W(?c9W_r^@*7G4(c?x(XT1&x!fONHoE7ard9+!~+khW7k+r|d38 zKS<-a;;|#~$f;=Z17fy=_L$ym{~8bii2O6YIIf8OH9N5-AvO@dazxg}m7c^3zn8!d ztSwAR%D!w}+WB;R(Qkrr1ED)Ddo9_y+C3Vl(e_LlN5*lU*1srteOwOfw^`(_p6~dg zaG&z4q-jH?oHiDi5=)Y@mRRv|@w!Tkxx0(Fy0Hf(Y8yJWQ78{{5#n$M%eknME?hY7 z>}m!kIdMU>Kp<}WBbQ~_99bwTKc({~>mPNz^@&V14vR>Jz$d2#-!1E~{JWkJWC(h> zJG1!=n5}@xb4lyP>0zMCu8;@ZHznex)y8UzBeO*>7Ci@cVsJ*&iZi=|vd&h&ikoPt zonDT1Pp@VOYUAvsuW8s2NK~(iXZPdh9#BvOw4&Rc)e@NZJ3Dn)!|pGS;-gE{oRmM$ z4MxR_UnELh@VVDYCqF%Ae44L*m0B=6$((aUj6@XBl6E^=M-$GqX@g0NMn=lAn%B=! zVQ=CC2ZEc2hR)4(!z>qnr3F71@2v{MBSEDEtwqY@9!YVh4mWqXsSqehoUC00zHh@8;rBNO2>-N?|S zLaiprbx8dD127_hiFVCy)JQh46h&w#*M31j(2gS&=gid9m-yPbeULULj4Y0d&<5v< z9KTc(3*69+hJ&qlHjK1BBqB0sggKdY- zq$0sXf&!5;!<7Kso*Ry_=ed0Tn~`edL|R>U1GU0%rtoBeDlP53VGKne!po3QiODpr zDU9eCYLo#mbfb*=^9=*y$a<-mhdF-BTEK$I!gR6 z60HEax=BZ69Gvhh_E)=>uo;1k7#Xw51TqjYh+;1Zh`5m1Gk?xm2z?Qr3}w8; zDI$Hpo+`S#4>dpkGQ&d0jFBV}wfnVKpNOaR48uICfKDSzYj6AuDj0GorZ7XuH{r$I zeHRf4gbN|kKB8!z`h6r<-3Qfj)nfh&`1Jgu`-$gHdm}ybH(D)A;E|PTk!}9QHKiIX zvVI1TB)t1uKr5v=$M}u?^nh6*nlOHx@Mi{0LM)|e#<@u=8NIV$lJ6ysJD@J@G;_Kpr z?ACAa7}}g`iPqe0CNP$X;1I zI>-RkSGXt#Tro3c?^lV&fyeIlSqDg=^Fae5!wQR9Rj6S^VIQGFAIT4UtdbwCJ_UEr zLc&t(rQSXmJiA`A#p4%Qw!S0$#3FfMxS}pOI1Zg2sz+VHM_}r{jx~#;Zk%s zujgSO1!v_BAblNYbKdiFB?{XX1&?Gf=MpxT&0UgE>ggaM;g>%tgHMV9)B0%Z5Yf_K zNNU9fWECYr(iZQ0RoqdpaU#{fCPYBoDK7+{9kQ-si+|9K1s!IGm0SdCx3W z+3lO-z}}<_ut7G>+rd?GV8GorAPO;ufFPHMAY?i?6(tf@y7fdXDoxXCAalbOHr=PC zEAytE+Y5QUXEV|hjynFg1#ZZ>gY2%Y9AD(yZ$b1H*4WmX9pAF1CW8n9Rczc)R*<&2MCxeZ;b;Qb{h@q;Q!E zE4StOz4}U^lL5ix8S^n}R6_a19|a+|!im~5HmSq11lFDxKP~Tex~)pB`Sdk)!&)B8 zs=$X;pv;iJh{VGEau|D)p4L3T&Vry`onQP0OA!wjHvSyB(BNcOY1C*z6>G^bQSte& zWpkGcdUk%UTegU1wmXI_8X-h6l4doGh8)^fqQ{?9dbP=#|6u{J!dmgYTRZibucRia z%*w*ucsb@hx;i=TY)1-DzbX``LBjuPIVR-CgrQa>IOc$>Pmozx_s@@rRX1k^h2amW z;B?67px3Agp#KJo+3={}Ouq_o^e}##R1kCMLKn(J;tEY7;|=n=A-Yn$^TMMUE@d)0 zBC0|Cx@6wK#SU?nh>`mkGix4U59+20{T#>C`>SLnlP|kq*|*Qs#rzp}FNLZ;nDI;F zANoOc=Q}W%Ao}3IFXTInWnSrIAWu&@IFR6pCQ9Jh`h)FJLWv`M2_!Wnr(a3 z$+$fzuI2W3ZH|60$@H;g{mXD*;Tb4ki*@o=W>rs+*tewO=bFu?8~kWJcTixGA}D1j zR972P5%14-vJqr9-3f{cILJ5GM6bHgB^`nS0_01U2|DDCiwuNqk<13JaV@K(IeVrb7Mf43Z}dP;Omteq<*kL5wWJiWymQ8l%+aD+y+2^FgH}cy@0aBZWYp z%%k2d5jg9KMGFm|Dy)7#u~Tm%64^_umw`)CmN?YCVJ(YAG|C>0N*4Exb_XoensPUV z50ZMHn5S8{bAGlUp$QvnM2W)%XX)1)r&8if`OA^y=eIX{=i!4LT1=c5>i@#NCZZ8l z&syiNG{2CPC9KtLOPeDk_(CVKWa7Z>??r&wt`8ODSt<(h?aTPiG50V}r6v$WoASwe z*<#lo3YhOkRo^RHVy-!j_AAp88BHW}np6cWQRFouSrKT+ z4a5aP2KRKb%c$CtER+eh z#0)3%pA;otPg<%{Hlht`=-8TDBLUMqdP8a)vB$kskWy0?q2wn1nEIkrqd3ORV-Y%A zw2cq@U7eAK)9#@!MV&-upM;d`bH`5DWTO9m1I>Q_{;6=a40RBA+?gmW^X%9^BHwEZO6Tns_(LHn{Q1=w2% zPFzG2%VJ8#w2&_kx3&pnlWJSI9&zjXvT!=NBMgL0IRC3MXflw?Vguz!R?y(*W^=}HAEO^~SpBdA3CU^LH<+S;Nb zAI*2gFzKcJQ@bRkv9px<5q32Q1Z?@psucg|-d^*V;0F2+w!B~z$c{eslS7^#cHZhR zadskf{Msk|8nH~CZ`42F?S!k_CY(`4Vy{$~f?TZSli@Rr$<$#_wS3Lbzozgj zb25AVQ8XdlaLaH%`sx~Ea-Wj$1$^lT3xVb3Q0TX6f6?h8K||d%Bc;Vy?*-IK{iN?) zz=HAL01AKnH-03b6Ux&|tgL2#GKOS92wvNV6Cn&RZ}Fdf5DaEFw|O?{GdF|&Ye7)lozEZ>wEb;;-8%_H90;o81w)Ms8%me`u9gCm z{o}Wk^Hv~Ih|$R3m_PY{$Cv}!`MyG@xtMzn`Sm8CNK>Swn-Gw_Mw2UH$&6Zr?32KT05l z&eKhk+*8K~CZm2r+Rb^;|5D+G1|uHKreMm{$9$k^;vh*ytnp)sLS;Nf>94c&rxrzjy{3h2N+_WF_nCbA^4|=b=FfLf^JWDP zU1K0X{PszhoTg-Le5}Vqaz*kocvcKdB|q@EQ`elnV)1Q98~Pi)8oG2)zUaB0%MK zt4xBvL1$XqK<7NhX);OS|w!qO}kCbYym4-8#Y8>LyplQO{6CD8uknCPMeM4?zbq}31%8Vx@*jk<}Nq{MUzmHCjuIUOGSg!p2#u^kCx2sG@bG*ucEZ&zy z=0IGrw6Ie78UG}C&QjZ%18%7lU)dopT<0vZghK>7;5%;0N|NU;@yw3dCkMM-?>97% zZ(Mkz-^EULT)}^0mtnOcxVa4tHgv zFRUyG#$A2<(Jg3F)qeBfYP4Cu)BxXDVP}VIB!r6o?8-%ZQcewXVIN)Ul;9*4Etcp!$ghp%AZw2;y0645i)ymSUtcm|W)} zxi^{P-bf6P%Gai&)2NJZMG1q>-&6wFEM(-7sI;@2egPKmPaUo^%)+GfuH|9h8^QvBZocm>b((L zwK2MoKwNdj@eHhLPJ^QpxsM|3dc<6$HFVpJcL!NXV-$4u$toVf2m*!4%JaRu7~#R_ zswU~z6KAqG7Ag0drilh%54f>_dlWsjv8IoF3dx)m}`lDG55O3ARc z>T@x%hAa{-Un_%V)g{TX=Mc`2Q5DcpWTV)wp*f0+^OwByv%(fM&PQW+VPe;1KIMIu4A?(BH9 z2HXY$ap1$o(*)vK%eI3eQL5^?bP(mKMbu&Dt-sr! z$IMK#JGB;bD7Nra)_wLGFM-_>aFU~|{Xq|1aBYm1$}dAxgH zKVPQUzhkmj2+wlSdaqCaMwT?s^y%NHKSAHz;Y?TAA3I(B6$_kh>TDRLGltDUz+%*1 z&+X#g7kEtux1i$##dGtIhKYulu*#u5-I|=Z!EBXn6Mmxk2DY(^IZ?JM%4C zpjOg3mHV>lqwwvp#pSO9C@#&X{Uui1Teqh7l{YMl=kIl@*{lB%WjY)IV zX>~mMQy>kr;mAr*vxPflT(aRaOcU1YVMpcbz3rO6TG;J^2jTk&pIN3W<$?U;>&$^` ztMR}hV1X=XAF{sF%=Uzoe@oXMKUFWlcK7LEWWAOHg@e%juZ-BmLiR)AgmNA8K& zS5MMdbwF%+KJLL_cdjJV@n+IvRJtYmVElDq#bbAX`QtscNUz0v=-dZDRzS=z8$=x+ z*B3-+jyu+AWsZC3Am7x7sjh3Oz&GQZL-)czKiZXb0XvzgjGJ_l(u=81_N#3ua1QH@ zj*i^Nsg0tkO?8sD!+>b?*#f+;A8U^Ryy*KaTVXk2=C#$Jq8E2CDchBHj~5gvF#V(m zK<=`uGmW_Vd*Mp^8<8yy6e#8WriHD?g`ZR*F#q5C)iceMcmMTpF9rB8(WBtie4@^Q zN!B!mRl0?q@&1xeLg&4`{^Qft&D(bG9XUmMH1B?%`w)yQNY`yXop;Wy*!u4sY?*8q zI_l~%8#--Pp~$SZl=`PV*V&>H&2<&9SiwcwCAz;k)}RPaS0a@C-ja ze?RbGWnDlIOuG0*p?vV(t;XxA2Nkqcxh{}*GSyDF`Fpg(o&xsRcl5lO?9PWZwcdCj zvgzu^tkC#@&zmaJx6{_;DfM7dmS0_$vN+&&ovo@*C)$>w2=&$YK|a&`?Jez*k>vsX z-v|XtOQX8i(GlP(-vN*od!rqWN9aR8Kc2Ea+yJR<>10M7Ky$mw=j~)%X5%Ip!6+#@ zogY)9$?bse$v%l3A%;BvEI;s3eUkj*)AB;J70LF| zJHe#uz1`uG{pb3!@5Q_2 zpQk%RyxnJOEsLlo+k2%r1e$$(`WDifx1`a$q2QiUsNfXd+AGgVA}sbjmHJ;_df2uR zn$BML-u2E)0|heN_BxgmEgzr+DYITCc6CrTE9ffgI*qgGV{J^gOhxkpt$0|ithUq7b72LcK`d=VCgd!d6zwJipvOs#A^m5 zEnNVI&r8~7C%=mW&fiVhEnaT&!otwo@8+-bR9U=OMRfTNS1#zuM%e#tOd#S{ft3~M z0*WACQ)T`okMD(d0(P2JZRf3B?{`%In*4g07rlRQAPv6+lav*7bj22MaB#5_>rz3T zcN$K#PU`p9Y4allNoKM;3Kq$<(u@~36ISLSctkp{IcRhQda z_?WO5`q5p10VEJUeMIsP&blDjx8vfOJcfO;w<;F~uiZ_>KiA!K4H^tgF`&1XhdExaO zX$VTm%F?0Us7}yM(CuP87!S|=GbcX)y17C4PYW=`1R;DX;=TARa%~th#RN*&C|}jY z;U)4sZ;;;t0&w%4oZBDbx_GAB4h$Gj^Uv9Uq*diq3UF#hT7OcIFRAZS&=cmXs)}ZU z6mEn**yn4VM&>$@`HtYxN&~Y1A5WKm;E@2|fg9j7Z>K!ZBlc98(x*e~P zx8#9KQWHbkc=eya5Lb1{O^@p3kHF;qz!CeHB}2(veOV*=n|8ft87l0X^O_a)^Z_^A zZ=mE)4Kg4=RRs@JaN#>|L+}-N04KI+5D^8KtpAoy8;obG*ZWo5k7KnifN!C_d{jwS0>h-o8FTcOPzW|8o+N`%uT`@4#_cR+h%yjX(aH9gw&qs#7q#$*PD#{77 zd_07@Fbxn~H*cy2bzH({%w#F)2xFH;Oh>{tVmhheM#Cdb74nX;IFDS9qX`$>i?&bu zW*aX%VQf8N;VQpXHN7|A-^!@%oEBoj$;D#6B9H4fg9c8dBGgbj&+pe?Y^UZ;?&DL9 z4I8Kp4Xm$DgXW@{dHA%*X&6pn2g@MCy7+N?^700kVxMy=TJQOr4ti=;FSK8I$>XfE zFWY{C@4*uDKfR})@;^I}b5ejD9GVotx)aIvNO@)(02-)Mw4X$!6oi5cib!d(7B z8pBF>k}8t6vA^t8{FkQtcgE)e&u2RQ;|nq(qIS|@YAQ~N%5UwL=Z%L>s#poms5Va| zHo)MZL&NOxJ?O>{Rscnz{d=eLJ(&$I$aKTwBp~S5+DUvE$3~jp(~-}|qRYWvQzcWd z6P^kO<>bfM?kz89T&_#t%IuxhA@vnKT)K)$N5XDadNFC^Ixo$1<8h}yqz=R^F!A;@ zwFX4^n|L2@A9up+=4RON>_fW8-1^-@_@kh(%U#6o(-+%zmJS;T2Z{qCM$gN^{*W8y z7jI);n%u|1@U(D#*pH(=x0C~_-V6WNg%e6SzPH9y9;NAD)ak=6z4&MK?#v(3Mh5P*c z{N4S%?t*giNMc zJ;`LS9^6K|;r{fLw@pgE+3qofLav}`v-UnhSCxM35d~(82sT6m5$2`SVu5f%_Cz zMcGoPG?kvq>cRw3rrTa>9uruc_s4nGcU@q}htJ5KZ1BuJ3<05Pzp^6n3kYKq2wzXv zbO9eP4N&SH@uSTxuUemc+U;@@=z&3GXJFuL@ZL*>#oto>k8KV6u(3T;9$`aVEiKdU zd-vO@pj$AaM3ayCCBh0grxNnxXF-5Qg0oIt_~Tx|v1xs#-}T!&8lHo=MuI&E-FR<| zpRC~gxfNnucbepRU0h9(1zWc>#nZcnU9afH{jE-Ry4(*I<>yo;5{JEC5r)p~6Vzai zC*Pt!+TRqs<`rW$p6iCrT*9*M{`V4VU)=$?Eof;;1T^CBs(jAuIBPpc6Qlpl$R`UG zT6bwWz{H%MnfVT=zdGRj4)>HzIncdNr;*A$V!FQD2P{tz5D@C>>WDlqd#sz*?^VkH zb@2a`>&=9w4R>kU#LD;E*Qt-!ss9%SmNYPXK1z=)u)LL(@_+gn@cTM)oAy9p^ZmX_ z;O%zyX#VkbR=(@)%vNtbSFDpfd~Yy>5ZwjOn~VgYzwUYtEjAJ9E^95p(7DugcEY_r zl`2uY){iW0>D_gwfisOkge{d>tes-6Jw1(ffPYs^>~CMN=-BvyfQA2$W}EMk*cju| z%b4K~S3|Q;JhPi<(&&9YV+Tk(n#-WUK?~C^DGTkJ^I?A!=LMX*XYPx{FHcNSsvT|v z>vKM2@F!K3&=HDXo*FI@2pe!uUb8N&y4$t)=E~~pRcI5v&Da4T_<+*{fPi!sK~@b&}Udh!~Np*OLP-1#^}n88G|sa(BfzUIEM_lqK&iPWd_t8V z9a@VGr-BagK=e05{0U&E`AE3-R>Uf#{{?901K>kYz8{sfDgUM~$-%Mx!$hSaJg!=I z8$Uxx0`kq%)rwTC0uaC7t>R2fF<2Mu3+n5!^F+SMYM-Mu*}jzD`~(Ra@_R_-PT=Vz zs27_-(MtTEP%7+FWT5rnUSX+L0Xx$}RE(s9bPG2<9Qn-o@t$VUD6n0Ss@s*GZ#u(lYRXQm{X79Qv#`N$Qq~4Iff10}_ra~d+;aVSJ^_uK zXz+ViVIV|j!T7DT;@obOnXWPPSMg+MF7GBJx)p-3DT#JDPu(i-MnI8P# zm7xF7$Gk^3kK@n*f785v?ffrBwm(#F5*j4c(G*#@rzg40IY>63OW`CIMXWu25(KZj zckm>*Wnt34_El|djm`Lb%*-To2wC^Yi0$8{UQ&`iacuNYmA zF}*P5?2Ni4#Q0s$;uv7f-Dp$ff@1G+rJ^vL@auG$xdwU3$WqSLqnJI0ytR zKFHR;GJUy6!rKK<+Fd&fIcL>MP5aVUiKcagJFh-yE~0u4PVE&xh*3;`nzmZbD2m@y z&nt5yRk6hIzIR+}=_O`My>{MO@qHCXwu;%kd~^yz#IG2!mh3nk^Q>(-|4u(YvxnoC zpQ!%$9zIQf0h z$Lx;Q(c=T(Kx@?_4O{+ceJcs;dJ^T5l35Ea_tL0;WcN1!?4I9+zlm9!RQ!JcY#Tnu zWZp>2$;YOYRSt4-aU7MGI1GgP%7E~lwd%}T;`YRO%4R=hOGkY3T*^ofEwea8-2aj2 z_VPz&`A-6F6eR-Ng5{(!VEjl7k`xtESw{J)vPa*sC1EjXC7C>)6;~HbzF%6>*n<2O z8wdf3^LP^#rcrT%xqye{5IXg+P0ZS7B_r$71-uFaU;|%z3WZVj#YD*P9NI|M1rp+< zqD;!Vm~3Y9_;_+oj@o1oN+d`em2C}9tp$DpHCC(V_%Dv1$% zJ$K3H|8LMOe5L2Mgo~_d0LM3pdXJeya;vgZNseai7ZGl$vg0_k5H5O-Q#KlEQ0t%k zoJVT;@AY=A=5-smMi#61VJ#M=R@>uacFi2V$2`c`7&yyO|3lUm8XpO3t~x(E`V8sL z*PbR+`vsH?CbZP{M&G-K8mKM*d26A>L>-2yaGD$e@REC4OH_!Mlug|xDFC=iV!Ww6XZP4x?8E;mQ`Wgr#b zpZr0^oJL~f&%9{*I1vSL-x6w_vyuYA>CvnZ{0Y$l`;{X62D#gq8k;wgv~|iYI9;m; zT{XtC{sZC0LG>s$HN?+5)gNT>QL(M1SMKayZW$09G z&?gTZZkSv#c{Un1i|Ajf0FVh_dg~%#pwOf43k5<)h$4&h6LJNRr{Ui)-@ZX>9V$G; zs(8nisFn(|G&MLV&GK{duIVu$Eu9Gw`ikl}6Me-e#OGfwl&WUacw*u79*76R%u@Q zQa*JaZoUE&BJYgtD=*Mv`hQ1q@iS8dJ@*u&$Mr`lE8~mgALjk1w!_f}v-5ICBGXQn zuoZ2U6^`#`$^Ml-ahGAKQHBzj!adlMaPf?kGFYMU;+LXNLYUuG?^Gj;;t^=9ADZ zg>h2T@;5khJ9e9q;6!qW=s!qrotwFn=yZMyxVes+574w?tJ6n}1Y)_2X?SUE!Q#R0 zLg{sK-;~YEV*+9;lm7QzWu!7gQ^n^d#Mpr&M04r2ypqAOM9dV;12}Q z_3zKLWWbZkYRH+7?~K+njkB-uDQk?7Q~_dE$KoSpZ7$Q9H7rOyUugsk{#2MIsHZ$0 z0<@*xJ;l-r|I9j$&^_eF_@nA8ZY2BnMQRjK%0OsRZi0XbY+Z_Wu$cp0=-e4ZhzfMYTgZSdK~Oo~6FXi%<$yLZndBxwJ!x%6rGa$31z%cYr=yyZS* zD8mV;uaiX-8Vx-`bO9lb9ew{;d=KpwzhCiW7%6LCE&*R(-&9jc?s^o6$~C!KgH@;= zf148;)#Bd(2Z^^@p9j(`XBkE}@cdHt!cz5cv}^Xs@}%wjgVh>{s{HQ^81Wye`vf=` zM2=!QD-oBNCP(Fb=l1UjX<_=Eh$8zS)okKpTy2b zS-y)Nv{E73B3qP=3L=K|HKGrpaWa|`3}NI68boWVh-Y`K$N9eUsH|kuSZprJ63hq9 z4FJjC@3A;OZ()pdv9=N%-+uZfxQ+%sF8eb@3BYpQEijj%sKtTLRn5{;;x9L zu`@o)LK;FgUlD(2+(Y>i=Q6B>3f=y5Bd#^+uepHMbM9i0n%tFw$Jqv<7byjN&nzLqwVs-32aA4denjLXc)I3 zbB!oz^s7`H-PR&o*T<)%+8Vi`y$o6s4yRkk6dXv2oLL3V7E~-JBAmtg1ylZY?J!9= zJZy+F-2iZ~0_KK>6y@k}ax1purnL{(n3B!pQ_Mgq$b|z$))!nh3+bgT?2O@ zjEDp8$Ns%)K}Q4L4H!sSUG%LsoqFzK)P5=2)RgH|ZM=#7G`v=xC$!Whq0uIf^OL{Y zWb7>(X76s|$d8HR)WJu)W)sy|!wg&@cg;irsBg-BA!5Xj20620>yu;irfHHQz`7M- z2qt4Pg%Y#;37nFuG&#T+dh8pQ@O5NE10r5ZcdrXvYEbDkOZgDqK3o)3)YDE0xWlTj zZnQBDnLBAIfIz7$$edh8yMMK&a`E=OG1oU3yK2PFS2qY7&DMADo4fRj&71ro03%75r)s;{YIIWB>lRCtXzh2SI15>MCfaWm|p z^f#vx4`KfwgneaH9oyDr;Shobw-7wIyMzP}5+u00ySuw2IKe^)?he77gS)%CyLRQ> zcfTIpWAy0y!GSuP+O>VjTx%*}C9MTHi%9ib9B}nx_?Au|TEFTE%{mPbL+=hrlhud^ z(NMzGK;RYkC+wjoDcBUr#e`%mYUZ!s)qe}yr}HFaP_NLeXKSYpZI|rU^#w_7K8kxP zd98@iUN~WbC}6eeS7;;x>pk0yaYTLnlGM1|Bwtn4CmdiMjh_5ABQ(Pkz1n{)+o6KV zE&)9+=ZAVQ@4XA0V-6!0I`DtuftA{~MI#F+@BYO8YMCOkMC_61u3QSBQ?b(b7;Z&{$}c~I_o!V6Rm6o|!!V&l(pj2Kq>V#x0o7Dyex-M^Q-*a2w5({@AEe^KPp%&P@_%3>0;(}f97e}`Tr7wPsfEpMPFY5w zw){}=P{7+A#GGv3Sb6Rj5&qb5#HxbH@Y6Ax5oY^WwrL0;j&98$ITq&>)A|32#=UD? zpd7a%CLXMyYWzI2@+%i;KZl%Jf?B(XV*JlmZCUEpG_>!M8O4H0(P|l-0@DUiL>GL; z*Va>z-g~jZJ)!9B{3P)_Zn4VE{U{tF?-$s*WVf}@0Wh@o!Qm}&EU8pR5$&&n*z;*W z!L<~*zMWkE9_`PXVdWGz$+(bSLHW0zX>Z;nZa$`kxWM#m6o$WH^jNN7olK zTJG&jjLhw*-va$s^Pw!J?-$=b-?gIS5DSkLSOrBnb}mX z0lYYjaIvKIyHBCe60JC_^JW(c3|{_gO&@W?v)j?-@h90y#VnK?hzy7d;zN+xZIFr2 zqmoiygMnC~V$4t=M*jB^sPg%Blz-Y2#M~q>6J(CA=B0#-|5*2FZ9je0FU;rx7Z8V$pPy8hBnN7` z>2KVqUD^6kJdgv#9TuP&7HtqcxEt9Zfu}@b3a@<89zMkn|CVN~Fkw&gT_T~kInY=X zW58nemrt*{(UZ^OM#GXpTF%*o9qbqlWvRJI1wbU0*2Ewq5A>=(kCk6JG>QD?;Iup@ zPX`N0?Dy_oX7G^t$WBJjs9XO=Y|)m6j4T$4lFo#daKSNcU~LEZ)|9s1`;kTZR-#R) z;SzdeHjFd^jK6dJRjo`e-cM}4yl@bs2M}GkGG_mTnaw>L8=?o&HgTfVX7j! zL6|S>GL$=3NQ9_)oM-QHB)ijjyNjg3!GOI;27q?Wu9KLd@1FSZ`qI2u`&S|?=+=`* zYY8|gQF!U_K{0o~l2=t%mFU0TIoe57$V9jJMaazB;BNFz5<&ST(={~p)ni06Dg@zbC8C+fO7RuaFa!k;h8ABh;~86p#= zzlZ;VgXaj)S}j_4m(c1{(%r`B#q`=%-pO5$;-E(Id_g1?ibY4aI7%B4DoKj-y5ZS5 z_8Jisx^C_md-sD>(a0?h31&u7(ata2*=-zA*N~%GdEB8f%J-nSubenx=EBH79-%Q}k zzoJ4=`rAWr>P8nRtt#kUm-VnLgv@ds0YOzlzY*8FFxaborW9t* zn(2d-3Jzhc4rAvgN<`BXb{Ym17!J4u0X%f#4-P6n;4`bPvl0nso@qWbATq{JIobo7 zWi8deA)A`A@9VKLGG9)=#iZhp7|a8Ga`>pYg3TZ4KJ~n=`Z9X3rs<{T#S|j5Q)DhZ z%to{9&p;0!>1W`$j*>n4;z-i=@OUv2!!z<3q_2RD^F9wrC>_1gZ)?7SQxkPh z+$dGT!TMWceVwGuFKmU)^XRftAy&sDN4Re$)yL>YOMt22rFzlU629FI_gSu5UBE!1dd!^Qz4NMnkV-nb6%ddW|>T9g*B2m zls~%~xY(Yd56+$GUpX{y`8tIQksXjF9LD(ix{0-xMUUsbd-1>1Ex439m$ej9@21NW zW_p-Qh3|W?=qgV1%5dv`f6MVK3XI!QE~&|%cxHl(8&k=^SQfj7@X9c>?gX3{_3eAp zw%{LHq6xzmNzaP`oA&dfFVJ5U;H<{EoWOp`D`-iI9iTZ}uRu`2)w)NSY35r_0f1Rv zp^}qL<{3pDJE$PKCv@MOf~KEM32>{tMYJBfws0tIHOKw5A=OJK(P^m;XKnSKg}vq- zyG6sP%$(_E#jJ2N*zp584d#h@NR~0)D%zAZA<=r#Rd7iHtoGb%uy7@>d+#gnNl{- zW4^YV7g5K28_I)xf5) z3L3|+AB^#ro*iAHjZyPG*xyqKwZ6pvEklYlW_SRNemR|l?X>6bERNQ?`FnrywU?A| z!TD$-Mv57f+QNz_N>{k3!q^uiKaqB?v~%?&QBofPmmU3AzV>4}IA%`KUygC|R%CBn#IML~}M~2aycnW>;wR`e)47_AL{l=&in$j~_T+Msr8YGIj zT1a?ZJ9ai&ldZ~kxL7;@05*J)e1praK_NkTd*=oVtHi6Mjp`e{)WFvmp7Nu8wOIHZ zBl>>YyCDlvvb$eDD+feW@ImaKO|PY6GI0xn>k6M?yU6j?80arcwo>6_6k2;sFqL0Bdpu*{k2f>;ZT9(l zCadP-4&&DC8W(njTOKEq4LCrg3QZZQCuH)W9=oC`e{%hsxL#hz+8X)Jx&;pe0W&hZ z@{u9_tj_ysHE$rlSezVtB(W&b4oTct>)sM(!a91<23T+Wuo#kqpM6ph*!VC$&> z1zc?D3Rc^pckZ-~7vDakOLREh;R_?q=2ps~7}IE6&97>6Lk=DUl{|Jn7VIuA4mSz3 zx>@ldcD>tQTr_k-#(=Z*wM7o7QF6{;FaN#MgQjfFS5$3i7COQt8s29yf!$SDIbr5W2VPyTR|EjG! z0$}H3bHA`pR8fVEJ*|FR`~v%P(5H^AY;_24K-YvZ7np2F^>}r@99iM}0kd==g*aUE z#>SUXsB_b^E93{1@Q;XI!M3UHGw)6rFD>pk#}8yeYAW&_7UWHg#ObL^89Sb612{&T z2akaJ!Ode3%cn7$;6w(ag15xufA$5FhkSXL-U1)Pw?^PIozyW~E zvDEx6F1^n0r3MdMsNo!j`rYp#onhZ&R%Ny1mxH%FETQLqRi~$t(*U7;gI~9?iq%`h zDbUc+k*FHnTzcBt+BUs~NzpSfgSm*bL6B%Su8!yUKL1qtl||e>2g!9d1_@v8kN9}x zf?gM<>w86B0BHXDzKAvw?S;YHYvudUvSsrfE^rfH%JB1|wXSRq9TB!8CUW`wcTMo% zpLFf?;HUkfvM&8I_A++?FuCh;v&V9L8k@;5h}g-!IfjMyV~$GRuL_qw*~|_4b=_a6 zU7#+!UYds{bd)txBc~qrmMrb@T7y-Qqu1egSn>XY1E@GD+6l{anaWs_Abf%aOuCLnDDc=(^ zNhrF+=Kc8l4k4N9^|WHZ!ekPX}fM1(nP!_M&;5B=EMTA!Wp1zDCq z_1?#8cLz=Qf59Q4OgmW`G9L1HZ=N+0L;s3n&jnjadsm;{U$ooFKrX!ezWDbqI^m$2 z#-%(uj;}e7+iN(#zjaJBlEb&UswsX`@%F0-+bpvl_HkL<`9?MFXT`uoTV%tfZb_=# zl<~cBE)KSh>Zvqs+&Ej5R3rX-X3_P(-HT2<|)+o@s0Q;N$ah z`^M-^unBD4>0aBnwg&AUHwT!H&_37X1G)ZP!u^+vgSPFr*xJXB8B&Qj(w++HSe4n= zmwOX=a+%Mb%*W7+iWw@)gw2iDmlc+CIa+R4$Kyc5l%GMlX6nmYg@Mm}p6I=Q6M-D2 z^pzW>3RXj}?9B1&llMafhjwK!GwQJ_0W}Ebaz625dl%uuLLI%DNZ zZqCx>criuD=b0T+<>SzBKWn63@D&cxCcPxThDq-0&`!XTs>g?u3uCEjw*GQ$o9Ewm zHgzQ(ZteXEpJ7A*0A~Z&{b}pK3pHcp0(m1*bTAVR&~0_f{WX0*&QwgCUdN#P?Y*Kh zA+@;k9mt`jNhZH>AT`_-f&dJGY9#!!Y+5Wmj13sp(8X2w91Fp6QmCu8s z0dudaa#|HiBcE^7z-8MwGU>JKw(yESi~H}tuNw38dmmVKBW0rx8fWn*w=CH$-8Zqi zZTUCoHmE;A<}_}IQTHk@*HA*PebTsp?mX$Ybh{2LB3xu+ZhSHo^nH3;gY7hP!bh~8 z&w<88G=Jip>9kLZ^+IOeVDDFz{~5{J(ITI_eK^ykb;+dWe49y|WQYD?Rr#PGIAZ33 zsA;Z+sk^(C%)^uVZWpnJz}Dl9KMTGS+vU=~bKaU<@nIzJB)M1gXmv171l?;F za0>a0eXwwXx=Ogus0M_Rct-_%T3{p2r=YO>cU^uBRLNF5L{KN0`~DqMaA;3|r?~FD z=i_T^ZS|?NM}UX7UT$)`*p}IeRRJfX(97M3__Cp?5mP3&vsu=3*F%y#ULAaMUiM-``7dSt%Z`u$U# zVxBt*;Jf7d><|!RucfT4ELKT78?w_->!>7kUUnFK&_XxUJ<{rQ7Yql8AY;zF2yz%N z&t}e_toVm^eLa{dj`wnSMmAZxeQEK0I+^Kyh^F>06OQunV(t>k=ie&;y3_j1ie^q^WuXD!)UbUd0?@Vo5GuFwbwjIs+d~mcMP3YzE+qRyBSWw*Z;i8s0YFAy8$=a)vDQvVQSt=b>%qF39c-BcOqm zBv@U6X10kLi4EKREmrhMUuCt}*IEo?HJK*AwV)$ARqXz*7=62po`k;OZ7wZ07?e#y03~a}n zwuOo_6&c(N&{6KR>9dxkr%jO&)7%X66R`#S0{YW0w)?sA~#5H?jeR^blEg zO>gZ7%prtTC|?6p4hRd`qOGbLoiAdWb{nqR!9PWV6D_F6&b0((GN^R>E@)75VgAFx|4wue%| z$ry>xwrPI{;^}3m=-fOhpLb_#*UtPP+Gm&dBUX zXeHuO=WDI#gxS~{ki~d(LpJo>=#I8I)HNy7KJ>do4pb?+IT0G`bk3Y@ZM~;`hzSmV z5?9YV3dQWfTY!H-27LXWtBxJ0^U#_YaRRZX1tS}0FL)%8c<$FytB&q-ueB35W;1fn zE9q$X=h2`@g^builfo24uePQzIH9OBBs;GHQ*$3^b4s+PVW#gNQTZ&c>BJ!XN8-q& zu)rL&LaBY7`Xo;Gw7BOBt&J9f{Pw_ug_FZ;u`8(bH5m`*-vbjIfDFzi^%T`+_bWdb z1gaV>+nz}L5y1y~KsRz{IGvA~nG`cj>C5W8Dd|9Gym zSs0Z2T!>Cp3=}V|*|rtH_>5lcFicW4JakPg(TNxSu+bn!MOfs%3}LzzL{@%w-g|6l zKkK*IzeI4J;b9|UOzS^KlH29Gan~|)czetLBK7!@0JyD8z75K|{OU2nr(1ghMlHkK zs-&K*;Hn=f4?I0M7cJ@SHLjSP)til5NOQbzeebZ%y!hvlh;o$+H*KEdvr(%mo3w19bRNSh=#+m00$#5#yhz19e5Yb^B0j;^)aN2X=TTYN= z12v@6yykx^ZU3Ifpg5(X6V|;RCO!hj!dzT zM~r?e%w%HQlRPE!I8bGdw0hhyLgGPTA~}V{06wM{1|W&yVrKsEk?EhUH&F5&)~lcn zB*9l()?6#6?H)UNbeQfKh(g9`Su=wvY~npy|5FzB1gs13-H6d*xA8FfO{dw2#I7jm zW1pS+L$Yc_;J^L8{P!^O2<1<*bMxX}zz5qL=<}{;lZV0#?Z1a>lOEVRZ?=tZSl#&E z0>_IDY$#F~|8^cMbUTVCkPP;4oN~Z_#Z~abd+^%{!JGdn)L{_vKNbF!XJ_AK;r>Tq z`A@I$JLmFTR;rg6SKTdyF{chG7dg4x$bd_jHxgyRk)VdErXE@DJjwEcvqY>!xj=z1 zx%bz648n$Ry0Lh#Az?DuUq9Qly49DoJ0~n4mIi-#tAaen%|UhO2RITfAb)q}<0iG> zo3l9Zv+<-QHBhs$U@r!Nz9n!t-G3_lQCQOMFD~zE0Z}rkwH+K& zvRa$ef1`pqTicw%TO*aDP{3ZmC+lnn0D};vDH>M7Imtx?!fT7Eg?X{v(8gCa^N^5Y z>n;~;3;3&X*_GMo1KxTDts;r`K{|Svm@Q%0Vsh(K$Q1!2+uF=c)X!v3-!B?zF@mN?4@97C%Z$~&o@tj=Zg+q$m8&XHOq4-zG7e$Qam zm&Wm>$x7u&GFh^te(lV`Xt?BOjOr68eS)8HvKKED1K)JAp!?WrIUN;9HlvrG0vqnM z9}Q0q4=g4M4EN@br}A)l!w||HOUx92edOFh{f&qB+$vGvQk$Tx)6ilqcdnQ1&zQKY zToMy;ZiQ`m%-8wL4!tR=Gm;c*a2oEPoQNY1r6C4>0axth@;yYa^=T!fDGE6cZmo)` z6_Yl7wbS~O(N0hk=Goz4Z}Heoqu+h}Da@U;=e~m!^YJz)jn1SmKcQeGl$9n?t?JmX;n%Xs=d>62^ubey6Lol!=f0)6aQA z&riLqs^;Q3!g{gx2t%UnjsriiGOz8tDPbf@X1>^9(3cOp-Ztx`!PP>4T6hip!jKTa zpo8;SP8k6Zd7nsO0|~>HtH3G!X)v(=_ln+uLl&tJ?LGMW#|qjfKvTnRd%3hN3cL3p zTE#Ldj=avlA_aq9O-0FVQ{pah)dIo(hR3NbIN%N;>T`JX4DlS91>G_W9&3Fu9N_DE zdhO)IF^rGyE@_{fbHB+hdIj5oE`fuM`~FVv&co7}!cOB_iG)YtkM^{Dn#ZVbdkIFv z75_$LA2B%i3kt~|qnM2~k9}w4MydKnB&mHlsM4L$&BWm);``C9Z=J1tj`d)GS9H9J zDk>^2O*G0Bh{F#1DmbDIXM~7hoyx@vEyF8~&Tmj8i}@6>f*1FgA?o!O*Jq@6xrJFb zduOpm`tqmYA2y4FBa))~gsi=UyZJoWnn0wtDI<#~cpKk-QGJm~%f7Il#4_qMmn2nME&y-}dn%BR)=Lh95D$(rM{G@Z>-EK=H^B<`O3 z5yo}28ojQhwJm>Q@+|Ie*xqiBFC$+qLWY4n`UP%`RC?pR*jZ0#A2K0o?!owtJJA7I zSY#!h>L7ueKW=>pylOndar#l!TG>J za|&WqevhH~S}+DJ5(#Z@2A?Zxx0M$0`z&-yr06JQXTmJS_9Cv5P$dadb)36t!WNuQ zN%%l{#TikNgsjq+&}eDzfR^dep8BGogJ~$NG@^)MViGp5?lkGIc_&Ma3|e_#EyizL z_^qkCQ1C0IvKPks000c4Qi`H#{!yX1m^)_5K5zA@6ur)BV)r^@F%{fFr}o=9@P?VI zV}A|_&ayQ1+c9hGXljodA6w}K7v_GRDO8%b@<3LcqP^-a16>wqFxM$LJ2DP zBz1Vw0r>L0aw3qq=3%=~%N5HW+YO%nUcR=;nGSBR2hM5w%p}ypsXT_4^#&ngE~5oJ zGqDA-Ho8!4uB?hhV@Hj~2g5Vw>;zWV21{8(oHi5Y)qK2`T&Tandoq96;-SD@w@5xl z-C^qo+tj=x_)y5AMp}V7c$4nua)0sjC2@w`$;U3G%U*se`x0{QkZi2b!@Hruf<;=8 z--(Ja>7@!!>gjBDevTUm=yKF#3OoqS4B{Do{+P)4a^>(5@NH@3;$(MPX>a?a|B^$e zBs-)zIXixmIP{vj( zY0V;g%EO2I{_uL8aZli31|v-y+ z6zx?RNQs-n$E`TgHIvF{daoAT6+3l+)sj8gHi#0;V!$tNxGM(DNhCc|+@c3_HlPu% zJRmN2m~Of0&lMa+ByYghiATv919~N~HXMwHZ*$a0JBYcs=Qtv`zeEBqM$bF!#?5FWtn5S9H%nV1-WkP-y3*AaF?h}htNy*)V8 zFmL=ic6D|tby}R4IO8zNP;GuqjLN<{UyUO5ELh)TjtXhwTgIQ4#c)Cl-NI*e3dv$sCTUq5vS#((=o=`Rpg-M179A$LX$z-u9xXn!H;S zkzP;VyH)k@Dm3-ji0HB}tF`MxeBmHXgt!90c@`Vxao%BwHKCBKtxBY+h6M+Z%F;8i znj930QYKL5apH0jtf(`lfLeMeubtLd}jMB+_TphZEWm`)DocLa6^dG;?qQiSBGVcb*!X> z)BVTo-jMEEsYI7>+$jq3)kAE)(Bou>fstZV{zOI8&T4M{37L*oj9*I;>fl-Uc6JSCgtYE#mbSOKB8ef^#9Enrq`Wu&h?b zQXNFnGii;+7aWgaPvZg$rygZLIY)-ALyd2f7sME)|LJ#!U&ZL{(sNEYEHzs$7 zZ7j=Z8=m*9?0E}3oZMHz(*c)HHCe}Hk1wtdE`&Zwk8e+nI(x4rYA-W|2fNy(1>d>o~z34zjoqCJHlqtYPQ>$ zuQ!pA$(vV0!(7zsHAYnX9$P6!sBdN$UcO>#Zrc2^p4z%_+gL}wT83iM`useRuiLrS z9Ngzru~Ga=120%llN+^0EUDSW)aB+=)rv>uXNntaW@7ql(lv|(uid=p+Br{zr+5qE zK{0Y1gz%K@rw2lO^>?)_OWR>5r=6f&l^Zs4+lN!*9mb{o4K+GE{vAbFB+7*@?UHwh0`8( z^x#28A-AlkrlwskHQfxRw&39rT56)}EHH)aI9Y$7PSl_ci=b$KY3t z$N!grNB^~DST)C{$y*}z!z^5?5SGj+tx2rDB!+mvmz((;rwdwxI7LL{t6Yqn(C|xs zrgd!;TugMp7zLgjAv6)egIpCWkqFE(?n}W+P#--q|7GzHH^}M`Ldp2Xg!UMCzNzznElVQ?Pupcp1rts_-i7Ne0`zZUuc5Ylbm0&V_cxF7^ z9(A&wY$1jNLn-g7xv4v^KKpJ3JBfd@F*y-O`C3_@8SaBPRqwb~)RLmAkHgMWix5(1 zq9jci6T^3iX+>m5B;2BN+C!bM3+I6(=!%$7ZOROrPo@{2FcR6Y+u))nGHID5)7H{f zQE3pJuARAvCQS0@d5xvtNI)o8Q$hNX^RWAZx!=asKbnEh!PtwamDu^&1KjQ^l9Wb?S)BXCC^Kms|lZj3w_Zal;=&`KqRY9+a?}J1*mFRL58RTgKHk{}G zxOR94GxYJ7Enjdm*I*EL?naz18<@-+?h@Q;$v!edqu;kYR?6wP*sN?)a3c#ntUHha zr)MuYaymCdg5@iBE2+w6T}(S?esXkV83BYkOV7`!tvoCl^ey?eZlN=ud)L|zn;nSa zI&w1YOJKGwebG5HEG#WKb)ldK-Po4y1A@anTen>ygrlCP>y9K^ooR62PF8sdFe5Nb zYIO(k8Ax%^j>XYGwfwk($@2mv9=iV)%7KC zvb(}#zo<6&oh8hsKJp^X>~_cD2*tsQ&Iu20MCt>CEZcvJHH@CydLxlCKRb(1PBcWk zIH>JNs0SHG*O}EJe%6+`akl=qu0_1VX@m%t?rT4d!u8KKUr~BkZI1XD z3*Q8{`5OpZ{b+!fI?PVfKnlGuHV}!=VE6G^# z{H(01jB$`oWlJ^O!5R*NQzb_{l?X`=J^(1kEo$7I#a`aD&N5Xe1KZAm!=WN{eKh`N zZ7R64r>7@BKOeNUA2#e{Tqqoa&JGc>G4Lmt-%7}!=QT;p%|zyN{D@EdQ&cn`7tzS+ zpw`T+PO$80@oAvGiE5`fSyrc|(`<<`U9v{u^DX6D;Ly1!;N*q59)0)>KdH)}`aeFn z1>%2va1|TgGhzJ}p0+sf1xrw*mr>CXrsih6o@XS3XAxhzgCx^Y^f{D#T*ILNS1R+G z>!g71l+ddeu5Dm29u%0#8||t4%{hF47zuaVT4{3Ux^Gqw)Y{>k?n%|WfW+>@!CJpD z8_-sD)~a#0xO#NgF&98~D}m@-HHA7Y*k~JVT0Rsg_^}tIXv1T6xv4GP=rN8xVdB@Sqp3K4NFs1D$~sUtZ%j;uDF!TTMn)rigQM|KwoR zoqD5&d4mvRE#O+04cSMUX`W#8OlBkE3Q9kWp(|c=CTauV)ao)9^ju zO-|8TMAx`Wv}6^+l{EEx39qbVnP)@cyLJ}E`HJ(Nrj0mgzQb&4&SJN3YJpq@#`p*F zM8u5?y{FLN)kXkK3Zf37y(vy23=%*pbv~Ny7gPaoaH?U{@~2lMFGPDp+G-(GAvY$0 zfI>X=xik{;UmN|yT~W`CpIiMXo-x}yb1E^o?BBIhg4VYl6nHk+&pth*2QAHJcc+P5ndJduJiL03o8xAW z8{?4-tGb1gmDZQOmGh6!g$Z;U-ri-RD7(G_ds%0J3b7X;~1{MLFv%QE$$j}9~1Om7QZ_a;s5In_@-WfW(V-@Jx=E(L&7W z;VWE)mXUjD$7n-`gk_N3-k=fDsMl59nrxpPpi1>=+j{5gpkoSLY+D$oi4Y|sdPfXv zYh>4R^_~7qrxP0%9=NR#3HIu?1qXL(O%8lE1Y*l2!p?S0w1{*K44jg1^D(*jlFx|EkULh+l0=AMPjMPJ;jk4=qRt^z=+6*%Fu z0beV=InFIM^g)PaiFGd)7o%NpVj?3B%uf~wK02lFVT}d(Z>bJ4${s~rH9!~iYs?0h zjrU|v5fcFm_VwQrdf^oS2_hO}zCYmCjGUT;W|b1sP!nrfE$QNi+`tDi7FIqFoAdfT zZZy{&p{3_rL+fLnyF`D(yH9lIx*{6_G2-L|Iy|`EpD^+1SV*3V17LLd1o?U)II`vK z&S|KzecbpLb7P!14q8*KDa+W_%>@o`~q5^ z4##sYZb>iE+_rtxpBG4@5+6=WytqnJj9(t%>QX2)*EW=)b-2ZM>y7teR(z`N(a9f2va=x$r;{MRUY^S4g!10aN#3}vO zfR4#LXuT*-hnq~L>CtIvt_4?xB3R&F($RMeJ^&s1_pG{uanXfbaPyx*LXE=k;2n&) zM61*rVf(!=v9D{hD`21lp1Rwri3LafI$jwf0)`czcLxKewAvxD$NM9yFPrklLQ?*p ziG!Jh*dIbvdL_S!^gvL(ovW=N_aAca^Zm3d5&)-z(L;3h#KQk6*#|wu2VV=%kc|etZXK4RmIhL4GkG6x=^M=2l`^`O1ZX8 zsFlc9f<9xBF-24Bu^C)b4F%KXv^{Q(5r;%DZ~_%Rhl#(|$PES?;=~}8CFgcR?KnMy z(yr2)hfMH(+^W!k-zyA9I4LkhySwMt)kFA24ZJ9gPS)Dko`BPq8-($cQW;<3i?s_!wkHZK~z!%2s z3_;|xRADVGI&nf(&EMB=eM7-iMtf>I4(JqF*Xva*^~v52y0r`KxPnHUHqh-xY@0g{ zkqJe3i4yN$hmSLiw356?3PE;R26LJ9-E3{%Ak@vcj_P^p*fOLb-7SGa8{2ylimzGGa1`olcH+Yc3TBwcoc{~g>Pwf+O9=Kjp5@s~_i;8+c#YwdSNKqq~6qtF*Ut^~c zAI#nv^d#htx2o+lt&pdXm-m8Fa*=$=*8tdFYz5Iu2AmwEM30=4UTYqOYTyuN&Z zvw80$)E{N7w3!H!QnMVBDn` zB{gIf5`la%#A$-IBjD+3Xjeq05gs?`0q3~+u%!`z0S-SEE{^doYJ>=8ilu~(oBgtT zuC0cDKRnrskwz__4qfH!RYg>g*?czU%jyRm;hRoEh4vz4iSw!r!VeTWTD83w%Xi`j z;NEqJ zl8eUR(w$_~FmmkItppp$BHs7UBO7y}J*)FJeaek zI8$^lz{Un0Ajb;quJ+h~?o_QF6Jx;lcnB$vl>6k?7M?O9g(XHhw!PL z;O-d=<)$|tj7;vtVKeASG~?e88jJ*?T&Y8GhJjzCq@>i;Qn(i2TA!{p-oDNJ9<~9p z*>vltfC?@s%?C4G-`w0>T|Hgq30*16G!_(8UbooGq%plcIoF{xTO>e^+PJF-5!7WYRoX+u_*}R+&hkep|si3lU9$149{Tv-QZ9qLg z1foZvKnR5Eh)7ckp4dWb>65`k6PF^H8BmmUAA^exfwW%kJy={-FdeIg4BXQswh}XJ z#q`_aHCXO3g|HGuC#}lXu_e^pWF}l|9W*02Jd$m!f805PYIDy%8l0O3+m-xe*{85o zw&O^AKOwp{UZ-REQayLpzkpok<=#(pUVA(<@ompLupMaY^TYKW7%gHED8MT#BH}IX z<~*6z^t9`~Q6BL>pt1ml1Td*PbyNKWrCJkDl8E zu;Uh*MMxh%cd-A?2)1KVSL1s7Ew>4l z2u{4)Gv*d~2mXAdQu#;!*=;K`1PZu>RFa(~#K5=6X<1oo>Z{?ikeH5!?Zaxt0jY>w z`^d~w*muO@r1k3_D9u!G1C>HgdveW4&7i$S;|EpZ6V}I%OdS)wqafcRDU$5)-2HU+ zTSlt?0Bug0I@p7?C-~hncpSEO9hgen@#OF_K=4WjyRf)bS)}{8)IWfnTU?VLpUVEi zL~c%2d`?&WcJyIjV5&?;GL|*ov{2tFO#R@HQ%CwQ01|rby}^%9Oj%!Oumt_Oy#5RQ z`3r3M6nuCOVu${FC$Jawe=tPgy|s!@{{ngb7H~cMHu^V|*+v?US3|_!xZHt!u;Pi|Njsh_tVvOs}nH#r2TRkjNjmQx}4sj=q_4U zbaq;oe2%s1mkd=Y(AQVkmx&Rrd5hM(C3)s{6lbLiwkrS{jIfcQ-E(tiNSP}8YQ;Sw zV8($MNIk?JqWw?I$qOe2+4o&At|ji9MJt${&#YwZSVnDNO78g-@^t{q;*?#t;T-Zd z+R+2|kKk^>bEkNcx*pmc^X_jJs`YM%WW-PSwO#nR zL{4d5+3s-VbEfS`e|?X1BE!IGM+ruK%zgVE9`^T=gB0x%k(ehBCmB=b>w_0&r8$+0 zF78b{RldEt_--iQ%4dmW&%S*z&z;g+JZhu~uG$UW0f%X-zoiw-#d>-V?_yETSXfvJ zf2S47%E7SI*6>qPF3;%`O8p2nO1^C5r0DML>dL2j{k|a=g#}Hm$b`BG2CzNaQbUrZ zl+p-+t4`!)lGQ|hnos^+*#2yMpa?!!y4c%lP&N1-_h#S4O5#g5_yA1K`078{Q62{_ zD1xThnQV)SaY_Gag-)YI{n+dUrP_NW@HJS#SeN=dinT20v*F&bDUGeDIsoxY$ zGs9Q$6qE_FM{_A@fhTsfP+%h|6RvGbc+M>HxVtwxT-<0D@3cFV2*=1RpKgEdoVf}C zKq<#(j`_{>FR!e67NAJ9nh~g`Vzoc7@>-my$s_XPMWtlO<*Jf}oq;nw>T9 zD}{9fuzQr=H!dzT@eu>%k}uj)p3>5hw3KBnphRFjM6hF^Kh0@p{Rn?t0?|nQ+YZU( zQzZ7UIg#H|IQ~K0EI{2%^HD}xU!O%NZjNB9+7P~QtGF)N{7)Q03@S`@VdL`0QQ4M5Y*l%zzx-LL= znURpJALA{M7!iErgpxbsBQy4kZbM#CM#&DnoT^$KRm9kLdi0<7doTm58Ru#K$m`W; z(NiQ36T>bacO@YrK<59=+v!od+>t2SaFXofXzjYTm-~eroW1!6jp6AbGFZkqa zQQkx#~#No-j@kSM` zK7I~5w3GJmX<7Xbg~R>!bPlsC6DrXlWGk&>uIlz)Ga>syq3L6;>i=?th+6&hn4`$2 z-Fo3%L+(^qyQbagq~*@Xc6Rwj4`4W>zYL)OZ|DE!a5(8n?J8Y!F-AYbz`p)UHO@xo zMrdog@uXDOpubWGgCE=)U-78wEg)?IHr&27;l93+cY)}~Yz-Qm?aU>T6I7X)JwrW@ zZxWP%hd@%Bw)z!{?Q-{7t3m>+k~B>+^)>wG&zJcW5h;>|bs(bRPb?m^oG;qOAnB=T zze$iq-|{7QwUX;28tJH2l7CCD7vsqJ zOH@Q5C8oqZcPnR|6oy^VCBC5L$b8`4x20`nE&>1MkV@rzI(x<7nVYh?_#{kFwgnqWkRfa=0b;dRNM;jL;cZ5Feo z5DRqz$BB^5#B)lV4|jfAb?#CuLKjfZLN zEZ}@S?tN!f zX008phBy

u{e7;Hs{NvhBm)0o5#1}&p#}?lC zo^oPs3`M-UJ~HINt|36um076%E#xqBkQYHDa}USi`c{B|+&q!DYBz%TV=-4wCcCi# zM$GLWrgLjIOhWKZc1$6=BsX8W&eJS5H9Hi*9ClnmH>HSe3}bE1=&;G#f%&ekN_Vg5 z`9GKrQ&Q1yNk2rGg(6!OX!$H>Oe%ktdjk#W^fbwn8VwZT6p228CXv`qJMF0HVujgLw9JS(P4=76YwQ6Vj^rkk$5@tPwpOuSD zOsHL2sQ9AC>GllU&1+1OUjE!+2VV27QnSoeNmE!(dmTF2IJsGbtRhJyn;)53NMTo! z-YT6<2`%SNBrA;GJN-cgf#CkKE2U0pX4Q57^ycPsx^1VQaq6~x$ZY`yNw?#IpL@xx za1^g-m%;V`Q~WL(Ma(W;5r`fy^GU!bh`^ZhV|_UwZ<3@n9}Hx67TUU0zM&-l5_4L% zAy;rQSM&syAX;2VLXo$z{))(RjMe`g<%S;l+K+0Zzy6%!3~ou=lRRwuM`mE)?&Jrz zLMRXlQ|7qh54$x{RW&kJt?u4xE91;-gD-8)WhnIKW!8rZUOhd`qoYFNEmb%f3i+fV z#aJ#r*GoLR#`w}ttE_qQ+1eBN$E>?^r&*3kl5090PKFhSs+{vy8vPT?i%H3yzs9X6 z)&UhHc1a9XRJ>(19q2@;0g~g|*rxaF*xIkV85YLXK zvt>%@0P>NK*8@H>*Nzb=mHX>(!_))HdP-M@NEET`_(t|`mNRMOQybW~JV>C;^WyA6Sz|FT4RegO2(SZxLLSdlL>$lbG@aam8>{3*1zK!STwP?uq z*TOPJ#=6eyFT<)PukR0?x))Kcn*y=#eHbZFR5P`#6`GPCXR{?)&>%gwtdG^rn~xQ) zkDQ`$uMb~pV1E<$Xn(bZY|WuMwOU)SF@A-ZOSH91DaDNSkt8B|#D?0yxW+@?H z`(e{%$0T0>B))MCoyO2)FM!d2gJqHw1#DZd{n zq_C!E_QL4+{LavU*Z4ukfj6M}cF!6djb3T6UP;QA7ZD5Y)a10*9`AIs${r|R{dxC@ zL2%m&;(vB>dGFkBr#C&79~$9?PEo zh0|zF_1B=Y>GB-f3lpAbhwE=|?UK9u6URgg?eh<}(~EY`r9wulrG`B=_^#>2*I4Mz zXt?u|C0k9kI1ZVI>XB~y7{Z?1A&pk+jmgvVFZF8+lOhxb{V_85p*6^T{`BYr*<9s{ z&Z_h$3niQAZk_~1DCS}#xk6)zobfJP_`8>*ZvstCJeETPhV1QxJh!eEken3W^3;OY zBEKl~We2r=&kNAsS=V%<#ZfC8Zo$|qbsYMzZ^Kb@9!D`CQbUIn85MV7`spMI)}F*D zJU2W6rv{jmZ;*|C+tF17AF+HX2mLO1r7e9BeuOYKp0(ckM?)W8u2nHr6o^09{l5Bc zJgz_0Xb&;SmE&G%WzWeNn+%`L^TzZtOF^7ln03R$vyx7Ml=9XIFF0OuK>_v6vGX_z zX8birbhH`kScB7~+Fzmk3=RhKB|0N8;W6VdSJKioX*oeeT_~=4_PW~Yc!zL8(S`_2 zyb0o0+m*xZRh@UDCI0p28!9gHFc-b-@M>Lt$mf>kHa0c-K_Ga{{Kep_-#3~2ya<8| zORkkoB+ZfHU21kDOQfO7L6I+%oG6Vpk^mH|4Ne$@o0^uMUcpTmw3f>w0~=;iXzkT2Aa@3Ccjz=b`4&eDI?66^rVNtR5z!2ZgH+Dgt7E~;ekoOiiHoVx~N z00ySlQCutw5{{+)8Y;;7(b(b!2@=Pb3Y>I5hMPt^{7M1h?9a*P`j`#`^OKxDQ81tY z#T6eOC?bAX%TWtWm1{|o4V!aj^|Z;JdD9YQzeDO!yYyZ?tb6h#$cG{?f3s`g#fSJN zi=eq{r`6tvWS)B7D73uSR6(YwpeDsxB3-*+oAbITO*Njx!DR^6XNaOlqU?vGZ0nwM^zlXe2gyq3-fz(hu16(OXe(YDf9!ap zYLJN$>ln4q*;giq3{RWXX7pl(m4nA!D|3RMDXIvAB>MERf3e>^H~PLbev?XBZDKge z#Lmml?>D&m0Dwb}cAe1PEtgg@>Vc4crpxYD=L=8t3Pg1(xTgCViVte2seC@|9AxjS zA!nr3YVXZ3ow$2unrpn^ciG3SQ{v+*DEP%+Ai{*{cXu!OKkj^mfUVPDcE(=IIXH~1 zK0+g3`?dM(Ok}pV*Y~i3D+<|(=k3H?t%05G&Nh1-;aJ}BcXBIrapp)LCE~YurLR0> z8ej2ft}X-hCt_5`zJQHp#^{p*Gx>9KAco|1eH1+ecs}@%tK1c! zg7BlWF?cS+-#)ojel&VtUO|--g!2pYwQousHfs6WMQ(WAvM6aOpkoFwcZ&y;)Gf!< zA}2{4Im>0j*$|l>*j|G@%Lvdc&pe)YCr>(@PCFIFFMb0>+$~HY(+Gjn=~3Up^1r;) zhMC}twoi9_1&#DY6 zo2T_x`1?iA-?5n%txCJzVy;xVOow+ilpmRY6Dnu7V;wnf?+YqA*%k~O&Mx=DqlwFkLhr)WHMR2c?468!O8C+zFaH2h9Y|5&OFP4(e zeODC#C3oLOHupyeFFL*GmP+50M5Mx3Lqo$I3~PF8z2=my)C5UJBf*iHD*Sfa|6>8B zn2ts9d9J0=J7W8=CD|yf2X)l%1HR{}oBAC-c3s)~@2rj2uDpKUN#=xp{Iq7Tdt>kjzh5_EK+Wul5HJfZ^I_$BQE>>L@U(h`cm0zE}U=n6X z5dprWLyAWb2A+st0g^V1tj+}y*m6cb-c9~hWX?Zn} zY)^B+l4P(QF9~e8QJli+8#QJ; zCxe7VM4s^FQT+yYU~k%lzxvvV$Zz_`smBiP`R8u>2~$E{L<`7b!n5(d?xbIEfPoBD ztcKoAKlbuTYfTW}QX$)3bD(XI+`dgId~8VNeZzmzV|Ohk=y3l~_vk&5P$K04r}UX3 z28w`0vsky(9m_c)$w(r|X@b1=D6^c992L+-orXb8CoI`AP>uA{PnwWjYzt4EzDRsZ zuY%uNW|^*%0wxJD*Pw(I;Ow&f-U9b!eo&AH{Z@l3mjUzp)WuB(!Wmw#3k0oV8iF`b zJn69DL2_`-latdJmSNG!!+3+0aJQd0z=atUM4KNTiypfiq0+!lv(Np5*K@wzKf@_78&#Cb6syd#=*?Ml?6OR`61z0|s-*+I! z28cUG{O=q#GO%k_+3130mg*jMzh_6TEa;?R;7o%j5c_Re*H>2wgmSXE=$E(dTM)>E z|7P-k!EUg%lt1+_RNS_!7q85LOotHS2De*$UUd*M8iUUTv4P38btAW)pP>)t!CFQ? zKvU{GytH$Ia!(GaRw&0!@Y(ugjt>xMR1P=X45J=mYWrWx;UDlf(#65fUwzAli{=i( zaxtvQwd=sD^9xV+7D_oW&Lv>qp9v{bdRS9+Cn1YL2mq(Vn`cJI4w++Qn8o12lhLg9 z7uuEJOG}ImRc+D5QW-(1m5eM&p0jORG0xkAKr-~u&fa!B%U3WAI0K?bxp@Ugg_AeHHlyS9dc^akv5hpMuuRqT&1v(k z2eY7BrEQY`cdrmD#&OR|Z?sV;SkzG*CAiq3PgsMSJ%3Rt@y@8hqW+5<&}R zr+dSteNK=5wmJUM=rV`exP;t-eVoSi;wG@^nf9=-Xnb=p0w%Xjmv~v|s_{&}nYAB+ zU!cYQ+TO(zs-shHlV`l0q$R*%ouf3VbjoeC<7bQvlANXM8&mG6uxHqCtSL-{&Pn=p z<#kiY3qo!g*ZIsvI^KxOxxBiETs^tq&>)7(HL2y$M8?%kKP2zBwmbu8*gCGF4HC|%egXSNbOY5%tdbe(?~JveI@wOYH2DG5ez=2GNm>%x2z{-f7{x5wunbF zaZ(&p&dP*y&AGf%s_Qkm<&#csIsyF{G^q705DWy0p&G+z#cdNT{I_h+K zwoSx!{;arhygKD|SnoZixKj4%k%}hM8~jo1FT_YfQbvz=LwJ#qyabgZE{pP*cSp#S zb4}skgD&P!at$izQdLGf^SV=T$852|!usmp&GMktIo)Oe2^!dM<{1hPeX*^DQcIrD zCBNYE42K4F+$a@$K9aAgsxDA~E-@_Ao*qYq;XqT8X&;lr5Pmz;>Y93qB8+gj1Tu9S z50_(WBY_Yg;UVM?{f*fGlPJppL$&5&`*Ne<@veiaIwLaEiL$*JWM}WzbdhXoPy(1m4aUT z&n#7;tP;9iSsNca?P$cxc!h6f4CUPj1~gy_yPB%X28mzS$bYKV#-7DErF}~ zJkH8)aCc;Q;k+s~=xbO0932U9&hb24>Rjb~|ES@rJ91xN*3h^byN4I=5}Qh`uAr;S zM=`VEbu*U1;Rp!+9f9R?QxkjY$eta0me=)=#0z_rICG+Q`P)&AqBH@wxp=O~^k8A2 zY6m7L#l_pA#*>HSMHJD?VUJ+KLT$oVx51rYB7-F0SA^+-R>$J<&Exi?m`J1TqP4EL zZyK@#S-2iI_H=;wSDLF^F9y)5oUhw{BE_jEh6Z2wkk_*q6AxR*;S+e)4>zx((2FDc zv2arYG?8$ANcn`4P=iu&!>l50RoVycvgp`9y6v3EZ!=^BnUAVFm-o6y&(}ky`JIoO zf&Pb&WCT$0x8^EN$A9)l$P^F#WoaL}b~J{_?m~g!z?4kmSd(YMbmHSy>E^TY{c_Tg z1U7gfG!Z2E6;kxYTla%1&&zy=0bAxO7kA8G-PQMDANmf4I*CskORq%a2mLdfO&W@K zL}|MCksv}=rc9qbHEq=d`E})mE~+RJ3$A%VIRY;ayb>tj7N1Uqv``(Tf5mfl<^h&d zR^ssgK4<;5Y!BZ|@=_W#gGgrr@$;IqS4TFfBiK->S5+FGgBfe4onG&LVE+~=nnsGG z@@X#s?;CynT!{1a3#bp<)%p*Ht>!(V0Y(v-BuSjY>25~6RqdBiip{F|xmlq03y86w zPTJF3Y5;h>_WX84YN}FG|EQPY(Y)WUJvBRaJQP}#;vIA3nVVfuj*?_|8aW^V`Pz8C zR#%nhrkp(US;0idL%@L3Ppi>V(e$c8`7^4>U`SOX5!RoxjrS8c3_qp#hWgn~AEhTcm1lKiHeZHXFp}&nclH!+lDQkQ9nr;*oP3l`%R6cqR z4x-@NU}vr%jY8U?mZQ*=y6ZQlqgg^?+#8;r7GVZ~_UV+ZJqM4$8JJ{sTgXn0cGV1z zzI!g+&lRr{n(X7e(HX=17HQSlXsI&zs7mDkGaA=$KSfz9tU@D3~JilKc?V{aX>&z zY4=u`%9i;FKIyP4>*vfVA-{)$pt&lUKlVyKHAEgLe6)DDMZ z&;^0tAd-p6Dz`nB*{UX;xwLr8vg;))l-u<7NL5wLpQ6mbKeXM2l0pI=bOV3>q%O?M zC2_O5`~`xRqwiu%_r`Qh0;P|07gFBY$%~@_qx*lH%Z_)iZj#Cuv5}(+xZB&@RuXCn zqc<)GPPPulH&%cr9jYz!cN;pLBCryz#)oL>t4YV(WNTBr#XX1Kb7ge}%K4^;yHVs$ z#P`h}PTY8(PaozROPpmR=4UH2VJHQu9Q(0L9* z<$G`h>xeddD^w!!=C+Mqo*S7GIw73rt zGVYJsoNnvk#y^7;L^QV6H(qXuGLQ^ug5>mat8$yllN|$rx2O5VMdI&CAZsNn#6-}k zzx7)W>f;bnk&l@d(e?;3bVdNSWB#nCr^!+VgK5C_h4&sHog5q;V{tjY4mow7EL45W z@VzN+4qRdGq_f#hGxHb@L~R9jXtVvZNGVCrqNBy-+MBk~8i?pJ?6f;gdNc2}&H9Kx zht7Rtos)<7TX_Ghe5@_3Nk{I;iU|7QT2~z0xy} zG}g3oL?%vf6ET!9o~J~k?bh9;=pZuX*_9?nQwL^Mo4)U@!h`COLZ62EEz9vKboTUu>bHEZzw>&|Ta!#?J9Rxy~(11{h7`^+QVTq zQtU##4goGN+w)O!r}}G?*(_pcWQy@P&hnOBTd-UQ3m(^=0Rh3`lM^T}+l!a#WQiag zwAt`B+`K=Mjp(MYGTLcmF+=dSyQqor?H5NWlEubN!5;U9;>zC-DH)w-=2IsELLLzE z;uSbdng>f~TMIbG>)@mTO-JEl@&fH=*uhUT7tTJ>T|A$S`^D(&ZA!LNHKly{7~NRr z1;q)z>jTmDQ~lYC#u;zs^4>-}O%qh^jhX!t7Xhb0k(N2-8nZO)X`>7f5U0`|ZFsza z$(Z-3MyM)N==xeZ)TY7&eI&Avcf2~(o>we5E6U-D^|t6PjPW^eC#+e(Y!LkoBtZ_i z?1m=zyN7bC?DM)qAZvDTGr^b5ez)A=?dk6BuD6XEa#f-#_dV0&O9z)*hZ*O+&FrC3 zGXGEP*M9GQWg2g@tt_^l52>Vwut~?lSV_qwk`CjS7NOCs9nFh_Ihddec)^LKTGm2d z$Ln^xT;r9N+7`BZ-o?F>AkPqPc5ot0B<8y`RNTR_Urb~PvnS7YCkVYke9@QMK?OQN zp|QDw#cHFZSgvP`UfCvA|APrNRsAqLW*KWg5W{!hy+2!FGL^ZkI$8%t+;bZRfJjBK zob9)dkS9?83l*I+&186tW%0ZKo8`0%eJh`UpFKV3q}}+#@E7(Ed{<=tUnU6&>)*cu z(Lztce;NC{>IRPfHxBiJDDi)mNudCnY-+lQoBb~w>YR%h^ayz7c389h zzl;<3)=Lx&2;cj5%68@R|FKy9{Exgs-~XG0@(wNdKX)UbVY>~YlK&dhs%sI)9X2km z6KAHbY|zXRE-r4yx)cgbP$;73j7+{x@kCkOKN`w*&3y9230qnR#Z_193+lK^vx9xZ``Rc+G zlfo9ueCJ8bv0z+LR$ALqZ(zd5PzZu;uS_AxQIJeN#tV5z6`eO`4uxRE# z_1LZZx8e%k(BOH&F&HQlABBbPhTczW<1rwDn)+3}pI*b*J#F<07Z0QK-rii@8tt`R zIWuO=?!^!{h8=JGxjKMvMHH8;TCa28W6W`;yT`vqG2xKv5LY%wlY>RufnTM6Dulp! z_VI%J^h#KgQDR`turWK!`E*VxrQ_?TKq7F|O+ z75wLa8aF0X{6m-{+y*w~XWcr#2Lw>{nNzs@!HpHWnb!-LVwM1K9^jmvi!NRC+kWd0 zoL44^yccymUO&J$We%{0X#&ptrrg{tF2;AMxw~>9t+=e1@f%?AxbC17akpXfwDn~g zQgDi}`>HRccM`K+@_{ zMgmvLEr26$7C;rN$D^H4ykN$Rt*v8x$VxB_4I2G5a&wCvEt;x2Z8Qj2ef-#A7FC?2 z44V9G#iy;HH*3y}-5X>}=t@l2Rb+nH%Df&bG3al}BWE`Gh^VS5IH>P52{Fs`7>H6% z_G)2G|JmG4{LKsbhvTvH!8l&fBngT?a*N}^_^r)oq-t_086Bo!p@zkT*1EYZBBjE53S!au+va1U@f0yt#i zzE94ea2HSmbuF#9bu#E__Cv~vRoe5+#8{b*$v0Yx+oT(si>`Lx3&)qIN%TFuX%VUB zPl2}EOmtZpFDS5%$HI+av2a|id}MH^)}UcuNWDP0J9{q7K_II# zTArRll?-m*_eVq#G2>=;2Ruj4{L&iWxH77dq#patzO=Zw=ypG61WD+mgpObR-HO-c z&(&@Xo(2@$5w?rN_G~m7%U~=4jlv!NlJlf1#-fV0hP7-3`;uE**x7IDt73#Og`#~_ z>xsB%7Lps?j+&ZoHgLh>ebUxrSy@FDSwaN=MdpgMCz~T47l)_@GvBeRozQD_sXf|k zjZiaTqGVGo5;zgNy{(lISLIel7hE2nYqz-+1XioCfafljWZY_US6o}}Ckuy*E$w<% zP?DBC&<8Mlkr1VF%KInPWYOTs&p}2*RIKOgm>BA-1w!aJ6RM>7a=brS5%;f$S<@Em|c*%G&@7hpnY_@GVg@Th(N+=%L=TgOPZ^wVA@Skzo1Y`% zW2aPWl`$~k5rfW7h(ijsSn=U2g0ZCqP+~JP{M1xFbx=z9cc)$wm_3l~|71!%IAX@m z>{jBNdd&ZTgCXMYl@>Fjnf;6w-ZbORnaH=tt~Z&En3N6|<&oL#L~KPEPb`!kpV1X% z5gV`k9PfoIMnT!OphJ^8ECj@k4%|^s&1HuT*-iLX6^u5wK8c@UH5J| zx13Cz78XN)fqaHjZn>=DnZxfk&svE?X4FW!SukUNF*C>I+!g`VtLAXDM|;WGP$tFf z$(_fJ93Je7*Pe1_%`R@}6+3)LPp)Vz%{LFj`U%I}b~)8aAc6Vjlq+D%y?Am?%W`<< z5qQ)wKDn>yihUdMHL~?XJWHo)0pk%m%dK`OXCb<@8LlFjQ^;SwcnSmmH}$NglY8jf z80}#oyfo=E)>n

?&y$dgco8F_~ohH5c5LFTpBVo5Q>@o5Q`jW%cw=B9;m2X?g0& zlwK~_qtKP@L*qsVq%&a(#s}n&thIC(fE|%;B!N9$lMRU8d>O$RTqqg?CbzxMY?Z?# zZ(#B>QtOxDP(Ad3K`<_B-0Ed01n>g6V#dYsV9!UPg~sgGsKkZe3n~qio$GmYtZQo-U{#M7)i?OoNHft|EX|4cc9AwO==&hYL*43-@RkzexQ87$SQ)#$cFw=W3-eR?;su{e5%6GBbsr_ss1a!22##iL=l z@Sz1OR{Z+Fv~(By^2rbbCxs%v+nDE0CUPfbVZ^8-<1MMr_ullP!(HGuY4xtTmjiTt zplX(#D+0=zNV7=eZQZ*Y&SKjq6+!xi|EL)`0ZsZcM3+LV@+|Y&f+)!Lz;fMr_`t0S z2>~%;_qgy^ha)r|-ob?KQR`83+MTdMkqREkub2ZoR8I9WC@XUzdQnTLk$8)R>(ztf zkry#M8@eSY$b(Z)mg;Fj{IbLj(N+dc2_m@z>S8u#XFClVl-U4T_WLrdAWZAZ(uTGY z&sxcEPL1}Xz%G@hA}@xb5CiKh)<*8&yv5HT&0u_ApCj@ zDzRJG3QD7qG^(QEvjS$0UuByz>8#oV4DYoRBI7Bz=tDnOqlbUW+vrth?_^-gCSiqC z`&rLH1>e2d#PO&q#d9(D53G5*1)hT@BX&=t)9Z)hak^zZDQ&gn%@W(h(OGba`|N1?P`@v@lXIDsAspyE1TS zv8swn&mkI>t;@L;2x&4jtHz(WfG6@Vr6c|ByuAi z4CVQ^-eo^?p`ICTn(vjiIfE-4^{!ZfwNQ!A?JFKzYa<5ZOly&Mmr8w6nYmsDGeB+^J95jZoAvbf9G@w@4Pbked0j6DiuIz5T z_4%_Ta1f!$drgR!XMN42j#8s0iwP*uvUOAi*IJHnbO{Pl(6g{)Ia$%(A^5ASk_}DC zkKaobMWEF`vtuujiRuxSbadoZN^?pDV4%N$kd)b_2Rx2C(!38ERMO5Y9n|@M982MR z2{f`~J@{*sUo~J)5-x`sV4gZ@e`(iPy1mQr?VH`a&W3v_9?R!N4VzUGDy}p>Myd%N zO^vaqx)b58B1_~QzLt|}>+UkL*b+O>r=n|~;j{=jU2K>B_ZBoSMgOS`#YVpBiV&4f zaaaR?8P9rJ=|g%fL^^gC>dmuUCdy+*H%I>(^CT#9(IuiK0mH)T{Qci+Mx3T2%9QqD z&=}8D$o@XyT|paPavL@EzN#@xN0Va;B$N4{*eM{WYUkLVI7{p>Uc1_k|I`xd(P~7g zp;nW@t)`s+t=9Lz3FQYH%)!srljdrV8yYMR=Auo-c1S-tJex80ghdT^(W?eeg!)rj zo4=7oyMfH~?`eg#3@eNN_7G7(VF%u$rbGhURe_mm>4MxTaf*L2?p130f)r>)w5Oj5%fesu|(Nz@F_={9=| zJTWe3`;?QOnahKCK9AiprE*^w$H*oBy&618kA2e|h2j)#E6?Al^SY+fqHyit9`S=(J^PfuB~4$fs-AI+4V=U=XI~MlN%*p%#_p8M8f1v zNke(?T-nsgonPhHRsUOc|GvnWy`#{nqqK`kLHptNtcBxUum)!V^fUhsEaN51AmZSLHv;U%Yp zJI5(JN#ygvM9i6FjK2X^pX1w_i@E40!^V3@+#+?X&2uJewao0YJTUUTYnG^rA!0v0 zmX)Kur6FcQR_AEWaxEF`63MbW5OO+h==V2DgVP>>Ibum)p>_1@1MH5xzgzLi>mV(U zEr+isU&SM!-vc~MtsfK{VbGbiiDTL4$S-~-vG-oQ->p!`9gorR( zSHrS)Z@w-gsc3v2aG3jsWmd8#G3QZYfL&v>KUP*(FPS;A0VpN) znSX*gAd&*I$KHU;dR52s@Xl2j$xmo>?2E2YXM!m5LTcSf20oO%u7; zgEJDstRUIC6aNZ18_;8356`T0{|x89=DVocW_c&Z|ZVh5*Bi1B+s&o(KpfIv~fkL?8o zNX!w&`|OI9_^4_exi|{D{7uafY15ytsyDqC{a?2|1bTQW2#~*hilVqX4+&A7DX>8Z z6NCwhkyK>a#piKXJrhvi} z5|m$CDn+B#!)5KLlgunPQdh|xrx}jkT3!ZpBuSK95X+@v6TgMb4y6U@U52}zdQC76 zs65NyRn48gi~$x&k?>lq$J=g=wL`nMn8A0rdSHRJ9+gAC7l0)Uu$T#dQ-}b)I@*Bs z!JJohDIA}1)%`Y)Wsu6Bph9XCgGWE5WtM5J?usVI7RRE1A%cGDSPARK@X(b<0qw*g zop%sB;nL%|94J}cf6o0OOR}8~H&9N7l*=6k9;TU?`Gcg7)RZpgG}Zb)JQ6B67^-DV zX2p=IAAIDLux@ir3j+mtuttSKbvd!S$dqXEq<+Je#1pcl|5>p#7tN6IAkG9EK21U< zLvo$WEY~L8g62^an$TLuCK4hA8~VZD@n0(DD!)d5h-Rp9=b`>Dq$E_kl#!C+0%Q`J z9S=m!T!D%O3MEd!*G8MQGzLRaC8b#;-$$YNL!Es#kIv%KbQtI$&!J6`7Zfn&}7w8=l$50ps%6!aeM)E7KGhepECl zc@Rh*gkMEAdJ~Z#{FFFAei^_vYp#=u5fT8ApkCX>M1KftsK1%NoCYkAyHM0SH8~c1 z-Q$f?HiBRzx^{4HyEgsA7&VV$f01fzpAp>h`aPACTZ zo(DCkJUdY~A(3SAv4CtVADrLueaM43!L%DV><5zABKhfC;KRr%HhsF;WRbZte?}w{ z3)d(dy1;>$K`sv9eL;WN&ceV}&+XsX89+a{c}x%#phz;zPfTkK)grb^t6=}6VnT)) z6#Nhrk?tVA)DjQ{b7=vQgSf+Oum)^`ULC0+3~&VWDGh!?VriZ4+hGUuZ&J4<8Ta0O z4T>4AfYx4m85vNmB^$F_B-;s$GLElJ@9iS&%9x`t`D)~MW{oZ&pERrh%9%EyzmrBM zBM)c|D}d1>Pj@iX4MYSpm@98>=#5DvS%yJek-cE7r*Od?CdlfD_{lDLxJOTp3^F}& zWm<}7p<{rvLjh6zsa^V9Z=K=Mqp|bmuV5BQStmlMRt7JfERDrt`5hk|iGO%j{l$(Zu?rj2Y{t`eDqXbAqnR z%QL%ts7p2t<-e>Gq<_1X&bZjBPeRnrVhn+RE!%c6n`Xx!mM0mK0hZCK@yWyz_RR(G zwfT+Ai{SbW66N&WfbWCZ^2E{={lmWOzQoDM81l7_GPk`Uy4TNIx?bhDSqa@wLWSub z#k3q8*w|Xf7QptW*%R&khsu-}%l@Qs(Lr`gf6}w=JZ(1m#9v+CpmEwp2y-8^9C)VI z%uK7dd1mKNWD7t|sQEb=?QuCd6e{1&_x=MlsZ|c_ll+64Y%Oi;FF{F+LR-v@D`5PG zybE7gAGS4-RMRUm{GdEnIMUfg_fD<})p7fsZ{a|T^EUfMX`cG0J)55}ea4e4niJR- z8XPfKM(fcF=D!EM*1^s92JbaMwMNz>Y);w2-G8{>ZrR5p;NR2#i!8V6h9-3^8w^M5 z=Ne#3_h3;8IR*9`GCQmWK>-zWqv7hTyG95R%2QsRiNS+v)eUJJltkZeU9%*{)cw+j z%T_qR;4|v$hrW8OrZT1eJT81PPFFS~MF<-cFRYlmQvtidyEA=cx4ssy*8z2%`~9@X z+jpTFga@}}At*mHMu(L7C{%P*(t0~8v2`B*g`|p4FKbnkZm7Xaq?2#QGs4(IUhjnf@inUav2cmRCy2$21qw2gvt5 z*p;w>4K3t7{aLK2w?3>$P?zR-9qefU?Dxf(8-ICA_4CniM11)9XB1XW7LrkR5xF(Y zKk#nlzriohxS~V+q#4~Jo98})Eh~5p1cplfXQ|q~!{1L{pyinem>YNGm#j3VaWnyS zJgeC~cC6 z7*5D!gI6VpF{g-V!boest?LYe`Vi1|NFB31^9t|0Pf#M09Z9pm#Ht|ndB3H)xoKWh zaM&|U5zC_r3(UT)gc6fZlO_GpT&P^!H%HBTw_Ny?mmLwE^^a8Y@fq{*wo$0dzv=Zq zY+5u!9#i1`GUv9Jf8v;E3^7mDPB@Wa&U3e){JRcqI99gvLb=NAymkN{f=@F(lbc6* zjsHjh22A1HjJ>n>LA3#5pyxfWC1T57xWoHkJ}}PF%q$UM-JpR#fKuj@me|=Bcu88r zFQ96y5+{AH%mf-tj1%!JWI@#c_P%~ zN|QvZxna3DOi5R)ARXZ{7G#oURa#a-f10B5BD|o$yT&c+_dK7qL4?unv1?ic+F9 zT%w;-1qqX^_-hYHV)!xBI*-_VJfjt8C6+NJV@4z36f4kgQ&7|OrF?Ba`hx@7{2NkE zGCk|<%#{=-v(nM4pkY3`3^D3RmmK^{Ki2ak{aO3mXQq^?1HyhqR;5rLw0gw7^JPPY zvsJ}dV0C{-S>xk7mLUli_kYq6{*vo$o*vPYG75i6bshOGB8ApVxTOr4 zlFi>zNPtWB3fb3$ggBRq1IE9YKeY9pVhS~W#9CNF@|F5nwEM;s3TaIA^Pq) z%s*Pmfhld6?Xa{zsr2x$%$&$8e^$g;%h-6U^xw7I=Qu-G#s;-|Ia-+SeKM^7Az2HH zLZ<@*<>DYC!#Y^ec;Z;rBFY`$R&&8c-w|82Y{*#-3sKV*Yxqd|ssj0% zsu9Hsvb%jPY)da(I9jC^(!8O6rpC;d>;E^VR88e#dqhK_u6z+7p9(K2cV}4F+URsa zt)9Mz&IErw;?VPmEXY=UR&76nMF!%3m{&gFSN3vngZ`G9==jN|w!878=1+nn#J{(i zqe#3gLC+KYyx=4|;oiWX)M2WBCkR$xUn0^9f$kYy57_Y)kF^oI3g}e>`9M|Iv&z7Q z*NEd6V(7?T`HC(MjuJoPjKoCP#l78(MHX*GUeTZSz)oHxSB7!WB(RrNT3Sl{i}vwu zL03#n4B7_w!lhN4b|F8Om-9d15|BLvOza-FkbE&q((%Ql##$R07c32hH;-&f%wM&d zpGEF)tMcF0T)Au|jsFbd-+0|Odl`?@?T2a2x1@a}^p8ECUaTJCA@W&vPEIem&cMsp z8aW;qn|z=6^5n`6xxpGPgz#Q*K4vK)8VKlCCe<}x8lg^V(GvcHEvZZGJjHfiixNF; zXC%u?5ZQ$a0ak~m)6B=1;e%HT09xwU*oOT7Y{%||j^Atd8d$$Rn!eBK>$I=WUvJ%f zD|@!X?8R-`^;TD3egW=?Y5<-&yW)6ISi1VH|XQ`=v=YZXK z`K$k5{$0=3e!e$Mui7wHPipJog;g&frMHz?$mAb}`=Grk_#b95%~a`M{O_Ilo8`+sacS01(Z{QeyazRxW_SE(;mZ^&zX zm)(P(fu(E@L({UjXH8qDRwSPVty$WdlKu3l;=>cVT9^3NUfeQQPk-&cGdq_SO3p49 zU)sAQE?I|x;eOqMEuUhxbI*7lcWYmA@A|m2+o$L2=0Cop(CdBnZlK5p#b^QU8OGu7 zY%W}Te|e?szsb$N6(Ux7pMI_DH$hcLU+dibWh~#KkJl-!fAFa*`M3OoDQb5DlPuIv zSr&KsPIcXriSB>0^A9x{&NHwDp1ahN+2nUScJjAeYv5(xpe08CEr9Ei{yt#0-vMm> z1Fw@iJiiP$YaY2d&G-FMPJWJwF`MiDZhs59>lwV1>B9uWvn!{&C{6U(*V_9VY2DFo zo|#|W;YT%be3u2f3od<#z=9(ehJwe(deN3FDKj-3m#cnryA0{pw0*^2zJB$cu4(je z0^(e#ch)LjmEa4lTF}=}83R`X06n(e{TPs3{{0fr(+d~BfAei?zopr0DY=g(EtDd diff --git a/static/images/docs/dynamic.png b/static/images/docs/dynamic.png deleted file mode 100644 index 92b40fee36281ad3bdb474a52c12d2150eb40b53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 72373 zcmeFZcR1GZ+deK)q7afzQYbSsdl!YsmXR$xBbiYWZpny{y>BZra+@W$viDtNC7UFB zf3LUttmk;1?{WN&-*No@`91ePm2U6x8rOAR=XqYQkXvfkP7%`)lO?8#!)OJ*UkrQX zK(J>j7ie~xkF}2wO{Ddem^G1}>cX=?Rvw38DK32KCr=8Sf|?2k2gr0n4boZh0}7(Q z{#@Ug*uBqO8BHEl6Y0%flkETN`crX%2N&5ztUDy9eF=?lwD1sknWWuwjL2Ue4anjj zhd*DKy=Z`^!po##b4Gs7dF%uO{2>$i|F{3f-d!X8rAeh2#g@PEy)6rkZjAh(@no}v z`ulND7QaW=(9IF4^O*h}WRUO*Uwo)yH|L@Y=P|6X|M=`QQ^fK38QY6Qa$MAgC1y?U zTqbIai~Fm4sh=^Eob!8h9IjFJc=K+aVL-3D5&4t3xj9q5FL}4wgBv5$dD+}g1g3Jd zj5h}7qtRCc1ZLUI*3`Tc;R4cm~>1qpIzI^%o`Nlcl ztCUw6NVT-;WiYPwT7yyWkxJ?J#t|=`3!o$j zkYldL%ZXmDXr6FU)R^JB6l&J8M@23jE3=D7_L1xtIl=pJ=RO?H#Cx%vG*~`%vN4!! z)E#FemBJeoHM{m$1+ zbak8W1qHnHo3M77iJVC{qvHI0lHf+FpM5vs-Bf&@UA?fJVN197fpRX_rvH2{dN8U* zmPEu(!0Vh^PVX+auR{%on5`m;`ytFcGI>OSFJ8VpLqw3v{9H(Ds$irzRwbU%fnpE; z%fZ=l#$NYY3`UHc$WwwzIcjFc_BGX;s@oLO=^S+JA`U~x=TaQ@)zwHuCL&kmqUy4k zGHyqe#s66qq8eoBT&)S&d%qgVqS*RzxcX%*J!dyr+~5g@_tP}_UF^fKR!AAe_^{s` zD;vjOuyJ0H+NT?2kVd0bqE<(|mtMYnshFXmt$j40;e3RI+|r|LTR~>)m|~c0sv!Q0 zq3QgqY(yWbm+HKm&ggFL`I-CM2(0+hJ6ZV{XAYAqmV6e!6v|2@*OM%`CFim5rNnn< zeQRa9x3Om)U0nR2>W+X_+ozV6&?d9DR_*B#Iicwi>tD>v@N5(P2dq7J@z`PFGTcVT zofTLk0|W7MdgJBxoEOK<);;|Eha`<~cK7bV3z(JA_&!svn$Sp`2rf+*8SykclHSj|AzF73c@y&C7V=<|I?~JNF_Eu63zSVj^sB|1g&06I@D7>0y6mX+zw152? zZf$#e+eR=UHa44sm{I2T?`bx!+qxV8d^Nd|^qlS@DQc_Z_-`;lp?j)~q@q>|? zhdgm%{IS>BtU6xPhASOENyF#)%M|G6Y?0UB z4gVx0p%zW*a2DMiv@5o>vidnvD^5i$`K#e*xb*EgjGE#8-jYAFgy%2j{a?XXU8nf4 z1hOpdlVMUn>RlnF1OR=qxn|lI-M-( z?IUHvMo~2xYsjYj+pD(QrmUvsHNVGF?M8ygil+psWO1nS?3pvZzdy5Mzx3_z?aaDb zutsw5@H}sxNXQPS7jgVrYMIVar2lqmJeXNH#p=T9Y1h5&wW_MB2+8#?KZmPrvpZ`P z?y*LuzSSz_(mnj#o*+7?4u;_Rj9D}Yhsa;PB0(5GjAqU?XBBeAF3SjY8`j}=GrM~;=kw4M`M8+_L?tjjpa5+g`{ux+~DO$ zUZ1Dt*9W`eT45?;OH0dcc4>ofNs5pf`1J?F?zmLh$1}_BMjKwWU%!6ET7@VC?%TD! z;&+|y5L(YPsfT5?)+@N!l_oFgwfd}iB8ts@w#TwJTQxu?wW30poqamsI8*BUI*l~r zcHZLGw>jP$KLc4lnw9+i{X6AgcY1bq7H(R~bt8%@qS?CRHD_z73no@fQSCFm=hJ2~ zXSv;mJhS9SY0=M1UO;(B!KCF)vvo;Au$P@mq)Ojx@CG1%fpXCnmB{z8F z?;k_f*4Esr9}1*%gbpq0P+g!1xwRE=@4o!glMnaSa7H|5lZeO(WHn-J1XUR2l(`w* z_O*J;V8VHgYeYpvDr;(X3oA#=PW6(Z(Z*i0S(kN-GIcE^K5>2?`Lkf9DQfTf%8Hc@ z3S({s95tS*qojYj8KK%+ma_YUol)Gw0(FW>Vl&zMXQX9(hg=Vpm!hH~uE=PXL~MsP zqWOH}vyxmxRaI3*MZ!}h#DQITw{xNnKTMKdGnoC=UiDr|+Qjb0p0cFI@h-t|x+NtP z&2q8--eqy|ME>i3`0JHEQ=n#~a!Ov;#W z)%D_{g@#7=lK+9Xxw!@vBk46OtBdAsvu+oYLMI;{?fkKMMC}>#CO-ty>uhq<45;%t z!kQNq`9ocnvKBH*6_~Fr1PH&0Mi^aXAgMB9l2iQ(2zUyCK>KZ>>|7tD0 zx7u63-CxX8^&?7;ODWt2RnnbtErM16JF&blT>StxN_>1g8l9b!voVk3g^z&1N=Ag# z{p#VBsdjPCU#X)@ORy`Ajgt}Vum$<&t_sr&`_#NzR zxOJTfZWQ_E+?W+-jDh5F`n-~bl~qstElftXZ6Hg{@0QDF?>HZEuezGl(Vi%xtF6r$ z`g{1nX!r43l|$S_auQ7bV*$rUd{$Jk5Mw+y$AcM3gNL8n;C0DyZ|(H|Zl^KFUQu3` z82=(y_ES@op{Tfc!&8DZ__36I@1@5&OT+%M_&8Sf?UHh~?4dUWZ?|R_sQFD(ANTzl zZ`||qmtcys+^XC8S-mxtct(*HVrcK|w>n>MKAJlf_Oz;Lb?bw6f~^W8+Rx-_G({g3Z3C~}9 zo_UujrE>#I@3b&le=uO^RG6PHkT8N`r<3v#HAf97UoCVJ*|k}aus$xGOubKBxhoQuynG%2yMR%M!3urqy$%S6hpGOwKY1KXZ<4|H_7a3hO? zx6?;FX@Eh(ldtg12Rc6`o;bVl4?%7ug-Lebg0PIAU`s;8tL(uk`|GzSo}s2rc<`7% z_T@`U38@gJ3?U(*`u(-yCCog}1U57Gm!|~f#hZNVulcPOJbEU)C6Zx-Wr`f(w>m!c zxIuY-Ls>*qF*bqD*7E&Dk;Z^5$+QV|eSKQ-_oKYqfd*VQZz1{hRAL{qDPEUgI%s6x zzhz`JoTHusiGV)%U1mGV%b1Hg!Q%1K)S6UbRz%T7=Qq%LF~c`T6<9uwr4YV_XIb^a1ji zp_(RKChDf1l3|)`u3wSH<@t)FD))7(qsko=H8Nj5v0)wF%%e@b;F~MN%z_f{(I}5^ zkBaRPlCI;IK6CPzZGVIn^?vFNQTovy8Iv9%;}H9vK@nm&<4CI$QII+jb$?P+8TcDSNi*oOzp5&j>| z_~Tj?6(d7KiDCIgr|h!PgXn)7P5`t+?v*Apq>n-Ns`lX~-j* zY0Y=m7ri0lbzYrj$auZ}ky8B*q%#COdap0&8yKKPxZWpx+&$jEX=h+y;00j)$JCUu z-`3<(%?hbG7exr*$y7-5SFc_LNS>N&@W%AL5bloa#_)rUg|Dt#zb6aQN~k(y1izZ5 zG@g2GuzD>kJNx47ro822h)Ijz!+1MBf2O@+aa~n49F2B&cW-KHf`qU%Qo95Aj3R`f z>FMZFPTy%tNCwu!JHQ#j!Mrkjs*Gmpvu?_g7L@ ze*fmFUG0HAs>$iNI9LwP2e|9u!-sHft5ZR{3aoegM(CWBO4vfpyu2`{NDPjN`P!=u zFI=5M5q~=|i}~p$Ha|aqu)k3+z46Vp+h%nQXX3xweNDH}08q#pq#2bcH-JnU$B^O(ku*QhDolfA6kz<_MT|+qivsb9ZCZ{{Y~ami8h9VzhRCXjm9L&*e*( zjD6Sop%l8^YwUfGOH!cRfuid3b7dQUHzR3yl9f(rCkFp}c6LyB^<>=;cbiF_-+sk! z&gAp!y>*JO2OuAagTZ9X08+I~quKH@GcC4PXE8<6%O5FG{0w>>458_6KfgT$Fj8E< zzl{y2H{#KSeD1Q(4jAcq5l3kA#8-?vPy$GHU0)ocHRr9{G<*24icJ|H?`y#IQ|*b6 zEVph=+^-raGTOUr%OsXW>eK$({Un zh8`a$)6vo*3j7rZ%Wy8g_-9`prMZ2>qa$T~Xx#iFycGx499#va&86i4Hqg`?2(A!$ z;1+ImjWiFgd)=E$RZ-cp2IvZ_IAwn|hfLy^jEBei@lwcb3Dmz&!qxVW=aPZlJ{6w#bKZsDj|>3|=6JC|MIOke%p zqLZ$PZ#hRO%zXuO2>Z8bI0Bmxc&4!uf8BS*)d zFr#6ip}Fo!JWZ!h9`luAR?K+#@yPL5kDD4X1qB5owcfWgDqP4@-;39ej(YZVwB>3@ z?r%;&HR1N%IEqcRcjmEdbfU&{j!?5W9wT75B;QtQ1rXoqo!PY&r1RaHj3Z-`xGtjh zif{ZgdkO4Xs zDSP8&{xrh&dZG*?u)7z&zI8V`m`ZdCd_VTRDXbpwoAkj}C&Y%meq9qu(}qV-7GuSo zm;{d+hBQyW$ZbQhLSv380)WxXZQYSGnaZ&Y8 z3@o+p4fikR=H+cQ@%k+TXe6WIGo5UC2~g_tg&7ES3E8koG`@J&jsS#HPZUB867-%t2hc6(?e%w+d_D{uYHK@_RWxU=W#On2I?naFEQCDY{c zDl+&uK{0;})Y;#@eFJJLuJuCbcgPkiu**9Vg!17(;!OM==BOpHDW|u%vXH-E`@9*q zZ_Hy-x4T$5s>Vj4F0uRsH($F{x6{+xJDb6$8gL`fks2rkC5Jf$JIKID@KT{*_D#fr30Y0AUZzk6s%A@o(Cw|ZlC~=apOCN zOXBaxa@dr$e!@;zt^B&^A+q&Ki8g|oBh3l0jSD7{G<%g-@^q4Lc#|0fQYKhW9ZBME z-@diwT5f(g`|EuA;}DnKS*VhIefJ7PB6C*hzs-&{V2U&H_p3+UGtRK_Aee7+RTf$^(FTznNmCwC7i(voU-kDq7c{a&P19uK)9<1yDJd? zM~!`!o07!b=lb$)TUl8Fc$=*D*q_`jnaEMb&YgscauPB;^NPR2Fs2-X@dB(+US1A6 zE#1Nn*bb-KHJ#??jDUW~i3no3^fdvu=;~HN+MQ^Q0KVo76%`*AfQ8Z6T_mR*bAs}2 zHY*P3K*)pgVJC6Gc5ct*zc+P;6j-K3U~a$sy@}*3PeD-;>9NNUlbL;2PlrEEdYVG_ zeVPj9dTVoH&5QGPaY2Dw^{}n2t=lUz)CF$Ez8@L-o~E|vK6Y~6-H-2Cz*kg+`mJ&N zy1KduYs>UXP~%zNegMF)=r6Z2@4 zybDB1B-8-w${_7mW8Im&>JD^>;#ng>*QvIYy#;GVF}GB*%5~IbpD{a1jQgQe=9(W0BdB4sv36OcCfYbJ)U+qeDoGa zOk`vl2eD)Z3(x0^ghR(FhWI3Sa&7A>`x4vj4%(C}aZ3`#(MbVCke8 z!noVHxbV9do?@1gh`i1q>E+g!s}Y*sHvmYWI(BMb*lENEO04rI zP@H0aE$5)t^ZS(6G0K~l6DczktoP%D=!{P9d*`iMN!{1LS~+Ik7-V)eh%Ylx7>a%U zs26)EB5W*;rWC!KT=uNnp1Ukd?zfUS%4JaYj6XIq5-R9qpWmMoo$BJLzoGNZbk-d6YDru3!C4%mel4>jX2Bo@F1YQKDsI4~7`55{5?YF|@6QOlN?Q}n{$ z+s8=9)Y48%n79&ebvoig#0jQU{nxD=Kb{_#qEb}8abu{& z{CE;7HJW7E^V_1wkfCwuBXQs@6BDPK!dp4ZBPP@Sg09eEw7 zD{e!t!y&vAGL%BSeLfTN;?K2oFR5t2&t4c!T`s1lIkdaL@Ncm(_}&hQ)x zLAYETkR}!uK%Yl>g`SW61i{00^8kvK&XyK4RP8@_B(?;(y-xrAw@|8m|Nh;S@7>+T zr}@Qo7~Nvy2&ruj$xlG5%6ZFm*1@AdV88doT6FXX-V0V_c#mQp!;HDv`Rv_x6|HTsnvOuaa6Fk`kjnMj-24 zb*BO&@iqR@hy&rVb2Y^;c`f6*tmB)m6eP|JHqQz{_ZvMN1YF4hv0 zO@5>NX>umX%S_^XFNzBbvu>0NyDpzdl;73EUpA+F#%%Yw)Mw!fKb>3@o3eJl)~-t? z!?puN{F@2vH?HO-HC$yNRgNmE+rEeKcu_RJ>V&4cZmUbbk(fhZzTZ80UjygU;`>}- zSC44f{OZSua@1zpxn(`BSoj$5o^$VBD(IcHm(Yxr(-aEG7&WdRJ=mx}s4Xfgs;H<) zPyY@pPI~v3Jh03F*nNF{C73{m(@C*j7f)7+(lRvk-uyL=Q1l@RANK1jr&?*m8AuKK zSubA>D;fqKrR@w+Vm-sh&e`D25|5N<7C$bF=P5wQTxa`@Fvm~VCf|SA;G* zsF4$_91#={=$%-8cZX+NF#b}G0J*e|?CuwW@6B>kn^4$CUe7Eo?OF7AFx%6#=wVp< zz&ahf=j`#ESss1SS%I8DKlY4bn#nOhCCi?`{uk;eTxXl9U${CU&q(HWGE^yp(}h*u zX3Sai4o@6zUiHR}m7P5ZlF!rf+*ywU*`a_&pX1mxrxieNPX zuTDnNIY79?J8^(Gr{5x z2@An*T}P~7+&VS|fqtts=57Binxs}gs?O~1Ak`;-qONiL&5D}vMIwAgH&ngh>bWno zZek42`?d*Cn^*V9rG*1PH($JDq|8f2j1c~SK>;9*`t2-Is!Ig;z3ZKTm+@*OJhsT7 z#+lO4%}yis=n9sBG`M+!|9Nsnq5mA_r$;qX+CXTS0gUesO2h;S!`Im5ieCP{iDl1P zW3fjU%hSFv9Bz$P7`I1PG>mW{m3B_g_hf~QE=4G?MzKAtHC}DhZ_+dA+TV-eeBD4h z{bm+VrM`bP(R3w)-TWrb9mb9{SdvK{l6bAL6G)n0{h8%w`R=WrCduO?#DWShx2s12 zBb8AV{ymuPg0EBxn=(Y45QXo+1p;WLGN1C+uWUVN`cjf9dDC{)0D?P}V#)MSGFuR( zsFj!D>_%*MblI_jyJ_cdY?RnS9acMnLY;&g69?tm_0J{UvG4rv$B{fX;+z1X*@5 zwUMA9UuUC;XtvbP-geY1-kY6v6N_ND`WqMuC}ZJy);L94+vtpXMmA4Qc~rynC@Cp% zP_=Y)kOs-Y-~&|kc|LMcb5j?0(`M!xe|^=uG%7SbH|KYjy_(kz^dI{LtO|QMDn+Qy zkKZk@NE1$-Ox4!T;s(Yt-km>t9@9E`Uo6S7a%l4Y=hD}q8kr&mM{^R7skKM*mkEa_ z;m+E#pJ1?C9kN^LP!V%v5_L{3D|7qs^-v!%5a@PY4i(gPh`-5eV_Yd`vMVg~MZ2dS`2%2C6ZQ6dV_%OUB{ zvgp#<5A{TIdAL8Is<2FmjVnax$;Fp~O?Qlp7VlR9I^|MvDHzVG;8#oTsZ=7pR{W`^ zF0~}Ua%V8c<4RCMx|@;u8YkZy^20o5A66;VuoN4JOc$jZpUk3lY`d2?>*i;9}6KmXs^hlmnH0=6T~;a8NeCZTt8 zlS-M5Q0ov6Y0Ww6^$AbBe#u984DN*7@I?>c1aO$$NDH*1gjMl`3IFdM#{%HGd_ngv z+zdE^ID%w$Wrj?N`!9m9duUiA#NCJQ2mIUjIkggH@U1Vbk{>#VV01DC4{dB+nz>_x z1TeR0!FY&!3-R!z2HIV{nPza}pRe5|{7SC;gw`00f2#Yf_vH)}qIRkO`aW`Jc*zrz z1b>GKkMq=_H?EB8(mUY*f)16Lb9i7MIDGirF$2=uxjG-HXyB=lhbcRieaiv=j3`{( zhEdCzJD8w@?%%$T+_`2+r__P$2;=B%WsDHRsGl!Y*!&H+lW^zJxWe}BI()ZwG`_1U&yR5BEVe~zH{*b86RudQ zOf+jz1^vuL&yBr*d;q$11iweS5N>x?-M`0u57CkYZ8bTlwn4j-xvGC-z2bs;=+p_O zSF8jud^Yqq(*_Af+!9qTJ$)#_RE*2FHQ=IN+46xW#1vUuS`Sg^)vr` z($+Q7*41SX{hlCXcOO2kt{|0o{QUNr2CBJc5LO1?T6Y3Hr0RL z*pC*=mq;DAf=TWJ>|V-$-Cy(^Ux!9V3Jijd*a(E@e@T-w@ueg}i) zb|#=u{r-JlIZD{^8^Q|$JqkmDgpDXRZ7nU(u=YVJBR=-{!i5XHIqEp~y%6?fQ+L- zm5#2Ew^oG8t(n=s#&6FnuGMlkj;j@%EQny#JyQWPDG2j7Q>2VEsAS1Ud^d(YB}UTZ zgZuM!fqgmfs2)b6HMcLc-beHXA&L;NVCiwKg9k6ke}Bt=tJQ>o^qQ(_JJ`-(6yOoR zMJ0iXp%o9-$8~2=nn1q!4z#xS+MIjiDUlfrNIcoL?Gm;?*#n#9;^G3jHeyzTBx?Rl z7UwRu;js1`4^J?hv=728$R{A9%aFa+b|&suY2P3hOg;n78SQ>p>PEP{pNcbVdD*u0 z2YXAyjvFB9?SrB={o}_sAS-y{T1D6LYz_EmR=0en=IG3C_LhO&0j3tbHo(~GQ7OV; z6tKxfpNhGnsb;m1%t8c2jqv6Fq8wQ0QxlA5s*8E8+IZz+Fqq7pnZg3+%=<6UG83F4F(CfYFn+xhH zGv|kC4gE6WOpJ`cYBl4%R9l&v`pB=29gR&pjDmQBM|MXBNf`}cQ~}i^Iu~%?pGzek z{)W<=Js+JA8Tp=0?JXLO=)p#~YLCTBL~^W=um13=({1stKzd#Zy+87BdT%vH8mP(b zeyg@uz(Uzjxndk^n-*1Tu(=c zn!{k(EIPl)pvC%#7Ci^U=hxadLC3;?`i#BWt&m3z!S{`2j-wBL)eX zTkMF%6nJ{KkE3IR^p zn+V(iEJRSg)j8a61+-^9ifRY97aEPNY=5Sdf#NsFW1CgNzQWA|;RNUxXi(sR;Qc^k zk1f%=8N~*4kYEw`C@zsFuU29{vj-`#c7yrZ;QUkm*pw7$m+v0~0|T*!6%u}Ubn?4+ z(go*juGXySh-r`oWZObHRmjx}mX6}%Lh0S{w=>eM?CsfZmVt{YhK4g#E`O75h+bDH ztLHfj5wNmP&sDB!VtHGC5kZRTF{O z7GKuRX`?d{ZGDGRo))7Yt%L-eiPpv~-RqAABY1{I+(pH2jt?Z5c)7X3?}&q40RB8@ zo-=q{!2nzu5*@QB*T~=9DLO%U@%8@Rkyc5NhJoQ5cm7lg;Y~iR>thIIa|AOpaS)BU z@>hDVTmQf@RRY_nmy-#z=NblQtf{sY40UxM>~Br$>gZg-0-Fl6zcDnrAFC;{vgXjf zAxB1BM*IEv;4vHmI%b7~MuP>28OaqjfCUFC;kBqsdL*Ws&uL=e6kdZIf@J*96a?6v zmNVyx%g@aG0W#BT@du6^ROu(kf*W1Zi>@K?1`w4gqikZsjw1rU(vGI%=92&>+T~)B zR^L23G*&{;C1!XOE_mDhDBhc+TFwX_LJ(P0*_;KzA2R6pUySiDcTm{|j(p zbJmd~JMtH3$*9O5HZpJr0UlxrcuV0$bT~{1>ih36E<*?v1D?TgBvJ*uJ@#+kM<5$u z)h>Cw|HZ2R!nO!j{of(~|GYf-e?R1@XJ(E@fS*ELN_iC24D=;)F6yw)rS^5^J=kz& zRj01ahs*jTcne4Wxf3*FScuSQ;y@W!JruucFUm69cud2w`z(H`P`5*2c1HA3bjE8=22y}LHxmSBLoXM-n?vV= z*r=d!=dG2hnwpxUqoc9$2)MyHM=2EfB_)$OyhGFVZr?scoZ=n}H0JhGhxpk71;Cv? z0+I9exTr%EyddR6IRjXhlwPj$%_B(g{9ARhOfp=( z&jvocb2M$9gT4H;2uXzr2q(AMH#@I2uPHYU9A8VT~MY$eOFcvX&fhS zIyk^l9~Slv$jpvYp@q8SUxZrdcXV{rfe3j)xkpfystJGxeR zH8j#}2SH?nv;$%(3lVs2iSGxp+&X6EC+G!!u5L(-hEBEp6U%N3Um{7LH$FY(z1(yb zbkboMF?z>$?>)(%ZU$7y?c$Xk&22bRM%B)srK2;4aYV(HKAofyRP_c+IWTzOpA^$S zG?MVziB62Ui4n^F+Svmepd_7YVGnm7MGi-3>!cY9@Lz#pC69;*(9u~yte0|`vm!YZ z$bw(*Tj{hEI6(;K=1$_fi$Bne22o~cPlSIsVF4{uw08WfJ)@X zNAp_RAIM!G=K!x9`YtA?r`aVFTpnm^Lm5sW+bh_z^56M7u#Du=T~?y|cw|U6TdIas z@xp)rDXiUorN7OU4<@xlxi1cCQ#C2D@&iJg?acuG?;qt_ekCe)o6e#o1t78~z8Qi!G<``X7r zYh})RfwBM;*u&GJbXT%mQvsZH#0!H*FSNAs(6UJ{ov=l1UVa*@=k6{fsR4VirU!N4s$0!Qb z@!*T=E7|ND2^5vTa63Ce?Hc;kQ^0(}gF*V2xjaxiP)<{N_KrVkvtBj`^J{F!QH*_E z&`Pt0_dpjFb+ojk82&Ae$4(~E) zVUy1Z1D{?A*$u!3KBEX835 zc9Lxb6g5!Rw!fbjj0Y}p_h`8KS_0nPEMoEF#Nj%?m!a>otxy zcv53uZ9R88*1Id(etqyRCQCgGAerO5eL~(VUxPzrk;mSbyQ~Qz4M)!P9%nL$O1PP$zlKqy;~ReF2pe zH5C=Ky8V|Pra3<-UJ(akt??4bf523qkGwuw=L_M;5CmAD(V-AhPnOV+$^=2&ey9SB z!(ex!K700BhQ^9j^hH&KBXV$9WIotz2BRpl$WbLwMS;imw8 zwtPyt5EE6bWn8Ne>_l)yNP)i;Xb8wNdpjGQpFV9uMI>ST*J)U&?XD-tY{d z@POL(frOWa_bzzy!0h)8FUK~4O<7sp3wWN)tgM%@u_{qe27sw8G&J-WDFaQo(gD*_}4*QD0^ZUfboEtj-R(RLy$pd0!!NQ@8eU)wNzulW+b7vL!G&7X8j?UDNA7H<>14mYh|NcV`Dl-%^gnmCFuOXff zQ@-nD^u$4CC9jI+AsvGdNJ7oUr-t8BYCnQfvjOWnlxbjv`Ksskn13Bv9@zBm87QYJ zVKjlT;taiyn9AxvJOUEQr#oFS#;(UZF*X*|E2f7(PRF&b!Mb^6;yqC&L{4<80zA(! z$woYJ*|y-2TZia#{1lzVx9<5hD{E^Kq^DHT+8b<68j2dwp>!4d1$Kwm#!pGtshe@F z{aH8SGULd@VVHAEoM7<{=v&jem-Cxr+mgg_?=ry4hLG%%8+TkYDE`!jsf;p&KilMJ z!4T&Q8`Smi!?|Ts8m5n10~>sc#2p@8K{}|@5Bs-JPg%ixsimFe21ujpKq*6G;EgDe z_-g#S;?5EP#*VztRY7?OM&@zy%D7_OH}Br0mKr_hq}Vsd_b6LIRcWB!;2okk-5!urNK%CGAy^KNDWM7 zPF5%RZ$16tCPo?ZgoOxT7`mWf7cd&FIXJYk2sFqE#9Wkjly1yE2k#VEqo*$Ef?fp- zHpsrkVV8;IpdSpRdE9(fxSgFHv^n(7X3nvkX#~bdOB4C@WLzUN!ln3a+j>1oNJxNZ z)z*Ie-c*9A9$Y4)(9F8>xY>-~{MmbsO|WOJuMatiEEz&W>Xvf&Ww&l|r-JZnwO#=- zEYxANt@s)LB=ZmPxy~9nQJ|?*HLlGH%uRCeV8A;5_qLjxWG^(huhk{j`XKB8J9av( z34$f??KWeGa~>MYI@;TlL|wjv_hb}y2{3n!vuBoZRX%>^< zX0)-h2MKaKhVwS;Drlb+x%+|OKm9$3Gon-a;115c#neBf;^HmR?vsR8Z-nsJ@M$O{RBQN-~MAS$j_=qzdL>{RzU@zDnj9SBCa z=;WB5@`MDs75oc7Po&;^0>1P4>q9UiY=ySuwk41moA?PuiH zt>{<@NKlp>eC)FQoGVr_qZSqxFa!~E56jx+$t3&WF&u^}lH3RMk-o_O2Y+lykkddG zf!@;rcrc8kcF#QGl>l0v30$?8OaO$U@7dbULeK}~0qL6*G9)mPiH?}h|oRZwHxqZ(IiVxp~mfhe$Z8rpyn@c~-+W~kVcLey^D z5HOaDUb>oOrRt>_*V;r=4Q;(B<|CH2h>0J@EG#VS@%u5L!VnYaiEo@FAY~265aKR6 zb8_3wUZM|&Uo%^?jkgBOWrJ-#EUM2qTL=#W9K8v z$8(aG2)}#_lpk7oJRrH^-F@3TZwyoNzs z-RIMb3hFKU-r*+ZgOAsBz}~4+fFLSvn0E0;qlThs7vH8|*>F-S^?G*jMc9%kJHC>OySeN90Rd_2?dFU2)AnMvtJW&TwKdL>(%jFhGbFdE3-s!1G9zz#oYjPm_*9^tv*8Eh!Bi-YyLQafGM2 zr%e`6rO)&T`0LGokYHC>b<*v`lF9-aYT~(C+35%$38<1x98Xn7^f#{aW|X-NU+J`m zXYf@3@d98=ClO1d0^OKe?vLi`(!+%BItRdP3zDLV^Ls)F3R=)f)Lrl7_@f!OxHHct z1}W$$LJERx`m4?`FP;hiyt^UBZ8qw{4dC}@sUw=r1((@Rokz3qj!omja#JX2<| zqM&nH*q~M5-15hKj;1U*dKN5PNGax>5 z=f7z3P%Co-;eGio@yWkh{NOQ!Eh0t^nkgd%l2#ty`qaNPd@@9a{15G(B@0ZNU;&7Q z<@leP{2{|}7X&e|Km5_+11jD_&6Rq{2^T*8V^lc$PYwSMPxT+#{dL>xWAGrUS%3G> zzo_M35SQ))`$>`A@Rw3fMK&l5A>v<{N915O=K-02QqhOi-hWWghdUH5Zo`T21^+=U zAJ)y;w+jE=aDlw|CFB^ME-{3LKk*ufn}1Nz63CtZ!!Gf^L;knG{(m~;ZV5RJf~u5? znG1`@vxx%09P(#DN>5j0i=;Y1-KG5!s_G^SeYHWZ+2_iYt)*N@kAEqbU4ln~G0acd zwZHRY&?BE}o6z-0lV2HFQaYh~F++pK+2T>7OSXWi0C zLTZF!UlyFsZYUdqOj0t#NU-Ere!F5%i;+ zHwtSq14aHP6H?0jhyURPl+mCq=b|qu_t^SWIfwogF*WHf@q1(<5dn~F_4m-rU`Ie2 zApxM?x(~+|AuWDS1)<9w+-d)66?JgnHixDGp8qg4oC#52Q|@seUfM{U_kf`&M06L# zhXMiE%_wKkP*(OmpfW&ly8xP0W}(3VK9vqb>(C?HjfDebpieXH)^*$(Qpv;%Oy}h! zg98A3v(P$v*l`VRMs4l0+y;Wa+in1ZJ-?s8@U}SRkxFtL8gY<72u>YA2!up|K%0V- z8@R{4-jsbei2X6?wh7Rl3FLL%!Tt^~Y#!CnBZ)@e&QV(&C>(+&J$DeKuVDYlhK5tA z;@tIP!Rm=dgOQzoYGq4p!|v(r<9}|~MLI@>UhFFApLLUhlW+dnp$9QOkmXrAhjJ80 zC}gN*uiA8uy0rnre{a51V~sRDMR^j+iI|n{MmXR`wKwp6YUi~4`Y}Ab!~GBM@wzNn zrnd|ltw8E^fDRah-+^Y(S!2@R^9-aQU3!7gj4A<#1KjduOboc#p~j}+b`(rCy_ptu zi=zzATmc2KE2BGplKRlBUl0g zS!@!(zwxf6r3Eoz%;VH?YcebiG?WDA$cbLv7TG5BhC#meoZ)lV-hlBRcMuZUti>q^ z-cQ~~yzfALlt~fU(Kwo-fJ%i=FE>~^c!eDXwV*%TqZ;bW^llDwE@-ZT)>A|1HL}~x zRXBh%2_#p$sxs)q0Se;PT6G#PEf04gv6XTbLJfS6W_GS@R ztD96MaynCwr+R{gy;AkruqK!w4O@LIpPbp7iPKzZn5_I0Hm@)V(~ ze{xZ1D>F2mrZ_Gc{2gGbfEg`@29CW4s;kY9IOPrvYlx@^2DI->=epc$K^g)-`0ix| zyJxR-mn~5z0!@uA6sVf?xWG9v4jMX~2_hgaE>2F=1&*7^3O6IC`vMd1!+T?tAF!3_ zvM0p?JBfYOJIes*3iuO!sHInJrj7%ZJo`K}{Ym3EbSuNbCeU8@Y1|o#7(qXumB)hq z+2za8bRu-caraW7rx@5lX_R4t|K}WnKXe9?_TLJ*o+|i!%I0n)Y~3|DPUBRN95fj} z>YR>dvjyp4sL}~e(SgHDT&wP&z>LZdJz8*30Q84~!$kla%WG2SJpKXn8i+~O78X9x z>4)Wg+L_=7!?|G-9|7E2z$#IRy>=U{eR~5NL@-4_>`D4YO`f8^?h! z1XTl7FWG7;+yM<}#n#*05F%C-e5&Y;GV-@E`CXrM(5%o`AT=!AfX59P1$T>cKU z*c?U*;wp$ngpc1RK{5UHZS(YsB5S0fV-=j4SB#?%S88o-r8S4+0*W6BL^LD2w+Jb*dOgua#4ba6S@E9uUgp~9id>F2j9Z1O5>VK^5mAshIpT%ehjJ?}(i@)%+4 z2g^d%x&Isp^{K55937dN%}C?G2vD$4v%{eVqj~~apG6eNpSJL-OShZQj zpgzzPo{$5B>`f=qJwmVVA?z2`UW;0MdI4+@RC&Ekmr#o*!ZW6zMa5GN&1Wiww zH=yS|m^)YMN}gWWK(Px=vAwdjY4qFxNe7ghp0`Kw%5ETlkh!Ly+lTCkuOtj4%(0tUU1 zpvvYwfW~w16hcFx9b-N0W~~5oRQC?7shJC1tehx*Ofr{UZbP?mJcwTwr;eTiVy@Q+mmjgbuypPh9I^8{8}Kosgr{>?sw~p(3>7*2h8J>V)z*(_I1LP; zqrfwzB#8Y2dl=gL;D+nK7XcsD)^-yP3Fz(JS(^uN5Emc61sWSP%7KCeSL|BafTJd^ z^72NsnEKU^ezAuRO~=Y=3}&!qios~-E^MDDHs9^p9LSKh93Y24;0BR;9MI@6s8k>& z%qWM?EAe5e6i*P~g8`I_i)#V&4hbe^L7Q6;zd-H={sQ{<5Vappjt~RufX5nQ$Az=b zpi9vis0)59*!z+|e}w)aEUI7g=dFl1|pPo^1~@0`aggE+%4EX zz0#g6naFSDcLGbopMvcdT(JD54?)q68Cc0g;S?f{J8Nk({efz#Y!H zw^eJe>eYL%)!~nOJzJ3PTi;r9j@d`=zp;vn3B;-?M6qMBgsxiZg|<)3^?jj#miC)O z^u&5-;LZ;5AAsW*$}HI+*?d9U0GJRA6ohx7>Iq((1TL_KrWYRCl~hcb77Vl{e=2!p z?Hi8{qIZ#*mWHl)d#V4Eo|GsC+pycWs}>}@?Wg=mY!aP&7)D)KHqk=}wa)v9vjfYf zo)3?Qwx9nnh;_NP2ri9evG${CDAyqL#S|u_f;x(Ouib|}oEtA$RpA-vtX0cWhrzkd7eeNc3$NUxE zT;5||v+d5<(q;j2C=ajAUOBUr?4xDlD`Z743l}k+SW7h+QuyeCFg|x;+9iAH@SF|n zz=f%);L*fVsw6hu)X0PPh2|=5!047A5=M+?wd{|##3!(!GA)+mDtxB6^{KE8UzV}$ z$?Hw;fS>$Ke_p)Dw7;qOM{@W*lSX`Gg9OLyht{*tY z6K0ciF6O~+Znf>K$#+ZJA70OTf}XRSe{4wWP*Nd$6AWj(d4D63#_Vk{^1b+tTHDjr|w~PDLtjn<~F^wf+7~5IR4!TPK^}*XbH&s0Mx8P3BF zA?ZeOpQuwY=4;?Bwk?{t-dHSkeLd?>&?FFt%Ojw~DXX7X_9w2qj$8CRlrE%>E~DLiY0&74PcfeQCqAodWE}B9mCQK1@P&&ffHqSETad(_d}3%ke#Tee0!a(HnjbJZJh0u^ae3c>er3UWh=Q zTMoVJtpy>-rOtXyF_oSA__B4T85y%M=>h{PVAKz+8|aT~dt}-RE>NUW6C0x0c`Mb= z520dmM+Ueu=B)X$iXqr!0+$D$7aW*h=5x;+23>itn;Bt_(EF_W%TGlzCcH324X+B# zuwjikF|V4E)Jn6DX@(6&>Kc+pS@X-a_+>({~l3%|3?j+TYm<= zT+%Z*Am>$d`s&tl`SC5JJ?umjCmPY|28T~7HUUc`+;}von#5oaa4WI-S(JPK+#hdL?h&udd9_<0GQXPvNl9tM;8bK_LstK|Mpe`Uzc?u_Jlsb5oXZ!$C839BR zWMwlybX7GVO2H~dTKR(f50e<-+Dfs&`i{d_yK}(`c&mu!>(X|2AtLu+nNr;mwGZ&( zpk7;ks2fLLd;14$zQ|z1xQN~aw)gFV=D$~T=oYz6pnm}R(B#;6B%=st1yUI4STCPp zgC7CDpR}}FFu`$F*yLSAt3SjESk5PHGs^$&ml-z4ff;?<(=syGC**9O4$64H*ywYF z@Nxb$^MI3ZQJhJBWYLRBacRH0mKOC@92*aUND7jsRs$iJ_#8>d$mk6a`<4cZr)weU zETfH?)HjKw;Q4`O@DfqVO$?SX&znuM9(P6(TJp9HHxgXFJ?<*chRpyjm)hD|7$cFF zK``OJbfZ{_H>2ALsxU;CnDea`;yv>;slZofh!<(UHA9T-qw$%`&P#|$w&GWguR?9Y z8b^5?@zcWiN+GHxXY}IWUPdQo_em=DpnHmP48xjh*#4Fu0uj6Xk3UZN^&pz|1zQW+ z`1nG87x5p^snF>>0i_te0qm+EE~eH!Mu!=m9V=A7!{hVO=>Gn*Ly3g40-;8w8I>iH zTLt=AIMO|x{#gMK%sXq*71vQ+kaGp?uVCWY=RJ6f9z_`$ktqf^-a=I1+YfmW;Uwx`1d#PBuK;rXl~wXF-W+u2iaroPApGK~fM#A# zsD8L0rSI@c70!Q$oj`8>3+kt%fhTJB9_OLNSM7u7X^$cy6*re4lLx%*1bs(j>d0L$ zXJYv{ye4=j^CK0c$MR`v>#kHl_c(2LRo_Q1x7FxUOGhu1@sF) zm3U1|Ow3FB=*YXFz=c#ZHTIo+JD4u8?3qg(k zh`dmd$V)UjP4i)dvU4F+Bva;?rBRmyCn6#uzz3ntj!S^sNhd75LXUcRUJJpGBke;t zF%&&$j(ZR%LJ+10gCWae8AM)7sP)2pPZ2p}?bi(G-ktpxqHq5BNLqi{P!fs0Li_)u zl(+b@_g04UC2KjXI230kfcUkY2#Xwls{ZhUh}_d4W6LTmsbiLIuQ{TY^hBUE?ddV$ z$W>drb<+^-3630l=~BCS#{KBx>iuUqllsBOSI^n5d~E&TGHZ16@Y_~h8hycL^I+~^ zvUySAYkztpB%NZEb**0L3n(=ACx!o>s@OL(*4FmWEHEPjKIY<^B!K$t9n=R zPNq%}k1;%8dlbTO$aA=RW4}PF@z98zN)8o_#?xJr#hsB>Sckz`z}*^LJ5jxN?5euN zkg3u)Mr&A=-aN77JRUUshtffI(r@acMCkSWVm>*@JQAwd5jDrh`u)WUCiBTxGEsN#H!5xAe<6$X-_qP!eGCjz70 zV6$3^Ge|{|v^sj{Bo5xLc!SwtvX;f52|UzMz(m{NjKPtH5oS4fDtAz87dWzW8HvGE z1IOwQxRYR#I)l9dN;-7U(3dQ79PI3%9TjBt0kpTA3=%=KpdZ35G>6|aGH}iZrC1AF z9E^NNkG?|AQPgwRjpLP2E1&#GWtTSGs&DY3@#x;uey|H#ErPjx`ypf@w}yN4uJ!|H zNv=6CQ%(aB9LACkhPANp7&Zw|_Z6FkOK-IdFfC~H7toR@y;afSihnGeQ|Bk_HWM?m zI97q1?gH`Pvz>NW2d;eH-;t_G>R%$ZNZMKAqWo%sizI$2%V((vH5t<$j56<&uWIua zVcVV&*C&oWh<+efC&Mc7uiZEhI0Q=J2O1@P$J-K5AhZB@y6kRIJeec%-v(`QB>UIU zEMw{!#_v%VxC6^+k?$mcJCX}O_ZS38NR>r!O6@#+oiqSIuGg2gZ1r{jfj)3DS0Sw(Sd@&aAAf`U@b1zlUL^N5;-e-swp zI~5%X4%rYvDmbbKLT;;%zW>^OBf-4i`cA9drB3qcxc$gp>Ar!Rho?-wv3jMM=CtY- zP|=_+R_3vWwoxX_58H|}fvCRkcqXbE+?H_PlVmyuub}dA8^8bJGl6pAvF3&nGCApL z`2z%07|*iq+<_%BA1CR_(E+gq9%qsnAC>R^$F`+`aEKe5ncYZ$@s1F+Nlk<}0{{ka zHTGb2eoHs?{;kI-2#M<$_d|pRYfGCm_slC_w5v3>2Pl89Jxo6(b9miw-a|B?>DJZm zhd&tRmAc_=?Gkz{88ytBp?B_6=o(2p16{$7)P^K&f>kQ6ITF zS(%^XDIN$EqW4kj2(q~*xF_!0b0o2bP!!4MTJKyd!P+d@$X7DCwdruU*;x5C# zm~iw4Dy)Qz-e8r32jE0SnOu=A4saZ*H_~a%uHe?7>43hC#Un~hSKvFN(OE2Hkc2q6 zxC)V9BBtei_nro2*~Ny3r?SbTAcCe?LMJd9*1B!zcC5wVvg)c&^6MH)2^B&?4%=h1KFx`Qj0EP6x@wny=r#E7Qxc|}iMn8_$}uy?0vWQsdh z0B~Zyk7<-Q+|?5{Qi(K_xymP#n2mCE z=E`?^t_~>7{jO<}b5{Nq#2$Xt1*|?$p-&0SDdzSL|-Aq*KOFl zJfFwnpwsRIHYlTyhn;ZBfI~QuUL`W;q95N;HS>wQq%Qg9JhUlN-Qo4rF^e&I8kUqQ z!1T<;p;F9e+-v_~9K^`d+(dv9v88NQd~;SGY|a`LsV)&4TtQnI_z=+q9# z^qN*>x!g{OD72nXSSbQO50|&ekxZ}9O!!C2j+@6*KU(q;z6*n>XKo!=k{H=7#Gv1! z9cNpW<@d&qfl(qm#X{-iZ_g|9d8}pD{>CD~@RwO`fiYsVS!s4jFw1N0?yC$RyMLy1 zHmE?8_I`nmCS1;24IDSF7p@jRTf2+BG*4-RARR+ncw?T`Iim&F=_(34X;$md8%K8G zf%DDCAm6Wa3-r@B1zGoW9}#e&-vjtdvEtpFyo$T%KKfyYsPXXX>FaOvm%&mGp{~tU z{5Hx|MCdHaL)ho%Sa{%XP~T$d!(SNt{Vn{kay^5lsw#|TH!Ew3)Gia$9qgqJ^h@VaZpyZh@@f~OI^=XEIV{YSkX?CoQDA{mB<0q;P6#O$B0xO z=2O5r38yjb(F;g+zaj0pqfZX4{R7cNL!7*EKuPU5S}CZ6NPjgBbw6?Jbn32tcB}U2 zv=rknXpXF@zE=@iVe>7x#{^O$cBr_RvjQ~T<60wVO$?W178Q9^MIV5LMdzu@Ae!W2 zPQ5SbF8*t4%qkN1>@CTobzdBiGepe^ZY-7-pbC~r-1{}y<-uLVw%+A|2(aZ09S-Z{eSLvbv{JxCx6<+qyuH@D9~JWCNFQhkLt*8v7cVTv}ltc zoI_*hw4kJX_OB7AZ5EJ^J-wXbNcoRVp>rNi9- zoI7qUc<*ueeRt1LGO$eG{5O5MAR?}y(2m?^2MvB6eKZhuzzMv|3y5^#{^3WWKvQ4$ zTarc^ilspDpR!=HW4sF(%3W_`nK2va?QQq>CgIj_(`P=c(tUhxk3nu9+Cb>AW^=B+ zd>_ypqaA{hl5^l%WBwC|8G1@gf!=%NfHX6s$EcElOBd)j4i%}1j{nu|L8rK39xx9H z3XXK##IO$eXrz@;L2oIcz9MADcj}XU?Kod7F903nKF4FLr>4dS<=`08h2>898fn+U zg=Gu;Xa$lDHN6FF1U;i1+k%<07$sl%beh>ud+mQgeT8f=B)nfH*X}LPA5y@jlMQNN zkPY~Smv?~PwbpsEva#~f)1bzW*7__~1AB5K-PCopuS%~dW4`1}QJhCH;19e6q6H|E z6}3x}D=mX25DrF%KCMdTW!IC4T?seGCu(DaKpcQ~Ha^I4#Q z^2zug_f3!uO3LU3YA7}~R%NSx_AqUUg>?9jUNCPU9d-MjTvx^{Ld*NkhJY;yCCZ%N zqkCNs1daXJCXU|NVvQLsLi*GiS`Byx5vF_Z8?&NskHIloyjWtbjWdWJ-3x9dR3vC8 zHYgZ~dWHlV!c03TVFys7S;rS`aYRkAyp^JP9kCV)lQcF3)0;9XgMM*I^5uyiTW}bI zdYnVYxgq~jJ1|?=KD!sd3C9$^c-M+>RDfpK+CGR08*!^P&;>|VAJ>+7x%WrPvK+IJ zG&P3vbxOh!w#zBZ(Lm$!&Z1oCY`CG>-@p9CA1g&}HkJmm$X(u%mLcDC$Xj4r0OH|) zJMZS~_fU0NCa}#D9;DO~uKx)2|2q&6s+Cpsq8ctP8QAs@1{<#i%~9&*azVPc zO8;%+mNMt~0eutheajXt*8@PomYNB;xnFl17<7ScQ4s7K z$lDk#m#ozwa;b4K2oay?O(7C3=&}4zoE)E<`(8IL-(5zES`AV=FfIa5BPo4URZk_^ z_ZNR2UnagB|NOE=nJ1dfLr`f72Lw7JQlL#v$Sh@$ znH%u`>S}5V!bgG%WBHXs4$WnD(@SLSNuFNVHvzUE3pD9TEnZ;XF5~vGsJJ!9A{ayW z&ZPkJ;HPYhG7Yq@b6~a;cc-a|zVt;R)}8w88ACzV+RNnKp(sg-|V-^$C#7pZu9hyf6-@Y6+9549jdAF~it_Op4 zpn5uBz9_vBMiF4H#uQja3h7ZP7WJ%6&&QXTuiPX8=*@=e4H1E<Jsyw^=UI_~J0KNK0M)CywGcGzrtJQ8TIfY$h?_bYok(*>A627Fd;vb5?Y;8uc&Vq{hUttIT`}D(qI5Gbn z)9^p5mmX?^UW;JKkn89F)f|vIAXQHnTnkX{~zbJVMHFjVd20KMr4sm zx|<|1LPIm--vL9xvgsy^&$lW%gdfm1jo~*bN8Kh4p9dy@W?y$@O4_v$!TgoNsr7NC z)YNKla!2F=K*pmO>p)~c{iS5T@sSz+tFrhUF&0EKaagdkArF>=Qc*N>PFsYsyaGy z2bd*5O@|wtZr!BYLE}HO9Mv0OPGUz?11L%yy)l%+(5XR7&>4faUwo$Yet|vvw)h2p zqq7YeS~zpUfbCK234u)JMpQ;d5DUFV8VktVIuBPKUWefK>IJ{O%#g;ZNU#t1ak*jG zIp154SSzP~zAAc>bxXZU%0u^oZoPwYespXW`neDU$-Gr32?7+Ihq-jt`yV__#$vz@ zXx#0g;J$z=U1)c?=aD;W9$$}kq^^?_%m*No3au07EnNuZ^@L$K&sMPY5DZ@!Rg!aG z_W1F}w%O4N1CarvgFCwZ)H zdGVh3MCs3u2>zy~`h-U}?zY}&lzY5=C51T`F>C>^7L(&$lD{SF0ApewA6;O{te7n? z_v>mAFANJG6t#n&JK>#6d#<(fnnCfcdpuL;E^kg9nmLUZfGFd943Oj`1`Thh&W}LG zhmxDTLFRUo@$;tUH_AJ~Ae!i8jD5Rx-AcVD<3D=Z^x7}LC=paZ<=Joc@)0MYC@-pi zG?p0&m9Sw>;+_NYSR{r~sMfw+@Q(cr``LPNH;(zC)QlUv{i9#Jt8{BCjUw2W49Ih< z-|zhnOisImMbHEK0nBzJiv!RXy933a(*6($@ex=r%0i2M^$({bjN3;E-`Shm9 z`me;D@${stx>6l{U#)OVBZ73@A)TVSm1yCbpE3_!C`DD*{4_{NLK;VYxQnNuMn`>D zM)D!gc+TB9u*w@ySs*T81-J-WI;3LK5~qWD31lC0%00HMNiX&=G0HF0r6( zK;F2GTLVK9#=msL2*c+Xy9e7b+dZN0 zCxcaV4Grhe0zy;n2Sgb7W01Bw82cTc4&1O~^hRh5NLt6r*UV!^vHGT}S}U2`C9MBo zGX`z`2kd}167sQ}!ia7enF~AV|I9hm!#n->a{p;Y5oby@>BR{ELMod5b)}tKkB&iG zTt9GsVmJ#_uB&s!(wzS*BMm5-Khtnfk4^%zn*6T&1SH zui)E=E955sH{F)dpBLdJ?}Fi6z#vbRx*X`T5F&Ro1u6v919(Dc$VJ#Y#4*eqiXVy2 z4Z9F3H24-0a1#>;^p!*HH4Nb$D-MbDWj;)kmN7d@Z-kZ!XfB#R65kl>z+s#dy{2#( ziU-(kW*|&q@RE4xJ6K?d35my`KvOLwDI78Cj{F?k9NlbiGlEV-9|z3X#K_ypfNJFx z>>J2D4fSk``o%^jQpcKTp-7;n4pxJ1A}&n62rCNB#?17BfD{YvaE19n*6T-*O-WXU z^vSuUqN*wYQ*pMIhW1-5d5me8MW5XNZANx!aHO!nXf+w_180-@rAvPskR6T*X=epS z{gqWg?#6>v+Xr{o;~kXP7_@j8{A&|y`uNuvm0q?Jw3D*kQ0Rq*@=KiCyw}kOg@@-| z7&0x;K3co0#;{6^6WNmU1BXbC|;jEG>iXa)C^vsk}zPfGw~0I<<(beu7o5A)^Jb~6~A#UD|W zK%fMc8|fe&aM?04FkTT41F}=ZCxn|73);UzOH2SQu|12_4tHLQfq{Xwad16f=hzgs zr+sp@KtN4mmAruo>t{r^6@9+WNCvW^5fezqclmZm)!9u))ll}}?ne$6@M+q>GEj&> z^#H!_0gPW&n^c1t5Tt?;ynzb*0Syel2cTn{0YOfDjY*_Mx=CIx2>p7Z zTLNE>PNwp0@rekt+hqO&Dq2A$P@b`TnEFK+ULKULOtlBZQ9+>(r1`-lEas9QJutn> z!FO-PPnbmT{LBLSVm3EBgKZYFhh*;uD}^tsJ{=)UNun2nFFVVwiI^>83%pJ+KQg&| zTB1e+jtC5Eh>@U)pKVfMzGejYu0-~Fx!}DpF5KGk3AhGqIQKF#kWpsVGry1LD!58F@Rnl67yNPUFnEb?^6_JqoQ0DL0oYAGaNSJ6vN(=e@D^>* zeQIL{6WBUj(e)uH2^=TdJuz);4wD^dwr&N>1(#+Rbte`E1lFSWTSva_(u0{}2lXjG z1H1^Eyr?V=bh_6hvH*HEhYIA6Y(;uII5}}6vY%*A>cZsm9s?nj+mU1bzL(KyM^9mm zgaw%v&nY3{j>2rh~G#V4cOKsJFn|<%^Xb3GX5Ck^hx*UzGj!u zN5?JB`4`mfws_mpwsZBq_+<#Y3d;0F*R7iEq?*+}Rt=R`uP0=fn$1`G#3Qry3bxf0 zUK7C3W%bqj@c5ol-)~g)!%ytCqd=pohrn!;ib2fNi|TWFIug zVQEY|oia$jj#R_81xk;uB$b)py26YObn0}rsa>bk^rdIob~*X^+Ve>Un7Q`(sd>uB{E;Rj_vAm2Q46djxD$*to{p7~%9`VaU>>CuTHA%;2%$YpBF{N8q<`KAhz z4vFUA5C~m9U`w#@i7kt$4ua8F3xUdZWS7_S4UzVE+;9h{q^3FqM3qFW9$coBP}&CZ zYc1?}ILbc7^8@AY*w*Gl3AX!WKlT67aZc$L@3Y=QiYIr{(zH=a+#Om~tqavs2A&{T z_wJz?fGVeMX+&qmC}7ND1SyTfn%#v{<}0^L;ba}UQsj~}2E@ei={~!}H+s)=<_`90 zzT?{3@6fI^jl3s}0S_H^*ME6nNi-PoW8xQ{r=B3ZPbg6ZHTmBXmdy7Qwo_1iQe>_8 ziFjK~NP$q@@O5_0ig@rlGL6?S1`XbrXZJSJk%IT@&BZ=1*+t~YVcZ}n$@xBYPXxvM zB#rx9QfwT*;CxGZ2kUm9Z#?vmVIK2FZl=Ev@%X<1hx7)EL0T;h*j_<*c;XGme`pzh zy0aFBlKhfJ{$gbR2T<~hUHtzU6XvXPo#37GOU}*@lPT#*jAHp{?zXQ2acl$Fy}oWB*FP39A-V;yt~7g4$i-_3tEC=73lg zntT|7mhf)a(6apyC@CT9+!0NVX5cw7M4P ze_fmo{^H$asv~^uF9Smne2wrFvq@t8096TzfP$=JyKdsJm4#Me-^fYWGhw5KbMFdK zW+Iqb8T^rjII0GO$pWi(a6A$jP#VhRl`0t)k!-%G?hCSPv75maN2DnP2sctLC!j1c zt@zJ@FW-{;Lwy4`%`VN+OQaQm$ z+S%D@gJ5+pEQ9|_OW^|Cba>d2;|sh#zF)wLbog_&%lFndba&u@c>Ov;(4rO=HG52@ z2Vn5w^`MYfk1>ruwERcBdGsv2v6Yhc6N2m zjph}TT*tgG6j8(}kqBnP6r*1v`zJ&=c;9ehd7Etpw<#%}<}C!FVJF{9#( zod~=l!q&|M3|Ns3ONW-0|B+pOV1xr|fipWTnZ5(hFP*r{{RB2t|Jj_7m3_|uUTl^*xI%1x$iOA$t^P}wFZDv*H;rSWezq}kqX@y9LwUZ*Xc4&|TtRq| z?qu{jiV7*MU3moqfgqE1^U(qnz2~MZU2qaS5rowUvocP}y#z{mlcfhtbG;n%o17Im z?jY`;_%J7A)CuDh`$iZ7<(z<3-vUb%+$nu9c$ZK3S<^vRr&t(|umH*G5=?wwi`dPx z9>~?bBHnxc?;;!|{?!?QeTh`wG~6F?$>u4>{_X#kwEY&>)5foG36{xD&q_ zbBP7XSQF2muUQ2pCZSi0##G@0RWrq4IyKWe!8ZfW0AFJyvz-Xr#d(AW?)j4-FZ(7$ z79SWEqFb;+-h|7de^Eak;IUoRnN`1fPaRZn`W)01AtgBi}Ht@bY zwP#vs1rwJa^N?vaC+nL>&*;~d#n$4VVD<}hvp z!p6fvr!rFLM&!-G*8_^CoHKa9BA@neiiQke83~^_wOkPB!O&n$!VPjyJzLuTb9HH8 ziGCk{ZQ@=}DYLsvchA+jz`0|cVnUg(-OmayOfJyvaeodOoqn(H43vLWr zxAW-E!pUUiwl>)j=V%0+*4h@#4~SEyK>`kjob&Ll^J{&iGpg_8toVt?4~YV+ZFX<% zO4;klUV*c!jhp}8@xkg3Yyw)v{eI;x_*^ilg?8F*JiUGUwv74gDUn&Jwbc=A=(1xyE$jaM#Uu2$Y(=G>NSnzTBF%(f&V$Yj z05gt==_RclQG_?A*M0e=`e03-m-H<2wJ+w?1%{QqMfD!*+M5n&4Cy1>!dec#)q`7q z&~GSXHV@tVb~FJZH2gpFZnA?O=I<}VkBKidXSiWrf^Bfy1~Lxz>Wt$zj(2PJ*kLf6 z=cSEQ6zpZ+wuewu?{^$w1V+RFFCD!58Mr0gJ~}l$kV%zB1at$L?&8*)O=>%0H!v6zMfr+dwTKUyz+8b_*TeiqFJ%;9HUowoe#W)6xn`s;yN= zk$n_7zlw$K3dWxld(14r`@egPJplx0-{G!T0GUyP&A}9h)jg2U(^Kx^Y!9I6feuAdseDPEaX9Wh5qpt%`aDvf{ zg{SSOuP`gkH~Ujn?~-|)HEz?@>{ZYtx6;zOqZTO0+UJ|lHwiELV5PuY4AO(-jKTx` z-pP5q-QS2#0II&CyNJROB@OE9J9nafA)!#1b{;eGgLCq6e!d8qm2wjSD>U?7#1DcG zA{T_&vp5N$&8B_$3GKTzxc&na9=1!G?=G|AD0Zlp#bH>~P^!&op9 z;SLpn>cpeFHj3Ip(yi!Fr|Ce9Kt)C6gjNIU+LpZU(4sI2r2;BH!XES-cDYvgJ8tg5_t4(VLxofzacPyqe@pP68X9)qU1^|K=uzp zmHC^EL#A@)&;E3N=ptT(D}r)GI{c^)>l}88GXCeDe3X%R`_2!B=F7LQF%?f( zS;7@V;6dOgP0ls77M2~;in%doc#-?H;x_?(zjGUHC1`mmn{_p%?}q4Pgy;7c{ZAMthj!1WZxP8b8?r{R^5G<(bhORoKx(OX700<<9Fkr*VcO- z-uI1_O=iCpT)p#kZPxbjr*l6Z2_XA#<`yJ=VRR^SKwNmpTv;ac!rqwH-%4P|=|`n0BV0i7%XOo7l&QtB))iV5KwhLQSb4Ye<& ze^c&qMq!Npf-DOb<#Ra1X1GU3<;d*Xh)G-c#&h`~qERjf6JaQ!thZ2qVqzKQ4*MrA zHCu^yQWG`)z*_8rc9W+T6^Yj%9aMuQ-V>2`+~QaVx7-H|NQk{JQm5O}(jq@<*roMGUw{HYVt(=DL3Km>Y$A9BEw znqCp!<5x^3Bj!xb!HBAO_UW|+sUz#k8!9iy zPUby4U(K2`|D_%F2rxf(6AcZG!-ua}xAckti*FY&amR2b9yw2>*^`A0`l15mFF4SAB!+S7308FlGVdZ3Ni5jERF0;tl)%*Vaff-+o3|7 zuOb_J&R)e^yk}lg?tGb7G;$Y%2jnOR!DB$$rZ4jlq@VFrV3+Oka)u$i&ZMDm`NM#LI706B0%Sd`kqi#D)}`0V=` z6~W(PC99!s?#aJux%gm*nIx;HYjR*Ra`c@DVgbW+YF^xTpvt8)zPni1N>mKP;)4;2 z&;@f-QcANqAJs;cwbLUF%S-1Nz@Dsm=h;WRwr8hQt?yVy2(VQTTvX#p+8>Z())};? z9E_H%f?kfDFPn;I3FojbijWO{nZO2JKL zpR^Ne15n@LtFr9L{`Ncl_FDj%L+a5#MUFdGd4=D}8Q{CHT%PfV8M;N*OYJ(W1s zP+Ot9ufPte*2=06$s3Fh4fLFD$8CaA(>6rOvLNyLWzYrxCPveIKq>VTDOZddBG=ar@Kw+Rs{|>hw zd5-aL=;{_Y59o$|z=8|G7J_hj`(ToKI@XSsTnW^Gfn~w6EFM3uFvGC%A$I`DZRN*C zosZMi-=mZL7+rW!GC`L_7Vn!F3YUf&fX6h_>tUjV0Y6eXwRq6qc6u<-lhC|0(lsIR z#lj>{;3dR!DaRTk2rXsjkwb^Ps8KA4bnPX(Ltz-;z;NfcrS2hgmC5j7?Y zSuuW}`@uGZ;Z3Webqo#fT~}%FcF3%X<(QuK0t~;@o<}p7Wo*~gl{4c$W$h6Me6jGH zNz+XQ4Z5t|-bru8M4*C`qjlB^@r4dQO<cYXQMs}W}6q$_iT67(KCNO)P;jygv^R60ySn8SZTi3Or1R|Ug?b4eK@ zrrf*F=!7}sW-L(-T^T4hJ$-0S_S?1I4J>wh2ba-^9!wlR&>PrZ*{@`9)k(MR;77)H zW=wA`)F`Jmz1Zh0ns>YHkJO8u%a%%dR!jCWngRBwFD=wJKIzrL6a+`_=Q>~J_a7zh zfzs2NM$=hX6oRk#>a)8$H`DltYTO| z*&`H9O-yD!t&*g}*#{CD?%x6s8&uhl(ES0p@KzccM@L684SdjLdY|D$ITlK+6&Ei~ z70yM77Vjy? z!J$<%=pQTmh+kHg$yAVkwq?|{5Gm6SWQ>m{#|V~ma@c$G<_(g46ZhsO?_s@-ifUvZx7?Y?l zd*cTNj!okSOWSmuOxT z4JY%E1CaD@Zz1>+&G&G;YF-yg$~zgZu#l-7oG@+@X1wtV_!L+64pJB>Piaij1RCNd zKSaf9jA^hA(2}Y)8|Gum8=qLV&irdt$pe`gC1i-dVCYeK z`Z=F(S!p;zKgx_O2n{RfD?#iOM`i;jvkY=~SiZ&lRO}=uVQe5Qs+Z%4p(?@TF9SPT zZI2@xO>cMic=?H<1P;3|b`e0i);jD^JXb|v z#o*jBwN8?sLRywx%i)#U`Sz1(HYMIRWWTR*m`)SZ8F5=KboqD1y;@7R`paCS#%4!G z(7G0Sj=x|&I6DsGSh##L@wS4LCBnn=Jt56vC+}PY~8)OeK zcO>w9qca!DyjApb7ZrcHxZ+3Qd%_mmX!YB>y##!imUdUiO5X*Vos&~Bwa#+I?|^^2 z-V?q})X^MK_<@0et@?H_aK=b_df>UhNOBJlPvqG_Lglw=# zuDlOHihHeFKmtJ^)fE;`)DH#5uQxdv)>qQDi^jlU`BBAlQbXukf$NAR&J>6=!&Hlc zc-U~Z!w^AO9Uc0^>tc6#%u1=X-NGG9#tCK{zXq-AXkdc~S%#Nav3OjPK1MZI*K=I$ zSo62GH!C$q_ZBej9r(P_Y)ZDPPT`ouhL*w)Vd@!%h1>_2bCs;`JpPVF4ql&@Tu1}( zm}WE8id;XXkAG`j(Go1_e#}C~aiv@N`}EQ^Z&@ouFAZwk=> z8p&L1GCxB4HykZi@3geC3M?oD4(1V8a{s7(V3|Xbdw{DVx>IMzM%-LQgmb3~xst^@ zLNvsg-X3Fi&w$#p$Iqi1*x!Eu`1NbkFqT4B#&jP4=5r35t@+HW@Xeze&?w4nBRkb}i)Y9wo zHBX#)8!I^nh`|jLoeW)`{H+;QcB>oKamPzzDy%z!(}EA=iV4L@^y|H-vD)I4Vs2r9 zBHFUB)J{ZSP0b!>k!vqLS4z;Iv0J@KB)EI$r2wWctPg|ztaG1y3{&45EC(B8(9r3Y z`rMG(?_)5w#-1x@zbT7aVS_h0vww$kmcyy9-b;RI*Ctc|H%kuTmv4VbMHBiv79FUA z_`;w%RwspI^^^BtEI5}%L3fNQntqsCYT-Kza6Hz6q*db~T0- z0Ru0$&<}Nvv$i`3`><T`rjD^F3=&fqdl z3(L2olz0t})RNsvDq6x=B>7&R+NAWd`p`6f>6KZq?@{rup`e(&z9!3_#m*GeiG}a4 z#*iR|-%BEnP%XhvqO#1tKhy!-bUNJuMB@Nxe zrHb<;KT49@akgon7>+F{42xGwF}`5=>S(z?KXu-?o8(QkCS30O$9o{BF{~L%XV$D+ zxKz~u_!cY&PK=^j7`yXsFM%sq0vE5=;^Ok>i>Iq5Gn=Gr$?;*~eqQ_lz<1rIk+zp_ z#mdF|f|>j%nKaeSh)aI6B;wGoPh4u1M%q6=>UHKUh5yNdUPhS-Yt;452l#cM$HW zZEI#xe@;~M!@BTYyDx$ywG{Z}G*1|$ASsmfGTx)~|jvseMS6v*K3|y2@`Sct`a`?fS0|jD6E&eU+-Wg@+ z_rt|QSe5(s5gZ315MVqmsBJ1^mpLc>$+fbH=MF6zu2q1tr7S1+`s(VP}mqw)`o|1>YQt~NRNVPJ6?oE9BAxexoZK$tz1jiEN zm#4l4s}zAN@ntZdIw3xOXQ(_G=~H7qe8X`1%;Cc?iUIug9K2zeV=WdcKQZIsbaaHV zZM+mcCg>$Ml~Z}Z$b|4oCRM;D26hQ**{?)=`0zoWy#uKzd>hesB;c>ElFK+7_%DmG zjj7IYlrZSg+ddh{1&HqW8Yo9bLSCc!gzR?VHPTD ze_dX_N&4&8uOec1mh&+MBCRszCs5^r8Bh3>SvI9-W!=V!bh)tdF8JP3*Hz{YDDV_Ietv$f*9rAA ze{3I|R44EK5|Jw1xc_DK(67oJfcc0GtUk07CE)S^^OT?yQ~3m9Jl`H7Rmcthpxr+L#|K84|i{o15|s z1c@CUC6uvVAwNmK5vL>A`te1;stqR)G8DL%mvJWzbu+@0)f$VPGe{H|tzGjwT zigf*Mj?;Kgy*HsMZB`aJL^%j^+z6t4Q1&tM0!dYP)V!ohCOk8)@2tmAI2?|Zxx2Rs z3~jXkTF(`ud}rhc|7Ibq&}yg*E^Z{%-1e7&73pnN5hu6=JPq&Ax?*fvu0xmd&X+{1 z$35-rDxXSwUf_Fo^}uce!$DbAnH5dz$E%l6*u`Y|Xm;+#YMMJhGRDydhGbQGCMsI{ ztCx{I;N_{63#CSx{U*uS$*FVS`m=`46@F0i=O2Fhu&iA!wGJOngyN{(nOM=rjgG4i zo+nizxyS(%;}i9p*E-Fqz6tN^ut9rbC}l(<8UVw>_nXU@X74Sd&_5>M<7jSTV|=jn zMHQ9+1RtR1_kHduJP?_%X92+{_rbViqkFo!ZO%X{2a|kd$`0)0u zzSQ~wv4LS6jQ_TUIj8EmY#*Z4A8X%~@vHD%w#y@0=ymi+Wl{(_)YO#dQllBf?^j7% zRe#1b%miBMeqrG@(1dzbt85^b%I%;=GXQaC$Pv(LWRD?FgIiQNOyk6f@ZeyFS~=GA zppz%UOlY@m6;sH^2qq-$U=hYiPtV-iTI+@@y64g#Jp>`#7pB`73ev3chc)5lW);Vu z3T7Sq&45lO`AFE5mS1@W6D$s{1_(h|zWTk=p>LRd#nL5RDcTXo9&%Rb2rI{&M8gVP zSA=CTQfV{gazp|MG4auJ{n*m&Kj`C8iH@hrGc^uqNjjx}J0>|<0~aL6RS>=Iz(ExFiR zc^-eo1lcg+1|;1fxO4G%%gOmTFLI+lz(iN$yXp#iNQmQRS%@J6=o)nvTWlM z6L({N8B?H21b@eTuZn0}ReB;=4DmZq0N_;;R1>B9AEuIH4}P80Bk){GdRof6qMh}otSmbytl2Ju zXV^Q?IZ+Y$d=(R?ZoEQ*3q3PN28Pb67~oXZ**ne`4aFeJC(n)wqHS*W{G+d#A^b7Q zTeog)YHGS;1Ph@4g^tke+qYwdp83#qFkF@eQ$nH>4eVdhl1@>`Pb}NrS1dSw$Qr z6~+g;U_TNR6vO~OF&mMBDL3N0P9w$#hlM zVsLk|W@r-gO!u+gHN;YZuckX5Uw(+1smnh)bJs)%1t^At!N7-}2Y!Q*MWna|$~X2x(~1*2s0j#_lM|tzxXAr~h(}sBv>~^HC1e6oc1#>AEiHu_ zYe30o|K%kLHgtH3Mui$~q7?o1bVzw*3#6F+7+uMpjD23r`K*r4`@G^AYbUPkmOSb; z*Rt}z_@Xt11{FFRc=(GTCz(atUw5sMWdStb2{<+r5A$AHVB9}CWOg@o|C6-u6R2A7p}?vhQ*Sw%yfOY0)wY+=VM%J>HY) zY~9V;tvCt5j)Z3huHfqGIMLSyMb~z3Kg4uf5-xiMh(~G4aswZnghb5p97VCdTDNSt zCS4`b|D>UZ!7A^V#*;@mIkN0A3doTISPd{G_>u==9D>+2&&U0FLNAk)^r*i#2RkrU zXY|Yr4B{V3TMBv{(4@fK^dpnQt z()AB-xk}9x*!9_)nIK>bU?jqs3ZpR1%*>cY>`E@I<+yZx6WAtpMCl_y8`qhAv+4agmXRgf(^RqfV{&mFww!|c>p&u zHtpbGEXxHa(WeF-!|dNvHSeoPQ(oj=mUq>=`Z08SQAaZ3`gxO&>_7C$9pdP z26E#2T=%l==g}_1y3Bgp<;>SVZd$tgLyB|y$+32$^t9((+Z^%El1Xq0H@E?_;N;+d zMmA6G{rKGjA3kW$rihz_nGm->k`2&0BQd)gDNWL#gQIJD+RZ5kG0{`JY*$GF6X8uS zD8KkZH?i>X;|r)%u+MGYs|b@k?9<4QNKe01C`bvX$SG5L zm5!o6tI?i<<7+Fwm;%dZvv>V^$WZwQJd8`rw_ zK35J&2WJhdl;M#Vj$s>nhLsy?MBO(?Fx#OkhY}t{>JHP<6v$!Egei!|!?)whu~C}` z4=O)uGBi2GqF%twj3{&3)gD9$`;fGaxeQgJm_$}VwdO-zDxUgO zhl(WAi(D1uew&5ome@sq+LZB24&n}EPBlEKMpe!|=Bge(LBo3NwZ7%E+yPu@*Z^^g zLyJn5eQuy_R>{QnBh%f!8_uGiZYpa#KW1&X*(#m7`CzY&L~N9ajz@8Eml$7~XSv%M zDxT(%9@M?x$Aa%XUOy*ELBZXSE+2B?Uh3|Fx`EdY4>u$dHI` zy}6;G_~Yc)wC{IRnvBtT`l$a*g6T(m)JvM3o!n z(f?Ehugt2^<|EAPSrNtsJIQWZ5smSE%OMB7vDbR$#0pK2WuMMr*jTsE{KhP_{zpVC z{mP~7eU#EW{}cfe!;#F*(GBYubiuAVx0-cjoG=l!KH8}Z-)lmd{GIr8NT28$b;y?h z2mK{>t2ttSokE7GC9B-7H1!d}y)LnG+(MtH>)_adhLWn`7W?Fuj-&ZYPi<@S{w0NN z6Y?Og5u9f$vdb$fu%QmV6&KD2LWldA_Xdh_W+>q>0N_Xle;`1s6VJC6{VtzOR>R6r zTl;9$hDMaF->M_&DHhk0b2~oVpe73n^nRljXa0z%m@5s3X&V>d2sCS8q``*m#OkyS zfbl@<7I=I>c{`KJm~n1JiO50MU&o6Af948eh9TMrPL+MA9vNUsyu4zqUo_K)>n$hp zNl@<7oLbW#_%8J473Ae1)f~^%wr|ui3k?s)nS8a(hCl^8OBw_I7vl?-Fc8{>+{2c60N71Uu<-B1kVu#n``lo=>tu!rSt%CLn98maDqrMh)fT>6%NxNanxS7N zLAQfw^*$?w;KFF^ILO}E39RiN7)f12pP^1wR0e!~fudH_-feOR2N$q0BT<)Vsu#aWm zz5C|E5y$i_CwGugHqOJLF;Zm0OF^`#KGmg_2}JH0mkDf?u5 z*TQcks{e;9WCllZ2S{Jt!ql=7&_V|oPVA<|u$PQ5;!$Er@XHLY~u#w6; zVw}?Vu{(!#!a^?yvT{{S^CJql6T=}qAfXC2;6ZTRug23>TwOcsm8`P%Gxa~E#VhO zosKRX>LU0ZrGJxU`7$&C&QVgx18o8_L)pH1)*F_N}2YONIQw5PO?N&3XwrVXgLx!BYXB1qK(Q@Q)J&p6fw3?N97cekTRB} zsF5UV*5`c0E%EpGl#~>Z7{N=@ zo8&av;h!)8Ffv9_gg8v9k0ZMUmG1e%MnKD7zqz4gi>qp((dk+-)P`fPTDsK56os{2 zT@lbF;8TFD3AEJITPzj}=xk9c!F+*A#Ls=^HYM0R!O4ovDr^)(J_YqvbR z;LLI7&M_n~;~(Ypu)$%GjHpQy$k>LATV~73xO^7f9#>9%ifO*bM-4M0Ooc7uLc3Ad zESqt5k3=_sF^3WF6T_4P-sJTZ$h;W-nl9?GI;G9wAZ6h=xKg zlpct(ls{Ol7!V`R1n2DbG8 z17NvA`0J}zyQ6PeUE~5BjrfybDttfIOu!0l`r*T}!vh_dNX$E{dJ`lN zSi+>5pYK~h2h2`=3jF2FnTcI|+ev%g;3k12 zV+@EsH@WRDOrkeV`hcvk!6=U}L$HB$g&%ozpz38Yy*I^|a$7`^T(k?UO$A}=qeo|{ zd;(~XyP5!#i##`Hfc7wLQCS-B1os`SE?@%)Fb#Lp>2!clU>g8=-(_l=oR@QyoqYRt z+d6Lw?|7630H#3vggqoRp#n%RMk{lt`2fUVCcB6n@2 z!+8Qt9|$mr&drI4XaMi#<_2rim9w%@&49{?v@}Q%zqyH*cu}zYTa1z2jW$Do z5D*_z|326WqtiK_YszL-W*CYGVPf)cT6Keq@))G;5YtTvbjbpQ0k9wsR7BXSd4fpx zupw-Ss;>Xa7~Cs#>`iSv&Y2Iicq1M!2XZB! zSe?5YAO8V7Bx0llj0H_1tj6>|e`r6hcjUUde}&r?S)n?7LO4N@0oBLyIFe?KRd1J? z289q%M&LAxSGb#0v`H7;XOOijM0C&IB{vqXG; zj@IYpg8!}lvEv(#3;-GPK!62>^wXzL*pD;A!x!0YSRdJ5I$$=Ar*LD}3K#BFtP4r% zSu;{`0416LS|iL;d^02;!IC~7n-?5z zB#hFwtIt3G=r`*+1t3?XGrxp(QD3j<*)y02h&PbX2hv6ZW{t_sbw_Tc)nFE&5KMpG z;w%cmSOF#tpnv;<>w%~8nCv|e`OiycZ=afm$aFqYL_$u`m$$DYu;ADCMMOUPgQHuy zPiN1bOwgo2XbPg^fG2r%<@CaD+EZhB%g!n&9Iv|(dUoVQX|ZH1&B>X&Uz&k9y(&}J zB+6SZIT6S)n$S=6`JMpu$iW(E3m#kKlJzG+L9v$$#S3gY(|8u^H-No}MuZsy*Tp^r z)M2o~^^z;lf8xcyci^mDx^i;==Gcm$mSrnprt#Lv1O zrvdQwgh6SzX(?q~bZ}fepPsvw;35rf755>OcJ;RP*Fj$W&2Pxlo{GRt3&{&EB@4 z^4i$}8{ULGNv-}VqI%u2c^&e(6N*wpYNg9l?d6i@wCO7?^h;ZCEJU|{8o>3R+^tH^ zh0b|z?h-1C__0IrBAKX6T39~H<|d%#)n?hnnH!SU4OyXrWBjt1If+F-X2f2$j}!b*k&5cjACf(NL~G=QgT(z1yZ~r*ilFsrapY~D*I;Z<(sY* zA-AsPEbMUc6A`l3Q%Ga6K&gApQgq-{V5#j4mD3lB5L6pb7Qq-2G%Y!*z)7Qo3~3{#&85&q3$o)xeB@T%h_TaJ0Q8# z*-wkjLu`a>50%3I3}aE^^$Tu$3LFa~BUSVpv)$(?Y7$CK^R^K-7QBIdRAL3`z8_=*3sT5z~v&Y~qoYSnWw?(pfC#R*}lo&Cq&-;MfceIbn|4yj87a zKMhlUj#dur*crr^X9BxkG|6*(bTfoK@@FXF zGU_bknfROjJ~(9%oecybIB>FWtdWW9m586>1n>(nB);Jdg+f1gJE5Io4okrI0xO{N z7e>~9Ni*V%CF2NWcuRPN4;-5OH{<9Bu5`NhKg&4!4}%L+=TX(gD|vV}kk$h%Id_ie zt^^>0IKCO0LjhXTCASGoCNRt>!Oy-z_*8KP!XoRA6-*V_)EoY0lB5@WC9uA}qj%hu5=h<&;2}c0pVf@i-tr~-4GDfw8dWg`ekc`VK#?B1Bm0>E(&f{xKrEOjq2%B zyM5jZ6@i(@_<^dnykdoFE;j%WhK{15vJ%W3E`#|fdyWc3k8#=AM(PZ$IAT$XH-MRC zcY79%?FeHV*AgFE1`P~f8|Nuu)A9VLObeM$RWC}#G|<4rB-j4qi(&`+ieb#=$svwn zukBUJ7T*1ayRknh2oFEe_JC_*1_1W_dh4%K?@z$*_1vf*ID|ni`sbFe>zfwx&x1N+ zjLVKxzi>;?lTh(0r>}F)twWMfW^8N|w%`ys2WFtOu)lFIh&>GhJ3`fCUTxZxQE4Up z(cT4BH1^?TgOVFJuuL**SG!yTm$K${E=aMs%CLl9wTg`m7mXaiKvZF&m2aenJNNfz zR_~sFU;2mEvbJ*E} zFC+42H>-GTc~_o~a*U0d$y}bo*)F?4mmC$oxP2IRTKA$IYYfjCZ|qfj&&ou3t}=AZ zHBH^XyIaLa7?21I6#v4V{G0#zH~;fL%K!Yn8%K{>HzD?|YWgPGz71~gy!OULMckga zYv8`OugG`us#-%d-J~OF$i3XiCx$9E>b592WbK$N-}XF_7}NvDyXuAjS$h{?9aMRk2ikcfr1hqSW#u_5;RjXGo1p5qv{HWn=J&(#rEdz{MfzR$JTWfhh?U1fC<0wFpez#`%`fqhT zc`IV>L26xiVZI%{GhyC>wfh!e-#)e@aH^m599X(wU4Tr)KT*W>QwnSyP`RTKhb#ly zc~2zPUf%u=!qt9|7sO-kf%nr?8WyG=gY`qGKrwC@-{afI9-0E~@^0kaR#(G49%f}L zG_OG$lu)9!Od0fq%*@QZJk!u)u&4#5_qwbs1x%Jw_s@1`RU?yxoP13fw@uu#g?mz6~b-veJ5id-@AX)oZ0Jmg zc;?;Zxcho)!~Z0g=Q|-hEoeu2Wvr8*cegQ>8+owEYwSxa*f_GE#4I6m3 z0)FE-;BY=Af$-W^^qsRb;q>OB)B%rSi0NgVW{%^`utM)4G#lgqqIe0**-_g~i7vOq z(BE^Yba*~^XAp-&#!V8;A<>^K3VeqI(&M_qcrd^H@dAW(U!rb{Dg&rpioFUX1RQrp zsLhRyZ^-$Y8(J+7ho>@jS!BxU0L}$&J~!{ng!Nloz|kXW2rQ0}wFl1x5(^4zybs<` z`iKr-uqVI2NWBH4P<@k>**^IPAshshUU6@$j!qdltsu|C3)CHxTo(|UG3H*sGe*rS zPgH0cI)sDRfQYdOP!N5wI_I+g2bA>(yDBNr7NtM1VUqiS`*a7b%h#{A`eitFO^~w< zhkI}%K-eT^?J(UguC4HWY|)=Tpu3g3S8{ z379)D(SR^dy~Z7oC=%S{mI)g5(iwOtaC@LA9r^-}l!5uV{DJpU9UUF)>S_;YD9Ba- z02`m{!9MO9#NWWDnX}qxX$+oMh;VL#C4r+r?jorq3_P$vVNk$83VaPPYqki7n1FFD=FzW;KooUm!b*@SDL?ftIy(rkA{s2J_#IPTb za=?unIoMbLu!4*ZZ7WWp-RVbuSShH-+`uRSkMzg11)gdL!UKHN9_SI-(fe;HQ*tHn;4(5Y z0&_I_Yf-VcQpi+?16alwFM8zHJC~75cpFsW+W zAdQV?OpQp8ctO!8Y}xk>6OICbML$Y%VS?)IU0z(GnBqRD^Txn>?QlZUmD6~~D# z{(Suso6k9yoCU_&^qv`S;xu!lTClVhXECX=sd-_QRHTchob|pf( z`r1yyI3YQemD`%m%f&U^+bm{YRU4um+j82ZJ^@w~vFlu3(RggmJi)5q*IkPm+C*PJ z9f}38k|ify-oV3hQeNT@4^m0Wdx6nttBZ%zPdz&-95wBy=ny^{q zw>&Zz@~PO_9UW+8Zwc``AlVSudcJ*h9`JR1wvJ5xT87GmiR(P1vUS9Rn90ez6RW6; zA6Eyb#+?FmHV2_yl? z^k&poD28FCeEMVzh|buDt!B?w=1sxI0%s$DF`CQe<>dZoAjJ^efa10#$(vhuuGvg< znk&CttJoqi=15dy{7`-Cm-yU;J$hTCV`APTX97nm!FAm*uO`>a>GSfc^;#eHt8nF< zZXYBc^^Eg7XLf&Ag_NFuA^ff}!9;@)Qn9o4k)MP}m>dwDb`#n}n23Ox8VVsOo|tez_w6_s?L-nsN3d&5!hBTV(i~a*8govR`=^;5B|;{N}2Iv8HgVn zcOp zcKHwiL=_~XuI-B`yF3Sd3p^*LxC_zc&2Xr^J=q#X9~Xue-P{mI%LoHDW>U#4I1%|( zY=Nu~;{HwuW(EeDm2M{{&Q$4j+fH=t5%Ob@-Uy;hHu28VRVinp=N~lgM+HM0{{%sK_TG? zip5|m+A70bQ_pR&&iO$5Mc~`Wb_?&NX8Sd4i{} z-Ql?5v6Mi@1|r`?Fi7AH?K* z62cVlccEJ{Boqy`n`3nsYT?L)abhy!~ z-%FD>H`3p%lYhd*mLRq{#`rqp1ZT_kz?y@Zu|wSuziDDJ2=>WdjP6u?mpCjN$Mc0j z6y*e1em3h`Rm*IjM4P*Zo;`J=6mE>=jUWg{$)M!_d+`tu5q3>KjH{?Z2b8L!CXiQR`xX6s%QvIG;;ScKSzYZyRFN4O z!$tW6=ONg~tLDMC%DS$@jGT=iO7#y8dTQKn_k!!i7bVPUAiGFT#_uQSamd66SRJrH zMd4BeC7MFh0e26e9--jJLFovCv|-e9<4)d3CxZWh03xU+pEY-Yso#LLn&x}ts&|3@wR1ylpyqO*pLFO-A<@!*Co_2YjY#~k*k87L zNt7)kZV)!ny*gKAk^lFe(1dWDhfZ?AzcFkZ#Q4aSh>EKM3!;!KMxQ z8?jvv50nlMlsM%r@j4EG4VaIF7ra-p;7kO;H`=b;PHIz`7X=6l{NU;6%;30%7~-4T zm&(b>N#+mOLhsK%@nFg;pbaagnYDUPu>l=D_0abn$z{G0D1*BfyRdPiq(oQ4k;oL7FJYv73{Y; zKJ{{PDKKyq-(t&&4r$Qn>9b(EfIkYjX{37x;ysTa?vc%44+5jwgKipsFMMqC0iqs& z56Q?T?N|5EUr-v^r#O;QC4veFyai{WNz;UURTmQ{$>jmT=1>g-20@obP3EGPgC6;U zYP%})ilY)DjjGhVDA1*Y*2PAw$*SA;QZbfT61t%H?c@_0Uw%^W?FLk%bkZYIGr$pr zc~>uNuz*Zops_*Lg-hpE^*=zPy$iA=#84oj41V!ZBC8eleaLI*BW{0S2JU`hxK6Nj z-FXTcRADIIa8w3_0#LSWW)|}@mw2&+6;2K|HOE0|qR_(ne zmTd{0laI+N{Nr#^a?V=0`;pGsv7OQ)nL>7JcazRjpGOgp~P2 zMQ*YXGT^z;xZwWxC4&9$K*}rVP>>a)`q*VLW6JsXsTLW@NBm^{EKT;gpKdxI9{Q`>|B!?` zI_%szXzKLa!-o1!z!pTuZf$Ka98HyMW+s|rc|T2+5POgL{Wn17h|FmPgO4Hg?o+H5 zyRF9>Xf-f5hQ=kKk4t4r<66p8w|(2CC>f(S`{9Hsb70+IXT3Xf&RH3ra3zT%Te<=2 zDb>X=3^?fOigc6K(U(+Lc@%+_?_maCOIcr#O1&NB0O9OLEv^o>2Qtux!y5+pFg<~!HNHRN&`skejrb0*%}vZIzEi%tjsvFomzwU+ z`_}wvV#oz0XLCKGMsGEn72wl#?2@0KAGeU)gdrSR8Y;e!%@e_niZ5mfaA?IAy&gR? zsDsGT0Iw9KYA<$jz3O%N4Wjgh5y+!+v$g26&OZtiPAWk9iAZO#C4VT95(#>C%XuP(0$tfO?Qj`@En(+()Ag66Nvu**3KPv2hJpw4 zkqZCqq@F#8+Ap+MX9xA4CCgzjWcg=lHQ?1S5TD_x2s$Hi{*H)<0DOvan4ALZ|4S)z zy?yykHM!go9r~|=W-!AX6{~SdMF$c;WC#mE?l3kmsH&?=uDc#+i#t5nf6ULBv&02E zIDGI{#Jr2UBo?SRhG%$-iQlaR@|vy!NgsS@6Ez}3lSP>>uYj=vXwMsLwN5;88C%NW zDTAUfM!_(#9Rcex83DMT0d+qnwHa8Tqh2T#F_oC9AfB{%W2%C};2lW9lXI4F8P?F^ z*VRdSfnNx>QKape1>;3S z;k-FV*^V&frLp^a+MqEwseIymoC(=8aKef*U}cIuV^b25MFCjF{l=sbV+Lk`X3}a4 z!`(VMm#bQWhBH<7R+ZnO^@HmNpf@6r8hZBnnh*B7OECSdZtG#Q7Ebnt*AHHP_AZLW zBC>x`2&>h49)QqXtGUKTesf1}b(%&EmQ zoSvMlWv&B32Ek(CS3okI{eIh@ohz>=XUdGb3^ZDZIu57w{W!9?zTZ4owz z-TV#wYJvNZSvb_&d*CR&cdr|MA7S)h*@q2&vLJHu5wluS?trC(@f#Uly#{fLdEpqm z5;~eo=lYcI)K@CnJ6}>>-W4t|m=qUd#Eu7j_|GN&@RBea4a3u-WjIYYcY1u1(ZR;|)Ve*gnZykF4jjT2B+MVhV^nx-L!eQ+-CcnobI z>-VM*+u#+kj=ERPD~C)1m|9gCsUuojnJH) z=#HtvdaJ;|7tYDzLkZ1tg&W~K=tbeQ-wbOx3WI8`ey3VkB9zf4tlW$SoR|jsaRBy{_oLCUhloi^e$F1Z zTIg|m**Kn|lguXx_0NuqD6yYn;$#dmfqD!PtojSD&Q2SrP8^7Tn(=f}lo70oM#0=&C#+EOB$SRbFNATDV)y;Z;TlD=ev*`PW{vJgZ*F^b0=qOpbR*EpPK9+uX zGdh9(Zr514wwRDNC%82cE6O*LTCOf}n;gW;(u`;eB;OmZdc}1;% zaE+|dG>I*)*=30smSFRZ8v{TYnb<6b(W)@|WslODoiPU>8fxj1+;eA#mdA+h(wZ3o0Bu$PdBu)iwVM7-lJscGx8zHmTpa{Zk3gWNQPUTiw~ zp2*y2f*wQ`=1Qa>f!4()bIx``5Sn?E9ZdbHw!EC2!B4^Yjan1v1rTy2rR@4 z3l|gK5%JJip|t*4={kVmLw}tb6BTt3ES7&1EMk5g9f;vJ5SS#e)mpbNJz)3}Uam2L zxWuUD#Cf6vNj!#Wk3oK)J_fMjL071BI76nTtwW|xR2fVjULEv@^&VdG+InisZHps6 zabs4vxMSlXG+dAvDUd_Zp%nEiSSDdMkLTaM_w`(9Gu$X~V8CG}A<*`D_-6FYnCXI- zL@nJ(OafILSg%>3fQiukv*|fBl-HQTqe!5t!}LW3Gg;#G$3L+iZnB^~Ny4IlOeIJV z;EEZ1MX3`7gx$bMlX=Ne;aUNjpt3{#7AS3}s+U4@MbC`c?IkMOneHE2JiYR#y6Nq}2)r!+>=L9sHdc)q^?q7gn|2x+$D%1MTUC|arcR4jW9prc2-)!IxeG}ml=Ml zWh@2&`<5LUIrMDu@laukZX@dh`y|i}^rdTZ& zWoS-=lo;5~Y!wBdg(|+-4`8c_I}T;~nKNeq*x)(Db=b9X)-=>Oe%qqp61B^q}uu)0`$E4pa z4-;#kwFug&!P>BLI9uFk@494CvsvZfybvicG&?$rSJ?7Zh7y;MV^^2F*JSh*L2nA& zirJOaY|%BKt=RUmYkJU&%9k&x57wU-sQqDD9CwwWCgr3XFy^hU;N*|b%CIK0Co)<6 zDS9`ooLcGyt%)E0q@U)rg@K#WuV;PPx~xaVVN&pP4DFnLU@#9GjMWd(eG7ITETNmQ zi$c`&rhbCyB#D^=Pf8Dam@GpZT29y)!3iK>hlOR0rn{U`hJaj#5vO4*hB1M*&^V&I zn&YEkqbS5|Igd|EFu_q*N576<9qatu+`*T|)-=E`T}zvXJ~MV6vdS3s={v$X=PAUy zYs1YeR1f&0gef?GZOy2!gHaY#XLRBlH|Q~pmKt-qH(>RyKHJrFIFx?wl5=$l+s3h_ zdu!!197K%f@a0sQxMjEaOU^^2@C#UI6H@4JZU|ISy!JA6+joDxbgSgRR6rb3Qrf&& zn7j`CWxzwgaVcK*dc;xosRO$34`oq^1yEfvhMJ|*ME?iLKU51j@2+T6Bu$gn)>L<{ zh%#SpY-N)P%{BkT)kRP;q|(?eT}YOiEc&*+mwc&@TWM?}p~Lu%8GIeIVU8dP6cG=Cc6@FPj#~z7q+J4*(+ebctL@x>;t$P5c zy(xfM!4aVYaRMF$P@2S_`im&J^?rdE+AtVvh_J1Hfo-~w8@TcIVZ&fK+a|g=ABdm2 zPS>4eEp9mLq_=SKctY51e5?ox6*l~sH=G9u8*BksmPL76KRj4Z`cM2kC@@e@Uq3;s zFj=a)tV{=NNLux}E)NhTV2ImMs&v~=35*ng%1|16_LY-Jsu$5a@K7OJd$*c=$*RoH zBz$AEbvY>OfnU>E&>a)VX@yTZEFZpEtp!#!EpEP6ZT9`P9vnR+_z*`6#Op=4rXE1` zrC<<%kVJ5kVO#*tnhq#(=&F|w**v<4S?NV)AO@*2tBjEMB#$1^%A(aLs};@8;F328M>t5P#gy_C`Ix&z8Q{LI`zC)~Z^0@Yv!F4c@^VvM(V z)@0%ah-eS&-5`fp9X(21FUh1GBH*niMu;Dv@`b$BRDwi5r-crf0S^GI)Mgj}L4**f z%-Q%_1fFbXiWy2y|Bk?|yvW>D2X z|K?V4PbIGO>1%M`M)mcV>~i|(UB}WiL$9>$k#NMJMi{^Iutq?J1x8=7{&lhxM?(6l zRvgA7869^@;+DpIa#`CqFZs>1S%oDcrsJl-^@+5&?&m}-vSddHKkLk|#jk`M@H%}P$D<42qs95`EpvkQLz20V{| zP=6QR<$h*F1J8Ae)A~^zICW#V|BHlv>$91^bGbjsEfLcG!B?+3!P=3441kXeL4qfe zUCcW8L`juuHuUu>nsNLEd>l;Upr?m7#4ZQf_3h!)DnD-3|6KXv#SGZqZUTUZkxnnd zO)8dEz!gJ{H-dADaXRhoHCzV?w;v-!SWb=bJ0MSkH^3+4c}4UO@4Evb|Eo{i=f`o? za(xgvkO#_axUcFe04+RnNC$90ngOcf5XWjug56A-ztQ#`<}X-5gro_C8!A?^fKZoV zI(Ct=7-=1lQ5;-EISvym5;vy0IK{EG8oM)$I1#{xA;&?`=d3c|j-qzaJ9%#wVh&J< zCfdu~&5NPO!}DUOYPioV)UW%mIZbf-gV_k`J5t1;vTP;6Gw`}1EL?GMl86Ey5j}AS zgxL5AZG0h?v{8!r;x^$0BHMHu>L1)VV!9lPVjjY8;5Dd+gVZl#aEa|jg?If+agrHz z=gy@Yk=c{y-hDP&dNszk2RH|u*}n8E80Ui{Jd}PsZua1SX5~+-T0m8=?1}Z@8#RFw zkFvte(l{4imkQDg|3pv`AsqpC)K23x0mq)BKIBqXsy8p&K`yCC_+4XAMXNq~(Q}@< zY`R|Byh=hsZ;-~YxRP~YyIiPa-Ko1@jGNjaSix%~P6{mmY~{d|tZKQqEef+f6yjDJ z^iPtqwlJpTW$G=EbpiWIfJZax&*|a|cQ3vA!7T!cY4FZXFTPgVj6xDE;p&cY*Ub&F z)=I9DS;pO@7grG=mZ!IX1Jb8VJx3wZ&ygep(ew|s*ry3=ZL!b#gMA~)d|I-j%UP)Y zi)Grnx5Cv@R_Jq|Hbcq+QB~t%fy+EjEVO=R5~!8Joa{TFC!TrZr|1%#!LV~h?OQ6@ zAn2`}C2c#!p!0;a3eWxFsNnl1DF+C>-;3grZ}!Z9>4Kfg6^ZH9A4|r_o=JFrifd-} z_F?ky!`VD{5!W)BRS@OVYqPuXIBeD7E|gEeD6eeGLq8Rh*AyHww;hUFdf`pfcWgR} z-K%3@kZan8c^^@xw?P>K6Y1mlXJdP&Icak+VSF|3fO1<`Q^}m(W|Goi9~-=bNFe_~ z1PPCVz$@8B?H3$YV$jCT#6qzOcu&nC%RJVGI1h~ zSIv4E0qbXb9%bzitB~Hp_l3t48YiEy(fi}sF7HwZK8W+YP@eVL=Nhm(?3D7jXDao2 z!T6S4*%SYj0-KCrf6dtVnNRT@Qu`bH`u`OC3ZLnqU)yOIo2AM+)Cey)dS&0a^E~wyo-Z5BwUCV9z_f{! zCoRudi!*&w4*hh&l$zJchvS=T8wica$q|B|Z*{d1%fEGmb|=k98+@fXY7$)FqF!!8T?xtMlAl2{Wghg#Yxvsw0`JaphXJ!CG654y9SA0n&@?m8!7c*R>vImVS)70(Y+#M?zt}D) z> +yv|6E`_j>YNEB1=maaprJU;QvWa1SGn0(c$BN%oY!2SUS504rul6;CUtl}X? z_CG>fHVb4YWjhd&4^m!6Kh+|S=Vv)S@H1C?R`+Hi30qO_ly*Q)*I#p3xVg2zbffy8d&g5`?=4z0^bHf4AMf_J{Q7VC_5XA7?`6@H31G4;p%u z-j8QJh~dcyNtHD0Jfl%kJUl1HoY9Eq;o%v_PvWTV^K2m_r8W020gmV4Uqc?5|L%{9 bhXv-PK3X(=MY$aQ2+xkKTB^w^`%e8Ic1I?; diff --git a/static/images/docs/dynatrace.png b/static/images/docs/dynatrace.png deleted file mode 100644 index c4b04ce116b4518494f724f511e4f0ab20eb4747..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 37471 zcmX`QV|X3T*998e=4o(ZHg0U&w(Xp-u^YRw8r!yQ+qRS5{(tYi_v<`+*34S7_dK)q zL@3HjAR`bUfPsM_OG%0+|CS4-ZdCN$Kd~8eGE%Owk3SdvVJ#)U_IL(Sd?jLuKJ zj+>{=Zi-OamCyUZpopA6fyIujEUST&D_=U3aDrt_Qo_V#vi%TQlG zKVl-HfWV-t%8KjzXJ(HSD@)7qsTt$6THB1OU(r!mwn+m1S;Xd{GxG}(p&^bA_8Kw8 zX{#S=>l-O4DaC(EbPP=5;^SxcFUag-+(6!gy&cB-y1br=;^Gnog2h=V}P4hdd zk$IcD`{Sd-_4V~Q20sTo8u|wYj1x=0JH?bWbOcAmTiQ9@y#6hoJ3Bu)m>leckK3$m z>s6{g+CMyW^$m#~-mk2w^YwI}n;x&7-dbB(bjYj;3X8}qtv=q{%AUDS9Y1LA?$681 zTUnSctZI%-%gxICy|=j<-@DY*+#FHSW#{bC)H4#|@ALd{GcY<4A0CjASAwSFDGIa1_V&ky6u3~WGBxmZdb7tzPY+r>mp0jX4=Pxj^xLXhH@?;@0Tm26))2gntGtEnQbr zwR}`@Vn$AFQD%B{kf)Z0Qc4}PL(r)k6QfyLsu&0w_^D$ZawpCii z(dAS1>OD>7j%Iv0KQ9kU_RgR2jqIV-(AJr%r3>@c(}engwBlM@Q+)$X)%eUm>$4-B z+xKlXMR|#lF#({nrw{7d*Zt*biJal#gXfIaG0p5QYj^*InLGLJx90IB&xUEyghsPJ zLxw{iqJC*8p82J^C@ zaQ}kAp6|u(WQ*vYD%IL%|NJ24 zgA>jbRze#?i}qKB=(B`L!U!NHQF2#T^-`tJ*{%kJV2{wMv(>>t*pNV4kkEx1BIH^n zD3m>vya)vkbR!-9ltoo$w4qy_kFmv0h!H`nxJ`kz=>|2CnbnTY8^6fdxax8L`atr! zLF&hj(Z+xrQbQQNHvZDgP_lY;AYHG0;`yk8psb@Y)Gr-=Z+5_aKog!BZ0E7UUxK5x zL{hKPZG9~H#XSWgB2jf%y6iIJ$&zokU(8A=sO!OJ_wF>`6%hwm;9YX5qW<(?BJ^M4 zee7e7G0`ytBOZQaMM{k`l>XkMb8m~|3ODF~P)rm^LTQ!}pM^h;s;nCM!8-CJXt?wE zsf!-jF3SMnFmQW825ncuh-M~dbawl78s>5B#@Ev6vdN5NzPi@xOdW;yAlZaUwycK> z1Ia^#S}{aI^lp(vCXvM|w0ZgH{nZn3;f3X0wbY$jHc=o9A%gl7FBP%~Kn+0gAlf{( ziuyf>mDn=TLjJ=ddMX@^K3SCem+EAC0Jo#VK}h(P$6az6nY-n$75b zzxnD^;`?}fH}>!~rAKVCKcrP3Xq@&PcB~Yc=}L~UDDc92x^Ohi1LFM{e5a+osHaB(v1byE^^lLjXz$nrURNbgDT5AFaubH(ULl)TFhH4 zrnB|+Eym8!?YY|8J4LDieU~*Q(619eIS^J>>p3kFSAEAMHg;Y32vk_wD6Z!3ZCy!x zDF)@dI9hrrTfDzW3Re4*lZB4hGLY5dij@(j=mfr?E3){?PK6Bg_<4=qzinnKPbdiF zpY2*74Lz?OLMF;IC#Y_8<@32btJt318jXi}6ayMfE$o7-!fyJhA4GBbr;^=lJupIe z)K>y@P<_v%ZOpuah4zroy5{<;P&zRO<*VX^6VW$+7QN(!=m6F6gTfUOk{A@D7uisEMeqJoBxWc|W39 zd+O_n$kff$DFBtlEMxS(X#kHR!#|E0jM^alcCXCEDv?HOv z6BD=<+vM;`S}kD6F#m0Ruk$ ze|%e@#-PCKpb(@ymni!vZ|d|BouN;_168jDzGVEa8x2YQOJT7fH=&_^XhE@kr?F9Z zTOd zMbO^$z)|R46r3Zehsch{W`6qiZL!$w#(KTDJEc>CL;VAW33v6W;92-_#^8kXGKd^X zoJ|KVm&ORf#b8_OQ^nTL$MO;5WuRm6oEurhh!Td(&4di|Y$R$U0$D(qVjQFXTVDdM zKp^Zm)6OJLQ&Qe4iz1Ck8#DH4880}MR6!82v<_N$?C-aam(=WQK>O8V)!WZm-<6KG z!1I{K<2-(VO{dVK1B%OL(B2WMMV!ZN{))~nzcphdlhUC^5D8d~D5aSe)cnZ)LrGiP z8!TK_#h1>@A9^U3Lm@BQrBG#&L+js@20Pk65_t#@A6i)7T%@b@!g0|W&nMMhCH(5` z;+HiDe-N`^x4-atHB`OfI@&#M3ujOLUc5fmg%#*%JlUid(6lIh6jZdYLV7=`wq)B= zjr6S42p(HJtqd^;d8-`Umz{~<%)niRKq!QSP^$=js%Re!OFJQjCwJfC39$~KzzrbK zCN*U$XU{OV1&_5#C{mTS$^#R0u`!bt8bbquD527OwRsQ=wGFu=J7I&IjXD>M-HE#G z7#W4_v|6*5M9XJjc(`dsaI)bEU<+KGg;G~m3U8s?4-7bd)2yL73>{-rA8YvU_XU(@ z<{)=X<|ge1gt8;&j^L+i}=A4gEwa|OZMLTP+z?6Svkl1+T zCJ~F`6i?jU(d#fD2)er($VyhV&SvrjUi%_6B&b_zY0=OT*zT#qpb6io2D%vy&MMiFLs5V;SN=*eBs4P@N8>1vYFwIOL@sUf7q6Ejt%+Tj z6J#<8q=&p|Q0oaQ%|NcL4XE>lv`54S_4lh1CK>iBM1bizGQuvlbu}d*zoY3vB7%81 z7!k$wy$A@xqTsV!9v$j{l0s*Hy#=&an-d9q)8})mMhUy0|9!uEM#ybTcT{h0qn=uI zIo)WP9da9g>PZRF&v@g4e4kg>n0!u4v0XB>6E8?6@}!Bh7cW&g?(9|bB`!S{bi1o>cChSP@#Qh&ISM6H4RA??**XKdiaxv(xn zpyYig6|&`)?QIsWB6@=5!LAZWxbw?|hrn0hVnqXS0iQq&wAXY9gxNKu7@I|*9v#&w zUlF8za+-+)x!3*5E^V&N=i3(^XhURXmowRzmqtJO#WTB3T1+Xm-kqhUi>|A6c3aRtdWld z7+DvvYtEsr1`W10#M|6)WRy(u7AqI4*>W}r2MD33p+mVN-dh-~`n_;lqCA8nbMd6% zRt#L9HEa6=q-^~G8*tcXQ<{bf+wNW#Tm1=zE5FXs_}xmIO`dKV&(DOO-4^)1r}5<$ z>{EFAc%KQ_=7jAVc@v%97XNkRdI}@7+DoaljG^z@>yl@VaVU_*Um+k)>?)>cTmD0v zG}Db`6I!9Eqt0*=kSX{$+=(9Qb45cJ;6XDB-eQV6W_d2Dm|fUro&t5$U@BCKCHA0= zpoU0M4lhj~hIR$4S8ko*Qkp(Cd21q_&kF+M3$|d@I7zspQ(UBpP)pR za|1uL#SzBJq7219{_|apq!(csSOkYBnPD#_Iuk=dmW(zOF<^U6Bl;Z|N1dgL;nzVR zKebdtkvesyXl0V^VoO6Ui%YTlEY)&@JmfJ*MMjxNXc#50=v9+J^3VN8l`qHzSoytb5vyFa;uMbE!l-TNfJ4FkdnZVd6XfEPqdg;& zNTp}s8>VHFgw8DZ$Kx2e|B1&Ci%AG_!BGIpJ%S}w0-)wWtXfsF#@*BNI_g8cdf%>1 z!Vi#BCuK(CmHOY#1$7;QQzDFP8H9fEP-J@I_-kbvD?p!fn3)Ur=NAOSgQW*XSZR?} z!G>kWCzgC1oSEG|*Ra-27u@AeGa=yu4y9l}o3HsS^XjiJ^g1Kg1<|@}cZYTuxzLze z;B0Fr-TQH9t8Uf#HFY--MTvsRbHyD|4OLqw2;oZMXzrol3ng9RD9zp;N(&6SKs8rn z5HYSNCJqkf>h0P$J{h00YaSDQx4Yl`)ltF(yqK9gUSB^C=CC+;457f>)g*QVX*#k3 z6b4#7)CkU;{M^KA+W7a`rURZb$mas8Gqo%sQSq>H9~PQWPe_xkfog?g1;2r2YE@>$ zT00***eBr5a1}mA#&g~}H}jVtNT9!$_dYc(zR-VqEY>W3z!Kzecpx3+5#zT!_XguZ zBRb?v_bJR4*vPo_CP5d#-Z6Tqa;LsJL!s(vw%(y1)|rONCpAb%a!b*uXsq$Iu2v|j z#V5s?Ne2mIvbvwaJC&%#J?6r~@LBXcPWrUGyg@2RbS-KGdM^ZG8&SX&z_G35CZng` zgee!-*a@$Y_Vz&s3oKLtgUMVUjdrfGp8abt7&8VZ144hQJy`0kTrW@-`Y0TY9aYmH zL^L$7|EhNqPsiHgrcgeo4@rrpI*y3!6Eq}FD58&kk~(2-C@E^@l5^>&Y=NlGTplY&$;!<#6=Et= zwp(sI!Q^ zWpXaD@Z^Jow?f)r!xlW$vq>c0aeVzmx|Q!5_**7loZidNbK*E5^*;u?G&Af0Z6uKV zP`Z-egq0#05%^0Azx-(r#8P3R=ftoy2C(Yb^$HtlE5c_28N{VaN!}F~-bic=o_x#O zHIfg0R;>QaPygP3oHE7ur5Bsg`n=(CwAJd;)%u+2&5EPr%}?d*r0Y*w z)0&$x?ZLAaCV|3Q=6rn2pmC#C&tEg{(yd$A5?Aqp#rO)mWr*mL&L)$mBQLp6F#fHp zmU29rHs&%LPpu6T9xM-@AmF_F6FhRe*sNv;&M<@`C+gaX?4tZGN`;oKRaBv`XDIAj zlZ3E-sw3sa{d^*0%YLj|USk!EG80 zPntBh!8^(nm?Hg_8-*z+F!*@7>Txl~fVgJaU{r`$L{cq0tZB)=sm68Lf@ibB>(U>0Ssx;rXKW|7twkol+zrNBtgD% z;u4IB&x|)FTa-oVUm-Fh4oJr;98GXP6MjpVfY}NqOi;pWFxfGk1)+H7*CEpLjXZ}} zr`XCdJx@+g(GP@C;(;CFFqKwy6L#Evdj)rnNx#}?(`x9L|b{c zC3oXynZdQ7@ztCPdvlM6M%c zyC@001;DPeEp3}qn{Jh6fI;|#M>k%Jese4Prm~x_yWP&Wzf5wNvF!ZjhIHy20anBS z4ob0vVW@6M(P07fI+fXD)yGjFIDi}fCat=<-Pz6hM1H;U)IN?#ONHAzhAHMmb2TxdN@X@!DnYDr(IZi zseS+a*36x)Z)3B5(W+;FKD#>Icy=_jcH~6TKgPlh26UT@&AE6mLsz%oM-p3kGqwaH zrEr?O9Ru)lz^#5lNY?$$>>tEVq>~L(tKvoniFuAAuhuu!~@kvymuV~^XzMg z05vW!2$~(iB>j6@8zM^Y03s49+ZZ9yI~J-Yy$94g%z0`xnIF8)`ll+0G`cQhgO$07 zAgYB~GG&807qZh)gjo22ay8tXeR4Q56oT=cc-G{Rv^(XijAxv1-B-%|z30kO|8sNG zB6H=a(fUHL@2GOzSIp-(I|i>{h`cGu)Il^g={8%xk+6eVa&Du0lrf{4)M*V9d!__< zMNNhwTA-lc_gn6=!p#>nIJ`PmpRj_J-MP~uX9y6j>{=X$|NPm@91-fX4+MU7GzPwAmP7=Ko z#`~nzkT8$k^SpS6(7x@B3xu4UFK4bL&w{@ji{IKQLn);lhPc1E4^DMy^PiJhG#~DY z|8)DS*m9@Oh2Dw&m2lVCClu+J!6E}q{Oe_b;d zVkq1G5Q_Ja>)qqT3dT0>JTDH)ASRs0tYc9YP9jui&z`-%l_(>aUNujst~JwVT5a2=nMb>E z7NDP5mJ##Sf=2AU;~v{UMOJO`==xdkL|0pTx>^=U2PIzmhXk zgQ@g!9LPlF_yTsx^)|}b=sOsg^hIe_K;Ah@K?4} zJodtGY1gT`*1U-#rR6UN|7O==<#mNad-s#d-tp_oU`ool$9B_%D;;yLAA~>!pq=~g zbGO|ugK1HVvSVEd8C9Y@L;pCo9$wGDIH&1{`)0_}T#bB(J6em|O9(0^xV*#5FJPTC>W|ITZR3^+~V7c~v! zM%s!cZGQvRrH+DFeijC$FEpVf%ZxVgcNDs-Tnjt6+r0x2eIrW0k?&5ORz9}dApcT} zAODM#ROLo_)m^58_xt7QYW?KeE+#8BOb1t&l`vMqK#n2WokE;=(>~!w)t`bV>U0oe zkdkQh=;fqC8wJ&c%IibT&Te~r_BGz7UuXNVVVS?Ida0pnRM6+L`7!&d@x=OIHLI#f zz(NDY6|}&_0 zWkqcVcXAqMx14Fu;hJ*xEjgk+mT`l+Q^}*rr)%16|4t*do7-S(MoZuGtK6mEB8z{d zqpjV^yk+;UHMHEqfg^Kz{a(pvG=>9-wkev_s1-b^nF2du=Noi|eVqaOcTk$R?sv8N zuGw4Dn_J_D+nv3ggOMG(=JwuX~2$ z`|-zX&c-U(`?OVNLM$l#+ddQ9(RxjtqhWR9qqV2yM@v7>&>(Sq<3yHtBk!o8qUz3t zFYul7xuu3+xLf$~IC=3@(rU(xQg(EP#rI|T37(W-Gklbw+-_%s9CT7UU6(6KX>go1 z4XtiKI{|)<4?vOOc;(HxLcs_M+8H`*FoZPtiC;+Y2hit~!ryBirDA-Q068$J$@MW{ z>Ukr*mj1o;68$x+@o*;=HYCyDo~A_sdgOzKq?=04C)Ojku>jW@5~L;{H#H8;dU=V6 zJx{qEH06u=t}v46s9r+epmd0-DCw8`0Q{5^2z*C@xPwA6-5GsBWUZ~_5`;huxfGxw zS`i5fYSv0IhG7VU@3%;V5h1x50b$UCJ}r`-qh5Rs<>@cxpi=j>p2C&%fUSRl^rYNs7LJ z{-6QHF$orBbKHE0O+;_+NJ$O@$D#%~s2oy3Kh=D*I>HG?2@-%Vb z&tMU|f!%-@@g>td;ubh}*w^SFaCz6(RR#(eyDBKTyy;f*$rUIu^m5_z`1p!t@CbhZ zX8Z&Kdca{8H6D6*7;n%KA$L#v!?|L(q0s{~s%^Z;K$0mFFAD<5REM!N6WM8D)Ql9| zdMYADRe__e)DBr{in27$G6&+jrQ?btSz18{F$r8*he`sUlcqw%-d=-0kjI@40$i@f zmqQs$N?p$>rgTFe^3T)mspQr<`I>*5U6Msw+&=pZ2o9V*_zvL)rd&XBXYhO%5jo&hWbc7=W68+^ugo_qf~3-4Ry8NZCe zm=kyLy|(r{)lHFwg07v{tZeegCxNp4mrYx zbcOe+R;iT6cl77X-#nYTWrt}W5ALfi+qxzEhohn)zx=?R1{ExqNw9{RXc>LydGPe$7mK?(cWba*85UviG+#=^im6eo;uvd~S@p zZ=&}`E*GiTPXTUB@YS3FIJBO^!C9<56E`;!%>cJp_ixk4lU1f|h&C?gTNBbvGoShL z7@=*N7-EXv<&@N2wc{}Hy^m`BNbSX*mEeh&*Jb6*`-8WVWcm z+y>#_)txJx%jA7am8M{<8T8NHN6Cr`XOwE>Ni~?qLz2Q)f7=Jl z;t^|0)cyo;w}JaS;U+8}FhILLG(rv_Sk8Dv98$6u%u#`OADjwv?8K$f`>>v%Lu|?? zKS^jLJOz+-$v#(Iq;AJ>)sK@hutKC>W4>SML^}IcdIl&n@_$%wehQsv!%U*G-#G9U zr{aC}uuAUT=0mTwLCM$6Su(q{fK{3VXnKJGUrU<@zSUY_*EjkIDAauQuwJ1j@sr7@@USEpO$=~U{aSVN zfF1%MM80>$OUd);a2&CWvB97Ko}ZyGGufbl~@@MylTHqqU*N9;x;Opbj=1R~%s~(I-ajaQO=M+FvB&-s-tm9h+zS3fA2dK1jp}}GT6Q(B{r}mc22&_uThL`J4BA4hBB73ecih0TNLu}qerHz`J5xw)I=p*6)F%+}4 zz$O$KvdaIJeZ3}z$+u#)@3v#+s*1=Hc1vX$W;J(RA$9p`wgqQ|wR6o=n4_xCd?@>GEk6U@xj~jH{g2q#MwusS4TzzaKVRi`mU`R3X2Xql^n1f(^OC_V9y5!D@V_5;3 zL6+2>7W&FdmTXb3yoks=&COvi2*IREeTW(mHw=_6P@5a%(+$qCo@$q5tbF!?l!rz-h*|K!#AbUB#1Y>X(1`XgPgV6k+~$K!1>`Cs~=W>PrW zuRhl?!BpvuKRjUHuYMdfs<@21$e73!3}*hn9MOCKE64vx{>RGJGi6}Y;!G3c+1WPh zGKS(izYN)L#EWQoC;0pG{cHXHH1TVo zzbo(CvdsF}ft^1-;g+E_goyDH{?84fAAJw~3N zxlepw3}S;c!JC??yO-YPH{H$4)vk3`4~se<6PLa6h>x+AX2`$M$aehKpCu@B<6ePf zL4ff#29YrD5z5>cHAqu|r_US&-Zl<}q@15Te_tLa>g~>3jm)+U{jD4XzNpiwJ$M+fiinvFzQtcgrJU%5w~xv8T9-#KQrH5O?LH)MX}`43vgNB)@CN!2c_1T`I|iOI@Z^St1S!)0uo^s zgDbVZPG-N1%nT|5?kX-M#cFv>b}g1FN@pdhX0i*vEso2V&2zUe#6*J;xP~S32MyO$ zT5?l2(uhPBuu(pUr5G3nlyiqO*4z_iW)ue}m62e>)>4J29U*r^353#Mle&SUx)R)) z?g;0om~ZunL-gyo2UI9fPWx^wP2`?=oT}Y=n-WL6Tt0z(Qk1c6(6z;6RB%Y0FQ`R> za=8$cAGxZmkBAldZMM|N`2f@2Oq^u{7s)j)&6tQCtzt}Y1qaD8hWV!DGWmEM=YQS! zh0M%8zB?Q_6-2&^XnFZJWyxI)_DPvQvT7{VS&>RFE6#!3FC}hZL$isr|mAjEs!-b~>BBDwCa4Z(W>e%F-sRwCu#!nwp zgfZ+N&75$kn>1?!B@W+dk{10F5zwVj^%X@CqOgJY;Yv}Yn#c<=ORZ+NkzV9ox@#6_ zi6}fPEo8s*NO49b&uaE!MORVNYLY}b93w?HEql|D1@mts5Mxn;di_C%w3%B%UdwM) zWeTNPnrIgrpwe9DRjCNvv^?MKpXfM=;Y9RFu0QX=z7(4S#`)C`)usNfSCWDG=J5Y<{x$pcnG>0o_vTO0<&YZ#gKx zBM7cwGLsgwaU*r!5lR=NPRl8Nj z3A%KfD6>_`hBqkI>jP_+^R{&~F;aB5?4;l(G^YuN+8c@0On@WI{ZuQk-hZMF0QrMq zKow%pACgr815Igt7-9eVP5+8f#)YoRP&zxpxAYa80D=vgAN=&x zD#s8E2lB+`_fCrL0s&3IJu(ZS7orr^Zn_xo0O?gK$qxop<(<=AauEw>vjV}hl^JFv zZ{md?r>DBe^ePhr7C%5tUhGr;OO(>RMeyH>WilIm-zYCbZ)|#JM=$Qi3v1B(PPzxqR z$S6<@!GiGgtP(TzaT^4nX6|@k@Wh=ip}|^C$V$bXN3n6SBIZaRFUgKping;u%tMHT zg5YR9E_q21>hP5-Yk!U<*O`}dm!W|OxD8A83iKA0f|`Bs_I2YfnW%sKs;j4-w+RTQ zKh0L9Vv+tSCwGT9EI!z?7c_!)3b?6}A^vM`A}{h3w(8g%gKHdO zBjtu}hyFM6@X+XVOSr~XzTQ>Tc?oBQ?U|3q1e**AC4nuDR8>J56&l2>htz45Rw9nz z7#~U1!rsbOuPml<7BisVW1%Ga$7=a(h4<`+_Ajh|0fjr%SG<1(aQ2jmDr zC)Tbw-0Z7KJf&W+}F#Iksu+llKSlyqKLQ~$T57wXdh07^t93*)lzr_ z#+&$dGo0=!Zu+K#V3G&W4ymHjdMWHNO85!-Y(CU^T@N{&Ep;YhW6Lqo7%ZPcd}}aL zC`M>+)Vh^w@JB+`Z7sg7A!VTkYr&(M^tAMLzKb6QoPjY=OQ&-q-LObVfhGvDaMI^Q z868A!PQb+mQe#y|aN$UL3J`BrYFj>u!=4^zlj8@ees2}zu#girGiJ4S-1+cb263SO z4xyKd`-SI@-wzB8`#g?Iw~KgmdOBa`GEfr6Nwi6r12NMIUEErrP8dt>U^3i-yO^G8 zG`X+HDE$T<=#q|>jHJcwEXBbJxAMM7@y zR@VUCPWGfXF!E5?pv=~FjSNCR>258w2sFd+N9LaXlLWYaJoI;NSPPa0&GNdQ`0u?; z-aP59AKTj1%UJtw3DgKYGsb@4*mY%(IuK?=0^B{)cn|q$rgZR#ao2nilE!T;9imW* zin_45D;D4Hb@>2H6(|N-Kbg67@8&du1jg!Hcl%1m`*kMGr3U=}IWD9WQFrfuHoUOE)xTsS#&ad7tc?$NuCqeU-YQeDM2a!xZyulMf%s<<&g~7_#2{zzY z3%oOtqx4{;P5)=q+*3q39MIgm`Z)h*8GX&9R2zf8ssRm+dO!HxN-n+r-o}1=LjC75 zJdC77U_Z5Qh_9y6S*S*0^X znf%qjQ(Bat3+|sUjX4Wds{9|jq0cE4wHzNC-Ch-TK4mXrb)bvuyuJQowZMskFoG|$ zV;_UW@O>`7EZFCRuJA|;1)|+VOdm4xcmf1|>fUk8OC>{KrV*LFOE}`Z_C(_bNd$>o zftd(GA8bJ*pkh&gSzADpFEaP|o&4>rb`{mGe%dPg%55WS+l0CIdVSh=svWn0C!eC$ zj5o!ijw~Sm1IREKloyH(RR`R&dmm~GOBujy9<-UFt55%KY^AKt&Y%gam32;kj7HB+xk5LIvDHEfV5u8UeepR(FCrITQE(GWAj?@T71NU&c#pCt0+^< z{k{5ZO^mRwv1Iy`fqjraeMD`lI^*E_D{|Bh%bSX@a~Ew(r*I!r%kAx-p(Mxnhfsh{ zf8XGbRKwf5;~!4_)9nn5UB-VM7iZ06$g&9W#kZ^+c}*LDeS1cLf+R!;EsWtr=xT`; zMp>;XCSUYrmC@i9`b zW=rqg#5-rX%G}&K%aBp#tlBQkfq_xL#HjKe)B%O}1DtE$E95Htl-?nO((!b zhP~Rz^=i1I_av;`#mD?LmeNI;19?9Kg>q^BtnC{eSWZs9@Qyd=QDH6dkcggMK zMQHw4q7dfY6^r}YcMu|qbor5*qu%mn>dmIz&VzFoz2n=K6H*c6uAD`_vc=2AGLO*1 z)k2;*t~``6;#xub;I%;ITRL_%_a%1`$k^c}4{lEB|1kHk@7Gz69}gZ@5=!2%=Fw)g zl*G)$(f2~U=cp=|P$<~?Nr?Ylvt!{ zUa&{QAYp8nWLkYQ?pa=j>U%#NednEi_w4?tlL{Uz5f7w}sH1^2K<~?-iFjRBpCj14 z4ZO#Y)`v-;X?-jm-_N0m&`B}J-j{}Guh@V|kT{;>FlG>E#}JhoIOP){&QC_>`gY^k z;`Wqv1i-j(Bc_Rv>T=)N{5siWNq)WhqVwA})mC%~;UIr1bCUvTqX|m^$**mTAsswD zP&vW>9A&BW_2kk0gQG{O-@2w4y5?ZTIy|}=Ly0lA6nM59iAc=N`L3}?B;r)xmLN^o zd@e4P)W2N!IoLBQpqWaXU|BjkB8?dc2gGaS6-*L+g&%`qwEVkDqB&Y)Mga^@2uEL- zFV|*LY-hM(vKP326{SSuiSSg$KZd1EB%B|t)4UX)Zxl=-kTvO|2-k?s1)_s19~oYQ z=K`njWdQ{+LXt6dK?LymKx0p=>fnL+W_>)>@qsNe=1MoZ`t)vcUGI;<) zbht)_UlNU?78GMp6@0pLkx$UNlb^_HF`t}gpHLaVb7ft8d6bQY6JrDDrQuqS_+6}@ zB8~`Z=UA`g+pb>c>pX`1qI)WZXg1S=Ree{^M)6 zOQIdtS&$||S{$7|_IPgdbGOlSA%7EF3F9=8+^<7lI)829PSXJn-cIsi{GVcFUf_qd zRGak|n^TQKo5N$&5e=^b${34D4{~W4=O=t|p}hV{qVr=*8JN>3=mGK`e%+j=4`)g$ z7;Y)B5Ceq|t|T#T${6e$5bt5__a07|Nc*5XSS|Wtt-Ti%_@w8ZTtf%UwJ&gJ3o9O1 z>AavIS4ruxE-qK+7NIRgq7A*a#PG-~!p1ttYV_x2LQ6ZkkfV(8&Qg=%&eHPS*`@#Kft~v#hHEeaR_{P_c?!3PU!fW;g6hEOj9M zY+0vrd`$~bio+^htEmoc8Wz37#Y^u_bgFK8ma#NLf!?KVw#nIOw?*N^!;kY}XPc^Q z-T(Z0fN}DED1uy+soTHxZo?Q6U6!T&2t9P#Y0bgXs4`D_=ct?n4Z6+U&iNB0PXH8R z<~3~MOJKGx&yz9c+qdt5(Z$dhH7T!3(Dpw;c8L|ZNGO@fc{KZM2tf}`f8Vfg6jW1H zGZ{0&z3pJ0;Hku@xMQ&4=E*kY;D}E2WQJ{(jj=EZ=w5pnnty(8FJCrd?^12<<#dy> z&9JlGptx;Ddpu&THu01~l==#2X^N_*<3fn|9<|0NLzK%%5AA9ETB@p|{ zg^P-14o032T45xzx#gJ);Oi3=IOH=jhU(fziB)#iiiDE|>Uw>G!xd?$h9M`8R`4Bp zDoW{n_a3rzGwvSV`0K_KEBAo4y#XT~9_;+H*eg<1rboeeV}YXfRL_F*B7s`+kYv*- z)d?$?AcJ1G1Mja&s_6PEOR8wVF%9XH+K}N3tunHXGi&S_mb|0V05+9{g+;F}WB5I9 zDwP=c!J*I@?b6KE)JU*rxuhnZzN=&e8&2@4=7z$)DV&#wN4af<4;+vQkfU)#kvs;zQ`dnnkS4FUQGm?$v>h>iqtAzxh#yY&L0 z3^Ie-x~0$LZ==lK`S8T1_jKM;2Z8RdNG}2XG(aX%yJP_23!&w(A*_)=h=%lcXyiCnu97_MRHu?>D`^F@Ge)%$;+No{X zhnvj2fAcc){pNk&d*Aold{HgCM!lK8K9;|K`z^WQ@mJaUIx`Q9ye|0WowxGWEqGr3 z8$Q&xKl^_9#rMm+8{YRfZ+-UmHy>8cX7$-@UA?)k*h=n%4pe;ISQ2xCX}>6Z;La9L zEf18E`GJO{vHAU9{Os&Z(87`!9?T^m)?6pl$|Mun7h79fd481NTK*4jgt=O4^L^b$ z%WK7wnD*xq26+kr6RLW$icCW?Sece|#_qkjPN#(>(d3BtUdNheuZ!;QMi{iTc3POG z=6^{9UN4r!MTc1@@K|$(U1Z2ozSRJ0{KyXvLOOO&?%9d|LF&nRcVn~&Pu%MQ%40Ih{M}{t-5*h%z zwWV*d6!W0<%_w2GI_MeK(m6%w{dO&U!Pko=kqJtHJ~+>6fNa$SC}02&Dsu{3YgE?H z0BuBAAzv|i^9=n&rAFFV5(N+m*bM`j)4}WkYxCSER%xY0WYWsGv^ZD` zp{k&eDVxJgh`4lLei}XoQ$I>g~2L3Zp5IJe7fh7?TTPeN( zpQK~W^vSr$!u%sLXvGjh00fZ&=@dHiY}ir9X9B zCr*SSs18gvSiYsu8k-z9Fs?$@#vOS=^M({`O)QB4?;A6lO|4x`&8` z6_v{5K-wQ2^wmlc*Iv+3s}4uxY%Xm(g-G7$2`#U95?3ikO>X!pObbgQ^ne8q-mOMQ z)Zdv8t$B<&M{;l^h2y8-1ILem@L#1Qe|T`Dc0N3~UAtjnCduH;Ur?_LcgkRXJkE|^oOZ?-@UXw!! znUH}|5+C48&trNaK9OIkU8z$620_@iQ@5DcNqY}MEvZ~WB^FErOCo+RfO{&uHYA6B z+vERWO)_@+N5;dw&{S~@C|n|$N+;5OeR?eIpRlYu!HDJ`#Gr@fr95FNsxt= z?y;KWc3re4J`wbHu7YrrdAs|@1p`Yj;2K7bOnvWL1Q%6 z9cBD^7VD7pLS)0-LX9-y(Z^kNjq=6Qu3A_d1Be50j|P@RP3itw5+O0VObXxXiE19o zf~an5V;z}PrNgQk6sbD$e~={+3mho2AWp z8bZzQjU|!3it#ZLaRpnSDmaiua-gKjjy)bL^r&tU0IXEDH1J#DA7n|yatj~^jfl7c zm!+8OwE+^L7P(o-RDjoY#hN12gDaD;M+97SGwA#TuS>|*#FD5SN{$7+eE#pUBvw~o z=vo(4!seJlJ!MZOLS#VZ2!vvFhe73y3&>K?_5MMY#1by3DS>ozJPiXPP$&_A3-nvK zRHgn8;Niyr5B!_(JHGTs-a~|k1x5ytfFtNbD@!7z{~b%>Kb(|_)l{2kzaj>!x^AtV zB~jU!`FppYRi91i6oSVNmFOVwIaE}0ow?)sw|169p7sA@N&M?ikf|*F5Q$S_IUvKr z*~E}k8z3WB0qsTQL2GA8tnOrp_TK1n1!z^!2U?TDItt!qKyxcx4k>HcD+VSX+$)|? zFf)~+H$eFeGG1Gj#AQ(j$!AenQIbTRQ7WHF{6aT1lOmNI=qqWdCev_)I~Hnc3{+LB z(mLrR5Wy{s68{6h>dU24I>XoF6Mq7L5ubQnX!P9-dPEfT zl_n(msmxRQO~Eoegb`M}gCO~U)l&aOVKzm}Uf&Y`-LJ-qrQKcAwXlAW9nZedK*vaQ`=N%)E>;Zf4Q*tS!8%z zx<`Z4wrIv1GhB_ag>x&YMR0@^NkBe8{qM0P-sAkCoh4EH{u}f6*{?V}j?9_uZ(i-j zobHyL*<)U0&+T3m9(U|MSw8sr^kr{uY2m}jevEf;_Km;;`f|sc z;g9{YdGE^^E{}|uO^W2Z7^~DZ4==M}JD`Hs!SdCX`Fpec1fH2Q3tLzFOU}`i{@Fa2 z#7rxs$NlaFx*MJNxj8W%&<&O+_(| zjzfBNg~_DMlGwL?BgA8;<3ARU`cKJApdZ(a5z5~+B*DDh6j5&b&wizwQcTh7Q>J5!uVnK zS&MyRJ~Poe7wCyHmOJ6_C>)KsR`Q3wgU+Rm!jo*SE5&PWx3qO84(DBatJ`ZIbe|Z~ zCl+39V}4Eqfx7wkWKHh&d{gdrT-LbV;ghTLg|WHISRC%X!VS7tePWmmVK;cs$;Sz1+>LdM{!KHX7#b7o&N-< z43ERY=_j$LsmI$p`tIj4JSsh(((au1aDH~YVdIxjUk`us7h{`awvE2F@rLP`etoId zx3UXE#~vbJ;NxZAaypZy3vVyU9S@f}c15N7 zbgjfY)?at+5gRROZ*6zWIPX|rYn=3%YIs3SBNOVFaWcp=ka<|T1g~P@ZPT8hC0FcL ztdr`6NnfKgEJk^^hDM7pYwecD%Zznw(qppbEa9+IXR6Ox`R|JIam0NijcaQxs*Afs zxCGtREI)kYypF&FtNSF9sa&VJ<9F!^h}Ta*Os*MB9{EO%$WMUZSYad>xDMxW2B!|o6O zTe1;Y%nJK_HSq4o1aA0MfO@9Cwp5#xLU(^k19#5Dg7y#EFAC3pk8pTQJ$YlPd+wlb z;oY98g?87;(Jz-Xa|`!jd;GfzUZ9nNhZe)308P(T;lZl8ebG=g)RJDj60}I_KvL<@ zK>~3BT!;jYlYpR77TzC0h$&@(7=v&tCG4#N!i`1&7o(jK$1wa&U;nr_>|8~!%V@wA zQ`+}va{buk@+apO3X`r)4v&7%C)1OjP;4^O+3#t&+~x3?@3}vC+=;M5`zA7yF}Qi; zMGHbi`T#u9NPjq`a!x&C507 zq{=1qig*E;;(=}p;-S(Zs3_}x*opE|24hwZtELOJnLbX zk}{>9R}QTGf6N}hQ9(Q)Q5+ByEBGQ((FXY@(Wh9`XXsLJ2#`WY#7~yG6`}19v=d#? znug1Q2m#`71QMVH*i)| zgLJ(K;o&z2w^8hAxeDZqn~Q^j-Yt)|X}r%n(=>(Qj%IYSu? zNwYSGE*g}9a)|AO7!0Vc2^JArV8Hl<&HzM^Pl8y{bO-1mffoQk=oZU7p3NZ-R6K-q z^h3~f&udf&efGG<>(A$nPsRVDxfzC0HhAYyW*BQI#pz$ zM*}0i!$9s1RG2KOR3m~sVp)Uj0p>g0Q@TlA@#`sZ91Vu0*SbAUWN{P!G%yRv&Nqnz zglnMZ11-wMYBX?f{*yFtnphH%3=!EOQV&O1`>4L~4~2KOd(@-#)P$I6&H$n|kFd z3K-#KClR&qNU24jOan*r08A>}(05obqx2nEX6_m@MRqu0I)GUY^Dr}V>xejE0~hmz zVwOUL2AJZi5xir^DBKMU6q z)O&118#4{dOZSm5z|^k=3dNl$8R=U>WeSAPI}IN%%&Ol$y8Eg=6)RF1lZ9Q7arK2N ze4xzHz>^YGC=DFwy+i}J`9LOf6}6b|F5yKP92-jI2s6Z}Ct?z-ky+6_8uf+RyDoeo zyG0;E06G)hqlOZ?DF>BsE+L4cREor15bw_;{ggySAs;GAEe!|M?tmsRVL%2hz`vW$ z9_6$%=;$hmb8}bwMp3q#yLL9UQ~D^fBOEcS(;Cekh0w6CT9YDwyx)B6lj(@0COrPdg68IqlA zrY={yCrDn0$WEi4nn)R^B8nPSJ~ku`)yN{qij3mIF$NP|9aFKmh;hvn>J;U!7+$G{|1Op)j3a(IagCK+0#!yII<_RAHG)ICBwa{29DSqKp$;A-E3aVGE zU*StA?tAo&WMYy2P-5>mGj}-?oVei8Yuj^|w!PhmyXoFo5{-H$!(*2%#-8p!+V{ z=@f?{DzYRZpyHoPSrTEC$SVLL6NUuH!Y%MCfh_ET9lrAidsi14R}n_b-DQoiL24eV z4+|>TMJ|+}T|#RciMomO53_j@OvpkSY$%4bgr>OpX$Wg=^AKV|Ar=!uNT3MT{0OZk zg5YbTwXG;vkow#gDfl9IH#ggpvu7vM>!xYbW~?`N=9`&2d+(h4%{TMSxyjSj12=l- zrf0hr4yN4BpL;SxT??%jdvAz=q0>_)vz;w;)6A6zkLLDBRrccH@M811xlh{84b`9f zt^M|$BXx7x$&sm@b5Bq09FAOp$`m6|Z4ErMVxLaaCtzj*Rrf8O!?JS;X;)V=eT%`W zwhk?6mp2^lo%#8*hN>@q%eF;&aXXlpja^=uM2DS5*hz#~)7jyjc@WWl@}|Ni{HX9{ z0Rnh_>X9Pu5x7EemPD~*V9G8Zp@NMbyC-VTEcD&}sduh#cJT9T%1ySn)lLo0c-kXX z88QVpXSO0d0<;@OUnfd1A{)iS%%N)6*aAD^Fy~`zK!Y zPR>{Ct7sc|wKLio?ay>J=_i;aZYXT3S{kTx!2&d^-@XM! zHX1nf8^k||aT@?2BTFLXMzvzB5J@~D1!a^)n8#(lkWeR=q+MH0kOd%9a4dTmbPzl6hq!p4n3dbmX_%4(-$j7SGW-2#-tD#QtXw2M(FNf zHV}bR00e;rrqM3yf<&iDlucd-SI+?+4~hm3H%ULq0h3Ni?(ADWG?h&=;^4igon*}R>T5VQw}`( zpe%_%2ycI27eMJ!FbatDS$uV1x~y>YW6Yr~IHh$%fw@ZoYjO{qRFm`sN~wzQyN#klCPZ@N%P_Mu;%!4ASYNI}eB@5p7a3DclbL zL0M0L0_8bUmPGt=h=hG*-B}U?0A&4G5+R{y#HL;_4^3rBL@G_56Bd9Rz5>L;k|>@- z=rCeUAzAeZfV`e8i5iT2QRsS_NlX)A7gCl)bwbn<>&=pQj~_yNSXdHQ4<)c9>MmN% z7n~)LkfK)pMr29!&w{Wd`qE%5iGKWHU`cc$2H%iJZZqvBOX4O=Vo;Vur>eHL&e7mH z*~OLd_=(z>!=b)%lO=JJCGpW@NxZ8aPK?YPbK|ZXi@6O>+>Lo>j_XdO-Cc9>%DCem zjC)bXIoy17!Eth@ZbK}W-2=>2%#Fn>y@GMlI{{b{VFCnY&e5TYwGR7c+wRTe)jt=@wi06CQ5%@?vPQIJzj39duzBb+!+N%=GNJncmdYp{C)!A?IM)864}0wT!j7>8hmH{V!Cf5|hqE^=MyD z;#$YTL}S<4EBn*2)_0p42OAgEY>C)>t}H76mQ8c|MC=|G79$|E3eAOdaNYGp&4ic= zA}-hz)(}HG)oVpJS#bk-gDab|+{U~>fTv6B(wliO19(tF@fV5ESte&g0W&n8+LpL9 zj<^OrJ?KN#9(cXy;L$$ZbxVf&fdhg(DvTo#b%1tlsO8yi(I@|Tk zloPM7?oQS3?U;Z)yf=Tn4>0JcX!`-6Y9_9{q?B&4jA**lM2+{rdE z_fnh}?yiuX;zD=JYb{hQ*-H8nmwqh^fIMH0ipXwOGF+zDRLJK=+;l%#Tf%EUtU$zU zR%Q`(IYuUQaXeXirbJ|5@}u_yXy6nc?Tgtt_rR&{s=0|{^W#(V-Q833;|=qd>!;c~ z#@w2C&9(z)9jA47_pY$>ZbmpK?#`f*5Zx`7^1H$xsx=27PycTk6wn{xR~-8(Xu6O0cl;GH$!hzHafx} zI;Sp_b63}I!jqW|DH96G@;5t{aJ9G~B#@(tLKv*@P);5%Vw&c)M~NbfHcuIyN`iOr z5|I-sMpDIwsd|DGI#~&rgoZ$N-U1RbU}3T~-Q5lxvPgN+bo4C*=ExvG7FSHe_YIU0 zi?@ZSnV|MDvxIsPAbs>BXt<3^Z`uiTwx+Z0-NVIS6gTIUA8%-Y9v5w1*vNM6`JOe;w*^( zLOuhi;)FiY%HMPM0!DafFb?!f>GrG>j8jf*+OR|mXjSy~MOJ-0dO^OTnkel1j&w6W zJxSFGxtMWn=y0~xdHp>^XUMIxy6*E&S4T`pP)=5O^{1{1;Nngt5gbT4K!eC|3-Hh= zRT5z4N*lk{T>om&2Or02ir#kJoFP*CdX7DlW+gDI8j@&$V0k|%S~a5SS||IIXbHQ@ zWH#LZ?^qK&%%84_Ga8^{?U5tbr?GZIBmSU;YoJCOwPI0SpC@#ExSj&Qk} zm=!5vxfaWb2{WXvPz#pF-^yAel>BJ37!ER0qIxX03htZ1wlJ>TXeFGYqcO@Qn*jNm z>VKvMm17C{)digP4Cu0;W#f~TdAB5h@tQnRmRbHqFbwmyE&#Jp#``^!WtFFS45XqgB-@q2rg7L%DI#N>ah`u1r zrk$cg1dz)ohb=U4G+H7Q=y@(6rv_wGc$i%hh04~8oE)gGNGD!itqa=iUKR2FIbw@3 zYIymK9wf57h`5>Xs(8;5_5#_F#h~Uf93tA~PBv8&1{4O22I80IGCDd{j6#gSz!tIQ zRIHhcFb*wab3AFCFf{U9xqB<)`45~&yjT%ua{qg_i&Jf9qm-8Y!<&F9!{D_~)|BD(R$R(o=Gy`o}&XgCR*z#5VbE+Nn`H9OS zh>CqV@^96X0Xh2Tj|ACmFkAEHi;MaybXjCd@c=WXmq&ydOXJRxKi^sCp;xQ*4cf3=_ z_0D1sU^`SeHF9;N|EM1+uLwV;AzHx@2q^&w0@8_lzU@%&)}?acX!vmr<+vThRto1b zgG0Lyk6EYpdRJzw_vBb#Vl>;I8LCXArv?*~^NG*v)1#zJ)(0L}yWT(2k@|8O9^uC| zcmUS3Lk+~JXj0n<(3#OQP7!Q;X=^@FL_i%#qQo@}$5Ts)Dv zJ~C8!{#5c*+uVKB9y-kQk0;Z~t(|A0p$!U;(9(aUhiCet&0ub7gWmmAT%U`R4rCu7>&JYcslv7~x?KtH2|4 zum71dKl~wD!EX-4)Ewot8+BWJ+y_?$b8_mlrSORO9=hjJiOX(gAYGTa+?z<(WD=LN z>BPmZ#N>s<_^!k#jPLcQVkljEm~bGV5uu8=8ewUz+FVkE3Xd(eFBn+%43-3smw$O- zO#@YT|EvBX>cK;2z;xojxX)EYso-4A{4PXSgO`E6>3!; zJk*6!=Q(Z5Ljn&pQ==N*`}?2QUw{1%?|<+34vv>D<&N+8g1>z6isQ#B#_`gv6+&d; zs`qdvh;O~Il<5{Sv3SSQajA|SxAuJN!NWf3ukbLe^_8M1A{$kENYH$%V)UN0M>x3l z2nD37H#uE~0FMwglcPw5BTZHY=1s?{PE4)amS9_@%h)va^aQS!OMi> z8+(?-+w)>N?s>x(qJ|fJ;r3@y_1jtA}O>~0-zzO_R9+LHL|w{iWq zKYsEHA0DD!ZQ27agx0>!N#al?nM4{X0Uo7lj}2yU5Ikg0xP07-gph~WLEMK2w5dUR zAQjE%$OavShuKA)qbjjMM7^-qad5TKbi``#fM2)4_m4j<&O7LtEb4#4 ze2%?46Y+Qe1Js%WAEHTWs1T$?lNK3nS{R=H7A;oQF0;= z9Ji1u^5jA26p@WOr)=p=;Kkl-{67duiqU?&0DYZ<65kJMBW`;Esd9k)Xtj}VnafkN64|9r$_KS>8!m9k1=Xz$S$ zg9lmU6@XHR>*xhgfd@H?%Wd=m8V`W*;LzsC7d*5r1_KhFLVIrJK*5~ z3#N-lIx2|)c#J#vGX{?#*_!uTCDC%?0nk9MNM9u}2oK2~01&|ggohiwWjr81!v&8L z0TvI$;h{7hfZ$;ng1G=9cto=YAb2PkFtp#nBU~jh5RbM)ErCafN@6ZIBA08V?UtM& ztI}6V48@~!s#4I|1Es_O!UIrwKtb>Tba4e256&JGy{N=P0fGkrOfT5u%cKboYr{OZTokw{-8Btt%EDx&E-} zDv6olZNrAo9ck~mS}>O$WBFOOe0HulT{~Lif!ORpuYEjt5m3ehUhg4zpnCT3@jyLz z_`OF8Dv8-FuV@&L&N3cDe%CxiC6WF+)SETCb2~mh-TQV??!k`tO;<@g+k5Hk>U$gb zT{csgM~{>Ayhg9uH**#ilKUC7@a2DGjT69|t$mBf*kS9kM?AyHht7#KW)R1&A>^q=Vq zXXa+>--|YT=ImVaRT4EGr$1RdvPB*#F&I$L)`Vxd=CMIth~nY2=AhzAqLA^B$rV{? z%>k^h!~?`3`eKSJP-5y+ad<%EL5@j%(AEsLpuYn=xk4EazH&i9@xQ^~kxqdz77sZmdD@@QW)I-+PGL&mL8`1y#-7gKQnU=3Z+a zq>@M`b6}AcO1 zg(N(9uv@J)4^~N(;Z!Z7!RIY0Tufma3)vDc%Y)V zLXF}|CRc*T4+jtUgI%y277r(T1gj*tB?=6WQ z*&_fR;5yh{N1$j9zH33Tmc(dBa~?~gdGcV{{nDV(GSqQVt7WqJ*M8QhYT1xj5`Vx0 z+|>iV@L-!OFxkVaxk5lZ1X&W70*?h&4_-^6nbSvhr`9dNVjyOb2;gNHy%VziqpE=!_0IWO4zx$T-R-B!w#vf14_ zGl%J3OACo5(TxY#?16bO@EsnQRS&>v?m@p^vP=u|62${^LnU-#7jz^M0O`Eo;Nc9F zfZ*X?M}%u)7a(}B+k$YdLxJES(2^MKTXQZ;qBT)^_GP=I6t0xb$#eIu@^om~>FULu z91csOu32{H;0Vk0X1Cuq4JKiCmV%jJDR-lpRA-2U0R!(U{XB9S`woj&HtSxaW$3T!2=(7#FoUBjTBi13i(K4Y)K4OJ;<(k zAUwb{SFt5AQ9h_I10Jy@@tv77)=d}&!f>nWXoTnkuw+AukgQDj6?m)+tlg?gEWAdy z?0$nh0FO~@0$(mJt|AZRq+S#McjwF5Cm@i29!uirS@Wjf204bmdVANt4Y~r<+OLCN zM|cy5>J)ChG6L?ea2sKNpXj&&^nk&a#QJI!!Rye(sF(nFq^qWB-ilcg5BufbUfZMl ztb_FDx^CNWboN14$2fc(z@UAETOW;j1*1a@;6(cztV5%d&_T~gubLWNR_D8EmPIUy z@!;855_#5KRu82!s{+Y;8+7YgmhI8kO)T1_TeC@=!`B4%E=|Stbbw&xe zI9*|xyxdvKX97^sFN30UA&xUIldwz(B1J5Tx;-xHDOeKC;ulyl?E#b#Rt;}OaUeqZ z*#-djUg(6F_sXLN2%N@?b1NT_sUg7&SrXrtD}M5;3>Y*HXVE{Q$CUy_O~Td*{Xu`G zD?%@0CqsKs8QwVx9s%MKIB|v~sngYhOr?k=F?sOs-&qooJlxP8vxN<=gc9dd3f={R zw`49>N?8)Iz%UJG+?4DjA5DAP!5f_zCetI<{t$OPuT4X7-1rK;B$T9xy$HFj;6*}3 zc%^|IYGJ+!X2+(aP?eO>5koP7B%@(ix(x=sERYtFAPVB4i0)MU6Flr7?2m9a?^f6H zqmL7^|}XG}|mJiIAeN$Qk}SOX7uEvOQ8d^?Ouv>+C`KLdN-WCDvK6HsV&eJ!22l0c3;T#Wr;0XvZSkd$^rx${$y$S zqF=e;Y#RNN7CKba^}f*7@(JXeRShw2laGYna6#bhfyhpv#=!64aq8pt&S$g zf*|@kLFfMT5|97&5*@HworuD$PR2ug>!K5`(Bur*uuhn~ZW+E2-a-%`xII!eA>T$5 zFE8dp*;L(7pav(>#!M`U58UJ1je9pY8_&9pt+iTX?as5>9pn9GW9w$Ear@<$yT4oS zT_a24)m!)IWY1F%bSZdL_W0xH5VcF<3t2+oPE64*^-S@A6yoR9%NMY$=)83$2G75z zQQ$g;&YldKm?KqCOXub^K{{I1yGLlWgY?trtYz~a3uz;jG%OD?vm`=Z1Op&*o|q$| zxPxYi2|MGtAN^^BA4mYQop&tt##~&*LMfJTT<(4Ze*xOT2C%y9<_PDpBwv}tk#-2u zfR*6Hl|tx36BFga{HR2#xOFZK_?lom%EpptfBhD!H93CJYiZlQd;CFh_l*~OSb3$o zvrqd5);=lg*U6Fy$57DdG1LwnrNi)IcNhx;K5=_c;Y73rlshp*5_AfS!o*F2k}K^X z#z_dsjfYOliWrue$vD7l0>B|rJl|8Z$Z2zQW=qW3&Nw1E;Xye>6f9?BNrXMiT3wtOMdj@=3C`%fBW@MZTMwdGoET|(L;at z^TC^*sXkWsuahMaP9+7fi;Byu_p3p*yIYy;PU+yMKnXc+qmBB&4op@dMB!W3~R6r~|mF+hK8%uGTW(?D%Z zg;}`rCsVby)6~C2ow%zTW8%{DiuL657OR2SMsH^x@BZI=?m748-19!Qm)FJl^GWFu zP33X=Me^fp#7ux{XG{lmhx?r|Lo#I}GQi+=QF#NG;bV$WN)_(4^Y=h*DiiEYM&~Gr zEX(2~D+{MoQNE(FB>9nEXH44)K0*YdA0y`SNzqc~M>3XjYUCc?sU(%rlN;tl{!NPc zXsS}S#rb@OFDaR+j3Fp#TRi3Wq>LVaG-b)~Sp_+gm zNX+KyzTwcQF%s6_$gPc-hn{N|P7NiI6(LIZ_BtMRJ)&}is&SlA4!!6nnVAyXoCq*G z^)venc+e_{mZy6tiC8kbR^gLKBxO!I1D|lT;232YZe5w2EJc_Jvi;GHjo{db&QKCZ zKYM3V7>G<>o*pp0GycT%!;@1_4m}yUGF>a?LVb^oPMSt1$4><%u{{ftvG}|CJi_)Z zs^dFb8D%zd^Fd}a&cag#N!>-1M3$7udbHPg3S;wN{Uiq|5xul4By~H7 z2??G5rqcR^y?K{W5(8pz>C{mYJ5X>jnMf5ZuM%Ei&Mp|jetgE>>m92@Bk}B5GH1yy zq9oD~%KPX&`L2MCIZ4k%HOf@bNuqx`#I)KI)l=O^NgNnBeU!xRI%;^p#4xnxFq{Yg zS%F$!nhbYRG$*xsV8w`BPV9Q?o!PJ0T;xANJe;4zC|HN11Rh))`AW5bByv=9eeYG~D_z3dhxyTi z{7prGtTP{+M|q?Mh3G%p89HB}WKq>@yPYRdwUG4zTiAV+L~v&WCGmLo(Jv?1Tgm(X zc+n`ZK+1ARze9q{6+Q528D!zqI=W^LKK?yD%rWAiQMO)sdq_;16M8Qs<762v$Mq9Y zrLxs6lth-UKYXh^=B&f0XDQp(M7op*kBViS5PX>I2dUDWsv2jF^-%1t)nAXv%5aGPP3jE?k93 zIV6!Q_5-0=}CP*c+q zA|BmANn{;}2lv2LsYMDoC())?YT^NrfPT_1a0_&AFV~`!yhY5UG-{k$>bY9Y$;(yf z9?trbc*qR%21%@xa+yRWj|ys#avyXbXaWR;*!4GC=u=8H436|qyIun8KQp zlTE|&)@DKQZO@rhW{*(Qwz=Tx9!esOx%xDShw`f*!1BpD!RL9~;)MO-tX_!iSxtgf z$H~fqDGlA|pE6(D5-O0TDAf9=1mn#d^kSho0;HX^>K2#gCJlO==jKxesp>*HZoRoupM*|ltU-rRvJ2^?^~M!f*@c|UJ@mpu zFTSx0##Po}N+sF^m*cUKMIl>&21?{gT1^dyFcB4|6Al3e-1C^rAtV-_8(D7lTR}XC z>i{K@aykt-6DWztxwn3M`IomolEkA>RcviKd`mgqE$t1%o%~Rty8SlrVW1pXci*rL zM+5c7ux4mI=-zkjG|c>Ub9UM??42kKNrS%7m^BWE%^rQpS=JxzEd9FO9E4!0bZ=|x`Sa0n6W=4iX*I-UF4VqHd&7~Qec{Opz zzj38zDpVbt_4H%H=1yYzBTM|H~J5W%8YddLwTd8H$C4ty)TF`@|M}bHOsW$epv^T zYW1e=mfP#@%Y%4KF9sG|>m{?p?bPCFny9b3h>}Q*@g(uMdsh;V{hVz%FPbPHy3K2dKI#4T!=VojxW|$V4J#he!uC2PNe1>bIE}cYQi7A z|J7ISyDf>wjS+vJ_t*03cl(?Bo7;&QLnIS`Gz+d-Um!lTmcF$TpI!m+xYj%FGfpqg zt-IDr>+cx;Y~e%if4IB5`{FJqpH0{{Tz$5&QKKmYjoNN3<`2Z+=U)M*VFkD2eBulaSyppF4NyG3K+svw)I#?CSC3M?Zf2?aOz8 zFCD@DW110-7}FlMMECCPpKd?(%~ON0*y}4}L8z({ zO+{UKJXGKNCs|5`u|>=<&16Ql$(k+8kQv)xzFD$l2#FMlrm~BXk}>ve&@g04)@);q zY}wb6>|10DiN5#q{rq09-~H>no^#G~p8I~@&wZWyy3cv;LEDf<7C7f)Qn}U4Z+wh0 zy~d|)>C^R4c-uf!?o26s<0bp$2fFkKwnatsKc(aFoDV;Vxo2LU=8zP?Zy3Flug7 zs|l%x+6M&(ISL0;^h*%Gce6VWS)-109o9n*`IIbgKSLHS9=2JTb}9*o7!@?D=JXIY z^{FUgj=rpojy5O7`7_oYb*5ZVGRCc4RR?3lQ09Jt&Qwple8ymXhGw|PCSzZRc=q#w z01g!6gAF}#Tt1xS#|(L^xqT{7BP9rSp1+@y>~Us>Z%WCvNkVdxpIP zWUw+Mot+_8!QDq}L27hwE7j$$^>lQaiOH?>%{0yGN}aJha!X1MYIC_9M0B^-J;D zernZGqPe=?#S`b=uqtFE@1P>Py?0o)U*SNRk%1`QzR9m$y$K87VdpGhXXayW;5AGc)xc|z2J|K4bVvQ z=`ISax(&X@N@)!w3TWqUQ03gSpLzHE=zk`c@%3QV;P~jHZxq=eIrNQ3p2)&PU!qie z;CQc6Rq9xvQM(N;!;Mp$^x~|Gz%|gwDJXx;sN?%A?(CPdx+u}(MlqsIk0RY_N&q;VbsSYCKe8f znWz?T`Pyyu-%aoY?N-*z=%F}P^7@54DtF;J*cDCeOk;jFtnzwT)|`_{+$;9Wd_zo> zq%P6qmrI*e(L{2o_#qK$=S+1AJ+&^5tn{Iv-v?50Vui-yj+Wipzk_}~EnhC0&XE=$ zJH2)yO3_LFyu6B3!n%KK8;a-ZqGMkm7rb;bw@wO($cI5>j$#&Iqxu(wg}QjXAandx z)53&h0+4>M2ju>L9Lzw0t{Y!`bJ&^@(N`w7IEpPi%6wI$@Cak`0rbS_BB~Bfj7CE1 zh7Xu|gomN^bh|FTQ~0#~^QMc6YT6&+fCH=od;9DMhbvCAo85`i_W3IC{s1Bl^y57{ zyk9{H&O=H>kaEEkv>G7n83-l2X-mQ%h=_kzfj{7ojwFvEO)z0I6f_+ejz^Nb;ZZnH zMbSkH`q|BM=AiME1sV+7bAp0SKLd0qW-`HfG$WP4a2|L@ ztQptz%nA#=$E{i)A|E#0t$tr1ayq0;3-@JH@hm!_g1@_C3H^!!{xQHRB-0bZu=qERCniXHJjFfSLbI@9Vgq z2vW~)H_yeK*#(c;fHNXVWVZrJD;6je2k$qEAn(uLEvxnaaE-V<_h+uGD#z&-Hap)O zbQ%8ODy4O&qp495V#+mH`{QlT{NYhe?DbX^3fh7OyMdkYMvyMKR!wieolHHN|Fs-Y zrgjbY8S>JHAOFAZ4od4BK#Vkp!2KPM!0nmhs|_{jk^jFq>TxY=NuW|~OYMeho?waT zR6uGJ*)7Tfgoy*t<%%LF4V(@1>PF*2*qmuaQ9BT_uH)vTx8p?8oGsGGZZ>@I2i0dokP9A!W6ofele~IoyKKSLPY_DG(@1!=kpX57 ze%>k#DkqxU#TthdkRLd6MKYsIm#oSkO+;0^(9#*`xqVU9*tQKxT5hoPvDZ=&g_qJ5 zCVtzMn?!O$O}tmVY!S7!sRbRzQd2l!`TKp-u?=j?WCmJ7&h!X-T8db(X<^dRNX6HgIKO& zmgQ*R)39tq3qb?DfjKO4JvL0Cw} zMzNO<>85mFo3~@*qGhtpzM$IT=Lse5kB+NszLKIEtmTh8X0o_#UW@4#X~&E2y8rBR z?=UA=kZF~5DwmEpz!R^V!uy)I^K_}1S>+Gcm6!bJVcB&J9Z^oJFvFT}ap<|Z!#G}| zud3aS`h2s~Fh+WUY@j{~wx6A{OsYOQWpV7V5V#HbIbMI(S8KES>%3QsX~;<$iF(+7 ziJqiWyKGq?+W}G%SfHNR#Ki|FQmCCDqWf6{iy|MH`SBfFZQ=sg1##80hP6n}CQ(#D z^h9Lk9!?bhTFj8(VH8;jy9Y65rfC^g@mYf|mOQt>(%~q<@63&})6%4s_XiN2ef3YKT1DZE*&N?>qwJ0xWqyV@4ZHNAZBh{e8|h{@E49x?z%AiP0Aij?$(60O+$p6Y2yIEJ9~3<)mN?@xow z9mW5^2)u^S5sfG|8OUY26l13ZRnhof3?UugK`m89;KSHovk>2@y)Q&^(!a{}k`et& zS#3Xt!jvgYUj%Lk_B%MhO8zc8u}8t;9ZX=_sPFy=_KPl|pS;vN zUa}GAIH{m%@+5RS?nT*p#P$;l@>UFxvB8;uzNRiiT>G(lt}IhzJs>q*QT47hhzBfI z;-R__3-3Sr)0@;VA#cCa?y~VP;P-8Ys?&umsJhlwF~jUZkAT}b-~AWsX)&uWYlaK` z^lkz(skk>@7>b-a;koztLdB{6N<2?|#}FA|>K`N$E7o}hz}FY?T2&_$ZEgrPfJkfG zPh1RHykPm!8uTA4P; zu>G3JW^cNsWwMdX;k?*Ort91P35D}?oCCB#gs+|dUmHklZDlfq?thy)D$hO3c3)(4 zar$P5%;&2Swiz$N_@Hyt=7o!HuU6kt!B}f+=OOK{d@%l9u{K@DXh}Uj^-sSSac&OH z<-qTBHVAv;6T8V)tCb1T#sQECcSu;|4oW}sDW^{snL|!ck`&l{HPvTm4E#s!o7>`c5`Esn1BdnT8!1=%zPa zOyTQ)PKSjgl9V6u*7U!G6&h3~zE)^a7%CJ`ro(<8(P6~Fhj5e{c`mHTecbWJXgL~P zG1STtkIwrx$||xmrmmMwHYhg3mIPig9zF&CN7q4aqUh<-!ISam`{5CmAlA}*K=Y@9 z8K#c&9}DO(O;tPy!Ximx@=>{+0Njmz5EiO(N|Ho}^@fLXF}~Twqp@wg4N@(ju8s)^&XYPSU*btr7kcCF<&0PuI=V#g6J1H>)H<7u*-U^K$2fxR?Z@tJ6cbEo31n`N>B}vlJ@K&Sku| zm^{xnhj15g>$yDrBYinc{*t_Yy90pti=G>xtF=OA`1xEi;w`Y;v^E`fqB|HnlX<^) zL8QW0Sr@se{`{jRhf8E#!>Td~K)9gq*8Xz<{gv(%pDYQB-v>V8h_ zU|i3SonNU(5A!FU9YXW!i@3q=63y*3rPhbl60|WFmkJ#-;9cs;E%<{g8Y@pqx|-rR zj|1LQHAFoWVp0|pLvdH!;PLT}WYC9<)#9_GmdzEi@xA^;XUj(j01oqPvXv3PH?ewX z-D{D3w*LBCV$HF~n7Yk1hWg)k+d7OCaF%easpiOt&91XQqv2vWVdF>h7QpfQ$jx5< zGO0MZqRDSB5owz*i_S%o#ewS9UB zOZau)8{_X7iG`~B0^az-2`Cf5gUm2#oa~SQMy({tB9Ga`mA`u{XL_(RKWJ&P3}GNpz>mD(vF3P?-C0w}9>B(1GI$X4f)4zF zuq5feAs*xk(A+hPycBd;6BG(g%`?D*1dFqTzqKAc;R03>hGC?~5N zGEZ#)ytl>TL5m#S7eJf^ILyh!t)4>ZH0$aHw}F#5Oj-zb#_7I3e3SiFC{W_IwY;4P OxG;Jq=wh8)A^!!cG(DF9 diff --git a/static/images/docs/external_access.png b/static/images/docs/external_access.png deleted file mode 100644 index 6541309b0ac87c4081315c071295400d52614447..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 292367 zcma&N1z42d);>%aAP5K|(g*?~-CZKx-QA6J4=AB@Hw@j~4T^MkcQXvlkOSX%&JXoH z=l!nt?{zuX!_3~#+Iu}~uXV3`t>>GZjOg=cc+cSA;GT<%eN=#hdnN@3_ec!s3G5q* zE!#pkIMi3>LPB!lLP8{R_O>SGR>p8}V&7uppDIQ7zUtnlrt*6mBk(BOZ|TvlvO7J( z*mn^z1V2n6lKh!b;m6Z-neW~=B4qApz^S8<2KfuO>)?D;Qkm-f{5+Oj9L}q?ZabBI zdmvu-V8LUXKRS_~8SdRoh5rvJr58Rlf~D`6+LN(?5j~_(cnkqV$8>a-*%X2d)sG+F zU3Q-wygCcmZ1jIS&3^-(&iuK#X$L1jN;?XD1dn%*=y zjLm5EEJjco8xQ&x3;0__-D;;z0QwVo(xL}t2u)|zvi_6IPp*jR%k;879I~Fy99H3#kNnejARxmb}zS;$SeD0Qf|&BW|NIzze{~ zgYgk?hsgV0n*MYRt$eQeHq`&l>@`38JNKAqVFyyt(=4}Ug0_4{nf1s1VOv_{J*fEW zCofw87)JGDBkNb@qo0^k%_NEV*-)7X?L}oolzQ^-vu;^{<&4CU915AUa3}LGBLUe1 zPZj(7aPe_Wdi5n)^93OT(!ppkod(CvDVHOR)>>(0KqSVZTb=Ec9R`7poJ?!SN$V(mt ziz>ej2VLM^Tr&m_yEy#x2fpEVHz+DMRHJrAYYIvIu?LUB9n7j{J!6g>Ugk$R7RxZD znXRPxWT1oiw4$(LukQMmxTQ)I`)hU^d(Y-zf2Qb2-ZXW91bLj%Rz{sqE0S9;pgGtw%oSs2P2#<0E*4hDwI?;e#0xqP(ahhR{!f z3c(Z%m!Ig!!laRp-Xe<&Kl=Jw{VR=VP-JM2vk|&N=xtES$Dudzkun=}V_(k5$|7ao z1t`d4E1|G{pv;oV$HDt7lEpl##DYI4s+w*&s!)x<`*kW~d!%Sbx*Ffh7fl~7x;r6( z&cv5fpHGb=?rV-7sTHG&U#uRs8toJk00dHFXY=v;`Hch7boG^;*ON6yj;F(2IO~>2 zU{`FNz`B*`VPGR4G3xHlv=2&x<`3Hx<{;<{Nuj$)g@< zB?O_QjC#C*V2^wScZJ#zd>g_;llRW_-8Lx>U3Y9UeVvRAP%CSJwSlieKM1okVNK*) zZnk2ayaZKE3`)$?81|Es6Zey$lkttK6Uj}<&F~)GsKdy6G3DGOd9Qrte1km=3-X$8 z?(x?FB3ZbjJm%l3wdOQ5SiwBt7huFx!Mg0HqYY=|XH4#dEx~sRf->LbzDw%IeQ5pg z?FXa3cbGk26Li^k@pU~G0X~!OR3jH7*UnMfjF4#ROE0V}OtmQ9t9P0b+J(f15J;f_&9x>(ZgM#zGt{I%Y_HwnlYd4Dd`|P~iw^OR^a5^-)20BsgJLej^K|9`+YtNwLmrF5T zitdYN3o|wz3yq8F2jT}!i%q*(X=vgPzz*K>NI)hG0tiUix>v z?iJzhv~MON@*}`+!i5Gu2xo*Ujuw1ZWS92BFnLXZRD}L?Rd6-=2eHU&Q6te?wondQ z1C810yvV6Y6f(`M*YZ_aXdhdGAz?Z=Ui@8eMF_?TiZHmzYPld@DYgq;^#_-|$H8l5 z6lQOau<$U&zg2v@!3xa1kzQtMu?>KR{J^a=0oDU}TszG7NlV~&jkSoTzmS{#4n z=BVyeH|J^Yp#%WXbw9TW*WM;s0OhHER${70Oz-+S9e!!H0?Nc zuUP0OwCk<(he^wXJzkLoN8_;5kLp$$h%b-%t~9C>gXw#SFC_f>Ni8Ft5s;U zM{g9{Wm)~tKFF_vV@s)BN`9ywtJaj&YPVRQPm|h=#u^l@MXe26a#)t$T0tFlhsi7z zr)tX_)Kpv3>UGNRrk;d9SH_QJ+p^tXWN}hlG@07U9JH+)Sh8>US!y(`(x-AfbuczE z7GV8ke#-Wynb-Pekm<0pgPX;rclxK&h%M|jFhpOn0qJ|j-~RK6Z@m=T~6 zJjWZD7#JMxL$*c+xJx<%m1MmUO%CTIEaJ6s_3TFO`j*L+ZR5SD=cVE0BJ@FMyLTme zFtjw3(!1)mxpmMx0Z#p$2Mg5b>hSl9{28I53d&7i7%V1UVAuyaDkY%hPdE*~} z5>I!n%d@;U=?;mS&ryumrUN#wIp*9Ic1$+1-PB^W&EI=xE@reGB(2v3plyeB4N;|< zHu5wMXAB&8H7O{8OI4=b?IBi2h<`-S+UDB2Zn{W1XmReSCB#AMIUh*n=s-1|P z%6Agy0tgPAclZ|9=f@!&d&f{6nZsa8PFcQ-5?2WijT5PD^>c^h?YwK~4fkEjo#`^l zYVfM>kG7b*x#O{o&Eq!SdmH=^;(ZTtch(d4LHu*}SX=NC8@ezmuY3Ht&864q({prX z;#9s`@1UDAE7t?lvF$PXTwT1j08cN5C{`v?qu`mbEVw7sNl^&xAPG1#Ap!1HC3;W`ihyG6{t_kCN7t_961t4q`Jk2V6Z(oE zOU`smojX{ffNUqG?f?h(iu~7qcyWcdM{scPKyxKEM>T0FE<;;uI(;Ks17kW@YdhFz zI5-|xF4(2Dv7AyyB!LEOOO;1YluOW_>yrgQjZC-{K8pM^9rhP5shOjr9Tz>li;D}L3p1Uqy(v8-CnqO80~0+H6D@26 zt%IA5qrNMxjRV=gZ}M=TkH!v$_U3ku=C(E@zwWDVVC&?_OG^4n(C>f$UZ=6E`5#F( z4*zTmwn6$|ztA(%G0^|MH*6};uWz~J%w3JG)IOS98{0U*WbiSuF|+afYr=p1^he}h zQ`P@WWn|#|A5;JO>7S`Q^uM<7*OvaRuYY|DQyAYf9{S(P=X>U?E2aVmCjck@QBcVh zet+?)E4K1n`!UXk9SnEr9pNC-7RkskpT`&<_bs7Haxa^T8$lY*PEMVl*Mf|(v6bWm zB9@9I=*NQ3FeUJgQeA#XZ7nS%FT7>%l|JDg);XA9HuYu)F*9$cUThR8lw1pEkodqM zApOUOQA4}`={9dzB0tT5VH)lu3;{U!Umw0HZ`z%-hb~ji$p6Qj2x5faWBxVp|NbDU zL&0E3oCoL+q5t25|1JHWaehAHcSsK_`hT2DGW|;$2w)(C@&7pEK_pVbhV8@k|Eo~@ z76D%^K)@UC&*ytnv1z=Gnk8DzMg_$hEnM@O3k`~t4b7j(8eHW!)@Au3nN5d`Jd(}+ z`yu?tGx3XSUlIJ0ZQy@`iH}cB?0G3~#u_&D*Ps<4A0Khzcj^s0rQC-R`a*#kfhotQ zQVr|$fZo228=k3gS)Mn~@!1&Qqj5^~#GfY(l;r3xw_?6{@dkMtYh$6|_0?S<@t9ZP zW?x)v9?(;vHHAYyj#fAAzGtDeWEG~kv*`pc4|_tO z7lZ)!K~#?gJOV|P#sbLo`1p7z>hhAql#82kO$*EcSoL&fBUcP7VYfYOISs3}oELe9 zL%07ag#G@ikw&-Tg9zVs{yzUvUUy@R$u;DFwyfnk=wl2GRc89XF877xLvRZ$3SCgT|_EOca=1fiIRfhMEq0BfkeYm<+xol>XT70}stH+@|9^ z;VH&iA^vUmzEW8AmEu@ems#jJav2}&S3UQk*fR;$EaruJ-#?FKczGmp8U|>& zbO_8=I$4fM@GIVXo-5<>n5AzF1DEI4*8EYtYmFEm?)I=dH$}aLn?v!#G+uJuR!=H~ z7#j5tbJaGq%0)`ZJ83+feU+{`VLb9V_Qu=!T$#c$Jm}kx68<^su*cBD;+x+iMx~h> z;+H7UBM|&V^%cF&4=Wnz`##chu33>TNc^Oq!*bu z`~oR%p~j<5Dw(h2nt;>(=kYsZE>=Fq`CO$Z=y-4YU(rUrVMlZROs+VW=JcOVXhYcd zK52l{%l-TWDUQeeEdTa;-nP>07*oAvOO?~{vYgcqc%3r*8RrGJ%iddJ0Ef&}vQ^wL z@2O)Ue}8nAX#eeOmGS7U8^ycIs9|t;f&-WPenQnj2(F3e@*Q-D2kS3^GYH#5sa2FE zwu55{5fKqNuX;*Bm)tf@(yhR=l49*DjYj9)lmkc=*>7zN%suX5 zNOWd~^kg6aLx|~(rE8zk;?V2F)Ggyumo-C@x@SF^?#OnX&nKrUE#&1-=&SA`yNOO` zwji3ev8(Lp(bwmDZZxJ(9!&rDBj9;_(6mj|&}gY@y82xxaAQ+dC$_BZs!QEOmc?qM z9d(vhp-{CfZr3+JmjBp~#cHOVtJ=g@s^APXuX@mSK?E}HO_-T^S#`bOunf&41b#aH z#AJTrg4&&mNdx-h&S-oS5?=2vHHBL(w-QELVfO5ST%}J=Hg>vm%tkX+fX3$*lU2I| zoHP$xj$nU0_L89h$2zsNQ6lIiRZ>wkUBbZQ(a}-++n=A*Til&Wx!7eWdsQ6q;&t8h%I!tHO0X?sA+bA!FJPvz{=-X)Y_4O4R z9nE(qvjRQ2-70Imjtx3fp^#+#nkBD$MBMx3`@V2~&qEqhg#R*&pYHG#7L(cgp^CY8 zJM3zh^nbk2$jf}a>!&~hs2_6NKo0av{AcX>n#sHG$FpPn3H*S&k=tW)><2Z#{6vEi z$qMyRhERZ!Te*?z=5bWpjBTO_Fd{;436FdAk>sB5d)3mn(`Vpl^X}}m{TF6a)ddbK zS134KxMZpRrO4oRPOH!FYj&h9U?(W02A|zFDm0m`mwA|%o_4;r>N9z2tkhpY>ffHp zM;3l?r2cwZ*Q>NY%zvA{g`=pO&jX?rBt6sWkXNO15zOf_mH21lJzxYO8-k?G?@_DD zd_zfhf~qFneX-Qz{0Z~-2|_!!jz-*+!7b*~$A;ZP`A#g49~9ODMSwR=C{}MViL=!D zN==W0C1Kq6iFNR5cRa6CE0m(BO%VE|H_rIt^Jq9P1s6|s?&dTJ-=M{18+}`4()sGm zp`?;h_RsF_ezGj0Xj;v>+?j=Voy($X^F<97y))vnRtksh!P6!$wL1pOMP-wGe^Jq} zi2l9l__faHN}4^nEzp#01pD%J9gSA?j4kg0_Lry6qvmaJ>CQou(LelAxQk@cxX9b? z@0xhd_Z=#|Zk$csL@1NkEh#1oh1Dl_2D@(`qbL?D*eW>h&rrp_SE;UT$~@j2f}n?c z{!BFaZ_7}4(Gx#BM*_UEnalp>2_0lF*vFXJJLA!G1;+x!#;MC<9JURz^*gdn`FY(P z^D}P6$6&g97(Cbj zyL4%s)+KEdvZJ?%pKK0O@=GV%Od6KdpM{s5w|Jb#M56Q3)L2fRxXNULM;d{y*XAzR z-g)PY>OJANW>qLbSa*5$GlP2>B7VBhNubiVik5&T<5Tq|% zn|B?G-p--B&ZoL)Oatqd-HTA$+!B<^bhMx0yf>Q6m`>v2xgIm_-++1T3%Argke09i|*?a6GmaZibfR&74dc-1(8rp`HrXJ$CAPFH{@rvvItTmCpa5dA+f zp}kI^9X@)N@#V!;7Sywj>x<-YDmUf!K!*V!M=Ua%gby%pw0ROp>?wCQto0W3xbl_P zNQ=#)yQPM$3YW8)?PEp@2E7|+u)^~MtHsJ#mim1rkU?{9gPRzYoEmW{IRc*uErv=RRGRLG`{o@Gw*n_VM8V}Eek%^VLjwoZ`z zG#x5^zg+ zYlu>*7H9NsRhc7rOqd98BA$4=c(IhsdAcdJvRa2lDUr%mlWKf`Y@Mgm1lgMva(6s5 z(Qe{n-zqzhPBE`DG|}!Z^4AG2@^>lFDM{+i#O&m)6W?{$Et_`&NUNN7-rvRVUoT}D znEZ_aU}3GLWlEcd7XLIBqLaeB6`WwQx2<6AZV?^xExguLXisxlZEPS6g6KZDGjrbv z;-zywe@@ku(q^}mc6LLEL%dxqY3}j7oxpiqj{589((2D|Sd|XbbRc*)R)^yf!7z<8 zaNfL4L#Gj#$FNeR)x!4RnAhQ&#e9Z@>dTj<*XG)R=)^C)gerpE#L9$i_0m{pvBH2H zxG@7*)=~m_smN<98DHR?28y*B6wajC7G(qV^OcKK$YnY3 z@orU2S=+6`ljpc=R-m-YLs4Rh3!BA-;E%dKi&ZXV$nG?6Yb>U!nN;_x@V(wl(alXg zI^FNkZgc{_mklKXuT~8kq0a$Ue9kLNYo~cnzIy29{)2o-Y>|ptprq_&qF3XUP$9*%@Wj@%^x&For`o&S4D|xTt2lf zh9$ZYmOa5^D6p8+g8ox<3L=JcE6dp(jLC4;lHy>5iQ@~VSY3r-C_GlmHcAaqb$VR zD&|~HC!E)PB1;fC!I3!IXSYYpauf~Y*|TUaQl-pU)kREL338`D(Y<13u|DvFy#RQAJW zXx#ZeS(l?7c-)Vg$ymH`fET_vx8Nw zqC962qUG6TjgB34OP)fdZ4ixc8FgL4x$uN|XRw}v7g~VsEtoR3e(Z zfry}&f1qFpikX1^0Ovi~`eS!LJuO`ehK==Hz>v4O*q75Tud~SJvx|7%qzu8>EF!O; zy#fXEmKb^x!ibMqPaEP0xt)8m!o%Z?`{O2F0ngZ(X){C?d?>(yR=lK$`?|UQgpK{+APy3aj`R!Yv zbPN9`EB>8%kWeC<<>|G-BW{eWcF0sY_0<2$*p^kxqMjZ!4XdY(eJlsk{-k_s>@H;| zePi*(B)_8n@pvLQHFi`dKF!ukum*@L{D?PUM-P2%9v}pmcJnqoT)&&TCM{B_d1Y>TF>|pb`wF)7Wd`4rlKHxL zTj^T4KPD^C_1JOdbX)o}CZRKDPIy>AoJMcYdCnBHuOHx2$z$;$QdERDjz&$P&f@}l zVO%bLl1cwEr)Eb|fRM{Y9CqJxROYPN!4%g1g33nRYmbq3-=St1p5x1PiXwwGr=lUi zDY%Zwb!WurdsO3ru5ByTbTVAWc%Ce%IM)0mt!=?r+H?aL!Ubej2ZINa=gno zW4%YE>I{di7p=eMwdowX>`csVb7{*8{#NnPOQc<&Ued=WlHqtc!fmGtqbw)uQb*~j z&N{Yi2aLA-B{0&gANLIYin^>Nj>a&%>5Xmcd7RZu`KbCtjU>)!;J&llk?&2((;Kcb zp$}Jmb9%Nno2ppGr(3jB#U{ng-yQLcs?G8~YfstE=*gb^@ih+|i8@L8tZY)P8CAb( z@exN7TKL5TR+jPc=PQa}DavrCCFWVE)pr}&a@|5tz(Sxmu%TG3Va!b=vzy-0-1S2f zEuw9`&U=-7y}`ZHWE|-!;zKEBNbNN=Tvhkn)q7pXR5lP>3@>D>9r$#=)06DC)b|n7 z*H6#!PVu5AJz=QJn;&|kO_s{#EOqYE({pYd+ZUT{9Q+gYt9yFyG61+H$uwts1P zsO@d>HDPSK{~ovy93>sjlt{Shkwb`-u#D)rF)-Y$5ZuBT=RFALKL3Y>V<*V zkfvUlxX)js$a5@W-%s(mua8w4OPb#IF5j<6-6X5kl2Spvjn^YbD*^ZL;-K<5%E5Al zg6D)0qs|rl|LKC=#8(=9zid!Nb8a84k`d*VbliDCdI82TPRos^&h*3T?B~TeJ#S(T zyY{}R1cg*;l@do4c8dfKzxo!v^4{t!`ecjQ2Fv*2fhb5VEO(ojz>?}pmn~_rf|3#<~CHco=T>;sV7`W*y}R+GV8E)>80PZ zbpN$CrPZ|;(?g{%p8im(&U#Vfy-Km!pe6s3->|}A$3!UWe4~lcbS8Wuv~<@}I&T|x zHu5$ToIn#V1_cU*4}+UUuOub4t%CnVzPEBD=1eTPd-1gIr>AM@pZ8Jd+?p2!`ESRA zK(Wzb@-I%Vu7xVE^&HJu*m_F7%8Er$ZCRHnym+B9h(~j^V;Js{orZq$MzO@^bZfA{ zCJSE*$R|WZ%qjuPV6tT=b0WNxVTsqrH74c~cDn9x;<|uYw0>ffl8d|TYTQE5{;b1P z?X?}>_k{ZX6m{m3)eKC`p(Y#;DIA*DbkVIhGDP@LznW%=*uJU3@Sz!YY$EQu|15rb&E~ojNGsCZV z-Vb--aw|%?C(AK3r&ocBbxpX(siX-QzZc%=U`(!#tCp#g@iw~D71lR@GE`?Ut!+L# z;Wz3U=Fd~2{Y_x`qM~f<-U*HqU#?yrQ$ZwmCF!x+t|)}JLv(asQ75suFU-|g8uw3? zP!Y+hrtx5>7Sj(e%eWJAnJ)1Fig@G7)EfHw5DG4k_4UQQf|SXMxMc9)V5hB@=;kVU z)N+y6<08nUVR|jKWpUZNHO_QmRyFl5ZZL^g6D=VG3c=VAvTc?x6c+CNDoP~I*woy1 zt@fKPB8hm1!2};|9Q-l@v=;aj$oa|TLC2_D$qq}1Lv z!Xu_oSe9?V_!FQ(p@-?ZR0@atnVLWiXkLeLdr19zqLDh6UuapZDakQ=YD4FfO3b5H=yk>#w7nCpBXN{~Q-rcmCwQ7l@ ztZJ2?dl}TrY_zF;6st-t1H@>%Wm7Po`=M4_EjCJ*T8;gjYtF`{rEek68ZzfS;9vGs z)B$V~%dD8eQeLBm-u41|?w0%S99N&_s;gCcArBr;APuJn@}?p9We+{q0z{I~GUqkT z?p+Sc%?9kcNBTMS*8?Da|7ZW;jVk)qo+-s~{P^YRl0iBAW<>OH4fRM;|4uZOiSz;1 zwmS-siv!8ytb!w#{e{&Vxvi8jjWg+r@w}|@M*R8Tp8vPt_Xu?h-hsb}St7#J=X6a{ zzhJWIupXbL-TUXh-~9Ztad^fj38tCDK5uPK>b>-WjMaFc&(?y`!}nP1PIf7Q5f325 zknj&ya(}c#ETvF|2p1ifZTlYP(2h$%mHPvgDc%HYLk{`% z9xLoMF9OWUB*8ZWv)LlBEMrfk^qS&vlLsA+J^wvLXsp-Cf*#?L8dXr${497do}MRHy&PP zzkNP!E|)0AVLoa@9ZyE1`5hazNLW0{sCP<4%YrtEPabNsz&Xr?;9?TvxCXW#V|DW? z+@TY3O*GB133$4v!CDd2mqzgu;mbPlZIC7l^aNMfGWC%nbhw#Ty0i}p!Q?0e} z3~k*^@YV0VjlC7P*GsBD+2|71${PHY96`X#wwy8axsW`ZVf z9p*%eo3jJj9MUKet77e@IM1uA?Gp&M;b!c#PQQ4bu;#-V@U_B1qH(9`8624|#i*o zbHh@xgj+{-$z)wLo>p9pH-AnGtH0N`wayZ0M2@cn#&l#Y&$5Ieg$7_F@Y*qSQ@@x3{Wrcl*d-5+TfS3Yq$jXG4^ zGS>YKSuyfqr{7n?c-VRMaTMml&&1YNz4#v#R}x^!>C1x2#at(9Q>48e#Ze;MUB&t7 zW%rASbirAdVtj#Rwl7m!|v2-2RRed@g@a${FdKgu(ZQ*IE9rud)T+@cYQB| zB!YHb9Vl5(k{p&AS+&KjW;{MxWq)aPM2z;d$jf)iLHhpA+|>*;bBn;Giuu$ zi%mIqo}IG^$PaG39chIB^&H?y6J*~RPpuBt5zUqJ4F<+OBECVSawpWNwMrCVi>1cX zJ+N|-k75#{({7X+0`l9I1c!uFM`d&1=Q7EcT5*~NAHj)cJ2)d%AbV95INd-_mXWbi zJl+v<9>yixqE*C=5j;pFVR>9huBSjnVarKM2AHKlftb*2Uga8YZ`ew@^w%$=sj+Kh z^b)uhL5MFEZJNy!e*XNa#=Se(@dceH!eGQm%hMn|-)6p4I{78~RIQUGm3E_J(0sir zo8{aDFUX})b2>Y41E$YvCV`!{^Fd=UI@0UrNGH_7-^K7LYrSi98;G9K*Upu~El{m1wM3!#eS{|-!~E^y zyQW$W$DIg=onPetulRR*M1-Q`Coax4|? z=;+uyXj|BX(PkfR?kpzqZLBk=s~ol|ClklKGg=RJO@YzsZMSPIRVIUYLo9z)Ebksy z^5|76Dp4`NbYUzKzNScg!o^pmm)FbTHUyydD(1AO6XavKx%29!o3*Nxw4fr0lf{db zES~SC<1`s9YlBh%7z-xA#b2FAHegiH&M5(1ifrG+Y@sqWaDE1*25oQ*!>m9dCy4c@ zg2X&OEEAOJb7|>KI9qfX+Dbas+bYgRacXJUBhrf#C;WA)APWsL%3OX*hdR8eZinBx zMMLdFoDb&6i&V-WOMY$-=JHpt&^t;Ogtv;V7w?7;rdWp)aql&UB;pRg8e>{W_YgZm z!HG)y&JjA8`|S$l6_;qKTE^#{)5MrQShg;?E+S4iOl1wSUEG_rOhIM4tJUXxNFG)s zeeMKx-;4J@%g#8YGcQ|_kxsfz9cM52{xypTH*pQVP^t7S;`O=YC;Y=$7{e`713aox zy?gT*eh2!@4KFP zPQZyh_me7-T5|uGme!{IN~cf8eC=(HOabXwu7#f&v>{`FtwVsH#UT6b+qdp!BO8X{ ze5B~mWyD??S;Uv%x|?(OtH8rHpcTIM(IEh;n8b?mD>MGA8L&(f9_~KT(vt|wkyq{S zTP`?G@$@)W$A?qgQeDr_r&B@_lhC~P=WWHO=~8)XKMgN>kM3{{tXQ!Y~NZE*NTe{FGO zR1`<+X&txOzr;2y9Y(;pMsVSKa}e8f*f^f(B5Ss?w+w>{o%>O+qaB?%p4VG+?>gI3 z)Ll)~;r-$QM#@wggH*!L2Y%NU?qCq;jFM~$1IAELLiDee-=9vKAwhdkS&6oTR?dzG0fLv)rCww!QmoG@W9&>@|!V z*JPLR;pECs_I4@{TN+jfaVX310sy@s4T=C~=^aV^r_!}jv~y1vt_q7h*@Ur1X|(I* z4(h>dK#-IEa2jul)4a>RU2fu^diD{$T>E|DfVSe`BS{rz!Dvu;N~D{IjM)BFunOEp zA%9kmY6;U=l?g7DMmuww!{m3fD=VlV=ialzVl^7Ay%@Upt5?xWKYAD9Otry^-na67 zF|=g#VYr68Au^~*o=OJmYa3AXF3#tPW&t0s+nyf8OT-66PVIk#wX(#7-`{*QgENHn zU}WF3PK*62D0q!AWpqyt#I(3WVyF}WF|ab8M2q|RMpCQSMo>R}9ohjVMR%Q*oW%39!qZDg6+00fBj)OI>a2IIQ6xJ+OWQn#E zNnG5%P@MMYl3ETJKc&*FEgk?ei+U$8DSIceNf#!b-Eq;x!uYwTu#lP<=+KBh6!xE% zwjmD>j+lt&26~?$gUIE;?emS+$@}wl!+m(;XMNPdq6zP`>dVO-M^GPM_86wkVt#>I z>EHVz4ju1J6&N~YdK>7#wG;|HH6Pn}*3juFw#QhL!h=nlCmopU`~<}855uLFIzNg@ zVF_}42K&;xe$~ge-zSqhF}uIke(xA9tUud+xge(1aT5C>TKY49C> z3s2f|_CzbJW5#?Y-S><&(LIh%ldeCGKH3^^`{p^FCCRj|OUceii1Tdu8>*cNoi6qV zcM*{ULqom(XPvQB%YehTqT;Q>Yf%XLkEH1q|Zu;=I4T>{<1fmidExMrMI#)Fu=F=z_D#hX4bBP=@o}#H& z8WmtqG~Ty+Hx#ZbkF_ncPC?_QGA?w2L#Te2<^@Qce63Its*`ht%%D9$nKkFU<@ zdnhH-ki$bBetUGN+RsNNb8Yc_9lOR%lRMq2quUfNOI~$l$~3>*@(?h4K+rF9qMLNi z3NJ61bjKs(qrxsVa6*iKA^%ZXUhwF)T9t{k+sIp+W93)LaD37;3K^bmmQE7TFiM%U z>d&~WU$S*v_UgEkvzxqI=wG|8V{DUCTyUj&yKazS>X2wXIg=&8)B>Hl5Lz8J!J4>m zJ*gUkTWGl3SjUZ%r%F<@Ibp34FQI0$6%Kjl*6Ashj?XD3hhf2waZCn*17Id>ThPmgPcxwI57> zYi&T=cC&OdfT3}J_L{D58tvxdFrNJmYP;(Ku4z>Sl(_yQaxA(VWcmS_%DgsqaW_p>IAHk1K5K}{c}#B zTWgB%?zQP;@;sME9V&5RhhI|Jho4{$dGOJX>J27VnOqHAuY0FO&pD(`OnKCib6r8Ikey&6ZoxL8PN>oWxcRvqiRIy-|sc0^g#%k3h6CPqr%#;TnX zSQg^GATJq~zMbs0{|C?Y%pW;2fiSnF$^<*}WTDFvFu~n-#i>!tfd+V$g_sZT|UO`P9 zn{=(ts|_R1hVXG^uH@ZBc_OXd)7Q zOcR zk9T=-nzpz$Es@F$JX&jmp`CA-V@ za&hCVD)Dq&zk@q5nUK(4Yx%kobYnhuhFZs*v)(wpdsS_=wD9OlTEtk6MDP>uyBl!b zVlu;jRxSi`pJ^RE8|WwA0=)eyWi9qfsWef}v3}d$xL@2=@O0qEqkY25Qy3f+vCH0r#Hn}LO0I#(3TP6~a@w*)wB`PI}jB)2<<+~f@A zO4PG@s3xpvlGN!;w_FTy6Hzu#ouS+G0bNU0D@bD#Bld}T8sz)lra;WxWDbbWI3h^~ zVO_i`?vR}~vDB)S*QY~CK0V4s(~ms0^E*Q6b(?$e{OKqtMBH`9hmrj}jea5(Xcxu3 zq){4aWFPTvM3-*MDziE*NDW&u)#BFkF?%w!P8p^N^?oXyzVTTY1sWC>uaT-=qZ0~a z#QRh zj;I> z$l>tsWAm9NLbD813A^i^cx5pl!bd!rXS}rqk)kR21*q0`InBH~%iyn!3E>424FY3C z5|dl9z!!4n23)1^-_ZNPL%@)dK-kOrIirN?{xn{XeevIolfDty=>P^J03KezpIHK7 z*gcH!(VQv?0sqBJ{u&iAhyd_7eq5kbkvSQJf#GJKU~Z$iGu;2#j{6(Q|Js$#i+2&K zGBKwgf9H;W5VQaZJMu({q9}~CeAgdO6A5e4>x;^fG+ytLuC#%=e+vqUDb;Qi3nyCq z1!x@RlC)29;&q+3{sQ5D-3%t+Bnl2b+HH4wOY0%Qe;~$xjk6CGX!X1*b{IW`HSDSb zV`S(k*i_PpPgN5+Vb$#93ba3iebZ5Pg1P@x%|QbY5aqC=kf|l)rl!y*{{waZH+}!IrmwI) zaBc)=H#anYFr7Q8K1cIvr=eP2s0EXmwDavKy`D4DNSAd?L2`!JnM(jUWZ!J~c&^y$q9x zh;I7%4!!;rO3!YU=|(ruJF1AwF{Ur}J?{3S#FO=KOswcje8<+p@tn=H^N+x=xKMod zzS6~})VU@X5XEL+jPz|uN=_PMyAihD{kA^X16!RiDZ&QQkJn50U-i_F+ zL$Aj&-I%|HhQ@#J|6zPQmIG@pMr&(wv04@+B_kUI?mu=&IrRnv?@bnpccXzztPKnd zplMk*02pVZ5Rc4JVETnhu?mhW!^`7==7@QQ{uR>GGZD>a-m= z#0K*<(Fa@J9CUO#KL(&%F8rSKFUTdcL04bOJk-5PGcK+GR`)_vx7S4uTB%1hEiHoX zhh82R`{b~P5aqBvBo0d)jlkFEOxD+qO&Z~cLD+r$BX5LCPQ6b{>OA?dPG)?6zxPJs z_bABxex=iah_=z}`f-Uj-Stymt=mDn)B&f;wzlVSf1;vM=&ueo%U<)*aBY@+S}raP zx@)AEs=8Hfc@n_g?O3@WBG!m%k4Cw7hx=^3xgt{czlm2=COf!kiAfSbs}dTK|`eWqRZOxSBmW`R4lb#i?e2g5eiS z#Oy< zHES>QJ6*#HPD6-pixia>%D8sY{FbLxCaJF$m$d`w#_Qm~#*i-_E{jPo##JloI1eqN zJ(>dISz)=YQ^ON#i;?^?gXtX5e(mMl&@|H_M7dOHwvS*HhNo#YxV}e0+;zLh(BkHsQQw0Icg#OxSyV%+|Djz4!Ld_HU8u50w|k*_R!ov1r^5v_e9>?!7>r zJQvVn4-c1f2;0FnI)urC+lvAdKlx=yKD`7QAJG_L|H7o#0KKvo5GH zuR*5P|8GnVE3Y98F*I0p+VAQINSx4BR8-h^J(AzdJ?UTIO!Vd|QYndw8`M-o2eGdE zphfQgf9!o{SX0~9t{|X@Ac}y1QdB@iK)Q64-j&`#>Ai!LP((pNiuB%l?=4gjkzN8s z5(pqQK#0@;q1?qjM>l65_jmXA^FGi02U%+-bImp89QA#Nk5QSw-D#aJEaM7HvqVlr zt*T6Fr51?)YKGkuG%Fd;XiYNk$l=jHsXVyG%hR{=&H*jBnGuvzO+~G9{;nbDXh)%& z_8U<0gkdN_#xm(HqOGA!x~aqXu+ z2?DY%mW3~|VYf60!njeN|0@-qO+U0>sB{X`v?gk9Jzky*7fKDvF1HpdI{wz8FS5U_ zY7Hld(`Vu%p^kps_`2InyVQotS=8rqR_cdI?8-&@u_E=V6^OIPswny^k}I!Y=31!9 zk97a>%|J7gcWJrGWVew1uYYRdc?tiVUe#r~rs(uL%&Bo@yo0Gx`$qvSVMV?5O1sP* zKcfbxru1ueQis59*(j!7z*82|Nq=J0a32s!0$=Vc6`Ex_D96+Ujx6!JY4y=HTtY&V z$cN?OIaE}x4YB8aY0GKr;j1cGHqzAV=k~IwRN%MXA*~Gst!LkEz1O}1vW@y^nwY`y zfRjT!i=--Nf}%zuAtN`0QvPP)gF8E3XzL5|uwK`To8{$?yv7g4Nr;KB)dVoAa$3Q- zIcC(jB-dcgy(<(I?fA4W zR#q14)+upED4stowQ~EWfR?OSZ00f!ARu(ZmaGelI2|J_jl zQ-LH({!U5G(zbG%$epCuW1{tUtg#oSmU>+|q224P7k(MwTnw@R>D#}!0C4asrRWuL zqF{GHy$|C3-vUtPs9qXg8O+4`WDQq7O4eO`q+%{Oh9yTIUaJwI-%rg`{P5j@(X{Z* zx&do~*VWOSro9Q%_cf{qjsf`a#Kjm)?<^ zvD7b>{IiUL6<5<8xnk3T3Kumw_&_z_{fK!Raex4$W3QQAe|N2uOuA-h>FTsX;{29~ z@EuGGA>sQwt`=?cX%}|AlBI0)ih1nu6%sSrraEbn9nBwpg@5Qr@d2PHJpl!UXmrJK zyFS=0;W&7W$mQ}ly3^Gu@-DPnmO|lIwaG=3QnAGIOaW5>c!s$ALo|@(@B6ww(O722 zAmqLG4gmGY0zh>We1OEv-|O)@3hplB?XA~_8l7oLvTNd)*!4_C=PAk73RO|ob8*uO zxO}BfUD-~6IBm|~x0bQ#N94oTrs~+26(=k!1#gNve!2`&|3Y=F8*XdfG)fXGDNi8_ z=uB@~T~-<%D~l2c!`1N;xRGnA%|xRlHJ_CYzDlhHqOV7wfM(%}e9wG>0|TlfX>}tr z^ERlKQJAPhVO)XL&=*@WX;t~k0y$Nccesm1kGoi%Sa_|Bm&{dYtEpYbiK4yzXR7sI z`Z!xs4Bgp!G8Uk=& zN(mAwAuSQ?cOodoG4oF7bFhU*ziM74O8Zw_?x)=-Q{`u-*R-%Wy9pqJ5Bm1v7cVut z4cSCucTsV#-+s#RZrB_@szwk^3mls5&qI`>h*L_ySTJS`I|E=XO{V1GLBr-3b?fY6 z*qN28DfbWAUP^hU|9RG%r23@{3vPu))bIc%YYpNi@y}ltqqirzD`{q$C0^alsr~74 ze+uPkJ|SDW&TgQ562C9N{g#|=2uV@1E1cI_V91yI>n7j>mSp7V)XDXkJZtghw=@rI zGiY+LOdrED6(o)>)+|d^)m&0akq|}X_#7P!ILsqfIXMmUpFJ7&8>JO)l&^Pe21pX- z_JaUA21|7;P@k?ny?-}tu%nv0Lld6kS+lbFX=@N(HBgtr;0z>gon{a5%{@9d$&-;{ z%-rSA1?`*UfpqJ_mnQ*DlzEoNNwQHn22-Bn&%PgEa-I|()J3XnKvSc4U;Ki4|8(^c zxSl5sCKH^N6HN^s_lNK}6PKR*4RewaVbpsH}lVwf>(L=OpfMo^sN0`}cK8 z539se#k)01C&c{Ab$JsZHgeXieSYHScq+5>6I@Sy=u=Nh1p0w`SN-ha_^Jr4xbL&pKB0sbw^gmQQmcC0{ ze`YmMgNvJj=N3^x%x%d_Nk%P=1-7xJJC2TyUmT-q>}ARBd2A_)mss{cu6QN;@>~H` zJd5^Jr^1r7n#q_+Z!_g`1Khs=cHcN|(JX)cQ?4=NjZQ-`bDfp(t)q49XNJM*egNNF zEl@C`asmF=vZ@GLoc>tnp z$f!J}?rd~R6kV>;&R$;v-(VJP^I)mjYtE@olETp??jVvQq(LY5uh@^@)qGk2$d0@c z`!Ko#dtoQs?{r=F!*PDyA+~$b#JbHSM~*xjlvGP4u*JgO`l%-|E<>);V`KGfvsh)UCtVuR){ zmenH4`9L~^D-Bp{C493_*iOioP#S@vod!R5Srh_;0jl2@3e{=p`sE4$pSMKGRiN;# zzRNxI${5-Cd&b6d^UD=;yARHsOdrH@f^&V#ZIdo*0}$EGo71BC=k%D(mk0e)&cwxK z;>2P}y7l`mgG=l~)C;v_3niuG5=M}{ua-qrOXdQt%VL0FM33DTzwK*m*h2Y*;Z;Sc zuRb8`<0nC$J_48hNw$)QHvv@3=8u3YI_X{!3QoUnlD=qxupAl~0kjwuR!p;of^MCM-Dh)~Dn4 zbgiVu4$R^=4Hx@jJ+>fe3!lKO{sX@J8`f09R?%J4iLD^(vEut6Ps}xpZX)3Z;U?q* zvRfeiaIF2TOZ0~=Gl@H`xc>yu$o=J$3nfc9rw(<~@fVu$Ex&CcUk7Lj0-T31tQFre!x8{FxbqYMWn|~%0 z?C*#Fn)VU@t06I#cS`5s-pvhk4!tAwFOGUwuv2$tRmMA5na2sc|YE|1-nVR3H3r#3b!i&B^t zHxObPq9`SEWLvZBs9R%&Y<_=J&_|DgO~;1S-P}URW%*g9k?hp+JHnTz)G!d)ktR#k zgjR=)dib1m{(6Tr3HD07i)n}hHvdT)qPe8j^4a3lR74*I<9^q?>v3>$|HO z&oV?r8!_wPh5kB3rNMyw>edCc@k(zzaJp_A*a*8P2)o-=E&#s9nAbdzz2_gK0qS-c z4k|)KeD`L%3U-UPQbs`Fs;hsx7$jsjgq~q9tZIQ|){hhVL_$4x&Lin2naElRGmf8> zMl~o6teqG?`x9U#7K|%<)&0I5#a>S&Q;`7>3oR*j!S5iFyXRdkeDMC>bIu=R-QQW` zSe1JY@~=#4mdYi%^L3`=JP(*&`)=P*dNLu@1pN@B!@c?>$PHC&iA{U+=JSi}sSZo{ z>YDwnf&GpRI^8E9cR8`TaIjUsRi3kW9JEv&V!&$cgY8e)P1V}69%)Qu%F3X?G`zAe z+j4Y#kJ_nWV_HnE(yC&BnZ{7@4L*Q|M_x^ z{=K^*FxsQ#9kYAnr!SEtr&SvEXS7Aq-&?&%F_9s;hT;MHy9o?s&4L7*g`pUa)klk`A<*RNsQJ(Dqny_D zRG#HwcKiN}X8&PC&a>j6R|_$O~4X82L%WH{yYjLXL@^;bo9NQZ55{o5Q6 zqb2*g3Uzg#as-bSYO~z+-I*L0{p#u@bDS`I@0Z!{fAcQsHbX;r0v`rQ8qh@I0daq# zZnuSMsawKslO`6AQz3~dtSDjfTdW8FO;0BV!*d$hx&V@O8bo{^zB}R;YxB#gpC|D* z&YjM;Nr+giLbk)0{{PM56PIvW1VgJJn=v|%v2EP3q_fvNM{OLdb!qfEg>z?scq4{OK{LPJj z8TTd~NK7;AWewf^?`i)$W`3JtyI2YgY~RV|{ojsz0_4)fe@JJ@{$HNxFB7FF)jLhX zt;*W|Z^ymH#Zw5J34a>(+vhk98vgzQeLXOc02&4R{pG(OhlhVL{&G9rTc*EQSATt? zpDx7D2NH8Q9azd-^S>Q;@e=7Hs@I~I6wf3(|8{z3F8I%!4%Ab&`c<*_&mPsE^g2+M zf#-WY@qa6)?Wgq|^{J!3t>^e3Bo@e*x0(DUU;cOR?aTuL@nDu`=`TAkwU>PS&1>{0 zz54jok7w_y-3hU?l^G3{)znA)u6XNC1d*!H}^k&=i7`s`A zBmXa6zCT}m#1cMRvMBmR#6RT36bqC+CivSQ`~3xgrt z;cqVVc9-O#F3#Kf$5$+YjhL-ZbVJJ1n5>9G}_k)|txzY&XnFUpLv z(R69bv4(c92V2VRD=cRM7hlJ4J#KfHl+g+c`FzgLmqD81Rs&V5q|~?oKW>Ds9W4|2 zgXk-v1jE5Dgr`+;RQxLyE~s9m-!Av>W?)h)miiU&l4sgX!l)(q0U9ZjUTt7&PuzJ{ zX(D@yzI~|Os7ArAohTeSlTSr4lrGDP?B-6G4NwJ~bdvo3Pvrt`2J5qCPoDi*Y_|x_M8oP> zB~av>wyO2+ADm)hZkOiw7#euAHdonC%t1cKNM@?}9;Sl!NaIw{cwQNSR@hCBr!F*L zfW~&@Em29Ig-+hM;*)d!#gy*=&IADo_bCC_%Hx@v9QSY&IE3ns`E*X;r`Ojghy1=) zF0dRNl0Hm0YQ4hx_r~EbRrrJTU-jRhvP(xfZspnT=lX#Ql2(t6U-NgsS>le6b+ZEU-Ujh8Ut>*a?21|V@%s?T5PhEEj3!s}P z%yV(V{4e+G*La4iDR1}t9z*axPa7S3HMJkQd%WB0AxXAkwDA+8xb!($IPR@T0ssf-19eH)K&Vb_$F!Q3|Lk9|x4X$?WjsKhT6?c9iuF$4y=L7q1X) z#h;;wr8mFmpiimO3Te?7RJD0VKbWIh>=$!ZLL-dvowg$;spppgP*v+20uj#(qPg2d zJ1Y|%OI9Ut%_9*$GX_A~g8j(*Y&eyCL`{Ql3b;I04SSN)PI-}Ai!wkz|GOVl3G=eF4V`0>tENW9cJe+AN+oR11(IdXsFCHxWufX3X0{Oho| zQ<2`Is(6o+YXBN1Tp^94!^<%&aZpj*iI4Y*R)3?mW^DVl#z&m#`gPM zO^qa|rdQo6=7vm9rRi&?2d7l}m3Tp42FLAJ3{q+GoL3?yr@eP#s%;^#Ic9!v zyJXT4ZcE$i%2e~=_4?(g^%Ow1N;VLUj14iT&I9)s4f%G{tw%{L7ZOtN_UB4V@6B!_h!$Tn@dJ)%RnvZc<3W>`+Lx z)(%cV9hylV=0{NBbwPfm$6q|~>%q>dDXMX26ChUPhhO02_&zLM(%;0T80N97jRX=N z^y=lrxEHfkXEu9jdga+$A_kg;-MtnkmP}AE*Hof}f8w>!6X82~w`J?FYBzFEM3f)` zX?Sg-JIw@HQ3^A99f8D6d>ipln>W!zrwp`~Hf^;Q*zV$G7X=k@%bzP%)S;se#v z7XSC&h zQm(UT3-xi)i9-tbN>))xB@_on50Sp(*2WJ|2cU>##fACIN%-7;N>z#)`4QX-Uc7ww zmFZfZXGziGga&7vq};*`OVhGZbMrfm8q@ZwB=K9mPL}>~;JdqizNMfrbZ)N$fj{BZ z9l?-KuS#liom4IQzLMIcjo!Up|1EM!M;wxy56Mlm#df83N%0d*(TWLZ4<#>SAUmrA z8_90%2x4-d#x`4yAdb<_p3+GuM>?E-3oZ_TQ1+Unm_6^__uev-*-S~=RfuDjboj=N zybgg>n(IPZH~zs%TmJ{f?FD4dX8oM0=07tlZ1a z8~EzGpEH#zPD2Al_8i`o4S$et$AwKD1f&Q|$W?_qcI|vK73()Y>a>nINaBKm!y!bi)`Kx<}A?yn&?$cE?g5D0T zpwS=mEFi<0!4PtGCV+$K*$_g6g=RJ(X*C-HY)AfLZq(W3^J*{1;4={q>X zo=@QzV-2;oo-JTi)b@T0CTIEl*cwQinHuHzaF+Xu&XQE#NGL_ViGLu@B;DC#?KxvJ zDV`pWY}5xYlO&0V^V&~*=Lq%BrhMj$$sMCNCMsENQp%CVEWGrxJ0Fjh)~I)0WLc@v zHx~;3CpzGdZB$Q$r}tLY_fw>&Ur6lUG!Hs3lx9lt6+obb^DyGRDpNy|y8Q5^ii6}> zZ`|V+QNw=P{Yyrk7kJ9djvoHXtNst0^wdrvZNkOTe8Krj8DBb<)Ia`#%ojCBP6oJ9 zLfdtjJC?Z4T>%zl02f2lyhZhE2OD+&D3h$>>;Ghd0bN5sga4ZMkv7;&u~k_qCz$*w zkx$6G&TxwZs9x6-^ndqmD_4FU>Cz1%R%!>JX^eO823hyYj;XuJ$h@^^!Hnh1drS9n6#xsC0Ranjz3T@ya&{61=~^xmMEcM6&ep9=Z5MxM0<_(Q==1I zSHCofm;u_(nmIiK=oWO6T0YMsfDdqKY=3i-2|M`|MN3xdM9<%N+|r|O;`o18n}5v5 z|N1>rpxYo&2-B^3M@lAYv0t(y>IKC7^Vfq}FSP7{)`O48YMioWin+}WX&=@a1(`~( zGJ{PoEv*k*95^_5rOj=Ck~i(EcXayx`Mq^3SAolwCKOM-L9tea#Mlq=H-=3nvYB=P zG5<7rfR`sG=H6X0+kG5BAZr0(5*Z8&bo~-a%X)gioR(y9gloi(mS+!;snUozW#44> zCMQ#l{BSbU!5{*~el`yGaM@XPW)hVi0J3`;#d^r4$-dYT{OU_XB-hR`gA;8fky=+)SriYoNBDcwh8H|5)Wm0ZNA-8a<7PaVC6o=ae>iQQl|l^ zW)u-|5Bumt^d=~%3+CF04X)N*{03WO)qR=NSAFiEon1bVLB?aH-(9G`kgda<6Z0dz~cB2y9+x_cuJ zryDr5zMVL}Wpr&1CV%ki;b2=0xz@5e19yg3)~pWNE`Y3&Ef(yCd-dwlLY-`sX(HkB z)z~JtrFO4gYQ53&1}_$%Z^-t_a0f{3b(*N%gZ`C+NjOmOICa6}Pwuq8Gai5H-w(Jr zbn!OO+LG(6I(NUES6Id)URZ9lye}>$9+u^^_k@I2C_4Sth+j$|V>8%Hd8kKgIq{MO z{xGl^4DzpgDk_VAph1gTJgc?@IHID=GBSq0beT(}z-lC+bBJoe-Oq&v$QFatza&Kd z_OJm&vCX}E3gEK2E6DYJBE}{XW%5901CSxxXKW%thwVY)-?;?0avgAouE&lUV2>iyhT9nyLooRYiw;i-?N9F)@p7-5`^$Fp~&_Q2GOfNqr_&A0i~d#Xg4!7h#^ zB>+O?6la1p%(DhpIGG}cGMZEB8WN=bk;#{H5zpmq_grq08L`USH}gM!jIw$0*-YNc zP)vIDA>5MQ=HM~_KzvzU+Uz>jNK1Wsp5hRH=}+X61{mQ>r`tc^S^bD1*7yedWa3oB?v zV$7~k{NrtWNGhXR|LQ%9PhVW7d4Wlz-{_@}O3y|><~1r4k#C8z)cGMER#O^- zQs9H}9@BQxuMO9Jm_v{Heh6vdSFfadL4Isimp>xYQ<@^jgJe5u680?}91G1KVRC@* zy(Z`!-b7hq1o_>pwgxWqC`W7Ax&qQI=h3{h%Q5hkaSl=Ww|8HOtL7cCfeb-vcn=dEpZAb#nu<4ZrBQ(9HJ zx#;}6=N-*h&R9lxnWwr7#lDBm)ip%70qCl^BmLxkz^I_YtM;7vw*rcKVQq7pAHVvg z{pnua`}%RD$O~hE?y5kA1j4abs3qR<^4`s5h)}@Qxy7mVK!S;kD(N4X6*4by3o<`t zC$jTQIZ?9eeD0)Eb)PJydOc4_&J-{&L9qXV`wDT4Hc%u9Xp{&#%R>@&tp^I8bTt~u zmwA?&luC3KK@IuWxlU3r<|TIvSo`p%c-E98W$lFn&r8zZU{N3l205)UlQTt$C)l2z znFZ2*auNkgdd}JZUINld+(W&%$^mwACe`tMBl|OEtc)yf0n?*|$e}1_!;1<`dA#ta z^p5zic^)Oy%M}y*N8cAS;xtW-`wU~jje5`6?fJ)0HDK+x1b)fOYjMA{)z@=EPS?*Y zIX&qiu4TXpDgT)=)H5PHh=6gZvU6c{|7i&R<-WiE>#s%+tPOdx3CUlZcKy#^<3GvotG8ia}Db-iq_NjCp#!m$;TJC#(c0e93-x+4+{IgHSnFaB` z{@};rYJkbNp$wqa4)QVP*-7c%M#L4#xQt)h6Oauthl|A}SLy{&mJ1bZ`jMuZW{PQS0HNx~3v|nOiK%&%Vr_GCL%HjlTcRI6f68gzeH#fu z_O6}+G*1nWd(MjkF?XcHbC^iNc;wQ3n&E42gVq*5y_TWgItd2w1WL8GaHcA=!S{(F zLD9DzRL2T82WIMo+?W9dJg1e>``SRuxTYjr#!1Qm@HnnAUWDsq!mee5{#o4k?Q?7iQT5 z%ICBOeZ>4L{hik1#lrEcBNNdQ~L7i`=Iz=Zs&s_ga==!7FJaja= z%1qloNxCH-UyBw76Vytu8GN{WL{5#w93%|79wjO~7{X?fHdP`8bj-+kGUo)@-PnI|euV?@|n zvI7Y1WSi3n5f$eQpPgSBE7Ihm40Dzcj07BVne$s7VX6AtI@sZ}X-fF`=z5IyN_H~C(J@{v72>lq7cr73D zX_P)>R!Y9;*Q}VTKf2Kilm~=-vwX@cHgODmJ=-S5JPvY+g z_W;o8-RJI{1<K$i#JWu9e zM*_fDa*k{S>~X_9oR&V)*xj@Dm1#J`=z;3m4g z^b|L$yJzsrnMMBha{K#{TX=W*c4}`XwDMH*jNR@ErK2nF>IggQZ-{LY-IX`01eh3i zzYfHM%h#w!J%zW2jd59t0Qisj(1aeI|{p0?^D51RF;VOH= zu9w#L5+T3w`6k*FsKGguXC$gH(6Ra!zmr7E@h(`a&Ut(Jxu8C{=H0t@#X1zLxEsmw zqpRUd>v*5n4ieYL^1_QEvo+4A@)$SHbA$t@pKPS@w?+_{*ka{YOP*4S!nW<*odYsZ zP_st7T3Vh#(tGD;=Z9belF1>?hg*CeY zl5IIsKi*DuR)l3hxZT&{M=u2cg_#rU!d{0e$A=K*Y#>0A>oxbmsq+vHILb&^a}x2o zi^a4Ot;aIMednVcH~kvx@n~5xrgz6aRa0+ldlJ{1ofrEo10gbHslxLU=Bcsg7sEHM z2yf;$?H|yC5e1OkZZEpSLAJ6vAfkImG>n#&F_@BXsvp5>3CXU3r*N5<3T+*34ex5l zSpr~BlfL-wH^d__yLRTo-6WwQq>py%ivXeN60mgw2H~M=SELKoP?d`lX-*b$RB6E; zV=boMfhjJgGXpN%b(DsFl19un-@^iZo+88c*Z7Kct;n?o2owkfteQ@2F0lFI;%_Fb zWQQ)iMy7f+5?a-?EYZT7^9jVbZwSJZ(`*-$1yKmE^;$^YVEl_ha)cSwcYl*ywPZcB zSQ|W`(d)eEO6%HkDHj%-+6%-XzY>z+B?`Kyc6quQOvMrG(8wUXJs3mx^T@fBQv`ry z4Qo`AePegaqKgR1rwMX&%l4w_(ZNoole&Yucxl&K5t4tvrg3VV;>9QXikk7Gtnpy zl8o6-^WE?Cw%2@wZgrKIz5wt-Gi!62zjr+v5Kvh$ek!6om@s3_qKa|_x;#X7G>KZm zn@mH5rkjIS50Oh&ab0wA{YiYiQG-IOj(h8ANuq~)S(mZ%WLwSZlLM;dVmJw#a0#ze zA8KJKDW9#-u1duD#!`y@B>CE6ZN*0dPXUfqQx+w!!KKSreCCJ=iEXV0lfodTX8p%# zZ)?m7(D~=1{_N~77eaeIw@`f{rQJRO+J%oCugY6}Of%^N-UcBVhiO<-dD2h-C6q#w z=t+t#-bj{Dt7n}Edy|E)8TI4z*8Mek7WSqg_?<@+E&961;Vkg=N938Vje#c8ppyW@ zDR*n~S#--jOrvrXbG7-S(fAtw=Deyhd}_#9HOq`x*Iz5Ib^9qDTzC&KN3zAcluGq) zaU9BHx1w6EEHAYjd+&@w2EWp7O^E$2ZUAg(RKKf2^B3Q>Zyee{mX+Ja0jyTyWL#}M z7WQHH(k_4tl|!oJpm?mCTONO3wVwytp$yh%;IKwK^zR1fNJ9cCs~=3vzbDIv1YBu+5bLpO8NV1_{^+#BZP#7m#r{Wg zy35>(hT?6_+mTI4ys_b|k=fO1!`eu}P9A*1gI6Rn{Y;vaJb*985z)pIf}GmLjG}d}KoqzRyFNq0hP6aIzm~h~g$5M(&S_ zb#^e_O+w%)rQ~i+8^3m&^EuZ3)Zq?)rvLG_q>V#fKL|4+ZEo=KLuMHRaovDn`4CT| zeiF8CH@G2i=RJYEPSQ|Zpp!<~`?W@Z^wUaZ@QuL^r3of?sZrwnwNhxB669!v^dm3v zOzwDFHbG1^)|Tgi$?FQMgVi_h$2*VY$BVU#GYsa3a=(NbQXCl^h_Bts#LrYnF-?Jn z478dcRRkMlW^YHrlUsF|Bv8jX!yt!&l(HSc)p-s(|3W^5h51NCmY0^(nzATtCIL&m zE$kjmsJMfID!0(=G+$>^d-f?;sb=XbNTfuziB|5GRHJ+~Kk;M6eO9g;6 z|B_fi>0n0_x|CfiCW_v{j%g!mRJJ6F5|mOObHE01Z+~0@ONHt(R(GbxUbOz_EY5`+HOov1n^(5O_Ez?DitsBz51vL+zeQbeU9NVc*AkZK_I4Z zkVP; zld$VNIEysdJ^_I$Q14WYe20Lr+LB}slqDo>3}{-y4puzpcHG2YYE+tH(X!mny0tX$ zk%AS?$ya!Y`mp#r&k^urmv=r3)L2d2(KioPw}^ONCcCl+1k<{8?ORb9L#4L59?;49 z)#JK*DRs(ascs_ZRQu|^?xR}*uZr&!HEe*bsY&2(<*d>miIy0<1k8}TG zSuO=8@p1kE-?VBy2HMpUrq~3y@mPDaX!2uL*V@*%7K@xVf}K^c&y%qS z=241%R_&kO=DwWa2V2OJi4{9qo6vV1v568twwFKc4g>G@+%(DmH6J+llzp4M&joasT(1&EavYf z&7M*#eY1!nv{ZQXBz3{}*pfwI9bPwWXAJZ?cJm>oD>110qM@kU^78GiIGxsqC(dts zTU-iMYGFkNZ4UN8_gx-!fjD@uyMV!YE*(jmjxV9Lo_S#qXhN#)5hCGbVF#N*Ac3|mhtL+oz|4LI15}$#dqo~I4juNmNZMoCnXOG zYyonPiST)f!(8w&Tm)fs^O_VBgpmawUVyQlIXqMk-!z_S!BVOey`C zGRQ8-xe_v0kd{P!_r&V643;)83X>Go{5mrtEZRB8I(hg!<4+>cxQbEk~u(&!Y zLk*5EQH`#oKB+H7P! zzRu>Lmw=8ZJzud%!}9GtThSyrHEO9*UgzV#e1lPl=C30F9kG^T||We-jDib4HD#G{!}x%=qWlL`f(5CTy4m*5W^Ju6-gXLdS`BwxrY(W+5#TmOdSPy)Y(Lf^Yh z6_-htSRlFegA5++W2Q?6^0lDo#P`g!xSlOOY1j5!7DS$iuPD{^ANZVh#F*%&R*HA!Au}6|@DNeWsk2Su<^7gRw$ogD;)hc^Qr^PeIK5v~b_L~gG?Ejt*&cMVl`mC1 zTTjJxQcn3PIn-iiH!3{v8-{o)%xg@Z*x0fT;yK%ASpjHaW=7EitjCJaufi9(0#c1)^6pzuTte2Vhr!w}& zKCCUHK_xCLlfA>(0acYz-us)dkO6%K44kYVQ(TMWGW(j=8w-<*bx#OR+p)7Z%2kZk zU`1EsdAAkxK*-b=^Uys3DZW)H(U~^CCndVD+Fns`X-R&P}qde=* z{tOnRQ`8rk%40DCM}U1VKY^>7F6ng>lG;}NqkF`(x47MTP{_7S5Lq*f5!p-g22h{3 zM6Gvk0v(Ob$x>bHJ|j!eDp%lcFy;> zQ$)a!+o9ZO_BQ-&9hVXd$qKu%rvmk|B?vRcJ2^|c?6^q$S(>;dH&nn-$-T$%RuDwL z(X%0l(UqV0t0lf{iP_SsQgf@~kKyLGXoT(gsP(zzC8Zi^^H*D~y4iXSl}?>_NN$C= z`&on&lFfG9HzwL$kVRwL)ksH6$W|pIAu1Q(kxi zy!s6F9d%V=u_a!AP3HRSS)n}BuQU7O)jceq%h;(H{k7cY(3Sb8=uGoIJ-kE`a6 zSRJP;@+)t?jiYrUm>n97}YRwC1LZIRww>}F~GKx4fQ3-zAvPv(zW71m!G zepJCrJk)=YDC(3CNgjlS0cj;rt81cL!Wsf7VX$e`DquFeaw2z${DH}Ilz89afpFe* znNsdm?6i*FC}@ z(#`f?YP~7QV%-exQ2ROCw}=P=d~l}c%MT2WcERX|LAx|-%sTaFSA?@>nSrr*B#ao` zQY(;X=e&&tK}#LF<3!Vl*H$`5XcTyKK&{Z8JXOUU9Sj9@sTJGQzN^l@Ss z;*E73)J`Wh-|`|EolWX?bvQ;mrd?wzxEewC)gE#B6-`GSY)w@ui`wR;3cHWjAQTos z?O@YjPhsR9Cp6Bn*?u{c;{_xaHcMnS9Zb$@MLE`Uj^An7tJ6TR@3%W-hGHlwd*`66 zR#db2`V!L&+V@a)ox|4)(kkfUap*-Pfsj9eKb6q_VfKN|FkOGYB*$c(kX{x0_BH6a#cuUue?>P4{fw}JE> z?m>cC`r$$0H{FDx%sPdJV7nGH!VAT24P?J%AWWgAz_uRwa>z-stjGdJvgc6Cjmf1Q zR|_>b!zZf2`i6=D!Z2XR*?oHUaciXFfLSUSmb?N~3s6f^0ScAZ^A!C-kxw(lj*;3RTs(`VM+3e}pWj=Xz zM5ju#{UvEJdHO+J{E9<^0{+ZtssyFL$2{k|uMODK3-J`rp(iULgE^8_Cl9n5nIwcA z8%^B5*iW}ic~D1(SAbG|HWoBXjYW(e+_sh(X|~+!(*)n>#TJ(BA5m$7HCUnMOR3GN z=()xwjQJ8P-?WW*`GLnwk>^IKKKOP3n(4X+m~cpmYZe~sUQ0?msKKNDVRcFax<2lr z`o8ibQZ6sM0o>%6C7A7y@yV@umPw{SU1dsFFYRP~ivaH2{H@5gwc)-|2%&^wm?!bF z`Mj;`9oFXX2|`J)@G`A}OlviTDL3;+lx4=&jmcY825&F%?In-x>+SM?{P?Gs{Q1`t z<{!lcH;~t5hFk9k+E1I=SGoqrF5_5V;r7fbJD!sB${VRYX*;%nN`&c5DxRv2roo3FvBi+`cMY1jBoKGXqM?P*Y*CKIy5l&#<3#6R9y zZB?)pvR(Sa0ZZgU{k}yRj9KHwDYJ6Z2dWz%`ob1^55M0`g6tXk)U?miuxQq1jJ?dY zGO_XRmLf(wyk)E@+9}Dkc0-M8ia#5;m4kqX43%@C3h}ugyTZJ~l{v=t7Wr7cp)i{1o}I}VnQCOmr7Xm;}?;|FJfL#7-}cz{TE z_pjrbLIcR{5rPMK@ph?1@zA0c&C&WD4VwJX9X7*_JkcU$@~!15jH#l!xor>$ZDouY zz(8sowA1XiU%3$3{$_kCNyA_~qOfc+8GIU^rIBK)|1>(#M5PcnO>=Sp^uOI-E*78G z^x+X@*|%!+K}Qso?cWGGdo=x9=16bi65F><&50#j4-I4~jkYoiAI=1D_Nhg#V56F=6mwj*8>83Y zG+|dq$)F2PCHS^`=)9 zH#Flq^z>ZTVPTfJ0K@LPz||elXxiWakb>!*OA&+@MpOHFF9{FYH2@I=V-`}Yg%`xz zE7n_Oib)El-SBLWs%KcL=0TUP7MBUmEf3uh4aPAHjV-L-{o6Lxu7}mhsn@wbbL6fc zdqi-#e7aZXiSD%fPUa@id6bSlH%Jk@V}&s(P(t;Uoz9LR68KA;u_8%|p&?g6MX!os zYppj-x31EjDWJUQjdLQmsK4NN8jI5gJH6drLrf9;ANJlmuBk3-8x{o=1uTdNNK*j? z1*A$x5s{7{oe+`Udk{iEKtZL0^xk_BNRSR9z1IMtDZPXq0)Zs&ah{pE^`3j?o%hf0 z`#t|1I48+IyR5bL+Sj@+?xa!Jej{w&|C5Sw9ejc|f`pxyIhI?+pCz(AaI3)sm;P6{64dNkF#dPSxeoMeP-rntf+_R~J` zXbownjes9x=(@EzY!_$H2*S<6Q7$-os=8Z>W0a0cAVqMR$CBG1CwLXI-&htCz=VQZ znG~|F?Za{sHS8G94|REN7XM5T-sDnVaAhlqekQBTcLy%wHiB#cwA)_tD8F!Wx_T#E zjX@stasc`GEk%=+5(@@jR2uU2-TCSz_Y}+6>!QlKdWnz;{YlcW`Qab>K3-$d`pZlJ zPVJrnvtF{=8O!MupP7bI^aRsHuk!_(H(u%PymVpS{lP-fcV>m6-@+yF3sJihoT*=O zY!vfO+|6unoX^h*!kkRF)#z4+~f#HNeGTm1JMD+NMDLLlKe#QQ@*t9PgU+df#DZ7 zC5^|j>69=;k_r|9^FG&NUbsYOvUnBR$bcIpJ&+%zoGhX6lz8aBZc+BYq`fQEr=;wL zj{^=RW#r%uIob()&isUh>L^t?X*;O>A=X!GY55`Es4wPzVK8pfz(uyzXKPU{&ZXLs zV0hOBw$T5iCMkv6Zm}!6DhwwF4(jXoD{a^4_gl*I?GEp`VT*k}7H;E(-{wr(7Bsv~DP zfHXmq5%M4gg)pgQ(wZW@*NFS!f;7b&nEB%{pqAg@SBJ8rXLuWK&$oqDfj%$sFJfgAg+CAXrAXc?)}LL!w?;G> zVc8qbR3lI0Uls>si{3+_&u zM;iT~$^GlVE&83dffTPdr)!bgDkDv)%di%Qss_ct9Ggx zzpqu0Ro_wtY$s@>q%FVdi-MM&{f~?W5s+!IV_4q0=juBtVTsb_FAjhxw-~~~q0qov z@`QWB?r{P`o3k{w@3<25oD%#>zfrrJ^6k>rvXxhu+0eq>-AV4!@l(kusX{rZwSA7P zqSVZWgn-GUy`AGvcM%1fmNYd%`39InFUVRi894qzYCZIzj81UYXPIfQE>{wH)C=_$ zE*8W&&+33`g{_8euTB&v!X&L|I{}I!loi9+R0DttK(4(Pvbo8dRC6sD{Q354t|sKcWLG5=qX0hL11axShTvlqSOWR@jb9yvl*5n7MFk5l7$X zvaE`%n^E(|SydKaEfG=uB%t+1CmtE$Eo>dGQ9i{WxgtzcgQS8~nlY0Hn$M z&@x;QC>u2*S`QY*+v-+K9%w8XhK+=*xwY>v)d>Bz@K1wT?VN9X1q5mAIuxq1+2Sq@ zzsuFWIGkg)ZBS*!4Lx`YAx^ZDGB@JwKT)Ap_8*g7sCgV9-ovsAN7?6MU}zzO`-*`= zj=Af7k?a-865m|O@_o-+BxuJB<$OP7rkW(KzR!#%Mtu+&~f!{+$AB$&XdTs%5IL}%LXoB zz(kpf!`hUQ>reby8NLngWv5G^5eA9Ov+kKsJB?hV;MI)*a3x(dmp-Zn!)RD4pDdra zXL(j*g3b+953Qx zm85)4U4wQdNN{=T$a`c55ic%ZZ=k%6O$qxxPPSjK?+@@LDr2Vv`nzt^#0{6>9?(F> za!8II=P2f-$Wndd1;p_}rJWb@U|YR$4>F583YRq+IhXqqIn@#{mc!ViR28jPOr^8Z zo_!UjeK#}PgK4QStDxYo!<8HbwPM+Qvn1lbSxnAP∾^*s<$@7TQ-t(eaByz zRx#{|epU2SdDOeSegl{k0O?!ARLwY}!@L8;=s4j8rYGF~V$#NSR4B(-SL{)8FLL(A?D@pywmgM9#M#ZhY zNUvhjMoBY=;NIJR+~JcbIDx^&b7|REMkT^+7rDmMkjY6lT~W&4ui+C@gqIzBJYk=^ zht*IvCSpdV7OR+Nc*gLVp3*Q+m=cls(XTiG-zK`h!P-|kGj5CVptWmzFi2Dh1DtUT z3=pESg~SQxPFLlqrS_d%xmo`5`(u<@RjCJy@U-M|M~bZAsbyyUk8aFF(m8=2Vvc9cACp(bm-!A?GA?^@cxAK~kwkr)xo9EY zz&y%Rod~SLQz3-iJYjt%)fShAgqfY(WqJQAj3NYfK-ytf$RILo7&gX}1-Fvpr-I|G zkMW@mB|GitmrZX2PW zjou7w(JjO0zgVBL0BUO~yoleL?-W2uZ^tK{ zzARCKzJ0LoV$sKOz!e39xdVXJuIT$VRfQswULtGIM(iW*HzIaJ-}*|WF9h>Wp-hQ9I0~N0*H66D# zRz4S*V;{rmUHoTyPG(%yVK47c5;vpsE> z&)xKup;RWnEFI|Aq(wn0`*OG7l%JRJ>8MBEexedU;+{30?6Ad?-@iiiA6b0X52T0H zJRe@_-T!A>f9~AFJ5ER7Uvcg#`g^zmdDv&n-rJ81^c(@A&T=23cfLVxD86*M-&(7V zw~>LlhxEq(BV!l|CjjRr$-NhH_gEXQNP9dB+X`LlctIQ9BYOz}X8Y9j{TO7~DqTS?DE&SgB+~{+4wS+i)Zf8wC)4wz`D${FXNT zBOmr}uN3Zw=Q!?M(TViDRYaVm0CeMx#Jv!~OpPUsj7;2;Tc<^gF|k726+h*Z=a$5A>$Vv@F#)^y06_CBFm^ z|L%L#UHa>b{x|RTzeDyf^X`9#?3dO1|L0XUbQXWv`OUvI?EiD)cDhV{WVYm3 z3demRB?*~7u}EmVKh;>A9Zu71|DQe3zuc7>qEI*HU$xZ}_|3Ea*`djBUAm(Vh><I8GNa{N4|L zUci8{9H%A```bL;=k=064L)KP1JBHGW3Poe`N$B;c?tOVb?3em-WngKT(x4 zER)w1c7RmptG^%Nj^}I&3!TR5yzHvv^RY0K`p1H7lAY^YO8-|=#Tp(5EI}I0D7Rm0 zQUA6x{7Ck+Wc=JK1_!HoO-$# zefY$m=uO^awf=>1`@-N`Wlp5A&>e!|w|Y>vH5*bJQXiN9lXH@Z{8{1b{7U%G{!wQ8 zyydpjVBf7BsitNZks$4ytUq_rZy)Jo2aIQR)&%vRedwb*e9oOvlI9lm{^O47eHc(QeQ5cB_xC2tG+nS%cV5XTE`Ql>JjfNOTBs=@ zVytksrN14<*?%OOyEOq!hE3>clm9RSPWj%x#L5>>n%4>M+Mb3koE+^%NJCp#8m-`t;lZpXI2mAogZ?mJ71NYLFun{e-z@M1ePL_#p&3J zH*L5_*G8h`Yb5Ri`BEL)MQdd5?r&ow!*|}R{#9(9m`PNBnW^?Lm3z?ck%`1cZ=hPY ziFD}|SQdMVjPFML6$i7TU(}iZ)danlWu2kr@JW==s*ykng^qp{w3&S3edzfmONDVu z**s~Tx{@AYKg%;4jBDOJD5dd^iiKh$0mOq5#@MtwX0#;JvDq(@LnWcmh=u!i$LOc^ za&7kPLSnSIi9{Vr@tYw?gIkF@WiM<)nwD*vqckc^f98(ao@tO1DBtRFeBDIpnqz5y z$h;OwIp2Ti(r-$vGgbg#k{<{6od*Q9fpX=O1d#!Yp@KwiozjRc@54?=1R5q$U0SQU zyZGT`-k?pH{x%5bI#Xdd$~P)e`Z4U?uM>o|gY4(T1lHw^_2-B?bS`e4=|PCDM){l2 z=L0-h$Erjn!6yndC^?VhAJsI%rCbQ*|O!BlcHZWb3h;|2v@6g;iSRg3yr%$p)n z%`SgXSlATtnEJTDeZKvH30iE^VRo|s*?RuBpu{(hG=OJ@VfePVQSG~i>as1PQ*9-v zTgHhOU*9W@=4d1U1slbhT_#@EOqT8@#(I@|&+0CMr%l$$C1x;jv{P%#ayet1r$=FaQi{KAJj zX&@)@Q8p8OyNc@tO7>D-`ck0s-sM-)4&%4%RMgAVLzSg+b8{jXgzHN+jGxo^7>ot4 zF7)Qmo+Kw9U3wOMIKz4V8rs{4Eb=)1fYtK)85Y@BumsT(QH0hNaaS|*} zkNV`3IQgtpGc*-6Yf%SP-Md#EH%ljYUI(%#&)rV%w1Fs&|2oS^cz-T+y?X3hTPfEr zw|i!L=Gf~Hm2JB|-hFF=bJm;af3+iZ7NTji*w&?y?&Se>61Qzr7KJSpE%e9gtc@1W>xb># z_QKi&LN5*XbnC|Lv4H$W#&p8$X!*M-7o9>Zn0=02ta1{ZxJ^*`BupbK%Zs}A3gzA8potvb?I28t@o;7 z@$2BFh8W`;ryEH3#k!ujpqD@8E3On;xwUn3NO*LsXu(uecjh4hfv9zbn#{$n7=@i< zsF3&<%N-5Im=U)dQqKF<+O6e(4CQZEGD)X9uf+j)e~x^pJWZ;2mU|DFkL25O%G!^F zl6f)dqhOnHd}khud^d)JR4>z02s>DAjux|m68)VAUeG!^h!K`4Xcm1#(Tn(Ihe`D; z0ocSY?XD}58M2*;osH&|5B&t7z(k|anLNbr?WrBXcN-Nj2KI>gN~J6khdOqESYSU6 z8|{4t)KZG|=_Th7`gY{pNCKIegj*{z?ak&Z<_lb;$K_Lct=l1;H`TtH6W9P=IVE$o z)Ft=W8GV)Sa9@XxT(H+_1J|)vThRpn<}%oH!mm1#Tc^)*ILi60yRP%NJkiB2bRa9p zkMq~JpUZs%slxZw^?LWAp@_HwCC`5RPKMnT#L=7fl`l28gE-M>N+7J1-)|(>gP+bF zK5yQC52LskaU-YZHkEH7t*%|k@JdL&>M-Nu(psKa)2_Hq(#_B~#i+{%ZR6`ovCifc zU)t{z?cv8oB8S&_m-JSJvzdAZP1-klyU$WHM=qtSWGOCoG1ulr-)bj{4I0v+*vv{A zjW+9RquX62)eI2!(ZTcr32Tw=ua!;yBIf&>9erl|(}KKiJp zU{%GA4=rX+(+dzRkb50if?7;h#dZUA!rA@YrIS0eM8T)!=Dl1FjZyVKk`5rzgcGc9=JsYlamlx4KlUte5e6 zfy^#hr`CT+`^(EmNCf)a9=lgR^K!l`^uVfm!j^crL-S)Jj9lhy!%>Wv)c&o;g2&#X zKWxIv7P?`c6K_^kHC6U1cmrz@(Mf8rE+~mLD?EN}8acr5 zBdE}dPavlx2b&Un?xXbw2Ky=J!(dZQ8k*PlKHbtZy!TlZxrtbH7T3PX!J$64GHAj- zJ!QC7IlvLJn8PI^=6~QcJWG5Zz~y4vzxhBaocyc1ybxPP~3`t}s@&sSAX&hC_!1u&6$DPA!5}W6#AeN}7Mw`RK5Ib~{2Ou zrCiB_4p~HG*6}okP8o@kG*_s1&Xl~m z8OD3C#s>3rb~_VMdL!G*ko~cvqJOA1;Y^#&U)! zCvOM6UFi7UpcuBC+n=;^ea!b(PHnml*z-}1#6ezr>j}_lSredQG-Mf|6o4mgekpit zt@E9RLj{2vz{iW)Mar}LEvI@Y#+2&b6?MKn%R=>Y2(JUULW*B;g)&Vnz74~~T?>Tn zvZxCovhoD-p}`-2CwCIL^Fw>j^v+C~m!-DbcNy#QP=0DI?a7`xHw5oa*ygqdX2SHV;^JY z$M8s$-*JtU{i5Fe0T@I7W2Gf$W(#21ABX zLy2b7rRay;Ah>z4Ex@26`l>+R=)vqI;BY$f=DQ2=_L+X1Ud279(uruc^U z2IWOMben!6IVD_w$=L<1a{y-%`kG|ODmAE7$7a6sZN6l2@=f`r|Jq^(M5Im!ZU1U;@v&AhJiA|NN{Q8-V=~^|O zIL1ggK;jtAFj{a#xm3g3?edQV$nT!x+zsEt^U64A9Gj@DVTIKGYq}%5lQ_#qQb@|B zP9S>QNQ21Xm&CUe8g-1ELAsFCeh&ibQ+}T&P!Z-6%?`TN8wHRB+!2Ypu$oAixVL=M zi)f5y*92*tc{hV@>x#C;Jey{zXO#M!=&q~5d$K0yi1s__7|bl`wYtt<64SiV2oWzq zV^;;9)Us`jq$h(x9_{eWL)9=f-61`ZbOm`o`Cl9UUO}b>qA+OB9nnsExF>Q?kHcYC zYfEjzB;^3>9o7{&vyQayK+WimXZkJWzYi)mpQYH+LvPQC-gFQOF+%r4&8e)ZQ)=~8 z6Xh9B?_3^e0)0E$gItDc~ zMY51_+bG8iT_h>RaKctO@43*Jc0}tgfH28}kCh_sYMQs%%z_FMDQw zM%Yf2PcXkqn#*OfY5=$^TcsocjcY3965VP=!bDxGk;5?F(J!y>b+TURqSd+KdZvet z>J1D>ArixjPMtp>G`pRexuzpw((&h$bEhms0xZmSD`!FT`*nhO;C|YH6SE(;kqy=6 z{A#YEu<64B(={oUf0OuPbtKKmJ%gWeFD5+n8FTHlVaE8u-CZs+ueGj6vVTOCWWy6v zxT?lta(l^o1I63~+1ge>x8e0waLOaoI8Zhuy_h)5FfywhdQW$*(VC@CSm@7yJ;4guZdts~?bmMfJ*_y--p`Uph9b40CH1(Db%*-+2KtM4NI?2yNZwR-!${Q=)ZsHoi)qe@c$0dD#ID~Ajnz1PU4G;OlF z^}cI^B|8tfhnr^TZawY#KobEnv=Bkc*;nTmpjS=ClB$KTzwUawQF+riWNmcg72uFu z-m!Oo;<=x#6nlk=l84_|o=Vd?+?hx?vt&MZ6XK2i7~Tg_in(KKKQ3uem8nJ3PUL?? z5L$OjAm8pX1nY+;tVJ`NDBFbIw-}*n|6WThY$z~Rs4vNuEL-umCVL{uQGYG>`xD8S z@dSNQV}x` zXQAfH;Vf6C^ss%g57SB6@%LJX#0%NcpbKkqCdsp_)M(Wq2&3|wKd{KXdJn17-Wl9I3PaZ%^Y!XU2IeW;=!M*aE!${i? zVyd;=o~xtYOPkoi4+tZwq&1e)Nj$@F{-sP%3SxcBp}@^rS8FRvt?OVu&Iy76iVtWx zPtm8MMY~S~AxRXGsA6PB@hiUA^yIJYQtHrur1E20-m7X}PAC=S5FH zpb)h43baKvOlw(b6w-Ka52{0>Ea8a`9}(l9tc**_vI2;LhO3nT`D&*Q*vF(LkYU3` zAEL?h*}3)nP>~f)*t!uwx)fuTBXZHMJ(R_TjANSnv31^F#98qPp4?=N)yqK&CF^aq z+LfQkSpmJZk%GHGsuJETM@4UaXTYjzG~bR}My$otfA{2F&_-J6`M5r>zD#ZSNKW@E z6~fbYl1r!H4wXYGZ)_${Kr$a{#t>-q>}D-FNil`CF3M)=CT9;zd^3onN3X+>xU%Vjk0sz z9!Teh{iq@V_d#i$EnjWRbFdiDV2M<@t0$H3^;IeIgCd7{-;2~U27as8Pd8M zjMh)(Vdr$tT*UZl>j-LQ5J>5$N?ha`4V+t3FPHa6>yVNvS(7XDzR$~k+nMniF9fT@ zyPz>z{+Pm)EN%4lUN z$k20{BoTy+2?lr`++|?y8lxxei*ta7^^CM>r7C!A z{?+kbi(17ZqIUDMEPf?w!=VlzTDQ}sgisT??Y;=;ySKMaqaEejTMR0Zrc{SZj^?MC z`Ygxi)OusveSLztw8~9mE@r=ax9jXai&}_bEQ$SW{yII;zOm&1?mTLJ zhiYeT0s7GFCT*~JvTdumA02}x3z3_2lbhcBE%LR&{yqtmk*Sn8W$JjMp@L-i8dZHU zNpwk8+^MeAUcLz%B;FXX3s

x|V8l99BH`CfU>K7!K2Uj?g zhDMVr>_&Jo{0&WX`8XeEVyY?$BvTNRc2r2toVQTDyizuk3M6sFdNhF;neBm;Vj(qO zM+8gPjfj{i|9Kt&N^)hpps@;bDucP{vCprsMIg=QoOnVcZq${)53^(~kaN^^7W%SP z9(D=V9PQX#za^nV9A*Ph|7NLJxz&fQ)`Vbh1??v+``vZL{X1n!B==51t0fg>ec_IDM z@#9RSAA;?ZOj&y;X1>I8jSOYpWbHnP(9~Xh&O>^NnDdZkqqznbENc?eklf&Hi^ z8U~JcjZiVaC{BJa<8a>gG4~i!tBXWF#?j=iC{{pNDRy5F&;yP6X5PR`S@o*K){(}0 z)g7d-ZLQaQp#7AYoJ^%cBz5ArzRt?XvkLeQ+&g0gLjXb4Uz^h-|VuFFI9pRCzd*MCyNA{sEUp7qc8smqwsaXjd#I?=H}+4 zc`#aG*!}ZQAn`mwnd(1&5*lwPcG;kNnya`2y2uop3v2rOe~u8l4-*uQBd$B_t9+YK zuN@89A}>gMTdeuu?A)ViS6~F9coXP&k4Bjzw$-tB7HcN$!&jZ#SCbXIKlz0w<#0iY z<7>x8fAD;j=>e17e)qg&QnR?0R01!&PwFYT*+O|L(0#ll1j#A!adMTzJ^6Nq+xDUx zXNgLz35Xea^;ovNPtx?-XnqR7|Fny&if#9-Mc`h+kRM^(F-4zB7LAd=i0VCeF0>=G zOHG7)x3bT}F|<1TAY}A3Cilgz8)k>^)9KBq9pZiO^DwOdvbtn!98v<-y{z%}v#h8# z&|$7@@f%M2Q%VfISpaqwD6L7vXIrlZ@;D*69k%ZEE)IR_Aj}YdLCx`sdAd}+RllQy%tOei*d$r@rW=@N`uW8Fk$r5GYHWS%P_>*_0&_ZPZH&C+GN0b`!#y zD4@d2Bt@+Srty(%0}+!oD>0KKXOq3OHbyJ+HW0$nky><=dPMr6+k6bv9{5Z>r;C5k zB4IXDqH7w@IYEC(9>q-)eMup@MYD_#N0)To1JX~GQ|XS1Swi0;Dh|i6uB$rU{k7iM zVsEkl@!|N6193D?*sqI^>Hg8NuCf1_(o(ky0SXds=Be_@aX_WDD;mWTA5q~Osjh>y z=%9`+<+G(uZA7q!!2N^$FV_>ATMvbbxnokC>B2#51># z`anq>H@G!)Prfj0GyKL2=0S(X8>DNS*MmNr33nAHlJjXs5q5OlkAp>dylXaGm7yql zK}|F@cvmso`mt+Dm$W_NqKhTlv(&)YN=>bEOXhQO>0H30H#+ESfHs$pj&UQez#7&# z`{iw!jatDgY1M;$BjGq~`V*D{o4cHGU%Z?#Y5?!fopsXRegc(k-GAckkE10ExaNq` z?hD)y{Z3v~sI=dc=}O~5ldlcyd^(#L4PA;%1%(S+_Y|YHIynJ4lt4ta5P8!V$_v+P zs=RFdpL+9CMtSgsUMdG@w?{FA7-(WbKzs}|BE1o$UtYKzUL&hKk24;|$ONbtN)Q5( zh2!DO7etm15TPm3{PGN4JtU)80#Mug^wW4VTUaZu>chxc8rLk$hYPWZ`}}3^!o6GO z8tr0O@xQff2UQBzv#^H8*7-(RLM9g||KwQlAt1AW1s+&4s&TqCchAUhEceb2f$kt6 z*pWG=k4K5bd)BwH8e{emSUP|(j$UKAw6V8N>i`!IEkyXgobd+z^5GP`}gWKiR|t5Cf^cWJW1G!(SyJ{|aTsQF+?*<^=Pe z|5^n4m*Mg-p#fiJ@&L8E{mbY7%^Ci6&_70yMdj()R~0M``j;8~b$I_KgkGl9z?V%Q zUwk|NHJ|#|5eTb2dmd?omHy(V)%m{}|ExOj<=K1KFFSwRj9(ghSj{sK;t8gAuzzgr ze+M}K`l5<@;LCDOpqZJvq?Qu~s*SJ1zJ2>9n;-BWx;v_^((pA<8KiCRP+ne+jDjOU zOIvPG+b4>0(?pn=F>W{1J({k?q;yOWV zycef0YJ1`LLw#2G(h#ZtlOCPdjnO^(m0w&(~3_*(o>ZXw=lx%lG%Er z$n`;{L7r@Pz7Rr1MFnGW>)D7$3{~zC$pe3ADu>LK6gGFv?fHF}sj2BC@UA3Ihm=h! zRdJ8u_(DZHJFE2PsjlLj4Gx4BG&FWD#?Xni=9$As9>U9?ZxU`j7MQCG*zTy+8~8OE zuF_m@PRHgp#3t+x*>D1)&s|@z)Y+VHKaG#bdC0-uGzh`r2`(=0kuOOZJ{(Gv7_J+( zt@D=sqSR~F^E3c-ARebEP)8E*N2J*0Npbg;iKp27_w=FX*qJe0z`oHjhzx;fgf@HCckkVsY<8rtsu06SB% zoL1WXIX1BwxJYpX0^T*3OD93Rm{5&DOx0WoN%dixC5hJgcN?>CO#|db549YRz8W3sG{nGdtiO z?+}Bb$3%P61)h`?+~^%n9V|OB&r1b=E#u`(U~`JN&qtTmZ04f;DVfLLKscf=J@%&MhHiuN z6#Qx@wfm}^A6?qtF)Dw*Q*$~K+*D7vo#l$VyCnaaCh%uW3aD{xY<0uLE_Bg@x$)TL`ous5!f0un0FdToqM zL`0PBEDEfr@P+o*m%ru!O4acXCIyHkPm(2Z^iYWpcszk6O~3jAyI;9QJsMp&BjB4w zC|@dRhQz7&Fr-Ovop$GRu^Zuw>hMzPXkrScFY zt0>18L`+QbO59VH_2V&JpbFS7^5KZxGA!o4ad7?d{P0>%kC7pUQMNHvE_WoaJph}M zb+ZuBSbAfD+t9ylOwtC+Fw4op}ux?_prP9fU_e`Iv@aAqVa`E~) z7kzSuk^}}6OHg&Ec-NIO>iXn{wnsesK;J|BlNagD0g0wi8qP5cnehFq{nS>+U&J7e zHt!%LfUUShCR2~gc{r_<{Y0(Nl0mKe{10!4jYH(n_78my^0PR*{m zPW9+pTnsKMF3NYCXZnIce{gVMH)oAn2-w4j;$oa?quC^EZ0z+%v>iFtXUoT1Cd$?J zIGl*Qi0|L80##evMb25=hHwL@V(sPqp zwu)0OFd!2_m>N*mD?-COTLY*=ix&R8;h->ZkM?*LOs_pVj z)QPrx)ntt;7gcZQ|G;Qf|twCKQh| zkXY(I#CmI(s8%TGBr%()Io0a}Z3?^lw~rj^%PE{)=tGvIi8DQZ*KTo~4qOL_sj;Ch zR}7G(8*p@|^x8WYnK=KX7XQ8HP3q4(8wY6|?;EcU^C#X|x24*zwte~}7BgO}D})6b zx31mKl?oRo!BnhKjPy3Y3g_xV3AxS*S|W}?rO{-rMi=dYI460b;(f5>GjIs`kUR4X z7>+n@7gVZOJhpaamkS)y#g@7R#cAiuQvm}2WNi$A@ z7YT~q;5zC9hs{=$Yq~0mxC1`zG4yZBX&v>OAJ zkxb^!n{`FH4|BFiMAzDOlA||G!_NnLZ>E?Kl$cO}Y5(h2Wk!7I{GR33NcR*1CD!Xu zyswVor!xyqw)c((5Stm}uL{&)!ZagBq zYF)nY`0h5Ur6Pl6XRVHp5iwbvlZt5F2TA+45@+yJh$i(9z*~q9Jo)8j z@)o-%Pm^w-*Qwo)Gl6@Uatibd59|ptvvPBDIku>D8q9RP(wZjv`b4Hz{bbHTb?9&D z@!>ye{aVxzMg>L*7sugri_GbG?SHuFf$za0Cw1rWC*x|I`DU#p=63EZYBRnF{Ey?!Pp!_CaH zP2a)}X*GOU3RmsXLbgHd?sPVNGE1G7rcki4g3-9c^5{6YO?6{8-A{!S1e1k+GdW^e z%&-N){sIn5GE`vn4FqDyjq%66G_h<6<5FzLEBDZ)3aC)NrJYII>Rp2)F>!JEy@UqT zYVUwg7hZ|$QIk!Lay^&piOi(|39}~j+`_Mj<)(zQxx%k;6o07u1bDGd85`zTrrRV+ZFaUcRZ70kTLBe4E^=O=|O{2D4Ly zB~4B1)Y#srcvbDZe7I?I$SiYCMz17}rEBYL1UZGujZ63?F^mDL>BF0#n9)U-s|`>N z`lkfGJ zuWlS&u=b_Bp<(Plm^l`@vHLs|SV|t5Q7TltMV**1^oHyPFn&11_6@HCKzuMdm!S?N zj7Kd$y={QU`hnd_3!iy}a>2pH#A=O~)`|Fzmc6Z~p=Q!_L(r*=Yf*`3yPGf1)Xy=B z#EC0k>(R=2WyrGL(H=X8fj!iR5Kj?nplYP+=X|>#zkq$ePL@s5sb^|RDe-FS;%stR z&&9o0Z(@#72g*d^S$?^$evesFds0s#pyAkbHM zVad!5c|5s8Z#>-|>U@>u?hJ4Lb#|_gib**nch872f;O8FTvKv zj+V_})mO5Q*EJt!uxoa9A0{&CeYsU3&@ouA$KGtGw`EZt-=k#`F5K+uq?45*hLR5b z&MJ)5;^@gr%gJn&z=Z`O+2Gs|f4*b&%P&zOO`G4>11JRZJiT=s;PK252n_Scmz}KB z$LgCs%XF`@=wU*HS&3V1x;evWJ+ZJbl%l2{&c~$zYBvS18WVcYKU7sLb)TQd$HisU z3?~m<*IRzN{^(eZi~5tT8HIeqDRqMzj5v!d5q(`3bu<r*E$N8a8h|;BR zUI{EGPQAS&p8M#(%7dywDPzCIh)-G-sow>_`luAQcv^a=(0FiS?T6ue@beuZx2Q$7 z()WFG`n#qKHbk#qw+|-xPVvL=`J##4HQ8KIM^mVEZ{KjZ7sZ=TZcCbe{M~Ce<$#0` zgpCah1PSYzEFo3Ja-q%=M4N^{y);BxKtX<^6olsClcbTfUbTQt*|+gEAo5hG1pTJk zvQM`D0=OIk12*n+a8Tr3^ye{-C6QwBWTs@6z12~#R77sd_5pwj0R|Z=Q%xQXn_#`N zyySMbaT$mL0#hQ@+74XAGN~TYn@a1O+{SR=12M(=_MSDC>Y{p?ZTYzBH(+5#77)NRdlbN9P zRTpdlE{7|>f!a8{HRMZJ#=OKxrt8~H1$xuGQQ?v*67EyJV3uWXD6ciDpSOB)|c>AMnog^dgig`Vyk#SMbincSS+ zg;Q{GGqmtD8A*Zr4|3l7a7C(+!rBMIDiWA%)GkZOI=GS1i2=Eme4bU=x@WTun;pEiy(_ok z{m|`2fyk%Rjb6>B9*i3d;f>L+zsT6CsN?g2664_DeCW6?pUlt@a+=i&#t;JTSdsC0 zo)J+gYaQ0<;}>dczI!I|l$!Gx(^apze}3)T44{|&kGXsMOVvTVsHDTljOHCzH1_ya zKjP7KX)m^F<9>=YQ!o0*Bne%i;K};&4INC=VcVfkxu%=iUC$r5#`7~PS9fZ*5< zPHttBitd^Gj%Uw1;HVg-(v7<4U97BqpVIIsz)lr~6iWK%*8xq&ptpvnF_ij(RkqQj z=yA!G=p7uc#5pN0(Em`% z8^lAcBs~#<#fLHZNSSaS>^WQK#F8LNQFTD#gnhX1s6ipueX(zYe3*RUaf&o?AYu-` zRwp_pSPi>YtBKR7)+=h*asS86p&ZjFMC?xGQ!$^~&P*6Qidg9+n8Nj{0Y{2qA7qhu zZWR44MlCRwM*20Ff=x5D8J>j-tuLr z{~I{(N$R0Qrtk^tvzo)^+wo1a`He#$&c);enh;Z-->kH+Z|;&`oiMEFw%mjSMv;pt z>`f}=#qQ0`2tJDHKfHl7dFYVU9_L z+du2Dl2)~1H_XK5uu5P&+Y-5-KyU7TX~bO#A30~(wl67-_$#{n46LGwr-5GFc-fTM zzB4g51Dhj_dnkonOYf?pvq zJcqiy19Fn3u_<<9cSTyYAuy!+cyQPU=dD-cHp-Jfs(IHxcvZD%IjJ53&O7H+p+L+} zMz;s)=>yvE@O7udT3>g!po>jItW#3u`!$2=#TuN(-c~&kyTu6bVQJRA(B(Yct&$3- zEpt3{+s^isqlY66J9Y@U5|vV?XP+t!Q`kMcuAif@yRcUeKQ&xQ#|BebK3h#s(;%3r z_A6hsP6QgmMFz{ww!?QHe+?Zdm@@hBr7S%^)i2;A$=bi}+HtPj22CRMBDO+gYig?N z({za{ai!Ppe%l{b>VJm{O_v}$!*BET*iSF}GwHjsYV?3;e7iQ4QBIW0{q!S~*(|Zc z8FK8NB4w_*2Ahde>;R|$YFe6EV*ZEl4xqkOPj`}L3zSlmv+BALDK-FJG_IEw5-bSmGW4Y3dRiOFrN_7?|DnpudL* z__Iu!pXq6blI6A&2OH*f+NYyb-(;Kd;rROpq zJCsskVv3QuBrDzgTpiUgS6aiAP#&LnOt0wL)HG#MOoEGTWiz2S%%B)sOLpXyZe$y#5JpEy zsSXDAHO#M(-N`X-*imowb%kr?_BJ{zPJM82wPjhRYm1Yzrs@hp@C$i;L;ExcSm+>9Yxdzo@L+dbzCFeuThO4d*9eBm!A5_EKR`zS)u zSOHRp^M#>@>*+ZeYY>F+_4A;8MaMxTOjPm`+EB^2+d=9=%F5`#d6s@!SZo|h-#5hTGZK&m?pDcZBvDgS`-b;N8Rh>PSR77&;LlzFf7e(#rDtQ# z@q0l_{~XRxA`1%#ra@ojjCYPcM1>(2Pl%nJ&aXQw4}#Bm+{h)nHOc0*JtL25^jTF5vk7R3YXLA^kY$R@ea^ViMVvByW95_5>mc$ zc?N(djHPK_zxJY5Z{qKfOv*x_h4zZfBn0xNGC&)Uyebbea`n8hIiSEY3LrMJaVMsy zW4^7e=|6ygpUR~y)K4`idwLQaudMR1Iq!olHhQG$=m2(3%Dg}}|J6-2X^A|oV|5m+ zLx)n7gu~eQ{RQochGQv6mQodVBrBqT3n{ zxoo}CKqL`c*iXz^00c75Rp6L~@;__(C*9=P1-YHD%++Mqy(0KPr^`8p^~Yn58sGq> z-`CZpqS=z1ytvozx#!ChgM!ZasHR$NP&~V3NO|luvgCF?J36ATU6mhFW1%i(p$Hk) zSZg{D+_&OkP(W^HIurB#=(#`;GOY>(yC&Xqxb9@uI}1!k`=+s=Lmy52LC&Ki$&wgeM6#JrbP#RP?JDuWeOTE1 za)4F1En*~r$jll6gPJG^GV30VJ}3!6^4}80-C*};7evfL+{qf$a02-`%M8h8P2col zr4~`8w@pM{af?gNyn~}7ha1XKh(1)9FE(`B>;7j+eyFjYjh8GD<5PDL0+9Fo{}?;# zxT>~q?Mo|4Nl7D0r=&CnUDDmTX*Qi3M3C<8?(PnyHYqJ#8<6gQ|@9*4m-_QM* zX018L9OD_!_|C|vJei_?AWsVtVwWywvv#tbL=>_^LcdCQeQ5#^_N>i3_VV5(O&T(? z%KuE6VwrTFpMy-ws-4PJw(Sno4p*$d@keYPRrK0JeG!1~xi7VZ=~QN`<3BFTYp)^t zSx(-$J3z`FQ&LimR3}s!hVL<8NhS1;MYR%hzDKIeM&nv<1uRSGKwbHHzfJTfACVS_ z)+oR|oC{p<_K0uxB|8b0pwgp-%)_AGfcUHMZtg5q7nm8a?n_Fp58^7| z$0=Mxd_Ij}`HoG{~9!mrnOM{k^1q1S~*N*`GVNj>}6VSPRQ;I<#5IM1<|sCuO$@Naa^| zNw(m`-7AOf@VYvD4-R8K%b7-LnF%dG3|EuAj;q)ynz^n>u0k3;R#SM%0LrTFqDRzL zY`+rb6>|Gulr-3TZ_nGSk(I6>yOo^f#D6})_D^0<+f9v(j53i&S`koywqokr>mRM; zKDy#oJHP=0R52NVPXX;}#Uf^=r#GfQ3fXf;b`ZyT?Fcu}-=E#|Gg?{P1C&|P?=4!? zs*y;}sC(YG*W$rH;-9%5ofM!Nh$r2yunqe9Ktw$Sq=3Ev$=S|A3Y}6hxr&Q~OODOb zfe#ACT472G6?Rc2Mp@ZsFUm9y$(d%-#QMHCTCXQj%nC$3zo%6GGc#e)NO!rkq}uN8 z>Ka-8D*9uxL<0w(%(^nQGV87HgF@9e$2}fK8fIk=W2K}~uK)bwLPK~{S-HS9Nv9;d0@lGbLS(y(D;+urL-H z9LPHJ>HfOo_84a#gOs1Wm(a8ti*sG|=UD9unE@poow`-1e{i&d9)6xan7_p`GBVP1 zV#c9zmp6rnzd6;z-LJzDD@>kPmyFrO;L!Nbd) zLM{6Bo!&dln7|0Xj>jqP>HcEc&CN~aJ<>Ap)4d;{u-Ce5Tk^Q=eSEVGNCabmd&Y?T zrOCvVdnZjIzjf=ImNj~1IiE%cG!Ha z0TiX2_8kMx062x%b3a=C`||+|5)2~eR5d~GP1 z`A|{^lf64No61#ylg)PR`eGJw_GBh# z41X)!r|h)fDq=bIF^Z&Xz1xrdZXU$!2N1{Hdu|OTH|NHn;Xt=U*4!CW6ahSXeZB+M zw6f*uqZt%pEZ`!RY$_lkkK31H z{4?+SYk@7rJlbiyDHy6Szmk68BnoL@TnGl$I}j#S=*yJ9bi&5O^hy_JgIC1&tfhuxcj>R`L9txs26fDt|Q{Wn8AHy;}wW?^zFs#x?uhDgm;65hnC z)6EjnI{7YC9C}t8H4Tk^OF-O@Df{Vl3Rvwa9J7w2-IbkhwCCjEXEq6Xd}B=sD6=B9 zyN8}!eUzlVnxqvfEvF!yKo$k9(T$WQc$=#2PpeS|7cNFh& zL`;^1MD(+NuVD-ydlyo?1JwHl=~Q}@?HuI+v{=QfZ|I4NwJm*90FuD<;s6VPrv<<5 z8szn)Tb!OwK*gt{@kA|12-iO227h}qTelD~CNo(qr39{SV8*hjLwOMaZ> zn`zi^OHIi7@?WH#o9U|Fp~+ay&UbJD0RgOIM?X6<$Ct}_I=zE~Ap*DgvV|L;Q@BOR zONJ9G=xee=Dm=^4;5V^=8ppNz1OC4*T5?HLoAT^3Ywe&R#+HuAzBke7;zqYh%|~cK zAU5NXpG`Cu=T^8jx9waN&X%m8penw)8~rP$weC!4)Zcw9XCwI1($Y>fDsG#nZ=%X} zEZeF>R(3IEWMU%xj=`Gi$qn*|TwqKEv4GO422>V_=Gx1|kX&^j2nJ1a8 zp}2K#MA>CH~|0$S)lc*i_P-rZWJu>*_QQ zT5xyXnU2NTj0gYIl;??nJOUW~V5i_Sk)f6RlmbPvFUg#IDO@O*tI)**gZ_c~cX=Ep0el=w& zPIN0!jt(aYtX5C};mp66n6QU%l0K9%K^y5%6{S+Gwl^{66Vk^A5m*t?@!|2tEd!;P z1UU%{^i^R#cYnpsb}$^Gw7S*jSZ>iJgI8$hgR^y@y^q4IHlOnP*T0Neo!=~ZaIh2t z4Rv;x6(@F!PC$(59a;5g{yl8s~7(5%auH(4Ja?GZBfF^Kw4bp2HhUX(Un?a{# zehA~OH~KWwsXtc8EnByef zBZWmxX?X72*7o8v-W)tYx#hH)7CCcKGh``KZx{`73_4R&ZJ!%XJfr+M5Xc|<{D1;J zk*|Sy6k+D~RP;Y&2y!CSX47(5QL|y{$0oP^Xxb7W4HDW`X37f63mq8@GTA&zz{dIM znmF3yEjwbjwfHNg>-B>Nip9ef+780Llesu%ogqJ!PYQlQSBS6sVa!pjdACiqa*Nvh zz%+?SSPpthle~pRabwBU=lRVq&@9%b>`L3^$Q;F{H`tAC`>mCa03*8)IyTL&j)XRr z$?9ymZB>`bRC;S~=eZ}>&%XN#DCTm}`eAH!Jew#NpX<#hLI!A+STawu;Giz_q*~lH zHCw>c?gN>s8YqCE2z3-)ryNeAesJIOAg+i{guX$d7BeHIO ze$8hO^B-xw2K9ZB$|4Ce= z@Xxp}yznsj-+k;}r9v5VBx2V+L*4J{KKhzZ^Q%TOUuP=&m35?@=8fk%!Is4TR%?V@ zkucd4v|o)67r^tyCZ5dK!E{EMCnW7LJE)Q)BJ*JD`bI`EW*$3$+*w)XRTYIDa&u$n z0!K_fU+uu_dU8<#eJmj*#omCyOCBEEp6EbiNG@O!n|wHnvm(_CiaDvRsIASd{3+9eV!S{0In*;j`)-*2a@gbCtOCMjolItw4^(bE`+W@i6^$2W}8D8ywgq=e5=5CsSE!XK@IJ$CNG1(H;%UEgT+l|D^n20&pFD5 z`_i1b)IIikS(VBP@oSgl5Z<$~&=%4Bx6|_DH3n>w7$J^-(ztdC?_^8{D1K^uIQVNw z+5jX1eDULzdfoGIN2FcKRH}Z!Lnv_>gEQvFk=a;d9&j4{Y9Xb`3Di@{k5dg1h zqtl_o0@uN%+AVavO1T@UK<0OOnL{cR`^v;yoBZGiQD0xbK=?Y80@E!28Oj6|HMOYA zfd@s=q_1Qm?PiRH&1!3s7}C)OJ{%RvxW$4>nO0u9$F&hr&O$%08}TD}Oy>ju3CNW* zWZee92g}ldJX)^6OX6o*I9{L8+e%$|N9_-(0<`9D9Y7^?%-oil6SO{-gbS~|PP?MY z{eEckhuFt-{BhA8+rgNY6*IawhcWGqz<|MG2*IE89 z+4U^ylNrdvOTD0f=uDuDwu@}uHE4`u;yi;*2$ihf{<4Do>X}C)t!H7ITCBSV;M@>r z_-zO`O!s2V6_b)+{V~x)kIzx65VF9aGOC+afX2Pct93X+W|zVP@x?2B$gW$C#Z?}J zbCPq$xTPRK#_V&O(D0m!Q~7S08ptz9DDF&TT<{2=n~S^`PEa6m_+11#hajElY?j!a z!uhsR{ZtB`8on<#G~AKqakwT*IWAONVNN-XtB@~Nl{;m5*Y@m944pC#*UlK15w~pE zgmpXlOr^)?nYhYw%N{0zc4r#XIKl@kYjvP4G>n|oqejp+C*k!V;!FiM%lt-#{wd+s z{JugC{pl&JV2s^zodIyEKLr$&phl8k;{E{`*twVB7TanS`tTFJ0DWO{i49nREIn{O z09u}+Y#|Ww6uTF7WHS2UUM5>^A4g=t#+$=P1!4)>>sd|4%tnd}EP6c51a~qWW1GV# zfr?)hAX~BOv?m9LCkvmQ>rg2yzeU;v{5*Y8SNZosQPlWkWY%CZN1=AW2x&Ex%FFD; z4B%!jdK3%PvUp0gTB9R7Tk3!w#w4#Xf>W0>>^F zP^>8_)3UM#<_=#;-W_zK!mS0|GnV0?m%~0|hC8TXLDkBbkB<|oU^X0TZ^+jUZP6^93{0tP4vBe8-+3<^_b)L+`ZT`?@2FPVYOiZ!-x25xBe`al2blMe7=d+ef zR+`+f2X$IIc80XioUWFmHb6(gzV=7S>jmH{S#}cKF}C%U_Azq`yEEph*l(#m)T6f1 z!6jx!#;sNZBGDClKhS<9f8kL`Uoy+0&SY1PO@o-ZUI09UjxCPtK?>86IVlmKR>?{{CEP@m3?;av1nSqIix}&p?Kob*@tOo^B4O)y-0zUt z=!h=)x;?l$maJ|1JPpd+t3-KKBl9XWS*_90w(bMeJ(kLuO-p*c0)F8_%4CEdB{FC? z*SkKI$c6UDvF-1_*y<>M;2rmJ>1Cx|jpe)qf1+bK>><`cg~cH}H!j_xhQ){?HYPM? zIJF5F5^%&(tE;or%rl;;tgWOnF)^9WODWM~N~%69qV@rbnx&ja^)K%slhfR%&)_u< z?>B**JBuV~vgpm|74_!U%3Fh0!Z)7kiy1P|gv)tNt&<`H5_lf?fBDBDw}jCYIG0b}H5p-z4v`9!-Q8V}tD@}pMmb!Vwri0C z3QBK#Ng$@s>T_h0-wlNDTSQhmRaSbfhO7&>$sGcSzYtX9sM@)YVdzsQ*Q@R@QsEl& zNfwtzzFZOkv+5z~+qBj+K!0#4w7fdql?FV}3V9hY64^9?EIA#|H^k%lDRP-EW8FV} z9|_+2dGV!5d7Eb^QrCXHB|xIv9BX#@B3#P!i(lK)YNM=)f4H_W<@Yz>eK1xE>n_ z2Y1v_79ReA8?CM;9=C6DQl^vU^@qK=h9`}n$$BjQCdjNVFQ<@@PJ873L&+IavO2Y> zZu>i!oa@PJ)mze&!?VfKOeU2wbz#p~G8B{`i>Qc|)|i@`g#jQhyto%?{2DRtSrN{U z$Z!eZ9;n<*ml&#&yc}r|u9O@mL$L)wT7SDY8s{ug1iu9VM zTs6ZzTCfcN=iu)QXURLCYsZND^pz|U9^1(spVs1i`@5_HpB5^~nw0sX%N|m}A95^d z7`T0DaS}L;VgP3(afYjmx#VK~{1KLE;C}=5q+|6405zYRM&EE4lYi1PK$uqGgwnp4 zwRinYSZDDrZ}=IR?C}|38iI22mB0oT^R|Gsj*en$PzK8KJ5t)bIj0pI`R0va|B=!~ zN1Kd{kW-B9l-MMpxhN(;9%R1bkP{!ML2GxPSO7?%vxSPTQLXpJ$(k*;$9P)xpKMF@ zeg0|zmq`HO;C(Js{UT3XM3rT*p<|#iKxfx}0>~jk*XqIXj9xt#9=#&#vJ7 zjtut@rU~b1Q*0VRan$w*aLf{-#SS#6gwgkl!{6NI-txy!)*L!z98GWROCw6=Qu^Hj zJ**h@Q(W?dl5#UxcGcyx( zSU5=0Zy5QIf#zix1YkDIw4Oh73CP>f;4Gz_h4w+)&dB(sufvjaZLl5<`-aI4wISAk zZZ7UfJzrJO>gH?F9*Qx)}Ae`Oe9sGABeji{CLzw{nFo689eZLZa6&AYF4evq@W-_nXe6*;L#i& z{j#}rDj9>CskW{0o7L9q^>wOilxWc zjSfX^AeLIi?r0Mx?HvDJnoClb`i2iJgfX2iagmmn__9Sq`)zmC9T*0!)|UF(m_bJ(5?VDP6Uz^$P_#K}@A(;i!Rk4uO6 zqu3+{7hPHNa+u<$TFkK;mQaXrS?e$B>D7Am z>Zb1PuNuc0xHawDOIGRDEhqS%ztNrlB|%6cvNGx(UF}}8n|DZzVticMq*t+?69+hv z8E`ENN(h)2uyJJviX2K+Wfhd(6`eP9nR^M40*#_fC?5DAaFPWQ?efj%rHCQT6~A#f)qL%>RL3o8^ex9C z{WQor-|pb6S858hM>0x)mxoFQEu4=Lp5^48rdd4sIt3+c)5l32bo%KJ@<-}XXLr}; z&gfk!zvp@;Ax z48LsT3$8a$4-6L_9ac~(im@quMv(+7MdXzp%Y} z>$BO|kY+2Wljlj+Oj!k@^DrDYcXx;9pL#67F~LQ2!{b))L}H@!>uU8+jw^uoqtGpn zZKRh99`Ss|Dl+S_RIe_2t@m`nd2iGqvCg8!-RphHOFU(Z@1-q;OnIlIcEacfPjE0+ zP4SH^T<(q>wkCwxv&VCmQv^|41W~;XfJ425$9$wego@y-TndXB__Hc zgU|1f++Kuh<3yKh2hXW2!?O)4v2lc+ZcqKZCTOA%gd_>>dU&|h6A(o`!P%USD0RgB zBP~v*OQl-A%9VqsR?xq8cTPC%$+K*kI)1<|3Fd)TWQi1-bSoIyE`!Q%C1VuplB#R~ z;YXdhQXv)KHFH|d8_QrvIXvz15!HO{W|$RQ(&ap(wy|%f?E)SHd}!lmCc`Pztunt> zVJ{*44NH#W@=L=1$rAG}W(uc;i*nDp9QG{&MEydFV*_cd^k-NEj6Rgy2IIG)9o435 zR2=@{))x1Cc38qedHoI1G|E8IQ$WYYx6AGPaWBy8T@j2=@aBXk?kGp{Lx{wh;aS1j zb}cmNE}0{e?fvC7E-t~Rg=nrDW}P-hjY+KO&rdta^cQI&b!s<+#F@^{YRwjJhA#!z z8C85Jg91TsfqakY?Np!4eGS$R`T$^--Aq?DVY*L*FJpMjgE~+U*(MxOmVTyI zjUV-KSUP0NA_jfqz2l1^)wS&?QBv$b9%>e*gM<SET+?yqCPOL1#{kVFX~e#{L~Y z0Dy@#2G1fy~u-|^U4P8suY(Km%)x~;u0vi zF<-HBBNzc-l{M#2J}7m&+%J7lxLNFAUKkFnH~G{i>mNOBD7aRo0{Sc;+2!&qr7NO8 zgn7vi<@b80(N9^&P1R^1`hksQL{Z$PHwJv^Cs5P@;8}+8sd?{}Ip=;PoZnU6pg}8A zKUeSeng%r=@+x`PV~V7;Sb(hMrLyY?YU#1aN0bCp$)@g$AEOTE4yE_IYU%X)z`uCCm7cYVc94)V3F35%?iIOkZN4+L(r*lE`i$ zlov*ty$IZ0VBMDXvMG_rl83{3<~dEUxkP*mHkuD$2Nb72rBX*Q3d%c-$SKt$2x>yy`ME zkDwKIyLz5eaaJ9>0RTot^$Vq$l;9=CnsyUuCf-kGp6R3ZlCM}uB%em+Ight;miBVZ zp`2|-63>XkXg^Zt20f5M*R8kT#e=6(lKwpo&JHg(l9-g5yqtir!0B&`h$0M5*Q&aj zK#PAZ7TR{s@y4g|I%famsqo`KAqf-i!6VNIxevU$M@tn|tl`7TbIB#dOU&2IOWV>{ z26%T1X?zA5#P|n3q?&~)bo6awE>FHFvORO!__#V$}rd zIuyoR>&L!979jvGFJ0f41H&diWUQin3Mw+(b^rRc?QH5-`-2ODX#_z`c_l=&T;=bz z0Pyk1HJTw%xGQ>@5BDmK;#)M^+fV*G!8hqWF1FGVc!N9>bbak|dr4&lAD=~euo;CC z2`37<8HI$o5ZAmhL|XfD-HNj+ zzSjKTfQr=cYTUY!2>cBP=5=)%g{zfE6fBCgvhUu;2ye|)_$G2U*I(?U|2}=gtA2`L zST95{Wk)Q{2=|ihC(zN++3lAe5Io`5KT&l7HJu?Az(w`d`1$$f@GvQC9d3sS$^tD> zE#VJOOp1#&3n*ONT%yA2@Nb*+aZkzk6q^F3`;#}1;>aMF7<`lo7TDCREhy3S=3qg` zU+cCXOQ;;yZ`&>RTh{r#NXd^8S^0D$txa|6UEifvtc$n;^{O?DXoEz9Gkfv<8D%R0 zWbKNiP_^_W3Er5d-Ey#ubj?S~HIWt_IEt#5_~?D^46G7Jf@rwYnW=s4k0?JVfHDn( zSBj%oY(TNACQMKsVvBDTMhHGvj6@R@=*>$Y=3&kHTx=HTRQGh~g%Yjst`}}_E^XAOwNn(|o^>$g_S02vlIkmkEP+vBm;~D`MJPHKv z7~9~O8e{PWDpH~v3sr?Yjn-5=G_x(Ks=<9)LB%gQUJnZufoFq!7}WDQ=Qa?EViIk6 zRd%)iO7_vv{v-VRr(OQmv7()#{SMTkD0DOe)X8!H;Mbp+Yyk^n-9|4@iO5m@Gv4VF z(nLAd5W5!K?Yc*Gv8>OcrvALPULJU-)Vn-8Ru_K4@RX3xL!5TXuf@Pu_FoU9xGhh& zJE;TP-udp0PiwL`xuu*IR~|vm_7DUDSAq~OUbI9YK5PNl_4_SOwDQ?B@`~jTu2AIO z%YAr*1&8z=YqRCk&(EDF3K7yCq;bWmovDMJUSdWr-Uvc16B1Hx_Y!6W&(EZeW$5Wu8}IU{30r$2lcbeM1*tAe z+V5Tn2%{G{u|4Rx3Rnqv%*+_8(iB2(?|qvOWr}}ykag+W2@q#F3toKO0w?TIwCa>| zu)Q#Gnyc9NfAWFvB|L$-BAqmT>0J192{%r;2<5voQGtgj0y6j333JwtA9y+QuOE8S zz%(LG50qkw)!0Tg7>Pazsn53NFF;P%8MRxW3_qfJia%1hsHH^JxV?~-bt*MhTxr5r zBp?qV>?&1l?B>&|BOKF?5RZba(1pC$-FSpm4OL@uBI6Tr>y#D85}Ga6R$`<9dgn(z zJjwh~c^jnsdOQ_+V~rCQo?%@a$UDEsp2_tPW#-~d$0N#A-h76q3gK~q#vJ5p81j^6 z6S5GHkO0ZmWi*?i81sIf3%3T|yIMQ+Y|S=X?3RgE66;!ZK*5mA8zv;>+nU*AtOBe} z&O4otigp=ymmtgv(*j)9(}1aXA+uPGRiiNQmnkG15fPIi0g(yb?;mZv2k?(5!fD{5 z%nX@U$OIU1@AOlAu%xTrfamL5g*I-10WJmCBEyJ1t5W@$?eXYWO%@@n!~RW6@HP0{yrR$rfIf?H#1_J_%tnFjB}v&jw*Ef@jfeol?Xx#IO!ilx`M+0}?P^N^4_gOqS0lewONqQedP%WmS9QJc&>y|Ahg2cMq4GZg(f^S&`pd9sL3** zRe187`bY%|MaazEpD2H4Kjh(vNU^1=;=pZ1I11JnPrW~PPXiU~4d!sL+P&!uX1U_{ zScfLzs$6!n0VnVx_1D()72zOx;7*j9MziJChxt-*oF(cpWj(T~(H`6Tr=g_0GK(SC zBl+6y^zO0)9dUp*7xgA(F@#7~(BnSES-0nA5nDEuhjFj}MS;EeyV#S9t8UM~{u(h= zI7CURVrtjlOYpb(%zKJn_l`OI5ew-ZiW*bh-a_5?*{E<9#tW~u_>Ih&xrXz0eWDuM z+gko3N$Vla@#B*9XhA2(8c9UnImo6^_xFq-5D8iTYQBZY7CE0x>RtrkC0I+BP{RL% z80%yXf90W`R7KIfm}DD*niCY@1r4#^Sa{cHcmF&^0HUUxuihFRTX9hRFi^20GQ?aZ zV@9dpEQLX{A>gbtYVbo*u|_XuxZmq%%oV7DERmCoTnhzIMv}DsQOBNC?DIqIx>^d= zQBmbJ-67^q#YH~LdeCyayreLHXXaww-u6Z6uzbY{WqppT84(J!aP?$sJQ8(%FvC&J zLprWIPGDzD+&KKnT(btUFqjPB%jSM`0e>L0-MgWLOx1?a@MUsZ&e(d@?g-HAi(`-o zzQ}vZtoE{P;_mmbEwH0rB6;gT(j;!iHd06x^Ni7et8<6|N951>T+@|oXtl=%lV$uw zq4H$xF>FYf4Ba`+^X`-j^$}W*nFGD_e$!8HjR$e*!s_2&R;nW`J+eC z^lI_3$W|Gq5x$2y5#lU#bP_VJv})f!w~W4V8Sa|xk22f*NXcz_@O|@GonP{Ct~bPt zZp&>&VC8HcC7SjfkK~}XD-jAOkNVqpUjrcZ;|0pvk7Hq{yKZ5%xWLPwB3m^VM^o-uuEYJ=M7jA5!hyILZ885Dd2&D z>bPmZ_amC@*3&$m5~6N4q7%y~&cFo_Z*e8?a}FtHX;4g&1<~c24pILG6}1yl9Q+u0 zcL>}N{3P~TVoR7m`^zefT;#4o`7Vj$9U>nd%gpU`c!&M=8A)Q3ZpNGdtZKPa@G4Ru zW!ZC55>fALZ`wzI^sHg-cB0N80AfKqoGO_0%vP{8&~q-C!0xUMqEO-|4ch}|D?fZ) z2VewQDjvL9B){N;-tV!6$_+C|G7bL3pTFO&a|k?oju?!&2cUa0vWXqBf8N^I3Yk68 zbnlo;H>PxvAWl9Q8;5LmWcAF@0&K+ONvmnbDK?{rm}6HL{ZC|TielN!vMOI6bw`;n zLpPsZ)<4hilLD~73)$)4nJXLaX(7y$m5P0#`Ve7Z(f%Bk2;6|49^W3LlJO#KZ$*|L zX?C%r0OGZ#kdNddx(%OzRWq=F<+KA&o$_}bLmqC3c)`{pcE<I#_lz8Ia^{?JjE!Lc1~vaJY%GfK0VaeYyss>#}_KGNV)ZHu&<>FtLIv3 zr*S}H&e{WAU;7&1^x?1}W`mU_tg_(wrgcXLTsUQmN|C=}EW*M({MT;Q%-JEA$c(Em zr?}l$h;R3=7me`bv~{XL_=7qXBQz|d_FD&46dz*uw@Hy(>SfXJ$AXSsY?lj${$z;G zRfuPMv$E#!Q&hbe=P~1wz^pR}c90QGpLe=5OLnp^`q|Ms54gB6Atm&)vnlLc$1_(A zB14J$45SV^KtX`^^k`Ul=3UR8%zh%1E(#B;<6=x^ONwQTFWR-k9#{SoDzK0`UhZh5UZeN5+*_iW%_&WI zxvzE@Qs5HRJ)W(H0QhF`d_~{;LwN0;V_;zPg$uOj^Dn+|*!q?Vm}q1G{7c07$7D4= z$@KyC7SXyV)3c{Nu=aroN&HQ&1V)pAaBt5`TVfCX6^Q-$9Y437Tq zqF<+kEfSEr*0=undkFCNf%O1UyUgny0o5uYD`a_SEu~H!=nUZ2Xqyl$;K%I<1T7hoW#$dzIjWIcpae*g>iZMzDH(*isgobeMW`{@cZ9n!xE$s z5fw`gC|KSad5!X5KDMH;A&g7(g*;84Mv0?i?YL!|k*7mSCgwdP~3yKFH zbS|_r#8V1qQrcI;KU}U^w`xvz;S6>eD&d=~YUHk;nww(C@r>6y#^9f` zWeVc@_jvm`bhQKzcJ*DV^T;M$_0 zyXM?APVDI=K8gTX2oxI(H(p`n0qQvi6}}D_NKHfgkvpGsxcZV#wGuqNqR4o*FfguE zTL&Jx2_N_dH?I?{VaTx|pj2*HppPVMoXuVtWTD2IpV8|j;Sd7e=zaTcVfQUx>yypV zK9$nmbJs1xL)(S@g`ph*rESbV)1J-pa5`acv+r$X)-p&0MMHOH!1~NT!nzE;g$2av zI2}r-BvzXAivYxf%((_|ANf1CJCeZtwR#V4_e(=EHC7YWt8|At)bt!a2kB52QcqsH+L^YHA@)nXG6e22@qO*~0q<5|3qHiqx1 zQitft*npW=Zf^9yofW@jv-an3tCy4{Tks+O6x4p#K7anO1w-#QKFD$l%`R)SfW{%+ z8u^U(*AD)#FYTmUdO9WZr-c8nPyF@w3CUwQKeY{&&yk?~9M#=a?H=Mn`X)n`ISFlK zjDxL#=Nh`3AzSug;MgXMXQ+S=I?JCohlh(TwJcW`e0CgI=f(tJ0)cgiEG(oE*l zImcY#ze{52c9w<5{omhBHYTt{a>E~ojQzdx{`0q4Cki3A^@)4-T7P*K#Ychs@4xZq zGg!iXq${zff*A7kKYzmS=k=ZX!|Q&O%8vOZEu341xz_Fg%_KHSaCtVN0Rm{wRYWq|H=RVkBU73o*k7R-PP|$*RJO+8upQfhi7K_td<>i z_ktpI6u79~vcO7(gtU#H@_A3j5IqB*US3i4M&iNcfvmpHJGWrDe;+RR$Jz(}opyMp zTGoL?{?BJ*d}5_crR-*%8-T;vvVs=EEpW8`3WpF+0=Tz5%c-%=vVzna2Fin5QR$ZvH&Q6-X>0~TK=1s#@PQhAc_Z62#!b9f}l>7ELxk( zr-dI%i{%&>?sx0SXf+WL)UTgRa{2rFvox7Zm%BW^eYMK0UgemgTw@yXcDziM%xp0i zx1pgWo>RO?cl8T^GTV&O)A@Er!VB6zV}$Kn-?pv~%{Q^%mbGnOlR+k3nbk61pYG3o zo~br_z8_Le!pT4^;2Q0j#+kCtq?$ibs#S&T!Dfbt%cS~Y)_DJ|`_%hWr?o95^=5nS zTTUawdA9>0%UtEbB)R?6`2w>wi5bp6#m>JhrTZ8Q7Ndtv;2;(DzNX7MbG$0>-CL z%@ItZ8(nvK)&`@Jl9MfDtDyu*TbyPRfOk8{&NQoy_|5I&F188DPY?B93#y&G+X=FR+I`1-hzwdWt179wnh8GLPvu$8yHt@h@Am7SqFm;ZdcNVEsu+ zoJgg$S0DUA9yLSfIQ=T6xdOK+ebQH}g*;bNSv{c&gUBJLNx`x7N;I;^_qVg_wgVdV z{tF}r-g0DDF-nqn@@s*(CrK9SwQGqsqRG;g;1V8N?YMii>u6*Q){F1G%Wa3I z7?FRexOH0@c#zXwq@5zq9Z?ljrMc$ie|Ni(lb=shqtOapdOz~TH@H^s?|A+I&H(PN zS+mND-{bu2g)`avrC9CM)RSeeJ22s{V!=Qa-*Ii##_(A6Cfk~~*+j8SfdUa}_e1i zT=hoq^Ok5;1QW8GKlh@bmG9}x)RGcx;RKD_rDY?l|N)!RjDKLC6O_i5$a(+I>d5nMNy^WSY z6NJw!lE7;G?W_QaV~|odjfBMD;$xdSaMk)+33{{uxsVc@>sqn&Hm5~4w!X!ijyJHR znK+498YTo}@J1gkKv<^Aeb^?#cAv^PJ74dTv_6m`3mOGT;f60K3Y4N)vt_NvP2LtG zA|VAGYcaF(H^^6YqXCrX`QljwiifAg2mRsC5hid~KL{_@8dXu*DCU2~pw z32YzyL?;@S_N}qd=(z?L3QeumbaL(f9AzF+oBd_rz(qbsWqJ6wsZSVKgiq`F8dt_JZ^V< zN;KybM)$kCPHXm2b1DG4R+v2FkOi39rkyP`D40S^s{NL4-I_B296C9HxZ}nv%uDxN zX6(|5tV*-FczDbjOl+j5kU9*2=bYfIrSnsfttG5?7tchLT4;fUEf8Hix2>f@_p8QX zfqLiLtqJhg*LmvEk7~-QozW0FpmHv%LpQ zO!kqD71;Hlv!5lE`6Gxc1_TF2=JHKkCAa1F>&oK}6mHqL)!rVTi;w3TJ+4u6t2uWC zp;i2P2(;>6f*8_1hbdj`qoFwHb7|}@ffh4OCQf~^96?(1hR|ea>6K;z8S;oAroJSK z?_=EP3FpL}hR1kN6f#BLJBE9YnKbak@M2tZOUpP@P+9U}l4NNzH;tt6yKlLmuE;K( zxu(NctMrdtq%TxeI&YB{AA>8-6MIE2{*Q1#Ofez2rgf2lWZEpwn$^r4NpV3+4rXSZ z8g=xNz=v1#3XRd6NUP`((_%U@sRAV>U@ed3rDnWc9m~pl55V2*C>_4Rp>Q({*XZV+HTr2yZ%sjsW+u1Gl8% zHIub@N2I%_0whJOA8#OswoT^S(D`D+asIj6ZAdQ6UScg9$F0bUM>uOKQSWiz_sye^E<#b52h*B|Z zIyrPX)b-XPnf{Q#rj79wBgW=(F~1D7bCLGmagW|!$}nhWZk1%$JF+56RKfk6;Cyc} z?$(CN)X9mf!QzTOq^)f;SEcgqWK&_L(vr8v%(@9Qa-AdxAlGtPl zr6TFDDN)uB*^_}+kQ4S9Ev|_8q)x=peISZAPIF^3`)76+qEY*ND4gAT`7I%zY5D+D zgUOCT($lPJdm!2Zzua!icXbw>de?J@A%&+lz@%4MyukUyd=IJoB|hDeoSc- zAma{nM%@8wfvYcL8exQo4RTbXw|8-Bwb5&~gEOb#M(Mq}ntFk@8+I9Fg~C;KtM6V{ zCq(2v&$-=TG7*o)?RgxO>a5FBPX^;&RGTZ6N`Y)i=s)z-x%JWs-m(VVB?w6On}POE z<$F4QYjqijq=GJQ+wS#x2QC~p>Z;vPG_E!nCJcIR#i(TnN!KsZA%eSX-(t_sCYMoO z12ed<_@yZbZ*NK;lo^$j*3V2vR}Yv2_1n&6M9b-Qx~NDNYV30O+y*~JW=hZSz8 zKd4luEWf{GqXYv;>J=VxEw6`Q7DSAE&YQL7P5T775jit1VS$kG*j=rqcIj03q$>GM zNNky=@QB;J6%~#hkk+UrM3Ou@9L+t<`&NF?$-{p2`x5s5?Rfc}RDEaARq+$w*W4`f(u^+4UxWeTN=!#MF=nrC-sinp2qxP7i9uf) zbD3GJX&Eu`Oxt3U$VNL#5FT6tDXAYr+#{ERx|upQ-btV`pkd&wQUuyIP_CMeg_C-M z(LCzZKDVLfOA6EH1HDQUyZ2T)Mbl}o**3-nO?o$Fm;(ylNnXcc-i2y0JMjIEOxns` zWDnx`b}^>W1XbmV#juhZf5LuGiB2M(9IPVW2z}{1Ts1^CO5(98f4W$dUp#n|{T%YCviIYNET%$9Ff?7^9?FVUZSR-OdHim7?KuyZ^`8 zS4U;Ft$T}rAP9&O3P^WKcS=Zim(tyxBGTO*N_Tf7-HnuVcQ<^Kv$yB$v%h`L-S;}) zKh|KNu6NBfpZUZu-f_Jmg;ZcoyNJqDG+di6TWy#sYLX>t9jrp?Au8=u9_mg@#Q^L9Zy4x9)u5mv*PD3au`WsaeYqnC}7AzGE2OQ*hXnt)bco|SA$`V>veEFT7832R8MAIg)O2^woJ~qXR&h1_~P{D zPR`DTr{d@%Fi^2(;k?g{(l{qYD}Ke41zl)~6jsq0`@QhFgWE?i+wF=MZfTaiOez(~ zOUEvu)%sGhYR2p@9PrrK;ssrg3wEM#YJU_v5$X1Y^0JEnnI2O0X@;>{ZT;5_H9$U@ zs;p9>yY+Kb%;}&x{P;^#*$1ddBdbG&c3ow;rVeh=e7V=`&-Gh~ht5DAlD$WWI)Y<-)V~pb<9Q!mXHQ7h8I)$hTO--lU&Mx7rA0V8yyC7h!;Acn>m3Df0mag#J?-LcGT zGa8Ob6&{VvS-MW-x+WgR(VMD}OXF{!Zc`>oTTQ2Ht~{sKtRV-+KG$qMp4$JV&G&~I zg9i@Xmm47hI&}%3o)CuEB6I~JjP^))XRPn?Xe|?Ks_b<|Hd?~z!QCy4%|;jU<#$vJ z-_2_AGM*etZw`TshEb_Z(S+zb<`Y?ri=TDnPP;0g+0tT#b+hU+Xg{B&dwfsNo;=K> zIV{pP3TsKo?GwDVWa3t%rsXME^L?2_@&(K{6^d&l?8rKiC`w)~uAh42OGbmT#<@$I zhOuThx`i=Y@V|gJLeTi2%lE)xKgPfx3f+fZBBxM<8L5Nh3YBMpTmno$8I`c%LwQu1 zLG(D>M z=_s3DgGQs;>)q#Og@w~}e*vxj>zA%brTOc#2*c6zuRU5$`qY{(m#E@5r_438mGTr; zjFi)`ZY2{;YG?q@KAB$coz=`^u@#>Ku;I zp;yJ>zQ^J9X3N%L8TIg?Q*?~~WrQu#Ai zK?w!=u`j0HR+-J?UE83IM&%lgp293H$QbLkZ!ub-!}Nd&kTf+(+i9sC$8SXv1Z*3L z#p<*?8*t3XpQ!!_8IWR{i!{JAcbfFms=_U4y4+>4UJaey#=BpZOO~5{lL^9p1=H|B5Oc4GuQ%r6Yh4h-3_n^6Jl48lt#o^1{w_!zZ z*{kfN{&ura3mVHGZN)@L9Fv)FK%vbe)QD{lW4te`b!DLk2w@rWx&k9hTxDEMuCjno z5=Cm$nIDJT%1PegWpB2!zPsJ5w4)#9Le7unxt6l^M9{S@;r64jbZL(8Ewf9CF^AZ88pwd@z zbercnHj7I{WouZ0N9%pcR?cbOr`?mx6>4@TPH}G@{Te19!tVU2QLS9M4)X`vUsKB6WW{>P>y*KZaS!d%d98$>JEwlYQNCy3%E;R+Z$C-ko!Q8G_ku13Mcs-ylEH_!s zyghVidVTFV+jo{3*CoCUc*1}EzW({Ap|Ot?4MJl^#n$ki}V*-N_DYNB)W@lC1XhyH%3Y&Y0`(+R6mDy|vXsJTN zA-EnA-TUCU3j$0S_v@Wb2!xx}n@f0fGK)DU*YjzsMh?gF)#g*o6-OX)9SrZq5}x|hi?uNhYgbv6APY&5~$jdtE7jj-Q9Jj7*6c4(k(=soBycy0+i2}gJDZQ zZ#DKcRJ^KcPt&_c?^07!Khy+yQnuRp{h)z)_|kIS9+x$?Nd zz8$Gude+N&gr3<~bL{5~+IMzBXcr%Y_te>XGjEE8Z7sRWKot*%Hfm_CxBJ@t{@okk zeNyXoKgV@MAJfTwv~5nR-||haQAK?BF5r55CNC@B{jQa0>wfVAkcSFWn+G&KMx$XB z>SIsxAk6xU9d7GAEZv@{kkVBuQtV2l%r}F>UZyklGGQ{S2Hi)fCqN9;5eXSMl66WZ zrXw!7TxbOJvUAq9vzykYY4foEsZIRnb^ldReWC)h4!Ke}66eZ%xlB1>Dq}o-R7I@>KR)M8v|IyM&_l^6)Hvixv6lVng_-9Fwl(?4r(=xT|m`Q;c{f z*UXz?bH&~?K^F-Q`6_Y0z2k#h)i zt}+knT%`>C&UL4h0C(aU!VP48sf>(F5d({}RtBOX&<5hfP1$Y3`n^M53EXI_IEaa^ z-wOe!!pypITf}&ipOv1Kg_^N%_nenfQRJ~2G;%pLe%EZxe7r?JVNfx>? zff;7@$)AB+&Ohae ze>kRpyR1iq@Sz9T;xQnkHqoJ0BtaFx8>+^e@-Zx{pHeY1a$>*+&p5iT+}0J>mBHZC zCUuQQogP9w?XGKC2CLDONfiHXzW1CWm5W{A znMNX!8Wggi@6M>2KN__OgKb5IcaEzIrD*F#rC?&jgT^#HL5FnItiXj(_oJ2C1|niM;wJ@ZBPGOC}&?p3xu*M1YWxcy#ro()5;}k!qlS+E7!na3os1ad<$E#PH)PD$ z4%g51lLPaznP!{HBCP9Am$!N+TwVG=@!_`sMPjK@7|ANz;o!+(va34od_wB`x$Ptw z;FPSkj-I_9iKvRgl}v7}*BI4%n3POc>k&m!D}Rn;hw(pPDbw%O8+|3uu38v_LGfz~ z2&;d}>Xpd9hT2Q;(;!9C4ZXZV{^Twuy!To2OqpG>Y zRnXATvT`;k8A!0jDxE*yxZJ=XVfS2zWZ}n-&-7jcTkR=!iLu`?uY`;qQF)L--fc)~ z-~Nz{*E>EAK%*hCM`AWzs4f~ME&dg4et)NNg`cu;5S{0-z$0QU;Hdg1BqTiJD$gj) zU4D-_J~6DwMJ)L>DV8V*mU0zGIlogx>CI=(y(=t6D6d!Mx}Nd; zz`%gz6CSIkGZ)0`YgM;L?KUoF`7_oo&Q}8J|HC5wx-lNUhdZ+8LwI!ihwt(CFFo4O zfPS48e46{;{15+acWcx==$u~@Iov|}`UN}QdN#xU4@Km^{q^5}*N+tFKJvG@%GRD8 z9fiLG9=ndR-hr0?LGbLqMVp-$JYN#k)w+vHeSFwWl^XCblU@zL{>_Zy*CPeDnEIfG z{^kkV?*aKgok4%~WuCuJ1}dOp$&;x6C*SQ)5|3o9w%->2XBfpFzCSL}Q+^?#e`GUc z>%9p+0QM54BYA%mMFDh51g6UL0DC5ckX_>0vwuAT+)bdfO1G(j8Tf}E{^8&J_e+QV z$Gp5P<@*b~Y}RL3obGpt9J6!X>NhJrah^b@j0dzn-1`Y!YQAd%lUZ_wB5|&tKW$9z zv5(Hroof(Z=GcOMYsKD=I8fnmMD!H!Xd=Myk4Hj6;;6~oczqA} z5!2GrMzY&ei|j6ID+ED?NP?Oj1_|dYsCtf04nkWxr^<9QTD{<8f_J7Wm~NO?d&cvo zY1P%#NJXF?TNhhRMuxRXR<2X7b2Td9K$PN}r;3iKdGs@- z`{pr8+334w9lE+ymN$Q6w=Aqev+(R!k&SL7lyJ9AO|>0z56vXa`qsCwVU9r`FA zaKT)-Uw?PFTFiQ?XG;Ft>|gas&$d0=hF;L&NM$EQyNKNDS_Z3(B{owK^$EaK*BW>qS%f>T9R zA{Ra&nmX-qyU1|1J08I05|apTF&_RNf=pX6I6oNSI5&aiwcv&k?5>A$imCYns) zqb7TAH(D9crua17bQjB~&Tbn?dX0#cj_rEgeV(RaxRpX*{-GP-Lx#g0tv9|y?Dvvm z&HlJEGanLCDPGZk$MsDYeoY1x6f2gEnCArI$!A$^N=g!Xj~(2J%i!Zb zOTfG)mK|#E$oV^A%M$)Tu4XkC<1=UVT5OS^4Dj*o>Kz@;UQ83>E&p)%;^^>@X*wB2 z5!kzkoVS&K=h&qIelZ7ppCIcmgdPTAthcPzXt!_m7*6-5)SEew0cHA6~u2HNrjy~^abLR#Eqxi;oQ95A%0*9Vib zfR0fblajFGV_-}WL9z?vBh}fPbfJdIEeU9Coe^txuK-t*3o&)2)uaA9_vH@*ksbS5 z+cdfik)B%)&U*5*%EiH6;9=XdW~y3&a{q=wR=pc{zGU8oXp&XwzPaVyG#4e|A0C4c zvdqYM$1fN6|9ZMAK(oO5)9YDYnzn|}Ime9mpxIeG>W;72-T+a-N@N7&NtokHw;sT= zT*~6@c&_vu<#yt9lgX+P&|H7sB7-NFVMVlcqyQ5zRl|b0mfKum17r^U{etmmXe7xs z%1JAX=lpMOZ&ynA_`Vx-7OGoex!=;OK5_E)@{;yjYR|T4`7F4+ob$OzqfW5tjw^~< zqn4j~fI3nc%Bf+lCIan)_86`mXhf=)7%?URg$x&0SHCR70>vyeM&prK7ul@JF@7`a z@+3naaOmJiOgSN^FN>I&6^@BPA#Xwsi#>D)Xb75REsy2CtFhpkwqES(en@X{_4dC< zq>5TwYQo%0f$TS%Zy>l=t&~HWk@5c2V}|tt!~P&Y;8^fqmhrg%6znA=XM!* zw(U-re*+|*p%>ETT|S;G?;svlC%d^~d)1Q7*2EkovKtemr-I|Ta+#oA(LG3ph}AK# z+Z~nfws;$tPp$9I_8MR#vwMRg{&K3}M+2}=9&OyP!M}0~o>CN2)k>364w}TV1cHP4 z8)&QI#F7Bd+Z`%k#>D{K4{Kdk$)Tw=`7$9Q>fL|%(p21D89K3U6q#mG)AK{Dn*|m4aXV%l#o;b>-&r&-Clzk$ChC`!KAjr;+&sB zSzhBI!!npAp3S|mY7KVkPdqGfG@soD%3NR6i`na$5+rj)&9J1U0yESpH2a^w{$<0b2=%+g=WlJs7=m<(Kj$Nx6t*=WL+gLZ9m6qIV21pa^qa0n$DKW%adT! z!;t3!efIs6RB;aq!_E#{hPyi2Qfz&G*Pl4qHI~IXAab6_ z7eDiWLSLZFSG#EH7d+i=lDkiopC~t(t5i2z`XJ1$$vrx!B>C~Na+yvhPDfz0e!sg9 z_w9{)IY@fqyyR~C?`#fyA_2}zxsxpFC2Ji^@9He8waS=GOO#O-fhh|lEjoA8SR|M0 zr>&k1Mxn|bt2vu1$21Wo$291JJC`&XO@C|-IXUkE?vMS4 z!2LoKR|IMv)Mwq0%Dqxu5I|*+n;zpCOb}?49A}hb6wVa;+3nAfT#xIA_a%@p7icyl ziYR2`(>t0@mx_y3&4mvnveRr^HBYp%mQ|1`!mkZVawHY?ES)M`+m&KVM!AA+-<8e5 zhppKX&*6(xidh^S8X>!Pp`yTo#$Y`fVXR)WKQNEaj7NB;%$9Y3${chxzi!o(wp%`+jm|P;vVl%uI3CYaquW}&k4$Ok z|K*e)85RyvBGgUx+5uBsyAPrnK87+wTDvjgmf1*2Q_RxbRpc7#H58j80o2dUJEmLK zW135Qhv}2JHtyVm`CUAmXJcHR4!Ju+Qr~U%Z))^JEz`x{zxUl?J2FJ!44}PJlj{r& zF4?`v<K5TYNzJeY_ zR7%5gT05^Y_73^RH@8t}lsQ|_z8@05raTMFTNg;x^Nnqd>g<#KY;CAiR0z9dLKJh_ z1lm@D1U^Vn53nnmtVO%>q()5*J5-2-mu|N~cQ?k-v+YxpwYHl&DhS)p-=jdFO6{&u z)73aRvbhBI<3Dnm9en8r8P;^S=S(h>i`Bq<@NNnRrsZKwoAyb>2kDEqdHJLJIjqBR zW;&&C$uIMmH*r!qe2$J9H>}P3n26P@R)EQ58gEw9(pq%=4FTN^iJg_5b!^SVWTDY( zuR>h05Tmq&jWuJW@*|$((}ml(`a*pXHcXvZF=0i_^~esfH^*C0pUU)^A& z`fD^*2=nIPc(PsQtwPbH)XYhLHu4w%9+?8!SBI#_A3rXxtgWpL;js>x_MI>HO-~f4 zM-T_&2mv4+!;B9CndArC1-5tw-CPdKf%NMKgvFrGYMz2@m4@r8K0ip|vYjUfv@q;7 zU(0px(-?a}F4ko4ga(&Cg?)SSarad{r}^Hj)p^7Zp6lu@t@#A9Pv`3ij&pB~@S((( z)PJ3G|Lv*q@W8Uvv55NkW=ZyQaB$2TUVGb4pV8xYmB<9KP1mNuU-d=fef@f}xT`2@!Uz=%82`};pi+n139Fp=@I@k}A=(Hugz68+i7#?b*xoVuvbxjiK z1O+Po=5!q0u2>B{+%=Q>N)(~#mAFwo{H>X!* zw54^6C^WNqE!7KzDl#?QnRPT|XAa;%Q-~A`Gqew)4R{OKURXRxkR+SiM=3*G*N=L# z*&2j=5cXk=(ElDAtAD~U^1OK-Fc7KA((g=Et4ydB-wB`z-CbV+BIsog=Acp>)Adbz zKqa;q^oK-PCY$FtQ+y@P`cYRsG;m8Cf=S}{&8ZX@1sDmc&~_V~qV*S37_84r zoyN)0+(8@s<5=J5s3)LB3i{aXr$Srb4WB(Q1=`zQWui|qb(A%)-yAHy3#b6*3Lh)g zb(d$W9RsGgDi&wG;Ekl6ZOfA;Jd~8`w8&1khQ-Y=PW!7)Is=Pnt@@S}D`Gg5#o z>^-*jNtO1d8{R{ z$sGBBn;VzzFeWgR4U=`Z76SBu@hb)RL|2Qsjv%Xw64)~vD?W$tQsLkt@HTbk#n%r$ zbq@!z2o={qyN_xBV-uG*MsK^lAIhnhH}5h$vKla8*RRZ1sVSX38>MNIl9DPOcB{~$dd0h2q?$)8o^TSNc6xYN65HQ9 z&bXH!YrPhiV$R1t%{)w#{2+5kXhg%Dly zgVOQfVgdoU?ELzBzoxC3ZlPL((b!r?zpB>N-uwzv zRK-Xb69oRUMZlW4F1KdTrGf-S5%*BAdfjGQ_vnKG0BUc{IMC3id(nJN|608d#f}^i zMvMzx3dnF|!7G{#UG`3H?%fKt&1hr-FPG7n<*Z>}oXnxL)J~dF`ETVxD9opTv>eGj zY{wO*JNSuOy+OF?w&D{IRB$zvbq)@w{k`=&iT9zGvmJ&!J7R28D z;`1~f0mO1ORD)P-7DB==ETP`;O`xLdUVR`~WGf*eg`|c`E$8c~EdoAHCYV_cJ=WZt zYm(%=s;BVOaJWysyY&sKE;k=lX|!rqO7a%p*eF@HN^+lTwDx%*me?$vy18B(OtoW~ zcHU;U&X1R#&br@?(A~No9A+`txA4hB7d?M3=h1<%9dWgP1_&>5#r&`1t1OT?pDU|e z?nB)-EZifqSkzi{m)elp87=X@L1B}$dyJ*?v%py2QDd9Q?Au_|jYwnB#Xg%p(;Ln+ zn0R{g#@YECZRa?ua77kTTJ$^i`P_FTfFxb1w$Aiso=IoDKZ+hkzCa6hVm&FiT-tqb zP_vrJN9o%P^W7eruLY#{p0^M;8}S^-u?QVj7e58A;;ghdyJ4ES+yHk2&;( zag!P>#wlZIqK39-Gm)bx!{_mY5M!}`+z_YxSs>Te4A2gFzb?h?H@?waGRk1T$u{Ns zT_q~VtisCAD%%~c@M~Ju0J1Z&fDb>bq0Mh82bo0kgfm>D{N+{_cN_PTz;o^-&aH^X zm8G4;rFx6jUr8RJqqvdN%r^vlig?~0rRd8@}_(H;;>MqAe$KXuEOTdT`o;U z-qiIfzsaym|9ge4#)Z?${R2|I+onEOW^S6%@OviusHr>K#XF3v!w+eFQ4ftkjr~(a z@s-#Hj)uSvx{tHx4}-S?L>iWnU`R{AlOm_L+1h1!g9!oboUK5ZGWdCp*6 zICiYBWOXFoobNJEkL?3#s}F=QukQ~=p+xI~Dj(`-)SlO+JC@INL%8;()1I6fo&|E3 zf6z*MqU6Do{|IKja_`4O>7hUV#S@3QK$(aeM~>)@nZz};adZBpf+AYxvQ$^j_R`24 z^A2&pcUaqC$-Jrej4naP%W7I5#@%dpx;AViL)_Q~E1wYOp?Nh}A!ewrrRd$gK=PI0 zYJJnDgRhwIyXDI2txvRU+YDSU?`Jg`)*PbmPBIs}WHNPm;bgbHx4iCHFUTKDP7VWE zj$wLa+*}&$J@5N>z|xNV=8VP*_lx~1oWx6nTNQ{SnbVpAM34NwSCS+X|fLg1C%$Omn31Bt1deOUB784fj zqj?Y@Y>!9HTtZm7UYc|XF{~GDP7^2h$U%!vpvig-#-7!oJ(I0>kTzADZGwxYl+7h9 zP_Fy|V5jUmvtJ=k9qIxmm}#;fNitTjgqU|`p2{^zm?}%+P_nxAm_Kl%08K?LN4yuU z9PET#w1kYn&U~C+?{SL0&qQxb*CTuU>g(%Qew^5GQ0*Lf9W(C#yuHHI-H1dufPZWU z>(JRaSg+NTP&^S?R)7dffoYU#nJ3&Txt$O?0Ie=~dAv4m=j>0`Py;Zq6O|t!9#25A z1k69Qc0oyAsiX_!J<45|*>;b4<(GVz*X}rFuk)qcM=z~E-!mmV5w&7>p0NY+MU{^$C14aH;&E9x^(*}6qBk3(0I%3d-+MU3Hw1UC;aQo%fq{`i*0#0;n)72zyyou?k}L2m>JqBV zy2(nkwUVU=u%=9V2s?N8e%47!ONY_%gh687-rP`PuMMZ+9-3$2E%92TUoO;CIOWpn zYX=4f;v*+`aVJXO=XiTa#&Xgs0)KWpzY%~=wlG(@gr^|Q3`V)6a6+9?%CLvDr{9dp{(2Y2GhZZd*(C6{9mBIP=dUf}Snv4}=T zTyP^~wrfIt`6W6Tp7x309L1%`W3Xf8!mOF~KcrT;oA3wcj-aS2cTSz9cCIu*tmsYb zu3XL#UY5MkHeNId1f@U+U{7Rr+JlZJw~|luHrm1YIeqWZd2Q#HWfB^QJ2hdP=N~48 zEiqNOW#u}9%NLuSgt*wpXb-Q};6Wn1rujY6<_Qywn15$X*Hrh}>w4B%%hQe|E&n~- zT*ZdRy4?mhLf0EP$L053!sL-O%<^Q4vp>|Z0`6nYe%gjs?y{n=>)Mj{#8J`Pnn+9P zX#n>xw{7ZznOdRrQlxJOzOb)(Qz%r?fO1Q;vO3q^S`y5L^nvyiw7x@M3NeJ zw%4zR2R%rldQh@z$9sFZmaZ$-hn})ou04*TAse}dxfsQwUF*cdD^+Hr9jH>7$of>? zaj(B~)&SFbg{$6RDXJEeRZ6XoU`m!xukUc^Cbev%HK#jTD__9?Onj^-tf4BmZH-*Tw9jf)XWI)UqiwQE`u&kD z93PHW9NAp&-~>2=7~tg=Qk&=XsX|+xUo}elKkA_AluX0hxBL1G!W-q#88JE4E01X_ zuX{C(WKd?#Xtn&4@SgRNCj92nsj8suyYKk?Jxj}S6)sPEV)5SO&{|uhHqO>we=7Cw zi^sAc#Xrc-gl+C3+_IK7WqJFSkWlQ2bZ+JBJ<#a!Tj-z0=P7xmUhN`&VyUnjZ5xuz zMly*5%^8hm&yU-AIEvmSpDtl0mG_NF{XE0C%3y0gfK*USxsb*skjR*6G}*J$@Iw)z z%I$&gdn%rzSXh+RW`5VFv!w}z^Nm7tGt9&0mDMhLON@>U7x9PJpE%{8BGidvCGIAhb5CaT`RQ7Ru-Y9bzc&zdXC*fZ|t(J?SNkqOQQuR$`l%Mbq326Zg)OIrC0~UUDK&f{pFN-logTAqg1BkAGFr&du0;iR!2Wr%k;uuGmW22 zT{Vt7av`^bC;FA~_KTc+Op%Z)vwBU%z5+ZCHiZpd0iz7jC*~`IN$Q9}LS0h@?Xt1V zMVjgpx=7SmMm2;M0cc9OI3)WtDsPMOH7of)YDAqz7tE1+62Y(blAX&_s*BB3xy&)u z^fjfA?ht{d;_8LU0gEWg0L`|=qy73-%oV!dIKj=^$O}z_cJs2av&;wUhT}&>IVxT< zM?T!5RW^+=>3*BWgpYg79@VUNLJ!L7ZUU#Gh6l1L)S=sj-h1F8JWfc2ldR1a0xx8?@L}TXt zAurL%6{nwSQyX)I1r@HW{J4aYo&Bo<1N`rp#0S)}Ka)9d>x&2GSyWQGMhhTHtx!f< z#}r0ru%Exl@YYi6-;z(0U8f#pr6mTlLL>6bxk?6c8?n9svG7DxQC-EIk%#g~3--~< zp$l=MTM}1{L$35dYqv*SPD4YWcaQcZ50oWFD^0uHqFW>W^4ep^0eu>c@lst3KvQkq zt+O|P`{1emOAA2oMq{CMay90MwkG-jhae*EDH;SB73Ks(4|cq~TG7VFt0l1z-WEwx z;>yAu(lc}z{@lPAj$1Z;m}TpwR@rFlPoy!GT3dTQye%W4kX+-IissWqF_$VXgaeAY z5WCZrVX*@VzGaS9?$Xl3U36qbhwuPE16JK(${9`*$NZ4>c!?L0D}XV<-k4-m7?`%` zGl}JFw@(qZn z>iVNc7R?$jvqc4+N0Aavj$3AoUW!_&0#PS?QU*q7PQ)uNFLFr|Z8jC*pDV^`T| zWub;~Kc+W+%ReD}wjn6XJIU|c5P$mI{$VVR(5KqPcEYC|up!^J9LMEDnwKO!# zr>>H-5SmffPR&;A{PH?JB+irJc&$&uM=}xg`w}WkY}LiD)pHFX0>m$V4B(d$=&QKA zcwwZ_DJo`eCf8OyHa0Ifv#h*mI3ga902{pWZP2%SyLZAY?Ts^1@A;FW8JXERbt=V| z%d3yxyGk!l;wZ9mqA0%?x_K+0`Q|tHAyC47v6Q@&1N%9V)!d7NeE|Pbq4#P!j*Z>& zZPV8sP8&6-eVoZNP&fVRGyD%3h({#R2YYW}PDvgWZa@sAvNh0UKfkQ(4KFt@a|to%Vp zN8Yn!C&Z+}4kIafu1MEz(?^dO6jWyslygss{8~s87!HXpi-Nj#D6?xVKlBWR#?nm# zd#xqj^0cKT!Uby-2f2nkKOai3V;t`{<71w0PwV?Q+fRU>%7mfY`>#NU?r6WU!Xw^| zINKI+w%l(2<1Y^WUp1Kjd@?WezbNMX{5JTQT(R^m5YF`qPG%EIT-}U|MN`3HGob1k zG>XArXlds=z?0ks@B_1neBOS4InA3Lc9(Dk(;vJa7m-2AN1#$|_3|Mx&$}nRDEVk) zW-8iBt;8mojDJ1dKSSe+yXVteP0=4iG6R(zQV1q*e`A}&ErcoA;m?ja z#tDKd2XK<;T()OgWhRk_Zxm7l=n89l9uB0jZ@j0~xmq~?c>4)?Aw%_AJfM>4Od8 zKUUW6=?`bgk2%L6Iu31#v#%D;PSMK-iDdNWI#$<($?oWXk5-52KhuW%+Yy6I=s^u( zVBkT)^yJpOjQ{O485}}DsL1dzZMlq&Er;XTH#Nzaju5#|-+F8uPF9pl?!#vXZ~J2F z`1Cv?G4pSxi%o%iiUZ$Fo$Ed_@>|FEg)r&IS%I%dx@pBOmbq&!E^8HNM8qsM{$?bWf}U3(LMHmEiA z62@4LR9$X6sd~Y!0V<`8n4EmV&ub)x!If zhO$RROGd2+ZR#ZpFJ?d2fj_e8JgRqSD(Q0BRXk+nQYwi{dm6L;b?jdrS;pM=)lBt| zuXMbBJby5|GiAN@qb^}3{CYP~abPF1e^lMH*Y|TkSwv#ASCNoJl44A;>pX33Sny~0 zHMt@|B34ZYe!_m`YVX!og0ag>CztaXd^V@6Zz?{IVLv^B1*&r-q2cE!S9v-g?{0K4 zecdOEl^TV7){YvWo4BPlI6{&N5Kt+?HSL;g_wfoQt~mRn)~V;yyXWsE25&Wlaamvpe1>jJl-d=;hrJhA^m6 zD@ZL7yn>VMXVI-e>99ho=x^C0^%F9L4wTVkbX26@v=R14r7gocs~s+NFJ%OBbcR3E zonBJh^N`(WCx_ufvjsp-DMhlTsv5Hv<_}$InKZ1a!4%;2QKR)G1hC-i$;mOiVR7=7 zNN%8%vFLoo-ywIF$yr=tYgCm$PN6-XucqM3FgP3#b9b_lLnD4`iS1ZhCxRT*Dy+(H zXv6_jA0L(~oyKFOKI?5|xbC)nE^^}K`4n>#HG{=5b)@8-#_m`yvMaN5n9IC{$W8Ly z{t_eb`OM@wO!k-;?V9f-b}Pbs<`4J3SgA)Il%mZ$uo0BRq?)<07@RWhosL$zS(fjd zr5a~h$BEG{8S@m?Q4dPqdI%tReR*4~(q1|;INf9M6zgj^0dy$~9YY|2fMHuW<#Q}{ z!jFh(?@JdvsOZQ=P(`g6at8RYq}#J1O_piIL3YcPq}uad)@5M%iH|`?|JtI68Fjp6 zb&$AUa1QI}HTi@t0aW~zLVFeiD=QnU<%fLo=#>T=!%-z)p}dW1`mE`3@@(4e0LLYm%#us3LZ2Dt*Yc zAjfS>jOvY%o00nM)pt0Ck~vD|Qzp8{Uh+Y}hL?7c(bF!tY-mH05PLP3Vzqh@sjkIu zBXT#F>PtisNyW=r>PX0lHO>17isx^CN?9P_@jftMlhcL;S)z14Lgow;@Ta8g!;{gm z{vssXVVJ(p=|rAj`h}(F0~d{KA=@d|)6h}*GTdMSzEaZBSj#cd`)1sdC&pH&o2hei zYJoL5wvw*5I<*pLCMzgQPlKPt$!I%ZRrq_M1J{+*_^96D-RqEyw__@>jBsnc1w@Vv zi9~N%zTEIL@U!DR>Ryf_kk-s#9t4s!FSU4y;32H_&fkw?M_P_9UmW-q`BLTp5&W=5 z2ARQ=*lr84Mt5v(XFSXcl@+wj9%V6j$bSTlE)J;h>ty^23dNuF2P`+(9kcTdIZ5cZ z|9UdbC>{Xgy2VgoHl?8qvYsD&7MEYNkaO= z4gZY=r9*=F&e0jCZ>se4*RB5Zp8xhmIuO+$9)%)!^1q6}e~i^#eNecuVxD;~(a}kS zN-8C!y^k4`Ab@?w|0YiS;g{bBK0UU`=exKu*U|J33L;X)#H4p>hW=l?=l`}N z7Q|nE`ap-^tE#Gud^TP|L1?AobXYLj>?FbPQHGaCBv2xDMH-~k-K3(miS>55|`;jgv=!v zNQ3HENWUJHIiyEy>?=SQ4lM%0kyRf>x3Gh;*d^wi&eKA;F6H(lO}iFaQ`~93d3+Zf zs)u&hKM-LUg?R!k{eC0C)jUGO`iK(?1C6-I-o}P}{zlh7FQQZ+9eqBsfOyxLY%sqi$ zNDK`$x8q&`gYU9Xty8IMOimI4lS7)YMSL_#aiV=j>PLbFZ~F>dP|!rfv=Aimp)G#h zgO2oLO7a=^1I_7TM~VWqG6j8f0GLQ`Cd@s-#Nr}@5VkqTDpptcZ-BHkZ|d>zVeJI`oZ zR^=;?ebM_d;Q-H2xC*ATG`o(UD;9o?5_r{O)2NH$1@o2ICyrFbRJ#^rSP0R5`*X&CO3uJ8x zl9|wSqP(D7>wRjc@;7szdy@B7BKx<^K+xhp3GA?9Q3+2|7|MYC8b!HoVscLYB&oIf z^BD@pOX}?>E8SSq88&FXFMq!W2Tv%L7n(824e}*A8E{+-E?v0fp)@$kGe3sB0%A5M zYno)=Tllu*DkYwKJ^!%@AN~wW`cM!SK(|CuMUTF0eS|Q>OR%Dg<7Bj>ite=n*72pBb@9IoARM0@BRgE`$Zk<l(^~OcKZu#+ zR}b#P^R9AvlIHr~&sd4U16=re>L7`$NHCw0QJ;y4>Be9adXI76F6Wn2739048vL78 zgTiI*S9!_Sn5wb98%jlXRQDz`u#2-m{cefkjm`fw1%xPyq6Gf?^HgUT3Q~oD2 z7^9{YHC=nS-P>jcvgFwDK>WQE4ObZ|oGMmM&>rPm*R8x-sThi|?p$WD`zzrv&LbmI zQ)dh!fk;dWHd$HcL^&K98c(#c?O{J=PHpLh`Oi#s`zgKc=pge~W|^#% z7mYA}2HbeUw7G|nQ{rqS1R(ZYY!^ImPXe=FIQxkFl&TKFM`+&-@TE{G=juUjJy9vz9EE# zF9Sbzg*H<%LF6>P^0{F%^AI4Sa}jWZ0&7r^(D7Q`;5jE z6uIhkOpcDLPTI#>`2X5aU4c;KiiL@H+t$be) zI8*ekT;k`NxVHK4xx~Q}SbhPaZe^B{>FVJ$o3`+tlZlB5x#6sOi4ztxYrl|LJ+g1S z6vHc#Tr9*PJVstHSY#(Drla>5^ChB69EkAR zr7x@M^P7Y;<93N4kdPFJou zqEIgYaB#Gd4C)+Bk6nsd7|<<65? zq+Y3&VZ&;1@Vo$ZGlgm?t-8W+DpARy4Gj%VLMRv~>m493t>!7}zR7AcC30c2Hz@L_ z*7dw-4SQ<8H}!5}f@!Q#oB|H^S^B(NiqJLU9fgdjb9i0=1%R#w0jt+k8(J37upagn zPcR&fHbr^!Qk+BcP1seHWXK-hm@Y>{FL_9?RDAu z`>J@x+|k%D0-I{$ac_d@)4|#@MFU?VlkcV_0Qinvo*_6*n=x!zq$^-{DvUlYa^16fKtojgn=v+B>5zV zPgu9>{bKRbM?zDy&#mrxb+2F%NZ`M&gu{gS*E!V_@JG%`_zZ>e*)in2r@K!r4A#SiX(biCHck5>5yOyCb`rN7He=UEk+OWuW>T8LhZ~14$rUqdmolyY zA7^g?6jz&VfhHsb0!e^i!QCymOQ3P5ad!>w4j}}0_uvk}9fG?zZo%E%-{H?cQ*$RX z_rCY4QeEAr1KphSo&D{-_S$RBH(ByZK3>4gwwN_YW$|jYpr56FNXvX_czX6-hiGXk zAqYl=t|J`CT5Pd`3TExLbVvL)Z0mCku@MvjLj}O8(IyXuk`KeVzXr@aQii)vJR?7UC zyJ&-nV?8EowJ#?sIp1fWRdEa`vvE8hN(`u1PJ0{l!^ z|JpDL#?V@0DI-@Tg2)hG??C0TnaMAW$iE7$VV$>kl|(Er{{d%nEHgcKL%q!}D*uB+N_ z4b0e*I_eskiMM}ylYzwlGRNGF$7Wh)XDOFeWzP7kM7mCT0X#f5YsrIOb&*QPkw*tk`(m9EZapiEmh%+u8H|xw4q%dz(a##et=b_reMg7PLl%(m5GaafidP z1VFtSvc~}yi2;$b(eG{x+@Tv5hu}TuohsCiJ(eJ#$LY; zN6O6d3cQuNw}YCQC4uc>)6K3{wpn@PiPU@Kwk*+4!z?3~egO25Fpfj}GnZVY;d+%j zCJF>?OEOwOvuhBckmwf)*Xuh~yJJz~=&tL128N~44ZdHA=Zyql5ST=8EQflA-QDwL zPZfdF4^Avqt&V3YRuR>5=MltN@l2C?4>iR*VM}YgR1v6LZd6lpwmf|qkjY(M8<`p5 za5%07q{>%VipAgUAE}XbCv|Na*Qu07r5QaZFgO`gfABd@CNHgzvDw=f?|jQJ4&`&^ za|^(I~u`?rCuXi|;*bbkBx}fSXN}PZhgotJs#` z`~NNedHtLd=gWL2()!Q_>f2jZ;`hChuCe_pg2z_imC`Fe{nkcxyscb{Bc*ErHaqX? zSy1Ofk#Ug7I1N+GSPqKycT-_z-M(DHrc0zpRjg~8&r=Y8=|YXpO<-F`+Y zYo1b^VGv}I+J(uWgqF6_rkCGzwl;#pFh&eDA5^9b$pI_P>>owwk!CW7VqD`&BI$~T zj<6lv%Z{augQXKMe5q|aI?wruyY#S}RpT^p-!FJld0cZ+H~Jz3XvlIuZiZbK#4GX!>T5&{ zHD%X^abE7xWCjcYx`YuzO(~-ETVIwuGo|+Dwk2Bhrf``FiQqp9zriWW$>*tbL=VBf z^+o~Hsy9ZzIzKeC`JD2JacgaCo$91{Wt&X$ssn$WW6IChPh5vMP9=})bLEE7tF(&s z!BxS+SlaZlY%x>H$g93D;{aJ+luioIk`m7JD>*{ ztQGk5dtXD>i(BY_fg}IKF-7phbz6x&No$p|dRYv!lZ!*(NHzATw}u(&b$juVG;ECS z*zSHl*2BHl6~&!X0VL@QzP@mGqL3GggghIFl>RqozRJyZIRzer~iN z7ikR-S2*nJ2!rxKyIyt;#+;t6Z8^_Ltq8Nl01v9JtQ6~zNq>w;QrDdf%-@-`O2o6E zSPM-KVJ-JtZW`5kbqjAnr@Ni;iUtXqlyQH=5a=jCbf2IDY5h!40vaCWJ8IBFB+smt zvfWInV=1xV7cfZ7OprSNtW=}oTX1p@|4(!ex(R3Y`mFcop;H5+Bc(6#7k$=GupJ`c&3n|l3 zOL0Mi+%o}$Dm`zyCBNAz?-snPMU^HCAM9Hop-fQySZ8?ustz5EJMsPUiTeVe7Edtg zE~cqj2MTm@t+!b(xZxfq)I>AEL(`Q-`$T3C@g*IYx3U8t(B1O@ABK!%v%90ze=6YW z@LrgUdFmiwE52~DB=ccqGx}ke88=hD_q|Qtvq!!a*j#EZzo&ZfXM@;JB9`PnmBy^E z)3ccG?`n_{T+M8d^TqEd?zyyd@_M*_Tx@lIs@dpKzvPiXDO$9Dhr2(n!%KdiRz$pJ4Re-)k`;kq>Tsn7=w$8Q7@iUti#6LkxrCjGNy33ntK_qopQtsja0C=*9U4wC z(t}OQbNAaVe~hZ`0=c?KiS!{|4m8sbjG?9lo`-_3mqwhB@_iADcw7&}XD_L4VPIei z+cg^P5(*UZi&Bkp+WM7BjXV1$Y((8%E|@4#*0=$@x4d=i{;ShvH%7%)81G}G`6`)* zP|{S1Sd>WCD1BGyYw3=upYhhj3-m<7{<|0g56>Suw%459KjXQdP^55retJ-cpw(hx z!Pr0L@<+7Dd3wjm*gZYNDi7cYCvn8@&T85y5f$UkHlclj))AUQa|YRNzZ6f&D!ja& zVRR~AH}$pfCb3!?*3+r}?~99p`DtbC;L@G?}0lP5Nifq`=%`?G~~_YICl<%CORP8RElRZO}AFug*(+u7XQ^C1_7@~wVo zTU9?s0z!NPu-}eETXSfE9Ufa>B%X9mRhsOwfN4p0H8hwb!p?A_&me+9s3d6Fn2cy~ z>-}af8eKQ!_Pd}CiO!1yUi=J;=5Sfox}nL*P>0Ukn~lmIYQrRj01$JqV43BK~w`z27E5bb%9_xy)svfPv<+44KSCn^(X(+vjMs#%MUT|B$GJ z*WvDEOre~{5=nn@zpI2l?#yhBdCH#s>E%yWEjKCYG@hs>qZ-R40yJ5d^}d)b<#&Yq z1`&jU#KL6A8Pj*pr=y{gyV=I^ExEuX=BLaq_vo!!Kp~b?3a3=nHAA-DulH=1x=6G9 z4sVC5V?@DM8SQs-MmyPyF!l|p860YV+Ij_in)U``e$ZmWOQX;wYS-MPEoC@qiuiL zWtt3;>Bx^^*I+NbJT1);PfuPc_0;Fp%gI6*iX*G(?eU$L4v5zO{03}~y>Ho6OBy(s zz^X-o$vyON@3=G3R2W=o0wD;YeB^YL3XOh$tSc7#J>}*WFnZ_}YZ^GU=5Vgg0`{ck zx;m4uWq0YQORKY8U;6K^PfV4v^Y*rk$?GLX`Ap^m*vq`ai*rOSH3#N61sOkfN33kZ z!bh=da0O{ZzL&7UBPri&A;j5*M=EAf8cOCk8@#tjMisDX;UhS3ojOG?@-Ga*5s@>eYtC~GJ<$CnP7ZC%T0GyEh(P&;H z+{a~yFJ2jH9%_kl9p2Fc%k!EC3iyQ5iBSG7f7OECHIdJRVUtg0Ue3Dy@`1nU`C%(Q!`l-1ACQ(N@2|69AbOW~(4ft@F)Nu*mGF6%-ZdNJqg5Z99;JM{+{K zG2>YasY5q$(5!gLJynM{HJjdQUJ@=Tp^av(mFUevy}J_Vout+=`VwPu;O$i}7@z>& z>j$An^?TiGXlUr`%No+3PA%ot)GjHX8J18W(c|$t3jy#MffACzMEsN3djx=?A;X_W zn-%UC&il>US65f>Y!BeI3+Bs)=y}`(mVt-KE4CZ!|jHxWV2k=DU*+@#6}m`rZ@IzW`Ab`V}4#fRU`^0Ht9rR zP-8|=!HJYm=_{XzLZb&;;Mpkp_>2u1-J@C$f^?NNN9*RBF+c~3R(uVX@ z&IdfE$OGTb_dzcu-MM;n zMOiH9ma_sBdsjsF&*tY-6$V%tLNitvgV1ftvJQht{7IY<28ggt>MQ!zJ2-xqjAP-? za@*`}Y@&&}I)zuj-!>6QW`eVO+{t;0^jGs-$4Na4h+@}ng5pY#2nLJfMMHW*z|yvq z8hTwwCk|b?d6O0h@Cdn_j!a)V5xRmi0Nd|v|JE-ZFv#e%8e<2#4t0j-rekrPv0WXB z^F0xSD%$bbt4()R#sPbBdD_os%Prm(t29Hl%=*7E?~ItSewOdwmesb-e@`<$bt&i~ zq4SY6*LlO=_cL`)68$Z!&sNy0luAmtwc*lK9Bv1GnqBnNTb^8?0nuxUj{HUap2uxy zmrA8E{&T(CxoL)3f03@J=3Ot?XbtyD{M__)1olLqK8jSzgS1NpUxH^>yq>vgbvUo| zbR1FhVzcd3vIWJ7^U;w`29!ytRd1K9sLt;@mx5@d%*o-VPF5E4AS#J;l3WB@eel*j zynKeCL`h#i%PD@d%FWl;*Jz$!V&HCmD$aD$5`z?bshwUdX);+k2~_m%cUPONVd;BjqGQwpq_$s zLd?&2dc7Vss`3`X#75^+LqiRQN$9_`yuYK%U(vjmG<^AsC_;qCEGFHKL$zx`KlP5jHR)X3k{j9P2%g>T(1Iu&vhU*XPe7Y5HqWW=yN{wEphr1Tp<=sH zu$>kohW26TTCds0^x}A9f6lbBg@@bqLx_6*8^uZyqylhZ4wpua2hnw>aJKyH_(>0v zKjqC;4?$Q8o5_!*%4BiZBAzCfyj(`lBynU?=@_J7h*%TUk`J|}c7F_2E~W9^L3i5r z!;5y247U`Ilv_UzF#xfK*vLV1a;i~kN)W{-*Zi`?SRYr$LzCrlzLCh?22?954}Z3- zxE>Wqxw|BTK%nqQeoare#mAdLHGO;8!?rbz+8@n9L+nBM=Pie*FwKu1$@JjV`ntOC z+}zx;=&gv%Z&FuRMBD9cTdxLHb5xJCspZg0!+bvkDikPxq9_nvcZsG_lM-T6z>@i0 z&&s@Z61?h#%p~)u-73VmZ8xdw$b%qD^)>-RX)SyaVHR>qQ+zusn4r$Kw4E!nONG8v zS??XLc`fG!w8Jolq``zsGUqr7I<4^>�MLVZV2H*=DRvZApUtis2`GD0C3TMn75V zVnW(nhXKyZgHZtOT`Qjqf<0<&CFpxU;eV>0{>axghWaSN>w$25mT+)OWB&~0DILX+ zLb5`Ouwm~b21O<8wP~~e>ze!h+(Zn&9XhHg23zr`)B)?cPlH7H#0;_LG^{>Df7IdH!w62Qtshk3u4$+NW0BR)fe3Y#IE8v|zJgbP~Yy z+mtM&ps7YY6mdLwZ+(B|ohW}cQ+JklsTK)D{{pYSPunx^8n2%%!l5!j4mkPXu*FK} zIR}iY5MO=lx7IVfg?SE{IXkpeyRZF}`FguXkr8mX#i*}zy-7Sr3bIHy{5^Sx6D7q! z)rC`~V4y8CfnYe%3RdZfVI+HtJFOMkwret-fqJa|Ir%0mbKnev36#3)S%$g|4H(`T zoWF?}bAD{~%$^Rq9egw+XnI_Bx~DZvv)wV2iW{s3ltJhxAGc;sH&2p%RgiPtq$)Ou zwYd5Sr8*N?O^Q%LaA|00OhmY_nsJl+IJt{KZcLp(*^cN*eoq>l$yRbJe7ej&+}+jz zr(ibrir{3mN3@wvvj<%mZ{1A2R$fK5*|bU>Q&=R0X&G6?kjEaAIa7o1eg1psozYb? zCbzQ>sz0pC&M;`l#?YyDX!qAyvJUFpXE+?U!u7?Z zLXYHY^;Kr8_2PoR_pOLNcyKsv0Wyh8%Bc9#NnGqI+YGnoJE98>cCowK9zbU&^B9>o zGboN${5iGOrYj-pU7|e}G3$1GPaN=O-ysZI_Q~$1N{d`sIVyy_iYAfyNnCF$_~*)K z6QGyCfkt?GiT>tkv*hE8;|rDiGCUgV0%u;S!v1nWX9dO32n`bt$S42(^iPeBfx?PW*n$=!RqH9Bd-iXO|)Qa@0MTu0}uefsh8IVeLN3V z*v#X|8&8s1_J@nYM2c(VVPpt+S@rg&NV$QA$Am%eu48b!R!BO9-e3`e(&qF*5~($c zKBQvc3}G`fvla4?WV9qfWolgJDcuZY&ktX_AI{^_@*D&PRiB);?!*QvFZBn)ct;ev zei?fP@{Puq%5}HVHnUK}-hp8s0i)6EC#UylLEOHDCIgt zYJfS(q<`i^5ccMUG+fVPZr7ULVY3kS*3G0V1Q{|puXGb~Y+s(>ZY?@`je1C8F{7;X zg@sg;DE4N|l;%pN59fFgEWB!ArKES9x!5^3Q>g8pqGFCkS%OEW&2I;^HbXfo&5MyG zC#S-E{SmUH6UMUTmpb6?njo&fw4-RB2pND@Zv1D~$)8Kownq2-2K~{1j7xJgEw#Qv zM^V>}RZ5e4n}Cj6iQCe_f@k=Z!N8U30RNsKEkuRHMz+#Wt$|Wh_LHQjpyfus^ zdC!Yze=_oX1%??8l~Tk6Rg|HLr3ayRZ>cH;3JQu`jYYZwuki!d_q40WfDLYw{P&&q zvFNzCp9beDLv~IcxfB&w5PU5Yjs-~Xo}sr$Z(hb$SHDIAEtMDRa^fFNBFTWF zk~7o-a*DDxQ|a|yp#}{bA5EHLWBpl^IFZ2;b20^JxQT$&sNj!b2G{7z8AiSRW)x-; zZqR;^fCbQyC~7@vm%lUW=t-N+Dvif9CI?%#3*DuZd45u(Z13wpiBF16hCpV|{g}I@ z=Zvz$kSBUdm}T$06m`YLsn}(Cj0P9adZ#CY?LKa>+*@L6U-yfEvYeX+T|U>#jFbNabvMCdER7r!-Ux-?N#R=++AJlVIb; zVmN`Q(Cw?6E(EQW=A(b`mL8Uyr z_Vd7dz%JZ#?MHg0$)H%~sx4<}zT>5ZdbGpt1&*`+a#@W?VJfD0AYG6;su|Ft@D>U8 zB@cY^{H93cI=R#pEvB!+xps|cLEue0Gl{&cci_z)m@++cZC|@&^n8pj2gHT?%^WUw zNB|k|uc1kLcibgl49_+_3*^hz0)rsIdUK^0=x7EN$M&P4iUz;@{~klA7fG$`YvXh- zjqj_ZEGe3CpPY-%;!aiAsuoz35KM+n-eonPbYA+&Uj=Y!dPFu7OvEav;`#V&1=f9%P%^EliF{Mb-$beLIC_M>0cNe%){?5 z@-?&}lZsF;HG!||0}$^%e=kdyUN`BA+URlG6ZfARfGR8Ck|IhgSZ8#7i%&@z2?*Gv z=swRc>t$PamzS^nTwYOud}-w1b8Pg$636ps%He)83RCcXa$4C$p?irDJ3FXFc)U-u znmF?K1ITx5hPVa zk|(n&5&I1|}I zZ3!d3qNK=7rv`6I2a5doce~vw4%TXx9Rb1dTI`^iJrTP_B0;G{JtuLjI8`u#0?Ckr zZ91sOT2y#Me7lYDi=fz4VxmVfLjw5Te6~Ksa3Gb4$0^kWvFao9YSMVz;kKJI7|oor zsT3@?yMl0Vxi?2wGt+2-Y+IdVnilQWLd6-uMI=0Tl%`q5u%J|8x!#GrfoL=5KE^?yufw$acQAF?gH7K(&g=36Kp(wjYPa zntdL}02iGscwTDROjYKcnPTxsgn?=Qys*YYAORe^z-iceXou;z?~kDoz?rLJuGch| zy89^#piIFugWnGxd|>P(J}%$0nnOf*_}UTp_huWExUNtMIwJwi%%O!!mj##O<_T30 zR7l1wvsob1PWL){i<0U5_vY4VvCb#n79@f3q%z`&@zR?HZR%jYDK6CCSu?P5|MT4s zsVAk+5Rs(=!mlznT~p>h{@V2>{Vahf+mP!|^vy#rZqJd-O493v0fPxe>lQ)bZvUqJ z$a4UX$`llj>xE584&<(z(!jxnMttV|hTuCW5rQU3$nE$|9Zmx7k8(a-=w)Q7ghXZl z{hPm`;@`0+i{$yk$3(D1g|-dAc!6kUZCOz99Qh^)du1{J@STLvvpzVayn#7|$%}fA z)12U|-iE7VS~b!EqB(D-jU}b=%bI@-EhpbXT96% z$@B_VQ-?D&jF?>tit9_IF5g^Qzgx_c*p8Ho2ka+#ne0aRe3nR(OKz9ih4ot^I~`v? z$_W{1HQS&{0>qt}YV&qgig^8HwFcUSZD66iav##FC0`0-Hiv}A(%py)`}fM00{mO5 zTQ{HqGxMbvNPA>5H;UJMUfv)-I392TKyaE<G4ErQj%C@n1}n; zb}#uC8pe3ph(Wm)gD2TcCOhahX~}Z;Ys)^QczubNQ%g*itxGm}QGV~@N#fTk_kF&F z$>&V5pSZ8kfWjvVj0s~XL)^F6TB$-T>6#<4yq$7iz z8{eQwiOvSnFT4G_Pq!OYX8xI}Z49x`f@EH`o-^t>h5%xg0GW0WF)wO3 z#KS^fUYI(6Ai2Hu+qc`boB(Dxz`H0^%sz*A@rl|^d$BtKexNlP)jGsoSf5pCyjYsC z<+#=Uv<`C^Cb#Rb9RM5iEqp{ql?+!%hiXS7zCf{rxL=k(Ynu+YR$Gsrkhiv+-=8Q~ z;tn)F^mv?Ap21qi(?-uVEG`G#h6{{L$(#X)k%Sm=TpYm5t5VJiK#b;~PRl zN{<_1wT7?JMJz0dMGP1GGCkY*sNclW08c8p)obMhxx!VF z2w-vsbL~O@o_YHpyaewee*9&+XcdD_WwL*{yw6~X`M;}eN&zymWZgwXb|U)XmRSKr zB&bx0N3By>2`EwV#6Q~tHPo00VTEB}qCAYBeyg{muNShQ>_zR7yk#8N%8@eFC;9Vx z&u_KzEHFEtBYbl38q#*ympYy$2?m;Vsxny?p!o6?dy|_H-qPF}WlNBmQ^?s8 zQ>!$70J?ioXmnbi4&UPF9{uV7vM_zl%WJEFThmGrDFqx_IeohOU1?K_4f!tf(W3m| zj_GoDGWJ21h}b&EFbmTL21lE)Il9Cxy6>ZN&hXsE9H2 zArfx7vjqex?CoRB=UdEo6(N=OoX$hCXu@x>beT>_f`q|(&?lR@;zm-v(erPUYNFMh z9}GMn^V@S3`Zt)&Z)$8PLz6A2tF8m0auuGN3?FFN-z2H7maUROasaLsV9B_fzv%;W zhHNrK_r6q?-otCvCyb0d_iPH!7C?EkzYx_s?k$3a=+{N!+CeB_G>a0|YUTRiv?~l6 zg#t)&!#zm|NhRK5Cs&nML+STr5Kzx4-Au2-B>Nrs5*4U@n`CV zI9$R9Y7$wor-lwgB?vHjE%eu!CCyuZxQ zrRJGnY5qnXslQrf#UyI3_h>*U$$@n!%IjNQUFtBy!;?X#)!(N(eA6|G2h0IX>_p`b zBj!>Wt@fk?8?wS&Z8(vu!_D@bC8YkvBd%P(`iPVUE|%V1;+EY{U@DR?7XQ0HDUu0; zxH>KM`+rZU_dwv>?A$joKTY;CPR zyU{+R;W#7b!%2gV-nG0D{j_fWD09-gE%6qP*uPu8TSAeIc8t1WI-=M!P1E$H2+w9- z7&d!&2w3iL!BZx-s)fmHOqqM3Ok9b)hrdZOsiyBD6lXR9NYx7H(9eADkqB4TcBdZf zE*IUA1Z9ztn26cF>SpNK-DIzQ?R1=+tnamHYbVXIL5NgHj=h}@h?*UIGJ6C7wcMgr zl)apbtZ~s~uFLZn1+I;$rTg%#aQpE|^BqK-x!pjLm{*|(y|Q96Y%AmdCiZIq|JmqT zgLO)o_}_WwKLe7J+Uu={m}Bz=l8gV;Hh3zW!q;Kt3sqxMxm`;t4#sn(cazC3v+^2V ztlO4lRt)=?9A_H=j4ZQ)sNtB&rK3y{B*-}qT5}5LtjSOIKV16>g?%W2I|@x>%g%8>7_ADL z6{dKyfmhq0Sa~<= zm(LNMIA3o)7D2+|ZygRW8~(&bdUk-B+kqV=#9f#_dbxjv@S1q9xHt>>_R8skrWlfm zfmN~W3eK@snCF%1SzEMghSJWy;bUELtg~9G196&q#=@9u>^m$bsax`Z({Hx8Qi+^k z+DSoLF#k+T8j1vu$4M|P+;i-pbLF#gK)!fe3DWQ}hDJkdza2WY!8PrHFvOAHP8i3J ziHF^8jT~UVaw}vCz4p$fSlx<2rMl`tftW<_&qKI2CIOiWQG!*vmIonD$3vuTNZJ$Y zo}7|0Ft%8k!p{WQ0WeX=ldZ+$C`AG8Zf@v;YyLr+RD#eGtBq6gZpo=HYEImITq@t3 zl0Sck8qT}5bvBnAs0SN6Uw-Mlyqzx7+ny{|+o4TKPBz{cNRTgzC*3KU_4=(-@%y&^ z$D=+26rzM-IsBLPzw7LOyz$SMjTlfC)%?V9{RtMgexj{wNeRsRhBIYm(&aE}b%w>E z+L17MYPqo-LjZuCt$hNxLz&KQ0uV|ma!e#x2LYRfA65J&nof9CC@f2NaWR@m*x|&= zF}G}$Hy!o(i@5y}3Yv0qK27Z2bP3Hl8Wb-Y;zm!bhLF!^NO@IaA{WUx&V9>;GvoFfI!6re>V z8~~VCBio4g4B|ZXGI3^Ues(QJuuevla1-li8*Gwcug@c8aTOkw?qb5Xx&3!;b5vm3> z)Bv{ZxAGvKKmdU7d4;eg439>e1LRGkkYQ3d?^GeK9zE6~EotkR?pp-Byo{!@Oreoz zX);9N0tgE_y3zi)e2jD|N9Kjr(XAyU-<=c40SCTZrbf^BlSk%I6El6)?8;4Yu#s?~ z2CrrrxLZf?tBb}pJ6-caifzeeo6TyH2`zEy3KS}Y0&{GUD7qUQ4#>5-rINFNNw#oZ zFq+}eo%y@LyJJ@heg!$3Q}q@UBIcl>@ta^ccEwR!U$6nCQjB6b>dmxmQWz(*(%yWHrq1X6EcyRzjS zf(aRSE}Jd`CO(;*v^}?PSJuUKBa*9CU=>J&&GlC=0M7164$a(}bN9P_a)35cUgWk+ z?iXl{0&*`S7RG9{I*we4+*v&a=dOLAo?m5x++3VYP{sIqBwbts5v@|%zK961WAyY z+}2{FeNx6MIBpZ5HHQx8&z>J9$V&%52kMJ*Y~b`%%#*Z#`LpnlK=jfcd-*~BPj12Q zGpNr46)GjQlR-#GNRE%s$1Po8HA6>CfnLR}3Nmd(M=VJ-s&3n{-<==W(ok|-<9 zC*;f%IX%581HqJ3ibt}7w)d|PGE-bH`bg10<=^GzDu+wq3DTN@x$V%AX;`J9}M zg@FM{Lzz|BxUHF*x;pkfn_iAXOz%n7aLae`xY7@mfJw5~1M4!Q$|3au9a>5=h3m;4 z#xbshia;4!=t-~ckfHf(VcQ5GVV|(0TmAraVNfv93`Y*Omp=i_#=`Ty^ND7oE)S;E z)Z3c^o>^$LB8!D)a6{jBY#d~B89xB6^ez&3rrTR&Tl_=r-*?Ps-dV5tJ|-{`IsNu2M^nTt17BR*kc%XwXvP#mc~N@AjQ<5XyT@F`(c1bL7%^InqGP zHnO{3GI6}1YBy^nw$rEKaz7Vt!mMzV1m^ru{Q6`=(k2}H!>)h{kdztx}R49{>Ck6_W#;)w0DiKA$$?}1MXI2fquC@yJO_)5P zQt#ef?9}B$}zK4!@_r;!$rkN!4n0GpHO?&dwJJN+whbDDP=&dNqg~R+7gZ>Y$Qfd$m<2 zCcD{V(o6Ort+a=Mg)UA%`uftR?AY#A0I%pk7!ezbsZ3gIi84h~x7!)-3i{m8AXZ+Y zk%5Y0vmG!uvq5vE#-9D$-L)`7sA??uOH@=Q%C`$VhWR{J#?+H-5OW53>1pm^&N#p& z(bpGmCcAlqsar{>RNhh@L#L(4y?##RdS$bt@8c?M4+18f@xe%5$_!wQchrACntb>n zu=s8InBE;9|2)aRkEr4Az5qNhd%S|EL8wxvHNjB_-P2% zpV%oXIXR`LPc=#|DMjU|AU-qGM=n~Jtk`b%;=;icOIT&T!kv-1$TFTX2|810C^dF> z;~fC4k0TvW=#|5sO}92NIZo2;)Xw^9c|HKS9%oYJ=DLG8yts{{V_eCNUame}Uov2y zm`;}?AtyCKBzyy@86y!d*d9CGIL^SFDA;a@w=YT2RcmQKBJkNddRQQ=H^fcJ*<0b6 zZZL;;=h+6Qxa>#er%7fBo_dmri!bmpqtmHIE7Gdu?Nj!b(AM)CynuP?6X?T1A&MIY z_InBb8AGyO0G)|STXl}$Ac8+5^lyMD691>{LuIjj{|1mxC5dYH#}<#B5;~75z#}la zW)Bt1Y$2b#bESsaUMjWRdDY+6^u)yWO-l=Q>Op#AyFQRm(%^h?#}54pI-)9uxvrru zBG>4o^b#mx&IT^oXJ$-633W}41A$`+Kz-&>s@XznMnGwAYfr*jM&{mNdx@)1qM)Sc z33LjcT3|O%%!b*|sdVHbL@3oYHDm|`u*_s)Cd$fe+%9+VD;>NnMr1~P2}BLbt}CL! zwRl>rR8-;wB30<_Ht|iGPx=%3Z-7k++~xioRX@^xwm6j?Oyu&^ApO^Wd@jf$ccm)Z z+?-wiIhTGyM3@M}gW5zg*8?+q^2k%<`%IX8If9MkzpHx0!5OK>B8{M1~t`K~<8Twk9UXnBBEs~5*#Fs3umg{&qCMbG9;4$vIo zo5X)sraxILrA+cazZ~#I`TCx=1{;U1*MEemzgSrK;jdw*XJ=&fK`+-)zVu>Sr=uW# z5WyBbl#Gu&xt1L8Wnbim0%p!kX3s3wyOLN$x{&3>DyR97jP*8`{>^M&986Jq{p3`jJga#Ky+znu;gJ|7bQzU2ne| zI~#=u7td}>ib|y@Q7rJEWD?3bfZDy{2DRhnKd9nQ&<;K8W!qs1Jp?B~T4#KEwG4P*Ok>wX4&A0r*u<_3l{@) zUsZHvAAf2)haGXh__O|d`a<5UqTe+dsx56e2L2nG^LHGAh9wsNh=GX0zci=`8l|Tf zs_B9fYf*YGG&fMJKS~m&r<0JV9J4VL%f$=B$yw#2^iH}eIg(%73f6qVHX6$3i?Q+H zJAD(A{C9emMpXTPg2LL`+V@E#W$&rwEqv&x1B)R;VWVH??f-3+{U68i84*QdwQV|Y za0-;m`4d(k^@UU2Ytp$I*0T zBMKH4#Y#1qR=2u**9KCClMDwxVQF`h%NDY&PH|5-cmy(l*abLZAlREu{QMcW$!&G^ zrs*AQw1Cyu?hIcz89%i1-myNpl7#N%t%Nws`E>ARiHx0HrLiTSApB-#l^TNo*$f&a z-{1w1DaUTNJEzU(YK(K7@n;b))t)}{{pQ<$yr7|xr`P{Y9^aDI`QgMKf1k@r!e%*e zWaOi2vqzji0|wP(gjV^l`#nyZ#B$eKaDP{o9U(_KtaVcS;ayA;3Mwi|_nO^IRl(H< zt6-GwWINqsTYVhU8zlh!Ry zF=WQpU-KG9PC}wcWXW8bdzO`~;R>?CF~s&iu>F6#{{PEM?>G3`&DwI*Lxeo<3E^)p z?p)<^LZm(qK58@yd4D2^o}$W4*FNc^sdw1r0fxCTVegekE^k+uJ68D38wg(pr#&*I z@n9|{*%)4iOOib_NC1MU;|@{lfD*XODu;r6D{&aRY(p0@Uqx^oOz#G98qM}QBLhmJ(|m5GLqo~=IpW$kjd2Yr4xE7mY;e7%w4 zw{t#*CSkGU7<_@pT|Dkrx@`%sv6KjgcXhF;e42s zf+^TPI3uLtU7ri58rIHi4t)sbNDSsgzF76jJU{4*{O5<0kOJkg_Jx=m2NRO+VukER zlrIIl0a}cgtMphCC4`%_@l)bL)AD0RW?{v9j3WLd>>P#_H_XQKBdPK&h9t}!Yd8Ba z`t4#a9sI(_1>&+0-XOP75V4R_g|hg%0hKb1d_(e)H~_yjMrr& zuJ4DNq_Dp|$K&saU|QMH$~`w8__kqdFMGEm;=^G8 z(};7U4XkWtu}A`r&|6bQMX(_Hz@{J#CPaqJ{c4SUq4`!O)fI4mX}`6TpM!%XAkJMi zTxD7bv}PI{^{JOF*-I5eh4%ZJZ=eT#aJqb?X^MwNZiCVngXJi$DJ-q=eM48nJQ0#! z$a**`Sw<=xA=OYN(qL{vyuhAYqZmByA>7^3GrsuOrmQQ5>`urw_+UoD?Y1J0?HlEr z0Ehvba-uuY==u7CBf{$&>H__f%+^vZ=bgU`^+UF!dtO(}Rv-GGY3uBM9et7YGn&e! z(o#&5y*z(^?6uZ^T$}&*LHrl5<8gH4RP+FSVUry{fjqloLa`W>o%@eQuW@*sHH*c~ z)4~1U3Y6tA3Jr)teuQ_rB&TvvQYHer&ibdz;LYuaOryZUq2r@oc)1TfU%EU9%d^ph($M*kLJMiCAEk0F5k!tNoGJCrpxz86=$GeGcWtX9x*Ep0RH6~Lnb`O1$&Z&uX z)JLaQj`SbeBta=_=t)&EB!J~`-b!ou$j2M=Wz!pn3qlU(gFq>*^r&b>P|-x|qEzl6 zBp{MuPQIbc#Zjr9xk6;TLEG)d+<>5qgG@Fz>%K%Lr&d-vb&irJ#Yx7>-#aYRA1Yr@ zmqu*IGR1{anr(qqZ(V7$?fQ*twvAi+bJ>3or2mgS_;*(IFOL*t;e@SO3>ps7teB&v zjP_=8pb*VkgG++I5J?e|;w#cis|MvmVbvass}=!uEw7p7p=_$d~2) z?%iufD@(-|4)@b-@}04qvS5$icg-H9Ci|239L=RKpbShcQu>&<=&PlrBJPg@j^&qo z6B4_1Tz7VjfLy~W50TvTYr=-mC=-W_4OM5olZ76juqN|=4AB4Ao9eH0F=IdB5RkkJ z4Go|-27^2t@wi4!R$+mRabY}voM+hs*m+AdNc#PxlA}hc*xv%T8?@bQU5Tpi7}I$> zK}Q7L4Ahq|>$0LogM@uaj<|jGXIC}{<;#hH$Z`%GoVW`*Q~ab@78+|eFvMd-tFGW1 zF?&Ch+)_|3JCqL1`)^v5 zEYe4Q9D!=;mHdz9)sypGvKht>fwJh)=uqm{=b{I;(8qyzj9~X+S`@LQa(%6GgSc=K zBnq*6HPPyD;*1nf`B!QJwOHzzDmwm|82*da4-cD;hN(seO}0iGLmzyvlc&r!c>0~I zFKrLa?OHA!_0PXq?%54ttB^<^VB74RVO(qXVVfv7l%r6|{VWM$5->>%3&edtkD+*r z3--3Dc#UZ)V>=HS&RV^HJ9v#=c8`F=PI?+w5)rGKGNwM9U8&*v7`}ZPE7~tqwdb|s zihvzm7G*f6@hai}VedV|np(Ft&}G9KEQkmQhzdv%lqwy?LPzNxl-@f50z^bXK>_JC zh;%T7-U5k;NGJ5r15!du0t6Bulsnz~?6q9$>~+pQ_vd}?A08lc5;DK>jc<&1yyG2( z$#X7Is7t0F@dbp6+E7{A!9|c{VGg=Ig@q2T4S%VYQrkmemb3}?vL93Pu!>+m1=+*O zw_or)TQS#_uI*ukamW+GBi>Cf=6vz4?X2a9W0R(~k8>5}xTo_`qQ`=8*R^eg>e9k& zaVM_6`0eoDe$g-aLX?GA5q3Z^-vb`$<>}pOgUK3yvPF82i5u?Esf?fx&XOgkcxfY( zT{)_%fY@q|!hXP87xY#{&N`+y>jJYMFkcKVaP0I0XwX9K^xIe->**g{7cO3O!l+}@ zrNMd?A0sG2y6cbHlCOv1xesX~a5c(4#8Ixy%x6BSWc>9mTPSCYw7v$fX<_#E86ikL zO$tK!+(`>~w&C*>p92U1#dHS@Esdp-qlBBCT#%cWc)e%dqfB?Zj{`$Hfj;G!*zZd6 z)t@1nw>*ipKUPQ!Ps!Vbi+OttOXR`2%}>;gFTwIRmhQ*-(OV^^s>H`gRXVEVzGGHj zi?5-6l}wt91rUB^fDOOmzTumvkscEr{bcMRb~&&+Rywi47Ep}z5}!MN=;%3x-~RC> z_~^02^lD3HFV)X!9SQBn-`YfK?;Y2SfH;nNv#b{xZVR%m_pi>rS|oFM=DHbsKRNIP zMzTgFpHArb%IHXt*V9OkWDhrv>dmz`WmOs|OgK)@E_|sA!Pq&M z2>P2gcUs`i-PUb|Aj;XLwf^~$Ok~K*z8b{<4tYa4<>0mmrd{)h}8 z-kDxT!Od5qt4V?aJ7;~-j)N!n{ znW-*YOU>w%AHP3W(;~aNf)V|D69a5dVd>m(jeUg75E)8&&V)(5K3A6bp88eu@q^Yc zoQiXMXXQ4=@Y`~MbCsMS+5I5|^`72?1?RA+D<6i~*gdMD1z68@G!Hu%pZ->Ue^;A* zv9~{YlQvvQR$Sl8nmByQ-k)gkW41upd*=-1p;& zFG&74upTlBhL_KW;$9q%4IW(xT#$B)UKwp@VMmyyL#+D3ED5&Xh$oZYqUrZ;MIDfs zkxC@EYre;jt!IvBH4&ETt3HNrO1Ew%8`VpF>(mj&nio7jMmAh9M3C39)W|WHc&r(- zz>bpQKaJ(5#a!h)ba3!#wfr^RRaai!uXMEC&j|s39__KFMyZ7%wG)GY)o54NvrhG2 zO%L4&PqMJ69doVP>)Ts{klM6+Io03;`GW$osd_E%s*^3Azd32QQzh+s z%el}cH}R(Sbl*wUrAoV!5}P^chPoo{9FOYSj$M#FyF<6w`y!sc0&mL#IBb4vbfEvF zYN0(k52;l3xmTBGf^GSM41W0xIbGa&s@4$GV>@XgIlHDo9a}A6e?$s~#llR1++iGl zUyFjEWpe&c4(No*#NkZ#*AI3Bi|0*%&(9*}y2zL?Q26p}6+|KYqTsAotSyB4!7PwA zhGCg_&CcLBR7_4{*!FGbxiD?}4O!7RnGrFeQs{yG7$K|Rg71rCGMGl{Bt4tlH4THZy(4hKo|ixxhF+GM)zSm`a7Si*e*w^Udvc@< zh0h5LAdO&gK|Ga95^*20aDD3bzj)nm{L$Z!UfxSoc?V`FZTx1L>;H*vR@5M=qM`N#=Dxi0Of>}k9TB6=bwC(#{z{+9 z{JZHGF;#Bp#JDwd*SnP-4{t<`*OrYrL=)R@XxyAEat*X9k`pg7H|0yXbsbHZbUiqf z)#S(|=$8I?_71TdU~O{&J+$$+$x+_}{5-jau_H!NwT_rW+THTs=(s)coj%IgsTHag zyZ6>wdG2UV0t$_C3zA6k=cQR0|LzR`%Pkgr2VKT5{yrM6qguV5}ZN zx{iE$zB4X-uA`PLmB|4XZ$Q7_-Nc&PoLC?brJ#XOT&-&Rq-isSS$xZSv9BO2eTcId zIp@Wjzx{p6+)BTnT6h;TdBlkTVQtrxcl8#p z#{O`e@}q}QDL{RBcE73=OWEn+?3>?Dh?xZX^eaeeTwNwMNu&Vm93y7Wck*-|g1q2o z=Iw}$X=C_at1Cn$;DlToB);>zE$ftcRpEa*VGd~qzu;H%cga>XVQSBK9L~ghbz8kv zD6=HnC9m-wp-4VBl*?NhWI1W@xnx3v-{3pe!v^!5cCkG}qPHZQI8!$+>3r~fKEP{X zCC-86(tuv)QMyf|h#MCY22d=k11~bA9%0`P-%Kth6|9K2vJ_I_2+W&4Rou_+*sXLtjY+6QdH3b(+1@9f>H}CwH z*+fQ-=7fQGBWA6p7*rS8Y^#`@hDo}UCC!o{C=@M^ zJ`?Eo!rOD_eE^wo7jxd0E$WxOdV~M=N!I`IJo_0?x$zzbdTiZ__`oLnp8M#}nh?atMF|G<=!%P0ynEBQA4g>1=e_H6@_wpYn+LSrda8+O!q!Soe zitI-**!Sl$vW1VB_fMzD!=wg_3-zh&ZE2F_0}VX>=07nN=O|6zr>sV82513P%k!iHC)|E2vUu-^bA6#g9sh-- z%i_;psU?XTeh<3axW90F47%%gJNQ<;zWr30!<@?G>EvHd=`T^g1uM(nR5qQB`-p{p z?)~4M!BzL*!^hT<>4IinJbN1BPd>deE#_=ZM_MYr!tJew7>|@FXN6X2Ca1c_#7I1# zX2^IO#qd9H*dl6Z6P}JGxS~F66|#)dukH3t;oL;VYhZ}}GMla+YIRW>$CTJ&>Ys0W z`1k>Q&xuXd=Y_U)r(jg*e89o8A>f7daUsO}eNYcc-e)o<9FyVJxt$SEs>mF~OoXG+Pcw z*N(Zc6sXL9^0Ax3EWk9T#7^;7+bbNX+GfDJDJZKNzkocL0$-rAbvN$gFWyEucZG<{up^{jiImB^0>XX z`Dt*nNNg#))pV(f#Er#%NhJN&9WEz86it9IS`nkn?JMQc7pul(W>h0vi60**2C2#h7 z{#V;*JA8b9OVI^YP=Oik= zN~v(V#WH?nbAGI^YH;ta?*=SfYlZFYFi}LkV9vpzQ;TA}fUgh9auIzI4*? zLy{Oy#GZ3e$0W0e-nDDp->Rj$*Q0ney{X1Hox(HXueH5=moWIwI79+;db9ttd)D2t z3~5$gd^gN9k%`aX2>>fI5d}pVfbD{@-p{q|-tNTxIGUJ~t*)V6>OSj;7@dIwsiwog zd)5n^^@$kjB0s*n*$n!UC*?lBK76|!q^5_^<7yk^)m{)C2K~O)Uv#gYqv>W8O<74k z{2xz1U(1f?Zh7E zrOQLjV2gue^c}K}6x;Q${Ric`yy=@e3y}S8Dfk<|0`YEC+E4zj(hP*PbsWQVH=>^1 zJ89$89Pt83$3eF<&wSyQ;&D*LJ#9=ROZL0)x^uQ~*0ze9J&n`5_wTB_L<~PiY<1U@2 z-!B&R3p^3cca&Q*T@b*DDw>R>nM|^uaPoSR)rD)I<^_6rC{r1)trH^^))Bj;w=K>+ zE_mX^x(PzgrSdVzKs?{Lg)&j=SS?^sF{~kxZ>|pvGG1C44IIcsirp@7-hcVpJ+u-g zy2(&WtgH9n;3PM>(v;q%>V@rD|pi<9czLPhMo-HOw=xhRf ztZJ-_RI?}EW_KT&k?IMK9E7Xl@8WaQIS73Z{be>Q2-QI|j|yxHP5s63yO^}Ma2PX; z)8rHrpKqHutfki;H+n+lYo!h?%JWH?~@8p=-DL>e0}z( zC(8V^{YYI;6F1cBX2(zOUCP})oaLu^f_^Kov36+oie~j7;gjHlxBEw=dZ^d%N%~8c zR}qyr$?_i8u4Bejx2kd4u|MYhV4R%xgmc_$&KwKmVLupG6?!YO$>Z<#TyV$rkGk~f z6bjAq0aRwJW6!KCxXrkITtFmGBjJ+s=;&aF-sg*ZYtAeQ10PLyHWpV3n^hC*Om{&M zaDLT`LM~rDxt!y_7xde-GE8uISNFbEH%2AU#(Y+daz()7K1J^W@wXT@_&=2&lGr<# z(jb5KT@dJ3Ndof4@V(CO1-~T&>0ZF3-sIwsO@nRXDdO&{D4q`4N{2eK)HG?AU+<<6 zHN_!XLp59-cyq3$fEBU3G&lCsvlt#rT#$C17j)ckcGFg{Gj9$_S6xIF_sg4Q1g)R+D8twtOZ1j-~Y&g>637bGi@z z8b1!*;;KT-x+D$ES7DmCNkA%R)cnRO{h465~yiKsLTO zSs5YfIy&t7WvN5A$Qr;}VwW~mi#YHCv5ZhY`wj%r?HP=-j|zJvX~nWI0^p`pD#qf4~OO^xQ23z0k+f)ql& z{Kg$5f@|ONZP#Jmq#(^2q^n%{73nsj$m~q5WZ%VbA?tVBdaFzw`ZctGish#DCp4dV z=nKEIZ$HVgtVWV#zfJ@vmmI)vH#J;DqVn<2bAQ=_e?AvuZk}_IJEE5Fr|0t7u%U3b z#yV^Jpq11*e3r-8Irji(9Og50_W8Q3oIjPp{1vWkJBVhC+yLPKH}&QJgQJ5~<7=$L$u(Wy%}EfS@vA{u!~ z$EI^H*p~2io_~Idau+{0Rt<#h6j(tiL+&P_N#>V>0e0BFvl{svJvmp){bJFZRlMC& zHp8PSs)H#|uo~wdfx8vOF3Y`{D(YD@x$V;jeHBn^^(;J0M^s0YM1D<_NKbRUwoUi5 zXPoDh48DEdcyfGdM>JuO+N~SCn)s1GOu_

cgf{Bj!`^beXjlZFMY4cD+g+8W7FnF zTWfKevv2bFynD#|pV`x)vN@4z|{2D4yRc8tu6hL(d%SEQIKzuj&5* z=|%S)RxZ9>aOm4ZbAk9wL<7v?c02ijSc&k$;4_zl-1jW)o|^LZ`h6_76G7NZSf7;_|BZ^b*ma`}Y-RL)I9a zE~{g!QHY1(VO)duTdY}oY;uj(Z4-ix>D-ocIhSElfunJ=Q6Ol;z_R4_Z~NE(r3KLI z`if0H=>86f-9S1U^gt4ww-W_@DZl%aP+R=#1Fg0k5LMQUzH0a-?`~R@3DfIc) zG~U>SvxFt49*2}2#b0vgDU}OK9u^+d$%ejC)#@9jA@uH2;7PnsYF+Lb+Aw(1>xfJs z1bvlRU2-$goS9oXXp9$t@m1?}`C>hK7|n}M-4!UH4Ti_E)Py7K?=C-PSlwR4!@1M6 zTjTazFPUSlgv^maA!_Mz*W1Q;z{ndMH$Q*`n^#*hf_y?;73nCkkC8Gf?9QVt4B2ae za3>3odgfwdte@VAL5ojSOM`{OoJoO4Vu_JjcGsSeX6yBK)1QBA>35x%ge&atc3Z`8 z#6pBN#6BIW+V+&&Je9WScAixa;l^JRbbJ4L!PClcP}gD`7uDA&-h+rgy|THjSDbd6 zB5U7MQ5)E>8<->Q^_>E*YIk_L}!dm|epR|JPg$Qq`|u zEk-BTdomS$$gn6dxGAQ4pD&Idj|!t>NgFzstM>ztlr(r+z$6k^U9S0SeEsLc{V!lZ zF&g%%LZ7=`P-or>DN{-tkDJe#zTsf+P)YUSwD}3>rAYBGu`GRZs^|p*@$K z&1zg*I}lbi<#u_)J*w9MjMMq1L5FvC2O!)P*~lr&0$#GrJk6gQLeGA9_ko zu~-4gSfVU?^$hb$7MWkNCF0$?I4;%15mQkS(h(TrVl>4~Pwgl`tpdp!?RyE7XtcWO$%f%=HSdhR<*n^55yZRB2-DTfa(tifkN zgrSvuH^h&4l!cC7RHnhD>5*Z%_>Qbg{>c#sg)wt!0D%pt^?xs5Qt`ltG+~KcfIOd5 zVa&NVAr&K`$&ToX8O1qT+WckV|Mo}02!)svAg}B& zCZUAD`Zr0s)*jzKkN7~1Om72?mS(geX11@?k;%Xx0_IMKwU30=UyHzZy=Q3c{Vg7S zPB$(6Xo*FC0)pYpfSqp#v+yVw4CFp>oK2w}gGuKhy<>I^lZq@C4nFplIf0Lvty{`(DGmsg z6E+rx1}9QOJ#ehj-QBirDTZI08jgT9T1rZ48VzktRb;par6m!J81k77U*PTHh?;VQ z+5&i}6fx_q&&Ury&ukM)nb|T!it<~?wCe$IewH>BX2|&U9o>1(9}EQV#}9VKLLY42 zog>xtG>G1Y`nPt~*)KNrg)C`g6)&xxU=lJY_8L7BR4)v7hlhAjFlgv`L z3ih;jDs!uFNx#9XR^Ls3!YJZ=zK(}5(Lm8rc>zC=DkuZgeZ8b9stg%6=S#TrY@GX+ zv9T%!w6Uj-I~$4?Hjo0ZOcnRxi|ZVVNVdby)mbeM6fl-E0W^5^C^h4$E6Vxn*!zZ; z;ebkT7CoOYte&rm4V^CfPG*Nc>#kyxuBB1Ni%>i;IkxFdSp2{~ zjAqI57kB%2KTfTmya7=nW~XV@c|BWSIe=B9+Fj1`4vSm|YLzMBo=Ej6_k31^-sw6Z zm&8{tgIj{8fC7*mcFl4!{&hxIjE}R?ND%GpF0VStm5arw{)&3jV<1$=5bFSZ+ylJ5 z?oQ8O&lkle>pvjqI#lyPja^;?wG~jz%)ND|n#7P1#;WDQ`R1!`8JEbHQpisAe}RNCfmA zw{{+;#I)jNCd0S>V{MX?wVwF#rbRd0ehPit%68C&g>zjnTHjIx42YN31(QUyZ8Xva zOr^XxRvhwTN9A+O9f4B7lbsFd2%QbUmw1sb7bt}w4=DKTad(ZEWRp>aB*U!Gv*ieP z42T}k{v0UAwSp9U2)oe&DbmK@>%~S16g32s^QOA(y$5Ow#yBC-qw=2JCI$T^Z>^BU zA9aeoqhz*M$e-fbWQ{*!X4s?To=fy+4iya*IyS8U*syl4TB;zm`aQj~-c4{Kj_QD! zS=^Ao1(HIiX%ynz=H!o!LF$Jxu)cd!Or?WP>|!j>=mGua^4`n-u0S;hC|HsEZ~e_* zUJyho#PF+eQ{MryyiP^+pv$}AcDllQYfkZ`;+sM;WO>ZPG9VsVoB+Qt&As=n_qrJa z{CM5c^TG?pPGHD1I>KpG`5uV7j9PpQ+}e|Nof8Y zOFpipb!k$KsmENqJzp)T;#n3!I!I)&*QHmt%6=FDM8OesP|=D3QnT415Odl%A#H|x zBY*G;?aXC6Wd7#LqBg;M;cx>C;O8jk6-R~ZQO{Hyd!GNSYCq7wquS=p)XyR!r%~Q| zs%IM3ob8%ek-oPL!SY+Oi1_6K5f-4$YUU(jbDKODzZfeg9#5z0e@nByb8dqIW>=Pl z=@|@gzz^p)J#tJHa}FPO3eDEgP$f3JAsMjrKsMGEzEn_p3tzx)T(-b*z-tjRQHRz!R3w8$&w7&SZZJ({m~s6ROy40tizwN zHOaDwN4JPzA7_ru2CsRZ*gcd!#Ag8C1i%Wz4_Q_|n`VXL9i-uiW?M7gUekTz!iT=P zxj{?MMJU*2mcS`uwPK8tE-3;NB8(2-#Ok}Xv{M377^&k7Z_OS(tusk zwCSuMv*@t^=re1A7qEK$qx73_vJvl!M}?*>rW83iWeQ&!+-1MdZ|Bf_2UC*WU;1p% zzuPLUh1wFh5PCeJsxKCCMTOBIQ7!{4){%%YfUc_ev@oD@f z;tG=yU--=Ci;@SHp?EpBsk6pUJpnFaP_^OnufZCdo%gsa zbV>sx(R%?*++gX3OCT?6B@V(|tvQ@H1fX3fL7;fcmZ&jZ7PrEuUC5NIa&^@5x(dKj zoG8gFAIDjK43(PoDWb3u1Vz)N+{ce|zcA_xMP0gO$ahwL)KqkL_@lii`HJDvFJE)_ok%)=#!L0mp7BJmh-`T)YXMNp%-8ZQ?s z99SC(o;-S!Cs4Qxroy5;IgeA^#TLD7#miJXKUz~dS z9kEb^#mmx7#Kbpf;235dgi?4#XfUviI2p9?> zM7HfJAwi_hRH1MSWV0gp(kd{*s3PV=Q)nHAHq)Y6L!C*^^RMfeK?;Jbq;3Jdq-9{7 z+}n5WKr^}OtOED$_0~c_e8h=r+$(KQ--fe}jNh5H<$R8iswcI+qj2`ohQb zU(k_=?$Y$f@TuV{OIwL=!_`=F)mO_Q0YkMKPqYk{#idu9|xqVv8 zv53TBYZgJcsfdfWvgtOyF~lW6p-qbcRhNk6&KoO0|=bOoo6oT$Kq`%U*JyxS%; zz#k9Y=lQruylr#;h$5hjQa#;>KyMET-ZJ}C1CraO4Elk1FSTZ1aD{g}4&NELok2fX ztR9lmaVbd9&jas6%~8Ay$dst3RQi7j<*rOI!$-1>Z|-x8R&2I^*?{z*eD-lscXXpj&G(i>@ySq7PtxVv+1sO#CaV&kQyjo)2k>EHjTtoL?Rw$ zo#d7KY1&dyxxT<4^QDFw-?dLC2SG8_I1bAwPyG?;&L^Fu7FH!y;#&9PW&`qP{gX0^^gEw4k!MxB$4H89MZ)dBDD*Nc|p* z$i+RqtLPLbhO)tiAN!WaH1p8g`{Rz;=TGJNUJDFk(Pq1g;bBjHZR#$(za$aUf#1}DDv09zd{-*ZWY1d$ zD^Eewuw|br$C3JileG6`MZ2%JMANc3^WvPO>Wk>faJX*7{2IM!k)j55QKE;^pP8Mf z39|}~LG^YoBW7&gEMI$lx;CCi%pm996VM5J+RhkhB`ST5tjhn*-f?_&(#jc(mIMQ< zc)4IO@Ye2?M#zVmnzp0*7?>=+dMQ=!*!VL(aqgkRVjEYu>kWFZ1%a0h2ercJB88@A zk)?RIuEowCq6QL(3$>piUWu^cpN62?YBeLlX>8nOS8Fj53Q>te^{^Cihon}+H`r)` zasv}f@v^+#8`gw?{l&c5WS)#S)XFR%NP=X@8jBmh*9j@vG1+AL7J1k65h~mdg!5Ux zMT9(fPBp{u-&Bu2nmV0Z>Ab(=*gKuX;NQ(vi6%;LnLF0WV{#eA_;o+q9f>vTP=E0> zHMDed({SngFqIDz)LlXEO{f@DWs1-m%Kqc21fwze1^1JE%R!NS@QvZh3#DFryd2p;2ww>mCp<;rT-(2 z2`(~y(f&lA#x}eAH^sPMNA0Py#zu@O83 zUpZGHMH<_vlTVgwf(H!&45r?m7`*_sZXZALH+p9RL;y-=>`08gGxL4Sa|i;ULF4Ty z{#^iWvR++_EmHsiba?&Bf%nj{+73sK?suVU16rwi^QSA;Cvv-boA?}il$(r$t7a$j zvi+s;WLFN1WHD(bXFQ^ES)z3TJXwwe2p|ZVp~?snai)`p>dT^rTrQUWnXw5&8}IvN zlNH@xCL?_aKIV^s+$q9y<<+HZRi=45`b6k<&J}4NnZ{FZfbG(v(S}VSRW2+mVn*z{ zmvgo@vC`FEv&@(C{3{9RL;3)uiLqnq ztKyjn1N$cl5#GP19e?)jzi>r>7kGu-Mu7FuLN@BG_fKmw37K-UO1PHZG>YP9J`f)-KxW6SCa6tis1TlND?*M#s^=H~o^~1Z8vnl8}Y>J-WAhr2N^YbIoFnsp(pnXPnMFhZQ z?FGf-JChYvCeQ5!?JljJ*J^NJG!7mDSU^676bCL%eB}suszVE|VvSaG;sDD30AIyZ zF=uCz;3Q$U0LY8&A3JGTI(zs26nCszV=`}*8#^?J>kG) ze|vH5K$aiME@OuuL?xaCZHFqzR)ce6pC?IbbN^&+_-KRf>lPS31_(NnI<3;&P!6dZ zGxD$-@KM=?6(e>?b_DB>fpE`3IAfTVUetCGTlS@d@ITQZy&wLl^}`wI=;g|E4(zDs&k*eH>v7}jlS z-Bvc2piP3}f}eDTUbFAT&aaP02(<~J_xV^Z4&YI!M|l9|1xO)R;Ird(Q$_2s8p}ePL6b-2D;FK% z{^>hq-;R!4zt%lW?U7ewoWeeejPXgYdo$Vc*|1zG%BA;^D=1R$vyryA)2P6QT#u4a zzRgX^?bt=F^`SB%B!g%i)lZo2ma-37m(B1q^TPQ@8Wog2i=d5TZ2;hsa!Pyj{f}*L zO*jiNWis&i@B#ONr*hGweG8apCCT|FP=-k-^nbEvaKBF_KC=0NH?JBsWQ(K?8DA*A zTrehmu-AuQGmS55rONNxA!b%a$|*)h)ufw1u3Je1067f#`G1c0p8j?V9skbqQF@e$ zTM00vVW^Sd*ROle~cVVFk_mW2Obm6@AmG*Ub}E#2m)72Ug?vZwyq_ zeRNd~&vY5<(h2WZh|%L5yqd_cwLU>|RHSQjmgCHe&C?hOPeTQ!Z^I@y;%(luN|hfh zT0Td_A8gD%r-!9M&c|_!L*Ro7n>?8m4|Jm1IYbd5CT(UhR7!xF1fGnufq!bMf@K=v zhfyTn?sWxru?-2o-MjXqWtD*%->F7DFLJ8@^BBMy)fBYfr8J$S@Sv8H*L%aXu0rJy zgDf9^Mj}qbPt2v^YEzi%MMxpJ&Sk7FUckJzo$kqIr6Iyy1V;?QOM_Rg{_Oe#xTz!5 zb5PQCqsnrX9ORx0$@Lj*yjDHFrL7N`=7*F*9dO&}K4rTkck?F2uYh$y%z3z?&7~;F zu-vK?$V>g#wr!o2v~U@sqDEb>)B=s;+vCR{0uYHy>(O5rD}V7RfBNx@HPfm_>?^q^i|bkmpdB~r z$j6#_hoxJkbyZ^`@%dwmON~}Pigx{77Sg`PGH_34AZ?{4p?1n(P_Cv!q zCm!MZTh27XgV|e#%;j+a1)>`)pQAc?6X$Hg52(IxnsWUF1=!>RZ2?WJcmS$;!=TbP zr+jB%f3fd%+rZnIxryHE6NSNby;~esA5c*GDl=Q_)#;cXxSZ5 z@~VE6dexH|(ch!6@UD#`g6>3Ms*A{C(^)6C{&E!rMHQe!kdCFIjjThKP_)7ApC~e* zP4uuSet+}>G;*{V9N(b$_3QmT?=_=b(j77|)eabX>~{-nvk~B+7Zr#AcD1d%%wO`$ zzddkFf`UbJf9Q>`zewD!0Yb~z8J@_oEUPn^ng@e5{=co7^+x*q(J&vKZS$eH@#UQDj?^ z_^Lzfza38(U3Nq3B$0#R2lEI8T;bk`fpXWX?W-@f^-4(hZaJ%wxyplL(C~p zkqh7Xq5o)9ECjM0L}KT;2^_e+hnm>w7(i&r+N8y2!BgC_>vad%aJ#gvo+ z4<9I72yfo;Z2r?8{RfVqU~=eith>6w%YUH?Chrd))hDja%OSY8d~4F(`aItdn#`Cp_rC zTi>7V&b}60X5Eqdsc25?*A(@t*oi04gvG|Ki+^p#`qjYyJ?kV`M^M2+I9~oxO~C(t z@vqNBE9AG}wgI=q+DHG#`)YyvboP%mpX6^AV&E#U5dW_h zFj_p`Ts|@CPiAs;>Uzn}f?oz#=QTINX`QzAgKM=ElCb`pKVS8S^NJolmVY~WG~Shnw}1-5B}oWzobj0(WyMg^Z#|n@ zdqw6ZbbmXq!mf85BI)^ysr}go^|Jww$G=|XruFYG(J)wFX}-EGsV+X^eJATd?#YDc zh^HQkJ?^!OKjaTi#o$V;IzIrD1U3h7!_Q2qoWBe3%vQ!L$6y+z%MmJ1p7cO{ z9CoUAnj@|OvHG4ZK058lvL9l{0e(fwt957avzfXFAbXrJ3>}hu9 z6Z1x{XwoPbz{-z)H$A=HG!FtYw1k7%80fxrkxrpslq_W)q4zda0ufqu@P(tVWIM17 zp#D+4067p(^`qRFB&>QrZEV=F-;oa}_)%GsfA_P+7k_@J_Vg*4zkI0OQ)#tV%P4l) zruw&x-yCfTpj^axprvb1U4n^V{Z@7#wlVq>pfx^>`~oty>_E|7dveFajN2EDMV^k@RT&F2;XQzG_j=h0Q}$qkWtsoR4H>gn~C#*i2;RU4{NG3D** z>KV#~3#VAj3E0-{|8ja?25%`?tS_OUX@3qF-E>bSIRPm&)$gq^$Hj{(Oafr5Na$9v z7`MQ7Z?PvuDkA%A!m|2ppbe~p&|b8H-7ja#ree-NFEjMeuCnmUT!7Lt`*pv!ESk+6 zetcuVEHjh~qI>g(@!5)%9dz zwC^eY(A>B5N=ptH1M7f}8FoUu`Fe}t`B=8fTcV6-aPxkTgQNrR(YZ!ME2;N>7Y)>? zH@Mbtv17`wCB0H6S3I~U;;GL~mj)Nw`fXRbf)(qSQ5Q*U#Lv@tmE)wH0l?~pm07mX z`>nU}%)OVGyehiQF>#t6Vtq1A##;pjEk&roZfm>@>5|v8(|@NByt{2R*}2H;BZpV> z-X6*5s-#7TPPcXR_9YjlajARn0$H09Fbi0yg>#ta_j6j|8W0;X9C|MH`)~dc9VoP) zvJ+fAt!>(8|AG5-<(fg9PP@N1bX63OP)hckO3MbRTqh;8o#XkfuIuQLumhh*-4D#- zICJ_{gS|?heF40Wl9b3rs-MV>YG!X4T`|x@l&_*cq9q7h^?MP`{zD;g zZmw?F$^KK=w@J_4cV`T%ACFGNJ-)QJANC+EN@HZ`1DZ=U)MC5;jAi1ruIxlYSe8b( zBrN^W!(<*lLfMIY0<3|i7QOpvwmn{3*t#=mc4i^^T}vceVsvzc)~b22T*_>$^$}n( zr%s)}EbCtZQe9fK^Ns15W%RJT`=0;4#af?rnZ?=#`+<-9jP7!2-{#JrP)^l*+5hO^ zx~OSgNry)?P@8TCs)OneJL_W_b-veMG9K{ThkMd*;x2rdK?7FwfXrLq8YNu#wWk$Z)T;q{)T1Cq3FOGYOfMa3YJi&J=J|!KA!Lb)-(k z2pE=qtKFYziAud%b#Rt{vuUJblhZAYLHWl^oDVT>UDsh4ZpJ41q|PVk=3B@)<6{o< zX_y=OkypyxyHwgz#ELaz!0mLvuKgk=xcZGjbNI`wD|*ic5!W*-7SvQ*|KjK+K%psX zGD!cDfRTWvJXW=R!cY(Bcw+0Rf&q#@+eY(31~<`8d%D85-2y+`#7D)7R23P%bOQY$ zw%8ZBRD%3f?OgRlR}{@mFeT9X4s^M~-Y?_lz;GSQsJ)i_phMPcOsaDWrIuRNKF+lk z`;&pRhCAzfQSvIIQxzV2n-AwQDTM3?YtMtCAR7yJwynPBt#`FffeRzNhr~$+Q zo_0bHel~o8QpK6GWVFitb$gfDfqLSVJLWdMmN>24cV0_98US&IMD?w^&8znl`go{{ zx(z*>7Y_{AQ!y~`YVD=UBouFH$!)p41l?SM7eP+x8qZXWYnSI*VPIW?xCYxO5GIJWclJ}`mov!J?F|-u1cp$SJ zmD>+0m|KtM|Jg(7v$=l+=zq5tSrOl<4gk1t<6Rr1T}FQWHl_}}R^Y?mxOr2_1K-W{ zp6F~rTdcPwH<)3(rQrB_pFO(rsByCvL$rG=5Gtttls|)L{^T0TX^L2PS~;@|Qwz14 zPoa?IWT}8{U|5P(=30~t6K{*=mBdjo2PH?cOub&n#~@CFe?_DEIY2m5v|i=j_or~? z%OL-4D#G)}>@mg8gBfgQ5;grcrwRjiCp)fYT)%NH_iXt76Ta4fyNp+8+i{Tj|A)Hw zjB7I6+J_YsL@1MkOr&_Sh;H^^2t166ze zB&i#LJTTidV%*N>bq{9sIx_VrGC{@!)L=#;{owU24CG*<@D6u@z8Lt32m=5%5pS9S zXu5W>M$klcfM(-u0DOGMlyUX8jVqjEM(X(U`NOX>4oHSwex;c8ULN1yeYta5GOb!h zHrn9{PuYkS-k}6}<2ZEg(GFu-=~E8?{vO(cRVRMO?{`bJ9?6}fizlGBnyh!H{M;Kb z{0yrBqg5Op0K8$YDAuh-g1T|NzuqZhWJo&m_rNKDrcyD|;dqdKq&{Bg7D5oV%%;go zxUVDqVhjJ}1SHdE8+h{}mp*QCd8rifI$+afy;{u<0Gi+I<+p3OTG?YIdCU#~b}MBY z?fjcoiYfq9Qqc(;R6LNvN(S0*_!q0jB>4_R zmi>W}WjDFXq$%e2mBI7SJG=0e{Z%&IwS!lZ?l@hDSWv_Xx@+&|C3jmW9Rm!^NsQ)U!Yhk4)hFEp=m&l;s2w2RTP?I-&9_r-&yC^!$O6!ISd$?rcGMp(3*zu@X~A zS1E^80l$zbU$B0QY|AG4X?O%><&8!>nvT_Yv?TerRx@|PPT-R0i{~Qqy-td9ePs*A zK)&gu_-%+?^D@Pawy_L^rl3f^r3{0Qe+}8w)o=IULc`N)rLu(pHnCnW%e=~cH!rr= zZzUyCfP13qfxO|)=bMK0)^DZ&Dz}XfZ;-snytPAT0mvNQdVDrzqw#3aWrkKz&WxVF zLyB}*p%pTDov>4w-1VIgJK1at@M@USpi48LxV^9XBwf_8-kz{Vpcd3`zFI#IztuO% z8Skk5#!+3Edk?_lRRD<9fSF#&(eoMJ^nyDL=Dj<%d?TuoTrb5)quiQEo>V*71H4fu zS@Maxebs>MYHe6eSZO0C;t)OrWG#c#t1w^V{=m+x3w2%XO=*J?vHe*(Sx0x~5uzkW zFyqeh52gDbRr~lMxw8l(>ubJut$H0GkEMDPo;XO08NAUmE;O3&#mmt!P(g|uxLqp;PaK*fX!;vNm6>mqAj>$^UyHOy`I z-JQYubE31qL5F*&()NxJ3LOcbhq@RbR(+;p>eAOZwsr%aYW37R8G~1EPAxbLho_##vp?>SWM;M#$yXWv)bZOTei1K(%nHb8v z_3yg(kUMv4@0-`R$peiwt=X_+4%(Cl7TRLRq(Myf-Uu&e^ymdzd$Vrn`4UQE5nNC0 z6xAd1prG8tS>wpQcYo-S*{5s;0!Yu(VFqEOsOsvGvxuWz@qx!*KIBE8_`zvf#uZ-m z_8~6VroD)&hSF!KCa;2ck7b5hRMc$4*Vb66I`*v&$IGokz8P@7Lb#Vm|_vTgVMt zds`O(rs~Y(oz8o;J1Jgx%3_(EhVvGe`q#3FLzgM1O0I*0hJ0I!+9&TyM(3wJwt7y$ zYXdne7j%jT3QST5^|JEc$+q4g-k*?p%VREq1yPGQKOzp%>5d!6j}|&%ZSqM`(Imps zX%Z790h<{1yx~{E4KSk$ZZVSr*^dw%c2zylg@zh>)x@}aw)Wonj_+V$eF`z_6M3HP zlofVZGup%603o%>;;z>C8$tfH%i~n-Cz&j-LPZ;)kowRCGY2l_Q9It)@K6tKAwxd=X2=K(Ryh7WM7;j8hhE?7(Q@X>eccH^0l5oK3M*0f|$Uaj~9>| zhNc5NYAxn&n^FK)9uxt6y|gEvr~XEZW1U)HSRU>s7p`HTtu$DY#9l06a7&l}nIb7U zi`q)Xam=}a5MBLVh+b4$P%i$Oh6&#AwoY7P4;=FpUhL?!Fmo{TObYSt82}0I)2DjhM`U7c6|xEtj-Qz zzEDHxm(uWzv8aIX59xjyhPHE9^)|_W(JF9^Ng17bTcx3dV)T8 zwG$F3scpkRPuB%EnU{6tr_E+j-p|xR*?wpglV`^JeK8c~#yAfhg$em+_qmN_P4_;+ zmj~3AxEc%^8Z@aSiCkfc%@(=gxztl@x{t?f0Mm8hx9hwmueR9wY0`pPTUWRbnnVlp z3GU#TwC7}Xe1`9`T)eIm9w`ZvUII$d{Cp!W3}RX+HE2rPZyyTTsSSmGKtSaykG~FS zniXCmSM~Ri3X$56Hd^kz*I8d#ZtkHAwo_h*FZq3;P4=o8TYj(zh%vp5N>JBKBS&~{Y_FF} z@%jy1V!_J$D^$mKPq(!~-SUYBm`*iWehf5LQ&gE=veEhWKt58VF!@eXk?=zfw2-{% z8jdD9FTsSZ3R4yGNIJp&>Sw>W6R_8S)7x&kUskOb5NBZnO=K8&>{S9;(Xnd!+E5zR&iwl9pDS#Q5%M!%Cmb3^4{tkEd?g3*BI6w3Nmv{n&@& zcHh05^wB^esH8&Il6upV_r30|pr@*v67>qLTArLAQJiV>{yk(}ec|aECUGh4g2D@_uyYv_G_37CnvSmfH|znh3aUAm zGTL_```z1CZj#AefV&i+(?}Lv8%0`fg{=UTpY-_q^QPbFieF}O-t~KYQC3=7w9Cilsp>bz*#!6Zt z#_hRUaa1KhFup{*bdK=F52$DE602mQh*=e#ez;3X_)<%vl6ewD_UY&V3Qv@QuFDJk zUs$y3A1V5kO%wan$>nEb-)({cjNc**i>NK!KG+l>Ab_fRaGk1M`t#?Y3hN1e!zSBe zQAB%N;-=F|P02vRP>5&x9Ta#y?man8k^EZnoxE>NJFEf%!y9X& zZ(3b=j4E`8v4O*WYkF^e-3!c$qlWoq&j*?Pjx$#Z?ayUtVIdkIl4J~0SnAGXH?DO7 z$n*m`8hBIE2Z$aWyFSj?Mi5$zKA@}KK072O^){WH9S@;j3zWNaOJGUW1v&)O&9M!S zU}^$~KfW z!xLBb8sRMmhbyIurqAQwr*ftpjaFXxv8U@Uogq5rI#3ZY?mhkEy+4BUvmY+^1J+mT zz?I(Z%3Pe`po$t)Q!Q9i#rk|QR((f?;n1ZZ{wy&wu zR&iBGn%$7y%`+PLt0A-B$JVX5t)kbR9Axt-lC*cb3$|k#ui+yp7sX-Joh$$-LUVC!Wj4n)RopnHs!uf%&aF)+{Ie6NewCCtg~ z%NBSNOyeItfwk&{uU?`a3i-N$+35|CAMB10aOyRo{r*vvADdp9tNnRM5?tApHZbVd zzYcTnt|JqAK2$s7X$oT7!AQ&8i#ZyuoaE^{^2s8b%Q!h^I281X(%f7(oY-YFcd4f& zUK$7~*pWzKYev*0@o3MK^s|n*DvU?Sn9|fn@5c)1ts;N)vF}9Mj{1riH#d<7wIe;SiAQa!sJvUP6hJ zO0-S+p}TS%A1-zkB;?Iuu1rk}G~*_g&8p^oxOA?1nE>d=*V#0IyyfMrLBf?l&CWBE z&>W=P5qUEvfNaI9*R2s3Z-RRBuE-eifK3C!>0ra<^`ve4h^06_$pY?S)7f!66QcjI zl{jQ(D4?P0$;2R?QjUKn|9)Nj<&i9x42L|)HHnlRRW{m8WBDz`__@!~5P+GjHZ<`R zETg6q$^FtlI8Ag5P2prSnjwmt%1POf%$wN~tY4+u3!L-4&&86TuYRw~=fkE|LFK*g zHDDsH9q>TynGaho2|8>3v1xjubWFZtTUC=ff2MaboKIu(<=6=;*QtKq>^WNJiUepG zsF+kKJwe~-1~+0^aLw4rjl!+LRw0AIuv8cq_(`e&DA(4+t5XjI6+Vhe;ITDYla{>6 z)T*8g%D*mX$O~rt7A!hJU;WB%RM{?j%Ae}u{I#!Izp*8}xGEW4X{Eh%saCK+dQS7Z zlK<+1tNUjcvb?jExr_Shq-<4z$uVbN8^BM$e#MUTZG9jz>1#0g;F96ILDG zT#|nE%x}+%`$@5BU-&9*x)8?=>H!ji5AOwkm!_9k(Otb9*hk@yw2s|A!oG4V%e7tD zd)yJgAGmUnaLNeJB5z1!t34Y+pzoF5qjA-8aYzoZ~|sMMKO{kz?L{@8@en z?3LeV`e@fW#N|+P`#l`uTL0$lsJ#3IPU7ZIqUuwRWu(O;&-oRhT3r#6{*oLZ+u+5L zweOq$v$Dc*4@}MdzK8|{Ppj{$q2GqZj)B(~^wvZo8n>Vqg77Z&i%|M$|Gu*n9gWZ) zZ?kq^Y_agd@eC99hV)a*goR?X>zqjF8I_=O1W=b z^_?BHNES=@G*xw8;AnkVQAr88GiJ(#xMOxZq3xABY=8DxDls>AnAf6#p1*!}D*OYX z^I-_IevFArZ`_6M!Uz18Q3m)BTY){Sb=4F}KH3=+f^f9=pf6?2>Me`yZ>H$9<2F*f ze`Fl|_RP$pEvA`Dg{Woyg*Z=occH(R<72BFpO#UF>$B0- z?`)otC0^fhYqW39O%|c<*u$lX_;owOnpuF><-&Xro}tbX`$rt=(C+5bFKXr`zOwM` zO}s!W&o#}bOl|ldvGm2h9%x&JWxj}y!xh;>l?X;$1js$a_s-x|cYh=fXsxrg<$)wr?jTaud;)NwnX# zhC;sAY=1#=1NzX5)4{G=OnqVdK6Re$tJNC6uBEZm^~740cGPCskoBrA#NjN_s!)D+ z>H)+AAigjiA?*`m-9aB8u*6CYbd5SNQMbn=lkBWb?C9M|OLwR+zQ0wovF?AoY@X;; z(x9^aWv|y1W({zM)|i0|V)j?$K|R*E%aQ)UvC@<301$n_HpRr1-(*$Z{m$yZP8eZ2 zv`2%%EnccA`y%>+MtEePMUXcW#iflyUn(+k)gw38$lZ+vj2%gbQufOV7q8B(waF@> zpj({+v9sf%<~?yA9)7T=saerop&QRJ%(@N8S;mM+qu(08Ic*c95|=_Pu-7Y&Rn8PU z3R`v9QIsUwGtJQ~&BDDxekeBA_T9|WKhRJ*J`OQW7h?PBQvLFpsLEztb%Jh*?m(gG z6Ed;DomaKa(@E;QG(DZEW(6Ue^*)s|;%bM15mVmnE~nGij`5iR;h_}#?~AnHjVmdt z+rbXs+gTPrlJ|nKV_y0cy#YJL;K2<=)2oNu2_``{I;B4JLar4<22P8DOJ*Db!`)sM zW}+^O-u>JqPxGhD^J-yP*};3uVM>fi>l(+!2&R3Tn>_}5QF~4Hff!b{X#2XcFFTAo z)t3pQOIf-bRiBd8dM}nhW`Jor!WDFSrZurGXj=YHrhUC~Ub=}HAv1ovV5^lfOCeC; zi@6y@t&UXo=1igOvcdZA$=4HT%>q=WS1PEp=k=iQFNsn3<^G%|LDF~@>`isLRx|In zivyDnaLUEQ`kFfVEia4&+T8pvo=*13XAaJAg3bmnzO<*+M!eVM$vP-Eh!u5!9Vb3; z>3Y`Hl*B>|XDqtJA?PXc9`t-jxe`;Jxc=H-BN|WI>-u_yA#!CTg(S*HXy|dQ{Y4hA zUi4#-#->D|oY4N6yZ#$1l^*#Rmcr6B#nyu-tXJHp&j*{MSCJ8p<8B zl3btJzZ+7h#MWukm4eDSJ^kJgA|Rp_PA#drjB-mNY;LX_F7i0lWV~Ub1druwT*H#6 ziY4vm>?OoTh!)bqkFibQDU16q>uOdapVdBZB))Dv?xRTdS`~OK15$Dv2n`(xIkZXf zj`C!$%p-X$))MdYZtqRYyM5*<4ww%ssp{(f;wySsOMLGxz=oz$oF*|>E? z>eKYv@A)PzcR>=}^*3Qf8aXTDWYjLnZ>-put;$v!qE=JW=Be6Tdoxua2kZi>eier>3cZQutnth>i`@-HAE^Mc~XKk*fdUwAUH~ZUekE&6Xzkt>oskKwXEt^d{XcrG`xalJLxMspzaFADeC$PcoYJi>akE>#Kfz0<<5x2mQ z!tzW0m@EwbQg4R@Xv#KhT#FY{?$D~l;A~?gz^O*ZBCjYthwx#$-2;NA%>x*`+{rmK@ z9=$PV2GmlsK7V?NTs~&lDpK*RSA;yqI6q;_j34k5-Kf}tA9c9z*?X>Du9!?AQH9$- zF^Ohn@9WUOuNy0$J?~kTYvz&Z)8O^_gLa7uMS)gRO-2aD2Db~t!VnZ`d0OFwCmf3J z-ZiDI$?p@BQguoj*K}kx1x&lpy1rQAoiy^(INE@Pyd#3GZXW1}@g z1w4ZNx}aNE?idY^1|9Y|4`AAe)yGzRdWnGj92av+HUTqRRv>fEm!u~TESILfKbkHM zoyZ05Fxj-dxKc{&+Uo@TQ9Lf8ZG}h6GU5*YmY~!HKR5d~|)h)Z?RhiQU%Cvhx3v3CWVUv*M zj(*Dma|`#Fgi#oYvR;AdSk{(}e(hrr6&$}y{}#fX89$__f!JqMyZFvlOM->f*cEXa ziSHNe71KYuYuFN-s})C)A&h}eR|2HJ(4Mq8D%atz}%t4xc(?ont<~2*xjR< zL_@gLn~U?&;}4i%hEvtGaoRw-L@gxa%IQ{n0)JVqG zc38h#Z`>~HzB|@MMj~mko1NrwSmm-h;kya(>{=D(!^t~ zdmc0J7Ey-v8iR&byoQ7P@oFGnzW!j1=@WNPwY2F*=4PYu_Kl!wP;c@+jo_usw_;iY zn38Jy9DuqmiAb>A+wu)EYzc{#nAOi66(b5a|+uV0K8y(PIWM2pPz$I zl+&zINyuq>RBB<2bfj06n1oIUK85MDJs7x>xim?ZA>#GDtjZPLLPEoBbfD9G>a!{@ zyh9CQFtYouT^j)>&hiB5HIOPBK95#C4AERBG>pSD`7nf$;?ioX!w$8>0vn7QqU()( zMqTCcO zU9Rw*$|Lc+Ip`r*+vU_pe3$5wahCjxx#CrB?Bq+q^R`u^91S6c6~nG0MMIv5eK~$hnTyxS|mebOk+eW{7AnjxlM>}Qx8oCk0#%6I(X zlcO9OHQ%23$p5 zOZDS!UK-}kz9g7 z#okXaz+SL*IJ=(r5IgJe^-<%Cv`O&SrxFCaj2<=z+kEfvD?9G8kvQa#WMo6g zzk{3~w|K%7z%6}q|2i9MaGTGXc=3)Q+u;|^1X`U~!B6XjehS;79cBA`mn>(T@~nf0 zH_#i(RlJg$&6RKS>KFyW;|D~=P}TX2f;Vk)L^UZcqg)P{%-t0}_FTJ^aqo1D_op*A zG2>DM_8E9!U#;`N%Tn`DSCHwI+XmY02lmy<{HnG_uOr|@``G3h`ET*>$)DAk1U=ND z{*-bsdoW(^`{McYDyp!)4*|9jI?^PMhB#=mgP{oXnlu>~$u&9o1mbf7S_6>%NzZ`0 zUCUXXK6iVFYrKg>h+VcX`1D5((_UduNRW~Vo==jsooqWZz`c&Ei20Nl~s4s=PKl5DNF$juCe=UB{mS7H+D{y8PffB`U*O*UZA-sHs`P zNvV>>I3N>KfS(&jb@uJsn=V@Bwh?B4S-8MU-JEJBy1ZVwo}%jmImR=JCtF~N1?)Gg zJQfF0cY0jtKJCsJyLFHsW((57sm6W2eEChg#F-YcJ_KAL{wP6v?eLBLbi$dQl51D5 zx+0vlyAKE@i?yE%!qRF!&bI@h&D@##<&LO4X%wd2J7F`#{~2yGC{D=}%xA!LSkXCi zeB_P?Uo}cqn+;n9RW^C#Md9Z0=t)eO;KfD*wFjOvNW+#LBkVLx6X>*NU2#7G5-@4M zrI;D7Q48@O%Ng5lgJ#;xV6wZC$N3bLlng_f+|;lJ{!C+pZ;WpzWOwj#2xr~53ho>_ z4OI;KIaZFL#qdE+O}xL{_M-82mVV_&aKj$kM6FwP6O>QUD%T66U4!{Pz!C(uWcU%| z>ChoMqqbDg)nf6}y%P3>wQN<(#YEdc3~a^m22$xxP%O zOI&}M)e^sGCAaYA!;CEJh9-H6In}LB+k~V+4ollr7xs5@6bXCfpE1AjciD+KOMal0 z^AM*Vy7Fb+VihE&)VERaj%L8hfqAKmO&kgeW;dvKOB)dFVae~2fUlae`<&XH2Bpr= zT;9vFDKT}UR!AGz@$3~J$5%aJB|seNoUZIhR9XZ;gDkH;e!?2-cSLTkEIV24;#AR8 z)m2^@GOgCNqPCGw)lDijq)%t|ILlAjyjS8oFITpD7Uwi07P9nBpr5UY+q!pq)WOF> z=$5bAPNo@b-PQBSb?=7GswfhvVd2xKH3l%9kraNK{t~#dKneesA`^^)GT&kXu);g0 z8{rN?{Y82H)s7V_uzFnUM@8H|Dty|ZJ>>}AtuZaSnef}-2Srbm4&^x0>)E^G+t)rv(^L{xaEJIQRu|*ic(MexF3)f?AA&#N1TPGcQClCayQ$rS-mc9$ z3#h(k{ZNbh=D&^p*3lT6P|Uj(kc-wPrrSwEeU1@l9kM8EAMAcgH+;<*=}>49Te=}w z2h!qr$f>uTgi=H}=eDF9W#qJXU*EDmG+Qwcc&=l9`A>CulN_XA9#g( zEn^HiTMOqm78sa|+==oRbhCa!LvK1Osh%vPTsY%o7n{_suC-9k`MP4p+GNTNnij*~ z@-jcYC}mOd-CfDaY+4!|q?QlML6aq4NPEe^&rvr2 zxbaZ3*LsU+nwveGT###i4BcI0MkClL!xk*o$vdQ8Fy2fRmk=MHUq9;bmWoj#v6%EA zgxmZEjrsW9S??hWwGHV)MdFK@9QCEn{`F*cogsN80`i0Oyi^s2e)j_Tjm&}%)lq%3 zKsQh*eF;q;H-xVH{gBA2)AT+C?qgSJ=Qgk1dtA0 zQXMm`?UqUSqMLAw`sQ84u@a61gWBMCfk&Td1`FoZW${SLbIe*IXU-*aUmt^1{#+4u zzTwpAgtLd|J%26TD+wjx%d+9;Ced+B3vEf80fpzoU?hxsI1MSx$jq&V#I0yjVUkkH zCng0pZRTB82V#8Rwl@k+CzPkn48GG93QJDXeB{B`!z}tXETrsxdz^s+vwfJU(xnA^ z?Jrpo;`UW)n`J=+O7QB6xa-CO4R^sbQ0&fc;ntftmFD0+fm+xZqH2-Gh3yq;1bZhHJwYzp6{mWqVF|+aUp(f`;3CWe<3~up(x&l7t2x z1h%CZo=^3PfkJM%tv+rVE;5uaaSbXiHrpCAvIAj(xKwD$sg`)N>qS6>iiC(yu?cYw zBI_yirQ~Qua{s zG3{10`AzG(sw)RF%-Q6+ytJ$j-rVrGeM2oFMx!-(oXr`Baw%DETR!!OQ(`@JZfrdca?-~g$$AN_#{?#8IF7PKf zJm{Ls4tZTpeGq;#mhn|eKES2zQnAk>Az>nLO*fhZ49B&l$ET)VD}y}@DM>~rAAWI- zjuz(xB3&M1k~F=A=6$9kIcj&rKGy)9Ff@oMD4T#r956bDD?n3Y|ND_@VLf zYPwq&uWGUw%(rRHS5V$2FtE}1csWflcuZB;F%&vv$CvOq{-h@P`}vF97_N_EKx&=! zG53sGtwkpSRdcoxtL!Ab`nP&X5eQM(v0Na(QgiuFx75ic#;kNUcsl#m7MQKG3Bi!u zuHTO2qK}=FLBdiPlPO5!iID=D#$zAY`I4+-vTkJFnB{%!)^z@DDg4!k&a;cr0fPNI zwdo_t!M4VTdn1iCn9k^wvAEzAy=s?0{Em}J2N!25CSxt@K|5!l$fMlGt(l7xHc!su z*C)6VplS)wJ4X2&UM+qU3g$*aE=R_6rUTt1QmX=Jp!;KdtWxajHP=Sbo&0 z1F$5NUQ-oRAMm6M?Ef8zG%7GzJug|bO` z&&$jGba?>66em)Y*Um4V_Fkx47n_?lE`NS=u+}G0_b&GGne$PhwkcjJ)$y+@ya=*( z551;29;)W@kbc;j9&<=wLML201i9GaC8F*rbpiL|9YAYVno1ty3g4D?U+$R_aqbB4 zuuR}`_UxG%ZwMkqm5-F@E48#cavx$yxHn=YXmTMV|#xj%O(b~zwNYR2!FctAe~*FB`!pyMDu z^in)4Y!X3OO7{_SwKHA@`XfIq)ayD4e?L4Vk>K6O-N{-mX@3#*GO>OOUdxNFX$Z!A zrnwKq$%$Rw0?c0L3jjUyZ2P0<)+dKg;JnQhT1kK+kFFbPw6@8Lg6Z`{-8OStB3hJEF)KR%DsY zF|wpi!LW&4BiUJeL2$5Cc>OgiTPRL>&VA2ogtFA7;VofRXc~MZO*p7o9*HVTbVw5< zwtNnWnyP&o!D_byxD#Ke6N`5Ounjs=*A9}+ndsh&_)X>W2MwM98$TtB-{!7%9F42y z3KrHeL(dtyqzE>>j~9(59Kwrd)}< zyuwwmUQ@hD|891WSSOdN?cx4%1Fg6uY85x4FPOAfiAc89XCqA&L$!8$&A2u4E8hze z=q|toU_H>1xWy{ul8Nf1i&!zZo!;%M)3R>k!GR29cS7Vv6pre)&*ayWoUdxA1@fbJ zljzTFfphMXUFJiFQXUAde#~vI|E2i0j!1f4)hoqNCa3J231d2)mN$Q&VSeupH(<9_JCJf9Yr}EDY2#!gS-&}%DeFC=AM zcP0QIMG|}u5-OERIf<-Gg(OJ%tfx93;-v!ur!@hyB&TQUHeq)og#qR>Sum74chIXLbgO;jkxu-;Ps zZA;VI`e`Cx7=%wTnq*2)N@_+e1a3U6p~^?CWz?WskW*sZ98;ihDvXF#rp$VjXF0I| zbc>&JNA>*Fm`%^?rk@md*wodI1M|C{0k^jQOhEsoAArmCB2jz1Mh4CT$sA!kn|4o0 z>He$Lk%~Yw8+D6pc!iOGr>##6Q@6XI&bx$SJ`f@4wwcLx(uDR0-J%t)@k?}coFj!c zM|28l4)t96AFi!i+5=znOc@ZEoL9N%!yi`c@7gCP?)>+@5gp|lA}&9@|A%S{J7CFa ziAPbkFK3?yY5(y7Tpe&Y{SJuuBz_(ccKtVI3x1_*m@_}TtG|UBX06FYTH=9noFW#F z>wk_fIY9nc=f^;Kc&fzNmFt)OVXn-+ zr|G%!Kvts~~tUuNKUjn`S zIBZKJ`ZXGSy~Yl6MwPM4s({s4m-k_FDN%mp$*rK3dL|n)t5`m78Q?8 z-FmP7_dGj)7 z|M@WPc__)PONpsUJS45Zir|m!0I1%28D%LZ>DGS`#6LaqulM*bGq+ktCue~tY8)%i$3<&(F2FLD3PF#7pfzl`|f&)dU*gMW3ks}K24lKD$U zzrH$g8&dzlZTQD8`P)2lw8)-?7k%+j@J-sd+Y_dJgp%``fbzI!V0r2^s#d{+A z#}#Mf}#b}|IQ%Dz4( zV$)0$BK_4!It4fq7Q}2lUQoKpS31`+i-s+;klc@|x4>@pNVL2v6rGx@j0(V9JTgsQotv;67M6Pjv&5|&*^ zm9af0WLS~rviy7@{xqKsFp+g?H#p_x>3^q)LS@PT4MxIs@0arSpC0~CD+7EX5ZZ*P zwuSyXjVZ%y0IYWSm3Kc=4g7gFf0gN<|5y+Q#%)crS~dU6U2(Ap2*tES4g8<%O}}gt zTqZDXZ!@0H;{Rja|7mH?>4kqD~ec{^wDej*KKe+;!Vg`JZ|8}pzsey55Q+|?v%Y@c){^DKQqH7!f zcCVpN0;yOYTH<^E$7%j$0m3W*O>#l+nW&80m%QV#ZpXc#E2UW)BY{y-QsqF5*-Fyt;Rn&5&wHThkd+rQLj!jyYgp&;7Xcb*NIHjxWF!R zXe)fsExBcB8Thnob>t&|p~w2~e!{P!{h_`tUk?jRu;iDLG6SNy^k1t(j*qU_-;_SY z6())`Md=op>Ia+d8`lsH>=$mM%uga+CDX9VX>+qR=KLny^=UZj8Y(G7oYa4?al_NM$wS-D1U>)#Jd(#1j`RIyq9RRA}{zG zRw7=~9fec?z}H)xoGOl^?-{+A@;yj?F7$FeRmCTPd(^xvxZ)mIa0pz9QEfnF9V?6+cDhV#0C; zow+RB?E;l5Mf}UC^9QVNGdyycejJ_ub>KUK!U9t)`6c81m$O(#3LjR}vW*p)vfsad z-^ag&#oZnE45ESk^n%)>#c%okhLNC6=Q3y^@)`MJ|C?41)pq(kzsf@EEp$j%tn?vw z+I^^Br7h4hupl(j7-9LY`@09UJ7edSl-M7CLO2*fo9YOIE+|mORg8EqQlFIDeBqGhit$?xx3~ z_t+$1S(p^T&UJh+G$X86U}Cu0xS{9Cgl>+J$MP6#g49-n(b~MhjEQ- z5-Dt_tgwj*djnPDmNLLdCC%IP{U&T<**sZ!Y%>eNylvG~K`r zI=T6dh;wDXq~-EKkSE~jzai~u@e>LhfciE8nDRfhv1#@dQ?U@Xne3TJ%mGM^A&?uy zOygG431IqYJLvD@of^8iJ!eJ3>k!Mx_+l-u{`ueH0*MDQH#(ZJG|>jDYiOpfPc zuMFlHgZntCKh>*=p~pUt`emu!GlSvRU#Giao$>h9{-Tw73jUU2bD)Rg70uFF*WUGN z53t2wrD#Cr>pzuDjAeZVLw3qf>e)AUwP=t9gnNAfwiLrBnI42y?DfNfM#9qCATn^E zU|PMl4qvAsPq9uf=3MuZX{Wr(Irx>13!3`UC8EuD^xg;ndsAzkMMprM!)FCd*(Iz8 zHQFgLr4gKh92~5P1O%0Jq(khHok6A30|(c3Fd~?NwflA>L1TnPK3n6~2%0+Y7M_)z z27F5-@g_7o(h(9m5UnEx^PP!A+?_R~zfHU1*(b4O^FGBaU^;LU!jr_AwK)dXnuhWz=U@~ycvuof2 z9ve6M^3@hE%K?QxpFUkqYOotF4-4PFtE)rer^1L%sK zta<~rmrZyt00D#dQ*lhc5ZNlVKi+h_Ia67?(#63mEv?1*@WXB1ru_y2?d(8%0J4u9 z4o1AsbrEd#%tl@

dbgD&O3dIsnM57l0NJ)jMf^+TphZQMt(<9&)0J5&&>v)!M#1 zzG-2Oe6cw!+~dVw(Hl0S3V(DVfutcHF>3wwzzyZ&_jwAmc6b0_C`O^ODL{S12$uma zEC5>rS;1q`ya`Z^EyDVoAJfsgCvRQ5r_{S5km23T{o-TS1Sj#STU*QB9w6OSO2g`o z;yxu&8_c7!|8>p%u|{#&v**>Cb8T5M!pwr9WdPzPn5LbKxk$JCNq2_OXNhygkMf5# zPCA9H8T0vkwA*YoqBtTvn!F|Y&c~&8!W2AZ%Otj%I19O>@i>21*k#UFlu*>*qn{aJ z3~CZFLsNV^uqUB z+fq=6GroRtQ(*A28vYFhDb-#xMRFkSMY{qhK+KR|@cY)EMKVj>>Fi?=%qdA#pOPdy zY3@HgfoG;N;i$HlV>J~BCNW6$(W56-h+U%>QBhUt$)yIEU^g?WM7zTW;?>0J(EolHQrpb-{(|uo218; zfIP982!0pGks`}Aqx68~$N&jfY|suPE>bbNar2IM!}7at-}r4mJ$9I`sHb0fkDp58 zsPHCG)?`B};jd9WK~*GjQqyZ>#`!}J&_j8Jrdd*ZAOOW31Y6%@Da1Fy@!Q$yeZ*pd zbvk0xfeD9!?oL=8c8jJ_xg^qj;1K%UwOHt(RreF~2iEu6fy=~!gF z2CbCWbN#a1QJPmV$+hMoBeuQnlbPN44RN0iacqbMRRPr-$#B+cZDRIpzy14!GUKs! zjnv!il2ENNvHUXu#Tkdbf4NJ_S5|;4ryjA!5?pFW3TFn$C%x%6CzI0N9N^ksOIabLF#>gf#jywg^e0C~oJKpouqb7y@0!MDn<0CHuvN6?4W_aC_Nl-x za_tY;m+hnIz)1$_>UxlX4-W>vKG~YK5+$ct9RtZ$mG^!?6NdZR_JWo;LM9ymhO$Uk z)B{^1w?j23tN2ydNDlIrV5v?QRrI&=zqP;nNofB$&mm`VroefY5M65|2f9_Q{$3~H zvn1-VwUIgP9I-F+_~5{4&Kw-%3{lJ^Rll@hMZ zHFmiA$VycOwl+EWftt;LU#r<#uOw-i&)~1f%{h%61>~hoN&td!^VoS}u4H-l$xOQw zi85NdLg7BO0wm*wDKLV zqM)@IBLuUi{A>}Ms12h&Oea@72u5I3ZJ(}G0;5;eik(iqyLxya(4l6$Nq-^Dj9pBy zKH+et)|A4kcmi8pWDM&)e59{;Cy>zB37Ane+YBsg|9B++bEBLh+SAWzRznu2@&${&>4a|APTv&o^Bl3ylDFgvh2;N7MT+XNB$# zmOfBXw6?|#M>)9k74M6HBpY-9+eWbj{-I!fvZ=iwUW@v|2Z-beQhn4x=7VkjFtbWu ze3H{*y>!=KQ$y+)9Dm&q)*d}`Yjt}Vt_TtkQw$#w2z47;LTnTsDZa{eN+INJZPccP zegb9uKhC~7E~>Q)_ke^63IZajfJ#eCqaYp99nv)*odW_2A`Q|K(%m%-Dc!=*snRvn zz)-{7jVC;MJm=o;{^M_E)IEFN{l05GYprKJ%M@}zNu0n(yi6StapT_Jahvn)760WF zs_iqLy8=&uL6=For?XsFzPboAg%_Lk#Q<&OFSbNcw{bKhMowlgI>^hvFcn84zTEio zIFte62J~0eXwC(I5v42ZnajAH=Ro4}Vo&yznVA(k{JaGRg9mDT%+-lcJ`#Hpbr}gw=0; zcp9h zavXm#IEKB<6%Jt5wrQ7?L`5FnTHOl>L=U%?Z@tSX`0Q+%3bGgqo!%R)eb1m-zqMbN zZ99~sSTqf@@|UcS;hDBi^r!`&2;V=hogdZCP}tH_+Cf}~a}NL-4+kDa$IN57sy)Rl z`NRzr*d8GY{+V01G{0N2A94KetJm51XUuG`ot@a`qE$a#ht(nA%M{j5#TBsI|0*uA zL%w(`81pVZl~Cj?98%R6f2M%H4Ulgpt;G^ZISSM8n}bMLV@6H?#v+qX6WO;MF&=br zSPXa_w6I@|+vEFGcru+81qOPc2DRG3>`$~Rw^R5|Xz|!!0YkaPTR^aXEd~&9NfsF0 zd_MTH5g73;oja}pKwf$vC}@>Mu1-7zJlUm7fi^tA7!c>!3(UsL$$HtxXC9j=+~uZ? z7y}clko{Xm?Q-E3u*UGMh9hafpMG)CNWu}UFFTCYKjk(X`BXn-$^&GY=WspL+(N2fFWz)i!cfeD3*@_8C#KkL&+ zL@^V$SfKx%|9bxfC?|3F%x$0U%>=wn?+A?rf;_D0bpVE>;p;k-i#>fR-GN83affq$ z5om>C0TL=+0px6!?+SD(CyRy3i2|i^@#VwXJItJUrr^GN15s-ud6SEPzK^ySn@^I@ zTcP(!XN$6d_+@Aju;Tap>U9l~^54Y8#Ia^ql=EQ>9`c17)}z5uu{;*m>gnlevfQo1 zvP%;XTgT&pLKli^<_MVNf3VZTHGU-9uO);I zc&$|ZSo8?UQX}cnXZ7aug2Bdp7w6K;%5xxkjqTg)p$DD`H}UTlT}Xmt8NO#$R08t zP)v3T1vU5>-*E~H`fz1rY_Trr_5|w#i|Yjk`OBzwV4&kGsVI<(DucST1H*OzC0JIE zJLLkRJk+aSqtrecQfzx4$RC*@3w87Tbs`AF@`)x&ODIg|C2X`!jm$UR{^|t(^;via zmXdPILa9&E+byRi{PHedpBHm7x; zJpx0R#Nw!c`wfL*CRABb*(8m`ZUBI@p^!}@%;WwXYB3Gb|bV#tNjfDFhtUH?U z{#2^N0GWBV%bch3TN1`4n{GJRNDJ8u$LRGnORRt=32qf9f!Bxg=zw19n@NURJxNHR z&(^!{WAu40TL&qob@rLk2Qp&r3I&=lGN79fKDII>b1p%{J$~*sAYcV5LS+?Bk40Ui z@QPDW|J&IB6ggZTE#84<$*J; z1YNhMYyI>xfbo%CPoCJLzWpvY(>i|0VwRso&SKt8I2R+8%4<7WV75Nd%*FZ0ckg!R z*Q2@ao&o#{eS+P3voUd?f!btY8+~pH-8c0oJbk(@vGlEhi=A_jh~uLt7r4Pe?yQ;! zKTkH3G$=hEU$<_*`IlPmLYVdLXB4vA*R4Dg=;Oke@_cy6%wHrz<^jmec^ec19zZ!-z%s zzCce5J!7*#&d9ulc&c}mb%fESOG>S$gruZ)()DGAO+tU}l9x2wb5)>z!`iK*qchFy zFSFI&jeQS_kS|N=WD-&V#qJsy-_FJ?Pu7U7{P5OPwZ1ca(xm)}jHlio)-nnxp(osOFJBEcOQzo{1_+gn*MDB$Q*aIFW7%zF^ZumD+Nr1m~ zKpCRiL{HRmsy1`X-Agwf!g!|i9N0=vsg#8$Y_fJWFj!jdv*I)O zI=j;@=a1y6-H6|m?ag)!0U=5~L^R1;d7>5VP@om!20iS#m73(h)z}6Qht>ex&EMZY zp+I1So$u<@_o~b88xf$$kXCFUewH;Q1s7 z_Q&l_^$C^WaOKk!;4p_*^Rlxmtqm6~s;9)i-Ow=3LL(*@{7u|DjL7~Q@SNSaXk)W} z>Y#`1m65PXSI-XU6Kg^&D?#=hh1JqKhHXPu{oMbz`pb_H`*OuOXJmVK&C!i0Z!88- z#E9+lMl%Nn2EsL0INuC3BHjudi?LQ0DR+>~nEcIkeRpF2{^~(6rfgRdezCiulKo3# zASoKyP@yw|xXkOg5`GG32#t|~5si0b12*YC{ulf0uYmN=4J-2eoIEL1x0Wdr9qG_t zw9d8bHaCF095eh|_j%3&;LX=fmi|a_J-qx#zkBGoCSBrpjjlhh^_LI&+rbp^x&H0? z!6rTLBCs9IdI0^Kh2qL}W1t5wGCZ7mXQv}WC0BzNYNMO0S}ramz~TP`KP3A}s#Y`u zyHz_Uuh(f!*E9Wnm8(8R{|)b`!`ILGNqly2id3D6vNYBoS0tRmr?XQMa`@4IV$~P? zeG~q2@jLg<*L|7w#)bc_^8cI920&Z+|Kmn9y_Ah4Wqc*T-}u z+H_Lfd}P!c{JqZn9R>m{?t;k_YN`8m3TM;fFSahHRBlRy^@OHN=~WV?wPffR-zerA zh;E&~zc6qiFj&G+l$6IQJb8b#H3$EX<_>htc2Gd#Tkp{k` zf<0HR^`_K35wNO@^`1+l-m7Z!P^~JsMXw$mhREB~2^418U2T6fzz}$e@$SGVjls~B z*F^vJom7`H_Ocf|9f_|J{o8$g|J6Ufl9T}0S&lEhwMzfv2>oi?|M3~NDDeM$?I?J! z{L4-K_%+|x>i_=>shNsX+Jocuy8uB1TEI9?>QAXX5fw%GzmJQ10L${eb1CqW5(BrI z7I&k#*YTqIM2$t1n3!0%6G$r_c@a7XG_u*PCxyzte{|;$lfbyBz~7e}Lq*II$*f&H zDKsse@>dm)tOn13>uJd|s`qDCc76q7)R06TnVqj~nV|d_r3}d% zjojzGn~Z9OWmA@8d2~RZXH#*AnrpJmiPe;(MjU!^xO62Bk4nh;1XfyQIVfP@t>s3` zBH!?E>CT-Gk>M|7fsWyZ_li*Grh{_Rfr$E(gLvma`$eKyDPYL%g{r**od(0q)6;c= ziQ_qMAmF6r&$>O5F9YjIkn}s=w}$n;kDXu9v2}9nSM}EK29iPm;Ca2dm8yxh9OWTU zq7@5Gd1T`qhCp^z7tECm25*kZqWT}5tnJ&*7R0|}(e2Lt`d4H3_owvluc+}aA4-fb zmOjQq9}>nl8hoG_!44vm1kxm@;)h6K?FB%;s&e0DcC-tJHT2l=eej8O+B-&N@uG&Z zT(XC&!zWIWN`s99%0uZ>E%yu_wr&V_9Ym;UXEzLH#!BwxCw7JE@-GhFcb`}TO0C#e zGMb}+wN%FHK?Y9XOZ9@;NN-(nZn|CUh@o_f=>u3bQ8`*75iwf zmX?4!@Kz^LcJWA*XV~O0pk7QGbx$L#_x)Hlp->c1zk6d;9GbkGw=c(PYj|>EJH=h> zz~{RCtuiz0m(9csMEPzt9fXh3{VSCXHIAZi9$wW>DcOIhyx{ zuO*fKZ2rUPeFTK*kTm#Cb_#&F+EaMh^2f9`VMxBq^kkPQGm~Cjoc1#0vt}_V-Fg1{ zTDZfc0MNa*yEs<9VL8IkMM}u1TJU*9oQF6l@J8X7Qogv8M{mie;X~N=_6ukqGQh#J z4{_@Obm2UaY#=p*lyI=oBFT9K#-3anew`p2!N&G9Np%9^QQdpwoD79SQkxTKB)r!& z=@c>8*(@*IPlZ_sOk(-Aw^2B$)z9)+Pt!V)aUuXGYaNO2;wGY{=TNDxt=rY>M#P-p zDW421;F{)^n{EYK4}2VG8iioK5z(b730?m!5t4(frVM+3Cv-_fv01HmVQ zE<2P*moQ^&*P&0n$&`QPk>%;tpZh(0dM_>QG2v;zL!LoqJnPJ}=+G zJiWraVg6j%hL_ZHI(NB++Cj~kG=<4u&@OTI>NQk9h>%R%Z!h4$cmhhfm| zI9?7q4V5t%!)*=TuTg_ltl1%^C8xjypZBUr!8>;zQ@Yk9LcM@~(DOXw0#uX31gOTD zoUTNaO=t+s?Cp?qIO50jKLHYh*qoAPBqtsV%kdoOPnQ&M55zWmLL{b9Vu+!{Q#RscH6=gI_eq$mfbY@vI}ChVrzG z4bn)+A3v%_*DEHQdqgAZs^U){f_9~Zy~J_f3wi}l>lJ5Rtx5MIACEe9DGxq)eqKm_ z_6fTPg1kYmULWI;fF)OZlj$d~d6W9vs*M7PlhOqs!5c&6eLN8~=fDRaW!82DT`@HY zJDT4O-Q=Iq^}K+dzGnL61q&*|4d`Gmvmdea$Vs%RnUyCgVze-^t+?iQ_~CI}!gHmb zR(j?71A!OYsh+#58rm)ZiN_tZr)yVcU^&{IXj}JKOD9R7@L<>iW`ax>)az?Z7M#-c zUayR$V_+E49WcLhmtAKl;oj6Gy}lg$xy=*>a@N~5xtRkTC}8H&W`o?2j)JX#1-upK zpU#{*7RxIc6)oWSwB@S)mhebRe^#VS%f)e!q-2~n6~XN_mgU#jDCk_wzSYLFQRWlf zs(9JB-%}(JIdO*eQ+u`qoL#Ixb&!bo5Oq_EfMaJs@8g}PIcn^hKT?4VvM5i^JR+yC*5){_nC8dyft)*I?(t_6 z@9$kTAE|0&mg#4isGCrIter z&D1mtLRSpg;P&#&8#54HVlOs1?lZ{U?AmYSxX&3EuXDO7#qnPJG1zOOzbT2zL(-Fr zi3g0*mlWH&B-QPv-u%_mWgREJH6R{S$C*)>ysemDg#Kn z5|KZ!dHI^2qwjCFkX3R1${JH6YZqPZ^YkIK5IHZHQP8y(Hv)9@(*lgP*jaE&X>-UN zxQqRjq-D4H4ND_S;d7R!+{7Q>-hKME)5sP~4Xs9*neqfi zULMI?&iPo?m$;#_FuA%}e$ z6=hb|y=nL9AM=1AcfyY@woE^AzYeZq*SyMQpp?CMwi>H1*JR9Zmo?8qOh}`yXQz3+ z9@{3bIr2ivDw(Sh%NPrwqmcNeY<00~InBEcG+L2+EzYrwM{g|4DMsQvHUtPvEFf8t zmEK~rt`~%Fa$!lf;}uefL#@fg-}(?)G%jTZYmU>)$>5m215Hl8NgP9%9KR~fRsb|0Qy3ERDS7q+Qy%i-tw(|;Ux#p*ynOY$L4i8+XaH#HZ@3s|YjodET zzIp=48r3R&@N}!zt#|0ZQ7`{Jjrph9@6`3Vpv^61=$a$oSc|qh*bI$5Y!!>JEIlJD ze^zeRGe&M5g;Sc zSr4r!5sIwtk!)Oj!FAoX`&DU~E!qombkJW_DZgK!Nyv5KOBd7a)WeB|T=<~LZ=Dbj< z7BdZg*HkC~PTaNMt z5Gp*?;L@ebcMaI3wmy2_=Rs3uSqg+SX`km0!j-TuCdlTxgt~pNc71bdVszn#XNK7^ z+3@kA!mH$`rKh{=wq^YnyZJp2ZNVUlsp^oOvL~ys>}bQMK`WoD`_{)KEBW^KHD>hP zpL%ImYpIBs$jV6OM098j%V*-qPrx_EN;>&j+4pLWT6`~%(1~t z32?ZLQto3Th|~UCYu!p&JnI>zYFoY7hct&3OM9SyaGZ zkB#sOGaVN#6^r0EERBh0szK#K2P$duhoOM6jlwDQ$+~B3oqj z({ko4A+s>5h^TqSeXO3T)Qc9OxOvO^bcaXau+TX0E4y`P0N<^>gs)MLbXODTOjI2kFQu-e9`py7ld9?fnjua06`f_i0NYJv( zv26TPY;yVApLm7}LbvAb%QT>*{d;woNXv{vhP}+ksMry&xg*w8+gPtGOBWJ{PN|$k z%s>~`A8+Nzxvd9D?XLUs?k=}qbDul4+x_e{alEJGR_n&N%59!=<0Yw^g%wfip-IZ@ z?m#Kc((}=BKCh8rs*snT%rciHT3UrceED*q@!Rj*^WNSVKAgLJzY4^*!|S&FQkMKv z2V9`rZhESCjc*Z@EQ6gG>IwBzo@=-8@K~+ULvN@y8MENeGm(~eUx3DB%%vP%`EghNoV;60fP9bHN1Ml!;~-7?|MLl#vIEf5`8`l~`yNeFqpp-Mx+yJULjU z%LmL#`zQUC`Q2|rk;Yd*n5V6KUM~{5h!n!<}ZOT(5aa(%V$iP^&%} z6F1L18`1jWm~0l^%G$a)?o->R{A0yzzDMpd#712Xs=mRj=(C5`C9`V6d_;0m#YdSm5jHPN5tRX@ zIu)A04s#}Yl@m$hv!q{N1!}i6 z!W5RM8%F~(9t9tgEuIZbhSm%&Oo*$E0F#aPtK68?L|j;e4S-VB|1cGL2i^5RlXB_xZkW71_} zLGTh)eIcfhnF3ldOD?|P+6ErG^E;WKCAmUj%)~LGo!JRWv)L;|E0)AAJT5zE7h#zt zSvBfH&~?jK1ImaG-CtWCUl6NLRta>~a}cT>Y!2&<|7zRCirb?6`k!S1F~;qd68y#d zGh1=@UUESl-wR30E!HS;eMXHT0jcIllZ@zyLPetJ*GeYVoI%~Au1ni@>ZejgNs=^` z3eya=Evv2X?@u~a6x!D&G205Q3cA-3FDIM6k8TDd0sGm)j^iK-adRIp$?Lgr5 z8H@S06WB6&p$tuXNrB1*MloLK5Ug1jxPen}$qnU{ivj%8`-t5bf!9GRRl8j4T7Zg% zS*5_CQD#p9RN&kIcS$#0P3YB1E#WF|g1Q)wN^Et$p5NIY!L~Bz{<*UA#>MAm^m8R$ za6_Hj;_(s3;FG#3BuFvrO`B%@S~li#110*kmzaS3W_~K){+lA>ffza5rwwR5Z=-?ZT>Anj~ zz?j7pThNV)qvfi;D%H^{#=TO$a-V-bs*LLxl{XQvJ}ut&psu&7A;+b)eJzJiiZq=; z8Xz0#q|r?pRAG;`_4pTTO@1qX$T|YDzYcB_raqPFzQG?|q#~yxlG%Oz2nkP0Q^VNV z-VPTe8`IX!=RCI6w8`I{3t@unb~*^^MP@2DL}<6qrQ6Kam@@THB-3*k>PwuI?$~k4 zx7K>N*sS)(=6Q{d5762UepNaRyien7L9|oFg+~Hww0m2xZP2Oa=I})pJTc6PQ1gC^YGI#2o!o?)-jEZ?s-OR_mIkn zE`qb21jI@@m!#IryF?NJS`Oz@n0*s4u_>&URX3|HW1TM>zclpKIVo*CFjwKGsHU8z z!!j49s&;pK+uqYYtCcID48ZHPmwhdkD&1AkVuWenmYhE#T4fBLQibbZR?vQttHbfc zKU$(D8YY8Ay?&aj&6)pz4(HDoh~Mh!z>Wt`iO5NJZlsJYz~LVP7`4vmclP(f_CDPa z2gWBo)s^_*9h=4NN2{t2SJy>x`9uX;!YW z>%Q)k)YfG5LYPy2NL+fSPjTQwF8T9&t)bm+((v_I`s`)Dx}ccf7`8Jv?@SeT51K*u z5$DGn7qLGVRDjHqF8#t}oI7@+XU*)2*!$SnLT~nZ{Vw<|dB7hj{gvL-bMuhpzBj2#dNSI>eiAg0hN#3dI9HmIG{*3yBP4wf`w5!2LIKvo zj(qpapU~*eWn)uU%qxl z*&|2gBm%UYEW4~!JwtlUFf4{N_Pb1Iyh{m&K%bt)Bi8XOjwZE7D`LEaHRY+!dM3@j z-4`Avmdw2XXcPHQ2IVUt17oa%&HGE~4j&1zCLKI&lP3Z@V_wVlD^9^pt&5+ZX6zsF_g#2t&%!l zmOD48#ygYDwx-PMv|^BPAcKA%LnVxQHkQ8;ZjwJ*a;%c0Ixu!muVl+7K%ED$W!_aC2nq-mg3c|s zPsUAZ4R-o{-k%5BcwX67uRbI;`ALB7Tk^}t_|Ep{0}#DhN$RU*8b^W57ICWLmsdl{ zlqEMuu8;)FzMUhJk5`sReI*NHOBS+Xf|2Oqa(V1Oxx->O)Sk6#QuWqtE$V|b$t7=qjxRAvKb(%qj4 zxUj%aYQU{MU`gqhbw+E!VOq8}EUtp1SUGX+t8vHJoWAsJnK$__rHDT9W>{&@DEFBR zM^=t1%4B=etbNI;@JcUU02joi-&;H1B4UKV78%Upz44R1x_h~V*5$6D1H-R=XDi_g z2NyyrDykjCP6%R~eN82CElMdUAi!$wwVI69Nw%DkuIaI?CZb9~#uJ3{^L_vBAs$L>i3pd}8wFG-HKr_;JzlPr! z@>qDZbFd#cTo98F7jlh5ByATO_aw3^LG#Q3L&NTV;$b}}59Sm4^KeQD5YUZ(cl@60+vEG| z59&ME)BQ=p09%w2*G$0WprEMm*#}=gwYFIP^ieli)oTBSqO1QFfwIe6Z=|9QL|f}6Bx$(J*1HoMQ> zy3fY0!yD|oISO^B(rX=hIv=_%FFDz{AUQF~z;s4c8()dPoQYK&f%h*TmD$?r3L1|Z z8g;F)+as6cAf`;2n~Ox0I?PkPYi`q8EI8KTh> z^oub}8Z|1Op7n*RSuu0#1y>AzS3>-AktOLc54^9*(~-29{8Tmk{cS21yKyJA1*Pj7 z=#6I<+5#VaY5iPsrYj1K`P(s9gM;6!-55(NdnO(o$X>g{vD{0c8%t|3U~U}csCEj= zAlgqozf6}DHE>5!QP>VY)uJSm0Pa{;KQLPFCrA11%Wq)<6O6;xks&X;yg5h`9wdM8 ziEIgYDFyR0`~5Urj9K6UF8_CDy8Yl{jqqiXF0P+x3qSt5M#f(;)mwuQSS2;!*7^UjGxKE#rdw1(zr>-(3Kkx&0g;RiGUFP z5;OVIBW}@OVldzm&X^+!oFuCb}P$WwuZeIfBG>#t^@#cP~b89)gM;# z$3^>nNBsC1tv&|3?7caUmfl}2&fSXwbuKc#l#}Z2rrVKdVz(+=Wsmr2-^HOMT<2@? zr^6|2(;I8nE}p@~q_{J+7TR=rc^>YpP(J5hUG3XvN}<3)(l6_=DgX0ve2yS_KpOP2 zZKDC6M#)B>4CKVyFScg<>b}2ymO%-$rYH~8FG&CM>wHugUjV22ePjh&ZNrI8a@iEW zRdA?cQkbjhn;katA6MaT-w=L^ZFn$pyx=X^`xANL-{@!GH`NN9<{FI#uC7*_qq$5sSrWz=Ckrm5i$lCM6|r1c3Hsq=QxE8qt*_F z7zv1pW17s&T>tri{(T92h97Kq8pqXvmqUY5_P)UsXjRL)u-v5t`6MA`TO<`Vnb*v% z)db8_6wL^oW7`)0SvbA$=>yGjW4RUOHp^2Fit#$Uwoc9(?c*+pE#!FpI&*#d~4#K0N$cyr6A^40ygA z#&K<}C%@kPZ9ss8Cti=n|8g6_SV~S!3#Ie-jXO(jlmUY4w?2I0wZpDDYtYpL?}2#T z)*QbkkH0R5K(muo*9Y`#K7S;-FH2G;b1#@N{l9JD-xuTMI%Y1r!EX0RKA?)^;(p0y zjD97495dkTO#8fQ#iU)zUaEkSOx_w=>BZy!yl%|Mo7z9M0DiDn;h!;c?;0pE*8{mG zrX$0TtysA8Sfzv)uU(7Qg(5p+3GYWJvOB*b|7Gy^Z(HIzuFp-fhi>Z!pouc4M9=-c z>N1O-(MQ)`m_NC!Q{$>QT7-V;e@j!Cm5fw`euwc>1IX$;0W0GNKX#~=L9Lu?Oa6V0 z|LbjrxX(?ZhorY|<&@v-*RRpYI(@{3`V8;k(#MDoq)}@oP%0 zj4agD`^Gn|M>9&_3)^ujPJ=z`OxDm@GIK7t;vNkJ@f?ZGLT}w`;{0fIt!dh1T7sa>Me37@804`U1yEwFtN`qUUNh@UpR6=!p%?2*f7~t?{#N%i<53*t^T{Y_~)~2 zReD)rTl#ALA=X!IgPkE0`;{%4LA*qMbv%o~I*SUFHGd5h5)=@z%9fYb-j^(>t)grG zml)vxgCkHX5Xrk1M~*%+=LIjYx_#ZTr$1QAI0(!)$@JE%6LCg2@K)+uR*bm-`)AZYwc{|vwV z>et0LBOCvQUw(CL!h&C#S=I~zyI*{?{%mOX$TYI8Q_EaCP1}FGigoG|V=B9J=n+>dkwq3Yb_UTM{_CM_VC=AFOXA1wojpc!%r;rb9zoNqo1A__ zGI%4>^0Gu2Rha3$yDnQZ-*OaFVZacd|L21vB7O6PLSU3>|HTX(pE%=Ka-jv9oxQz~ zeUrIHZ{bO!eD%VQk<)_=gWq+e{vBKViLvv}k>h?p+ty9i5`!)Rz?K2$LJ=s@<|^l# zR-nF4Hjj1OFA{wr@V_jBHK1QATUG5Jm}%;xU2W5K7^n|*3>3v_WSyOzW!ZNcrGNBb zT$6DBfB5lDGeDmr>Cb0j^E{4o&qy&y9SLq5L|+KMFsC3s4>kJZ5<@>+n;^J z-r3uau5;VfnAZawWYJvBoryBj=-zmC&Hb=RadYz=EFA2>#uWWXz2h$BY}yBpG+W&|~eO!qTmp6DJ?)!N) zP-ss}0De+vQNyzjn01$lnW%x{ncXC7DOqTW0DUw-N&zfS*;d#bov1$|Q1JClw+6sh zE`~IqjN!gdM^6L14jwsFzRkqZdZ6;Y=?XDtTI|m)LEz~OO;dsaJXj=#J^&FkRQVm z`Bp(qvc!SyKh=)I3C=fipi2mEwg$%j*9wiK?D;Q|AUv z-Y@17dX7uVmv2jq^<^HM;8S+)%y;Onty^XT>J{BQfMCU@{t8Q5x6lXS z&e>}8%lrTs{vXDN;9081;9YkF(1QHts6pec*Mz)xQ>mskkIGRrJSq0M(rUk7Qr^G zjxkK)pNu_kMw_&^z-Wa0?fLw*e0Nrl2Rhfm$6b|HV@U_;f7)sSz0WfZwmtiMW(%>Z zj0F;a4?zS?a5uhm-S}26=&hI#a(gXuPY@1b~1_GhG=!b69 zWSHl-()X3+zJViWjZbvF25sP4wFQ^}+K)u-XEy=d8JUGPRZ0?fyYAH*8hh})*nUjSLY13>64okgv zHnplFr4)q$=DbKCqTrffh3q z36J^|{%oGyODRi*UQyp!5d&Q0J|4PiJ~aY)4S27C{ISmcb)JGbq-kILeFZhwC%(ZR zV;PE~J4ZY<{ex~QN$lFyU(_e|mu(oL$vz7WktDNlSxePM%PG496Xmt}mx)!kAR7~9t5)7s&o4ml0687UgFYZCyz9L& zNoUFHu;1WO>cK;=DR5eE;qtOHeKvoOn1y||c*-%#y_g%cTae?OE{4>4`-u4DKR1c} zO<=e4&Jr!XTf^#4<}Vh$>Ad){maNAP3hmI}9ZOB6R+lH+0t1sDnH77&t8HO?vmK^? zw$V!7@)>C-=mPP(gmBhe&PjZ9q`f+lo_O`hARO;~tqZ!LZg81`qQsQ4#0p8d3a}k# z!RY!kK7(CEJcl@rWk-(~db^R7-L(mNZua`_7@`Es&M@6_k%@Sr`o>uD?$TSaEz6mF ztqXj87)fEQ=M!)1D(ow`LKG(9Q)^D^ znE*xfuH4g^tyDj2zIPPy=oHW?C=PXVIV_^{?Y!p3AKGBq?4#9^_*DyXL1 zZJpa~v#`N=1b_<#$dN-27i&UcBa0X1IVX=61E}`j_wwx*%(}p`WMh`^Vx>`@u7`8l z&h*3gGmi5!VF4lJbigFBXdUq;x?d3v{=&$TU6?y0(b17aar~HY>TJ?Kvf`A>j<=Qs#!bedM--nG3?2%}v7` z@DCv`tVV@272Kg}U^S8m`P6Ki$L>-@zB@u9DoOWrG7N0Rch35tE;!6y$B_)PcS9>CwMM&8X!B#c$n^WC2gEWijNZd*6 z0Zj^PZkw69Oyt^V5j{iPvl%iIvlyO}{n*c+4IFr8lP?5sr1XU_MdkJCS9Eq7x=-0y zR|;Ff1$4hLI{7>|Cr9Lg5^KavdB*ww=dpOsL-e$qtx`eY%I@HdZc3xTu0tji&eh1wz2%i&`5j&s zqd($Pk<&{8uGb%Id6Op}$%B22X5N}a(kqLvW9^yA$GYG&6myv7U-f68aX#}rLPSpH z!2q|lZta6QK}6tzrZhToL$0pE)?XHdZcg6nA@I-u?V0w64-qk}p^Wa!-;T%HjP0%B z6EC;h8KQHmR}h|&!M5|lN5&1`u-M)(6xEhk||H4S<54k z>RTfEv~ooJSZ2&Ebvg$8ndauO@qRhC{DRr?lO15JMMITo{+_cuqWIZYBytbJpm)%{7dM*dfa3da~HQ9w4eJ+`uY4bDKA$za**B+NS2 z=)}Wjw__w)K zy`+`ewwn59KA2@*i}p!u=3AkKy8!%N9R6~_{;X9I;<@xn=V&=YN7!53+cjUPNp*@u zo^k}mU8G6RK+^{#z&j4>mN2HOw!%}?i`iV<{t%t?F@CU(jG*BgmzM+Ws?To%Fg7VM zF)>Hh+4RU{{+pE)(0KAjsZK*tae_}(v&1z}!1M5#ZT@m5+SE+FIPCOjcglyr9qC@9?> zO6SnsA|0dD07EIw5E4Vjch5P;bJX`d&-=aqZ5)0w``&A>b**b%Yc2FE-2C$#1_W+w z>Vs>Uv8HOIRifyz%$jx5YFK1EpD<(DkB5s?hU(PlYhr#K4DuU9&ol&uxa|4*&dI38 zS4S<*tL(5cDS?@Wy!ozF{^{cGp{@o4<4{{i8z2|x&L`C zRI366+W<+#H-9Tnt=_4@1X>~6@n~gSKD1VTO#Dqq<8GmwOBHiVT>hGE7pmc;k1r0=#+cg^SMU9t(d3lVQgEiN4#cLT}G+L z0W(F?d|;YdH^!yu5#b6LL=UW&h(p*;RG8sf#@Zq4tv2KI28)YPYG#H;x7C?E71b}- zqMAnMa`!4s2bXVTgi^=f+gJ1C?%Cs8;`{Ua_%a?~0eWhZH-$IhCtdSn}aYs}tIgA|v4c1M2fw`_trvvq6#-~@}a?**b z&bI<|@rD-smf!xBc)X*YU0Bb8B9-6JeCq6ke|1%nw4Xv3DJ$2oI+mRM~S_gvUz zF&Shu^cx!rG@rxP9gU%}{hHaDI*apkN=OkSE@DBa;AlqOzV4BFT@rY0t(SinzY29H zGryat)w4{(m|FQeG2;qGMrs=U)u&A&n*|rzathS!O{u}I(}%ulLCb|3y{d)LsZ+Y) zGFnxuo*c4sVpti(G>>aJLg%Sdv{=fDeMZLPkvY@``dMZxLjI+5_iy|m zL{4>;a)XAGPWUzVgPUP!46vH2+em{q*L&uSdOyu2+_K7@thMV|TM_IrG3ZzgC@|41 zHRAw@=Zi0YX4F2Ecr}iQs!Db{59zO?>+r$31+}8*-H$pVKaJ$8#s(9xzCB|VYd&N3 zTwHscLeI{wOy+$&KoZyauHP}=C=E&?_@H1E5)&p!0%6OCow z0;5`@dr~&ggk~X}^FrMD+*nKJtjh<-y+LB5(56l7=;Ee?!sgkX5m*%R1AR~ygT~}7 z#95skzr?u7w;HJER9s0($+IE(&C0jEuHvgt(a|{3?$C!5^!WS9{BB-93Ijfd4{kbQ z#u~CpWcvWlRKE9uY|>ejl#+L?iCp7wid0IJFinhpzIR&nF2*E8)&xiv?al=VOtq2e zWPh@p@93Tz$HN;OleFtR+P~)c`S~q`rPMpX+XBA!B6-$cD!G3BCd#mEHB>h;c=~2Q zvG5sgcPvN2hU4y-ZPIipoSjXYnXQaUtXkPcyLbo+RZA3vJw2PO(pcXN%`F8gs;;{+l&Q_g!IGNI5 zotEQOGN|%qmDRD%X0_?~6AY_5o|gs`-xYzmHn_s~%4~;>8)rUP5}mH~guQNPh9nDe z@6zcO#w!;nYM3b(5Uwa7RtUvf4A15t$}Ij@>iLrtCKn$!=SeCEh~t5KZoKkikLE0sMecJXQtL&&Ff&s+vimk+gQmK zmjb~Z6@~Ew;+VHm7m|cu(fjF7H@L20k9*I)w}3abL6|vtISSNZ0ePjIRugy&H@6&9 zRw>Q6!H{RdVrU$-3}Ha4CoX?_qPE8XQ~pl8o?=ba<3=yf-AC?w8$-|{E%vyNZ!kMv5|@`V?8DZQl%dlC zy5GL8;4Td<^&}`s#xO!U6%x2p(9iQ(UMu{tsb9qff4;K+$Y2D=F>{U3b?C4{vM_e$ z2i7HFhA?p^C_m_}WA2wif3DqZJCxPr@YldHpHFwXqIlzWS!3B%jpmp1mIG=(Rbr-U z*1CmMtnd0-d1niI(rG;4tC3X6wTJ?{UWY83?+M2^hgim_Xr6j|KYRHW((HlE?@Op| z(OgtRuc$Pek*ID*iudOfNP$#s_aUgt10Et)Gl5#=73@S*s?aFaz&(XQ6%q@ZUS&8> z<~Nbq_uq2w4^$~Yo{<=E+pr;wl}Sfiu{mGxa$$(nD&HZ#U3i@5UcefZXw{$VJO3}WJ1+?AvzhZO6 z>rc;D6cnN1I~3t)=))Mx*F$iYbm)qLah&-1`E^zj838EJ>0NL|&Awk~a`QE+cpC?TqxnAYndWU?oQz z&_iY+vXS-j3M+>_=62&<4wkWF+Buk4PfhoT>2?gMx{uXuO+RNQ+-6kJ#4yRX)$?2t zeH3>ktfwv6uY75&ub-HKopN~6VdW4I$Xcg~Rb~t$h|#$8EV4L!wH-iJ9c!q-az^uN8d zfD3F@rZ7pVro0UJ4UF9@O*Skg4 zD@bS1>7A8h?LISyaJ%=!2Rg)lH+>9) zM8wB8DcHCp2oZF>y|ufk*O2QlJ^Ou0(Qw+uB;8j!}X(k9X(|f|I6k6{q!SgT`}}QK)T(KslOUk*vjUF!7-lMCl7aUbP{%I%S{}sG4IgV4DxI2x_&2@2jh_+thP1h1|HpXJkHh=_5A)+!ovq_ zP?3C-&ymhws(EG$dSBL92}RxI@f_qe)P^HNKx!AVw`Rt@K_DnC@r8`f|IHhTCDKO2 z_8yflx|_>i(SKA06E5G^{|_9roNY$lEv;sJ%#E(?F?m5p7N+Iy3 zypI}vPz62iC9;gVSBxF_5y>%y8fA~o17U7RDq6MXt9OPFeesX{asvve=);yf-mXlh z6G1iVH6{5>Le~Zo$?}fkr)M%d6bSh37y58Fhro@2g5;;;nj1f`^}o7cN(|J?JKYNDW#OL5}a zK8oo@G4Zl+(`Vyo<}hoU6||mcIws)%?eeVcHg?G$%7>B(ZVcW&4as6K&;krE3x!x% z#0r~ zx1+Du)H+7R?qC_Zuwy${B(TsE8?h)u7*t={H`UsV-M!|z%ys=GCdOQNTX+{FFs-mqoQN%L|vch%@%FHGBoVK+|Z+qg0%$J6xbq zyUsxawTBCx4ufb@6duWe@b2}FrPr8zxF5;yzOSKk)Wju^sz-aycuf6IweP<{pTGW1 zF%8tcwru27F3h`=dC)3(#b=B6rZ5Eboor#yDb++FN%MX~;aEGhX*nrIty3 z030v2+#|PxoWTrp{HeQyg!JzFWZ@eujp>^(E2$MwJ$tSim@_lDR?u;_ zJJ+h1Z+NY|XQezK0$B+RaT|GHTL)bzP+Rzz6(oB+^k4D#Z(dyQ)r~0Ih5$3V4crdJ z$^6_`5L*MW)t0V!Z15w;Ttmv5*#@EKP9x0%k%g(U@DPcmjO$4Yy$!yL%+Dqbe1+yBh?-sar?ADQH zo#BvP?)hfat6ewG$)xr658Y6deU5du$EKZFepo_WMFzx$yua0h{4l2=Ds8dYfPG^RHhC_XU;s;JJQY&@Ve)VN^i60Q4C# z6=Ed@(t(--?jK=MM&HBb9*|T4*5L49=59KKXx z%X|J}dyOz%HwEP@jeg!Fk&8uejf*CW7eMYCrB5N=y=o-Y?PQw%scolrXK4XMc;*o0 zN;|5!qxQ<7(_@_7o7ZrY0c~wuQo^v~(a{AlyRuz3sE7VOU+B5YFk&XAFG3*%u|jYt z=qxCk_5tVGvs>gVgV{l=HWUBFA^eS`{&a2RZ?1zL7h>yK;Cptj(u+(1MzzzWA|lNj zFnI!7F5DVb&mk7Ns0o_-fw_-VTr)O#%j}SZ^`%4ESU7#j+jHzBjN<_89PSltDdsCn zkVNl6$L$r1WIah36R63BvSm{Z8Sk7Wc?j6mkS?v&ULVXkcgG_nG~==|n^e#cih~?z zOgL`P6WA|~gn{}{Fa9m+o;N{T)i-uhJ&(1&DeY%~xgX5P5c3?P4#zn6{IUUULRhIq zm|ChOk5g$;pq-YHUXg00WVGi4PTfbWQi(n-sKTK_iP5Lh;WH5P7eK|H#~l%o(U}P} z!}Gn~akt3$U#RDI9jq+Z<^BK5{d{bEy69lx?;={j$WMdenW}P4e|X>L{TKTX6oJgc zmbt1__S7~{F)xzcbX?Me>EwBrd>(Rl2s@6Q^yn+b;PHZPl}K+inb+_!y}acVw3o`g z%EGM~q~UJwtnaL4v!WPc=|FrYGiM9432yg|hKlt`D#bKfi4;0c{!6Q+Ti29WFCiuXQ0`5VGiet z#FQong=+c#LEo7t{fD>su!z@&%62z5@iV>vpQp30mOzQoGz0~dDn@ts{YH>7<7^WB>q zkE_^CaY=0mN7@}%r zgc9mW!H9V6*ui;>0nn1(Q{#aeHQ7lPtKe-?$a9FNUu*|p{FYhcmVyf~*h^Atm zm}R{@2uC**r-FOU_?3D z$i=6=b+{-)<$2_Q9p>JktwC|g5ZB!F+uM{xPA|?u#gBjsjg88YML;eI++!3ECFSsK z{aF4zuh3IhSGNq5Y^S_{2<5FvcH-%#cf2w8Q)dOwX-_$z-(aAB#=(gqNg~SBd5D%k zcE@Wj8SUn{$?Jsp07W_=%@pewhZNJ*6}lt%>kkNon*}<|AJfvRGwU>2G>GkYzo0m9 z>KxE1O@)85HK1q|GhiJvGBDlfRfF71P_Q2-SzP&gAgBlQLN+xX`?D7}dwN;+q5-z0 zc+cABB6rHvCKehCXv&`OuW1rsC1R!soYQIP`F~C5emyqDuvc?$GluOw-#JkU`?TWW z5q{e~R5q5x!NHkoR(^+veW^h?1C;k%T>SU#*!(HGeKNj> zTuLK5ei%Ni?$aJ|#S+{p56fs{q4J{(1{S<$p1bkuR?+Y`n77}S@jn8})CtDb2>C2P z(FJEMFm#x?;Dnvy&0fL45GTw)jcYhPAt>;g_7&a!W?tMosttFKzb!8f-uq&JzRV*W>9Py!N0KT;;obm3_9L z$f85~2#}`xjXh(4H%`-eaX6{^gIVtX?l3An+XsJCeYZa9taOeylW~&%DKa7HqkNL;^UQHWUEWt5A13 ztL3c{5p|v9ry-!r;Cn0ff52(BD6qU0dw6`<-Qqm`B_o$H3Q5Gp;Y-ZIOES_&pU0!j z<$F(Myvj46lyUoRBgs~0u!jAgBRAd$wT9H%EmrtGZa#7=8%rH>Lbb)fH?r&2KZk$6 z0rLEKOy&?7h2F%?@p@R6h>F-?&1Kv=he*neU4S82&BkcH&CT6fN^mfn86eCMg=24b zLIjIW-xBGjDwxFYZU;_!fhz2w!#pj2G^Vjk5~s{3{c%*o;s0N-_fdX;%2X!1#IO)j za8)McGmxspzA#D)=ib5Z0$|c%u?r=p{Ma5;<}z+arvULisionoku~ySFITFvm{Ev5 zZ|Lb^&+{ed3?^cs5Ilbpc02&Lu5VB->FI-^IJe}UKCbU=Ve71Vsm(SD{x^v37x6ea z)hIjjg;O5h?0K(~G|CL6puU)gi_vItxr_AZ_}M43fMd}hzQq!O5A=S1zPHSlpUu&? zF*O&)pqRg;B(2Q7F=e1HRRS;~6Q|LBAAVok5&%U7*`T+nz4lK+-dG~dA`H?qykWPKOpT8_@OZlr$wWmI|0aG z7xa=dDhwptqft1A*zVSAyhu*6|4;AiUoXT>1@b+_f*3Jf!bT^1?{f=g5%d6=d%T*U zEJ2ac5jrH&FnlbNBZ7_*fKi&a79B+s9ETDNG^Nz-M*|(JV&1o?GOM=Y(XEt;>KIUf zS3fpu(-?hLuGHydX#`aJJnjpih$PCN>e7&$%)JwqD;=M&oTp9K?&(4hg`?%}4 zR0zd~bDwPWYKX(l2$P^F%GFBjm>A9&`vrR~Q=}X3Yi~QRX=vOk5Ks1wDWtu_BzAHR zJHNNK2<3=yU>kaeNw2z4{>T8?Hay-*LTaLe(B z6A((jN-XHANI#NWbk1J_q__sB^``04qwP_-ED?F$_;v<+53w4gW6fz6>Xq85rZ-715R^7!`k&Z*zCfo~ zQ!7r^n>M?jJkZzvC_m`qgKp|?o{6{uAU+#i&M*xFvsl)DVC1q z$~(4r@)E!pyU0cg+%=#mp8v)=|l9ujO6RJ?2vNx!3;EuHWb{g!~F(Oh}?Ab!H~lqkG<61W5+kwE}{IdZ+iZ7(A8C$zp_A znSs(hNUF|Z1?ZW8c1&n*T;35Pe}}I8+|cfNsPqdw*&nz) zPrIe};Iy;t!1pb^VS(%dS5oi)lJ&Fzv2A4B#UE}Gg;UgLTUwh9x5^d(0<{8ck018U zLdCpv)N=>V$=rE?*J&fth`}qi8Jpy8Oac#B*t9y5Mx#ekL;kKm$?3AUaW?@BnCcf|cp4sQK;`-k!NN!jKfD9J$_D z%VsICB{0*fDA5j(4Pfg{$m`esU0FeKj{A8-*-{~9Dhtz%?uyN_B;ZBJ;0Rt7wEp^F zyum05Qg5)v1>~9)7SoI!z0xxeA>N~tuG_sGGZk%2ZACfy3Yj+g2#*2I7k1uOQ%y{O zw#CK4kuyEhHn8OO8sx$wzD-FGVr~v32SCmd3lzxRry?!x#c|wma_+38^B=C`P?&F}*9CV@@t@Hb-e85xlvr@z~GCV?86IpP7k z%2=qI)0E8TsOjdg{y-|0Ij&c&SaaPh!>&EY5H++@X+PC&cJ_WfXC<4}?z5G_(nb|Q z=d&j(Bga^ITJ_nuug8UsuvS^Bl{!(qC#o!3^tHjSgw=Y;>d&H&LXyPBIm{RP$~=dP zBkzm273f)PKxf3mB(n%Bk@vueMwDb!b1s3%Z`!l71VZJQYHFc6&R?uotKAdFU_O!} zU@z9AQfRg=K6#ICR>$=?WLnknsWaP!!9o_0rsCckmlh!7n&#=4%mpLZq?5Lp5(H&# zrt09?Ae*7gSg~(YoK9;yH!MPkI4a;K|0F-;Mpu7~gXrFNPZ4eXA@BLqafcUPo{So? zi2r2>z$XnMBk#3SCqV{vMRf9f@|N}H(+5g4a(H*5O=5w5(saBj185sr1+74+s zFc7;jG_^6=$bgl|K9oS%KgT!8Pf6aQx0%lvp3j&fD9&lE&LBf1Sg>DhIdgx3K@HX# z3Gm0rQW_gYL-FeO?(fj~K$-BYYPkapDOCB&k4i=8+Y<_T`=!_!!?j#oH)&*sRG2Q% zL)(uwxoW#nFl6_{-z$A;0ZpQ*ZmNn%!>+7D4M&tF-meWN+SXGA?g{kUz>c4hQz zwGt7sP}f$T)*71$dk7af;~MYvM8>3x#saUwil7)JlfYOYQtlEU3- zYO`MAR;Fn|6_}N(q97bk;qO%l%^N62n;VX&zq!>XXhIbvb0J5d!O7b>?vGc*7Oq7j1V4^~@ zK9;X|a^P1ox+I0_7>)p?%KX?PI^BxgsZv~Lpsu)~lZD0tD^!1hgr>2iotRy|E-;hb z=tyP}77})x!PuPgSeK8#?fkIXqLq(M=R>+<;wH7H5hDv}>S3AIlI-@wwGX?V*6%^E ztw!||_c$fo_jF6SQ(;ig>7>E8)Ss*$;@qdMdV0P#buC%Ok*H;>bFF~jxJf(~^Ihhf zs}WC=C?`}VD3P&FF?(;SRkHBzKiQg)q-7dqq~g`+Yzi3<*yl4zo}1>~pRQ%I@0?6H zJQYl{g&uA$xkGfV`BR(gGaA<0wV5|+5!eKKAMN+{ZTBiRGl3o`esdmi?bbp*125c? zS)}$~c0~M~V3EVn4CDJa2rm8fk5{!X_A_&PeWSGZGZ`tM@C&AhEP5_s4%64yH~yZy zciM54Z+P%95ZlfZN~(%~ywhM0jac&M)1MAwLmS(5c?km>)%W48krSwLgY)zRbS?X$ z@BWN^^$;oHaIv)s9-qr{IKpA^v{&q=&eNwgO7O$}#6VJ(A|nuvWyf(+c#d465?nuS zBt%BW@PEnwyp+siS?7A(6C|?!T%w>+q`oTs_)FP~1^R-C^(D|WxK^9$?e><0(bSQd zgovTdU%+~5BJIpgkWd}Wid~&|dtGCEGMqjWv7u&!{weWJ2g^Eh{cs(-pHfj$;2rvS z@mwu&b1ft&B4ukBVE&i|z|kz|*4%zIez$VjdG6~m#$!*e^o;c2=c9$2p~X9&fAnJg zbZ)=k7(Mi^hbslQPk;KH77Z;g&$Mj#D)sR8=T{evzo+L|(&S`z9bpmmEeeQTNHHf* z=75;T4Qzib84`b?g&Z|W8pYR)+cN=+CtY=#Jh=1J?=!GvOuf{89bkkml6cWc?E41; z)2aL{_0AW(qlijKmbf%nD67o=zT|z+^yzW%Tvm0$klymtZ|)Y z0(Tgh94mtVG_u4bj2~tcr@dCC^=5maeB^lU^yQu$tS`aM!ZjKh6xWC{7VXs!2K7gzg}QkNX@g|mD=t!m|{GKG1H`0ku} z6KS$rTV0-g!`)w$K*93Tw#oH!<(19a*qXsC`x_1L8vP7PYSQYkAg2_H=KWA;gT0z> z!$A*%G-tR)%(^{MDr^s;Oy~YRH?+U2uZy!i!9@_XIQJMAT?_(Sp4r3NohFA9y+_U2COi zXBUb%9^?`fw(N{*Fwt|UZXL`ru)mRMu76p(qod<77Hls0db-EM6H71>*FQpkdlz?l zlqVq}L9t#{1~G~-(KM?|wt0MIvedpK&v{Wj2Zny?H8?b+6X)Pw+!;9Ix_N$MAnTdDokt=ODaQ z*4Csse5*lU?4&l6GTkcktxN`+)STB>D~pZEJ=XiH`?uC7bmjuvEBKNO4e}_b)%xf&(FrFSiL6| z!FcJzmHk5_QtJPhOwp=eTpDITufJRVORh(7b9oAJ#r{tJ%dsYVHI2O`O!pBH(EL{d zn_>5*Jb#3+s;SCRno%h@FFQ6w1!x)Bj4o-mk6wT@=k4MX~o8 zQteBNC`nXA#C^g-7x$Sa<4x-vFB*|lci}yvRMqj65^;ZQcNIu;Z7~>vR^)Z0!NaKv zS+@<*;IQ3R2K`LVpLm#0m%n6e5ATQ=brg<=imV}oTm?flSep~r$GsL~3RHud7=GOx z`S*+Xx4DQ41EM9-sGO;}_u0e3G(i$$SGardf(%%%4s6(#QlxDm~bhe0)?NsEwLX=3N?Nu7u z?UYw#&Bn&IZZ3yUNN&1*9EqLslugd;aFf?M(AcspZ18soH*tDZCuYs|Tt5 zN}V^fOnkVC*iz-%8M4)jz{MSW@8wy3mbc_DIiAna|ES>X2wsS=S7Jdqf7hY}CPdnh zG>^jyHC8aRqn{<*`7CK+@o~=hct4Btj8{^Ekz$fASDA!r0lejERfDKm%G6T<;={Zo zTn!ahPeD=|zLD@KZ)5+R<2>D>!~|QV071@q)4Y-Qr4?+xwn*`2F77*WVyUb4iD5sw zHvjPzzg}&lXj$Fidp~=QSJx+9rYc#z_ipe$W7#^eMHSfrZi%br2wi~~3$|9m9OB;C zFLhB_GP5GibjwFK+`Y=PS)CUhR$w{RQ+h1ElIRl3%F!B2ZpoFZnwF)Hz8I6i^wQ-* zLc+qFEm=cxH;p!Q*d%y1v^E`CQh0U0vS%yjDYEV+SyI%hg%yim&<9%7+1+K2$gL1b9H~`(zSP2uI8T| z7WME*?mMvxT)tQE(k3U?B<&>ZWNSyRL*W|-6(gUyWkHzN;=<|c*M=l&kR5b%lk;ZJ zJ3Vn+aaZ|~g`tQQ$M1Pt5fQk?QKY;AUb}I2uJGPIcTbi?9mSbb8y3L%|TPMj$rn##pMZ=Litt$ zJ#Q`#u2XM2_|$$+ObSoW7*voWtYg%mwQ_m7Kp8TB+hxhhlV9<8xilj(!SxAfrHKLU z=yizLBH6I9QHy{_UlclO2FE9&qLhLuYJsqW{c~C2qvAWe2}SnUcg&Iv4G)G*2KhUl z*5lASa>?j7k(mpQ?n{Ies1?ws`Z5=tc|5SmzU*rlz)JeX zX*OS1AHVFGP}30c=%Ku%x_bO@p#p^({EKwxQ4~DAHGVqKShG-}v96j~pgN($)dBnU zepJ$C6qNQ4tt{VF5AGud9Hu6fnTg_JYm$}!I1ftx!R4~Fe$@x0Ndf=Ym9&wlVQvy` za6X2gVw$bxswcq|5 zlc(g59x0G|9q5mj=(iDQgo*xSQh&VmkB89io45&&{>r~iUaP3htqdkW=0!88srvf) zO*wwR{xiXBzQ$gk{$W_4IuUk=SG5+Wk#@3Li4*eYAHI!$kwM*Vt|NriW>&~`f66(_ z>-4C7Vao;k_o9%r&nukx$qGl_V$6RMS04*Bq#3MBRb2GT-CWhmz-632+g5$p?%&j- zQ{4^t(etE%Mj;k_6DxK&y*28xjB)MvpHCHh6`?J>*=HNykOHoRzyD!y06usR!V?qe zF>pwGww7EJ6|doLtv}jdn_|GPv}7^L9}Wj?LP*P-jeqw8c? z6o~BoIAgeegq01CGwAF_^1DB?v9Spa{bP(vV7-vEbnweq39RJF3e%{=8r9E~o%ZpZ}d066Ho^+@In9WH3|3j ziDhC5FEi>{^iF>u(599l5V5_`BjM)eRz*Xnl`Y-GMr$=)rlMIXYLNNnYeBQps5YRz^$AI3!+C;n&!;X21R6Qy_<7!{jlRjLwZJ|5 zJYWIqzaqTf@cn&oe?H1r7#Bn5_b!NV{Pg1f`4|2KbmUANI)jQsm<|Q^@3-!qeE9HT zkK<3I+pgAvnK*uq_~bjsgVvIG2?yOC`K)t`kTsA=hMcj)yR9tgcJFj=eTF5f`B?YvNrOB#DGw!2lia4R-4GVcy)U!YWK%ccv`zaE z874U2;&W-SPo+RPB8b_7YO2mDVl4h%IWryixJO46ja;I55Esv}1#CTjUp$N?O2ghO zd@~ywo>K2bAf6f*gF>z#JV`<~)RH(MmmCMi!63)ZsK~4rZ?^4L+AYD$fn;@E-7oWK z$3%6^a6?n7_t=)U9EfX*q2KBR_QA7w)r?;FULtg9ubT0L%iJ&t{$3> z-k`Ww>N|8mHzOCtyFoCkY%=A6M7rduRYOq8n?|LgyL`=zfDOm@+MgGaYv(IMwg{FxH>3qfZOo!%Ni1 zk1_VpN3qMDZrvrN*Z-=|Z6)JJD0n_kvEsCjWjuqg=PJ|TwUt2fJx2oz^yp1gn)Mj? zT}dQ(ki>39>%PBMeu>GkQ-Xk-ob_`Mi##_{$<{aI>jr?e2(F16;k`+)Lbw;3-a_^plEP!d?D+~wzY1&)lX zZj^>>x`xzFTYEFI!Ygfazs5a}Z#?>TeNUI2mSdu8dK{Gu(kfn}sN}P_tZEj%9JaIA zYoZs-iEtoEIi4`DOWHq@vPx?w?Lr4GM7{;>vdrCw4~KpZ({E14C0JST(@r8F5?cEIvj4t>9Cyva~!THdp!g* zylxp*GpqF+yo;J|3Lt&t9!89;ReJwHm6}x0%ZxgrSj_VQkC+txT$eQ#qXn$Cz*W#- z(Sm^QyFN%e@?FpCaX-C`>7MIM^el4s90hq?l5mo0N;T9HUd@Xx#j_#OiEP@svI5ec zFYo1;CED8o{7W?9H&v|He>>d2;>Ihz%e!Ms^&9nq@G#QWl*q^z z#UC^X((dtf-IyQhX_dPXQBlEuXum+ub|8l!1QBW=`1_RVC>nql%*9PtKo z3@Od1-MTZL6*nW39jBh*&5#@6;ziUs(3~`vN$l7P!o*Z($PHIM21EuaT@&y9Rx?&# z;qtPlt948R)>bere4Z-cmjM^FWN4tLdieYRKEC(CGLg>iV?0ZdReI+;b0-<+g`u$N zYCo!?J%sySNf_l!g=sk@bt?94vKF0nI|Ni(*T3VlNvFBfTts9JGn}Pq|o)#wyB83)-hJEw0 zX=z+^wDLN1hC3ZEBU1V6q);Ry7VNnU{|h)hK?1>O)@hz_7}tK?mnP?inzhKFb$EFA z5XRE7!Z%I!aIoilI($w-!l`*uJ2Nx0Co@l}|NiRdB6Iw(HkSH>7u?MnO68ty9Ws#- z5vLmLC5mirb+Mq)dS#l4K`YxlsX4XXQFjC7hP*LvvaiU=EdJF>_{0AI{CZhB)ztPk z0Q=W{wuGS(8rC>1u#Pty6s*CU+E+~a1GDhR$l@$3A!<%#<@`;6R%Eqqg&LC~Xg4e_ z+2z{wmE?9R>$xkD?Oe6w7lR+wo-Jz4@15-@u$kJ-?UC?K4G_B08)TYi)RRlE+qYHn zuS4pbkZvZu0cjre*WCBUkWIRV#)gSH9Bsx9%F&(rZl4a(bINSYV!P%#%P~w<3p7>O z9}nu}X=Vl1n>7mr!O?S3*~AI$d!O&2?OWd0i4nEGH++zXU!FWCsu!BL@BT~X^AD;h zM*FJ&6_1#hG12u4vU5rZ%g%LcJSQcQl$BL#agWw2=NhpU`vv=j{1I6}KvdW)-;Yd9 z-Ec^QB?0|zPxLiCUM#Zhwd;eq?! zCvs&l4f@SVNf|}=dfog?QA37GFluZw__Z7yDsGSoXs^PGtzovms}6<8F_Q)Asc$-W zrv9rPKE8woFnJ`ERP20>;?h8h-I|gzkHuuexM@L99COtC{Oxza!8ZBOb(ye&dWm90 zaf}03r?Qs4X^G*f8?q4Y;ayd~rZ`^pl`Mhd7{hh77Qb(<)^QN!%7-^|dQZ67vUI0- z1d8ojx?X9hx6eQo)uF8b7|8RXUyWr<-Hgfk)wm=h0d}BTvD_*A*$@AT3NN5pp$`rY zZacg#hj#}GEu=QOXTg}NdDeG9FfklnE}lPg-*C#`U!bO7Yuj)Fe8GH=EXn#Ynnz^KR<64J|}n~d)t8c!_l#C?ci|-QQvV+8W}x6i`1~7r=nux1|6Pk3akx= zaTUCGXWK>bt0Kuvq@(+dY{25~bZ8!s z1}uWE>-f&5L(8t-@_A>O4wQ3-fYmc~fi^!BA%7jPyfSc9jQQ4~p8x8=pI?3bCV)_| z31dwrnNQTXFVS*>e`_p5OkV#Ih(Y(^Wt%C^N#geKI~{Kfu5?EaD|b@w)M<{;JAKYF z&L`$~(ykIvZErvq?A>_HKWf<|$YnYGK%%>Qd=X?O!R-8-eD%{>P7>?4Z{Mc;V?($1 z=Q+8a2nz8vcfk{)YtxRx_Raf zG5FX&yToEGYNr%0lY>eVPp7Nr`YhCB%TeYCmCH?|Y&lzm=+{#dQUF89%4nN7_JaSi z-k;AqT;{!`bo{cM1S3o1Q5~$)%2D__9f_9a2HE4Tjs4c|&XlaIADfyRXP8*09~*1> zT?}a2POLC@PavSpB>{!Oc~**tig3IzvN&db2wSHLt(xpz7H#saEn6|pPWy$qeSi4H z1cMHlhrV}d#&&phU%!5QZr`q~MStA) zY!Fy=(?t8_AGyXK%G&q2*K8=A72FNh@PCBBU!uJTIprAl^5AG=lsrG2uz1z z#{~MYT!F`t&(XdX_cgcY_EX-QL#s+)MfVOX54EPR$fSwy4JUP);rp}Os}P++(=yL# zdl*TX%`}c;qoztdQ(xC@)0o`cXNbYGLhZcBzBD!^FuhW=eqiefzjzbZlMb*A=&R;L zsRW>h30gC@jCBCG;Jae#|HePja~N7Wzo$XmX&3Sb)_L_@!rP4X=gJUx_(J5@q9-cd zo%ihBCf96W11ZLqL3f!ZD-?f%g+kpo$5O&)hy1peOw!{2n7@7?(*pArIJOiPl&Ls@ z#>leijAWG$c}g@N+U=@w<5jSRK4;ddvIsr3TebNP&-vL{ zxp*XCMGb2FKvU(mtOh*^nbt80zf&Lf8lzfO@Tc~6Zl^7HrExB*PEHJ5_5cAc?tP=+ z7SYZdiLM%q{f`GcmLOANce}~iT-a%8pXICOy&x4%jXU%pP?Cp!>z&v|MS0~{&$}Bu zaj4}IsK4Uo_-!BB>r4|9{B&#JU~X5uvi8PmeDBAH7jB6o@8py218Ru27s<D8Nz z8V_{Ya8PLTF9;2;qF?$9EiFX9yh8e~`@w#gC2cKm@v)Q6(5PR1Ih6#c+eGeGx&DtS zIX{DfmXMaWxDxJZ` z{eS&dS1%WWV1M!0Z0z38_xjIW|9NF&eEG$T7f;KjIV~rm`yx&JlU08H*5ILG3X^Bv z95s~q2bulLmCuD+CBD>`EVL|sd%Z7QY`zw*KWH5-{eRgLfckDe^z!qp(i>y7QmPOz z0rM6fB^8It$0s6Lb_`J#aHih8Qmz1 zL`G6J7K?~8(SEo{OZ-L194%jrvH=UA3~rha0F3CiYBoxeUw8#`0A5V)LfotbzNM~fD+YmJkxb(XU!cJl#}MI(3EnNqCI@{B!Sb^_vNe1yD(Sn&K1w0oq-r}(gr=yk8OCx zqYg2ro^#PEPWQ`rVO^P$IKlB@j@6~7m2F#@nZ&25_xPS&5qK!{v8|0HE`n_FjPjJs zr7Ld$nQgLPu#j565q@1ucXnbPIgO7mE~U4({mmZQb!mUkxqbuabTXy(Q_G-NpH(zz z5r(g5dT4ao23KZt48SLOWc{3qn-A~q99x7`F1kA{OObjDzDz^7X;T0>56vA0>|7QE?mUmiV_<|=#gE8 z&i+{^MHW=1k#ewWdI|FSGOyBJ^ZCU?WDXe>BV(VAGo2bUL%BYflb^z>UpHW|?id## zBk#9gvAi?swBKk7GvO}SH%rc=t?nJI_>ZxXYo$$W_&K=cO*CFH7>w-?7}XR@IPon|qms zJvyPOx1l^L-g#O(u;N0dOyA{27J)l3(};Pe2d)FiwU>swHyky!F4>){H$1yLaQcOg ze9YFe^Hd{hMS#R|)N+hG&SBY*BWb1@5ao&ERQN=)f+y@ytGVCm9jIJ<5>(0ra}1dO z#kc+8|9$Y7XNec^-`}(MiU)j2D5%_0*ldaMK9sFKIqDTL8klr7cItln)+XU_$}orK z3!^6qq(O2NGDB{k?M=g^mApB;u_1QpQ5+C1aG7@WG>;Z;nHFMC)R+bZlkyIjt4glt z5RgpWaZbQMa;p|(wL4W_d(v)`$L7|J1{sq-c^XxQ0D0OaSit@F2>mQ=uyrP4PfY2jg)&+^8Fx zvgipcmbaMGy;{3hy?i7X!>HDsTNoA3{JLni$2;+q9fB2H-aY z;*G59P5={zkl+48ZSVa70cKXglLAjcGoUGPJz6@MdYsl0dw;dJB7h0%v&!4m*||3= zsDLDjA0OZWH{38omXYyxeV;e9M>l(386=IJAe&`^utD<;<03zv_JMj5``s4t=Ct?UR zHNRzI-r;f>9~~WL^7G;-tN+RB=X7=4K{>Qsggjj%=u7OvU`|XLv6=f|;ESvq-T%Jq zG_HkQ`Dl^KhT0e!S&$p(R$q5DBqJhk*wyzQW#gVA14!O1?B;!3sCCC-*R9bic68v( zwo4^ZQC40#-7hft&PmV8Di$GE{Xr4gxh|K)y=F!PZTINr+q5b%S0&-(dl9;72SQ0t zm6@$1+RydwKz*;oQrVonwDT#pkSCwXVhd@wXs7LtB@ApSsVFmnl6O@=L0DLoL+9Un zApfa~0$Ly;Xt&5;=H_VVO-)siUaY7%y@56X98B8!e&|yoOD?xo?$sDUZ+HT@oDf4B5{fW`BxJu>v zsUtO|=olDXh)erd9sTjVI>*~{TdoRUSvunK`;vCUOCqwHw!vKb9o{wtD)o?R^I|)o zouWTON{s(yJGK_90{s{6wTHy*oB&}R)oX2h|yM_y8GvQWdbwGy%C&q zeeSz;dIq)}hEv_9dCT?3HS(!`R+`}n>UtAP|2BpH^`6-JQ{ukV$~6|d36r+@wTA?f z`7$$IK%azI>&R^yc~vu6hBV+GEa(`U>+SU+;&5Ab73|ya<1SOMpNw%X$qpwxem$-< zpP2AFE{snne`*qXOp=(pzZA;Cw(E|Vx0~4dXfAzWJ^3WD6D8*B4-?u3|+x-cikR`?*Nm9wR>VbIk=RyXg*r+|$L7px`+`Oz4|l`F>& zl9J#I#EjZ|-(2PtL}yvG%T#^!PxIHk69FIoqsBw~+QWHNUlyOikZ6&mU+s(;sIvAn zeVlD``QbKiQ1kWIQDInu&&vb+>L51>mS4()fA_8bZ+P^;bh*tjz*FhW{gTM@pj5)H z=?1>6eOdu|D14^+d!~J%+k3U|qTX)4mSUmc>U(G|{@zgT(6_yS*R8QSRGZVL+i$^l zWINqECGO4p^y*qCYkr@V&ngrPz#KP(Y%tIVw0T&pomG~?dqu7Z|i{d1B z-8|^+ZM=!11w%5GtG>x0r-eE9Dd*LbrM*R}+Qiq)oSFms61Vx>=}uFBs6@yQ^uD|5 zC*ko>%$B{JpX~wqveA($gj~pSfO?gHEH}T7G%@ej6$~Ti^RqL3+qfE()O#{|5?*h1 z9;UTg;Lyk=EAGcN?2BU%=VUQbjv6a79x6_Ust=`&0SekK5~>o&fAc;5lY>Qs|vQV zVJ>WCNUJlSBTFdz7P9V2o1cHNEdqz&1q=W@J(6zR9wY8bAH41<-lP3HRWH6R3-9QRASyM$84nT6yj9**s zaW=`oxB0EaJn;hFF?B;&+phGQbIQNzHiHIkI+1@$7XHn*k3OS4_pixKK2`-{spn2E z9sE31aHR;f!_7`^JuZrE*-&Q_mmK76d+q!~+L;CMaw#C9m)t$&2FLs%6Bmq`30Hj$ zgr?s)%?SRGaPPI|-7X-G(zLX+@M8Cs3i8s3;gEIn^=sdLURVY&3(mGfhgK2oaypsP zDck;m>I*kkHoS5~I@R*fUBanXg;fq;dPA)X4+Xha7;YeQyvH#o9y4!X$B2rwhuk+@ zk1a2KDy66>p(BD^00$i{RN?Pv+;rT?Xu9Z5EuZ@MbY`OHsYAqR@$5Uh0bL7wmt;CY z=DGcG*j5hx$-u=?^mUXk$ScXYK(|sGFoUtyHyAtQI|H={3>g}@|Ii?wC_PV!7w|3U zO*{-ZYC__adwy#RSV_OH1K)~wn{ci9&t>pHaxi7aE5m$~w z{~j_hINjgDlYvel6);<(I}>oxWf>n{{tgAS61>%z#w^@u>>%vZ!>X@RD%srt?Kwd& zky{YtbIN+(?~toE*KYfC-)&q5hPh08sp=+H*jyyx?rFAu=*4g*sIObN;Nu?18;2<} zUZB<1a14*D7c_uS> z=6RykC}ZLim+=#=DKSowlg5X_Rf%PwbL(ikpSd9~_+4W#oXw~EfL2pUaqTaGDc?*+xoSM?VS7?Rceg%Y*3U`BYp+9|*baTUl`C zoLiuMP(R{qIhW~Z(kn!ydeX7xF`;-}BM22*HET zo}+a(PIZI)W9>3Op1C0Z@*sq>&ljlbA;ru=fkE-h$j?B8p72Vx znF&W655dE46_DL|hW)gv;hRv|6|#CEw)v{x;2o^Gl894a=1SjtOX3&Q`%l>0ubWnJ z5={&kaT!4<+7~+&6~e3cff(1(mS5n+ZE99gn4Yqm5Z{=Y7-KapY-No-G3OHW_VI85iw*B z((?9RkB$(uCg*K*oAaXj%_(?l9OllN3kV}ebM)sncq?|wLT4shA`HSw=>WOIu}>0Ak9NnzShn++wCsST?vXLD(F55dNW0KDUykh&cJ&i0_BTs+vLLorC z%#TMNWB>#19g}G_CZ6NzXG}lq+RIe$AFu9badti>o@+~|kr6bvAER14*_pDC z&s})#ti6%m-#M>AD$;U(8(N*Kb2|bN6mnmp&X){V}&LQHZQXXupu@>1qph) zUSC`6h)8nG#*@i?`XRXkX$iEI9^Lvm9f3BOvUAl}mhac^Pzgun0UlQ6Z_3eFIDdP0 zz9NN3NNCirrr2Dw^J97>v2x24=+mv1^<3*d2Ydlv7S|KEl+A}cd6^67;reQ-t0|#7I#;^>#br_EeDS9N94k< zUQmpd7PE2z?KP*}fQK?2`E@65%R-)4!lftE)XO5tGmI;skrW}87*5g0P7^ z=01>tiv0bFm`;Can85EXdq2fnI;)PVcei041c0pseut)uy%7PbN3TTrT)MjTttxe( zUKL&oNe*T9h=Js?4{lpdSrztU!xunBe(YJ>fH1phzj*t|bB%-<&i+g@48Hr28+x)j zQ-&shz#?He$~kvVKP8}M8rM1R1n7Eou_Lk}{Seuk`{bE_z-qXPK`yG#VH<-|Lf2i1(OH?7w<|)qgK- z)O`!_`INrR1|a0X+i-U$O-NafP(0?NFhDl4D^r78v94`wV%*E9AYo)fv1Y@H&55%7 zZRahOqDE*jSDia{An8S?h}G1Rk8{BmYn+}_X%vG?x_}`%n#$kY) zO*tqqFj1n-`+ki;G-{;s=-CcHca!$=N(>ANk^*G!wKzV4Bi`nM{{`XQdu{0c`h&s< zW-Am5nx;TndipySp{WYZhbEE(D zD>0=sNs=zT$3|1^|M(dHHa`C2CD3mM#rq$!O#Zjd;6Hua$C1E=80b9}|MOw=k2m=B z^&as6#3aoAdPBPZ<%NnOH%$LWOe6mrR2+B@k)MF+1|iSxhm>DG%D?=K|Medtx3C_) z)DkI?4gJq<_%N>yX^`?ltzZ*%&D58%(^T&|!-@W(WfA$WKqAe5u4)wZ4@mCZ{Za7%s z4zU)0X2bn`a zZRQP`W`BQQxztz;CNzr<`Ie`LZ;IS;SWz6taW*ka&+DmGvyVBu4^I;P-UiTdq7pC_mG4OadY@)J&rd08 z!*eVgk;*9D375yB(L3*baz=W=sb$jVFE7H}o?9M-IhEg#JbqHA`AOZl9N!QL78kYr zN~x)-Rns#lX;}KN{Tvt9OHI z59Ns6B7^2z{?WW4XVn3$E#UExL_2Vrlnm7g)a!w}5+fiT$g2LKk1LYKbN7a(*Y3wI zbptt1bkr6)kZ<^i-2q5mvEMt^nBOa34|i7(vYU-Q%`k(0YJLn1u6|RyU$?aa7>md> z*10z9ZDF-=z2)rw0oE6m3UxlPe64 z{2`}hVM!EwMkZ_h@N)gN{$X{2R=GG!Qw_F+E9wJeK&TcAQURf~90qq@S}1j~Y@C{+ z%kf#iyP<PEslk^gm!A8z7AyYVC=^HgW`!w$d0Gw{YSsG& zsKNIS0T2dW%gNf~%-X~RU)xoAKaumIaw19UOx8StCB z&9{xNz4LX#g!1Ipn(IQ?pCyvNE~^N|Ai6YSx{-gYx1PkU%4SWzTms;tIjs}&^r6Bi zI)NJ#230*fk<23*=!|i_13qYIv3|9PhflE0(WLB>6L{wiVN1+cWg0%&y!Id&45}J1 zSlA!XYjmEwZc$UQzsTW)O)Z5LM4I))MA0vww&mm$TtCyxmThnhTyd0A7`PWCC(XwK zxbw!EtU5+WG|B@!2x{*WM0ClZB9-NVajsT*(8LwTsvZT*u)E|K}a#{Zp{H!Zd?Fd*D_tyQ!&*8y8|LL9BWU|;U3iz4scIC9^_xHULq%nQ21)!rCuwfq&Y@K$}{31ai# z&_2@NlrQ%kLjf+#)tWTy{J+GKVfqU&Em4$djs?vGi1EpN4 zJPry@C38i&q(j?b1Hhc9EG1`v>N=J}4{D?zJ#aa!Cn5U0|K!F-|Nl0M}i>QTc6CH;H_M%Zr<{6KS{K5nyIoo*vv1kv&rt4@UOI)IG>ER2bk`7=(Muu z>N}u!hW^5Nm@-1w!!HTo%KME39Eg}>~EfA-bW?%scV_Ff8G^}?(JS1a+I zDh@TjMef0xHv{HfN9`*92X@D(Bgoz04Pownnm+%dO(( zu6^nOEs?giFs4*-^VDSg9*;xobu$xAM5FZ>6`QR=S%J~N&7GzWcXbe4TMwiiMy4=}j74A!YK9;XmnRjuXJLR-XwrAJ` zh;-zv23PFd7hWWivX6Eer>Zb)Bb}$o|IX$Av6w$4@ylFMaCtQeTf{7j<*6mrPo)5| zLuC#Rr;b-thw!UqHqSYsTrIxWd=m^*aq1C0JuW}oWaV4HiArVWUp9du2l&mzfrO&* ze8reX_ETkQ5YM}q(f~izd?1x7h2Ndhk`3zcyt)NkmwfZLCn%g!3h4&W)Vprcl9Ym0 z4KguhHlrpht;fIs&Aq$zYa2xZ#B zdf%+8Y!*WSARz?{oPUobnb>r6<-VcNo2GWguy*($Dw{DWj{SZ|oYWI=-Uugr3`ECNJaRBYNnt)mRbhz=`Ig<;QJdm`8LBl#Wb)yQh9n>#!?yicF# z)pbn+13HguYbU-O9N|aE#CFGS3*CrpfkB2eZTfyAMb7T8c6yYY%wXX=i3hsX{hdPd z=VizG9S@1mlV^ufw85^Y?3>{!^(#|fS-Swrq9+M4J}GlEYrKtVd%H6VqX`Ga zqn~I^SBJcVWF}|O7b#UPYH|JYCx0L#J;weo(}wRGBi*O}<2m~NTBY=H{o^0EK@SSB+vU?aNf3lIaWk=$6s;5!2j_ zyNsAwzwGVRnML6nnQ^!%RislYu41lebj&Q)3b&@R#v#OtjhS5xhZ+&h`qY5Ax++n8 zF!R$ybka9TYzqA{(_HFjEuvN%8)W83`XHO;rg{FA!9=KG7fE(D@10xjEnvP(zw3f; z^lWmgze%#A-C|1X5cE6kf|0rBXwg{s3X1`l{c@E;0^7bgg&CdILQ!Fq)~hKy@_eUk z-1rS<&4Yc>+c&93rYgf)bDApPlSAgcVnp@1tW1E%vV>EwY5-Tfz5T_s!A><(^!b`p zAKFG?82M$b%Z`Uw6^oa^sRenXgE<}7E#k9ZK70y9sI6qK?mLrRv}3MDh4 zz{7&(F)pMwb2h)_2qg)bNHNL8vEcXdtrT%s&34+9m@1!(p1oMqNod>=K0uA*ioaWt z<&CcxN@e6qF9Q`mt&g~(**dwRxX;!2JR{B}j(l8@p+5X#W3*#GTdfD;wEx47B!AmR zFjeO^BSX{uQ!342?LI)~_()|UkL`n*f~4`Lo#9HD1eyY zbhNG%;T`<>bEGDf2^7-)g;-`RPc3Uc_d4Z}=W~$pi@kwqS2AcJAbuKNZM`p8wU%vk z(=hY-c&Jn!zP#XfLW+fr?OM?7R(R{Pf}oHlpb<+c?8`evo(TKg+p9SDMqMD?2mCXM z&^=E`t38SBtA2EJbR7;nh(g^F+N|2W@ea%GOM)lUekrefdVD^`1q@#OYfbvcX!Jw! zhAL>`z)SDtQ`sDXDP1(}q3cFhGqAp7m7?bzZ8o7F#hHZP$HJK}A)PU;gh#OCM(xlwsmfiC8bxzx7?Z{`S z`H_$2smW!VWE&pG_m%6n&8F%+@84W!0MPtx`b?gdV`sKL?qtv$Hcs4+a265Gkk*iC z3(?T&TV0!O99e-1jwEj$iAOBS_sI6BD-4=)fpyikUxhES6o6+8rRFRE#Gw}fD_}{0rK8kzX~SJ zl5ZEiy}gh79(jywSxBLd5m~lVW#)p-kNy1Lw7Ykz)NUQm+^DcroQpR791r8<3$XZz zIxL|J1-Y(U$a1B&@;;{M)DN_k`s_-;$P4cjI+(a1j!s0+u_~GGo-e~LjdSL54d9R@ zgV1gh3!s{dU3kjePw-M}a;tuZ?jM%$e_WkEtleX}8_$^wvrlW+@kwz{OC2SgiUMfn z3d{TA=|=BDY;Doy&hyvHAu;c};62wd50)jJCzJunK|}(L#`cA@8;RC7-*?s%wWWSX zVkRrOBGG6-t@^l+aYK^>l}gqJ3VyQ}Y2q!_e9Wn-%>K3xvgydIo4=yj%`)XV$tx4P ztTa1?`RoZ`SEG^8Soh{wIwSkA);VSK{)>83ec<%?g3nF6xk z9NIleIUSeYYL%ORA$Ycvgi$n2E3;=SXBOCqA85Z-mXIPYoVw!NMaJkH8xjHks`GrK+ zg~i8FUKbWW0zct=;gi*YT3`mt3)Gj4H+nLFG@8R^Q>aG~_}hELpzylD8B~19z2VZ9 zm-Tj6?Q!sT2h9M`HI!#2!=REK=4#_-KV6}Phc`>kZ12wK|Fj8HW;L!INpJ6ds3jU* zM<;D~e}ztS*ozH2@#1H|!vY;4(BnNC&EZ7p09wwrB9kH6=r~=cV3Q{kzIYyoecXM^ zgNI4H191pyI=Y_DC@T1F^Yt;{xfPNt0?1V^4orcexzWM|tou9~<=JbVw$2l2TAhNi zpmr#8^)63})vQW$@}@IiUV}KxhhWam^2+@+3829*fR7)+&k39y@=1&TtTg{w4gKLO ze`ETeI?{2kefFq=6Y!o!H)kM8s>#XmDdY4Xu@YCqI-71=wGYK4g!l34OT0yw`RHUc zToZmBzFb8xX2FbQ))s`cCoj+aWGE#V#Lt>Q)Aq)Au4q}4kbs1Sl(>mn-2l5+w`7A| ztJ=M4cG^1eZQyrax42_*NSXtkf@9uD5>S^CNjSTAs~af4=vOTHwJ8 ze184as3$>9rGde~mov+KiIU7pfdpD+tOemaI3)By!BBRGnuaFW^+C1X#yin$sXJk4 z4L2r5pfI;vEXy3OfC*P`0=q;aht-nmfLs@D4q!`XK<3ug{)KD}U}Tl4=4+3c)Yk`f z$1+N_VIs`{nd(j=ytsKn@=zDks7}7ZvP*e_5!GZCdPvjV*_xPiGiWkmj0@J4N8j+@6$-C#@1DMw5`0}R*7mH~Nh1V1wmeZx(pK{`HO#!bWkq(%omvk( z!cHT&oJk_x|4y5ggSzvRDEvlXQ&Cb1aPp4<-t;pYz5uwpq`fxkpJYrEX-|@ch)C~{@n&30buO}W z+nH@emQju4s!WY{ znbq2Cps45)tfIWV11w4-?%$DK>DzC})wM64i*?6g#cId49$pZA2*a;2c^%OATUY$c zwf7zCpC1iDiOkAY7u-0+!0hrXo`nrK7w!sq>*WL|Wu83{+lU;Au<>F8VV%p;QS{(@ z%r5|3TA3xUNmqRrOREZ$Ng~zdJ8LYdm^u2nSuu}TI6O;d`Fgs#L)pD&{I+n9L47l4 z0G-ZgjaYw?N9}1w9f#7Sjv_*eXsCB4Nl@`N!ePLpn zz%+F$+JaG2dEt%m<||%?+UrK?!OTqzb%xJ|Qd?M9i51jNC%o39^ixf9&V!N5wnQ9+ zX6S;P4)e36iCaDZYFn?)(y(`QojT_{Ab2ok0i9yER?Nh#%+AhE6!r>pvkxU}Ap?Au z7Z(@PC)6p-f^g|!git_rXQhxUYS|G^TE1H=@=e1ZpjLWrdr2jQI+6P1Naz|2XIJ*d zbIu?dg!_|NtC0vQPr)YrfT!2GrLBlrZO$Fa1wPUtJ(w-OmEzaX zK%x#C?-!+uYAdsOjlIyqJARO9GuHBYztVMU;3>~H8fuQtH2PsL4{|O3Ld@L_F;fl* z<;eMt)GDYAL9Hb`fQ)9;j3`_*H}d;Oho+ir@7!^HHI$76478=Bu>7SA zz6peZ0P8#CZyEPk^0<6X-<`o({TQ~!t-fB{%~TW%>twP%mzwFxTecf`1z-V}f&!@R za^!CXW(DVU$KyHqJFdD_M{`CBg?3JAs#GQ?jmLGQ*?e@H*c+qO~hH*%Nz z7zVP-qcrpNP3>v39U$D^s!yio|7(T!547_p^4z8J7sZWNoo7^>92})lY5#81!n14; zcuYfWh0-Up-dbSuty()+t*k|rY%^KMUcND8u!k$T?WH{rRdVg>&PEvT*bkHQzgUQI zOt6pyGiW>%>nHK7{cg3`l|CI|X1&AKSeCgMJm)eUM6)pIm7>Z;{*L#2S@1-A7&ABmY5nqmbkoF@5&M7qE|(fm>M>soH^C}2f1|DYUZHM z&IP64h#eZ9KY8-Rsha_|u0}DI6D`jt<(D&oI@x`y7OX5t&gUZOR|Sd~eWoGzkqXd~ zzGeQA3XJDu?I_9%IM&wk(VHc_g8%UjKg2*BkaS+SWZ&5Qi_(k zx9$}XuEqBZHk6G41MVYP@oEbaXSh zlo@#}T0=Emd{r>m8#j%@C?%^yYW`AphPRb5Rc5?)Ti=A5=!-6g5m7%}`G1sBX5~@x z+RtiE0mh+or8G2IZ&+S#Ffdt#NJoYj5%AL~5Sy^eM}7!XNe;?wx~wG5Dza-F5ppLj zRVvlSP+Fte#geO2A)W*U(%c!J7@3M=(X-~Je(|Eme#UJ%FTV&3Xn{Mc7kq6HLd#+7 zMucV9WUxTf8tfRcst)MDx@1mad8kPI}@HbwEzw#x@h%c}(Tfaq^F z-{1+5{fy0&L?w_ft;fd3ygm=RL5XZ0hg6W7coxpvAbHl80&pOX0uSwPIm5Q3`*s*f z-Q3;1D_2~C|D_Y| zZ-|9{RsBI|eq;L;!-1Mo0FwU6OVu%2waItmr_>30k<_I_xZ{@~kkZJiFIH1i>claR znv#>BXZ_>YN%6Jqu4kDuKMcxiak+^;moc6bpx4|X#@T#r!ioDtq?XW2oU-;fzF?FQA3JN6fywjy`%G5JrX556 z!qO8NC)@C3*U?LG?8~lq4V%q|s|IGGBiskW6B<$=os>nMj{e!qQZ|znCr{@Y((rmy z`XJh;aynZpk2-N$!TzIMP2*>4P=|)LuNog|)&`)(cW6o7y1HXuAXzd7S1PPVRvJ&{ z%lTId%KO2uOxh=rx%WZ_gir-~3qYrB<#aisdW*Q57=b`|y;J^3=j`l^%qnG$eXduV z^IJjvqk?6}zP>&$o-#nF>Zfi{Zna1?I6wb<&Br~#c6xhm!q|1~eslSE=5O#grnpaj zeg@5uW;gF!-28JGf^#GU6?%;_(baX0zJ3r~cW+}mi<079E8p#3xebpvjh1`6;&?vE#AojTsYV6EkVA4=XfD)ZA8ey6&x?4klRp$Iv3O zcI0j5xSdzb&TU>ttAo=TD3}Nz9}DS?;z3;8OK3PY>>r>m=+e-#H@~(<=jHxpW^J8! zMM6xRFFd1f_x&@jS7l>%Hmyzdy*GI@4QeVf_W2X&)P({@XX$J2A}Xrt9&Vp`EsuS& z&V<1_@};AjQfEd^gYnzFiSU$BYR?X8c%4@q{QMZ`5APi#1Dr;5AOHJ3bBi0T33h)j z*_OhMnV0WPKQx887zA%fE{A*lxT7N`s4AoIC91(TI;?;2wHm_^7?0eJ(EN1P`Lsl} zvQ8g7xJSXA0(o!xMkQ`^JSi)8s=hl`gZbI>P5rh?Qa)9Liw)NPzI>0Py9;NqmUoTK zl$1p6%p45V0SERDfiM*|qP<1lb-1;AjLmrk?zT42)rH%U2YwR!#E3lph>OYU6Wsg_ z^NbyqOjV-y%H^f&LDwzR$x@FKVnAFWmWe2uMTX8)`n5}$u1l};!5VfbcH9hC9m!WI zs@QKxT*!lDSHI#4pEIYfo}R-^4n__wW#y$YP0TZmZ+L0I#61py{T!u?qby%+_hDXB zbWCe2TLm>-HP=xH!8Io5SP~>Yp2u)kPp|RvgzTzLQ5o#+j01!S*XHEE7&-iz@8YjW zaQEz6W~;Z?*;}dLQ1JETN}5E^^tn89&Ll$;TyovsR6f}>>#bA+gK`--qjK%8R9Ns} zTTCUwe7~|L^PX5$)rlkw^08pzLzJGL;PB)uv+J}gYFJhCzz-6J==mD38sDC64yz?n zi?iJ+ct>P06NMM&P$*(Kvl}s?(GSwoS@LY|QOUBNaI?(=XPOu)GusjM_bnJnnYk|2 zKs6U8EUMKyn}X)^zyuwu{bV*zCQm}FvuaB9?4faVxuu?E9^Ht8_VH^A!p;4J!Ayzt zTZAH-P9mCjwln90XqfT$TpQp#skkB(J{Wlw4|^W(lIt36rl&8ZH9c=>@>O(54gJM& zUWoCc2uq+-@fBhLBBz`EtyCREN24tetc%8p0-?3mvzF_cTX1E$bb zGA<2ttGND82EtEd;NG_5cR z4GwlBic3!3<_WVyf3*JTy*9YMzUOMoQdk~FK0P=||EZD@v7_y!ooH%iD(NcsrQS$r zmpF$p%$hPoBI3YPXr4q-MPyPj7;F~?s-320PV}%dGset0-m~g0%ce4 zFFY?r3%fI}eb4wG`Acf}y<0M&g4f|obmrkpSlw!r)M#tXYyOe8X)G}kr5OPGno4C+MkC>usI|GIvW#cF0R?I<(Mjbs{zFtWnHYu4{9#l`arm8%w{%+dTqKqyO;rt+ql|S#oN89e7_@5j z#yg?I_HIJsPP(=(A@D5Zl%8c-$)@v^?s4)6-u8Ha=VGNuS}Ryz;j{lO+-JhR4LP4+ zkknL`IDM~Nn9(-5;jJfEkdo5U!{oPpwB*St{GTCiGfwC?Dks|JfjX>i zt&Z8uM=5amTJwa;u$-s%CJV_;SD00P(H8YheJifrG{i>ql{uvl6cLjW4L|v|BBE~8 z+r53+)Os3zK3|_vG6-+UW2>d{A^MM#@+a}CJB)@N9j!iswx_GdM4q;K3EM2>Bu_4B zA1FkULphWovVG6kM5THbVvBajdU|{XlhVTjx5DH{Rdmun(NK~2esaLG3tkIy_=2k|CQanbdl~1N0$(9>= z1BS!l2LSrq10eNTRaNSB*N4~3si|ZDg8!(eJh3_tEfFx<9)T&uC9qorwHCg-!;Pk- zq~tUPkK_IFEcc_S9tN$SN8bs2Jy(L46#pLS(5wC@-OPuHye4(jw6vOBZ&s)DYL04n zJG>r1k59xufG)54q04{6u-b!tOS>YG`JvHVoB0(fCp#cjdl z6cmU*k9^wZ{Q_AMV)4rw=y~Vu93U>^$WJz5yyN#s<0CEcj10U@P+>ZyDShMp92apD z)+5MKU+BC;@nk%2C=%o$HnjF!`x9o2G9-*>);hEdmM?pQ%NAhCNH>&W&Ay+?0{yfjr>>auX-g(d_|O z)!(L)2)4Jp*(KV4Jy(B0$X-4}zqn57rkHhgQ!ZpmI0z;Ywho9H--du(waO~fMXEHy z;%>WAWwwzJM{50OkFQiTE$n@!#ZWG;+7noy-6hoxiK)q;VYe#c`m}f}p~JBDvl2$y zY5arW(EiBI&(B_o(MijiI*4^qs}yNek43-II|hwyj!jU~Kj-ScCrN4oxEp#)ZHr+Dxb z_xUJb&@j@5Eze2M)wNRKd_BXdgVgq#{h>dnFMq)EOoHMKF~7yx>wJxiZ!!*A$LOsdCxa1J5wbho(3HTc@) zm|KdMkKr&{HoF5^s?rr;VSJr!`dy0)byUy__B*?vwA!_H=M$oHj8P#cO~tqiR5nC8 zxJV>&c;5cnLQCz+*_N4^d3bcxbfSm8^4Qd-pxtN^vcQp5MGpcUY-eAbhD+6 z?t&k*STi`NnJKG5kE*Owm(Qkf$o(fZqkDy~Jb)>HgL~Q5mAki5!(0w$?QkRZ3Yt|E zemu!5pBmXz9?^Tvb9NqIAnFUkF(zC|@CAcf9NGv{6~jjLl46IHyR3f)WSIDiK8;ru z?YjJQ_58+-x%i2^duQ(WITU(*u_jN;I9lg>=~aIP z^x@Wf7-w9|a3N@SD(`t_Wo5Aepi=Ep$cvQ(i_|C(>R3ugC#k~Ps3bfbXXC(_ceSR5 zM`^L^^wdM}z305=npWJ(JmB5Rq~E~9blJL*olbe@3VJJ-L83{We;QP_uX47?xo~2I zW%oo#_e5&=X+-m}w%m~-6xynPdf(bgcl)i=HZ`6v~!2cZW5qVX8) z((vJ)*G{gFez)~PbQhH`^;B0;n|pW%&bVFWh1;7q8FNQEIw^7G_Pf@j9~^$1*A&?^ zR}48*ALa0|H@3 zYAldMIl}G9$~iV+D0D80Sz+PW=+7u^RK^+iqoGo^=t;oXIM@v_&$Zfea{nAA z9}>GO-#gr~o#!=Ur#Za-HnkNTUAETU8x^=8wk?1ZyuLU*NZIv~sIs5iGWJ#Y7 zF`%DfQ-Y(-VTX7xC&PO`H~(jdIo2f!OWHX!ClY% zT0QMv(&3@GG1NQFAU5_ErdPOdJo0F2scco|!PrdZ;<=N^%ptiP3QG<5XcECqw~RTX zp{K>na~qS^Tgh>X;a`9rxOsJ9YYeGgpK*wE#n!`daWk>3kt}>rPRxqS9>x0SFVazF z?9hE1%d$F8s87X-ycW-fz2IHXH7Sg;9gzT^EVU$oQR{Ivw&e^l<|z=kPkGkC7Ui$X z5$jdBDyMnSy*!WS8d1@7pC^d+HZEivWy?Dp`~Kdy+*L*nD=e8jc#4`KnClc>^@&s^ zb+xs1usu>SmTIirOv?~iP!$>yQoyYV16>vs7f-|;s2fQ=0cT>f_@AF+YF&;KwMnt+ zyJTl()?EAc?ui8S`!Ij!@mxY@xNxg((T`%iZtQ}6TY*7A_8w$op7XpGGP=42J(u%4 z@jy1(^YsTx#XQC|n5(ylb#kIQ=>aj&MEOSX zgx+d9aOmTGH*9i+VC%}sh(Zj z;9;sg?@;_qxv#-+Wmfp zog3!YBZ{+4_i%5K?9Au7M|r+P4MKkSf#9>;ctBJYP%Rwhbc0##>)wWJ zH5kaplw=nE{MK9*NXy!Iq+E;I0SsP_eqN`Lp4Q{+JfWnbqG9YljB~AwDOl#|_!bVA zXZkADQw7&jqgRckQPTtykfCihx*&a5S5^W$QL2R6fohK*e-)4bIttm|)W%;~290;3TBivv+uRr_w1(GF zcX*xf)3bC?LyBfHyPuG@yPh7#Vc#XhI%9f02%$v9e%}V%gp2=W34#fIzh){HxohRu zm+zY*s;3jZoyV^KVKC`_?t8P!D)d}0S?QjbiW+JMoI`6_t+{$5;`rXKE-nt9cWJUZ zbAX~35AQo*hmo23-g zwge_Ilb?H}k{GLXJjHGTluPjK}+s+ z6cLnhyv+=*p7+#%FbfX6Yqnc^QQZ7IuQfwSrN>c$-z#s31&T5@k#kx+TeI=+s(%mx zT8Z!j_ps=*;J4T7+v}2gobDObp7`Iv9{9?qMl%q0eOg4VPeGrm?7ITZjIhyXY>S7sBwK&5X)4Emvv7e)w2A+zb9boS5NwXaD^U$Z+2RN z-TaP5O?WCxbIJg8O*uNx`l8jr`Th_5TsSFdzBEK5h983#-=r+dZBn0E=9gG!U$1cVT{ z2WOn$9cS)`yZ#^kUoIcAl9jbMIq&sdTg!NFxSVTEpOm4~P9?QS7uLZ0aEHkA|@ILvK& z4^-E9Og*>1W4L8o-bB{zX?^8AY^0XA?h~H(Vxmq+8%b!V(dM|`-90tYp>2m!J@33} zFI)`q;eLT80nH3|7krI(D|UW~o-;>2+R6JRT<(L*UI0yK!-y0oPrYvZ^&3WvE%0{L zqxRx5@Wfk}u-~cK+WSORdA@IIB(wEZHL?s0lwNwY)rjTQ zYg%GRa@F_$Ou)nGeHnYq!`^c)=f#YVKg*3uJginwNnOjJ`p)08?$y`jAn54<(X>hu zNX1y{lytCLk^lhNNTs!M1J@{{!2c8l2EJt_zqUHGaZqkiTejDyqKHrjcU~{z22YOV zM?;q%FYj9I9X1`iI-CmW0FZuSXNpXyEVuo}xK<+AlN-d=I9>Rd^w*c~_j4f5}4>QvfE#b@{li{UjS=7ktdbsiJPa4d;eQ2WQ=4elEGY?{- zK!DHIHKJp}E$Xq}UyL9P2b1l9J>1+n=FWC1yUKG>T;7L{{&~TKcXEN^LSM}0rUU!R z_d22aC9IC{zJUnJ7G|;I4at=?pqwo%DqpCK;C(omcgV`d(h=O%>sfzRPi34yP{4Z= zO0zp6IGd1U;w$5Syk}r}&`40(^8TomcUAUATNGliS9oesc!YmSaAxZSJ<3|rsIde1!_dCmS!5uhxb@_5E4=3OS1eZ zKU30UYu4N|!e~ZZf6n2h$cR6UT+OtHtwNNWhiK}1SvIAo?_@E1_&(+Ur6(k*n@;>2 z9)jrI^%Ot%J*D&H*4lj7MlXEIdQS528j{}HtXCqL0Lg2@Q&Lj$q?#T*4>xijf%4mq za@nFqqA8p4H1m}QI3dWSq^^9G)OUyStzUaV`e@^3-vL%t&)lF8@;ay^0=fQxq zT;_-AJD%`{mOiP@<0YP=(g(H@hu3WERkwv|0#DYd6!T?P_SzQJ;yU<640caeE(KLew*R1N!fP9 zGo0gZI2Wa}^xV2E)j{Pj9O{bAOLdDE;3wG{)e4oe#1R9Ss_L`o3gZ6sDG|=R8AJ1- z8_7vP0MRh!`dN|2jXg?)o?=9Q@CU-I;?!MGVx|Ui7RFk8+Pm2$!w&n<{ zCk!GgQahlp%RkWL5*t0=YCkpBZ(-$$nbDXI{05ZB6zxkNQsWa{y=sX&-go&D#;#w0 z0h(TMHJJWfB1mtB#GFs0&(8ZBYUB1**FbpeX-+|DuD!y?Bqe%PY<>=0-CMcMS#P&V zp}HEuZ0%8WoCeJkFrl`w-d@sqB7;sacz1X{rjy1hW9=ZpbMEX}VJO;uVvyBkB)rRz zbgls&+69NTYjZ!=1K1A>bXp@&NSK6EpOMQRuOTl%DY4`CmA+}?R_A4$Cr)*#8`M@Y zWg|L1=9xmy0K|Wi(VvwVKZA$2Z-kd3NF#OTls}F7R9ceiT)`tV= z48cMe0v0{iL+v0=^(W{-{Th#h%X>ab@MF5T??Qg6LwqQs&+q*Urtk+Z1^*uOKZ9Ic zt_d|HCFzak;a056S<3w8UJs*)kBsOv%`c(^&3Mw{D{Q&?jyFPaBSG3(eII-d3dAZdB(+*MC^A`1Y`k&$y z7zbM8SJ|Lmz!@1KQvZj4dIx4+xP&0W$XzWck~A~W3Dr4he!*g|Ha_dEND48PiC9e^ zZYuJnC*o#TxLTGk#9LvE!d)=JU1+Odg_(`XYDUk#qRrsl8CZ#y!D}!wFkm;R^_zF= zNlT;e?Adr#Fw}c%^s|a}WqnoW{MI<;Qo#*Rg5M^D45U8VZ9u`}*#*JjW5ILF5h4`zSZ3F2x=ck?-a zV}4(ycxA?nyM%G<|OzP@q4HE2JIdaFKJ87uwq6uGyw9E031ABe4Yij%Ts0xio*tf) z`@#-s509+)1-w8D}a_Dsqt`MXP6IcRJdv zb97X@eytP(=w4a$&v4%G;Jts2%q=1f00%HDvJDvHQI3cECA;zaEREEIcseHT!HgP> zUw1jN3r_Pf0e8GYr*vHLY6Jyz6z2n~q6 zye@i|4F_s|{w7P^e1HW4BoVdpI=qMC{Y32D-rtAYY=mjfzZYmae4do&&M>*k8k$%A z_O!KbqG$m0YRbAi#k_oS6+IVcTV}F&uv?Js7oX<$1y6W>Skq!vy;P@N_pDR?-bpPw zeB31C3}d)Gljl$@jKLIc9L8?8Rs7&bF<0YXuOZ7X;y`c+)q8Fk!(EX5EM2alqrM;P zesMI%JfGlUh-Q-<6NUWu`I8J~cp)Y_iAs8!C6ti@V83oBuu3vZSjEwkaMd+UT@9nm zlAMp`A4D->-<)L#SVyKu#Dzjw8MbO-lCB)JY9)3?MiLizj|vKWd`bmj50Td0jo@ub zm=sxNoq}e*SdCY8EYOuk)ONZ0R^2>YNb?Rc19wp%>2Y<1e9Z#y;+w7cC@+pB0%pMB z^yEnU_PcoP@N(ZQR6Zy`S9U^}jM+^B4#G|r zLYU~%`zkb{WqzO1G2gK3wz`8Zy+B&ZPX?6GF95_Ptubp(*PCeX#zw~Y$f)?B1YMd` zT6WgyXIvBHf-R?7;=i(YPgqJMd(GC11uWoC(oyjNjlx0chBYk@d&}Q44pbH zHGJNjK954)h@{ap^}d%QPkdMej60Py{v*!wxd^e2S3*2LEm^qy%O)9K!QT`tJlO;p(h|AU?UcFO~U(D=9u5C>7BdAej6{eyr)Ysh*?prlnjaIDD z4(ozy9*Ss9uA4vYoFoG!0MRnW00iW?8u19r^ZXI_c6K}mp5n3GD_vkCtDw*obi^*S zKQzE;N~ogGq2i+-F8YW=8`vfG7{3U%xjVs$1zz+8m&uWCPXWBH#I-;w=6KJ36on0W z0_hLB8{IR7brFlUH@}#pgg~&VRFblB+2mcpPyw=3Ne_C3T34Ef$CgC58iyv&-u}ka zFi$K|% z05#+0Y3C{41!TrF%kg0d#se&8nP`z)0C`nw2#-8)*X;3r_kD*ypLuS1&o>3~ADYx< z4O2(w2!KVin0$}$x}!)X>i2st$?xS9lu-9R^3dA|B&D~8=9SK17mK2L&8EgC2e?x` zYOPH!O_ybw`gTjU_^TF&rxk%RQ8Ts)2kt<76&Q53JLj@>iA7X^n@;GgN@oe<< zXbYphr#0`>zLa|=ug?_EJWbzT@Z+v(qWlBpkT!U8JtcS0!n#GR`%e+*pLtxS<9X7Y zrsLF9d$L(P*l)b$7AhX*;lQq#&EO?{;5Yg06i4Lc*G%q9+N(JX>Xz_ZR!;H3tYCKOH**Jg*Q{b%@a90J6E31Q+a5Moa!oOtsi@> zcPI6cy^Cn{t1Di2$Z2Sb2#DKP$Q;`aEhCAnc*GAy;ljh))D*L69^bTZWJd4ct@pswwKRGg^;btkhGr z7zX`Ehemv*AGVvKV+7$6~`g>~iOYMTXo<@~lI3~XDOwK;b ztI@gq&9<_~((8vV&;2X-S5!!Y1jFwAGBE5L_*2KEEL_Cz6Pbot@nY4fjQ@DJp_V<;X_~G+F}w4-#-0Q-2kr`jTI7 zx0*v*pbzhOZhj(QtXRB(PMmGNL!)K0tq5MhxA{Er+04?CZ+|0AdK$(+CD!uXW&!a;=m!VD`|o`}*SVHt78V{g}Gpxn7q823waO&}+&Wmjwv5y5^0dmYcJPJ(pD#A`Zbx$Qh#5L1`w`GL?1AXnu=Y0)*H8fiwrjXj zZ~6)6%QV+?raloNwTA(xgvaq?02DiT>9=p0qr}|0FVoX0W9jT19FSx+Os8X`6QTCp zRB8|iVn|i|LuF?b8D6?H0v5IrT`FIa{TjO(2a7CTtRsZ@_{+>r`80galp7iq*)L}L zofIjt)jXXv6gBu+9eC(W0&woaZeL^DD~N&00|dzx2b77|q6!z$Ch&de+M~aM^gu}> zu_nLlZt9oJho{A|`cu9V?_s_;HtvP-;b{(Rmw`QIf6S(cPZciD;J!Z_$}zIDQxUh@ z9>Ml8KIcKCDpe&MfJSjZ6X{R@TpNhso-b02zF7#YhXDXj0wX(Au?(W4Cwt=cc8epUn^YM%leIMl(W{oHHdgv* zdy~fIV{SfA_s)HZy3yLyF<^r(;9VqV7NEIc!Sf3YOnyHw)+ByPU7CQ{QN$Z@aB0QF z*Kl@hXZ-QFwi(YuPj|8xtiE$`$;s5}S)KT)rXd@?c|i##emnJcbImd$qHruh$cA^L zcavq8;O?qz8HNPHV_f}sIL!ur12_^Ra|AgD4xa;P+^6=NDmH%em_m}gi>D+^zeY`c z5hyjz)55G6fXQ7(?wvs2H93;FMlkH?M|{S7AD=*rqJ0D1lbDevtWU=21IY}EofT^o z&mdAl2^ZEA*OuotC_o3C-=55uplz{c1BD%TGK!-kHjLnMB~y|l>gj~%hT z{#aY@)tz>Wk(kIcxI@#k)(C*)wt5q3=(a?2Tu5tg`8IW?r0}H++Y9~vz zOt64C3D-#l-NCRI=MZ(K8eUh@;c0w>ib4F&IUC~nZ)686V)TD$t9>_Me#oP-sheCT zF*~h&r?{paGi6I$ta`jR$-z?Z1q(?lfFkH4Z-EseDkl4&TqT8ty6>L~+d*13Tx+x~ z{b$(ezLlOw`04Ota9GsCm8mXdI=e*uXP=1zTz8wMd#7Wq1Hv^4-siJwmEkYVWdLXJ#rv&?{3t|mj#d4tm4W{$M0{23@UTUjF(B-575 z8+%fHgAnXfR3?omfI*BLXDj7^F3tyHN(Af?HB3tZJ0Ftx{ilUGyXd%4*R@UbZET7X z5(*WvP|DJOP7Nl}awjJUu-j>gsVu8MHZVgU4){vk}qJpZv&N-x0ER(-z=x=$r{1FV#%h)yv;aDLg6!pw5Gu5n<7Boj2GO zKcg}G&vIC~Y=n6pK9q}oDcoAQ@{OM1MhX0iM@w4cHrE;m`f7K&D#osuA(WKi$n#^^ ziiRZ&-K#$(vzOs`1mgHcez3$3@OZIMCK((A#dB2P_ZnXclvot7wt8 zpU*O|`5bl0XABsQ1~B!zM&8la*VhB%?J~uE0=Ah-aFQnW#ZIv>4n=_Ke49f{OI@$% z(EC^o5Lm3$8u1fPUa{fA!l{5g)_U6!KzTYl4+eY&%dXEGUjsEX9R}bpV*tT057C;a z$8=jlElyJ)fZVd-umVs(lV&iUQ~Scv>Y@_3Z<=~7{!KG=nrh*H(3Vo7jg`yS1&R_Ds5} z+m~7MVs0_~g1cby|tR@iZMR{Pk>5OJJG_((!lQDC#8F`B^`tvS3#jlbKtvCK7Ttrf&_` zpC{swEUT#W4u7M5W?NuJd}Gk8bVNG7XVA5-OGLhDR`aNlagsj6wVpDqv7^DUym4Hw zuB)JE$wq>y{<|;L$MX`J0J^$E57L`7q$aNC->`aFTnJD_{k-c35GxiEjDHD%Q1{cSnuY~QVH6v}XE zX^D8jQV1O-2{0dCu-adM`_WKbTOQ)2fs4TvNn)aUuM{2Kr@?Q$_Ip%RB4=5n2I%#WJ;;7hP7#9B06H~5wj5U7tYVr<-Yi2XTI=6n?!YDMpESqT0=l8iO%zFq{)Fq5nTFpk12We z6?I+SBp79k19`iYq8gCIvEMqx4&5lIXCjyPMa;Ja56n1m%7B4@bEI-MxfbX@>Aj^A-sY)W&F_U9gdO?s35u>gA$xxTp)AC456(1%Nc zM0Hu_w351_Q#jV<*FK8xI`4=aEpI-oEd6d$Sp|D8P`iPMF7?5L$EUNE1*M^m7fo&U z_eos(aAaSHpl0oa^Nme}3r==`w^W_4tgNID1#4*~4Aot`BQF${ljDd7AVZaID;hSAj$=tH zJX~DE8FaL?#~#ufclXna`Yp`Oa}H{%rB~P1UU8@%ySPv^r-9%N-LFJ-068kSa6-k; z8+)b@h{`8nY^Nr<>rfcCTC1I7qzdPr45#EK*&iI7xHmuOXJViI`m{-^O5ku_4aCZ^ zP&lc?{XIEl^=OW~)>Jbl<#tO8R`uvZpFc<6$-ZzsR^oG4D3h<@IZHtpU|!X>?z7f1 z!M88guck149m8$R9NI_(@cjt!9nt{0jJ5Y*(9yAZ-z_afLtz|3dImb2H8nMp zyEEK_MYy1x($ZcBN)F;&4k#Pj0cd$?K|^j(^{(3^EpnHm*Ho6S6Rx{@I|z*lKgoTr%{zaWfSGg zz+pdGZDTwGladNNZ(zxSrV4LV4~dZ=zJ9eXYx5Snc4?ZZFdP9eK}VTjnM99K<>t=L z75g=-I&cOChSfYxh??3MAjMmj!!cgi%!9JpH{Lq;qSTsj@~oN~D6HBfyExRG?jZ_I zA$WdLdIYddhKe+0iQy zO;_Ume3S&}V3~cf`OI4}1BK%8UR+E%@Sc1*xg&A5qQY;8ZFU;zL4RE?dR`P~R;377*5-}=R$#^PU5zD$_jb*#oLC>Xk(b0#FSq|8AL7IOJCOG?3# zmKcCmqtXRPo|%kWLkl#KlD}UqypV_ftmEil35-z8{tq#Qc^DryMaTMpXJXlgRkpp$ z`A#&lv^8$9e}H+3v1+(>1Y&gsetgVut-)iM^irw!w z)WT3Fx|#-e0MQAT%=JvMLp0TEh?Bum-Em^lw+q>pQ$wyc6BmUy-)k=BuLZDlA$j5k za^yeW=eE|bTQdMseduUwRV9B(S(GtXKXUMN>VaCPC1=^F=iK+I3|oqRb3jrHxiST4 zP{-QV>=m)Ls7dTwbbkDJoubwd`&q#Sr{*x)UTA8q6uxy)Kj*0b2Q>HT)de%~RvPu+ zh0>YtdjY3}H2pCAst>mo;&!PdlI}gC=z>~8 zay)>_!UEaZo^QQWu~*R~nL`~oJ11xHgmrlZfP?4y9GZ;8X=)W1y(D#`r(#1?0efUB ziGKw`dWDnyuaNAIFycz(g}_ecmWzh}rr7vK_f0Mox!#Wwq8tU9)eWnFa_JCoF94EpbPTOmz51xOp6<&&2&j}+7pWS2!5sRXSB=yekpWH5O^yfy+U@Mzj>7J$Mh>C5-q8w6t0FWkR9PSN3k+e&`;I57LWiKdtOznScJ8kvpR?~1WsuvTTs z)aOb4ca=9&XA;5*oMf zG-A1&WY*Bvq)z0zVvC@ArQ%T9$+Z$+l>VBmxNI#rrB>O~ z;R!M~nV*I4kxVuTUc$zb3@DUU6w@;Z+l-}jEf}sv!}^}C?c1B=zRwR&nSX2z5MHtw zFU<@NYRHLO|F8pZuK_F@de74E|85PgFp~>i#6tvDEh+t*u>f6pFQ3ogcSAz5JsjadxH+@BY%s-1%IQ>hc^PMT4Aqo)-IJRD40?Sy(qPtz@pZGwjc2 ziXc#d(OVW6N@o5_Nm@Ec>}0!@-|QW}Ez@5>=TCn~y^e>^_8V5TW1I)q;4p|Q_9 z{|LyQOEdHFsRPg|z~ohNsQY}G140_^83q2u`hDk+G#%98Yx}oGVSFRzM;vl&%V`A? zT!DxZBl^#vA(1B{`WRD7RCZw-o034qxpfaZu>z~aS*{zapCWJh12wnaA z5&8Q;{_%wU@fw`nPmwI@6%*E5)b`v z1yarkf&3za^?xg@5=c(L{C^kxdyVy{HTl0K{l&We{P_QJXifrZO7XJ^ounFUcDE5fKIN19K_hp9y!j7V@*iNdM-k-DgJhzEDQ#8*rKxyHI}8IN;zo0L zbGzOuW_;z>mqxC2ey}A_!4Xqld0aa}=5B&d8g&xS_*3QEH&X8-k|@|WvFW!@pK?Lr zxBH7cJE>abWvRD(*DEug_xDpS2IU)r^SU^vA560U|N2qs=hLk+LnywS zn{BCDonE)B|JBL`aglp2`&l`uuPXnW?U?PuUfM4WU8QCw!A)w(d;}hMrP*PCd(41o^qEcD{{@26jOy9 z+)$dcyToQuq|L-z`$W}z>_QVS;GPF(PMHb zLDcTp-h=Fvqbf^IM;DK;51BXMpSNnvx|P}vG02*7D|Q&CVv8EB?6)RG4qh*u7SjEs zz1Uz$vb%0Rx*f|ssL4GkRr0E;K=tLz9e7Pi#f;#a<`%h37HAC*rik3!|B_f-Vt(_k z>y%hd#Vb+4J1rvKy72-<&;sTb1eR9sX= zUuH@;ecbG{UOdbh$PBMO&tLTX{k=ptAAAj!IK1DkEEZuR$-41}$ECow|Gj$hg9$$Q z9|p$wQQ_fDA_Rl<)F!COz3k>1GlMB~CpM@878dPkW~4a(nc{t868XEVa5~_lSOB&w zT{%)V%0)3z?t_;BQcI54&*@(5E!15(!1NMI8V+aNi6; zo98EI;BG4QR_jy(GyxDo<=jf_>HXhv1I8NL%m_Ni2@bD-{2Smu|J_)fynxD)Jq)FT zQDs{(b#ryK;T7PS@-6-Uo%0K?I$-IsakjRGN&QvNjgo%v#bWUP)tRMUc+=@SUlxaB zGiPZk@)&>_IB-_ezaM3VujabS_Q>@drccAVqi&LEpo?i8H1Ceuus}H(cC(3yF~ESk+w3{`i#s2p31 zYZFu5{L}fh9Z^m<*lKjGQ^Du+9K*2oqI9w1y@Rv?C(Ep**BdnR2}w^ z9b7AJ#iU(-*=nEid1gXvt|)G@pp{LmC|p}%h%~A-)VtFk#=|4CVf!)jtGcKJ3E}QD|s{avOg5yYyg!U0Mrc zD@v|aItLBK&U*@;atDn!nb}T@bafrd(Rihv*XB_u#;w_ucYlgKz%F~s%5AWlEK#>ar?;x- zb2>X^mO&`swO)Mf!yZxJbQ&n zW(Zm4*imfVc4n^x?^}4z&XiBNamqY=wW1K$vk_O?kO>s!>I z5eyP=`}OvAnnheB^Lu#uf)eFNP=}1b7n?TwcI+co`3e~ZIy^NdYb*|i)^qVCX5*YV z7cpoO*OQ4aPf=!}N2)f?wr7|1O$qqqCHuHI{0kzK&Vc>%?x${V-yUC%jb^IunF$ay>gx0wV?>4S^Wc1K zyMcr1)?AsU`K+DCkEB+}H(5;$LXgo!B+Zjuuhl6ADym98oW;# zI|bS9pHDR*6^z7N21FDL8=#lUD}&KR-wq?5d{=ZqVWmF@pYX!Pm&9^oJMM=%T>Hg1 zsdS59&#n0wh!(exx`=Kgk7HZf^^P~(JLpWT9f}qni%M)&-xe3#|I)bCR>xd^{#!EJ zVkmXxh%xdTi*()Cee zO5&zx`-}>`ecOIsLtjL3Vbdwdna^?DW}-FZQDdD0T2NSN-(6!c%x!$SowpCN&NN2ylndfcUQ=vJ#FXOqVoh#*o0rf%tSn1jNQ+>5g@0l?%##V-S6v?gg zVHuQAl<~e-u}e)d!naJ1Nc#B9R)qV&mJe>8G~tfL#up{9QohMmO@vz&<=H=o)hv@z zt<~kW+G%ErXdpxT-ZcKytHtOOoS>OLgSwS>f6lR~bWjflL4d9Zb$*`q9%+!uGZl~BCf&F6QI;7*a&UqHgc1dliv&@A)fDs3GchQ=rD z+Bx=Q1T^r|{WK>zJh%FDgT|jo%Qe0gGr7TV3nCcMHckgSY{a~4;Sjv$OnMi^^khCt z&=g}m?-y}WbZ-EPn%}jiGhJf;Rj%|N0i0k(ceix27ahRuzFK(7pex}`u_!7Bk5{y1`t=8V+4R#TJ70!0ojxLzRJdY|JC9NKuYQ^KDhSqs$1Xnh! z=qZt(AK#~v(5qW&J2%zO=~OL^7#AJnp^1JCkM&T_t=WFLRrP#{|3F9veA4*%rjvde z4_;NXe0x_jBTUIebr{h77XnAr)>?y>-yirzVe* zaMH6=-CNUmEcTmc`%B#Q=By_7S8ksNwuQ%A$T8qKk+Xp7S>+-`(AoX0<@S~F(-ZI? zONS+3AdokK$!!w5?R-IVEutykip}373ONN2P~E1#o~Cc706TyF`*|q_?Me2l1W3BG z#37@j{_&&Plh{HZs*cxo<0{9}U6o&GNFpb2;bJzr930>dLOzrv@KTFqm4d#YoKuo; zjIc7!VmqpgutI1&4Tc=!m_?BhXeU256LbDWmy$7qM>H;n^NBZF1D*tbW({q4)$V8E zZV+@`)0Vwbpg|VR5jt&S(u> zs7Tsv<}6>Ea7mIMzm0mYHKM3wChm5uZv%a!EhqKS<^LR1m94|!5w-489J-yp-A zP2`+*@?GbE;WQp$8BGBDchPjhh_*f->M((F^-dSSGtvGsOVmsQ-knQqH%m*u&e~3f zN3lhAvJN({hSx@2^Pj~hzl4eqrecc5D@{h@l{hx-2-w8?OLo-zqjL3eY`UNgFQ{%d z!ZK|k3mKR3CKOp|s-183zNo%DdNiUU(U)3oGoo9rGFJI4kdcp*lUAABVzt(GrSejpdQVCyMe_Kq zBspXw7jzu^Z|Lv|px&9WONOS+UjThJG^3FAn+J>8e5qhQ4+ zI0vDIM2Hx>S0e9uKprU)Q|+_^{T#>52`L{cfZJHC@ES_a$ekS&97MC!47z&GQIVle$a}c; zWo+f>&EsH~Lkh*V=pKvhdhM2ay|bhZTYe>8mvLAw?sU;_k|NFle+Z5}VK7TPnnmn} zA9KgE`AC1W?v@zcte>91^4$zqcOAH_R%`t0(7jJ!XG-M*d7JtnIu`N$?adn=49kti z&G8|rxX+@!V7)vbJgpjB@G)rPcCF9DR@oKlL^o1@lxkeg@esMAHdd9mDS}Pd*v-{ zJ#ANLtrV#YtvNYcoQu8|wf8=!n?>DZSS}hJe3Z!Ub1U<#EE~u7XFB!oI~*uTPavy) zF;wmWPUJEhA{54JMh~S*Rx;DDCMD>f_sisxM{8YrQx+P;qp-r{-~%<$$C716t89=8e?GHG;x}Fi zsYZ~km@X{fk{vdd&@rTs_hz#YG6J)+%`rVQQ?~*onCLV(S;7kRT7MJ2383qrvICSq zHX(BjMDzBAgm4h(tKIwKFAoVQ5U+0&4$@FumOpEw6K&=Dmoyl*M*;1gW`l6@_^_I@ zKt&!o;kqddzL2rR>Ryg_pE5>2n@zZ`-G^;PG~XuYi=RX7!Mt5M3_CBdj2Mgz>FgCd zmI56m8pK91TB%67EOy4ez7@O}Xlf|@sQfk0+;>Q7p6I%php;r&OdVQF`hP;OvuV~G z))yI;)-RaHVi)#IS#r(pj|?a_;*ap#W({V&RVS!>67Lt1gx0}*HI9e`eXb+vSqLvJ zR>-9aaX3skZQ+JckLww!y3XE_5Xf1fTaKr+dZ;Xv6h7pzz%DMo%94+a*iE$dD8?LQ zesslo%Ake(HYiS_^z#0|Koz16uIQAalAk;IWezHPe#hLzl6;F>V(!r^3WwCJK)t@G zgb1W++Vr39{@!|RYx);h_P-LvHf1!G*p31z$&|!S8rVt@TH52f>&Q_h|9<1-DU_#- zM5d}5i&+PId;}T9OlK6Y9<+BvAL1zV63#r-eP=Q8vKu=p0%^uP6f)f6?B&f0#PC2C z3MADFrwz+ePf4cIM#B#^&+)#lgsm2m;yn|>D`5<4L0hVO$qWha)#CoOZdWQGzKNuGny&uoa&JKx4I&eF#=uSPLPVjp6_ z+pQ~V%#y51o;+KA9uzCO$wO~-=%OL|GaF)oI+DFuvnvvY+R2B zI1O|Tw7Vg4zO+Ho9z9~O@{NyX)Ey2N<^NX`1OtNhyy6PB)8%3E@P>^9mpt#jD#dEm zAG7R`pJp?S+W&&5jKjN$t&mSEP8$0E^8k8n5&7^V@J|$Hrw7hVrb35vjK6Vyl{! z33^oi@l|mgn-DRjSP_LKUZ!zsMLt$!BD{_K29IFNda_L2u<_{W4xA9+Xz zdW%Ukn6kvo6Z)%}Np-32Ql5r5k`CQR>-`suAGC)QjJ^K2#;GghmQIME4SGMcG}&~b zHm;Qx&0*moqf_c$Qu5?!J3HelOHYPZbFpnC>|p0^(GiI+;0Q~$|^kAIyEv3bEh_{*tbyff6;OHPfaP9KRq651Pq9Uj-|OVU z)JiDPED_7c(m#i?lCu6Ws<7p-4BS(9VYjZ&7e74h8Sn+<-fbcmwUwXGsG;u-E%emeOrws<&4~`GW-7ui zl}_ZiluYQT(y94KiecIXn}A{I^}%XzK$M62tDg@-eBnf-8Yjt?G+7^g{X|P{?B3S) zFO-BMR5Fmt8oq)4`Oot_lV{1>cbf?$qH-#3R$B#H<#&^p-w9@y)fG&~Eb*KhyzxeU zeG%b#Q9=rjr1`}K<@u<`$87Zr^_XQNr`q69*P*DoyTXRpW*A68?(5H zK`YD2{#QR6hJUDGf%^$@Q=jMMOGSx4Cjj%;1u7<vjp8czgDAh6iO^GgH=nQ& zd`;xgpG3D4T8?zmguS44E}h0whsWCD{RV5|;J*AM$eyWw`Ee$gF3p?#Wgi##2zXT( zs9SiZ`j2W5dvRX$atCNkb0o;2+!!N@Dcd=L$LW~ft)-_DVTOqmV^!CCKxvyvHZftc z3M~s?AFK#t9NrbJMB`;(DZwl-nGu$8BqPuUB69S~L&6R0YBMO~d5F_6?@5qT!>OCk zy&+n%(pIehI49JJn2mIHz;ImJIoSRMoC7K!&db?<#mPnj-cpBM7zv8gQ>T(?R!0AU zb8O%>&cb>1*Bt14EUErchByR*@c)#v4^)0VPqh9$LJkeF_fGC#dxRP`eD>6s?Z9Q+ zByDjwr`upGqCx94^+94jx~%tPtX_Vt&WG}hF(DH_f*4newZW8`-3twaoI@k?$N||< zKJ@g6UO{&0EKrw4OWi0qzJzApc~Zz;NOQe4U;$@{2V&V!d$cKEpV#uD7H{R0mGPaw zS1{Gd1_kGero7p+_P2w_(?VD~M8>Vc(-6TR3&Ye4$~We+?o)fzTn+6a zoKy`VN45G0?2H7jt5)wdo|kVlT&?kW8-U3MOPDwSoo=N@p$nLZBnE$bDJpM&a5rq^GpZ1jfK$G+W?a` zd6N`weeTUxgZm_^G+N5UYa3_Z16Sez^f*^fT^jmJLhS*$DhM#up< zRn?h`y&$Lk-3@vp&LA76CHH4g55oYZ&9QnLTnu+2Dq{?>Z8MVbRAxC`h{N9JCA_L6 zijyBx+3jQaW2kL69yrkjR^0w*CGa;3Z_5s9!vAlr6&QRC#;4yYb@ra0?~pW95jLB8r&m78+B$02V>lS6L=G z(j20xE`nGG$IYG#R6buWmXBDR_8D5dfEFOv9xkT-TTn!GHK`>N3Zie=P@hK^S55A} z6;SN;O zo|J_1v!MvfKapVGxOb_Ad;n1OW?oLPAMz7d`D1IlTx)3|aKV30An=dJ>+3_mWQ$n+ z?wG@8CBoi^Ac{}y3{QoLx{^lU)Pz+KE94pHUDcxZdAYTZ_pMS~?X2iInx$61`7@g;^|~#gZ1?Y>lG`VytSfhZbI9gqdFGhjx+zy!@rtxY0d}xr z=xoczGpw5+`!MaoU$kSzDCOJl{d6tlfdK=a5c`8=#z?PiscsJ6oni5V-l??uEs*1I-T*C?Kr_!AL}c%T$EU4ndKADtmzr1(Z(oiAv5whaHLM_i zQZ@5ZR1LI%39{AR^Pi8kGv+3JRqv|Q#VuZEh%~63#dPX1moJy*&fFdwg1u<$bxG$U+1&ZhrFfhj5-4u^&IGf7_sJo8QKwK= z$b0Fs4-w!b{-^a1n0oZv7&cbB!Z>a912Hr8CqJzCK!SW8QYo>R4;J~wmTkS7>Xk17 znfkqqDb#?2%1v45m$^bVgE9D9wfZq<%!lWSxZU@sIp3^5 zp`mEeH%nCN<`sq+6kauCH!64iw=Hcs#ZiMmjh6QE+#i^!dpGTo;T`vDBe9rYMAmZb7GUSMzb5$XJP5WHc*4zyq5Z&O9-366+ydVI zoVWtIEM75Jr0KFGiqgSAR58pDlMfoLqIPg~89M7eL))aVsy&B>WF}ChgiC?gfa9QT zdQ`M2q!A6Y;cDQ{Wi?@1LVh~hnPY@cahWmkkSu#w?bF}Q?)nc*1av2s5aLbqNAX>k z-6rfT3Sy782&ZXvosl&il;y~0&$NSVpREmw3wS#_H3slL8Ues%h8I;1VzWq;I<%<< zTK@nEbG{Mi87g_`Yn6^1o&0(Uhom0qHlN|!_oZL_J~#NN?bY#-f_wwaTl&wYUD&t) z`!T~nrrx-jD;G3rvTiGMYlotO0d98;qM`b3Wu#OUN%r=x_~#xI!s0w4t*B0EG$IbE zt|u`*|HU`nd`jFY&AO4@)6w9e$Jf|yk&M3g*K;4}EGxK>I;7QN{!IEXr&arb;#5qP zG-S^Ari#OC=OTZjfdedTXVTWI1hlnNC^z3{11W%@rzOaQl6>8)+IE>JQlj=wb%r15 z2sb`c2yy_e-}nN_a)PcByYY}#;bS5w-7|l}q#Rz*EJ_SH*0nKfTw*r_c}}o;f;~lhTCp7HWtq-cr>+A$K7+ z9$%gOsC=RzBG92B6A+2od@ zqjc9D7Cgnrua!i+DMJ~ zv>H9#9ebnv)OC%5WAg-dB!aY!+^It$s`x~P0BVADf8!PtG}nhrpIzT^+iHB<9qeoX zc4mx8lL2nG;OmNALrD_lrUICE$!obc*PPxFpt4vXDKu%Js0Bgwzptb1w7|~olqW|c zM&d&vPf9i8t?_K&LEVwC02a%v8!Pla!a_ z=|{6m*#uN-av^bOmd07&%^I%soodzE-=2@s+dnwQC8egJV(DEKKnuUgEurjq7KzwU zVoEb*3&R+HkyMs8G#imNl4*hYU<;B=x33n-aeArm?>25=^o3JBk&^Z*c#a*EAsfqA zZHMebt>uHlqD|C1yBW&}2cJnN{5(zjqOdq35ljZsj?j=(jE$0mo=SC(Bgnj<#)WYV zx3M=i1Fq!3xZ8Zpf?K`0==2evs=Xtjqj(_FUf1LzJm@^w(-L8KZF@nm+h6-fqOjp3mmV=}`h+uI6YXP+}ruqmQCVElfx(BU2yXAJ>ZPj;QiQM&# zI^%xOEk7$^zb+3b(Mg-y87KV+50xS)G1YonKGX+;`NTRdUNpYMw6QSare?HxT@yF2 z+Qc~3a=UUJwD@td;w+-h05A}=O?7g5Yg+VIoY(SitrlF=Jk(2_Qq*?U;A)AyuDp=R z=~?mh&I~`!sHz~ZlE~pe?-vnzave)ioW2{9U}sMoW)MyH%CSuuH4%3G{K_6HH5gvH z?@&(=W*;%^awk$nGe*_<#dE9Dulb1Qv$B-8A?-5BAF!F|{n;3ed9b05X99oExBBZm zM#>Zq1hfQkteEn?k;GGe4+c4bjKB>yp9_>!3UhD-w);?}3yVhm%g6|k5KZ&5YXl93 zMKzun-7w!EZi0~qr0BdHZ*PYCb#)<@xNUyPXDQ42c%Bs82i)|jIK&w?s`}bAF^CWl z&AJ1^z$iH!XuwmYC|nRTS1Gni?a$7m}bp!Xgx$2DB=Q-WmTug48v+53`B%!y2Q zRHiTtgOJo2;H#F;H^(CdCsq-linR^_nF##p3T4cCjrmNNh)+Hd>ua#{bh)9?tBh)X zc8!+CPU(7PQ{)ottnDXRTdQ}d$syoZ_|1#XH~c2> z)Ghg{2i6ZpjMfbzX!!cu+A=M>j&&Qm=&#brBo{3WG|P0}KppE{l^HBN)3;yI@ZQqn z48CFh3s&HRGvl@16}uJzRqk-q8Gbt&$V_x2@RugSoXj-D(mD8_C?QOceB_H<_hK_C zT+uAwk|dpNTtGy^Esf_!+D63h znpeWy()mVkcRH^Gr(wz{=W7BQFK3dQg5!2Q`48A*(9dHKIVaD-msfh!M`iq)Tu&!e zl$4;X6Tp6TUJ7q;hb&!%buO| z?P>+CjYiZr1bMtE4NLI?6WeNT-~f%HveKpAJp_N&2n8+c0N_X^zfJzt`kFyT{*s=)q$j%vfA-GmTeNPJRq&?tF3teHWcA60@|I+fM z-eM2Ul8Uv@ez5YW?cGg9wy4dcbX(A~?(~8~8h6Q3-aqcdi#>_rT^q?*SqYj_LK)fn z}B7YRN^uVgsiR~Xk@J#lvExif{%X~yQd4h8fvl0Ol|$HbcLe=Biswg~f^J?1#hN3HH7h0}Xmt$r`h^zoUiDg@v@5Y7)E| zu_uF~M6~6b6B>0jVIjXVwZXG*oOjm-@cvAaEYnahaeR-hGgx^~dn&X;n(tDlrsXXi zAmr=ZiYjs|w-1lqlf1tz!i~jE7cp%?JA~&JlG?wTTe>XZ&v-QFC|_mkGXJ7`L-$`3 zI_>NPh;y4qU-z|{2B@c218&Tw8YaM9^4%naxJ-?^s4`*dhnxK?g)g0#VI!o|jn=NN zcp^pS^sMh<^9Jp%P7q!QChnLzsemxjDBrou(VY)#<6bcFFTGqGC$P;f{JU%LXgiuE z5U~U9t&bjYP3>P{&i1oTT8@-eboX9UFr=;`kw+G<)Kya8q!FPyXFa>xOoya;o$2zw zuW+-nQzxf^MD@m)99OeYL?f2Jt~!%^V4+B0{EYSWT+E$_om>IgL&Bn!mObvwle7V^ z`hiCig<-pSt2pi_Cp9(F(_@bxHQ?EI*~)_VLB+;-&oLM8i&4pU-%YwLWQfm*#%Hf# z9jB^Zb4K}WCLnp?*0QGvF!fFwl9&=({b3!{ zFq}HE>oC!z4Pr4PZyV#l6{@TKP6I90O0K? z)ISiJD+8R?@x1dt8Rdwxaz5JfE^@Ot{pImau8Y9nh6{I(vzS+i&)xFsIStWPMO*00 zfj$oMdzCv+D-0zYrC&kma(iQxRV<|J{nfLZyLJz0)axQ7Jw<}RaG8RwjU&}hw5>)o ztGrE0+IXIgb3y~&yNHq3whJeC^z_LYsSTM@=iEFxPq`Xadn3~?6OI=}=HHQi^Z9UR zmm%ghS#z7d$73-xg0l8CX~)HT_45HnH!7agyY1rJdh}K%qx!jNQt+5YT^@D=UX}*V zzpUS37YKzwSRlZbfycabJ(@<#D2&faPmsQ|M*Pkr`fAZ-Lg|}36A%E??{#lzJvCR4 z_*^%!7}njuQkPm*#?qAbaE2Xh#$@~Vn4VH@nDpKw)dKxNRw~t&gEttsMaC+zK-Vc% zR?PH)Pf2>#TG7_fxPR4Cnb4isE3HkV8ljO)gqJh$+?7IkU07y{Ov#%Xgo+6W2rzIZ zo?*Ib^t7xjj;|5ep%U%FG3ed@@o=W8ImJa<5~G$Id8o&H8s+wm^Shx9?xPu|=u`iTmbTBE_$wTkB?N4xuPw~p18(B9N z;+#e2HiiV{I!PV2rx8E>`e8u^=}P5q!a9|-7G5!^!LD?LS)!W$Ofz~m&xTaNqg16) zpVciwNsCqX@9Qw|Sb-;djeW|lk>0iuOk}Fsu+`{#BPvo{yQ*6+hUOcSAGu!1(xQVt zEs&g^vrS$M7o06cqj~{Kct#_6JKnOA*Z(!F$50k?`}|iAru=*Re=-^&FiTvOX2^SK&XtdSU zvLWsA08&WBeI8!7nn~Jg3jzbtyW#h&LLT>5W!#KwbV;nWAGRVY)?gYvvtMX>*G6eF~&I~J@661mK z{`d7<;c&ed2dh|d#CnXrdX=ryM&!JD70a?on!{LcHom>Mgxt|J%arfmlP!_`m-7Qd zx`b1mr;aJQ98)yDakcG?O2lYohOPeRf@ZH`vgD~2)W|gQ>2UaP9ysV~8da)}yH0(y zE|tS>C7;idh3?&9rU*hkV@14%db*}F;-ECb%vk3ZSiz;ZsbE<14q!|^J_Ds3S7QK| ze8?5&{QH%1gV>x7$`x4AP|8f@3G_VvbINqsfU3J#36t2gIJfVKZ_Nu5liQgMGn8({ zvzy;CX95P-c4x-W0T)pnlz&jj?e6A^{>?@aUoR$8p2Kp)k-osMvG)=FOqw4Pem)v$ z%n9pvjj-QkRSqn5$);lL&*~4K$`=1pFv;c4d1ue%-XnJ4!aov+ZN;xlgR5> zRj-PP=f=z#0ZoT?%9->J93Id@h&J~Fg+Y%~kccCXzWP*J29ImZB#cz4>pflhiIkp} zkH96Sk~;O=#P7w#`Pirn9FuB5m4RK+HpM5#+)?lEXD-41@)>L;djm{t9q;Gl2Dmsp zj&gO$6uQcK|HW$RPWo75yjxt3x`l?|=KY@;h-5rVgey>0e;HJj` z6&3Tfi%pZr`u;T~Q`LqLr+-_;y|iz%HX;^(OZ`HU`p&Z~bo|WuO!6>5f}MUXYrQ@| z;n8)8NA=BxJ#yhNp*eMc&U^J^_f1Sv56R>LVQxX=}R` ztJM(94bkpKk3A}cTHOJ%yOSEDyz#m@)(nai(01;KzE=lXq=D*&!HK$Igcm0JAO8NARG|$@r{HoeMqw7|oL}Vd~OhXxg;z1WLJ0{eQCD zl)C=;`2AsD_&yIC4WJaP=MUvh(s^|Z)k7b_JE>5P%7hMDjVt$tgeYhtVJFDd2RlRoDWB(oi@9S&51a`(kW&i#~Im3Gh8FVpV}q$Rg8^mYxf3U#Sp z%;^(OWW@jVaY+ItaxoS50YegW22Y^*MK;h(-0r)Aq>Bx}&R(UI?ibj2SbO|Ua%{K| zT)-Nc1`Ns4%*&#@KNN!PillEP1)sn`6!m}`5&ON@#Hzd2_@RN^?lqO8BjJ05r9O4_ zgEw&Y-T9gsc?UVqrpnnefAYBK^atVH(dxwH>N`6==t{ytu-EiFS&=skwwhtyUJhAv z`F|^mH*+`|1bimRq8$xD%u!pXa4=E@m;v4ea23Jp1mkj_X73{o$Y_ZK8ZK{G<-zIC zP5pKd4KAKvlxYm9L$XQ;`>}5gY0`xBFKJEFz#~NI9A1lN3Asu4Gm$7VcXjD{7DQLl zl|yg)ym!DO9f0$F<70}@{0kt(1#c3upebo6u#ppWP%%GL**)8Nf4dQKTi4z1n!kv^ zpl?8=d~Z*qQTu~C-UZ@vj6Za<9H!-k7@0@QfBSLatnOJ-*z&BN07$>OV2=tW1u z&AYPqm(1V_;GHz$3ebBP2_&OUrP##WZ1ULKVUFW+h@9S=7QwqYZhV+sQuHX{xE|jr z_XukSad#t8z+|Aslk^1kBo`>}4y)+zo(!6KOz2`9iqF=w#$~#D zU5xo9CEdZp6YFjx%DcFiCWOAp!>x_ZgEau+M^R^UF z$?d+b4!O@7ri;_=YyUz{w9%^}9j9o{l|%%FV)JQN5oGxA#-8)7ju@rNFHIjoY;Zeu zGeJt&R1x3`PXF-N=DpmKL#TSjgcy^xmIOKAc_<@@Y@H%PrXA9B+P{Pf^ia|nztCzr zs$Qgs?d9^thm7QlUUV&lMPZmtgFJLfe9V4-BtMyAfyb(8oC#8agG;LuIPvtCwWe&~ zKETuv%Uc;ujn(US#pxUyIuBhk^H0G77>HUUz_g;Q^Fp@75HVgY3d42L-~4D#=SmjW z?4CJ4gKX*<)n;Xsb%oqpEj=+iCUCRFJE=*cT!jI2?Q<-!hgn;_I4RAB@c+Bc(VZAS zqiA;|FwxoXBVsO_HG~}@9O5Fdc=sy@&H0sDd!){)C&qnImfDW2GKvxabwu6+J?-J&TK_`FCjdcXE7-#_+I2V)y zcgQ=>Al5?~@M-|~KTmf#?J{~ATA-5XmfP_onq9)%X+D^iZSq)RM{8bc0OF}uW;OEx zDETr1z@vRD`d9SD=DzT;W$kk0^8oAOJVKZKNf7`1UTFiv%4b?JyNV0;NhW!kLWn_)|!cUYK+m z?ov$HzltN^O@yTNomY-Ew^zb|)1D)aUNa6~tpG2ri`fe01KDoB-(bG1_<&p~Q6q6SVtiXaQ%$%eTnh@NBpFzZNFOrVC=+T#u}N zVZ!q6BX9$BunfBM7LQ`gG0%Yeb_@6(paS97_kQ+cqWdSq1Glsd)@YWyK#S)OFDIv= z*|DAPdArK=%+;e%3XU8(G_6vuz)ca;Wmu*iw*3b`f6O7)z7Q3Z|c$7vGlJ2 zQxx7ZICcQ zb-kIAGTIk!n7)yANyg$A;rA5sc_&F8p2>+5b)j4A;1{$D;}TZeT8zv`fCh1;54|-i zPLVit+`A|@Z=Pxqzf)43_5r@LfJ$yik4iPs$`~#O8XL$GgzUC^qSattExsc}<`S*whQ^aXsBimspLrkbx^Css-58tsPlhgKt> z72>v}&q$|Ke>tP6V<-R}uCL;xN@u?XH4f1Te-b2WRQ+EtQqgBtWK+<_;MiWaOod)^ zxo19@c5oaW^o4N6hbwRq-nR3uu5f zQn7OTs9ldHrpuPKN$N^77zs77MmmNLr`Dwi(JO3Y$pGqKU_iCNvMH9A1r3(~seQYv zSJ#lHn|iED&|2Efe4N}yvx&~uC+nesoC(vu4-E^jG+XDFzB3X8NJEh-i&WRhUMRfe zu$)aGeodEnijGr2+ zyl^?~m=YpzHY|+|OYCV|t8mV*M`do_tFt!F!q)eD2r62X^#6R409P~1fm2HvWPpI0_b11oOB*PDJpU3SAJC;5G#&j|11x0{Vw)s#2rbMwKeoPcM9#3FzQ7<`Q>!7C^zX>L{{?dDwFPoi z-Xe*oU)-!+zv)M~S8es{c`O$Uq4TDN%C6(%2{Ox29oW%AyZhTi_#atT5l#{F;H$0h zF)J}xnI4)>p^d=mS6;qg)5vfyQ7xG_0o@urgZZTYvo`_46i8)fHVYO5|GoO6p>6&O zEG03ui59NEJUfRARJasU)wTq%_OKU;qRBi(?^0h?{e69{X5D|rbiS*hUhEDgc+%oJ z`Bj)4C^)H{Aog;;oRATwW3PZ<6uTCxV(K_ZthX$0;tL;*kfu>LA(3K580kmqG3p$@ zl;@9y&cIOL!Ta0Vq@GJr0Nd?nZ~|nl{>Ux_-ZWn6;2<|tDYkq3K5Ne2q4eIS%f?3j zsShwTgHv4Gxs(NOXkJy7iBhY?ulvNJ<<$T5wcm`?nGj6h!_ z$zXrkb|9%cA3%d15WL|1OAK5>kw@v+M_<8-X1WGg?WAOb6TiICMwDvzX_)>-8Bq0qr67VS$E9> z)?xu>59I%A?<>QiYP)dvFfeq9bO@p#(p>`#s7M-ghe&r1JxGa^O4l%`fGE-((xB9! zAl-<7G)N1aJ-qMto$v4YfBfaewf7TiuV+1L-D|CT25w%ID;T_w;-wTIjsUbmR~-ON zdP2)<2;trx0h$$4Vhp$#cV&jP=$dLsEDH^$3)qk%B}^9|%kgyklqJiOG)4%VF^ZEo zT&<@9QzMi=TlV;gr9KY}QbJC&C|?l5;bu%5cN}i#uLTc>$*_&M8ExET^GK&Vbq|SM zI)|IkTat%M!BhYR>-+ zIFqJ4avuHR7Q)X=IrP$Xf7aKY6=)hMndAe_ERW_;8et8efWKF3n=SuzF?)@7*#Ky9 zV|>lbzeM$t2~lV_Li&E%Qw)ul#WjVN4Yct(F`8#BIjJLIh%A{D#$Lb(Mvd3U66I+y z|I?p{vvsj=S!#eOL2^x689uM}H)uCyzvb?2P!nAsD@$x>b=un<_pdasvPsHSkHY%Q zR&#frT!avPJB7En>`t1j=0{2Ld1`ak`39u1{#o{$%JIx5{LX!LVOVG4*YknTiQJBh zhRQUyv9IKKe_xO5YkYfJxGX%2=^fjjZo?(Z^IW3R@#P228y|rDk9qd>op&1c5Wy`W zvmhG3*{=qv{H?|_${bXnINcj!zcj>?|Ek~Vz`kpSV4mq=Ek#tp2-%=$nN%F>%N{_n zQS3GYo}D-eo}Hxl(c)L&hArM;jq>FB!JN8v!-OkMfUE27OD4QO10Ba(aVe(sCiK&F zjPR(XSA7VO4&Zi#+tfy=j7w5`YP8m$D?*zW=31S1d|D*M<_`n;9FXghV;d!u4O8aY zU$++V2S4!Uy_i^8d$x{7dms2=uUbBRMy+IN z$xPQ<^z9>Vby|RH%N`Tur<+@>E>|(&`idwU->1T?IV*#LkL`fLwJXcBiMJ9G@Ga8) z)NX~@{Hd)g6zIN+xb~-a!BK`Ga5m`tLiWtpz_7h(nr*7LYG(c1MdL3l;biLx46*gx z!Wj5euhlbJ8gdM`!2aD4l%2N?_j&I3JI3AYFw)a3P1JVf7_-?}(dA#_3rx&hPcwb# zM&j*Eg!yqxg%~ONaLr;a&TNJq(e3`-@ocv$_yWpipj~|fSgDEw#3-JP#T%Y1z)@_z z+GT--Yjt9FX@Uobzc91Q=eOBbPEF4>-ks7kx0V~_D9{@JNY=Wy!zVoO#6vzZH@6P^ zd9`NdJgM=!J?DCgurr7kuPaIhoxf-*zT-X+0pQvs;-2XcU{deJQ37X(pJy77Kbpj- z88+vNuY%?a`Q>UItMNx6d{QA`xzc!OoAC9mqr;1`*MujC2ZrQ?r~Jg51f%uiTfVvj zL2{j%*Z!tHo1?`wKm6`V33w-YY#Y2w;4`jnevp`baTxOZw2yT-?k-P}q3_6^Vqk^z z)ejNxi80of8nlAn7~x)*AJr&%J$$D73J~NAWd3a$(p(ZTTcwEORu1Qd%V?u)S};qQ zl8YfJ`oK!lIRnSA@z__ct>}byBiNa5GuQHGvqf_yWzR;d`6gO0F4i#}_y6>~>HCE31;xMVFJgW`n?G?!VPIa|$A( z-00P~^Sm5U(`hxZGap@oL0J+$F_QW8@{wD05)t(MNE6mh<{&I{DTe)xe((A~rzrIer z>`YsG-L9uv4!2#+02eoH)1*a+3G}n^^q=iy#b&33=3l+Mz?Mizks8!R@6aW1_Z_&09kT;>LHfIQ+1gQ7m z?0bJMqzT${g2Dd)TkFL9J9DZhs!F2_y*qaa4EmkG=0pX#z@4K+b@0?Kn)`S1D9G>p z)R*7MFgL$&y(~Z_Uv@beCy*5g;`$W@V%`^wBRM-0qZfbQB|bbOK4l47cUM@Jii%@B z-*Z_0GwR*kJYafWpZaG5vZ%v;#V+2aw9v z?OmD&ebqe8tk!_$*cbQSc)=zx0JNEL2XefB04KP>B$MD> z6|W!4IHpT>DHiQ_$&D}MN_u0fk&_JT6>ZmS3)z-n027t9>|AZik@cJiiviIbULi6L zq7zT+pXVHOJG|XOs!^GpZpB7zn_*YlpwIhL-uPU44y)77W_qKcJ((T55%Igqi2Qdj@O!0QthjAObS;X@&?;6lI( z;fP|wtLFcRKWIru4sQ?F>R5((@t-P#x&P^E#TPc=Ii+%=_H4V`wZHByXSFm~AFh-V z)~Cm9-+*6h{=1atdoe$tG+FZbBsPPYpql^Wkmp18#ldVGGiPWHVB`RxWpzsqj7#yJiV#;esr=0t zZ>b=|BAiRvRH}}iVv;miIvAKSBY1;kW4%zjh7>o(Tv`*tQc!hv9_@uNDD>}_@lj$J zAE_|hUw>6%{b-2{sHY9XFKG2V4wjp7-sVHO2*SbPm(`d-C54@zX`L0B6iV9q~u@ zqR@>!j4Zxgal%IX+M*{iNEnfb$?}|!u)StRCFRO%W8tLDIa&43yt9F)rk7LFw|OcI zCxh@eDC8>`as)&Tk+{mV)0JNhRT+A{KEd6NbB*kakdx9fb^?EXJXJ9M)eelgW}I^E}4%bQa?XXw2|HfM-S zRWtxE`eXWIpLeJvGKOzcks7;;_L`5cr{n80!%IRI>+)O`PKJsJA|ZS>~D`*d{&w5fbcWhDph4kiBsGi@r1Co!2knLfb>TvjM$6 zrsFN zI1&8glp5ZOjMLV6iM1#g!@!>sTb%nHgMRe&2Y%l45f)-^;+D2fvsyg`pJ8yPacU{< zaqnDu>i3Jaw;^og*8?@YhO-$jU8Y~J55T9&5N+ePGEDVjp|niHef?4H+G3Oo3X zb%k7x+Or~DXf0?o}l0A)9f0M8qJ}Y z*FFZ6lmrwfsRz+x7T+tKw`WY)_eaX7Wrc*cONyIB&E+0fpHAOJTZ>o;jk(qZzqwO6 zK6kv34bm=9loV^zB1qNe z3%m$jRNJ0fJtxd~ zT_Tp{@n4}smj_W#90l8)Snj80anxDImr|QEd^S8={qKmdA=?I@vdNgoJ^%!@tH&j-clva zzBTVWC~j4)qUjO#koB%i@dh(IJ+sR7qxFz~wn0k=zFlrSU-uC4PH=9V%z*81kLTrP zG5G4o%U55|)x}R0J(@-p{ODsMXw3K{t z%y6sa<}+XQt@HNmaynyfoSvzIV}%wiZcnv#*-gzEwrG!^2oWMV>xX+@g9-8b-k@qc zvrV6?Ta0^!Dga)7zr)_Pe@P(fB;#nf78lSjS3tI}ntfAMt6eTc(gu z#zW&F)Jh;?hwGss!CE7*MKkb5QgujH?ya7ktDCj?mPmUIElWO#haOOR0T^-NSOuSN z2iD9P>OBP&ixi|15CQX`m(zm_RiQ@o;>ZWVO@TJJlKme0o85n?91`01zIF2jfsN$6 zGT`L|=D#i}4cC|0;EDp4)4{YJ1A4hXC#Q8=zxlA^r)x*Ky8Kah9&hpIvPv8sXA{W( zm3aEMlmAq$f{;)h43J8^#&gVa#v>(ja;7Uxuhr=RpJWWcj5kP0qB|o3@p8rUB0-md zbfW6GR;sTT3dePVwug(j29L9luKEg*1kb>~U<*!_7g$X~g3%@X=z`-1dDmmih1!%u z4TRY`?NHy>gs$Ky9DNjAn)W`ghmdYOPq+Yy@C;A3t8%CiA1U;vaUV}LxdtRyFb15r zH4K!=uyhxVAfKZl5g`X-xEs|Q%e824u5c@mY1U>`9sVbXQlVHe{6m=NX=X`K&7X+o zQ=d)$9+I`P+P@nYU56D*xRXwcZ53W&dz`7%G5;4xm~9_2Pi$bAoNM zt021!`p@ksSX${hm~2jc06!ik%a8Vqw<^GzTy(7)m`HZxl{X`2eZk5bGeYD1>|q($ z+t0g|Llyh;C_R5cCk0V|8Pv`Z1AWuQiz1EsTjE^SDIPrk*$|k^l^FvBklWkrR+f?E zD1uuQCG9Zs{Box`Mf}=v^q9SfN9A{Be$=KJPFy{tOOYOjGrbBK`*y(BkzQ*5!c|tw zkd!^G?&>5gt{cBPWJW#rKOYF(hh=H&Tc-=rTU08R+d2Gi)w9-~bEE}fgVs`tVzM1I z{4yZ)2YKqIpxzFIEem~SJ55|uNaiQZ&~ElVT7cQnyuDVS+kvCnt(F_N{I5C@4Dzd6 z5mvgHG5_s0KTm)V96>PAngsP$MCC`iAmlX1fVl%E+2m)?QUN27mU)jJ>fZKkj`NVt z!UA15j(p`(fxz|U0nWYAJXNj6fv}W*QfD)JXx83r8Go2vF>Q(HDRltJ*sbt8-fl#L zNd;=#EcvRjt*IBLFXgG<#y&nET2diL{a{xDkMSjR1@STlGTg{8>Dv?-dZQcf(2N~I)`!cZSb90Ix4U0Ht zou%|A3Oa@d3w@>R)uwV5bko=kBg~kg9Oynkmg0;p?i8bNy6H6v5!-g^MVX{fXHa(w zEEaZUvK)GCEA*-w>N_Sx`!(=t{sehq{y8rYcy3yRYA` zRDZgrVx7#PfYbQPPw^6GA~zktL>e?fB$rMj_{uLIt{G`>zJ&~D)>AhVCE48pO((HQ zstJz&J2+@q8kjKcs@iE}oiOx-YdzQ>$?`fqY^hJguJ_B;c9Hxz?x&o6;{69Leo}_u z6#t!T={_+11BiQNHAPUk@!Z>n3bU6ki?UikXFrT%=u%E(!m=}2SzKpxIL$d5Q~uW; z0xE!MB7_M!@1#Uy@f2i39@6Rqd6@c7}Fw$X*F(fUnk&R#7n>GblMo${Lf9I;{x8nOJEOC z%|<%M)i<<2{|-@AOH7|UG7jtj?ruBX2y_rh$)xUr7)bKk82$I6099681Pp!@M8ma9 z1!v}m{gs5iq=lx|vZ1=R<#F{}hGPWmeRpZY?K%(|GO`D$|B!^##D)c%r8mJY+(<}G#WTZ9U+8#WXZfXqAg-S z5-p(`#+GCcoR@Yk{UeOE!_yNBE~UmMjr=QZ zU_vR9@6(%0s;x^m0+8dh+Pw<2ms{(IqH48#8$Km)+m{ue9KoxDq#|m$v{q+i(o#9+ zq{Sa6Bt!h!q;mFyE159T#s4$JCtGE}^vmvDETo%cabCOb3&aUJ!GM9drWhh0u1`~N zPn8`7fWTDdRtstFC+K&^tGzp_iC@k~dM%f)r{s7$+0Lu)NJ|g&*M!_$i{LQf(HOmj zvlh7CGg6FhF#aGpv->s!hur=zE=g4JPhlHBhKW6px0I_r(qN#jor>Bb)s1s`u>|6~ zMgaLq%-e?R)lHmqM(!OC70{hpr^p>NI>iP zp#IU8T$Ac#^@WRNpmE`gA*b|TY5i5PBubA9UvT~)!QgELyjS@t+za8+qQ%wO)^ln0 zWMYga&kZRS6L;t)oihBoD~6+!`#e(i(jhM{gBQ@$zXW8~KH~_Mz1I&3!WUvm@K!d9 z!_s5Bbs3-94t=fI(16Iq2H7aUC^Pi^LBDXBEkVcMGEG_hpQT8$T~WjaxNYb5MPhisH|wyHCIK;3`D&kpgjLETCFKx*}d2&VpulD^g^D6bFdgmoWd zW5?@(Bn*>z{eTZ<*0@}P(iu`^Xv!Z|-{Su1mS6OEK&e*zp$G>fAlvN|{3th6IHaAyzQ;MOJl+brEP;IKNZx9W zGcY)lK!>p1Zad$JbwEMTRN%W$-w?fuwax^J!{hYF_o9|o&>8bkwMxlK8Ttu}7 z<4#{B3o}*{N`fmmxs#tknBgaF)gUCF>FF5i+rgPmmS7c=wGgBQv_8l^@BIvo(3>6B6q;6f|>&xJuh2)s11%uR8@8Z~_W@r4Lu zyW0nRLI$*3dl}IrdVY4SY&Z?=}tFkw@0i%(^aWC_qVdI7#`FABN+jryCbo_i?RumrMTs5R5tqG0~^75GISIw6Z)@n!quGi?f3@&dt6I$9iwOGMi>Q zAVY1T<|wgn+m>X82dEUON6de&6pUZ*8aP(u?HF*M?)X71*yC~VNnD=lxqEO5Zx}5* zde1{{zV1^SIpKuZP%UBLg}*r-{@^s>V2V9ESu>!=6W~4})Fz_E!2;)Yr=xrVa(jFT z1CyJoul@DdEts@1Cf& zRzaFt)jvY&zyBlvsmbx|NUMl!!=S-_5>7Aam*UORga*?043FC3tafQz16T!uy~miICt|Xbd;-oE$4YDQwheM4(=)LW1Ex zpV)oZg}&1!{G`R!y!e&S%WVR{U?H!qIQwjo9^Xu0EY+%mb7~`tr8{1CtJ`p7lT3%vJP3G)(y6%iSw{IiMHKvlmOU1ZL-!g8yl%9PU# z`vZuVFq$z~y~mBA>zfJ}Wtg2m{MHa$G9&sCU|RBcOM>?;m>U6)7wC}ymHjVmD$F~j zU9330TC2sa+$?U7q%XC+i79sja+4c-ELpspOo!s|DxGa}*>h{C4629y3Kt=*0@S|! za;535ZJu~KRmeH8-5Y6x$4Q1#2G>B?W^pfc10ij)?xJ&8r9yynQ_k zLrGw)5NJ)_O!`cxba6nraRljrE2w5<0SF2O>=D!e2YMVvDWeeK#1fLFwohvdx631( zDED{!gpAWB*ZqwQ6l@$uMm`Z0tb};-3-aKtEXaxeP!j);9>Ju0dkv@t( z*Wn)JSFGJlx~B~?JvK-z=+Yy6T~h;^@AOnj1_=bp`@E-c=|dJS%hTO-F$2Y@H4F73 z^OOh@PWEP~FyX0)%sah4l74Y)Onk*2AK2GXP8i%?$16*2V+A}gsXU2b&#sU2dOJv& zXU%MOi|oxFkl{pL)GNAYgHuqDB#{G-%@ALcU23-a5XQVGuTA+YJ9S3HpTJ#(icS9^ zl1eVJZ|c85Usj7_G_^>}KE#bjqhR$kRxkK!atPPD~! zY(@WUqch*lG-qvI1axNpaM@^_i*3bD@aj}z<0AE97U7AQi4WhguUrh&P*NIg;zL}eM8-tG1YH(3eSpC6xG=+G#QjAB$)iE`A+F=;t3iy zQ=PR~U`BQHV7_W1sN(dBgxfCy%679_TjY0Mzb4TABY?w68*g+i(PKCol-HXUt>ZR6 zMRAGkF-2;R>`eheNzBD^finy_RLgk+M#rmg zg2UIl)cIqJjVy!}km&GdZlC;w2Z4qqldiV|{!GN`4{b-u|CX}OGP;T)$f-O7nb{dA zT%JmkGn3OT&z+WLSx?bVrbhBLg88IFs2GSWzqvw5g0HeLn_Avc?Jh`=!{gdWWOQ5+ zZM;qKy=uS@8C*mN{gS(`_j`Kv>G7&1Zadnr1ut|GYmau?Ja_PF!QY>(LvykR4$x^9 zeH`8f%0EKPy~QHWq_$bR6=dy=l{mK zh~br`5^T?%fX$i`Zr?1@umBN)H8>=m0G@fs`lz*mt)0XS(HL$LmQ4t}X?-Gn7!kyX zVpygu_Q8UuoseyhOuKk-_O%C7JK<8S?X69t8sey1zI4}VZBI+tlH3#q6vuCa-@+ZY z_=b)-XS1G-i0S-ik`*&zBTKA_{%I#dRq--7&?N;Ie0P?TU^0D5$n91cRa?vV*T-U5 z1z$8)LVAI?&hN$yuObc^5Ct}Q_%GU0rPhLT>>ZkHQgY-`%kg+#Qy;1GIr=NqhT8Xx zmlQ=#FBwuV@ijVxN$+;^eyDAv_$a@ zJ<(;hWT-O<3FjJ!WC(d>yZwwam1UYf3#Iq%JceZ_J-#!Io`=_3J-dI;Atkh9A`0lQ zi{FIH(ImyG6|Ok3`%1~Tw~a~t6M^7DXV83UZ;F~(?wuGm@}OI#vYvq)!2K;l^!~&U z8i0lJI$KMleL7>M8sA6q2RE~y)UqKy4BwlL-yH%$>N1%$`f?pQip-a{S;CaQyv(a6 z1uFts^JnmrctZa88z8BAiy9*UXCC>*9TwbOsN;u=AXYv^)+7uPw}^|uzgnuvBHA$% z$H-NoZkai&af>#oWro+hesv&@97Kd={TRltX~S~uVM2s8=aX#@DT_&e#KO2%yEUSU zyrNMYAa5`1)p}TL|H0wgclTNT2&~l zJzrWz{;js0fSVB+x)v(_2Ok1WsQ9c^{Won6dI?MnRf3RrHaSu3-XY$dB2u}bUsbRo zX|@)Zba@l8N7QfEnhaN|)_4?x$gr%R!u(VnZA?T2JsRga{rdQ;W!Ng;GhB-3RFSJn z6DZL8O5aB6qSv>w&4(t8Z~GJI@9v%cBbnDN33%#t+|G{;U;c z#BicEKbbM3HGA&QIE6{HK9=RUw>@>d+u;}OU2J>hgW5ia<(y5A!McVaIb_(k0*NCRK0UTBgVds8@6G-N6boBr9f$|@cLG>2yp=p-0lnp-=TT2_h^E6^!cHY8nn z-~6!KRPkU_u#@U)&d?~F_dyDtIranf zJPdfdA}7dsp4ldI;~YZp_?X?rtcTR^7KlUF4bKJQo5wXW&U zpl(2aEKuPCX~TxX2F$g3FM7qlbQm)W5V~cO4Ebo2B!P|W3ccGy6@_&(Q} zJuEj3x!K!`L2>7#f>iK8y*9v)bTRcS51jYw+Do|eHpS|3l$fZX7s-J(P0cV<(Ix0TnCAA!qZ$wCI#%tGSl>d1k9i>2BJa}lhzur)#d3tHWT&Vx@` z>){fu_q0PsWi40>`ZYX%)ik)Mw^X1ZAbN6*Br}{*>^FZWUxB-*+zme<``LgIh$=}v zp_DbnunhH~#y17Yfs4`K)DFr_@*bL!-|cX>OF!zWXsf3qM5bim`kzpGJ4F4EbsJ0< z+YuJ$X`PQXlUn?u-Mk$c6d zBioUb*A0n!>785S?49W#_0c=<+B!_1|NLto_T}8Je2N$i(i2Lk-<&kK#kkMrO&wOX zL$asz@HxJmRjh7V=#*2c+C!40?&EA}ws~K&mt0i^tfE4welghAuQy6 zVg1q)RC0+$!W&>p3=8I;WJkYvvJ`l{_3)NX=X(F>YhbIyk2x{6KBb80(HbJaIZm%C zTI~s{>p6KhXOg5lWHynWX!Fx_7#MR4vc@5E@CWNA^gc!1 zD(1PilRZ!R)-w_fX3srO10 zJ5+lDntX z55-)29xwOJME{ewSHbUpzpR7aac43Ml(_J(kdm~@q>Y721dCp!UOI@sSU4#~Y4V}aNX)ffYtxUI`Qt>W;xB@o^?-Rs#?}Oc$oE3eHBjL*H#r_Ty&y%h zlI|GRhQv#rTb!JDG(+ve_OS4E=cqFVO)r3><(~mo#@;`CpZMNtL701Bd8Gt4C}G3d zC{YdhtexvP{4LyIu-&fIgcuWDQSC@fXl@1j?Ke8EVw0;k>io?~FVocD!io*>e(me>q_DDC9b!(`;Yu=ttho8e7TCLkHDT&Nh6eMWztqZ6k{N8>ZgSq@R@w{x z<87z6A!6Q5aZpuF-hqP@JwbVHz3_h*X^ZcuH|u4CetqS#IYLONN-Jy2utIKc1=wu=F>8PabK-R^o7=Q5%lnXJ!iVUcsB8P<+hzLa3-!Js# zTlP%*H4Mm1jlfc)y7SOAR8(DU9l3#sLk$}ZCor9SsUI1-nj_*MJz0+1!dDLX$8TWf zmml9wU6=4ycUTK?m8bk2s(6ZCuJAh%R>BnR)da8QoE`{tw>yt3t=Qwg=Z~R=mhF9Z zE!abV4D2{G8l=$&5ApB0RppXvr(Ng?2ds}nK)LzgUaH!-YLO>fC0^CL^7hF-b9MLo zM+D2|ka?Dr8Kv}$ZKhJ=w09;*z7P5g<;9Sd zhvz?nTPxnl7|bm5<<~RXYcLmHP5@>Vy~)80X7h=oBX02))^uuJwl!~EXyBJ=dQd?8 z$P^vIUK!IGVsM*a255~5MF&?0(X{O1{~01`8}2w#RL~Qmzb2dvK0jgjKhHk^TR!C8 zfTJ7!b2;GBWTpgzw%L1hmx~%HyVL`)kznt{&|C9!aHzVBLn|4f)_rPd0$EmT;jiC#O;z6;W|@qiqqsUS-qN1V4o3q>Tn@I zJt5}e!e`z5X0A~DVyW9Rmg^*Bi7xG(t%Ze!yw9t{BTb&&xuaT@Jg7BnW~_cVcvH+v z_)MCWe-SCOAe+VrrwnvO{A~)9GL{WkU~Fs+IjOehLPHX2`h5^FwnxXXQRe>h{_(An zL*p1*1Y)w8ctsH&;yih*SeSgu+pgyC0$&n_?2ZTzvg^+s0WN9XG8bAJ@7I-PuF z`s~gQ89-!5Gsxk1EsN{%)o5D)fyhMBVF46MBJ&aWnzWAt?*9;0IxPJF89+72g}Kis zzxv{z2PwwCja!SD3pB_4_eB72f{SKwf${QDC{%_Xd${^5ixyzVXd>v>YXkVv5CGy# zcV%!{()a7a_g!#>0Dk3o+CP)h4bn0E^D^E99`5CY%aLq2@#@*p^jVbPF#RNWC%+Fk z3=2ohIz_>?RSQF!K9{BII64Y~&ms`U2!t&tA^-+4brm~peJWwFrSK|xnH${ccA+lQ zd5>MntY^J$0UjX4@{P6P87Pkj_~5TO|NnpgUjqLR5;!`5RAmb3#KiKa;oefc_uy`^ IlEt(C1MeTu7XSbN diff --git a/static/images/docs/git_workflow.png b/static/images/docs/git_workflow.png deleted file mode 100644 index 80a66248fb87d62344eae6b673df4246369974af..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 114745 zcmb5W1yo$wwk`|=2o{_Q9xS*9cZWc5C%C)226qka5Ikt%?iSqL-QD#SN%y&Z-hcaz z@iR71d$X6#HGO`IU>PaVcW~HnU|?YH#6Anjfq_BJfPq06!a#$bd@C^=2K|CG;+NzH z0|Q3FKk7h%?g{ih%SnQPxsrl`dHI2X-Gd%^?Sg?h(1U^PYlDGtB!Ypxw@z)4%*&->=x4aTBRX$`A-z*%}Zq(=yT06Y;Kk&%35opG9CXJ`WNdG5%|S=! zfjWln zp-}gZ*&$?%o*D~J?Ac4M?*~f=DZxis_6_G4i0Yc2Ne|+;RcPM zoBn6jJpTA8C2ri0fMq+;LDO_IdPd_!z1$%3su}o7pUxG}c zIDX&MuvIG}iT;vt(=_EW-y8dib*|c1Wf7g#^9$uujs&yX>savM4W0MUM#jY$AEE(K^VA3LL0aK5OKd{IrO`Q3aI220LR z?W(+LEd7)DTtSbZdGb;fKBH1xI8NuKqFpWl<=d)? z6|Y4W8yBbAjYYg^nH5jS#8f4QAHTNpe6*6RRH|+Qc-qU)VEN@dFp7^Q7jF_}@MlSt zvf+U=zbE)N0rE!F(!bzMzEVRib^d2ywm#dro8B)4o;Ux0=X%Ghi=Bh`d*U=wAd1U= znoLi?MpARFQVMVfe6mmjk;&E%fkJ)=z|0NWI?t2M`oR??tQvEB0B8dyoo6e$U-z_H z80nRe`jIE$-1@WYIX!|y0MTF8n>RhS~zmLf7MERxc1oyF8oMU`4hJZu~s$%(Vn|DEq&<)O`|O`5tC1pqL_>Nfiq z5qcFZ9LQpk(z(x_SicNR^R_kEqQT(RLFO87IT@zHkU3jO5=ZIEqrvPE%D_80`N4ptGf5o9X7f#rOrwzf2Oe zIIncCp=h%l!GBe)B-U;a_N7bdDDwZNpY3HK;NR2waZN&`nVITiO8;wDwS?N$+w(sa zi^?sRIG9*imPx6sV*ZW5d^4n{XkRWmJ36SdohARZPZDikuc$zWOb-|}V)T~>8gudtfQ7~F*Bz<|f=dbmsO8_10>-{&Y zw6S;(snulFTvKW$W4zT`2{b3OZC9DAVRQK@0X#~v8m0u4TdesYeW#3R(;zyPcXHyo zl;O?2EFG=Mv^%2p7&}xfF20QL&zvNJ#O}|+K;kZW(%1c+B_Y5;L_yg=MtMf}yspfclj!{X_ehkG z5@}}RhRP1*K#MWO7GPBjWNN6_%+rnDc#aXhxpC%1Ee*n#0t|HYSwG_~^`hcpAw@+D z0YO0vL+#C_j|8GWx3<3d2nN~}quA&pqBw8<;zWBzi1=aVU+rFev0 z`)sVQn*+4B)Hf`%SlHQxbBdc@${F7%muWEW6XTh-VsfFjI=hp&UX2YIu`F-?R-UuL zZT^)8buwodl*6g?G2}DGZYI;AyHiE^s$6t`2~#E&a`~2ejANsZZ%Nf<&UnqOvY_vo zEYLzns2vSN)3+$bw=>_e?;Gvdo@N9dt6<{#k2NNEb&Wq&sg}u>x*aAnoF%LGC2x}%i^9Y6^0G6>y#dG6yksmENRJ-JdKJU) z@lxw)Zi2)9LJ}Y(c{*^YhipRmgpQztn~&P}8UEM6lEl@#^Crz31(SQczOD z?C8V0xe=Jb%Y__?h#PkC18skM=%wf7apWa4XA=_oEmr_O_wn+dzt0PkP}Hh84>+%te^$D>*n_t^dCU0~FJ&t(E^h67 zYhZUGKXT~dW;V|h!ZRLN5f29yjvZ+;(q&svBhQ6L$qzw7kRL8_e^eAjw;fP^ zu(T9qR`<8}%BTGCRQ|?|f!h$^dgac?PcXxz)=H>oj(xMFAxy-1WFVSI=*P`1X`+T% zdMEa()0|?w)CDzbXf}<%3Pza?uN< zddN)#f?-X*I;`7iPEyu2C*h{TY;^ce>sxRG5s-kn{GYJRi1 z8W+cAu+-;t(rC~od;*`VakjjN$o3r?WhZoEX<6XE@88S9T#*-)ie@M#8L&NKfcG=(a_SC3R|UCVvi?X-fN$Hi0dh= z5K8mB^mdmg>yCG&7Crz5I2*H4AvG_ecN~bmi{>mi#+Z}2fgXEZRClxLE)l-0AtD#U@xxGs!aR(YT zg5Y#u3@uDok`o~;TFUku?F+Y3$ya}egXt_FaO@mVh9|LFInqiW-xTHC+U1+^&aiI3|4Y{%bj_ctjxFXe~iiw?iS_=7ku%F7oP)3E1NSBeLEtGm&V8z=gHsRm@k z#~b3Apz1NxFi}$@l(jxLh@qxCLW0-Rj#0!AMjWc{!|YT0g7`reQbKgOf6Ocb#=e-{ zhtlAWXI7Qq)wrEs(r;>Aezkw+^AjCdcC(!PuZA52U7zIEl^MV>GjCiq|5;ZF9GpSpSLq^I4S`(zcF)+y z|2b}FnB4dKrt6h2^ixNnM15~z)m}%xyVKc^F;^uo5%gDmXsrX0*J_}+!u--xUoNJQ z_LsIe6mMJAuDn4Xt0cv{d3p;yuV@7KN(%2r{x*ALx%%C@lU?gZ)pU@X+TSmZ4gfe- zrE9b_g@o9NK#x-m{GqZ`X3Dl^Htb5O1%8@Y*dL4gTW)dJv||qHew}K!X2j6H>I-`~ zh$Ze5)_GaCtDk30*;4E4>jX&EAX`4r*T?7VT=&(r2c&=0L;H|7S>}Gn{-anhiL~kN z)ioPbZNqI*EWi7OwSNb3ZD0OtPwvkr%87I$mx+{^ zJ5@@SQs{Nhj!3Mp=BpjI?Y+$%zO`2Xd0;Rzf^19RcfVkWWp=`-^Zy#2OXRvHgoF%! zL9s!I6cb7ke333Ca7%6}p5X};4Be-Xpe`svF31J|9#s??(=1}Pnj8zT4kslzFdnmQqa{OZHlr;SDlvBSfF+7!HXFOy+s%?pE)a$%z zhu+MMwxzVuKp~%h0cVN1=gTYOs34cu`VJMDbx3er=pAb&jX(`n<1-S_^zWVHI7^4f%i+& zHk;BJx-Z*UyDOSWgQ5@`eqPOZ<{FSVL!cpc1t1X)#2s^f85kHu1%A!6lMF}L_$%__ z^Y^-5Kmyv{tE{OsmVWmcBN?57UF5T9j%d%WL`8nOB|dezML}?#tt|4*dLkL6gs?BK zhC@Sp)c|~fC@OW{MSGW&hVASX$UgxKJt#unqS-cLbNXk zUnAiy4VgCp#`p?8-Gqw`sR~M>Nf_cMbp5F_=h~qfqTXEqwxjwj?bvOG9W@YkXr&oUfJ&_B*dFH zgul5xrqLgy)cz;86%W~veG+6$^7u^hTtSRN$XySg@{v%}$pIpL_XS?-_L3QEY)(Tn zbmM(wTXsrBKr7Fv`f|!6h$|F_KyrM5Uz!JJMU1f@j=sMAF0eFeWhNeNLzn> zUVPLU$!IRD@kRM615y~EH`Vr-mVY^ zud7@nUE<@J!Rb8Pd<3nwete>#xpcn5SwdzWKpf@qi=%m{#@{${kfBO6gk!%s&I0}* ze?ksn0YEdhcX+d_esCzAc+H;ZbqlV+2_Y?=5_))!gGd{?ek8^B@X_{*CHOHR%!e+N z&yG8PETy(@oBvZ8Y;R)I*jxE;FND*)IDVS0R@HeY=>Bg@!<;>E<_ zT1Rlf0$q5>*&1W;h>I27g^s(7F+AhM=xA_I{sEMx=%Y`E9E9QW(plR;!R3IJzD;at zdI^dV9mvvB>Y;v1mzv>Km21oe^WB$zf*|sd*TB%dZYuE)@5TU@RU%-A%=@}CRU+Hvc?QF8Twtu`C%VdCd3R{8R@Z}8Rq}BGP*ZOoKU-1p zsZWsRvFp6&e=-GMm)DtL?KL2h2@|7hS`X$|C}^zs6fJr7{VjYmaKIy_Oo+pYUd=Wc zvCIvUd)|j&7Gw9Qdu$W#jIO%pHVPosN$$vtcf%f1QvMOXA3wKRP088-hVxnsTsM%^ zbB{r9yKK;)DmBeXtc?QJ-F_3Sg_74`(qcQ5arNLK>MWUzRzRDNI^H7E0mY!u@BpUV zVvIwoH05V*nn121$Rd`P)6Z1LC%;Bcd_}MdS+|v@(XQk~ZyY8fzox~({?VTEqM6S` z`?0AvnfbMI*6-k5(s#{vuL>GGgt-IPqah|{UPBLyY$URI;;Cu5kRIc3he#2S3m3&uT zPcZ8CT1UaGEZe%l63yoqR)Yx@+}ome?+`-W5PLP*XN3IrX*wNnV8bMZa#8ip@{gHp zr+c*TV{E}aRD0eea&hA~hW;$ZdB>cTSSTH%qU+W!SC9Nt>IJ1wcDfWuF0DD8Cam*Q zEQ$XOgWWOeW~{1Zi#BnY>7+sGFDW72!Hq=ZOg-kW{TTAj=lvzDZll2_d50e~z7}^z;fMPJ<3P`N=RDW6bnFk_ zQ*K|(`<40|6#O1T*UkA50&E)DzC1ROzB(vU{B1^Z9M@#w0gGx`dzWUnD}gNs=#FDS zrJ`OD%toHu39=1N_<*pRZp^JGjhpla3gxDJ)6ghPl9dDxU}4i;+On&lZ%qvib|&{X zP!t=W{hdfF7A5oB2i_I+2=C;YT`Z3WVhH~Re8f(gr+nubsVS?Fyy^I83cRrzWQ&}R z+6@NLQ^u;Ho-jObzv?75J$dD0WiLED5%o`dl-b{yil!2-BshRnh?oKRwhztPk<#L$V>^h(sSQoze$Qt zNMreVp}&|t>A8&iXs^{QIdOm|r`0;D)M2cMTHB-fVVIBE3W?w+V2&u^n z{~?B`QV&GVk%UOp5I+L%4|)^GaXX2OIhx4~UY}<83mM=xB!CdbP6?O6F2{rpKuqU? zJFLzYGPp%ta@gcbByZ#6Dk_rcvW04g;UfIovDP+%uU}Hg zC4;J0!KGEF-l;6c6QwkNT<7UXCk{keQcGxi*y@~h+Wc}jhi|o2Y;ymVV;Wy%w&+AJ zf&3yS<~`78h69r7fNe!UxZfT9XE={M#Y@c?Yly$z5&rGVwZ|bv>CBwVEm$66v$B4( zf0-QVhGd+qO^rc@@HDlr-jR+F34V80jBEWj9xrF%V`lWSApU6=U%vrzb@VK!VlfRz zxCaN92#l9^6lDPvW@*eG&8iB;YTYo*f;=%JR2|?HxMuiSVk!^$cDE|!oR`m}#Es(^ zgh3b))je62(U;FyOHaH(I>i~dCzlmV z71zQ*(H%;r-jEal9+61X4sGZ-=k&2?`7D<~#`DtcXhsdy$&YIP#u8jn)1Otj7P2&W zX6ZV*PFvZt%GC3KZllu&X8B8tC|i9pgJjO-NjQryP0b4c-8`uu?Z9a_uI(cZUumI6 ziJGCXllynw&SsWG!Y`lF1^w}o zxP$2p(P{rMmjnj!ahH(NX3nvdL$_K+Mvz6wgoM$T@yY1Z@iM3Ev*5O{qX(2MHuwRc zTW#s5iTID9vbGI)#gCdas0|W;>w}Vg9_02)e_z`TXN~N=1ED6D$!U7a=;txX*?Mm9 zEZ_S!!SV~ZFwt=woqnbdtE9>IG;I-Sg+VZvQ%fJ1utHg=y)3mmOwd&;N;th!QO7!W zv3!D_O|wZaUC%*@g4f(p1SEcYosmNtwj|ki;MEs3hn08exgR&oauvQw;28vV&p$jv zAMD&yp{7U$?PYy9n6WRPdJS5B|t!my$|slU-KPpwCJ4`KDx2%I4R z>a?e;OH4X-EY#`~4sj!h1@d%IMH8X?hV?1#k zWIhtSLx1K8<#hG-;%x2X!e+D9pkT6b0_5!_@=*oPY2;!^F51;mTR_Tb;w_3}F~CCj z$)ojDzgUImGuh#zD4P+x2FPz+$mCQtS69dV6LDc-VZk6FDSsJpMzvOj_zEOd2A(6n z(61-VVv{bu&H946wgUtIFw_ap5`bjphepn~2UYK1v{F=}JT2ufBz)EHey|sX%$XsT z^r6^J!lN0ZSCJC$LQdF9LMeScvCHeD^RED!U3{N}cru;+qLgy-ipaiYFFQBhamgwB z3?E@id6{OSm@}XC!^V%(QsfsqZ(Bt8I3r4G4W-lb2}Vw?<0I9+D6K-u&c)T^3-0zpn2w;$WDsm6uAi|P{z zyu+I&Jwu8>7;{?Gs&xcQ$}yWMX{|P7-%>hh0*r6fOUVY_%9oEopkz{JV~si zJ>jEv=EHl;eNj6N#%fHx1B^8^gD&>dMJ${%`T&gTAVg<1Tlq*XBP80WDmPHFF1en9LToj1_W+oBTaTu+z3W>5v?|BW=`2QgP`YSm#S4W?j%#G4~Vc#NyT)TfgJ@p&V1mf zLcc{Z61O+At%s6QIx3DkS@bN4nw};>N)9{!G*onkT*(#-LsJ!A;@rzR!sU|btf60zcWzKs@f5FyIcB`m(%QN zc#D0Mt*AFqG}ZpVFmZ@T1e|i1Yoc*oop^eBT9i3?2^5MUh`w(D`EuJkJ2UHCLsq&yYDmuRkoDXsgI6MORn5r50j|DSsNUT z-9h#9(_x8?-XAUn2b%A1Owt6!51YQKmdUTSw50d+_kI27ml^C-}1)-KD82dfA^~#2j_>GR=n-$;107G;bYNwhZ%LU{UCa z>9TM|=c73+rmgja$s8kbvnp;jtPjwosvx=BC&{fw_2WWa8;XGYir@VsHlto(bOGq`m!{I8NQJ z!E@q-@<$NPBn6V=9rzHr`OAXEG~OteU(_DOx^cSE3D z%p8<1gY#}{<4YlVg-J+sgR(x5kX-lsu0Lhn05g-GL)E<4qH64czi8M-g(6kI#A(Y9 zMc(5R;=~7~XB3HFHlOa#CHL3Yzun#UKVWfMmhB4O%brTOyxGcocVF7@>C}lm^b} z$oU5cact4axzRZ(S!Lb{i}h7J3P4(Qj6}%)AR4?m3Hf^G(?%QNUAEjxEqADamKD$3 z)A86nV@fraj^?T2A8KTSMM9ZF!dWlLuFch$q_vvEK2T57G14fj5zhmlo5PO$7D^Op z3>SB2K**k|G!uR&>*1Piyf!;v@qa2*C7GFEAV5?AC|euj6^d%z>#K)9Bgt8BBj9n9 znvBM_hrlS*mFl@ zTAnIRdmQ}8W+(?fSGtb@x8hGc1mCfho>dVSDRYrTIlnZk4hw2}yQE_%znEm07Wc z3?+2qZGa!+0l(~;`$y{;} zCEemIwOJPg`$bBA_%Mms(6#bV#vCtzWh#_~P_^UHY#RP}O|l`(`tl-r?S016zPa%G z0P3s(R5J~sU&?l9XXz~vxVU&f8dL?SVw*frfs&4;xI+h65u?*=7*=%A6scZ(8cPo7 z7~j?*lVzZOm(9FO#aF#Gk#tu_K3G)V*%w!1CB^7l_Y%wNjb5}Z6f}R2unBEk<+%1p$k zi*;_YQFdt6bHCW0&pi*8q(@GA-72Kj%>`H_%muc+d0;$_b#kok0Fu3E(V777Zg1%P zEdHAVaw$n6e_M8#F+JSHq~RKWaQB2;g%m_n`sM!m8q+DtJ`m~yRJuM!No>?7hx;y_ z#k1owIA$(7{-|>MWk+tvWYZ$NcmK^jiUQHkEq~f~_FQXO(kc(C9B>2cYh(ez4~XX$ zOFv$q8R9dNyX~Qlx6eH>GXcezH<;3htw1# zjhDiZC-9#sYjOWDp3p-qij~F+L)VOAa6E__QEMTlCOb#Yf`yq7W-vB{@qMOFp@~VG zZG1$T*hmSz!D2S#wvRBxSB`3$Vc;uPsJZa5Ow%V`A){~FL;(NeUQ-=WVR0D1be`VW zfb3}kd_o9CPHx9q4e3@;X{{+ADnPX*HZjGnSJ^h@ka7K;D5HRfay}=m9|T8gTloC} zo8#jIB3%O1UzjH^3h(^R3_)$aC=-Ry9nii8_3l}jLesP_j!JBC*Iri3kW2^PsL#n# zuhfrx=y9Xk04lF|hbfiW9A?(|k1#rS*fH8#E(+|8|C;qHNhEaKYm$~wP>T2^mV z<1NZHIJ`Dft0Ok{q=eoX#_)xW&~`EBiZ9XfJ>{#n`TC|bUVnYape$SN=Y$oHCRV;3 z^u449JX$4@u-dkozBCg5hUpwWRw4b&bSwcYGk%J#{ZV~-tE6y_=geq)iRp_*4bA*W zDdTpPZK;C@u?ZS1CXBQ6Qef;k3<>TnAnxt9ZXTP2?}8WottL5Nu60}0Fej;qeK)Ju2fr?)|c3tS0H zdwVK)c+pqy3^!L64hS?cbfMikMr+myxaA3QW<;9V7FjFVm^qzloS?tZ=xpAWt`#-X z+qj0jT|ucdbg3D^wx(_T%yxdvZ+*E@;?`6H#V{=fb9;N)o%>~lGnhr;PcW2OgjOee z^HPfqj%QXPvegCK?RI?M$;Rq|dmU24$8Vd%HaKBekgC7p`oiIB=)&%0v zer`|wz&_O=$wxV(EuBH_EO04_oad@U&b#gkKV+05IFWM-Z=n}%=c_Mf{dBXx zMRmA;UFWx7I@Cp>y)3|Z<>vKRvr(GCxu1LSBK*^2JZH0ydwlvfayJ7qzIQ>N8PCk3V{0+EF|v#5VMKdY^UN|eE|BqkS+LWF+bRPA1lkVS z22_Sb*K?qKsmbcmShCXzU>;z*-HQiVb}Dh`#*4Ohl9OGqi*DNer72~H00D>f!`Tr341+LZ)`USpXo49-2eFLa`{jySwKUUZLD6PMC8#eJ6lp00Vg?*L)d-7YZA zf^U;LF$}>;RyQGQUNY`P-f=cq=*&_mSjfLAS`x@*wLF{!iuk(-K%@n<-3dt`o_5LW zW$<6SEGTJk-vfrpYXb=U;FlKyx>SB!w%39JD80;rwhPnyH6>0rz!9x38PA6ylG{sc zq8s9#1ytXSh;h5HpP+urFEjc?wtelQsEoe*#s|X zNC>9d%w{<+$Y@^y0mqH(PNh_vyDYViHluHf-%_f5re1;_nTtO1Sz# zTZJk*tUVie*{S{G*~nY^lRNs`tCre&cUEBC^C(5oiZjAnr(vt*=sb3)kw5JI*UwBz z&~RpGwC}$xzTqE`UL7r!3_`?%v%1;Nt5#S4W_=4m?bZs{7+*fI+>K8?^$`RMd(Dm0 zQVa?~&ko=SK~d3Wi8-YX^EVjluZr<+Bm)gvre28wPt%vzOmwLT!7ExR4z#DXwWEK~ zGr;b!rvFbX5^X6^#la50>6M<|!+e=T!^}zT^ou2oV43g!+5PM1QIuCY!}PzxTf87s zBVTc>yu7@xp2>d^=oMD!0Qv0r6LVgqgyC%Py%B-_Ao&Kf^q;pl=)AXSBst2$tHS>8 zcDUl8*#xfVo+=@~GVU1oNM_w!??Q;WgaBxGY=}Pveh@W(7kPiL`=67fL0b)~j=wuC zO@lQql1XmH_^=IFlTc+Jg(Ts@@zEhpZ|}moK;dXx8ita?g|(M_g#jxdSY26WebUj< zAq0W^=a_@XO#dNEza`4}Eof`z!NXPOCHdSa(9CpqeyoPn!yI+XlgIaZ*CMAT25uI< z$zqTmH!0iPZ8lO)^|>kf*4Z-mhO;D%sdxi6CpWiRrC_Q`W=~zM(a|C_2?X|5kN09h zg2%sTGqxE7#SG4j`-plGElp6u?;_|%gvAT!285Kx49F&~IYM?^LrwzdrW4Lo+2=a5 zIR0AkYAmGd^&za2(^4M+$8_pBii2iuRX*_OW3%3n1u`k=w(doduU~V!N@@)(%A1_M z8JSdEe+!N6rRxUFZYS~CqwrB=Em$va$U_kVdV1t@8F&zjDHbV#fL5}v8ClRSt|G#~ zyq%s$adw?o*H2ifd&7>{_wxz0{$nlJ4YD87`l-uXoN!5vmKY!Ts6 zRmAE2_=&Ke5jX4Uj>qalLG1Wf2+*vi4fQ!*H^rFK`-9E7alJZR$DYq?0l3?Xxi%Vj zdP2FeopwwiL-^OuS#v{-w{L^$pa&FE;TnmcLSsbwXtO+$iVuZ13$ECb;HkjnQ%Lxd z-^8Bj``JxCwe;YaA6Z#g3|Nt;9?Sl%E2V`TtW4HJJ0c|@G8~HYHDzvYXKVK1J}$yI z&nmL~#)tiu+EIlhK|b2W4-S_+4;4U$jxhZ7=} zg&R&`6B@L>zCIb$E|Bq&=!-UE0n&qvNv0V}fxwy3RL5pk5W?YDwM2gPKiQgA6qJB? zPOE+-R+ua-C1X`J}&E8=wBULZ6tf^$hG}iSM+FMkdA0e&7~mcvZB($sJL{cCU1x+`WUQ2 zucW+%~aER;4sm?EvC{fcbsb6^&dD^9;dx96R)r|=mP9TpO<_+vRpl?^Kod(CQmDNv)J4+n zE^T?o;O+)Q=(GU6GEdg**D`Y4*{qNPOQ^zdRl<2x+@(Y%Po&E_MLQ*fL&p8U8NttjEe#)=%P_h?}VU$&mCwF^}Y5k#=TG z?bARdb{qK0pq9@RztK4t7Z-xY#s#n04L-7u)>!^u1c4k{*N%&ktIT9kxJPC)YhAqh zk^qb`-OaRnrIXA?|NGGHzJ*WkCVG3b%X^^b8&D6^k3*BnEJVBqjZ}(@v#{fOoi<9? z!EcAgJqncUhE1fk)ef09-D!?c`8SIS4!j@imHV}hZXTl9Jej7ySwqH&Ls9%lDb2cf zj*og_0~n@OugNqOn@gM?4tDp^azS+#*sqeBw(|HKVr-n6PokpZSlIrl3-2rqPA=gr zKj8Q%itUY+^mgWujtQztv%1-SInh27rtP)3 zSI|;&85dAAi~s{IZbHq^UHMM>ek!Q(|81I5Q@lv&Q3g63%zjSojC5aS_C}L0FO21M zPhqQNw;gIrFX@=8xC*I?ce|}i9a5I|0$W#*Mc*Mdx5DbASA^N>mq{=?T~8gNy@3K` zD;yeaU+*GNyS?D@+%*oWMM^)XhIXTU0Nia3=b@;?Sly+UO*|CE4y}7E;qZ@;=`0sj zqFi_BH__)s9_QVvdFZx&f*Yax1gY7hk{-p^ivp^My}Cfhm>>kGMxd89`bS}Hmk3;R z58jSxbi(f82qV2>`vLDCdNwlxPmoDI?xIzTU9O9}cjb?f% zIPQGT?iK10eGTd&80+(eb6C??OhGY=n&mai|)<8hV)A0gt%rnp|L1t zh+};;2x1SP7z}c6(-Hr+ce45Go^|5xETyJOI+Q3InA>#Cd3TA*;3RU+TGGvo!_U!Ae}*Of$@~N>J<^Q3g==031}7J7lXue3lEo_~k5L z969=vU|P)CYRj@4xP9hM>zLO~+}B%v5nWtPrU#rgbT{QCEGfjavSeoK-?S7H7DvK{ zCea-ORaZYnAfJH0^p$+}l;y=gdO&^DE)1LHrpOnvzDD4OtUavB>HM$5d-)$n-?o3@ z>ENF`ORoddd6S%SGam}oCl=9F$)L*;JT~SK7+}nG#V933%sJ!g7z%OrgcDf{DZI@fhCeGw6fSCks_oQh{Lssl~(w(ZV%GPFo( z-9!l%^VyS)NJgU}lV2V{A*A?M19pXj+kB8DaLuA44)%7j5<*}EKkDhW&eRDB zQD)bd67p{NdFsbuO4dFERRFxzc2WJ1=znS3?laSZXNA1%q1#HSv()Rc;rUU>2VlAd zAOHbELrs`HOg zb?r@9OYhIW7HF_sVjSCG+So!~Xv8-OSgoh$LM6_R(EWN&I>2{DVxX!A&KL7quQ_nR1v6*T@!zb5)&n+RrhO3TD#_aQz%#Cl}~an`IS z5$eHUWM{J?Yjs3Kw5&pUXz91R!xm2#rsLhuGDIw_K`db*6Zx08;NNf%x#ig{Jp@lP zP5jo>4{0|);yG1(VnQ5hiTF8k8L~7RuF9VjFsYOQ-JIOQOK2WaaYW7d>uTg2tq1O^ zmtpqdd(l6kFG-)@jXb(|Sl+cT4u^At5kh!lPe zbqz{WpnIH6RqmU5KuFmr9xmO;fR6FlCN>a_Q>i_+aQ|30H6V$wc~&}T&-*B#hs)-zi;B&D<`{{R!w67bCSObWnge?*hD}zrk{ux`rOT1fOt!le^4BrBs{MkMkZrr%Z zp=hgfi1eR{TxLkE)ccOeeFRoXEW^sSsQ4HWt?bb3oz6!aaHRph0$vX++{Ca&dD*>vwT#>(R`mFpSUzob3up#^LGoQzRt~St#tmF-@)=$CTfNNjD=F21(N`))r<-B5p`qBGYhwB+ryGn$K|)h+u&`EeIt3?STIAM2}g(fjVu+ z!WYqMN>F86A7@eKdTT_Id3ut_!yQPEFgDz3#8Q*|peJkDrbTM;&(VRT=jcggrEo?( zoMEZWg?;QFr#u7c4Y^#Sf~8#oxw}=_X*b`ItFFzv(o~`iv%t#n)lHMo^m&{i zMly?SG~$;1DM~tq@%@K^26g;54#YzU@}Go@KP^q<4K||e!O{sL#U>u#3A(AwDJsZ3mEFZ>thAIPUkhee_)So~&h35|GalFYGft{6dT zZ&`P@!BY`V@mCY*_}f3y1jGD%68_Yj{`)vHU8Of#`z+TLxrx@UiU%nKH+M|ZMTevu zmvJ&LdKVJN6OTkIVmK*q>NLN)jwfAIGGuj^uTd%uAc%JK=F+*k28Mct3Z4(Eek9~s zLAo#5+mP`pXoc3dkON|T+!@$O0qiXO(_-b%YBVClilN4>#tax!_bhs!L8mo9r)fBf z^#MWG$WM3UVfpqfb^PS7n{5!*?UZgbs%k%mXM-McsY4vTzx z5Wey{NepyYFU1uBnsz$@RArG?3xUM+WK%!R6=i$OMv z5Lu%DsUs>EHod9BC9nQN{a6;&A{DK8pGzkvVlrkdf2F&@iAIN$?3CyU56C<}OnXT_ z*WfEdDCDE8Lx;Dr3)b(ZR@^#HSjFUmnmxWx?=bQT zkFR-eaNZYv*t(*5F8?IIM^Qn&W$H;ZJ`(y4yELf3wDpd|D1dnt+YD#Wd>p|QHtQa- zI;1+dhU)N3(rnF*nz5AvywNt_lR)7*6v2kW;gdG&wdGW}P~~LrWrG^s6Pq*8z^U}n z;u1mB_?yQ`nu$Pq3?Dq?_{%9Ri}|B8Ns0QB0Oj&OGNhu&yWW|1!KcbX869dsU>{}u z;-e*vNIFI{QBcO(I>pD?0o#m=3NRX}R#RFtt5$71Y zGrbN`)u(C;t8|m%m+Xiy?~a8}&xIf{^Gm)S{2$)lGODVr?H`s+cZYOINFyaJ2q=x9 zbT^ys?v$495)kR`lJ4$q>F#k>CB6$c0 zl{9S_>yJyRMGdN+V;JwP{Uj^v$+_s*Cfy;A1Yd*T#UEe8|52dsy@G7ts8q5jUpup5 zW0r)e>(T6JAx)z#k;=ZELfn2^m2!rXn;PS)Q<5bGBK(;Ci?4@;=se!BpQW%2Uf|LN zUxI(gGq>p>gNnPcB#F|alxtr=*-Rb?`%M$c!|Sa12+18Y@RGv52}ZD4RSlfX{YXxD zZ79ea%U_)IcE;9((O^LQ&9Rd(>bRYP-cVbzpO|foOEa{RUKNZlHSby0Gq8Y!nD&gZ zLUgdYbaqo>WT1zzfOp9XX{<~v6a0;f4sLqB{`R{N^^oFdjf#vw4?ZD*(Lz+AEtyd> zg`;yFdbLDa=jB9~!=0fm?YT@R9Wq7q`5(;szJu_23`^m!gklZa^>{~T5!8CMex5*m z)!jd3`izb8XksMjbj_)r3J>v=kNWjv%j^ZABV1fT`;#`f(F)39z!fS=5iU30()EQe zG^w^k=}Fi=2OE46C*ESxIrq!M)0-KZr=pn3Gb*HAKloM9(L|LIznZUoVMUug`g0JPQb3yu(F7pc1Y6W&t$#Mm*M3&ct6TB-A*3^ zg!g;Qkz(sEJ5xgx>c$cakdL^i6g>s|!}LEUmECF`4{&ylvgMyyVi6 z{m#9f=$L`Kx&fWTie^4q{9D?G$Pi*2PiR^(TQE9rDLjuP?rfY$PhpV*@i5PTdB&=b za{Tjxd|y#m)UFd$>Fs1|^25yuGH0Lmm?FF6S9r;Goc8!$ zypkfG;GW9u;JtTiZ{vaI(`KkUQ)Dw;-d<<6iXQJtq)8||8XU!3vvhA6WzxNTfcz*M zd3awwU8$!>Fw3Sh3%-CKA+E!HqeEm?P8A@{`uN3D9Uck>Mu^y?)uehDNG$)V?O?-S zNlA&hURbhZqhFbr@s@S1lc{i9`DTGTQ(qkoz3X%#A)d70bYlV>V6QC=>CR|NWa}&y z@|;!*rY-HFc=tNDT~(U9o5XK$Z?ic`K`T~4f#DnloCaiBicmNt`~iV`3VQnk!dA8M z7)Tl^l`3%f#AG(Ywha54T*k^d=vMx6Z8@;5+nJi^n)lSnmj zit6DTJPs-xrUt@rQj+p&*hpn0PFyCq+s^FWGg>;_n{L-j!7-P>Zd@OuNTz8@%|-aq zD0FZ1L56y0SpP|2=%kQ6IvyxY{r2b5Dd3G@-fH{*{F+9FP`Jngikjm0j2;a~Gd(9Z z&x_%?BaiBUvFM5Aj0P9KFtjoa8c-cZil^_z3fQ09DP0I4)p?)8H69heblef$c3wyH ze!wD-&H*a>K2Z15aR|^LCfri^-nU+!O@bXQLjE(ySJMxSKBA#r-4XBF7@h{^BRnNA zuPlcQo+h6^BLlTfD`i!BBJe_;@$mFF0_$2fZ59~h8^69;(T?AZdEB@VRSeuyr>4Q| zisiybre6%{Qov@B{S}nUgulz0BFTkj+UyMD-)R3T0Rd;#+E#MmzI)9(y!+0i43^dTJ) z?XSU9_e^`Ae+`a)gqsi2-LDUhd&XH^#5x@U( zs@0P`=hM=&wb&UH47&UJz_h4`Pjj=tk6JY-M~9!T`UzAqg+qa?oD>7uuTocwJ5*7YqZyROZ8{-p(+wy0)E;c? z7nS$R(uCl$z_hxh;K(;wD$4j#e;;rT&eb9B%V1>{neGmwl&4uRmaJzC^~YD&f~ z<+yu5=6zbGVm}hnsO_inp_PeikKc4t^A%K4Q3*~|F*71f0fVQC%vdo0zFEpM|7jFuA{Ebe5Nk?) zt`y&+p1`I{AgI>DJp{ii_U-mlNqLFyuaYt_oc#f6-Bz}eHUq==_YGf0rlxxzB8=$a z<1uSO8vL5@?&AZvhy{i0u`9&A%cuD?I-RseXUA^1PLt7s69(l@oV27PXRktF)EFeX zcDBRUXkQdkQ-y@L>{O#>eNc?>lWp6uQ&^`Wm)k@f-e%!8BFz~}3@9M?3G=TwDTlxY z!@j(cR#Nf)x8l(@bI~emS(a_t=DH^Ajx>d#8B&hGc3!za3vQHQM}D^jg@0y1nvim zwlSk@kJN&h{j(+uh?6gFeP}-1-D!X+AM)k&;%Xo&zG^I76KPwvgHjm~z7ZJaIh*_4yXPAqTE! zq{*I$?^t+JPm+M<%lfs(wq9^nRS-lmL0+8*dYV zMGyseRoYaO@A+a?4&1Nu&u;e!PX+18$MN$PH>%N!r9-jRs}36Gh4}B=_}{|~;jeFH z<1InPR*(!zYB&U#Z^_=6N@@|CXI|`5bZd}>h0MI0N%*YQLFHh(yNlZF-hzsoZ-+GB zxUwMOV}9>8GC=bcVxso=SFHelZM}!V2s+=}p`-K?HE^jG^%Y3U!5KR^fhzRv4=*N!tzaKojWltUj*(Lf{~@6;3OhDuK=b$cu1E=N>L&0^j0)16Tk z|28<()GbwhHWduBvj!s`g%vNRabBUg45_*f=n-s>KTQbQAK2@ehx=8FU})I$fj&`8 z)e(bKBtbBsRWVLlP@m0L-A#92_%4;tDMaA1uO{0{yL|Ac_9<=Dz{p!^b6VRWCUr(` zgVPJdpx{yM1N`qoRjs9)#36YE;VTheWY!rT2tHtR(m8=`47ANnf`Z1R5yt&)T(_0# zVHY#X(bFP)e;zTv?F?nMiT?QYUDs?IoCKFAA2j>b*DFH%>=$J3o{L%|YGyOGT9uDr z=wPXQ2UZVVRupN{F%IWt)RCD5A;mfkHHZ2t({{=^xm%HF4@I^G9u$rZ{M*o7LG+G9 zEFKYf@pn_Pgiz)SZ!{Lhj6Zmiaf+o4z_vtOVJJ`sX{up~NS1xR!3mV?)@ zQe0ad-Ap2-qzAq@PAWf9{-w+bLKs!oif8iHPvW3+x>O&15}$k}A-=zir=Xap8RC|a zYDMutWjC-iqvWT`t zd6C+#xD-IwF_@w~FxSFw;YVqe9H-6z8QT1hhzcf5dC`jzp6VM?EfXqxbHZXZ&fnz| zdGX!TxMeB*b`@rv!@f4UNa1CD*@9a^sIGlnr?zO4%UM*62=J;YD`iyLA`?!KMvOv# zphU}RMR*CYZH3EW|1P7f?*3IqS;{?ggLjW`X0bH^e3IJ1wZdC4>nHaU zri>#Q^e;6qYtf4^F1sGk`T<``jb>>=@DF@ENv%Tg!+MHeP+Ss>k=19;*P)`*9l}Zp z+V3Mr?F|4L|L+SC2z<&8}%c#(w;o zm*)XJgjqeD z+2(7Qaz)s@7mc5lvIbFC6vqrm&(~ft?|R5lvZd3r2pX#Pn@<;|7HL_842G=)Wiy@3W*C_5DdL)YGivL6De+8qt+V9IPCvw-28}WU!34=*tIj-y~WSF^O|1# z7Hwlvlw)f`<4sS~+Xk#xYF%{ic>9dYkHhYW$K47ZrSHXEb0y0NlQKOnhE~2w%^=rA zaHz!@xUw>`8M3EV%4l8_&3Nm-@|d`LBt6GoYSiZu==8JqxC}8l_JykB0C3~*1hJl_JvRUVU7lL_1Vl=W=c?*~5 z%VC}&fmU?qshYp}Z-u2QY0o$Dtong7@7VL-{;DdC(Z<$cCB7MIk$K(dmtQ%6Qnr(| z{Vn1+l_ij5O6&fbYt9MpjAuS2!lV|nIJ@^_at%qrTivQI zt~ubryO&xWHcvs?s6NVT4BVR%)xPmJO~&A^cQ_{<$^@*IcR%#mYVNU84^&#Ia8+?aME6j{xKQTu50SA7oy1)& zILWtcMNS_fZI>DeS-$Y@%qUuo|AaE#a5!Y-mBD!r8hj6+&?aL! zx>*9l0(s$Kq7RWtrqRc#DXqig|~0_sfN+x>PUSv(!O5RV;g{Lbv$csPIi7V}3A z&Dg?l$X zn*VYHjc-_RONrppT&x*Y8ZM&*&%*Bn)+IhvhcHjP9dz;FG(!)cjD96Jc~=JS)r@XB8^{`yxe89D!8IAn}@46vbt>f3Qk#2-VM{5@~`bi ze^V=;MBH(&eyckcMN#qSIJKYZ_oyVFb7wiqdH>?>xOy9pa0}^ZJZ0VoRnr~mwCdx^ zhi$d~rBk{F{-%1GHk$ROa#&pZC1}Il%8{$$%TKx?y8;h`A7C}8wvPE93g`Sk){Dqm ztef6#`)!xJ?t0ZiZE*+lSh_CnT7PSGcbh+@Dgb%G=4i$6+je(EV7K<%U=jAeAxY#VZv=$QBWC>Ct9xeWGI{&e@nEB$8 z{x~xr;wKSXK3ZJZeX4WPQ~H*JNM?Yy;e+STg1w_eT^)u zRvvbnOhHGuWPQrj5$@Dk0<_<`*s=SWf#b6o5zS6q3Z;@UFh>z`@;$ZlM zD{{sl&o48=0|)ixDo~OOl;*uK%e_>bTA}shl{8EnAI8}DJ%TN4n-}9_-kVRw)~T>L z(j-=CDx<&3Bfd9WqhdNYyMs^1S<1VybrZ0;Ee23ejU`RX|THOQrz)14W-2` zoHwkJ*zl7X?~5sNRjvKH^J)3B(oaEiRP)etl@t|IYVfbT5O0rW^EGMwcGymgC1tE( z;=Pr7>-KGqzhImNwh}Q}ygg7b)RIcgl1Mv_Pu*%E67MT!rFWSV-X-s2a6E3b>mEq- z+ExxeuET4VgL$@FB@legTH;S|d^WdxRD-V+_1u9Vkma(lrQSx2PW?hAsK^@}vz$8b zgh0aZD0|%qdS8BgQ~q23z6{|{9s z6D_HOJ-;Mk6~C!mZjX5G?45uklu_)Cak+Ikq3Cy$VP!cEI zBiKK*HC9W)I%Sn7!a#&GOd;jfc!Bm+1j9)tg<8;EU zc&F6YUKhw1X8u|!?Ha>E22ne|j*&mp!hB;y1H}b4Y4Ku#TuR~)EYhf2`gLt1vzqzG zkj^>YDTchUJg;c_T0HD{RmR=(ss2@7b# zaL`D9pM3VD>+-JjB9U%|+S2(}sNiE~!spiLC253KN*Ep2l1qCUhV}?%$Yuft70+6x z%#VYI1_MHB*>Lno>>S6HA&CdtNL=WoE-p#seGfmytX!fd%|oewzJ8FKH<<}#IM>u# zSd!6JA(;{SP9VyE%NQF?EY>y=#alhTJBmutffnh3&4D|}ap{u%Lf?eG{Iar-MSBwR z9kVN=s+P-7IV9y%E|kwLV>>d<9s5zdN-jeUb{7}@Es(;Y`t?WW2&T4`=E;nmLt~c} z69|(VDteMqzH8z7-mBhC6 z(RC_(43Ooj!zV!fs_Tr2iU?zPPo!x8o&U8z07N9`d5P2e5jD;Q@tgr~m`?(!=zaip znr)w%A4grd+O_66NwB$yp?>OlK*`~KZu{DcyMA``ROgrc4w4WsQ{0<&hJ|*ZN$Pge z2kVf^B+WNFlP+>J{4|=Fuk6Fz4&{`PInnAM`3gUKrA|yoi-uv94qT?|sR$y~Ju|_Xu9^XP$nv7ehTC6t=y*+w_Jjg3i{$QA;4TaBg4D$gJOD z0q$%H$slSWr`APNf7`Jp&_04I?drW6zSuUa@6pLWvXpyM9KI?uMx|4w{UP9)bcgT{ z@#RJ1W+9Odt7I-K4BWT!Jq{0B$n&>-0cej*MLqOCzE==6GGkBQT$md!=MUMUA06G* zPLsc25uFy(M2pbuOsLf<()d;*6MK9jtG#VMzD}M?#R*Cb^-(k0wT?(tBIUNxBlqWtkz9i9wWE3?PBkhk zOir}$s_62kk?*_daI!=(h5JJL8@Y7AHxQE$6FX0Pb?52&sja?1Cy3t>){X`RLkS;jkE+ z&0$8@yA@T(vB>aV3HB?;i?wN|T^GFkMG|PC7Tq5jq;!4PeexO_sa<9Gb$-s09ido8 zT_E+_8gr~Vsm{YKF2lWcfz%(#AB%XX3lCPOG!$*h%5(XU4CqJIxoZ2m=%d-M%HB@x z%k`-e-__#zE;(UNPjHOSeE%*%{sl8Rh;dJS4ZlXyBLaMXrg~-8+f2%5Ms8hQ^AL4N zrhLTFq17@_#M35EaC8h`o{Xw{zV6Y=uqL`%&E&R9arCo4t7~~zU8)#0sONcDf}UD9 z(-v|E1Fg?n#UVx6qItK;)jm|s*0jxg6c6j9gbInJBxd_r2}h>^47J>KB_G!ET`g-- z^DrbYx}qA;<5o}CNOiFdGbMY=r*j$fk_`+E5H(`SEVdxNwPqdO5It63HP<$NG~dBa zYA0#Jki5Mp=YAZNx(*B7`uoB+2~G}fZc|s>mpDdtnyYP`25f`$ug$rrmTu|v1`;T! zUQe5`mgf{99ptytM7g9M6xZKFnPgF4s+UP7QMF(m5*N{s!Y#L)xn~Fi!ZgF$P>vSp-PtG;jUtFAjh1*kiVW@K z=v;I2>l$6HxkVO>i<2qe@l!{Si1G}kXzV3xFe5HM_ZN9tFx4EjD zO`tGF6a!A{2{W zCz-Q;}ofA$X#m>eTTYmnS#Am)L-|o)VcHV zBg-%QrD3^a44s-#&2VjuY#_|XDSVG%m$kHEw>fHarq)ntD6j}5gDzCf z+u2pX!76vU)sUyr3Fe%wV~Unh)<@9LG|L|WVApU;+(QD`*>e3kXybv~0%fx4(XgRu zb}D{eeONfjsqTH{RVER9HxAgKa8i#Qxt0BOM(gH4(i}QOz7T{5)T))(fke@yRN6{& zx#k$O@!Pc9Idv~amgCj}YR%Rr%*q1fO6m`V`7r*C38MkKI9Qr zRX@D4khID^SC7ESsoB)#y+$;2+#fXzU(N`?S=BWY98!rcyeD!``nZggeC~qO+^kM= zwi{Mdgy()PR;+E~*G(V>NgrbO*&g;g@V+#NB z`q5YnkORNl4qm@TX#GJUDm^W|qr|hCj}1IGH7fESJ=CWtBbF#v{1B44w)0h+4+0q% zmJ{bOsUI2ZTz2fQ)v%+u`iE3Jht>___1O#>8X!e(UzQlQ**Bb@=#39GprvK?&NmoZ%?^372 z!*M9N%D3tKsKM=ourpP@GF_f4b$N{-ir=*We(!YtV%M*AjihA_aZ>v}40F0#o9`sG zf@0=ecr{N-W*HS0zgg^D%sK^xWmNR+kRg%I@5ve@T2!+*Y9*d(-2FD2xC&$RN|uwOmIqlZ!@`}!2fXD3bqO^IFxZ&9dt3w zlnqIOQ48hKQ1?Mvh&NU5YVfXYu2DI7yP-+)#=u0zO41=)GK%UEl+PcvU|!tWF3{v3 zWZ=U@D|VW8LE7?66;HDRQ4?q@H@v>d$#x_j7r^Vl#e|$+zkAnG4f|PAbtT!+0)Le1 z5sRXe&kJK;U{C{LSfA9qiu-cPBasQFiu1i{BYrb6C)yhIlHXPp9f?|vr6YUQ%K<7)1 zo^U{iODkoaJrLv$sk>D|G&gq`D_)M~P~+;>#nicnjP1iUH0XQ@m+Ctj4VGEXUXZFk zwBM%a97y8EEpEQYNPa~8-jM-0cv*Nbu9p1_`VJd#LSA(U*;$|)HQ}h;UL~zA%J@sR z*O(w$bd9g9y05D^S&U%Hlei*~^o5Tc7 zDsHWXt+y7PbbG28+HSKW31D_HV08_oF1xF}vyC^#gJW*Nfx&GRMrU+Y_x+H4zP+L2 zKj=>U0SYYdpyqLDv}L$IqVFixuVbwAR-z2sf<&G}RWv&Z<=xU*jYf^rPUxVNUH(z> zl?HQXOH&7Rag*=RPE!}{NM_#9MA4)g?l_KZCQn9Jg4X(86q9y7ej5g+4V(HnQxKw2 zT|TtFi8F|)*rfF0ql`Lqb4QUPE>Hcn3e~p3S_P@J8M?hQk2n&;kGJZa^lwW~G>)ui zKTS{Q4@1^WOgQc@dpk{=(B#v!_c$B}T!v*d6(LZMa6Kd^lL}s|?~ihnF15M50h+WL zZt}WRY=a1XCK|2LnVzC`*U8o)^@)cDz-TNYa@|znO<4@Q~RDUt~9j6KUV zt_6qRy2v;@Q=}Dy2nT}Mqi&sfyzef-f~VMgCd7`1%o^^SoL4gui-R(6^mPcV9v!5< zpK2I(xzw~-7V8$^S66s=NyoL1KIA`NWaqX0hQ-9F_7%&z{Ttgn+vdd)BeR4U1cGdO z0%&*9{rM8%qxk!MrKW-eF=&CATAQsSO{S)={p2rg4#_(OR_QZa9n8(c?B))IdNEn2 zEr~Yo%rJA25sLM0f%-Xp;*3oijma?4L_#WHH$=F$+{@&76wFA+<}CT z@Fv|Ta>5O3>f^pT9z7(Romk2F#Ph5BM5gH2js@z*U@051*Q(!oCQSuA)Ychdp?G2& zZjd^^xk=`4P{Iza*0QI4uI*OqJ1@>Kx~43&oAZNw#k{jL`T0JM;`-8~(_@hoX5`R~ z0b|_>k|D~OF>0&Rh8y#&PM;WO;0D{YY+gslzmjRFW$%u)wEUGnUoC-!)c#WZ*i>-j zMIZDasdO4`{Hsf=dG2>m`1y~;@eKBio4Y$E2^GXHo8QYrKJRiUt8ud28Wrb3PoJ$< z4kqERaDKcZ!a7eYIYYb~8LKqrtp^u^=nkY?g{%tea*Mkz3@2>Zq#S`{YW!I{N3Pq@ z+;Kai48>aK!)n7hm)o*>f7&@)6;0u3Q5)uJ<0_$z)Fzo~#e(O{-^ns;jzlCb3HsZj>{NM>frz%-* zCY}(VpS{E}K^^+>L#PnxCWd5Nv)eAga%(Wf@t}5V-r<-XnnnY zai<@LzVS?KL0on80oIb;E~CsJjQA^_d z^SH2FVr8%TxIlE$aPFh-A)=q-3@{7$CdY+znUijMR1afy@TYnuIX7_MNAT2kM_mYE z98~B!O>c=iJQ_$Gg6VG`n&6->gFHW_>svEbZ1485P(pCk>>JNh6HDQuYu%l{yn9cg z6a`=8{%k0>IXK`%L|wY5!xSAaxsa!1?7WY~dI zLyKXBGOmFZOtp(?Hs>j;{hidA%Ct#xy06*c1mRmtbK#t+$^LpQS=Q9& zdJ8aG(_fX9%CremNeT&kH5U$dmDg`8x-a)<>?P4!F@s}|H-5U@@0ScQv|K2XSnisb zv@QosW@xR@TS+#+^*xK*d8>tdTw}1##(QiX$+h`hGJ);KYnb?-pKH#+>TgyLeq=UC zQeM{1SIXTf9;|P7n&&~pypL<1nsBe7vp`+Ey2nD=-R5o+S=eM9mpv3(vvzr?b9=H~0{pvR$u;i=(MfWY= z#?spZ$LeNy%|pJ+)xXsxod|x~l%qRf=7)KP0c&ARid3~KdQxuYGia5Mq-u43J9Gn# zna;>X@-5YZx(Cd2f5tZo0%fUlDb4GMNU^6HS z`&q>ES+q`r_ceeMpDx%Amt2V0yqwq$Huf|-4MRP?{1Q&F$z76;Wfau%$a9YTkoKij znQ*2WGH$%5O!bQ~EKjUI(VlmJoZWSs8=g864)7khM8U_0jAXM#8x|szfU-98Y8T02 zu6WMT*;^*RFlN%y_5|*ZP|)vo3CWS-fsg|py(*LX zj(y^Fw5QwWSQzhgHd?nsu%ztYB-gKmCSvBuX`3^s*0A&5I{8l4zcgN5h4~{Syk}v^Nf;zw6hpZ-Y>o;ZE9Nb&W%{AG^O@!Q{M01stf%!6yn5F{ ztuSW3bI#)kTQbZeOw0AY;>s)iD0Uq=#3Np*ECVow2r)X2XxJn!n(dt`>J&E2^pEr2 z6169~&@30X9BGGgrrwa$-wgz8KQYnQNAUh~OV)i|BAdoKXBYzVCP26}G1{xOl8Vsm zQl~v|MK(7o#sdF(b4BQB+aI9U9l^-RgEQg!)eg^VKKuGXRK2Sar>FRZdRG{D1-Ej$ zNeK4H=NldOfXq4~{`8>4&SCKq^Y;sc5yoPkQ^fY3!4E6#cX{6-wEg z4(i$Ctd4lS$O^#seXkg-4}=f^DP%x=E}g9g1mE|#RTUxcDTPxjj${U9-nrv(lo4*&HYFH5vx2jqq06`mDY%2+Qz-#nK#(s=#=%xVpU65vkxB8}sx|^7Q8Fcg;4|)88GD zih3r&YO|utMLdrmd5&?(YdTA(*iec9%t0qjf7E|prE+`Su1b+UzA3_nSTZp&kx0_c z_lwbjUd-sjOMzvElJRO-I6goIpvv=3Zn=LuO5FKc*XwSCR1FspAT`8Ux!xD5#o1pe z=_X=)yox=xV!}SyO-6yR0xiAj9{GH{FEz(ZA{pK3BU*a=ZA=w$7#&iP-^#~G3;dZ?VMbQ* z`hB13wvuRij3*X~Ld^8qN5K{3z4E=-pMy0PNE?nP{V_EUX^O5vg!A-@XVBacEp4dx zN%j_U?(2xI71tizvir&(0a3(&UT+j>y)6b`;#hmfR^fxC&ZC6C_55N`OkA8U;652_ z*EV89txL`8hVy5pY#+s?rLRZr&w`(5hy}+9aV=3ZtEc+Fbu^vzh;A-oYUKn-1Pj@# zCuI@z;y{ad6|k5EK0fYfN+I+pL@t7qc@KfWrYU%_9HlGLD`F2DBY;tHzIy2kgAxFV zNmY?H31j940pe@kBj&!=w3tF+nr%WMF6W(_S9_=pMEg-^kc!wZ#jCZsFPU12`EIqw3+0EW5~uyMSMvZY4WqX_vxKjD zJSQ?Egfbq91c8aJXUh+Mi6+_%=-?8k@%H}houdayo%#et8C~b7JRs9_mOlkqE=-*? z>#HqMUY)*chnl41^#P-wTtqQY#y;wcM2(`ptw zkLhY29mELIbXQraeL^bW96vol;Hknce^mZ)6Jl)r*5SxC<}?4&J+iDk%O^`%>6z<- z__{NZu=(}8b3ixQ__|K@T#VtR2cDV@F8tb5SJ=np4aEoF#KcFl58}`D>bZ}(DUs@$ zdhDNGO@oF6@%rM8eupB>{c04IZhlV#CMN7l%o5)=F1Xfjbf>?B2m-+t%S$*wyrZ!L zV|;1~{4w@T)f-_8p;0@|3`17|Gaf)JAP}JB1*;TzT$iJ$1g87$HVV?MPrNM~s$~rk z80hKG-f6=X^%%{6#-=OL?LrBMwbY$Mta%*$8vD-uxkid3pEK$ee4V`m$L;}-R(f61 z&=Z|q5xNCc&hx}yEX-I8E$@~=`g-k&KumUB$Y_&)si zK-M()PMRaRkAiQNGh1&FAkjGiLJpus=;loXB?t`NokB@}B7Cz^N}+Nob8cxTI{Yq` zreD`m3TC=L)5>JydcF#jE2Fq(kyNd7nVLz}%u#8U=V%XDrAEYVrlufF^NxWm`5z~^ z*%t>xH*!z12Jn!K^pIh)aA{bNyiztfzzGP8u!a%4U4qYesH=lX_J9nwn@BD31L$Nb z$L&_4g{HO+?fB34co)<~2B0oF( zgd3(NplQGK@X3MukB`JqNDNcFUstI9>-Ycqc8kxmF11t7A5#DN&3`6H?fp)M|u2iM{J6gC=k zAX0|r(=_;B0vJg_)Gr*I+xoLiajAY&WIFgNSdT$-HHTB+e%Tl?zHJ>0UCgLV_@yC% z_Q`+vkKK@}K_M*&>01_NWRR)#c3A@?Aj5(a31+XXS(=*4&v*S>cK$lrun8zY998&Y zbVUfbZUAVjF)PG8<$dyN;3eO`7i~_pVqhG1sSlQQ%E{@tW`_KamwAF75E||WO-vW6 zi0*GLIuLCPZe6&>?%O$x!{)rSNCT`Jtq> z@ts{tyjs7HBbi@)L61OFmK4papn(3jWAmC2C4_);ke;vlPjcc_f)No_*)wT!BN7JL zXgyJXBc+xrC

>^NBz$??3}4IhfSz^kP%zet9|nDIV#9({SBAh?B*Sf^QSC^ z=7bsgWS2GQXxSc{m@d;#iVZf+-ZZXt zTZeP~;EZ=JaOc^kFIECzVhA3~y!>d%3>BoG!8v?I#9g3 zFK>sR|Ic!QsZ_h8Zie9#=>sEF_2INaO}lg%m;C5rFf66_ASQp3l-3xnsAd&Grl(Cu z)i#bX2Y7`is|;htQ|nqxEBlOdDB}MpFCb5V&$dPhld4*nw;}!fi*MT5L+QzflzG90 zE<*$;VW4V_D4Np`_`84E-hVr`uaKZXP^%edn5SvVCir^eTbl9v^>vssRa#sGC<)Kj zO0D;-B>$zpPs<3sT;>mIWoRq1n7qC@-+9gwMZlIXBsu;aR2G+8tv!y^`h;eC^V@sD z^WR@=^!zvCJSl-^kf*5`m1;^}aI?=tUk@^UoO%u+BQ@vr`3NyP9lv}_zUP8@01zAb zFDJIGwD`hf_K(`|{OSBgc7O_81=~woMBy0)&3_v2K^`B-Z~qDhIJ@$iCkdb&kUQ+u zIt1`9);R_uc>c5*K`_GJTs28qWrCXCZn@^?=Yo*RXHf*MnwsHu*CbG1ki#)QK|^pq8>VpOd)3AOjv3~W)cp<)?Eu~fZ2zfv&kn>3rV+Eeladb6ZL=+)y`qAkEwqya0L;%;Rm_EE$4hGF@nJ5gajT zXlcFv3LGu}L>04NEMgM7r>EI??r?8cv(pP)lFn88M)uvD9Ti|ue}fYpJ$?J>kbuQM z!BalmPimGY&H6c&ZzwxRS0A&}Wwy2s^G4gOI-y%B;TL~YoSa_U?@ep}(<0r_^VBRg zZtH>Rsblt1AU#g`T1#u6^ilhoek7n0ullXpNG$+U$L|jSY4i~SXp!8t;Ht2xvc-U8 zps2>a>_J8$dTA%o8i#enpaoZS&F@S5N1pzKn%wY6ub_%DgzKb)F?hi)Z9dFJmp8*Q zFAd=USeto~tHl51B5;E)mwf?9wc2cIu-HO9#|&xpv%9s=8ntx#vW2R5JWsg^D#%^N zXqfor0QbM?(%&D^5Nm9(`Q?qlS8dXN`Kps!Tc z?s&x<5dp}2!`~lEQhWGLO3H4jed>=3eg&0PPQO%_-HpqVCsmE9oIL3p$+BEu=lu4# z0*i%>y|yVwi^t2AS1CPo`nJR~VD8cg5hgqbhPTJGAgADlf~=>CaR-VYd=R3 zRO~(Q=gWs^4GQkI8FS)N?r^jqLFu_&6EXds<*GN)MiV%{0!jj9{|gn zO7^IlL7a{yK^rWsqxA^_5Tdj4xJ071{e9II^J-!Kejs@?uwtq8!xtV1kpHlAARrMD zl-4P6zlT-PD4S3M)=5v9HWQIHe=^$oyMWPN8_xJpjpaHM33Z23)C0+3u{a+YqNMnT z{mcq36S468ygWbeO(-tE2ry;GK?zQtU#=n$GZGnbP@Ukg_5(5g3vg&R{>TIgXgzRA zW~R;yf*EniDjdYzjVA-{5U!N{&d|i9#D3w%@+EN}hA0Tg1L4Jliu}R9PESE7P^%Qp zpQ+g`_AzC^G4ET*lCK~)n<+z1o)=vEDNFa_#R~u`HpC2gekEN0i=RNU?8%0B^?Qsh zUDBaiY<(#YT(lYsUHo!YS-egnc6?DK0S$uNf0Xz{{~FkQkF1G#f7X=~L{7 z1faMR9>ZDzI7w+94^H7hwUPfTGeE?lp!I0DS?Jk+!gzOwSgsCX#>B`szt@uJ>@B>C z$4DeY%EW|vqFn_T`llpER~XS#ji^6t1&Ff#%i#j{k5{H&eY_p0P zES<_aaETnsFnRMi2rDxy%Z-@ZHGaSlp9*kCIg&1S%>kfE)Tp>eFBSbCp$0aX)8Ywn zf2?qUIl!HL-?}{@KK11->oljM^KRo-i!y~}hvNzYn$N%Z{ zK(-y8ixB0>8U2Z45*zVHM-n*K@CcN+c!Nxf_P@X-Y_t95DRTU8Ed*4gg>?DSGy`x~ z{3U@F=0AM{c#atX4@lWA<3pN?(wP52dY+c{toH<*H5X9R|2l(z(ViEPxn^_5PxTM* z{z<~jdY&rIf7rMe3WHYlT;t>tnwkw4VZ49`KR!Nw195lC zKODg5@VDt-OsuPPV4e*Bhl37a194-yN?`;l<3B8v?&$y_ZM3`);PU5FaF+0BUl3dkz@*{I<$K>KCBSKY2}0q+iBhhMJ=JqZjf7IBYV23%L23 z1^bUL6NJUGBbYP1l!eTnvi<)RSw3-4Q0&Q9IabjZwv-ZG{ZydjMZ{z8$QQx$ zXF}2pFGAm?GK`y4>HzoO?=SeBKV|vzd z*F2CN{i7&fFg}U$rx8F3U@e6piw*win-C&^yZHZ;bnZxI0D&uUJ^*(;zB~>G?KVSv zTgT7Lzy1Rg#L$7eA5K+13RlZMR|6dE)G41DAXENFf)c%HF(?Ndm8UWdH8m_UGV(uJ z+9!Hh!UM5y^gn%O-Iu=OAC1gM?@ zx#eaGg(y3uNWjrj2^?%Q{gXNfwtyO4+F@MjQNIe(K;x+)W;34t0cHVTaYVfi>II1b z(8~&4R#ry(v|-h6|4*eXnK9MKH~rgG(EPtK<*!IA7R<^*&Bna8`X{@pBC&k7y%UkL zlizD06wCSQKnd_W0HXQ1TKEM0Lw5s*}N6=9(Y?-S+dH3y}Yy?E7!hWx|Qc z@w(Ew1hZZDuUp_Fa- z0#CT%2MHo0+vevd>6M`uKr-U}TjI0-`Gf$ekr(LQKwNEe95nfn9!Pfz4VE?r{m7&R z3X#*(@xOfel3cL=zgClKk_NmWXhg^%^BRlc=Vv|BWo9VQXCjBXH2(*?fIJQ!BAD*B zDRP@)2TILi8i0SQ5M6{avj69-2t+rVY)0$l=iKe4v*k?)*dM?9`0=4@IWXfR!hjr@ zf!&yN;L1NghiL87-2%qjVDuecOONCFeraU)2w_Ku` z3ZaiW`JY~m7#uQ^plnidDepL8*@H>da{POd$xNpYzcnAe>eI~u3Syr=juUu*;guX{ zQF$A*Tb&MLHJ)4=+A*Ot*n6W=A`8gtPs?q}5&vZ2`T)HgC9Fq@g&p&>hlevru%qEMd8NVg@3GGQ@tjczE z7OC)~K$y6y#P&e4y%2=+mT!)_@?ky~w`cLS|77Z^0jZzIY|-lzJ&c4xx6ncZ1#Qw*Ub*4^rGKgxUDWR&Au~lr5|e8p|{F(WM?*M zOsG(~7?Y84eZ0h62aWDvS`BPzk^k$Ti3R*<(2Xf_-g>B0*gfbz|4~^)3|_1#I`O?(9xg1BD4d z4g7o~R@cJO!hwp4%G7Hb;K|!&=}ciITx2-4{Mv#vDtV&U3VV+vBc@u-+?H>Ocj0Ia zRuda!c$6E#slJVian{DU-%pdHFzjhb*aD223+mLtfgGmXJi^_vS5Dvn==+T{um4mzGRWy_EOAg zLf1dBLn5kwWacY%zpmdkuJz7F{hCJXgCJ?KprAZFr%Q=z{_iDhQ_`~tFJ}!w>Z#8_D2qka=7N4C=(pXCKxQ# zcy7Kl@dlHpAjY>6%xopGiIVy*;`9({_(K$>6HPnAu-fAfo%41<+@J{X~f&eqU2;23^;7R)M{ zRag6?Lh5T66Ei&$A@1exmwu3@ZQ}>J{YgcQQgK;X*E)wv>uYj`WzTGa3ij0|i}jly z8*5B%8!MoSg$J_1^7i3fAoO2>5hzdL0KhxHm|0q^{=)+FiRYZtjY3p&0}~^mGu?_7^L3{53IOu^k1+l2a`H^4K(* zq6LMPAAgw?bbQ9rz%v=4+z(Rwu1Zs0fmG?1mRyx>$4ck~HT*+&@8Hs{HvdDjWTX7l zk&H`T9Zxj>0FG`?_nf(coJ<@zC9h)euQsRP_4r{!2~_%aI5=h{E^G2cv#>-Dih&l} zim?f?hL;np-&LOM=shthbS-Y&N*d)BgX0qed@PEA{)1y^I$V94-u8$r7>@db>4pl4 zpQc3T+&>w{MpJ;tlH0EDS-m#$<7rTI4t^e`LthhOjixKKtPj3~vBHt6z9Cdg6P&8# zy~_ljnp>zim6MzZAd`EfK#mUNmy^W zQ2+|7e$}=Zeqt2=8vlFBu&*l`N7abgNHHcZ&2W|QCw(;z*EcnP$(EOLQrME-yxw9X zL8K4Pgi+dZM87ccY8(_rf)(hVuZjByt@;(iwhExeZR&(;V&e8f=MSUezq>m!IgT6d zm<$ewnvP3d=k#9ZoeSzFj%{NJd5JO9B-CAo`CvkNSfouOEC=7XvB9d)9;i0`S$nD zyu#nLX79=I-wz>Z!{eazi$8ZtcT8M`--77b>+|ikwy#TDLTz5)-j>)mJDE?v^bTGi z4(Om;8cW8k*QB@NW`0|q?=%#dFak^Z?H7$BYoOAug%zdUkWapjZuxUA?Vzd8&)}re zV1Tk6{i6eb->DVA|A4Nuy%bLZ+;3NuQv5n8-&FV`gW@f#@%3%Pak?#gWkn&vIR6`{I!sf2rg zAoBjtsr$!Wm?!7>M7FwE^u?|yDr1)ODq&YNW(HfkbY)}IN#nd?$!SDnrT~>^;Jh-9 z86w7-z*tlQ6v~1E?=ix2; z38-rSrR~~c{)=^}y|HfKTSVx2Df@N-!PjjWK`x~9M}-`+q`n1vU1mJa9WgT?n|L(# z{|00N!B9tl5uFIQUbi`%+N#&KWO}E<^e!NHQSXkc=fY^WwWLv*WO=(@xUEk48goFC z@hRnVPs`9JtA)>y^@fykJZ5kS?Ij*};qaF0^g}1%6{0#)SC`IKP0;Ax39Z2UmEK8} zck1sK2^SaF@J+WVOx=)+)F%;tT9XpRG<|oP;5(9i3$tSz)~=R}j*j_fn3FylBw*Jp zuLxgR{H=L!SuJYuGw;^{0qYAj^3)HhnHo++^o*{jNqZHhzV%1!QSJ+Q4ZRw;=JZFr z6gy)7=Xvo3k6|SCcr3nG-e(lsZs3rTkEW%xLu-%f<%^-`!+Y!lFp1)bJW(YYv-yy= z3=UYhBY@y+R|@VvvMB!{!Kx}?KrW;Ip8q8qoh7~H=P-DQbE45GlqZ)@4#}bh3qJ># z9y4*{j`b}I;n2`H$D$}Rz^vp+Vox=FIo2z_#TpQoq^U$-+x;NQp|;>=TDXh0os=?H zTgpT<{+qQgJVRp4yxFvxlx@hpFx5~l4w3Udfl)@-(2&t7Y(m7oJ$Y_skA+b;0#xS` z{3r!HH@%xJ*Wj#{p?Txc^l$ofqGQ=WPJ#q^2i)~I@3HnQk3JD0w zK1R&`n)#$164%Z~{N9dhKumkxta{T%6dqYo~py;(av_hOof`%lc% zTFdr0AvAPb6NMqFMOq7~Zx}=n3&&WuPR#ta698pvU_Vxb7@S*^20NyOSLycNJ;%jV zE7x^7cz>Ns+#}QSDyDaUa^E3-9Mdw)hF+k7PYe}M4@o9rg@usSoQWy?@`P$qUql9Q z4xuW8T~|rSwX-NR4`>{myBhVRzMqg3_0Y{>hcL4qvNSFzG-zhAKSJK2ld;7eMfGbu z33tjbG9#W*SpR(eaKp>#!&%aMRrjSp+A*1{gO)|am#K135o8p)`Hy`*8pn^-OR{J5GFBkv^r7AbaB*Tg@l8LCjqfR z1Brkn1|1fujfNGY*cdJCKm_WXc)z#Iu!t}3>FKXOO z>1ozrjS%8TL9!WQXZXf@V(JTPd`x7oSJ(IwhK0qf3`x)=av_IBfOfwEJy`L@Y`%U{dn+uY+oyD-kW^lN(K^d-| zQvh*s0ZQaHy|lX{=6KWP5i8B63{@a8kF{A<>(9gt<%+=Aw+n;cGvvx;RRHqps4}qV z=SbqVNO-}rCSvq59pfnp$mw5SV)r_2y$ztZC@V0m%N48klu4#DV%XnUw@}`j#Qa+| zsciYYnBhuXZJUL;@Dg>*zF8(|<_H+LGNB)j!udbQd==6Xo<%={?wpT@%p?W-&w!1! zX74iiRJI|DYH0ID?)g$UO_1Y3Mq$WFR8n@M_@_;=droZPT3ABkRWJXa_No|W5bIn_@ zvovpl6}75{s%u!4GW^(_WCe92we-hE)RzcSZb9Nf&0GI9@|$#Q2pxp-p^BK_=<0C^ z74u_;%aj#Cd&uDl=XkhvR!{fGMLh6sn258grECQ$re~H7nX%l|J>1 zl)#&Mht;Za>@524qOcWcj{hY4n;^@p_OT3QL-BjW!xQ*CSptvxhjqWpQ{ep&7im;X%kjMA}Yf9P`M{I9M@ixSo}XxjKynyOV|3=Z(3^=kfbxnxNUIEDhf| zoJ-T&-G5Sb0wW;Eytx#xyZF2(Ese9@YX6Jdy8Og&r=Uhk#WCB}yAH<8QiMpeTHEZD z=te^b$?LUVH9Sqc$o%+s6{*=bl_Ww#(q4T=vvF=p*62sXgNZ~y_npf1b4*L_*ZqIX zmL}N>J?TuPp=H~tD9TXQ>7*_jJ z;Z+HGNQnNbu^0N<^xqHEf1+NHD(=O4M3w$|#imVA3u#`G)AeJ5b2;ZasL~GW2lG@1 zNX`(TIF3F{?gWm)x~F*nn+&RT_(ui_NN;zx$_3Ir&=%EeyWmvFRYBLo&TY&GI48+# zENx>@)^Xn-&nf-e&T6txO(g-2wLf-%^qk!sCXxS`AQ;>O^25qrzbb%(90Bf0Iwgz9 zI(?8B-|S-o?~w>1h{u1Lyz+5%Ueh?u{`1P2;unb06^j3LYz5g8M1Ak>?sB@EVE0E7 z;B_6k!Tyi&qF*o&YXL!tc^RoMf1Zx(ZuNm)4iCYJa}$*7rNE$(;T+)tO$869cE$HK z8C&Y##5IGnPARSYhycoyfw)}?>Ey|p+AH(F8PmTeqE8C?Zf{1@tN4*YK?szE_B4s% zE_Nb*XWS#{6o;F$D=?k^01zaQi5%Q^l=s}2f<3NFW*@F|Ptd=zu8n;-~*g#mGkXpN6R}PINJ3Zfw z>IEuxr++BY|6fZj-$jjlqzc#<32SPvV93D?gEF!q#7MjeLQ1mOJwp4DA~cui>HT~+ zHQtjj3Cq-kiL18vUSaf~GxYC&ebe40e=_}=@S;p4t^jsuH7 ztq3wxa@hC6$v>|kxqy`QF0v)aVlXwCQuO?<6fdNT{@N1)2?0O`v*DsENi(I#o)ki( zX?nW&WDDE*7N0< z*HdU&&3WBtI7HfI3<_YL{ROvszw*yZ|ESN+8ueujXwa^&szL^h&&{gY<#3w(e~Mv( z@%^5_^F>8TBzYCD0SLPl^e)7e*~3-s-d4rG6w_+YnC}cZ_xG$?Q``Ua>(#}{wHUZf zn!zTd*uFSrxkP5kHHm5=HDbKF0U(5#Qo7YBJEux{^#y!DMF5 z|IGw})*eVLANGR|Z)-q$U>enE638YsjWS;Ut~F=i$yL5BrLF7&$xz@u>P^b($r8r1 z6+tKl8>C;KoInZxB+R$2dE4mx@F$2UK6iNDQ(K7ff=sUHU8}X<`KG%x*QuwcZQqBH z8B4vgla{;H$gyWH)zt!RF3_2tb;e(m&@SU`%Hdkt4L>YkMn@5)MrN>A&tmy?Ry;^Fw6IEwOcXV zyX;OC$3OF>Ft%E^v+TYPDF2mi80H9H*{T%J_Sx^~IKJ6^|C;hVZC#(99NrP1?_AvE z2M`YGSkYug;eP+_PC6&v!|KTQpJ!16oqba!@`U&%1&zK8a%cj(tXUrx_~e zxuX~g->*VaKq|1IFL|Kg#m)XVsma@pPdkCqS{6_JJ7DyKjW|Npy^+W=|#R56E93UkZR=j@j30}xig;@f7v e+exTv2%x9S~z%2I{70sto`=1qE$v8mAJ6V!hV*B)Oodzv&TnCB6F@CcQ5)Uk4Gg$ zJ&Rp;@hC~b>Fj>f)b-(9#-Q(OC)hsaJ=ORfFTX(R?5HzZk@mgyE58q~S3$yl^n$j_ zMm$h?F46SK@pu8v8N%vl;nw2j*s@XH9Z@fg|GZtG(%q47wo_E^5Q0945x$v!5>UZE ze!}}l{rLKNphrzpqd{OKhcQlr0OED^TIEatv_xKOd|m}eb@-;bPp2MwKEuChfu01n z`!{uGa$Gx?p#6~BpSPV!67H;!%hLnBuj2(A^lV%um@F)es6Bzcj)O(({pDf039QI0 z4pYPgosY&JK69o)h}M=%1uM?Fa+@H>lxbfI{p%yi%C&Pbd?rv6|r-2nQj5n>dmlo)A`o zWXBnk;^DO5rF^aBF&rwl*4aO~y1AOs7k`S{Lqp)f29(Xme{)nHe?Oq0NC(p$R*N$o{ zWObF$B$GaoOIz}6nSI`#(RydD5nzc5!8O0U-ZOr=N{0z=gSjTVi@JKBsfu7CdTZV? zcTM}cuUjOW@vb?RSZo!ynrt1&M5Bl7oQ~irBHEMEL)7yLtMRoYNQ+aoJ=MsuFYCa6 zy6s1oSpcUGs&p86wOsEQHkdb*p|_y4M_VA(EQI%KX}@hTrHOn&8ai`JOB!r-c!AiUzrz$z>EUpaDe)SHx>S=Hj*H4{PEHP( zGe%mqo22b#Hfz;*XS=qTnm-$3W!KfAlYfN(jNcq}Vucy&16dVKZ3HxQ=u1m2 zr|c}TFgGZ2tw^oZzR)711azl_)O9eyyO395hOJtj zy;|WqCbRW_UvWntB(l1|5oL(UEBQNi;T z%@$Rq2&0CvF)4b%P(3C;aLY#>vR4z>FDR!pWp_%xaO07-ID-(Jig%33r}sROM^fNBV#!^r@ z%d8}EuVn{GeG7-03|&{9jA|pVITWV46=&Zer8)>`8LSZ~V_wNyY}4iBBoAgkt#FSC zk2Bzn`-%BfI%^dr{iU>4`1A9IXXIa6>sN}3e<}`^zX{YW(@?oYMqtv~*hR#!nKg^R zHz=!Z1664ckWrFZsO7?C>X4P-6hnVZC&B<@dw)Vn8gZTsoG`b81O@(lp43-iBU9V^2 z3Mx+CPFR8FIftmroP=528fh*<6?NbKx4zrF2z<`j%wLz4YaATwzaxV>CruPd(Q9vKBOSuqUxgJQmzFbhfr*IhjO| ze}&KNmE16%kO==kpdA;7 zGbl*X3_3&vQrUY}7ybYOsp$HDwFdZWDhGDprhZ>BwsKpx25OV$jV>+Rsmg&}>uh1n zj*@VJoG?;oDGQsMAgKT|7mCE4SCdf8_w>4536l%+OIoSAa4|&O;CK>=)K=Gk>%po_mo(IwfT>~@QE7ehOM1mLkcj=ABpzaZF9ghlkLcLBtoU5f zlct<`oLgK}Lw}6QTvZLM@^L;XkJz>(sK$eDczgWGkjJq1HaN6~Bt9wsovg+gioj%+ z_%@~u*Mm$>C^Z!EpUC`YoIp6+x<-1bVlq2;S)~xNhu)LQX_$)2-rGbejVn|$H`)4f zxT?`n$}vDjD~l^`P}MSJP)8>?mWEl&a*3f_;{~?AwWU|JVpPPX`Zs^Fg+8Tv0(kGG^G3p5g<3^HT#E|PQ7xsoMXtazI!O7aH%U962Uy77$8ig+ry7(Ti0#jT0iP(Xk1S^ttHAzdd@!qxKKt~X zmFqw!gXfP!8zx`!>46sB8|5|^-nW2!mr*Cw2|!9QVF_wP3_i2)VrZuMa7SW7R8LM``YOV zJXw-fep?faC}R%JRXLh;WqDzppZ5=>3&)wltli*txrEp!1&(F4U6N}&eokMV%=V6Y z^N2K?7umt!9Uf_sZwKS|e9Qfg;!*R<)4>SfHjQb&Jk}HvJ~m@w;Bt|`-uQs-pWM=_ zc-i(3ilhyuM}!|O^Ol>4EF(d|l$)Rzx{RkzR#Zk#=g0?wsW{`ZVj7rY>FkuKH21iE z&2z(Hw^|A4*IC)5LN z^#`e>%HHX#QrI1>3pZemxt*(aBse_w1$d)OGqhP0Cm934p7S7U5Fmqr7T{kfBswbc z^XHkzhBzk+d#tU@D;8?2YuOy!chNW|hX{Dw_W*mUU#b%{+8ZTE#6GJ1SdrLcIL#1q@Kg%Kq;;1hBuc&;>e%w>cn&UU_o#3zv66cT`kJ@6 z&@tr>imjXe@eE_XGOfjpP+#w5y^_~8fTQw=js&me*RFA=mc|^;*~?*)hl9FpDwP*Q z(lwhC^O#KisN~KZ&yzxMEpJ>M2cx$?CaoomFkGB!PQb`zjta~g0yd58Ei^)6Ff|>9 zh758Yk2V2YZB|@>!QC2lvQum&3gMRtYPvH_DPL^L=Ob0NHz|YcH=`%2{p`86!+%#R z(tEtXa%RY0(5C*30q|aoFm{Hs>pnq&31$~R$r zhzGbkCh1G|%C#h0aU8}!*i>`(AjFP$L1NEp2xVpp1pS;xW%&wE^^;gO2JYix4jsvV z7Vwia@lelh_UVXf-Ck^K7SosxU+HN%DA1C}SW1U6uA`NwVM zj;>I`0$RNIpqFsfS%&oR^qjAtj>>6%yP@#j?4}hY(<8`M(uK|7VcxtXsbyID4&$(& z2)Mzy&`b?1tXbDOE4sGYE&%De${{pwf6`PZx_`z9QwITMhqiePSC#32M*LiwwZn*x z;7x25pPoipeda%9aNe~wVK8lqa^gG9@c1mur@gjo)w{58U>Cg-d1WWNJy8p9ZO!dl zE&>JZmI^LMoQvp5BbXp(qXVn~dML04Hg^DL8qE7)aZ){a`Sl zQ+XUB`O|YS$|x@oX7uy5v~>chi=n^+BlXUZNQwu3;J=NTR*YpG_jFp55)!b(?~;xD zj6BUvVwm}m*9R?LOsl4a5$^Q;KzSF3in_Q@`AsITnnItoyk!h{c#AfENe&mFM)=k*t1K)m`Y%+pM15fkx!oFp+P7S| zyXkxl2l`cW`hBBb#>JiC&Q7+|bD&J;^eCxv3x|>D&}U=Xdm>{wF+z$2`Oru)j*~)I zx}r47}zTbuR$ z!y8uSv-8o>@(7_n*=3~CF4_tUI2`WDN+&-Bw`XqeF^#`FiOCAF z>jQ?0YD>3+7CcYQe|iDj8GA$xcyKNGbn`;GpS#xOmbj4b&8c=PC{B_y&o^fyrZl?` z+FWN3=|$+vtFqtpeljg}4axBL*J{zmzN(qZ9o@yFn?z7$=fqVuBSszLUp}VL3L8`< z>fAXmh=l>(7HhRf>tZC=ln4HznZ>tGncR=ll|xH?ab&5fJv3z`Xa;ljvUVcVQm&g# z+LoS?^hi6d{{DzxUgQKJmCjZb$Xib?hR9|Dm8?XNP7rXau*a3Iep~~(Rr#a*x{8un zepQSR=iXdSo&|NNvCbM?| zq%c6jVsY~f(yA@jmp*|JKQ`LnVxPc=e9mfT5cP3rspA%JstY9-<3 zZK(AGX0aE#$%713Z%!bqcSS53;&mr9J|eH;V(I%>^mo1bf< z+$W`g$Ipuv8G+DPH1IDR<@D$-*{A>wr7C0Lyh7KFJ(J{L(De%jU~3gPe?0l( zNu3~@9s%R|Uw;2D_aD6j`=v@P74gvH3LOw^1qjOnXV_KNcOD-!Drj_t6(OB3r=X$P ze3O~t0qRUh&e_SYV_>ns-kgQO$ZA2f&42z}ckCnO&9$=q1KL|ddJhi#hrkgDlf%vu zGe@f9$ExCHD8mi`kpN|ll37Rw#8d@sC{J)y8MhPFaw}7#tE%KuzNJvAI)&;8-qvD$ z!3aQg7FC$J9XLG#Z8CCM|&Sij?QG3@! z(uSu`DSCKJE5c(;i6O4kLuGEXXq4#lSV9%oYramlCES`bwLy*tc@9%haVl-`kwu5C zyraw*bD05DsnUur5=z3lFXg-wsnH(v7tV633!Tr-#clBa!bYGq5}+X#$k+6%fH)ni zPZke(E-Oy;b7|eW?b492VBCvd;65ccGIgKe+fV}Y-?rMmB%T-Q5iDA_(;5Ehf3*uo zV{G@QsY$!rb^YGlgK?C@+}h$ZCRiUAvE2};R{=SUoPJi_yT^SajZSo_Y2f-!gAR|w zUN_?zp_79~Lhk}UI@e2Rl8{}>qL~@0uDRvcqgzQOP1}(3Md+Y#TpmuVn*ULZF6pd< zfd)$NaDq)$-9}X1sW6w3K&%W$W7WnbdpOU@<#phA{>C(6nUrFD4yU|WorNeYNhNny zufA64kXV|!(Y#rK`b`mdq49x-^r;M@yOr z1&2iP5mUv9$Zf%LW=XmBy;&i`W;oN!8w+X(LZd=%ysB$K-qK>|z@NCEwwa8BCx%E& z1SCm>X=!M>D$P;FDsUpiKy@>G|G|Q+kYbqxo)h(~K?pPQ%Z-d+?hCvLOiA<8al=-l zz*1jkluU{Au8jd;Oj0VzFamy(rreJr@l4#NB|t>J4W@fy%*ywCHIHrwsz^5{z|om3 zg&vLPIfa~{VU<49t|cL0b%r|LEjbh}K0#9+T}?wE{db|AR(m(BQc1hox_yRcd?Lsg{Tp+C2KSSW zBR~Kh_xzuwKb~qHpA!k<{Z4+RsJB_-VMvDF5i_G;-c7KPq5v9oJY}?n1#yP3HeT>t z-0x_zuiB3Z8sC@-J|NN=GwtTu_V?X&MNhuKGX#&|=GJ+_{>1pA?+~F!3VOd|dbR{x1660$yq97JGm91pu zo~XiM4zH(nudi&8jD{%J!RX*lPJCR2X#`#%&YZcmUKCgS8~uVsU|uQVST6K5fE{iS8pq0bGt(_v38`rzWj0=bYN_MQlivh`jm*d~(uzr5T@? z2Y7~<2nz`rg_v$Q1;hZnl_+aLPaW|bGAAV>*Mh_N=yb;?Btl+ny>G$tm*Qr*-+#M( z(!us_CU6upyujz?H-}@FXQMWSHA77r3uab>1<|j)&Q+65($5rfU$N@ z6IR|4l|=llBq$d9*{1tSzw81H@CW53ztyxFW*cid_^E&ilQUT5I)knb^YL2~v2}@a z7vwUi6$VmJ4_MJmh)94@5vHUe@IBH&_hX&lRdPQVM_MnENh?IL<(nhhejha(%Hqot zX1Ujv#F$$JTq>;LDG1qD8@`S#w*&-0CEGm~EZft3(OthNRUOpF2dxd2aTjF1Cb_bZ zP}EyzsNlc`Wc52-i=+hi%LI6)@`r~|;}m6<9$GA}71uwjknzpP4LW5P6wn{dF9J^7 zJb=`JF~CE~JRF3~j%kAot+@gv6!6_DC>_xl7U;}Oa@k|;{1tjeUWQH|-Bd8>J`;Mo znn?UbeD&>0;^nE?e77c&JjmU`s%}5DxRx=I<(tD9X2V|C(M&!(&@JF-hV&(s$=H;z z`Iz7^i1=MIa{NHAj*Ilz@yH+;)DnM)s3{&+Umfvd@chF+4nVC zL)zvQB_2r3^hx}Wx6n~FTOE_2!+!p>l?chSS`k;5yM*&sSk2Q-`5u_ua6jED}sNFmh5hbFp9vG;U~gfbAM zcsr*^a%5AbIV7|B(a5(Kl8;C0}%?K#;$($0@O+dRv1j4#66o-~^!PFit8racm;)|m6|Fk$$ z31XDPQ%E_rVVY3QMpB9U7`NuvT=7wT{e&k;bgmy2LjvDYMlUi&x%GOS=kl!eTuhnu z?uS(T9|fcS-?KSi;l6AM9HPGia$-n7B>u%PB%}ui{Pyd+`RrQhy36BfDaO8B(Xf`6 z7?dvxi0^MJKz``imeZHg*?)Vx%oG2um4wmX_e_JHtWs&y3+k5_Z!=!Y{_NRUs2%%9 zppvbh;i6ID;Jc^i=(_j0+a2``D~qfg*F?wq*|Xa?sFY2Ifk^CKpTm361;Od@g`K~q zRa-~)9TzAPcM%N&fp7C2gN6pPZ^qsPZ^Uv<6VxPp{OuunySSvoEs_tS1xqt2-^j)T z_<%Q0>h9FLili^RblUP!cSjD3c;Qun6emT|b62IA&%j4FemIWX{w>Mq$Qy9=uxa_$ z4g!K>pfdAJFq{$W?_UZ0KxJ6pvD=vtwgAmV)$Dm-;qUmH>2uL6CKw?Md zU@d_O(nM6&Nb_4s9ss$ z6q>OO0zRB#(USN3R`9oUT)a>?uK-LBV_f&S$EGqDPTI1~e36^A($%G1(nG4!svP;p zUfcewA+h*n9rH`uIjK1jYYH;VSS-Q>@UHmKD}CFF8|fnx67X@^1o5H5K=!Zm-Rio( zXQTqaO|j{#;zp9?fLQdhrCXYHzQqi&R>_)IHu zq2Uc4p6JCN88GDe*vleFOpc;Ip+<4?cpboR_HZ3I2)Iqy6uI$7TD{FAe8*fadwdrOgu*v);ZN z4m@18_9VST>?iC8_xS|W$p7^(qcxpQ~tZ>3)?vquf`O2 zTygh~;_cI|dgpgGOHB`b^%j(baq_PYCH0_QDtr0|o88#FZlDgp3?kM5XgEsh6TD0L z($)p$8>OZa>Isg*dJja3D59v#y;NVztbt^r)4C3H#C=2lZq=v+M+*HN`37gEz`aSN zBF#H7?4K`>Y*lIg5=@A+Y*ZVVr^Px<7~4Y>ackRJ61IMMreCify=E*&Q7%mY18S`s>_X0uUKZIW?8MtD2 z$HZNiBEF6_^bBbcz%wsom5@T)f!97t6MFAFA#P zvPi7@wh3*VnFqr24fKQlwx8XG($J5$xe#2}xl1$MOOz;zxI{1?n0 z`tiZDny>DKQGZJh<4!;9u1A=F>^<tuInj3kdKVXK3Lzc${;)&*{}HRfSfm zG|mN;_rIRfJ4+-N_VtqpDN#i*plqHuRCH|o8f1$a@Q=Xba4GpxP1$ZvHACy}2fe>M z8NJvCvu?SLiw*O9#e@TB<6G`rFcBWBDTSM(Z)xT37j3^8iT!*ZS zVc&J#y@);7r%4jK7&_?7`;i+$*57)I4G~RMnJJQkQRBb_MTCAkLcZ;Dm<%mQm2H}3 zIQlRm3BP=-X247z>Q6z97L9=w( zJ`0VI!X4>D2APUrYVhVf$1mPQ_`D!wIt@GCIXKNR@^4d9j6&jLb8y+-s)jLD0Xpd+Vl{_LOV zAHmVB3$2HF4EUIu0|D3nQsU6Gmh{EarGw+Eb! zzHb`7`fT=PR}izHzm%L~JxSsk*lw;-E-y~}!KbRyp= z0%}&Aatu60NH9d0wHlK!!_x~CP~~nL>yTZjmEb4{<@tdHe+UX@$U#=9FdeP2S>txs z=l}3VFqjyJ1ZqyW_@njg4|T(=^<20S_yN{NJBpgFUB`S1Z8!$Ppw!SAM*Pv<5ExJl7f|i#jBY+M=P`N=x0bN!0AxHr# z(0|>1LU@y?{N2zK!{&p7YnWyD^Z48`S@CC;C6BBF&O6_}(2aN zmn#KX)xw{?(5L_qyL>rw?j;pmkF5*Gu&AoGulR+<-hEAUBRuC$U!_|YzyX;RpO-H{ z9Ij2v$fyAhSfZ*tLSrgH{&(t13UEq-6@`vfH51y{VVX}Q74#4~{zRxg{r^Jh}q zURT;mCazs^H1%@p@9YPVrcymRGw!%yTI% z{vTW47+h!6w%e#tW81cE+qP{xY1BArY}<`(+qRR&_SxzCe&>8Y&di?akEA>EtY_iA zFRhv5hVPt9{jSC-3Ys~4s!fGGwt^Q=9O|8&xRs-(?p$2*9rlzzOu@M?pwRE*YxP}l z%-h19>sfPMpRpsERD%$#bz^WySNG<@sA_%1;)~+RZrWQ<3sYEl(UQ_2*c;g8)3^|k z4yi?4w%1(;m)NF^AIVvRJ}gQpgAK4rOsY3?S5De!neDWJDs;4y<#k3G5Q0z!wWYI~ z5F1t-PWi2TXjCWDr4!N03E{1E-OI*@CsM<~sH_yKfhE;iJ4#^}q|6N3HzBm-Y{JZQ zoDZWfe!$pp=OncJWg^eOPwbl4csjuVoS9#9pB-41@^V5Kms-1jyElR?2<|uTzrs%O z8_+}RLN=FZ?cIjkR`AfC1W@^a@E2qOLA(HbTUJZ9AfqPTKQ+D;tyQvH3$IlEGvrWR z>Rw)c^YP)FtESB%1{la_VqddexP5Uq*xLGDlz3^`i^gE~P}pKdaGn7&kpVJdiFNmC zCZFB&j>uYz1?@R7twy)B8LcNTi83YXR(?&A+Q1i5)q3+N+Y31qi%oxJ+&WEIvSX0FA@ciP z-_RLYE7ffpf@6c3o6NtfQfiG1j+>-g@C+thYn(NOU8Nccihw57TDY*J9jA@!HDE;5 z$MoT`7~Y1bD!;}S;*Lq3Uy+|*yj$q;!9kz357TJ`z_ju9?)2g1I^0r@PdvUeS?lSA z|AD9LVJ$`()L76@BWp|f-N%Nj`j^l1j{c$4Y3;0L+FTGhy2fj8gd8k@0RWD=c5J1Z z*H>R5M_yD2xB3jN`KXZHf(7`7@#`PY_m}r?bm{3DuO#5p`@;{zx%0z6J+lHz@=7RR z2ay~q#q(9WL!;}8RPyn$sB#z`3bim6mW{}0+~&tnY^!#&s?L`uyz|wE&&NN#%_`a` z)hsZF1$F>tIjnKnsL7B8No=^!kSrJ<^<-!754l8h3or`{$<>@JL6OG}b)6xPm#@iG z=$Hni6i{&Ri`dECS7)it6>m}Rs*H49aAVFXL@^#dYpT40#o4j?=Cp!UCF!s_B3e3- zb8?r>`=GUoT;ZVFqbW>~ae~|_-k7jrQ!kWV@3wE0TK?Tca+y4v4qxk>T=l8RwHX_C zf|SmqMP>fB{l~boGR0HD>%IKn@}F_}j9W`{`$26YJQBI3(ToYDPD`!&bTm1!id!C; zoe(AoYhnSRzZkWGrL>gh_>DIy-C(RG)k|PGVM!X6chob^u@v>d)Ve)a+i5XZZgr4R zM+w@IKgy*-JG&#p(}&s(qjQL*}05_2Lf*IUH9((ja&YHDHr=Qt$< z&hU~!c^F6eD#DiWyMv*8O}xY*KY!dSD@in*(RGsB8q2x4)_&&4)S53?(!?+!S@FG( z=uqgj^KZO5MWfXde%JP3$s#UtuPiMg`)m`mz~*D(v0p}c01qrmPYX&IJaADkkqk~0GH785chlgE+%G)bo53!*c``fuK~8gzAUqL0&26UJOog)#F8W)H zSi8zk7H)G^+Jt=cM=C$ZHk5aqLpSlLUlANf^%%+S@Y2#^p63b>rw;};)}sCb6qmJV zlqz&uMppXSZ9kD^smz|>>ULShb@0exVs1Nm@47S5C>5&F$F4~UeJJKQLhS*4u$zz_ z^UIRenL%frcY+2{Y~soHls9(pi;XpY;^M8ds*3Sn5M22FPns|0W3H`9lmVEavDkMI z0o~KnnKD_p6H%-ww_M`p=FH9odhq^;jD;aVj^rq6>q!5Y4*W!fVGO5E)#aS3D%!** z!bWJ|AsnEG1W%8?@~3MZ6Ukg)7VJ2fz1V(Zf`w(=$+b6#csV`qp3r^y9iqia4zmKs zj8nhnUp?j33zln7i-pPN=jv?zRy2#h9%S%}<@eN>IT-FhkAwkz2OX(w2D&HZ!%#*+ zS5Gl(Qwct!$4_ZwWCR4&;u`8qR{5V^Y+jXd^Aoc|W(sKtAI?v=H7q^n1he7XMe2?d zg~M9S-|i<=N}Si^OAl3`@y~ClAaX>b0wwT9WysLy_=N+}?>2ok~5 zDS}j^fI?!MosiygoE`gZ*o|#y(@N)^oFm$FboM9zEMfQKIG1ZP!f|d9rWZigVL#AZ zOODR;((GAU`f$Y+FYtx^xHt%p1IQM5Y@9hgVtQ=n-Q`>RhhI#)jV#xi5m@ydiq^I2 ztr=*dRSvR2;JEJmBUTFso!s4_;0)jr{6s5 zfec)QU3Bb3@?f5mBN9tP!l)E?0CH|QPNn=M1#(PC<0&~A`>BGf9L;$Md?UPGMVfP^u&9Z8T4-F~X#|#aDb#|m7d|HGk2| zAscXnD|~Rb-E)Au4Su1`37xrz5SCfp@B1v2V+B(FJlu~YG_;`&`GGNu#3I4dczB?e z0BmDT9G|`v)kSan5Wb|jo^#%?iyLpnO>mM$=`u2GY;eIUxxQ6b1_EkM8eV~H$5{?r zxlgcrgW6rPCoc)^VJaUGM6q}^J$a$~eLLKy943dZXKK%?74KF}xYn^}!S@H69>! z+mDt~nH#YER|n-0;_quJoA3936Z041#d2k%#I>A(V1We$kwC@Bf<5PVagRAFmr@C@ZQe6&E9B$E#rOUTU<`&acZQrlKVJ>f{zsSxWHgp-G2q2Ftmu?X~rcYo-E}yZUjgsqlpH_ z|30hpQ^u5DBC zTvAu+e(F&cB``X+fFf?hv)Y<>rpmw zxlQ%WqBn#$P;p@Zt-Nv^aJxT%KDS<85OJ!QW z_C5hPUq^Jhjs~IE;xB5)(#8T?4|Lsj(&IAPvj3W7DTfTM)_b5idew26u!d{%JJ;x< z*l=T_EkTg|u@ zwn;w+FhMi&;E|y!gV4mXqTi32DelKxVkStdTIo9iw1OEgy&+O!kMP^;5a0XQP3+Ii zvIDXu2LwZ=lP}l_m(`y}rd$b^UxMpf^qbQ3bNu`R!Qlq=aS&ca3ilDDbn|Vg?j*Az zW$!_^ymN2xxaj9Ut zs-%?oL*SjoTG02PDoQp5p&m(0P~pty3?a^xA8nSD4zD1JSv%F zNmEcgh2Mq8Y)V6e|8j{wk=qKb>&H@tC!53^cTsb*O<@bnL8P-W?NMC zd#|}u+gSEG<|CB+$JQdk(QrDMD`^p{2RG-hFw0kt7;Y-Ec97=?Qg__v%irs zcAeo?T%1orWImdUM!}uk2{EMFomKwzIlFlZ$cZEhi6kx zHwwB6`$MGsq0C-U{Oy85WD4fTjT>IbZMq%@EYi(yv$|_3Kae_L66sOK^RI5cS#kcF zuGR_jXi%|FK%VYeynu+)|Bs}vbfwt(OVa0Tl$eUO(??Y%S;lP1mg}6mb(V;WQNQR_ zGFn|0$Zc3DlG3V8a-brDY}^&d3w|_RZb-X0dt|3jGZl4J7yu%O^XMcj4|?oE6<{rY|w4!CY4fr!0B4{10M;6*jpP6x{(n z(ZN3v=YO=E(L}&_e%|ola5&-SJ)J(UCvIVvyir>|L)lgm7eum9C&rBD08)#dl1hr= zDbbo^UT_?S)A_Rw@=Mm!zVJkh#J|-sg3VmThXWcC_(#ovyHDW1B6%q9zmV)3&O&}a z84n&66%=L;Z~?gQ31oW{^E*8q!gK#ddTs_`CVr-ozXz#1UoRIdKw zQbC}QkQ(oGf#Er;qe(Uc0V^>&n%FRA5>P`;kJlwj!G%&4E1AdiOISm_;CMA*Z`&_C z*!tWa1=(zxF@?52jp=IKNTxS$j7`f1^6g8E2}WK8#lSk26+^SZ%=r26Of<;6G2d@4 z7<&tjBy^j{0Q3#C5~^CSXqJwor_g{YVKt3ZY2=HeG>NHAayj*{V?!AHR!bfm3Y%F& zWtHELn04khw#tbb^bx$pT1!&_rFq|~7|S@%()}ATZv^j=tX4><=V~AI_K=@gybx-mpzKwZcMh zrmRiUY5$SPO1O&L7<0s-U#D5)Erx@NDKl(s-|D{ZdEaX6YdO1IwI}s6^_%($O?M}fXF>L&uvc1K z&b*tTw6-oS@?)36&nJHl%N`*6IZ;bg-3!yobH*aKQBmuq{U*@6Ah_a1lbgquUuJ-| zNShi4pza3f0y-xCkR|F5u%b~$yz$i&q9^Lge>eNb?P1d=e^(Tlc%yKtHLL@t#ZuXe zpjSH|ZAc(o^NY1(nTwer{w%hO+#i0OC=XDiBRf zjH7%$kAj_)s1YRj$ZM^x`cuL~!`IrvT$B~cjCOEU6e=_7Z&oiu1SE&kII_@QW1GZmSLgtX>~^7D2LPC5}{!U zSH1f&vyIbj>|2v#@yI27I1qGf)}fN$NbEUAzkVdc)~$WgACihOy8Lp(=qyVj$C2KZ z#xPM{T5sN;#;9T^T-pKES&AbWE#oWPz3ZaZv(Qs1xXf%A6*H1vos-bMZ%S$K9!L)M zO=SC}e~mwAM{>Z3Cf^vuVjKw7j14S0?@HW&}45#8?($*98<$f$3&|G{Wi(LZ# zcvq0Mi*~d}4jT|&`3zx$JDE$qOnQ*lZv$?2{YHH4FmAHhW!wd{<6|-shEW}*)_%UM zzts1LU$MWhW{0tSc)Q;>Xr6B^*eF$nX}QSj7F2ZtfxqF#W1FU*&hTK`gOnf~wz#f8 z$m*&B@bC^ob$$EY;~9u|OSI3LI+Yoz^Wz;aTMW$Tq^#!Tt}3w{1S-N zMUNENx-;_eOq|ThJK#| zz9T2PdiGu8XEMAoh4wj@r#)G-j*dnWG&=D?dQm4I8l3#}tmpcha65_4VB>FB^M>*t zg8(`NM2*_028A0PBYf5P_0}Fa;RG?>ipBas^mi`OKIt7l2uKTRWVfH3MLjs?Smu(YRr zlQS1w$)8)s;v1-?mWRKA%PM$&EZ;sbTszh`03$fuAaFxA@>;Y9T>}kOk+IE{=F)Eu+@(=BJlt2k?*KLq>Iaa z|C)khURpt0mIqa%*`o|6(FdQqfr=0o_p9!2O=J9 z2sLZxqvFvIk;H;kB7!0>Uqz$P_8%!|mSpoKuQrDRup_IZmstSlp*ga#T^Kvp%86Da zm!77%X{GG$&yMk%`Iu=gUodxUe(o11)Uj;B4?$01uhngfllojCl4Q=dUM(Bt^MsWu zencuAxJp*R;~zM|NsP$CRSgOQv-msh)`=*{qbETT%T2aB0=TBEN0fvo)an{?k$4Ac zT3wC=9qPCE#s}#o-()CISQ%cZz?5VgLULqYoRq$6AUaNm@SC;7#ygV#k81WyDBv%! z4G=qCD_0@`bc^#3<1Gu)bGH05ENWIh?=1?qH&pIx9ZD;NUiFhLu8!JGZ2+|MdRD8m zcs%l6hAnNcHH-X`2iVpT>R9r7a29oOO%}jI7V0`y3)p>r$b(j;dM7sCb`uwAn$clt z>%N8GayeDkK5CXh-pc;9I`ERiJ%e1WDzt~;&7*(FAM$KaCQOUhT!IG8zE`XTGCFi0 z*KEdYfU0HvHOqULYd$M)~FIYqvpAFKd>Ng0WSyqQLx-tCT~!&Frk`TTpJAtu zjnnxO<2Au=Yn#6ftS&c$S7!Ts_igP(;WHwTuBydymh`MHG$V}XHz(XGK^>5ai0K_z z+daujR(+aBe=HDkGS9b{i&>iI+Kuex5b~boJik*sF5PmVR;opo`1(|NTN$6a%d}d(x@V{eDJLEf=hHC z&j{+|0V(1Cdf@=(48!p+7?%Z}G9Vm?RfqFHC90x%9b*nceWRU>eY z+ikh9kx55=lu9VgHPCAZ1G()z-G4~~}{WL|ix z5-94)QHCcOgmINAm2)}LqtjL;+$A?&;#bkhw<&gNum5jL_wS!$JqUZuzaH zPMLB99r|}9#QEgo1?b#fRkcSVjA3d_le~EL6DlesIyLZQzYE-nps6?j9OhT*>!6*qv6H}Fdn{oB!>+AE= zhO5$&z75s{hhwWp$kSKLQgKfU?5A-OE-8ixek7fi1Q(VdtJt~-oLc3#6q-^iFSq|l zsnkwQ5LWZQ8KqDb{#nq0$wZz|54etC{%m%)ENG=fH`zNu4LLZdmQbFG7?wxX9DqMsn#5xlN zlhR%z@K-jdv$KE;mEwk%PHXaj#}CB}xjV^# z%GGY-C%_s7BbA5yfNEKt3rgd#2~rp`xnDs@V(mZ!sK*rgJ)yJEta8(`Fti#04I>Ov|Lj zm^jt>7-?d1KBid+BzCAn-u^Ao3)9#WqdYrtpFm)CBk@>@+n=Zw3?4n4aVQECA2Ct# z-pQR&Jhg*1-v@+90+@Zz}{Y9lShEw9ZdUjV9_h8Yg}0aAdG29y}SJX3K`ch_1R2b9{6!B ze9fwi{z}9s4pENNj1!iPl35_Pm%Jq77~Ry$o!!x^vE(@PF(yclh$Zdr4$L+GG$Syj z)eY2vQK3J}FUfmGP3tlkkwz|y2fy}}s<8$^!6c`GSSf}LVI;#`q84@VP1;phoLLQ5 zHKuS%s<2URf1^GG#=}??=2!)8UXXS|;cinkxE>dT*@A6krNIgw2)YjOv0sbau}b1J z-^5H4TOyGX`F;4`ZpYj?|Ie_WO`f$%D?kzQf7iaa2lW|}1=_(G0&*kJ8&15zh3pB-Hjw_DGI3$$o&m?lvaFu<=G${_*orNK(}MKq}j*qp(q4 z07No_&zGY`@_!qciso98m&Nx5HL<5JK$QZ%I>@%TFX zo8Me{{HYE?vd}GSb*sUg?}92ZjM@mOUrw^6{zmNI;rT!B0zU-8 z{`e>zCQ6`XUiseplGkSy24q!AX5i;m3!^!H?O>t+l0b!ni+rNG5f?Fbg2J)hEC$tF z*8@r07bDG1(5*LF)_&J?ZplP?$#EwPfcOjYBC?5jj@$`IJ@@j7aau?v7q<U;e2P za~8hm+&%wqHKJwj`x82m=Kr1@@Sxw}fu$GUf*nIP8VpIY$~KTiD;zk{sy;Ykoyvkg zoURb8x)!+?W%*3R1t|j^Q!c`jS_hfZV2{^2Zu=D4-7`)yE}hg z)v$&yC;E1GqJUl717?34BRSo}yp`;^r-QpKz)1)4qFHcySgBfW*gAI-*&GZAPylyq zm==jZ70JNQ{MT00Jf@}P2X!nNroK5nSqL#4cbRqMx%a z|Al4Okug88ekHchc&1OIu1V6+AD@5bJot)_=!Xp;@~Z84QQ&T}W%{`Ah0FQz=TSD@ z|LvM>`$fxksNd;z=(Fwf?MUhEsqqBLwo7-X+hj1$)@XTVCO`=MvoMnHync@1so*0( zg87@S=If8F3U7D~v+Rf?T`xBCWwUJGpMWcZhr;wY5Q^crh>kO`0Sy3Pm5oC%_qSi8Cy36B#Vi(h6r_+w{I66`zoJ%Y1G*nsfx za9T2epa|D}8;D@3HAn{FO98zHSoBa5OgaUZ9 zX&KOF@}8_i(_rZ}p?*zs17MY?9(q^+zZSdC5w2ntbIHY50e7b^g}!$mixhnuhz8}UEA-Hlbg}*2aqG=p&IqTz7s~es&$7SC9abfIKBLz`({FW zW3;m(3LA)Yt{ETbNX{$gv|9aco=Fmx<-rw-WHCklYpdpd zIJVQzd?YHoDGu^;eTUlzh-?FzHn04jU?_W`s4>&!Z_i~y^y)R-@S-?26T6QKSWm?H5L9*0L2`N?ldcy)5uU{Kn!z^mmmN+EQ8 zjC6*=lkYh6prJ=eMelRuMV?^~Ba7<@xZKuZzk_92cKsX@$xd{V9}pi8nU*IEkIoK3 zzvJjn$i(~fgnxi;I|vRAXVKD3nA>d-)Y8Hcei%+c{y$j&p{ptDGwgu4jkpjAJ!H@n z^)s8Q&U!+#Do;TN_q&%)&yRT~oMZumDp3F?=D_fgEr%**XB4I?uJ zdAtkP)+0X*oDSgZAOHBMbl8X|M+5Au#-iO39o4pbcb45PZavr($acq|f;Lggo2gp7kZ}KQ(R#E_wJgVg;i1{0;ep2Moi^Yh$et4C4MdVPJtXnEZ7z&Q7&QCwld^O8RKj1|CAO zLqk>Bb>+)KZ{mx+M~7Si2Ad5Axxp_CkWYAfF7QKsDz{jKfW>*Z#fnV#Rl`%hv%$^n z1LpI2%IwK=afMy$lh0t-+g%^;;qtwB)^CPHG{e3Z(!glb(FPa|vUxi_dAB?e96a;W zY_H9H^%j>~rY(-a8gz1EL})VQHV$<_>9k83!DDD^Q{Fie(v!19p9^a<90D$ zBjic0Pr?k3M!F_#VWQHxx%po)ny}!2O8h(M(ZA#!wS6*tW$nw2UT~yQ zSXfGKR|r|G_>c`<-bB{tRU4itAr!WuHMu zSsDRSq`DE|eB5ZP7SFRH%U8WjlAot&O-LLMpFang-}iXl>=#+kukYjB4V3a-tL~@8 zo))J3f+nh~7GCBDEsC=PUXxZGt_#)5bXH%@vT+8_ldKYrXj$z?DT;T&w=$*oH$EwR zz>;-bq#e&cKQ6nP-9BjC^B+Vac`pUuK2Fq_-`62@h-zldk6Rdybo|%sI&eSN-(_QA z=iEADvNs>sa(M5zyFVTs9@jApoH`j!KXbiD_EtZ9pNHp~Pgg%xitkT4MnAOP4g=bH zoyR-Ql8>MG@LUbZO8c&l_(W;U;ll?Qst3T+uc1OovtMoYrFLe-?Td}K_|o|L;qYF4 zBv)xgi(!GK3!(rnupfB5KaSwz1}#*D4MV@FfgLC_wqZS*OL8DHE8trFt$l*v04s4^ zNR02N;0MdcYkzFkEYYnV>JLMD?O8N|{yOy_K-t4i_sgq6(Qx!VT*p+^0lu4)S#6$# za?*~ymC&iM{yn;hS5&&l6U;nmK;fnc1cWn5(Fs({`%27v&uM?z%eUhOw~0LvNaM~I zoGhn0%(8SwM}@1(sguUK4NbYPtff?mW9R4Ogx=ElynvQ?yCmDDfaP|)=Vvh3@ZH-L z5Dvq>ch=nC4D@G2>TJ5l&tPwCYVJ&9yzQRz?e61%eu8}FFqrkh>mlcct&4vs83*dw z4c5abGbsy!llrgw$-5g>|LRqBX7JWqCnj0;dP{LlkB+nVTeYb&cg?p~o+x&=J9Ta6 z5ft~6XS1sjK+uZfse?9WEd)|kE3Y^RlGP!_GrQ-$)74AUhdxlSPBf|AAI}OuUl!Z< ztty_)p9wCv{tTYGZe5C^Q`9Z-f0-$9U8~r1`))%0LIeUkXJuq&LS2qDu~#3++{Hx} zUE(Qjv&AWiVv`ozKAB3}&1!i*AdHPOWcOF>gN3D}xHJf6_IvE#9Lx+S9=59+%5vHb z3By<#`~yx`hJ{bv>==jq_WlUY;=>=dm@;Gb(EX>`ZjImvRAKH$QaGAgpEAVDq4oey zG{mW{jjKaz&$jahidwrt6B6z~arN&7&GS+#SSG;k{(=HbhH)XXvOu?OR$ae4r*^p8 zR?Qn!yYdO#$&DAvTNFD}N2q2y-u2`N7D`7^;dJy+DX?jb9sayU7cEbIjPET0ntT?e z#;|vY2fFic6XB;C9i_IBbN_k4b^ulT&`{x|@Au$Bg00NsF>%jywOlC=7ZS)WxjT7Xp`&8BUqhAIQc>y*wqUXy;BoUt!}DpDJG+$G zTVBe8@zWbpIr<|{zmu^^P2lt!0*Iv}_%t9}xG0Qb2m^?gxSJp?E~sNN1P-ex!|-Pk z&$N1qeEd%kC}hY_B*}^sa+aP6HB6%quY&TZ_nkr*O>z3q*OtA979E&mr+4@OddEt< z3x!7FFT{-BzfTCyr$SL9tb8w$lZmQm00tl`K~A1*d>=T{>3v=jRq}f@_~Y%+ny9Mtz;>KA3toA6J3&dV4{VQY z_uM9(TyK#|V1E@0%Lj!;%GVw4<7w@+*5!6g-;R}~8uQ4|%JPjX&L|a~=|K=Is^jvq z2ing^&_Zk2DC)K%c$CJ;H*!Jvr;o#YL~*uy2p)m~io~DE(ZSzCWvwz59iqCfF}&)c zg_LsLM1I;4c5iZ9z2UNNrxKFl7WyJHJ%Mt9A5UW=`IptpN6%uhE7*jur!Op$Ta|oI zVWJhKfwJ7!!t0DjRVlx%!qp*pwa)?CI6)y)6XG@4U@X?1d6V-+sXC1^uJ!8TuUW-&2+#1I4i;L)>-ysM^A=S z(=B$k_AF$=8%-8oZvXR9&2BJ_@BQedD(UWrd2sPUx9M|4V{>!3#3>}WAPDY->1uIA zm+2n02y0EBt7cBE*vby%$J~V z3KGVmGE}O}{4?084NP*+E7L2Rek9al``Nv|$);3gUe{rQ+53R%+Kbh@!U|AScIgi# zcT4Qq4VJ|3)+)_V03P~lxO70D-2BgbLLIonz7oj}FDA7sm_~N|I}Al$@PM&*Mykzc zJ=jk1cCOuPEar;L_X_pCTJ(Sth;`?D4G+yekmhEAJ#g^6=<{<(S#eI^J8~ONzg%DG z!ij&Q_KlFE(YeNnH?T25UN0%7T zU%dS|*W-Ls>6{vws=uX&s9sj(N+8aCtzG0cdkabpo$t55{}Dl%L&tDv7V5 znLE(nFgQqKMx^|Y9Cc4Az*)-K>-XR#Uj z{l<{%zTN=ctH-@C=F>h=J_$(&DVkE$?1-D z_v<rTN6~)YTnt88^No2c6&%8L`<1I!(~oxVC*~4V~WBB1#hi3*=MW zQq_^Kmwqw3w^M70t_6JHe6|X$b(6fwhoL-kk<28PTMb32&9_;hiMQHecLbCP-MTtq zN!8gW&~7_dD-WMf!=3J{_KvF*X)k>?pNp%IcHT8W=_yJ)k8A974yE3RoiZBo{}zI= zh(BJDlS19m(#tGMO(yot4byFtQQFzF`m34YIl>UMJXIhnDyq22v{3--x5?0rgOmFg z+C6dbZ=`=j0QK)N5wP|;f1=Fg8xQSHu5`_Y>p9DIK_NAuSR>bKJZ=5wRt6jzL|oVV z>yRl5?y$Z!lVX}8>jx64=tZ}g9G=Z{PElS^WKTEw4hVs84=lOY8#wHr>B$y}+*41Q zsFNeO`O>akD#iOodx2D>ui_jBpzj<~pL~``pO%}|4MJG2++GP)e-(H$bC0|{tsCDU zlJF8J=CZs@!BnZ+x{4`ZxIf10e6j*6jyt+8f0fv|b#NK_*>TG8a=-}5-g|`mxa-^5 zDfb&s<}Q8yG@VUw*#Ip=q5LnU7Ap?Q4ikCaqZb&FR>}y-muNmHlQ=aH+~lA?P zH@cQOpn&?lx zyZYmlzT!}m7#(J|H$>EE54tojACvi+kSs>{TSSy(wo{;xN7uaGj1ms}hvJsfl}t5v zwKIxL8v}Kd`pZe*ReqaaX@=kF^_Ko?diui2sMlH-+)jYk5#@Q@)^OozVN%Ym4~PCA zO92nC$R%mD`L~x&uG$?Dy_w+7Kx&6-&6Et_CToz2LSxo=2oeWoaf$x1$0eq+LBcUw)1aUDa^(48}WWYR#Ka z+6df|7tfmy6iQP2tv&n!oo!U^}B4-~L`^U1}vRk5#7`k@gWF?WMB|R^o>W(|KgG7%aTpDoh z(W`W`tzZGYXD9%SNnRcDy#&rA5Il0gB^%`ajlI^f%pn%7&5>z9!> z>MgsX+Gw&N9w|*P3N1#sqIL)q%?SyE9YR@I*|}xqACvC;EVUKCOl$UEkO1%nemmno zhPzbXMR8z#9iPzaJl)bD8vy`awag)upmv_tzdZp1_-HdalyY3&){L*T$4*MrU~q~; z`%;SRf;B6&E!k!OVf6+Qjk=!*PIj;qp%G7M_$VVo1?|6CCCR%5>|4iTnC5>iYE@Neb(p7Zj|YuLarR=U;+C^dL@) z<7wxHmEuQmzt z(Fni*+p>#`OL(K0YE@q_npLMdgJ$k$DaXxJLy6|KR)v>Kd6FKCuy2Ov1E_R6p#A7{ z01hE>U#kq|?e(4FWAGLxZO$V_k_S;)x3lT7Ve$bzcxmlGXMM9`2;A+`^A31S$Glpo z&I0vul^wrxEi^wtDb9Pzm#VQp`!0>Ux**Ph21p!`+EUmZ>+u9oTsiIS+*kEq35NXe z5JLWa{2=84j@N(EtC@T4ZC#g_g`F!rU5GZ<&!t#<&Pe*~B3P4g8lkwbWzo_!xrWOG z#K#!B%_&7RQo+D_Fc=Vl;wuCof`WsgDF5xl{g^;3-1QCjTcb+ZW?ReQ8frQSXC}x# zmIL^S`bKb#LJ7{!trnKri%5ll-?#UMXFpjlZ9Wk2oVl5piX4j6^M!%4@dHZ67Hi6j zG$87xL+GwOgaiw@rEMlI>c^zwiSsp&!sKDirJve*qBtaT7SZ^EP5}I1@HaIOormL_ zoIEg%K1Tbsh9&(ci=m@Z(HjIS8~c@TeeGrt=~5R-@YPQ~uOnbQ6_=`aFO-9EgSlyE5R`Q3<~hY^FG^%=Sj7?U`idU^X;10tb15JyV(*lJzTjgZ2hs8 zG}Y7C&OJ^=DJZLWq#nf<)svqDA+K!}20s=54bnNqAM_=`KN~trui&0U&X3siCoWYb zph0lnrmPv6t6p7IN_ig^qNREM4JwY03~?ua5l8(&a`hPgDf0Y@+rO+ux+e+VBv(tR zWu_UxsVhk?hgw1{EYVxa@6Shu<@D& z)(8&rO7#x3>!qw09$^_wtA_)PXh`dIE?|bTnn6PAO^6Rja7UOqRnScc9lv{C)=&!} zp|GG=MJ0$rwWirPWzA$umDYT{yK|0NQqaEr6`V-S51c8(zl%5=`dj_CMBF~e`|F+P zC*Ixp-`x5SVg0stFSx%S`_-#fBZQQ}!090YpRxSn2+fA`PAQ*;pu4TpmNW(ajfM=L zUdMD#_jP;=he{fA#W8rMxtwS>TcHoVQ8o2uqizv>I|bP*(gL(i&^i_{yTxA{GYUf4B-N z{E{0HRIors+{G1J8OR(St;J_qg5dS77dpKXNFQKn(Vs|TS#GdW3k5d=2Rt6}wz&RZ z86$b$yOMAkl`@qs&1Q_Lsf?YvC#$)kXaPQw?Gp`Q5&iPY%7ML@36oXpA*?* zyIudG?*yIW4~0cqvXqaWj)mw414a=RscA6>gcYn1)@*Fz6MIo|Nh}5>t`<*Z&UG3{ zHY~2>&D3Fd`axQces{COURqno(bsgz*#JG{W`rh_%@9^uIASke57nhv-<<;mZ#^re zt-+~$Lgt|RK-HLf`w6Voc1cJ_41@^b2K-sYm@`_GT(_0g)8&1n2akYIs^+l{;2B4) zM+Jeu#t^;{v|sc5Ud4{TGybfwJRWtJn;X&!C=rFZ*T24nNxw9Vzw8jIY|d$244<+r zy-XfqrQ%*v8)Se*jGLF&6={jsDAk(!-`k)9M)W&ZgGTKw%Tkumw9+GGk7fDQjk=Q0 zwduX}qa5*0R#jzZq}aCa10muEup-${fKuW( zH#DS;=RTy*sb3!%p1Xy$qee9NBQ6>%GEfYU%ES>}4roRTM$jw>unBPovs@N7K>L1qw`^0-D3|EBWqcfbDPe?MFB z?2ZN4UG9v~zm28o5Vg+3xX6f%X3upFzf(GKJRhhHd%VU3&{UjEYc4M#n-WxOV!8mt z4~Qvr^I>~nH?hoy2Gz@R#=?1^vR zf^F75WoTQNno`CP3r@6HuZ7oU0Wvg$Ao(#UG!$;D`ymEgOoS~Ln*g?i=5?7>)*Op~ zT_zS}=zYv@(m+{uKb(d1uucU+(-8f?W8_2l!tae0a$*HLHK(-Eoj{``s6czu!i_bgrhMy^<9%bTu{{VSqj34sU{gZyoq!71})$n^9 zcw8Q=;=@L#$xxP*^&4UY+78G4n$W((&kEyjiQZ=$^jm_XYTuNsjAjFw-+L8AlVqxR6pOb2QD~ zNr5OPM_?#|N;GOT8N%?`!|l{?MNdvkd#GeuOn+VNRYSTTZklcyMByP+bY=$_iKlMs zQ4R8Xlay`m~IUKwHg{ zEXnD8uPEg7qm9{q51)CA=!DA}&pRWFCug#nH>X;|1qDL1%;QXn0b#QxBTZdW}Y}=!6vazDJRLNE_hX?ZIeSg9ePyo#_r0v_`w=KZkYVB0ryAQ&!1ZO5 z&!yn63;odsKF7MUmw=xQ<|~#RoSmgL^mA|V`JWp4W5gMp%A_!c`B3k#R}<@L@T{*Z zZ+K8_Bn42*a9T2;R8T*dn50nCJACm7xwWl*?^!ks?L!;iB7|Npb-%j-Y}==lCRAJj zKAb~MYe5yGld%9@VE?*T(_+A~ePv%ezrrx@BS4M}m_8wp9>N|-TV11OBynp*3%oi* z;z)W)M*G!rplD_z3+8=TkLQ@p%HxSTWYC{D^qS3RESS7y{a%dsrk+Lpdxe5Izzj3<%0T*@~=;-*MOED6r8Z6h?Zn zv~Qy0_85!WP>yI1zPLsWr9P+zi_e&m!R)2=qgQn!uXf3z&EWBBd#yn)$bbCv=CgeW z$P8eraSegZkbRF%8=kQTet@sJOX#+`aB47;$#RhS0LRw|y#w`ZOJG2O7sQ6+UzKal z4PfHe)1ysT#AQiVuqH@Z5NsG$U_4uf-h%?)3$4UQHh0HDAcS!^12L4SjB_S_==w(} zCmD_<=PkZ%y=_#PGWyo`X1YlJ(-3 z>#I?9bwR@9Wg~KNE#vmbE79K-GV9h8wC!(Qz@-9awX->0fFH8&UG`r{Y&q(Qoj zH6u#{1-?^3H+%y|39lr_{IbJ(9p^XDl7e&X*9CMVB8dr_hNYq{=&gmgT@V{#UM-A0f zih7%le}JSHTWiddg6tq#VP2a9fKXFRM!>v7wBbE@v(c3?MCw@bs5lh??X@p$RIB?W z0{z(HPJGGSa&Ed=YMwRMk6&w&&{_ur7r3;fbvHBDNqN^GrD%W@<^5IjuU~4xSh(ob ztI&UHdZ?#|w6727a#LBYyZSXdCfvbRkU|lo#)TyeEW2CerI#NRcTn4h6GxrR>%&XI zV1QuBI z!bm;Gz>FWA-C2)lDUx^xQMWfzo7PbwL6<6zHJ*B1Hc=><7aVc3z405 z%XLxvXRck=sJqW&KJxZG{xN%R$968qpq~LPfG4Qs=RXaTDa)G$z(FCz(L@{wz z81y=iP7yM*uQN=xjb=&HJj-pXoQBKE6*44o4g6^ncIFH+?JGT;;Dl!W=tsa`gewemu>CIHIl}d6|ueH@! zcE`&xYkrlwZKBS;rKFfi@$od=*8&+qdEAB1w_8~)q<_0;XVdT*vIE<)90d*to%*B-}y88vQ; zlklIfz{MW=Rm#hEC$<9}BZ4Z?2Q~JJYjetq3*ce+73*Oi4L$uXW%6h&*55zmX);?3 zZX64JeAB(=qGWt2OkTW*__=Ic%;)^vctNZ1^@P795Hm^oaQ?2^!1@03nmATyuwa?C z!gYiYF;*CbMgi$J(dC}8;859|^-3^jtx`r&mwET)X^_V$_za4omQ1@+tz6dQ0l1woFGXc6A1}OJA19O*78El_A)j`EvM}I zO_pTl;SF;ES=~rVtd!ty)~3hr`ZZ4_jCnQi_K+yCSmQdI1BnmG2G!+ zlQdwsB1W!%89R&g%jH?|@P|!%ulMpWRzzdM>v_Js>ldqk!qB)16APcIR#xS|jUH&g zzS*GDi7lRO+!?6OF{*IJw_QS`O?^7%leBYD_MM#3Du~u48bFhn#sGZ@u1I*5yueWyx+e&mU5Wa@@;7E&M&V z^Q&R|9sdJslQpR&8S9S`F?qYXzWv_yN>NRSFHeAf&Y?zUx=iBNl6MqPPpEOftjgCl zjEQB9G#^|bwouF_3)J6&a!5&7XGdd+RDZ}Y&@c;H#qRI6yzqQ_jc0Bnr!kX&CFwh94n2oG@243%#U;))gfZ+G+Q z?R}?3G7w&MSibSFvvLP6W?_2Izu!pI zpZvfnJ!wU|rU`$mT2-j7QzYIs8{i8&P{Jke=vIBi30wVm6(zuVEY(vD)1U6Udi(mC zCx@*?L;dOUdKtte)S(aMSR+qL0=6V8h{&PBJ?6*M{m}jx1}E8)U_fV7c^#H%=JPX7 zSUny~(x#DA1QKLP`^6gJd7|GtMC+gfxiA7cPPtL#Yl2DQZXjKkGe~$*RE=df*f4mg zrCVzv@!7Wc)5!JbTPJeX#e(o0a_y5ni@&N$&ST#Sc-%$AMrssRf*0 zhJ$I;STstlfHEleeIaJ`sdE8G;fP(ur%Fe}f6FF`)4_&-;MLj+vpT2x>PD(ZPp(w8 z|6Du+PitA0V9Ydm6IY7cdUVA6+Xi>uSwga|Uy_xUTCx`xdy?J!;-t1p9M`l+UF_P& zUoR_b!}0l`HtjM$PH{(z>F6`B=QPkm`>5hbUym3R*~>nlx4Q+y1B=6*GEUT3`FcKma~#qn-?^0gtz@!x++;@ z(mGs={poVSO=w@E8*1@C>+5%{bvn>D z+?@Lhiq(NF(;1_41;wqn@r1~uvUEQrl($JYwK z3dahp^%oa;c@s5VJoR8l=VkY^T90>h@o!Rm=Z!jaSjhEDx?1m(OLc#QVpx1kt1~DU zA2{Y*YEpXbsQEON%5sHPu*yg1*hw(BMT+<?TZ1(MbGsw2O~&r~+6ZV9?YuDnvJ@}O8;T8Q zP+D5r5)P2=5Dn%17u$Rc3DEF=I8URlb(+JkDJj-ey5z9|Qvdhr>X@E*zGJ5cjpOGx z#?mHtMA2Wv?Ir{h>0a~<-#`eJAGQe$#w>TGGc$h*)~I7w*914F)KBJ zqb{%A-u-UqG)3P6&OiXKy#LPq5MWoOx%_>=Xo*;G@SVMyJ)_G)r>eCj`jpn*#D2q% z)@}&O4YEtwK@|4U&*q`4)MRgjgtBXc8}RFeE@M7v6m@Gg-xT>{ky`1)4;_cD_lKEs zlGfB?6B_t;2q>WV6-lC^eX)wLEq0pJ5M*D*mAjY#yU$c)={D%}O}ynCzEtsXLTpR= z82FI~@VIS>g#Jg z&Wvx8kt!|Wob`}Ib<2nm(&-T(rAOLSxmu|``Nm?(5VQymg zT{!?|CT8T(_Z3=UZJbuLMlbT5X@8Bp0wdS(?)2Ki*Z5 zO)A-exE0pc}7PpxS^!l`6>KrcBr(}ZyI-~+UhL$;zM;KBLs1AQ587E5`{z|M`Jwe_@qOIY* zKsZrf56Yb)tP68Q^W*faPp++Z%XC7?Y#_cMSQYWUw0IN81evu&TUcT2?Ba3iV7*Sm zE=xf+TxX>h_eLL4@o7{V$8W%|!kwd0)6I+uOeqzG9VKkA*(Cas#v&H!zq53g#*eZQ zn0+FABW%oi;cjo_L|^CBc0E-z&ku>qff!_{x=mc%ac|6A81rl2`d(2zUQAG*g^Y%$ zpGGzgr=!l?vk>mxbU>P2%Recq^Wj*=NRjuiUWe{mWqkZRTF1DlKzFhK*+_-%W@;@n z4}q(jBI`9XXec&&az%&`Hr{bww>%^gff+rwT}v0|qNxu+KgS`mg3M==mtLN=8en>8Vs$R=G5@qwbr6N2|MuH9`xrt;XmSxwrt3!v@9eIBviq^cNyP z5C=iSBM0;wI=f(C0trP8(FZjf$A>E9RMUtaa!v8V@a4UsY*on2_wpkwTP5b+SkvV$ z$>U(Tv-@oQ{fSo%Sjvc`zn-G;oJzI`Vr-FNhcE$<2{9Go-jEkA#Jtr*_%( zJxOCPW%4a6j_--ZhWcHAJ(y&O1HatQt26RSiyxUmJ6NI1@`J6F!yJjZVP!j)KRwfz zd2F&f#MEaB}#pJ-L7Kek?)RWOt$9J~#2i{E1b5_4m5M9E1vQVy#I!8^ahSV{* zC)-tQ<|aN>Ckt51hwThS1_cFZ@QUku!ropTM?cctkIap-F}?}m7-}bF%JIK-$i`Y4 zs1=YOpiY*}kp=BYh71Kt_sHoW%|~NeP`-(_1^h`ftk~7pvK13QS+*vdNoH=H=cTZ^u|JvvftxD-n;xSt!T{hFud zk&s}I^Od?D?+5-DipNDqhs|MUtOXAiuhkwqkq4ZUJksi4u~WZlLd@BrDE+JV< zr%bjM?TspuzHUAZ2kS_|b-wV+XZmlxWmSaVgRo z4P5W<>Td*|ZGx_msu2Y0BJN7wjbKVw%GQeqv&}-m+0FesY`VZBgr@tSYK^@5w0Sx!A{i|H@%65$*5&fPl{yT> zx>wX+{C_dMxql#|1M^2|S~)ZFqbG07g)pi4jmo)vL0=Y7>|04Yaz5*KbDf)1^|&FV z{M6X4zm0s`PDztdbsXzT3^sqnIWT2QDV1xT`&l@2I^ZFNEqf(>ER~Z9L(!!*5!vlJ zy5f;(7*Lno-Kty>P4!?x;pXRqu*-B`pUJ*u+C@cDm7evfUwB4_Mae7QhC173b%m!r*RC2E@{AZI11rZ7L=HdVPzXNZaTR@2H3FM!Jbh!synm$4 z@Ge1b(_7`lfgRHm?~UOvx!=h{w>JWqpxkDU5MGL#<)9}Qj4pyxn)&IGZtVy}*zUdq zYpx#&%t?()rc-o83xug$yS%dPz4bh9g=e()+3_ZCsy$%w=UV*vHO*%t$&Ap7b?*w$ zkKXAYuz2kfU&{@4$YqnYZeVUzGY@u=XO{*;vB^>xg;5)?bSfC_6dYu(nm1~`>Yv>% z|B!h_Z}ZM#Y-bUAsL=#PD?ZTedU;dA$v@O^?9+UW>Mq5FVw7<-TXwc*S}YgsqsVhb z=4@`uFzOhN4txD^6K&~hEtl)8tTCcFnj|S>dK#U=XQ6Tg5A?aMzW#og755W<;Uix| zMmhC$cyKPVNNq#k$5%n@@wZACvRAajvS&xTjg2(0okfz8X`(j2rlV9+EYK(FA?0B7 z;qh_XrhU^C6-S$1o7@-<4_ROVrD3*YYVt8NDj07+(W|^moPzqS*w9%a=5VJIVT(E1 zcQl*EUcz@_Tc4-xJ%l)Tuyjir|Rd5+b@(PG!+3p4Io5LN8m6o#j?sv_nkZ2 zAEuXW?%opiK+9>t(!0qhrv!pP3X~XJ`@W_cjDzEJGtB$RYzBN7Z227JnusY64 zMj_`?TXvk;l5a>EXrJDbee>EAj(Xi=Q*WzHs15L3fN5z+3h>bf>MA3&T}!^)u_BPk z$=WtcdWgM})PheA!=Q{)=27V@& z*a+F(H6A5wN@c0D`OS73mf3z*&S_t|v9fLW{^OVnWe$=JQtvUj8RnS@HghLIV*9k#MuFo8KXv#_*83FEp761y27QG zGDX6T_@R_@O=d$oD9Y7yjiC$;`|9GIupzwrl1dj5(}R042tjD2X;g{exO4As{X{Nm6Q!a+=*4H5z=A=cum?QG!?-32oaNZ)6yiqBX(TP-qKmRIA7l<@wlJHTx7Tf6&xP3KHDGU1pD7 zDGhx0)y7}HXKCL6UDV0Ws+ANZRoQ%uVH_wZzx@trD#S`oWFsOFJ$?@i4Ex-h_tI9- z;+OSZCW;#};$i61i4W`}wd9}&XD)Pu>O(Rm zVTCNvaQ4`|;Q7?JA|&ftj58%iSo!i+i;KnjHy8uGdATqO#b&t;u)W`{6vDP(m{#Q0_HpldW?w_ zx`R#zU5&_r{*a$-%(fTZ4nJfFmRL|CoQ{5Mr^d$zonwJX@?oqT>vb@m6zv5H0^1NK zBA?Unw+R8M6=QCqt-*Fa?(75!M8hfJd-PQXvP}~(L=?Wy1Pj}uyV#|8gUOGKl6C~e z0Q~_V8c>iNKOLw7ff5cQ<#QPjx|yQ)7rCil-+PdubdS>^yH9~pDPh^WV{swT#x2C= zjixPaQX%&Ct0Lsx5A_!X>4)W(2Prz zbuw?Cr{{px@M38;H5ho+!d!7biFhKfME}TR&DUs6qT1i=?JwIK~A+!`xNt& zb+0?HyCN_Rf*5fNT6Gb_Y8}4tWq7(GVkUPpYrYFjPs}Zb!v-tw4&Pq>)?*g@9`p5g zMgVo-(MqfH(u|h>_mIth^tt4o`Qq;zUz~c4NCO>6Nj@&+ey3|(ljv&sZ!Z81D|Ebp zMo|fWV)9Uw`K}vD$)rg-P8!Z-+37aQ0?(SIx=Jo_*dN4YCKU4sMwt_NgP_QwN>^pD zVU^>z%PFI{__Uxm4}~e6s;x!I*1K?|lp`C3Np+M7uErT!x`fh<(iH4(wbE&!--@8W z(<4L+!Ero!lP_4l=F2}CiAOtEDgHiDO7KTh_W};|u~8ufH-fAqBRjithP$0z)$)De zM@YH^Lj^#4Ac1lRwGHq5Wb!)Bewv+*k@B^^aN>b9}JPO~krUkXt6Dz3I`7Y;Rc!MAwY?_oKejh%hPa11_> zX-1%r{3K+UyqqG>ORtTY!C$<&DygXL?h(@!wk~rLEUQ-c_f~b)4s|>!l(AarZ#+D- zVbJT)K#H5EWQXMZNeDJzT->LsyUJ8q7rAl^3T6d1fw(`w#{V`a7;NK4m+R?(%jB%3 zVN&p}%J|to0p$@l&^hlDfHo)fTzj`SwrP~9&t>)L(s{Q~v>B2H8c;i&k5xCERKy?6 zB!r|_RO@$_b2fkfOdd*pSuy)=y?5|KWR`-PaOEn(H+y64j91^^MK7*(`$yoP7V@$% zPQPQEQO@L! z5snCcO3*U&<`64fhQA%O#J(sfep`8kU-01`i9l%tajU(o7(M1=dS;N5ZB(pcbt1i4 zbpA+Er|_n*uW7zm+CjvGFCm)gB*WIv#C(&&@!;{z7vOa1S( zgY6&M$@L;sfbZ**Wk?xu`b6cIUb3tRa_Cs3_sq{S&9pte8vRt}30{4sq-S6!1HBQNl) zYm0><>u3cn(Lj!ujG^&8TX7`clUNiQfOHXBw;)804qD2wd7UO#DB|*Ls<6GlM6rcX z&Aut}u*mOV*i=^O3j`(UY~Xy`ktSK&aO}ED_F3?8%KJQ7@l-N2rc0Nkk(O7-kU{`m zhNP%cS{FOm&M~EzT;7j}I9$culbRfs_XQ@_`qaggWUe*BI*@~RBIFOlI6B~%jSg%B zKguAFh-$)E^?sQX*cd9f*U<+=1jDVB^{Y#(Wnh1-RHH&s1LhJ;z*68k8v^)KzTpLn<-#y0xw*adYQW{|Ag8JYRGK zGByqQu%V2_@r=}&C0t#J>R#4=*s_8YvU%*79I5cKE~~lZvsp)vA5FJMr-^jad7Fz{ zQM?3m<}4*f=T*GFVaVS8Jv>zx;3lG!u2}DKu_uj}@G(l%AjV2Nnekv$;**_f5elvK z*ov99whi7iM4MCQ!7BFd*R0E{bU}S7uc5e1!}saDgm5XzoS&Spf54fl7RM9QOjU2@ zx4qgZPI)tb50n1&IZVffsx_OzAd$3bLJ?Rw*y5t&5Vc5CS>$NKj(72=IWF9LvhyU13sp?ZX9`rd zdVX?EH>tI++S3#WEBQc4nwglxi%`h}_@nm|q8Mg&);$wxh?3>pq}=?7tkP$t%*>+l z;%}2_L>RO!D_^~V)zv9y8Wl0Lgo6yg&Mm~py$LKh)S=kzRxQ;jE*Ui+ zhKAni8n*q2@)@XEb2N(beJ*rWj{9DX3 zMT~?8VK}JXyguuF@1XmiV*j)eVdBMgHj4zJ&3y%O%pHzReWGlZ>ba1bX1;1Ed=vUj zH6^JWn8rxU=icDe-g-9J(zb11I+zW!H=YAa23b9SC1B}C}0p?taVLgSF^1O5>@#6iEP_x z@x4CUAVDhk9J%SJ6@h?Sz)-^6&Jwl}tD_~F?D$JpJ8Vv6w2%TFb}*RQ&@2!=(0yVk z(ePq*c}V{2l3GRY!~3VX2HxDjaO-%+L`eFR9l8V{T?oXW^DS*IwB`Q1Bgx;2lnsQz z15U$;AAKz2dq#)}ZOgi-uIY3t`?=6oyl#Gm@R;roLbO3y!HxO?7X@x8zI<%n|58X5 z&^a!XT^_x9nt^JS$9Wo~<3iDDYIuL{S>RjS3Hks;$sKvmNjfYGrNcWc9X`So3dfoL zab<=XxK}u+T#NjKxGqbMDj+9m`nbfD=r0{)iA2h*3zM&>M3m#QGJ_a`5C;{>s>C=l zL~|?!MprqC5$J!;d`{92ZHxRV8$6d>ki%u50>{5#Hwp6qC?V2wyl=19>1w8_3^tX`S$3)uN3}SZLF5G=a^rqmqK6n#EGz^s%1MYSL#= z^DDaW;=*6+r+@y5*Z$34`G+KwXwNt!N5IZt=^uzj18p*abT1M-(1by)0O^lNh$9)T z63a>++o83n>~}mU)=?^ye8=6Xv)0+(saHL7qka=(wt@ruHM=i;BFpm<_6_{hS-A!nGb^;&#h9wuB1Y}CFj#@17ua9W34U9-L6#Pa6^KngV-+6_ z7%8o}Gjx%EFqRH5l;<@5kbF&D(hY1uK~Ac%SP zIa)G3s=!Wa*A-NC5v~~sc8%!XBEI|AY8*Eo#oa*)kc{So_l0`>19$dPAI~J{U_J0Z z0cbYR$8eWo7E!xnt^OgX*PvO)`m4%f;-A83dQWrl0koH2CM$2mSFYX9np!&L_s#25 zZHXpgNZ_&-Nep|DFLf+GB^S$r8@n5OIcvy`&z7o4QL){lxoQwBK7an4K33aQ91f=B zrWh@W#};a3OlALAX!-iRu|n%P?|pJY5%^7?Cr4VxBqA zE1YH=gZN<~=hLlRVnQn%VyMoH@vVMEkP&-m0ADTY%L4rE%6 z#V=|4AS>o&hBb|WV^Qhs0k6PpmULg=3Yl_>=0#2y8Fc;=RO`UFoXMFT$ps))VR8y; zN2uOF#$?j%x17ML8VS^s3h%B<*4b>O-b0Vfj{iv)az%3>!$a5G!9gulk(l%sVo2Bq z0|(`+kQ#m#KZ4t*oa#(O6kt@K6d_q9IH$S6_n=D3$??YAU$IRE!>xK>=bxYZ4DeR~ z++b^T<4SvDHU$5Qu``L?EW(TjR*Io#MS{x4_%++hs6s>*to)hBrk=>_0}?aIK{AgG zx?2yxX!sEvXbqr{08C4|K~)tpKHB=>uL9OkZ^&t2j6wTjq0Ji^+v4g9-er6`Q*>R) z{_4!|{4aYhAfraLyI8Br_5S{T`4d5$w*=lZIE`8thnwXir=durhq;s?VVcP*tNfQJ~-b}?* zF{+55FX?6k6F~75U9DXR=!y_7o~Axug+Q?K6zDr0_D4&$+5R~Q*0;f1 zP$_z9olTO0TR=+zFp(3lMDDEQ@z8V$vI>!f8T#5LjiV;vOJ2>H53h$ z`Lo=Uni2!OlJZhNuPuS!YH@jn(o1OaYaQ%`5oY-2gep91d-rT@ z{umq*hb>87Js-~quK9BBn@|nVo|ujUXv#<~JG-k{gJCJmT|^{E&2^d3@|Ws_^aIDu z9|d-R$;#p*q-=kx7?)XD-sTR`*sN=a=~=8dKg+<@7fuSATVnYt^yTeE<%9FL1~0LL zx5o5;A1F^vvi`jgCt5t#w_UR;;`enhBE~x|vpt~z$T%Tt zjJT8CwO~%%QJ{g!1P+@?XK%~0hVP#q?7ao`8rAMdO0J0Ld+k$tt4>t!y!Y#=`*SG? zT3olx`3oUtdbJ7*u&ucLP^US_NS7bT(2wl$vb1ZHp9NQvWD=nT$N;&7C&K>x4jAM2 z8({50_z?P%VoozNGo!&M+-v1?Xt!hN5m_e#>ONrQ1FOhLMv#bFF5tKgqZftw{3Hg~ zIK;=O@CY9sV%!Ib{z~=z`v6F~K8rKz-{JbB;jmGxJ@)HoJ+Axfr+0^5kMN*Z2{Q;^ zIsuwn6calHj&{MAOLKUxZR>-6TkC!OHj96{xQ@IGpWLnd27Ji#)`!Jm<3-2my-)vu zZvK@i2l9bK_Te8}A(`_4v&Gj6wCZWUhqiyM`Bw{sK)s?H<<(YG&Gy*_=}z^|oEhVQ zYK3HN3E@4Ru7{E_KA5L+Tm_m{Z%d({QU+dt;V#3&FSk(-`GgR{OS+vF$t0wb4Hogdo_=*-}^DutF`ri1j!%>I@1NF09g}4sm;zv)pFYQkVI-aJ?mmQFoq7paY zCi%`CA#Au@u{736{e&f*UFs-VchqZ8-fM`TI>RL|X76NP_I zL}h`wJVhq!&}2vsNW-Rv=!14Eb{&882^y+;^SUwkdQ1G!f85qTz2Y`^c)W)lQce#C z(-hM(j#K6Fa@AxjC#gSJ6JPF4t)6kj1|CYyCZG6KOuIO6dthb+OO4{OV5Sxf8os%4A9?4A#@HIh@4ZFPoYlD9S1Gul1A5*;&vLfBQ=p5rT{AgFS$6H3TmXKe| zusR_~Mp_Dko=eWk`VA0ORrg`i(SFo3VRUuXKVWXRS?|^tG^KTK@ zoQh1z8lYZ1>cozXB3qFymntJ47c!~YXevB`V!$Ry3nT}$ z^J*DlS$fp>6>8;=)5YGaZ{_uYmIB3q3tBff`F|@zDh5cX}oRPh6zp1s+h571!6 zubCRGcmbH&#?et}0zp55&B5r4*(}%pjfMhs7KVeKhB8ko?*&@4sE~CvY&z4I2m>>W zi9{JQV=P%mW?ZuIboW-2G^j~FgPsyK=u-KA+8 zxf5bQ<@>72P4mNP`ai7z!8~_peR}TDDtE+~Pi34Xr&jx4V>b*b6xwvZl2kAU+SHP9 z1Qw7~@>iwx^BmA0r`Me z%+bynK#8eGG?x}a5*w>GLp@dDL$o;V9}Urf^hCtbW7$_?uJ-rIt(muNh^I`ut-mOdbt#<#t$9oWDN7HRGFTxV& zM{RET_^iG61{wHS2$(Kkt0gBJT%m)Ml8ouy4wu~I`mke`J(O{?Q$eD_1QOSHUt(+C%iF{sA{FDmD zN}^0@3kP?K&=030egPbEaU9O6R3k@c6VE@81Q5QwjTOqM50Qoo=ClSI%vb4VawA=f z{%070SenA&`fySFpy4HD8DT$f`P^nwTPl~)FNbm8nD;>vvK6n`KoI$|RzCW%rt|Zc z9J|s>fPs;-z-L_L0;*u%=L{D&GIM^THDv(DHH5&GC#5{u39Vk~X%x z7VoR4h!g!aF^7wQJc(ZCdlr9Z(B z=7Lnv-rM?bKtedEs4`zrZjvn=XWtEcz;IWHpygE3EQu!IC3_X_5J5310E#CO#wbyZ zkA2C!=tSGl7|U4wZzO?Ds5vcQEG-+E|7LKK3DmZ1?s#^`qp7+LhKJ?krl z)34~U5r})|i@1r4@Q6GZ7SWSnzPETIBh8RO*8F|Dqo~;GzwxPLPqa|Rz`r^j4iH;A z97JLMpCy^Z13}8vbUL6V_*=@vfWqkrhMg+wY-kX!fVN12?Q_7XMc(k5TQ3&h9*Bq( zn*1sB{$@eIMjSFd<4$sQ!J|}UK-c>J7PTRy2cGy?%=`9RP{|;R zn=$_S75#rx0S%}qQBKXL|2#^LDTu5L)81bnV{W4Lp6BFwBZ@0$V22p3<8VgcqPE0m zBC-|OCW|cw83-uq%`gJL{3#+m-?4`sxLsCj&EFj3`3t1L9nnUfD-j=n7dCk{gT$wn zAVh)@2Sb6szPdG)F6WMmY2B2??+tg(#>4&Z)c~ABN=iyA8(n-{8L+f;^z@GRzZ|3R zxhIsp!G81#fZ+j0 zRY;81+C9L1sVH;ON^J38189mkJPrZM{QA$sr-J&eeHu8*rlq9xvq182EG0#VkDD@d$}`OnT#rU$7`MVNLUOAmyM2o|5G?X{43_xRvQLNxvA(K z`g*Z}zl@`zIz9r_ymm?foC*m0gn`eX+3?xl*Ak*Zb*R@#xXi2bRNj1VIHd#qpP~gs z2T)sc{(nq;WmFtp(`^{sf@=sqxH|-QcbDK0+%32}!QBZK+}&M+ySrN;1kD{F&->lA z=GQbspRQB2%l4^m_PJUG)ej~<17iR13)h1@YesXU!?4j9Ts?>@CVK-)yx#7e^Acsk z2a4Ds{#(li8emQmebM(sd( zrI3j4hw7fABMdRym$6OADg7|?h=4*(15#R@`W4E0+_G7~{G4H>_t?Va zvuq&{1UnT?VZTq82Z}T4{}Zq}EC{scJ`K42OPyl)fmf(o7p^I|)ypuWW9*>U&fqIl z<`&EZjMfe)$d`@xjSJej;l~2hbwAl=OG{~PB*Qume~e46?EH34_Fe?ADcY&TT|c5y z9q+C}Q(wg%3CoVBP5&xpeq_|a(a{-`jI^|4yWi;Z+y?sp)jn8WnicxupM$xC4VDTd zcM3TkyfsH0^zhgS3}zA=e?yF#G0I>;PfThZUsZXE#X*J|0X(;=nj9zLvfX=&qxmV& zD8AaX*ki0Bl+2pz7N}Q+mQd(So{GEv%S(J9mS|q)OBh~m^)=dV3cjNYR{GEBd81W! z$Krfb7)dbGJkdU({~4IJUpVVm`bR-MH&yuOlK*fk1Vrp*YNN?+>mMz0_6d%JF1Y~K z=j@x?htTa9epj^U4l!!AHn8yB=#LPFRf`H2uc?SQp*XC^fYTZXkjhow4ugX>QD2%6 z(7z&?K29a(<{8maSrAi|+dhdbRN4h7b{&S2WS`(~7D|VI=^mq8GZXy9A>HiaN>EWQ zU67rf-Rw(B((5kUwgb(#xd3#}{tK2Mz?uVtdaZVd-?p_mmfuqWcdHPcqG9sOC`EYy zCBI*JXl3HBE$WHwl1ao`>UAI<=u~27f)A-0$}4a7wDA7+IJnf*OQ1yag+lxqJwv=8 ze3xw!huB->(Mh6LCMJ^)DdNUCsM)RrYcULTT!K=+QbK`2neU}Cy7^#nvT}dZf?Gr2 z1p_*qQ#t>ZnE`zH|MgfOlt~u_K<7NJ&J!|VUJB-*4%_DvVl@G>d$y) zhv%HUn5~hfH!cOMu78?z6il^U!nwlmG7t#@9jvO>(`oTs0dx|}^E0SU9=#}h%JOfs zClVm8kR{uMW|6)cH;+>jG<*^?Sx+ik{k(d8Se6_qmC;h&c zTib5I*rZtsBqP%U5m3HzGiCU6Sj(vB5?ASepf`cqK`pUhuq}pt=>Zhxjkr z69BN@iQ_V$0nN?)G4Tc6R9n|E5AR7{ESdpC$M*V=1^(hReduAt@#@!$A_i1TRE{$N zY4j8|a&I~@PPl>TP{z#lIt}S%X~{rKW{lFEvPc!VMX{hoh1ud3F5xf5<=z!Nkn`R>POjoZQdyUi<%Q_{k^?gg~ok zt1;unLCPDWI9310QarqAO&~D|uzx?I*PcYINh-s_F)6k*`*uBP@0T6ttL6Mj15MvJ zOcCz$vpTHat=0Q=8wr}B^dg=9|7#gYFum6OEPj6dZ#zB#E^(TYQD{fX`>(#E8(}2o zwZ{m0x}n%BMkY6v36$V8Ga#ACE@=X{m4eJo=A8AJ0JA7X+9?aQ?Px!j8vmkXa+>`?GeaX0t?D3>@CrQ89C@P$Nn@+{X# z6V{Xd(HvIzb7vI+iz@2Bx~@rmed$UiqR$tR_=NSxpwkyYo`PQwb%J)`niSey>bL&x zu?@tY5$C_sdLedWI4@jiLqY}(9^}-e@#)X$Ow^e z6Q6j0dSw_%;)9xC4;KIME}GvIl>s!y(d8w$Yndfzb>|+E{I@rRzMVvbDFQbTP@>xm zAR}|I;6MXi;zPscw1*IupB}ltvGKz*4r?a3U=ci8}R$E+d=Q3~pi2zg- z;pZ=9d9TSkCpxz((4vQn_ev`O1o^1{kSH*syxI_8`oDdnhpCOHz5Z10PX+`wsa~?a zJ|k#D`LWQ{8@&8Ip=tQ#${zY4!rb{yvZD+$yG0O1M}qh`k@f-s19iOa4Ki=GRP=!Sr4kXg=S{ zbL#8l#}~Ur0u>fg`Ji^O|MyU!$$JtA^)}w?YwD#e|NeI>j5yTfOS4W*+(Yue%=3aA zk{=WDCJL~fM-6N@P_a!H-Paeb+9Y_E^1MTS6v=Zj#de2ZPy^mS8> zkP8N?a(L6OCYC3iZuubifAT$Ob8c zk$CIsR~Z_wb?P;gbokBEx9M(xC{TLH+LYbc$gzRh4f`+Q;BQ2+ji_V08K>N=_b5+# zv6dxi&}>Si#fq4YoE)1rlR)5z52$0=PzfaJSc?k!C*urhP)Z0o@yc>6wluU|^Is2# z5DW?8JsyR_F!EA^4FOV_y2xu(x*^X0tSadtNx7-tW+LKdR!0KBe~aoI!FIgEntF~w5I3fHYI6{@&`ms~w=0i=*-!-#X`jTDQ*l)187)Q! zN0{^0>e_2`wZfxk4pd{6ci6(m@ympsG^D0c^2TOET8G~|?G}b77z^mrU48I=S7$Pj zw~L|4EMdg(yMVE*DZuJw**-6R|MM{@uZ#>dde3A39nssvKT^+=lg5eZ@XPn_Kq4Zd zt`STmbBiu#2TonkM)4DaD&?>s&jIp#mTcR1`&s{IgEWRb4Yi;D3gDR#vE(b}x{Z0j$~Gq9_ocfc z6W@ERMM-gp1&vg+pXPuITe#Psh6M|3SR3EIBfm&=iYwItNOzWPll! zsxl_Vmbwz;H@_I4YN|ncvoF)5Nbwpcr(y^M)_iZn3XpP%L`J%Fus%K~G6HN6N1i4)l^p6LuA;POEZAy~P#-4Zv%8+n(aNiLHIWildCRuSZvl6>{Y z{DfN@T5C*X<|B1ib73Ljc(QMIsw{5oDoD1V56F?)jger!7Et*gVAV%{#Uv!Y6N;ym z5V$RJCC%UO*3Mhuc8ENnlZ!{Y`iP3&NX}B3sx%w7{~5cbd@`fb@;wv_)CGIpA-p}J zq>P5RREU^#051VJ>Qr^KO|gwhjH>zwe8xP=q^pjb!?(_3{UNn&U~%Wr`)wR0rf97h z!Ij3Z@Nf=OG3W&T6jo)cDEbVy3ZlwHDC-~QcwhtZ_jB(@nHH9?t1T~WhvHO1O!ZT}Xf zn776nezCk*r^=HG#*2$ho+5hl9BlLtW;V05s;fN$Li!Od$#GAmryC_pO21RVp3=Oqm#E#|qQMEOm!Sfc z4b!xKrx-c5*|9slB z-{Q#((au~0?cu$$1@HPpMB&huyS=oVq<=9%ZLAMy`r%9pWOVT0YS4J!(vz+^BMp6e zd1pc3Hi~Bz!ZF;*x8$@_*6t#j)nVE}ISX_X(Vg7dR=nLrkMCT2+!sqyoc2lu%fe&` z-4Xfjwp-VbR=kDOZ2J1S*IL0=4vH~aXKO=MPLLd!Jovxn&IJ0BUXCuoooFx$-H`4w zB$_72>m(W$E9a`9?j=!(&@w6LG!T$0Kgxz~x^0dKEnH6t_x{+MJvJex9O*MJ=?|!l z2U4Ih(m4}E z21{p1lSS3vfF8VE{9C61?) zscka-i${=AHTGo=|_>p`o4*sUT0wc^^$5U6U zr`ZwaNh1bR5i@5@=i&U-enSznoN8|7g}}n(0E8W^v6|4Yvu=ZzCW-|#Q}&9nmBMqS zd+o|&t3w7dDq2!CF;!&(X|of7`3(C70)3wK7%6$pVu^KVIYTMN8iOaf?^qEL_i@Sd z6H$xD`u`WES&<;~ag2Kj2>G8fcYa2B4~;_ADkzx8BVt@Ec6@2u*~$7+Lhz}8WqHoG z!X=}WXre8S_%ArJB9u22%`8Bsbdv}bfmJx0$5mdbLttFLaw`@q{>nxB6(h)m=u=;h zQSQw8{YqeRgDs`~v}0hgnZcylB0lX7!Vz=#?|0gLsx>XLbJ-LwX>6YxLaEj?J(T#O z#2AOKXl4tvyNs-r_j+Y&_^h@uwvmn7I?Gg1%6d`jtm);M`NOXEI zdZOvez&hesTPLZiU%@4mWm3g3N2eVw+S8EHLTmVcpA&`9E{3>>P=aEY+yVF*jKAT6dRE1q6eTpuIJLaAuGnM^iiEE z2ZY%rB8Tom@_N}@mkBF0k(Ci~322nMHDN#{%n%MNb3z|84v-mik?BqzD|2|2{08cT z>M&(mT{bq-&RP@gyJmQKOtR4`r>fZdUt6~S_Nl-jjPc1k&*&3!kE42#i2yKDwhgtH>yW|RpT8z-ZN-;E?ZSi8l1?arDz z`HD-vS(9PdN|=S%9ra4C3xEx{5(-QGyS~;E%&xNk@NDDu8@%e5`d93YAtmh6jF`{} zCY0J~C3K6nlXvbyMmCI0FgWS@YJ2J=e0`ZHRa?6dj?7hOkvP9Yz%Z!JD1C8=KGX>Z zWQG|IF~~-8D3K&Re|_gJxStYxCB~U`-n?6{x*U)G_0Gd>s?=lt_Uf*Ej@V+ihBqk) z_s<97kkqhE8hX~owE<+S$YHSsnpi}{P5&_|Lx8jothOk?EYTuK0W&idmH~{6;R|f9 zrd9&sBf7Bqmn=tk$VT?H;^jP>1O;Ku-At3=*2ScUFG^%C>s6}4ES~yU&Eozh*NXFK z`Gljny%f_a9wX}?+3S+l+=C0$(cG8oxfF`Al4&tT)bFff#0EN(L&XKN@jB~OS4VTc zD%yTT(|cJ1f;2#g-PstSEIy;fVAs5~yhxb8>8$W0Otxoe;_V zHZU;sa+ge0X2W&jq<%Q|sGZh-J$wH`O#%irmVquO$1Ak*i?{+<>vf^R!6 zZ;4oP;CcHO2gnR5@Za^Gx}W6haHVWS0grynD`yH<83uR;v2I%Lz$!IIp-WG*+p(tBjz7 zp4TrgD*xD+jhBW|noa|K4)pad+?vVZFHfqd&CdC#}Wi9Xi9_AI!%Xj-; zp*A&Jp$+p8ebmTOr%?On$F*U9fW<~R)|goKjK0i+ z9U&6w^Ip!(c8`aI#(V_g_z%!)<6!6PTTXbVt1uEidx~U+=x!%gW%uGBy|>CGoT%>A zhr?gR%~D(p3k-2E)T~n_A`ppz5G-L@sr2x!-sD~Df_SqC!chLtj8v2o6VH*<4BnbV z-=(s@M8|!jG?uEeK4%Q@h_|FDM)Q8PX$D_QG;yVJV|M`lw^!}phDp}HZIq|LTyD+8 zS8Uu+BRNp&{0mh9-UshYErC=NX$~_>i-&fFUP8liw{gQR-#@~j>7J9#xXe?ON(@zq zZN#SdI2*tcUZGCHuG8(g_=7vj5 z%P^Tn4Tnh%)-I+KCYq!K4&@>6le3{faU6iYfoho3J`eHhCTMtc+?US>#7*vh+@ekW z2iUcq?F0t86fo4TCC->@cC$W4QilU?ab!g8V-UZdP<$@M%cHc|up=E+(F>Mg@;DaE zn5Mh5#DM!b$Kbc4s-)eDA0{iSqyCtot+?B>Dqv-SjGz!S69PxR7SZrejt>yLNZv6| z0?;cV*YabBqB7t>SVhAOQ4$!)R@($zAY1OSjf`?=+|oPKZlFyk?Ken+SB-iHAhJV} zqtELeW+h?L{`s;kgV8=iN1}S$mP4Sy1a{z<(jVztOm<|uN5eF0cjEP&+qu3})LJks zhb0tFM5=e_k%fgxDqx%iI!9`=QiHctDt~!s#;ww~L+OWSNBO!dn;Aaq)Xh_eEajrm zS`APs2zO=I*etk9l!B|LW3g6`ARc2iroyBsr{pxAg>jXNEBgtTegUnjm)c0oYSUMp z5*JN9lo~GKqL!_Cu+u*}(C_m>V$%Sjmvy=AB5^3GVejU>vKeo7^}}d0Qw}h0)szLt zfqeTcp+y2i;9pgZdN4e{@yhUB*gXY`blt)CZhqfUnAKJnPy$}0kz0VsHj?NIPi1$q%whU3_= zc0_a05oL(@2l|Z57RYNI3cU4_9Vmtc*_MZ*cMF;k=mn7IhEe08v40o`a~7;c>n+se z?xX4(qoN#^*lhm!)jbH*IP8cIpJoiojmQ1n|9!g-SF+7`;?W0573y9>K{gIg z-%6MQLq7M5?ajq$)A+))&J7h25)3?I1S30Zx$l4cS~YF|S3qRL#{1!e*YibQ>}VXh zZn&;8FK^L~ss5|H!9zRY&#>&S50YZV|2_}XUzXW;S`dZ~RKMN26PYNRw`M+(B;I0w zNG%KgpGW5RL51KLBOwB;e=F0Sf`BD`zWC&I@&{R) zh(7cMdu$J3io#gYj6G!^z1kd6FQi{E8x-r{!F;Ej59-Nvi+ly~QnYMrQ|DtC$2!)$ zxkLW^EI&AlIAN6cu6pz;;J=dcs*_bLaPil~NeF4?ggM0|&}6fC$(IloP<}D`kj^T@f!g13 z?P%Xji&d_m-lW6e`x*7(&I1&R{Qm$E?=$!nhtu!W0+Wm!IU6tbPHDK(ag`1aHoWuE zvM!NwX>;zGYvi^L7~JtkaCr~$CCqwf!29)PCi<2c%n&fIV>;>Vg~I#8>es&|UT5-e z-4+5jb41R?HWJ@9q7%Xh(4|+Yg${~DAt50fPwSVPPkTSTS>=m+1*mbY=M@(~*#!og zjX~x<3^Agc1@dPbCjsF5AmTS zJ6Z3Gqy~w>N@n3+18>$C+UxR`GbZz&H~(#5awm|O!Bg`Q@L6}=r{n3=Ch3bwX3(pZ zalnS05A{S6$^6l>8EUtu{b|tixL5-^8XmzN$A*E7m{-tFlHqA<8>6-FRTtR-vV~|{#>${w$-P`_bN}xd`IGo*4)`-|K~h7|EwPTljA+b3+8t9xie9azZ@1#b1|a3wo^zGX_`x zmxX2vZ73<0W`qyT>s~%B5@-mHIom&6KWyG|$!C**s~M;9<4dlxUZ6SXHbI8ok6Qlh z-DZ5zmU~G;nI=_v`FAml@&8bY0i^mUu2#$nRdx8ZOG5W_y;oOs%QENkPKb985c3oM z(0>~)i8guOr00|I$-6|M@kX&Zz`W)^Q$`SbQQ=J(-}!&0g@YObv0)Ye5RsxA*%lnN zaS$T}qpCq4XK!`T92CO80>W47F3eEG-`h9l7CzYu(_OXCC984|FRz!tfK{|983&*&RT@Z%X*8xx{uB9{9Q%o!p%=P-mquOSz z+@?aJRhP?Sa$qJtOFNGwQ|$o!ZvN8vpI>QRT{~=6jzPvJNK>*BUa%mHu&w6pmNcX zBT*42G+COi219xd!EzF$XaF6{zFU4A?j>!g&*DEO4q*`u1U_93^^KMdqqX-NCzD>r z&c_c1H@sTHA|WzdAmL}x-SY@%+ke>?0~iT_F^rmI{R39Fib~Yf=SMF_-0)*}GTWc6 z-n~m$^HPX`DnTKAa|GqGJW}0nunivP6H-@iwY;2ayX9U}hzjqnPhZZTVd5*p)4VjH z-2jW>v=h`=+n5x_sA!^5kj;QAP-8I8L)?K3Nv5!_Mc$7si2q4aZH`C*4;98r#%V$L zCe4GolKnu`EVH?q0(ZrEL3RH4x_ChK$NCXv4_BDfUiHxk%I`&ejkXWfl8X2ZCHW|I zCHutKOHo0?FzJ2N3hVjfl*p`k);&zpK-$HaZ1}HI5rM6hoT}tCr(Xn~<`R+@k-OG> zK7u{0s;{FHs8!l5wc*425m^!e^Lo-N>7C-xo%#X;LxfW&iH8#X9|f7E$>3SIi#`7^ zzj%%fVwj>7LI1AoGYSv{=Wc?+qP*o~>i+<^2x4b{n5;QQ#o|v}2Mo+{xbQJ+RNI{H zcQAF<5>DKjD# zlQ)ZCiB>kc(2FOr?;JP+^o-AGn)ATOEyE0G3ymP_2{=Wn2e0s!8j%AHRtjz^lLida zL|eZ{fQluC!*is!C>Db`yjD)?8s=g$C8X-ZS!AVHVRhYi>SD)y&ObgDMxFKH7Lz!Y z>AWkEFWpVhANwuDF-Q0NT9o$hVPgT)Kj^PeiTh_v5dhAL{nMzIqaR7-5vFCcT;oG~pp(zHimsobnRvnbmbl zTgYM5kaaaN@B$Wa{Pt4WGe?(#+xM%siq7S($ex?!`a!dM0m}rk9Vk+^o)=T{ zRkny!A7P(<(NH)wZqDDN$(ve>_*bAt8HDdKF)DI1Iw|Lp#kUjJVU3CYx{KRqrhID7 zpy&0gPpEt!!$3?;ho{d@Gj&OHi}=)HZFa9d0b4Uuj$LtLD;Y{{AI?U>$B|lTUwr~# zn%WXoM^m?)xcot6Z8Voy*q91qt!m$J2|;`~K$T--;g6KC<43$=5a1sAnEOk-vES7{ zWH6PdSnOvx5hDx7*cG-aJu&RBUiR&Bnjt#wl=Q4_@P4UsR@nV{@z|z?_em8*XP?os zSn|q*sUvRJ9(RgBY13|A1!kwcCW9lKQZX`jdC{b-Mm(>am^7-H#Ztk4`T{0caUssxZR8;1tOEH`a z)<|_cRE~(PP#<%zOm-VHSNUF%UQsnc4a(`PtH@#8(h_MdIydIbj^f7bvj8QPr?u7T zN1bVT84oI8gF;mY_AW2M-iRgx%b&>deZxu?e(M}Z+J=cnvgY;bmNxaAgWYB>dj@wY zWY+ROUTGyz?M!$3W>Obh6=@pW{M_g-2KElb)%l8(6W!5<`dd{+MM6#j^@nTRi`R(; z^Hu$mp^8qs?9;r*c3AKYUm!QX9rG9qYZ9@9UV<@}!!{zGr@m!APqzMCOic==?1zRj z4TPK-SQut$|6Fr_0O380pDjtza@Z_vO60sWt*v9y*eI zsXvV`YT0@Ho)dSv6>1SaIJ28w7180T1{1_YL+3-f7#a&!gN+5|&7ggYF|g~*=N2x% zCGAy}NM#Glo~K{GNNT+JHm|Oip%~Kr_-B_SSX&ovh}AGGA->pLH%xzTB`H0HIe%2pk%*;4+B*;H+pY37~)U1F#j`;ZO zI&roZ*;)2#uR?L1Q5h{PC9E+-jw_8-JT&nJo_9vxz3F$>&Epno^krE?n(rG*1*VSf zt^DzO?^62?IFogEXPjziY+dEs3=rq6N&_w~B4QJ?`L77Zg2T5GF%Do%t0#I&^9{fA zd}PHBaI|)?r|3@^OP^Y_6scN4q{s_4D)x^%2Cl|R0GG@!q8Zm=)mFS!tZD8w5*~u_ zzFx$e7>I_+G$%zv7hIrmT@8P_qkqvJy$zI*zg)Pk)m6fvhyg(oK)awb?}ukEx8PK( z<7~#^1f!KG8>2d1?~ZeV{}G;fNvp%22NEzYwy4Rfos zpvP#%T6o@Rw~AovlAYyWQHq{CH-Gs1W;%P%qJ^-%$Hi(3e_I6(XNZ=$u|gD)oG0{j zc4Dg%@9v8QOuabA9<7kT*@q#ZU}nS90bQR}E@Dg4qJWen^_Z5$BzFMjpR1^^s88na+ zh1$cd7yI(Q0Ak)iP<| z;3CHNwC6}D4r9`-h6oMBJA~ZBt6|Jy^ z=0D4Hb8r_$LF}S$uP#;}B$lc}iL;pLa5KuWR^huoc8}i*muSGvhIUraC)G_-F1 z%}IGDm?^%6mPnu%MF|YAbKK3Qsf1M(D?Tw_#DKzyEX05}8=7(-5aQj@y1tELOjSmp zH%nAZo;Jy|sK1|xr`dp;A`c3UWwL!MDvAP1wLe6NMH-s`z%zVo%`QgHGGdF|R5@A& zPIM?r3{!tlr-v%LHOpO@=Dcu3Q3%xvKl&&khLoVQV)CY&wZf4zxIFRsk z&fQuyqETXiqpSnwWDf8qUQ07VcA4fF%yK02dg_j&ya{#xpgGrIin1KV<~y<`X9c#Z zD+7D@gxfSY%cAQCBKl%jYq{!Jaq|SFAX*}O)|eIfKq-i(fLM!QZ;elIEpYsqm?(rTScfCDFW`)MURc_SJKL!Cz#Ky{KH1t2miF*f zO^;s|6h)7?vVjsfl5@Ien$m@IJnH6h0qzA6JJ(Z^a?EU5(dTZCIblJS;c|BH_IQ>xs*Y`4>v zgfJGH)C*~eGF0HFs)cYUDv~fzos)v$14Yf3jv;MA>VkV5OBP}&e-x8uzQa|c)IMw- zH5HL0YdKASZqmTD2}Vd}r)3R>><6q>-DP$)86VE zDYC7Xe=FYcgIKnJZk_V&spw!u`%hWbbpRQimQ6%a{f5F70XQtbt#~dXNS-n$Xy-1R zDB_fO+OWlD%sc~;lI-6O8!Qb6Z-~ageXUPv(0gc2+vJaG1)Dn(SOnsIM?OSn z!O0a1Cw$*U>n4qFRaADH>%_}(rRYn&7q?*OSIB23pm^4%)bNZ6r(9hMkG6`sE?>g_ z`eC)nmL=3tceT-WCbn9>g$T=k8dn<~!IeF~+UEB?vai4k(vamFMx&1@wCLPb#WjWe zI!_4(hd!R1`|WM_*b6&zwg9UzpCzI`=#>6xK1=Ch;RPHS0rMK|>*v%<%~qe<&CsxT z#U*qty}i{c_9G-{DcQ^`+^uK_fPtYj){<7}^CS^^J_cF9m2@+RfLwpS zhO|1kC2RpzbJf*l_UKR?$sy>P(1-~^;%pv`Xka~_03C!~pDbvYpcJD9I0pG#jD0>U zaT7_92wOQnqTf)MXqtkV&s8u0ef???uDGpu)*n^}Z9cKMjcB~& z*0^KjGz$T6Rgu<*hUlNdGvUddkL^CS(BYAxx1`i z!+ocY14r2yxYMT7a+;c-_4$Dghn`q~3roC-EK@)25HCAOZ!b}l_u_kzj{NL796wDdf}7XMLtv&>Ty|5F`5S}FJ?+|9=F8XH!$Bn} zgS|3lg#Gs9k6B(zA!^U7?uj z>_`rCB`ulqv|yLy+KS};GVn`hzMH&Zb|-`*EQG(n>eo6ZnIdfIZoTt;FS>n7d zRNPw@>jFAF;x9FMw%~K@4cYx@pm)(3n6>FwBoX&0P&#%MQ>~!xOss-nE6bVJNkE0- zuwI4ASgI!g6CJ*=|Jb*JECgz**SrVF(u9|Gzi;};jl$$~W8L*#IlteNvp7C5d7Y`9>aUF!TPNAKYtG=JFgx#zWB6VO?;{dBuJY3d^H1cqMTttwviInB2+iz(%k z<&+S;Q^O;E-k;o@ogZHJM%C(+2Bti#_<{K+yHNqrFiY{1guu_q;j7nrKa55g{~Sup zgdoz!Pg7FdP|mfNN3gVKgUU;f6(2n$isgs|n!~CXVc-o9$ky-!dmm8`R}L z^Fki0DgIXIfJUssjaNM3vO#=0%4QlfE<_$lNdh%>QK;w#iwtRmaSX%Ngy0s*Zt#2= z12MVAzW3EyN6>78t>W_(~hMd#kKBtRllA*$cM@Kn))FeEAR<10z*YVE4 z$a82>^DD8s%Xq2AiEUWAqi1=pb-+>Ps5?|VsnLEq*cqB9MstzBE0W)O*L+r15H2BR zh2fzO7o#W9R4?jL^keApGKxE_Qu_Sql3gR+c4u0MZaDh1BG*W)>#BAFrp(dveY62$ zG5|U-cW}g^OLP;%S?RaEoH61sCCOKT;rOabq;eT6MXRU`rsP5z#{4_NCkjlFflwb) zACKtrggz5c_(%BCNkcT!*I)x#QnhraGJ@_kx5w&xsYS$}EiG0twQ<^iw&rvt+zUzIbJagET5)>BUvyf_RFQ?>M}EDn`rIfduhvX%m9K6S6ePL> zg=046pMs0D=ROArD^{(x$2s~0xL^~eY{%7ri47#;AqXD%Ovv_CO}dvjICaXieCJGJ zxbCwlFm_cN$Kxy%1c6#P$cn>mtd??Fv&aGA|vS`B^9b;!+E$>)k&dLKGD(fhwrym%WM6!aqa#k6`77zLdUs1cI+}(f=xeQ$xK(rP*mar4of}~k5Q~@B z;yLDK9M_{G3p>ftc1-iQxTj=+tzw(@SF8KVP!VNp3fekb6l})EUSl&*DFyoiqM1U= zbb;R&1(uMIhyNp3iNYgu24v6^?;;P%^g(~9HI)*E#SA$nEOG8{*5uEtt0gWda^u7e zmKHEnmy%QNqOELjx!m|od-m0TB-i=An2*LI)=F!ma#2W;HyPeP#wKKoOX@M3R>Gkf zgR3+;L0BL&8B84sQJUq$ftUkL9V)4Wn7PtFVg+p=Oq5h7hFSV>SxJn^0>8wCPc96f z^|GUU6QdHmE1CbsG+?$(=6qt8rkxRJ6GK7kHLOf+b@)hxWodyQI9!!mt4Ll`D*J6s z6&5nBas_!8kEh9{!V{Jl3=Hd~?9nMtazW7H^)Xn;J30~AK2PBGXaCP!L;Gxlv7#V> zjqOLt-u#NP_a*zXqGzCzHzyNT+5&?0g2sG$F12 zt@&sM*XLvA1i`N}@I5W*sHL#?n>6C-RtJ`8R`KzYnzAHw^vR*Q#FA{rjs#qeiDT5D z7<+>W`K_c*+#cQp!Z47@fk@hGk{#obM$}DQjk^n0oZmq>Hs<*?HFfl{&JylAKyfmL z^cL0dL70NQcu)cmt7Y^|iPX1iJcUS|%54jscPJE{pD;kuBD=SMmo#HQsgoRDmLr{! z;Cu*G*P|OK*)id_*LfDU-g|2e#ca6?v{!<=(3NFenR3!lfGGJPzdq-ixTmUEnX>!a zXpy2Je+H@?#ltFEh9kGp5zoza{UzwwU&>VlGtU7Gm(I}@0t$+~{scq*AFgIR1JM%d5D z!@1Ok+n{t>R^v&@>wdzZaOELL&7XG1%n?$#d;Uxyo+A8{tac=#x9TAs!)i%d6}oj# zwhoElXIvTb;?e;CRqDXvoFoN>j=H)hm1}=7Zs2D3Ytw+*x4gNJ!r66OGGY$uPkO$( zJasKGiTsvbUagBu@yuEPAWg-MN<&T#-hA+ej!q*!7O(MCm1eEXTw8b{G63qb0LLcf z6kl0FE?cW|$i%-S$Pb@7uXhmcr&WWm0jyFAh<;GK1s8kC0$w2WnXxG&B=}lK<_mgr z9pigNzaw+zmW0KV3%$Uropv);vymmWMgq9SxARsAq5}SobJ7V3SX}i`M(rR z_V>Mw)E`=Olo~$K?q1N1C8avf##uy-$;_oK`3+?RYrA8fB%(2+muHg_?^y>QkI3pb zUGinQmWn|xdxP3mMvMJ$_3iR|ydXhp(*Xpl3i=b!nK;f`u%-*;Mxr>}`Y3LpkaOYt z?|$tc&Pw8p@hB2!72WGtliiL7jO64q(KJN5D#q(L&MR*C1WV@_PO0ysSQU*@Ses?e zg1JPd59uTZuPA?byx<5&#PBflJkVDm71qZ;xKG5Dl=U;ICMp`lss++W10}70WQOS3 z;crUr5|^FDt^L~g5`8;hj(YArN`W+VqX6VoRAg^fqACj=KEX|ImQaA#{%Sd9OZ7`6 zZVxSQx<~$yS19xL@ean^(rsw^iu?tG_%UIw&B~7zTMbj#(w}d-vo{(cBm^lWH6iF#LGS`=!E|n-AU(frK1$DcS zuJdSBL0YRF#R5H0mO6#ZSfovqE-JxSM_p4K&4tyVXNx!@Nt;EK*yT#Qv>XktO^{}F z7djC0!(*Uz!AJ%uN2VcLUmVyNV2Mg=q)mzv!@^~!5uJ41)yC$-fM;WogsV=kJ|exv zOg@Aj!rdKEoQ4|B0JW4pnmS~11c!mRNIcTU)befGc*s;`-?`%&zIUuP2Z_Tm)Y zrAgz&*>-SX^kT|LW3etZLS&WrjXmU}-35`8|M z2CLJPA699|!PVRTf%mxVQ;_ttwYH^LSi0TtJw&tPY4iF@Nc}g@-H3zXL+`{%lf;&7 z+bO62=oq-tRjJhMGi7~QGqf@D&abWe!#Mf+>i4G_SrqSLG_rx!3|Z&qf#kdda8;TK}38yh1EJbuWWpqdJYq%^D0YRb*Bx?oUZWsCY*B zf#|Sucq=QbkX;#pp>Ea%ukRR$_~a*&CnfbhKRM=-E=lj*N7-D31}YoAQVtjNu5wcZ z=CjIh`w@e?*g=AOrL^+1(W!aF z31z+~94-Eh6PMgcNMsA5diV>gV!jrrK@H9n{spV9nOP%a4l9zV*bz|yzMlgTp8!e-J=hbjIm#VK;4MT6ei2ctsHa=aEm2|Ct(PHq3^(%l`C(XH74Z6!D$i-5`)>?zgxW#}F`IAL zE2KuyLsh*L?p(8y9_Qw8TW`HG=5*Cdjm4@85F`@K@Zo|ws@tW~NId;ZryHO*RSYZg z**9=spyP!piR#NT!n*hBN%R0c@%$_>4e{Cf5W^Hr0$mJ!4Csj&CSA^-nQweuzdQRr zhZ55){P=sS;^9bWJCXz zOWTdzBkyzFzEpLFKn7b#ExRuy8Z1fZf+MEuI6I#d z`nr6epJFiK>c#M%IaSNNpfZSu1~9H-zq9A)wQK=Yh7u~Qt|UI$wB;L3RHR`sIKmFr zC*?7i?@Z`y+v+aP>k{--=>FRL6N-i#*7TPH8dQoY^c+7E#V?g*H$Uim<$u0Ft_uV= zzMM-7CAPFA%5WX%055NTA|KN$r=nAy6xpIo;Lfipxup@1h8t)xicNFfJQ+-yBZTrZ zTXz~nkhokA4;QZ@qn;!UXRVUR>f@XBlc7r)FPK9Sd19XXSR)t-_b)g8Eu13 zs5ljHXl|h9;?wZ^Al%Y4`^EY%YF)|jju*QQ{Ibx`&Fuh~KN;kdgilM}UEmHCNe>j; z>ntvqi52fkpm;PIYWSWmJcDbbu%<<)D56yG*3cb}W5$8%|U-=vat*Wy9 zRMD*Upy45VT;lOXRj?W&b-Uo0@jM64Qd+$*S(dk>oxCL=EbPLtQ75(mp>FE#3dlyq zlvws8ZAhAGo?jy?wQ$LA&>i*rqvR6}?lFy^4V|xy^*P_Ist z=(8vg#Eei;0p^Rb9d-WWiZD3BB##=cm6F1YQPT8;>BN7GESn1&2P;T;ysY6fJ8s(Y zD>YK0h6?usQGjGe?}y_4tP-@VGJ&~lo(#!dv>@{Jthiyg^2vY|lwLgAwf>#qQE%HX zS~>6LOeX|Nm7{|Fb<~0EyUg{uUS99pj8o{-P`y4CJlP?r@_sN>XZh)?$?2F8M*F;W zXKG2-*Y9u9kRxy`SItV$X*0JLtnuw+LZPzn;x6s|=%4*Q*Gcbp-khGYDQbteBM-I@ zxkixLZ2J4AuEvKl>ZE%XQ6uiZzjNs#ZvE!ftO#G>2)xZ|19u?M4ZiI*Co>^BhQ8qO zg7#|vCB<^CP5d!y9WQsA#2pWfkBir0U%zWfZd)?b;zZpbrjPT{B;);us&g7%FVk(;R8&YYF-`d5$;k z_tPppTB35pldZ`LZl~_OTn@g$4xx(2!z(=Q%G3TJ==k^xb>42)MKAwuz~XO4d9Uj| zch!aF&hW@c_qy!XQ7?GM<2!Ov&s04xyu5P7tr3O2nMf&{&bE?PSGmUy`9_jCNhX_~ z@Ne;Yb3ZC}2M^mj=?g!=Qf3oDbgHjsC2m8^v|3^*p zB1i5}I=n4*1-wBlwk-sRIVv_Tg`|?Z`EEss?AM_WiKhkxYT}o54-yYgk#tt7R3?6p z=n*~n$_$PRScC1o4LchW-luB_-iKNg8(v1}?LJi5`K`%>w3`IU!iJoCesr?`SKD>Q zHPL))1(70x6lu~_dM_e9pfu?akdAakKtcy05To>NXi_6ZIzd1r^d1ldL@-e)ood{2G zTgpjaV3~=*lofn%Dep>_(V$lBzb=kno8`PC05y1Cla-GWHCvHpq-^%N2DLP->A$%p zQ$-jD*yCX8zO_Ntdt|az=bx3)QcypIN~l8QXX&q6X`;QnBfvbo7ah`qHYjZY;%ol1 z&n~SbdA`7`1suH#_AdRJSeh#^FcV|RX5Fa0NYPv6mp)J0u*E+yN{{+l2RvpD0kv}@ z@f>^H3^b|G&l(W<+ay$$E8Hhh`kOapW`O-OmpaD&B?3%}-x|O_Y#TB+oE27q$%U-t z_xnf#qA*Ukp0*AR$b|{V1{FoHQ`5^~KRa0j?r@aFN}h)1lN`~D;Hl`y<+>IDwzH)1 z1ZB{9vEllh6<3qot??%KV6lZ?O5oZT%vy>uC%=kEdFN+h2+{8A z8{cIV>6FwcW;ybIKK_xh*W%hRQ^y)9%FLzHNUYoB)Mo6UphRfe6G*!!E(0>!g+!!z z|L!p|P5y?#t%#Wpa(|Lw8tE%Rm4B)p{P-s>JaGLM@4FrmEAuLWhBu&qHgGN?HKa>! zo>hJ8SHV7o`j+;{JflQ4K{Hs|W+rfyBNWt}(c-p3jf9WAVvJ*BeapcDnKJ}1M5w9Mm}*o;i}a_E-+2g8SwK_>ymil-MsE` zWXVG&_d`MelD@D@-7r8?DggPFJ=6s3Vrs(hw| z4e}k!1IUC)I+qY;kJg8h>!=^KA)Sa{66FBE)C0J;sb!eq1i9H!&~56C-w zhb{tfCCN_rIq)844*R=(`^S(_Rj}MSwF~M+0D$Wjd&y+}kS)T?I_gZ2uoKMr1b+I? zb&Uc7o$I=qafwsg++vb$IAcMz(F681MT5aH+%N36O}h_4a4$g*_SgMuQh zO4GA>ljePH>m9z8$AhJRw2?=~euBrEz%)yEsmTx*Lrh!I^hFBr)eMCYotZ}kd~qM{ zN?MQRD2GH>-rglf&N0RR2o=udi+$A5Y1WC7^9tk~Gg4?V~aOS<2VK>DE`VP(_ZM9RK44W{*cm}lF zVmU!pPGXN>D|O}GSaX<#*YxuneNjf7Zc?GU(}&7THXoibmOgFpMi1`uI{i_3$07;% zAfQcA+vRxZ_?l&Ich7BQo3&y5evgC(S)PeXGpQhvHtbxyu=lMlW0jyYWmj z7ea{@X?2|TSYSw6Qg^O@@B7v8xZR#YZerC0P3m240sGSL~9S)kLa zX~0SA6ceW8=pvV4|1Q5@2u62!H0gVv!}bh_IbkrcQ+J!-7ve5c4UE`s&X@o2B)LSS zNWHwg^yDfaC%UB8RPkxYsJ+>!+%X^B8|F2QF~7AEnXd;pjm2TN^bA!sgc`+G0+607 zNti#a(j9G(9EL~YK-#C%_XZ^n(7L%?7IAEY{6$__oj;Nla`#Jwsc`meQ3ni?jJU-+&H&BO+Ec3Xk#&{<7XiCRp^w+R_W2v%G0HZX7qG9+l%Kt3Dc~ zevilE&hOe?;vaRN^V}0D1+nY3@6B>O{Jv=;XLz5>9)VJB^^B0fIf(MS9+40^F*d@? zeY2!hmtIIw0@|}*1%Wdfu&_YB4EJX;ulncqmamuwUm?zTdq@lB_n zRf1WsQ@^?UOEuisSB2+$2c=atSbIE2ClN0Skn%Z1=Dne*A&TrO9NVUDN+3|aI*Sl@ zUaJX#;VU<|1J3?qcTup8oEiJ%GkTksS=s z=?lUv$x^h5xRxB1yFYACep&D!J1x=vDV3bVhLFdtLmDZ(o!Khl-98k8S?D71buI8nIoz#O;U1hQWwy^WM&&V ze>Vj;L^2;_&Mi;i5G7xfSl=-Sksu!e5irytqhj4`1>* z@fDZlp?4P2*4ZRBZ?bHcED)VJkP`zjK{GO#O$4S#@CDbBq-t3o+Y!+8Lj{Tn->>V- zKm4{=@>D*sb!<^ig*}_ED@x|~C`WlG|IU7IeL3>6R#)(=>wazlyJ+WB-sD*$mz9iH zGxAjue;%uhv{hJ(ft%$btFU)(4e#?GhTB#>GY}vu5UBits`(jYFTMu(sW?G~z@mDl z7#!vg>E#qj8E5-HB<@$m3tTGSXN`2_Yo{zgt%DST7{UT19$k*%P?%dAkGmuHd?9E$ zFo#u^UTY;N{$i!?=Df4bKF(f?J4At-kAa;yr1KPD5rLLcpJ=nZy;!6Fdd!mn)2nfk4unaY5gzk;TLg$`;X8nBxos{ZjqpZZ#{^v1E#cMgn<=?cSlaPm)dT zG~HT4UTM8sg zur#2tR?iqG6Im+S2_ZTVcHi7RDMd+44)M%EtEO#cgTZpZ4F$}CIM(sG^4~1;#ieG60-^INmZT9U*0>SHQOYryD2PuZK{wq5SDRtA!p4b8mkel0?K|ZSTrI5zM z(umkhseP4_L6X2?Ht#-4b~SEnRpLDZ-)lYA``ZoF6G2#Ix%XYxlXWb_rVA!Lm(4g_ zm3VVkWOwGX>eVV)Y3?0>`q&TAh2Y3kF57zj{WlW<;|qNsntu`Fh#V3>wEUTa=)*KF z^m&7NT?>&H2O18U7xVbgj)^)NLheA8vXMG8vcv@|>7Fj-&9E^w3S?uGbXU_I&qZ{W z5qacdxP!p197Cy0a&Fjap7a39EJXeG(%|)ZwJfDiq*BRdy2OciCB|t`w7&V>qZUt5 z4M}oVwMU-nI8V*NaP1Oqb4(Lco+}|;u_ZmMvGe%z+OrGbrz*7DRuO#?JuMSu;)i69 z4qjD)In`S_+ZeoK2&*`+ewS`IUK!W$cr~xDn~*-Q26IUe4Jg*hc`?8EYH!GqRxp!u z^fqecQAaa6A{uTy+poe2!&C9-RY}?D29Q9fpqUl}zXci=2cxAYg{Hegox@SH%9=uC zoC}uZnYSLm4Yj(z#qj%T$mkS16^q}L4w=xcV9fRR=BN$2!^K0^hIt+6s57Om-GQtW z(|3h`n%+QqxAu92{dwkh&^G{Fq^s|roiny-oB87@rD7CMvrVmIFUDDODhxY)&HXvz z^DRn>i`%+i*ZDHYQ=qP%rOAV6zf8m)P9Kdpl3U+-jIao~!TGb=$c3LC=IE`dmjyt_ZzRpN1Z)Q&`htxG6fjuG>8U zqDHeqs`S=2Qm$5Qw2ZOrSv&;PKq7WWWY!IuUA(3J(K1qqPxfA}y=RCTK5bv7TKAJX zQLE5-YIBJ5;AtxV){x*~-r!3-Tw|r~evpB?avOI3?>@Wm`LlxLWJ`91vVjn?!sA4m z>IFasa-FmovPo!|zA55w&)pBJjx$8{wa#fmW1OcuM=_$2Sk-D%5?2Ytszbv@hbb_e zxn-2ld7Zrx7**sb5p*;h{aFABB-RJ`W{rmJQh@KnRWC%LZ9XXiKSUo~WZwF`*LS1x zmg8XqClVnX%`MQ{43de03tNV@=M`f6(w=W?5Qz~OuoglCj3$^wc9WlMMCJIGa;c0I z$y2s}T%wBZ?^9W_$_-aXzZ!nhs)^j%jmxfMl=7VS0!CL=ByP8Dqv~mKt8we{07}68 z41DT9KI^7Rx!#M1E;ZRQT0Tx}U)=MJZTE#@WYriYE1HbQ^YQ{$zX>jb9Ys5@uHGN| z6Xq_AAIx6!>#{8#ZfzkJvx(jH42(hG&-T(~~+8&i?o?)_e@VjDCLSDs2nsm!bK752V zvwZtUjwgF$e+kzd%9MX*e?Y+&OG7asJ?Es}Rz>U#v&~qTYM^Ki@}g)eVH{8Wf~ZS_ z5x9)z`@5J3p^_(!LdJjk^)eeanCQ+W&+t7R2H+UYL%FA)cBGeNZXeG&y_r8|xPwW0 zv)3-|1{m2rz7d!hUVjE&;Vbp%O9-T*g9**|&NJ6}5* z{bu^Oz@o)&K+sp-*D`U{${=|l<(gkFG$NIv&KZ|&OL;THqFQ~~IutaVTm)ybYiw1j{BpnKC zfWtV(O3&qZliR}QVmJJFJucO0K4zy&&$rmx2m8&0(Br>^v44~J75%C5>#Re(mTaHI zD`>83C~gEueW7}OhRvu9DCSq}eF$J6&4}{;KAd_i&YYjSw-|cQmFZ`K&JGeSH*2L9(GEHZaLQJFW3`lzSk4u^=x*M}W&yX9P?UgVNY7TslNLe_;=}$xQX&(L- zP72m`M+2|$qk$3YPyVJYe3xFfvUl_rE~6~!-DY0u2O#itlE0P<<%RAlOb`z742f9E z3#a2je`SK>rR`(*9#yG{W?L)UnVqcPP$6H^J}p(h@t8O><=hFstvP>?$Hx~Z@GLE; z&4U-$o!i&nZo$rGjy>W+m&Jd&IVmbA6ATqhk|acweWOlYKau^q6ZlT)qeRiOQhrfq z(;3Qp@uS6!eB!K>|6$YfNy8iXi}=NqUQUTkKe@UXZ^4mh7*lv_M^gtiSxDX`l3DqR z?OleIHtHqX2nMm&xe8q(vxz+A7&8>(Zmc2P7y}x!JN=^P|A2jwi4h;DEk2#Mfi}c`ooiYC3ZxYeTTr zEbfOQ0Ccd~SWttK3fZHB2e{MOmdK+0wZ!E?z^-d>ahBUV0eK2t4>C31buPtd+z)CV zUW$=F6Ha3J&a| zhwXCuZ=zv!x|UI_+|^dI0r_?e75&Pw!=ljwXhZ2yK|{{g69VYzJN~cd@$YIti(QGJ z&NZ7cw)O8ODgWz{E$>fMy*AG=&j8=z2%>-i5KurAB%^@jj3PEj&RKHKK{6NsCDSCyIny9HgNo#w8i`F# zP0pErHGcQi`Rd;PRo(aB_o|-O*>>;Uy~3PhjydL9tItAG&{v{LE@Nwxo*vy!bFJHlMon>MO>xxf)?;EDS+t++#XF>F zm0)T7@-zzlwEf~N&}!C7+Cy<`_Ly_E>Iczg->OH0jG`Bf|BMC2t{k==Cd?%ymhxLU zAG!%qy1zqi@-DdxA&YvC8+w;yFu@r9@BXB8o#2Se8J<9Q(n-TUnL?2c!JjN1rs!PT z*KnPCdxuCJ`+%a^$Kxo;;-S_YWS=}|1ozQV?HNsbk&)(cxw(|tkJo!ii2+l!gZ7EG z|M69F3@l&8h;s9MolmdjZ?`RSIMB9m5)|6`xZw|3EXZI7T#X0=3;oaEEAAuo>%UhK z2nKll&npBI7ybC}^|lE5^*^sZ5cDknULjbw(U1RmedL3_^Y{9%?*0e5{%5EEMc4oA z^uOr(pY#3Cv;MdF{&UumUOhyj$FQX6w7nr=hY6j@{AflV-us?h+WPV(Q-? zE&g=p#PCl9EV8Ke>~ud#Qu1w|)Les7t+i)0ZU=qMyPq-|9j@m!u89|d88HWb7rI}C zr!3S}IhWE?C4+=J+F!<2w=BuJYTm>|_P1A=9+z9@AA}w#?m81P337^yB4re(w;DRC z9K$1S$R$U`^{$m8y;AQLv_IyOWQ&E4Pi&bR~L8w-d7!;^7{iPvbvQg@? z(sB{Mk{px%!T#v>@|(^WTiSDuQw@YNXd5^9^5oLmZG%%`UpcJR*9J>01|ml@98%#N_@my{IHtDKyecYl14 z!d|4M!dWzCK6Q{>eIP6?E7f15d68{^^Oy$up0iQ*@V)DfUx>~5ESUzI1B@nj|I_4f z1xoQ`XYxLe9sRu#myYUE^wiHZDx9k7`vngrVX(XRc*2{reKQuTEkh&ALiK-j=k;0_ zZDs=-2NVcd^bP5*UoL(N5_;KUw!O4zwqB{5vv4hRIpno8uPfH=N8S~1&Ad!qk9Q-N z0?XrO=2IJb__5DB3&kHhU$S~0Zv;w8@p_-TevCGqJ9Mx%?bBL}>fG73Cfh7RT{l`J_x4^4t+p1n+e@K|`eRM9@ah?qYO& z_G;IXlEOu`WY5cCtjz38B1unY)zVYzBU1iDFZo7m0)@S)M91dGK9GaEbDQ`_4X zdWzxQ$pQmP;kOk0DSJDHyS3R)f0fzy7y@MU-%rOe-P>D;mZW816IGND$`6vdKYa3Y z!)>jadw$h9Kh4>yKOi<@uXgyB@bSJaGG^s8gxxcEX>p0FA)JQO=I}Y)-R4Z+jQjSZ zUI`EdfqiwjTQGAY;ds@6o+rrz;zD8$ItF`*FIgcTDw{oOv70Ar^T>kU>!FE-cGvh; zUaeuk<4(UOxmhvOg+V^qW-UDDUPOt$a$dTS;rU>^KsG0}#3GRqI8! zx+3!OTP_Hfb)Pw^fcfH$S9P#^>hyhl770GPVYVCQClmMnJU(oEQz`MJA$sK)@1u>E zJfdhjp+HyQWxxCTJpIg$RW@5JI-(Sz(%fDRp{*}Q|G8@iq#X)Os+d^|)Cx`J9Bp?6aSWl|w=AM)l^;hbRtI zVXpXgtf0%9qjE!L005%-@PsT+`@${cyGTXAzo_yXrE6Zg!|84zieqt1wW~Vi4jwv( zt2)sg3b3AJ=`y7-US*%8@{Q@wJ{AHvBPE6AqSK^SH#O4mWP043k6t-#oIj=`O%duW z7pk>gB!t4GSOStef!A>F z{pkt{^4LVp&nr#0LbT@m0OmQJ=1Tz!b}s8|_giw>oXX0uig-q6KZw=tP)OFU=1m?A zsnP!c!Tj^Qx4`aVjf!`}VW*N5I?|}To#&8EV<5D>S4QOjsgmAVhr>6?jNt9$6|JQuC?;qnHtiW@sqjtBq$IjWHGEDs1t>EB~mG~ zT~(NC^zVp3{5{TsI4jc**Sd=J15S)0Xbdp8+LxneolX<^c28{rCXOREHV4Lk8gMCA zO_NvJv!L=C+&0BQ9#Dq6;d3tLE87>%G~ZxUZ{Rv7in%W>+g%XBo#lY=*&lpiH^MLTxsH=Asft24zA{cwwtU;9JTDWhc*As^X&ILOGI&E)|h6kqxfDYP}wPRbN+dzCBM zQ`LuoWA(0y`iGkXNB1vtd+Kp=YgDboH%C)Jq~yh^vS{-}ya6NBdOhMFjO-0J+-pkO zTQ#WOpgL-@mLZ4u>l}}GzcBg}apJVgCw+8&$A4e_RN{0&?TQ?d;z>?Ka2aw2Yy}pY=0w2IZk-N3Z2uMlN(J&7Z-K3L-Ac+0`2j8k&QSZVgF!B zs{D~{&@ZmD6ks*Aipj&?R`g^^uo_;Xho!J~VcW^=16tkDyEW~1e8f3&%HcgULKRAH z>sfKMdsyyye#o`2j>4(!EHdJcUt(ZJXcx;JoPT;ue|L`7^XO<=ewEWy=_}uN0Lskl zi`;-H#>;hUim%%eQMP*^lNz?=%LpDHmA5%irvl+b{J?19-LTC>$ACaWoQF=KvQ7OA zaZmS6c3xiI{5VzkT~E8Sqiz$8-F*|-UTVe-tvRhZMAs?F{L6TYhxGCL8qmC650Cg< z8P7&cZ)448-@YZEFoJxdu%UQMu_(%`%qNlq=s9kWh-7Vm%$s$09XN|L@Rlb!7vD$O z!H?tt+{D(oSYGn`qvQA8D3f_NQI1U z&+aqZH_BAC{NyB%EBfFD7dS@OP&!fb(rjvFVS70llGrX?T+sLqTWqd)pu_E=9i#N= z6-RiE)>xU6B8Lhfr`b>qT80p*k8b$%>t{6L&=aO)VHSG!$da&n)d4jqJ_7-S_DvC{ z$AR@7T~-Wwg9)1MUI}bcS@~2V4J#-7%_l(+dTK2i?XEe8!@P{`GG39!AR$;^z%3nj+utU2nPif*PM`U3*&0p>w z%p@xwwUwNl>J@53d^4m8QlH4bmi^e1)jK|9xqnBy5E5yD&@Oqpcw5OWo^b$cv@+y# z9OD2N5v`<8orWkupv^;!Gr@IQX@{-YZ|_b#-El(I4ab%emhG`2u)n*lWXdJ@|Hx9RlUd;4%+}|<9cbCZk0WVB*!aC-dT0J3?vAgQnevV}>9%aOiAS=Fr)X*5Tz*F^G zp3GZU4Lfm!&qC1DGw)v-gwZ_by3Wij`R%pl|&COJK&b=Jvv|DQ%V#YyR92qe<5NA5eKV(=%7fa1QWJW(#10uq(NS)rj|i>Vvpyv-7-%5Z6wm$I zNtdVm(ik0<1cw+um!-Uch~YpW%|B&Z9K)zfHak63T8Ms}i;pCh+!g!yc8N>5#Zvvs z&O|8uRRdT9jED(zJjt#yYW)lmLk~|ddfRP5KwVFN_ckBe9g#%%wD?g(=+WJTMMKHy zH6$braF07yjq|z1KibbalYMF~4fU_3F|g$|n1Mj(MYU+0I47$pqdie?A~V`yd|wga z1CRR{Ki|sck!yJ=VOqi0$>;c82EZ`WCp1IVD2U-r_rcF3#`O5!cWf+1Q0|Gyp3xT||s||`Rjc)%2WpY>j`i_jlhBG54K-@ilw?y5;{TAB9 z^e+>nx$Ev36|lhou2fnIG_|YmG~}Kc7DQjf1QoKpmBPFFSVWysSqL+%7|;Cx5q_I2 zzv5J0iJSKGxBKY=%m_COGyo#6ST0us&z6V$rq<@;kZd|6Gftvi(B^=A%!W0xf6q&}jXV2aHJn{{$D7AmcAAl_r zwi{q+i(XHob2;x$9%`^P&in3LZnk=H)Ehlp4(z%{!&`DTvf*f~LOM7Iq34DLy5Wkb zHZ?`lpTTy~Y@9{a!d@l;SZMn}UMiAJ7IOjaqveyUKu9Ne!aHzKzyS`Eo$60;8UL{+WT$s@j+%DCLP}p+^0&7SJWJH$Gr*O z!5B9C$Po(Alm=A1;1eh=QZ$EE^u@+(Cc9)pC2% zn)-xjS@(SV8+TDfk&AtHT>gFiANA4JrDV;DFBgIO8zK4b(wdcI$S~@{F<2ZuDWc`X zaM8Ynh&M?L03Zm2iL6%YEb$T%MEtF+rt#F{!yH1WcZ2`FOhaVff1Q~RYK_p`k>?h~`9d@WT55;%e^rEc-eXDBOcdjT5 zLSN5aT5sgoE*S}5cz|Equ*p8P z;E;&E*{Z;!Zp<}&R_0P0^mBI9gbGc^u67}C^kTRq%YCRe;Gl>97bEA|0ua3A-e3H% zLu)2@57oD=N|4$VEQQ{opcfE==|mA_pg7cGy%mhQj5*c3ZOGNR$+Tm-dPkGcWC8gh zu3!TFU_ZfU|ECOIiYL@uSjy1#?PZ(66;(h+Z62Tff~BcuHM3PM*{w2&@kv(d%lw)T3%?hr5Y4u)DwucJ|;tD zRoOCvZhZz?HCwvWI}N)sqUtRazcXmP=$hGXf**LtUybTfV}j8w=45(<;P5s0lVWz` zNw>EZlSzK7Cy|wde~TLH&(%(b;X%rON`ahgGu_{cU?cebP|TQdDcAePRoSzX8Jw{V z`vrn=CqBcera@#DFaP#{*z0`B1G4HK$+-NpU~UXZt9aS%6aIiFQqfDHMl>BE~T|jd?JQ)>D=ZUHeq2&&=@$V9*~XJ^c(ZO6Cv; zA+r^cL2%Kqy1Xf67WpKm$Z&PKIASMfH4pDHC&jJYJVy+>;Q^CP#p~auny-Q~S6A>RF9f{?O5X_W^IU;v}Xa2QQ@jtg|@SkhA|5wYYzuo=w`p-)4zbGH+ zX?ln-AoHw3Yz!mo8`g!uavIZ1f}X76r=e$sic1Rf3e{;Fc}wuc_rvGot+gzVUvGb1 z+Iw5cW$)Z^?4DJ&cPmi}>Qn{qU}4?avt^QBn%S!+(r$p|l5Z$4ENaAp9XYVaBF8m3 zygMmyXqT%b-|dMq7ddoxJ8loD-gr<4itzhb7Of3xwN_4bc`NllCwDzUCh88hF?sow z`+PR6942k{vvBKQ%*1OQnhm6c)J!0iYy?NdIW4O0qg-9A*B)90e(A5<{2olqo z8VVSVEFrhk)?w5*3u{eWR3^n~2%``iwCU-yfvl~U8hhLM)fMmN9Ur#d?OBE|)sS?! z3%RUi5K!{x9t-=K4=>r|Xa~O5!p-ao3%$P_&zXuB%NYm3MB6{JeKu5A9>-hPe_SS6 zs{cDfV7YUrPPbMA)RVGdWW)Fz{v%VP%Gy66k^h={havLy7f3PmSioo&qmk5ks-23kvd4y%-3L~8*y2j<18K~r{6Fn! zB;%}WaHGfZXYg`J^I8xh&@7N^d9OMWlcM!xJ=`AnkMIb&Ux|#!_K#0;%?K7-YRq;k z7l?{ZO4U;&u`9uVc;93J4p$@2Q^YQ}=xq@UXOi8s!=Z^N z&4rD{JVF1tVYp|hNBzZcfyEffopcb(yw1e6{kEL@>)HE5Ib`UYpIT+|pr81hPuBwi z6t_ao`CLyvYB8!R<=3KCzWSe05cKJmS!YjZF`>XaVpkebCb3^md@HiUTega!AuQH8 z`Kn$zmpf5!;eSj&H&Ie(&hxnb2nd_3NeDL^Z9Q?31zt&W;wN@Ei_EK1K^UyZqh?Oy z)p~xeO5Z{E-$@p`W3!f?O;!D@b%YlLM?Uwu{CxPm8n^v8@}YeN(8t5*%@EJxfYb8= zfX`Q)0(s^DwCjKF=LfEknahnx0Z*&quezxpgbKh?&L!?TZVwni2U>Iq=!Lcu#<*-u zOR3QNswqT)yk3&9dByR;o!a>!M=LyG8mL=?#MGy3ZAN9Ku24lhfl@?|XR)MIuiQw5 z^v!e6{pCMm=*XFmy@@x~fLy%J%Od#lT1z+Lr0@Jd&%8y_^R&M+`hjC<%u|na;3}t+ ziDWnTRd(&}8skwetL^LiYeNdVbajzMqlIXAO5IzuF!+N}Yqcq(o9a4;lPl3m5?z9? z^<9UpRo1M<{n|r<17U#tBzNzMe#{|waQAlHWm0sK-l+HDjdg2rW9cgt*{_$crlNnZ|-Wo-KaYZ;;C$@_6GUDAvG;+_R4l;*0?|mA5Wd2Q!FK(X@MY8 zy02Mx(X_jaTe;M)7GXV_&%M(>i2~?ydT>(BhCGatHz zZPQ2@a(#dG5mbZZEU;-w3jmg8CD!_I9LvXnA=ho@lPjL-n21GIeQua~I_HV6b#&j} za$hc=6RSAK)PofCO^XSU>S`4g4}BQs{j=n5i>^yHB{V$^7ckdzSJfVPaEnSHWcmy2 zuAxWPph1#m$DzU}&~PW2wZEO?{$Bf510W?0bRQthYT}%v)3dxxRw}qt+%$gOS& zDI&czs7qhxOI19_g>XLrfgC0qh*%%05M*<1l$Dej1jviF$vAbs@!eyN6>8U*Tz)or z#^NUb+}|gSoJOZLzh>b)4vu?cq~Z&yt6SBmXXj<}vdO~AOx9Ni#A5fqiL`F(xDomHOn}pYvhzp|b>ge5H9lnp*jEhRa+xNIOv@`3nq} zwVp~%P0|sKI@zjpEOHZo_vIZt+DHNyrPRuhw(iT4em1s1uP1s+vVF97A zuJJ;lFXjnz>-bNk>iA>*GA2eDG?Fg~@3AcXd5G6l8W&5OorRiQVWNSSw$#7d<$HGE zCSn!OtsruF)~($>ka2G~K(38WKB5gR5THUdECg9+_zf1irG?3dy`|AUUVp9XY+ z8K+UP62qEnoiuHxEG~1g{uG7x*wegKtCjL{zBIM2w=};Q_)IPP2fxJzWWc1gH5)vh zS_i?bOjNK+Q24bPK9BSFID$_@^9uO@JH+4kgyMy*j1NF8b?Yy7hc z)%xL7@vbM6{+JuAzruF2CpUi)K8!H*$hX<3iA;1?R@Da96YSr1HXz*SO_dt+JbckN zFs(~ux9n2bYPd1BKV2V!tOR-6d^{}`;lH5@=r+2TzW2RN_I~PVIWTKI|8gR1BNjICMQZfb6shV*11th@>7RK#^qBvsO5x_a!VSHV@>L&i(2vk6mF9(2q^B@!X1+uDLcie*x%y9H%q< zjrEWp+ERIdnBy6XyDn5TS;O5L)?d)egQk0ymW8z~O!&zAOw4=on%$U6O-3TD`j4vE8 z&~?Y!@OEC-jh9JbhGlQM)D9xL576b!IIRe5?^olZ`9>bxnR)>rRywX$1u!99`!{t) z;hQa1xA-3c{d$aCSIpT22G;Jp*t{>eHERe|Z+mxn$s}ovYSJ1FRD-mv$rz4bN_bH! z30M%Vgt@LAb+`1WnVG4x#a|la00*@LLnXPi36B_f)EC`ZGiF6*0CrvPaQGA1Tmu~1 zy_tvlj{4^M{rKBTCmLsyV^rd)Kqus>H)%uL&Bz7U`D;<{K*6&d2W7hNqJq5kOD7`Ie8r1LQeRCzuTOHc{CILMD8=kTnSCOccI$2e|) zCV_;tv%jq}UHLPv+9RU70-!RE)A?Np3lxyt>S%5zC{j`ZJ@IIrrqc^}c;B;1;MB0e zW>uaK$HKpK{38Dzuo}Ck%jy+<2}t z;7?UIpg5tZoO}H(IhY#Vj#qzi zJ+{q7M}@54;qaHGnt3;T9=>D%{2G^)l8H&J^`4&#OtD$p0=zLxAib9hbBU@J>7Yv{ zO49|@*7?E#pR1LuRBs>U;K`HV2Se2ir5?n;GpbwCl3+rSFFr8dp&v)*R{( zakW~jMt8v(-v#6-mzSFgx%x>XvJuyv?6tI>Hx@;VID;>6J6c0h=+QgYa;%^n$YMaA z$%0vcP)Ye+jt3D@7r%)MNzocDex~9naVeo%T8L&A>%yr0jg(e;(yP^y4n~Jc8WXzg z_=_>2a>1y`gs1Jx2u}BjA0ENP7*|I{Gtnh#z%ITm1&hCnGXK2(+kW@|(^H-1=miiWILLj(4g%pHe;{X3is))B z<|BHk2r^G81PUE4>eUCH5MlYSf4EwX|JM=Q|HhHi|Ly9LZ(HnRu+{gJiAl=Ne{TQO#+x3z ztW>F04vw41HBX{!cGJ2KgE`SYQLI$S&(qY>=8?aePNcCaJA1kQR4ATCiKw^EoAU9E zk-Bgl(&L~w>=&%jbEos`&&q|*!d}Zzrg;lZh2Oi5c9V!%R8&-^cRjoMX%jfUw91*s zl>FLBIoDo1QC1R>`h`?nqGfgR1C`lPhU#$n;U^;UD>qiL{X||CoX_|>2IdD&C0|6J zjdNFyda>=NWqCiB80TIa==zGJPci7!--Ka9=qX6S`seq12ZPp7h2$9bQC~u6o364 z+@}?+dAyiUt3Q0^q``CU4o%rI(eUa9uJvS8h>30dw;!%3&Cp@N($A>=y>V1f+GhHwARv2fpWyJs`=9 zbFv=XZ92`hW75@@X)Nd#9WURBcZ%cLBYQWBV+NjCjCKvfGG-!lien!iw%@O1VnW3& z%4+9DAqy01Sr1phP|7@;SizK5(s?&?jT6V2Pe&S>G|M+~a>Hf4Q~q4D>*(l!MMNlu zw4QhNHk#Y0Mdm5N(|$DHn_tnMELryr@6CzJ_BWQ*N#TvSZ{D)XkYIX6QIY{T?q#Zh zr}5@Zgz>}&yVg>WFCjt7j$o^?_gsGe+~bAEEEAV@y0gt>eqio>J1f0Tpc`gzJl z-Bz}Bk*)-6UIhSA##;*Q<6r)R#AyYu#DzNi>3yIN`EJ-(#f@N_7Dy|F8>s5+2)|T`&Jing-Udw zGwQo%qszgKvK)uDAj(T4`hdyWJ>hgfNvKp!QPtMElUX@wHRg{yNk7BedbA+E|ES~7jj7|OeQkY}?J&5=QiwFJ&>}iKo-G{~8+lNs!R>-Q(nFByYfcxuw!7F)j(q3XM-E-bIYDJT)aC{g7_*21dDl_}!?$&->IkPko8& z+?85c>auiT!w%`y@D@hYmm39;tgk-*ob4jA>HE%pcHoZZ+GO%NBXq2cONsyC=P+JH z5=J2|(N=?dj;D!EJfje~TgxA@A>TRHntn=tIeiI;jnjKo!IRq|Y8APjKK6b{X)JjK zxWsxzAB3RnH9uWl{K@uqXp@i!l&aw%H@aIZ)4)HJDMgV9IuL?iTgJ^SSy@$My2XD^ z3tg|B%ElMA9GLn}@40gjvwCEzsch@4FflWS&Kn>IoB*S8gonPEEEucKF zWi)NSE=_iv$tQ$RImCLQf*5A*w2&HjK-Hj>@^k$!f^gBOO!nrMXIebZNuhnPx8$ot z5%i_v7Ew$FNK-@U-m3fV>o;nL`_IR@M_Q3V!!cA{@<-8vc*v605_m&$=xZ4-X<+G! zwbK)vPcJqH#m8#AvMUOaW}}A}J%_7Nhe;zN9|Fq(m8{?7e^<)-<;lyI`W!T;mBi+k zn_1;>!STy2cL6`@Q8g6!gs||o|4ofFQD8~=GF5hEWh6PpaK%*t< zR`OB6^-!;##eH-RLtD+FJkPoJa6WKy_*BjZi(0y`*@_8+4p$5ixl{e{) zWn^UXHkam}^UO=6XYE@VcXoVrO$<+{h;0q{rY?INujpewyJ@2S=nh1V{eSwvVajb@ zML-{WX}<`~zIvrRvTYh6ywY*5=;{tu2GqfU!@aL!HAz>4wOwAI$A7x;R1UitH?42oc)sIO3jmdlI8S^io3ZSB(km7lndc|`-X?h!8 zMz6VJ5rl3|gwjcj*h9bIw+E6uiY{Ep77exHA`ymrYjUEP?9(}HAFt0Aec}I}7 z+7$p&pPK1P1Eqd|UXFN=o*>ENk(hu;5v1Q_~1u75SGNP8>T zo}q0)d?AHeFnqB$28}QDLK80S&%CKbT(_?ZqpiFQb)su>8}(1kxSG)(nKt&lZ4;2H zwQ6`Ws(&JS>=>|x-sg?itIKG7>x~KeyMA?q;y?HIx7U9Yr2iAL6s_q07l0HQ4&xPn6aNzK2XS;21@bhhmZ!pPi$U=BB z&E$AhHRgu3s2ODRGu2e~r2k`o^aH5NmqMItA_OqT)yLy%PCf zRJ9IfW(ky*l+Zu{X)f%XU;EMh3RJC;V(w|_Wya&zL0cUT$mO|K^c$;*a(G)P)65=~ zMyb^&u_sMZ((05!f&D%=o;a?ajoKeyU`!jQV*~m#)za2dTH>;qT-2!_dbq1OC_Kg_#F$nx+$qH1VrIwde9IbpJHFhs<%Mc4h)1*mD9UqN^@sC-S^zL@6BG< z;1K&&$za=ViNB1{OxhUcbVkrcKRCM#iOUd%$uNNjoHj0%m`GAO=!xaZnn$oOSs%Re zy1-7x0y4WddDvT(b?D@Kw`8LS6sAP5p&0jGw~e+#KiC8*@A?JPLhmamzA)*& z3nv^e027ZMv3IH#Pt>UB|B|iyIOwlMs8(X0t?c);ITL02iByY34sI@-mJR3ksD zNP~~`KkBR=2Ti%1(B`*lA%JPigb%{FKHHRbQ94m`ikI8$BKnbYPCIK1U_0NqAtY6y zS@L8(^j-^&f-j2YLI1YI{wm!j1H*A$p0bl_cC^*}{CvjuYwl%sBV1OY6Yx=ktehwt z#ZCj(v)Hr<6InC6Ek^WspV|QXN7J=XbJ1Tg@4J=7F~M7nd#-w#s~+Cz}!eRtO7O zf$WiFkEsD|3)GbEp4+sVIHh0);1wsExy9At)Ic|<OINZ$&6N&i>id_(<(Cp!GGj2rID`YsElNY^+;)*(?Gaw(>g<$8MWGq&T+=882x4^xXFuI?1Fw#16ZTrt|8}G6iRh`MqNrs6tbX5U)@d-@639 z_lT!H6Y`}8_*A=TmztTrKbaO*?E{TNW6v(vC*8G%oEloU-^=)vz(n5O#tIOHX+(ZC zt1&hEmSq;36`N(0-*3)cw9-DoY92SfkV@EH7?+kr|5g=7(>eUfSBjrP1WI!EL62?A zr@K58C*@0o-*jbe1!S)06)nxpyo^I0zMttNj6d{fOh&3we@L?MBjQAS{;hLoa*a*@ zK~Zhho^6EHg_l*2Db*4&G5u1!Korkf2|oqn*@h-KriMk^Tw=~lR7I?dt9Vva? z(_}9zB%~1V$Y%ZiS&2pZLeICQR`tPNRoG=_xG!5mTh!On%{mu5RlXra=FxnZ9F8u*h8zEWmVbz%)_x$v@DjSZ%MzyDmfS8S*kbAbsKuWb0;G+D*vx zuR+e52r`iX=PMq>)EdOe4{g{4~%?$4!TplZ*jnBd_(s@ao@<@R6->Ri%`=G)!xnE48Wd zOTXB3EC+`M+R0U*BH3c>(4m}}FS)DQn9ZxS!nm{Fb!lL0N#56cGhw zW_#17qKs%^$*z_3MU{lW1S(_*F=Dop#!Kl$vVo1qq^%raL6x3C*?76{*asYl;>$R|+7aHy;@>l11;d;9EaS5{dFTnNQh5vZEG z%!*)Z4>)G-nQHZWp43MWyNj1qcyCwZHJ++SFg2=*ExFL{FXxNa zpR{i{E}zaR@9geJ>5-PGF=ww)L3|wVXhWtkU+4~Sga%bz4q2E&?xzsvT9gUwYeU^$ z4`8}s{fK>q52VX~$Xs-F^zUL9tua9<@sI1j>1@+g{Tc{lOR7uzSbz7@p;(QG+)~-n z5NE%EOY{OhewH<|cNQ6Y=5y5oPjbfk*i@P`#)Z}X8dcH|T=1@Usl{WTE1_VU6zAAV z>U1k~$7TJEcy)-1ifQKt1)qI^mTbd80;0!TeVZ+D<@ptgx4=Fvm*|bexq9pP=Pnr= ziNeax*)N$CMofnb#2rZ?TGRA^a1uDFKl~);HvLS)z>h>&@`ET{lkxB9NMsSJaHmq0 z=A^)fEZu%B0)dz)uMtzwK+E@?q$>b$%g#Q%7yJc%^X~h`iZD8=SIS+^f24}BXje+A zSM$PX0-Mt=CfzMI&J|bwu2r!*;t-s_gvEXST2AGiB5o1Q{W-GD)ah%3WK<#JdWDgN z>uPPsM5TnqQsY{2GW@x2gw8hxFrLQ+dXiOqIucAwk<~V#1e6!iJy)x~(_$(r8$)q> zN?-x}2rKkavEig7bRei$@x{zR_##*BU}}5d(lQuQx9&MC`fVZ|l>OGr(wJwk{49<4 zNC7oj;jM2VAZQq}AE`#%@6BquTA1QNu3zwJW=eDj=r~03E6;vsazIil*W}Fuh-L*R zm|A;3JHH0#5ujJ_mp_fTT2mR1YsKqsDMUpaYjE&d$~AvHNKy$D@=5S znI6>$zYsHLirY3CCx5i0m;zh9y^*9E;6w4?I71sQWEy!B1)%7qD2lP(RTNAWY&>2q z0i8&vL$t_8M+DotxDP$Mf^n4(I*h@1XjV|au60**vYfnz4YAef#i_hCbeuzB>x@(J zs`TtJUG>|ibh%Ma3q@6Cw?B^y`IuqinN?z+edggYe7@?pqFp&*8?zVUnb(Mki(RAX9!>|~ zYHcoE*Wf4AetM>$3HV$0&=71N2Z%UWR6%M19IJG>=nO^+!n-`((Le*RJGpR)Qa`n` z8L*Wm=NmI z8%-~*6Kl*n2P&gr#p=2nm$j0KMtHSDdFap>@}Uk0U70YXx#Z7IC;yE`eYWJ3cZI+i0iO+2R@&i&p*l4jx=(U^(KW!*!kzugSwh&36c+=g8 z7tCzA?G-DBGK)CZAeW0d82=~Ly0rG&`;Z^i7UHYqqlpB7)nx`Z6Fm?;2Bdy8?fS(D zG3Pw*7Xo1!D+Y8-^eGhFB#;F0ARovN-n@c|+=bjtMynC$`g*5`odCR^4p&RxV{#7f zyoU=tyA{s{ovl>I3fJw2l^hJN)_|s^K{A9YIJ!jAn0dA=mf9zg6$yGHe&PR}u>_hC zZ{Kd=dRs5qJC-Y{N=$L>FI)@it9b#I@$f71HunXG;fkumh!F-W)t1J!IG_Y#CRa@D zaP#0r5tA!n;Pp1I7UwWpY+1}WK7a3CJGh;ntx5qe;DK*${@%R?@e%{S;z{_V@ZLIt z2EUF?9`>TF7vz?<;T8(b7r+&D8ys`xONKzFkQvaS5R_lDCmIgs2+OzxhYQY0E2r7C zEsIUthpK^BnR8QlJkROk%fYj`U}vpUQt4`kf|1>aJW4sjHZCs#MH<`HdZV~j?{a{F?}qccmlb%G zeyeT8_JH-izsvXV^qgOsW6IUTGT50N?dYilXvq0XLitsD-+`yy))uhIg-t&j2TO7F z+HKhux3IXp1)Zs!Ak`Y9OZ?v#TKNqMCOsl+lGoR=#spUqglWbO!Mzxxs9zBRy z?X)6TeuYNz(%Nu-{FK7Xj6O>&U$3RGd$X8T=NMo?-Q75?@?muEVA8_ON$~fJEQ*yf z+One~Xq|TWph>5wa1xzp)vFbCH!4?(WA39h-3!+vwNg)Q?Rt>q>;v)2>{>}2h8Do& z#C?5%dC=<3!D*4|$^wf_+K)AcyNFs0C`R@1>QqkjX~OmvqwxXs zQQ>zEnOuLnl-7fEbT7$W!Brev^4PF6Dm%U9c6S*M>HM3DV1rVpSDABP_Q;O3?GPYL#1 zJb!n8qJ_qu9xS&N@07aX10TYB-$c-KdxIY_Z&7mwwFv+@0v+fe9EmNe&30&Zsv1bI z2cV9#+ccD}-W3Xc7q-)GjE>1vhdPO)unblT{*@$*mkUdC`E_YFG*H?Q1#y1~^evD~ zPanSLJ_s+J9Xj7_StPnj<#GS3So4f(Dox{fRAg5;$S6%pK$IfHp-2^oIHH7rhLIv@ z3@9uthNUPylwoExgqVKbt>*RhqkMe?^A$- z?*3|gsUA^zmh$tqec7IqrC;nO?liEBqV{XGTT5xxmE%Ob#lj`#yN!%uxfe@$4ueBf z#E_8DyRV$xFB8A28NMZajW|c+g&s}NN;p`7Ag_!zk@91glVmnmPOdioyHYZPwe8f% zifu?&Q5{2pv^CVb1*(s$cUJ(~V*ici{l3}|h$p)(IMa50sSmK7|o^ z4zEteRAd*ToqA=?B;Qv$q6-*bgSZLA33T;JT3z@D$uI8cT0k{lqGnyW8|Ny@Fmw~6rXK-0A+d?1 zNRQ)giEecyyz%!TolQR%E6dVE^g@#KIn8-SqBfj_>N^rsT8R ztwHSd8Nv`8U>CTXMMIimeAyA4+Gs(@WHO}Z$=|_2q>*DGJQNU9HzNLEmG9@A0JeYV z`Ki2iX38w|rh>AD-Lx^aZaxnd&tgig6+VDm`9dCj1kj$g$r0UKTpy&;dtTZ##_j^b zMWsB|OYzhGTOi?g*ya8%3yj0V**)v$RL|BV^4wHYvWyEtlM`~1p4&7d(R~)pA={@# zg4|QUem(k8M3S8|d!9C|trsySW|c8#@;%zVIm*<_1u(2!?7zV@aBE`a8*NR@ZP z`dfCjSlU0-=4_fA{M69`gA1%Q@%nuhV*cFLr6hi5r~rC7`=W92l~z;7xlmLiE@;Sw zNbdGN5qgyWci> z6rp{gu@-gjpp?@bdtfR;1^|aL41W9RaL@>OMXz5G5~f-6=vdFy^R%bC`Huc21K_hq z%)Ge;I!MfCNM+_~y}ylg-`fx7ss0nY8$OC_CV)u*Sc1=Mk+$8D9eITWVPUBwl6T5gFZ{=%o!x zWD|nivIfv~Ns&kymns1)(N=|^P7u~0(fTXK^?`&DR%wn}-)IX+^NhVY>0Mx_*?K7n znYuzP^}qP$3)(9Cs$zfNV6POxxRVXOu-Q)?-9MO}$^)KAen9i;-@KF!wSTCni}P|m z=ll=w*zk_{37&pIVL$!NpyW%}6hZ@iIiqv+S)3p?JLsaL8}?NIvpYHJV24Wp(&vXs zEv00IQGs1Q*x9@sbF-J69T+}4ycT0cw; z_vEFka+`~yURkvusH2YF;_CM>zP+-y7jPhmgNKHc)U4fjLA`And6r1NyFKc~C*~yyNB_E`f3ug3DQZ?zw7ZU#EGC?UjF2)vABSkv{Z8!t pEI&_L2v(bwz4HI=nh#u%9&5{R&=^6iU6++X-a_4^+<5fEzW`zFkURhY diff --git a/static/images/docs/k8s-docker.png b/static/images/docs/k8s-docker.png deleted file mode 100644 index 6795e35e83d5bf1350903e1a0a0a0028b99ad6ac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 52545 zcmdqIby!qk*Eb5o07J>p4MTS+okK}Vh#(;yN(myJGc-u3bb}JoEsd0dptKT7OV`jX zXOH^4@AG~Co&U~tu4~}Z&7QsYecx-{>lbTB>uReK;nU({U|j;_V}(EHL&XT0cD4 zn6w%NST9-~p$m!#9J$S!HE5)(LN~ zLiBJh22EVG%ciHlQ~OkRvMYeFZT-RbL6_tC_nY8XEaFORI2iaU-^65sIH*=YN&0mk zX>Q+u2ab}tZ$}8woej=rrzPO}?*0K$MI^-8w6-+FN_ z`6LI!r|9vo7;v<@brH#An#0O^zx~C2o&LGCFmF=Ny~QXWt>L43!gwJnM3rlb3MRX; zOZt;nI~DXhJI3EvpPYY~o@Wfwzn1OyyENG6*dESNh|Mvccit`+Y^TIHVKd2OsOv~J zz^He@fv+r<>+HcW4zMxm=dunNBb?1&_bw4~61>>nc7BeT>m|y zaQD(sx`;|1$*N9q$4+IXsJKW|`O6o=TdBjg*Qd~%1!fn6bYZpuek7AxKYALYjubvPl*t)a7;iGvwALiTzB7KSLk%upW z6c7UOSrXAB?zmyi!7#!QYEY~cECDr;0~}ndAU6espzsu?SE!>K#st!D1gsq*=7#eK z{IHYAjeroL3dfJ=(iFm+Lpnf0P*93D3Z*Y83y9MdzeDLvAihcpx)S7AAC;nCLSMtr zM>yV5^Msb>E9uG}v3k(9K+Hlf@^D9BA~@HWfng+Rpm8grDUA1s>1t_uh-&xXg0c@q z7A{rik423pO1WE&-BgQoC=9-Ei|#}SydQ!!de;a-x38@D(ufU{gxTp8O97}vCFA9- z0=ninwO7x6Vc|sPTcuG`exg~9G>%=gHnjR~ts(R+%_hxIi)vNO9(o6P9#Uxit)|F` zvs~T_PmClpj=$H?GQrZcI<*FC%4%Dh{#IWn%@Vy^P!si|+fPL+!HvX|v8{-$9->8# zeV;a-Ir6;_;;!c?>j35s{9yWE#`y%MPaim6;+cS*LWr4DU~JB851_P=HOO@sNwsy*b|SfY1RK?THtzI#wRYdW^l0nO1SU(08n<{$9P*jNOb7gQ|GJ z<#^)8$0Mfo_9Hwyc01D*t`+(f+LgM2`#9Y~mS=bF(-g)g#L9Ez+q4=)e@5UX-9 zziH!6KIeJL6Ohc3Y@dvooKUJ|;QEdHTXv~Ssm_FuBZs4v zk(*yvk(<>m(SA)Aj>kQlvYUyt8MGa=G_(e^sUn|5X)>N>e9l1PX^1z*tq=e_dLlS znf`#czM1E|1hOxTUSw0wQd;os@agk!@i7^58)F-})NfW_^vv{TIGNc5_C+`@+tdve z&8{|7lQvYP)i>oy(@Egh2`eM`2 ze(W+Xr$1-SxO(w?w($`65Yf7AXDoxX0m@NFR3_jjdqy8JSw&7;j4#LjjvCw_Z;_%<)q}I z<>KVXI=ni{0tL^ku0hvc7qf?xsI`m9OC7KTxEyaCzW{s}Y=|pIa2t;l+Y{W=h1t~_ z!X!9m!S-l^5~O&g0s+Q0{*01^^ zj#87-`|fAek1F3(@2U8!q^fA98u1y|{kj`#5(_JmrDUR`@MrUKFF75X)r?%;Ucz7A z6}a;#rEYu1yVwOTIdU)t}Xm zE3#X~RP&nMk>zX`>=Ah@q|`Ft@NL(C>tRDT!`1N#<;q&3=%OFvEQE$)39bUg9uDV2boo-cxf3JM>qgmVAtgB`5 zxMM591?HkQjT*c=7-vT}|1@T9LN8CRy2J8G-QMaa#b!ml#diK7(_79Tohh7mX6@@L z9Dk&;n2#P?4=%+l>9GHNy)|zf`0#x8%SqTyd*MmprT2mt#QW#$M$4g5y0x+S^ho7` zS;fkigEt3_tq-?546RI`SrR)W*e2B9eplPBQRS%mt$4Fw6G@wpvD&`r-?)=K)AwWY z!@NuIIA$EyM_f5Za{9L5{!?A23I&&sRzDZZdxp2(Y_@!O9BdJ+yrZ`NYFIT~wXm-{ z!SkE+#H9E;@g%YCxYwU*mY?;xUN0Og`ID7x=-zqTd z;JnT~c|T$jW0L><=lAIM1!4~VTK@AJi1BQOAqIZ=%$tCt*pu{(x`D@@)YvN9!e zy@L)EKZWnVh^C5^dgvk7QvYi#yRy1+ZV;JTWxn6+Uh<>;^2#8!>~W=}nRH-wVEazQ zb=-Hx)|?cJ?I4GZhCP?|4Y#`Ml;w)}4(!0S3$shXxs#T_mH3-%I;TyCulak;~ z@_Cg`5B6}$Fz?;^yPK*Ns>8A8v9o?PM;}pxv8m(B;UBnvzdubLEz1q^zHEPN{ka$A zG`f{8uQB(oL-OMLiOZVp`mb?shrOcWn7OhJ`4i-I{-w=P->Z#noim-}+&Fpf0KBUM z9}XA$)%nw~!^_)J#z6q4#B)604$HV??f^SIb4o8xteQXkEiasX|hI79A0z63N09!eXnW zq^@_L6%w=m_|uoYHo4{J*^d>0!T<+-_t0F5V zDeV6zA62N^`S?KoUf}G#N0qd{e_5HJhZe;Jl9Vi_x;hH?B>Bc676Dd6pg-2Jh+!5m zsF%Hx*gBTDRTIPp4F|ik6-$S!9sM+tgT2V{|D5v@{)IHE3)gmEZr<4k?yg+Q&Z+h- z37lIe%#8OE15X(r`TXJS6=%Pqk+*c*-UX-~H+k5d-}0mATXZ&qA6WQ|X@C@5uF)!2Dq2UZ`ShZYjCEKKUy_86!K=^7SB)YHXAH7Y-oYkZ{O?zx;h{$VJ`OgOrPTkL{~vcuSuQ8yv*800AkGFdKh5T@8Nf zw*bL-VjF2;FHuzC%=Kry@C7goo@Fg>aS0cg?f24nKCO)&G3o_eS6MBSX6XF&Wc|#r zyLqPPk8^Dh`hvPb$g;-lwd37Zw%f(A6k3_wf7VADnHL3J3;g=RR_5SV%tK&NfWuk$ z7WxRXH;y}ehof%{vaegazb9hgfpgIpM`eDc{m=A?LAK=+Dd-sN1ksBb15CZv>{GA5 zEB5C?z=_>Duy>kAew%Z>!Tikk$|5Tr`6zw{c}2*4DbV~eF1zUaCpFa3lsmbybG6dcFK6~hC&I}~mEl?%Bx~N~sLyXneKqm5Q zld>?AF$+F~#QC@8wVu4ai$~6kt+3?z=ZQ%`>`Tv27vH61!3^|CtqUf%Iq+V>MMxyP z+4YmeKdzK676gTBh1FMl74+u3wyv%~KLb<~SpS*tpR?c7X(8A0c`6x@)o~cO%9JntU!sMm{wGUN zJY343`OTwKEj+mNqDa${(PxC{AXwPWVvUu;phgXj$!wgQnp@v1SPN8~asK3x@)bH1YT^ExDNfb)z2dN=c_kE=xWMJddmetA(NW8F z?_%w2a9~~C&X2~j-%IUW6~Q;ZZwFo+z2SRp_X-2Aml~-?1zY{Gf7n3$YmDfVN=7;= z4Xg%phvMkn3EVF^5)~Wu~00tl2Tup2(kNB?mop#SIotezWT|&;Cl%uKeBQ=L2BKS*oz| z@fxpdme0PuF-;%)5|~ooswQY$UmUw=nz#AX^nU!P?&al{Yrix9!NRc0oS%$SJIQ@z zVETRGJDs6Sah(>=t<{=66*H#6KU2{SJ=^bI5ahK;JMkUxKQxb*N&R);k-mmreHb6O zn@6#GY#CBouMmpk{;Qt^N!6_#mL(Tx;tTeWYAwo@c%~?KxqZj8#HuIa{@c4mt+wv# zBg~S|S7Uqo`ZSk6#T5eg=3!_fdZ+5oaEnQf57ksqRJ6*C>)=*l`}s9b@W&X6*-6*g z7WOB&1HH#)tzMrs1>4!;Xhq$NYZwa(3i`j5JzS}1oV!mrB49!2BJH+-u(h-M%v;rF zJxH{YckfBxY^!&n*UrrSVr_G+arzT)Y3^SfOU}RHv`b#@z%){_&!FWW8oELq*f!9NBNoIOjryOSr_0d`^>< z2D$rKIqB(l9uJ@vd%j6RUZ(JyYLppPfEkl7PxlCB7Vm{Us4y{T@!qSvkoDYru!4N{ z(DFIrB$i(CJ|(|N(i+c_=0cZ3XR}y+e&FSa``QpgpoZVk`l6f|6Q6Od^4(Z!=JfRR z-SPexznA7l{yPa{a^OZPYNOtL#_UTD*Lez|V60&9yVH&FzFAC}WQ%6^!cKw^&fkVT zd9X(IO!DR*%Mc`S=-dxrhd%z|L;JI~Y2wW5NjLw8=1kUc zarxJm30YKSOT79;KzK))19jV~tr5x$g{};yQuPLn{6i*Af`rN#DJhbklQ*@5Hxf^477o#V8ZRKVoW zt1mdWT<%GGuE$_}K)AbW3!ZHd%%wW>TT78Ms}N4iF9|{Sel%7cXl2Rx-uLCy#lh(s zmOag)Rb$QRainhR5rV7A>EO7knwVs0<;WOE(?bX$uYgSRA6SyBO6_+UD~P7uZWW}) zP1Ck>Nu3V0*52Bo)_)J<5c-O*h{Z@*#%zv-JcpVYhW6pI*#3C$q7l}ah&2vU4ipM9 z3f<}22J%S5QXw{-h>-?`gkZ`48K@5n2Il>eZPw}Y=3?@E$s5Jp=WIU)e!tFP4_>qm zeeVnaus6{NUe)_?zZWPF&9>|Q7Mfh)5EV6y#*%k+me6>lNX}eOBBD#M4U~qD{mOlR z>0^Ka3!F|r5ucPSinuF@UCXMQfRRuuHRLgtVs~bjDM;xu!~rE?Y4W{5J@FtKcj84y z_jXa?2KS>VGvuPIu&~}h3V)fL{{`kgPUsp$PGKP&;;{c4|t2D<m4ZT)-2#iueZI+ZNTDk2{{q-Nk74rOi6eXryTPvf-nJF0N?2th~y?)h3ND zunTd205jAzI>arGg$<&M#qHjSz;x7C>=l8*81{)TxIZ+=^!jGW`Ws?9vEJ%Vv_e#- z4uy|&S<(si%3301Z9WmQ>&mQ53X?-6zO(zwuHYTX3`D{Z4;8Dv6b_CtLXUpXLlU+i zEs^=bLO$LLDj}!Jx%yOm@<*Z*6x$ufrK_sw^7i)=*U#Nz%7^VgND71%S!ybNk+T^B{N`` zKKz^*a@0Yc!W~h(y3iHs`N2!{u# z2-s7sGCKtfpW9mbe&;Kx$&(nG=iN3TuxErhRwh}Uyoil^)Uh_xGh!|??+ODJ9gyka zw+6zfK>Mr^%D$lu>h0ld>4zT^CMrxHHW1fPLO_x4x@wy{wASt?pQEtsY)aD__AEm; zY}R|6s@jWYh!ny$oTfOjcSiR4QG^@qO0ez`ITYNajG3B|k+ZE6q_B>9pC|CE$3tT4 zNX&`m>d(@n7aYCj^2iZB`=|9=Z{O~&^jx{xk*~rLO+jy}S|b$%hir_^8J3Yw)Nadd zx88s1r1p2WtW#_s#%TjZ?RSm`K8K6q%+x&|HuSf%e6GN!`NDmHMo7n{TZG?7OIIK) zQVd+k%0DAz)eUA>6MENIFAU+Jo^gDdJG8YiTe&C2uM7?&8%vWFe6q##8->f>1nrFP z$Qz#8QfgF6MP6$|>xuOuoQ&`Yc*Br!>5^?s0GxTaMA(gW)kQYPRZxsEs{D_B{27ai zX6K62vrjEOWO0QbI2tNUOFI{&b)@r$*Y)miKIC3?N>)%`D{*-jJKhr#k`?|M-V0Te ze#Pw2cZaQyJ(2Q=S6(vEGq4!ni-hHE_P_;O&s%K7{+{B1F`M&(_uOuY_ex5!gOCUG4SkX`7;0ERT0c9 z!I%e_A!55y$%Vfy7^QEF#MAfC%b@!UtVl`r#l&pJ0GAVqGYRw2~KRq_3n; z<4VpU-Z&gEx=gkVR)^W+p)%R+U1g>J@-L_c00`H@YFk)J%JyFOXWcer%eFy3n-x2p zgw*h=JnPRRzziW*K2{N|t$v3&hrNlc3U#AwP#b`zT5m_xwW1#c9TLQ7Omw9_RR8CH zWSB9~Tp?kSKg{rdm@Hh61mbJyrze`V@{b_{q$27LB6(%* zp@%c736KE4J%0bYe+Kt=h;R^zI&hf9m4NR5BpJZj$c<5d*XcWdHz8covvnhTHIvyI zb49gHD|YmZSgImedgJkj0i^%unbII%=6`dsiRy=if$#7F3=IWGjMvB@79IX~FGD{Y zasiqL!MpV^MdN>;L|A3v;&@B$^z?g$sa&yL_c|M}T-m3|?EroJJ01uE?&sICJzb}2 z?eH=HK+j!eLhql>N;!<=A%|7aco4V%r?IiI+?rMQIt%c1v(vbv{1ximKiXBEnvLmggL zhoVL!>WkAo!Pyqi!)6*$$BCEN1eE<*lFyUYKCi`UQHz3`qzos1YIueHjb>WN_JzuQ z5s#idIT7b6-IXr=phL@(u29@vg-rmS7Cs)%*{xj^mhjw65^?&jwY2>9v0B}eQI>DR zcjIWAFKJ6~p;1l500lZ~jcyu7ikp#c`{;WLx%$ATXFQN z3YY4MOYx3^bb#1~PGu(Ky|=Fmdba(4+u!|vnanvPGvfr?*Q*jA)*uGLWUf2b8|aZ|Ex5V&eqBhcNMri z+0hrq^T{91q0&!y!;-!wg7*=f&miFJ_d2<9Ai+58R;NjU=I3ki z9@|rTg~B)R@>??n(+jjS_0}Kpxy@SYr5z$~F+8AyPQ_p9ykGz+?1z<88x1@IU$zZp z+c0>KPg$aK2Neq6AY~CqWui$F`2{|L9RWmbw`K7fQT+D#+R$c}qyU&#N+ECEL6cfb zi4TrIvkzZRw^*bsPUmV{3!r)uGRZxHl2?W&bVPXjfOI)v=g@AsIavl){Dz~Hh;cakmz2i5Y1aI7~wRJ3I+M@Rr zX03+4++UWkT|#|AjJid5qp*@B9VfWhVG%@ht54+y5E~^P7oeG+4NebB9yQlm$6xg~ zK3l%a?(8Ae_I6hA!&R+g)lx0Py;^97f3-v!w_Z$ zW%%dU?B5;}rY*XpNqLq^6SZ-0HJUUyI&Kb6*F82cxdyl&Ln-0)^wlj)P(ri;0c6aE|1(1z6y&qiOw<{F!YzEBaVQSrY*Layd9S3?zm+agpV`0q7mC zAkk*`k)Re+Xk@=L>Pu(c(QfM={y-$Nd~aO#yO2hR;@2To8-dimQ56_h4m1v;_{&>f z=XGu2qx&p!wdV6dLxo|a*ijv(0i5W~d@(Eip!nB$YGH{&eU2u2TP^Ec$sSMsbg3xE>s|7@i z)LM5G)9tMQ-rOb$C0g~lHDRS)Jh*=nFM}Gflp>em^1{J^8UTBlI{m`hUANDfaFK7YWMje0KMo9olV-Vk`Tu?p;9pU+1VJK)IxZ_kYYg?#|#ewrS+m4Unk>^OhY&V?Y4M-77=c6!n z1g;Ws1oPdZdznSn3P%V7okhje{eq5w^Mm(T%YXpD!;=FlsOX0Z1s<;6YrxDMDjR>) z=A*~ZJ&s7tp5F1cP96Fo$=64KgW^h)<&{dP?BRQPBpMZ}k<8P){76Jl>(zlhl+p-- zVNRygt$wFhw)T#Xxf?ObO^x5Nqi6#m2&Y?ZUb8hohRPHiBA{qZ!0G>Yn*(+_U1|`N zBFzNsij^~$X~PA*L@v1YMt3S9I~`@i2|TSwwjCC>9Xhv5Dp0nt2+%XKs2aps4J~MB zvAyPw%Vm_XqN>lK*g0<0jTu*);~N1co&4248Pid{A~`t=}3E6-@QPo zGr_Da1n;w)lIj1XAEX5|cld3IFf+WcY)mRQTdToj$@$sy13^&=i$AItG85~?1ihCv zwo-u%grgK;l7@wf(DrE$i*o%hFL4Nk?6h!qoQNSZ3>Q<6QsnNYL%r8+6#Rqp=%ZB1 z(%S{n?nh9~gr3p%j#+A?op&hcc6$Vuuk1hfAkBkB4_ywJ{{=7-Nu5=foKp2GD&x+C z88u53OL$Nw>-cjx5tJECIS-;NxlQY=KH!5T1RpgC4P($Mf@(<8X6(d0KR=3)1H!oF zpwv=I4=CCOSGZymN^Mvv;0RS5e_P9F(?f&_0ceX{!0ah(57ljHLU~~?c7(04#}t4< zZdUn1iL0;(wJf2!X>;M7?hqaqOB+fTs5gW|RpwS$=JYsL4I`AhYco*r1bvhYs zi@@XL87yq`Ti{fs2YI?z&vL7`WXHy> zU%;J%$3K2=w|D(VMmtHs^`}_o#AOQP3mfuZ+SHllY~13y% z>`^ZXEVz!2&Jeq!VHG{^oy zlIPj|l&T#JD%5^qyA=OL;m62kegKR-nBzR0;63!5<$zGPlUJQfg3)JMe-6CTb7E|gkGxpuw_x-qhvh%j)cYQ(a3|*%t|=n# z>pLvZaDBwt_^l{Biyvj`5+RR-{>mo|JzND<0 zXSvgwe*ioZ!r`{GWV8Q^J9@#s&Ven@uwD@%R}^D4lOd|zN5<0o7DjBo>O-ot;VX9m z@F3-RS-XV)ReNE!VCX5P9LV;U@ieYq3=HH&{{uX7Fo{?tScExE=yY5@23(SJ4ffB1ezTO$gX8apz^kvj6_Q z{tw`=z8a=6SuY1vTo?}?s!W8(l~?*NNrUo%J}_mnY2vbJ(6_U6DSmMWLf;wz+=TF_ zt=Hcb$$Nqquoo^dZRMkKA;NE7k6riIFd+emr?C6m>3e^9(ZAnOXg>PNopb8e|9SZT z?b%k-!q?-6#4DRSeZnDWvw(}t#fPNI<>#m}6c%&H`^OZ4ihzxL`2q@gne4x-j4k5@ zD1xwhFqg98U}nRA*km;%>`~YgVzq`};F65j(DI-fz->lyF}v+*6lL8TE;tp@*yU_h z_(w}%PU(#qoIz_6MNXV|}EO@~7ho1s06~T%pBsBY~F)j{m4FB(E z4X6aqcH3>xZu$SLuv+IUKoFq!{W10A-?^PNVeafR=SfIUcw*3G+yH2!|g zIyNK@0j{nrh8gp+zeC=c;V(r_f^xYydoH_A`2>vzyJ4ntogdqX ztHGAg5&M(hD)jHo-z0YqJyXB`h4}_ZYF%z_voWhuZj<0=Q-Y*XilAHPJh6%gfP?>s zbZe2GT~DzYOTqM(SUdve7yLikP71y*=x$`GM+%>t_Gl-|C=qO5n4wn^OpN^Jy-9Lh_>jobLALT zQ>y*`YeJE_WKm~nF9G5Im(BfJTXhFO2ag53566jjulA&L$hGnu#*5s~4_0LGcn!LER)f9AQ*Pq~Hv*QX)a_?Wy)xd8Uo%8Exi7lI3G9ZlBz-F>j&aNSI&%+% zt0P}_Bjm>jmxcyBfoeYnuzQCe?cJ63RRP50XnR`USEqb~QN{-by#p|^`>C{|js;_zC2FYmj{rNAAI71R z!^cIeA63u%-U=9^`{}Nk=hsJ6V@~@ukB1qP3jvcx;{h|%Ogy(8^nO$vA}vG+k$+DO zD*-&@x%<=jo`ODA9Mco3naBf}#|ZI6_=ZE8cH!XYMquFH_liu%!6a^da0vKXn6BxK z;JV-@=*6#Jw$DjDW4+!6u0PxuD=Y-unXyW<)_{#KoFl|OvASXxd4u1sdji7?i;D1P zO0Y>U;sSul(qHQY&E2jp{GT)jB2*%+6J6(S`R|zw?ZwXza>p`%kY6F^HRS6{i%G5; z0D%13!VCfv>*wU{J9nPPZkTMg2_wD=FWq&I#dOnFR8$-qNamg0a6^5hviL)US-AIwU*OTGDi6^Z-7`v_ zIA;6@zmK;j%beE9Hp?tNbolk{pC7J$YiOJgGR;;px9QB*uY4qV>^oMVz9|*7{`+l0 z%d8Z`0nHqhw@E8jJ&~YvtNTg}&v@FKm5u;l5wZZIvSmv#xCTJ{&EKV?ZB9-I(<5p2`j7q$>gloPxBS>D{I zHlA}95T;%NI@93U{_^ZiJW3>BXQtsc+NZ>JobL#-lC}^;V28>(mt?TD7gXL(Fe2z zs&tlUqHEXn)=ErC;$0J^%#JwDR!H$RDk?9q-<5F8zyewUs4{CU z8l%SY{@D2_LB0Y<$EgI?a}|fDVKQ zr4Q8Yhq5+uN<$S60Ii8#TKb3Vli3ERR8m49yA1UGJ$?grGgl3ULWszm7H+Q%eyW(3 zjtS67K*|i&?x0pC>Wvhu_Xf7K+b%OA-b_NWgqY{+p`PldJ!A!G>sQpBlYol>=#`~7 z%NK1Q_R==NR^ah+3;&%48U3u0T|lRaS!CC9xoe^|+5Pw@LHYYaq8d)Sfg}>(`#R0@ z%xcZW<4WRtU`h~(`#})NX;=f4d?{5-? zP7+~eK%*Nt^tdXk>Ua%EiE4mo^=;g>c;@p>b4YWw`tV`h(cy4_^ ze+n8>=!Fp}M{_D=qkSYexYGtv|H*?{6#CvzS|%BJ_c$Q8zuh=&yVWs192 zwo$Kw{ZDrdn3yA84mqPFx_GU{qKN-Eo&P8#{1+K|^^RaR@xhE4P)r}%Tdp|q$M}X) zX_7kD%UEq(X+zlK=7e>)ie^GV>(A3lSH8l?g}ymiyn93dU}sFr*|ojrbZSieiNuHLUH(l*cqN@VZCSoRz5Zn3_{B^x1WK(;d63c0 zd683TRHKM`^WS@$GA^d7R$r}B9Oq(MM)(;np?Sku=LEBKC~CwUOSb7f8SQVvH;Y!& zZN7B@hhN1VFUYJ}g(@IA$5^7ht(F(my+jug5`=A^;u*G{zw)C^-mMy@$z=

W5r- z`Rmo6RcBg9v@9UUJU1>aQ@>X-q%DOTG%c_z@Wnrs9&=<4EwPhuJ+0+U{6Bh&STYed zDv)YLWuV2Sq>D#}Axg5-z1c7nqYJ_K1~bAzUr2UVHPGiksV`(*WYuZaMvGYSr5Ird zWc)R%o)L2;jiaDlU{$7re(NMN74xp#jsvQYP+yo&qKK%87hr5i>A?QV%l8LZYozdSJL^`E6oXd7W<$ z<>vq;z2wTWNQJJAPJ+0KcwiEzicCgiT@ci5HTAI9h~r_lxWCfEPUnDuVSEc;wQ?p& zLa4!j<)_!J_bW_9DQ;{iSr%eXtQv&=J17x{5D69zFfUI!ZaxZO*`f>N*a7$sD<#$v z2CuT!3Y$!_YNv=7Ums~riO!M+%%qx!!V9}k5(xn)cNl*> zponcMW(rC4eTt5mkwOGU@UL(MAxjN%Fc_TUyJ7Pv5`j?b z;y?l=-C%rvh(efu%zK*|+CTjz|KKuU=(CuIS^6b@6O#B?s)I62`v~gAK8fsnP{MEe zo~sIs(?xx>JnP&~T!rVwJ2{>jdk>V{sN5&Ie&qMrg0Q>68`D835W;I@rAtT*83^OV zMjqJrz-jdxVWb{Gz~bMDq9p8G{Mxl?sFvVmCUeXY1wrG3;V$FP9Ck7Gwxe@yr;{ZWf3XEJirATzeRWjC={Qn47*FzX?cMi7t6cHUHn-fF%?$IB9Q5 zrSdRd%h9wk37{PVlg{U3h1vZt>z8TnPq`mZ(A#jrz}4h})?5q8`LE#hq+A1ggl2~S zq4o8*UlayWoCGKS&W0QX-?uvK8*8^lw-~Y{B7QRx9N&Cu>hJ9`{O|n+*bS9=0YdSl zy>6T8zcLCq%!Q0fz>C&>YUN64Ehj`V*mB2ritZE6-~AJ;yzq~dVXoM5pfy`I)KcBY zU*CAx>48RjsOsGNpV_lC1WO~CefDS)fC$F`_YcT=^F2QQ!zKe*7nGS5NtS-J+wuH| z3(;ckV3z#trVKG8CIE1H6eDP@(sp3_NUP6Jms|18n)fT&zy6z>1SaHVcR73mwOe-% zl%*i(A8K~hPpYR*lg6mm7#jBaFM*(1B2CmNEIHbb^uE#5e2lcaFHzKanzNtL7#!|#?zzS&HnMq zvojx2pPljIgo$$FJHw(usJPBjgECvdbn+!l<$b6*WjJo@O3{;lS0*{*VniL72Nc$cX5YkKN0ypOXSkG87T7K761H~VOk=G7? z`D^FHL3#?7r@OPh7f8(Kp*Tdgy-_4+CL%K#a}ml|E$@SZ<-K9`h08x4qF29n&+`;$ zDKr}cSm7T&CLi>O=V9e`$0sZx<~sq74gM6@tOj$$t3Mm|FLj;wXVy-+r4~CARBOWq zjROl2l?7d2xT6*ny2h_+?FL&~@oK6AFTIeuUF2^8U)rBu%c3K|xG+5REnu5!jI5Wa zNqAozIUpfO2DtzuhD_X@cXXc2W+v0Z1?#X^FK+(Qw_bRN{>T$;F-L13# zTA=s#ZfRwCIUf>+;DqcrOjYM!W@uPmA)2~GtKmTf_q4SQ$1_Lv;DkHDfNw!j2O#D_ zz)n0Mx7ig0<4?WOmX`KAdPgte1|Ok1qOqg01^5WrPqJ!&2A4`pQg>~Idnbka3G?gF zUECUKdJj-dgHLI~Hb-_HiEtx4nd^H*PIrtX(H#SL@F!^JxPvFS;V}R5r$xsQrOw9B zXdkpJ@C*zz-wNR2;i3Bqy?>nS%~uu4nKiqsEG;duNlTly+rVR}!F5(I(S4cTv<3In z)n7F@O=7s+$>p?8aI;nYgY3&ZIp7yzQMTn2cFBxK_;(84(e7`eLOInPu~+zMl$V=Rep<67J3R@|sV1Xq{nFC~*G z{9i8f9qm$)o!$Wv5{O0ac1oB}Bv&VbHq_!*-|M-I9oKQGCc=5QiW>>IH5Bdl-^Mp>;ubz|+>I2oKp`nS9wf4s$W-L!!@l}-t zX869$_}JLbB@iLB7=#%q7s4#VVi}j`RfkOOi1$}#MXI6g2X60>9T*Zu_C#LVJ0rO{ zBV3wMqcxqzw>SD+DxNqvy;bD>v5Y*hQHAAVToyU7NbLvja^C9^y|IyTctj zJAC%78>ukHUoT7}B9~{q=RJ$FMI2ry30jz&jq9fhQQ-65T~xmTT0&+Wc5VsTK|;+5 zzaQ5#Yw2Xj2Y1lYXJU2i9Be&@0_hfae+4Fwvjd0?sdj@Y!22QG4=+mOa8~SoW>{5v_Xq(P^O^) zV{stqeDJPL)ViL=tJArMYJ10PlBR0fUNhaX8y!+DT~somNDX%Bl=biSr!w~EBkLp! za)}z9YJOhKXV&sSR(Mho-D=_3=}7dT58ec5VH&UnZaF!N77z6Wv(B1nA;d>=uB5%M zLKs!|3u6KR0YszP1JHno287R!A7cpNC3U(v{N>lG=w@AU+rDwEA#o& zNFyYopU$?VC*lSWzBdvbY+<`C!)o-MYP=lA0u{$1#vd{!I(1t8lKymIBq3WRtnY z@fT0~-e>$=JDYycn)`e{2hnw#6^}dwkyBdmq7%*#`cSK+JC82ZhH#=m6<$2P=jT?6 zdnn;bfg!~ohB(1kf9|#Cvl+jk;mpYcr#@Um2Ec*dy2}lM%Vz4EZG>vHYyhk)|YB|Q4sRG2p^~Jp7PG{xJGwhv@kCOVvzQFK$E~A zT{O4v@pIhLEVpk0#z0*$jBVKZjuYkMM?6euttBK%(276{02M>zYRze-VL-FQBb#Gh z!r#NW^0}^6t{Cc zl;~%*hCFe_#`z$`HymRG>2)$9!tx{Z*%x8La-#pSGmlgdDss%{bB)+gfHJBPC*T_n zDQ@G1jFRxy+JB{Wot8CM${fMn4i3rNgKNFG%@4cc$3o6SeENczP5NOA=7OP4{KPJw z$i>{=0Y+$xbGBS~A_|2_r&O1S+^~+aQsBGQ#60!r1+A8^k_?2pxTt8Rqka4%(iM(gTX;2Zf(M{;tOrZu~*~oKzuV|KT;YcDF!JCbzZ}%A@C=BM%D1>XuzZ^ zqqH0$94|92A^t=x^G&t$j*iok(4bmW zhRJ?B)QdmXjmR?tcW(9QyG{16RFrsMZ`xtrJwI&TtUe4z&DHMm8sSY_OnK-Rw4h2M zC5CN$G}Z>u6{nlQ)`_zxeigYASTh+lU4}V)%i3)YFhd)w6(n0eFi3gm^5!h&q;0`X zh4{bnY>qrG?=HlC(R@#a1F6Q^nf6kxmDQOTi1SX@1Y1fL@jBprABi{&L!Ge*Bxg=3 zD+aB;FRGV5LO~p-1$Ec*8ynvieoY9bu;Huj0fU)pK7pKt59h0yju>&pXHZ_FyOf%v z*1F~Q{K=uk$lD}0$gQby5b}Fke7Fb{?DHm}I&R9C`Y0Ita_&l#| zBvLMK$7hUK;Z3{r%;np0)_BkkLJiTRm?zUl9c3_D=Cx7pwKrv<)aQ`LgaTQqTlG4o z+1OWW?E;$T1HxNVJ(^g|h&W7=>Zfy|*kztp_!LEj4zBno^vyo|Z+Ipv863$bNirkfw~B|}uxS6)a0myU3WIjM~X z2lZ~=Iqd-aD*U%&LVQQOUk!-zfi2`{U7DsnHV8z9B z?1YR|eut$$17oWxCKy}FS+9jDc0xU^4i%rbbIlLjZ_M6fgFXcbSkMW1d~ArWq)(rC z|CHOoloPc<^|uEl0(@WF>fmB#_>BfG6>mg3dmQhGCUz7IChmefT`K&EEkk$*dl5a67+ zp`#%qEtuDq`PRju96n9Xt#;3*Mo%lxY}UtkM7*YxvHSUA8HR!twy)G}##KlPis2>` zx7P2&&0HFY?hE)I?*Y)g3askpc4^D1|6}Mj_N2gS#+X{?2G|^U5&AKKbnHFcud81N zttgo!PEx)Gbz^B}E`SUquo8L#vZPF~JulHHe zteOinh0Q1kNIh^{GDsOGTfWgV-;zf}=PQ*K{dd?0HD)#BU;52Eu&ihnlXHuLV**d6 zAM?B<(4^di3u~n-Zbz82KzS`;7+=~BuxUdKxB>I%t>HlD0J+qM=2u)>ok%Q4<2Im6 zEkkfW4XmiKpkra@Up~A&EkqFe%H_pimdK^U1GVBqgDb-)Ii|MMWph7oTbFhSgG_V3 z#w7Cgh-(~MTV1yt^e6p4WPJr#lW*8Bi~$1#Mk6SU7C}syFpyQ7Z)Pi*xv1ZpXa`Rb)zgS^pR+gX&dl{#;GDUkVD2k z?{Z#Ri_0x(*u^mVyKZ<{|q*+4d|)C5^|{63)&LURBvk181KIV>)r; zqE6^7(r;_P*#0Q^eyBAgkXENcv?vLK$*HWKn2lU{ z$b?yV4hw+|oJBDLtwFEn>%v?@K!1EYaf$#1^1&9e>ZPHENAy2JwJ94q@BeAbnE9;# zD7_<6V`;Z~sZW5IaV2pj$qD!N`bLyWr{cFBo$rN7MhVYXB$C7Q2p9K0?yq60n~^ip z_mOM*WUQka3DAmm0ZuN-I^ca1@iW~_>aP%0c(%Hi*2L5hBYw%mu1s|fPrbt`rm<$wnfMs_l({N%w=_T-4LxPu zt-d2>ge>+&%3q|Q$qBL>zwl~Nxj6mv+j#SfzN`Ji$rMgc(RbW;UzRLcOO+okV(+<} z(o)Ou@9P$weg!S*P;rSag+Yl!w0qT|*Cg=GJ$wzDOE)@xx(;X3)k(hxiIbkK?K>C$HEbpw znbgzKa5%qx?7EmHtMMZu%)axncwFwCiltX!>w<3_?D?M_@0d0-#871B*6uG(tq7Q# zb6Z-zpq}7m!L`uboaFr=G{gG(mG`&IY1oZBuSeUo_;+)w@6Odd_1hNtP@VaaUeTE4 zTTsrOT?pf@87GUB^$$uzS6vhvW zXl<3PDvJ?+d>s8o!E`kJn|(M%Gv6Hp=Zi_#z6f#zC@*24>WgS%^Hqy+3dDc!xP`V9|fW=^_`lOLRQ}1@lS9 z!NZYS)yOv+%8D{N>;eZba<5wU+pR)MNX;s~_FOyNE4glVXGOamKP{fWXDU%phx;_Y zt2ejzxb_uf$d{JXbd9VCP&ZpVz1Vts(>minzvdNj!^&SxkCCp#5zr7(;Rr@ZzS$;E zAfXVe6{y6PJzi~loav>0b&|K@lWFuVdBl!%U`(_jf5e*ocUi=`KR&TFKHK z^A%GEy=q5Ack`9y&6RnJ*JaJCjiTbrB|h#7#z$v<9iwfh(Q(x;%l4hGx5%9C3~PB> z)KzA&y05I`Svnfl%~r+Us{iG6@Y&_T@q=)K(w#&&j-e;I>f;O4ZXd1N!0x+B?-L|3n6-?|b*(_igF*KkXwdJo&MC zjtmtweD!Sd3-*~?!*OS0Z++-VTyRiTxQPD;VfRHQ^R-01m!hDnYM>H$kc+&Q#8Kg= zp?KW{sn%>5yDAw0mkG$Fd}2Ia%Ek_jDr4K|(w*YI)HRrteNw|*#C0)P&SgRwr@lK!015#LN6VBi7uB2{HNiqX>ai-q88dtlcK+j6V?N{upXsr%PLDO+Ee&JyF zuGZ(&?s;w;QnJ9-d5)^YVir2nkNLUWg?my~TVsR-R$c}<$B*(1hl?=%?jdTU*;u*C zSOc|Q`qW#;F%J4^8UlWmfv1hsM+U?FItUb&_t=(b^#2&Z?9jCw_+x14|S?k&pDHG8s=vOI| z2POGNcy^aof#vRQ@pGO%_n#~!bFa@l_dVHG%{RVswzAHkwBz0@FOye|5PQTpHz!8; zap8Z=BP_(QT9(DM_&&vyFECto{pV`GfEPm_zYsu-wt7Y$x5dwXF;qFh%*4(PR^Q$Z z5irl>_V)qY@xuY#{t5s{DOtO1j%xuTm2)&4&Sog}xd-^mx>7i|r?D-*#nP1nyrH?j zp5>+IW;n%|d5=7@Y1AU>9%K%&6Em}WWk2_3Ml|-Bzve?ehmOyTffv>`_6pW~wX9l% zyke1Lu736DC8q|64miWJnGCwLbPf`j`0`&^J20FH{*;JVg$Kx8)HKShdS5ZY@k;gE zUx)xBes{&%5Fqb|Ug*GY4883AiI6tY{Z27Zj^G(CHe>?;T-Sc!rQAXB8k{%v6Q9S9 z36TGP@B%=CWW*cbH~(NbtYvy31)-yN-p_cJ?YuK-K6d4=*MCOqioBS+wrjbTI2QR( zP3Iy4oAo`r5lXcE`zu@=qJBr(xfUT_iMH!@4&M(HlPbdM!{O&`?S4%sF|S(m?wL__ z#>!)27=rbNhbrxA@q+j+;Ebbq#=} zJA`p(^)$@o@Y9OcIT6*i|4)wR? zgn*=gBb8ah#v+>+d;5JOUek4@x7JPdQ2W*Iub(mi@9^4U@|K1;LiEFbkqq~p`KZ^g zco@ePzArEp`tOeF(%_Ctj*LLUhDii8T)9E-(eM#O3b1x8DT$GpwGBJ^BXXu^#N8FyqWkrVVZoo}qchOf;daE- zC^m6JciL<(c|yzq`6r4m$Re}cYTdA6!*)t6_RZTfm=Rnd4r zte5EP+pbJUqUP?>MocwMX4YZ9c+MXeolem_O2Ao$CQ%U!aBf{BOAfc-@yC9S)8*nz z8KK-7U(~ZTbltdw_I#9+Ivyv`{CY_r_ZeBnh41+4vZ)|j8<`Iq@W=lL`2B9bSKRi-; z2pMHrXpOig^h8t!H$h_Rn<{WiI@1JJ$tWwvUljp zV*+^~b4z{We=FACV#y!{NxW!+#vTdZ+mu5tx09VTZ?a0mWmB26Pv!RT88pC!b)tmk z-}qa83jQ<<6TQ_scwGEsG0qJswX3GH{`u?%lXQk+&l|DOA(h_>3&E6tEAOX{grhEh z=s*RQAGWWM1I2#(+j)zg=4nPEc47=N7c<5cdE4t(oOD|sHmrrVZxKO$-S{lqT|#sIN3jYg zfB=9h0r2)p($YbRfOo?pxN!^ER^nMT-hBg}y_*cu2uYL&5acRwss$r@f!Hw*mH9030q?yu8chr^W+(&X z-U2Xb4?o%K8JBb8)1~N0WKLh( znMlg7sKXhwqs%|rQ7afK)ugL6Sx>4~ABeORL znklAdm3%Bnta_SrDk?_z)92Zkz~7z6LmFj_bU9qpI$Q-!jLY0tOg=swjqm60*b&wbCvwAuC9lcUN2;Xp3Daq z)S9)uxc#Q4E@=Ga)4GFx<^K2T3{Hxkcd%fU2jwi^j>;4rA;X9x!3FjD?6Ljp!QmzI z48~R&&Llwk`*s%nFP$#S83=4WU3tnWn%FC#Q1Ce1ntG&Nq-#211H(0t@VoeY?v>7c z8)aL#cAclymq2O`MTvaHctSD$@ZrP3M9!Oc#k~%!$x_Ok=cKQ5n+01~Ef>2)j3yq> z_#0zJt=FaU4+ADk$YUo!L}ZTM!5LD&$kTc)UIIWf)hz5B23Dn<|_K3N-NT^%Y+xkhzY zLD=mVVt03UZ?+kO$#&LMY6`|2Ch!h$R|WThW%W=n>6+9r9AUlkUj416Crl~KIj4;r zU1V-Hs_8?Cy#b9XPt!X0uln=$Be?27-ToX#wLq@=kO8-u&Q%N*vs%DtAoq9mU=Oqw zR87JN?}onguUb_lf1wxxkI*Dfl9-|oN-_1v%Zf`4S3g&5a9$j_Pf&UDTgt`qt%b+U z^iYjgMn1c8T1=3B?mJxxrfa0{xU1~P`Zu#B&wzee(bl$LW4wwj2KE6EarV=7V`7)K z^Q{r(E=x+sJWb192;#ND4{sl2tAwKnNgPp5U<6G>nL#OxeX_Odzs7&z8U%=`8B?h9 z)JB9l&P&=sI_&h|LZ$}D=muSAfmY*&+-%$9$j(A7CBcH;vf)vzu`%W7*0zW_jEGRsoKLnR-(7iQc^tzb}+zs?6$37|UH%~cs zpg5v*@a?g*IjhQ34WvNV(c>}WXL8&wK&t>jFL&vCLs`QILbzll&~f9wHFUt~;{Oqb5`-77Cix9OsM-p>cD4H9%HorD;|V>~2Z8?_&;5H)E$ z7Ofxh@B6-v{zwJ#Qx$ERu+^ifHgIaFte+=oq4kVO|HZ3c;#?)sd=^W-$DZrWDLNHNpI65|f4-=^-cf8N z4ip|==0MH}hR1x~{yuPeH1VRZ576vWd|WYTFjhoa6@2=d6Tz99%^Z*#1B47X+U2%D zUan9mzk#d0D9u$TG4Q@Xr=)lshmar&D%rHuHPx{ok9>2BL_QX2aK?wh)+UG~-kKy#vr_T{ur9H83`C=wR4wI$&# ze)kcLn3tyiqW3l8lio(}jDpiGdBQ1KTmSr2O^@$t9GI!6bCWs(`$*0^2oX;35h$p_ zwrPOI2nj8MybUXR`sFn8fSOP>;(?JLJ0IH_ylllkA@w<^9Hntg^bAxYypE@y4fWUU zC~SbJuA{A~LVbHO7P+w~z*Kgk9Hl0rM|jO!TX4jv@*?2IQSn-jwyz~0qvA|}OxD=Q zdy}tfgL52Qx;!9pOGTYO&Qk6=y1musfz$@f^UUU&ptds!k`eNw`-xOD-_I|uSR#EQ zJI|UWc96FyUq#Wksyy#Nr9*5qSbT(qBKroaejM_>>0>uL;6q7mWI51VJxqiQ*?-#c z`?P!3eczFn$V*eV_lV`A@kE>?kn!!SVM+*KJYr>%2QS()G<50E2pqA?R}IE^VWz;@?$$1>IzZ2f!ei*I2OA+zmv0@Y%Oz85& zJBN6D&7-_F6O=Q{g*iQq)8CT)l()Ps%r1$K868E*oACa=n{YD-3kQ|mCYH4#lfho& z+YF9o5yvTv(}k3n=Ub*Yr8PupQUB6G0!en{!gVpjwPbU4s^&nK~^tVB(sm7DmXq~JaqYW%?drpb>PbrUg_TUk!S6}CrU3? z6`JUvj?)#$uY^2X5>a2^2*>{SV$q>H$kO=T*k1cH ze~ZFbyL%Hvd3&OoGHeatfu{=RDiJXHJaX!{M9O-k9M%0N|C!3XwBMH|hLUnlpMHyn=1?H_m2O#>-ciJZ)&}VzPehI9NTLa+? zdY|mma7{WC!*LQt0Q4s0dsewIT|e>WllDjbHC`xg5vT-}g55woo>gDQow2d8HPJ5F zm$Nx+%1rm+Xa2i;+`ez!o7i*sfL4dUd+Y4i=D`Gx}^JHwHsh=LYDIgI)) zZ&qehpVxKkzS@yMj#N~)au9wOlR=-y!S71|uvdC*Jgd#Tr}~R5?e9QT1I3jCO?8>I zI-4};7W1{+sCcbj7U@;oqvE%JFG}}R;5rRSYgCg)P}4SuV|hPRiBR%7Tw~e^Pu0oQ zue6Rk`1Mo9^Zx8+z&G78vydK;c!}AtE{w1S%5-L0|BEusB3<=T+o4j^77Ku&qC}BN z*Q9emX@A?AW&{)`cYtFf36)YJ98D`x9NB#weIyltat(o=wWPHJM1*NwC^xiEC}>>g;ZB6s@Pe?eyEl0c^(A82Lpd7wKs{ z{>=D(-n{5t%r^%e(9Hg~;Uf1$DWjlffla&-H5CPYRQ@a;sO;l(Wl5x%NHz9Vm8h+p z0yw9pau$G7jMV4IBDG+s%v_#H@S%o=7LUj6X}@!a>pT|W#F(I{a(x_@f>CH^^BO3{ zi0O9TrQQJ%cAjFD0jLN?@Abf5Dl}ao>&f9H ze*cx<%=t_n$$2|}f+Rap0NPLgzOsI&*Vzh1ZkIL^ME>ZiSl5h*RAQuGVzuIIG(WEs zvDL@KPrd@0%+3^o46-|tno{kAm)B|FH(E6I0N3@w+>o|^ZPfx!{gfU$O-%XDJMDf) zwpwuNhaFv#CK~$nu$3(`5PpzayBYT&etYV5>bI294wBU&e^h*K?kmC!xad?!;rPhG z7aTZZ34czNA<&uyZikU#-I%#Si_?k=bm}b6s4`$G348pPofDiPjonCF)8_#$t&!G0 zO+U)yS7eMlp`E$hdiF8pM5rAnwJn4!#9hGM$tG^(wxrK)Ibw#os!p{+spO~b){p}e zt9yoHM!3(@r}MI*>4F(_fJiw_oG!kW@i!z4U{&k@zG}aeyifo{C`uk3R4+GsJ@A?N zP=VI%VfxW(ppUiX0aDBfTR6jf?`&CiTz~`=!Pqk|Ook$UrCbXrv(Q?a3T(ypppy)$C+s@9_Q$WDVwX5&2;fZ7RNgaFBP7JY zLV{-`4kxa+CF^IP-Ft+eBU$1TV(0ZGk?&2FW91XzbL0WxdZ?6_A>!Kiv}|UkHHLR2 zOL20lI5pm>sMnUFk_00ti^@YRL+FeUIo4(JCR3#kL&(Xl9@<^TOh5l|c_(HStg3(P zEIFCrRlzr^15<_&cXxQGWkD^>yPZW~YIcN7iTVBEcdO0P4*?IGA#7lO05dj@LNVB*NtLiS) z1dQxcv%hmJcOuZ_!c|jK!$E%btVmz&Vu`>W$BZ2r#dyn{vJ6w|E`6n&=bl5 zRIHpNDX}hhY2u!VCeOT#$#eb1nVFW`O0ip~{q5;&{|XdPijmTxdr7~5Ge^>+v%qzQ zxPGo!HR$K1_H4vaW6!%XGyji=BoG2j0HkQ)DT;_;*r=zBSrq#Df5|y;1F(EFFLn3- zJq?;zAekBdw?MvhLqM=<5*G;mlhh>g*c~(5vrQt7-XM_+XK-$;$_y?=NtpAkuLB1tqK@Vb@x zPqp8Qg`%U}mD=t-MulJmN)!ENqj0qpD0y8Yrn$a89{TS+L;V1cMCBLm7FYa@Pyc%( z{2nAaJvv0l*;(rMekuRIuz27ELRm-lRLqJOu%rb4uMO267zBVQ0i{dGf&ze^N~dqC z<`kR}7@M5?0MwU7`wgz&K<_mr`E%8v4qFA~b+H$8#@Tg(75=v}qZoxidgi941A45k z`Ty?y=Z89g!0vtz`x}b?-;FO)fjp21!}7`hb&!&fX`mMMSZOKze|{~e5H<;?zL3IPHxvaK3(-n_Z*DV_*bUpeg-Lm^G^X@YC_t_1J19D-+2`Rw-!R5`%N-2 zgKHXoIVD93j!6{2Nl2Z`LDF=Pj=DZbSg-_GrsoT=qSsbB%@_&0uQAF; z--tUoi6vCss|=$BA5@Skg57^fKOEZVUG#fe1NdD|f+PS0a}8=-x}FEHY77U8yu0BG z9Lh?v03j8k4F-<#_cq!)vQ4)^@B{F|_bq4vb|PkDs#XWZ+JArB18Ph~pxDm^jtDq0!RkH>(6ok zm|$QKhzO}Sxu^1nr$Gf|nluHVyKIj0jaAxcG#r`Eg1mB8;6>_shTps#PIjH&J{84@ z;6wm+=7TF}KHc-f&;q%d5;-ZcrcXpcy^%zYv7Nx8S`dg_FKOgJF;J_J(`@YRTN>1B zb|AizYV@t4b(kYd9gEd-kJGE;MozG;tF8V>1~sQL@N*E~N{HgPyT1~!4F)FzyTs~2*O&JBdw8@|6<=ihw;H46ckP|>8#QNr&P2(bo3 z=!$|m7i{IpB~FnPoXH?@45#jzcFXM9d|Tw+ZU=2Q@J3^nF{NT1?##)g0py;~v!M^= zw|A$Xy?F}1QIa3Jq`a|!<6)NJy(PqC>y`{2(7lrBUo1-JA_~>k>o_Sm2GRwJ9#ub}SoIr$Ku6|qq)h7gVI+yCoh+HR#8Jt% zMnt93`V~@?QfS$t{us#KB``F=EDCifQ%{b52kL-C9GFQGt7uKf>?7>=>(Q$LZXQxx zf}g0~-MpM5^j8}QJK!sN7{Y3_V^3<~vFDV*Gn6BT$7U?H#0;hcS?t$mv+-#t!lSZf z!f+w`Rm~dDhw6JWs0^M96lAd)f4PRj0!5kN$*HmVL;HWCRzN)g5|p{_TZ0e{PspIV zq_CL~S86qtnE==549Fuj`4RO&&cm?L&(QOF(dx&{!%C)o&(;v@zTi`ztd1~3T5Y`v zkg`$&yUAXXAHDjl^>He`Lr`_Q?T%HG_wx_>uFE~0uBSjyy0#CjElHobjb%k)b&^)R zku>|BG~o4k03YT28^V&msvb#MlJ^?<(Jx*%5m$$gG|gT|U-b~qOiwSGXDGTUc>^YT z4HdyPSg4~~p#AX`XX(@{meI_)GAVDaJls&fCQ%$3gXhjXjWTX0W?oK7K-_aX4r}`b zzu|I@TqMBP!4pCQfnfp@{dVL(I7p4Ssgmtx*47<_VKojlg<0w4YJO(H2YFb*Jy8tp z3EULGfGM{nfoTT?%+|Zv`H#~kEXi(tnR;r|dwRf~47taJ1k)w7Oul$_y&~s<`E+>J zrf`IzvVsG_zJZf|)Ahe&gG>5g@uSNI2t)dbumc70RYN81Jk;RW#5kdWSHEG@yUhnY zx-FsjLn6t`Rj-V$D|6x$ooDA;rVTKBzS)iY8ei&HYJW&7QLDd7Dp#|wUPs{Q(E5W` zlzmVdJR9p>Y4U%Hj5(%&{9|Fso7`|%@{yHph!SUSq#GQa*Q!U2P1&=X;-wud2Lv6| zNK#6Xn%Gia)5x7IlXMo=&g>8UOu|m|Qmgr(ydm6IQ9&UV$X37PKcN#dlYn!+JwEzj z`RmzW*q6uO(^>UL5yen?M{sW1IuXAiHzIG1RRM5u<~#^ElB9!iG3UZ}{*3qlD=&Qr zTE-SbH2U)=*ShMjYsX1@UHi1VNE-x|W@KWLYqOjk9cY?*RMTJ}Gl{L87BokxeEu~O zquInL4|n7zZ6$sN&BjC^tNzZ@EML@ohZmkw!uBRG!XLnumDd&e7&_2fTErRr@~HR% zxmk~wsyURlg>)Cdze~{uW1x(JOL1GHVYW#KeOgw*jC50q^*qjA?OcQM&yML!_JNu}F5F0`R_lrP6kYn$KmANpgqEVoN zgiI*qI@?7+%PqP#CMHzwzX~m*dqVPl(<$Lfwe@^Ld*WhzS2pSG(k_7aW3QmZhxOS@ zgU3z`zS8|j|HS{tNu3Lv)bX1CpYQqrtQYZD|DW#~+`Ho-_sdQDYp8-ylf`*E9$kh> ziV}CWnm%D?~y{ZynpJ)!Dz5_Z=P@i?;9GNqMVM6t(5KwX1=_l9+}vF#qICkw?{d2gsY-ji1!>=#*%1mjpF@&I4cC7URr$I zSNh2JQQX6mIi|01R^{>O z2}c1k+>RNlb_HjZD&&v@C^E<$1s`VmS{QsM}vXY7UK+oP_c`LEZit zX_)#aMJ@muABMU;!@C(s^@@JqF8r?J%=qiU-^=UYdRPTcsE2GmJ;3<-?^mcF;HbO; z-3V^6|8*FW`oy~RQRfebMxydm6@25Y#Qyg~@E^?17>m#$pSmX4ZhqdHiAnoBb1`S} zYy8aLjz)Mz(G1l8jL9s@sOBOtm;T?WDD;6Usp0LT~KwTXeu+|R2WzyRN$BY{GU!5jAy ztusE4_}dFH*B6VwPg~wHkB-1uwqh%hai-}DJxc*)emMn$(X{mHVM9HoY+K>`g*UZ0QTl_Av{j$cv6!X-l!gJp$lQj*b z3nCnFnjrHq_)5OJjJCFkjPMa}Va{Ve?Y6N~-HcBf6N2n?ZI(fYrwhHt2fc)Ozh1jB zc8kYJo{>1?k(AId^v-*~R;<--4ih?$fm)2R%hw17YE;#QpT;PA5#<=Bi9B=EB!bMT zzvco^_$h$3Q9k!7R%Ui55NWoQ{K%2}$*uDt9pfaCtK^fw>bo?_t!`MYg4FkOL=*DbcN4FegcfVXBG*-`=p>CNE)|!=q|E!fNm>0 zj0RV(e*e3O%lT$CswURG;N#qztDZaXxQVi((ME76b5S&#p`y{Qd z9%u7>>U&EV;Um_d{H3L(AaT3bKOR(8zsvHKHr_-NzlCx5H3emuKeE&VV~J`A>8?lH|c-h{N0pjKYgS70szt$EIG$g-ulk3+ zA#(z_qeqVQhuTrg{}x!V3{#~yNr+vaTzT6}{T1tkK9-msDpoTWN}UUi0fOx=(nNQY zP1W;bdI&Iv?okdd7+_=^Fr1`m9}a4$Mi7k0q1^t0sW$q6gY`!g0cwd}RdiQY*AR{k z&;!1&=o(eD(|FnzFLzo9Wp)LnXz3(p1u)0~I_f}y#-?CtnJ4Ld zixyUcL&BWOWAdi#`LJon?w^?%f3}OjrU*fP5zb%Z--=v9l8QHUcsp>WR6n2EaH!0M zCFs0LETc1Ze!1k34^V|0gJm~LgmY!GnqJHjQ0kh$BF5TLmAG{K)hWJrir@R%dpj}0 zMm+*|&6)7$9D(i{1)EL%@wB%UA&IW#EZ+R5GXy6)>C+}RUX|?eM*qfLyTG?~H!G*f z*tB6rRFzJ*eeR00u*j=={^>Oo)FB>%Av5rE^hb4u&D+LXA0wdiij!#N>9>)9`BHgu7V?o`?QFVOxs5D1@GSJi@E+y-!hos- zUt4of&b)NDyyt9<^W4``3T-OXFw`ig7w?w-eC!A@SW}6*K;=h=m>n*>*BA5E{Oag< zS-IWq%@Jl_T`q`rYMrqARDgtAZxIAv*$i5B1tt*%QDvy&B}6YO}5FMi7UucFaOL4eRHSu3XEGrAtGyq4d28?CYK)WM2I`F!`iXBgy&#!B|G+86*85+$8!>^dFJ{UU) zXulF(c*$!4ATqi}GK1&3dO+&9i>^L!SC%3eLpBwcNLOu##w-V{zWVmRU~yR8eW2~- z0O^UaO;yNaKd#obM@O3ci34Dm!xknn{kOkModk5}QREmFALhl?c%ukkUUkV^pUeBz z3!V=kd_*S_$C#I*vEPplPZTMfGDnuSlR6c(IiB zT=K+8#_7&eGc%pAc69s6&%@n*{b(*C$TK$bYq+(!XC@X#A_he>vSxV~+I$v}=f0^` zz=erNkG}Z@aPGY>wG@VKae7!3-eD%UlR^R1^tz^Qv;=w?c!-g6t^4w8wM@Rfjh9%C z--%a~s%*+dJ=iIF-R?LC{A%K9EKO}%rS)U^{Qb}80@{(;u)rD8!_6k5ZFh7MrhwH4 z;UhMxRD|k*_nlNlHt#O<1YL|p&zw&mzg!UNuMzm+zS8V1>Lw$c+aV(~ z_&h{sQ0L)9j9Af*G&RZ6@%#`?I}=M_67AV*j>9p5xq%WInjeEjFPDZ2gN)@f#+Q<= z-fcAxeX1+w=17<9KMyu(5r6Y3_kM?!H)ZMi!&<5maq=&O*zT|cIoGf(9EXU)u8y+zpAC(6tMpPby0*FuiCj3z;Y%J*7`PRJ1PF0i|%`Dw-c*8B4Nw<$#ftJz`oc0WAl!@rj2uR&zj` zTIr++P5J6eOkMGvQatp5;N90jVdkR%X-EkZa5C`cdT!brgn94Rq}#y#4>^9~(-qJZdw2%fx-P)dxRW|dym8=BzNh5J4_9DD*M5ToYMC4w)GSzX1gysOm1+Bn4rb1KG^C#JWy607_SWnBhWhT_`zd1 z@0Waea{qbe-B-inImSO5f;TI5<45cijqkseU_3L5aU=*2ql_44;Vjmti2;YbdVhAB z2_sbLX_oEtY{qrREHlRj&Gb7W1j|aZ1K+wG?%5uFe{M zsVc!4`S37M4pXlOJGdVkHhl;N^1neH+E;VcSmeIp=wx(o5r8zKMAs4r=eWCQk>XHH zzv>-C&&^q79CQd>j>BLY{A9CT=I&r%nCE-K=F8WP^rtLuanil5K9yWmJ0v+2(SIt{ z`&6S6di3J*yiF%WJIBGlCn2iQfxgkvRPLV8<@rzMz2mnvz zfFgg80Z;o+RJREc7lctcSqU+jHlWl$n;*DwhuFEDT!a8>{Dkk@^+$KD{T$rxjK{rk zt|<+uV3X2xl;~$xy0#ZYt%D=g-5!L(YXN|yBqOaSYq-s zGQ<_V$T-y_d%W_@K85Ygc>7hZ%i||$q?>mVLc2;->;?!Hr>d}%;mBsATugG0N0KL; zOkPTdzO92CDs5l8l66m@S5!}bd;mqwCeQG-bE@wWAitFalNMf*JV;nWd4Z!|!gs z(&^rFoveLU0_1BLK7xrYC12~o6m^%Jyj^1c9mCdn7Nfa~{l4QD1RtTR8IB(#v^IWu z)9}VfB9&b&hva|0>8E2Ke7sOjAhb8P<-FpiMlDpWd2~_F;~4NBW1z<9OLZ5LG5PBk zLt`)ltvomDb>nvVR|ggpghT4~tO4n>_{2(FSi3`4U$feVReCL%Q~9qoFEE!OAj)s9 zB~Yt)Ru!Et{?~mUQwOOgdam2fv!VpZXk7^Zuv`FdZAM3Yrp-WR(`RaGJR_JRTd2;q zzgV43m0R4Np{u&RjHTeGiJ*=`zjjQVll^|WJO5SFm2?4^iU@*P4RrJ%u@7#ZMs5#v zVuBfJZW7#ZPInT8T!?Q3kd+(xom$$AmFMkZ2f~_(cS;(sys9pxVu#<%aNtoBFf@g= z-HatX<@3-pKA?(W+%Zy5I+XcHp9MaP+3^xA{^sUj>(#sX(Z`2}jb+(yI0wG7O7m<+ zS2X_ZxlD+fUTBOa;CeeWJ;p#+{=y)-_l+TF=tC(5ne2;VaZ3(;e}oyr3W2MJbp&aC z*Z{_T;(YYLRK6!C7ovx62jZr!^gI&rJ3N5Up@B}jY?)LVXR~EZA62365;fl~2lmu1 z(8tg)KR^_#Z3FvE3qR65rSo`Ic{ajyNJn>I`f6gkMXbkxF30BJf7<1ZiSbgA^Fr z_#5gWy)IMe-798Ew>Ql5(5V;3yBpu$P&xeq+QK|groZYDERbn^f5_xEH;7Y29TE~^ zMN5*HZ@Ij@{A#G)4abBr?3Z4nU;UT>l=^fF2+a&{%;XCN(q>X$o__Hz(7a1$_I7RI z#G8vT8K7!rp5^~+RSLEcU4juY2OM(fwNVGV)=Ha!p7PH-o047|Z$cQ754C2l38pOw zPq*Yi*kD}&7{Xm{*x`h_w@tXEgkivVQuv`k>t7atS1{A_HrbF+qb6~E`0Y_m3QlOH zyzhOL;C<|+?a{K9+@Jhwd^7`@lAWCa2mS@Q?a^OC6e_Rz@pB%qS>y~QM2y^$=J_8Y z`Z}27-OOh4V~gf9!$%P@{>33QwilPvcW&K%;~N|sk^H^z<||tFu|u0W--Cqq2Yveo zbhGjS)=oo>4DkU?2W)z$FsOru@Id=oMTbx9`n6STPcjIC-WeaxTe!ldo0% z*5FjAE$}V(bz4KcoYp~8+vYZGKoDp~e zf{(;_KqsAx3G4`!pQHXL1sU-J1(@%qP(QwrP+RQ4-csC?P&o9aEV}AXeEfOpF6}Gsn zFxvmc)o)m{L0FAd0tmZs3R^hd(_i5aZ<_J!iRQ_MPt(ER5)%VU7TH)&oVx~SMFu!Iq1iU^yED?iY!ulwNX@5x@we-CmN9k z&a<9xssBNfsFgMe_VP;6Jnc9?!Sw!>oD@m3^7D}{eb1=F+c6Q$YR?iDiKiYW|EKZ! z{WMSDCpIMp=FLBnit64y?5$-e(eLz(Dl9?_aq#45L#=T>kcnF{2OcoY`VlW4%DwTc zxB5H3gC|fjdjCYMe_Ow!q9CJJ_2!^v@s}TZwvpN2ftq9Rx<0uIq*GB+4l4s|u6vZg zt2cV#pLD?jH&6k>q;Y1PdFh5PwN_y}40dI;OeliOJ}wYH`6AfRe}Vp&pCGWq{e@Bj z{2`UWCy(0_8DpP9?bV4txFXM_ZTJSNmKR9gDhyKo8-oY(BEkD|SGW#LQ#65%=E(Ft zL0=)IzhI#YTtuipe7xtVAE{@WJO-%0$Ez{8sdVi%dJsNX>7pc^&sLD5Ae7 zsP8MSSC*wmYvp_B3E}{hK@o$(SQ1Eb6cDR8&hACIjdJz~oYs4im@t>2Dzu1?mMG=X zzrIQeV#6lg0KAZCV4Ru#Xek}tG1XF*XyWVl0ejlT25Il-bqR2S?=(}hMW<}_@;+ED zwRgJ=M3#g$3|!thq_*=;1zzAkrzXM|CwJ40Jv;=68PY^jGBb_WMS$}6p2jrahyep2 z`%2tBZ=r40Zho4u0L(iMYfK0VdZxdhch(zTr>4$#nxKg#t>_5`aQu694X_jc$<;zZ z<^n=UTU(pUX4Oa+pd{Dc3J=FggE$Y|5{{Gmk!~2?%U)zeFP^KF8G|$Xeix_lQ}`L^8qx>sx+%(57*KL-^DCOLLVpdSDQi$IE0S9dq&Km|v`$$V+u znH8x2%0UZlGhX=tB}Wl{wpEmpLj$tw*inPXL0)F6sKBK2bAU0|Y3cT8q)6C#aqsbjh2)-5kZJ7 zMiPV$#x#iE`-9=gcmg**AYbT#6-@FC{2M7~>}=UPU9zNBzfZ&LJTj_RAD^Wjny zqU-@P>2R~>FUVZ+=u)T>z0M$QkG_Wzj6{;(ng60w>e!_8WXgR6r-;d!9lU@qo+a8O z;rOsv;1<>f2uzj77|F|Fn zC3$jJK!fCFJ*p5c3X}u9`XE`LG%GiKZgH1ty9@7E?we-lEw6R>)V^KC#Eqa9E!NvW|!ZkPMk=_d>iLgTRT$=}$sI;KfMp{@HUTZ&w$WmjQu8 z7}=mG;j!wWT)+tWU~!FcRt}+^ztbx>?fU8eRQHxqQHI<5FbsnX>5w8ymo(Dd-O?Z_ zT}nvjASvAf5(@3GD~zi;oy*X44}k{Ra7``P>2SD3BXP74WK z^uAmAEL=QvbZ#E&&$RA0BF@JbOke7v&oljB=rbvz>IQXvBGEaQnd0k>-TK0u03T8b zeL7BKC4c1^mS7Z0LKuPn3vvZ)Wu<(SE4<@0GoiGfAMSkx5{yFygPZD*yZBzmM{VSz zO?3a1tya!-<C~vV2{jNv5E5c_T1>+F7 z5KrB^_u0Hivh|V@a7oH+3|opFysfP*y9ke0&0ama#@GwlRae(Fx-S=~(-> zU{S>%(pY}0b%9Ld=;L?AQ9kNGrn?e&9NlC0ozeB@(d<5+) zRJ(NfzCfpkc8+`8_F7tKi=!93oT6`lA4->uMs3)RrXbm@J|9k!hhy$Cm0iT#V1!oB^6d^xZ_FRT} zxR|2LiXCxAlG^K*7p#ThloOX8I#58357fbb?gR-TxYzR4?X_vFqKtsfl>sv`3Q;NL)d!#P993XZ zn1^RUu-3#{IJBn}l|_5@0_4X!0jP9Ub_x~k+B1RVx2P_UnhsKnFoL1F_z{s{3>WHT zAF=BwemxmAhxoYEjQA~hykd6r0O@r5YS2{=7yy}_KJhTa@VrK#0r}Dl6~A&g*2=cE zyO(`dZ;IV5IIaA(l%(_1pDGm#Un5GE4s~ucg>X@FE!=Qq48g{LHQ#HiwpwORVI*l_VXhkAu>Si6*zKk}#ee|ChN%96$epD7dgNVh07?Vd30 zz4F~#h`C};n|nlUNBXDs$Ti2rIaZClEt>soI^VV>VR><4?N(ojxLo$sw=%lKN{@kb zg@Lnn-2@3E=y?P>8>wAk6G8I?!erQ@j@xNWJ^k4A;aBGSWfrF$m#RF%NDPZEeji$P z+y^M3wCoB=`{ZV5qL};cB}b72RG_vY)D0isnqw1v!?#9$X|$k2_W`SSo4+c=@>m?D zA;$#jnx#|H%X}_=Fu83I>Uhj5(2wQow-44@qK#r6juy*+eSfjO?LHut1ARaoiVVz; z6aSn&A@0@5>{8_73Ak#q{IYttNmLD7q?j+Rh{hBgP6ua99(qU-)0mJXw)o%L476LC z_a;V-rFf&i9SzmYZoM@YKvC{-ts%=oh*(B})qG6hG_a#R$_^ZB%_J0(XKk8ipp+mw z&H~1Tl~bDMMU$2L4hLUNlM77?hsxxMsO`M8CSQGG*zS(hQC`KXqtP?ubN7D6NE#=G ztK?kH`b(dd__S5}x+vX*8&0tu@MX$V9OdIHcp7xZugFI1Q=+tTwJtuUeRLpD>h2+9 z+N;~YdgwVG*q0pR?BBkRkzVqCZ|_TwVrRHoc1{VNo&h{O<1Ye((eoR#w1e!#e&4Na(6m$~Wn- zZm5l2-0bV?vjR$?U&Ytp3u#`(3H&qX7i{`=1P8Pnhn=hAr8(&k;?xQ6CtP4!Xnxbz z^TNYtpU{d%W;H6yNR%>8oW8)o8z{19ki3go~^w)$Mw-y7=ce>3FfL?NX+ zTFT8XnKm{jzbA$}xH*oQA~o8M;e$=uGYk)Ak$uB_3M%6&9<(g-k(&=_fmKZT&I5Y_ z1p~6MqJmv}Q~zz)&7SVdqrHu_a*aauq8e>B3wf zGET#j%7jWHJK)qV>Dmei$zf4WWyN&DDT$;uDWl#7lm3O1rJQlw&$J;}P`na6IA7V! zbMK$&uAfDZLiko>MW8TNMvkU^O?}~Vy&F>n<^VF13o-%(00zH8*)5TLS<6dA)L%}vnKAQm5jvD9o!@Wx6}>6_ zs9w**Wm<9NY)I1LIM2`+VFe$yZTjTu>Cgq6%|7zDxtNYBe;d#(-BE1 ztxG%-=OOhR>3uvX7Xmo8nY43N4^=pPSBnZ&M6UArP-`SwpHwQC&)Y~kOoPYHPfu2o z*&v_waW#j#X;Z9tghg)?=CTYzcYjin3Fd?=FeQp-50@uiQIv<$Y1lx&nKo{6?AQ{2 zc;1g((3+u~{#aV?Iq4lhiPH5Mf_4sOgrP!Bp!J}|q9QUYDnmOL|KYnOD$L9is!VHM z6ciVB&DdRO`m0tEoF52@+!WD=z|8;C8CdYs^DZ#NZkIK->Mei_GG5&{W%fEcItd=9 zy`MT!-c*}_Mlq`VQvgVbkn|V*+tYO7h`@9$nk#R0Zp6XmP70&SlLP)OP$qL#Zs)U3 zkovW8X&N?sgdFT@;8CU!v&f{f6L%jeEqs|It~lZN7|20W9Zy3?aI-5(A_ISrWBOLM z0K?)yQc|G6+fxggd>8BlNA}$W>nqH4Jj`QS&VX|-Zd|M}jAQAApFhbQpis=)9r&EM zSg3uYb2{UwG%ykpm0_u%X)FjdP8d0WOptUC4xZ5_=1lnjL;X z!67`+;`W5&b4uFu^#P*6X~m{y=f~O68RKQQu1~dF9BrC$2)VnKP(6C;$ma2UmPu;; zexDm?Nh}%4x(wUL)rIv$NiUNJ)hP-{w~(~4EP;l_XBl6#MHN)XJq-6hBm1ls-nx^7 zda@D-&H9|ye4hazS#J;HRb{(H{oAu-cqp0G@-pCEBjt1IqK_hRvA#N*q0V;Cv{fxEzzs|m9CWex6@E~u2KJ(!KB!ILc|{(& zJ{h<>82|&Oxjev((WTLhd}Z*(6J+xd0k3AI5`8!B9<+!qMs0sGczSn3xzOJ37S(fj zy~l=qEXabqtJN~-31bcWM3t)>vou|@=vVC1T7AV4WBDn%U{`0*YsnzbV$iK5)(2A= zzN9qht2}QnW{BN2`n(oTYg*0o&oV9x5*i|=%L5jq- zq=j+oP>sEngop{*ySkrbpjwJ?Aq_W`16djei3T@|0l}U+d}lC}RITh~N)r#e?z&Vh zW?XO7tlVEuqkD?=vSm6_FP6-%G5BJ{p5 zMa_v?;Uz|`lVGv4@Y#iox}K??mSzZw*9&LSpQopc=Av}*3XtP-Bx1>P8&$y20v>yD zm-AWo>b+8-yevY-;DLrIuH)cV>IN`Iw??_XhB^e&56086=02gjK%kffwl8k8`U|(; zB$xDRRV4R~HDj7q@I}~)eu;HvZvj-U=tVTOWn}J~U5(I7ixl>%z2>t`>}tYPyprBf z+C!#$#UN|y#an$r?2RXcA|>>z+yrmQ8&k!gjU^YEQOpao(-;@gRfQfxqI$(o3yPvF zEaZ)da9U|_CZ5Q5e3_Mt7brH%Jeu~S1<8bSto1Xnr!+Pqjny*0d9S=t@Twa$bOusN zk@3U36}bFZP6;w27m5cHf#RWP#?6+Je=u~U{1|7`bF(jyw0m>eYZ+(M#x#K0N@ z&08PW46|JCO>he8!1wJd2_dM;llF&8tIuKu)`eo5q-SpIp01VB_U3-z6`m)Er%5<>uoUERk5WFf#qXG6<>e zSv#}wa^`gIMI?RPbVd5RhnP4n=Q62RjrQ){iG&Dy2$U^oMq}q*4ck*Aq3BpR?L$cj zc4Q@_T7;9<^@nzCq9#rLQK%&0w&yFR#yhUe=XyM5w>)p3Q%<_f@Ydyir>dLzw23=G zplh54)Mfj7Mrj9Sj$n%O2vQa@p_Leq_3{Jx%+hT4I9l_~dg1y8oW}6M$nM!&XI^H* zZ5hGS9_>o=)rt>FoT6&Pc@Lh9uVuGRXAxJf4_>YGa65oupY8o7=tm)&oOlTg)dZhz zfP}a9A(U4yk~)XxS_|u9VffrN<+;kENl*2A%?$s|k3P|CpOyD76jst;W4-!P;*y%p zupZ$rzsmiZ%FfTEj+?w#%t6i3xa~wWk}c_f(m>-Sn(zfGUx~YvueKdiI?H8bA4nkP zd)naKh~&zUj&IV|e;8k2^<#q6ztmCU&4^JIhBz>~N@z!zIDTkW53+ z8N%Jfta}_G39Q6?#K+#>8glKwe^v0#5Qtl;WShs@on6FB*lifz@plLCuC`4(>EC@p zlFNwb2Alk29WN?q?E9{k9?fFkmQ;BD_;8E$_~5SHdUP~)pdz+{b`WO0g0e!eM8*Gn zHjI9IA1 zp@nE2c+#eNr~Iasxk113#w)3uiLO=XfRLy>`^I4YDSFr6Mic^*pz}I$w*7K+&c1vj znCE@2z$T7#Mz*2L(WaJN*M-f(_mOH53Jb<~O=L9HY#43%QKFz`xWwUgdf_GO$?B!> ziZu=*>LR!KIR~at1;204evcM%ts%Ua_-wP{W6zU|*?SVgQ=y%5RetZyzMPA6$y0&R z#b3Z})zjkH@iv#;CEjk`7(=cx6e@-EbiF_l!B83^gL`>aswpiyf=R zdg4MK)XX!l+WLZbhfQLv_SFRrwdEoO3X)-8@T7x?9!CXM-ee00qEf^uqsAS2xsZ{- z{y!PyRD_u4%V&bty`$K-dM!WZsCR|rS`D*$AKbX@)&=dinM)?37CY;*{0G7yUzowZ zrRT7CQ8yl|rL+3=-H$gq%ahyfVcWmYle@ZoT~>j--RjGKf8wM3%== zTd|@J|E%bLF%_ff0E0fECM)ZI|2vFU0)NPP-2fp?UV-$lER7D16n7B`G|E6$R9YRl85&x|T~hD( zO&Gr9H1uhbyZeA}0ZjinP#u9my%)0o)r>oqdDXh_NHoXsYU1O$0aud+H)=& zjJBT=g&p>$SY>`_;h~nhBSV94A%Z!Aix}Pw<}UUmNpqncte5%Z5ZnHDT+%0`#XY*)RBsetKxptv7dSx53EZ*B5`3L0ZatSn6ZpgfaF_( zK%fd>jRs=9oZj|XpwelWLLa};c3NvFk*-B4@5|)NFH!+5@Q+KHip37K&&ZmpgP

    Vol)QC&uPdtGJ_9S&93e7-4XwO-tis)!8@F*YK-|G zeYcsrUu{p1b`1w!b%ez90jH^lt>)WY6B)1LeIM;?GxZGN(`dvD-v%@5|~&$k{mn)}6G!zIgCOq}zo?eINeDKWId z4$~()J28EtwzMfC-bAA(XL{qYT6gtJ|Hskp+;hJFj`%8+YqgyI+5+jqni;u3w)fAQ zd#-uj2cvpcz}92a7HJrQBqmr7Mz=9vD+g#bZ?FuZMXv8h`m~F4ZZQHl^o3rCqReC&iFOj96H*Ah?l@(5=l>Z zcFsxCFFwo@7cp&ey<_rooPIstL4|-p8}y zs+8^;agR4qP=mz)G@t1!=!*7`yDi?QmsO@Fwsr?cZeF%P$!TS zTp(UMZ7U6iIQVi?VU~h;J`8?2C=u6<`NqY@5ABUSqNlI**kHri;(lrUe_zV4BPF6g z#AZBI{;@{d7)L4o11I7JcuIRpmvfDcn+CEyYCb7I`smkW!0@Eq#X{v(`yVXS_w`t+LB{$ zSm#Q52$baoxNtRFv=VVLD%Zh>i$RyUrnVf%YCt*oyf_rL(~Eu}acA~N{ay=TMncp) zf~?SKFpfSsF;x!pcAN+czhNag8L)oBET$&lvr!uU=01}%xd)-X!kC&PJ6ndOtm9$C zbZXc;ySf*!CCiaU=AC)>?`p_y5!5WmvgH#)JU$Kdi6IQGPr|v~LB;hWNK(82pE~zB zxR*3t-P~f(AugoPAAsXqiRXnMSGWoSieRs#Z?}WnoCy$Wv75^;kxo>OK~bn&1=Nzq zwq8g);k)gVLrkq`2DRsRkb-Xjt2tMU%6l(By>*RHb1E#Q|+IolCy4;E9gR2cVpdjwleE#xC>bm_W#!r1LO|6cIb zixvI%3d{2_IIg_9m-=G+K~p%(qRmxlhri!^=tmRpC zFiZ6N%zXYGv;`XYm90qKDSkQcGwUaX2TR$$@6yHco@_+iw6C2xM6~)It1q{D4;QEw zK=rB3F3QkWFXy5-*6+-x!AV?JWALUn9LnxYplXFtscq*^<2~~U3F2!jrPGuEq5+)t zjocHL5Q%mZmNH$lH$(%o-H;r3_3H_53qkp>8@c{tOb%w))5Q8wBQ@x{*k$hFNc7IE zx>cJAMq7n1CLS>Ldbom<{*(Xb0fBiOtrlZbr>pSwiq&1CP`UK(iKYe16f+5-1LBV^ z6w2D#{Lex%PDT;E8dD5)G>q;1D*P)|KQsyi)DCa|V7uQEpeJ_T_f^w}OSyu%3mC|B z+#{$&))x{V@Pl%w3zX-NaJg}iI)&FUZB;8bxvfdBlttEqiKj2_udt(B$8lffvlj6> zDXQPw7R97PLr(afc_eM9cytpn`)TCi_Rcp^d!5EIuE18^IDuN#D{3#Rw5n=kA6sq8 zr0p<$yWT`s*P4|jVRy}p63rV%bzEd-uL~3gX3ik``8c?wPg1Z0qrf!Feat}axK=jz za1G#j{9}7w3l zvP5df2A6+W@v9#W_egYp^D7d#?{WK6N^9W&?V!Mi-(1zG;@b-;>y$#go=3*Q&tvXp zVNhy{basbNX6r6AcLdeRs^^R=!7eT?#bN7AIy2B8u}{JNHTLusHolbb@RtST&^a zU-EdVSVLmy;(0sO(a*V&@oT@I~F^^28 zym&${mDU+Lx)gTnA*Vku{K_&TF0Ut`Mv8&Wy@yr#LpN{Gj7V9q3k7m6;x$v2E$3!& z8h^kj1nmBw0l6_>HbdFvab^=8`!?(;=LG}ytwPg6MM;MRYBFs>Jm#1TfZm^^; z&GXtyX8t^aK>yx3o<55ke_vZ7M^@UH{)PTM1NLyGU=n;Hqd8lmMtkzXo*?eB8+&iu zUEED1M)zwE@#YVAMwS-(Je$|{Ec$QN=O9Yv^!K<#F)f8q{qNYhm0gf*cs=)h6-N^1 zAe7ox7iQ~jOGcqcbrZ(pN|B(tGaUcFHaoY*!B6lDA8Q{Q=gA5NrQe`Fw%Nfw1VqvtLmre{WSb=o@_Jb5KVcN#x~RC-MHf{ zdYH3P_dXZw#&IH5u1Lw_uw!i!MrJCK=}g8$EWKq~C@lDC%uK_KX{o?j{h41VH@V~X z;$`!#iawu@D~0?C1u@Et%aM<=#_@}Av}4}i^T=B_5@ah)x$Swbro`b`zx;ICvl@Z=tnQM`)EJS6V4Wl|HDOGnl?V`aTx_h}9x+!1!)sm0x!&`-{-TjFS#`4EI$ z3;F4kwm2?%rCD>H9^F+icc!9b+RQ$l_{ldrtUe{naZ@F5dU#43R9dz`bgPzI2?Kf? zLXx*&tM%>~K(P3g+a5SSwKCkXLe0VUY;C=zwpk`+MipyiKZ_G1$pyLA`;0k6AUW=W zcUv3sQ(M4jtyg2yb>2Hp$Q-kctHG8KiaLei#-7@yW5b6tG^-t3_fp`2EW5zF**@$O zKp7$Kz5W8S$5A3DR7vkuf z+qXie+iX!6XZb0IE4I(#FkU1SJd|Y#A6LkwhULGt5Mo6s^O`{`LPb*+x!XN3P1-v5 zA*L>U;xpQ?Hzy_G6UX)Oa$twfEiv9`i04PdSxETgfk;vKGnY~sL?Ow<5rl=!e33rl zdbQ!>^@%S;k!^1q{0(npH~ONlKifRCLBN74n>L@t?(Psl)i=MG;=&0g@}TNRIz}^O zP@G-qh!cx{FEZZXLyXa`CyCg3tCeK%F9K9=|~5K;TWmVdd&b>uaGjW8OnYdVa)i(mjL0W4R=)Igy1dIscB|nFpCCLGNNtbwrf(g#M5}oCT_r6_{+W&^u7Ss0ftxRxjnb(3 zzNsy}N0Gc#fOKRH0NX$$0gVl~k%iuh9dV*(1?J@d2C{q#a(Ier0-1DWAP3TBm&V?s z(9njT2DHV(<>Pb=x|c800oS6I-m=x|9LuG0(U;)$BZxif$_Sqxm~gz^S~Z{qR}ch- z6p(<)$4#p*3oshgD*@JEXktuIn$?Gg^AobKG?SJG_pJtS;*4zEjcQQZ4sxdB1+6U> z+kljl1#D9A!*3(p23yy^%0j-th?FAnslN>6f8~7||F|J<{W|7z8jU1)d7-H+0i6dK z|Ad0~x0U06Ow=GisG8GP?ly)Z_mGYSp&ts7k>{CxaS>f@)ZhJ^3iIn61fj4|pNj+H z0V7JAMpBuxsb`CxOv~B0h+rvij`5xAe+834&^Z9~5m55~q(LOp>`sI=LyqS=wEuH)N>`+(YgouVD zo=lBN${wYo@4r7$q)bJ!ga0-y0UBm}xjji=VTp6J7TI;L)TN>(5$R#_o8Sxn1zMa5 z$O}I5C^`v^0{@Li)9ChEs&b33U>{$9?f+w_4R&(^3e02Kkq*tb#r!5>e|nR_6_Qb0 z^1NpIlQv&-Qdca&Llt->DDasC$%}0trJMQsA_<%$v_YRa0J|ETGi*eECciRZX(BcK zNRlO^a^*y-+ieDZj;FwCavPrl;Um7PKD8nC^b0$-_jIhL1v?O0K(p8Fte}mx}4V_FU z`2S-X0+u9f)Z@qEE1K#=+Xj#->mOit;uOs(|;SffGRUj{57 z4RMKX+|W}N2M!f=%P*s(4ggFw8q8Ps0cmjn5HZ|W(znDwmF>y(`REQ|bgRr7U@a$6 zONaFU)u`wmXGH+!gf2V+N{lsq`wb6d-j}Tcnu?EGo1MnO<@&IQ=(0koWZC_Uw9K!+ z+UTs_*i+f&DT#DHwB-Ihw+Fxk{!jC+-~=%Zyr^E1pm^eIG>n4E36j>i%>p;;mKG*$ za#D78UF#0U?tcjB0aBkuP#xVU;d-^AL2~UZ$8R^13GYPXkWgL3yrT^;eiplKJsNrQ zh8%cFQ&IYDBXDl`SPjmc&-kU=hX0QJwT#l3dAC z;ays(6_r0e-zzd6a>Bps-HAE5ca%|ha+DsR(%XK-faBgvLiK&1c*;sNIfyYEs`*eT z)rN!gcSsYGm!Sax0(8E`x4>!`IN4eaP*V(u9vJ~wj(0P+=jM>)X`nJvM*`e-UtWeP zBAFN~BSlHAyXBT26Ezw*m&0oZAHTrHSL1B`{P{D#-d62A9ugU|1ai?`0K#JaxIs+( z5kOo}U92iX5<+N1A+W~Ic)tNm3o`he?1wf$0)rVZlBe)^5Qo68 zr1Qmj8ATJ|G;#qpdPc>b4>`d^g|HE|h@i-_yrbTUlilER^Qf>Z-rAy1273MCNl{4x@N9!+Lufq?ZKj)@%+W76dF5un5Py-|c6lMu^H z?!@*gCjZ$ca_u17Zy&CUJE~P1so)lulq5$IGKN861XWI7$Eq-$o-Crx0zzyW_kaK` zorFsM-V#vIf6;OqdB2SB8(}MPrV~Vk_Y#A~8i2AHA>G$#IA@a=rHd&AOSRRdyWhVJ z9?l;jfZQEwR(;Rf%>P+mNea_J0Fl>lKZwUwZp82*?&N%PbX>T_u^Y5mKnqQ_-uNE% zB$G&DAwAt@AiDM6$-zE-kSI4NJX{A&3_hWZru7;L)(i$wijlxL8n=UQE_~&2-snl7 z1?B*5DxtyXvS_SiNL;n~t%u`ub5rYeG_7K|8K&eiXmkaq0;x#hob>C+9(N9NahzyS zUD){wo+-EboP#XOh78+$ThC^%wes`p-QhAe>Z`f+l^2q-A^ygtqmPX&1Y5_G`BK;5 z6fC+Ctj5f9qz5WNu(obX2N#J2j`HMGBcNbRTni}U{d;>I2p12gni@S;anu zw+2x*-|%X?LL1I`*mB`9KY<$+iWP%TD@PiBpx>}a!p^%GuHFUkODU~-ZK~GQA%GH< zt=F#-cMwT|&@K`3-49%XkE+x+y_(fkfhw&4$DUbB_x90x2%7{C0*lB|PCv)|@{^JG z!K)tLfU~zfpVECq#|1y8u$_)AeK}}swRzXUmcEMIFz4`(I(im7 znkOF@Zy|V2S;jSH5hu#9%7_~H)X_%s6nN?vN5Vm4m|%7m)Pc1KY%Zw_y%t6n5$%*N2Td{yWvqta3K38*WLt47KWd#mpO3;j3>OHuzwRX6FNQT-^kk4CG%Il?va(>3A_-eb z@KAmRn`sCJ&m$@q=*)T(Fz&2$C6+-yXDMqZDloANnrW3FUzv%(Rff$`K|pAfm2Qrd zp+0Vz$R;4ZM~7OTAMaRC-WRBhyUE>^j3~Ol6NVI*u$%P<5uO8eP_#O1>In)0Vdd#w zXWSuOn=7v0i6zG9Tp%y;bueK40FlxHmQaLSa~fOJCf;e(1bOqx z3W1+eSI|LFbA_vDAMXQ$f$qAw`4(ebum2` z;hWIzG@$Q;6zo1?K>vOo8UH4c?6TyCY>%C{B!9qb{$J&TLhE(Zi_Pt%R69`r&=9t| zR!u0tW0$dXmqI@8hFgg2!LGem^F@@#ZQWARoQbMc=*e;rxD5&|m z*OP}Utd!?7AE?g<_aMqzdkyM+NLZY>X{pB9T#(Xj>%$B!h&8bROK5xpQ%L|9E{kLeZjKr_!=#NMgB?DtWv ztzVRr!pbcrhaaQ`oAv#PNZM~C3N#|XGhee|QkOtM4pPP};n-@3VA4Xev4-DqlJ|Mc zb@4De;=$xMfI#b34m`g)?X~Qc8FicXYhV@A0~~~GJ+61#>v#yUPDZ&t$jU(flDpV0 zj-Gnm^QMRJJ@F~GPGUXMsOU`bLyWe9@Onp%f+X`^(h|W{)474Xt@5WgdOa{|+?vjW zrWtRbx(kf!)}cpq&DUOV5Dy(-=#V6w5>a^we|rF(`Y{PCP*Sp(4+e?@Gge<*zpXNY zW~uvkERGLb4*JpTc>l(_R|JXs=KJ~YOK>tTZ*-g=cimaCXKDgkRyakmGjC3{seh$8 zU?bpf@XH<-MNkavGaZG6R=+*C5fv9+@L=?PiOd2xcrRsX^sXz)6yfU0VLfsgavs$G z?*YEVF8tYSxpckW+BdC|#vz%fQOW$8e)+EUx31p}zM0_NZ+~C&!_PvPo&IGB=$Zag z9b;mi%ft?j;#e`q{pHTkc|zDpRSC6bB>AX0tUak)Y(M*fhia%`$iTaoejmum}q zyObxRtqkQn33hCNLQH~_{m1F4pZ5lDgl{!qjlSP55Wk_H`CUc524+S1u77IJ(Ge&8)`2Jr0r8cLC!;*|yb9n&DkTOkCsCly8p ze0=q?9mdo$@^rH=>>gcp8v(Gwf<3cR0RY(a z^7Y3@GQ&H|aiD#>6u3+Lx1B~V`d9=(US2~>)?p^!&sK=*@CzNiU)ektN6J6{Z=<9% zGlVBdO^yF?Xm)dol94a%w%9vQ3&jcFr|}^#EG7T@png;f8h(>FkJrg6_4F`R@kKJ7 z{MsZIa=#)FD9tUTLrD^iEvmv%C*ld&SNQ8-i-2?2Hk(uhL^FC|20PPq>SMtDNineh zw$S}ERzorqWn734$H~`ZvZJWCzbXUznfoE1P7N}>EdpyyAqGRb+Mbuz2_z0o@aulpYjKSMve=M>QB z&J7xJekddx@kkpPSp_O!2_W>PO1j4W(Hmoe85|>h%)z^&x(`(Tsd9h4 zhfae9+#J>I-JkyZ%z)SB$ObxvbQo+aazFq69eE0vG;g=>{`akoJPajJ;HOUCwf}#9 z%l`+bL*#FHi*#}{oVBq2bwm)4f2o79UeW!0XO^}r6Xx|bp@*-G73|CiRnS(HHXa~d z`5jGo{C>9~eh-$yU96yI3RSrgugoWy1aD5^D`%#sg6FItZ23suwW=$S<&M;O-3KL_&H#Ulko*>q4^Bsli3bptQJ+i5yDmk{w5>+S!w}NcSnjKI3e`kss8=qm>#$y z|DUxD{Ddw9TnAE|74ZMra4OUm@LSFk{{z|m-Z4Z791we8a)3MZKN~rdCPCYR`7fkN zp*2(D%MUK5WP+`zXry}qf{r0*t27KoM2#z%<^G2RhmI%-BFdu$R-vC**n~ROz}5h6 z*o9be>443so@@z-dj7Sh4kffsOm9$<_awewnczQ+1eXCfa6S389Hf7_fB4rG^gqv< je-EAizrA=svwelq?WJ@g9$1Ni0{$q!^QG7J8H)}Q5r diff --git a/static/images/docs/k8s-firewall.png b/static/images/docs/k8s-firewall.png deleted file mode 100755 index ed1c57ca7d0980056b9d088b4d3822c4dc0fd223..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 88722 zcmXtA2Ou16v|V*|t9Mo}(WBQ5qD2rywCF)d^oVW|L4+lUXh9G?T101cBBDj~PW0aU z`~2^{Yj<{L?97_k@4NThbI%p2tF1;%Ku-XHK!`QeRrDYb%tG+Yz{3Q4cy$BVArLr3 zL*<@3fkUQ;EjhdStR#i|>&G>GVNH&>Rl$8E`vQcz2a_)EqHDZGVagf*6G}HiVXlSUb zs{>15H8q)AMMXsi2ObkmH8oO-ip}6xO-+HG0l=y+*7&bMuBIHheZEG!%z z9-f|_zArhbtgMWRB1}8j+$0jZeS;c`S>Eq>GaIFFe!7TKygpr|5iH9vqg-5Qrsk<+d9_Vz~o zXJJaL8T~W_VP*=7vXa1(dY4@@dY8-Wot>TS?CgBO)6UM(*Vo@_OQ`0CXw!IoukTy@vt!P)M&wNr#JEm4>&VHo(MkY49l!3g1q>P^quG(nng z18eRh;1Ck%1-2YBYBUOK>N0d6irJ!zw}KzmmZi%BBU-Sr_iLSZh&rP0`qSAC3R{bLc@`^JkMB`!8d~$z*VhMw z&BKH6`nBGFTOJ-BPEL2WP0yNj{rvpY)S%ait6g4~em|;hvMVboWMyS!WMpOQ>*~M@ zm~CJk*yO~xqK%rGnjbXC8tUh4>Sqcj!;>fWuV25`(fMjob~`lQzQx7Gy?qG}A3vT0 z1}CAVMUSdkSXj6O1+jP??~e=*huZ9_FpdHPt7_%GetuAJ3~u-vCre99Z*TASrIC@5 zn?@3;ecD>L_8yG9_wVOEfOA5jP&X^@R}Gq6@oV6IJ?R#-v9;w$Woq;3?CRp?>g49) z`U)oIf96p;wYkaPWSEzCM#DS%IXSsS(p4d&tJ*C~*9e%2iHWhXv4zF#*x1<2#Ke*l zxDntuKPRVfq0JWM$;nAs@H07?nwko(9f{9aSzTS-T>aYB75*j*%-P{eeI;}dKEdRR zAKd=Htq?H)@8WxTx(B|wws6ut&%x23CYZtK@$vDNmKHG6w*RyF`T4;?GSW1_j-KIlQ#A1pL_LQYkYh> z@Q7g9mYt1N+|~xx78e(5jj^e}?hTe&yd+dpkSeAOHPBp4Xb)`Yqs2{H?7$ zJw06=^1;E?r9$y*Ypbi9tE=rn-nVz#&kqbmVEX?pA2{7_fa<`@bh5)3;93pgz{ z4AXA&)hm*4EZRj^nU@m4t&|pdjJ=SE8gcwqAd>P6H+#@Qbd4A{yT`z$+@#nryT?{I zAz_8$tW3*wBUJ;dMu3oMlPoiG37F*)GT)lD?w)oy$(PSgG0&ous zi;6m|<@geNazvAr3KDvjH4`+ZW8gY|nT<)`H;Ako;D)7wB&E@3e1WRCGbD7FJ{>9@b zQJm!X+PsP2;tR|KpYZJ&7ZT%!_SlN1_KAy&bHx{Y{n}|=Zd77;*Mcivqjc1%$^^U< z1OxhL&5{qj%c99zS-M~goIsby)$T?2vU{RtG+5sS9*)=?Tz+8!U$jZ+iuJr@y0*O- zeV<+Bh$9$%+rwdRLba%m6e)abY@$=7J_y-0y>4K1q!)VAu8M`RJ z&(AL;Q2OoLx8maBZ{OHXOwG;BfoBB%5jaP4^UiDF0FI6pIy*ao2TKZR^=-VKZwqgx z2)nO%IZvvit?l*tb=1cFHxj^MbR4~cvsr%x&J4Jf_;?C4$N-biE}7pd?U{)1>FVyS zXWN~Fs4eih)ovoQZ>=r6?dmF^;f|H_!?Nfi4ymr9VLt^aU@C{6?p|I$g%*JeWSqxY z4d>SREa!K8IGFA9?k!ANuEE#a$H&Ll*Vohkdv$gAnB{91)E5kFw+`#LK%J-u4<7XP z0_RjzRCMP~5n)u+!G8vJpO&ob`>4d!`Ue8&1W*-#RKWhjQ+8g?g5X;x4D-)IHW&63 z6aW{!2O?2qWWn0=DLW%Enb0{)TTf3**UY>;?)V;0dr|quMgXs-leIup1Oe91Pd2ux zwpMz4Y%Eq?OiZkOVecHECDBMzIc7Ds8L*Fo97G37j5q9Yt{jZf_p`x3W=5&74;m5S ze^G?(o;NU;LZ274t$Eg@30C(md+oWlSXEAzR8?_R(#;n9OQ8pTN@DbrlcOX5NBXD^ zOEJ-$Cp=38IN>}6W?67C&QIKU33E{vS&*_h^DKkHKaN$Z*?%3xOiJ`}Tk$){@#h(l zFsUvjf=KL7P^lbY%&xgyjBtn~qq4V9eD5Bmj5JARcVTQ7tBM6#-LQ6mjNGv8CAIM*gzn$ z`gHEYF7?l!KlzFZVfnh2@+4?-BI(pLImo>}zk9d8 zzh6;N0haswx9i~0pFcGxz}Woujha0IbG_HrJy)r~>JjR zA-htnrEtXPyAEq_>36umdvcItd>a1 zAKCiW)z{xmCb}q35}|7hXv};V{`PHz784y^%keF|;D{pU;s$Vu>+9FAXhBMXFn_^} z)LWm|5!L|$!ARl=cqA?-CO%VTe&PIrI;z9E94}4a8%; z0KD91zPUUb&eJJiM7~3}ZG@v(6a!B|q83hi@0o5sChq5-7)ePdNo`tDt6>Eu4UE|A-VhpVZo;^IOt&VgNAoL_(w)z{VU zLEjlLS8Gqbe)Y=h)ho~2`<=OMYGP_?^sT?<+*5`aS0Pb5Pp{yu3g(SFnBap({4ry4 zahYWhQb`W-y>nj`tYFK5tvxA55SBm^^Hi|9ZSDKtzW{es)^^%Tq-xn^588^Q&@QDq zY4Ja-Fe)~T8u=;OG+}a1=8x1a&Esc0gy?xi8;0^T(&E0y7{l_7>t<6peOU%=ZA`FQ zRJSr%tA2z~U2 zY|iCv$a70+2ckDpcn+|XIb$i5c4^mh-q5`KumPqFh@Ow_fj7+m}8K#sA(hV7i z03ojdUx^_h2ku|dP07_Nne;)2KWmsSrFuQ9Yx?8~^lQtS=il*-2tPyuax=~S905maLSv=Kquaq8hj_RWz>61u5CK( zgQSR7lJLc09mT739{##l8-GFO;YjuV%G}iS>C>ksCYZdztw-m+ZUK!Ey3YUrcLGVF zlhbQ^n(lY`*tG9sm*(b>wC)YczAkwF`K}>tfW6QamzvwzJw5%jAGn#LBrAbv9hUGW zmHCG(O;Y%In?dyTfs4Krb=8m*Pc0FUtE;U7$wOnuPf6JhYcl>m;L;a{hAvx`nsh&< zr>3T*S(D8zEwzJe=TD!t;zJ#shv4US8LjgkpbKp+Z99R#Bm6r-m^9=y1fN-Bo{al7oaA z#A72lW&ra*GEJ@KzH@XY2bhSRJaX&G6fErW)dO>l zj1GRUl+w1E@-dzb4jXr@mHr1}80TA-aI$oS7%mfT`+cd9sFp;EIHZn7uHhX6P0g!B zzC@GkN6-I^am_FzG5bOt)JX7!Yih z78g@Sb?`tVI;s80F`~KEv!|du%mx$)$)-M>meR;_3DAXu(V3W*7@EE;0oM;^-t~}OC7so~7E5gWEW>iVw;8h$ z>R*2R_-kDbhG%NuTL;JrRN1m}yx2e4$r1LJ_PuK3y;8}!lvk?pgJw2AjQCaKBQ+VM zuuic^SMc8~5EbIUxm=Zq*=umICG&YtuL9Xa;W!B}D-G zBxM0l7cK?y6cWAY=l~&;bFOuNXb6n&{h|H!b$U@{y#TVIN?pswh;$Bk=H1h*~r!}rq#|MHWq_)r}*0(ryEKca0_w7J1=(N(yHV{R9ILOR{@rHW7FIn&_8xl zV(S;xmbPhVXh>NU03oV!j8eH-SO{VA@_I)L^--jvL7cKLD=H{_kwm?N%n0jdut7Ms zRdV22dFu)!nf*8{eVv_LGeUuY@OWx!Y60f{zuW)=Y~4*LMOi~dMOlqhb6M<4NYi+2 z?Rc#;p2pWa`>!p#IuC(GqfqQp08uc}(=*f2-QUFTA<91Y^OdQuGkTh#Z#11ubPT@; zH_9(5Am#&0CXekFZg@$IJkxY=Zz z`EdQDM<#iH^B+5YT-0OC99aYD_l%{klUS>#h1%>CSA5J({>a*!TG3WK$Op3)q`uKJ znu`LzbmTxYgb8j$FkfAB+YH}2>1Tr@kP(Ne4aTg%*U!1HW)d{)@Tggn2oQ3 zb0E3Ye#0Ik6Q2G15eSV-b|z0Eh+cRZM&?(Im^i(xl1Tdrrd5`l>n(+egB=K*<4OGX zhxSk3=TD%BYqji0Y|J74!5`uL&@8;C9OS+*NaluVN~)=eNy^aL$B!R>{E&D%c{_3* zzQkk|IYv-G{$-Yz$9ZDydCLtBAQ4%B$xOGyRwnGgP9s{~-d6qAFCKXXLc|^3Pe zF^Y&3FElBQ}vuU}gA)xbJu8?L97g;kP1wqEu6P6w=EMR`e<%#J+ zv1HrszUjTFP1qx|jsP`@2p$c5^-cNT{;sZN)y+CWjU9iFW!OZoA1Ec1)z^o|6330M zuk+zcBKBdESb7d1<+QdAiNm0vuo>qciM}OD0ptV(EHwNait7u2XXeqyTF>EO=Eqq; z-i^*G3QI*O{sI`G>H7LQ7(9YMfBrnv)bx1Gu7s@ za?%>{CLy3Eu5Oo82~z|r6}qoUZ9n(Yn)^csDiE)^EK2t|M#X}k`a!#OtKSgSPg~JH3h75;9YkgdI+c6>_VrGVxV)Vc4?s~2JG=}065~*en=8tYXQV`y=Q8&mRUZYL2 z6rN(V6E$|^hvP@YBaAG|O<>fJPZ|WeEBPKW=@O~LJTYdB_psbf;pIXF#k8ePB z1mNlHY(|!l4$qC6+8{q<{?EX!@H1n;(KztX-nw=s1|~YNeD>-p?h!)4iLN_F|4|TN zMVy^umai^TS(q@+l$h^hP~ye@>-+sXs~IAKv5q4JQ4+DeL0$|_y118*HiD@*5bgHw8)62lX_oHRJBXK3I_JvsUOJc$H} znqi|L5tAvQZf{C<+6fEs4{gaD1~hfLc^(#;UAN{rg>Lx)QaFFU47hU#E7;#1x|hH8 z9e@7bV+qxgf#JbZyF`EwrVRuH`yyda-Lzfx_zSO8rhHONNOI%w8g}r`TLu|OHlrnTFIbUU~&wfE0q6AH3l60%Md|z?!AidDSPXo#3S7kvi$W|6dC*5=r|bFE6jO6m=g0?i@Qi z3`#^oOiV;_OiEkC-ux370!dwPA*{-~Wt5s7`B6};NOE5jV!$u`Kt(~y+%$GAx5 zd^-5bsKJjxe%T?twEPcZhV-EYm?dI#77JS%`9iih-qB{7LvjeI76~h=p0%~I!a_$r zOMMaMf%_(}`Ji~OLOj{o8oyMK7b7&D^CsS`iSi`Um{T>1&5Jl5ApKca_4tHd5NB2^ z=is=zt#`41Z8U*9d#};2GVg?h%Z{89MWW}JpwCpkWKKa0vBHCw5IvdS8{QYPTHi}% zDeb^cq@qepOoVT-UPE!SQObZi_)fpDMMfB#g0jY}GI^*@D%DkPQbO%1pCzhsrvAc3 zH2E;Wks(?uK7Y{Rl}Y10l>8rGHAhJ7fkCSMGUV&J4L57>=N^Zljl-Nv?iTpZEt96$ zOL&%o>c6wc*tvRg;{gAp%3u@`B05fGcVPv-BbSgJn?b^4yusIkpnd zBo)+lCnjB{NG2vHt-KM6A+%@|$O}MX6A;j-iy0FW&ALXry1{FyI(M2sg3 z3G{Bxh<8lFfp;Pr0<_vfHeF@Yq zHm|~fi4jtb3IdC%gNPnYPd`-=0b&g>1z-eaN%gn7l7;GCzyyNw2pXlK>2{^G%1ND=_5fH=K7VC<#Qh&P(HJA zV@InK6&y4EY9nU{Fw=uPeakVh2?rfc;;*(2^9->cZ^^R17&pKm`1OOhNp7F{*9l z$h*-QHMw$fb`>a9g1AAMAR=Ucy)nu~CXcz^rL!}$DJ`n}J5gL!r5aDyiU62Smxszs zt#dBtOGR;U8m-@#_D8;5#KLb?5BA>yT=e#@(noWiflxSvhi7v``7!ea{^`9z3Qj@) zgx^{O_xLy=o(0mn>J$1c%$xGlgwYspP9M@MFL1y4pwZ1fz=mP)XzxAaLyG(y-5r)N zCXNS`Kk0dXvL2xyBn3a=b`1XA^ZS=UpmoA}Si8ak^~VIPqY+2Gy6gcGGZj9R;luS( zEHAxfbKrfKMRWBcy|kJ72Yav}wvcVIu(@1TZjQK2Ey0zNI6eY?yiNQZUP^c*!~u(d z9%c*ija$|y{!D+czP`SBEK@(NO@^zyJz-KIX}J|_S2^xKOwk<~0BtGkU%~P~1?gu% z-dibC;o&-0Y$1>&h!0G7*sb#n9vszO(HjlV`IlsxT%{P1ksn7N>?vwO0D}+1`;vmv zV!9vj9T)FmECL_!`IqXilna^W)cGhNYx@460$TN>DsG%iBC~^il>Ibax0-p|*vaCx zWaO7vQQ(AIj`NzESw37n(!L-iCLtjqIzBl$IX*lDXzW#>#^T6JY``Eq*`5V8M-S1Xb-o<>xL-L!308bzbg8b_Ok|R*N zoL>RF-rO9_@e&Iwv@B)g~O|^g}t{b%3^N?Z{Qxqi#*yKii``NNkH2;$B~>O)PN1|r{>%G$=)LSgq$#IOhGTh6VPPGJM~|ObVa?Fk z9V-z8|K8P$W01_kW65JPVaWAGGuLis8lWaFLqCvf_K^|eQMg$#G`f<~lVsgMi*)QW zwS7O(%gt5bHV8f^dd@&69YVgq`bOzK-%1oGSnDQ7I^dJr>Gk8x*Ofg(s7seAL4pX# z7IW6o5-9zB23L4i1?D*p-ew<{$HRxj5&S<(%3nyx796Y7qTpyycOT#S zF=4W_r!>w)2A9I4LUffCiaoH-<%3ol5DIRn$c|7p%S9?C^O4Y|JcO zVNmH}Cv!N;stu*m0dgsKr~9j?n8C=5E04;VR!jKY;zP`VlX7m=?8vvcq9Q5_pS8I3 zqoaTIgrA(=`-N&?p+Oop0$T0-?QONiJAg4Qh%a5~8_JV~VJS^L9j6Q%tuY6G(~8lE z?FrG?J_xOhOj4_GaML34hfRG+vEul)m|Z3QZzc4Fmp#q;DT9vmw|^HEx?`5Ya=wSFoRoo! z(UO6CQ5OE^Yk7({XZ?y-hqvsx!EIm)y$blM%}-q|A^Fxa}D@lgx-G zsvAMOSL&_~dV3#uFS8xOd1ueg&cIv%${l9TM92t-da;`Pn~M-Zg_?6FW)RR=Hn%rF zP++>@|KeI(T8i+y+}g_8$~dCTivVYdl*?N+x z2&?7)O*Ed^+HDn zOujosg`dVyk{~1y&}p+#KgrV6dxXKw^8G*~hn!;;Fu31hdzXm1gIhRA;F8P{7~}VQ zazF`(FJ3c;eCVc^%Dq5~FHU`lpjIl(>-N)@DF_(KT4j5#@hSJ&$M(MZyaLw z!sVYWfPyB!?y0^OVqEbZPKZJvr~`jD;z!%nPyYkqKpT1hUFw~8{o}U9jD740QT83U zmiv(JA+;MDc0)RUIc7!lza(oe>pm;zEDXS#jA@)H_ zV{x&z%YVU+JjDx{pASBkirZqEi@+0wNt;b_jM0+iwSH_G7F4b zZW}&XUnlU#p{GJv#6pp-B71Nl_qi%pIU!;*OVS1Wgfrt}SHK3ix5{E3dwIRimnJ70 zKmIMzqBwCyM^W}2yH_#)hK8EPqgIamN@M0q5e$2f*8tF}pzyiRZvObLg2M0jRe(!V zQw6*l@(@HS-ESb~ei_X8DUUw#@|IaI#7ia4--~ziPC+ilQH?gnIM*jz?9rv)BtXsfsInq zM9{itv9oB%j0NT_CLG46lZ0wjj(0QphfVmw<*TmaBT)N(htMV!TA*|gn2lu59qKnG zT#TH$HYy$6&~=6#4x1v!K_D*UxC^PkhK!U-(&}b$Q!#t&6%|-5Km-Ke)e;sx<||Rn z9$x!SFK~hQLoaA%N%nTovONlD=jzi7PB41@1nqeFF$xcONz=1ZM97~`(TeP)BJ?wosrp+)vTl;+j>>7!J?v}O@)E-SG@?xtR& z#m?N;582xk_Lp;oc-)t}(p;mm z>}7jgWAQ12`*+Z*#Hl&MzurT5^VjDS^mH?ux5CU#a)#*hD@Cj@P<`yj_LAivTp4Nx zgwb&2a1^iyhIfJv`Xpz)7o)-SXxRJ5;L>!)6&h60bWdBW%8M&$(NVdui%{qpn4LiY zcDX!pxDycqrhXv;Q4_Io+R7^{cB%$bPW!ya(nB13pL~k;(*oS^&x$b0?;qaxHqWpc zwE@@e@RL|)YX&ZSQ`4occ1MZ)!=S*v{{EGHAQO{TzvRkuesd+}daI|jv@B~50y-pU zq5S0o-5chOsg2vKcpK^>D|y|fyv4M&d+Ox;Ty>;bBr&8-N0}`+W(;`uNLBXJAd>Lp z{ft@og?)4b<9=wCB?mnSxGII={DV`hmLPZ2(^b|}y>g@`u7OZyPR4f}12x$3#XN-VEN*qt_l>xp zm2@a&Nc#cd15yKe?}EFr3M?`L-&itOnaRx+6A}{}=&~3)WiLnD`{Iq5QTMSG=1-z& zW5qBC!c^FTZ7DRG0nR9R>=>Q$$HSHZF&zqM3qhMayy3^BW7n5G>n4KHOFKn7H+?f*r$0Bm=3aH>RH>G=k7DM8NPhnxE6E5>iXN zFwt#E>yELC5qy|`uCJ7_w!OWvrCdA!X2AU0rW{rWN8f_bxz1IZ0E_`*1SEo9QTjB* zhiP6SC}$^oo|f2Eg%vQjV5(D4LKLCK>yd#mm19;OO^@+>qj^M``PJHXtKItyIwouV)#CA-oaT zl-?I(-_`ZpcLY$^27$MNJA3Y&I}YbNxvYjE*MWAp1EbtTOgtgCvLh#u^gM4ViK7{c zU2VH$A%J|kR<#k)J77KHo(#&zaQIFt%4#=fp^rsxLHJ6{e(|wml~T))ZrK3L43r?5 z>|Z=LBVH%O%^v)v`AwXw(%41J@kl07HPlzp`1j*T7y7B@pKCXq((=za!hElj>{te# z!MjG?M_4x?OV4FYu5%f4pSepv7~&)!JH^}B27`|^X;>FxurN3-MCFa2DHk-1gT}{= z*oiHOHzGBV>p4lb?Qd_m98ky{UL(SlU-kWYgfT-jmwc$p>&ebFqy$952?SIp%y!o| zGJlQK+5BrZq!>w(Chvc{mS7m(1?BhD%qr9;d^sit%hTZP;x{{_u~O*8z0*sD(j7Y) z6qJ~3ZA9a+mpo2Bi~U0Gskmd>S>1a; z*r#MGhH$!*>fPEt_yWcjuWetafsLLhIKQwel93XN=xi>3L49;hHr2~Ei#2v-`z<xmzS1M2J6Depl3qA{BZZs?Foxn+!tRAn(W-4$$2X8#{)fEJ zf~Gu;K`A063cD*zEsU(_R%$MP`lQt34N5 zWrhe;O!@3woy_{}H2R%vH(ni2x-=gBO;tP}1W&S5ysLkyE)8e@Hb4XlT=|_YIa71c z$xu35djME8@ZxcC3|^bB&(meAErPC&H%bA?wl%slb=G6*GTnTGSWVLxpnekNlJYZ_ zr#Yea-5Hv}a|~AMt=qD83B4DjYifLAu&;&(kG%hIszWp$9#h8Xb}6#5 zNwV2~0u)e)DXSIS08>v-aMKLtxD!03)PYsNR3Kaay_o17b_6+`JLfO{2llzw?`#}W zRdDAX@UXG!!_TqwWA}t9R_^dVv{x^%Y;(_dvgn5CYJ7eZtQD)Xgt4<3z8X(}(+yvCE#HMZBkaCGYV z60UJmQ_=ss8QYt^>EY>1U8ka|$??~ioEx^xmerG4l$nD;Vy9g@2Q9v-4Sv(kk}mBY zAHMJY3v+ZTP}K#c@HjC2JnNhpG1Ig=Im@)0`$-+Rih};~!dLmxRXzc~9PnNSFA@0P zHRqv^zHbw!j@_0tu7dQW*k!)^Aod$vbamT~KG5Jc8JqMbM{z+ir7D69Fn~yq%-xb( zETFMb>(A^ou_{s^;U;o^XJ?0Hl?Aa*n$ZNbU$GT%NX2+LP#PCo2G@rX!CKKkh%uf# zZYC&6nsL+WuaKk`8FcH!12MJ(ElZFmUVHjZhz!Uc)==vbzW`U*|-m}1+ z;lIDv#nSA(w*Y!iz(&vQ9`I|%3&pdgc+gunH;6hrUtL6vb>8;Y4XV*VBYq~9~ttG_Fg8kCm3~x*%REM${U)U*|BmbK0dTe{oeg}`I!a0D^_Q}OJ;_Pi;G`1 zu2AaOV!QINNZe2N8>>Lc(RhiZ-@(jGh9wlP|f`F?&0GWzFNeQR|C;z4t}QKv_NQbpGn1 zMolt%;5@dBMaJ(}E0&WWnfLWOPV#aiElV8%p9TXVs*jKy&`ZIUN3H0J^&S3m__oi) zByac;w0Y3hmUPe0e9it`A>F(y<$7F-#hD83fY2=<6D;Ef^qZ?t0Ab$h!zpIu-ocAj z*d1(#nrJwosCP5g0+AgLhc0|b7-0bA`3xh$t}vR*>@y-xAbBII?065mzrQbNU7c;t z{q9u|k`!C%t2Rl!ZAshV>oqP)Xx#AKmrVTw3wu(RmzI;Sho@tBxSLTS zBz%yCdf+Y0cU8=f>27}8`tzv4o;e6KY_dWFi?G=*ys=%g_v1Bl`KWTP()gES%WS;do*Ts5Ocs-$I307DxK(K7;i8Fa+RVOZiw7QcywPf@wX-aDF&$e5 zkkl0?J+`7)S6EZ%ARbwXx1x7i&c;@G+|LIGAH6_jZMk@g$x29k?u)VMAERYX0hN%? zpMQfw`L3&#qdU1crU{sNXJ*d-0X&O2#%uqqGC(5#ez*XnrQItmMp$`L6>(3^%v73b zzd&j6u9X2O4LNslNxC;VI8Ww__xiP09NzZUwumuv1|G6iaislGQZwiU-ap01g;Yca zp&txja=_&jZBpt(udcuYDC`XQUIhe1TP_vFDOyBdp0&m)lH_^VdLE99nqTZ*2e5X+ zX7nGVYLWOS?!If%TFq5{_QI-}MfXe<_1m5>PJ{%Vx=y0R4j+QyJv_zda^o18d(8OL z0Ud0X70bH>)S%xC1~3df^OWAI2%G9$`|Pm0^JeC&AG^r^pgm&8+jmL1yT^)%Z7I5z z`hO>mE@!ge1Qw!R4&qEsCaf*BRrX*H?l0$jHe1oXrCIO$ zoou^timHH}lAw!L-CXfF`y{9XBq-jI(aqo9g+Sg(6E&!1cD9cBg?L%T2kDuaCAZ^sq7h;A~)_ zs`_puBysoA45yAoh(9{e=>eh4p@SC-8)Ox<$Ppcp35Qv7VeMJ!d<6xOAX{(jSkl9A zc0$fWP&IS*^7@E6>0ADnA9?dtySWT~e&N%YL1_c3b3mJV=gu9FbsrECnlZ+5|3<#W zK|g?mARjXmXUZS~E`_poJI-*h_d$)2yQ?eqIvtOCbe<`8B0bF`YbTV3q;4HjS~eVT zx|_B7x5SiYW#zs9%rpAat&*+u^ru!|&H1SZ348(ruSdEwN>#5f7ukdA>guaxwx;V} z8$bBG)Olqt6`+=n6^rin`ohIh_Mh!Hz7|I?O(EPC-B0K zaO?OQWY1yUkWbPa87IpZu_x@Ju7uQDxJ*<21M`5eTsITs zeuVi*wNuUNh6e9cV;$Ah1UiwUy2>6xbfO_Vj0n82HpF7~4ohv|`%jRz-2c}CR4-O~ zvx0=-lQ=AjgYErso+$Q`@xzBe-d*yt1kh(MnN}^9n9mnW@X6=urUTlw=oHVuEMCD^&`cQJ+ux#c~fYx*j z2@NPBQh|O|eKwpjg?_Fd*zf+VbQ-``KH!l@w*ksrs`m`XsYX#s%E8G=dDHcfl!#$$ zMs`}dVQNBga!Pi3Ox}1}&S+A`Wb)E+sXwSDPSL!yw6bUe0O=8Hk>wV^`|-yCy=eGO z!^O7jPSeHj`km><*E?I)vrT?GGk!bGK_@ef^#H6NY}dQYHeMW0*Sj)v+(zcq40+ zhAj&9W6Sn9?_-Le;uFW@$G|t;bJCT5BiAW8?zcz(f#kSkDq-P4+NqbWqY9g2BZ2Ho zN`Qi8)pK=CGS%r5T|!Sg$BCrP-XXpAr#oj#>!hs+sZ!J-M)w~Jz7@jgD|{jR4?ycL zV0h>Gl^DH%8^lDw!KVszuxjRJCcOzG5@XbSCM+7;!uP22aWuR<;k0u8D8PK-iIbQK zlOHcrhlqoGW?*wlN{Y#yyVnQ1Q|aP6dwYszH7onR@|PJssK5Zx9l~9!fbQCsM#AWG zUU(*k5_5Ie%F&}k&@{z1?+X4;fX8zW<$!=MS**-apgkV%$qL4AY5&R?Spy1CMH=1M zJ98GqXH^oW#pXtMHAmWpXkC5iu~q((m6e5IzNqU6TJXH(J#gNBMx0927D@RXAr-;D zAb9@MRb|%%PKCaM*5Cnm1>hMQ_OB4gDC?e0|Ve3Fx2eg=N2pk65()jCA0y*SMAF z$Nybl&$wjof(CCO!CW5U{9rm|v5SKj1h9s(!+9x-xqO3?_51KlnYO941CM`&U3J)` zqyT~_jGmBA_=EnbZ>1Dj(YCMc?6?v&f%xJ|xeb>*dqpw&a+)+P$fNhTcV{fwG=Jf`{T`O?mZY?|93hLYH~_qJV{k=+5BXV!BQwzxo`fM#cB2X3?X&K=hWms>b` zIFqr)X!Ga6JHM6>fWGhX$jIxR>7xANV)7?gx?$71LVLt2sCaSaxLwI4?$xX8KN*&f z5s$hlGpeWZax#4J@SE{lBmKAo*tUDVefr6mkgorobyEeNXfZ<5r$zqbY#uVkobbfp zgK98kNDlOk!S40d#S3a>A0K05x>6;B>{1jyWER73COjp$LZD={|6rtlK+B7jsKwD65P#--owl9yz^xKdzwycgG! zt(gDUgs_|y6VDL`y9F%}x+&(2-trRBoZZ;-1#$}Lx? z$~nYKh03V=v;_n1)P-xSq_TLoS#jn+G|G5M3neRvGTfFL1oXVBdv zDe(q<&rYFxQ3Jm_LvM6L z_r9*r)!=h?xI{_tNS})yK7Fp%x#)C1hfFU|gP-8-PIe8%M z9aqSCt(|yr&t#V2&y<{~=EdQoTcElEqSXKbCPS-UZx{@h6E8uY)>eQma(aO_enC6$H| zvQX8gu1~^*H0Nz#T)W{JnH>NZSK>QG;srNv*~AJ;CDh~v;GAg0L8k=U?t{D$1q&y z6q#x|K}s`YI!HOhK3188=GhFF}{NzCJSSe0&!nJV)YHz@Q6HMU%&o*@IgWV@W`( zQQh4?5Mhq~`Ga1SJvBwq#PRFD|LR|Uv_*LuXVVUibHOm0mwxi(1q(FtYGZ?v|B5x6 z&lx`b`#1XQbMz}saej+)@or`(g(a%R7lLlrF2SAR2q00?jOYN(;dk%8Cui3{Xak1V zUfWpVTIM%gsRgvjK^Kq4Dl7EjRFKO05r?a6{WD3S%8`t~2)0j}+_i|(zh?rpKy)otL#?fbpq*t4F%^~@Ex&8lYmkz~B-U4i|Q8tv7@ z8_sLB>DvSPE1{yBUz=__hI8|LE~}c0S(|)hkCE2Q@ci-!h1Lt-){C1~jg1L}ODLiaq`im;!jJe;){J{sNJ&Wn z?ShoFnq5LlNE zi@YAs5}F{DD8ET{=!jHN`s(6V<3v+Rv|id~|0Ry-%QsE`|C?^e3j+&@y8Sa z0m6#a;-Db9yXQ$K2GMGuI$LmX94OK`RwrW-M6xqPMHGWKvdPeTiJy*w7~g(LUdOY9 zSXZT42D99-XA_>@8J1C4|0b-3qyx~7L_H6Y9GcoE^kGCkLl;U6?q0a}z`YvXt%hAo zA*_v4AD|LM{?W&#aA5_sN>kwlzK-o#>9e%JN&H}Fus9i&A2g^pzU3}BizS7at)1*q zQE%f2)E6cr_}7a&iUJ!YH-9SgjJ~{Qkl_cu!Vk@%fX&n30lu{B_R;Tod8Ci;IW|s? zZ#jxC!Q`Q(rG?&cKS~nlcmEHg6dV*v46jqFggZDmJR4}ZVPj_-`z=N8Gz!jg)5}+HoQtX5X%^Oz!Q>TQ_ra z*Ff{p-;X0z7f#3!uv8J)-tnjQJ@O#i5PtV>&O~EX!$Shv@{c>ORC;9m zf&Bu-(Njl@XojAfSiqTRjlxS6%*PdMDo{|^;hf3mkwUPJj0;RI@syZuXfz4v)_f<^ zTZksK{^V^?rp1smy;Ju%Hto`{YBu`w)7$tjL)L09KK<^e^4QMW(D0>z3I6m>!n5O{ z$Ul>Lmok9P!=5N*mLt;=$nj`&5_Jm4hJUf9DE>=ZDw}oOY|O#|>H35va1MI?Bz?Z27n|EGCZ_ft=lp5#d@=SO68Rg5pC=)4CQOvFQT`vHsMj7%8!ag}&G7q4K@-HmxtA~kc3lqTn z**PCPsIY}@V9dF14{Q$%goY68rUtfy$6voP(%dPLwD$F>uJN$WLV19EL!>c0g8V3z=M^x1#^0RQMMc;I2c*Ln{3KbA(WUUp_@ zW&(>*rm@k_{m!08fearNeg?7wEnw&x!KyDm+cW8dA5ALVrHvya_4qP|zlZKW60GOB zySn~d^a(w=vOD=;K+{maxU0wY;6fsu!7D)Z4rPL05 z+}x^)by!G}zy10JME7$B%l`MLPLIMqe@>xXIfznN5W%Y=@sMJuXD9iGKdAoTDZ4p1 z4o0SP2?629{#Dv0-|G9>-L8;}vh*lqG3e<4&69J*K5%2i?w&K8V9r-qg6WXK13Bmv zKI9p2CtCz)D`i8@hNou<5l0?id(iOS#(rXphTbv?;Fq+^0V_R8d~%MPX4;T&fMKIaUZJ=_yVoexzxfe?V>}zd7u4 zko%20ml>E65Qi8@+kMNyCy{}DG2=l$;DenoB;CfRB+`|SQm3SCJO5@lf29dSFvvj# zm&!{@MJIclx{panWsGGGvD=noSVV;(b7%nB zGbm#577n|Tc-lK$t{JzM`0K$H!JgP|Z2|<_(t_Vw?ps>G72Pu50xI_ZCMFi9rAMXt zg@w^3vonY`%d2MlutiQ%wotpB!tUC5BK(Z3-=)>1bE0~wBf4U-+XSAN`p^hK-xO(! zA_2stQvdHVvtL^|swYV^7##ZN zvAkkpx8KXlh%tVYmxIrJo7e*L6k7OLMW7P*=T_=_>G>xGErut3$NksVE@z7bL zRt~@00gFS~dq=S3(%xT|^WE96@NMor& zuHN4Pz%-;xNg3GJ19zsZ2Xqd7rSd820*xJ#I}2Qif9QaSzUSlz_;SC7&J&HN+|P6S zhe1IVqdIm$TOa((HNGepKl=G2-)K+ueFj?CKV+7_BV`g~l6<0OfjE+0m|}W55v(K( z!ZJI0$Ux;&**hTJk68LI*J9_dZ^({l(N5kh^?${3T~2-mC`te(rhSGVzd7_p{ab0{IzG6XeJ1|S&d!gG*|so~ z+}XbQUMgWx&rI@904O#+YHA)iMJd#N+8cU&t@oTMezRQnf8xjLbzSh73?IMJ>)E>3 z#?8fUybakb9B_I1;4qTA6weH;n;s@&UV@Jb9mIFR<^Fq*3q;AV!#m8v*V_%9IQIa3 z?46J*3j!|M!e_)AK7q~pL5w86-x7XZ2*1{YpXo_oE)hOFIlu)x>mULl;ot4%QsSbc zrD*`uTj~2gO=Y9=ecywvv+Kx6>``wE$Z@3r;;F?w;Ms8!5JkAxHKep7H)r&vvcm&j zh|Q;5V+T$pj1bbZ=zQDvTkiht_w2{$tB8Hu&xHTlsDTt+8HjTcKG4foToGPGBFnf? zdU-Du#lwWQIK23xP@oa}s1ZUfy@m58r!5)(`)|lEOut~O^S^(>Aqm}(+=J}zcQTV; zf}WC;1jIJU-~rf>J$#&^r=z2zt1J6lAJn4S+S+g0IsDTAWux8Tlj4Q9i80ac(-z1! z%aFXEDL+-T-zkCjO>lL2aWQm+4~xKE43!qcW$qFF*V$+T$O|Oux1b;FsHQ*nPzxZx z5M$UG9*{)1(3`q2a$=rrhOMZSw!S0gceok!v6M0a%;c;29iOmaq7;SeGV@TX2SnmC zD^P!~e(%}+GhsVZ1pNI9g6*ZD08z;zlX-fc%0Q){*D>^6?%OjN4!KCFX;hzPBSPh8 zXz3hO1Yge}M^L{&z}P}~+uVbuQb{E-2{h>_%^jhHDvXO@BLIw-U$wP0o~HLE614YU zv%(r>l$0b4pf_l15KB4>3yWJ{E5C#ko4|dvGhlc#H>WLt+MpZ<2}sMh;GN3{r=3ht&}vtS7_KVm;L3lUrRF8>_6YK0Um?#tp~!6S;@qTklAhRo`!P z2M%SHErV5K0eQE83@ZnQwB&!yLorhmPRPEIf&I+;)j#RhT~Sf$HOi;{BhNf9NWZV3 zPjlz$8L0td3^*t$Q&LJ>7$O1|O-xSiWKQLg80AMMCX`^U@L#BMjW1SY3G_Ux&_n51 z{9dYhn)1WXFm%(`qaM{ddh`t^iEcG>YDZ6Vy|`^X>vfC=PCsNHGp>b?*IGcRn#7;iU9YI$d~@Haokuwbj?h zx$riA^9Q^GYzfnU=Io~DN|TBb;GLeI0pyXSB);wfk$+xEWo`L+54hRycs1L>bno8f zI_W$)pSo8*{Zw+g2s59XV~A96G7zF3NY6zY&>!qS7)G{nQvBY6+rP7~#5Lpyo~6w8 zKf|=*$PJu{q`5?uE&c*DBZ-{KT_R0x=3>|OAI4>v@?TAR^Gdx+`xl)X?1b0WKvQ2> zYX60GReMCcbc6mg-o$~{t0AX=lk|n8KFcv1GRK-|@+V(Rb#ak%I#2iRku$zkIlq1i zzja>-kMU__U(N~-ct$9?oK-mC(vaH-yvp3AKQn`m@Gydv2A|E%%wSlwrFv(*6QT+J z{VZ5UPDpN02n(Aiv0X!=ic5&wzV}D}s+6Do-5jD#qfm(ZhK!p`ACLfi_nNKlCNAJ6 zucyS{y&D~3q6cP_WY;f`C+~@;2G;z^HuGGRh8eV8b&;w|;kR6CYo>UfzP! zJW<{PF-~3qkzL@tl$1@ol6JN`%93V;FJ{~lVQd7^#b{n&++{>uKq0+c(v`|WBG^)XBv3cyv}Jwju~4$&WdAVt!Opv=Upy}`!DKEgh#bg9IS#OA-nj^qiC zC83HxXJ=v2r^A}Zp`xa~T9g&OqBXbslb@g8)x|Qo`^F|K89RkZTR}Q5DG9BQ@aI0- za;J;gO0f$sA0MIZhs8tBC-}K$BPAXQ=_x?xoRXs1d~ZH)5_HF$t@*Td${0SDxD0qz zhdqb4cy&G1dNvPBByEJHkqu_*?Z=NF`}>u;PQ!1J0Nu&ePpt>T@FNp2AVMju9sr-Q zt3x5;#6=Z`7(<28KE9B;zR>b2_#hRBbR&@AbU|{8Uos>cO&t#fdo>#qW{Ku@$~MI) zNFJ>U1}vn#v71ujc|nI@p^k>GsJ+(bK?W;7s&Np=Vi*&9vPYUj7$^|p99YBt1vcZ@ zQD4<94MTqV`_!C}ANvtrSWplO|J^Lvqs!a_xMS?yPIlwHnG4LqdGMK#Q1kSy=A_h{ z>%)y!{9~hrRhgK+>uaBr_p)M{k{E{_UOyy9Ov9@s-#0U3)uw-?j&Oax@m3bg)*gK9 zY2X~z#yd4n6atHsy32QF((T#AdRNF`LKUrAHp1KM5zIlpSpXxs>V084| z%tp_1?nj&_q*BouXB24JBt=-;?ss-IPeNwDYDo{fqq+RkyW=pChGm6_5TgB04(q z)7kO4Q~+>Jt@Hp9vxT|E8wi~brMo2KS5MA7dSdF?xv3AQo7!OPK&YviYB*i0=XP=o z3slxcIL4fWV!o^ncwIpJs**F`uj|PsO1e%vsCtGdFRuV+yzs@cLi|%(XoN4i#U;d(Nc#xj z)VhQ7Qo>izXnL*dKZJCMb9hh!;3x$J@eaZLvAd6~cBOJ0-unx2K%EgsM@Kis&Cz<4 z15Mb5{)yGS<`WWnoJ`K?)gm39`el?j>?y>UIj>*d+y_a@&v)-fcfNL zr37?jx^{>tVLQfew6UETO#Ro^z9;7Z22w&`*K&^nl8d{T7$T7v%E!n2bqU7{6^|7b zKM5tB8HGgZe7rRL&mb_R1F>|ly`P|3koorQcou!aRr^R3;J(@mw_WBLXnyx=xDTi} z?7)_xl!3!r70cH7A!oc#TN#HTxYCfym0dhCgLReh&mS+k-fPlcK{}%3{RCu(e{5ze z`>DX%XhfsF9CP493{{L8WCj>T+j8Ns`>x6Zpp&_rq4Fyj8Y;Yr#OK+uXo<%~&OUBR zx`#7&1~Xf{Qoe`ZolQ@zwwA8+mm|G*r0=b2zPSbmUu8Q!qZ<+j7vLiWBN=PAw{b9| z^0d-=UMyJ>FJ6R{Y7p9z^;`K0*k3!#42;rJp!3>e405iu_;vW*`IpW1tWX=4v3n?X z$G`KkvQJYI9cf0k=eA2a-{u`eczLLvqo`K7xfR7n#||v-h2*(3uaHKMI$K&=8c{g0 zV+HCa`eT0p7cxVk3#_4Yta83CPflj-Qo#ygngV;oz(DsXu{(gp?=t6Y`LtaPj`7o% z>kYU_VhVp+g5-UQi(#R$RZnle-jMpw%e2+8oP! zpg?|f#$4JkrnV{o-HiWXYM=l9%}FmEOn4}CVd;FivAVuaNk$fyK@yT(&q}_&wvpGO zr(=Ytiol#l-a6e^UZJDUWPxRyY=4_H`Ac%<>Ecw`_ubuHhbdO9ENvYHH&?gJw?;9v z;z0|u%t|q0PoIAKR`8p(tB0KhwjUc2jfdN+$msm$;jM;|EpSDG_6r& zJ^<$CSG|^ksV7n~NG0>u(#A$0T}YG$+{FSND3L5$wZVHGclX5_d$P<|2iamr1UJ{` zj3}P+vi6rIC```w?1l(kc1|&>%xhUuN2AsNNuoj3XNmBW^`V{Va+B78I}H6`$Axdl z;(UYQ;lU*-)4Sr?rZdfl&RiUSt;Ul)M;9r5L;+^>6b!39scn$-O_(L=A9s9(oCQYF{l5Sf2C&Th>C>IF9sek*sMy3u(fm-zq^rUE7l0B$=F1nX|5uGdajUe~w;{n{-tU{;bM5cdrb4 zLeYxj2{VwO#Fc!>$x7tw;{#6Ozo;j%a(U5DqkVi;KE35i?)R~BO#^UcU`#e>Fx@@7 z4q!q49twQzQ5^^!McuhM1C8YzOez{0lsA3+44ZTn=W&F1uz3FNR|gdxIxoQgmj5VU z;;awsy9bAd<$5s6kZcnj%S=MIT{!A2z6zf;&4kEX(iZtD58?wsO^}_I1%$|9XaDpZ zOzn0p?URs~z1odr8(I+U#ax3QNj8v-gB^~KV@8S1B| zXA7mNNh$@w}AO6 zT<#g-*)*=IR(x*qlIDXVQNVgU4igM^|M6oKE)FhkZqvLAfkuDd(zaCO1q$Ea2z6Dp z*eEO<6d!33Uf!o{82tB}V6fQLrIx~nd>9q|tKdJS3<(RnKTc_F^1E_Xu*|PJjP(=5 zvsARUwz4W{4o0=HH}mH+ZqP9_jFP&iH$F}|`j}xvc8rS1ds+GikgSK&#C5pPF*j^# z<~~ooMj{~j99U|6-)8bQGtfLDaGg>x2(@>KH%5>GO(?Rt8SMlii=Q5eii?v>%hUnC zfGv`!k`PZ?{YmI0);BW~70g%~e2!BkXE-|=&E)suxSY`F$FOZFi{04Bm`_!%moRlq z3r+QhX_SMJk%OEcK&P8Odv_4|>C^N2Y|qW#U&mrtg7)41w&-UPR!da6xLmTNd2b&D z3p21@tt>B(2DRx!z20V%1yWmm^-viLxlz+l1z64j<&ob0L4~1=2?wiEB9@uR=F|rC8}7~eB6ZB4Bo~2 zMGm4eiGY9y5?Y?suFPvCS;8RL$D-m^6WZl;b+(lzmwXRe*k0nWZ&~K z?OsfBgemQV@EP%SYy|Z6>(@No-0D)MR_MJxtCON4B4|LHT{Zjc$rJoMQ7I_`o|`t{ zhSk(mQRyqp4)Cd%X*&*CjU9(ys>L39Pa`D-CdHpQ($J*Qf-^mh;Z-kX46%vQzi<@VdvQy&!$K!dA=Vy zfk&91O{Vc}Ck0&7peLU4nI;HbRxE8Q7DKMjLzd`=-U@{VCkZOawPH`VA~^CZ8E}GN zepJkK>n&!1jWDcz@yoEjoz5TgWyw}wkN9p%U`>=SQAcuiyUWp*9dpmkPJ?Y^S&(jfK9dhs2m!jo^uI_gQzO%mHKu;)H zlE<6Mnh)#Tv;A5RNSnYP9Q>o-hhcS$`2XZ)(EXhBnSuiFMkS>jOsEI zG7~ew={IuG@jEW{^tAf)@yC{9Yh5nrN%jcd z2cu{96S2#J?M5#kci|UQ;!x7`nCNJh!&WMN*aye1eYp&dOqn@<4#`8=<{+a@4ldO} zia0 zWa2!w+ALbU<1rV zjvyRdyq8F=tDbVTY$E~zlX@e964U1<+23pR#-<;kl>m+~CT4A|fIpB{IB?W%M%q`{msBT=#YN z_4U)@!KhD9w>Bcjx1-&|r-FZD0p~EV(koQ5f2)6QW3zd1P^-^VPWH&_hsW#`7JQpT zYVRuBuzzCYI>xa#md00uCRp>${N1ctqsf=tjt`OeM0R82UiM1f68Zk%7XpIm*{T@+ zohgaOJ3EUqBI!E{_<`*tStMr7*Fi9>o>wn}&={3}R+uKCeI0RfsWd(;s!Yo{oGvr{rzgHV5SQ~A-D(n4`$uwvf;Nq z@LLAt%H>e>a_;hSM=li-j=Uh0x?Ef>PK=4EU3PO76ciGwBFS@{x3sfZr0VNcexarY zPIXmPbyXkzmkFs!c*Ds2)zyTAgv+k3%MgWpoZf`cf4F%l-YT}XFI|70T%APN$nVeN zH$Pfm+EV%B&w}(7pJaIBKNG+?Ar-d__a^j)HW|YXb|!3u-^|V$&(D)NGvmX$hrV9o zcj8SvBEN&NiBSB(;ckXsO6Ci6;oUY~-*EP`=bG%QUlA%SP4dW~Vku{ z)t;d*VR9TWk<}%$4lddB(b6(CU98!e#`5bfq8TzbFbL&ea z+Z;hRI{tz=l9Vz>`V#YE{~zwg-aQMZGk8Sw84rg%{4(BVqmdF6y3G-X5x!;@`i7>K ztHDK>NtLlNfOQlZ%D9o=B*2pu^NG0>uNqo|)MhpT_48>krofnhz}VO-6YRw4(+yze ztpE`T)zuFwl|u+u5FvezWFQThc(SRxy89s5Tjw%VsF4j#V0<@Ze98vKEdq@3Gg!;u zo6IfZMJhgGcC>4#YN)6TDKCsI$M&O;AHVUXKlsI74;$XISX(Pl4`8Dt58>7V%`A7g ziva4KfY3-g&TsQB6BmJ+-8{XBKuTp4ufhl!;E&UGA*O+TrAKRnkq~~@uJ}%thWf1T z1H>L#`lA@5i9sErUS3{6eJEM1Gxr}i>XFnA)LLG{!=DLDjtyc9`J9CQNA=yiTAh!r zNoJOU(yrp_EeV9*(2BI(3K+^X3hAh*sOV{!+N8U#yS#n5_V`@4B#3Y3GpPE*?*ZCE zJZ3kYom<_#_V5v)u)ScLNKmc@baeC@F;xIkh3CL^HaAMd-P_8ytl=A{5^M_ zbF+j2^O=8kc3O7tLkT&zS!nCZkto3FJAt9j?#g)^+!Amr?#pu}B z*ytFPx1K*SDu&AV17=1)x%(R%$CZe%h)8X< zFgU@o_JlQqGUNpN#SH25vM@#N3x=WqL=tB?2W9+ih2y>8`~u>WF`W4TJ ziGG}kKIDTmB2=*ICu|87%hmklOLOq%`tU&RB~yrB-0cRB%u&&PPgl2rO5pM`y@FCt z_wV0b-L5n6!Qf3Bs;VMPLVbh>G5~ysuToDqgTMRQ$I_Hq(I8tw&5?)*<Ld_f42X%uNwyyZ8U-AUv;LgrZ^O!Q!oXZ;BKMQz*ffaK6((Hs zR_I1UMSDufKuLN-WJfp@5K@oIOyq-9P9l7S?V;&_fT8^@XyC@+CVDO7u!Vi7>Dpa! zx4IAkg)SSTqCg`S?_jgoxXr$lTmGL5u?bqdg)Y~J(!2KLJAklG=`djV^mz`R5FgVO z<6c{Y?=!#JmzXDk8E~-i+WeWw103M$YGm@x%w0o)EcgiaYUTBo zh*iu3B}I}JC(2g7Hh;h`GM$w_qYJQ#{syq%mRBffEZDwU9$no7i=X)0fb5@L}< zf{`qw{~QquCMd#+e+QIBDiIC@oTjG`adB^>Om1f8;ObDB?cWOM^`@piJ{Z?nalXI_ zvjl}c&Y^(^$VxrAeibEMcgta@1!iFSXusf}898`(ER!RG{I&%-)^!lQ)G+QgF57aAG>dI|Vczd(<4db+%Wn!3ud7^#ggXGz<5gyN$)& zZ#59V8k;E9Snsh~K4Fw$)|H6+mSganhT%{s$G;lsxhV4ii+0Y zF8gqTAQ&GX1CRovs`~P!AWhup7FuIgQU)z0gQmAb*HEvHl2Q+XHO_T8?I_ zSA>ZN>3uXWCnpammMGx0z9(TL z>esRxs?@OK1kt*vlx3hOkbTv$36qcO2hM>^*JQUCV)`7sup7BGjAv$XSj5MRA~5u> zjgeW51HtlT`iQ$okMRC0j-{vjRUn{)^3Wn z`z8Dc@%ye-q^+%OYPV{CdY0^KYF43cnxr@xaqO(v2u*McMZkzWiNC)ONlP;~lbP`y z#Gnkp=%XeT4*Uz|%VfvwT9@y1k+;vb(IL2Ayoq}j*cct;t}!rfmbgNSB3d)LYC4gu z6i7+?T`a>>feFAar~8PqybU=*BQnbQoPw=j$+?nMhv@AJDSd0g6uPU)*9<7@AvPAPOr^TPgd4vWhZtQmv0X{P9tpH{Q|sf%=`wyMK-=n zvg{=$2Aqne_V%f1m!a#QUT2{hU^Iu6S65d9OyQtuh_K_6_$UNg@7&W@sB%cuB}Q${^*3 zrJ$u^i>-ARfd^{Hs(94FKIlI_{kx?-`J3=AKcT9h_<8}B zeBF$M*ux1T_rR*3Avr)#K=5vNZ)E1bY!7#!EPJ}KyX(H60rKi5>fMHUc{lis>YR_3 z3kFj79*oQ51*MLTwT=sHp(cW>7fc<+!Nl~~t|a*{Bk1Bpl#UsOp=%?3A+KK0rJKD6pc50izhTq~0VJmZV??*xrjlw~Z6|qmzZ7`0>yKIrDM1%;w2x!>m3LzF2-lA5R z{dD_HkC*SIT#!>#@72NI77KEey3Wh{?=F5ERlhAAm$-?7iJVc@OTwq;ilYdN&u%Ub zl;&eu#-#VDLk?2epJjZ+0u}1mn1iNb&p^TLvR5fR5BC`6b0sAu$%v1@=ccZ@3JD6) zAB%{Jjfz?rBgGQVPW{Ai4~;+Wcm#VgpRr5(4I?RDr5E{qP`y-2%bLv=CB7WOB<)3F zuBK_@H#3(Dj%D+t6LDughOfZcX6)$5OV;EHRC!fZz5fwSQ0As1P6HJtCEozpO8WWR z;H?wazmR&AO*sTEwAe%k4F-vz@94+DAP>1JFaA*sOkPD!kYv69E^oAjsj>M$)6BbE zRo}Srcf{~_>`OPwLYd0&N;)&im)A)fl%4lrm6oR{)nPfpWQSz<1J$mUuhMtIO3`2& zn3jU2*dX;Cm^*M-aJyU+j zhI}bExA~mhu@(34<|@#R0^YgV`#83iu}t+&fEfUYqs?bk29TrX*1VIU2Z0y;u~ zkg`G-fcObKk$g@aU?~xS>SF1RMntGC*hS9ZGJqc(48o=O#fo+g^s0_qfws-Anx^0- z=Rx8Hs9gIkfpUS4E)$ls3GPo|uCTJ;;e`Q+gvt)U6ZB_tQrXVlKI>T}j+uaD%y!S8 zKf19Dz?G&a8DMm>s`6rp^fSBHF`6Tk_&yI!OG`gOs%PK(m^)`-wN6vE30a>D^jo)d>bd-4XcK_qFzeIG{L2VqW-#jc!J!{2IFQ`nI;6} zv-rjN5tu}tgY)$G_^8JGFTw|vk$pMaHVhxC*LkP*1nsK+IR zs3TfD$6=;~`c^nL(pe1UfNxP9o|`Xeaiykg8gfgEr~DXFw9wg*mrfx6eFbyOIN|P7 zRMZP)Wk?1;n@CtuNWvw|T83$LWc__5H8t#91ym*)Bn3pKh>7v>mkEi~d_)`M8V~D< zs$7+fD$ai~ytLccEPRZTlAkUv-sM>_e4~+w&<_#fY#s^0sQRgYn3b;fQxa@Nl4I$0 zb#!vCdCeE!Q7c{Fc)e?t8WeeQ5yco%amT^Le^ik{D+ZmchnPS+pjH_=h&jy7wTF;R zJ?YQNEWI~*jf7j8OqVOFwq=V~?NSdxp*ZhyoAa9U@-j2R03W3(-;ueFk}fmTnG9r* z)E$nb-{2YB z1^`g-vWGxIbfqF1+iZk~M})9CgkyVEkceYOQolGwe)41RG6GWh!xWsy06u?Rac#LS z+wx36JTMyH>RtebB1@2?*m>yh{OHL;W(7!OtT@Vin>kL;X{S6h{x~_eg9Z3yB*z_# z$y}sa;B#~TfvQHE*v7^oNts2Hg+%#Q5@_y-%D$IcJVDGEoVUTFudlhP=_ws)|rq1x)eb{9Yz`y7zPW~r|$Zmhsh{7;W7-dAmV|Fg8Vls zD}+QQ34588q~cLOGNd9ZBD#)}SmQGW)Dt`_K-AF_L)W;xy}iD_zqf+QjpeK2A~KjN z))Uh$?n0A+$0%g+tWwj%W%ayoSo>2p$#KPXQXu7j+S@t7P>j#>b5crQkID=u^E8`e z6hsv^H24E@&*h^vVuGm1l^roNf2L+_4rzbFqirjOV~_M=?o48Jx7IoyeMfywMoa6r zasEE_!!jBk0YMA7pBf$|?1fY#K3Tggq?b>9gIAryQT|!NdwZML8%}cqaS*DqG8!)SJMEt%nRkyM_>3>{qTarmX^%e(4XLto5wigW~T+iB3V6#DE8KEx=u0XJh=Pl828keu^$Db!gpc zK(Js#8zm=1^ax$MVh9bcvR@8>Y!ww1AjfF7>Rp%Usec6i=m1z}laqD5BqMGr3AZlW ztq-vF3k#22K~mnl4NK@UNVMsNj2{n1t)nMmC*!J{3)5_T0>1LW_%u<2X>n0$QP2ta zO@jF<2ZF+m+65{iLVUu`EdYa|DSMqa2Eoi3v-xA^ku5hi@S6qX-sDVAkIrDRntZdI zo$0MB+1cKHMDyiKdfEa=(;lD0*;KVRGz6!cni}Xk%3ClO{a~%Bi3Of^@#O=MY=>Cs zs2?5}7+K>9NJHSe2`ubpI6NB}?C&3*m0eFnd7L;nsE!r+t?*SAOn{RUU`-hXh*idB z^c6R8Czt~0y^;5z%@nuyj?N$hdSUFP&~Y}{bLm*?2nCgqNsH@R zNqYLupVEDLdT`$}Ha3PW{5D}QG2wG^YFYx95IC2%w)U4?{tV%dNM0&+F`OQscVlje z`>e_sp&HT4!R?Ap&Q3a&oVD%`gNr$KV$jk4 zH8E<)!KfiDXdaKu1(X98PiJj?yuEKOiQ{|51Xl4^ARPIks396YZO}giS(9S|0$tWg=k>itUI96BHsQF~yzW zwB{w!3}kUjK>g;Bp>T*IU>A7aBO8w%xboap^);`Yu?vjee4DL}LYSG~!Sp#gDNj)e zQ-Z8&EQ%&#W7QZU19GegeN4SbZ1~X9iHu2FaDsb-{~P?dh5Ut^ZbedkhmDzCsD0!{XIMr$tx2_FR+r@g(sMCDpUn#4ue z!8BF;1WS7!e75p z<`npUT7XXdH)by-o2W-@EN`EkDCSYIsPwmP4l5Nv!ez`Acy@7%n4XbTzk{(04S%|x zxtw{(Y#SX#1pdCL*l9a%A9z(f^8(y#>bTYa=;dh_Ps(6$h&|O|O9Xs`C+`YnB_KcC z`C9P(ahTHN*m8iT0_2gGH8%s5%9y^0D3Ci$0ZJ#X!P{5zzf72l%Sy}POz}E;)6aZ# zbk8mYHbwp~HW@U@86-=%K>8sZj|f6WL9ymits!g181c;2)$Qc?M0UHU4GQ8l)6&x3 zq-{}Ca~2n?D8FE1XRY`yqwZkD1Az)uR@!JcKBA!b5S!dg9Q^X0meIkPpE>v4_i9<$ zNEMZ`_wRwR4D3Y2Jg%#O%&WQiZcFH$M#eMm<*rBzkXuqyRVDFZcc#)pX|@&Iwxk38 z_xYGvI*AWp`!nZyJXs8qFaHC3o(xHVtb?C}H7zCvFugt8U30_1M(3S)!s7QlW)brN zu-NU<(H?RZx@`=LOJuu!kn-H8^&cJUi`=tzavIUbf^cL=xvigq0zo6Y8->cby?yC4 zO~@-qWjIq}V|O{|$zomV2KbDFNQ=W@q|j6EZL$wy;N5$1@9oJ*Qg&yBr@|j3Jg$ZP zr{?FgzOq(0`1;<_TlK(cqxJsf!e6N&bZ$7_n$v!#{~nad*cOadOwWn{jPq3 zWi$)aMc^=Q@w*Zv@IGS7s&6m`b|*Jaw??0{?LVb@V8r#d+{g@RR1Ywr{UQww$D(DO zL!ag?ah)wX|8;hvY9xczhmRou99nHCwaYd3(?8yJy4{AxDjD|X9ba7Z0GI{}edUiz4M<0y0h-nmnZRrtJn(Hj-KjBx z3COk+5YF{*#70wjiNE_lz_h6;#4!m3CUKAf{7LB_!FZ)ijnY4X*KfcEDVZzuCAJWu zh%NsF^byBO4SZM^+^PTl1NICc$oxAVR1Np{mzTG&@JF>jmrq0Xk*auj;1}J24#WVM zb*T-E9zRT#jf^rhCF@vOK?a*L#;RNK@NE!^-z&5ADrJw1LbR7)gCHab7AkLB=`^l8 za2Xfd+JbTkJOI}yc4TCw%TY9xAET)4GId4_GQ36XEzPxSEQaO0>7?&fCzi-SM|x6J zQUW-yINxyb*Boxmn3yts%}+C^%#@PE+9fz02wC9-|G%>(b9Dq*S7v5X0Vvq6hO7?0 zV2-Mv`@Gu7jummj=y+;kZ2XG{^&Im$kd7M5B`*iPIp~%Li>fb@lBx#fiW-+KkxG~! z*zXxp?3NEMyTqKX8R+?`wC)*SU`>(1QqE4#QNnP3`fO@cd%EjC()jAcot*nBCy(@w z^E+-%RaK(CBSg;@@QWQBzLz`2O-@P0D}xaF(h_<-o!75rSn?jI{JEfsgoQ?jjt-u1 zXL3d~Ev93NrQNSe?1Zh9P0~bk2vBtv+v1U6^|yj)`{gBC^;yqvcF0I^uZElE!p^2mzSBW zQI(0{OJ-kBNLpq9KCGXmXc_f0b{DDupE>g$KbRX2N1+4bg~iHB(OvLuk10PM6&@-E z>PI0woSZS3JYu!gXny*?|J0gDcd_G;@85$>IOO{jNJpET1d423on@rPa}Z+&u+-13 ztZZ#LIfTJn6)+-Vrnl{$fvpPoBYs`KsB3s2{YwP@6&2-+wLQ1A%;``0JdEO>v`*zi z^K=cO!p_FR#`?Rb$3mjcUuz702zv^o=mei$y10Nl26(}_xEvLs=iF+_ayc~wZ{aHu zQGPfuj!^Do6Xw}ZCADpn<&YZC$DmNFQRxYOTBg62@5`3&V_1f;p~xP6 z{@(`=AD6CE)f{0K35oc7qhzYcYD zK^w;YQSg0@XLW5&ZEbZmks2(Iz`>T0tsR8gH8g;oAcipRWTd4CLRcYP#^c3{C+rho zPyIwQ3+CT*>weC`$H~db{Z1|jXgjsAY9br6?E{i!${P2;(UK9&lebPS-5F3a#dK;j*Rg5;JvfP5jU9*FL_fweVuZq_$Rns z?BK#lb^{6%ppX%~PE7#va=gRmR%)<5wHacy{(*ij5UQ;3hIjN&)fbyLw&>axj4MO+ zN5yRYn;TwF%2Eq^w*EbYOX?cFW?Qb{E|^L2-6dB>OoX}aB+!5KR7CD4exY%m9Yywo zNZc^VJmOr@PwH0~Qv}Gyok!cUA=5KxTw~upzdj!r{X4FHv$Bz!86PF2_{_ob)f3^# zX;FkzcVw_tC2`ffhaN8dN>N84zA_b46(Yg#{= z2^ik*iSt~sSh*B4*TCV4EXtPqU}wYb+h8txkWG$P3-0s38Wbgc7muDd(psR*%mqQ8 z4>YG9GK>fi8eosUICOU-ef8eaQ3`%fn_CCAJbw4L^`>B~{p%MnOyc0;L@TZkvWXyC zbtZeRz>8PfzajF>|M)@gb-e`&5~=&k-w({nt-@CSqh(eatT8(1v{^i*T!aC&P!uk^ zTa{bV2>UGSwhc@U!};!*0OfOKT3Tl2moJLEfmHCDGaqm%>2Dx@>~8M|9XUFh@dvo) zfx)or%|8f}ef2My!-vryC|V?$S3oHyy9q^=k&IiiLmA^EuoQ!c1ws*qsH_Aa{LOUn z2}nxpJw* zsZ)dUXa;I(3LDAImO1DyhoqVZrFP>D4YTn4h-$qH(SGJ}r{zTICLQ4qMiF zxO?7m<3N{y^jtUW1VXk*i!5lq%^%R9Fd7W?L_FA`rIvM2rrzha{9ad+IoOz(!kjQV zlUI*!bDrE}lsdp3QZn7s!5z?@HDV>DPEkNn97+;7oQsDBVd+DwKVLW8U+XUQEaaMm z#DS)r(AI;@gsJf=8i9ecr!?33Ny1` zg@sO_TGhIOtqMGuxqiXe;gYZLbpe6zQU)iiIh`mMPJL+f=Q($q66`kBJ=SZSpDbtw zJIIN3_o#0?t2uy8!U4;0sg#VI!tIRdOFOfBIUJqK)E`adEq|(~sq;RqJoc!+K^Xj! zF<`FOV3JZ%;L;XlJxtL|HT_|0ZH=EtLhX?Mdu~4u#D#=_2UJ;Fdf*pu@jqVE$u^7>KLF6H@wGja*;rX<>IEH2uA~xhqpdzL$)WSjS4or|5&tBqG6MEn@cx$aDpn2Nb(lRnSiUaF}r@HCX z*{PlpQg%`wd3d@UH|y|P%~nmzl@vSyTH>Dkx*at=C&gH?at!Tnt33557_J3`O%BlTG)Xpl-&9wv5k(z*#?LRe1!uP4RNktv zjfD34cSim!XwU738X6i_R@W5>$$LbYa|Re$6OHnojmug26zhE9f6FmCd`G43su9I6 z4*yxo<`TaZhD|LN1wnnJP9$VFx`v&Q4E1wXoo}GI#@2bpd68EQCdK z%?TPhIuP+t(1bb|PG%pR{c413TuNycFi`7FK2;+Psv8Xdt9bNBNMbN&okNHzw30}G ziN8>rpBo$QqLOm&z;!cfb(O8Ht&O)x^46_GR}^;4d*9sNJ}*6;7wAq9JA)c%>FIy1 z#E2gaKK<(uaDhbb5b*IfHZ}l$q=nV!d`rG&20srEXS*luPSnitV*G1a^jri3!AELlmb8uKgb)1a;LBSnq1FoLl-!4#^JAf^?%>b#w~fIVDu8 zM?Sx1b@W6F69$+O?T*A7o>~UC%)%9wd&7`Lwy$terGh!aggx%=fq{LgpOm{0Tq=FpuoK{cIg=K2EYQ`SAwu`` zM{>B4>S=}9*{ZysFD1(*$g^;qBA>-|^&kKdZ>kJ@cQn%6-F+CqB#@+cwYM*G+x(uI zI={O-02zq_`jrb)Q(GWt0`>zAS{#CA5JvjN`atzzh=ZyLCwbZo;wG&ZXPu9cTxw66 zs6}1kMPa_>F;}z<+?a~>>X`WOBn~E;un%^wt^;PGkaRcb@pEi|gbj2L_R@Th2ODMQ z+F9`9p%tUsVx9mw2iUCn`SL$zLFN#Ygs)t=f<+Hewi2^Tsu4=HJOP0bOmyR0bzutI z#22ij_G7QkfVN|0S;S{b@o#Z%6V;c za7UhCfj0t6Hn2E=6=V@{uD!XsT~5{2<;y1*Sb7l$6O`iOB`Q$@kjePFaNQRp_>Hl_ zy|Lcn@)vP^1A`J?YKK$FeMLnfAt4X|0hx+E3kXX?mJ+b8+U6RLMk=?`@m!_iB)q(e zF%^R#9-!7204M~E3zEK|!tho1?=XykwVt7sqhD%AjtsvCOt!DF-(tVU$`znD{s={o zGnEs(PpiP}{aHI@U>WdCwAa2KFq|Np0jw8Sw3j#^pCwE&7cVB2lrVnw?j-9Q7*MgW zjP^~qLxHh;Cm$Xgi#wc87^zeS`W%$E>FVk#RB&?InVK^8^u!Td_mm6?$k={jCyuz# z7`8Qv3R_>&5hwQFU9+SMrq63bA1cx1mU)8YCV^H zGfpvV7^y)9SrkVu>gwrrX?=0b$>dHtc$B@^VFk90I)JQ;Oz~TDhqO!6w z#K$j_XMOv|Qu*pGf$`jV0Vc*@WeN9o9`%-77vy@warW#^Ej5SF_x!}fiJ|`Ul9>L} z{W;lL*_oI8Q8~R6l}|TZVV;Ce434$EeE=`vU~`? zOLxMoQ2U*H7Ze|xWsiQ4{fKvVOEyJ)2#q#)`gAu2jhh2l`{Un6h!=sMNNQA=szg{G zk_w?JDZye6wNO*Y$tcWhY)s}5GI+9W=s28Wdmbe#%tA}=%Xufc4}Ys=QjLF%=qScr zHaJkOMi;ROGEkR^Z#-CS71Ipx{u&a{AD1-}t~&3N=B{Y-KxSqhaQO5>=dQ{zpoalc!;##r7l+ zc982A5cowk==u#0y%wecy%uL-ekFKuug$~}?m@G$ZyFPQFB}Wfx4gW(?x*AfR{ft0 zb{-;w4w)TQg-BReDOBTJ{s$qKmlobBr!*3z7gd~^&U}}4NHb{@scl^rA$bhm8 z_bec&n%JDwWd@STNFo-!Ue0HL+#V=ho5%oRFOPa>Y9zkRz-;FTz|->a*&U+Qbw&>dC91kORU>T&aXPH+Q@?3<38 zh!2M0*mZdGomUoXHM-t3tY0|$mWAGR@KRTHvFV^p)b6gV(x~fGu^hj)NQB{B)%f3W zK9`AWb?UIX08n&w`bVvYh#yIVtyf&ctZ;ZI zI9L#ca~RM&>@grrXd8(W85`=6#p_~V$d$>aTTkgl-R1ggt(HmQpbvmU3&q8$~k{#NY2$j~5Yt>)RWgir))Sdx`at@~%nUt3c&Qhuadb49zCY+`n8QoI~oN zU@YFakyl*27KX%4XO}>VVg=C3-n@AObiR;~lQf59AL(-AkLnRsRQS%TxVuAgxs0I>bzY~}GmwabWmLO#xN0#Oh~EdoJNUQvr8RT1Fa!3F?zq4sKT?+#d^ zVr2{Hp0>84-QA*H=SLJT99rQPTsV7nW_5LSW<~@IKahrWpe))73kiAC!Euh92E$B6 z4b=`=RQSj%$_cY)CN77O+Y+|q5u7q4HJK`0_8AqS?Hf`aXp z(b&qI9H8fxr2sX&2oQvnq7=xW_!a}vQz+tF$5jUvfsqGwHVTAUtpo!B>^*!_{+eLV zo@_7jdWG&@SCqlfkrUN2+iJIoD$OZ+MLu3lmJNgoWdFX+=)lZMXtnj#L<5<=wXsZ1 zj5A{~@kE97H*2nY>lbp<{T}2v&ksaD-wD@}AVW`mLT&5V&W2v7oU=70xO#c)Gx>L#f`MBLC*!B!@P)&@K= z*map#F^o%z%S5(TVzn#I`N3{`M&ACN@rj5v!UyNyQRTXt#krr`4!2qa6Qsj`fZkws zc3_FlQRH!2TCq}HL4tY*dk_8iGvwyfT}{m|U{FK+5f*B8SVSGQaks&!2~KuqDMz868a=NF1s9j-b9LZnLQ)0l~q} zu9@~k!O!o0ii4+T?1DeYjDT3gJO4M7{MWBDF`l2BOPnMrKPQBT+wU$t1#UZFI%(JR zu^g;1Ut?n_9vParlhAi>n?Ui?p=u9mMwsSwQD85u-DhqC~7gh?ZBa{(Qume$t=5ONN0^Bf5q11Rl`MiLGNYvsm#bTFiGo%=H|**Bf)_K z+8zu)P#~S1eMP_B5HXnO~M=VbVrn!_?8bQrrpxV#T9IqGrie-9BE8T6-kk5vA}pjH?mJQEQ8KHHq)4KZbMF3%+8Ev_P!j4$>Fs(%5klPDLBC}Pt z5$f(5rqsHmmP*x>C||>>MD*}qkjp83RD8a8`4e(sfv9tpNLR{|bKqOmer0SPTa$$- zAr`MMz>vDY$Vl8BFz7i?f(VU_ZVN<_itYleb3OM|dBfd;=EB^<`fms1q_k9(78RWi z(oKYX+Og5maU>B>O~+ni!jL6sg!jR5?;-}h?Y9!h$sS(ybb$!y>j1Ax;5t=T>!+xz zq^MWvhiOuP4lX-6llN8HRwFO7Bb>v?Wc!P^Zb4arU1(FNob}koW)0w-jSZpFJrFA) zdEF>*NFcg9ahRIaZ}t&KU6i1h@igrT6d_4_vUlw)?Yr+NR6;8XlrHY4EG@3We-&;9 zSAogD4lHF$Tg&wYx!%BSLy^YnC*;o_Kxn%iB<^+(_9#@VcQfx!UI z^~msWy-sE(@&h3tb$zk15e!Wd*<=$um3WyEPmB}LXQ#sugag_5+r@KKTRE+4)?()SV+Q^PYWaW+ltvNWEZYW%Y#TY&Uxvl$N#j@-jDX z&NsdxDBx>2Xr`OkdgSW|6NyLm4i*;fCho=##(>(|wiZ~Kf;VQS= zrAQi(a5^57zuzS$CN?)W=WXTz9+fniRGU;w?suEc0SzKU_!CT25J7$a-d|Bs$sYF#34$AtSOgp7fWiOuS`_K$Fs2@Pd6U^NIClqdI_F)|z$*e!(%BifxysgA-iDk~ zQu7^9uq_+AgUyk3{CntJXQ4i1yfLm+XAz;%o`b47M6+8BJ^qb8?EZL3bp`cFcZ$RF zr^{6jR1f#yI~>xv1--|5vBa97kBF3r+@&AM7ndVIiA_Z0<>5PLS00FQDe#ACS+^R- zH7FK)uM@C27J|NB^T$w2x>igL_?$u6)XMEU<0lSL#J9E%O5^?erX4L+=)SnCPGQbP z=km6!b3$-{V|u4Wevp@a{JTc6cwq06>t$w_nJ(8oa=Xhl?T(T(heUVHo;~JO*F?NP zuPk=t;N)w{8RBvb(QEA>esFY82df{VHC{1*ix_N|TD=x(wayIH4?(p1FK8LS^d^q> zOztwHr>7?gKqPnZL^T751Y9yBY(P+yC7xeEfIqs;Wcv5-%B~NYpz*Ek?OmOkY6?V> zAuB3;X!FZUdK~?dW_g^=9Xt5z=X)1#z^vYxMi(N>LlGPj($?B;A@U9U+am3gKc34)G9uJh((WnMnH<%w+${3Wac#{X=&W`~_xo~j{Na<&sv;|~ zFNo?G0Uehb0(F+f{#2ZG^=`TFx@*Ju!6&+BbzopeZ=78JGjd2+aW|i?u=sT6?(7_U z=lyDIj5VvdttAnkzFu6c!S>8})HYm-(WJn)l26LoBU-AlM2J|dRZV zt~pT(SZbi>A8JGGzkBNuM=1_FV8(6T8ys8!etLarOUe33O815(9Ro1$- zjUMbf&1f;s62CB1hZrqaU|4Rg+TOs{_H7Qt&#kW@dg(m=+OCJLGb6V>QXlceeESA~ z_ctI8Yigc~yG2?F|B0eTeMi0}01Cj$ss_f3Tm)T@YJNWH zwvN@;)Hr`<7$2rE-N|QNsKrHh> zC>z4KAXRq!Y7ePTA4o`2z+4A}6e=oUt@wExCIY`)J>#iG(ft&PDUK69|B7xgpLqXN zw&q(WsK@kKEMg$Y2(}d5{iH{Kuoy5}z$Rgfivy1%B;;YpLsGNBUO_?O`OuKZwP?al z6vE0Yul%4ncyYFOylIMCSjQl9t!JOuI4$*!sIW||3gzg;6}-iaNUiB4Y^>77p!-Tp zPPjx-RM&|hO^Hd~6B-0UD-lf?_rffuf=H*x+0xz8ZQYJ#Z#7IiqM+tCT?%qyRb^WK(hc6tN*M3TMG*dF!lfK-^@Tkh|5Jq_izX> zC_Q(6eb3L&tgJ+#5Rf9Bb4bL*pa_eC$b+qn4kWS9)Puvod-pJbu;uUdj5zM*skBXG z$wk#|&P`K`5`E1o-}zPV9zzpy5B0o`HyXNr-;)YK)e#>dHm)I&b3`Tgb&{()`zlC3 zM^HdOae+>!0vu5@F~3#nU5~GJmni@bcC9@CMhM~3X@k=zdAmF8UOf0qF{Aup|1H0g z9VFG{dIzb1joVym2#sKB0)I^B0rUuIgxR(1unY>QlJ=w*&*>S-+;NkC z#AzlXtgrshDdchn7BLVHQ%_l1*5G-{3rHp()Y{9}kIn=eO@|kF3(rFWAezda*`i%JR^U*I7NkU+S9nuq33_{$Ucm$DX)7CO=cnyokE}dO(Bjn zH$NBBit90uIDK}Ri%938wox@14iVDu@UAmwcd4nVnSUegPG=Id<1}*y7^>+;k}#Ct z4dPU((>WlLrJeyvJnAX(nkcQS%ZrPvi>suho~o)bb#qg#D3DmXpP~nrtGc<8k}2dZ z=y-ToTJqf^u*Q4?hwUSYH3NC)*Lipjps?$Mp|Af7_4!XzGm#t|z!$*5dHwnj(4~@M za9T#+y00%SrN8_0`b*TK-%YvCzFcFq)fTFqVaTIP$1+W6%H3c;J;$M;eTPzz`D@Kf z?X$;DQ%Zj*0jf^xN-KGs9UsPCH98 z?dwm-6IU3et3wDGLbN>*moWg+Zg@P#yGXH)hU^KibhzJ{dsmmg-1n$Cewh^2Cf(JN z65x~mfH{8Ron;8P%*{Oyy8W2t|3#4h%M@rg&I1)N$g=$W z`P`t^<;gaaZC~>@?uVQyb(!nFXI@i0n*#9b?*_wfNZXuC8YL5)7rYpr+iw0|t1JP+ zyP8^>pm|02LHW%C6X7jl<58}FGZ#k_Vq@QOfT|w(0}d8)u=i@WVYG?L2veGng5+t7 z=9iBFdIPLH*dCo_0)7b8OL{=IeQXB<kF2n`NDO>MQSsz+xz*LxX=Sh7+)A^v1;hmfVUB{Zs06hLnU81(G0ojF6=kv?(;p1&q~ySW{Vy1wdz`U*Z874u7&&|#*&N}zCwE?NT1?cCHP7|1s0qHacDr(uK<-kv$?VfFk5-_N? z+q|?o=f0Z`=L?URiVAr6r*g-?koloExj6f7+W6#3=lHlADSM`AfRQeiv40(Y6V76C zF~E6BZl}AY<+zf)qpR!w#>VBi6C516r-whx7pl529z;~$;boPDdsba-MgL%Kd3kzS zCE@}TaKqwpM>hM39pe=;qT#DZ;-O$^EU&G}TIGoT>Xu1*X0M~s>g#lG4KzkC7&V{9 zFTD2nNvJsu1uxIvL#9)=A9G%!4xopO9XX04G?zGEaE3>AadIbLXpNt7-CPuTc#7%D z;EhUyyKR@fo{cH5cxUZCPbm6EmE#arjoa=(EC#Rxq7WDyT*+j=2@$oz4ZtjrghTGC zD`r?kdt7p~fF8#sY1nZ48zi@DAK^{JhoL*-q?B~jZ;`(H;RA`g2GCX60O{p_HaMWu zCOumaKXD&Hz^@|{@Z#9p@XdWRk~lreG5@-#_drET!1O)|zh6VEh3y#HXM^ z1&J%qpAW%Tp_&`Yep=DOVhO_XaQ;w-&V6;b2x7-SbzgP7X_w~b50UZ*E5hnaY-?*K z{F>=#JLy2+e!|w#BKSw}PshIvoX8HrKhQ@(@(+S^*RS(JY981!FiG<9C6ly!VMxFp zM3pKa5rtHte!R*9eHYB_SFdIv4GrvDP*mm_!~in^mIZ*3ph%KfulQ*|w81N-W0(Gw z^@`g#wKePgd(wYF8UQZ<74o+QfqR`M=kCd8t*fL_Dn?@UbZRWeOM8$0+cMSDz{?pP z8HQr&Qo|#V;|!ab%@7H=_^0j+5=1t?hrnuqM3nC1f5jn!4>KPmBo<_V>_LzR=EO-^ zSd-j`4-4TOQ&au-Qs(DQ7glIzt-%=lJ2^8;|2*v8_4BMDjRMYEs;Z}Cn8R@Q&p3Na z;td212)kQ?;6KJD1>gqHBlgY6+#l9@ie(_Z<6{s$d@iF605-sU_-i}<%g3)Lsp@{! z%3b1M9;0M-he(N2uTbmU+R4cEwAgEmPtHs>a&2&*n24YT;eYOUHEEB%;7}VOrX36{ z=Uqt`Wt>kwGE7uTCRt~;wpt`OCx5dm`F&%fKeXTS(!zWyBOPRv1Dde}^Vu>7(EopB zJ(YHoBL{=#{m*|JG(CJ;l=g0j{Nsl9Bf3z%MEJ)*Sa5K+e@aIR2m4$jS3Vc3lH$VA zS$=hluYL}P(?b;@IXdnih%8NUp+w+e6%Bi5efiB<<>j?AD!+z4b4A<{6IdaK|0 zv}?*YFhyQlTW7HojPZE?#5#xC&tO2M#>K5>GyFshKW>nE%KJs8j$7?h7>A>VfS9a1 zc(n(AKt1K<{7a|X^SF9Zn}V{kXxbliHC~9qx9^>Er==65C$o`jNB3ttJ%)|S~l?L)_}TUn5^%76AAl;S;7tT=}V_x z5p+MktOWUY9$kx0VA||_%a)ZC(DPieU#xfAe`TTFxziR=w%L zrH^)jCfOMO0h=|-%$n<~z{y^ymmUV=ORXDiJZO%B>pD)J47*JtfFW%Mq z-k`DQ2_j}WCn|gH(nBLt6OL!Z!1ZgiwgvdEpq-7<6u>W_nxK0XNGV}N(U=%Z5f*a{+n$yP z6ToOc8Qn$C_cpW-J1rf3MO8{gE0D{zZ(@2aSZytpo2ZU{0~J@w6Zfh>T>dKg z4;x<)kzNzsy_)-~eJzwCF`BA0{OBm)UU&bzIvW}m#(E;zy~?{r)LacQ^3oK$o>0E9 zV!Zr($!2f(X9bxIO=3#QI~%zt&tI^msoSgZfa9btt0`-2AZ?@08}sQe2IjT*@0A`t ze3CJv4@2{ZDS?+=`VkL%?$iDyi}cfv+9qoKsP{9{flmUh(j0o0N05{SaT%EWw8yt0 zKtxOH05ln4VOt=``7sKE)`M!L!z{=WO?~DI(8|7ig_|25SFd*Km>XZ>Px?cSzmocc z^zK#tq>{7uK0;Ll?#uPcmm#JIawDV-p5@t}Rs9ee5CD&WkQCIy*M%1F9Uea>*)A8D zl`WHvjlaJz7En^uuXGBapp1eANI+j2Ir%$bzC)vMLjF#DN=wvY80rOv_zb7wRJ3TnjAZ9#0Wfmh5aG6(9@~W7a>ZO3lduG#L0VVm$ zBzeU3lS-6e&u`c%-Bs#29;kmu@$Td12cFWOnYqI+-%Fu?A1-vli+|_RZQc}H(c8SQ zKs}FvzLa>MfniY;-(?#P3#eB~Ay?LS*MT5@$9d z0`d$aK7G0)2>;55Oz!~&_De^40#q1O(+Bd3p_l5RsQVRKQHqkE(qidNUnoDz-!(4 z-42jF_4+VQ>KxP!NV?)sh9g;A(3!y$fG0B!uR*Z83dmDGW`Rfo6|l2@{YrcaPr+(% zD61?i%)FziuK#b-)>iaSehMFf>EU%retvrT5*QP@8Wnq!3KnX7X9Jg(SSAPfvUMc?@GuSJ&KMtfh_3PaAJq zYMIOo4QaQH#Ny)W>i9;2%&)90h#aP;XIGN$f(Oh>uz~${Z*NB{`O#k%LyNzkXMVtF>*fpS1_^sU zt*I3CEsfw7nIDSuEwe3|i_@1QN+pzI@BFr|WBzpZ?iU!_mlzB}gJ-U@a)%3TZqBG+ zxE^-f-)hsyd-CR>BLPVuKp-z3(XlIaN4L`L*3Is$a=BOP2{c3d_tojEt~5BzYQ(*F znIAA*uu8M3^*Swi#4GUEg4yubKD(DQ?>>CkW)z6Ub|BmF^N6!*sYC}sf;5rr6eGmoMomacRBnsi4JuKW1oVPS-NKhH?HFsVc6B}Rn`{RO(5rtNX8+ua!s*r5 z-?@ADE_lj{isgX;mt-8@xGu2;I$sRG_Xh)ZI85#3pAzn2)RdLW+(q9ND%qCRNLb6g zG1P`Z=&-s}^yyPZrB{ynncsH2srx?%gmNNhWS ziohJAXp<>j^uxRpAs!eOv*aI?VHe-^dn%+r~f4>bR25W|jitDoq?{?Vh4P)8#sDk{N1 zZk6Es`?qm)@TkEPU0`LaUynR@_Pn|bryv5sEzZp?E-uCGUyoegTa8&6g_Y7eX8 zzbICxDk93htUc2L#pqn}B7<9^4%MkwuN6HsCzZ*Fy(2%e9rNeq&ey?bH)R4=aqo`z zHsfHd=_c$G_mPASR7X4>ABHHcc2NyHdpVKurBe2IO$wu3Re!8T2Mp3!%UdTMC#i4B z#IZ&()fN?)U-Wt=d3tdVK$^2ci8Rz~amTgounrdkp-RBl(r0TG-;12ira!gYJ+{X8 zz5GlG`TjTT*5b&VYCur(BMuzLd^_I%CO>pJwc5|e8Gm(PhKkx%280p_9 zy(@$i1Tk6JczM=BFDR@6WbK9%5Tg7=^$||*Bj@a;lge5V5qeJpp-`2jRt`v0a9_Ei zr(7w|wyH&+^XQeYlgbo;3)&VIpyMZ6Y^xqA2_p*P3gB2uNyTXI^`^vu8BrIps{K)U z)i(X~D5PAFYyg|wxFKHdJNy9nPBRnqhq0$cq9sm%o zT?=o139drQzrroL+~p6h!m*M|p7bRSJh{sQ;DUg_Pa(etn({3{fq}=5A5Xi_8QEOA zb~t6s%;p<R=jtjq^CTrwAz zl>!u4a4?P#QFH8+VNJeQvpqlEks#x-XJxf=c(5HX-vM^@uY#Bij^GfP8L*@kWNm8lw`0a zg#y5!rm6}S$^6WW91-5Cc`SGNd=Sv~7vH#bBH#_Xv!??ZreH-}-gO7Dbv)^dO61|s zu6qMl3_u`nZ`mC>c<;i|L1iT9Oq|A1!>dr5OL@=0xB?pp6ac9H-?!r9;!>0d|NSW+ zYdlCUqRSkqG5@|qQ4vkjYW_dJ3sgJ^7Ueta{O1T1@VoKR(Ti(q0@ts(eB!K^`7ePR5v~H zaH?C~BNb!xq9>UhU+Sst{-xL=&&3pFN zVFTnL+DsT`I?3xz3gAG@A&sEuh0)B?Tn5Ti=lpDFn~5+>hbP+EBT1D1`tAJt~UHSLg@LyDDw0t;;3*!wm6*~p49o14)f zrwFm^Kl?xk089v4?)E`hB9cswr}h-CXL*<09G@Xt1=k1{OMa`&hv78dL+@4IGtl-x z*~jd93=nsAc1B}`&ei6S!Totl58X)`sx(3&8mEbVBD8Q_<4dOG`~D_MP#BGSfgV&mg!KW`t=54zdWX0J@xQBwY(ziaC*I)D%w z90&RQRpH>UbzvSuBz|Od58AOrfGnutCKw73oe&c~E0+qYmJRad1H% zsHyd=#RquDV^UX1wa8#=YMP&$8>OJXEF{S{-1_q7YZslt)jgP@;Fyv-qoc87HuD_s ze(x$KhtuY1XPxqY;po`&@@7aG&>}~oL{erMP#AA-VT`)P}Q z+eiw@*TZrBUfeQ{~&pSaI`7P}&wJ3AssR!Ih% ztOnzxE4XA}{AdWumb}ee*$v7cvI3`6U#sjkN1)W{{iFl#2Pq)exaDk<_v~Q)fin$3 zE3dk`{Tw)qH)Unp5jq`LY%u82(HRbVxOR7U7Eze7q_NlHOKeQDb>dlELHDTCs$pW8 zZD2`<&2Q|c`OHv({ZRTMT}#KgA$!w~##el$v%;St{c>Z zh~RxS?EVj=;m38WlG!%v)l>e{FjeK|nHw*?8xbqS8NFcGJ=-}Wk2^W)*@3Kp@d$G% zd|dN!RBdFjOI?9|N94uodqgk<;;Se5-VS%-iZnAmtGv_E)!hk>9a(iD9NUO96=A6o zlQCz^j+PP=n|rNUcyc}qLbPg(TXpAb_OARAT}j1BBPz6b9!-{wW+gOeU5CV@t|eOB z2A{sovnxzp{9j~q&1M>ZvmO`RM@wdWGuq8@tFE4gR*(XjV&!F|i;Ebi8ZNn-=pXXX zKqQrYb*gN1$0Ag7NY*n^u`HFqc8a=a-TbrZ<0puTZwH=u$EUO-{&bNVJ$OpL1h&wF zyBOf?Y+s;}vvzlX*yTXbCM?`GxHQSwGC-6y_kk9Pt@E^QyoU7f7+E$g9I}e#@+ul5 z%_LLA>fC472{Skk>rV{0rO=!jKbU-q^F~(TOZp6Kqvckk_a}U>*gO^Q;0&yre5R{= z2gl*V^|u{R3t)S1R1#K(F!MXZdhaT{i9$WMf%LeIL1cVOBCfwF9)B&99+BD@7ozex zLlMPu0C`bDLPB;M{fLHfuh-wMj%irBr>Vr3@0HC}nEJ&85m80j*Rm&yo@w8mbhq)a z$y%+W_GU=PA;Rb=T*~TO5^d{@>{v>uz-o95Gmh?gHo=m$HIk@%>KnKI=k=oETDEtN z5rTNu5Jhd(1bd?Jyk*}u-}fWsFhP2~zg_Mueqfv+c@ibM9tKV7KW0;+odq+2jlGA# z8-}KF_6y>8EG7`volr3weq7m_PT>4<#qy=6j?kay_uKO~-H|#()2G6xnsk-!|M;6c zTVHhG+MmFuekmZmrX#hW@w(k&G+L&^KZE&^lFvXU zh4x)hO82%D3K$w-SSp3Z+^X;>CZKpUH=pCTDG69xWkAU6LMC8hyoDtQYwEn4}9!&R!@6iYL@MY*^Bo0v%m z0Mo+Dm>wG|)Ff*_fjUY|!El4L(lwuT(Kg?a_c{%Tz=29tGO~@|{?VtxDsgeMx6AmD z#Mh`5tJ;bDIu87{ippo#R?m&H719j=BLAQJ_bG19BL+;-<7s;=ly*G`R2aJ8LLjZ( zEu76JsqUVV+7p|{Z~BUyZF&<%_Tr<7xYpW^{4heAWi;9o%{>s@0a{KclU8B&=JwKlQMBam-lU(A=P18YhvN}q zd%LQmjueuXbY30JWK{l2p6{4Tg~*UeF$7l^m(n|Lo72oQoQEduDvPweX2~$!h>$<7 z+v3Wz1>|HAALlO%yHwx{K%gBTnK4?NDu3`f0>u5md97ZO<`X#EI5^*0WznY11Cw?u zD=T&di{Sk=1TZJzip<>J-rO23PP#}I#x7psntpP68fGU3 z4M9)m8y^?PEY68!Bx?6SXSr8PWrN{dyL__4Qx&I#DJh*mq_$hKMrn_qrQ)o-8Vwo1 z9&B!k$t}P5+gH~tM^Sa3rT-(Pmkna#G@a) ze6`lHX?m6{g{E`hcbph;ByrJcRQA)zF>Eq1FYgB7@vrrS42Ho~7fB-4gmHd6)fI^QP^E(Y?_ZI|q+;e36>f zr`phs7DZd)Be04Nza&``s?M)oHFVq}8?C;Sllsu{Vo$W&Nny9u%2fSxIZB(m3M&O~ z#%%U=OUufXi+%}W{`@;hE+iE-HJ$8++OzXfU)W_Hm!+I`(4!*E@4pkn&UC}DmyleM z-CVEeN6eDBdku27aZG$UV)yb5$@!5eeS?&Y%Z8vAwhs|mhMbY(ldBW-d;?h5t=mM@EsqE8;KYla?gK+=;E%w{oOH^s$kNzER zmz%_7STt(QoZ%QGH?Fi$LP%&skD3@zqREH+W#p0iEq;M(=QW%GS#87G57h0O8zdKy z%s&MB7r?IB$yWsueiD3xx#+N+lLna3kyPz?lOV4xlf!!OET*nduZTfItYSfW6L3S1 z-f2uZT+8VuuhIYCfs5CH?}U1$c>?dpdHcVIb{R#wx{6~6w>LOoz0{XI-p^C=?Qsf$I*kp*iR>kXf2q7kr)*HB*O|T+OYPm~Pr0 zRBiA5Y%4CqzoPauz2H{-68pR0NNtA^P6tF82_TPZ^y&Iph$L(4>z~J5CnG~&vDz@m z8GyrM(}*NJq>vD6TaR>i=k$;PpOWV%*mfV*^^GwcKlyyc1^d(a z{`QY>iX(L@G3=1}5@Rxe=wi}yLF=-tnHe*xJ{LbsqAI4%wfIrB#5z)ad4<)xORUnS@qB%uAfN96q~LWueywMfBgHD z_dwtlw7O=-Q#&1M+<$)4kmE49XAu{@r<5}Qazp54uU&k_cQSArZO~trCho3SH@0I! z(@tWu38ZJ-RK+cZ9-10xv7)8wp2|1nIGG)URh~6C@2hQss$68X^>9bH@%~KzuE=m6 z2W8%0A0{Mh6I-;2{~ujn9uL+2|F2S%ij*aak~N{ozD$W^4AJzv}NpmE)zTqK+ zHF;*L93 z?uWp0SV?#WS&c!4NTkbA){ScHpKM@YHf$Y?W0;U8_lv9&4Yo^1vSUO z75o<3oVrC%hS(2|%SdyRLGY7*Yy4~&Sj)SS%P8GxGbEBIvat&an#@YAI&d(ccH;?X z(n07t zfup?s+MSTWHO|i`8Q$~nOaxX-ZC2jXu&|fomAS(<-8%peuG~Kp({8!Hnqb0nzhw*X zt$+@X@^+;4BPcX6K15+Y^uV#5k1ZO3XeC39yF}&Wd=c0$FKZEt!P$53h)GOD{qqoU zUd^P7{^a{;`q9%n?)=1T)14{kk~~~ceEzNL6G`jB622b}f`xdm3!H&y)Xlf7$BxO( zU;1Pr5l25>zLUzA#ZzMMr$>Sq{|f}FT*eFHRPFXk7qaDIxrY)$o1do~Sdd+K z;88wE1~|T(>?1*TkYF!`tgLoZoW2a+{6|8-^D}pVLMTTkr%>?mEJK&d*c8zPdNg9% zNx_dGNzlvd=UnmsvekL(=ORp0FA&=i51kDBXsP2y;N4B8UcH1zmC9Ea_3^fpzFv#k@nZJ$J z6zPK$EsBf*F10n*H$VWrGobyUY1?9PeRUl&`ZtTo$lRQF5>$k?w6$Tp33i|#KQod@B=+qkk&s^H3Dqg=T2mwmd%tf1f*RE3kfAr0M-dS*eXiq zGg!4=vIzLNbwMd;q`*r@HbQ`X3X(Rq*Zbt&83-g_gu}q|0IKOITczqfIb1X04LGFx4k_Oh1C-tqZ2PLPm z4mAjfcK|H-d+nD&QW;!<0T|`Zc{afH4HBY~pkEXGVTS05m;+wqTQ)YAkYBr6TMnZu zJlmHGcjf&0)Ri$a1Y}SFclxJKtfa>j!1<74gn*Ki?9J8W*#Or zLIAGaB4dXO#z>a8bnRKS&XLq6@6yN@jfAE|5sFtG1QDKkkmH(vf=ccCg>dBzHd*M_ zYu8lgro^4w`+K4qtbffINXLwBntc2g5sDCvun>*n#Y}8(57mx(m7f@AkU+tAA_j3J zp^p=SNj@aMHpaDQ4ShV?QKI`JUK(Yb>t8!oE0O2KuVG=Edavu_R}q!lrf(=@+>_IC zyG)nV{Sp1*xB<_mcg?rnl@<*MqzE%}$%ErerK)uC znzLHonMhGxBEM5_WTQ?=*(2^#r})w{Z6+q08j@6qdl?%57aENLVlQIXnS8SYS2+8K zW^(|SW=85oV6%U(kwPFsM+c7R4lVL36JcEi*;3ju=vfqLVd@r4%yqpyaQ17?aBQa4 zYuC)kX1&&_6S1>b~Cb)q)=c~f?#6F&vjJZ?E!DJ$j?_t`KTsPh7#XN+cfyv#c z8aG3rN?&4Offz8Nu97@nWQuy-`GH4oLBn7M(GXt?RI zf%_(G!=cLUY_-dYVtmB=b3b{~X#bsUKd2-I=8ds~PxI03qx$}b%P6IdMgAEo7dQeI z6u+FJgI(&*K`IZTd!j#tt{Dis6J^Ml_C}COX>Xe8XWe1!=Z7}ppE=(*DtFb`Z z0@+5jPHywC66L5RV@$yTBXW?-+fI*`--7UH*??vU%qQttTNkC;tCn>glO3%-tVp$L zHiLc-MW{8Njl`;m`0c0LDjS7f{A8jamJ{##*I%G^?|v+?n8>p8!!tv%r;#OJKbkMT zAhu~Qik?1C7NpHu-{8bno` z20j^KlyOv?Egj$ZG7^t>4G(~H9sPccEbY+e(^V_G4C;`auMJ*(`LZ>ae3M+T3*m~1 zPh0!}D$dvHCvA{K#PHuu2R9Xz$%0JXhzOVKE^zr{s#hxP`#ksvF;k>9Ba3v8qe7%% zp|Ynw56Hz{y=uHX1@DZq zs@1;}o|t%x`}MWJjrmQ8gcs07-Xgez>gu2i!XY8%q&6T@1KAUIAs}a6OjPtO^0pmQ z%Ck^%7!?e7@2P(Et>M5=w{{RxV+T%&vC*UF-V`=(umpRk!RYul%vArTcJ z-Nx#lt{h1kSs{Co+cCnL+#wFPrOmomAC3mU9u1v56q6aua=9i2mX#BUl^5oCWYPEczZ3x4Fc zp6}gqUvd3P=T3YjbF-wYQl(F~{?QXH=E_kFK?+t#B`QdoWq+H564P&glUcM|V*eQS zxVKB`Q)FJ~a8Y4fUVUv{dHoWxw8yx{EWN0Q(O)hrZH(I_u=MA7lcUQ-FLF1s7(f|H z9>6gN!?ekuHa!W4l(!?fOlQQ?m6Or-&Gy2^H!E>1B5t@tuD7|`!*AQ=K4f9?v6@7r z{V%(WXzN9T{E&g4w}Se0T}VExOa{0KOR`ENs`%3-Uwp@R0vd?G+l$c7Clk{lu zLbZUCGkq&4hHY$5dZ(%LOTRg?$p#mBbHfxInPl*q&gX7&6;>^!sbP03haH?YH!2=y zL7W(FV6h!ZEPw&Wlnu>T0OsPi^)#d{9WI?i^{DIlBIR1 za0-MM+NP%DO~If-zrUi`9>-J#5fwD&?zf z5@PFu4lLN%Rj*jQm-eGntJI)U8Is#=i$luF>3;iN@g~ToUoK_(z1i7lGx7c4WJM?| z=bJh`z_o4albp8PwAmhsyuw6_0Vv-+1~yY%WOz+=j}2f_wvK};xY+Z!>`>)^&dW%@w7KfGd*Hqewk1@ zb|fwjQ*149-Z}wpscf%6-*zc!-Bx+Z8}?{f^YQ9ll7zg5wPO2S=F8%H`04 z+Cig?lBLHLb6|OEI<61qWOQngPcV`{*qiolc(OU?uH6yE>9N)Olh(ZeOZDc}E%_9j z{Kif)ZoPD^Rccha;eH-v9X(`vJtIyQPTTpDhdx2!+n3^D+ieKg!$G!WrmyZxJFMtp;40CtjL(?w==rJES>9~EK1PFJ5B5&- zsg8}kT(MJmrQlzfb2Kw0|a< z2@4C7WsJNfHVxJ$9M4sTIlb+RjM2p`(UB8%6BoB3|A9pMEk6=IgDM8$t5NS2k+3uCP&ss7|i*4 zI4if^7)CVD93e>p=PH29dC~}9;(1AsG0dct1GP>tI|$Ehfo17`z(V#}{5k_!y*E|- z0_^;{x|eXTjclh&S6y#e$k<{`(C62PkN#hXLP239TX&eWMq2M*cLMwMZb`=>*Pd?B zQ+)gd>vS#@Ub$8XH$B37y@NGTTBUiN`cs7%)9Yualwe`J6No}lQL_S(vG?#6Hjap~ zIyww~W(#Sks`f{fJ5(6Qs`?>oIacFcTd%;-=D!li7|0;%ZX5~t<}h#A;`-kLXX!z110|;G>mWIUX7Ce2+4f^a3&MRLrv+BgvBrIGOFX+Vo8}eG zNK5L)#;tHntYKDyB?0NVi#naraA6m+IKuevig}PhesYCTYU8(Wv<*hc*~M*Z#s=d| z>CpTgwGI97Oa1HE9twIp@W*Zg0dSwKi6<9aU{0A|ASVpR2fMjVPEGw~XFa=Y34GG{ zZF_`P6L0#oANT~w^6#p1sSH@1QLf)j?HhchOQQ+>$Cmv+Lp${Nk z$}j7cR@L|57SJ45$Pcy+K5hk3gpW@@^OeRw<|?hSZyHQ#EdWv=lTsmIz(uBsbRajH zF)+{X9ri;&CuvYziKU=y=>l~%YpZBy@w=%`{dY{zeIyLDp8GGVte8WHt4{z!G3^Ud zNoKT|TEtv}gSlX|wcVKj`8|P@+Yu(EV1j^Z1KMs97I=iC=L{Es%hbB#n_lYvQ<_os zKTAvn10hp@SP7BS5_S?Foc@Nd~B0rl*592gNun?(m z)p5hW=Gnp3wV#_AG#YlpUsgcwv7n~WHQk6E+qgLy;O5cq-)qatKmjU^CKmBEl<7QM zq|9zqSo*Z1knj8lL62Nk$7iYySM+)5$-SroNB@ETe&VP6WsA6Oj3Q>q(a+Cna$!r( zn6he$%;@l~m?P5xn8nW!3xM~aS_qXhN`s)o&kwg;dBr_kwQAePw3W!7Em$7I5cT}D zp6jU%ic#YVkRRZ|1O4H5U&3NSfhe;3Tn=<03G0jauYz7{!1M1bYv6I}qQ!OWkT2%r zM~i~~o?dKB;d(^!#IW`DnYA4gBj7+1d5sOc`Wn|5*+_UL1pM43E!r^#3pC#`MVJe^ zBZxP6T*9*$zW$e+j|eTju|s`~MP7g!%5TPK_?bG-_7%FC3c3p1ym=Fp=7K00xChn+ zM!*dV@=JS$vKyP5_j7=BwyZi~ugu8ALwE0wB8^R26068sLOLV_5TK)DRm>erF+|Tw zvzC_{p?EP)D_E1oSR)(j6{!)-?(Hz#XfQCw@^mvmWd-G;O3?zUdtiCUeYY#B8A(`+ z!?VzD1;L+p%uG)+kdA;5V(_RW4UUA&nxg*eH+}2Oo_B^28HThqitKa0ZNAP|2&O?)(%|0-Po= zNRR?79dYvC=LjGnqfL<-Q?rBW^ONlD3~&x1-#~u?#VTNw{$vJCn6DnF z{@>4X9zA;77tgo`)e7l=od z!+91^6^QRp(fSANq6$3x+36rKP^F}<1LGc$Cj!%vh0%UE#uCvuI{Xu(eRR?(zug_~ zLxu7ZLoe%v9p4l%FKIzr=g7Lu_r=J}EwU@*GRXmxkT`~bpw4aS-N;@@ApmW-@hWM$ zm$OzW8O<&PM|uTMcPJ&FA6_?-p~A9U%tQc9lw{U5(Bk|NaN?cJ?@5qeYlGfo#Qvzn zrXbJie=G|KVCI(*+s1sr_BACBqu$5_vNs;r1YObnF2G<+C0+BMtvA;R=R?Q^#+&sP>slQlz(&LP8oiK07b z%>u6>ha(~!92_o+FJj-_VohyuEXkXld}@j*o9bRPhVH`{cGKh$4ozu2@p0kBpiDGu z*!{F~X2@2yZEl{g-D%F0vPWp~ao0{1C#U`n$5GB1?2o&?w>z=K$sEWm_6o(`)X=$i zsprWDV08hgdmC7x^GdG*hUMmaLs;y=6modD&O9CV(4NDZI)^M=z22FcKpU#>L>zDe zM$EiYtYgcJYc9aPp0kODktgSlmne(@fqZ*9K-2G4qzLIlZS=}JC-zSFZp)fdl zfH(uxwFw&L(k4T>N1fty)70(j9XL!pXA$+KWJI#kE1zc|HN1H8$$)(?hqfZ}c?Y^n zOdmOn=E3@*jPPxh#LcOG>K$766ajD%#Pp}KnB&nYP#|gs2PhdWG)QxLNZI)+Z8L9z z3Q|!;m8(*{>F*=9r?1wfymQUIEO|)}^(ct!dAcHaCm~S?+du@{)xor9RAFd@zD~CI z-+|`aSZdbb$+&jRu%oVM(16ui6zVeoDh>KG;w#q#YOm;J5tt=-KZt8L>F#4MOz_~* zEbt*<`r?>OWQ&*EizRe?a;}i~k?0Su1$+CPpPWkczgNkrNt}t!-0j!|ghYJ}r_*<~ z=xG(bWL@2FFggd>#br8&I@2=h#VP`f#;9jgKF8izNt!_|S6z)=lc$3?CuI|~7$M8A z4SKoURGc|T5z8!#{YVq_3D>>4WWXpudwwC@XAY&8i+0zi2Dde$|7?+3oye`;!Md!} zm~9hd@M+`zCy(KhXd3m`u3lCb?`f@mVF%tBI>+P@a2sYJ6BeX%q@6TawvqS^k!#mx zCU+9N{V2de>c`pLNlOA*W_nG}H!eKiYo#Ri_nm7I$Fn#z_IXgxTL{3!DECE5kg>p%w z-j?in)@prr4~HG?R=SYK%4UQdK zhz-Cy1_;P*-^Tj4B9)(^IGvaVcbHQN@u4GhA+ml(TRD$1qIhyN?iIL?4L1%ZHL7<% z0DArG9~If=i~t5RMJsq!Who}|>9wNzIdlr5BYld~ZIae|8W~f}`stb3yHd;QH!*08F0Y;8br>nD}#~mb!_-a=0L!5k8$JNTL z4S|8#|B5fRfa}y@PS)@1^gI7jl42X^%_R#pwGa@-?&zx7W4H(h;GIhHv;^q3E!cKf z`K9?y^c%-$tQz1)eDWeKN+OGsMae9yr|l9l`u2}5Rlw)MVJWQ{QS_?J{l@&zCi4;3b1JHpvV;+tO{XvgJhNs z>p#O9A>{SW0fvp-z0Zlre*x0DIqcF>tqjF$Or!h!ucnp;EU4}wq z2N3r0eA{goR4GfOh3VRAqJ3}86_nOASzn;m*LKs7=wUnYSk-O?r%Q< zRAk%ipsIdABzjrkv_=S^wpUn0gg*5)v~d9$jRRd~1n~mE&3tGZmE?8XG0}6FR(ex# z*5`{1zo+UezvNMvl=Q>fwv|Xve&F=@58N?BKpvk6=H zp>aINWLislH9Rql(yDptE^)ffQHL&k93s|h*N2hu;pnkB>tcEOyYuPL79+N}TK2rj z&o`Ff4`Rx$Y+Gh#@1A}fOn-W>eo`wKGEJwTC@Ageq8Fz8a5!MKtJ(m(MNY zJl#JBsDB-F%!qpZnwHF|PcE+jq~}tzQ;B9Zc#Ecn=haUY#YPxj&P<|LcUwQe2B8`SJIc~6?;bJwFlVS(_$3}@ZE{M7#E-NFFPD;1?jLy*^rkoN)2( zzd&Ds1_m|rmu5NfI9D06EgAQ*@@+XWG%IEiJ%=s5S`>F=RCWW``WgJ$@fZH_V0c{n zxn+Hdd9A(>MRkAIFF^~ML;~X&^q2;*XJl#6W}&gH ziNuVy`53&1tu1W?ypw8YAh2^1T>y&TU;sCo+_;6cm4&u6y19$6lCA=%@`*Y0PpF!J zdqG4xMRKnpm3w!m2%r#rrwtyu@JE7j#vqlIfU^noX$$DUs0vuIULLqHG$vxX@$Qzv zX%!)p3VpQ*%-1}&@`()HM=#PE#aB%d2M6fMnAr&I6-}WzZ|7Ttwr87&bj7rK9T|5V zi)s4=`FmbuX-g&SRzh0+>dC8X1GcghztF=A+eX~Ft@q+ECYtp_0CWp_WWknJ>`4bI zWA|n0Q&@p?4W`tNUOvrfRs?0h(M3V~Yr#OGx=VF0llq6Z+98{f)ZpOwSEn)|hO>X> z0sLgGOhx1^RV!S-R*eN46-P())RzC~a9XRW)hVZT(H*L7H)`J#w3!`i~W-BbxEb>XxXr4JRWgKiQ0cE%09g? zNV>`j!-3M9@p^dWYk>r!dgzoo<~XEUxZERch+9vW_+U5K}~*8tMW%=*<>v z5AMQ%&ziGi%AWTV5Cx*2*h!8 zI#x2L^cMtrlN)ZaUe1j{7lGVJeIU3MW;1k*JSwJV3 z%ufAQ<{OKfd6`-o`@0HJpLg?;4;+1}EjYUegr7sne=W(uEkOaHXCYz0$ACC}@kuGm z)ddtEx2*JAA~yNSaU_Qa_^wm!LJZ#(v3CIp`iKC0sLFTwiq3b@bo?ATOx@krxEQa9(EF%SdXV zwy}Y?Q?qp|zf=x$IC1l63tBzP(avh5aEr`lET^~_>G7O0oilQS;(N~<=+2L3ELQ?e zC~Tj3I#yge%akrdX4(3_M1;P?!3yW&?3CEHJp~%ZuVTu|WCWy-0$GaL!EwO57raKp zAl2xjYyyriis@tB@y|#*UJG~(Pf&D_nz}mRWCDZ^fa674R@Po34pfJ402#9q67ujNaB7o~Jpe3d zwW!bTGb(5=hu8Uibp^6!(SrpE(Fb=q9s+=nfr_GwO%R8L1*=Ibz)%PrX~=;kb);1_ zRYQ6~AMsg7>lzwlMgz}t%cqxRj9@|bgW1tO+IENa&bk7|x3?S{>~}687wZ9%kB`OL zp7xsoy$O-c9YNV@m4z)P)RZN^xGkbVus=lB17zxxA;BRr#Om2NX99;G;`V603qsqx zRZ>9vA+c8Jl4O_i0jze3K{7~IV>tK=FZB0=^fwMpPI}62(dLcA=}{j;E~h4Ifb()X zYP=9X?&=bxVUXdq+TRR?k0L6kBpGjv-j33co}mXB`LHW$gYhkk%j# z_V5Y{02VC(LIK48^CIkLs5Jf}fC~TPG93@V?Aisk<>uWzh#}$LBZ~=Acb?D<5Q2Si zCDs}|Vfv4l1Mq&NUB}q?^xo=16fX~jZpz`TqZezu1#9X|Q)ppKAyA$6ANxTJK{X;S zE-s6hd^5WZfZw=8qyK%9LOmI~xA_!wos1(OAB&$8y~#cTNK?qgB~D*4Fyzk^(ojEf zw*@kSU-W_l%@@zzD=4+}t=~B4W99c|+3G3m-RGuGU+m-2TgaS2b3us7=t@*!NOEAZ zqNRA@mHQVMHFmZiIS|Ykd4vBtf1@fRgY<626MM6(NoLvH+!jI;45orV$ZSWCT3hEv z9UY6$BgCZdrb7LwaK15!FDYK?MPJHa(9VlJ5e#S!1FyP!l2LZw*545;9B|^16QQ($ z-=w1Q&L5N}H#^?Z`x#2hH6HnHWS(0U(+Z(Ecm9xMJv)%}D!%aqtzx9!JKRTMX2oR5 z_p73`Zh6oY)Yd{_nTew}IW2r#Ta!m=EY`+yn^<22E;I4u6&INKZljuBN)Ebkz1Hgh z4b{@&R(6^mb{GbXclBY%>7KznYE~o3h{^#XwN7#`nlJ->d#=s!a5_^rOQ@~wMDYG6 z4YPAn*EM)Q609Mztcp+hEEw{MklAu?l?3jY`K#6pN|()_7-tDLo}}ec8Jshn4`i5} zh$=CPo<%KuX=Ac;Q{{N!J@Kt!wzXmTN6*W{k6%XUwV8`3yyTu(W7%nOU`qTLRkgO1 z)3Mitymnh*bSYzqJaU`NUcMg;sl%F2_1?GVDh!QbVPDNR&E4w8rtc45n>bX-N5UoN z9erw8dD6eS3v<5}A|?3N@~gh&zTIPU82`8E9 zPb;`ifB#XV;>WD6+92)-on+{_YhJs9YU|-@U4RkdT?v;dy?pbA<22bsr4r^8oj7!~ zQFto3nP z0lDG#=K)5Pq}$fEHq_Rz$H^{?%KRIm&ki+n$62f(UVEKs;z-7U$~8j`vPmgi|JWo% z_aF~n=!$=B7wUtsRNfCND*qa<@#;(joolA9DbJ=xj#w*ZOe8;utZ1&mOcJzZdptZu!iCrXMBZ_ILX8ci0Xi2qrYrsIfz zFZtd=bXUq;I86MehDUlAOxq`G#>TKO-J!+>5$YPYR(mO``-yi)q|VNvedY`1tNdjmMU~u0_<>G6NZ*}B!%&?5gF80cWA@_&Zv)`{}71Fsh^E&87kIlCK=kF_j*kNE*CdSGBxXu3>eBIR*p_30wQ9?B*@;- zPZiGCA9#XRN9#pZ6Wh)Qd0BF8i>i6?a-gBP`}{=ISXsIyxFKh~KP_T+{Sso#&UMtv=si&HQS>-P_;Kwyv5m*3@iDP4SB^VpUg+LxPJ#B8U>Ioa|LpL` zh49NR=WsXg(Wb$KOfjG<48>fDKo0EE(!W5v~k)sg{1! z@SO#MD_Pev@hg`!LFhjN$wt680E;E(zOTioR&xjQNA-isc9wbC^_8>x1HWB$msaf< z6nvf|iBUr)k86=SPKKWd=88z*R_(Am-O$vOh2vRp;Gw=a!LJFtY-YS}92Xe^b{$YB z;NnPHSe&7g5d7T&olmbyBWFzsGYTl6&|@316ZO@BcU9doQ`K?BICCn zR1n)=9RH4_S>LWl_qBeNk2E$8(XlAD6LE#0wh8x1?zV%T zwNHG-Ns{4V^_?))tC_9G@I?l| zK*nf9cFH1g(1s))qw2M_ac;o}s2p|Bus1c2%D|KHk92uTHZ+`KIpPaVd@BQP@)U3_ zL|4?hK+$$q#c8f>16xu zJem5EC2gKc&*qY)aI0Bt5vPaCCfyD#RzMyRwCS3SL&5>iFH_jg-;%+i)C^G+C5YS@ zOnjMCTD8xW} z^X6f0UiMCQ=b05pvYYixw}_~p zTtKO=u^^y_NrILK+R!@~IfJCaxS9P6yYt%>ZVwWTLYg0cd{w>anA~d3_?1M2l!T82pD&9%vL`>TRSAPD7kM*V1x%Ip4ZhlX`e%I_TY*z<}3iYd7c zzYf^YCa1_EfE$*qrzkG+ytebu z?OeB~KH7H|H7ebeH zfSeK4wN#h={(bi4pN8NNT}mBHDULpPuFAM!v&ni|(6@ebOrNrqN8Ze$Qw<(F{zTzu zfm`~n5nJ0A<$6`2BTUKD(A=KONM7^t>pMg2MEYhE@KdOd`JN9oqhBT$2puNpWn13o z9Stvi7!knNVhLeWY9;=f}ChF!hCBY{5u*UH;RODSt#sD7xQf;%P)wai&&4Z+=AQ-F=D{g4*{xW_v25EP$ zQoSo-cGJ}~;I?z1&-~46EnL{|ZCjAlV)ZGFVFn}G&mgJ1ld9vN1)y|frJ2()QLR=|$kp_S`~ zf=u54L-#fC39Tw4C*+J)%OGULqt0s6|EM`ZLGRI%Mzg`d-QjKsRfU3QCKROmA|md= zHU7GgyxXJk&qi%?%e9E!8>p88Q zvZid%@*bOpv1waG-KC;<6uf^+?@MF-jKEkSK43v*sL;q;BBDk;Go70srYJ9^`TbI0 z2I^*sm{z=g7zF*#Yi{&l6f@*}7KZ}9DE(*n%_LA%P29a(;L{}ie;$T5HT7NT%3x^O z@;DgNr7R8177EN9I6tvJpvF+u$&W(N>?fl7@;l1&+3S{{fX(E3VE>(;#cnsv*F_>4 zT5s7vn+qj#y~y()c6%<~nuvN|WbCGDzULx?wD&40s7l7WoBASy9VMTR>g}suh}Ie& z98?2P&A`Kp%ikti6sTZ1j^cGTwH0ORi?`w%4cX)?cUIa3p5XRQF~4{E!3iZ|W3i5X zG@KcHLR3q2wnghDw`!J-BEwNNKeGOz9}VN`yxf=V@2|{Uqi0NsiU&>*_S=SLD6cb= zX5^*lxiY@(dc(NAuQVa6kDVutHdq+ke4c_3>48f3m&ZgW4pW~j%j~jiS{0+^x^(j+ z>0rY*K^^-jL&|t=1v8^3y6A~=IFBaWTK*Vs7Wn~-p27dd#_OkV0>iU_c znZ(5{?T8}Tx6p^rf1Y53FfpwZOtl8x>cr}#d?{IKll2QxfGj8$k2l zzKN{!`e-Y82ydI_?zk>Yp{3!iZa`GKVn20SHl4EGe?RnI5ZC4%erCAckm~q|10aQ8}mp8zF^XR6+( z{l|bVc0*FrKYpwlE@uG}Ly`~hl~&zN3?q;c9W%4a8Xc-X_*RpgCFQYb`o0b(?g7U6 zUds|tGG^GfqM$fL`W(dF?R}Nny|45MHUb8hukxo?Xa{|4p2BCwZcS0U6HDeWi$C+ zwRQ3-sbq%H^5Kdj3;1G=&XIEc!Y@mw*pg0M6jOwv#MJXR`9qA8A>?>BO)axr*8>6B!*r`oGpNWDuI<aE|Ip;{k?xo5hoc6j$*=3W-oGAVF75&vJk;<61-5cD0xtzSCdf^FPVI4-P(&`7w5i9<#_*eMLB*xEHmQ~l5 zgtk%$fGF?7!1qLBKRoBLhV&j8fy{G)r)P7rjh&Jur98AWG^7OV-rq}4gezHgUsLai zgOl4rLK^LEsi!_V?NOzwf?PxYaCZV3*EhyTGvHJn9;0+^%b&>4PE>@}gE~01#+E|` z@$Va$6v%HkZ}4#zPg9{wWsX)BetM`;C^AbpVe$-sr&VM)u#9}Ed?7p$z8&R5vy+#N zj*gvg>x`z3>$|Fg4k-J^d$5XAFF*GimaS@%_P5q$vpPv4N)A0Hc!Ae?0wJ;QHHQIl z5ECeU_Sk0}e}wAB1Aqh7)zk{K5`W@yp}Aco8*3}l)OsJLg*&QC$ffcJO1j#L@oQaL zD5GUy9>dNhEWRWokUNd-@9h(v*xvyVWn!PWcy=l{DR2?n5alT6A`y%=EC#5HsV_8o{7PL~CN(y#CPbK5m zIX9848|6qJM&#UVP9TQAQ4$1rL*e@GITNfTR&7zgj{E&v`!oE4a7siKWX|LXfI2(m zx-r=mTlg5Uz0+IRYZP^>X7>r4^i8b!xmDEZlO;E%u-IF%L~WfebkHCITLT+14#LJ1 zeX^xkXgyd^(47pgX(?JXefgMi_*rSWT!Yg>qZwA1n(97NwH^SC?@%zlbJ3}a60iEe zp{QHCs~*I~UQlTh0KWRDl?b~10@vWqe_VrtP9t&{R&T+5X1&G+S-DV{VWmBfVv->LK>^UdlXzWCn9@FlHSSyQfxvBY0B73Ora09rVf9*7BS!Gdzd|Z5jB`SJ~zdU|UUN0~9IcrY9?ddI= zyaT_L&e=KSva@sA6}+aeoFqwdu0VZY9$z4tW2kur`2HwJNvG>W3?soY_!yIBResSV`Ifx7mly^xhRar!echeh?Im<`Bqd+4N`^`)K z^Vh8?(T=AmVKv!PPJR^1;6Bq8Jy8IO|0m3H^>o`C*%BudOF7&RplUe5r~9Zv;(F#@ z#o@UY%hO!kyn-f~oS!Wb05^LOLYi~gDm33-M8SQ>56+DzcL~y;dDDu#Vg$Zk&cD_P z$fBjkrhjTND(zIT>19^WE zWt&!2kL*bHaOZ!LRi{&Y4P}sms2J*feJ1i265iYA*$1`x8=85$-jVT>2|MWf)uA)YC{9P&^e#_wG z>enS-4}y=2954*OF`sA>Xu9Ad&Be0k`Y_kC(6tFVnOhAGdjbh43XTZ%nZE97Gr``s zS%B#a@t|>h#lR|3G>x^MDR`=>6-K|Vz%S$cX-S6@kHlJ(&n%rzMso5( zU>0YJ$ALIp$x1~faiB?)yg8edClLeFaGJ_OT;h}ExL_AUr;^wCb6ESwE!`)NZI(>8 z+76h_6M+&E0|1}W&W}T$gcGS64Tmq$N{}Z-vXi`*nvrR#+mhoa^SUsa(LnSScb-D_ z3+|@c{t~p@odtS6kjGF65Hm<`qo_QgDQ9zC_6yfDI=pnPfS*ms2;*IFH~Rp=6@uBi zccdNIo#3h}T9~avTVM8?w`|e>;ylo7y*CKc63-Jv9&YorNJux6qK`1A9r_ZD_NNre z085XH-kOZY2&luq zD^%X@?Xo}K$5!)b-Pg;t^c4etzX%je%K48`%lzVyIizZ2bW{ii4ZZ>MaQQF?VX+(s zI8SXtl(1jwDN!Fl?(pq_5h5CMW)45|EBk`NKjd|G4p<||>|EYIY%&v{vk?&PIz;`s zT?m@5eDu;6gf|`n7cAE50Fmay9JG};5J#W*Yi`GSrjhHH_wdERu>|R(j1T&OMS5G3 zo%^WtfVqt=D$ooO;S3IsMD_xaO%;6iH31oPQU>i8$}wIGb1-o9E4{I>J@+}gtrZwY z+^R2uzjxvqu$_VJTl|dji%L5#ZTswKN>p2?s;o(7+eQ5FTXd~mEpUEUG%s%EIp*F>y%0u=o8^<*drq>^>CqdNfE$C`D2P(}sXhBT30EU=D z!@+sY1AKjMa~MNSa9<4LUgU2)D$%Y+m3Q->*p`mT%0-QecsFcTJHM}7l65-sw(I9at@Ov^w;)_^P!AC?a<@6$}9+G zCHU?qMwaLiqh0Q6<+pd2On_&&)kwf1{?g#TX@~4{HqEN2_@mQNl zw39{^wg#=k`gzG0D8NJ`#mS^xiv{;Zkvwu^Dw4oNZ1P$x(L-vj@qMP>F2gDC=Qi^C zex~Nl!0b^eS(-Ja;&GQpi@e*TteLr|P{U3ytIChi5WDY1B04|`t!-=5ycmwoj;0u* zlH!kRtaWvRJ+3mbk{>1JkOD~=8JlDL&?66ipn%Tz@82^xM*h<6Y7BFQHPq?f)HRD4 z>-OJ{MUQ=^aQkM~L5aa|^FrX*8(%M|aCY>kV^2 zL|Mze0afIH}1;UveHrB*%z4B3m3D@GfJ`EuleUL9bmrOG-q1Se*I!N2N>VEZ!XhK=heg1o6wU zv74p|tM7~+^0StFuIbrfE#iv`tAlnoIIi+(RfbICDRCxP z=w)N4mr{+Z@XzV|!ci_AAFoIWU5r?H3)nywg)*_FjfzY!i0jxg=q`6ZgT|juol=5Wq!ix#iB9Rsqa2hRkbRJQIPIEHkFacgYUibR(z4kXl{hCKtgnzfsb!tD|Ae^hOQqZoX`88fQ0?8@4~2C?VU zk#UAknVyi;QR90}$1W9VHoxM1i>2X@+gS0G8IX*hQ`tp7*>-pkqKb-Ap!LcihZY6d zi^cBU`vZs4V4|m!NmW)hC%0~!(zZDVp^5-6qu1p@r7E&dyRaFp+P=LRGou^kLp692{yClu9x3yi*NFhA79Ju|!yz_7_ zQk_X5p4RSg$*pRqOcTFU-uKQLiZg&otS?$b9c@B``Hgo}(Qt2=H$q%TrFd4z_**sV zun}@6rFp;B50!@-{rs_Ft(Hdy3Pu1C%*lniRJR<_F|BZKDcbDd(wB`b~JI|t) z71@lgB4zYIJ5o}qm{LY0-SFPxPbRs2&T20JxvQXS+FQ)HredI`nJRJt(qzMqngzy8 z$9ET*SXUT_kK?o1PPbzFqXwy-A$orQ@W7f!;8vIJ+#!VsE>0FS!|t4jd~%fWdHc}k zp?yDASv$wU)9d2nOLc9u9Sl38CwEq~jR?AJ~=CR`ge z?*EMDX`9YI%ttSb;_M1b(~a#)PU~*YLR2!FCP-ffRrtMT26UtS0%H=cX7{HATcDn6 zUGl9=LOa{-kzDt1Cpq)NF43q2q<{nP_N zS&E4yKIe9k?lISa(gi41AMEGvC~<4H@}Y1J=i^S}^MS-ah3y^hs%14$cyfopj~-$7`8ll&DF%HBgXGV+w z_ro;>$is?>9L3(FXPHYCLf@_O z4(tV0`}A+2Q)ccwWgG`oC!n|7;TF{LkSm2!wwIUBBl`GS8&*O&?!{;i2B=-iKp!Iwx| zr(v!wzYDn|GdjTMfdV7cUqkAU<$P1QOD!9@SvRH3_6L~0jSg1s%XYw>9n+01>OABh zhs5-jo98$;4`@PP4s2PabKW1*sR1L^2le%EVZtp&3+QdyMCl37uSrs7gr3ppiRRB9 zsTrr>8m7bxW%#lVZBe(QrvN2haXtOuK|S}TyemT45f3|Kpn9NG_fXCo zUllKngS?ND-OH|~wR)vTexO&X^h*xYKJ6+aebwxSt)}BzMPXhUGq@w>98U9%&pGR@ z+w>KD#u$^EIsk9YY`w}DF@OCe@;P~|DRwXc)xWKQEPi-)Yapg29j;69-=nNil)0fM z%s%IBgSl(DY-jiS&M94PWsWZOnzjIKSxoF%jiQfZK3g~G+_b9aR(|SVq?2E0apw-O zVli96A5(kuXywMhdx#wyZA74cjF>uH)uVXRbz1@RAMSx1UUh+eD}PFC3Ai);UzK+$3xIN(b_F*1rgH)%_c2$d{Cqz%5Wd8dfLUb@NCH zGWPRFHPM&)WduN93p#NrDj&f|sE7UxlSCt2n9VMW1}jg#+0B#L zyC1M}p3Ht|q*sH5oLE2vCB2{=6EQMBfgWHbjvl@p4YYwJAaB3mHgOXXg}p_wH96AEkHv3?$;&9hRXJ z(DnVhduh$}>S~(I@9kQDz%lgu3*FB&DULW>kg>w0}_q_l!~N=GYCP zqli5X<48D!v@BO6`kZuR0xKc{g1s-)Am$Wd?Wp>krZKKz>+dOQdzQGqR|b$RyQV@_ zpCYuI*rp{r>&y5QX)Uj01WU`QzJE%L1Z{TwZ17n#bFY7KA3%cX=AZzHPFF5pps| z46X2mE>GK$j9k%dTVK@)oKBM8!lb9Fszmp%0;`u{&VgH%q@$z2=^urjra2z*ZmST# z=u26z?;Ftxw>;+bSt!R!4#khD>o@X-Ff&bB7CE~f{9f)?9ZW@F?F|nH)a4+#ZCF*= zv$6uVdSMUM^fk_m-1onjfR05VUAEsL(uSWxZa9dN{wGwQJB(9PQ==_}YP~Z@<8I;i zs74fJnkT1CykZ|iW-P4kbsf8|LgqaFM{-ch~l1qKvO5&5qJDeaN zCj2jWT!#sp`)_#MvxxVZX-SQwl>lO}QaZe`rIH;YY_mNN=cvdjP18itmopEx&HdyMmL-o_%fT*#NJwb|-oMOP!aR3wZDgsv6%P3a-X_TH zrYL<8c!`9H7QggWI!vZwz1N-nu6R4G72PCrhMnzSTiqw<(#J1+9HLCUfWa{902ZJC z*j%Yf&X=dW zXs2seuL(QvjaKg4@ialywu~+uE2=xbv7$XrQGay0U$^cGe_~iV8~jm&|Hzh0ZeO3K za#!9duRSlN)|@(41mV9sg#WN?gipGx-GIJC#CdJ{=xq)Ur**0GGwhsowW?+EUl_C% zZ;am@Df)wZuaXa||56vNWuYSO7<4^VzX|UH`=~1aJs1)Q@4y@sk5;`s& zD;Ang*0OhyE&p&0a3TvbdLEmUXODgT@vU$2c~|68xKnT3c$hGbD!$LHL+_(YHix4z zO=v)?twVeFbBCqCzH`r6!28kc& zjak`JEF=U&0eK>rUdTchW}z?nkzo`Ym?av%rd$P3G^c`EkCb6=E zlV%jZ)id-|z`y%R)OKURec3=T6!S|R4I8Zac9TWlz`MKyUCtrQEojEFN=`hCGs4_b zd0ijONL>he;~2@bkG}i%*$cU$Aeu~0}`V*l8XmI6y}c$*fT5T@Sz%CZyt;}^gcn)n59uis)a z%6Ey1y^Oe1wCZ1^?9R99pyB7W1_F!_O7XmDH!maiJPOo8)VLp^dP)_9<6esb&1M}K zHe+p_t8GdpRawrQl@3xJlTs6)BB)Li%b+Ha0j>zjQZqhr2?pOjq z*F5rlvX_8?fD3sje326lZ3%hV)0U>s+II!b>84xznC;+t|9-EUZ|Fo+7lYoEr^W)n zt+yk#z#{q9wd&yB8B;2zV(($ICfNnddIRZs?DYJ_`5#%=-h5I!{K(K6`8{!h?rLnnM#xt0NIQu7zTi6xk=s@cUIP!yEpM!v{_N8=sMy2KZ)6a(4oy0k5&;r@ox>nW> z_%v3__+h`1M|E|e1QnYSR2@494u=UU_(b;N*4~x+1LGbs#ld*_HSq`^owI|Ws86(X zewt*LW~?q!P8;XR2vCqyExR7;&XbW6zqb|rIF#{|*jqap95tItd)SuI6;a6Ct2`dq z92fDNds#LQ_zirsVo}w)I*a4;jt&<@`5WR~NE-}s74QvKu21)>Ctj9FA z*-z$F{40f`gdy`Jk}n_@RZm1@zlx}~Sxsda?jJ9kJWa#+7#YV)ZR*_&Nlkyiu$7fn z;X-X~Ep!H-a`WyeCslgW8lvRatwR@Ps`I*0qelkuc0$fiLD9ly>GV;?Q0lyDsv+tw zCnCf__dw>d*NWCu_=qW~*yf^bx+)DQQGtii#k~oah^=MGt^drOyrLSCeS&ZwUHNM=H*!tvWTTP9y*1-Nz^@b zI75hB;ZmgErZ%nj=zt^fsrlANHJ8U?bGF+Snv12(R+6--k4r0G-Jh0w-7cjJoVJPh zp{yLjZpyy4h^^w7wlD9M!#HtXSnq#WjXjp`7R{kC3k#eI3oP3&?jQA)UXF_JAmLq{ z&$y*Ja}IMG7MHG+^zNJ**TWsqE78*CmN63NQ5QHn=HtRI)wwHmPUG0Qny^F5Kv@ld z@;X?hY}YjbHh}REdJNxyhzv;k%KR5hUt8gZoA5` z#>>;E1}X;gMo^PmOwZb*mZ*XhAxr#nJF1q5rUzPGwwZca|LaTOzVQC(NDFGW_x~RX zcR|_bc@k%!8QQgy+^oXa&2Z1CxfeG6$_~hsi%AZNy4JG59DGZlMdZF%BqYrtDfJ~= zz77hd8}(~K5#n2o>*i7j;Lswep8Fh}k3f;Smsdg3=7T|kOd~MfhF}+0!4sDPLBw_| z2ohQib1teXcpMS@74_w@s+cZ+PAiRzi9bqDtYYV(TnC@7UxRVMC;=_7 zrtaBux4MIHi4i)y=3YY8WG76##sNW z^}ZwZb#ZS{O3J zPM#FpT&k6ilaG(jwU$1|<@Sq8`|6vQLhg^^_t^V3x)+75S5BUHD8P*nE*_3B6y3;6 z{EU7-m04*5g=E49-cZ)YqAW`SZ#`8;(N^?_fSDb0jLz{iyeH@F+H5=HU}mSmV;rJh1mj?wFHjOV~)%bQxVo4-`Qg6 z{uJQ;O@RAegV=d&zrLZiG11=rL_oBjRdmX2Fel7b%@gbWbeH`SySQN~#VS;Y?A&>g zmno4$r%o)nKX!qg(QZQStl;SlXbPTa7*2E$a%*_3P(g}X#AUphQ{j|l)qPbGt?!>D zC59+`t6+AoJk9`r2kZT!S|VD072Z^KjL*Lvcy@7yk78MqZCApt8L0#_k_D6hqfGoZ zM~pZ-Z3%rx4@T<2=nSjndtNXDp-{R>_p0JhyXCsR%U_XP9})U26wCa+^*2Rxc!|aQ zOwKj`W`2sNnxk^vNoQGE3(Eu6h1Thc3=IvHpmX@&K9F`aJ-3ocGh<~+0Eu+&t})6o z!GRWs@U8J?{`P6pK zwe;sLa-o-j$(+$&wIm*m${$~;PK&#Jz3bZfZpG0$a z>D*tKZ9ufM8|lv&KK-oFZIs)!QHY`s>{G(4jQHkh`Ad1F!znt4BMwMWdjhS8ufomX ziQ?VIkN1}wn;RI2>5iKmDrC}oZPoU6b6^x2z_JtD{$a$jsz5kE;2HyrT3 z8XFz8eX65A=@Z>|X!jW;4WgQq>1WR_=ODY`n|8d14ai5csggmj-a!*lWgX=0{%BYa zEqJGFLkT=k8HZNxska;2dKa++ex}Tq#7vYXtTlqBsUE8MawVREvsuXGgOq!rj-qBJ zb(_EAq~QI?S_F|W>Q*T4A^fBI3@H=w(Zj*S@`8NC!0dlm;R?ZI-ml5OB^4hnnn*8oCJRiIdBzd>^YLcgFM1cJ^7 zkX7NmWkf>*Lg%L00rpO2E8*vWdN@+)E)N8*_q-V*`4wO`$_uE0=DlXG=QXz5z9sMa_0+yC2|jD!u60 zyU;)`e?tqA2w{@=g$>xD$DK`=#W2=L1m4I3=IIpT_u^rawGw)td3x1buWF*1;-EK) zfLTMs$yZG*n6XxyVxvmCM=$USkw}=141u1NZO5KDdgHu zM5*|km$@?;V*xk|?h-3Mk5*xsD}eO6B<~@MdVZbcQaFPi1HfwcD+YlDPuOO#0X5)& zoh)~gBN?L|QZ$D6`T1E`?0gmnEMHgNSroinj^V65M_^4hY9F=rDf!LtD4w&4V^EUJ z`Hp{iHN!#csB%$oIi-vBlHkua&z~ZPjAE47AU2=%o@Wu?Mj|cPO;9Cy@S)iqGoI@E z%&L8NT!)c&B}5hpzC0?Q!)^M*W%A2LHnfY?zp=LTb&5yp$W5JbJHL9;!fSldCa)&0 z8Mpx??EJ~YnthvhbFr){-aj{q8zKQbbFX|NE*UP0VPW62*aRWLixabWaYEn03D~Cc zEIcTLjM^(TEh~TQ(U-RGJt`t8pek3?LOfbTn_Cc;JfxXHuxbos$C`&Q@!xCDlEnOu zN?_qT{-fKyweGUlJ*&`NjXXTZk1EUEbTl@IGV`d&e)5NYf6tMc#qeU!(NJe=$U;T?1NZrUsqV-tC!ynkyz!{=-7 zzDBw?k3Ja9j@r}(9V176lqa}zW8KSrThWXh?Uyi@;Q*6n9m$vbR4_mrLm>-ThM(Oo zU+;Y|tADcO_5M%3j|ThURauc@Qgn}&5AS!0AF1Nq3CnceR(3C{9DS zTJ~z5C>OOI6&HwAu{E9gel%*2{H?`sQ%gCi9KVrwmwVFM-TPaJiulGa7>`KlW-+yo8f2_x z?2QH}lV4llR7S#IHC%imLTmP!to!m}Ki8Gx<^AII?uX2`df)>;xvyLKSzqBU2-$#1 zSc)6e>Od!mD66n}p75Ji)K)kyAFX-*aHmNdlZL6Ej81*wJn~O)tk;#)v~`9CRiBHu zT1L=@)3sA^WUY~#F4~ny?rc7+O&%jhA+9&>Lt~fUg&r_X)RHdm*UGuhGg&t4@`2TO zp)tzEgCtogt^ec;^x{o`Nj>G(eA3auPhqHdKz7IHWPT_1Z$V5$ATd}Q44k`8RB7U+ zZqUH8wwj=h7>rqCL6Oh3+fGgWS%nUA7V@nptW$a8q=FsgB7O1?^L(h3QwjI|?3j&DD4L#9qHdbX1n7#|=drrdIeJ>M*TSkYXD z3b8vJGaVz(vWxh%&s&Kktd82WNA)}J34+3g{QMFS& zzQCH$UoI`k3ZG~AbD6uxZ;xVHvG>`Gs7vTR1ttdL$EQh?mKMzrEYtq-&2gY z=PwLRs>nT^{JPf)DnWrk!l$McBmjQR{KiO#Z_A^h(k4N!JupeN+{@q*Qz1wDzP<8$p41auvPW%%H z=HrU6PwFw`rpBhGCQZV1rrF`px=&(u(-V$r@{%aKoN$XI3e}Oinh;-!1*8(w7cIdp z5rWP!zQPBudkAN6I3k%$zPL(4UcSG(yJQ7w#pa=rH!w>A=IDkImB70+aigUSaU8*R zG5lLDbSuztxQ&(h&O0s(qm-IUX7ov0lw*(TJd}}E;(`VwdsH3XqubfcIS=+SuUG>q zvNkXsv9oxwQ%`4R{nEl| z92?wN(2#2kfC1z}5%1Q%BNXMGAHn_tpxeP-u=wHyn9jAZ3~u08SU^>{zHtd1O$_jbS1BkcI7uRrrlu-x4z2l1RiE#ZA(kOIRzhCCp&iR`h2H*$ z9EV=4mnAQw^5ZfGW6{#mf1#xg#Mon!*59a;i?x9mR&e-lCIK^s>2zqKWx4C^=kG8a z?`j?aw~dFIq<>{TR66}=8LY;m6S&`yw+os7QUL50Iyw~c8!cy{kUY&`=Xmc+-i%Tl z-weI!_!>D=A?((d=EN8Hg_Fq}<&<6w3DCTIO7fwQ%Dt7l);+|2pp zX)tsmGs?zG2D*gQI_?W$PGqEr#d(m$#gTM-42-2?&X~rzL&Lv1N-1uHXx7TgcPj?N z8^h!$op7X_IEz2wPN?Yp??8g{g-8*khe<1N&>Oak~r?JQq9HL(6Onk^hyJ$R%`)T>A>fyhVD*Lk|r?nCimIL%oZO6&ASKLRfIOz5^S= z6bc?t2{uKbLuv^vT#ySA>;r>8%}0$BQ`u8eK7jZrtkG90({=3DGC#NnKwIEPG0_qIBvzx?UB|q5R?Kq62 zR!Pob30$;6sCCB&WZvO!F*`bxPMZS?Rajbf| zt?X0w0wxrm@Yo@76VB14Zd7(Qn~9>mr4fCFx7i*KmBw|4U7NR0ezi08+VP}8uKtA+ z_A3OIqGua!1z}!U)mT~{H$MMzjmqVx3CD-&LRIEVBiT7jYvb@es@%$A=-o@R7&bPq zv{*Dj)chyb&tr5pkzn7ylxoATtj)FRg|piJpYTQ*i4$IY0XGG$jSaY!jl-p*Q=s2{ zYkz-jZ?9bwfotU=5V+<#i(1c;LebW1NBGDJsLm%h=G;lG_Cm(A_{;= zyjWlUdV%T|xU^0A=Fds2@KqRF1;9?B7<+XF8BgP!z-v0 zpS51IZDnI?GM+pH6%k(9_udq2o)b-eoZo4iEWD)JPR^Uf>32#E6TE5S!InjAJMPZ- z;)2)&Yx57<UKc=Z5wxTUB=U3k4df_a^ zapBDE!z;JFg$@RSe&^T5XAsPD{dcUbKJsvv6bW01(_lbgEm@1%p}6sL&kLZI*i@A@ Km2wm>-T8lGZ)9Kq diff --git a/static/images/docs/k8s-guestbook.png b/static/images/docs/k8s-guestbook.png deleted file mode 100755 index 07d2458b3b54fd0975f35f0a6f78fb0e48e287ef..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 44000 zcmagFXEa>j8}~gk2Ez^yQ}J}0sxKa&*B zCj31D=T3e&Jk7RO!xzsjF~-ukjB zz^|f>6#w?X;dASv-K?E^N#N3I6{=d{eq=g$mpD=VoCShM z2t`3_YwJVCcb@EYtUx|=s{$TH{r7KMy0Wyhh9@h*+umNH?a!ky=vZk3#SO8owCX!Z zjFu#{fv2Bh-pnd;9IUOT$W@c7GNi;f@9xYg(@b--BZhimk&azd!--+ zG!A^;_J{p?FR0Z%Ry$&pnlg&TxuO!l*qqokD{HhjevES)RO)rl%Qz?mUub5gkSv#5 zUHym=65653-{lb$LQ~mqey^0=bG>m}yb8wU$G7IoVxy73LvVqK7!!d*vV$~Uh*HgX z^LMurOWDcZ@7`O~I%2e-xRwg!c_W?$pw|I6kFp!no^IvGNOL-1xN7g31=6|SoXttv z_|+GSvZinwsg`9hmT6Va*9=L z8QqF`nv0tSEZc%n`_r5;1e$B~pon7gM|5u+B7cc>2Yu&86`;N$!*16fJ(I6D zz1gFMjE_#X?7Lx<^A zxMjkAHTowZnFQ6OsH6SdpCG0vw<+eE2+o8C#5>Fez+pK=k|-?59w}L&Ye59)B&Tc* zIvxEuy(2KA=~cxILLPx{Z5l&WoCm(Jfo*jkDda`P=`3ozxPz<;Kod5EZHU(K)!ynK z-AMG~(t00d99ZO|H{?E~f&8_>gUB3m_N|W^x>7)^SJl-uHKHC`&>|0YYgM%y0~$*9 z2nr~TGI>*jG;qfm0)(8|X%p(5)tNZdRxEWj63d9Z@hvZ6jNa381~>w9^5yWR$XrHZ zpw=I;WDx72$3klJ^uiq9Ki{~n?y2V#bVF8y2&X)n4@f55?A#kJ*Qs~H)DUEzg#((9 zln-q1(mKf3(O8WzEBQU{K6(4{qQ1WVTm5}{?*9^=Qly!#^@u@I?n%iK1*2(n((aqr z9ai)+nZZ2yCn{Q1Y0h%W7k>QAwuz(diQk_VLB;^i60eJTof?R1-yy~!b!VUJH^=r$ z`AnH*Cd|joN zrq*zj-1;eKPN^gem5wlT?P<7ruag4nbKOV%pu!Z+dr6aqjyAF*Z$+XyU_cr)Photz zzLeHAtpI6H3v=%p#Przk z3UB;^U2mFt_hES?y+RW-6NKejuzrpb_c7lQX|s1rr^r&}ny?luJDIW};#!LdKVzxx zvCnK>tJ0n11{yj?LD@47IySg6xD7@bpFMF31S7;e6@%_1+XrVhD%~BpZ_=QTvv68E z74uDicIPrm3(wVgu?_c1GtLV=sU-yrR7mUdm$$@GQWoNP&HnP7lgI)|Ekb4YSs`-V zny~g{Dhm#m!}`A_JyNPZT=F&tx>A`z&=AQbV=#)nLqN?u^7^|0bpUF0Q{@Jc-&U+Q z-C?d3iCGZ|+F`Q|n65UfDfKaMBTHk7WUCUIWNR`)QW3V0#%ys0;qR28pFV`o-WxB*a%u-z=k5|6n^ZjG{N zJzALmDic4wv-9GOZgCrIRacarlUrRSW*EDRP8X?^VhK;yyyr@*`4O0>N-!pvuVq%S zmasM&dHM{2VzIvb0#l$^O5NpH>oZ?uG?unfk7&uL#^L+SA+N&U4^hz5Qd%bTT#qiVU4iFDp2pQ9B8 zdn+L+gNfo^mNhvsPrjrYyTkYfZwKpgpIyPr=5H1GRy@;=Te!uQrd3}B|Y_kIef z_j2hengtGj*K;UDG|DxyFgR(BWfUy8Qc?eGGBL9|4$dB*Bs<-mmFPKhx~Cujch%#4 zlcDa&E0-T|A>rN?l3puH8t?!nA){2dK7Sh}Jkm@t|td7Q)IuQ zabUtUFNG>JiCy&xf!z4}nS-Oohj)+#wYY^Ft|w{XvNCoc-zDXbB9e~r#@%3V>{+eF zyz-{J?2^V}WNta6f59@d$!Jio`6E|=v&S^vI)ygqS?rSx^Vl ztPY>D$~cu@l~6y*_EqYk06iwgyh?_w(#8)!>@XoQ$G)6tz@d&Q*`1$&r(BhUr=vE6 zto`OYMujE3quxG%>+SUe4qwZcY(e+Z%yl1h(Ij8=zV2expGB0n$dRK3*Aand z0FWj##>4n6|I@@j5}!J_o3(Bhj2K5h5tP==N>rt-^*eQBU!mdS zCe-vH=ytfHYD{r`HTk!OM*+}r)-?l;-7^+Us!uJ|Wm6G$03Q>!^1VII(=1l7hm46x z%ElwgYz{U3U)^krP{HU0RhAizF};Ia@ovU2 zW$RC6W#%s-*Z)BsJ!Xc?hHkVfk$Y8pGhydk&-Is?CPbT_E~8`#JLo3JF6UWz~bniF=Sj!)6}1V0oxO|plJ;C@x1(=eSIuhz2&e_ zL_#h@=-fhScL-9gsR4E%j(Nu}!%PMawcC7bXC)CAU~?AtcoZ1a&Yde44b)(6StXL zKiY9xO5Rh=hH}rFn^SuPJW_`WIxO?pjuH`A%<(1@HlQZ=YQA*07ElQmTg z-TGf$KgdBi069Lg*jn@15NX)b`Vsblc5O;q|NX}u`$dzJIFXoeHx`R=IDNq^Tb@=J z`fgAil0&1Q0W+^3HhQl?+RUNh zyOtR+N8Wxn`RM6fK;_AXGuWyAYU&yuR`o59%HviG#d9ar>>f^D`|ml^pTdIs(Tj5n zUr($F&;o#F+0T2gy-v`pd*c(gCFupT9OpP^TT<3^=+&t(g9Z5-4r{QvAEK|?o0@B8 zZS~-SO!xJB1)Zw++|ZUwEi{}t(46NIY4)6gy&0~w_IF73$GNI^YbpB@uHP~wI=Q;Y zvV$De$U&o$L|)0I++?gMv2$2IPVd$@Z%P6^=y(Xub2u)r26U}s=~u3`a=VJsNd}40u43D|z_k0~qR6qII&Ym?aET!^X+na=L?PP8iW9CaoBm5`8(j zt<+$SW4*9TjzE9_+ySq_k)^DX_1+{+CC37jJD>j;zt46w9Qnz?D94f6VN`v6@HRC; zTp~dp%iD-t@s`em?=q=~ZGS`av&RxBqF|0JX&HkUX;}>H#+iZ%;STPlh;n64Ju5q9 zU|`@Br-Nmz>Kk!{k5JYO+yZYpE7AR9#;nGC&<@7>;W%8cRQR=|j`Y#)u!^2+Sn?e< zA9tOw(+hEeTdZR0t8my)sEK4Ucv?69_8R-=>CqfLv<3}yVscm}viu5rOI zn`nP14z<~;{36v-i`#WQE4*t@11bqa^nJ`sWjp3>vL9rA!l-lF&^(ptFpejv!QzGG z&3qduo;ODA1MTJY+^1Sydo+6Wjrk*hEpMoZCs>y`&&%o)(- z6E6ixn;)qxx!$qOKhR2C>84(@77ZVj*_F%9RI(88An_@JY9L0PB?;&`eGz$El0X*+DI2cm_ zFt@!UvfpiK%=1|5HCM6}NNG2WzKY+hbga9-of?8)`@S&20&TaQ(p$=$_h?g9!K)1e zFD%W)_>YoR&@|b671^Tpf-S060s#5siM$+GyosUlC$%I>n@G*&Eu+i-bNF8%H1NdxYV;UPs6C5@<6 zZ?l?g1Un~sARs|?cH~v5foIBwZ5wND$079vN@=PqdZG5@(ind4oeTX9A7?9 z%bcAt>0Q@w!g)n>-E!wgH~(ngx02c%pvO#UQygsjq!r1D zcL;{ZQpz1>hU5Nfz30iw*F*U@^$lV3@}uMr0UD<&l7 zQb^*@zTrVYvDs03@GE)kTYJ@Pnp3-X$KB~tdBf%4h&URcH$t)|Y>watA;LBk2HN)D z+}NCls9xiqlal%RrI$ZS1&dHN4p7dy4oe!%dwrwqO@H5u6VTHqPFg8Rb-i*{WtP7q z|7fnPtZ2TZ8ywzHd0R3VC4AGbl{EH(K6-DtXm7rJO)nHU$rmo*yenZsE?D$47zzg?tS7w6&t*cSM-%cy;tfsa4-FK+{ad z<#qvClIFrhTxLaU9wnCAv8pAgl=}~FJ+i%Bd>zJ^X)`cL z;SSl&i}-Zvx810f#L90VuY%r30>J7Cj&y$biKe#_qxE^ol(lMODISBk*Oq$<>-g{# za$mUsYfI`db7E>R|3!9u?I)<7y>N;;#j38wNSbDDckGlklYjin13X6CM6=H+7{J$j&->kU(qMAEaP?EtY5)wF82lj3hF60|l@^W->RhBep`m z665`Ls^yTq67D^g$@H4fHeR)*>8xn3o;$+0)jI&j&X!qKN;cx zQPv>QmtJRg$l;@jZzWvEQ#s4L?6A6?R0LzfP!E0S2{d-*6@bT$%&gC>|C&u;#OOhu zs8M?oNl~Au^pm-slzCx1uFV~11Lvh(G$_d;I+Ixdlo61aB<0rVv?0Zc1G8T+)`SlM ze|o^sZ{FE@;a^ctvKw3lU~(-0gD3|PYTCi?F90%s$s^f{=5=Z` zJvo-4n+lv`0eYq4Ne?Qsb){UEZ#d4)_GU_Oq%E0%9G@hkzjTmsl9lE2CQFXwDRa}C zvde#TN*o?G)aaGocjo@@GOya=XP{r9O7` zf2(s-iV~HH0IdWff}P4V`Q*brp|@>(e2*J>pYkx>e|wRR&2-d1+7uKa%C2h1^S@$R zP_y7z)6iY|Pyu)7Pf3Y!jBF}ASU20Aii6nYIZ71!UW*K^Q4L2)k<~CcnLqqS2E}Sb7F%*c+E8`CmIyAj^oTl+M8|vAX>j2}MLi~UF%e|vv z87+_`lk_((x;c?r1MYFXb~{e>$iT9J#R_Rr26U|o=VJi5g{C)Pqn;o~-}^<-Z`59; zJn7b0ik(v>jI!{=xevge8mLX@NBKI1hR36+^y74s`ZfG-sRm)|pvB;add__J{=~8c z1q3WL9=P48q7W?*NM6_unRa|{Xe$@6h54lJ=MYf5u6j#_DN%-{dDVM#*Ta#P9a3QT zhdZlPZqG$Q3yQsCy#(AwnG4}H|KrOI;Mc##Ty{qdcRhvr#>4Zwi+n9fiRd!Y1nb6& zSxqW?jT%8k(`^R@4jLSo{u&04G~Tj$t?;{54z*=v0VQ(rmoN7w+|{P#-{!4r`dy|Y z&>t-;1~5rNO9=-fVIW7bSY;A7ndI@7oMeD<7a)aOV z=K*3KA_(km<|Vc*!|EvE?@`e-HqmQXk@DYU0)gjF83rKO$d)-QW;%I`6H4sWT(%XD1=BJ7Cmpc|>G=Vh4iLW)#M zLPczUK~O$y%pA4Jo1a7jR~TYlI{g`c0N5d3N;tW-$l*( z+JT*IKD61(O*v_XupfA+6U_SNIAv@ha^O;-W(Uvam;|U628LE&gVI0zCh`EC5)NxF{~kBo}lHWdhj%tqv9QgtjDnpiBzz8TD_Z9N@He zBxR6V5eNrfLpGCPtV?ga=l@{Q&9Mw}P>kKga^BXX?>1HE!aU_o3H?j7NAdh_tvFoI zGoGbXO~%@F(X{gV_}H3mhAhC-%8xx5`OE*XWkMTIKQUGRhI~{D)sFQNV}zPjwY5z; zAvN9}Zsjbq)Ulj=j7#u*HRR>_la5Ak^fZ&?6)3uEza$3s2&{0vb+*u0z^??W=7^)* z77gvjWx}La!2!2MM9ePcYtlQn91&?Qm{-S^y@HLpsfRYRot>RuQI7J`>Zu#hClp;; zn%Vfs*!YD`sqZ~}l-x3;%Ab^!Q##~lXr>wO)R#qitfVT^Jyr!HLv3!UfN9Yuz; z%2wIuhpKF9dn{w2EvGE9()!HUM&>(>=Rr3=dD5a$KYi0vy36ldwCU}s!|!Iz_syX5 z701Aqy`!zglsh||!@AeNm;N?1(qk%C#u+x+MGiv8sFF;f!sm3#g(C~%9qXI%41p!t z0l*b9N@}~@$qU}%JDh@>@Johuw82WbT;4oF7*% zlybH*gOr>H97>ux{Hlh6Q7?q;Nk(rntw z4-3?chxmIc<9i*6@s?q~(G-*E^2pgVx!W$h$M0FVm@q1qA6~7oWVagq`ew~-3*-c- z)5A&)*m!we7SJ!-7E&X3J zLy`@-ypXu0!l`=8#`Udy`}+?b#JjQV^){+4fw0V_x;K^FlAj@#+T{h{F+$^U?35;x zuelu9y?a%tI2w_e+OkO>rZD@5Wj$6JxzvgDheB!Ov{IHhb^3x6`lzzj9ktm|-!vX)p`%f}#%ukn!=J7%F$+>PiALD5bq&Obksf~xn5h&;!F~Ksg;1pBaCLEX@59nxiN*V#E1H2G1?}fnS z-w+t7El%nf1d(o;tqw?S+&ZlZ(c!V~h-Cz+>46-nq3!f^BL#;UEfi9T^=w%f4~6mA z5V)4ah1;{j%+`U*?*;5Xb0pVWdP$20chI)ECAs zcknDH#2>3Wwy9uKAMlC#BXPtj++PO>}V(lwus^MqUWGtuEqXZ_Xtd<`^v z0($2ncrCgix4_rFdil&Pa;>~nq(*gUi8u+5GytAIZ{^!0G2R%e>b?cKvg1CZ0)^}V z$eCIY-rM-*0T0Y9VjS;MZfFXuTQDWaIwOUR0r*Xf-XQYt4XFIcZHj<5Cz_V_~O|)P1yEYYEey7c^i|cZc=-Rhx1h z)(h4r8iJcl#0EBb{n=u$w`eomA!#NW*Yx&>QPR!j77!Ez5LFA+FrIyTzViKUtrb?N zKa(Ec`r#gZFykY$pJYvF;e5~ew~zlV{5QWsiMvm3@!rC*MC+ly)>AaeERXxiN#W>^ zt=+br8;qnKoS4Z$SB!%4#H;=GB*4I!hP*<7QeSW7-9soJryWEKqh7P8`iK4%vKh&l zzS~WDraNO?ne3#l-akcB|NMGP{Oy}x|5?~s$$Bp#lxgo9=l^Zsi~Ypqlb0$sT$>Tf zOQ;Wwk_V(wIw**Ek>OJPdK zVA@AAqolU{9Mrb6+#1eJX2bd@C*{RIsPa|1CqZS4kMpf6+g685P2Ej5RRO$1I{xJK zN~?>)ipTw9s5S^5A3@(5*%-X9bE90&5pOA5z$f*lH6t}W8IY&0D~XD!sG>?*g>t#i zhIizt0`lIA)lgUyzMD`<0;+~(_3jEjdDAtY2vms&Vgx%Xp}@J3tY^0ye?bzBjizGR zSkM*Eb;YP{EqKos21`>rp`X9)JW9)x_IVQI=vZ15c{Ir8?^fpKx~XTP`y>74zTex{ z&Z;ldIG(>tL(1Eo;#X&dstN}^%EkKzv4a^Lb>qC*uM<}wE(KX);S?Qp-p{o}U&Q?X z)&?incdZX~I}KKh(0VCk#h~(Wo1T~Cxh5dZ;m;is2lZ77uu!h zI!2*MUsAl~FjtgDhlLKkhu6t-tE~uWMRoR`M#bw{8;i?5bIH$K5=Rqo`1CudXzG;c z=&!x2&J$2pG6IDRTvqjPpM4$sQ1kIIu&d$!*p))ZfGC8JnB|Q4z~=P@LG`mX8G2o} zeCHfPIE`GBUd9`*I3qH@1fxWq4fc+%Qmj{Slyl4mmXP8f9?>(P8GT>FF;EBpAA(RG zvq2h%%nrY9@#U3UVcO&gFW6=#xN0L93)mxF3+t1a^ipOgx(4b_GsYh}1Nr^wJI?qG z{FFpAN2Kc6h(~E`M^@g9U0qbTKVoxBAFYtLqNAr?Bm*S;v`~cWys?KumHX1)x-WKc zwks4}bz5uDtB6@P0GxiU1l#w7%M(pvX!LbIK9Y}nP|4+BvH&{WMF&{C z$AD=yA+^&*hs%M;03T`r3_^^Z8gyk=)QVHMz=Z^9t-||Y!jD%AZ#~kE(YBnFLN&@g zVLbVtSy4~6+@2%S(A|Dm7-}Nrq-lh-Rly+C71T4b_b#Hv#w@c79!Xt`#CTS<0H9M# zl{?EEYrJ~x%Q6~E>t3xRc~uwYkK-3#+`>&1{XB!7*drCZ3&8O7I{8XYEqVRw6RQ)E zv??TLUwLW!BDE2<9`$#)FE8ix3zgnXuYA(ZBl$v_9ngoQmV)&9I@KvMn&#h9-eXOU zOx49aU`>gm7waw@hIYPU9vUEpFLq1_tVhIrFH}=slCxWV;@nHRGM9MRJ3QEZYaw(c z;$X6G=>Z7jf>)3Vt=`C1ki&;;gT)dpNh2=~8el@QjlR!WBLi}2 zA$-I5iVqn5b~^ARk4kv3=hUzG6L`B88;Gb8r1w%2R-VB2lKL|!Pt4Q>;dQsD7lxBm+ZYg#8_bFd zbG`-eM5Qr@{N zT12iy>!I)3s80{Y#1P9LKE&#wwH6K5rpP}sa6m99Ar^RjB8waJZKgBF2{JyxiO z&>sXiIqqGvTN_pbaNJ_pn7a}R=|>C>2Fu$#3wdQbwow4z5l)SP`e;TEux}bLwzp}J zM@sUl3g*jE!(8itbMW)KS_1v?mU>BN`p|9R>WqeG9RN_Ep{gzNC_dgspvG zXha2@UfbM!^7~5(&&~Uv)(4ZJpDn5Fq)o#^Et#pgLr^3XLn?ux`U!;IPI~3K zzBzClj{+IJ+mgE7=@iGWof*RZK{=cNs1{+*WSe0Cz8W?d-Vl$7x5&E*(d6wrOw1g< zVO1LM87I4=*!3=rD{Qas_1&N-`C^wkpSqG~SjV%&HKF)eIrRl_T0>T05)JR2nH>>7 zKL+2mXv)VShpPWc+;98fCU)Gh+@Y3b>aZ^bbZkg z*Q(n=cijKV1PIq6Vfr%);eg7{f+kftH?_{e9AgiwC5^mqHveV8Si#{em+k}>$6_ckB+9Gbpf|=*2nRr4vvz{q!HjFv;ck$X}YX5LSW>6S$l>nC_Hu2k{_=NtH zsnxt#uTf}S-#DLXj_3&9vixN>NUfDg`RGyDwz6Vy)zhHmpeH`&f%QpKTSy>3U-b;n zzr%Rv^jqepX*Km7)h}OuEsdc+&f(R-*t2;-N|75b1d7t9lpYXh>GSrD9PDj#6#>`~ z^m;hxIUzUQQK9e4+uL@h|K8JolKwJw?!s`RPeOd7y@7AKIs)%AUR1A3aqJ?xyIgyD z8FgvY@$g+@n6NfW#kB_zR6t)qpvtWzF7S=`3fE_Mip&e#h&Nr$Ll=Us0Vf6D{U{DY zMqL>QYlT)m zM-%UY(yEv8(saKy#!nN=q>H%RKyJx)7S`t_mp|?Iv2ieVHKG(UwEX8M<0K_$dtT-$ zKns(|s|P87E1)D@La#~sR1WUb^BQ4CX>RB(s0mO_&7wf>vu0?Ag zXBpUH^Zu&MlHKPVdxi00XDMy8P7e{^kkKfl6{&v!j-<3{p!VL^1*+#-$%tF^Kw*rznn= zjF?6(FfEXC8N^Kk*0q6JUpo{&NI2b(Dwm-%b^k!rR z4}iOVM+H26yS$7~L6kxdjF|xf>PwAYaxJ}3zVnoT`D(L4tj%l-l}xnH+1b&?2X-_; zzKTF1f1+TxSUV}XUEkb1CX$*;H}_*B{gNyZd6fM2_mgzqRc5Lcva+=5kGJ7No; zEX*n5?WO;&^J#hS2Zvz(Y%QL4o=?S#|JgL^prA;%kv(4e_xSO}T- zu(L9T+yVp!kjzrw#Wk^vEzw99v(Gj5XBc{V#Ch{LUWpO1BZB4dfQi?X%e*BB0AwkR zCcQ(;lFM@3_>C7%ZPY4O{v&AoTsKzB_LF2zhlbJ4ULw)#K_|uG^6e z)a;swNG>MHHL6fKbFuI~9HnxvWHo$yHC8UBJi!G`3(^zgWp?6d!cwg{a26gGUPl!0 z@k#z354)=J)m1CkUaAD<`Fvh6n&W&EH>#Xu%#0-#>k&-`EHhkE77G$UH;got_8|yJ zWLpYGj}40-pvVSPFefQ0`yz(-51_O*adns_`IWuivy}$QuZL(j9fXd99 zbgKF#az`hx>c3819`RfrO{a4cT{fc$1#MX)Q)90$HdRMYlaqHJC>gt$R^e({16aR!UBzeJ;Nm~imwyHxNStlvxx6<0xn!s;-MIU%s>Lw9 zAOcDjPufqQU~Gv&^JOKD_i`dbE{gtMTKtrGtmJ685|Q@Y3)TE5^cpWoGZr|%9^S^0 zbdD`h)B2~Ka9Mw~pOsDuPSz8K#b7j1GGdll7BoZu=F6vvn-pxh2;(<5*UwSV8es}-7dE_zw$8x`Mh@0W| z#bGohv~9^L`Olw60UIHwT!C|$eh=<^^I-KUE;+8z8wo?G!_V4W72q1Yc&}Q&cPZ== zU1#g1R~1}l_&l%(A!IegrXg{NQnB~h;(Y$Y`dyKJRg8L zlq>U0EWci!V0=z1`ERVO38{zk;%jN&;=B$6MUnjN>sboEbECYW1%vhKQp~@Fp6Lnt zyEG3M5fZsP{Q^fyd~o>-INuSo;Lrju8F+IAuTN( zxz5a!Uc6h&$9&whd76EC%QO8WTX9oK<-tz(j;_S#pqa?vi10s}%x!5YN{@bv;~1_& zly2A!*~4L0o{NiE$J2(9x1AwmS$MjwwTIf1A0;(?1W=Bm7LqJ4_#4>_+_i!Vn{pYw+gJ z8gr0^XUN6pci}Gswo;f+tGO*7zJJU4PvSCg#*q80B&`&8gvStAz#jDa&cy zd;le4IT?Zxn$uqr*!86?BxlliKWf=QfLcmd!xHl9aa@Goc~K2eaDfz9YGDBW3QRFe zc=^&#=$J&#jAFdX@G4tn28@D{&$x&iFY9WY0rc^x+0;N4d8ZmVL$`lB5koouoc~)? zw)r`n9{f*lUgB9v%gyP@;y?dGtK^YypN8>=^z zLss@LZ{1s+uF?AY_lj|DUj7-u6nP`kL4T(Ze4~i zz1@Gbl_C+Y{eYt&XZE@L=9emR+Q#$=_my7d*dNy@SrU2qch0LL**@|&fr7r&SHi9d zYss%q4Le72w9E8mSc4NjON#`MRzO6k7eEJp z)-s&)I$^CS(OP+tm-|gKQiwrHY3bE~H#q(7*aV2j2NLH|2XPG4E6nf!guZ9=J$0gF zO=j%SPflwY6W~^lXf@})hPO2FgSa)C?t@r8An~+79-tseCwSrb{JZOF!45Mn!_o}q9(z5VO%b@DqFjMFAj-RvZa zA$*m&eiXt}cA)L|wbFxIw@RPlFsxeCy)UX*_=U_iJb5pZ)X8HIq)dX;`&= zQRq?X{7^|`Z^G?=L+*+K2EUKvi?$--m;XQwL;XHozWDcE)Jv-z!|Mq9AUwMgz-Rf*e_W`$mzgfJ`wHlYsJlki#7alJ}27SM6SZMn9`B={n z(!1f+(qG>{O8u&NyZ>*z=kc41iXsWazq@un84dfz!w#gs&nbqbDQ!mhr2qTTHdDnA zzTbY?ys7v);xAw7v)Z@y+AN}$G>Oc7Y0SE>dV12@wLv(x?;J^#eFMWJHX%hFp)9NP zM{}T#Ve+e2vn2;Y)2&V8@N-w)h51EYi&sBAtk~Mr$hMYM$$Zi3St$9<2G+RV>QMtz z-cu4V=K*sEA6xn!fQLu?5QD+!PfWbO*pje)`t(YvSZfdu+hPUvGQN2A<=(UDz}D6n zD!S!|W0;b#Z*S1*aY8p_WKvU8p$M_FDef>KU1iU;CY4s+=J(tK?+x)3Ksf`p<}o)S zO0>Q0bdb%im(gUQ_Gxz)H{%<(zO1`fbxy(^Z%cG_-Q5MpxXZe`SBUPTF9NrOUYW?! z7a(kJ>*y>FtoFsw5agxqEGDqH;E2Yv^zUypLC--!xV_L$FIGdFPfba+8=0Sv2<(Ds zz2U&-lK>|gXu=1G$g>;_&S@S?=wJgT@w=G03s#nT#$c3tS=|aUZ}jeeqUToPU+&W@ zu`rKTN#fv8@-j?P>Fn%Ch$>feXk$D&GAn^vyf`)mGB1KazO|JGm?2Ud@XBy@|fyBIcik6 z-6}{G+||$^um{n6vA*ZKGaLvz=jZzIW}*lUbuOGX&glsHSY+k2HRAQ>$oSsO&tEz|&33&<$FCgyr1$#Oir{77e#f@UDO*>hGbLZ!;Ki&T|^NOwK$FXj3?y2{O#OrcG z#dE1kq3JU#x_KCUNbuK~tKIGCv}R$(@cESD`6a%c5E%D#?B5zsj zp=OFcb?Bm1Szvjqvdgf8Y}UlYgnB&vNAKnd+0Wk1YyI&LIwxeUAGFS2-I@mx*51ki zLLUTviv02$9^pI66qVBIDmJY1@i{oCc-zglYk(UP`2#QZia3h30ga@0E3sz9FvXXc zZSIdVV1&JVbbcj|wqC{}AGBaYHipM&f|w{r9CB0to0 z`LjAbCBl*|+2csQfW{r}!o5zFnyPkVv{k9ro1? z4C3efL#YNLK&tccVGQJkiNK3-oYk)^s*3!JS$cN85iU@PDaxd0Szh|;j~o1W1`WR? zgfv&z<3W@8@M-G6`%kwd1RxWS0OOEeQlKnqm|ulz>iUBh&hZG=E#AqXS+BzA243I$ zXa|Mg^zW)FoZS!u-#w)i-!m%rHUGEssA#IlvpX-|y-J3eja%1gn4Pai*nvVXtcN_4$YWW1WUO?p7JhFDiD0Z}b_@W^^Z*jJ1{=QANi$V8c`RDD=IF zsaQ9l`q|#MwSZ~XVaZ+}4T%zth0MMVUa0S=Z&m{>BjQnxN)`}p{b5-ZDPsX%yDzv>@2bSYs;FwB{J6J;qu*jaY@<*9%Rt-XE*!t$z^BwBer>`8}yUgPiho~RM&^+ zZk{=Ka5?9=)Nk_6c4Q^Cw6$iv&%eTk=lOQ{24CPoS*(qvon6~LYc;or?VBcBR-5Uo z<(PHDB7a6GNI6(u!^lASdQ08Y$39Kz<~YTn^wC0B@4<)iIWjcEAzq?=MkFVwXQA7LLp))ye;Ji%nwzxdHWXr{<)P+jyg+j}hGl zdE*bMKffezinE;S>Z>_ZPuR48H&#T83nHnuzp*Ckl)R7yF`An}w4tG;g8~k7?wRUp zVtMzx`6-UKela!L&w51$l_m&F1gb0!4!>h}YT}L+;vpx*@?|rLz6NA$UVPDR{LhrF zY*gsG-$N3pfx-x__Vkibp8YU4x1xc+1!Zk*q0+cJoGvlwcZDRiN}7`!(Q7u2bme*o zHX>0mO@NW9=op^(P~fHbPEZp=LhI-nKh?to#&MCTKa|(~N_Ct#rT=oVH~Xsb=Fg7? znM%)p24s5N?O9{*1o=^oIome@5p>UWZn4Nd7g->2G_$e;HGP2EH z?Aof8gMHsX_G}W)$jiiZ+2c7RXDN-osgBwIjY-c82vvXm7AL*OfJbAx{*&jaHP6y| zBG!s7{6~FN*LJcSE!jjSv#Rc)H(mSI*6uOts*U0A1qON#TpiKBTHD$@1&(YOk0Wc; z@c>&J)m_&+D){HE;eq6Rk|BjVdQgqc=wO|{QP%5VxVtdtr9LsAHDVe zF&-Rn%lqwGe3L(!ddYCLV#DQS9`!|2?%Saedv6C>jM5742`SD_n$_PC14|83J~1_s ze!ZMj^k&|?W5>I7%U5>41MA(mm1nc{lgHxRQGJ5|OZ&Q)p;hCZQ6U$Wdy^i_x$bg* zbCg;q*-lmBtPDANMNX;))^=Mswr$(CZFFoq>DacNj&0kv)3H0YZTLpUTe{7dZID%b{vVs zR#3U^oHVBYE1LCro(j868IQeA00*TIHk z$vvJVKqMN}(YTUeqN%olzG`Bd<={Bc6#EhQUba}S(tEZc9Wxx82@1NuWSPQQphwtL z%oL+oS)?tw`j-IrH8Be$i9>3GO3PE(Y_H4UOZ>)}r2mqcwq(%HK@vaHXMmzY`va%H z?!+SwPHy}A+612Ov1;3o@D7#y_ot$HqCJA?)_qsq=W^1ByYBatIFB~j?`voGREgg$ z=oVW-XMazQX>M}RFt^-37oB12m{GV7vRn_Pz*L`SBiY{&=24OI{19SyBDLf#8G}*rj#P@jm@y!21&T z`)Wxqju}L09wuUNQn;}4bvzLS1Lp*t*b2G1MfrG5(8hjydwzN1*QvQIZdC|r!B6wg zX(?UhX#%tMFUc^j7A@Xp7VM``Q>PfM`|SK_RY{(|v@MP+z$+5jRO_L!_;Ogq*(1m? zGR30k;K;#v#(>4XG8cHa(uZ2x@E`W&-`nwt2dEf#|f z9DWwKHLX*|(y`)gvPgeSvCcZc&;+I9hmV%wxe{3`hm8kr%O>L8WTgP#q=-hR++73H zLT#pKfF!8*+iVKKsTG!pQyiG{szy2zG`G5Xd0J`|C{@q1}W%w#6cRv-5R57t|!%? z0K+EF>e?dkG`CnCc}{S)jbpJcpE!~(VMLZn>k>8Q*v)UqlBR8MEumlWWTTu;DE@I$ZI4>u^ZF-S{Q)?I0rWeZUtJuN9q{{_V-i-}}98gy(9s48g;)?I4%$ z^OpCfn>FO`>)T@T^Re1P4!7$|Bqn5=D$i5r`cHlQv1H)uf#S>i$EVh4-Phv)szhYE z>y_lU`!YN0&q=t{=+w*S1G2@>%UG%WM;~!f+umU~OLQlRGM%F_ zkYE)3Zz63Vl2n=2uCfv#M!ilrjn?iX44v+7Q|K}FznnSeK;qs_)3sgKoi1m;zU0q1 zHp^XUQ#68Qi2BGlb(@h+CYUnB{NiHz28=*TBzI7K zRQ%WGg9;jCx?-P!>@3r=4G=C!!68;gXz+_kkzSB<_ojP5r4aCtenxY^b0sZ>(Fi^g zdz)xf!^L>3R@$b!SmleZHrN3qrPT=chjqvhJ|HvE0YW@Tx9c{r3wIsZsLGY18yLn+ zaqXDu0l$d@m}r!c#Zw)itpcGvA~gcZjI~>S2@(>++QM65FLZr>>hwk?D9=#!jR>dt zOOcFb1h}U|0bTOKS-v7QgH6&x#ugWm!z!!s(_}F-$9S=t>Ult+axWHCErp6Cf@u%$ zB|@t=vY=SNurS$y0rI60WhjAk4!g#o-Z|yb!k77AX;TEWG;&7z;Y2|xRRP=zECG)( z0pxeMq<4B|llkmz5!Lk~Rc4&|7RTJ1zk7}Zd*7Gq zydIa^FB_)>-X`ueN1iz$au0 zC|eL=#Oa7ey&^kIJ=;2mKiy(V2n74!B^^gGWgV55i4of^2a?Vrz;-cj92=HPxVfS- zV405bnHFyYRj{-XVYcI3(t|-00v*bklV%hYq_wh3l!MT#@j`{4oMDmkxssL^qx2_X zh@Rm=w5M~lgf{)kjp<9VXT8xy!Lau({2%aJ^}3>g!0>=(o}ek%#PFhMo^8AV{smz6 z?gT{r8o5mt1A(&YkT>JF4o$-Ak(gph9Fa0aBE5hm<>>m6-PyB!EI^E=be*qSHh*{3 zm;epOV?u^~6$Sw*24dgE1(H@ld1UM@AJFGA(-?V@R> zuN18`c9UD#ErQ`S+pcq*W#)s2GS$n2wARny;4qvSkJ2Qnh?%r_pdi3;aXcKTMcJ$u zjP!!m7u{nekA#)#Vvw<#6MCg;31CNK751I;0TW>Neb)Ci1f zf?{KaXvEN)0(FTNh0tSy z#W73>out6mLWsE}se#qcK};Tm&p(<}U?x#`i!HQAzgc8F!iTZPKsw?ho9ZUiY_>!W z{RYULnkexE-eLFCcq9eIB(`VIJj=I#c}*0%{qX!=%WNt4RiyxgS&+2NNAn0DU?042 z5rZ?OnZh)V@e;^Ka$dE`#1KeAiDsNy?tm{0c|#eT9JR&Ev{jZN0ue92Fu7fi%>+!$b5J39oRN;saqR z@N%qx+Vs>ZAYqvLjz`2s_y#cY_I+L1V>0UhTUt77+q9$yB($Q9hMw0g0JcyJ603QR z89P`$z4TOqRgaL3CbZ-9e}=+xj{EPvAq1v7SO*xwn~;!nSJ*+8QeYMYf*NCqZexNC zJPFu05eNilF--A@xdkMj0C!kWcV-b-ctX!t2U~1CM6IwHQ6A1kBSZK#E_w^1 zo9l$b>Om|yk`P2loDg@PNc+4{%;6p{qe+cynenEVdAR#=jj0n!><<_IsC3J1_~BXu zCt|H;BGb8LnO44#Sgt%NbGJ!8mf|Ls?Y|^MHfzyl(M&A2iO|d$p+Z&ZyhVRmWTs`# zjR-XX&bf_BF(zyVzV&;&-y`WwO*)e+9`y5Zlf}&U?I|KB8=H_fE5c4Ga~#x{0Q6QH`P)kqANHiuEn9`5tUP1zTpqpO}R0fj#lU7ok8(92fuY$x$rPI zsnO&7AZj2rLEawEZKvSSo)DHml6F3`U9AM2HrMcAd2n$spPm9zH?agWg}w{3lvGR- za42Dw?ujOz{ud}f z%woq)(D~h?)@E?8Q{G(7;J+VFcD%bQ;o=gRp)o^>W}5ILvU=Y98aza9G)3QL8*>vN zMnG@DxIeitbYQ7gN0zRl`xzcn*uVTrK61E#qPxCP+5HY9Ogw-rDB*5PjhWwi8-ivjLGv{y_ z(VQTczVCpvuTW%GEfvlGUXV$i!Nih5HDJCFg=!9rw`3LSk!4wGG*xv4HW=LL(NxJT zR$?ca&&S%l@@F9MyHlG#a|GIq985&CAEYKNq-DJOYOzH=(rmkldoX;Cou=EvzdGpP zqd`tR(AvaAXp!(00z@09ToDtayv(yhpknedw zvC1KB)RG&@G|$G;f#0^gz=^G{-r6o5J7$hxyvQ|}nlvlp*3kD0W1(9z@Ns}I#)bTA zjDvrRwUz>Mgz|+Y&#jK)6?v6tE(<5AvUNx~9bBrue=3fqvmlCkQ!q#pH-n20$@d(2 zCt^8bDy0f`93usBN>-zS0xHAXpUh-ojMgS|yoz}$iyUqPm2h#2PLHJu*j;?0l0$Vs zik7ydxuqu!!X824JIxQS?LDs~zH4xPUClVaE(n3-nzNP1A;oXVdQ`%riqWu zZTkT;JeX^S>wu+`1_V&*M728w_LHV&Ic+zJbWmFjfeG<#=0n|Jkr=82_Z{X)RJKXN zE(%RCwR7u6{)M_F>=8fM2(S^HVVDOZf&nseYT@3UrzD_|%C^!%`;PU^yQFVYV8a?M z3oe6pekPb9UKFBCcw_%amG`!i9Jr{cMCxy^VhO-H#e~UD*I7`Ql;acB6p=;O7MmGS zNvKapR)|wULqw)mb6ad_R2v_)e^F*~kic-oI4o%*X7iHC{Oo$e6jTOFVGh>JSPyD% zA^)!iz>+aBvGHXL{$X~b4_84>sLUGv*>YDI+ zgg{BR8Khg-_<(wcd?FG=oRME{;s7{@dVb3po$)4a~i2gnYiR8#fJW~YH51N>dA1rAMbT!kZ zrS!3dh{t4MNigfHgDE8fGs_A)sw<^>?GWc*zRDC;jhoJkT3C$k*N>eqzgKmg0i%j` z7*SFQ*lGnE@iqrKm3|IK9BC!8P$s!BD2No?;%J~Gs5x@gO&1&b_yrQ%AYw~(?+%8L zz@x#SS$$SJLW&Tb7$z_y1UE}~R%}Q0S6a5r7f)dXuh%d`awB!;W(ru&Vd1-aCl^JOlJ6d|3uN~(2Rcw&Z|Yv>$o-& zkysRZH$8N4gv9nkCAcs9Iq(6#WXj=1u2{Kz=Xln1NpO&^Ubon{)qCD<&HWE0Lzzw3t(bUK{K;I ztJu0OGLzP5gVEjmo&!tCkrF%JrL!Uu)j+sMkCeB(tE!?7#Rzx~Y<6&n5awAsl!`{B z&3(ME^n4n=0-qS82|@iZ;1{p5m6gCyY6h_Xs&dH!^9P*Aipl&57M|zkk6>D4f^Q@k zkfB_BFkJD3w56mWT&_cLL1RK_u=Zi>=PZ?4)~x94s%gy36QIhWq*^PL6A0YjcQIyq zK>I@Z3P?~HqI@{9QT<5F2M~ljv25}=h%q$d*`tk$pqEAD{@j6#sqiQOOO0^beJ9Jl z!)#)IL>>@W9D9#b3q;l?CocqZ*jIyYE8=rH8pE@66dB0?17u^cp%%j$_e8OoMNOKJ zXs1D(xuE2xAdIZ^z~t2;2cTG>swWg;Xt3C|X!|^omHqA)AwApR*6U)ks7^^lOLm|RbYvBt|4~&5)z?4>O( zEe|BZu#WyJ03RTsfJAaLIsn2ELc=pmz1aZvS_`OKWS2o@OO;BuK{MaOR0f9P;-NUL zqO(L3=pcu+V}S=&R`#`OX&4&dI~yBZEn3fSv#VnOCVi-AhI#+g&3WLSP2-a{F0=2dC1uVMAomF*bgka{M>B< zyn=G8fP`fjV;s*^LssyU@LFdq^7Mcn&S{L2{Rlj2LvbRaNbsp4F}+b|0k9R*KFPjA zX!w-m?{C1Yx#s(_Wx@abnwRU7)$_-c4vObG)Zg%Qk*`^<#}bgV#aJT6hm#NL4n+Nj6443%1x;q+7a z44Zc?p_7zOiL*d{R*}i6%FTx$3@I2f7;d^|Dcf|L&B$(eR#4R1prFj{JSYZw)4L;g z!%$)zk`%eD=uMj>1cu^mlt*s1NjfW$c27Hfm zqTc(6%-zKa4@SHAA@Ex8L4(#^9FQ=;f9)h1fb3jfV=@nZJAMyILUd7?e z`Uk^R*DxpG?(~z2w3EGf9oPjO!g*Q|>;{l^QT~dLHPMRNR#(3qg*k&ELx7d^!4o=Rt=4RUtz{I1FWsWVPVT_IvE=0(%N4}6!5iqTa z)GmZ26rS3zB-}4Kf1esMi#^MS9RzJV3@k*%nBgD~o4`Cn)uEQ;49v9=a=g=}cWVV3 z2O8iI%>)+p{JS*tYW!2AcQ;=X?7%kvs5}9Tz^pu7{4GJ!4qhb$egG*c^hgL#)j)SB zliqOLvA=;m9fslgk0vU*P*^HKtzj77n5wh{2q{wkdAmhT7{LgzR$yF+FNE5e@GDaU z2dsWLO0Ns)E0hd?)Kx}C48|Ic%ivNi_&ZEac#?P=0(3&hVkE*I#VWIkO_&y;bq~yi z5&@Uyxk@7>V43r$5xaS6~Ce*|wx2^3W71=dLxzK`{@6 zu&;x33PzIIh2*%bWRxfa71O>GdKmCRwd!H^)k4}?q0mHgEY%T01q#}`n8x6X z61#x%KT92^>LU!`FeD-%E~Hktgko7h!4Cux5<@eRLo|CjRT7bUCcO}?7ti<@?Hn+? zEB31KgLfkx<%ad}?@=U_Oza0`UGxwR&ysPWl=dQf25`uS&K0`OcgWh+!`L;XDE>SuxBQ1tfzWsxDVjV~H0nTpAs9cR%8QJhw}s-2 z^zRSJ{sOoCpzACJh-4R3Bu_?QI%1+JNZJgkB3$X2d@Pw(emv;(gK%0v2xp*3;wf;E zrAJ(bs~VxVhqaeV5tZwojfeZST7FJR(e;$UE>?l~dubR4x77L+G3jQlbUMGoe}j4U(PS(Zg434%xq4v@-l z=;%(-Xb_3b-MV)VI-klS;Lk_>kbIz%Zi|hRPs0_n3scR1A@GuY|nO(2^pI z#)_I902rpwg&|N;+>WS2b!a!b5eZP<*|>0fz1A!&krGo4fENrL9_ICRGAWg`g9P4$ zByf@{wE`9`l^-`RAEE{n5%hy`@N2uk0&6SX@{7r8oIB<KcqC=C@GhRefRu;CE}QS1GzF;7<)w-lEJvZ3`X1-A zim`-(y@0kjj3bmlCTo1&e1TK0BMU~nEQv6Tes=}({FIvQGbR}}AXgy4ymRZ1)M9e6 z_`z@oRVKS(8o;2B96&#(JynxbuA(RzK_hAHWnyuz3@Ha@Is==S-caI&R_|+&ARQqB zv$}o-A_DEo1w*7Aq`EDlcdtz1Dh{m>FL1Z?Ko3V{Q3C8A7)&o#o(U42+mJ9n0xC|< zpqL1EgweQ2N}&(M1*Bl89bRUJ+)p`$3EYy-!b#A(1RpgX=!9Ys5vYt}%$TXS7PG9l zyn-r_jm~s88!{nnuFQN6j?gJ^%_14qC|WcHedkdE{5JWPDUwYPvmeBvV-$i6Ng_rD zH%mN`^F@Nbja;vC0W(c)$7P^Z>o0M=zC3@SUsuYQW?qvhi+WHwKRt8K9$2_#nkCK@k zU)d*PvW7^NgOg(LJ>_KVI*KOK&w-B%!^372zV7vl0DRj@OI*(kw}K9IQUOYo6-Qxs zjwUhy=u;#e7UX-dX0j+97z-+cAt0L%yq*-FP-Z4Av{wb#S9}o?; zn9XFrP7v)p!1Y8j9*V;&02%`;t{8Wvot!rmnGQfKYeba};ZSyZ&Q7wK0HhTZ5*?3Mp@gpyJ{eRL zT?0L?V!av>0-rai&VD~qkSHnC2fSYrC9RnSHC|tuNWy5({dRZ2-|xIa92PUlbA~uC zVzrwjKr(MNA)ZxnjNR5cmge;~=}%IEc!b7qK_pJuILS-@t--pSw6|QLRSKZAd|@TCJ%d;((vEJQPCqgyI>e zF%wFhtv%ad9F8HNM<^CzLKaMcqLQpYcR-gsV5B?{l3G`|A;E;i^#`1cl*Sp!*@-Nb zu-zD{pUsFOVMYo>ZbJk}2s4h(#3;-(BVj&jMf7$k$|JRbhu*~zr!!P5|8#>3&Rhah zud_LHvHWUX_mCaa0qa*o1($SAgOl{8BP<_{h;o(9gh+n@4io=5gS2ux_pUb%K`fRF z79UKwdfKx?#SlhTt8oN|LD(a{&NS>emy&$n<^9Qt;7=JqcS!>2p*M=V55f zAVQQ&!8J+|9q1^W815vAOb1^}!_Q_xidqX9tvb9Px9T8Eu#O?7gk_e0g#PRFms%Su zkopCgh7FI=Xol<=q#Gmz7YFxbCa24EA_)-5X<+CzBLTdEz{msuc8{QI0Dxe_m1?ae zm&xq*w;d=YuRa&wx|XjZETQ*AUbKB zmE-g#=_{i0G_0dLTy5tfxXnY1ydoInc3+97>2y_6^!z&@&T~ckeefP1pYNXo^P?$u zwm{^B7fmPwNYI>9GCX?qU))k4|IvW13A5^={$Y?!il5;v-L>z1JNExPn2yZLz{CH*D&9sMvzPHj6)_Q@te5kZbbFkf>5N+(@o+Cls=b-sf|?KSNBtY9A@bRDI28 zW@U{a%7B%sWvzaG52;_6G$>4b``kc?06zIfI%U*7ZqspPezcq~|H>YzoFn2#il6V3 zj4s$y=%<_*CZIi%V|pkO4{Er>aBtA}Wj*{6#Z*K@WKcrn|C~E}dwYXMQ)ss3aBb1e zBEj|vznUUeKP-){0RP_XuS4$ft*uIN7Wc7yy_c420#cjYk>}F z7)I$xQAB=c5=Sh4nj!u9)YBn{4D()S2rcOJkQ2*LHX$SA;R#rcjQL7cPpFwt0QEv- z>feNr&u7Js#}FOEC$D`-0pW<1{mZNxH`x|-`a3pigrk7(yiupai`|-e@cxVb>Fq4#M zuBk?wt}H9iM)@62%fHuW(>r8DL|;*euq$;xu?Wo9&5MF2EY&`IjG!dh;XWX<54jj{ z2jVvw;n>-h#_B!+RXHf=_?Oc;yf0~epGP%q+g>L*?h1JVUjR}h-T(ntqC@-(a7es` z3-aMGd!O{R!%cwSjs!GD%Uga45ETqlCGItJbYKVbUUfSc`K3GFx&s)UaErfq?zaQF zFicWdhf*DJ8K>Hk30|~|t8;4+`+gr+W5q~PfX|v#xtmI0OT*Q*KDJ>0cO-x7M z*nDK&xobL=6V*s7&#k;{X_31c1Gv6`kXcU#tA%m)xm*aM!0WDi??X<73L|A$*6+?U zjlOp^jWoYo&RQWa#{OJg$5H!PP!MtjZM)3_6P;R#FVHXB30z3{_ZfRX=Yd05zpp9- zM_=QgZ8lRWXBE^^7f}iz_)i2;&aFQ1`S7|6$s&f?mNC|`d-wDiwapB@(>1u zh(3Ll=MRE9DNox@bnojYt4=T0e{F>KVC+rCq3c3dH3jV-7ADh1UkJyspzYx*&+dkr zu*?5$XdLJ9|7s71!v>N6T_Y4(oUQCw-Vx7tKOTWhdfoTqcg45vJ&N!4#bNF1tD>@a zoMqp;Zk`2?%V7&3tIbs|^HxSSc7b}4R$AMX`!MXpsGkY(o~AR|ZQ8cnydUQ!{ofb! zNMgw7F(44<QQw8uu?=hLqH63&MczbLvWD2|4$Al#gf@pMI^46u80e9Y+hf)QZ0n> z&$Io{^XATXs;$p$FrjJOf5_N30LA%={qyu>RO9TFoL%^EyrsEOX0};P*_|o+$Kb_t zqCcH=HmhLi^YY;c$KTZ>YwBo}6y`dsy47CkrQhDlXqxM0n%SO=bwlP*bLx2%v1dJ_ zmsLr=tli^g8bY1zW4o2ZzI>gRQKz-~&)>;EOzZM0q2-eQy*(jWQJ`Z{fmgW&Km|I; z@Xg8N@RL$?E%^$bpJWRurR%oq4O>+dq?k+0K&mQ6ioXe*mlu8dD#r6aW7$I$hMmVR z63vNVVRx$>AqTq^jDd{clj<6tU!2!=p3@YTq&Vxn4Py2Rf&Z+u^@@9c-i;v=3iyQM zyX_7(9mMfEO%&)lkz>t)-hf&*Wgaq93?Uf?<>b6SPrkbPe=Qm4*=QOWZh~+ zfhuBTN9ijcF<8ZtwNDZm!D_C-8m>kPR^f*wZ+{RLT^d!vDZ2XFvb^4-<1Ffa zneQb2Mhb~vxudMauZj6z%;?2&O1SH3J~pXPZhLIU{M!%Q$#m2|8;xAGtmx?|&>R`t zaxf++tfehsEmND^n6c(r&e#{Gr~T~)YRPfD(dq7@WWkNJ)bTJYm^V3ykjCorcseiX z_r5r;gj7-C@EFbx3b2R2mo|NLg5%(Of9JHdoC|zR1%kt3ocaps=CKiG5d-K3`DN0dS%{>j>#dZ8!hgtH+~tk}od&^&QRkHqnsC zUjZyOtHgfrO2NkbSTBJWz&HME^Z(#1B)3IlKB}arCCV*0#F6OC_JnbhNC|WoUwW)g zHp#MU4a{@ZhkS_QjC)%NKIb`}MyYZWt5@W)ie+d~Kf>Hww&#wPk2ZYXuva|c?^KsI z2qsO7->!Es+=Cw*fydA%%+WA^SayIztoB>2!dgL9CQ!+zt8b4nrBb0n)nEMUb+{VL zNnq5WcZ-9(U~r)cb&;9VgE?kdGt_{wg2I5vfII1B;~wg&PyuICl_LJ(m+aHSS;vd}u8V3`e5=eBb~XnjSv3YG!p%U-_cReTvv>r!+-En0 zr>C0Y#K%da;6=RKp{KcW7L-kfFx{NPgHnQ+GL~KI2kuNFSRef zOtgJ{&aSlEeOEToC=vK9b+}3nTk#tkPwdt8p1^SSi86i*tb1xP*z#(fX~uur9KcI( zF>u1F_jwzHkF_Ag#*K7Z05CI&Hv;FcwR+G@6Va9xDaO0rzkj^#x?8*Kbe`9D-!~SV z{=K_w&ncz6EWhXww43k8nr%M2^Qtbc$F{b#GzMQ^+!Q_5XI(~x|7z~LJ~c$0QRuFb z_kIRkFWZl+wlWayjQth>U<+Vr2tSpu-FAFmQd3iRzMtDJJ$oi%jjvCLDvn!vM+m&t z^B11yh7kJz1iGYqd_d%u+h#0}LZle1XC+N709236p^9M9G%%=>m3M8qzCUe}=XWU| zH-=(1$T)vMR0U4{y0j4dNY48_`~c9weV;o&A6NGNfUb+Ty#F4YGW{*fgdOT?1>
    NdlsC{ZEfuA7bbgvz`f(d;eP*7 zVil}bL{zQ3m;86j`_b+eH2W8TQEWk@XG<&RfBClvQU_lt>egxF*n7P-zAVIC*SYEU zz4Rbsp`X2qa?Y$=tt?g;khXg1>Y#sM>a+V{@|W*AEZX2{{WNo6aYo$53G;(0&wO3! zpL1;6jEz18!e=Ud4e_)p!{3or(jOiV6J!Dp!;G3`?|#lhNB$<*6#Syqv3JB%8zaz` z6*)#{uY)^q{jr?mJ`9_g<@N@2AN*aGsV%fK`ZEN43xci0^|}ZtE7G zW!Qb0crEYO*j_xLU@mp%Xvdne^!f(r{tB4*Rr^64ZEH`c&uHYAYxlX49bJ=nnOl+N z?h@FjqlT(l1Zg~9lGA#1yhN6Av6yj6K;dNC`+n6jFecn2@%?^2b^zSXQQJQ!*cw6nkr420gzn=)e^Bx*cVcc@7r~y-Y*U@Fl(N{( zh%!Bw__E8hOsZ0m;p`q(>iSd%3IcSuock<<+=~1x+Ca{IN8hGRsqVkPdWiZO7iwo) zRMkT{G_NBiDiiyiJ508`*HrY)%fX%F>0ZvFb0ZeTG*@1fcVXAiJ-i9NTov$5y%b#E zrh>gyAt(@ee7~e!A41QyG(G@i>dzWrA64xzcJAEq`_MybKP`;5q*Tn6`vCk?b`1a( zErNHEitT8X>Jl?i#+!=Lu7BX-&)sUZ+4mwy|MK4OHLvk5<`M=3OvEjJ7|5KYGn>S5 z?L)bsH~iLB8uqUE(^)gWwKYG#UD5aOXy9FW#1G~}M(D8%OvBFBdFkz{92M@cwyL5Y z&IVsFd~STODIXiFtLidD{##<+LRE!``>vl?MZ3|1d0+_4cH2|q?(<| z_$@7N4INdrN(kZ+RLpV4yPq+;^TQ3rsE_1ef8q!4OKDY9A29RWWf;N25vF&#Dm)MPE?V3`k^wOmAnvxBO69Ss4PJ9Ds#v z4={sCf{z{p3KOTgz+N3mspe|?OhnS`T5=s9-FhVyZ%)4@T%Uj;38cu$12*mZe9s!q zhLtKSjosdZzyJOPrKyoS+Z7alp`6L*3BRzz@2XPeolbRCxx`vvNh)VFii?C zAOM!WI^QcBi(F3%`bSE^H|gV`f&Z4jE1Ct&t3Mw&i^H+c|2o`%}C%eouKucl4Q>YspK41E>a!mVP> z#hl*@HGTqS{Nu?uTn$I_jfzejKBsC~0qw4>d-jgo#O0+bo)<|sLQwIY6cxE{~BYtih%~l%vp5$4-m#CXk_?H{0g3xqPH&RD^5udXT z5#l@Hk##(vNQ0pL6xC_#I?pR134M?-(H0Q>Ux)I(AIt8ffNXuJgILfxPhAPiB>Jc; z6+xKRHf70{)SFweTERDcLXZ#W0fXC1SKue^O99|(geWM3voqem0l@0P{Scn-$GE?n zSet@BLlrLh#?Zq#BSA!LFDS&?ODtNg#x;okY2)(AISX0tawH_LE3B;f!MA{sCf3^0 z#r`;HyjWuQmd8QtEZ>9NsIN^vFZG4L?ANHQSD?n0h!V3$vSLI{uXm$>>Brt$OdWl9 zZ5O!Ny*=v6&E1p5i}~#aq>HbIZ;d?8Rn^v+q21aa%Np;1BaZ{oIspdzYo}KPp_a%f z4wq9UYix8@j<`zRU>r!h*7f7g4*a%OUs$Y+<5Kh1fu9TiuR1`nOZY-7fQ|a-;K%f} zACj-)8hs#3A)ZXtNfXqTEj+boh7NXzt~|O!Ccl&<^hG6Pe4hNg#{awm1cHYc*1zpnt()oh z01mNdRo@#QaL{x@7j->6weR|ZVzMxpiV|7jvFfqmCmd>oj0)2C7@bta)%n=Tha!28q}K+ef&Xh z`0M)9P`z57;^CElfXRV0bNMNrYOWK2SToL1XbT z=`anT+!mo&Ljne#^~Di}75eC}4*?vh5yk;vl-dD2+FDI7|6rz-jG!R^&^(xS#h$`5l^8Y-?AuG zi>ieT2d~TXvI3Nx&mQDXH|VM5D(VXteK#sE9*7DSaJ<_XYua#3I@!T&CL2g;`Q=eZ>^o4Pj})+Udgnt*RfgtpHF}UFZ@&tqhh|M`pc6_RBDc;#&`$1 z#%oyC^=Y@xW)4H-ItzXNu236wB6g3lqs zZzKvgrjMsO|D5LW-C3-WAaWt5| z>}7Cp`iu8XuGy$gTA9ki7P8_-pa`eD;j4&^B&Bz?LDuhxez%}eTL2;Ftz*{r?@N0H zud3VDP=ubTvZvl941y~Rvo@wm7~eU~M1oE=@oo}4B+j5VOOOnoJ!l#XeBNNV@2FTf zsW!(>h@pyy(YQoCqTvQk0AoY@vcjskL7Nv2E`1<U+e4wlZ)1ZVOAoOV@XO$u7FR)6WdkL5|jUZI%HE&7eu=o1}+)m%>R83X{qqWsq z4iI>!J$3_=d*9UqAiUqw~t3heXrma!FKNJhZ} zFkorQ@BSR2{mzdEgG4MH1)i+>*N!0xUW`BGcfGaM7ol) zp~1-Bdf^4wv~Bl580R!d6q9tVO>3}7zb>W@VMQ-7H}{BEoldL!_2{*AJ8gdtBP?Pk z4V5C_22sVZuNuhu-1=he@1{UgJ**yIO7kztu}W@5!LO6DTrcZ5plT;T-9v zHAKit^@Y&7!7`kh&P!kJq*BWo@GA@=+ulG&ZD-Y>9`M$>HFp&rersu^i1|*~ns_15 z+ja&^O#DwMF2sC)p|%Ox&LNX5CUVsLXsnQ{4~}RvmyC(wHT4&-v{=dFj$0xzyah3N z#p(l0eyb!rZ1}~w2uqB;6q__F+yOEeIKWZ$chO?{bwiqx`K~@G0pJ`c&rx)?a(u90 z2#G%cu{}kq6JCt?qMXM~=3Of&L04$6FVa!0jgss#uo;HSPGRW8ryLr@R-H&>K7B&f za6ACJ4FhF3RC-@{6g;(A3csj;>GAZST6Aj=hWx_#0;UN5EStpgm&Z{|atHi3{JWD+ zuP&B3y+_1?vUX5TUh+oSC>)~ppj!~q9h1|eahZ^siMUagb==S0CZEA|0)O$>%50bhWU z@AW$bMzSGtaOh`AX5Lny=vFJ%j+t*tNy4VlSpR@WyrGCiJBdO2R*!ja4GK?9!#DVk z+YT`;AoJ>~t8n1vbFG^F4skAd}3S@5# z!vG5Q{U7^&L$}*e!^cV$8o$|LkbKJi@So8prRF`^B8C-Vm3`&;Ws)o?Vl_a2mU=Ws zPqXRWK0pcG!+#0^d}0A1D**CQ^xvopP-7PVt4Or{RaY*&gdc^59*t7+Raa7USfP*b zsBwX+%1>PM+eh6B8w$O#U2&fniY^^{L}@iV6KCCY9K$CZ5(IdXggySAGAm^_mtYtO zLsv9$Pn?h=OnmF$_N23=Mb%|Eze9H%UL%o-s%hCvAK3pVGX-eC9>uAlG8%N$EQ`MN468Vvgore)0Dy+Sj&xJ?F&0&s|;mhOb z|Ht1!L=MBGaZlC!Q47C8n#8Yo;9>CxPW4Ef+ENHEQ{NRn%p=jyw4WI$vQcdrl|(E1 zSd^-I98?c#Kb%8Yhiu>kL9hL9IvKVQk7A2X5cC@zWuhnhr#*HUA51KRACl?2W|2-U zED_-KeI18MZ-9OO>9x9OU(uUxU|l3SP8>a4-xZR3ftGZS*ZVq@S=*8~3^AOcX<-LJixI*>>o`dr%#w4-~^`B_+`lQH-tn;haGr_X^g4Q2MxRq z?{r!_1CEAghdcV=kpxs3jI>BN1rz~<0S#+jdxk&LL?lxnPIyRcDpi;wfzrUP8sjy$ zH`b6~fQcJmdFI|{{Mfa zTT)3vsE*N6anFImb%n$ZeQ&OU@bQ7-KVj zulGKmK7D`hzgo7}`}KOhp0CIAd_A8N=f0jl!$&Hz-hhJ<9il!Izpzoa**$8XX%xY7SSPWlJot&D_ag0R~0 zEsu9^PCDr0Ua~>3?yi8J@`(=r@1P5exZu-QpSP<_O-GdO-m6&aGW3RAHcAb%);s02 zviPZPUyA*4QqZF>DJlm)XQ;&Y-iX~JzoT|@UaDV%p;lpg*JgVqom=wR)n~149M)2m zu|IL}PSCS!SEp6I9{>4tv(S$%WnpM%y4ArOgRgB5mLN0_P1HOoJ`=v7#%MrXYJ1$L zO)-U!1hCJyjNGnyTzlqeqLoA(LbgD4`?8~U*=7D)Z}Mf^V(6O)`hCS)+(VCm2I?9k z*ET%faOd`)g_a#UDHG=oqj9H==CsmY$US;y^i)32Am{}5^tnI7PIIq3g{SMKHtf%iNv-*Zmj5vVz}hFP+^}Euy%0`G&!Uy&8X{4nI*G)mjcus~;(D8=lE` zkbf3j<8o2)QtXv0j}HI+;fC&}2m6OQYKK0=sAO)~-r49?f8xB+_T>xdk9|AE!+JFb zTXFC>`OnE$tcv_ozC_HTRB?wxCk zxT0!cg?e9b!TWJUo2umotBsfc&dc{EJ%4lY%Zh(T^!&b{Lq{Cg3XcK~*?;@f=F-j` zk!M5xVC{UX9d?qSp`oF=>Bg;-QLP+5vZhG}y5-S8PcD_DRIn00VY)@p}rhCpB`=9&);*57pFT2@D z{H)gOeiSTWbbFiFm1IH5VA1^jCBua$g^Egk9I>(v3c0oYvby#c1taN(JqM<~o!A$- zA+6+=pU}P+(KUtn-zNI94D-^qNEUC%6XqBGF}%r4?A8Ik4ama2hT|D`k8M@hlrp#d z@WJA(F^$<{Y0=pJ_F{`N zX`qUc3WwQ?cfw5BOVOvMns$vEQZ-Yi`IHE4!5f~2>(10%YdZJw$Jw^aaO!9dM)KP; zYtE^siTvVq`$)kdIwGQ9?qm#sevm=x_6D~%T-oKKq<8DyJ-DIF&cEjmI&QrwDr&0U zlG5Yv7Qe*>*ApJUHCeyNGw!f=hOnCV=6G2h@8Q2wK3pyndvPRk%geeL-1|rN=fCb3 zmO0_~#`SC3u}!C=(awjTD^aewRF{aJ?7-@5;2hu=+(bx992nK{?KCRS{8}pJ`|NtR z*Wn*&*X5@hyWX6An38AS)Ut7ZO}+f)jZ&L5pUTGBw;elb7QL!&~{ts5_u zAHB0D=3@0D!=ORSoo6h0v!|VI%ICI5NDwlQ+{)+@{=h(vAF+INq5CZcx5Y2-gm-11 zaP~q-;*C$aM&X}I9ZC=0U!C0N8Yo=E-+APR^7KT_#U%X~mOAoB9=Lx~e(vm@m=bch zIeggrnQ2ha!P0NnzG~XQpT=AQK0Ke017}}{q&=8eic~yn_SxjY}ouzwA3Lz`sg>RPYCSsHHV|b*Pk2q;|~j`hE|Tgel@F| zu(y+$Ws3U<$AFvkP(>*&YyH_GNDJGy@6_&Wnifc75IJ*Wb_7_HoGJWxGA8f>q_)2_ zacRr1mRb8M75A3+G1bJF8nDoukg%Be!x2)3kD8q@BjpU^!wAT=oQ=EzFYE+)AJdOd ztEs9s89)g&nI@STu!&eS6K(zLHy^RK78X*1TE}@q$eWS4=nreBA3;j$)9=9`Ro8wP zlocd-$?X8o+udEv>}7tl^#}w=pwiYJ)mBP$-OaQ)1O0Kw+g)AW+*~UsC!_^it%El} zh^xQH>L*A4nPVVRFSR2TJA*)7X|3YDOVy0D=uov04=sJ)sr}isplyPZ=kDt3=mc5v z#uMJz#Vjc)0iNViWKqI@%O-~fPMjP>U4ho)epd;7>sE?PV2d(%!I9JluLj|uJYF*v zi~Y6YTna7$TDyMc&CCoW=!@*_?fuXv{=ea*_B$K3o`aTerfdfFQR~g-`#mRsmRv5^ z+}!*Zy#S4Ka=5~ijvjZsWql`StdA!v(U$FNr(qGqOmn;*?EP(V~)kQD$yK z5^2OzblB!G(#Z@g3ZY^~qJ9jujcKYJi=GP&VDnQo86hag7QcL1``Esu1TSjdIGV$s ztU0pm<%!8w8m^{)_C6k=Hu6Hn5(ZW{WD}a3frmSldUj`Aq&Ja{LTrH0<^|T`!$CCrH?Hh9YWs+^x?<&s3U2(F} zLR0(;L~QsSDGz37z%X~4D;$nW_U?}Ecgh>;nyK~;LcszQj*^E1#*}dVN-pU+cV4(@?{TJ#yZ>~Q8h2)ks2tdWs-WBqa(DN24=h#_F(w-*f45ag za8ULcS@+9?oE>Jth6N{bqRDyd1!4KP{N(d9Z|qiE1X#j?y+s>)cT#{&0dsScGm+_}hB_59l%!+w4fU=zL zJRi$!uM77JQnL3oY@9WoE#7Q{KQ6T%%uimpWx#qTUajepH|~~17>hfq*BVEZmV~5JsT9h58x1qNCbdV7@LO*=SH=%+&-cMVm zmd)CP_EG32#)zHnSZcntvQx(MSF#91m+xeVm*=d_YDT+^T}_J?>g!lOy+yM|uty#F z<$VLmLZsRfdGp8$J58<}HECHFE+uhLZ7ABSfVkGAaZH{QBf7w}67wOPvC&XaO@D3? zIur_*8Vw9l^QnLt_}z|4bGaGJkF1QBaB z7khI&7VTU)B<5!SxyUPEqu~|}u%7~5%%!Cz&>6kZ8s;|KHeEGRA2a5QPH0n|?lVlA zh)`y~PQWE8m-MW_c2PZQRLInTrGsx5XRHxrGQ=x|cPW)V41dG)82kL^SU;|UtmwGF z?eXWP1)5GZp7G-$)4CE`D@%qyzdY%vIqi9JrzgFLju2>F3=J$$?+h7|wTHj+UpS^0 zWm3TDrsGCg4X~T`#zigf0=|nPUncR$xnN>kkd>8{lar?8_9mrV^F?pYOH5_??p)47 z8|-PmC5f@)=Z`mV(Td1%_mYHr^Ra2O&1FuGV|RVSkc`37q`7bSi~&t<))qHz`})>9 ziOJhxQ5tj1o&_XTL4&hE%C}Tx@c;aQZ#}d=X%ZTxF**_yL||0MpKTYWl`U~q^0tQQ*Mx3* z8V-8RlrO2-t=HfLRh*}mg-$XQVG|c$9~#!pTM!zW)`cI;B7+)u0SXN|5*nVJ1RW1a zjkA)BGtJm>&Wd<`p%|%EWi71NCShzk1R;6}-~#GkHjR&u&%FcIj1QOAB~(U_IVeqe zT%@Zro;U@Jzv<0bH?Nnve3Nj#phvdOsGMCi^{}YD%KO47y2DAZ7cuaB+_OidJ>1aL@iv>|EBYuSPcn34o1|XAApzSo-zrZ2b8To?ypHYpl(;tm>s&I7bk(9ZRw?;^Ty3> zg}l0vUmR&2XL_cv?F0K*cMQA^bD@A zbKAEuvrs5f%WYnkG{d%acQ@pBYVk`$zI1G{92a)~Jmqqq5A${6fSsXk_`QdYR}+e7 za{i>}x&$67axkP8_uh->a&AaEA)&d}q-bgm*Iz#U$kpEtk&Gb56&Lo*JR`xM6^wQ0 zkn92yweC+@$uA`NtiIwti)o)DM5-zC&y){!ho1qWY=)dHmdeamd_EBs;k2c~Dz+)Xj}wi*dI;HulNtO`r@DH@He_tdai@=a#|W*L zal}V99)|w@Jek|lWP$jZP$$8V`CJ}u6zAQ{^fP?mWRu75IQXDNgbPz!3{CRQgyjpQ z)k+@OqVe6gMHYX3o6`#ZY{cMV(y(sTPf@?KZy@*-#OR&}`xr@5E~!YU8eR#)&& ztx1YbEg-==Il}!YVQlb0_w(^@R0>fOtDCI8f|7~B1lg0DyaeM%h((tCi}uw>$Hr1( zTHTG~wl+)TcWlo`tL0TbX@O0>FnGL)y81arjF1*8sX&IV%WaPxKy~-5#xGc!)&|b? z{gINQE8{D^FcJb zQ|O~q^NG3^A)KvzU?PUnD?iE1iZ!|!`l8)?HlA$vLD#`UW$Xz#T8lH*wM8PFS*xkj z-z4hQUDiOlH_i(Aryk~;{gEbQ)Zj51U{-TBX-g`&dixwty;1wfd6$L8y zOMSN798)#qPZHE*H)WL$qPR3V+q4IkT6lHp!rUQD-`qgDlg*oKe*m-s1lEI<(O4o# zGQvAHvm5Q!J~qtoRQIEm)AdWVkbkxG7gK@$cAs*27Q;?pF~H$)B$9P}U95ojU!|hi zw5c{2_a6&l2LfcdiHnJC6_ixJTfgVGqMf33OO>a>Yo}sut*xzv>{2|h^NfsOZJ&Vz zW_1x94k_{XGBY?sOk*aO1}U~X7zfQr{e69X{rweqyH)5L`k7|H$T@%h1Dt9`eEteD zmS(SBRI2hPaqF)^1J+XlXuw69|Oza=$tWq`PwulPHyiT>~-3m)JFMWy*z8 z=_hVVIynKNf+L_MCk$9?%pw%@e${p|x%9#4cZbFp^n{L7--v^a68d}eNq&*D?=({~%4R60+7Pd?v=MF;$Pk ze~6S#yDx{fM`S>^gN{}X16?IAFE6UV@%-t3cJ$RWY1q25gN1{>V0OWbq^72Z+VtC^ z3Kf*9?z(R60WM29RxSGe{B9prHUB(!VXH|!BJ&PJGCL98Hmj@qWeM1J`2 zVFz|`>DG!4IdLIf?htB9z|9*AxXyLn0#iA7e-UYSB~m6Q_65tS$qMd_7D~X>E&Yy zB3d`hI7&wvk_A=f^z?1HRfX{NAL168uQZ3CVNHw~;Gxq|3F~9dQ{$1YqBZm-j?_TM z9J4a^$oT3cdo)?CVXC8hTOu=^i(4O0qo0}7Z|Pq*l$lc8PYC3EfwOONF>60l7o*pq zT_H+>MKYP*4F9j$+WNz_H4- z$Db2J@WWtPTPd=;dR;l6M_dq_0ePjohv)Rrek(o+~qCg(26L#|JUU&b2IvH&(l(XR6H11$Hrs z{4u^F@$RA~X@LCIh?QvqxJoip#iA55m>TaOq9L{XQ79<+tUXQ7iEF%hnq-k@ zm9A$;P;LIt3u0km9>nhRW6T#RiU@fIipoASfX){5*7mG#&wfv#>y7 zFvQ<}iDnqJvb>z;v9|jklrsjNk?!tpU`DjGFb50)&uTm9C{^X>M;fzh*K56fd=~px zk4-_#5Z;-6Oi7XMu3CS`!h(E!B{6MmYz$z5Ln1W!r;GOBaCbK4;%O;ZP3N{0&_XJL zierF)K4_)Y@%QDh4o~P{-$tisL;0VeerKwqW3KTwH0%=;NnBYN*IMeaht7L#0Bpl8 zd{h>g7jwTcbc|H5+1NDiPJGhhsA}(_nwepzx%dE0ZOrX$1`NX z7=SRp&gjQ+TVH+?yX0yH&yfQNM(OF%H-=-pAbc>P0c#K81_084WeefMDT!>Fc~_S? zJ1Y(OSx$oIo^sy|(omF?l%jopgZ@+-X?O&p31cHq1@0!}TJ?FD0{AxPx=#tH=3QL; z+gAf@p!^rqqe}ncN~$Vl5C~&~f895#m2h&@tBmBM&{53v&djg?^aW3MH}*eo4}&({ zj-gR_8x$`_1M;E!>#5S{xwqybT>q9PzsCLw_POinxAk>E zFW}VmaZ~A1sS79UAtIS=|A^JZtnq_=6j~T-?vKM>y|`ZEAh`6_)zyuDij}aH&EcR> zC|5)D`dU}i`;Xu%poyi)XkJc%n{#IWGF7^2mh9!f&2^G4eu|xA|5NURnEzJSxU01g z<7e*4Twd~K0Wk3a4zR_HxjMf_uxB5y1_wQtPt1i5xyca#-U9BcGViBt(85(Za@&Nm z2BJ2DEnRcn%V8!ZQ79CqsUEatZzD5lX3Xkp-ksKec6`+$y+Ys@%b3-HvBf6EFRYcv z@)#R=z!Dg-dB)Tq&~BK}>Ss#LEX=zys4Be40l^L--IgYQIs2Tv$R25Fh!H3#9;O!L z=LcG2qP+2WYb%(Ug+|4tbp#j2jIAK%xj>?F{f58WR9%#& zCv{!ZuQUyBo8>~+s4QMzjD4t<^-X<*mFPd>Nlp~AUMrYc5=1f77e`XygY-)9Peek$ zk)|IGEoP`TUA`_C)qi}McOaB9GX!U;pFZ`M!5KHYE&CqE4iZ;}#&XN@&y;i&1k09W z`cEv?X$DSLZZkBl3veAt6|HzkmM~;d=6mW8wgl&TN1=7k8~s6et-x=JtP)tjUFKDk z)43n%Bsuh2drQXxUP^VoHujt?1PmyCNNFuzTwE+JM)V_$h~8_An6ud~V(W#1wwT%p zyFj1TlX^4vCa(APxcyksYF(Kz9Zdfg)|x~ixYxg&^ZRUj9x($SL&lD2aC$oaa-qFg zkh*DZRX+7S*d{#$%X0byS`|hZ?50&$*Is$L$0x%m4bC@1DfWEx0s=$uxP}-E)s+94 zT>W7jhVMT~*I|5&tx%kQo>cPJ^a1IQwn#*a+}l1?)yf^1EEu}$BBT{a+)1`Akb@(f zoxy-#6c-NItTy6~+pN^r71%IiJ5qFNXI=_GXZdL5Ngf>3MRAze#hBqYs5O=-DiFVV zG8R z7#eW9)RgtCRUhW2$rP%PDso_?;m4h%k|TYoWz7Z*DvGRAa<+h$Zlkpvs8L(pRq{r# zCl`<x>-Y`d{Qf(PD`?U(>@=y9|2bo!(iVA4rye)0*cl@1!LrGkiVJAz?-rUSkv z5?4R3FMP&^t}V3U)?XFIwj@{I=^e9PYm8+Pe6VPD!>u!eQOtx|eauckeZ7^NxHI8f}LA8Jh`lN|5>bRH025GP5ga9{x1 zEOGN7y^{R{sTt$LL-UP&IH0ck0^rjL*`@Fce6bV~iPYQMJ4mws7aae{p$!fWR`G;A z&zrt&lexK@mO&gi?+{KI%LzoEnE3b4!2M4bXX?F2472_n4GjKb~Q(`CK1Lw z6(#c$*f(;gnT3VmF88SdBfcjCNCR%ryu88XD1A7mv%c>y1dt4u8QnXob8_${ops*lcnb*rlPVzZH$MV` zE^9#N2L*fEAra~eA@>?U?(za}Z;MHCESQ61=+%qVz@C(F9+UylgsdcpnwEG+j{swy z9pbw!6(t7*p3nb;IM8VHA0+A_9@c|s1IphY=(GME3pD6-2m>9Wwzd}ZirOWq-t(V1 zqIxT5w-HaZh9W%u{r!tv+Aj$PRE+BC>I3h`{}H=~vT3I#ii^8w|3L1}P**~=N+Ra> zhFIj@D1304o^77_JY(BCQ#&{BZbqt0#S zSyAcW)upASL?UJwGY)A@M}`uET~!w=@i}4ZzXmVMV40`Oi1H-5)IVnN;v%q&|C13U z5b{w6N)Bj)`CBUh^?+|y-?@xJRai2%#|#9155x^rAEj4asjLf!*w-D9q2i*21>3e3 zI-Lf34;c=#FOMYrWaw9n4F=9U9|o-}h=s#&b=Hz!Z_xSA5?TkAu&W)fYL=lZVd}>%*x0PS%LJwbQ+(M;8LQS=&^RVxzf)1!}07$ObQ z_ew7{owzMAPd~rb4HC*o(6RGPNcoFG?kD&5mY)oa@~)VBgB!&3ci|#V8&}MRB}-yj zin{;Ga_f$^uZ0utI9fDL?7-bTw-T)oKZU))^5 zN2Q;laW0&4qjA~V^=nT(jR#?g;PQ#7iu3Fb(1I9GIZtp*Qd^2^P^?<8k$0=D)ToOT zqqGf}Xt{O2yH(Oc7<<>?Wnfs*KM{_-$BwbM>ECE7W_gcuclq&RLjehld-shI1SUh% zPhI_;EG+a;C?_YJB|=Of4Nhb)r<)%CY8q%)>BNlYkL-=SgPiY@kyA%hO0KGnhK!ML z?5>9KUxekg8ki%kX323CexC-7-YaVMO{XAAZDyH*~frx@PD}(`5D*B2H~w#!ch>2BRl-j`Ui|ba5_r4WiX9ml1cK`C1HvZ68ZVr&2OAHZ89Ta| zfCSv*x@_}sh=;+UXFm#jUX)G9sQnK^{9~(~OLJt#v0gwC@abq|ErFHOp4xy-e{%w0$UO8>rTTh|;&B<5Rt&m4SY`G(bxn9t2MJJ10Ku4s;r&>S;1!hAogi{!(7e zrj;?=Pva-aO--;t_a+%?Ad5Czm!zm+vE#knG8BO9*#ik~a|?5Gpq#`nI<{AWJ6SBF zq@{&0zEqfoJS|(!2_G(SQ660il?q&@WQDer!t7LXI(S&wOnEOvg8ahed?{1hgO`3a?C_tvjOH*T_#AVjRh`XZ$ zhZF%b-R4WhN)q*~_?r9|oO>7AIyCSnC%qg86g&sMUXxWEJCpLhwG7QHdzIcD>~$bg zve@fdv9)gG+2WD|tXVpqyon~F2|?!t5F1Bxxj=R#{49?h)Qw7jc^v5S9V=^>E)`eG z_o;o??T2TGYIwFrtogMt`I8}GQos-R0*meI!%`xulFx=8^7p3LM4Gqhct$od3e%v~TgNti8OrBh+C;a;5mlUeB21sB|0;Q)w zfsxiQ5xJ{GJuHtm+cc|Sfl=qVE&s`)jEoE{h6YpMNiZM>6B84;Xwbv*Ay4=Kd-O|) zfH){-13Y8D?6j{{u|UmXhk#2B5XGS6hPS7$=iVs)yVxV5;1VzVov94i&)nSNqWNO-drh!7a= zU$GBXhps~Nak&X2$Vi9)`zRMPGw7x1rW(8n1_09v%$S8Yg;R?YAOiM6KDr$H1WoxA zE);I(rE*jOEvcd+p^ETZ=3^%(vnMAX|7+s`vZe!==F!>}q z>ouz=zd_6ng8|Ov^*{YJArA=TwvnW=I;iA+x8F1dYbY)*R^--tL#qnrX(@v58M8ba z6ZiyR7cT5_adkB!DkMUL7Cpr?OnAGcGcp5S*sVb=bUTEb&r9+oQyas(iV$Ve#9-+V_T8RM0} zf|vJ~^pu11@uqSRef|LxM60C#r4?4(mrPF#6Zwai?lj^lx?Fdgyr|g5Vvrf)Q4z-( zB>uifb!m31W_s4>$ZfhFM()lFzTHj*){{L=1@myP?JLIX{?02nTy)r1DzL39hKBIs z*P?I}cTN0pak&!R6_nt(9%-N)G_#GQVwVw7ybqKGKJvpdB4iZnfk`V--_BEDr z*(k&Hr9smd$#|HJE1L1~>%>nm%$RXn16x#S=Kic=n0SZ&r*JR`k)1q^Hm?G2c#M-_ zoU)D91K|B7b+bX!u_hbay@t0Z6`yZ(S?D7>q*wf$J`JB&qJ%Kxc$Qd2i@{Q=TErQL z9~2QB9H>rh8sD_cE)ltZzUS}#4pls%+8<7SAC#=RWWHa>)PxOlNuicNSkWA%2vceC zLTF>9Q1*xf=JYvCB_#2T$j4msSLZ4UHFDtozPT-IiWwvQHWxI-%c`%%hvzD;{}8Ig zn~fs~CYQuwGZ5Rz&dHV%9T-4)6*H`Ve}(?I*2-ft_`Bn6VoEE{$_mw4_;W|+qIS}<-udE{y(U-nw@!-$YSqp%eG4(GO~j?RMA z+uUee6kcK*%KH6b>y{Y#Yk=j-r}t!^H!o2_^=&BA-{NH~d7HPvVT8T3OGRP_Gcv=y z)kY=oWc&6ELIUIMDS`eh`Wd4HoQV*8`FnvG;0UtJz&iXe{RT4u{yqXP+%&-u!34+%#I#&Ao{4nfHv^e1@bbK`gXOZ`E+?db0MEt|he+k`; zQ03y%{m4%fk>funw|i5Mpz-52_2mc&`-^*6H*ZiZ+_(Y$-1Rf_QuXvZxbQ z;!B*?`IV2g*aEL=+HqF!k73^a)M}4F5b8yEHu^yY0sll)I822C7DQ?mPL>ImCl(*} zDigmhSR&kd{n-oOG@V#n>~6d@U)7)$T_v3<-H*(Zv3jvepKvxg4bj=aH(pt~lV#Z| z)P;f$h@7B=V1`a5?NDv?(wMSmGdlac1h0Bp@m2}Gx!2-;WwqoehOa@J4r=h+>p)$h zI&o^GgJ2$cp|#l_>$;LQBY6;b5G{ogcehZ7A*#Wfd7+U;lTesbd_jMMu!V5%4QgkX z2j|M#k@=uIcYf8SEen}>-zZ5yB@=-u=|h2|KtUT<3H~B!N~S@@Pt`;k@%x>=xDBqV zkfv-gMGA=)CE71Rxkwr+OxceFV#2dBJRj?XoQ0f4vJ_BrEhkj+W9yUDWSd0YKDsf9 zN3g}5#jO1 zr=(bXdX%o8ZoIC)?vGWDE_uqvU*KOg7_xanJEdckS)^}-$FrQrYAdBH-_04!F%yb& zWkSazcDl}qx0}up4JZxNH)u8pHr{Mh^eMb(XV$)EQ^3m#iU?{53O!@rtQ%e%p64tv z(R^&Ajk=+;q;riTi!zLYjS9{Gq-ZsXIhmAikuN*JY)WOSV>)XJon$Ns9?ltdOdd|s zVt-t}^W812_y1mdYkJYK%fB1(CjL$H8@xA)Z(`WHIq>2wuD=I$7VHg$2TrA)((#x$-G0Kps7<#Soi&35Hea+XJ&yK>f zQcNmLS|##FX#(;oMJbsr;w|bPeXS!TbJ~IL6WVgq0@7M^l65jx^vLtW3r6WO)G~Ox zx%H~815O0i)Tv7SlO%sh2LG1+JTn3LqFp~+IgDbqX-vglz|qi?Ub>*FTKHiqm8XNR z*EPdA;f5ZWKTstw340M+>+QkY&kTESiB)M;pQ~6@?v~zm%yq__Y3RB2_?WKgRSab> zZdMiLF)TT>9JukuYm_cxH^?*$U%t8|gHl0RUh?}o`8K_}nz3`BY4CQN1nq6F)DE2l zt-Yjnp)MPj%vnlO9ikmV9m+sP!8yj6V8FE*wO*+uunA|>XAIJE`j$4KI3Km9ws$)q zJsrH|&}q@RIKw}CUkjy2lR^s@5A2D|iP(BGjI8MwQ=%NMTvGGvO83b0C`aI(fWJVn z!0Tp*<^ngSYn^+zdxzV_v+3il+i9pQJU4tH;x~?5!yS}D;^k( zErsp);kS5~*rd3$n2T79m{g3)Th)s74?$`{B-#Af#Q0b)6b?3dS7VD(zH9rdNNb0T zY+s`*_UCM>HuCz1i^H_qRITZV@QDeR&>#I@x94qqDn8e$bKHQRj%e_O{@UuM-wHm_ zxHh;8hmY|t_Z}6E>D2JolPs3Rl3at6eP6X~U#@iuUeAjRi_D;9%NxxbH1V#yt{fMp z)Cnl1*I?tPZer?S&tMj*?=zV^RD7K-G#dVi##Ys^AvWaU(}hG3MFQmyRpbiOa)^<* zK}w(e0BG}kJ$~J?pYZqDZ>T$mA%~;AQM1E?&s`hGq1mgVpHszO=j&t~HQMS|E}Hj3 zEl4aRW{>+n^amT@FIfgaCgfA)OPjTgD~>k1h3kanSDF}x)L)r*nPZtBEE-l6na;8fhZjubCz6m1Ng zrk~a{DDO8b>8M+4qnU*2hgP!YmN$JYF%_T8+0EPqzX^@sY}$3HIY^r8nV)W1vhWy( z4Sv@3Qh*4PpwXlEO3tk4y+xPK!b)Ms@Lu|EeT$KYmWSwp#7X$D_)qbyp7v1tN#2QR zu3WB2&i3G6-DPXmJy!S27a}gN3wGq#GU~43xk-6WR(r0AkCIXNW}O4v@^`53Q!cAV z)B@DfrWU6Bt1~%GTt2xh?RbtS5e^YD2qrwbo(EmV#aHwhNezb&VI?N;q&T{t3U~iJ z3G~PDeWz?EP+z$|mQ-9?4Cx2QlxUvR+2qYPLGKh}3XF<*G6 z_T5c(s*Wt0cD_~IN3RuyG(UISy48R(K`!gvHbNeg@Sg>~xIJWSc6roX;NNkB+>gG@ zL(>!-_|AQAe6P2^mQIZ%OP8E4Sad&mJ#CoRbiSWDtvy`fXB6sFE5h^`byFhS@q9RM znEpfMhh6a^@!_DGpvCWH=UvDBK{4ZNKU-)Ys;{C(3sT%2p-o1*zdMi3M)%?bKSFYw zd2XjJEw=Qx*T)@Ajdq8?_u5o52H_fYnfK~FBzL;IqJh?QlcxZrMML!1Ai%Nvh1k_W!`WSC)yeh^1 zrI+7@8k#UX<2+4dR$Rvjt-h?k>p7~qOf(y?cH2}tdKh;68f}Y2MgsSL`z2QmZ;E7b zGu!e2Whu@!^c5bbPeSnX{Pz+HM_}h{c03Dh;j7~}qnDr{LpS?6`0PNntPcYgg#Pbk zEC?4|d@^&18Bq0{0~Jj-!}bSsvhMx;9#UVr=-*2~D60)g|IX!T-DGwIT51%y4U}HQ5t+W!d1z{ zlcD-w*nSI1EgqxWukLP;YFzCz4YB@APzZhup|U~3TxDxvm{=o8Ns_jOXJ1e`+U9J6 z^UtbnW5OLUVxTo=+xf;;fQXzmZmM|HwJ@3f9GZjosf%K|Jg*>tjU=K`^!ayNJQ2RU z0z2UNNB#J~5Bhg*=-^#Sl5mx#D@}f!KVyaP@63@C%{eq5m=+h^=W$BZs#o!x??2XL zHxs;UuaN)J_~)T^Z^7w#RddBd(hc7-LJp*bcQnirU2Hy$yZf0tXZ(Gb!%~DseG+&@ zNV*$5ZXFxCGR`&s-5g*?NWen!qN^e5SXuGjhgstH-%9Gw5t{yI5rJbPK_Q2E!MTc$ zVdQ^~Mf>LqQ+`aPAuAJw790Bi&l&VY&?l9v{7HXu>tUzf^GKk%6x>j|7kUILQ9Jsx z*+THA=-ce!*Q0{(+@<2}_olXXni&KCdI$w*3)Y>MzHfpc)tc9>srd}*UU2Kq3R%->*oTNo1X&qFIiJVkZ)YO83cVP6s~J4q+= z@fh(GD3>^pe+W7@p?}}IU_Y&4x!xPzJSt$a^vISv{gk+8N!%^~JVX^|wKe>1*}_+HHZG_18;Fz^B>Os{;PrQduFgveyC# z!-9{EYxaxw(;J0J9_zz=XF;;iwwJ`~pXQ?j{kXhw;L^#Td71AO)m$pFv$NOw61&eZ zXf|>eeVqGtwdmL&89`<6HG#`2IpLkXsoJfLTZP?@f``_QS@lcLD~QW*4r!6sf6oPG zf>2J8W%5bI>SKs)*~(^t)l{MCVb!#zZNpKsi|*LGWy7HT&RAEG)>2tPrIypmbH}5m ztNMPXmIaHlE^L1b6SMV!IJU*Ro3lkp>ZJ9+H}C9nUG~d*7U)YFS6}h&mwq`xc~o0o z7<+xS8pw1j1wCviq0IAJtJ_N6d&PI$8tGZ=CzJR3Ki0uOHg#N7cQ(RI@8#u;9@^Dz zLCL#DCrPr=Mu}*~y!x6Y_xYxW+r5XeWS7GohZ!B;O#Q=+7%d0e%>nDGsw&GAw@d4J zi<%@^U!2hI0|~y`9eVzr$j?k_r!vIRQkELQnQi@D-)IbM+`5DCESFosmL*M>NP)+Y zaze)i7Oa-X2PkyUuSbqT0N6FlacM651oLwLH9k!L^B+RQ?X7&gyIBnPw->gN((3I( z{9iK;{A5+UFMLc+Y{(K35fsMMgeF?fhIoq|k08y-a$oR=Nkx3FtNE@LY%OaR9c+1z z8Y>Kjxi62FmKfA3dxMGi=UkN7F!cRPU1aBLuYSBh{rE{T!T6;cnZ`_v(~H9<#FMWE z-Df*Z|Lm5K0fzCzk@ETj;q@67p{8Do0LS4&#dmur{-QjX_r77y%ixy_s9XzSq^9Vh z-mhi2+X8==zIr$zw(bPsoeZostcCC@2$QJSv*>l#7L+v41!jE{fSmLY9~HcpLr2## zN_NgBzP$jA67wZYYq}KiZYA2fV!~O^l`NqWM(*X< z=Jnh%!J_&%9mdM_@(;B7y^$fMA_Iycjy7+ znd_`U%m$`^C9(iYlWZI-rDF6XNbpy*L#OYe$yreiB>s}89@xIcT=|TzZf;FXJ}yRA z+;3x`gGQ^->XwpcYV%tZp9*aMvCrUL(o`P*B)gK6?@89(c$y2HIHjf9&riTO);UQI zea56@u+|?0#uTv0z@%%XZyP^5y#XO-c6{z^2Z<6{`{8fika8nB%{y7GG@cEe>6*2B zBWm`BJ%)+AvffJZXvT?+4k5Rt2ALsbAu}~HH?Hrg)mUo8D~G}RanFg*BRK5{K=;`k zx6^#Tr}gq!!{1&{sas`<;#)gGRqni&sR(s@8ol3MBSMA0&-qPb>mU|n3Z;PjO4&$1 zy~CCFW$B6V^+g8}m%Ic!{ickm-5JlJ4k&kO;-fHcJn4Qo3$xP9MHKC%{v_dX(uD(k z7%@by40X+@yC~#DamE=*}p_tM(mi5<=)ILKDpAE(0t**LEmXWG^n~ ztpsbntq7-tmiNjozdJ%iAjVcC5g2~A_x31l^_{iT$YJA|Ov=y$i3CkTo&AZ96+Dw0 zs;}X1F7`K5hRs=sIPgR|*T*XlKezfGfpCj*F`-XR(!(WEojfGu_5m;LeQMc<%*s zLAH;0APwfQG6?)Cp9QXhb#Ca3Yuih_a`>rKK$oSIAr7rXoKEo_p1u0-K`Dp=BEZUU zFNX&&Z84V&{l^p0B>-N58lvTsaMH}e1sV>0E=qoOYK}X;deAHA?v4MreDZLji_1ZD zY&V$1J58E>42OYEF)RQz_o*4yLU|wwLhz$KokO+`JZ8}`Ql;Ud9bvi^7hG%Gq>P8r z&&4D4m3V*0%rqogGHG-MIuT%Z*Tpze_v&ukE zbdFa9bskPIgY!GD#XMFI%C5hPZ)&pYhx(4s^o%EH%e-MVREg6zIW9lNL-M_^BeKG` zMF-V?LxFaSz~38KNBzeS2-#zVN$jsf-EVhtpx85|M7p5|*650UVQ7MP%o#uL*u>>Z z(SPt*Tn12gnt5-xjeD2kGi!Txs2f7EooLz?u^mAw10spm+qri-Y7VbyF7D_6T?$oCphUv#t8NBX`3@fYVYVCWHjz;=& zC=S`gmfH>1;<_VIxUuq+Nb2xOs~dG}&2-D`agJHg9gReCO}uhT>C_?=jk-I3i zPzuHz`1JgAkR>-}IYK4|zuBk3mQWIX;&XPIY*(CA!m-eI;w3u%UM;>{(K^CpOB!c{ zi{_Am49d!^s!Kkx`2}HPNBfZ(ChbR^rI`4iS#O|+NxTKS`1|R~KiA|E#X9RKcLw9m z=_BBQ+7{}~VL>M9<0Jy;{EaGKytqQN&V+;vk*QG7@%^%=;1ksGkcypnB7?Wi(|n0e ziF)K}ZH5x1;n{6bIvkkILRf3JNIg?oCbSq_KF*B>rzq7))dKSKvo(v z0{!#J;@O~9xDqmvO&w+?x^o>EW{GK7S`h^ZRe)x0^5uX!HR(Cdp!bAI#Yt*%{}M zinwSA;Xq}59YVPK$;%e&ux)b#BjmYX<7 zCEkoF_(tJvj@SKnPhQgmNZjo$@m}JH^xbokzB{HOi@x?HL`rsALN_%3I9N)fNyZm~ zGCj9BOhp7@DD*N2N1lg}yg`4Bz$Hv0N*i$+8`Hxh(&+cx`&lvrJn}&WYBA`e6RWMi z=v>>exhqFe3E#B{9tv`W6Io)Yv1DvaZ?f;eB%5r!Mn=+GIvsoh_*VvHe!k~^pXVTB zLU`u)?VN(gLZzS{9%MC|=}u}QL2umTxl2s{h0mSNuJmcg$s?~05!;h@o)Np9hqw4r z5$y0@#k()NWxEYH1_z2Z2CW+%(p|+3KS#s(CYo5ms!3Lsl|q*F6n%o}$i7`JN-+}O z?@pr=mq1uoYA`VRN;WrQMkrukg1CtdJZ(UJ`j!+HO*;$<3SxYzB)c3d}Q-{ z&XtRV(Y-aU_&#P*?7t~zE)AU6Yk#?fbA=`kMa=j1AO56lbYVg6n|1NvXKvP z82%RUx%+?eayfq>JEA`+&X@f&_Wy4C|GgkU_Wx*d7SG9%(s@$-I&uKkpVXd?a^#Q<6vF0SEw8$~|K_6k>zo?4(4@q_gaI5t zDmO3B|K7F8+*d{Qk@7`ZgYNlm6_M96Q_@_GCj{;2y8rdKGZvHrW%UGqAG9{Ga0o z3z`wq&R5?N(=~cF+8#C3{48JV&r$jq1_Z*05KIoqKV$Enf@7m4*vY?e3#9~*Ou$nL>b2lEIa0%7XgwuE%5zc7yx zfO+=!c~fuydbi*aB`BhorR5|3K)cimU~IGY+4NW2VBU?$&o-GOlz$dB_Y)i?1I9}f z+~w7haB}hbC#XZ?xR#fbYy$ujEBRdo%D>j{BfP0p9?MDfTb0t*gYtgH!{ZLLs~Bu1 z&3$xBaU$nT-rMbrCeMN*h8@PvhRmzKK8X$gQBwyMkF`_7{bqwU78MoMav+xFFgwB0 zM%}#Zr(ibYuIQg76;0JZh-{Pyy22P<0rL7~!{Ouu%a(fw$A_D(hJ)&P#whcf(~ZLi z=#eA9G2%n#%}SaUp7Qzc=iA{Q^{69RoKN+Aeap34+z(^*LahD9zJe@Asf_vhD9^F{(#}%PW`c0E)!3c`2QOCDOQ)8XSBnzP|?HpsPzrTldTr=0{dZqHbFYHXY4k7vsgPBj->wQM-p z#9OT+XGR(16XW~tv|~6JzXAEa$G~MV$9@I4`dc#ropU1q18J6)AsCLPiyh7yrPvR6 z07&XtQ)vY&1HU-@svn4aA(6*+AyYD9p&5F($Hb&jKLMa3YlzGBVZ%{9knKYTQv{ci zoL2oIYyO@n&xE5dMPYoTx$3Ix0=yt8o07n$CYU0L<*Z9j`&apbwLYy(g47 z<;`WbMWmQEH!q4_Pl$BY@GZLL^naq(f9Pc-9Jo9oA{KQHAanOw9j|!blK=iE{i3*o-rJ2fu0%qp`WgV*MEpS-36z%&7*P!e$EiY^Xu+*;^CR4+4& zNN3thbZd#)<91}*$ke|ahMXpRpArRY<0tJ4*0xSk+m~x#9)I}Pj)nR%A903_j>JQW z4!X7{m9-9<{0SJ$%YRcnM4qlwveUi$51$1zj7VN^d18bg^>H`8m7N>(QhE?gKQ|UV zMOGpa6;VB&&|#(x?OD%HGR^nyK1To_AW^3)-FW4~LG-N^_HfRuM7p4(dcgUxZcAau zp6t)@*^o)y7bPPS?VS5XDYcN~2#Gs|u;7$=JU)axrzj+;ZvD8CVAVYP*hn0xf{^hc z*yiHm!bE)neRzr!h2d&v+_%OAmWg5-J)1i5n^%R7;iYzALBSca;oFcP6yJ*P?<6a; zu?o5VG6`OQNuUro9}&r0vVu6R1uq`2bP&!Dm9p5^f;dE)&;+hiwVcXMs=Olc!Y%b z3NR5+))^n)X@DdULfI|rHlj~-|EBsMlZ7OQCG|_%n9Z9mrXFzQ(S0S)9%EB_A$~Or zHd3Y;yU2{StybV4t;o-S6+Kx8za%V=I=CIM`Pf4rY5#H!rcdJ1 zV3CseUt`~ZAm?X=!pA=!&3yw5DcTlH%KsUoNdz3+N@3(*T2;OeFf_SfYX9Yr(MF;M zd>J==)*oLA&L;(iIBL`g{|fK^&reOrqVD`W_{MCZC#8fwW;6dO0zibX-XEWIvlY7X zrVr>77vf|lCe^?Jk5S2mT$a2QCF{0c9WcmpyPA9l1QK3|5;WLBebkYt=6Fn5*kA=J zIhm)s(w)&?UKQB>xSftVZBm{GEJ8VYY)vj?P~&R}2>jO7My&tEW_pGhncOXW-{eEo zPl?L;P$2@A%$TN0Ad5;3Lil7)-z4!igDU3hXM<-_htaw3$>e~*rOHFCR$=5ok?hZ+ z=Q08tF=^j2ss3k-#!pBUl?!KroDv8Zj5)y1Jeu3L?ssDvYI#3gnA`L8{o@TbL|e_5 zrV<>i9q%)93J%m{ijHcl`yytn%@xZLA}L_md``OWZEoYgOlUneLky&1K4!jt`WrOl zaI@xfca(ddn^dl6zjNKiXZvn^(Z@;w&dtf7@^pc3YoElU4#}Xz918{WhAirex<@l7 z8y$Ht**~`N3u2+wfEDz^Vi{e=O}~;j9#*1H!UZXiV3RPP-VRW&sVA$hB_}ow6%`L# zqG&mLB+Xm71UGzX6BpIM1P4%j8<~u&KGL%My7MM|X;Y<)s^OsF(7(!ZA$;yyE4ee^ zPA&H{Sy)Qzk)}m2Ejq2ve&i$sI#b&gEpVQ58!3M3STeO$B1-$uTsje4o6A{pgfi=x z2275ti*-6A&I{3|vdot_LOEmyY0HYMTx{1R%^fr8@@Jwyz_0XdFg2HkvM;wa!x29F#h`HTpiW&b{_RGE|6b$OvQ{C^Rs+$$?sglU&y~$?>$n#%ORBAiug@qhdV{c>hk*+WuWV zMUb|9Up*>zkTaKL;FmdMiD65Q1I5U`C;1c132L31d@0irQt76V-+69QTPIB{X@CtL zBh&tH;VI5YaGO>vY zr!Ogf3OR*b(7AW22i#trMe$zb;MZBIV#<+LAN3mJCz+PIol9Br5PpH1$$Y+(5aQ)IEaQv1xHxZb55$SOP z8`2}<=)C(v$9$DJT=*?=m0R^*$KKhra^XRQg!v#ft8DVgT2I4gS$+;#It^^_CFQr? z;;O^Vh%HrszhkH(*D!3H;nYBfgBykm=etUKwXoZi%Q@( zQw=Qg?pieyW^i5n)x@I`By=%X&*fV^7E1j@@yXnmHD?a0BupW=3+`c=T~ge{$fMT zT9@mdfZJ{DQvfvI^-q>CB~zL;Bfn3}i3^qDsjAv}w1l`rEv_~btm>sXXFCr7-Lu)1 zo}6zr*mWz(aiJCbY*EwYAWB{)HrjSKr|2m&>5p>U8OsX6x&Mh(o$TO!p8}}MF83GH zZXVjWni*Os8R}Xc4kIt%EIgUq*0ElkD!ef0p7q|b)5Hb8)Er_Q8Ss%;Fotp-X{-ro zBsYHKsdW2UmCE`#%fl>iqNggsb@l?Et=kQRSeq3pu&eaA!E{)$bU$RjX!m)V4MXiR ze+SYu$)JmS-u;$k9G=eO@o?7O&f#y_zb!7XO<^kRkKx<9 zXb#+4tihSgi5lmPN3J!!G@m}6HL}z=S0lp1(;Veu-7wgf=i;V2lTz&u){12{2zX>Y z>uS8+Ex3QZz)-WWI_zxPaCh3@G)e{ld={tmaPjQs^=U1SCfWX?RLU&KGWghY)o zWOz0(nb29h-+oy^mQ{_Qk`CaKJQ7RoKv;k6a1vmf)uY{AQo(cZ8GrNaQv=OeeUw%A z6eMQe`jFbHVOWWQ_P60}Z#>E4;RYi06TQ=tbfUQF zQcdecHBy2PuJC|%i-hlB=Vzz8lb)R2??4JpczF(N)5YaCAR)cdMZ|v-Aj%i)&1{t) zwhgbtq1%aI_&j=@nWg>!fKB@Fu;*mcy1at@! z$zPN$AsE0D+LM}s`qI8p9EhOtuR~jG+0!qAtz3W504ZWmUEb%McZtu_ENV_^0w16I z9RgW#Rwr|^Wa8_4=+)K53jb4S$|B$&Hh$*t;2MfQo}v4e#^8*STTQ0a7WFCjT5}ma zhJz{Qd%XB6%tG&6N>JvFFI3;SXi4_WN#KMIPN$WKoguiXY%h$t`rCdz!q-^aK%%8S zU0%^yznG-yPgB3Eu+fxua| zRqm-!z%s`88b8BSOWT`Lw%Xj{2YC56u88+&TdrEGu{I2|E)tm>9enj7pA9TF?!a;! z>?@B=I%SYnp{bqLu4)9mWMxt(WE(-z`63)At!cPhGk-ROB*GIkO!d0Nj|B?->jN0qH!{u z<`HJJ8h;?r@3WDG``Up}HrkLrOJivo-fJhgeWYj00)>lSJ{e2$hN4TrzZqBRlc+e$!-{ z9`rSWIOoHISf-PWckMxcIQzkv%cE7(Jn3+HTP2FYxlb^2_okT@dnmf>>IhI=m#!FC zbVV@~%;$ebCac?+crgkWjpcEdp^k%B%se3~>xnOBEB8?IsCjtuJfR-6cxH73CXE&J zX!Z!`r11e$YbKN3q#Lp64n*kq-HwQ$Nh6BVKg$Rt72=*FAVLwstu$>3i|Hej7^?u?H42WL40AG=I zeo5?cXWfH-4wMR{ObKjKVxZg9iR%7B1*)MU+*)E?a05C4H_BPWfFS4PKXbf_XOy^d zoZmiNeC7eZB%>3&I~I9td5M|MUzVrB|m_yGMowU zlt`HU)!)PS`L~8yG}O-$7x&NUpOL6}F+kZ}NFUGLFI}x%OCfGXzNgjE2%T0Iwx0G) z`XMRq^^LFQoVL*7Tr1Hv_LSW}uBUHLdSVd|y7s3_goPpFud0etoZ2NfMvycDKW1%%|IKCyI8oh|j z1GU;)Y-RY-*>#}gJEb(AmbFE@0Iz%hB2??jxcww1o#``EwUl3wv^rcztJAXx;a}i@ z96iP$FNDZvus#w>MHY6xn#!?$wGY=s{kmW()Dj+v4h=hE3i*4(G}EB3kxl=IQI7G>6@z z$4%*d2DiWKu!WxnY#h#qtf9e-*Z`VSe`%3&(?OA2RrV61P`Zv0oz}g+a|-WD7LF3# zSeY#ba?b-ji=Fpt%9xQS6KRVWVq~^xs+kyQvf{R-3;sdX=HKk^gsvdtzcQALGhDt-?|CL0+UT^(AxqwYj6^mv z3;+EC{%>983dANS=y%bI4@y=}sqV{Jw}tA<=GYdX(Xm!xoP_!DvBr-}4sd?L`^2kg z_`QLo@|)dT6YOTR z8-Lw&>Q`5Ht<7c!X=l7Y*}F_$`3{F{uxc{<$`}3J8)Gi|EY>~9i6lHlEWk1 zB9nghd~t`NZ1OhnfM6?fEEy{oDXZwFc+ z<@u}TTJsC`q@&o0)5U6=0yh^W8b?+h^A?2n-iw=~bd{Ire(bO(J}iw-1s0+krK$tU z`Yv8y!Ay?;V!Dsvu_RGt@b&%Gdi)+J0!djW{7#5Rl}7X&w2cDCl{m705jahZ)JxrM zzCM7!s1|>W&_sIn<8g|wX&pLk=4g`pU|7uvV?W(oYk0NPwJ*E_hipS94s-uv?Cu5}5DygU%wiJGEK?wnJk zUxXNoohBa~P!^G=B^`*`$;iUqC&$doIK#(nj$4iN-am;K zx?gec#jEsC{__=4qpNNJ(F%jeUFiW%a^;9i^n_lcuOFQfk)CZFMrQ{%XAIAe>iF23 z2&cu;l9@vwm*FY#=nJL&ryMd9Cd-1-fsjUvQ7Km0iuG0b5#KDIa041at&JAnuFZ$54V zTBh!Anif7Rj*H7d?$j^qW}-vatcJ|pb6>6X-!y&}UELkLwT~5AH`L}+0eAZpn`8I; z%<$a@zu};>_{HfJ?v@|B94xP!3-b)D;tIsT_e82d4P!`4i+LWi^XYmemOU;z3i^u> zyMZ*F(6`A0EPX)aVGfs4)XT808DBFb9q9hf^jeV1?SkcJU2<#Dy=3=9aaU-3C@!_a z!qp5JJaRJg{u^)?{fsbnl}c+t58dWd&DrX#&kO6$Ku@c@zf>m@;v3o? zI5;HUKna5`4k8IrlKBaASrUGWjKSB`GUo+VCx@i3K(Tf3WH%tcNFL5z{4;n}+F&8W znMF8}(@NAf0<>?!pIG^m>>$6WORtn(Uu)oEv&XxHTS+ zTD{nH+e2KR&)-`co^E(_wF!n^9XZM>jzOxe3Z%<&qp*;6N`1H9b%#Xl$zTkPMl_&c^wia*X0%R|!(u1m){548Bnv9~_76qV<^3v=he9G3foIp>7R z5(!9><9ANV5~f)I1ENudV*vTtwKx8dd~tRMRo+^lqV|^a6G9o^`wE{Q4)Zw*0Y!wq zk_jA*AZj{f04;Vl4|cgNYIoqG{X$Z0WfiC%FRE+pT)+w1W`^_QXLD!B%j9q_yrTe{ zOxppV_M1Dog_3Q>a~V=wvaZ4nczvkaP~ix{O^+WEgX9i?((*%E_s)inG0vEC)Oc5GdolGApTyR~>^K$2{~>70Rho399! zfAIMe_9#&X3gw_91XG~;wOAc}puAUj?=qcs`ULn$h{3f*fi1%^Em_m}=~^y%=KyHl zaa6f~4fYedK2s=q&PuaVBgxXv@%$isWKJzg_K8!g$!dSEBnG5|O~e+yi{2Kib<+Z& z_W)KaN+H_70ke`YH?}TuO7Hf`FXh`Cy)uKS5BQYu-qP~tF$6r7`Gcd;uQl<_my(|~ z)Ta=SH->Kd83&eCjka%@mb+p2Gu%|t79m8^f-@Pa> zgC(vCehWqK94J))IFS?GuUhUC%1oJ-pz;w>iek#-Zs;KaznDE86)yi;6j5}=E9O$*ke-KGDOt;$Klm%3@_eeBs^3B4*gt3E0oFMr&0 zqbxI))&lS*D#r#0%u1o{6K-MVfIq^K@iHS_>s9P|&$*WJtRr;54i68D^hpAu{M5Rs z|9EknIn{yFE%L*+JU~aFTGNyLGl-WVuM%{O0TlpM-?e zuZR?gqI>5AQ=k_dMi+Dde*pxG*ts4G7S(0N>G~fj z%TGx0saIilzGUbxv6~fK9v{JNCEt{=t3-7rTJ|(QY0sk);dzAK7uCTjHh}QaFIv3v-D`|JA3W@T7LoISL>ARb2vf_=l_fZ@o{BQ+>IS#UmJc zeP&PTE%P)1V_Gl+)Xsj1V5BK)Hd26$1V1+vj1b8MwyE?mAjMz_d2PfE2-9pUC)^hY z&^E=>jg{ZBA_SQ8mHsG2AL9V^h<1sv>fd58;N5)Z4~$WRm8*bl{O={#2Nc{$-5lmx z{23dOgzqz5`AE&8@aIOXPs^<-CC5$kr&1h;hiu>L4i&_cefj*c?$VT}pRC0{S3E*2 zdeGVR-qLhVy1+yFC}8TPy;!hRyQs(d6kX3I?Lo$f;40K$%T6XGL;bjuieT1N%zs{v zETL4=+qCMHY4$(?Z`}pMB!{j1pzH@d=ZyJ6N9hl)RbqfbGEb=NQIOmkz!7}-a@r`M zi92>A%+LjnI#dIByr+N6<>>$cAz+$N<*mP&d7<^*6qnkU?vr}zDZrFuq@YJh3|t%2 z2*cAwc>31~yTmZuw=y|eXZSkWzD`!#+hj5!$|h~{)=jgEk^$bj3WQ}1JH`f~^W~r)Wf_K%k^Edtn<6X7hDc~Zy4*EUfA0!-_(!?>PPXJzGaHVXUUj=# zVa<203Wn?+Uf!rx{H{H#Om1$h!7jAjf;7yfNYPXymaziwV!2Qr#Ln^5TYzKK%0}eYHF6?i%^iYbm9&H&~fs!9#aHD6M_}-8$b-< zBMz^9!vGKe1E>fWqDE&Pk1lu8M; z@qg;hS?mobzpon25N`l#6tbh*@HeHNu&Th|Q>BJC;%kDAHTXFp)ylY59(x}!D}$i@ zqD?i$06YMt6Gkupxg5$HXsd&00eKm*U2!uYf0kLpjI3|a!>5Z|jLficH5)Eq#l zZ_TL@TwiG(Oyn7_@D!o-0bu^&Vg+Zlf!Br0Ba`!JKak>T3P|YRM4*$t5^yE7HPFAfSA9{r=FgWv}Z^IvnU~ z(8_&0(1%&@#Vt@wbG}mz`EI7QRnvS?#I7Tz%C+QL0Wi?}g(u_~3{(~MyCqFX;{kmi z)#R^W?EsPg`-vW0*lnzB9neKo|I`-t)c>Wq@Ptb>X+{N3Ph`DV5fXicBkmgZ%L9j( zO0)!14ijyMBsZ?&(gmLis(A0u$K9OIjh;%1N;_WJu5|}jQ22}AvN-Ik__m6ik7d(- z&c41{U(^fbR|o=WF5q~_KcAC=(qsVbR3Y`m&g-C;{U+nts;nN55{^K3+>KqS=kMZ% z!`&m)3k7W5@Ye9FZVUkgxmy{6n>wy_G-9~z;itxr=BuWo8=IZav_7L(nfOv{?v)&T zHPz}1sSN6dNWD41hQa9}U1Y6}j)wY7rB+B}+VBt1!t5mMeYfJZ#hk12>Qb|q{WHA* z#!Wh3vzHdJ9`}Iac_^4-K1W2Ym2A@hDSt%Sm}&k(~k>J_>R0i*{b9bvscHS6 z%CIp>>YKZl#IB`GG38X!@$17N5xCHB=eMh>> z)#2fo6jPOc^Khn!IRNH5lArG&I7xz9C#*-saBjFm8i`r;{XAs(nL8p7MRv&qgLWKo zqX9O0SiAPhW4QOT>B^ANbauR*P2~u@i1_t!#KqxOsNoyt;)v*B4GT@x$2`g{#dWejHx=vqC_RG-In7meVJmE0 z@{_B)Tch3TGxs%$U1zdA=J-BePLxOyy&E#>A8^+^n|X89xqmKS`}Ke($1JY0FYm&6 z&UAj7QNNRY_)CgW63aWRgWj*z z3Fxr;e3H2Etpl}KJahn+r=;=pKB0w1nq;?h~QfeOR~wA5_AL zK?W;@6+<@oR*hv>Gaw@fSECvB_VA+P(m|I(^K+I;UVV2!Ca7itKSgaogkXYm`B7@9q*%MbiO^O0 zOc$pjBAUB020P|}TL2>v5Q*rEM5c)0VMLPr*cwICW=h!^c&HH5n=a@6S950-6-T>9 zY0^M|;E>?%L4pLQkpvGA0t9!5;O-VYxRc-n4GxWK(BKwaI=H(u)-XlRf6keitGSt3 zvlbUn-Bf>4{Z-Yw_p@sdy#Nr?`VIheZW*z5n0LXQU0Z`!oG!?|Aq6IDiWgJQis8@Tz;CowV&PFj}9sL&xH`2UY78&KvOFZhVWH)IC=Kv z0s;bO{9_hCi*%3^_6gb8ds1F$s&cIh{hIXGompE<afyRNE+5v{+L32lR$b9*5*WmR&(TuouuSXkr%!h%*wavoh z=HbY(P_K#x*Wn6qVBXvY{xqV{ugQ?q)l$9f3tbS z8Eqd2$|8{-US9cZwQGl6=XU#h%;KXufa490G!(k>J!wVjp*t(~7hG z9f@P3GP-Uv_Nru?{U~Kt$%Fc)VE+T(8Lmf+LUz=FsY*?)+{uQx!9dAesF(P{^DnK# zUNa4fDSV>bp{+c(M7^qO9tWYK*ZmvUf+Ab&*cfogR*Ejv#pUoUcsOlybC9ro8Av<0 zz0AEKND*(dQR66WQfc{BderQ^vl{h6v5<%yEIAZxHEKW;$f!kH*OSn**bt4udpAfX z3QlFiWJu?jU$M7W7Wj=Us^`w+k=u7=JVtza$V58~mTw7lXOo9ah}>HqBj7wG;xLcv zfcM`1GNSC}j;uz;|0R!NaWpDbCn&^x|5KC)n@6ROmvnPU9!%@>*3E*h%jtEVp-#?0 zZHvdG+t;=G(;a=?E^VH}8lJ2MQ!7!YsH!ZBo$36vw9|IC4YnV`_@$pLzBviNj_jHh z+pZdfBWzQuH+@N#ps)0!2IgxeH>h#0M~*ekU)f&ieo}g)v}*r~UF8!|@ygGWPIUHj z>`3{*H&k3HgkEn9JfFI(I+#Si*1OO1Z-9g<*C_UpIYp9!-7D*tW2H;<_*HIYKnT3m6fl2KlT>E;xF; zk{J{wZ;5s{Nsut2W_?-syz8^#jMq^%aYr7nh|`HwG_o(0w7oN!v@4!5QjRP0N@KxmkpoB7}|&RXx>Bl<A+#Lv`Bj8N1koG28s%Knpz=0uA`~38bcVf{G(72Ro-6tirinV5nrY_yOVnS zG0}=ZlUT(~nI&w?dPWl~k&UzPd{cdURvi>hnE z*XC!s$8=cazuQMJ4`)0TR~LWL^0S}P)j`Nk*}}l#KBqj~D}tSoh1zx8hN(eGC1GC< z>Y>YpW>9c9-44f(M`toqj|Vmhx(H4N5)z3X55eoylOBs|_n<-}0=Lu;-8DSEckXsY z!)vJ;vH@|BfSeBm4OC(BR};P=9vU1*A@e~mjYcEEaMST;K1+ZqsQfl2hj#O(a`zjX zA&#v3c50tVgaeLcqNGKHI*qDT4J5x>?(VI;RmMd36xp zaw~`(a~>r9!~36L6VaT6as*Fc5uuy*)m^7Rd^bwMBgNvF*$(+7s9KDixoIaiyq;3ISMEXUiUYfsLs!r3pqcB1z0w4K&^8`KuN zc4H_uvYK_+b0PJ2TZb6BcS^}0Bi#aykb-XGS=$j@l~Q+lay_23#9=Z@^wQa$B2M*C z0U;tY2{cR2bcTT|r}X4P-%F!Y~wRSTb<$&K-Kbyja%O8Ub;(@Hqq! z>9Ooy-yAH>@It4eW(}k@@=ojX&lX!0mmU1zea*guX)b$vx}%4rjg;PSi89+|d#8fw z3g@GTG7r++w}-@+kw;jxAdDr~pbr=eKi%TXN-ObC#K_JF}>=`OztYky53VgWRFM#dk+0XYmG?0 z*SFK$5xEC{%Z|snB$?%*=JoqH^QzXi!%XN(U5DfTeiZhOX;V6t2N^pQOvd@86BY40 zQx4{@Z&e-WvwWXDuC9D>`U0KgD9S5ak)${}%c{Kd?!&}{@c6HVTx?eAhRvrGIHt z*LsN)ExU@lMq2lCAkSvsCY62c$Q|0RV&RLVO|3l;bRhGIeWqq9jgBD<@}Ve>Qpq;+ z{W5+-%$-v|4Et$7+HhKYMa~M%?~0a>b>dY&2=uF zPitMv#*E_)(reZgU>9s|gMxllW7Q>`BG5y+K+<8j|94!)Z=pPj9fR zmxv>(4^SI{MDSLtq*#fp+3AY=lzah1mo}7_7OC5(^k^fAx1a`G%>&rQ!Zr z!vyOUOL788MgCZdYgbGQd^&_{b`vTrc8c)J?0V>|rzWOILMQ%kPyfMlUNIrWh2w2k zpdbjJTJGBYRuglWo46oDgF|r}h?OpzkE_t+7Sx%CQB>+uyU~!khYV}WNV1)^#CtCatWC)Ez@mph` zac|_w+n7TR6hh9BUtNQJOi#u8O0Qy2LQ2shV`B-F>Nk?LJy$Hn2iI$DT#1Oq#&G*S zVoHHmX%P&`Au$=xa8eRSw-I(usJM=1L7!)Qr@lDL-ll13k(WgHd%Q^SB)_-bo~8BT z*B*)=yyX|3hyUypXt#tD2&qXmQm{BSH0s!e%(H>W6{u3Eht>H!5?aEOz?MRk3Cb-a zZNXs>`!?>}h#p(k(zSGdeiK}xcKgo5C#)mJj8D?O+xQr}p`LPFAS%+da|9zubZcrR zPj9|c>AgK_KdR`fuco1N%9FKvk`qppcVO)&>7^k|o>eEFl`0pN64%rvqNOSLMGPQqV>?ZkdvSySfQ~sMTWIrsNnL8 z7y(Fl_tWC;&3Z7sW_81%QYH`E5I*}}IOnk9;)#`~zBeeW;)A~?I?hK2rJmcXyPpjl z=+LciGgcQ=SE*SRPA}M&qh${&tuTc97K~^1W$yC?rd@UWcIjg6UYv=laW_4kd-NT7M9_CEw{7E<=V&!{nXINYL`aB2KtJWNtE#Lk|2<8fA>Z4kmBYq ze3G#TnC9f>VsWJ4Uw=0qb)|?WV2xt`cA!;fCJeI`U$u}?zA5|;H5_5YktQD-WDs+ty0|mg{hD7;sZeO%WtP$|JGcJDvQwwFj%8~u@ND&5L(c6DG z{-Z4;8P;wMI*x~yU(S?!u)_OL;s=CnkA|+BWp@SyUOo6FIv!@szXGXB`R61eelOh6 zp_ZMc?+G@w7qB$VrrSulA9d;Y7m)b$O+Z3M_FN<*W#2WE5D4}Oo;?k9&F)h=7DBO#e*))?6=^<@E?g{^GK0&h{rZgPA zD5SYm4t1NfW|1el<5~I zMv6U(cs*1dF!dZ8BooAiUd2X9K*UHafwQ2;UFBygV2uJ)E;&0g(2Y}i1L)T2!J89p zTR?G&7;V$w8S!l@OcQNRBjqqDBRv&n%Vi>f8O<0&H;iT$=5GKc>afOV^3xEz8uDO* z)`IZ{Al7bkgNS5qMclM#2P%z>8Avrk_$oRWL}7!6w&RQCwl&MTi(%-m3Duu#M8+p^ z{G*gLZkf@^UEP=b?eLf(&{81`8`oy+4<9B=4i(|McsobHwY@EXtP;LQrSeHE`#RMa&~>zC)efLB0^f8LS_-8ZcC?g z;}Z*<+TLw@$)nN9%h7YIXS(&?u8?!rA%d)$Z3M3 z|BrW>;f>E|yY($7H{VvIE??(ef3m1{%T)S7Q_sTxVe9+*6zx3~bLkKBj1{OafZLk* zK`WA_S={E!Pm}MDRm>}#Rm{trZP*H9d0C?VX0-q`D0%=QmOY@E0W_89R;Ev#j#ing z>+^u*U3xjF##-;P_dBS=!PF}@9ZU9jX6gTmu)u;NVT8OS?;`o%ZSxUgNsDi>^yBwGHl_mz;*-nSqxs+splLnkT;RDuKS_6yB66VIA0+dl?rAqVjtK6zrc@VG02Nb{f6q>L)8c|a`rdCp6K0G zel*IWb`P>wn1ObifmN^;&%mVyFjnF{Vbgh;->hV6V`))TjaAb8*p4v}s5*|#KR=KB zEx^-@SN<4#i@NBN;xw4D_5SOT=iy=#^W$kCUzRG%M!RKJVDl48n3(xv%#-|$s-9cB z??@C;oG#P*ud9G=rivxI1e|e-WI!ppy>`zS-7o`wZO#iFBzo&s(R^Ti>?ci`Cl@LP z<>BJ~oWfg&gZa(DEbrCDacLp9PPCB>&reP*BY%6ZjGFEo@6;6{z~||F6Uap&g+wDh zEFSXlo!wN7BYk!-%ZBF`bM}(3C%@a($_SuPEZ$u!kl&nTWsvfZHNIf^7Rk6Q1+0HS zYq&wE9dWc7%@=B0L_8}wUpu(d+1u<7S0mDv_bLG2@)Hj{p@g+H`%7_r#0+zXb@Z}E=#3!VVyi}(&BxsMu5atZAcs?cZ;UwRg!9qX0@C~O5 z=DK|O**fa2d5f1xn>1?sWomuEz~P|=ElXhXFd`^_EPUJ*_xX=m)FAN@^UUJLuwF@N z;DoSCh2x3O^IL};)}rJ2GEU=_+mFtL{@5B|Cszt;FkmOucpP@QA>V3fCW7Bnec-*N zYx~C_k>M|+N)RmOw-wD_H8QNFbF>(8VE;wAg83!$e=HM4E^6;gs{@i88Ear`$7_3w zH0nnLlA>JMA3Tr-#vdupZvOY_jisj|oV!XS0c@A9w!5Verq<#QAiOVZ%~jO_Y-_6J z#qC@lc`J2}bmiuC|5sR4x|x*)n3F{E0FQ{>rNv(=*3hl$Juyb!S-_*>x~lMDiU#0^ z{&7_Jy!qc96?$~ZN(pl1#nl1yZgRh=aG8Lsgn3cmi?Myl9QV&6@Hpj!zzJx#3A$VM z-)+w&fNuzu{JZ}tgknk(*wl1b@5%CSmjx9F8JDRfm<9PlCj9Y0{?|`-1}Yg4wn$8m z3HK~(-aj6Io~hDsu1&MN1T=&1E`9+YIe z^QAW(Gaax{D9?oI*L3ojTw}(3^|Q5a={zrveBn$Jr}2hQMHe^VEt<~F!qj2D$MEzK zBlKW1dX7c&swXS=0cN+i*u6D#^TXHWlOmtJ+_2Wm#O4WrM0}pofg(5Eta7BGYM<}m zMQC=nlIa56rO!0aQSvUlpMX-#{e1J{6AC?Em!kiOWcFJ$dG}9Iw{TKSO)prr4Zx*=ae8XSQk_eI`T3hltO`1>5sbb8&K^-?+apChx z;FfJwS1C;b7?-;}0QuJE*MzQ4j9d@zLcj?lhZ}8o`QIS?uVW=BxP61YHgh)(zd?ck zTOshhlBBbr3$$9K+}iZ*V1o!Wc2mv_VL1*Z)s5Y}W6S6be|He=Eavqn_QQaz0%x&) z=ITT=1Beza&YDl>aSt+$<=eo9whcjUy{P2~u~1x%2K$^xjxjW;;Rf@=jW(kk_g z*(<%AnOa@B!Xxr=yzuVmY%L?xXyVtsm?Ydql4ai>Gf_E>r6Nw594v7(S|FSk&I{87 z!EZT=OOKm`l^F9?(jS2cz?3lh81s-Zhcu;&1Pay7VqKpv`DDEa%T-F?kZ-Q6mi|D8 z*VU}Mu{D^&?gnVlDP7r*n)V?e)Rj2WY|Oy(SxA>o+I8lrG5f^cp}L}Ky#Ur@AWi8J zY8jk?RKy>V6e{v9)>f5 z*?8wXHty%lL-RrzwK0yPKvo9~2tQ~9YS`1cF08bm9`B|Dyi&t!i(&@4*_5Eg^|oh2Ft4S$&J9w+mlOe15C`dI-`n-PUqI?Y4o6Z=Ihy6@(t>?AgK{ zMj_XeknQ@1>A@vuWo*LKs?Q`}_#@G~-ItJGe3S}jR;J_98DODEP2e)<@P}*zGJd13 z+tQQ`5ba@gSc2PBGbQTmkDR7gS^#E*=pW_jzmAvCsPF~Znr0wlA!5OK zQbD)f7hd`;axL+tinlgkMcLmw0+3F{EEDzqp)QsU?WTM9t=BDay$yu)HsavB=&V!0 z*mJx{QkS1WO;=fBX?pG}!Ee8O_=ZR2?=$cGonhfpf0D~)QoVh#$7Z>?H>%CNHjN^m z91qSfR);e`#n}7taHOh+NZ0{Q21Z-f}->~P@3P2+MHArJ@^Y?D)FA6ju=M^^gc?wA|m%F zT~hOpF`kb|^b!zovCIVZJ{x{i(N7L4n>?D9ff0h^A0QLz{2|PK^aEi9##H%TOsThW ze#eUBwdpI0A{Uxgm-E^j`nooHQ7DK?)~+~NF#B-vy};1G>y#(3{^;_Nj~^CgG(EZA z))2U!Na}P6dV(!NP~LX)iJc_%eH>dla1`C&cDuA?Nt3%IrU|*(s#SHta10xKyCx1F zSz^B!O7G*J)~e6xDbn8Du7RFa5S_UHLTwTKgITS>7On1 zMC|apMegoo!ks3~X7i|*Cm1emPBu&^%Z7u=N^bCD2oVrt;tX@1K5^)qWHcHN zB2g>=;!PU8cJfnN5FpNhDA<=2Umjy_wl=VzS_9e8nh#ZZcv6f2<(Eb|&(q}u(2!mM ze1MSSHmzyiNFnTbbxH`puM|G#N^ZZXL-VR9_3l>;J2;Ywbc3ifLG%4894mPV?@ym* z`nf(!lBKf!WJ*=sz5AynF>?KU zXVOwxOAKKHFC1(iYzU+gANCOHI|HL{0)*500XVV>Xq=|_yAFt!S}vLO1iP&l*(*Tf zt%ZXG|7sjPxseS(TEmuT$&H?Ay8sDDdHa}zSst6j^#H>{5VW#iGx{F?Y@JlZyTQ-D z05j;32DO2VOJNB`xWxkDvo}Dlwnxrm%JNO9?*vevcFaDZ&Z4ck!U=IQ zY{}4Wy=;q*{%ZUo>31{Ohm-mOfV=aR@n8Tn*9ZvfGkwFE!V6viExHnvD7FqVvVRO^ zPEyyC75<9v2l#*p>2PEt#$E^f@(M983cV>#0b-1>-B*a7Nvs0L?MKnlAs5iX)Ul$? z?;<73r)l@UDm^4rPx>NNEq;r{sDVRQ?6S(;(j>dsg39;??LbUc-Ru*L!4HR1H{1d4 zzw6`uCfG~sQ@3QrGZ;9kYXhkV+&jFI*bER?srAWE&NHr;=VPv3AJH7VSzqCipu(%< zbjMSmy7{$@ovCJx)m20A=fyLLmcZBMBl2FsEhz>VdaSs#_ZhjnZHfGx7YXs#~&utzzZR3H+S8weDRL`0IO9Pq1;eTE*Gj>^ z#8Dj~IhK2&bLl|#?pQ8YG{E=AQ08K>b0lW47<3Uu<-D(HmvzdYyM3{#mRXC^oXWzn zHE~G1LnQD`)X%q^wMi`mX?2wi;*?W(60kj!cO%u#P+QOj7=7o@Lsz)=U7PtDe@Frk za5C=x@QNmuQ4WK_NrR~TPx$QS#qmdS!q1n>;P?X%x1yO{tk$Tx-O56p5Yy*BLObB> zPrb$^mfCE3wb=1EW6ho)36-Rvocd9I`W8_q;>bGB^J>xY9d^C=L%F4ci1-t~)sO~% zR!P}Tw}h7jmj-=ZDZ*E#RtVzdsG<@mP?$HijyL-pnm>>nOV{cFt)5bPcLJdl>J#Te zm#y@}Ab$<}>M_BKq>xtSV0KiB-6AdVT3tvx8yphSHHK$bGS^`Zd)3eTEtI?THMnrp zj6GbDnO45yY=XX$isVH&iuHm^AI!e_DY`Prw*so0yd|2c*N>4Mzc89YzvJQ}(d2mP zM&178+gmI`+$E#v8KOxV_z=^b7BHF){C2%DlyDJxF4kh2MN-f8uG-qAMtE7~_G%L&TO&(?Nk07ZL>I zKlK4m5}@Z1Wn|^cmnod!rQdiI-l;Ql@?;WA3sZ5R)kwl(h#nm21CJF zhy6n-dNV?q{^9uztr6|!<|q{LUG5?FUmyCoN%o(DVy?sF2RTp7ggf*&%`4fcOVb>S zfVygngoKD|EQ;YKdC0QpMD=m30WXfWYzGU;)7`Kce7zZu4ZN$XvtEEjQKXC_D0z-| zC@Lq4hfoM;jI0!fuP94SIh^I?&FIPSv%5NIuv>zMlvZ}|W0nAi!=dEY;r5?@s^_De ziBv<9W%?*S4M`gvRZfRIK8B%U^?TIsQCE`R_^(6^2g8Br@|&g;M`b>I$XB`Uw(vSQ zl42jm9>+|GBgeA**k=0F$g?TQ4v8G{u4P4c=Ib3Hd6n(!(*l&sw+Sq|xTvY>u|5x# zh%K`TNj7br{u$I9FfNGI{(c7yMHV>*Mf&-@vGl<5KcIde=0 zZgZg*$mxRP{)4sU0kxnlOZ)GdUQvlq?1|*UZ_zIV7Kii#tOI^-jUhSs@y$wQ~!!K~dlg!4ue?Rukk%diB@{7b~QRNn~VutnM zz@114+boQQY_+GT^5KQ{%a-fSv}GKdcKBtnFn(8B)CUthUhQQAdl|wkSZ6{B@id2B zol}Ub^{UW;Jaa+|M!*@Jf}e)$FEBZ2G}d5&EpJDUQ^%sjo|{~#c51@ZL|f3on8yxY zDp=5`i2nXuez1#iOFwghdp$le8iL~8N~3_P%d*$8ieXJq5;&Lq)a&Olhr>!bn4pmA z7m-WHQ$uZ>WQGnjhK^bVHBI*z#RQ6LHFj~9edc!sJBZ2dGO-th1`r>3<57J#Ks}Of=y(zU9BL0 z(Ck*muSY3Z*j{^X!@X1kJ?7+DR&=94m~`4Y*)nU}T`&=X1kqZYw4OZ9$LpCauYoygH_GV>B`%IPXqm{bW`MdKqWh38}}@GuSNhaLM|S z5A|(Jmr5wF;`u9xUOo#}Km&R9bY7^&s&$y4`d}(;7`)#saCMbgU2}zJw@>>k`+7}# zGSoW1bxR}6XY}$Rz|-R;Km@Vz+GCYG0qP4!zgvc~|s2dEm(KM~NVAzyR%W z4W%=?23>iCR8+HVYA~49^T!B*S}%dT;+;4vjkZ+JBc~-6heicIEqj9{9L8<8BI>w> zYD4dl!fNH*C#B-@gY)BhXVRyZxZN7mb(-VadtGHvoO7dsiKi?yViV5vsD6mO#7m_J zZ%7V7Y+HsLsMmR4a@fq+rDa}c-z_nJ{Y1NGm-U&3f_NaxZd9dvS5@@|UV}^5V&}9o zyfbcTY0}OV%krU5Nvn2(By(UALPX!zU)K;OCXHKJ%;OMar0kO>(e6U|bda>y!MA@U zNt80qcOU^38K`p^gMx|LRI3yW(fbpy`$hBz;oO<*?d5+v<%PraJG06z7x}cCa5+l2 zIyBAE_H4Dy$v2^;Z)OKYZB)nF1MdJI$lL$O5g=Y+^-U3VrD$v_)R~MO~!60a{mn9AB(@9S1;_PWXm( zOu+3&J7MM!@P=n1W0lTPI-t5g3HUIJJT3s-+UG_8%bs!$vk z;IT>BMMzrA>sU=q{S4(Alid0aTV)AbTJ?~{T-PQf%=N zy|qIBPHyv)$tUd^L;Zc8i(&i*+|P*h`>Q|^@TQ_9^14> zPuRqw{AkV!Qyy5ZFiiaPlc<8gC)`Tq;H<1{HaZ(v7M02mB|YEk}PB&^xU$DALCsT z!wiR80EOHR(_6!rQpViKU%*d>Mh@3}SQ;yzj%FQ|NsDUoI$azUhNM7~yG{t9VrXhw zlk{T#9TuRss}>MJ1`fr5ngncdj|Nm6DlvaCxsJZ4Y~(gbfB!-V$OFAKn&{N#eFFNs zC7Yg#uFe^P3%nBn*cAUP=*DPb_`pm9^Wg!_YeGwlH$W3T5mvFs@x<$op|75T0dqjn zt$tYSmF4wSz}AK5>%`Cqgn$On1)R(c8E&pOydMBRh?4okhP>-_&2~#xQ-MQ$a=zD> z@pB0d@G>+`b!UsxS8VrzI+AzZbcuu5`tXgw+PFzpErIH2iDW#gGC7(k~Wy z=#q1PXA|X!ZOZ)9m0!$2*ECt|mi|3GA^x$m9pe)Jd6|mNtgOWa|DT?c0F#F(jsMTw zQI+_|rq-TLEBy0r3slr_OfrRk@2V7d^Ynl=-@j*?nu?Csp8MZ3UHuF-{D1l2j)?a< zFHzoCgos8R{^wn&=g*n0tt0m|sU51wr%jLdF3ey=#xyr{{~8HY9QRhSVXKOxl^qsB zAim7c^<)or?aE1Z@PN+tPdlD~R8SNBuhwq2vQ#2%*4LJF{8Ft4`p--v|h@lJ6zT-x_@WAArgsDgXcg diff --git a/static/images/docs/kibana.png b/static/images/docs/kibana.png deleted file mode 100644 index 91375ece2a5eaf5507c19565a5c5e0433cd5b0b5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 82617 zcmb@u2UL`4(=FYA`R?&2D*R@bx{&TC$dqlt)8`eGbeWfZ}fdX4m| z_Md-{v%WigM{@c5^C_j9N~(Lr|BmJU_tig*qm<0F#y!?E%y}lnZ6-7;p4|KM$WuHz zTEpIc()2F7ytm-u7&k2~?H_PB@Zx3P@)-a9{>$`rk6&-UT%q4PKZ^?&{vvs@`sY9I z-Y~rz!vE*p1$p8^@?Y=b?!4ms^^W&Zz5cIvW`D0$49TV|CkngRG<~GTl~Q3x%hpGb zmcFX<>+3#iV&LVyP4+C3~U+&*YNRGvQ-Isb4Q&=>wX=J znH)}U)k%D5yaLx6$yQZax%QIw5VwBTrzjpmC7|&2xh~3{k%6IZa?+uxLh=9OADv#X(9os)IU#{8dm0hnnI~84}`Dc?Md8UXYI>W}8*w`y{t!-^C zR+HW{p(MCcSwu%7W@SOUSVVx?bbFy=ut49kB+1py&0isDZfz|oJiPej_@STQzh@si zJ3IH8$eo>5kPadYY)ejWxw*Pl9-ge!14KcY8hl8*xj4>o2)1Flii`)TeUnBt3{<#FlIQs1CA z)|bHJ;VJH+qYD{!&(|H-U2OMmamAsd4cvC;HT;M%1Nq6vOR3f)CFUhbehNvBOH)4u ziw(4k%zqb)QTkCN54Po~w#$(Q|low9DJvdC*30w8WZ$@s{;y zDRv|ulNW6=Ix@_sE$}3@W6$C>Y&KTR%RQPy@BaP!%F4>#C%c1umIG$Il(T=F-*+xU zsnJqvC!z7_x*h~%6B85K`TR^wCc7)>rchdP ziTj%0Uev$4F7eI{E_1wq?eYF5ykyetYyGakrLmo;M9HMLc6NSz_fE6aO6%pzul>5` zC+e|=;CN42%INJ&Z07r}6mabaO$Zz>%78MbWl)vH%YUVB=xa;2UJTTYmPD|Cl@SSm8I zfl_N7-=DAHBuUxS6NH>r6apZKyPM(CE%+KijFVXdSQ9OXrq-7iybz)!ND`DM75Gu5Nb9_A(ATKKdNZFSc&dp&z&1Yl%3` zEGpX4$E7>l$Hs8Amg!I(S+X!D+kEd}xjR7iA-!0r<77|S-R8hLq562fQ?{%@s)2M| zA4Aa4+dhYh7SdpMn@Q!tUFey21FkPa zQK!a6Z?^rw-o+(Uglc(eYNIxf9Ba`QDJL(_ET6P<>Jd`ncz^YMQ~bfc+}H6G?liqnBU#Lgj8p%<-$VBuGX({O!2&(g&V=Dy4TNcuo75p2--{n_ z{PD@7qN4)?12MaYKYcH|Ecd2c5I8KfyR8;B0gx1%_c6)Jw!N$i@H&`}=B(bIDKu)d1#kXQ*+jzt>RCd zl$6vK%^BS`f0^+1JyzDM*RBD|VY`asxbDke{q*&4us(t7PEadIMt zi%kcGe#FGYw70iUO-%u0LLALEhEO#IIN=sAowwUKbK|%OHXR%4g z)vH(I_$;G-z95#6i{o7uKRZx#cRzf4@iH%^{9k|l_4@T|+}ikK2?_XIn#|vS|1A}K z%WkIrinO#e3!w*`xxV+oJp9`CGEokC1y&`ePN~)2>hSgJ*UPwW1J-!d4mU`q_8f1V z;9QhjkhvQ2^0td{5_JJY8gZ=aWkYPMn@vQtLj7+FH3n_Qt@83UJaKx?>dueRZi-KB zlhV&7lRd}TJuVAzjM7Ah={b)^F73M8nbuX(Cegb{7jIo1_bD6OKYF~b0T{`XGy7>4zG{Gs6~dRLn$z9gt&*uAda~1}+>!yX zW;=14lG1&3sE~wN;o-xF!8D?W5GysuTS3Grj{^yR{`@&TJ*0s2If&-ufd>Zb{RFq|e z^>76rpGv@HY#?7pjTPNK_FSc+H)yjVFh4~BuB zmTWGM-jPWIyw6EV)wsc`D_1tt8PnaXynDhLC_@%1<|i8)8~HoM@9696cXoF6VwaYd zI^w-=NXT7F9LliPq4P^kO^vV6k#d(}*m=ThwQ6j^nqXy_-QBOs`(hQHsYuJroC%c* z1qoxKLfPx-T3ECnsfG6{)~hkY#hJy$+o9s8_aL9YgKLV;)zC-`x*OgyHa?!1kdSth zg`eMfXQ@ZIUPZ;mX6-Vq=j*jGLBsb7nZhn>2{kn}zP^v88atv{@7(!u%cCP%{46z8 zthK94Ajy7nMv~?34T*@zNJxo_Ng~62eZ>U{08|!Z-|Y;WJ`zCmT)XDE@e?+>@dyqL zQeBt$nXb0jaJC9FQ5|1APwv^h8=RChBcDg@XSt(+;!07kT>u?9+ z4U5HwFhWlB*jweAfX(vr@tsTu(grI&)z%(KkqpYq%Y#LPCAfUy!k0}{ISMWQXSQMH z$BUN<%5ONN+tyS|ysHZ&G)^=13#K+SG<4XkZIGuDSlM--rEl6K5>0!44^rjv=)Pqu z-w_muC;N7E^;EW1ZZFPG`!W@RSn=mC{YkVko*7D9+tsyRcYtqYZQUf!J5eJaUsP1o z+}vE{;SEU~($j2XD5kqGH9OnfQ+KRO$Gc$f&rISJ*}($eO9b}Lc2K}Xr=*lxO{DZK z`w>45B*6BSAtb&+ksz*JYUMWfdLI@>gv`7z1I=nbs@UJZ0ckl{dRmG6(mJX{SKq#v z>|$pZ3uPC(cF9nQU3hZxWY(u18X6iX?E(pD!U9wx-@k9!xEy%dY5A3*p^C2RO&S{S zoo0jTl;oYIIh*nFD|BS+TF0jq>lD`l;_5u-(He@0LM(~X)@UOd_$5G~*I7DygXO@b*4MRN!{4 z``~ynUe=o?D%`iKO0T^bpSMEM=yp&mc67q7@ty%){fa<2`y|EWNSh1?Nrx``7`Zk>4QsRZZMXUeMcg3uaj<*kVGut| zR3S7Rr!UKK>a6j%<7+m~T#JyabVl4<8KKgzKNah8jFNp;pLKbPM|YE{C@x=IU_cQe z;8{GoP+7}T=att^3iZ#34qIISFaAz3iyB7Z$)dGroOU+Pj+v!+TCSz@+l<_rlaG^q zH10pPPt>^VmW?Iw98?aXi-p)V9T>%Cy98}$0IuASp7nW_mALq%DtC8RS0htXPOXxm z?@DrVj&e8}QH$~0ClgQ`c=E0m$|@;IHZ&MEg+yMBl$js0GYs_$TwIv1dVpzwoF%0f zY|*YSnI!75-#xvv<7ob`Sy5a|6YZe(#6BHTCOs!BOLK2`kg>rh;DQ?pg&EAZEoqm< z<64Z24k_~)*-=q?`IY!pU!(l?gog$mm(X1!$EVHKR>H46PQ8L|r;84CCLFXSbU`V+ zzrX+H%>_2LT=+@n$8|G2LELA;RVTFva*!dQ11w}gpVMRLj%co5SK77>RkE;Hfka`< z9gFzqRR$4J1@OfUimPyD#nThqq|ez2PW*H~HEW6UtXVzR;IKl| z=cb;ra*;C@+QmU_ZEYyHP^Mi;3{a-w7u_wFETuD5y=Y;9}e0_cGM&h32tIG;6 zMn*-+1ksO=jU68!S5{R))iRtaO=Q@`2$82&_P}hs97!zUKKbIVyk|xDdFtWiCMPFX zQRx#zRIW}K(WIX-?;*i`q*wmwPFAwy$bpJ->j#_l9wY;26nu*ucKLl&!WEpcfcTjks_ zQdHF2llnMAKDl&%TT)G&#JkvPI2UoUxbd|vQ!#OCW5aa;WlBUX@*O%+6EU$+IoGtj zl9Ck<6T130Z!i8`?x7HwL3_I%Tg6CdBhw-DlyjbGFkjws0~wo)0QE zMc-bCWa9$(5^2n3&~W~)L)xU!S2LM32TQc@K6z^=CYWgWlu*wVtmteU^ zC=KL{<5}FKKe4FC?o|qsBIE6-h&cexiZ0i~>`?K;@7nY%et3lTr_QF8KkwY{kke1< zw#U5>HXbzuB+3*U(#`Lo4sB&ovP`DL3S-*vwezbZGmR%dc47$c&Xa50HH{PUO)GcX9NDXCOcYX658roXmKz zQZ3d@yP0W3+qyI?-ZZ138fkAYiKv9WEjCE-{e4J?T_x83m6Kw zmA?$)ZLC+*huE@^dJ11NEFcxXc6pvHCqI!q(%CY=%b)KE=-KWWQYOnj%Z|uOdSAIY z5U;>zGC8*}$J@!x`z%u-(VrNQTi?lH?#q`i(Co>U$;!%7<@5NowX`h%IK9{re{^ki z1Ud5fi()H?96Y1SR)zM8fIi{ zP&+Rgj)@k^*1NxQ@q9nBI9;#d+$$<6xrsb^{3$V!-S2^bKr~sAx`(0)cJ1#!@e2%U z#GF@$ApJo>Y(0>trGd~-6!$qzmyNctb_6`)F=_u4rEkd_2W?YH39rs*Jev^7jT?Yu z8PHxK3~DxKp$8Y&&sVpFp1dWDu@OhnNWGMsv$*(|yTF}s4t91?*a6hSQS3SZp$0BX z-7lwpysbIei$@}n#3?T86Uvt~ED2zR6q|NMo&JHw>;m)f?AbHmDAeK$N=d6qBE8X9 zUh$pu{R1*$8XAK|y+zccF1M~7eys}-Jz3?!7e6Q&8NF4de}+jiKx$*>WuuL_hkF>L zgZ_Dihlh=g>2jVr85TrDM5r(;UZGP+77{)E8dw?6SE1WfA?^F~%OGaQ9i@Tpq6{({|FghC2Aehp-kS$n##N6C!keNTk!^moLT!Ueq450mQGcaeR;}%AjrO z>FM!N&q80N+i_3SN35eOG+w=$L3ntRN*Ea%qfjV+5(ePYFTCjK~&+qc2fcpX?%P{G7wtZKn=1WLDoNB5ev2I&PB9MhJ~_mW6{e1~oixo? z2H8no@_nf*9_kldlvrbmM^|)}b?i2GfU|?3NB&=#0(f++$V+ra67Tx0c7HZo`Tl&7 z^NDDAWotMCGpH=%N6hBTd_NK0Qxl7fRW2B$D#CAt5@<9uQ|}pTuf;A?hCN+<kvr&-+>PIY(X|RLvT5j_l5s|SM5AL6?hiTIi;NfX* zVqHRpN1Ka3GoS7oLPE9F|5xWdPEO9_?rAAZ81W1e|@R>)j8XB-d=?RXQ5CxzFr6rFe8Su^aDpmI@Lp3hKueF8!-)+W8ei znmi;=>z0p@WW8>-*2Gk6YpWk|qj8EF$b;XAdo1{nmV21;AE~&zZ&G-}l+s^`MZh z^~Z-o)HvkDI=V2#q+=Iw!Sh=?%CW@c<)R3@CCTZNW1 zEG#U|9;uxe89D#YvJayPo9ID(|9+S0E@fbN%%|>5+ugEvO5~|fs?pr$s%=0wwDtA% z_p5S5YfvR_I_uR12L_knH~yX~01} zyJj{p(q?hcCV)`A7kvep5#_Z6tG0Jj!I@Phy`_yrhk{mvW!`2l$508ijG9jt>7(OH zT^$SgJC)p?)#;LXTUfhiM@KR(Qr*~s-Y+XxiHLbS|GK&I#-{oVUw_U8=q*o4$786;Nx9?p)hBLu5RUX->43_a{!bu#T1DP60BBKVLk!Ydo>Pj!!*$G@|>CJx_2V&Q4B3qSmFY zCUJ8|MR^O|Ohxl7t#rkF^R%V%uG&$t?fQh52abSB%xY+3nvb?>^u~=Fz-b?@I&`7K z-6Er-ea^-|K+rd?#^lCZc0A8sQDdTd8xchl^pK33DQ)Dja{EY3VoPf)_rjY$-u?l9 z)Mz`p+GOSBtxL$4oL_PJ7e$G06g8GRE<>yVTP*A{QR7on*j-zj0(qvTr3FH_H+hec zTIhJQiMH`#@V2BsF)%BTz(awta$eO`S04a+l`1&dxHNo(Xuu=T1*glRdZItLKWkKwIIkNJs;9a9se@HKRdQGqbblLF@%O z8Ye>dy}>-@O4GZTL4RVXHF7CEVq;=N&W^W%BZBoxA>#TiHg?!F*-IUnlp~6WbeujX zWA|C3_hUsp_Vzbtfd#QOdS6V&MAPmsZLsFkq~ z+^lU2=j`3Q^(TrD(G;>q+*;n=)e4zMQzy95Qp-_}J1_Qq>pXT=HzylpgHNtYlvtoG z8v7Jsa}7<6Cva(e|Moqrp>mIv(?{~t`6=Y)4p78?YLPz;Q&v;UMpHhC{G-)~Po?r@ zT_C}&ha2t7eOx^~HER<*9tvJOf38q0gkS`Ywf7H@X4k!zi^iVN+`Or(sd)=P$0?bB z&QCq}WPOGa>U=z_$!gg_4zHu#lUFT1nCw!EvvlUKNsrK;*qo}FMixD!^J8r-`a&c! zQFJjKh(Ixl{7Hiv8zuUCwS9MD0WrSyoQBh-8r5`cv{TSN>qi^2h5wHy=XcE2Ed{$AC= z+KpJby&o4(FzzL1Z%)+&6l+FTjvu>D3PG&v>rZ^Qn@tmiecPjsBQ^93zkU0(XB_(O zU2|6#5dncUC|-_lf`ZzBL=NEtYMVtRqdh_J98_7k07)Gj`j#DgnbvwIMa-{!b*$V! z8#W4i&**_ii&hkKrz6E096|Ti||}iz{fx5-J^(ZKYZO7 zOaXZXlni2t1TilmQBkk`jcGMX?^C_*Ez?LB}FC0#ci#vd1rZ} z`(jY3#l}y1)-B8(FJ2O8j4LWGvcj&GXj|KyzY0+P4ZaN0P;vmPQo3jB1)Sh{M7wO> z0PZ&@6Q9l zSLq;aC+H>c@Z=g4wLJWh*M5KYrvx4?ZE_wZ2x)`1gPnRhJ`?UMb1X=0YZDXou3Z)k zWriG6h5N2du6n+wm)Gq1YX;P*5_~fkWTVVyNaQ=T52ir78TC1spCu9phQi#OGc$kk2A z)ek*%aF{90ZP!`ZSiLVj%R3)SS(o=~m95QQ^Oy>&#ha+tRa7+GB}0hE9FJ_t#$DC> z%OT!kkrItIv-mjDbz<_Dp=I_rBzL~^E4_StI*umtmEC}sXE#A5MDLk{e|Z6W?0nCU~zKx1gEFev^6P$ea{s((l)W6aF&7+@y&6g3@9b^SD zWS&S|-#kLi4EL1)GjN%RqSCBorr}Jl$gJhntWPrgq38408;y;6Eo^?86(;hK@(z)h z(z7Bx)?uW>;0T}P4H6QKd|h;mDC(rD%KpZ-0||b|sv1pxVq}guCcA${QA#6iUhU8$ zSEzKqO+0A+041pOSxDYrCGd`{2F{%oc-(XCCx?`bjI4UAm5nmQWTMh7+2{0tNc@MAQM>xAdFe0H)>;u?t7`jDwXxp4!Hp}xKzI6mA8nvI2J z8FWxG3BSNV@uSsZP`I4z?PX+SEC%w1yT3jLs%)&v1DB(v$p@JeMEwR?&Z-jgz6=KG zk4ui_ka}a|P32c9 zD3sgl$n{5TY;17{yxW%3EpnprD{P=ZE3->rgFrHaE9-bWreFlqhHO z;`wUli@D9rJq{H)2Dxp8dpD~m760nh94rN=UluIk;T$y!nU%tK?*{dgg{}5Ccrq0Q zz(b0V!uux2TcwOY7>(aNcrV7dC z=<-M(sxt%JYIa`U@#rIpZ1hU8X=kv9*>NKQ)jaobvl0VlSqe?k)`ngnTd4N-j-{Y@ z`}VC~xpU-10Kk?9KE#{gQlrO$ypJls&lm*bYEmzPoI zvyJ8MAmTW3c(}ThH3b~5iYG3wnen@QbJ2@_9-(SR5J+FlM7YDMWLdn$2h`T|qRr>e zxqEgp2a>(zw(tpu0D zb467%di0*%C#0U+okhIYPNZ}EWNIHJBvhCcnTgI1)xi54mT-S<*IvTb7C}fYT>qpA z(uI1yPRMP(*5P46IO^!PT*$EiI{4vd({DD#&t(-BoFTMhGnZf-71Ti!<#_dB~(33F< zL6Q{RvNB?*kt?I{pf>P1ZKQqHYt1IT{YPKw+!L?1lbODpVb1^E<2+I0{IWzuC76!eRX zS`K$HA$@5+N7yoQ15dldon;X6IXF2d;YPQFGmD=cJIpd|%0}IPCMS1W-1~T`CzbT7 zq^_ITZT0ZY|BvJ8ew;g!Xn8O3dU3FD2l_jEv?0YqWs80dRsgmqy6( z9-KcM1@LZ5=km4p36u&r>?jTZBja?JXimHcq+uZAK>l7Euc#<5kBf_2n47yTl`9Wp+Uijj`|o(+oh&%a<=fDfpE1$+r3+gUgf-ENo+R;Ijd;8w^lj zEm2{O)IjKJK}|DmwlpYO6QFQ4@t}4as3c*RRo9g>&O)!f_TevII27e#xj_J^HYj{` zTt@`Li=_Gbv9(Uw6*@v{5hH7B>OI$(^mJqBK0nyjjAp+c@bAC4i^rh;BpZqsmuv5xLj~ z4!`}A{moBYhN>AEx#|Un;D-TFx=M39Avzk@R%)P-lvRxy$_Sxq65r_-Uhf3#IKcj} z9g)co3|#czCVxV0L7hQN4}wir);+;xlU8C{^2K>Wa&p@o@0%uhNvY_2 z1BVMjtE!?vaHnL__U>*XzgHY6l|aA_Q&z$ zVGun75$7C`1>GY+gOst~5@@T=J~MpnZ8yItu7^)OcQPIPBc-=hl$mEQIoqK#?#al> zNi4BJx&%$Udim>FR5XtA5#{oKD%Wp~3jtt!ixi`CLh2882TKoZi*zN99U3`K zOm7Q1p;a*N&vrCUla@yEb>@bP?NOB)U~DS?H}Ff)Xn`-K8GMhl!ur@7S1+t}W83%2 zy;I!p8ieUYIns?wA}WY=PVm!{LnEB5E#vICQ?x|?K-{t=n6s|Zv-X^n7 zcYeO{C8btkRt?V_j>s)b2i#pBbrxC@t_k>-n;hQ=BAYvDex$?$sW{WjT=7 z+0kN6PTUO~c4o5op>$$4a_i9N!%DeM{;@h?0Y7%+FxTMm5sZ}q6WCB z`g)|)t-fX7zI@4bIvog(Plo6=l9}1E(@H*J;rP&2obPo8X~*ReG!z{?Jllh!9x0sC+vQ^c z*>&+wmWDO3`e=Jx=KJX1oUxRVc#NNcVS~nN=iF#eUQuC*9Kj4CY{$MUl^@c@V@-P*YO_%@!70J%_p#VoWC{@Qvd%Q#_y_reYyMJ|CcPwMht`| zV;C{s$~MKl?}K{3w*I54-s-=wH~(MS`G<0vPi^&26@#idO!#HAP@S(?rHk27dAg>= z67B0oHSF0tR{H*qMmjq4D*1T^Lg9lAKONO|Mz2==)O=R1joUjo<{-@IDl25q>Bk3| zq1kxG)4QRSszEeCHS|!cBLs+!N;jF9`Uhm z1~tGxAagJiQ+o~BDa8^$XSploQGw%}8>AIwjI@{(N;W7KL9TY$v-z)L3HLxA{b&;9 z;`m(N(!A0|9r)C>6V=)5bHRt?iVf1uly>EZ`^-G`AWGeUo} z)3P;Su-LqtMZ)X94?C`M#MA>>qRtd$k*kp3i*J|xB_%S1o<6sFB~FVq3g^f@F&?j8 z%APHUH*K7)IWn$97tJzHkCZE8OJ7wjkiz>qKoOJ=1ZK?n#P7AK0K?@8>DZFP{!&kZqG{uTbf*-%MyxGv+-QA zP@1P5ru3njC-;dqCDm9dyBjs(9tb!CuMP3sJ;{#(AK1L^llFd)h}1R7jfijds|nfC zR!S#MQOzw=J9SH`lF?Uolhv_V_TLxG&ik%>W+aQrnb(>x*9}oH7&Mo_qx-o_!5bngRakA5@4^=n9eJnDV8jF>?89+uGABJmWr3i?sQ@dvuK1)BvX z2|Nv+@Ru}Xi`%?q6LYOpjC#~+)T{EgClS|>AKQQX`pXJBB|lE;vQaLZZ`up%Sf=ad zqno14bTnDY1#=YU%=R*}^KWjU-Z~G+Xgy1x#;tB8vKaSjb=)Uqa~D+0H(h8+u;4R| z!0cs2imsXR32?8IaklTT3~O_&6W}Aoh0zJwKZGJy`IghVp+ucksVon0L1~H&KILzYgRA<*nlX+Zggcch9osd=Wf= zA3uJCLgA`^Ex1%|1b*S&n921Ge)3aYY{c(2R_vf7x1E%odp`n=gc!P3BXgx7DCFqSp4KUe*x(c*J ziFUp&hd_qje+D_uX48gb%fAj{NU!>*rWyh(7|EtVS;tFS!fAHXexVXWJnQuP`V(@yy)b)Le3lzl%51xO0&a2u%K%#W8zYjwP`RZ+Ve{b!W zL3uSDZNWz=e^KA7@Z}Z{FnqvzxDW8R&eirzj#NjcqY|@;Q!2l4uWLVBL%;H^el+s? zVvf(x&GFjLHG}*xGBN_p4>-YJf~{ImP|(L?CXm*9X?Zy|F7B|A%C_Grxa99|Sy|0Z zP0alKrH_QhE)+(C%nxGRt!qx~wyK)VCjsT!Lb<_=Q5>wY`a6gYT3W zLM5NvBqbYn!~G6`z<*u52;`ERgM-6zL2Bykmq)(tyDLb?gYOdP)D_){d*o;Zvgh8!uUak4N}vs_>-bW|5S)X`vX>1YG0#=+6i5x4PFPOfr$?N^9QDFojZ>;=0P z^o<5SCr;Yhaq79y?Hz$XIc?4oY}EuqQ9$Ap7Mg#`p?vW4h|7F> z`RwFqwWiWleiiof#nWfcvQ2ML z{5lv)X;|^ZwP-X_8wK~Cm>xva1s3R6cU3jdQVG&uE(D`fE5G!%qSKNt_Ww!hQbF|l zEUXv1l4*I(x`F(!K3vJonFkJ=RN{%GBw8eWg;HvEq>(wvb;icIxcpKKHXSaY+{(4m zE!*RcQ{96>+4ai*Y)2MG2J+Q&p&k}K1f^6`R_}780U4~ePkn=h{ScHv&;El5g z72EAsIoH=ph_^cVUaT6wGBtGxRMXVa(b3cd7;7~u(x%~mmturWkB`kZ-hG$Pt3y&I zu43@=dmZ7g%}y17NH1hJscJJWVu-uQDr*?Lm%*meIFl|!4S92&mXODXS z{+X|le##>gk1KRwyq{iMn|N;d@ON!c)A-`S(8x$eW@ZzZ$6+D8W|XFT^6FKJOnO)w zRR;gBV>?EGh@+IP`u_cU0=1WQ|5gK4k(IS|Vxqd*>Eo}D{ACT0UsdG=7r^&^R0QwP zF{~D__VHf692k)E`?j4iz@!uKpp+IGoX;L}$X2@VTIlO1!PhPh{Kn3Vj)@5|PR{ie zbS{BT{`6ZkO<)glVCvQmQ%?$|0m_uHZ^6!#dfc%&dZa_MT46=QNcxE zp!GBbx0d5KH(V;eYxBPR*e=9zz-qWv@6HAW3+5cu-MMr7N3TTYG7Y{{EU* z?)UHC!P5;i2pH5~x*!l}z0lw3{!QcHCk=aOmCs*mB>zcvW`FTwi0oy6zypd5mBG z_4_d~No=}(@!;RHtWFlb51uk^qNK}oUG3$jdJ}r7nr5Se2{o0!D13Z(H0CN3YN9CK zy`@IyCsEK#<>>CKj#qea+^^pGxZG9rD~~E=s7P}8=?}C^22SKfzWv||pTsS>xs3F< z)r*4@^36fS5|!QStEE|{DpwUm$B)d^pS70;Datatk2qhsa%?}mIU#}PKURsDTrDj~ zy&v&W+v@J^CaQ7vH4vP>Y8Y5Hm{w$HeNI!q=+$qhH*B>8vW=~_!Z;XDMyWTHi?6Si) zScH=)t8i7MCjDk+{-n&Jsl=IPq=#WgVx%$0pZg^@i3>7 zee4u)mCmo6+vhB@?C`K7sx9J>wXgMVV|#8Ap-A`4JY4@A(nF!0U8f~Bzjs~2rKhV; zHqS^Vf8Y4CT+TiBa@anwgz}@Wzir!a^J%0o_1t><^ zJLG?*=UCi`!tb+4idS}BQ0@J|g^ex{6CKbTYA=xX)c1>Ud*&GMfuS&YVC1mbIT@Yo zc7@KndcS|4uuVspDF5KO?pjaBV&*5eU+8sQ(NFHde&#im&uO10ZPdD=O)j`rdEAR! zts*4z{+c+*I7i*Z7L>cYV`wLPeESHu9q+)f_(hdI`~*c(Q`7cN2}^c`PHwK1;BzPw zc|w-+;pZWLedqD}a?~r!UlkAs2erY{LMPq5EZ;5MBqlat*Wc=XLCTMs&Z?R)Lw&8W z&Nfa0%iG2huSt}h^y2GPWx9_#Maw8(?c5jI32%!4wMENAjL3G|%{9JuOBIzD zHEk661R*T^HIE)~YO_QTDabfzxfk-g4Vs!P!zUHd+0<0E?{R?WF*b(-gRjmrK0Dxu2qfYpX}U!&I!_&OblaG+iMv!snIY zoZ+snEm!f}R?)223hn1`HB8Zm%1M%_Bw4M&iP>q`r;rXZ`|Rd#d`LDzU@HgpzS}x( zCQ(L~q9k0l{|>u~(vlACZjRu)^tB?gPe5$lLBQj8>*6!DXX?QxY8vj7=dO{HEFmsR3{|pnZN!*2BGqba83rckkbQ0gP#Oa7AKEhV|`G33s|J=DZ8MX`Uv7n-=vPMe0OG`@wO?4bYGtLTb zV{k%Qjg&0wyUfut{LVT1;hCAHnwpxx2EweEy}dm>J-s?ur<0PrnVqVE9IOi<=riMe z9B}Qr#OioO*;}C_a<~OpP*=b&913;%b0-i8&*j|l@hUJef|f0C>l%TY1H<>ep|;M> zwT=HY&f@a9JYBx&t)~#FLO*-PBYPE))PuKdR6=Go^4a6gUo3W+! z^)r}WOcrvI!Q*;W{|E z^k|*$ND!=FFvAF=l)AZSDQRhhX5q}vavwNMVEC)6v(p3JdI<{>0~!JM7lt zqwGo-jH0FANL0{JRds|t9c(X>laf+|9xue(0`aPZ-GMWJ%E|Fu$cH&dFq^}krmt=~Y^-@DW^K(oaPt)(0ng~U zfngy_%}r0A0`cv0cFGzlliGtvm-f)1D@nAM3yQIF`}q%>Fd1PqiyhSWVCUs6 zfe8{#a77dww~^7+Lw^Ysqxb27=|6+%YA{lYs5yoCg!`~fsIOp~LFAlCyynX18seJ2 zzkf$8k959zvZ#l8wyHCXRD-7+QMET>TXW(Ju>lrV$JL=t(Cj4M(TKW3Z(s|9Ip@lw z9fd8ep#5E8;nDi~G#F)uU}RxsjT85&-t0-04rO9yj*p26rV`*_W@Z)<(Z#bnIdp;! z#zHYMHdYI!6ciGLz}S$coSh@8-BtXnx}%JOemDYh*oUB?zTRH==}!zbC_Xty0z7cS z+K(Gt54X9EnpG4}w za2Q3)WXQ#CbqcS;0iC;=z!vYKsiOv}6%J(XNe_A&Ac(hT%j|2SbYQL18*v z`Zcz|;b%5jkm&1M2bxdX`QTx7bu~C*p}{#4-&+&m$Z*D{4iLv+@ktLONfm3QdDat+f@6(@V6V1$9T17-uT8)BnKOPARY z0sWD>5ChI+S||luHWu&=xgMrl{BjEZlXwRf#6(65*P{ z{0kklo=i*&fbb^8sKcuoLNfnc@*ndsm>T&LknMOTi1R~p43}Z!N9x@B$4%m=(|=*r zl$BF-jZ*Ol329&s``vYhguL=qI2VULd4c!M0NVkC)G+bk3~HiTt4K_~bOT)AwO%oWFS z3LcYt_`oy)VrywQ>CfbhuswXJnZ0xqmPcE2^AKDO_@GS%mLG^dm>_zF6uvE)2Ht)6 zgY=2{^y!Q44>f)LQ+R?y&FLWqtV}243vCw2kFeqXEG3w6_JXG)(7+=SAnnQ}Jlup- zv*#2+pWUeTt~Dgpr1${56r*Lf>+qPG{IZFa<>lq|^%~gG$YeD4+8`pCyScqRLD;3B zuBH>_kxyVN*TA>gmjTm%ZNN_HpP<>Oe@C-D_;gy~2^D_;*9rHkYBjerM%>36+G>bJ zy{d}W0Vi(rlU}$)bRe_D)-M~4r68!{ik5~W@ zL_q+VjjY>0$Up4tp_iLzP$_;JIu20N|kVP)d>l-U~%bMSX>Nx z3XT3bGqke=408Gi^+#kS=XIFZkOs#GV7XbLCOkS|dP7nZ#AJv=N^$Q>eT1T{Y_5_A zYVV`^KT-BP2p}5nasO6M_>nE#2cRLoy{t5Mt{$wNUh03iUd05QAib+nhSRor;60gkiM&|P=05Ra*Z zOc(5$#dFp)h~@JoIb76WQmi*0fKPTGCd*;S%@UityEc9Vqw~r(r^g42$pThGcj)=V z9-Tvumew#l!~=Y?#$c{#XD=JG-&@t1e`)W5TRUH;)GlK^;FEw{HiB5p(Nj}HpQrvY zhb}h{kFHpr%tN=F@b&5=7|ck4Z@>d;E)&r>S~34xY;HiZsb7MdrcxlOUE!R+)og!# zxX>^#{0O)4x?^4%T?G#*YE?6b=RFue?EsIHX~p4j2{aTGEN32psk&SJIRHT#XRCt1EW$Jx`1>r9aob(u=cN&3!+uy{UZVkJ>o}8SF z7^9C$PKF0g30`NpcMl%N;eYYyJ}c`;k#P|B0A?3xXC(ebHgGhjUISvTCq)w9cy)bU z9O_O8c)`*xxM=rkP7nbzGq2{eO%=e^7~AUx6eBDozK0K80e-;L3_oeT_rI3Ym>bMe zXr8aiDw;!h5&-a)`{41U7IiNv7RK$k^c=>1 z&Ym2P!!-id97d%N3M$sL!G#66SwnV&?Epa2wsKQy9w#xdQSqNkB;)M7m-g)cVed_# zvEKW&al1inm7+9Isk=yKnKDF!R3ge8A@iIe$y`b1M43V~ka-?5SE9_3Au>cEQ!>x| zuOHg`Ip=-;XFcbf_x-Q;to6UwUi*1!bKk%FJAB6Lx;_t~65_9xZ`*27&Q|so0yF3+ zoqNc5cr!&(9DL}P_pm|IBGWI7QWZw4ofa$s#0vj(8f8W8i@5 zwD&_`x$sdX^>gHJ<9x%y<`GQa2YU*x7IkjYv&Mc@hGDJO>=3C{Yn)A!4P>tjZaK3n zNHPjYiBkE8%b8oWDy%zP4b&Z0uU?JMNW)!#IeJ+#RA%XQ$xgm7MKT2mNMGS#%~c|< zY+qcM#46?ddKL^@%W&}E&W-nohy$jg>_FX>;xAuv)6>T!=o=EDtN{vkM$)Ol<%IRu z8BSX7p}f(m$jzprU{?__HivJbIF|3;W_s{Um3rv=hECS4^d3J(#Kq*d%!ce@J`67b4~y6Mo)>LsAXGj%maAUqsF;@87UB70 z%MGd7kK%6@NPgk6Q{M{Wzu9q{G%)kOUyh@vp3i3+ai|^(zo&LZ{JqlUpuzKZ-mb7uCJu}~a z92>J1t`*^ouZiSPz8sY6b-yW9pTE(5d12YiCz{lv4yld)6ilC?ZZGiRxyjkK<%Y@g z9tDByQSt-oTSOl|6pE>(lk_<_CCXXJotKc1Cl+g5!dDY@rh96WW4A=e)EF&Q@(=FW z@DlgjdGcdj+Fs?g{3czZx~8vLR91CI@z~qO=*bzgvCNLqeQTQ8{+`jW_3%JySm4{* zx4Uch57c&{V*s1In@9fvg!8-ug^wL0Is;Bli_q?2S5DOiD+rd4lUab-@BH@I@0X^=&!y)No<8`R0Lq_MQ{gfHi@Z_Y^U`8X}c8^`ieS?~3 z#o!wL7-=pWtyE7XA-dk~OJc<;8hHsaR3_u2){Vk&~lmrr7+4MO2}+ZD{A!iF^Je1dDF z+J&u4`)1W;JSd;jzk29`b(3g(ZEwEd7<+5Vo5%B?rVr}Hk%m-q`R(mfs*;{^3k~-k z`OshTh1qF-xTX9+l~nJ;NlBm4B&qZ#qWzz2ZVg|%!k&Asw0p7KE;VlCrjlRFy7$i$rw&BduD51sn~ybqJZP+eAA?=&pdB1u|n%krw=NQr<|} z>)Wee!hP9I7(XoK(R{bwv)BUJ1;U{hFdxVfcKD)C`wESR&BDK4W1mEC{`v}|3@Zq2 zo4Kd1do2b`1Q`z=d|@-%E+As1$+;7eH3HKYjY8w&I-(zdGyTzCxY$|jNg&^S51c_G zt*Eil`puoSC@Ue{9{|A&0q@pr+v?CALk4#Zwy>+rA34Af3J|BY;lfZCng8+J2e4ZN z63Mg-jgfG!B93!6W5$!~$_t>VtGREuS|@vRDW!U zIuvSHkhkb)EiW(sruJ|{yjGc?2Yo?Kvf+KVx>~No8?QFb_}D+yu*n;&t0r~Q*jYc{ zHN@-T)aW#K^2#?|(laCNVW%;F@!_Sv%q=hOw_UZ}zK{Pa*QdLuy`QLmtAA?k?8_}x z&B}XhLV9>E+$hT4&YSg1R;2NJ+bgHD-Q*Sy4ZiKODX2ZP(x|)3BXSi}V zMC0ZFO^^V70MH(qcm_PQP~@}w_4Nc*>4y(!8ynX}*KFc%Nyc^qlOI=~1KFxb`(A|V zA=e5Z4+X#k0?=`|YxfU`YQbwn1<-J_Fk*0!0HGTo!o^i%%=abmAg&D~BZvuZAN&~3 z=UmVJY+Nu}C4>aa$HU_?_!b1gLA%rs_CU>UFau_UxcR(|s-q|c$h9vbiiQ$_2)ct= zZMNkF5Ao+j!U^YC!MP&WQH(l!_Uva=oWRL2YA1|Ih=_x&p`qdU9u!k_=4Zy?4+%3jg&$uV2NBzx|@4#>?TE z2~wwxgPqD72T9&RbECOYj7j!nCSL(cHs)OcL<$M_#o#y!1;kt38X;N(-Kof%Gi~w%YgIrbLfEA9?RQ z&CwQEs1ZMDVr`e1D<$@>DD6m3;GK7e&dWB=6d!ZEIyiS{TI;&_wQu8lVu#uf%-!=C zyB5cBSTt3-J;HZC=l5F9NTCK5X&u$Gju|8GS5wk^Uq;#hNw! zM8Hoxogarg#pMX}le5ci{XcLSCKF?THwFQN+A*g|&-wHFR z56CG3R0M~!bJL?q=_bhP0@$yBE%+I(#|)B~$RSYbBFY6ub!xWx3y7;g7YOGusD%Zk z+qv^5To7pO&V;8zp)Y_#-8B4JeEb0FT66f@fiHUnEMDNWqC65;P=q`fCfD|3#0g|6 zreb1ZkP;kRS2%Nm9i8Y8AA(?x5%d@0d?K;H^&#vWf^^+98~h5&4G`X_E-Rzf*zwa{`=MlR7U=efzWD&D!BU_>R`k62Q#YmR zu0D2~3(E33HshPE$Typh@s%`(RcCM6wpXT{Vp_l@kR3V8rNq~#j=%Aa*Hp(zQ`>GeSOrdRj%bn<{3hLfbpRlQ=_!Jf|J4<};bW{lXQQg3x9H zPy!b&{KTWyMxFBh~ZD&73+ zJq>Ry*CvUWCPaqM9Me&c`f*)w@r)YZT`{Kf!p&l{qMTA<9$5v})7CFOg@{+CKAFq@ zQN-_L$C9%spde4Ob$0!6U4Eop{Z{lR&yGS~O`YQ6`gnhfwGCdUO8T1>)jMql6Efdg zHgFgAiCv#qC@)%DuU)dRH6!U4BKWv=6?u98V`{MW&{;nH9ej5zZ0^sTezAA&-|HdS zCCD=9AjLAFAO`o4kDHEr1=yUZc_&0KrqLHc`$F#GMS@0z*t6ZNs8~g3+%~^bH;&;r zjEj7IanaBIemZJui(c7uVPWCe9v)invWRD$g)gI;<1)Buz4<~aH8_dF2|699=zakSAXDB;BS`@C{3t610t7ot$hJU2HZ^ML(w_y z$M!*A^E^Vy#(3qeyLabl7E{bVpLCk!S;{<9-&lN(G=-r^N;QUYq&*Jvg3aC~4^` zmR46^LwHBTK1A~mDl1(_>k7_|I};KP_@~WjajBZRVZ$sQ0bDzx-NGpK7=jPa(Ly6C zL~vDj02oR>oD;}u;{Oo>s-zK^PXu$qb8ychQxTBKy!7D8rrE36iwm>JH&Wru(3IRQ zVDZk;rE%zQSCe><+INJ$V1#b$(cqYSY+4hqT269b7sR)Yyf0)CbWm>297#7JT{6F3 zSl}C}{l$ag?| zT`!MKK^bk2t;-y>%P4=2&Y(@N6_nJab7jShrx@}sY%8S z<=bxsX2DIPkcy6QU_gKf5-+qqAn=KR23@`hqG^_*b*8Ih7;#Y93`)a4ARPJ;iaiLW z={DZO1qWH_ycn8bzu-6!P(w=w*1#UUA`(P6J|X%=?p;Uy710Awe-PXVc7wW9KCU_X zi%0`h@i)*lg=a(Kj)4R>7|v^?kY(D61lV8fbNbJWW;b5bD_VA2jMfG3TxkVd43; z%!B>R7h;0y;xt^m0}nQUp3Av&?)mC=qm}$<9>L&2AXFhyH5+<{ zaTUg*tY{8?1kV~N1(dl0e0`s$8z@>nUUEIr>N&CRbOYJF9dl!ja0W{TI^;Z*ILOEt zg|&I{;%IV0Ro$zOca7S5QC+{W0K$*c^OAKPd#l=e_sQXl7(%GI%<5d>`Jt!RS`V`d z=VXs~?y2rk{qWhT^Yar)6`ina@^&aVqOLZI7J8$=@X#)lIGT(>?v5#+R6T_AJ_y}u zZ@uYUX~epy)Owp%Ijn24VHQ~OkGBfr6%sBVmZpz&F-n}6;f`fKYUfz9rqHfLUU%VT zLE792WB<(OLQWz%qk28o8Bl|R$TnoFBa?p}seWr6R9NVQ#LV9)<7<@jfbeqZ;j45< zl3hk1UtRC-VwcIQ$8q@!Ex#*X3wIKuCM+ti{f6wxx%^cD`_7eddZH_UfBw1i(i)PH zB^K5HF4+Bdif6*1?Zt3ZM5Iea;1B?V0D>A(t!`E5E=XM}D+>UVfWzf+7JU8p-gIb; zj2G`vN8y15dJ>h0Q0Op&BSj-qL_`FwO;#qRExxFM5U2o> z1?(LVpRmg?wWuNiqb?^e&v59_wM{E!OBS;?Y55phUo%%Z_3 zB*&5G4F~ogIdVx1BEZo0P^B)-kfW273-#8ZlriBmS(iIz_vpO-Y()0zH@hR6jo0Mb zLbghS(~UXp@cM4Ddffv`S7P{rqNiT&tKZ90Prj8#??BLMxezIrHxN%*yrqmX$lIc# z`T2Q&*9OSP;R2}1^fo_PI>S5m3^ZTu*+y9!YgFfL?Jsiwhv)4 zWVNY$ajhYHfeJd6yN?eCQcPxMiL+;w@@}TMy1oaeP9a{YC_P4V_iZ}yer&hHZVf2&SyV{F$EFjKYs z<;Y&`RQ#)Q{&yK1b!##*8Gb?Ms`AEYuX2yFIAi(okR>QuojYv6g7&IYbmNXQd^&SA zd3$V>d;0m8U|P{z`308YqQ{;8ez*U0QGFzOh>UEZPmnUdrZ6SRE%a!p<@eF>KB1~> zB*D8G9+XtRshu8s$|oDGp^J|}DXlVge?;ruW}{tumuH*rTkg~2VO>r<>&Hx*OGqS! zwUOgtON|E^y_WAQWT=1W9GE{mK=xW^;YMS|leWF2k$&G6b)WAI%kS)DKszeI(FF(=jWys@!72FbOqTWDZ_Cxk&8nKcQxVcT?C7m%=bn2s@{f zq7;SyF>QH;GRR}eC?K(NNh>f*Gn=XgH8^`%DM(cue8DA|iF_4Gj=o;n5_)e9MK#EJ>?G^xYQH#O*)57`0{ohU(*pAF8sJhc9| zOSLZ*(5M~@T$9#h%v*5gaD{H#5l*m*HZlGb)?bjaANU4{NJ(3yRdY*%-X{%CCTB$Z zwgMrFnn$k8h4RyS$5M13gx&pIk3hU^$9;-_V~Af(zuc!6JrP0J!eX@wVmK=2YMP8n&{F~61@G<|9 z&6hRd%(BRA<`1bvFoy<7hP4`rnvPCL|KmOab^=k_BFNpsdv4vcrxl1Hs$HBKuMx(E zhOV^YqFvzJm))>F>Z4_@&?$yO)>j005P*V*WgtNqLnd+Xf3fP{^OglO1o?m3j{URt45F^peS3qa~j`)4D6h%jq+!AjBqpJ^8nV{J&=zJ`_z~ zX+aSRHjre2iWTlPv}k9hrz=ARP%H$l(gG+uz(2P6;<(+Xz}I6YXGY`I$ zS5pCL3$;ZBNl8iAYyiVxBV%J@Q4&N7)@y%#`DwmNgyxrW0fEKBa$XDy?5J8pGn7Qy z?ui)mjB*F?Qcz9);|~JV^gFgZ^gFgR?6{+6=kA6~1UL*N=s+j4k!r0}hrS0<*W`FrRo|{eGMK=dc;CN;3@FTKeeAfLZP;)AKt$pNhJ4ND?^LMVy z9Fw@p7vg{WjYhN)r+Lqb(QBPr^sX*0yc6sRpSn$tg+PmN*P1nJ>dKq)s2}!r_T<&* z%gJ+EJ|v$ohcegc6o94TCg^D2BtEG(lrJ!o3z9m)xh|TI?oFRW#+!GQqH6_CWvr9> zZPe;@Wv?cK5hbdzeMg;I!sU$1ugp5o_eG8n#|lkL#M#7%7dIu=00h@qL!`INN#twS zHYKf1OZ)%YLcX;RQ9HE5X$^X0Ooy4``uEDsZdwl3mjh!3#n?@Z%vIvcUzmv5V>fjx zR4L5rrU@KAYyb((2_Oy8Z+JRq`X0?9h>XF(AyqmgD3}98I_U`dX8_I#2&|wOWH#Wy z(xR{r=YXDt|7OUx3YdL;{jUVV#%3$Wtn436CWq=PPRI`a|0eT)o#;TD#8Fl_1zK0I{Y*G>z7&SitBu>lN~WZv3avoe?k_J zsDtNGzQN1~>RENzC}gkzaPC<~S4%N|LfjY@zT&lCQR8X?CV3fM0<>QTh+jml1M1Jo zfKlM{JkI_TD>wK1WBp%!)h$BR(Zg+?@(dNU*IH0ajFpeWy8x#Pus!Sc^N^n#F+?HS z%q)3ybU70tQ|t`TGiFmtKEBHy{XW3??t6RJ_b>LO9to*b(0cgc!&$07H*K;yv$yAW z!1cAjxP-jWAqDJ*ikB5~FDqMZKYEEjCu&1wS$E=k{4|J&agxcU$yk9LsNTdk@50tq z7P|X5?8Yp)&$;OrLUPBAX*ZJVY}v9!hC^>uLNdxTd{q4TMfo=sQna7nqa#F9+#qO@ z*nCZYDI1rcetYpM-`eFIIF1E5IRE0d?;HPlI^J^0?ic{yz+V-Dnt56*sWC7xaL2Z7 z>Bdc$Yi^#9vkxe4hP66Ytx%WG9AEI4$v^SJ!e`PTUoxmZ?=_b#K{zXRT!8 zo_|%i{#A_E|D-VPC@I>%>C1OE5<|~gXIIRz$*5d6O}lKWS&c&f5?z2h@zC7^zMYWgD@8pszw{y-PaSYjkXiSGJ5s7m z3mxAjvtwOzF67H)W+z%c1DSRMVu{bZikP5F6_kozf3#w)rtbLO@akcVI?-88J`<4irEHuvLmU1b?{pXC~h*tt_yCBEBu3=h} zp|Pe@mQ%%-8@CLd-96H>Ig~s*$%IKnNQVEHP_N~Yl-|eUvhlK`sLLFi56t=5!7*k1a8xd2 zB?7GXUwZhzO=pOqbGE;V<3p_r7w#8pUMxXek6%Um1}ZDc)Z4ac7j9pvJDRP_s#Ak7 zyBksc`48g4f3&6{y8%-~_XoNorw@vV6rk(_*vJ0;SBE=`A@>5U$IF0k3w1AJcgeP~ z$K^k1u7ZlFUF*t1W3xzFg7k~r4VY^5%9aZb!+DIzlfCmpJGM-ik<#dSg=i< zHE!%J!5@N|4j-&eko>HE)b*4XBrcg=84lw8e(62?=japjLQimBFqA;6S@wNFA*0LgR}_hi~Wf4eg>_?crvddiNrVu)pB$q z2F^1|24SAidOKXajU+{(p^?~2#HpRY<&K(Yep9f2dNJ)Z#NBh<)A z=<+Q93?=p*l|M*ZfDFa{JCaPcoUd2IHDF^i!P6mG4gqfjX)bW5x+zLXk{{6kOS1=p z`dV?n<2#$Zf&bk8ReT*+nTD+#pz7_n7k14aium`rZ4&{mKyE8w!?#B(t!Zqgd`^@s zttoyZL~O1&y9;f8?6j4B_9!cBe2TRJkqkFMsId%&I6|$e+doKhhiDIaOtE)@LwJ&X zii(O@JQ7eDbZCmbE&X7Axt(!Ybwjjib!s4Fc z=Er}Vg{Ze0U^zLxW(C6&EgE{e0WKYaM4NayLqg2Zo;#z-IM7sHD}rw+jqEPaVDngA z(aAxAlq_Y%C5Nrgll1Hio_kqZSRAQ!vXVdh{#9?pbg;v-u1--($VN%O=&2)uy^zKL z{;k7QzIX1dI#eBHG@Ze9*Zs6uyh5B-+N;AMk#Bc1u=$(o>guXBOy~T3IbQqub4=t>vtXPh&B0<&Z;Wy|a5h}atExBr7{v0Nuf41H8v@*&p z7M7M*L{>6hjh>li%r>!ve=e&$0h;wJ054+NsErWCA8HUNG1u|y>pudkSIWhovlkfO zBa6-h{cv%nv2Y`K5x`R2)!`f@R4LJDM-_oYO;4{bC-;41MTUV)sIgIvv@$bKLEQp0 zYsmk<(qdme+g~pw7XH4=(boURF6qB$la{(FWMosGhBvM}sCj=%j6!-xSf!wPyZP5g zA8$x)+-pl!Dykghl$u-sVV->_3Cn$J#-hBnajC7Mr9L;;_1JlQ&$ZqFK zd{8imYZs=>&9uDvC6S7B>1LFEQAKs%Qh-B7_6h;s_;Yim=W1IQ6TL+3ZDzBL6Ca+O zA02@V>c}=KqsR=Lqm{P~C7yLh@kTF0npRaY3#YO#dHU8wH!XrOOigcWT&|?6m_|M` zcBXPQ*{w37YtnLh=xJlG7}yK)d@PH6tI71%-sA0?A2TVNdTt{$f@J5~UNSPd`^W~q zvL8ECa`|%5>F@88Qg0;9WfC9C_9n>bHx>X(YE;umSb5_0di>RL3UO<(roXf>EoT%O8p2m0c zC4bD7?z?)BRhc6C*4KAeS|aYKY@;c@!r#DV74b^ZJd+YLOg!m4JUdn$I%{5cR3(m- z_>5^)st~4{pOsHI&H-sjo1y8rK`SexH(Yr?0EES$4AE8NCV#6r;e{(KfXrN`10Gnajv*b z*IP~w2EStKv&1tL@cM$((zMZ<_&+r)g9<9)WkSMKwx+0j0AEI3^+kA?*-dt`2 zW#B0>>BPc0Xfu@2H5wURNh>%^rSr0D!Ms!2MNg`4=Mn49ea~J+2+40@UHJ?-Att*M zygHxC{K~&k*W~sX=mg{&*72pAn4A_fNID`Bkbm9#dXS#`kC__7>w2nW(SqJN&9p(D z?mt>R(_Oi$KT{IfYiw>3Iq%hO|)X{9Ys35^trbb4)T8D$|^!?UBn^k+M z@@;?d^$rVV7R4}o3x44W^wrHPS1@Th-zf9tsn!+U>8ll=2GUh&Zcvh`uW?{$?H;Gw za`B>LO>3IZ@{^G*JjZj$)P1hMKkf9S^A2efyPf==E2{@}kL?cX3ba;#KCt!|{R{Q; zFK>Ji6nhjB?7Fn#w{(quXcp}lac4TbaK$P&U_Bmb={5Dj*2Ku@PaCmEbHalrCz-!= z9FOENODvbP8krf+t#hhvqFl#(zr3emNXAv!(MI&}0fCTWjmHz$KW_ii{YOLTIvlBF zuS4G(j1)ug-zTliQy#V6lsj!4tEZMko;G*%r+~o+(?9HO40(C#dF%E+8%Pg*SJ;-i z2l>`<9o`{X^=cVcx1Zu7C!6}u_wao14etAH_~FW<`~v+|d)N+1pV1YVbzslcN$T6E z!!cD|!?%Tp?sB-YNcQ0whf9pP!_gkuVdkzKmBC$i={P(oJes`MeHD#+>gg@7wSi=7 zv&f4L!0WM?%E4&m_D955h}oC*p!H^iTkWMrXX@*$EsT#fmhiadbkpTy1vC#7dj>E*So0C`6!2<*;_pb@i#^F`wQ>67 zUaGFVYL=mxtE;ZCX|XuyPMe%GWT<|9gmXvl&h_rm`(FNP^_=wYjrAMzvUc#t^^wX<~E^BtjypT};U?O*3ovD`eY;NGrqrfhqp~r{51~>3(2gs_u=;?Vhd?NO$ zNknAP%W6AIt1%by?Ihjl@#ofE`Cf7XBFcvac9k}jD3GtZB0|-r`~78p*@OIS7n{?i z)wSEy;@Gy+Hq0gWzIg9(prXsXV!$i7EB&2UOU2yCX$2Gg-jN`VO(ffK&frtKr}erD z87`?s_2}*RKwBtXR$&vam}uheWp$cS5RdG~Sp4!sVfHy6*%vxjW{pkNos0I9%5H{) z`9GFTlwx_mV??sgerjW(-EhIaGsBCUD+j#r?&%U-6aBCt_-x~^hrQ2tyOwh$O)iev_y>phHum-hR9uld*x}SF z;9NRY9%Z)v!S)W?+0?_kSAC{DBlY-IeVT#6Ik9uYLl+j!B2|;vY}U&-*wdcLa9T_D zh{E+2#niREt3JD=2Hvy$A(Q2p~p=-x7IxD=XgHZ zCfD{kH6?rCNbS5xM;DvsjhURtSNHZ(wF*s6`FwNA-1{*)%K0$Wv0VR~=9Atfi8m$& z`?l2N1{!o2aj@iNMmf6=EIy*F6pj29e|%DFMzzIZz9~Vmiz0r8GnLArYo=pwgq@zt z;W>+1?z(_M-S0l;?wi{_>@8W_IxW;~ke#VB>#yTku*sc?Lum2W+^6l7j8*E3PIr64 znA0@+;F}7z`?#6z&UIR}x6kHF2rYI_iHZeiod~ zMs>`?Zm-?ffRQRAp$6mr`bWx?p;VXKYE7~!|LChrPLp!Jz$f--g8AFK#~ZqA69V|u z`Mw6OUOfA1*r)H?r|a0)JdVtf#0wOzWSK?NtC;q#TCgoL6;@wUzd%DK!wf%4=1Mkx zYRQBjAD=q;FLw{ zy$ODP&T8;bE?FMeUiA#LA?&vrBuP5zAJd z&W?4kEM)3qvCGcM!6>ZLOxx5TS_#aui%ZZ{f`q>38vFg>gz=M`%UDZBdpoIUYyC%t zXK&}8wRj2NPTW2ksAhiAJh)KxkFTS_jd4%kZgr&LF-tLMNQ1d~(L+8P#x_(w%khJh z>)q&l{!iwOlDB0P;}+ktSBylen+oR#N9W}~)O$z~{!8Ut!VG^Z;lZyxc@aAEq*6AP zC1yx?N7P>PZ&UNLJ#sdJu~Dgp#_UdSlWx02XGtIGzWTZO{6O((?1l2oBU?ekd9{Fq z%E8{z3sdq5lm}Fl>f%m_{mH+WJy%X&MyDe1*qXN9Pg#WX&@;}YOEmOdeHjU@&Cj{0 zXu5aonc{oa$0w(zx%Em@u8nTLKZPXkz9eEjP21CTBrKfN+zK7X92x8$Dz=@vb*IF1 zoYp$!z_YO|<@XAqvR5@|B|El!)bV?GQObd2yCuwwcZ&T>O^Udb4hJ9+>gw&tg$is& z0j1*w#00V{GSyLwM$H=yE@z!azj&N!dLTf_MK9Yv@%U^}$U@fzvNdG>7poJZ9(u2) znjdWpiKhSdcrvm5V{w36TVbhi!HDpenm^ zTI0&^6|OqIiD!I^Or+U*nbo}h`OR6^79o>zkb!~fB7jGbh>@9?IY`NMh(vwy;t8sA z?uVuti^`I(spKBnnhWo1-*j|QBsL)O{n!M}leUYuAHA^uWAR%Q@7NaAqUMO|-FmtL znngMRNmR0XLK+lCJ_$W;-Z>f6_QXbM`pZp$O@`03ZQpb3koG*ko096Br-!G!Pz|qZ zUO|5;tAd8@`$fh%8ZyI(7}s0Ok@%P4X$L*Ke4Ej$KT84YgfcV>PjXh)A(D}i(fB)A zwZ4s#jbb0|U+qb=KXi1z5JS@7ck+rNSG|RE3o64UHz-ov#pr+5MnW9=+O=!iV;zb7 z!h5Sh�@DX-EaJk%C`>WvkC*hxA&oZ@SrJPpU5#?b(>EYFb*-d0B8ISLV^;aA7Zm z6=K2;1RUex;!4TtIh?1eI9X(T*w)r|Vq$`voV?=H?c*{QDkZ$46S`Vj2Ns7>(}{gL zIlPz)KGF0rJn+qAA#dr-0}U%w7eoMQ(iWfMoRX( zuR_Gu#DQ&k2koDd{?_bU?58%X=-wS46WK^Rx{F;=L$G8OP|lH&BD+|evNI=KgBit0 zzMyR@&0Rfn_vF>Xy;>9IcLxUsUg*r{$8VtvU%dJtc&w&o`oXFSJ*5DSiYS_#*sBXk zR1Lh;WqTVi+`jt9H>arjcxBlK443u>87Em;S#^DSSyydlQ(C|fGHgH2gUa@pWE8h zI<~w{`If$0-pA(V(2q}Jf%J(sAhKzeWU7ktZEI8Q@|L$-FB37h!zX`%bZG>Hpl0|1Wp@9KZxv6|L{e);*!m$=a_zk-u&$IkAtuI$ESPl?h`Gcz;9Fxxp@Fjx*! zyF+?gObnW35OwJTGQTT#r2tNLYjK~7%9pY0#g@+7m;xr^&R)9Y=U(c%n99e^t(ACV zMc$T-EShA3S6%f#BNcg?&8HI*X78Hs8 z?a#>0KtV~_ zmTmbG4XZQ@Fgm~#T)%lUWU?QeoV}c32&KVe2M-bgF_5XLkbop2h)Muzb0{U>s_sdn z#@wbZwE2M%N0+t^xKWF>3iT;mVx)_ZNJQ(uj7G(uT-U^89!6VrS`^J~D{^r$adB}l zlE4>NTRM%~JMlKfmkP2uLIM~~7Yfi&l#noELQ_d5z z#D9ttl_-IOa`vERKwN2rfS}+L5r>?j#eB#4%O; z%Cx=>-^9v7&nztatld!~pLfQ8j~aQcR8a}hK1lInTqL3U0OkrF zIAEyoZMJg#ZTX{I^;_tceut*KGM3Wo;_Y{Gr;G=>8L9B|_i1?zAsI)p?)nW&*>f84 zJ=pHgl~{LdlEf;lWQ&h-dzDZs#vJ;TQpV;PByd%>E#|aSqnge+EQVI`rrXvF`3}l<+UbjB&4)J!LEgp$s?B zVha}+LTr?z$SXl=sI47=uo)1|*z&%OUcHd#{NpCX2q#nY=*q7Xr;(Dx zQP4E~30qg}K_jNEum7QE6#hQime^8a3y6Dyv(CluzfOE$4-c$y$2+-m#$t6iak$px z>(-SE#!zO*2y@XClTsM`TB;ox9phuQL5Gh4RA zSIOCXG{e2PpS@AChbs8-V@3uBu5zf1={UaLM9ag(z~JHr3V(lH455yRCIV=tTYZ5> zj(50piFz~>Ts2lv(Qr3lfr4J5qaZ0I#Xwz(>(QQPQxtDM+U=d4Ex>Xcd{pWhLPj(C z;sGZor>Mp1KP5M%;Lw95RuA=40LxPsa1GEW8Eh|XhX6gAIGFQ+n^1!*x-G|ltwJh4 zxRx3DSmYJ?{l3N|j&>)jojgkye}K3KxBy4i;S}aUZS~VDz~q1a{0RYoL-OCT)WoWt zGA6DIPHTw#9^y0~b1vyLPXh=C1YvMCcW|hI!Nnl&L!4t+4Pm|;KE&xKmcHcY3E62k zc~&lY>JTN?iP6!JV|F({t9Dl6w(7w+U=krfMVDsvSd!6*1AG%R{33xvq@k3|NO3Rj1ZRd_EiY*L znOtq*g_!SGP(Yl(@dDr;FAmth zs=#RSE!hIOO%`cai|zr)ibFpOLmh2sA)9gAL3fe0WXYyWGGxcReJvLf6zlCBd&1Nd z!j2ehh$$fu1$x@|C?uR>fO}StYuQ4xcI(F6mUngTekm^L;;wxAGgKG~p!fiWV0mGz zAaUqL(ws6^$)3|xxM&Q!=C^bS4&W4{^%<{}f>{#$0s_-GWSBQ2cZ|4j;Z2J>UY3=s zpDeA5kPPGph095j1ZH+v_S|=NKIO7n*2EamS6X`d#*G^>p3NA#MF6*gJFG56Zh~FZ zObJr%w#WwO!f-=;9$_8k=AP)xE4rRovIN&~D*Y0PJDd;m0DA)BKG;sfxa;Ku36Iw( z7%ukB1sz^;cGN)>ma;ClWB9n_>F81(hX6~Pnx1~}8EzE>XUi5v&0_N9AHJ3tR5uyY z4Ngh%U$F^mmJenOCs#S03RDFFWC3drtO^JreZwqM?NaKl{20BDWgFw`7UIrn#7ao| zzb}D{-HgM@YWWU^0*j-lsMut^Hq8n@I=Df~Mk8`Uz2iijNNnDKRc|dr_jX5&n@med zxmwkhm7Kg~{Thf?fOlqTX0{JwYXZT-!_`sExn2sN$F$8u>={&=)C=r`-MqZLgLjP} zva5sM2I89XwyMvcKZA$DopuDnwK)X^AN#+CDimC>+lSiPR2*Jv_ZM%m44G+q)q+Ao z(C~yJgDJK9J7~i~MF{2=lzL9>4_iox+%fB7u-J1){dT38un((PnnDEIVK4pVq{x@! z2g36chj=;yHk4pV6Ik5~p-jGKCCH=Rw#b=iFvN^%MF}q-P38(I8uF;-cXIggkPt8# zzM37yxEtUaA;l13_z8 z3I+?lAxP(2YJjv07T5=M>LWHI-(dwogtUf;rSM)ztZG4d31ngPuph)SmH2@X1>wc-|DJ3@(q0U|k|XncKr z`%+9DluAWJp13h@4=U4QX6<-fI=*2>r967ajXSs-9dSb&;abA4a6LMNUMY zxuSCMLvE=l;TqpJHU|DV0M2N|hPYEi6sf(~XV35djtD~O2?v0WGF**aP}rAwNodI# zCi_XtyM`Z+m6EJ4A%1Lg{CC;KkW@>l0Xe6De zv>f5$>KMLh{64Y*WILR4z;p4+wwpA~EIPanS{=|G$$TEY{;$XXS{{L!INydrIzbwY z>x((?u0^|`rsv~RjjT{kegX~wZfz4(z&$-TY~GB_)DcktOVdk8e*%k)-+?9oA`M;W zH2KNU5R%*^UkIT`CrcX{^{YEh6T()ww!10MxEzbST~?+BhxFj=K^OzS1S$#_SP5c+ zm=2Uj5XO1!;ufj*fBN+4i#4L6qVNzdQqT=Rna8*_r@pc>;rn@LOPmmcgm=K%gGi1l z&O?W^QkWMaI({5Y=>}V=2;ChZKOkV>e*gXg03ALNf0E6s0bDe z<_b=F@*O8w)_WhZd@HkSe5@ z%m%C;ivW#TMUlKqpx$7nS8Y+zb6}ms2wge=KrzPo!|T@(BVkFZ*|ilFUT$EYe}U#% znKe^2#;+}0?JD=AkmJr$^rqzv4GVMs07-N_0k+S7h#P{En2t2@3o=ef7Vvk3I{i~l z4h|nTth~4wC~?}&EqHz~GgAZM>`!J2J1xusV0}b!?g)gIlO8X#{E>i3XuP)MdS*s7c0*g#Kkz)P*3<4g?XHU55x= zSshCG5S|BGR#*8TH8HE}CJP3Yp_oMDiS7W9s1U_|bo8C(FtTTaKFDt6+eC0&F@`n^ zS?e+TDH+Fkg!Ve}Pr!ADB45GVs|3~uAsp10b@swDged<2To;)Ya|@dmgt!P9HLwGb zeL)VRT4I8+8W>-o$&tE2C~PN{6!sOu5(pY0E|?a}_w;e9B7Qw1JslGK-#a^NvED%a z$Q4wBu!Vg4@>LxvoR$^^AfyqO7n%rB zjBE=RH)O5a#>R6{IO0lc$3QlWU)T-lFd~zx!>YFZv?S6tT|+e+8ylc8@v1mQqV_CCfOR>`^oq?a zq1J^nfBZNZRcoHjLpNk2*am$AgC>aTMoD2F?b>Jl(@4kU3YGZe8Xm z1ITk$ig?Y}rGapV8)9K@-h?HCt^#kz(#XWb6JeVpX|+vF*{gJt zpj^3GN{spXGAGktu#%j_t&_^JX9Fj$5$ zvE8Sc58Gux-WrwxB^=4~=OK4;60~QPbp8FlXPKK4kf+K{Xh9|xin=(r-yq!r{hr#I z8gom_1KBLQ-J@|)K+y3$Ha0n_cj0SUb@k%U+#$!g;WH@m9AQz1Q$QO4(kRweR$&mh zK$bz=3{V~O9cDBA?0(lLX&ASxM@lU^K7g>EnCk%nPF#_PG30W$+};07<3zadv>hMG` z$BPh-Gb!KO>2B#|>0YHa0fUNav^Z*g&-BI&h!}KVg#wX?HLwxpq7vwih)bF}c(H z+gHldx2m5eB|%kL=Gd`(Y2M__%mu8%caB5xx1a;AyPuiaLtqCax!r=*Lfv2i<$|l+ z-KrHUwPi;TZWf37gK>{(9suhKqCi3-a4=4W$; zr!qHYwBQEj=H_xwp2O{VBzoW{ikw>8vAl;uw%>P?sB($o%xXmOJJ_afFI3G@hQrjk znMs=aa+;<|_(s#x+7=cgAc7IZetREOPdQPHfSKVns72qexU|&WjnMAi<-BqX$mBbb z$RQ3YEi3D^$VQWk;m|aQ8^2)k+X@^YkFV6Rp$m@Y3p9UIltN*y0s_Rvpp;*cS^Mb| zMBP+wi=Zq9d~qeKWp)e5BZ{ni4A`q+7bG%RB3I?@u+L|F0{o52`r*)_g~pyOf-&F0 z+fy0xzQYV>1~swESEABk?rzC3>r}ng+%4*8kNb}ks$Hgr z_~k+PGZsF+fIst3fI&yg^B|!e0<3S@4_6ElVr@->t5MoTz&HNA^dSt(heENdrb&=Y zaXC2vX{d&*YwGal40ewK0wy5pj$AJRW`yL+#KmO}t}=7*3;LBPlUbbEzrbm+4W{z6 z=XPXiQ1OB=w;%>Dj!v(-9RY3tbp4W(W%g|mMset^3Z&yOT;V4?I(YXG5oFPg%+9tE z7cW7UguBN4@ujP)t8vr2ciMnz(@+k{5?WCReik4>1;jTm7ncC!$$;6$9SbUx>=M%Z zd6XF7fb&+Jt@5=8qe}_7F&sl|vDw0$4GG(ZoP1((QnBOFL}*)&TA*qOPtxYJh@_-N zR8r(keuwoDnrKtPoAmws`6MJH7grWEMwAJN*3OwT@JH<2+-WHJAYVm=)W78c`V+WL zi10KtHT~cwFsl>Fw!w#sw1ZLu=Za0dFw#Rp?MW$gVvP_Dp!6j_-Or_i(g=XC1Dk?(!{FAbq{V|7kDPE^i5o-d?DFkouUzOkGtKI~>{J z!|vr>jtf_YKKq4-iyD9C%zVz2^^thV{JXrs45$jkWwbkYf;YUShNwV+358upS-DSr zbkzzdg*ZtCJ1YjpD@Je)i0$U+6z0%a8#wqolObcKktskUmU$Zm%hF7>kv=GdYL#q6V3WD}_9D~rlYZ9I z(n>@72gi~q0gu-c6QVoKj#8LFa;O#rF$*h*Jq4l&>QHqLWHm{}9I|#r)LpLWkcf*=H5<}au4OAF0u!mXwHO0yk_x$*ARt(u5 z=^0ub&Tde2BelQ&^5x5?PibHeBWV-UzIrtULW2n4uV7d+d@n=NIUa6qIxfw-VkFdD z41?*QY+#6(9i2YRCdH5hbc?{{H#RXT-}t4Wfe)q)I&$z&ss34;ar5h&SRWnY_b{_UO;D|<#I+{HHb9mH54 z#O37!d3Ey%f~gLFkWHOL&T`=~523kv7b~}BW#!P1puTwdGA&iU)8Z31*px0hLU|Du zz|+lbC%T_9Of8t5b9~=UxG4BUA*((f@MK&l;U_R<3CZfgDCsV`BYb?_!#68VHQ7c* zS|F&)!SjTKs9@x*u@1HmR;dopi`M8-A)&3lo}T9sVi13XJ~~lhLq*Sx7#Zi~wGoLo z$S&yk)uHKae`?}S7KQj%m?tKY!yH3=8TlN*X8U{}Jm7?&s9eD2{9}l9z)8&r3B%` zjR}*^5YvFpb0z0`Fl;bYJ~UY10#TMebAPw5RcCiMA40A@d-nLAO@~YmbZmHy8i-65 zL?baC!#XBpU(nf=MvnpEcTP@@7#jG@?qV1t<%jzS4;4l4d-i)z4*{h>Qr1_`g3uTN z9;vT3vK$6FBO?PXJiImA7xut%oo<AsgaZbBn zem^%gDJv zX^Wkl27C;>^Hy9jbe(Tszs8JNtF~6_8D|c{rdUtx&X1DHor85?EPZu=EF#Iuk<`AN z3yY1e*H3@NTrzVDOG_lA{ohfl#X&@<_56>owUc>KPKzjU^UNKyH!#*g_KD@!U-oPC zqDQjiBmA)bVjlij(`$TP3EyGd+THZbr5it~&7 z^pz8HOppxWiTcIm%qvN(p%~5Hz^Z-`kLdgR`%_ot=lS>j>znwr_*~0fSl{0or@KZ{ z=sq}d#*)ta6Tj@AXLW64L`=*)2ZxgJsw!}~DjSd)n`O`t`}FEnbZ}@l1qIq85ce%o zTA5?RaBJ|Y%2=Kfc$SD%H1~;fbY(Z|o8m}?@!ly6m1l1^j_o+A|3*|Wpy zA3xv#QK1>7?fBxfO%fGGVllI-LgXj0p&iej>4oP*LS}Owm#hMsGdb-)+Vt_6ee8ZA zKXS{{!LSyoibEC~Q~AmAXnx5tYg=3O3iR!m!~qL(d@lpI628nQsF98yIDA-(FS=|; z5%!nf@)Nwj8mlTSU%8SXRENC-)rFt|!_@p>nuKuvC1Y!59Nrxg!gzBVd!1UPzh-{n zS4(sKY!x7HH+gd2a8d3%eb>bL!-l4BiMx02KC|W3yLYy8=ZZo=M>obr!|%VK&-J56 z);2b2M0pqy2#c@Unsx~m=~Gp&+_>SwpsbW_2o3bSCdEqGUqCe8zc-7$>a2mz@4U=U zJ}fS-O2oVb9@d7BaOYd=y%&tCVT2|>Tnn>|ht0bnEi0?1r>Gz0D= z93+nB$i|rCyPBW)_mw+w^5iscA3^B8yYHBkpo1KN;jQnDjHx3V^!8BOlVkr9!RKpu zS2A|+YzrNB4<0-yCbr>AlA!+>9}Z`8{pwZn7-Wv}M~^NMGT1wY8=Ee;8a3@$rH-}} z>__)jnnglW^zMDiJ#q>C5h?v%`};X`3|oAdL;*Y-0glAXEzB%vKE4P&?p387*> zcJ$~##g3d?9}!w-5FZf8{zzb~Oi71Dy9i`mOT|{ckYR7iwT_o4_U=ufv{`ywM`cAt z&Tk$Ao1cwN6JaaLaS%gE2nlHrO%ZOeHb%x^BX%%tHzF%;fhctL2Hk=(#y^xG_iEW5 zsiS1~2$)x@WP9pV!mlMTCPBj{!}Iga2;KIwJc z*|IcZ9n9O^)|Csmtl+|12Snc!iTh0(vHp;*zd*?1cf_lTuN$T5EFLsofUHfVM;M&N z-b4Qjjf@m$+M#jHSgk&KbQw6GBGnr=-T^K^yw+Y-97i#iTlrW^Zd*O}4jM6A{JL}N z)*-?pIqNtEOOOUYM-YD;vb;)PyznE8`x+S1m_%1MJlL=4{a^}b;as(%I8*Z)caEi* zr#D;y6QJlwL7JHBRafxzX%mr)067!UthjjbtgfT|n$zjtiVFu$%EQBhd}fAqj%Upa zw0YO{>wgkv;ccJayt%{9&BY}hd&K6R}g0%OXw`LNpW zjf)Olq|#PBJD!xJ9X5>#R(4#`Yih)nFI;c%)3{#5WAC)+Vz}S$?>5|^Tw&0OqNjld z1LEGc4mOTwK!Q%%YU5inw)tVJPg|{7_0e&Kt_<;*NjA?=Hzg&dT>AbY@zpgpBX81+@Z{iG z!lpG$>|<(4d}ih^qSl;x3F}JN|I`>!$XDQd`^kd8TjukF*Om=ALQ z5^A*3aQ}B+^8aJm*#8U3$Da@P|4^Cs|JhrZTkX@dOCjOB<5p8u1!W0$T;HgjoSOOz zjv2}5rqcX&X|~?rKWGS4_wS_XtL}U~nhen2ZftQbs@UYp)2H)P!WiXt@xju*a&Iwm z9Hxm&_*sp?6_TmLxF^>H-Tc%qq)_9#U8DTIDc7pkz&fGLTAl0km&EZc#m9J30TxuG z{&|e2Jv10eW4^ZZ)K@&;6^K-vWOnAsOUtZwo2*#z;Vh)CH?y&E5aMf>_`g!*3{3*}=5@{z_^B%XHSFX$?T(E!WbhFY4 zLh^QF6&3JS_%u~=4`WPtL&Bzsu?Le8pp<(If|b!#fx%GwJ>=!V^Yy6toipanR5JYJU>ziWH;>cwQ^6ObbbUy8ArMTgwvqZnLV zSABGTO8Y*24j?BE8auX$Rb6JV58DkX^Nu}x4B+D6!c2FkK9~@$RK=}bJayfhl3q}| z(5L>VM*TTLLZ_o!Qjl8?zOKNjvi-)hXZ9*#Uf$kAyg&0+$e)J}9V%!75}T@qcXW`v z_O>2_2t3wWT$$_$CE7x>8l)iApWEknz`G+w@D1VBaY?cp0GklIBnu93Xon~GAn;|9 zt5hG-b1id+EQ2*>%@4ria&s^(0!pyQuz9N8cZ#7qB0`VHPaIFOOErnRP)c%$14SN8 z_*oqG0khBlLa|E%d(hV)mwzI}kdfBb)iKKE#f9a2eOH})u*~$ja@aJMIoO2}*F@#8 z>?~(fl_miB)LlL0`}WP^WU`E0ZX>EAb#ac0*H>X-VSc_7e*wVBdaWlF1#sWcV-E6j z%#O646F&}nS0Rk)ikvWTIxt}6!&6IEts3@m7*ypL$<>H~+=~NLOihbLDTOZ#)y8*t z$dj(G&m?0-QU*^Nj*wCrx=xR9L1R-}2Zt;sQmTlfM~ER=kh%CkNby$iah81XE86(v zypyCn+2e9Vve>5?UrV)~OeP8APTbf~TScz?^Zos8!E}GOUXmcZmIRNKr$_hh8R_X=N`d<5;kT>TH2UVCwYg>{ z7(AnSc2Ljg+uPp(WPsKwQBhA*NP^jFtj}Qi_wU|m&d<0&xJZyYRG@t9`0>MI*X^+L zhLB{zKE8i1A4aBizmi`DL*Kr2>w8_@a7LWR^QYs+jS~mT11qO`c{PA$owKRQz(gDq z3~djrEs=fBspX+h-Q7Fk?AdHq5nKi;ynXFj0(5{`yAvfnqYsf|wZb_bu^k)Yzv0cjw;d)DiaYK+U6@H&2yhOZ^E8cV&la z`0VaALT%u{$$q!k<*e9=Q!T~E5)uYE){CNu?vfd-3nY{s+!vU-lafI*(b=-x{^h@3 zfE7F2mx&{@*~1>_0$?7d*}5=BkTGE@6`QV9vCZtx?z{80YgoaBsb7_P9&es&ZoY8& z@}jr($kV|t>@Rc`q;v9}VZ&zTtW{aGv@esKdXM#R;a$;xpL06@QbrNpz^XZ9ZX@*d zZ{4^Ns@=u^gB?#>L*3LWCBb#}lGl%QiWB4*qLp)I(t-v3<-7IhQ9SBKQBl}gXHQ=m zO7bXHb6F5U$dPhs(gG}<9Taou(6HPNLBpF%dKv_6KTA$CQjKhaWmgstHR4v}lgULJ zMFxL=l7+$3L4fl6t?PFbSAX>yFSl(iFO2t-e_y+{9(%KeqwVGi7XANDjNPP`Sa3O8 zQEN?K#-PD%(nXco*>?^qAI-aYa|L-Qhlf2Z&d4q7a=DzAGrCDwPL>_-J2a7G;H!QT z&l$!-d+gY;6DAz`SE24!Ghpsw(X5xe=o){Aex`?*_JB0NkwDbzj2|70yWr2f8vgrE zNr~^zFa6|Uv5Sj}rdL_$+HF=QCoX(Nj*`pz1OH#7|8vw>1>ndh^`aZ1$jy=sHJUbZ zWxdGtcU!SyhB3H8Mox|@A5i^TW8=0Vh4=5@C&YD>pNR(_{T4l$tmtcxG5eZai+TqC z5y%|o&#!hp{^ctTfk!=0vr|Vd6q-L(!>ZcxwM+a!Dsa-EAam6M<>N*;i4A;EId2M<; zi|X~!+6ij8T%*4e`#a<2WvhPX8GQOQo?oPS)a?1MZQt}CvTHjryZQV1zxQR#%q2^b zL|ftOR@#{zsda^Sc|-r50|$JXzAe|#IL%!LT2jAYm+P0kcdvNRaOg3zLGwuyJC&K< zYLGQLIy#1i{v3*u@=+b5rw6@j)lY(Iv()U)hj@PXZm3<&moMi|9SZuO{l|dq#BP9^ zLYHa*7od&M=*N@w#Lql4T4w;=&ADle75nwu$h{2UVp2j44$FieECylc6315?!fwo% zC&X%+29bIa00|&CMK%)=0BElrDZseTqf^P?xYG!i{F8NLrZwm2V@ zFTxgKduH;>OH2$jG*+^q7A22XSHJQ2vDoB1*89<00w`J@^Nuepz14f!vbXF6yh0}( z4rr~@drjO~37ldF6G5T77vKYF_d{$6Mgt-)C2ATPA3TZ-`Eg=H=qT7Guo^?&c9AC& z9ugK*HH`65RTAw~7cZ_eGu!p`-Hngrp=5xwpyovT$%1 z4}Rw3k#t{w{P;089lG-XD}X=}n>q0xFw|J29|;%bTFve|>%V>lE)PEKjqAiVXC@E( zpF;yrPUV)P1OtVwm9v}LPX;}Lkqtz2(9jhJ^}qI{+9@b*OU~6=8ZBAtGiKblD9tIu z(;ZerxsUEExAxUY6PB?0nNF%^MfyJhW8PM?pv2n6hj;AS)t7{VoL?M)M!XO^QW56;+@rSZGE|cFmXwJh=$RG1^|vtat7qET&zRA1*7tkj$}-Bf-Lp9nt8pB;ZWC%Z z&mGG0JCFO1U+dz_;&aQ+jD=}p58$5$A99%dU?1i?IPB>^fz`9L>$CJpX=#}E4YM6r zp>X|4KQ3_`*@#@ptxWnL0Uvrfl3v67Px4q^_9gie8iwEZ3EH;JrfSx|%I3s%@q1FU zga3>h>#m9Vr-aV{$J_cia|{5h8>JwQql{I=*}LNW!>`q*jj0Nn!-lbA4(Kgc=-2Po zgKNa08RE?GuAt+^y>AS4BxymaH;#yoPA4Bb^?dr@a72~e$hn?_r&ezX2=M2vh=e>Z z2(G4v2Bwsm$L&r^a&vXXfVk?=!Gp|2826+JpxeG}Tc`_i0#^PP?WB0fK1DMX6%~Ck zn*oWI^xtvqB}^oo(b~}m*=Zn@em0~3{f5o!-RE7j@CM~K*`}1?k8l8NQPu`RNpZ%!abVmJ|b}wQ~1K%=2EU^@Qz@OoEI8ARL{ynHQ znmn0{Qatip?&5BP4}-TKC;|r()SkV2<28Zm`2s>W^MSO2Nff6nlZzW4J9}27x7xRF z58H-Mj^c?fVF3YGIOtGd*e4*Yyooa5bskjiV2dQ~mrRB_;G=Z!(F0WA#-Fk~Q}+3` zw3dylpQxVJvN`ri&k>%Bx2vz5GG)k|clS=&UpO)M=}v3KFnyH-#f0Z)!PG;myQ|m@ zEk8LoKH^a5DxKn*koufE<7&o-6m4`{|NGD#Mbs>tOwawK??@-kQUqE&Wp~ z#cVxN4~(;rBiav8de6p)&`@bP zx!WZr6ke|N^jxaD9}tEZmU!-*_1w80Yu7GLw)Hh=B_QI@mweBN#oLb_br)(`IgaC{ zOCyaE1CLlFf>uPUBDdm1-8+ZIJ-&TgPPqH*i>$Vj{ zoee~Fda*JrX+D<;&z+D3&(V^0PZ02D!y)b2zJ0S&P?K0;h8Co(re@7hMAVOS=d^q~ zkldY0O2UFHDVQhDB~PN#U6^QP^$;Oy+}N>F1Em7;Yq_tf8>^}5VYV#UmcLAP(9XmSiTLlf^I?{(bm`0HZ%-k`nTwQVIi4~YPZ|dskNJ~qL zvzQhZ$x1B-RzuzTe*e&onzAJ~5p_nw>Q}i_L@eUYg9mq2qb1~IWi_*{ik!a^)M3bD z_U}(j5{AZW(fkh6zks8W#m(k;?bp}S69-Ct`h^|{k!QRr70X1yxizcqQG5J-G0E{BJltG`SZaEr_Y{UqPt(TIa6el znmVH7JVG1pRp}QmKYo(?_u z2JgCs%OAFn3xG8>oi>fJjj!2xL^-cS?l10kvAVr_O+Y{Z_CK^q>CfSz^8Eh|+?AF3 zKUS`)tm*XU>0k zXNkSC>yE%5T`P7$H!ydNc8#60XL(84?NJV#=>ZlJ%Y*9c*^FcHzLR)|hl)RfP{s{0 zb7rSEA!=dM;7~{wgN`I944vCY&*j31wM>Cz8ErcQ2h@;^(K z40`jZu(MO(-}ADiCL=z+ps46QN|S$5Rfj)kq(W|u&w!Q=9CX&bn^22hMC1fm&z?N#$LP&#*V>(Ki5Oyu zrYs0pt+`JDY?JZmaLV@n zM=Sff5j(m05)%{0_YWy@=GyS^^pp^|IK%*Zc!Fu1IfPFnLrZLjWXgiRbz zramrQC>VB(kBdv@6tLs8qE@b00h4M!`bsmSkgKlVsi;sIYXCWe1<&8Vbz;W6T)zni zZXLHsBm`lhm3%*=7DzVx#Qpbth1yq`GU{|6KYYl4pb{@i5B6#Y@7 zWV(;Tw2MD|Xygo)Fh1M5)|QRB`#;gYVbLNZl`sSJDBvkK1ka9mX+{_W*j6yEgw-9opHWB*&0!7rg8wsP$f1H*e0EJb5x1CX*LP;L)8!@4QXB zbcxSkWn;rWZ|1CFt9r# zQJlU0)%8xk%S9i^g9mMeyDoY&XWjyeUATC0()G044CX8P#^TTLBmHJ03Cg@C z3_LHsD-oz`c!)CRbYzLQHw@$$L0M1l8vseiVGz1I9@6ymo^DZKWU(?h zG*r2#@(+OC!4rxfJpw9ThB6_izOHhK+nRk67qT3+7iYeFj~;i5 ziZ+*Od7a)F3EP*t@s}r~$T|k`$9oCw9d5SXx+x);pe93cQF_F)pF^(w8n=P&~V=bl`k0T%1RmAjXp?#WoIb>-kyj)b@f7{=~ZPloV%V?CCp3MO)jE zTpZ>8Q%$Ec13Mq@J4yP0%lh?cIDhw>b?@30+$HG^6yPdAmOvYGgqhkGtTbr&-m=G! zx23HM{9a%(-Kc}81a$8%CA|Cap{Y8`5x3!%%h?n}_wU+O^7(?m$vvGm$182KaWyh3 z5Df@^&C-jXJbm`;y+_l;c}B|A;l7ORD2BWrpb%t?(R@R$!%=QDx9-t@zu9URm(j#u zjA7vOH}BpxR2TQ)ppq9Xb#`VFV?$FDHlaBtCivdtPo0`U&0}#ju9Z27b2)=_*>`o- zj3{u{?IbIUO5OD97hv-8n(CYQJMbnNZukbEvztHvHxG?i<}tRPV@{|S$1-ql$A)qG z%pO0#K(qVlgoJhnR7dISPYQ{K1`d@{?AGl-OiblEuJRI3L>;tw5)J}&Uf#qw`^tie z#8S-!bguaLmrw*eCoVN;su2PYq`iBcT-oCA_#*{YG z%8D>>Au(}?wsz;!iVIG~#PpU5a9Xh<28%7X8Tag@ZSvOv%&<;z&s^wu0m24aBP9W6 z_UzapA>@5UP(ccejfi;g;)Ma0IHUQ=Pd?$>hSAzRBO&ARF zDJVx==JTFACnro)2^+b(TzXwQq}kJG{0uBT^&otZDG`xymT>IY1$rL9+!N}PZO@Q~ zQS64bltl+z1{=kp3JulNG=sJoInsK;f)=(Y`#a0OH3t_{&XhI+c^DV!85Ewn8O0m#RVsKb%>E&8p&iQ3NekB7?6NC1c4agpx;O zLQ1gkRo}fy5BOuABrFs6relUj2bqPh-A4o3m>kR0qfLho_s`KAZ8<1x+KU%2IIR54 z9op@FH;!hz?s-8qmgGrWcF*M6qtC(J!J=#^h<|C{*QW0)y#`R^?B=G_uiwm*?WtHF zkolmzoB@E`Av4X)`WyHLSC2r=;%iF^|g7uCP%l+#b{g%tG+?$D%o=2Z51^Qj1BUC+&EX{cN5 z=V#!gw3&gYr_Z0)p`K$#0+dI|;R)mP^}Fp=vUc=X0)Irn6no(?Xm-@7w5FyFVuB13 z`0<0IInUmnB9ep?CoI(?8XCOvAB%!mb#+2~JX;dd?myhUSW%&>+E&|Y`t%~sFF-cG zdJUHwkH2m8)sKxJH5HQ#9=n9Vgfx`4frAE#G&F&om{o9mnu}rGEn6d_ctVn{uELKa z7->*u=9wo4Xin`?pcWGm;qgaM9?ctEy=v^LB#c)w^pow>iBw14>}p83k=mRakK`Z8 z^cmD)kT3g*I}utzU0d4_bF1dGE{@}xyO`J>c~@A~t@u?PM*KDcoT4DSGwp|;kmEct z<3Ay){hts8c#N8L;!5uHx{2+LX>P|2<}mkRc{wokEST@ek;?b)JEYE0SLDAzX&`${ zrQ9y?sBhjZ^__t_XKPyq6Ty(_MGF_wA0&UF4q7#tE8#9_jUYHRg0d7MX1at$b#YFq z-QLwb?Wo(Ez~Oe#_DBHG?+EtP#^<3@^y%H(c>HR555es4VCV#eMUU%@#0Z?fB~ubY@d-O zd3nm}>e7Dnz~Q!GaGW({q1rgQ>(>z&%->)k zFGze!PB~S8cc#0^Q)(I<9ApJH&oON@y8DbaN_dxTg%{ z8oaki=X~&$s>+q8jvrTxw|DZJuxoS1`7U_0zt`8B&YXGeptVuuX9csQ)2A(MYzp7T z;`GKS$inher4tlpD9Y=Ppa@YO*4iHHEx3~n)=O5(X`JGsBO`V2g(JLg+9Z_PA9#Lw zZF|psB_(DcjO*7;e3dpo#&HS8WVVL8sR3G8>5nd*_nTQ;STG+3E`HXG8L%Ji1p;-) zk(80l>N(0-dRPCTmS8rmFcHCx3DMFCO(5itA3q+Aj~7oJj?dTX`5${7@2qz(->pi{ zg%hB?`X! zTV?m|)2CfPoULZ}AKF?5qBeXmLw)E_jHfGIT)zGIQLz24sAc5(8{#)Fy+2-3GJriw z#w#fh+yey4t8Bd#sVci+mp zBkWI`KD{cT;7e~qzbsNC*?K44{dkzeqM~x$t0dw|kba&ZjX<`vOY4R3?(62JU6uQe zXGosK$>0YT@I}TtjUc1#B=z;P#~zYfe1x#oEw72U^g{>WFLPEjyUSF>6XVY}_jJ&* zaW`q(=h)r87@hL_1uF+;Y?0a4j<@crX11woF?tNZm{Zv`gJE)hNc(C-BX3r@A2#$i z@Na>?Vpw zr5DrEVzHD_yzKfp&_aLY$VFixBnL*O9__EdgpTPu3pN8TXzNxfhkv%ZZ3{S-oXi*o7vjyJv=7*^h6T{ z)jw8Fwbg9yqLyK!;5V-4HE>_Mwr!PTdq_ZFv^Wm0tofcR0V@jb^}nPToIBQan-c>2j~+62F5}n?%^Qt$MWbu$^;gT8-go+RfJOkU;lw!eBR|{UVb8$w$q3k+ z5p^hhc=+%k%MK^Cb@t;256+xC+2w2~w-|L5c|!;*gT`OnQRG~p^oZYhL70e~kzlS) z1D#DR@?=vauMz_6JW#QnWXJO}suEt-H`Z2;7xHK^fo1i`Tyd>e4z5x_WhYcD%^dpB~wLzx#W+>Khm z;pp&O!f|szfaE2!_Xmb`T=A7qMiR+c6$HR1JJBGvwYhOE3(YSJn=W3|KX3~K0rzpf zi_!e5m2C#Uru$VJF|*^|SfmjbNEeB-NlBEavw-BQI2R#x0#2P;AyT(3`9f5T+_zy1 zVu?^Zf4~;e11uY;C6%8ctJvI5IG>!HoRaeO`}b?{wL0@VKw}N`N)PNJ^5ps}A~;e4 z4*u>PXWPncWmBF$eVSwV#)ZikOPJ)y#^A~kgcn-*2Z>hl9fz!Qci$AZpiDE${8Uy} z7BtO>p0d4ni|u9`Jmep?7u+v9aQSr%(xsipyLazcDqKjbR;^OlZd@i8v|8zgl(m%= zQ+y53i$Kr9Cgc#%kna8xXI*lmWLNhqLxx5&6mkKVUwlZdR~A@~Oh-a^=doehv|!M= zNIgD#_>eSU%8C0Vw{ScXLiCum$Af~VKt=FFiwrpYytJp0T>>rMfB3*%+5{$H=gpix zeRG?YD&NLOx5pg1$-l-esA5)F?XWH*r^x@Xq{uxI@qWkl?Qm;kB~&Dl7nU@PVjTiB zmjU}~_tBH4K&^?)q9KEtfA~@<-Kl|H_Jo(69(-Y4!-h7S=Y*RVfSL^1akF^}Sak z;!dqtSJ8AQ?1$=c*|nS3zK!fM{HRj2spr?6OAitV;cD%MbM&GWQHm&fLpz zx>5M>is`Pq#!TP!qV?P{jjEnW312ejRvCtbS}NQh@nzVwUo{=Ij;fzpcTK5V?4rW+ zc9Y{rZ0PUs*}Lc9w>=(r&xx$~x?A5MxZ(iMZ1iHK@$h<-;86TRS6l)r(1-(#>5=?F zyelw~;vV!EC7m!0Z<~+LRAXa^LY{01A;-a?8A+a02vejODw2|xr9KI)mMJ>F?xS^j zSnWh3nEO1msuwSE($adI+p1jR3BQco>zMAo*(eT0j+cDVHu7CrA>z@Osb9u4K7qWl*-tag~6f-&Ig z!#@l@1Q?C(v?n+in~i$&(zv4(o&*ed*$G|_a>)f*k2+Eq8t`P0)R7s&cXJen1 z^1_d&5R%l?-tg^&O<=$Dncd>%#^)Djp)^dHat%@!oxaZ-y9|#ZOe_Ux&K@#=Gl-ZK z!xbA+NMHIE;3~N;Hz^vJ_xKkC8nE_`T#aGFZsq5<**aSOlKQ(&`FVQ1m~-{!jfvV` z($!yNgz)vIrrf2#@ad}eph9V#eAz+klK+UfbG7H6xMKSUncaWyG4cT8wDinvyF?X# z|N3r|z>pOa z6GI^4hoXn`&5&)Vg*33iC8s!ahnX4~WGYlXT;g5JeFqPcB(OTE(=^>JCE+DP1uYNq z#gK~@r>&8Z#CUsAp5n7`l3;Tvq+-vL{BbYZ8b`ZGCy>4c@7VDHshGapQ@wZGtzURJ z{_NR)-MURlu;|=xY+y}lpxfs2L*(xHy`U4uoH=#$2$?(dA`SIgTdP|aZtHO19bPRi z^g7m~&MS-UnIF|KlQ2_zRCTFBhgJQYvd@cAiSNhdmv_mdwsKN_KtOVp25>!%}8i@I(ll`KY*f5D5=~OU%2@B+>o~{oX2bbh%$V2apd{b)tfdyUrL0>-}ag z^Lf`a$;Q)s+L(S)<5w5<+Pt=K(6QG)3)A}jqjG=0uFvgDQ$HzhpMLk-^>u?|7nO|( zOL#q2`*UlKuCnpK3!TOY3t|1Z9XId&VHm_leoO7Pjm?PtB`{r>z~j2L4K|dK3ZRF~ zO`bsN6W4zI4)Nf8e127Y-!As5iiimGS@=753!)*-en5{6S1ek+@S8vl=-$<8$n6L3 z!g-K2XjQ6^%N-aPnQ;F-5r}o5u&r$C2E~p`AiR(fYUl1XoOgFpXn1%E=)^HIvj0n^ z4m+<=_mYn7A$FMbpXi<|QToe`-ahi@EahL1GxnKt;deQvcYNJ`VGQZd_6HX-kw95$mo^m_3xm`{4=zmmX$7~LDwtcy^ zd%xlBn;fepg&dPFFMlSt5p?^P9_*~0c}___HY515`?IJ+)+I|;Uy$!QZPB-uuSS0U zN}kUnJ*Tg@ILc~q+n@KJ?TMDmx}^4~&g{qi*u*O);Vv%^*%(ce9a1;kQV^Q0UK|?U z`ZQ`@xmWL`j~YoW0qM8q`MGtz?>WNGI$5Jpv2sn*3?)-Hnf8z6HXDqb*zC=0;bHJz z1igm5-G*BM7B$b(LJD8aQI8-w8W`K-4Nk9z)`71PNp>-Oo^y2E$%rmkICAt_8VTdsSkPQPk&P=Xql z{`YkQ*a*5aca1fRt>5Fdr0dI&xa{nHt5aH*h3(y2zw&LM^wk=%3=q}0xp4eP@^=4{ zfR>o%DNTOs*N^htQdKi)>eTk-`mHu~Q!ibq34V98WB<25(|~tB?sRWc7gb4QL_}#! zO#peI0nDyU%gCOl5WZ;fiO?n8uAL|gKlb{aWslCUf2a&kxa??OsXuODfA?S0g>O;L zr6;r`gwUp6!u#AGkJD086rO$vdiGRWIC7)&=4Efqr_NF>-S3{DT0UT_am$@vPUXjY zFPI;BSAWXP_My{KGG~QeRc*-f|NNx1wXU16=~u#G&C}Cf)=&4v0wG!6+V}3{MKkI% zb1-aW_7U#3CLetK$n5xb%ZRN%Z1%MgZj`iHKWM7>k^h{kzmIfCvvpcjbdjcK%lz~{ z6JpK6I-99#$POqes&N@O{8$^oS7Ew=PTa7vu!<)p4|^9k*7klO)6}{$)t-VJFh;9Q zhqJr0m(1>&+RuB{ZeIh(6%P$&eg4%FuIcC4*=l;fVAH!EvaNgf-w(-sGt&2UeR{uT z+3ze}8?#$q%!>Z$xXiS!(O2Qnr10=p>o2r?{I$nA<(Q^$q;+1`5Y?(28>3Ct&NLS~I%te|bNUA@7zNYl_VV&i~)=ZV6hX(ihY#D8} zcU4AWJKg zUb=l*?Kj>wUx#cx)OGRgj6Kl{{cOf930BJuxz+g1L|GDPMUHo+_-l`T(DsZUE zzdikp!kFzni_15}ma8>?n7vJPz>xLImxnobN}ArF?s7eArmEewbJ3FiI~KOO<;T7b z{9W#5r{swZG9737 z7JNILnfrKo-G6_S;MVQZ<=l7GCbi-|(&+eYXjqL0$Cntv$zS`Jha~FSoYy&ANungWg|Mlw4yBp4~*2W11 znj}w(Gtb#MF*sM5YX{tgedm9^^h>v^yfo^3Sj(;T^3ruS0e9X?3U^hk|K}QX@z>6| zv+u`^x8FNUWjp-$pG>_w{eSzm!T!qs+nY#iZfL)ye8GP&%HLmW7<}Z^sSVtn_%f_c zTZ?rFXoqA5{+G<#%Bn7)?s(BjUWJDoDNZZ(0MqVW^HBq+4=V5JcwM|yIV z)($*0tFxRO4ar204Xp0M_?(;;VjQjLustnBy;l#}z55mx-}52l$+$6~`7k0Rl)7vg zvs^C*7Y3O-BOOkk*4S?*C7icCgD0-se*}Kte0%8xvHu;(7#ax34`D6_nAs5qbl znD$uVTH8rYRn>uu4@4B*|{^UfiFN$EWs^LuoY&ZP+g+eU|J!MV!lNSFG zu4U(`*vtRO7lA_c>g1MB*%(qAUj1|uq*m*hFesuNm&ZLp$u#|BA3tu5HI)>aYp-;! zUANQanINFHz~#cbqU8Aa_(Z2uPtM;dGeBT&BS?4Xkl))L2a|=xJ>_dm6UStj7ds*T z*fGUkz4r6`BO)k2vW|9Hz4|c!6%(_eq1K5G6w&GUWGEZMru(d@sKasTr-RN+95C?B zr%$dcR*ZF7)#;`blW%Y0pFc1KGJg?{)T7fuNBT7tEbEuXpf;ShPZti)#jI zg9cF;-S(36nJOpQoW7H4XDU{lr8!NznT2TMu@iixlF+5)>XG}!<^#5y;pDQ;{#u${ ztH3aX*O;35N-zf);nke7l>@I#$eCCgaz(@1(J?nY-HSZuFXQ4%n;vNGDZyf1FMZW8 zykbN6zyXG~_S72njrD7Nk)820qvn_981FGdBOg5|8y#Jus!&v3u&AuoiKGD8Rkp+S zsdgd9qi45KwOD<7v5tQ*JAm#psDGwvoD5TRHYEp|x!Kthc3zv8 z?ml3@8PNDJbRiECMG##u3oWzY=F5Z+@7_tv$gEwz9$}ll^kYa?;-~B+opow~?}xF= z`^Zru`4Ssw(Vo=6puZZl9#j$1`xIkiy2Bt0Z@;z((uXcMWM*hY^kre=E|h>}pJIZj znMu;+3*pCi;mHqr5E&|VyA~@kq+yzQIieO#&$@X&#-&F<;^d-rPts$r|LM3pX=xT3460 zAd3&JcXZQOxD_&)I((TIDYPW;`iFJ^h`Z#ZRn=nO(dEmBj9>6$ zRQ&PdTeGWM#ZEq)eW=3``_1H6^%2C{MYK%370Z{u=PUE~N?k4hfN5+0QcQK0-7%mJ z7*>~-=*i*8tzI}3Ce66_@L{{b7ts0?&3=CUDmq1|5V*ZihfXqRioZ~6sJkXQl0~^a zyL9W?wLv;McgxFtNrllic?`O`_pV=88#ZkBU9Aqik_p25A|hlLEY5u-)$(HD*UraN zgiUNG>U{^RsJvuL=`5iP12Ku{jzB3X&{ox4T~WxxxX@vKx7<0mYYG;=*aBw}6Y~`I zVNBoKIXHMemB}kA8oL<6Ezz%U9Ho=+?fGjkU_t&uuBSU_#R-4q=N&cHbRu$BWRp)^ zx9&UqMCE66H_C}fHF{i_tAabmesIQuKn1C`Z83~sy_jiX@%2Qk-zhXEWW+`|#tOWX z_wGp;zTD;`l5%oMW&PXWqQ=pIj^06k*WdFSU2*O6chi504t!k$Wf8*+ilhAvyoCGq zG4?sXQjfRPPPSYAUimpr6;u1EzvetTdg+n1)ZR%)e?L}wMQ(5X$ht$_sGQ8u;EFzD z4-t&y1TS2oP$b^oW16j~)H@U%jR)*>T%1UDz_*`1dD2`x0)2_CxvTG(d$(@!(Zlb& zr4yhb{SJ$q;X)j(tQabY!?<_v9kbgAqsNUC+sHXM^lj0l!qdvq65j^RF;=Z!&3FNn z9y&VZM`^3RsJgO^HYC`8MeYEn+ITv_!*{`-pSNK5!;R*0QUqn%5zk1#>YZ`sObI3y ztT;No3;3<#Vi^HhJ@mkVahNi2TCH2Z{>o@MsQ}{i;A6uPcG1AmaG#cyQeu(vt z0@b(?7Jj&#GS^8y+}`-Kz+TpXdN_u$^W zc`44*F>$k^$nLA1oa$&OHF_M~R7ZN$%74IGC=PiE$fv7)vUDQNTDEoS^XB#IV~L4& znAHj5pgIog25)bqBnn#b0mC(WWugq?%ZZ#ZXm1fWFt?k^-Xd@do;Ov6L$m1YN zuBDpF%Dh)~gy%J!WVFLot3GovBfWDI4P!pjt)-TUbH|Li43lZQ$9yr8F=axV{n~T~ zcYUbyj|-DL!sbsiqHYM`EsIu=U$-+5pFUSwytA1oMEd@b!te%Zv5(k#Fk zd_UXnufd8>A|Z$+3>q3T8_f`0u5hPfpW~n)%?kql!|7Us2aChMxG#10AEY4-wHK2b zbM5SeJY4UHOPA@(%mc%$!=D3{X!XLj#6E!5Pk05Sp*Qm{e>+0m{nI!vo^eq`sF^c| z4ICI?6o-HUY1z=&nC;uBAX*TKtvp%U6zT!`!pD)>?B5To$?cKxJJ*}}=1 zR|nK{?B!o@QG7yfeoVq5CyXDjiV6?)^y`C{Dd@uMeqJpv_<> zgAp@#J$n4u#>%e4kz+y1>Q7#oymh5L#w+o2PdC%$f2B4+0yd z0VTW%RT1#ufqJZZ`Q5w9(Vc`Y{rjV(7jdR;78PBlJ>&E6n3#@2-abD;0C|uTtZi-C zD7OuA7mxocA&&=041vWk$R)!e!D63aMRQlV^=HTvCzH#PDmNyDwbEqwjD=SsRvW+( zIb&*SDtMAV4?5n|h4!i7XT6RMDepbT%9?I|p=H}bWE?y*hDxl9Xm6wMWYONp)AJHt zVCe-wjzc`8l*bc$2F(vJHebo>Wi;OjK~f7P25X@0-A-|HL2dYpMAtR(4M<40KwM_{ z|EpxTnH&ZA+rO*vz>5U{!(_1WM(6;LWHvb-@+wOdr*xBY23~>XSL|5L(Sv6782g*e ziSv`q&1pd1Gc%K|;IzU0+tMwNgQD~HctpfpY)-r-mlB02fAnS@U0tx&E6%9>ym=go zuKoMxfKKsx;I$k*a7pSDRCG##knP!@wr7LB-)ZgNF`*Zt!-7Xm`3j7xjk!jn;4cEZ6IOTw@n4 z7V^)hyIuNBJvN}7_OYhZr!$Wb4BSS*Ra9w-1GJq_->Z3f3)xF$5(~z2uk=VU`Ut=@tXM39*vS2651|1ixx$fyzS)kIlPoF-$WVZrTk-^^_Tj}Z=_V{)! z0&cMwUOqm9Y20<<#C?|w+{u(G@Sv)mRaLG!0;i4SjvZdRAQRu=MQUe8ut zDmM8a@;3l-I9NVaRZT*)0AS!BCi0p2*={V2e12iMCDJWHJ1Xk2c*U()f#p8exAET7 zr&vW+;-RXkiH(Vw5ob>AscO2dg^9^hLLI+H?FADI-%_&+TIUDNxz^%uGu+jv0S;R0 zDFwzWtq{>Q=`H$<{J?&nT%e*&&CCJ^%;7);c*}r?Hx+OwNh3!h7s@U)L~QFQkSXVV zkm;ezjGWME$3QoLMan3Q|Ft^KC_5{ic;*c5qJ4`-dP-NC}$)dVfoxgZRe6%1M7%n3kqyt<_1J7wYsh-8U?I?}k3-R>hUN{Lt7} zk-c&1R2!RvT3VB$Lc=1Ff`)0TpE-TDod7nf>$;0uY?`VCLiwZxIpz~vTzQ(kdaad_ zS+bhUl`2y;1Ac$4 z7B*cojdC`;dCs?Wfz52OvQR6mVw=M z?AVOtWck>8K%lp8M=iVEmz)mWQw@WOF1;%&H|%4>pd!FH6w~%0;E1cy&aA+^Opo?W z8hyT87!)l+cn&Ce6+It@>*xgU+J#pc9CJ3fa8-HwoJo_MIP`ci$@~a7R2002HTm@E z>Q{V|V#_$3+T^_a6C9-T8{o@#pjdq4w|DZQ8xt&!PE8LN$PjvL3>i9f%i3X+V5&%B zgPOVCJZma)>FLo;Y;AplZkvCzXUwR{-;Ie3Bo?s_yd)`pwHmaKOLqV^TuyaH#@IJ33JFiD_JlwF6t&A>=O-TFjYj5BepMY_&`12NgsdSZFqB-n^J? z+u93xB_*H80(4R;i4n}VtE0hC?_7<+_GNVq#zw|eR6>%*K>?z(`B{dO6r>`1X}(rj=ueLa`lR3z;1 zY8``Aw6tc~>gMR(0M$)bRq%D>X*I;GaB<07{r%RZjeuO97cH^K2Y4_@!t5wXA=+#y zjr9EebB{RYG2Kr~>s)50kFwPt6K7)LW}mVSFdS9bpuc=sU~jMS0I$#Z{@?U>`?%%t|6vB@mKGbe(yI}7$RX`e9 zcYePk07e&|;B97V(Q}RPU(i|@Hj)gDFkJfH z1KMY_o=(rd_M~!p=;og{{^TiUxvO<{Q0R(Bf%JPLQA2s%A6ofp#UaB7pC3XVnL8Rf ztR3CFJ0UKv6c~T+Ui{J1)L?v9*EoGDMV#?@|M=|8$cS>D!|LYIe8pYcdTq?kUfij0 zR_vHpo->G zdGcw2jOosX^p8BQ%?Zk?FLr;dBO=b6k%b@YF*oBZz2V;Bzh0Y~?#$SF{mhfpa0R!5 z={MAW&v_EkAL-?Febdg$ni^QB;ke32|I+;o`+^&+O+-pPoqJc5ZIP z?b~8w0wCz!+2dpgBkSZ~?8evdS4bP+Z+{q?Ff8+m@tLHXAo)FU$+(lKf*d zjgMFPWXKPSms4oq6+M8Are-RhZ82*O>|2gWCf~C`LJ&&=;C|o* zVATc>W=M$Ps8Q{~^$q530mHQBm7{~WD8eva|;4@hcT}eWe zYI}w__bTDupFq8B#Po)ALLf;j+l4Sm7D3NoK!VKWZ168zpC8ITUshIvry+=94<3{i zV0H73CzXA;LH{ZYx&$uPg4&p}z`vDpLDrTMLb}7bBX<->PK$frWxMf~aa|^H!yi9( ztgTHx(UQhwQ{iK^`gS*luq`Q(oux@nVoNJ4DjBA}`>~?u|l3kl*f;IHaFCX5Gi3*7qz{-OoxGv=T9tr?0&xq z>H5{MZiDlq_(rkPR{Ez!DDd{!5B5Nvo zViXl!05{WXKf8xA!ILSnOxI-af~;0z_j`izf9$Cr3H$XdQ>ry zG#zILG0DK`C5W~%eesedLH(v|nObYNMLXDhs8$qzdGykfXzGe+tW4Et$NuBDJRV`D zEmc!C-8j|t#b{=CfOLCmo2Z0Aa8QMab4N1wcU_@U zdppYf)>j&K1cC?7j5u%KDaG@zFO?MeuP;?~Z;{BZ4`ZHQ8txs!*WLcOU%pU8tK-30 z>tI;E^Gjr4g`7z;7b#b;iNPODt~vK*h(S^EsZ$-FefCS=xAb9d;q&WTx1PE=RLBD& z^y$;v!($y);OZNHH)l2TC+yF{F(I6oNUN5WQxuxNUw>QQ;G2V$W%QxLhrXX=Y2fkb zgY9-zI{*GV7^c`lNkMwd5S{e#T0hR_N0%lo$Z0mW5?O?(B};(D8wQ%>xz=dBcLq2WQ2;h*ZD|Y-=S&8u! zVyc5Mk-C|3v2;BXA+gALPoGh82J?~apUrkwhPNFK6EZZiqd=LllfW@b>6&FM~(<@v$u$-f>%L{ z(Db@z#L|_oXKvI=(rH1+n!jZXt1(p3A_H;=bO*QVDshk^!=)uXz2=rfSH;bsr@c5H zN^S2DHMNmIm6BVVC)sWkgl$(aKb|mGXHkh|(@afiMbK~fqPF|Z)Lge2rFC|eL@|pE z3#%g=p(j=wfxAYRatPi1nnQ*xcXHaiB%seMe61v!6a1QOjg{y=5442OZ6n-${|#@x zm#RjDzfR=mckgiB@c3}jy8j#wX~kcGKNX8EdGp#pbGdB+hO^fyODE8!YOaHW*zBJx zgC4$}B_A2T^VaDsIvoWHGFOsZ=#*P@DM%AX8-Q1+2hYE*T;SIct>e<#x3kzUy?0-t z6$1S^pbh_NJ$~tuXJ~bE!>f>5#0JFzH7NgpQmH`qh^q@G#GSqJSVnqRc%TB!?>ar2 zYj5v^6w`20OS;N^wpdfP(J~o1fYy5d%V67b*F~E)BTFKSj!oB`axLleXRfh39b*eT z($8ui%g&z97z>LT;WH9$M~{*G6=#-UvBcT=!^gmo`2ja>+`N>QwzxHs&Jy88&dYo4 z-{*LFkCY1TqhrUMYikCc9-=ry`!K&m4T93)9_|f&#@vfq zx7ph$0OMowPqzBhsoP+)+}+Qko7&j)_@*I0a}MJkOq*SWg={FF&< z(o)B#;}*l~tGnO9+WOJ6XT?iXckbB1X7#849e|21?MRebQ6iI-?!T7cjHU!FBqN~B ztX;Qm(1XddXW!w1bjrk`Sw~^Mx@K^3wb*+R0)QKzn^c79Lx$9S`=+U`zUiM;kk;60 z#WFFc-jG>oX*O5G(-^WiU?Y@xR73={HKndLlmx-tm{pF z1r)<&5V$%B8Iu|4FVimgqf2nCouWhDT@qEQ>gq_EbXKoH0k*WTK-D`((Q{2r=b!SD zf?2FVHsFfv^rXx|&Y`;cI|>)!L;^A!Y5!9>ERsD2vzeAQ%5&h}BBoXijJ;E+(iP|J z28KprAqJ9S;1KisW-_H19Xki)^XUJNuFgEJ#hTQ6_gwz<7=%u1dnhYEa)RbSVu zTnNe&9{TNk+MM%2@R-R#Sh=9EFwmomCEejSZ!jq9(lMg9k`nFIo!942XjeB?6eobK zfSZux4&UB>I5$*a)*39#4&k;ks!q7_jn($;0x-#u#Hh|z4OrH2s?8=f_37L9G?TT; z%GSs434>YXSsi3uTLbzHTz;&<(@U17sYSI#TX3M%d$o)V^xoFHf*(*qLZ7#- z6Z_4L#*O^K2pPxB9(5OCwdw(NR%;eiua@`zY!0dwzolM`fQ@c=BH7;K*5xTzZ|>3v9<=|P@w(T&Dx<6J{H*&HMIn;%wQ79+CMWIM z{hd*bUAC;r??6RFb8}TrQCfV2e)uFU8fn^|M@%i)nS!L}s#P^7hioBg5gcjcppXP| zfumd6A1=yUdhEzq2*UpPMcS3KXIHRoIAH+KHAY$Ec0ti?(&rknur9~Cgk%QC^y%(o4*FR3xzdT(yNH%}zHs2ulZz;@lix{(Ol&py#{`PA1cvSF(|p^M!KEGjR+krVvFJ&K-z9g(jv{r|;$b)yMtDmq$P44}O_=;SBW z>s`QjM$&?f{;_C5)jHhr{Bf&lL67&#JvNxc0Oq1L1C=K3`0)T8{hpzgbR@cU=@PLq zsl8n6VLUW)a&rYjM{KGlH{@FGcloS&bTJm)+{K2gPipaR>rM9{aeFsi-J$)4uR6MK zpF`f)Dyi&z{Q0}yC$z(Jmw7H#U9dowkT)>6wtZW3jiE#B`kg#=@f2xkdfnrc9^RFe zudTx`3>i9fbE0dRSNa(`uyKM!jcHQL%^yr+%!r&pn=2r=D~#F2Uk0}8*j?N?aO_P< z<5S;;8t!1;R`;?1P^eYj-ai66KqT2vx=AW$dW5!-&?l>?1Q-A2W$?pf^S~8oT+kHW z{MR>BC~D3$etx|uCU|`Ohv-P(=u)$`F`-?zfEJKk+s_qL9Lst(v|pevn>K64?7W48 zZ8El;Nj+tobmfinjSS|1GyUpR{XAX;H1!ZmOP}~!9KVOI&pFq$VRfg*22Pv4pq!_w z;Hc{`9^^XdnoLp>vaCFJ(2WS7B;@5aF{jFKz zfxasiYwPQ;)BW^llXhFvLq-0c|JW?ZHJ|qJ@Jy`l;{0>-=H%qU?cIy#BbKMfRsQEy zQ||jQSPkHD<@_akHt1Wt58C4KT=Z>)!P{P*pKi<|k` z|4JtE^#+mV$6uoUe}7ZP1dS$%wOorS1y@4YKR>snN7#+>=G#gw)l2l5sT<=c*D6|d z^q*f-Q}kusjd^4fEZ{xQJA)kI$$ zc=g|JzNRet-$zi^h4u08yEPrQomc+%pABvAnXO?Auni7sp&=oI{?;|SeDNZKiT7}P zVP@TIP0ESeIMKS-qR68H@X)IlKxpxkC+m?kBTow4Ls^%ZnF(COEGuH-R#qM6xlW(X z;H&{aDxFh_7PdSeKF|xABAeD--DG`z_1wTcj4EBZa)k-&*dl>}2T?J_gvnth5Cki# z8h;e^>7`os7cAK!AGUAX=E6WEi@txy{^^fddUx{kjnM2MXy3idkD#l3;{(n0*GRBr z4>Xv(7=CDV^&K|@(qTN3m}UyCBbX66r#3r-HVn0w z814lTS4&Y6NNMo?!-vq~K}z{F&1mJ)H>6f*34Vdi9F5%WOM{*}>WT)20fQv6*&KsoEKM*($E!h+KcW?V>?X{n7 znJVq3G8|oSRf%Ps1O3(NW+(&c;Dwg&|4Lo5MI_rflfo}60L#Ezx z_UIT;{_fp4@bDX{`X*$E1GFdtA z3N};UzpqXAn?1Xam-A>s4^#o_k;6F)0SZ$DhE8HcxB?AsVr&e)sIUGO8I|=|bZ!k6)Okw)d{Lt&Yi~&ob z{%C1VDLmBJmGqnTA=>0;paQ@~WuDBs9ow;EfC7|4B_)LShl7E_Uc_nwh+z?|Ps`y7 z#~l(Vr|Ah(0rJ~;HY_?iL;&CGgSfxxo9gYnBN)^!?;+?0Kp$oK-Fl7g4;IUB_oj{I zK>+Y(Mv36FCNH@M+e|DKl_(IzHRWt9&7J065xCVP2Z)8w`o)Q&XrX?E2{ju{!l>fMfM%N=(F~-8svx!8ZJ__uK)-&jn@-X~?V@s?g_@DiBpB4` z>A$@hCLDXM>f-NhUEBVmv<2Sf1|lDWCdF?54U8HKKB%5yJ4~Cl zM|F097*!CHg9ShFVd8Y%au8XZ5$H$;NP36Stjv)3fRiL8xuBc&Yfu4q8#KJPZIeQ` zlimUwnL2d^Me-=sPv~s{7wmsN*gFAr0LWBG9w|tLT1UO;;X|cX=Y7mn{2~VjNo7PR zCZOpJDM+bx1sKGm5s3RcYR-H{fNMYve35~1CnFfEeu=$y6jqwsbvFaPpQ71bJz8kG z(W!;d-|R|P+dGQ9d#c?AJYngHh$O=fHi5IkL$ld_6{V%Wu_L1(X$mJAK{vtaJ=hlZ zkyf&4066|X-kpR*$w7i_VA1{iUr?{*AR3zt6HDmtQKUf@NEo@4n+%mnDb$k1PK?do zdinf$8um1u=ob)0;P0GHNI=qK$MNIGXX!C;9v&W^2-|D;a6!BY?^B$En5Mp2QA@WlEG$b<5&0&zz^LA{}pDaisMD|kl!{_4D zkL}HV2AYwDYH4ZBa&cj##TfyW_S*sj17RR-ov@0kh1CL$N3n!4d_5hVPCf3!pjKn4 z?JFL)YU~k8lq2srWSA>X=Fo#uMVsyZJD#yWq(>^~oZ4lKd-&1X; zu^yqxg{ztJo3thXk;7*QCkd9m_-f=SxNxikU`R!P@>bT?e72xB|rUBKnkxi?aZvk}oN(q`& zSa`VWMK{8NI;@*01=`!LELOEFn`jexq{w*&z=#i=mCLH z^LUA+4fei6BIh_duI6EqLs1eS{`HnPhbkDJ1XDpzrcJv`bA?Sv*2|d#dxHTFyrn@7 z-ua|LcRqZZO}1xF*1`*X0F)vdeOu^tk-@@6*ARig1Sp+txZnQ}s@vkDa?wt}Z`?t2RlVR1cfk`uFEbZAW z4n`a0f)+3^@aJi3~Yj^y13MwF?2LSgpP4#ofRI+5IrD(iBO(`RGK$#O zD%Odm1_hXVPPR({@20m!|BOisjd9*u=lW;ir65d9A%ssw0z<6{4SLw_Bq@`sj+N=t^(OQ9 zUkuhLxo%`--NKm{3nOH3rfc~=gmWO43ez$&j-bv#+cHtZ&>E7yjFz97Z^LtZC+j%8bNg+O1QCX!xMKZzFCDv$ZBKDa zr;pcLAEW8cff$Vl%JU7Y9}gvaUd<89M2nMygAq^8Z{qLdry>aq!gKY{ZrnhOZ5Nro zKw4((t=7T?f(BHeeG3vPXq(Ayil07hwg~h7d#EwaCbQMFxOm!WdeF%Hg@QU5P}g`)%=eI%mq8+b`!=M&{`ftvjztT31=nIaeEq);n$*wBI~ZNh&{D0jYP*S$ zQYbMd{rgh}M?P^S!=v@X;lj?=`&(EtP~~3envwl%NP!2&9y3Us7A;x#n?YYquS;32 z=#;L(@0UjfqJWas-%%|;-AK7tFBFpCm39e|ay?PbV|G3tvUuPhB+FK74RmL|Um41g zOU`o4Lr4T$E&>0v)Y7uhVH(9>qs9zBC5oej-(BLW$s4vE(f2@T}~vf`ZMbKR<5y}EzeS)Udr0wkRbvTxo*&cGz0 zGkr?In(++v3)_qjNY0R3aQf6Ko>lJ7J`sEOntxPEaiT7vf@6`;A|tdwL3tf~dT9W81BA!78h+ zBR*l}W)6X$F0Oo!9tV9@lW+3)4&4r{~YWK4H`k>o9}~ zX<9lObciBDVXdx;qNBHaCDNYHQ%zg*81jWF6wuC|dk;U^t28%^3jxh-A zGOodyq`K>-o5A8gr`UBv7QREIZO)=qfKnUm*Q{CNmGq;ax3Y=~Yi$EEG!P1CHnB6R zi(2SAzzC0l%@Yw}VOb4Ho%Cz!$p_k1Wppmyz3b4alPm6-bpD7HTE}+n>ykEGk#0b` z@#dpS33n{-a~cr2gZnNQC>H^pBse=RCi)-|0!GAwT|aRMK|JqS^%<`-K@n-wy8h0{tnZV+8|IIe1owp`4(YrV0MC=`fndO6VTZ`f;Jx11rnbS zaWD0-9TkGI+So26G0j6`YP;EIfo9PK=^y2;Y;AtZBEraCEBK8K`GlqsLXKcDI(dKC z)j!y)^;IcyL(q?c6C#7YN1c?3eJAK~_3AZ)se@0?45J<^J(s_gZWL>@CZ9;k0^#(d znMuFRLiFk7)ieTO*N*KZ_#5e|z0$d28zrx}d3WK;G{*}pc>76{_!ucZ?;Nh2l4lz? zNdL}DICROYkjJa&>pVDnyzHSy5YjalE_k8z(U1vmT_!Wv6w_|tTLjuTeKoQoV`G=4 z@&^mLb?!`%Urtw#yQkiQuyMeq4k zTAHzR2|NctzU=6Lho8ozIKe5D$rhmfwLS<0YEOlTQxqIW($*gCP|j;>(OjN9ZoP^oOv9S!=ix$a4|Zx2JPfQ!M;G?$$x zi(35q@1YfjBq1;&v69LxJP#DRm0Qt0pM$aR$he*oh`def1`bt)Bu(tE@#x<$Y1DY{ z%|IV?i#V05$S}EQ@V6>U-raGq5RvnIV~-=Y6n4@ew5d3AxfgP_G?E+S9}r)n4j(S) zy2+;Z7Q5E3Z8w))+X}VHW!5ZTUO& zK&yU+!S~;pE~OZi z8^fS@wJ*iMezibd^fN^=MsZ(_?5S}VAVo8;^B0>}f#5)ZM&)o#G3Mo(pDdZ1Wmv8kpCm0Bmtnu+aGo=_n zp^euZcnEdJT@!EI)3``04alvVB-=d+H_^zbC@w^H^yqwd_wB34j2Z0PRn$-M7% zk6kN_A)760*2G0K%YWA4s3#rJ5ZoEGCqI}65QMrCYK<~!nq%mRA}HR5cOWVA~FjVuI!|z zJP;?8G3d9Dfyeks-*ZdJK(F;oBr_)+{q2-VgSe2PYwD`_O&&_;@<8V)TzS4?$u};W zTmc6&rdYXn-{Yp(psI&EPoHjn@_|=>J}`wkqrDa)!b(DN@_x0iQW0n#)M9#mN|I5` zLW5e~QICb|;!h#MsEte}36f%lc;&(c^5yI87PO3MnEv2ShW6u=$aF{Aj^}4KZWNpf zypCFWyBhUv4iXC%!;t;PtaxVGRjL1bTZc7k3}Z&8CH1yGQo@jB!xKPKYza>#ZDfI~ z;JOoOOB)yXU~DO960+n3TGTAcBw8W~XH-HYy3JLW!Bn|NY2kC9v;@Fe;I^tE9}lZ<|26H6xLlk zR+OyFj5JBmf{ht$Y=%{(rvh$LPw`Jy-qc`jh^so zsUc@PXr{V^!`Fb0ib*%^#zRt{wg!oJI16rEAKN<&GUl0K6ZQAG#1*zryK~OC*Rq8R z_d)E-xG|2Be~Z3-(a!G%w8-k}K0$MMC=Otpw%Nrsyt3^C4}qA{Z&N)n#FLVfQx^Od zQrPIxmyaFWcB32}5nQm(<75RAH}<*aB}*Hd!60P3kBlGdmVH5?DJX$DCt@f(gq#F* zd&ah-GMxI5{?z!UM)xw%(<_9-^zuCj z%b!P&UaR^_eOH?`?1;&R`!{Y37%^gRQB~&p+HDPaszv^S-~h>Ud9W)jslb!no-t(u z_;9D5x_|v>-GwLJ4h%6dd0tdxZ)ZnS6YyQ7$A=K0%Fxj30~Vi{XUy*Ci68}fE2Lb_ z=?gp>U;V7BsiE#c!-S3IwR-gfc=Pr3IxlO2N+*;O48EBBn5%hEa8Nw*g{GPS=P|B= z=OH}D1i#N5vQ%^sPQV+5k!uMI>SV;3Q7k2qDtV-#?^k}HYaFw#w=JAk5RWu7^+6ZJdFd4{PRZ0HRUMFeUm z*FW|V&LoZOs(mMuQ9RzwdZ5J%yT7ovwc1{E3C=(fsfzXQ9csxfUGF{qA|3&MQz1`0 zdp5_!-puc<-q^8!6jg=gEHqJ7khsC=?KNjE&R|S6#dOz@P_w_Ps?tg7Q~l(^0F=e^ z+<-&S_1qJ7f%J$-KglqHKkxZ6ohVSwQ74q$_qB|AMj6ioM__>wg(1C@3b4h{?x9~A zvBbK;&{rg5@1=+HOh}RFMWF`sH`aJxYT8GuK)?8rTlGh3bS!tF%{6~W%mlt_Wdo4i za(lRkM16iSyE}VuvRj^Fl(BZuZ$qLw9ULUMfFr6wqlL4XjnT22>ci;Y#8OUSz1|;) zYYpbkHoqdo$dL~?NQMpDeSN+_h$VM7_$qjEFvN-t@^BT(`pQQSX;305yT^WdlyiJ_ z1Ra&r_{Q$1bBl+qSen_|V%%M_H*v6KFiX=s!-(X)hw7+7>=(O})FU<*Ee71&u)x4Y zdz?7{~d)DwwBAga?+O-SX?-N{_U$}$k@{P&7AU@4FvpA`Pi8@wUAp8SQ=dx zw=c`w>whK&e>MRmncAd-Dco~9oltywhY5aXw1D>n{3hqC#vNhhGh6h!c73~!T}9ox zty#Oa<>S-qJnP(iqpi)t%KqVK&~+ zRX{pxii)51_=L;h-oh#;t-8V``V<%5gI%}E}x^k?bdx>-!g65`b=wwcCkI0FV?WQ z_WCbv8A~3I70V#SQ1qQhBwGg8Zz>CW`0QDJMJ;@XK&fnkrl$SN(j?ft_{cI0@I&BD zK^EsAp)YN{bX0CIra6M3Xb&ZhYM%R5=fW;OBbu(=Sqt*RkjuBG&za;Z=wPh>a*<{) z2{CDw&Fzv7*Qy4R4^iujzqaL?r`hlNo(i>r>039yI?kQ)+3U6PHjkX__t34nv3<+e z;D&@rOEos<^eM2cGd!DFJyA6H&MIrAIUj=BpNO9#8<{h8W!e>EfAckUFCXa!Hx?O1 z_v_d^z-P3%KvDbk%20_dSdv&T{cJYHGjQ&royv=D-I~`oy#J70>*|laN{*|$ZZ=5& z$*tjib>EE6-xafCkka&JJrzT1mgq;m-kY_~(CPB%U1v-79^4*3>dM_y@R8rv@ZU1dYbZ*)OK&L*3C)m=h0PV;*8H0vipY=ABDIa zE?)O%je)*nPmK^f*k4ss0==<5z zrAD!yZUdM4>3IIWWa{`FHBa3^o1Vq2Ng1yjweII%mD`mL*nW*Ep1P@7Nk_l(V5Q;b z*|#TWazWjtA%=JTr#c=5sF&0U{P!#mCHA1K~6Y-3aEhH%$qUlih=p8l)q`>0Rf z6fcb$9&CTDgLr1<5}U3|choz3e>-+D&h_2@@SsdJG&Ut4{6iXds$L;uqwM45$aPMNWSmVK0A)*DD61%RAuAm zj4!2yQqlB3zIJrNt^JU%Dr6GT=xRtg^UEi&%%1wRWE#igUlX|DGfB5?x#gVsm1no=8bI1<4pS&_U z#BrDS*m#qSvyK4%4Jv$CV#G z*fnCr!obQif96M(h)zxZv!UE%lV_HP7H0FRPrgQ>x(ub$%SbX77WjEQeAZG?V~Q6 zNx{95vE^RB@UJ&OaHpZqS896HeE#@#c=<>qw~P?BG-n#T80_vUeW(Rw}cpjFrK z!mQ^^#;d96UGnB)J3IFFD$3Pu{cGx?+{nu=9>zP=wH|6hrFzc!8_i?yE}z8$RtaYs{bh zO!xM0cExvlhXpEiw$f9S&+l@`-coVv@PB?9z}O>pVePF!gl+Ke+pb4j+pVs)TV)-+vs(D7jg_6{IqCdu{|DQp5tsk~ diff --git a/static/images/docs/node-allocatable.png b/static/images/docs/node-allocatable.png deleted file mode 100644 index d6f5383e7adf8f417362c63791d64beb27cee5e9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17673 zcmb`v2UJsA+b$Y)D+nqgMNoy$jN7sG%je zqlkbI1tHXgYAAtF6CfnH0r&Tv|GW3U_l$eaS!3YHT5GPk=6u(jZ+V{gHP+Nv?=;&5 zHUI!{8lGXGLoPcW}&u%JBv0G;n3o!ge7V=FmwmKRNg?+SA=k7uuLT{_G9 z$5FFqQv!b+eRgp2*_ru|j;_w}f}>_;hgS}MGJi-j8y@~R%h~=QH!MVPH1f!C1Cpk@ zi6PlDSSdq&b9|Kl(5i;F9C19icw z#U~A0ledfpMx4_VdRE;X2UxWf08a_^B8z4NIHma7B^M2Yy&=8g1o8l0VMcW5PRC{UI;gq6noq9-whQf={5&*#3o8d_^`^i9MPRxhG^{eBM#I3dX z7+QC){RB0jWV4>pUo-7Akkd&=yu)MC<$D2M*8L3s@PY9Skj)J z+;}aFO~;^*AS67a#>wnk>5m9;kH3#^8J<)ZLdePjXT7Zr`fWDx9H7^XA64IDVb&92 zO_P3?cO;2&AT5};9j~kO2aTAEd7o+wT8+p^bNA5J{51_!idTq~htE@L(164_PMM?Z z8IO9aY5BcDD~4lz)zKX~YZV|@v8xCeU50bphb%}7zRpW2aP(O0Lv7|wq4V4 z{R1$SCzA5fkezCHo`0qJn!Gx`7Fy>v-Cxd%&2vk97V-K)r(Bm2DI)h|oA_dhF8uvW z*!o>zFn&)!LC!w)XO$>G;oOsH3?e&TwzWE10 zl28QIEZczZ_!^38;Y-o=V|AO1ttO9rT#rtH&RwNgc(hwpe=9|ERg|d5t}yTEA6d3g zim*24Y^~R6Q<#C6ylC%QHfA`047C{a>b8jzUtF+SlB?#pkE-WNzj&Q7KZVfdxaw}J zuVMWe=vGBxp|wPv1^`&wbVllA2jQWoUYeZtL#^w)Pi!j`&oMVDQ4zAfn)qN)Q9ADVB~3gQeNUDqlL5q^GuapWrslLO-ou>*fUi_SIuffuQ} zk{fgk&>jods?d~0Rh$K`1f$B?SMI!~JFQ@VE;3&40{eqKXlF#dwmHd-YI&Gnz4sHY ze}U8CpTCo9wePD!qH@_Id_R)HzsQj+f`Gm8c=t#l$HgSn?HD;|mjI%B-FPdw273gs zKZq8xp~@H{KowWDoQIBw5?#rCa_uIulICC%ha_=GOO|LKjq_gImc5Z%VuRU;Lr}9D z;z>N(U3zT!^E|>X_rYCf$*l~OpX*dTI$#CLd|;%&Nq+!8SHcQd+e4?u!FL>n$NDkn z*-0y~S^D=sMb`aZN0L)wXoEAAsb1>SMQIbmEbo3ASl?E)+6`FbJS}uC0okBpsiA_p zTIL|@vG#5UTWGFO3ZHGEBt81Zr=<&cir@^EeU+fp{fpqaN9u$HcG|ouFeMM+Jf!P# zUQH{Hv5u#VS1#j$0%J=H9As7 z>x}S4>ZM4TGRa05sV)oN>l8Fj+0I^c%OxB;5R%i-pVK{x;4XM5UD_%NCHdUYFv5CT zaO&du1&?LVZ+Vl=DQfPvh;!@hFW?pNLOQX15m`HtgL1OEJQmPj8`z9D9CW=aJESpiTofUKR=tAC{>Z8ns&+ZUrnX4|+o9M8T z^DSA&DU@;n@aL_&j$fnXY!P!o7a{SSh+gNHY8!+PkbX*@8jG}Tz_aL_MwEor)CB4V-Ibzo_pFn|*QQ1G|dkvBnbvo5Y+$i-+8sGiZ zHhwHey$-240-%re+<|=bt_at{Xubr6s9ZqhEtSsY#@YOd#vv3xiJ0NffOy&|!Jclh>LnD^Xw%L`soB4+DlxLNkviq9Np z+M@rjvqih28l25dcUIStH*wR7(kz@h}-^EmQ@~!oG+N zb^mjxK}-%*{=46)*@w3juK`S*j$ZNt0AfzB{fN<&Ulg+^i$hYb?;h!B%PbUzU2t__ z-g5oeA$6=qO*3NDKYy(<>eut`y{}mHyEjhU8o701{~|QU!YWjEW#M_Gdp#@))Ou$G zzqP+g82{R&+tjkxqBt=s+jW4{gfGS@|Jts1 zj1QR~4y|{M-SFNC?Scule`dR7CE|suIhz`t-0&8Dy;0_tEN%K%d z&G)~FBI8%$rOAJe0`D%#Xx;6?6SF1@u1_ zsq4X#{djGDG6vn2Bf%yrE_W&n9*4f)wWxCxzg=;4x$WFPE)m)i)`z-A;0?ac`eU_<0E{~+XTmV%G~k+R7@}fL=n;;sO?d5=GJ90j z+-BDK$9>A2H_%aC=v*6xT0IA{<1?CmjiHg`y_*|9^#uSL_3iei)JJ+7_~*Q@f_&SY z>U@TwwpL)k%Y7EqgJ=5ShT@w9Qq5dw1)bP`T=!F+ywp9rCo9o|VNo`YizDWI;!6hL zr?D^CGjFP_1tu)p1-ZG5kNb*ax$iItJ~X}ZtA+ANx?XU6W&%H!R7RT|;ljUkb~^mxvij!Q@czO5ukt`r9Ab0}=Kc?2ocK}T=~sOyrYUoFYD^$M)l2_PRXx+-M*v_ zvAw`@@=47r4kFEDg)9&~NyhJdH_FiV57`yTOj1^z={ck=7vv-WSJ+oZM#dQ_Ph$DEZ1_R-AB5f1C_||@A-OyG>YR!dR&iIr3wgIM*xLZg(`OkXJjOazUF zD5ypOQ)ax*WsC%{M}4QRr8kzgPF{?mDWZ*KjH&%v6zN~Z!0uIAGbKx&a~hoRXdqX{ z7yonjzB^OvZihfJbTh4ySNn&RQ|23Q=OIY0*b{&nQ|1tFIV^e9{Mm_q-0nIVeuY@3 zV?Y5d2dHrwb{-$rjdh(7_&ZDjA;ptF3x-Zs)g`i14OYP0_ZOq2qbVwnF?0$cQVcNM~hr zoI3%@XOwxM*$HpAvR~rdZ|myS?uiR=v;EtZrfNJuiu+1^I;FVs^*2A%6R#q8aUNYoNb&r{*sBXxjiu`uyq**Ayw52RZ^ zU;6DYOk1|qcb^;tY7cQEb8g(zW`9PB*jZWdWJr9a&Dh3P>^J}FnI@Sed+Rly9OP@2|EELgOEoqK&((Pj*MGqc>ej7}R{YsL)msCu)R@;-eNlunZ zf72}$(pIf6f0BZVTsv?1Z8oCv0W0QqjOO%gO%Nx!bWGxIx;fvUm;2e2_K^ zUn8iR?OwX5P;=c$k?HjAv!mnhaL0?uP`K~jP=lYv?uTUWdfXM!pjnB$K^2f=fe(>1 zs5W2tk8_$AO-HzZPSOiJ(8TN;4xBgZxuroxE;eAmE89j4yMU@?`T~Hi5d_V5omHGA zxlQ7GPcwzVSKU4?DWyUAsjBodKQ8t}RH;%7s`P;nP7=SBu@enp8*MhpsB~f9OT*I4 zsoYt97tjsc8dd#aFAxrXPeYQA96%j^&QCVQEs9ux^R{+~h%xsJnD&mUK|oXCtsFz3 zy(Pi&sbAhj1WuyP1uy-LZq;qKE(3zj{7}SO?Yq3Qr%DZ9eCbYos$Wf0K%GEtZfgU1dDp`C3w3lfr{j3Z!5L53Uv z;A`#FPfZv*i*~YM)x+$OTJ0AJnsXX&;6)F{KAwc)7CR;%R9_j_Y97)kKYJIiPsaO; zT|!nnB5BK>Yau78YW4sCuCl$dMOj@d1}?t%I<6&9SeE$XJa@3Jh-}m& zYkxflFXIwE3D;!qj;9p!e+4y%{vu#r@OOxF;832u@$LvS8oCvB@+thKo6|hW8q57+ zQ1kmZ(!9C6AN0ih%umRrG^b@8yC)3TF}421>Qwc0JOPKiuFiHx+Hm@9&at?Yw?>}A zot@$m#Or`od{;tdP7e-Sk`%tz3_)(?Gao(nf$bA_Li_jiD?Be$gf{VpOWECPCjJFv zP6-psd%~xZ(*Vrbva0v&nfo&63_V_QF4__)-&xt?emqhJjFCFEW0~LlzI~1tfQ||S zm(*RoxD=ub*3R`GgEb)a~pxh!F8~mOOdO3_-wF6rt7ljsu%+eztNmC;o2jqok3+L!j z)_gw{ibai2T%V^2@mvwiv~kyO&%ZW{Pf433ssqhf-Gs&Qo!Zuk)J%t2=$Jd-H>jN6 z*;J{klJYIbnewn6F&m!zGLJV+_x3Ro*}qWoF2~63jmp(Egj^yQX|r$Kd(S~8w$h&W zN8zA<-m9si7^G)n-%Up?*zAqSep2dIB{YIC4DM9a*lg9c(Xf-wO(gA%r9lM8fe#T~ zCq3DeHj2C?D3m0Ik9f*onhYdi_G%b42uc{fh(h$DiihSdcp7hJ$Q%ivGm7HqClhc{ zli09@%}&W)4*bh7o4c7fchpNb1tRdi{f}EC@{+`nx+qI`_o}$#^%)QpVfc|W(O`H< zt(UBd5SR~GbzfHD%0MQ=P2^S@plt=$v}lDg+$ohq!k>CKd2Q@scatYdM(mt=`lDev zO7ju^c-Lv5>kp`8d;J{U$$inQl_#sjHUo~8rGy9fQwvk*>AG4=bT5&z#oo#FhTI zo+m=ogPsi^Raid8)@I*T)pqZf1snL663;ZAlYMneQ7cd;AOOHbOmT8y<0~-Fkp)=O zK5DK`j>{WQkCo(&gZ5V#EBTT1Q~zxY4SO83Cy$d=D9(`k!8@{ z(~WZgFjEa04xEohEp)h$NI!HGJFH?X^DYxHSHG7e#r>V3o$hdqHA2;6GG1Nn+N{gI zu~?+fZR@1rVD34aUfH{R7jVFyn(_ko-E>Sq=E>CwLZw7khYjVnS<^XAy{NsLZ^g>} z(ga*gbW7^)d+3XvGArLirCN^6RtH|U3M}+&HNOFjfuBET>r1V7Leqzf+&B((!Evag z+4`ICpXYX_wdrFFA@PEUIJgX(Al#0Z_#C4Od=D==i$ZNGf1XcMa~^MP(s3C>Fk^(2 z1kO9NjIb*c`}!8s65zL$8{PKJQ!-J8J zU)aos7Wr4qyDwN!@?9ew36}y5?GX{Q_h}cqPczvF^b6Ds2(MDzJRea(Cg46PR!rYL zx;*ShL~c0BtHUlH`ZABqVRVh~e?H(}^GbXlj_{om}E_q!#20H}P4#0#tpPmmDkt{RY~YI0Mse0Dc2)2N+y(2*CAE0H8-5@cY(p6bvDA)HgI5y-_1;)NsVN^Le2>ES2Yk8Gmo8nzHdhFFRDFOU%wC<(V)J zfQg7OfiC7N4k3?!T~a(~a5%|-H8_CPn1eXfUrapz06aPX3Yo_B-F#A8~?{|ZP z+0(uGn=gAf4Kx)xg0f&2q8ButD_-?jJWc9uF0`ssKSX4l_)@kE2c8#-f~W_4RR{c9 ziCE65T3Y$wI`2=h9F7bpCgAxL&Un>xv&Pw#WqBifmo>6qOrNfK)RN2+LrA=ZlN!X zSJBT$%)?_3Z{*vt*fAsy@qEnjx9?7*5y;s}Xd^H6r@!49rm;T&j+{o)0#&D)>{CZW zK+Y3(s3(T^Q^%p&p|sb9O1@eiiMi4-qZEhR>6?2H!$3UcA+k^x_$#PGOz?g)0;uOY z$@$C|v}b(I!&x2nWU;7n8<=XTNM>ruPhD?%QxIBf$j56IM-B~qT+$Ky#1E;m)XqIkbxdNRux1Q0!>er$a{;tB;J$j==B)KOaGu9nye}=r zF{E`yQPg9Y=cOb5BH&;+~)Z#|5R4wxDt^QYPywazaXI* zqnSZeS;c&TZS}cfBYoEIf}{Co=qrn1B7SVrfGC!ya2B9RYx26INb?z z7h&l8S#IR5YnEA~)(0V-k;Q;X>)`emSS{U=58{iSHz9e4UrTXH@9W3YhHXV_-*!J2 zpsW`3d2BatXmN)J;#-3p1(~3tba*(%_7z21Ew9sQ_`J#4CT=GsPmmh9)|WfH7<-^4 zPB1&^{>WpvRbSLp-XD@ZZ@p8D$mkvJt59mljlNN`rV%+oaM-A&Tl^T07+N042YJ%l zQ+1DQUAhW-XlYow6%n*v(60m>f=|K>Maz7O8v%lD$ z;t$ZtLqXp=e#kxO2; zMtmphP^RfIF4w7%*o_O(`2nY8rZRg7mGmUa%onp44ULczvWUq)BaaH2X-MW0UtaQY zEEdh|ll&IdSaD6wR+(!f*}e>qoU|Nh1=j6nO26O|wBd8~HUYmHfL7|F5(|qKqg9Z! zVl_P%!$Cwb`3d<225Xsq;yTB!3ik`UJ{d^~>EeaL_eZBfn0~3zh)w#A3-d#KS)x~8 zdyZ|iCp7AKooAcgmS+Rcr=kUhmDpy(@%B+%)vOKKFNzruOTO0YzKIECd@uJuqLEe# z=MnAr=bgfXAuxUFSYnK!{PPCfaeygYRK z*C%7BrguJYZ&MWUJx@_M*g`}g%Dj#!h8A)S?|UJ00gHLJZ5WBEaEz~=eT0604zhYZ zzy6L>Z(T>P&-EeXCb%YusqBH3@UFU|H@YS6<*ts7B8B^%&?mO+5hnQ`hAm?L>u!{- zeH=j#=;0Q{ski>J9zb>~&+vNf zg%6gF<(Y9@CT6)h%BVYiT4s7XKVVy(Hg!NIUm7akfBk;xZX9t87I-%Y zNfEVz>YZy7U+#^ef##9x=OG*slgr>3!H8|rF20?G@doXZuF1%9#ujSftwN81Z@j+u zQ$TafA~eSrHgo!b($I9Ddci)L>K63C4BvX|O=Vb?Fq>wp?__KB8A;;(HHLZUa64i1 zbHBTdba*C*jF(jV!(mt;(FNaJyMhC8*{v&v;+X{Wbi$LgzzRbY}l+ zIh!j5-)8^3Ovo#% zcrWq>;b`>#UA-(3U9HHrnJC>x3ahhu*n*bg{A`MxlJ7x4;S&Vvx`d80rFwedt=ju3 zqn9h(%uxYuvOK}Ww;kDD>NDQhI$mV16j9@{C?eT~rPYFvm7FD3;O{f4x0C@7kzKx? z5NRFeeEPryJ&PQ$8KI>9Ds!`r{tKQ^za0Q1mnKA1l5yL$81%g>#GT#9CWt`Kwm4LC zrRVS1xZA!xd_ihhNKIz7jz)QX$i5G($*@Ef8Lu3KdVAvEBMrLJVlX*cpN#QRS_b4%|K976FUVDwHxJQ1JNNtU4SV?RBV{#J z&6?UCM@MNayL8Qdo^~5_Ush;mbbDm>lcSkqciruxNhB>i72s^{Mx}WpetEh&Gbzqn zifbL8Dvt+L_22dq8e&W?_@Jw0V*Z-Fx$1Y1Yyowz!-~rhNA851Oos)i{bfJo(PF_W zBV0yHX&aRlT=#y~pc1twJyDEhEDgk^#tG5<_6FGVL?O$UP`^SJH}~OB+^xPThIn_c zwroSD<8Dnbv^&!`5s!t_OIAC4VR0X?9UC~rDRwU1voApKqFd+HR(V5^7&`LBm7I;% z^}_9DH`^QBxe;CN_;p5-53)LhbFtmNB$X!ZW9oud z69ZA-d!Z*^@;otm-e*gL?OU&h!z|yJ;dXjE2+=9b2!?u`bLEg`ey#K*(x}wSy1X?m z#7|U7`pY}I$x6-7%2pm^X}>~6$wasbJ}E`!Sl;B(y<#$0qy#qXJxLwn(awyZBXWyW zjqrBXx4QmT$z-e9ylx=Px*IUCgWCA!O#jDn&+~^mcb-k5jre;i#fw0y3QFoMx5%{l zZFgMM09xIORfW{@*Vzb_uG#_$#CO=xZq7yei-;Edi3SFG>D(UW8u#<3VcpdPJGnwMZ-ps4m@`Bz!XN)LQBJ2n{!>$smsz zzr?;-%<8RHg$VDCT^5QlFCE$jz*rw;LZ7z~b@h6elrK8B8h1{NFg``Pt64G3GXs-*QjNRFpze2p9_ zgO|wt)QgTPBtMgTk>ONdMt5&PvqmN+ zxucZIH?Vkfh-r>{6b)FgH<>P~i|?uv^Mx|kx*VQ$tA7wI4Uk>M?&Y4p9xD7C>q_LW zV^You3y`%2zuQ7G}4r+-u>Zm^j*zY@Il+mjgahF(_|A)@*~jRhC(&e9cKa*Z|y z;t;#V{ax315I-MWIL`!wTExmtx0Q`|!mX8_)letgd|Bsse(ZetJ9Ur?krz1DA@#m5D+`vlXw0DL=;L%0mXQ|ei@<61=Rg)31nqKp@>IxNBYv3!rpqSKF6ngv z3NwKEwLMfhv;L<@vB>(5!UAkyRI3g3Y@yqaXU@1^Sv8dJVNb@fyYC9UhoVV)0_UZ_ zm^fQf)8|BEKh_|9ZuCaag6Lj*xj1TDF1ZC2FdfG*C|} zSZT8SR&cnmo~M$t?bH0ceubZpWo9zoX-g-1mx2Bv8Alhtv;u)<4?uuFaJh%_J*O@(=SGP$JG^>%LGIJ>t zDgx9j4uFVTK#-l0g!nmisYDZ^W1hTU9ug+0o$Q7%_3*O7q&gU0C35kA7b7!Bmq%)W z=-i-+$j>u-lk>pqvi*8I2_Eq*XUX@k5Rl+NXU{~U!Q$~ zKQquQCx2ug_-&^>%h+b9>uSWRJvsPq%WjBckKMM5bn%kI)x^01lHRATOes~TaKWKD zb^E?}>>4E*b=&OAU*Q~C>SZ%;6K>;SlH;q)b>3pZgv?$;m1ttx|5hk=S?q zCLOp_ftn@(0N_t;=bN~-zhd}%`N5w8Zkka}>K^7H?TU$-vw7=FrV=uU_^URwH8?3u}@0JJxu6e1eLSR>d8yLX^AYl7PWZ_ae|4= zprfQ_ntNs)>8Xs|rFBY&!61G<=QyPFTCOtX@cs$r&<>Em0~F`o0glNepAOFsII-V2 z;lD2(Huw#lPJKvDbAh1@)z&+>?g*4l(|#EaGt=m9zc`=0(S*sjS8G*JoeF*pBs+As z%E@oEa5$|S3Sg&Z%_wah>k(ee&Yx1GhzignWDf2Zh7%P0^B%8zIkQ&`2jUA;3sa6H zC{eYcJ4$2!28_oQ;-z!VqODoq+OV7r9`aDP2qkN#Sqd%Te!X-< zO+`c#J7iEQh}5+P(jsyYRvbOLm`B<64yEb}FY6^xBQhrN4kONDlRG;})%QO4GSKbey5(oo@~4Z#)NPGzFTY#Q(|^eE&V+ z+#7;`k=Uroh-dY+H)7+%Ik?k2`Q(;L-Kd34FIPe$cExQm;V(yhXQYmtrP2d{)~_&YrhxfOSu7CsE~E~8}-E}>EKs`SR=+;=|r!Q2$Mg6|DF zrL8cd+*ijby__$bKf8A&L1K_48`#qLcArMfE+Ud{fyY=u*Me(!$;hHs0`Hzra5SlP z0$+6%O}FzW-8iVF7-yxL=4hhNBmcfcnu{;1ueXVeim3Vyl4e^7X(HJKz3|dg^!O5Q z&al-VBJ#_H_S}=4l|Fn`-SeVW+FK*&K=$}P)l%0kihapJSZV#$tKoKn6HrA z$!#Rts+aJt_P*fDD;ShS5}nustGcpGLi!r6V5Vjpzfk$1TBN{inV4}I$STPvjjEn% z1?X@8Y%pF(isoW2srI*UnX8}euTI#f1~Jn_0`$RMJ-3L;OnQ0|D6L^ntLlH}%{`El zCexVEdSiBl6#0gw@#V~5;7?gX*Ia9S67R!LU7?ol=^<)~V17SZ^b*Yu`xnMcP`wg-Nb7e5t-++pA%`ZeyZhH(0W_Ore8s!yu*=KRZCG6mGi-OL#QaZ%Z4@}g5%;Ufg{6jDOYihq6{HB!tm(0e0j`_bE(qZPs zK_13|Fqz5j%n$bOONXf$|2t#;pU_}T67b)YAXBafdG&`fU=qXsPnPhY!N0StnC#8L z*&$i?JDuc!(D@$?{!dTje@XcNp4)%Yo&R;5{~GoGWFr5}lu5q)2T8f0Z8%WOtSN9| z76u%0p`p>=491cIuP%=9D>`QWzV;v03kUotQ_BBc^};`e4GhT-uwk(k{XMBg?P(>&`MD_e>Qq&FYM}I@H5iZ*1U18a;kgT}u$cXWxpbZ*O2j=t=Fs01 zuCU4h$NO&)JY{+ZuL`|E9o%XSIiN9^B_!XoOg}SpmfBME-H+pdc%>VFZNweze%iyV zdBW{+25MpXo~l2`DN_>>e=i?lN^NZk?X=PKVU(amk6b-oJ%3<95BR7}vh(U?ua-v5 z>T4>LSnUOk`7E^h3=i~OxK|k?d8>PzsNcFtV4+t&c-FPT0m=RPtdIvpb&6hP`}{_` z87NdSJlkq*`AwWYNzjKP7dmQ^X5Wf0UxWoCS9`E#hQm4fcBY}*t9Apm%s3^;(Jdu8 zwC{X3d9Zs=5Nbm~h2stNGyb z!C4MoO64GZVP$^yOWbz}8}6ueB_@ZuMq;)1QH`!QohiLt@|fc#X}A8XJA!w%)rE)j z#%5BjMnW;Js_&$5^cBNTZkMMkzR3dRZ4Ex5A*4MCH zBYH<}CBEtDAjBuK($81R8P@-4PAJE18DkZg+_s@QuqC^B_+HTc-Ed-K+hlY=9R zHB(uGl{o+Gg}t68UU$f0ix}z}?M+?Q`H0Ohb*~TTGSEi256I=|Wtf`O8T7zpgs47( z&hAyy8gDsJzbtWy59>PWmR}_ZZrpw{05Og{<3{n8AHC7E)S<3sHtl}&DV&)RL#|_I zWXIV@>UF!@@J=)ojpz@*jhF;oCdCS&eNtsB9Vvu9=RKB~+co7;MK5iGsH z8(gn5vMEiPYbw1wM{@uZsD$ynGNo)(&R3=2{T`WXp3-0Zh3}3is3~Mr;Y|j98jh@U z-U+8!0Dqm+;$bdq#tXPsi>`qB{UO<+5f5o^NLTzrM26%Uo?OIm(#onhE$x*%HqS<` z?t?4Uw((_co(vIVJnLG=xO0V=2NHMd8D|*NeRgjq%F~Hb=<3pi&(Bqj4_6iy&CnFW2e$S~A5jk{(XzkeDd%K#18t zCYf$KfNdOZKPp>5LXy3-W*a8TL%n6JO)oIZM{n4!?q}p)B8K)6x|OwDdH#w*=bD99 zN2L)vI)Co~aiV2=y-#D%^7p{f?;qO7=}JqH&i1@up%cO(6)5`4Rq&@S`HK%4mx7Ws z$u&Dp_ZH`0cnF$Y=Ko~w7oOLu#kB1oSvZ5`?@pfc-A)uZ$hT0Oy7+L4U3gQ*`Sd}` z2xSueQ1aeEEJbo)rdBYr;V*O2RE)1*bFN!`jqN-2BwI?s{>S^z5kt%-07fy~om*|? zlxV*~O2S0LtV`9Y&}>__^=Gk^$EObb@CbBuS^5Q13p&0|=wY&G%v*R~Ph^^gy#=3o zJKi!a5&XgMdGUwyT(0hb7)@C!+jCW-rp3slE3*6nYPt?n5W~y;BCS0*{DSR~_7B(I z>5T4W^Hn>W^K~y;PD6$`NfGn&ZDaUGM{|Xmb@@h2xEOT3YIe_}QR@t|?&Qe>Oc&0E zud&?Dzhm~J@GKjN!?}V_v=zp))YZLv<7}`VFkCiqyA1uO&~pR7k#;S8weWSToac#5 zxvX}>+)N{i;UW8sI?mFbyLJXzuhA$tzt z?oOHh(0N6vuggx+bDmBXd`4{Gkn?WI+eK)N3iU9X zEM=A@+=kN1biC?$ZGlpEh6oPJNlkro^~xj*jNOb}p3CU+;HGRTAJ;BIO~PlV`oYy- zn(U3R#^S+l$tK6!uc|70y{I?&KQ;FdfH<8IN8OAbwFDHgw7sVD@y29MdAh@Ffmo~J z3Tb0(StW^7T{#0^X>d@_yq>D_z^DEDDASSP_#8XNlEo~_BFSa$o&%kcCR%r|`$kq4 zV-hh(B0a(V<&ez3byE_`+CB4sb+u5Uf=Z-}zrc%TXt>b!Sugyc*oqrP-f3L_GHrW~ z?(EhzP6ZK8=5tR5$*UEyL{5;V_T5U9lD|iq} zs~%Iw3pR_Vo|8Fs8v5=rkg`4_!`ik=ZC!}_Vq+s9l#N@r>G|lEQs9KH-W9@E)Yp$* zLgO&QT^^V9tYW$cAAQZoVqDR{w=IRpB-Rw$saqG*KFRcxaie(X!B|E3o zg8MVA6(D~~6K}47I~fdbkjlguEmuFHNargpM$>1pP_q`1JuKC`ClY(c(lX|%i_Eeb z=WrzxqOEa zma7Y^69pi9kP?pG-xX@=Uh+N)9WVEjZ!aO>WXU3aJ8IqGJV@;^s6x8GDl+?PfsOFf zJV!fT+Uj;09MtXMm0f(0XvWs?zIZO8_4K4!472$ zcM?lxldyORf|00|46w@uWGHap0s@(8T;#6x7pj+1)#{HVzLj)=wQMdNO7`+~ZT5@* zb|(L;KmG55+5gNfU!$CiaO#{>mXLmEF+R|X!nc?AC-wuFan2>8h)$+SgWvlHsKwax zY9^y^0uEC1&XV7u`}xiI;D)05XbO|M@ui)yD5 zmVik%gH;PwC2sPz6h|;y-^1=YCf;}OX!YlI%nO?#Bl3g#O#SM4AG?oUnCPFQJg)X4uHpbmVAN^8id^p$My z+5VGXt8^hIl|4d7)_tN;K2 diff --git a/static/images/docs/ovs-networking.png b/static/images/docs/ovs-networking.png deleted file mode 100755 index 172161bd0bc86b89a151d84043656db74134089a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 105445 zcmbq(byQT{-|qm@B@I#n0!oK;DybqUN=dhLcM8%iQc@}?BHhgZ(nAPH$Iytx&_fJx z_xL=&yWYFrKkj|kowaa;IdjfF`}^IW+9&Fnx(YGDEdmGxLi|WoQ4<2eYJ)&9f8ybQ zzZiSbRf9KtXH`8n2!xOV{euDdkVOlD5InU}PYiZuH-5LUKgyxyC7pKrc{n7+M9F5eXvNuW(hMV6(i z)fqBQpqd@I{PAwR^@HfhS20=!;=9aq1vLS_h@G8_$&2QVtPRwV&oF5)897JN`e$2+ zgl3qu

    v)hH7VDOE4yt>f(*tH`ieu*4SMT$R3uDcc6Q@915e%34#f69_PD5-m`Qa z+W3q^2XZ?JvdBulL5Pv43F+l~*-HuOrG=EgsInk{yoW&Sef%G?LcSA2wvQgkVne11 zljmq4Q=b_M@gQ*+kc_)3cQECfASPOGG(vUWUQylyZLpNVv?rs&l=Ue;Z+RW; zEiSVxci2}vG^M$B(+Yo;H7hNXjY4$;OKpe<0=acI(taf_m$WtIxv4&km@!^ko4|7J!6^5D+7;?UX0#!%;b(@zv-lrh5&ZN$i}4Xh z$us4Ade$q=$Us0yxWjJtsYPHVM)q2G$!Rer@C1B%HS4gF)y~-5MuTaJqbN^wr%n3iL!8xM27*tt zsSoI0wnF~hQX3g@TPQb#RDD;T%k)7(SDsTRaeA&^PHd$&MTZs;R3#)jQ!Ns@JlIjvk6E)sl^!-?^ zqm=B5Tvo&Xd`C0?J^5o1OS!chUvh;WW_im9?s#trX(_qAnUQWYlUZ6fGUn^wLatHvHT;uhsZ6vd+E`mWcIi*e^efM{)jY8;=so%U)LtmKeYYyMO0vpc zcNxSW>8@DZlbFtWJj60YJmklV#Vf~KF=1O`RT5YtHsd?fI%Bruxp6BKtXD+5X=JU6ofyoD?=M)+ z*-4w4*$B<%cjkAkw%!|jZ}-8fain_8ePE!MXRdgvxNkdNVm!+($Fz02c@`BH_C+bH z>v4=|Oi$`esy_@n^=T@yI9*#-+eiCYd$Rb^guxcimcxXO{WE%!+aI=Zb|g+rPuNc!PKFr=7|0nXq}-+aUEMtfJnfyE zxAK?n|0wJ%{IRKHO>h0lE&EV}=IfJ07(WGPx&(G`wV}`ARZj;A$6Bs23E2QG7CBm6F2ycJdN~>E?Ss0s)H2Ume>7qa9-nqvg%5H&s}6Sj;yvZhXNN!H&aj!r>>9rFuw&Pprr6n(Wj@b3lJ) zE<9(=^I?RlA1|Bg75%xu0EZgW1X+CeFdqD7pwrhgwatNAyvRir`^b7`8@dddvjEC_ zTteUZ{yeXK;qKy&Q%}dwjJ~z;;Zw|q7yrlI+^b-BW!_vvq zD&^KfZ$Es-Pph$3;P{l0;^1v&n1)j8=eW<$E9&YWOTSys)=oJQpO*?yIDZ|kq3qEu zjIW`|?UO|Ju7U0FskY+8Lhgj_d78vFsny(*0(E!mG_1I}lZjV-)*brk zlOy_(t88a(hqF}nVQM3J)taTxNT}8Lzj1r()9QQItG1}V`Xvmvy83g*Mi@fv-;!AV ztiHTzs@_{~e~}fc)I`k|^Mb~UPtZ`a(ZbtiZ!`e*8djNl`D|HNQ|rLiXYL?gGj#OJ z7X|JRo%<<;@B3hmrAMzC%&AOMEVK}|Y2*6ZL0mK`#>LLX-%3x*mFw4+b<~Z={f~Vd zW@Z*1*Y)pgscz+OITj=Jpk+WPfR|bVv;yY-H#xbc%ID%;g{4 zbJ9OS)mIgkZ4Qg4CT%9eKlDfuB=`|ISMRUKB9=x~22{q`l-c4EvYDCbiEp(WSPUgE z6;u{b4EG0WU;Avi6>Y#TmoJ_S>!POi2+v}Mp`|{BhpvdC!ZOJowjSo@As?Cjuc(rt z*#Ja6q7mNH!klpzC4cqoaOB*)r{JdsQg*}t3dN6ndw9Vc2*g7G0{LSCfk>u9AT&B0L?gHqPDZ|T(*=}ntmSZ!*RrRt?}tVb_~ z+}MH*8 z!r=Mm!_N?EvcIqAkeGiCxf`tX&moj;{~W?fVDir)WZ32Z&xb_*Pp_=&pC@U_$XYzJrSIdX{y&#THFS*UC%U|@9jdCTw^>-; z{QC8>vZ|`)fx2dUd%OGYT*mHvlX=y2^#jF!s>2ySEO(t1MZsBV38Qu(+K-BjUES|t z-dONMjCbGsr!yF?uMTssZ!$BJ%D;Y%x8a3QAN#s=zhbt=MO{;(p#jypt08Kywg|pv z-F2`w5V%H#iG@|;@^7Q{6zs3`P%txV$jd|W!eu(zt|m={GOA5)1Y2@zADoU2m!BRE zKblVK=wS}}j3?V?L(YTlO9{Rbqm~bJ!dBp5@0~B3bN3e|yUJevY|_!7ZWT%Uy0nBk zfRz~pT|y2H4ysN6bFnn=4T$q~cAcB&q;SoH{Ko~Iwd>guWv8sCOA$(E{@Hu1pom>V}vtH5|Nq`XQ+qyK64)zfm{V_V43t}n-f2M=a$ zyDDaDY;~?$_h1QF_ESbjM^``p_v&%R40y&0ai|%$&C%<%d767GGR8bi#(HBEc^mFvO1|#4MfA@}jeJJ~hzrXaOM~`N1Yd(Ot21Lcg zW+LQ5uv=ZwN;i| zqNzN39q-tm)UT!Lr%U@(D!)bJ2e?d6F0X#A^SG8y(uWU^FKQj=&UzJ&cE?}PEBiB$ z;Kon~wHHsWSDLhALac^!N{HFe-Iz6cN7q%8i;HV{Lf?s9L?op(z_)6zq#@e4@Xp=4 zkxe-84i!YJ66g>@Y95omckD9){~2yiES>OFr6u9tImaKqd2_KWjy1ylvAtdRTo6BG ze}8}GFCe0CP2tg_D1I~L1lq5sDYkS|*S7ZB+)q+@Sorxh=>LKr2G8hei9y3VFwK&l zzuTq_hkxND+2Rurd=6-;g`hwO|8ue)mZu@?oY}`)lURFYhmCgTs&Um$egyQQ9En+3 z#c?dGtg9O|dzTt=Wb@y(vIDFA!@WE2G%Dm=Eetzkk;)3@3!l70w}(5W9Z`DMynWS>of6kp8N6*4_cB}l8W zU&u=3{je2v2i)2D%i0UuV5nz6>IX1b%-d2@`t%BlioFB<%YD{4YmG%^#Z{22g_kf$6&|-H)78QaJBfAM*HKMM;L37s)3U7OG_#$5YjJ z@4WVhvUIqx_qGttJp(#MGONgS*M|CwPb#M#JBU`;Oq~M^)lhbB#1GT2Sr-eB_pR)( zRM>^4MLgM=D#C>)gTDsK4F6Yt?^({v=mC?Fhx7cgU_4y%!o-KKfS+zXWJSgRw zv>aO>9Qbf}ZaV4J^?e-Gc;Z!hhFn9TjyLAKHg@c%YvYt+px+Kof=c0#wr{2h2Xn$2 zhu~+dZaD0`J?5X)l`l)wip0QyUqGsiGhq!hhW*%ShJCoX{;!rq-QYe6uu^)}0ykgh zA3I(Z7SllilMM!ZIhmrNZv2h!W3B>-nfb4pJ3PFk_im;cxMe%NbYBh1S$}6&Y7T~^ zVo-<8%(tA4O-SdxBa%|8f7s;ZlXl#a4ptZ6mY*PBS`4_;Libtf!OX*>Z#}evt1O`U z7wU)U87YP=?>2%?$pA=|x?i&vBtO?k;QX$)YC2h`XK_O#!8aCnw>1X6Ol2;3AP0ws zMa`Edo!J1S#x9E;6_u1-m7q^Hr#^+|y#E(o3Q6x378V;KIiKhhukOw|vfpmYwZ1}N z8>)-;v>W3=B!_s}ksU32Pz&u)>+^lPXJdv<$!GD{;S0Tiz)5Loi)A&5cDE z!s8hwondiU6701iV7ktj`3?e@wa(lwaSjd%>z7WN>bE|r)VnS|jbL~~U8o_6^H=Vu zbCtE+&jz>Cm^&WVj+AZFfnUofxHX|W44)W(38217)vHZkWf~@0$q<*}mNpR`gQ1HU zS&WZ|HrZ29x$IKwtadP+_A||4(`AF$A20Ogbz9cOaxx{e0n}I9kIZ=)daR1OVsP

    jwj@&+>QVOc|n4*$KRQ5I7p zp$6FY#iu7iIAa-{1JEQNzUZ%MdsMUYN;w_0>(1UCZLyhG2h=I>OFjqIcQ*ytwLjUv zI)Yc7jv}zQ-u+Ty$%(|^4(3eQ&PdT9n>g=66w#L!as#NJCfS}#rR_bOhKLt>f$iNr zTeYR8*|Z0ZgC;`#Go0DUie|X>bJLlIU>tWBvJ@?EtGuJiGa|57$K9cC)QALvuH^se<<*9n2%c_4;FrUBH zd(^AXIU;jKLvPeb4HdA429ZL5g6|4k0DrW9^6B14&E6AI70XCS_w z{ss=W`87QH%zs(0Ly3z!b#Pewq_8C~|HMuuJuA(!&?t_5(^{3ksr9vGJ4w`RFU%T! z6^B2WSD2k^r>bu4i@P@2HL2+WZPcu!^j9oXdTAb$RCb`&iY`{zKJ6gZQxJK}#M7@J z++rMK@~_;57w@iZ5hM6rrV3$-ck_0!jI09J#r&=-pRY8R?zLCbrlq>w;^xMA>&PN3 zqh`UrUv*16>9Fk@Rl`7mh5xD*7W3lwy<^>YiU&@6J ztp^MD)c@BTEpeHmYurEv#qJZba5W!K}e;`kdaxt3ocR9IXk1MYsu^PpJS^XMYdwbd6Vy6}FoKO}Jz5Z(Sl+b=Zy-11^rk4m zde$@(EGD{7MKmWclOTzKggNE1v`sly>9M5;RtINK{IL;riScGoPl!%kpQL!=SUkkw zy59Bc#5Y>9GaNGZnz{V4FxgloF=Q>$DTbmU+MTF`@uv&L(#11x;U9DrAsvtZ^cC

    PX8Fy`6 zQPf&ZaREP$S0wf;cOr``^@-fJiOLD3wgMeJj93ZxIP{C8i+P?1ag%ttZ_w|tU`ofO z-E6z>qqp3|j`Q;=pN3*(ohV@s0&5=FIhqpl0ulK|H;lRMk6zGKMJUsTMw4BbB8|LV z>t8`N8kdT@m=uWP_qL*g$=|WXw&WN4`dfUYh$jm{zhuL~ZVEEkXpO{)*6c>lCPh59 z&fR(ya`i&Td5~0MVs;B^>d-#YnzU`D=bOv!v97PE9*%E-f{x?rb{)N` znf3h_%klfB`cGb9pUK~Cx3PG2{rQ-E4T4qmGr~}Z;`~4p zm6nR{jK-`j+6L)_7=T+2))?Wfi!ls4?3812^4-*yJM`+{!od>WS4pSEoBbpBT5N)0 zdHAdsCoJ1ZV-+y!$0CZe}SIU(H+(u%Wck zdIy10q-jH60(BLqTwb9cO9dXWTiAJUX8A^-K)<}e|Gek_=s>HBE^7sIiA17L3LaW< z%^I^)u9i-#mP)IUN|P|f@=U<53+}V&HsN-MlLH4@79u|uF&goZE#tJy>l;R1mJ&z? zh9<0c&?hkwq8#H+x0$cIJ-sOKWOO?HT?0B77OqbvTJ!HG-E3?c9g+GnT%BE)a_dP^ z)HFH(6(#G7Mpu^Tprnxnb;%~WfBltsjFkZ*sHTM77&}?@49vq`OXIVNkvgozu(N1e zs`|c2jY?==^~OkvldXP-2H5U59r)EFSKZSAHzEGYv9fjfl~QeET4MVc!k=cpw@mhh z_rI8vYr&1%As0U>-KKWVubRhrQsT}-KE@_DTsJ?yi>c3^i-f084E?KhHA!Qqip=<^Xtd1Stmi6r|C<_|*4f%wj>w{lCXZr( zp0R_V@dCO}YI@^kifad6%g|!lI)b+F3XJp%wYxoiu12`-mKKbdPUO%*osdx_D^$5m zPJb?l3zPU1T#R68#05UYRVS6GYeOzCpy9j}itgybMVffK+p~|jgS#$>)_t~P7mX^j z;m*o$2>)sHnnCN;H!-Pa^mH{qQuw9lc1iNiu_z=ulQjS5^j6R877YzUm~~x}xW5%M zPW|+;vTrg3cyc^7Wq3jEOskwe^U5Hy!JXWcM-Rm5Vv_2ufnmzfcavV|y}R=gc!IdJUuFKx)S;eof%dH&3s@`yo9FfT3j@ALcR!?2WQt;% zq2$ob`Aa?`Sk2%!Hl$Rfd#1y5=5Eq|vWMjX_$&!VVy`3vQ8v6}osw6hgw^}Izuimh{8nE5O2q@{3^Tmc6I5b zXaMI3Myr0ehwwr!kX!A1`L#@B%%AeTk2455x&qQ#zkj=h=QU`XnzW+1e=a(c&@)^; zTLo;S0y-%RxZ&`H^bUoJK|HfCa(J$+zz(S8E zvtXQIC#BfdzhU_02wb68%h-`Ndg4#5+o*8rc}?Gi`eu=T>iTQM?1}+&e3zrStyHhR zB`JVHR=&tglM70N*PBeWa$LVhU5Kya@t1wW3#4-r&LW2$q8_7y`ldv!@X?9UiID;5 z=0l(2R+vH6w~9-mY;3%Ra~nGP`^FLZ{sGMKfzX~<66D(zf|r2NkRrPD*!g0k-!%RZ zH>l6W0-Yuhf|L^K-$9a}(Zym!ye<3uH;U2nabU0|9*G66BZz(el^?j ztRhT$e%k@c*DvKr=YYEgAs$yuR9BKc?L~3`69yqjE8bRl?$hCv5x3qTO7TxZy7|d`&wc5%h7OW` zE&aHgTdPA(BV5DTqHg+R&Q7FCS|K!pC#B{CP(OYS%lbyU9N1xNTNk%PN0ro~M#S^PX?N58cc}V4?s_I5^ zGUV558!i;^K)P)OgE( zJE`jL9J>lDU<0uHo}Rj+tX19oX6|M4zpwbTNGw<~ZVH^oMIm#@IxiIF*`bkmrpK1A znp(QaZH5nTUT?zb>6ej2F~;y*Y;efB8JWh$N9$A;z&#Pg3fN<|HR+_B?3KFgV;R}s z`|^~WOJ)}=+Idey%=3S*efeCJwE!FZ;?ciiHjL9$!uL1wxr-9n>_3vNVRx{Z-*e0u zA*q3g9h3>>%DT#Ds*iW7s)9ledr8Nw7^Jy87@c0yu1guAkUvlt8*#Nepgu-VnYm?T zYImdUELLB%x_0v$JJG=k;*eXH@82%X$eY^x=3Hp}s1McgiJ>5oIo|S8Q@4a#a!adj zxbT`X^xxc(ZQoe`)$qWYfz{tyYuVGg>09oSU~}>MocXA|u@PF8w*GR>eZ$n~pgAxh zKbK0X!a)i&d_7Pe+&Mn*a41Zhh)cbKD^_o1!e5Li@dz*t(7^AY*0+%&)xXX+?Kzjil)#zEe;o4Bc|` zEm@md1#xkE{bsQ~s*5ES(KA&^7bY|#MFWAuW-YpRX9ow5`F3KHOC~RQG$9kNGcqy+ z8Ae?vGvaV#9_C(#B`Z%dJhRy4iyO3fd|sKC z5?cn53j>1@2lF9hx9yT*t4V?}Wb9i=Nh!rr zW5FLrF7@Kyx#7LPjN$tZ7ch;DN3iiCu5o>u?h8-r@G4hu*3I87#VV?T(h#s7932eAB08SPT?;^zgrMk zG*3m{Qv~oJSPq`dL|Bfcb9>}Wc*ayhF@r`BWKKnUCz-%QPM^VM_B?nim%r zsN0DBn5=E_71m3k^aO^yY4W?jOL+|DYmiDxBZtho%{XdoX5WvQ@R0wVdMYfv6IGy} z@de0J-?LXl6WpZAs{-ry4zw_h=#JyYcMl+`VAP1rwnuE+y{nSd;S;0v3!B3gJ<0<^ zAsaip-V*}=I%LNO6y!SRzG!~bpQoXo1wz+kvjXsZiLsxa_SWl{t|~9}9Lt1OKKD^= z)(WOmQ7y09Nd6Vz@A>Lhe$N7gTsIo^`=yn_i1ER?`|nRJ-e{8-AqY~rhNf3(@)!+_ z`^(hl%T*AZr&pB_(OxKtkMZsKb{cWiwnNo?Drp57g?vh zBwadV+4B5$Rw#OB0HUt$z6hv))tc&8L>gsR+q#bJv;2eSwul_;IxLwGYYNukznvz5s90Y4tTzM4)B<$~rya*T~EPgUAr^8wwS5 z_l|qZ562om<}4^<>W_qDU00Is!(@^e#^r@d8C{OIko^pPluq;5Ft74Km-rtt|0Wpb z5CXvi^cW!2%ZxKqBP!{lJpz3}KMWWGOmckKwD{Mr&cw8|TN){43i?Sv;QkPcZkkBS zDUbkLSj%{IcmJN-z2YsS{Z{9Ov>)h-1-QwwLHk`Ot6NscDQ3k$MK#f`!ZQe#zF!OUo=^srtGH)}CbNWGPlh)3mVlWBN7< zqCVus%}w!(u(&Z`+)0_xlyb}>w1!}_)o#R2Lza@9;LT!Q^VGZ}A`az%rZS;RaWAfH zc1SOsj)a6lKfTuCO(8*!=H}@mF@4rfeAyRdtyjomTQ`L9hJm6eTO`pN`ouY%{>`tN zSWoW|OxtFYiYAI47JKU-QwJB4|r0_HO5 z3!Wv}i7u8{O6wQiC(JA?ZOo#gPuuy7MW}53WjHC2iv$NO>aL!eU`OuIbS9{e%slG{ zd1*Kq(Up&yho1q-0cR$_PcCI{eZoI2Ikm|8puu&@BoLySh>!iSgyU{}uAl7qJESNMKap57Hi{ z*_hsLY}q~c&e_h)^~=*?ThGS`x~Q})yTPw=%$o%#b6b#+73x3S2AyW``= zZWi6_{=jOD`wQHPzRH?jXc8T+XqrxQJqj}TUeW6t?)?5+CG-Z75C1UJ z`_9Uxj(ngEw|Nl<_|IS7mc@H@l)@hh&YfRa+myW8i_RWSANE2l*~8c|Y7v{>?k_Xr z3&}@B)VX1){w)ow6%EJLCd`=hlr~kLU2JadP`nj>lm4cSYtHAi!M4C+iAHi}xiXAA zsl&anrR^wnOLN{m((}zwtGq=hKqyEAT!hnMa>}_V;Q`$|asotE8q_s7*@n<0a_UWY zN>_b>d^qCC#&NWU5BpGu;AxDNf5}&!NdS>-H7wU_K7TKze5|VOZcvhFt|IH)8=poT zE<7x57fnD?*x%V@S#9m=JktF5knrJ*=A$9CH; zJ%2TiI09pr%k-RE07>bhQs-LcBq%sEgedaPwIH#?E@< znK?ww$op&`e4#{H*@jT$rqVw@&SvnH)wAww6lL*y>UeqodRf`?IFRh;=Sw{3;T}6+ zT-{>RCt*;wl5|oG)^Rwvh)cTezS~CC6^Ews&EO?kD$M@oGc&Vsu)j`7#SdL9|5Yl$ zy-luNnWPf)a0%y%ee3WddgWu6NdGa9D5?i<=#CUDNf6LOhKEVM7hQ1vJ-}~9O8b91BL#H&h@(hFMwbNs*nGRlgP+um41bzR z?h+#x2?iFkQ~$+9a>Skw)~hk;LrNODwEHDgqciH`&>)e<^)YSq4-6!u`Cgh{ zb$AhgCZvUSPA{Ef7?AqzOHqNUWH7lhTzWKxoSWw-4P6CL1t(1N=%o9>+H^_`9hMk< zdr!3d>ltW6(T8~Q^2VBUXTNX!{4Z;l+`+iB>UlW*84zX{{eE{=)Bkt$UOQ$(HveTg{qz36)69#l_t|^9YZicgo0mmNo`es- z>U>y?ox*jc>h~%WJ4dRmrQq}BBU(@AwtZWsQK4hZktTv-(I=^URW&ibfeI1P=YPu7 zleVPCD)G(*Fm<#W}^`sa{W*BzLQ8 z6umiq-;{L!5lRatUe}LCbAH<`o46jPkip}8R6jqxw6wH2x^Z*=@A?JYB<0O#Ys(B~>1{`yy`?ek6U5<<1-H8njaak^fefPt9I{3b^SP zci1>(ixtMj())_Pjm-N66{w^)lm%7r5X|h*hF`0bE;42fTo8OCh?v<&e#gYLkN0aG zIJ|l*2$do}7|(|;6=tF`O(ri7lGwU|IdPt`Kdnv&jUvY^;NkO71rhjRoo@_s$W%Cw5V{)M zKW}R1##?J^u5{{weqEo#3Fw85+K+|}XSlLF##w~Mw2X}B5Cfox_03oe8UP)FMh26K zP8IGCpG6VUv4{}!`PE6;mY43c4(ViVfU>n%9-nN1%PoeJS4v)MTc0NTIVv)BjFY7Z{rIZrTMWDH;UDw+ zEgf&ZfB6!-eedc*Bopi}+hESYB%hN!{;g)nZb4HK#r*WUoU?5LMPJTkWC75R)O_nHmo)t5PfL_1pAE8!!nJ(k)mW%+o3 z3)ay%*?dXXLnC#=UmoYg6I+T$hEB!S(Is4srpxPe<`t?(vzmt64{$pi#aTTqBl~AwcdXPP< z3IEt0$;`0^KZQPVupEb*ef%6}cZ>G-dmJ

    6}5Mx+$UPGw*QBzRoBH9|jCe%nNsY z!%eUN9KfknWzBM0-uEn#B2P+bt?b6z$8W#rudiK*-N( zlryE~sD&x;|Y znM}a%1B8rTy6dWlywZbYqE_m=aYlMsxj2iJWEkiueDLJEDT8$Km31`Lcahg}f`&>; zM&2jwHyw@~X|;~6M-9_~3uY!}Hy?1vi=jUJr-h}ZQdxHq*K}Y_BQD%sXq{^+JJZ8A z|M^o|)!lIl*Of*?$X-#wO2lIMY5l%7!~KF_hR!KmT}Ab+JVlQ9RFHrTnNHpE^76^c z>_g)kzi8+5kQEA0HX4miFnso{&MQE)6(e;f4apKbyX8{aW1sde_`}U5qCctZZxHjM zHJwzDKl|@!2RzejNzDVK99OizCy;AZau728k61_dUS6PL7b_ePq5e`>L*2;~u-h4a z?|sDe7^0>2tp1)9E2j+;MI3~C_6H|a~KaPCC%DOx&;r=o#t zM$8$8BIEjWMJ+IJwXT0tkkrk6X5H@i7VgsxEqzk=%8bleisFqaPsZ_kMnqn#JJ%1i@)9RC)2{M^ceAE5@hPWRL7BH?VR_qn1K+7HM216mSsfne|f< z5;^N@5za=6_clC|WHea;8eg#}8gpu2RKS+h4`Tl${4_t|5&Jfu@8aZHhsSXoI!8={ zS+H1cv@gAIXY+e@=@4_M3cyid2TH7>s31Qa-1K*qlsSuYl9r%8r6Vg;w=uEYNl7Ge zeI|K-nou;2?z?JVREmUiy}Bi@!Lq%@#&UJ78!EVOE!wy43g;o?btot=#|rd^U!RR~ zPB^XIb2i_EH^vLMm|Fd^0Inz~;>jGN08;ZyVX~&r%7pe;2kK9!@cNYeyu7uRt2x~) zu_+DpE8IZS`&8QT)NJqWkzXBCq|;lHgRG=IxLJahqv#)ASgK;)h`=xne6I8n*2-bu z8rN>g=JnhW7t_#zK7lVocrh(4P17xLnJ;=HHaN7A+)EauE)@(w9wPBK<1a&N7NsMr zxgt$sRfiwNb$okciVl8#viQpNTU$D7V0J6Nr48G$^|NV3@jPR7=>edZ>i9S|gDIJozfd>0_3H|22t&>#YRd;V3)1%#Zr&$`%@D>#qhvX{IJGx*hU= zcacVmFjlwA8B5p?_?%ntiQ{c9cwuJD&mv5!oe8@$-lLNmk_y zQe->OHBcr<|C#=;6aOcg-BK^tV{<)L(vX`f10o2+l&@gDCz~w3eB%Gy(usZ{bJ0#? za4;gbwqRG1XVN? zRG2UexK$M}qyk7lZTb15<;vvnJnXt}TGU_$R-k}PM-eK6-XZDF1LeCsX~tjs^Fqs% zN70`vx8$Jfzm8tpG2rzZvfX=T$NSKE$X$F!C7fQgRA4#>*p;_nS| zK3kg;NTD8-lsiPAYzN$fApU``jUHFnhtJ0UtPlWAKHfv1B9VZMe~6y%RcN`_H5CAW zxz?sK4CfOS=7AvVg>ryPS`JwWVLz^V_doFz%aBltimvA?z?cL5Gb_@e$E}3P8|Y5i;9Q0<&)XuPQRrmI%nKRnQ7PX=sgliADnNC4p;^drT4}OwLDFf7Sy1qdz*F%$~KQY#t&#vRj#rlkX zUI%l^11}JVVkx&k!}C2ZCa=FDzPK{!}RL1LhSJ(7xpYAD|o_FZQ zSgzw=OwUQ0nRK<+Mt}D%PqyB>Slx; z{VI7r$3JbaF4_+FeZoZiBcK7h8wdh2GXjMZ%7 zCvWQy$h+6SYl7hI=gvTTat#!Lloi@_MHqajO%k7Pl9Sd!*a@^~fCdK)GBEWRnNh}K z=*l>y<^%!duldP!f4o*~Mq*&!5|zOZI(tB!P$mqOE2g_jGh-G)oJ$4Lf4{D^{h4xY z<7@qpNQsY$Gx>L;>nrM@45vBNbfW<+Qf`NJq(gv@lQ@QVgcNg|^)=99-cJa9i$Z-A_%^HUX4dPXg z4~zNm@vY3CZ$~^k__HL;zw+2K7kBONOi-R|M_Z?5vI~F7>lz56TzdlNGKze<-gDFV z2zRV(ax=&o*|8906j=$BQ=W8ta9elFnYft&ETRqqKMe(8h0tYk;orvrEf<}k|JAIX z+mw{b`)+jeo-k|`V5BD4=^ia*&B^%)_e!1OI!sDkX1iZnQgXH8efSM;_~Tqoji+T! zN^J2g<&-2p`(oI^4ATdmJg~dW$^)?x!1L7A2Nk`f88)v^OBE1oR>V7@PIGvs8zq$Y z0azhWbo~yH9A+Wt~w6 zRkterHjdSzGe2;A^S{NGO*Fxq*=qM)JR7p5CbLK6gmtQ&h~QS(`ewktGq2`{oigu( zvsP!?{u|rHOl9=kP1m7&^ut9%nZ<-6(shccJ{MiULlooQ@}KMR_Ryj;G$T7M*3x+c zrxmDBcRPt4&;T}I^Gfw06=ZC){?j-8gkk4-F6i*t>|#ekN+CCT{K!ER?#YK}WqoM1 zqgUIAlJuH>oXc$5PJ=qp4Mk4&_|+PZ=F@>y=^Osos#yz@9qr$e12`-$#}4YiaG(C3 zu^1qfS-ZacI0axT%64anTXdEWNi~X>clDO%-xB32Kt`z;v)Re>-W(d2CrxCBHDZKF8(fm7?f} zjF4<8L-s5Hwl7(OhYmq8?#+*@kl8X#Ls#IOO_DFxIUM*xWKGHkyzTNM9{c7aKs}Nbw1{?=}0CJ0Id7ppcq!bte zFJ=^$Dfj_WYj9uvejgUMDd_IOF~$BO$q*po=YRSn7*b{K2G#{ZU*rH+K=+c$xGQb( z0^C72CjEwNb!`!2SLuD69e|FRI9Q~yn%>-r!IAw z_QT5vU^2S@l|AqA#s65fZS^s`1-;L8We;2mGaW1}EcbEu_xCAN z>p`fgmH+SIq6IH9yAa$xVA4Gcm`)P+2T6fK*^UuBUMkA1D+X?AY4ELVk*vpvf+VLp z@Sm%s@zfjPj;nUKRwKxE?}Qp0BI7tT7<)zalJp^P;#P+TV6X53CdTF0(?^Oq*m+U( z=S>4sG%EFO1K;9_z513A0`S1OWYe{IOrl0x{D5Lf$Fmk$2~|rWGeuygr|uuE5L$Wj zM#EaofhE8HO`@++3TNKppSnt6t`5gnGB$(&kDuyn@wpLR8xWq9jzM!S2xx~&Tmm9f zVT*a|H~W7zeHlgfs6Q~j(M)3fa}tTqPdF1h0ky`Bh6?Tq(WEJ=hNP5sF7)?vRD1fG zraYtyF*9))oNDIGqh5CnZ)wXR0Hbw1MAw0xfXH80Ph~<5PzPM#!4sxXOc+iz|GUm+ zQi)-`A!XXW_rP`}R6^&M@>zPML5MtdD->t9NA=L>EI6Jmn1uQS`Jm^#FT~PgCcmEW zS>0V2mq=*hr+w>lUI@|2rYrn03cmE9=y>utcZ7SyU1)!>7#C$oxlAVIabT92(bCb< zN=?hj38;EY1(8hk*6A<&S3u1Gi&VLXL!_wcWz6o?*S!o z))K9%RUKPOJp>TPTH97CWKv|L*zu;~V8GzrGhaUiI$gE(Jxqu|Z(+OKuZ^4@>{?OM6rOjNaDW1m!K9LSfU^IRj4@?Ly? zb|jBukJdZH|frXR75=*W~_WoUcfi)i%=;|fWPCo?zQbQvmXo+NYTQT~JP5tNbgZbH270}P|B?%K?kkHwb9 zIl(@3gk6nVqk5iWeGfVgda)sxW4i=B_#KvGvJpg5j8uc6C{GB9 zPzbgjB6Qjr;a^f|OTKy3->*ya&5Lj9SmUfo-A;K2(b9opALz{)KR6fz)LpdPz0#Ja zmnq^}-*<$NDIuSa(%+gi0fHh2!}c!$PIK}>l!-m#8WSMZ$JKe#tTR*sF|zH3=MY6WBep*Zw{W|FvZ6ZN=U$R z;9N~{Q|wg+Za(AZvLUl{y2V@+F}{!PYG+OP;y^x`Oo`5jmQ-<$=+Oir0=zLT{qk4- z+ZZpjcL|V$K*}aWG>q=B$K>0C*|Lj3Df*oee51Ke1SJs#L(UES zK~#gVFPoPqExBM1?`yUuqNRlmaoT}_Uev>qydHNvu81A_S zXCcfLN~_TtU2$9GrRlvX{DE?~cuvn7;JEQ?lLX8B8Og`>gHX(-%e*?prJb4QRHXpipm8F=FRrYT&vCFpRrADbN>~)v zzvKDW9X?@7j&|+qXyhlXf(9UKf zrcvY{fFM`?A1n(__kBYp-h&aMPW-9={uS_b6JXBvx0;-LsNc`kz=$ef1#I1YD&a5+ ze6rW5MQHTl8jT5H`XuFiY5fwYk4-I&kL2}(unzHP&R7FBc(Xz@pd0E4l056GorC~I z2xY(>%JaWZi~{$|Bp?Bn>($w%eo-F(p_VJ)3^fq5Zo^UkiDu2R{XHDFQea~W>JDu@ z-&xN2CQ_w$4Jjz%dwG&M_MKr7Pa$L`D=RI{8|5@sZ|GUX=mdTYU;_aGCo6>BDIgH^ z)8@Dsf&jEhbzh==4ufUz(tvKj#dPRO z&I)e%*?J5&GSrBhs~mJ9pE31iZ>@ z!~7!6zyGhXayBpM#${a4lLtp;CB8fWP+x#5Uq(53WXt9M{~q0lZMd1(r$Y=mPPgVM z@vlhe=m_3%(u8J!8`+Zo{BFy8*}6Kn>q1v3gJ4>|divNWtb96|<&WXC2Ft7@!i-9L zJwsn@wD$ISQ@t-b!f4n*3qMS+_bzhL(g;7Q> z>7SweR{YfOUcS$fgxeD6&#D*jW8ZiF$7 z`#fUs-#G)#Jw(ydEEo*-@ZrM;XNSh{5%5Ef-Mtxh+G{2ifdN?nJ+@+B)1k2U0;>&i zR4wEJb~p@|1LyfN0&urefemmVpKg9$bO#vt5`Md=xa((Lg=XLIf`o^upKZa0m4H^w zR=!wm96}g8>A2vUb$@zwE9^b#F6{n%q2VRN7uZR#A=2qH$T<4(#0j|-6UI+6 zhk|cuMnDgO*@jmyQE;~}HsOwfmCN&7FOTE475$unUXBY1Hs_~Ml$ z<&oYpMkWH9m*=*jjI}ljv!NemU@(J50xwlKfX&T>iIX3;iMWMegH;Hp@L463s!cgt z-I8Wd^KCgAj0dxPyC}(C*k*GoJA3m~zeGb5k{C?kXMIITPYuGtPV<(xP zQHHktx&2t^iHd`ZG%ZU68G65C0L&E~Ppbv&e0R0vygP1S5mbxC;_-C3@Y!Sh?oxi} zx%YXid=hVLyBddR!MpAzce$A^MVk|3lFsu%*chZVv)h$D#ygL!Tc7 z4ZJo&?WC0Zk<>IAWrNTj{s9T}cWEW+I{+l(9?Z_r7voy`dD=vXlH~Z~b8=Y!quGSv z{rB^~@{Odh#?|Rm0N(bH5B~fd|L6X}2%XQ_oonogfK9&&+A=m6fC^C8fbN%1SxCK2dl?IZl>`_B4!t0OpGAC$X{ljsBQ=upcB&A=+iRG zB~47ry_O#CA(Y^PhK>pd6o5Vk+KmJ!6YsO9HRF+nRfL5j9?;e01B0ER&4DgJXR@Uw zr$>d5m z8}=Mvpu*3N@I%EBFdQN$7kS*yQ(g7V(f>q*_yNwn(hhscw5R$VfZ?z;QNO1nAOhXH zugym^e<17$7!nf_!nXI&+T&jn5naVyUtgc85Oyn5aRlbVzBl>L@Gm-jY{&zX8&&ow6b`y?xm z-9l#=HW>njn|^@WXUYG73$hn%_ypc5lrcMc-)x%7#^XIXcLG#c=Z;SdWIPV2ohIxT zU6cWRp_t>z1X6qscK4e6g4Y^J>4d;&2^oFTzrS4md1k@HK1q;z+xf)o?2m=imr)Ek zeu;%&QX&y3UvOY0KCiZ*T)VE{m?z^2V>BwF!R3lh^`$zfi)^h~ELf%m8f?icB6K>nd1ZO!K z3j9|vO-lc_K68UHL}9N+4`j_}oKyN!C5aQvwq^HNiljc9#>NwoTwpaW>igEBF1Y9{ z>$w<9#K)Heq5Rhy_=dEfwaU&}o-%E)pO`__gFkAaM_NL+A>@`D09ynAz+E4SZUK;s zS5Y~B9&iK73{FK#>`!*lKhlyo5tIlY_?hT{fi%PaCEBkhKw)0I*Ye2KiDF1ueEGB2 zhAoYQDaAA3i3LC!D)h&>o8$b_76Y6}w!J?Mw=g(KIAW^r(%yG7dw?x6sY{>Y>Hr2y zB2iRysKM0W|0S=?HX%fM-JMq4edM><7z8cxYx;yKM*X@ z|7AHrE$+p5S|614 z;cZmk+r)Jsvs0m3e!JLUAPbjr;jB_LKZ0Cu*j=y7R=aM@514YekBy4ho4f(cSqV+4 z)T*J@jQurO^}nRpEf-b^6-5HB7S?}#00Or=_Z41v`Hv9*a9JcjY~ELgJJj{M%S*_> zL0hf!{)?mN#@Ld*1}8uu0LlwXn-TssIqWRmU^v?_T#n6RIctAeza+&%H zOVHJ4Ss$Ra4WeOx{PuITjo%d37)5`Rwqifsl)SzyxP?P?zP$bBFIRecdcoiSeN)l| zZt&>nMPO5M0jV(6M;oof8KRVN%pulKs#hsqdO!Yf|8O!pSr-1dD^yDqSBCGqGR3>; zP_i(%>j=X1{IXarWKa>)*OW0*y%=|FEHxgTVdYr1bDC0S?O3tzK~dG3eH1WMTz`ge zX01Au?a>q12$bnt`-YD^m)`sNqP-4{Sqq<&<@VXn$;L~fVMZ?HQyjF3gN}S6IdN4T zcag%r*Gih2422B;Eo8c7C6tpx5t{P}er&YFjnxYxR4*F3LSV6&VH-L z`RLB}oowDT#HWJpPFbSTv-&;d1zS!?v*IPL|D5FhHo$T4?vS~?YJtj;c~Z@c!*7-C zcP$kkUIKNGk=b3xS!+sM36z>y_#^CEsQJtH` zGg`gc^>axW!AucOalFHEFw)AS=-^n9+g=~GP=KywCjP z(XLg!upzt6vN(|J!2*hw-I>}^K#H@WuDnTq`Q$w|5gF6N0iE3xlf3S$*L17x$KbQZ z)>P-Inbc9~I>^C`lkjUX)%IT69S)lV?&$3E)sKm{+u=`QCU-0x^m^kRF^ZE~XDHU2 zAIBG)3cMX-4Qo(lgBPp zO;;Iodz&$j)9BI^&8OJ^+F6(B<#Ulh(!RfCUAS0OJZ*svrQQ0|XL{oT4sljw$*A*W z)q7qMgKAX{Lz>;SSoUq4*DOTe&g%Z8w6WUX}@?+gb8I{a?4yCgLQQzt*vyl3mEue83OIf5og- zGP99Q_sdU1@PK z14`hbHSe$6cD^_}^UJ@`!E`qwBS{~`CEYTb>mk5I4SR%b$Ah{4!yb>sNsIldGY&X@ zpwM%DFb$oh$PB9&2W{ozjKjL2tz+R`ry;5EksxisSoEvM;k-st*QF29{6`jqNw4)) zoi$$9l4tTVf{!Y=<-zL#@DE@Fz_e@HqW?y4A47zppx^^X8hZ8=Z3s)Rjpy5|GatA8 z(n&Z#CK#>p*GV6S;*r_sj~(?`)NLcFyOaSr{Fdn3<};HCBp)g~qZ~u>A|yL5`&dPG z>ejDuFVs078vuG>y!liEpa`sguM$jo&Tp0$xSZ%pGCWK7fgc1y|JGny0T@t!_Q}de zDX#}UFWpBn7E0yxp(dg`JeTmu;-ms$9gBzrH0S`n|%T?kf$3C)ed$x*w;%pnj8t++rh{ z2V2mVTv&E7mTM!8U}ZC;FcH)X3%#96fW|5Q-F&>7tc< znO;4Y+~#k$4U|mKM_D89 z5wpM4+ItLgNu_xxS?h}_nH7%Z=~(*jh{I7|1#OM@<-)^c2fvTtKD!W-Us0x)IC*<> zs6hGJ?v^2@)FIchqP!vC4o=t7P$Q=OvFjei%(ZK|5juL$&+W2;*4q10Q#+whtzB$c zQ!Qyn<}*05-?$1Ce^7GQ&TZLpQ3~-H#3) zwr#o9Vw~M~-?@{$P>Tu|xadILzO+`y0O{q5EhkO7na*{AZpcws_yC77&ts1$h14k% zN-gK-x^BV{J1lUW#K&`IZv|$=3SGCdsuGq)&ER!KMr6^md2mgl z-@ZBZhsFx;1}oP1d>$6C!SlUZm`K$487nN{)2&CAv&+P zt*k*!CVVRBz3O~183UD!TzEX6=1JrodqhUps?0YRb(*P?Z55jRllk6S^Q7%iwf=Fz zHWwZ~(7tc;1>AklOouT~8*4SAMA|=jEuw^m-oBA~(ReK4Hy$~&UB=+F^65*-PzR&4 zJ6_q-*RK_ZS{Yxk((XITnv$tqFFrc8*o!J!sU@)Uyx(JN`X``|W{}4SzTW*+7IDYc z()lJ}iGkxf_?`_L6(swRV{mm(dMYJ}FsjG0P)Y8q7N*SK4D#`n6a)gv%(vJtE*kak zdemjPsC|0Pk!pkc_FLyb76cV6U=>Ne!#`sMv8i!*@k=Xz62EIUOP#fT>{EL?(h)O# zHHu?yBh((qy&q=&hiv%%f_8I4?;tx(9sbV5oN|47Mk=U$;7IyqO4YfB-J*cw4l{x^ zt7}egt-s9;T=^C@La)ZJq`t9uMu0mST>fr-=Qh(3Jx>-*gqH&-lZ7}9ufG`)ExEu{ z+}w4_P2OuA@txVaKLnq8Hh`hYI7(gClzzAs-S49oWRm@h$c%->X_0@3_z$!XYZ@~mg>qGRiD51pCaNeB=KixWWU^$YAmy!03TQ@yAeu2DE1JXE~FVnLCLOd-sHs%zkWfTa;V`9O;w?rFr7q)6K>m07+xlSyN%D-6U%K z$=7*0aflS&F6F1XCscBedOwx`uWL+VA;iet4|w4LbfVR^ zdSpHKOFl)l1U2ukSpXs`IsHCsSR)i3&YO_&WYXqMF^O3|&~`QNIC0Qq#2X}6-#wEY z57~Z62p;a6eLi~$lDg|UgtUBYQ?O*)^NQ}6;bDZaX4;>g?XoWGFbp2ty*j*Yhv42y z9xcPdqA~`a9{(Og?9#sXwS?djC`@t2<2IFu>?4aVhEVA$2#+7m;O2b0nmh2w&^eQU zsm{(7DG^{PRSIj=fWZALgwIAUgj37V-WXCkox$#MZCQws5`yAj)znny{F__Grx!|f! zmRI_k;h(C->8!J=t1x0YZ$48i(#tj1GBT&?N=|kDU}Or~;naL;xa22hgOg3sBE zS>8u)lh|}H6+drZ2**_%ybL^+D?nL5obl$b_sx0lJ*9e z6d*6o`PT6cc>d)H@aDKHAs$Xcl{GkFEWT7Cn1=ZxnFiVsjKKZ907cWKS3!k&=8bxlqe^rjh_r+ho_Sb`*(jjTNsw%5($G^e7 z5`UZ0)j)FBJ6v5(c2KqINbbFvJ^`k~;>%53ZccHDENBLdm1lk5&$AFfe@FJw^dO1c zByO=|N!-QIId58eD149W(SuXyJ=z3EjycDvlxa2~inDm}uB?2|{Lj3iQ47!o>!h)w zbH8xQ&+mM^wRg2kpHKW7?j>VMh;L?cHBT_w$`XOVv{j}7T!0Kvz&4Wp4d>AemRJzt zJpFIL<8d_hv8GX>Z8!}A9b8|$Rmk!_GvQzQDE`)hPSB0&WswQ+`GCsV2-wp4wJ9@t z%465t;R=OlRNpK*wpB`BIe<$gj@$tJ=E{r98G{UrU9b7~WVHjvhZ~qm7Ht((KhC6F zi&eaJ^{EX3ga}&Q$#omt;}dWWMIBB=n!EOVnNoDt{MYRY^jEu$A-@dEVcZ5)(vq9G zwgmZrecuayk&BCLM6ciis1H6C*UDjERccCWW^aSOC;6!-@CABr|6qF7Euo~gE${`e zWj~gaJSB&*dgGge5YJLFBj8Q-vP!k=HODg1uDA!&ih z`Y$$=0&Y!zfX-V$BH&LKX7~gq9_iNYPm^82L0`n+_G`V0cZDoAT*+}fp!&^za`{yk zXXy|y8&w@2g@)CEH@~v_DCB!|HS3G!S$@UYyWA)n675)25{1v2l1}?<+nT_zT zlBJ6Z@<&kVXa$3RJE=7J$fbTFpl;K;)9p$cv$QxD7a_nJlcxBUq4nQ$L9R3&h<^@U z^cAV-nAuq#Id|Iz7D(D#ubExm+pE!XgyKwW0?}@4+`RDveQCt+Xn#{nVT1#{9PP8d zvs~nScL0P=xcD|-cck(4yx%)$L&u=5l&>e8?`bw7emZ|A&ILFIk*3Q+cZo>+zAdZ>vb1oL6ZMw;U9QcvzSqyEZG~ zI`P)ppFR>@xedwg+SgcL!tnz=(Y}Do>L{6tzM=XyH!7FYQKO`#cN+@r#>y8(g=yhM zs|icJGdo`{DsXR3uWu9v#|bYfo}KQV48-IV_6oXOoM6ezM_@|0b=@PNsTPhQor`m-Me({A;kj}6P&?&6Hqwo zrnWmX=;ApZpd%zVG;C9aKa&#Gk4pC!+=hLMCsYhmxhG!oX4^jRm=LKMA>)xVTgb=L z$pNKfvF*-q>h31Kr=6H0a=(=VTyD0|8Y`#7R9YQkTzRhfm1jw*Q_D*P`bz^|~+7bEQt#Hh_X;khj z`gB`8dvKJ&onN_2RbF*ab@{~tbm%uCo$S_tZXh0YQ2|kBK0U?>5wQc^%gf|n@@g(O zoTcYAOeCN%UNEvtc9j1eNG=ss7K@P9dDC~5_=~`5wQh434aijnFt*1C&dURsgYA)#|Y)xHAo7IJs?Hm6Hv!qR%?~IfRs)`P0DtMtgj} zEOPkvE%b8a&$YM6DHD)|0J~Lhx#i9;y?1XLt6>}85r*ljyc67G;cTr#((@bl_k|eF zpn<$|0Y6nVR@u@c`E}gRjcW*pxk2R4wsJ*rKr;q@+p2@)eIEWB9EFdrATYkB%Lyqj zXSoT`OJ&D=h)y30cYWtD_m!ZTomNmVeP?F}nXMEZO-@2e0(P@CJ??_lgsslaC?ll< zbkwhq6W(@Mt2dQdKJZna)fRz^80q1~m-yJqo?6w^U4(`6;xLkuS>Ly*d=4V->)NQS z4VcR+6-DlFFzWxY+UZc1QQUjNgo0=XxgU07u^U^Z-E#XKj}6ex7zmjtD1=E&IRDAC z`T4W<$B#d|Kg4->dwFx(wihDomgcJ!HU$@bV~++cA=jM>5|EgjhyJl>W-;4z;WB;tYEXHJmUtM&Rt~L80uC$K)v9SnvI2@Zb+@LHRgO0JnQ}DCDVOK#w z&%@Vl#~xAArN9tVmoA2FDgN@bU4Q_L+U8j?@$CKxTY5o@LLp)oVjrRq6ILCVH13ia zO`-l~rkOyXW!jok;zi7!rXB1iqMP`!{EoxLrR|iJTF=Ctq914hZBf$QJr~v)C zM7dtA9C5n1Z5{239eu)^4~{IrQNS>Ap6S&4!qxj$VBe?0-(zz)9)F3E?xmON{dc~H zc)k}foan)v~${zs1a2hCh)w(TSYhV;T%_| z-yn@!Tj_fAu}U69KIS*bz&VB-4u{;iC9%9;iO*#?@|u64$$8IsIxt65@xV~IC51qd z=bjv2P6g+odX5nb?l^F4acBYNOZc~APeKBKh$LVN2sf1FPVHRRkWy+l=F(;Ke_T|C z{9J&v_q!a#8E)Q0C1)qrhZ7zkk0Zu^52Z)uz~s++nNJm$OuzE~_)TqGvI4tNLF z$luS@IexR0l8BCEDlgAKKl}V1&BM?RpdseA$e?cb!kMBtZfX(v1TC3UkWj;V^=Zbs zO}R=0U|7s1Fe7X9 z#WW)bhE&z5TGv2O;c=atvm{XDcWei}IWuGeaTh*ar=*iHzCJHaM|gP7g<^CuT8P;< z?3nF86mLql#k;+0pExgkj1HI`Qj`x5G`{!uGBapcJ-;p=cUgF0AX_Ew+q|6MqE~U$ zQ?KbfHpai%sWnsK&`dChbm-nPZ$IZ-ZE+k8Vdnu;fUP?H=5Ql^W-Djq62d`1-JLj^L(n(f22~O3;bF_3)^n!b5=so7@r76fx`f0e0 z_i=jd<#kMSx;6eqIFh3=Q3K8-?bGAfOp&(kSIOmpzwBn}(!o_Q`l$YfuLpf7&;Dva zfl{vn2*J96@^O$t)VoE`=zc)~F$Sz?`~H*~Y+Gff;%nl$$btfpXdL)2?q{=)WJy3m zB5s5E!gy&qH`?`Hh$)5tLLVQEGe?Q1POFc`$@xB`oyKWXN|c) z!uYRWanNVYs{meR#!6_1Kz~@I{F5D5GKAyl%+4zvxSveTn->Krd>Z zo{l=-mcdCZqQLyd4|71iNw{hX*NUMb$G4&5?G1+&{MfPFcOj!&m;ZI8&*!^f?>EIu z)l_DOVhSQ4Q58kSrR3bFM}pdud{v^h6&_V0HQ3~pBd_Q!=w$Uj>8m!Z5?+x@uYA>y zB%J3zuKBN?-gO<)YfOsun2grP_nHPMUZ6h91qgi<=vraRox8VC<3b9TJeUe?`zg4? zMQ`>jL~f7EQ(b2BzB`+#yps;}J-P^I!@LY*4)+x>^1m>At;nHEX}$6H6#Qo-J9QQR%x~oh)aYVrwWGLEpt>1 zaXOm^f*@ULtGf!8Hyc1;NExGnSxCgDZBIYP3y)4#e-g_l!tf@L>TZ#U1gN4xjW*ih&FLtqpKyDqwuEOD%9~pa6u2Se9 zd<>BYe+8l@Vi`cJLYmH9V=()Ske&n24CQ{yImtZ*0w5PeM)e)sM;b{vY9nX(g+wMs9~O)F!3e(Pfqk0I)GxI9z>KH4=_a1huBC0$N}Ryl5d+8aG8)|1Z5%#KxeU zb&TBOl{a&GP=(yeG75!aPI@od3;;}P=BznV0@Q_ZO{+B$fdBDPHDUPIo1uNElg#x} zeItXjbPS9LU>9w<^KAs}YN-?2q>u-_Vu3|}u0pNn4BonAp(nkA>H>00*bg7JKSlG@ zoYl?~Dqlfa{6;Wi>qB2ne9n_z1-YkAva-;+Rp6fbHS1SA09&^Mh!fyZpSB7p2E?~TK}imF$grQo~c8+?WN}vfvTber+s2?BlOhsu80hwy5`|mfeu`1 ztR1i1wTkJqs$ep`iH%Haow2rkln&p2#dhHSDsU0K40T5tq2{Fk%R@(t6l4y&PQQ*m zmVU8C0S-|Px7PwHrgTBKy6W?89s=8QVgaQ1W(Io!4>#DPHvtw*Y$UvRaIQ&QN9?>( z2hck|l+T$vxvb?4k>Yoyv|NO0$ON}iE!G+_?qf{gy*v(hINHRKP@^PS^Ipvbz$vi{ zOUSI|zCE`}VAlAXp1l0@;2HL8nMISb4($0ou5O_7yncVO4_lIsj7ez&HaA=7HfI&R z?jRz`EWf?=(JocybmAquq2iHa#!heH*lE4j@X(#2@SZNxlm1jdF~+kfu`!#w63B3o z^!@oOjbgh=-l){U2T+DVrnNE3luB{qn@;BAGYEXK?6UGkm9r0TLf_TkWt+cXn&N4S zidX+s7j!jxCh3mmzO#nrc(g*JJMg;|tDS=Yw`U8vT_9prNpkxc%4jSZ5;3K7I80^T$fZnKXiYXLT#4Wzc1afIr-g% z0uZU}Bxx|-3gakj+Ny~uz4wabf0Ohvtk_v+Uj@_YXyxVgitI*4vb?2wUZ~{z zu*5^xdQfB9@Oydw3)V1V(r*P&_)iLw0p%KC46YVVG?fV2AQtpaM0woDB|rOp9!AK9 z@Ga~`02lz^MS`sZ*no~l|B9dmctu5R4=>&gW_qU2G2C+`ub8s|Mh&`_yFNYTx=nT# zuOq2pK{NGkp_yDRa9R9GWX(;xn$o9(7!`Qs~ni;Oh*!m1uLzPgg)qw6VdTrJqLOL0WJgGKg?xaZzM%_(cDY4sb`8h)Cgn&JVX z@OjC;G}<*~n9G^Zy11GP@G(cG$4?LKzY7TjfLm7^+a=)B0f&R(_M#Pk3-qpU(R4qJ zwdu%SYUpeC+AUp2QTb8em4-q}60wr*zkA0XvjS0X0YICn7dkU_+o1&ghrFSY1be#P zsN162BVRIoHx9Gm=!lnl3e)|uSp|W5{^0#2qHJ_>sX}0)!e0FeRTPyTWmDfc0z2l3 z9a7O6iy+VX`Iq(DJe{iSjG&$j2Nevmy5qnDpTC<0uCp9QOwb+s8h;q-nVHlp3U6qUTHQHpHp0kpHK)kU;Mn zOVdT4Fdtpk#7Y4k?zBYNw-o;b+8ObMMOTbVi%y^AaU_2Qt}1{u6@GC$Hw~Y;I|Q2C z>x{cD1>ShxJsQMG$B^xl$~xzoO|ZUnTujbl^#Jog>qgre|3K_1Rs*T~Jxx}#$!|>1 za>)1LAIaN|zmL#tn}qy#uZ1$84T(f|JBhil5cu9j3wE{!)?335>dxJZIQx8QA~A!Y z@iRWVef2_)fr&MIOOqQgaQTl>Xa}b9CMdpm4B|A=1UvjGhu_B!VhZmB|F88d6&rZd z05Gl#0Dd4J0>}>xLL*TTLS1qqFlDTzx}xI1LT-Wz4zBcCI~}gcpN;P`Ip9Dl>X*gqWA_PXSJH)FWAzAcy$@0T~2@uW^(KZwCAzU?6C zDH~Y_VAWIVOF8MPIKJxK3;Anzwr6Oo=J8Ntc6ID6ip7YQQK(Zy@ zCDbpjUbrSL4ipGp5jb!JJ7d!CroEh?mdghCNzm|Bp-3M&D}-&gwsrg-y>XtPW_xKy zPM;usV4vU28JH=@+S2MuVOOpLlL#%pKBLp=ou!CI!>{_?bo;|$dj7P%#1BAztgqyj zSR?7DIv*tH`SGjlmO#)URaHrZIHryZJs8tA^kqI30TK$T4pS%Q`D?S1JN^%n>qk?w zcxtaNJ-Zf)jwXAX6b(y%4x0mDU#R)7om2A~-s?BVcgMM9I;Mcr24DS1n->#px*{u8 zK3CJ1VqyE@7Z{U@7k{4~3XElm<#fx^zxD8n)54?oXqM$#x@ImVS{-gPl0~-UhJtRX zW9Sgg?Nv#A>AWH2&5j?EB8$4zL0rQg=jUUN#&;ntHC29Ewk=g!jgK%7fqSg0Oc*^F z`cs2PMQ!^H2q&S7cT4MD*ujtst34E{Jxj8-1 zdjKpXW%V6Qi6pVjP&fUX6r6p#u-HWlr+6UX`Rf!1^@L6bI#E$*Ay|zvOA{1c#jLx! zqKhw`O2h*~sy`X$*&m-jaXdbcTy}^!`*bi9>|1Hu^#u61Wz=eM$1604GkEIvmHZKg zv69pT+F&z*Eblg90_U4c0Cdt8+nswwYELNn%>8x26|ALw+d^MZ()fbE-K8kgl=dwo zLZ(HirX>kRN!4>1@vd=`Xi|0Z+QaZIDW7gq`zrLC(I)bKe-c`8*fbh*>4*p*IBF!s zG>9|n#>i+zP`8hBCWY>dAi!6SA4w8ibPCM9jHD%v@Jk|735ep1vD%-Q^ja$sC%}BF zH-D@o#rB&p5wk{Fi@H*x#u-IXjFoFGLN1F>X7s6(1Q{4Z5T=r~#k1W9)NJJ?^lWwK zU)28m$s88mM+X9SQ`wQ#oknip3o$X^>ZVd%N172$2Jd2ubDNk9EHi+tXFqP#tD)y8@8L@(%!Wj z_XTp1?$1m~JANRDa@pN#qHatzqAfoMVI{SJ(0LWh>KeFPf(22`ZO#tMp)l8(DS)4q zmaU6RAc7Sm&E<~Z9viQBE2`{C!dzs|o9*kbDrZK1syB&+l}pA%Jd#KUkF$6l_{y5 zHYkYe4Lq|q$~)4LREam%Hpi6)P8J8NcUUh5M1MIaEi-d)$>`mm<^-%`XqPHP$A(nn zwlE`JhU(qEj9G`Z7!n^eV`$~8TFJtaVV5gkawh(e(d9SV+a=>Q@rj>HU&{ugV7ba_ zQ{#O+pzl4Ek|F|AQsJx-6YHVZ9LU5|c&mifROU9L3&_pmtAMp7l|Dojj`=U84&X4J z_t?ywOJ>&-ff-ho99;b@hJjQIfR9Y&hKzT%x^wZClcrpAte;q`zh&bh2bGewsIe~> z`tOsWmp9K5Cb6^fv!MJDL9-{@qC#hJ!7t=CC*(p7u2lW%_gjufH9}rH{6uC)*L6T9 z`864{K6;-Xi3*ROzOsM+v5MM$L1FhhwbpDGt+|G4PujusOxxuJJ!9~NzH-uRDU|4+ zg^Kw4DtzxR2_+1USkT`RD*aSzJgg}a?@4(p6G3AoE1PWKugsl$=s|mp1;}fa5~m9@ zuqTt(!h*y)QPH~}>T-K~<5P@RrQef*efvUw0+C9eJNtwn7p~5$4Qx6 zzZ_^M$lHPUfxZRm>=tO2y|?X!DHelg-HFJdBP+-n933UzYLsbve9B=Q^3(R4CT5;E z`Y|vX&cMoFH@3b_wy-m;C3m=df0Um#{ddBT^=BmX04wKE>p{Z(JTCBMu5U*5x1iFw zvkIR+5rmBeJUAET9=C-{9pDl1J#D-FAtSQbk}!ZDC0(=dtJY%~w8g#ERHJejKLLPF zR(7^%e2>E;d#ql2Su($R&R~t_pzY@wF4KYt8Hzkb&*x)@tIsLtTJ!%;f8Vuko+D7# z<7j~4eUmfOEB~_X7@4q#|25&e0wf}yv{svrq~Wyc?vJz!m)f*3r9+GKk2UmTsMO*=O&=tibOGRJn*W^j~G-R=^$!-c%h*JTB=zdwf;w>qC}Y_LoP&p z$G^il5g*;8oJ4Gaycprh{@dNm2td0seu5GN5IRi+4If~qLqfZ^^B=!PwX#|9GRqFV zGwWS@v0`L09ljh;u%IC4!;Gj}%k0O&4-Ny-J4YAd#MnP2sw*ph7(l1G<2Gy>F#ZAT zUZg1jaTXqVQwv$x(g!W_zUe4Jew$%?&52$T+0!J#nQcARbssTGy#8i|}f*_@^>2bs<{XSH-?}`M4X7e<8dG(dp)1fTj*eug+ z@XPU`BcNgdeZ}TXg^3r;9H_K2s(Qo7y(s8@c{HQr;w>~(gKtT z9<`M}@MaV3kg!2#d(?l>>4)?Y7r9M&%}sy)+WOIuu2s9Cdc$qJJLGzcvArKf_&8WB z5q9zIh7m^!UMcz$$f7!5#fr4|MgPg~xA)2*sH?jIbrnsT|B0}RuvX9s5Ju~K*O66>y4JMF{;Zt6J4 zdN?f(C=qk0E%@&KaZFd3`d*?*BdGMK*=SQvGDGanC%<*hKA>9h)hMg&GjR93(T)t; zW`C>yd+79~&g^GIdG22)<-46NsAY`-^s1dIfk_uAm@55ds+1*7rn$%ckWoN?EzQ#I z{CGXfQa(MN(-`*(9La4LRRO3WVm>|fNQ-(k=1NM_)}!qww-v~_GxoMigs?t1;f>}d zm>;395!5P!atA}6B#v7vdi{7@&R@f~0hbX;yS>l(gse<}aJ^m-Lu9kAtHhfzq5CDi z-EC=53;A3q$sg&z7Ddp}dS-;MY$Bk8{>itMUn2t>7`Y}^^7Q4Of-xTIGuACIXI@{m zjx0N_+<@9ikBx;TWAnJU-WL!)5eA-U zv}S@~j1>SB6M=^J+7rewgc~7^GCJ*)Z((eb>2Rv8xiSKUoqaRAW^l zR1033E-{rf>BdJC!)K@H1a>UWCw43W_z36?IwmNWb>%<}=5x^>?srKn-$*xl;t67x zWS`O=__{8Al96(LDX1v5J$C-~QGXR`F1wvxWS6-s#i*FS2Bjo)*^2Y(aR?0m*v|{4 zJnUpXMgZqRFqTlZ=Fjn^CKMvP4J+S_@rBa@;2=F6oe6^2aU}ZkQs0P~T{ylcDw*!! z$V-mJGbc?8;u$Dr7qb~gXCXUK>+pM~(lPfx+udtoN-->(V%Pm>(0}5$J^$GZqu1aJS83VUp zaK|IlXu^BEjK*%zlr93((m0+TdEI)t9xr^>)i%*?X(NaR?A)Le^)T z!gNVWB!|FGTX8vrIVwEBrC~R#d*83j3aVRW99De1h&rMButl@dP@*h{u>if-V|29Q(s1@##{QENQi85_)X9!TB(F^5(BxTW#vi{Edk|2x4r zP&5(0$LG&WTJPV#A1f+?z!q;kLc#MM1rQ$fp@Yym$c+_0{IE-ShhMP|U}PEOew2k5 znLaQ2ph%#tZuQgX<~{v)vwHE-d87DsfzRfTr#_Lye&|C=x|*{S?UK@HZ#x`oQ?C;NGRD24jIv1}Vafj$b=F-BRj zg>JU`)~tkbJFJ>uyj%&%?~yjU%oOoyLR^#o)Gqhs0wORmF-Hdm2R)G*pn3DDnjdDm z133qVQ!*q!932kr%>I}iE%T`*peXFx=FVvg4=BH||Hwnjlk_`5a^o>G2n*|W3Lo}A zx)bTdQ^Ak|&M4^QB=M4P+hzOfffzitf4VPB`D)#(UnL7~uL|RfOiCx@3mHNM3-} zH3*AZpk*nr+m?j#@S=}L*I7A?W`2&S?Y%bZKY!LoH&mTosUjqa`M;6gA<`3^^+>_m zHMiZ_T5YEho*UhZUaZ;ZX85hK2`fJq4#(YS*P6D6AE?I(?FBtygB~6p%4Un`0Jmy1 zw~TKBA-HKCbnVf!VJkvt!G zDl*LJfUoyxkUBiaok#APqQV<-w+0M>4!LD&(I2sCVc@ibI|gTdI7-jTl9!Wvq<1|FGq>5jp&tF6U^rc2xpg(=+DGPVvvEbGQFT)G z!m+x9<->=lh5U-$Pug56(Fz~?)pFv|w12LBv#{dRDFk(V+D@Fo)8emlON+y{vMv?Hw8tgO-I{k9=Fz6Eg;6O(!@vph|Y z>u)8i0KI|;Rd$@QaNtjaHg)aLmToqyJWhfHAkIcy9{hFG$&2i1`#Cxh_`u_ZANe;1 zl>GBZo2LEaC~(HD4x1hafe(|%2*^>gIxrhlQQnJTQIa-V$0K>>jBGjLm7cCEkJ zGM^L3R!FA+0pjw#1aQ-$ub=B%(1z#Kd@J&t0wICh;CpAwLA#ecJUlE~b&hv ziIJH?3~)7qS$9oLuKjrLPJ1atiw#c&<)8S>bud%CIKHhSFCvSK9Lp{v?h2R@{6^vsP=p)nE7NI~ z-%^wU^>dHSeO95E2isBH3Sj;^DD`EU@hCP_@w7Iw9mHsF{*UlNsMdkSNiCY z=nKa&cFTie$px69y8G?z!z1V}Fm#CfDNz4w8a{oS@9eaBRLyR(Ng#dNRzgo=I~U6C?#lOEX>* z{O2d;x^O3a2y_&L6I^yv-)qYL*RlWl@%>l&{4VmL6Jl(#m-?R_BH-JiBEyBbt% z(6F#D*({;=;E)K$b>sn)o*#5_Y>W!-d#kC{auWvm*4ES=4~XI%ZpNHbCLad)Kt8bw zKEJ&2YCiRYdlE=AZi2rHk48Mjup~s(+f`8ft!RJC_HG6`dr&Mulxgv-c5tNXD1<>0 zwPL6C{+>_WM#F%ej0~nqzAWzlKncJ{>_n_gb#+R9tOn2zODp<7Waq2ejo5MR%lB1X z?2kP_Ze~5JK5FIr>)V~xCa$WQil2ro{Y1AQI2-x-X#h0w0|Z(3=5y+%?_xhFjEdn2 zd6dM}`1~Gv)G+%3scM21JaH9A8y2rp|8-w;^7tEzlc<>3#g-PKfk|*QK7Jbja4a0k zc1y~Y0(2nQ^2nI9^g(I>Nv$RlK(4=CRqh{^c}mN3R(ORWm@bT%up^)d<8Nx|Fy>nD z?W1tBj{iY)Nx_DgOlW4M36d#LiT>q7pU%|C+jb{SSKhKXoTyC}(U#dg`-m-ksKpvS zqB+{|Ef6H&6y;H5&X)^6;$w>D#34b{67l*Jfam%$lH1w=4ztqiGtw(22ZebPnS;TvS_lR1JVUC=K|q z>M@;|!jHo9E!Y7H);uDysej)-QO~dMNM)v~ZzOovc2rM$uz8>Yk&75-(u%PnlM?;!1bY0ZP2q<&CiuGfYJDt!eo9$`?>qGYt;{^#%i( zvZxg<_GWC))L5JKF1b?gipo!Nf(zE(4lLaC;+ZE$#eXorM)7(VVKn#1)rocFNw@mu z(c&%{N&U-BIXW@KE$WdFz>K{^_fe3(fDuYn$beHf(^OV~;wqsu$Rp>3?BWl5q5~7v zYjJk~R145!CEYwvl8T8ow$L7P|C36}s@YVZ;-ngGuf&GCSFc44?T>f^6=W zUXs(`0J~owm0Y9BGtK`gh&-cx+^9q3j?wv+8rrclGWN@AM=Mk1YfJAK7-g(E9PBJ| z@R4B3#s+c9APPakP^u8xU&D4(BZjaJS2kh6CsOdG$XsFNHH``ERVyz{tKl1WxDk_E z6UnY3M+6#H0Z05jz;Fke&DU#g(}Q-P5(yKv%+LEFm8o*?>7;=vcy>6vbw^W+0%z3h zeZ8F?hj>3ZmR1=e_^yK0lnIjW)G+?eH79rk%n4rp36Q}5`;(Os zrEWWTElIK#?W938@rF6#R|TWCk(}~pB_P+ai}o0{ZVMmtAwhbzN>k>Kz$BS}>W#ne z>m04WTyL@wp2dZ!KIw24xurOCvT?#9_N=+xC2rakVUcZq%{UDn z%Rf=g-%rM1nV|<-kh55L2ktIl5g9E^)kU)>8XBxd7##$0j$?<)Z7s)tKb61z(zY$h!l@q5VRo+~6dL$6mOIQ3WaDpEQHay$@O;^u+I*!wRH4hTvxe4ObaNDWB=rIu~YlCKV ziV8Gt1YE?TK`+cUV|T~We15|l;oDm&{UakL!zr9yija|yjLFUiHm7TS9O|dRgo9Vp`@V-GJTVZQOhG2TQ=DG3lkFwV3;j!b~cfRtbrW;H&&^SEnhT zuK(XZl)X6GMf!diw1`nF^j#kg-RcQI)HXB6w2?q@C#t99;T5E0nmZ}kb@yI-v8Vf4 zIZk!4_Z*M~#o_Iow~>XT)q6@1{h!t0_ML8eb@F{n4JNcGN1Qd+a5!t?P!j=qpj}i#oXen2{~2XIdcoXp-Dh(md4+Ld}dtu<-FUj){det zqyK@w0^6PNATqXm6KN0o*Sn6zabP81LPvVN9|hv=VBd%?HTRY^?sSc8LPKO z)4e?Hk?q$S{wuF%&-wjb6fhEt(HSwlV;%{!7@<>c8MR8Zn+Ydgj=ZuJJ>RF$_u3S| zJoxZgh%e~Vc5Z74gLn3gzf-R-fr*R6(#_~Al1GV5?Jfq{iw_dj6ol~3ZU-pKHqlWQ z%geWesb8{(a4&DpMEGB?47|FyDaT|?)RO{-+5z1K*sv`%bzzz4vyD3$nuzNMT$nH& zaOk0JiK)XRm?3zc@C_ErD8kC_!!o*w;&4-_A}LmxJrGY;;&U&?B~?(@$k z?-972{WiRhoV6{HbROu_Ch~N6IS-}Q|6I$j@n$}z!SCh%j%g+XmWlsyOZoMH^lEr} zEyjW85-A}#oL~1&<_B>Jo8@aVHqd_BW{d8_6}`ai{|rZ2+t>iJ1qbHR^}Zgg_M4@- zS`9lSFX6L7mo;pit%fTiFi)`>8(Rk-YqY=D9TgsD*?c z5Ar!Lf!GB7`8>B|`#FXrWf$|^!fnI-JO;*Eh2Vj=iY(g1xCc0$gI&0c|Xdiwfg>n;_4^)Dj-k33@RJf zL$~+(T#~(A11&f|&fuR-KbbMuuP5(0N_IVNH;`dJ9@{(dP@?KH6casPP4m+feYhj= zc0cBu!BO+^v-rh>>qn81A?b+QBYyGxcG>Wc8%|Ef`|cjMPfD9Rx;ZO`vMo@S5RdAd zfuTyra?Yhu5kBv$WKHO*IZyh+fHo$AbrnRJCss2VR*Z)yzF@hs)I)s~H z=SJA?$8VSW6mgnfui#AyO{@znbC>IXHacQZHA&owD_W_zE~S^e@ZE`*g$7s2*(mQ` zhOZ|F2{RtL(Q=&c^JF?26v|>IeRX?(T|-HKzQIAKN;q2@gVOehtb5-BxBR-% z4{gre`5n8A!5WR3-Cd>83oq;{Jk5EFELLKpX0xi*bH5WMqT?QG}Ahf}H%-xxz5CK_Gv zkO@J%V&>N5P4HUi%|hhZ(QO|#k1k>g8Go5@5GbDDg59fIM*p?vEGsay805eD=V8fp ztL^CWK?wRyBX8LQ^6RA=ecdHMV4}@N@kf{HxYn$=vw4fN`G?T|M(&Y!U%hACA&Eb_ zM92I+I{$5Z6)?vFXC7x1+nQO>9*1dXqa*HV#?g@$BImo)8kynFx!gYHpUx$KKW{mN znS$o4_DjAbuqm29Eq!^a4PlVa5O;KRtUuNfK9}?h-S{rHz~J66XlH&m>l;H_}pY3PyO2?8P$rMvs{iiZ?cA_iK=sbanvs6b_e3H zkSDHb=Vk46Y)=5jn>fC8HeMV0wozpsded z&a)%6O}@q6ba|dEhKzyDJ~ZSR7yLB3!sisp?Yk37UNUN@?i=F-E2&o^0fYy;!m77j zP+uh+L$2?p-IxBm<=9^RmDT7Z506weNr=$e>bakucXTVQqHJTG(Pk6TZ@oU`KPNt$ zdo6Xh8sFZ?9}(Sc^ljlmZBW1IzJvcwD@KFp&OG*DY(iUZ<4|bi)6ILMLsqDLhjA5N z9VVI4b1_|IH_F1O|r#;O6MoQ$29}m1%cKschF@?M%v99M>#p~Q3=$4neT*-GFdAziTcf}lI z8Q??+EMn;*w^8x3^2z=jLY@2Veb>foADPF?2#hj^qh@SEx|sojDq#_vhs*iud!9vU zD_rFc9j%IegXr7?cXdYn=O(^$>*V(TkEyqeYx4=(g|VW=wP^7I#VKw@YFH`m?q1y8 zDHL}rrBK}6wZ)5jf(8o#0>R4eB4vrxWC!tS z@yyCo?VmDK{Y5oSluFIgkrOXNMepl5?r>ZI* z9+5>_7Ih6bf%kZpkxgh#V%$gV2FjO8sTh>44=x!%TbWnMC-Ca_fc*_Z2yQTj#@oy; zE=6OtTeclU&-Ky1+gi#L;UG+jQtUmAZ`;ISTkC{aezvRV$GrLki=*IMmCpfEn6I1Z zkJeALxo=k%LW9{%E~7hoZqlArC7#^t&@Aq5ne=6UG$#)h3HBeyOS$+IXL-3}VnOoY zyqCyx?a%M5;wO3({6~p`(7lh=JYw`j9+}OE%%duAZTw!1Kw0OSvznLdo3R=sQfrnE z2=wYB@-0Zxy>*1S<4a)5!;We#u=F=x9kSUejipdM)Fi+ip*`50Vw4YHWLmsOEBJC) zH$7#UTKE6g*O5d*$aJivz=FtUG!drF_q@zlH-a^#Z;l%sWnTJ~A%3OHa5#H(jaM1a^4_ z7p{6rKHdklmI@j?-+V$A5v@oid{Fmo-^i(z$*|eG#r}wb*)b-*71)kR>Md12ttp9_ zoNY+zzLc??Q(Z8eCrkR*G@(oQpXWnVeFGv@bPyFUrt45gTArMR{;wOdf5!HicKzo_ zjh{B9&cKSJTw`;jhKH*k~@mGlFV`f*oDnzpa=Mm=Z<8lrBWK$WU zaOK|YkF;QKm@(!r{a)?t1jdtFH6AARKIf6pWBoPupSyk3#S-J6zV8=B#DtDoB3Qq% zAD^GR)^G5P_}I`n6B?`)q=&ljr`*lF#>1_RH9TL|$<&C#`m5$b~~QL_ay*QK&qf;u53|vGOE$(aPsuCl9G3>YlEj10jv=~ zB2pZceEc_yNA6sXi8owJja2#-E6Wk}^0?ow#YoQdHXnw9c7*gpOss*{*Ghnk=EZ3^ z9?ppf?x8;4Qs}@^XE1_Q?7K&o!>*Lm%UBHPOFxa(MTf z_}L&@7TXQd)g+$lXB1S3=3_p_NUd$Fu#aXZ?Hx*&ge_&#;SXubhmB@(VM3ln%Sk76 zXFZRek*Tu6u6^uj8z^M7#VfPpe7!&uCuJE5uDJ~*Ryu5T>tUb)Gy`MRVD9$gW4$M0 zLxU8u-bIg$5=KOCsy^_tpy0D=?GU5p!Ta7D`DYwtY**MC*b-o^UQ}#tVHx>BY*G&O z3f&5vkVXaF7Ohrelf+R%>y(W~@`<#g^vAWP8HKP_zeEO-5-Qig_V zmCHBQE697ojBxdH6#NspL5o5kEc`uni;cpU_T3pVuAU3;TPHDbxvqBfHs@Tx8|4Rn z2VUjT!#JmiLkIc22SvoOl+;g2#&;{{uuK#co=6Orc`tXVSv##QQ}Mtr(Q-67#Ejjw zCoAXb+}%)FQ+O4HJDIp1_vwLyN$L2G55keI4L<}qDz#;w&7l$xeQRDsn^+bJ^!H&# z{jOJzKHl~e=L8Yi{s;7>?`KI!wSD&8nw}{r;rX;|Znu})rKsG4ZEL{r&ETi$ z4^7Gz3Myj~7_SkMLJ{%!p3+v4XUnZg6Td-AV*R3{W}SQ>jp!2}?B*XXlb;PF zG~0ehjvE#6xck%e;loDkKS3GXt-e_}(aOqI{lrClc%LL~Ki$zjC-iHHHHtQ-NA}y^ z^6cQi@$Tf0z`PK%X-#!Ya+UqTHh9>BK^OQ4)BsN%p@||+2gW$_q%&xX%@#oMFNl{V zC*>BmzrUo9!JHWI4ov2}f8SxYOn?=O7YQ2jd8YI_LFe}Kuz2De<(=K@Z)#f6ug{ao zWuKe<;P<+i3gwqgFDoF{g%vEb9QGxg}u{QHxiwGP>!mVVm05&?iA$b zm;g&#vHScZCt6GPQ6_z+5k%Jn;%AD;i&jnO?OYQXK^joY!)*U2#*#lE9#D&J-{HDf!^!ASHQkx^UMDf41SO@*|;s_Mp?h_-Wf1aAFTv6ZF&WA`*Eh>NlH0feKj34;|q$D&hvNs_eNcO25I+lpWO58v`Z6Tk#vV2cuc*94FXR zje^zHHk%#SMBlIn*vX(RSe~|b)`S_Y<&4fo3TeusJ<_#%uHqe;`nvF4iybJS;b4LL zb4(ek_ps1@gItvQ$3@ON^NJ)2A>3}nZdd-nXVM?EW#sYSFMK!t)8}1Jdx7RDN~rS3 zhdm;riHT2$rvoVAPn;hlMo*5Gge<`@AJSqr!fn*`l?25iknq;OWvQ4?*cz4+QzIU3 z;A}#wyg!B0cuq#s_Lulbn-37?ISUXJSjIU80y|QNbyF#i>Ok9wZaF^!E{vOy_*j+d zR_8x?eKLg<%PsKr!<|HNa0U%IgrfV7rc+QbaSvASn4rhQ`G)B#$%R7@Sk7q7OZ9e- zmtddlm)L3xI@&%q`HC&ot2GRs_t9DhZU}-xp&wX3LO> zl6^$mMn6%YR3SPU!x$ef%s$}sule@s9~d_-r!8|{LTcyOCi^dFlU8R7qy7DA7%QV8 zc=nxp>+TPAAA{BHf{w!l@@^W@9K)^6OKCZ02Ylc4MmsvHvl#EwR;M!NkjvDEa(y(| zVlETmYryy;4SCD(pnBm5SsihLIT$v6fIBkrhxU$wv%9acx%|9%6E(aSydcl2&w4}~ zt2aCJ7>`yRTUraQRYhSUg@?Jx(j}cy_pC7=t&`| zHw@$|JfyzYJ;b~wFemZEqHgQ$3X zd)S))1&bVC$J?LqPK2*nY0k#mqEwf&yAT@J$n*#PmewqVAAWu-d4#fKVVyq}ex$rn zMLzOvrYqQ7_2`Di*S7h_#&Ea~$Dl_+zKvnc`F@QPq&f^>XCUHQU&<5dg-`be zR>9R)7;@z>{qyhJPD>5BlMNn-(AL$>PeGUJ$|OuOq8=E{077uBmqWw>Vv^vP>ygUx;yum8eOGyoDTE;IzlvER>%p@${&bj_zy_2{O{KgOTD4hCwi~3(6Br;yBW;fS zTgJ&4tv%mTTgP%(xLY9yL4LR%C6q3@4jyq>NBV#dyH2+CzJx)`d}PcT_i;9VChyEu zgN|dM597@q0?TKjJqjiHLel&_c16w0wKEbc69{ydP0p{Rh&;Pz)-JQrptHnsL0qr1 z^{pl0Zrpw+>vx|*+Z4SWIiOYdDItAdK7ATx_X@_3xVkUcBloMl#QzL|rX^MPpo}y1rC`Y;vRFw(BOjC8oshW`0DCn;x1QCcsV27n|%ASfx^$ zYZ3l$Q~ZXPA^dBH+UT*IgJ#r@!3Bqvu32Pt!}Yvq=U=#`L<-G*sh!f~namHfjlMkm zZspxKFI7#P=*fXmxZqm3{)wnzf!zr-&EAm9Km~5;TUPdkJ&ZOg-=HAyg;a`6t^F%B zEFqsyNrijcbF|d!%_Os<-iy;F_=eOmy~{N)mf_ZR-Xok`PpE$kQ5fv;n4C!EokZtn z@j;9wxORXZ?iL=zx3F?IDMBUp4gJY9O-{^GSknxjL#fOrqfG7U6IPI&iM6o;C~&FcDXn=Yb7jx&Q|NtlSF~;)~o^`n+xQ<1oslX zTUGhW$wN}Y_L{zqzP7So*Evl`%u4wDPKG_`x%S{6I?U^^BWDq;l(UBs$Y4f;04(kbN1PP( zQUTyyW|ZtN36#Ca`8^weaWcO8;za0sD$1c9vu$0=KbjmEHJ_e149{JKXf?jQyBRaM zwtq(WeClN@Z?mCf@|f9-UFy|Zy%pV(LUXss z4x3Kg4(J7!xSSL|D<3twl-IWFt-l|jl*T`<(`E_0n#&CcQp^&F2D;dw#Bp+PP_f3U z(}YXY`7IOOuQkYE(uWa5e!Jpi?>v#e>o)_%xR?9NY&}9cK!dOea%* zaAD(VU^1JRH99A@GYgKQ{dMdWb>uAB`_xXoeK6#|NbxhdQ_P zl2gV4I?eH(W}o{<8_^@beo}9GJe5)tUB`^gHZbTS{ zGX3|@r+RF^za8+|jh&u%z;Pm^&fm0px3}&r3&eDBZsiRNC11`N{#tj}|JHp_+E9U9 z?s1po;Hx5HKj2gY)>!bswUejiZh7?$-Y&S4h#`0qDb-jFUR!IkaB97xk-Rc%B2TMv zu+xBWDBQ*LV|WLJKh2gYfOs@Ig1;G@EmtDTJnc8*R+mX&Z0*nICk}0 z(d9uW2eU8xT++wFVbXC%+>@)D z=T|$YV?LV-TwO;LS#PQ_q-O+JF>Gb-^8CgmlMX-KVPhFT{W4&L7^Uyf8|)LuoSY;O zFJlyC+e0#(f)69eYl$syK=}#QXE#!WezC+IMFV)=Vr;?ojuJ}hDmz|;#_L8 z;O3}n*5ch^IuN3L|K%(B|LQ1HKzaYMzmgY3N_ON)2Xj7l`dk2S{v}=b>G}|^v_C7- zhUu7!g_??`0-ndf+t zAj3|dLDFudl_m!c@@^z5Pb249N~O(aTN3E29W5b99sOiue#zrGX@b;TUQ>xCU>D`? z@)jGyQq2E%#AP3Rd_;?ji&N6lXy-gi)k^R1r=jrf;Xl6oA03hgLb^#$j>W{ZZ#R@DB%7lL zstJ1GS}gx58Uayvsqpx+r!J8gl)BB5Oew2_M(BYw?)zw!M_Li)7bYEtr(Lg~8}m${bBEVrsIgf`N|_zi8s z7}Cd&?t8N$jWL^--5(vN)c#is=ufF~GiSQDudTW)C-eN> zI$wP&Y|fV(I=#UE6p);BpnkQ+&R^{3YnyCNDfp>OvrYNVko*5FOxX9UZxcVl^}KIX zj9mUP57z*vcU?MJ5_}!+IIzYcRifr;b3ZH4fnVW-aq8EEcaJYAe)&o>A9%;fIBX7V zWkQT`6%B1qq@*(#q7GCC;s4& zBsbA6KS$DoYm=HO1EbPSi3LZpI2s@HQz2`2PlQW2-E|zGX#f8OsmII`cOBO~&IbOe z$rhIhmOJTWl-f!BOXYnXK7MrLL095#t!^Xgi#Up92%@T`ug);S6RFildxRE`A1xW6 z3s1uHAAQit^;1|*Il|EXN6`o{-rqR_SP@urOJ5T#&u@~M#45Hu_}r2aYzes|(X4O4 zJKX{OW(oE`)FA3NYi@qUHn<%woZJ&t6zpqF2C{$_0tZG6?Rw6oM@pn@zSoyf_8qa- zUfjsWE1)7m6y&#cBw#bm6!HAU*Qsg|^FIVEN?AX%_b_Fu-xB@U{fL3x)qiM#6fW(O z0!6wmOJa;iXm+*8?1qAz1|@w=8HjA|8; z{@9k8;M&c681hSF#Pv&PzH0TxRR1#E_j1h>o}7QTE!Mevve9odRS@j>lM&N9C;?9r zH7~ASiue_38_lL4qS?<}^R(mT``gq zRX8U({&>$+P-5{zeHn2nNQ-gj(|q|U&4L;&K_+if5>EJEzGxYwl8YW<#%fp_oO?wV zxhJXIm(LEoNsHyd8*gFQKL&AP@+qYy>U26G|C{r(ZYn|hSD**rE>0f%MV?=ZnP2kW zWdI%7;g{Wyx#@;J(e$zrJnjeT9U8Dh&L}4=P0zZR#Ns{mlkK&U7wS$7#bpb*9G*%3LQMz-;+ z1rGAw`n;={Y$uUmBRq-3!scA{06$=xYp~rfGX)^eR~d`~*}Efw+}brk&v3}5T3pNw z1Ml6d+78%(jODi_%DFAK$L*uxyI8C_pC5#n2k(8egq&!Bs=q>obgtLHxAYuanGfD9 zROs|q2V8I%`s_1TweC{Z)z|OOl&D-kjBF3{!r2qfvrc05ScvVa*dLD2Y?3m3ApYyCL_~g$7B4$ZZgLT!oAVP<$h;Dei5%J?*#7R3FHBf;00snI&tQ$9vvxMs6Zj&*19i@S!C&B5g>zPK!v}jHU>^jwnFko$1?fdlWB(jpx&)bkx>NWG#=^V zz!#EY3jO|*lm?sU&pnzSLy70LX?ThK#FJy;)T=92E5xN&;rMHTV)u5IC{Cee1E-Et<3^g{Wb3P4$!W}k}iPd56u})SzZm}rR-XXXo#8gJxB<^o9EJ0J!Mcd=8)(@pq z@GM%u>o2!=gC8}Gj?8x@d92ZTjn*F)9Z6vV-``v^uCxk$4SUEs^1p^!I0`NQdQ9y|ZMGD!XjxC+C+j*CBjf@Z*18tt@_l9QjVdI0&saXBC?4Dm zi)9R8)ibQ?gf?%AH$sE*G@DpuepvHyjrlU2G+{;8M7nk^sA71fUFG#WSKwYatLd3G zu)kRAl{{4X-0-|Hp{nUoTWnY3$K(qoUR5oW9E+w7LULQtJ~7KggGZVALH*l?W>K9m zocEnm(;2o7N7yh!Dr>>#eSOtT2=Tehv;cy)-w&Zw4mR#R;aMsdXcq4|4%t^gSP*&r zI5-7yKYFY&d_g1@6v) zr>8jG@DqG@eDo5RQXqECel@I=8yO5jy_rlYS|&MF^1hfAn3=ka_G?A>YIvSRsJ(Ql#fLjdn+t!DM4o*;MexI{*rOno0F{X#{&D`> zb$;QfOq@sur|E89`gqCHLsvjsRxw`tyHY)R`EzJJo@-MIes%Rwfz4(lXu=eQE2A%W z5+COrfik`VT4;T&Icl zz--h5>7=Y(1&15T3__}aBk&Fg0Bsi~NN!fOAG3qjixtQP?H8rH1CCufZRgk>yYD^7 zICb567WC`PvBW%&f4Xc9`Cad%1EsQAz+EW`&7gqn-SKRAJLn$I8OPNB?sV7Fx^inJ~_*y<`)p7;)&spF8lDtQDmi5{B%Ou2MKhtkSEac$si$V>-v zO}3#qJrZ7Uup4eD`GLWE@&l*=LSF5c^Y?McDW(98~3b(KM>Ezgx= z|72hpKCt!cyY&dYPpK`BR%>T;hhllrgrV=AwJD3xr(0z5W&N>-jk*`>Zy*_^>(+t> z)_pCa43x(f!5*g%T6+djqbZ z`6W3A$5NUqOq%5WheRA47g~fmi~_X#jK%s??tWDBQYd2N#iFw|36-V1&24I848i6J zLHDh(tjTy6#B-k5$mRBrCaK&BjjWU<5FvYYWroTZ7<^^XE+Gp=CsTw)~uCj`E;)G3(ZDlCnb0-Ki+( zS`Oc)I3|SqNM5=AFmkkmiOCV$bX)Arkn64mu|+FF$Ha7e(pS8fjKj!VPCSLfxv=>j zsyhSC`KRu$S{H(rmz}AK&iA$a)z42d`(*Dwdipb?zQ5e+0B0-CR@SOmGFvGA?!6V~ z9Jg{ zYI;A{H6y+9)u$3k&gDmv!>Ngy$rbf3Q77HfnM~UE+5<%0G_osvvYWrqAP#2|{Uza| zi{M>jNm3$Qn(~Z%au-+TmCe2a^3S{#0`|i%XW<~1>9Oc9L*UCujL+3?Tb*K(nz z;JiwS#&O3Z#++7=MI1vVLg!cff&SUjMT%q3t|_UP^Y@GYO?QFJ@}K8GygDw>ZATb& zt*^0GN?mh$BQFfS6--z8!<(dX9B+kx@QeOkm3=^1VC>i==$c?raPaJS|jBiCK73-2I%MwtYS`8OXe zW-IH{{Vgs^L0%+4&IYny_EhUrY!76(JQh3Y-=BeX(jS{p*w9enHwdw2XaPNn<i9;Scx>M10*Kw{c0vgl4J899Q-qn9q z^rtmRF&y+(pIyRtImTH2p?ieXbsjn#+J^8F+*a#Q9ncXq7gaivX-hoE!KDTuIXobz zL}aPF{|#1DM;RVkmvu;&*@wHTfpOPwL*k>=-Q85Ave}SDh;G-$s_aGT$OQZtW4R9~BX({zqY)&m+Zf zDqrcBH^}+CVLHsT`Lk$di?=_2)azA#0&*5z9SUcEzL@U$ZVC>@Oua;$eadp$qC}DloiiA=)`IGBX@cC9T(fB`m2t0NGYSENxoN~ z!!Im|#r#{CwMEMr(#l@};`!Jy4|x`zufHkY>4#-oNr1}h|H|brNa90^^>?ESXf0vJ z&L-cM+{>V&&4-r6I^#Y96QQ&XjS7{9q2b?HGHF1~@af9?IOe8Hr{o=ozk(DYZG(81 z#SUBTVZ}=XHpK2V-P>#I$|}L|JW{ozynUNnt~Z1}T5)cnuaY75VAk=8@md6dS5C>| z1^?0V+L2G~1IG4}ckFAaE%w@vdC{|MEDbmn4`;I8xarl+I}kxJ%izZH*7+)hqYRxi zkfUmztiSWdu|j3#c%8t_;)U-fIwS1&&*z~IH71#jmwEH==oSF1gNJ{>4Bgr`1H&DB zd*z&eZ-6_`*%K-2@m9i(1funOzUkZfhaLnpvG z%q5ox0~qj`q1C;9P6;z9dB`;~;iQu2gcv{fEb{S3`|9bh?L#QUQ7>31@-GL#XRll_+ z7FL3!^LBU*{Uzkh9ZwfpYT(Gc=-<|9+QT)4qNYFB18dr&-yNi>{NO=D)VZCBLt|lPaRss z-_cn4HjUMENDTg~Hw+~p>dnJ^Fx_&DcTmj-0*jMk91s0sPWO>F7l+QfOQ#D%D*(;U z0lLAzpqkwot5^GNB;`?KG1FiUT!b`?=;H%eVFSs>7STmmI?Kkvkxa_Y|0P$HuPM0kA%Bx^yeM2_;&+T zeNs{kjuWSLO@W`@%rB*)E>|tg|HCWO<1zln2%YrOrE{k}`@YN+?Lw>qFoSK1{??2t zQrD!?*LKNWi!JRwxfefSGX;NTrTcXu*PVA~qdM&#oJfEl4o-YeOE03sok<8R$bVcf zH7|oOKqj|$t!bGIT06tAAJ$Sl1e6pkcg>8xDm*scS!VdwZ-lQ+TZqdfpi>1c_3@rfvLK|3yYQX); z?0&c%AYBYrCF@9a$OR;h24GJ(RiXo_Qn&GkH+*-e`(oV?V4>m#$WWH}LZ2u_rVvJe z4xp6uR3c118u>b~PU3HN84(Zv2(Qf>XBy{f+E1#fPb;wLOx#<^rzZRu@@rMB z%UzvNA3D*>8jvmUYNusZ;*H@0E|s7KauG_3d z`lNYJN}@EAblpFO0J3uE*?ud3iw4(Rja%16in`l2t@2xrfq~P7+o;g{=6wHXwRI-7 z+(r$!x3zc(s4EyG?9J^_FL=YV8jw)q|5uuYhnB)2&^7ouL*D9h<3tBokgw-)YN4GQ z`tGJo$qI5hvJi@a%erAueA)!1LJ8_;YX)J1xu^V&sQ$NTC4wK>ACF_ffU|E7jTE!X zy;`d=LDe#FC-q!&Czrb4SFu^19sj7TtjtB;1Kz#Hc3~=VA4#D7g_^K(naLs-iAvmI z_6rGrNcfTL)))1&J?Iwsu*2*a=`6?ymAS`9?7<(FLD<7${GEpQ=XI)qSxDKZr}YO_ zVn$3hL!S}%{s)-#irr8M@BSU+J_Xg~Pgjl$Vn8qWEqOeS7QYsXIV=lg3E1=j;Uo%S z=K{)LK>gk`Imum1P(!Y9|3te6kQ=A62Ji;Av$-iYvD$|U;K&S<)CXR<(Q^st{wM7k z(q0X+Zg-Vm0b7wG877mc7SWjNXgPD@t*hi4vOaJIVPKpK?A$%Rm0;u zxXHWzlY^Y4q+}DB>oAm;bS-Rd`argS@_*z#UNEMlvq}xXz&DZuOdTyc(TkH0&m0HC z-;y(XJ?O7~8ei*lxR*t_dQm{-9Ni3kc(s4tGyWEDFG`Q}#!@5sX>;IpVoJ8;83Q>6 zcr<57bP_+a{^%p?+ja-)hQrB`>J@vsqHxS6`o`CAz2>I_P=$l#dB$!Hh%cyOs~Q(0<{FJOW~!slJONI&el6W;>5^561VbF_ zs0Kj|TjCoCumWplf-En0`4le0Keqwv_Cd}WnAPZ@Q|C|roRiMA|0WbGJ0P=)J>FY_ ze>^8g+&Qt+yG?34B$kc-9E}Ba7`$%e$Nw2K2Q3GG8;P5?=Zz>zI*KQXQjn0HiN9fj zp2@8>xLJAH9l$LUt z%WrY>+F#;a|EiLS81DsCrpQs`J&t^glO3`#R!O&XUtn#swj8&o1-LMWbg*ctO_mnA zv6p8zgnHe}IV3&Mq+PV@o=P$Y-?F4G(oP;MvV>=0p-wz=tn2=FmYgI_`L}1rL(0(l z(ll5i&~g(U#21Wlbj9q^DakwCPI$?6D#Njr+VZv?5-ff@Hh`;XfZecAWQghVN}h*F zexO?XNi*mM8wSHE6Z*WlZHetlraPG5 z8AcMGGD*C*ul{0WOv6Ru%FVS}UkPnT^^$VC!{KeZpKo_Gp6u)?cNwte&cUFr9z!Na zvg52Yu-uZqdnQP^xguEPHeqK2u?Rmq&0#g~@qWGxv`Ryz>byU`mkH7iy)Gau>O>z*oOt?vYC~Ps=A`b2%K2 zf^j*IQ|QaRHbT{K|II`B_3}!ir_Kuwv4G5l^}F6+cgymM&l0S9OG3U-8&2nsId=Ny z*OYdl@Bifq@hdK(|L`Z92&E#sH-P5(j0B`FvS$79Umv(&xo;Pd0pG{mhQA|&i(-?Z3i4Tn;upBXso&w&E5{0&`rZE>N>QgrmOZ3c&PEDI z^X{^}Sj7?^9hnk~sd?ex4w@L@6^t*y&ewdL%c zoTmh>2%=wFzhHjcK+H|s=Q>;}(%DsaEsml6(#>1ep*d&b!;o4!T6obiR^I($e*MR3 z!(}kYaV~d zG6r84`aO_9B-#h3xodhusB^TMrX<%Y)dIs)Z{JjJb*FsLhTuxWDG+0mFgIcap@7oPxwX#<%+v#P4uoW*@gj$6M$d zPP0Nr&MZxhtiOHl#P)l@GGHagk)f$lBEe^=9{!s`=7DXrU*02d%{p-MQ%xuKf6Jjw zjkd{|r+!8Qv7k>RnDk;0(e1j6chpV!s^K}ec+$AM*(a@+B|I_cUE(tfW^(L(gJMDj_B58T8{K5+SPSk$*~#GyTD*I7VWb<314L*E|eKFnwL`clG%9Xk5qGr{-z9mZTo8y&kX zKX~xxL)zNFXp?bfV0g}jYM$?~dJtm`t;St*sK-(#Dd*})_@y|2*U5kN+;26aIzc_5 z8VC=s-`BaUTf%63*D+%Y7A(dz#f4p*Z8!n(F=>`f@|LgKdM~{xU$rFsc}^nsng70; z@t!VnF|V#Jeu&Dlz@|*vVCk(_o=JOM_(u$X*o5q=6k!7-4_Di5J;cW$V#cnx9N&9s z)Q4?tws!G1=cG$026K-QTQOt0g_1vbdpg8q=*mB(ljh~9Mx6d7kGs7Bi{J7bO?@WwOzd@i|9O`Y}f`WRgZRu*|y{Z zdMf)_lWgecGImb9rf!OGh0QoRvR|4D?ZA1JMZPDWy>j~mk%GTJX`^Cs$eag~Z*USK zJNM=W&qA`EQ|=a;2M@&;W}oPR?z!8oE`e|@vm`>7mc!pxb7u0q2szz{c9}cY@^6I4 z_UA6z2xAlUFQ}zhDffsBZK>)9L$rMFq{Z!%BJDjrzfT(2OfU-EY-btDJ=B zVNL>lp`2p-@~GWbiKF&UiKP=czbU4O1r%wx&S0w{NQ(v2Mq{b9Om^Aq#(btn4=A{k zecDdfS%Z$Ye`Z*RJ&E)8WLEsmJL`}y_~SMCP_XAs@%+&I_NxobpWVqsM)XkXjdVN) z(kwf>kvg1kBj`jnaz(RZVj-~~mq40n!@p0o=Gb@|Z94U2SHrKbTJC*#!6plT<@cl$%MG3ntQIxiI8OYQo|w0t#&F9S(-86S6*$kNKW66P1~ z9BAflIMto&U$olp@NhDkA@3*bnc74vJUR-k3}`i(KE^U7fv1F{Am6Y>l$6hmG){S8 z49{NBSU93T1bU(=cra#{Uo5wVG!K--AM}ewTv$`x@@hy~R9TA-%8bduWOM!q3oy_7 zQxjQaYOpE964`(L@tyybVT*H1=IC}@BIW)LDDg@9u?@L$?V7jlooJqhEKmE%33+6M z-CM7(2pjw{MhlP%+tM3WsbrD%^LLV2eBx_u!H+dH-x+j=Sxj8qhs(DTwx8}?R0QHY z0g`YRz+G|3EdC(t=on-WP^$jbP(z)TN3qq1V{!2HD;Tu9mBo!~%os}#kaLp6I%a@t z9PZn7-!NU_0&KSbEYwrW)Rft9wAGfH~kzPDjKo|jFfk>A4uAmDU^>negGv(=?_fAmsULv{CXovDp3^rnlmnx~2ic|+2M0tov)i*$1DBWS)1=G4`rbc>IR!7StLjgUe4SBL zH$?ehz^5P>p zULu1d2+asa@I(kw%9$sb2zOAs_}#&z{V&~k&6Yqm4A0FGxUi1_Lf=ezy<^XwIXYk6>Al?9{FFyxi4lT zI&_pDehB?JNsIVGhU9detl#K#`RjUMfng^5oA60fIcx<(M;xoN!^rH*+-|~(ouU?YR zCbWC~lfb5a2jdqpO}RZc?jBG)}0% z3|~@=lA>+z-5&$Js)drwB98ZYwMF+sO8tUFNZ}2hgB4f^cdE~@SpM7o?ig2U;?1S5 zxIWNa`6MG_g3RQ>3vMsng+Y{<$V!*$9KtzfO-e{T`(YmhG)ndxuY!QV43$9`Fk34g z(Q>c$bgtu;fL4Qap8^nNdO9+DMctw849I#-2J^-cPYmQPlfB_Y zNPL<>C+p*wTnplrz4!}$c;FrnYRTs}K<|%vNFq0RIGCNTR2Bv6u6Qj@0?t`iDOUnc!n(wO_X*k8iX1ZF}eY@j9E9fxr3DE!1C7 zX+M}>$qQzL&jrNB_k4UW-!I#kNz0NoQsfJp7~8ZxIi@(Ny6j-WyL@Lr6x3$YLyx>kAc3BcP$dy#@}&a zzd%XrS?Q-krwqbJs|?>z_*&Zat(wai<1?DJQS1a$!zV25T#vrN!%6jiDY{HExh@cX z$~56gIAQlb&CRgMVI@Vn6rmAB$?b?;`u04eLloZx$@>Iw{_4jt5`=OGKdaA|dzKYp z!GVV|ncX}R2^Ez@kexWJ_R+V4<6@2~gku(5zl!yp}~XquY9CyGEIy!nLrf zUPxtid8e~h)x7ybMJI$f_e_TOvV=>^U)rKH-$HC5xB(IvZ(#I&CE(K|e zWXYMgu-T#K7w6rhcaU=1*_{gK4?jHQ0F0VO79Jd)e2HlU5;v3p!?RE|ZXBpEVAdiq zx!wP$`$+ch2$X*6ZpE829}eV3dOH}^CKXxA%cLuAFe#%h>#m|=`=0OCo^0Ez@ncgv zf_oAJ9V+Hqu;h4dH&i#otIW(fq%br;1-!Ee^U$*(J`MSy=H|yQHdaT6KE3jDxso|* z5TG|M_4HmF`a=X82?2S&ukdZ}J^(zK=`UhZ=2T|0|yhn>99*;WL?uOW~C9qkHCe0-y6&Z&ku9w-sGo z{g^6~@_i$Yukh-068I>6hp5?Ak2&-4I9-p`MD)}+_{&w=6XTT_8xz^Z@71@yO|adB zs1>-MKly+?ucwGtlRSY8T$|y&lTI0DY_u<2`0Apdh(~d7(0-?V+Mvdf0>r25&>2Mx zJ6TSwcNtS5c@G$DeT#U}vnuSnjK$imR$on(qHX%End;h+MBZ+@ zLDfP=jvYU&)dVHfS%>8!jy`yK%HHs#5x)($`SBo^F}ykckLp8F{!C`aQSJtkaoyy1 z{&4(XUuadjOX}-C44XHMi{6R(q?7&YaW-%}pv_2rE883l5r#XE^5*?+VE>d=>g$8N zVRPua4OX<890IL@r_yibC#$Widp(|m2m<>>ic<>PFH?GuN~g9!1&|I9j6e=2 zjn~KkpO_sZ@g}msFOu<^e7?ky1htk&W89V$Mi zrXwj#8A1a80lV7^X;Lc?2yM6Y1&uMTyRr7^j*;lUw!89S*#Ui?_{G00Fh6i}<|Q}1 z>QJ;~5SI!jsKscD|8S2@*lk(ZPDI)tl&b$*^oc6Y{N*3(lODh6gT$?>dA-ln z&Azw4B(WIxYn;d)EBpzDGI&)#&s?aHmO*Vb9wltYG&j*Ooa62Im&y0A^H0VMLs|D@!+@)#H zzi{~uw*h7YF~Aa-KlHu6IgaFgdTls=(9_TCeiQA2+}(w%iRaa)!`^)9iE0IR#q)26 z`{K8=jHZa|VLG;(s%vh% zTrM-x1tGK+Eu0)4c&0oY7}c`OaATmB`bBMgl?&1-Z}$7t#;|CiY)n6Lzl++2rQR8u)$_h;EpRq_SjUak*i%kmqG5o~?j34IMrv zQ4FHXN@?rbJb5l)or>sZoT~F#^JP6L{)27Kz{ueDCa({8K{#yut2;EuBn>1h zDj%k2#U8TeX|GXy7E0!}sIG&8-Ps1PPR?GqfIe6Ivn-E zV8;)*?Nmb8RGrhx>Cw-IdThKP%Gle!Zh&l>)9ab(8hmEMa{Dcm&E~IFY?SmiNcH-31SH`rB;T zS32x1?bvrIDzKNY$+86ED|{44(X|5mYT8z}Y(Z8ZoOx;UAA^hI-wF<54Y~29J6PrW ze^h=&POB{i4NkjT1zl7`v)(xTGWAgSjcptq61L>No$CN%@r51Gn<%FD)uIpdtwMQC zP!};F>x)J%ZKwgIg@auUGD^wFw=Cbb@Oa8+NxFFB9-q{O&rer)F!OeWm=hgQ#jT^5 z2et@6x5o0>nR##b_0YaenLAuo2skrk$(RL)!oCsh?2~(kH-?c{S|UB5xsE%(gQ`82 zj-*MC2Xfn-7PbWQR+d+NKdoUYT8vWTFSpMf=AN0*_Sa|ef%AHmXqL4M4}>=nHU@rYyQR+K>T(x z)F*g#m;$Cf>0ccJ%Ll%5e$oGUNeepz96RT3%1WQ)_sbI4yM}YJ_P4Qr&YsX*HZA96 zLIA0WuCxqG%8v6#SBo*m3_c!MCyN(L#0Dwt=gVGruqF=~-^;eQzj~7z558$p=lD-F z8EQy+Al1CQs)%ZcYNWLTg*sRA6TW$dK7QTGa7W=PfEw41k(h^W=I6E1HAc(*P>M{M^? z?!EdQmyz_EP^}{5#GNSyyYF!>e$Ub*%}iOz7ASJ0_fGo&zRfFz;N$xMq9pTO#~oz> z&Bbwsz9CM$>=ePxchsAXynWUnoO0zwa6OOS?HNBl$G^`yJWqVXBKb;&f`MRfamK(Q z|JS?e4B?f437(WjW*Xg>G@Hn9-{UJqWx#Wy+zq!cg~$Sp>v~SeZnlk&hmJL11d?(- zd%ou3_6qa6P^!d=V~~fxi1v$hy>OTQp}5BF5s3}(1||K0A&Z}a!(_>RHD># z{b$I*DG6R1%Ay14ode3C@gro%?+GE zzPKKVeRinA_9!noZvoI%(gd8S;NwP_8Y)AUQPEO-!1vj{mkbl-&ipIq-8f!ENlEi9 zdUZHWS03T@!HfE7$bWWZu1>?*yudcU>0^=jad{A)J$jn};E6rVXGXETwgWGMc zwCE(a#I%TdQLDuk4CneUl3luK*Etn0k?00|(0nBrEFTX7! z_-J?S%BW2X*oV^P6U@K_Xa-@O;)dA(DOADk&W`|8YR+?wXc(*j!;;}_o!tlQye~)V^mte$lkqs_k5Qoe6<9WjNY}TaoTCtGn3fDlkr|eUAs5Bi?TtQnV4L<6-hK* z318)dw`)mnN8rcOoQ1y$-n$v5;8p?J&XY|qYf{Ac0yC+1eSmuiA+6e$eWhupFH3@B zdKwi^e1z)IZ7MlK?*|no+xpH%!u^iO;QQ6S>&$#UTI~hclZo&p2J?CWV5--!dF|(C ztk-S9<%v3dxw6@joI)5%rGH9fsI z+FpGppb}tAKfmi;97}`no&&b;dX}qUVE7?Rc4_JU#l&0&`m}Fecy(w(Zj=`bkf-N! zd^oOmJMi7KI1}S^nk!j6;F0C7{B{u`nK&_>_UTuc0#xDoB~l?Xf44 z-z)6L=?!bXDJU1sQpoj&X}B7Ax&n%0t0V}0S;NGih-C)JDpCYe%y^)y>M={)Jr0Yu zHl%yZH57sP$8CVdgL_0$hnoP}4L2`^kK2)8JtSwJ8$N2MEfZ!ae{!9MUQl4y^)&yB z=lKor2@lQQm@0Mcf^jxF6hl4K*Q)eKMNWjUk(r66gbrf8N!X!mgSRIPr#P>VZ>Ml? zQjjGSnRTYyy(ru0VDAu@_TF%v*mcTYF4AlfVk{cX2GP`q>Lk1(z?rc>r?U>7;&?Zffh5jv`1uze9l1DNq&PS&6 zx)qZRkaeW-{(cvk-+?W(kHS7J&Rw8mychb&C0J?>MaM)U_#?&>F?5t@o~>;+OyAbj=&QejH_hDj0Vw*I1GTawKJv zW#js0>ZzCn+fhizW1D;AF@G!mNN@jy z1Mm#0-qjG`%WDGa6&t_4fPVgb_nfYy2$~v${ia@=d_g7u`Oze-_Xn?4aJP(8Y<$-P z3ls1?`1=s&-;J!=j{&wM>IP*e#6n|vouAY z?1F))%HdL-98TG#mHIBgQUUTq%6K>)>5o9o>-jla2|Z=*z4pOSH?`1BhCEU+$OOMW zd7q5G!fEzr2Z&b%M>{XhM*B*ew4Be{9*ryfl_S4T0sqlVj&>w&h?sn*-&~#LQZ-<) zsMDyw1~6RKmw27Z2vUr=^ZrQVyi^KDuTd%5IE8D!J@)bimuk4oTkCTejqz0pX&JC{ z0fIJUIiByN`sz$1AE3=1F>6w zvvXD0K3yX`q`M8FKYDevgY8JdaX6LhdSF1TWw^2dbuW7I=_)>hB84{p0-OESVI!o0 zFIeS|5K`qSnwKk#FuyBC(|L)ZBb$DL?Pp~hV;$!MfqaAWtHTGH#`xz;C2yw z*=6~jMU){@{C1RgC&ZINyV3uz%dew#K1;KzpP9(U=okm`RC|cqyGoXgDmapIreSUG z?voadvQG~Ey$h(>0aS;W3n+?Z(K$Zgv>teCPJ-`)X+0ho1-3cu1QmbczUel5fRwNr zgv4v|DL)M04*%+eUA}#Ak!QP~lghiWh$jnOhi&WI8lRK`S?O zKL6ej?5u2-A0~3(_2Sr8v&i%oJ%-Xsg-bD{L0*+*@rMZYUQ&Rq=AR)o2QJ;;llxeq z+jzUDGd~XRAB}uoJ-frZUI%-@ki``?_3EWOj()`|r~a;H6De(I58Bm9s*>coXKY;P zyZ{b7&XD?az{P&rZl%Ed=-B{pMMjO|oMf_&w{DB1rEmo5-}P(TO*=pxI61D{P9ZJsqPG}Nicy*YqGsiLE6EPYVqad`om4L&!oVKwGQ-Ht%iq$e-O8WDLB4j!%YMb`Ea?5$;3 z5B&a48>5`~SL#coijkJX^#QTmzjh?Ii?=u;0xQvXG5B(lck2%QjILvrzJt$g~%d7KrBV3h}g!+V-YI8c{;XmSaucTp*_C^a;ugi%6wV^dY4Zsc% zccM=QtS>J>UE<93mAp1e%sc!a4T{xYN`GfZ=leoc@?)+gzW|Xvk;r21@aqw}c0Yhb z5GSM{#KzWT&Ye_-Mvoxl>peB0Le@RXUCXiOOKERi;LzYNyv)=vd^Y>zs_Rqi)#rz| z2trrigU&2Hcmkie1mi|AFOgfX>{9J^%6`k;({Ma}Lh>}Si}3MZH^(c6?i6~)JeTj| zo4jOTw>d2;HMjG#%Db2>YZ%I#D3WY=on229iu0eLF zD+nbCTYPLY74yKhSuKG6k0zIZZqNwg64f{gPwya9K6w;siVEA#jEn5sHp_|p&W%%W zmJEd_Bb-iMIX5E~ym6A|`Is`dXeB`0M`YpK%cuvlgqS&~Wyjl5NN8jd>XI?yjeeG~ zS&-b&uCdz2N2R4S%msfmy=^mOWA|GK4sBt#L4^C^CoQOZ;n3r{k_h`IpZYP$u<|kr z2BZ6S(;wq;w286R6YZlL5DDCIs+&%(+YWk&gLJUs1<}vA`#~845#wFkV|3`kiy`;o z5y6P*D z^AWY&y1?A}-14M8`^7R1v4A!}zn5GQ5IPQoK2qGYC=>FpO&p+E^lZG+kZD&ispKdq3PZG>DcaK4?Zx#p)( z2j5AU9HxJY8l<|TLZkP=+RgQJS%kJAjcoCbf0DI% z{&{eS{N8KN5n>=G?9i$F#+r0OJ1~4Xevm%>C`fKs*1fnh3i4woEDSjwI5n%3R)4k3 zKk`|^UngAI`E99!khcl(&zG3mASd5q77_G9tM0o%Hz_|54`}k6oObl>__q zY%eM5m<}ZNQ10h_16dwTbnD>5el6X{lnlXL(9yPP^1M1!-Kk9aG5i_j8oXwQ-Trl! z%WBX9MX?9ANAqiG-pD2QYGx%vrgXMPQ9xUK23pk-PL^kG@*6o}04m&@BsZ zLJ)hUMfq2o=%Ug6JCd~ehA)puK6FKkM;ZrLeJ^_;K*-DDJQsSCvh5jkZ+=`~=38rI z2C*dV7`^l`iPE>CU!C3je)`)AS}%%`oIOzQ$oL`p!V4`A{o7Uw4jRnzCN9xdifNNO zD^r)v=5sEI3|P=|%_rah#=GT#xM%a1$-nBm29D^sZi~pJCCATRNW`pqP{_JF3=Yb`Ksc__g=D zfLxhqEW07i$DtT9FRl8^r?AL3f8J6}3?*B4OCR60V0uA&bVj+4Ug2Ho8k=5{&oNb# z?<94L&b}=X+j_p$=6blm&ghlvITy8eETBWlU|ekVR6ezdno*MD^-fcvJzthd2q8K( zKPg9RZj!b8wSV}K#2BmlqECRtR-v>eu4;&+wPJpV_ddOC+hrvg_~Zp#293AZ`|es2 zcYuq>cIq;i9gpw(GrZB%2>A}u3@I?G6iDU{%EZ}15-NNlhAzR*0_e!mbFNjX8x6T$ zz}4fY@RB0Z2Hu}_@IzL$uG0N()y2}?*VqIF@8ji1Q=J@9IlgA>Q*~D=Dt8-uLY&Ml z9+|5Ny#I~*6+x1ABU$^%+CWMi|7I40{T|n}yP>$svDPAea@xWX)cfr*P6pI~wY!n0 z$onf~#AW1O!a}-%hiKQq{j%8E=k@;7#kdQ-_P1cYwio@m9b z+4A^$P_)WxA6-`0lPdnnr_TdZyh0 z4pb?Gp&~kl&l-5Umj+Fp^Bw^TjV7%@6254WkJA#ygZxEL$)O(H$15qW`t6GBdKj)~ zHUOav@gZ9;@+6P%SA4$xW|G0`_I)LBE)%BmZ>PmyxKkOdlz&e}zg=LfyLfz$`Usg~ z&Mb4tHS4Abms_U^`_ot1795H2ypu{Fq7~8b<=js+t(F$;h<(%{;k3Y0{zE_&Aj~?q zO{qGF%^QT6?o zJ7Xv8n3&AM-Q=@yaNu-*O>m>=zL3g+-<%GWLT;`an^+Pb>wi7Y zWim^0eimG3@EnE6bt+)fJLg?t&;ZDry+{Z;4^KP$fd6zMNwUW?#G`46t# zHv`HifeRYl*G+Ts?WV~+Y6i+j;)Fyh%S{`w6|FFr<(iJFR2t+Cdqc;p5q_!dW$O+ZpF>MBzaDg%Bb>-;94G`IRFE9uWs$F z#;|o7PFyJ$t5Z2L-AoHWg{B~Ut%?BUDCEnP5l32p@<|L_6%`fC-vp4A2ab?$_x4h* zx#_fJPUOP@R#M$OFGbvu(kv6QsqTu7;kn>CMHe9LTSQ>C@fz7{`u33N zIpv@8h0Ugs!D%|ytgwDD?z*pZH~)C&mOYr*JfF@FyxTo|b63}ac()FAKyv!{hfr^t zhd+x$U&#!#hKi&9Y{QX|rWlM()q)-9>MdTL-;Pa+!jEKZ#bI;>yuqJ^jtcGgkI3Dn zIE`Lhd<+GYQ=FRYs}hvUeC3*CiRdU9T?1@4Xh@pQzmCAa8`vTBak8dEK=xzMLULxYdO0fXL4x z>~yW-)J4en_*8~Q_e99qf0G~JmctG<-QTo^^8ktBm+h-|vjst4-@JIGUsh3}ZS;BQ zvEOF@4VBk~cPJR|g+yxuY3@NLo9+J8znI1BUR4+*nl^Z`0|hCLfFSAZJ9ogkXmQu+ zPf13n^dT+ojNXE#1F=b7Br76esJIqyPOH)fpDw^8hF8+j(ffj#4_xU0Midc~xsj2i zu7r^v0Q#uB#>9&IjFAGq9JSca?00)WbLE zy+F_gq&lda28e*SV3*nYyEF=aX#dhkcGws%4LRE=Tf+frwm`_aPKwSQrh&_t_sS-? z{Q7(oz-#-O(76Cf<{c%^KesP*r>Z702sQ3DZyn8X+*sspXXF2i3`|rw&2?SN|4)o~ z{dWETzr)K{e2Z34+Tw3Bx@$=*wss~g_oS{9#Qh}cx_EZDlfB%Xqx56Q3T zxIM`W#4uXA_k$6(N39tbyTl=Dmd>ZMFM+_oB-KQ(=l;*elDT-v9m;v9j z^@0YEhA<__-_(7L{y%=xY+$gX6c9pow;>lLY$QTogwX$9-r=NpL#mEA{n-eqpYXIM zU8J)4O14#~%x9BSx-~&KLsVafvDERvEz1tKm6<8_5)f|7)0gUYEdQ=?+qFWZlt7o zm|?_Hx|6W58q1eVup8uAh!Kn+whDyC=ImT-X~G5^2Uz!YwSn=?%~27 zH815a7Z+V~Q1O97#@H~C@9pTUlQ*&LCeLkM7UV&F^AVED!JyOUh2mZYf(0RVn zrJ=6H8D+C#(u!}OLr3C zyV|M-ROtW_M=HcIuPm6c4-IDLfVF%N4y%P}da=KbsX=j1RjP{b2MjyqR5-VU?|cNfB1 z5=l8P2=M^b!E^wQ>ftWJYxw*tuW>S;lMvOgLzA7!mTb=CR@=~i$IG^Y(D8lgF_Bl= znquSV+OpdxsX?_v-wtn~;dI_*@mBZrMJvw-_cU1oR^&S|<`C=NN-G88QPJw_scAgh zEZ;!2%E|d}FHQ#}FV1-f{N(4UI=L8bwKqNf$#*Tc8%anyz<-V89!T##S1R|h8jC-Y z+bhzoTR=d=$#)M`Wb$8gM3{qRxTN4vo3V;`Wu--R5KPObTI=AE)81DeA1m9d^9X!3 z`Q8<6H9#9|5)?V8eT%eQsk*Q7fx_UyGg{5RIHf7j#5BoQH+^yfhO^YH%5Ig1{A-%C zBt2QKZRxOvdsFks$f?aC3-hDxz7`qI(W@!z{q=XH02?*RIUf?c>QE_RVgAL?$cR?} z06mvZ@T#wCT#Ed~NSOXp&4|0gydk+Q6!#6d&G6m3chY6pta|r}So`tp0cj1Hh27bn ztJcZ9}8~xW#q7`!iv~>WxYlmzE%U}GN zfMIuouV44y@RtFFjg%bnnM*(7CIA%hUzI6;uQ2mP`9GtoZ`fqsm1<=i04kIN{87D0 ztP@`h`Ggx631Z~6{<$Ru>;Rl16o3q=EHkh$nS`SLm3smj`Cm&^{Ba z@xMQe|J8{9pAF-G_V2%X>c8EJ|J^zN|LRfxZ&$>B^(g;e7We-&EC1Ev{+@oNglF5d Wm2LO%(=i_K_vDeTT9t}T)c*huy$7ZM diff --git a/static/images/docs/perf-test-result-1.png b/static/images/docs/perf-test-result-1.png deleted file mode 100644 index ee8ed76b7d59cef3250da29d533281b5ba4a17dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 97114 zcmZ^~byOV9)-Q|)cXxLiAhjnXVOY^S}q?{V{H3Y8UFVGfjL+z`Dc6*^8ah+nDL^I2#w=u0P|5W!v(&yvTCl}=9&0qujJTavHqF57{h4jrfF8QRtuF~c;EvcGPg zl;-9%u`{xCY+h(-0L<6b&wjLQ3S4!lmn_?u%p?>Y32Rksa+%2lUB;NN{A?l;p>Aw! z)L3?j?;mC! zwdUim3UY)1xR00YCWrUuj;HP-CLMuGZh1B)b-Zy7)Xli>cI=Y1y0T0L#+y?sBm@im z-q_TI)hCW?WJ3WrbW1-?aoXBb>xevXCNO0yHTC|uGWO_q!EnVYDJqhHNqpk>Db4S- zpBv_8pLrlXQ@+NHu3=tBp>h;ER+&TD=B5?R?xM zn!!c6ejZWw7dHmST~ltd(6(dfNOBp|L%kAxT5@=DH}*2`>o^Y2vdeNHe;q(smUjv2 z?5R~?#>Wtye<~zxotU2MaKtbC$;Tw-24Kb00>Bvzez&VxA?Eso?hD6=~8#4Dc z2S2#~ubaw*iOj|B@r&?~7%}U5Z2*UAD?rD0?kbmjzoC5@jWlB>RUorGilh%X;YU&} zEYLt=Xv0USx5B1LYogG^kgDrS)&{E^RUrAwCLxdMWg=54+NAOYw@q5`8d~?J!zMb2 zH}6DPm*$8Ca)qSplrm63Vl`L2;>SNnDPye_Y{-mi$QKL^%q#k3Or&*}=-HUtS(V-m z7T6ckXT^t7Ct9wOqDFwqH>;XPY7Lm`m*#p$%4jGmrV*IVQ^Cv?ll;;ZfG^&Qi54s| z6X|%;v{MQ#)~+x1@(nrZTzLhL=C|o!n%OYl)GLyCO>tkdfv=!NtE;N&+vxj|NpW4q zwbQCFYlkty_@AJWL>zh#zVDpwT-vKtJf%}Zq#vXcGfHJZn z^OjO)O0;s9OlKVxB$bXQcsLzT7AwWZ#7^&zY6j!(+wOZAB@grZ_xD#n!XJ~U@Rlmp z0(HLN#2Zjts9K@>WV3xIADuF38VjRdHole2Oo34X5xD-*W03-*72}z$q!M*XHO$zOY$&2|_3k6hHZS6KI5?-8S7C~RML+Km~H^&8s+u6MA z%Wz4K7|fHxdEJv{pkX{NwUyI*ufH<16RvEjaEiWZMv7bt0T^-UL0lv*v=qSpMSll4 z&QWO~&oVoO!e9wkT>E4G`O&e;m1P|vf1W;@sH&dZT6@DPn_7U|Dw}bZT3NQ!*h*#8 zM|Nkz=+x?b-gGq1woTdaV3o#zHs!zTKLb>9wQCFlUkws#D>+_RvM{4xlIIf8y7!~N zXC_3aOE8a9=TWh2P;xL45e@iOTco-d|M;nUqwPOK24Jv#EY^@BP#^o=4`%p*MnmHw z`Zo?zCuj0|UVClIS=*x2j;S-EY{YVVD}E0l1A9n>7R}g=8G=qKWwZ{vtiF=KMI%rp zo z$izZHX!0B3PP*mg5H$l_3NXb;I>W$5jo}Lu-Sh=mCw4A$s9uja02}1gKb$0(9<{U9 zYPp!2cmUI6Su>=V9pf&~gEWFK6y)H_lEv~9gTi)}UW^a)6-X%cbK@FZH=d_aa*d6L zE9P0eSoW|ks7EL=UZkBaR(`aQ%=R%%B*wIxTuqTF?cPXVXZ*zN8fpt79m!{vJ(@@cDH0@qG5qJ)bS~+;W%>ojHUL1 zN1tK?%DPD~iW&kaFh&=pviGvEk;A^ylI2;WT+5=9CX@DoL!Oe*?N({&)N^6=I)oMB zyYFS2HBD2$X$gZ)`SA)i=m7kSjH#R_llJn!?gD#pVHIi4?Xj4>WtuW+QpYPr++ylk z!W}ne^bh8UYrC4Nx_k^KSh{XTY`qlpg~eAmLkh1*pyfDE1Cj04Kqrl)-e(g}N*?~E zB^B|?uFg{Wq&Iw<`o=m;rWIfimY3dXG*VJl3`c{g&=ZUug?6NctGyd(C}ryN4}O*x zhk&hp%ucym3)D?&=3#VV9htSj-+{0Ui(tLWI{&>~UYfX^Wnk!nDZW}2hFK7KiYeKV zw`@VWFaW2Ymi@(WKGV}CQp9{IzZIXTcpwl0z*i$VkeA}f#VF1V%qLGQ!vwD2qf_2q zhtYHYR5U#=nLqIil&WMJXvSPaoHKDy6HID?seoWlZ+U-vkzrC2`aN&YRNoV=P{cq- zd)gsuJYZ9D`T57KflG(9&G-D-lqvn>7mS)ohukoyCHTfxNSA&Ro?AO!7aF0+SbORlhP;tea~o&GIA~O z>|PjJNkg%cAbd1TJe2@kQ2lg69wgc@6)Vk;Reqbp@ejBqj2HDJYsYrM(npoTS4B)4 zt%e!T{)zXp9p8HGBc6iNF&ZI*(W_oYj}!W^-z%zSqcER1do(`WTu>Wgzfi}cl1NL{ zPrG*gk(#C=E>U?^*YXRw#4&!AKSHaN^5x%JBbzB#k|=}AST8)mhPvr{SVRx7#Z}Bi zFZ7^^@+{)J{^rW@29#*VNFP1Fd4@_Gao278XZyZ}rG|}+%{y8;1w1%pT#)fdigH_c z^LeuY=**}glh0~{wmDuNHP^SVbmVRMCu3%6+%D_bgV)Xvyhqj1;auH2wYvtIqcjVi z3q~i0X1s##?nD;BGia$osKN(vv=Hf?iL{u^vE&rtQ4g6#2SoksA9$Sg7ZYzIzq$Hx zn)xqoQwS3~F;SSW%t4k`LsM$OYCBWxJtFet$;7Z$Q9uW_cITh-X}L&-2xG(LQ^+koLDwS!Z7vDr41=zMmvDVP02-on{ z?1SIU%v2pqJ?2+tB{R_cmqbws6;1zktfz9!Xq=+M>+k@q!6c6j)&8@w?z0f!!ystZ z`iwDOrQ1NOl%>Pg`rNHl;O|Q0^joYrMpcTz9p&5{CKY2&Pb1wSTKJ+eGcfESawyzR#Fb?pG7=RtDZySCc5LBT7;=G@(Udb|HBeQInh<}D>sZ{ zNzU5cb3`w=OL$nKf>HOX`dCSP)-t6(`>xbkYc;4J`@GEcU>i>9ZSh^F04JNPucRM> ze!HH*mf`-lwhDZs$P-@@S^v=#2{W6Yq@YEGKlD#d^6&hWQ9&`fd(7)*F#fN~Y&rl& zD+e23+8Y9ApRSnrZye1dgn6pimcv+puqF5(1^A&CCzQyQBGdRi>?q);Tpc`*YF{-e zR5r}9D$No>T=qHnRNJ-}$fRZXFAHvrsQ?z{xni76F?`?B8#jQ}%%3CE za##X25=fxiNDI+xkk~rdD_a4qG?n#DVFvhQ7r)-$PN*uRof-5rK!ZHi9C^j8!=5Ny z{@1}|MXa*F;ASi%IKO3lLmp_by4@eaN!(9JCCvb*FKDXcU_Z^}zH#B`oSFi!=xSOY zH+|JrH2}7=MK-W_4U4xqbRPLsnl>FH|L`~hS1IDPkJGY>Mp&+RR&5F`&N7|4(uK_u z<7v_G4BavAl4PZWdfQye7dhgJ$DvVq^VErT5-YZa)KkGA29@!lG#|hW&~2~cKVu2e zCqHZKl^Y7W{mr36v8CZiv}Y78AI)f?P>8rdlYKBLaHU{QPNi0l*tY-na;3ayni%5B zOiZu|i2o)6vhZr09zp9=V>!vjj#w)=`xwTqj~Sqf5zSl7+PD%8+__ z7yWOqg2yCn1Lq!C>L|?C@V=tQ6CVRPl%XMh2QRnwupj^6zlP}aEodZnY9+Dd1S{TS za76a;v^ZKZ3@0w?Ptyv*=?jxUp`3cnYrk>1u#wesHfz30#+gr< z6J+)^|NX$9f<*a1v6i1#Y#lDYzHki<8&19I!oj#j0HKc65b7Mz8y2~oZ27o z`uc1_71@|Ja8So2$gsMmQBQ@9X@H;e;NL&|=4oh=&GJjH-wCX<5^gc;G8Y#(1WV4M zll~IuDNI&?Lpj_y3|6nAojbC;Rk3@GX?)#1%WYAzcrWHt7ObhBtB#+iMKOMIxu3{^ z&1K1EPG&6I!mRXOGxTu{Pfas`v6i)Mk!EM@_F2Bv;SaO%&}f3SfiFuX|L|UR{>9qN zD*8}?D-TEhEy_o-`_-v`yhZf&&e!K@x+JC9rzo@|zmkL5w8a@JeQX?3&$&M8-*hF6 znfWM3yS``n$#^=agpk;mJB{SraKtiKzw3P{tLhA560 zmiC68>0v;|maH9Eb)h-$p}`B(U8Sr&{<96@FgU+jykNf$z&cAUv|G=ccaeLtIGs>K zo1>4%jQ@-H7}fo1M%I2FTS@)$;f-MKnk>?tmF;n9{-ch-LrG!tA9B|*c%)yW1TD=H zL*G;$yO#;>o=++oo<`g2kl|XhpCMkx z%Mhduno(oGgEss~c;vjfgSnQwd?8H)k~Se_VSE=hmQpdjk3ExzX4envE6AFki4k%Z z5jLs~4Lx6uEnVm((THTzMcETch$ym$zASG%3`)lXo zQz1u?&sybS?)RcTo3Q0)#fN7(x@_#Fk(^GWQ=tQm#HupWwvLtJ){uhx&?dvr3-^k$ z0k&>f&Fxp2Swz|O(5N>qCv)p60ok_aqyAv&I0FeaGelcjE3>mc*7n1!0ux44{1&GN zy%pZIC80%O_LFoCapwj&AB4+oO6Y5M&Fa(A`ciJTh$lng6Fr{=p)$ zC;!7){)sSe)E|T__x^|e|06b&a%392X%PAUf0d{zl%J+eP7*d!a!>=16 zZ+jw_A2wz1C$vl7n${1s<@EESdF$<=C5t>uz=xOMt|9mJd{&;V^SpkndDG`?adEMW zhr`bAVa59U?@Hqh_c_Im_r;d3-=*K5ODk)-d|G1Cd7L(>;sjmCSXw$h;F8O^VS@Y2 zQ`N$6FNUXER@-bjL57siYCP?>cp_JXOgrqfB-7F7Fx?u?821f>%jP3*ECJg32jVkMEmSh#G3#8vY`wpw{`z~6q%17=>+cNN>r8$aDZk@->t@;g z>*Ln1m&>0gtsi`753H`FYaa92r!a;7F8BRU?p5nvtjPPFNGTtv$?s_=?8DqeOR;a+ z@Z9<{`PI&PuwOCk=WcQ5JZ$Huj#C3&g$3Kdu@n~H-wWC`ZHI)h z-`)p#x?KJhLrj9y@4Dye`}@l$GQaD%?|=7tPlezAx;b`!V18R?XZ9yuvgM>ov&k$z z{O-L_o+ab&-&CQkrgFaZz~XJ2|9bmf^XoRb#(iYCxw#pC6kkG1-=XRI>(cih)GxEe z@>lI=)$b2mZ)>@)E4lyTjL8-N#ca&*B+3${Y`uQ}t|+eAx~66+s8{g-r`cDvnq+RY z4{GfF+|J1Iqq@(TRIs%7u7KU z-yH}&bCR}j@96*w|$N zXZ$r*=t1ZClI(4V?1RiTIIi^x#x#E{FZq0ARf6%tlP>|o6g4TH?IY{&Nqjn`#fDxx zAc6DRzFO11w9{W7>@DG~X~}5K>DTKd|5;VbrcdP@W<@dtGVS{C}{^1 z&D8Dk`}@MvPA6c_yyR?C;Z!pcvzLm)DJ1D3w2K zpfX5TL8}zzNo}I#tYGlxXp@qr_Qb!b6&E3-e~JI|N$HZVHA%0;Wyjs*2jM;1__{?C zdmb-=y0gZJ;Q+6u0Q7BI`CH&WE%piEaJ-;5ian|ACO-Q#(&;Dv{e#?gJncrUIsSAI zft!B)dn7_8?8iH2PD@e7_&3gZE~%_TJpsrIkc*;zI3YH7uhD}H)04{Xt)*I4fU8p3ZYRO@Xamf!9&x6Us< z*)*&E_3xWP79^aN@}J+)CVtzO;q4_QIDP_^Yx9X_T3edp6iUbNzdh|ueaMi5vDDPI zpBPJTyKHZ}bwi|Qb`T_=Z_(*cW6uxPhMn}vF5(fW2($@e;WfDfsd&Pi4;Dtis9NG?2%!gtRd z@r9XAcA`~xKg55fpE4y)ilmWGF<}Jud_39%_0gP@yoIh(RkeX-zT?XL4!$7N03Tk9 z;rLNaWILGd+tKUU6$67*ulx%(x(OX)YZ6bKI$DF^5 znjVR`%R?|4$Itk!3;)AYRT3eL?aZxm4v+lCjs#ev-dcNUEmzp;UC(8pKB_0=twE%4 z-q$n@cR7qRnLT;UjYmCXw}vRz_VC{-pJl1i?>|;E>(LCKlZ-CEQvBp`rkJWLB&clm zo+CQ=cv9m;-qLV_WLc_os(^vGv(_;2N6Vfu?52$s!j)W_{o9L=d-@gGkRc`(TGo#% zSXn=x7WJJDS~`U*>nguRn%eI_Z(RAOHZ>Yfe0d(E{lM4d*Dq)P2GAH$2n1+=&4$O) zgw$efqD!iwr>P6gm#(*?_rJLcfi^6@m+VNp{Jv`qdfd$uyHya2oRKFqM=F{@QGv)1bk?wJH4O-q2Pt@_=A`tP(%o^<`FJ-7y{7Z0ojn{v6|KRT8*NsuFIxj zbxC-B@I(|T6q=*Ga-IZHo+RJyXU-XNqGBy_$rn@Vd7}=BnM-LxnRLfw3|3r*NLGH> zf2>Bo)x1Bm$(AVBbUoYM8wfuKi#$OG{hIZ_^{%r>KIO#?NTS!F60{rz=K-^%RI%?F zFf^G_%mpa2!nj1A-rs(`qb(Ku3a2t3p~K1kD3ASOMVQA1v<3Etk|WGL<{)gO^2ikB z?>qSWmJ3Aqbw@WtWS?M}n3M%?BsmhJXt%AZe9ig@J&CPPu(IWW+~i>hV};j#mq;d| zoJDwNYLH_xADGRj$l6eWs$AmyjJ;*@hw)K~D+SMSoTa-B{e0+g>;2`sH3GLiLdb}g zq%#wzDS2%U(o;wNSnG+6MzgUE?OMAji_Y?D9H^7e5c4~d6C@#N&JU=Td@k-gVRpG#2-@qAQ4gYF4eZ;~Mj!KpS)Ku%kRyI#$SruTd%+n$AqVcMujdGx(SNKu&B3n(69tog zW!eY}m(xdlO?QcSIc9smWz%&Y^@pvc1W?OGluuh>!@}#}qXeV_O~h_~{T=(oPOnPR zDWR|PcbFZ?uN{u+#9e_>Xp=Nt7Pqq3mbMUPL(%w-F5By)R=JjZ8cPZsydKCFKN^&= zcSE48-`jtGaC(Qc7$iowVNw@5k?v{W$3B(>Gwp3XMeWr5HgjaFPCka?jfARHik9V!;hB^Yr%s{sp* zn#mjX_2q2w>ed2yGB+uhyP6}}0KsMPf!1^-~o*650;~n~iIOm8~Nw(&u zk90}bHHr=oR(>duBuDV<4^VVUnxlFT&YghFMg7j8B<6`*;Mpaii#8*T`JRL%130)A z==QNAWcIfOjA8laJ_VHbGq&}is(8!pUkx!f=PS<91dNuQar$SM_t(dvFz?GDe&|7z z@jWKQPcH0^ci%m0#b3<(t?0L3;978g_N!^Da(3tx!U!@HDDmLUpJ!02Y$&dLsjwwf zr}_{{geT!XfWmgvIcqv87$aKO{)w9buD5-ChAovps}oo6e%3LD=DPz$7#9J999!Ec z@@5!#PphL}U9@P`;Ej*@s$wwHG;dFozdx(f7L?;+6L-BPrRu^k1w4t9iJ2-?L|~fn z@Rul$)1%Y!ItQ>#j0d5sq^%69Vj76SnnVsidek@Mvs-0m^QF( z<|WF0=F-=_jI=EDu;4+zOafXs@<(=|LWDXZy)5j&$pM7`TWDA_XinCyDy-U26b%`u zio+*Wd#l3{gM>E3UIOEZbWskc=m*y)sw95ec0ZsLIBr4*r$` zLP6A%3)`LwKuDl&V|6~xnQp?~wCCfv<#X6F9(KYpZWY_l6>0*Y)t;ezD;g=vch(vf zk7ht815B833~I!TkTN2>G4cmhP>@M;32!omP#4wYdz$km^gaAI7*!&R% zA6+JFI;nuzbW$wFdQK#>c2IA)B$V}`wkj`4WI=*bWVeY`W>rYRuQVF~O&?F%`HtRr zdwvfy_72)zS_*U^W?5=nZJ>XV6g+Vmrt=|)>5z9XMnT3_;Esz>9xKmf9558ZibW^I zJ|eknxq-!U;0#w%PY%LgtE5`u*Z@J-%PvD?l?AcFk^A!Qiig9Fzt)C4;CgZi6IgFh zTEyd@V7-N_$I}4{AhZB1{kATgr@K?48z1@B@&65CL9P!qMJ3nO~5S)B>P$PndiFuVWX{ zdoy_R1K(tzjC6v|#XYf6iil}jx+PV*eQ)BIo#PV%yQE+8(5-scf$K=|rn6BHArAQH zmwHcTuCc&ghv9FLlLP%k0H}mmT6R_dBE|U3=XEGvBGGA*x1skZGB2nW3LYwd%nHPK ziS1CvS+xrI--sj78<3!&$YVTYX@?zu3+nzpTMYDTCLhSsUI%>K*&PTk=0{XLxB@u( z4B&5GlDyl9OsH+sVVgyJVn?N{(u}3h(xFl{x;v>5#CBqp%e}M#D_Z(a93-G8!HFLLI`WiDiG@2 zzz<@zM$K^jfq(CzV@S_Tpd$}v$sSXYTVn{x1Tnc2JR%*q1yeD*elMmHt;0kU_OI&}^z^6qQGuW?jOOv|m%wn53#-sNc*L-Rx6M4B~NLmiJGF$A|{(eX|?msfd z<4>D1{_|-!IYSm7c8=muPys{LqAcnU&JHF$o8OKVRQK1fP!3Oy6IqCL(LR7U1mq;| zlKydo^lC{Dzb~bf{mdoGGcZ;%elaD6w>L{{_1c;lWb zQBQWLh#^Id$^<|ZepD?0pc}s=$}f_J!7Ao9U5VYJ-%3~tt$@O>REF1N6f)Ofh(nuN zC?frL0;weht&{?S*{5%(yHb_5NKWxMh)XTAVhYJ(fh+X9A+pn@`<9M_Rf%T`X6eSN zyxg3>fRH{#Vwa|y!yQn)3WD9k=ak}f+i{)}^KjzG4XBjBv?=ltQ~b}A448`O`9b3* z2o~~S(V=rLhom77U|tkbX6|pu<&p-fve;X(uqFk?x-8TI!HlVB`d)CFEvI2W#B-20 z2`2JHDT@MZdd4B|9C}qR=5hW;KSi?_M^byEA`X^4?I3{ z!grcsJwj9>O;oWkimHe!5|+c(^<{1dQ@fjk)fBT%92sv}nIj9b@462C%$7IAg*tBs zt)oCE1R~nBY-e%%&I+C@9aOUKCXDoO_T79BJb1% zPHr5CgE0!HYg&V#?~o~}3L#6>nBi1}<5l}>;{$_+48nuGV2@j6M{IUMux1om7?(iY zVHK|r)WByGy{Q!C#ycr2F6z;?g)$06x(N{d8)?HkJ5AgXrBvj3E{PE1b-kPr(|nf` zjhxmf6f?e#F)#ZEB8*yGXF0lE@{B$nBU;%-3QmpD(%p<}kGm8B8PAli$!%!n;fYh9 zYTEVlVSovXnb1mG>9me5EI;ogf_0J3Dt;lLQ0SH*PW-KZNSp%YQB*fdhi~(mCL|Mf zA^8RTk|0)N6Xptd$lUuL{Rut}0?~q5ss}B#BnCMGnIYP6x=&=MTPQsD`dhFv1Mw@K z_E6{oY)c zY#2j3QyVwlucd9R9t^*Z>u5*j4JbBhx%I>XvscZb5M=X=;frQyzvgnN4ZMyqS?ffT zw#`&U->715;YY^0mZ$XQ;vx=pYk174(l9bI(=`p$m5Gzd8ztd3K*H%&qeADSyqK|sOGKPn;2mdu~U$*(FU zST0b^kYX0ptmGw+CpM~G%A91fl`^ViX8GuN`9oiIB@z7(CLK@5iFpwz*tYUVq9mn! zy5xp<`yM^2?{ef+&wFv#)`lFPsbkAn)iC=*a0g+c%VCp`HPg1Ok=s(49B;6(A^SQ?8s9{g^+ubUx|<2`9d{p0ab7DXPlW@gg1pgvk6 zIDoSGZci2kP~u@%$c1%WlyQCWQ?M%FiDS^|%|dM3q<4xd7}boU&mvk^9Xr-*2pnxB z%Y%&)K`%RAXwAT=38Y3V2B>~@Pm0oB$1 z8HqMPsJrn#R-Y$r*BmZM!z*jUno*I(8k|E%?D;tj#kle(Gx`{HWsZ9{3z4zl)C;;L z?ebQ2naoiEZ)hVh2%QNgfuRnI035-}$g&D_gl4Y4#@HM-0MGWOpV0axi;Krx+~YV# zqqJHQyY?a#!=X`+A~?wen`n{Q$-6^7VkhZr-eK^Qb8i)3=}VUKwCK(p80*kSQbvblH4v(z|Lr$BiFIR#a0{GS`8-ol`} zg20mpgbixX#l2D}3tBUl^i#L1>&WfTWd));hAtZNj4XO2lelnq1@Q$)`+b;Iy+`># zUxu(*lOW`v9{QSuAM&Y#D(vBCn>yPm2|W-B&}Z`LSsVJJ?aCA zun;2hOnfNxVgd$KqD9z62fF2nBz#K7w+S9fwWz}T*?2 za`Gn=Rx<>yp&Q~fxTx9{1$wc0C%hxdNX@#v&weY4gZ&*%>V?XKcS=2l^d<>9>cPgh zMG{&&ITnMm54DIN+75@>pa{p^Qh!q5bxD7I0bUhec6zHx}M92^g#f zAKO7;`GkMv0>RIpB6uf4F%m*E=$O1b#YPzo(YArWSU1G=DwWqN9%h}VCIe6Q?1Miv z9w;MwNx9UfDu=Zs7msx{%5#3+Fjc+JY+4aJA} z23tILslrntYp&?w|MHF_li`pXDWG``Sg`43ln|_3-5AKALFqk%@8#Bj;lKkH1#||a zQm&cLe*HxlU(%6of(0?ibWbRNV-w@*I9w^Z1Uvp9qVxkj@E50Q1$+*9i??{IFFIq< z1@nB#3VZ2c)(enUp&?pQ?rNZ+6U?~o@yK%QJ?15!z^54+Qq@~7B8RHe@;y`lkzA*CA%Z5P;>Gy;yVi_ARHJE0)N#bTmra=r$ zP1b7zzU$BgNF*q>pFMA)Y^`Smf*hVyuv)*hM&P43_o}J8fQ@sY*0%v)Oian$=Hs_* zF*bvILs0P_?ROmX8;cn%|1dXV&*#%h{-N-)99XeOXhoDD1~Uq-BoSd@;M&rDv1slt za7-r-HWHPin2uiX+aVf8HxS#U=x2+eI7ly=1-40|Vu(7!Nw$|IbV-bhlTdZU#-;Iz zL*)O!{KTZ7ULjDwq&j}%24>s+G?yntEUs{t7c!*NG|?FAQAe3&vyVJJ%Ypa zzRMm{Zoq>`bdfAUM>)Hzd)3TKywGpY@L#C(IucpwKd*v+8J(iW_+oud4-7vT+{umh z{VPW{kYQ%*A(j^|KJ+04;N;TeCro4&eR&ee6-jmWv$*rA#XP?c-NNG|(KjUatpY-u z?xp0-39(8zew(3Ym24R{r4R_SME)Uy#of?qVD-_UqM7c7X;n@tOCTx4mrhI@@C^-u z2|TmC-yTyhzvx!?feS2X#~-kgp^#3qzh(;s;2uZ{&6YBQsPL&A&i%5!siFqQ^%|u5 zrNzopabG3u^DmgX1m7$2^K7U3l%NkL8=$IIVan`Qs`1L1X7R>lo@@WHVY4jx#Dt2q zW^%`PCA(rg(|(Vnn@axZwEMJ^Atk3!7w@H0j^V0l-`qPjOtD|AP4laON&`St?yR+b zci3PNTC6(TMP8!d?+Zc8p`SF5* zY5ynnpztwz9Avd+bTG!geMYp6c(k;AR9_JjVGv-&@<*}+tw4+5U739;XKAmXaD{(C>VZ8oWks35-Wr^iZyvIsoz;Nau;r7gAgMqm8H$bNqSu+67f8T zW+j$hUA}BN+tVQHlQ=xfWu(&3Dl7P`Ak*#`%Ih(MP+Hg90@TYQ~9;S{Mb* z+22Af6n@dIBL4WptKBtF$!G&3(Y5IX^tDIDI}lHFUygJOM=wUKy#M;(y)+#d$#DXg zBz`b;81Vt@tUajZX=hy2R7}$sh@KE!NhjzCk+k>UD47$sjbyJbCeg`iEuA$MY{~}^guCZ|J950+tej7*l+W`*HdI|;X41Q<)Xore z*B{@FBD~AWX{6&pp{nK1Heb;E@^d3HXW7Z>z_)!>^JN1lcl*O|vMppl7nE&!%0*Ly}DJSYl*jlm?h@XXEV8 zvjsjk@i=49^mjyw1#5HNs-_{CN~LL$YV|vXEwLQ z)!(+n3%87-gb5%Js8n|wTbY(Xs1@HUD>BNE3xSWM);}3w^=gDl4zUp?XQ!}`)|TUI z<62hOh9i<6=+VKVr9rbFMAV;qq&K**CX-h7uNE!k&%L8cHYX0XSykLkM<>~WCO4kU)m39LL@CGr>u@rdc?9?pl!J`LlXAW{ojf|HXjL=uLFWGZuR)R`kD_yG6(? zg<5TRULNXueS~U4W@+tw!S2Lxk{=RHXRpfpc4D3N%CmVDeM40}wIwI60 zok;P5-p=&MyES0|)i`5%fg3dq*2Xs3OSU$qcSuKgf!Ht3;^;ntC*cV8uvW`B8tV9c9 zw@7=yN`rnsul6e%V#i$p;90tot~K6>*Y?@2OvjwKq$2l;%(>b-N+XI1n6NP(UNetN zR?tqBk2~YHDu2;| z9*%)g3%PAcjQ=?42(?^%n3Q(VC`eKU4lWdx7o;Xen(wQFb`M9h>&*ug;6b=M^c-O`+j zY{)p(cVoeypocDFvf?ONA6S^dL!k3iI{y%onlXBYt@ZOZKOu|a8W~eh6RmYDV{iS` z0;fgM#Tn_kq(WF71*02r8&x1#s0K|?zHE}W}x)()H;#ozoz zQ#oa9{!3Wk;TWbA!1WfT;_vn3H*EdyyW-Iot*nJG=I|}tW2XdbW4zMzj>*2L5fL+m z=_dl*Ix1%n_<{bzQGdge5u+1`w`8YWLKoG3iQ{|@#v~_}5&ydPh~Nheg{=4_4Vu`; zSdWPu#f$B`%MJ{^7NYBtyRF2D(?+hGW=#4m5ZEC;)bjUuEN!;`F}jw6#1iLwNnY^! z@AcebJ$&Ei``XvPhw)7LV9jhjeH%{@RxK%a&-uqb;Z%5bbL8ZZW%@pk@l>VM;3pAM!;gAB&cy@=_0+UG%rSBq0OSv=}XN4y#ASLJR8QB6@E%$y7fo zPZgHmeaa6$RY0X(665;90*)!{E}o$h*N(DcahXU(y^*w-ZTU`R<2#_#%``=|ATf05 z=!L4zu`K?$U+|AJaTw+fl6J`&Ps}@i7xI=~}5#jQD;l0fRxaPa~d$zMS$6x)BEK_8m-XU|Fj8^FMk7?AiU zJVKq?WU{-i)CEkz=7%{GqS+`lz-%?2mD#i8qlG=oUx2?%8*%c9ZiNOGvJ(OXQW7(x zZ#Tm6efyL9&gaf$->pH;Nh1xDKbFRuzXcfW$#p!q=jTWL6FqB#*I-j1TTo|VF$fZo zbS4(_-rp4hO~X9LYU*`F^y#Nxn{yTld8G$pImiIb@DcEf6tY6n*^iIS`U%s>4QJG` z2YjDF!Ub2yXVY(9E}%nb&cksFWX@Tlv?L6|gn)a6{FO`wR5I#zn7U{J=DX{HXEsqA z-eOZyepFI%Uvq0A=6;?sR4TEFT-DE$5;0!dS<0h0{0T65ND)}@>$K>HwHl6Cn|UhJ zu_ zxqw8w3E+bY>DwV9V5nRW6rk`tDR=Y8gP}sPrT8d<$Twr1OM96@nH#V4A>=)lTB z!6n&GqZ8+a>?P1@bnr$ciAXpVUpph5AHmu^Aeu1KpiH4kjD=xX&1m#ta_fK-Z5Q0cPJdV&3#(ZUHQG~B(%rS_E=j3HcXvsHgdia)-Q6Lz=$4j7x}=ekZVBnGJ3064v-iHw{ZD*W z%r)bSG2ZceDV%ONkxB%{?88=x2np#K-4dgA5tB}K`OM$``qZo66{-YLn>pg-a%N~GFn=M;pwf6b zoqIHxcW2)v1bW0LSig~rAw8{$NJv-TMurHcW#-PPAfEdcDOh7GaLK^?S{ld@oD^pw zVwuPITMlIMbatp33T>0*hh4fOa;FGUSir1N`1)PKDsCuqQ3jKW07iiuc_H9sQT6&r4ri zNE9OrXAzk$XcLVbG>vo!u)IqlA<7G0F&Bey@$jlpSz-DN+otfnY`jhcRIsmHoz6K! z=~8&m_$?a8k+=D3QqA|mzsIWUHg_+N9!34yvim-o+hqfB0x%zIzYz7Q^QDN!NXXC} z`{hr)cea+$!m);5b#hNwG;usVzf{aUg!c~!I5^M*m1&Tg)4wI`5gnlD55pve$sO7t zrt}WgfS%$DBU}%6LYgt4BLqPu#YLojFP@SSz0x4sL?Ysyj9j1RM&*5nINF%C9tkCs z8HaBM7U)A<<0fARf!muPd&c$f%M)> z@X;YAB$DtyLDA?pWI|-pf2J_{P2eWzsTuPmZJc!&!GdNw6xuDFKvnZoP#4^0J}$K- z+#0U`x1{hN`1%1;$9&=v!W%V%1N2%;(ie7D4i=*M^#tVZwQ<3!XoMM6yF9y=#UxL~ zhHwOGq&(*a-@PIQ+%nsK_jSBCyb*aAd{EG!f%O^v#|AFN<^t~-w94ljg{UHoHlJw`}sAzbufLcf%T5E z(_QryC*i@Vhxs(7UpH^lTvNP9E&fK~Jz{equSX0N+_5Q+BI_vXtCX9{54elRHjM^WHR zHkLUDhc06aPP_-2F=}N0{MiT@SBr+Qucb02z1};{H=3ls%xD6q!-`{*olF5&_Ov7~ z(7mMZe#!Ma{5W4cNGNbH!LxFPi^fYRZ>3hu12RXAj>4tp%Kxl@%5Y9kEf~LSVnP#x z6FnO8UTe-IZ8vkFaVjmQF5-i+ekCQmPvy*SXa%k`L!2svt=FupbLpI?sL5X|YgYL^ z6Np`?)BphO(QO{r;XJ2*<16z~+8_|_=PYm0<9!Ti8OZVW*N>cwoKsiZ@0 zMr5QfLrTX8C4RE$+|-&9FguwwzyvH+W6)b&-%38)&)AJ|34Zn69V_T`5+8F~0!B>= z#%PEB2CUYk@vM@gsW2y?VPMH zIjH|2PG9F5v4|N)AvEO=rSx)9Op6Fk!|_x}BKeF}qpg8CecW_VLtPb`)yA-zDHFac z!J_(#BsbnrBK<8T3WY_>YE4jEH7answi*0zlQw54kjtP@uG;#Q*2N1)yT1h%6D8`A z5iSfmjKN}xQTN@s zFg{A#4>=zH=>kN^ba6xwpEo_Nh%*)!GK@igEAq?7fKr>N^@gi8-+XdXxygg9}-gOp*DHu_=`PgoHzfE6t}Mv(Unzf`fgavA;G zbjCeltROClVl!E9A^MhbaUu^H62tU#p)Xa>WwTc7jGQyBV- zQYH=%l9YG+{i>PkFu4 zJ|0H@{g85Q#=>l1t<`BIUA*Ke>ac$C+LuS(VNH(Q0@aLQ2sNqMzfi-@Fym8UNeMTc zq<^y$o2?E5Y^@XWoesk@gSV)8EAu6|YP0ry%kB;^$`3EQrFC4KSgWXQbxa0jIhlWE zU$)!P8xu+oH&SU!x{?-+o9=lE%jtksVS>;&j-!|FrXs`PIE;IVBn-ZM&BmsHiIia~ zYHhZD^+bIZzuM_#Bx#?5!Qlc|R}HS?VX1gkP8AY^k(M`^)bP%v^OxuvI!EOKLCa^} z(sk6eY#N8897lI5Zf`UDT)6k4qI1BP=?njm>;Pg#DQy126e`P($-?aOjQcTu!djmU zXFK7w=S=RHL#lisZyb+E48C*HQ+?7&>xm#Xh1M|)<^f#qLS@Xdwenp!9o)VrALcSD zs1(FpK3vSpOq!sINi!sUp1b_rpFfq5WWGCbv)c|Yi8W|+R@25O`}NjU&&IwgYnb+F zFhioE?Miz{5vA}*4;--_Si5To(%h}++OmQ*t!T1BIvWjnoc+*RZvb-%&Q(A$JZ9Bq zKo0xBB8kpXfuFJXHws}t3`$T4lcp=hE$DMZFs70J`1_c z$rFi~7*lOv%IgYZtKkuYI;OKUEN2uXb7f-+d*1;uG;YWpuE_}BvjnHipT>Qu={P)w zwOtU!mZth1x7-wVYcWtGTvBgSzV<0Y=W>YFf{*ULoQDOOnAKkoq+(9qqQ|A`MXhoV zS4Lc=c7ODyBb+*{r zhgJQ)z9%`0E5CBgIxkarV!G`s%ZMWi9}A@FZ7nxr_N&DA8hwqw9>)w}3+IPe8yQEk znx>8tMs;NT;u(*^^qT4ldI3h@3ayGhhfDji-aoMmGH@I7aCn9vW61msnR}>RSU*(< zHkAR}y7v^qm}6~x0r`6-Fq)<1QpjDYc{P(p+s%280ov4ZO`&H7lr(7t#G$;y&h4Io zTxzEhYq}T%#~1Gn@mQgeT*5^~Dn1@1`1}jK^fyrwuD4GRI~#=bE~ zy>bXFJ7E7KKG)iA@%ta}2SxGkK6@EO<@P22jFSJIvuww7Y?f=kOuPE$m;D_S<;H`? zZRy`v)(8D7WcwE%QRM>=nc1%#sMr4g20L?W5KAWBX!$M@{WqBuh&2ynFaeOnFc8n< zw!ZgVtN_xQF6EVt8SEzAFZs@~bgtrr4dI)$Kp;N$xM=&;u+80x=C^#|?MV;%HSjl6 zRg)=@8%j<+2ZC`&b>qT7cJCJuJ(S-Tc)XZ?UI)T`o3SEQZ93}z`$hf&G%Bsg%eTfI z`#9y6e0&>1Uad8C@@8pMh zS7o7_AoD`;sLIdJPq-+Y@&>YB-g}VH z77etsr8yutd4JsLJCs0E81Z-->-!Qfok{^Rl-X%kfT8r?6Rv^}7eVjhU1Muwv;NxD z1orbwUJLW9;GZVYJ%ew*E7sP>zDpo0nqSVx+I9l|%y-1CT_%vqnXWgV;-KRNg!iPy zjesDik|L)+5S15)`As{z>=GsKM2CmQ2mCvRha}h*WtTzY;rf9VQGwvRcx+G;agJM#G{LX)+JiN}|VnI9|M0;Kx1 zOo!NfZ%1CT+=UP2op70NFppKHtQS^8Bh$sOr3l?3}kq zH4H%^oGMIEWd7gnyPqU#1Tg~#aQ7>h1|yTI4**fc&{%hi2Cmu@D+4+)w;fSRfa$?G zcdOYZ&xNp`0kAq~6!Q0n66x@1JAepiqUP^u2c5`mZt93dfRo2mGt3R>zTc3{Kd8aS z$tKbk=1pY{jt-(`S6O{f3yG;9>389ESW$zO98)^uG?E0SGg$5P8qC+~xCmtK?-E?y z&l7VVsD-=F3{=>~Y4GbnEZU|w(X+UZ=>@+uh=tAG+PXsy&57>=$sZ^#$9BGaAR|w9 zB7o!cEOY!`{OKhReW5U9V=j40^{vkg@z=+0r^!$Tt#vQmfib)Q4BVcpD=RBKthu+M1aI9>h-@n`N9lgB zNC7#uO%c|*`E!88Ni~7u0+Nc-0Ya)wQQQU=$(nll`aL_l*#4Pf;IcbON-YFdj4 zRMbqd`%~)v2%DHx%a9}BsH}7>nk+OeZSk6=HPdla9qO$};K`5z0_<{rVxZ-@Hfa;t z3~e_T(-QveB=tPFKNBvAmZ4};*%!_*!5UZ_Vl@n}kLyyBh=|2UBJl&>ML3&WYN>5k zM^JMATIp6rTcFYGx<~dcoQP}@10YN)IPK{dY%LVGWM@mS@D1X!T^<%}+Hdr6f{8)x zg?Vy93N>XKTYQ`(oW@#dk&EIp)aksHS$E7IjE>ZYlT4bw;OkO^DAz~}lK^X6@yUv}8X(;aqJS*~~uj;FrBjow9T8mOX>K=2uD5-*7VD&d#woFQB5VXg0NsxO2E z2!#uAxB#&#b?Pvo-;S0mIY6rRH6HT~kTMsGbQke`dYJj$`TTfX8gNz`>9blJ`98<@ z$>XX_@N5ud^NJ^^VfAkITfpw>Av9(FQ;2& z-@c5N1LVGMhvy2x`EDWV~N9=|?cb~?0QYF!zCWKe5xFGIQOEJwkNU@UMai01v` zcB*kqLEnAwYkW0^Gm=l-wQCo@r*#u#T?>5IgYoA@qj@ubeBZHcE4cu|nMCUkcJREe z`!hKBQmXWd_ebBzp>KLZP|Y40@)#q2z68r5(~rBpPrEM>e@Rgbj~kpYI9bkmmLN&a zr#at8eES6eW$}FX^*N($FD=aUotX9J2zn=LCXmU0K^SaL&nt^OUhJ2DrEQFnqEyUF zT33zxF&la6d(P`CzD8!{6lc5CVS zISHmn5sT=Px$$}cID`LQIPDFvJ~$_aZ*=kj0LDO?Izn-8;vQqsJ@CnWkTUdy0pi>Y z5{uiVhc>gm0SF9t zR(}L6HJifqx1n7uGUOD*^cIo~jb}A&U)!_VX{UyL(SgA#$%KN4OIp0qNY0xx3${~@ zuIR30NwlxosZSDBuSY_JTVNNW9hVha2NmVVGtGWW!8)TtMN$iTx80P%L*pqybW-<) z1&ZHL`UA_uQE^F6!ScaNkUj{<_a(o$p}bU^kn`SMN8*QTul|3AA$eEhw;@wkVGG++ zILU4U<-=_H4Vz$V6GV=sKpP*Xc&9J}otxyZ-oX@XR3kA!$ofhJ)W-BA!3gdLm(y^g z#3M$>UQd8_Vgm6o8dWab0|P?%`WW?acyXvQLn|jbRFbOn=wMpVpgJBkc zi5(A4OoF?Yp}tOOXh2V6G2kpr^M=RYl37kNy<0D(K@D*fA#$~zRV^~5MB1t==4Nx^Q5k$&W4-R%3O zVt>??g>asqm@#*Kx`8?#N`BL-Uho1V`|t9&K`Qq(vY~^&PK5NJp|UR?D}A|n)yQ?HoK~J| zIOx4$gwgM^hF~7;y}ndQU!HX9Io{xPD`y9t#w`f zm0vgjWU8AYA4T?BuLjQVdnhah27>wzip!5QTQcTiv-oCQ@gZTA6+ikC!{1AA6?U@6 za)&tu%Na1({(h~s)=y-F3|SxaF8Rm@1+URv9ZK>8*mV8($ptWS_&6;U4Bn%1&M20z zBm*~FzELC@*R{4(RH#eoo_kue7*7~_&N4V+%jE9DQC&35APZ}RXRZZUV(#|iRA%I1 z+%wik^oCIws@wy0?WHcNt^QPtKCR{xTAq(=@l9NDEd04(`BY|trnvI8wwQP6?0O}D zO~E}iKGeA${qVW2d{>DAzjh0VWmQ^N3|Blz8qSQI={LH+wuoyBI)qf^=|kKw4^x&0 zDy@eG^-JoRlTkI}+kd^VSLS1)C%||xyB}-h@L3WRPx(x7ZE8Q-Mixlh| zVq{4(>F|8HT0E$C3{rwqSLm|?gKU@=%$&bhbyzd(8*!6_C%)-4Wa$DxXaBwVb5oF9 z#2}jp4;QUIZd|S@rl+r+xj9>-!ek|p%|$`w=EB%&dgCBzdb)dCM)^dwHgVpH(Fo7r z7EzY#sz%vdC4dWsPefuO*1W0P)a8t+0BNN5$YW=W7W}4i7}*!q3}M)6F37;e(+uO@ zYNi+QicsRAsVt#>-~lvtSlxP^^)V>d#gU(!f?BA>Q+r`sWCqG(iAMoyXyVrvUYU6j z!p(abnFvyLhNVvtfqv8ZmB15$g7IEKk8&)tS2%!sA%%%EMeoj#Wz5wOjfrV;4spkH zolaHT1@B9$DafrwoJf%Nmo+>#d;uhSu3Ci0lVJhCJ!6j97KZHpA&_;|ooVx;A z17P^{OMXliflm3Em3ibxb@k%9AUf~4AiCX%>j0cT`jk_eXw5=9sL%w-+n~vsL44QP zb8^J@W?uyYjvdKnBP`J)MWrK4L}y=HDM$E05zp7GuKM18ct-U^^d;f$>iAsqNaFRQ za1-=VDS&Z!L!Hsogqa-kdf;xM2Td>vIt7~y<1milHs_2Z{6=uhgF+=HiA1)`)QH{! zJu)mB5y?La);=5(*$(6L7r27Lzn}8EcKHQJNX1pg)8bxjV(%bCw<&jEN`T$4yA>@@%&5}KAz#h=EjA#TvPnHVq|Xzu#}fP zn@#-Tnwe~@BQ74&>)3g@`-(Z1wy}0Yl9Fm>=F>>GsXh?V)anu}eWWdnDvjWdqa`L7 zP-FF}h?=ud-Ie;iMXXCszsbIUHrk?l<@qN)fr_{85ina>_%|bk6`axH&J_;P2L^A| zT8uybEY1QT`(78BQ_dU}n?@?OH%YL2H0q*~+7HC2s*=O2E; zjWv)1mqc0K=hc`ee>|BmI4D_#VGyDe^u9l*V%q$ad6*Q&vyDz8I$}fUR|zB^q7Wa6 zADYtN_0@Y=%faa*(;fct;A0=UGX8ZfhB+HdCz z*wkt>@hD?WIdHepbmP>St!X);m{DUqF!vsMRr>-c zbm`d(jhu4zn-#1q2Tc#R9!v67=;2Djhf2 z!HAW`CqkweOjIBZRI!MudDiHOx+E+oMnL<&AUj38M2Ke%n3?Dd^ApdENJ4b3vl>@A zjz3}-E@%*2RbZmyNvUcPD@MVlS?8GqN2!&-l;thw zPaS5a4-$=)YnBNZ>?3oO$#JTG#Um{xA)qI1c8f?86Fa3B1Z-9*b0p=btDIe=;VApN z(2_`eVK5fBhoc^MrV?~AlnV*Ouf?F`2P4;HYWa*nkfPPwqzhfS`3 zo}S*UvF~FZi!abG<%YXBYZ>6f7;IhkkUz1fGF2S|J5IxG0279v4Io~!b^s?WSw4!x ziS)dd+_mRrE6*R1cMFuzzC;Um;Rv`RRyu!MR+!fh#h^<{hjY4_iUR(Lxb);Y$Is+Z z$ze4!kmhuXfvN?3eKrtGz={x1*f5?4BAWExJcUNAy~)`O!5!KW_N4>rs;jJKEZeCb zX(`PNM6J{IS^vBhh{6GxOWYq!bg;KaUpSHFwrB$oZH(}sb>pT6yAObM`_Qln&KW>n zaekapSFZGy6JJ+QFIGsOVzAyvw)I&4e1D|-g#p@ZBfny54%N0MGatb9iA>y45$qJHe5fwo5wr=9Nvc%QlIU+wM7@LV z#D`1nR=kc`9!vro&7~_jVfBJ7dF?rG&IjpT(zaMmqh!2ANzuc=rjsMVRbV^;jThc0+7{h&zuF3CoUXZr>J=*!6!J|x>Vb(!~bo3#ocxFu7M6b@;{Hz0FOF}J^L z{#BG3RhQYPm{Db+w!cyS(tI7g0k6PIdhH(e1o15Js!Ny*xk!!$b3j>!ij@tby;{h- zDVa{Fn+s^i7pzo1X1mnvC9=+4#;2`}TaF9KMJ%Q?ASZro zup(_`_nQ4V(!?8#V{iA9bZ5zVob;re=jms6S}y9pevdJXcj?YASJnI0YIMV(IoztZ zG#R-iO1k@=#d)+4q)YF=k>c?~6QB)&4+-zJhOE_ZXHzOZu+VH50GKjU@}Acl z^4=QnBU>s4yJIn^M`S-YSN%Y>MqQfJv>|Gml0r_TRb*tw-of3kD?FqWMDM!6LH&lM zO7Jbpp8Vz+z?_w|74q8xmxH`;`LyMFL~C0s{okbMJxv%xl|9R`OhR=POQJRaFH3A+ zuR7cNq7K+Fh8yS3cSmJWh1qyFJ{VBiEH1tLgg+r3S&JWlXP-jaPoHh$v+72IN(@1~ zo7)K4^-}v}5xui%KEbMKh1rCB83Ip1B}+}jU`G;ZauBl#i`F(8c^J!n?eEeJE0KHM zvb>Y(fNp5TYkFlra@SlUnb+5!Kx{czDiCqi!l04>7$%13)p|7GS(`fdRV|l$!)Rqs zc-=2K{l{H5T`lzAbnpF`mwi&b91pNyf~NR^905Pz`az8Td|qiTa+{v(*~B-86PlqS zM4l^?Om75dxzNgWcbmvy4i3;Hlv2W^u$!Q#v&O#EPgPG(7VQn8OV+T%S@1H*59_(9 z+OvX86$L~P%4T$LQNCb~&rcrI{@{BZ#Jbac0wCMcrs4yZ$ z6Gxd@n9Hi2>*y$prYA!Lzd5$DGBP%>HpJ<;3CatP>VB#QoF)*g!*!A%luNmADWiT%l(ZAufwXX{HoQKdn!cl0z&Rg$Ce8CyIw@fe!v zKG$!3Z(mk8Q|ggiKgNx!@ZFiG{8#gWKmDg^ix0PUh1=3!@}%9QSR|EWlx(r;2AnJr zGBY)G1I=(Yo|pEL1drbkX4)}{Kel^_X}KK{uxOliadjoqGYm}^_PGNL&aX*C<7MDIA6GqV zhJTH7;{UBtcmmWuZtB>jGkI{q%d>l{~AmFp6WH^azk)h

    @SHTnHxH9-^x z(CuMeixmHT|Nr%h67iP~0P{8(e;Y)AUHk{j{h;n@gxugMzdR+=>1jix)qJRPrRCz3 z_ZJ@9!JdQ1jx7bu(UH87=lc1%?`_xW!%(ZQItRJ00dD*3ZEDSw^EM@3+{m5npGn)U7xs|3w|+n$um$gcIYbo+zvY>kV@K*SX^ ztUf%711Y}#XjF1S4Ij!C3XW`%c{o3_ki7St!3O% zW@eEr=K)X`tK9&qZEv@l8 z=*JONT}eA=kMIPDfXc$RTL9d)8fZON*|Pt< zeG5p<9e{86;=g{KbpVzMqAVByk(R&%Il2^5XJG4}#3PgI1y|-}XL@bNu5E@rF+kMn zTfWk=FA!zbtkoXKtOD~Wx#q9E$m(moU`yVRKWbq-_z@J+NYc2R3;IORwllv$wVWpz z`LYBAys$sz#*d6(_ytv79>C&UVbiIGI)d%0>RiOVq#BAQ738t=0$7#6qVnE|}y~ zn8hj&?0G-mZm0SJOx&rH7tr$Pn>ht|U*MWvulkBOxB(|ZyWN>Z1z5H*z+5_|*eX&^ z6a4dG=f?8?B>bWCXkq)SPiE?_HR!bgKI>7_`7JJ6+iGK5@5g>jkW?-vT+T#-wMH?9XTrPROl+f__c7bY9f_&C^!4pNw+P3h zIZks4_&H3Pul{g&URa9;dr?GT;Yr64)iSKx1UFBN#0gJQh1UVr{pN5eJz!S&QW{X{ zVjW5iQXa2*?2>}VLS9f{f@=-@0 zF-S(acL0FG=G$ErkdHC}`>{9vvw+f_yenq-O>C29;utP0b3CNbm1!W}@{^&dgumU0w?&8$8XHkJdN>n-E4gvd@+FI~9%mk#c`{znS0qX-c6kSx5Wl zhv0TDAf1bm>wajzRKZ5{qoP7Wf=}K8{CWv!8ylNuV7-S_0s8z>bOBoX18fF%eZeV% zeJ_OT>n+n$P;;2!i&YQEj>4v;Dn>h_U!*AuDA5jp_I}dH<{rO+rXb^{qQcwbp=6%) zQ=kJ1C`_JUg&w^=U}Sh59U_KKgBTw(7lF&fUYef|OB&Py6t}QZew4_A_~iP%^t6+!SkKo=F2A%!8gH~6&d3b0NvvUSkCfI+W1H=+ACTF1>~5HPN! z6qXjy3EKC5oO*lygR4Y@-nN(c38>}(aijmnkPTywgNSAT2IDtO{1A^4@VvMRZVEOC zkHasjC9Z%fuVo^cKH?pBK&K3PL>ZrWRa{J=Jf4uta{$7hb;Z*&=oahAwFX+0U*01r zVu6uG{!kF-Tqx2Gv1vqwK*nWMDn7u|i*_MA?o#?x$9)NmQ-1s{jC(rNuZ^DIFqh?U z>+gn{zV?dKSGTu60>e7hPJ9&{vm?fD_xO;@$~XwU>BLRaXUND6;@C;CqdDK%#@iYB z=c(ie*ZlM#n{y<|fOZ(!SFgSCx)-q;{Q1))cPuGQg!sx*ork4NUQf~ni z&@_myk&_+sd9Ni#83y;4O#B2R*oZGV_ z8}RJO?J>*H?ZwXbcxg~RQ42Q9_^|>&JH;@I9_l30DfZ3{p#EKZUP9OCmyDJ&2Q zL`RhYVqVXL0#C|`YO0u~NX!u!C2>UAGpV2#)GcH4AWJzIuMyoMjT9#5t!Js+o_+K2 z*Woz6u)A+M20!w#PL1irzAf69`k&ub^942cWc(0=yCv~4(n3z_Bl`*-&?8h%Rr2>7 z?wDE<-U(zPKcYn^MAc`kiLoc(8=~a+(~*uw#?ayu_d}*3@362#^CHNnl4abfbGJ^Q zJ+Wa+a0YMaG#E&BaDq`a#E_bxpewMyc= zkgoVt;X?jHrqEOBB63y3Q*3kFwfNK{7PhUs0hxAjIyi|zllc0==5-gRZxTO9JQtiyLp5}CnO4UC>r0!lLG|DYnl zLg11kuG_@K#Gk?8;wj)S?|#$Q66H|YLHa1Va^)x*9D@~`FdS4iFc>C4^AaehRA_i% zP~1T%+?X@i-1zm3aH&8^Lo)r_84PorvhPqAd>>UQ%E&|du;hFBHY({e+mgQPX-iZA zG6zym6PUFEd@oJ~$vX^~1rH;No5xnanZYy1PpS<>7bf_n;-TWm9$trrLFFOYT1^rk zgTFzfHx2-$`*6$pc~%lJVMYDH(w^Y0xQObY$Tk=d!=x=nAVxNZ&&CYmR9rS^`6lwK z!g@BtsSfu^znI!T(DO8rw{tYa?_!3f*s!B6n4A^2mIKrQ4(#it+)OF-|&x$%6kgvAnUY z-}9Q?#cSISPPjAmVII^tI7d+;m^*Pl>2uUc=ef|V@+DoY2Z4H!(;H%ojhvhP)XC7u zxMxQ)2jr?CWCeYCWKGN-!2I3Qi3z0JJTW-NGRFqAG*oe*C6r0aRLDP7xm;@hpVHqP zNhCZ(CB~x()L2nH5z0t7dw~T_`0V!_8S0uj;tvzFafV>2byT(28;JXA)RET()Ma6D zG~Ijj{&_Ow9w6-!4OO&&SH4sM7$!jxPW^;d-p5|6n;QP~>Cdu(Fx^ZIk-ZR?6A_Dq zkUV;Ri5wMQ_CPoj-1kZhw5pPJjv*K4(I316+n9e!bV2Z3z5%6tpBL+GUg}=TFy5?sB1ZKF6n-Zys2x65q6wM zgd0&BAqm^YrH=fF$SZEuYv(udDhNV(nC-EX{!)md(xGMuSAm%@WNJc%+**ID=Hj_; zJs&b6DSa-C7ZE^I{o8YrC*(NTIS<#Aj^l-;O_;$<8dTwSm&$fWvF2p^)(?_2k$XC?sM}6k4%AN3e2N?t{ZO4 zd8hX!8>#I-+JOP}p%^;0hu>AR7+h>)iTOO;B?Xm2ie`m4nPI7`B2ENm;y7V+88h9P z8i~c3#Kz2`DJd;2_WRf+665;IZon0kK@ru=Fu91;V0%i&hPljwYu zuym@Km;+{ONp|okLp?%B&0fLOXSOu~!)MK(Y)I#9rsW@od0qh`?#YX`VlduNNIaVjv_D8S_=qHV>OT0iGhK+6-sF!|4S_diCTjBcS*Ujj zEt0FdHf-5e7Whr=cBE)?^X5xV?d#)DRR#X#-S@nNDtwNTs?C%%nudHlMGz1#Pycs< zuRy(Htg%I1P<}MO?PU$8Qd$cI0?V#^Fq+DZ%I0JbOlAqwt{K2V2C9V0+O6-vbt8NV z4A)9?^0(&eo27qsanbU$8PILG?=dn)Q=g>)Dq2tO=#I4C)<3Lk|H5No>PT}+e1nkP zHn5h(OU7NVqd^#nu@Fc;2^YUzk{<)^^n=xdJ%@3NH(Mt62bbUm#bUxpal#RG=j+5o zeD@E*9eKnszyKjifD<>UT5xM6dj%j?l=c*6lt#Ix)e#u&fiSuQa&2T8h&_BX7&d)V zGQFG^m@o%2;^|KA^ojWU7Bwsu{T-GXqgUp31OsP1ajJ3J?lFl_BW9ntvJY!GNUj{? zx8uTuW#kQdEnTn=!_ACJ5f{REqx$P3ZE)mq7%=KS{j%p}_D8Q=lkLipd0TN{uFY9H zL9ao8#oj7*0Wo4#V@nR;m{rOHo8rEyeV53T)RV)UVqOGKQ$WJn?_k}&^*J)f<18|g zP3PeUcHuC2XI|Lp~);2$+^=sy5QmNoBZt|ET*kHkIjVexAK^pWC^JIbAj`n1Pv zItry^DzgDEL7E3XV=f}WnwT?K7s!%7KZR}!xJU{ih-j0SY=X1(4F*n+4_)?j;;qVLdk;t~PVMv+Y^V0b zHE)Uy8F!`A9I07^7lVWG>1II0QiGv_>hZ1U3N@@n-EM#XS*Pd;gQ9#T+TxuK;n&FQ z(H1%Cv0JsOpo$L#vBRHGHBZckgvJtjw!CYTx)_9zYS9vX-daS;jc$OWElElP zN>p7n&lMGlJopA@p;@Fex*>P+*OJWvC^-Jw1R-jH*4{tS4b(|lZ zRtcO3<5|SDue{bHSGurk=WHyQuTVrFN8E|mHMIm

    =)4@6YDD&nIp3=&WdOqiMe5 zU@^%K5s)gX8c3XplS@(Gg$YZ?=08 zhAK0J!!C+RDNKoE<0;dHbfhf90t$a_6PR~B8CFNMQoVM7Ea4a+y8I{PUEKce#j5K^ zV%A-8S{)hj^&U+CJ-e<8ix|c|DGK^d(x5YYJ-;rfA^IRDxkI^nlDP6_&Okg$O_K1v zAf|mYP(6!udSK6`?R~n?_RGQh_}=$s5u$Fi{2}#b;QrI|#gAs*XSZ9coQp* z^dKuDQbGs=f5N7=8%_eloUQhR=X1nR$}Avs>oP`l{SG;`1T;@%BzB^$l=Wh65(KS% z&{SMaHFw9gi)*sLHxW4m$x~breF||ggYouSGZ095xbI6vLq&enWVm)CN%tT6=5nch zehb9vWiiJwA&M|H=01K`MF%zw@K0n=*YDHplW_rsDw3r)RVp7EQw+pwo7GaX)68E0 zSv5!~q}+az6~5KSYa&9{gGjAtD_$dFp&vx{Djq`~ZYjlMmrN!y%#d{7!$Ae<)^sF{ zJ{kL5{&blFXYruCLLN!?n9N*p03S4+g02^>E{{L^UW(j~I7#QQzt4f~C%bJ(_I)}v zj>_=-o_orKPFz`vFJ@nXyPZDvt+d|6SW#D}nS;5_;zMg7ngIPLZ~JYUG{DTUhI(;u z_-1HF^=tDq9X=;KF=u|m$(q0eo3Fp$J}^;tqh--adnyQ`mOWF=uy*~q2>#;5M{WyM zT!VzQ#|6WzHM%mV%65Q37)cO3g{579r`EqbJeqx#8+B3Q%HdYC*P%Xg3!mB8XkKVy zCpuKFvNUevRv?zJDQH?2kXOxKwxj4a>2rmE4K(1>1tJ{X4pE=8c*<}JJ6`05pE+gzK9@vjUU8moUeq|KE+z7$+WV2K{nw;_m&i+RKfQEdi$ zcC(J5yxOy6M*oqLVxGY#mp6@H{z@EG?6v3G%D*S%J0&` z(W9?L`jZn7Ho_pNg`ADOKSbzlyj>@fBwMRx}HBQ0-r>z*SC3nIinSqwaW<~9NgZ4FE5a;SU z-wUOqG1_+@yLm)|L%{{y3w%vvdh!(F>9|scoWEX9w+Dc*nwh(bgP)j^DiZF`+ z1x5SzEDPQn3SxK3fH=g-&DwQUjjUueRsEN~`IG5HBv?Q z#Z>Bk+3d5q)Z`IUn6sS;lQ3UFIFJ6<%E;va`w#1N=b_=L51*_7B z9x$Lz`r52az1VVO&WD_8@1Cy;8{~7l5FJ~$@h+UWigb$k7#gaFsAam5ZQ{UcL|d_k zqB!NoBPfcx{IOz1Gps3)#vt>==;RSJQWQBG9Mb~1NnfXV>s0u5_=9aDd!<>E4VM`W z()PH!RMs#$y)l!p0R`n2HMgnb-)n1NMSi@g9hY@Aw8Tm(Tl+t|Rcd5k^ktXJ-?13{ zUB2>CO(5*Qq+2C{u(dBkmuD$5oaL5^x4Bj2{9wRXxhIC(9GRqk0X3`Uq26Aa;!b*CiMpXEh$}WeR8tDdnTJl>dDWR|$B57R9ZCbMrqCgw##*z_451M2J6=vpWeFCb zl#aO>);B-1TYWG;!ft~TEzz}lDZP3~LvEzS>B{pf+0%h;RaT7lzpj%g4czemVeiYs zYI?u7KhlSagj6(>M5Aa<^DLEU&|I2l&6+!?D3wUjoJ5-Ec|eoqqv zZ}!$Mej|b$r%}%tB(A-<7>BR%`w~E8(;F<9=7VP&Ox;+2Sk=-kR3{uhzKu)L$ zOGmgWUA6zrycDXG`eZDV{EhI2x+a6Q$`QJ)dbaY0CBRN{ua_`YkX?Rr?d1)bgOwIn z%m$#9?`EilSk_e??v$$ewpk03=P!(*Z#9+z_oU_R(eowgt&J}zEYB%KgDQlfwX-;J zH4W^u?`=Eki2fsRdp!=~w~Xt}IF^i%7b zhp3-Vy@P4QcUQk{24GV2r1$!#MoHRq^qj*EV5&z5egL}1gQ2hR%Uhu>)6Lq)D==L< zXyxY=@4E{9AyLkU7M=h>=!)M}Q$~?Zr1P*{Sy15FGXNTCTWH7W`)1*PuZ0@G@Qmhe zP&Av;6xXJ2WJlIk8He3|R`ihU3g?;n3vVNjV>}n*Y37XIR-LhYpeu#yI{ivXvO3`G z?3^H>X6O3?vUoXiJHFH?&5#VhM2&9R21`opzrg7I*+yXN(ucQQU-Mi2!g=?l+~A(u zJ}9&*VtbNW<6Smu!55t9L;I4H$YvGa8DG8dkw@>Tx$_OBZ_g5_6>deCeOP+sy= zu@Bu1^0#~Tx(H}7ubUDJi((yC7d@;MZWkJU+TL~ey~XSKTv4@(7vu?Q?mq}pv~mqa zkZ2sT8?(w!UM>|mM1P$Q*Yus&vK8)Q`NJaudJ!mGzupAtx|$mAMhc(clKN5iG+#Pj?! zy>W#$x|(lLd_H=!A|P(UXCp3(r2W%vJyXVvYlvmOZloNYm@Fea;T=LVazzfsKaGDfTo%bt-w3oU;u?Jfy^X5GL-1w%cs|L|wZ?e2*1xhLEMz>N zm%MPpXiQJpaU)Li^ab*SUX?& zBnRFo^7vhIY}eDP{`m17Q*l!;UdqE%eUqZ^Pi3<-y65b0$krZaFsm4zqdTR3vw}&D zO|4w3mm;)P%9P$V&+XHGF0zJONryh&T73DGf}`$U~6eh?YfBgm}w;#vD`l$(_afio*UpXq}O^ks00w950RK8^bHRL17G$)?&Z ziJ|*?)+?d`VKnoatN77R&h|YS`L^gP4;ma2`Y-(;c1v>PvHO9hzR9N}&rij8&_y3ehQ; z%EbtNdq{_H3E(u;tMVfOe$0Rrjk`U}v`x+JPzMwm^ORl|VPybb*QZTB`>tbg+p5_+!Z5w z(EL8`c(AY|O_2q&#cdrY4%J<` zd7IArlLYVBqfqybSw%jt+{1o1g5G}m$foU06#j~+^}4S!eGm(|L_b^94XNk0J54b{ zG24U@(7js){oyIuO?-$6YG_bob%W6%Cl*2{!EHeZLka>*C+2Jr%1L-15K^EqRq3j3 zgEI{D_9dcel4yBM!5t_svJ{`A<=AD2Fh6SDVK}$w%);K_67>pK9lAsn>5_<_5iWlC zm@B;;iE9?KJ2(B-hNGF@)^T*rc>c_K)%-YL1GL9BTkuEu*hj+H^miVnrbJAJTNma} z?I5#G8)4G4TD)JZXP>rchd8cV@pa#XzsIBSxRPtJAf2hF99LCwABn;+8==vjuY z`EZ4uA)ReQ5UQZd3!DUV;o$2d!Ylv^^U1Wb@WV*Dk}bt=gE)+RjXU zSCfpcJx*vmT)3WhY9ueZ8B_mJrR|BRD&`?)SuMVj)1}_;7cD&$an@f1ex}EPN%E4) zqqmL;0V(AKhbS4+h)e#6u+Y+%%JIb&=lL%m?tgBBru|1ZB4P45clny!>wJb7x2KmS zfp3)oOsVx^P-93+POEz>w6oS+E2=~VW`=ik$*N?ox><0;0{A;_un)?%rmS!NOK~LY z(-+r)4eGBBg&vUtu8z!)miD}PV5Y1ZeRBG!%^Ck#6k{Ufv%)BK2pg})vg5%h@`KPB zzGf6*>2o;DQgK>Akg?=rRh*b__0y3>0$w&(!!Peqg-qU~(!{lHdm_F?e$@8XEAzuz zJM;O=2Tmh8JqJ*?FDG4v)(Xa^YPJ-Z>-dD-p7Qv|BxRglp7*FH`S`@=CSi8Bcx@`M z$9ySm@o*?N)-BtjUZBxKZNFGp`cBAaJEBid`hA^$# zoUO`frGA)?^cQ1`p6Q{k#y;^9e4`3FF`#gCnuISjj1?$irjPY+1-I}F?GFxIphORL zl0K-Qu_{|LVtrK*1^xArcqnQo7{VUgmFddnoAW9qbApnbrbgrr?cs@Ag`Zkf>kJwv zf#F_B-l?;*jzRhhi`%qdWVN&hu;DHyIJ~3Tqk?f3t&7X2IJ$bZTbD487kk4>{{Pg_ zag56xqy0vU_c{lfK7db`=#b(eVWQ8?Cx6>ej1Omm_C3X!FFdsOX!(!aD;N$p=ZSb; zPzX3}G}S22m*=rp0!g%irE~D$6cEcTq>+R|(`77S^LV}MrL4~QdZeL(lwbA+D*wRued}|;R1|MDum?+UPPtCm@&vzu`i^QeC`@;49RHL0! zR^YHhvb)WaFEl%Q{!)k8hky6R1Hs?Nz28yYtqUS|WCX?TgAZSV<_~w3*FJTm_yr$7 zwue{*aCXpk!SMHIO~Jb5h0@g#_QJRyX;h_CuDo5?W1%4o=wga5GCIGE;m_m_dQ(~t z?#aaV{&>9@_ifnNq5$2r(0B z*}rP5XWVu#_=3BcMB3@IqdvLdH*EDto_8AkOp{u?o|V3fkF+lzk&FnT=f9JX)XEas zSY`c>jgIQ7zVPQv_9W?{5x=X-Phy{DvL`4U6mh(-ZD;iL0&(d}cP`YKG%~@6SKP7! z5wGZMr&a6pS}rHdGicck5~L=ahIS8$zGB|K_bPikfnq%%_TV$3-JAEVRU>U480W1o z2Zf|9jgH(8A;r{2L|I?NcLp9}p$G6{N#&o^U9Wfylt-m|oJJVM4LEXQ8f`)AfFarC zHcM#hlUK@0x8qEK37mHPi}rA!enYLHf%w&x4J2QCUh(O8JRzB#?a9Ixmd)0fZH_vF z*WZl23euf#p8t0^iS;sao4J_Q!Sr0T;G*w_?_H#X|SdRSzAGCjk>k zOGV3tN8;y`)Iy8;-@TVf6#eR#A#WG#^&%X}TNBQvoeuriPC0io3{OCyX5ETAj%N@MN11pN#$H;_YxsOf`<- z`%^6lK@L*h5nh>p>Oac$$(V-TyHurGZ?so_kUg8I1C(2`Z<_yrDPO43`#uQGx9<%R1K9s?l(ok7Es&pl!fPbdsvinthnWqhD zY!irJ09jsgIbX92Jvs;XcB848pdWtGwcb>>#q5|ZX7@_Mh~=PUgD*+Arm$lqPj~R1 zvpM*Vl`u|80Fu)4B~LSh6(>S&%D<~T*@}zGIi}}bOc46br&@h+pVD|2s>~56H{zyu zyXnI;TTFw{*o7=w2oqU`{}JK1AMpm0ziN_LY<#e;-1O!~>B^>)`?zLvK_c9^xq zi;Qs@ZfA4|E{DGLVLx5XZpj+{bWCMe^T4USM18_`DpGy*>Avj# z;w-=A`%FduDCd0Cx$h_Fb?3$CrJTG;WClY90cRF1p|N|q(u6$dU`!H8gWi6%-qk`U zk`L;C_CBJy5%H`B(ifo@J)*K|Td(?Z*hPhLwHE!~P z-!=6c-_?hRzg&I8{peV`A&bE!O1m!)?PO~4Zb@%!+gEg_B!>CZOb+&E@!@muqMnS1 z;tX=J73mpLw!RcTR^vNUb3)Gd&_DiqZEJ(Uax;lM7wi-b< ziNU!wXmN`B<(rxQF-@f4r|2pJUI( zksEf3LN4~CO2lJLoJ3iUpgFCG< zcej4Tc{Mf}*Qha^)8<=c+VG`PTt-kYRBoyZIhvSOaV`C)PlOuqy8Vp)|bB|j8Uf!tnxP7{qEZ9(Q4{+u$upC*2=oG%@M2#6_s=uh3*edndio!q{Q2062s98h`||IvSQtkD zK^Ff1*ZP&BN33;(l%YJs%dv;gkW)=v=WxJofAM?rtyKa39zot@gQu&;NRFi863+ zoLwyBds2ApH^T?e9MFvazetJ7K~j@kYxVh;puitDfqHWqHXnzUrP$v$x7ky;H#tZD zy%^h`UCu!WLZolT%qSTDh{CYHas3(Gn^~3y$JM{TR#QZXR8F<$zvv-^gJV#A*7r*B z@2^!3p-Y<HnoAk2S1*e2VzowM3boUyqO4W_YjaeYr=z zCh&*d?-Yw2+Or&ha{jC)34zkv$8#w^?EXf%WveZI8xBe>+ej{wCzF)lf6qhg`7zuN0Ye?~1OAI)^CE_gp(j84SK~n|A%>k)Y?<=+ zduxPyOD<&nO#Az>_gn|w02sDXpQZkPG3-FNw?>CY2ln`#U$1W;KFI8VVUJr;Kx5aQ zf5!fJ-3~GAG+B;6P`_U6cCl-CIc#c|c2@E|*JF10Hs%K!is!nW^S7;+lOSuET!rP@fgiMaG1zMx$D9krxDI0 z_}lWMAL4fRsJd-_-R!XrcdxPzE#H}bIORlM*h8I~oDyou_}Na3JAz~R;h^Mnjz)ck zUVwBQf#r?3WE^pS?2Gxsqclp!##>fB#TYe~&K2=ublL@tmlH2+q^+l#CP%uhGro-! zG#mG*$m?|Zd7-atA8MnywBnxqjfrg)=UsAQk+M|$qhx-%z2;&jZPPrEs zQ7zL@xJM5n!qR}dxxrIPO}c`<(bFR1bnK}_i&{U2c&~V(;l4cE!NP>}vd4$Hr&pgz zP8Y7kwqp`!9GCK!811+E_II%Do=3u-M{j{(G<3WdQ#p3(0T!xX{TSMcMWia8Ah`51 z28C^4v8*mYo3JOqDgfw(QGu*+Zo7(DgjkU4w?_;rS`Nzd@-HuWGts!s?z=$7rdTzJ)N3B6+R8PmMiOW(EETd~mrM7(mnC3!=vWc)YKVtypz?o`=MF8Ca&Z6M z%VuroIrz5?Y8g$@!vzQo@~YS!^w(*ivmH7K+q=8#b{@3BqDWbn%pK5kdW~Xw1Uk@i zucq+A{S7KRg8f5o{7!-$HbhBIetOWP#_Lzs@9x0|27Sbh{UkWk29s=_Bm~YYP0>O~8o6n*e^S;Gz45bd!&M zj@O%Ch}nruNI~=;pvxOkb2wey2d&f=vQqD;2SC^64*tzO= zz8O1eiA1WmACl1RV*zivex7NlH?$eItFpMYwfGkLm*3LRaK!4b1{M=`ue@Jw$J}-o z8RU!^P+9B1Bu^1|TR}4=qkU;z*T)DTIx&} z|8L(HTHXJh>nWAXXxw>sgI?G~JWk)Bd;d25B=9PRE>V z(QfwJTKTN*V{0P%H8#2viKWXFIZZ|GreZoBRWm7>vNAKJaGVFF(#z`7qsHZZ3>i_P z0DNoz1ipQgM!})6sHA2IQ0n5l=|5+hxMAEJ?G73t@ntqoCL{q|00{f&H7D@uuPQ-_ zBXlV30S2}a5IUT|Z_g4lC9A2$316i8NO?(<`H_SVqF8?6vH^dN5NXSeHXjPBlNy+{ z-_fvxaBO_MWq+@CP(!5C0%84ttLx~wh=Bf;*suJPS4?s_$KS7#b7cbfT}M>zW|*Qk z$SH^8AnXX7H56w4adMPy)tw5{AMiSRJ`%M1noL~#UDa8!w$Y|owbA*2W7V5rF zq%LhUdN%x5a2jxEZl&?iOP83RD zKc7w(^-ujHyT`T3#_Cu3C1h)d3k^0&5H(MlXt3L21ZpU4zdu>xGC6hWwN;Ojm`~WF zIP)B_F0+S4f2H-J)=y`^F;hbwZntE3Xr|ow%O^#BB7URZOopsVW#=@a_3PegM6?>- zSdYIq+)LEMvADu*yu9f;9qGPiO)9hjU(HSFx;Ph4#A7hqP3X!hp6cL3pq0Ax5bHL6 zy&@z^MU~OLuePi2cX#biEswBUqAxjBw$(H!&*R)S?MkTbuvB*W)tLE>ICB@WqkoHP z8?VAUm``965L$7<#G-TAv@W@n->>%E(x@n(Z%4&Tax*>MHq9r{+PRajg545(?*Lu? zBSv5SB$nNEcN*n-Fpyec866LS!$))gx8tj(c*BP%sSz1ofyrhv2byo@(ChXDoM@Z+cpgUA;XI;)Y(?Kz; zY1cJR)K8H)n8w5%-Qy4>lAPADQhiGw>Qb%5fBo+4qocRV+-eUsHx+&zU(4^SbUk80 zwX<}ytoN>!QZ{X3ts}Uz|5ouz*ry|GN4@Ak@SpxMRQFm)}@6`LT-a3ctZ%V>Puq4nzJCZP%!Eb6Gm| z6j98>QnQG^J;3{&)9BB6x4U|*n~H~gcrn^Y*dsYz(z8meKwUWTy+gV8ZkkGoxObY0 zizxr!t{~iwZ_lig_kGQHBx|mhD&Ick7W=T5SWV2G`3#o)Q#>sJBS}Y!H~vjRJH$ls z{;i52%tCCUQ*!sK7*Rvn_>FCADsGR-uQiVa<_k_+T~T#)e)_sMELse} z48z?!sIu;S9}F&@&V>D_D^4wS0V9%+Eg~hkG-VNf7Q5cZ2R`Ouzlsg9e7LJgcZ_<*LfUOYg(j5`zDxKW zfA-U%%S^t$s-cc{>Isk?xa%;hZXOh#HSno#<-6QWyGiYHtPbm2`6%@lh6$qFhIJuz z^_LPr#X@?w)gk0Du1k=YV27&(Mb`J9#4qJh@)iY)U)9$DNyPSJnB5G9OEj!+ZGZNy z$nSSt-1a@ZQ>Us?lip&&lG?NUK$P3EJLe$t5gmg=)BmK5p zy%Xu0b6s!goCeG{G3A`M-)cP{8Ltw7QA!DKb8h}E!#(lC{~5a;Hy3nk-B?8rW7Ur zaE3nO3%pQff=l07mQ@6nLi7Gs4nonQKX+7n*im-!jnw&vmdqa)u^SBB;*%0PtX)qm zGSMsr_n+RJ1G5mYwuf~isB;YHOt-ZbBr9CYM*{GkNj6Ej=&U-7!l}#(*3`jjZr+!C zmSqH5QI3(nCNyE)7x+~4>mMF)bCH;mAoEK!zs7;wK;F?=8=Z||w2VgXVVeHe;^XCA zjP^?dzIoWM-TV5_ody@aFv4iPFt`i` z@Lyzgf7${~nb1y?#;~SyZHuZ7bzYS!;>Th{%!}qU`&M!ZwECRl2>;YMP={#gI^ zu#vvSoAcR-tS zr@vU^01>qvT5qsyIUw#?p2aDy6qH7vlHASzT0?Ck*~b+f!EgLw|4KvI{5J{6HSVV3 zLzTc0?0drcmTDuqQywg6?9BgIJ>>35@iXRnvsU_}oN5}8GiXWG*Rr&+V6g1NdWVR4 zin9N(*-aw&_|iYoYJYWLGe>X1V=}Qd6|dzlSe2Eze<)FOow~eTX&un%@fO^=%Ue;| zDFrAfZpjQ3{q+*3;T3@N(%NX`fOa9I&_tAc77Zd&klRmGa1FdNOr&V$d{YkPP^0p0 zAQU53Ago0UDFe4QNUbd|FNf)PIKyxdge@c`C8d=wJ^1T;gcET2x_gEjBws|hS4sHC zc-)@ln+Oz`?_@tnC1_Ae$i(u&-a#6QrAPSXuzg7Z@?W4SrU10+1YrOTOa+@x2-7Ya zPfCWO(&y2DJojI3Qdd~2$Io!4?DEWVgt3nMSXO@j$?fM;)ifIc!LE}6CIOrYt({Qk z1=%^Qif=3{{uP*K2BM`d--D&_;*kkFh|nF33@fsDB>Bt5p#0!$(a2jIB0~(zIlmuW zcIWHpyNv*$xsb0tQ=NQ97FC8XGPDs`$-LP#|K|}2imC|r@(>wo2~ZOd5;N#wTS8R7 z|KNH;0*b%)4YpW)5%GTtS1yedF_B%l)BIkqqK49KwNqc7lF#NwJvy$%^Z<@Wm!*$( zUck@CMe)(yffS)3TEG=FwGh%SWN>!<@bzkBW@*?H8oaYL1SG}_Go`M}&&k+4hHF1e zqzNs58my+g+X<0jV#(o~9sF>vyUd78?S_*av?wUGSkHg2^`-H+D=S-1tZ;?h_PcaH zhc3V6Q|zVX6p)D1aHgcH+RhG+z9?>APlt`U8h5+z-{0L=aT+WfwhatD1*(S7BUVUm zX^u65#1{aGHv#eYJC*U$I*}{XQ zOc;hkA!@aJmti3ONIG@}Z&bguChxRt+7Es~Y4eF97-h7xK9Mf8_Wc<$@@TQ3(_6uhlaq~guYC%ogiAAl8lh$LHzro+DjNgBvu2(+V64??8_~1Z zN8iXrsC0H}@35DgTJ4s^K1Y(M*VIT8Xrv7W@&}>|iRF1v+%VE^Qc;R(sftX;VE;tY zjWF-uN3aJH700+2=~hQ&rx%#iE;Jw3_N>U1@~~{!=gSB|Wl)k~4N+R*B`Q%chQ`#@8%9$M3iqkDxC(`W&)9 z4>fcHt|O$wAbsa~AEcI{@J0kPR)z|V91ryD4k0l)i8BTL7A})|q9de&i|;}43wF%+ z&iFDe`_@K{D@T&`)(Z|2D#lIhyONDPXVLt)h>wEG;vFbAMIK=XYWR^nGjsEas3d0P zUkB=39gS^$kPU@O^dI#8El z-*LSmzOY!vvWt;%ocvKVFI!uO$mXnz71Y0jI`zVkBQ>#anKGw)oUr3YL@P14WP!Nf zLkeBI|4HfvtFS>z9F(r52wnE^E{TQrSsEdXQ;|j+Hb|o*H8Zk3mhB^Up7vmecLb(BtmEI|!{^ z9+2Yq!kWQ&KU=8j<}zho!T#P^uo=GYZWXu9xlLDa8n=&FQ)SJ)(GTMDSoAnZq-|W< zpVVSI5eZOUlvC{RuKOhqeh&n|4o$m8m=2iT;Q-wWkr(wuWo2dQxZ1d|E)?yB#Ltfd zMy!f$rmfS}=jMFr9D4&G_?<4QiB(oLf8Wvlni0Vmk4yh9sJY-ef}AT*9^GKtB@9;+ zj^60VFRO}6YiH_z`YX^Dwm!BBf%w~z?dk9}r-AOz{gS=CtFUP-x$k^WMDCg59^A8- zeS82mk|0HaJYX>Jq5Y;oo&F`1r2MrhlHK!QqTY{RK}nuPfBsyiyZup$`h{KNkUzD1 zhC?qSqAH!f3s0@bb&xP!SHaRl!#uqyYUzxIAa^ zWb(gQcZWU%0Vu25=HxSY5yc~c`}Xrm&UjuN5k1`F(u1OtS{Ah=?aIL2%<9R|GOyUZ z?IqbSmBb2eKrFT{p2|ZM>PTfB8lz5$VYEVr ze?6fp9+G!dtc>hz=kcm)Wqp4h<|7x$5g0H61#m!!ToMEiS=z%U59qJRQ}}5E*L`uR zAwB?p_wisWm=s6>^1bdWeVC3872hfJFD+*BXMn{R0?25H)J0Z`&3goQEZWjsVIdwy zIayPco9T0Psw@e@p6oZa_!ZXL2fv33@bcP7jFY|n6Km+&DVeWh5~$Dh$CJZOass;^ zy_JQae@&%d!~eZJO?mOom(eXEH3%YAdJa>vzsgU_={<)q;c=rZh4E(-x{%G6Ulq%3tzJC0myGlr zNEw~q6S&RuE$}%6vFP+%kLjTeBxUuSoX8sfnX+zZ$Hn7=cjF()XN6Ic5UW5ra|HsW z8NFi;V}azm129bRaH#4-S=`+_?rqGdEza%-kTeh+KD#d^FBC)$9HHqyI+cCQU7Yqr zk!kB2k`9a$H0&s9r2cXY>kJtX-3C(f&IA0_2WyD;hT@We^j3Z?DR!GΨJW7b|= z9JI44aQWcwL}X$~<^DbnNmRfqU1)AM59@f<$7rA1$<)2e#xSwPK^!y;CD>|_WwV6B zW`tGI7&J(IkvS$eeVl8zhXO4GP-TyiXXYIwg)Ot6dlp2ft)H6dOI3Qw#i~MXy@uM{ zQWG)cp8ULBqWSfF+*{x3>N8^Q=JMwYekI}9k~gUa(kLUN_O8*cpRd#IU2ySOzisj?L8tgzhoeJnVOwyAM< z?+n#BHJa|@&=s?!mqVcCzW7XKH@FD*dk?<2=4&c4?HI<#mO;c%18oLC-5B}@OWimE zHUFl<^(;f{5-zu7%WA6nYP*di+UBB!+>)*258zAh+rMta9$&|it$;vn$lTb5mzTqs z)ocMNbPhGATS~XwJ!cjvP=SGn7PjE_>|`?A*0*m9!}TxZ(Bs(?zCJqE$)FMl&jG2)C?lukoS~y zS!6dBw9r~+pTZ`Wi^QlSXBJ}I&HClawdPwEU{@QaexZ}M(pqm>*e~^%(sh+x2M$+7 zp_it)a#!E870Y$cacS&2`g+{5wMOee8lmmj`$xJ#4!+|S$VrO%v}NUXV`&Y-T1RiO zL;3ua6N~Fe>eCKK`@@u+E~`iQiPY^9bId>^W5YQVHI$V1 z#>m%|agf06yiE|unL<9|2EDrd%R>{8gG1=VXnJUOGjUMuYvXQuXcDm{u@;)ord70g z-zg$6kT7i@tmuCvBY;Euc3NA(0g8*Zgo7@UEE9pu!JWgH^&qTMLtnjjxS9m=ZKr04UpLy-dB4Qmts-5k9TA5pa~Uz>MWYF8Bk zJ^{0RfRHmZ$qhRaYV4xwqZd$t%Z`q*6g;*{FYl=zAfztocyM~c65U$Yz=ldg5+lCL zcE28kAGaUQacE^;L;_3xg>^73em*{=_JU>3#a_U(XNEALYJ{}cvzcHyZsU?}`D}Yj zH{acl-AKg}&6v#f?+FSueIzwX5#x~hX-eoyTtsK~CP@Bj{F@F@e2;gU+$0&7*6x41 z<5)1}f6G=NYbbGA1`iYIYz^ouUEY8xI-Gc(9x#EN;cftAPIy}h%gU}yTn14jS$M<6 z-y0aPZ9 zx7FG0O0z!fCT%;mPu?I($g_4qfvsR>nx0KiC^p`GHLoYAf946q)LeHKPm-3hx=sWb z&Xl%t86TlRU?mar^vm{xjp_%8(&EpVnF$=0AKaU5aw|d6CC;7nm$QmLHu`0yl&D{0^Sl0nac}14 z{gs31+1sDA7=n5&gOHl2t{2lSiqztXWC38iMe*eph#DW(a(8&!(LswE_epNk-Ou@M z0H|_X{r@f*BF(I9`lH~L{h?}r44AIJV2=!pM!L0$sQ7Zq_(XrzT1H)QresO&&f{t{ z#i4Uq)Oj|UdIGv#cl0zYI8C0nulJuc4-pO&etEJ;TPN+dG1h=-Q3UuPNkDwM`B;Hd z&yF)f2=JEGVPZxbU|%%{5%ADRm;|@)d~h$1u^Xy7L{pM(*qOn8kg~|OzA(!1X0$mq zcj7=Opib5UriHtk?K7SmsM}=X_dzGH-CPx!5FEb`+62}|;~{mnv9c?YG%uXOW-&ko z>r}Tw#sZYC0V1TCXWvmT#{H6KI&rWD&?)qzXX-wO$JDxpLxpt^FLtP|yvU4G@Ykj_rg^(26pWt&5)k12yWpgAsSQg_I9-%pL%SxI&l>9ocAy=^ddL)oyh?eQNKvL(dtg*FaXQ`__+1t$yt)PqMT zSQ+r!{%0jsufiv@Y^eukt~-^vAqfn0=6Lm4Jlj2=Nsf<>nnZ9reI^cSSeqhQur7ZG zrMlqa8Q$#&Hzj9EcfRCeQZqmo50oYF`PhHeSSbPYg{$XYYssQx<)Sj;$Hk0&;1k8FdWxQ_1RDf~QoyO+?vR;wT*j0+% z(87cghuNldC{%+Q$R$t(UWJ$$A&d3;rrEe)LU;WH<2iI06pu!tqc@7pSM$GBtoT}I z_W@cV2vcc%Ei!DNBz_%dNd%4;!F3s?-LqLvLKn;piSmeezIfe-w^BG1nr3Uscras^ zmHx}K0EkjJ{>}UHjOD3I27m@W9=!fg>l~4~1LvA_>>Og!+A-Z{c1^mE7@`a+L<%29 z?GV1Rf;f&L%DyF5G8Y!CLe>2^cNd?B4fn0{H(6-$O$?o;u;y9@pF-)_knu=^ zwq04p=iS-s#&GbCr&MsL?w+iNaU}yO3xS{bW@-eP9oo^+VPsNZxf`W(@S~QO^LTZb z-4;Ipc+I{u-NW1E{#|?HF(3qruG0bl12rD0S?10@r8L-5h|KaqpS1KB8?lxt;5<>&c4F zzE49Z+Rk{axj>PHwRkcM2AW_DWjWNbJEIQx%$g4wxkr4GNBZ5i{F;R*GAo(}%a+^1stS$hUo;Iqz@ZK1U=mD>>w@)&rc+f`zBUa&vWQaY@E1B?t4lV* z$s^(pKF!S(|1pY+g8&6JWL-dCAZVxv;`#Ov3h!2+t&vtFilpxYFwY4hlDjY-0}!QS z-}^xytY8(g*o3GVD9?zbl^}C_x*(bp&w}(IOGDmZb9FEXa=U#`6-5bFTw%x#EMY$| z$GYi@0=~V-`$>9Dx*D5m3F#NB+vqlOcbZTnE9 zWmn~2d~rVSfL0FQZGQ&obvI=m2!E2Md6H*5IyYu^w#wt}5(YJ`VY`gAz9pjIN>Rrh zZis-sPy ziSnx15f%rkV>oD_aN#?~>-U+5@r1}+ab2E-IGfm=uzfPpuIUt~SsTodP8|yY4s;$+8+_^1pi0kQn* za#%Vdo;Uv4So}SbFDY86i*7)Kk(yae{^^dJAJ+l<2f0D0H7)O~F5rJVmX>g2CN|?sHfOV?xfHFpJ z{gTf#%&+KzF+fj>I$JHrS`tu?P8NA?DgK|dsO6g1h1ve{ZZfa_Z(W%t+@~xsDOVf576-e(N*63mi zMPrYT&IHl>JT6j+CtL{NY zzD2ZHm+iF9_K?mk)nf3JMkIWqU*#dDjuc%11ELuV5Pd3I^O+R(8IAW@@4%_?hudJy zr@XD2B6$JVl9#$MTDI%deduAx-6f|cFI64w?JuSE1J2p{tDizs^G@Z|e;1*!XuEV* zx+1UJr=4V9ndAJwL2TBgX26h0|CW0PU&;9r^L6|a#}m`OocZd*0Nm3tS?|EnY-Lrg z=jl?2?9)@qa8+jUAxfX}t)6nKORwt&zVLc20fBTICcu3RK7m__$l_4qW&!|z{$uHB+l>?3XIrRcKpBGWu@Jt^PFpatQw$J^1I#$`h zXOt~!X_H5N9evKINaQ5yBQwx0^#<}!ORrHDt;3AH5-2}F*?qpmc_9s|;-FrQR~5ib zIqyZ!Y(*~~cvDC1AOFXnWYQ;Dr7C-&Z($p{43H${ZImNh%rx+0S*ubWnnA#Ej(aB6QbBaPe-?yM&CDHWs1gH2dYwU8cVwdslGZd>dtQ*QFegGJ&V>Jg;Glx4X0;!#P zF%Z~A&1+6M#gHxwpv*kFrXUVb+>I&r;oIN;=jH*f2r(WFi0JSAd+7Rp{5ON>b~uEn z-dVx4axfqU{PQopc#hm1YUqIC-Xnt)SBbZS5|U@H1U{lYWn6AshRdKn>j7uMLwf^+ zxqft2x|&h_Y)KN0R8N3P1h!IVjN47dicFqB>fX~(iks_VfZ~QT63qhH(>EnwFQ!XZ z;&>t(PV@;yovnmiP!=dURA-hG9NwM|yV#>j$MZQT&8{0hXWD1ZRx*ndXJ#>7J#8%w z>R5Sd4i!MI(#gdx1Q9Nu3bW4K7z0980cInc>&lc!a;hLu$)u(-SDp}ZTdmo;s_7gz zF~WfmcDO%(>iFtTPchMIVzS%L&daC$#OkA^cn=9lNZyeuT|c^yr1;~jo|Wm+;+5%{ z^6CE46)PP~Uv5SUp~x|&TZ#8>yk?@pk)9cIxU{qrz4q~BtMtdSFXzeKXQj*5JepS` zM|c++BNgOD{@I6n6i)yJp5D~yA-KmF@)vK|tzgD*S)LAF>Fp=_xJQNIcg|dUZ^@M2 zS(-f>ze3ROT;XxYQ**$>l=$4+eh*cP=KcpGXHrDhNbhKQdCJc{~sj8>Eklf%Er%BeE;hE)Dq)-V1$d_GWT&i{o|rXKj8SGm&RI+VShp6Ot((1>&i5_ z0@(-Z6IAdV!vCOjPt5X6F6&GAsj{}B3$p?ynBR@n>Q^Vo6$yRy`w$w^rrW^oEK2+E z--qabZHAt3?yiQiFon4NWT#?gA%xGMzIFs@ui=*vH`9pi{qb%^7{9QxWlwdgn5Q4UP9CIm! zK{z@dYxHnkBiY!tpVvMA+|t+{j#Lz#JmMQkSKc{$s%s!lt_mdUan=qe`Z=^=F1d z1jEglQ(Xzi>`a~dpK(o37nE(uv1f|BG`!?3Y=Sqd$IUVRNb}6k*Q3^>{7H`dd z_%`IfFc7Y_JS1rzk@wE&u|mXMoy}OLhDS0Y;ig&M!qWIh;|{$WKa>5_+Qog|Lk8{d z@2{|?ZQK+&clS!LqSe($KaKAqL4mAnUB2ao%`a0Qi3aSV1)kkm)2$lLS=PMvmi5C6 zt@#JSCIoQ3Mi)BF&+9$N^{O>!`QCw?KJVT}hqLQT4wSj8`Ld=kMSlFToVf42YR2wF zUeV4nlh`ilN|;c2Nqqd7bs?SQeA|N$V$5Twe%`1F!3&i%&6m%glZ3xy*u6R}`a8~g z;>EtD0;|E7pWQq=H|lk^TkmZy4{l-_C}13}BTm(un1)jW%8lOrg8Zlf<`cY5lk zHnL?gsjOP%)z8ByFrK{q9SBh_W0N{nI%Oid#9{2lf9+vz4zXGWv~0ZeRO@h ze)s*j|F}FJu0GzM*Ep}|Ip=wv=k>0PuY)^%o?z?f>u)X&kl|s5%eiuPTIW0svwT8U z4@IL0A<<1wp}nVV39?Q*zgwDl65H~D5WyGRq7)PqygBDBdThWZ7!)Bg5u)8WW=xtH zSH=e~sn4*D+)}Nqe^Y41i%3 z{v|PcX3OxCG$`kjRMrh6TKo8ti zxDCgiKkYLWszY`8Kn?J?00;Mc+GT%1L!;GdwaW$R-=D9~dVoUk@i*Z$HI5bzgVnndN8n9>egCB2Pg5b=xbaL~tTnw5GgW;l zS((dh%z(3Jlr^>Gr0|+p6&NtxrQjgk>NxFi&q{m{%MCh1<@{8?8x0PY*!=_1Z28jtC4ZB>XEcU~!zFbJ! zKEKOBq`xBL=bN454|5Y_!^649PaEsaEi*92i%@<+z|m&?J0iI=-gdXusZTHM`pC%bKz-puq0EHu8|5lS<2QMhLkFc|)e zP&mfx1R-xY<{!86p={)*r*g{U5zBlyE88>M%6fXV+SBe|{Ht+}+{Y#Cyn!_LqVElJ zxI1&N*GJ6wWHT>q9TpcH+LCQP$FzYBK04varJhZy-sAcBLoW zVlHqytj1N1eT__on~M~A&Rd7k-Z?hs4A;V<{v3Vf7Re>zB7rXFCt4=yf`(&s@q>bb zIm%iA9i+c5(-~un!R8d){c2cy44>F%>OTq{!ZomxzMwR*H10|pfPfrSlhQIWcfJtm z5Th6K3BhundSid&cRXXF2*v|z!@#;A_PvDPHTc&DZ}s;kXxtiq&rj*K$Xp?oGbQ}b2lsx(+{*^~zc zs#R53&k(LrUv(GO1*pjS=MPlyy1l(XM&q8|{yYoto-L*M`T1VWc;vi~ ze$Kfw7wTZ6cX*g!*#Py1Em5X)t7tfthbCD`Oyy=xtf|yTevX+PveZ=7e6NoLr677=AF^ju;*j$#+*p2>BrrDBz$dF}fS zDy{23vu4#-ms?s?$W^(``YBFg&eE0X_wVpnTs+|+i2#OP0ax;~tt-0gRT;lSGBhgxP`u1S_oj$HnJT9)IYU+Er$mAvJRpjSmy1U(oD zL5#|Jy1L?=81a%v0o4gNRjl6+pBBtn?02)pZXbM0+)jONsG2NM9~2n4HxF-SgzGiq zo?5qGI3CTTi{>H0-5c{ryto}gHZU<^af(@%!Xh*0^|v_v6CNipL~cBJKDhr`w{v;q zXYy17*(Wkilg9*l;Ww{=lO~<`G;sRPjh{LkM>qO02N=!nz-J7lQ))Aa2%Y60qqTse; zFmybL7m{2(sPVhyA1t$`jzxkD0msAv4*GT9m5kz@^U=7wy@{?PNJ5})9Bg?Uo|I$2 zr3LYov4rs;?0RW=q7f{bj3-MpuoKTkgtQ-T*~N zU08%djs@yRpIKnasVd>v3-n<~~UL3wi|I~|2Pi#}KF!*~R*iN3f&i}8Oa`Wyo^i0o9>;hhjm z_hR8*MA{dC_Ka?uIa^%*C#@u92LC}W=||+WrFjsM9&9!+U(b`gKG|PULA<+pk>%jl zX8hFZpndjq09M*w(W@U_2}4#ct6v}?vqotT=M(?VTrNmfob9Vob5bsTIF3}WCE2c_&}jb~1zeJ*F9QT)>AJpN#N5|1{M z27(rF2()J@o=HjJnh{8Q3XdachvjUz|8d$ej{z}PKH=Loi8XLw#a)}ELe52#1*|O` z-Hd*FM?0;KAT_r|)^G2Q-ni_^U;Gs0ev92S4&$k}2cC;%;QXqH2*AJ)p$6+PNOFIN zHaUV745VX(uA~c~M_O7s_@>I|bl}jx^rX*EkglYjIst%4xrd}5W4|n_R$^_4I>s!Y z&*$8@Xn=P(DSU<+S&LtaJXjLwwJ^X^O4r<<5;}AM8nuqGxHDbrzCE)+^1F9OgT#CQ zNqtwj)#B>+g4W;m{Sy;ud9j5nxFnAf~UO2lUB*n-Z2C}5nAI3`f zT)JKUEaS_{L<9lu@iY=@-Y#wNGF{VkA6CSPaMDqtet&z=RemXJK&U?W*ZN z5Buu;Bd_$u=5hpJYlv|Y;gEMi&{SUVoc_u&G}6Bh2xx;~SFj{RFaP-qwXT(8t2&F- z&#Wv`0&Ic@?qGxCm?E6gmejuR0Dt3~U+HOS(}v38$X<6D)0$j*_V7Apxe9CqcNeqn z9rQ+sVX>#Khl60?*Cr{y{qhHDN%jE_u{zNlbb9bbRyacR(R`m;(fn8umnQvz^@qgr zVEY9;!_EGW{Cf%0=c0)Gb|*zMd;I-Lg{Hm6TXHKmW^w5;uwQ+IKxjExLHc+Xs&U~` z_YEk-M^8B#swq3w-70vW{s`wNU49@{rtt8o(DOL!b?J&p9Fn3jZU=q{c`GJcmz-{_ zZxpuD3B7l2+JD)upa#(*P@`fYB9dhUJpk?^_8!jcN2ls6%^@X*bczk&A7 zqH4nsW7gNzWo~OG-v1a4`WtI&YXg$E{nSU_I(%W7o4heIv5qsH<%Oduobn!9)7%{6 zkG!^`J5Km?enmV5PE|L&D|(q3w-fqUuWrjt-f1HWl5rVssjrH@_i^>fURhnk${ArQ zSK-G<3S4It{{U?(uj0zU6%hHgA*6yr!aWBBW8gBB#eu@jg}yG6$vZN4JL$uYPQ#W& z*@7+cMT7W!$gk@nb}egqo9MF=^&rTq1O@J+Y3EvSxR4-yi zXuTRX=O&6Sgbo`DhjGFjt5la%3)-XUUWYUR3L3SFRUdAAuKM z@8W&SG3;``Jk|+x{Da@3NpL%=KrDlWrvc0D4aqGkYhXc=nSqo!>$jzP0v(t^AjoJA zeQvRmenxt8f%FQ`H|A?@cI}i~P@v~{#$H`c-&Ah9v%zDjG~O_ELXGor8=HLPyN0}_ zk?{yK@0nJgWp&(+v$^7wIspD2_Y^-oM6W58@<2^-tfCYeu?OofrL^x zJlIFxu>x=Vv*(Yl){gmgbhJchV`!$NWf(UW=v7xgJhQ6!$h^UQ}wUMb)w|GQH@snAK4)b(;xDNVxBC!=n0uu|)E4J!d|Q`vF4EGjNCt9*>*S zjmK(oe0=-{e`5Uf=;)}tf`TmV!n-P5G;CfZXcp#~3RBP}>v9N*jNt0aarDe~s%p2e za}0?jbC9v#^<{cbX9|h^Q$RxI`J_OM;}ze*xP1BYSf!66G_oCayF}Z6hEoNzDpjIC z39}-2jzN)Irx`5#s? zR@7b0udBO|Rw5_U7(d`-20UYUK)_toc{(IeB)Lc_YWI}7@yG*!znCO^4EH=8LdhEV zb;n*(Dn357A!o#60c{Nt!JB4|`^4rXM@Q}qun1SG{DRW9`44@Rv!5pKcYo;CbZVs? z4Ebc3+J&F1mm_fo))PAqfZR2}pYnJL?D9|GjT+RFzLA1XJMW}f$cx~1qXs>}EOz;z zx}zv;mIWg2Nd2ZjRL}dvjVlY-Py66Cp0b7Qe3gkqhX$+Dx1pHPAw=IO1}j8*z07mq zw1oxhpT~bHgDa|#DiQvrTf!^c4JHd6$;!Yw$HvA&?-;LlMe8drT0=By0Q3Iv6RK;Y z+;6ZhV$E`9HYlMxbo@hZoN-M)AMLO88GTQ7qr(TI_eqTV)mKLS`YSxnD4&)4xcZuT^G}#tJTPwa46u7ta!Dl-kdh4nCZPPSxsk@s?T%T=8B%f*{txQmc;Ut}S@NBu9o2h!D#oX-|1 zZ#Zr`Lu(QIqC;K~lYIS%9D0=pWW4ocG}Er7)ekHc*l%@L% zl;$B&1Rx{hGiv_=Ej@3esNB>1s}a_NARNO~Eq}lH$7oO;U^>)k)VK3jLNuc}Cw}~{ zQ2;NM5f|^Nmr>0D(M1s$<@JdySiGCrB-j?ilgb+s7G{{+x3;!sx6m7( zpO$imgfsh|2r~TO^UK`}z6x}8o#{0$YuWC(Q%YB=eP>#kZ1&>bef6WkCqtnkI^-{p zmB9G_%h5f?6olS;;5(h>I#a!>oDd;Z$*!rTrKO5W&wNj2_TvZN#{FL$rCG1SU4tX7 zCMJT-`aTy^u1*%I7Z^s-a4<~-^TEt&Q?<1VZ2eXjWPc%mWgv30tu}~}!y^vMsx0-7 z356b$AQR1Ou{DR^HbIqemXzH98dvG=NAIopxumcF_ZS=yur{#dto)%60=6fwsmzY- z`^Syp6{z*hOP&jI$<8+!BiXo6byJESN|UlhrUvRCWuPqcBUFDCT+RsNU(^Um3)!c( zs-a~jKAJmYlIq4MPB;omiHSUl;lcc#nF)2pfh%^S6dxFb$-LXc&2;il^*zyRjO;NX zEPw+4E{M=N_Bx>vCsm_x!{u<(rOaUSVkl+IbMMQ(eWFTs) zvo-sp@(U;7(-y_Mv}Z4q3N5crr)&^PiGBiV+ymfPnG4DG5@|C|GUR_oMUJwVYbIdOjlu-BM)EdFzaYxQ4SeYA+` zBcg@Bqc9O`BH43rl{0mo4>K|hp(>J;DW_myNLK3L1;tM!19mArhdY;OF}ra>*r zuEKUn_q*!LLd@}VQ09K*s**;ixtCv*C`2G`9TGZ$mM zWb+%;kPx^LkUR-Cexpp;gI+btXPENx@&z_?686l`7$V&f=ix@U{HPl|KyaE$7}sWy zJJu4=K;8>hQoRD3`u&Fnqw7Dho3JFp9>F@&V}(xi1{TEm9Fv)UU^Ebe!ttk8)yWd|qTkwfhEhPr#SQJ6!<-<^?Dmgr?Y}(g3}0PV0cDaxZlN?Z zkMSqMB`}aUd0*UPYu$5hNbSuxc9!4}=5n zmH>XdtGztV@4w4yZh--BBmL5xD zy!s7pw?O^;R!;=ZmP!$biMUSwiT|#wyJFdxHSd}wLY3N2$;uit4SgT<5B^{|*L{|W zhfB}o-jwM>J>JY8st)4-i=;GVcTyjksG~`Tf7hj%2;#58yf0La$}Lq_#~Yl#>P)nL zxp99K56J_1w`z{`7j*0uD5(nwwyGeBz+BV7F|7XCpvE(hjzOWqOGqt^W{T*O)nqg< zjVe3i|FA7Oa<7EXF&WO>MfUgqaE|bQju!VC^>9XCl)hXLYK!Wyp$liS)UN&b%r;Ws&F4%t z^z>Xq(SqwO?R|^y7CL|GWS<@tjB|r8#>|HE6O%^4>iO?-Ame$J3Opb))7S3OT!WVK zy{<#Wq8D#J+eqDcoiMa{w|8K(62GWFGL$GsH}MIK;J;q^&w_-jm1$=p(YVUG;X!{0 zE=kE8w+(BW*5Pj{1rBTGl>#!R%V7;s*A|iQ&iVoaxi~R3`JV|1zdB=o#dfNvO*f)* zqA3C~lpGDd&wX}x$?fdmd_^{vX_FZc=5M5}tw>&3RU6u$G1Q@a{?9dyAYG z(sJ_>Y~-f1xGU4yOfMtLlGchz^XJM8|n=r_P%=VusL@jWNi4etyB+%NAepYxJu!IUp~7< zb}9p}??56!_F==Ql+vAN5liT_3wm~-40fP>5?bi?z~y1GHEfa1P*^Ko;j%OSh~I|goN_ZsRk$+`O|p&mk!P7I2~HbwPuZijy7 z-{02i>Fo>++qW|+8FH%@EQv2d+5U$5mfWIornFKjd&MtWpCT2t>;&Hkpe{esb8@CQ z+(1a(=39U^y{Wu5w8TPG77fzQuuqBMo;h&EQ=OyYxRCbyZ`RiDIL6G}c}CT;(Ro>TWmViE z{V>^n#j}^33e;XRn}UIY+dp10rf0;(mA^r7E==Y(C?jQpqboyjr9zL2hlR|JN9#-R$aeKe(gJ)W5vf5*M!knf{(+V1nU&a^w!2cpE+a}`H4MA~aQNu-Di`64UgV?F%D8Kd5N?f^$mF9T@l|peh za@9xp3E4gSr3s{O)sK|J2riLUN?yP3veO32Y$s@)FdFXb&$l9esbG?pm1Pa8O`KeK zxv@BIEAnDPFw?`D`_7;9B7PmNhLoy1Oawvh){I@)5-Z8bpKCrMisJh8&|bAn&PqGL z-=95XBS=|u`v<=B``}=u_%Ndi-p<6aRBxc?=!WU(nbmeIT6WFyS1ptE2YU-pz%-~j zHimsPUTmh{XssJdFJaD6!v~2_bx`10I4^N$rcZs+lvOoSSa8e-43c*^??>cTX8W32 z+{cnr3&E(de5|{2m73519{0@8#$|r#7kKyFVQ5vl0R7k zd81g8t6=X;TlhgyZ`=v7>F~giUxe7^`j;MHCgEao4!fIo<6`Fg5R-eg_!3{R`GulS zXj@!6WKkMqVg~mj&l%+xq@>(j*oztSYAy!BFX?SA%kgS=cMK;17&M&Mh2HEr=*W{7 zyT4Khw;+fmw=@7B56#)U3WbG6d*lQVvpA;2>u~ zii>Sh7GINDho`Da`3;Zu9kq4u_6T$n!8?85S2koDbx8AxgE3E6l9{zn;;XtfhW01D zi8xq*iU8zs#F+}eW%&w>jNc&rmXJah82x%f=;7f3wWGHC-dgMe{`QY=sLEBWDecyQCD`35{MMj@qVRwWDG9Use49K;mvSn2w?oodGsTh7U z;`)_xjI0cTw4&hZ=Wt9f`F%2eTRRes_}MQw_K|XShHp_#jpdtz41Gle;(xx+$yNAA6Sn0u zj^tN9w!#DJ{B|N!ojPxo9x4+5%M>Udcq6$XS1xN^K4^z9W^!AIN97KBUI}$(7 z)XU*iN#W4c_j>EIFvyr-jIVwaK9XJ+ew8Mo9{CP|%|DSK_N#n^&*68h%yE=lY4uyv zbiSrPIph`MJj#6Y%|Zv4&HO+Z;F)D#R0}zucv!M6oowfHcXV-pL_gFCl|#uM^25|9 zn;}NTV3L0R*OOt5uyG8UBMalYE%pp%Ds8Zq>Kh`~{r0%D7>5pmXl~Q5ydIg^6zDbD z*=(g7_{ct*5ZJdQoxhNlH|WGf{}ps$(tKmTem!PoMT9|q5G@TxzQ5#tLgz9P8cQLe z@z=lyU3*pu=C=XJm8@NTa&?p6;W6=G52^3`BA#ctiYj%yUOfwBc z7CPLQurLZy&u#_3=g-apB#$?y{Iz(s`}9xvXQh1|L`Mf@mc9jMMk`|CZv3lR3*AXh zs@b#Zfqki|fO+a5gMGI9+k3IO=L(6kq<`<2Vo2!cSPuWR1G`CttDaOEpor{wH zZ=T434NzHn2ms8A{HqsRu(H_74I8RRae^oXzRybq{?A+gg~;% z7;ivNqN|)>H8JZqUbZqx0Y8Xf}efa;ob9fic`%D_y5^L>Dn0B^a_Pgv;FU3zm zYz90A6mtuA2bJ!>;9C1p6<~VB5Y^|qtp3s>A4W}JzCYG$-+sGjdK6Q13YB4rO*skX+N z`JBlcdNY`^UP$GLI(UyLL6HK(zqoQ#Y5-yh!c*HU>z^dsYnn}A+qsCGbYng%E`bh@ zENEqTEVX3qW!78B@d`jncm8<=broV(uYla}{)Us7_n!xjVnlo4Ky>Z}>}|-4z}@sI zORX*AmG6E79#}{!G04+W*xDb<<}c~@cCouh$LHM2cYi13EXhNtE-o#rAopjc$egha zPvV7Jg%I({U199YN_%o}1uwkLWsPG2`;*Otzv-n9x7Q!yh0B!c8|@LlWcq4&O+%g) zac*KUkUnCkSbO~kND<9gUsOI1@$Lo@i&o_3DlQMpfuc;K;Ux`|+-T6gH@z7BT3_{1 zx@5vPlzHIZ?c1Lo-C8}8RGUMUg&cMA-)%S=oWx1LzEr%cSLpmgP(2T}79;Z64uiR- z;=i+Sg*_WPpH3cbaY!9T%FZ?M<5hB6c3k{F+9#`zG-blYKrnSgcwP7}GU^dRA4S?; zzt^dr3dZ1xVqUf>4}Bb==R;7p0wDv!v2S-Pq$W7s*ZO6}gX;Km)!@aa|UnijC9_75{Q_x!VmTl=3LV*mLpTKZYmhGq3}fZFnA(uEX~uu$0ro_pHZxG*I!qEbijKqr~bCG>gMuROt!&NZnGfX&4BD~y=#e){mp%KPynQ%ET66AYT zZ?)seN~&F~HhM@7!-ZUYQB86(s?VVca~c1>F~^vsq1_Of&@!uxrR5e;gg<&ikOq|4 z?mV=J_0KAP5eL1_NPWZC?!rR*8A%=(&mLQajF2rc5m-nB^fRd%GJ~f7@uqpqGj- zCY>^cyzK`A$Uy`qbkjzk?T(zvL232aqPmn)A5!=!g?lgbaG5qwtn8l_%Uv??dV8kx z{Ck$8G3ycE5?FF>VKqja;nJ*6Gahuft7O9NVe`3xDi&1Ao*Ef99uS;qu5|yxDte6( zn0+?=#_OUaI302nP~cF(VmFYB$l$eV?A=)WjykN((f3UL)*Sgh#$FwI8^(6ENc##u zj#@W_)0v_xC%^wRlvveX{rR$Fqnh$>e}Vb-C|a_K7E~;;vHG!VHUV+Xpz-0&zAWZi z6RArtP#}fM4PW{BZkIwXZ-=+sN<>~;2dOP$6T{*9B(E@zFsA={Gu3-#W9E4{s|%hb z%-efy{at#|PKzuaSBn<7ov$a{Nd!4{PB^?5naw%ydDW|KielLe3#MQh(<4wP_>NQ- zb7rf#{~jWHHo{c00DqVIHN^vWs3j)9KSb-s{xcg8$(wHv1DxnJZav*;uR8B}Hd{xB z(?;{|Rb)(*?+`(l#e_WjUjrmCh(mghfTsbWF=&4W=T-DS?plo$t}&c*A|K#noB*j8 zhryzwkW}$pbl%{8{mP0@(LW*RQvd&#&){Z(Bbs9g;Ypt_%HwMB5;^;3lS^QV>de51!YqR%*!XP&mH+|5qeN1+(`DghaM_AB!Gei z@Sw`h(I8dvDlSAh+V++XF7aEb-Wf?sOnM0+J8vSin?#1W)H#i$gNG`RmKkNa94fdn z*g3Q1VhLx!?qF}wc zFPEI??EieT*y7abunPg@cyCsZAOjO|4wT6R-;YA6KM@ZJU5v+gZLUeZ(@Kx~wiP>T zqoVqJPEXdnxwVv=`G6 zd!N>?h=w=0xaL`YUXeM}ijl8e2Z&K-p_Ti)Oykx}uxxL_mrGJ2G?ZiP862GKuU}Pj z0d#d2OSsaX3>pLWi{F_t=__TWOQap(W>_1U0W@@KZQl}64h;yn6Z>r(-L0pNIAa-E z`E!3;=Nqrqz0THkGLEy=BKlVZ&R_zvG%*d2$tBM@nB)|gKFRonpLcW2txDBplMX07BA1FM zR?Vq^Y0{8ax6_ktX*r{eFGb;`27${Cub8w1 z=g}YjA5H0z+o2T2EF#MchA1!U+tq_!#Yd0rz6zX^T&J0(!t{D}L_1(2TEF2G5=*q! z@AwNzj{L!QR%KIPy&R*Tp5^y1ju$PP{3tYIkW=0a0$D<*66%tGB<_*o0-FLr=!XKy zIOg9V#C#LvQykKb4m&#H8;kx;!G=PeY%bfS3WsZltNKmf7kc%)e4vL{+sh}FxCEN&jFgB9i1I z(~k8A5I!5vzmHu+snTJ-(u@I>};X?^ulTUw~OuZEe<21=%->Z!*Lys zyZ)aIb0g#yQeO;gxWvrW#iuUkmJj_dAk&gJuBljG_{cliSYM@=wViutwExlt>FR_! z<#jx=DC?hZAiqm`7ssX&%QSQO?H$v*1mB{%MzP++!43! zL)(*aV=4P8f6O5S-VgNxc$h^lJkl<(_FiaVOi=TKEHE`ZT@{rV$taZmVlH@;SZ3j$ z%|b>KaE>5I=1smcI(+Tz9m#3$7$(8X=xx+K*|xSw!jy?zCtv&yq|bSS^r~xTFmu@Y zUu;jxeWDg7!;LDy@rpd1^8->}FKLYR#u=FMca{qp-aIne|m$w!D5Bv(F%=CnZ@rneNX*N`{YCfj3aJxzR8OrqdP(v z_77!PRMsjgDzetv{^*ulP?3=|n>$uEdpxJ{cfoX5Duez1T#jPg3=HYEBCj&r?L>@Ny6k;qD?PONQ3MNYTFSVVk=T3i`!IX^pwu`|-Tif4yslW- zbkHl~*cf%R3m_i0d+HR=eUv}_nR61(rR2H^WlfF6o;H_ebDmV@+-{56ylj-x=mQud zr%WK<~*dwEk{9s_bpfccA7CyF-k@(#etka?QYmBheWKcUe?ZwG_%RS zkw~4kmHT|J5OuhJn7x4);$5o#bE5S!bJs0{#-lxda|zIoP@#i}=zr+v=1s8G zIcpigMZ|2+H&s!}z+h);lW+BNLIU)W-`4${2REi*#iXdsd}n%Jc1$pfM#&tZI2BZM zG~(LXCyr7l^fts0V!&rB#35H=Ec!VS?7*eHKW0`Gkzr($kJ5U6#W&9x{yhx-JJgC; zI%G$c2V&xd$aI+VC{UYL(V&q>ECF!7I>k=MFKb{(Bu z^bZ1OjG?n3b%Pq;pBWC$u|ysGG|O6eX_nWoOp(a8=*f+EGl|Q#BIp-h z*Li4Z$Dn&g8=&(pE$l}=`CrlJkL%{9Y)V7s`AlTqSp|`=>l~Cr9CNnXDjF54Vv8d( ze1D${*?kLN0sIG0vuz$DmOmc79mhI4dcTqQ)0tcz<1ar#dLw4U(sXIoQr~3PmSp#J zUDWnZv&Ox}u5Gg&r4Y8)bv{w=c@}n2hhrfqXZUEq7>jnE`l%qE<9ivNgP%|4B0dsw zqSu#_pcR=mpJs_}tQ}kD)W?=t%lwiN%X6s8q>hQ#@YLNJm+bxRbfkk}^-Tn{1hQ3B zzP8S<;YUyO2hzE{HTUMqaWw!rN6q#K1Z`}=A9u|N?d|+ta-JY(&K&^9L}@d>rPSsF zdp@F}vG|=4IO7!NE_>@VwBf|KA-VS8$g}>tkZ#x) zxN|QXLz3(?PU7wp=SHha^Ze51o^?@zgsCHzKPA8d_W>$kA&b%G z$WigFK>buG&v6egEkf7C6rJH@xnT34!-PY%_*gjIv(x1!PvX% zgYzy?2m5V_&YQ{Zxtd+(JVUdVAx3%X$umL*yP0sA!C@lor1CBGwCJM9ZTBAkg9q3FyVpdwRH53!}Sm7dlcHB89-AS z7#NK;qO^QWjK0gJY3f!VADoZz@sLMhiD-fn5ON@qAb$^YBJ;vpJ5!cz6BXcLNQI|Z zo`SFk(Th_E&=zRxyS$hCIl<2vQTVw$%&OA)Nh#MCJM)iY%OZGzV9PVWH)}j|-0)c! zpGZOVMLc^}{^1=fdS?k%F-YDt>+0%yydb1Mjxn*>eOzDnv4OWWkm7KM3sis_(f@cT zvpwlUkr<2fs>Y=AU3)tp?c-Lq7a94hUU#&VA^&nIP9Fsik^v#;;CuC^L5Rl6R+Rz zvZ|;f;kzHz`mQUEFc#GQSqr6y-v?Zv{1H3UGMEDW90bwEoknAN=*?u02k=g4r$POD z@=jtVoiWhDULbtP^{zA28*V7Dsn6>i+RaVT+W*vm?-KpIO91q@rgGAvf80{}eQ+&X z9rQH+OQf)QPo{EBF*A1L@l<`iK-}Y~PE%o{-*V;S`|axA^)o~FixwrA?vm(ES~)g% z&_fr(5umza>?Pn+(n|exXwBt>Uk-!#J*^xARhHy*tv1)RrQ9k!@A+)kp-R>`wVlPo z0r}2O6j9urKSTwU7!2ptBle2_c{+n!5}o(g0!sJb&Z9%sEc;KWB>-58ws~usDVPer3W=k+h@hW z;BIuP;!g5>!_$NJm9=U3C38n#-g}ykWgMjT4^q#3^r%tW4r*KX9m4jv9#*wb`;JM@ zOX3?J{-bR1p+=|kVsgT?fx?St_dI=Dpx4K4o~SLu>RuIdaMo{Vjk_V$qa3lSe^>{- z67tFNoC+o;t<4{ho+~Exm+{@>e?;gQ*Nz3li0Fw<;uSMNSsdXChTFnfNq)K$98d!? zxQKTi+vMdn(Jsmta_8=xY|yY_xURo>dh&{G)r^9#w&Z-3FE^1tpKZIv#-qSKE9UDY zT}gvG#_dQZ4d7iiade3Ii8fF%XX#v^qp5}y2b&8 zxo=!qu1}HCOnocF!EM6(pui8A*_h-2F=s$Wl0o=EZd}6l>*^@KTATTK4gN-*B>kN1 zbmN*@-HE;&?xyJ5DzUMBc5g~weB(6BW-ZN*cK-wA|6as%?FRDw*ck68Xh~vxICw1V z2S7yd8e79Y`<%3bw`-m5*$-=JjLJ`~BDqb4EUU@<*6>2Ch$ka{d-=Zg^5v|m5YOFg z)adxt0Uenf>W$$&(kBbO18qV=9O)`Gt$9hp@cz^u-Tw7c!jGQt{d9$wHM??3BpbX3 zLCjggg3}{bmetty{S=-`fqYzc9br~Vbu~SHhNDSb3~=RL|CsHrM2+~ImT_|D?WxH$ zTi?ZY9^T~GU@zP-fB)mQtZ?PBv9}C%_R^?_wjs_@65?vIw>!TCatEyUtEMzWL{Juz zp_!ZuwulLMlH+56Bp-G2#G4O+Vn?I6YsB|dQ^{{F;(cUt-s3ezpX~8>WsxA%)oJNh zG`rgv89A?USI$bA&)WCl-85}|8B1xRU-< z90y*VP{*v>L$+brc6?Uy>P{r?*uqNgtY@gKMO2t{7~UZc>KyeYuk*Ly)Rf(zrv6mM zd5OyULyJ*)R$%Y=$X>tV5-mQRFC$o7q}@kPZAnOfdt+^$T=|Um|M};e`&9*44X2CrgE4 zH_HA$b^{mJo_~n+2518Ntk>TY`nSEtr%0^hl5XUC(C8m_Io4zR9r46(m&C@&?!1eQ zLdS}CN*yfre2(C=A=ds&$5KfRYPML><@cLeDqs1?I-%q&P@)IcgfS%9f z6huLp*RM<1O^<6lY~+(p^RBE_k#GHc^QPB@Nv2n$2vBFAF%V2>Bc6D>`s?w%4_DZ5 z9^q#2#Re~$A8e0#^`386nnEcwxD*JbX&8;4i=`GN`LZFw3)f)4iMUmZ{RqxO3j^tO zf}_(YvK85X1tYw0_IKsjyF&o#t>Az)(}JYSDUd{U^zg!7^!DZy6Z)^63siWLh6=Wm zQPMoJ2*R7gZ@s?reO|5Occ@q#!x~II%bUxZE6o~zJ@grit?}Y5eZ_kU&!3->rJgL( zvd>!gUlD)wwqb3LbvJxIX-$nW_WG|-y?!FAzL;tcT2Ycov-4hEqlo$D+FMi$6W{=2 z|4rVVM+O*skoo7QQPY_P-LXt_f1$;{_-+4-*-(eJq`(FaoB>*VNIcB=7yCPt2fHKT zo&sr?>?y=rUIn_2lAqIm zZOpWztx>-f2bgM}W(B#4>U+gT!TavBH*t%LGC21c-}l~Miy9WtNR-Iue~6_!=$g>= zO`Y$vBg>;la;cB#0u{xGgB>~-t!5&5XQgg87p8edbFx|8O zOUtRMT8I;~8I8* zt-5yPthi;Ro0~pM{a{@^F!N&FEopVx5v3>NNneP6y!Pdw)1^=#r@}*x;gs04s&w?O zgcov3K75woA)^AO?9Ig~iK9ajE5#AuxQ(dDMiuc(c<`-^@k;4g}nu- zg#G}b9Lcftw3dgYL-&Y(p+MK2kI8;xrtarrMPH;AxouEiQ-v7OZnZR*-=Z0LXH##y zVqKMAI4*VBCVlGii=4joN@&E{=I~oH3Nm?aZtxrR@-rFl#!kdjgCWwSNwU&OvX@Fu zlo4Em6Xc(i_9X`?L+rA`oo6?EmD;$awawo37C8gwXT4;bA`Oe=9IK8&~! zP^^K899?1iGdC_~&cw`pWSsYG?7VfJ{#s`o<-i#A=L_0rS~(I%{U-81YM2bY_}1ys zO5{1)^<&k$@R|QJ*#oJV0tNEej-s)yMn9#sa{_FyKRL1SFYIx1ES0hQ{Y155b1cPh z4iRu_Q)O-%`)FCs;0Bnz>&rzxrrI#?lkQNJ6jl`5@w+wmVCYq4wKVmM$-{ETVEWq6 zYYpKvsrjvg9vkdl4V$Gkd^WtjyXjQMQ!e8I*Lu0)dp8w^!Y&SVRnnBKanR>gDu)fQ zIR=dt%bt^DD#KYaEG|7PU^IP_SiO(u?1rtOq@<)B&iRMR5XQt#QO~!8%xy`(?ed3R z6$XsiZ47u>r~1Pkt(EWI{o9Ws_#ctp(C_N+i1lpr826>Hn4EadM=|(5a`O;~;Lm(y z*YcTnx_Xm*E=I&M1CwTt$sQ~@a$Wm@-{(`a#mPg1%^xIxC`3}$yv49ePy6mtlGsTg z?`hpu+*Q%fTisiKjo0N(5^tajQ>Lo(qcsDLCB^J}p1xbmPw$I{B+@)Li(8J=TT+eC9kNX1Gn%@+S*oNoJw(b##oWuj zC_UFcN6q`oL~Qys{#DJW>NvlFpRe(7{XGeLgek?aF!YEosXO)m*68P*Wo!f57ghypOeKK{Mvf(bK3em=W@*om5obb+R`) z`04;Dp=-qdI=yDfaWKYg*`4nV2eh+>wvflC*y#sXL(<%jmAW z8&ktj$_(A$X3C_=j;N8MRzcFYqDerXTlJLN{5U)t@p9ygp1a%L{kljbNl(o>LDXY=To9a5UJN|-fW*PI#( z>8)cZ(mu7%lC8Ed+DqTIH}^IpOse6EX4?JAh@~rf`J5j)?Eatj-aH=4HvId)Q>2kK zTb2|lMhIh@k}dl_X6$PuMks5^lC5OT7AfnPF=i|gVQi%=DZ8N*iiEL6CXDSl-TVFh zegFRb^F02VdCiz>Ij`%yj`KJ^$LAeq_`5cF@F8MEQjH%I1JnH@wvGDnn&Mh(8#Nkt zX*1uw|9;O?x%SROi|N_G`3y({SMT+f%1aAR3El__%YRBNUE5|;j``M@X2rGoQ_9yn z`WpuaSL#onRkpFp_5ji-h{2;M8tiLPM>BCs}m|KHy#x&AaTR*v()x5M11B6p;8VTN~?9owKfp(PDkn z$3nFKcCesp8vV#~UD zad5iFXZ6d)fY$PQq7Lh)&{N7YALS@HwaN`Wtyd4tHsVbnAd*m3Q>Rz`Q=2t(k%O(Jp@%)%j=57Ku|Qbw}J?W4=9FxY1+p zQgM@zuRY+w@;#vGTz23{r1W0ZPSGsl}TC8yS-GLfitAJ*#%=f zvMG3WXPSnOt&df=;$_|EC%KpuSoqR}sWqyBxEAk?GrGaONO!||+B{6usyvF!&~9H-+d@Haet8MaMHI!~-Xk#2Ggr;m zZQV$+6%oDQ=6<)V-h{iz0V(XyGgw{69l-q__a?$7`?APxSE#maLFuh5(yvzpYpx54Yb~)r`~@d#phGtKo=vwb#gUypJ?c8W&g=s!CtvMb(#xmm z_w$mQs}G~T9LrCncg#5ykVN-;UNYdSqV;#66Yadc)CzcoU<0QvJat~dLUE)@C-g$r zS$jbhJW;g2RzRsjo6+5WfS}T&>?wHIc;up?w%nl(2lmi;tVL*l?Aq(^sc`Py^~_3| zjT_%dh47}SL}`J5grC6gEr>O#dC_;i-VdF(HOH?;=?^h9Dqr*Vo7>W;Jntf8c>i5P z1(wd0HeA3gMaB4aG&ydu1i!x4+$0^!Lu>A1$C}=jJFurF7j9@o55rjnwWa1DnIBtEKfr?SGZ5)X2pFM!?`Uac!U&8*@V8|i{a*z`}GR;t7|QE{z8Y+73H8e zN{%MKMN~{I2M6A?w>>V_6{6|$Zr$gBd?3RY^2q~QE-e?oWj}9ko^fSn8ZL2bsFqcg z5&oW?D+xbTt*$ls&2(S>hL+b3(=R$awvyl<+)281;MbZ+ zqm|bi2D4-=H?cQmSjTu(Ryl}4Xsgp!he!$86Ev{4Tg~Z#Yv}I4txhzaqE$)p%tmj` zC=91`zym8wLr_hv&duEto?|CpW`0)mlbiP^g7do<5Le^z=qfhFS-uGGZkaJXUPG6| zt^X;os9Y~H&Ka!ChM!(pJX4S<&F*u^NO}x8co79z+{DXx@5(Q1um3WsEWH>$7}Up` z_pAGdl;A~0wf9+Ba|VT@sPU+At~XbjX52rxh9vB+pFop2ak&W%|KGYUyk~VvYg&ht_ULs!grI$d}hJtyc%m{PXAB*;x zD2dmWcNMss13sM=W%@laSEmn^k_rQ@QJ_6eR!*)XStu_hh22J-G}sbKa;55<#FQmX z+78I2-A_zfBb)$u6Zy8ZP#w#v3A`vH(0Y82VwZ?yCtuk zjaIdi|BSS~NNkTqOtGM6Kikd=+7vVi5T0F60Qi>t$2tK0(Zxw(n0~*6Mz{LwV*o&eN0AVUKdV5+@_~5k_dC z_DEpl`>9vZ3au673+@x*nI||uo*mN|zF>afqr;-%y4|s{S{2NUaAN@M_R51kd1V>J z*c-oxNCIh-BVr&#a{eboN=(Z!o&g#`;F`4GoCt`Ox|-eIfRD4Wv7vpMjK~z&?H){$ zw$T1KpU}rl!o6tV%}379TN)Q9P5;;_CRZNaQ=Hl0KGERh56`b{xN*MG zq4p>roVU&hxarppTm9CrsHUVd;_o1k8|rh*N!VH!E0t zwp1NG9%`159(vfNjIXGjp;r6ve2ZTAz5u(JI{ywMX&1gjC4WZZ{s5R@D z6pHuBx%tY_!hwwvdDik$!KGsdJq`LU1TE8vJVG~D(^_q*y?&uMZfFg&V*~82ar~>1 z6yI6}+y$xR9$gsf$eknRrwCAIX-Cz;20qJ-L-E(;1{3VISP*leQ3T#p=cK z-N(L>-XO@NPBZU5bsTt?*SaZVJwZ7#a^Cb^kb0ssj_Cx9p$0XAw}W(hUC$)k>e#GL zsY&ls6j}YO_H2}`nwHg$CO6gJUo9%t? zD+3s*ZuA5-WALAWCdTphG?&&qF!3gw#>P;tD@;ThzFMbk=TwlS_pYH=j+jfDNi~Ri zPuHj#ABUeiv(oBv@TWmj{42%6bUsxSC1-6U%af_A@pTQ~3gJBW48afQ?DZCHrd&ou zB`-ivqmrLD^4sziZ<<_c`8r)Mu#pr#7)`m@{o%~d$P$!FcU@cUPbUFFx=n)5acP&O zf<5dh)!q90yHVWnK`YXdj~q9#QQ0IbQA*MIG=-8O$Q4wzd}U=Y{vD(4@q-_ezH5ip ziFhv`pWwJs(>QuY8F%!B<5-y)`E#rVmqTVq^T^L(+-%4b9|aF;W(Qdkb7gzFN1{Pi zSiBLMJ8+Wi0G-VRB^jAYJtqA>dI=-&AnkTQ>wl)*6pbySy@CH2fP&rtmK=iYB;eH> z2>P*E?qk?%-6;kfTgF26jX&d_)>M|S@-5eh{G=o|7)mB|mzq2+De>cfG1mYs{0!Of zNIAVzVU_x>;qu3NpTwx4$vkCVd8K4#h#+=NFYS9IurdEF;w8lD+@r1KmT-Vii7aTB;cceD@JxQB{y#$NnKm;oyQ|99q%=$}?rY_YBp%VFycs(YKg z@-6b0c3T^Av}HN3{?ljnFMsoYio^S_@bHy6&N9LF&<*8 zY81_(Tge{hVrl9@Qr6u5=a8K^6IK@ z!&rG4)bNZCGmVwv8Q*qA;GDR4zlU-0Ai9Q62MT0K(2FOMKVJW}hp(%%nvp0WrO7Wj zC|f`22Dva?6v_0+3nep*Tz(ZleM%NY*ctOoc$G+r?YUWR2S+qLBfVJ+w6s9E`9G-J z7N7MLvEJNbg&H-b9|*4^oD`9R7iJFh8zl~+8}4A3#{GHpHIJ9ug{b;YPZG24rOqBj zVK&e0>DgJ>)tVO#iaA!A z<`x!-lSrIt4=QlV!%2y^ZDnf1Q(YD1SrKOb;CT1@jg-A6)B2=@sP@E!%WLKb%|~cL z7vSo>g_I!67oH7wG}*J4LJoE4)!$i5dl<;zi zB(`*^($vzVjqvqNo?r4%gFS}5sapN99dz2Y(%bJqm%DY7F^Fl*E}Z??2@1N`l&TiQ zymo*`Hq~#k)bEd!gGQ}$=;n0hz9A}4vn4QTPfbgsKDOc_IlZD2?C)4%5rpIUF|42W z*?pilnpHrl57-2}dGiLUzW->RJ9b-NKd#?ksQ6pG-%J=_0^8PlFAiW05Qx-Nauc_d zU0vX!4R*LW^iJsAVGqzjZCiPz4bUM1L_~=uU-QCfbA?**z!nv|=sh?v5c#455rid* zRQk;rX9NK!$$NK^s=FIgy{db5oL-~VGI6TmyW7C0QBc{p2yDK!qL2nW0!j`SPVJ7z z&mJP$bar)dWWswJ0vBadCB?){t40GZ*Zcx}F)8aRSKu82+yP~WJP6$;mo_iU7y1N9 zmjKInWX-un;F<~=!wIyps4~>MeW&1k$RcjEmkt&#M@e&8X!EdNdSg-u zU_%3w4`ji>;9$TgjXED-S_YGnDhD2>s7QZwfWD5sQqJ{s8%GJFo8t60kDIaDmqW-c zg@ca?g8&>y(S{eEz@RUa*8ySoowbn-q1D952!+ts86t>}jlE=5uoY1)v~3Ql9}lKs zs$_ixI2(M+qq<(qt|?gF-uL`}P%=bd%z1Wa-CJ4LFlG_>BV?S+$p-dTTL9^XdB?0L zzW~4|Y94Oat`SdMEsSb^uIqCwr((UihZA>#zAIIs(PEk)OR+0mN<<}HB&! z50$^8JPT71`oU_d%?NE9-{jkbyz#j?twP5`b zdQ~Ni`q{LLKu@kYK_#4YrkGVU%;SP{XVq^4mMUn!IXsg)rCl=f{xN1k8g${CV+OV= z@pxTEH2);(<{Js23=LF%E6oO_y?Sxo5*n{QVqr>`U_oKBoV z7s3ng*Fy`#_jdIyf`(jlyim)WS530uMyQg*b>79-@sJ^ljJjMhfnMH4<$jdk#rvaH z#>Pp$HAX?-+@2gB)KWAbxvgRTb?F=NgAl>L06qUF#GdZ}W56kIO^M^{%nq1b)!gROVHR_KXP*O3}pLV0J*i;AYj7oXOSIOuSG zF%8iVUDzk9sj51@ggYFK;1qG^idrJ{9Ir$Nx=gv z8l4Hk0=)3jy;fIfW~%_Sc^gZ}G$uAW$0D^(iG_dYyvtS7gH%F|0v8(7yc?hy>)08? zzE7qHPSRTpeKh|u31HWVTK!k&1kG6Oj++MTlNQ=NDC77?sQOk*R=a>ASX79jbHMAN z(?g~)xSkhr(n2LHCobLs{xet1Zj(=?H|8$^m%jsqsIw|Ny4UpQQVpb1q9R$K*QcHE z8jrPkMx~wBlr!>23)lZX5XwqQu++Svf#54WJKT3b>qs3w}n(1~HQ3 z;z##Q$nn|R#M&sR#shrZ&Z~;=!I>lLmmmVVR+8pgKdvDjXWpY@ljVtNwuoYnJVA%H zM0-GS!7UVBBKMjI^_!@*GNfd^nT0SsL`mn;(q3CkR2;_-;~|K5nW-!k>w*)zU=@UQ zJ$eDbCDv2;qU_>qebIQ0O+|L~O0I0-9a;($T>No;V`SZgIz;HZ&j~Z)uY-LEW^b# ztwZY0`f6AUks*K&4KekyYGI=uE!plQZ`ri!cV(I5DT5gy;u(`kz2d6)L1@@`}Hi>i#8?`g#3?1=Ga z!AT`3`~$x5z|?jymEU>ItSI)0cJ;JchW+BN!>St*HaTJa^BgsmfHJ(;b72{|D8_!A zufTN*%b8x6`v{%Z&Q6Y}%OAaLAP;VDh`>D7J^uuC)ZCz#xoMEA$fD}GTQ{PrD>b*W zeWHo;G-~=1AcN>%KAd>Cxv;WjqfNS;L?Hm5lpPAOf~AMeFR`}(2u#kzoTA>i-rm7e z`=&$3stESFkEj9Wl^jd!}^M^qR50q%ObLN zfwTjj_5rRV)Ie_PFLn+$CRYp=`-O6^>&y-*_aFABrUevS5ugl}R1_NT?&IpFXuM@# zPtjl%MMH~7X)Qt3(6Wa4*VS}~D4GPhy#WL1IUPzh@ob+4G_kQPSe#;tE5S}KX%&z~=Aa*@!1wfj0tz6h z<_Gx!>Wj&a73$$G*`w>;i40P_?B_M(#KtI@a-&OVUVRN_REh|5nAvILRLJSK>dQs} zFQ_Lhbw+u&N>U;EK7J}HoC0Rf63HmDv(~#B#N4wrDm4gHBHHK(^v7AN#IF9wkl5K~ zQi(&{EAiICq^2v!<8o*1F~K8E31(?s&&F9um?XTYL`s)Qv9<=R`zkt(V;F--p;I}S z;hdp+N;ff%d`vCHQA-$!RtZB%?I4Y8`r+c@rI^`g`h=57!aVu~T~QhZdlc(O_q>Z; zQAUtyqPRZlm8X_W0>xa&(MObCg<8`WT`?7>BF>2A7r!6piEqz1JZ2VTNydAL$r-&q zmW3qKQ6;pU?Nsh0%H*OY5h$3Bj|p?hu~_}0b`@Uz*(3OGmp?rKp*Myc_z5H>wBmn)b;$Phk?37roMS_99WyWnK2Y&e4Q2#|CTX~|FU#&kDj2R^M}D@* zg67}glsC8X`?c^f__Me$E}41XH7OuFOz4OaJ1l&7&DHeXh}>m*MHYgTD?U9y1od#( zb`XP_oBvvJBX@ibokq$W7bN}YP~EKzLsxr+p6h=I-??h$!`74>w)JTO8jL5I8@;tw z9ALYs(tva{I(TdYY1G@`Sp9xrd7YwnN5nr^f?+qeC|2$Ck=fepz2t)_Nbj!E5b)Uj z{+uQL0#KU(F*kri;A@$v+?-bjPf8~a4CtUkTZgY%CvKQdyym6Dc|U13tq@#nea8Ye`YC_uL~+x@h`fS~bPY2;Tye|8 z7Qp=h>;}d{@6;r*lZDB}C4DpJLET6DjCnO-pI3F+QSMrs2_Z~?Pc zGjq2gTEJk5?>&nPY2BrvH2P#yY~FR27_E)2R$Ybj96 zB0GbJBrLE+{z3H5(o3rd5QOCH5zI_|t|bl2R^8Z@b%LIDG{0a%`BjuYSubK#_6_v8wtUuuG^RWmbqAksLc2fi@6u6p&}ood3#lp@Q?q3MrV{FTvv)%n zwSdz%YP7X#sY6^Y8HUjkWMivZWI`5W`Mfc_YcQs8VG{HZ@TZ<)(bHt$Hk z8u_@^cO19_cUh^t-j=zDgrD9uZ6 z0ntu35A|)kj4al!YJYFEXAo2|S?Z(d?tq%Enyt)NkBp;OupA?vBiAySij-bdZ}1g{ zIJn<1O+0pos$eEEvY|7k;bD>IS{Aih`qU<|xWp|gaPr33vSWt*sq=09oH=HvHO|gU zT92uJuUVmJ#KaL`8dJF7d$ZWOdrMc|N1)bpB9QclxX#Khp+v1!ei84^!yb?P8n6E{ zSh8tiI;4HFz0R^}4L0l;$~lj`@wr7%Cu4HR3O(g(UpS*lohfP!j9U|jRK&J~AIpH& zNjn*-tK%=-a*U#ijv)JEkIa`Cnaqh9@9d%YyTLap z9{6~osyzRvV(9szX|Vk58P%OR6Zy}Yr=VK1 z39gB2WlIs&=A9{Nnt=p3#P)WR+E`$*e>R=>RYxshY_N`idTXLOI?Cv(UcxU8C22or*X+@PYnA3^qfp;%qFm#zL z?q)&KhUY8%N^oudql;!*gAb+Jf??Gbd*~lkl|sZ*PO#G%<#ACf57%ZseaQJJ^l(*( zCsun1dI@#)M`olyoh1sQFRfZ31v@VxB-7JRl=WdNPqnBY;yYZ7o6gfMzgNuF4I}BN zTu6LNKnP%l!Vd2(p9znQL`3cy9o_EWT1Qs#t(GXpw)^sVjho6kWXMRU3cVo?CUAQq zy{SyLRc6DteXiQ_p)E769gyfOKODoJQ#$E%kxPQ7@0O=!7^C~G>r}l#T3d01iz=-@ zIX%C&*{s+Ve~JWUssfi>B2oBOJ-f2dfplpVt(4GuJY(x61Z_TRu&<^wMB?n#EhFk%;w}*(r_C++iDC3W{J^Ax9N)c{gG@kPwHssBzq) z*LsWrQ=8u$-G%*_2^X_+hT=+`8KJo5VGoLme#z=xCYLrm)6#sge|qFi(8`yVn(-{9 z^kt%6tiFzlL{9$ptSddUd}(`K!;b*Fl@ccHgHg}8kq!X`8R1;kWm@;3&H6=wo_F!4 zkn=|z*-a9IY25>$NRA-5-|B9VKwMDq=lfx7D)eV}5?MdCBXB*Ua}mPIxCe zU8dfwYVS!Pa2CvYk}=JF&$XoGk=P2TdE1;ujk9RED^-9Ew^V*Cy_DT$KpCPumxDD+ z)Ymzjfz0^WCD~(T%K+OpDqyaG81a#h24$G_A`*WaxT$h5<|N{^`l2~AiUpd#a$aTt z)~Z6j9bgx()SqC}G?*yUvwM+Oz7U>T#4tR^O&eBHXBAM1PGrnXnsp%PIB-efr&6#yGGW%hrc-)G>`SH#$hqtq_J*ACB zQH}%d4@sYOEqo3&UGRT^=xc$O-%rR@*0+!}&mbP1-OQ&9drXqmR96VTfXB_pg<{mZuuLjh%o zw_B0d|1Ky*aQ0oZ2;d#s85Y)|brLIo%eE{mkGZr=a4D^~qQcKNpBuD zWqqLToluy1Z zT0JinAc-cr1zdD3cZib_Gnt!p6~&(?;%mHfv_>4GRa@~D&3XMD=I1q<>}p^o&_G-g34+b6tS?Jq zG&+li`+H5-6~oiu1;G^`>SEZ}WD3c2u`1@=u zAHf(b_{)mKa?f~Bw7be~W}~gYfCr}&HGu!1=CN4hcK6%ZHs05)R6|ou)K-6#@uEIh z#YhNb=yq%Spaf+imEeVu^NS0PS9@cpQ6ITAy-=)H-Sg>X`{v?gQ-x%ST3QDVGEu>?XaaMn)vpnAnPv$H^7cPy4?D-G2) z7t$t!G8Z0rZD(>&lz2z{V$smrbxSTL>lV6%!EY6@83aVjLW1h4S@9x~uH@0Xgdp^8wI9SP@FD2ZgBN z0c{SxFwmz?eOc3VH(XK@gk#1T_V(S-7*vby0j7We=wY3qgO+wJ(;0 z3x{Aa#x)$AHE26bK!V_@A!`&D(T1FdocYX4TbD;>l(rs-yG0N|pXb|VMX zr>2I^?5NwmR%h0ewAh1~a}wy4@hxT7B3t1!$$XoKUelMJLCS?tbGj7C{Pq&7dvuzs z$VSZvc+avkWs1$Db;=!2tH-lQ`CuUrWIDx$>#VIH(yh8J;@j2o^%U6>+gZtcUi`q3 z@1efrb2WpJGP-@dAFzipUBuzSFG;c$vV_W#u`Zny!I&^42tk4eDCz~$)f|Q4FRSR( z2r`|H*O;zZ3V|?{77{ykmc+$G~Z>4&IC9XUd3BpDc_54w~jLeKKcU5RKKYLXT(95`su8N6nZ({=dZIortKX zp_K(*H-qSUwfq95pgY7&N>vDR|Q*uM*|(1Jtm9FHYhD0TBhPhb?qz5z)4w3 z&Ia9_zC(Y_p!_M((Q7q9-lt!!m12EWdgM#RC0|}Tx`;6anL`jm?kAvQaCqTcLFjAH z6$JWG7l+lB{;&|*w~dI@2CmytIA|y1AC>LDqOv~=-4onSf^eI^@a2C${eJ(JB(Sh5 z7p2xK{;&TDR6Ga&$B+H-wz>!u#UBmLjQ_8n0?#?-|8C~bul1z@VUP_X@6LY>KL7j_ zzz!Auun+lj$N&0qHG_SJ5xvl*fB9Mb>nrT=(SN=B*Ma>1esF(6l51SK>;5{ShbsRx zvpX8RZ)SJ0{A|@9P2~H#%(nI)ieS_46hZn>cHkJNF8OC$aej~RW2T#6>W#H@^1BA6 z-u<>>pxbDG)c<9e2jXuf2=Ke{7{sBZ1;UTAc0h^^|2ld9J~hDACtAv%68H4)b@;!& z6^#L7dZQH8^*>M^zYhr;9E_Ysad{^IjsAaz7Hl1~FLu~q|Fh9P7~P5F4!7rAJUl=r z0?#p?IuqE?R8(~NFjb`X(^&om33mHw6N384@GakI0k}X?yC|Lmh)NWz&%qt(Wy%M5 zfQNwWN-<`NHk$8wx!wOkK9ba)fv2IQGT-HChK|L$24qwX#a6*49qfP_#ChLTV}Y1O z_wR#KdwIy$&o2+q5CDH5h_*KOE>l`j_`-f691sdhqof;uw1P@EC0x$F8DN2d#>ZlB zc#lBpz3BHnLG^w-w?<+Y=P=!CY z^Ifr}ewQ}Sb?#knZ_5`^l(E%wx5UU~<|h4_ndxc3YXC|Vl%rz+83nlH?_H8r&JOBANOR2i?C9rNMx~E?;X@4j)b=7bY=5~qV=mIZh z=t6BcWKVer$hfspq5;hA^X-`&K;0OQp{10|;~FR&IoF?JDiS%@%yTfFJGDRa+)fj} z`ohcd^VJ@RrEUNsqbhaC97qD%Z%$!h)QTkD!_+ds0oeoC0YI?CBsPeBD84u=Fs)N7 z*GwKEz36&xx1;Nk-915Z37qZw3ShmPfW0CAzAwD_rYGjyy{weF2)AurorK3PwEMM_ z1okWSbKKgwJI^0bMMCGV_19{nwIeg;wPrR93WT`0xWw7XP8AMKVXJ9*pMhPw_DVpX zn9nq+ZzLm`chfR95Y$5n7g|!i2}jS*)l5%3{RV6;IG?$nf3b2F#5pJX+z%K9cD{dq zeQnw<_9Z<)qVSxajPBZ(c05t^+3oX-83+%4cI4Xc5-iOxK-C~4BSX>iz!fzwj#T8e zyUxX)@!j2BZ&73zZlVs`?rn6aa&T~Pt~>_JbMb9eH>cY7c9-{tPnJsA zlf-} zpApyDQJ@gnua=k8kW4!Qz5_!PP9}2&KpIa^PcL%zgq#0#xYqM@6HrX91GeJ+_F!hn zo1$auVEFf02uk6*A=nDJ3{+z7);q`D!pev)gs<-^Hq#+^^_w2HqCxCcdOByuJh zzeKTu0s`i4dP?)kXhTp%*a7O|C(F4FRtNzgxqz)0P@Z_8(FAScoCB%Gd#zz&r-!lE zqb{$RoE*Km)UdoXT4OL6CYm483^MW1I>bH_HoZBl$n1Xj&b%X4tJpXPh^sCEAgSZ_ zBoDNC04X^ezn{y}_X4sNpaLP61(Z$RBsHA*gr<~x7d*tSmQ>AiXX6O!H|R#xb8zA$ zI?i0mUDZ)l~iP6_qcFkPbmt>YPJ&SWY$VsD-#T{Q{7gV?LZNJ$Ct8^voIpX*}cEym*lHVm=Wm z%*@d^87F~M!&c0_CB+zZNI)HO$K2%q4X{1Ac)=j~7O`K^`6tA}d3d#ALBb>5*3;0gDqYd*H4?F6f;) z+m;OSDyE-1VnvTjx0S)D16gki-cbif1IH4P>n3v4o8@&FARHGjOc!_aFn_!clemjrNtW4YbO+5XF zMnmFg;#T#5V?7#JhGI|0>BDbMUZ!7#-S-EyjJSM{>p7}MZ9V?k>71$NUknc(t$Fmc z(1WiQpW{_X)o9cs7FUNoIOO`Bp7a zgn&7reKhh)zcQp({Qb2zUpQxB&8F9p{h9~R^G7nOQxYElZ0X4=@Ho^8+%XUSTW<=a zm32xH07CDvi(@bm&qXPV(wD8t4i^w-1pRS^ZrM2m>Rk0J{FyZL!V?7?{^t4-=H&rS zGv@DzFNTT(wW#5{#3>xy9C*xoelrrE^-cV44sXBW*Ul3x?u~yHnypM688lHXK3v{|)%v3N+og~r9%_#!t@$dk zZ=diL%d zuNG41apQ3%?8&_%j~#g<7L;%{H$mFp^lE?SrS1Xp$r=z8NvOMI9&IC}$DWA*=YOLA z16f^K!~kA?sc3s#xn#?I}{vyCJ@t*nZ zfHJpS$`aqlV$P$5(AR6Q_of{vfgId{o7pLZZT?+tQH%0BSM_Re*0nb7CjE#QM-*JN z+*6)n+L>t|_*kmH(MghAJOmTk1mw{>0E{Jykx9+gC4PLv4A?gN*7Q$#z!GVcZhx9x zNHsao$)*>b1ME>22-O};oB(zK_cyY&-M585C6=$8%XgN#Ig=-mgpnVG{Y36TPhuZD zjvE$V!aN)K_UsG`G;zPBIvFK zO@!78UmZQD{?ir&BB-_nPA7zb{(%cxvHsGF51q1(^Gk~%iW z@Q`sCb8(c7zDa~6Gq?Fm<0l4q#{K$VTyYx8N^ADpmkN`ZaagA@zcii^?p|tAd>d!e zVDx$dW{z@JpQfalTr#VNd7|2oY(|4VD66Xuq5~Cj^exqWPh_@@(j01(axB8lqm2in z+cue_vyn3LPlp-I!6`v;JDYx0$!sA9sgZAMLllPrvOiu>Nbq_0LMV z&k1au`OMV6O%MOs5jwFiWADfxBA)yX>DgZmn%V=*$cJ|s_x53he=g=;wlVSEsb|@T z*(1go$G}raYWGCZUA5CpuGg*spzMWIda*m^OrUk&M(ORppO^pJvLNLUB z?GWABKT{|#u{!#UAqGxEdyj-8)imiJ?OnT~DP6L-4G3i%1x%c0=Ke`(T&}vyUhqW0 zi;tb8>&=kfbOgj3@~5QqbhM7MlYV2cQ)BjtxT^?Us=kgniT&eS3gEay>;*0){pVyl z#eYoq{xEg@ebt`N0Pa#4(|;b|e=O$@9I`=xE-nL#pU?mLDOmqA{O1Px>xKhps9(Nb zATK7UK)1lju7EoJl>W#@>)tDCLtiej{oUL%W{>DP^{>M_$yP~MvpC(wON#a4;1u}l zm;SY%C&dl{r$kP&+8GUd0Q4$wh*HnpyUY3jvbvhu6wk?cE2^KD6#t$h^WQnVyN*ty z)gEMdu&WwujCaBO_S?zS%ZqdeSnKWzj?=-i;wv0;DLngu43GGYl*~c81C6>7@r_Tp z8NX;j?7mG`zwD!TeKfB%Ecl<_{reucvCn3eic60FC+qpIQ&Oi3&MnW8&gp+Hi+{bc oO9%TCKRI>fe?7ZWh%bAGznN5L$Eim9{s#W^w2Uv8YdA&zAJYsPTL1t6 diff --git a/static/images/docs/perf-test-result-2.png b/static/images/docs/perf-test-result-2.png deleted file mode 100644 index 147c9870fc4a2d66c0c8837cf4e2564ec28f0ca9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 95896 zcmZ^L1#lca)~%VDnVFf!FlLN7W@cvQF*7sAn8eH!Gc&Utvt#C%;d$$S|EvAB_El+W zTAD6NE$QBS&XIbeloh3s5eN{#z`&4YWh7L=z+ia5z#v-TAU;d9TGV7dzrbBprNzLi zr-+U}Gw@C_+OA+=IMo08fXk{v5JcPgkJHvP=2Sj$dqXQ=q^xN|l8^j4$mhsy?8+TlrzPPms;r_{ z`0d-n#dG&wMsDtg?pJ+X&#j-&i~ap-{-;b^-rcT>o3|C0xw8L-+1yMj*1mPM~=rQJ}<{p26;1kKf^wmX3Xf}BWZ3|6Q ztR5zKv#d^7U!y2lb!{Htsw5Cf;=d*`QwZw6fB%yD-_4@pAWgTznPY*Yvq2~sE*jDy zWcI8z*-FO|eCO|+{7(qFAZ?5hjt-wfFbi3-@v{>UL?$(esi6WE!6+T7e&TnC zP%W4Ie476Mr{_SZdMdIg2Kk^d76=Nm|CSP&!DZD~G1LRl(ZK&(0x`kM6pdjN*2e_F zMgF&BCJ!7gwUn;~+1sQo@owZ@);*u?QN(`)xU2MCE;qci2Un??utTpxAB< z_~00qXE}-MGa6la2TFO(1-g9IQ5=)q9MsCUD)Rc1=jmb+YZ%$~yOV=)YtjYZsHII{ zFTWtGcht45CP6X6?+?y) z{M@-z0txa#W4)WC$;9tk?Y;I^OmiE+euzel^u<rRs89!VN!n*3C11S*3>@fM>NUX`-vDT`QV^6p((zTe3d_)iY$g zQ`S@KVB_ZmLJ43po10O^z-Kd#_je|hs70DZ7Na|^QYIVt%luCi5tv+CNVc@){n3;x z0XJG+6j1!F2t-+V+j|_=Qfy?5ad1a)d+4jk1U&X7$lacbkr^Ew%+l$$IOtPoEE@(2kshe% zLLj#tX4|$Vr~Am5+81Wcg>FP$rA9lL$Z7CSs2qhmzlDL1r!&j5_<3#?j&zy9pqNIt zvA-0l2meQ36EJ1G^aN%Z1IU69%j?}U5aHn?P_JS-yLTx_$Q>r&FfuzXO#EI8tAIdd z4Am}V2V-l=y60VUY-&T;Y@rh8@F!b!OFZk>E3^-RatVG){l{d|d9#9N;0Z-#B}5xV$F_zQzjYQXQqW~NFHb8?kYGIFpw9SU@2`k^)s?Od zOzZDc-_^Ms>d^@7J`=KB+L=j+5U%P#$o_#Oc+`8UC4rEtXe|BM+E45GGD6Z0PdJn7 zu$m^;xQDuVBS+ zAtKa@c$@wSX%(XPXpULeH=$>ak+<+zr>9NdjCKjroe|xRr2fF7nxhqoAHeC?h&K$= z|5mi1q*h;433`8GT2l2K!Mdzc=(uQ^N?uK8haKYq)8X*FbUe9!cx*l0;SGqDN;W%0 z0VoW|UURw(64#riC-#&!+WQ}($XjUY;ruZy@LtJDANPUqPPtVYSX#^Uso2x8{rd7+ z-HbwcWtvMVd}BUkbOk#~o4yq0HUaq~juIYE0@pbgN)F!Mw2p)hNyor(no zNr+dh3I`VlEAm5*qmrpOFg<1Ucxr_en+HR#B*9xX~PF>9AJ`SF(>=X~e z-B;c&h)vcRn~;=!B0Bl)X}lfsGvPRZK`yoPpST|NGt|IS{v}ulhri`~fdqG!Aw672 zFAKkQE8Z@4$}|XHK);XZprz!tV@4gzri$d=&A%!ABQ_P5!#gJg&v zR3761jgcv$XKF2|k!j(1E@E~NG5EVCOk^Vo@jF7AuTEeHjh)s598{>5g}|0r&#zSM z+)vV#!y7pKsydP2Fh=}gx&}WvZQDq!@~GKD;0%I)0 zIb{bm;e~%~`R!BTim9!~*sADD9QZ+3mqaPu{x16nZ@aCRw;&#epQ|k;(hCMC92Pu) z$@VqvA4cUUf_K0ha<9vCID{Qj3FcomaQMJ|OE>$$Xa4s5mkP2_UeII!?so?r$yg(a zIc1-Ii_dlZB&sm=GII**eQlF=JD+!uDg&2H2=eRYZpm3{#kxZWv$qGXf|;=fe;t)W zT>C|7tyRnWgtIjB7}DXvi6oV5gw{pjB@c(%zlk)^0F0U zi^NwmBl`^|v@7O^3VBs`U~D6I8ZrNVzUE*NV;ZHSoqy)Vjxf`c*2zn>I1KO=X3b>I zV8@HpaKO1;ww#;Bc-{K9Q*i4N49-pfBSstc=GdU8G9rgu`8u{*%M!wauWz}x8rH~> zJd&1(!H@Z5S+w{)d1}ofuJGk$L=@tIL8Bb~k+J4%G-u$?j`5P6m zNc36^J+|x|%;W^~wW)Co&wl!M#e`;>N7|YkzvFBixHs36hD)Yw3uv*Phyn@)k*q+J zyxCetx0|b5(%1I-PL8DCWpK6vHDcy8SB0nc6JUIY}H0bLSf{{&%H?B(KV(^en3@RX%4(I{0_cx*XQ%B@Mg#~ORL zKQ!<_LI@16d9l_b5(Ns?75=O(!9Zz7a7??ibvuT%c&viU*w(ZsM^(&ez{Bj`2>?qn zlz&_yD@gcyaE3*30amuNOo` zS4K(>_Ao3cq~!+!_C*bGeL`CaUl1k4_#t*K!A`NG>^v~*&E3+5;u>!(6-h0&H!6Cf zRCbD9@4!R!Nm01Az7n?-KuLXPoM%ArG@6UJex8qXo zU*RzpKgomIRu(q4b(Pgwt-i>pk{bg7-Y9{MF@X^D$v&Z{^2@yD-wf6n=oNyf%EXJM zg~&q6#E2_WLl)=oD*XDV!!=z0svM(Abb=9T}GlOzE1u7G{cb3 zj&=;j(mF>7pRysYU0Wm1-(x*FYfPNBzDAz{THA>w~uXGBY79$7fy}V@6wD8zR>0ek0!=>v{+$ z$h+-t##9kQ5X(23fA6qFD6pvGG0YgL&1z zJrFPz{wOLyU^L7d#c@E2M@c+3l6X+Lpa#B&l z^7PE@_jm|wzh)-ia4JYbvSlc*Eq@9u#CPHhmkv4%QD=)|7+&e;5;fKl~BBt!-Cr7O2Tb&BZj zN)WNAN(s&t_vEl}T0W0Zdea3`e0pIa_z%P3Y)Xs_D$5)-&=Vd_|Du7{BD+cr3~BLe zLI%pr|FKlE&?6~ToQJ!O`@>h3Yd*Qpl40B<2YM!O{eF(^d0nDrU0vKH%;XEBN82r#o~#9R_`u zP~l^&{-M>EG2%Q-j62d-a9E@3*twWN_B3CuW&!M!Lk~;-hp7j_NrVCY{r&Cjt8~S~ zx1cog-)&ODBHl)$7p9LaWmW5$MYW@;lrSIEL^2Ekmzx}m-Ba0|zP6mTYTD5eVB?2k z_I4+fYj9Kq3#ohImO*LbVi4W!J+FI~53r9UzGt)ae%*9iViqumup)p!m_x1?u3eU9 zDRZ`B7`RMCh2S0Gne+2tfSmJXf<^Z8?~gg2l{6aGIGC<-yMZxRPn z9@ogoP|~fXV%t7Nc+tQdwb$N_=|O??Om-Yo2V?~=^}-bi4RdRI2_hO!iNbZb6>ul{ z43;kyLlW(r%l#PGI-Hc*(XVRz8^>aP`@`d8G0MTR@|pW`;yJC?LxfSojX|n*_aTgX zismxA(`< z$mqzhO9_or%`yy=6J_V~6=)I8Mi3{MX{@is(ws1cu7^pd!KEB@fE6yiX;EeMKqs7C z8H1OpMqghL#S@Q^VS(5Ms@(u*TSNx&`F>!uu=#YQOkcEVc`nugNr$neio3vi2ds$} zBZU8SQxdOpOQ4BO`zCiy9?L)7df^q^K+^Y(qA8tIY2MmcH>Fe4yzO+NvutC}gi=(& zTt@WzMiOCji`KLRp%q4lQ6`n#%5-sC#OZ6BBseN^qvzC^f*V?J!q|JX7AJTsA!l(f zh(1hw*+Ub9$5c8(!Zz^P)#^}2ijJ5f3h?BVoa|hjbTfuqM6)^IKEw7q+OnaZL_s}2 zk){X1uGw?ye2`uSoJ3C&&FHl;KS*KGZ%<2Q;ovo%`o|^vbQCp%#6M#R*)UX}(jB7U zdCv3e?TWWcx;9!sbb-FowYTaILC|>3a)4$F1BCZmLi+lWcra3IvnQ6`Ch+I zx|2~lJdzDz)CGE0*N>?1ZlNXS8MMg{dk(Gjt!2g zUO%H+V~AUNZZG@ZZ)6D~f_RBxhqrc+mHGm#jadP#kJIYNZfsjGQ{3-@m!45UKc;G( zw#KWv??i9$u~-VDRo$QRA*b*C8P?CQ82nT5g4YAl(a{&4!^zb0 zB!REj(1`RZbG89&mGW^G(N+#a5HS=#S@`51+@K2=9+c z$ADX<5rvP*X2L?%29Db!0Yuem(!O2!(=NRN5EAttkFOkp2rmbAN8+a zsaYrUZ;%%K?^pi-ww~gX{ygz;*<5x$9DeNdM_8IFop^ujE4_zCxXeK&@a;w}xVl@9 zov*iu+)i+QJQaLAt=ZP>WQaT$iwJy{z#Ue>qbr+h%7(w?Om9!ZGpC|*HXFj?@au}R|UV@-(_XDYD4Kn87CXMvz5 z>dgL}I(|k;CE+Kt=v9%A*IV1_w(v{D3*Da;6>1ZuX6WQS&c~Rvim|4#oAFq4{fLV= z=tt-fZT@}!30$ISG_+*6e>71)*E5C?4(}g@)?3rTuv9cJ;?JpPT5A)vb99{cE(Jj- z@$G~LygjF-r@QnI+xu&3;<6M_L$xryy*v!VNTf@^IO!&Y_o+p-X!OO?To{KscpF_f;2p(pd&LD8I409AI7-KvWBmQh}Z&#G> z_`9TwD)M?I?EhT5WS(Sny!AQMYKr^^zFRN9BS-^Qtl`__g22CXvi`aft45gU$_;$V z2z**<>H53jI$g&kc+tA&v1VQV*)Z#i$zJ-EXW)Y;T;9RKfyn!H0(w;YcO1t1PemE< zsg;v@ZG&2y$c)bG$62&)`bpo>b}HqWWjmcxAto&B=Vxb=e5%F1c)y&tkb0~bcfTI6 zA~u2et#Rk+Z+EtPLr?{;fK> zroJ$UK)W*L{wme{+$H(Mo$jCJ`CtUM*!_OmeSf~5kz*Phn~42LdO(rW+JMN?x?L{v zMo%2HK796c8}d=9-GKH>l_`3w6JF0`b+7!-bQmHo#S9gKrF`8L)hHUZ_AOfV!5kV~ z&-C9}_-`i2qpdxx#Zqx%;#Bof-zge@ovo9!gmypWbU)pSe7FXeyUZac6OM}E&Q79! z)A{Aa9*sSRhp#fken`0WD8;LlEHJTHq4{vJ`I0D(LQhXGE2R0YY(D}ybzTtRo5`=~ zJOHkCH$bRw?56V(6gyDbprC^goOaiyPd5{V58gGz5%-;-l?=A~!lr z!1z|v(4TvU->#YBcb7aqde=h8GuD^la~!d>Us;tZut<0_p9P2Ll8Xxqp+A_?hU1Cl zwVu;74YJy)upG#4a6F&#nuP{YdcFjHy5N&>FB|DF@(e@ap&4dZtFJ3w>;8K+e&6GT zXBwvdo=Y&je-b-jFJi^Nn2$uRYzj^3QKVbSY>W57PeM0=_*ZfzA}EOKan^3T3W)}) zzbvT^@|^NYNQm>>2EONM+V>FSgSCSpv3I|$aFg2ZSj5~KlA<}R=!>H+=k+}|xkG-j zAVPw6633R+%A45Y78Vu?x!kik93ZkyP3J$bZYw#>ZaHNse7`5vgzr=5fcvpp8U-C3 zbkOjl9q!~fc4Zmt1EBk@+!xAzObAx!NdYm^eExUiMIsWcMZ1~H9Z~(lybaS_4NQ~o zdt_$-I!8<7m(^Bh%IDOVPTWf;+x&DYEK#q`zziiXGLb0Pd>JTfzLc)VUBvruts>Vh z35;#}AVmLYwYZhmv7Bl;5n6MHwZXB|0MGd~ciX3B|lm&c2{cU;2N;@f{xc($#nJj>|4zvgY7P zJ!xWhte5eX`RN|y&&!_xf>PL|gXn;) z6)Ia=3r$+B?oT|NUpz(qR%e^2Sqd?LSgYk<1lYJA!glaqrfA_xQOB0M+<$Ui7=mI_ zoc{77rJb)Ns+H};q`T*#`@^3x?zB>CrK)ELD&C)(DGaV2*U)cv>lZMN$WC+ss+<4z z`E%X-rt{WxzY7qae$S>%k?BDv&&5}OR{53;Uh+Z$VHKIx4Y}FZH1moZc7yb-Lphv!VMN3oY7qu1R;rPDE99{tBQzYZwP~09_GG&6`jc4}@G1X>y zE=+LYsPxv`g(v)n^Kx68eS6sQq~6wR?suYqr*1%u@+UppjMNo=FEUNccq29%$p5rG zY%Dt#(_sYsQAx}ri!+J68HD%?i&KgzYHHZ%{!nI;JHH`lwkpn6T-{r+ap_{|gtAdt z9-P?}dZL0k-j&|rmAavuB0^3mKB7F%w)d@%m%uZzFyV&HNg(z)U2S~9=mFIHDT72~ zgeW((8$l{YnsEL5GdOd#@<}4sWIUKKBTI@N2R#UxUg`XyvjY>rheHXod*TiqzU>6e zANL!sO6^4b%!2x@sdx4sqV-AO7se>(g}LREdPU*XL@RO|!;%Y=xn87NAMW z|LqVdV?k(YP168%F|_;|g-PmjM2^yI89_6X*@Z{Xw=BH-9e|dUr}!RY_zE#H!GD&$ zFVr6`=Zy9zQWrIp8UE}WvchKKw*o*8Igk_#y>wRL%u?v76cM4pAN=m&Hfd*4q zc}?hHLwrX8>#?r@QojyKsw*6chIKttsuYPuwI2+ror(EK(n}&>+3K#q7b>I1?H@ZQ12p7Vzamp-jvhvjZHV)qE5UGl)Qzc)9W4K?)+=N=_`H=(63O&XCu81mP!) zCKg$tQ?Ahj1_%}_&0*3Z<2r@aprV|a3h$Rd2%s7QOCp#zSJI?do*{+O*O4xyG9fV+ z6=5N{{WHB|FXCMBO|}OE!UYvZWKj1386Xkw8?!EHwh+a^!aXL*XAzISf*iC%D5P7) zBBH|8JdAS_mK)1hMG&3n1^iL#U1Tl}4d+cB&|%tQ%98-vx?3;T&|$KwyZyY?Eo4G2 ze1zUX>Rid8%Bz{!mN~%9otAq=x-z@fw5)E!_c~l3R9W37zlY=qaY!GkD^8Lm4$oBa zco$CSu&pt%7#!Mr&f(p5Yl;aamly_J_mfI7RM&n9bzsqzbL_|ZMu#gPCb-8wH?MpO zJH59ui7!0;jK~I(?jl+H!KGoGxCC&VWe!h0gMbsU!Cj9be%;GZ0-HXTIux8jjRWHp zGyNP&vl1oap(ntbw_({pQ3SLz8g)MTQI1g`imWaT@$-<}ZDnFEM%T-d@;TSb`16kFbN4e#Q2rH~d^{Q{McEz;7c*&i5!b(sl&L0g%0Or}OH z?z-k3pY1CP94{s~XM79H_aTBRX2{=aF~|V6gy~!| zc2-bM7K2t{d&&-5o6g606T)iED%-4~v>I}E$T*yC%;`ciwFOP=3GP4gG~_$|LXjVn zaO(Oj!@w*J+y=oceJI<>?Je6RO|2ogrT~|Mm^7aaERi!2uK3BxYirh~L(&gurPQX2 zHwHtt2d#n;RY2fECc17MiB+a+&zr!XBLlL9t(64LsFh3_MIMW%R-#5Kqw5faQqy=g zW7{9+73G~-+l7`eGzU*&xb6aT2L39&l06w6if_ ze=#yJ!4b>q<3<7(AOvdJeVkc}6w|UH;m6)#reFst5R}M%uV- zGGcRq+)K(zBvFhB0(SQyx-qmP&j$m@b4bQlL`B83!J%z6k$`K!_;SK45)CA@XY9_f zuDGpPZMr!6usYc|1&v1PjU-@nc28xW9+dIMK!M;QsEiz8hE589Fa9{yJA{5YUj%5m zP5BHXMEYwb92{us1YRI_EOTWE(NZ_9MFVacI-sz5hi0K;!3ki=%MU^5NgS4Gr^W>( zP}iEbm+8AH?qj?3#wo%X`+WhG#j_jG;du6dMpJeY*2I*+SScfAhjb<6P=;7L;}vCm*&$!7Db+|*sN{s+kSmS?kf>uSOfi)SX##d#-_%4Z@S=lZ#_*FSbqf^S7>5ctD%D+BUCAfP;bv?FPk-q8t_ z5!?(>2~k&V;ulDs6;IMF4mVRZ<}Vh5dwc{VZaPxzn#wTtJQlz#EvYypvjOQ}{Ta9^ zR0VV3nVMN3d^ro$J1dCab-#!pWDHHjEJ~c9DMjVZQ%7-O=gEpO7Cue+yEFBC2XY`% z;rz|-X2t%N6CT2oAB?heA}KDBK3uqqES;yn)`(FU4HBno75%@hIb0xZti7< zK3GsPq%D{yCJyit&#i7H<{!hM8>dbTD*so`xrqZi)qO!vJAgf+Q6yx+H*)CNrVH6+tvb`miS~;yz4P!fRtW z_ggO3$rMv85IL|^!EaQ#_{w#(x=Y#Z!ekJ7R+^uK4&K`s8pCug(^EG@>-8j9cESm< zHY__Dq7xa=IBKKU{bP+g2g3Rwl~fD7Zp9v^1tFqjxZmh&Sw0@&`6z zQu4ooM+WsH496#xu^2RFH(!MV)~;|whz4%JurlL9dpUX(NsO<1zOXH~aa+>M?5s?@ zwFGv-_`o947SWPTAi&0Mj5Q2V0$#PLY7tDHK&|2m;D}&c^hm{04o#m@kQ*Y7Dg5wT zdoh%N!`r5cwq7}u9+5-W7Oc@JigLNY7%cHpz08mcQM5N#0e8;ZS*%#^4J70hv^+W& zT(*+#Oitf)dKtM^81;E9HhUIan3jKFlMN>14cvAi%kTorq*`CZYuE!#FU~nZ0`3@EX(>xps zczezC9K2{dh9#71wod^Vnx}r$4x2kW1>15a-UCTx#cI&dt&_`l*sbkLvXj1D++y+wdS$r$2U5rxtpo@wIHL3VRgKRUpvm zj38vg3AdbL(chISo=Q-W3@RvQolMtuim#SKa%}t{H;~ZsNh=Wyz-{%<-(RH&DtKqr zQ#4YF6IXT+dfc?mzJQ5Qj8Fb`e%ozr8=bEaNTjaDtWy0m)}tAlGXZJHKI*H2rI#3o z++4d8Ry~kMI!<*lk|dLx*h`V?4$-2w@kv3gros1xV`Ddn*PfSzjN&B`5g}VZ@r26j zjJ=XX16AY|ZV(8sdz#u%I^_H2#y|rug1Lt3TJ|u(UiaS(47DklXR($5)$DK?zRpiT>#GH^jA74deGGs-=Tu}ftVD<@BMHIgS5nQ^_JykyS_9qSb=~I;e3(A= za4A?@#aha_5W|XnLo;@r*X27Ztz&&|bbuOs)Jt=Qot>lB-XXuS%d-Sr3Fil8~EMI}{;(ipwUYW4pO%Na+u; z#0EHBP+zI=d@_V;deSVanx`yaZi^CIeM2WPCJLv;)9zJKN_(M*qp92fN~NL<(J$^$ zW{0@h5|UJ*sztH}t$9}O+39bxvwO~TzJc2!m)lrELZ)n^_laExHxWQb{K$OofilNr zwdXodA zmJZv{uIHmMS#B~bz^2Y$Yw4?kaRikK>4BDIEh~Bs&iCw9`dPOx@JQmJk`vALhFpoi zvMPWRq-d!OHD)F#Te^B^6 zGI%mV{OoagSTx;wj71OG+bYjz_A0nkBRFt$y;#7Y9$^NBVqi~6 zIW;M>lv~xq?dVcDp@-nDm(-n7!7(u>>-xR@T^|0L2hsL@t;@N;G-*@eK+RBRtVgFJ zxQLETzlymfUd8%f=M9sQc*8R#eQpC8D3^75ttiZT9MLuL9C)m2@!)U=k%>fP!~TE= z{;X5lL^AReaoFczy$-Xa6cFT3oUFL=BN4?Y$zFepmhi6S6II#O^zXx8$&g_Dp7G*> zGZB!&EI3><6@hO>PeMBuJ~we(S&c5Lg?JsqehRhnJk1j=PhXW^Fv3067qn%~&HFsl zU|?fwM}Rj&ki3#87pGxYXme`!tEbNIyNi@DiQH5~PWOWxmT@AF?3w z!H8|uC0oY6YJ#0KLIQV`Ko9)3M@Cim*x0X!cQX|W26f+2muvCJ7MY2B6dFa+5p_3e zHx1U}YjH1C7s`p8jWerzL_!nFe_68F$mSseV1{mz<=5z<7w!@`&H!o}M~A3JPkWjg z6^Rvnc}#nT9y(92Hr<9Uu@sBrI~sn5fq>PV;fs89a+UF7xUFz4rQXE>LZJyjGNdg= zUMjmLMnrn=P-)==7+OZLR`p_~Kj1{N01jv5DN<7kc#d45;FW8_UC^C&#wklBN|E1l~+ z&XVc$upw_zaD#~!Yf|9QrY=x<8!B?%*6VWilSL<<>~oxV=XJqo{PN4g8}dNex2Q%k z@X&cR%gIU@r+t`G3mz2FPQ$(!aAqvg%DN=+1(C34nT``9Y<;>wLmtKq;{ZVcdPmeA zGV2LynR1DfZ4*v%xSWRbQ&AZM}rh$TVJO3SB>l5%7a&_J@!knZIC zVGPNWW^7A0GHA7%!BT+KzZ!RRHDiHLpCbB(dr%k>3QL0-pHt~|iNTis^jwEd963)# zGx$YKhGD`;1O1`WL8qSq5W^K{*tk{>GTJYbHk1jrNglE3etMtAz9@(LtsG-$VHvbsfEQk#equ1Cy8-Nkwx6^EGOVDGzaoqp zMw6VB-rnVzJTb>A zK2s&KUwOkykD#zz7nwq5daT-wJd6&Bt|J`kjudHB=mBF$9yf5vyetPD#flv%v1g{1 zjH$b^^>-ubj=r8&dy}ru7P_nrJARAW@anfmD3v*V^q(tMA#Q}rY_Zan0|C2~WYfW< z%&~VznMcw%CRq+dZYNL*c4BVw*GcwKIE&7AhQ-R zMxfEmuo#e$v_gZ_^$I$Xmxh%UlqviOnX0KaZze6Gi+axFiy>!3R<(zCgu-cIEzlh- zI;J65E0(*hT)sZ~oG=%8H2c?epxO6@r5)JN#^FodWeFjZjc1%PWJU2g+y3#y?MhRI zUlkeI@5zlii_|%}Bt2U=+xKxuKAUppw^J!!8amfh`0J;=UDgA4-p)@B35a2q7enX0 zc%C;Tx*1Q0UkA2R?xM&ncI%SVK(jEqD)YD{#3 zu%ii$?l<31+A7&0GXT7W0wH||zHVd$wkyMYEl&>X@Z+(-$OHnR)`*Db;>(SNa^>!G zOTOjQofu_&|7englLaGiCqJ)alR7b9fWi`wDIHrO@j)?$kbp=30n&o^?o;S%$(9h* zrX5iKh_VLx%#yZU9}eKe?-`#GiP2IR6>X^mIj%#a-4Y;X5JqJ4o@7DY1;`{>g6o@B^0%c@VGz{Me%xP~P+HMyH7{69ZV8II8QKtb zLk$a&CP#8TFch9=O24w`3=*O!AhGFMDWuREG$V&hFoX;vd@DU_msHT>9rK&CGrlU9ne-wb1P;%i&5A3tZAT`{;$E}Ff#)xE9S&i~(ZoGQvfbK%v zB!kye61od&`f^f-=bS^J#hF5r^fgb1kf+0PSRuXos|WfBKj`Yg#0w0D!5l)iOMi-| z_~{l*6xLas2LBtL(XHynx|#&S4NRBzc`VfuSU_e%chgLU4BU^aVy{-qN&fzPhQyBQ z)-e>n*OAx#!z@N;{El=zx!hnMJk4mAj@Q0*u{=^pjn#VvgB^!G6j8)L+fZK>CFhGd zA9O1%l|musxvD|gy7d^|O3f$%sxGi?2?aD8V_H@!UYNS@b+!CIgMAa~41Jh<=z?j0 zW4D~qzF0!rrIQ`Jbj6q=^0TMX(%gh8n=!+$9@)H!U~-j<-Vo^W+&KKXoIx6CM{ZOC z{4oMtDC<8&RW|xCa0b|wnEKT8$T8~%$?Ge3=@8<=kHebiJohD#Yb#CS#zIE5j`0Hl zcf4sUn0MS7!jE~}X?e<1n^ds6FhmFa$ojV9bUGn^^RFrhdeN2M?PWKf_HdZh6gCq;J9;t%4*0mQ** z#qn>7@A=v4OeKNs#6OUv5R9)U+BlhlR&&BN#h+~1_t=QL1 zBM|wLtlfh*MC@HvcsEfbs7hH_GBH-d=cOJ7bS2-5R=}>Ph%+zp_VKb6$!m)f9gP{p z;-HI5Ejw8DGV&b*Z-(sCnyNfJkoZaKH1@B^G-Kek?m4Z-gI!3>0CC5n&Y89GYFw#Y5rT8Xel|Lxz z+9Z_sbWco&)|oPEKfVR^sLq5ntb@nAyC0gB!M$v?v+UvOsji{EDD z@twzCwl46R-$F~cW=dvVsZ}me@8!UOVs#13JfF=NR-d}=|3s+QyJf@hqTkD>Xp1^6 z!G|&miq~C(t}gdlz_(pq$dHO62)`hC zr28KO)79tPd@s2R`$9%^g+USo4&le%Fvpn`SuhA8{fnGomH!6|u4ZPSLJ3)CpdZGl zS8NPGm%%9Z{0oXBZ-Z&V$U!+T@tDny$3UEaxFAT!gLu3@!ua4v;CXC$Yd7r7L=VY? zg#G?fI;*2AHLorU{v3Hg-6i5LG+wdaHETQp0)H9Mj4jtWy?2Ux5}?w@KVSVL?CYdc z+T5QwTq63p(Nae}9Q>`d?|74_dD0}Pi726*-8k%pVana4N-P&Wz}UNIEVoq>=hbXS zBmb;2Qo(p<1>NCSE3&yPm~1<*v_{>SX1(iC#%BJ@)epoU9Hlhihj9+p|{P``U;IsI0_LB`LL7P{b^U21GPgyk5~oUI~U*=w1EGGy&JU2$Qg7%mkxW z7OlK&w3J*-;KHA0k5cj@gZ7vL6_v%9#b8X#u{FV<;gHL@Cd5YyBW4T$`iO|fgz6DV zg@;NN*;C?icPzeg#G0Rn34oRaq-c0FXcmx&{h_=}v(BKvqo^hnHq;k%ijHYYYP=8Qcu#pjFKEr%Nz>?<`J6}ltel>XsX92w#W(GPzz5s!^i*{ z*Q3aU>{~FzA(kY68AM^dXb>nQX}>h<>f1EcGeUD`z#X*|7t1!Xe@MQPfj~}RV#=2h zqY_m@8aKttrgE0r#}e9YTr1Z>3jgn$@v1J`eq^mVkb0S;&b;c!xv|^=R6?uttP_&W zbfq>#5=whSbO7_!z8{}&^jT)Ve*WzNJ7i*VL*pu(6a)<>AZXRVDF}l&fs4j;6?64* z9!eUag$4BX3pnXveW*Hj6*p8V=7e7y&ZQOaNkJSF41xq8dP@_iXAq9^8* z%3}NF8GSz~?O6Wai8qr>l~W-T1nSphi#q^e3^ev-UHpO7HD&{5#$^qIO{vEghUc}y z&>ZP0_eCw((r&1*u3AGw4qFFfiFLjS{yQW;`}Lea%%1<=OJX`C%8a^kwI zTEC^;9BLO@9Tl^_V+p0=;HaBHrH_j+nqkND)C&y~5}lI^A;(b-CTt~XXpLIfS zw&He7ge3VqNpRNk^H>D5H#9OLNrES~WubgEju3@U305cVlpOR^bl~Iul%5k(ay823 zUI>Evxk1Qg$&<)f?W&hvJ^DMAM@2{Qys;v-Mj>}fb>9b18z^$tMu`>-t2iMCKUXXi zB`gQ1b24`I>FuDCBfYZ0fM_G!QI{6zUJNCSGM-6;*TC`YNn@e-`nRt=RCg?xrv3P z3xP}t8Lz}QZBMKleen1OLd;{z&3lv;lm|wd`5DWC!*9y|$m>UXC!SP%(3B0W0b{L* z)$E>9b6BeWe2~9&ha9s#nVxHFpY)X4rBWm0u3V&ZlXf+iw?Z@B?KpwwFhRw)F@=ao zu7?E3M!Wiy9D2ptmmJ6WTr7 z#2#bAru2ng6s0o@1Xl~yFt6SA+dn{L#_(n-NQp%``fOqyP{HVqt6)L!D0N%f6fLf! z76@xlCN8>*#D83)m2v!v=)$=Y*}0fqjJ5S!Kd{|>{0&ue*xSgbV9S^wR*8TuL^`_5 zcQ^F>bs>E6U3B!~K?^j2u^B6nzhgAonM`(# z;xwJ_iZ2#ve^hTg{7qg(P-)}Y(v?5vYi>p}tek++{uXm?uw?PEWtUuL)hr#)$c=0s zt*Yf$UkmuG1CV#*C7I)o7%-Tr(p|_0ej{u$|i|A2YJDJ|7yh@%oWt? zRl|}#`x7$=78w2pxUGnwgoe+M)Vl0Z6pWUS3zSpN;~!iwu)CkPl2d}vWU=IWop=ek zR#MGr!Zh+t_%LzHsBuuJ6k(1Hl)_a-NXo%9%c^}>$5KsBC5H_Vk^F{gm|5&{TdvF} zcf%==p^{ee$8T2%1%qNVsi&wB3V7(TN_xHf5qXF4@{^HGg?rZSFR4Ghv+d_Er38}| z!8FDmDTVTi?Ne;FD1imL9^mn!#X-GR@I6O+fvcgSPtct)x*?s%%o-)k6vrf`sYd=m zfm|*QZug`m706R(VBpzV`UZCdNeVA@hj5@5H&rby%L)lBkdT+W<6^;0X##~>-0f3J z+Ni2=!>ZsX0$P6oxo{#WIc7w>H)zSW{Ok!IC8;(;eAIQx8|#W4(Aqg6ZgWUhed*64 zND)8@8J@G4dT|ZZVtu>_G9ZcqtKw6#_08ZCqpf|SXqy_ZYrXYoxVIy$j1wc@gOtmwy)hWW;*bvvGGF7s4FD9B9%_X3ub>CF0fjV11qKg~~jzG*B+MiIPAwBFOrz*?JLZ4unT{>FnGFH z*%R$Vl9WF*8X|S&g;%P;&(BzDr;rGo%eda@2soc=1>|BON5T=5h4WI8=jH67(Z8qb z3&vulA!5TeeNOAVaGdj0sYjz-M)@sR^!$vK>$S!#`u^&4r%#r4hhJ^3u zZzWKT1RbGP_2IaZh=>sogBxF5gM-iq7!VWq`Oj#w(mZ&#HG>(@sxtVqC<@KZ8a2&= z*`6S^R<2<-)DI0?R}~(>d*5DiRi+{e=ejGEKZxd~c}%>AKFZf|vKM>5D6$jgr4d`` zwOcUq>KtLrbI%usZq%MAN^7^RipqjF?f^ZU;4B=^*te_48FcR@?3!byC9UIpuf(S{ z>V)=ny&!PWTmAdcX0k+}V9t zjsRS<$G9y-N5NoYDNgxh^+%5LYYa+@xplZZgc09_kK2y?6^@&l^_T-}T}5!+gE%0* zoKayNJ!gO8;(Hq$*LBj#m^-LmtusDr^gDgTfgCSh69_+U~mYwWWk*WIKnipv$s+jcTx?`OEaD z_`Gft&THmyICK@-ElKe!`iSzHcC5_{w%f`0}+v-ph#uCLhs|JV*Jnki!V=yxnw` znz;jVtE74XgP;jPb=VO19U^CGAYNp*)t5z4ns^9!UJ1cQ;R`eST!+?jO zPAIOtxf;pBrjlPt!fCUs@9GL5H6jim*oVFn(mWyo-tAWUhg9?!^d zR1Oz7$2br^Dp(zZ7^B4B{#HtD#RDTOpy2_%V z;kF~{!wTi5Xxf$;EYCti;yKD>>_T(Hb%y;3%ZM53A(!n~dbi{(4s&Pw!IDQI$WFT& zB^-B)Yfku(E%8mC*YgA3$6sLIK-mag+^$8MX%|nHweWOs5LLJ(83~++$a*5OwtCk$)Hpt%t_0f6h+$ zP$7@AEn`8#K#)&-mhwFeIScW%4ZXOnZ<%=p>H|GJb;0RJi`;8}sm6@0{k*Fn$uL(Y zyxmY;12zq9q(&xw^f2wfa7k`LBVLkj@dzx1?r$AmY}!n7a9epM*(0^O_|XK6njdTr zf^p|mr83dIjCnl63EbRZuu!CJ6t+{K+&1ru=G_AXO7pp4|79K&(u0h^OKDa(+|S=v zE&q@APnZR5wI0itYDbgqGxr1vH%{P}S_0U_(Tm}59LvSVI7mf4>1}4JhKlzpa6odhYSf9PT~yr81^f8n@b9yH zwoR12lO=xEQoUOs)M5k|koe;s`~~+bBM=w`{Ux%dXJvFXUr!+$2FF9UcM-P2b=@-H zA*-8Scw|OGfk$CxZqzYZSODXwI5agY3I{)ZEt8)@OwtkQsbw<|a?pX5Fr5eI=j1*o0h6Dx* zHLKXatLemZv0-LC>ks*iFTjPcF3?zhsDP$NBS2zY^^@$lq(4_jBAj>IuCA^n%(Kmo8vv2d z3vi2aaB_Z)7gS0I3ivJq(d3%}UmqSWt}@e3-MAp%USYzkMRj|7Tf7DEeuU>dZc=4% z+RA*_`~pxF|8t5!>c=u{pG&{vJh6NP^I!i5xxnhW&6xtOod>Sx6YIW697;oaz1GXa zx^YG(CWWS1ei=W&!HP&E$S=GKEp+>1do&}VX&oQ{Y1bI_0uF$S9lz(DMSgF<_E1uf z+gR0h4tK9gk10#xlh2-_>of?@)E2AGv#Wxo=Q0U6Y17lwQ8B!Z8fFA9C&cQ%eE%+h zcaf;^*BGCF1`r(KUf<&5QIAo&ZC}BEccC+{5Do=^0Fgi(J6stKjRP-#_TF1_;UJf<2DYvT{KZg zcchzxI(5qRo>p#_+*in3 zp4XY4*NY3HOUujU%1kK!J;=aNzvlfU^Nr5@IeW&#)+i8VQxNeuPf?ik`AOmZ=3P;5 zWd-404W2DyOx>0Ycg3$5%@Tu#(ipzuW`}hE``D$mB{hxv=A?6G77m(ZOyqM6HlEOT!_E}eZ)>%eUL&8GOM;itCa)`RlmH*y(+ z5T_ORi<`|$4&8{pYq@>ap#97Pl}nBMDnbn!b(RImMM;`;4HcETX?Z@9*1Y$5jk5=R zc=nO)Qa`e~sdBuh028Z`EE+|@op5n+F*dJDF-MLt72b^BW4~XfNyh>(CQ`*HyZ2WI zO~Z`e3bCy@Jx*6^YgyUMwuX`d>1`Jp83HH`oWnU}ze#2a^BSKg3MqArX=I->VPP|7e+N$F$If^&0Tjfk+3L)@TD~hbSHIq; z{j-izsa5Zkm@yd>wm5NkEXKo?4k6NBNg|&fE!A;>8+_3bz_?a>v+RXtBvy_L(tyXL zUmfSL{=NEj$!#GDE$%eSYh`|3=FYneb-TN$ZNg|G9&l4~Y>FKE-;8ShS}v&CD^)P|MEZLX-Dm8YeZ zy9_v-ce>_6l)+kSEBC*f=(m{s?qvB$A{cyu`;k>6bgh=IjpueXphzz5{Q2R;nHjV1 z;`#f{GQ3M9u((Ckm6hvNwcpd`Ec?AYVY@xw?M$EkVetlRtZ*eSWq%=ndfyX&uPgRu zvFHg!vAc?wBA3zNce;E^QsZPy5xs4%u0xCn^rr{I6&HoXH;0SFR71{BybYcOoch)cT%;Jf1 zt{Bw$d8$W4D1Ivl>*Fo(xKtL5dRmWQ+8)nQaKVTY%@CtCvI7A!H~>EKH# zREh*Z@g&T8gx>Z_{1ny|W_zAEZiHb&LqoA| zs1Z~9EvYknqodDUttkW)LUlkfa+_khN5C6*z{`G01H^64XOl(LV8#}=Y3A8?ugnQ{ zL`UQg$QvY`2-3_NW8d=O{uTt-k;P_?&H!3wRmxZ6W0mnBCvv=0~<*G!PRWNY%*{N|cf_ctQ_ zsJx4n{@6V^$GOFw!K1G;B2!=j@o|qmt^?KQs<}%ga_>Nd$W)QT2w4WwXTkQ2j1w*? zB>x@28tC#4Wk~0BrQM-MSvB^{Ps-h3hJ$%0N+GhjE}(BHuIG5qJ@hUf(>^v<(R@}a zbTd%AYj=aY@acLXW;J)^`MRl)B&9?ZEj}sS7eWp6aU)H@-at zxtl~W@RK1#uTdf3Xp|wx+hpc!a76J5p|>yzWEB9I3Dic#QpIecl3Ap+M;`TW_Yljl zvjcH!n2;=?tmoz=N!a_N4@7arbPMzjMI{o}gRVC@*A0a|Zt(laWR>70#cRG-)?fPB z$F547L%|C~O)px$%`<^9tj>3p3-&g-MoY2`R>JZ^1&|o7pUr9Dxj* z43(!UM6`JX?7>@Y<;sU4MGL;W1H>dkEQQeIvBkZ{9{>LMHk?cXeSqxi^)p|hS((Zd? zVsYNeR{HpTB<^$0BK9_&5cz1W`Mt(jJtQzhW&xt zkRgRaZb$%;L$SRrsUOAtzGI^)@-&uDjuRA`)0AaV)_aF2OS({c$|vF~&Bz!U^~W&O z9?4LGNBgPZ?~>KkQuvJdOSvp0(a3&*#U{`sLC$f#VIsRCp;|pcs1FxFI53g*4DeGR zl_J?UC8njfE-5w{5DdhKL{UT3&e}wsQ0@b}KL37yfb5@HnAF20PCJRYi9MC+d%tJ# zzF0^cRKv!|Z{G>syU+A;&IBYLerdI4u>JH@B<4d4n=(=$N`8ZU>+lAAKQ#ik;A3Sf zVF+U%rmPL+Z-j=p(J(3Bo(7h+Ri+U#L@QOza2XSZb_2A0TjN4x+~~0&dI{)Ge^qR= zL4aKTCln{Q47QL;>F&2f(N;1dJqYaL-UhhQ&q@iqfqb>dE~{giqNHa9HZVD`OoA1dLfX?ud>3^W*$ws6rm1SW znEL0rR$Xf4a;0u@Ds6+)b;Y`DYzt+(LJy?;GeI%lMj8QPfxwQoKqhh3%Pk}45HO66Y)_<11!X}owXC{YdT|;`xF4$VxPatEz4SJ+Jkkon@nR#~q_ zp`2=zP*|b^YCI+g=XLjg_kEC#oSIe;`ml@nfmjfz{c@hjYWiilM(sl#oEkni!pWX| z=q9Y$%A_6MW{N1eVZ316N9TCq`@ycXT*6 z{g@Kzem^?bm<@oT8V?g%CvAxrf{sPB!*_@#zr68#xuI5pQKMGB^sEb?9jw;w$?Wdq z1s24iJa6!l*`3g~UXtBF4#$reYZ{kajl*|TU&+X|bg^|PpEjmQI!V+s@2;Bs9-1b^ z?$+yF$F6J1in+~)vhoNWSZawMP5?Ls$Xk39O9y70_kf<XP~w3_=c zQ;|m5iIMLCCvP(+)h;9s1=2i*gFJj_41QYnudN_l$Qv&6MZFdQCP$*BQN0q`&Z82J zZ2jIRT{|I|j^c-zr~asi8MN<3_#LhCb_JSolnQx8O@_O{KB^0q3U^GQ2-TMXuh zJzz&1eWw9q`?Q0xZS@12u!qMz&eI1I(7E0bXs%Na343*$LZ`}&mqV$Xj+WW<4iTxI zWr*=Bh8Yj_I%iJI;-Up?*E8J6iy@N^zv}E&WjCZ1)fcvrDgo(xaeWFP+$sJ%weD-Z z`CFfwW{Itnhbp6(h@8A0gVbL!uKZ)Ys=VDgFD~N43_T(r*c~dBa9GbZ6^X>I%ysrg z@uF7`I;&G0T_6@oA~D_>mCmnOp-`6~e9IG9^?XvVaU~fTX(_hN_1=Pm!!tkcAxHV^ zM?py9Wik(vT18@{`EFHmDk7{>WTa=YP?4LO1Di`R-1ib+FyDQtO&C6skSU}ys+wpk z|46^X?-9(o72A1DXjIJseH4Z}CqH1QSsxLxJBe>=r$Ex<;kH>LfcycD8|FRv?R8T} z)K=!FL9sKBQsP?l{a-*}8nG>LP)tx*Y%@llNaI$KPLYWigA*tcg~v5UZ&JX5iZN=~ zL_i{M;C>R<31h~;87oGekZ5sMENkPj+2&UGkv^|m>`e<|Uid`|ck!@tZ2>Yxgb@qI z9-Lle!J;LllFeas{U@d4*eQ=z((+rs-f)biX$iH6zoxH=!fRsySobD=JnAH4mv17; z#u6gUD)ERSO9la@$egToH#gTJbjgQE&5f@z_#s(JeBX;KUa9tq4)-7V0%k%g5 zt)eFyLk&z&ej*-2dBk9LPi|imVnDI<77{&+lZqU|bVwo^s-(W9%NtO{m83-R-c-&X zn=MLQT`tHb_RCe)N<{@nW>G9=OGY)d0tiIM0<9Q*8I2f%^?2}>FbuUZ#oz#^gVYVy z7++^W%sjXS3pdISliRZ-9npoHxglEj_|6?&3f#*hC&)sH220wYg&P{~Xnf4Q-)uNk zM&iJNo`^)^EH0vVxzQHyKCaQJ;JCwSCPpBn*XAfR+`&(;sS=$MG3mG0}*6( zU>mg^c^%s}fz{(!Q6ZPƦaCR(`z_XX6#?Mh&m%Z2~Qu_Nl z{y3JBf5p~>{xxL(0J;hz0UXy~-R~5y{yLZc=x_h}4+Z}i5*$Cld-{LqfVE!HvRHoq z_)=;Q@JtB~$MqfuHdozGKfZlLJfs9~5y)uCh*am;0|tLO@7IN;^8ph<%JKza(%Zj( zVUQ@$T>~qe>est}eB__P9yK>OZ$#;;ZYk7%kw*XhV}#pLV#Sl}2@}5m{Zs!sR&)Sx zv>2JPzli_$=MQj!#}}WE8rS|!_xkhq0tax>!i5y2fLKJ!y=@iy|6I$?7ZPOsd{Jy# z8X6oyZx3DVleUX@IZ!vy_zrG2yDhMCicvB|^aTA9C=ci@Lkk^WngLXYT0l~zpwL@!`#eyAaaSx;VjIuEq? z=vd8*1r(HwgA_eCEzR#TMs#IyuxOMn^Vs{W)}8`qJ!tKtiT*6taZIkJ1`Nq6wHU4d zs>01G2{lysBbqR`L8o>|5sBSqdaVIj`ishB*5JW=>VSbgkw{&%FAJaWos^S7vME%l>P z57EBe0MLisP=QYpxEkM9C?0Vh001B2C1VE}gI?=THJ4v%8a(CzGMJa?k%H{6u5Mx_xZ9$!|w{69s08y1T(V=w%`Vpa1rP%+$u;?yXaeQ zprY~eQa*m#0~(1`3`VMR@%zC1JSct7g~Q`i_(CIwq(qjRZEnC|);!M=!}H^pk(C$w zQ~Us}O*Eelc>7Cb%<#5%o{ zT#PZAwi`YB&t~yVUmwp?{<(gDp@ho5suc8{v~72cao35-lo*b{C0I`lW%>`H zC}fN2v=G)$^r~@=-*_AJ0R`6z5*fV`XjxLNmescuSeFa=1r>J>$aU0`#|p+_Zq%BX zRj5eEicaJfY=4eCf`w5S(R2LXw}_2g9X|s@p)XX6UD+IOs_XZ5v!dD6u;}CyK6(>c z{0*=XsMqri>+)s$S`_)$wEbfxT9P9c2n%QMb@c0hN6)jEv-U+Qe0UyRtQfpnGavcu z8Y7gId#myv8)Vb4U!&2guA~zfkTztt!amhxpxLsdPpT1F7`@nXTP{2^vHrx-Hcy)g z3Y3;+`@c#3fQs>Q>u&+Y%9&NIpS|UW5F+;0ENHkPMSsPs+V+Rst;v)3eQ-2xM!lmm zP+QzfT;6iWsLj;~{z4sbRI9Og6vFePSoH5J1#sLN0)(`$xJ8>dhpic=rWJ2RT9o#gu$0Qb(Z$Ez- zQ>6K?sn8k){Dh>3@9A~29xW6i`A=kNM`0V>@#0>*sE##cnF;htp#%=_dGr-qH;+Fx zwwJc0)X2eGDEtvbT;$>fDx{kBvWJ5^2NfM`Hj(V?H5De zSFVrPb0sLseuP%O!^_+wd~^BMJ&;hoRAy_SLwKfEVZEZ&d2JEx`e#886x6sBp+Eh93AU=F!(3EW!`>5$vn1481 zOO<3mXCAqyk{nb)VJAIU+SluO2Tco9r&L)@l0NCKj4rAEa%BTk@z#Azgx4m48WJLp z?!*+L?dN<0MXHOC>WKma}uj&XeZ=f-oal>*VW*^BdSHuEjJJ`JCDwUrA9(;~RJE(3Nk@3TG8_ zH#kZEeC`TJ=eD=EH#Ytbk~|BB3Gx@QTZo`oFpd$R2l*`t*ky+FJbbx}3Aw4F`lP@E z+K=CX6WYda88UVJdXGf8GYvc$^|LnLiNglg<%*%!M{^Yb*Q2z)Yc2U8P2)=)O%6$^bwz;e0OK*3U-B=m1eqM5B zAo5SM6)o;o`bd)g-q-zJVJ5#P|LOxoT=}lk%y4IA{LC`8~tJg5~ z9JJ%0*unqE;_EW!FGvw)wH8-y-+uS?We?zOx^=-)0X$eNfXY2c5`w>;t&{aVYc54m zL*oW`JianUjr*fV+v~|G+JGdcecKrnQt_(}u2&1Bq#S$z5gWkJDr`5nyRcV!7ufx1 z`>JN|#?IL@KTlm+m|t73-{Bh)S(eTFecTtCoHi5Mg@*1=f2xafEW~fx|{|Q6)q5-R-nhV5Taut z0t?_7$A1L3LG}xe?F3>7=t?#b1Oylj%Z-r&5ANj1 zNbRPN1GHes-ktHuR{21xNDUeLh0v$qDh$Imqw!fJ^IYHb%lB(S?N85f82yJjzdHc2 z3r=kvkZMKlc@C?)-IiQ6YO8cxoPgAXBs{>=1bDvo5)u+f`SU>X7m(K@t@Pxktgk{b4*WfLtBM)Ck$?oXpAONO{=Xdtv4+b%!1@w-i3Wr+?CoXVE z4h{|m#sw`~Vq)$smacz$!s0eSWd6oXcUb}?a67(#&q5_upxU!CMP6t>i?Szf3i8r3 zHKmvVM#NsV6rq~#k6mmaY~pM8J;>1WASzy9$(lnZZuKh4avS;zxfR6?EJW+?;8Ig` z{D5^Ua|!WILil&MKg=aDC^&f*jc$Hrabj|wa0PC?)Q$aS-aKUrMN9^^H2mRyH2?`0 z4=;`iU`#qMlYP$hZv&E5Jr$>faiK8jKsxpnh72@<+ahJ*2wdQQzTL1O3MB&)b;J{} zL1h&cQOK!4_A@mRvWqwud7~R%YYjj_zuz|KGMUEVOP}n337!YSiv$Hh>DhOt`ToRm z^xE|R$68Rk!3qN_P6N4U*1Zp7=;eHvY0fJ&E>x0&f+AI1LRV5)q+_)J$P^~dE2&lE z7{lOpF^_DM^-vC(M=Ujooxqve)Xf5xGLBGyLT`qv<3awZE<#&qIhNYEydp`nbV%TamWY+z4tIU2_ zdMq{S8$|fEH;@C><`>ys$9Z3RbR6IQ)Re!(kzWMR(wVQRq}X+u=QiLD8M$Hxd;4V# zJ$(?5amvbsJJ~+BQ$_q&O>_XKp_T{YjN)5%YQwdzAO(Rd^zWaU8BIRer1H5ln#N-* z!Ir=`2?C_lpR!fC$mi==_Ym^ldtXvk5v0?Fap8)TD<@ikr12UPFE)v)CZEf$;%x%L zF9g16imFRs$)yJJ()=S-E01W{O*er|;|*0^Mwo%#mfTq%Q$R|JFK!)oE|rFa z`}`*3!D_{7;Z#jB{&#)-&AhV|4XxVB(5=^#A`UX^1k*(D(C{z{8O)#vz3_wZu(0tb zAd#;$KKIg#r<@;OJzY^=j^G1U5tvG5LhLIfCLxMw2!V^$^4UxTWFZXX*l@f9XGPu* znQV)j3QLIAaRa+56arv}5mFCI4H9KB8^M+l#x#`0;)SO~=?Jj-fx%f$q86JvMV)|) zk`!xM9ez-h{fSmB*GLhD_g$V?;TmE%o-(`{aG`5Lbq6$eDeKd}I>zlQHZa3}Kny5( zn*bDrZV@LEM-vy5Sdx^S3X!NLnmPS?rR>^KS^0XocEigqG}(TLuc^215PXQN#BVpJ zMa8g;b$avpM_Zm{kEbDLMF3tt#`VPx(0$R8Mw3|BxQ3`C6!HxutH!Faov2X0TqD;y z`f~NJxcD>5L<>P>tP_wh>@5nbx9yrt<`@RT8~Au4ke+T2)N>)64EIs}Gqj>~#=<_L|I$ z>SBLB+<^m9k=(p58qPXZnp6GPXO?1Y{l!#l*s!bRbz`FGHA}XK*P=@XVmMA1Cvm9U zkD;O1fq)@$f=MwQCQo!)q(%5rgj{se0Dc)*iZAGSeD2ciV7Zi zlDS&M1|)vkDs)a!X12(*jEi`T3Lp7ToJVF=C>^0Y{s}k~vuDE{85x*fJktLPrjr zjP)1eJFab-SmH0bf^66!!M?(`RFC~4A0PWxp9g@NgQsQ{Lr z5nC?gMh#{osfIYxksDGujQC$(A1R>M=1Tj2le>UWH&zxL;#0~c<4IfRvyaRtDuGLU zj&KKzO_FFjQAOdr)gVp~Imq`%Q87d)?lqxhz)MNe%Opy(9W7Mtz^n542yzm~rRyO_ zH6fTfrPA`~jv&Sz+KfH1_c_pc1@*qRB7-ER%QQ(0#s&)Z74j*`I@=8@l&31q%s^PqmG0Yu2O z61dfh?QuI%Jf9Cdehlcm)U=DQdHnXa-IRVW<`EDav>xW-3d9t3OXKrKdn)7we{|=I z4g9x8760=0J71hQ1_q&majvDba2-iorb{CyJbuYartH3NWoyTrZSBn$Vm5Hd$y~-f zb`)0Qd--@QBj{GtR@ivVy+PSsmH10a^XkC}_Ck{ls7c;pY#34t%*PnTp!y$p*Ktae zQ&1>kM@F=X_3dI#8#0=qyphl5_&=EQuYJ9khj%%V-oU) z{8cU@N$MIYZj?$%zYrMlSjl_iYht_WLSc+M2;1v|yAu>y*E4iUY_baUieoK457>Ua zJj?$sUY55qsR`K(M2LY05@w(IDK1ccSj0k8T2bPVNW=CBE0HND5`?{Vn?9F9;N4&M zn>zhWxY?~Xu|=J87@Wlw_z4A5k}kBb%Z5>#Q8}Hz^p6H$Cep<1;z7(k^%A@G%`S}d z_VkaO>wZHyZcji_$Ggqi1O8c3y;rqP-PiUHwT?-MCAs+k)M#RG1kmNn>zk3bcYjJz zAcG!BJN+BpDU8SP4)&voH(YcJmD8z8hh)tA6->52QLoouPVu{YYc! zLX4?}uHXS0y)9qjWn>C3_EDyfEZuw-5`fa(!%7{{=3;|3J0wqNDWm9k#Mo*lUjW9{ zNi?^uerAnq_bJ%G znb~7s+cZ9UzFq5X{2Aweut}O8e58l(6NMU>=l}${3H~OT3r|3g0wow+xE;3wx;#GS zEL5QC7HwwEA>{G3sm5!`8(R*kh7xg~!z^b%5=n_-R+fG5kLAZ0eo!FD6Gp9Aq6bom zkD@vVu{UtuzGVwjWHjEMou75ihv|kKf z5|mr`I$={m=%0fU#ijw8_;UoOQ#)!aHaO-Kf|6|3kb@zX#&M(MO29h?yi7$9Em5oW zN&r&DEXT9R;c1>y>ge7!dmz^7`Ij15yFMwfV~+i%9?4F{1UM1-tcp<1tiM$O4PF?8LM_r}er-zd#(o zC4&J{;yS55!m%Vqt;4(gCu#7MzW6g2*mkMgZR7kl0A8s~o@(@|y`$>eF>hVMjgZy?9PL^W12JG}qHCw_+ zJrkZlhYIi7I)KK*sW|lCGHm6<9OvtW;O_#Kn8FVh_0CAi#F7GN>Aeh~P9xR@5bNKc zW$T!mhtUOw%xk6{V`yRFnKUZt0=pZq4BMeDQ?M2x9#FI32lg~){b3)^TQ8DT84WX3 z>!ri}2lhi54Rpr751cO#l}(T>S2LMB&SvA;de{)U6@a?GO9&ptP~-K{%ICJBag=Wz zUpna1RRtPtG=W++^;Gyq;GqK%IV_)V=#2$fo6QU!3VWk#1Pl!%_(v%=o0-~EiWGmY zwh3;JGn$q~P67DtwN^{s##upF2aTn?|5Xu?y zyE{)Chra|rk%6eKY3q2!UjN+Y7N#ct{2UBTp`_(jhg$2f9R7xAbsBDg%baO}OVaB| z0apUNdctaV5;=mePG!fIs^IBe55~fa1s|hjm92-#U|$jX07m$_KuhQ^QkF92Wu1QJ z^ISK|IYC7@u#_O(xFE>3HMqe;6BdLGh4Nam?;c_p4%@tH8%)oeWar93I3tpY-57j6 zIbuI-=!!qSYA&&Gpg{K-IbN8%YgY`9vkwWIaQS@0sIm@#^nFJI=qZ+d@tt4R6x;>u zTtN|`mnG!zg=b}*v>k3Ktgl+HZ#P@Dq841zoA?iToTEhQ&t84t9n}=}9D91W%aHGL zw!YwhTyv5l!k+YXtt{@8is2h)#^|Zw)%~W1TRd+Q(HyZcFQ>CEA0T)n{`kaBBfs7L zEddL!k#n^`mC|{o%K_AKg(XCcwf{!r8?c_WMt7RK65O;eo-eI%%02I0C)nMd_?bW3 z^sg)~-Hz=4u0ZsQ4TM|meP;Sx7`n6nqp><7c9)sdUygft_1EP5RQ3MoxZl~dD^||M zF^y!4AJG{9O~lJ%N?()uId(5X_)#l;sQ4o`oBcAs_L6IZi#96|g;K2p(mjBA0xp;! zNZfs9FH2$zTIa0bJG`Pyy`;e1@)h|Mu27zNqcvHz03?r4n-367mM+%md7jJ~8;07%-gdTwoDwID9c=)UBDUr@ts~r74e8}29m`oaC6c#yjVHTarIdi?gK+kh4DeM|5*cx^=ZOG&ptIIc*{5wUJ0QGAZ zuJe>P{YqJGigz*cCr?i*UJ5+r>zhx*MFd)B1=DmL?lM~}56MV}(|0tgo|A5FI|M+C zZ}ViFU=V{nl7fzkfdoe$NLzu{?_(`HM0X!KU$q@?kMxv4gp}=h*O>s21iXLCr}+8p z5b3EoPjY#ku%#Dtc@?^b(Ng>l^I%CI!5qjY9j_n|LaB+0D|-JPE;6HSt2xp^CE# zvZu7A+G%-yGxRJ;R$y5pJ&<}zE6W-+dV3uTHQOfuKf)XgOYUTGKDd}g(%WdK0UqtZ z#vI$-kKR`??9+SuNhN=9(G|*Rl1Q27TlF+y8RQ=mMGQQX?N^8U;If#kfwLmHN6Hw!CP~{Ud3wqxd1tuDH6gGUTrmUpY zJ{{X0LMXV~hQl}dYAxJBG zE@0F~3uJRcDM6Ryw7)~zcQ@)YIuGd%<<092&4JfEQdZs%J+GN|6sC^D`bZa_@u`e zE&*0UdrQMaAH=NEOHh~m)^k|k5v0|n9rCj`ubQTmHcNE31d=_|*tBFxJ3JH(d9@1? zH7(tnwVy*BeQ`Z`H3v1d7_Pim^adk=I(al_q=NdMyycdFbmi%n%9HpNpoX|`fNG~c z`q0TjUD4t2=N7i=!>+65lTCe_kFTU7N(zUl`?OC@8ZDN8y~wW=o#7uoGzC)I3UC)q zqa|P_PG3)Srl7^JJ)sGLInPwEhyJoh@j5MeNPwcqttw?rqE-RHa>RcZS|v%xM@cwl zj5fi_PLn@qd0*7lCrhX`w#b;y0!-7)W!zQ%O`2lRIQCiKvTZ4c&?ieHcNo za462PCb+O#gi*{9CVf!J9N|%*Rl?RT`cV{i4T6%BK@X3pQ(lb1rXd={{)aM*3?>OA zt!S&yU4})~Q|ZBvRDM(0aqLz}X=%J>BF@SF%tVw{Kt4Aq!h4~-Y#A{ECBYgE>&Mv2 zDX1V((m&efk$MO&@&;=fAQ87*%SGppG(uHnGr!h_1V{7`gnF6uto4)}i3E~mrW3zb!){)m843*3GDF-3q!(w3 zlg&eU-Ad>BT7ujtJSRRjtN`t0lY^YK(B*yGroQosjvI(sh=~{nyz4`(-FA2q@@KqNI3@+yCcZYbcO)U<5BS z`v0;H$`r(5v}(#SRR73vy{=yW`kRn|l(Dk5ruj5mZK$UT3jcS32*{hN)BQ`d?6^DC zkni744it*K+I;!iO*ks-H`)^^xU5;IFchTI!)-MJf?{$dB{7ye$J%0Yj*j16m~YEf zw9MbT2UDAY-<^qf7+uHCGydlU{ydXE4kTn>9a|L#za0MdrGJx@L*ZT>TW5iXe-?K9 z;{cQo{M=Fty{h2<$FZgQ>evdWG70(L6&Qe!EhVekad)p)->%gCzprVo6iiP_ab^4c zeteaFcL)-ae=3J{vJX0P3?_rN$;=?$fYHB7G^YPuq9H|r<)+O5lyXGpEOS6!JRaa^ z9^eudlVV&XzK1-I_QxXw#U1o%Fa98GO0zpG6yzbtopci@*QKiE98@)9dv9RI{D8A@ zO;hFVh;PRlkVoJSb-l38#S9xF%)_Vw1j}(9`0rOtLG#^=%vEo#6xh>tN;=NJ=nu;O z;~MVDgF6CG3RFB!n^2#p*6Vrer?<2xTH&*jyOQ$dYlzzMdQ?>%o5W8*>)_EVz%WDK zCj4PabtIM9P?VP5X3(l32k7a?7_ow^zYox4>D>`;%A|Vv0aHsGS?8=H885TblCZ%a zW}Yn0sC?aIbSh|ZOtb9M&~4r?uX~;~87hTrn>`=v1O?L(S)d!6S~K<6DxmY9rezzi ztpPf!aBwhRz>=J`QS4~vBll@BA@PkseyhU`A?%Uq(U&63g@V3?U0SF8vRo#7>c;)axCAvLwJOukv5 ze*#&jzX&E>--}JDk_;!AIGs|33$wD`v&GO2MIE2IB$_<`NIlh*XT8{rh(H^y5A#k5 zSMXVROH6g6F)N9lwE3+w5;k>nyz|*ae#q`(<^$JKqD+Ve?mvbK=(71QqbxmbvPqa| zT4+8mpzwci-H<$KKG(@V$g*;MWF}m$oU&v@rT^IGak)EbSO)ZT1NsfOMpj(miCPHv z9m#xw1>9V5q{yM>g%{tJbR69W-$t4fSLt^wGoJU2Qk5W)Lb+-SQ}eXpaRD8yvE(CQ zR%Oasiz)i_0dvuZ*-~-7#1=uP%>e}MxPb@9r(Ox6MAzfR7RM%K)E5bE%~|Y@rrQKh zuvjKYzCL^hU(% zHKyc}pomUy#?8g+9et!(isu8X&6VqPps%`2Ui5dQg!tq`ibEo)G)460E*qG$372oU zQ!W#CZ;)-?6G*mkuX59E+(3nKVAM*kRQr+9f2EiWO3b(&)X2fgn)~SGar8c{b9kl4 zb**Ud9zTqf-5=`%o>2ET*?8Va6Et~Va&enu)vr=%$ni<;)e9A5FNxl;qLr#0*UfzN*Um|QeyyvX zx4u3?7rydYna1_K+z+EA8RD#;dD;WABUx!NBpD@P)jwNx6y61$gP^un}VE-tWv&=Az-J_!_V>IJ#JqLA^$&d2RY z-fTTtmL;^N!#aCpRDiWEiN?qOIe!4^yT&;Alprs&-$@3US48FhWd%_q1YCqTq3?#K zXYR|@rC%{W_l$~gxK7e#62O)#{#+ccv`ivRLpCEeA=MFSw?rE*Hq}SP`-e!5E&>Sq zCJpTvu4>6Qvjwk)qP;aQqFIPrb)-wM;?^auDojV*@V_iC1=#HPNyh^hhC5f|ibF@r z-az~D5NXk}sGc6}5!aO}ozz#yC`_Q~3|hIimZ$QjBjh&5REkWDjCvap;`^&Av87+% z#QR@V_8zM62}aNs$vMnmm49@q-v#ppri~-<^ejc|bJ>QgA9dc{cN5AY*%6QAW=Nu1 z3IM}R4ThMT|Hg0$GWF$hPntYf3)`UckWgUxVOuUt`iq~gfGZ=oXfx~ zu|(CBN6vwKH`7v6U(c7Tl4{%C7K-TePpK2!%8!hsE#i6hmvB#9I2;;XUAH#1Jn2Du z{TXBs8P^zfb`fTH5MDmCXg4=EKR!fAaE9yI@e|p?BB=WvJ~0z*R|@{bq4>{)xOzek zVib>~>gH4?pZ@Zvc={#kp*judj@dwW{OCnQpZP zjg9>eu^C5(t%l-ST|^Ymc`eF*p~O&gr#0h$%K&%q)C>0ndz%^VGWq+^mOLDs)~fAT z1L1VTA((Fg0zraW+Oy&AIU^~r@YP1a4Mo}a!p*{^?Eo;|@C~Pwb;i5@i2>()goIzX zm#uyazWwFd;O$8L)SYl@bqK4F>F`jtRsTXYTU|Um9cm zV%weKF_mFdPqV}@J;`IgzomU)w!bX8!~HLaermKKPZ@_?_|cL05Dru2YyNeNvLWlPJ6&;=Iza7;HUe4_56wk456^9DI1oiUH1JLx)@``*Tl^{)lBR zSzHvqa)`S(3C!@-jIyz7`@zB4q#di3D;CEw<8b>cNo>>b#=A9T|H|Cw`kUYVN209=QB^) zR=L6Ll0Fd{l5>oV7L&kFijl;TIE$S4=r;Qq;hn)KVuLw8yYFNWI-~NYIF7tDek^x- zNolrVLjw9mVwt&1#E;UeeS@jl73kS!VO>;RFP<3+-L_R*k66e1di+e0 z!b)FXa#j3^A7oeS&yltIy>R#BUCHyn63ZLM5_>=)wp{FNxioR!8z~r&~m25L@Cw1ay{}G4i`_x6%&zBxr1$y9kkg`(p zJETi-+s_Tmbcca%GHqtfbr-iQPz(9iT+Heu$^0rDa5L*t{jIawcffie@eHZ+m*oZ8 zd+SS0<22Fqi_87qgh8KFtbpsG^D|y`xVy^udx@gh{c{Tn%>roe)I>XT8PQFIBkKJfL_zL_xLqs-YGs` ztAwK+XDn34J~Bq(iiABhpZ(dao%TI*Im%8r*g%54bJ;B-c;FsLY|W@nv^}XGU{B5j%B{(rx-6U5mSQcmC?*#N}Wnm44^({J15N^5Z!%d>(JZcw&(HVd z?nS3QL?xd6>X!3(a&GEH1X2V1N_`CXnv6hzVGBBzCcLX7;9+d_%nK8CtR}qM>}63R zH$Pl&7i;R1rLQt|HMpUj^HoMyl&iyxyJn1d~39;k7YrD-VOMPD#&0Eu+7@gYBQGb`#GD7C- z=7Nw77i~&aol4RXy=AiSis&mz+Rd4%w1oz2gyBn=mWib-k!7txUy@-aAl;z|}0dgcUz_e15M7AMV{P2Cy~i&_f% zI*>F=&w0Y2Ed4{1tNW6x0v&A?TU-hDq2LaHX!o1{6QDUO!O{e+5ozTX#$^|$~*4?h=q^H{KXnYOiA%6PMULCk9T zMc5Czvh!h;^qa|I5JrLJT7-I`lf4L~W(mH}-RLMO z|J68x0#bB7b+XN5yF%oR!KblTuCRdy_D-h*qspFqdPzw`De3P(O@dUtLip;Ff{2q* zBCASVY%11&{=MI?zxCrpoL5-5NbfZv~ZM5{@Mb6yy1f+05!}9U)le@3*r%DG|7z0|M3QD6d=Ky=cBBCU)JBN zLrVny0x24m@?UR=C4q)LMuwFS{|oH=|KCzTzXr6_KyaFqx%tc< z%P)H4;dCXmJ&>wJHf#R12%zKO!BBMol46X!2B-yTvD~{$@1-!P_cZeCI4y}iPVrx zXq=qv@8+YuHOY~@T7K!Tr@MD^=ug7eyO%VYMF0Eh zMBc))DbKy}?B5YUD22#J1jQVx%=>5X`+cRTR8roJ^Ej({w0($RP|+icNY-! z2rVZD^E=wqwTJ)RrxSh&7rHtPA>{wa^lfTwWz{Kkf)wd#y=;asj)Qw~dxoi)Cwa4C zMqIZAHI%US51dhcrQtezp790a^KJ!&y~hGCN~95mFz4!t2TAfB|8aXrklXY5=oR6A zuO0UQWM?cE{#O<36*cS(5(^*VKmYFU*YefK&PZEow)ywNcf&z;#@)v+_m;z7FVMP( zt>L?Zq|E;)lAS|}WKT}(Kl%6CInIXcj0xuqt$$w~%{5rM=Q^qXBSHT^;|SzW;pkqx zm=I=Wq`BfywQ8L*H1yd>i7Q>01jQxvXFvSjPNT+tDocIRv?tSgEzP5Fd9Y4kt7L0! z?xW7!oyNMvj>VDBEpmbk^QFV#&aY$c?^6){eFFRu?~ik%7gtwnY}ajmcJ{Ogrp3&9 zss#1e$IaHXX0qDbRONSY_3(%>qN2O5lc1vAeE&WO_IA!|;#=2y7Tf8@!<^y`zC2Gk zY571$Ol-W=+crP_r79+~Mh8!q1h#Gy|K3ObdO>{{n}XsZm1Wy%alY58`8}yoBcry$ z<=E0zor(yr&vlG1Ff-2ae-r(?S7AkgRy8&K*%7BMut|UWM2c5tQlXjV%AMBl^83z9 zMKJE8!{Gg1WPjX0{u|USE$!=@c?G&D=T1V;mU_2Vquzy~>m|_g{z)ozcbfO#zw|Tm zphDEel22^$$S9}d!IJ&2x-MFii2mZm9((_R1AabtS}kW>S;m;EuONkK1i zoA~W4Mtzy>qs>t3CH|kwnqC@AL{04mOX@Z^%Tm0&L@qLqHb&oRum0q(t?&-F!MGWO zgBN6jPt_{i)X^z&TA72M^AC!F4RAc*;Kgg@*)+u{^xZ55_ILfhg~djRf6O_|`q;kI zKM+i=w-7Tl+(m7UmKCkmxR$hc^tEW*)b2K%xW=os@>n2pXClo`TZ-ynbmpbWrw9IF_^gMU@oK8>dmrH zc{aTk7FQPz_2ynR|LOG&s>wOh)+3ukej8pqnb6fCZ0w+t0jpmHc&a=^H;ojI14gTm$cUic(y)cBn(kUIucZj8Mc-LErgo~*y8F6Z}l20+Q~h7otlb0 z;4^+fBBGK*!SA0s2KjIt-O0%sP*pCxUmKe$h?`84Tcfhqta<9cDCpqyUH1BBR>}GE z6QfM0l@!~fEz!CoukXO!C5dPJn{eBCLgB@@U)42&x>aj`C_<0rNskhYtYF?ygymdJ z;TFFWrkK35pyriGb3r~T=wC5XsGHcWgvZ9LXS0({W2!LW#~^8?EjiCf@Zp0Yyao5` z3M3gB=Mp*U*;PqU>>D(3e{G!I$PsZ3?$$z@X9uOLQI%E}XM$FvVfE%?mTaS5i8ocY z6eo|a;eW-KP&&{j&avkJy!&C~8>xqJbj{7nZ)#BGTaJHr>=@6SrxHvV>Z@9%xM!tS z(;M818aN;s!8k_{KJ?F%;42-Gsj;!$LP@UUbf@;3zJ#cKbHMQZs}5oHYyOMltoqz^ za83=2qr(4r6GD%chVf>M4vZ0-@W0yt>w zRKTAJ+FtDWMvFYyi&P0c5T@fLu8IISUP8aEw?3jSky3U_Z_?fU34nizOf5~d zmp)~Rot&8|Z1JR8;$4pkBuiVR;(G5?UR&~r8hg@L?i|6HLm%4{Eug?3V>Luimcfdh86C&7BJ4Tz&Z~ zS~>2)e;fE?dK`0_QQqc&X z6Ae$sBl5lk3F&7Gy;oVXEVW4lJ_syV7biK9xDF*AJM|vu2en7+UcuAV2n8K=canNM zxw@}HmJ9S2iIO!`%@;=-pVMvJ+koQSL|2}zP=s)$+!sIu`Dx$XCVL zRF>EeCThdffFBY{c0YAC2X%xoc6S>a)2?9@ zu3uHp-Xc~q;Kl0lNN{c6@Yi`PjPwU@-^Z^26S!P{9mj$Ts%!o_^ZWyMWkbiDi?10p zb3D?+!TpfhNSQl-{sl&A7IT-leAYo#h*q3B>$MopY1La7U}n?-T7_A&LhJFC?^F52 zv^Qpo1-t^mgXasl=PIC33nipF!FGKw^h#e|3vdAAYP`^PXr~=(Zi-dhe^%*0i$>F# z-|>W+$kg0iJMWI;q$01jdP{w0=T?kfTrFSL{pIq8EyuuXm%~S9IWOeqwcH!!pCaF5 z`?^GKK|eH&nY$0Y_D4B|*_j_-K*?bjI?v^@Zr3p-_K-`x8TQwMUi6{+(n8QC&-Fdp zWN%N2gqz}i4GcQ1?ec!An>UNqIrD>U*ce+a8JqzEk&ABxnmO{>m{BCCXT83=oE(Vi zL}e*J*)`ALNX*S)(V2anfcvY~05{{?`>k5GN6lud@|3G??Oj^L1&Gj@D^;t8p>6kD z6Fix;liHl^7IGRfwO8}*dlOHXFqvGbH_bnX8CelI`FjuUJ}7ux`ZCll-7TpuU72E} zEj2}vgOLl)gk&mg&O;CT<(L85##bq0XS2ByJg*>QbH>?{C7vuzT2NQd^64cakS__*M zqY3#IUbmou1Yv8U~5)$eQ?nBq$%{GT6BaXHB{`evXB?M5x58G#eW>S7)c!wLJz*dps{6 zNsL)L&;3v1rR~*1LIi+gJj-0?riN`@Cs+XZ5q{5csI+f3)RE`DKmB^{zCsl#Bv*4K zimCr(b*RPRA$I4^>QQ!N8FZV=nD$JuIZTBAWI1EkFyO9LbXFDm_eoGLD^kBV>F)>l z5O@98x%ac3LxU`tssrtDM!`E4X=1^MPi+9pLvUAvDbeqH&|1)SSY_ z*o(GXp|lN5&nA_fYY(6dLp8W{^^{T82%h-o=g%Q%;rq;w%rdI@AXl-f zT*6gKtC8@-ER=UYOAKDOy(monv`Jq=>FIz>hUh;YKYjq9q$uNs%7nwyU5jmxDUR|U z47M|=5%pi-pLa_gyY{qmqR%Mk9Hwt3P5obtpuH@0OH+D(l!5h9ch1Jju;dzHjKBkv znggV8h*}wk3D|dE3D`P>B*%omqr)G7H$rA7y$Ex0LI9_FLBvw1BLGh4-T^iy8!Afk zJOeFqKzdPFQWF0}dbw~72^lMomooY1gu0wbb1+#vnnf$ZjKXaEDpG~!IEx&<9C_n4jb@;utXy-F1+JLg; zYlyJSKO`1taR@8SuL$rpvFKiB=< z>wzai@fjH_U0GTDskg=-FJ+i-rfyv>Yps6w9nOlXgVVlm=1}772=n?;M}Ie^-}^Yc zI8KXJeW2Jso@AzVDXDO=;&npDTCnbf`d&AEe8t1ZR3 z067OrCJKsi=uBZJU=_H0Yd@-0q6`1_UkB7FSvyA9Fc$7ItpF; zwVa(7jW-&-Epyf~KXSx5OlMfa!G0*z!J%Zz@wmQYb4)tWosx(BN&cAw>kCtZYHMz@ zJ;9r$bG3Lqla+Hpu&*s})PG)Zb$KqtruM_tL58akmGEn${%Pze@=_>1Cl=_!@spj3 zTh$S&No~avh6I5EX?0l7eF;txU6wMC^@gR;tT%#6`3EvME`U~zcQ)->JfC6xbJ|FC z^X7_ANL(FH5*%#>OYPAg^7Chcl1_d^v{RKazViRr6(ZCW+e@0OiPhn_GiJ2QcJ(D0 zFLa#km*dOOZL=6X9+@tR@U{xsYM%cnIiM{rAY6dUaDq7@Yujr1qs0V`gJ-zj-znWW z+@dWqMVbc>Am`hU3uOOV4l5$zk+HALovjZKnM32Ngs4ID00Yn&*>#(Td>1GEP61M7)0XB)d#er8!!DW?SB!E;cIwS>=V5+v8!}c zrY=j9sezyNdj+*^J$b{pbgF*iZA_`#F%TUkc)AeV23P;19EKJ@hQxJ?)%48(Q6QuW zMiWj1bEBMV)6s8geFaV!XNlHbl~Ahx`GT2b4^r&CK=T2UU~azBTd-P2*_nGwyTkDG z8l{U;%>md0i%;f4o)1YJ*1z+=wbl%f{)+1Et(h#rI$QI{zTP~_w=f?#%C>gK$>@7A zX5GXs-t&JM#)QtNA@azu?8tTg{s8uXncbi$K^TUozjG{&bp(O8bME;jFJ5~7FWo_) zaR4I7v}^g^hN5?K7h9J7WMKE2SE7LJYVjL76(_x={A8UQH{L)vF-Uj){dC@Q! zWayO`rLm=D5ts`N)rP=mr>ZsG=Mjs0@j~PwK%b|Ei{{P)=mf&9p3K2Gm$Ea0My2ta zViYRS-HEG8cWmw*d^4X-sPqouaSI!y%pJMbm<1+{e8f zW8eVV>tpG&R-IVK-q1;pFct=;xIn8r2r8m*lsDemw7*^S^5qrScM6MMX4}u6UK<;J z>J)f@xkZul+Dw31S|hZ5^clQ=`};Seg~Y_xhLUWU?cdfodnOgBr&J|F<7u40&(6wM zj!TSwnM4N&2Mdml-LRh)=GZRGYB?>?Q1zZg{X(6)vMKHtCjm1xmGV$FFT|)DC zU)$9+1Xk~MM2KZp7exY~T7AhMvkKAXLg>xHajpotyciD=*E5#=x8XalQ7TI2$^Sq10jJ(1OhD5>xBtxZizm&}!Z zyZp?#35n@l|H8!D)aAP5W#A#TwwS=*Y!fB zR5eBSK;5*SAywWwbb!sTjwd}ZSX-QoQ37V9MEKh83a;Bew5p?H$8b<)t3ZZ9_oQcB zcYLRw$b#?BxC?TzV2Feh{|4^>5(2S!P%_&)5m4nBFM+$g#gX6%2fTs7gPwXZsv0#V zu$<{gHIQOHS=D1xaeptBU8h0zs@jqOFA(8*aSLy}S1FyYep1{hlVhgJm2%+_X&FMq z9rgpv0gS(boBT2k0r!B9TG|~7hmrR%VGJf6%>%hr?T1VP1L>^7anz4Ior^o+6m3N0 z#=*sr;G_rmt{HfV_$Y&7i8rPn>n0q_vr{o+MyKeR@R4owc|J~kJAV2^p~EIWIen@y53>Kl zbWHBp%LkackQT?Lcdsie^NpV#sgXm{xkk%W^TYu@I8(N5GeAP}7fA`@Cv`@UJp$_*FPMpPaus<^ScqZqLW0!+-zHteqVW4MBp zlZ-a3^x~sd2s3T0(k;K|>lvGOt@EDtFVeiMZv^zevJ7|9Quo?o!`b}`)_2~w1NkJ+ zAGg!;JHUnYm4R~DcCLah4E%_|qH2{TZ-V9pV-Y{&_)f|dK8$O{&cTtWonrlCJ;_DT z@TWPKW#J^(y3SHDKWqsj?IlX@$+*0w+P6zRqx^Ta#$o}kU5y2l!fzOF!lM04>y_>T z$8$-Q(8ZlJ2K`~D_Rn=a7mQA>o)1Zjkq&TJ{B8(NGH(T7{7@PhW>2jIbL6bpIob2) z`dY+JrpG&mJ&fJ5kTo_2mSwtNk%2xCdR~@knIS$R)hYVye%V0w znXigWVlO9}#|eu(f%Ddq+}0sjGuWKiRq2zFyyLMRdr8LT6H^K!^&SjKXRf_R8K}NZ z-8)c@GocrAd1QqwVbMG7OHqY{*X&z3nl4P4TbFfIv7}ulqQT9%_$!R`9_ms z%41UM&jJ4v=<;d@AC|~I{8M}$ zB{#y;UzRQU9mPm=Pl0I*a2h40Hzqx)A)FFhxl8XrC$x63_huW|>_Tk@3>lH3j`oX* zwGlV7_R7`b9{Y-{{pP2%IFlLGSf(x=oL1s?s!Nwt)+HXnhlrN@2vfNmZq4wLODw@Z z6}HkSOjJsRlYQ=C(cIje*PXHTe{+gJARtXXA%Yw> z6K#O78Qn3b*3j*{jN2&Dh>?kzdV%iv^`+)6SKIMtgliM7w-)S4Q6cv%w)9F>!npKi zqEzORpxjGPIMWcq5(K|wu-Pz7C#THK%0ynBctjX^MnsA3yXBOZcoR9pp=MJWMJ^l2 z)J-t&%#B_%&`DKiGrniJN96#~ERF1qjB-HP-6@#-04vt?An zIW7~+{UVIe;}gt(En)X}$>M=eY*3Fz-sJ3|@u8mj`4&maIu+-|18(xaNX3q&E&Z)k zGS~I-bZPJ(n*w?ovlbAydo+v$7X$LG*enE{pmU)Mh0F4fVDfr<&ZxbGOwWj&qAIqL zNs*MVnsuu?Q`9?sy6tjrHr`{FV2)d#D|l{WVt9mavnzAuJ^djDS}TOO3;%{2510wI zJ%9}!Xj+7(6@PHEmjH|6K=0;VWkR_Z!X*KZ-Vy4OZ_zz@G^s#Sz)pN2V3;7cx6kDe zg|ad#MC*IyMQnZ{I8X_NRQz_f>Nf^7?{t1ze7qUVc?^DC2u8v8&Y%FdN9X+3vpUuj+aURrpF;@MRc$LPySVp?uDj5u{nz=0b=6j{Y*FgraS$8oW0!;rCn z6YH_6%!`BmI&-e*beWpH`%(T#=;fPwF6T_W3O4JXLsMWuYdkH0dQ%%8Adm)JxbIQQ z*P@>)8L|11WSx*#XiuuFiG4;O1DbX@mo9=6>tctc;7IsmTnq`*9LbinoWZ((j z0?7uOAvM#9v7L@e3r(Xa!;n_ML=BP@kF*C0Xs3f%UocK<#T?w`)sCM-gAj&`ogI#a zA*hTA1qX7P2ZF<;kC$@f4v`9KTnY-{t8Mb5ZcD=54yh-f+dgp0V>8VBlVHU+|v-7_7~4ZNG}s|>$PD;JI@k1-542fNe}r!(-JSng zw1WFuMu_Z1(~eR%i|do6Zf( ztwl>HBf{O2;|h8|wnsWU_z1n!i4o{&nki-K2y=)SeB)jDe4=x!TyND|@D-d8P8-rE z3Ph->@a}5x!Z?%U!Sj$XLHRli>Y4(XlAInwR=7kHNL_QJjaKTutPo2rcLU4COS@oU z+IiX$nX?Nh*{Vg&aAC4z3CiMyW0*KbCZ;^!ApAY<){OwIs;JkPXUUbHY*i*zb@eHx z4*mSd)gK=U4^iGM{K-;(`Q}^1p##j*O(S&=J?sJ3p6)`)n&z8YKOjd<8<}J{y zni&!Imwq%42kSUb%?qqi$+u_e2&4;fx(hu6RBM1M`+etkg-hYhh!jCR^9b3MCx=$< z8SzYmj-TZ~;^#e#iT5jgAlG)xnS!&6l)rjyv+N}myWY^l7tzX)?1ys6opci-MP}EO zJVfRHMl*Y4v=yk{fcdLmT{S#uj<{~evHBe)*R(F>=4fOYwf&Xr)ZQO|KunJV#{vE) z50mXN&_cJ5wdLFYgb|h{w9fc>0VccpaxfS1Dt%V!XKCgL?re36Xh^8*ywUJ1LLCq`of(!=Zv!CcrOV)mgylrZTB9+Z$< zkV1^K8g0NfdKI`Q6}p9^`$Qs1M`f!?Ph%>eV|i$9?tPw87>D(@1EdSwGd>Mi`$Z*i z+!5V#gmnS=Hex0+#vU9T^yZr@2RXwGO!}lzNYKnlg`Vk#lT}yuLho^iG3?Y*%@>1< z7JeL<)N!ewPNqGmb$1p?7u)ni@N@h`aPSdPukd1G`!>LWx{nup?-v4IGeD+L0B;9d zW9u`h&D@)NEDSLyI5J#TD;9@C+pkz!eDSD~Tw6*4KecdUwlz=QT&Nk+!}UY!3)RjM zgT^Jc>-XehR(GezfCwnrcDg%1HYUc+=f#!XjV(g$j7=fqDPyWk%#E_0)~Xrr9_Kfy z4v%GnYIYXjH#>Ko)j@{mxW^ITdSFC}L*m!5OznyXoy+a#Ffh{kC%_rU`EgR-&GwFt zpIHj2nmdU(#BwpmH5HvHyW0$XO^fZ(4kfz#<${&i^dKD2-Ni>Kyiw>E?cD-(dKBeu zWrLXJZu!~gZEx0Yc#^|VMCxW>7x*BNhWuGhZr;NuOy7NH|9yZx*V(!L$+6=k|4lAe zi^ef7Cfklkhsu@5A7!W67Q+Dv-ekHSEAl_(_4e0pO|+$45T$UQuZIap2%?R4+UVow z-JFZS`(3W?CB)H9@tRyfutZjGsJXXb6PO+s(Rx!Lk>Sk+)I{cUBDmvEph9&sY4@Jf zlZ^BfZNdEDA2iXp9~xeaD$Ktz+eQ0!IJ&^ug*hn!wU2NKAeV#00A(1g#Wwlc+U^lBP`vF?IRv^_T_b8dGaQMDWSAb4k3@K(WmVBhBI(dvQ!?_}j zFWk15A({{>4_oyJ8=>jM2YNAa?}x`b=j|9WcAkM1A^N=3TV~DdnHCL8b5m1bnW`Y0 zDGi#6RnORqj`{%GJDb+0IyxvFjjGmpgSxe~a)z~=hc)E^Un1yow2SUBHXJwqqsZh# zg=0~)u?QXX=AGHEdSmsxxQAeH!r5R($Ht3S;-K!vl_->#4bCOCHOY*e=Iu{z+(`8n zSdD>Ax#oa+wDT(gPkVVS=3YDs$kTQ!e>IxYlY{ffDZvz|NbIKz*1SA%`f2Cg3>lpJ zlHpJC~>4gpV_X}<^^>;_yp$v;6&=WXy|GKmdFVGLMOOV0mBdKqve!~ zJ|*fDh4Mcxa9p~9M#M3M_-BBeT$?W1f^gB&)Z_$1oS&b$Uk>xGzluS2e|0$Hf$G{& zO;F0YDu+C>5X=rAkDh`GyRk9w&tK;JGg)177aHXl7f*f46xc)&^rZ3D$ZOH~h~YqQ z4jTd)J|U2yGeP#a1_~8il-oUGyWfByyOhaTX@4sKa2DM=DQu){BrA9^y+*FJ?B&mNN;-@%fJo zRXmVmQ@I18>2O}^ii_Kt`8uAUk(KK2Bgk-O)O|Tt4vZ4uGRSzWVo+J*iFt{dIXBC0 z8AxdFOjE`8hH8BRqL2-9%!CAiS6lUFLskzI*IJ~DJ^qS#r1h}pioG>QFcjz^ zxeUy&WIc(UqeV!1I3wRAS~FN>YRpf=b-_(!0XnP;H&@4PlQY#q1TfO zDNEfJj`xf^4ozqHzkU0XOygcP-k{@@C^f2(Q_{wxxD{vl)BRrHfDRrRF`-0$U2-L> z&97g_TO*#S!{YTpgM@tN=haxc{Dl0Mb1)_)Wfm6WYS*-j{~Nuk9_J;k#i+P&7@UhoGMs+xQ{7A9Uk(DJxiqp-i8*9_yMR$02mjSWFDX`$ zB#g{9ta~ceoBV}9BUQhGO{b`Ba0!%pMA^Ou4}eYi2_o3EoN2HCij?Lgp%G5$vV>y5 zx*F7_9EIbEl9#bORT(iCg59sTM9KZ$E^~p!RJA(m1O2P*(O1bp97|exP+28}GwM$J z`3(ZWo2yFNj>@HCoF}dm=WRp*Skngep zF-ZQ+UXY)wEzExw?@ z`KJnq`+7DfB8IG|{T9dN+L|8XMc>6ifxL*{=pE)H_#TFPx~xoH`@XG6kk`ZkC-mnS zqH!f1ou1Cl;5UyOJUqhHcLft_zltG6OSPGFl$apFEaRHW${)0Gbvfay!N$&uyh5u= zCpG<0IIoGn-4I+L+(DFXG+5Xlr;4^VpBK4YR84+JTfMNHProX`xdV17e--?-AmcDE zaMj+35aT7cnHRJXu6Y^oRSs#CmhCJA*IBV-pY{3Nmt`3?c39LD ztl!R~0cwnxU|+UrwOmf#44}*GWXqaeP^q*bziC~XgB0MW&-TMou(qBA4zI?gsN3&WSPRC7^VFHz@Sf$7ookaN-lNV1}2;ckLXf!_M9i^Jdg$q zb-}gtx=+s`xmRfZzy_2x^VcC*)2<@n;KY%S{BM)#+9DFa0=*9EEg?_2X zg~ICFwf1q+vw{`JfBg;gXKK)w!i=J4{-H^E(-yU1G;d9MpS(F#^Nyo;`B;@Lner(a zB_?Fff_OwFtzm`I_QxWqli?%>T{a&~(t^6yFd)7XM{R3sYnvN>zpT1{T`D)i{aUQd zYyb$NwZq&iF+GuYBu>E81cc`c{E+#$Y&^L66dx9YxCf*t>311+RVG&4=;k;TzswZ~O?N=bF`1=3Q@m?F(AKNs1y;x2DZevFP87uAgwn2o}5@WlJcwJVk5Y+U~w{P`uoci#z@=& zq(A!%TIupmD($0)4an#bdu%WXYNx4G6w&o|FAfd^x=^>B4tXL!JJE@zlfeXBPTRUi z=R3`pj!;)LL}b6pQm5F=-i0a?k%g5LZ9hY|9fFCNP4c%<%m+yXJmq;iqy%ld9r+Gh`-9mY*MY)THXCvkjEjNn#rbtb;jpe{wVIAg4Yrz2pRcX&F zCp=2PIjRtV`bY-w?=TYr3Puqo856sC5-udW>FG}CF3^QJ1_^rd`XK07nhk?B*ft6J&SL_T(?N3>%>L+OXEuyA1(;w2OVz79N>j(`tE4>mx*sZt_v*fjL@#siz|#0EKuOla%Vcs~~clEyx*doUA(8T2rJ~mRfS& z&u_mRlws!sHoPfy5V6N8`eX11`hZ%B3f+wq3g<4_&D^RD77hk%sqaA*v<4Q2NX3N+ zL+>E96Zb`)35hA{fqWQpDk5iht^%1X~3Ix?r`qjQ?kxUXH1a^x_U~bwg zaY2r6_A6ou2v$OVOe&Nx@(uEnP2k+J;aTLcHANa_?IoJ5MYGL6MOXT$rGMN2G)l zF&Pv;`uh9Z29aUJcZh;H*xxxhK>B9#FPx%_rj|k4h4VdfQ#Yf`^s}=dDm_}$W_U=__-J_g+ z(fIiIU-uZLVj{O^U*7Lu8y8epTB+`Ae`LJq0q= z9NQV62&N>~!o`mh{jyefhRcj6&{eNsFgsUntG0!=QftQ>VRD@M4hdtQS+ILsp944 zEQyN3y&q93Y&on;zHGq;#HcP-Wq>B08kwffsMe@~Q?tYfb~Nlm6Q; zuYTNZav~N#4GW{8)X!vlD!UL5kz2H=A@L*-H$)1e>q<5@HWCsqu6y^6_TJ98_Uq~P zj^K){_}%I0&L!+gvKvcjU+Ss2?}*Qm{iMR#-Y{&OWzyNoVAKd6og+jp1Iw-QZF?E? z5n80sn61e|?p$(0r4#5!!R1ecE~h#`4g>ZGUsfLl{zAiK*B?^puW!nK-|S5c`GJvC z9{0%NYiR53$xd9&AY}@3X)3bdxU5*B(j#xRaP)iGnc*1+wu3$(uL(fBE7(z-G)?4&C=-#%9$)>{0rw2`g`+?NdA7EB9;Nv4z1cs#8`I0L#tyfIJhD|Uy@bn)W=3ZqPwhhjG0#+56cbzBO-1eC?0pE4mpz=62TN%6M+R`*#w;G9`=lVIt z?cl&8MooT%6N1XmA=Bz1UTF#GeesE2>`lX=4tFZ%)p86&`x!@@bMUP*;kM!v-Sz3l zW~;DygH|!jyY3%t95DLGD zjlLLEx#i+Ixi+2txI7?C$Lc#rRL^?oB`9osAj2ArkYsy~;od%?jAeTRO%qp!xQgr_ znDtwqBdK?HF`l~5A%|?UD=&naroEe*GkbKs&a$GE&%Kto)uc>ZZiHPa>Q_Idg3M!q zx0y+WhllqfKjFjPxdk7kU+%V;;lD zC*2uIyvfo?q0;yleWUUC1N!qXTK&YMAjh*uu6H~-1 z`L&A=P8_#8NKo1EDATwVtBIP}2r>f3g`+#q2&SFGNYE9iJ{u*LD03&Hu;OS3p&{HsLCwgi0d<5`uuVfV6}NNTY1J zMY_8~6h%O~JEXfiRHPf}l$O{avFW()N1XpZ|Gn$3#X5&|)^WSP?|onU+6F`In(=fd3r1i? z*0YRX3d&x#O`t)m+gjg%%!!W&^um!3qE))@mL$Tb>Rk5!&SXvD0Q!JW5~9q~($e@$ zJ{WJvfthNNv(nBpz?p0Yw)f_GG@6WL{49>tQH6I)&HHPNAGTUd=xeJ?BwuB zG|+C3_;)+=-yP!Lgj`%M6Z-&C(ADm5)s|3;CrU&R0BUl?|H91_$7WpeJc6RQ_u2G2 zLDf=3e+RKTjPl`ob93{`$_khi3~1#bLL5SWQU8m&vluOsv{6QcyYlA1SA1E4p-Oju zgTK8gCgu!P3+2bOzn2SO+VCBl?qe=btrO($EX#hfyWe_AiWgsmR+(+f z<}C7=q{XY2M^(9eB+z)xI#>R~ui%UH>UL>nnV`PS0C z{!#5VV^{u3@lzhKX!6C^P1f0+2BS7-jSzx~R<8yw`$ETYKMxEZ3>Rc+{*`E&OO00r z7k|5(KeCl}Hp5zmYcx91;^Y=l_qe8{$!MKrYGm%yYH?4&P z-Gw&*l(7H%{%W+jX9O~+F6@ET&dpucNlnMO%7O|XUKdJx@8U4bsG)wa z^A_OCp-S^I0|2XXEVT8tz7Kpb$}lyok^<1A5Fdgm*51%YCa5CiNsY9<)YAaWr7gDG zMgKTYqlN>==kpb;9r1f7&Rh1r6xM_FOrc`uh0=4+aQl^radc)Dqm0^JR^=gJi6cPh zPDjl9@>0XD`@|EN9nS-dYlWrLs|5{HIZDjiidSPZM!?F+`h2U#v6!3N*cryt58?9U z8@b}bGWZ(2d`mykx{r}!M`+o=>B~XW#N;=_)-Hr`tqe#&mf^8cx3{&u4Gk>-&EC+u zY>CJO6+Xed^X__L+`@htvvD~9vOmKBq#_ur;XN9`^|g2e9~gd}6=vVwoF8gLp=|=d zlqsB)@B)(t6(Off$J&Fb0~$aYp)1t@WO9;{l5F=rUKWkD$&gaxg@TIvW%v-v3$Q>C z78eM0)8bdyx69veGw7~EI7;R0p zjJ=OwJ7hwv`60=dpDyy-hbDpi?cq_8+4uK1!Nzd|jfO82NzE6<`4R7HMj6M%Ly9f^ zGJ~}z&I21gysL2`YW147aA|Iugp^X)?q(PRwr3ca4n>zXNpl&h`Xjy>B)ZuH8HxsY z%S!52H=VLX10F2fuBh>vP3C<%hht`F!oUOvTMbuS0_Vc-N zrsCfuc*`tgCtDQ9vV3XsN?}vaKltTW*XuUJ4`9q&cOIBZ=IDXu13`3LOHj4M+D5r^ zKj?>l(DKD=q38|2R0b;zSr)DdoNfjJ*Gk90a0eL)aMilvFQd^v3PJr6K(t|PZC%}R zXYgX1MNk{E7%zTS)|N+A)=X#`B9Y-Pe0phF;K@=dT2+SZj{k!>hR3bCT*fuvFJD3n z(z9z1qs{BE`nz8PrVF)&(m2#(gp(shOT7#7E_&Od&+1ufQ3G%ZlT1ETwd3%C>=y7c z-KpZCt>L5w>w8C9;08mrCNEf81m)%4AaIMw;qux?L!WvCva}B0ST120n49nJ<3{~j zBIeZmbtu;z%c_jLCZ3d+VIsX#lF@M4SSk1k2S{UYgI&5TCPNJFd^}(nLFXz6FW$od zj3m1WbwN5o&vgncM5w*73BW!<_SuIE%41n?n+aqSjnd*{K$Cvf`qqaPY|l<;Sf7ns z!KHR#BnT3Ifn}KzsDpqNI00pW;%}Uy#c_!{w8T7;=c*0CF)TxHbf)49zXBDX9f-}X zgs)%!;G17tue%7p31bH5S!z{EM1jNsWGU^77$HuV7g^#rn6;6}Wt9@W4h{bR0ErIA zNB8k<_KWs_q*c_vZ^iUP=GuFd^8$ZoRX34w*=(aTgRQ1t#{HNYnmL{08du@f?F#4f z*&jh#gwrd6!Tyn8ifzF#Ab8x1Gboh~T={ubX=5*eV);#d*M0nkUs%8mvhST1H&=^I&^HO zOdv0)7>~aWSH!)5YSkaW=fCGIA9O1$Jl^!q)^z5mG%pcQh;a%*}tUvTu;Ci_2nr~jwQ)kR&hEPNSENAd+gJ| znXfwY5I&$V9Nt-(_uDlsUg9P}yC}Ap7L+&+R~ScMfJ1bg5zr>|Y2=>2C^X{)Cc~}w z_xE>Tg~_iT-&CUvz4+p5!sI&rGHx;>@&|7*hZx-xOJO$&G!=!$vO4k+{@l$ogQ?cM z2a@HV1s5TY=ftn%cku^JrL;kS1&W|fpihvn-T|r7ED(RVf-FjT62O0bI{~vRGrf)! zeCSLMABZhbHOiQBX6)|`aya~{$!1Pp&lF*wEohX%a}7*Zdx!c6652evp>Wk2(MyQb zxkkyx^Bo45aY$4CuR3?t*8P4j`RoRYLy}bdxpUEY2~ytSB89fg zr?(tH2CNrQEJG`N00c5R-rxKTLzV-xtmna0meT7T2YuBb{-@Y#OZdjBNOQp zkF+PfH+XHVZ>MXF`IW*VwdRP~x@Qpjbi`%AT)x#qtjREE@x_cz@*8OCjx!(q?lDrF z;k6Gy!>a9TAb~c};e-9U-OB?N_P2IX*;OD^77zojD-tm$@CrKXAC8yI)|U;6w6!+x zR?Nq_W|t)W&6FHC9~jrmh`duc&KUL22%raqkmOW0j>`&6KX;h0LV+CzrP0yReNL03 z$flgjIG3H0e??O^%CHZyUzzl6A#q>0tvX7lcSYL z<~+y4B3~L(bLE4on(22b^g2cv=^C?ysim-&X!71580|nK6ZxKN*j)rm=qN9K1m#eL zDNugN@QIFP?L8PB1)msQfv;(mXVJ-mQNT=#$UG9xI2Qa%Ubj5T^m!SBnb4+KFtVI8@pFdH)S{aKhp!>Nc8c=^Pg8{2o}$FkSYgiAbgI``zmYq!)VhnWZfR9OSV0hMZ@k8Wk=QR|7nk1+@Yx?L@HU($Zn9oc z82>y-{d>XG)V%~ktB)wSA*MSca4cw_2cDfeN%!$?L&A`9_18Cmans2i&RpsyzT)|QX@oc2%Ev!XT#d!d9 z<9-z#`bzU?_PHZ$i7lH{(L6)E)=3q`9nVb&x07rfQ&S`*bR}$l;^rw&Gy)%e=V51w`kr?j+ zu}kg?qdu2@zHH#nl8#Ux`(__0=UgQ_|J-u1N7`xeW3@$#dBb#z{K_YX9l{m`49*|mmAMlgVpVG7) zMATc&k<_oPbBH4@@HTK1#s2iVSA55nvpU523|@l#_U@{%Ot8H#-ZJ?1gcbO*iNIIT z0VCf*)Tx3ps--Tt6(oc-Bp2nich)OaG`f;gI4hX_kAeNsgdRcfZX$Dm>!KBSCm9{BA2b~g*r`g^A6Ndd?jZ+mU(+L# z1Ndw_sK9+Qp867P{qtqkUXbJX49Iha*c+eTUI4ISgVB2&_Jlpcer1KYIFN9ov%5U7 zsQ8>hF$GPf;b#B$IO;XXKt1zfO{P>{ZH{~xEU3rJf7}yqsS07*XfYsLuG`Kf4dH{6&e0qiYBz$|y@MWK;7w=y7C9nTW{Y1MAgPe(fMI zbZVBxTwQ}|IP$J}Dlx|Z(*Le_AC=K+yDMK%Y_l$ne zD?YExRC@{zOe;6I8i6zkn{BX~N9lR8#ZDzdq~9?NBa-cCWNw=}A<}I^e4RgLX!vgT zYkY7pMnadt1s5fU@baK6y^!16+rgYhVhpm*%wn*c1a##jtu{F*DkuP9r8#K0Lcw@I zPS}ARk=qDeGV;5q$mM2vZhO*a=?HH#$;$MYecH3?K@iXY64p9O2ch^-o`_3R8nV^v zz}h%0-%DK>I+QoQ<3~V^N}$itygju=SA-Z7wdJf2jZ7R@AKX6H88vFG+-w}sdg@FBWZ{vK+YtwDH&8HiF;SpSlxy@i zo#tuo=#9wQW}yccj9C zj7}ku-z~1lhYsXlpfLbdp{lAXV8nNsKQWNjQ{rW~>0dffWcU_<+?ye^fbs)@2#6A$ z?q2+R_<;Z8tI!-FbeLy}NBRn)Y%}lfX8u*M`uSzV-u)&_7EDxeP@8WYe1&ykM?eRvFk-q^}%ASjkPt- z(X|wXXR!*#h`SeJOh!~;%9-3xpA4n#9FK;Y6%sjJ%byi4bmV%mQ>o(ER9W{lRQ`<^ z52Mm>gTCAeDwYWuX2nMJP#MA&%urm7%9-z^2%6Zm)Gv|@9%^r*oz0|X3tcUE8j;y5 z33{>j+_z(=*QOf;-oP3T2Md_0=0m^&BXE;fK?+RiwF3GSOiWE{*Q-}i3nkWW=w{4L z{M5S+%kgeKpBPbyiu|Fkdd$#CMRz;B^%Hwvo|gXLknX~~zDUYrMHSCf9~1ctPuy z#%P&e5%5Sqv*id5e~J8te&v++zqL-cB7-SkCV&dEuw+sH^j`fQ-@Prh68*bX{Rcoq zNyaw=w!rft>^fcAYuUWj^RbUlu|Xk%13y0(6+S|$+Q3t6}h!^#IO8HJ$_f&{+g8a<>gxO0$-&H(CNa+yhbiu?5FgTNw#N&8#URbNvk>#K- zdU_9ZzXgY(=lP19fX!h(K;0p)sOS!a?!dljU`Vi>8yByai^0?I$^EQ6jPURS&U};o zS+=u7_T1^E&aUk{q#=B#UTbdy_xy=g>6Y=ca`MjpG_DM5?OIIT&&tw|7C=gm8|7ZF zKiTe1kO!s7sfUfi%IASNsS$b1x!OM1S7&d15-eEWuiF`D_2NPeI{IXt^ESs4*dh?Aslf%u0U#%<{ki=)v&n~Aim=U7 zm*4#xm@DRn)OL4N%#GA&1gVOvEG|afBMt0JG(LEJK15KE1`X>PepViuQp6FbxuNnV z+8Y3q8S$y>U|_LK8@9vuMt;q z?#eyeQeq)EKkdSe)DN5xIn1Q{<60Qc_6cS)QalB_+cLr@Y)zKqr|Ch(2GoVh3S_U} zv}%uzq;aF0JoFv|{#jcRfFsl8dxZak5iNI+QyAD)HSkC3%gozSd}+wIEzij46J35Z zSk={7G`t7%XA%AzJEudFB1)Q(eCx^?#cL#dn(^oETLan~6FI9e^WWeC{66`doanFj z?#6b3ipqBL@fOOdoc%PJ$&?eNx>|>6{VcKhvfI+0b5}K`M?W4X{U-N=$u~hO7tadv z{E*B5oG6U{$-N6PJ;l6CVc+A&S3$kZb$7G)=uCcd{wv5dswE}R)73{-SEtwbj@DC5 z(kbP+w{Ne#En~Rw`-aj`HSy#BAe9wt@*{UB_>`5>GRZV;y^j#YW@@{bW(fEjI5EsXC4- zD30J|^)lDBb6S@+Mw+$UYW=79{9C!w@?i_+{U^T-yZiqcyYl>!;lIVMEDeQJ&je~L zBhxSPN;e%gOx3qV=CbimrHNDA8%hdWIgO>deKPg~2scPrJEKF#f9Ypmj8X6mz={GJ z$HQo0s)@^)Sy?Kes|vL2@yca)gG*sZT?mH%0vg}@2t!VVg*rq0HEPTsl^#99xO;Qs7 zDO_JAa+tW}Vs!H51y)_zz$sxK!+TKHkKV$6+zdWc)yJt?h31rtdBlh+-VqC)Y!zz$9Xu8=hO?O z(1;(QUee(`ZkeFc8&~CY5SqSwI2K=r7F&I~7>7&4bsJseV(SF?S4cDc*dgcYGF;>> zy==%S-^riLoicL{)gS2}OmEQF?CmKObl!$f&JnXz16I}rm&2~b0X_OY}5P~EmX+qY54Z7;q+8< zc%o8IqLTetBE~VCIa9vx)f0ywMpPB9d3zP^uUO|egfi8s>eePPR4yu>y?Nk}?dZ)F zt`yc6_P;DaPK5C>C+9tH#jxAX^Cn!6iXZ6-ZqEvh>T0ykfS=!x9vN_O7apUXjk?whBPLt7%Z)nw21G%4WEM3hWCi@1%=Ye58G7mY3 zdGc62s;jquImI11nO4_ywLW9)y!G*amK-F#K>jf!W+rVp9B>#&pu~Uj_zlns@%I<% zr{yRaeZLtQ<~}#>C5^Ae#s_k!_$nuoY(bif@286eP(IDM z5^+@=zYlIIeEfB{9?~iu(MFVK7 zR}STVq_0=zXpf~Oe1Ab=?(mYn@2a#0;+leJjn<`*;|eS6q6&Wv{&d(|&*vqfP`AJ4 z$?YMSn5|XL)v?gdw;iX+*3fqZoI|v`$vSOD4Z5H3)%<53pd(W-__O@)9b;m$NZ`t; zD-e#9SFL|==pZ{Fego?7{J10agKWCWGkQw698ElK05>g=@b}Lk(rJ*&Brc$z3kX3g znp4?Vle{mCWlfsAf8_pHLxI(xZ?=-=S-OX?5{_EFo z+-9y%*@>NA-JT@F*Kmrr*x@p;mr=T(bU7=CH4a?xI~&)o1gGafK`gH9gGa%BHH-^TV}?vukBLZzFQT`Q_BlZGhd`;=?WnpMn}Sus|w}aK?YJ zF7{ANp)6znKFPZp!IZmNS{=hR$4>x)ZRmd%7OzTTs>K&}r2jr(VM$ zbZLXBnAcl=e7tSc_3rwO{tRhI?|4qQJPN-UWGQ1DOm|)sat;xEiiJ8nW?|OaRjJ z9kUw1E>1qb5>W=k$iKt{t*S1lt|&RuP|-VFc<{OGpQqqHt6_f@rnrlkiHZ3ZA$?cN zb*S>t?{@(F{vRedoS2h;>1Sw33)#l{`1FkRc)Ky-IblE%qz`2VL&6PDZAxP<{?ipr z#fT>S!P8RjF*Wf&)W68E?pRl*AhgJB;d z)t5Q8QiO8voO~amnwYV`=x*fw~u2PL~Wxr z)-fR`RjHj__0|O*)5U`V!-6^ce=U6yCZ|I4%E?*bSH+tsuVP$%p?9o{oo3732(GZ}m*RQsia5RuHmnc^ez5KZQ(8n!Wvj2BM4+sZ>DB?dJjA=FW%pkBB zMM!r5`U>}$y1CBpR`MVK&ooEs!puOm31IwzO=BRcy?B{WF42zlS@Z=;J4G2goOsQW ztCmt!4|L~)Xu>KTdMO2>=mleX!Vj-{NtvrmuPT4Er}{(_Q{yF(U8=#9w6nXGaQjCzIYHi?KElxq_AgAQ~ECR#QhD z!}L5(CKEi)oJO_WVIUX(+|b8sn(FY!(m+N=ZGrchW>3(YbdcF z3i?-djS!%gJ5Su0OC3O(I9R_e+BD(4d$!oHd$K4%pWs$&)g=)UZ$RcCH?uGtHnlnF zE^y$qVR1%&v>!@B+Ve&`_@nXu=VO};=UaEXUWHx0dchS)&w9u&e^rG%Hz~Q#f{$>F zOi?4rw1evpWd-ux4-P;ESGtjK_PAyPlih+Db$xPS{TK6D+%~ApjV`Sx?w+*uNLrlP zgUU|phXj{)!kYvd5qzh}2IiWxa&8y}!+^~Gen0?Z)#+@2jDls-w_Y{_zCh*r$J6S1 zf{f(P9Z#Us1nnQ?Y*c^LV?k14ww`ovk!n~A^37liqA~XQba;D8th+bA`uhWQ#g^2~ za?>pf^^NIbTHtC*lfMVYcirLd7dsFQ*bI08fN?vU@4Xa#r?EZ`u%m zK4Wr-qQmmEr2+u@#;Mqg8@IPrmU}q!FkP##ReWF34p14$Fg=&mjoR`jTq0p1(rZ^3 zYnie4VENa3Lk{9r{&9eTaC+CjZ}c1wkT^ z@Vp4F9s}J7--ei1BN(zl{(s_8YcO4KRyP}bv>NGtKR<8tF0qQ`sR&g`ecxV-z*{=4 zHpYsDc=k5cFB@VzwBNWNtcUckZPF~p+4>rM6I_NFO+*er!3(?fF=UzTlg9tO8dgvV z`|~X%soC4>qmz}+dY};@T)_IQ-sRM0dgHXlc!~|!UF-dDn^{^BC5`DLHHW=}WoBoO zrI#W~>LyeX?Xca<{H@RJ7fFa1BlsKSI<)@j)r0Kj8yLX#hI;d3dj}}LcL)gi(;cmz z;XJYXZQ+scb_VbDWbOI(+-XUMvFgCY&0}BI?X2f)c-3UOQ((`vIQFaZXcl4dMH~Wk z;S?1W&sU0OZwJUaeYZr%g8@#m(~YzJXN>Q;$9anT`PPS-n3dl8x>JOS2|+znpK)tA z2y|;Wt?HEH_1&$Z^yBne^tgAZ?Pl1O-GwLtGLHH z9j#TRdVG$Y!G$wU#qqR!WYTfkN}q@_eN3UgWZ|2zWMd?J;PLroCsZnn3%%< z?o7Kxf8r5m{$5L1mf?#!pxJNj-rRw25VJS)T7R*aHw50RdqSPKLiAD=Ym0ws0 zd;W1P(BOk9$-{1Y$493E$JNfKx4$!LRc~$C$nur!$1H>J`L+J+Z%(-SkC9>03E)5!B_g7TiD~S zKE40tkT^I^2p6^a^2c)3j{t}PW9=pRjlWMU*TY2YZ(9978>089|wj{<$m3_#+GfPe4l<)M~7 z!txhBxgIe;$6RXTGS`golx~#+w!Lee%0|-?t@Ve5|NT4Kl(bjr>QreMkzn(t0917M z93cNzTcuyu780#`TXyXsCY}V0ktlRJByNSM#Q5zG*jgDCw~9q@T5fzqGahcj7bLwl z*)BQxwVUtd*Ih)V7Bwc;DG$U>%Lwcz z3+v;|E(7;BGK*T}5|SI^xvPZEsTU)uYa}hg*KP{E)(tZaq#TY_2$~ZNC|dfo80B3e&tWEn#vJ*f;yN&#N_9+Nu%tk<<=l`3b!X*lnb3+;c^xAr8OK6~Zj80?#wqv;ed-o34E zU#vLN8X~OM<0qq-hUqyU;Qh;6lBi6WNrusY`s(pGzM=_#o#%fU;mg5sYj3?cB~7PY z-f|B^@mPO|ln1z7RKNjEVIxcVTkS39H0`riH-e`4AVTCIspIdtd3wQn!=LI$NJllq zIqGv~>f+~6xHAGAFzKugtCiTEKP;I|m_10Cee+71IfiGz&^R~SdUQbXnKAvfrai+(Z@AAcvjy+0x5MIuF? z@&qgtFFa_2He>-)Z}91pqJU@ztC=>r7_5XSKZCAvlaRy|T?ba1_1V`lEOoT}*gZH2 zj*>67V#BCSx=DyaUngyq#1EN#72F(J`V+NlJ3r}dKUwjlQ1?aD+H&cn>3x-`Ij%RK zx4X0Izt^S8sz?E~k5fi}FhwsmgwPy*BE|n|LY|*xx)nD+3oH;obo)SGT+c_?g-Gc{ zuhWTyj`mnS^!P@Pm3l556#sa*xLHJ(Xz=%yb>dM}7pL`?jI(RrO3MNvUYboHj-+B- zmrn@i{ej7FCwI!}Gryjyc9#4}e1*(b0(W-Z16Smm(LQ$GXl})e)9lhUx0Cpy1!=yr zu*`JF*b}&n?@-*^n}3<+OKmJG>S!F`$P;zlH(t~T{N~%lr-Ci3kFNO)r#&R?fmB+_ z_fOaMx>tJN<0tzb8a}~8RObH9WqVmuATT*Oh!lNS)gzT!EQLo-jz^-7j9_--90?K}Hyuv}; z$ENz=uek~bsIf%cLkjXgGt=ey;W@J7QYptA;@3NXxUz z50aB4M0Y-Ri@5eahtsAD29MI+JJf}9ZoV><^?xqu!pfbH+c}FunUJeZ!M4;baW=2R zs-fr^Z9o8v5rgCTd9k9)Gu)78IKh>}Ysr}S6j4z@S6o3i#ydUQFye`q$p{vJ(IHT< z|EQjyVqP9y-3xGv7;jdKLPMZay8BuHNni%~Nk`VKWWy_ZL$zngv7l%}A)?-4UGt+!& zZeN0-C*2Zi85+$uU|jYnyAw#yrud*r^g3y*LdR>s3k9Mp1(L<7dw@;6R^ILJ?obJ? zZ@&}Z2rpnMv~kh?b*Q|)eK*<7<(iK4LPy6o2C>MxP5M^w(ZpcR!1s-&5db){IwjZZ#7; z{E;*^-C4>@pXb=Y?NC&ip)8LlImx1McP8uca4_5sZ&BG(2Ao#NGx`=>3cMqy4!?DS zG$I%@KV@JmGFO@pI)Mz$BerikP)+yzAtV?#I>zK_u>b($_YKuv9T*)pgaZWGGU-fd#Ku`6(3&xxv3l7ro`8pp^h@X z@MlwcR0JMwEQYbH_i*x;5n*GREkf+xpU6Cl3vVUj4+7`qC+{y@d!NvHZSZ#>2Xda? z(SEDt4Kkh3zN2?vuER|YWph_KlSW<#!CN=EeQg+MeZ?M2T5qZH=H1U+%l)xqEx}_~ z7-r)4C_Bt1`i>0C`7#+xpa7|RO$emPh1>^$tR6p2~kLPe|wA;ZU;87`%MHJ zptG1D@-06!@CAKv=Js&S+M9oaE?lPOAgSg8fJdIm;FDN@?j1*{{X+Lr6zmcL=>x=%L#Me_KT}uvo8*R+4v@XizSd*PK#`W=yp`Gb)v;* zc?Fj7mgNpB#L5B*3y;eVmxU=^BAY-%hH3^xDu&2hTb?groO#KQnm;ybjYFj3OC4a> z74?TuPNEr}Iy@o&`#D+`cQI}LBEU7(Vq7r19Q`h!OGgS3_!(N+*L49A{;5iutlPf{f8vz2VcBMbMZFBx9hU9tEX* z{Zkl`yhXH|6H7oB>?uvG!vZ5lQsZQ63VgcsQ_2YivkW+(<(`)=x9(Uwx@8Fo*#i~# zgNN7WL+-jzU^b8`7jOO*4+)ZF;_h>sTqaFFb<>MRNlR1S?|*3Vw!i=TZ)*N8AK5=P zs`w}C7ty9ukfiXbWW!1y>Yi9Ae$|n~(}DGd4Aa@An^`FLysop z(m~`=JbnkMLZ4E7ds?9+fH`?4^F*vYjiY?VEsm{cGmfPnzh?rkhaiEgEkJ&@GlViJ zOJOaf?3bY|bv^C9Jza4b#W8ArbQP6m|CE7TdUhXa6utCCLVF(+EPGul44N2PYPzOV z$M~k)>P5aT9oY7D#XEQ?l`i@#v!^kCaLH~>tKbUdBPqFleJJLc5oqhSLBT97_NzW! ze-w&8yv`yVX}ISw(MM{mR0P08rGH>zc`QVg(j~g*9+pL-rW$LozkUrEuGfxz3sMue zU8~vxS@jn9r{AeB>>L6L;{-)NkZ6^JFT%+c$bUwDb?xSWIx{rz3p`=0f`g@WwFZ9Q z5<|7m(YNX zQU6R=*YBx{FXFZ>ImyePk#*Pt!3O-J8zzaVp#L_eMbggF3EeDSs(I z`32pgmWqi&EjL@LdPwJ}Upw!qrjD`31E(*waoyNM2^Tnw%A7of0}^s_0*7m=mooI17)jRW@=cerh=T{=wx>Ub&mF7pA~ z^Dmx!B{FE-Z!jWh;EK;AgCa0KaZ!EZXKye+47>JV@ehkpetusJk5bR^r1rg>0Tmv3 z@*Mu%X=iv~9ik*Ij!G!`8g`2p7GB4wF0F*AE*8yOXI^4s`7?^8k?S(8l#D8D%M$_5 zv?7MX6@uO#Q1qx4b-U``DE-ZXNN zdLkurI@Ko9Yc$yKIz>tbpMUn#>F3ouu|2z)jlfTWVHDCklF%@Ua!MeZEQH6Y;lN}$Ns`H2cTC4v_Apq2V5zJ(@0_&KD~=UGL=@IWr;0z&ole* zPrvlcu#(r%8v56PpB0`|-8O+%(tJaF#RZ|)63s_+4q|6*{^(dqby;9$zm^^gr6R?i z)qNi|yS>~SPK0Xc+f~lSw)QGX=hu45+7e8rNGJ~HUTTT{Ac?x~dJ>Tynru<{a&K%D zA3(V=A@4&wvbcNOV$=*Y)lhy4#p%G{s`}CdKXHGgjF0}_E9|@8xo>R8)i&?4`4%)ZP1eX-o574IKq)xL^qvK3m&SvM zN}4wdC5th>)_FVq!*PqG^8MKUE3Z7W?zYiJ{HDbzdqhLe>}Z2dv)HRr5c`u_(ve3h zAY-IdI5eA<#mZ4FB-F=Kr&(P}rr7JzY*VgaM%4UIHTxJoZvL0%Yu6|R^lCy2=NE^H zTPH9-+#dEStZEX)btd3}BHaQlsZLh)k3KrUl_sG;Rq*Hg**uh}j~t%GVYkZV1p@`I z6GPQ$h;X>-RAgB^)wdY6@7hwK#i#F&_K+*g?wU?Z2-$+QsalFpJ7y3(b(-G8ON39O zKHP}qWSJ{q4EK$LxvifXomMTGl+|}vi!M3bzOJ9hSN-^JpJ=fsS$+M(G@0}SY2I$Q zb(2sWhD=h)qYT5216%4l*|ZLo;pJJ}F+Qf!5mR2MdQ{e|RdG7sr6W)W@pgW0>L*t# zBg0@6884=qQxaqLe(Dc$i=R$D;%*v9i^>Gqdai(0$-FMVugJ59VosAohYpjqeWg9+ zpUB(=3iTQW|8iMYu;n~yu^JN_{^CPw=un~nZE8v)hPvTywPsU%MT6c#-(&cgW7SB0 z0(Y&(fA0FV>-6&3DxtmugSQ+^F-@o6lk0_LiM{>M2!9@7?O2;1qB-^b1>cKLPTqHb zCUu46*`q>}m!KrH8p-54Fie(ioRRbU__j+|bt9Xh7|NYrv=qJZ$er!B7WsGhw%oO4 z6;-oz4pU~5&E<&;2zyQ)JWpPgz)qYv*m33gEQ=AXpLH~*Zn z$Kn@+w+#NGc=j>&%t+96U5g|iiE2v*sItixRdzjUDB`k(CU>bZ5{yqgXY7>BZ-5B2 zJv}%!Ho3fSuADU6K2q|@5d*uii%sdkX&tgVxfmf-UfJlymW~++O3n|F^F9h1c!KB< z$aY+Nc-Cz9D6?2dB8JmICZOgliGTXwb+-?V0k&m|G;($DyJ)%L2Mc(97QQsrJeAX_ z_Btib=Hzi7CElxV4P|4g%JCA@xA%PwR+3u(d+)W3=v(74!pOLo5I*(=Yax+#e`(+xL^o|6=aYzG(F)Sf15bsI@VQ^5`&w7?rPJ48=h#tb zvw^aQ=^|Eis6CV_%J4p0?j;A=NNp4pXwNe&4m7VuY7fi;9Exu*q!~WE2B}>J#uoWF&IVpMLEFKl!Se$3r z(?6wnl-Xr-ON8Q9PE_3KlO18Rf2*%Oi7ozAQer2XS{~#)sd94^BQb;4jmyG+UN<7= z?Nl6M2;G5|yQxdJT3@=|BtG+8;KB-ZGE42&k4=%BC&n0l3N5dJN;?oo8IvsG99q0_ z$UeltEfh)<0_XeQ6V$V)rP1}!-HbQPMGvTD+Gh}sx9;rTDNEl_DF$b}uIZ-gCE=Ea z5AqjK_&Oox^rCOqprV?Z`RYpflGkRteoL6davnJ-4R!m#)+9>hwc4)Q^=G*(4in@{ z;*ILHf2;CZNq8+HM({ArjnVaZ9@Wz_akDoR4m=L~%JVZl2tnrWb7!_yJYrWEJtN(8 zc4(q{gcOI{>I)(w&nUTi@f~$2(KD7n$7hGM2^~HJtsV+@wH_*w2#nalm)GCk;(03< z_MyrM%H6?F03@TKG)SWqNuoS|0iSR3WcUGYRpSm62^3TOCMCSazNHZaI`q@`jbl zt(3MiH`CEm_;qrWx^>7=DK=9vrCogrCBwtlrp5`P!w;szp5&}2t>F3GQc3A%kThU@ zdb3N7{<$N=8<@>vdisf|XYoL$W4q;7DgdU@Xyb5pW7TC0U#pPP(D$-4${T3@r0!}0 zA&>QAiH^pv41HFOwY<5n{>dQUGv~F8S~$K#NHNUB-^XVXQX%_%ua93SW;(n0#58HyN@!t@&jPt3C`(lie#8!ENZ!#h zmY5lctIhgI)TGNJsj;PuOAN}o;w;f^QeR8#RYOAAE11Urym}!1E@@mYH^6wjR$%Mr z>~9y77y5L1e*XQbN$RUGvyzRtBDKfBfI$?Y3t9)#u@R4*h+I1`q+?Snc{#fQM5sq#b>W{JBLKTVJN zi-+mP8oI1AHvE0?4}-rC;~Ux8)hMK<7GyJa6c+Zb1iw1=@6w{)#qVQhW5UqhQJ6)< zZ`V+wx)<>Q-Yl8fUYW(@vDMR|Rr@<|c+}Hwx91c=rUxxA1a%Clwdaq-#YrhTY*w;9n7kKLq0x1qG;Oq2yWO z8rB^6P2)dzq-yQUhGOFwsVBIxbhdOl`c;T>mD+lNbp{kc?m*R)mMA+&;R03J zMl{Vr*;$~DDm$29f$ZmeJj?3*xo1{j6(iAJ(X&~uva9rQ7c5z z$^>~vh5G#}M+eh}3)Zv0ModhoYA7eZ$yD2hQHCYG7_S&$K25azp2}owQpJB-qM>*pitbR#^D}3czcGOpi>YWy`sY% zJ1Zw|+ECWgPGFuA7n9z>?jzAm_ zUi_g!_j1V+5Vrs%d>T@g^%A;g1127~lo>!$7kXaK0A<-DHR9XhtRQC2WVe6YWz^*f z)C(`xr4=&Qi3y{U3>KxkM>iO@JTYnUPFg5URghXDvzX~{D7zPBRVY`mgyYZq|ryt_*%f1*|0t!q1ecxQ0iAWO2gY?t#VzdyXfKBSeF zlvm%HTSX-fBRDaJqGL8XLCjPb3&v24#@!|{uG_@fq=`HI(}W^c$`xknG2}V+r*Q*C zK%Ic1?BEUO(*mm-@eWc&_YkWpW7$^=)UNd7)e#W?q+yaHv4M5Hs`AB%^IGcp`2}*b zn$dA2%SABg(ZX~&D~cslXw!1vWmziR{QgS+7Fh?}2`!w6<411&%hIr%q;KdMMVp_V zmYfJ8BXpOWv3?EVaL(VSaMqXF30RAr-{G4_$f%bx-J8bqv->~oy=7QbZx{AWOE=Qp z2-4l%AOeDPr_x>0J%k|Lok~fGbW0;hN=YdoB_RmUHO4>g`+nZ9&zF~jgJWQZnZ5V5 zuUhL|=g*FIVu-S#h+f%*=KVVhRL6&TxSsty<+{muE&Y?rdX}h;W8@#X!jkC4TMTDe zTXZj;C#GZ=5$z9+RMZ>sRBG%|PhKRdM--trR%434;c2dpy>Uy!l*BAoRzEgy&9Ihm zW*Dt)I4Y)|{z$XfEDk0vu?d-`z_HdcpO_O#M{hfPPWNfp(6l}Aos zaZm0?I=*8uq;4o$>FjA~@$q=#jlGnNR(@U|e@38?N58`PD4wYK)uP^n%BHp%h)g3PY% zk+E8uqKTq#bpFYQFS}_nBa~iCyLUye(o!OLYE#^=Ve}xOmKAS*@B3YWaMGmORWMz2 zt>y)Th^fPJKG?c_e9u$)QV^Zx9(G-K3Fb^1$e%8_Mq;`@2sLxaPM7;YQ^!oP0_F-k zu@Tdz*NeK7UqjqY8MF?nYFbIXqCT<=yJzur3+{WJ@7&yfUTFVY?FtKIXfl?rcZS-M z8KG63!y5{qdZ({^bLRIr(;-|931?GfxyKj6ZlGydu93n@pdapd#m8_ixa5Gxw)uH^ zV3uTiTBAHLq0g~ zY8-Gys5R0DskEpWDtH;u93N$?1eZ$J3+Ioe@$O=7IVz>eeW;SQ-1Nd!dm~)Y;=Vke z8rOE8sd|~*sFtnHTl^lP6$XoQEafL5D=@!Y$F*UT|3Q|CLM!~Sx^-rVC7~lttVD_( z1UjRc|C!M;XStqMohW7xdL<`lvo!do4l!D$tf9R~#i=zf`6}oqrkqe$r-Z=^+Nr=S zWxJkjL}rb-JC{L@!*S~{p``-%WyBo zYg+3~2~1fUmF3XGTKtVRjxR7<*7Xb~DX+Qm1|(DH8R|Bz2e?H0j$`U0qTJhN3fvp_ zHU6>^U7-0L>Kh~GFbSOdtLla<<(ClrZWcbhM4o0*Bg5zOh{}qrmKMxc|zq=Zvxy*lh*VvI@m47=!k(f7=PS&V*I@sDp{q=XNi1X$Vu z1v;P5U%JRorw$!@jBtjkR4vq`hEJ=9zruiV5`MzxFd5u`8d{<|!)lMnZEX%6^^AW^ zxk4&+LeIXwb9wU?{?4|FK=tbSy~hIMYfq)ch3K?ch!)-~Mkkpetzg=Nwb&C%T*wg1 z=HUe^GfR%P-42JRvtmlUz4qPY5-+*Z-WPilQMe!KV`QZsE8)dVYk$y(!{fp;!xO^K zSBG>}v3MXAxI?T;36R`v{E`TcEguTgZ~1bad~Lgbr&g_2f^lH>M`AWXqC}af@v>XW z_IGZP;>(Pv*&&MR>ED4_Dsp6-0%IXBji)u-&{)9!(p2ngRSb>F|*z%p{{P?lAp>8H*G=1PCAQl4hRv#L^Q`BiaA#Mi}+cg*KJ_}|Y zMRq)vzFXb8lYB*#7u{kYuEoUtIAcQrb4; zy4YoE63uQBkBBXIsffCgG0TCiiOVWMx64{Wl~>%3^W(=Jv$u0k-gr?Q5sG1o)$=r$ z4o6Q3?WJrCeP6R|cO6I^(#O?~Hd6Tu`~DnSzQ$!+!HQ!8nsCDur;!@AWiDLJcHq}M zXXo89v|xkp|G87z6{x^K1@s6ksG8XU^`^M+eWkPL?f$+G3RTRQ?`hfH8pVMza|w(u zna%Q#m~Uv+Fr6Q*tp0axf2?8j6HE=vn9$)E&xtee58p^@XDP}J-;vT(kbL<})Z!*+E&(e^wM>7;Uk26p0jBsg!27LCX0s9x6 zRKFeM-p+LdKwc6;vtQO z3(5JE_(=uI+m?Yz)&G5YQin(IA>efFX645ELgKNoB~Po1 z-&oB%ix68D@xN0)BBVo(N94DhdEAm!HNj{fzMSuR zaPfYDxaN7BYeAG(-HkribiSlI%4LpU?aY_;sfVoJhj4R1Dl}i+>X=`i)r`hl9Qm(RZWlAQPt%GwaR zg@&T7($%07lS--WJAk%obW_fh1G2Pq28}SOe89{A7y}+6bO4ew1^(d(M8%KpbS@A) z^BFw8@Om9%$3b3<(?YQ~U0emUr#QeV(8BopWKYRA(_T>D+4y$2W-D4BtbqLaA z!?fyCT~S^|=Z$w8X|pxeL|!yUd2vaqBS`Re96pZ{+3YNuEoQa<>ky_Apzg+cdh{6C z)jypmp=A@+$W;a{E`tfwFXy7&Y2{+QuJ)VK&p)KY`F>hDOqc{nsItOQ`RvFZZ6lt& zscDxE&%|xYSEo0}LMuSPcza_%kL54yIhHNh@s@Xc#o_SB^o#a4?8gD-b=xKNB04IE zD&$`oTBe*s40?QpukZzsUnorydyB5)X#aJKQNiuwIsNStLj(4fz`GEb1MI}o3pK?c zgSZz$V@x!tl;UEG{`}GRD;qO&3vizulHzsz*aq-gnU3v(jEszvkBiC|I-WfXHCXpp z7F)TyeDR6Y`jvkh$Ak12Gi`$g!LQ$(ga`O_v!#xS6gSUVe~=se>3szi(So{xM{tOU zh`p1Z?k_TSKFow_2b4hbngY|d3w1wSYT1^jN;HPP=^!a-$!Gwm5d>fBsiGEeR)o6# zS5z!0%YE$e@6Y}sd=OFZAtG95RecXvnbUpeY-@s44E@a)&$sCWPuPvMv6`g*z^$Q| z-xG%_G62*i0D!Bdjt)~)MI}n*waU*$V##!a<<+K{eyc37258;{47INxUabJ&S**;r zZZvi+9i0^b9bhXcBOxV4>19Z%P-cDbr_kkR`PZ^qAU;y)gW5b-oe!*k-kItL&Au-X zZU3}eg|F1u7^-r_OWRC0@7T z{iRz6Tma=&VA?@7t|cqm2T<1@2TR_7S*eu!nN>6U7bomj8QP&XLPNod4$jo}?_$FQ zQ(!OwoC#TuG@(#w;A^cub&3w3xAjk(!BZFz#3T|d* z1_J{F0)dRp_3I60*?5Han9h>%_YOB%C+(kC>NJqyydeiGHGaK0KmgsKr zWzc#r7R;G&*oa&CyocM>ySSGNXYj zI$sINN>%Y~+G)FKNByP@Gv{l6@0v|61_hJiUQlA*4>#|Z3ZzU7I%7zz+Wx>>c zBWfryy-sMgBt;^tf8of$%Gk~Cdl6Z$*Qx%5s?Pp zegLjM5`}&toJOqM8D@}a)jM%3assha0x{7K&CXgm)53e%d%WJPKjnu&R=7vI8F&)l z^LlT4-$b&TR3J;++iQ|9EpR>u`p7eaQ7>7T~bt8h9@<=>DeT!pS zdi`*Jpa@@%!)7fO z%z%$KY;qtUE6^t~r@98lS{t-Vfw;b9F>%AilGH>JwbKw$RDX z_ZJ6Xy$~)0km1-4DBNV@x)75Ub&TJ5u;mnl0@hq$SSE~-)sd!0H@1$;tGv0oI<9D5 zvAz(FqBC%vl7+E69>#GV1MX$7)q$))@)-8{7LG^Ffp~0xN@}V(N0Soz*7G7Zw?5!8 zm4lYv4p9t2!Z2fOQkq?YA=GKjZ!qma${2_CjWYcm8T3ZU(Q&M!kIJ@Ca&D@4^6L28 zLHy$p?(vD*@?^1*0HGS@yFE-PF>ueE*90Y;G+SoF=Z^Sfdp(oE@Sn0YsrMuKc{`_4QDPmJ9 zfF>eP_N_4*JwFxl*#(AM==VOuVTx@kU+xAF$$oy##=oTfRhYRZ|^idU8U)L%)>wl^P9`8LYdhOyIEl@Eu z@-xb!?wxBo4&nbO@N|Jkj$I@o+iglwBs5~xq|Uf6)@+|g>;azOi*2tQ z2I80kefl_V;!lTZV}k?e%3jB$0K5bG-spw^EfdA*e7sm+J=M&S%or{01}sum8|bh| zQYho)$(<)m((}Mo6+jz`MZ!*&Y(G`!tWRJ1PGzVEShb{|^KdmLe0eaNH8G@JK#&2h12MP9oS=lC5D$rY?$W|rRGd)0<( z6KU+!V~Jj=%XPe9|7z1ayMmdxO(d>9f*M=>4BgS`j#w)o0jh}{$-I=Qu+i|{rgk$# z!IpSzjy#GS;UGuqjUlaIVw$V9N!%is)40ls zIhmy4^XJ@G8fqgK^=Tmfq)C`i4s{w6-b~iq=|^{*69i@MfU%N;J5q+C9iu_~gA9Tz z?jlKy0~>FS@);(?&&Z9uxF{LDST^Ravvi=VK>=4Vm9)}*BL}nw^043|K9gO;oks>+ z66P14@7S6G3AgfkRGpKUU>Ug>cobUTIT$F#1FiuPXK*xV3`Lv8@(D^0)cZRo%)I&S zgwE(PJTYQ^=yZAFmvvwZy(R{)jh7Mhp(f}ZM6X$bnv+R$h>iUL3_cov+#SLuWI9}j4rH38&W`_XpJe9Sw)m|eIZ^svEce(dM*u*ij@4ru zB0f&3%!~0c|3I(^s!~HrdF(dT7Tnz{e>ud1(gE9F)N$eB%!JSVCl~L=V^?m@nuujj zlCL3-ej)id@mrDPBIL)t;Q?KRBJr^u;2MB>#O_6}A}saAYl&fVOA)Cc`KLMT-Yk|* zW2ISxCzM7xy!LmmycI0TVvG)fdmm?`DOGRCmE*Ik#V9;RF0HbPiq_8+m1Wrx3P^@F z+EMDa<$dXE80vE(yT?><54zKm)=*KYLQn%%i;KbJN(V2V(?}SBje~qNOE;1yO#}@aq3Tpn=xl>g!8&425Y6!6ahgi`}?B;`4M3o$e zCOh3G6maO#L=o^99ZslX1>DjwZY47?`7!HUcyc%^JFTk)0~v|9FvQm!@AJv}rO@9# zfWe_>M%BTk3A)$9)J*2YzwxX;<$~mc3D(Aa0oP?`!&L($sk1v{0vN<_h%63lZzGQw zQ`rh_gxEqvNe0741QOod;m4B;N3Lo^B$4MbT35h7^fH$Wir-1EW_RU*<8yQM;o5%4 zoW~KUG-;EEsz^i=xr!*#2ScFTY`%(I=2AU*r#VCejuf*P>{!L$_A!0PnIra^*0(|X zfnW)V8weX>3uXumKB}M8z9bH02+8n8D-(>V%+#Ea^n$#^>9Cz3aK7`IV!P3Xi|gLz z3C?p^emjS@GOttXgA=Xj>C5B_XPN>ccW34`xc%tkfg%sp@?lh!cuG}+Z{r%I3gi*;xKL|iX|#B=v)Bs-VFaadpdot3MG z#4GOBncUlJ>$8dZophcQ*@O+Btn{#ml!2C#%dGCr&e1NJHW%@2BN-Pv<^h>{6EhG4m<_(e(feAK7S(o+!b15W6n(yw%C^%Bw5rT&qc$;Q;B5E4bu@P8GuZ!i?@e6NI?Je>uO!F+)o{szBe?HRl8Z$3cp$PKY z*$&F=A!Ntlp@ubl1UdGOOU&tAnwaF`ACd+#mWqPYW$?8ss?^*X9xsi#A-gcoVnZ!7P z^PzMhP@hB3^~xCV7g^zM3}Vwd!Y?3-hB2p8lbl^!BXx)IJj~rC@)~7g6Z^NijB<~z%7MDu7v%>mZ2M)oQT1V`nzBPj($-5m{e&WyN$O2;!!i!Cv+m3 z@3@Ukaerc)`XyHLd9fl5ocAvL%T`>XVgf z@?J$D33Y=8HFXnz>A4`Qf|26XH6`@YhGft%!%_N_7N6;$GqTzQR+xi&=o~+s4+RoP5Qr;>ILp-7n)Sts+gsZLt_7~v5*XQ6BLfMYx#8v zbHywan=?(Fm{Vc}q-uNl62a%kntf;uwX&{yU-Q{)6pxmS*fPR1)0pR_a_yG=!bM}t z6E2BpsUue%;y8uzu(s;#Ox3@LmUr_xFv5%Xubqzc9#Q883yG1>kf|&#em0CfoW~SC z!L&@tXJ{f%YK}0&BXByKsMRlevhh^p#Cb{0qrdMoIfRTqt&6*ks|k+8rl3<|q1Eto zyHTimNXmci+nWTpeAUaX`=e|zA9~X!a&c_dh4FS_JHk@ur%3{oU?R{v!g|fW#4g2W z#P*_dPEYF@OfE?+e%2bimpm(Ei^CBWA!YZ;I@7Cm$pRP0nYw`~MU+jzRYZ8P)p?${ zSuqhay;&^m^^)AghKd#gf6`rurTTi&>fP$X>4MP4=G(l?LcWilEB=FVd0Y5deerkP zo&?;H_3B2nDpfQlSShRIow<8XCcGi4w+QMx**MAn3Pk}!w~OV>0U5l&o|RUL7=26ttaZpY*a`%S*5t- zXsae!O~x{3P&I`nK#*V63ZA5Tqr>}=755XYMY{qzWEuzYxV28J>NgBkQ&6oo=Su0ZHO%V&2f4&J|>6KQq3@t?{O*=<(@CSmn^O`bb$IPF=S3GIP$)mDCiA zKgi2`Lki_eKmJzL&`MhvXZgz|CA(aEfqU9q3k#p^cz{&ZdLJwYGty7gAc z>-)2AtIg`8qDy|%{T=Kh%Oj_*8A;UOuw1GTHI7QUT*>kn`nF=3m&#Pn(Cp>GM zY7Q zP9%Li*xgPx?8{NNd)8&+r^HgSL}z#l5|ye=@e#RH73;4G^}b_NG^3Xz`i$gRY{fCB z2ugZosh6iNw9M|{T9xy1-$}TQjeE$+(EW+a+KTDKIP$>sK1;d9NOPic+N~G$N8MKX zQEM!Wc*biptjL`pwugNoVd<7jx`)X063=hRVjtOCsjf>BWn5;KV7pr8!#Sao{z#8M zM2y>_-Q#@ix;yW8S>JQ!<3Nb;t@AFyP|>r3FWtRPTW4^0^^~j&A$i=%JDo>q%yD!a zHQ)9O>)~h*%!etmTHJdvIEK*_c4xFCRg}oYHv9|%C5AW|s3N1A4`OG{54@PW((l41 z5tol}6-J~r)=V<)nk-4F+7Ok&I{1*}x)2uEE(r;c2kym&@MfT0>3_oD>3fLZ=OScC zNFRpH(heuk=eJmwi%H3TS4WBcwwqol`ngkm>FBK-_h{Slg%rkK{uh@KQ+DD9h1-phmfS1dOP7K% zm?I6wXC~;vikgF)@Y+h;#)(eh;{142=2!u?)kU7C!ozpB6$|RZNG(GDcvVT*!^LI+ z+jkAFzQg2xi7*6gkyP$*3z^;?;vjU9;vP6~rz22LfQ5B#Id-HAPC*)(=mU@X;Vm)Rd(tn6kXuL)7(1j)L<3<)S z-w6V`uHGm|NQ4QujrDz$@%0Ilnl6eo=~z=b-wUjiW-+*XbB#G)a40hhe29o+`A?2h@YofsaChXF1=magfB&66L{ha4J9!1{P=WN|cxl1$s*@9IZ1QdjG=r?i~FW&PUj{exDZJE=_-2XUH?oyC%jsz!%uDx z;cC-gzhz2z19|*DHdHLoa$?Ls$kz*T=$iCPsm z#KVrqFhdx{J^dBDQi<+xsJQk?ii67Az)d;GbJ<6{NsKWL;{h+*8yn!SI`6QaBedr? zuLLK5Q0YZ_V=I=OwB0-l1xr?4xl>_W(B)hmW+0%Cu@^g!Bt%(e|_+hS&0FSG~D?yPQ##@Yx-RJ z$>hQoO<(HcZzne6?~lMTDGK5Fo9?%B3;%G2nVGF?F7KlwsHT6x@Y3SCf1BjL zz|sOUXW3hZ7Q!^%i>~FBvw@PcErPq=zd>cgbtPCOdlwh(-h($@a-U#I_|oJ(0_+&x z2SaM{`i^%TAC)uevy8`CVDl^bd9l!wg=}lYa*7L-(&(Dk4;{&zBQb0U<@neZ2BDbt zbE_y)J&es3k*kl$M_xl0NgjB1BWrESx*$Xco64!*D^u4wecd(!&nQehk|3IDiXNIs z2pi|>ePcz}Be25y4$-xulfrI*U1T=NnYdD5@{_ZAKE`~q21X&W9IYJPIwCDie^Nt+ zGbVNd9Pve>X-1q<$2!q>!MAabxLHkw?AAHrYnlApzl|ul=^G5K4%q0T3lG(Yw?+^4 zCA`?pk_agc8k&f~Aw+tBKgWqA&#_>EA8qVJEUozx=Q~V9x|=fJ%8sqUB!i$3B%1wE z+_hxtMvg?`&ZjcjQ~m`sZ*K4CE$#xVAT~O5_>~6yv8;EGqgY-HSvwY#!6+LVu*ZHB zB!mrvm{usVsn>E?z(l=iv3t<|Adl$OC9}Jz?^tC*A*90~K(I$Lq2rdG@+;T=`FMZO+K zRC&c9Zc%8wE>Ogba(j5r&O~cKR0!#cH*#|4C)~#bq|rUX;<9nL$YX} zWMVu@CGePHlvJ%n=JBI;L0M%!p!VBd*K~N$wB!=QJX=*Nxm}vHf!TWR-1;T?>U57H zHj>}oT5$KbB~jgxgR*teH!I9bjJu41#if#gV{+25a|qJ)FlDvT_F1!u5~!>oI)3tr z4GYC!qs+?ynH3SciSj|71NFGGY(iM{BKr^GHnRBVvZ+>KVihGl+#jZ#N_5ZQb3d?3 z4;jV?6InhVCBJCS5f(H~EYoqrbr2@Qx;`lVa7nTV{5qopvaKs|WjX=qVY8?AeK_E% zlL{4+Lp>{itrxVM?e}Km=Q75FArI_9_Q>b|?MD39OF-p7OBvU~4?uT}tnAmX zb3xE5WiLs-|M_er038G6@ZTuzebmWzzq+EWfUX1rNwI6YmG`0ua?-ij99f*pmPr0OV~{r2q3-8NloVZre8J zmC$kTe|($V`3c`K8vv%WdnS-S$YNMh+|@TOXM6K}JSu+#8NUt59I*)$f4TRC^zr}g-jV`Y^Kb#Z(O;0^|7xBqz!J4IUK!;2A1w!7Jcte6o~w7# zuH+xb11^H9p5fLwZz#A?}?-R){~ zSn?BAkp&2@z`4z$6x*89TvlI9czC!BgDxEB8Iha3J#L>FZXd;d)KhZGC>f?2b0coc zhj1AA2^Q%^F3@Jn^9M)qUiv>;5EIvH|Mdp|N_k1@&>TdN3Q$28t56}%{CI%J$teHr zwD^x{DCt+L#^dWp|8dcC5dedccYh=dRuCp@o*h?)dzUAYJL|RgiPb_FhWO=>`dxOT5qWKG?Rb&nK|t2-9s@bx>oTPh4Jhsw8k&ZJ zK+Dvgd@(t#gOKvyeAem6;56@#e|EhA(#Rd~ed}+;dmAycDm8ze5IpEJ?l2i@zo9(8 z`b1Czz0>9kotuu^^IHI-{SGpw&o0&?${4M)ocotOS0E03x6^9E`(=9VCSAdCyR=Vd zf~6XOi9bl3obz#vvz{PuGE8DM%Zdn`Vc*S>&~bU=3ZV5Q?0wB9y2o%4^rugc1hgP;UY zz+nC=F$Bo-0pJ1)I~DvqfuJ}Xrz2nF&j1wPBka*W20Y9-5WI$&0oerd7un?1=DXBf zpU>sxvJ$gUSqP9XrJ?v=%X>4kvXY5-IaylLH$BoyYikp+8WJSK$^m zyYPck@w1)CF!FB0re5LWH27N;{#}zFub`Wjm}seB_U8F@*s3Zs3|DapPR@o zVCrX%l&4zs>639<$$eC)(TtH||PWe!m}o_p6D=v(@^*H1x(9@U9TZsGI%1@0Q9O zwOt*&fyS>d+(6z4=w!~9Jt1@DYvxvm);UV{+g`|UGS40ikd)veF* z5Th*|aARA}Bz$)H&X~gQunTa$NM=Shjzmr;q@mfP+TMMScp}bq0QC8>a{FTi5WyyR z0s==yM|pE3%kwXhc|dwT`YPH(W0G@#EJTz{++$Do6Zf9v$oFl)h_YL&0)h?7t6IGI zo$}J0ZiT8oz7nQ@!>&6ceehi3p%W5u@_~gYV3&u3P!MYUP^B$_0je|Us0%^MY#XI90Tr8ST&O*+*Ca~m4H3RP}e+p2AfYGsb#N@6F zjsOj`l7dp>g;1FabXY8Y8){uW~6aMnn~G= z*IB+p9>0uuc5&yF`HTw7|N3Zv$!z8OY*U(*%_(!}^UITMyv82W=@M016nwK`sF>|R z*pptB*2hl1eCx!dk@Ahg% zo{eTH%8QA0?Oq6(K9lNPltj294@A(DNq&ddISO?dqB&8+B%)DJK&=v8^pF9oVBiSH zmm`GG=?zGUPwc{keV4wB6yq>u++Y6&&?aRu&lATZ&84&oP@wv<^ew4t5+s-i24nwk zGh{uzq9f9QAxPgf3>eKABXAy^J-Zpd&37_cZ$`V{3k)Ykgr*PJ>jJ4@cu+z#=CS)mnDeB6NSX)%fdKMXn&)Vv zJ7A_H=fY!8OM%X}E_Z9qqqM15x}rHaJ-QR55|Z>510Q5ww@b~$NCaPfr%eO{%2>PFTo1g2D zpd3ag0Ou;~zvHk*}lGWp!tje+jzVB8mo7hov zipemhAD6!?vKH!Y6(CycSI|3h#i?E|J_>G9FsZj1?6n$p#Kb)tf>0!1!+Vr^&w7s=%c>Yptxf;X4`xwoE)oobeHoU_Fxt%{|m)n{7Bf|;Ph;w_($JDD6aztc}tjXz^KDm zFsIWfbqBg&1vqW8UAA_3*)RD2UU3B_)0((AW@arh{NS6OjeNt2(wHcoh8$idxlV^b z^_(&t=3Y|fQqekJ`Rh?MF{y8>;)$xgdo?Fu`9WI}#iJsFREwu-Jy{^TWuloqkNlWs zDk6^pm)n`BOYFzhIb-0UuBA&tCat%9qgS`PktX8wm$F3HC>R=%XeR0gf>6G*L%4br z!fuXXkQm|E9e;Mi-SQIKW}*Ucs8k5(+|3rq=ksvi+Gg1D6=mV62?P<*!^N%Q-9e=J zY}O^VwZb{iffJ{wNWo}@AP`LxPmpxiR&1C&OHn@TDY&pfTGy*Gj}vI;)nn6anZt;b z_IT73llz$xu=(QXbVpR?dxS?edo!OP2Q$RR=yITk3vypEU9Q~huPCg_4gt{(w@G?L zn#49=Q7`X+`*yge+^u5`mnf!&8HAxUa!xbx_V4PQ0v%!$>1zkVsul8!0DZ!H{p<`FnFXp){+)PCLM6^v#g-mI`tH(U}l2*Ah{aB z`?%OJA?fat4@SO_jiHy8CeOd3$fEe-&g0t3B01ODXppCW5F}TH)Uck?>IE&Ca}}Bs zcyz-)jSLA2ROy%Jfoz$uagoubOGl*0pn4A`B}QvK$da0v2P&grZ?X}48PV?fg!F{* zkv$PU7@AI4)3GeUP=8{?gryUkXEshecd&wkX@?+TT(S_8F5^!rT;+8ft04a?TVEJt zaY54$sXC*3bcgGy;C{n&T0-PzYj$iFaqU}s??8F;~pz>dHgoR1(6-Mabw)VKoycZizC z%ztinCdd)eqKR^G(gpJCgg-wbhd%#*XZ|uP2VTZj6%58IZ)tHEvs*4w_W&vV6x5r- z?d;{ke{Gepsr+Yv3h3LEGCNpi`?HEMF+e}SL>g>6p6uYK{{#g8=OIzSrOSe;+Uioj z`fsK6zc#m|xK1^9nXNF0I6A}ohvZC`iIOL`r*RAw~TwM zdy-XZJ=Ai|36ysUy+EP@reKD(Fza^ zSVjDQ*YxIV-C=W_CY>wZZ;}rBF3f*KEB*?b z&831s+SPZtl)p+w|9a}@+#C)i+faj$?_Y&C{|Y&DwnGDHANcEjQilHZ)X#tuS11@@ z(48AH{uJ8&>s+be&Oo``aC>{A<$wJB_pjg#Kp-u$aOS5g?|(&VaBA3Lg0CbdjQE`s|_%-|zneE}h-10H_Z23XlC2G2&*xl1D!^6mb0CR7+GBRQgP+$%v{ zSbphD5d}50q&c2P@x4{V>La@PI0zrej1^3|Y8k|6Iw*bMpP2~K} z`Tx(o@71kWb*tX3Y6vr(neN_SfBRc&?X^2tQCbcBM!p?>&*mQtoVf`YoQmJ$_y<*K)r0-x}z z>#Wuc_Hlp*HX1q__W>aTh=F0bIm5@kjR}uSJO)qdgeO=^mZI);Ivyrh@caDWMsIX% zH0&R`XlUrOKb#ZJ-W^k&soIX5o;v+-S~|E}3=GWM{Hi72lvil`rCv4f#LCk0#EDw~ za`}Dp$Nqfn@pmN@VGu>yCqD9%ZHiKNv2+%Y<%dE-iYPab<(mStPefuuFrsAqa9Ac1 z?5_~e(V+ij>qP-^Oqm3dsQ&AI2opJ(v0NOTa@YT*ABICq;4qc;B%U^n*HvTvbiCSw zO8As1&cH-jy|)2oSzuctSmSkbIZWAt*+?p}%yKUqO@?lHdJt>;g%LTba#v>0#W-r` z&O{#StWwtd_emJ&e;)*h8+@;Z3M&OH5Zzv0kOp*j1aY!s*EvF1PB$%^&0JO4td)Z% zKSLv2koTWWXbLl`oMu`PHGFBtYDF&_GY~2xq{5&L^h_~Jg!+Tu z-%qgD=;7ulcTnX*M}xS*UChVgFl(7)XsU7AuZVIg)D5xD(BHHM9|j%Q3P)E{AG}^% z$!#2=q$TmW{4txMqE3EmqsYQ97)sY2?~jPvV8Z_6^k6YrFrGzs$98U*tkHcIZuu|` zVei!m`_=o#YtJ#s9@eA*c84D-1_RoZ(gdFcBaojsJuLHLLcbC<+c4*Xh`!I|Mi&K^Imm_Qp7 zPO^gvHu(<$ED^-oV5kZvwD(IfvNVO2DMSHoSA8=pJ)Y%+HjdHM=<|RBek z`+%fdsc6j?(F4?z#Zl2X#QUDR74%wn8WfOB920pQt9PZ;C4Yu{IGX42N>}y9`jZYa zqk+&mMa2?ZCnNNkVgnZ?d`a5=vE^tQJVt{x?4{IV4Hz}Nzhz$t6Ah48aTwLbFrm@& zQ-n&uAWk2r!>=zm{+(qCtYecd1%zvBKeniwWnvg0I6#7@<@P=FCfW`;% z$u*Eq*65&Xox7M*>;$c|65(V1W?)ZFP|l>LyTq z4CEUfs%4_wi&TB<+n~mUvBd*(Dv$)PFg-WXP;|H>zHtrICL9ethe1ghHN!Ax1il25 zReXHpFiCyTvx;v8``A7tG;Ab^(|YmXRvSgEzLXdOM>M|czap^V5wJzDxXC5r!K7a*$$33Vswj8^p1fhf?ZTB)9w zIX;<(BwH9q+Q~~DiLJcmXiqm5f8t1;e1+Kes0TdV2uqJbu9<1n<%COE`f=Td=uuB# zqXZ-kj$*eKJ8K=t!HOz5C(eESuH% zCW2#iw6m6c*sQ9cUY^Q4q@r*BlI@|SYwFwtZxGJu34py{)xbQ=fDt0KMPEOK?B z*1I)|ChulLwiIB`wdmRmVRwJ&+Xd}-b8+0uX+2XGuz`&);6hDP6zcf=(Ffi*lG0Bn z4cYJ8sq71-g@0z=f8^YDNisG@!e@2{6qP}2actm3w;u<@X-(ZcT4#H+oEu2kWri>~ zEIN3#O*H2pHwF`5E_>cyX<|80>En8=^+sn@On2&iV)Mh2&GWB&r`1yXt+SRbUzOum z#7$lRA+FHtVn_!@V+(Gk3X{@5<>0x~mg3##yQ|%owC0p>YtnLUi`F+|5~SgjMX-oC zXjTh#_EgS8+|!-WKADr!27?Lg2Mfo6q@D?E=7r_q!JObhGRow~G4WrJF(19X@Yt`O z2A4NKM#3}jmvh5+M9Uo+{bJH{o)JhA@~8qow!}g zrs;0Sb7Y7gwSZv4p2=TVA8Z|4IUD2*R#{98TH^PH3XTZgyWjo5ox9*)rcl2XMITw( zTxWP5+=#GIOV(nploYAYP4R|PGu%0xz3c^T#ifSjC#fsY^xQbT_37hX#!qSq3t=K* zc>*>qN)lr}_jKu7t>SrZKVtC_8b6BbFsUyYvC|mMRIlLmHLTV0L18{gTbfkJl>PW@ z43|><9qb3~U$=%Bu#QQgo10QTOt%OjAPL)?SPVZ)K>c1lg>Pkz@NE^r8Y@Y_gD><_ z7m7!dn%*U}?s|~%<7-$jhbNYx#>+E|8D)qy!~$aqb9~LSDH)cIUIb(2DLbs6i3?Uj zpkq(2?8^Woi~Jb`Qc`G!51LX9Zw?POYMU4R+}4XpZrJwcvGc*uHYby5?=U@&mfLW~ zYyvn4jSRlPf9c+naM9#<@Zw`kT|BOBBJ=*j(}>2s?Cv+WKCqW0TakqN{(1-v|HkK8 zn>)M*B&EtzChr2m^=Ml(P->a3(^a}<4RPC3VoYRNiJ}QvtcK>W3ZLz^?n<0G7zVG- z7*e7iq8D1MhwpCovY5x?0YyJ-kTnb-i_|~=ko1ryCKbHj`j^msGoo4ba@`!3<5}#y zhsY`4iIaoTE5SqU&8s!}GqpzZv__G2l90C%LxDEyEix19dM(BGgzdQpgL+Jem}F&; zfpcnD9E5rkYfGE>jMNVwvqbk4hM( zgk%p{=sEFtE2Hmw9lk}gLSY9db43ZkR_>T7)W4s1FHVR^Jq|ty?Xkm0HmgZ^{VoOfQiadOUTxRm1s5NK)mpg>#n zFL0KNp{G`S%`7cMiM%7bWAg@CS`PBSn}uK;0=?CyCi(bBaSkmG_brtrI84yP1Ocus%P zC4QnJ-HIIZqB=$8;6x6)=4%`Cu7R2U+FD|WNfvu0L7l0Z^DK2%QMaX5B*_aMwt4qW z_3d5+9J>o6`&C;3uD7*=e&@Dmna{L?pRX2AJ>DwHVu5pRE3Oro?#dR{3TmD&V!{8& zSVSi>rG4J&{gqm^^yauvhgIRPX)yx;cT9dpf2^N#1dZ)Ys_pfom~WD#pX@iW5NvVeoN=X!%6{=9sy)WO!6viE=x`)?jsL;vrd@acb*1Fok1_~)wkNKmi zmf^WM)HlW3)EHrgHQ=)??g&8fDJeuA=jJR1i$wh5vqpxUFoR5L@=vwjpe<%eFwry0 zV!$Vibq=$xIz$*884(r;FEs`6n+9u4s+yH%WX_Gh7xsP3%d5-HSqXQa+=!!%i}`Hl zt8ALu{-d*r2m}sJIWjp8?jPlz&CZaJoJ*J$t&G9lkaugfxW!Lv`g2(h<&~;%$j}xS zFp0rfMq@>CzEx<6SXKpl;1ZAM7aU*GX^I{A}!7{DXn8VI0hQ)ZJtX zi3hePd*!@&?UXXVR0>0<^B6Xj|(-JZ{CwW4&31ZotwL**ll69tFzo70HATmKd^Odn3#vmyUugQ_2uLmTZ+dZp1B8~BiqFJK0}{Ja7az2|$-FJs?|F>OX3m3&Qu zV;4M~IHje9Tw1_Aa(kcM$rszuL}PSaZS+Jx&oWM*q>aPjn-RwmL;wHUX9|9IHxYFtRS?eGP2-+ zb?FqX-b|s03tip6mrrONQpH&^A;U`^h| z56cyyCa3ET;@u|Rwc z{9;MtZQ=AF;^^?+Q1=G7Y)1VrK(J7~nhOcH$D@1mLf!FBKAd-?!}k3YdJ-jt=F>Tp ztln$>#)ZG9(r;Oq&NE>vy%$J@Vl3c+wh1M*N}K6f9}-)PBS`cYIhfTH@ez7!h# zCyamXBm)6Q?oN`OOfq?(OaE=_)p`h6iKQyrzwAVV$Wldtjfd<7ud^5HU(dFXF4ktV z_$<|(dVtVoPz`uqyIa4daZm^!T0) zFWz+Zn4Is;Mq7rn7FdU18(4X@Gjwx|i|Zi7>$+%$l~eeh0o=sNoc=(`w=;-;>9JV0 zcXVCUXW?KjE;bL8#Bm(UaB~Gr@1q? zbpvJN>F1j800QYuJf4Yk28aA`#>>E|n;%KsR&jlYtZlt@82*X|t$e+J$|T%gZrsyd z;bhe20}DgKV@otv3J9ZUILzA=Z9U~~7vBP<(t?dvov~E%m4_h;~qpMBhQjD zitqXArF!Sdq*7)@Fdl%quC(Kul#!ItfcSf;^FxK^!ni}#_Kr;XUMuonV^Ydv*_3GL zqnn-$b+DE?Cl}68QI}jlD1F$lLHmpO&YM9k{jFB0>iV(?^eyT3ueg zjc2;NZ@jmr4bp|CjF|WC&dQOAe=G#=T*7VE?g#()GB?@Q0oq+{IOvh;9+qEQMaSz# z(wXdKWjO220xNZbU_e}*H!6=MTMJba55qGYzp7@Gu0_k~|MG=a)YjJ_c(UPiM4<=O zzy?wm;hx?!_>nip=X7_P)y)fI=JEP@VA99zLxPlRLusU&Z3p;07pLlhkUkZ4J*!2C zV3xX4OH#dF`_-4hLJJ@cg*iYR3=hJ5UMc?!1tbBkjO~i{nk!0Mh{~t;aVECqX6?yiY);$k9WJgI9#NZtgcNdb}VP)3cEe z84zh`jfUQF+Y!KMkk!=@Sj;?4DUPtS(lc<#(-MHDC5i;`R77W8?PSjzv2bNVDb z&1-j%6&+|T<*c)<>Ik~VyE^D@9Y-ABZd&{!gB)=jECXT{(?MSG-L%ZtDIzh?@i$Oe zZxEFVb*O5E(w6JQcG_|2IS`+)xjB~Md;?8uF@ki{=vl~kji!^7g!bsdC;Jqwq#p6e zJy!R+2{BWhRIL=MUi0*|)M|33tgn7mGJYIJRSMpU6sl;%&#haeuEl2L{uLK449WR^ zf^IuO{?elGwbXZxj~I=1bP+lCMxQ=8vz5Q#Pu0N3E2|*ssZlIX36WF1*&VM*5cCqb z9MCeWuXmXM6BiQ%G1YlgxO_)QF0V_WjG>V`F;j%V2T*V2;@_k`v(NNU0Iz;XzR*kp z)Z1b1J;+IWrw4{vfxqFV3WMN6JM=E1tbS|N3;F;S117s*MCVvH(|3l}p_l{s`9&yM z!p#7&zg&`gKNQ>Aj8}B2R?D1iA8|{8&Jzk2x8d;H$@Hm5;B{D&EHW;>bil6oWJ@mn zA#|Mf!Zgo_@S_$px_SRdyU2-`0VI`vK)7a6A-911Wx&Pk*n+!4?br{JBuOSHd-?>i zFIViGYxRP83Td`&#nD$?CvECzxnjdB!8M@ohHnB9qid&3`j9ozLMKwtDq#-C(@ zHLObW!FYx7{=dr-lDH5j0xM64a~2I%oxa%>zdjniphKixQK&HfJ=c?$!#8%EUPkHl z>y7uvDo3H;8|{1E7<^>uH0+&b{uHrbYY;d_G>Fy7aQd&6F&pFbAy=bl zy{Dah06WrbS7HtB+AznC#k*l9oAsnQD>!db;wFm>Oidpj)WXl#9h8V6Tf%`OSAgFw(ubM_o>4SHVEu_!&^$pFoKr*>)j#mPUShV? zPh48*b1JcfvAPV`dLhr%QhQyQiQS%Ol-3yw*gD}uFCqFG8(D2HYAU&tKK+hhR#0~f zd%#BQ^(cb4M#R7o>Km!r%KiB*JxnpucqpX-%hLrH!p+Joulu_N9^(2J=8z%tnkV7* zg^Eusu|CY!e4iPPZu5Qez2*CYiIv&2E7}SYzN~Cb5}Q2nWe05scW0P(lY_)jr3Qbx z5`O74G%{ms!u^>~)OSCAWC23SW@X<{o2>5`tJ-b0r&rYO?9559YfS@f1mihFQa!g^ z3CDRz1{jZ@QKS(6DO~*Tl7$J(!*FUy8w+@|w!AA(skQk$xE;pt*QgfcS6+AEfJ3x^ zq-|Mqu<;|yWeAQtTU>JUs%>PL>Di2q_3&Xc>iqKwn#|!xnJw*UP%a6uG><8gk{=(~ zEtRa4BP-TeXHV&F70|n0ING~#P55Zqd>lckjOI0CysJ{nf7E}b+xM8EvYy}@M{kV_ z%`#Lks7@vAHj0HZS!ud3qQO$@BJu!5lH}L?K81&z>QdyEddJ`bmzvsu(rHn~GQ0t1 z#7UNSxQ3~X>T&z5rCZD1y9NynM@hMN=^#8xGya;awl`311fIBInlWCPHU@%l zFQxA3TT;fL-z08Y+kAi+y7F*FGt08@qYA>dvd>;i(n>F9`$L3jnuMeMld4Q>BGtJJ_Nia{0e-4YCvgD~{;+e~0{N5b*~Zl(nL|@~?z}Vw4Tw1YBY9 zBLB*gf`qa#deZ=9Eeo99`4=1edCfiWTdzimN}(8<9{@O4tTz!7PprnrZ|iz2@^-*@^AiBtQ&7(;f(;(0# zK$Zr{oAxROZt`xnNzj>&B??#_a@Wj>LmM++S+~Q?$>heeKUo*mkUJ3^@hfGYdLf~i>)fSNr1J~LImMf*igf*QL`b4Qk_PLG zTM=)!RyHN92pC`T7(&Q{vw={~cEy>}d z(ANk*U~7HXRy<`XQlf^}Uinr^cQHO$nt z6P{N`XQpinQIzSW-s7t{G#}9`HLkzGuoV2fv8>>3?k`;uLQPnm@vYwHQ}#^oOtA@^ z=j8@0iW@v#a{$fc4-~^Ikx(lw*TqO*ll5JQ5?BfCD@fuka&%W4UHR(Xot|MVWz}s{ zW3cb98KVm*ZU(RH!sgUzN-!1pQ^|@)y{1wdW+Pymg2_FG=oLl#!5dbPml7W69$tyx z>l#15#UW6%N`HrheIFI0;HR37%N_HkZvqS_@-}0C4(t}L3juv2*I~YzE_RW<`278_O3NBLmpwHB7cK)Cn$fqfP zHm&100bU)}MURm;*qJQAq>;_%);##mwav>Q z{F^}b(tz*{irZLPpEZ8^;qjE7($v(@g@9L>`bTf_pnDvXW_wnzCNd6b@`U)?*a{5) zr<5CblX^@bX!v+$ZJfG^rgv|A@%t*RrawKWkamw0L8SfYV~D#uTbb9_eP~tMH1)O< z?m`GY?}nEJdx$v>Ki%2tvyKCidVa`jJsD6_jzxcqdFpwgR)dqpvJxOXQwWOq6^3cj z4<3E%Slom`2%;aV$%AFN8VSY(DkP!qokcc#Gv!$lk;Bpg46(n{MyDLvqcCp!cscZk ze332;bF-b92u={J^N(dZj%msje*Tg$A<@tPR>E9t2))g^LE!Dl8WH{Lr`QwC`NtML zdvgiKApPmV;6~=?2%Y6_N^LaUOI6Bbx&o%(IRxzqkgry}bLoKBnv$)#p|*{tYlU=R zf@ys(51hE?Jt3VI+_EU#oJb$$lo0j@mJYBOj;Um^KrUZnI4vtJlKg8uT`M>2>^YBu z_|Jowt)rjNApEgatvv(2+~G6mM&X!JLg~Oh_7*fJjV3`{ks?>EcbpN2vob0|7Q)LC zesi?zQ-6yayqSYFF6P~(ve%XGOlsaBs@yzyJ|rkFl421oYNw4_-2+{~o&mG*}BRQCet?wO0g35y;1y13-(%SCb{?rpP6$himBevm93)9 zh_@cU=qE0;kHzBQ0vEu$&(v1mdio4v+^&wV^vWoWOB&3S8G;MOII6fTGp34<;rB_) zrSSM0l1ahQ#~xzGMn(fjJaUmPIg{sIqvV;wu_zwa%a@UEYdrs_N| zvLIbDf--wlH%k_cRDj-gn8pu?H<Q${W>6 zrYqh##TnhZV($K|wSFQAOLBZFF#@XvnDHn+$FL7$f>&Gy(m{txL|YhP7#JsGGT+oV zFP-O~9C&fbqe=E>n!#L(=b!`GmX9vaYAII4qwK+8FutW&@wC=Yo0C!vYS~ zj#f%MDl$2FsT0J?F20IP_{ z^|?)U=Lc)72Y=}f`Oor1f9-?6bQ>_3rm>tD_NvdJ`r=UeKHNkm6wsH&eWE2&;NMy8 zA0jEF_yH?T6{`Igr_Y}ZDEc6uW=>I6{u6}!0wh9H4^YHPwaDim-j_dU1voNb3He`W z!fTG{22(il|2#AV4Q;d_om|mJ^x;GyvJ~lAjVjs9#0v=&qv*3ip8+^1)NrDjqJVpO zv{}>;%|aaP-q0IJu5TfTq!oqqFnyzfVXBZB{trPUK&$@W4|bwqG5%9)jXSSWz|Cq# zv8C9D^s)!Drr8=$krUsU2rf*_R+?Q$0!~k?fhDn(PTZ&HgU&wpTS*Hnj zh-iEyLhn;YV;-3HUkZJ!=a^sdDMK>CPKEt9#w6o|AhAuc!D*Bk2oFt9xBDaZL=YFD zyHI=~aAWh!CigE9B)TZ@fvm?AOIxvf@2u-zal=|L6~ zxrr1PUMro!pNu$kwtc>0$vx!uX+Kbm>kW;7`fC1TnMOi zPggzGnh(?FpTqMmy#BU?OKA625ZLb0rdg z2~VjN%(B;KvM5;w8B$lJ*w9Gu(7DIeb2?=@s03WSepPzMfRV?U!+14<%Rew%l$YXh zcm&RLseViENhZCXm+fbE*CT@}i#F@EWnj!^NJG}(_^?%e1OH4+xW@AC=DhmpdTg32 zAsvQDd2a>1=%p9{oQN}VHp7@}TMlYn;_NGnvxc<-W+cqpXeYxo_wpLMOD=1t-T5x- zd`rWNZ#1+wQf#1PVdiEDWl<~;Uc398XD?l(AJ<2it@y2i3msCi&ktaRCm^7bteyt@ zDXzBsR*U(LzX7AY#soxU7r7V;NL&XC_03|r(GE%#zgAd^C|{U%+v4C?eJfp|R=Rmn zzWp-N(X(5^e7cP;>t6Gx-_E11wc#liVUDnL(HQ%)vLzG7f(zGm~ypZ!9|jX%{CUDH)q8FBSMx?0RYk=8vxoVQE)U#l+-*`RCk3Nl@j+% zU_WN-JgRQ>)c#H+;9hsz7a?X;?-BZqUS3|R!lVzQU%TiBKG%9P7h1rVtl?s?mg8-S z2bzPGodZHT0^{$s&KbRz%@{dGRiIhd>-KEiyaH}U0!&EGu4SaNUK8J;$wC;@rMc}F z<1L3R9!awQnYk>d-B$c9)^LSnp$6ROs)alrV*Zhz;k6Cm@EpQnvz(+$D$G6oHWra+ zuuulQUpC$MHm$sC?0^z&$1%AexR>%E0jy;2#A%fu!t__6nj3~=P@^N&rF-@&EUvh} zt>3X*!}h2X)r$zpEVUuV{{4r7adgNLT9D3_-~RYu+poKBoD77wyfu+P`jjpXlo#*q z!O7;xz>j(ReQumF!GQ;ar>Pj8)n-Xhv&$FnvNe#{eo4003^hxyL^qj=@#3Ua6#aLt z4MId4CDl#9#C@SXRvT}ksyV+;x(JO%+G*|Y7|WV?)r%h}Zf&MgqVArb-Sy=PAHVgN7f>01B7zz9m3D(VusHPq&T- zKQj%w4{=}ZOo;W#NflbQin?D3B^vG{Hr&C^{@Jr31Ovz>oMGI>$z95;rIpCMQ&FL2 zwAp~KlIW&Wz>(y#y%96i?R4wgFhd1Y`Evx`z|)Y;hzSn%gqS)DD(tVklWWnuo;8L* z!W-8fXWNYU!clfkQakJN{!OfeAxpGLsED^bQXqjytT2r08BBJLe}AG@K35Rm4L17* z+>-nW%8dSA^xKKZR}{V>lFosJ*%;!#XS}jp>pnHgKI*&K>w{epMoX-=4ZwnmQNGXg zc$hCdHZWPh@~+c;+2=T@?mUkg;}8C#|B1i4YDOX#%As=MiY;t8{{z8xnHv?pGPQrI z4L-^LYBGUGrqatpLc!lKUrjd9tEE|@tG_CRQ4`yt&*Qp%aYzis@z~BIt9n$Ddi*5@ zlXaEH+jf8jyFqFRy&mgnu$YqYa%)mLr<63!t;CV9J&<5>TGr#ABzOYe@AixN;bAZ1 zsx=S!Th;0HjP7s`n;VmO!q=M2KS*H*&47_?^7r#|&n|z=aTgH=W%H()KL3$Q`~^vl z9y&QWsZ87LNDJghiKOejgI2o<+NJo4N>O?4RB||#ka-NU*J2RY6ih?EH}bIJfJV$$ zhE3Ej?gLr|YiO?Vmyg~@&Cg+U65hGQ8$e_0{tRh)G~C|lc-l_abKbrU?|(W&IiiKY7XTQj`1hK)5X=f0 z0KJGt|FTj(MB#56K`5Z)go~+dhx`Fl|I~qqfUeoWwRBdT;2VPlw_-_>?;A&ED6`7~S0-B^%_Uhy^H%3;PolAJjjc7qIp z1*MH=UnX-C%Xl+aH++(or@uPgUQNZ|sao$hZMzA;G*>aO-$C4Z5g+Vdv*-C^tHt&v zPBI3m$)S*e44JCEG zzC&%A6o!7VnUf?2q7Wl|k$mfor1vAppy}NYmo`@}@F3oG4CxL2&xww-hFq+G#N^q9 z66FQd)oTfw5re^pC}>NQWdPR$O<7g`+%Ik@=+*DBF?yRBJ*Cltw-_;#d`L| zS{eQcfgb#8rxP)ROg%@%e=ii`rp7CJ`2JuT#1B);2$6H9L zplHpQhJluqS|uPNrpH#r@CZbACkb_d;da515b1+m>ShTGCDFM)3Hs`xokzf~+gkdj zU3bt_BHJ5LLz<<0RrYks7ORtaTn?Cx`)~%;e2kIU26V-o>ku@>kFy|-m20`&sK~5_ z$9ykaN?`d^E4`mo*fo^{8cC}<*3ZcT*`tYqo=?YN(y#-J({dhP;LNXJO2=`3+X1J8l3Cj5*!vM;*DKfnfaEnZ%4 z%tq6NCvxQ~AB4vP^fowana8)!NTqoOe5HvR13*!|aY-)F zZBAVqdMmxM~B?m?A2In}|yQ01YjUlx(*eD~SyLuP~NNsJe16T$$d= zrSLfeu7q;GFr=5$((_24Nmpg0%YRRFvTHaK@AB@z;chTZ5zq?cd2T^rN)3oi^e#A? zjcrTcNqJSM*8m@P6te>-FS-p0;kr^k0`^>(wI#ZRjZTfVrqBjZYa|?$OnpFV=t?W^ zu(Y0SV<0)F$7=0=fQ~MU2F&g;$yG_MS%6ogZqa6&A?PGrzV(WQiDSyn+-Mj%#C^)| z^GVs94=W5!cA|73Dk%v)r+}iXRM&XiOTDkf=p$jQ!)zf_3-OQpd!LZkMs$bBN-}Xf zFTf>UfOc!c4;o_m$w3Dgmxq^HuXp> zS^``qbGYv+!%>Ky9RcOx>goy&JCjoQO0Z@DBxO>7fh{dkN6t7k`_eTF)|PxM>#bSd z2g3+^#07KnnzYG+aedz`fu~drF?he#A?hghZUXI$)~K`y%-rH9NV!$;o&u5zmLfJD|G82|JPREk#8S3!*}--X1qBD!!)$LoJih)0?%b? zQ&tW=J#)>&QnszJJq{hXRRC_WD-0(?Erl#l?i$l7q!K;;M*Wk|1B-xPj8He86_J2I zxMftzLjT%1pO~f*W>>xMjX-Ax%KYrBU2IZI3vv`@(O{!b{);~h=d*JeRp1h|Gh3VG zm&9VL<9iov5|vx`;$rXx)bPyAUurT*C-{X7jy(dF?A%gG88{S|ivu)`K>f6$)GQ6R>s*tvc0D28Fdx6r0TB}slWPMHrI z*1athOB@Flu@Z@@JH^pcUX8Fs@9HI(ioO*Q?oZZ8ly@wCwbihz2=GOq_zlE^F?*qm znvDcMQR>GTl51uiHw%>FT z%XebXZtBEHY+%j>)E~bH(JdrGwP-Fcn}k8(VZU(UNYZtkK97_iu($n2FL0ZzX$d-4 zB#2MZGmBrU_m^;$GJ>I492#G+{+4G`bSzvikr~ed%J2R>auGhDM){a&Zum>>Jf|st zwsi;n(9;8zoN-l`^*{U}T!!q1HU{X`^f+8I85~ME3MG!R0|Ybj=-Kd)1v2>T^LYWE za*o-%wPuA>iHOg{Tg%c|>q>Jn#26o(+8Sp?~YjTll~?%Rl~1jE_mq{ilz_6`KBRYmDY&CG2+V@n5J1`rDLV1KeoZ} z8tqm+%*ysorr&K?i#zpM(OPa4{n{#>^YXsN-Z~bpv zv<8Bt=v@)M*^W@YPip;z;TZ7>Xvt0r%xrl>9^@qNlaf$xEz^dbfPX7BK60Njp-}sG zYa$uw_`$a+U>ovNsQXQ9|7K1M7Xb=t;%$YZ|5~dPB@+PTway;7KdJd|=AM*cAee;Ivlpsr6rCJRw(D*M$E`N~F$`zG=w>3)q#Bdz{mtZ(H;~}6SdWy4Mbw89B~V%vGX#3VQg|uuy`&zH zn|ygs82%$w+WFCpmp$Qx>P7i5lw~gvIzvwA_H$4kT>=hGE&fxB)kUu#KNpbb2yM4dC zn3POEcLomLOctg$kzP!<|8n*za$K^bIOr#GYbmM<*!U5?#UA&GW7KsOjdD<_LgU)7 zn`QRlJ_HuCn~^>Cwe@cwSdHZzoUwQ}Pit5x{%Y36C^a7A{+iW?C0a1_M~WLQV%N?z2)<;3+4VQ7 zGy~@lYBwPX&uOgDM*M9fDb9iRhtm`+{*r{#6djERN4T^Hmv2qI731I9X_xvqmd9BApQ5AuD2nkwMoHr}P;6O6X3 zy6MK*QbPSccO};!DtzGZQ3{e0frZxEt6a1MKIa`jcuY$%NHZP-n?Vo?0~;2)>R+Ud zG77(&Ah*D{Cn5!CCz^~C1l-A40H)gvVftB()3au$RS3|^9oe`Rg z+kT}}DNFqF%E1lknPw$h^h@;e-?Rl9oeczN+HLq$k9M`x-6f;#F_*P*a`Dp`tW5AI z_-j#MqWCxKjv0)^(aNabMNd_Qq3MZ;(|QLlm6&&!7;AsE{@QC&@u?arGsy)6PQriT zR;7*o9C&JgS*cW`D@M8+Xrqo;j$O+UaiJ`v0UdVEMA#_1iN=ABqW!Owh;Ll{%>)|9 z+uR^!fnlHyp)f4q)&w$W*I%Lm{@lgJXjk#lp-a({B1#-oV>0rFAy(Wl*4Y8xV5Ns^ zb|^Mi9bBs7nWG zyNXoX74(0VkQG7rWfhO(NjKc()iK~_hP}k)$0kf_R$o)+bK5n|kHyfrOi`KgClmB@ zA^?~zqQMYAY!U`8PrrN!vQeJ+Ko6tA)}@EE#EbsU(!E6qz>n2TV~Lq^Yfgk1SzO~t z4Dv3a1UdGz@A{Wi304)U8iNa*{-hjSNExA(wdNB&v0iuNj587r4O<9hE%(3vJ`mak+*cQ=k zj4>V*5nP`PJCU|1Y^AW+>tV_!%M2KnmFSN0!jk(;Q!6GjxyEDr(!(+_%@tQIw-iN> z{!|e1;QSUfIwW4-GcnSry9C&;MU(R8)N~>aXcB&O!judgTH7N&dfk8-dXc*QOFEO* z8D^4iBhE85H90vPo^KawMVtDtNF+E9_Y63-F!qSda=0ZXZphFFa5OyASWh2_2f5h; zrUsE;-UKn^C7zfR3p5{l}0H94K z!!3I!gz6=cH^yg{#35X-p#JK$E2fUpe3Hy>EC&t_uX?bRd>DLX{uCBQlw*^4n3&AV zNWjj}6~^m&0!2Ca4?KhI0N`0zjmP;L0(P;o>ydgWyETC6;V=UbCw;FbZ@hHI6Y3zD zH-XW6uJn5x9P~J-=BsRnRI^?=CaS@P{IuN-j9l^oip>x`-?2LXAO30FxeOw4v;EcdU>}DUEBIwVltiD=e&EN?oeypM5LwzI!OET^T=DLt?5$qe zN7eG&K&F5QtF}5ud3C;wm5@Sz7A-2mAsNCorASvB+s)&rX?W}C|0vG?f`q!At+@`6 z)X=_~9atYhXJt2%np58Ggs~~GwMz*!Yhk@BZqP~Qoew8XXR*@Vn>97>MJgopbVM9I zZ%Or^0uw~>`u6rH)q3#kL!y1}=|*kD@k2VvUnXRk)Sh?9>Qy`lxI(#@GjI9Cr#=xN zsI>jIps`8CGFAk+H*hikKNdD2W!Hedmis@|*B+kZu&{-t^bc9>HwzYmd9MIqvo%iD zkiRm;KmI^_Xp3JF&->E=_cv7c@c*LR0q91RR-pXQvG?D%hrWHFy15XI{a=ort_R}7 zuF?}l`1O6un4@Eh^o6K=b?jp4lojX?nj*w$y@(Ge<9-`a2kc{f82>-Ak9BBF0JzNk zkN_xh(o~@M4py3tJT?)+aOG=wsBqrL3NB_ronMgnLyKqu@@@w2iV~8e(SdtmHB~GdRV9xP;IMd?OI#Km^PL~m_<+Xt#c6D7}Zt4QP~>Pg_lT90|t@wBgH) zl8gzBcRh7$1`rKM%`@IK#D%Xyuq11BXR)z%0*nBIsDP8G%;OF_Ms>;gp8Urxu9_>^ zG=mhNM?K1-Zx=faM1V}1J5?8sUwv&|rb3YtA*2qiCe_-&`03`W@NK;xobS-2O2+k9 zshP=2>}MEASnM}7-8DbLoz%-;m#s?h(Eq^VMb9$Wh+ahjpLv@1!o(2HUE|fmb7a_fYa=w2+l`^y5=VuKcYql)_?8Y(! zfTLXb6oQ)Z^}6TgFin#PhCuN+OFY~m5_n2M>wFbZ{NU+XAUk&Sxs?wpG^Q3hz#nea3=U%dyA z()W8nHPcYr;BSl`Ns6+G`o^f^=B&aVb8KE@E1q ze;OCdVgR4hk)78B_>m|P0;x z{BniC?<=PLR6L+Lkqb>|UUxt>jvmgG{}h-!FCA4xsxa%ff^&Q361Ao)%8O|X!Up7Q z8LEHNPf?7AU=3K_*dRVULTE{b68DW{<3lzaB?CR({l3UMThIA4&CIh`bgZ`bf>Rt! zd4;t=Hb;**=r_tG8F42pl0R57yo@MF1Eu{uhp`HVEj3eOFI#p)S7yyhPPfrQL_2B$ zeK78Su=iF`aV+h>FzznH;O-OLb#Q`PaM$3F;2}5!5AFm41Si202r|gv?(Ps0AVC6w z0O2%y@9cNK|Fh5f*7~l_#aU}EW}2qEs=BKBsd|1Qg9?(IoX{%j#GgcbOh18l~@0nhFD`ojqE#BOjZerdeX2uL^_* zjO9%j*r$$?lHH8ePW{%3aRh5BYt+n$j$~>6-ohmOw!$tI<#&e`#63$Gd|o* zl$8#Y<6)Y_bSlwRqjSg;@-}rOai#048 zN8nOJU(!C$)}sB;y5kGlqeD86F@66C>VDixU|$82-M~nlteHt;lSJe5EvNhIVStLjS=7NQ(>JE(i zPD?Gq!86a*e>zK#K&rSf5 zFap+$$LsPJ)=%6SXiI4!5=qYKOu7U8p_5X_GnI70Z#}3T>27hREU9cw(;#y}42C2I zeg~SjNrw*zmsjMF3!FZYEI}=A>S<)jejVP5rah#8B#aUE7tx|uhOR*5wfR-* zgYMA+=}!0cjzyguHI5epWvV8B2>~526zXTcZM~Nnq>T!EbIbEs<`2CX04F|xP#~Bc z{pjCO=J)dokU)Hydq0)@S7!0gpU`4}ym@ePnbdpei(Ep5o3iRHC*}O4(YR{icX?V+ zSk!ZvY}A)#Ggswy8n+V|fY?G+{Qp>^-sc|DlP?ZvJO@!Tt{o|&-!8uy21cPcN**8;kD5m$9tE> z?o8JAK8F8ng!_wR*7YU0^Hoa_{W(tl*q}T;y&+802-ivYm$>(S-9d1_Cn`UbbdLxA zw~tN2mw)YXKw={r=u`AMQS$#3I{e370G%rIzvK7+`a&lUbY{$CKBn0J?oPjNG+1B5-%|GCs_|dHhN9@7*o5|8XIg zd$?({lm6~s(7XR`*#TvsgtjG1OpX8c6rs)ca8vml*Yor9FIDfNluIY#o-Dh*M?4zg zAIC{AQTB!*qG!oI`@VnDg-#ox(zf3nLF`yElFi_NRF2w(d7&+mYy<5DB+e82c5%d1kI|CAP(N$8M79jdKVCdBqQ;XbLO78Z{lJ@S4; zw-aM@F(-6YckGbwt-r)+cbFoqymWf{q|kM}L-GjK3+ZNGN&4q!&ETJ#FKBaQ0a49X z0Qi^|KtV5YjMHm`J&_`g>cE`F;)dh{TvzkD0(e|d-=|JR9Uih zPrz=vff}}HLb7VRHQVnIaNiN36qq}Cby4hy{GY(@*nCoz^IIkZw=0PKt<&->@2j)i z?CLC0VXY?WGuT7t8Xp;p)8}>j_2aiSAc6Ye{Yw4Gfpbq3t`e1}{0gQJ8-vAm!c()l ztUe3B%}8J+*KBzMd)u4$bhXtRcc}a=tVv%R1nSy}Al9(7&rLIx&5h;^qAGn+LK6G% zSJ3qlx@%T$Z0F7CaM`PXFF!i(B-4+_gMU5Mc{11~@ATYrA`n3w*y*cfO~y<(iRFA- zNJ%B=Gy?>lZmR?MLC4`t_Q`e+7qhi)-u1lZGiv}Ozizze&3v~Lgx{LB@DUI5xvxo> z-`+1O$_j#VVorrCNA7;kcha2!i#mt$CzPZbTui?PSqpA9@q@v_ZYu}xI@ii~Z-Jf# z%+242EqtkR|Gx19FX{lh9@0$OMY)wG;XtNW@NRY&(Jzs1Yiv`J_AwsrgYdbHNoCi4$ z0i{~~YC{<(;AB?p;%Z9Asgj5FQ{x?8hiYuU<~OyhbiY~v4SILod1qs-^-Vz>EBAQu z0sgmLqU$8KI-DKPXxZ$(CP z1o>SRzD~1qaA2h~B(u`l#(^HF$p)d&XzLiTkwFsRF}=>+u+F!#Z?u;_H2gYj7>^bQ zqFX(mFo%NY7r-bOi}zftx6@|o{IT|om+ATS@_GkAYzw$J#Prc$teuNGr)#50Y5KrY zFI)e5JBIZYECe3L*rzi%%I2mns3<=#TXX*A^5@CR;E^XdB65@s$%34qrNXbk)xOP{ zxYtxvJgie*%*;Qiek>zUKxPq`EN=NJ+^QaH7zaiDwGvJRPFYHN_0;{l5fCS~{OVvd zA%`y+aUOj8^ZYzY^La><^SrhEKJb$NG?xG12OyTgz;hr7Hd~1G`)P}VH7<1xIWwPQ zEj1so-Hj&1dWw0GgXU_hq4L#bv)^DTRa0v4r)k5=BR#!Zj@a|d37vG-z%+4a}Ff91^>D9ASG^-}MWyhZ84tqd`1mF<5OqY(n{rELjG?%Y_VsAIoqE9Ux z@iuq;h9$0veGFJGzm&XKn3~e*qa=wqXRn*UumZ=zhE$|58=dF5(zi}_UuqI&9YJvi z3vPB;wd`g|A5e@<*oUGW_~^3hTW`mc-kzmO2!>c31))${l) zF8OVp{$kAdIIe@?R%#i8NS<7={47j@1zD#~bVa3iImi7}1B{egeq(V^njYZT+uPUy zjmEM~UAIEFfh^-*W>{+@iC11uGe3TV7g+7_p*p^g9#+QHg{iqgX6_e?pce(D-mr(P zKnQ#3B$x$J7YnqxI)aW-m)Lk#_kg5OtQJ3e>1xf>Vv+K18F z?tBdE?hOH%P8YU$Up(^f<$WZ)AIWIDSQG;>`x)Bx39<#`+D7sIZIhRpDVX3 zB({@tl-x%e^7OUy=Fjp2zEl9nxxL8la#*u%)FnwPJz8HrDYg|y`VJfeUG~YafhyNzXj8(qb{M&lCECi5**d~E{((V)V#=Wy!K4U zUN}v@5wt_yTb8f;xpCQ_qCm$!zoqtC&k{Q%NdN{_k7_`aF#?Tn1e$GKMe;ENVxx4R z*^rqXPya5gfc4w2zPJ0lvDB&s2$Evt^VK*=PH=^|f?`IH5!UubK!b4{rjAB;ta-(j zvz@ngLiIwj%VvCQ%QvFBO1Pizr@ z8tW1r)4KB2eJJ)S@N}>m+18t(>+6SYylaLpQ9tn#a(PhLt<}{LY%UlZ4v!V*o6dZ=1#Jq(}(UX;$t4UR0e*F&m0*!APc+H6V zl+QY>ZkfTe(!KLmC}!bPG7PRk{#8DQ17c{VOv#aQRwnnf)>fuhU4J1gt`&tj<2m1J z1>GbsXRZmx*>p^yu5thzi1Bdr`;Vf#UG89dhDOJjQjxGaXuwjV;~4iNIXk=vO(yJ; zH&Xl$%J>?-hqv>G<{VOxHKQS!Sac!bIx&vcnh#DwnmL^C@OH|1q=6u?#(yqAv_v4# zc{N(T3}rLKj>o6&;E1?(W@50AZoVF(J2u%c>9a-l;dn*Ac_DG|@D=-iq3;Kyg$n}$sukuAOGbip}xdQlC;!$)C4+U;-1;TX9h z0&nP$=$W7eu*vhhur591THFwwfCFzW04v)8Qei zW(=J3rI`c-XLD8&Vw%U(ZI$w^6K{d5_cT<-!oo$!lj@jy%!g8?G~D(te+hWn<(zwYC@o zH{|u`bQv%#?Mln6DaK)!Kyadf9hwP2Tnju?znn(aWrMI(lX+MOJonE^Jk7C(^^6o8 zS}Hp!(fBj5E5+in*?J5+VL%HUKaM4{KEdfBg9xomVlJ2Wm>tVVAn0fsdc=YZd63vZ z{6D)k1}{7~Ubnwib_F6cnfWmTjgknMRal6BG=5Nr908teH#)(hXMuYJh>$LV6+3Mh z1D(0(c`tNW<64iWj|T&`9AT^i;Sg$NL7->A*fNg@&L3!HkZIB&TfKl8~wW~b@7^x7zZ*R0laze>Ezr8ErKWYuC=f0*#nI+ z0P#Y}h3tZ9DaXx`FDI!^2UAyFKTOOy1Tn7Y)3U->xCUs<^m+S|Dl+KITmytECy z!>Gn={KRA|OraO*m&|WvGst#IheM1U@%pv_EmS%=DNaZ;$7{cB7UF5|Mne8hPol`i zTY$%*wtY9-;nl;f97+4ro$meKh#dwcK3SYTwI;VHYaQEWrUjyTM-;m{r;s|5H&0cV z1QVfK>2gkw7t53w+S~@0PEj%HzB~eP1H3b<$Z9jeLcCtXxI7#jPJePn1Y^2<<7Y=` z6}d2>FHYs1Q>{rt0={ccU6dF=f(f!G;f@?T*&4+pRjMmx18qkHq|dWs2@#6vx53@h z(KykOIEJF4T%plmnY=BGsI79$!TJ|0DX7h?Om#yecS0!_&h>&^0i=~x2b`ByqqS?; zqt@pe`J=rd#D?HRo*g(np*qV12epom(nk%1WY};tE6;kg_F=#^3Ko2)SKxreHk-xM zTe#FPUR{qqMQ}#{k;t!+w#V1t)TtrM>wf89$+k6#T_AD7(Sqc1=T3b!G3H9%R5=T@ zxzz27NpF=#uOA$*@8gsD>V)$-z5z zsb?TIQ$&|cOtF-+*ZND?dFr5TJLe;3X4v;vV+6^{d5HAO8%MucMJTI|9&RJOO`9ff#R`&d2b)hSNn;n(6hiB{G~Lw`Wb+%&4YWW@-De>I7DT_~ppw+T#;dw9H59m<{&B4eG7Kx%z;MATqIvQ{2jz=ZN!|img?9W(A;o9W$Yg#! z@-gkvXw@x&1auldgi8AgL^AJOte5N&IooCUKJiLmY7FRVVN?<}8&cdynXan5>u41? zoqD6(b!1j&MFK}e&Ol~SGByr7aXIjf^630>2jVzh;@(wh}GM+7GKkxloByP%m~U+q+OVe^9ru^KEaldMF!}t!q>1*jx zOpI`A6x1577&ccBgcVVvnMc`_ZDQQ4lp|#Lv9VkZBfViHL(bsS>ONWaX8z$Z!d?lh z^|(XB0KJ}&@Jy^P#VT2KgR*E6wF}NMFb&T=q>P-T>V|Bh!7xcBWox@n!BPV#PQduX zVf+5z?K__J5#Fi2V%l(fF-{H+Mp3CsOBMSE_))n}$3*+HT^{2_r9~ZzA<83hTiAT< zybF^42!_9XuSuu71kuL~0GH7X3mC0^V5cKXf59PNAGK78hXnYAUpMd z9nt8`VF`YPX~N0EZ>#pn5S@o>rZx5jk6MXqv4GHb&bJ@J1mhvx3T2NGtqemfKP1IY zLgoN&#dsOZja4y={4U|Q#a>A;Lh2jlHtO>CGXy4yqt|g1kx5NUm4T0}Ni0>yhx4}! z=x^G;J%72R47ZPUb4W2}x9nD5Q;PS-RGi(#MpQ30w;>RW)yAT?N)(J}kRR34cJ}UG zio8XoM09_|v^h*H7z_wjETATJWq5y#!|Ks`(Hi4YQp3xi%+3ehYQbPlUzVE0}E_o5F z@bvrP$iingzi_^g!v6P>XrEh=+|`#+Y%TBulSiD~5>@NoEjyqe>JNOgKq>Cu(ca>& zMIc}?aLGZSATt+Ldj)7~`7hdp_YeBRbmT0}*KRafDG73=7svXFVdWTjp`>g=1vqU_ ztmn<-oC%FFX5KHHspt>vD<6zT&WB9y!7Z;XF130%3z)0*Ge=J0A?!&c<*usHHJ|u= z`GpV?UR68@wCg9R!8y~Ks$z&?O;La`ZBkHFB|luOvE92}nwZtZ!}gBaq&P3wq$u~N zJxkd;O5BWccgCR}(X*1OmH8s2(MrNVwysDfej(MhMAsYx#n*LLh?PW85q_B!D1+7L zWl}zZFnMQ4ZNd4Jy_j9-J)eiI-zbG-xZ`a4xCPEO5+6_Yj<#hj<>G9wxp^c>s0(w* zRf>V=GWy76w+of3Kx**PJEM_R1x}lQ@q?%q+9+f-iIKYO>eC=AUxYb_Wy3B=+-EFe z=~j%jZQNDg!C{PTR9(7dupK{Jz4*7bGs8LUDp1zG*!yZPJTI~ZGM-=*sVgluAs2?W z^fb%1U;C1N!6#0SC$@5IAEBM@QZi*=o3p72x=z5qXBi1^D?+f_dR?8ty4KZKZ6MxV z=&X>H6ucDKLi%(@8qd**wO)J1MGKs6*OxrWx(4-o;0isEBx+y>*<^JnBgjQQs4Lef~47?&yKg1fSUg8r$BL{Y1&> z1OZIBo+N|eX=>%L`!yP|*^`-2G;*P1sYo1qNIYshmm$^Av-S7cI#s;0Cmg-c5Sr#Q zG~_T%ci_%sACYGV?UeG%ytQaugoz(St3-a~;aIF7^l>A+(IzO$k(NT@34)0z5TkXF zpCTyOF>-%l^4ES)QIs}gO4naQAkjw|Y&rU!+~IRefpH=Lti#~ElVbknOAhVNAM6$R zIO=!NH=)B&1yQlq*L?h+w@}sQM>2T}7p*5-Gu-%6U|-y;Tp4d)wt5dFTjzqTNj}P0 zwBDSuya5T4ScYvDGu8-unzt(EE_L^VIzI8N!PDbMXU(c&1m=!s(6~T-Uj3?dYgAWK zJ>oGxB!PiL@F3AZJSvxo26+-}wBVQKnf^%jeQx{O=^OR>v`06vz zD5<@aMJGn(?Pe^()!xK*O&-ag&n~w)Ez=D3x#VMA_TH{X*S%31gfow6a<29y*%w*iFuCzLRmk;Mzzfu z3V5_9?Lz6eKSW`E8_$_#!bf;64B{27b~d8o4-8I>0A}inhYu_Xlw4TaS4!yEJ>rHT zB)*5$V;*F*5?Rk|vb&cQ$Qli(*KJsNd@)wkpfXS-k_?14l^jC1yA6rJlkQ6pFjEW@bTYF#YJJ29-)o zyljm*_D zNoi9G?$~Jpu{_P!kmO;_JdK!lKcRSfHa{=e_?S{YZULxDc~)32njA85?m#B?Q_5Dl z>Q>z6>8UK-^2Px>im&>#luA&`c%M`Vs$cTV+BSwvTZ04_N+@y(iEZ=+jx}PKEV(3H zKB0#4M)0Dddbhu7#^~|YvQJlQ$-Y_l+fInjAU{vWuoo1zc>995rp7i!) zFwbe$oy3|M1b(s^#OXs-M2&~K>_@w-$mAM&+>rBil4podgIk5BrP)zNu-Y`~dwy{< zscEq*53@46;8tVqiepiJ01KY9Bt!f(PXxNYv$O9C1|!8VMOH+2 zya>mZ<|il&@X$tQ5Y(^~Nq5{ z%4cR>bsS-+jcCE$=|yn}S#u!^RtB~CRWke~L-XBj*~tfHoj9V*Ay8y%dq+@Mvz|!p z05hmWyJYM9Ge=B5yLpu-|CA@S;}Z5lCj&LHqW$PZp1X)khP|Yag)I1omMgfLr@Kcl zO$4f=ECYIIif*fbCXQ^HQGB*+;bngfO7(^>u+A)@q%eoS>G{z4b}i-_GpAg6T{ADJ zcy84nXQOB!Y2}pTUURzuf!6Pf*|&J-_<{Fo3p{+%0%uCa=G9p+TB^5lhg&9O?^LN= z>dgB_+gB^I*;0Ca2ZUMh^<8U&(D?~2NcxcTbUm++-fvHF)s9Eca(%A~jES*ZM9RPu z%JeK{au&_LEpiJkj=eImn^oIU=rntmz;5(~&KE?$TmMEY%LUw6D?yct3-AA|S^wmr zwOF$S4kOZ6W1eg)18a#zzqn2w%)01OeZe}vp?s{&UL?hbSXN-ASq>cRuUoH1wM7@( z_Kazz4GGkr_3k}>mVXl$Fl^Y$MXsaou8VBif&xG~bT!j!Z^@d*NROUAZ|`SVGFQ)` zJrqeq}MUd#8w-(rfl>fT!C^h&+2*NgTkgW_SE_%HXt_pIarcg z6xd{pTgErHg9BQMBC-l zu#fuQ)0oQRGQM}GpcqZWCpDSK2V}lj9lLu_+Ax328?t^ge(?sj#^&R)nVbM;KcvFk zNi=$)jcbpZ!BpEa*g_>VJ{^zCz+J8POYxOR>~tYpTQWNzO=63N8LK$k3JKiVw~fLO+gXA5TO4V^ud3M~_v=YPOO^|6oS^Oa%))6C)wHRj-O? z0p%znqpyQ*Ji1Ds+=GT{0b_2Vo9&haaAhr}*--n18QLWNBz8DJg2qa{mg&nWzeB$m z-@}XbkKa89Z|n2J0_5By)$`*GcW6Cs>{}XGc-Z-&DfRd&3x~+XTx;vvDk>IH2BK@X z@;jrSB5Wg3>pT`8Rr!?|9jN3nF(kBun0cq6I&I4?p6VMPXz_6BIh^9Skqpd~iPNTU zlu|GX2$8%osk5iu0$WZx{Y9;OO`yKL)(-Eu(Ux~jbs7chEiWG{CIyU333EpIuX&TH zOYvB$Fvacn*6!r^+~li(m=&jy10RPp38}elA!e3TH+09t?{LhIE{~zfMjO;0pV)jO z22-U%Xi$)d6lHyeumpTAs1(TJy}$94@XfdOqylC(U`ORESr^1^x@D#iN;-+H769G24ZMoGz#Os%SSBAbFY4z_8jxWPVdv z6Hi_AaOl@~f_-nsxEST;9~qH)(Y@|m`dNzej8@eUmr}g8+JVS-={{f|20d+F_TxDr zU)F_gp6~oR)V$UxRED-Bj?bJP`viXAd)IzWb3>BN7po{ig*k7mrsrb*Y(gA$lb_?m zC3S`8oSbJH8m-DIuSs26H?!e>$CHA|isdiH*gTbZCC27y2+?r!ra;}J) z&qPQv*4XkIm6H8q>Rr-x7M$bnYUDrcVdl*cyl-qKi98pq9%wS%kGo1>{J!tFg**b` zb_r_vKBfAA=bN+|Y1?aZtU~Jfnqs9r_Y$Lb+qWOEtqE=3DPY=@FpF*D-)s{hIQ$aw z{v_)OY1=`c3pg90^`DIu@Dz0fr1Op=4#z|G~h-bK- z6&Z-POHtZ+6j=J0|5S^pL)(9X1Km3)TCCyO zX-R5)u1Y@yf82-XYlBX;ntbr~VFVUFxxtYQyFsAU<*{>Ii>2!N7LKcZsTHp1r^&ud zzB(<=gtWM30$+w$Hl#)MkRxO@7RU1ue&hzF4AF*X`ENj>50LG9Jq>HIQCRFp-o$jv z=dTLxR9K0t5$9UTl$%CUa(?0xoKt1= zVf4uF45UhRP{cHKEZGKzsC_${?5w0rUD*KPqbSL&JS}}zFX9R$i zmOPG)A6YG0s-|v-#-g+v8atEb1TEHQC=Ms`?kT*^cT8bbDC2 z{E9Ip%Maw|vS##ViD{Ejg(K`pthTy4Fm0`bnVUoIS&4mCg~)NpX7AArevoX3jk#hg(^zplCQ z9TYyb0xkIkxR#`OvTG)@i%9alfk`QNUKXrV#iaC(R*kSeOr6I`bsdiMj=I^aUfEaZ z!5TBh!66vQy!;t@N6|e!EqOY?$cAzF_(e$`jgf(@@Vu69I4+#>*#oD?L!eiTKda@x zO89l6wF-3pX#XaYPD3j_@s@)R6pB;jabWCe#yNGl^WCP-5w(GkqmqW^4lz{_`qc!x{%0RF>2@tBtgYd`uN!|3I zg0XAa$!rMgeZ1Ft%Z1Vd)EVCmOhK&O& zFXzc$Ij_cWG^$6TkDRr*`1FsUpUG@o<8l*D?WFgHJr@5Fk|f{7bx3PNg8sDk*~OxR z=Zq7-e`!--AEUbc@b_$=6@0hH*+h&j+2Cs0ZQ<)kM$Pg@W*!`GqDBVPp>9shXXvsF zG?hMO zFa};Gj_AXw*M8kthU)-$_^yTYo~mpGF-S8U;)cp<1d6h(M=upWq8!HKhWy%5SCYwV zkGhifyhqzTNv)Lino01xv8To@B`=oQdQ9u@XPl{Ia;A^QcGHq|XI46GNL8ND@gOD! zIk(A(GVCQPMBhGB=1C=6Dr%JELb~btg6mA(T|yaC2)_5<0?GZAWB z;m=T`4H#wOHLlJhFp{o7tXfyL`iWcVb*cQ#%gx0Qrl5sbQsOKTDl1C<)vDbvkf9f> z{~|z?ATzyDWWQ*>@1XX`b<p4Za}I!6ZEi&t-}<&Xc&{% zKJshlbY4vRM2m21DCWZt}J+e3f-ga#V9-ZTQU(%S$$Wj;A zNVD=+^kke7{s+YInOqMrgatxD@;ZPRCJe0?drd_tylILzKAP(RvPfq#Uq_dbAR+ne z6(R9pk-6yzdG#27RD;+{9kuv?ZK4oV_IPbNSQMk8@mnN>E^qy@1L7XKj?YF_~GwLQiNw%WKpC?=p_}FcpUM;WxQoM7dw{gGz{$9U=t^WRXQ}b=6 z3N{Z%Bjvw<;RsAJGQV-Jiye(jKx;>kc#>;!$j%Aid;n?z*p0W-x>e&xx2SmI^HxEY z@irL|T(aRf6QdrgDZKSJcm1W~0RWQpYJ6meQFE#ES#Nz0WyUwjL-G_n;u7t-0BLvgT#9yG4q^XR&W%9LT2~(PkWrD!| z9YcvT1rZiBexEArap@JwsNlOE4TXXh7;A@*X*^YjAJTSXj8J7gq|2AE25e-Lzs~!l zi6HVgX{p&?e@_b32uA?9>Xah)SC6YMMlml?WEC?&H!N8)@p?3*CVAVsD!aR#rWuv! zp6;X?IT7F!r$l~|D;#|`$@dlqtdqh%8@_5-0)1YqM$VWF@zh3#_o9p|Y_Y{DwP`U3 z+Zz3puhU&7q--F6Dc;cZO*VMaX7{aK8gfPsz`-a0j4$neow& z)T$#ytKq#a448Sw$GEll`E$HtZHtF~X1-j+olQJy+r-1g4C$wcxR3abVGF%jb{o1N zPC?YVvocCAUL-0Z7jUzL`FcsX#>1r6h}TKyQZu-{j51E*d`aTWMW&BaNr%!%YETmm zlq@Cy|G&uWoGSVSkuQ?btEMukWT9943dj*?rxT>d_Wk8wXg{wOTKCa_uZ*}|*!y z)g$&b`+z03@g50e5hx7VN-F;PNB z@19Ap(onZk_n8_%T6rKV(N@%JZDWsZ3j=2`U~ zH2WxTA9rX*&pB%#*6LYS4a>4)9NXBtL0nmifyOl~atwDRB8E0ca{p?(Sqhv%D?r)-)|CmvFJw)T50(@lMkrq#%pTzJI@R1wc-+RvSP2PsGd}$Os;jqQ z-wn&kmA}4$LB<*HD|W7+Red3!fZiea8bv&18i@Arz9W-lNKHFA79Pzn=Pq76(ecPo ziM4;Q`o*8B2690Ic7l zb?)q&K@!Eo@V2xoqEbVb`eb69jy#*_vh^OZZ{J4XhuzPA)?stEO(=2)wsq-*IOaYL zW|*ft9?gy<4LlLjWhcz`;p?~0AzMI>Bn;L35m;W<#b<1@<=acB!eWp3r+tS03 zUCv+7#V!@jY%D;ZJ#O>TQU>uXSk@Ye4n!lizwCMSS#$HlxUdJ-7?zC5<^W1ecG;p` z7Cs|_Bu#L=YMk9my*;S=%SE_p-UR-HHb4F+sNEA*JG|73c~%_{B8LoBtV^S(KC#dy zL^=@G-V}JkM&b(WOjsS#Q=7U*T17x;)EW&!(qkv2H-bZzu_7^%FSFYNolEnYXK`Gxh7&ei*GBxk(CT4;hJsqhJ$e zFiJ@qDzE8|ZQ|8UkO^jg<1!RBO;_wBfQHy4ibf?g_R2bgSr9aIItt8UHK~g?R+Ka{ zQQ3LkltE@Z)?VqU@)aEs5S8pRs|0rgjw1Y!yE^w!A2uR&Om8{|I)=)UodgRQuJpJCfj@ zl-qnqK#(bOV-)4qA40-fwpT6)fxj41v@5jknRC%Bk16e9>t5ycf2<{7h@{&^5EZLJ z8PO@Ol-?YJnJ%X04wWhTF;%-2N8%S_{_YvNDpq#I4#8fqio**zUJ?25v5!2)dnSbE zi#Lz1`3gxk7^R57jRtYCWAc29;Wv;rho>&;&Z z2h?{Y3qhVmfTVGJ?WrHvzX75SyL?z$_U+LkeVvPsUJ3!QloX84kJI zRx2NE#qEnsmer`f0IQ&rFmqCv{?Ldflz+yN>WT&o< zXB|^FP`zT6plNx>ec%io3cv!rURYwjr>4@g0tA}@Ql=B2K2IVMu**Cnhgsz>l%LiG zQI@GzAHwnDs5#02FGm=wrAdKT4B&QSX+Ipr=;O3e*X?f%4-D_ozL4J_PH@FY{^(2j zsD$cao;q(}`Q?~z2l2LI4OJJB4euf};@X7k;#*dJa?Xf*+m5A)Eir+(wY8ecy}{>{ zav_1Rg5!v}(VzA&GY_RMHu}+nxkMzoH=?n@`iwf+o|q8^_McupL;w^>x)ouxBLMzsp^?%5zG2c3 zKB;?L5YxJNO7+9>@uF;BC+LTKdJMeQ?oXCMcv*QVVPD2!^2G2}NP~_<&6YU{*}Moz z+^tr$N1CF}4hrHIj&1ZjwFV@@9$YSa-sugU%-o(A_%DOd9%~@z&@0f%VGMM6M6sz@ z|D`z)f^m}x_ytvQ{Y?n7r9~74k4fcM%KydB`fq-kku2b-S}&i>5%m`rYKIO{oH+K* zTSO1f$wJ{b(e{whvY3Jk@C(vx;Yj{{Cf4sW-5cs~>T`Jt=2w@aG+@@Vrv$Nv5!;9Hvjv`BU-@8EAyzyGRN((HYuoX#sf z{_F7Xr<|<_w20bt*3REjN&l?cfYW`YngSk){7a1iX%|MIMM@pjek)r1ljH?hJ_v^1 zqGtIg-Mo!5Tmq78dF_|qvEnG-O~f+i9iD~WjKBs`5si)BY@kt?hhb62vfzN@sp z6?=r;nNvBGLoIH7Ye0HnU9d8lrULMjEl~`$7)k!~l#*)hpPc?^rRiVCl15Qn4pO=P z^Cg*#RaR#jAw#H|vmTWJSrYa_?LE(HFe zMF!}4D-#VW?0@ldTNLiEpt{acgV8ICu&p}1Wq1d7t&ky#=e|)k&;=z&{@p}0h`~Im{(U+3%E$nj0JzN+0G)Ssa%%NCa#C0Z)FO2?CC|SF-(3Uxf_JCG z+yK9wg2fL>pH+5VSFj^21BRh=Kq+f;1!SCqXP%K8+JFJ)L~ zjry{7UIM_|0tx4@0J~Tt&2_n%muunvEs8PwuFJo{bM zshpMiqQCXqR58CFEeq$W_`pdG;;F?iHp20_I5j$*T5R=p z2AGO>?;WT66s(TajEu;CJWv5-)Nk0T-)(B6O(vE9-6zQHs{tmBs^Qn+A%_leUPY^7 z;%)rKfgCFw;lmUATOKlt)XUUdNYP@Wqb}gn7CqJIIQ>fU8DC(RIV1c(9*@ug%#DH4 z%F0T8dfuTKr(i43x|(;Be@n+EP5$BL@zzC(liV}!7@(5pGYj3Aw+9H`3A?YY&{*Yc z2BUGtKRI^ZzB#hm+VnNseig4@67i>_@IRx6`-KJ`($xYV-&>}8`YzwLF}_j&(0)Ry z_9CYtj6{7eX}=9U0mRLZqoqaVLTL|^>XqKF`cO*6j7$DliRWxW`76G>7jXP57`S~U z9o%vC?!?`mjjip_Gl_W2*<(bB@G`aM)$#N^AaH(t>IE=}PWI#Z$1Z_Qx~R_0Z-Jl0 zL8tk?YxFz#!IwSv6zzLjY(K6xnC@gBz{wKFC2EQv35*$HSZXm&P`X#ef=V`dTN6gyablJ=sg#0hir6*8xw9UzRM434%C~4nQ;skVxfY5Iv}F z05-)7O2Ez;+!h_4+kGGEIEsEpgisQsEXsS`RT6nOw(vK7%$ERdTNGPE=gGt841g)u zv;0e__Xux4V5=zd1aUoZ{pZ|!q&|uZMfEJ6O@RIuJ89SeFr{6LJxBI@A%c)54Ug)) zfZ0#ViSdov1U_=?Y!MV?KVT^F?WNuabMz#d43h@i2q>tYtp$%Gk`OAp(6K-1`Fx&Y zCOiRe9Ar;*((5QI6Ywr z*vAa!GH%=lDr?7j2@J@A%yxk1OP-6W&7zSvK(8xLA6Wv!f68DHbj7^IE8^u)@WN<` zDlGy3E!a70P=pp$6obA|LFi=xAW;t}Elgl#4~Kb{(_(cqght~iZv;vQA%w(sicVj9Tu1A@FIZtG3ggi9f2~|2FL|gY005s7+~Ie0MGaQ-p_OX z@E{U1d++;-wbpel1YLR@h>_vDN&LUVeQ5K|oTeOAKXHqF|2p&j>OUhz+DH(LiGG7! z5G`W6U|h<dh&)wL&$MJ7u;Mhe$XS?1p%E;}K($%YEsllKB$jP|vBbL|!Wj35_$b-eK;+ z^g?HZYJu7#!;V`bw>WCa^tLKJg( zK;|0>*ckJz($^Af@z4?nueLXyFVqog`3mwZaqPJ7RtxDB@8gy1b-yyt*Zczp8(*l2 zTbIGr-Mt!E?CLRSQ2!X@n=kzLR3Yd4Ag+<0TCc4p~{oWSBVIX5b^oGup z+=4JQ=0o-4k&G+$_tiVp%6GY~opiyjFyB)t4~eGN^HglxIE=2s7?0X%-u?OcL*1}C z^tM0KH74-e~=|uX#lVdaQvLA`6HvH6nYgPBkLq^FKCdz z(tDRNU9bzcMa2rD;|!mka{k!+KzPVDIf&+Lg8T*_>BnbvM!B7A!O|N4SBL)_^g4Jj zK#=a_+0Xgk{bvoj+tM1W?)smt+AVaq<)`t4@PD_qqv+PwfW-kc*}BEx}Q^U*Y9TN6Rq-ewy*0dQ#<}q zP?XW|r~Phk$KIxhYqfJ*2A$6R#afm2NSMRuo5pPO`A^U7C8Z~qbakqdN8OG$tl^qI3(mEWLQ~!YuOnC6M%4OaXl-h`&fZzpR2O zzJ4Di^;v^7oW2y_B@O--93B!Z);<5ml4p_LseIr-SY zO=i(srMIBbYI50xpcEOe`^`AtOhoiBBWm7DyTOVTTGg<<8e_nr^Kd<IAW+-=gg?tNu+duNy*?bgGz~{3P;)nly)i&5xgFEfaf_5oeIxvQSY|NdFl^ z##zIBwRYr9qw_EFc2zd*r|&sA1e}Lup!AiToDC&!7kB7q1Z@^&pf55$GU98!TYa>S z2ixkHX*}8FW8PnGmemqn{ISX&AD~?0HXP?}tt&i7Y$(=Ic_>>Vqr7%@kew-7|E|@> z3*xenE3C1zaa&Wz!)urw$|#iLxt|VKX45oRDE+*ipRComwICk!M!*eW<8|$sb@Gofcma=pv%{bac-UY4xkCj^1%%9U(K&T4XO#{5yE*aUW%V6`Z?3 zFL(UxhY&Rf@>d_SZWFS!8Q(?5PFwG*S^Bnh71nN-J^zgcg6uOQ>5f@Cb=D<}j$`M1 zG6Uw}r`l%JC%k{wicXaeUaK(hZ=KqM=VrFwT-j?*CUsi<;-?(%Od(h8)Pu@cKXsNq z5b8J(Yjx4TV(v9ITlhvaKAg}9S!YwpKbI3CdL$Wi<~zn-IlCSpM%D|K0d&T-im4kq@Kpn8FUrCR@*iR+_byl<5c#xKA$`$#bvM;=xz zm8m026{`x==AkD3U5z257~!R?+NWYypiN7W&MQ$fy_`&wW;~_??@lAJyJ9@17s;TU zPmZfeC8(#i^O8#+nGX&zsS# z7l7P=I=Je1{Wu7naSpO(`ZF@lsbn=V27U-cWU(i)t_V;D&kUIWRDm8zx@7=Iffn1`udPCDU zNP2qA2hg^IbPg+rV*#r^;VMIvuZ2_OsFI46+ga>~foQ9KXvR3-LFRATLXE0E%O_gY z-nKF@2ToImwwg@ekm3nQVb+N#1B<(cyu5sbl6U{T96Q2u@3QB#Waxq*NJBOD;xIM6 zPI)`r#ZwhJb2MbYevJyYnFfCtVMBLFum9~w$c^nMbybf`d*5s#W--1>BO zwZ&n5ap?UfLB&bWs^Xa1p^7KV9uQ)7a>vb`WRxuo34eFAc_@u9Sn+mWD!QkD3PmXt zx)Oxvtf4&C;hWnO(2}orb}fE~ciCvboJCYAd^~FHB0+ z0|wA|WuX~qg|*_(w9MPc&|IU%owz`1WlG+;>;QIE;};r-qoPrsdpa3p%O_bfrv<2p zr!QVqRtYkpXLnFZYgP#{J5U>t23{4$Z*TtLA0WpaOX*GO(N8sP1sM*C17$?Z(-k zA(4LQ(wSr9k}6g&%D~&qbVW^t$n!-fq)MlFqNJ#oe7VH5mHw{n!=BoBH$0LcJxkxW zQF1Um=-^s%zhZ4x!@+0zXqv3O90Moh8q|Zo_u%B^Ga`AH%krs13k@+BZPL|TfCVbI zb0$jkH!_4qQ2Vm;vTBx2OJ|v#mL3Kua ze4_$0b%`si6O(mI+~%x=mOQ_#k@mT)9@lB+@fNjbzqUh$6fli%b?83&qc$z%S#|;s z4@)%T&{5kS9;h#-CaKG>mR23vv2;7ItAgX2@O=dCq*ZIPK`}-=rJM<2W!_O2=c2eOTS0ut0I%4(zCz+n)-;UyTu$$Me^4Wu?b!E zm6$!>xwu;k_kFD3jg|J3jz-D77Vc+Eldjw=u?blCHJ=~L7%f$=F+6e7bsXH+G;S=} zkBU*9IlzW&{N}mF$5GwA=#eSY|3v=aOeo%XU3e$AlVd7wvs||mLz+et`H`blr@USq-tsi;ZYb15V?i@}Hdxi<7 zQ;^-K06uAO8NEx*ae8%drO9c-A?HM0X@~<_n_6O}*>kVB;$eMO%@3n?*^s-L;}`n5Hw`b>zQZT{{AD^+V_R`A`qXUJ}iv9?Qc*xSgR|Bv%su zccJ3ET12YEOTIsJ(v*d=BEE~FYiB#{JkHZ`-Kt*p;oP!%cE+@?c*WP({Fkzd2s-IzA${> zyi@OPJMoBXV+s4N!ceKhOEN~ICfPV{v%NpRqN)2VETtp8xs1XMrCxS>+d0Z-_ien? z))*^O&gx(jC=dM(z{D+=Dd55}H#fJ=s+|?{IbukqNK0K=xe{hwXXK_{rf>$90ur|@ zG)RQrRagK1nv*yW0rrY%RGPmai+QCE$Y+%ix~B?%*Ll*u!AKx#Df>KJ70SuPZX_F0Ha<(+Y|zDiFst7326vwDPz9-f156oi4nKdqJ>;MPYWu zu<1A=Z-VM^!v0UEmBbfw$YCRvd_%Ayy6kJ$tU;ehw0U&qpXDugdJMQi$zy~+O;g!N? zEptUvTfMgx4Y2}g^(a%0L@oWF8Tl1G98^NV5sKvZAbx+jNVdORq*^yi+(r1Q#!)KL z>AcDppX5>S0-EmR7W-r?>;q}$ETR0sB{p~wa^HiH`_~>E;9OTh$W5%VKe1s^Ei^^; zO4~AO)vsA2u-w4Lr#a>4moFGJil+QmZxT`Vy?%7b<)z%i%;U9I<67wh8`K;?T3-CT zxCE@S$7*Gs5z49k-#6a!0sMr4jP;6U=4E&E$Y%pyU$fITv-u4r33F%!?z;|g2NMsV zIZUmOnS}oPtv%>(HC~Y(xM&p&Z}_YhYL1BRE%O{sDNklv_`|)RFHqtyHiQhn>=9mE z@k{d26R=Q{H13NR+cd)(FuO!fO@|BlEEAFDYlD5(4t)rj!;_a@5e(y+T2bd4;xFGC zZ7lj*8Duj5Vv9VBiwTDA6PO9@%!PXrFqx{{H~$wJMSlRce}i4WI5C$?i$9BPV4COU^NFI? zS2ewoRpozyVgW*7Zx1rz?#^y2p#A?tqEbkK82yP*@o!qfA2@ts2KTgxEJ+GEE<l6}6ZFXorW~0T)t`Dsz`a&(QYRn7D_ZZZ9}lU)f3f&qc=gpc z@bKY2P`V_i1SIu95nc%5vr)3g*iymm!hYf6mAmdsWF*UUxFj0?d84$Q=v(qwj{fp| z?qlXvS!;v-sq%0}dni>AX%oy$ZTn8%KSW*EoJ8)w-)V&YPI7aj%NTwWvunw-{y4-= zQ#XEUr)3b9fb2D%8RLXX4q7sO>-rBtcmEaz8rOJ9LU_?H(@tWVcXjhUIpxn5StKK= zq;WLsHt;8QUZJr5N}qTcC(&0*>?KOI)7>ZchtAIoj6+l-D$rZKS( zWWdnBU$Pk64q94`-VkbiLaDz@zF< zovcjg^UzqkS{IKx)sj(<{rT_1<>!Mg2QO`KuinNX^T`7Q&Kcrv-?H^Uxid28Wfi}@ zo<8j0JgA8^VLlXbI_~70NO08w@I{n`N^$MRH7YJpb$ZFXc+q6W`mfl*#}AEs+!DFe zeRPOmz@}XthBxNFl|ckH)_F}5N8j}~>;?su7k>jf5U~_9_!B`bw-?#@ZP8RNuXJRl zvsU^G8rQO9WKYZ8)>O9tJ^HU6fW$F?qkD<5_yvjWLkibW+oPc6RU3n_`#Z$o3l`-V zEZYV!nLVdn!Q8=<3Z)*{-l2hOy;YpBZ~uU>V3;Ze&m(NcGao=vD>eVRAKmg%L!VJR z`j40Ou@{EXuBf_W`;k>~pSi$724vZze7q5RfzK-Lv{eQ7#cvA?8Mgy-)Ks_7=~gzq z|6VsM+oZ6;aa^6v_*Oqu)oPmV>A#@|nD`mUtj4lRT--?8+d0gfGkbf`kvG*mqN31^ zk27YjCjqV6b^g-NB^9y%YGM>taq>HzI7-RAyub+;YE-K@2z4%Q-2Y@{)1aeRRNfGQ zp%!p?OU0gC-#!NZ!6iYM?U6~@GA!>Xy>9f3Zz7@P$`A9VjaTSim)1fB-^^GBvd z$lZnnlFI#k0Un`>7KYKaPhFfBMISl{WPB>OzqkkBq3lv-9eGo0F|QcPGi8zNG*h2} zn3W)bSdwturVqx+h!V3Kwcg-3;gzvTH7o@MuR84=OQrJ ze*h1>K&ml`!g;{@&R7D9(0uqEU7&CPkOS=a%dCtW{Hv}S6I$f-6|=+uLgSzuzbirF zxS~*FkEn%C_y0K1)OD@NDtKM}Z(5*0@0Jg4S7E;3&iq2e0E)SGx84Ro0D*P;dc$HX z?+pSc9B~pO314A0Jx{6L<=E(>8D8ls&HN{n*>uDbwpLt_HF&zS{rb1vc%C8-Lbcf~4y+6I46L&rhC!@d_EIao8?#fC z^PR{%vlmOB1qwQMc7(q&z5R;DC+&b5mgFv;O`|oq^KBkaN($0|IPRn8^{ycxXyH*- zUWt$vxMUE;NYPOlFDmc;1uA=l>Ev;+vRY@;CM&b@sJ)8X%L}w44z#7Wz`wUhq%8by z7W9C3Ii)wYub2%}j@Y;?q$-0BerI5J7*^F9lk$I?|DS`O{Ic@t`Awv?z#WQ=v2i=- z5KJPZMNgBEeCooz+W0(8W}IcL|*Q2o=bt>|vyL zV@X!tV`T*Y(Vyrr!dTSxDm9)f1hLa{_Zhy8^Yn{ef|d4y$1y%R z>-WR7FzB(VdI;kWW@-y0i$#Vtd2L)yX!1Af?RIzjOV=LOkTav_h|hnPI0k};hetro zl0^ODg$Lo5gcx@R4T8$UQd}}4ptpSE-o#z$$2ug|8A`d%q+?MbD0$`k`=1#>640Hwx^7t_N$X!Sc-GTE{gh zDS!$8Ng;Z}??V&Zp0S>O$SdP++}+Kom&MFvHNNwWNF&k1Eg}g-<3I||K@G(-z)RK4 z)Hs;XX7F1Wk>UB!OGhs(FFOMUUafD+U^Z&vAqfcyt7=g}Ufu*)_N@?KZXXmN=ISbN z{q4?lx{NVY3g4X5rz#;JojOylljp&XZ z=j1`Qc@@eEqytE3%a4Kum;Ut}<}@I;z;4o(0rfg3D_~_0F2HNyps);E@Qw}4?Z^}- z!P4bq#}ReFE9rve~tgUr_2jNR@ zF1CajJ51TVQGSyVao;u*P-LqPRiLVi3FrEIiV!Ug2N$>1~{* z@)N5WgF>FDRSY>mhq)yUPoI$#3Z(E?yU11c+8Q*JzG+ zkC_Qb9XF;o<6|oBxLE4f;dl0knFWZ|;?|!Yz$|yioo77LZSKtuveL9o4TJ*%x3Zw% zi_H@AE$E645)Ft7eW}S?nMMvPMcTM+b^?IEVtc%O+ce_CWYovY++j!r(s!9;JWCMz z6CiVJz@g>GMU>ss-r2*rj8%XGDfh(h;AH8OCuMOuAp9;Q3v3_V4>zq?Egp82V68`M zT9XSot=o9*#)B!S4M6ZA*G7wFgUzy32C#aiG;Ti096a=%TwUPW)-5-fW?b8>v)BjK zIqJ9e8)SgdAoFPC6ZVPWXjN^A)|%suhe^_+V?I^N^I==GVcAJbNgO#-zYK zsC6!}j%$F}I_8$#E>Ls`O5eP#Sz+o^o&+{4laldPXT)-u^Z_Le3+ppGd#AxhcSnE| z3hA89ho9m%VYMxJi&iadYN89l{iQ?^qj#4q)q9*FX|Zha;hDZTa&u9T?# z(7?rRjT`*6uFx}?+BFZqFmslbw~Kvda`;o|WzGm7_JO<4NEP`fvPKnVIZ91;=2p?(o}u-izn47;&j#TCB!> zC2p54t^T~0-=mFwo12N;LLp1&Z@JHnv7SA4(lo@*l|@!z1>3160%XAZC>}{^ZQPGZ zVnyT@C9RV{KID==yUzF~E=O4uY#J6Fi5-*`J@vu9`@0~FtB?NysliR1z(?cUMNRqn z`O_YiJDJ|9o(GZutQ0@g#zWF5zT4YIWU@yjab}C#jorc;HItJxiI2qG;ASHIC@C&E z8$0>D1j}-~>|>^_pe0j{UPKgy=ROc4$jN0aK2cX^N_>u!5_gl5w`5MaE$;clOBz$m zn21TY)(?wkF`1J|pjtO5{Tk24xDcnPXn7Fb3gs)>(Jwql>1e%^*Iqh}-Q%j%CJzU& z#2-}6p;mInjWyeCl;byAyW)VlD3W~iBbkn=54>hMDLg#9ykA7=KBv$)H>3fB>=HbZ0h=5JH zx<_Ryar=aNU#GgFSW9u%Au#LxYbx)Di1en2fW+bZMCZ_Q5!D*~dvpHM+lm^5!8{rd zG&r5GF7gi!-c|hN>7BVf9wO^Pjk?7pzEIh(QSsA}a72==-x}sf7nT3a6%S23Wxba@7Ey#!~_Po6bg z@**RKi!J7ntTD_4g$`sj99K{a|a<6RnUe!X$}7u55W<*iYUOX`9PO+9=pWug7Dpd zprB+jcUm`fo%|W@i_dO8Bd=v2D^_IX+a;oHoTKM>c|g-h<{WUpSVV14AcbRV=eT@_E?g_=dsymfhcF9S|3!6BeJd~pof7h z>uS06Y?lquC6_4>`wS79+AVy?Hz+c9pZ?fNEfmA43pum#)^LQ~)HH^wHF#>8W64|p zy|xO#Rft5P^)KIu143W}xcAKNhlSDY2|t(CzXH@eQdf!XG58L3u@sjWYb(wpmG*qE ziMgC~JgGRFc;xDYJ6!9qN>r6iGfq`I5erM{_TQ@XHadJhmA%9QDT1!hjPU_VnLoD^ zC>#Mvr*TuDrn;LWI4X7kz)-J` z#(=9vvLXQQf{zPmTN9mss10s|(%LtK)pYtT3}#bMa~R@Ca8~NkITx3g$HrO^_}~%| z`Gq@{^GO<55s_TnfLrLMto`d&EppS?NG5)Exk_YZkD>11##awQdP7XKl|+AHbL!J9 zpNxRPlQ1u8j)t_Uk2BU~Yu2D*wQ^aX9d`aQBW$3tKf*5A{S5c79^uc$?}_`lCWV1c zyJCH}m{2=GmEQI4pitz6nV>*xW^UK=9w3MUif$xInD&WRvc>h&HjaEPK>zv_2-K!w z7K~Fh2mObefC`c^GAbIBM_jfwU(jt$mMzKoRKQco_pxKqF=q`2NibGb4#0VCjhNi9 znW(e*;D7X~EQL@COb*=zh3nk`{XLQmiD2t8cQ~NM`9!um;)HCPK6TraUQRCfOrqhD z%|9CSXe7}m>>SfL)!m#qT1c01+iQujT}k=zu@Lr2NhJVacR!CXufre~o^3VM#Yd7W zcFotNq^rD-rsI&C8oTXv&VU>SO3UqCRs6p>*b6*F8M@fv=K!01G#Y$?@aZt2! zzdw5)G&h}YB>C^rpSY!fp-jnVeT4K~qwy*!k*NcKo06al(_Pl5Ecq<}sC$L&)1+dh zk?iKw-d$`huonpkNq~}l*37RwoR&Y>#^!$@>;Jq<@$wN>K-(G-`>60<{5BDv4VwD8 zrD+%hdioO3C=~*S@h-U?oE)V0(GS*Vx}TQGr-B~KkEzDFVHPwHajUq4z12Ev{ZyIZ ztl*}6K1N$%k!P?4u%J&C`Rn(+c=6d!8V=6t@_B76Jx6d(81fN_O9YaOUD6nKvNfw-*ulYWXQjs+XTW4CCl0ES`3%{sgIa=%`Aoj)|tBr>Z!>sZZt>-P`)WAhR>=UT)vD z&>MlhOGVSATP5CK)#E=GptCD#r6fynEiilH5xKUmSFG zW%Xk$Acu){;R60E3ZH6n)?Kwy#NoL<%xSnAs)71VqdFyMy_U}<;Lfo)$Mo#-s=vYq zrFwX?eC|aQ=EqQu=e2fOuvyDK`8eo=hH<0Yla+=_%a71sAU1#dyS{6ke0mTERU&jo z+*Kyt%G2r~&V6%i>ku1sivZU&tM`a1yKDrw3BgaNz%2+rk1SO5CE#%dD31d&zPOVA ztr%>V!_vzZdNMahWt93BAPN~_VqW6n(?0&hp;W^=J-dMu&IM|acT+PA#f_(*3d?m0 zrXf5ZKQOWWef1bVO>0GU9Jrks4+DUs&ss0v%n7i}5<#8p1_lNKs|_%23AF3Lcwz>a zI|03>;c%WZwctC`rjftT(JXRBt92~bPfYP{GWkk;@R=|P5 z=Isp*R+R#mGsN<8f3gi5@U1br{u0&HN^n+zJW1lQAe9dc3L;}udkB=HJ%Rzh6)&1| zpH~<{BJouRvP6*jJ$U#(_^mMyyUnjlNnwK20R|?YrnJsVI37(COe8tm0Tm02N}(1i z6bdkNDr%+5Yd&Vb{4a%hru;rPxJK&1{ve?GrxteE0@BwbZ{W!Vs!EZ}Ghkk&W<3ZB zJA=kX09CXl=c~enajwkck4Rvkw>$XLcpZVhD#0^*wwn0aMUD6>#aLo|2~c^+Wp|d* zVhhjXEp#hAQC{^Boo&V3aEajqg&PPm=c6BEr2mAnqiX;mPy@jG9K9Q$Z#(De^YZq( zvL-Kb=X2n24WyVWztXX<#T04R@dB4+ll~;OM-vdM>}2l)zEYO;jt8NJ_qa#D`}~7& z0FFv*Y3eohM#&3|zvW*)f<`mtO6W`cwbX-y@jt+6|wxo?;y>oZ1>|&fmNPb#1Fy?Txqh zdk+S}&`~2S^;~F=5j*8PGo@A@cTMv(aNId+Fz%%|t72c%`eu9tEht#;=7bs|jezI- zh6qCvDZ55wOpHkmgzkK{!p~n!#%K{Jh_*9p0X3q5FObiPU6H1+zaPu=MLq7Dz*d~fDF)Xe=FcAlrKt&i6Y@5)AVkc+=C|dMvDBEJ0o$88t2^%1bd?BmF1D z%wdOI#%;folcP_BR-g5DBM$$~K*#L_~152)kM-&!g z(njs6D;Kn5PLx>hC&wrU<0T*p(qGoTj{oF-F?`zf1%+*XS&LLkPR?hdD{pU7^CW!X zk^J$^Goa;dLFy35k5;a(ZEYqr#Ygs!gi_-+D`mUqWi4HMwn3d|NE0C!1!U-QxesW; z9J>Apei@KQqczgyisCl)+t-|8{~-{z{h1la&q9$soc3#q=$H51lr)1@s!!(O++*c53 z)JE+10`-4>H{;c=hcl>0T4fRH8Ocb76cTg6r1Oa}84@PnL4T8NHhCm~`aPV@G;#Sls z4tIyzvm-$2LVDcHb{#_DM;`isPy?#O$(k19t*|Cu`=((gN2#{Bmp|e%o*NZN5_Ysn zy=1kZ2(kufOV1 zI%!uGaIdSr9gXfA@6;6Kc+rn4{Z#>$z`3 zn|AeAUmWsZ%i zXoxksZmR%-zww^YoYCs%`^QfD3sYS4b2SRUONFpw-?VmZl9WO0P{CqWEsfIbKL&!*Jyk)% z#V?>=&G+Oe*K8u&W^mda%;YK;si~BDsE=dAqd8G|B`?eX7c9ucqRtXs%Aih1`G6Xf zaK7e*gOQ~S0S_seb2BI{u7}hA0alD#c)r2Lz=2ZjWgl2#jvnHHLOZ2&S1wXy#wW4y zY?{J&4>+LOc~^dwZwSn^_&$^Orz`&YT1Gtb931BUEC!&|D(Hec(0z#m3Vn%W!6s3_ z093eEN24>WqeW(Ng4h3gw+0ZsiYxu(8?9E`r1HQ?wA9+4CgG9w4BsW#YKZBR2c8p= z(_%;O8mRr$MD#ORGp>^p(A6YoWATuu3gd!g8+HQ&t2f>tb<-9R3R*#4YYVg@`_%Wa zu+iXTWK=hIx{;k+fa$MqF_0AveBnuG@k@>ao}lK4oyDV%>b38f{U3v{z{tQ%{OY1) zDMaf_s-UQYT2a}_#}+SvqV5++u^M-UGD;ldE3Rjr)04DMFyjt3VO~R-)a@rZ2yy>1 zY;(Y5T5Q%BG(R9vE>cgt>l2xOfkkcJ2JdzWJv$`X8^qb@0;Y5fs$F+``2>7dz`SVh zlMI$p^j8|*@yWZnhQ?*qvW3;OAr1S?CJ+G&%;nLg#bpzWHYN>mq$fkED)>)CEc>hH1_i#%&;jIy;pJp>mxt%f3k? zQlF9G=MZD7*(~F8Awa=lze+k}={aAC#yCI_k6Cw?14TU>HIQMvc*=%_-vIn*Oqi>zIT*BPAYfMWE`k z`!fK{!n#(bPR7$-;CVT4Imr`WP`k8Im@KLsGY=Pk1f$}fW);ecX77_PbFYjGMPV>; zqI(1!QJ<5vG?1cKP6pSU+)B-+vfd&F_6bBw=8jRYt(J7qsVyq2`a^Lp!uoSsBHV>h zx&!s!6Bfn6I_m%v6(Op5WqjT_zQq93BQPCrqwaOGd|oSSyRqB71VUxi$Rc$u9TIjV z&g%=6o=Op7clmGw7DIE^yUtoBMU3ae2|Wqd0~M4t@GE7TrKB*1x!X9XO^3*e=H(X9 zacE{r9Xv?^FsLS#my$dZ-xVvs3)3n`n4HWDIFlj}2yO7dad7nU&z9@_28~S=tE#=o zo^{E6B&O%b9C$JK6vl>eL@@o>p)HG%CLi=mKzdgADRH7g zcE%&ICy}jDit*#WJmF)l|KkbM*uWt4%19w)_f@uD08Rs|(IPC3XJ4PUbV{28-i}U1 zLqlWC^ob@=qX86D&8;WQ82oQ2)j&ttXgHdkXHkeH+PgKd6{s4fKuHm0p<3>mS5iTb zVl1{D4B$sd=f_Zjx*t*|}sUOXj#a;C6&4 zd?VP9W00-oo3axq_6%1T?5G4C(LIMdWM9iUv)?3krPQQKGJEjeW-^CC_C8;weyLm9 z4Y!_JjPd?1lk-rOLsv!6MJ;}pgJ~R< zQvVXU&i3N781LUOkd_FL_goJA~f>$`c zsLBU`V7qe9gMLot+=&W(7-ezM>Ac?}>JYp}in`5I(ek-0HzcH*OW{Hk>7(@kM4g+@ z$eo_f;xBI(b9$9nev7ZUrnGpDAZ*?GZMeBX(*WJ{k<`>Vb_Rs@M1s3`{yj#L%BdRt z=Rj8r7V7a@j@=^v5|5kIe@lAgdW1UWbxnx5*PmH5nz#nHUO8Ud22x=akZedIxr?WP z!~#s7og$_eN6%akoW(z^8&6NG@~cjl*Nly$odj#EN_lRi*=!H z`{oBX=9`uPUHjU$TZKjaBIW=wS3%nh_x?(6zi5#3$7o;w3Lryem~!ex7S9A*vgCG! z`(i3Am46x}JR;=*bDCAvOD3X7at_Nr!L@?>H4kugd!>E)SDBqn}DeYLL^0DuIAd6srnbe||2r<#62AepW2c)rE3~p1jEZxQ7rd-5kOh)^f2?W70Xr7Wq1}a=w4AONu(mi7J$X%^dY(kceG>7^r(OTiZHi)z z;e)|b(BSf z|7x2O`DgRUFrS$fR%&|&MDon;sEv(e52XgjpiJLT%KG|p&PqW4$8R8lKeTu#v@vQ1 z8m#=;B>u-n&PlMgPP|%yMoq#wJIU48{>J>TsiG_VxwBlO=zR&Tqhz8<-e(9f`I;t9 zuXG_M_rb(fD$*#OEoEM#L1=<%dQGw4+F{8Ra4DaaemTT`2cSG%AgKD6 z`VzZQWkU=0g{G$CyLNNc{b$wXD?4kHb*Hls{F$2i7tjZIQko-?R-DMKhJ6AVowM#_ z+nvKWBqK<3!+GrSlyQxhS;~;!Cj(L7x|*Av^*VM3_+UGje(*M;=OH=APoBQIveq-A zYEqmi44yBW3jS(c*w=IoD#v#|D*T`1lnI#!arDacnQuNz3?O3Mu~NhbD}Q|Szs69@ z${bEt^}3QdA@+}~`6hqpD-?LJnT`iWK)Xc{w#|{)swb;)Mxv)b;v}7|J*{{fXPfU= zEnM(_0CUZ-@qiV75X=-#RQ$qNCL`q?Z;Z;O~%%xHMUu; zU(l{tL5zf!6`@=NFjLj6vhMAa%Z(5dSiIu{cK&{N^T@MTCHOn)W7f_xg1(PcVJ72UR&civc%n zN4aXM1ToXET%-}3J*<-_aNZkfV}>v39f5@pxlujh*wm5QElL#VdhQkDRS#0jSOEjr zr0Py!eB@n$5+FG=3ZCzL_f~m2_T~3O`pF#pPwFaM=0iDX=ooa)H_WCz54EXwpKP}f zfu?kDF7DPy+!u$3lX9O(blKUFTT_YCpJ%+moT8K#Ozk?*d4iHyuk(zbP9z6Vz4c8^ zpRy9-w(K7!Q1opt-p6jx5&<)CEpp{2@b7+Z|Edy~9il6&l zV;W2JMN{w|O`jbcPEQCT7XvxT_<*LW7fE0~;%p;N=rc+8`wPzvVJe>(9XIs6Nbprd zur7uQ?_+WtQ1a|o&xfpym8P@t1pg4&<}ROBo4=*ZhROqKu`0Om%he5_!8B)KMHy6% zXKI3^%_;EvccMyspY{%35Mg#)3o)P~?)PLcg0YK%uMB+RfH>&pTFIsVrPiFMLsYy~ zyH+F}m;#_x#Ih)=lOMO(osAF#;3`*Lu<3L#F)1ukEAlh?T`VwMZA`IFI_LoiZ#QR$ zjq7AdG-HAmm^`pflgoW^1;eIcf8?G&RZ}P!NiWu}i-tctvE_>h$&pPKIa)Gs@og{$ zCFPuEBmlMi6CyFe)cSM5%*;%6?-DotZWS5#jbCXfu``~HI%oNOULGS@ew9`JL`AB{ zuMc1-Z{lFJfI7K1f4ZVHB_rcKh32imO5TLK(y&e}Ec#55Z2sHFd?K}6=hCmhauui2 zTRC}oPsROOY&6(rNf`Dq)q-JQrwXX9%Zwj#f&2}0vXZ;%yWlKAfiwh-FaQualz$G# zYm1SO=(f@&dv4Cc0s%A9wb-cYjowkI1EG|S4*3iITFVgB%@m>Eqf~WV0Z6t3yx;VU zdO^wT1el9Za;|Fzy=bw?uWa$t{ir}Z220Ud0!`G3Jz|9Vrh}}|>1o$&m5pZEOMiVH zoec}Mu7oRNJ7f2#iz#6HpM(Tad#Z)9LUo{ZW5>fCnXDRm9}|-#Y4K@r;f`D-%Nr1xfNh#tXj735RZj@a`Vk%JBiJ={Pt&1Mj+W}S&y$FTmE?xP=*jL_Ff^!nb@RpV{|T!g@GAZA`JUFMrEefcx_vJY2a3FPC-$;piS|-g zY;49Lb6g*?gnLRKz*a`Hs@+3R7-Zhk#x2lJT#GVHk(7A@O9>C;LIeQC$4)E*Pb;0Z zuf2P1#6g;NqlZAg*<=dd==v8HfU7{m%}c^WE5x$AS? zA1wPQOR7>Ze)@axfd8$bKdCE1S7dwFf5h|1XgJ=cVHcprWhB(29c(ynGk1ZS5Mt2o zZM+WW%$=71%4e>(?J7YGFO_a)LH+1c<~?jsYcz9jj$Y>GEv1r$0zu1wPrFn7 zNxQbUw`NQ-DyvuhLEOPO7u0O9YdC*P7J3Xsgr_HYV4*{6oA(=L-G|U6D9MBN)Z8O< z+`aV_0|YZ$HjEitOB!l2Q2-nC-ilT~*9n8ALy??16@V$=6G1RFUeibhBMxBY=72

    N|R&~sh59CdEaq)pqvZZ3p%mn|i^l{ zCSVs$?S_7VS@Gfh!z!nm181vG$)V2iC&u(3wE;wAahS-a*}Q!2*n&^^_-6UM`52B@jGfZXpBpTq)sQHuNCpC54)4lF&Ta+cy!b-uGe zzNYtdLajo=(d&@{wd=xHwyN>E=C=N5)q(2!XloC*cJeA~Pe=8b&}d8d+2);% zMIPrjoXa$L`W)X%Hs;(R#nVd7MLBk|8~nQ?h3zQ)wb&}_IwXP`@_K0*#e`fm5E`*Y z^oPgFA6lcvXSzo$&rqzUMV=Y!OD4_*Ga6ir!+|rRH3pT3OwXc{THlgEtlB4f@MF$W z*5EcPJKZx?0`R8?&$b_>*q_!G7WZm6z^S{>;1aA}$X)dKFdF6{X3sl4Lw6LAob%pt9l(QUnh3{)Y_!AglfZc!yx~plZ$m)N6Yc}UMrDA6jg)sF9*1C!((V(L7G>kuJ@aAn&hDh ztDuwH5~Qe;iY#i)%?iVn>jFMaBUYM#Yw}0;#QS{Ch~b--C5s6*!Xv6yYEZ|`1RemL zjiXL&5ykC5GhjdN4|jklbp$;?vm?)G>u~9Me?0tl=XFnlKtxp4$&xRD$x}Osk<+~5 z%J~;CqX!1Z1Wg!p`FF1e-H|M}Z77NAGkSepgFZYFlLGeR;Sk!@I~v#Emca3!bOG$V zYL{h<==`Eu^Cmys0@}O6F1B6kJjBt;Tn+ArMFj;5?sr5O0A6KZKkz$XX(Jpi>S9F3 z75V#i&0>+itge?W+>yv_e|`I;jfhhOvd@f70)2QI>zd3SS9+RIj;sX4YKtfEK|QrnhB)e^ZJj3*0iFdS-fG8CL>)^&olMeG^~$cfkn)z ziMou8<+b zj#AYawPr1>=grIr;~jg*mENppOel>yd`kY)hrX*t{#bT*Zgk(rl5Okq zlzfl*inaomf8A-maf)P3MdMB4kkcxmfO$fZ179rH#0NawFtKNtC$uB4h|c;Fh2*V> zlDfAFZVSg!-m*~8gs7WTx9E}GEzu;8exWH#9aQfn7E{g0F>Kv+lBnkUFb7ri!6CS^ ziHXQ4I^I7&{@zHA(MwawtNs8K^vB^@FmQ5xiskX@$KxxQvl_Bgl~iK})6jPNlbrOj zr&Kk<_Z6m!(rYC+WkRR(4ibsK$|v=FzP96+RD9UV%yztZFSfQA`4-trOG|Y<~BoSsIyu)GCmNwL(x`ulc_g=P@Vrb(ok2!H#&DX?Hn@z4@ z#skm>=(&t}0k~b0=djv+q$A>5F)PJGHC|O3^75>=s}hHFSuI_&*nV>=pBJ9yQP1LA zRsF`F-zjiiVI2IycJIb&cw-(;aQ%1^4^E-^39&~Ny|lA?--vY%H+47n`gB0oOjeKY z!H#{Y%tw)@u+)emJ{Ir8QK!wkFQoX{SsZLrQ%Y~oCX+JjP9^KeJxkv?bEP00$RuMn zbpRF{s1+!6GaB$sa}QLGiEbh9UnQjV(YyD%L@f_u^YZ>|*M9zQDc|Q!^79Pxxwxde zb_uC6S6uaf$AC3z&a`{DnS_leJJQwvV6xPj0HH)jxWmqZ_<_QzY$~;Sxf7y_fmdJthyh_R3i?ey^-$SWYe#Ynj4ONnu-5EvfctH ztM3aN6{NenJER*VrKP*OyFuyhF6mA|N=mvLL|VE<8bLz9yI+6*d%thy&N#{lyl084X@(^&p594st+zw7hyT4G1bvM^a_8Zl^^Eox|^x9o8=JcNXV zXC;FpkB@%j@i|i|FTkF?z^dP~$ejFJZn0qyIY!{V64!R@G~04c&^fm~Dn~JhumxWc z_;hUC7P$fnR;^C!AaWFF<3=apzu5fy>}_RLUZ6>wwi&_N1hx>2*y&1>H2}LYF)?4l zq5PPuNTe&*thOECLv9V^4?Il4&0#)i*iQ&s9kz)?|7ob3y}8ohxB4mc@7*~Yy>h_> zXT{WgU(3(J1r2(YD$S4`jbQ&iw24lZj74onI%!N!F^RtAMI*v}5Fq|d{}cx=gd z@9|VwH!z@dE7Y5buU6)uStUpG@D1cy1=AJga#<&657z@#$H&sp{tQG!L>mmb1FagJ zVDiAEmSN`8CQQhIK!AcqYihUq_0VV>$W1;oe@lqrzM}bHt zGSaVj_}^Ne^bw6!e`TrPkw;!IRK7;_)Yj9B2~CB&8YJmn#Xs|9z<()Bv_!ah)1Q%} z_yY0Vl;VVpc!CILs{F?)X>3f)XFV2H*L;uN0IuC;m;ul=q1Wa@IeiKuL{pc$BScX- z#R3shOEzIb=383GSx%xf5%DZ`d$JoiJFVWEuT&lvz)b z=ll_&tX+wWT~5A#+GRgm+ZnR^;@ybY)N#0gefG$dvoD8r{H6+D9ktwH4WaP+Yg}yu zs0KLG1)U2x@`lED>ib5JlZhb@bE27!`!N$g@IHFGH$SRx0NZLkx<|uKVr($?Z6%i2 z_y=^+N0l0Pm|!^D_uE2o#YlHjcA)8?vXZnK`><1X3mS%EoMOdgE$&$T`Fuz#Fp&P} zd8A}mL4}qEiE8??q)ap*=THCNJm0J5M{lEnzasXkl%|lQ51v41&{BWl7J3}h`t0oN z=y2puL?937wEl(1|8uq})|muYpc#xpR^&Jy3t+ozrKjO=ISQWHq^r(S^2#Vh!aOSU zikhl?m6j7eyhP=xsXN{CxH z^cmNePwOSp@rfjYYB{s2n1rTmY)#r)%knXbk?2}AhPv&xdG~v+d-T%XIc~AxrYZp~ zs=FQL1RA@#uoiD4#9?84Qw49{6QnJf)w;X6bw5AYOG?xlb$tQUHG~GBCMpu(Z};uG zjRSI*VOUUUV+?;CRWH|OCg~HT6Noa|f1zXg!;hwqt7KCjNgyh zB<-*RqGNDL-*XY&B%SX-KFo^j?%?%w?Je z!vRJ`0IK^%hu7)P%^pz$+waZxku+5}{2^0uBz1ogD)pPA^Sz|5)B^#4BFdO3ip_Pe z=4qF$P*k5QM7>%+e*G-!{`cDCjF>Hhsg4*4CnVn1dGw*kv*Om&{^gDaq&T1yDkX!CuJO6nzeP|{z85&N)Q8{LS@oK=;b6uwH>3`W6LQ>v*zb}oi_2INLr0<$3!Bc zHIx5kH@&=Xh0 z>g^J2azCom^j7u!Y;52Ah3uA7RpQx{9QAH9xefg~3*j5Fv(3Xa)(?r_wi1#?QE<)h z_B`p-|-x@dlHViz``!K$MRXeG_!a0bX7<8mZu&yU0l_4CDuudrf(@9oKbQ zF2DfTuQxw%g`SA~3!v_%zW${)O{Bq~gYnZtMcV(O3?!hxSc#`QSyc8J#vX!$uUp$q8%Gv-_Fj?aFbhKHTd#tz`$8vgs{-0wUU4WovX2?8M5ON z*~7-uP1hg9K6Sn4$eRUI*c)CxKKz&$NPixx(OZt8plAq!gD)=f^YhQdxz-l6VN8g8 zK2dxm1upM;8@N2!1~}+%W2y99oSZ7GMTLbgM5Rr|-@PrZ-%j3(&TC^sObQxAT>e;% zBGjT$qi@N~9Q{Lx!EMsVQ~qsqV%7k4@K=g0^#-_n9zcD8xdHq{3M{*y^Hrl-)Sub` z|N5-`kn9mPSe7A%r^rRreq#Tl!=e>r%0|XYq&?-l!t0;|?6x zOL(->vNG|$WPUBQM99X<7Vq_Vg+25NFoe~H2Zt59UV}j2(nEpk`!*{$OH&kEbL^GC zpKLABxk5B`ReWr5{|>J1BC1@j!B||Jd^Ma(>1vD* z6#+J z+rIo7x34{tLnMqW;5Lu9-9h~SUmxR%!%c;!iHS?Tjq>AJeN0SSX2wrzokd$cf2W^& zWZd(8zxbS413$5KEFT9ki5NsMgB?V#@?&@|N(e>#?m$=amgGz8@4yDba!#T0tpyq9 z4#yL>20T4{-5Syb_9rPwtan>X(*KgrIF02I@p<`jX(pz9$4*lMxt|gQw>VH7`l!zj zmHa>>3L8Maf%@xqhyz6gpZF+~4Ea^)%zJ3QYCw-KFGmHx!8&gfI=x@gpMFQXeIRt* z^+0)CUt9CpZneBWadRr*_hoL6u;%0b$Z%IjQdwKosk`sLgc1kp@)KNah1nE1b;&u> zxvQWlFp*qT#P%BvM-_WRf>2ml^&2`EETxK9CQgX)(*p#9$BSx>YV7)zDdASyxWO=k=e zJ$;c|CL_eA=gM=T7s)CuSB=%A`pBYB6o1&1_a1Mmif2SYeu>7X15E>oBn#=bj?Ceh zyr>^EBo9uZ`S{fOs1_E70M-Ra;-= z@B98!Z>ekYxJlQRn5*jb)!6PkhCg-65^anR*Zu3v3U;<=kex2caFetacj&CLy8X4IgfqdZh1f-RLMBoa#T{Se84I2eMvrEF{bG#h; zTB+^$0+FX1Q*kksOhWVzQQ7rsRJG9+W~MDI^Qj4rlXcDZ0MCVKmJD}mOD$#^GFW?A zp2 z#PbtK!ux>A{%{;&D0vyi%LJsnfFF5=;Agl~f+Wa`jyIT}BXp|*{oD6ro#{5-1r8=* z%Bni>X%M2HFh3vsIyo$uet$3pEy} zRx-aCJ<7y(kj0SjBJn_Nk=YCS74CJgx#tJc9nYZScit+ey=cY7kKjd}P5?1wCE}?6 z<(!J8W!VSw4*;eDmn4OXoKRP>m)pOUGJeaFM@%1A3eZoz)Y|mVc zXM-V8W;>^~)KSo_Eb6mg-$ET`Yp_D0(CWCl=)7nu6HgyRj%Y&hx^sZJ_|n()Z4YLU zEr?gl&CFb)f0e4=<`60i+y5kmPbX5I9Dty8(6YULS3YBp&hmkec!`#-+J@xbPYO&t zP~7kxbWn^KHcOxKIx>P2YgSocJ6up`zRE&lSbioI9GYqqxyd@5dw%wc{X?EeB5ahk z3{91AP|+Aql*bD1__t&A)(a+n`tbi6aomWJFz+8(~XI z@2SX%(NJhtH4~EVlpCi$93JX-J=B#(=7;^Nsg`OSu%m#P>G{C^KlZog&K4q36A23r>CFQgKt|r!qmct?-jD$E1 z6X-fH9{c?iE*n^ zCj36R^SLG;o4vPz0n+=dw)qat`aG>}xA6gDjfo}p~y3wa5RPx_iI7Eouy#nN%n zT~~sN59bnOrCb^bVIY8$>UA#b05#jt{!9iJU4vI?iQ-q;K=Uw|qKvHTAz; zOo7*BHWhP4+p|;A^rHdWoUKPMZ}Iz5UZX$QUe1^o&DN;7;jV9gfgFSlwB&(st_R51 z>}MLI1;%fA301u@E=szcP-%(DBxY$0aU02!82O$0dksq_Oe>$DOa*ScghAN8(=+D2 zlCseoVHCwFa2hun3WdTp)V_F=zAoBiSD^keNDPW07rd0fo* zQWhSgmAuzAm$RnlwN^*EyDTZ)_A+1cdBB)pF!uod6Bv2CshH35?_LgJRG#|UoV|y> zXlAI>H?O~!jL#``+#LI5wE_(etSI8$_a-age_>%^0Z#!hCggmz^&GH!q}8?o79ga7 zEOD42s6|@Ox^6G5Zqd48S-XR4-oZ$JtJNHb%sCd3&-45mHD^{^#bh0o6 zH4AZdi$mJ+jVkrXjttkkN()3sGK@1RXmR=8B{K+_2uzQd1#-Hx=~kdG28b(&c%A4- zN=hbS*-zG^=QXj2n&>w!>Dl5G7r$@OQu=1FDmNv zS)Z4v3`lI^xG`~I?0cU2>NS^wYUjMN4Z|I;yEd{*hq3`f0`};3i^jnIJ5bNL5k%nq zFNmhyV$Z7fatu9gH)&2C@hP4b>Ck;wC3128@ry zE@owUNg7zzt=HdA#w;_GNr)6Txv8=32ce{EotB_=t-Kl{a{hKLuHVPHn5*qr4YN>g z_v<|XAzQv-`AWg6tx{+piSUc`E{dg&mckm7Rr2zn3Ar^(N82dIcH->S`(L;NW{fqcH#2KE~Nn?gub^yX7S37+G@7O{>v>M zb*DB7Q+BDe(i0;dnu=#-cA2Fra(}+dH4In4M;yjS#_7yaAj$Gtr4HEO7}15U+YC+w zr}6d69QwMJ6+NJ83G#{bKwa%3*iTwTt{(_o#C{I?tZ9epK_b9STB}sPptpzAu7!_@ zU-31XIWN#t@Nww9E7vx&tf*e?7R;UjLGrcX*tx&D0!T+WN%r(*jnzI|u^n3GI^ zaAvnU%jP_SaFW|}tjGdUQsMcs)H-}hlK7)dkaEMo0s4?kk(acyz&^3~oNKBZOp(kT zg5qIkcgfc`511Ad4ksER*Zsy0Z-x#-M$m_d>T->`?InxN;`>ZoZn1xZMg&fXv*r#C z8ZZ@n4}-=toTsnJqTg2}y&0%7n&w~w4eulmT_g(*)D!@+Y@7Ai#LmE2EVKoSfo7|& zr!dDAk>f7|4CgFcg0%{qhT;UoqYz4`b~rMI9xTob^HKjlb%!o zX~o*EAN8;cB_RF~Qx`k8#Yo$60@Xh^1_R)flh zkgzI8ix3U5r~Io%gS$Zf8-;3zr57(k%;Y4+HEv}aq?s~oOh~{RbD$^y8I(z8ZKuKL zP$)tj(jjrvn3fh?D=C6-OQYJ}56rZ}Z&+CaQ0egYVYyS9n*GDP#Kqq)uZV@y_9b9h zi{$ZBxJQN&iIVhc<6OIEZPHvX8NMbc2v^@p7RhI7MFP^?ff{`U)9#KRpDeg#^W*f4 zGKR&i0y8hK-yl(4s@2y%rvYs`N9kk#RhZfspzKYd8WFUe3_|}tB@akT#b*V@e869i zCH^mn2eBUK$_7^p?jOgATYY9liFfBBN8qo9b^Ye^L66`hGQBrN_gcf(^tETU*a8c1$4mlJ z>0#Q9zno*3bbVg_b(-P2QmMHNU+7#e#~C7GQ%Y2X1i)fVh+C0FZQlwx`L5<|ggm43 z`4v}H5n{I>C4>|hhDDgKH7*~;k%-%tPhQ);dFNa!FVfkBfeX7$x3%BJxCnF6YooA) zV^8#kQDs%uu;vmEKT0HmsqKDriy9#^Z(RPd-}+;X3k65hg4vrzvPuEG*f$ps4ZSZ% zwe(KJ#;rRU86%p|yPNUwc^qFMg>wq(rKglDIaVpjsh5>isa=%Q!jOiG6kjR=JN^1& zkb_(U9mVnrBd}ESh&pbKAfc@M-l zMG}d3&d4#+MV;PmHGVZso!&WkNa_7ThTJ8%F+5X22Q!8Yi+8DB>VJ^%8_KH;ey$ru zEpSr3DMpb<=zAePVq_Gts%r0*!NW)F{0jCR+M9*&4hfZXPF5(SgvxaWb#)%w+M=UM zEdBW$x-7GJZH2=QY4CvwEc$dHw3mmz^B<`9l>tG~!5qEk`gl zBoO*57VQr>a=AM&qc3NiG-qfbxxyOG;p}#Nq`TFkL~KC!b!@YZ;eqPgxKmABo*+mKv=ThGX>ek zmQpY6Vj)hN{S$!CtY-2RRi5eV_dg{0_?VZYdX{|sQ?E2WCaf7M$Z$gx_?8#P{?Yk~ z?nbtuT(0f0lVgae;ANz!k|ynE;#i6uv2oXG0VVMfEuA0-A$+1BiK?iCj3L@lZ0wR% z3;w2U4eMc5I+`oE<--4kFOj->pe+pdTQTw_!(@1Y_{Q}fcHkvJWED-WQ(U~wabC8PYG`r{Q zpDu<+VgEgx#|b#)@0^Bmz>Ys_QA}QO7UE1uU)UMTw48#pr|Mlw0yf8 z+kDe6@#JDgD|;1Lao%Tq*5NYk4+BjQ$e*}BUf+Nl`I)_UhbG zSly=eyQQt`6~}s*o@(t*GSeJASE0@>cFl%;npym<&ifwP7@iI5p9^?7x?fhES`l^Q zVPPu-3tXps^-a6iExvpuz(vw@Si2A7cgp9NpU2mJ;GoRXmV2n=0IS8Y^g3G;09*$k z&+-Ix^@KnvIGe}*;u1*V{lY}!eG42zKMV<7$!+Fvj53LK`enag)|3||k$f3bQTSH0dMbvD;gbk#SrtvftoK0bXPwZv zeo$2y0NRWb0i?V+&Gm(Xx$-rySR=F$%c^2nU+aYH8J2A2*1bX# zm&r=2iA%7(mJIcL1D-C`JZOdyYwpXbtgHm=2dNUG*ZBXkLmH@#b&pqbJ}w29y+-;{ z?cMq_qpG{yM}+ZfIgl+9h7LAupUv@({K%I92@MUaPg7>;w9?W0U7Dw$RRMmYH&oZHE`YLqIF{I`I_~E&})g8aa>((M)}-6epc&suMKP|1zVe!`-eaBKoIg-}R}gd=xcE6JHp z!%%WCIwr!dB*HE=H^yRk`e8?jr$Q>lp!T=0D%&lEZ37&K3IKG84Q!E+k=GBOKurCf z@MR7_d=Y4&Weo$*;*PeSs|{BjhQhxm7*a*X&3heFYTwb_TQC&u8pu+_LC%-g?m54$ zJ}_9%^|jwL`hqzErq+b5+%=Ge2}| z5(^%$4^#LOwJL=fQR;2rq00&|GN{n{DL7E3Uc3w`9U@8#kyxAiz+rAzRM#QBQvnqz z0~{;r=FX5 zQ#J8w@yC6slNGhoZnb#a1Hkr0oHp(NsSEzm!S$Pla)J5BHf8o`9#qqY)mqx2W*icq zeS~NJa9GaB!gap3LT=62QoXXOd6zLcr3~339k4e6kO%}$t$`r&=?Ha(A=q><%usKg zS_FQ%ES!;o+S@{vZSsK3(I3>5kJ-MyWHki*P5@K4!Yb66Q*imVdTNmDKV`a_BAiiU z7CFUgpIS(;YA9=wO2q6e{mwat=UdaoxwIrC2`Sd0wmdd*D56;8X4qM-fxYLU)Zm%s zmk6$YZ9gW}NHoDiq^(-LDJQ^^lCBysRlsc9Z~%N0F{qG%nt$!w5luj$yAQ-2(Y)AR z^SE|dXi;3OaUaK%!+awn{hOR->FNunSWdk?7J>*k*&#Dl_#~IlO~3d5)H46p&b&Qa zkmhKpuv2KI%e*bup}u?>3XTjaWNC|tt_|f-*J!crbm$3h`^1%UUo$rnWg5Tw*dQW- zQdGSkS7MhO7dFye-we=@cfSr;4BA`(>!O)S%n%e4x=s3c0fZZp@PZRQ2aS~dWW!X% zUjh>wTfoL=u&@X?u)-V!cm-fWUBJ4aouKQ`UpVm)bJo7S{qB`7`OY~~nwES+PM|8Y zQTaXgxGw-;z8H3{QVbEDUtK%d&Fw>qDHCkwAs%H^kAEDkZ52g;{nz8th;JcA^)m}K+xpmoM zjAQz0qf3)88Y%s1C$(J1-BlWDJ;Y2=?9#Z@J%&fE1#MWm;eZNG!nXQ~(^{435E+f1 zm9c_?yljN+)eZwTR-SEK-hSnD1s|TgI?q*a(q|oaAbkVa4jzEK#KFOF_UmYEC1=Q+ za>QY^1y#mQOG^ucjX)J!P}>-2gMIIO*TjHJh!O!*tW93~BpPmAh1w;l*ir0TSXfYW zp_w-my_Z<+*%yFA_B;zmkln5y_LNWk2bFyv>ShWKlh}Z}0LLKby@M2a8 z{`=yq-?}nVkSMn;GBt*l$;KJG<{L2at8k?nr2lV=3=ZY}qAS0HR5&X<$=hzOf(DBH zJzeBqY~Nlr62)G{tM{pPgjA=fr*Ski|4s*Y284V>ZsygymDoGMqxV^)p{3nMU9&SV zQ&d%*1$|EN_tLLKnmvxb<>uys(X`~_n2Q5PR-og|r4mp+Z)0$oLA`SU)Km{vb9_O; ziaR7|z#>G!e7R%J<1T2x4!6@bBC$XH6K01SHpB=YV1RbH~N-xcYB zGwzFi=2G0d63ql? zu>%3>w&#aq%zZ$hqh4uqrKT#ncm|@(WZX6wB#uTT2 z*{hpvIW9b3p?ABu_~Dvr#+HNWz3<79$`(x|LRWnL!tl^3Tgy?y^%5z5*pzpdu;L3_ z&Xkds-P9N-sgT)nQgUv1bK zJ5&^9?MkC=N>pL;VUt=H5?NYX>(^>6LB+4T-iRlqdCLqf0+%fb9irfVEqmV>PP;i% zyVfbb&P#py34XUOCwhVe69NuE@BwwiLCMjI8&%=gitf8Eo_e{(lO}&XD{jbRCpR4$ z_c8=e5R!KQSO79b@N}tz^tOI#IRdh#v~oB1^TBE=*|YjY=JV{qK;8GhclxU{hpq2V zH^&km8Mn(>#PPbdE8rh>1tYMG73IG#8v>GIH5*3HXfmy7u3G0?VCVTI+o|)C8lNd1t7-kXg7O#IOA2h6rS9feRfENktlc(kT51< zE%d(9ZV632Aiwd=VWp~hGwD%3-b2PAid^9(3=UG-#I;hF0zYCRsgTxWtoPn1=4E`x zq06oe?Gp>1!*adXsh*_YM~!L_sr4o5Onz;3Kb$5He4KrvXGq&35%Fu2F3|NdeR0lS63r01IB1eY1xKhA$x?9slD$M<*HZ?*t6~x#mZ|B5DA5F%lA~NFz*yuMMV#!3tV@*|zuYJhAQU(6%V;61JK%s&K=DC;B?1G*_Hk*pQ=8!Ar;4Rw z!K8Cxv%#p{k;FQKcC2(hsV+Fo%{#ltyGvF|xUoMNm+>h6qEFZAw`c1O_+EWh%Wza^ z{k>h#qCxQlED4G-r*CidZgcU*ePwL+2Ewj3s*N1e1e@7e0V?rX$^1*X&K!Y!@b?Ha z#llg(M&lSDv4mSWRrexijs-ee%^DO_?T0A6mJG?#QaA zIaVNO3WFJNslt8BE=F7BeF+=&#gVF+ z{Y(}@6h1N7vJ6dBvAf8@Lec<<4a$`ws2ZI4sL;I_Dt+W)`Yi!XDc7rI5S4p4^y@H# z^{&s9cgQF}^P7L7Gzy7C86C~k6r_d>lkuWBOVI0tfr)2SJT)sTI@faR!P@W@fgzr^_-IX#BJ;KDJ&UEa=Dsb3&TYdVM7 zm3T{zl7j~NTfTSi-c_=pomv6zIVDERDRsR=1`MlMua=s_T2F=9&DD4_vnw?T&wIZ$ zO+K4d?_!040YG@_oq_3Z^5El~rLgz|rYJe@+nIY`e7?+H9k0wQ;9L$*Oz(0btC zCqNDV%_a2c2O~pv8?epaWI2IH^R-V_4~$o+8&q+8B|Dv&o*uqSyj8f>yE{BnV(CqT zaRTG8Z+WmQ^U=#eDuM{-b1cE@*LL&#QWhHZGqJl6oJS49*Lzgj&F=pX7bGp^`tqYb zIo}!RK7yk7@n%m?Wq%u6n>fhN(YI}0n-8Oe#SBE>RfFC)8v>kSvWrkWoPyZjtWT(J zOrJZN%)Kl|G6*y)J-%~(Uv9O0_xE!n0n55Wsk1PIfe-{E5&YuONEK=Pmz|0k5!2X!SEpfW)OFNw06;CjsaXyHwNLvfdRcNlpWI_$ch zescdJ--Lm03Q}lO+Qq1a4ooKzr!{`>}cRmnw6${>PtJ8{!#m-keC^%Vm4Dr8vqr%7$z z+Ak*nv5+<)eE_7_l~ONkL#IX(sA64)oMWe~m5#pL#`K)wg^6&SMMok57+w+q^2FE7 zAZb!>5Y&aGm$Kl?Cs@J@{8q_$AVP?>KC{jPeC;^Nq#-Y)SE`)w7x=TYtvjtbY0lVTy%){jbFdqug2J~^r?@Dri*c10- z24N!EH_tO7@6#zznP)0_Q@!;OM%Enx*bg#H1o8$e05@Y;CcX99A5WjK!y8NigJP;c zBnia9K!OoU6)LD=J{%X!5K2)67={vk;@zevu`HC=Tg-V%hnSZXD}-jK(n#dRcMO^{ zi{lB5^6~QdhC8Ed?kB?Lp?2mCV|v4k9(G8)!3_*U*}X2#26g|iCKCwOMDQT(ed5_L zjBKhhsXJ%$%k>Rb5<7s4{2oe=M*9G+!6KmhK;};+6TjejMz@XWZUa`m{g$Gpzp#I4 zQn5gwzpx&g)2VG|=oRnCf%$Js-&!H1@6`%uwR$3@p`he$x!E#~fJ&QFPW{^fJwp85 z@Jy>O7s`06pRiM&sR|kOwd2cfgiy6RuTh7*e-%55xm*Fw1}mw5BvgF_`s~5gGo`jC zRwkZre5C);YH3_dq3z22EUfpRQs)B+O3uEinYKcb!DsvE{nUjFYJrdv)PK+y$UKth zpdd|%5h&OrdbZyaOQ@g{5%@_mPHJL2Kfdk$)9A6C=vK?RogsvE{$6FXqt0OaXsE9w z*wq@6wtznuWWl8bL+LLU5{-(x-q#CK%IE7_74$4z9Z1YQ)*cj(e`So=7dCN-h8PlA ziVK+6{$w5d8Tues!oGXw0w`C|iZmuu6Sd3rEfyO~Wysx`E2o!B8@V2T%^yTwGR$#f z((nPJ2QGzx22HAt-zBg?ZK3k;C7{JYAShv;QJl!aqj#kOJs2C;7^|{MOV1lf$Yt0rfvC+>X7uPGA_S} zv30SC zN(%+0a2PuT{z)tKgKa>@!VCQMZsEZ5`=|9(viD49-*e^}72u~!04eU@HGWbi5z)(- zp379&s_qFCLd538|M*1XECnHPA)H4Hc#Ih9e+wPL1vUYixUxT1he17-Nj~7XIM# zXB{-AAOKqGe@~|{83xB~B`Kl$51s89NyXWUUXjKqFDdT0?_ck9%fA90W8X)u+6e!* z6dy?tN6Xx`aUsfv1g$#>c$d4K#uPh?u<2i?QVGHlDemOm9)I!39K7I1_u%utKk#S-1mQ$5ONpT-a}1>Iu_!|Md$NQiD7Ap)d@U8bk~g zIgpa7*1&?qCqF+s$#7kr?jaq4u4iKaVgblsn;PG!`Nx) zQ!Owf6sWZ?I?&|iC>Gx#}c z`$_;<{dp#3V5l{#GKw-tN!J{ULqza6`Ef7^ZEucd}1wEM6J zpC3iSDFHG9K7#3dV9MeUNCezy;;bgB;Idy}t;GE(e*Z+bPHN6Q*5KA|05?N~^V`V( z>%+a^#9Ps&TZGT2Dkn>>o{q5lT;L?B@PJEkg`j&2zKHy-I5JUD~&riS`RVR56OnzmX zw#`X!aKmUoQ)?gwU`KvXE~xq5J_S%k1=d6oPENaPA4`d1(FZGX$hM)712&e%Hlr7v ziNZ{A-8QEt;n6L!^1E2y7#40WR^*skASPp;UIxi8q0@59T#6qy3s=2dH$M?TR*GAZ zNnE0{YgxGAlwcO$8vVXqIEKdvZu~%2YzO8<Z; zr0Gq6I*$VokD6U;o7-fQY=@O+Ek0*H_6mqWj@kt|RHn|Z5jL2yrTIyc_n8>UHw7zr z3k%#m7j-~23L1Zpwu?N8wENSgx?XdQ6nC!Ev^}4S%f&Z)nx6rHOC?|N_Ot;~ANFMD z1?3^WB>bUl&^Z{BYB@~=CP@z@9%hqiV>87HZx?+%I7%GaqUSUM z0nNNI0#|mo|iDkJ&@hHKQAn;9} z3^9mnn$>YGC?j*C4iZrYH*h&~Kv(G@Q6;?YAGuTqMPk1Lwg2keKYXTZoIOc1!CA_g8`R(eZ^oi!xI5Q8>V2FGfd9Qx*Ep^p3Z z%aZX|!^+W=8fK)f;MrCM-!bxkr=bpzuOTI4d)OLHHOG;4SnCWoQ~cF-Z_O6N^Sr%w zV)R3I&cWk(CD|-KkiQ8Z>w*$W-!=JuvZ}f^2gTQ$siYY6j7JgiD1DmyQ~#FtU+W5` z47luQ*1QllcvBh)S~)fK#b3PmcPf&Gb!w=MY(MqTrmN*+(1u#fArZRdevkhVfnAkO z-Fhj7AH#z$h0}`)YK|BI|AY0Q)&Q*cV!O#6>mn_vwr1Y#_h*W^lNCzskKoF2L;^~f zq^GtWYXy+=+@A=}^F`CU5-SA=v4gb*Q=%+vTwQ6QT(6I@AyY%J=J&&G+ye4Ve>lu= zu^)A3@(8$pU0+{tU32o$bHFG|37~!ea3X?i@LHIeBE?aYGnNf6l&>bO8UnGGBj3pe zD6OAmAdrR4OyBaP@Uvy+mPDYuV za$endS1ygFnoW-=M{n>kHpFzE%w6=#DJp7y%psQBFClEy&58rPkcrTc^ZftqukSD? zaH0E?as$C#n#44!qr%6?7lG|>;nf^c4 za~j))AU>mpYxvC{X1*G!7aEd1!L#aY+N};!(*L_GC_?QD3?w-On<<)1>5+==YdGdg z4Z>np5L~LaJdEJhrdAYt@iRpUeN>6Ijl(X+$rij+56;v6aIFMtQxTx_>G~3K;b3U? z*Awkri)$nuLp6?@a_RHjfvEHGyreUb*c;4>IbtQnYuaDa1+au>4xbM4)r~*AWMV`Eq3Rw!thsSpxJ6@07SXDNmq zldhylkkFXs1OL%vQhu)Zwqf`-PWWdqBuez_;Tj^^KFuGlUuklg(9w z;IdSG<^q!@{I1Hbhq!H9Y|!;#3m64L(S1XA;B#1&>sqA&aw^;PUv)N3#r~ahm)h^+ z#O&Xs9CYmxMRD=5WTHHF*LTRrJi`O0k#a! zsUYuyaD|+3#KmxkLTaj`$h%IrQ~9~9R2Pq!e7CG_>jI2?&I)OWMS-FLk#5jM*%}Y9 zW%}^u_LW2$S>lzVw3WOI%>&`LQ3Z|M7^1jksTG47nT6HS1!}#tG9@YeFXYe@&EiX^ zs8j#Fa6igL1{#sWdLpCP74)5SmkH9Jyo9jl-MY>8f5I!!14$e(d>2pwg^o|Ns%pV) zA%R7A=5Lrw@$oN`7zzkH8y7zob9hK6MR$2-et?jYhN_}(^&bJRwU75 zlw^9_RuQZ!dd|6kG|+CdQ|fli@B#g~GVoGx{VA148&wVc^#5V&EugAu+jecbySqzT zTDn2HyE`SMOIkVv1rcfK?(S~sl9ZC}5aGY^dEWQ?{=N4YYcSSOSZl5|=e*;*&g(b} z6`UyNXOk0xiN~u1e>YRtJMrqT>N)uQvfm;XE^XclDW=~gTGMlQv`Vr(GF|>|;QOuU z(P4mcA_*JJW(cUyt0s$q2*{ALD3X^v`|UEbWy^T)?yBsa^UXhNE;nd6{;*l;7|=2Z zy>i}U&&22@x;UfOiR48~`d&v^EUE8W-S^{+g~x+COnOB`%ZY-=eN(5bf<{tCPQoQs zVXoV+lH<7{(nD&<(-`;9iTV5Q$b} zJA@~X3+xAmJ%2I@jqisp_lYh(2+g%wJA~n)eGy9Kb1ntfz=ne8E9>!e=Zp@?9V0;8 zcyXc9T`JPtZ_dQVWPEQwN;?fYSAcjME$od>g-nxLOu9_+al4uI2h&`6sZI;nOT@@Y z%ykD3cJ+W-18c@_U9d^*4=EI_?f>uvb{DNl`is!+3;TdKKPMB-whG>~%$YW9cqEEJ>b$naD)QcMda)zfqVnq-QB&Clo$*CmNv?nHTDsry1Jmp zCMrrCN>uFwMbOlgT9d)5AT*_fVxCr5Q-pa@*aI7Hv*y!&Bk=+fDI6nfn?ujix4g;=pPeEkyeM4Xa`tUO^IHuW!CLVI}73@}GVFg9VTMk}qY7pIKn-aWPh z4}RZU5tiR~zVg?)nsz0r@)ZgJx5@wwLd@xsX3)pC@65-__jmStzTY5=FhtKzl!~HW z{?On>Qy1Y^ytr3vj<=S1xEYT~shAgH*L^!?a&DfVnqmBt zzb-w{Y8D&cdH!$#5k2_a0UUw?p&DI|OJ>lazhwP=u!u8z?CLXgVf6|04&I={2v zsmyk^$K#Prr$_B7SHkqv8OJFwn`T_@WhRmPFmCKD=kzOu+Tvss6=0cnZai1knL|A9B2Cst(^%tFy?EeWLVwKqeF$j#R=+Y^6?{h!u0qL%-<07n(1oq>RZ+Zm zQ7SSYc)eWF!u(`t8}O$6EJGQEbB%lDCh{zdT#>w@o_W>rhyT(ia_+VUk-3J^SbX3-hPN#4BSZMiQ z?xP}a;%|PzSh3*uA*iylM1IHk=d9&})6;teE`Xh*#7@XJ-vw%)T)^hj2Qoj7$NSH! zx&3y_p2-K7Q(ur|{w^2)nbv7e1)$`@1Yhc{mc*LLIn5rKbG^$b|2AFIO$-v2;vZ_7=d>h%kFp}Cl=f**fggNVReqD1F$B= zs3|#E?@~Avxo60@d36E9Vamr%~tK51n@LWQ9M?;?jSJH=vPqmDfG`Hhi2W`yZ+vi6CSUW z>P?Tes1uE(@E%PPg{U|pDx6$#^?=RIp#F7w=h;5?y4&>Ts?6!C*Qx0ET83P}!;@LQ zfyeRLZwoE?;pvGX4LM)k#r;Lz=+9a!o@`H!E&%9K+j#PQuPUk6?NxRIg+Iqs{woyC z>teZ!&(pH})Opsdtlh>8E3A zd;$8)R_t%UL}K2Z@`3_0Lsvhr8570k|I={I=YP+Y6R)POKKm<;aV6lOMVC}8_m%d~ zKQKfR@Ilg9h@(SDYrP)e^(P>o4qiFAWnt2jYS7ccuGDE!}Q zZLQFWv*c;^5AS#`?g_Er$-jBS>dI5^$dsqPPQ?vnRYM5Z-Q(-y(>&APe-;R#0E)SU z*w`WR>GYy2PF6su5TCOD4ZM>pb-c(ddMvWm$PH;f>7R<_9D;D~oH~#^;{i#--LQrD z`iLWwFY#e-nn6%QzI4d@aYDs|Dm+GXiO771a;y9Zh>`@Jv#1Q1n)lP5pvC3|Rj$ft zq1m5bdy(q)k=zU?U;oV018B>>?^SHsgyVp{`jwM}>?O2q|C_>IVjQ}LogD<+uTjX^ z-x9})BWO?V>_su5g%VxO`@5xb_~;!XK{D} zdrm*JF9{uIdn}0%SyN~gt(**Xh1}BG8lGq9x>~y*qPXu*JyaTEocB{VqzF}TEh&Ca zxN=0MZRNgBpjmPW?Q3QG+_6+4dwgt;z%}1QY zs0~T=LOD4xt|W@d&X9afdrJqKdkomBJ3hDP{gn*~7%XD9a6CXoDzR}$LbSAr-8316 zSJy(*3f{nV9Vi;DBydU4PIhyAYsmJYsOigmYhNtrN+e48j>}+I`518}N#G?(S|zz< zDn9MQ?vn2M7U0Jl9bv55;M5OSLzNA$zRbnt(R%S`V|=S@C|m+K5oq36{@sba$0vX) ztYU%V70a#qn35K6MWut%&Z%X?B_;K1Za?i3I!Bp*)EaHN7#4Ulm33$=Y^U| z+%jIXHbP3fq&7lkS)VBWAlSo{$zX)oY2^^%Yi3xH!{M)jy?A`5Pl+yYg-{K71ZP0l zIY@kUvE$Ojumlzsq%K9NuwZOO-4|xPTxH9}`pA?@z}KbI^kVO5?C)&WdGc3LR%HX< z>0e*5*AG!10ga3cCH~XNB9B?jUec!1cD+T+RHHr%^37`d-l{y;v-7@2nq< zwPdZB^9aX+N-i=Q-s4W|J{1<*Uy#Yjfh#ZI-m5_j9N159sx>1u@6~w>e0&&>`qwzY zB5ez(-MW}^X&9O}JLG!b6b z?z4z*Z0=U3hTYPsW(`enX7aPTDI3N(MRZam>E5(JQENO~OYv=aG8;=GCZy zhPGla4wzTNAKi8Apm)3;fVc?63*Hu>E{sXIgg1i+>7TPOhgu3uy!$q1}(g6`M)$omg7qkdz%JJ6aS|Xx-`c%BVe5shbN5w^= zNeH+|Y;bNUy;VyI1w2X@s#C5sBC*}bS1&};Koht)E2cK%PqaZUupo-x&p+Q}R#~Vp z4nI%ps^eUpST?(xaN6;uw<|Bd&`k2__-ziIoCesgj~fyaT2(?Xc3K&x8I2y#ubRQ+ zSx9tyh*IV$RY-?gT|`ViTy36GZrg1DgPs<3ZWlziOH$0IyCEE+?LwK8$wkU9mi4_> z3Ey=xuP#x{b?e`f8yw7@E;gL>n{gb_#q~ao{3csxOJ+gwxHu6pJo|iRXmHEzDCqL7 zus}SgK?$8eJd+r@Mg|@FL9hUyX2wOLE-O80S2TREQe8FpMNHRAzMe+AS~5Wr*pxvD z(4!3>Kd*n0qqB9t{bHprt;6UW?op`x=t`_rwBq&g(LF)ie8yeoWB)>1o$C%lW(4=? zSktb0kFnJrT)nz@saWT)Lzi7-O>x)$dnaC9kBn*|4$Utl2X(K#{|uJTQtSkClm93h zFxJ=AU1Ym}x%r$!Ws#GZi(}mq7Ywg>z(X{%0EFEulZC%1jf6lLaE&Kssphdii)WSH zu>D|7H4JB$r!#%{LMQvYafYO;sDS@2F0}|=FFrL(=5iDB!9RUDVkq@2X6FYi2P$K} zfK)nBnaq*GdkJ;goW6=?&Cu!=X-IW%Z4J0XKMa*8#JdGuY4wZ*)?;Bd=P$~?4f1?x6=-=o^fl8pH!9anSI7>BnCMWbK z%>h?xC@t9Co?e?*AKF{)MrhYiK73lbn-U0Kx)DyGedWQn~6Ga$&C*k{u(AV$$w2h;=GZY{usA)BWEkfSI zQp&^+sRoS>~Toawcfp|6Z)hvPjD^D#OS%iwTVPVO)M4A0< zyKl_GYR*$#$hHhQB|?xG>9m3vV#k>HAH^5s)sviaeJawj5Cqj|C5>ntVf%=Tb*BF{ zm+7)p<*%&Yx`u4Ocl?B30l?f92Hu_go*{iyp<4)#uGl_>tVadG{52a9xL*)A%O&Wv z2gBV|R$ofhs6uPAH!|&t}&DZ2_A{k~gBtV3BgIej;c)!s@Ybh-UER z@kGw?izICS-4DExom?J+c?_6n(K1j_%`%$(K{~c+_j}r-gbC$W>=$RyBon}6I;9dW=UlRh;U z)X3PBgBSEaJ*3OG#(USsS{6zMLn!NYXy*~1aS}m(v~h)vuX=<5feKoQ6ZxBdym@Z~ zjan#Gx@rg=6{}K+GYj1hjh{hvW)KehTY}iN4%&%AaICMH7rE*+K35ffM#z;rGMIc` z>u9`ObsL7%L9<-OKdcnR^WW7HN*5rzUqM()+J_E3{kHwP^h^9=#^>^|h>$C9%WE07 z@8X1iY+Eo)FSDnswkOtzvg23z3_`A=J@i2#uQod}mby%Rh31 zE)@Z7R6lWlZ8mMsyWh9Miec|u=6yaz#G*~txX~$5@JT0x8*D)6B?o0Z)lD6aKH$!y zU=gi(%>c3kuASKlZfr_vqXeFMYcy9Mh4GOg2G=P@^z}`uNR3f(o5=cn+tnC zIgyqP$>OMufkHTJiU~k=U#)+xr>d37jw55<-BQN-H001Zbwbi zm$uU-{%9enBevGXcImtt)JR<@NC&URu|=)5Y3)!m?G1mB7*WtDJ}HM020>0$x+0ca6uzVn-jJ49tw02hPtN{N+lsLVkW) zI=Nq9Z%z6&G*UY#77`zCNcHmo09ix~_Xt*uJ{!Nu@0q|}!;>G`6(2)&Vy0aC9RFoYa12x-+pgEf-RbaT&~S_q1JHHnf) zu1p746q;C_K~l#35+MFPwKUxK_IXhpn0X~M$f0`BjA07=Ibr0?$!Txp&6zu%2(TVy zbcyh`1N)Z?QEUC@Z8}EOb0I57vyC0p-HZbFM(99o>_d5hBhZGEO~xK4eG4iCtc59c9ji1o^g|Qg=zT)jkW6Z_apwuo7Yb!O|;`Uu6_1Nvv zQ(>O8pF#R8M>}B5{m4ja_l;x;qm}#=?wuy1Df9-@uJHy_SWgq}xhulEu#cNWwObE+ zE7i@g^F+9M9^AnQ_{RL8)AVeoiarYV-Dg!6sz&^vZf*LDqa0@n)&z8wKlc@!wfgbP zj}5CaAKaZOC1#IC?n_k3^pkn+^X6^h#|`hT7_4J8T3{0O9GgQ493uUHsPCG{!$|vc zwAAZRA5*&vD3Ju`c@8j0}~$7 zx<~WGyJ%l3g8=>osg-%!h#9--Z{a4KhrhS|F=c6((bhkoC|DyoWUgVWj@0xUmfm^P zz*=S)P^vDJBmz1$<=o0uV%JW>4{jsqOzP2t5A%#)Xy!~j^K>46qt23vvT}g$9$cfY za&L`+t;d8uP@iGNWJ7Dn4%@Z7r(^1f_5q2$w06juTPZrJ1!_FRe=Z{i^kLFpihBXe zJ{B+Q|7suQmM%Tp#mSnBcq7LBMzZ4ux0=5#U|pJ~)x`&{$(LaEP_vD#H8hk3)|j$k zuK3Rf=2LdpHzv5Pv7tQQnnYLj*M@KRETTb8Jeua~CprY<_+oo`Db+Clk(W%#vaMic zC7$h&NmF@m@(p&J8+y5fl+zL!R~4LFuYE`|?i?vG)gLf1}3 z+x2P*uuVAMuKd?R2Kr`YAmZQ0)_j-}Db00t z)26k%QrItRZp|dpRjDA(Y4>ituUAbIiJM*F6uaoO7|WgJQZ_9A)3L9|C*A7y70uH5 z(IxuWxZ&42R*-DU#7SJLZzh>Al86x2*#UN<{38ycb+o0jOu%oG-jthtkllFmOEsnc zDmbMxDaE#T9y`VMI5SVIHTpK~m74!71veaZdxDUM3cO`z{cOeR{;<{=l7gh)H$G%8 zUfV7<$5q2U-M8&-4FZeS?NU^x@OJd3+t=8)Eb2VFj4U}(8NVT4%GE<2X}qX%UD5CP zzQe}phQQ}@XN~;cKKd0ra(OmOJ}W-Oos`Xm zevMPDJ6Uy}`m|dv z@N;FaT2WRql0AIq*sel@El5-vap~}4Rl|>kC}D_D$iEZ}O>V3^c*(}=sYTB6G8kX_ zbNp3z0Bz5!eO(0d5x$3ZVgF*Y@an8pK;g=YK_n=aGy=MBP*ob|8=;C7RGp9uZSND* z&yO;DZcUJ15bh8*-bUlss}6^$WjRmI7XQQ)w^Z>Cm1dxb_~};&6Eym+uxp+w4PTm2 z$R5g9TDIQPXHIsGYqN7tm)a8gd(B^qOx}(zwTpofd4`H)>91A-b<0m5oBDz`lqO8- z^@nTVJtlp?FM|3GNyP*W1Ciiow#GE&BlV<<`J9CZx}_?RppJA;%TnQJ5L)ue^=yD1L;Ez4tQ()UPc!dCKDnPGw5Qw&51rl8WuU zqM=1nE#K$7s+K?6Z&aS-=UBoiv9JNO{{3a4| zZpP2{5anm08NHq7BZo5S>@9gODoAtSV)Y(=c*;nXz3mIW!2G3bdXvSM&L<1TtSst4 z`IOY3=<^m2&^!orWELN#30W%{AXL?8Z@Y1{5ax4QUEvMrz_A{)e{Q;_Ui3g1K8;v> zHy7R<;5)vMIEt*T!SH)IZdql<=|Yvb+W$zvT)=r8BqyMSk+M*S;<=*Gq~0>Xs%6yK zXN%gl3Oi~Raz@w-Pc17Se#=l0xrxSEkvZ5 z6BPcLc7juo4*`!tKv8d?qm!DN8o_(a2fqFfz&&T_!T0alYFnF|d9S+J$v=)+g#DCs=`>@59)?k>&zo-=BaO~ zWEb9teW^toLTY-cTr#_fwL66H!^x_9zNQ~LIOqrdz7vNYgG$h{KS5*bW+pk_NepVo zl^(N4(sv`Hs1crkBTYJ*VO+UZRhv3MM7#Zy@^`G0jSO6WfXc+*s7Sz4_A}l>*fP*f zLYCIq7e!Ul{iw^(W6PdC zg6S9N&bZMw4GY)KzNx+2a5h(`E7uAwi03nB&j%>~wDeF(7UzCQnYJ**X}DPUc(wL*|+{3CA+H8o)=r3y;Mx0YkR^Cwgf z*;Epvcs#H$RsGyq7?D#Ph|_ud7AFCIKv7dtl7WlJ(lv@vShf7_tFba?^VTzXn#Nfb zYSvU{mMZ$o(x!&RI6UnuDMG$M(RV>1F z9OHzYd3BJ-R#pzC@=-T57#tWfvWDNqE;tte<2KgUcM*}1h^0dh(*l4i=lsTl4K(D(j-v|z@%S$s5ZFV6L=J(?0X-q44!QB8 zcxhx@+?y#Fm>WWBs6&cL4PE5(G5WZTin7W{y;SRp(n+_yQroZPwn^o7ALDpkuTK2D z(`GPv0W*dI5+l$ldb&hP;gPD4<;^%-T`fWOEoSuv(q{DZQ{RhfzT8jD9yYAAM(mTu z>DAGyd4mj^>O9*b#DV)Zsw)V$InvnKr&Y*4>mYJ3M;iPUm?Qof?T`+=ML z0S|_ag=@F~>;Yw$OH$xFgb3XHub9&A!SM!6_T7mwc<@y532m^O$g9z4Y~0_ayNS=t z$9$R=870ZY-iaA`blvq4zRi2zoukP|YD&>Nm=LUe8c}rpu1n@SCLAtOD-PZ-^0>oq zkzlRP1>*pEIHK{{0)8gS80gX)ftZ7A0AeE-CJDM!>?QI0q7H=ZvH!(*0J>7|GZbJG z4(aD9EAt#*f`32ZW~eAVDAE8hayl6o>|C(mXSpKVwb#pxhCkq-6q}nZOGK4I{DCjl zAORv><`?VWtQoG|+^kVALw2)#TP%W|ynieOEL(eVi>Pv!9Sj~NVS83?RK=~o(uiQEtv zgXhoY#tvwnY^V9pnDrNPr+$eP&&o1al)da8A8pbHYkz?g}>*FZr)_3+cS?z(Tb zuc8!p{gon1WS6JJgc_Fz`Sn|2b%u*M!Eqh5p@i#>U6D1vWw=lH5succMS`^GZ*dXO zs0fg9-NrSOI9QDoL9CBdunGn+=S_pTVI9>3$!XGEwy_GipJXVhD-!UfWxJyBH$PxL8zh)UA5aPaHR9Q>RPFw3+5z6jJf|$tI28V%SX0I_H2pNe-hp-IWq@A3G3hBU!2#JB{xOXCrs|>(7VN zz8QLVe3u(NWDjP}xf=H{RoNJ|2Fw{ly!+pOpxmMN9S&Hf?f(R@+T@jEh1N1V%N7-2 zicu96ocUZViBpMjcQqq#hSy$M7RpAH)3>V5X#KL4q@SLf_YzO8bP-RU)DXu>xBQu4 zoA-{-C6w~--Ink0!CKMCXqD7+B{3-pn*$z>{y$CBkd%R!?}2)L510*x8D(R{;lD}I z~dowKdv;s%5tWqxG$!l zj@;9un$xadfK`-C&_3*zdxM{e$?QA(>y)Ar56k5vcze_;vyHh|uvLu42HutuW!> znn<4#v9UC6CTeQvFofW@N+jI>S`k8#!QDk^vmX_ObP-qf-LSbxT}{H-CtYnFp%XVx z+Pa9f*3Zb}&VS#MhBs&#IoJn-B-DgT5;{Ar`l4d}!c5fCGA|ofTMs5vST#6uDtkB{ zia(kn*=8Fv!Thx0KDUxXP5A#!5DqCm6{&f4w7ED3$;LdD|Qs;g!_e_H~Zl3jW>-?YAtmp44 zpzCl=3Fsp!4Q{?A9=U#Fso-QYF z{x!lp*DDJZ!M`AoVdL0~PZqvW$2vcm`xz|OZ18gqH<~;$;N@(SN%}IyhWy9xXt;2} z^0Cwkb+?PQicJS6Pc6%oHb6hYf>W5Lsm(U5)%OH3%+Ock`6zFXkuB=oLRTQh(7&MZlZh{mDyc}jN*p)NEb4qw+~9W6wKy5NzDuMc53 znjntm7n^t*K~t1>VaOT8X6oyI&_(83Z-4!JlVMap%Tigkz)3n#sG=h&Lx98Mswq=^ z7F?veA0t)FF_M4`SC^307cu1dbvQZ|Gk*zLdJuuy;^)WgLrxlkST%q>!tc`l9i-mcbHz zrkUuK>(4B)5P-d@3;-ccAmy)@Rj;hxdLjcf6-UI!58O{pO?{J30bsFt8?OBPd_aJx zQ!h}m<9;gRS>rDka-nXv82SKc3L$nCMs1a3_Hz}+9hM`X&d<+#dnE;ZFZZWq3Z^%h za8lnZf?S=j)_Kq#->bd9zprDgtJ`GS1DA@x0cXzs)D#0!E=l2ct z?d{nXK-$IgxZoYGwhJ-01Ld_ccgCCl>PI`jBic z^dZFw^fQ8PR839I$`?w_raj@_!maF1lx%D#AY6mr`#jHp^<**|+GdL_6@o)$O9A*? z0ZqJfh_*U-DByPEJqQO_KZD*K2MxY1WTry(4`4Y6PO&-1=MNt~n2-_`63XDqF>J2E zFbAtcJW(9CUMOi(%Pv0wCewyCRdgRzcO}AO-@1Ow546MEl+d>@PoB-5CjncryivYg z?Q8xwq^zEmY>#1vzDISN9qbEe)`Ut51|ZPYc{usSChM^$-|(xqJ6z^yD~|-R^3J6*TPv}U2W)R7v2=x`fIBD zl#~;eeqND}jR(*`cu$q<5tVC)+`}og@4~v@=~NSm3S?tG4eVid(P+Q;=CS7@_*^*U+ifG{^p5vG9nvU%MAhV)6B(?+k`Q_~eu5TAgTGkU%~az;aK z_p(uSwaQ$^)s-XTvR>>m<4jYBCuY-yhYM@++cjI+YMDTZnH56DUDPGN4#@ zmT^X>`S!gL@H`H!I!&1VCXe4K^Tlfr#t(rP{6X7D0D^@)Xt~9 z@3~&BK}QtWqD5i?Ao;HIg0VE*@Dv4l+1oPIba`-py1)f%qpRJ1zP!<4Q!pwf1_qVn z3D6%fiL`A$rP z2XpyCfHy@{Mc(sh3HB=yeah|@N+w<)rry)T-Nl(jEHb_l%mWIA5;^|2la42{S}`&; z4hQ%nEUl2Nn49Oop-|3;lI|x`S$1}88sggP?=s{Y7EQm3ODbv0ZQrAjc8gFLKxE5- z3>KU9&Y%NsT>TnaS4D?JKTa3m zR3tySzjqW+TJTJ-typpT;Wtx%mwMFTKWX4_5VugD8MtG%=8pswOA0jxT+d38xwXTp zDsi2(VtzsFp$;vPsw$>1i207luiQR~k!oQ37Uy4UDIVoE`y}j41^hY_(f~%;aCbHF zto>=N1QY&mjIfAw;7K|yxO8!-3MdOe$1uRpfjwL}e;1+Kpwvn>mcZGI~SNSm5xS(qNHJmcH7xXUF3g|?@<{fri zs_p7Qw;;8FvS1MvPbNBqA}1+C!9b{t-iz<~MhKGywI0)%L_>Ca=7sp4L$xT# z9$3l<@17?|Wd$erKn3DGw@N!^5}p`(87XSUb;kdfeK9 zkcvtG*2+?ma(NMgSw%)qfdbRhC2fNQ7rY{|6iW|bMu8ZP(cQTM@+hOZ!DJGGj51Eg zz|qJhX52rEs74nc*r|IB7#QY4toF`BU7DD1!M)*60xEU@$-`o_os}i#5)uK|hx*Q` zX&dh_I0=D~*Z|pdP0tK5vRXe>HsoO8X9hQ}58%}JTp~wyA6)cWd z(a(>sT;)g?Y0(-B(^;xBU({wYR%VVikWbW*kJMQs$sx6BIGidky5YQeG4~O^wBx9T zb4d?8v_6``;rS)o|9nYtj2X<-VltG}GoCeSD;Ub+TIiZp-S& z#XM5QQ;XW~K`vCI8|A4{BHGq+k}S{&?4v_J+vzbp&Vp-u7S+puP%UWnU)z0}GKA+) zM54>9jzSGa!Jc(1BIS>b@B4*Vg>$YJ7IXwx*Nd<^{HQ!28kSi9z}`&XI$|H3rH6E= zIQG8RT#4xU4jm5=vu_@68w-*G35-K_{Rm_wgA35SAVnpy+g8_K1m5T%mWZi`%o^My z^K{BAjMqgIPzP3`aWNc=kB-p=X5O5kAijc|h&qn#^PJe)eLav4Cz=+s2+bcw}k2%4` zPuNOfu-`>bH5dKmPKAQHtIPFFtHcO(8<+1#ln&yTSuPs%+RLn=W9Lct z&E34(g?{uHxH8(1!YqUKW5eidSb@d*(T@}d??8E(W#mSem#pqs*jym(Ag~*1fKXN( z;VCjUp&=&4Q&#oTu8d$x>{WZquj=;VgK(QS#AQvMA9f-~V8XVW>}%N!D}1k{S#Umi zzL{+k0&GOZ=9G%*u_n2jQMV(|M?#jC)8rexgKiFMxO1QVs|2o??WiDaMV`C9#m>u` zw)V^FeiZ1iKpVf!P1b>hN=azMxAkxOcaH>uranWw@jgpO>_E9h4uXRu!mv4AfijK> z&%lyW%|GU=5^yIpPDSssIjs!rzzSgXsEglC2$#eY6q>Ua5L{l@ox!I@+2s+#?ZmXd zz5#ILeXzU&i=6d#7>Y_X2aOaIC2~oGIe8Q<3HuF{Y5ceEJy3Ar61f}mH@e8mU!Eog zDMUsSu4A9y*e^PR zw&59=zc3q@HTczuotoZxakpxWk~8y47`ZSq=g)8SoR{pMAS+Zn*#%gC&g$^1*IL-# zCDmeJCgyN#QCdQ?ULMDN6~z>4@sa@{R+6QtDgsOG(k_=|N|n3(%lU`)V*B@npoPB4 zGv_)|zHY+k#cgG)&Q{O)c-j5C@u`l0q+?n!)9=D>!{C+$xisHSNb-hRCJ?=0euEU9 zqugBmrLdBQLCx$ZqAF4-eifb?21z5}OZ;=1xZ)t798XIl3Q_mCW0ynp@6sVMh!cBZ zMA)eL`**)qh2&#*V$)sX-+u3`d1fBoo{_skD9l}cYJ9JZ(AfZ0mF_k3v@7z2_yQG) z$PZDffsU010?c&cKiLyTaNqKd22YcUrj0ZM?emhBd=R(%(gKpuXk9VelXD-)>{XI*3J7J z?t{u3!fYRt>T6(n0G56K4ZTnV#EJ&1{nZwUr|U9)NyIk4kmDwMw+VwH|4oju9;LAD z@n?l7wr55g5h;4ThoihDLE2LV9%$HZ_TK^v6q-4Mx#tPt#+2ixGA)36X z+FMtH8e&FW$g1LC6o}V{34>+xs&4iAipJ)5wZ~=QfNA9Hi)pNVsckrC9Gk)^Ret*G zyIv4ZlUJQ$Kk)v^DE^la-Y#8>L)odF%3K}Qi z7}2p2edk*vdU$?816!y>Gy0@a#WYe zKHFnbganH9=l*wG%jNU~69q`4d_P zatGTJv&KpMMl9xIqdZ^t)l|9|v6mqt_bJ(Ka0HPx(p34;+d@dk+)AMsV zswQ^HG=@dBWVKUjMeVmaD@D%py9AvcWjHO=WqfOCvlOfU2Wj)H7Scm8|2U$b3_6Bu zXq8W4?JHxM;-B%c8R(&j!srTt_Uv?S>zbxBa8mh=sLb5R+3(1;n&rT_>6S%dB4&gu zn6gQ4KZ-cs_b|uuGd4~m|g;#TTgzo!{2@tAYfzZ@YMN^_wEURu}4I=3f_H-TP zD0xlr^$@X}%gthsdyo~T3MKxg5=seA2OeL70Bx5@aH*1v zI2yM-aUZUmL~XTGw2}fPG~a~6VAG`CDkio?bPl zA!=(m%gI1-?js_L`d3sEg%XnnYFYweX;V*M4bo*Ah^5*z^3WZFdLMmx>9zvDB~5rU z)+p6~0T`RPrwCC4xGN-EtN3rAa)LwNzt)h)4I=};v=6(St1C#Y2-50~8mT1H1f-9( z6*~<}yBGzjHnTAc7>A`cy5NGy*gq4jKu(|)La@VRh?wH|(F&jTcr0MGIQ(eF{T;<) zd74HqLokj|)yb1_eKr{};5#WDM_C)01ogSUOkl zs81k%`6AE=8oDbBY$6FMaM6kby*UJrkuy2=1{;UP-UbDkunn>%aJv{{wS5jGf(zc{ zG3kVWc^yRH5fqFlh8o2=!<()G5ZOVE(90WnJ$)E(!O3uzkl{T>p(}z=?tMfyTnQ!= z_gga%7JjW@&%wdL;jAZC(G?k90}kB1v2o*R9Hg(s2UMY6a;Gca;)fffQCRexVGx_+ z8(f}-Kr+_>Rmf(M9q&;yQo_BXC$T4C>?c3w&O54YzZde47;`YBTM_7QpQbtxly z??2aUl|}xzJwDu-H8cM$q=NhK|9DU+LQ%5LQ4~51eV_%@<;MN|F9~UAUA5qkYq(gt z{$lq2k)r>9KM_J3bwbh=2E*L}u9*rQo8wjPF*TOu_tXFL_5XQ03f;f&vNzP$DtP`m z*E!H4wkzl#C-Z+7asNIMjfmzh43Q%Khh6i3{VxV4!r9c1=b*TlGq4AXrW5;o52)R3 z_rFT6^bn+Shet+22EG1aIDtQg!GwgN>*_lK@3?%#Xgn@?fejr{y5U*rnlC$9)Gd2zyHK)`(Q($Lz&Xd`CZLwFD@>|3tguU0#&098K2efZad|m4|O6fI2h`kUaUlq8IPU{V!EtFNTEt z<-$H+Nj6wOkXP*Pi~X-jDL6RrH>pwtJpmb?vx$PjD2Qfk07@v(qbw~g-A`797-D+G z{^t_=Une${J_rNfesgOJl=xXwMzUu}gnVk9*4lwmimELCcJ9C5-v53gCiZ;MEo6Z~ z{oTVBIVR%Oqy)MlsK$z!;-Y={e_g16iWu6igI%A$-TUuBQ~X5C!ok^z=-4FwUl%II z%-=L+AjmJpkqG{$Si=ojWyAXz<@C3h^3TDGs$gTB*i{aaqRFUC(1gM})hsH|CCxTv zrF~Q?c&mtaz{JE<1vzzQ!$m}+>fx`crDetQ#Z>E?8X+NJ(X3rxMP=J}o7&|gATKL! zlwe5j-pv4rItm=L^DGrg`1bbp@sW&-Omx0&1p8>Hp-K$Oa^b9<1NyX=aJPzMHeu)& z7yeMjHmeEb_Y8ycONQUnD39>9=Kk=!c=38A6+eCF<;}#lP%WEqDco$UdA#p`uYB3h zq68n0KUEX5^4A0HnH&&^D=SZd)(li@0uGCaM&#oTULe7^Y)MCO+@_|b`5e{Fi$h^# z7OC7b($mAAP;R0S^Em8HW+%X%64cv#&lw$6*c0}GIG8D#uC<+BnazwwqbubJRI72_ z9tKjhL}?dP_q@T|*usdQ2OzRZEp562EcrFaK!pl59SB3l|CF3;venqwD9_rI2Y864 zeKoI>92qyP($N%&lv5pI4tl`4bcH^eNg43hK}@4?=>x#wdH?}$XrZpFWGl(&4U3pWIfmkB&vK)Ntti)bn?3b+I5DIuLt15Q%lDLI@i4U(OhoWB5tYE5%32D zO#`c1qswVsm#^1c?K8*efVR@C4+#TA4DfNN4fOX1v!~u1%%c-a2n)FXngI%TZ13#m zhs4C}`2%7ql!EvP;om4wglWIN=fYod*ocO}q2|0*lo&8lN95gdTQ@aMfq*eEAU7BZ zgoFn7u9;5rw;|6WZo1VHVL0Z8I4B7U{&IAGo%L#zSsuVCOR@QaJ8SXR)B=FJR6w=4DFOAIXtq?Z(d zk-M4}Hp`-{pY!ND6)R~~?ZHdU!-2_1Kzn|eT+gT4s z*t)Av{OVe>gZZX^Uvvha4x&LoaJS`B&H+UgiyjKf=IN^9-Nw3%35C{q@K!W*5#azQ zn{Ycj%at$R{DLNFWf*|mgR7Y>1BpinI7e9ym6?!GBFgo5B#$%q__*FHJ<-@hrjQG z@bbBEIgy3BoiC-k7f#pXRzJqhX(#^Yb}Rlio0!nrpk>SZ3S|CZCwWp>vx9gRHzF#9 zb4A({mTr7L(lq|O$|YeYCggGp2In1Ndy)$kdY4h^ICQaK=k0|yUtTu8c0Tr2FYn#H z0em<>xBl-s;$OXa$(}TO2R7i32lsn+lCyjgGV;QO&3hy#l|uaoMoP-;Rl`=E`~-Uh z7jiI9Nab%ZRkTjwLc@k5*t>2QiOnHaW!%6bM862_r8>~*^)I64a%<%ZapqKd4+O}z zSJ|^A+R@&1hOwJjeWoYPft`KQ4^j9ePOcTUC4>WSB~m<%{QOKQ>i=Ro|2eh*fDr6= zDr}p>Jl@$j4jS!BustOSV^7Cp(aUldG|Q&oRg*WNZ5M~keRy~PjMpeNsMQ`#n1eHX zBA8&sR-P$g`AKI4V!HshiVn+!0ps})(^sy5=?MuOrZ#%zD=@;5~OFR94%Bq zJDPR1-$oRyB$)4fMdW@yboi4PZXErtZxW>pyTY&15uRDT<@B2`V?qcA*wK8Aoc&x7 zxVF6B?46HC$FrgIJ|~U*dwX>{!6d)k89mdtJ}mTx0Y^92=Id!8i|IM=;{l9!oYI+)S`J3cCk-}NU# zoDs>>IpF-}uW+!+MFjzv$$X#DU8!~x%{KK#m zTnKa4g@{Z;oR`#@gp2oZiTVvLQoM@n_vXMUh_xjZ^up+fMJMJN6&n5j+Pm^_DAzVV z#?UCs*lJ>8G$Ktnm1PteOE{fEl> zh#X7DIwiY0_p4?mzOL`@@4K$g<#N5o^LpOreeUPpp8NUz)KJ@!f-d+iLs>a!iHC5} zrQ*S`#k!ztXgy9MUfIxgW!*86%Au=_wfTn!cT@D#wvhc#6q-u>lxB&t;yP45p)5iF zaEJI#Zh|DegDZNUvL6?@R#dj;kfa^#b)lE(Qg-Luw$uG;{LYaQkdckWp$4=+zrRr4 zc4FVbg9AhDk2nu2e8JZQ;;@=s#pK_{DmxefhPR#Db}Mk8^lt1)P~R!c)Qqtl@S{vM z8BPkL1^~LuJU<28^c<_q^w@#x17wo}84nS6Iqa|ml@$W!9Ou+>Z;$CsgW8zoG5R06 zpOpje2C`{>aiGnKxiCSr9eARVJ$3h>b^}-}6&u*oo{>gA;dMcT8DKSmnM$DA%Y|(- zXvvX1C^L95^Ac(vz>&3CBO6TEG=xw{*b;yv$s(3jz`U?fafN;0m4%{(t;W;C&zJYd zh|yW9$H%gKL=_5gT+&X0gpW&a;!guvQ7Urf#Usr=i4Agl+&W3|#!IuSR{J!rj2MX` z`#w#>gr|Y_Zp&A-wwoQc;8tQ1?u)&sApC4BWKxhpp?oz?!g1!Def;Z;r}i-Go2IE4Edj zqdGuu`vF);WR2*ou_2SlM9nW*iobn6;7Q|M=PeD2FLzFk^v9Y>E?JugGDhCcqHb00 z(Z#uBmrd+vSz~_&&;%f3^J1}B5f)OdB%Wz=gsHR=LoXTV2vi9yYqxE|jljiLp(^i= zz(uxdfWCTd*`zYJV?8Q0Fx#mlIENe{<>F4G(W+eDIpVa>B_=}Y0DWTE8@r0uzhzV` z$M&Y=?K=T}RU{y`($+s7i2~$UZ$N4BAs1 z_>RpGZBGj5dzGW1Ux&mW>gI4T+)}c_O&}LQ>f5W?qtW+hGtw7T31iuvx*>KUaJA4Z z>2x{-Bsx+P2wM7XC_TarWA3FCFAgV>NbS);2NM98+{ND@d$*lJ_(z=x|7+5+w{a36t_9dEDU zk>ON++(b^seHwgV4gk<6DfO&NaIacO940FAKypsyRUx6^0x5-zh=>TH1}7_d1~Esz zy1M&?P)*P1YqS~asXpAC-tP3_U#8QyAk>4-NyGjtu|OZh9m1A%Vrl)m5j ziX+#Gig?w^oL%<^oqbDBvJ7d>sXp07H-O6Nnem6y4f`(Xc_&@0^#n$DJ7ZoIxSQxz zrXyh2+O$NB2!9#>!kiR_#$l=wnFjrcE|BIO&Be=gmi-a$?zZEL0YrYbEkO?$t^r1K z>23M^dPL!0XKeUxHIO?pz6r~hJ1Po$YMjEmz{x^WGj<8$#Nf2B;2liB1}$jFH4(h< z6S6qb%pqtyb@I}*VAjVHzP6RodVo}yedl}M3M6b@R^316ZSoCZ6x2P9;dIjG%rD=m zx`B|CInY`FGgn|Vzqts7(`Iop?YaNsoewE9VE2$&(N-|^!2rg-Uxr|UL1pZvFMN|+u}S9oI=WrZA;gsyjj zdZ4nY_djtjsXcVvi&txNm^&-%IOt488oFX=;$&rcQy-o^T*t*6-$W3Z`&<}g-vPz& zDuBiZF`p*5q!`_Ce{3yy z{XUsRFD@Hf67rsxc_KCEoE2>s_8d2gNCWLRPbE0>+O>$sr!Be*+c#C7W5Yp^%0qu& zGUQJ@wFilCCJeeHe-FsQKiaw$jNXTmnzg_@E2$ zJ1K{*^KC7G0y_?e^CZJm^<3qf;Ep(AWn~s9oEOXLA<;$?q_~I-d*qclXxD`#f=3eE zlNFWw;DPCw21X4 z#^6sRdg9Y5SAr0-S;#hsEh9>&&ek79Ni32?!f#4OfOQje7-yEOTl#S@*>1g-wCrLp z+`S029WWMitkuO;fVV7WZSm#3S;&I5xAZ(b@Od zWPbrrT9E|?-z@i z#_W4fv)2)T`R$NiK)yQB3=L_V(*FF{RjHfb$|)-^$VdhEKN@IqqvbWLMsKqF%TmTv z(kZn7Bjf=mDj?UVSnmHTbL|`24Y!p;EVCcZVz&6%AWBBPKEd&M?Vm+_7sL~!h2wRXuycIWfIUT$xC#gRyu;w&EbT#z&>#f>f4_Lbh|n zNRHXFR6mn!Bj2z0Vt1l-aw7G!!W$zA6ux)?hCRTw^Psfp%d*9J0O|@!jCpcoFl8&T zr5k7==KwQWRoe2aV&l)oA8BYT41yU z7h|z7CXf}=S$aaCGXReRxI9Fn(*!rnx(F+W$K@^Z9uaJP3GSS^hyx(18~^Wo);pUq zY5!%fy_Mt#iT*+T>hnSmgSr!Jg-x9bL5eS&RCjD3xN57?=*mLHi?u>>F%A0(YxvFh zHX9i=wH9%|b0PUH{Kwz8F5!t_K3(&aYUbFfufji556<#7S|#jG=wC5h)rmk5HOi#7 z2>Yf|Z;4peFbW0 zV{*s=;UrP(WnJ+O-*LFVbdKE%BQ|d;zNGx!5!cJYhyyh`!i0U6aB2SjK+368UqC?2wa7_|X?hx;=ECO~E_$`;xl>n#Kt$4J9g<^2 z&?X!z1u&GYEH96`Dw^jk$NA*&HRSS{0EiR~VR*Kn5EOaIJ0;JR@B~~!JaJrjiIQN?E@c8}yb&kKy?)YbAu}r-2NHI4Qy2#5n=T$<& zK?axa2r_)B8yY11al|spRxrf;sV>)fJL4|9nxX|duwK)YkchIPP=JI07;19x%K}J5 z`h3D~KO7tX@A3aTrHTl-r$O^`n(Dtk%|#A=7y3)5QriFf>;L;{Mv4TsN4LFHojlL& z$kgWIy6g4Nb02m%;Zu$~J4ikeivmb>-TC}qtsgGq{c}k8Z`bDK^|hV#Aghwpk9p@Z zZSpcngpBo8>SobMMHkQM51psl4=nu)AH@96It~O3<&A7iFZitG@7aC3LD=igjTT{3 z_6sF)?q5^gYFs{Wm|oH3f9iX^Bk@>Q^HLRZ?jIzLBtFRX_)U{;xX_TOwNy#Kf|3n$ z(6#wm*Y|4$?fqD%kI>ogDmnkbp=e88HeHLn>JM^h(kRe62xZLJ=Tu7$^ELy1Ebdv6 zvg!41t(f4rp|DjB3NTIr={ME^Qq184dZck@i18<>fNnWBF2aav@C1Gt`u4_IRs8uG zlXjzN9nI1@kNBy&&BdR9UwEPVPxZj4J3QnWKf;tImf!S!?|si%#j*f3dEh8*KwI#a z!9_aZUp2E-D>Mi4vvc`dd) z9Gy$s<)@rvwIsa9kR_iHVjE3poN~&9o725DDDwBySb*2*s zIJH{bk`Q!Z?S>qlPd7*0mfdCY*jqETl^ag@=+6(2qxU;+J8l7I2PTFV z#=BU?=WoyF`6q&h1;Oh&)N2MSdeVkMUibq14WJB*IR32w=mkT}y!6ksbgg>>F5lv{rEPk{bCE$RVK6?Ug{ z{FC%wac7?qa8(&5sPf}uIz+Ym$E62l{oiL_md*JwQ zmI7aTh1-htzvCZ-;QP(RtIzK>jm6-Xvr^l@f899%MnJs4Zhty6+o{*9-Z-pKe*i8g zkxJ%Ehz)cpj&kJeCp_gYL_%9?9BwVXTmt>L9BJCE@yeR}p8t$K71MS(@kjG}Jl^l8 z4Kb~9?LV-j7s>Z_gY|L#Mvp(Wb)I}QR*WpbvE1V4Zrk@y3bN&b!lF}-p=HX~Klk3# z=t>W{sx*J(@_X^L^6G+~hWW=vayl5#m)zat&v&j13|ZerVYCe#Tj1<#l~VtiDR)Wm zxMgzfH2#zC{%5uW>!=HSkL5elSpF-+{lpB^-u+?Zv9WjqQk$RV>lnc`a2EdByPKr& zFx}?}?CuC;hTN^D{tOl!!{fO~Y=s zx!G+DX9%Pi$)VvLCi7?%Ltq-8)Yas^XJ9M;zsnH#L^~hl+j)@ZQ#7OJB2e{oXERxa2&jvb~x%>a} zs0uo$+HtxsX?(j063!}Y?OQ>%jDGCD*~yfJA1yDh{goLFvv=!VSh!E z3c;HVm&FaW8PaeGb8@NSryNWU(y6SAFp?at;BuGyX)Hjlz44~-z5E-zMbRB|tQ+mL zvL-T=ULsRVG`gBTQbz(Xz|w%kM!gP$UvKq=;47h#UO*kWMQfBK>1{R%`Y9BOnb&tI zyizpOY%1fizRjm!Z4aWEW{%qlogCZ=^cuMO*vn0|AKM;j{|C^(3tXWC6?%nuPq^W_ zYFAF;doduJo8iX$@X7AqG139cd4FQW$&0{ zp5LB3DSW2}bD4*>91EBeJXw(^1L7qPyGT>XiM6dgi^+1NHeDRqNsRL#XVFX7x0WSi zroIbHXO)&ZiLxx+f3cHah}e^KLRZdDO^qdu(!E!cOpaD1zV>3*lDdd3+C@mduMxqZ z&GWAF-r6!rqY#_;R|+S_rj8B6l@^s+T2f(O&#q8Os2FMpsp7`0Z*ISBEx6dLa~nIv zVXflP5CKmgxSSJWz8Tw~ofJL~?whaC^V8A;yrU|tW#aQ3jbv)Md;ZBu38G3^4;j8u zM_=@8cxN`Ny{R%4q(RK}j2Rs|hHArF=D2zW*<=_(kw^YOROYy-Hkt}=i)dt&p9oDsoY8+$W+{e&kwTw|_psxOI`Es7n|RCJ+gYge5_FS5_nD)`db=YGnw`M)Vx6zW!f z>wT&`0@~6-><~9=rp$5CUg*p-q;(K89zo);A}AQqr{UU|?-%A6y)LDc9q=7B+oHN{ z`7@<5$5h?+*Usw2-+;Yg;tpLooJMwS`cz?C%v1ANRd(ixUF=<@<{z39cTw+K&ki_; zoeA^Au*h@zEQ~BDJJ19cFBs4xbE9E<;RxHfu2e~MEz;q5jC!KR=k$dh*4Zzux6lgXWaz5r-a z_#c3QM087ncr#e_u1&occ5l3KZ5%^saQ&S{$k{uuoO;Tn8V8I`2+L6So=}H9wSptT zEQz4qyQnz-wTID8`wuAy45OJ({$4I5QQvf^p;Iuca#P8qzcj%SE9?#^SfTmL;QvDq z{19$@Zx}?FnZ%D6Gk{fI5o2wGP&Wd64JmixhtjrXQhTrETPtuk&TgkK*TZcow)qBn{pNwmi9t0i{dBieVlQ+a>`u!LrXAYbB;zh z>vB1QM+Szel`^Z1CkBl&Ne;A#*FzZ*N-Kfum+QIf1K!?C)VIx7V8)C zC)mANhK*a9l3y2tEcpLDNb3I4J-yAFDU&x>-ArGNUM0H61b_^Oubw*XX3y4|YywN* zaHKc_L@#PSU+w`4sr`#wtZ(Whos~LNWnJC##Wd%fn-NIO6(b^88~%76eZ>zkW+j+2 zFlcyXc5*xFW`#3_tfTQ(8eRHyg_PM*;sAu5t-n5cG9Lwr<&0Fr@?9xKRgn#qI!jS4 zF*jKc$`mwrk}0bVA++W(5d(1cyUyP1etY^ugHpFuZSt~>7YvVXO!fH$ye99rChy$f zYATgUM_bi2ypf!QPBG)+x6ipdy$%l6`^@IcjQ5|~^k$b<%NlV9|I26--#@i&Rk{|B zQX4+!Ju<{D!}Em_9&3(m<@tV{FEOPWeg}e^E1o;C4Bh&$r0ze}x(Bww{L87WzdX;| z{{8j-eXZ|x4bQ|karpht>Ae+9_i*1~nhlg;5#Q$CA4PmlTb7h~H#Eh5*NwYg&+wA@ zJ%GUV+bsAR?-xVp9#S|f9CKh7IBi`!1M>?jJgsKi??wKP>HdXM&DD#HXT8s7RPjPr z=Wl1{#$Rt2tClg)&v{lXlfiU7&*!WoB@%VX*oOr=CVRz3_&O6@V!ocgzn!ZHT@KUb zc@}LD+RS9#-q!oSCg;Cc@(;CdEOc@XIJRwk*$RYz`yukG;h}AB1g=G75V!hDnM1$R zk+zMYQ^fD?WPSh!?xtUK;lv+!J&`IO*p=tvDm&iEZYFJw5;;*Ld%QTWNBXJywLh;g zQzN(GtE3Ym@`bP|NLRHV7DZD6U5NZDuIMG08WF$geUSSWdWV}njE({-IPuyh#h~(C zvTp(NF#S8B>2P#1QX4R566-H7Fox2G)uVLzB5l}!iqrC7k!d^l;eK61D4UgLQh!$N z20{YLCU*{o(@x=tAzBSBIGk(;>LY>dgW2~{RNi&=-Vrh-C2I^oYf;p;_1oi|KP$qQ z#Qh*-)@6^)uYz+WjR0^t)M`2qWD)=2?xV>wA*5WK*-+T)7Q6@_IHJ>7jr8?0_YR7V z?>GJXwxU=?d=4~Njl1!QFrr4J%y3$J9{01Ev}+E1rASyH^U>{izdqf7$rvnRc>czB zz^Z(o!dIX{S zKTI;!Z`FS;bQy8)onD|}HtF>R4Tc(dNPTWleE=_}5=*WA;6=e70w1l8Wv{54ru^3v zaPrvnI>>e50hg>wrAsFMuO5BRMtR;jeosfTEnwD_ef-drqiiFZmfv12SS_*lnWFFc ztn0k{S~=V`6U@U7#lTFOVJ2n}T7ub(U`{IOd^Uz{UD8mI*aRDG^U6sZLQ)~)5@*xZ za!8(LHFMou$mr$SK|Tsep#o1vr2F8B?_nl_!Hd{e8QA9V2P3~yW5J6W@`~dPg&cGr zUc(rmQRCz#uY=+|odF!kq^b>z5;15gWHd^kJ;%|BLaj(~@F+gDXf!9L@AO0oAZN>K z#8;fx*`1U>)7>0t143hjYOiB(6xHi%mG71scY{)xeo2-x6*1~EGKJVQFB6aLrJE=V zfdb)4$wj|c)m79)Wlgp0XMHScKDxPGGUNsk8JNmLeoK4~)K_=^huFFRyp zUvIwujmGzvxp&k4x~{X;I#hby?PMKeFPcPSK;Pvk(K;f!;0gN~#OeO&3XGxfH1yy@ z9(VEdDi}4y@^G%2+oo@5lSPdH^eHNOPTcEfHU0#1M=rfhNtIf2+$@!Bcl%6R5k#@c zlN#^a?BcMcd(_C@k^3RDCGHL5<;y%bjF)Xe*RV+tD-!Wr!&IYDxAqOaN&^)R4Q?M+ z3^x3Wzx_I^Yf>Fu$Os2P}i{iTU zd<~us7prx6fKouuh!QQJ>{=coj^ErK^p}`=cK>^8i(QG998c5xRVzopq4r<@{}UXx zmV3))5rsGF!Be32@{-5QP^D^pQ|VUhwLHhn_Hxvj*@5SSUh)7}D`7)>l;nQTuVP3) zMR)gm94T@hk$Cv^FfQoEO@?QEID~5fFQh~qzg&rME2p+-Ijjn0!Q2RMq^Jkcb0N)v zMM!Kq>Oi}EvBe%IwzMcHfG8peV$+(A6;5k4S~N-&OTNVuURK(Dz-=tT3P+*6Dxj(+ zAwzYns9<-QqBKKcRDjr57`OAHo0C{0kCp?X-|v^6&1u6JsYDnG0k{26aC-l^4^vi^ zSt6NZR$bdl8PfPeSuilvi$iayOeuR5i5|&@26_P3dOyU$0)WQDP8WWGOjeOKmH9jr zL%=yJbglS_Hiv>LUG!=pqk4z~y^~yV4@h?zy9;ebq%wv%ml0SAJ8*m`d}7&1yaa_R zDGjKPfE0}-a`*;0TCkQ`EeD$J_C72OZ$#TBdw-B2b?5vZN4NR@3jXex`-;X_@UaE2 zB1mk|wuC+n0th7Bk(&tlKpM#D>Iw6aDWjQ?icN^t;e@3B| z{;BI?y~xZR87@hAWAlGRo)UVn2Q!0FPZWy{WV$BH2tgn+1X7 zZtHJIQ0ag?CZ3>BMG|V@k2^HJEeO`|L&M(E&&Ws=VV~#4;4fJUah}q-4E2OkCY0yR z6z&ES8L;H;;0h#w()lMOOMGUA6cM>oh+Pt5AVV%}kA40Ovw2@aR)W#O0r zR|AJuJAOLD3FYFf?Y{i!dt(ZIk7B9|pdJ~-P42x2WlIQE{gM(;R)lPB>)3VLD)Km? zqM!S$BtLtN5M#H1-2&b?0m%B^e3#*$n}OsI!U+YuPKCxKio8G0Rc3id9sz$Ik)S|h zVkKpcjLDKywezVEqDiw^;zOh4Iqy-e56^%W6xjBlTO0C@!IQkR@bGdVqC$4r^jxX( zl`%HF8xkF)1H0M3AbINKpS|b5QaGZ) zKl?eon37ot6oS=WB-byxO+YVFe*_;C2xDK@*zT;m9ZFz`?7NQ^(9&PXr5r~lB5WNx zFR(AL;A?LKaqTsm!=F=57U{nb{C-LHK45Dz&3VK3q@d&~ij;zLs@ZXP`wWU=x5vpGP#B8Nqnr zs8yu$P^MTms8JaYE?ApXXTr42u?G3J;QDRt8q~L`J$iy#c(F5rC`PV{Dw(=GnSZ^^ z2RFp9l$ne3(H4$;+n0$>6}jvH=W&jw${;gbDbS--LM$0+ceA`LBt%TUNX&bUL=05M|-W4LQsrJ6P}gZGEpS zq;NAa@NEyq`47W%53!PBps33q(FcM1Vy4bpH=J^C6T|a^O`x$qD4mS>;!TB$`(UE z$B2hnO1|4xfygNgC1hq#J+43|2!4*3afAQFM3xjEYKA?v;}ruk$Pp@w8lY&oCj)!Q zWx_?EYRRr%`-e}0TGv?i#H5Wu!(c@+d`YJI5I<*`#`wJXmd#Bmi|B> z*(ck9Koex*Glg|7Sw(7?sYIl4cWK%oboA6&D+tb`PR}z+JTw%B9Dp;g*O!3%iHf(^ zbN@N7b;%vBHY7QFpx!v3Z%T1KAWGz=mJ43y`@q&gy>N1J;}L+%4&v# zut-Ro>4oFB(X^2cx+$8v$m^)5CHp- zAq`5+`Ikc#qEh)^?^Y<#f(H`pZ(JO|UrhA6Y6tSH8X zD=BGYXu(hAi5buMi!Nd1D3XRpVzTOf>o}F6f;gkYoE+cC9q=7q)>>+^t6j{ek7=!O zIMheqzrTCuH%wmkIu&lj)%+>tBv(`V%sg=G_&0aW_ z7sJ@-b7@sQ^$Au_v6m~SZrKaH4f;Ori0pyJ<$`E#=XV0}cU)4xov|%}i;rV$yq_Q$ zBg(U1Dt6`*NOkrn=<;KnyciYjUSO{1ydDRvSy4smUgAdUg?}UdW)$WXd3nH}cLYMn zG>Eg^)(qv;{L`FOy3y#+&c)TG5(9=!1TgYXf3e;Tj~N6^;8Tom2#vmw!nffcZ;gT-WnY|DDi zy#0ls0iHOj9nP2mwgIv|Gx&Va1gB{ZKqz|)LL!WwRA?^St3r{D3iD{}A#IK?XdLlP z^8PA?@E(Eol0_gvc>o%k(2rjk{}@w;qqnrHA;jk0jb3{D?3%wTmG~2-5k@`GG+|3{ zyL7}V)JZ;>fXG)`4hjPnZ4M#=Ym{K!mbA@+k;VdFrEJFlVJjc#cFEo3jNd%JV?b=1 z!n1*SrC8i3np69ruR=oL zpq=O4Es7bO1YY2nPI~|_kbRJE_>z1gKLcK|j-1s-THobBoi>HCl^}MnJgxkp0s%(7 z8P;rwB#boj_dA%UnN05#4LM*7Qek=IKkMQ{e2`{K2UI1UgxGZCAo2~j@zp#G+z@gh zg%Pw^XG6llw4IPAI1*QMa8*w4co+S z34kkOBo* zggs&@D1{22x9g-9ZQVNq{27oKLe=+*A{;esnRS50p>*873gqcNu;?-ELz0WsJ3*y= z82vAip)PV)nPziXG$;~pmo?!q`* z54jZYxQZ6LIzf_a3EeGQ2qhFT?S#z*LZSegF?d-8(iM^pDbp@+T8h)`ke?U@(ClQ) zsr7C!?;*1$&XEDEXLReRs!N83uo8nJG^&4Kg_4isfMmx0%nyEpu4Db$=u+Rs1ha%SMNg3QFmDShCUnoQ9Q(kz28 zz-fU_qpzg$t6ttpIzuUc$V!~TUbDSK%L5)tt%F1nzugC2V8ym}d10v63LNcVWv7E1 zQy~+Ymz9ilYbVzh@?hBFpt>Hv;x`JeVRRw*89KN@2}8efJMvl7z7(N&7+B5|7qJJg zolBN8S8wu3bo(b($}5_K|Ub8!RQAw#?Q*LKxW;zAHVhpD;KLv|nN6&}T9ZzCcAa;Er#uLi33q5Ezu3+Ze2Ryffh=^Ai7qHbgdu#5W_`|&AJQbvQq`=xv? z`7lk_w>;BK%(>B6-LaJyQzRnbA^}Z$7o6te$hWTZ7=}68OVsT8&VO7uJl$dmQo`7W z{KXfy$aX?aIa@Km@0rBNeJPtQH9k~hh_90i1GXmtlaU@gUmkM#xP%T-(H<%lDX8>1 zr}-sBM%yw5`Ya16_{s{2Me#P1Fv|(DFGrod2ylc>%DZ+9yy0yc8r5`ikZthdc_2o) z_~D=z2+L7zuzNxnBb*-le~LAGh*8W3kjl&>C)H++$p(m`*mcWwri!?5F(h-oOtiz| zZ3H^a(1;SwngTXQYpCHAU2Y;VBgjDpa1i}ez$I`6uRP|iOxv>9Va76AkYC)e&UL64 z2CNeyriVA1xQ=EI(?7&?1~sX3Ph7}Hwhhst6wteoTT4#F(4)P$3V|P%3~&D_R9!?jKvbQ_gndzTjM;TctXOApI7Qj!!H(${%H^aJSFlScdI8K4S z60$K96~}K-GSDY6(j0IPoH1OAA%jDY{O)7OpvLV1Cx91&z}PF5!`^ySV9QLE@N71+ zgssEcqCq7E6!!8R`Wg^7l!1@3E@Efo%@dXD_SILRoLmDKP!~@`lHVaRKLQNrhr_=& zgE2!<{&qnJojo8Ll<|XTiNV7z44&7Z*~DdRWN)Gt1;LG%*SV2>_ItAId{nlRG~#Z) z=zR}Qn>j8JlgV*L$A#ZIMf59HMDD$(^!UIJc~Y&b-R!XgS@LyQzhwk<&^u_x8AEYP z&p{|7M$V=EWFi*f6mvCl?1k?G*nv57Ahwq;-3U~;)Wd?4diN{`{BU45N9UZgn88)R z<6fEc)pm`k&>3ytYerQ2U|Z@XJg7msw9-(ewcf{@7}~jo6P;&S9Mi1zcEk@renvSgm_it!p9LSe6RN zZQK{5oNvo? zrf@#N&?xdnXAmXA-$1w&Zlgj-3>G$$2QZiX$V>|NjUxDpVi5+T9_V5~`+l;RPT~%` za%7d`&T2_~3873JdE7YnFj)i4X0FzepdIE5IVeZH{MomNN4Ym9%aSM>kJWD?1{x0J49TCFBW3b- zN#DtBRU|j#5&GP@Eo#+pSG=(_E_qTaDmARFwz%QM;+F@+5zO=-DK_-`?iDq`MVA-Q z8l7%aExCr_{y+e`rr(^+n_Zw-PFKT1j`5~_81jXQ2FPMngj|GBk5)T%LP8nd&>KoR z{Db9UbUV?%3m2f(KSQ~k@swq*cNd&Lb8Uw-*Li!os<#1iN@%iiOwTe*d^WO$9=RquLn*SX`t%Bo29)5mh6olv1^Jvzf8S zYr5Q6xU0&CjhmJE)O@P?WRV#uZHKx9-Wn;7ObM!T)Q|! zDxV!yET?c;H+dQFeZvkPR>!$QRXM4N7APzU8~@T|AMyY_l;;{{LzHF#VW-@cJ?pMPBAm*y1@K5Y>+o zMhpmY%4F2G#+p4G3^ID> zWYZlX8sValhG}%q#m+MRhHYkKk-EhMfdUcmn_8M~Wns@ncNj&19B7%Sy7RbDGBFi# ztBTGsULEU-x~L<^N-089*X)TLE2(^A}y=l4XY^6WKu5^dPp{Fai_A?NAfuoh6hW?UBkbxy)tz8_wym7??k zjbbeLSldERFVyG42!5N$YS0R$*?RpbQdRhS8|fQIcW1)E{EVUrS&EJ7KM zl!eRHh4*)Kxdus!=^!egcW@#`I-_e!uV@3t4<`Ryd=8vfEUaVGaor;1ZPEU3$)ro< zMU>WR>LiE>1VEqUJabecI8($;$~sdV*XY98*)$aN{S#1cGRa6Bd;eD_Ex?a2lf!Qq z$|$a3tTqV7zzbbGybZODU>OL}=n?l66dO`_Y^Pe|4f!>e*sveZ(*`?1v5r!!GvZL* z30vrpTy@yq)J2MlAr?XbacDsz9y-lTcsjC@c`hY*IL>g0!=_vP0R@R0H{H#s>tlz8 z`}!I_-Iy6v#sbrit|xP4pigsJ@dPM5evyNuXZ%9xW^P&+Zy!G;36(`|eBGw;(H&8n zRq84p%{GSmpiKVQLpENHl*fDH3Eepc!H!tY@^g>@h@j9vP|0G`DGN(QJePeaX-naU zw*o>M3k{H{NiZ`<&v%)0x%WztgA!u*ZSgFXI|`n_&xlQ*3-ftV+(u}u$M&Q4v-zT? z;WLtQ`(c(CfRG!I9lhDl>d1T%(UUjDugWbeNU5gyZt+Da916Bw%z+ScObeztG>9pu7#6@#sNn9F9)=(#eTtgkq1RfMal_=u zz|1xT{#wLvfT6;rixQ+rNpII%VBeTj5?Im)T_S7)gRMAVYh_nv$c#T_-bevgF0$pfQhdk^~!7|R*2KB z{LSd0B4zm(@qUbM>%F8=N)zq3jif2X{`nDyarR0S9bukqv!7=8T&f%mR9^h01L2rc zp9$*3vY>tIWS&A7WrPy8X+`lkl|3zo7UiX06g)~$S++#WgA)@+S<(++V`$)@(Xl5h zNt!YzrVaV-W_AWG`Js=aYpw7#QP6)Gq-n_VpaQb8`IANTSf_e|vZ>qLSdq3DSL zlf5xRoJ~VnjvjHysgOVFL5?h9c2!*0pfZziPu~E>MFOdja=O#sXBWf~Q=|gMl0AK7 zNzl^9cl>wiw}?Uuwr!FS03d{YO-ZOAeA_BlU$MN}tL3}`$T_^sv$=YzKZ(v80!=NN z21|XX@U#HRiblS+O4-&r9rOFiaRbPT@`E=@Dwwo$%Y5~sIX z6GLJ}22o1w24KtJ4umNL;xgLMAS$x}@T8(z#j4qNU|*%z5b*)N{f|R!qaOzGUpzHg z-v|T|c3fKoHzK+%2XrJdB|WambI{xO+vBlkbtHT6NmJsFtu69Ss-2cU5tS!=LsSoU zM0t#&JIh7qH0Q~JnTgcm!aa(hq=Zr>H&PD=kcwH5o3DH(I9+{b^epLxZ3r;!v+{^9x(4CdDg)jWintp?7k_fKCiNHUgRHRNJ~228H3& zI)zyJ@9WuMh&vatw&K0j4?-FsNOpSJT@8SIs#z0 zo6s+tf6j>_&i#d8@0)Tk;Gr;39%xSnmvqlu^u%+3;Eh_WyFD_Qy4d}NXa*#cgGf;MjVvf zj4%|6841Oxj5>$e>^7$xawV&x&=dgmZ#kfm_1JNk8=PdeF+wfA4A5d!mIn}g5a-_= z3`6LUL`;!mdcY;mDa7cF<$(&hW>@h+8MQ229?TwI>Gq}7Lnzneu>Ncc0c&n{B8J|u zj1oL(kqE%3NVjy8x!9#{NsflHsKk%lss2V0TaC}t5bi_0k78G3$xK1BhPc%UGNv=( z6pSerMT)Ei4Ot6YsHenu;pac)4&X*&rFqh5S|a*R zI^M?N1x_{d2^LbX+Xex;y(7w>8%n8rl36I$p1B~A85oIXOYQ9geQ$(YoN2#g#Z}X; z0=f)`mp?KQDoWSHnkBFbEGGfoQLS9Vpe%-^ads)4PNMq}Ky#*~#I|@g?BvoqX%fuc zD9`*Vfy>e$7n7(p<&-q;08TE(R#^%>n$K{YVff7Gn<&_tj)L;yRW5k>yhm*`3(pF@(oAJ?iP z>oR2p7t0wd!jk<9ltrtKM)3x-Q*mk?LbvhlH1`;OQKBS)DWtshQE(x?=CpL#E!a-9 z#v@V8RmCv6C6etKvS@{USH&tMwV|1rlHvHLd(&}ewxF`~02uEOQEg#rzet8=5 zKp}u>DB?%ujIxn#Y*JFr#VAuejoF1i9#^(*r^}KBkzT^n$6|3;(&WD~8U&(gXcXbA za;0tUlmO%$6GC#Vj@AtTH}hG?CA;!0n3C^*l}rfq`2ylo&ES_tSmY>!fKXlRkmz`W zxhnKunI*i_zufe~A1aypFq%vxVsGB0PfaR77IC5kTvlOFZ z>LUoJ(e_=`Y~s=e%VsE`YQ9FLS8DlgnSFy*wOY|I#>L+%OVL26&JmOHW<<5l0ogJ+ zJ<{N%_s8k(WoQa0;ZF|?oumM&qg1X~Fw_lXP1xy|b0fKq?&}V&rKbzGX!lMe^(JkSdsT7S+KqbN;f!m`CnrW{fTsybTZf0*unl z#W`2KJ9L3+&}C&k*40@lh1XKWR1oND#zh9NOJ_1z*jmNP_MPtT&WtVHm72Os6EvQb zM>hv&vO|i=vHKZ3dl@xNeUizILVFycP#W}-agwg zXP+jdFG9KGrJRf=J7N<(mn30IIlLwJ?lIko$@?cIwydh5bs=7|m?R3Pus;R9YEc30 zS&}Zb1oUu{G}BXvHVA8$&6$|O>^OW2uz3=CL(Eb{B>*|}>^`ar>Lx&I{ZsNPSrwQ7 zT#{kS`0;F5h5WLVn29RWh6GaTetjEUiKeaWqYuOlyuru?)r(XOMli_YP;5SoB_x7X zT2jiBg+?)y+V6rA%yb{bW#&m-)W+WEjl5N1aZ<0}+E}@V2EmTWN_hc%3{i;nm}N6` zILoY31dAY*r5kI4^SFV%Gqe$NE*v?2Z^L9GOd}umJ~uQ?J!&dj4pfZ~!oTQ$aig)w zAb~Ao9Auwu3c*tn&vJ-<5IGa+yxZapW z&=idG-gy4G^~Irwt186oL$MIbbVOT-%$gzdGm&*!ow z!P^bd#@NjAFI{oLH4IX*O8e0zS1$ZTp&SP3QKTOdW=T8bZ~FlUrbf$Rq>A*C=nG-0 z2uw4K?t_eOyr;qk*|}#bWb3V3X%*NKeZEh!m;_tQ@9 zZqoPVY^iwv-c0Ld42uYLN%E$$O+ZT_y?%X2_Sc9hs_ufE!ej(B1_KF$wstME_|j?5 zTkI9*l`+dxXlZwF@>Qs{r*$5*NV{} z#vX~jjKNL$8)=JNPy-K-2u`c9q(Q$w*)A|AGO3bgt9ez7!Q!y(lu2i#x`japg{h3HlPg zv#~ZgqxsQ*cvSFUCea7Y@OeU%5n}OtqNDCw}w+S*rjQCX3`vB=bwOH3CSop2Yv<(hUDkTmlBL zjfIjWMPdxIjzKp}6Kxl*G_o?L_P9UDb?^k+@#7Rblr8Wg14(yQ8gGOI`?iR#si>|$ zV|&>;T;I|BUw%bM18&A~u9pzIRFAt5_KM1fA{2^|fevvZ3B>N6Hs4I=1ggY431WYp z6pz8z8OCZf&~}645`cM*-T~w?G`an*$up}2XnltB%GACsa7>D^YoUj*wy?59>G^&f zB3+`NWk+DJtY)o`E{zfu7ws&sjZ^GSp+Vj=F4eP~cK1i(IH4!%<0!tkEOv=<>ooT5 zplq0VKZyFU@fzKLI|fQ)9k43b4!7Jqf{;&O1X<`|HM;Vrw3+QlPhr zHD@+{f`HSy`{inCMcb`+TAwX2P7wS!>-%r8NO3QTMq$!n_U7n^9@YKL50!Lf|D)1$ zWB=D%hd4v)1`_!%U}ezt>-75Dba%?GI{fXK1jatEq9M?Hdi(qy!e5 ztqZQD#e3<>`Px|Dk+x+qg#t-`dvT%K>5C_X^yMjG9Me1MV4V2?;J~{h3P9BQVZXCw zh!sX0f8UOZJT~wZa)}V zbC3fEd`EC}G_B-0Yx6|>-=c7s7{48?eylJ32yPSA5IBE6@0)vA0pIY*txm9vSA$B= z`LgeM%# zA9(WdvjtmM#a~m6{UJxBNPutN(hD3WZL9W7>tnNAX%|aif8WRi ztWNs;)!*Oyzw;KCGKRi`h4@%=~WFS^`V|5m92i9I5z=C%#Sfy&ziz(0#Nl zw6P%N7&8ke`2v=IUj9};d#s>+qnW`2i}}ud4+QO~R?t>{6%Gr@fyQpY;?O^;b*_MG z(UAQD{OYSZ5V%L-QX~KAXW#pCUz-6p6i&uzFI0y6NdC(%9WY)2z~Hl=X+s%B|I+!V z4q8}4-!$nr_4C^1TbiFF^M{A6V8e{Ry^mh91DrK|kJ)|vV6}6{q2EO?nR6a;)E@-9 z*CDdEgt^l!d#JyO(nyj#zJ8|G@I5s*S;l0&=Er(#<8`Jg6t}2puKTZ*t>WN0nBjSx zgM5EsU^4js3Z#d3P0tN$QBsd^8s#N9bRLy~doW0@XD;kKpSr$F6J7R`g2Xf~lY7DX zNh*BVi|hP%A?58K3CJ@N^!Pe&cWX}X+jxEWb{9%i>>Qu>r`f(9DWv@E#xMq}JY8JV zjlMjB?dvDdE`I&nK{OcrDE|Ib|LzTL$)J+@?Rz}~lWubiLsldJ6<}DUE8aMSE<*g# zi#*mZ0z>s~ODkh247K>ka6?hNSZbGY;OqT{jKYNHy35!lHn9Z)q!}Z6_vJ)JPozx5 z2cf~uFKdooX=H`$K{WWtHdFs6(tGzF&eHVI()Z*vMe^d~N|)RwhRU6&>Kz0l09-%S{#;fYJo zUV!BC(oPtHgde>B4|8uBRpl174b$D--Q5DxUD6#&hjfRaY`Pl+=|;Ly1f;u5LTM0D zl#&wVTibKg<2RmXjQ8LBj&Xi?Haph6)?72LIp;Oc7EN5^UHm~)u&}Z~`sd} z13h7)2uKPknb>K;!;zfQ{Owe5%QY&u+mb)vuVA%HXoTnyLvJ4ZIC;8{^<$v8^o~fh zi=7kB=_W%3J>vuE;K$`!n(@RFye1g#@^d6WU7t&=(*-{#xH}Tt%|xcK2KruJ4@`2% z&U1&t5_nOVsrk;i#Q{@0M4B}}+;b*$P!#ydVgnbuM1g^ewW%&Zb%0J4bW{I`Opb=5 z7JNvMp~F#o^QP;(B~u(SD^Qf=cQJ>IpQ#rk&N$oK*@P%DU_P$^K(&??XrV+|Ya z2|z@$j;vq&_+%#;iUJ?{P~49eyJS0#gBR8 zPzj)YTn0poMeQ#~aU2i`eODZqS&mPPCUJOez1({;GDl7t#>OR~ZEjw?ki>gy+mSW> zUUgipC1bIP_YgWGMz&CW6HllYo~dGU5Bj9#Mo>Hc&?I|yAaf( zmH-@5ztwf5OU@m`A#CEOwT}?OEG$rg_*SRmPK=D;X4Piz)`P7PS|u6mqk8}S=|Zsp zX3`ayx`bIbL-*<9+e|lkPBF>BPI^WII#%U;k`4P5K7HYh^G)HCEYKCI<@mw~SNLJ< zayJD2c-0=gMnUN41%lu}{^f-5lcmJ<5z@R6dSf7Q;tUk6w6=bEUZ9to_ZVB)ui4Kb z^B$)_jHv?}5!EJWq(}&j`raG>TAu zcO>N8cJnc0CYw!Px*WIf$0|nA2#_Z?Lr>(w>EP+^iihuXAC}Q;MyIJEAPo^5!{0Ar z_aX(gT@uX4!|utvta|sv!YbWgiIBjHeJw{lL#aK2)}GVXYZbEcMwo#jZGsR|6kU}; zR3zLF$;I|7pc%5*2PYMSaOVM_NZ^SJhR<^ucM2mcid`p|+%9fni?dBBHK@B^5nz1< z`ii=HCqIP{u?_eI>rggG6k!VBXS1?Z!GGuhG#<%z2n6BkG}DnjjHD~Us9C~qDeU3j zdR-^06vq3L48ADktWmdP$iTVJ9vA-oz! z(K81v9#6T79jCRr%W18nAMY@%a=7P4grB`jqLn34I(F-qg%Vm!;jx&0n{Qe)1U;Ub zq_A*^{fvJ7V?CZ9abP}dyyU*mJ+W+ zO(m8EfbTr(9aQF=;J(Py_|*QsM{2#XbmG^LI6ugKOf?k?lKge%OGO@7J)CTR98xLH zX@QcJ0_o7B%7*v=cUj)Jy#m7`!qPWo+XtJQ$6q#jLRk@>-XRUH!_Y8Jo1AXOksKcI zSmbCBj#NS%+}Jw_%WI{Fxg0ZL$I*zc0vWKON@W6Q+?}C_Px0X6y393u zvLr|3H4{u5aL}>5=n6>MP{ZGR%vh{?UUl8Y3n>q9B*lZ zQ^N0v;so3^<}fMW2$9rV7Nk4HZ%U6FDsyxc7tA}tqr_^F&}zNI?-flj5EP-Bm<>;j!dl$?l1|fi zd6Mp~&!FMNIWaxInU0d>iu!Bo1>-6rfL;PIyMwbYOZj&BRbd%fjf^m(sJd`^k42G| z;zgb7#mQz5KOaqCfN6WR=MU*H$z)^^vz9(WJo*`GbK_e>pfAMD9pQ_lTpx z-ZwqzJ<)~McsgX^a)ZMI#a>kW+urgEVy?DqTA$XU9VeBsW{LOPonGN!h&kELQsz&r-~QXd0|i6Aa`N` zLYH7}`d7y+*l>L8J{E{D>P+J7VJVIR3TEM))eL$%9qN(g^90wKkxWcOiU85r6p>*# z4Fn!_AzY;`1_q|d;LkE&c@fhz@d}x%krlGWwceuk({oNmA^=o%3UYm4dH))Hfp{&2~%IRTYi#82)ZMqMTqQSTat zNDf)~?cnzYXTtlVN*C}OQQ$ca9S~AWC}H)vj73aF4nvlp zXd1&w8Xhog4P#?z>NFycnj(l46qaSr^dAVTXx5B5F^O+W>tinM=_xhyx}(RFn@A!f z+;c`e8BisU8{T)DU?W1&|J-s}I}(eI-@b5XkB%()RZhPo*U~K6ir<14#R`)(QmZ?T zW-s^9d)o<&tw>adw4`{BaPcU#Es?N$IGbS{nuVr(%NrOc!KWyX0VVsHd9;Iq#gkg^S8mI}Y$N?DDZyHKi=hQ&Dv^+{A9favWzS1X zLU0SGsiR!>i?C%2UJFd5$Rn}sa&7(h__%bfp>Uh<$MJ??`hhqs-5$N@FJ=UCTC`Ev zHoWXh@GPwEvyc%gl46tl<}6#PAtG=j)0Nl~pe%+Xgw35c$sPZc`uzzwq=Kfk+z>a0x{^kQ|6$1M8>#|Vbmi=2r;_#$9)6U1o3di@2g zO^l!Am0mR@C1w)JM!{fhmDl_zGWie`f$W19P?|Nb^k({D-kWK33@Rk@r-WvM-V;j- z4N1bS2?g|q3xjlA81(c+t)j{4rzCwDBwpg%k$I)#^MX@bZAWutl`t>h6%xP z_PjFtG}j@k=g9u&)J{*F-Az8wcJ|TOhWWHivKc`RA-66;~{EJQnj7K>uCs^)`$6;LW@s{F5W?q@SaO`iHrsWthPcekGVY5-dNpJMNn=Ps-s7|%U%pc{pcuXAaedHx3 zKC8a096T1~sbFRG8n(-Fg`_b)^5YVY&IVd#pN$K;^NA4V`VjTF`sPUT*;+wJJUxv*z!eZSqUFIW%jW2Mh_7WF$j=*)w`Fs@-js%WBZg5H;}|6f0afvESWunBiyr z9mHucRMugdGD#aYMJ8@KmlWui_@qVcSViPt`JU9lF zyT{vCM432)?`7$=oSdYSITZ0|s&HI|L(-(?f>Zb6lBq212`4qp#N-mw*$7ZrZe%LA z;qC0PTIRI7di`Q#Y^PZ&X;e9aVc|GszF3f)_n!y3rE?mcaG=L*@Tt%{?Lqz zgFW$J%9dE%k)v(!r`$`XTCLB}KjK^%u%uNf(>jXtH!@VUoYXPska_B%6sNbOd>-|( zRKG-e%%GWN@6Ie&f&7|NTS}&NV0yeFBo=fiVPZJ;nMj>qS>g3+Du?M zAd}lwR%-g7Ipm}`Y^k2hxfy4$*lhdzSNlAe%oQpVBc7xRIR0U!g(Za%_mneUl1uz= z#g5vj&mFf)HQePD-z4#R-&0W_8;@NpJR+eD%qFAS&LQiOf2KU=k%nW9 z@)WmDHhj=S1sjSrz0-iXjc1n7sylg3@PtqXRkZgxhPuIU`RCWshE^FcwG59EnjXdu zsEg4Mt52fhh{>(vDUE!V$oI@v&5Q(9QH)w-MWQXMF?boLpMsH!hERBjB9lKhjtHp$ za!6W8b)d(|eXP4mslap@({=NE+tM`*hH?(DEu|D@JToS4Z7fIOUsiDqc|eR=ld4ef zgH<@@rPHF5dsZ=#Bz1^i5fW%=E21jKF5B~sJqtq$RZMal9=Q(RBE{FFw6tAGIb)P< z!kNpM7)RJ}7}uwaAC-@KRvCuq4s%d8j+U|e2y8w*dd?K94FvXiXeA1dpvX#ggtRog zPO5VLLydSgUUQ|sC>5i|{n-&~+14Y=Ps?Y|eT{7l+ za+gU{MaE3$pWe1Mks@(R*xG3QxK}eSvp8IsE80G%Y~!7!3U#qX5GrZ%N1vC~2mq>( z)dAuM6w79GBThQQZYql3E}%1zG@dPYTk6H{-ajIcb1W9t$nl=ay)d+LfUO>>HS34IY&`k zq@y@fhP?-TTi-n+uJ!sNpDcx!EXp=aJ zo`()^Vqos9Ry=*ed$;wK{DyqMO0TLpnp&^1H6c>@X*IEi;}0nUw%pt;`^P1Phc_dU z`VF3W0W&!tSY4|ys$>Rb{==hmqFlgp9d=5Ycy)|Rf7$)oFaFps&+Zm6@%^#;T%Vum zRaDHzS0Z)@ffNlUFaBu1a%o1C#4&e%sw{Q=CI7)dWwlb2^?dAU?#*7cXO6~VX^o{0 z-^#)w!b^LJEm)W3HqzdgXRE49sWnoW$(>Ra^^Q79C~^d+QoZUz)?+@%NYm)bhq_OB z;#HpUs3cfqc$rIkBc2bnA*PDV*dq3^&YRO4mU~D~>$#gP9eUu}Y(o?z6${ex4 zXyx!9LLv|nvgG>}Q72yc<5ALsT0B$DQ|t}S>_|PeSSfzYe=%rH!f3qI!e}ZBFI>kl*>nfT-?Sh`7awRd#eiWu} zrTXQy%-tdOAGEzyx;Y2BEUA+@Zjx9iP)MHThvc~9nHePb*Q`v9IC<3y-!o4PzF*N| zSpQUL9sMqTpJ_a4{C|nvxFF}d_@Au;Y^OLR7;w03jY-p)ba*YeYc$as(sEIWV5>6c z-yASG1ok*zCt+5(N%t6XFjOP-h6oLce zz>Cdj{pL38CYW|^6%LWNvpF8YM8#|1)tZCHGhfA29q+KrSv!sqEM^HsCC;+(@aJ*0 z9{v1~Q2|WBLowLd<{Z#D&o-EMX2OAP{hTWFrCx-%M3MlMHaYDVPhO={P*vDV0yYb2z$G z`P^Fh^t%-0ZrGNA6ibbBZ#e1Ge8^!ZC~uDSNI{o zOmd;>#q7fGcol?jrtZZG@mm8rEtd5@D!;w~g2ddt0wumf4hvWkE&A9#_YPO3o>1M! z?Jf8}E<@EneAi~u1+}dS`)E=bfB%wFL1yqwxpr|cjH(SRQJugYE?*3#f&^3!)7g_Z zZw$Jw)<*T)IE`Ce=UU0n*38{>>TWM=zlbtv<(6?i`M$uYaqGR?8(u^7#%{m;d)r#; z)P{GZPF5-OAuFP!gs$haed~P&$hFw{IDE7ACUfsv4=26NO2-Zj(>GlUHM*pm( zgQ~i`M3;Fq5IOZBl!-NLZ9RIrertNVU02QV<96ohGgkL)+D@de+^UkC#?AJ-qv?Q` z>O(!HS;poe$ccaiK_T5+W1jJ$9AUh@rQh$KFhg{Ul{zK6V$U0!s0_nA7^H9u2R@jqy9gR*v z=R+CbzRq6PadNqxc=2WZNy~!%M>YI$c39Li4%nNvnPSCA%+DQfnu072e;%%;6~day zJfE*L`t79S;jQnwtH0ypv7*wN*IL_9&W|sN2~hT1K+igq#;TJCc&$un{Q#XFF_-C! zMPo_i@&p`bcwqzz5);{X>flNJJ*_@Gz0;a& zzT9Zj8Sr%l(6S{6Z$(LmBE17kngXmmReJcs#vp;&wqzL#3y+lMN^VgB5`poSBO!TV z7!W};*4GHy+T1g2F#edk)P@Blx^rVU3b1UgE;#b07 zxBasB!Mb-zU*!4VRxc~h%-!uce(h0p8J1zH&J4lgV6`)cGhKI8{2cwO=4XtnL=utW zM*P}Usd^4hcFyefN`ZQNhBaKWs(@(nVFC=9RVOyKZE~T&=gy1!mSp^Z(iS91>mGlt zB6oSQ393SFKz8>Aq}_x<*Z{fRAs{=uhy^@E0-)i zlWSLc?RUHd`0yfAl&26{eb@ZoCo57F)}BsD=F30}1@=DN%NB|k2z(6k?wQSl*1g_~ zM&-U=*51NAxp=j1f$9&Wca**MMF7Niaz72PpkqdP7lEhx-mYFV9{7e#?PD6xUN$?=>lOa!d^ zsC;-K#i8B3q}p^xQQNS{S}V?m)k>fcRU1w(NyE(UfvW15ZMO5G%hlT-c~5@$<2?by zh&zM6;HI3$MZVfpX3m{|xYl4b;^;pbLhqPK*G)M6B02ddj>t3HhjW1}N!(-#+$J3G-#s#oD7& zQq&%U{uh@q2q^G;CxoTp*F|dm-GD?~{wvr^|uE|JBO$qX`-K3Hw=<}ta~jX zE@So<^#aT|0HrAr>$qv~b>h;f1P zdrx-wJD^t#UjyPc5<@>e=m+D{`E?PQ%8y2xt!(xX6jJ~#K{6ZbifSQ^?Ls2sBM~Vd z)d2J|l}g8RY|R1~UAdio4iEP{j}2vebdJD*L^8&HIqAoWC~POBeD+!;d`DF?`eVSi z2*?BRijJI8j4bAdtf0kvfQ>lKPfSC$Nh?_sE?HuM1pCL!&{J1Ab>pC-{CE*frtlID z;TADQQNSTuOsi$y8bdHj!${i4`kwz##R6GE_Z@ke)S32yGnGJViRh7WG+vE{{KR^Od4qKdLAN$Tx4OnL(rCXN;0>2{jRlf`W<3O&V#P4EE45MshKl~ zshUP3y-xk!f5EU|e$qOF~ zpOHH^G*rs7TJ+6JZN5;fX#O$e0!IZdFw;RiGWa)y+sg7YM__ zV?49#!RUilynvFySKEf^oP~OQnsB@y3(WJ#gJMKuQk6+xuQt3L5ceRd1<8U6pwhBN(en))x@C`;|*eqA@DJTzv6v3#oafW!*RMPV)@a+T) zoBc#&c5!IZdJ?gar|LC1SkbA39{aqVzKnaCNI&@+q4*N#fxK>x=E&o3heO!M^%i|w z@A*y?_++?P#VwJ_sRg~aqM1)(0Z|5obymk|A2Y!+yGgQVp9L#rAX1oxsA@2t+_xJR zx!_e2dw+3JPV3{YG1|E-fre#x%poC$325Ql!SnLRA5fGrM{~Mgz~+Qj}V|(rzSeT}lTykv4cN9j;94lzRAF zf>iz}I`8u?x|d$L z7LKk=+<%845JN*U8?{01EX`|)eJHPq8=#Ubz*ZX1LZQokI~XR5vB#hK8HJ+M&eMWQ zCanWkkPTmz!`AAF=ayE5zDmM!u#IgU7ZKDEXpfTmcJbmu;4W7fI; z*ZQ5O0vdI)@vM2GBrPTKtdwjuHT`}gQOH<1A1Vn*!kZ87hYFAzDC57E2_fni)r7+p zWlw16SH=>MI!G=N)hrnq(`cY1kddos6wh2Sp-Ylk*YfZVx0#P!Q}smOR@2WP%G%06 z%CHvMu8|@kwuAWl@E}vbDK0N*84HXXjK>$EO@@`pxXT}*Ve!7?-AiaCq^sIuX=H)M zCebjs%z<9EWw^^y1hj-IeHL5PClMo$oV>eDU+I@84O9y~j`JH2dn*&qvs>rYP-17f z3Op@nAttR@CbAL^)1r#^d-Q~gYhV|wo}l|6*$GivFg})rRtx>G9*PCgR#}VM3`N%Cb+Dd0;(Vel6OvPJF58>g&bnGd(v52(Xq~7_z{o(aQ<@v8Gwu6) zXV!|<*w`%%o;kbJ9An6!W-+^yMH>~8R)-eFILWwCzl|RoJw_o3(WLS;I}2gwnb3~tlQ zL?NO4HD!uSS~L&jSt4piMr6*SPYH$%0+k$C@>5Hsg&S!5K@6mR6P9YdgF#)-lNI^> zIE$l#BW574o&t8T%u~*L^h?XGYZvdg*H3OfL0&z*ygl@sa%hoa3x`Sc>O&$UAK40| ziAl{wQ2;JMQRkS`J^Ee6fz8xgV@Mg``Zk&?Qv-^l4qOcOD%wLl*J!o*?7MMX-tz@xq(BfW1yACGew>IYLQD?)_z+=@+>vG1tk-4?Dzz3<1}O8pUIOag;A zHc}~1ML#D*_*^ZnzvIlViW5=YhyF68!mP>&g|4(=C>TR{8S^tJCTD)-diRvdYJrqu zRzMYRnwUqqU*`48NVyiIh+QQb;CwF^TyW6`B$~c9sJe9(uYN=H@vCvr!r~iiK4*?^ zYkG7-YMWNij6S{XcH$+=`>r+|a)iPR3J#MaSRammr|0SI$AkX>W_Xq2V$RKB%z9 zRzIwpb3?mv*A<@G3onakJQB$a#&>;!1~=bU$uGv@3d%Mqsvm znUe0nOu4SHp&^A`g-S3Z+LVIO3Y^~CHK#!O(Gi95*~;vw-qIL2t#fO4Y+GlRgy_;G zGoQY079l-dLgAW0AML|Z^7M_8j8=4JLFUyR0@`tfrCABBe670TG4qVed>X4$)agh;S-!h;}3*B zw%F9YUOBi8D}T0rOA|4-jZDk>7{!lNHB18V&HX>bH$NvkU5~nl ztHt`-X|KK^nKC)+^SWqJApPCcltoDRle^6?*vn3F2Sz`e&ye!}1QAfcMLF{*IA{Ly zH7fd@sl)hJ83{e#z593CdJq1^s&biwi>I19u^gD$;td!Us(gwd0-P&Lw7ugD)@%hU z&t<38I3PJ-1VPZW^s!}yVdf6)Uzn0ofgao_Gjhal?CU3(2WbRzl+L5g97k0g=>YsP zhwx%cA)ai&&X4bYA{`b`+srS%c#-XXVf4|y?qbVV%X0WRHH(KTi zvg*0pb}oOvY5~52tgOnp;;$#076GWn>q3ufUvJ5Yqi?b^8=xK-~MwER(-p z1#2EHkNEJAob9iT^h%KW0?3D*`=fAk*-KnJr*iN54kyuiuXaodstGe*rU#z_-g_{G z!{h6M!54}jTvOk{;3cuMX<2B{F0|@2SFS;QkPUhe0D$59?XXQFUm~bG7#48+e_p71 z127UHn^6L?7VD7|K;8cJ^Sf^#@_GrT0RSr5H4)D}Xn3&0xDCoSrA9$pNl2VyU8fLf zxq7aOLZxAcpS$&^6DFfS!&fSz!1%xYnPU2?nerH%XUcG2)i)CEewM-&zr8t~n3$N+ zFPRTPM8}f2G;gNPf6Dz}vStUsNt6JzfWi?|;ujqt-fyy<00#Y4>sya85N=C=C^Avv znq>q^-tT|9N9i>!?O6MgDgP;_NksoM5l^Nz+U8{dWkgOJzx1%_#BT}ub-?rRV5`N? ziky?A7EmcXhG~@w%F4=g`DX0_6vu2BkMj&bS0V2Kx|eHEr;vG?~rrTyHo!DiQA()^4cJLk9+% zi|+q)xPPjq0)B+0%1ZXPg2fu86=demIl5;F>04SytH<`|zC5{ow8)BUWVwwj6hl+c zFM;DU?F-;q{@6sNd4MX$(zOF{^{ReS^dqzv#By>CaLo4^AQVGkLNEj@hw=(KLlE@l zpSbRjv~2rt%Dtl{{rGC3NRn^YHEU-W|((VPoDP{*0xrw znJj+Z5%<}A^>xuCODA#755>^kzw0i@Btyb^Qn3m`v>{w`c~6eC+Oa0WtaRS%6l}#A+ zX$AB-qZ{-3XRPlp_$K}gx_Kwn4RkYXquzg%IQZvRg#y*{;)**;t%|=z;h%SqKfR0e zD=+e|jHD@d@9Sh0s4@M%MbI}0h=MCzoCveZ{nyKB%HV=Av84VU0`&8*@#<1n^ZWGO z=l^N!1ixnkCIhCUj#~ec#-B@&DhB3D@EWE5``<5T0i|sd!k6`XzoE;U-UqM7OTan( z8NUa8S(6DY?*H8-KPywu6?IywR~Rz?#yD;EkF^y9`0(e->45+2zNox8m@c?Il$b~- zk)*Lb82?e%|7*7Yzj>+kbMH!o6Z9emd*_?nO7;6|eion(f{~98JKzN${3S5^T);Yh zrgIkm`>f)jLy-KCA9nrqgJ3ye2$KBDe;*OZG8uD0VC6B^eBj?d_zGC`_SojHzaHkF zOs*i1B;9SwimShW&=(iXm?U=i_@Bfokb{RgV8-O&UCq%j+3z;I-lt;yD8PhBV8Q4 zVdiFXhy*_lX=mVZm@NSbK*hO#q@-%h$EQn+-)<6kAJ*^3o{!;yJe!GX_vT6VKSt-H zhwc&!>O3#xTfS@8W&>eeSChx?Xh(D7bBA1ioL@K}O3UpY8a8+kHqUL@_&2FOf^OzKCpd|BJ~fy> z^%&$KF3pR%-X|}`^joWYZ~rkl)8bH3>RUGc&*p=zcm@@vE3RhPzop{>c#_`Oc8>o) z>Bs|zwfAZo>2C>pCkqZ-Jf}wfFF~*H2M7M_iwyan!-oE}7dBYxgb+ENA-Il34(=swH{qR!^A)^SgY!|H&p^sJP|AF5E2F85BUh+c zBvSaCYWdrI!}nIx_4kD$pD6BudXR&#?h@tH!9;56_$y$c$nVsu8|xq1f|+xkJHyEf zTrKLO`0CLK9I%mN(2%Jw61y(d-JG9cngpuHXQoz#5n6jOEmFEfC_d!lG=Z@`Rd)0i+;QDQ^Dxt$}8Iy?UA?-}{ z3;HI9*P9Js-Vqk1sMi>08-w*3n3e1b#(=*1)QJ9GOEbs+YWL|-9BC79_MJg48qA%g zYma&oE$wdmX{iAOHDC(Kb+u6w%Kc;;5Wtv%zyQa1w7i|_u8{ga!lP*bq|SRGS4aWQ z?A`_lu%yXoA7!SudF-l$s6xpBz(})x0kK|{@82%$(5RCcZ9n4%fFQx>g&XbMDH0aN zi}MvnY%&3q0eO`!Myl}Ytp{*M3?CmhasIKAy5UlDU}oV^Jh?%7<3Sw`6KjK7>5mn? zbRyJpgh4zv5D5r?ey_b=y;9=#mpCD+ARK(hJ46vmCnND4WD-#c1%j@<%8uMmK)hxy z!f1(_J`lhx@xXn6aQu1|9Bo#IFAx!EHm*8FMh@0uLC*k0N{-QTl>R%(fs?I>jJ8UZ z*>~R@sNfscmwX8MhV=HK9N`aG{w?rhe)gc9HNdT)%2MH0e?f}e98#EcF zHCnE%q=%Bu8dixh_l&FL{x1GX^dYsT1gMmdg%dv==T|$B1J1i24IbG99PUUsHWL11J#gO$liG@|Y>bFsEy5aE2*F?xp3_w&iF zi>{<0XLTR)nZUPP>_TRCHo3fQBGCISDjWR1W0-kw%&ROZ&EQIxO9ATCzil`<_VQ-U zUjyH-%JmW@wn{M0jb;Z20r z*bR0M-lt!-V!0(iJpMBGUKZc(l2xLO$(Sm4r&lPZ5Q=-ce3YB^T|J@m@dbH=Jx&*q zZ-cwOV!1;oQ}<2If1Ira0j0NmX*PdF1gbyg*WVWf^4Ftl>*Cjp&Zg!c{|LR%@72Q$K3iC}iRpq;f zjMHwwag7?Of92cP@)k+8AOn>osB(90&If7>a~Y-19BwX;wPH*Z(~3UqbmDo1>5%4p zUiME^b_cVYjO|oFm{Fw81;rBNt{umq9r_x~ zf`iU>Ti&j9F>&nst@NcdptCtOG~3isyqGwR_WzD!M@IXKp{f}*{;uYF&o;?SLdPLzn(FqE)GY4vtk|3V*BZR;=)$LUynLMNjB_JP5oQ3`XGCQGQOR2vX5aR6%!1}O3>(K5jnTKvtQ{KCG zFPCcp?$`Q&fc%hzFs)(pJ1y}f1G#-C8_e!9U!i3+822IO!0!t__qfea6hJ&&0dfXP z`wgU8#|IgBT;0cvbTZVlXL9=XzKAzoJh%Gh{IY9G)^kbZ83WK|s1W5;repm~`*GwG zhqo`>y=NOA-m&^O0>HO{SsApW))!%8&}2s7>bl$lpFReqITl3g0G?#l z$m_5ih!J(jhIY#Q`>0nm1%acAlJ?;UqW8=ftBnv;@4R)B&5(2ksteShm3;~NpD&C$ z3XjPbFnDt3P(y7K_zYtxQX-yp>g|iRzi&A?xGHbG!huiZi2zJP7}V(itxo~KYr4Mp zGL;X&V_d;M;4upWxQc4fi|*7gK-9tQ3r6@@OmzY{5)vKwxx;|j%#r`s`3z%%Ywpr6 zBg+6lXej0jOf|I0paIgqohT{cywbe4C+5=l_ND%_KY;TY1Ne}}Y?}+JZZgc>FYzS2 zbobL=fpMHrb3acG>@|-TVv$7mxr3w_a3c9uuhPesnUz9DVn={O*?pE6G)+Utb)M z0(4hiiR(MO3Od-ib{a-2i@jd-C+P7?|?=q65S#Z=lpgEEOOa(e0!|Pm_WN*q)$y`RY%ey6At< zgKZ6P^Ld~rl%!^0>OKIVcOzJUR2vlDn0?dzUvH07OB)DiC_pe2*1F{Xr5|6z>wV|{ zcro`-#eQ6FcYKca4}iu^pla|OR24UNJOrs3pg#rIh5i%2pMY>9t$b~o2-Pd6yGTA3 z#9ux;b0Fv7*QYoHh`#th0_Hya!tu%YpR2?$4UomuP+2%Z4fFC`AIq#c5E7~Evp#xp z4xog^-%vslKM=4S@2EYcf=~n~MHE!C07HKt1R+RIZro1pBO5(4{T;$K1I%Fu2jnvG z{lLD?sMk=9?^hkRI&}Whfq28DKr>8=%6T$OOT!f_Ca%@Q_l-QFw08JYOa70PwlneA zP39~+Q#d`i|K?ts`)@y`;1%%C4qUbtnIQ*w=Gi9(E5e{XRo?kO9Vk~jBuQWm!oXpM zYAk5+Y<*ENh#Onp3Dx{Txu=+}04`i47G*mqVm@N35RQ`&Tw|#p__aY^P}J$oNsAY%7dgms9yZUZ zFW=c`%Wuc*BK(DBPt$-W!JM5DYWjf+ox=@MFcYA3+Xc7}?>n!*c$@snG)Y~61W@rd zNZon6mM$_u1{r^2DY}$B*nm$85uFHXL|FH|K+Jw|xY~9=XjFhemek!bz-f2SNYq(@ z>H$*y#qe5r!eQI)wFI_vH^dt8AN0$0FOZi4f- zBZmg{dhnrk1Ui-(%7WK}M9#y{gJt)5LHW(fZ*A-Wgg-62b{YrOE1?_Qk;%%+PcyH4 zzx>bY{cn&b4WP5SL`?X<4(Q*%0z-iG(+~hZ7hon|GsZU;alL0-emh!_w*V5{En^pu zgUh9N19eM3OVOsLqJ{t&0@J)PM$!@v7UNg4K*qQT z8@qoNc=4J#`xRik=o)~7K!*U{>^{iDJ_6DN`Uj!{p+1aKg!b0Xr{yMPf3S+z7n|-N zLiV7lkyqHG5FM#+7q|I+_q`~g!r#zhjq1e?0mc@}*kyLHVp^mu*G5+hoskLvmTYK8 z1n4oq5l=)u6&PHx5V$ zF)5gcEX4<}`A$@`TJ2XjsSd?u;qr_aLCgZ&)@87pP>9Q0Qnd2his?KqFC(40hQt*E zD1EMJniPeO0T!^wp(f(KKTf(PAP8EqelQZWf@$PTm$=berw^-YA}pX8Xoo2MzD`^9)}(8^~pY`(VZ`e5O} z(hI$58-(4(rK(ShG!{oGK;`t~76Jmg$YtNE+IF_<$QCuZ_BFq4%=sCx;t5mfNtz0P z2Ps)QfGz$E(!}ds0D}Qxy`}fubfGLS_PwuQ`gXz7wI{bhd@i7IgdrPPSKP|W97Gv7 zEbH`01P>YWk;e23$=4^lZKo_>?~uK9jEsM_NR^4N`wVJ-Xt)uMLMnGrHebh6iHioN zGcEGR0eICo&onnZ)HSl)#4f&4-!n`n1o-BE(#ur~xE0CJCKKRR?14IeoNsqZwgJs$ z-Qs85VOradhxL6}9Cgpc{P|)kK(0IIYKK{J1fip?g6lSz|0!&AF0p~)m4G0V4x^(FeB>00-(baZXV7QIRiqmp^j8Ox|0+|u zKK2x$AWE*G9aTOI7NJkm$X*O2oOj6_t9#~U=5dX*2e+7I)!$d?4;iVqpak+Tos#&+ zoQvGH7=L#HaFdi7?tamo7bHP!f-1jKs=DIW^WqmGwp;Jq`Y=Hfmv*5O@Q4DtWW$Ny zPz-IA*q;NaivQeP&JO2Y1%qBWG_vjk?-#*yeD2zIP=ldW;J!g~sd`lJ%+Hhgd+^YhBQO+5j5NH#C$cGUn zmDUfkF1QNs;lC*yso8^IBsNYkLe}$FoNBKNr;r~fp(lJEFR{yW-Jd36I|}Mhe5&Po zJ3oDlH-@DM~9yOGv4digb!d3(_GW zN(ussbazRrl%x_8(jncQQqr9Hpn#t7zGHkh=Ukj|yx3#QX8&V7E9U&w`i7d*oP<4! z-*cMt8deXp^E^!%LA9fWi(#tzR2+Z?2*$D?_n-A7wtz{z8^C0$3`bjcYECdPnV`98%D8~ho1=~t$C{z11#0d>#QxX9_H zkL(yL7mnu|3`Q8wRxbkb_j8w)!z6jQYV1Y_{bA)Gh++%aRIRLuo);>Q&>&Qu+5_lT zg|NGCK}X>Lt-ynsh=K^#+V=d7ns9r* zwE1(@j`nzjeOf-tB!p5xQ5Iedz`q_?Kh6*`+wX2nm=sQ3>i_ocOdb2p!~db}3~bTG zEAexBHYl?NzhG%*!d_+QXu-~hcl_u((gVmPN0eN7J30xyXnoiVK)+tVAR9|fVU&_K zzt|l-?qmgc4t8@&J?&3X6}KvQ&Ed$}9Th+IdGR{wNs=QLx$rG~P=+bxT-3rhWw6Cs z0j}8_zzy`9$3W^q38#k+FXlF>L(+wgIu8ahVJvQ!Jb@>B%|i{(UN;u>#EYn!}?B-51At~<|?X5sIaZtzyYlm!QGo*B>lNt z=isb|?ctrw4Y&SRw0G4|kYfWv?%@0-$Yt^U`bnmp*68qbLt0O$Y`^0}OQQpBB7oPw zW{h=xeO+f*Vt7Q-{ZrT0yrqS@5`TH+ht&c=PtyG}6cYZ2b%C=L(j-$Mxjqc??|;~g zyzbKW{Uq~}-?7c=>qqs&hc@a9aE_BhtSH_j`f>GN7H#*$vupaHrv@-TAD^FxYoTh4 z?6|)2K?6zC#1Bt-%UhDtc^f|;Fk7deUK+j7+*>=@u)bNahAdiujFwFb&L8wJ-<`F=`ZUcfn8=8-($-K7%iOJ-Zr10T+-1adeeN2hNjRy!l z)c-l5mlf0X?G1I>f9ehUOc%jjglo*R+9oT^l8)GpGCpU(mVTzIg*XJ}(wk=kxyV44 zIfZeVYCTV1)%(q|6V1DqvL+q8>vcB5n1=PPk%*53di6=`g88Bbx5{G^QKV);v8;hYM; zEq5}`^;Yx*MpnxdAUaN<8&pEAbQkqHzdF}rJy_;EPuINc5O?z6>-@bRAhaRuxIECY z1_~ghESN)@V5j1>n*E_(TvSiu_!Rw*CWOM79=9no74MeU8$lU-E=V!9J;}jRPdn*i zzyrNA=YYMrdNT=2%jyvThd0RwLoh+4`~uZXNVC7lw!W3*s#XQ!$%8T-qP5Qwv+F@9 ztJRV^bD=o(!5Ac;fkj+6DMmsGhlZzG-9iniG4W9T(d)L;0$a~4BjGRTiyO@GgxLR= z&o|PFXuEpizcyjee{4MPEj9=vep|)^U<1ga(hGnUbgI7j;H#rz3G62%_jL256#zi+b*BOd(C+A-dsP1ZP!CkD0QI ze0UOnxC2d!q3|g7q4%WHG@V2ZWK{Yx6DgmeT7Xzw*M170Y(H7VbSTDhy96&eIiL5_ zQc!aP%C}y#GfST7)W&=3c!Ls76d4UYPgHu!EZ}_+F(+zhE|daqE((BR z7B71INTcusUoVu$lAfVK6mVG(8XSs4l-qA?FMfR@8Y1RPKDS+LV453_M)w!6D~$Eb zch+J0hoefy!g3R-mCq&EGA(Z&Xo;%qDWYr?Bo8qjndSeuj?+yMQ)p2-*;)hNa(#)z zmV6pj-5c<(0j^`V(6i6-tefD|NuR~ye{aTjD>@g06l&-$g|W@<-tKwnL%@Jy0QTvP z`HSiPg3nOV{fu{pt|FZQzvD;v6V$VCa3H}j@d(1Xeq8ZVfM6sBqLszAw@?La3G|Se z^6wSj=)U|Ub-1;*A#&aCmLb4AS)w2%Zs}I@PgvBp>7P2@zB_!7eu9=TFH-ATTabDZ z{G%JX0zA+`Yy({ms;Fw7udfb1K(Z`MSe`k>uyz|%o5%C%7s(KV9R&W-Wf~V6oJYCE2cl379*fo`OxW4`QPURiBoR*7!r| zVa$(kIglq^!n{R+d+~GY6u}EfS-wa$Sf}UvOA>X21J| zu%s*sP_Wg$rz(HZEy$J}=ByHdTKK9AV!v;IqQFlQTCE`&x&=!D!#V^Q*srth!8j6s zns{Q}hx-FsPFoe`t%dA!)6n+DH9A*Lq2{7!ZWuvsd zke`VHOR7(du)E`CYZP=zCIoePM}Rg3AZw5ICn`Kagh^TJ(!JQhPi8adeBu<=dw;jT z0o=cldys7=LW#QpQT#vQbc}*$3|(MiK|z7J=wIOatwE$(w_m@pA5}()u4KLb8IH! zhm|kJGvGgFLet)d=a9;76_UaGLfB zA5K=@ zl=2~C@fW^y2Loz}8?Xfseh!q0_?O2z zsXL-8C9dyCk6&!eYp9*!UF+jx5ZfC7~x zD3D<9R8AeUmq#m94Bw-~qNe}L%n?5}R}qPutyY0JrZ0`ly_2a6WO@dQ6@*BIGqXPO zMi}Sv{W_SqHBnAGi#9N_Tm_otFQ9|*(QXvj+a9j;8limvntLjuQ&ZF<0PXM8vo-q7 z1}Lbf#J>5*0&!F|hEhDg26VonkvuzIl1NW?{QCa zQwEoznpp(U^zAXq6_7L!*v+KVdUF z^e{a;pcMyW|4jfk;oYrUXK3%9cXn9oa`$Kj;^n)TJp%8;5|*!gUFUg@vW9;(MFycM zTw-o6*GCCBfyiYCA`Kk6^^-s(=93@~P;(OyfS}lD!{qpZ@c(Kh_8ahA-28YqC*x{v zxxDfg35U!A*PUMjd(e!Dyu9(V0^cRK)*#07;M4d)MRS*b)dE|w6g5@k`5cuS7MUFs zCU_f4kS-wrn(hbp_@5Mv1tJ`2YZA6ekTQbDV-kx58-jP>Dke6!ix|~=5n1TuN!|kc z_Cnwh&&8`(bBv09RzdB7H3fn8b*FNbs=p0=b%!=*OV0bPoM%Git!Olir^QUFSy~M$ z4CD0;HGAKeCqBJby!Z0*btO2l1h1e-)h7>SXZtDBvcj4Jpy{+Y7a7?JTCoPu%UzNT zer`0W7ed>DUo2FHIQ7v9&R+sWj|%FGb#H#p0{eEJrknNOh39bYOm}7uzz*XANwdNz zugQ3=%AOy$m!LWAi2zK!!0OqTOsA&#-M_^m$pauGLdfFDV&TZES;~ER%=ktt;e6Bw zF}&RSvT|vij7jvU<1EJ96M^HrQ5%}v8vQ;u^7MEfcLq=gmgdaX(BVik6@*~+=+2ez ziI8vZPqpm&&#M?^BZ%1xk1O}K zVE=mxI3|8rZ7rP(>G0_Sf+dV%k+ZJ`FVLqkZL9#A92=c#RyyN$^9RMF-M8uz^6U=z zvSQ3W{Kd*0ik}iR7J4tdJ3}9FO{@H^oTIhO-j;fDL*vsV$t$%*GnW|nv-`ciF08jM zotjrm;Ff8QOibigG45Lk_TQY%H@6J?-8j}#mc^+Qy)(O?8z#2V#vHpBBAN`17|)_V2xf-AOFZhcR7&!z9;*JVhoszpHt7|hudiiS1q zG+T4RXI-TKY%BC8(YWY?W>8Uojth{fO{%R@<*ZBk3g|Z|`;fS9q%mcknDb_9(7Z_| z5%Z(ANHFk02dPCgT1N;Ovz|URMS%dSt5JV5?ayf=vb<-0J4f%RXb=WK#n?D%7 zGw|CC$@^frv|9Vlm)0c~Z{=5fBJR6(AZ&Q^!FV@IAE|)rmr{g{i=QfCjmefez7*JT z{Uoz%be*UC8nR!kTyQp8sTpV|pFv{?6#Rsq^{4`bAQ+fPpH>kaOjhmgfh(7GI+sHH z()SQHcd42;Vw1v&{a4lezTtIyMo_Nxn#*AceXN--cj|Onc#%S?b$FEgpWVR!7hJojfB6~0 zp7p_O;!)msK*VVdeTgmg;AnBts>j+vag7v@f^dOKS;Q}cXn*ztma_6EJ9qUaw13_(8Vvy${$Kgf2krz$>_oknsKn04 z6nc~I#Z`F|wW7a%;=;kdTvdBf?UQ!LXC`i=*@^1ah%EDg>!&!znsP(g^#9U{2O^S# zt940O1*=~kBYVwqCyC`V z*Q}Bg!0M9r7pp1!Q7T*o9!{^7lqIGtzg(5<(Uf|=$6-2LkyTss%yx!s?x>|kFaWbV z@aS57ni>CjbQC7YT$#cB|G&Jya{f<_#)12(C?w$q9-z?ssdf;LC0Wdo)!e;WPr~42 z(f(FxA$K%uDC%OT^_K>RPSPKsO*d$WxAjtK2+gtR_8uoyE&+19nlXxJwBt-r@wQff zz2S7H$zoDz)>=)}_ppb*ITK-2L|_f=*tezM(iZn6PU+!4eUWK*PfXzHB-9MNr}^7Z zgt6MMFJd)wm>NT;Yu0nU{kkMfDVedOy=~tE^Oc@%VJzMHAv?<0%cFs(jXAL=oQ5u`u^}XABv*6e?h!n^)eMZ}AHn8=;;KI5=+`br> z6#k}bt&aSYtXtmPenIvz+1#@z`VpNBw@XbeIa&>~1*Kc7Up^;6@?1FKIjQ2!vt)%; zL*khZExKWLzZ$&c`t;mEeJA!q9=86&{o8p7{Uf7B3HXQ4_wvw+cVpD4$YN)Bf+s-9VJb(^vqW{yA11uBS@I|5@Lk(`;Uz=18*U~@Q_?XU{exKix?#T?2GukwV zir{a0&9x`bgf9Qwt93o29LNO0!U;V>iZOo>iqoj7TMtgh);;@ue!^c|x8x&VecR|x zqRv$*nC{7Bv^B6>ezB1@DxAf>YA~Jm(_@!9Z|a8jE!hQr+v)oIxj>TSM4HVZkG%aG zs?Ff_y~LUR-GRLZN|%1a_uR7syM|@CyrWII85~zWuif5=w@-aqbS3JY3;|ZeW^JJP zhJ|1zU7(sxM-E|Ro!m$F$JK_UmfOnJ5xv&MtA>xcE=SSNT-l#d@bUnQ%{t`yeA6w} zLvS2tdVIz0Z!f>s$24|Ha<7f5Ev-|3H<_?7a|+lh8{VH+(Ix2c2}?FxJCNc2hND=Z zZCY15PD-UzFzFCTG10_|xNwkPeFvbVnaklr`Tcw@BmOi-$xDBJ2l=nbBq$7_3bwy? z0y!tfCin8j^NLE@b^X(45=+y%aq@gFyCQj#`}GJk{i)Vjkt~c8D&n)I1Kd*9YNcjF zUn1#NP0ws*2-x>!I+?WJi(A%FR9VZn6nT7OtOGZ|lubbaU$I0hU_ys;U~&D`M89%Z zyJdiqV=H~y+1UYhoe%w6CMEBGsdau{RuAbdWKsgk2(BTU$t_I3g@P%qIo*~5JUX&J zyfjY^8)tw4yn_s&^7l{wZU6*c>36`fkgEC7FBLd|;=tQ^Oc84q^MP&|+*wnypBV)P zBf{Rv$Stf$pZBmQ7I3sbr?rxDP7*FB-@hALEQ-f=uU5qhUi?O^eX4iZQp&4dgY3&3 zszYSPOcLiO^mwJz$2g*$7TP=YU@p1&@&6jHb=q8R$s3=bU3u4pIr+Kvhg6_L!2nZj zQV}K{tSn>SWE^@~^s%M%0Sj6&pQV(BLbZ(tO78Tq%o6QWsq#V@QWI<|TXc1btj9(Z z*dmP{4oUN4p?E`#rqy?9Ulq&GWC~MqYz)&;PKINp>e(xwtl!Cyk%*OWaN4xj3oa=B z3ROOWL~)(R3(N_ni*1M6R010v%`1Dkxi_3PNHSRp_vTOL^_KOZPow8by@7tTmah7* zHlEixK!T97F)B)!L4jHMqkYE=gM+^c)|Qxmp&LvY!+hn`!=4|hrtVt9kHB%3li`y5Bz71l!eux+yS5Bg+8RfG&Cqq>7DE0;QFN?#99TeLiS+K2YMMIszw7ySq9Rvf@C1sKY?3q?r*Syze{1WJ z6U8S`iE|3T8!P!6hwdDuQEt#^v}YuKcXg{y?>HX7E%e4?A}H(a46 zT(MhR3*0Vl$obW@+Oa!4usWc#MQUc)9)D6oxuMj2Y^QPT-t*clA)j_>UDl75-})J-g0vexIQ zVjLjcqkKKZ+C=QJr5o)o$p@X-^JB6p$D{4(g~Z`TgM0jakZCweVhWsRfS(L<1tMPB zr4EsF#e{|7#Bv6ODgUnnZ;vxAqp?JOm|jYd+USXjE3nQyc>;}T!C%}s-D<2hFp*Zu zki}#(xS{cO(yu2np$K66`7XC&wc{MyPa%-?$+o@LPK{W$Hca_>j^&ozYt zLYaZ%&fgcX)OqqWm)Ze2|D!JEl@P<;@>3sdApb z56~962#Xd#z#W0Di+iJZN)E>X;Ju{t%&Lm`ODT@x*-U?!#5RuOH)Rl#TCN)g=)fkl zVZ$>fi(!ly)d1fA1xa(1!fpuTfv8s@YPAL8IBV~Q9gtT*16_xl{#v!RoHP;>ut39A zWMB@!TmvrS)J6M6V7z{SOa=7#;-6$2*E~KQ@YQz_R(a#SBv@e{xR(KbvKx?TKc+IU z*#Xi34b~@_JOqlb4j1@8t9VJ|IT_Z#vxOV#A3uTS`qzL{)ZB=z(^ZwK&t;4<#cfwq zCTp#p`Abj89bcYkoDg0!=eFg293Jxd`LQ1V9I;nB_@S2Q z%yqt}gJp|_cP5^+MNaux#W`_puFiDE)arZ>6*b|901gmXixW48ZI`g3t^0e0KD#NT z&nJv9^~yV`!mFYAawrzZBfh!zHajww`#(b|t|zE<_?)h-S^&6rFX$Q80L=9!zCOJ% z5jC;wO~i(Ld|+Qc*fbi?R(z8$&C!*>AKZjnFD>FXG)I6T zl0+ZAX3!TzUWr&J?kTCf9y_%Pm@PT46(b1_0{Gh0!^B{n+6WliEnRNl1+!u@1~|Nts|Nr$Lb=zn@ZH3;!1pzR+uJe_DKr4JOm7@&-(9I7ulBvz z=r1(N{w5isV6cPiAbgpxqswvYOXt&}kRjY*4_VO-`H-AAR3M{cka$@aeCf%%Vpdll z<6hwnTB0gPa%v>DJg7nCIZmUn30TtIyWPOVYy+)s1e&-WqYs#U#Pn&x*F*DBk7qCz z4#Fo`Z%g8DC%UWJjIL%}RBtp7-5^x*!tzn3x0Dv~x&W7QQpmrf8 zTm>pzxk#5&rg!}`ZJEN^6B$22ex1&S#wo3y>oYjMu{Y+Q`Ta@SLZ5ABg&ZXWXMkw9 zs-RuI5$_($0qILE4mWnT?PGe=t7Cp2LnPXibW^Ra7KWqA$y-FG%v z%1Zt-EQHaT5`<;v2~M-~U=@W|Sl`ywvq6nme~vb8F3(@-Z)7Ga@Rp(Qy3VAjTPBcZ zSmO_=LM9z{MJD3u2DWc+Uf>9?MoYaUC{zUmVURzfRG~9HHfgb2;eSaY-Zz$O8H_K3 zPi46pRc}`j)ncbh}Hg z=IbrK&*(*)fQ$7nDmSZ1LL{LHZAiQ4;dWSCazZA$YMdx>mT?C##> zxIi1NN=Cy==oI>QrAEhku6HO>ucFgFb!#T@;6F=MJp{5FrTz~F9s8Sy-IJJ`E!z>AYPgWh+)-iqr-%UlR0ys zWNs-?&8&vDK6O~ZPoo5sA>mngrLNndc#ntAHd5GbUbmQRg6;OyDUSgoorgbFJkA7+ z;@?BJze0X{Nx~KqI2VO)X}{Es-6q9*SVpPyiccu%kq`Gci_=CO_>mhkFR9x|qEyfg z^7#weaMTbLF%%uQ3ZzrtM091s5?L?A`_!aksu+-9Z%?+D%-eKpcZ3{){UMoq737^) z8+EtxVeE%p5V*PFS6SSlF&2qh_owS}!9~Zpy5lBYjY-8T6Gw!m9Zx+O4fT(|j}98Y zu~MAvCs+v7MJd`M0IVxUBVE=eLtwNEs%N%s|r1a zeVE`ZpBqk?cI;;lWxpWL=(7Zp^pS)QMt0=MmJ1xGu2daUfC$i5%tgb8b=M`VpT4d0 z^Qn@dC9*MnH{}6*Z&13$B(+-wC_t-Qp=TzNx)X1+!2iLV=sukC42HP^Ed)s$9r| zhG%V~bDot0N22!>>+>*ysEvfd<4P{L=B8BP=hl zCjVq>;Ck6piQHAqY~Fw6{+5H{*m>Ckyfwa%VHdx=WSxaqg z__i-2thD6EGA~i_pC5w<_xz2?Ur*xcmaPXl zeM0V~qCw3Y-sczF`gHjec2-kXJNJ?H^%vJodi+dN`w?MU#V0{5& zg5%Z4ncIzz8x$rVqLJ@NTNM(VSS%p< z(D_Q`yJh)lD&`vGO69x5KlI{W+gKgDJ>R&(h@C~n=uONG{9(c8mJch`ix|htiN2g$ zf`Tp4^Ii6&#}<7MhqW5sGNU)|2_+mgi>s$zx-g6FA>P*&-utJYd?hOMWZ)sMy-P;4 z;atY|0H+kCH{^=*yjSD7n;NpjL97hqL0RNF^cJ&jN zt+V>;wOjT-{k~;5Tw9udjc7RqOVFdO*5yVzgD&23w1bO8@2`K~u2>4IUAQcemoK$_ zY#H^P#>(vYLIv&9I`li?(D~>wIZ|&78Rgk-8{EGpw-}>oOdffj{8%KZK#z^dP=f78 ziDLyXwg<~fk6)3Ao8m$x&|OSG!zTA;b1{EOm2k?Fx4E)wRn!92n5aA!q{@Dd6|`S| ze%Ya={rX(>NxCv+#ZSl%dz+6sgq5mkc$|MEvD!Yy3i};*?$wObmrR=%+9X2qz0ZC5 zW|WsKCM~GY5@T^gUH`qLFvU=}*~#X<%ZfbbZlBfth}lVY;)JR<4l{d(@y(_cYJI=k z&TnpBz*g-Pq4&V4qA9b&F2r!I_#U5L$wVWFhF=@4E_Nm^t?wEn>*2jnA5j)&Y<`Nu zWpTQ%`ti*Pv$*kbZ+ai{cwZEXPT~pMFO`)N-h^4lnG!2o7K*qc9Y=kLTi2+lf6XN) ztZQnr(x5xw=uu$~Pk>(F@%%B-O5VQoo7pP@3)AFq1?xGE&GbQuskQECJJ;O z6+QxfOvjSgiGITw7%-!?tQv-yU4ltHZuS2tFdQgR~ESjsCj_B1NCOiqZWHH5I?ZRpRe z>ZOFeedvM%!p#N8dGn|^b+i-CiO8kTjKxtRo?=&jBvW-PE>4Cvy43lhN)IwR(fD1< z=*m~-)*6$1{+P9CmC~5|go>7D5x(!p8I5(6VS4(T4!FY67rAAktdiGq@x=4Y?y+IL znT+vEyKh!}9y9#rQb38bv#$o!s4noeRd_wlMJpY?MI27w5T6wGk#+QZ zsh1?t@a5$zmRI42FQoZaE7&};PWUSKJuTh7in=j*J#lg{j@1?IqDO&XxF>;>h@TC4 z{fMqM-h^ptPJ}3(Tbvl(wdK@wM-ll-zT)8vkKUF2&E*Icjy>yd zs7or&VRfuuJI)w+QCuQe>`Oeq{WW>EWd^UXIuja!*V>-!+aIfM^ShhZFPPd7p4E8s z+~nt4aLY@~b;Wwlks9{pDX(9gjnpOfKTz%Y;=#LeI*F*j%cSMCEMW0-A$n!0iZ zIiYO|8*7Q=E6e=2@EWNnsXJyq*b6Yrm6>Iq*nmx0=jCx4Lt<=uQRYkXR~;BspI$N+ ztrnGtjWv2bB{?l+=6W^z>v4xy=8egZ9EpDs6-_X^+FyFAU{nvWF^$bbv7@1iVSL6h;$TjA~s-{H6;LEx$#8zOm)hUMagMd=cVONtcQk$MaU>mcC zh0K5pJLw+3Ui`52f<l!@1xuyWVyc!3n745J-DAFdxNPnM7x6$sT?*K_>j)D)*1bDE0bx zAB7zuZ(%_Vqr~|om;T=m9S9%Vpy1cXBeTfPf9(f2Uk zD`pRaNJ`_Q-aT`3bCt8o$_P`E`*i3F$idFpk2lJjo0g%oVpomqfbpDiK<^^m#n8gu?t-}Yg=Tpqb#x4_XGGlHrHigCiyN+l z>WFsTmwP-IuCo~i_vkP;e}#7BIJJ{vK#S zb@W+~;t1?a$z(#Zte=eiy6@h)FPNRq&k51E>s#7WTyVvr#HlFf<7uFfUbg~OcNbfX z;;pjVExNi*_Zk4h-k`s!5>JD?@ zElHYxL%YR1l09VC>#V$6x{1HT}h8+5F^+U6wDADq~44L&wv4nXRsgN z;me(>O*M=*ioA(QbS)n3>>LI@h&b&qxB%d0UCsBdF%3EMwDh7OuGSVDG;9K%LaOV> zNvL7}6LEKfnu+ScQ)$S*kO}z~4@yO(1})wAZgSZQFdE@&xcpSS0kJvB?8>6o)SuJ{ zVW5*U3N?UtLanGa{6ZUGFT_y=q5|+(0ol1m%a-CB%eoG_O;yM@NXC7c;;QYEga9XR zn@hV=@du3*L(+_yMN%JK(HQxV*Je3~-oYl+Hh-~t(p830Z- z6Qrm~0zEpFOTYc{cks3>gV|2!3htK?u;U3Yvo`za5m31|(g+5ITeRGU)J*EOm+D%T z%@75~ztz<^9LLIO(iANu?2eW2IKBvgE)NQaIYSLeXMSd4F;w1gUY5>wqvu zaE62kDPs|Vxw4eKK0Fw)C@?mhRdSW5v|o|gTag*q+x-Q?XPt&q`H%@}W8U3uTwE;DAo%C+CPejKKvC3UMJ7&kZY3 zTo;1eFgwJLxH-wn>pCPy->pU{p56kEKa%^V6R2Qyy`hbP-;cuzIdJ-l&x;=Bke+d0 zFRQ=d1JLZYuhTa5@=P#p^($)a{W7wHEW2b9fRZ!3!Xje#W4-R))%F#Y4ZmVca5WZj zN$2CV?(NPE>|(~WhXjffWbeMpB6vFmf>}xtw>J@2I*MRAkRd)AA-ZnVKTEd+9Vc68 zI&1n$dZrF8?wMDL&sQLCjGQ&iDYP7Hz4;i*)M@OKdJtmTzHUh4yfr!FsB<-{qt zKdcZmn-JQf#7=O{ldUpcba7?AFD&JyBq0)%cR80$vA)#Zh$0-sn+lM{L zos!HR2YzW9kqu$-G+#nCW7se4f{$rYf2Klrb{W-#I|&~@$jOu62W?3#xCjudC#I+Dg=u6dhWYLJ`gjLfp05|$C3w5Rmt%9AOc_Hag$7qCwt!E^o?IwVy*%wVRDZblz0 zl?vy&s{CXnrP*#^?T-_!Ft7~Pp|qms&P>Y#PA%T9TlYHUHRf8nOd=w_d%C4Wq`vN0 zqPgo2v+8=+6XHKP0pFO8k9Y5Y?Q0Kl9-oe7eLGi)?8_4!gDq~j7Q^MsFr`)F)(mrD zMykOfvTxt~^9X()S;iO;UZ2uVW;C5!$svhyR@{Vmt z7KD^#P}QNga9=fWLmW6(^VxJn$o!{FfEP~&3OOlsnt4As0x2E-tO_4kB@;hXKK%2& z@5&-iyH-0B%v>T}ub}ar8{TR+9ceS|6#?IV13dA+cow$B9Q`pb{4yqChizw<; zbTBbo7Ssf@T)Fz#F zFYL}?>%MOn5u-5Vm+occLn55&se$P(pkmP~NjX6D>`2wKhGWBGd) n48dp+XVg8(`gcT$ocGRD?b^2asZ|FYgFm-LrA0DsYQFei5xm37 diff --git a/static/images/docs/perf-test-result-5.png b/static/images/docs/perf-test-result-5.png deleted file mode 100644 index 114e079177f72c9e4fac55a516d0a1e1b51264fb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 55285 zcmb@OWn3K3((iF6xVyW%ySoOL#R={NcXyZI7A&|2ch}&uxU)bYkRW$+p8K5tIrsH_ z!G~pLwx_G7`&U&x-y%j`RSp%25D5YT0#!j?S`z{S#ti}j3KIbee1r`(XcPPk(p^(d z5~6;V_ze69qKmw~I|KwS&EFqL1x;!Y1jK5tg0zITkIB_{_#T~=oW8m8m}pdKNSsFV zkJuxTq2JAKXh*T7XlE=jmy~I_X0xAZ(sC5IzhvWM@jMdZ2vw~$7MJKXSbU6K?0l#5 zrMu{Jzy5x5?RO*atHmbh2_)cMsI&7>+xpA5?~n1Ps|uMo+y_u{Fbp+0B%-`H6z0D^ zhRkBx=8E`v+1%%<{oh0XKKq$lC5KZ6<$o^x_fhJ3J1CX*ozI^vueZB@oi3CL8LJ1_ zI;n71~LDu3y_H1 zoRC&JRKI#1v;M1hisIt>I#AKL6#v{C-1YxI7Z)j7t>}C-_I$Y=%PI0r_wZ$ds zF8;N5V|C>R1T`>3=VM$=>5JIY09q4OWuk#@Xa%;BZZM-nv8VR1UFDZd5@8el_1>8e zq~a?Y?cS{nTkcJL>MuoNzqZ_sSz3DUxO|AYM!K;@cU+L1_}4jxta$7e%YJt;cP;1I z#onc`G-XC@w?~yU3cP{`nzVqnFUx`x3D{4=5x*R51HONpamT< znIiJPKNr5Aam9r;7P8ieYny(QMKl=7M&u;!zG^c>RIH7obb0ESqvkYp{?21i!fIem zMNJ-JPuG9L&zB#AMW@?cjB0JlGg%FaB;fFwK>a~N@`<(AY>ac+(_U8Tb8PbjZQdzy z`^sj=NIWqaZr(_HhX8Pk zO01oh-@ZS_0s;NSX3N5FPX``K(O!%#}wi zm%;!}*G&$>w1^=Qo2%BJ``7G*8P6Cd>0S{32v18m1*y#0@KRg>*gkcU(h<20yBrU;rAv6=O*Qn|OQE$Hg+WGqR z&sBTjpL|OpQ6a;axN2gH64@!?yK$;t>o$elC*da-`Ck{>(uXd&Dd6Si$z33UmsTU_ zoCrpV7%et^iXtg@c(G=y8pEGVXfF?oP~< z|7t{>1XEpi#k_KZ`X4a@uk#`yMEaVpv^GzL|5d1eEq+h=q8PlJ3hRffP49_R8qYPw zJnH{a1^FTenB3#JLb8at94?!K1itI_r6(Px2Ai2&9=F5srUyw!Jm!4LSGvE}-g$v- z1?v*k9$1t3ZUn$mrFw#3>HhlObPjUQbrQ13sL#@~p}D*-BwH*oCArUSs;(<|FxeXM zyDd{lJHM=M6!^C>Mc0VR`TQFCDk-!# zIQpj8CCf#a+aC-GP1yCyYx3{GTIL7KV1jqivC@Cpo%ATJ5ZUwz3em&|2#X1N4}mAm#xmB{7LgmobUbC-@esr92TRWeNg=NQ;1?W;CpTi(BL=}W*0k>9qcuh^)f!&q&X! z|Gg_%r|9%7zk@(l?=L4}e-&?ijxOIt(%l_==ZKrEz84xq-VIwS%!V{S)yWkGZT2@g zvELXoF$a0OFSIrggDK6%+d0fiL=tx|_j7n>75kAS?$aE6+a6lo)yxCHAyU6f4Qc%m z{2}T{xsz;NN^nHot3;Fo)fR2ks9i*7#9kk~0P8ll|mV>J_iB!z=f#Tcg*53MMp z%~Y#}@p2%$N<@k33t}_YN@)MbL&d9osq{=qZc7yMb=|R?bf#goOx_^bLfMbFMNH$_ zb(AS`I5uNa-4IePCLRkiU!{hQqi=5C+j}2aMAfbJ^7zZ@l~Jh~Ga_(db=y3zcz6Gq z6XH;)l0_=|5t|7G&xdqko$qgds6qgDJ8O*=Fa-y|W~C`amfOb^$~-q&|C)Z+-W(LeF9mM&t6K-Pc`libJMo zBBKf@;*hw7QMwfc6?P2%QRetD5z7zXZvv9;3&D>t=%L0`W=NxQjet(ddU&9n!76=p z0xYO;?-GiWcS_Ag0fuCGWE3G?jr!Fgchz<33yv>F+&R87BcUac;jHR@#x{;k+pCBYB9*%&AVYNOd-W1MNS6yu zHeoPWET+X)i)WWF&d}A0{18vYgg0a`jP~C5_WR-`DH#I0oTBB4s|8msQ#QCHgo3(h zkQ3XWn(5rp^UhM6&;JRO&fmQq=)p~J7Hvs1BmKdg0+Y`z;%H)gKfP&}c0K=U(gCVk zyl@DTX8QS~X#h_UaAHrfwO*l04RmPVkFD9w zBoNV8qKTA*Zy_;vyt`dSS@$Wc6Y)P5C}D{BMHAy=RrHZUqeG0CkRTd6U2pbIq|z7T z`z8CG=)4rp68f{~2l+;PW+V!UVHbc!q?dR7l%2gmY6O0Cu!*5-W#)ry1FNHAihKKS zgd!Y7Qfnr~KcPkLl<~L**CTkQ%7vS-m>l)lCfT@WBga^4qDWG?PibNmn2G zuAPm$XZS+?5l!(hbXyr+nJsc6A<4PmFqK0^SXe$0NpoP4oHXT6oq>VjzBNR4;_GNX zZ03QImTbAGnZ^gBOHT~CoVwMs*I}iV9m=C&qi(&gIBp!e;y7Zq7*_yPO?Kw!7wkio zmZkKm$JqCaU+awXeiU^ANVsjS2HFNbqwt)gPZZYpL`rUEnm@H4qrY%1_RJ&)$=BjT zP@EW$Ztr#p|5T>>FNyt^BSRH^$*LE_4?zzDDNA{m3^j8(c>#%HdIjt01fV-7fdKU={g|D@BjHbZMtv#3y zIJpEuotJV))Wq?B9Aro}rFe_|%hT=pE9{#&rkT#VfzIgiOeW4zQLasap}=`v4Cj5n zE2f!>N4f03l_x~H=!m-i-BeelP&8nx!*$R;L!9)a!+Zg;QhxO$q_oz4?bBG~{|=9O zDU6Y!PAN&{`hOS-?(73*6$tKP1zC3LKPLX)kB3x6wUc8L+W&QVFw6#dQLUTpzca7@ zdE%#-A)1rbD!l85*WEWxtNC$ky&Y%H@C*k-L9eSpBZYOO{(mCa{EN2%pJ*V{!R|Z) z>JyqUNIaK-E=-n~!75aCGCgaK!Ac^e?yl@Sy#VcNmG*~L%c)|%=9L9xN1avAr>}>Z z0o$zk!z>)rl#HCT&y2{7JnR{1BO@mbEN17X^!%akz3qu->dMK;!jxZs&r*niX@FzG@mIA{e?ekr~F3MyHmTK1S@W%-O`GtZAZH@$%%pKODo>_u}@u z+L*u0(ro@Eoc?YQQuOq(jkzqL*x+DXw`)O`==<;Un)P^eDP^~UH2GHXvBGq;`=-G& zV&GqI9tMYMAmZ-OzU}pXFZO;94*ords8AY+Kc5!6pUht6-x|-2nBj9;j$f`f8{$Uj z#5+c=Z#wsFKg0@Z3lkYkTN8}(5EN29PhR{w} zqLReke7a$0^99@s10J6jvwE@lu&&+yCZYv7$XA(LPNDB_H}5;(=A1i^GQG6C)Iz~& z=|i&A2LfRqP~#ZsA8FH--eenm63INs+z)JYcvlt_Hs zBTSm|6e9#apk2-nX$g{h@g*sN;12BH?iKH6X$4BxG|i9`9J$;DLw_iey)K}pMJD*V zUlPX}I~?xea^1c2=EMYvmoH0mn|vPOXvm1L;rJD*cQA}V)ZZt)dFS&*#O%O!CGJ)$ z%UM%=u2++op$bh9Ys8bX$~zb=Dq7iJX}Y+iKnGE)-d}x`TdK1`SdP zpOvMF{#l=^Z~b9l%)pZ8y-*^<-5H+n`?NF(qSgQT&Wk0Si@}_~8H$5|*W@}#$nd!zc3&`pmNOP#?WsOW;g zkEV0Y)bFab@a2&1;;I{ zk=>C;f%DW?4mU1KLC>!CNkbh2i+nj5wM-hv9Pwd)R<>+9NVixMPXAekOm1uG+37J;+AQYjM9d(cc~yN zgv7-^--Z9;N`AcXcq>riE0cIPa3-zvccCns5q~stg`LZY@!#>g`CfOPpqg$Pr|)w- zBWy`}i#~fE_$Nh&|0|3a2;29ksLNjeb$js^PvEca-GIx+vB!;1-%>vgPqoJ6`(L{k zDlNDL79b#z_=5&$zSUsCih@Up?fcI~I?>yh_h0XCWKGqS(6w0BcoR)`lT7!_$8DQV z(0NE$U*Ie+Qot)~3mh7d(=)-*jw0I&7X3ouawFO$vH}7kh%l&@OR* z|I_y#2Pt&jVbRT7q9b(Gf)#^k;z}ocS`^j+-ICYdgxKL9J!S51H8ZaN z2mI8=ztL$axmEDxz<{%~ye7sA6FGcFp&O=xqXU3-xpoakd<&%1tq!XI2A1H^rYwHh zv$Ft~t_`P=ONmR}M&zyvQcGQ=Qq%iTD$eEt1k z2sYX8*Y)-p=Efv`BgVcNL*(db1?#Bq#KpOEh~7ws%n9W-$JY;nS+w(cMr<+c15BYM z(i4IMmD|i)evsqkjT`nguAV>7SK^rS2jG(L#H?K~8^^Ypdsza1UaoWHWtZR!OYbP+ zFFVeKs|L;;L3_pDSiW7)jE+ay7d)B&+OTrOtb+KPCh_89ZZOp30`{?3t-bb5ryh7M zDfY4J?PqOuT;Wb3Y2C5-YU&7r>v)j{=fhaUj2m~DJMSnwo7~stKZc}4rorm;U*2E3 z73DYIl`Phl6s=+^@p~eu%CQtDK*0Nhu+b(GYxfq%a>+=4rmyhTWD9zm#nK&%^H=Cs7f&RoCnpVjey$Euu=lGy@EL%`1KH*y z`Ux}G1Z-4_J}~SB*Xzt`5427nDQJMx(WN(m|r|ojj|5Hr=Nf0~h16 zDe6t65+r=|i!b%xA2-0#m{Si7hGUuxo?~XCn19k*E zJc}gVv@eZFl$Q+bVb3`*q0ts=kGU)wVsCJ8yGru9tFLf1hus;$KDGoSdQ|@ICcOdVMxh*4>1(?jv)vN zE+k^!jwDCN3*UZLYO8!7h9Efq`5`hSI%Z}X&XPJA!ziB)6}}XYGaeF7t>X!!VE@?V ztUT)uax?JH=5EtlveE(gIdcaLt6hzWJ~ncbf}}G?T^O|q7ZqS5Zlwe|RC+foL zi-|Gky^R?1D+ThLx)^E(n=S^v66{H5m25Xkl_hv zW`-42$xW!VVhIc!Y(-;o7=oxMZEqF+R`+S<93V0C)y|lN8EHyLzl0r zjkHNGEbCB;q_{@Qr$)T^y|HamVr*Xn+752*EdNLe-2tKDY&yPPI zd}7lTM!`V^S>O3tWnrQ-22qFN@~o7Tt`+*gIA#&OTk%*!vPs3&@*u`*;(+;do^$Vn z2&y;M91dQZSSdOjT|J}KzT*D+lI7>ZsfHC9xt820?C_=A013j2^`fZN=*mzfMZa4v zh(xiOY&Q0c^D1QDFvFM`5BO_lvecUhbL^=D|9GHbzF0;607dIBqTMIB0<2yP#f)`V zpAZJNp@Km~C~{<1rf+?3pN&=y)!#1q-k6-o?AbrVoN#s@KpDd|I;5Q`HnbDAjt9y> zr4}24JQ#3ql39nOVBHR1UvGluSYUr)e?{Sbk!eACHBskGWDpbNPxKje38S8&v&8U> z*htdD{lHDqGJUk?skrTUwGH8IU(}k34pSQM+2>A9|CRByK?KU{r4{x2|9D9VusHhecLlA4! zXPYrTo&<%5z0ZgW_u^Ck0St7s#m$vO zDkZU>(P2n3oSxnmV<{CV8#IudGUtrmj*N}xjW3uxFg>EQTio=_8V4O0SeQd!{WEbSiMz5j_Qq9^YraC}gXt=@+`~JaMn2 zij21fW>}_JW8t9Phg`BRqxYp9`==_A1eqXYCAt#6j?7LoXr*`^6s1*d?UYP8P6PZk zSD}RAt+A>^F5v)jNhLJN)VqUvd6uoO?6d`6LSP4m%nsB9BgW8;g14}2dD@ZT7~44u zs@csX^<7~(dO9i0UMA=YzA|up!Pc94u^aHzmGzM0gO-&2~gr zrS#xWuzdMLYAqfqB(P4ve)}{e1?8zqE{yUa@FbOrs9Rck$~CX)gH!(DrUxg@0WDFt zk>!-aZYqsiMEIW6MiZrPyN0u+TA@NF50%xNuJ-lZ%T9VV(gvoVn`P2+RZAotYPWp; ztW7tS5Hy#e!9D@qL~0w`9Hy$irog(>k)d1pInv|$P*3{z3m2sNMkub02&~K&LG~t# zCaX=uPNpqBxl6YaPk#yV7RHunMatf{;Q?o{q$sIaX+qM>gWWw% z5YsrD;5F2FbY=0&+QDfuDc%WqpCQ`WH&)s1h5L@q_nE>*^@CW~OK&7!@MSgCZuz@}l9_S+<-T=~d zMSsSH2E`*D?{!6Rw8RNWW*K`Cpydty8M7%D&!>i?V}(s}TQKH_UvM!Z9%g6dDRe!y zWq{12&##_PvMZ~k@NwYh=rEOtfxf|Fw&lv-$TXIfvK0alaRIt8OkiyWJuAeuVH|-W z2tdM1W_n1uD0m=$di*pyTo9~S#tE%|B;8!Rt1ieV6dHv9=<_ICcuc|lJ>H{??7&d; zfSi)+2}@*J%W;b~d$|2nN)UDq#rElf-=<2@X!p?F|3H_ujM;+!$b_T`i z7AX;`7V`_2kI7#*cY1A)3kfTj-rWaI9Q=-X&*a{RREvRN$S0L#R}!Kxp*RjLH)5zL zf^>IZueARxu_#JOE;y9;j({V$q=>>Nmcy1KTkZ@+sYfK(JJsOdF+>;M(mYK$ef=9LWsk{3t<(F;(sBm>QNxE2k!8!mv`@PXckj$cR3C2VZ+aU0 zNyv?~0aYIjN{)|QLIU&{VY`sixW&as(|7Tp-{NE}Qf`bCq7VtDJT5YvQf80Y*HmS3 zz1SyzY1CF{i*Ug*gMj8DMBqqv6OewtGn`W&II~H=vssS*Vzjr0tDTY}oDpp3!`zZZ zgh8yXm5wMFiHirjnCRR&+Ns51jX!r-Zuc_Ln)Es8E(Fe9)**Y+Q_;c~TXR03|KvA7 zd&yta-MCaLx|$-`PIarbiV#%|46>78Ab zYiZQ*6K^nEtdX5nL6qy#cQM?2T(SUC1KV2_2FIof*#f}MuG+!l3UskrfT<6-F1ckv zt#pY*vfy{}F#2Ho@tOsqELM&zARS)E!)gm8z#c3SD!V@_bK<6enJ|pmTjHh7?I__b zGe+?&AFmxJx-Tlu^&B9vG4dMT4OyKRS7RpsR0(7M1%mG-los31S%-S&x-paV-o}D~ zfuMab^ntOl*a%xPbA03-<5oT|Ms6#TD_@PKa;~x4n3Jk|z8sf^&C!m)UP&3Vaak>e zUx~A|YfnV`%zvN2rim!Z60x1R(yaKS*Dh%JVWI(ZkPSZ_*183mj#*)%Dbi}pa;mKz zX5~Da4Pm|41p4<7XU1#R8Gaz32NtU=7oLD`gn4j?V zNP;Sw`g5_$?tU(4YBK)I6RtNwXXuXj%kVj}Fwr82ig1-vF|u&wCkt2=T5Kw7Quu!; zC1*WBOTt!i%@#$2+Ma{q#c^W?4GMG)=v^>Bxi-ruNh@=p8llHiP)gV_S0UK8;HhDo zk0vD9yvykR*|V1eYO4r@dnB`RFu}c3(T=LK!J`g5*m=%ChoO3torKA4XG_>2@V+oE ze+cB-LFBa{0@}WfWn0>u1I{BzGw!PLEb+tQ2)LSplQ8?qMizhrE-w8+R*Zxbp#tzW zr(;jJTu+6}+%Qo**s!PjhMfD#7F;HT_3Wjgdl1_syNg2nDaHhT>plDfK3$OP6`LIR z$y@yH{9jM$mnHqD;48>WCXlNm;ePUmnj|}{2+Kmj0OSv>7VBPOpcQlSfoh{H9j71s zome3kUEtE5c&+(3%nW2}@Iw%AdaWQJgfZQ}7nPoR7@b>c8h#=A0YK>zB%D$s5}9I` z#q1ApL(dmpMX;!fAce&1W!6bUan4Xc0wF@vBLzegXmC=+LI;tcP7EVhSZ*}}i~xynBoln|0>VI=u#yxtq_%#nJ*R6DpSd+N4gdEzU}8OdtS zK^wyXDhVm0E|QSL{>g@lSm2s7++JtGiLF#PNFB*~Y9_ybiQ>ChW{!1VXu+((S)BoW zCmduhE{Tt!YG^=WtUcfvGGnwFPX>n;vk+p$puyt}Cx{o1z|t$z!rpdPWXnvI{KvfV z8$-R3eWh$H!2eD!>JJ1-6bA=>N6=yyw;h7e+3%-JRf%2zgfSVPps0ILQJe*<2MYW3 z5W)z4z8O#rjyEg>hJ%m4Uh8@h1u~RkHi_3)bN0Zi48sXV%m=0wgnaA9k01)V zjlIJ z_nj`wo8;rikD-px^=nJxCCY?vm&Asi?^8RDJ?~*Kn|R(Dqc#ztsFPSr1IhP;jAE%L z2ETvu1nsHb8sQc)UkC%E_uyn2YPKn&9{X{QA-UcJNrf*c$K^wwl=a4KNFSF}zG{IS zvSXz@kZCo1@W~2?$P(yaJqS=z);oe1wmXbq+^dl76uDgA@Dc4a0fwv&-72;`5^XIm zHqg$)Fo2*?OLs4Pj}k#7HUE$dduCUP(`j+#oE`4P`AXKB{we5a=>Vys6A>?*)C9qw77lIMj+Pgc#fr7Q8Cv8=qKIE%j)E zH6{EUfQwI(EN;;tCy=M^ukpZ%?yKKNo!FG>)aK zxLQ2cXI>B(CVi6|@FKiAo}nE-Ly2gGg&9Ocew}wJr>-bh&X!;XUKNMrz)F{K{Fs{$ z^XZ2*F$hQ4XicVvxyBoqSYE}RYNC8`F0j$^`LXT1I=e_~yZW@KD`!V>4#Hbd6_&F} zre>a&wo=3w1j8^X5mYtnP=xR@o}WL>pv!1Lz2p6qOefQU52xG?m$W#?yKl`djG+gV zFq?=92^Rf8f^hpX+Kq~_S&Ii4#sn5mRH;x}$RkI>*eLF>EstnH|G?vTPRL0!8XvF5 zc4YEpJ7GZAiEjc>qesb^Lxo4$m>R6{jM%I7%LtAu4-vVzX?2JMBI-SOMXxc@C9emT7jtpcVU zon)d>?%lsi=3t?WPO(| zdl)57@SB*y&;^mYHD{87J$j8?I$4Kdm2E5f^dTNHknm7>zZs$P&DvF*r+1CoIqw*AMN)wj}01Cl#RB&nGiW z(fITsWGw7T*TPh}M(TS5EN-*wJYz_N42XX+TpDD&QAfC&2>V-@{g}eF%m$9?4V-BY zGd8oHNdWXucjhH)o#?m+xTzoS=}q|4BG}_~-kAG~x~VuqQL_l)a}AzwtCfQWjSrZF z&8Ag1GUO55IA+-P6$ECze>ZP?wPrwg;|>H9pwLy56QH$WWWp{sE*;^`MfXLMDGa6H zDyzkg?!N$0OPNwrVkCLC@j%tPD@?{ z%un(GN+>5IhM)4%<=N_EJ`f}%FhSS#wg#;A$%(>$WksJaFGT!}i8 z7CNWbD;|B8IOKYibMAdF=PH0sb2>=`D7=9&gQV92!r#n2JomrvY*G9AV|62qC_y#G zQq8G!myYI{K;h5@L+1zlo)_9dpA6|eAGU~zZLjo0p)dL&lJP^4WsqS}%Xe?@@;Jw9 zG3GW{PL-RA8?!I#vLixDDwtAtk6j{qj{jmDg4911Vh)9j)nr2R#Y_|4`rx%0l3c8i zKl;)=A}B^I*O+_7grl=}Y(k2#n9L>UmTrwF5th1<&a(izHSCbeZG>CW`pkpAA=qy? zQ};4+;6(vfsMs-C5B6KEBCmLcL9ha@*R`a{e#Ktrop2s)I3rVFay*M~bOVOr(5_5R zBM(ASphY3#vB$0W7hQC&Vhv&AioR31AB%e>IBYp*B6^|MBR+(Z4lo!Iu|s*%)O*jx z-PtW+p(AzDY!pcZT@x}E+aCrL*Z~xGVI@!B>9c89O%4p63wA8+(Ki{pxO0>s zfYK}RtQBp8jQdq6&|NqSBW=m~(gMxaF{;vat)HEXJ^e=@q)0*CYL8%-KQgjr*3*j9 zSX{m~r%8}*I88krRAd79mZOHn0tY_N3P)Hjk=J$RaK)q_b!;(pD7Yz| zl#us+u{2EK{EAnM0Iv&5Eii@TY;wuM(KRAz+!UJI>tECuQf3P|r&A~Yk`JTzYFrV4 zc}fjQYO@bZ8N#oZn`D|u7B+`18CR%AsT$6fori&l@VThd$ z<%bY((bKA?rj0OWER0Axp|++>KsyBdcG}_MNCWn0uVM6?(5BA8xR-4T&a76g#J&V4 z>aaq|1V6Xqj1d&=B5Zl=6C}e2R>=<^p%c<=%8_PS7xBttk0plK-QkSoHWAq|Yx^07 zPevUF@n8Iw*#e1#NDg9Kg&bpgEC-^b8l}DO_wvy?E;}-?XFp0$;FG2&5!%=kUDo)m z;S$@Vup?teJK{XY()~0>Qv&cBz_P^ZaN{b(Xi@^y$?Y_wFjXb|$eq@S2vyb|7~+)C z%T0Q|`-EV!a;jM1w_~GV6d#?F%R;(C?9+1*9vn^i3i26Xbbnf`bQy)MB*r}nXS5Cv z%c`TgO%h1zw;dJV7Fr)}r(`#yT;8A6AnPNarbl7`Z zThQHncCi-R+?}P#SP&S_RhpIj;rqne9@8lFWH?&G zk>Ry)G*-RUb#jr?H>pEN$UkF6CksA@M`wtiN;dC9OAs;T%v%a zi%uG}|6;Bb(E<)|$Xa&_IM)m5j@2uwYx?wn*k`4}E>9dvXk|((+rn{HlPYc8%dk6K zeJT2VkYm`plv~J{!!N{v%>r}I)E~TG2#y*)gkwHICUPlHm*Nrw3bO87Qq%3EBG#M< z-`S25yxaDpwfr94(}{09CD?$ka=4_g0P)L~0fIMbi5{QWH0n~%7qS`PSl&AaGf%=M zVI;7wVqQN#hB5lR>?ezsWLTGvPhmU|Wp3Gyt<#pam`G9FujM=d4!6mSQ4i3UJWPQ! zb{RTDr>O?X^*P*aJOUM?BnFc{O&7!>&M!sbPvi)LaAIEYC>*aK*SNwT)9m}K+=QJpNAEHmq zM@re$tQ6&Y2KGn*q33OEL3Z5+r%*B7)~8VX9>Ew}aR*n08%w3}M^Tl2$=J!rps%?G z(QIUYA+Nz*VsS>Tt&eQ2{(HkQiCFYd>0)PU_AC;G#|F8Rcj z4G+IDLVyyzka2{LEHo52t3}?X;j@*s--cCgg}R555L>4|E;ErofYOxQxVMR~x~2@I zrk9^?*MNQ0GHA-_j27lDmKopBZJ(DvGL!Yvp*v|_rFxW(lC62>^<&y=hX@%EVXuG| zr>bX&9-uI(N59(V!d*m?MOf8fKiSkf&q;3M@hCM>j4q)R@p4NU?K$O#j_q);=yjF2 z8J?5a61+Q9(IPI5^=OZ2%#Hl~29I865?qij-ipy5ba1QwgV9Q-UUc$+_=K^F6blUG zeLD`(`k=3q1YO7JSmNzduZB*(rC8Af%FfZ3lAd0qET7cV#cRF8v{`1;2#t1k`wqf_ zJxAzSmce@ehCxx2jWJ2f!NMoLb2NQmd=w`6UpA53EM_zDAdAY3O_VBe<7cau>O9@u&X+ju| zkvW7Aawdrq^oB;y*)nU{>#7V?e$)$6h*PIMXBurxN7BfTY;E7!RSQa3bAgL-9ueqk zHmDANf!l`0B6k?XjMnoAzewtytH%7%SjKn4%bthH{iW5WcGrwSj43xebfkr*;=NI@ zoH*{MqFKGnG6rPDMB`d2Y+5b94Kc31hOS&f8w0qt97J{kkq@}KquoHkfIXK6ERB<< z%AQ)o{!bHH2yxZsQlA-7<@15IOwMnqhME1NM!w4DpL1=M(!&PUXW=pE)=3$^9IpFL z5iYgsW1ms4BR7TT>A7$kD%BiW3UyJtXj(Lnws7Y;FHNLlemJ8(YAIXA)F$ML@fujV z)mBZ0@|w@x#U$3M~M zm=@BMPjkd5TnD!3Om)9gx7{MeWj;jCIG9a-?6FPC(v~LN^4{S|SDEW=Pl*r9*uBj} zAuLeU3>;J%(s%fXjuqE)d6VCUPYdZsumro-k6Z6Q^GW2}A)Pft}?z8PYxPsz4N*Jz6KuRkGx4oex z_K5s9ndI0@3MwfsX$nhtyPEaQbBsGp+5n8SQ$>Vuyk+Sm7w~S%;-xMuipmr#K5~w< zoj-!HO33=2{c>n%f-?c#x;Rq^Gxg`xbe2tgQ&`Gs>z8}TZJbpEIcY7C|A3DPWB&zQ z>C58BKB-A!Nniq?^nZ1&BzS;0scg|d*v?WNDY81}E@w4|Q%;~0`K$m9@zA6_zSrl| zU}Ff3uV!wbMUl3uqZcW80)JxdD!s~ZzLg;(2v>C4Pe)OQu2%ax#>AHK$&2?zX){eo zAYd$z9#E^yeX{eaDegp|r{MxvlfzmAsb|tsX;x++#uJqzrE?S4beHH^LM^Z{(U2hq zPaHaGsr8tp|6^Y1{;i#8qKKPU)nCDOg~n~MqS0UOD05KYGSCA86Z9YtINF*$ps_x_lOwgNJkn zQ?SS~>4&VCHD)42G?wrXX^4hj)bvt&qa{yIm-}G8?OTSd$G3-a=r)uwR*E>D$>yT8 zw?PGe1!WHshGF@Yc+a1^-ep@PhM1)Id{m`Uq5X%{SC{&W9s1k@_3l|y*5n{<_(Trq zv_oeHyrr2(YUy6?GC$SuW8J?#wMi|2%bKENM*Q0{n>z)^asx0L#5!-jFqMUOA`nMt z74WXd4N6g21$ZDp^s)FVm=<+B@#ew0=IN-6M@EB&F_dN(3ve~qL}ooYp5k|;1d@Z% zIH-}@98U$|2{S(9k|c5#PiI=ol`eMii@HZvlqb_hE)c6~8sx^0Q3Yc|B5TFSm4A&~ z-==-amwTa-(<)>AaXd1MtHD3iTGUm4&!B_IWi#s!hG7&R97?oxb=ru-Z#CpdcmTuE zHT7NgUP4g?{v-3220c*#y;I=wj3|yOLeFU6j1ZXkC*?UKE_+MW z@uDNgCfaD&UqN|Ha%C*ay&wV>QpT+f9zpE?`vmvk-FPA~#%=aa(O z$@6f&f~*ozGW#BBY9cXo;q+9P`U?zoPqB8_mR}^%&8V+?EUEZv_6Gy&N)=3jCP_qm z9~^&VjP`=7#YXaeoDFtTcA(ey+)buVr&O%mAI})JIq1_}c7l<((_An%Eo8GpSKzY` zrhwlj)B*?N8pa1-@8h{<*FIm=`R-l>y^IBcy!cfEpMX&gG2P(XvPE#M~GA6!l5tO{Hr8#ujj~85LX`Qh{$NJx*lk`aOnwz@GXWA<4+p12qy571fd8WIbfT~b* z(2iTLR41{lu0XyUw?I&i?_T=BcO5YMDP>26eakH1qU<}u*h|}M9C*;pMT0huCUnXE z03VaJYTXzod1WV?_r7@@1_G6K*iXO8Q5gERN+}3-gXBzwfCtvJ~I{j zjSb8b3fsyXHhWb~Q%~F-mLQ|AfU&+~FepC}OouEo6^2h*>q6`?FJV&{z40@DN<>#O!Zu1R{JmWH_ABT;iw@cL35*CIMBCWEfXy6( zCQlW4+6yzvHhrG_=;Jd0-Sn3t7X+7HcbxXVzuvePAjhVrY4tYWRhpYf5s`J-{4bS>-8?0D3*ehbH4YE@37uq zL~nl=9e+52GJJ%~43G+zA0U{b9O>aXe!Xk)0rQwAkYb_XgSUk~=kdwp18PCPm-u78 zNwKz|b66U^fal6VbK$E)*?>)g_++hqv*@qRIgO3_?(5Is+Vjx~60bEN_$yd8dJVt8 z<+0yEDCAcc38IWzeZOsJ0@9G_6+#LC;RE0VXa|O(&xV=5yF3x<_XL< z=kfh}4^x#~mX;FJhh=?!%yN15_*Qg%|8w0vf%5W1ArhX%e~ zfA^o$;93oS1(=NM(#Cv+8|pn_tb24)dGcfO#fAu>uO@mT3$ zYidC9`;_S$=Jvq5PuEXcx`q3ARDg6ojAz*)6T_vzORVbTwm$!dy|<34a{a;p;n3aP-5t{1 zB`qc09FP#Dq`SL8N~F6)q#L9`Qt1*TR0Kqw_uPB+-ruY>|IL~;v)26Q($DYx&Rcu$ zXYc(yk%%o{{|oO-~WQA*&1`fS99VK)#I z`MReL|6J?&u?8AV;`)$ydV4+h@w89O{ZAE%;#KPy{D>(?xx(esezZhuDc8*$ndyD; z*WhtjGDEa~)!CRy2G19lG|HZZEUEsn@Y&T0Ym@^)yqNW~co`+CBL=T$yPo+d!Juyt3*NqO=08ZQjT_jxpe7yG9T06ZVEW0Ol#Kd zGg|MAMi)L!A=BTW?>{b*`R8;tfn5Zaiv;y~4rITOVL=?H#RL>#>BcviNX%E)v?;7h5kJB*ILE=#E82*DNc z>GXM&t;r=AYv#mG!u^xzfmw)of1pVMN)9Ki2YQyhy1rY?Sy*dZ5+SW$zW4<~eY*84 z1`p(sf=$AV154X|2iIbMV< zwK0Wo83jLEc9W-|udssF4AcNNH9Y#zO*%{|A+ecFhsH5TD$Sig^3-9G40IMu7fR}U zAN@-4s4Io3V+Bb-KlTFdrI>Y?0*fQFu%5mljjl+Yu=m#J!X@Nukr^nW02x z=}7Kl{e|0p$P^AwHK@JCfy~Q>#~6=`OhLl18p*7UP1J|@RmBTGh!G`|_Th|^1eO)) z;JP$7JhdyWA816mPS2LZ^_S3~8x51N=bUxvEz?DvkLf+whA_hmis2z>dzfL5ZqD?6 zfou$3A8=F^?aWNCc;uBB5DxX06D#3`kue-KWo9v630ThfxYWN9PLZdjb#r2NKVS1&nS+8w+t2^ipCCJB5MB-U)(8 z9BnhmohWgDZIzsOKVX}{XFy_N#CR)*Pl|8Medjzgnap-q;63IP2ie84w&6vI05#*z zAV?f;@!>PcVG;JrKkf>WA}FJWKgPHhhfCZa=1q7l(_xsB61DBfsK#I${-9;}Lt@4Q zbFy|c|I`%F14fxht0g)`fb*RX?JV}oAv*syRmr_3v0^5Uxe-j6P@Ia0<=Jo*2zzKb z-Ih;4Vtaz?LY#lBl^_ZeK`m=HGc^hBbkZ*rY)Tcn>*z7K07sv>lE;zd5v+1b`^E%A z+cfkPq+#FH2ZP&o{4R5@WlToAfr-B)V#AA4F&yO`h^=EJl>R0j(%vUaZlb2hYLLx)fL@=4O0faI47ErG@IJp-?pEJ&5s{<*0)x<8UWK7HZ*vMl zU+~9xERm0QJ;znmsZ>4rourI+Nyojn5-Lznh*u>a>abQRxM{&JQ(&1? z{|m`|Q&gJPu5OV5A$&fLaNKEZ(zHs9rX#YeyD^n8Mqx`XDl9~5L2dC;`ZeP+M$Py| zs5C$SyikOG`Dyx6RjkXR{(V@3FYCRK_v^WORO>tA4=qkJdGhI>vE+02TlMQ62*>g0 z^59gZplp5IIkqbZoZ2keDh)>cg0FH) z@41Et0trbV!DIexl=^q?L*-Su3%~44>M$TRl^`GR=V7STuy6HA)N%C(8$R{($05WB zX{vD*%tZ4)#I?61hIXw~?ahiCQM@654qWdBZ$FJh?elbuN@U6%fvV!~cQ-_W_-WZr7V)4M)@h>Nsb5neeCT-T`re!_eOC!+GQMNm*ha`go7- z7$f`#bbNBCl9A-L>}at20m@v`CV$LV2-a?vfgDuepgRK+RVv?chdVZ^OMn7H;_ zPveUw>DN?b;`bH&+1h%~cq*c?(I=cd%`lM2N(n?`5JPc1vuG^Jn762=^h6vQXvpM6 zzd#Ms^q?p7quFJM-HLv*CG}VKw89o!0&EN&Bw4~q z4?1jTI#F2^9+>ic*|9==(by5EN)Ugq-wi2KkKF4n`G=XCer^XyEx#|*rS`J4(xA~q zVQvk$)pkz}8PVyoi2Xo(X9#N~CqdhU8=0>V@%xO*CFKz}9XLDWe9Y+&-zw(vkR*>G zpC0aWZ(o7ySIv=!CnRRBg)}4;l~WlpVMFqc`|(>9TPO#dY3^9myoGw`tQT~O>X$~L z6GJxswnU*Jq)5JK#zoS`0r)OU7qcm@9WkyM!vj7oOy-{R;(@tc_TbQ+$$RzxF130GF&OvdSy$W9cC$$?~cdkl#rV8LxV}toZlKj zjuP+f4uUCG;A0&*oN{jM}^(uHeI-#Oll;9MP$wp51hv zO%*OZ66Q+ny+gjO(zuT(jbnj(hK16|Wy6~Am63BpR`Y^0Uj@}g<@}BpIV**U8@5W^ z-FC->Zy9-JGmZr*+VE5My1ii^6I>*Nmep187NR+xl_BY zWDb`*I0bSNDk$-Xqkf}{T|MUM%y{qMW64r%lB=5V7^_w(bPfZP8kr)C=;5&U+hwJ( zWRbR-A_gO&5qdsM1_t6bF}lppqyvVOk0p1a3SUfys;4UPO(##FhYgqr5<%j1WZhGx z)bJj35r{#wNyj=$oEgPf*pk;!_dW10F*jIQmR=D}2A<5o2{!@`f{-~t43&}j@`Y*< zHX1IWwW^rj<#HxgOsari7|X~ME_5;C!!RP3AabCqsW}5TGc~@OMW4BQ$KysqmU8Cp z@U7UbVLTN1=bMrOD>cC)8T|7xYAe=-Zy77d4{++!PYK+&FBoDH&IKhUA@^5QgE?a6 zm27ODBXnEel6fXZT`c439idm*DA7>hG`N^OVUd9j=RwJS#Z(4QhHJo+K_DHYgIUWh zVbOX~0SaasO$5K-g*f(b6~kAP$ylBT@PD+OF%fL8J*Q29FY#j4h~Mg!b>K6{yZ2_% z>TMPKelQ<)|ke2oyL!e&CH7_L&DV}-w=Fkpj4hjRJ?Py_aqDK|9gpgbe-C&GVG%*sgV zf+SzjKtq*;IfEa4p82SS$I<&lFN#?iv(){v=P=&$5QF%-_!f1A5806?G-RLQCHzo; z%C5(gp3KmyO1y~`8c091Z=_;4mEL1&X0atvNIzP2oJ9)RAvADM;0Qt}WP^M$wp>b( zGla6Z%$8o&7!Dd7H0(5~RBmQGG2K;D;|CY|nKVqZxtIC%6>~J;wEE;fp@mmPi{bBE ztMooE9_8)D%pROT!^@9%RU4MWw27qiBSjlw*Nh**FC!_TfhSQFw2M+czzX(@6(kE!zR zZ))*1s>O-r?zMP;@N(`pno zHMx!OZDfy$7fg%SmsL_5nAnv#x)Bi0FR~ScW3s{FBRKRZjL#33;cOkzGJDdE#2k*t z;>Z%4P|K6LcO5;-r9g#E&om>rS@z1IEQ*voQb3;sXTydG6A6MIlyZFCOO`8t+LB(+ zTUe4zBN)p*ijM)6Q{QZ}CcPSb66%p^rmw6P&oeWiQO0N&-rWDwJ%9{hcTYq3S#om=~ zc9~>rbZnz99aOeSb!MOHV30X6N1Tf)U|gY?{~YW`%}8MzZ6Gdi8c} zVjZ2$aW3@bIgz4{W$sQ?pY3#=bLm}Z$)+lCC$sRhif|g|D6Tm}ca&JdUM@9^e5La_ z+)s-8p-o@et3AKUQ6Gprko}siBBJOggp=<%TIEOS*t)=Mrg5d@U_u^O=~HB`UVg8v z7Lj814WfC|>)m(UXtqRN{4vK3f{jm1bp|~P*=A%EXyL~)tqwY&O$lIoRwc`*8v`yG z_7mp6c55D-6{5XhV|KU!Q^7KNNgIVl*itiP9GS<^y^r;M_KUS+HE-qN1Y8X?4cebU z2N<>U5Y^bKvm2&j=cYV1z4IrTiV&%rFG9lFi+G=Q)z0ZYEMrtZV6RoFb7U}hnW^M2 z8r*v$gQx6lBDTU#(4g#xem}w5N;Myv6ESB}h$x~wuBDSw;JIyE-I|_h6`ICHtQUr< z?5w}kaLw*RjEQ{NMwuokfR~7)BR9cJ!iXUiBY)iVDMZg?A=A(eqG4d|ftr>s)^cO@ zsy^_L{x;8k=odEy9oJ* z3wb9mb!2%a7+1`Cg}Y+6ZBhkwe2AeFQs|C4-k}66rB`*mRv4aF8XRMA&A9(zfN`S@ z{$;4G{&BV{+P+NrtLlpvBX=teN)yQ{!r1e=Tde`h_aB}NPYkg1Bi&6qNa1EhN2C8@ zvC)lZDlx#z?^_(+w8d|A2ot7C&fe1?*O(IfSYybs^(?xWX8AID!=C|5{r!N)bm1-= z6@`)=MhHTpRNk6r>aQ`ahbNoqbLYGKc}UtS(GUS%+5$%L2yLe_t3hq3F#2F7@{0sq z;*bHKQF3BeOy*uydtQ_60I?#fH4UO81J7Aq;rk3&;+jJ!*gp2~p2&_B^%bEPWbW5# zms=KwB72k>nOy%#N|8fcwIG8}HKzCHcLmo+lI>1<3A_eoMDgtUdG5cSFK-~SXw?^i zCS*Xcp(z?UT@s8X2G<>UwQ6(pCS%Wacns|h9xL*z4ba)QFR4rxY9W31Oh-0&r`Crw z5}2+#VI68aQBOOsOVrRqFkaQcr4q^*t1?#Zequ>sEEhdRYSXtYo4aH%m9Lb5Qh@ujz zJF^j!c`Ciz(Vw?ScNMR3=Vg1W;h+ATS+{2m*mX~mITn-nA4WhwzJcR#=GmSq& z^^nl*S%5)92U7`6{&eThp}gDx3pKZo2??Z>L{=-2?Wyp@&0`J|;JfZblE&T9?Ya7t<}WQj4HB)lvv) za&E4zd#CIQ`N9;GWXvn6gV}kCgvJ`}Wryy8XqflonPT`6hSDQa+zy5~0S~H&% zAh+9~%j(*gJU23iE1|l6DV#K;$QU=4Ry&TPRq_!XQ@ua?a{zN7Q3*FXD(yH}?=}jn1}Iw=otuN!0i5g)>X5wg{vM-2sl+i2=ENy`D{9yV`3RV&6Acu5CtH z0r3l$&biJKp+%$5SGV|}zSdfEVDb5G9N&czvFL9f81u@BCY(mu!!`w6g;S#F=nzt081RLCgdjo8X zOg8`WZ^}Sk(9ggdE1omHRkevEokJxdP{rk_pZg*Z@Tmn-wO9BKZ!?xwLzq@O^~w?_ zvUQImt1LE^L@ofWVa3{}J_1^V+@?A|yjlnq;l{|BrVCsyr_Vt9tnKC$W5Q`^qe{Ud zpX9+iozS&FA#Ph%na6j^Tit51s_n_yxXPZmT#A!IR*O9_7t1sCGCg1U^KOhmBy9QQ_^t735Iv%z+mMMjMzfcU!o$|1;rnh+?$W{q+fB_9D4-3GQ!W7~Lad zY@Ot2v0V^ltj}U=^5Pis-eV6^19CmH`3&LBonbd9VZVgT&*>i9YL2g&>^yb8hL8v) ztTKBVx4QeV)E4V%khQ_xWckxM-gYTl5y4m^TP`9%E6-P9OhP-lh-T8}tpVVWqjQJ@ zChvE>!69x4^LryAvU0%Y;I`g@ZCBSe7~XRpyteVHmcV{GSIA{|G^Jp48PzykuPp0x zuk4g&HgEBwfoTG7Ahh()Ybrz`*N>1mlEiRpt1g%D5pD3aLYfG3|LI#-)Y0;tj)c0w)}&G(ovUaFw%h3sS! z8A$aD{Y#Neh+A>M#c=}t*S!2SCJ~)w3p>e`1YeXH(xMIh7HMtOh=*$);|x3mgIGxV zW;OPnl+o;Qw<^asr&Z4l^N-ljb$({AN)VJJZzCo#5 z9F2y)2FR%ggsaqGyvnSg#PhJkb5!vaHNhU4s1~GVq_ABxL2+|6D$D%)dDAzNmToF8 z=i^{ke;TRI>DB7JIRlz!Uv%ot-x!)Wy*LiJ2ApmZfY%Gaw^!wPZn+<-Kwj5+t3P55 z+N{|V_~Y`xMC#Eeln3S#XTvW3oEGn$>&gRvEQwrR3nfbN1?6z*UFu$g?9`*aP$WPG zG!L@4I$aeY+w~3PS}1reW%}rshvG=W>;Nwnj65jN#ys%G&RlTXFCHYbcBk#sfXA?k zDuULq>ZjoU*BTe?qXnGne182o?g z3IwzYC2jycLmfM7v%|DfNKNA~IaQPMUdDq!K!=ioOEtdO>j;&br<%{l#4)|r(+Z1UI=>oNgh7d!HWkIuzGj%IYkwu60KhEbD6fq55kDDWYt>8 z$SZ?>{XES~)@%UysxB?ghFJQ9q^YrwIOJ!`!UBbQh9Y^JPsP}ZftMj}ObeN))GeAJWK1t>qh{92p zqpjYbDp(7NAH0k0iD)`SL`?L%I#Go?25CNHy9|R*J--4=RBH`2i=4hLKKNjprYT0K z$^i8S)X{pJb|nII^RJ&iLO+uE==Y`Qz12XZ4&m9_iMA2}I0^<@Md?kk;u9NBKRm2L z?g3mgnwr1vS%l);<-D|o(q07pINd}D0-UiSFw*gA-$vn2kw@}{>|zDT{@d66B;B|X z3Ka8w&$DwS2M%O%r{?o*Wdt)B{Q0|I#D;oq2aL~MI?&Ey)3S*(nwsP_i(fXYMG`$G zCThKn%NPZ>jW;|>b_-Ol>7_v-nu)U~{J>!cl;#Ee^Jwoc--M*;VMMTB)!Y1 zg`t$ne0uZE+?o~?qI7|TXds}Z-2kj7fY0w8;NbcR*vGj;dEY&Jx&chYcaX_F0kl^B zzkYm+$uaYKD-@71h5JJF2qb>`(+fvQk8-k~PD_5%=0Ad^T0xP-*;W)yc^#;ANRq4T zzCBi^_O(4;s4Uz1i~z_K0ryzFQKNNj>youI{kKjSL!6P^drph{&|rEO5*N2 zGUL^P2S0d>P$fy-vTF9)2NSUDn!25pDRAQPhD(#Fh9#o!;K|LGYck|VZ-z^(OI>dw zl-YmiewIUjz4qZJG4@QympOI#pMa@1U&;^g)sLx+CSpS{98_Y?89t#<4m!76HPVAa zMS%)P8#AWY_xJY`gjXvzE?-ed{kr?i_!CsujXgUD%!~p_p&g=y?)_-B`&8mjpzV?z z{Szb9(4CH({XBVzbFZ&A(?L>NN)&uTKW<8CejEaxyIz%5@9h|t;hVE(XZ~C3pMMR; z5bW5h#6c;705e{>Cu?|#9L`D4ub&>&XVM&&O}Vk@4h7!CJ==_72Y>>(mem(Emf%L=YDz1#oP`yXIFun-;1TR_ z;M0-gKVs(5}pv^>`~G7su9h%gkmAnSooSL{ff`wABgO}U66Iwbcx!7j}BsuEtT zP1x0j6cKDFo1lFO>R_Ip_n~-2va2Ln-E}|aG%<+v2!=3rDV+*pg?t0NN^)m2@;G)w zqbdTh?xHITd~c8@%cDMU zpc=^x35DX8+sT_M$t#m@GEmGg|IZbSJAWYhTv`RgM=_@tQbhMK{yMQ zEIa=;!Op$UIZv1x`=an~M~uCrD7RG^k?-5QQS42vDKl>;b_IZ}(8dY^3Q$NmC(!G(8H9X@I3K z-aQ4>UpqX*3^#<2RAosezWbC+_fdg(=z5UrKp`SBrU+%6?xslOHYGv@5~1KU7QrQx zoS?ILrYkN@!G@tFZLg;=fIf&pG-RrEbO`0KwknXQ(A8DLBcPpB$Au>Z%JWOzYy!MaVTLUMims?gZE?MQm>M>WxHTv51r}Uj+GNj)rA-60_X&SoRUM7oUqazvl{yT#F5Q zzH6M4X=_7h9M$2olQWoc>?%~2%tf4GU}+UK+Ll2|9z91pfT9wqtJrQUiA#OFCWTL!K9%Wk!gd3hesEw9UIe%p1e=+(WTOqem_%* zK^@Y-TcbJ8+>F#Opzwg)=ZjD(r&cP{+SeM}XybGw(j)#}1WXyG`lI30Kfo2-mhgwtP*dIyNZmNf+*ZkwU}OOq+nKg=dGZ_|B~{nxNlK zBSHRUqZa4eQjFFmx2rkkA|1rH*P;wY%BI?>%kutsCgD}Oy9sJe4C5$56TkR8@WO5; zcO@a3NYc@$`j<-SY%G~ZoZoN0Aj``Ug1vs!q~$w^+p%Gr z)y?>T;!HR~$YfE)sT=IMB~Ntgh18|?#}zGY_&cqom^Ng(s_2u%_ypJls#3P^p3x!G zd#KDaQeOw(s__@~vUe77(Zy01iLyP@;u>U3Hl!$IL`)4MSC?AkS_;$gHud7EOxZNA zhVWav9lj|`&&EkJNl|d>&s)m&U>3eB(k0Yk<#Tk{t>4? zbs5bG$bKr0qV7Ctn!sheOUG@AX*EipaeXMi2qO^w?%WV2+I)#Be?id+YKSga#9cLV z_?c=m(9^P0qgEyd7#~z<+TZp?iTY3as`9m~OzzVwblOj5_l4Onkdt?8*x9rcGTtBVsfwX8Xhxj2^iSSStcA_a5$HaLu?_T;pZ9=wi595+!sMMP_Mm@_2KR;DZNfH0es z)EYaC#z0x?EyuJ?U(G!pw}oTxtQE3kVx&=|Q(wi0-gVCJ(DB>^%W$EF539I5IODtE zsnqnjB&79xLG2JwUi-Y{9lB9*pGtCxt{FDlsM7rmd9Td;X4up+F*ZPbllBx362G1< zmOiEEX-Z~Ry&7Zvks&^YRum!*tD+4zIy$# zLQhLH0(%>CIj0(pIM%w8Rz+T^$qqH5VIM0vps1%8A}A&BEy%TIvo&m* z2AVZT9VR7>QDurSof((JjAhUSk}-m0V3MP(2^1 z;zbo`(G77dgpMZ8^$V#=IAJ_*{*l@m64i?2F;T%yfi=Mmr!M@MDvk*R@vU-}ao+x? zye02O=_E~mwBO7W=GDx5EoS^W6E>e=Eq`wJfkiz$sxnyPK^zr>d!Op_9~#kN?&vHG zcB9C5frNPIAz=cw8pBp26x*n&Gl3(c% zST5gXn&)HqtMOkzZ#6R+J>iW&(1R-zo40{^t}BlwTn))zDOUfwJ?r?amUm}B-YQW+ z2tgfcpd;_cJ3!EJeux;S{VX7QAM@R#;w8*Bf?Jg_n%M zv?YR5?g}V6Dn}KlVqgVO9ef6?Y{mY}6-~hi`+!^{(JYKJ}PGJ5rL;uwHcw z$5UtD{4wgSAx~{j=-14)Tw3ERFA3y00le&S>dM$<&P2qOu0}hgqxmQ(-G%6rs?p)M z+g@#B9+BTn2p8VZN@GOI!A%a|HWit)-P7z;sV`-ZR@9p(fn_K5tl@iGFiV{S|_T1^KQTA6-}d#!q??BD|Kyb30^yfSnNGp zZ@sP$mGZB0SM+Uub}`lWbndo3F!|B`B|&sT`tIX;e=N-;+%8LSma+FJJ~J^tLfXA& z-mFZYWTdxXbKZR@ z9f;-EKo~A?{9bhA7rVB8db1SPth4A?_fbb4;qH(91Hi3c8zJIaOkg0*FRX< z;{D)OgRYl!uWv$44R?=QB`9!q|81iLAl6qO<7MXGZ$8cmHZ@%EI$IU~{WpKZG4wFK z1H2PM_J6Yq08v}O0qR6QzP#W9qFMie=Gf(cNZbE=9}Y1G-1SN=_JFA#NZ3?7&&+6H zI_v)asYo_V&BXQxAv35C%R!m?ax|};NcjqYJ%%^g*<#+u0JZS}=z{clF9Ho<+CJYJ zkiI(~_z1{16U9Ge^Vui?s0v}s*r4le~UxPSu1F#TlE5pzc0AYRm5ELXx_dJXH;W*bm z5D%jgu%Fz|dlU#DkS^e{f{(rhAkZ6tLM2j(U%@bTP?M-4?7G_W%In}0$fCgNZJ%dx z8i#%Xuq|=>ORl!%Z7@ml!L>$>B{o+%CVwDn{Y0Sr<#|$T3=vWcKAb0asR?PK-)>nl zaS;*{qRSC}?_*Q4j#>udTLL zdf?~04`u-uL*d1_d3hw9Ml$X(D}Jo>-Fukxkaxxo1>MiSU!8pjdXZsh(&fW9kCa0h zJ$O9-66f;|ZS4gWB|<_^4*uaBn9>2KEu;7ahuXxWJhtDXCCk{M3Gzj;a9UnXfq;SC zMRRd!>I)~*Kw46aS>#AaS>{uXxXYoEG&+5N3_vfOkAHWtr z$@iMN0o^||6JxL(<2;xTKtaqLsHh~k2o~@4ihbTGSl0k8L!bubPd6s<=Qzq7pq_Jf z=&vzt9so@;K9|VZswwZ-SBx`8h|9L2j`%nv*{|Ax%wHGal-HP(Cjo6->MJXL`E(K) zSb~jyu@3i;idjOb?F6r?d%*g*)`^OP*rnVW=Ap#~Daju2g@^zudd@1ha zbS6WYkq^v$_kd~_*bGeyCx-y-fORz(p(rxOj)g$AW#M9fu)xGiz`@90309~}6gy^3 zpA&iqn7%V@9)f=WO;Whs^giCBbWsvl%Qh#tKF5_WoBC+UVpj2{I>86UIMTgu%7ZWI z%O^HU`i8UikNn%A6hx&-*Hvhp-{eKj_+kos6gPX6S^7slox&77f;70C;1T8{#L5|A z)_gEo6d{A}gF!Up9i^4Ruxmq_g=vW*U{Q43EzH>IJQ51g`Zx3^{`qq=$ob z!TDBCEHuvLLH+WeEhCwA{B#)^uO-|Vu1z`(*~)lHjnyr?a_yg6LSGc#cJcaRr#X*@ zw03;a&et0I6?)Z(0$`&7)_6gorHWd)&h_7vO#$O(CQ$*R!~b6QG7wih)*Uxex&P!@ zVTNc16{z_o%uKZD{Mi67?HX1FU(7MyYN;4o z!u&r0FV&=4*dR`G6((6)M2)uDqX~}T8b6>k2%P#&X`l?q40cw9Rg0(~>RI19zQ))E z`Pv@k(9`1X}J-`oqb`s{Lcujl#-T`HX_gy=85A(_bFrtz)6(_;9C zydgwyC5gG6nC%T*mA$-@6xDM{9=z=ublxeIgjt|*1z^&d8;Cjnw*M8F@QgIu-x#b!;skuUr4`;-nC7P)+-UOTElz{sm*vhIkjoP$e#GfI(>k)4q?wd<^+kbrv zIhnQjmhwi6dhO{vos_8e3<%`#SxMmAYDi&uxN7&OkjbIdx1VAy@wG^{I{N(T;${@^ zEBJvCVE>5w7UqP^)FQ5KiDI(7d6#q9%m;gj( z7yti<|1lx|_sqs$B3|r)0GhL_87~12`x2@n9Sze1}oXa)T6nMw??DmVt&hVnDy!uAGakIT$Wk%=qD))U6 z#akX6O74k&Y;oI2$dYh++7tJ<2_Q?J^0V5`Rht#0=tiUO8}tH|M^>5c)JXn|L_RF{wR|LhVKlYp8W06 z{dEk3!Ht^ue;NhykiMwq7+*@@f43#rtD?yNI||zW^B)RIyI`%TV`(fr4?EK(Fo-!j z_A*U>0^h{KcP|5$ZHp!15b*_$vITI&vdsOCfPwFVuJBI*GEP09c{8L)@=(zGc!5bh zQ(<_`?RA2!ElgMAMW%qPzaOy z@nv2W6{dLw^cIf#BQSus=+-imc3(==W;h;nmpNn@7{2;g_ZlXy0}{q@I6uCBvjA#S z)WFqdBsTd7a5O)VBL>dt4iLfC%oBFK*dEGf+1cz10}{{%Q(YjR{r2tKj7JT`|Ev?( zGXY?+ZbWj_0E99dro9MSQWqB%2zl+N3*YnshaPwl0MRGmN2~ohr_NJcq?AN0`Q*gt z@hmK{e*3YWpm-bXb{h~Q0JohdH9j814uQ6enzm+O=AHr(5#W&*q>7TIaO3=mzO)Iz zm_oCfu z21&z(1<+}@RBs_oucK0<(gsNUlRdx@bY!1OP9=RXehsiLvf8SEESEo;h_BFK3g1jj z!$V^Qv*BRZI{kf4V=c9uVma=!XAQcmyftw(-8N0jxVCV-%6ibKiAslacGyBX3%X|ex8u6i zJ)rhWv7b%u_kDqTex$~eF3!_*0I)e&C<2o4aZT373m{+n?W4u7ThQgZZwp%d5qPrVnp%IpdSReRtFJ zCU%l#i7AhNylh!RFhyPxp;p$^aiyRs)tGu3h8>cax%Yu2wC`pJ3J7u2xZq)Jw@u$zZ=V|~bx{7|sno*+=b&~?|7QU}ffn1NFbE5WR};95 z(n4o5K9>*{TJi@YWO=KD2Yd(!VL7Qw~Da=h=%O zwwzcB8Z1ENXyl;vcnOONM&w4>_u)NBY({$Iu|>l>DEZ?zc%m&*QeFjpKWWBMZG)(U?&VaCl5y+zQFE50Q{XQRdz5N|34Md>$X4xF z;4w@#+bQa`e@^?#+{9%2NyElxSnzM=_=b=rpI$Nt1zRqHt-Nuj;uc2`CysXotso{y zAs<)zZn`#%i*@D!P>G5b0GG=rShsmwNEwizsiDR2f~>&tZlAI3fH+%=JJ%vP<+A#D zB(X4m$k2q}`mgoNtoN0}F;50izOK9Z)XO6Ld^A6$^oe_U<}c={aNaDXTL0Lkl#8&vMbJu!#n@GugC2tjLCRsQnaNA>Qv^2&?>$*M4XYEZ3(!SJ(fsM=~3D;I4g` zwMzTv3WC|SB7c|$cUF7r@0b2B26b|_IJT>N*08Zd(0kjoZ+1!f2ygAx>IOYwAHZ-e*u0CRut z`)U0Z!1~6z>s)3X=Yv3p9KeM)fZc}W^UJ0x z9p&)T%zu2zqAu8P*>gFTq)y;im30a25cHN>SF||HL>lWWePdhg+m)(xyVpM(+U7P;*=CJ;MYV z>7M{F^k(TjJ|wIC?a_j!I@aprT4mQHM11)2J1&dv0Ki=UXg8LCM+Y-6KeLj4&nCD_ z$H0xCmbd_6(&j?s2GatB+knpIPD~F?U2Ron_bm4By>J`{KDzsMeo2K^eiJ~Yq~DX2 zrwh$5vGIOC!Km#Axixy>;2eWrfe-1ba|X`a3h-Roets{msY4$Wm0pE~<+Ghy-yhmA}G_B>+dMuD+F4 zR#uwC&;R*CMr~!pT%SBm=c$=u`HvM&!itbq*7UtuLkq`c#V_230kqJxp!P7pH47M?A6Y2aSxh|H^o9DD9_}y+Ou&J3 zQm2)CT-*MB)%T#_)$lWKgE3K4OB)ai2-)|n{k1V<;eNRSiCANDsc}!JN|77d9jMuQ z|76V-M`RPu9wCuh@)q0(#(=zMqirej&jlVb4sLpb#5Y3fMU#l;K|j1pY5-*o^+a{s zvUMDQx(B`)W{|xa`W=JJ6oEa8wR$1^8V{BC<5^X8-S(-022vMDMxz>uA~fLLZV1ET z^}m9mAK=-I>2-3Z8BIj6;vMh^$T068#y6nGQ9Jm2yvj}Pk!I{MoLoqF{)z6q6!Q5Cta=pGe9_Zw}uDu1H>28ajK!D0yS`qofT{@h- zf5Y?-fC>8&ZBOuUDnqLbnmz`+IlP4ZBq_cAT@P?7UlCZgK8}C#J1Y5)p$uZ-1^7J( zY@)La8{gi7$mgEjIAME@`{Uma(*mgu@Wo+Oc4|fJsAi966+zi)0Jy&M^74R^{a2X( zz0zc7V3niv?|-=k7N@HIXNwU2D6S8vIE7uv%jMR+!SIi|ZR7uS6P_YK16=et+u%aR{?St?dQ4 zOI#-WYBOZ0aR0)+2=eK>$5Fjys%apkN_vo%yC4|! z^X@tfWo&0Sq564SW((6_5fz8iijYONd+cK?Y7w(ckZ2_ph8m4ULBtNSdhYf>F6yma z4^UwSvEOq=7?J+z0WRzfu#r;?((e}Q z12d@j-v@qo&6V#sy8Aq>{ERLERkg9kB|&HjRuH>#{sWY!c7Who$5DlIe0P_m=UNfs z0;2w)t zI9*t^uUUg7JVy;E5q74=dhF-A2=acg>d$^X)R!<45g|pL^e%vaTpcgEfVx&Cw?+=+ zB&SGBGC8R8`DUMnRQ|n3)Ws~J55kLYznvwO)5j|E^SgE5>;vR#1w@y)mLAM@W@846GOAFct9^BiD5&b7!>s)G3^U|7%(1Q*#3(|Gm7caO!HB$GnGM`WZrY{Z1 z9Zacrk0*%i4PuA@*yvy8@AquSawHpRI4ba85TeXR$jI^Yy-i|W0r{=C8nKgxf$X^J zSJTh1Zxn``K~@RyMeT5)GctG~@nviX`RousCs+e#on^_+SEWb|b<$$}OO*fj4e8hS zGnUhYY`&b^DJPmpSZfPuY1hb^!OWc?HvAodAz6Ca8>MQs&{;W{uM9Fkd?k{sIj{oR zXxzA5qi)58iuvk{_d&m&ZEFFI_YtY@C-RM`!fmB8S4B-tR!ma?fH7_*3%fbp1@s^w z)zdMP@mJC^d^aNWHRbE$!$H$03F)c(Q9ZX86x3Q%S=s6ClqM9r!1Yi9?o50gG*LzLP@v$tD z0D+>7D_TB4E*A2?f-;loGHh|C;w70h*^Wh!n2)ZqA9sSqo?B(NzilLrYc&91#uLu* zP9R7fZ3f$@h<(eJ2w}cnd=_{|o~{Nge&d`QO1-TH8jOR|WBbTw@BY6^H$|l=yhB{mEiMetsw1%3)vrCN_E&<6K3haUMw$ z^?zw=_vmIm0-nC;)C*6eHSIzZ=k5jIbY`LH3w?;c6a>0!9s3~z%=wO~MvnTaVPwIR zO*^snZPaV(wm7?L2mK#Tc19jcwPkGv)$D;KYrTG+2GwpnZCfiTUCyOXou!<@ov_|p z1VEG)Ci-dk;VPgROfg{G`IVl6nBQlTT3oqo85R$$8zwRa8_mDLu@koiQ31E_by49O z)|rr_OvaSX$>Z0Ptg!IY4+J`m&XO)kX>eX&wF)cE{*%>855V7i6!d*9^i|N995cLF za~*ZP+?qZ-1a!i{J+6lRZfzk%z>P2Tu$T^?l>)x7;ACNV_DD6@PGBkYUuRho_xz2) z*O|CBS%@*@WNM@vua;V|Z8fdWOd< z03BDFB>Y=iGZdNLwz~cCG_=11>(}}rs!ayG6(D6|(6UeI(ovCrUUx_h3+A_=T=*dS z*~NYgy4x+gKfw4ppPVcM?=kn?+3=QD@Wwl=rQc453_wgEQ~}v{t}^ zK=~kP!y2PmOH3#XC;!``9%92@Uj(HBH7_AB`cH7PiJvqeJZg#^a5PX9>sR|djTQdj z$<8xtiscSOBhyw;h-mi#v!=#*eb#c~_cN?4u-|@U(uT;cW(lOmLDP*3%l*QD`42cx zAvKOsMz4Mk?5$oD^EOLwClZ^=q#di(3ctb-Vir~k^0Wf>8e>>@Kfm=z0~@3%yuyf7 zsU`V!0odpCE_&ecBjEorW@hFQt{&$x>NeVqjo-*sSV5T{D6$9uh!xn6>h=C67uuQDP8}GvPvG_Y45-iB7vF z_%(lA&JwV^L_?4E@L5?xKn6Tb(V(VQEy|^Od~B`h_pCXZftejX^*1&DhIqB^H4WU- zKwus1BCRN=;A*~WwTJwEpME$nZ1l^u`j8FTO%N8_FB)DQE>=Hyst*?M&zS$shWz6< z!A^=Z7)6($RpQUygKdF7sS~&VqrI<=%4+TQ6+{HZ07ObaKtNh)Bt;295S5qimJ*O| zR16vkX;74Iq*J9skZzEc?v6W`ThQ;^^PM~H9e3Pu{%4Gqe0MRG?_jAT_tn!8f2_;(cVK9jDGFhB_rxQ*VKw!JM#}%e&%{Jt zc?2~3XWEz!fp2S843mxKaD_W}zxlI_<2G0RY^0V*j~IKNH;O!E{e<##zdxVwGibOuCB*w0F{v^^!QxFJRA$f|4bHkI zn*%%ZYY;K>IFNei)~^vE>nK{jdJ^II_rO z4f_84>aV->r$@esj);uBiP;q&R0&?Z)S(@6G%#F-w!4KxuRf@qN}XI;BQ1v$FA?pZ zr%IcB^-bS)EwvvqtnD7e96%}tgaE@Ns`v!fPsSSsU3WY~Ve}`2TrmRnOYLC|DVcM{ zezVrg-DMGHm+Br7*!a@IfN3qF+4|v50qTFBs2dv{HrCkbg{paw0IsT{ne?x30CMj- z*eO3KZk1#V{{3*n*Vjzw(?u@F>tp+U;6Ta|b_yC_^cNn$vzsrRTnA(X>)sh+wlV0@ z9sxr0@6j*PRD2J8t&TW9L5C^=1ry*@<}noY$Bv*c;b+LOZCKMcD|Xo&yjJBfHA1rA z^#u&XVCVFquHA z6iP83_s_-odl-lQ*|i6xQh~hvngeK5M-`y{CRB;D$szRa$(J)>X4{zS+W-PeKVpps zREq>;aYwKB2Z9#%BZpzd$jnS|xt6*|O~A3>b5Y#kUsP3f{fk*|>ouxFTDx;l(+MZ}G0FY0Bdieqy59#fRnF zU)Ub084X>nG%b4=c4{4<)~k+pg-~HW#0v9 z18*z%I4b}Y4pk3a1NJr0O&1ye>v^C>uH6J=xvK9IFt<@`MLJr}XC+mB7uQ4$_%PdZ zDk`0e7_#zeK@YGgTMfY&db@(h3`(m1-FrfNs{kc_op}*(i)kF%^16B8o~^n7-?e~d zrYVBk&u$aS_7;58H%owiUA|8IT_FH>4FRf{m9lk#lw&$3MLhW}ij=D9&ys7$fUZc| zDo{)^mK_6V=`&-J>#z-J8JyZy!AXX&(bV=EF!|&1V=S|16YOQXs5=_qkov9;6Wl$^8?a5wyZJ&;? z26%iavE%YlGxSdmVL@43^z^iP4}s=WVgK0GFZ}G_H?RMccPizZz=o>&nM*s#_?#jg zsel_Gtdtn3Y5Vu9^3M~vVD1@_KtQAr6*FFk)hVQGp9GZS6)rW{mqF-gfCR+{(%pk7 z7+;s&IA)-V;+ALJA*AsP5VKlSfIxw1IsC0vNh69Do*o2fVa! zQ!q{a1O?piDmuS*wLATtz=7=dSBRKzBWSd})$`Xf`~Z!~@VKXSTo3m_Q##pExMgja zjGXUGMr#9=k+W0rnH^yk!l()rV|lVy#${WzDCjZ`i?ZoH;M%@G?3J4EWdchP=6MG! zxh3?9iRpJAXpmx?{8D&QH8#>L=6kYgEKaS}^~-@?mIAc(?3VT1*yrijAmIH?(=lwc zED}#%N1^TSeq}3B3%_ExQ*TuAaS)tNv>9@?wfXYu*!F_U2A}>h*n^`19-KHqs4Cp@ z+SZ)%Q#Wfg=@eW^@xdOqZK?`u*h<0BIsI0{h1bFRrz=o0F8* zeFOJ=F_60FMd1&Yg;DL0%Y6G;YZSQ2fD?vp@*U&^i|SqybmB3n^|hoXCf*A4F3aP2 z%pD*A9wjS4izgGH-gG>{ zDezcN&u)i;MiYyo_Ptj!&y%Mux_fD{t%BVGj}=R{>>>-nC=C9^xNzf>8amk(b7+XJ z?fLcC{=7OP*>qOf!1B*lBZN%ULe7t*uE+|zl~RRb*hx%iqDKcEHVg1tk_hEy`QhSK zcO%M*23LFT3o46Q&*{$+GNGh~3|}5?prY_&8hek7ulQ3|6ua3Av926z`*G#pHVb_- zrdd@N@9yeEc=9BFVe)}@`u(OrM{}pl7qw$@@}mu2s+vjGKE4{Yza*=~xjS|K=%@53 zffhO~e>zzB1U67ctFRS_%7aN}p|6QNGBs99{;GiO& z5^C*gkH2iN{PG<8>x(mt9R=G!ef4(wx+X-~D8~poOQHhCC1L}h$sj4*Fok@O%ivCV zjZde~%Y)r=pVHld+8pYTfd<;_jN44wGhq3CU$qW|#CLXnFN!xsf<~1RaWIEO=WFcM z#1$468tX-<{Qi#6Z^aUz*E78IfI+qb`qb5mAwR_a0EyWh(D_W~<#PQ=4*KH?(4$?1 zsE!rya*AK=hoX)Tn}XrepBC>X@{vD{n%YpGw*w(q%-&9x`HwF!Q&rq?^J!T)5*xeE z1D`kTGSPX}-HfWj%kA;bjs?)lnH>h8hbl@kOZn5P`hZ-uL!#7Fh19zOa{3!d-A9K{ ze2&?yq;uGqANV)W26XKu+M6(X7}Qg+9{4`RS$t~A~zsXKTD9N=-M{D^sm zq%uYZ-OBKHuLubC-^>mo11dQYx_3;;$hwKM%LE!1rtIWX4ICmz_p+T3%{ldujY5ul zfCoye1Ns(TyTxJTKnK951N;xy$baB_JK-j#<@Fl*39M_HBGR3{a@PZ+th+~Cm%p$x zjHn$7uDvAKx>)^AD^2wP_it`KhUE<1TF zk~#A_^5o(zx`ACJL;2RKQmjO?E&wL^u=h0=_Jq$rq^gG zs+lT(`m{B-)#Mejni$<-QtGfy#1Z?b!$sO@@hUbnqj#<;BlDU&2_omwtx396lz8bz zUFmubqzsLF$s=kvL~a5tQkZadZ~ZuGoLpY&Ew|9>mu0>f_5E*8CkPnp)l>$Tch={# z1{T#v^QKC_O-ld4Hw$BTyUT+&TQs^e1~b*KPneq ztWQBGnUi(yO;_*|InjaoZw7T`)BH5@lp@H^B##rBIrr+=$ls(>a=#Pl<)V@-UD;fm_y{OC?zIE_M3F{N$P@icvL$DdoNW z>wy+R`QIGm6c+*k+%kotDu|B6#~kbp9qb|UK>%f|_=N>?inoOhR)nZO6*XfSAEL*? z=x1(0<+`S3dW+QWm_;&RRZLWJU8+ycxRRt9mE70#IvgkeMr6@AIzYU4UgdxcTG843 z^weYtamA#=N7woul=lraljEdsD*%cED3zq|*l*&nN8va(3!%y%Filb#e%R=J2%UQ} zWo8Yzq>+$%ryc%=F#4Y@UJo1L#gIFf z4>Kpoq6A@vdU?sR78F8Gu+6cmkfQK3uq!;fa(LI!FTZ&bBFI5%a1VBKa7&_60f3#+;0Lc3@}D^NKy`9=(kd z@-{lgb$E$H?x2!%f&e5kUdu5!W(bZSQqKJ@MhZ;3R(-Ok^=pE|ZA7*U^erEvNO-`D zQDm0t6DZ7y_YWuia4q>ekLfgzyTL>%&&;%FM)^?xQmS6_(oYL#T9YAzwS8&5j3hLM ze?ij+{tGmn-!Buu^oiye3Z%A0@rqctwmjh0=}c8pGWy6;me+tU6R-~!+`~pDWzHgY z%@uZbBmXSq58u2nq<|~a{Fdh{01%LPw1ob_e5UZAI=x*CQ##ts{`rCI`s=?5i^F|4 zRtm0`+7|%>Lt=ms;jk(r4Ap)L~B?x$_qE=-U@T$+5vmH z0KnyGmI6)Cl;0np?a2X~qnHg_32gU>c3!U`IX$8!TfCLV^&)+Z@9V z!Z_z?2=Goqq-8y@jOzgEo`0r&>pLV)y?TqAlTX?E2yh72@?AExMA%jqJ_O2$*otNY zVCM=A283242Ttv8j`}^M4L@_n2F#&v0Ec0WC=OCt)~@<8 z+0f8d;a znezP^BwlKNZ>Mb3E^}nOl?j=>;=k2P#J09V3$Au3gd&(VvW)r8}2On`x?yfCLhr z!#6ZC`XWkyhfldIUs5Ufw8>E}u@6&k?2VW$Dz=Dpj=$>YpQr>GDMO zv<}5iH`EO2>MJRT=Ab%Hmmnn%@M;UR(nXn!n1QU;h?QgumI{kF!iAizY}5`aZY<^X zw zpj@8(kpx;rj8ZGm4b5dYu-qjn0sR7C8Mn0`f=-2IWIFcQ*&@K}K%6oPTXV2*Cqm~U zdxFV}&jw{wdoUC42t0>eCm;{e8*^K;~4G;T|g_TlV~EkY%LC=Iw$hHWFn$^bi1&#K=5lVZRcNI|bL zFCv=O9BZ~^0zP%~Wl*ls*mdL>aAG?3mg>fY<&31J5SH${bYNhyU37I&jlu5QP%3rh zlq|FPEU)tPNN#MTictU}_nNceoQBJV6au@#xfV0U-{X(p+i!Hs8ck`shNyO~v`~Uk z5GC!vOlFjWq$S|tY5tV!&3(#4K)O8uCBu-RlE8iKewe~gm zHgqzC%CvI{>Rvs>eHsJJK)C0c9AnxiJV|e9Cg>*V*{JeE6&2&clbx(jtP_X*nQ?yA z4dJ6s^N28jrjrHXDzRh24omp&m%5sA>G*$m*`nLOGDDM&<%!Hc(9#DE=7x-$vA=U& zk3q?(Qqz4O#BoUC_z{N-lzEe}Mes*Km=y5KTKRFmzyGynR{84wCW zX}|MNABX%(J3s7_|Nn=7U#kB*SL2`f*r!N*Y$u8FTaXzXSz1Xl=d63i{gzy~5Q4~s1Edmgisp7{Sew$hR>HT}$u^goQ|(9SJM=@> zk;Myvx}YBhxwZ=g=h7?uaxfi=6mC^<%8dN7JaWo>UHK%(BYJh*{i`0Y)|clH`Z@m2 zG<+Jms^on^hSwhT$=|f(kg{{6q@OIHZtL9}O;I0Z|LP`TuO zn&P!``|nhI^ir{p_IJ0IHUO)u@gb#)lE(%K2$ER*1y@GAMmRd)uW*MrkBG7x*!=7U zRZ0r14tskO3>*t>quY18%bKV6B9dG3!r31kq5)6r36#sANdH~e8jYv>Y=>)vawc9U z$VF)NQo9?`wv?FAzg>AxN3J61dNa4XC&wTLjEwdX_e;CTA28EeXOL|^#;22k`xxp# zK3VY9qf-j=$AzDD{N_QZHB0(k4L-2>biOm?6j$mf^p*d0yGg=f<}*y@9XhCPEitQ>9nR?RN*#lvt0UL{1QOP25&_>?xD|?8nscmoQP0JO(b8I1_)}l{M3Ph z-<>(-kt-E8xVhng2}X_Tr(5DH=9SbiE~FLA{M2hMRTAB(-e=^T<9Xi|x^^)m)Zr^% z`DTpet*P5vrSdAyQ?9$V<;?j%Zx1RrkMt(XtZTyc3l!~g;ran<-SxuT>=P)Kl(U1I zaq523DyvhsX0M{^^=;Eq2fucbU9-su<{C&%T98y@Oxm$zOu12`tkl74Ho?H{&OOO> z;4=M2B_^>bwuNLbLZ;`@&*;ZPsi_PbL{o-a^~t_?JLRjt0w`oGGxkjE#eBaf_byDj z8r}?UNVZt$2T#lpv$Kv&u9k-0?B>mcyR&@SaYpQ^%#O%@K>uq$Na@GGdayS$?llyu zBKj`b(6U@mV7=eGZqi{W`S%;8)g~h*r3WzF_kPEd2G@>Nz!7lOR%O|!PJ@xGDnGYf z!Rpv=FR(zGgr{2PT}EocvzaoaZa*^zd#fJmk>hP8lyY>4JOg@jdG5$ihU)ILW5?B$ zYO~C-73W~o$LZ-e!Ov2WQ0(dM+^8{*T zBCy=nHHPwQ=l-^>0y$@qeDyO(AXy8_PJYtgh%$q!@(tI<6crM|hh}4T0ogbY*A&8n zR~*1T&3oam9S~3R<;-}4{WICzU6ryD$SP=RZ8yiZiiSG0GTTUhw8t|@#M&>t{|FgU zh7zUT2>PyxI`$gMvO3>RsVtM1i^s8TMy%u8(r_x)21)w%Ria> zmpaX&l|@5epNpdTOyqGsdfRY&Z(;8Tx0JeFy2Ie@uJ&Tvp)=e{quqh>WaS!u@$q1^|0(%NT&?QSH;jFQ5mLJGP5j(I{$`<4M_iJ~EVIjxo)ZrrYh>A3 z(EJ3EK~WTZvAzJ6KO)2_HZ=WX>7g3dtWulCIU%eXOFy0xoEDn4#Ak+VG$f}%s`O(T zUZMi}X+jn!uxAZ{a|CjRvbKxVBOVnWUP}1?^~nx%N_{l$;gpb>+X`~>Xjj1B0rUWk z1tOqHN;QgK;gI`%N8HPiTX7yXkW=_}V4VhGZx*oYc3?e0FTnCq~Ygd9H7aSG$UpO%RI^pXj&@r7lP&PM&Qj1(y z2)S5Q27gS1-h>bc3N&uT<|?jcuAaYyp9P<{0gm~coD44iR5+&^K|*FyVWN{2H2C~2 ziqDoeBQ(`x)FVIK)n#Uxds2S%RMx1?Jn!}op;f0v-w8j#RIZRx%#54~gYr)>v?@es znf9=|-e0k|O)EGkG;+eo9DN~ulBLvO_!DDD>AGdd(rlY;F14S^T1#BYH#i3;e9y*j zC;D-;iZiR0vOz9+oPvvU2OsN>VQ)Lb^TO7UzVt1Rj5THFHQ4@9f$A>#TeA^w%a?9; z3=}C$x9KEkdEJ|TGTAS*pLa@Y{ZeLcY(~^~+qNdyKjfvSJG|~Ig=@V&sAh^VVFvp8 z>t(+uktwkbcduO1LlM@jfvmIMg#diiinvPFFk4ZU8fiCmWRp8z_D_4C&=V^sugd`95}$tV1o)Kl+K zaDaIG(-WtSMC3d6GjmV;v)0_VuLvg^fgFqVP9GG`%Fr6#dEM{1G15G0?UD7#2-yG@ zs2-3l0&!vma2^8CfPnQDK)FT-BbmQn26|>X_mJ#l{iiu=J(PLBeEvF!0|7=PB=UTMhYWhR3$0ihbbwf-c! zgwrkd^IhFyxz5<^$J3yDX`6)ng50(GQw}}(O6~nbb!~e69mJTIKC$c+N(}N>bzVxD z=Pu|XHi*Q{{T9allDpcf`~>HH>b{_?={VZEb1u{#51-qU^MLMwg4gm&F{hR5kdlrX zUInih6U_g`27Qj^OSc>$Tz&|2+)kSLN?baSQdSR=SGSXx__SJJJL#Z_Br&?+{Mj+< zXC>91;s;*44wLA*gS~Bnz9$Qi&0hwniy~EVHHmS_TBiz(`P4Bx8w(VJic2M&7&#Mn zMF}ld=lb$*g+OVTS)D)vBS7&%88#*DqCs?gw@$Q4;9V?7bQ)r+*%udsR`Fe1AI28mZ>^gls65cR+eXiZMJ%= zcKWfX5a0vMgEITdR2(SW@N=|PxPr~4{;cv)l0@k93jt1%fSnOp(GWs~S0V2PjlRU+vuoIFH^ z8DF4vZGsrENZWjLOt0aTS#&?c!$9Z9sPsYGoMNib=WU`q^BAEsR3^i>cUhK8c=Zhz z+XIiGmuKwOFH6-uthS;he;kPO*t@0!#7nYoP)h_Ji*A7w`j&_fY}2%sp?@A64y6E6 z!i_TkIMeTC>V>MCYW&0>Sq9r16@Zq&_dLDf^(+v#itw{nyIW6WibkRP z_#S7aTYA(=ynNf=^PHiMpn)EWe~VUOmAde~icUO*!R9nD0lI>84?G7a@2%c*cljRbh@p|Cu$1eVU~hUBpCRNYakL|P3#cD7{vS_05#Th_RRDc(% zhJ3KnDo^7|4&%fz;ypPZKcPG!Rtn7Z1D+WAkPW$-^K?A!bVoGQpH~m~isL?pfdc4Lr33|^?o-2c=(%gHK*?^0%JfJ}Sjy!H|Ma>8+Ui9{^9R-_PFgXKSAM2%W|e@F{L~1gwir(FuZ@X6uqRqg`dpxz^W6HVTivGx3L9) zt78Pb2KY9YV=FnxZ;)-gn&mImC-M*QjeQ3AJj;!6`aK+idZgIVb8Y@GxsR?^w-|eO z3}3BTqJk8-znR+@+QS)a9OQ(~<3y7(ox4wFOZIMXCr1v#Bb^T3s+8{Q$ zYf0m~?|T=D@IJZCyp7hzG3WeY#4dp5N|>jbV|9|Q5a*}iuEHC4!js{?itxzye0eFT zEl~oQHaOUr*nUFVEEED?PShU1Fpr}t?h@$6Bc}RcOfRw0faM;}WwdYCA7>6T?vG8l zoxznMX4AzAwtSN@r6ov1HsWZ2vz+K!;wr1tkJJ4uEN~DD%acLp2ZRHP z^3ej$ke^zB;eX zc24ko`RCmhwn;jH?_&u;LozN67OD4TcV$L}0!}Buk*PyoG3vCZm*Tz|esJnHjK=c! z)-a63baAk_Ea8{n!B~BccicbJ;D_8zhZya=zM)MmD`K+S83CakxONJwOfmP}5O; zcl>)+$x1Kr5&L6KdVAZw#7J6GivZM8}-G z9DQm((_yl`!!$#;x>{O?R^6@tLJIG-Z!0YyAx{;XKIGZ!ZeM@16t=HjLivpNxE1ko z1j%>1f}cTk#6{7osuNBgGWx^c7jzR;t{>AVx$c;zmr}^0_^y)19#X7@U+X{%H5rC} zrBJ9XhriqN8XLnn7-=WxC7WCQD(G}E46q*7LbLRSR=4^+?R<)AZ@=}OMs~J&9NnAV z->WX+;1v<6SwS$u_XPVAFHwxNQQKSzJ7kl(&Exb-#hcSB1ezm9wuyj8nY39E*|p5sZhj zH+OrNQX0?E3Dp&V9d!4Ri^Eph_(pJyRzJN{r z*QeC&PuR4#n1?J2G!TZH0J<0lr6ix(wp0b_(cvtn#DJ|VR6*+3USjL~SMdXh;<;y4|&Fu@HPMHNU zlX=R$U=M#e3uTYn2PlF1syi6;*$f<%}4ZGJ4cA| zF8g6S%d*CKeD5#|I}?2D(aj8tG|KmeJZKa*JmyE)-aRS2|Ky1nv-r7IaWsEppB4VC zkr5hNoNl*^ZN@)0z?l5pWz3hP?SP7UV=nRI_~!~uiSrDU*F;Hfe+P<2Wr9RjZgyW` z_mv^LbJLU_%~PlFdkHMk}5EYr#50|;$RjD-ext>l$s5&-L`O= zV2`cz zh@;)CPH^T{vP$*G+GW2enu!10|1$kTpR9c_>P*J~7aUxkcn5tqbIC3uj0oeTooC$> zS#9}Ua{Q%X%BzFSIf9$k;?u(>7PJCqKIT$>-7M9e#ufjT(93-NhY9Y75qf&^ThHn3 zIA*-imi_2z#WSvVoE-8<;@K2yq#wDP8cH=%xuQd^Kpn&5mlHh4bmRIZo*Mzgs-|ny zmW&fSx!!lgu)WVzW77=ZdPzF)?zpHlucB0{H?j7+6k_+Xs^VKjlwymXOTrqlzAcRf z1FF)iXVuwq7Kn~rs3mq=Vb*yO$WQTu#M^VEC_ZB=MC3+SMBPMp+*7Y`iz=Qg$3)JH zNq3mV;K`4K>tV7IUf7dh3eXh%%ozWT?V0aEp)&n*U0Iq>wZz(fs|pOfx55G9S@Kx9+r^Q!&rcyNO)L7Z`YjGFrKPTHgt@f9iVedPkjs81_ zPdFF9!b>j%i?Qn~p~24+<^2y6Wb`^u-bZ&?fjmL-D!KEW7uf@tqPfLWLVdrC2|IDh z-(Q*W+G%)9ClsdpnqzmY=8oXYw#Ef3r(qn80Jq0W=wT$!&upqUs*K*@T3J(>|EfNB zmC=A=aVZk9ibp=uy(Y+bx*wa|64Uh+aWsF5J~=L#=dJ2#8-9J&tWWvmyS!84HjFk`5$EJCSTE7- z`G#v7oquv5(Huk6Uu7^BJQHY^%**BK^^sooqecPj(;^&h!Mv$O?vxgE(GOe1XYniY z&@7VBL%hgp5h)QV>1Dk(yJ1Gl>o>g~Y5oXjM`OCdqD(-bXMES-!Q(fK-mjwwrXEJR zh>@-I7c>u}Z1H1Bk}%CIbi4&NE@RS&)I=77*&bKQ>SA+=Tit=`7bGyRG5X_4B>|6k zZCWn>HdNh-DzzXNIz9!O)*Jd%{*0A)xr<@CI5=ht-e_e_f{j#Y`L-M#fJ@c*c;NY? zuG?vsd~B|pn9aYhoP71eg(lr>D*LSpqLl$DGLmSs%;?h!(R=-W5&jl*5Jko$*+Vx!9(+N`D(2DsO)<( z$y^P3&QE#m(Spr_<*ZUqaUHzjo-@?$0>^b~!mFRRn5C%9V;Fu)Rx_miwUyjKFG$Pc zFMT7XJ54KD&BUqSm!BJ1BsrVPz@8oO5is<&>hnb<;C~KXt1PnNL?v98R}m`;J{@V+ z5tyEr{!`yEbY}zHY_AQ2so&ii^N}C_5==MY{|m{9q$&+R379Z^8JwAZ4+vey~%icoNksQAX(};*e2@xWXJHERv8HkoL9^<>3Iof1j1+xiAg1C>m1zNtl;v2%r38s%nX~2 zF=-PcPAVE5$2t389}Id0Skdjv%wmVAD!D)l7Z&L{vCK(V%j|v=uwE}gG!qh0hny9M z=V^8$!&RhKoJu zMQbiSX*3XAAr?f=2^1%@ZVv#pCjh_d;5lG^QVOUDJop_*n1qQ6q^Sp_TXI(}gSY^Z ziza{fZTo!?CP>Y?LAd0)8b_h#yw*XP0+}lm`{s!LCh+{0mIFBjmioJUSeGoWQTVaH zx>$zfaIN3HN{nazX0<2GE(np%m3hh%(ck%cfLPBVCF931tXj1ObU2Et=(< zX2|!X>#7l4&jKG-z-lC&G=n_|nVhU!@6f&byubKT2ub^D_d;E27jgf<$~FmkxVq25J7>GEHF5DP{EKfu%#@%Ze2V<`9@VVumfI(^H4T7Y}TNVKiz}He5A5R-U8Rfj* zgIwLno9jqOli+0J6NoRR#lTUohxC`*VYLaMP()OR)XH`$bL?)oT0z$zM^P6c?!>ZRIR;chV?Y%tihQtt!AtQK^r8}`jkCa=jw zlERB5FV`i5ul}+>$a8$aKC%ZQajhi0r(^JU(bLzp{H89ByllQAoR0M95Cucc@!VHi zv<(S2t*1{IF1}Xt81lS``R%Uh2O#P;x{=k~3}+uhJgMYPIH(aK0@A?U25iDfnk#L0 z>J%C`ZmnM%@-t9GoU`K~)ugP9?*s&Q6FIm*2(;tinHeGbk*;n^I1hMZkG@$-6)FM)Jz1adlAsGh-M2TK$O?#E_Mc_dPG+Tu=#ND6=+_IdlYY{sf^|gKE504l?TUW=Ma!4uZsu!(D?-)*0f9Y_w*ntO%#ug~ zQ%uYvp`>3)Bfl=YZ9Kg^u7xzHs~99>U+1rRpxqVJ4=@zkvyJF~#YI%kyjFx5Wnlm=Eh#R*ZT$n>f=|Ql)9LXGQW9 zJ702+^L=OMM0E*=tDsvW?ka_WM>@ZEJCuYQIQSqo54;f0VO`gHIq^>2Wq?>f` zZZeR|!FIB5j~4+Ol;L?;446L+BmS_e$cqGd3AY8&KYY-WX7=G>dN?yIn@v)*^qZYV ze#Gozf1f?WdDG2*?Vr;K3iL$NeH(I?g#XE|^;|U~=P^^d@AuZ@=rn@ZXl(eY|FrMP z{qNDr{5R>S{$GELU(Pn8CL|j%K`-w%I;Y5yr#uPQk@MjZWzTWrFS!!-?SGLgeaFuI zzW+7Gpe?H^eIf+IY!6DR72z@~&btEJ}{<=%yesIp;Q9iB7nDpZ@ P_~(wO%?9prBCY<)qZ0pkRHWprG@?AmBGeAhm1Y2ehl2 ztOQi;G|4gW2GL1Q#}x_+kM{33w7eS41r*fAguK*S4KIV!T!ah_>80>Y#cBDWP)LTW zaz-BsCN3v)ZI!LIz9(u`?InM0=dVr^O^(AD%(tA?Zzv-nh%{)%Mj21NgR_m@oAa(+ zYuPaVGNLZf; zwL^(Qnk;G~+@c1%Q}fO(mP|yDTqbLc;lH=PQ4udzmwD*=PysWhYUJ#AU$TQP#M zNEl~OG&d6oy6h#(_q`f#ww`b75&3KlwTz4(SJ-*lx;`y(r`PZf)jE~w-}xsnfw1&H zQxWUbPT^d-afT=w)>JYQgKv)KEn|6?#^4n`_RG|!tE-4CGKFK!RpG|GPyOGOn*jk2 zvj*Z@E+LTnI+f>oGfe>*kq73i z6cUoT8;ME1K|>6kRtEW?l!hU$YZg^{%!mDY;eD8UX!Bz{%uTEFQT+G+JlGr)D5drF zK5TkQ(fKgf(_`Fo-M($MSTFB3j|^4h;5_n;)6SNn7p&|>g^iNP=|O{W@)_HgvSll_nI?DGR+^Z)hz z;#MF#eK}pxQ*f>dqV#{{P#l&kOT52CKDn~0ihE6lkp8cXJiIj;CG}iLyL^~kv?={Z zp2ht!87iu(m|0SKnR`Ep)am|GF}|+cVRfvY88*rg6aYkmyp!qee`m)P3l*#YVV)P1 zzNLxiV@qe>F?5+wWBgws0@fvg0h+N^YMe3u|D`X$^g}5qW^qADN&lxB{e3N71gsSn zZMpB?k4Zp%3>Z$?{w8>+?A-F7D^rs?S%;I+nSB z5}ZAr_r@z;>_m{)_Wb#&W$5=i7!Fx?xcl*}%W)8upM{a}&2A)h&-3ki$;!pUVZLL_ zq9(8g8~j_o$tj?GuidEM%Z9IwU)i$x9Sxe`44j8?nXBsup6|9)CK%PrPzbs9RRaFZ zdv5tH+l}DSX*ZgUkJINXx?|HT+Zn6MkN3D8&moX`8O3K#H-MNsm{2O2tc%b6RxcZq^f#sa(1lCqJz1IdGFf>6a*nRn~OTfZ?d1}9zQ!w;@ zFhBSMtc2^D#UP`ju>`JN_vMIT!1M26e8Y`m+4xW-E7dY|(R(QLbvS&zi}-*iQ{eMY z=1LW!Az!;EZEISVqS<@A0OhOcILMN3bJ%Ei7Puk!CieQo9p-s7vs0Gs@M$lW-(%B# zxnwz2JP6nx+^h2;Y?XaugxvKO+htg!@jez6v1guI(;Nt)Rkk8l&?Nmu^wDms)egP( zNl#t()x-|5QOE8CR?h_i<8uXJFkzBf8E#T1o~jGVd#QmLh9af<{vOwhNfzIE7A-xU z0sQY8@A&O1h+uRL3JfJ6x;T*?yDDX1P4=gGv5Z0SK_*Kx3X#1nwjHnd6&NlLYlp~A zV!5W4HnR$C;^L(++LR5AQ#1MP7pR{@34F+f?${WtBRwtWU+xV2{QQ3D7Oe?+p2dhs zk+{S|8GkulYx(-cC&)scMS%;pIoV;nj0#x&e}5Ei_C0sseTvyY@(x{C%r%UI+QW(3z1#}{_d5{;5Zdru zx2bo`HA9;)8G13sH18C`k(LE;XU$cWY-~QDq!Y`~IRzL+feGiIo~RmBF|}$Rt`9>J zGbDR^YkOZl$ zm!sY_+`B=byRCp%710M8jQYF$*C)#mR6dIS%BtE=z){u+8oj#0FuvICZ`<-0sxrLC zjp+Mao(Fl2ptbBeZT+aDLkP!JtBtjXWLE8>MMGVd^pc{k-2c(Mmn+=o?raK5=zcpy z$m2wgnJS%9-({TkzJ;y(LV{u?t5)pw;hXEhB&AT*+xFnIj>9~^+f{^bh_&>>xXJV? zwKX-ow%%bxT7-uUkcOZtC*TC^+s@>+l=<<^J_nTPU0fZGPOhwR*l7M$PTpw8rm6-$ z;_B*()MF)Rj!rQHLuWwfyjzm(D#>W3;H~F(@ABT;lcsN?#X&dVUanSaq0)yi;j1xf zq0?q;)Z^v4EyLG8TCY8CrGB9DZ`6PP^eZ(jtr0fbrA#IN?5YQFZ~!Yo0VU-AQ)*-H z_2o`XHn0QQ+~w^MMIWvX!XCUgf8o zS=r4`Vm(gug{4nY!M|#|8~}+tfPTCEDPSiIzjedq>!#-xsc7}+;LAscj<72g!Q&G5 zW&OKV%lsdYy)VDnWyUfs^Tvm}CYY+;Z(C&B->#U(b86HAdK(0T;9>!6m4)_nuF!I3 zY;LtUcS*KgBOR z1pEE`T;48r0vrf>m`*V431WYasKb%0UvAraq4Uv14l+#J;dMq1YMn<=N>975r>ie+ z-uV7GE=O@>d#$SNgrM=F-K2}XhXx(iw0+Mq?670}`{D|@pTMTMVZy3E;{0_YOn$IK zZXAu7&0tRU^nET)5D%skWLOFxfnNYy-+(Iph_@IGVaW(J=5VRHig7 zVCOML@BJW=Ih{1dUhBdAjn;{;-J}@LWc)r~$cP|H|6?^`kA2z-;X&K<>Nc^(kV*4^ zf1`^DJ-2{nOBCDa%yfG=tl+@vwn~p*D_U?9Wuv7ZPNGNW+OvtD0B4p(%k^=6*U$@v zGXacOuCf0w6YZ{RbKIvru@?fm)yONc=XcLB;cK1LGf2zG7BPmwst_hDJ#JFecOFr1 zj1# zjn^l2eI*_3?HLbj$<{*NBZQV5uNGEU&5$^;(D@w}Cdz7$OQ1;bLemVx-&tnV`c&KsBn^^pOn&?h5%v_^-JKkkA zOV!yP@cJ@2eEc3ZWGdW{Ffjhh-@bo9io9F=c^ik&4Gy zLV6U}mi%C!q*r|#Lcq(`>oYmL`Wl(f2{c9unQr3u{Y$o9t`#fB;;_|@XNYitK?)_) z*9b}C#4tHc9;gv&csskN9rS?hN$zjLgPwUf9L-k0{U1*e@ZkA)1PBP4BUK?tr8Za; zrx*%mg^DP}Y6X}Vh-!b3t&Xb1mnrBu;tdn|-PkPV@h_wx2^sz3=T1?Slmyp$U_Sq+ zkOo-1At*i=!oZYpFQXKyWGk+aiM*Ki+iwnYLLgm${UUgZ5y{}NA}rE~y)x6dIK=yC z*Y8xy@CPTHARbI3^a*jyik=ODNV@mhGGElMf+z?U_Pvw)g?9 z2RzkJ<285eCgMpZvs|syBsW5@i^D6;ZB3NUss&qE>AB$?fg6nU<3)Til5>Qfz`pt_ z%p*2|cmi)vm@DprO;I(hr5<$KrS~$K#6z&{)0tId(UD{PQZi$HSVCJM?Qkp4rf|Yc zyW9*#vOKwxd&mSyoU~T`*`m`UY12XC%1_NBg%&xbj@p%t@Q7_2a&A}u86A<~O*qu; z8(6wxhY|9whcbkXp|zh^U5ls$0nPW4U!fbyTJ+pjpM*G`NQ`^mINYAIVSFWM$9Q6y z9w_@XL5}WlqT@qK8<6n0Tx_T+KKZfXtR(foa5*UMwoYBkPELO(+pG<B;J@VJc9xkCop7xLg$%_W=dt(L+^7Lmy0qvThCU1*A53=mGRSRNRboCD} zumY}Ihj~8Jf|v`FZkbu?Sy5~@vQ;Z}V|HcJ46p*%^lMP53T>TiA(W{7UsNL0&@^=p zbrYwc0*@OB$NQV}Ze<{BkBd+GD;AJwYBe`bB~QQS z^MF@k6Dy9P)KW`ttTXmzPQTDRscQ;i0-9Uqz1YHF2}!JVLeGn_z*?!4BEg)`k`ZXq zO~y^RI|fqtft(4;FH)H^Iu#U;$;R<|{pv&YUvAfs!vt8Gj?{(oz`&sXUtP6z6lUiJXse-GY4}T>0r3$ydCT+lx_yCW$0RQ@sro;;SkZY zinIrYV~>xpVx=QPg6w;v9*I0x29Jzi8{`S>rbf2texF>0 z2^mtd*k!(JKbhan>=~q(oq$IBt9>Rh7@qkS&L+*H7|LnQ`>_c zxdZN^yoP4y`%m3|rJU@7TuY*5yCw>Id6%yOr<+RV2*X=HFq6p5QBh58!rd^ z3O1!Z;)p#|g`lu}!Jw{=leL}xEX`cKa)5&JqAb0%JOWMkh<1&b zunpUq?3y5A%)iBUUd(#0pG_vbVQY2?Vs?6Bw~T4u=5aa9)>&53`N2S2dLr${!py+7 zEWo}q?m`6wSz~<~@nq7?iizb#9iQ0xk`U3u13_2^a%(O1oOD^f#&hGQ7R(9Oc>Vsu zSRT z*+*q=a9@^ESqv)DvI^M*Md84N1j>+IaEq1sYUDpd#DYMX?43$)GbnZokrIsIM||Uc z{S6W5M|g%~8AWfkKhC%)uC+5{j9t-dF%vRE(I1Sm=y z)P6p)hhl9K+9xbMoRlcf;MyG(JtPN?_bdsf8AQt}idoM5I(R3eSZ}P z+GFjpRTttWWiPdL&aE6fW#Tr?W+>7uZ*{pz56`4}-wS`lS~Pwri|!9r-u;#hb> zLAjsbOK8cCP)oJsH%tYoCu$}K8pnf1g9ZagRwjco8uE>Tjc+LEYZ&Z2wm1Vn@(tAxi?OxaaHFP%qo<_TSk78lAWP?&mlT1A#CL|i$HUbWX8ddE2&UgvXf_Y zz*)f%i#Z*Tk`nbX={36oCqq?r8+C->5mDiNM}=%Na~1@F=V{`{d96U!NKF)UNIbI7 zeaXkm5FL*s=R4rOf?ijh#65ju?m#%6rvrtW%PJ`DAYQ{)UZD71>Z0q=aAun3Rwtv~dQ z<9$DYRWnJ-#-rfCVxaWEGbD!(_Rs!A)Bj;`5H18G9ZI?Oa>-ni?$wpP{+Eo)sl0>r z%UM|admwi@6qD?ocUl)ah~R9lkb1IBw2#RfVLF#0qBxsj#3^>`86v)X>9wwunly)Z z(9`M^{h3MSE>pI#3|U<%e7H7vTH370z=@*SELr?Y%{t?tK(0fi=mUl_n+Ud4M*XLW zA(fL5V$wY9JXww~bBS-sjFlFAcC;M1r3lX=ml@et1&~tbhG^+eoaiH*krqyyN|U%6 z4HF9#*Y|RZYdK%WA99!8*yrb9WiyA3i%d-9=(juBC#I4LUzqzle!bW*z6yDb2feCr zQV`~IrbHQndx&0a#Wg9fkJRDmCy@H%DVmLRC&gVdE()}Z5OQ-IYTw58Qs>umE51vI z2k)EMUAV!Zp@B?ailW(eWsI4Z21t&WiNI>Lpta#9;%I8re95X$wOH5AkMxkzyrM5$G-?+1Sp7gy9DRu;Q{ z+$-wXNlfn4%^n6vd8WlgK*|qVC-O}&DKFD77A-zfokMm51bSR;IryW^-%_vQlWeSP z^Q3OZ*;Dh1+IPxWH;_k+{y1p-l)bi25mWc=Gp{0V8=|MT=Ul6~ttKt}OwibyEj!Pk z1l?iw(OYoC5+`3ww~#g28^O&#n+H7yY0VN|cyfy|YRLxUpNg%p>X;Q9oz1o0#w6Ke zbQ;Ta4IoouJ>rA711;E9)=OtL+~~gKG;@%rKXhS;6{bA{hb*Bmy& z+JU*Z_36_nRiBGmOywSp?g20bgD4z(Y|=`;Q6x zl?wv5*I|uKrOd(eRGD>Qi@!%RbfUXr9(cm*N2(T>UqX_vs<@pevUitKaMmg@+m~jx zn+7i|Ivk8lHb-sP!QnhpXlE}^@a@Ep6<@1VF;`XdqyP#c?zyM0*uK(kH`X^ad4;Lv zMF*p(z4b%oPqKLj>$@QZ#R__U=BLaj!#>u{*4|P3VOAV`RLT?-txx1Txz&}X=`gT) zdD}`zPJL}BPpVV8!AQGNQ1S3i+Qwqch?ucc2k$i9z*KL3f_=$aDiB6*5}RVw0e zV?$Qpe%IupVqhvC0}78G&u5+IOjHr023D(js;FX9BEuvafqR92J;t(iG{oDdC(lpc*9Ur5g@;!@A4z%$>*@7+2=UKXT9#s5@-2HhF z@0)uQueT9Dc!rouM$Caa&462qH~RqOeA)Y96hWbgCi~NVJzq;jrWTY>82E{qBtcdYQK?$@^E;i8+}4_Sg$bd zoo{EyLrhNmMwnv`l`ML#jc18n6F;rpXnCw~-~$Y~f_0qKFMN1nrwwo7L#5wn$D|&W zu9yRSo%d!Q4ls*?v%)TAQ*w^@k&DAYEoauCc%vM;7(aKj5=Fo$Ml@ad{&_uEAQuB;0%Y7k&clhQ>+OHUU&3LEN z?KmSJsNJL8n)Dl%BiV~k-&ihO&bB?{Ui6?a`;@>Q`z71A=iB~6s)6%?<-b`_sV=^G ztW$?iwWbaRZ97^-#)o|n4?;zu&bBTLZ|B7z@Hf29J(Be?Bvc`J+DU|}f^F;z?T63T z^zPz(4pWCK{OVEwg@-R-8M_+v`u9s9M4l(1uPu;p<;*E^e2&ZNr{6c{Z$kbtM`m!f_$nK+q<4J1hydR=pf zb|0B+bA}V5wDMEu@xSj%dWaIjJOQo;S6=gY`&n`uOpwa!U9x$z|!!a-op*8IFS8mOeL(CSe3Y`;-cS1#kME^}MEN zZmpBp!{q0+)q{LbWMlbllxr2ikY_X-kD+@KJrhr^{kin9{_S}21>wMpTb`y+d&ZOoIc z!`R5)IRL&^>a|mn{j%2|gktIz5zysCE%x)hb6C6K6xQoi^LNKePtdZdxCj;fWW+(^ zI=-h0a>8Yu`VsALOCHqvf;pvV#P6F{SkU;;6EQvl>+dk^fsxkYNPBqOvrOh<7yTPd z2=Zl&B^^-m?6xA;ti&M6l^4PE8*dw2XZX`h* z)UjsD@qy(w8l}$@PZ^Lbdu25&C(0T2YL7wkU8H@X6e`bHOHbL`zM-CY>?JvF95p7m(|XWa7kUNQRkR7p|YNZXpjxlzL56cEa_chErY*PU7rYeLmhp8Uw~Z;QJ?t3fAI~ zYcfZ&KhZ!A*(c!`qYg9#s>~OY0mw{|;<`*ezKkkY#bsMNB0o%c|DaQ_7y^$r$DpVe z>$y4I%nco7u^l~_ZJ%?>`8*rKLVh|rlm!;K^&PcckbsGd4B?POK6w(89&|39^C&w> zTt}wtJvOYbZ%vpkWp{!tMDX&OUGTt!zP7{0k+>g|)Azli==)x6#Ml9qxP)R?q6LBm zBhHIcQ2y@th@~>BCR}gB+b+Kx9r}6-NSG!$fPc z8^0%dXP%`Y--KeN8N>3#-vh?kzXb3%|&>mBTmJ z8@A9eA@io;*mpV5K_r9m;ZG!0j9R(P8ZU|_GxM~#JwHg~c6G+$pf=+gYWm6XD1#9@ zo{VF`J;vt-zE%~6uO>oD=Kub704Lv@Lz%`xwL2R(XjBii4MwygVK#;Z-jt?*VHY*f z%wReuf$=y5T~sdFIdEo$z}e8QD?W@MJnn~(s}^=k~A0Q&>FGp%)9!G z)(Vym(8uOBr6E-2qiaVYw&=uL-?)N-j{49pRFSTKkRXz=pwWQB0T1J~v)5IQ#TU}K z;zUw7EGU?;)+J70ktm3?7^G&7{>cpt6*YhG2^t@%|8$3N9c93Ta6}F{Cx2m>9xIpI zffsr=jm!DC07I>zf+gHrSY#)_hVR;_-GulTJ)xIyW5Y93UmUE-KF4KU$I>v^R1s6e6PE`pyDsk)73&ujX49Y{ zTY^MliDjH-oc>FEj`zGOf4pzV97h@bK7lFpGI5H;y=KlFX)^NGTzl}ISi8SK?&XJk z@8P81goH&78E*M-vIEK?vdEdU=gqr@;xZ_xxT^@n5N?h;uE$$@^Kx zj`kMG@*xjT*Wa)$BR3?xnlHli$6L5jOEIe>7tG*D^H;A0U8madw)ZRlng*wn;F0l_MJ#BSMCU zNY&$vwjEa-dB-uLRD}vaPpH~hnPQTK`CyJk9M64tRF+B zKuQu-8}sG8=%1rvp|kc7IJ=Y0(LWeD3DvWA{JCGXzcvkUxZ!8VND}P4ZKqRc)pnSm zD(b$XY7~xwGp&9!^2Vwv&+_XMFZ<0B{e0oj(1hlaIJQpkjhd#DtLEHHg$NAbJJ5}l zR!X4H*(7ZiRdZ@>GxBbw<^`Xz{>zPw`GMBHaNIp=v*P?q@B9bjv62P|ni{a-hyNS; z5dF&votw72|9?Xw1-OWEZY@;4A6Wk)0sng?Ji_|Z1A0g%HDfp*)VPNJq2qHo)$ZZ2g6AVA=%v!nG!|76n|RR zwgz_)E4-QZ5#Vn&2hrHXr(t0O^+|z5Ypo%X4m>K68Eu9`gQ093i8XykiryzSMWmf_ zo`ilZ&()rnKfh|N!NiJ<*(%#_&=@4vER>q)x=aBQ!NX-Nfzl(%2mFBm_S1y2%ZNKF z?}$Yn{QF9YfA@hR9sH#1#`&eG_3|unQS;+ek4lcfzj8#-o(k&;@1-O=~_La^wsZpwK%pQN0tttK7T4C znG!US$x-8qPa*Ahx9OQStWWBXXhjewo~g&!bE|Eh`r+itd1S-&n~2`Q^wjvaVaGwI)3mzjJ2s%i6LRTD3; z$V#+sJ^WjK1_~vun;z=`cp~V#Sf2OkCqR#g0VVPaouab+7HRrCFRJ{@G;X(}nSht; z{BA)On-N(u@BNEG^urI+mv~h-|B=CQS`0rWeDsA)9<=^FE$eGBe&ptSkabZO!TEkv z#FPWom|5iLEgsrFo&3u}ED=lq9e(mV?4Wk=g>U~H_sQmBzkJU+hr{igu;_rn*dG}vuok{q6$TO@ASc({^gCJOO$+TCfd zr5Mv4=$7?8^{uTxM>p($1!PE1OKa3eD-kb~u~Spu{X@wBP`ckG)$;!X@CW&ps19;D zuG4R>52m73DV|@>e<1j30=x-q<;(qEJn%uAKnC z^XuTs)>!!ffohkkeug@_^&LcnNeWg?b{oJq8du2%zbpMB>`XWG??BzN2yq!VXZ+~G zxjR<~D+XbASBk4L+mI!|i$pqDg;+x!wj3CQqEniUYtkX8O^9SQaGg3OhH6r@%pfN! zOXQsk1Q?A~atp84cAe>d`0zvE!ctXrHeT$d9S}cUyn}m#cZR-~aH#n_)>yA0Iqpk3 zoKLC>>1;K1b>sjG+2wJ{)h%hB_aAnP4-5PfZ)>ak6eYJUUq8&aS}sJDkB6W=^y6Rv ziZ1JA-r+#}>~r@uC2XFhZK)4mT(4fsYSE(rsNec8q{5qtdFH5qz1^oWEjH5Uu*8Z- zOuf?&i~YyiS7#2QA4r&}v}fX(g#bR-CF8bGZ1TBi59j$o;KrF>QetrC67;=6g!^gH zp$1I9_`&mJB~ccpy&FK~Zqj?7N~^15h8-V)DlBCLN#l>Sk9hd_=mZ>4`kep?vB&Uh zsb(F3uvGQ+V?X2r*oLyusfL=`fc+~_<8Mv=;&Ueo6!HO3iInRMsNv(Z9G7KZzuWuU|aQHZova$$#WU?H_Ab z<7}(EQEYNH{Dg4K#CZK6hjP0^Ma!CtZ9S*EERXskFusV%=# zAt6P<1ihs-*gW~BouJ|DP4Lw3XHpYTPynLv`)w+h^lyNs5P7j+rLVu~5V6hn(9Tq3 zuCZ1;)4!JAUi+1!WmmF;Tq0+ZvaOM62r{Z+!)pJC2S0;(!0q|Fvqm;hCAeFcy3?pX z7~jClI9Z9W{}PT?;|~Cm#mH>>oPT+}h!EQbnT%sJJxokY0K8Ih;t^We3%|fxB z?#v7YVz_b1_Rr06 z13N7I9Dv2dp7;V9k;sW-du&aYz488Fqr(+bB0-A89~gEsnxByE5=+L0*IsM|FV;NO z4eJyM06qbvM)rShvl_$^mq!Pl3^} zOYR@$bUQ|zplFYs3|)$JX3FiZxP4QF-V3_SkBs5SwLk2l?p*J%4`<4P;s`7dZi#lv zEkyKFwpXYa^%2`^Pz0QE>`Vu2P-+&J7)luPJ(AW7Y^^m8SPv7Xu`Zgo#~RBpO$j?R zk=};geb%ZopfP&+a*$W%|zvzW>7rd8X{Pr(dpT~VHj^P9CeWC$^U-* z&7e^@dU1N$B{mcChsmQ&qYzXuwzT|i0gN=k;8@G$2=O_fy_;R0qaWmwbrvFuli+vH z2EPy{8Dw;($o%8DP$cy^7Dc}r>d%N7K7Bwv^KLqyb&00U(tpM9r-y1wZ`RqhP-fGP zPVPZ%H5*p>EQ%MTNYRJF`*X~VdZX9I&I_TIn!oiqf~Zz|uIu`xk#<@r3~%qJRV7=~ zn?+)~As?{@&BwgjiXoEqv6Lk?eh%N5v+hCjDAJLNNp9nqu(p1~d1*Q0^;Y}AL(~$p zp148S{y;3r!ksVu&ihUFm1cr)vUpTMdN{$mRB7J^&?L#m#3ZhqM0Qk)JrkHi5YPcq zx9S0#FvJnnR01#TN&GN_v%ME1^nUlLdkp>EU@t85T)~9gjK+z{$vZ|!M3lgDg5nVN z?r;$aEI}>DGUh$hY7op1LSS{s{r~Fe`aA|Ci^CWMgSCb8y~gVilbt+-q(w$`h8i|S zHiu1^i$;(Z`yXFjE<;>UQ}ys?-d99PEt$U#{g@2sz9rJ5>uQ48nXRzJDKg9s&h;5U zVzAF4KFtwLaOi4dCp41On5%NtLP>~+=(Us^8DoyZj$+R@*n$}Lk~gO6a99#iCaX?^ zs5+D31IAJKoUzjclh@o>%cIK5Ui*<+G^kpI@cvvf4n#y*9hQfZemJ~7I`B4TAdIqUM z{(;JyL&XK9v=mO%4gLvCf>0=p{A+sr9(P&$VX*zRJSC3Fd@tVeEmGvgGQ5Q)V5;~m zvol8-!!Z{W9ugg<&C(*FpMcMfQB{6H+Q1FFOBqfjafpG^@%st}0dw|KXzFh70Kt-H z!!$%I?P27-&5N?foQ@x% zc9?OaD@t5j)d@|m-Zc3@{4!YaDJoD>itf8Gq@`4^f=;=SDW*b|V7F}W(b650BdU2& zS9Fz|8iRYBNkAJo{am$`n`s0&f;@xG#{^Oc|N5l~u>i{4*syHY1R&!MSbd`sgZItU z^F&d)eXoNSDEI9dcca?Dxb-BteM>}ka*^UD&iEh-88;FpxBwy$H3jjC9ZW}cYHndTCi2qV_qi>qm4_z#kY#YMvbz6mEI*o+y;N@kVAl1>F?VlWhhT1-DnkN!opxaxlgP> zVdvkDl_^-Hf$AXTCZ$Sc*d)2W`~kX#6<>yTMKoNlmjL;Ln+2e%Hj-r{TF9g}+fLM4s zcMBNY2~BS}?2z7JFfyAJU&GXQh6kWI!80oJ&qev7fY}&^5CDgdu4e+seEX_N>OY%k zeFIS9T%gfd;=>Xgm&k^ROmTO%OTd>T^@0DEDnUfN4v;;+zc&07Skkp+6;d(jGPu7f z#R=#{-UqzLrXfAXG*aYTyLFFs`%@ZOP$Y&+MbAgaFT4rqLNH74$}W_yNkq@rDciMY z7Io&#(CU6M&9qm1iyE@;dB0${XG)#E^8x*E;Od!Cf=X%ppHP3FHK^doM8XyDRvrcD zlyi=zDMswp`u~ZBA5iXrjtS3CpBZ;2i858;l2l36^8pu)pF`F4H`lYvSzY(30Lf`(unl*b}Sw{XTXAN4&IJ&_X~-a5?jB%gOGu_zsTh!ny{E`XxEM z0~ed~LM>0Z4%1pK*Z;KWTm|)=OX1IksOD?a!%2-jkc?-D=?KS1TkKB)V&T9k?XRt& zhN4bMH6sCvWH@wysN(eCBr6_4EO4_B>9^(w2sflWtesfftz^jL+qcDig!}tVG1&+u zUO>iPUh6EJXr*|qf>Eo90m`U+3L|h-AWF_xKF>F@F&x&tluGWjr1*ae@E8|KlhyHy0^(;!UX4mM;3!=+B>w} z0HoT#uu{Eky>t?aEkGHH+E8b{EF<=b15m*jPXFX$kJ3{DoDKojf0X-wHdKa!q0>%H zz-3>KKgw(;)W=sDUR~6;bCuYYqV1)GvD)|vDlI)~8#qF+86prfv#nKA~PU7oMyv_~uq^jL;@VjL8__DnT6{oSEvTZ7Dv?y{m{a9?YKp4jgvVmv^QE!%Z zX$$_FM*#-?My@YxwVi!Q&MjSNua&6DidJajkH46?nRO0j`Z_amz)5)bjy&kX~o z7iC*E+L2I39qX$EsOy7;mbG5$>gKt3nyN-y68r+2?l|pcEMLUJVX_}PNRjo&Yiq^b zgOH~(55esUBkcVmHi&^pQEc^&h5D_~%L%qF1=fi}dZwrJ3g^TJT8H#;-AcTRm_7DE zk9nA`P9$tX=XAqiC+i2bg|F8a=5e0!z-nFFc>$orYO{(eFP2fX=6>|mM zxBG%55}}|AqoG;dot~0pfmq9Cp#t`gvW^tRA)1O5i z`kPpj8+qCxkVjh7GK?+LZ8Vc#sI;8ULEHh_LMUT)Z6>^s`h&KB1jPj;x+vizY;v+Q z5Rn}B7wJk-EW*xFcB*Z{r?UT>%S~8^<=b?d|J%H!#VXdiViMgSf)G!@NmXB?^#@TH zaC0K@syu-R5ojYK<}ecPwzxT6Z>y|i$^|t7jGoVF3;wx|IX5L$t!llheQj0MVD3tx zWQ5np(Bz*zk7rHNO;*Cf7C;`*pgXK!{=!T-Px#IEn0M@;OnC~@ov_SR7oAjkST%h3 zv}>p^HW~bKFxv2+RIW^QFXL%LD;pyMkXL6K>qnUl-8zFWEYHk!-N6Cj+*0!t#6S;T z{2FDm`}BWB-u;VW6RGI7As&nix*km=op_x zyDvYb=_^|o#i3JEH{j(9)LrOZy7Xpc5t*D;1e@g;_fqM7ENg#{LsCJP^9D$j{7sk0 zzni3nPvT|(y!rbev+C9rm#?h&thzkL1EE0ewd8Lqse%W3?{g&V3Sqbm@_a$?cfkHT zY<8~R)&PD0TH43OKHt~pyTYJcxwkJR50Pv+`cF~7!+>~ttXb2$u?sW)41__W5KhvQ zl1ocV!!nTjBw8qCY2UsR{`>cDoOXamFX~@uu%6C&6OGR<^Sh>f7jlF4Jd6cpb2te! zQF4^k*E<1ei9(2SuHfIkrwv@7Ep8i+PiIw{0vr5v3))qzm*M-Tn^6?o=&F!c|3Mha zrR((ESKsrTc+v1%rDJ8LUl(3pv%)c66}~iGBx@(onVH!_?UEoab=TklRt?%h)DNwH z3vz~63geS>_FUDmLwnRF6Y;@F*h3q<%+Nk5$KeD!Kuuyac_Sr{Naza@p z3@P(aq85%nL2QO4=Ae>&a5^I+-?}mK6hYV^685_%MT-m!N6-O4-bvD}ftat)nv33A zD9r6_gK!$WS*zbQhb*T#bOGeQq++WNioV{*@t6k`CupZA!g8er3hNWD^K!AgfmPd2 zl#6rD)Q8LrALTFfCmv0le3e+DRowavjuoPn3zoH=fNp%y_l2Ros!Zw#NS9Ph3{I}vHZh+xr z+o>%2un)VWv=c6IU0|a<)(q59uqKySc$+skM@dYp#*{^VFZ5NRWlw$A0DXV)JSvR9 zs<*6t<5OtDOm>gx?L*0g+>580vh*F9y&K~$w+TWa38GUK?Vd~Uw5E8M?7-2(!b6~o zmTPgDDPJc62NC~;m2hOE|5B;{UqAUOSiIcB9{z?+&u5tK_4m2KN-IqZLjvA?0oZPE z7N?6YO*j$$4yOm-Z5BwHkntj8dbTfU_YO6d78Nmwc8=*9_&@xx%=g2S9_?g&vbHNU zwtkmJzO!z)QTlN;%eF<|=S$g3YOP=a!vPu4r{YI(X}*Il^&azBR>7HVrVyBE!>FaO{>)RowU#-0%~9`pe>(%G>%k( zhLUz+X=#KZVnr+si;^Bl?F)j?V2TFJ%_2lJCV&jyuqgQuDqrek9oT#DI~I_!y#{*e zVn*s0-yLE1L>SIUr^N}Kw(hp@-}PR$mc9HIIEx?ldz7}P_Mm!V>$x}CWxDLfe2gfd zTEb)mlN)?>AV%+majX7nQXCER6846^r3$@>Z}3H{!(p%f+Ye~flb_d`5V)eCL1O!T z#$w8YuyjYf>u*nV@3RM1U5ACK1`PyfwG2*wYEC`4nxcSLUuRZ{i_01G`J+#AyOK_l z`jLs7#?NglC9O0)axQh)U|8+XVF~Mi-Noc^o;7|%dJ?WSm$)5DcLJdbe zzWErclEiCt#J_H?8UZ#Fg7)rg{DNTK`)?<>_%Cd6UQC?P7mUj+2?26rNX^T1gVz*V zW*(~C`$AZoaK-ba%T_BAE4zA3N10Omph+4a5Y2q1s`_tmD-PQj1-0&j5i*+R-|f%T zy?H{|?zAJ(YC^BZ>08V4PJV;JC!wGqQUS%0k9lI{OGu0qU--Au6sm;rzvZ4Zj>dS@ zh^EKZb%!SI7cwE=HlSkJ6NW=3#7P{kW?{y~H;JhIV`7I4zdneYMigiqA0RFR9wvb1 z=OXN^g&i?a*FreX{({6X+K5mK=Sd4c(poj$E1_@l`m_F5Gz|CCtqd!rFox&+1!cSD z{i(aA^moA`B9cY;DmEsW=|?`E4;BkpMG{W@f}1J>@d%|jLEW_Cz7*__5C!^rN+BQk ztIWX}D^eku@GVqwoN6|hXnT@6Nm!Q<@%L_&T5+O(tTbg@w2?DiH-O$wkAwETIM=D~ z|BXD&`i0|bbWQ0kbjqvNO3m4stgQbv@l5y+LUKj4lds`@!%so+7#5t}GwwJu4Prfa4I-~K3CX|z zra~;8c|HQ81-5tDH-?3i-kXSmsX za>ZP8&ednblrZ9#`&l=3_8;y2V=pl;$}3#2+O zk&pXa;K#-+2`?8iyCBms#S4!;;P7LeP8TRHz?eyDAs zLF>g+$qxm^6ydz1o{oWKOI~o%1+)z97ghg2a-aa96kT>s55`CK7kN=<>|)7^vwlM@zvHK{Xi8S0Feqk|18@w<7#7 z-Z?Q7r{yqvPl!VMaOLaUy7J974(7D=%1L~m0XDdCV|i+tip^Zl@Qb)uM3)Y9Tgjde zrY!utp)_OH#}ZvtCEQxZxAc5bft@OaMbAsm6r==-7Qn1Ib{WWuFRX2GoC19N+}O>a zE&dO_QSjLQu^Ozdwx>tUl`>fs*P2xZYG|oPtHCP1BSo9t%0E^{qeka1gV}PQ+hU{&&1afH$SF* z8R4F`K9C^|LN)m`&gaW*I>Fws#?;N_%K_TDmMbUKb(Br9pzZ;&oqwN?(*ywsx27)9SI*TNpE%3hl%YY8R$)7ykzc4@3;O9l+V-W=#t;;Z1JJ?yS!>c(l}?iNxt zG^Ce=h@oOF8h7hfoZ2v6uY9TeNFdjTY2>dwD$X|7G379V1%wd}c#9wdeFg}tvdmEUJORBf@IhqJn^AC;t?k@HSZ zZmX6f@K3Ufq%zEsjO~Dp7s{!0wCb!!$AgzW6DvIPxSEO!ReL~&YY?1wEv9(bwb}CU zN;J>&8s%)o-qR&kkV?yq*q*;@8?+~yufnet5yr@1FcDfVuWG*|vFO)$p|RdH(2^ib z-`2CIiaUdTZZ6J+5W?584#e+N-WbvUMeN4lu|CM>v%mV8-*F@rYi97?vl%`9jpJ*^ zl))Mm>Z~R~To{AhuI2sXWuh{i!>D87n+$-h6dq?!fPpW1J$T#$TLF4kVvar+?KvL=%-649 zyEH5uuXOM@Y)2%-eJ#ZJ%YX8YMH@*hjve_si0I{k&dmms+s4Ae!tCsBf`?i2k`onk z9lJZg3orr=C1cC2owD)-uC6;!3xB>tV6!Q%S>Nz5CTk&kOL0g#y(QC>S`K zC}>;;Ej3-;R9-3NsQ+ALM95X%L6{+fboc6#A3!@urd67m344U2Xx8*+a*f9_f#2&M z_%^)zumYL(9+~$=QRT8wPl%U({FM&cpKFuy=+A>V|6H_bP`gV}Q1&2v)KhFHrgLB( z$wHB>w#a-Ju>ufW$9dbHnM8(fY5<0t0WBOSfKyjjS9iv8egY4Rj8G2HT$iZzJ9eUr zLHg|43JAI|IywrBL@a?VOM8{Fx_TX88&p{@-2>wXy~ydsPe((}sl3#I+J!|$GA@*~ z8ULIaWw5}zcTmj4!09NYMj)`*C6LA=7F~Q{oohg#)4CY2-?~WA(6qB_BQ!NFt77Wv zj@?$KSf(a{Z$kfDd{|5j*IH0nR(SaZGK}NSS(l!`J$z!Ps)y%7_Mz$KkBt%fCyGRg zK3Rwn2IblOOa+Mb#eWap9Tu?`;giCW2e_y@WNDR+$ff%SE|p1#)pNQ%*cZscWCDC%%~|C z8B|jm!shV{806o!T&wywv{Eo`MerTYVoy}J#(b;^5HHB3J=F*^`>efupVA+L&t z###xTR4+4QIn+X|u3higNrI4F3;08hNGz3|7S@*lk}5Ap`oj)J^zHE67R0zWHa5n9 z{-IBUyI2Zf48Lz&odC!&*lWA}`Y_Fv_n(ty@ezOy3VxUZC^S6QinqRi1M>p}Zs7X) z4*J4t1=zkAQ(sM_7}|B9v?s5#l6EIv^UrN^@}7pAq`v7=ob8RIxMMTC1;n@^KQK6$ zzUxE|@0>)V?&j)9OiZ+T}0Dk!6wl4snc6A0vzbY1_bkeQKiV4$(x zfrUO7508LMVzfoSE2$x8dezE{B1+ITj_}FZB?g@WFQxKw6RK8Q+wk5}JBS+)DAHNn zuR_iu1}HLup0j<`WC~Osrt%GcWmdM*B{%-^axX72f1s1{8CATcR?DW@8YayI9TBxp zq6|L!yYU7nBSm(Ov~=}Sf`ngF#eowATK~=~-Rkrv?Z6&v?@o)5Ohy#h5V zu}A^o-yZrj`g6;0$a8n%r_BwiYE;%+cN6DU;f!AN4G$k%X0R<*YB1qp(d$AvliNHM ztVTCE+eixL(CwDOj1N=+SP)VF9JTPusqon@~mYLxq1XZi?48yNRya zZRk&eu*m0(Te+%YE)K`Qr#2@*u*7~_FO+e$Yzyn6f0I3)hLx%UN*>9esdf|Gnf1a%mGfVS^dAT6%#+&AmzhVxhDNVbx922&(_*AIKx# zK%5i}3Zfw2Mfw)H6DP`Bj%RhCaQxp-CP=1{9vlCVu2On*G!!_*#N)C_n{?Rl89jvBK|oUPid8_tWB3Y+9GP{TCE?LR4)QC2*IwZNf3LmAS^q!hgZ2ejD#D9P{#*P0 z=N|(xE>pJMPP%ZBVqXBGw-nuFfHxR#-Nm_`EXbY~q{cT!Qgw11fjRrfb4NWeLa=Ln z((mB+)S|Q#Yj0`*B&i%>bsAkA%+fX-y!U8<%*EnA*^S2M)v5}*Q>=q_0O1lhVRYAQ zH+{{0{WGc-yG)FLs2Q@><;u-m&~q(6dP>m)C)P5GYUV>HtZfSCx8-Y0j5eG$gLn1& z#_5`3mu+d$|K5{G$h0?%|Nhc%qX$grdv7}wS=@u>MGtj;*|xpWjAbKU&!J>XsR zc(yO)^sYrrp&=vuQ1O>Cp|oRU&3-FErBYwNN>SMH-uSW#FEpmUvoiDE=kVjcoZ!o8 zWl}A-U-*EhYP$?M%P6wJ`7R9WsWBXr_|zKT&Q*2_7QO)Ys%qdqR?GIpp@w~mMwIj% zCM{Mo3**0WDMH{kyY^t~JX_dI($A-P9jWI#C~@6Wtll9CD}J{2>=U%oKa#%&KYJ*% z445kAB|pYJbVDGWk<@;G zp^8}GYk@b_Ywug7!g*V1Js8g%%eCC^bdoA7^UEFnS*J3kp*h7?(X@{NBc^dy$iL4O zw-9O2wtiStHNF}ir>at60;^umkUs`eaDRf%dm)yfCtAk&K9hU%q z6q-tMPs27ei)${H4n_l)+#yGhv{lT?56OQ*8tF55SP@(~`-Fol*3!@4%g~7V<^B1! z3B2^&Dg<)@8X|Or^Mjcz*iuN#Z$qFZA7O_K%~5N`fp5hJ(*>t>YvhLzOl%rd`zxaN z-V*S_aRpt~z5!Yqn+(sEv<>vXe%(L(5~|S-MslX8j5at~8mg26gYQ3HqJ-v~BD{1c z=BE}jEg7@(mSHFVid+Lk5RbZ(fBW7`$P;NH(#!|rWRIRrK(}Y-3eiv?ZLOi(ty4zT zX;*}wCBU#ZB+?pMi+H^MIc7D5NSW|yxac{ukfL(AF@i9$sw`t!4Q!Gon`VGz;?%gO zU*|~T`iCcT)o5BCE}mL$oZq=I@yE;~eVk@El)s#zuV5k_L7P=;D`5Iii`r`mzX-S; z;E0O1Of_J)<7A55IZFJhw7?fIa~bSbglqDJ~cIzs#=rA z+p|)8rSidPyBeCJ4S>YvSo7!R$qqafS2TAf$HnW}&6oHF)F_=|3c;2vo7Zq_6olmf z@VM%#?~K(J`;I1HTG^NdwH3whkVK$rHF90WDt{N;>sc;Evx~RcNLcJ$(3<6}TFk$E z*97Y!v#~UMOP~$I+?|E`IJReJqUqG?oB!e-64{wpFT?%Ov!U>n(26tFlY>mTm%E{1 z`(!JXHv5ngnx5|6%zqw<421CsWe>hT4F-M>F5Q7u!8pd1dGxHstuk*%=@?v9hB7v4 z)BQ#*e&i24hyKS>*{YIis0ghduXPN@KL0&%m7V`+ z3mvfn3%!S0l}+1mBenUr`t6iT`(dWuwO10&&r)r5IB!J}e&E)6%<UW_%rm5lg4-C_(>cFocHdeQgwjUD8~;{Oe{HhwihEXER0j{NV{eoWE>2;+>}^~XCs z{Vz!7vNJPpB72+{JyLmLDSpNHrxd^Zp9?PV1|EF6{5a4bhxb}QFK3ufUaR3CAxwj{ z1O@oh?qRA^{)fHr_~kQlX`T{YU&M}dkEg$O@wuIIt=5Kpbso6qpqhpbEQW2PN&3%p z=daVTfD-I3?Q0xfF5{Io)R^Czkxhs^7A;C|E26ghw-#0B{`b0Efe+)vEqP6Sp?<-j zZX|Hg5q?lQgwj_+Q6L$;-JgFL^}jV+#0=~%4t=uM(E(DbTc$Ae3wGIpr~LPFYCjaSa$#trS|e>nCzR^!i;tYU78P=2+4@$>UT>x&kK zEstp(&r^DaLKI&#S(Cp2KtV6J<&eLSV9^`Ibk%!68<9=ou-qBV0`qGJpu-XW4S+3~ zcqVUFbKp}9lp?dhrx!>Q_-~Ip#&YDS+YW*M9H4W@MMv`jv(2NHhqpU508k?n@{8C9 zOc-hd5s@yC>VXUCA|Q1jTa-xuEe7F5(tiAKI^4f9I8?hmJv-o-X`DNzm@R5i$PICg z5dZ#v0k0<$zd=rqi;0;SA6LtJMQaFLlRE%Mps>zuvr)?=R)UzG;<}lDghK~XKPTXZ#QqC`2@oKF zI60Wi{BWp=+j1)CPhWHJb`_6?A+;G&%BDY-vflgDr9iB+>ZNHv#EyjIb@c)^N9Aa- z=@~NKNP#LN(ZI&W24GwOl12BPue15~$Pbs+ed&k$JBhl(`n}T)VA+_=_lZNjw^ssD ztJa3BuRJwE%3vp;0<=4o15HhKe z>8QyNwL`3AP?JNRGx{Lk7Xz}&9>6Uq+#;q0iL?Mz#duf(#Bqq$*h>Jo*~FCP`T@u` zl+6GH1v(_iv>c_VstZRmIyQC@@G3!Vh(m*}@#(OR`fZuXcUL&eYM|~rTcFmhx$W(f zk`9I3HE$v^c~#Z34(DJJf{NcMoU_&y201V&G{mK%VQlmotU<9aPB`S#X+c+$Y6LsV z%00~TYGn}nO<*w|toyG&K%iUkik7q<81P;z$#Qq$Y6C*SB|!KNgBh??jf^$`Jc2Fc z5cwok&C=4cRqZRB z&u1NKz_>`1yi`3F1{$VXrspH%VqV{`>`@!s=NrzgeV z3D{JdKEx<#o5seLfVuLlEsG`u0c7zN0PfZ5DSv=D=3oNrv!Z5*Ow0LKo>ETVH|mNR zI36>HgV~AU={F4LEAaqmgLoJ#GL%O|egiT-WuR@ufS>NgLM(rL!B0a3gk*-w`%+`V zn<`E-E_j|VG|Z7vWYy{;Lm=UXx8qunuqw{s4QMfrpmFh7j}(Kr-G1l$WCiZJ)k6q? z(=Jn-7xiF-k~M%R;ShNE(t{Ut$>X93+y)@O(zdLcsGc!Sq6Yr^;9VDq2d47Ig@{ts zj<4nZg7jCg1ZMeh9``4ZWaoLUu*G+A;B*`il^pikg8LotrS?p==l=ssLw!+`)(gNVbgiylwmPtOsPvQO8u61|p`$+)qC(tl#G!#O2UV_$W93 zPlR2E_x8)r&pK++^nB1()|G=~FNO|Laa-RVjlg22=zl~ae<|Anu%{^kLKEdw51$Hd z??2_|c+DN8b<`6%s42u1U!hQG-B8uH+bX{P-xOp3{bwLnSvs+H`M#mR>$Z6AI8xh> zSY^CSiR3JxWCuh0pw zz;NrQ{h!prEt}SCXWDfcH^ZIbw3rMM@t$2P+0(2n?!`?*PPug28DZr|p`#&(Hwb4O zY;1ZvA5GJ36i$qxJu{|S{vPsC460)w z;(`o4fUdF&n7cak)8s(L=T%izfjHUje_y04K}ecQ$4#a8GPFoa-2E;VzT0>Kbv1fw zSfliRj)cUU*`OOTHwTg9r8V>Y7BHa((6FR~kq%=YIpmV`(n0^h#t#1OWww%miiL&c zz`uGa+i>(v{oE*q9Yb4vLYqb9@wmw40YVQHO`aeE6Ixa(=;^HhV|8r3cr$6~L5R4U>D%|{+-fI^uu&^qE^xfTM1rrt9ad&VSKgEe8QS-pu7tm9ypdFNH zAh%}-1Hc#`Doop{x&DkRg}>R&CA6yjQCaB#T(E%^uAqd3#3fMW{C#}+A=#KR(`E%T z9P7{aL~bqIQ6j&koVFBIy<(3F6{PYIfJ2`KC^x{yg|zO$o`>u6gMm0?7TN5-ZG$14 zcfBtX4li45YkQO@t>CHi}RgJ^>;OiTn7hpwTWc zY4$HtF=7Yph%_*8)I!*$T)+DSOVz)q#@aREbsLZ>m{LN1hX4bn3%~<)KqLfP0FF?- zE<3=R-+RG-w<8CLq0Y9pwhWw_mVYO60pA1`zMNiNES4SDQO}`h)Z7FZ%vv`)CO>`U zN(Uezf)|gk?G3Ds%Ze`$bx(2poCdsAh?Bl0e(FtAF%D!FC?F2~{CSnV$Ms59B+GoNSYs@vYk_7AQYDcF z!V(ae84o3UT@(fDdN$t~YdZ4$&UGTRi0WKbjs_MDqv8-ezvJ4hWq4fI_P;GX;VtBo!V9tq-y&O#Z!PnQ;O_+S-3E#R7^DE zG~%|yP8M!9=2h=HK4X>-uEQb*B#Bvp>DYstn2e0f;;4Mb-vW?e*9_QH@_7v&NG*P! z*1JimCuS+PSSHnzAO`V!yiB?8@j}zUGSsa{nT}<%gSS8E-QUo+7V5$xb(J48?YBDl2DSsy9 zUOj$$DhS_Z`OUY`FQ!IOm-Z_6NVHMkHd@3$T?LY-6vb{!Qd>?uVr@l2AHdYY3wV$3 z?(S;jxJ~?Bxe|f@*z9z`vX6Dj_P!$^!#IfAH=D`YLu1z z*HJedfe-JhH0e!O~jn z&ipQ&R@Y7A;P2IF#Ju_qhLhmcemF~gnAVJP{CiWuL;$ojQcIt5ZoMICV$8MWYXgbP zM}_e3uA}G3rrE-(ehxl^kIx$xMlGmoL5|!5FO)T?IDr%n;_s10zorzRDf0N%zeLY1 zDb%_i&OCi~ly|?0M_UV+MoVDi2wnPpoZOzW6(aG^f~oEEK1<60JU)ap|g!%&oDT!5HoOKqK^I{ zV2BR(TcCY-ItBKB6n<W>S6xu%zJ>5Jhj;r?fgq{7h0DC&4gUOG_&`_0{-e*6YQD z{v-7oC)~@lt>a>f@zs%Sr>*umv5LG#BDLkuR%4J2KIHULf&=2EVshMluQ8lMERhNJ z&^*%uQA4}l;m06gntNRyuV83PbQYvPc8Fu}?G3ClyH#UOY*~;`2Wp%0~q6dJ!btmgC>;CM2}47!I5+f2BChG*M;I zSeHWN=-TU@jI}*TMvDMY^OKEvTZ7HbnmqrvCYPZ}cAs685~Gk)++Wwn^lt<>FLR z()eZ$!I1+008URw(5dmf()cJ~S7CsvLRBLTkxc{g2MSQr(-zmRf+UaHfV+A+3&3ji z`H7(O+`rY2_c}%{ZL045G>kBI?D^r?!Lb3P*R>l^HKnIK=8>BMLav4O)x>^Jz_C63 z5VHn!ZM-{~-}ZT^fnMC=B@}%j8;x(}h+nKB_5L#~dYX5xkAa`V8_+{<8NIH8eQ{6i z3=carMzWYGAkQ(kP@2_!k*BYWjA5#Zi8Qhx!u)~7nl|S3Cm#;bP=U&dAyxOtd7RP7x(P4qs z6;-_#iuKu7i>zA)Y~N)jHuB?{^uA2&Nd`NNYz(re`2`5*pmPBa4p4?qxSnm&v@?}l zYlmWk*sKR#b+$R|wS3sc$g9NhA=HW@%&KLhntOhF-*Wbd7oxMnReX(h+bx{Tx|yV( zp_hH?66+!v^fQR@wlBN;oVHKek80B`-3Bp%%a)u&KA^4(^xSWiY=`0U&0pgkm3E-q zfI&08LFO(Yrxnq2HXeXkev;~Q8pIJZF|soT_Arx(zu}&0jB)KCvhmoCBq)}{=E@Vo zQUWo?=M>6@K%(+7hGC|uKt7d#E3z4&ZT%VSa2x#|7RMw+Jz!({r^KvaaN(Mbsv@pQ z?t-L1yh2(TRRS%CJZ^SWzX>&6( zyV@qRM95PP;_s}heSgnl-DTHSKU~q=pVEvu>uTliY`lAkS3JL}fGYAwHnja7aK4{F z_zdWSSPQG1QT*JdCgR;*>j)I3cBS4w^*a1c>VT3tDI#qekE52rc2XPk;kWq8e@+Up z@4=*CL^?AvOE^RUshK#qSXjn3it*b^8No*NmHpCv!9{E z`98TBq=gW^~tp|2&o1LHh1;Mkey1YH%U&6gVV!NdXN_xElS{EU;XT;+46+;XN{)U z8ffTeJlBQGkoPtu$?>4dhQzzq`2zXG0GU5-GXTiO#I?X)nUrY7H!e zen3vl$vfudZ;~?pYdw%YW4_;}fnK{lnhjWs zZ0g}ROzQ%E1L!QZ!49E;0|kV~ICk?`-`%nuegB2Mrfbo%6RVBNm%ac;xaC<;QRk~r z9n#~yhD4~#l=gz0(ENwF(OIVQa2pC+bsVA1#eB z(zVYJDNJz_PVL8M2MCalx{;Ald7&cr z;}xiY-Q6?yy!E{2t6@msYVJ^(b0+o_ZgAx6o$20`>;RN)Bo>EX4u!WTFz_%uM5j4O zw`(mESO=`K(@7O=)#U;GOH2D?enNrMA{r*A9UMW+NYBf9C2Ht<0IkHJ_%#YiXFH{Q z-jY*Xlp)S)FVu6%idI2;l9&5*Ng zbLn@&Pa#g_VC}Vtllo=QsTRXm0V4LdCyM@>I2r|@=K^{WH#?EI@O_ZW0il0LN=k|w zUyZ{LPDtIBaA%=`v)ux$&+*|}y$4dZqT@!grdT@l^t7INA}_NTP#d3u8g@ci=D~Pz zp@zZrCNymBaN6;*xBBa(gwDxp8fDn@7NVJ@ZsG@o2QiJ$_=JMf(H@{a`tT*}azzd+ z@=lU6@G7nSNC&T6z4q`_h zjf{zUN*db=taIv`5c7H)|bMYs)K^>dve*t34tDSb&wOpo;q+bBEo zxI+CPIcG&?Lh4iB>YLdpy}B5H98A>oLKbnI^QM4pyw@ z<+ko6UmO;%_ZX01zJ#CuhstJtfSWHrw_JF0X& zb?X0|TV71p*mNzOWA#po8vR%R-@cAu(C8=S&?P1PNDLzNg;k`iKcBak!}?_q&Nm7C zWqgLfc(%tgCm@xw8dmNeQ;ydbuzCO+##{gDo7y{^p4C5YpudRFq_d&Aj1V`*h~F0c z48(&n@KS|AWc8cFDFvk+l;_cpha?Hj&i-e~UHRhn+aFyy`dPP|c5Nrd{j&zg8}*r7 zI<~}1M!^lL`ts5}!*WP=ae*8T%A0LccddOY7f@_FAI!$w(I3Api+UZn?|K0H>nmhO zBKHV9yP*N{uH{lQ->+YtMCD<7kO~HHxZfNX#0D$Xh<28VKldl0r zz0@_OM%Ldt_8B}I8qM()^#*EqUgEV;4%sKinTxb2Y?VQ8rwwJy^pc%^T3EBf$DGFt zC3qPIbX&l*!U}Aj1Ee%=9?Ci+RS8ob&msWX1a34l7)H`RcSY&~Zc%N;fx@Wd-2qI7 zU(+Et@xn@^N%ayOtpO-km7ExpSxry~=<41u(Z~SBGz1!fjG|(dJx^C|pB?61n@Mi* zokI{NMXjPaiol8Dr{DlU6IA>R`KW%WO;Kxx=L2vnKCgfMP>L&H`?7n_LAwIR+WyqGw5YL(vL8iJ zgZ?mO!0M}`EXN<{;@V3%9aC&o9Vwz2v&&1y!1IBSCVtP55CptQ3mg;VL7`^WAvd28 z!?NNZxQTA5@#eAva~s_uH(%QBm3amHCqFRqw-W|Y@--1<91^`X&?i}N&6_GJatQHPPvwobXU zskA=)QqAjqqvqsw<@Um|>TicBT?wM8&T1#s1=1C-{rDOy1{OE4Z$3;8nD>*)Im?03 z%7w#8ifX9(kr;`@`V+ZNG4?7i0&o^NQ#N1PtQ@aa<;GMWf03~lVySr38MT0%zm&nWz2p=frQuXTXvcqsepXf!eEYjE$agxOLMK7-z#c zOIC)2{(LUy+ML617i_cKd-Ar$uv-mCyp`Q{TZ7E}sOlf{>`fE`HmXu@{U_sBKJ6AV zs4BeQj`i&zvok@a@waEIWA#*sU&${O);VnHV7>%fH}+&m+PMIpAk?NXmnF1>#5PKr9-|yEoO`%a3qUxA_t`qaq_ke~I#E$Xs3qM$1-n zBcX>zdb^H$0#mndPYoEFek+ADdM8#&rTClpiq+6kyB)G&-#hs{FK{p?;UCf>5ZGd=54;N z=28W6`pD1yit$$7`cQ9EL;oRp!9Ffp3UK%tX@u8B9&_V)wzo$#g`?qg`cgiGg zYguuQ+Exa|yH=`gqLAN_N%l%~UK|sF_uGi>J(Qforolflz9u@>i|S;0_Eq)o0;mVs)qMMm;cN2I_rncsYlg31*6qc8a|#ZyZR)|p zpugGyrJ>%su%)V0kn%sKM4&^~ZOmP*io@Y`1x{82 zB!{!;JNO@P^b--w*1tTlR3TUl>+REze`+x3T!iyd6L1wyI$2gVvPr`w@zH6E(eO5V92Q2lyUiDA z66rTl#kL;I_^;l1V67sCYg@O5WFsO_BHhklJ&PM;owyt#T>?`)q!%2qk z52#;|#)UMDv_564?{JULTvsg@wiFzfnozfzF;M%WI{zK3Hbb|?Gnx6Tf{M%pA@%}L zrIX*()AYVPw-_IaXQs%{cfz`Ag@8^xS5hc+=RCr*u}TEeZ92=;=@MkfCT=~SS)u+o8bHgC z1|w11pIPgAM7F{vt>Lrlk11O&l5CZ%@ucXdX_X-(D{ZbEaPG9P7_S(H$F+PySuF{* zz|jZ^W?MFOPz`+;?5b;ley>1KY^HmacCydgjy-`sEkHivlN*;$J6ZDOo8BR6W*fTy zTJLK+)sJ`%_Y_e~j#uj$iIU!jp1uSQJ1MS**OupQ*41%qGM_Jwz@}25(hug$82u+| z`3o$xKMmG(cUt*|T6UV*qmc3Ds97$ly_C#!r%b*ISaOkj1jcoLDVZmTkHBFnI$6Nw z7|_$-qQ&R*wl})Qq%Z@u?Y=5*VXt!w+jsY*yxgkKQOtZFX!}QCToP_KOvp5&)mY97 z;`I*SH6Trr*VCXOn-1{PMMdah767bBxQL(zfzpHjhZLM9d{R04vh;S6a&;LYJYq2A z`Z3JPtrkvK&}^BZ6B~O$_7eW+?JhYs{p$&06_(j3*p-Wiv|v+4@}WuQ?#-oW%VvC; z11k({pcKqIJJDcpE`vS)#jLB8Dc3i#vB!*yAw?SpL=yWC)fs_s@Uli>Q)rlM^1AcF^ zD;GXz3Z|!&sko(g|0Q^O3H`<^Fm3LDRXV4qSsY)=DfDyKE(`wtcgfcN9XTG;)Ml2- zEi7Z?+S@93pPw_zL{$h1jLK853fl8o&k`2|nU>Wue2%xbm8PcHdM+e52DtO{?sM(Q ze31!p%|6~N$-9K?HO=H>N*#k%8vy+o+6_*D*jfLu*!rki{qT`eT`d5XitD&Py%w;> zb6BYf0U{FwNUeT#xyQNw@I7QYD5XJXWokE0hwHiut-Ole*sv|xsNyb8aTsm?*(ITx zGF0tqIM6wq-s0k8QSoB#U0bT=S?N-g?Q(X2Ln%{U6?f$hv*tF&4O0>gT2jWL>Mt#* z&=yvh3LA=wrPWD`tGCpqzA3iPiku?t2G`{YWcXrCFeLhOlSF+ODWx$#?;IWb=~$Yz zo88=iHGWYPA_l!}1}X{xgs8Px+wX2)pJRFn{ye8Hjea}&dF*9*Xr@WTvH%}PBcAQN{!|=Z-BFIrY+5*+!V@+q40b1jMiUJ3!4jWp-Uv8ndgleCOM;WYG#EG5?P3DT)wx#UDqEgRikk? z3bDkcDW<@SpfI)xec}T_CxV!;Gx|zrZeg7x?>5X$7UTru{pm7c>~z^7iUSm10zcSX z!$&Mb5!&%=i{5>8MdasO_30+Di^v|w>6N&Ndzzy6zB#D^P%8{OCG75@(q96n18GZN zyRS$l&_NGYB&5_ZSuv@1XXX-Z7QPBHc1Dp_IM`w2C_5*={DGzOBD+O9L6_o4*vWcZ zP_%p6<)yUdH2)gFHCv9`ksiR_+o$INEkFV`P)VVJ7a;iv6Vp)0^H?9Y_q@>heR@Xa zp}Oz1jZR$Mf2|syjjTM0OH`9XyQf(QM;Y_Ejt5P_r9Aq4zFeH}K-+jZhHnz>Uf#2!w`w-m`TTu6HMpdAYV}jFtZj`mUHid;}Fx z35PrVme*z}kVXL(o^oo8su6N=NP#0wn$vJ07zP!&9BhoTg8`L`;f)MooX{SCflnPa zY_{@E|9!LD?k!s-s`}H~vk3<S;Y+7p5gY^}FSGvG|7&o{wXHfn&D=7Vwozlk@_D#jE!5Bh4C!3cdJ2Le znU~sfZtdt$p&im|TQXwFVOx$tnlR1Cte%xe zgbs$1S^zDMjP}z9EI0i7W;Dly$A%BX+poTU*E)OXh5cOA#o}S@!m?EdiZzeTftFd? z>?oc0W(QJ9-6p}==Q`>;>1PMXgua?jZ#$K2wq7BPOR}7Coy5=ci8vL*G^>ef(ME38 z>$?8PxnXBPs`}QHXP4Y&)xOd!|I$@rS@j_3^bWbQy}!o)u3EWXsxLLRm6!L0${TBL2wqA&wK}U`qIeUmykqe#nG4NWn>(xNS$FZk^ijq)3_gh zqQQjab!ntA0(nnP><@6LBYXx5VP?&Zf>(r z+`pDIo=URDb5~+gHy%!U^En`iDx|q!xj5)B0BSf5|Re7#&s6?J=CnM zFNgfXbSZu{XgncI=xQW-FYFi=j@>Ri5;GY5@h%GJdfTLexX-|l=JX0o1J1ZjM=4*b zxwpBDDiIJtmn5f4%M$QWuM;Wuw3P(w!tkL`v4(s-dGcmI$I%Hgt&tJg7BP0fei|=? z@jW>+y>&h=yDl{y(M3qC{NZ+s-#whJ|M`2*EXQ*{U0!b}6Vi+>oyh%d`#xe)|u_JuEt?JR@6`UpD5XfeM%2xN>4)XSs3ou}quK zaVP5P3k_9qUy`NHFIRd762Tb5)FoRQ>OJ|;h}~OM=xa?IHd|!MbM?A^lK+ z#&dft$O%&sST$sNX@&VVj_TBq6pALnk$J5w56{)o?x#b~aII;5Am$QDTs+t|=__o! zLQOlVnCNSqbTelC)KQ(l(-GeTz8EoX0N+^UsxaBISj4;fa;VboV_w0R(L#ZitJp68 zoqo2^t*@soV`lf2Az^sFH!tgshV2j?h%K|Oj_;1n3#`=)!*BS4`Jmc|XN_6kd}Df| zoDA1uK|#v2m+PEJ?5YQ>Q$f&u=C~Q1GU7p?La8wn35e0rFaT>a>hLxoQn~9zs;` z3xR2h+}Tf;W`3OFIjR9h5O@n za#9Hh@i&uIVpTQd-tymzKfhW3VQr|Tj{G#xt)ti>B6SB3^^vPl= zdV>So>S{%BO6%Luioqn@7qYuua@NxV>*_xgU2pQCl5E9lbt$yXDB)hplBk**DyR^5 z+Grktw^HvTQ;4mH8eUQb2b%tr1$T&q`TIuNo{tJ2T48q)xnL|qx@uRo&W(v3hB*4E zZ1gH+LYa%-`F%7Dja=jHHX>Xk;Wr9d!Fm-@5U7BDY9={|H_(+7c`z0hi-p}gaOiuv z?F1CQ+MaxB8!?@y%F&P%5g_mx!ZPfaW@m#%ZP+}LZYO_Q$UIr}ZnZbRV7B`ya zM`g6O4PI27yNz&EuWUktd03KB&B8>lOL{?dZW$v}3zU9W)s&Kcra3wXGRW* zb7l(68Pnc29ZxTf=#_?bHS`k6GC@U;57T^-Q-ofQCmSXZ+bZwSa{V1siGU1M_dzU1 z!W*f-TP=i^!LVuN+q(`y8}4+t8AU7^QD>tK8Rh*4)H`AF7jpVYutL|RzbG~&>NmYVuC@}Yi81Zes-vz?!lmc$%S zr&noFW&@a2BImBZ)S;hwrdDhEVo%rcq)qk;dS|;n39Hge=72ZVbe@W`Y(qx{!QWyU~Lo?#6bP2~QTa1FZJIIYk#qsIlmoMQAtbnRO4?kSsg zH0_IgY-dNLk)V+i-tM}jR}8-YO$q(PD|^OzsB<&BIwyQ^yT3*c?z#EPwNU;dig^jC zknbm6W@eoR;ifmaA__vFB{n`_Q7-tmS8!5eO)dr4X^nTh=4gvpeflki!E6I5Qm^wlFi z`Y#J3uQh&PnOZjFwuqUf*I4>h8v%bDQ zZi%+{IqHv+F7a3v{l{&SpB+KamU-QpBZ_w?_g=du!*C(6?v`=AmMkEMW+wGMS# zacSw+NKryNuFw~R)J3-n#9QuspOeK9wcEq$#?ww6K){-QBf*oQc4P4xPgww^o3$^g zDdx_u~Y+(jh$hU(1+iYLGybwyNLOg?HIa;T@qJ(@^efTPC;X*k*}J|GpFh3gi%~;6YoB3=Xs7j z_=DD~5&wu0wA?PYO820{{4N$)J!%l15Recbza)lLZHhd?Jj39iy1=iz`Zs4MpG{Q@ zd^S6Wg+|wWhp9G4XW2^mV?|uB!I5vq`*E}2O)m!*_p}V~$ejPurZAKYo~MW~3E0d7 zQHDb2cJQxMGcub?t(PLgbWM$Rx*SGk9~%z4biNQH+^pN28y?Y7dtl7LtBc+JIj-nd z(YcDf)ddaY(?0Cn_*nmWpaqH$wVOBp^!oR=ERRm0<2G!FH|?8pTV6>Z(?#X|B??T= z+xyKEfBibnTYUzi)C(@ROm>eoD^Gu9`PNR!o0%h{*M|e*57K<>C#%1b^AkTy0KIur zN303*-2eHZO8_OCi5B0tk@2slqWeqhMY$@QWhVpg21N3f74m8)Z9fa6qt{QlS94h* z#+O#M+OF21tDkt?Z)=K!=owu#FNI%``iP(azpWHYC!nO+?hsZa*4wLUdX(25#C0)8fDAT{P5Yk5q0Ac=V^SOMYlg6 zYdO{?xbh}Tx^hzBp?isoo{Ta_H}trz*Kp!j;~F2yQud!HzGOpGn2M&RZk^=7;yVJR z0{AKK!fie}JzNGyqb0;g5`zZ(nw)&e!8EBIQiXt&Y#JLE7rKpvC;`8q7L10T(mq&8 zy!XO9<_O&9{oy|#oM? zwg>whk|s76Lr)5&UwuRAs3hu>rB>ZA2aamaxBbON2 zvdMA)`)Sq*BC62>P1fh7!93bvdrl0DSOgMV)d6AYwbw^hZf|dcxS}1WwB{mab++;% zc_3RF_x!C6StQ6|jpc(V-p6DX&w8c?$T4Kp8U+4n_`V%L09L=r#JT}@dk9enjB{m+ zL5IL$0g{X{R9axf-+jcb6Rt6h1Pu*)WI41wL0{o+GF0^>-hQUQc;`g~eFKauY(6Gy z>*{`WXVgCbW)IM)DY$G8e!dI6KkJxyqh2MUG=#>*q^z?B-9gdWF0q55Rmv)!yRq!W z&$92UIG+^RD_;e~O1Dp+-yaDr2E717m8)UqTX}zQHb{5tq7wQ1ip1pEN;_-rauB_k zR1dtq?L=lC?a5KIZy6GQRz~3}Dk%xi6gxJiDt?_TQ&F%>+)#{JM)UDx8;V=LC-E^# zN}`wkn>ju50e~Mkr+3ZI6Ioc3DR$Y}mxI}XaT|8<5sCJK$hPHJO;yAfVM>nr8mkys zat@lE%2A6<)qtuGgzDo?*=<=oHS=al@3RxLrI4M3?v=#Jt1zqd#}x-7ZV012v$+OH zb@wOiY#UW-+19d0vZ;9rnAJUpWGQoMFygpTOBBs!ntXvpZL3XMQSF`?KIBmlw2;v6 zx6T%mjYnssCL|;TM+!4{JI<74jLIt#J=>h^u_%c)gygo=pR_^nY2e323_Mu&SI1N@ zu2zF+4DptR;zZ_mB+d0LMDB^wqo>+MLG1!73tSlQ&;u&7XzxYAlJgCs=HR{~ByMeg zj1f2dxpEPg_F=|@2`ypPjT;+frI@s%-l@NF{inUPi)HA%(8x>@Z`5#zGGcWb$GBd{ zGRE^P2#U#y6!cMpiI{o&8!4*u!*(6fNQ@ryUiqQZ`I^+;KTV^d*FN$!sdJ@tPZ+0_ zv7x2w9*KOr7++=WcE!2r+)nTX!`cPUVQ(_u;c5F^tY@t}2t&~?t$ywsUu9`S_Hkyp z)7o0Y6?e<@7Nf!6bMJHN1m%a7C9*g_wrZbazE!9wCMNw3&z`SLE`AM~W;bXf_$w<~ zWjIHq^Jr6l`%?}yF0^>zF5RC#o4f7bm=AL3SOPspW0rhc;)BQlC~~OXQzX{fTiq|G z)I>y$w-wOnvg7ddAAT#uK)~4mM)lf^N2_Nu2FDZOaaaA-$C{=8aMd!Wl}(4fCSzK_ zr<%Wp`W&I=@HzLM>o>+F&CWsl3Vrmq^m~LM)Yf;-dK95_@i}MR^V_vg`I`#tFZpx- z*$Lk>bede>ZP`0opxV4XZWP8z8?E^I5r|}ZYzj%vKU!(5esIa#`QEcJGQdq8b$mK! z+(l)P{Z}0kPnyqaee`C3`Niqi4Vt$mJ1w=n7^R=r3G;s6UMzkwNzgSuvaqvi zsv(y8xIilMu>9{9xoXr_Ea;T4Tn6Q!&-cO$aD&Gn579I}*}P8v_MP7LXvc(TWuK1e zn*~+am#d9?a87n`gAHDfBSmAQzol_FcDA$ol*MQMcNa4IP=*lZg)q5X;#2~o&5>>V zV<@vk6`&}v?ounBE=)Wy_V6evcC{iPmfrt|FZMs5~o}b?UC-!BarM~yOH4656?NZanl@(X5s*t)C=uGj= zX9H7)&M6+BtJzAu*PX`Jqx`qLc9O2tOhFy!a!1x%$mr~cwXT1U!FgR2+zN$Y?fbVM zKzD)cV0$msvgsDjMJT%@w)v$7!iSZI_fPK+;OlBD`{a0b#yz}z_8~1VZQ5;_zJnt7 zE5!&4>T}ZQ6~&ZP_wxsG$0iz92z)g0vZMVZff0!;$jQk;H#m;|tKXv|M_XGPi*Y?2 zYqU0fc-U@}#^yNN{HJ^2L8_Z-!aKritJAFHc?%uxsXKmwF=Y3KV2SX|1h+ z7d3a&xcyah|Lko-$JPqiud-z5w?;X3_-KZeGrUJXk&~K~UOMZoD2P!y+H;t~^?RDC zqx56+P-S+nqf4|?4X!gq=jd%8F$Q@M= z4q0WVA9zmr@xCUlF@E??@O9>z3|&1e(pP<&IaZgEL|=i@f*xV{6?bV**)2oc&Ec(( zo@NUz(0fWK!B=Zkwi|Sx)8ujaP7EPV??lb4W09&Dp;K*J7wAK|xC{G z?bdV@?Fej0-V=}0vuJO<{`8iNAzB+g%!nj1^yKJ$BGNqWM(1~z>UYFzQ%+%tFlecm|{yAWaxfj z*)m2VJ`k~5s1x`M<|*KXV7xY$?YS@I;qBD8StBbei%p1!6g}|xMER*=4|}q)!^cy8 zhJOls_?teWY+=rLvb0)NsaMN{xcdJ{+f42ort#PZUlcVFsAGcooc|)d~LKkvbY^3FI5#+Nef+Ac za#FD{I=O%2_Xh2o(=X0%RB*}GQh0T&`Z?gs{~vuWukX%xM2tV`Mr@`cU!|X$EO}v zoLl3!6R(U{E<=_mwO;8=?nmGN50w~Rf0xI3Su_Wj#`4hs_~WaV9PUru_;Yk-c)W(& z`B-8BrgZ*~wM<5dY(at3T=% z2%1b_|H$;<%sj8|?_@x&+hHQ+N0yP_Th>x&|9A@do*qc6xV&i*(T5a!Vt}g z21~niH+y0TE%3`Gf5NZs^VkpqRcdb@BQQdEu)oEnraNHTZl8e##w`>2;<`r@^@^&>U`Q)`ykNjaO{tZ6)apHJ<`fM*VC@M8?n&fbJ_R3#W2!BIY?m z^ese#Sde@y>T<*6=v3_Y$Ots#WpD^jxK#LRESHXd#?t3NU8T$TK)9Mwd;_UMK}S*i zZf^ou(`D1R=Mx=?KCrFP<#~NP-X!K??jbd0#C)Q=>f7G)?sPXnHRyiKyuGMNT=YY< z@2kDjlN8gGZ>>7}fe{Zk5-=(5JSd%@h zFbF<*e;>+(?og_YyLt^1)X;$p!x;-GJo}+nfedjsIV{Hd;TZcnq-fcfNoc9168whH zJz9oAv=T)v#PN-`Dgt~FBt)AS>htsSLqa$k;hk(I&Oh|+dWHQKX6o(`i<4DxV^c8u zJ%LzUNsU~yoBBgpIulfM$9v>1wEs}c&;tW6V&>Yae1(A1AE3xG8P+y3I)<=X2cTX; zFFkTps^yv0OBQIvtS)wc?^W$=M_cs<>>m$ySIRccE*m+0HDJ}91V}={9YH6I(m1#l z&dc3||CGB7L$cB4APYrWIOxx0DAyZLx1;=5PP(y8uYkFNuPktkd>5Z0FHv}0`Xjxu zQe$Yux9WaHd#^j|W!x`b9uZN$XDBB@V^aLE2=LU8k#R{ztIa z@1~VHu3R5yLoHFxa8~Gib$>Qxe|CL&>d^_9Pt?pl;;iXi@trT&ygp+TRuuO~Zp4NL z1k8@>eBzP5H;`s15tduRRi+iPL9 zGi)?v)=?UHdpA}i2qw4m#=vkPP+e1&P60VO(e8G_8vufOQZwlnNa%51s`msi)E+Fx z=|a+D+tP2az=x$EiR$I0J^M)LY-V!F=>9ke(An2!D*y2LuXr7qiV=<%<=;{JhHN(x z0i&MGT`Khzp%QDOGnV*IWbnxwE`7gyj-eED)x>1(aVhU6tKTMu$a^6Hzhb}}afDfq z_tuBwbT{jM4FbTnq_kCQ#6=cJMhfM2XMlDS@|IQ!2bSOafJC!*m%wh1zyTn(Is~Vh z-&x;Bw>zef!bf9dvM?4|-=FgSR6*&WNe?EMD_Zti=r z_wK=O3&uZjItI@p^dF6PdlGj`Asio`$7iXXZ(kVhjeiJ%Osp|?vArieh7YHoSfJC} znBVXHuFRZqHpyRYV|gwvU<$f$yA&??@aJ3`RvH5OSs6QCJ%cKg*=@faz?n+X51_Yq z2ZP*l*$;JY3xG?OUGch)cotM2kAZI?1W-N4$Gq%%0fX)nY@YHJV4dv-C`1cHToD;3 z8tCgMMaUH)<%l}K!aRkEg60DszYe@x3@xH$1P)a32R{K&S)Zz}oX3tCA?COP z@Wi>&Xsyrp{_KrE4V)Y%S9FK(chY`1DPK+>V8|}Zci2BqfO#f?iXe+9w!N=Z(5iUZ zzs-;|Tv~xQVzrU7!e|ZfG1DsBq3)NA*C!nX&@QdN9TV|GLX{gP>fun*|GbDc244>3 z{Tc#zR~Cc$G7^oH+pxwF01W4^rPGKlIG*9--+;vK8{@5iDIgVl)C3}WNWK!`?`LfR zr}ip+aQJCw)JLl7%YjeEE5mLdnGW6gK|YW+Ue+Gw_1aOtc1G^^yCbZZuouXq28aF3 ze;HXIm3y|i_8CKGn?dtvg8@Moz1`$n4Kn-ihvFo@vc{uhQqNSv-xQ@Msc4o-S^nhs zQ%4Wtf>e+Apo3leqmF09S8jOn4uxE31P3Rdr+ToxCX*ODHsqh>k*pIhlE6%5vp7kK zRi)TxQx-YAj_!}SB@l>h7&WY|Wr1xN5f6%|E~*;W;%Znz<**Iac^jt;UPJAKv}BYO zIFeRj;X%xnjuCEyl9=VP-+%(r0(!CXe^o|5L(82`z`CT@FZBBCBLOk0ijQ63Q7;oP zf37k5`5SD%pMk0d_RSG-zZSw!Aa~fBregWpTfzng~KQ zZFX5YXV^xCJgjw9Qk%e*p@_v_=hn$&Lzt|NyyT?!72(;!^)h0spwUJ4$5YIlFs+g3 zgYLB&&JvrO$b&b^!-JF1-b9>!qFGRj@26bPTbq1aM02LHptSi(U@d{mK}$c!iuv(T zd}+;taeIfKJuUMykE@6uB_GL-Jd;2}dCrX=cA1rKG1?UqHx*i~pgYK-xO*qVZ>Sxd z@~%-DL~;}@J^kS`J?d_wBMF^CP9HPHP|zc2>0j;ns~O+Pw}b*2N=2i(Sdl+i@}f*r zHd5e{_H#}HvX29qpi?z65Ln17bjjnoZ}T{Eu<*5bZDw;C2acFG$7aip%T}>ACYje} zd`BTN=a;B}Cu9!K?(I=Wy-R?7KLV`bnQ!{Ug86=iEE*PdirAlh$smFCqIgXFcw)i2 z_8r$Yq5f3usiN8^7=|*2NwRcY$XD`2Kdy=v`HaT@0l&w+pKN|1-I7GQif#r(-e1)6 zr)DTY=NV%!zRz%Q)|qZF(&(4a)ewL?-klj1Q;G7UjYMWnBkSeeauB^eMRZ#I>*U}ZbjjB6n7J5Ie zpEQsHns|FYDROY8gPLmVYG%xeqR&q@#9W`4&bG|{==wma_OFHg-{j#m+B)XuLpvF5 zT_;nzS6Wd^UiqDn3+9_MqKYCI+EX!I6$d8xx_^ogfiYMxW)%GWGtgjGWLtL;E)7%| zPp|hb8xERja>a$$J{ zZW}5X<-xgEVO=bg6cpDn@Eg98k_y&Yn2T)+CQiPWEFp#S2dr((?`CZtxYk1NPfG76b{IMq>rjFID!Saz&_T$ z7nsDpMo4{pc>gVH+DFx(k*XpvdwkV=;-{hCmudjMgzUDwlMjvd!oiVD-ZLk;tk=cr ze2oVDyGAQsUU=J6n06Yu>8AmB+KAtvSyWmJF11l$Mw|EenA|wPC4&a=00!YrYbvD3 z`jq_dhscRlMpU$P$D7)y8MABWBgQ&K{MpWf`2l0U$G5iMis5tE@^aqLmJ5@}g)Fq* zFKI806&TW3?Hg zbKnjtsunE0_2B-^6=btX|6L19MES2>B!gP&Dyf4o61eRIqf#**?nzk?UmvT(?6NOP zAQBwYkqk=u>{TIy2B?yZuBulaHK_suwrkLPk{DwX(pr%P>M*IBYG|B%-tU{%|7_pv z6l>^(OLp?h}lo@c9gv9aMRmw~Nh5KMyON}CEx`s_VzN-7M@Kd35Pmq0%U z+?0^*Iyh~|8s+?)Quuef=3;HleInF%pSo&9|B>*Ppq{35Psrv(!ma}zwWCqO$U*%B zjapi#urLFY0!3s43M2zBCPiXB^4IL=djR&o9}!H|oVT+k(rv!00)kkZp&U&3NOEhanZ`dOH42)#Z z5qldOtS{HA*iDDaigV5PvVhksd}XqR>I+Z8$q0$DsDS54^vZc}NcI2e4YlNmZH-YK zznF;qv3aB;gDvcr1R9g=U(0YNIwhLdzsbnR_gJ2v;UwGN(rmX$zuo!n55@kf;c%nN zg5MSnwd1sj)+PfHD@wLjXGLgdA2o#_PNA>|Gy^5hm9FeI6W0pt6Lp8wwLe?W%pc_l zIZ@~em-bY>DbD`rydIZQeurCJj~(K`6;pWQ{*#fzjLaWb9HybDSMtn3tHM#?Kw-E5 zn_Uo z^SU@;r(yNRJK1z-B{R9UF0&%{tXjZ7NHKQagZhC`p+B9TpD0LUI@ZGn-!YqfI{yV?u$MYB&X`tneS)$k-}KMs3% zGT+2cNztJ6(D?htf%<#?!~paIE=nbe)vwmu!*c8)-i3On3P!U$EjmJTHDS|a*<{Z7 zU_R&Z`{Cx78kJ@5kd&(QgYTdAtf=~Ps#RiE>^EuEPuP*YoY(9>OZXlIv6;=@#E$P$ zy?q3B%ICU+LJCTXwm@xdKk2dYtUAoLK+f2)ilW6c#b<;Y*(4y}u z6{Wnek5vojSXYq|WnXNrj3`XQQ@M(c?lcj1T$tc`tD0-$%NFIPrE1}#U*RJ51i9xm zPKgJrw)D`GQ=n??DW8{9g#R2&0x>Wu#1S@sD`_hFym~63)B8!_oP>AT0rR!!ISC5W z-$z#4+8PPY=$-XIu@(?h)mh|4i6u6F*z9ev8&1QK99w9wIhhh`Z@A+SaMj!|GA(~L zztWQ#>$Cp|NoN$#qd}n_jh%w%C2h3Diw>$a^QM9{! zV$pw2MLs9Qz|4O6jO2268bu@t?&Io5{@#8&AK4tgHrL&GYwC?#m3nd0^ivu-bA6MF z$Hb8o`QlBK6y>;)NQ;7on#j$k1Er6HkGCrdx{Qa0G~yy1@~O{??dLvO2MTt9wsdv0 zSwo1p^J|W=TTVfQRY@92@%|p^7nNE_mFH)|pOqi%iBzGpQVnY-7?y03IE;f{@ zc50KSqY1*^j+aZ$NtCg_$c$y@u--1hUP5*SFs7u#aXsdsw4!+1#uCNEc*{?Yi z&9zeOJ*lt}2@LR-;{RqUB_?zuBiapF?TB-}28F z3}XGY!Uo@8e&g})wnKDlaEjbKaD~ZtaoINp3+im%&RWJf(Tp|na8^`R%F0hD#wVev z-+9K|zQ^H!qb#JYbG`X#?Y8nlf~kLrvz~#b`k~Sj*azyu-jQ((n(WQKN9o*Jmf0mP z`yk$Yyz_3`@(ru~;oClcj(Z+0i#_pqcO2~gH1}T?*SCz5(WUT;S5^szqo3hR{4()> z${IP6{I~h}NdiS~Z6iEy$%UW)77#Nz<`yZ-$Vg1(^3!(>`DGun$X!ex_F(^8wQduc zlA|o00Cq-dv_fC!-N48C+&Ng^|Hul_r~8d)M82{+-0#X!&wj2XR!&f;AtoCm*Rqx` zmk`^NC-*J*kwIFbfEBY-Sd}n`0H!*v9`jHfW@^f;O02tl-5Js!ert>QL`6eQy~ZWt zO5oDyPEy1tQs%r$Vv@Qr_tTj(MYr?aQS7cs=Jv<-K2x@)NB-frC&n4lpQ^9dq;@K` zJV?T!Zn?I9ElKc5R?&B&V2Jd0cue6Cvo`629#W?cH?8@q&u?k-ysaW1*wxD&Eqc_y z;Gg}nBhZ(lH8~&3@H}ty3R~eVKY(es1vFn2BWJ(s{l80%l~92D@!2%9%ZsSm$lXwngd4!q`5=PXO;>*bj10$~ahkd?&)-OJe!G7Zuv;%m%xv18PVA6uw-#EZvK^sSTeIOcq^Kn5sNzWlfF zprqoB&C31zC9Ba|8y$2=FYeE3iupU6e|P~sZ(Q+MOZE>OX3kQhCaIQT@*~RM8#!^h z`hpx|RF~PG-1|_Q6a#m6`|6n)4`vP42TC&Ko}SswvDpK$2N>FN~lHWb8|Yp-ev#9JeEn1)DUrNoRP5cp-`W%r<1eftXEFma4`Q=Yt~tai z1jgp3K3ieDHGwVJDc&psN2S&TJ8o#8a=!^O9h$sfagz*gMLjW#ndJPfP&FR_Q|w`GW@3k z-(b8YpzgWi<08M5&SxHk+kM4xztZm_!6Y?stIG2V@reR($tTU`g3pTQ78LrxO=%8C>DydJ8aQ>revd`Hsz z&Zh?b#}R;MO~X$uB+mT?NehrI){83#AcAGA#;F5O@RuRUN2%}|zecdOuH5865qc8d zwLkRJkN#NTG|AnB`#V%+s0x~!J*+#|)3#Hjw58hfm|+o)-?zDxyXf7_IkdFyL) zt#Gqepfe=$Zt#lG*_^RLq%#!{Rf}-05$*D*qvBfR7hS3+^43s5eZL9EeaesdM=oXv z*Gf$XPLsR0x)Epg{aOFBL21IxvGN5NBvnE{Ab4Om!c3x|^g8*X_)$wT=1gIdDe*oF znt~w4Rh+;`W?A%SF$~RQlt1;2##+-mJ0n?X&bA#i781JB{Z3{Ma<)I2l8)U^=>K%O ze!p*k(;`8an5{6dDPH2Ou%g9TA%ubk7PA2Jb7Y!z;WeBdgE!x>-2L0xvRcYn;4b$k zRf6|6Lsf;b=dDwdk9BJHCot}yxp(GZ>Qxp)<7Vsld+9~#6`Z~>zr4>4-1kuq?Hare zrdeFb#;UjbT|(ws=@a}}nEaXldf3V%1Bj|j9oZ6T=={vL{-=^(_V)P(gfb*ExgGc3 zvr?FrUNdQ`n|b(7yItDge2|Zft`^a5aEZ@zJhJtuNKaIb#R%28B|~{P2=)q-K^ipsvh$fBCOq%)icK}Rm%*QZb>U&h*~t(87SQQLi7s7wm(9u8C@=R{ zTEP?u#W4w8;W@kYFL?C#S6gV86S{y9jqr>9`vWseP@8@$JfAiH@9!Vn3ZcFzs!He8 z*uN-JC+rl=Ek~J0plY&dl1NWU+z*Dpiy$z~1hyvl#0mWIt#bIfg@oe)W7EOGVO-M< z2!4Q2{{rIr?{-`sNTPZ3aDNLNoPPkJc%ZAzkMy9rtSlP;l0v_4P5o8K5Q0D4rPL)n zVatePUP)x4ve$BU;xd#a3wXT9T);&b&B92)G$vxA(QCbnv(Lv#0<4-tqwO-O)WlB& zd0J*5_GgT55g~=bz{m$h;=_w80GfZr7aq%KXgI3=YVrrD4s(@@@rD&SIB3VzEyp{3 z;LMKfM2I(}*clKsk-P)SMsTr33r)%UBcf?ya@%u7J**@@e@>0=>&S>x!)h)NV~in9 z)nF`ow6_^vFkslOL|&hPIT-8a=4{K^#(1UO^oOhd{d7pMWnfqIy$pyda2v0%0=5!u zIFqiPIr^+wC`Cvy@Bkw$#l(RCs&@Mjtp+9zES(cniWxkYhIc!G#QB3l&wU40+c&21 z)eiV1$>+dab=)p56$!%}WgyjkhbKkkwpdyV zXYfAEkt|IZf!VuADa54)Wb?yvl2-Q$pytc z(j|wFr{IWJscb5_43grq^vy56E%V^|*&klulTI!uQum!oblpIeP;Pb^hPxg&nc6J)aQ|vxsyB@|K+zkxCR6CnP-J zafc-?ecRcQUrv8$66fyPNS`V{kL3NAY5HUWH?6(;r4lbY0&fKIrq-0`g@G3#e}r8x zP$dW6lJ$MRr2op*ke`)NCAZx6Vy;!b3d=e$Oprlb3~M%Jt(EmX@v~zAQk^9Qte?tmwb4O{T5o<_L;*BH`qCm`=8l55`K)GQ6a>bWfQ z(cp>acb0$}a}(#Ymw{xqg7KO1>zB&&Rlcx)R(wT2r&0EESIJtPkAP}q%eb^(Mguip zsCA+-R3fsR zc3teI0W(UmdY)jIc|hBWzk$k|!J>#BptC27w^hLK^Ot-`=w;vUFR|q1h#fWVK%Rui z5oWffOyy8}?C^~J=KZBZuWG+(gGdk=EJn?Gb5x?oAsn|i%HBsm zskHt$Z-*M?!*&Lr>2hiNt@saofs}@o+1V{ADE!<^1535{fk+=Qjt$|q?L`#OMWg7h7i7zTw9<--(+1_!m&M6lu_}MsY za^2K2n72>Hgg+~w>&@dj$sqA0TlX}9K>cfl{Umk2L=3@?PA{}vOuF36GUExcZN?Jo zl%ywvY5q$!#-5JkAc5HDYqly9-`1>;>4tzxC$TRW{Ah(ij^*BSwPb1Ox~=HsDV(`7 z@W-B{sv>I1Vl(UP6!Tb8Zc!c1_*f@i7i0Eq9KXFsw5Yz7YBN6IM@pWa{9Tshzy^^O zI*zRHf`m!jRIEeSNQYFd#NHT2ZX4(OOCh1GoAY@4YRRAC`lyoaoPq`31>DU_qQJdC zN-I0$+JcgO#{y+4m5C}Sy&Q*ItVbe;a)spqsc|nQ6V)<1Rm_Sc8n0A>_|U`SUY{kr zbR(6Li|hN<;8HEc(~a@>Y}a9w&`U=D6>(KOjUBa;)4H_Z_GCqp)^C9VtAq52g7kTZ zXPbXw*nB&yw4IC%{a9iOpVFMUXp}L;C*QEf$VatEO04^?d^7Xn6ErIw%NY^^!At3Z z31xgA_=m`=7m}C)JMDyrf1;)OeS3MxoM7Y*g6D;V476OGI=WLZi!^d=LkHR#*?_bv z|A*d3gvyogQ@i*NyG$Pd!vk?8@WDvT&eFQ*qGM*u_u%6XN?(aIcU0~U34VK&d*5+s zh^kg_SU$wldVMew#+)h>qNA668*=ufGP z8jW`9tcWhShGt*AB`+G`h0e|m(sb-!^eh$1 z)Q|ogyuIbxbr#3ks7x8H{gU`ve{CZ7FV_S+l=g@+ZVPvW!zHlHs2VEDry1FgI%MJS zEYZTG53m0tW0D{G@{a7@028^6-GLXf%V8r2nI{cE?m2_Pl!bvUEVRM}kE zu7C2|E*qtXjOBG`Hw82ABx@_)M5mJ=yFUm=X_w}uENNoeK#Kx4nv?RIybKiy>n}O4 zydfDg>7mJJ4wFjl~DX2hSd9RW4 zx3aS2LD8|`4Y7!PieAZ=AQf=vp>I)}#ewO-?~6SfR#>MeG|-f^p-hn2nYDs-)q*6# z5Rd+;>YMl}EOyU#Y63&X$mmvI?^6O)OHum7s_m_USmV!`u!1k?)2BSeeo+wsv7+=t z&v%K}0Tg{<{GVl{-`x2GV!}cMuPIo(zYyO+*8qF(w)(afO~4!~szgMgT9gm{{IjWcE`h*HqN>A;{W*@0 zv9O~*cwz?1@n#d{R$>V}v>eDqC!?hjqVx|kV8xuca23l?e~zZ@gX}}>Q48+ymRS0Z zGRt{flrFsa7;%N?4+o!OI0@cOlvfJN;ki^^*7;O=#1Y%0lU#T3xexKG%$}IJ3yFjo zHl}dKjrQ278ym?*ae*D=A1J6F4O3X&OrVbvuZ#ZHs#hUklqN`VDw2OVQW7prU#4*J zed3)9v z#-lGj?%$+InnwEqr>&A{=n9UEAt*1bxc4IwYQdxxw={L)4FO02n*7o>v=vf7GprKV zZ-9IHQ0{*Dw-GS(wiHVg_-!f9z1Kd^$ALSQB+A!A_YtHbPd|iq&iA)E>f*hQ+4lFR z8-2!3R!PKixnGJcew=3JQtr^kg#oH1G-drnIn8VA?D6`PVsyWLCQ`W`(PwALb<^S5 z5?k8x2#$>=jdK`w5!ZJ0M_^M$4{7A{j}nMZTUE}q<{o!z^hz3(y%z7R&HD&p4sX-)tfjzBD>5Ul5!KPqUFE_T!jr zf6Xi0mF?7JHj?@AQc?Ev!tWZkWDcK=!mJ)BmPc3~J!#vhaHUsgoJMhaHBLiNOv*)9+$c)hMN1 zi{K2U+8>d>SZ8yWQhH!-M>Z|{BDdP}NN@DH-}1_r`4? zaZb0`r_TI*eQ-%WwN!p8H=-x$h6sr<)#o1mb1f0{!LQ^b92#DQ-bMf0`2M%4m0&{V zr#R>5KD71!{Kz9C60&yfA*7-M<%9*U0vHvzEoxi*^LqlpNp;SpD7{>#mlyf}x-n5V zigSdF4+n?r5xN5qM4E{Q<){xw7kt0Yd~x!L{>Ao}J`A(40aJb844?ldS`vslruA+} z{;N+oFCdY>H2OB6VXOB_lK-~;|Ngpz^x*%${{2631Fu5n6j1I&AxPmv)Kwlf4Qy~) zUxpr7d@1oBEif!~Bq0*B8uXvh+B_yrKA=jYC%wb+5c-b+XrO{Ck=_n^Snu}nIKHRA zk@#Q7t!PO!BpwL>g&#mGJ?qa!PzmJUV%at4g|;C#qYlnmL;mtT2Y}EB!^6XYgWV5` zhz}0WbI#xy%-=O*T$qggn? zf#5~z(v`oOr}A3ZWu{5|_!}YS)km%t=%)~d2OZQWfJzc1ybbt3mG>c-#2Q4A-Wz&d z5|(x=@4sXo6z%4dlaoPh1i>oV zRq?qvS9#4^(@%HvfQz;Z+FYq$8LambQTic1@iKI^=E|}P40A3Ja>V;QP7cjLJ_C4} z-1g?gz1*lt$^nM<4kzL-d-U4JSUmaIatL0S@)OpBkM?KY)Eq&EXmYflSYZ5g3ZE;0 zMaFhHap1Gv7GMf+1d=fYeOsN&Y_mN7F?~o#i1J&6(`rPe{0xM(q-5Pll%5($Q`cu( z#FHZh4xWJn{|o4_-vV+n-Qa})I;F;bbJy0szBPrkN&on(u~T_!=`-&h20e>`EQ2|) z6AMcZ{sFPw{MsHEx+FCvW$ifGOygi$?hTy93D08yPTt7%rt_MkQnCL8(>WF^_$H8m z82IPYP#Wh0h(CMgFHIADvi;%e2W{ECogMdyXSwa&5F&-QkGpAL6{oGJsAy#KlK89# z@Sf$<^d~*-A-JLnfzkS9W+*oKFJd8xk0I;{D&M8*P>+ac@kB&r4?0N<0%?wRvqy?m z4qH?8K4io$7|~1jCIOpw^EZa&iguTQzZ|U{aeji>N++$W^}NLu6|cg$n-44$8GpWt zxzI7xvANR6)3Py9&8b31B}5W~-DT)pAA&a6Dt{E>+yDUAkStjpFzKbqlRQVXbv4kr z+9M$M=NE#8eGoql9N)c?qrrmSeh5D3R*umaJJ|?kRS?2KO-=pNXs84}gBvwNmqS$` z5R^qFc^9l20;peK2axVfn5C83pf~lidpNHW`P}AZLP^tE^I0BRg8FHvGb~uu&?+%w+wu3xY3TDgSUM%M5AIC(to>EO?)wczKTM+h|;4@YXAtjA!{wOuKxAl$$^OdL_~Z3%=w%VCgTwk5b2Rcg*_MkxKV zfj21cf>vNPUZW2t>ZubB_1a5G^Fc)9cCu%NIe@x4)tHn9~*AwkRh)|la%`-hEmS-w0hQI4^d z=#p~B^)a)HEQ9$4`NGi`76;!wyx)O=J$O+$^{c7>;|h?rEv*RJ%kXAkCWgPEIb@>x z<<-Oq9tTogbG4H3bo7ba3uNs~{G}k0DZOF6ckrhF6RAkzXHEVmPX+mi%xMwy7nCwH2GZ7sX(>>^aBp8@kv`AhYL6qRAeEit-{O%>Lqo(6tLs zS|u1YZgXJSq5Se1)qncHj=w#0VwLgka9phPLw1k;or}1sb28GeLfm;H{4(`C32?$j zWlOG1%LjTgKMsC@LZ+} z{YDS*Zh)MGprRmCH%Z=cD{s{YT2v(A3O7BB&=v7RZ*GyY`nfGHo`~N_3F3B6D}<$DIq>mg8~P+wjoLpp5G)qHHbC55A5sc2Q4?+ zl0sEm8=p9!%UaUX8>t=J8@kP{N?qRJbiOKxogBIQEZA+KE0Ex~l-)`fc;O5cO7Fh9 zv>E*V1C@ji)ABZ*Tj(=IPwF&o1AEhc&Q3{>vKWCClPBaFlm6^>bn;~v=ud1 z>@tgElkpPlRDz&Cjp%1yneXs-OCik_i)hetKQFb!H;ao2L`zwblINYasR{F;v&CP= z_^faJGoL-{;9$6T#p2co_hF*Y25y3HZ8(=Zup1dMWGFRl_!(q> z7Ddy_KD{8#BgEN|c=rv8>%?4uMGsM5AQ6Y)Q>vTX1hGt-u3sp*sabZ%)Ozx78!;b0 zM{TR`u)LBa>5YoIN-apTNEeCax%;s9Irk%#>^v_la;XC>V`<}!iau`TN!~>FWOCzf zY~^+m!3(`On{AX#_&MgRfvG7nBxo{}7%{}`&q6yKo;ulz7QP@e*17G+^@_Lz6SITE z-Vy|;RaX{PDJ`)lNbF>uR!rZVA8(*V2|Dz5{5838nUv7WOWP5xxs>_O1nN4?2BM|c?p;cc{qdCYC<}MOR;oDbFyguvCui>k zsr!Qqp3Lt8Qt<@73oa7j^|S{4qOwT=yh%+W>OgO64KEF{+CFK#OQ!Nk?ad}5hE5}_ zwNUTh7KR0z*Tp(120ip!k$J@_obWHF2?oW@^ZE2YB)NhgBfppp?I+L6^_?5>RN{tr z<|xAquvCScm^XG?@h<6-B%@Rl<=(i=FOQYGA(H-5t*(j4Cq<^gOn6dMk3Kf)a(jB$ zG41u2LikVdoJobXBp4d3?umqmL@h;Vh*boyh-*XWJbb6Gki?70%DCSrl4oImSF-$JNH(0!_0Grncw)H^(qqvE;eju^I_ zH?;qZT_w7R={kt>jN&;;Bi%%g*2w=@BP~n|NRH|NN9{p zf9Fs9-wSELh4>4_EF=D3fA2GiQs61~R?})f{67~0ONIZYX#V@LLWeH|pI!av8~Z5e z?e|C$Z+LNZ{j$5WCoB_>2qw>e4$yFNm6I44{ys;Ngc;P3wp_PA{y&=mT^=ILGnp6e zM_t8$3qUXlc#Q*-q~C%0hthVeoS8Ncc!<@+D+edOIJJe_5f)m&-Le{cHaz8l9AbkU zekPs{i@ck`C*vafBgg|7Z>JVedDPyf85?C0}g3_#%N>gTe~DWM4fGYagx diff --git a/static/images/docs/pleg.png b/static/images/docs/pleg.png deleted file mode 100644 index f15c5d83dadd3ee30bf4687f1b02302240ea807a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 49079 zcmcdzg;!PE)(0dGedvb6QKVbC8>OYYyE~-2L#4X}r6i=gr5mIh1?lc@dov)OyCHDk^Bo3V&cl$SzBAx43LfkA&QE&dh;=2s|!3w(aM%?yS7dBnw90IDIU2obY)GKFw3y<%d43Zg(D5Pl~UGv2r2l7GJrd=r3L zxVSj*GBdloyED17GubTK*} z>EL2%ZwGlA*U-q`)kOdbeVXXsKYy*$#nSAbne3eZCJP{t`ROmrtV}G-{~jB7mH+83 zuY!}MDKPWX_=2qbf1doWdwgkfHb zi>P?O{%*l^P&M^^e1v?BX>z2lbtG=AB(b(Jj;j7?)Pq8WOZs)y9|09j!>A(=6`w() z(g+8!RMF8NR=t!Z7!CoELDA4ZlIoR)Lq`Ckw_kT>61TzdT|b&Ps&X{~*UIJX8vm@b zg55#(=JICNyOq(QuG7bry^P?~ksY2AUk? zj(2PP&ac|_>|reswPswK_UNffr;V3IL?%B zwFHC&XS$U*d(``;V^GFNEo&Iv_Lcku7KFo98k@aQDlgnuF?+PxLr94_X1n}ALI_#E zXlbud`$~-H z$1;*8(@~1H^=*|0^x$~)te>QlMZQTTDl}Jw%vyzVmWXq7@F8^@*0r?~Y8J&KdhOmr;FhFT%X-CqEAPRaUSo$&NAf>t)~Qo~q1(D&0)MtQxN zu_<@lh_dc$8}w}GssB;5R4Ak)g|=#!ivpy$DCb`hWM5DpV8I=9WpbqwqR+}`h5Onf z{e4jQTm)kNm>cZPD(8sj5gr&q0bN0Eh67rf?gYP_=j7yj}j3+ z8opshz8M5QI$?rIIdEme&a37f`Vz}*I@#kk;b#~gvkHt=7x{M}(UENHWg~xADL;Q1(@$)TA_t*W0Pb3>TnZ$p%R2*0^$7#!YGA>NH z+7jk1#(rDtagL}RE zxz?(p5>{v*5ZSn&q3 zu^+4=gmGcR(XBf~x8*?51I41ogtY6p~gBC<+yjl<3eK|dh8lzgKB!H}pV7bx~s(*FjYJ^4)TjMyUsPkZ> zC!k6E+YO0Bg5X`=SRt-`*;{-8Gq~gs9*Z4bMW$h>$lx?Sv;eQL#+gWz>Xb4l?cv)R zFeAG|GdDxo;i(Zt+B;pX}i>M+VFsq*r`Kf&s``Gf#FZEC{uM}>NrpIf; z2Z?P?g3j`hVsHMNL7@87eOH5{9%1;b@_%rdO*TDLhG( z?b5}rD<=hhR~*FGLZCFDKF6YTwdn&`kOb>6ge_95m7pH?_@(&u0eM+0t}8z{G~1RY zAbZs7HMdriTSr__5lf+eH22UB$BQey!dr0!1r)LfR!=%h5$uhzFH)@HmFaFfEy{0L zg%D5YMb(b(+l_cmUUpFgYutlQ$s#y(L~qc%=SgSm%R&g>@igNd_HVf6hG)h&n%^La z{lIo_QS?LcuwQrGJU^RN*7;}0KFI^Z2bxn>JO)$DzU}?I4x3H=;pA*E*L%*KbpOi- zUBul591hyw*fqH{)y9r!qxu~h%t-UcIOP0T)6<6i3Z~+kmCYyT0ksJQb>y|S&YiUM zO8&VFR)Q&m5}Vg$>88?1o=21T>Z|$NI7Icf1#%P?d?EL2CazVdMJ-JArYY2|C(h7P znbAqbhHcRqk&FyzcGuB-51Jygm8>7t$I3&o*5+2iTbb?W&8u4k&wb}h79#nxMjDq( zszH=Otew6(`gpAmxOlKw;Qzb=3P2x)A?V`6tw$~EH8k>7dKpab>DImJl-M-`lvk&j z-+Z|oQK!qPFHFSJm5BMZ<+x}5lC(mO$a^Y9+L^yK?oEdk!t*@SqY$Dj%+Pq8{~Y_z zXAnYwzX4iL2FL4vO&qZJBFCN3`LxkW^}lc>VE4x?;jp7KC5tisFuVoc;j7#;uhJm< z*Y=~ka{n!k|2L@p|1!}@rtqjYQqDO5dQGSU^jf@Bjm(q*fd6BIpzTV+*lpx(HTJ(* z8?gA&LEDa5p#;AbNstlwWt% z{&%cSdEpg9v|GHXI|+ys^6CfT#4`;&T>#Xtk?MX*niheJXr26ga<#&Wmwn~U>!JN6 z^=Z=07qFUy&L>q?N`C;t0z9@)k@D7Yn=zf>@%83~LY&$k==d2cK7^G+?+f6R#w6fP z41Yt%D9JvVk7fxNc-l4Z*Dhd)-MvCg&UHHeHFS^Foc$61U&I63qMr>83^(oZ)7~`2 zRC&_nKdi7l$U??yS;vY|<$tMp`y3#Xn0fl&%_pkla{|Z(!m`#qm?PjOrH8-Rv)X=v~ zr{rnt25f@P-jt_V{S6C+-M~kh!B#B!jlWY8&9Kzqxa^lV1ysUr=}KkBnkAmBRzARl zAsRhbra$tDw}Yz!6{Z*8{Jl{FE|B{>=LAU-|JDpjVB)HyJc~Df$&g1z7{528rA8~| zf938H3sAIk_4(WX{$Y~=(4qf&MHmXl>&k^inFvt2`J`dqZO>{RbRdf3)#jt;9zTgv zP@~3)pO~FPk9;M+M7Ef?Va4#oDG=(DKI+g8E5pxI!sKcM=Fxde{a$waLZc1u6zR_( z%Hzt@aZasO+Bz=gS!XG(7()>rEDnaiXf4(gghj2Wt<1gKa_j_VX zn{_#!J7$0=ns!F_m_)Hylp(aw>-!l&3B^bugPKS*|47I=PQzOj=}&r9dor)G22N9e zNj<%fzq$NNkbu%4z_q-)B=--SNA;+4cy%XurRKGnDZ$NIFS!|WIiSMcvEV^U()HH6;aez56!(1;6+-QPg&g?`i* z;X|3BO<7UwCZHUt?OP%YuLx^He8d}A+2n1m<+0Bsj=wc>L z$O5p4`+L__%}X)n3f=MWn`u2VWJx65-2Yyg@D(z52WZ?GqvY6rnn9EtVMWtEu?H-H zYhLv1+#+#7x+A#t_pc(o8^qo7^Z9w0>yf}8)4Prva5Udy8i0W?-ov*ROn$Kn*hDPGQW8+?%5Dkrq%% zGq^jS;T0~l$;EGtPrEK40|GwxRgo{1jsgcTK>fqwmAS`Rtt7ARB*fy#1<=Ul-zche zaPRuym%4BC#^8YUY-9{2V5R6+Jpn|F^B{P-E3tKpqo-ezz=i5duv-V=4{Z3|QBMMH zL$N12NdxC%HX?pZ^i1XKZpK8Q&yD@2X5>@&^Y$G>A2CVLdAwbCLeZby_46&i4} zTfP-|#$dIPiA*Qx$*c&2K+-Ist5D0x+?PkLX=W?GvZpKB9&QkZwsgarD?PZ0Lp`X( z3U)R`ei;@pdpZ}U$o4LY7tR|NzA84h4tjXNr5%$eXJ#VA9(fHoj;Z!J*BLG)# zUNr#?e&@x1V0nAGw7i&@O%8Xb8!Yt3Rz}MH2E&+_<_jjUVx55>@JOY;^hHlQfJ;Ab@k=I95V<`!_E z0~YyL{C3P^O_TEHEwHDlL2kI=Sba$PLyTtjFPX6uZzeBth6!l<6 zl~ryjH+j=F366V;>(E^5TkBRU^0QNEh{LO{LE0J$^6>Ae;$!eB7Y8qVHbsIEQwIhH zOp^1w$RLX9>gKz9d)G}8Gm98U$~gZr!~qPDcK1?9{BLt=Nb%LaSeDVinM81cJxk+f zs2|e_b9L-ao9Gq!Kt6-toG&kAY$dtayv;e>A##sdEu07avTlo8I$Ml;Vp?i3>wVrYr zU-iMiN#EMaD#v(}?X`dOc@rg{AI2+sKy4OZfX@|^(`BZZ~&(w^^|+!)1d?|1O)&t_Su=&ae7^xt1B1hZQices5I@&gPBCfG@X-y_h^EDTmRMmNjT6wU z@p^_2uLKgGJa7Ximx%kcbBDmIvEVx;YnIY(z^Af@PnQ5X){nf1e{yYo^UpkEhH$u1 zbLelozIJ66|M3KyEPzWVZLQbRy2NVlLQ+616Pugzsh0LJX?7QvvC!RRoEC*|jD=wo z^)`<;oQ?UC;FJi%7d{xpPum5_+bYGmKQW4zWtL!cYEB^slc|QqU70dQ;;f&}XaKr`bhkhiPRVw)_ zCITS=7_-YU^OekBS``O)`$oLKVPMW42!Kkir5x}7+oSn|f+GPeRLqq8GTj>f>$d~B zt7KhU?`m?d;U3ZI13xkQpbz4-nxr$FSL$KzzD6O{of$OPEX`-+n@Eh#A} z*v4|Li&6x6@0&VhqT`)U^ToXN_F5PPr+S4R2PXfKe;du-I0PklC|AMgk zcc29?k3>%VAq^1GoU+|XTv;ET1EA@ELWgQsF6?na-JW_^v0H+a{C!xJ0FcB+J(?Zc zX6PJGcmuZVH~xWp<*tFWJne&Xo+mG9CNR|&9&fB4u!13!=3|ic%=;eyxu1Y{fl&8l zZu6pgpFwQb_(g&GVID!bRHl)iK#xQYJA9`N7V#^Kc+b1zzWk(>u`z>#h8^Ii;kw=(QSA2HdTSujjo!l2@^iyp zd6VqdSnGDL(nG(xgpH$2F|HB!wp-oPZXAV_)1A>Kv+apOncAgV+XWkMJRY5AZr~4_Pi%n=9;9nGR~nym_NVNva)3 zAw+K3_b@mxpcNGvsYR`jwTRL&b2F{3|4mIzZQfhmu_qF*_VLS?FEb=uc5^n5+@utT z0<})Qq+t)8A*i+FVzFI3tl1lAq}(hMn6(EWAf;E#U@ChxK?+NX(tBD2AA0 zAd+cYIfq9oR|-qA&g0l!$% zn$d_9GnHUff$hNEqG{P$e|ymWR35S`YbX$^CqPd~d69HG|D%{|2H~ZmV8(tt7rSJO zRnj&5^Rn3Fpz{<-Ux7OgW;+SCiLfy@nv*-xkE(B-QqnV#o>Zg?WRe8)2v#1+#$4R{ z;NUkBQbcwC{Axx#Fd<1$3*IszKi@RYvNr!JO~|ixxCmtICzHfbX&EU6;BKlhGp|Q( zk?m4Ho4y;79r%2lD0Z_UkXq$Fw>*Q?@j$}_PY1Wn+*b|N{FBAIJT|@rAil5Ws`vT> zARz%CAJ!>sN^1a1*aT14{Qi>xI{%SGi$n0Jl@9uhCAF?U(xkdl8}q>R0i^Fp8|(S- zk)Zsdppss!FO3EXIIhMR{yOFXt$+u=uhwW%Ka`s>D?{x2tiE3h0Va?iDMAj!oSelH zf@^zbnvPZ5J{Tc9gVWx^hkVKMIHw$Vn{7xtQ5b$Ha>u6wGl6z>+UfD^j=cM^-K_T- zDQ~Pj&*CZqweh)BEMd4byVse8GJstKPBBTj+uNhb_+~=A{lL(8zu%RXk3w_4Rv-9t zdV45u?o^@2%&k|QLz#TDpRNx~#vC)UAMbW9?z;_$R%|zQt{?K8z1@}mO147kkZbO< zsq1D-rXz%DkXK>dP+qp;KfJtS_2SPd?|DWyIdoVov+XVn+q;fqWa|LlY%0YUw-Y6l z4@PjM>P$#kVA+hx37gA6GQ6Q#cMM?|*b;}3fR1j9jqh+o=Ch-_kJ;OW8qqog1O?uw zLPR_2eQw>}frq6id`vKta|weH#u&6}`m-1st!J5>S9~siblJ|4De%Tn;p3o9e@gL# zc&&vH*ys-?GjrLu-Pfk_oTkSh;zq69E?=UR2HMUyqG=HAlj`#RrY!4OWh0zD`ijwt zd^-)~hJ@kSL?EeQJ+jdyf)bEfWJQDVkpxnS_71%U!pH|dD-?_41*dizwiW{i0KZ9i_w8~(^hMR&t!Rtuk8s)VdIg#iPR zZ-My7v#XwsyXikGP>f@xC=Q_j@~ldOIhYQqSI>txHt4*Qd5w8zqfr^|v1!hx$ZY1c z*`H8zKoTj@JZT{rO=!4>P9eC6BB@1?DrCRhEd4Gka^R4-*QthKg35S*~xN=j_AAN;N&Fd}<&aH8vHf{yvVAR402Xz%D(um6RfJVM@p z0ffLNx(a#MBepgreCTs*PzB@p?Ai74dt6fq3n@x`ZT%F+I1z_Oh zNPsSNd*xsEPzcByIvupeaExL^Nx1dy=fw$Jr2MEf4!b^^R46k|xW2!=coZR+?{ zfav^HH1^sBH&MM@hxGu5q|WIW6&4!X8JFFgQ!Klgk@#NQc;(%pKvU1h>@kPfnNdIk z>WIP?ln&b-efM;ibdVjHk1q|;yL2=^%uqfB=f7S6p_P2vt_(asTn+g;>?UsT3^sr8 zQ3z!g&A=gvozxxgK=LP;5-cB%ya&)3E4d*N=7@;5!1@S^=$;;3If8RKf_^LySy=Y4 zXD5Y3mcFnP{o-2%otY|(-h;kx?Wf8_xK*b-ECb7u4mfK_3{uT-YZ^7Wfmg0~=e{IB z9QE@RY_^1jLlIxp5^Q4f?IY_Al|Jrj)glwzTT-Y8wGkaX!Kljn0g?%Eg%U$RF$rqj5V3bz;H_qI|fYsWn z?K+*rx#$)P|6C2$NhlI7V9xoi=1+-vna3An=k6w8{YliJDL>7uR9*%{l=#a!(FD* z?$0-R#>?leSIiiX=RY%CBAbkL_TOd*y*n_!AZSLq&$?s>CBxG;-Exf6eg>z{9P@?z zCeRkqO+sJdA~Mc27~tejoD!n&MM_vPIpa$bL%XTA$?)trHuz@Kqo(%m<};ru#|-z~ zOx~k1$-zez&>-gqJiA7i^PA*J+Rq(L3YP!&VPA1*@+81fG%{VH11+tQygvx)!g?2b zBav3Pt{lQnstAp7-)&IO->OL_L|xdDml~fDu@4IPvqx)+q(b8b;Y4z!JL<_FUOzB! z$Gv0yq_O#G@jk88;CHk~XVUmgzEs@Hy9Yz_UIT3|3v7tYhkzZSikr zvhw=+xiRy3*J@{LjiwA)=S!4s|CbC!d^hG=u=p}7ghiZ_UiXSR8~hX9;|*%I5MnA zSVHV5SV+Ui0*!784B!==#$v4~;FbSPbqAO*ik61$&s2zl(N4F!N56M}qcQV3*cG}3 z85H#xEhLrdfIo<=;HUE!B~qUORE!L{Jr*5&_ezw7uJDj=Far1##_T* zwXDQ|?WG_`yr*6rgyG*L+Z!Sr;BV-~nsqzEPu?l%g=9CNgTv98V!mQr<3@)tNHt;^ zigtv1;o(LJ-K}8`Kab-NeChNtB200{_3-BGo ziDGdLPh^i~wOL`Akn2ZsINWHbYdIiHZL4Tg`%~k|rGgn8un^qryxf3-on)4YHMCyf zioH`6<8ag(|G8m{z<9L#s!v0c_Qc{^-lh00*6x^oU>kDwmkn;x?Cdzp4F?((zq=s^ zR4ck7V=fVfUTybu$B%#u0P6uNy4K>B*6?KbHmP8#aVxKU7kjsnd#F5CeF!{RDI%Lt zRCIN9)zK5{He9%jHD*HBv$O+I$5xs^!_v%M_kEYwXtlDVk}ODT?EQ~0j*%@|8e3Ts z8vb`yi*=J==Fp;zooKy47(OR@%g6l?uL`JINEKVUvkU{dxDYeMhg=BBn04Fg0j=G+ znXUjSH@dTGjKmyqJ-5-0z#(&FcT0oA2p>zY3~9QxBsbPQ zS(J*3I1pn~BcBa?SG9bqROP<#4|^|>;=$gD$p5iEEJLwe;)A?UfDL}6M%lO8so7Z) zuLdScgH(677ohexcdf61NWC6ON|a_lPzWGe{Vmm4SCd!U9lDcdT4l+Z8W5{ zS?NR8YviZC_AYlsF!FVrY^T?&kFkK=Eag z;gDI4CoW|V(UP9d?T30U+QsE6o-3qZ#$Z>4rdJ0Wex?_~*%l{k;7yac>seBkw##+LdK#!DZ7Qt{vVfx#4^A zx12eqI}hGS8#Z*yNFn^pHgZG|=w6Rf3VHLSbm)NHZEl#-Dh34ywv!K4p|nn))~$(z zU`n%tPoxif!YP812Yuk=X_(sI4tm}n!^oCkF!B%_kKNKRusu5hYbP_(uoTsRQfxF8 zT8ExpDp#!-ZobYsyAzMXiNeR3zzyYE)AnBEyk3uv-4H4sbho)bpu1TNi6%O_^KnOR z+dB}}fH`!3&?Uf)R&qX4&1mQD^;}5qv%t9%@fhi<4fEf0n@T44vgh@4t=c zq2YZKF6{f12ddaBn~oG#!)X^AgynBvY=7~tOG-A{Zi40=1*QnoXBIBx8fsjEjd}at z_x9@|Nr(Q^5ZxdbGQgF%r1)P-g*A$|X&)h>9Ju6wt;1R8t_{c!CP$C?hO^~Z``t<7 zZrEG65i&Xmw^Bx_#I=uZ?Pv~84GF7BThWeD)C^lZFkES^ct(B^o=2vJ*?u-%uARb? zCJ$;G@!lEBa@Jid_0h<^i>pf+z*Ri!1mBp@W*7N=u$@v>lGXGe0;|Rq~paD za$qp~Hykqw45)mgjKpag@zzDSHKXFK^AzDHBw>tp&Db*6E>#&&A%1<+hzlF7b(-Lm znCMk=L%u*qaFHBgT%es0zaQsIb_&6)jcT&Ka&$GPjrs;k0W{Yc_&v%cRMSP@!Lo0s zN9VGwpciDV}joytV}ZlapwFA2FfPnbN0%i3uw#e?g6>$C}G=&Y3U1g0`|uCQQh> z%@wK#;Z`p3;(R%4tnQ7 zei8^btZ$2nvrHj8ko!B`(XuXtg7M*EJi@Pq z9==1%_KSTXYq5Pek(i=12N;(puWm_SI^e+B3VQQ&Pa@UOo#bDFJR5(}++}IS#H)3u zU|e39P4R?WaDWZ%y=>{nXXQ7~C5XyAhNb;FG2*j&c*Bz@?O)83iVB!V)CA%|FR=GI zW5hf;I2et1_gE(w{40jsW)9!79qB#<*t`4;DNBYukQRL<=rUdWrG5dR^`1wVB8J!e&9gey6t&!tIX=iQ)>d?8P(5%XOZlQ4b`lLvL>^FQD-s;E%x0@R&jT zxPgbK7JOFR6;86b;bBuD%lLH|6?Aw}ieX5vD=80@$stCF=)@*;^z_O$WxJoj#U&-| z=jZ1&C#nS#d@L6TAmOSb;2))fol*R$gnDuHjlPdV!9xF!Hyz#9OfX7y~T77Am% zQF*clu}}739JRzWLKp))7sR2`VLu%3ZF3Tv?IkW*w+f?ZxvqLJZq)R&ccLuQ2Y4F7 z$u0i1r{)V?-7geR7_6Tbj`!?k5mOQVb2uIe|3Iap{Lr2ENk>PR8li2$g=L77+ZU6( z-C+(<+Pq~%HK2~h?jSLYFr+v$y1&cSYcC+E#@rR@WRhG$@laf!Vgb_&$=*1-n*t*()o;(9pSWwv^QZZDwZCX@~qnXCN1k<xV%?B_Wx=8JsI#7#cs#6hjKbJ-&P>+TpR0&sz1jq# z5E6wYbSh~%EdWrNBmW#r|94YKK?q>yysoN$mJRGx;=>*LUYWC6AT9gIgEk7jTqx{o}@(4-qB@&4zg zn;J=ZJtM|90DnF_@dsIP_)nE68FY5A)I>p^c1_u#bY!<@sRokh`(cjtMMN)iP@M*j zj50^roljKG7MSrQ0-#n<*S1XciTruW)nI7%9AU*9R16udn6O`U@vT$x)pp;LB#Mpa zl9_a^($dq1)9qV-RARifn4Xw0;I)JOJrS#Pi8Y5OzG6rePbu3RKf^hv!`!_fD(&Tj$8wC3Unlzjdpb76OI zyuojbU1H@wbEU#8KO;>Mrr~rw#pUppM*dSNIUN<^0utM=`r;_K!Z66#c1AMUFPGm{ z7!n~A0N(zo^z8A}Pq3q9`ROUM1$6lFvmlBdgIjYo;zlf#nj^2+vY#|&@+13-2vFx* z+D)~1VJEU5-Q+^c^XzoGM17wHjTQ_n-TI1_V&~19H$&?^QRoa^W{1lyOxl07m;BSS z@MjK9IKf;GkdJDoGR=%4%{t`+RRI+)Yyifg^vI_oJpAvX>8YRmo(u)K-`#QX@<_Ij z{hxBsl(K@vRyMa|=U?TZY@^@TJK0?Bi;iJF)JF>|54HPI3xfBtK4m%$6a2Tot3yTi z%bO0^e$yuz3(WZaqFRQlBkjwjir@H{n3!tsv#0H5mr>-5``)I`c7gLxb!dIvXtGFw zLX2|Iw#a#B#8vgVp@>L8%xPw?jnmza_VaSH6uHw0ojb)4W$@%4{U zUo*3j49lC#L;G8eDwBv@P@!s^r^|2a^WEtS|Ma44-}ww4=Ux>Rl{vOYA>1fjH{37w z&BvjP>sP-It49UdfyS;{wa(B`#A=%#Z0UYyKb7dAv^U)Ha&mGeq;?!zxtx`~MmyHC z<=>1Q1b%EDRkIMz)&UvNZPjEs=gGgwCjr#PtV?x_^ba$J;UO-P`GW{xo;sCo#wa6s zkVK?`;HFqJ*+_Q>m%$7SELH}Bk1ruVZ~d@UFT^)Zg6Z3n z4};{Tr$V=$lC=%@7Yq9VEV7et`??IxhSPe=zJ4k%kNpvA}WiJq}Z|vK>th?sCuN%F2b}u>ygJSbqrssV-zd zMZGEZo8(h@Gawo(M={vpa|g^l#Hc>z{oxCyj-aC^koKx`?;7Q|YW!TNw|oJq%>hD@ z(-GaX3>0Qx>ud|BntoUM?P~164E&`u@!>1-m13oQXkfw$?cHuk1zMR0Zmc}Z1l(&b z-#ZVIlluT0bw}t47 zsznvBACUog@>0A2>JY~ zv?yKeNb8+u57c1e=j&|&cNev(ocSZfXUCkouhuA2XGBnX3rG<*F7_AplayN9qz5Ti zgh)AUQkJ|1#LV6H=S?NjZ^r}}6MSV1-ahLo?sj!1p}WmynCGs2p+;qCczB#BY`cL%>t#XBx`J-)<{_b}O1QsWyttJt02>PKfNO`gt1K#)L3 zVSgWzfat)};8Kg!DAG)bN=6wyU-y<`-C>AyWRjx|9}* z{S}HqW`)nFWpZk1o55wTSKx;tMXrZ4*lB~B5b6en0om{`__*QmtZ3oI;3|WmA)`j&DZ?o$<+cbLk4mQCkjuBYq9&Rm zpf$4|$^jH`9Comv<6QKKq(`JE+qwv6w%AaH6nWjABo8%{PpXP}qFy7$8r#(CK_vKV zWR%vy{!3WDo5^g+Qcr%g&_gaJjj!#C^^VV-uF!Yd-HB+=t|HKVH^zAEa0)q24w?>Y zsXsQ}U5J_&7W~{;cl>aBSf?hM6-zwYaOi63_b1XSNX?ue>2mvg=dHsOHjGNB_^#@Kvb*`ry=ynycYY zmDB}Y^UEHyr!6?2iWCiXk;jED1#=_h;DprRKA;&zc^+TNR^?wE;6_@Hue>?y^UzuX z${o-{?1?IADOPn&P0Oot3dR6_#omTwecvB8^EKZiWwdVQLbK;`>YLs6(>|A#xvGA^ z;KA>KhU71#4LEunq1P3h=t^jb2|eDO_H*CqNbyV2|KvMtHfAiwP5mwOv;JZ{|HEXn-UFn8x2A zHP&?`fVnG(phuaIF_Pb;w?*M+Z8Wcv#%}rZ*`16ip6WAk{g4P>YDB}y)Y2Ol z<*?hb@()W}a?Wv@rUo6j5odKB3ltVCEy0cNR^2-~{RpqgmPcZ0od5%}BrN<-;#OL? z9l7V)qkmn0hZa|Xa-^)NDWN$v$HyI)07;&lvF}AjoO}O}Toy+`YzTg z`(=Amv)1>#;>OrJIwiB?qhC-y>md%qe{;javn+Mh@Wn9vwwy`U`EaBmkYG40F@Q($ z#RNsy=n466(z$eGR38Ibs;4roERY`V@}F*bf_nwRIRd#F8^}GljRVrE*9Hlxtv6^P$+0FK-Ohg`%H4TUWjEX^oIioWYdYv==qc$<$!icn)H?XdGl zvsVn?zRC2AKhqB8oy44_1WpnFoojaudO_LFwjBE`q8zvZ4geNL>vNr804R3)AdJ;L zYQyhvOx6RnkDvxOmKCLHxWe)>o|3VNQA#UW^iZz1JXsKVQfPMA(5pNQ%+$5d`8BwW zm&m|rrDSd(@_?^K#0sbfszk)Tol;Lm7!v?I+Z_@!*b)#jc(=o4+qlCWN}|OtGn#cS zzuw+5;or)HZM@TEZaI6u^o7fnF2?mUU)FB_<+sN69_&b0umP$7>(mcgT*PH+2C*>Q zkUM{$&wHef1Ti4-sWn(UbeiyH1(4EDdGg^oO7?^Z8tC6KCNy3ZU|#jElLZ?zz6D-B zlh;&1U=yijl9KSc!^ziyUpMd=Xjw{7CQ`9Zuro0O9p| zRQ_k6RN{gTo5k(pOSQJjApG}z-NcgyPNE1#3&U$IVgSie+LSlHtm3At9wEPvf` z$=1DqcDDJl85MfKSh^KH`!4k`p6K04u>vVR)UL!+bWA9>gr+)46p;4=+Wmx+$9Me% zM{`HCZF)wyYk7YoEFpakkac?=(~76X{S#sUzi7uS8Tiv~9R?!hc4$B9T2m0bE?7$% z1A6{`oBUz~XcNp7Nj z@*e#0rqx5Bi#Q0BEqR5~>AHLymzl-i``t<^3e2s-KC~NQ<&+B%9)$X~{&pu6V>Og} z`zMM_5w2h&SLgyr-vk8!tuZN%8@;IjW=mz%u1)Fe6t(WykZQLaM&*rU;a`<9^*in% z0AdjyvxmEDvvz;j3&l+LWzW9Wg)5-xaJ~^Y4mVxs_Q&XNqz-y|`hBTE0%kp%(}u*4 z6j*UvG?GOM*>>dKM4^sHK-mN#k^qVfj zl6V)@e;w)w09ZF1$P$J7dJP63SRw;5PNf#Elt!iKS#R~ZEd}rO7kdk9H@TG&3HdhL z3cCDMq^DCa(=vSu$huxJ`ai|ZB%C%ZA708uPUVli`A(Q@SZL(fG)Lv^)SVIWU1jOkpyYOUY;)S!9UW>4YXY`(3tT*w7WT4z{CK zu*0E7lwz&G=Irz|RVAG2FEm)z12lnef6fw3Jsmn4k!2KzR3Li;jge-((L|r}^7538 z62J|3(-9I#iTEOs4Z2NknjQ7VeHhL=neLL^c_p)T_WGy&&*SF2m_{kc1-<8Vn%suT zO~m$!R+Mnd_1l&mWEgM1`{xsVEt)-)(*Tb`TJfNcT%DY7<0VCq*KnFvSXS$2dwY9j z3Qn|NW_aL|Ja-xut^cZ8iUYO?2kR|R0|d?xx5`MDU|@dE#bc)F&7-51R&+tk9CSXU zK7m)Z>)LF3FVg2u(sr{;-&FWYqu0%4v9ZypC$iWGgpuy%nujtO?=Rsg&vSAL}a40>k1;h#z zgTVUya=P%1LG8wI0%nZSi{v+Vr=#in3w7ou#0NfoK#O8Z(_!m^imK{2J`4rfLXUI4 zWO5EGm8L^(CqApt#YfRiJIR%^9x(O?2sSlD5T+F+unNU9d6kx&%OIvGo|(W24x5Ft z%|EU6uWX4dkhf*6qybVcz^R1Af$w5w^`;+<5{lx1tWa&sZh|*CLzkOxUvrLgl0;VM z8~3N4D|a-Yr6@>spPJJ{7`-f`BgjqX_Tm0EJ(b;D@>^j_f$RICPi_I$q4BGgm1kSH zaUg0jnv>f|=bs6){>^g5QUO0e%+zp1RQ~S{Oc#Uj>K{G)T0f3=R5d$i)uJK-ryr8^ zsh>_%0ln+uWJ6;zeKyXqg*jBxXRnO#QGJOUAWp5Sc8j5hFQ(yxGt{3 zslZv7ZyIkm_tkLwWNT0@WghL2BK8_cJ!u?{x;v6bPByvQSDOtJZ`9^ARu#%5YaQ?Q zI$ev5|2ml@%<2pJC3tM-x}Tf-Osy!e?Q;jcn+U|W4PzO*IHMd*Lhx}QI(9byB~HD z^7!06PH72052EWtgQSFP-y9(#g?C+(?=K*y$n5{Hxt)gxBe9I;kE%`#tR*T|fj>A) z%t##_9jEgxOd6$AB?ZOpXBZcylnO7t(yv&4yk1)hK*cGpd31Wu$h3K>27on8BnECU zJP&OK1w$BW!TYkN%R)htARXmty8CMY3;fMcA~0q?U18R0YxDU?r`*tw*WAN$GRH36D<%8Q#0i*&b6vK(>5?kad%i|Z)h z_G#~Rg~FsAhziB*5!Iv#P8Z%QpJ-n9Z477YC93BfdPFg2XAh+Tw)su^DgX$7r+&mB zCo9NULV3T^AI1K_3lW*>?Cj7>THE)nIcZ?SOB5GTnTagh1@eTIN|bTm*Q5=)p~(9| zp_B|<-P2p=$%XC9TlNO99ikuXaI4yQ*a^tUW2Wv}3ltZ|2ps^2-H#*0H$Dg~U?ObY7L@%Hqn^q&#(xn=j0S@urfsBsL76 zh0~QSe0CN;cScAtBM27W^&{JrWTR)u1?RAu%IA4;-0+o~-d7TglL4(r1490v+-Y;MsX2y;1KlH!y((a^4?&O$Q20WBn#wbq z36dF)VkP!@E{BXqhEI2M352iO9E%RNJ9JVP`zs!kCpeP1{m8F=Ou6E=WQx@j)>|wI zj|-qzhl<$Po<#FhY!qIB`tcyUY7T7g3ox%61$W|of1xbUc2u6~2!3I~bvb0j3lS-l zfd|V!$k$77hzkysZT>8tI?~)nH1ydp%qSOe<_8$PT8K-(+8s_?!JoI;rWHT0M$PN(rJY+_p>0x*DCv7<$6vJay^mL@jJU^ z_VQeRemHROOmPr7Ws`p1_X1Hf??O6|(G{Fws8QeX@7!CEHjBZB0<1n&9R0)HML;A= zIART0p*Z)Tz<=7p{Y9RmjhCJut!RYz+-f!c;mk)WhA>5XR+YE3AsP3*f;e7iyv6}> zYvT!6kakr1t_7iE|sHH%1agLcf2P8$5`vo+s9)4Bg+Ib~ z@h^l~5YlUk^ZLeihk-A)9M{Y_+u!iwf?z<%(vT(;_dl~bqD?@Yb=>i{;{9{a50Dbe zVX;9l0R+Euil57zP$OP+LkL*cE~UQ!k7Kv}>~TH@f|MR=N!eX3nF2ejoPgJ8#JPkL)n4!}9hrHF!h#i1i2>XxzW zKc%?b7H6Lim&ZD*lArIVH-bx)|F>xUJr?3#dFpz(Sv)Xnzcca#6?DY5b_aS1scdGG zAlNUeG0CR_3LpL6PPh;pt!i7tWuBze(ckWd__;`b{8dz-AcAvNNqm&U<}X4L79F&z z+NSVDTK{<)X}Or~$DvhGK1)ZTFvZ7wC9ie5F2KiaSB}4bo9I?PzNm99(fPMk1K{_6WaDo$5P&VC-BJ7`0smhnO;CA&2oB5u)!j1z zjNZ+CBPI}pubzs~z&8ti#%$rZv2E7YUzu~uemRNZ7oWgA5;2~UL!N<3fl^;r-H-1{ zuhli{t0=)UW;$z*x)xVbjfJ6fuR_RQx}Lp}F)z0KV?wU*M(f#(L3%TQIVv7pww27P&={NkpcQ$Qh--1*6&pMx%~5vz1!|EWYsOATu?UC`a zOZaa3=~4nF6O)GWHl`mk^0|gvZ67w~%9A6Q5wBh5OD_Y^Ug%;J_<3YV0!|MC(x*M~ z!<=!Oa+LTZN&|dK%$V&Lh<~B{&D$}*KkkDFSfXxy7SMftry2Umd@CuG<`ZwnAMW6Z z%h5g@FYMn)&HDe@Nf!a8A8}|hqDP4Ip?M?`jChN_}KP)Q_J34 z_T*N7h9cF%(Uruq(g|853g4hFE(eK@74)cB(X$jNw+O~dhQVt)xib=LteNF2$PF$8 zQC}VcyEFYMt;AfR5pYC7;X^z;Q%;u9?)2*~BQaQn3to4x6=m0kh&rf8c?#28=%3WIEM>UHBm%m|qKN1XBQ48RwpyJ+M#E$;=fDgYHSmowHFHXMN z{)tg6$Q1Z)4(5o=*`uQ)nS9+eNFbEmyI$EpThvd!H+V)Iw&ba zt6ekkZ~S3i6rf-H`POn^S6q>6j*P-JmfQmFA21d%m!a;Lr^fGNhzTrUe5)a7!cy;4 zKEL=SjJhOq$4P&HK*|gEm+=4maN)%airhFHka~?UtMt$$z&O%B=+>Y^z5P`(sZ!%Q zir)j2pOcGwtzOSjthMh!!(D~XX=7J3U^%ZI7Zd!=cpTN5VC)%e? zN>*a~H2`*^b2aIS&kcg9+3~1i!v}myaNY^igJ5&N=T+!LVkgAO5*#tx{6Ik33=yYe ztbJMc$i&;fLXo`fcsY#iGr-`@uODawl_Mc&Rk)o_Tg;O7j$2w;Syjtx;O(pG=|Thf z^s0-3tx3Qpl>?UAqglLBPf3a()Wyts8|j+_yX5Q7rzq!5O#+ffNg_ndV%O?xvM60a zOMC5JUBCy56C9SOy3wzQ@~-v732NkL`YX7)OoSzHdtzZ## zIAx=!H|tf1h(30(=6j@~>gK%tFGBp$Wv1!aGL@1W0?1S#AY=GP2f>Ozt{d^1p=`R( zp;6sAgl!e*PGu2kDSf0`G+paUHeuDPi_63s`#bVPL<8OnN9!RH2N@A1BGg&cVi>h* z>B@qpRqm@Kg&uN4yMz8>g4*!~^!EumhZ`I68V5>NTy?$!(^{R=c2-@J`$?fzjlB`E zHA%HKC-iP%DTZ3Q58h1#O=w7chx~(N!^Z{*QR?mFuh5obNbk}9nqaLO*f;Ij#&=LC#+N#Ox8S9gfRk&>e zE|VF+;`~c>dZcdb7IHQ+@%cU4{JYnr(^;|y+}0D! zE5bXl>?k2lkX=_y@Z2TUyX;k6Bt`Xm11YPVnb}vkDujWNk<(%zl|v<0?pxL_93jm8 zqmo=J$V=y(!@nHh-}{agUo7`cMzjXhc+Xw;xgQ2NkTiX$0a_syWo6^-H=kd03)~!! z#(2{|n&)A@+Hc3`55;4mg6(8DW=D@rsE+*cH-7tIS0C;D810j!$U_lfPxmj&>}uO; z=oqgRU~9fo__a@)OW}gLsPDKpLR%?gt0ahekQ8^~F_y2i))_$z@AXC=d+k$T*uI<~ zk`7CA^f=w&@VY$a0D6|{i8g=->4YtTlC2N4-ugkw(+}V>vq&;QE7va(P%qF1&aJDP zK^w)PlTWIs;Pin=Fe|&J3%HHI``-@QG`vqbXuCiy7{=>;U6X0{9zZ$H0zT3J8u&i( z3Qc{2iM1+2F+w#{vvDPozrx*`5xKUhouJk@^v{Xa0hymoGQBjYu8C0$!=SVK=$i*E z`dtj{@7?qX8tqDn*9s^dGZ1#`f046cR{Q)6e(L{=_WaQFS2zjph`J+HObB=kX?Zq5 z&+~GYy!)S=I>VPNo*fv&w#Gm1AuIdh;o?pS+&=d>eRs5x9X0d2*qdoZ&t=}Mh9+*J z8{RD4dcMpIqA_4^RH#d6v_>2Ow!m~1tIzIS?OM9W?zah<#IAkNkm3eZkspp*v(>+A zRlk1yI&qlPucLBMF9|g|Hc;(=2WkqD#R;KAk=#%JPE$&d-(oF`3n7m!$$6q7dNrqQ z&2S`IX%Ys}Saq?aaKgU}+z#wr z%g5C?nm|$*OTvqv+b@cw{AT`G8i@`-zF9>!gQj-?i=N08K0Qd=^X#&!GozJUEpQ><~xUmDEt23E(BQSqhl}r4CDEQ2G(B-LihspZx}H} zRb&=R9p9%Ux7qq+lgM%c@0nMJ9V!yTJF-h~6o~$s%Vx$DdM~GCSzZ3jmh!&72UWCK zB&+NBo8ps^5$R#sUh?W>;F7s|kh&rENX4K%7BN0I=XEyUY1jSUq^o$RH>cy%giQKp zK7a!nygHL^6y~$%7C%#vdj2PtF+cmlQlRCk^n&K^O`W0+QT=4edNf-W-$;XN`TpS( zlJZ$4a<^416-~{z7@seI*%yC}!Ix>;+dw9Sn!U5NjjW}oTbz=nlE&(>$@e_N%qZl5 zYtQ3`R@K$fRJ5^Yk8o28_?l*awL4X~Sz8raD|^8|>mM=^_)l0!fRsk`ogHUZsU8XI zJ|XnsDu3vle-F;9%~V(fU8?s5EHUPHJ~J`9p)VW(nQ!a)4m}{1(Y|leD85nF#RJvJ z35;<}0=iE@p7oPSgDBM%9s#)^9kUO%Kvu18_~0n^jS78ztPVpkoZt%gRv;VTAenqs z37<0nZh;br!49tizt_~-YqMD7x`620jxW zUlM-Qr7p9Nfzjc%==bo^{cQfUapB0j*@$a(Y6WvA{6S>BYMnlDkKKkNc}KXUdprNn z$4XGt!}%tYCqwW4-p8SD3xGr(LzC+Pr-J(7xc#(e)NtS}ORhlQ$Am6`)&JC{V_>fJ zdOu#MHeuCeN0qxpe@nl(F*l(axz||>x`f5PFrFQsp)aDRvBU+DD`k6CxtB+{e=GD~ zws2-(eOZ+G-+UnY1DL`vS)yantg}%)^Cm-R-uCHDD~9)w`S^2-ffv`zT~~X}cGck{ zvagt)RmWVCUcstHzpUV^o;77NndqeJ%NEfHLKPlGwu`&-7&LdpwneSXdF(Zo7Rme? ze5dI8pt*a4(cYS|q$u^Zhm-DnDN1WI_OhT!-mY^8(Tk7p;A#2^6tT3Mg?4|=93ob* zs4o@A#5xU_yz$7(Bhu`e)>z4$(xC6e?mWi~Fwa!{jxvCk;vz*`=Tj*sa6tq0CCuM~ZPloJ0vRI^P2;5F=e zEd762cM`rCvHABNc!w#y_`8?jU(lq)?|gJm{p??^>2DncFL=~}12AfI`20VOsXvJy zd_j`Hf_y|Q^1zb$Bq9kWh)u4Hb)8!b(@ksPt6E=S)i5W;<^H*jD15M#jKm-9S}>Rp zL(nhIfVF{-@9`53ah0kXo!I4MZ>#eKZ<$pKLpU zOA{Vk~uK@E0su#ffryK8{uOsLl`j-hzP)#d|7FK3 zH?3X0?|{BYRO|i`ARG5t3Cyud%EXwGUjB}1aEad7Gb0tR!~fl2dX2CWE(s0uTG15? zqX9~yDv1kRJF-gluEyI1MXnH=gT!Nt#-JSiU^X#>QN^;UA`hg^#Onm&??uw}CclK+ zPf-|HH&0E%EwH%Uj0(rU#Kf5GM3`*P0~0=o8AT$jSQ`#t z=0v|MrYFfgmDOR=k3+m+_NW5)O*oK;ILG)uxQj$ z7`p#RfOPw}I8R&d%w3Rie}s7N{F^ey`&1?FM=|;jp(xD{y>UIUuGL)YIM4m^rIlQ8 zY^112KDdqYU7#%wG)A4IiQh7s3M_ICm*QSTE!03(k`k*Cy%c5C+n%;(NDJ>#M>z@v zo8Jmt4#TmcQPs{_k0Q4jC;9-iJ6Uy1MVYSGc{Y&z=_HeN6YA z7sk0%dy7aFt%YPgbmIiY{7$y(TP8vV_}#chh}TxGK7!h08dOoUDqYV5vV*f1`Pu^< z(}NwmlPEh0BazTV2D(Bdb)NpV##%ZZ8RojDE)#J7?emG(j;!C02~jjcW$Pf<5B*tc zO1Am7Y$Y?ilynF9-fN1-Dlpdx(2+5ioA4cv1|y}XUp}c`agVnZ6M536s~Rq(0ON+>Qi3zbtB4TphY0cq?nD8jJs{L zjp0vVnwLdrUS~Y;DEMqtEidsQC=`Juz~^St$EFleU^CtB_Jf4uoW6;#j^*>iCnUNk zP9_;qgQ;P(bJH2zlinC>qXelq5`>khHH{(XwC8U7U(0vm#fsyz2bgniB2TPt2*W+R zlw7$kdo-)5OHoaPQT$}kH|fu@_G33=s$Z6?;Z4H{GE_rO$op58?01+!GqUGFD{z*8`NmKt*Y@7s?cVPs48h}Qqtq3LNb!%4LdGCAgbq)19aU6RQZBw- zH{V?~+X(M8XJ)o~?*<9n9xL39U5~KcU>E%hT6&*=KrVZbA;WZ?DPj=lT7Hh5{t!A8 zpEUq_c0aRkQ9d-N?eDZVy$-hLzkWQn-TQHXa&SCl`OrAPHZ_|*jOd}G+dVIPlC#nr zo5*9ObNBP!eVuDBDnY!ac$=Gx9bz{+rA{~e%14{%G7ov#n?HMfktN)2jd$}>hsrKk z^`6Q|_Y-<1de~%ZmZxneW^PMoqVOQq36r1(QbiLZ&kY`fYJ2E%+9KoYDqzD-qxp5+ z-Dy(>Yg3kMH($-~RW08oO_1N6cf~Z_?hM}cP57Zyo&W~mn@W}|`<03e05nVsQ4r~T zbNY^l)H~sIb24eusA1ss1MlI4#HEQ~)!muT-Ptc)iU&5Sj>Z|qcL!bM(h*0}KF88A zFRm7KHOq2xenwvXw)2^-N_%c0pF`G_%xMCnZL0+`kxpv8O-gLAT@_e*_LY zTWF)QtG8`{m;--jfkYi!Pj2>|WpIYC@IBB*eudL=<4AB8^#g@wUIq{3YYv|fSe$@P zxgZ&o0n?QhQK0P>FL#W6 zB88p{RHmGmNe{AmuiJ&MKTQ9yPP`a!X);kSSzcP|yzb7p4$*2#z3U)8I_zbebq^n< z>aG=0oZ%t~a$KG}FQqO?IUt$6Js`h>n9hOvVMv?s4j2&YNO(g3n-s2OfM5|NI5ys0 z58l0_RY-q#Bz(U3K}Jss44HczPzw6k0b0%8jm2R~@8e_=Kt@=RqsnH7y4d<2)zjyl z8eix>g+R4SWUKSoy(efr`r<;+rz9C*zA~TAR{e80LtzsZyL(^IB4mJA?YsGe20f!WS7R7Z6>;(nc*3B9AU zd0F~l)||n;wlO}^IOgQ`knN6BIqCwpv=3TAWA!{Hjk|iiP1~}%r2=R`b7U#3!ZZsb z)C`ah{Sa*-B5W^$_J{Y(yIF3-!2V%a>%F)BZAWCQKOmlO zrD?r>W(wc3U1577Hrzn5PUwXUg4RFd^b?N%3ni1F;6Q9D;&w2d6|ZI(NmX2_55slD zH58SmbiF*byc#fU_P%+?QRV)ii13}GP3+S?Lxbbg(OSp#K6pG#28xHz03Vqy#4S4@ z2`s<~D9t$!uE|D>&?Xy^36S@l;Tj2Xiq2++B%0E|h_yh(POrtNj>LKV<7$ z14p;}w@X>GRL$QX+$K2^b?&n7zvfGbq%mZWiZvVkrZf(8NpOs14`tsz$u$xw(w`&2 z@nOp~aNKsq%W;Qqzv==Wf?)Uqeyevnp(3GNbVMso=OuPtO#0vECwjcW)+CH;vi|Z< zkOZ?%;8S`BuvI<&RqSE<4Ph_Vk5Apt1f%ji?tfEzK$rc1RFaCt{X4$0#1D&kM;#^0 zwC&<-&ADcu=43vnLP527;~4+A*;i+~PC)@Kp15=mE*^LNu%2{op#Fgi;CSG!aQzD0 zZ!ufcRkgdfFgtxVDSV>eeuangXh)zrJMd`wXf(jWih=*LBrC)7@Ks9u;eKKlxz8L4 zuftFKB8KYVPV9uc%d$JGed&8w43S)EIZ3Sw@8S{?K7)1FF3PIZcX<7-j-(`BfF#I& zYHyz}IGNWm_X31f9iOUYs%U(Wz+1NF%R9s%RKHz*x{rCc#8q1(U-AmMO$yXg>22F- zb;MPh)=gScB6+*!)AwIN_ykCg;hLsBfDh!*U?eUTt z0KbJOeYcP$e{-o=KMNJ4OD{0K{w+`|QvXaWESR{+OL^;&*|TET+$SxxU|BEVHtEB} zK!%MpD16r-xDlAqFxBK$j~60v9*7j3k!pAjhx8P56jdLS2~26<(Q{s~QZ%W&H6Kh* zJG8oxe|A+`Qt~4`WAJ=9%G*>Jb^xDH7aEGzenw@fmkLPCOY7{|X`ep#Jxd4c?;(P5 zA7alUpcF3vvZ{Gx+qBt~UH$P4cs2CiAE7EpZ6rI4?^^BLo~}-Ll;oMO3bMyy)7u;~ z6pV`qKN|U^Q?Z0<$Gv=A&*gdWojtF*ODPt;*GGwdsYt0n&IJt>UU>mp+art!24?0L zCY|9N@%uGGO}ZGRVro1KfuX8j(zhH4MF9ewk*3j^yOwG;pR}v?w3-I zzevd6^Yh0sAcMkR+&<=ozNeOF3r!if?zIP7~8=H=n zAz6TNAmh^~rBu;-19w+?J3rRvQ@oz6lW?VaT@jfYn zQy?Ish#(+g`hu53_{f;yHlk@hi8co~O?h-~s-@26)&A_tVtYmS?M+E>UY3VXN9V*(N@aNPg^(8;2n*yRuw#}Iz)|~c>EfJkDDqvfbL z{_!-&DCdN2^}BUUS`Ds{!;#l)flo?-1a1=yybN}cXfjL{aC5*6R@&#i4rKGBB;>Z$ zJp`=-I*;923s+hQXse0N={fel?4Gr2PJ>G*Grg-fZ3=*9?zPaxYV1(t{k;1tLFC>9 zZE!7(fAl;6&Bc>J(nvQbc&2*@a%cWpAjybL7xZ{Q$!k4P{1fRt0Fo&)uDqws5@`kn zj^suF&3A|`F^$Vc+g1G#dixtHCUh(EWeRM02d%8vpY!(jl+lPUMsP34ka-;smlK_V zY<*q8Vk%W$`<-^57K!u55M?p$6GF~s#hCi`t@n)r2dVb94es0>W-Rk)0CD-z_+`MD zSf|*2)736|*2pH{`*~q{0kNnwC-7|)vMf)$3?pZ&5PobNhvsxFmm9TzDk`mGRQ>JA zYG(w}T@8(=%NO_jjIkGoQjAA(SpUZu5d1z-8Ty%tuE$HFmnD1#$}bxI#!Aia7sq+R zq!PyB;^Ia6$&ew@hh`mF+x$D_?K=TB<@&APAvy*(TN)pP$#Q^fIL_X80E{FfTQ(6o z>(|jGci+f-CqRaR8;igc-jVZ4@1M&c*)l82-L+HE%StRLT{G`I8_0MQDQTx=6Eba6 zJ?~IqSO2?;a>s&jv=fP&NcgVC^Wv~v*8ObWrE8;j`_`2P@17rvC_-xuO};YSe@sy1 z6=tx1@iV?``J6z*It9r6=cG?>yl;m)2bFHG*M*~owI&~)7*dpfMWG<5#?{&i{EthZ zXF^g+ir3D|ra0a#hV$}Xmv|iKwW01mG6_^*Z~yS0cb*F)K{|#XcIHGFKn{kb$-idH zcJ8gydT|zFj2yHITCVH|V^MzshfR<)f*eVb+SiboNS4w6KNp~PLh@c4dN_SPPJkc6 zJPBmmUCK$ z3||i{h1b;9=6L;Uw#FA1I~KwzB(95o-9W}nRA)pvRc6qf1LpGb&Q}n8Z;_h>mLW~Y z|NFa2Fh3}Ya574_96%q!X9T2Q`&;N4(OYLUpph~#ed*a|$!8!(KL%p*6RF`c-eK@*Hkatw&NpWyCi=?;P_KcK#&eBcv06`GdE z@E`N}8&;+qfWhlTvb_AK!v?;a-Wmy|vm#xH592@K2ks6Gd$B~=ZF#H49{um%eC`^nJR#r~Sdj99QMAP^h_GPu)^D7Z=F;-#`EKbQO88vjP#)fujE@Xc>1IrQ% zzK|}7f+$5of(m@J9~U^h@17sO&@Dl3s7S&J^G4lGwSokZ&sZctFk@4hlrv| zf#@}{{i2x9Syy#&mGc=0Y{tOAn9LaoWoog?HCMkL!?>)EpMr&;MYQ7`4DK{mfBn}R zC`uraxT{Dcsowvu75D_dfF&0p`hTqe6}AXFJ{GN-=s!Xtc$xnUtg!6oH=RiTb)8_a zBa#8H)c#>F@Ry7s2>#zbna6(ncQ)|XJ7dyQfnbVdq>T4pA1h1cYgn8!ZOZ&#*9nzD zXx03`+yB4Sho7VWe}`vGb;OVW9Q`48q}g|sZ|vfC&!c>BLmLv#792lBy3le%TFG-#%7U>m{&x( z!rV)I%r90!j4v5kw+I=T$Q@Z(FV%-sMG*Ov5)%>eaetUB*%7uH;=3h4iFfb@>Q_Bb;{>M;C_v4$cRZ0f!ht9jLPtLNFG zD5#_lCkve5hoKE7(36y={9<6GyK})kE4O7Pl~c8AO#Or#zO@b8+O|Kj6SsgBywB#y zDBy4zX_(XBG_hGbuM6uYt@Dn0Yku25kb7#YOe1J!XKz-pJ=98)T`PNBtCKl6%Dc59 zN7p%+wk&N;R@Tc9{d9j_Tgl07IMBbIsX{2;koAm7H!&1lzeA@%DCahn&BckUye%LS40PEsPHG+Jcay3#IjHBC3~OueBW+fd`!pTpq-2?IW8c|z=oQv%GS1Q+ zC5LK#{#_XPCZuNP38LDJ_)Q8+by!ctt{@Zpj2ML`I`=LQz z4Y#R6tdDGX*Pj%{?~t}7Lf37OyfH{b2S>AzxPA19Z}=5=+(`kkPMMS;h!R-Qn#Wtq z#bfK#y^5Ptpg%i@e1 z8hNIGLa*QilBUT4zEetk1;*x)u=*}_#X?nNfdf*Vy8OgTrK0W0$)6RBU9BLpBp~w~ z=Q8I-$ZMb@-t_p?mUM3aHp2Mjezm?*(S>Wg=sIm#F>n^plb+{Ee8Zlj=I<@*!ydaQ zD!i_m-(>#tM3EGuMhN!Ud!FEUs8Hf*SJ91*veSE&^IW-gTArtZ z>7l!Tv>CQZBiW>s)Wxp)G`cdX?a`&2;J5x6Rd>;{Lvl9j0l)0I*mwwawZzk-cLlsavO8@&nH;L+d3sEf|~BcS(~Q z6qtng@6xF|x-NLsy~F&;zNLwkUS)b7xPQ)VI#xUHlbe1Y6KS=L)FI4bZ9Y0;V&5ru zWjpHV`uSa|ft^R+A!H$ZvyiWHGVBnVd7ip039)eBiA;nZ!A@5!va?6cRs`w{cpaB2 zn)K(>NBX87Wp`&t4^I1W43{2~uQ(ij+*bA;jFQw7U8z+SOWQG>HYY~yUVomPl3Hf2 zF(uL2*KneiKxoCyg6}A6nL0^t+$7N=zlq$TFtQHSQHfIMS}D^>F+`Hm12{pT)Y`W5%EM@$=%` z?WC|WwG?M-&Rbgt7I)?s-eup>@pKvLb#0!g%@yHe55#h$%^95O7)`2_)p^CloPc#6_5sdpC4uihiCXkEzUUthbIF z!)#fwG&j8Z&@I*0F@DEk+yru3_zsg(JJap;LHo^nTj9{#eE7mS}gvdc89%zno_s&zZlm&$8Hon1GeLRx9Y zLbherD7Lu0hISFuD`jGI5;{XvhH`X}dJ>mb;(9lQ72f9Y%j6c{=ImYYV;^byU9*e2 zu9~qqz5E*c#{6qc*wG0m`&#U_wMG7no9^zniVtyRLAvOglbe8>cT!<(YN8_uJ40lh zH%+ruDXP%pa&1qL8_e$7a!BtICA#Y^JoA@Jmw+_F&XSmkf_k4QCO0{t6TyW0QL&8` z@cV{jaym)YZPci>LJ3JrRU%f>a~a1Am&GDh7O%g#!cmO}*N1YR!T$gRDI=uI^)2GfkU9>2rqMUTbjLNzY~v9ps?aYCJH*48 z6=xf{6AzV&o%B007%Z~pW;tPA;sW~I?_bC58D41gYA5NIUUo7zEi6qCoQcDpsOVIx zMRiDenioph2JoYo?u$89#&u4jIYs5Xd^V0Nd#p^Sd;O(=ic#fX$;%nCA$qswrt z?6vA7Pwf$|k4N~ROT5sV3%wfGJqOKR4 zXzo#nu2;12*0W7w>c8+q8&oscQ|Fgv5+VxAQRe~+V z@oSlt#rB)d|ANe};BDjOyqhg#)1}*-D;yNo)%1O=7HCHu;d;?ERjKC7jY_ZRdDDxVqsH1xlSIAE1+E;2 zCxV(2li(ZBQ*kkV(x1T{R_I?hJct-?$Beb#C2ZlHI1^h^*?2N2`r zTdtg1k|AMEy+8~jgUU#oEIEC>?S7KrQ9;ErCiSaSeG2JWuw*U%o7lKPOMI2}UY|H! zC`wd3F>>&n1a}4Zwt4?W=xy3!yzu;^_lb>SCu~k0ge$S+UB85hZu=z4Av{eqm&iTO*J+@E<6mY=^sYRo7K&#LC2d+;*~}% z8cTd(cT}t9DaF_yZp)_1Gny+II<1W>VKNYzQtC~<#~b65Rnn$4%+##m%-1cS@FTd| zwPbi|K5<9)RX(%oLJ;nH)BAWmO6$s*o4Lh#%n7JL&uQFm=6cyGEh(F;x|w{N@xAR; zl9K{1m6$7jRcCecTh8HE4N^gcebb@W`f|}8Q9FkO>b24@(nAU>!&crm9zPWyL|*8D zA|MDJzmgDDou|J)>R7Gp);B!a%fY&S%@tZLGZ3k;$;LP@%$MXeL2nx~lJ%>vGfyzt z?YPQ{{FIX|zDnDqS;ncU*nN4Ol{PAoZlL`$LGt?Nyme!DeNV3Z%XP-+o9muE&UsG4 z+@kq{={}a@{Pf`nyy2u&F1lF#SjdViXY1ox=SshDX~5co*~xeD%m03i)k|h+ls2H! zVvxt_bbmRd5DDq?RVmrpSb<8cS#JUjpijv=&)QTo67Y%#h`3<}-x2g=S07^|smZi( z8xT34n)7@x44Hd*N#|imJEyZN)@9bFB@J6=Fff2NblZuVP}WkUP_8JY2g+`zkT=&F z&C9u?7ubzF+%RvH*7sVX75#lFb?F8xh`)+{7uh{mGx%C^Alj$=oyD|T;UtqZep@U| zd(msSw9WjJNnC;+r03NXCVSU-;ovN-WBBD1$7plvIRWOVzN|}%xB9*xK?Y=Afq2sH z7XKB_Dk&|oWZ4Z<{ArHvB+g->p75Ys?n;)Dt|232T>M>IMB}nLqoB|2QTw-0+WD!f zt@MlxCCkVnr-ssk^yO(K8y6;abBk}?$&T?DH}lcBx25tIf-Vmk6&m#G@{ z*-kkPx_le-N$snnaJ%4@$2IG#M$?%UWYx2zISx3hr7=G?zqd|PeB!)aq|Yb|;jIW< z<5->U6MoY#xs%aFw5Dz|UBWVyyY39}JI~D$ODn8*G$Fw=$j}g7CCc{N==p&5$X?>( zq;YK}?#@z8XZTFS-)ehx1?x}^*#}TrLIUlv%GvT|7 zL2CRX5v%|a2F!ehK>4AE0I`4|)x~TnQ;ZksH4*A0y{h!xP^HMYQ*v=^u)95u@(66x zC)_F?|8%``zjxijN^)xXmkx88B6+$^mM1QG;N>uHWur|&k4NuDW%9R2DpO1j_zzZ0 zKlqLiY{RO*On2L+9~iNbHQR+BMO@X%oscJFloyoGJmQ{o=*su>Oeh;R?%|faA+{Z6 znlw2*ZD%MzN>?e9B4eRrm-}jCY3G%TXkfy0NYopOaN_dga@W)@@pxj|IEh_-Tu|2O z3`Njkpy8t9UNXHKx_VdG;vAdL6&_2HAS1I?u@uX5L?X zdP#K0_VP5QVm&|hjh8+#>4zTeovZrw5~=4giY3VER*Ry~w(eTd4}%5+n+C7cm@qpZ z`#Dgw;H<&eUmt%fMBT_O%0mFNJ06R3H{Scb)%h+#FWIf4(X5^~n)79k2?xw)r1x0C zEpqfdHCfMW2FHSWjpVISQGfZ3+6g%^aad_5q++Mndq4?d9cS@vj!z4kWD#*ll1+S< zxKa~eu6|0XMIHyq)fJvi!qXvwT8CC1OgV;c)j*vXDro79#0{HL{YlgY%FOl))kL$o zR=A*<7lf(7jI__~DUt-{v-rFfVD9 zrf#WQlY9)5v40Oa<_*K-r1C`08pNK9b4AHb_}xz&nLyq^2ZH-p! ztk%-QIQ63I72MOub4Q0B)(i9@-|2~Nn(Fv*t0iqs$8!Ut>_l$dqbp$#j55`l?!m~} zX7$|gyH7%YBJ=8vkqe7Y4MRA+Pv3nnu1@V-zqu~f!3<_}3_Ps4{R$*EuU7{?k!IFa zaO)A?A#^At=uxMbs3!7CM$SJE@r$~4+G?*zMXE)tzIZ)NNwf}gs9aI4^}yZDyltlE zwxMNIq?=W6u6Q?L+PO|#0wEM79pN+~DDd4jz@pMQmtOf!UmE{gH9!CI;`zz+WcO5G z>UbfBH`fsa7In0og@1t)H#msqKETJXO#2SiiJy^t%~||7_s+aD(XEG9*K9C01xDXo z_Efl<&<9h|-XvRyMPpVkZsd9HrMshn2@j058oClYsy5*$pjR~{Ph=fcSi!S`)S=9eecf(@M0>Tpl4o7(QDmg###*`42~-fBU&JUOjT2CpPwClPng z9rP6FU%np@v#qmDhuiIhTLlVyw(w9Orims2wPBSagy9NsBEXd*q#m0WG_n8#GRVkfG$~<)H znG|>4%su3$7VI<1^u%uQrje=3h((8mL5TM3BRsTdcVa`Y=y$mS#fcBQiih>y4lu?x z+x*DpJdQv4;crQU_^naZ*@-DkO+h2ebpg~sh}#R=MA zoL>BHRh#}vQi10J*W?>m1NO2-%kmq;zFm|3GnFP2+@-ZSZ?f)d|mpp*8*D%@Th`zMqsI)MbZ>-qS2xnHG zAFPwhePX90IPBfgmA}ZC3f?Uc#MrEnc+>Q2(gAJtL0?%^mb;aJ-dG~+kWEFa8J%NZ zpaqKtC8vTw(K?KLSVpGR#Sk)d_*9x_=8MBT*gVS-{k(N(U(dKE+Jwnf9_(5dEC z_O%e{WKmUDZ^q4ms7(i?c*>NfXYsVJqM+fMg4H%vME|4DFYd2(FkRB+M=P}aF5|1S zVBDX(AA z!lBKrKlxHpg4>`nzD)hX*^bd5K6gAA#&66k&8;EIuEr3Qg`qQ<=95~Z=sBn$tWm&Y z=jbh6n(XoQ@u(Qm@|myD=&h)c0$zXUExx)+#q`T2y0KdMI-w`l@^m_fUQ?-;MBSs^ zzv+K#dKtWb>T{>~T#srR+Pox<6j-LAEj;}#^bCWumHzf!$73}^FiQISBZ`*z%8Vlbbyu&2g#;Z^a@fCIx=WXU6RN>@#drfPDd?!>Wf z2_a3EsG$@KJ-?MGBT%J)Agm*CJP+M$y+FmA%el_hdl1slmNuuPx2=yQsJJUpi|;4& zrmnh2E_$-)VBztS9-4Ql^T%Qg+#?L1^w8oZLyqJl56~16Nmut+ zI|iMkI-=q$6`gCAS&%;{HB`@}SUmEe>-bhtiMP~+tGi36C2XByqp`IAsOnNs-MOHR zI&RX$zDZ+sqQ@BCfcqZoTfGVgSyAF1BhJ^5#?^+PbL+S<8Jazh#NONBJh2Pd;hBFo zFdk8Cmp>1SkDMfN^`OgjLQV+Ve2Yg)XB}y6#?-b!RI7h4IbV$fz48+~_N&B=tE@b} z=em=>2@j$d)@BwgR`-XA1DV#>H9M>4g{F-T*`#0 zd-zo$KPpZtTImOL_L@sY=*v9kSF58*$TcwVnnahlVeUV^DP`ALjh_ZuU7aSqIuXo2 zH@c;K0}VvSyNw+2+&WC^t1+I)VCbiN3C+57E#d&UkgrH3Xga1ugoa~IT_SUGGkVIa zY&hYprZnCS^(S<^Ze7n;o<6Ahxw>9^ z*s8PgSRopsO1AZ?x);Ko?SB6Ekw&4mJ zwuFj+3>_jRA<`WRs32WKBi-FF41xkuA|fFmDS~tlJ%}{Y(k0y>F_gr4M`7>p+CR?! zbNDq}vu3S#z47#YKL!ETMU4gF~Mtr>KJ?J#MThKo0e>tY-2eyMD`x#_WO(P9M4%l+dx8g*{mcpxnuEa zgZMu7|I(9_*WSy2du30v8#bUp_+cQ5D8fSa$-YJvMrca5#J#-3#ec^YVQAc? z3$3Y2e&^`YoBP@UTWK-!=1SoNB-v;|ze5iQSlz#{I3+zh&?Hb_;)@s#N) z)DWs`c<$VkI#AB-fut%FR(wN!*WXjt+9wOT+`^v?PWQWXuxs8K? z!>e%R%Lp&6>g7XN)G&#j2xPC>FkDG_^J?c8@o6X-GNHBS&@C1vmmUEnXqCHmZzwdq zGp{SJfAqtrBE$UR26D5Y_Mx#m1Nv@9BoYtQ?O$2fAXk5FP<+KhHDuK#Ga)o9vQ8pD zM@}vv9}nqja-kLKpK?3PB@N_NDIC+(_{Ry(ZDz9<8b<(W72BzeO-HGIFycq zhInv}o3jl947OPlaxW=3a;?||XE}0gdrc(W(al$Ah0E~H2D`@5>AS3~o;d}F zj0lY%U^F*J7%;Hrm~2MjD+Z!(8K#`{2zLZdGY$? zogLZ7@Nf|)$Ie)p9rIbO!jv|xD^I`o#1nvI|8vP)+#<&E!DSY(zWorh<9~{9&|mdh1K&t9BZKZgx9MO4$@=vp zGuQtl>vhmeZS8vNa;dLiDiB!?u62$f9Q^$4qWPlH<9x=3uE}8R;92s=Oa!S24QS;7T(bU3~gZ96IDR9p|fjR4rWCf0b2~ zL(RVOq*Oy`OTMynJl0o#`#Sj1`GLJiG!0c8BEqRye>meX%j_IF?uB3gCr z`k&WVUch4SH5l6O-5i@0Qej{0%#Zf@+@$P~KkqvUn@6NlFo`gi#*~GfEae#@&&)!y zz5vPyU(Fe5t2!RH4;eqM9kphQhjkd`WYnyRXw4v5L=CNc7YgG+Uu&4lifT+a)y5Xm$uRs*+g|g(o&23{Q)C zspv(d+-rB-)uy641SF4cXzJDFDSYU!X6ZWBX3=G<(OaNZgGn51Md{P~Mamxu$4u)w z<(dK6AV~stf@Ys7kNU-;@DaXwBFuRwFX-tvh4ygYQ0XX{o+lw+gsaA7Z)vlOe-zDX zi&!)Op#!UElH!_m3g+y3d*^p8BDP9A!Gp3SD+u0%@8+|o z)_mW%O)j>+Ix|LC7RlXWG8Puti$rZ14i99XAeYa`<6ke%A<<=^v$Sbq@Z4_#NMzM5l? z7?&FIwJq2l8Y*jF30_5o&ghhHOAAMz%IyxRP9J!&cT#0Jn*K=bVqMsEA69WrQ4uo; zDer|nO7FY6J&!14xrRljyn=Po?2kU!K;VFLAM+%&>Octch>{#Pi;qYVqT7{kks+)~ zs9)ZAnA8YyV_Ucv^?_4Fao=dvnCxI+79o!0E+?OJmNtir=Q9{&a1`(`-mI&0d(+{C z?f$B1P78Iu_MQWA)Qkh-0VMLNWQNa4!h_Q;%b1i4uo(7g1BR+3&wa_dt%x3QKB4m( z%zMgY*o~LaU(31_BZyzy#cjQ&qoKS^{zzh4>(-a}6${dky3+5O_4oJ04B>idT!WsB z>bUr3oYCdIV!CdTkjPvT@dpreg%%-3vQb`oyLtA7tg@!3i{g1&foPc!6SK!H^ADxv z#BhBsy}+I&d+WpdZWH9rwdhh!Oxp)=9iFe$YDeB9h5Q3orw*%Hzp8ohcjgv*{<36_ z*gC8YJ;}L_te-nqgHn~HU>6%u(E+FkyIkI#COspC%&9t z@wS#=WM0e_?}x_Oif1~w=@|@pC)FVfaw)7_ys~GRM8O#`JzG+FF&m#@@WCL%2(Aa4 z&ZDvMmGnYdC@q*c)}80k4A=WvNNk4b)wUb4D7<8BU7N0sZ(8i`926#E@Y9w<^Ki5B9qKG6 ziPQidymvhknS4W$_+YW_qf1eg?nzy!J9QC^`~)$!ziZa$;{IZMDJ*yMsH{KGOYdYg z;_IzpeYU8{q)*P>CNps$>>5?oR~HT4za=3vl z$6S&v-+3gT_~fS4HRndp;m1TCIf1l82Xj$hoWTOYd%}mQyg19|X^KexxJMSt*kGCc z`RM@fRsQ#NosiO_E=!yDO?@RyJDGvn!imjVujx7&?rGGlz(N|2j0aZ$rN`2(4w9EE z4ESSIDv5G?B9ORGjYm_*C$H2;YVlA!G1#2ojB)^#JIFl{UiuEFiSl)IzGtbr+*}qX zdeL@po3@%yJR5&6U~darH;ZEM8v0_DF|JH~>o6W+RrkdrbGm!8H!Fmn@=PuOEM~&dM%Tu+wHcD(-#o zM;U;~0Xqgw>R1WvGd0*XlI?_VlxrJ4^vfY4yITJ-c0iRT9T}yJ6efB;LK%MK_ezOz z+dUPlrhnX)dLe0UvQU8a?o(DJL|@d;oT?#%jITBMl;ykNe)rU1KGEq^3sh%4{&RBxzd?74&|#ecvIxV)SHIVb=#zj*TqE*+uXvGqPiR+Za`ER+PIPoBz{9zOUKi+ z=KsnG-Zoo0zR@`Mm(sE>Ey!JJwK15fmyCT+?>`Y zTKDp6`*`RtXOlk|01aH0RUqgmkl%cBvsPeIf%-Ym^c%dp>CZw2eW#qVjCc7)jOe1$far&D=*|myNjaxMf{xVVQ za9a!=cfc}n@=~S5Vhw#hHGDvg8%{&Q$MW~?;I)8Fba^3!3Sd9kTA!k81)rEjg!ZXp z_&Z)1PL~NI(v_Db`thdhZBlIhz-M>eEOH&7YC9sHH>V$;I98z&&w&5Yt}J~A`k;!i zmq5!Rx5w$Kbd?*j|5we!t&KWF|JC+G3T9v{%-KHim((Es*^zFz32(r-%5at1Rav9- z+0UCSS23rA7YE7RvEO~Q?Q4Z$;=F~?zr3w13}itj59uBjCZlYFvD1886yvCXFsL`4 zCweAgc#q)W?v9z?W;&Ds%ygTTnew0iFLpWrs-%GZ^Z)nt&v8Wo zc&{Dw1@KqF!UP~(2Mvx$i8IdV&jyv|P#bO!^Y6@~A<2Oyi=4pp2#M?qN*%UbR;&mK1T zSF#wVZ2u8bYXhn(MhibQ$_)n8T@6hY6W`<2pMgo%hJL50rib&LhG)*N&Ozso|DhMvT3P%Aj<)Jh!< z5SpS#6HDT8YC{-H+9js4C7`C(w6Jbp4iw|Y*&-(0Z>MzD1CY~~a{!DA^ah`{n(W5b zE5_|Z5OQNwUh`4y762;s<6wVK$YqfMK&WthY3@Ihbd)k)jYLp(e-IIHN&%;dv}JK$ z;&esH!lk)l!roidzDHEgekf1ds57H=$>~$41sm&+5EBnoz!ww^aABSqdQ);MF!R;z z{jF(G%8S!h6wawCrzO$e09gerIaeE!!BoOXl0eLjofVZ^Q% zd|=qoWs$QY5Li9`>ddzcy`X)84I>2wfWDptp|Lpm6$Nv;)5k-P7TjE>f0StL(7Z@qrcrywEeCgIw>}>x1blW7WeHE=ipkms=fP>&3K&M;%a#Gf+Au_U`m6?OCs5BQEnx zQ5vcFxmvK`4i#s`CapoDfV06(ib`rd5=*^;Goo1jpxLd}U9S~Pc8!V%f%xIGSEXyB zqz0Zw73anJ2oykrns#~@Fpf#V54b9B-;V!av%Af=DqI%GTe)AOm!Q9w*rW28nq;SH zy52r%`m8;gIhea1Vv@36ZFq0%jLLn)=yunsY-z~G>G3eK`|jG#Hjk+}QS#`%Xt1J3 z(tt6o?%JapXX~-^ad;p8KzT|S8hFCZgzQ`?Fk@sJ*nE&jT@G)_dCVEAw-p&^8doEl z^k!q&69G_8@X(?DXwejO#|W`6Bc5Ci9;A`5u>i%tR4(#AB|sme5NWxezapVIwQt>r z^*tC1=0N4j4V1pmM!6BH!_2M@&lQa;lsNoC5HM|~zX?EK__;EhS-+SGqbmJqefLzj zjT*5mIw=Z`tHNK}(x(xvI@fQ(mPBT%#1BpnkmtV6fR2*Mp$?@<=278@(F5R;q?)yW zc9FDYbNeX+13rZP$tLprOxgJ4aJwC#oOb6yCq;L942r`iZ9y7cVfU(8@>oCRy6eM- z22Ou!>2()^K?7NBh%<;jTv5#!bwZVue%JDEw++GAQ@-Xa<<6-L_&pm3^#^sfVpfq*)fB*;shoA> zc?0lPl547q4f6|3x~kFlQJ&OSd~0a&-K|ZWYYfDfs$EhJ5ZmJ^U`mKi8Q;svI7Q?A z7WBJwXE!s(_v1GKLbGURV-4>jF2y1Pj0n{vl4C4?R;C|cHD+TU_U zeq{t-tU?VW1@aq$Hu7kVH?I7?@N(*lfM@%$U3b+!z2v9{6=pZa89(&sKAB8L$bQ0p zKTwtc8S~JmSpzL0*Ox!`YCU|o*aNsblak!Wtc=(k!w(?J`BRMMR7-b1E!0eLd+)R} z2lG!B$i!$$myQQ<2-5nj7tiM!o?4S-?2dRo&Cv|}3j84`vg5Nmz}y<$6MftbZEJ!b zC4{sLCu-`wcopsxsK-MA@NLdR+7{UR-E%_W!}=2~I@x)CKa2Qy3_1JaU(B%|CnlW7 z(_UD=MdbkeH#fwj=mS(sG#0Ehg@0_HG?_4*E!+ULEBCfJIfcu0q=!IwLN6Ll(`5!L zwV$!%BE*)->)g=I8`XNLrT)mo|L0<&LlC7eK2=ySjJVk${D9{VxlS&qB%Lk~1!7k7AL#`+Lqnj&0%oE#l#yJ1qES^)>VckM`y9po3!SL@0@yV+%Ac+SrKpXy6R6H^ znnoO$q%^U|`Vrbu8`E0>db7;*5;-`1Bb6+EU1sC-mfyfjw;txjt;eRG$UT*_YWGrn zq$!}KC7|$)q_sTGBGQ;1DG_-5%-^`Q^Ipv@xf@P?N1cWNHc=XFo;8-D*H}IYWNpL? zYJtLic;Z}7k-wVDDL;3DlfB6`tI>t177(2>U8}9x9$Bn-cY623NKkK zv5(!WntxkFF+U(NIW=6rU)~Z*!YGbc(?V7iCAitLBi&b0MP1TRQMtdGgNX4S97u1^ z{R~lu2Nh|xj4M(4a0K5-w$k7!=o#vXIKFx%#Z%;Q)||J!Z-@0+NPRJ(!!U{`e9Ard ztHaw#k7==a)M{FalwC)YhIDDWq1)>P&+CsF{Qv06OzBkLyKX`C=unkx>Ko;4JdOHo zce${JvhAF(xmisyWFJ3$t>brfb%i-XNwUQi>GQ@Pewj-elhmWTKettpX) zC$pq8Lf`*6lFF=TW1gFM?=MUexrT8pU*cp4k&+lnU2F0#uj%x+EQE*muT<>D5awjE z5+A-c-P^kaI3ZVGH!b~`wN^N*XntsSY^oflkkav<-@tAM(g?$dHOxW?RG-B1Zi_{N zMo1k-Rv1=H5G|S-rS&~)?ORow(O$>uYKac;-NY|;T`4Cqov<6p#14e_g0_c@!*nGI z6Bf6M53kVH(KBe5TWf?R?%d5ZU#7+EXEKm*is7$5GTB?T9y_dd_vJtG8jzqrB$q`( zzq5r~`LA$iJc__$E8QOb=6ZT~as2EQ0KnHy?5{Ece>~=AX&#_1H*i=_>zijxr@+R3 z>tCwadrRcJ4tAwe5Rj681qN4-H9tKM{DbzXLr(c#iaEW5> z%l(y#^l3J;&9Ic1Qo-$xsOBi>yIQ=3jVylg$^P7McwL|pDQfj?=h4yQFiLz3{Dewh z-XX(l!*)juN{9`ogp~0e8+u`nO)5ouHxY4+AyA+wN4sb|V-mEPxYWpI!olZMzJ*iVsay!?^%Z_`Oo~{VY$(~hRVQFtx3KjQe~_0o4QSpJG{yb&WGZwKukTT&92a9R1GZyFnr-nfLl54hbb z;Jz})Bv>39=?;yjd2!GeFq8E}2YgzI-Nmnlvmwb-tl6Zo!5*vy26e(XHzf`hUOef~ zQq#F|WGYYVY7#ZekqeRUCZ7JVB(AgP)r@YsJM&%&v5P>Sa;zyuN^uGk=nC7|*hC}G zP=zy+#12YjEPFLav(^I^pk3HU!2I!mrP6MxobG4nFpbYTVNTiFiG64AH!A10+bf@l zXyxaYXu25f*oCPPz`^>M;c~K>B9jQ^nFi(!-Ox$GRs1Nwvn9V9ULtO*w_fH$wLmwk zzdTASBzM**(~Em~C>?T9mHjQg#dM**C;f5tw>(86Tj!Vf>ah0#uQ#sCkHM-B?qhdt z*F?__=e~}J^(4O-QM_egkmhoZU!K?l`Xjvd{ZM(`P-^?AZ%?cC?ULvjhS9GLgc5<- z9pnJV2+XcYSj2suO!@=#IDJHb#}EoxFkkbc67_VnY=wQBb~`*S!#VjieV&Zwl2hAv z;{-o8^o$58f$;bGcocgZiR_mF5cWr$Yk+(~ zl#M)vRGx9>f7k&m?*MCyA5*CmY^Hk{v_(V&+U*LrvHo>idNr{|-i~R`TV00EF20fs z0XfasL##fr{|v`Y1|%c@@7Jda;~oYcpv9Zpjru4RFA(j(Q7%l!Vcry$yA zkDK!y=rYM?Jh(}&{j%+4Rs;N{u^o5MK-(~8(2dEw#Cf5kgZ$Q=i}c3-GMwZ@He98J zDf_;#H*WfAiFrfzLPv5uc|L4y`=C<&ItWqm`vV>U0nph?@i(yspk~nRNBW)552T#A zE|+0<03wd)9^XxuFN=}$;569HdOSkAk)t1F!XS*mAJ*9cL>J6}8rb7Ep$N6GYuhIu zk<7IX(3WARh0=imv?W&<%GZtC155%$T8g{5*&ubba2<&Uh_1QPCW;R^ddw zk0vWqtP zkcJxE^adRfE%xgYATQ9Kt@GK@5;K~Hgyk5-b(oRIgM~x~R)E%`9e76X)&X6^17%%a zANEBvCp!;7$dWcOQf%^~;S^QqN8RW|13&j4r5gCeiyZ&yES!9;-vY6NV!UN&*FaP2qAd5N#J)V zW$6Pt++Clw-JWeWV(i(5xEf%WBDso}z5RZ^pk;U(%Z^(B-I_Q<)ArCo1~#hE@c_X* zm^f%Fkft9wdCk6ZCa9=Cq5B+AI5CiefKGOg@pmuw)s{%wl&(clNZ9n*KH_W6B;ba8 zQ)!RiN_gjy?OttKbAtB!2<#8o#a|8Tc>Uu1P=nCuM2C8zGCrfmm%T#@0+YAKJQ^?s zLz~e~__qw`Ex+Bw>6beNt@P6#6mbAOa_za_!^n7URsG{c*}|b$*#MagHIVt5}%Fc$lt3P)s@(Tx~z5S zi+1T&GqZ#F=(t_Ys)doIzr`-_YFf+_7FsIMVFGjLK&|tB-Igz>5ODmQR}TTH5JjUw z^WMHLW#pt$jrm)Cz@K5G<>i{tYU;F}pYCLny{p6SzBa^BwU}U2LZy#blXnS6Ri^+> zQtJ_WYjMczq9x5DZ5N)IpOk3{K*)nM^usC zVpp?r{1csZKqncBxG*X{+JAeA&g%u>dUh^=K7cP$cUFz+w>8_ywn)VB=^eVta7y22 zSkTn*CwUDo(<67w)JOBpGe0!H^|ygHA7Cg3)h2Qs}QNpix#8nhc%Uoq0olXgLe zl472Ok%hfMTf#-i#D_S;4KAYOrZj_iqQ@`GU`;(DGN5=r1>K< zMW)z-`JE;}<6c!`-L|H)=CaCTim&b*m8W_c*tt+cJN84^p@JII{vFVmb_r#jjp+ZR zARg^X0lyp;9x+R|{?nQ25VRUpcE(Dt-1)*2Ax0Sw;h&;eS=z7V7<|~m77iE(t_Oee zbaW!=>zUjDK^N@Sn#`AS6G1Bj>bnZJ)VZeU2brrsLHCSxT(~&Amw2#mARj!>A}7 z`pPQhDG@Wns@JFli`qA0R=7E~TRCD4?xJS+tfG-(L#HP|o!vT);(T_>o*L*NdY4aM z$poHqW$lF@T5*UMwVZ}g;SZV++9$&o@7L)M=7vGOs7#QuuJKPUo!Aw2ukDEAWET&% zK12~-z103jm>c+yiP0`wDmSi{=^+UOA}nskV|Q}=H*&Ml%4*K;vqACBZB~e!3WIQD z^GE0+4PZ_BY2U2XT{u<=IJ~0K#51+4^eu=cJ6ja{&<^!kXPVGVOLyiQETun2AZ?eNPF%pH@+NMWEpqkV7 z7ZV^6lLb|0DeJ%(cyOh~yT2eX4?4!~eX2JTSHG88RI*Y6=bT%~N=aTX8&FJ3zVlj; zetV4@_AH{g5b?she6WzX7^k#Y@)rneLNxD9+K&lN^-#8`Y1egFrdjx(7@ngH{WE^? z*p3walzV-6Edz=@TxdwEY0||?@k>ncpmpL5goXe1UtfCA)nihapMU)n*p(8rhc$ki zFFLF8L91d5LkDAw^(9*0^!${N@D0*g%3sQ|1&G@|-DZoH_J-LXi@6}bw~D0*=Ehio zl@1VJa_^tp4;98-q3{LfAHTPt{M`d2#j&~nyvHMN8_P4+Pf!&Q1bzQ4MM456*ZPOb zhRL2w#uO$;v7ip-X|?szmp@)`D(F=iR4hpK8J*N=&}9BWA}+z^3Aok*HM&Opy>=G^ z^D7LB_gJa^t=A}vz0z~PB9>|ay`p7Y7!LV$$E&%~pqnxO3V8F8?p2M)4g#p%a6pr0 zHAmC`53$mMBJc_}d7hjD{g}h_0}4A7QbX2%z1r<5Qw%LMnE6SKFZXY%d4vkM0bOa2 zwb5_RDA|x3l7yp!N&JBH!lxj4^4x-q%~6${=s#IRV_>F3UeLQ;8jKgI>ugDIKfEOM zp#SkC&|jsJfjCEV>J#cqsdw=^);B5RQg#nNPBH@sOqa?~nGjzkyD2+%c-AH$LORA)_AfO;1Al)D!UDDm%((&7P z&Uv2meE);@^|Spj?0xV1-h16EuC=Z;M5rjq;$V?uAt52*Je8ADLqbC3Kte(u1%rSy zSpIp*zz<|6HCYLy;(p3a;Ip=+x|Xw+qJp5YoejI8iJg%tySt4&FbWAt*j*6#Xk+SZ zNb7E6ZR;fHE<*ojgdp(w{xpo9_RkP!D-n7vMHN~}J4aJm9(HbaIK3zqEiJ9EqluZI znv~4nw*$Y4&|5e=+Y7>AZfGpR7zak9eJk#&pF|R?^&H{g~OwMis@2vp>NSVt`d=M_8=AwX2WK5lKKS{ zY@O2fKvZ0gEqu@9Gw) zhCe{<9h>I+%JBv~935|0(%z?u%{Pp}yu`fjPMZdf)6#B)t_F;w(!k;V|NlQs@B-dV z+co)!tcY;e(5jVto$d%Uk7Vm5&$v$8{0gTC@D{o8Am9tB4KF8eC1s03|Qzj`@F=u*0SXYXrCzufEFYWlkn(zS+IVjA%m zs`Rud|2^U!B17!g4HjnBepbuMT6NVa6M-UoybRy)lXqtI|Y;-l1VaSrcJof3@6Lh zjdSK=*dfvgG%4VqO#;s(%BQR9JHBgHKiNXOdNs{>&Xw~UUyw)N=l6?P|Cuo1RL_%* zAq>=+PeVuR&&joLLMX$B*VW)GlAdhtxWU56ld;t;Cpjzf+?LFoqv9`#`pCrnxR)eC zpNtHR5m-3s^;b$S--z>GqX^RgA5rl@$okSM~o{GJXta7tY<6rco&3@1dddW%&pWh675bA zV?14?_*?tZ0jswXHB#8EjE+LIn)rEpdL5E53+vJ*JBDa4&9s)~Q}DNpNc^#KoK4@L zy!chRjGiW3arWiQk1RBch6_W^HzZn4{M6w zHK*KK5UKDn5_YK`0Ete!LR%fDXJKmzM1MqoFMVM^`keb21=4(&g9~JMpM$s^o1+7E zputSyggi2D1df{ngpMAqz)NQXAPjHakh>QMi)!MqAaBGZ>bV55;ACq^9#5RdJTFJL zw|^wj^$X@E(ZNYMk;>4=xr@g*scTyTM6a|%DnRF&bkc*1qKSvhUg+MHg&<$XrPwyN z-OZmzai@a8@}Dc0FNLqoz&P(0<4_^8j&eeQN0nZd`3vJqmrMuPZ#86S2#3V&2%I$} z$+MfU_^1sX=L0L?sKi_*l7pg^k%YgpqkgC?6wO$7DRjMPZwR^KdINQ6pjztwEIlfk zOA|0~T0U@9upDwB955ku1|(lF7pH^rkpf%)iScGJfjSoMx2X-CAvM;F*81SorOHK_;Uk61E$*CG4va+z|xdl;Rpz4zOD}I-ID6@u=Xlx*h7x^;B1`N~}|^ z1j?UXg^OXQ0oLbKEl-DmZ2o?wnkhPXZf|1P+k}gSde=qxDv2qBJEU1MEyEIm7 zus(R*UiL{De?5`>;+-+*Rdp}ev?y@xQAG$ehR&8R@x4Q=5(C2mKN)-b!dY4a)}5qr zK&Tcpmq22?n2p&EwL3GC^AUYLzTl_0XC-?Sy}|Hp%aDF_y(_9={$;g=SVr%vJS5x z%mMWsi$=|V_H9@Za8$LJh1bED21wR^o3b4gWG5OREQ=OIIXK8+uY`Y1ImkBM9O*pg zJyuRV53>Q@6gTKMu55Csv>&9kMt1G#enm0Ls1K&)_c(Z%yBn1izAxwvH~S-Tl8>T$ zv5RwwI0urrt2~Pzd5IU%y?>v-w>UtjIvd)7$mDI*`mbi~zH0ue>o+Nr>l4NOAQRRwV4!n&6g1SgZhBYltXVHugS>_eD zP*5LbL}|_O7T8{kS;dO=&@Sd&<7T zdA36P73GFm+ApUe|B;py{rD}7xnSBRa!KiWn2m9r3c-H_6-xtjhtal4 zJlsJ`|4%a>Uhx(NF*0>?Oe}KxrCKr7PvcPGS-2k?7zV@St3^?trbyoH7GZ7a;eG=# zF1hPlX!S`na9tXQ#wk}Poul9cAC%aEIxOuM+30k>{t#ymq-m?^JC-}3+I;}l5Q3?}{Rm8peJ}<9N z(?wBxa@khDt3;AR7>$w}@*TsbCY=9{RRvlcB<$XM_&`p}OX5KlUIh!P2UEGur8<+) z-FHp2q^rYR9%?p4T`Xlf<4o+&L2!YP7@5-}>60u{jeLDfOV+D6STWw#ZQ$Vn%>D2O zIP=tb8h>5y!_#!>@O6ig;&j%+R?UpS{~|U3y~X`Pdj_|l@uxlsIEfm5zr_FhBQb#{ z;q-INK6i{+^bB8Boli_9>WHAoat`JvMM|)kp331xce`#{Lzkrwza9LDq6>a=>)^8n z5$Dy26iEDUgaYE!J6e3W(L3g++W&D5wUPd(?arhgzgYh9f`6gN!N)*|7YtEM0q!bG zK;qr!%i48`8?)XGnqvFkk^e@W{~!7s7ma2+&>>UU2kgL4f{n>?bH-=M-dDR-XZL7s zGFiv6`(H1rE5A@#{8j0Dgg@8>1(}RJ2mrIHl43+tIlTYPV-WOcChZR;i4^HIKsc4|MzsF-Xx805T@bX4L%~)cyr+@dIp`0CzZT7eM}h#2E)hhH^v4#{MDM|Dn{N;?_|1pi3B=C%#b3Yf+Q&G{&&m-5XzdfI zd7hlHMkrg0p5Gla-=1Aty`k2AzyN4s7#cUx`!GITT@qlnfEchnQcR1fOT`)Zhvz`t za86U$Q}3Ot&y@?Nb<2XDxDWos&~IRiM~_J8K1CvM2?rGvaOXxxT`V~>VxJIex=q_u z*);ptacFUaGDQqFxan_7hkr0dtS{>`h={cuIsZ%6iAbQ#Uu5BxL!^WR2Sf`BkW6g5 zr}1J>4gbOZWGEtBd5o{a|A+y2`)Y?}87gwsF#WE&2DaD#I0Yif zIQ(L|p9`vhK<$Mz3J45yQ<8HqPkDtq=B93ig2NFXFuTH^avA(3rb#Jan04)|$w`ey zeegc?OLk_uh)N+~lAHnlFbyx7bpM#c z{xc@T4QaqAJ|Hdfm?xjSFo{22F7ba*L8Iy~YIhus%&(VQEoC!(OGw}Tjcqh`^;tH4 ztX}<18LVXw;+88e)gvWDjvA&*@wB5nAJ6gDlwb(?o)H^wGQ3V8fbDfo8}Cv^_Rp@9BB5 zAE|=~Q$fBJL3kMOc!w(QlsM52?w;;PJOyPPz4@bNCQQhbrHmTpkv8X|>{h1CN5&f1|6nDDfCsuu5qLl! zoN`wET*h4_xT7mcPQTmN-R0X{r$x&LEBxdHwI z;g)GVs9ab<%Hd#`)4WH&$_+f$zWo;Vz5rszf zQJh&cnN)CMa*b5(x7(ch)6Ik$=k*+sp11wC33Z;9an;V5`T_8>VJT-|Ripo|ib%u< zPZPy4+Gub|Hxo7^u8GI?!-kqwyKqE2PZr)K6Xw2vLmDzczl-&od{H`(jvY&ta{|j5 z*Xay#?O=DG^GQken-02PhE%7-r4QPL_@UWMMtkzndOt9tTKa&Wg{F%-++8oXoiiI2 z_-yc7x!{KWBSW1XS=7Z8^zD!TF%7^V9RvNNlGCcAJ*Fc{)JBhU#V~-9$gfC? z9&$2jV*_=FboD#Y;`NpZceL@O`pV(vh|XDmH5(NInW$(9pJ;fZFH3T<)qj0h7Y52x zytyOfcbCa2Xz(mQB(}oiD%?<1a}9`@3cF$4d>8zL9_Ms+jN)?@ zUKvqxHoDFhvMG|+e8nEL2m)s}&u7*>TJb^{znjRr-JKZj=;Eg_F7~B$JL8f--R@nS zas__iflt)lR>CbwL;=-clO?40nNV(D?2OIoOWIE>nEo|SljtN-L1$$kU!0dOlf127 z1OonB^gaf}x{0`5>O{b%qRDoeP*E4Q<9=+s#B8K2JXr10(=(zhCPmm`TtA4ri>{7{ zOOY#SOFChH(&~pJ*rqzBx6vDN_q^R#^bB{L!fmL^ zYP)3%s>n)%%8~n5cpSX?%*2FpNZ5S*-T_rXxX0CRx;X$<(bUwmUiYmY6L|F3uawJ6 z&s)2v(?z7WB~%?w8p{{y7N5%g#xMvH!Ufn5vWjVj@I%HfxAKD%xSoD6ji+qXHu=&z z?JcK^@CD(mmmFRyUCS^>qtu8#wZ4qyd>e{i84K)PEHBRSx~WLDD289~i0nj$Qs}uQ zxE!Zg#4G#x+KF&xr=(r5&e`Un59je)>eFS^B{T8Pd9i#_=A$vjBXs~;R~bDZL>AWJ zo7az5-H&h>uu@dS=@@g|e2D0{oX@&L1LD~vg4P-ykAtH@A>B;ST!cDqbJoG*$FWjQ z`4Y6|ys=Cw#{PY24xd_H$A6@q9N(5tGT_`e+}y)-kfoKUXPJW7b4eqex^mX_h9gNadMudy`48nYhOe#o2(= zZsv9l@hdiPN-6aj&E?t{D_gM}zpjzsZwCjufzl@t5rOH&(>DQmI{@5IGxpe;R{0| z5)N5!?)V^p#DJ&SUEKOJdgtmk*}ib&#a1miH_qS8NDcg4+LQzt(vc`}p6De2 z+{}+@?~ln~md!U9#g#Og$f|9m=XKCze zv<{=$-v`bbS!MT|;g5E@J8fQRH$V3Y{^7%i-e63k-i~OBx(dA)kM3bw3If1Ek7m%n zi~k)d32E)udZAqI2L?`iGc{DW#CZK|vC8_W@y*phZ|V#4C(t5?Q}y(##tb&;RP-%8N`KJRhg{XX8y z5G!m{tk>|G+H-@>?_KL38S(+}ai#BTe@zUD<3P`D)x0khs1oC-`E^pconW65dydfR zpP#rQ!a}9H7PThndhu#-YmjO}h0PaZu^zYBBPd56NzQ%3ZQo=M(VGy5jt1RIpBG(W znNXMz_aKC>uDaP|u07=ngoDrM8)ov22RjVAyoN{WHZHcapYM!6*Frl=Xa-zFACa;! z!PpIu;XB>koTcVxcs^mho%m+VdmDr&T6);m*SB`Dp2_Dn?^E>{2IC6}38^e1Vp0lT zHP&X)EUxIOekL!kSfbaUpwelYMg9B6%Tx>RthCy*@i5vhnJLqII8DrN&Xg;OUAOF_ z(suUsh}J;E*_@Td$)Lks-}&Kk-{wfZ;(VizjSlb45Xao4bJeKEAFBw6Cu~N##m~h# z;x$17o%O5K1imQ>kT6EJk%HDcmMtz_BR{ zk>5MQ64sxDKgQEH8t>Rov{3$Yz4a{0)hl!M_~rBGLGL|; zT)E8qSJtz4BVmo;$6sH5@9tO(3#zmlFAiBEW!1tTHuaX4mZoqq8_1Zg^g7$CteW#I z{FqD`&uS;!#I=1~MurxVwdrQ&W+mC*Sr9CA7TW`PR<< zj4R#6`AV`7^pAs&LuxdT_0TV~yBy))I9ej*pw^Egb&n2sI-#5po?|G!+}@u?TTgn# zSlnjDjn7BW3Oo79iq}uh!Afd)=U7g^7Upg8y_6DSNUoIcu&Yll6ZE62tzJkvg(uYzbA$X*!$J3KD|2Agn_&ws0C`Ga2x2R-P z4BUhAQH@uxD9A@*DFuefQKIsP7AT|f$U)8}O}DjuRi3|JCt2T=n-5ezASTw5{J~gC ziDf3P6aV{0CW_0z0{Wa_Hht{t+{T$Z&n!(Dp=>^lx=bJ-FJ+MopeY4&S@Fb|M)yd03Up@^{PMSFra=w2JCR-Z z;PTDZ3h815f2|jPTIJ}Mrv7frf+cqA_2)#?dXnH+L?wd_*R@7?8u+0i?JSJGyT?tH()ON^P6-;;GPB%}9DP&q#y5aV-N>-{!9 z6G`M;w7xEOS2Md$sIaUDtxUKwOk36?17gX2<)RC1>aH`UC|`@9OB;nuT~TIzOu`ls zqYAfp87WRw0-e_;9at|!a&Z_{qbNcQq+S4brUvF&ITg^i! zkGhsRf1TH|^R%v>9i^P3GJ5Z2<6or?6O=63rT{A9SEz{)xE+%OyqbKsNg=c_r-5vc(%K?uMW+~XLg-g=9PlYwqs?U?dCxXGw+{;U3|9=b zN9b-DEsG)@=)y#IBxf1nGPcE5n4h#zS6PP#II%YO#m_bBj$S>L}9)^Mg?}43{%geOh7O zl#XA*8c`K)3$y-rbRz`C{$d~xQihp8{mQCVAosDRMOZcaoCVvFOQK|KD)lv=3yFH3 zSU4T6JnawtKqu*r8!BSoW{^|glIL;NpKyC~6;@V%)Xj401Jhai;Z|p_5en*CXbHlJ zk>;H!q8X0nYhJbT-dFJPY0%Z^@ScISopqOHnD!)2dYVKGjr^d5w zzAM`k6s9kn{Cs#1g8*2s>|ahgO)DHak-;4d`%w-@kzgRw(ML>W8)y<#Wq9E0cW`@W zJR>^mP=disWaY6hNm|xiI0$0*#_D;!i~=XBC+pd3Az(jy&&nS@$2hL_ zyoMDkRQ9T`>|-%JiViIkZ3Cq4Aw@f6%IOg-quWP_q8ZfrglTB+ScfGOr87xaPf8%Q zv|?9V-$UmaFG*_yYjj+emCTJopG#TMGmx691KWSk4JhL%NQS|pAd2;CShsn=vXsvy6V1AuDu#cIXb*6#J$+6 zo>Bh8R0zrgz})=j<4mx#!orhxm6DGP<2rb5W%1VvEQHT~HfLhJB?8E|xE-VsF1;@t z2&!F|(g(LM$zVMTuaV;7cEL>b?KCe`JDiX<$xPiD#q%O8CvqI|7iw zep(hB(p$n=6oJqK9SC7tjP9P)VK+SrRF?MLVc@zCPlg+H1;G%arFZ#pt_aHFy5v7J z%F=xa!&Y65I3O5&&|VtSB@R4K8si{znGs16q<|F8{@1n|-P?BRTW-LO0S5|NwE%@Y z<9eGG%@*UK#bE&#EP&qmF$(>lG+Jqe2c>Aq16}p>FHilEZtafHXFU}qPP%;kHqLEcU<$FI^d;m8)XU}oR%?sBKBX&$h%A^y91-ZKiS7ES>2=%_FWnhnp z%3p-jo-37*pIjK8r0nyu$egdn90d*_Z78=iC(3hB%V0yPxM88J@`kPTeVaqk5Q#7-(4I5alk1yAnqc0HG##?pr{?XC!f z4w^-?0isXb2ZwX?N5W^X_;b;+X!o_)tgk;=aj2tjc|T(FE#S#|n1bCb+G%f)b2S&a zs*q*mgX%){!`#U^LKHe(7_O6LASX{On!V5J=6Pa8FPY1_OtAuD#cn6OkA5-HNvc z-lNSR5vA7!96W_IUY6w?)TEj5fHFUL(Bao85gjDP{qR(Vm{TwhB|1EC7wjV-fBuHQ zAHPG8|07s1UOtW@PKs*V@J9GqeR^99>CHjP;?XxLrBBuX&cE0_SAzT>70e9ZcWM1Wo`AQ znnbesXtJN=CQK%$f_jnTkLimCjG>ccqcvEYpw`PT_9FO}+^$#+o_So5Y$5+@%^;Y* zj7M9X>m1S6cPG796KlH#%cf&}qHUS}M={@fvcP~+$Y3b73%6zpTy5-0%*QfQ!slW2 ztJ-660dv#gskqs5qFp%PV@27iE4VOqz%`o77=6sewhC!a9o8mhdc(n$qy~d8-xjl} zh{Xt9Z$0E>&M(+R5;c64x|EdQHY-MZ(1WTBB{XrG>3R4zXS_B(UF1hV%kEp8PME_H z8TidfMvrT2k@Takja(Ws-oRD}+j*Mrw3;pjSUr}V5WECue(atzVFT!`ieU3Mhemd2 zpfD@=gmHDd%!YC;Cih#9S{BU2So3|hcAlKQ&V>-y&9O+)UNJ3IKxi>I`^tV`~%Cy030)>v_((|^plB!?YYHWy_z`+GcQRV4-V zn*-3khzL0>`Zz8$*Bqu7alFd5ZAnZ`75Q!JhcP7#-VpkvE3~x3G9+EL^_$MDs3u=0 zq-v za`&J*%jm$yc;iSPr-7n1^&(=OZAXM7d^rjp9TW;q$i(Yt0iQ$eMy`jrRjSR`3dDx7 zM+)EtIh3F_MzmLlcedcD)a-(CN;MhOH%~?**Rtd#BY&sGWNG&Dvp!}yPK?LtT;-6% zUQU+@U%^g~dbb`7JF$n;4hV8dpF3#6N|vVw|0^Jh9)Su%y&ym5vCv9yatLo)Y}#Xvy3>4X_Uv4&m^T?? zpdmVNXrv2C6nlChTKYz@AXcVB6f8#Zo(wNyjo;R2_PaQvW~>!OahQa;iwfSj$lH!j zPC6ufq@W>41tWhs5nbxN244fkrE^PWRulmxB>lAM!%y1K?9^8PIq~EQ^PnQna-&07 z4s%Z=DVnF*t*2uOhb#vNUQQF{8Hb5>pit?h49R$EJGg#4X={cO`Ws(3DXk%bcQD^j zbz_qo<5GJ?S3d-q3&oK9$@f7YYTpem|BAy5y)f#j$?*2uuAUqCSL7c?u$T^FbL(yc z{$0$C(%9&(JI*DK?ny0QYJxmH1}Pw}(kh|2=9{F|ssX))U5+T{OV(#0-Rz4!S3#`% zA3o41`FHfNcA-P!svVN$U6jO4xibRh$g~{ZJ6as94Rj+va^8&u-yC8^BEEnPo@!EM zw1u4LrX)A;2dx)lj_1&!vuB7dnJ+^#A`J#D4hnbI&@=SOcYQmTUS><>U*WQYU+w=-SE6iIp8=sDIc}~|A5CeXbfx-iHAMr27 zu84>MVmw?C!Nu_n`cx9lF#^HRsCD;1zrSf+FvN|VQ$!z$1fC95k)ANK@>?;x#T((pUkpkMfbQP*9^anH!Hj70VIn{qY+D#&pk9Bg)^ z9i|`5SxK)<4sR^-B}RAP3_IV8_sFe~?Te;ii(2oAo- zEB%t1^l^A-=jN%vdugs zlc*7K%)gz3Yl5B&DkItqiW~DkVC;Idp%gfeQJX*5p({rbbx;>>Uc)1ovn(&LzVx9J zF#`S)tS)XO7=J;yMHzE6u^(Q(%7Ohh5WGSM#BC4vkzcFVkNjcsjaU9nA&5^UqfOu2T8iibY?5R8dP?7)D=hS_1N*OBIDekNfOd9$je2N z>GTM;G|>uM_oPFKmn(+aWcUZKzpbM5ctv1#OW|u8e~4Sm=bS}!8kb#fo_$3h9Qu?f zxES+Lxea#IZE$t{`=q`6@}Ze_jOyfmoL%YN6t=!}>YmHtprw?1(Ef+TL7vv=!Og|t z)ks9+J)uxTH;a}LhVoaHywTPVnPPqqXI z!k0}Wt5~@t-raixwR<4^MeYkFK^Hqp-O$XFuEd?!u5(qqB~eKWvw6tRb#9SCNUP`yVug}gx zmy0*0+h1DL_sVuZ1mD4qnw9%_SmdkPSNg&4Xzt#8$}P)ugr9|}>#e-9rvP>M4|}2y zIN^0n{$+I3sv$k|R}Qr8Paq44i;A=lmoDCeh7pUjR{e&*HJ3kRsxD!=G-ccbz8#fnlRg@D!deyaQ22t2w8F)}%9 zqO=J$sPer984ejajHPsZ)fXbF-|8X*g$J)w7;H%gqY>s$SJ`DwHu`v_O{HsESzB}C ziJZix@Y;M3aM_Aq{Qc$uOYi>e-u?$13SQ^N1@_*bP_nc}P01$g!WS>@#V7-~V*yvm zUsQlP>@oRIMj?~s_F?wc7lkgCp?$U5x+QU)LBVAmvK49$p8xhytu~|?C?wj6UhQx> zEi@yyJtx?_CyegP8Y3Vaa+B`vZfozn+m`h#T$>RuBhKHT&${$+jQ6ckjC{}fh=FbN zM$vf_l9D6|H`p3_*qW8H!{>yG29Z`Jr`wS3Z2 zYIvRJ?=N3NZ?h%CdXqVfB|s3OXV0GXZkIImYjXp&?hKO;x%GecpXXk|`o5}30+}Ue zg8zWKKrpX{ghl=6AmAg8Om)ob4+D8!Bia-OSh36tRSXTEuuuWM!ec3dsr8Mp-)()( z-R)K1h_V=bt!Ik8jcozz~v-j|#CWx9|%yI!t=WPra(e)9$^b?r_PHM9d1ozFM#J@V+AZ{pcV=Iv7Wtu93|)FmeNvIR8%aW-t$@PxRG=DcJSS5d`fVF=8u5`O&Wk@ zF0vQK0=xK_(ZA)4nYbDWbw8D1I+Y8?skf8`F~fnsl=uKXYmufoe;-FOR2rb_Zq6(j z-we=hUkS?n?tHyolD?=}yv^|1x{01n+CWq1ZPV^5_iuuk+r(%<`PbmK8{y;Ba-duma6nR>~Nmi#3y_zZFHCFVh zihWdctcBNSU1**I7|FdoUV``FXeNY@*|4ad=ycQoWpa2}jt5fU(6d&)4$XI4YFuf=|MSjrfYrp@+0CxC)#G?#(aS|ZykYY}1G$$c#nbCtmSR2(um zZ60zPqj}Lbpyu2Ze6}Z~soxCy4VHY>M+PQj%q-fPZOA9HJ^1p;xhm3MCxV^Pk^9=6 z(M^Bdhk##b7WD>j-5{ltAI%@+v#L8yIUq?q2e0S^mibGin%;R37!t%Jvdcp8{GSWB zCm<_@kSduhNEg3?8@$3~c*~{F6IT#(B_R_-3FS08r%r%1T@Tw=26aSn8Sy`tWl3s<-i ziBjm)dOnh$DmHtAcy`}<_*m%yu!nJyXr7)OJt!xS*P}_@=9ef95}Q>XA43wbAYZ!Q zHbEqs$PN#7qTc-WS=1ooiXObPX?LlRDuN0Ys&)tsTDHItG%PVtkZIkkNfO= zN7P@us3~w2J=-ab9-^G?2|}OqyYulnN4nZRy_D)ndTd#pDcB)&k=pW}GH=OmRQ>$w zAmwGi`cj@thWF$XakR4gj;f++#n(Wa8G@8B>yVQG)sh^R_H?0Fo}qQ-_?;6MOuX3E zKf?Ep0<ntqaSz)F@IIPAJTz68%HPE`%ya5TG-rltv{XONoEIxZ$s8`CP{+S zN+VcMSUjpj-pZ;_mz>vbPFM(g#mtG?eF51j%l`D?hIvLC`Bo;u*QhKuFKP-JL01of>i1&4E-VgVk!f;UqAO z1&3pCsp0R}4n`puf3ME4S~c5ugxU0KU}(5b8dX*{ z)lEeYXq#s34Tcd~3R@bn`95?f%ItAFNLh+y-xZAwxUMA*C}IT4u2y#G^db2YCd()5l*Zk8aavIFKUm-jOK#P$nBrzSFh^zt2}l|cj>?^(IvaFk>a-~@Lq#HVPh{j zt`TE=fV)~GDX^{fLa$VDrfUG_v;|7sA2k^6kpHg6JFVe!Nl8^t`S~r$`d-tWuaMQS zc83UZ*o@MN7RJvP^FsHeZ@gQ+yld zmR>41Kl_pU`8D8$UF zxX1#i@)5FmeQ#TmH|BSaWU&x&i#Vn4xS`$^KIxI+_;M%EFV>$7d?CrO*OKa=&7 zymSJ4+5&&8gvkojeX{6PmVBrtlJ+xuB~bEiYY^{^4hot<+<|QPGZTk$c5WSu=3oeE zsYulJDGicTcLaj{egov)p8F60sk}@U!}6yNF1?SdyKgGgASOKq7T(xPX6oH49MK8% zx0gy`$Wgz2{Hov1^%o4viPuld-9g(#MbMXNo3){LYUTW8&d)v-Zf&YB52yXy4O_I1 zGVjf;=}2SE=!k?QrPY7mQm+TVT)X@;Pr!O7pJm|(eR^!+ZNK(OC@RSjvaloLS&ES>fZL z?dFKRcI3bvNniC$;71kT`_wY?Ot*m~z?)VDZP}Ehai?beQ`hzZ=DF>pmLQougHMVb zgGe+H`I9jN@oJ`4Lzy>RTKEIeC((n8GM*WyKcEk)#6nP$*d2go4$QUs;$SYgd;e=; zu@dcvQy%uqSMOJV3T2+mufr7#SWW6vTO~$`C3$CVJeF(yq$mA9(^)sX!R=F zE}BS(uQkhoVskb^fAsBtzEms60HmOn!G#~CX`h4bHS#JdxOd3L4WwS=EViQ*> zI*A-~o{UXRy^j5)_)z~{Ew_YTfH()$YBlJ17ThzK#Gp56+8BLu+78QXQ4249aU4bD z=TuDJ*I&@=2I|RYPU2!sx_$$x`(P#7^v~Y{NJ%lM|A&o4pbbklH;_FR`BVsW?gc0j zO*Hv6E%uydcy2vzTh-}|p(-B-+P$nb*X~=!fVR4+A0@A<`cJlg^)&7;0imE0c5JNe z+j+z8eatspUE=QYz6B=tMQo{ zC!4E_yrYM@bddL}6T*JTAQ0c~h(Ey4sr5%S`=N7jnZNa&9TD(9{}op=NP*J?yOsd+ z_0R-aOJs~MDoZqWmev=Nu27Rb!fW#b-4-5)B%uz984+T z*d9eCGjH0MWVaJ=ke6f4v&ES9cBH`S@0ADl`F#k(1d0v_&C}pCeaxd0A-wBE|z~SCpW*ys=pr=IAd1dO7T#pH6q~B6jyB!GV`>o%fSeJxXjFLeAK+0U5n{prUJFW*souv_@8I2pJ~GLkb`JQ z0jTP4q-*<5y#(+c|9mOcn?TOLIo9`t0qARTey*zeHXga{NljEQ6kd#(CXgNQ&1qf9 zs@;0NaTdr+Md(mFHh*u9bP8W?0c5E}{2HFFawk$Z$|=;_zjAP^j~ zf!Ly4t^4XqxHu5VAc$uq0mToS8y=rKR>?Q=PZMzC6Ix>9WM?@!*fwD+<1Q0E*=xWQ z+)KDP>VfS#mKu;B4>?Ru0(FYkcOD3&^bt&Xg%)%(y~Jkw3qE2VOip6X4}mwZnVoVf z%hbWpHt@VP7{&3BsH+|MktmVXAiL|whqoDWT$m_|CK*z<1=_WO#N=fh9%ofSANPSsb3wN7IV6}ba9&ZIZOHSmHJY%;x6Ro+izLDLa%oeqW>8Z~r=d@P3~T5b#8tk`^f7%5YL z0+m6YlL{3R`DdVu?7n`354a|%GuJ3F!2&0%ZSJ}wj2td}V+9m1I9lwFg^w?&mIM3y znh%IMYcXiN2luoW<#~f*QjcpeGt0$W+R$`veQz#Ppj>9brk?`Zv?((*#?XtQL9eLC zWgh2?qxum>kv86$@}fK7gioW1kc&j)3lPY$APYN{EI^Bzk2}|oS1UB~TJPy~T4l^& zo4CH`psh-<2_^F0t3|yBd$HN#h|aUBLG)PWwK<~x0yHYVolJfQde#q2Z-yK|A+|t@ zvIeA$V_Ibdb2MWYgOYgKhn;nBzT4&KQ?uV&zdG1xoGj%NS-*i23VVKF;Lwp~O56#9 zqOj@kjPNhWKyP){$9h{HuDDQFK|afpe=S}j9xMDPMH_{bQMDLe5Ez9cKN#{?lU6rC zTRnw7d+-qD|FQR$QB`(r+bFR}=?;;SM!Fm64h5v7yF)sq8>AbgM39mO0YSP!M7lw` zyS}-+@8^Bq@$Iqy?q7S1H5{m{YhBlz=RD&$kK`QP6c~aP`f9N+yOnuaG$7r&V9&sp?Qjgv$E~xvoK9GUGA|dNAvaR)*L)cV^*}; z#Gjcun^a-47}ConuiY<()fXB2x>bgO{N5MkP^f1pN7&nTG2{th2JfOrSB}o6vY<U;^a>7iP84mftUSoBpXTkyU9u#AQ z!i)siW6m|q&Dz%1e%N`~9hVh*zpJTh%Wc2}4Ob78%Yy|uaWO9QF! zuV(~e1))etNB1vA#ygfHRObD=IP{x*tY~72EEQ%x4c>D^5wh|WNXIx!>2yUL78sF` z#jv&=eK>64_r0mLn*^}N%Nr|zip80utlHxF8#02xrxfww z3F2KeIfcU%cSCEhOJka5WcuZoj-OVqmFO+ z&a_ymhN1))e6xRSDIG>^i`;$IhB$`;74Q1cm)A1DwF<}uAi=f5t^~rwb;N6bCnhH0 z!g_}6h|viTYo33XC5jaQulVp%xjj)RSqbtHr=v!xjoO^@{!^qp05q`z=|Ng08CdWf z{CG#zL1Rkv=36lAFJCsp_egN%0qkAyuoo{qD8!6dCdOen2@gNt{DrEUpwmze7G9mp zf+Ok)M>M#^7mhwV`qC?(?;v|-8-Gv&md6uuSbC3gg#ke)WA}T41)6#F+wZ5<&mPo| zp;S$v6u<;-W_#r`XjK6Ay%-Z(`j_|;%1h(YDOcBhiIxFmyzC0lhOrX!V!xY_ z6^t}k8WsPHt#vS1lJ`G$j|xRfC>8O6E;L>XLSj^VBo?s9rt_?)@=yqC8OP@tvTD!_ z@iSzx0$NrKNMD&CdBImUMl5-YJ=uai-l{rG>MOwC^F!sD%1dwG zfi`Jg6iOpJY)%*Ju@F{(Hx+m$bmSOPu&Kl~*c@=v!j!}tK#cKeE+H}IJ99J;WA+P{ zDMyG+a;#T)0y zkkZ&p_q>gl-Mzhk2Fz0jSbW3yw%TIsTVHqeQr=4(oU`}0)HBSst+=o9Pn zT?~Y==qMoKz@7FA@~G!^IOau#!4lu}E-drx=h%c*kNKXnFq~3Ymg8S&E3z$#Pqzk-I zu*V3EUN#nj$^$4p=sMtG-SP?Kv7=Mik36x&XiS9=oP@9p11z}3B> zdJ{HS*6Ew(7!~}PYB(QMiiizhVsdve_^3>#0SfXY>?9j54$O@ zoR1GKC(sG@doTs8hZLhu$>opdD%h9S@QB+_D47yjUtG%P!NSA0hWZ_xD+_}j*dIo) zJk61{JD{G$3S379_Dd5V_ScTP;}wX|QpCYSYX8U$2LGY#Ko6W(Q)c0OHOeyal((_5 z$p@%X84XTHnE*ci!{4Qv1ebuRjW}VnP&OP=l=NVZPH#KX>d5na;zwrs#2lf%bIS(M1%%9`=ISt6+Nu0EMR0 z2{9CL2$U^QF`Q;Czb>gZpqc|ZQjGbxnsbcL3smu<&~kG0o2CkQ^ph~LCw@`}VF&8+ z)soSi#EFK;j!iSK(Ns&Q4sbf_(wtVDzjDS$yK@EOo)81Wnnx zfHc!CX5`0(m$z|jp51|1fE;pMFj`SZ-ZkajBa%AlXduj3BJ{FA47!N>DhTbJlNt2l z0mu-L<)FZf7a>2Frfz zAu+6NMQkD;9Tuan4CSJpC#)eF9hd5(?8Ey(*v+W84YdrYaXvXHE_Tu8U#Hlu*vh zUsfp&7yv*^si#g5SWdfaAa5@C-eCOJkd2?Y%)6+^oiLD;&D2etR?I6OTWBGgZn0_0 zRxmngF#giA3PQR~{By1P>HZm+`}}udUhRG5Yyq=aGQpG!5zyo!YU39CG_TZU9aG1o+)hgbQ2^<5F;fcNo zlhKe6oF~>O88{4>CLu_0LsBG|@O(%=<};@@^V@K(%IaE~ACMdX7;WAaihgX-N1-GH ze;~|0U+`~n1)Znx>UWYHq$XDEPwJuA;Qk{F+A|A;)pzM75Otvrp|}&^JcHQO!JmxC zm=O9PmFcx&!kfVjvl3?`Pwh`KR;U4q>B8RiO|IMO8P>7})t0wLMD^TflUh;o&?k8Z zUBi2fGJh%6zLs-N901AfNe75BdXNQz@1S6swePUutdVWW3j=h zsZPXG&F^+QBilgFSi8~Ds73n;OPz76Klvcg%?ts}nPra0DoP8NEzl1k?qe{;c{b9S zjphh%mX_qy+>jCD%xAv52Ow{7^7p%Pi=*Z5n==-<+`0|+=nC$3nq5xg9ZmcJEG^njulOY?JMyEvMM~;8MLOv19XnWxdK~3x*IFiI*BwnaL3^`t7r+0c z8u-n;*3`_{pKHkc_>l@Id5AeZPfTqrYinzRYii1qnY1zhyfW)3H{EjBHa9Ys&jDBi z3}srCJVA&HI^5k}jU{GVBiY4;g+F$bviQb@0KS*+Y+2sum3A>ML!OS$q!~P+Eixy) zMw^+MTuuJhH;-w9Ef7#pzLunjLhcCX@7^HA<7yeP@yd=mUFCEkteSq~*(44#I(r52 z>fA7+GaCEBt-$BJE(@)yPYcNJ>0fsT!V9qt|JHsoV$0XyeQ6JEduM>!c1AmSV=#3t zJsGr8q4jwBWQj^9P(P#>$i$J@&tA4*ir$UA*3!~7+5QoMTU=f~l>3y!&=M_M$aCWL z>({?sM;5D|k%*OV-Cr*8_QsL(W{J;Mn}mHCH5dcZ)qQ4+82TN2!Z|IWkk^)C3%-{N z+AZbGKd}*@&L9sL?2Id1MoqX_J$A=QmOI501|rE{)%R!mSzBS1p8fU8pTB8?=hE-X zlm1QeYuv}x8n;j=XC#J*z4J4FR|w(l#r~6Q61S_P;TJ?%rTHU&#(jp-d3MTm%nX^q zlf8crN7^g;)qI#EPWU2CKXNlSW_zkEb;X%wWc6&H)K8!`6A-Um{)|xy&aI-lp0@(| z3r}TKE?@#c=?DAeF;N9eE$$ASW&?O#JOICW*o&E%P#2U){4zLj=d1As>eFy&99^CX zkLyi9QzK~pqKp;r{Z9GgjG^Ic6CQKRav!}Mse+)d%nohW#r#lagU9j5bS|q8E72&I zAII48*}I5IEq*wLZeIEwUUs5kXc4BSIq`%Fz$2nnjoX`dZ}a62b~Fa>0T=*^1n&=+ z5F0$+Oz%5$rS@KPh4TrnEnVVp#b;G4ZPjqFD6Q>bsW7e8{iB(N2Y&n7F?CAjZx)IR z2VkcLg>Q{cxwl4qT_;y-aik>FnLKtixAJ^{wm6s@v_hn1WI`k6IC1Bf$x-MmBrRo~ zLW32403re|&nqB>Imsyf@+Br|VID|odqmgPc49y6MXe8ESlD^!%*0dfFEZ^+4nmpxp(yfU__oQ!XznPs}d75W-e5qeYR2-R<5 z$XO%`s(%ot#s(v*evI`t^9T^DXJ#sZ4N9*gxrw;YxPb<+Wf1k9p0EEih%3#O+;Bp6 z`2pv^bLE6R2O_;?PVZ6ko6x`qTSva97D$FN0heWV!=m*<@St>MPp(jy!B04}2{V+F z-L|XM^K@?o#-a6CS~lkVr~`(@p&^aVxo8Uj zG_+_$i;3l=7fO!qL65V$aJXtfWq)v7dz8QwHnsfG_-g#_{A%e%mwW$_Bo{9yUcn!X zL{FU=;mdiG3caR@d}Z3_jwr;@8zDOKDJbp|c36RX(1xVGUju4-0MaV)`OAi_wD{-&dn|8&{po}I7PmixXfC( zH1@9hxzN>e(63L%!p#259f22D8;s{*-$rHOyVqV~B0^q`z1!Nh!c zxBF}6^7EAiZ?RIQd8(K1?c9>R43y^*D#PUuV0O1ALJJpw)6f|D^*T41GXH7x8QRZv zvKktE)y3B$u>#ly!b0Hz`{$!*<3vWnm_kPZOpNQNeP$#Q-`#uo5LlSjnDOQ&5@IKl z|5Dv%6hRKevm{)n|2O~0BZDPjNr)xcRA2~VEk3g_Cs~@o83t{+8$aqFxuWVm1m`I-Vke-Uiee7Ml3%-iNxTlQ&i6dY0v#_SO?2A@Ng{a`4SE2b3i=z5pD&QSO z9;~_F{MNyq8OzhPh3vc64anggN^rBkE9w3b{ZmK+5QK>1LMm9O_>D3|U8%!c6m1DV zap$8(4zR3e(8@xFS63f8SOMgBTpiI;vj1jrV0^$}KgSBoC-i@_x_@#z3OFYyjh2^@ z;h)h!|DtJs=Y;|4(|?9Kfn4vos+JbvD;d;&Y^=5QD+X|DV$sJVu`OgS zc3q&POCG_`*F(Xn8p0jIO%;ec-em9)lI)xd!q*aE_>0Wu21FByqW@zhqbOjS2`>C1 zH__3_NYeWC{`ThsUZ6c-EP$PaMxiV2PX+(iFqTTMzd0@ncHd7}a{;6&6xa{W6A;&E z_X%VTaKK=|X&*QF=kc(pz>*?|z*$k{nY2zqG`mBQ@2+}9dAhs1HyiwK8zh`i*Pp>= zE2ns0zJ}JK(Du`1#&`LI(t1hNAGjehs`Tm9iq*GN4# zvkB*#y=DVzJ38bJ4+bkh!+8Ib@-{&kFM&ZD)hK#jOf>c=^+eGsY4$I30&H8lq#-~v z(|o-(4NMVMc3olK+~7##7TiEYfr6>er7P`fLe?8vPpN!FVRb zSGaaEVL|$PtGKw>ZQtZ()bD~*7h}-D(y~gXJ+U|UVLLa&;5ykLKT?kn3xpGvfO5uF zs%1o?>ZGVVtWjsi9jA^7Z9)g(;}io_sSEaJy${`GyR327AGW`?GlxilY0pW^9q-qO z6!imqf@9xpo+c{@HP^8U^^jf`WcW4kNGA6_KU#XcUkbfd0Bji>Xn}Fw060U?o)@@5 zqJehX8IIFl|GVB_;VUqYi7F!1o@uFOe3xD14`a}F)aDWZy!BZwF8v=b>oG{UUAa&n zu5%w}LbWj_xBVVYb9KLgI5VE|Xz+M$u(>z$HPkGYgnNMGjV87~kqmra)9kE{1TnvJ z;fuJzpHKnnn_nQ2-2GYpIPHHwU7sTnhM^4~i}(uv=DWvMg?@|q?wcm(qI6OJwi!S{ z-A`3WU4l|CUC}M3z;qDkG>+a>A|$*53UA73id1ZOf`_yK0snsDts;H#t0%z>r}>0D znc>d2l-WV}JNltdyC=#V5C(VukldKSo$LKLM=Oat>u)q~k!j@HqPC}+^f4F`cDkos zor#UYx;SoRT`-r@6Fy7nw3s1W@rTVncuW5#2;Hc@EQk2WFJuPUKrB8qLEIyjm7KU{ zc>lMmmNLW`yYD+JEqa>7)% z+a=z|GnGeEK)8Jv*#p!rpZi?{UWfMkdb{)7yZ+oXXu^BMRM~2L?jcScwlQvL`0Q5~ zPqiJFJl_+%VRlyZ7g~oh8e>^6C99PWX>hJLf zZBj~o#4ET(X!jzE&#ANAp#AMvHY3*we@bfF`)Cab2;A>!wE%G`;t$r8S?5G3#4(Ko zS99!rLk`sbKEc=Hp;ANPrF+7S#mB1My8)T8wJ)=FOjEt{TkRTikg^xBF5+&TQ7Oo; z(TVE`t;!t`3JKH^W+23|9E)M2UjA@#+ph2E8xS8f3RNVpULfzfqKz)!ysPyjSzVW; zpoHV+=|Cf9yUOBTc3~$HNlomJm-|yH`-S6ym#oM4Q-1F32MwLiD2@c{?tWYDXy{M2 zJY3n)QAYe6rQZkn`P2_}hCJy)Jl4}WhqkKLIz>resjD03_&<1RW$EYi(3q#P8enuw zp*lAGsV`XdV3k32OR@YE6{x8CL4z%jKrPLi&Djb4A$ zg!LWb@FR4UcbJbW`RH8Izr;x>N9Y+|rXgbL6Pv=ESz6AEJsbHME!{#`AY4hcH;?pZ ziT}qbT}hbU^AkY0sRooY^3zqGJTwyC)!#j@kR8OHF1(R_5}k!|v9n2D ze~mT36qduPBM#I!Fr&jpLcDGP=^LXeX|O?UXrYctoJ79sL($x(M>C!{PA{taWvMkF zt!piwN$#H`U-Mg0brcy)x~6!mb!{Yjqc^FvB;9x9wqm(7tlQ z-M-dF+H^n-z=hl2Wt*80&8|~SiV9=LYBDEIN+FVK!0woYSzJ_GFss(c>pC>iHMRb)7!Tb>bjcEOgR( zGb&#n{y7^+?+M9`&7WJnC$0^7tux_FVObU=6`4MWXaz*QGsW@{D?@IHS^h%amvJR2 z-=dtS^P_Q9n*-g(u>i^!jI!Pb^OYzUsUua=CSUPyC*l51xA37wTPsQUDE($kI`hG8*9_!f__-JDLK@1S3)CqDqk0 z(<&2+&Q|<*9OM`*8@vuoezXC$cE$C%KiO1>lARNH*wLGi8dB_qDdVov zijNY%&_JFHa727f+-ZABdE*z>{9E~=63_1IzLfUiR}EDzL$ zcu;ANjXSOkAz5hfRUKLq{CGjV#w=YEi-^WMrjpLlontNyA1aNL`rawguV#dp-lum6 zz$%F^l&@O?K&}goxF2z@7_F`EBKk!JSsv|Q&k&WTw2yRTpR77`EJ5&2}@%+_pI*;{iWZPUZFP}$1`;d0Db#VkG&u5@9Su1EafJmSB`YgWsA^BAN9pLi%-fPMQ)J4fDb0|GtoP8 z5R`ZpUN9-(Az!vR@_?8owz}#6ID|F0bv#n)tf8UdR`6I>*=CJSoHE#)3Ycyx8j~m0 zuM?D&_z$MHekK*GOHw$&WpO(y)TFgwJ)-q?Is|0(ipFUU(K`mP3Y0ts$hC zifk+rmXYcgCJF8sJN{Erom19<{^>KYkruU|Nm zVKW%Y^Ae^#OLH}yBzS9=%}?>ulg;52S09Xl_jX%#QSN@Kbh=zwBC%Ww0mJXo+p zn1?y@&@KOneuMmO8R_E97Ifwpz_o}DzOFD20mN&6kR6QEAW)%(a>=}rVPk3y4Lm*& zd-j=Oz_#R5xMUQhtUrPE@l4LI)QIN@9%Q#%_BLn>5$~q$JERao3Hqdx@W83JgpwZI zc-S#^We{&5ab;F`Ph5!6)8TW~{v+?6YxNPYnd{jDuGwPXm3CwCGYc~Jms@m4)cjhb zk0Gu80Rj)WC!%?L@Yj!U*AH~Fr#KZ7q#jsHxF_&Ge9<5DD! zr@w4)y60KPOnC5@5GmxSu#l)&^$Hr^yBF7^K{(E;YeHoZBX(IyrD!8M&h313=p(0o zcoZXhWSvzFKbjoNA3qn(KSjJ_>*ZhwUsor2QGilV@FcFoREV0}Lxe=oL%N2F%y(t0 z7!Bv5e2tT1F3RDuNkT|p^Ne-w5OdZa?WA96{U(zI?!aHfLdm09iwYwb-&=rq$#pd5 z7|dV0kV>AKnksI+`z86<(0*@sOVw|1KV`t(SQ2_G|8O_@IIoy3FvUXW^6sI>;V$$V z6ebdy$|cY3YX_@b1|od9=dl4Jf5&VPSgWZ z?P+1PgYT|xz0fa-wMY@NxObcHs@@(<83ESD8T*?$qjy&2K8M~*ob4Aj?LCJUEqbx6 z-C67=h?h+|WWPpl`VvF+Ef(VZ?@V0ouAIy|~lZ9>XJU?sY!xZq*G(P1?_bJC5+%n?rb zg!(}HR?_9I@QY6t6=g_9Dc^9dSUcU%e;Z>p;D^Gih}cMHBf*<3iQVAJ8pNKZV_{_c z(ZPBfP)ozhihDB$*{`$2wJ5Syy&(SCg5$e6`#3|NN>|(j=T5!v=}u_?!J!PWVBBFJ zocRztDy5BdZ-2I$Ol8Ic&Un=4w&XF#=$PvWsjB&692gPo0T-6oA&?P$Y6QZZb>Jgts=JlR* zM#sf+T&?O0hxGYBJHF%QCDsbBPby%pPu-xI%`se%3SZ`6C*dAB&hU+$F-LR!%-&cA z`$&RDMbHel9wk zB#4_IyAJ}#C2!1+@jz;b_G7}t%OuMyVL-kxNA^0%>4oKBsi7&(bV4*EiR^KW+(&D( z|22{FfDU|JLi6LZPYC}PV1fdj6%E5&S{w_L!s*15kJ08Y_j-p>RqlWP9=`%qc69N} z+^rWn&XThw**g1Ql;|&8i55C)oOThv?thP{hN9w7aioA`0qFnz11Li=3B~6}Uvuw= zj)a+phvmL;3gEUB^K{DrXe%qP@UO_}-%lPBhQvPQHwN`M_UG38{O>@q0tTnvsAj=k zLuIsn3l8U+|3$EBB0IKn{q5Tx?+;0DMxf~Y1w#5auXAU$lhfz`o{Oy+bS-yiL;ar@ zK*7!q7Upc{8`0>o;m4)LnGQMqsoTfiphzjH2)W26 z0$KuET1JA+jEp3YDamf8w`|->4D4!L$EXpdArW#So$s2AjjhG4Um7zL$}1^0pQtDf zy=V%Nla7dJ?tDBI86x)Q91wqV$2y_Y$>&aSg+-M;m>$Fw^VzrWJ&ylgB2%+(a!2HMhaIx2&R($Z2C zd4<<6k^R@H$>jiknsRr4=&y3|+a%7h#|$*U#8(>kY6d@u-fye)gECCwzP3N51^~)5 zpz~mEi9~};1MQZfuYjAr6mOaZ+bxj}goSjV#pCD<*m$(ldM-*FmScH&^UON6^x_N| z{4VBwVS9vcJ&bA$zrQc^e|!*U8CV2Z@ygz?6rn!e$#sDZ<4e^B}Zi`N%?- z^Dg~>9a~UkecVIpu%4xBr7WWwpvtED27Cblw&rW7*i2I$KBgqkk4dWx&PG+I%InU!XEiEX@rh+q!B zo2#F<{d!oH`<10HjTk?p7ZpM2fLvf&*}CSju4n>`Cr(!1lD0ASm6 zdN^!Ot3R;FPbo>~CO3!D6Jr`mIFLPPivOP`snfXu-fTvE#EL6MTm#c0d&KK0&vk>rvAUmKT5udD-iR0ymOHceZg7kPG#Jv zqc+v-X=&%{d!It6)|%KW0-iw=%TQx&(BQ$D1LSz?r@4w%=bEWfGuv z0D;1XZ1+WeVh&T;lNC&VKCT$&&L}1%G@^KFR8&-XmF9zjI1zyv;GbU3izAUGIhGM` zh@6+I(17d)Wtzf;llag@d?g|@vwPy&*oX2OlYc#aoiq1ZQML6<^m*V6FBosTUOTC* zfJ``7<+~q2my@UCPu>7$-=LY~gbkJuLs9H8oOL>N)>LVc*2cMaeYgiAKnDAz;%Tvk zPoO|gY|yy+>x1a*pGzG@H>7Ewj}W`bpSznWezk$ijuE@d^&jEiGBv=PnYsC`cFPG4 z_BwC^ig&*A&DhLsIx_W+O27ocL}2kz~IP5Yn5 z;iP2CzkE?jVbLELh|^k+?3mPm`YN%EfaEkT^jq+eih1D>RYR8c)^)*@Nc!qBMjqHC zBGSJnHgFa9==;Me=ewBydfvaWgyy*+O>wZJe%*f@-#;Eu>=*^a9FbSkmj8`8(08i7 zgwr&ZN1oQm{2x#G_XoUOa2Nmo<^R8195ER>$6@a2=g@H5{mujg^nR<7>=dAQuUIwx zD)!GV7tw*uJ&Rs=58YhXH*ik~m}L*ZNb1N$e`wkOm{AF!4Uzx<@`nEv46#wpn2q%- z1|ZGP1D^?dWz~9~ZU&MSoh~%LE0floKUlaIlxFC8!NDT65VBKVR;F-sd6;{)H*?f} z1`jm?#-{i%Nep(#~D? zZ3oDP+gj4@o%H`&9SVfxp{ES8%^ZaCnhzF_D1uK5Hv~1cHqT>fUwDRvK7?9Vad|li z6JtOYsO+7Oy9wz)7t6Y4m}l-e=n5(WHGXp;&}7XBs5$aYo`AUh+~M1~=KEEzpK3BR z(6lZQ%$7Di&8OFMn=$JjO6N?RHt-kr1nq%bP+@XsE+)~nldXeRi)nm`!%|y5pZw1x zhF2e&T(&}a!lBq1mp30uOL*!s#LlkZSo!T@*7W9VyWim9Bo%AXBu@C{V=NdYkmW;z znsn}<^jPwtqOk7|v8c-9+^@3HuL@i_6~Dldhl8e60peB2WT`MrY{Uq~nh&$FbGQm` z72$|Cs+!Z@74NW(k9uDwer9afF70F^@ zP=`PUT!n~AEQ~_dfV;6UTm4Kc@fn%UoiH)B5hijBM?*GOjg?bfd2g!7&^R5Je_g)9i;Q|FNmx`cCIv%JSxcUbF|sr7xs~0o)qXRz z9!?!A%h%pHfKtXc-g-8n@Ll(l{!QxA2usTzP85Ob%t)wF%RJC-=9sLd=l*_tkIz@r zpy}GibelEu%QofqW6!C8QU79eUL#Xd{hMRmlv|D=Jb!}YnwcP(6Y|7}+m`v^8rH$Z zd@7A}VBv_&JL+Ghr2bH46&IMpVuGdXb&`+8kktTu@qNYI5-#u=*y?EfAN2z zl=tS-h%IVjJSkLE=@(YJu-b?^StvexC>6TM2taua1M5In20gz}M>nPpmyyJ+6a2+2 zt@wmnCjw_O6~dL$Q0k_N_vYS6fw)Y9o_DP`4s*-G!^(`S9L*@>GwY^9g^wOb{M(s` z4JZCrrmy0GwHM50gt!UHxP9&nsuMo2ZR#q599A}>J6l+FioQKi47p6vXALo`>f~HE zs7OwzdRolEjE~cx_)amUMeUu|Ala8%%7OOOyNC(Z*Nwv1MP@OblgSPNcLh@;DtOZQ zZ&)sO6tAlzm-5`&iaiD}lV63A7qD??F&q-3io`SY29_pRo2c4qt>kFw(V z$nyaW+J~N%o_DgSFt?pX%eknNwNF$Cm*vl=3dXvakMDek@@@`P?<_SfU0s%(LsZmf zWj8W2wzY=5awl@)?<>~%DWzw*VR7kMfekRR`Zw4^ldUgQM`x2Nbc3m^qYQ&eZ;9;p zI?>2Qgt936M|+!a@!&M2`Np1M9`>H(SBa=T_XC`$9>bu6l`!%gybobfNR6J+FO1a~ z`rB{P;IC}Gqb%O2e&qW(>Y3A+fk(QjDq7!E#+nqhukY{cc0f|5pe%B|p4Z_tnW-cW zSHP8TP!Msu=gPRHgcs))y^5_!i&;ik9y!mt5iphc)oj-^D8bmVYHu7>vWWIaS%rX* zI_*tpxVwn;`tYVkwo%@C@kXhZN1bi*36J&9ixkm#MV7i2w95I#bo!fDl|Iv^o#WaJ zqf|54HQ$U2^}*Rc!8wvw^t^6)2hCC~xdWl4O6#rZsPLsC;Da1EKAFxBdzRtINxT`! zR3Xdfs?t{49GNb0NKezMi`ex=pU9q(8k09M|EDAJBfxObwJ5{Tlzfg32$EvyN9jb4 zBTNAUJ3kxbJc9H%^r(8r5g$Na`rpoxo)F9Dn6YVuvag|1#^s~!vhrTPH z%_?Fyo7Yq5*{dD&P{kJX-inbo(d>geL7isbsubZKUtmdO?uL;v{g#9?QnH@u7x^bK zHi^omSW_zW^ZZI=ZmHvg0*@9`o4lt-+#t-IItAk3Qm&W!07P8V;({y+I>Z09Vlq%IRiKE##6N=c^&?y zlaI_PRY(@mcA`gM+K?$tXHi(>G-diu;h^6}!GOpgsp=;Z2FjM% zI8ZxWnCz$gMFuP(s%Rc`Xo+5L9s7s%Loh174s;CCs$uo@?!P@oQ`8~S5P1G?!rV&&?TsADQKr^sv6!m*o2SA75(e#KeGUe z&RX>TxKoCNx}7%Ut6`XhBs1(#lf8YRJuWx+E99=+r+g}MzzX3es~|7F0v`=AVJe-t zX05PRFMc+oTfXOYx64?r3(L$D-bRbORU~7Jc(KUvzQasW9SrSQH^@1*S1|)xz&?#t zqvTm~$;`--FFTa?(!bos&*(WJkhl4qy*Z$;KyOXY+RZ`FiLTGDU(O?-EgbbTH{p2M z`?G^@VU=T=UlHvc5-zJ$aAvQxWr$e~UMf?v2&72LjL`aa8Z`v-dG5s4KtChf2`45o zi!O?JU~uD`nrD@M3#mBaHmSL4jj1>FEqaBKP*o${rVnp5oE zy`&kE14_!}s~Uq!k@94``5GQ+`()2DJZ;Du@$vO+(k4D64wb}fLauTDmk;6@d$}*VgM)5cbwg4$EmXkv})Z zzj3ufQ|IA}nHkRHFo>;U9drG6PyZIlNYq%ECGKq1FYJ+?=bcK#$?gfi2^^QqDGSHf zXn$!hw7mFg0PRrOs5?|6x_rDa*Za%Yxf(q4Wb>4I6pZJIJL1}Jf($~FN$@fx&sEJM zZ1Zo-nM6_&c-Ob|xxT#=BexEFVXv0{u`TN?tuoL}v-GZQfK%4_g2th^efx!DHEIiR z>}JqXJNjs$_TN(56$00aRs+kgCbUB$E0NHrqRUi7A;aIFq_ia=9x1O*%g;xT6Ot5h zcjKJ&G`U|T?j6rhjBO?wiy@0?XyT9JA*hXj5h?Xw?Cvk{Wtj$!Q|Js|_rJRhJylR_ z01lcDcZgTZLKBVu^+Lz3!kJ_vE%|S`_cwEVO#wyh_~;4x|F7#9fg+d0d=2k^A%W0M zMuk2d98x#cKZz%}TJ3?p+d_-GD5i}c_`K{)a9bn7Z3o%^d3-LoZ)YF-cMHQ6ZHt!I zG%%o9!B_D0106v}|*Y1!@KG|{C z{O_$;^1=b`)`jo>uQXDyF7%|Zl|Pcuzmf9%T^hE)NV+k)uXVd2poq2oMNmm-*3MMw zT|%QZ-z4w<^5Vsemf7Kwd8S=x;i;-h55}t-b?uV}{R@nZU75E<CPq_2IXFe z7M;G9x);RV4k^A04<%NDiO-%6n3(9Xf22<)Ep+xCG*I#D4?N*icgxvx-Po^e zT}wK2+z^y?dRLQXU39KNa>AVY<%52~$tAsC+8ys;MUuZ^u}|H=VNoM`4G*vbDGFdG z$XNOz|1kp|xQxc!%=Epueb7m4x%>g;`6>Wv*A9@{mAC2oWLpTw1#&HzsiB=`S$fU zYCH^iMMc>b`AYSfD2hpnuV3!O)>gM+~;?pOMXf!}N%@v0KuAOIdmqGvIB(I5g025}aJg zNS1q1Hsr$~bt})GmK>YvuTMKK$m&;?H?YaXUuUX*TfIl$IgqO1iVTLm=u<>}{Hef0 zl&qVqF292x@iA0T-Irh8{wn`X&8T`dx%`I4hZt}+bWuQ);R{6nugfQ)P}S9)6N@Zp zfeVZkc_`1xbL?wL(Jw!Q%Gn}&1e%!4$P=?^1-0sl5c$>mc21aHWwNu#9QTiw z;HM7O3fr|M5!4r>Yw>G-mX^OX1o{>;!4(Zmk*PHy1so@mV9UH>9A4x1zy*u9E1;^;WzHB zrfq^6bki&@A9!l{`tCYP}Kiuy0PZ_LZc=qDb6Of ziPkf8p1bA+yVHhw@D6do`*KS}8hN{_j6ml}1*_h&d;XK@!HX2TL^b{CGFBUne#I%@ z=6Oc#8|S#2KpgH@Df{LKF(WAV>L}&XN}A~=>ze%-Nsow4wq==Ne~ZJXzz;HD$V?l< zWv9bD(%lT6Y((4j#fSAn5@FDE71Q4Q>^DcBPPeY9ilaq%it+YiFd`ko%*&1A*QGP) zHBK)zo-xdSMoEh6kiXB49b5M*G=?TK$5YV<+_P?cTTn-sR7EOAet7MJ=P1K?N!Ovkjq4}_OCxlO61aL#jJ~d!P#I6RJ2X! z*IMi1$@mnWl9!I5u|dIp9i8Sn(_i9e`Q{V$oW7_C+W3+!>wS!i!taw-wRIBnhXW+b z?oe`0oMdXu0oh;ln31EJrx?fI-X4E7`#P#mdx%#zC$s-Web#GZj+a`-p}(5lMfRCg zqy+&2Eu#j~U@muhvzHk)$Fpu1lixTqwk;=>>UR&$NS|5n*C$f(ot=}YH)iym@`X<% z3t9))m!imRew6VZhYa-Ixq)w=c+U^nqRZn2DSH zX=Uv+7xr&!ocI9;2SJ>%G{v83iW-ThbJa8Q_NW{83@Cgu^@EJ;>9C(uJCELQBHGl^ z?v;`Dr)m;R%&1~HCj~36GS+2|q|#?qiY4S2_$evp>(S6;2Y*N|uq?vyL>l`1nr}%r zl{^8pt1LdNlo^V%)Fy-NsK;^j1orE%_6c&v@T%#{HQcp{DbB10U^}8{7lZf?H_CcW67$;H^pRhwtJOZ*TDL zpWjC=YCUX3w!AvfWO_O<8aQvgu{&%X-gfp|zIuwaVD=@uqE#=w0c#Pfx^H{(oUw$k z^;Q9+sNk!uz}FwW_~}W_;tZNKcDjz`Nk4JeY#7i>S!f4JcNx9iFtK^^*#7L*{h0~% zoZ|CKIz01R1;2K_c%Sfz-va7%Q7b!>uQJ9rQ|8l0;hwJO|Iu2{a!!Y_Fb7FY836}zts28-}x;5W;ZXPA2lqRD$C|G&&T8v zyKSuMV_Tk?Nn3d(8+-Qq`|0_Z5VVbS&&v6zavG^Qhz_MS7HrXUKq+BFO zmUOJ? zrvW*;LmzYD(H@<9eXaHBgZFuscD@z965);|#79tDhLnBK2JR5+(>UR@Mvbi}zh;Wu zA4R1Kr_d&1Kk`@tcopJ$c)a-pV}6KVQC0zOR_zpK}hS3LRK16MCv{SFI*o zQl^TIa9lQGb!8ThKO-t3c5qxXO7HvmeUNEW{kzgtKE0@qIKyK7m(g(lr@60ii>mA1 zRzzV?K^;I45D^%L4ke{iVCe4dl8};+mad@$q!B4$z@e0`p+NyDkq$uw0cpNH>hu2I z_xTGxuerPs&zybs-fOS3>b{rjF1?VxSMfIUcSxNt$rmxl=+@~tq?!8o<%m>93fKTa z7TdA7z1sJQYT0vF0#KJ(f>`8Jm8Ik&q~w;RN=|?JEv{!|a7FzJVHAm3dzDGvPWze71bv{E@}wT#szRJ znUiNlE^)BI(>`*U1YVBr`H~|TnUqqQyX8t8=EF_!;QKI#^<+r_-eHwiTb->nA9nCs#%1>3OXM@6-172A;%tV80D9~pb8n#|9p(a6Ztb#Ye9{oPK^5F+k_mW5JM zgGw@FwylT3>09*rBZY$3MbWqEWR3!#i$z#*VF*T?UB-L%)zjyELZ_EhER!q}CbdwM z55bf3v`26h7x)E2s@qXZU`$9rfJ&5#rEG z+DYv&ZzD?v5HD}5FQB<}6t4W!h0wo4$3Mbr*2>uK)9I=^Zn9F}>NFbmvoxd(EGhxf^um6e3o_5?Z{!7p`w*HN9S>K0m;ViH5k{ z!4Z0-pfr6Gy805=mfPkk!L^z3_NO_G)v1e|n9_ufC}ieq9|UfmPMK^!pKl#&!n5QN zHucsC6b1LN0F*Z|zU}a2#NP>~uP%dn^_t*WasS7~PC{qlp zxfZjNvN5s~UGhi+k6==um5V#UBLUXaHcw}`Cd1gsZi7Pbb#;rW9KGzZnnIrYEN#B2 z*9L__rz9=Gp5;57Ezy?Tn~WS<7G7dsN>k(9O-ecRQWZ5s0&yhjPY~rY#e|=g#4MK# z=+Ct$N^jAMu#lx^2X_zlwA@KLFFx5rrCyg4QQM1FzO%`CwNg)bxu9p{I}virmY$Q* z>5a)~1Ue5#;xK9bQiSS0zshMBvwp#QE1AooQR}pNowkbwgVjyCJY<;1{`09{2auVC z+mzWZcIs@W@ALUPS1yx}$n^<~k}o1DCgTNrlU4$%5d?WY_mA(ro@j&XC=W+FU&sU?nPaFOy^|m(&g)C76Db6I$!3xxnkdm58~1 z6iD$hocg{;2n)2nba*jR)`~|T5xZz=Hx(LHdZ_0x_NFWVbxPOf*As>lIFd{&Zka$f zkL1yNs-XITfzeb4wqRZNEy+oE4>(qF^dptoCZR=Yn&K`C^+9yNI0fSP`pc7=GK^ z>|2R8(4{#j(_n^eNeNH#r<$l78&5m&)=sG^Z5lo6HV%6x)h;w zOwRl&pftxQV(Kx!6wmJaU9HKN2%1+bl>FRR;N+=aOa(>fX4JRtg~)__j?=WWI!)V-B#FQWuxtl;m{IBcGV>t2RatXSs7%(y%8AUxTid z!5Si%KV3PDH1RIEWv@V+G)!dP_P(;i=7;M$)np78jgV1ty-fF5_mwN_4^ACyvWoB? z2$)GcC#sA-W7#6RX)xKhSQ74hSgv{D$i}5_&POxlGfv?B{nV4%_gS<|kHtts@R%E= z(Qy;Xa1_3?GbMqL(jg)*BayD8OBn-SWCC_^y$f5pUl!eEtjS`r;`Hjy&Zp#$5BvE zzNPeo>5hYYug%TvwYs`_>IK>DEvDWj?LCp8urfU=dL`>EooxNiE~)h!iGSU+SoCN~ z)9uc}9Kr1^I;IEF8cPqMaFT$#-e|AF*Wb3x(bLgsRt@T#b%r1y6;S(0o9E(m1@MW# zL9A7|OGVdm+HH0YYBv(ocGsiQpH?SXz5vW#T9)@ydMyG&RpYpIY4GS6PH16d?(Q85^TY4wRrussp)DB6u07?P8*r+M zT|aEt*wjOP`1wY_KOLgc1Wn(&u9`O0zE)w6copWyRO}S$rC5B_d0lfivGPTs^sC0= zlugr76gO(PR3&SyhigA)kW-9p#nDmCccpMXVr?edeNFzIeN1bKd#oHU64UkNSYl-R zfTZiXS!w9CJ|#Pr3@^hYW+l*FeUw9(o!_P4n*{0Tuo0?%sLD-YxlUW@Zim(!kI8}F znwm8wiIIYi5c4_FcqeX;sB!!xWscP|_6fbkS?w$2)A^8U3J{6h44u55CMt^`HL_SI zFqW|$tKk`7pSfW>p*x}SvblgE&3Bi+i!K2}ZRDOxj+%b*G;^Ad|9csP8oH4{ra)<> zS~)4{+^slIB5Y`*W}#AC-COJzzWDXVsb@$P)M(EmwYANH`d$``Wzfb4RC}T!Z94Zl zdz0b_?6gnOlcZ73}f##BJw&cj$W`pj5{?aVH}$47x?X>i6CA zUwF}X90t_?;00MXl8dl?rh^KYGvd`}TQ!9Yn9l1Cg1rKFRO8p$ z;$%AqYBfPb2ssw$Eevm!~*`|q=* zSMd@%O>7$!Px&5vYql$ zu4_waCi$vAZT0&lF4ZxoSnyLg0+L`7JZbRu{VB1up=RU!qW_2a)X#0-Aazl!rvmzD z!{q8cP)Ou$Xgj)3H%jp(Bq#82P=3FTU7fL~!rWv-x_6VkMiDK?MU)hIlD9M~#TKgZ zTHqbGxR;TZXKClQ<2w;C=QZc3L1urC!v!*?oiGS8;`yt(Clpy{Z1SVQ-?#%J=!f!5 z>8p%kLl^O_x!TN|baTgSTdVSgq{hr`QIqL8`%MhL+NxQ}9Y<5{jDKnr=QB%<>Q`;# zMxA)~EuOC|CO-4;3ohY9MlALGV!J%cd`#Q1O&G;X(j<8%&_VLBr!6_7OWo?Tcfm<_ zl^jp6)Y``2z#Eyh$O6I2o#$%|$66izlENpFro@&MqxPdM(YA}nT1-auO^an}k8U#$ zvLjbuJ+GtZ{oe50W^&Yv-=rqK zyQEX>Nvv>`dH%jsL!Tq2OXz>leQUU=E_eb=3i<8M{%qD+Q+mPEA~ul$($ zV8ZA|1U5vIeG0ku=`iZcOJjd6BLcf6(&;;6XQoeIkrq^Iz2UWzx6w&dy@40bYxT@? zZkaaobUgl`JHzJhwq9jl>bbmWMjLSQ*JetS`$N(QeyYucS^__cG1z}chT^l z4AGyzLG3(9V1|)1UA6t6Tp0{ot@G3MclJ!-#t?aWqT6!NFW*m?9lx9QG-_J+P$~1C zS&$Ve)YeVLxLEj3d=q1pG7jr@ zjt2)}qtoD{><98|Jt9|avecwZX29z@WdqhI7WgUh1;*c;+U)!^ zOeyO7s>vMvYn77f=M*SE`JJPU5eE~NA!qEh0gph4QyPUxbm1`k-YIy|HlOlS!2&Y& zTV`xh>+=y*(?+qIx9e$f7;p1iCpv$DvKnN37}6tkgKHv<>0G8qt}(VJM(en^8q+V~iCVctS@fTjgE3B$JV=5wd)Tw20mI7+vO9` zFbY=P)U)sklY66(bcd`2t@${ht|Fk5N3OD7(uSfyeKTbs??6Y@@5*Bgzc7_k)8E9E zx&X*6svqI&U||HP8$-C~#N5;J&=b6Z)N0AlFXqWE$~(73&^4+z7<%f`$jJJGnq@Q;!mP)l?+=s9_5Te0uk6mh(eF&Y+Zz)r=$=2%ZySIj7n&) z>MFA_F!zK{vU}R4&S#Am_i_<*Q)@o^w9KBKW4#3Ds1zF&GsrVnX_PDX>~P0MpnoU6 z^+0*3%~hcku+OV~xXL#)c|M6TGC~Ukqht$yVeDzXv3n#TBdGI7bQhCMIm>cziW{VD z#KPmJVtrJrNAOO=32KTkYfzjmpC^rBKY4WWjx>vf$}R6Abt*B16aQIVIUqd+F;Pp{ zoGWiY5;QWGOTi#~w4L(ngs&8A(h35u0GTt(qgK8!{*A_t5!i!O*#j zBYjB(xih_9W(Fm_w3oPV!eO4=GXyYRuzBldT&7o|IqZ!Qw_3?#-j%o>E1tWL1}n)`|1&$z1fqOvC1^e!YABD*v1? z6>O+b>UvlRSo|UmoFw5&qqsS4)P)-Eh!XjUDGkvo|CAYuj(1O%GRWdp|!s zbc%0MB>k9@KCo!WLSK+Itvf-PchC}{?7GM7a*GmsaKR^l00s_IAYK=?<`WtFToZm5 z2;&o34&~(081&0{RXzfTV^b2k6`$xy!{YbX(XV$gs+xsyV!RQo~P`FVJ9B) zG^w3((%w67f7}XTkhdwai?P<7D^g3tL@z0fYS0$sqATC$TbOrS_P+16G%EW_S=fEE z*z7qm6dl{2Xi$E%mDt;(5EH-iK->3?>f&MsF5aJ=M`X8Rixz%dM0tYsw4iM!eanx^ zv#4SwQEs#zB&&j70#hJ~Lvc2|5zH@X44j~wqLpjr=`H%8hIB4lZ)niDobgWu z15@yGqJ6DyQSEDB(RygJWzUjyhsm-@(#)8Y>Urcp$@o5!c!x-y`Mf--AMp2-SJPsh z5Bw zL#z}0K_ySA`ff@Yv-hQ?H*x2u6xAbc#naMn#h7C~9Y_Dl_#JGezO%3*Rvia;Gjff) zab3%-RLZn}F%2@!*k5+ygK`fuH!Mc#&x_*k>%tjm4)y6c?R&p3`y&y5t_KG{D(2(g zmHd5@u!kuIO?FjP z5y#Hv1Rx@>p)&$&H?Kf~Ic+&cA(z3PGrs7EhYi`|Y*Q<}W4P9Dxf}&%y(xe1EX#IQ zb4FL{#!#=f6Xv9Q?CpJA)Qv;jF)r!DctT!<8DNxbPMjkbKKZpX7wc;YA3>kH z2ISnJ1AqjoxL)PUf;<#!hUUXA@K5|*e(dD3uj6{}Z+L0P-W4*`BGHVPY95yQYgLF` zbei8fG26Hc6p-5u9NhqNdX;Aun!f~Id?Nk$U$?;CrR3J?8x6qn#M|3QhyS6T3IEsB zzpl7+quZWdA|QN!m+&51>JM7&?@*?Rpm49}&$OmVw z%-osYvP#n`rqpMcHRm5m6}d>g;pD&UIE)?71^=-QzvN9{3*G{#+mOGHfc-!3t<+{x zU}2ol{g&4>h`A%ZM8wHCrj3NRsBgXwCX?{G|Eqyb=H0Q9Qf;~{`G$x0WP;5 z&&Z(}3u?^=JK&Cai$8nWd-)$b{+V+2JpQ7SK@s0Y);R1lx>@49DKnqBv%2E$cW80R zoYLX92o70*I3r5PqwBXVii7_+T!)4eCZhuAU^Q7q(3&>yTsZA&_|E>dP(ba`W^bCk zwn8V(7@FkjQ2u@JA~KvWikh4fCSur4y>~-9Yi_7Z@ITT^0IHqTQX|cN55|I9ow?zZ z7FyPhw7{J%`g4S3umvi#Q3)1cz*R0>z@9xmq>~x;W}Pe3UFMHKAhJWisjI$`T7`u{ ziH1XhH_dh9x8)GwVh!H^yMO`rZ+25|%w_`~a5Y#50g&8YbCXyn#Of3`oJl!S zH1Z9#2Gs}lK1Mdd8Iym{Fa0q*uNfRtaX3p0s*)klNkU%L}Wv71dg91z=|)WcP}rpNsA7)<;Qd z>fis*L#B#0V23TQok{)I@AZIUv|$!Y!3J%(1DekE-eLy*&wgsAc(i!npBxVQEBXQQ zvL@&-&TP}^R1-ZGesWb#U3yH*$d?On?O+wW@V?^&ZvDf6 zrqfL)Om{qOB49MDmUo3quh8~_U8^pxCjx*L4B?}Vp<>h$%WqtY$nnIWE`4hPy?g@j zH5mdj|H!v!7wu5hLb!c6SOkGf0f6j`wq>$9^8)285C~1JhkylHGlkVkOw&}?Zc-Kf z&Y?cz_cTSfu_*Vu^5f<>R0$WR;s6S&iSF6f2M-j$K3g6)(`^APvhPj~kuQ7#z&;W| z^V$bqpzUoU=m8WLW`r6q(@XII$Yv!%fz|AMnb^A%D9?kCXQ2BQMxOlxa(C?`1OM0O zmrxe6dUY-q-LY8?Le$5fyTns@wyXNXG+qMIQufbrMMP+X5MWuRsU0_b7UFHDJ6Uj7 z6NbfMzF!gAk_Bz8h>ysAwx11?`bM4xTsm#Rww$H8dwEVR>quSkP+N(Hcjgy>aWj(h z*nie!rmBWyVewI0-s278rxgeaPufR)YrK7Euo#PR5`+*l@h=bMJ2_GLl%Z#8q@cmg z{o5h5bMf=8L zHud440t;xZ3GiLeSKK2DRWGu9K3&hNeYyMA|CAZqJ0}59Hwc4HiA1P-j|OS3kZNBW zgoLiJyj+el>azpYq(Dxy1wnU#*E%)8;~fGzp||1bH=f^h@z|q@yxv__^W`OI63l#v zQSwX3B%{3sl|WBP9xA(kZgd4C2v&oY95*dnyW00dDIB{M?_>G0=n`QHay$-`$O;XJ z1)kJbEU`i&=;X`p^)&!5fw{c){_8;?AZGXpY_^{{ljau|!mKn_ z0ndQ~q2Q0^MF1wVjH4ltJ2pBRNinU+KE^U!rwRLdqqpGBaQxjA*+*BFBI-@L@~PA2 zTmi==-r*{BXcZIO2!6ktBKlSOVs0cG0qS9Uf~*%Zq+X?Po{wX~YVYzAvBV=dS_T_FhEZ&mKdGd@=yx`pxkOc8qE_$ z0r8l2meF+Xu|(ntgU#_Pg4VrB9EBa|yY_R7aW3m1D9p(?O(m5D7?fURB(3a?8xi?+ zegzy7epqmwIcOWK=OD4*)q>?GB^*>U@2q1zErS8tL2H+dk2}a#>T}IK4^Ew^*T~%K zY!Smv%ra}Tlkbk?91qF@%$lX&M?Uop<9|9R=ownZ6K@NGz@rhWjb&rV`HhnBHB@cJiTZxW0D(`1@c#zBJiA6v04>`X#}N6S)U8}*;GToxNPE}(ZH zqd;EkBq_+F`Pn6M#<@1zWTWY@k6J&gqR1H--McD~sgUF_qf$ZWujZoxHRo>C2(&4(J* zEJzAA`S_)}GTQvaf=O{zu8m9;zle&s<&a05U&FE8D+twEv|eRe0R*-WX4KKb15^3e z^-5lHl^QA=AsLrtZnl|fGnziqR*y5iJH5WXUcvNSJk;ey&Y%hn!ObIM`YUbuA7~0Q zE{0n@)5eGe=vG-OxYI|}c3$IJ&hp1tRrnn4RA|Jo>K!h$?mwK@eiv?~VjPk15gBm3 zgpDE7P1RUj#1p1$O7WmO5{LXc0RzF!5>;nCBLwqeE7dC%S@{){J%%PgzWE#04-dbDvd>E*hH|PlG^FLW5Dm!DtB!q^$r(DxE#V&bFL_iBpYkqz+Sm%t>_~aDfS3UaV;-yfHilVPK z9j*0c?cRvVeig@cJnNa=>CEwSB(}4?s_mEF-F5jwMY!Jl6EDBo_|nRiFqe!8lZ^$h zJZ%wXmhG_`vXm`UPj_v$C&+vF=<|qCfApt4T%!8pXIhKk%uKyytO4Nx<#62j{HR~~ zl5GTX5@D&Blvj_r_|04Uf|FgZBEIT4n~bFJAQWXI6KD7;3(E?x5!`G-x+-Vv=jLpD zdZX4Bt+OU;<(HX3HRoQYN`Zcq!?ILG8-;lPjqa{B$cB4Qks9%O%yq z6cL?O>#;!D#f(Fu>hp5gr|~=2Wxe%Hz0KId&Q;!jzLmTzF>6ewg(wQLg3mN*JJnM< z3r1$d_V}|sHj~$X7)5>fnIMe^E@N+j5c&0gXD92qmg!_xo!-NMi2Kb<5Unq{_bN=A z>EbsZog`!m%ij!HF2&b-s=a9(*z>NH49#Xz>{gWZD}aM$#h3@`0;{F`w0!&7K)Z43 z^ASx42M13jh+Y_QqPeOu@A}`D1nISXhDjTg)@M^XOSuS^v}rQVV@>lgkJ9Ysilpn8 zBi{$hThuZ}pS9aPJCvdhr6d;F`=l0>D>KC*I!pl=1!{F)Vz_;bTl=+HxvSflF7?o{ zXD$+$IGUMRggK~hCtR2`X6Yu1MBjNu)tTyGxEo>x+YfP7?H*Q@5UIU#Cp4buX~ld{ zYy6jp?$n=sxjsWm#O9KxJfE5fh*U;Jlwj@`Eh4C%QsXj}j6|k9P2}MqRWb*-5Dt`ip2RA?b zXuVpM=(h8qvQXHuK-`a*_9$?^x%Y0G{(}iiE_pqD%oHH`vsY_x31mgA8J(tyI#u=a zi(hHo);s)gv{I2GW4R)fX;i{z!ryxoH|cIL7L2OZZ2Tb%Ej=_zxctHQOyF^ z-;JM|8G-fOvdA}BH$NV00K5>*37p3Aq)$(PNo53_Qd zIN5iqZUu2Ee1MM$J}RC35%oh*EoLP#Nqm4sLl$$^j3*qo0brYRUJLxs`F*7V#AyJH z70wkto!(&F0Vngtg%t@t-2P`;Sk&R)Pj&|Q9x}0U ziYI_j^0~y|w)a;;IqH#v2f<|DOIoPOux6e@0*~ zyI%f(qM$=*SlC!!-nT~J@gtGV*xs~LU*#ts;}vJ5s0!~6Nl-mDjr^0#8&bhuTSRMB z2RzgsIb#42#^_jOCY@|L`7@VLCVk=)1l^3aWbf;c{_&9iC(u%jtNpYBLl0VchEC&$ z{WD2PT%Qh?@aB455U52%Jpq;$>p?#}1e9x8_P~?FV3{{I019~`B3vfzGk~a}oQHp| zh@A5u0`94V4RAal;}T}T&!k>|2G~oWU!FYxgcIf~nI17x3IFZtE(&dVDXHq|QJ^E^ zSFj$Wvw3+*Nv|WV#1#Y$xw!c9C9h;wJyP>*B0MTLWotVyxV-RwWo$te%w7%a`NrWL z5`oP0Zx30pTB+$x*uFoA8ZcBGeR?gN)W$%XZM10fg7$Eg*Eh5mkbK-Y$vU21LHQQ4 zxU|Ii09w=@G)dhDz|$sH4(Lz0IHm!yR3QGEb3S#Yl8W$jcl@s#!@|peMnm3|il&wN z?>5DOd|ziQK>CYH-7?M<2FLxN-m;q=~_ncfsQ zIVPs>0UgFrlhMiiZ4BTYfx;#qZC0zH03+Mtv)NuS z$X8fL8L{tFx0I|Ld^T)_ygWpP9Nk}t; zbnEsvqjPU@BV}bn|I@wZ=RTnMlb0rcJ>a4UG7Ur^Td;&(V#5s}TmU@^YaMOy*xDc! zKt?(FA5R6)PjkTe54<>;wn%cz`C@j%oz1T)H<#BfzqHT#8ksY=dtJi7=&(mCaP~jz z3H!QfZgXcJ1isX9FZxZ00B)H?>}v-i*P1I88F;$P+myy)Q2!9izZR6Sy_9|!hGFa~ zZozV?R0RG6x{WP|rKcH)WcmqU6jM-k)HX2L=_8Px%%-c5lV|{>8gE;JDK9T9r#lf& zq@FyG?aCJAE^Mx7{gJul!vGfn^kn|Zety7f3~l6;RiYpcpFLUT#Zui=`4*l7GBt?c zh}YTzHb7;6{3$w6s!3a;CHq2-a`wY}3^u@BBy>Ko0`xcKTw=o#Cix2HMdjs+XWyF6 zn0L285h}ig%9o1jy>8mrV6^s|z>7U|Ut5BLvMNm|RkGvuic87~mTa;rjSIqgMy}Lh zuCfyk@HMUpV%Gy}p1z1*3=}#6p*G|pGYk=a_%5888K8-gGOFSVO6+o;HL68 z&tP5bqNzqsf#pC3{{$Ku=_GLh_|92Xwts&-JhtSXCciM z0i8H{%SBaw0i}H>;T$;aSAGG`2Er29lc=eg)xlIwvjnVXh5`N8sWfXwo}y6V>D|qw z!W*}n4mv7yrF5>9$aYct`~2uai{IM{ayGw=e>m|nG<@OlDV!CaK3pLegbH>E$9ef> z{r1n#|L9kcG)l|51hi5F?F|OBy;X!>WNw`A@&0wWi%pAFx-PrJGGT(Hh3(;7%$GCl zOx|5+W4fsK<{*hWodg;o=Yw+ z!mv971^NBJ5pQ(k&}sDX!dDY+Qk)dCF)ny93cc1Nt6nW0EIcw*r#&&3ag$P+GM&qr zlKiz#8@l=UdjtC+P`c?3S%NAPJ%d|+a%j&X`9ML-eyjko@a+5e94eg^1w}N_8dGPs zpiLP#8=TXgYJswUym9}X{ctMptEp~SJ}7pVgeHZOIY#!%wTB7s<^*cAU&VX8C`cIk zfbDQaUp!EFgsZc*bK3LNb!?@r?!tvDKV>Dw)TfU$;q0Y(w?0;_j2S_kDX69f@5>xy zBX}(4*U1Ph8YdiTX2gm0W=2AjsQ)Qfv5sgSo7GlGdQy)SHDv0A5?nIaPf9v=bJM%9 z50p=0_4+_mF3#=S80(7Q<;3rRSc(n=V4vm`i&L)fkKi3r^nGr{T{OR(7bmOqmH%O^ znDYWDS{zokODs1S8~N0Qu!yFE#ifs(qHSAQl}J4KENy4tI48bb8*%fS*ef^v_m*|aS(q+>s#iQQ z%e2qw-TDRG`rCY+qX}@W$pT8fZESSy$*UJhZ0o@qy8CWv)zlVviA@HveCT)+g0hid zT>rnJcTrk!8Xw|x$%1#m5>0cCqo!J|3bT-o<*mWD=alU$?-38-1c*@J=aXv+@i8Rw z1nca5qcC>LF zNSN5X?sE0U8tVF?PEH_gOD4!)z9ps6{q&1J!SF^9 zY^j=DhWVTJm06a;`_g&Yr$akhe37(<`Qh`;4W_!b!aMP?!S_J~lwd{TGfHDs5U&Tb z_B!h>GH$Ld4A0^!{r&QUc6Y|!eq(*vK2|eIpVzUJ-B#%oPZv|dEht));SN*ZzL=6i^1+?*MiE zK&QdoVQ13rZOEn7_jwk8Ok}3G8Sp42UiuUeRK#8g&3UGYBeA z-I=@v*a}}ZJUQ4t4X$6+J6N3p;m^CB&Y(-C*c=U2oyu7p>z&%yhn=1cTQ@{=eAnN+ zeo-{KkD=en|7?Ygof^c7)|8K1{Q8W`6!aW6mSTqzNW&N(-I?l%8&D;Vyr4Ixy@$0z zT#L;wF95sXDl>7J4y5NzUjUofS1dOzv$v`-OdgUoLNBnX_}fyygf)CGa>QW$?f}yp z+8~7F(#u*yH%;7$=DEhqf(>p4iZo8aa8FGB$<+_B0Q2`{2nJhBg2;Y~`&j^OJ)HaG zEa=krj25vTJ|2I-uSMqt#cYBJTW0j;Pu9kmqXC3!^7W(nt9frTB`=9ih z`h9FjgpVotpK6PLY-2I-$af?caQ}Y)ujddThvkd7CDXz6uN>XO#~>*dWS#NP6a9TO z5R3qI4)aCYuz%g>3gjSS>B=x)3+`lCGib4thRq#reoWN^#XYMPxCcfie~OeULY^m) zi9le=!l3BD8_*xNBr9F30hG!^E%?FbR8$DdKV+d&^h0Gu@9Ma~rjXuT{qo^hhiT}o zR7eIW7070WYBvB=QLmos!mpWsJe>cyI{$zF;DUeR@4G5}qRIO(=>qs8E2St|E^Zw7 F{{T0^1PK5D diff --git a/static/images/docs/pr_workflow.png b/static/images/docs/pr_workflow.png deleted file mode 100644 index 0e2bd5d6eda9bfddc3af1f083f594063149bfabf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 80793 zcmdSBbySt#x;DHJMU)m4CB*;?5R{S@6;v7pr7_4wD=ncC79b)hjesDM(jAJ3Afa># z3W$=5bbi;;-#$Ce+57v(_}($jc-KF=c-DH>d}iG9zT%#D)KnB`HnVId5C}A2s8nl--|I`w4`dgwrREopX*H>vhvR=kR6iXCuL$ zp@iG{amYI=7sYy6#TD+voKHUv_!2|=bo6^S%v>ybmb=j0bE(axKpWnMl z{|Y-oaZ-IfL5S&AW&apIf&b=t+gOGvTgQ!PB!T(!&=@VjR^fg=*-YiIjBNay0%80) zmM-gm`yZjmf&#Hyl|};FrRV#}P3PW38uzhWwIPeOo3bah-8QSIr^l*0Zxh$z>^Lhs z`}o)d!R%E{8-d{TI3l9>(wog(CzO<^J6UAi1$fpIVv}lXYwzCOY&y4&5P8dzhLHP2 z!YMt{BJ#|;Lbp7Hyvk$xW?;oiRIk0u>)?dSoHtp&9va%JA_MJ^PD1Bia5*^L4 zb*r%ui*Bw(YpQm3MMXtTP0evXT5aO9#6**>9P_NFhHH!Ma}&Lca(d++?mxf0DRrHh znwhcc%rZW4qN?)NMyqR@QCmx0eti}FNq0y*W@(wKnU%UpY67Zk#JI3$p~eC_wL<}BPRE+ zE2v+%Fh7!#LCYrAq_ZO8YMr0dTvZ%!dr7XJ-8G+(~YiCimJ z+MJ~Nwz|4(rcGB`T3YV**w`4_%6B2NztM9wJ1HrNewVOtZb89?ZM1ZBeR)>hVMk2w z-n&P&d9&kK$LFD;z1|lJ?VlOfXOv8xk(0Yge`)&L2e;X=pqa+7BMK%}o!O=_GM>^> zQl)rex!cT!*D=2L@`@J&J(n+|@9=EeMc0z)<1iOimluSEg%gb>B`4aA*Ln)C26HPf z&JP5N+I;Fs(-q~D$a4O9X-6u0vWVE8E=+7&?ps@l$z8OX?s3!|8XEGW2)^n___+deS{{j@Y)d5hRCB?DU3WS zkBGZ=?;Z+&@??9V$zV;8eZ6UnJ9m3aON(W9o>lFmedH9>&Oa(Q`pd_^@1wZ&d7`)Y zZd_G$b*-{5^^RT4^8PHE>grsg<*qX?*rI4QZ+`LO#lr*V({%PKR=<7Q-ldt_(6=(- zWUs8L8AAP7?shPb>i)Zjjcb_}`fhEct38Y{w68zXD0x{+_0pxdTwxI%PD$s?B8|EL zOdFnU{ z8sU)g-4!%~Si_b(q^}p~nYE`!>1`LhPb(?qq@GZJq?>QO zVZ(-GV%h2kckYu(k=RrE4u zc}C>TUEXHRiSEO5a;$rG_-h!rudkfn>#c#6vOH?)*;BxuR{4DUV-jb zWi0O*HMJ&OZxK2aCO@p>{__p9y~;@!m%_yr#rO}r-fCwP#f9}&tYZw6%8Ad76^fiD z(;btaKYylc0vn>I$TEDXmmGciRTz4|ps zfrEiNxUl}yIx?^L?fDc0_iN)_n*5Psc4+^=SZ8*l)LdlltIEpCrMXF)PbG!)mnv^= zkZ>HMms?Lk5x_2?MX9c#aTue2Hc2Jq(IYk)kL6ycK6W89H5HYBaa!DA_}OEFuEMLs z2;&}$-+8!BAU@+}hrCG(z&I@A!1=PdPi~~a_`afaEy-Ac!?~Yqfi|J2NF1-DM_sVo zSVgUcQfjRmb900*Ro(Vy75zFms8@Eq5W~lwt|jAw3E;0+)6k%zs3_q&{cYu_0HMb# zo7-QJ;p5%;b;2XqbOyID@Ev=hDyd z3MseQ8iunrHkh3&lXv3=hllGJ^c2Iw!g3uo)0)R9962~RuwP^;+1b4;p}RBk)Q{sK zm8<*X52^PNJR2HBMnj6IMx1u!PWM>rn%wHtFf)4|nIF%4=Hy8q*Tg+EjSQw1TcXzY zFb=d4Vk6L;#wUXDi1mCrIZp&G%E`<7mY0|NPa$Br4o5k8)61+aUp;rOOXC|Z)ExGWTPA120()2r>=lttLV1y1*tw{Md$bu!9Vi-zhq z|89Lo>1@|?^>}fIk->q1f$?!GA(qRRFE=+gw@ykgE-XAtNT6mBs_E`tD&yEj;BSn* zaNTY_VS@AMfyV~|1HOFu^2u|}o$JJ)a`G3zpJE^)Z{BY4rjs_SGY z5QMfJmO60vQsEXttWV__l5Ja6$0I@+%mgFmt8#ceg8PFsGJ;$OYp6*R3n6ExE;;_T zNcv~>U01)*ElhBRzjwe7o6zGe)H>u|j(;D*ibGFm&mA$NA<%OD`EtM04l*HL4_VeG z=8OT^_*Z}R?;%qsf|tal1e)hE(i_&Xa3S6J+t2^iivOK|WJT@l>`2`va2>&{Vd5UG zo~2W&U2yOECV`U3UUX&Qf6tK#IlFYpW#fbYo+IC9%%1u7A>Q5H-G_cUj-sSX!o;s*1_WE`Uuk4Q@>ho& zLe3g7GBP52?#?B)Z{yQBaq^@-QmeSQOGu0m38*M3pCDbpKCCQSf-r$R%57$3XmqqY z%ee0L?b}EqUIe~4LL}WJRhx0kmM_D@PJ=ZJTveptW7#2qT)4l#e|~yJfMt&C>+?7jooBsBBV4xXEFCwY=Sjb*ho`%`e+L=Z-dVU}{o+F+O z9I^3S(j^v~FP%Uxq-MQ^mGwY-$>K-(_XinF8bjnfaeVh7lP&kN z9(+Hg-faEE^;f+p9~BkX!{A_Jvh3G;-&9qZxt!~bs;W9sC|`#s9%)GqHb1SZ+6aI| zG;e>H%V;{6aD8Q_eX1OJu_iI%u<>2Ju%ICIQR^*z^j!Y= zwLYSJWmZ>sJI#*6SCGG@Xr)cf&V~||j;GBoN=ZtF9@NglTuq90J(Ip^)28I~bSDROt!o>a-hO8jM)*> z1}0`^WHnJ{*=XU;KR2V3;G9CPV>=9CYEp;Xb%IjEREC*5@IIY&gYF_2l5zLI1mDic6 zu{3*yr?p-*7mj)!A7Rn3G?v}Sbg~dBex(tzsSO)|_TC*vFFiE=GBB_;c%F3g+%%*< z&u@sy$QY*UVLEGHx%PZDDaJ!*TY>wM<7ivjP%V=G7a`6rE?b$I>kiwLujC!1-?3v~ z`xr6{OH)j)BwrNN+kf=mqGR!wUkH6|B+vuQSW==V!n|#pfW`lAT*;4DR8t=^$`;RDCaookEa4_f!9Et*c#-S#wuMdU`Vxf# zm#QcWo66kX3bE3;y^-~EGM!|Q(<^mt#R#hC>t|iLbMV*7TwjEig!#uk4hye*sO+C& z&LADNcj?HyXd-3zeD%i<+^)pss)LRqW}&rpdTIg?$jGBjxj&F~=CFr&MqqLPVLMIq zER5&(MFT`0I+RgVq(k|Xw-#`Fd1VD7&+A?D8~G}c!e*Y8gjJVNr*3zk&PV6ib0dS> z9E?^mp&iWHAAP^W*rienaCjxB_vK|j`dvqlYD+KnTy1Ra@~&n~E6c3|0I03qBBvBB z*=Z*9b!aFgG}Hs>yWDNWuw%C(x-t_d=(3!9bi?rqsi>&h4X#nQvckSHS55@t=dS+^B^XAP(j^p9n#OFEJEy5x zA1zfJ7bkatGpEhKlmrL&JODwFntJe7rNFgsYDe#`HAqa>I5F6lv$=k~FtOV!(Z`ae z;^hAe%6SlO$d_y0EbmcfsISk?&K~vf;TBHLmvfN-(7 z({0|&BITMxANS&g1!6f~*x5s67^8)N%Tox^P|i2-0>vF}p7( z>i9DEgg4(1v5yxJN2mcH3|2MIMDv6gfi7S%IYw`{aB*XJ|o zTV0k6Ng$V2 zUD5ZEN6)5rmbn+}#eX_&^*a=JczC2ai8IO}_U_N^Wsu7%$?fqXBOko^-CZuH{m`WH z)2SanPAMyggj^`zXov=sSoy^9g2)@WvfUi8BbS3WtVI)1_N?f^ef!jz-dt0;xnD>q zCoAjYM7+*KrKwBo!Td9-s*j0aRt8zR|BAm%`?$H~^<}X9yF-Yn&C|X;*(UWGOwX`< zqc#m7Et&izHNLg0LxFh3#ovcah#IM3K>(5yo3e$kLyrw2uPoMic8wb5n0+X67`-napP%mp2F-Dz zCwY}k>C~y3JB&Qo3wLtTfLW%ZQap9)fsEO%y7|Asp;M)=qlCNjZDIs3%NIM2>*SaT zUVPdzln>sHQ6IgYk5>63OUD! z=vmMoEzReLO}V|e-^N~8LrVTlrTT5P;}H7O^5N+6!Y@(Fj-B4lLm}r|A_{Jhw>}qY zDCe%Iw~L`C(7$=}1}J-(bM=QGay}Bb*jMiP>ubFnB@)=nm(p3k$dY+kfvYf6^S_#q z28L+GAU0XF@A}zNI>GfDUj&&)dMbNGTn4l`fneh~SKP;rnf(0uH;^+oZru3%`7>ga zs^m}a?Bccp+gL({2nIulSH6o-`lEflkX#QKr2lnL6P}gPOwB2_Rxc(3%E~ z`t~}O_ipwQNbSSLF?)VoA|vPk+f=x>vLq`TGQZ#a;~^O#F9?4b@9=NQ6aDN%PDll0 z@hZ-|-x5%^Uf@2>pUZDrWi-0eAG9+N)JUHe{?3tX)!vx0i9iWDzu?Idd$N`2TjFMd zs6rkE;e1m?P?zIqNfyCY7nsQGRU~UNpPd8)!8!o+xU%Zydo3oXItV@60HVV0%X1{x z3#hO6V*QOCwEX&9%+HaoZpKxX_(WWNkV#gs3BMz>i+|gncanG~7DH69II_o*z<(ci zRTe`aeNY?KPwB6LyBdHN_aXYKm0X&T?IhRJa>??|X7F@FR6i$oKkYL`#Dti`< z^;)`lO5YTBQD(;PO`k|;qas~7fyZE{PoCto=2;iJiFA)%hGbUi*BylL^`zgve`@?7 zzU0q_FXimg5Zyw0LwcUEof@Jlq&M_y#>$0vK8N1W|fKRxJK#*e==OV-I9LG zo2H@=P3mC|>e3WM7i42>3fOn$M(n&uZsv@xo49#uJeqWaEuGkSc556*R|qlTX6+{u zeD`h<@mlgnFn?xy*21iE`~;zg2j5BeI^{2Jgh!vit-}R&36BJN)5t2|iZWdgOVRF& z3iX5EOCmIp!c1 z{y^N0G;?~GafKCEfB<6;?Go-`V?6nL(!`QmpP_lO>ms@JJxiL{iQ6q+GGrmce@7*&B(zq2IVskIVADf~=z3cU?WDQBo zP5;fDjl^BTUP}rFsx70`%`#pT6$QevNBC~Zp0FU$WVEF)=GRh8pUk6}zA~VBx6g&F zX?u$+-{Ch7o1R0Di;d7xh`-Z9VBzZC6hUNCGrdBT<#hDBx&F|30?Q5}Ge5tUY!pU< zU0~h%*ms{_ZRnx9LX0hQc3;<&W3~{fY`d^-#M^TGi;#irjcQ-TU`D%Mf{`yV%aMb` zDiH|%yXMEY=T~&sQ&g888@Y9?S^lQ!K|-Z)ryYLC)8y$1gD2D!iAH3E{x3Cc748ZN z6od+8fxiF$6cc;Zn>PrEw<llDuO-^ z9O8!$9~vf9ftNK1){<07l-jnx0YveqCNmE@wezZCp?E9lfOr~=in$Ci{KX>lY z2Q$mo7n*3xI&$*eyLZ#EizjTm9S{)8=+gZ0<6t;GTxe2#e}~-dA3uHo1=sk2u^&7R zA|u~&^pNL5-Elf8aGrk=3SrXcbaaYrKfmITa-CmX%(LvY|JL*rl)5_8N$D3V+$u^+ zdf6t*r%v6DiRpvrX3@JlJM8U_$3{M-e2AM;M^!h2GW0X>%^` zI9`CoBipHgU;))W6hxS?XS?^L8iUj+3j>4QkN#ss_PkU*O7(xoh!iX9 zX1P0h-{PU1xMN5BCjWMB!r$tG+$Gy}W*_bC?Pn)?Q|XGWpMh$Gvzx6kTS5TdyC zRGP->Q^`Wd%ggo)P{~w*WPzEG_0WF-)(Vtabp|VbeHs|J^Y;rWQ?inW#a_V7S$uG$ z?Z(yvS|lRAjrNJl*vq%jaZ*xJva_-V!w;3s%kf_^Hl7)6pTw<2t$XO@Bv0|v$&)9i%8_A8*h44Vt;eO3MZPLsg)4=SVWfAa!xyDtnq29g0OKt)R%5Ev+9+wV0*e=qcK-dvsI zd8_+BJ3i5yEx&sGI^U|>5d;t@?VC4mvP(DuZExbzO4l>j`grif3(SWs*BOgKHU@?u z=mcS53vIeKVOvS)#Kz-S1P!amwaHKVlh496tT?EhkB90gR;`H#ax`j!aY~QcTdIg*Th_iFs$%5IC)a-eT^H*IZm& zG&Nh>4L$idA9CsXcR}%ODT^?%WXp%RQ)2`%V+=eIv{$H0>Xbjf+#~g*dR;^4b&k!UIWg?&<&5i@lPaF|mS?9XUT|4?I6K~b{ zTxZ&asWjv};^PLk#lq@rqEgTS;76qcs!B?aHdvl_8*SrLRaNDxBDJ$Fei>BqRPI0PRrWuIQzSBhm37qg(Lf({|^j@ORvCoYCr=`rPXtE9Fn}E zFPG2uA}P=1DR=$whvNZ#QphbXuA}}a<$Ol%OI2XYFJCTce+5GjY7Fs9`M?fnroB>! zi_g7Sb6@R*Q<6|BAl^Li_Jdy`nl)qfov$a=^dX zyi<_)R#|H2v17-OW!n#d*u3%%WT{TdVcoM3Sr2TYqLR2i{{!mYd&j2geMg=Rjq%b( z?`-dX!R)={XGd&#-09|2e2YF%a_SV2ybrzS+EO1VH3hCJ;9WX4v7O$Ow6q+8mrkUm zb)@If9zWEzQE`k`rGrCQ(AY{qDbH=Vft{=B0oQThmO_ix7oh6ep57l{$?Dc5UY6{d zV=&9Xd_Lm7I1O3VV`)5pxG|=&t}Z1#eVZKbU3&~4J1YxZ0D6?v)Q_m3nls4_e*L=t z?k?|d0FE#a3?4_eZ(nJ7vohgy@JJ8YjB*y6qo#z~fteRiLPGYM`u-#NQG3r6Hjdb1 zx8957K!r@YQB6ge*koX0X>FMpPn1ln1`< z_iG4v-nZ!{@p75)2=PaMCCM642eKyEkQy`y+#kW1<{!+!l2tz3s|dwh8qo$_yqPQ7 zeYW$wp?fY6Hv&!h%D4?Sfh$)c0nyT$*>cZGKvP8MKY#xG@Zew$x+^X&PBlgv6lBPu ztt02;!g_^go9#CejRm$3Ze2hJEG#TMefkt@EoXVT#g{~OW;aSR$~ikb@8RLuxN##D z*O@bC@VQ~N9mPw+;7GgmNm%RR#ix4K?diP(finD$v61RGy04E+fyqWtP@R&2p57L- z9rg}a7Z(z#TxRtLO0 z5LYB7OM=70U1!HSK_rA?==Sb4HZ}FcZa!u0K6l*xuP}S4d2WJbBUcMG%ons=-iyhj zR~x0y6B%`0IGBBV^R#kH@h!#~PT@k^&o}kH^%Q1P*UR0$_}cfVPW6OGYhjA3KQ&oH z-0B7zHZfa}jc60P@bHC{D_Kl(pl$0m%&^+;7f#dpB=kBR+hvWSA^K|3r!X>-tEPZsT|9TYT3vfu$hR;tT^p$Ok0?)AF=ZxSw+`VIVfZBp zki*|Hn-?3~k9pq~o;TRk$w1?LvuW@_nz~_bnbX|#w59Pe_Z-CB!<#ve+9zaYs;N-A zOn*?oJToumV{NT{%6#!*njZ}-w;_imb!o>$l0Umpw!>%}wm@nQ$qNBNHR{1IB%vQS zD^R>vI@H!C@0IiDf*HUnt7_wU{n zUSF^`Hh$(R9DLP7C^}2t&GAncC910~?X1EyKj8iR#fxw$H%I8%nbKxyFLnHU4cJ%? zemE?4(XFLw!sy8dvqxzd)D+{EqhGq}%sLUbx3;}?PPHnHeEW_ZjT2#d7tD_f~z zRGmgVi;ay%FD4pCyGxWZ@v9E{fLS->WqhI^coiBfv zbP^7s<;_)a0STIaOu)WboBRohX`&O2g;C<`k5gHl`8I|Qm+l}VLl_+C^v)d!eehr> zsGR)r6)SkYqQo6s2ZI#0@#{HH4W1qkF*P=RQ(f)r=jVis42#pyeI|r{mypmkgc_0X zycV%W+Hkfk;pqf-`d!#IXgzCfYG53)MBtf8)mm!0XK-up{_c2g$BnP?r`=0h|I7#W zo9*CRGA>SewYWVnm*z&|rKQ>NBPQ=*rO`(!%dPa}K~T`=$w?cXSV%%3jz%zLk-o~w z$svy9V^FfsV3XF+(4e4U85|$i_mhU)2Ac-Sjv*hf{;A>c!Gj06xGJY+-_g7~tn23N z{M>MWii#?wyCFQwvFGN0@(!Gvymh6Wm{BTX(efNtfra^bXE!%i|LTs8j_K)ZE`cY< zlTz)X*@dKNt{ZL<%3N{^<(s^>XJ~l1-IY#^>x79(qWS6O;ziYPp?8i$IxmDv+oz!T zGo6H_Bf{=l=rkEU>!H(KsiW;tr$EWT!lI+Coy>a%{s}hfv&pwEicD0B8dVSqjRrWb zhZ>JfJRVQqe^*0Y{i4W|e3N<>R@N>lv4DrdqXv9A155-pyJNOY18q%Vv&Sfp@}0;M z`2P)d}ahWh^*qSsi1r=u9Y}#*9%$R zelNRce&5|ovta}O$fSL89-#3z)+4CuB>nC8=kh67e2@+f$9S&7ba5Qh3L6eA4dpJs zOt`!&jnquzi2ERiN8Yw0GQaJvPmBYdR;uvi51n=_H}o*S7f)KV-Dbk`f}LV_?TE4J zX1zr-lOA)$@d|<4wr=e$yvidWAONEwKmWuXo@m?W)M)9h>NI^e8_^GgKN1|oRmcci znb#|jxINk9x9{Bpi~xkIw$Uc;J3IXKT56Aa%=M`|mabSdG(Fc=!q`Q5IOM_2t56bR zgZ>53S+_2_e|+xvLfxU-*!El$iGMOXC?Ckd=lL=hh)wP`l0?KgO0G+nE{()&dA~nj zv9FEwj`-N4__yO_jueh|zrQ5bkCfeIBss~O9#Ocv+_Rj17upX2f>~}4H+Mt0aNWBV z^6&!4xOgRAC>;GS#OD$$W^G{;)yv?u(B_p6@c8(UVcGSCsXw@`AdnVm98Yicf5cCM z-OK+Cyd{q+4^LrPt3DApmacl{OjcyZb?l{ZFwP;@ZEw#<*2}=a0Cbk~!L;tqD`R70 z1X7q}e$LL)g5%w^>CWA|*v_}eby)XWH!B2kK)*(E3djI_mOI4oycLE|L$~qV)s-c@ zHm+X}t;rND`$#L$hhfA|#{C;m#?g!mox-mek*1Wd=4~l=Q_-I~8=3L8* z#(jA|E&Uo;rkUG5^o!LkYGl}9%z}wSQUaSI!^B zqe9Qx{$qOIejlol^^*q=VtH$^q42Cpz~rhetNa+SD#50a9G;X13Y#qj(3_-L1z zBzwC4rI{bh^jLANdy$%U=l=bi)MKkZyUftTq`(__;wg)e*#qr0J_ra7lb?E18vsA* z6n;%ji93#&b$-JpNVKqc@0f{bnP}Xy+wyW!ixoT!&!ltE-nxOrRVO4|B)Ho(u zzEJN=!+PZl0%Q7203&G{U<&C4+`e7&p7gptnwCEp4&=tPb?YWBlg4Ow_%#rM!yXu1 z|4H)PT6FqMO-*47q~bz;3OiWBr&`ZnC!#mn7bFA~f<5PX5Zs#c(wr$IU9{}wA zF91!)B}kxbg)VOc*!z&%K|HkT$b5<%cj^PSPRN9mT>mV(QwBvwmN<-RWxqJ1sMwyS z>jbZZdc1rX$Hi{HbK+1^k@l1FYfOEo(YAVdKM(@ldlf@556?C{N=Z%*lkqI;q%8IG zYkhJt{z#XTmZHs!cxIAnOn|??J0A1;_3PgB;1rO->L6o}Sz9(;kUsL;AKa1Z;FtGt zHPvyNsoNv(xM>6JTtT^5oroTm4CW;;?ex!|<{#qTz?%kL&`66LHeC28u$Ga%L7&u+ z={vVEMu;|h1(sh(62NUXZK+}9<(^3YhenSbpS*guBDn3lQ1ngMQ)(ZQSPkm7!x`KC z`IDg)-@C|TbZ(WM#!FYN9hr~RaKK}L-3JMV+LB|u?q$!J_*_RAktEs8Mf2#+4 zwO<=P@K0I$>xAJQ&U%=cnTa7XEV}m2awE|SQyS#QgSzPGXp5+kmsuj#?&Dp;+G&+W z(Dl4K<1ONm4nv!p=+ZcTA z@j>l4kId2MFw1yOz2mWm_41!>;B)DO20?H*YpauM+vGs}z@&eMQqW~;5DD=g5xmw8 zwp&77dAQ)^>KY%oZVPRHeO2}gU;QWHf7xejX|lXs<4$?`8kQl3EFw5~cQKOU2z>9L zVOa^9>R`P{G6P`pHjE4}0gL8IU^N^_8UOg~UZ);avqG`MXrc;*+Nh+{M5MOMjC&c| z&8-1!pHByKn;%SejKu?D6R3Ot9>8{J=pCKV$or>Jx!t<#bYnk0zaEl91~&K#QtO}` z^0Xm2ZS62^#;$z(Z`$ME_N8}cvpc+wq%YXV$60!Gv67#&x-yM~y#l|<{FIRz0 zu_MDOmYSIO6=@i#i`C^{jeq3*Up2b}Te^yR6W4wQde#gf1B;8>P?J&tvpfK_=T$p&}9T1VuB%DLoJyUa!)(MCH()6YWGXu(4L?^%d znxkW0$v*EhQ6DV;Eii@Q8#3A2RjR26d%}>^yd~R3qJ(i_S}tSKYP)50x}Tqdg~f}W zgo1*OF-pnlrsMXN)5Z7O#4kIUT1{)sk*9bZP`4t2IJ2)uHZsIAQyf7eO^73Tn(Wc7 zU8*m~Nx?OtcYt~;Y1T}|i*lU+WBSJcQxY8HDsyh3GF>lksWN?>ZUCe2h~R<<_KvQ0 z$j`25VnAy~RNE zU23j%zPZZ*-@okM_-W6@<`{JO<@_U<$WjQ_2Qo@NCaH2_VZ-AIhuvzs=gQ;jLVNZM zA{J9^I|y&rRKCosSFg5g*)lkJ%dE$cRYG$kNsY<3jv7<_n^nT%G)O{dAFcT|eK2+U zczdT}8o;sAB@y4=aE9ipk;BtEOda)HOq~GgGy3JnZgL+pU=gbeB{{^8u1$uSM!S4} z_89sNa6lwT^$!Z1B#Wg=2zXEL<*#lRE_5JCMODR*wbi~g3`BJ1YQ(Ui$HFtE?Rc2p z9P_it1yC083A+TtZh55$5i4MMOt~`94OE9pezcx9+{BfYolPvg8Y3}qdh}Z4I>LT_ z%79(E#bT>_Qup!lIxqix+e&7B7Nq`RU66yMT-Vn;8TYi`m7Hto4qGDtbJ!;;lEVf0 z+3eI*R%G)w78ci$mVMRK@Baa&p?t>rOr3&_!@SXBx&dH0)BE_DPu6koKL7of|E+D@ zs|WxuxO`;4&E3hV@vbJy;`L%wP{;fENws;mD(RV-dA#QX*XB_=qBcq=hlO*9kIxDy z1SG=Z0O#7g%-S!R_6)-e-Fq;*L6gI!d-?hK&{P_urH1Px&I43r^fsNgww^#~0KixD z!-pSRbjv-LE~T0HH|{OqnpoRFs35VYo^B9M?%lhme4bR5gB10^`E-(IH~Ru}dKTMA z#HZbBeyH}rz7FNd4SkW#nP}}?SXg*KE0tcZ3T9RX1<~(qlYM1kbG%RYksjO2lhjPH z%hlAF^jIyM$aa~EtkwD2+g^dKDNCN&_B*4q7bLEI$Zs-!|IN)4JTqH0HJk&%if;N#1 zJ~=EttZ1!qPaW?eGvVY!dr_cA0lOMBq;~Ud--B(hBtj#Ss7aRD1;>ElnK49 zs_N*V%GIAyxU!dyE)b5ly2DVZ5bSbNU0`@aUEbX|RGDc@i(^!DbaQkgdXHbMb{ut# zXg1IVVGT3ZK~8-nI7Nm2XN}@bSR3~;@1E=GEHyhLc7Z=YX49YNl~S#Q2=zxA*?RJ* z+pMLmtd}G$MgvhEx%S<-n#rAIQ?&=|8JlGbuYK1jl*D{N5!v%r53st(UXCc69QUPO z07e^(C+$goetz_q-aiqS%1m|NhmBg&n#br&+pZv@wRc1q*4)K zQ7pYBl`+(5eVpgYlxV+!D-Hn5Vm{c*xpK`;#<^h-e#g^yl*eorgu#YdTOnUaE zY9DE~>;<>%(3At`?`rHdgwW5g{gA9&>3RlOQNFAQWO3MP?t4;uWyZ1y@`$nfg;>&+XFlQ$cRO@Rrx>H4z|odGams0KrIAv z)CH2{f}#Zs-#(N-$at<|Ui;AhDGEeJk3hZSNFpFQQnM%#t1gI3hrB^JU06|En|~{# z)C~&fF%|N(NkD$RhPt}C`g%>KlawDowUXlbR%xJy;|kSJyHeTjF118j$t?f4l{zxg znu3n7&zpw6G#Ed%vs-$DEIX+Lh8|t~Yi{mw9pE4C3N3+24ixIr{Cv#}@BlIoga?!E z+J~r7y%QKHst>C^ZDA%{3uxT($oX=e0^6s*nF;29swJ%D{!>WUI(bZluZ`B{stc(u zF;;ryQW8Ohp2wVlvuQw0Pp`K$iCFKRk*e@@?1uyRo%@F$~B^P8hSZbRQKeHRd>&rru zRxg}BdGZZ1#-XeaW+YmR&Fj#?gXcVxxKW_oD^a*}cn1|1Ade;64*%RvX{ONB+zGX- zdBn3RB%?CurFugRPq~lP`!YYMRIgo8sxz3@$6->T8>8d135FrLU^$<)4T(Q6S zuY!iSmc`LuRT^i`)S@Rq@o!~kr#7nsr~2ny0Cxbt z;{Dw2j*|)sDfur`oY z{Snkv)d-O^$WvHAC=N%!jD&)PJfrmts&=LSoA7W!*rmNTrx)>Uhrc`$0&o)JpGv!P zEU3WbigQk&Tq2ptV7u`c+$50%Z3 zP!Jy6kcpyRCC;OF{4J;FeOQK3XzDQXsFP-f@OU_n*;^dOI0yC7h;6Ik{VY8T&!({$ zK~1ip#-pUP^!4l4SbT<{AK}LT)hHt~RkIrbbQA{v>?KMeUZ=91Ei|1hwoh16x1M}C z`;OqLZC2#GuNSzTbf7_GWaMaj214^9a$soLrt$Id#Hc4!1tPzbRdU)RrA=mG4zCS& zgl{uAL-t!yaQi_PAXr>$R@hU+NnTvui*qsjy-3zqp}h`nOAX!b1VYdHPL`(H>K2Q# zE=mG{^rmKd>7FB1@C!0j`n}JmU^C(qibykc#5$e0V@cC--p{fo~qTLaYcC?>iEcabz8#-xnT1>nqVBOWHep({UB`n-%*@ zJ-&sIz8lfM+9o?bvh8;L&4S#R5Hc2-=pusJMp%&ZT0EP=!?*~90=nw78#?qppBv`6 z`Omp3`;+%<9BA{>bS;e(xJDCudSGgU86qJIZH6i#e4BhKnF0)WSLX(fs2Ri%gw(H3 zQHa6LD8&2won9G%56-zmJ>`ccNZ-Em<45K#g|>McnUFfQJ~>NJ+6~VE zm2`p;O+2~RHW>Mi{rs{%HhEw(MF%{Q_{xu$97Zt1&hyA$BFOIMf8r&4h1k!`Vsy^e zoQn|7kH_sMWuX;h)bs=q(l+s@MltDP%SKtoH%-Du7;^f!%1O(5?~??A9;~Yb7-pXm zW3^z${9CE38Z+7wicY-xBYZu)T=yb)y~!*Krnv#*=rFD3o@H!mBZbvOT9g0T{Juf%6b zar&RnBWa>(mh1mYy8Z8JT`zj-9Q;>`^o(B7+ta)xup01(-=&~`{wZ%V;=EMrJAcQB zz<KoKPdljUOfXqQ5!|;v)`!@0!#i&g1P$lw^boAB?BY19vi6=J#2*NRu}2 z+mdTVES`;Ii){&5kG+5m{gnD~E?!A`3!u&rzCrQER*dl5Io%Q0-Xx5YRzd+eoS=8K z#nN@PQ1cvabg_gjl9uoFK1|#fX@un_ z0qcI|Ya!llj`v@Q;&_syS-JOij|)?054^uvo-uy`y=z7~=7H4918vqf?4%1Qr0G!z zY>y?0zy8C3{-1pJdh0*>PldjUV;T{Ek-hjnF?Jz!A<;g6#(MlJd~k zujvvAP7o0tG5)z zI%Tt6M8F!n=qM?_H77M9qsVO!`*)|)w7RY*IRyV^1kFEGzHE=$HPq7}m%(WhsBL(41;z<2e3)+NtzwtC$5rU%Il@7#krU`!J$l$3$_$b=f1^%RyN>&~o`>P+1m83B4X z@YjDgJt`uiHA^}wCQ()LZz$}yP4Bn;b#U-X;a3nWL8Mbk_+m;01qDsgB(W(aZh(Wc zF-FEF%?7?qkO-nF+35MM(d#HnC9Y)S+?hPdb+ArkX*J@+8=UH)#K|sZ8>_cn)H?Fu z*}v?8c`$Ki4AFMp2zi=!?04N7>uzjeGEfSBM3@fD0bbXf(rDD)$#z7Hfdq@iQSD#2Nll$3bW zgT%zf+`|WI%->dsM3aE>!)BI@-NeYo?Pbuj2|nmXpPp*i`VXlfR;_)ARWDX*1=f za#?!Dt%v)!9N(64r&9gV=`TYfL1w4aZiQ`na{E-ZlLGx8Y^u_MAEBNHPdBi61|I--Q-vU7dR&he->bB7~x-BCmQJrZYVi15J7&nNAIp+?AGxyKhG{ME{=^w z=6(_G1586rUZ#eIhMb0g09pen@Q%-}N-vEav6ey-n6TzxZ*O5{7Hf=iV!kVdE0%ez zh+Cz_#2A{I^6* zz3faucxStM^Oo!<7FWs$I%p7}3fD)$MUeHxxU{4Mf~qnlwAX+;cQ#Q|Ux)kWYh#Qj zvN z8K5|}^qqXwVZCYd=1Uu2@`judSJ%}gs##$~0w`VzPt)h>)T_ui|L|Jk3FqDG4I=yF zowhcuPhUVxKv{YsW*6t@w~=cQtPU8jJO2LT-@f&48|^EXiHcpgEJt~Hn$fvvUmO;aI1yy#g6$1(HcR2f#5GL%Byot=e&6pK7T`lPu3^;QRqYYhcg$4hl(2OUui1gtYGc0LBa;`%^?! zGc#U)V+hlvs?4VpB7Kr5f4hB~l9~CjudgpWX4`cF<(|g!sVASaq|5AmL&QM$0W;gI zv9RY`nK8fQlAgOvD8?a9+~OnQ^cwp5$~@QnKatXx&FGj1I8p%k28uNf)3r4qWd8%%U&c_VH^5nBgTjYw0iolD3 z`-I&YvTy@&96@Ch7at!V32lS*>Hhf99tuIA^dj%UgZHb;d>z%niGPD}Pg7gF6Zbf` zKO`oGbNmLD1B5b|6J$h1AFozXb6tUxYl{eW+lm_(EMi5csqal1&z_e4^u&aRCkgva z^Wps=wY|MjOYIQiKWv(1zdq(noes_RW6<_79oPcQ7Equr&a;32ne*Lff5*@IgY`~7 zHnqH?s=9UaCeCP6Ow!fSscMg3pe;l2ZYJG=hK5F`uTp^$Hk_93li^+6-JNY3V7u>6 zIQ`hm&HaV_I$;9#BRLRSUd&N?hD4R2s`ELUjn>lu19gzqhv+-p)_%bG?`gA7#Lb ze7u8_PsEipSYIJW0_g&1Zua>CcB2nYs+FEgX3Xz~rXUzXRl%WN6U#VE0-c1cz(?+w zr!Tjp?!PTdM-X7ihlE|4I4 zdi3OOD{+IjDto3&It1_%R~|*?W|-b_dXkup32J@8xbl7Ez@-O-m%?5{GvnQJGwp^l z4kPDqhyf-8jtU7mV+=L}!sEeSA$(APP_5g2l-iEm?dHIa3i;228{Xb15hiqO*Y(uj z^oq(>h%&YE=}u%y-_$AGMP$X+5sY-{QNif{a>lkfwnInhqV6OnpWDs80J3@HKTKgt z+`;ciHh0DRlM4+^5|bQS zjWXCiJLk#i(3vZTT6166$Hvib_8^~P>F1>9nj0F43f&{hKOLQ%AbXV*7f0wO=H-d- z^IL;r1ThVMd|j?Pk}+`m{QLHW310S{?|O8`7S09%zBdr)BX~U=?xEv@|9U2Bls=0ac zlP*L_^DW{cB97o?paE_>+YQSWvgj35+2ic0{M_7^>NPNi;V_o|iHU|#lvZCTyMC1G z3eMNNCVAT3U5YCqH+KfH#+yD&3Fi*THxDCC-M4RF$u^u1vyF*~UJf22l3NGGsT{F8 z42TrXB}a93+h^Krx1^z^bRlMPTAH+D#eoXEwg^qD=P(k!UBt8dL$1N%KnnT0h>HJt zV-KaKqf27MPMFAuhv4>ZX>I+mq$Vp%u+iI$S{Lf5A2TyUZ3H6**Q?#9EXlog%UaUR z9#7NCZbsEfla8+_clW81E)0u-0S6aOgj|BWVv!qual6QmA%C8W$1Ql0)*^j<6CD@l zCRKSNqoSU*5{$HbX?K5L*tU-FgzXX@0t#0m$ps_fxhff@#mm%l_{(G;wv%gdrKS2; ztUxJ0Wdtz5u|2kScIIYgI9tn?tXuXJHsZ8ANEvVjQt(k3)l(~5>Lvsc2=a1hV?6R) z3>@74pwKWZd%dY~N(%~YK3W{$=Qn^thLDcqf4*O!D$Rve;a_${-*g;5_E=i#oxpoI z%3)AI5*->G%m{~~xdb8g@w{61u6pv_7c+&$xFzc-X9wVa!9u>WHaa-?C?w=fK!HF@ z=Ec`wzptoS;k2QEfBJ>LucQ;YZpAgn)_Q3L%+SpO4?q= zK*;lE_5S(ATyoncLf$&kP%DNWB%NF-e(iZgL^qR2Bf%HtpX{3h^9XfuVefxH2R6t;@U=iq$HlryNFO=eRAPo`n3K6bnGz5_| zzN%}p^$cYX6;Gcg9b`tyh1?2ad-$^ma+5*Iw?}S2J&;iS@}j2gtDBc!JwYhV6fBYt zH2QXXM%IXimI|Sf&>;{MpTjUnCfkU4LLfNGDMkA4WF@@cJdifdRu=L*bSG5Kk8${( z-O9FO3S@)PaMl0A*LMd}+4uh+DVvOvnUPeIkx?k>P)SNVJ9~?)?2*+_DcKnfmAz#~ z5z5FYJ0mh8RA$2Ob#*`U`#jIjKldHZan5x<*XQ$ozt%hC{b7C@lCWO~&<`G(&o(59 zomKcrf8tDaCr!@Q3SVY>`)dTcw6cj_Fq)B6{pY!-l~m0reI>EOlSmfZ9@HNWO{b+K zlm7gB^r1}jEtV~$L|WoS`BH?|w;gKtsG{JZGa`Ve9n2=yU$VHF4&YS6xpHIr8cS6S ziD})RUw&&LoXaazTYV;kwBgThw>oz4b630)C~%>1eYuuYahgYQFl;sym^{?oMaGZGy3}K6B*KaT$dIBOGeVLue7Z1H*zo60YSeCu4fxb zQ4!8&Id}7@nubiqs7M{M>3cQ~4Xq z8rPZZ*0=AI8ef;Si}+*e>KQbPLL`ZVcn#y$cb82mo9N%~UZV;Sk)+8pm3+h!x>nW} z!A+7*yGTq}dZbGGsqL?K@Cdn*5^F4u8{aIai+(KRYmB?hfFwCZ)y#8;hSVe#!nxDP z!u8e@8Q=5xuo$Y3Y5$xw(H;R{A>=P;)6i~7>1)Da$H*VicJ|f*hFjBIB++B9Eo{CU zXBPSG6}v(b9ZIKAY5rBcv*!eyDp+vwLp*y=c{Y%4 zGZ>ReGnM`dB!fNDM=n?gwSPVm)c=~M!oO6;cXO>WrLP|A3EA zAe9ISlpa3I$WN3U%tDASxIM;em%eyrCLQV!0hygH_<^dYUMNo*aZjo%bFAEE;Ubx66qSoJ3L$!h`9J@3lE;RgL1` zOf=at6|4O$hw=XsR7Tdms|TKP;{QVeI=K2Tgys?5!donL=D!{uwTAc=$#X4ScK}I~ z_6p;fT?1I~OX`%_GJEAsB8iuO_TL|1Z=tG} zCy`ol!!gkvC2k!FIsE*Z1Oow764lUNF~@D`-}mCzeIMhkF;Tw~BOXa>WNm+v1521h z5)SU*;-TMcNHkwR@hb+0IUMl){*%l){*(t>{yY&HpS^TKcZe6+gKrxX-%dNDrgnp< z&`b#RYErk+eb~{O7^CGJpC)y$F`y8OxI{Xjk!8?=!^S=Kpyqmmd_V-C;b;Vmt3!yW z*4K33LKc5f?_bYOyabv@I;5tQjEqaDt^z_KkBk;6kj;CIjtF8TaxD&(5If&+DYxMH z0}UiWT$82XyEypr|6baG6T#ODC&v|k+wdgrmd8Afsjr44dbxPk;p22kE-l@ssHp$& zB-*8#j~_p_x9^dag#z%gjUU7y@?xoJX(5d}#KfLDVuPj;P)l-vAY(=Y&22N!P9ji? z$ZJOGWo6}KoK^_O>_YTX#nwZKWS5i9DD{D}z<#YOrgZu9+Gfe#Uv=W;5B9m`=!&gp zVrs0d-Rm?OYWB10zNM`#p|u2^x$4dfc0N+-;yicFJP;DUS zXJhLLvZ|w_RJtMR{nww?$x`Exa%>CDs}8j${R9Tli}rM>udS^OB`Zo%q^MlmBXpqa zV?U}Xg3bbNvphxQ@csEh+jHXa9?J$IzQ)?xI`ka-Rg|mJc6hf|Y)w&8B62 zCoLnhfA+%}WHL<%gL;E%n+-Y*@at@s!h20&Pfdla>gnUh{_Np5VCSOZ6Ok~6#n%tkIDq8k14qt^WVe4@!pPY0eeY_Y9_ZYceg z0RQuKSr^oja^S6lCRZdp1$1RrR@0j|fkc(qxN~gi$#TRC6y<31TgO1d6Y*H@-mO<$ z@NEP{CCQk!?RX3v_Ay~$Fx=abRUxGD_I?>am)zCWRajUE7;Rnsk1q-PoqOu+YU*;`s0r;K${>PK*V57gq;>c1-GER4 zKELw)?G;|V6tH8QV^CtJG?<5&vKSxtm0q`Jkin#<-@@JY4l&g$2m_v+oOHJaFsggz z3|rjX_wQ~n5qBzm!mR`{H~@;RNEnV03q)3hQ~(g+AsQ&oR8>`7!JQW6rz0RZk=%w4 z@Yu0q>$GRFqTvD96u=BL06N$Hegm>9eu9v%gQf)dcBB>=L~v~ERZ!Tu;Re`|(rbI@z15!Zp;ssdmzzWd7&~Z^+y&f{5BOx3Dwq?ZIfW1Th)#ME5*qfH{3y*+u z7jY{y5I&e|{&y`vgM{$fiHLJs)6<`Dl3Wfaoo=oGF7l7k{o=)ozb^bb$*W*hkeeHJ zBCnu8`%!lJ4|qXth`!~WO&wPgd>WFQ>&V9_sI%1!>6!X^-rg%vgbSZ|pn6fu6|e~C zZv;WKJlw%LUC@0Bxx zCp8&dO)>%OG486obQPEzl-#2e6ZOlf+Ue{T*c*^`?9*x)uJ*B~NBvAY`is}Ghn;5b z)IN3h@OXwcFDc3S$`w@o;@Wwm=wfc&x`n_;qNSakD;4fNe^bt&iusbchlhuup}?-7 zdHZfo>Xo;|CJAP2;94Tqyt-yWx`p|J|RAfBn#E0g9UvLED6 z;ZL7G?*h#r*9D-R5Gt^dZ5ZZ>;QD~t5qlf>+UI-0XrYAh^xJ<}rC(QpmWAmlsLHw&IA4#VqqFSC{jVo8Zo57*it;eSfD5530M4ij zbmzv#okC}s&flWQI@0Fms$-tY!|oF7m6$D#ki6$m=r|Q8B?TICgsZ*rcyt+1gVSdy zR-T0Cy?Bv(>=e+p84c(ypN?6@Lm4?ac}Xw5<=g;Br7<5s6|OfeR>sg|ITSt6d5eu> ztP0NSZ7JR$!J^Og_Y(Kpx3U8HUtvpq!L<@@u7R* zK3=qA=idQBbp@cLN94C5%kqM_ALB!huoGMC7+q*k#MET}SNQFwPDNjz50Dg850{;t z8EI+XzI&%#?!7;gwMbWASC@yK9n4Ji(iv=ESd!3D1Laj(!@7Ah+yX8GkvjBex9dZ1 z2H-JVEvcl$1Bn17Q!h&#zNr1$Hur+^&3#%XCdjUOz_1*?%`*m;=F69)liTB=_5uN8 z^^zg>$W#u#3k#D63@CsAsTsLu5DIE;X7=@ywBGWTr^){lalE6%)%Vkgi9<4=o7RQF zZWl?xBtJXW` zdQ#QN&_o@4SBhX=&`=<=gtV~^3?eQN^7YSTq3k~{0ZNSM*wi{oP4c@KhhHLbV{@LM_^ZBV{L>4f8btw}S{0l)&?1|F22XB~qAq5vYBLC%FymRL?}X~sKm)(VSQ$l(Z^;t5mi}svzm6XN--d>?L!{)Wwy`D@ zDZZajSj$pLZpTkFcl~(+VatZVJ4D%Bz(l~JonMY1g_}f;muz#L_qRSMd{T!bs{8X4 z8q#<<9Ta$!6#9WC5g1yCVmSx3)rS^azg2`O-cc6@a`9`jWU9Vc@C+|0X7*b0A~I<5 z2ux$0h@FiMG)nPEV-E`pQy2EY4sy#f#q@fQN&nq8yZwFLU=i_*4n?|2r;nz-dXvYv zhP36a$!<^YEInsuXLuX~LP1!<_o!VgXCMja4Iw81p~P?vE}3^N4cQ^Es1QU2suGBp zQCBSki8S?$+xx~niqd5PwG_x&BsPLsChj3x8KAe_{WShtIf5<+G~{8!cLo>4A5b5= zC$nZ!8Kw=u-T?#|GF#7eFcUi;Xe_cS^kPZff)SSMpWp_Co96JLL$hP8BdBepv*zaK zSCQ)5iL6|J;+7w^hc-BxFm((#6#d2yRo~bM?Yubxev#btkofaDR|CX47y;&gYAlf!Q1Lpr8Gj zk+d`bC~~=#2)TCqVN#^KnTH1l%H`1}frjiS@Wprx-r9px7vaUk`$X;lD*tQsqBekS z!RX`aL+934?xUojBq@0};A)YL$S{{GvyZxH9tLpLxtcS2RQ5L_wCzBkfi z`-=)=OaBY-%_va1> zmZUPyXSklTNVoCR4#1oJo3}AkB5BGEw%(W$JLpnz0%%{T*-Wyry^qEL^|mGFTomNM zj~!9Uk3N7H^zMcA9{iS#i@2>0)!fR$sqY$FA)&6L6B`^{1M_HM>M*W^M5V-pZ#1N@ z4y!3=Mcir#UW)V88TGK0(L_WpC)O_7MR{2}N zQk)G#iwm@fkf>5OsW^NnDMa*H+HXWO7n)jGTMvHz3@3J6Y%KSN4NuOB!2gC)Bk^=H zuuy0c^>lS<1RxvF`wcc;5jo1_S|W=8O#(9+T@&1XDl|Ay;}HgKCWRG##JJ?&J00ms z+l}>K!MHqQqYJ#Muu7=OeO46(hLAO|eaDVY;IOa~yVXHPQHbJ&c{f%&b`+4L1Taj- zCI0dAXJGph9+#$HR{Z3N2|=iaqUS-E@UzAH#EHY7=8^w~UFjeV?LXSDVPR%6nps?m zgJFKmLG9W=JD(p@ zdx^f~vas0>$r0?3yKSqHsjLKC7wtHvxj2IoQJL9D#JmNBVi&{0)3VE5tXexrVjuFQ zPNBS%bLiUCNI^ltxpEg|Ev0WAo9|cIvhMZpEmZlnaebdY>76_Yictbg7GyXg8|b)> z0)mv)`T?G>)f9GvGa%!|#a5?-m8M0Wy?uiwviZH)U-iur^1m1-I3(JT&ojE&u(g_@ zvZvH7tkLN&orDzPU!ao+E5W`0=?YvNBH=e87J&>{M#H#~o@%__7fO{DIa^y>py)|b zFd5X@->Z=}tXF-flN;NQs(>>|iTjCzK%!Vf^0?6nv4#vHw0!gdARB+#=(^xcr_rvuFh>)3E z_eq9JRO|WVxfJ%!a&_9RId)y{2+^L_)tcnQ#BlX$tLO`KE+1OIugtMcM}a zYV-XB@jS#Be(xSxYHJYU1P534K&~P#u93^}M`H2)=g%zx;GW80GiRvWz|M|@w{lbE zN7$;h#zk;CK-*DcT;a{R~iJqdu=r%U{e89E1U(*l3lIP*-h7Z^zd0om9#oEf8QBm6Nj@ z)HIC5*V8Zr>govudo|I{DMS;u`*oPyI6r7hZrgN|_jg5nJ3$&f+C%KXgvWXGB_VBT zV0Y9jb~>v5lOZKQwRpuM=}KAkd~8Ni)q^cI(Z0T<-UB-Xf6={-FJ*oC^;Hyemep-J z=`{lRydH3^bfQ5!WM|Xc+q+F8{%q<;hRUod52MTp5GK;jgh!u{P4EvPMW0a1XXImg zjU7%V{J?4GGdMnw9Bka&$I5NiIT~Mi)Mg**p*5Zz7N=(ksZE@Pt*uOJF`@WJ&xFtU z#(K35QH6$BR`O=IAr|@Oj~@?hWB9uBF5cWNtxnlkllE(!?bsTH@5g zheaQbiI=I+j7?1F;>PvxP-u?JdkV-6uLhH(#&NH8b!o?}v9Yl!Maop~t#yO9IHiJ4 zG+od=gB@%VeE6G}VUxfYd)6r{D_cerm*Ua=zZ4`hx1%ysQXaA4^hDB`dHXRM!!4U# zKF%EHr84AWI+J|XDQ(x4B+)rWfuJ_=px!eftUeC3Y(;PPQGK(94-)c}-W8d>TwqyGBLP*$OMv&>Mf-+0e#8Fdjr!hqOx)Uul5HR{@D7*Nj~hqUi8 z8(LdaQ&YmEvGB16{&)FPxRphAsv3U^%L*VsEai}mo>Xa0Leg&`V4 zQluMd-cloMh)%#ZTW^*fiZ}YKA!aDJM=STP`+R<8ruer4@6}-j3Mlgn(;wlvb7ZEZq`S(4N zQ4|svM?iEcmvYV<%{eP8`)Alyz_@fsR>N+q_Bc!5p4LbH|Ri(4<2B2%a|O`Sa-?KU%c! zG0{JqG3$pSY!fHv*woY%j^g3rrzf`~gI-%-KV$I&OVnE!W@!X)6HM6UGn4<9oF=lKL-27JTmigRz~-bk7W(*=9WCun3QD z;){luX~8vFr)L;0PY<%i8Jr*0m*5LB#Cr!M35R?h#>iz!xqbf*fdCv9YBX9H#kG`k zC{`AC2=I3TCI^Hcap~q(xz{fXE}*r5cCZw07@$v;=jO!1JsUvHr4dcCteS9`sfh_J zOZ_OUR?%3Fs)wu1V%2!Uw1El|x<80Rk6pSXwo7!MZ*LF;q96|5yrQ)J%(2v^k3>|Y z*COc16)M3NE65nrSh$aWUQoI8(X;7AQzamRPU_l1#Q$$!6k}?mUFvGKx7*I)LET1w za6Ntb7D@wZsJxbbjb|pnbOh=js~M=YTGDQW`XQ7o;u2RB$6WrFN=EK97SJPXjk;M=q$*sqH7X!^#lPNb2XnDCQu{G^R0T6?q8HGk0H zKs|OxPqb<%g`WrhFmpi;)nUgxts4Kg?ccJEyC*dSOZpCkbs#qwL{;4vppXt*fl}De zo^EfOz<`NIFT{GqX}hDr{-cp10$<^8afZO@#}C}Igcbd?wszOYk8gIlt*$KN_=4~Q zE*{|ZzZMqYAci5k2MmaP@v$>rUS&hWA3uCRE$aSb=q-es=*Fm(SMMw8 z^J_IE>6(6ri<8bnL{5k=3AKcoUNaIV35*JDPqyO+t6BUL*z^oS=Dq=1b_YH>_8Z18 zRB5-lxAsAlj%7{saZ9t~<}VZ8Be`M)UgLKwFNjGH$z#yFz}oDFfSmfg(@W>IwY5>C z&_H!3`*gDWPee&Pg!c&7A2({L6$a9|y(q&4bfDQnNrc_Ahz*V*0O9Tmgdnt+5KGLdEqJSsxq0fxugG>FCeElm<|L*18J`w+x=R~fDz!TEOsQG^@uNo_(FoOX#dQL( zK8)T9#rHWMqwmI^GLDhtUT>Vw{|u zrs=Mw&Ecg(Ru2WtHN+Q#M?hpCq=M+b(yb}c#6a0x_XQI4)7zpv|A1>g$72o(PFTYcnd?a{F{cl2BTVVHCC~7$lIPFf;k78*8l3qw!H@V4rB zD(AVmxl=m}z$cD%RiFfK-i@u5Ws*N}|FktIO6-gK!nA-w)K~1nEh3jq0P;SL zLtf03{YWmwBu<(lujfQ>{t>&PoB3t8%E?80A1Oi#8nzo?=I%>wklcY9efNipMw^bd6d^ri)e9FQ+iDg84V3_) zBdcOPLH!2pyFItlIS-5`;gZDwFQ~?3q@_WAJV{DoL{5-3A$vFBd*FjpVN3;l?mB9( z>-g_ZozwN(ui~S6u%yzAfmLhixIZKXgd)tMIhPnV1`{!HaggA(KknrA4chb%lzhCA zN>yN1vEb|V#rhl*31)U&Vv=iyqmmw;N2F{7?UC&-0-D7P9d^! z@$a3ce)P6@*Q+PsIxhfUlFD97^EG7-AVi+qKfC3?CBLNr=B0Hzb+#SKwdlDAJz{zW zUFYOyPEhL^hg4j4q?VTU)YaW&{`}>OGu#c9;d={#3O2_ZQgffQ`4QE?n0x)4Y&1q) zo|PZL-D4oco1`6iFAI`+h)4mxz!p>ueJ)~{pcfvri&lR+UdOi?3(oyLhSYg2OdHA{ z*=yGzQIFN;8Yf&7IDz0pv5AT-!lEFCX>)bfz7>p(-x%!RQaGX(jlIhNJuO->c zdPI~R`V&x#TnF*Ux;J?jFAzR`AiU5PTm(1_eWJh<9B`0L5-b@~Q_O(P&KN$6jfq*? z`=)vqifh-4J=PF~#7LPlEnQ6S6Fo!aYzdX*>C-LPOwfFR;8^G|zH{{XT1^6P8#$t) z(nO1pR(Y7TH^@sGRFLE^BMori-5Z|Yhchs(^-s^v8e|9$Ii~YGyW-5g?>EDKom&DA z1M!la?h@^GX)vmKHfRY-e|*030^85ScAiI5IhC8g36@j$6Kq22^lN6Ffr$yx;bqc< zZBSW^^(5RNBRHP`a>-#bEs-dh>*8mH>~_M@KiOBliaY@9H^k|K@D1eT;v^m|DK3QC z50R-V<*xf(CO8^4V9>48PRalrat@P1cw4s_{+~-hcP@d@PvAlgn*#n>o;$b9zOJ= zYWu7;H_fJ~(^<7kVM25K=15^jVZ?khnM~h#2%F>Rb89k<$LDeP0A-=Ok-V+?ju!5{ zt*v3aTkV)pF59s3a$fzAFY|MDHc5QZ%F@ye6N?aBGB!TGgnAML@CvZ|y2eJ#?|a6W zF12^>0$v#O2+#^>96vt$^JgrANru=@MDI35{tOOC9>hgzr%#TKCjN9&%B+PA;3LwD zyuotjYwt&(08knz|H(8KuI>r!5krOvd;#*Q-}sw@-Y;H=w}RvP zD;GfL;zbPMwwnBm@<2PmVnb^ZZY3f>fkt3=v<=`CGy}?P52c3AUsWAmW&wC%CC#0TmB3zp86QodXC} zgXWY-IBpfzt`Jap6}s@Ltjx4(pdcbRek94SUb-hwBxoQ6r|>O|v$Ktc4V?FSYiYK@2Go^73-TDrRROZg^qsrr|W=4+RMD#qzFW_8%u zc#ECN60qouaa#fRlKZ^t-$@_@PIg{n%i$1Qn~i5^vtTVufO{Rd0x`@QUFb|%xvV*w zD`3R%KG<1XBcX{)Kd+~}~gqt-OB#1QH91t~bNLmfyu4Pk!>^KMK+7%(9e=Z8J| zv94kF6BZCccllCXn@m3@hzo>kc>Cr}KKm_{746t?1KSXWEm$j7RB_2zeSm!|3>g4EtMfiUR<2yWJoYiQ9rX>7ABzhP zcjH%)G1zEeMBTV?76SV>QGCHtMI&Q?y1h)nuXZ=*qf6xSiZWkLJ^=b@-Ts{dLoeiUV`$vELw!AAl(O_-|($! zS(+bh21ix3xz{IKzg2f#z$OS|LGu`>Mffv4FRdln^Yn1j#hb3pvR&B0Y0V$@7H1j+ zcX9Xc&y@5nGkHL;YzQ?MI~eO^e&=0`w-11%&?E!|4ImNFET!*s+7rWnp_He+H+Au(nWP?k65n~zO#5b@6=Vug z7$b=2Ck)udCwfd%oOml+!Ui}^Ygl=CzYPo=q~U~ZH>vwkf|>Qd^po+!%b5TVP-;Vn zhl1g5LDK74ozMf7?hXm)R@y#(WFf;sa$LXYVF`EI@%IzrQt5}Z^Zy%XJbuWAk=>U< zzzmzc@eL&33}2}7hWq(@t-E|NhxURW7(uC?@DOTjhxWxyN$iQ1mQBfFBx6bcalQiuJoH zZr|wvpa{Vlj(2Qw5P@Z1nbOyDhPj5Y?TXE!#8kwt;ux9~Wo7rN7}I8RKr#PyAAr2U znE|ENs5XI;rsw`En_HC`*{%)Rf6(kl->LFazbu%z`B!hHZ?#FbUv|I3EHLz+0#xQq z)&fR&2B7yrA&;wty8saVJBjtVu~njBR~c?_!otqQr4}py7ujqt zwSo2aR&p&IDJwV>I^|GWWK;h(XVcFK|Ag6c56 zR7#*Xe!3b5sNu+wU^9xlA7K==Dj=ZbVp$0R0l$cUV{A|T7zWm8Ejw5=68|_5{Q~mO z58vWSa@LZx-thclJ(IlSaEPwh$ci)6uBC@_Z1Jh@)tLZy2YJnhvDJ56**YEQ&n>CIk19X@&BE+gUmIz*jB5W@lOsk5qVx%7b8f*Ckp z@037gtGp*zFIjltoJAYInG&5YU5K2QQ{1K)Zqs`0Co=l=AMF4%1u(Yf&%-mUra;^Jr~F^qR`2AdZQGXjFx`z+rXd2GP!Wzfp|`{{nwoy0=JPx- z!lUF}3W@J=#iN>!4=fwGG!cJ!b;XNZ`)|V8uU5*a6>*GVKX!C9w&XH^g^N7z4HLAk~fNLtamW3 z;}C;0e&V5coyweOtweW`E@YqA_FgPXs<+m6+g$HnCiSstFm`IZ5a8VCh^RHd1hG0_~U zLnmmo3T!x+yYgVwyD$O>5)orN$*LwML%{yrI`^hKovYi-4Zs%)Ob+0YFtCBTNqIrO zTV=x}1ImhEn7$1T{zP%*xcZKlSyN_*^)O&aiXhEDSw6{*-&2?u>V$H$buHmg+Hb_pTD2HVkAxE?V;O2F*u7Zx_d-$13vd?q(< zmg`?h)@aXLSirFPj`~3Fr-I6$7V1;yH*M%rdsdMw#J=x25OW&fVuaxJl!8$}qsr=gwdCm{V1W_|9;nwsGG ziW_az*3uXh(-MzC1|>KvzFiEPOSJ?n$0=bz5)eXzjZ!}1BxNL~-vWY%DfAQK2Xu54 z(Djp5jg1FkHqDDLw=($dn?-YbXOgMMZmx3#i*r0h*A05IN(T+i%A0e$I1wwaCXY4LrZ z_8G~a6ramh0_h$6jg_2|lEPq}U5Jki##(4aAIQlbaoq?8>CWrOHE*A-KUTkA^@p~Q zwEooT4Gk|n+}%;#j@l~uI5OywNH&4_rk8kbfTHx$u|IaK4(!4Y%=#+G%R~1t3^oEG z=f+d-s0bM`T;x7J|pa4OtKS2Rhb2XVbDZvA`xH$Y-1}v?9?tqY$AW8UrWj!W{ z{Ee;+YTIJA3GHWNl%zlN>wouaDsPg0J4};F-YL0sYT-2h;*8|Ap?p<~(%vK*0rbfG z;5ZdfK|R4%C1Ip5y2gNY?~v%4PZ>8YJr4i;lO0feuLr$iUdXUQE>d3HW~blXkBDe7 z2?4weIZ{SGtK`QP7U6y9Y@YO;w?3VGwzMX_qpzmTb4Tn#gCWP$vNA%n(G!CJf6IvP zNTeAkIM@|om40!Esl}7J?+-AP zqxPB@HaAC6f)%69{S;ba=|r%$F9ar{w8KjM@08F3km$I)C_1;!jaBwY*tCeWHFGXs zp!m9b8hnzmmG?^7EpN4Z%o^t|0l#wR)@c6W#06ttuG>P_(xi{MD7pX>!{dP}0cB+%IUDjO0Ll&KLEC+NR#C>?=9H=i zJPg_cA+*>8@4dKsOe_*vA;E!x@Ox)V6)DwN-2QdFkQW@f%kPEDNvA=mZf0hl2ECY} zTXb*b=+yf<7^MCSDa_g`aU7*4{41cAppjVVI^^oQ088zdxDiJiFBjtZRA`8;+($oP zW?`~T&5rs8%jV7Aa7LqzYk`>w=5366bTKn~8en#_a~*~}V<;Lrej>vB3zV;7d?2B~ zb6LG^V9^g0{>c_UkV;NbO_NMYJzvTcS1w%PU@vZ>o(ns{5H%;<3%#@xNo`?WL z4T(e3-9ngm2}^BAX6q|>RmK7JfZK-EK5Jd6Od@`FnA)ME&}| z^q0rS-w#vly^m~HWOo1=z5>tBXQk^9Zxg8%2VKn%GW2p9oj@8i-TL+Be3x5iDH{z! zVVDM(pedUr9Ps>X3T#os=mt_VGYJJ6dIn6Op(QXLz)KOfvC03|iS~KT$HDe%VEB(_ z6trW09#`m#pv_l1x^g-yxJrCYQ;b`>yGuX^o!BNM1cqY3IOLPXrAuZBN-o(V^Hd!0Y(}vJ zO?L@S5Z+M2=SkxG^AlBs*N~jZe_jnU9^>x16wg~xK^QY>@mszwG{`3;F%ZsVr`M6| z@og%A%_Q=)E@9Ag#cQdO=;&JEC*CD9;f=l)_~-9O-Av*pkz{=hIk+_87FJj~y@rni zQ?+b-VCpp;Gkf;o(gGs*oo89$) z#v2bGejoFt$dTFHe~WT2mpZMRHMJivqXD0^vPr{FZS^M6-*>s&>Fl@T<=kg>kYk## zCUtKWe$sYMvtCP_*=q0+h0A(e0fwu)g0K3ulL~5u{BjPOmu2kbj%3QZfJd1y>nL#H zO3SK{&!#&cq?L(!EJ7k|S?W~T`INXk2494NKNMR@c8;}c}p$Tp9fK9=ld(;L5%9$=d9Du z>*byV z)BIYw+x*-%u<1%rtZl2n>u3tAUp_V%W1c6YJKeB+c})ceVQ3|FY?RI28aD7)!Iv{y zA!RtHz%jZY_#1`i6YA8f_*B&y24sA-W=+n1l1dE?id5T%S0mrwNG)u@c#-95{;T6m z6+CGJ^*LSEiq$uKW$bgDC`lEHmQU|PzOXyGo@AXl9yiv>+TYJVExLsiwP~~M z+E9kR-yC=5Y5DZ%hJz5q62+U-P6~QGY89r;#qAEyg#?|LIzKC}!}r2dGHa|`$pMVR zL75h>wioQmBG>2lE94Z3 zM+8c#n&<`(h|;jgMls_)8@0rxcMZ)bpt_dzN(dg@C%OKwTnrA<2$QyV@82}BAZ8Gl zxsh6j$cNFS!ppL8*f4k?jnSclpA!$y;s|K(ueI5u_iZn;q5oR^iHdv7`u@gb16yT$ z;~;S>1>$cW@vrD&7kEu|7w=isq~=bRZxVk$>4<@OO%Y`;{q#*Keg?egEOu1`|4+HO z61sBc9Uvpev&btzW(#E<_CRjgQ1PsQmK1 zlmi%biC4jeKU!kg=O^=N`-5jg?Ms_@Ki9$q6Z)EhkAeDF_Eh28iTEu%6@^=-`{!GD zd0_Q7_!wG2)%}IWPsZXiBTKf8apDLTC&@avWJ8DG+BPPpEm^#TjXR5iCi7JRe-_nM za~@v851++Yc*rju!40~u)y>WQT8AY#HtSH-k^9%2Z=?{v$5i;1wV(3{^7-p9#FwG^ZHBOB=HAh0~nY!xp{*5S;a2SF%rKb(UVZ2)-Oqt z*udH`2ZJ}_3h*6wyafOLje;)NeK@Ed)4rk`pg*4_s>^Y3x9-b{^~4KfD^&73)bC0; zIIy(GgIM$v)RP)bl@j$ak7DnHHFBsLbi-^zGPq#xb2WaX-%lorS?r<Uxz5BDRUBAZYZmBFS5Mtn-YH$x#=rI;ZHF{oh`K~Qm%DFm-6pY1Z3rYA zt%-jTbJ16DfoeQ>t!xzS8f%F?x-V^5jI5a-jVtF)l#4cRC;1EbF$xDL)41Q8{&KVN zm89i42tYMUCuHcOxwAIblKf}~TB!Hac2aQTWrtiXq3>W9%6g^hx`#%SE{C!JS8mi# zho*zC=g|Q!o?Ql7YdR@-9<*V%R}IeMw%Npr)hXs>pjGIig%gOMWm3$58lUcW39hwi z)VGzbkr6=R;S%?|MZ;~+;Ct)!L+h>h``$4LcfMceoM4zr|Hf`Zt4XP6CtsPgUX*F7 zBHtUEr9okduO4{~cVQtliHRzUs!*(x4x1jw+BSneEOxQNUw)>SGfx!v-!uJVn3^`c zM#KF3Gq2{>pvo3oif{IBNhG%1XFC=5WaOlOBdd(kqk=5-yNSo|9Iq=f5lEu} z0)jZ*m^b~pbMDO&$>8yX%!~;~&?o8C^Vd#Ts~+_$>I_Q&^9lE4#He{*L!z zZOd^|?!xkx@)u5Q3&cUwbZ1X-v%b_O-f%G$879gBpWKm%%VGmooZ{iLxP`k zk*c5?BUMOn1bp))eoGafGU>^I0Nl#>mn(4?@yC5r9HueiPoW|y1NtTzY-p(Axm#JV zo+gdrPZk47*q5fe5i5~oiQAAA#UN<2NjR9Dd6NXuVi3G+4)J`* zgk&ZIKr{Ee<_50`xfZdFkYOcKt-)(wNk4n4QHHO=eZEYtKTMoM0!25(h z2=DOsTL@Ff*PfS~TXzpot(jrq$twuNZ$8PUAWdBD_}=y(#wA*^sF~~-zMrd|B~yjlGxFE>zt2%!fBb+7h2f!BSC{ET>|r! z(IuUMrUj(BA4@B*%%k=@cGWj3dd$_Us|56Ty&>Qt2)L@%E&?Ng5mH31ySuW|7@3ix zTVIrS90PkX_{*yG>G8R_IrQsl1_u48j-jR9v`ZU|mZ_1^Zj2}Zd6=4%atrQx%^Z{K z$iC`+28syk5C?J?1U!fd$bNSR0|77}OZL`-pq&@CCpQ_V@Z|lN7f<;8(9}RgmgFmY z%C(0`jZi;&bYP{Sv2nAarz>=tOD`aH!`g+4x)T@xJbBkGKwCf}u;mf-W zwwQk^c9wRCy`SHhZszqXcDhmARq#iv**`NO-kQ(IhG4E-J7HXE%vO00*8=?pk)sbcpZSvbCD&(hWc{wh zSIHd#hBl-ogJ8wIP6OTaD$=&&(s#5rr|a<^e>m+$#xNNeVO(L>LboWlcQ2kh>-{h! zgin)_FlHBH$)m49m>hHW?m-p2Wf$nz9|1pJ25zZx_SC8Gl@1p@RrMJKy~XlVpFaCI2Wf-JyWj)V#o8$)>bMo!M;)YM}t z1l&%Gj;{LZFd$@TNQqE*{Nm|o>FB43mIbb>GBh=n0F)p)+70L=a`T}bc-MJw-!7Te z=L&z<0_YXrU#AaVUJj$%v1p&DAsJ=Ftn)UPj0ligj5&pFC{#V{{(Wfxxdi^ZE*ark zP~U(8AqeXjA=W9hZrw$W&ytgOu%P9&2alXHru1v{G2{w@ z@K`~WrD^P!|2t@>_VW#a?&{(G1#g#APp&lGlL$$Fkk-=DPf0x?Ytyv2VEpP`IN$0V zcS1V*@87uwU)1pLKK&xWB|CrX#JKJ1;`KPy zDM>AujDP#)1>G{XRoH{1q;e7QfnFR7KlYZ1<6x(#%ZQdnCzUJ&I3wU|Fq-x#)UAgO zt((`1!lw#I3`U5R-)@4ebb-MbYYs$%1p{#wfG&J?AVxHYS*~3}QC9%%xs+5Z$Q69< zO9hEHV1#*~aOL(jFegw>kB*M2s$fk6F8I;{X`i{dd9LZsovD~-Q9CS!j1+7#G1uU6 zsie9HFu&Nej$QB^Ltp`lDHuCctM;q86z8kIU%lO4HS_O4^y z_*g4Q1!}>ZaohGT=VpGonl>n2h9ck>e}7^Isx&jo7xzHo)UYGXbP+Z*;bih_fPfzy?wG&rW4yn28~DfEbr}hu1UkujdT}kC zvedE%S8;?xp+$J_v{Sj%W}-x>cO@*>ZS%2k=8_3X_xlmAXi6`}t02F!C^ony>p~{{ z!e@_?w8v5}l)o#Ec@vSz2bK1yv*6b+edBSIQ_QChU4ApR>sgqFaO6+~jRFlXmHdL( zwDV8LLD@{v^nKYYRdHvosPRS6DbQTZ_I{J`;#0+2N@{g3{%z)RIx?C^FJ=7v&~Rqw zjh(D>LihKJ? zn`RZ3c@J}LSI>>5CZBts^4aH__}g7$qfM84QZ7#pu3icIQePKcqo^2hW#{{VL` zSzB7d;WUNN8yr5c>m1@|c6E0*Gc{eFFJJuxh5AzIz~Qxv?PpT_7(Y|3qh{c!2oeAg zt!2=#S57WF5H1v?jmV0|VQhRfZGyCliIEX2ylR+Ve(@rN5VBwfQHo)1JaTTJlhpLy z|AqOwN}4hj0=_yPFhXV(tVgBxb>(#;dygWD3P=~s*#Z%(*qNGhrUkhI`g7)o2q%?;*0Fu9;~5oO~@-Ho7e#P z7m%0lg4f{f+oNS+&tNEjsvb>NAtq@-1$c3V8~YP7qu{8u!>xnq0E_URqvGhKym-w5 zKAF>mejl3AO|ZM-07NO<-O-^QC!e2P&uv}!C@_T_?jP}f<=j;48g0$gwVgRR$Bto! z+DJs%@3rX}>HB~7zlx?_UvP{2MN?~7`U4hDx7{+~yV^f|G%a<#d+M}NVrsX+{rXdv zcJ8EVf;V(o->$KK z-x>dy{f8^XE_{54)&Pk00p{2LWg-bsi zBg(@)u}k&#E)@(K)HoWBobYkh))iMQ{hbw?5PRTAldb)W&Jy$P*#ar)J!zTg?~7w* zTYD0|T8|scR?oyXX?Q7+`RDxj_*b@-SP3yF9v0rE1rGW& zUaGwd%iWpN2M038eZG`icdb2_P{+Z}E^AbE4OVuX5IEgmWSgKzBo6*d_4~}~qaavF ziAsO*Vjh~p$_TBqpAdw6<_s$M1lGF`9}eI)+mODE56TK?q!p0KfyrHHwXfHL$wHJ} zUf%s6vZ%ONt-kxjQbBtN4s zKuIfF{H;9`q3u3JW<{vV)AT@_O+2lI1V^{PCi=#qW5^K{+rFJY>8WY1S4={J5B#lf zX=^~q<7mBq974{1uo`6$-NF+G3nK!Gf6UI>N|?(rUdTIn?zuzLkIr%{&oc+C@5byT zH%NSw*(Wh=V)ZpxQc^`)O-Osc)dm(VE-uznwciItv*Hy@YJ+=w8lzPE_>W#nQdbtBNd(C54{*y-VXyMroaPK;-`lSDn_%`5Z;B*^lk+GpI`-6QGR1ZuAen8mEzg=?P?VDc3m=ze5t2W zd8qx4u2S}j%BjProK0n}Uk|_Mv#q?K_`LVIFXbW^%fBy|Dwkfb^~jjVV!Zx*`k(;I zxrnn*_0+cr`rYnN=j+YMdm;4b**cB)fpLRjwmJ{3Y%pKI73v*;D2R`N$B`zGtfQj? z?I-e_j(yS~#`fyk>@p|QtlDgy>Z>ub#@2!MNLE@AjtN+zw|;$Fv$DK|DdG-LO<~2A zLyL?eefGzXdm-s4voSC=8DsiZ0ZyR2LQlboe6V>H))h-=LY+av;U3tyY17R&MjjqZ zm=S$0_553X&!^9!A&OV@`c*dHTjIT3jKpXphiqZJ-s?KZDEK-4tGR`RD?Cp~l;D?> zTf`P764AkbsU>iz@$=ix&P9aaAVOyWs~fvCbdp4@3tD~jsj{-!=CItLWW&(V)n%9q z5W|A@B0Lj3QA+`5%{_-}652`+wj2 z^L(CuxBI@Y>%7i=9^d0QzEPSX!|Af{Be;k?{BC z6H%6OEWvMdPoy1B*BIK6susyjS9Xbuv-JD-?yOO(hM?p4}XEs(aU7P$P{qc>Of#QWn zk00R%^BQ)DNxPWVt&51UfK>((I#x2>aUimy=SKo6o1BvGJesP+Z&0kWDE#J`DI|H& zVV?e(<#5}v64_1RTK7q0oqg8e@rdiS+L>>UUcY*8^iO1*-_?@!($S8$KVJIE!BJM) zcKq=5uc^A)&-+Bhgayy;f4L?z6Dym>`&bU2Sigqjdt~}XzjO=F^i!YpRCM&0%Ip&I+wyze z41G7ROP>pwJ0y6hnBmLQ#I#x0u&}z|+Mr}JlYYy`YWhLzQfT%u#0CFx3vDh|&(Ymq zL_PvR>eV5klTft$XoOc!EGBTcw!uBIA1*T>=37Akpd!pnKXm-M{&mn-EkAa?IS&r2 zinQlflZ9NLg%|5KCKlRM{m5abQvii}`=;r5R zld1}X4@i2AbE@KJ#`KCZgopQEuBCKf+yBzM|58g!#X)`5x7HtvU*BA--7?qp)bEwN zdtuF2KaJ@quDN70-aIjhZ5ujP&V4hKH_lBf*GNCExAl2D%b#J2OBZA$&zf95`@4zn z7Vqy0Ti2I`+Y-mhKT&;|`EtVTkwWq8J74nUt9#{&A|Iq$3tQiMaNtg0s%R=-pZ7aG zqYJs8XoE@$JzeMBMH04loiMPd&(%swYrP+;$zw=&Z#XJ)I4b&r?AbYeK~aqxoknTt ze^tc_Y;l;G^4@PK$Nqj!cgSAg&l8a))|0EGOB0|EPrj}ZSAXn5k+}FL@}pIwqHFfq zmsLy-5D$~=iY$P=$ogIE>2#tp=d z%^Nw{{S=+I3vAuGZ_Ata<>fW66M|E|*m6Wgq@*ms9>#mDk*=?=y}FtyPBEmecJa&N zoYUv(Z109X8n?%^TSN-7v|>N-0qcaSBjNXExuTERX$T4FKXq8lzjDQT872YJ>TN+YWV>b3Tr2UwTT5FHy~W&lEGar7#D-VK)^sQ7sDf^~(#*3|+0Ew}F14$!QtEzeNg!UsOFUslUJR z>_xiL(zeCe{#V}a!%Zb+{TUgVQ;G>o6BFkBvevPdj^bq)w!*3%zNY>A=fBQ`g^h{~ z$GA(+U~Z|c887>`92NLu{l-^m{?-ITh4g)s$CwKaLQI;Ej!SIw5^z0#S@rxZ*E)8` zTfxD_K5~gqRFV_VI-L20!*pNU1*OpsV)d!vLJc;Sy`npIWTtNjeuKV4vHxN^=U#1n zRaH$4k56_hd3Ndvi6@>u)$3^c{jtVwqR`cBa8R7hm?CcJh9ka6;AtC*n zcd1y~EgZ2FX4yRG7G97Ta3ahqo1xdEy|dYCdF$u5e!I-(x7_%cZ`AZ4wpT55@ca#? zxZNfmFI`nXN1yg9Ixrd2$W|8%+L?d*&Cn zDEDII-FG3!3Zp0GZ)#)KGku^TH+Q zbU|{QnzDk78!ZR)AGVkJRZ-u@8~>U>jxN}(!U(e#gZrb-b)SN zJf*&+r}Fgr_ywS2m*+~ph4vLi=$Tx4p5=1Nq&M@xAAXNSUeBNHnLJ9O>ieS>KTdvA zt(JngvD-63c{bwoyQ5u{S6PT*#Y1yXb=(2GR+@a4ykmM>qlMLS+D+V^W} zD7YuqH%%XOXp{y-R@uir&p&wZOJ#FRDrZEfNa!K%mwoeYGj4VlKg%X~pPhhfK+@Bv ztS6x~e9_#{&`@4Z4(wf7UNqCvDyMXimoI@>1t-ECGj|mqL0a6AZg@xqC%tZ#pzr6x z9UC0zyKbg<%5CqSu2z$imc9fdLxi*DL7Ruqbh}abTLY5P(rIVgUmtD@aOC8;)zv=g zXgA{G^6Bi6oSxqFWwN(hmugBtzNko}QLa61v8}Z|^YE;FU*{qM0Zc5>F)@T!oAKsN z#A{pht)=T9L2sRDc-v+lg18EtzrG%9$v9dtDx-2<|9Hp(a-$JmLZBwX;vKrNAfxZp zB=NHe&t9ktohTqRQpUKxx&WOX*oQ|{5b?Ql!ZRXh4?!*|B4XQGuf&&|$*>_=1i@6co}{P_c~sCF~L=xKsMGXEtZf ze43o(M$NLYR6J7$^7P@A2rL#2d>`M5QE*R!Fl=tD3DLlKY&@XMxg)u~`_e)PVU0Rx zU+p>pOOm$scGf2FD%HHNVpljeZiF=fUfc>^TK3)K9ZX9^zF{!!JKd013PCXh zEL8+qSpEqV`t>E|!BCWdl>`Q1vn56!@qYAQ5z|wjkV*+5)8vamskcwjZU4_8sAK(` zV9B`T4San4*ft`92iJ2!PN>mCs~B>J+{OI5y1MZFhWdJ|6+M0ZIKnb2dN(?UF;@MC z<3KtpE_r3^!3$!?e1P(d91Din2a#RG=7Cm z*OOxr2&^LUmb#jZd1N*CkmQ6I*WN`mqvJu}US;6fByJAl_ zH^Br{QszZOuFsy%guyrtHHdcF+1snBz&8uA{V*LvWHADcqkzB~L_uyNA3 z_rV<&lYwBiw^&K&*sotX6cq@=*&^gMLyMFl(I1kkokg7fRh3H9f4vPq=W^6R%q zIjF^An0ksE7#Ywx-L{S3^?$%#?CypIJI<18mnpB{u{APB}9KQV5R!cj%X&~O0=C`%Kj zS|X)SbOVy8W2$Snj105|m=Me^E|>uReNLCqvieYqpze4hKXk0n#6qbEb1wvSp(mgJ z`Vp<#<0u@<)c`WVz24O9(8xA}LtMci81RhntJ19k%LLE@SUMN(0Y%NbQW*Z1#wk80Xfc+0h@X!ztUR*>-F>gUb zmK|fUHEqkIx@|IF^z1N#5Sh4VD#;#<9tKCdR_&Wm&KVDUr95e5q^1H4SM0c}i;Kl+ z2^QDS6FDsh2v^D6D!|G)G_oQY?m?-x>5L5DXJ!`0)1C)zg9Y#V_qPH?kVZjQH}cUV zVo|8h&^UgamXUi~k?vWZx_)$W!vF=}<@+H^YQ>)4c;k-Wg456O`!3*G0R7Y30#i{x zzZIO4p(*%Y<1hb+Ysp*Xo^pW1i{Ox3x8N(q#lfMfg0LYbv755ybE~6CImT6!o;mP39$zk2^thu)*rB*Ej<<VNH~Kavae^AOg1nF?2gkIlA&3Ycg8fvc>3jZ(f$`2T+cw z296F@&hPcL5&vLeVP@8P^X>Gz-kJBayq7L9nqJ@5dTApU;U~S;uDY`ri?gFYjq#3) z(*qR7o1`qrAO|4N2}T0c9hRIDuLqpRxB8T^NOy zjG$7<+*+0(6~W<{e#^6@48LK^$ON;240b)KTkm=Ni}v0X~A3n0&B?81G;x zd3P(2$VUi(r6GE^>i3cL>*Wk((c|{*TLgXOdz^VaibeQoCg2DU{yp-DAOI1(|May$ z%(ahoa$B_$n#HwgVsnu#5;-|OkBnG5JAXLi;B0;6X2eA<$GiFYG9@Q3Lg7T{3K5uu zRTD-Vau8dA@6r1rR0J^!WY-YdxpM~GC9Lti^v(!oK4|WW0hE&E)lpe_m8VbR)A=#A zeePq8AQyyk?`7Svq3S6Sd4n^uXveY$8Ze&Q-pSF97AIbXB41f2wgd~k4(8iu!Iiy?Mx@FNk5KC$xWcbDEO zTK(oPTD>`LA6Cz7`A?>$UMJo5U4Y7@#IK-xX8XxV_U-k^`hZ6~T_=|M6^ts_a{*ls zde_+K^6s`k>QKKyqCo%@`&dn&w0~J^#mmRnAhJ^(%7M>cb0wasLmvxhDaaNHQWb(f z<7vm665pb47y4arcQ0`MSbL*6($+U(b)lBQLhT?JBkw7}g4xQA>HNtzz)OKe+F4o6 zA%Vdyz5{;{vZib{oIcI9cl%cs*#>0v$c0US$6BLUCr;_B?EK@ujSlSF^QD-w1Cxs zDzDUf#q<}PaD89~b3Tf)krLTT>Ynb!m?KFid%q=8tC2|EOd!<~ukohRj$M>WC0DlJ zk4cPnHlyZD%I|Y} zLkK+ZDbpDllJ4J!#a;gOh&%4Te7cr+yLt&FpMd9rPK+YP4n)E_JlHiQ1|^==htG4^ zlt-&2RMj58>9{2|sXkzLB&(DyLp=NHGj&TI?{Nyw>X0UA^~7rqvIr8%h`vSnSNZf- zayP*ZC)tKgzoClXyIKZYJkZCHfeu;*B;`VVeXNL=QQ8fa%Gye?BP3fkmmGW6YDJ1x zq(4A8maZJ5apHI-YOlCjt||H}yT!@h4#%t~KD8A;zRqs_mEC0P)%J*gS>CapJVLOf zNqKx{)Q)Y+b54{x`AP#tsx5CwCpGHvGY|6bqOzq}Eqfl{kwYXS=oHXOZog7Ot{$8y zSV!k#yxIqq>Q2iBwwG(RUi$mp&DHW0My#vf^_}uCqVKT0h9@X;1W9cA1!Qo`J!j=)Ni5%}t81ShgxJ1GW?_+*ud06&tFs9k@NdTci(_a$@t;J>Zvbl;jG ze(&m!eV)i1>Hsxbnouy2$OUWt^Vut}-IgUd`=q>6M!VfZrq`{OUDvKYfQ^)A?DS*( z4Oa~k!)hXp?&k$u_XV@sojc2%I99J9E9?HTz`!7+294;edgw;ctV--B|cI-4G7tdf2+H@yb*#CvMiBqmsGxDYwZ*s#YG(!Ug?M4tP;I}QUT#H0q5qTC#B(IZo-`ptuN&Yfq_R7o3xZj4W z-u&?r_n8weV_DDru9n?SWE4X78Lq^illALy=X8LiF~N^Cko z{!%6k-v`SZcdcHUv--djAXVR=1@rq-+HU1kJPt4F;NdyK6_HI zI^`;{2~+Vay2{>2qv%F16O?1Et=NZ=r`P$jZio!-I3j*yuR!Ci>8nu%ub<(ZI^Ej$ zn$+8m=f)H5m)c5Ay4%`!11bU~fvH(l&0GI9A=@7D`n4C|$`f5J6pk5COb|aKCdwNl z*X=Opks5vf&Tu5He=lPg$42x|uM=Nv2eH4N@dS~?k?cVTSpM~EVo_QBMI)=rRz>`` zEz|1o_-7@+Ux*1!oVtamSEY&7+3fEx@E%JgaSz77_wXRZ19-*r{zozMwjD>>Nn%bW zT9|lJ;`-#6!zwC30C{+DCj0vC*ga5rkvPQ0=2>E*5Hmetc&2;jm|>QMzY;$)JvF@k zoX$EJ-8b67-^O)k*Y4fMIU)c7@Clqb!H8G0p^U%GY{scgOU!w59<~GKW8WXbQSFjyiyi?rMtE{R7o~{1|C__`KFjwVam+RiN|rnI7=x zoT!NaQv)6^*+?}-?69yAM}$M%obF$dw zYOdHSt0UoWeLMF)_rMGy@uZF-u@Q!}H8(dG&jr?eAk+=EI2XW1M|u@Z<3S`A4j4o3 zp^lMi{};qn)`IjBmZxO9_G*t$Ogz(wt=`4G+xj>XoHew=Kl8!mw|kJl4p115qsRaU_7vPrHq?hS=>L{1TZSF-^(C0r zU`IL#jrA)3onZLGgB-9EQt}KLe!aDMcj37WIJ-cij~8khXzJR60m%(h4+wTV*%zcR zIG40_bc}ZG`yXIb-GVGlqc5g1Beolv6nXD)K}WBy1(l7O_@pTKlL7aSfKU}j}~t=#ax zap^0bHKIM?Qo<5mR_2Gcx3(UE5FK{-Kv}yi7HNGd2})y<^21p;EknG_5{^u8K&T8Z zy)V0fQf^HEHRHz*cf}0a#*3R?+-MhI4`wl-vgLEWc?Iyy1520`fxqt9_5Qsh!~-`) zW@l#hV)qWY_?>(A^iH0{_q!}}pFDYD&8fr#tQObqbVEkC*fXckp3Q}W@MA6XCw2tX zfidCy377~h$b_2pG?Wx+=aFm?QuEl@*i~K4iL+n4Jvg^F?*-rnL4=4PJcg5#w|S%_ zDQDznWm&9a_@GH)8?ZWMETSFc9RB?Oz=|129Bf6ysPSCeIgnKxj~X!$2j`Ec4lAK3}vbNcwPfN_e}L?KVT%_Lv^{&H+~ zHXnITk+;TEr~vs&M?|+sN`}1&MVt-B{m)ZUz=kksTCTkKb-8jRFrv3YA6%KPNae?k z$7xq?U^v=9xo*UL{p&msN})707QAC zp!V$3ju4svu}hj*AFr`m)!plP_T}L)2_9Z|{)p(CzP?A|Ca?s+a{=E4x>&%vkTo$K zXp4`LOnwf-O8DG!fdB$E@bUaVPy@I*D2NVBO%d+Mz@!0jL-OHL*@l5|^To)P>-*j| zHO;`K`Si~w<5DkIOUoz989tzu5eSgCmsi$rM$-Lr3>iVDP47$_sYp%_!@~&&U0A94 z;^bdjtG0zV>$NIGM!+iIRR^uXPPd_>f^IG@QgU*V;^Mm7;?OL>2|&5rhsOM9lnF{Z z7`}tKPRLpp$RdPOJ;B0*f!G$KgDMdB04hRsw70i#$w2gA(}&Hly~QXt!xKYu1Uo)d z>;l|_9ZhjIF4;T}lf1i`QsjFT!~rb11zFjHl5=wI`0%TrCxC1~-e4{xZ$czGY21FF zcBFD?I{ts0^c7y<*j@@dFIex40iLn2u)s}Ng8%^jKuCvSlN8xT1a=3&SMzgoTadM} zrG+g>1#IQ8kdVliSF{9fdVIjRfY$A}3dSNm9PNRbH?(J~Rs%yIDkyR-l`Y#X4rS4^ zxr;8`1>&6!`~jfW>~R?&IAEdNHIK~cjZ)In-@}^-H3uPCPoe8s2You}lS|84IDzKv zQdr?us-ve~WjBwvenI6ajOr^HZ`i!q&eF0KcJ6>#UwD|3r0J_O9?#`Be9L#@^w^9I zVajD+15BRMG?+ZGW5~ePA>;YW%ZbEp(TPy+|7)vo^+@@~5d3#M4bd@`(y%3<@F8zl z8NK%6_+$I@`;K}U&GsbQ&0Z2hw(JUtEF|eu|2<+i^~AP5-~)vQ4h_;YK7YI&Iw(m- za5awe_orY14u#VFQ7$+GI2P780z}T$jc4~9HqNL{$YgPQo9{&}rslj3gby7QAYXP`` z!3iN3n1u-ym*7AC5)@60zC(v93F_qCyJ9AVjj*&jaiRgE1lc{XsKW52Co4YQqUO#P zV2xrn_zbGan$0FAA24x(D(vR!+VoF&i$2aHJNm7frQ4^fH3c=x3$tA@i1_5l5NZTr z_F!~DL|&7Utl+2LIs#*xvltSV>fx#Pu|~m-rAr;N)npQS-pr)OLWYRoUaY6KhFBWV z+uY!Bf@s{%onMeq4WM43er#_Tq2LR>4HL+&o}Myf;)I0=s4K{IWs+wb4k$S&s0Myc z7^dl;^p=@Aszd4aK5Q8hU}!X{BE?V#SjCb*wtg=xZ-V{Mckax@#92g~vZOJ#0DDI6 zZ#dUepdlNFNylxC@1KQHxT<$Cz?QyC4?s0`kM}gB;QhL|croPxBFMrm^w(b_$*)LH zzRyqR;a%HBMUnhUr4`xl3Lr}ga6$qG5%yrzdfgu$c&O<-hBVDNeM8Dk2A+L71q+y) zhFhkz4P^?CXs*<4H_~%<&O~lNolj6#&h&?2@o}_*-f2sVmzUR3T{l?NnG~rxCN&Or zch2xXJ3qwN+_=l&#S0H{BhKoKgKVeAIOBH$ohDRHklJ-xSYE#T8yPw}T^x}`1L8xL z`hP+?_h_^c#H)Yz?sn}~e zC>lFi!S6qQC?Llefb?v z*2dP^$!Q8>v`ZbR?a&`q7LN1hGfj$i!4eXFlDS?wn%mLA2t#ILUKx8GWb%QR9MY~G zTEBambW>l)Zj9 zJuNL3Ndfc-%Qmq%bf1(5AZFFJbML=+H)GA(we~rt+MnCkTEW?r_1*{(^~|zvdU8~l zHTVtTJKdQE8{Gh%$ACf|>rrt@YT-Oa=!bD#oHf}e6hHP273MGhIhSs0h|Pr6*k^; zIeQzM2jsXFhwQk&%+FkmovjHw7p#t5RV`?uTxzUM5w!$kwKoUoK5{DsZd(;-^}|r6 zx!DcbKOEDLfcIW5WLH01N&^DujE^FNM{V>{^rMg<)|0TUPpH?~#wKAKyt?_?nm}Z@ zQb_AIX^Ln_1%T^XX&+DKcK|j;jnWpeFF)E6~ z7$Lng>u_hs$Ea$@$H*C2l(At-?l9Ai3m3MNSzY3o8}}e6_|WD}VUrB`7U%)aV4oYw z`fF`NoWyPyUy64Rv1LUrb{(Bo^foAAaa;gT1ksVZfrksnko{wLI)wF`)%9I7-@l)+ zx%KOp7sNY)oc~jwMI0FFkKJyCsG^|!<&z(F0X8q>Fn)7O=JFK~E+{C!5So;<#W*=F z?d-aok4a;C3QHP6S5vbk5YBYW*+bGLAc=VKL2D)ij&heQn8S|>V@e(LwUk_q?R42y zY3s{Cx_j-$4YMM*BskCFd=Vl8r4fWd=l2rf&aPq=NPXY2OP{7p!_Bxpz%d%)aSnQF zAm|8p2_--dn#+HSYrifhN87PJN0lb$bGII>_8b!{Y(38P7B+RJ#boidwViAA8kKHO z8h4;ps)WJ8$ZM>DIf#eOSJ3fsL$!>MD3Eg@K_n7_>lBnKP>-=8q5A(Ctudi*+k{{# zG@!^+s)$n+mNH0KGM=ZU<^HcxqKvCVl&I-e#&C$ny6xiP^))q+kMEX~v&oi``zqlh zkeEOyQDD}p?C$;pVObnVbS6DQSD&TpIMk!CI+hW{_yL_9y4O)mUx<&_c*GriqJM!4JKZ2CRqBp)91+^dBf;YvxS&(W*yPJ28zxAv~WK zYJF}u)16a_296ntiIt|wa(@Z;8-t~!r4{fcXl;{nw3B-FeqSofPO!oJC)BgWA0U>0rm$tu7f=QrTvvMqzM~}KDK*qhlid#0bj?| zAsLk@Gd;VQfszVgh)zR!P+9qkV-60#5D;$^)hmT43K^XK5E5F9=V7%{*t5F0xL}?m z=s@e&Bk!9n1DRMgfYBKa8z5k@5*8R6k9 zE9t~~4H41!xV>{d#t{_5ehBy@28IkUX&KFG$22rdbFCRzXb?N4p_%C#f^FaY?CfXr zDu73Xd;ZscoI&uyN$vuC7~p*WC}E>BBg_dW)2@`1$jkI?#glJIz#@b!NTc6(>m=xV ze~Qc9apCqj^OodCS4H+*UX*6ZPBe8hJPBqM)=N4T?0?_9ed{^d86Jq#7RWh3bwN+x zusb_9{ut1~__k8y-zGM$Zf@O}ww08WQ12i_!37&9%vbQMgrXC$Ux=R<4=?WrN+Lxc zRBhN)PKL$E3d9?FYXcd)kygMrYEA`_vxIUg67!?|<)iK2IU(cr2ivc67UlwoJbUI0rWj{?`);VVdGE7PI#F4hI>f(w4q!N~wr=z7kqM|aLe%`>q0K*$S78MQ3*Omos zFpchPQO8~le>|?C0dWq}_ZFEO!94-@Z@4EUC}@!XHiYYK$&0|i|2muKRUu<8cx?jF z7C_3twnGEO0Axg-zss<&$Xo!aX?ZrB2;=YI{!ds?#JEyJ*s7%M&6~pjaN64DphCN2 zc1;PgL(74m} zDb6(6vkndzx!9F}IEU;PIIU=H6I)$|PVc=N6(v_Ng_RWhRlvn^*!p8=kz%hc z7CQ^L0oduAGc#aOS(#&fcf7jAZC1_~n6I-Hm?s!fR=Z(oVtiHx@;sWK7o_*^f9R)( z2NF&o`jj6bcx^_KwevprGQ2?-eR8n|3)3#}?qDk~(i4rEb|!)zW0V z6tjKQVxX*S=*bYLJP1(Liz?&E_sr91x5r#v)?b*M5LuGlx-}rf)!p4Oz55n6q3c|N zkOECpm^Hh|80R%G6$HZ}H&(U>0R4!_s|_xLNfCsIXwtjsrB48IVfnjPG+U1TY;}sY z3D7Rrq;6L(wt}i%j=Ei^?0exO#PGRYe(&Dj{VTuC_4MvJ4i7(Q7`Et=jXqwNS3-NJ z=grFn;}XI68!f|_m?XWrm(IhW*=C1hh4Vdz}`J z^_Ls}&GEZ;cos+%ROhx*e9m9zfZT7WeU{xB6YM%%)vo;5<=_V-(!OkIEEXa$@aom zRor1=o+6Et2aHXy#scdSI}iFCq;=-tCaMD@Gj*PR<+t+3(Hxm2-c`4QZS=qJDFrb; zy3CxW9TTgTPVO+?`15YD2YUo^p=YrXFKC-ruo3^!ym zF27Qjxjim_2K-&n>rS67cBK4--T)>Y5gHOalbvrMR*;M_)6SgEP0vt*D~ZMU(I-+hx_Eywzez_^K{sGf6Ymj4zkvJV|a z@buv9s8~8Wz7P35`(8D&GiD+Qr~MomPzFsho=_fKxZG^%_|bqEJS!HqInI}~-9n&? zwQ@kZYst2)+C0sc8J64c9*S6yD|){0!wEWGLMRCz)bo|)-}lPPBSw?ei)!1lVQrFf zG0=O6%Jr@x0E49ixnr=NS>_gBTG*vNf;_w#cSABJCMJHu$OO(wc(4oK`b>pc*8p{9 zrKe7}U9jQW(ie7X=!3TFiJ-Q;+$Sc*?q9H>wdx?V0wI5c?K-CeBcB+buA6PJR6l1o z@B89*N_51rwlt2ONMxM=Bik3H1KgmWVYFp4H?mEEh+)xS>5cWa5$vcBQ( zEj-Yd^7F?hB)qPw65h8D1}uMShZCutL#gH5%#DmvFBYsFY&pI_cl9Eev$-@7Bo;Ip z#3h@FF6>QybRh1P%&uL?g!+QmI4gQ;z&6Mb&O!j^4UWQRp&8o+XO|e%@EWdlo-QtM z9P0zf3q-o}Xs#R1MmR&cVuFXf6oyDi&z|MZ-ZBuA5EYF$-Zjv5MEqOgNZ+a2wwB7u z&mf=`xeQXuUj@k$<`6TIESsv@8}9|WMqe*T&djt?ozpzVBceLBO-qfv;Lm2DJdyq zKJVRLe{kD|n3~&axtN|{je;E{Y;@4?KE8dcT6Aeo?~5*^V=mwyr5!RkTJPKRRPS<6 z?K$gUp7p)k_~qS?IsdJycYcv8uk^;4?U{X)Z(}7i5Q9C{O(lLDP5`}>`23UzrsUgy zu}T}EtqZWXQhqEYFW-YhP<{Or?07$~@Ne3VA&13AM39Xw0tj~Q%(<@)CxB1t>`r-{ z%kVRG$HVyAM+w%Qh7cTJ?ZXkcFgBK}#4{gW1g#fD%E2eHjgWHx*pBe-c4Vp${|SsN zD{C4@NfnUN8$NCxz-j0rf(b4zS*-<_>Bm}A*jP|&U*Y63(tf`3J)kwmLCkR4lGt7S z=P~~c)Tn_7*&%iZ==6ziM?^7gppO>ln^uTS7-KmDL@-Hy|KY>Pqf-$;0P;h{U9z9H z2FUT5umCGXk(2zkEZlklIWyrN0UQa_2G+V|*uOnBQM^+acKR!=&G<#FgdLX!x6(bT zzk6P4n~q$YvA{9k44sC9f6_F*Iw)Q?My%mqqSo(xPg|1IIaF2O5-ExUAypX~8+-Ta zephEFjvqM_5(a9<#yvRZz$Ob>l~5V8uxUa%sBA=SVYdbB^4PI84UbM2`j|3pk}9vO zQ`gr=Dos>bRz(%VBd5DQd^OruC&FVq*jcbqAv~)9J7Mwm{rS-oCPNtH#PozFGb?rv z0*iGTRHp7t>rEZ#n3%%A^V_gt19KB_&OqDNCC%kTx;;msib zd2H+#0roDL5nCm$%&*8{XKa8hWo~ZY(H2F)?+drec>RA&)7z8p*@%6eQTCZP;X(o;@Br=0jj))ia`MQ=>DCmjDMk% zmX%!3QU8;716JO~X(%(Y3S7IbM5)4BBzf>QnKF_;-sGU5R$9^z(Kq+%uI`ARrpZqx zZ=j~Bh?~+EuVpwmv~75;D)ZhU=A(O9kJ1mST@he*d;cx$t>%kZ%iSgNK4s>98X~(J z6wXh+w~4!KeIyXAf>QIsUkRxVuwg)t2bDH4=CjTF`!lfoUMsMkwi3gYp!ohN!_46z z`S#kyfELK!bCItSv4fNoKXb#yd#aAF;nZ(gu84o>T=4w*PGiQC;#=;ooXcM_sw;R2 zZ3K4n$gCn`*DSnyZW)PCA`vlzb+$kiR@~jYb`6bgLu`_8nG-tXq<)W6+Exm)8G;aC zJ^%FkGwO#)3?MOVLR#VvQbo|6iFxMnQPFMa9ZtG{!{^X{3sQqb_xBk5+?)FD-u^A_ z-G-1HAP3c-tkac4vfR5Y-+|ego0DVR@aSX0;dLRRl&2WSI~c|S4t0ES?5Fwu(GClM z)`lcFv;l4ig_wbn5naU*H^#mSr|sj;*LD@z5T@xlFB|*&%@xmCVpof7)EgVz;GBm&(l5@bjPuw(!Q5dF-bf38l1cf za13!?SSm!v9o984_ywzhm#8J$s|QUzLw@dxDgBWRBx;=ZuB7_&dB?>5>$U?|oJpkB}JEhU&CnHfZU$XSb}6UhcW5bhpVKZJu< z828>?uAfvE`jK4;Iteku9F~Zw;|>lCW{X2^ld;9FP8_)qVqD)D$ob6k9e1XQ%yP+LLz?8KDTcl!le%gWj(%CZy3vO`DeqhQFwWy;ar4B#jSoesH zQm&fn5HLb@fmJ5kBENCv%O-a)#7yYAi1=(; z(kfZ{2d*0s{{`RP!}IUoJi5C28xuVL9nz}>!l2G^2a zy_SuDapl?78*|@sWMEQh`R6yASHBpJFCJh0;#(nnab^d?(*qWk1dCLOkJfizfK9|y zJNM|~CtQ_$q|al`(~o~kKh-{c3BPk$|3Oys$)88n^8x3ZoEgp?l%pkuR&-U*(6_tr zpp1%|`6TZ57E-sfc*1h`n^1Idnq5=pA*p_P@OhJ?P2q+dnNrG-&7=ocXdQhL<>*Zq zx;Xo;=+}^3*gq)DAIZ8g!H?>*@RYXbp<=T3Ungi>8Qkd3P+qiWWh^jcO~=saU1ai%D@$D1X$LkfYgz06p!KiAuO?h7s7NoW*KlW|7D(g|L!Mr* zYH-buSA+4~T&@*V14kb?xvOT~AikZ3_wn+dJ5{M$IXb;!e=r!3-VhnQ11+>=& zsu;=z_Ou!J2Yjt~c{^ipYL6k63rSN(_6*f))7u#o7jKYUs5NEu;$vlc8M`=tF=cv_ z2KMdQTFDchK_OtffdXk1OdV9^916GR$V{6Tj!=*%_zfzjZfE$LyU@}Nknrh2d@6}g z`AlX>gKMxns9&dU=UEa5+ zLFcA(`!vbYAzsa79%%#j48PuuE2}lyQk{O z3FQanOLtz8QK0JLOlIABk(4F()%;ojI{rvwDs_2g>9X+Wd{IWGBL%e5gTTTU6Jli) zSn*xjt(Qq2!w)q&aIGD<*8Xp$-zms1S<(l+-?fuz0y{{P6+N%Y&#wq7Z0h1{yoMSc zd+qZ|xm+IAkx`m)dJS2~yJqtZl-kSEq5KT5-wYMW2NlAFx?GpsL4~q?^gh-iQ^ENt z#F4?^Mj9o_z<-Hja0@Q~ru2!^8gi~z-(h2q(a89n#A5R`g4cy6_o~N()_@&&37#rBvlG%9S@h%S}=X}brvwFB+4`~b5xP| z{B&zXJ5A#iM~2R8b+n`<*Zyx)3Y)0Sg7Jr&p&cam(e{+PvjU}?@lXs=Y$P;yDL4L` zg6BEK*asdzHX#ElO9v%BlcOZBy;o%TQQFYn?C>>Y(esJ9Yb!W!;}3s&KPl6bE(#b> zq2}VZ?lYrmjN+0pWlN{Pqqx6qqao`Lo@^)Y#D@pu>}@CqBur-SDreCiN7cx?)jJ4~ zetycSi9E%v#eyeYNBsVw`oj~2ek{ow@CS}eIns|$_M>c9WVANs$XKYlm(mV+)3=j1 zqoP^RGLA!n{cUU7$=-PXYRrqF{48_2zdh=pLl)F5E!j;y~@7B$OjF zz%S9P&q}6qX^*~U!Jvcs*uy!)Np5>^$Ju*9Fdnm<3pYyQB2Vp5E{NYgUcJ#fMr*v+ z#`~s1H42w?c(WF7))YQxA&YanFb-1F7zE%_Z2FQUiNLL2DfEPlsXiQh>p&{VeY*xX z>O@QIVIXcax#1Fu6@vQP&GMY0knxI)g*=L7X;MitQ0ZOW&mpq{7s)z=-h0f9B{`Qag_AFlwJ17GHDMD3Ukgxk%GSX3Q6KBN+Qb3 zMX8j!!{EFdi8~DMcYcx~t6i1J=vckW&m*O@rJGF;lJqg0dUTkQBz2S7(jvF1qT_q15U@nhDff`WH3Xcv~#5fDA7BCD|tFTGDojif&essf& z!Ascqii{0a`Dr{FouC;NZ}qr^#yUA-IV&fcyCGhYRfYL3g{Q^9)wNzy5;bJwmIJsip-nl3UFO1|Qv`WooS;I-$I%s?pGF&1_DD9nqYkmKW38K&aZ3iqPH zhZ45gw7r~NoYU-84&`rB!l+LY^-avp1BU}U$aOiM=Vd-Blis5B`mW>m{EPl1Ueu8n z4}Pr8&7Hn5K;?n?x0Gdu(}jl7cT_Os6PXHaA(_-ChNpi*=7b(I}HKj3}&yRJI zh4#L2@=@$0%XC^~6StWZ3E`4N<1Ub*xJ*UX(Bc8X3e zR6%D{$Dh}Xa>}XqPz9Yt70g>L_v~ZnbdizPr)uQDa|kg%AG|VV%An+l>K)kggULU5 zKr4NN#xL>|?#~@EA@?9ysBwL<36*TZ33`$$dccG0eQjvLhOUjIfshS{!&w53?Ak;7 zP>HmM7Wdr4782+}x{`nRSM|EiD~bZ72SI-XvP2^^`G*dZh)y$LSv?bTje#dT72O6u zC|tW3pd{%|na%Q1nUsbdUAb=K0qTN8HhR)1hJlL!$|Q~&7;sm(%0zYu4?lWYnQzS+ zquZ$zh4h)mB$EwxYdD)u_4AIoF&G5kh9-AiZ44I!;i&AR&?xJ5I^jRCwh`p=~oxEW>4CTaBUAXh2g^#ed4C&|LvrMED z<+(x%R4LtU(>0W07x@+ zz0TYD^}0D1$!inJJAM3`EXP|$H=#?XXz~)#1`U=EsKx|8X&>)1);vQsaBPf?vixkc z0+n&&^oV1gF4eSGo-x(5OYi5gwYPdwX(~9$qX}g)q;m%g&adUo9NqkDn65Dp^;Ak@ zs=|E>n+_@ASlVovE2$f@^ILmf$N# zI9PhnfJ*o(sW{LeNQZ$Wg8sr!eS#$$6-CfK|9WKuspG~Y!r zg?1uols;jI#hnT;yOC*Hx1L@Xrr!C)o|HwLRm9HrlEoDSPe-6sk{BzbiJ}Wz9R+35 z<9TJdrIeCTIt$Sk#P>U2Q~9P*OcGtiLUh9Uy!56Ajl~C%x}yX|AS4&A=>jDWg2R}A>hBnf`QR4bOJNub>#?87p&xr`>R{Em%>0HMM%i{1U zb$;4yq49*4w3WEvWxHdYoIW@1e_N}JdpyI+K^D?E-YJqA(xFS^ASi?F-Xi{%7;Wd< z-q})_;7#F!IY(;|ys} z%)Bvc{tG86k_iO{)K(#d$ATfMG<0DcpQ6^5zrm0qk;JUOI8l+K;y-e_tjRmh)hT`oHcUyxsqWwZl>30`{J}zM)A}0(XV+A1{-~n_X?j!X zEH_!`Nm7!y`70CpCY<4;WA?ZH!v%QqMA%0E?W}MZMv_J+k$A6uurkxdDgdWMW#4TFnbF zHfdDo4`lz&9ajAwlN>$32kst+-Q$;vy_%~jR%hH^U0^!EXrS2!N$-%dG5{BNO~Ynd zU?ukMUEz{x=kB~?p@v9R$32TwrTSt{;0yzsSqI88Lai_(*!L$X%Iwa05D*+en+H62 zaloGrv1tiR>3Z#jRzpRNJLy`03{F@*~@sJBVM9$`uP{e3aV$=H_qPS4!e^Vf(%{ zC#eJZ>OtfSP8{IDAY))b_b{c4Ii{JfK2)COT;>wTO z!0K-U2gf=Az*;{>V$XTNbu=}oKK&yyobdWgX2U&X!N%2f1{fDeJu{Hsgzz0O`>8DU zeK3Fzcw75>YSmEgV@Hn`La&~DQOGvBI$<%kRqZo{p1AmhMh8RPjNqxI>{QdI!?QAQ z$U*$<-5`7p7`bF85zherW^`{|`BbAbLtzpybm+;}2q0XGi0ZxY@NDqT;az~ha<8Qt z41W(0)b7u~qF@s>+j{E68UfICVFsdwK$1c|^jWaXkw<6A7g`bF z-n9aVb|6+DD(;7r-+VABK{0VECo^8i`o!0#WYbYD;P>{88sp*pcxR-d`b66(>hD83M zCx9xI5vSS3OHbt`g~{s0lfFCVT3WY(d85Oj`oT4ADQ?E-g44`?0Tl!y5IKc$vZP5N z;gAA)mBB-62;=~svMM7#<{{agsCgneq;eoZ62r)5SAGD)Cqxp@EI|2E;{N3hHzN}h z_)c%rQfmO+f#4x}ZF+9b6b1@n1QyHZ`|I&x2X_E+0GQVbfZPgF$mGNXj8^1aKUIO% z7Ip8QFC52V&7FNpz({XCT$R_b%=fZx9RU1$y^jF!fp&j0D2PQFY$Xup$`kCwGRj;t zP+4c2DD>Kl98#_>Ts2&(IMr5cn{w#n$tJLMoJ?NB+zEqE*UtYQCv<%v3twYKpO50v zL73mh^rVD(--maJ$|URydv%a72;m08pw&lBkl z-CXRQJA&8t`28t$EdWKZgqt3wSyV_Ba+?auL^pm($%fjw1-X2do%{9~g%G(mvhyAw zSnVBB<}no$7xyLTD>N{SqEECzx|f~pM-=9rKm5Bk$6RLyg?smhdZVY=d4H<&n=a^+qvJv|Y+$yQ6 zQM3#ztM->N_w7~t5IO7E742%?ms*f<&rZ6%|B2oRla%;ehZ)`FC|y_6yw-{YO7X=@ zDd9#_O3I%l1}bnQDOtN_O*G~S(8y7U29WzfBShb`gejAPcMkeBK^Tlkxg6i-^Ja&d zhDIb69&el>c(KnR>FL@C=U$N*>HpW>nTJ#Te*Jz+QHnGwQ%OmL3=xVF4TvaX87f2O zdCXLiB2-8+CNdM*$XrQ=P{znSN9J)G&wKkm&vl;PIp?{~`Qr@#99Lb&J$&xZecx-{ zYrWQc86BcVOA_QwKsw*Oc}4{f$uhb|nzogeE=6v;ahy{5^5rMmUg|lS0~Q`&(gLf< zod;@aUXIR#!}ws!C^urE%soy0s*KpAPCZ>!=Qwel$g4R_&&p~pG5*?=*;hh`P(U*; zuwg6-*<*<8Rsgag7mX<^LuvSosCM=t$(bMLr)nKKoD7l3Lmo+Bnmz#1L5iUQ`k4FJ z2&S5cQH(US#2SbMWchuNAVA(mL7dhx9RQocEglsV9E=20swQ#xA=H`C{Z*bL*`B;C znsY34*rXx91x^gTO(FvWZICHP%_VrjNo)?zdu~@%z7Exz6Mo5b3$iD$FPadLi>p`H za<5pXcxRP*vgy-urfFNGu(`La#tdmgm)35Ag8uB$pRuGX#;8Wc_{4C6L7ckJngkTE z;(q7yfJmk%Y85N_ISMshU0krk^$U@AEA|kc8yw%DOrq>hg06V~D_Fiteq4dzF^vfD zVV6c#4poygN3*zHClfy|-u;MBdzDdEiq?e-k4)#%kVTV8m*P@stW<3~u40x3a1Ws6 z{*WI?!36q6>ofAqrYDi-&ZtRh9Nj=j+)7uXu~y3O00Ww=q3O7qeAG;eaNSg2@Z0{DKih%?9qS-A9n4sJzI&PvoHu);0eWoPv-SZbFE&>JhoD|0vC zRqfajUa+v+sXlA?n z!WSgRvDmPq-GCE>^dW50naR>!d#_LuEKk7QRJgERhM<}I_2XwAt}Vaz;8X@T61fRv z9M(UbuFtjV-GLe51ds6}%Jbxvw7cquxSrK(zMsHRPIb zE4}Ekgm+27!v&giZ8N{if@LOg&rG`qx!?u5>VAMrdY|(Z&eXwhbT|#N%%=KiE`w?Z zzv*aYl_ACfr1Z=gS9nWk%qHTblG|(4X>Knj&7w*XsK~s2WIKHgz~$}RF&|9s%Px~@ z-6O>v%mX>DNWcRFl62Da*9ktpajbP1fp8HEZS2*kgI64#bcV+vppJ`PN_Sr|0m*9N zHXVlAS8}H+WR@L@mm*l2H(ppMy*y?2hKf>=?cqF*lU-E8XzItOhN&HVr^99Xis%6R zIjPMuN}s=cp`|*H+`p64$A$5ZC^)UCNDdNAQ_p}f_X*vzUpK8ogfO$fVl=bvW`F}1 zRH>}3jS@BkWIYOLQaIY0Ip$~dD|h#9L8XQcN;t7FQ83<=q>>EB3x!)Md^s4e7b#_A z?-s5Pl5f%*$;D!4ZT4iHEaa-2t#5FIlh$3XcGise81!* z^JMswu+lkTp*U`wU7|{Pd6QhY06k68H_6ou6z!nG9<8nSp;8me7u^oP9jyX8%}8p2 z(Yg3^9~<`svU4at?}Y5}stNL^X02IHe>1-IEp>a*qc$s;62uMs0o01l&d=jrJwZK{ zy!_3K+g@d2d>WatAcj!JhpHS!1qI>N5K>`^Ykp`{-7>4t2YY9g5_OfR9f7M&!sa#v zb9suc>zWcz0Dc2)k$Oz_qx}E0e25RX!qLMgCS1Z*a}@>TXGQP7{*0}*30LP6wSp}) zOuhvjqk6Xh+=HQ1GjauG1LJpFSr@gxVxM3RxJUnzJ0iUd3E}n;F!;Vtw5*Tz0d63c zgCMIQia?0!+yg-WLEqo{`q~AJxr{T0_kw6nvfcWs(}M#$e zvd9$-q>K`}A+Udgl^?`^Ku@r5(e#H-oS49gBa=SRj~z8hZQt4Ad2;|Bmf4UN7F!|X*?etO019D;FDeZxFS-ZxVoD8utB+0QpEQ^ZE=wv5tcKQ3hySxX3E(E z%1ubfh~Gq4t-1Y<-Chic1|7I^0?O;6g_FUn(4$yJN0+`R5DI{^@d2PwAXIttB-+e4 zcYpRWHiz3`9T)tkv$!}MP97B=FbQ8D5FZ)DwtIlGer1Ipn2>OH0O90f$gIC(F1^_o zr^i+b1AyUxB*eirp?%vRXz2m~sK0p&n>3i)<4ryv8y*W{{{k%!y!BeyIZ*mo&#z1= zfPw#4zr5^5$ud>L7;?)yrIzu=ly~>TPeUzbraVmAt5^F_3nQb1QUFhSI7q3v2O4## z(5Ar^oGI}ay6nYZLoVB&hF8Jx2d=Ha{=k5H(!^Z(-6x{Ns+J8ZYpa3E^p+v{k4v`7FYD$rKkJGkBwwI5%oyfL0$XClod-9 zPAyU#t#@Q`?hjV$3xe97r0vi%`WS#TQjc?UPsu2`p^l_#jZ8jTI|r&}A$CwH$(^m5 zbS(p@D6U7Vdkdqre{Z~w(X;5 zVd430tKZp%wn6F9(Op0kcS@C;rgF-{LBy7NWw;3^FFO%92#NZ885q{Uqo)7{IH4S` zz(Ul>dH?>ZxhD>>roXdCr~0ePRPr#iOlzrVL{w*HJy^psi?hMS0OOXby=FPG@hSG? zLHo_Eo5}Fq<-$`*tH!2Eu}l{&pG*N@mQ9u*rgqN?{a5^5Q6 zGEJE*1qm8LIovyl8OBBp$&CK9+S-v7hlFaNf5~fNjXFz7Ny!!#dz8ajKLEG%YIm~z zwyVE&xZ5|V=3914VN2H=M(Kvqx~Ct_-y{T zh)w>$at@{q6Q5eU6@oX{^Luby?1(8eC1Syoi1iU=wT~Z~Y$}OEf@A&%NUYF`2Ge$& z457uag?!|$udDN<4>&XTs+IjS4PHN((wNO>Wqd|0OsdiAk(XBm#Yr92lt*zkP#tJW zi@vSjaEZtLN4o9LY))QYIy$)C(R4MdN zyY*KFTk9eO1D?cb;uCda)G4g`Bh)ygC*!;%F;&h!#byNqLFOcz)1#aZ#EuAlpl11K z-zv$@`o21qBj?F!9SUt^h;qGghHBYz_~c1DSSYH8Z(s}sZh%Zt)c)R({oAMEJ!jOR z+rBWCmB|LGs!ecozRO$wsXNkgPn{f6IVbu9^`A`K(Gi+~uxMaq2i8P&5oC9a6xVjM}PN zb8f_e?0RU>R5M4TUhR@fa6Ey8matyVGn5>{56LlY5x^nRz+~3jfY^CS2JhxMC5!;d zWiZ>)D}3d$;Il^-q+U@9LYvm(Xf1-nGinvF&U3;K9y%mNhhx74OdDoil-pvW3%56Y z4OU4xCqt-@eB#grtEPUZnMb{^nQ9?xa&2Ta& zSGb~_*Gw$+*K};mznu9p*UrOX0aY1q#b?rK9;}e4Pu?4t(872w(TC?Zv&TJ~>)*@? z!S$<`h1^b&+odLO%4%qYw)(Mga$b^Xxgzi}BqJfAyl;;yB3y~KvNB324L$bl@ZrPP zH3Q*CL9qH&xO~>>hkWpo`}VsGOCe@>CdhFHtZ!-}E02C^vkW`~K!jaI1Lw~1?PQ(Pu{sU9OY*_N=W){b2=zpirD0l`S~FS%9Trp+^xlS<>PBM4i@ z?U$pWq0xkFDR#qZ`L|lwX5e1Hvv0uujx!@ZuzJ5Q?D0TN0j?YM4YzOJ40mz35W=ek zp8HT|<*j?0vT#FD`}PZ>QsmGUD%${W<6wwN6&Fx%!5xn^_Gk&~{;%SJ#bywy`hkfgeVGP5JQ854D|FrQZzmQr8^*Id#Nzh2G!=+$5A^*vw8Ex zJXu|v2~khDtt-n(?kC4h(hIY7KW+GU024nShIp2RTXPQ1&wm)Xlsi?z)Ll)E+{e1~ z1iU6L&+NpOgY8Nbt#x5dC7h=8W*-$`b42XP1a*n)Cyi*{Op%RGvp7XVLt<# zg$>Lp&QbO_GT>AT?+~#l#Bi}5VUflW%z~E<;pXwbVxRZ?H;*090$>QWs3{mtIDeaI zY01r9b>L?q$bTa;W^?U;_8`rC5>GT4-O#&vpK!PP-+wTszwuvBf&a;OVu6a->F%jh z{8y&!-_MQz{Uf@`G#CAY{67?giOrZo1j4;H-Gq*^gHdO<5G;=w?A$VFmb=wypH1oK z*dRVuQvK`$MTtK7E5Fc< zck}!S|NPkIM=UKE4;*7_rE91Nz~3l62J3&>d4|&xgnLLhJI63jo9eR0(&qQ&j$(<_>j>i{MsbS&X3nQy%5J#@V+eBapL*5>(a>RmHfP0N7a=` zeip++hLjVB$zLBWKsTV#vR?C;wXHYz^81nG$Hay8auEIguXm{d(7d`Rv49a* zw|<=^?h_3=)^mJ>tD+dY_ke>49>dQ+P~0U)07?WH^Y5yK@AM!KA3=B5>nsX#N{2A? zD4dqe0FWEXH}6=_X@YFSZ!O4ZW696*7LRzO;|N{y7_QS#?r-M;ni-mWO75OupsCsS zQMzsZhK^eh$0k@R;V;NA9O0%6k@jBJvXh{n*2Pn&*VEA+CW%64!~QT4#;>ac3TtIi ztmjs9pBW1Z9W{G3n5mUTYTTs#02fC%?foIof8VyOCJHH}5C~~y`oCGa$NoCswaOtJ zBq!xO)GSM`T?Fp1u#MnRm6+xFy#C~0X+X)uaM{6_cE*36rr`A$-=o79zJ!q*A4w?dPKC3FZc?sic~; z4S#$3--kqKZ8~~&b&A1I?Hu(ZkhLDyQEeQG6hE<=$;9r|5NR>o{=Nyo;<0( zE0Ka6@FAo~$5P2#^08y#MQl)nF$WR*Z9_(7*31TVYP7yk{;2qGnv{sfqXz`vVGmv{D$+Fg%fi4gG*IWX>9SG@)a)5A;p_X_Uly4r*c^*4*_WVgy%yAkH5ekfaQ8ZY8M$IkHdT=0O$zhzjkx*L-XLb`Z&(j77F^d> z?Rem}bt=8DN>a{Ou6{l?e*Cigz>1;s@*8hvQvVR2;@U_SGcWhC{7@u92d)$oij$Nx zd2F_@Wfv6p&k=PFl?Pu_TkYJsW-&AMGj%a*r<5LR&FRVZEq0aSBIDsLRs-Mt1>dep z$l71zFTR?boHhF}b(7lGz6qjD^XlqSvEquGv16bmn{-ov#)0jtxqaGC+Fpfqv^Tuh zIzJuviM1!>xTqs3lUW-nC!bwMJ?U4%MAqhViuXvhadJ7k&yV?`9rnQB($b>6zkg&y z;nKD0*NGnn+Y7}J*}Y;|YtUXaIzGa*gSjouZAAy?;sUc9f=9walW)@oqV&{eIEcB! zbuy;ATEvS!?4tj+iRl~f-PfM9wK1X7d~lE_6_vzJmX*po0kdYU*CTRT#~KWrb=_aT za$M>tRNT&z7ZlYQs}P~#x_G)ik0{oAUoJ%ZcL8ZAn0p5s+Z{0nx7>3NS9M%&75pKL z;N;|(**)zYwc7m0Pf(bK?e(l_)3_g~`qy^GG;FFxnaW5@7LUF@!OtcszUKQ=r>&;2 za5Z%{btyZI=~~W$!enTKp(j00XOR5839!9V(k7jmiSm&7$2#o!grO#czK=h}fq2=P^sXZM| z`Z~l{DOZ(K)6(j8_1^SWVw|j`&KfCnKJv*ZWB#qhM>A*s^y~L0>b#?SC2@9h2Huo_ zy2#j%-1(})be-JQ_IsU1ohL0l~7=5 zW8MEUOGxylva0>$>WZ(E(|tF$;CFh#b~d4>97$7;>f;+FEq3oQyQ0|nI>;0$jN%rhfGa(E)PnIOIyWLkYn3j z6@8DD@c2qtoT1Z?^4}%^fEr(of>Wd&PCX zbx&-T*~~W9QFL!)Dz)6;`Svq&Kh6i7(JSg(l9{jmuCE<`D?;z+v-o(4m6fS+i@}bf zP^;<6MDCwvZ+lsN#q;Kd2Ihr3a~n=zrZe5T-L&(L{B}0! zfS+gT=3}?ArRn7IdU95Bi{*@m(|_)|v(Sz@?=5;25>f}lKp%5OPfyp6vC4b9 zg<7#&L`g~A)YL-_joMUoB~9(snwp3_y^*%hpEprb*#~EE7s;mn=XTNIfmig$gq;!V8Vp}tsbdBlBS334Bv*Hff?=V=09z0~&&e%87yNhA3 zaK??CiW@mEUxv8bEH4B_o}n#vxwvc7{Fr`UKQTou-7t{jOqdYA&Q!z_riO}=uk$R; zcxT8LB2u>2&Jqh@_@C>35_&BMz>JMrOU%r>)jXQ}2ismGIA z`ISTNV*^*%N>lS49CQjeJtz40sje(GXRbNa)JpRGD()=%XArAM3yTZXOKP*7gOaXp z&EN7B%tf7MXBuDhyogzjfdMmEeJ0w!bZqL0omkBgPfl*0Yu?z@8@nHbZ`hwg`GB%4 zg?USGgxbzMNVc!!7Z;k<%CTlW3eMqH1r__R5r2i@YUDDx88098J>yzv(b>Gj)nDo7D^e7? zP)%AHw9qQDn~hKQ6BA0x>N6e`xYp=P%_qS>hdA$KL=U&5)^qkR2ezp(J$d_E=9|4A z>_(og9F>XRR$`v4O5*R>v^I}TqMPuK$kgz1HYbMjS6F(0;$!zf(RPL0+sgt6&td&2+^X1khT);s3%1-4$e5u2K5Qn1C_KWyc3 zCZ1YJug|fuSnE|>yY%WA{Z3ZpXV)ydOT5l=)18@K70g_lxws-ZydeMW!gi6Q_Go*J z%b^8!ipxu%byO+_1_gRc-|ebc3uCT7Hc-;JeK*72t!%?(4JXHbMa+aL`7VeoKtVKJ;t&tDd%e^pJ4sQq_Fa zB@5Nk{}eh0b60*06STw99)DOg zpI0AZB3kIZ)0?&lO&|965^s>ioHp#ZSJriBvk7xkis6T>cB6UUF+RquOPiJAZ?Sy5 z>!(5MGi*kmsnN!yAKceJ(FAzz z?y zQBqEix96iPY?m*eC%w($Y#4mD7oQ#;(8&`@j_yJmnFXi}rPy|?gz(1c>AiYts*&Eo z{`2ShTim<7DY0Ih*L;aI?J(Bqj%F*K^nT~h_h)9M=Qc{XEdKcx!drMl`GqrS>Vu9u zkLTUa=uZKnqIBv)r^!_Pph?q*me`0uF8}RxTUi&1DXCY-OOgzN6jQU;w~pQnrGPWS z!x=uk4@amZi~F2<`2`iL8;X7yCkF|MA2YI7R&l3cV})-_${An^P}&_=@%D;#$6ThE z!Dt`RI$Aq?lStMl`*SCaQ{2WrHs_d%hKAiM{wt|7eOu~$01^Zc$0W`Cf!|XkAu)Si zseN`lbD15)~!p`mBH{XPkwK2 z-+H|&n$xzEx{I~X?;^*RTFO@i7Hut!Ke^UqSEn+n4y;9ed#fn}#nXsZXXE<(u*$KJ z{o5WjU(>euk#s+9QxWrACjIAoX|hv}s_Tc>Ql?`*Q#t{;J8pl@>Eu0ad3H1ZEEs^Q zK*iRg&7{T44&-;VrPIHEAquOo$lh`bD>%YrkNh51(yK)~%xO#j`v%{)jty#lH%T=HJz%FClScK{V8S#a7+rdM#6|MGJi0t?xw8!X)g&}+rlnatKUi}QLIE^1 zV=rGeZKd$SyTfu1rY z8D&us9R7{n`E+kT#kX!E%13-m#JX(P1FnR{2^++n($9a{Nob$^u&?XTzfT{;?fwP( z`M>>Lmmc&q1@~d(x={jdW3Ls?Cn!h;=TM>#P82^zBG}sAZ{}8U;rB_(lDGx(!2UhN z!(&F8>PHyJtQB?LqWNM{xq87je?X(52p#JUn?Dy?#Zp)vLWDaM30Z@h@ME6)ps?aw z>YJ3*@E>^ga8=RfXJKL75A7h>3Vs8K+{pO&_+QzNc|P9)wz4i03c%od1fn4$KE(3( zzJ{7LJ{nRq>J|DSR#SB!iNLbb(o-26=B0lA2M8S=tEdTVL9!a85ajAWC6QqjP*}*y znziStL>xSJ?6Uodc6485{@^@oEINSPKZ6vc^8iU*T{S`P#wi`hqg|CNuda4Q-u|_) z8AKS>k@*D`g%tO7rQM{?5N+qnHJPR@nb0B?Hf|WYPtAHsUcLa&2V53}6A&Q~K4_5U zjFhrpqwuvj*`=z1!9hhRAOLTM1Qu8Yq-i4s^kr3Ue9xoV%4Xh{i+cW85Ia?)faU)o z+>O6N{S!+p1+WTgHD&AWjHmnjdxSBv%5HEV&gX(wJt6NfncKR=Y%= zLsFQYUiY;A*OdhQ(WLg~yxq4W!_}*Tu$ocH*pErV2Sqj@@ZdlpW(b@fIv2a73Z`qs zIj$`(TwmP*^_oA_2V4$%BRz;*A3mT|!t&R8;CQnQw=bDwqJI4R=aGycNAT ziv)NF!IptEi$EiU?+1`*!VQL;dr$s&5p=h>JufLJsOIy(O3x;7h34ihQ41{-5JX6VQtS_T)(q-a-Ps2#`S2S3qi3t-nr%Ox~d50H}m%bg>mi zG*^Kvy~ZYu%pRHQhXzEHm|aqj=H25u&fszyUoMg1EAtq#PV&j0Mch2?r^?X$6!IJ# zoIRJ^<{wn7>Xy(PTpu@3NW6iQxhi+|#i zjLi*3v&K!dXehes!db>B_+lo{t7)TkEoln)Eav6v8*f%TFwp6Mfqt)L z_04o44-|B#p-kov7CVY@H+K&XhD1d0Ty$IL_O|Z9!asJQ+S_;}y45)0C0Q|F)Bu@1 z#$+v(VEI-SAb`9kcTem?bHo_^FPciX?8K#|rO}MF(g<|}uAp9t8+3mfK4OgvPCW} zdK-ACWAkX%;Tzz#yBHa{F0!6+ZWvBdU2cDy#9mzrU$jpT$Qy)ct^1JgG$=SgOo@2u znkvUOP;o3dVw*>y6(4(-HS}{nVDIti-6M01lM|G~`?!g$EFl>s_}xq*{ysi0*c;1! zqRxX+u?VH9AiW*f-K)9U`T%~NR)9waQ|1k)lMa7)m9c(uIt2W5rmbq)^ zTArhWnq#s9v;9aDng1OY+8dl6VRhwrYw+jKg+|9uopMBd18N%njb8DjN9GyWR4tY_ zz{gvExDrlc{Ky@0&=}g29wL$MxG84oNiq#(U64%zt1o)fC}iifZA-Jgm@eTIJU&Yv zEH8mKk32oeY#8Rq?DVwnhWau_w}vM$X+Wh%-`ZQ=1Y0X?P5U4WuJXpohqINidTM{ zZohe~d`MPUT3a}KZ&|tYWB5uzxh#J?U%sb@VQ>PP@LVBCvFEpas%;c$@~jQ4AVXM)CI`6zh55> zxyD{YJjv<=Dy4FBhwSrna&qjNfmJ+y*xTFN-rj!p;6b-U*mmf-ar;ayFSoU}4o{OH zXZ`g8lTS=mPR=*pzd2HM8S2MlDzB(CLXjH=1+{B<@*Ua7_xi@Yd2>!F$nw-*>yOY; z``kT&t`2Q&;qB(l0u5^VcpZ&mw7*e^ukW3dS5!<-Nhvq(jNWJ0pN!T=D13tIm$`*S zRAeL?vwn4&+}%>{(cpMG62i#o%_FvA<6~pHWsV&`9+YqP?9=m?p`piC>2|N=W@PZ= z5R;V^n}2+`eg7YmV}68%{i_`f=3UK#3vcR=JV$j&YjOFP?)OPaZ?0a-u~dh4{;40b z-^RwriBUVD5%pEhf~Rf3R?N<1!szQQ-VnKP4ILc@!>m?l&GJ0FRlG-8kEeBZ)~>JS z*oCI9rK=@sYHI1cPVYD?AzPJv-{??t7YMZ7)S9$68|K($QuP~Tb`rTIR|bZLSl`ls zK!Y}TQU*n0`vY?ydk9z84lcN3sChMUwK8vq;nxg9X^C=vK_!X7nhsOk6TRV98cTlpRukt zO>Sh|Mg=)xQ{k{*G_iSk&ieW?rdd1k-*;}gd=!*6XmDHGEC6%(gX#gWeP|J-_-!r; z!fU9X!b}18NcQs@u7_1O)zxKYXYVCGsx!}7T5Bc1K4CS{EqU8S0%irlO`E92}G>0mF!9QLUrcVAY+BX0xS1v5=fZS6fH#X$qG@Lgz-}Q^LfpH&@F??dNA^u3x`?T2c}ho068s z<#Ssg6uql@SXc-L&C63Mx&)WqiaW=fBf=vin?{>~Kd6v@`UOH#`T6;j_e&rvkCw+@ zZ(E&WhRPiT=qBlC3G|APMPFs*klyfkN0GLN#REHX7d?U~9{T_A(`uCPBgkG9Ac?%$tw(;_mt_>B)1-7C{1+08yxaf) diff --git a/static/images/docs/releasing.png b/static/images/docs/releasing.png deleted file mode 100644 index 935628deddc5ba9c608cd7f97d7c587bf519e333..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 30693 zcmag`1yq%7)HRH5O1ebp1_433r8}fUx}~H`q#FdJI|P*O?hfhhM!LKEzj)sNJ7aw3 z9cP@a4q>zJx?-)l=A4UQ1vv>+Bzzr*OP^<*{YR|u zv(-H3?zhmw1`SOb^ZIvM@zFXO(F*<_=6Ytk2Oplk-wpi=4LKd;Wlg;vD4gMPh#xus z!tXHbGJH))7$y#bf$#;l)2|wW0PD*<3P&2bibgUGefR0}=jnqvs_5u(b>vm;hK7$; zmPOBZ1LziH7z})7vT0CaTu{-KFwsZMh>@h9gVjRJQBfOl#5enf;9gGeH z8t+ID$6GLv=YP)pzuwk9hJGW>>Epf7>cwre<^w~A081D!J`{qD2upaDSt`)+*LXe% zU4w5N5q9w>9y9~P#M$|TIvE672&cpu%71Y1rldq}gFR_6E(vdBd`n5W4-c;jhp_+! zr6__(Yk`7~!tZKFG5GiDL#D*c1%sA);^CGF8brNyd1Jk&76PG-Tl>e9HddLOvR`YJ zBH&ijb#+)nPao!yBS>n-EUK;F|Hf}}(rm-Y)it%|>H`NGEg9M2Mpb1NWvR2{Ri0ui zy-q`RK|zsozVmT(bybdXe(Xp(vWjZ8urNcBE?;F)Q6%%oPzv?t#v2NX*0s|LA0N{@ z86Uw>!yk3t`S~8&i!d8b?hhhZF##8~d;5iad^jm71B2iHMT&GF)Su(x(Fr3?J`(RBoy`Ha&&Bf-nfm(rcXf6#!XoFx zX{elRRfs4u=^R6oqoaY$=wagbSH()7KSM!CsdLrU)TVggel@=Gfk5hLa!$4pkV9n? zGg6Z97-?vV3JTuQ(#mR$&)YZF4 zh{8V52vFqbf6-m$wHXd{dBD)Ev-I>>i5XN z?=dsUXJ7G5#r#-)Wm1ePTyh2ogo(L4BFuyI!-sw@LI~tXuvDP`m-jSzFp&8LsiC1u z$&Y8JISNmYqN}#N0(}CcH@9$yhcoxLM20d=9t+zY0ag$Qm;y;@JG-NHKPbNbHCryc zB<889O(dkR?Cftd#rv-141{09o>2t${(wOAEiLc&rY5?&dc?(Re(vVvTtPuCTUmA8 z-R%+aU@tbgM4#%2h@{Y|T~$|CfBROW*SK{#@bD<1ppe)6t1Gd>y}lN2@!hB<5jwbWP|NL1K7+LZ9{{6dK1eLvgbgmqGNpUd- zRtyGC&vRZ;;r?oLbd$^Z1|4n4OcD2}DH5zNHkb9B9~VFW)7d8JE-(n^sp5^P?*aQ8>~HWdamHxp0xog=a6v6suAY-^a&r3f-JNT461RRa z0<-~V=Mvm>$z^n8+rokc7Z29S%~+w@ai=CGY=?E=Fe~&H1~xXID;oj`N(k{N*DVlO zXdecM4~laJvLIEbJoP?4Tf~E3*y|M_kmzOs^{n<6d-`_ttSnAnA-w}#74jkR!xT_SaDopwT0!|xG zuZ4|+lbewNcF@l(g?tqckH@DOK@v>Ts@hrsucwFUVlA@*e?fJKqmLIe6BC!y-egxW zR(5ta6vW=%9vT|@k#TrnAoK#xmTPfmEOT>XqsDTMC1V*D))#T{A}eyr{r>83^tT8i zBI4V(Z$q)^E2^pp73}!=`CkW9g79Es5}%Ne@aq>JDVC35nQzKx)beE2!p}pg+*mG? z^1l_#*zieK+O*GxQaC?;{OIfJdvtVUVq$W2bycK@ah8Mudshwcax0kfO-;PM~#OpK9y zXjoVntLg9u8XA3h2aH}pyl);pI*s2B7wcoJupyAh*jN=66@NcygdUbAZBj5}O--qf z3;vy8{9^FLDWEBBPsTDO_V)HHt?|*2NK*%y_K*qr-Dl_Kk{+=k|1uyQb0`T!J>wG- zSl|g_V#;58qaZmtI+neL_&oeDU?wMx>6^%vZ}ohpwPlb9xOZtgDkS34#0RZ4b6v$81n_v8qe4Pki**qNDi z%MH1WLekUq#KiuBfth^|1AY5$uuc#}fi%9J)YNa4!lR@A1`_^sbR?{<{{9)f(&E9& z&OS6W^jG>V>^QZ|Fj_c1ySV%aq0V~|L}unb@HxKM#$UcrQd07JKK$r&KtkA%KnZn$ z8g3sRK000RQ7`lse1dU=s;SU#_mzksHYkRMzC|B}o9(Z&TTf0-E+{N4$A92>0?ctNAK0%ddm|t1%EZ0LYs~MMsaQuXmA=L75gN zjXV~_X@k5hk~d}zkbrSn(tlUS&m$FcFz}xNPC&{g_#3zbzSxk^^YRZJs6r>HaLvL( zsKaB0)z;40+|Df*hBzc9B{jR>Ry3x(yM~3vquIHJV_{uyZ1@;8^Tl4x#DsTGmMJ<} zdbl^E`MaXAzP`u7>^$)f!W!ET?k-dVj%c)+AK3EVnYiN zUFiIOVZzCjoiKm@s+fskkn@%eFf+v;YaDmu3koWhvzMDcO^+wbWh?P}F({}`AtBb6 zxn2%dR0wzTa@wTD#wh>%`4G}G@ak3Cd-_M)gV|&lcxa3jZb!3s4!$o7hdbjK8svUE zJM_qz(^GU=8SL?ug3{8f3vEkl23D_@=!66Z9i6ujZ^1S`FJePOaw+m^LcWIX4#U{y z=DSK$Az0{=kq3|QNfjJIcU=t^XtbdH)6Z@^@5#vpVm?B%Mt~Eis&IEao+^;P$J${4j<(yS+W>?2LAKc|Y>P z`B)bomQtsos<1KTVP`BiGV-9Ps4IQLR8-Fk*2kNbGa)z_@%*e|jN+GI8y4M|C-zP=p=1)6{U zJf}U!M4hs{-+d2Z=q-(oX6X&R+>ely?(gc6@b~|Mj2sFLSzK%aK*}>VJ!(>gh0%sY zO-TNDZw~>r+5WD|O+n$6QQ+yi6ByJtZ`pO5>I!pBOY)_5&h0^_IpfY9GgG03lai4N zKD)e3W$qjw8ghfwZne(N&homPi7G3{?BbJRsOa~#_)$?^m6xOY2Z-SX!9XBjcSlBk zfP-^_2)gm)*VhwEN$@YfK?+F23R=IFdV*>nVKlR8T^>2cFj_lY;KyOGgn{hrd#$); z)p1?_YxgELw&P0uIheS&XAcKgotzw^n7LujHvc!2CnVHiIJN$H!KOfF=eLoCMWgHG zS9$r7b`=o8iQ|iKm^f-YF89n0*NiAAw7MOYmG8YF$2A;=9v+wBM99|5ynQz%zkd(K z(cRC_Yx3|clPpg@p8bIt%Gf z15#39hBD3$=UeORmDQ>m6{4Ty|-g9su$;mY+=iggo=YiDe~QT;p3R4ZK$0w3!f7%0rm4O-QBkAd(n zuQC{{j0j@X4o$em@|v2b?R2l7VPP+4Xt7n$)BkP=wgVnsa5YkI*{cRfH(2{&gxnQb zS+Evlk*grQAAo}bc`${UU>hJ;VD+{2k|P9ysGTMiL*?=GkR(ZINDs>*>XI;!U)LGNOj{0Zg?>gedmSI#ZS%iGx6GAuSO)2_D%0MQr>tva#~3QwJzZd+$( zW^;2hz_x{j$QJZ|a3%QO`fxanf(8Z#ngExJudlDW-Cxm9+rJ8pj#d&85m8pg0*R^< zjo}*C)Nct5W>L(0RG5)mOUEG#Vj-%DLRQIZlZ z%;@<8J^ku87z~ciVhU)8ptEyrP*Bj%pM(C0Sm2^omX?8Sh$Jp9E&vYU<4+J`So`>W zBP5`4cXtPqFc43l!X8Ql|EB_;p1wFbI{NDB8yOi{QMF(ovNkt)#`)#|4jdd@k!r@z z-@gr%lwMEMl6E2-ee)?OC}1|~)-Q%O{&y~nkg{rslc7MPLK~NmfMY>MV`N}}iG}3{ z))$j+s7^*hgX@kHECd41Pfkv**Mjna0}t8&pW&Miqh8BTP`X;Y{a`Sh%B`rV2rvi= zPTeeA|G+@d@+4^oz`CoG5PvJ%a%7a%mbNPMiHgd~#>U2%wT%5gZ$cOuOG`?u!A!o) z88o=L-}5+-mnjN+`9R-05l2wn&AtK?Ze)}R(C9R+dO%Z?yM%;K9*GneAHT)*GQ>@!m243j zr?D;a7#RTpA+N9y-6s>9ln|}9p>5PtMiSnd57q!i`v6+RQxx(KJOw>iGAKbVP!R9H z!0wq+JuNM*m*?mQZv%Y#aJ68gUZ@XWX*v=f5z(Uw_l2gjm|=8mjCo@QnY0aH)hXLW z;;yBoCGP)TaBwbgaJOP&?|%LI#YKqbef$x#nU}X|Ybz%?IfhDRbP}Ld9Go5{HafD` z!2q4ggZT!fA{nARZ2s{TAf`hBErdauT17x|A0kENQ?V} z`qOG>LRMBS7h&n|-{tkUgr7bQke%m(YRb^i@XsIe&Q6k_gzpW_@>mUgeH$8lljqgp z;53NS(jMzd7|wF#;{pPV#l$x2>(iB$>_LfYVaDb55FMhV0SC$G4;*@K6Y zW+&boGV(`^3LD#1Q?r08@VL%%W&(pC{!J*5IjjW`++>Cz?j*jz>_ouS5l&0Hpbf39U`}pQb{a{&fXc!qmQKRB` z5xO}*pTL-&Sr9U;LJ~ELjfweuy)t6P_5=fu1`6jtO7sigAMdJbucM}?yQd0^2?=HX z{uNWqzZyu`Td2+S^-UW|Hm)-r@dS%Wr62$WmC4oz6k{SmXjIhHRtsBohJP0^Db(#* zq+Rdsv8bW<_av$1(?G$iFNU=f9Tl~@TdyqWU1O6T>eK$_Gn>$F1rd?Vk+kOGV!o+` z`z(O9=`?+8i7cIBPEe_UoyNpS+qZPc z5Xevbcb5;hVlFP8BArR8w*MrYoGuUM0->R^>goi_UuxHj-5A~0C%O*@$JG{U&Q4AS z?_hlCi(WSWl~^b?^e8TohsI~@k?|T&L{PCL%;4J`uh7#El^wpqdHXggX=u6JXe?jZ z+T9&Dy)3XNRKUYk_jA0>lRF)G)Q@6Z1gf%8ID7(v?cwS~ex2L#>_bpyR;bL4+lx!~ zuD<((O+`tmPfp6m2U4hur)T5Ap)3>TC;=hb_F=QZsxY5}Lriiqe$l4jENbBv9N=66 z0(S2%r|Hx*EB`zRo!y?#+@3o>UCyk4%2(gC5d?woaJ1{=^hB;Gtn^s{cU-RnbwCj| zfkJXxlk~vv-AnK=FgC7ttq!O>=bfaJ2pvgp9Zsn|JX*R}&MDhib+LrV;W_!tL^|>F)+}@#{CT^)Ch7N0?YB#bF+VaY|PG5T}?|* z&*tmbgZ;*-*~E#23%xp9p7;4X?S2SXyh8!{Xm`&;Y9-n^3dvk6fE9uD-O5+qPhfQZ zavAK+hClSz`0vruz<)nlsAWuud;8I84;F-DOK4*pu$?Yfyq=vN@1PtDjfu{;3Gi@# zu2hS4KT|?f zQK8=xzGgq?Z-c=WIT$BQF>KoSGyC`ilw*xaRM?jIkuS~y?Z`;czQl9fE-j5AgGS~ z)x*c-e9LmBrL9AlByN6IUP}w!r;L_%?_Eer^7Pac9=C`L`OF|>>9gLaAN-eI6l5#^6BCZhKoJh9o=Eb^)q0|LDa`*6@R!r-+sAG z497cYhwWq%{sT6TyR3G#0J1koPW^ATdwbPYYE}S`m&mPre7Ha=)Sh-vWsh^b;-y)+ z1-QrEmxGbs+(Fx{w7iQ-u3G|U1~JFl`ih@_TQUD|Z;FmiZFv0~*n(zX3nV{u`t`%Zddr|z{@tCO@o~-gglmIHbmTmhy_?go=H@f?u3UoKn*%=u zo`0esyZr#9!6#fxy^QK=b_Ry&>1o`z?1>aKy#hANgFk+>Kh;Z!iS6#1qoIP!4W<>R zBqV65sRjLaP!Y1IC~s9ca~rQDu~_P_?N_gs3BSApKvTUw+JPef6%tyIgCkq3+cnzf z;%n-Kzo9saE_r=j;y02LGH*68UhP907&s@;R|<+D1!d%No=)UO=j2f3SO9WUMpl-c z{a4^0+Chzm$+f3PH}%3BJacn%S65fR(jJg$3veHxX3iOs!7u6{ z6AdQCaGM&vRlya|%`YejF_M>mx;i8vj*xhVa5kB*tj-?x)-O6ODJegbHLb9;RbEEM zQMcu%LBq{Jf*lprN1DA=43nX8&&$2HpHkXZZ2|2P7ZnAv!_C7j>$(y4rqA0G$th=!I{Sc#b59pq*{`wdBM?s|vq;Y;gs`2a`2`nqb{q<3Ig$pm$y z?ZKo*V%S&~@g?GOVNp>0YCn*OkHj$j!Un6;HmlA<=Ce71oRXXjxN#H|lp0VY$QPBA zaBy<2G&or(Dq<$dfag;F_U#*>HTXodwHFWODgpihXdfApp_C7>>pmcjYps737X#+T z+{7d&B&5H=X$59kuhsKcY^-SJ7%wj`IR%AYv+LzXA6ECaF`%=#2utef>aw!Fbp5~t z-%7elNlD4c4gcbCzB*j!0T0?xSy@?8F+Mx{eIiE|j7`|LlYi}R={`@+%m{cse1Cp= zY}R^+67~nA<7M4431Vn?xXIo9cLjN*1O}Zdr^3shcri&OK1O4s>Ssqf{8%H%=4{D; z@d4x#or=Lg5PG&&?bGd=*oXaOFvB35OYz`za-rn8<Toah)hiUe!eA(A2yx&m;dd!7ZIPUW5oX7_0#46 zRC_~v1rHxUg32Uj@Pg^aW@m?U&9xR(`TW_iu9E8$9;daXR3G(K)!)uek!+>i*1NmA z63yzbV2A;C!Hj-JPD|TAKK>d)N<&j;HueX|4FCS=tEs6$yunl%7?6bl&|+3xT#Sc@ zCyChwq7vYt<{F&#JA=^aKX`KW4T1C8IB)bud9QLqH}4YP?o#t}b8%@mI3h;$xVgDq z&#gtgA-`~G_CO*)8Ek~aNn2T4uU1K{aS?u$AT~3jaeugp3ic%t@SGe~5EX-Qcz8fV z*?KxTJv}==2ND~zj)+&C=cB8d8pzDsVLyNFkZ_2IbY@CKm>3&_={sDgEd?KIZeAJ~ zKz6wXVc~qs!;1mzCPG}?8&L9r5(MH6O4Hg}&L~N+&UMT5+xudk5ec%#%#e_fjC#VC zTD`nJf5tXyo$c@c3K(9>*TJIXhd+99FaD1gV5xDYzrSGQSgSi{cWvYskLlO1As6re zWM%@E-@?equgfs9Z-bcrDxZmp>J_sP0YM7!%sqv{1-VRH6VRkpnNPD5l9MG!xsVZu zRFt)D{s|GTYdt-!{`AW1?k?dX^m*#6lG{>Hj$vdl$zfCg05GRp23J^sFd% zet=?7N1L#5=BltD{P7~VdI<_YjEatqfP}>B_RP535fc;B%j>zMqy*%T_cSy+dwckR zd>M1LT3Qs1xvp+*=clLnd3k2$=I?1~$F)@|5k50>cgB-YVW%Mo5*uLz88-MQSd zX?CBkTL+;xdfsDWy6^x;2#ix%W|bF!GHsDwpbu(2J4rn0>^g$%fgq^FeI zcdZY8?iYX}l~0eHA>nsdP*XGgg)8UHH#6Y=k~&pYRLn8})7)73y_}nb1eBUV1$(Vg z4-yei)h_2=-)PLu%<$Ny3nWg7co^hT^Uf|UHpVgurb`9FDFHeR^7EU^m5(?-liuO3 zwQ1#YshF>|VFnwM*Y@9t&)yp>EUMR9uQZV$qw~_>8$7doPhEb|}G_^tlO4+N`~7IGFA zmkgw&Z&2jr#u>HQ&k5)NxR4($?oyB&GMPskiFdnEmXGj^Za4oKGvjgo7)JQM!n4^! zT6$TqR8B_bM>Ye-n~P9~Y(OcUd~XU2eB~pE3smJtyCsDHaPvKmeSl5Kshv1DaCf*p zM)^ycxVOFO#j&G4iQvUB^vLk_k0|?yQF4e^=n5z z5=_5Ff{@bDp+X|#Io0w;sPPq(d>lX zfv9MDqzU;)aBy`E+AJKEjQYjN>cH@DNk)b#*cRl$7k$(l?9q9J`;OPvDsFDuQ-#-v z{)m!);--o!P5m^r7CJiDtEyYCJ#%FzF0Q>KDQj-;ma{p(7#rJOSz-iFdhSmvW5ry; zOi58jcXhpbAcF!vjxfsC@K;uI&jav~59&+djXR=6qL|`lV$eakt-xzkpN#jH{K|jrEtq!^5bks88`9@MMN)#+R1D zKFmM%NmRA8cs@PczJC20Bvc?@{-G{%OU3Gl@bxJA0Ast9PIBd;(dKb#>clL!XGYY^j5Is(-z+l zKFFv}4UZ~F2zsXr|AvOhrP_`R(Z|PC^Exx^%$A3}JaY|L+fV!M%@|k&bMqm>>GdPv znF;w1l4F!9DU675Z_xRg!A`i>Risf767saNVt`F1sK`jcr$@y!5RU<_0c@x0=g(I_lfH07 z3Q*G4ez@G9>HhBput=G*DoJ*tHF`wP%oHlu!*s9NSGnP(nwl964YGy?EZ3$_&s4Aw zTwIyH5%hOay6@h>W`=t>Ks-9lGHK0!(KZfq-T314ULRVE)K_Gxs zMMg#z3E_3W!PrG8BNNOMI5{~1W&pxl9LOk7B;puwX_y!otkP@M_y+||48+I9ot~X( zYG{NJ@qF9tk87sZCIINWNS*B6J9g{EI^Z~2mrz@393w8c!!zt^LhkMBQ&mNs8#3j0 zzxnf1pmh@d*vyh35gLXk7HdKzc==1T=-+-ttA@e!Ly8+RRPNfAbTO+fTc4k)0dSE1GFk|XPKMl*VS>ocJ1l~ z&>C>BfCL02?8NxEr{h#J!QtI6^8W_ts5A&K=DknPuA_v>n@S0APs;(wcZ`(;NT!qbQ z_H5!#PSvTYsXu;59v2=h?X*1+JdI@h37(vsZiFNPO=Si9+!yfdPzF*pD9>BghpW1%E^>4;*-^7#s^y5u$OL3?`nP*+T?@ z!(#pF3RD>v@*e~QTD`r2U*rB{6{Z=n+szkY|GdDBv!Bq<9tv7Wfc^4O|LZ@QuNDNN zqM|pqNsFS|8XEa|JIDngT)vZ&ygE9LHH!O0loK#4Nk5xxZEbHO2eyW=!?kIyTBP5Er!{Zg6nW$dJYJSH!}PFj-E{^iD@R)=KWNG4q#7^G_!0 zD+evyT_VcPn-TzCqoZG+;YakO0JEW#lx*UO2SZXelrZ0pmmcH-=?gT774BS&jPkm= zEp>G_Z9XtBcLaQPKy9d~t_E^|jkWcW9b)ez2m^rLPhv3+0T@ocq`^7!=LKt*nZh|V zs5?|u^UIhVyAZZ!NbN~2X42HF%$7h!n?#ou9c};guv%8O-a6dR2c%rPbwVVhki;W$ z<}=_j0&*0YQAtOKFksTZNTLVAoufe?s9iwz0XQ^5E<_=~4jUZ(;>@Nv7JYro*4q8xANx3FvHBYt8mMFxMg|&( z9KT@ZmVZ0!yFLFERZo~BB`I0we%tkUZPvz&i3gi7S0{K_?dc8hbxvkW%`>3d>{$qU{!{44=EIMz=AkeBB^#0;e z+}euI6CHp+y1KgJKWMl<-WjQU?ToB6wQ+Opm}~rv@{xhbVM~UXn2d_!YK>4b>uMs` zZ*&iV)N-L_eQ)X{@Ri9ohINeS7>5>5tG)6C_%A=0XH8)p`}_O1hFIn0Ti=tj{G*rR z_OV)UfAb~>90jxVwNwus5Q1}I1ovab@qCeeORlc1@bEz_I8*4W*a|#mDvFABebL6I z!?2lveCr#a3y$!rHJ`wqw9sw7yY}@BiH+5sv@n55U<^u5R2M|XJ`a=Fs2R9#R$)5G z(36A0fmJpzAfQy!>1QzC52i2c-4keNpESMzE0dMgVHiPek-8m%Sf?>? z-W~*D2Ed9QK!z}(h;VSI-@pI2UWs~{Job)^%wnlQ`Set(_lfmGc1z20ui5lm<CYckp2VT|| z=#dcn>-zmhRD!jh{*4=#*VDJJd%14cMXYl_t)vE zzasqo7lCeMtd$A8Z`a2Hi)E`Qk6)POD40&tGcxiTokhk%NCR!*iq70HF{4aJbo~RG z`R)DJuU2JbhbpU=JRa|g@mNjD>UV)tai!7OYgef>fsxxff{G-)F@aH{={u(1!8R%$ zf7usZZ#fBxo(kje)<>!}FamRwBo5>hE0#-p4$n`WAQBj4|IW+n9Uk7AEq6jgBP{1i z7tcIgIZlW=y>0gkI{DqkVcZ`pBD4< z)D;y8NYYO?`cj&j3+nIN=s}K5uk>$IUGkLuHmL+qa;)s0T&}Kq`rf;zCF%DS_#j9>8x#0h2{8CwBHQ zyYWOl&MHWhEtH z>j7XZ0CDr?CUCOP4gFh(*9 z7)XYPLGGC`d`YdBuGM6M+?5K~PdMFEbMc_~NYtkhQ&qf1jM485a9y zV!nA}X=4M-2>x2&VDE?5vpC);ujHJeW-)ir%NQYeC}4hUl`;g{S|DGTY#Wf40Xonmz}XG( zU#^7n|6XYnE)e>^OTK(@f(HezcSPKUV5|FY8(6_=tEvFJcfUP*M@1C~Y_l>lGTPeO zz!fr=h6|jt;5N$`+Ypju=0m7*VEC9){9O_B{(3~KF{uMYio0l5iDg89*?C#|VRBo(4rG;L1 zUFN*RBYy%(Q_*u9y$cGyN=YG3)6R+lcvJIhf#3bEY=1=OYs}Q_gqfv!(F#Uzc(IwZEVr)v8TomZyB4!5Dx$3pg}LCv zubvDlb^*0N6RyLv{H6Ic>@-d_(zq2Og(p?o+B|MJ{!=C_oP@7s((e5|yC9Q)<~?+$ zL7xJc%Ir8}ijq_NL1UQ@-r;HW%h`FKOc~Sp><=ds7Z(@*Iez&5*EaW1r{+NG z$;sKl<;ueQ+1-lyfS33K-+{(84;N^wmjOzN@F~KXm=crFp|a_5EMi^a5sNh5abAm= z(#;bINemTl25%@(O6FkaScI1(8M6Zenn2gOuLQE0-NHs7kSzy*i_SVvrC^<^c+>QsZQYWZ^R`$2b@M@JH8z69%ZJcN_&#KlZ`Ms=T9CB{+Q6=ymaTg|U7Fh4 zvjDySga3q%{*NIvK%|I2V6CpM`&36hk$<3dzqlHUYb~`jGi%dC_E)v7LawT*LCbD| z1dG})tZlvB`HP4ScOOv@U(iVvMAYc4PY>Hc`|^0RKlEE?Joi_M9bd?Fhwj3e>S#|JiJ@%0o1HjUUaRDMVE{g>`kl>~eKRTK28`6JKDB>@h@0o$OcHzIcarT1ZYu>G{ zUMW+Z@B>sTsC9?uC~XdAS3otINW(SbTH=@6sgjwW_sNje>)^>K`HZbL%=Z0QT0L40Q#1#t-gsv320B4@17@najm@5O0Z0+wCcP=O*I;dY=?Pf)Ckw}PH%4H zo2DH#h<%`$>MH=2v@T5qSlJBZGHjM4(6VC`698%LRq|}5h){W`r+bJjdTLK zCwPe?`gu2j6Nog2gNQ483Gm^-h2~3ZWlao~u5J93SB>MaMfWnH_H}N7J0vWE{<7?-tt=SpTS&W# z6#zGdCqWKcPJodPB>ooQT!MfemOy|1A|MPeH8_E30>CIKDG8t4d`&OyZc z-S%(D+sn&K&=Ujfp8}8!=THG91jx?0;r%2w5mDG@uZMdZIS^ z`DW8v{~G^ImQT}C9U+}^L42Iw@o{lcT4)K;)RdF}CR0*V%PlCFpPcOK>|{0Wj|B^L zV|#m`zdxLq?;{V7+h8J~^nig#Lqh|2TFIk0Y?j>tn+9rr;M4^EH_&PYWOAPWMle>C zd~81c9d0HphV9s zF7g6_A6N!EJ16GnL#h_En*RJTw6LIylOF2rrJj&| z)8}7#onv~gzWd*uy&chfU;qDf_KG1PA;)&pmA5WMB9l3M*-n(ax;~|Z;{2BsT8?i7 z*j9MWy=_3Uf*!Js>eABV0@Xs$X9WwBxS1v6MLP7RtQrsVIupt275fXN@x_)+Wc&xEH zHyw$eZCR?x-gK+2ajt1sR#C~y`^}X>zO-?aX%UY919vumKD#HIA{gbBWQLdFO4Ijs zu0Ff?lcMaHgdEYwZS%P)KQ)-wFlnm1BAc{#qIOM&LIzNp)jF-7pzn1b?0#`^@!p`J z(a{soLI)NPVCpzHI6&hZ0LfN1HrHoo!Xdn%xof%U*o~8ihX?-EE1;crjE!MJ^lfa8 z4-aK2UxN*Z^FiJAY(uKM#*8f)G)#atF;I%6$Hj>qBWr1B00bK$N**Pd)$Dc+i0;c< zyqK7Q6nn3Ni-iSz0ryR_{MBT)iuKQr_CD{GQIwQ3 zqh@w@?dInXW?7Ymh3EUsO{JuCkF9Ja!tShg$LRqd(fp~|Eukoz{g-sM`;&G?LBZSC z_6C=GNyf&{x6=(S=UJ(#hF><+cy&3LPEa5jBbI)-&CMPeba2okuli|w`RUynPG`Fd z;Y-Pb@z}Z^S(-$etUk|^1_x=QS@E1`9cY79DuN&o0AggbDb{I06Gy^rjiFqz%W2U zk{%Kg5+8rFm$CGJya4flx%UV`g9_>d1sRAQz?`pBXY2E%czt^MTPYvJJHWF6yUb5% zTmwrSAxTL|Ik_XCz5q2HWQ~o!7(n|0atbiY=UYP{s~f+}f|-GVP_`225u9B&^vXi* zi|BuR{@Vn)XNpS&*1Cdu0ILLg7O5crx`Hno8Y-`k_0p21LDg7TTFUQW;$ULZ6dCy= zJbX2t-ZU$F69IOy+^F4j*wXc`>fqtlN=iz;tBVq}pzmyMMn?(lS0XfvK|=*iE`shP zeAms*ffF9*W#*j!TB^aRJ+6-~>mAVXrd}iP4S{Cp+3@fh;GmrtfQB3#fd0|+_q1O@ zfIb9ylvp=0jd+Gf%jOjuc7Cx-=|5e8a|*8Ak4us*W7{U8)p6BYTUPZ?dkwvk zn2@%!_XC{27DbufHF;c4o92!j9xPm>!V;4CUD;4Otc-iGoUssuTb~FVtjK*`Io~FR zw1va*u;rL>9ojZ{KHL>g)Z(6B2Zcl<>2a>i;*`VCPEm6$GKLR&02Bc-B1qOy5YRgb z@=qSRI2XJOLyevX6b#IMY;4| zmpt~7loWJt>MSj7NJQ`l_F@oX6npUog0rC} z)pv}=^#7}|KMUa(i3i!l1ZV~n7AZ~TKO}y0k#1A=zq+pGuCs8$#6|9WfPqTdcU8V`)D4uDIcKQLRb7i1>C*HxWoru$atIpUFRl{_ykl^-OCY z7_b0o8E9jm#sy2EcfH{^5*5zE3TvpW%z=>+3HYrB$%!An$lzebpdj`sDJZ~0s%m4B zQ(8-_1^E|##w2kOj*Ns}ka&6ux!qrSdIsTQ*{odE+Zqr+1VNizw32qJ+ljtlLQZZmG{wzmzhwk2aUFVs1uCWdE%Fp%0^vW{JL>f@yh%KtRn? z6<@@~&Hc#hmzTH0_{*@@yYKIn^OO(h?<-W3$HF2Zz?);qNlBiEhy7k#jk&*H=zO4V zd%oqhWdzn^iT2#g^fd6ac^)RKd4*hH2?_na`u5tW|7??(T5hqr)_JHmqp$CMclY#V zjrX%&sE(*8U}nO8Ab{pGqd%8Vq*PSX;+6zv`E$r7D<2&Si>nXEE+zJqCwF&)Bd|<| z?nknU{xqyjwB`Of{52wy_Uta93`6IaQ7Lqob(LG2R>G+fLHSi~!hPqtENu4M%=OXB zQl0-{^~dmF_EkZT=p%sKt}df+0FIh^DPK7(@^=@QIyFvoo8#Z2a&o}_*J56SXPc&;5cyT^d1LuP_dL#Dco1}rnXRMnMsAsS0 zIPCavMdHrH^U)y@OfRuSsT97ttAA~J0*y%5SVw>B|HfCu3vK&y5HI|owEkGXt8v20 zqsl`hLgWeMNo%ZMIYdbw%%>$hzV05m=?Xw%d3pIoCnosC0u&S!2_H0A5|b6PKwYdc zdyf^GUs?((i56h50zQa{%LL_IxxbI;s017rl^yM!^VNRA!4W-SDQqS`Ss)ojMYanZ z3n#V=X-h;q^FrBn(&!;1Wpe0&?)}df*DbBjE*IzvnppzUiToZ70D&C0KBGat0}eTj z&kgwM=BU=U0gU4%)&q{yo^`LP4p%_p0V)`@FPxs7w5^|BY@)nDg42)%jm)r+f7{zQ z*w{z%0e(T%|4(0E9aUA=^?O7>+Cz7j(hZUl0!j%=NJ~q1mxMG(s-%EYA}Jt9tANtd zAt~M6a3}9KzWdKR?%jjo;Cb}GKI^Q#)||guPN<+T6LtIDke!`ZUHxZdWT4CTPVeU7 zt6S~-eOo&A+0_;9(UWhDmMAg&(Erd~G2|jRIXMx{73Q7bB74mM2)CRlO4kGAOWIqj z`{8t}te_PIXkOtG4Y42VDkA_}9Y|_Cf#8QCX}~ z;$ysHqW{aNNAtV#TZ8)Jrv>NwV7*J(KDn^$-bq~^KFKYhM<6QjxVgD+Bg!CjsVc(AtRjc@BX&C_BX^imLuUO2t&U5usHSjj4{y0GFY z&WG&VsAQz1P>VsVKn$gDPj@$NIXe7Sf1-l#aFIz5nyNq9qCbt(k~oNU1z8jzNI+J? zpD==u#SmSw0$M^4l?ez7S6X5b%9B*S-dUYj!hTe))k5$H`w>8v0T~W-=X|eU^*~4r znCuuC7?$^fg5&5=u5bsRN7Jp|_)IEQROa!45HF09-$L2T>mK5LPL7P><@Bu~VA%@` z3p;H5{rv$AsFwH{$ki-^gNrlGT>o7c?bNl}V_0jjsEDtU`%G<_|Me^U|KicRt^HKvI|_G2L4ds<4Hflq;UF;gP}go>iR6F=0eYXsr6nLPfZ6tJ2|{bIk>w2v z$6rR_kW)~|7b*2zRzWW2{aaNVQD_*Ky!m1o1P<(X@6wmXiE=0D|0c>Y?#Lr~QI^oqo9{1yu78iT$Ed;~Vo@N8^-tN)=}sdx zb%*X$NrrE?zL!N(nBe_~?+!l&ND)ATS`rtdt33)p4HC~ePFQno^2oK+WxIGiHubf{ z8DYS5Q@HhL{8&?o8$^nak2e_&QR2kcWJqD&iPL~tOPUTTA4encCHK|a`Ieh095QPT z0{9{KASeSG#7csSS6%-9dT(ZxxBIno8PM|jahbMak&==EL>v$hP#k(5_2I(@Angg! zf`fu-SS6NFN1Rv9wixB+4A8a6kz?gMQ7a1 zM~I6xJecs1cC5j@{QgZ(knS_Pj@IPo|Bs7rSO#7Bq2WVSlh_G);s4-k ztaZ&GWY^Ve+Hz20h~J#74gO5?r4RCW%G|zIq;5o44RAt(HX|>8EOpQO`SO}cIVZ*qlvYB@6AR(q2A?@hw%=JJ; zLh!}w#Mv+etadMjZ#qynX=;tO?^shQh6JD*v1WZs69WR8BV=Bmj-S8s(G67X7pMd2R5^DSz|GfJy}u^ z)f8?!DzYCQ7iZMubwSG;pcs?Vs;e~pK|cSocCYt%)Dxa{FreySw;!Or!UPaU^6S!! z>O=;vAg+$hN^o&Vag-jHym)vZ2@h2uZ|K|EFRd>?37gg}OnY0bM8FW!=HAurotggm zPjQ4Mgfpvw&r#N~jUz&9L$8PfdeJf+j2eFG0?P}MkeSMs_z}ij#@uW)9NPET#?kTd z{R83oZ-fl6BnhK8s8p0pJ2OLl8W;S1$oCQ&-MGy}5C#YzNISV&JV>iMuQRCr2IV48 z|MuaK-pI3(sLv#~ZlOnoha2bI2qJbg3}i&&<73vr8cp=iVtw)Jkkf2iXz{3FiJC5j zZpnJ1My8SfRgWL^*@psHvv-V*0)rjh-Fpqjt~o+EQ~X4FG#DClS}~{fxW56*sjFO5UvxBW$}DfF*WE4TE#$2+O)z5G z+u1cYw}3!|YzDH{q2{XK^jJVuE-%gmSzicM38>Vhm)PWq4S5#54u5=QQ}DT1B~GO` z`d6272RI^(HY!q;S;Ry|VP1jdZF_I8QdK;J9TIS2S%BvNl`tgt6#gn)SXcm*uKy^f z*FltHx2OkeSHqH%ay#X6jL{{#D5j-||f5NA#Pd+G>on-3*+Z1i982Y|F4Hz!ni1(P9*=j%$ehUi;azcTf^3D1-q$0%nPAS~oxg!OW|r zm7<;EapZdR+8bW8j8pd^gb6P!@lB$(x<>!N5Qv=zhK7=plFpf&A3O++iBa+K5hICm zb8-TaP+%{bJpVC$pa#qfP{cv$g9wc8^qJZ51b_~%!yph_^4BP>ZfpSJ29`*GM2W&M zWrMK&QQr4AHwQ*VDcP)r6}E?S?=rHoD&+RREq%zO0rp!U7Ap+yqo8Wt5C9Q!NpUfi zcP@h=8V_05wq9UnW@dPJIPh7F6WC05jEV1OfRQ2Z!v`RVajP8Xc_m4rsJ%JCY+YQe zOov2np%Gwg*CJK{0_K@Ml+}CSl#4a9bDWYw0unuOnkLBdfQ{wHw?I_1dXoDYp#21f z7yw8;X!$@1rmP%Iso4xhmd;LiH#We$-@6x7r-TxM;mH{&4=$D$4h~@Wi)(1OfZQn} zVq*NQIWS9gk)onJ2fGan%H%TKK^fM2{7@N)cjIPbOGr+Z@HynrJ|iF{HL7)9NM_dt zY@lr@mToY}1Jw%Haa&8v_DVZlVcSv1h2O+j54MF=f{-^pAt)Zm%Y*YI((>=@j;E#N z62R}72N>B{#V7>>!^4MAp+Z@-Q!xPc6A?q>!5~e98^FyF=%PX6fXe4ICr3=2yuNO0 z=#G_*3a@cFSk*L~!o$JD!;^HHL)|(HJ;u|z;R&WHHJeJ{}%NsC}U#*=4^0P#bJ}o16Cj%!nN{_}c`) zIo8*^+BXoe68QQ0g0=oQ8S#S@hC~sdBU*=BZ-wk9p`84g{jj^w3h@b{3lua2PeI+Y zBa92htDfFONC@g>-i;lCVic=u$9}>}1CZAMfBy3zL2fm(1(Njl_xqBw@FYNc@a4c8NbnVIau_Sb#Enh0XJk;l&T%>X%TX=rE|8TD?- z(HRD623~=`2L=Fu!sacxOIq~cF~}7HpV)B*#t-Z=tZgIkhl9cs+>uR$C*iQ(0BHEj zjIW9C*((N4&IYqz2@u7wD~2DwW=uR&2|pDkU9|`KT#-te&^6vw8->sG zO7 zd89#y0sl82NC1AaXu#C`Sy7zub+s61si=wz3a$-LDk`||lo=8q!j2Aa7cg}`J`r;A zbm-?n>kW#nxwOL_{5WlLbG65h`{3t5Q*{DwlamZRxTUnw#@ael(l7PhyUeVtcH_P; zRf7Bb0+^_pRCrO}pPQS3cbZ^DB4SX9;b3^U`svg9PbL1WEG&}dkyQ;BuAqE_u%20BR8;WU+e(Dcp$9()C2V>+_=tM8^yx}wWQje`4((iBpW50A;IT@Wwk47C z7u(vhJbdK8CYD|5K*#>+j-VhnC#QpPV4ca&N3>ZB%j7<18^AR{ABJY~eiIx^psa*i z{rcXC#XqA!d5CrU_S&-5!EWlx!a`Buuayf&6_xoao4X*7rw~@PX^%C6XA}QdqA=JC zF) zcSi@0kPt~R0Rk~v=f+MY&6M<218r{3zWd$0`~EVR@-IGoINp8%nI2yMIu^l9)0MvB zx@AbPMR?37P|Wum9TrQzcTjqD!9x{7AE1CFai@c|2}GW&tB*S5Exu3GbStHtuP#)v z@$iIC*ZKnV3FOB!EiI5mq|ob4b8&HP04w-K zkGkCLtWFcYozny#Y?)4>UQMfz-7aWDX8pFHF$HEd$Ph*c6-63k8DPbRd+nGhzyc5J z@#$&0DDj8lXazQUdrD!|h3(lGc5SYFjY9EFii}Uu6}L*HnUqC}P!!@`O^lM&)sE36 z<2rEYFBg}Vx*x8S8@dBD_U!RvIwXHaV`xT(0T>rye6D9*^QFs6&|Pjdd2rtePe@6T z6Jn)VUh#6UyO7l#C(Ptjb_9os$JP`)bvt=tG+*5}blu&BCTry|%8bw^CoRy?d(tHI znz>M4ogYAKk;&}AT8-zxU)W|%O-%Op_dN%wZ$G|61ZxazZZFf2H~fOS#e(2_iqG1P zN{~l7#y4_$YCTo_>6yMh2TUwwW?&+?xEg^%1lVK`R_G_ThS*>0M7O4!oL8R`{ve$D zI5{ND+P}U2I}0 z;G?RFmpsnC3_qX8^wmM5pElsf=GNA~8w~FdJ@WOff6uY_cY1mny0E^!KHx|OM@Rdo zrXGS_@`oxzIXDC>KSjwg@RH%+pno^!;X&*l96^9WM7ZxljuSQz^C(gpWXNHVF3vQ%X}CU{1IaI?P@?d`OHIS`NNV&w2`)QYP-W zH=uV({@M9^&Pk-cxOn|7Z#dKaYz;9VZ_$SzdNOHD)Nb#&*;rbdDkxybkIFDr<42I; z$Ct0J!i0;u-}h&Dm;uS6{PsQ_64jN9#JXG`4XRFC+dL>RnW^U63ZACEY)Qz;83CGC zf3I?61JJ?z$w9oFh#jzF?z9=jr7#zYhZMQD` z#CU+GfR&-@VCzr{q0jJTV_#xp_u2QTq@-M3S>HD(Ha4@d@z;lku*w4wk&qB{^nlpA zOdpNQ;1tqY>tSX4nuOf48*_%$Bc(=ITL|0M#>U0b@%U&uz)N4i$J^T(j31SidxrI% z1{yg`+z!u;jkELfOFw=T_CFW7(KNbANmc+4h38rI*Sfm*_2-&iwE(|`hW-@Lo7l3o zjgF3P^bSM8ZFeSyCQ2kgvadO?Im7puPU=cUv7<`NW7CE47?51x%8$U+9W#>!sZF2; z^Vy$~c6UF#A8;k`!QtV6VMFACp^Wcy7O|IcD6bOue`u#il{9M7yYr$c9d~Ceuoz(Q-ztsK@cZ_t- z!aKUUTpf{t1_C;QcBx=WkBy4Lu6Pcg7c`Y$pI$2wuOcIAscGYA`7O#52ZpG{FihK> za~WSUvapFhGYY6^^e?M9q6ojt>0ZE`r^$km18Q8Q8zCl$sFPodY4-e-_ zIc1Ljwt8rnvLq)TgoaYf3)vbQL!vix1!dxs!a*25eQ}SH$_BrM^|2^@efhoi%bMJQ zm3u#b27Jtu^u3&PnQe9R_lJ3Ru8PG8BQrcq5)l#hxFU}(sHkY_^D`F#Mn>$Gw>NLz z1Yt_4Q4>vYU$6&73<)8%-||e$ma?+Hep$2bYf_FmMrVhus-&d78V5=;%B|bjgcUb3 z)}PPD2DTUjdxT|#i9kSQH#pSrK*&NvBLPN4gLwvuEbu|7^^XJqmh34gC}$F@%BQn_ ziiSPhofRM^;RmiO_kny`NoUls?>l1L{wA~7$)J_O#eM4gJ)}j4o*D_wk}MMeesshj zTkgfhg%ldv1_sut&DNAs(|M~krZErMJ2W&h_D>4ESpl7Hv~5_k0eY^j#yr>=8Q8fw z`%Yh9XlcRfwcsIt{zHZsvfl%FTS2}_z@Dbv)T%ckQEWh z$>Ce3qxWP0G(cV)Za?n%`N;tAsnHLQCBRne>+2%X1Jlz|0h{`^4qF3Jq_|a8W8p~e zl|RFYtTzxo+=i1UxRrr5rTUnNw-6-OLF-o?KOtK8Z3+EWC)|reXG%|IrkcO??0j%} zg~{bu^J%diNbv(dD$RdyMG>-9JU(*>(I64$c={5|LMkf5C1~zjjmFkRXPbX7ekI}_ zZeC=J6?_tF`j#fXJA+Hv>b`mYQc)SSFAKM&Lii{_B41p(b(ho5)a;80=LT9OesBvD zlUYGg9gtWjN7L38rh0ly>ti=W(u3c<8;K%i=2*Z)^bJ0J0jbCb#a9G`g!2mvKc6Gf zgUiikWh_nSFZ}&Ya&p$u?)mI3e%^LO+;_EF{^)T0Kx%#KHt+)5R-_ zP}xiufPR-lWK=;_m4(ju*`we57L4)7A{@2@9l=pirQEvz7?_!PZH7I%_;^JWcaEee zD1F|4VmIw1$vRlOjYoa{@1gXApVLt!-Ny@WD!Wp${6(MJ77vWRrJ|^7>D`*?I5uKo zkJ=#LQU6{IQ?pp2tjKJ|%2#t9AM_b3!(L?B4rug?gGJ2I*xVrM2UvmM)Lj|-zU8X07QXc-#h`<2;p=Pg4G z2kwchM{HPFPGNXxw&R1H(#V#d8pO*jvpSR>{gact{`C~-rXLFn$45sGV=O~M^v9b5 zZXzI*x;}gMWpZ--hYum8rI4|7a}NQZo!gr8voT(O|4hiGvJhfnT>_;QO4xV*s|M5O zvw|tRz|=VYf$eyxQgZEoI>+=<6C(fRzH+e51sA9Cw=?n}5s&rN>G^F(yL$6g)e8n! zfBa}29qo#f`bV2CiHq>`+gr4xB*$sn#3uE%=-u=@KkkVjY|50nTCn==cQ{GUKKZva z{{t)zuHNgxx7J8F;EBbxv+Giz*Iivz+1U6V=diL|CLj=vh5Na|M;q8t7f+G2D|v9g zxC#g~)>KBxkA2{tGS0?&{fmj5JVjxo-%0?Taf`Ak?nD3b<)y;@L6wl*>9%yzyJyCB z8&TiyDJlgBgsQ8kU?SdsV45B}nEgC4HkSK=sn^9a z4-IK1C1T&kQ2f=s;P}jsRH^fvlv^Z%?!8U{3Uqe@6gGMnG1Q+Xr>4*l1ts=m!kg^9 zM0bda-i-7VK2bTpc!MVh+jdmbRmI{W5#LE}{#OXDMg$%nazRv^MN|b}V^#7+*tr0O zLDFBJtyxHHfKcS6-mKo|RJ^?9YEw+>FE-ZGO&x9{6z};QdahsHzR2shk}Z9pL-nF* zdnrrp;^0kA`s7R6fOG3Fe~vxn4QUv;x0-sW8JOwIJAN)`SzC8qoUKVn+(3}wSQJ+{ z`?>HVW(<^~+S(J}8zv=*2VBfPdMu-_uOSok{q9Y_n>Pt^optE3H4$Nn%<($kY@9u6 z8XW0MzNPuj$rXpSYty`S7<2aRp*maW{2L~Who`}!@@Hd4ma8@EI6dzF~)nFo8yn(rQ_x8@9tK4^eFPXhz^IAw0e2? zd?}~J`7z@jp~e$Ux8pRk*oKQ9m!%Gn6WzS&1A$NfB9eMP52|Ksz{Jg6>J50-;0^yI zI2{fQNR~gd7Rc+(6gv+j-rQ6_+Wh!$k?UgGq z&*~^S-7+_uhi-0HGc%1*q)Td9J-bak?IrmiyWa{%eWwcwuVTB;a#T(v!SsV$_$WCq z4+4L_Pc_gsTDBS&zcnJnYcLiKkhEX;-O$yReb{t$X?L)Sg;11)=ysQtnkOh$R`SR+?w0{r9B& z)7!?hI-5$KCGPLvMbO=4UmFB%J3LjNk4@T8iDyNVO#cFQU$y+g_!E>1@@H7P1B zwHtkEY`Q5B&0R5+D>&!~V@QUTIy>#b#v68YSz}2Iz@D>mIqeDxs*#(6+Oqc{^2X0r zj5$hS`+DD#I~?l+*!O0UM6Q2+n*W-_Z#w1h0;wAa7Loe;wj(_m<|ilR^z;NqdZSyN zJX%_^Bma~=`1n=8Puw1hhDaJ3>c+<7`sSCmaoiz4-(Xp4_*v4EhyLzEBcrV8+U*xp{IrD#+9T z@@W#YHNy)Emz$e1_(qeTx2a$Ir*la2_>y#c^xN=oaD4n&sZkh}2;|qG_~(DOEWY5w z$Iz9P^$3Ape&a_(dJhknsqdSe_E|y#O!~b5$-B%8>Msh*-;C_ojMV+gA`iv&8;`6Ku^ti3Ma{RD-r#ZXOvxIJg|IEa;XnWj zLI9-lIvm%M#%=f&Nl9pGYP||kW1@DcL`P!8u0y!EH3I|le0*j*o>w!*5M|^kAsAA{ z_BtcO?{vR~Quxq?o4)ZazvbG?o2*^k-D9yxz;m;*0#*m_qE?>rLDo@9iu>B>0r*P_ zSy(m)@@mIM3tBjDhQZ9{hP0X2X+Fa2O3E6}I~C?pZ#eobY^?JfO+RDd;Nek_Eo*AE zVLqY$__*NoREdq;w-P_rvCBb6-tUW1BA@IY-;+Jn~U~_U=Ea( z74}o-5E4UH%?M;XMCN}Dq$PBaQrFf#0!nnfs|%vTB20LM5?P+Dtfj52yiSzxF!PpmfacgLEQ?o zkvJ)P5C@xxwKn>lZF~9}8`A|nb1G?QkN^W0^jwN}sb$;bhb2aWj`K)VgjVdS@ zl$x3Xv`tY_T>=3`(aqo%tBrMAduU^=i>|+*jeSvQV{5y$`iD$xxUcW=^z~QYj~_ty z-`W&wrFVB{$Hl_p;eVpjkeb_4eaC52UtjiSaH3!b1Vi}(F?)Q)8ApE~a0ov?KWGQx zvQts9b31@MA()cWO#$3oEO`*b1zZXfYgqd%k)ud`bXTAKHFE6C$HzbxogR&Y9vpx5 z>V&jQBI;J*;E|sn5nJ-)gi^M~JH2H01Vv!L5|uB@^j_Go?eBNPKTG*tgU>fv$^?wZLNdWFu$r~8{8sT6S`(mQNNH= zQ9%a|Q1t5ZG9=ucm$}@FAB7YYMJ9^m@qq!^`~k>%Ajgr{_BhhM`RI|Nak&myl|f4$ z9u?Ku(GeaIHBU?=dENql5`owsG$eApJd;Kml}YL1Mg4pgLWO}N-ZPsJSFeyiaB&eA z8b&+s*cAYb+ELzZX=HENiK}DBc-1F2H*=5m`_6iX_7hcW9(>PM|NY`mM+N-?+%BXm zJ3C_(Yhg(H{#Y^nTxrQYI<8t-C0JFH6|E>UnUbEqckHy2$eM1i2C4RpN=iyPD0KAA zDS$VE0_o|4ng^Sqxdj2%uOY#} zS_Oo)ps+{RyS)M6x4>C+4`=8<_#n?-z$bIr*Y{;Dg0`c{`GbOM;1sHFO##UG!0@$= z4Ol9cN(|2OTvfv8F0Hd>rBX|(LUeO~94_qaf>CX%JBEFI6Yk}mnHj!&fmZ*JN*4y6CTMX;k{4R0$4l9oU1D*~-oiR3`!SW}Y}YiFV~a@_IA z`EO4Tm+;Zgx4fw&B#o9mlk01gGloWH&RgZCQS1z%9K%kWlz&`IOn<++QI&P|w{M?6Fr8iVUg(=s-Qu1+1c-jf zA_TQa=0xskcUKqm)R?F!+CDGoXy#uKlkI}We|fp%%a^Buf)5lFTzq^$#u4%8(XNq1 z`Nz=XUGtNHd~SX|tcV|(@AwUJb4);K=QZDkYrmwgqjNl|8X32fkA(xF zE8gcKoc#O^Ku6{V7v%D*Dp*qCvBq38SI~ShY0&UX z$Bz&mrLMlRwl+~^14z_FZL0NuFs6^CrF7lduiiVfEV1!WWvG^dpP;ai{^~XYjIh5t zt}iQCs$RT^sb_`!Kgbk;b9>^#!{15;NWO8VBqQVD;kk~Ceal;aoOd(G6Z1i*MPzt5 zyr!})i^^r87d9DiK0)#vcFT%Nk)1)jksr^aTjEE0HgPv z0D&nyTL`ypWHb%n1nNyNfV4hGdEG}?#5S|Me0|Q;)KskEml}s@n9A3od<3{bkCh6F zpw9<90#joT8!V^r$XW>?GxLL$!7s_KRov0ty}*MP+yeZTs+yX%rse}CUJMz|>^d-g z!ob7F0W69$87nxIT0<~lMbCX%rgJx_sCY88xSrE>mg_(LpCsWc6I>Dh9?_dUWSE;b-;p8&gv0fD|s5wHwkEL8zL24{Q#oe5sIkJmOkFd7?U2Fep> ze}*9iSBA|TJBlD0<`ynT~ z5agx_Vn}Z8Ey}pKsHnaDeJFb=>_Td>5G1$on$^GeEi?VoGzKOIsD-l>YAo2s3ZE9i zHg>xri0&!=E*l*)^8)POoSmykIJZ2!CVa zz&8>A8iVDn4tP4K$eLoI@DkwRfg%8|8FPDh`ylA7U&jxUpIZ?Qh1C=mBy@BO@wNDf z7USs2UEi;lmy)6xuYUgC<^Vz_`B95;L2d1``gNk~S5$%7Ik2`?#nTgoTkOH-Oq#hA z&dTEqG}M@&B@`s8A9*nfQeeD=4I!ON{r~wkI|r-J>M1*WS80>KKy<(e7cDzGPK^A5 ze4LgR*me*}5$1tRqLvq-R?d^}wPZ$^10xrF5Ei5{NRTmbLQ@E!A zNbvsWi$$F5)R}??hcL#7LtF(FVd4u{(a(8{Dz@uRf>k>YA68*vCTnPzav5OVK!m)y zcf0+Er!|KnfF{=i;ix}NGHL$07E|Xra$>D?(}9TjaFJd@bMu;H2=ohn~^R~ zBm^;5W?!Emzh#l9w`zTW)HwXb*t`_1oDwXHZ>y_kJ67cV{I&=QxZt#j|BTW-XS2Pm z0Gcn=B#Z=la6X@Q@hBWz35$h6!|9vBK|Ms^`FV7F3^GLZP7#W`J56t<1RR*+Dk{Os zIyOA)x2$jruh_*k-Q&pKPFWd_kL-DQbM5U0w~>WWX%_DjLX{tbJ6zvN7!Qd0aM{dTiiBcG_wknr`)4GYT)3R+EIPID9yhwO}hs~z&Na1en% zCNMD(PQeo=VdsaE2muFdnwny_#btrLbIoV^@5OUY%th~HW z4eGyoc!ElTHIDW+Izl;vt;g1Dhv5L;HUU9G*9dA5#Lj7GSerq`Kp43Rrr_AvJut`f z@o$NUbWu)iuCIHY?7o~b)KE~^Q^@x1- zSjg326Y&(Dv%xjDnCc%Aq!!bnL_mls36=QP;Rc`Cw;A+BUD?pkt8FoSt1q%6RS2KR z$O=5#DLJOr47-eO`dBirOg$%hdnNsluEi;xqF)(s4b4P)ZK_x&I(`hR}wDQc}KFQ51I_+9=I zs-b(N2@dFZ{Fe~Y^%*Lt(nzcpF_iy(?dBCi(4r^+UFaDI1Q3Xa4^-t!WQ>FU51c`T A2LJ#7 diff --git a/static/images/docs/services-detail.png b/static/images/docs/services-detail.png deleted file mode 100644 index 7ff19b8209b513668ed6aca0441179aade3b30d7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 68514 zcmdR$byt;b*X}_C1VjZ91Vlty8l(jT=?(#D0Rd^GJ48gJr6r}iLmH(Q-5t{1o$us% z-o5|ZA7HOB9QVL=uZ!zC*Llu3j^ETzURDenlL!+D2?<+5Tv!na>6RxF67tp^H29nQ z6Sd*+pW8M<5^wLo%k|EOZ}2mQmAIM>5)#(n%^&1%o%`|dmxQ(=?`)MU4Q(BCtqqVI z92^*pElh3nb*&5-Ev=1Ww_Xt;Aw5Hq5Egvv7`G8`=lHgD#B*jUu-Zik_YT=-UOa~i z{Jh@&eteVCG)bvNRf5dE=M0P@{?$^qFuZQhku^ffR)Y&BC73{YArDw;1k*zKhEX=|HE!``&h*Ek^P4wiybA z40()a1G&$w=sbCv;VC)F=b>$HDDV@N+7@MHD57rOdPhH&yWhK&F8|8>qluSPb^iU$ zNVu9;@n20v{rvG;NM6RCsdiDw-ze`FoMPT7y{+dR(hCEhO17tKcjjhSdp5Qm_&YT)@4Vz?i3%z@x}=p+U+(M~(SNTu zooWZyvgLm|Si0?c9b-A5Yc)_VgX|UA{qvaWA+ha~Pc~T3pZ)J^#|j7UHS&L7UafZp zk?|h<_vP66;Q#r?p7=}8n$p-WiDPe!bs5QZu97R8jq&~&9fjaJ#c)ia4^(w{F5zdi zXVTOCL;REZKq<;{(cCQb#SAOGsyHs>4PqwyIsi3#g5No76cz*bq2q0ohiuMr?rCrx z#r(vx;P90PH7?k#Df17z7=jwKzHwCqhqt{~FWU}uD8T7rkoBf*?|FVO%3-ZI7hU*X z!p46fHC0%PYN?+kpfh)ceK&0hUySZEY9aFE9qz7Qi;32oO+iceX?;)BPPvWB=_#2u z4Q>4UQ}Gs4i;hQpG$$`P`_~ZgnOVm0M@vOUs}r}k)CCRH6yU-%`A^6G77gj(cr2R1 zXBM8Q@6sAoTnK5a|3%5V)-~tf;j-FDEa0j&#!&O?>tc{h5wHIgkJ7 zmCb#UX1$;C6Q^Z#RWQ>~xse`gjJ`K92v$8NJ2@iu4@wYZlcKev#xXj^b=##mCG>lX zN021n#!_bAG(Hxla#g!S%#0i=J~*kzf$1aEJ(QwRY3=xM_0vcu4Q{cRWY#mRtV-p{7{JzgR_WL7Md+48R zeOwYP%o0V~PD#qGJqfD1b2@mKi2y~DA2_7lJ|rF{d<6D-=wd2ve^Pzw`wW^o|8sru z?|0_@9vKj|T52n+|LZo>MtngPm>+QHY{cKJ<33q_US{-A%9f_PD~XHKyU7&!pyurP z{LERFpk4W6)WS%Gf~(*o6lxUtxTrs6Vb#A2-3U1g67+le9ilI$NxSHOd2&$I)Z+DY zUq0}s3|}z9u~~f#yA-kLz0UHo?EPTQwW$RTv52wYz1FK!(x{_+3kwAz;p%B}!sDgj zZ+5mcOo-*BA)C1I9r9+Um|Qh3zY0!m!Q_;YNj=O-!PZ|&ga@5M6jjb|!|{GRC1}}Y zp9y(_)3nr+I6ovH_e!xoR$5)g-kM$|XzQ-qKmGBeCqZ6*gvKntHm*(?;D}q#1_$q~ zvSI3DO)TN7qPUSOX=~WsBjIz)?&xUyP55Vwq5kH2`J~#d`O3VS<95atET~%zf2Sjs z>n4JP#qP(HeutgbZFc4JrEve^eDTRr0oQ(;%x9MXmxR=HuLHL=_Q?z9_lEQ0Lhq2g zuJfK&Kb?(4kbIa;hBI9Cjb5K=dLoX6a(t(#J(T>?vQc8~=9u7}bpjyjeeb{5Uo%h}Xrza5yUVM7N4G z!l0Q#l?aRz9FM( zmCcwVeC6c>{U<)q4 zm5F`r6~+aNg805i(UE^J-=>hcZ>TX;gDMUJ_RLf zbld{hcWX9gW{$?c(~neVwjAw9KMRXhXj`|SCQ{Im;T8ok!ud!k(qsrzdFXC<-;JFBbs+`C=&`=6E} zEP}-R(se%E(9Erq)X8w-CQTkmlY>V{W}3BDduyYq#r{otjGG#7>_oWZzsl&J`1_9? zbxn$iA`gD8%^>B-*Zx4=9Fi}BOy4F+wl~RNjGIEsgb<_3Yw7PJ;dQX&!H##9JNAc- zspl;h681#Q-T4--79ZTbmGKB_!Pc9tv$|6u@L10N{e z`R6vtfR;hTQ&{Qy?7eM>zW8#!uek2^OvXj3$TFzR3>@LaWEm3v*v)O7m`2;(CkKQ+ zzp@PC4^_hPah%)*Xcfr97Yy_k7j|Dimzd%`7;>JR>?V}*Rar=*4hh4<3jP*bkzYqP zUHdgG?1_|f7whHbTh+*$FD|Q3m4=}+tvL5Fn<;v(mimDE?1GEzmmGwY->dq>jfHpC zKjuTEa#&uL{QWZ!JgkMDNz38zMqOEO=gO|lKyic5)p*J-Ni+s32VpHPapy^Pq$ld< z|E5fD!$K1o&~-?P`&UY;n?YuhfH3ncs=d(KTD8vd_??POaJA^~R;>y0eJ9c@x;>#Xy^!9bq^;STWJ-#GT4>+h@&Qij&fB^90kL@}lckFBQWD_6&84NnD5QciqP1m<5W~ zY!ZPI1LN9+w5$hy!qH5Q(!Ja&Su7c&(7r$DT(5t95lo$4*ZnO@V1!FmSsQU=snfTj zaqC*csb~44NvBzaWMllM_^%Kfy{?Kl&1)1)AI(c5V(N58^(^)XDHS0KV*D-&PIm3h zlbEji1;HU529UmxKPvBOu!^u>t)&nD^m?{PiJDzBD;rdB`n9OQLvBPt&NNPmW49JZkLetHZN@Nb=K)+<^Aj9nWuNg% za=QBWqyC9IO@kvtLFgM7{wW?FYRh~Y4ulN{&8Ez(CH-6u?i1Tj&eoL{tjG8aJVK%; zDv=N~a=$`y2#Me*mu#*_(K2}1PT%$rudWSd%Y32pqKYvP+*nk*AA!nnL+%NIF z_o_3kHpj2d@e5mQ6th`3waEzH2da|2E(La+)+*bl{3x)qqsO=ul@&x)^zbk%pA;=j z>-23RX2M7rGA@(aiH^^f<9FXGhyUx(r{kmU{DWxsE{)EKdv{E-tJ+<-e?Ag@c`2KB zc>MVImBkew3o{F~0ADE9L{w;EXj71-PTJ7d1d}>8h`70q`V_GJqSbkO^(Xg7%S^-| z!K((Fkx^4_CG-rurNP5g7BgO5aG&_ZokJk|oPh%m^7`4U(-%ii>poBl;}q^QS!naM zA~;2Nm&T<`{*bc}1Q#EAFx~1!)Dvu?%lvJd{2AWXahvp=n6i^`7~;B+A^kqCkI&3+L$y3!`Ura_Z@LOEKo9uPts)6 zzied_ufa#6K}X)!ZY;9>=%dM)!A$3~@a@^;#Wu;RQ}y16-Qa+<>oP%^3oV{ChdZl3 zycfV=wjwak5Le5q6du++)+HqYEoa39|yOme=$LJXm09{EKYV63N~L9 zZ8PpRQ~REy;}F_e{(?!DDba*~x1`JZkvPDXItwASUqP zRBKmDcUSC2>f`(;W4XWZ_-WtuTT`KX88d?D&WO|-klFHD%{ zW=5ymT4A%(BQjdPH(d4E(8NIQItGim#9r9zbF69)Zm9z{r;x18hsEXpEc+f5o=XkI z!N>-QYXc52F&rt|6>i;o7Il1(p~&|B3R-CLA2uXr zK)31b!I;cU_sB+rTHRrFCTU$G?$%?-mX%q%;yEv%%%S4hxdWTMbc-hhLQBTs&wJh( zAD@_x7~y?Q$B&yX{gUKnI*9kWQW{aOQ}(fz5` zZWXsJo;70?hQ}$GA(dLl(m{7_4%KVpzIr#s5tqG=jf*RGMpDh0Oe1p|AGNF|9d4AQ zqw|Hdsf7y_1Nq653issYF9gcVRe?@H>{!&Hj(i~~9v@+nWHN{wqM~f=+QsSF-ycup7LmH+ zzp_HeZ2ZsC1|dZ9X!6i zrLS`>n-XYGY-2go^S%E$#G0@ZI-^f!0}0C>qiIDZkr5BtS7i{X9VJ&4e)hFu+1*aZ zL|$G+gpidRi|Vg4l#ySSd`j&xk35Cd)z#f@`S-{lW4b=*7n5s%Um8i$TY1@h<)8^I z(Qdsx7mv(wyXAju9|z3u#0t1@;mjgzg|Ba|ZHhBS6>X0k%hTYU@Uuh`Cgv#z_GyWB zF0^I$aM$h{K{N`@Pch6&U?AK0Y=UZfHphN)NSu*fa=f5AdUU8cbomq4SQ&Mq-Yudy z`ITadP$mt-->w2`w)%H7vq(kwQFnOeHne4PFC!sY;X>032Wf@yabNzicoVLK_u3kl z?Te& zmaDwPm-OH7CAhzkQql}LN?YM&DKBiUuV=-UkS(qfDd12qTVF963>T13*KzDMw*Aom zVz1xgCd=DjCTR-Y>_2*v$+rgGBVURgNDfQC{?%O{j+_qDL6etigbGneJ+Qtj$!KQ4 zv9F9_SD^bti?5Adp0zRa#~Jm#fr$LO<}UYIdvh)7nazJYtmKU6ku&iLZfb5?j=Aj7 z1*%*nGdJRe3vc+JWB^S?SdmiZ+wA0FFX7RIYqYxVpQrO)W^(qH@E2(wwCc@)`f3U|MyrfPh3so0p9E$M#lSAjBUjQys)16djA5c*TTO0*1Z zf4U0LAzGZi-gXdx0LN8yq;d28c*b`~VAkKE@wVAecjC-sgzVvZ7If?7ghE69qqap> zD9+1XcpUzE#ufujBS>BJ+Ecze{Y<{4qAKX5?}DY(edK0XOb|K@ml<@_Q^rNV!XGUT ztxxk&(@ca4k*Q96c*Zl!EK<4pO<3=1=asy^Vuq!e`u4IZ{bDmJ#TTvjQ07v6i5E*w z>6jfO&Fr43$u=W>9{TMc6T|T16m)@eeh|RkMn+^(=H`=_#@Fy<(t4Dw5c5SFg>`(; zUlpkUh{HpnCR?Fh*m3$W7eaAiO=*>~iMGU)ha@ z$?ll3nazgoDKXQr07rvXQ6qh8*?xwtdn9qGt`=H;H2I|-+0XV; zrH=HLLt2Cfle3Is73Gbp5|7t-I8co-Uh%bUAKme)_1bFZV8GcN+N9!#DIj-(V1;JG zOK@PqQvw>YawUYV7aiY`S6-T_r!3TzE|W4|RY)2OUR!a;`^t@|=R@v;j@Prl;w`z+ zQ~4i>*stA18z&SD)L3A*Wi#A1ovHAh3cBTxH`|}!0aZ7&Xzbh>jOuB_8H*IOyspr` zmcHn;aOZ=HI60Rl7<%+48s|z1ikW+#Ozsi*e*Yn)QqLO-y-xH5H{1UHR}F@zRL*Fk z(&{I?NpI2i*?!zqL5e3LDmDC{F}CUR*nD+$?TNA!qG&s1->A+YVYzVPSsTnay71mg z6X5X#tuOG5zhCbScm1IQ$Ze|}XKIi{Qe}_R0)Do8`laO!+kX*)rcaPDN+BdhlW9G- zE|eCHYUyV25<^qfix7DVXyzJDrqUcwDJru#-@Tf==Ogs1yeT)wvMp1!UJ;9^Gk;8^ zx&K$h@ca8Dd?@M;ByB?}*FRz&WbtU{tZ)o&Z@KreGcR^k-EzN(L(Fq3jD9Rew*AY7@`v400WD(>Am1Nl-m@1KO3BlHZ;%iQtPS?$3W z26i#q+ajMV&~(`+{@6X`Pmx``|7`wiu`U6~&bwi14tW)1QYE5G2vId<1^e~001afi z`z1wQ{Z%xPEAKxV`uWt-Mc%W3Y^|*SH3l9L6R*(vV_M#eGMdVb)Q?a;z;oaB^r?*< zHoZLv64cN~F>;;L&w+`rWI!t@_uz{ z4lB-E_KfIB5jw%uR3qJz-xRq+u8#+%7(~-h$Ha5!)+1amj{f9jC%;WYS{f-$gWV#m zhr#1~_KlJUY6RVXy_ms4ZmZn8B7w_Uhs$MEUG+z@AhFTXA(XJKomMN(?(F+snB8;| z+FYTfqw>;u8!`I>+SpPSQg3ooa{7WGQiOoUHVYNqX!U{CE8fFKMEe`Ny3%L9Br|oA zooV_+UfkoLE&tHa_p&z`_{~DQabk~jH=t{UbH1zkEPq7Z+xsX_L9J>%`59Z~G$DRK zS6&tkZR%M$3#|YjGE#@{MZVV^kQpEN6_#2xg2=~vUne1&M~D13bB3XwQ-;Up=3tP- zScQ3|YOl2Z4{-{W%D0scD^kH2HYdj&1i#(a1dcBD7`6Gnny~*cPHCp~951vr6Djbs z;jYnR0VO?)))SdG%I5u;m}h@RzTJpdv^uxEvbGQ$+na)2LC1VPlTL3}J6e5gen_8& z%$LI&T99`gDp_V|Cc+XEl8AnX z^E=Aj2$c~jymgl?x{C{5$t{=qS~JcUe?u_@bx>(MmI)})a9v;jhB<<vZoUY1DS`o(;AL7quJTxic;KnsMVx&C}p@9m)nW>e#kMc!Df1)@7Ap8o-bRShH5gkQBHMV^MHQ<2ek zF@cT0a~T z8uX6-AKaJ;%{x}(vah#j`udt%hWsJyr_TJIPNJ+)2T_~#sw;7{^n?(urMr2q6n)z4 zoaaPhK2<}*(AF~D81<*eEh()$y>VFPly{k;V$%MD)&SaGKkgcRm<}7&RGqNd1VSUG zku~i!v8yEwo2TmRCjLw+suD9W-brON@#fgDG?nkq##GMdy+%Hqxl=iOoK^EK1~a+H zmXtTvsDA8w!Y`H)xoyLJqaNc0Zfmp6U~vk_TH9V3K@a?zvIV&vudC3V3tFDz`W4!! z{wyenA51t(=deaVz)AZy>T(8egmxH!B!6J_<xy#)l`Kz_R zlfx1b7HRgh6)e!GFGLu$7TFw=ak3{wSOyHPG#%UxRK`!~)t?}8D>$2zXJe^!cMkr# zSdu1Rz46q^y?(f9P=VlH=I0rc^H+=3wR;X8@7#pJAoHpYuY8!{x)U`lF_ZFDT3tjv zfEA~9%6#j-G5hJLnTFHMK$SgjS-o7_uRs%If9yZKgP+G{wo_q4z#@&Ew9_Zwx@R12 zldEP}=k9!rBKK!*RPatwGtqbRki`dQ{;BHYI6`#zBb%Q?wzritkCwXGwvn~JAG zoCK(9wAuVgWRZtrLdXG?j^Y07?W!P!CGq5^73n%QkuOay%rWqGGxIpL@^N&ul6G8A_x5tm>3BKbnY26V8zn4BENiafJ)1Hk zrcTMlUhBodZgWxe^%)@0J^GACUw-H}DRhj}JS1#UHeco)Xn_~IL?ytxKa#E{4vC8>?6^$MlC zr45v`Ibzq8)l^k^HC&1CdzH`b!!LP!(phb?czGVYe2`8Fr3;C~zbJ4+JR?e|tz)Dg znP&$|Y+rU;+MLO&hcs5*&zJ)WA)`FL$jVAYMOi{n1ry`fa!mbPfGBPk@9xUMZ8rRZ z8x{NZriOn+Nydxtr|%a!5^d)9BruB=Pxd3c9PPJ)<6U?S`qw@`0l&VNlht5p`8ZKE zS1VD$@%V}CK{NTr`KFstuw`rQ8&X@_Lz?am6C910GB9pt+~>b>RYx6?%CuG=-+?X# zJR&Nd*$38@cR^QKdFA?b+^$jk;>$Oia|kuM&Fkd5TkKEJjDWoY%Zgxm!@$OXXqAn zQ?RGglS{w--FW*WU+craVXMun-`EYHkm@qg>unccMQ9ZA&4h7Gq3Ij0r%IwtO+Jp% zVAIa&^nu67(#Z_XM;TES8uJd?gql)W0qsK zqw8I=P=b38h+RK(Xrb$E_7lB%h=q{ClnBOZ1m{Wu%cDA{6WT!9ZKjl(-=1J&=AM5f zD#+u?`7r?3S153A-b$RA+xvqpjQS*5W<>BEPq`3TltNsTNdKXKfXlvEgr2QHK+H9E zhc=g}{}LTq$RbzfHl{G7 z#2jo7@6v!LcyVB%to{oF%iTggyCO0LX_!mD6^&%%-3#{e!e1k)l?Mq2#b38a3JC<# z;PGZr*2}at2%yugspJW1q~oVv2w^q7+N>-#X_pMhA6Y_do(1UjvSD!-ZSe->pW*h% zUMk0aA&$}5KNCRSIJYBH4Kn)&;1%+wwd<6ARt1%1YiYzx9ORG21n9V4MO~qdcWK zg58iZC`Pp@JOcA2cDKQQft64?Co#df0T&E7{GRuj_G>~Pak`yR(bgm0PsB3TJDDmY z16H~2N4@TD((oLtiUQ^vTVOmRhy8*U8LCz~>S6cR7#S%zu9*l+2j0UeluL_n$ahrn z#znf>?KK=#z`_mNg_9`o=R;@SdX|I(-~EtEzL3LtKQO$CeQ7~EE935R(J zt-#UIoj}9_K=RsNF<^LcV$XSL5fF{&vt3E|#ED>N|H|F?qPV4wvd>zeLThX(W1pyZ z@_}MiDA=@0d2oy0rhc^Yd}ka{Vs^ds=m)uX+0lL6_$88HDAZWD3zW>x4hX?g9vrVK z^1+sKD-|*g(Ff&TUw0d^MTrF(uKXfe4T;~v)kLT!RT>So_m2zuJjs&Ec(z6z&0Kb) z)u{*ULqFPUANV)>Y>}M(oJt72vIh$as=G9hM6!!|ZpEAu5ycDk3#_!nSU8C%;y%yws2Nq<)^5oDPvxaHA?M%r8bUz@ zSt2-l@LO&erob8l*qU!6@pb>rrbmW630J724Mp4=>Z(9st9K{zJvuzhuDdPRuPJc5&{X8k z7fADXCA?T?>A@5%o^#EnL)?%ZgDp5a)9M+w{KW^H7x>Csx2*!6`~1Koc=qw~2ay?qcMZDlbbF|Q3fAS<7ywWTa@Slqo* zQ-!VaE;(!r`2QbkywiuY5@mmUwYmPrJTcGo{b=TE7ErALbVwD|`Bn8F765`pW5ei1 z{)lp9Lii{fn$^Tl*DaUSyL+)KAA`O#}+uj`&y(x~#UXRqnXFlWheZvS7Nve)(wW|HTBUk&T(9j!D%VQP=`2D0n^BF&&?N}zNQIitqkazg!6U10*?WpZ zM#QR2&<4Jgn7VaKMo{wY9e@Ls6S1W`jVJV1+=gPHD+NJ>=Wc>Ed?*B5Bv2-^d(K+Y zq5hkuu*16Z64htS7`#Av-lYMDmsMw91M^Ej1p@Pht783gOxgV9cX0&^9*kcEgF$8M zY?yo~Dd+hbv%5*a2D(Jnyit(-xn@&uY&jWqD^tEr?R1Ie;w;dV71auA>GmFRMYk=s zMP-0nKPo_(`ex^Ktt*Ygv6i$z_})rsz-Qjy zj$+CraoL`^0||*(%jgEXxV}Wu)-0}stS6#veX?)h)&CGv$<|Z09;R^~Y<*6DC-k#`CEFr1vS>Sqri1zFXp(gws2UO>qQYBj(U!Vmpx z>3CYNlbYqV)MTAL@#7!m1G$FfS(^R%chda3(P~9k(uY}eVpq-38h|VUqCBp|KZ01v z4XS^kaqhl}V~s@~bzm!ERcd|(@$L$Ry3cZaoe1A&V}VPBDGsnHyMRu5DD{JJZ0ezh z6wcFxW%iBokhK25+@CE8J6J3LQ*VIj2v^fVDuvTisvC0jE=m=*A-kPvV9>k-+l4}&!YH}T%i4Ym|eK@GKTmS5`% z#qBQEit@mO1v>fzC`^>#IRf`I^rV6b?zQb#7oH&{Kog#owRCwG&Ns{qv_?4yO6~g# zol9vz@If)-55Q)SIS=#6*fDspb$@y$aREYnKcQ;VE>$gIXF!-f98|iu-MkaU51fZ= zUalsU!8vDv72ClR>nuD#Zti-lDnU~-h>!qNt#ZrdrpXEq3j&vJs^yhb1xpXRq^OUO zY(w{=CSS47=UluGL(1Ua|67}g&+=C>4lkgmTWT8L4p~`Y2CsO#!&rdh6>9imBaO5MYpxdZzvTCo~mqX5Rq|#DMyWw zKsfYtqgMQMC}7FK1TqrP(SOr*oPaU+moGCv@7`>z9=T)jH9-|y6LiBTC-dav_kRla zU@&D56}hzE!ess7cr;=DO<2<9^;{VioW_3O&%spk!{llT?8x{yVH3Sp1vwF@;D-=W zpc#Vh_`81Wy}QnaWZl#8%8P)Ca{b=W2f|lTJ;WPC5)k`t@Ror>V{G@ONJJ!40_==u z5e6clzvz!-lf2P6c??w?I|6M(y&G^8Fs6I}2L~@t{9G`M9pOVVBMX)!AaQzn26C|$ z-jA>5G6LN*=0D3>8+IsK|Ih;uT4<&hZ$ia9X6Hx|HYqzoXMF!Yln8{(`!LUDZ)-=klx2^U?^qDYE8WioZaxbnG8f3L`SFtybl2M1>k#cmug}pD zN1=&O*y4b(6=^36XE*gf!0aFfduFu4<)dW#0v z&uV|$4;lf?$~b76VXA?!xpMX9*2;<@_^qt0^?hm!gGIFdbUZ`x1(n(Iloo`Q2m{=d z6VvGjO}JV-*s-Dp#yGmv_JwnY|7tGI70T}A)!nG~3*X*fpi3vs_hz-FD#HMRFk_er zgNI|YkudsGs)JFL8kc+Z1qOyi!oGkl+9fIbq5(lKMQI`3hev z;3$GBS|VWNm|c9p_fB+6BGL4D*vTVmAjW2xO zQRV5Knl?%R(Fz-WXN~_0Xmkc6!Itvs(XE~_SVZ*mS%(7FW{0W}k3=f^dXkJjNNStB ziddvn@6h2c_Oa3MKxvpBkUOm7L@N>xP@0fE;r>mA>*t5f)7@@26BZTOFc_?wjX>Sj z@fWB6}z%}{O9FF$cV$zyRz$*{W*k8*QwJtEmFocKv?xAySZ?)G!G|9wph=$My_R9(F*Jslp-jf7c zZ3f5&Rv+o)eq2+fhX*niEouOQ1Z76d<9KgN|sO&gh;1wkN0L$Ss_rm|#Bh6sK6q3RcPF7mJ(fXpu`? znoT4H7UIyv0A1jiAJAT;XH1(^9(6p?ZuN{!Ip-ng#f)XQJ99~5cE@C=1HTmM@zEUh%@P`M zTuK-CF+olqe@0jke|2Ap&Si;yEW=PH$A8?O0-P?}k3&f=Qxfa>C^zW++J1u(eleiL z;G-Z;I6dB)X57oW1bT@ny9e&1>D1f9C6c zipU;PM4iq|ig~cENe;a`z`c4~%bwQl<^VcXp3F$X@WuBW%j4<`%wV*N`-4bzasi8p z4%Al0+a@hFM|tCwpn>-0_s}4H<-ca}=pw$E;e&aRyFd?sNO*IsQYKc6VotUSfMSF) z^V^gZz7=d|m=PJCZM*tbat=_8^tG*BZSDsu{PGpz7U z9=J-JFu)EQq*aA)$LU||RQM2$r{VBD7|ZE69Jt1LWEBFcIQiBdZ5iczh=_hL0tuw6 zGQL@*wB+33>sP$TO2iMrF%N{&7Suna*(n^7xZIrd!TN7TP?aIDgYkD%1OQ5G{j-yBvMcACyG zFE6{%za!8r@XD{F!Lz=}(8oIpQo1SFfQXBBUOuUm&c;vrL=D=1D3ga@f>-DZAq0$N zO{){zj(DiZZXtyeERy&2HRhZ@fJ$0(wC?WA)jSk7$eGCm&3YKH9RSP`(pAY`y8?$t zcfMbgeG~-}ZJ;z7ra z6dgaDd7MlM;&a&+50WS7qGkJfe!>j((K&LQHO_Y_m--bVif_Qin_?G1O7lnz&L0$@ z&-V?5y%&p*cYcA+3IxmV9L2X%(BwGHCn8O2+F$@6ie0Cp1y2smVxFm@CGlW)RbN`<} z_ko#IU{p_XjMnHgfP-3b(g7Oa4sTIPw{`FfOrKl9L^*5mn|I`6ZxjAh?{z`YL6Wd0 z7hY|3x-9K~&$7`hH;A`2-tN+W*nrmYVfmNs5bWG6bscpA=dUd_B?`voPbTj)Co@_c zvY~jnRFFd-eB+!&Lz7KIn_ChGYzvs3Nu|$XPkwHH+8~~pDI<|_vLsA06GOt)GSGSS z+Y}XyePFS^35%&R{H)X3R)AhFlQt3ryc;5rkYd3)24SLIeM{a{F!)vdb$$=PLp>{} zh;RQ2T@FZ53~K``NyKe*Iga` z4lT_uC>%@-=O=Ldnn3(g-FBG_gvvW^YL709MKu$|$w5TI-jC1Drx=6X(xB>Zsmu2C zJ_eSe7&jSt@z`X2_$c8J#8zmpU>hgrSbo#F-UV0d@3EhTN>%nmP5-TW`6x5qwNb`ZaA!jo;;mQi}`}et}CZH=#2O)v|aFgR;4hzKkkXUP! zBHlG=W6T-h8@ZWzIU?JhMGev0DgAQZ5 z;_F80I}o!B%Y!`U66SG|);MjHA_yOV?SPCK`6|UCD<|+-mz31ULRY9FsK_>M{W%}O zb+QnESaFkpcedDt8nZS0i+p6lKGbC9(=RuTTULTU2mm_VIt#06koU2PSdtkj6lb9k zkL^aT=7&cg-ArgBH2n|TD&8q5-ln0>xyejz*-Sf|yf-?Q0dJN0KDrzELzv&pRul)3 z)UVnV_ccS5vE&D40}&?^^9C4PltSl(nJ;CHzW%R)IRre;Xdk9ht{+I*7CIc0!B-Bs zG(tne&1nIz;XfE6H)g1~aPX%d{rO>hHM>Vq_br}rKhM;@nY$Ba?`SIX4uhNeJ@{{( zI`ZY@^AU(F_!gDj5sk4h_RQ7_6Tu+H{0-bYtl9_Ev1a?hc-?9t+Hk8!Wo+H7;iF1Ne(% za;3FJa;~>J+Y&*pvBG&N1G6eA@@+#zD#n5wAW1;8hkw8RQH?zBL_n?WMgodz-m5(q zVcy}$uq%N!mfuUY?Ww|O1IDAaFcmLK-}ldO#YyO%dChTi(w@>of66w4Vj^@851#vp zzsg+oajRp2M1@ut#FBP2- z$I=qWwlmwuuY6`NO=;VtMSB{)0rhq!zst-C`y126|gu6^|ckPQG{xvKX3owal(f+&8BZ|4*F<-5mAIjaP| z`w_9S!m>K0v&wGF2-5*whf3Et`+YBO=+#^%j+dkCDP(5a7xaAu!LtHZ&ruBP0)ZDQlt>Vh&cOy{k*dJ2I#fLSlr}6tv@8 zp2_DIOW4}34e?X(I78Npz{w>m->yZAO<=??HegvJ;i7{ z;GOwhM4T3;_Ss>G`obU-OQB9|dkG^W-CVix+fNTE!Q_gHO#1$`L&8sq8+*j3^}5Jm z=9BW!HA<@v>Cw~AZHmH8wGLcTHW|h`Hp)K@%1d+)>4*)>%`!J9$!)?Td5@oRDG9zt z#gP}}C~jRoZmrdT&N=f+_5S4TF@Nuk$dRSP5?m_Lz3YIV`Y1%*t#$C5d-YNSG9=nb>q!!WJ`X+`! z{uQKD>4sdtoqt4yDJ`AfY53b;HHhKw!~Dy*;q_0nyA+FOk5oK3LgS_CQWc`=2F=I+ zB)Ph4GYWmf>|$}eT9LJ&Xx<&=73j;q?yAcpq{T3hM8d+{llWFA&QO3xN#*hWq@qH% zdm`-!+19c*ZX@6&y?MZhRrF7_l_{|#HLcar7Ro16g?9)F(8SeV$JTL*&81Vf+E8xb z$=pI)`B{Y(&-**(o6@^p?oxO=}9s;MTJjB9HhbDf|Pq_en3q{MZoWC&h%&aXXWY z^v3L9OieQ(d9|F|JvWz;;NT3@VNqG#3(XO+wv9DcYT90R;JW^Vjyi8up!hsDBi29z z%Mn6-v2%V*=i>Q&UVOPFonKGKT(a!~YiD0exep;}XgM{6?d^i)+a9gA)AcooR=gj_ zjZPba@(A-L^}3~`N0TM;>7c76rJfTJpK6@8P%!@N^2g~B#UBk-M-%dz8z=s|pbuqc z_}H&)LM1S%uF~EAH<+OePxdWOo-9U1xh?m~jUSc9kUsM?e6^5ajx^cTl+o03K7 zlO0KE!Kv)i!C`0{{Rhp*7NaCxGifgCXAc*n@|;JTvdYTS!@1E0Uq`#K@X107_pA&4 zero~eS4v7Mtkb}txONh(p8deG5L#V?OKc^Jmd+~H;XB{qFgbh)R1g?N417z@0Lss8@JDBoLFDVDokfVR{1Hr zme{6_f%UgULw4RX0h{W%yB<464o|OT$yr;oyrp`>UH3pQ8NHGG$oJw7OZR1mal(qisD~7ZwA5#ra5~n@q{X^lHya*kg3I!c4 z@LZ780JhN9IXuz;?iFHN+88~|c9$oJAmXsKLXIfwi+&@1>a}H;$vc_-u`rZ4=*hs; zza&8#=UQKqnICzHocGky98;dxVzMK-@}y>|rnnB@iSmw>oYp21UyF1dtUSGqw-_j~FwovR`L#CDHl$BOuEpWX$ZaB4?j;(Wa_Qu_X%gAAo+qwv;p5h%W`uwi;U z2Rl^b8RvS2w7Jiy5hwJk>yyQ(4uclNce?~DSqw`DlL+KUn-K@Bs(e&uloe?^ftJY@ zlv?%u*LvJ}>vHK96k5zQw*yn`tUKcYKkj&hFio<9w)wXWY;{y_kJr9u6R7nW8(4gC z@LyKo*l!l``!NoF)$NtUU>oKRB>USTmUMmegimfu-pJm786$2FgJ{ECUcCkBI zV`WCL4MCscsypg7)j}Mu8$xrSy9=!?dC^`i%|Wcr+bttY>+m66qt5`?s~C_;Jv8o2 zLSZ(W9XE|kr4nbux-hp`cUptfdEEUY(?wj<0M$A1(D$6|NniNQ*ghFVqoR}ouq{kJ zM|qiZ5gC~j7+d6HvEeVx-#7#tLp?Gddy7io2v+E+wf>G_-8ZPYGXNN%5i&D9Z`zj% zhwot+Kr-Fi(1VyaTSyVdenBa$MdOgJvdXnhA^`X@igpWzfBM@3e%EmM*>5XLJA>CP zZz;P(#w4d?urITralT(|cGs~h~solNhw)W}d>H0fvfd233 zthn*NRVj0S8e`Sgj#MQP%pu1O**ZGVMf%vit&1E%#Gi7y{Xnc$)wm* zK0{{yMGe|daBM0?@xqG`^BmHf8%Ka1*4KMF45+9p)1|S+jSHY7Ro#o)Za4d=-yFh0 zCH7KGPh0dDhxN|BXLY%1PuWs-`i_jRc zv4J3zr0DbajLE-dd^$6HW~mKPp3Y zvp6eU>A~ChsHQb3n;zDJ)5^v7F>Sa_jkA7}6hKXxb)kq))jS}+Y*_;o^e)fW`v;qu zM)<_z;)~?XsRpO}(-xcGuZ;77h8mXW$M)|+hV@_+OHJ$^sSB)Wu{{xJ;w*7hn078} z#y2u|Q$~yV8}q2P%U2dBwl+pnWgPBl9wq9CN)2x+TN?#!vkskasz0h`Ezkev1uYBv zmD{+sMDC9}b=7kcowMcaI5GDmp5gQcwHp+UeXgIo@k6$pG}w;K8_%6|{1<#r{dTIK z3E<-a=A)W2zdN$IeYt(zo?LBPtJpc+7BDgvS86ytnKIM#OihenhCqe%>Q~M}>%WoM zXtl?sy|m^YP@FS^F9FdzGPkvTh6TPb!eR2-jc=>Lad<|nhI%)1nK_ATxjkU}Y}j*@ z8dO8?$cvC59@~U|BFLxli}oC6>MSZb+!`-=vbC02n#LoU|dk!~Mht>pkcQNbZD~r+SlHIBa(*;5R zy@PuXMARINByKzAByOXnvr#?;)M+o&UOG6@8pM73v(J&_G30K>WbLUE)T^32*xpVF z^C&3B92)%KjP?i0$$*M{vfGFCUw7j1>bTA=A$l?6z>yG;_Yrwtqw6Fh?R) ze%aYQ2s3WtWgV$vmBG*if7x-@2CJ+!tzkS=5i{s@PTiKXOVZpn9`Isb{gHg^X-K@Z7;?A-#$(K}AXC60$1N+%DY=RD=Zvf&_a&Y^AZbb#o zTc=xj;arcFeFlyIY-Z-Ft-h|uC;9UA-y;aWg0*n4%^~OUA?cplFBMojI98qR*94fw zo%Px@!Mf^FTabq<<*_r%)vqBs@=eW~@kol&EfSTnsn$N@SF}Ku&P_PyAFxj#6)M0$ zN5Co31QpvP#e%3{n2)ZUCjqf$##`H5R_>bJQn0vu_VjzMaqJHIsv5#_F)N7)NwLoM zFGb{nmF#M#Zd-Yq@k=vlg26ur8~r=ao@`^vjP z9b>%+!z^~Y*Jr;MqGYTi$<;sARZQ7VoR|niqlONNq(ml(n>jI|GZSnx8L4+LO68S( zgyJwUvvl?T`!zZUfvuf|PYB;RdNrib@w}GYiEw|WS z$~-_j@6V?Z-PijapnakIlV<<`CY+(&~-ZlwN?^R9qx00gnMqAZyS+2$mT$ zv8dJDTP7_jp)r0hBM}~A(3<>Nyv_#Qu^AsQht;D+TTarN)UJhl6{UmGZNz?eb21=L z$4}1QA4?#0vC}V4b&Bvjj$vxxynf{t8pe;`tZ7kk5CPr{RM_3={H`y_0|A^oi|x!g zX-H7sO@g9@*6@No-Q(7mPLJ|XgL%@t7+VRI7E)4Pk>RFu@WLH)qe*}w*|_x`^6=Ug zS-ejKE8LWhEnuMfaq!^0yH|YmY_NH%+6I&H?hj)1jWm3>ge?6r-^Ys5kK%BrHsw>b zYm&f~NV{uLhwF4d&XIsSL^$tJ5Ek_CfTcYxxo1;is0KX;)qUxUTUGn+!J5{&$(ss~ z3pLgkuQSvR3dVjK8cqG;01Xe7jP2psBL8gIeSrs=c6$hrl5j^?x2La-pucBe@OuZfEH1#^oT{SCdoOA@ zqghMVBG<>EBc4;fW$-@dB!h5+Z>PFZJh}v2Om}3uNY@cM?JyDgYXxGevU?X2&gYFcS7$*gch`M`v^S6Ma>RZjt?MZ!v zMq3qXJmf@mvjltrXU&U%Z-Q4vWoBx`bWiP$*_@cVx_HTZIT{XFR|KFH*xz#1xQu$V z;O?n0CxhkJKrk{fz)aXpH5@uQtidN~2Y0)xI24dR*Y}{fIOfq3{XF@^9mYNhag-H0 z6DijG^w~v%=WjdSCCUKM`h!LvqtfFg6^`U|DSlWN?u!61S!SK9e^&EFiK5nJnUy1I zwWp`S8}Q$>2Xnj2uJi7%7L*#BqL~|r{3~aI{lRn5KsCM&BPXXK2HxFz)54D*Za*%H zvjk@k>ejF_hQn_nW2yG=z>%yE8fBGbYvpa47x4j(?7vsK? zuO#IWq&yxlP#|ac-a`_y`ume5%Uj>#gDN;)-QLO{&;w&p9h0v&tXpcrSI(WYn-ksIOV{%`nWl<>cBt=_b zJsyI9SvzOpeyaU#{e)#G;Eq14R9&JvhtRIAOKp|Zg-R4~&Pj+b!!6W+#kV?Ej?u-z zsJ9ftVpn-1LW}Fm^y@ThsND9L07c`cg*kFJDDwNg>fH71zLt2tNmt9Z%fp{Gy#6`O z4@Bws8olmsC8iaUk*vBhho&3%Onvs>qVRQOC^e0{B7E{Rqb@L%qU7b&tR4WwJBv@V zuzF*CJ%a+U4bSheoHxXd?XJxu8_SV!bRLdK(}c!e8yhK?H)I;ME(6@m+X3b-w+7ko zPxo=n0h!x4zT6z`6_*xN0g4R%wOfW0$Jp7UWFR`D_2VC3(}YB|mF>m4sgE2{D^s;s z7=VvuiIj-h&tjaMDs$Y@1D48c)=M0FH&6X;h-9N$>4wnk(qc5cYcV|_q&nR~%|@M- zmXAbiyjHKy9I)%>=_fvd(PRB`^x#Z<{A97aK;h)J!vp8Qa2++q{W#iKZPd%uSWa5l zY<5)LwDw3seRkCRXO}~?B=5rEH?;;eBggF0)HjFlnt$hvW9~>_OPn`x`ijzdk->J} z@N!67-d-THh|4w&RxB1N^(?xt?J^hHFJkzarK%IMue$HfF2P-*m&=#g&b?@{=M6Ru5a44|jLY^RBZ5gTu7kKv?@6 zrhwYh2j$sqMjx-YKU^13PEf(qosDl6{+q+%E6PxlamSx_? z{mH*Rz~7MoO8HZjHN+TQ$=dET+oQni*+eJJ#OKMEjHgS{mXYz%1Bvsd(yK%;8#)_2K$*IEBT&^+vqKdh)xGZcz%wS6WC_fCeC z27GSTgiRYTIzcQDSq?{TA!DJvyCozw^~J{>a2xSJbZV}(PqPFbqCl4dM$)P~^wf;w zeZrrFIVhg<1@3xRdJ+%%z>wz@MvEwgW^9O( z(caU@z?n$sf~7Q2_rl<0CCm5ibZ2(@!fK?F;mTxF{DHfk`!Yi+XJAYe@R6cQH2!rs z)Thk3*SH+hf$-oA<=qUP2ladPv0IPsp}u8RK;uRTrmJ=F9V&P5xN{L%D?J1L-TesA z!e~^r8=ez;3UcaiOD#Lho}HXppPK*h3<&s8#Aq!ozmFqec}ok`d=WX(Oud@6o(dI;l-{&yCjSgSidonJPa3c!`Jvru3j4))vEdL1K;VFfC~+^d!))>qK&BIi zvDN_qmp#EsvTRz}y8MsZ_gXl7(C~-yOKBUfF1u9Zf8EJ$ws3>0sW6 zAo{*9vf+kXL>13fQ;W6uWCcA)XtTq*isOh>IG_OWo|IhLjhj7eXiyFpnD*YKS_R3O~ znr=%u(5Iqj6pYwjqnJWAq3lrdSITc!6xIO?SB5h8*QAqiE{QKk1v@TAG{P zfA5-P&T&pWjErk?*N`9gzK4UZWWGofTH1*IGFsU!5wb611=89{{I|>dv8_DZrW7Ug zJpDehjV}b~Wwm@xDtUHRCyS}E!d&BzwH`!l%iYxv^B19dF;7wou6umt<+k6?#6lA5 z7@~lkz3!Lpc)V9AEe;7=5CdlM)gL#naG$QzyNKCRTN|KJ(nCqOoeo`o$NX^_wvuTz z+jn1E+bAj!v;+CYjL@E7!n{zUz?YR4CKUE=H}P5gk#hq*9bDJdAD+l->-=|fK~)#|CjS6 zxr@eUfw2KfYL>UO+^F+(c)%&QbG>^7>}jB0;UVku^;>W9XQ;hYIHKUCqw$TBeg$Jb z&?wXlOt!*XnZNqNW3_uXzhsiNLM*jh)cQ;3hA?X8m~WoPUqG{yu(Zs-CWGjnokdS+*u z5Au4Cq4n>~ zzpc3hKZ;Wf&t^a11hoI{^(Xo=+2;z8V2gF8AgotSqU;!vK7CA2v)OEpMpASnO;k}{ z2B{4nJt-N(3UN=F9N6Z%@%uOS9tl9SX1zi)ynH|u2tf@XY@qgS85s!aAE)%$KUcMT z2h?jy|CxJdZ2c7 z8~O>hc+GbJr4jJEiKLm3?QW&_qGE<0a7XfIQvgJTYTM*@s|0Ix){%FXm7V#QVvzn; zU5^0*qIs`1nmHPrCq8EVvDb??E=H3p6eO%=H=s7$pcrc&;WHfg=@7OfXR8oNfi;)TB#d33_wS8WKItuF=kL z{${5%j4lU|cZY-ArQCE|$%)nM3$Q39_yo~+#w~?_UX-!W5CpkDFh4-7*9J_;BeI7C z_VA+9>@vrWLYs6fGQJyxUt(3|V06MDY_}T##ugv}J|3SR&9y{;tOQ{{1n6k?cL~z` z#-bNhZbmh&))=_8TustpX_LV51ts=RD{;X&i06i^8 z;y|*w2~-x0)Zg=Rrj=660?ZnxrG|Z<9+%tGykMi{ch9~f2-(13x?9r>x76(Y z!4XgjOx7K?!}b<}vz*~4z7Os%D$eQ!1Vdc1rn9-(L)hf6Vv;?n*)Z!XQhRTpcjt&+ zYw?YY_x~9DoW5-HmF)IgKNTqL{y*Ozt`F?txG=v-w$Aqfg?(*#`(YHP*qU<-tuH%V zv=_l8eB|yiNlkSOsC}?m6&nTd;te>hKxKcENf!V@t1+Fy<5lSBc=03}xzwjBV|45I z!AN@wzl2hG^=4v&uMWEn+k47agp!LyA|`jSHt8&k)FHs000hwTpW8XkB0sKIP!NP- z;a1wRHx956aFe1ys(>Mn@1{x!oE4@o!Yg^hsGP0ig{&MdAr8<@uP)6DASs%g+#=7` zoIsxT#B5jIecrn29$Rmsf;oYw_PdV<`aXdq;Ghx&tPcz3{t1bV!Mtp!W)BX)BNF5ZrG0cYq-zk`r>mo_tpz3^}NkNimFxwz| z<>vHRYJl!(wg@DHXRmo{=O%yS$trw%M8L(3j=3qS;{y1fHF8-!kUn^zuf<}0VKD!E z8w^7nn~cg>z8eq%4;E5_i4Ri(AFHC-ua?N6QQv=4KB={+N+0PRw%zY%eN5njf|y?d zkMOq;OG%fAzqbCaS7V4+P&Bil;csj3ySfyEa$kQ&6vUGPeE3l1yu8y<0Y+vztL>|C zhSF0bMW04_LeM%p#^O=T>xokJH6hLaS1R)=|0BLoA)M%&WCcPC8Kil~l`f~NN-_Z0 zl?`u}#xg@jsA9^Ck#MX{_^V_X>e%=s<$tDkbws;<2}SQ3pZmepG!V*8o71U9zSqs3 z>PkSzlnN0cGFi zwbWTka%#^sujlGW>8peHJcTh&jpr&CBWZn7V*3XkseM{^MZlNv2{)yGpoJ{{(+DfR zh)z!Za#p(vQk5-fQOkbNYyfShVxcEI%-+vi%r8*QUBXlY9_b+IyxhGBoH=oda5lQVie0Y( z!+XP&+5(Baw3jF##>?`-x6n5+kO9&VwqRTBN(z!0V-)7tk3V}_C!#TZJ}gM7{`2?- z1T1I)wd0EX&p7LxV~rn}$&t?0>>G<19o83?CTfa`hs?gr?Qqba!{_}@T3Z3b77W&v z)WfVIM5gF<8XIx{I{2Q?_f{5rCf?S7?izp1^1Dh_@BB#NOTGr_|0Fti>j(MlY+j&# zjVCRie-kkfR>E7qnBtts)@WuPKW5`I5|oQ6H=f@-es=Ds7_(D6L+Lf(`urD2(iPwO zXU>hOH{757EB}TEbMtR{&`=D>pmB^fLHPERAc^GZ{C~wtv2Y*$%bLcSKENydKQE}T z1GNJ5(_mpuFxFW@B+rJ>_=_KZ)hi)o2}lL4OaJ@F%TH9<69(_aL~5zg$j!W8wz$G^ z$Gd$2^N5N>F_{YGrpt!#*w9`H&R;=6+lFLX`7zNDiE~{aY=iO)II@?@DE;x!w5EAP zbn=^LI_1Q_uTwG0QCLvvyzMe<_^@M7KKz98(ZcR_9UO3k>`>C+Md2?5ih`>i)D2UU<1q4S9G1dszru zDky}QUO9CZD{Cq5))rMVRkY(+?9Ag-tO8M@2#*s~CK)sxE#xv9eM(;=M&B#KnrC## zE^-%ZSlSU14|pOVYlNy;aKO{$V=^IM38LvZ2dw0c_+le4vD13B9&MAFsGDmxp=h!X6QMC5U%f`V(;WP)9t%a8Z~ck4o~BRb zdj!X&WKR~H8A}eEQ=Jf;d(S=GFZt~oa?38Xm(vlF_T~$>uAKm+Llgd?$k!@nmJ-(g zN{A;Y8*53ey0$+5ULKF0MILty@f!KMN%3u9CLWGZ0|a(gmA_hpVX@gqjRmG#)!nOq z|SwT4DB@{7pD0dH_~A6I{d5R2XQnVAA_bEXh+}AHpJzKZYFNY^wki8#f&)eg3m1%%M~OGhSo~t zdw)W;Ln1-88R5w&!WXj34{b3CjJM1xq&OO%e`;sxMWb`x~kstP@eua}hj?fu`>fDA!bu`n5SOIR4 zAt8(6ftOeEe%L8;)WEvD}{hQ)3*b!r#At1B5byy=C| zE_;JcniSLCFC?LpyDT1y#{?&!hmJfDBR!9W8o-M~D7=eXTGcLk#7>W3G{JEo`i7mn zDhj$nb}Br=D5Qa`PqxtQOKNFXsAd;ASs6A!(9~M29&>`!g zqt8q>xrtEs#w~VU&_N|*V^baO*Mg;NwSO2K2*84kl9vg7C8kkhyoSyMlR$gjAnTOc zA57o^GhhFAEIvZ?v#TPsRQfjI+Pvgvq_ey&4@Au_^G1wr1nB4#zO~xLJ#N~e`k)5hdtm4&C#5E)Cj{XBKaeEVZOFe{uASOjQoFpd6-M3EmGSh4vBz^ zKy>!vJc`H8)R+*3(Kz~J|9!6f0aPUo?%8lp4@>f zv^P^L_@af1T-fKodx=>bK66C=guuf9>o550gty*gx5x$`AmV>CxHk#^>6Ob57EjIg z{0WbScywxW{MY2)|<{3qG-mKnTd&bBy8yks(uxetLRJLqlU6t|3xe{RP60{EWMkL%71C)clqIZ<_UYzD_Tlv~Ew{Bn73d{?Ee9 zJECjbHpfY&ehNF-cRAiy>L6%nKgc z8~ES7xL#@?pdH=d9v)pfs=c0D9m&TOkvrhphuY|Q{q3>7MLf-CcqankCKq;Ga%5c; z<7{Dqtmj2tLh)dk2QKu24l?*%LvJa#*n`*p2-Ee`AD>!?voy!me5%8%*J_WoV(9S2 zO?OK@>$kgWAR7H6h@qYuD!WCBPblP2yv(XWf2S%Jr&w`>h0CSxBt2-y!7v1};`7{xiIhLJ4ym{x_FHNr*kO z!FT=PLO~4Gt4ccgP(cD&+~n7iP>FZji5#Wne>$_OsGlyetD~{~KDL(v){i6fTqGKa z9kmmkyjTMASQ7kMK1LUyHsUTEtpLI*EXHJBQzQ?`kr$r$aoMPfWX7y?ex}#ou~T*( z78%XVT&wajF)mFapll#W_Txgt{c%&)waJOup84CestA`&xpyU+A8AM{*z(4O4aJte zEhL_Ey<{c`YkFK@AwAxZ_g~C1WVq|vWzkys-p$;&Pg0!b_IO~)GgTJR%18Y<{CImV z;*-qExRlUw;xtoGGMb> z%ZASG8zICPnB%jWT^*^Mhj$X`gZIzF9l7=>$2L8>e~qCAhaH0(xL)gE3~kC$cmdIm z!p`KkLOViPcqODB3H8wGEe?im`(iH`QMovbTDV9`T#G%`D_gIIEZi)+afDy(`zFm7 zRt~u$Zlm@NZ|4VV1IhRv)_K)a)CpOZAR5;VcRU&=lfP7`RawpaV1BPQ-~IUHWI|d{ z_0Ss05-`Pii7j(6Sa**wW7kzu%n!%$aTJZmwMOdLPZ;TRd_3~IzTt|}WIE;m*GP8` zI%n;)aJ#SVTE8H8HS^L%Z~5ET51nu)C#OdxlL-r{x4Qbq1OI%I(J=Y@0wEEl7qbI) zmXnf}&9*OF_xP$1$&oZI7OtGebJE1z)rmE}3^fQUe@9DI<;kGs&%MQtv(yv<|BqB+ zTwax1B#Wa*Wep+VnS=4iZN$~>iwzR%cAH{F$ES<6xrA-a=P|N>t1{zmNUR``VL93V zRhU+r7Qn?@_{d$0_jjswTrDwufp!>w_0no~t8?Ha-P+Bx*?r*O-KJ9t|bTet=H8^p9^zHs~c z$)oK#tn16oM$w^NtrF`pHW!ier_cALCHh$L@#=C(G|hGI{k^hH#k9wo797d8bH$LJ zj72y@XXJh7N7LS+I(X(onJX^>11ar+aK-+F%Q8U(<=iGi#Bh474{V|^mq;jzak5W! zrm?D8z6Skw*;fJCG-%|7!>qULlNPF&Qh9ZOcrb(fC_%CfgN+6*)rxTUwF$H=_sdY{ z3`M1ElVnkX;$%sMz4d2Z(5dR7ncmKfLv?a_T=~XH+G+-Bo*M-F-EqB*-3t32QlsMi z3Z*8LC1oqJSOn^NN(_AEP#Q2BF!=V~3_0XHD67Euw5dDpH1Ji$J+exp-}4;pI?gFN)IU44fn7 zm$ws-=y2gEZ^@}-nj;o>%xU3X&zOE<|HhHyc`Hk_+NN<69UZTSo#j`He852BNGA%r ziG&u5u!ubOq9_$X({ZDW%v1;`_0pM1mqloU#nir!0dkU|c2~N^+YpOoGs1Gp!HC8A znnURn!o`#&5a(WQz#`AmFu!Zfyu+gtN&XyskbuxJo9Xb6T2hAPSVn5=k87{>9uJv$ z)OiV6tcZtrxO%q4Co@6};S!oJ2sTRYVePA88U;=^6ZN)Qb0!ny49szr+)Ae>Gy@XU zU-E*?#xP3>xs4hY_*$2fUK5n053QV^9=e1|oKwQ?RKRgjXu%yYA=iM#1St|HLEF&C zvk@4Lv_#<$VKK&vucI=@jU3tF=R9q&C>EV#3iqT6i_Er0^J&5D&viElZozCj!t3b6 z8p8~btW-NwulHUr+*)&0Ki7Vk(YkUUdsp14wVeDuoyG8avVm)Z{=xEZfXi45WwuEZ zH<1%Zd)q|CnzH#mEpd8Y5G3OAZ5tMC(`v~+tv&kEj=AU0)MRPU8J?r)Q)V0Ko}Hhx zRa7Yjbvc&W(j2?5FHphm1d@?t;F92W{jlAC$0R=8!DlpbstlEKY%-E9YFNWJKXQmf zn4=PIi|nR{_%{ct`PuW8%b|yHB5iA4NH|qQTnXC;_T>*5Us^&TTt!kNs$Ee|wa%x@ zzh#{drz56a-3S&-uHqWI9FGU0hCq934UIS4>198=*!;WBgyP`pYs~1TS!`OPG4$Lu zEnR6~`RrQ$sW*Y%+Q-g-ur#eRL=Xe)UtROx)BV(d1q5PUih;qGFSAVoqns#m2Y- zk1keb~6~V|@$FJfuJsj9w$Ru;Qt?iknB;?v;Xv;HHc?q+_6Oil1fBNW|6@NVkA})&)({?P{#P{e9Iu8{dXC$6(Us92{cvXFY@-Fimn2k6<>zbfimnLUHS6U*-I-VEtg z2lY@cSs{srg*jh<_&+sFQ_=o+7T|Nv6nT>%%SdzBf}Jott^(7kT)w@8}+&iqb+0JVc-?dUpK|r$W4g+rs*v@ zFhRJQSX1%UU1O*j!MerLQF)fhA*XN;dDp6*fBB~6yf0<(NYl*R?GvPt-W|F z4JRm%an;|IWUNDS$c@6taj4tZ#C0Q0Z1(ngsmn3AQ5028EEet`6SP-SDA2owqy_%! z3))NIF698~cz`H`hN{i-RjYnm46<&hND!Gx(>XVRG(7zaf7WAusJO)(&<4L;)A%nE zl7D*^(3Pl_c;b$nnf^@bq1^sCvmBUR%~{!5Gg%9Sx&Gc{ zT5#Q<0Q8EGcc};37eRVL*T{8du=`6o1!J=P=~#(@M^)L)27YR`y|@4j{zr9}EG$m1 z$Ohn}C$v{yC{V|!DVN@h-xnK85`v`wc9vHPO$WXZe#VI79{IIp_E$WZ1iAp<__ofs zA$6^ZGPtDL{WpA>iK_ayCAa5sKjaTA<4Z(F9lq;%X#pGhb8;-V3>x#Zf!^l`;z)I0 zAg2AJOhSR0Ee!j8I?&$c0;Uw#q+z=TP0Y|yiy4fwSZJJi9<_+v2gO)AJjaqw2I^5g_KG#cQm@PcCi+t73?Bd2_U9zz z=aJBbg}vL(h*@z7!f!5L)-~VzS|O+Wjv@H4?dISW5%V$k=|0I(jZYXF7OW0HS8U+}%mvDZC3yp&wG$VGMqYeU_qhPBn#$=y| zsd60ZIH;FOY2n^{F5Y)dG|*ahUjgzpB?Xu{ip7<2A z9vwxlAGW+Nc6{jFDIHyw2KAMgwmVZs`%a4os zSk-MpUg)*vf%(h}JCnT>IX7#bRYT%hlF;!IrO;b#a#)J?Mo8isD0spI2Hz<< z7>`C|!lCU8Z^sd-J&){QJ>V5Q*~=YXF(*F&1|@Nxn0eREObCsu7PBQ_|HYpQ%qGQc z0rp5hwKWg?t`~07_Ro*rrkyv<&&YQW zzD)eWn%u_`azgBR6{LZtgHVGQE}$Udi8a&HwhJE*i{b2uu|`z)`UKGzf^^vmRrKrU z=}U5kH(sPfLM4pX+~rw4mEr_|5!sxuiq=9;KDNu*K!eU;o z^k)uZ#)$y|(jun+Fra|&lpa9oAnW)`g!__e+F4c6P0-VRWE3M$zUQHI#s9L9?BT@7 zg=NWo#Rz*#;7+`|EKhkd@?a+`kJH?TpCI{b-kzo^QQxtVC~4&s6z~LjY`JU)IRm&? z6Fm$u1JaKBIRj2ZX@XT0n0}Gv3I|0+rcA>;JjaQu932cC3>>GX^>=Tt&vL4@nmtOm z%w+8w^IeWSTMm>ncMe*rTXFESD6FvYhiwps38tbm8~n=%^-y$s*Lr>xJ+%DPZWU4_ zZM}P!{xXtbdAOc=_n%6Bos43<-nVnal^DNyCdttp!jwgvC01>L-z8&zZ5$xwhd8mk z8bTRU$Ss2{7YVUdq*k6(`@*^K>XIY(oEY*qS#v=uUez53vU+Aay<2D-`z={5R!gO1 zi;*p3L0m6__e`hkKQZCgGQ1n`Dk(KXLq!aLqwwBb<@2b9Z$iC5y+F|f%PkXjW{r2m zlH{JAB3^|!EMI@Z4*o;sgNNQ1@s6;o67MpB*$30rjGVR%`$2Z0_>?9rnfx|iYSS46adHBY<1SD#2fF(2G%B4T#oaTt+^|XU`GaH?RDi zNITydcLj+%E|IoG=fClkl_Yx?R?3;rjp!L9sbcTe?BOAo)h8If9KN9NlE z*5_361RPh&IDB-evQ#wUSGQlE1sgK&S~6H84_l`|1n4PtR9pooqFybBX z@YkA9e;qs%hUA$#)#3-md1mFN8D0LkYMn1#juOn~a|&du%e|EMviOm|68vcBf57qx zj^t7zX2g_llKGI{ODGbAbdR)fB%Gg!D7teN_gpfOw&~G8;Vw}YdhSBYsa;Xbt6K1; zFsGP|jHq84rS!TOjw?KxAzr)9L=15j-ZHq` zyN9?sH9sOy*jA7M9#h<)NHTuuEB}icCE%wch#w2uX4o6BPz_$=FhH%K=iKVL+l<4Zg(2a%WGP8g(ie6 z!ZC7}-#j!dy52ZNLZ0)b%%CxJ4P=h!_{OdHMYIjTf@nANdJh1$(8Xh3B*4A_1l08e_C&SY8(S zbs_l&f<3=(mFH!Q|L`MD!B@0+ydstQ!AsCwU{ZqA2mfAG@<;w)8(#ufwyP9_74mRi zXbf9s|8$G5PF)*KFNXtT!U#Pzfcl~BIQ(=_6sQo#TK=1Q% z$?w+)jA04-`R#i+f)}##-4Aki%&_5<7cmIb!jBJcD|$P!O-(TisqCM{GL~V*B#)w- z$W44n=y0YxiVQR(n!blGZ4BItz9x)WqFBlm7x)UJAk}{O>)h}-(W2hBqF}p0ulj#D z`^vDWzAxONM4Cam85)L`ZW*MTp*y8Zx&{y!+Ce3xl^nWDU<8o{QR!4lY3b$;zyEW; z-VgVA<^$|=&OUqXSnFNyUVEK;`3M+XhR6bmd^i8fiUBV|``SK2dk;1OaVSMDKPU|_ zbH>WSlNI8{`%OQ@NBDefI&krSxDejfO|l#{|% z#)+lN3aobSJ9==?^!ohJ*WL4=xWO64ys8Ndrqm$sN%dWSfgM1O(5Q3XdjVFzegzl4 zk)tfS&47POTk5={Jv5>mMh9(^C| z&J{|b!D%2p=--aKLws(xOfe0LB>1eoVjBf|7ys$gC&^i=e1UGm7DuT~?^Jz1ENTcRY|jUe159c*hEAg|`EP04Iqt{p7F2BH+m3}ID+*vcun@KF^Zq#T zT0Z;8fmeP(1dW2|tm#V5Do+a#`$-6xaNr%8x!Fge|(2Gk}V(l6zFh0fwvf&^v50|agRdBADrYM=GEV|E#dopRJ5)^>Rw;L} z&UM_)Mg!|@4@~j`qbk?tJ8**JYN{AE$pl#}YU_W|xMWw~R~~_*W1k(wt{D>3+5?>? zb2W7AtgSVCS<~MT0{`NMMQa^2Q(jaeBht+)zH_dtUdy;M*0_v1ch-YI{&k`48eAcG z5~h6urZ^+ti8}?7U~)(^-C>r5d5K3C0^f8z2AlPPadSPm{JI5BlS3Gnu1~x;PkOv_ zEto;~Uyr1g;Nd>`IJ=x6XXN%kMXEm!C6s{!G+>K}60ILxT{85Cq$>LfE4Z6g8guF2 z$vx7ZKpeG7ZZfq}N|b_!tsU9f3gv(rZhlWQ+Ad;q@iz?3WgdU2cvwzEG9&v8&evPWDQ{w}zrWxTd%? z>TFTP$M>7Cv#g#Kx!JnEEM^JEUnJ?o(_=_v2GnwFvfJ=S7MYR`-{a?2AhR`d*4=F& z>yJiV3B-_fNoG>7)RRasV&E3>m#?BOrB4l}Bqhm*d~)$od@$`24ihY|0blW3^27x! zrli3>kiLB2cS$|NQ;x)je}P{&iE1*H5V`uK2oY}myG@Mi_MKqZ(5|^VFM)}2Z7!BafuD561a(d=$%=6DHO_v z3z0a;5CSo4d+=Z()?o!)=FfEL;**=~)IQ%=QSANU!hvLx38aX;`p0v$CdhXm4Nv12 z)i)%xm4D+G8f@rJ>1Bx?K2NNQqQd+LacHGa+yuA|Ig>p4`s#y$^7#I(3h%(ufGsi2Kbkl_2X@z=|B{ zzesVU6s-h#&No?-pvm~Zyo|sKoKGoQG>^piX8YUU4Ep3+tl<|nP8K5NZ81Qtw$mt? zRkBgqS%J(3sI#H}V{bAsYj2NL2H>1jt3H$o0)cHsnKa#yuChTbGo>rg?G{D1n~nn6 z@f>=epv89Y#H0#zV)?nP>n)RehxXJm$NYPG(5%FjR3e46H+2d zCCObrszB}(5x-@LBov@jWfEU}a$TbzYDhxX7)`msBFIbF{^Ao-Af$gZJ<2E9#k(nh zKV4DyU_{q@3s=qyz+Lud8Y7B<=VC7c#i#(+mD|baA(hZ(N6#JSk1Eg}+!n0;;z8OA zl2uON9QT|L=sPz(mY92R-y_QA4sS}*5$PF{AkopwT?ahi990l)Qld2;{RgDIJ`;Kl z`G0sup#YSu0Lz&`F@S&hKwFz;sfh{@*G;oHO}uGTCF~B>rn|^M%>lY6L(ETJ+5S0q zVV3F~Y-dTRF(5W<21ww;$7FmSAA0Yz&9{*v_M*gL?`Lr*{voBFw(3i!8q5uLU~+-> zen)C51#7r}xJZK(>$O~0V_PJQ8RSrW`NIktNF4kHYH)0s=O+RAQq`$K0>+xbj*8G8 zoDhsad%X%#Sf!Ag&4KDv671q7`z5(4cAjq`awG~XYId=43l29o8Bwb<>mm6`qD+O{ zmi})&tE*3wD*%U{Ag-e-X1&dY4E@D2NUFpS&04O;9VDLXV}-qp z%>h?+)Rk))D1E)1?xr}Lh^*0{;)Pj8{VQt2J*tlEr*eCrL2HHylYPc>L?$`-wntPXavTQm;iqagdCS)muTt46>m zvpez3G_pf1rkmC-r5xtjZZUunMFUZ>)uuQh|BgUBsh^ z$w92l(p|0koq7BmeRr8dKaL44saGy*`9*(lo1UV*393eJCI9D;v(L*+qVE-oDt}z9^j&)%7V;^`YX8|Sf<9xR!@s1J7Hxq3NJn#K5MvOx~+y2)6 z4F8mPqOLaoS6dg^ZY9+j16_-B+}=i(zhV@(LhGQ=#H%C72s?-7r;i&<1 z?91B=NkI|`uD<=!SN<9R;G6}dBff#s_EyD22gj_!RTk<2>-uAEGpv@JBsB6p4JH2T zVD>1ec$sz9dl#x80<9)^`Zc2N!wud`06H%*Kr1TJIVcry9vcvsFc^`*10TddDWM{t zMKTCQex_T~&v`oVwtWq@iR{4B6(5X8-oYh*Gf~g0LU-)j84bW6)-`wtZPaH#;LB;uEt$#QXRrEdH?;`Y9S{ zI37VM=Jg5<7?iW6TdbZ2zafxdcTdG3Hkx|(-&#gK6Khuc-UNv2u*PJ1SCkfvg8n+V z$7~d=G`Rm3xI;eBji;%qdq;GroNgcTD!@xXxn>4NzW4N zzUaq%vVLS5i2|$hsaH~`y%*4@(gcq7Rk3WTAWyK(5(igjqlpY^zk*$}53MzWrD>Uq z|4L#9DT*97@5Gf9P#dau<)fT@8sy(7oVf|%gdyQF+#qQuW{vq*ixI8wetnB0Z{?Dn z`{lbjb$C9Fl1|XqfI36gx!j8ZHh5zF3qSv}Dio}l_%;MK0Ts>aM|7pTdub(U)Y$Y< zTK`1F^bhn##Y+W$(pWy1wD)_L;dnRNZfjZkWyrN}=fDO-WCb%2yI+in&gk}u^wysv z>O-}-+hoj$q8D6$gWNC9hX|ED$)+{Zp{hz}X{^3osobzMTf~Qzq`?K2-$J~vidLNK zj`;|-UNs46XXrw4v~lDJlshp5;zFT&crI|OFUu=#f+HK{|3M!pt7T*vks?(g7*Acr zMlD3A*D89gKG&nK{uiis@k1GATE%v7J(jYA2slq&rcyQkY;C4)IlqAyvGEK#10PfX zTWZlk^Eg0nV6n&$HSYMbkx1BpaxtejzgTk4i|ul#ZQfuAU6;`W+cpGB09g;T(UWSZ zEWvAk2C2dKm3?)Yu%tU*@8T=@t(AUYAYCbRI~`1xf7utsVuH;72)nMgop9BFk4EB_ zrx4xdS0M|^y5g#K5FV2Wkm7HJ>1oUmgmgo&ET9PU(HVNl&ce*Z$c$n|3@5h`4i6MU0XZkTa=# zn`{-37~R89hH&%c)bj))0%qxl>(76dAkAoeW290IaE20bbRo;VVXd@rAGVYoa1Oni z2fKs#d*dSI!AgOwLXpiAhW_e*?k~S>k^qn$Mv(m82*HTYn0T&sm+NHzgvE9*bKp0G z?ukV5met4+<@KOdkJW*1%P&V~s`HRe+g_PuzzULNQUuMc_qmx375M0qr#aa0^G##` zPClM|;+tsACFSCjIQYU#y(uW@=&?70pgt70to%;6bUmdnu07KZUjjvgQbFZ>{w@v- z9dE%5z@zNCt}Dz7nhV9AGmf)e#$)09EwO7~B7TC*i+J~txd@Ipm z4hf0>rNOCDzP(F|Cr^Ie^T`t8gxvO%q^y31cPWT#&omAQL~h^yr;2#A+n*?6!3Sg6 z7|H0XeDI2t*L5|srOcrsr$R~1J~)T%X83QiO8$`Bz$i;-f$k=r);4}%s%3X@!bv0E z{32arL-SYiPsSe_aQk;P!LTAp%9I<~!?(zqCy0+xEyxg^^(=<^6P|Nyx91&Ot!TPu ziNYYD3~&#fswMj=i)lbAjg$Qxpi{ZMUDqS-#22mry$6@9P?~stPJ60MhDOl|+>6ro zQFJker#*;UQP>l~mHw8jDNn=KZnpSyDt0q|{)ZGYq_emNgZTC2@&c9HhlX2vR=tj$VHTv10dBgQapk)`OkiUjJ)kS*uTORXPQZ;NH0VpL1Do z_|RR+RABCKBK+ycHs4t)i5loYsrzz;skWnEZc41n+Lln@6{xOw)n23WKtlV<(1cX= z;`0qDU8!u#hb#YFBE`DWy984UAmSiu?M$kLiqpE$_#cMxwCBm${lnTIhMMwk?F$X%zfy=OiszKK~@IkE4UY?)enxu#*(06G? z^Xr7cc+gQioDk=1FfLhbeHjX|qC_w$JE)tiP#k!1fkc(p#eg&{AawRG3Y#}=QUeKt z%s?7G&>P4)7En@1vA`eVpzy-23NFJB%6Wbk2t<5FY*er{oC|0L0RM7;VxmTrCf^_e z3gB)By1+|ANNK|0OW@^m$oSaB2dQ@%2vPIF3B|E%r?s8GaPtnMTHM1RU(fngP76I7l_l8cS@-q4()aMk%jC;>H& z48^<@kA^VE2PSWs!>59xCxP6XD}mm{%XBD3lm;5YDlp4&Z9LXA4S%e=N^TPgoO=$f z#Uw@0qRNU^bYPdLY!n8lArCo@YlLO+Eaw_CZz-fS%3~`3uW2%iB zfH^9}do%twE8HC%lrapau0Je*gfZHfW@(RIA~BBtZ!Ca)(!YGC&S~y30EI+zBg1NoBfNO+)-Dt|}(^LQH-H1}hJPIG();!sXJ7)g|-*crQka~tL)!x!hOuIv!bc#etY0n8BXCi{t4x&qom8nF&KT$soF1$ zEujo?EqAr0xk~uwY$C2{%1aErRfVJud>;?P)TBh*1McyZF8(JP#KHdY1^%kUXy%^d z=z)9W>h06il&h?M-))Z!oa}}n&B7Y^Q{AZ&8b))ba=cNZ1-~dcP&kWUl^auypuKK^Y%x#9Se)3G z`^}QlyK~uROXkIIokvN2&`7Qaa@a)TVi1-y0Tj?a3p; z$!9Zpvr%QzkvN_Ae$uBhW4FnRYJ0ji?_@T*IX3y;PGzLT6-O$ zF4IVsuJirTmd=c)Uj;1N(!G|M`d$G=Ogg-A@jU83FO%Ud7_7Kr_bT_OVbtvh+xIZPTb79}*qgX6X`fEswf04;EfQY691WUB$r z#m%YSVsL6OhsEia$(?udFmWc@;WnoG)f;JIo+7|_PJ5P0ZM{lh&znHia=>!HHgA86 zeCVF@k=xYjhfd;OFar%XOq;*G?_>h@uETDQblA_j4r_JVcZ*nOT~=zc3moX(j3~UF z4np7TdrcK_8_PvJmA!g<;&AzE?cXB0x+;r&nS!utsY`Zp)Jk{GSC6u;;hSvb7(hXf z9RARg)XtaU+T8&HuIp6cWuh*61sKjL6?xLyXMgPGpm~!=TE-pR84!|b9?f; z?IGPhgyHAnEq_-Kkt9-;uiWh;vc^Bo5Q1u-GhXMmg@5<+rgvUrr^8=OL)D|vVK5$D z+^*5rmKv;lQba)=bNWApOyA+aI(StoFI_dVr!4rU6BUT+``q)7W;ET1Q*ntB?s=h*o=&X11Cvs}<xu$v^ zE}MOQcSlK-GwqlelVslFDSr!%xC#TE(oOx!(zt(i&ahDbVp(`O$eYVPUS})gjrHan zBJ)QT^m#rpx8&;2<&$|20@tZ==k2z3!U#`^#!~R=5mx@{XBMirx?!387DK}uZsnG( z9JeHUY9j$DE_2;@DPq+FND4Rf;_}2}_n&VIzF9+Ya+{bBQku8g6+CGz(`yV#zOVx^ zb)7t^UA)EN&8XgtmL@Ta92L8j_B|2}JzA_T@SX{-JzmYE`i@jG06Ztj>#aN|X6Z2^ zs)^X9cAcqiziZ1oKlu7BFmkQ+psYS*W8Ur>fR>g9#wguf67dmI`!M|j(9?f8jazyP zD^q#c7;{9#MHN~=SfTIPe}iwYIS|b`+*^q^%#XXTX23y#h>60jYvSdMx5QDb;le@T zptNj5B`8hJspri|KO|azzS(>1v0H|eH%Q;AKM{^37~xsv)i?Q#yp#uXZH(y3 zXh8Du&=@oBXy-X`4!MJMj+(Xhl-=QRU;BM};NZxUnxGS|GYOu~VI~xjK%VMBS5o&H zv6MaMo&VR!%cDK(pu01jzk#|Wc0MWvpM;|eAbZMyn>QC9V3|`Zzkk6Sur=dV zDtz+;Z!u(;ckz0%y~@-QmA7?6Vp*0Ou_VVHmlil*OP9_`Ud6p$Ho@`z9Q8Y+PtRHh zv+!JQ=~FGzU~50S>~EuA*e?x zj^+vW`%2eNP3L3XDf4Fq2^pc!@}zsub_ab{VjEgn9ghu9CBT9X<~9U{MMx`}nLW%x zA}5R`O=w{9hD36c=yPajtlLka+=Vi=aocR;3zUQvu=HEr^NR^~FOl;!W%t$vO8U#zJN7HL#ZQb~y@$uf2RHieE8FkfXpUp@CQ{LK zx^^?Wo5AObZ5|tU%7q+@km^MCT>D`c@@L*EA1p%uojPS2an^XwpBgkZ(vEaxy;$L~ zu?xQT=8?z2*`fB{bPN0UmFvCNGThu+-aq_ML3y&q&F|s=U=d0Yk42f5`F2_4@Y@w| zjA6tWEn#Tw`bVkAO)|jdT|G6F&-PvC{qNRGd%Gb`9jcW`YLAvtcc~7v0-9`c#G)Lv z8va@DM|Oo-I&$*w7=Tt2n;{zZfy+*CJv+T8tfhe7$&wiAj zChPuk+^p4qBs1f{IFqWOVvV~QZ)Hk$+}p-O$2cA!`xW*n)BKf_)vn;5$d9_W(heAn-j zo5ExaXdIYRsJ0;ZB~db2tQ;P&SeAstxOj?_w8^)1aL)M5D&-3!ix9i*-uBU^gMfBb zm)U1w_F(1VK_JzBF9%V2nGHswGS7g-<$GDv8)r2y#MrzjcUt++K>@xJ7uO@V`G0OR zY=MsakFQ-h;Kh#`K@nFgh@DnkxjUlkV%^o9>B@dj756a}f!i;fwaF&6fV+#oL4bhy z+8e~r)HOp(3ye`RymV=4?Gm;gCnEmH3)PSlmjSFyqV<@q2%EVN?<{VA3hhw5<05)* z;{L6-ePak>m@fGP+^M@zlR@I$*pgCVDqVo?)>)qde)pb%44T$C=lcc@X4TOfnlrDi zOUkj~DQ)+Q;AN&HZm@|lcuFI={Rf}9L1zv7F>8%Q%ljPdu!MIbMt*~H(jt-5WN}^R zbgg-JJR}i5ig*RR)baTFQ{=5~(p=8tq44 z=IVp0koG-xE7NVY;_D9CqVkkIrI@D3$h}|}8DyUUv(@?8-n1o%0$_gPj%VVn zI$$%F$euaQzNRv2W2Fm__MB?4@Mu0*#sn7Gc(5ovxe%kQ;b?tK-qB=| zPs_iR@?M5vwcq?=b(t&``tfyqW3uu|38`qyVyUR?wSV1eI%oIVh`0*YxAWSibeFp7tMpaPjU&*?(3WC$aMXG2WdevA#eQ9o#+tsI}v>_hUexRX*)1 zW!rmWO@%eM_j=;)p&jgd*Kh)`Z^$>1mE)mGu~(n2^%gRA!qATY)dgwYnxWr+5J@gj zMx6d0#3Uo0i-y5IqwJBUJ(1_Et-oRyXXX#3#|w1y0>0aK0x_L^76S4EJUbIgi0D(x(`~c zM*P-&1tOVfE%+wLX?^2ob*60Q0xmz@;DA7y4Y~*F?f%k6+_+=a=L_sUb}VKBY5|{;*F3`L_!mPI_GFkcX`%E-KU>k zhVk`%Wg-DVdfh$GbEeliwsg=R={+<3`%x|FO6F!N_Q7N)U)oABbs0XLvRt}qZojze zQ(w0WJ4}oMn}15|N?YMCid_3EzB`iXb>GYMWb=3>G~W9+G&G}}6_gt`mcJPGeFU%@ z_?;LpoRndp!fG&%S{tov=N0iAUyU|5>dm6m2Fo>p0~P<}=Vkdr|*b zodj*a5N7aOC~jHh{Adm|rxjf&Ht9k;ZaZ%r0_QuR-?}^+DR?!6bHkDAB{$-{0&VOg>!;H1mg|a0W#odcvRV&P1X0$lJdcnrM@$u6&a+P-v)7P6{;u-24y;}$+ydR*G{H&<%tRF1jUHak8{-iXm-bI^n9}) z@i6!Mf^(awOoe6@+A#k}Xg9N=vH6|spDK$aguhvn%P1P%X1NKW)x~-cKj8mG{XInS zJ@A2sB53XSKWfqGp~{EC|1U1_1F}8ivky`R)WCWeUbEqyoAQ<)DaA7LOk(^iB%%ff zU4Q|-RfKqA1PnKWp;`rU)^^+KL@B_v21N6P{xK4F{*>45okY zigd!DVmtX)A9_yn|0H_@0J`AjG8l(7!d3a#(X{9gM-9LU5BQfIbe;&eHW-+bxZtD& zkU2`P9?}o~mPmaAmBDW#kA4>TxQ;HMivtr)K!0yTE?`n&RYTUxj z{#0{&Mu`+NC=d4I&2G0EWZ7uSpMv|%e@$|OqD2uq#5ts_6VLd)W@Xa^f0{B4o!Wx= zMcGHG1H1mX)58bVP-KNlsmc}F7CJ{H>-i`l3a$rZgFZSJ1`fZbPY{~5e{p2eh3QYa}%MU6yaJ!zWaYMLU* zVwk68oLj+|CHaHtjz5Yk2c0?}VLlf_-6@zCG71t0DM2~EPF0fZ;_ni=Q*QHPKSFME zB0~1+n0|YrYEj2%DsFeA@9kkf^2&WZORDIG3VN#m2|%S2^pqnbA=@5Qj>w0St=hLw8eZBZe;2TG#}Z3d5W!Ek7o$BP_R$J6o_ze1q8oaDzcncnGQMxLX6* zL{y3Gb)-UyYL^v?(1uu$+Jv|YCpGD3I|uzW-J$6VgDCT1=Ib2=j6)@prxx+7YumC6 zXM7lOSTS{`l;bHs=Ws5bnBXQ8o^D}ED{tpA4C^GkU1FMF0=aw9ZClWD_OYVu3Y{Kp zwd%ZZb8Xw#=snxNx`)siz06C)+rgBr46Fgc+bE$L2yq+)AJ;p`}F+`PCka& zmRSaN0|VZtZj6PMW^fO*`_)dS8wT<_nU!6Ppxaa__jW&d)1Bj=H4n|A1$p;C>~7-W zVJDwGCejuqR4-FD9veS{T5C9Jv>c-!e@30x4_M%omrMx{n*wZgvz1G zx7NhCaf{x$Yklg##K3v2x_bQdN|yCxQgY@Vi_W*mmkZ|gI{%2ue0<#ZUQ}@8_dZ_D z*yG)g_UGid(a~o}~)nL1EWt)(jiZ9xN!V2BKE#Gk*gA zbsErj5Qu%bOGMt$&tEY%dV8ka4t|j!X*BDOGG(+fAQ((IqOFUEyW^9_8FktkO$tA0 z-)H6S*spLnpyBK^NOeSq69bp>nLas{A`F8R}0_$9d-SPaf!k=$GS-mao6R zY+B^w!3PFo(8Ufu>aptqQVg-qat+8KrJACz$0d;=Oq4H!iM=CI`zw6gFtg71sYdJp_V`F5)M*_;B=5Qo`ifvS-b!1D{>AKDwT zH%on4yCq9XoPmqUrarr|39Xf{)Tr|0ehiAQu*1#Dtw}IHh@@BYYHv3AN+|4ei?s&*iDZ;JdG6 zsT_Zq0fTu={tnOIpP}|pdbW9_&^$JfI94EBl?uvW9oM}L2p4km=XHN+izjw;7*cHI zvAc#OIn$F?h03S6@yh@FOHjqOZ^;TWw^4U<5A8s9zlGFHXT9@t+g%eOIkt|_grZLh z`1jvsN~3dZ=#+2gV(*>yEjo7C986nBl^OaM!B23n?3v!AK-k`Q?1VyZ!3gxOlpOvw zz#};vrm{d=j_gt1-jCjR=MmRFAXDZzu@@}4N%{KFo;mEbXWB-c2kz7U{YkISzLb@L zm;rq6ZD+1W+O`Ub#e|zhDVth}{hWh^@3KkGud&@0 zkCx0h!s^9Aah>HTuAsh`%%R6cr#Nt>i9DS07=zF;TxpJlX4o2i?d=|LUW!%!>?vhe zPF0@VudLAD!v&8wmRKFB;;tJ7l<%11*fCiAiDfSx&-%^^LEKKPg|wDAE8dv3n+b7O3<(7-v&V z`0+7OH@kkB$7>g$6Sp;KYP*bn83!d{Gx2pHJ@C%z0PFFtw%+P@{M8+D-?7I75R1!np&;VRrY*p|jpgMG^?};m!EEJGArk?OeW) z@YH%CFh8w`2+6cPKswHLn)Ug6S;U3Ta??jfpg(jRC*@Wb_!IZn`z{9K0|xiEf5(^` zF-g!Hh6$YleSK#Wkmx_Kh+n~`^!Z71Ma#&xyL^(3MlO8s(1g{#c+=m;_IHOuGf}^0 z*$CBc52B0(aawvY8TO!7A>iS- zOi3yDwx1kTj6sk^&}V3KT-Swn7V|0h1FU{F-sNOYJ{nt**>=VFZ4KZ~p#QE~aN~d_ z@olVU(Qb)q*X;dzKV*55Eyx<{9*4v6ujEx8n<9VKsXO0UYO<-g4zX{khXuST&`zSo zGEqth$Gd=Vo?=(L7WQHFGrB_}ikD4`cAHe^(z0;c{Ab5;ACc(+>VKNh=3jQ$UQ+cF z(Tih={2p&)SEi9jRRdlB`x5SOtv`G_-VAsbUc|+&@u9>m`YOD>_LJYpthMZ}h9_)X~n*5Tartd8~j#cW!LFIet<;n=Z~G)R2wJL6daopFRWm%M~K z3C7p{DK%;w`m>Uc0FD&0ujDZlU%2N@rlU;}dvmCG7ptU1eZaxvnG!FH%NI6^G*=yB zpUl(EIv-9GX*Z6&pA9|b0qXqUm)e}|AH6^IXvl)e{ISoX$ElkO<5(fZB+3be zJ%&?`c*ue7Qd%tea#x`qIcOd?=-N(TBY#$Y-f&l$evMsI(v+I}nu4xFYu!zcRz%Pm z**#k~nTeE=t{G>@BFiFw2xkfx+R+4OAL;VFw{K@G{gi5)WRc1sE@{#E74JO*<+P4N zfI7PbjRAlTt4}oDL|SXkK3Dmw8-Z(gUQBn!dJ%JF(X_z;ksf}Xz}+O4LW~}T+NNrsxQzbdsQ|&F%I<}``~Rd5Wy?x=E=GHF~DaQ$~h;5 zG-C!GbK#ROf~q1ld{vXjXaCGzt%yJ^IY3I>kuVF>7=cQ@8bC%gl9;!P@>P2juB}mP z_r~pj;nacP{cA(8{uGJ2i%Naw%U-HxGv+T%Z4K;M&|=N<68THX{yU#6$L6MhX`7)6 z4G9Od|KcEw+%BJ80iomIX5gwMnvzVVEdAP&CdDPAZ`0M!RP&mC=)AhlYLMmh>kU`G zl7Xw%4sQMd%ScbQ91ET&%K#_amdxWD;(nQ?l`#m)nm2p_UURj-`NFLqL9|0L`^{Uq zp7I(YADhn-{C{HsScmSOB|6lavXD`zs4+^k(k7AB#HQ$e;d1kyB`i#ZKQ)+orMLE% z6f|+462AT^#j*#he)aQrcm#}}Waqn_y3rdGMK{&oZguz~X2r)v7SpREu1UPGxi!cx z?+X&>E&EKb#7?_0MEk2%)0?^%Vgo~xu6k>@9J8m7&#)qSOC8wl%tvo+l@967)~t-7 zE82QqY-{zcv!S>8!emzJ#RVF(DGNctL(qT@W?_BHl}3btgJ5-imqJn4vqW zMEz$N^e~)pKJ_3&U%MY}XQ^%i2E>2}dCnZ!-SFAsK_15w9h5*{5>8-c$ujodoHV>Md`j_AFn$I>@y(cHQNsd1 zLmg#r@?|9|%g;Nwo7jFP93qD8M-OG7@3Dz8^y>|RD(PaG&| z3=zY-ohHaQp+2{%P+lfO$SRp4ErNQ`PO5{KP>2)P{KqWwp-RwqbI8#%>Al`h^Fp4V zomPSsAuWW#dO$>~E#nc_8<>{zdZBJv2AnNttLrHT#x0~+<3**Osual?qZuI~DFR(k z4VOt)Hea!f>z3<}-qGgySS3`7X$~Ls+;CwtVJW~FCqpcNwixbZ7HOt+k_KBo_uhe> zB>6`C;l7|v6%$J1d;%!&)o(>NkjEWGY)h>NE7F%P)*4NPtu@~$+Kmx`rHuf%I!~WQhfFF z-g|W?Dr+!c!aVU%{&_EEdBjh6n*ZZmvns@wAvK42?4*m`C~jSea z`bNKV0vrl^tEcw+@Zh-`95X~;%Iv?f_woHKnI#%*Y?Z5dnV zOBN&gmUu28{#4!wRp^hr68jit(1MKtOFwm`sU~Fifi1H}-!7|Tt6fzC*i4mSru5b& z88N)a{;Tt&rD!%E)czi;Hr;L-|ABc^qawld0gxil2ZH7-M)W8l>vF*0nyP_H^g*x| z!>No}nf`Z}&~P!(OtLjToqe$h2l`w-u>qxKp z>Juh7?T2)YA=~S=1|t5S$x6ou$Wq7EzFGN!U0m%~7kr1Off_I8!6%Zm)KmqJ4InLj zPEWH^9FMHY=2~&YKAA9;vw);ki1R)m8%181anv!0b?M0_lJ(Z8>9$JN5r{#*)m=b} zinJN)L^GONxHHBgk;sTVg|i!nhImM6Cw99lc6*%b-{V&q*=!9u22-`YcP$ET&|7|A z%_oJthn1z`t*&7Od4i5X?1w4HadlnJyX;GxW4@DDg=kr(5-fC-_2;NG{~3(-lILtX zlYL{?-=a+{RY=tO*GMh_s;S1Rzht)mL0wHSlH~Y$2jt$7=RZqwN$ZYZ@E#$RW7i!! z>GHl5b3u7qh6*7YaTyvX+?BB^mHc&cHDy{_%9n2@*3HM!BCne3y_i~GJB5w9;qwNp zfmaRvh@C?sU4hS%HzK39*tu8|n)s>GL&4#@fVyo)3GnyKoB{}l)=N(+;8@%;nBAQXOV>W~0csOQH z879L)!Z<+$68Jg&tN4W+-l=ht^2+NF8w_vu(kf+|GGyed9)kKyRlKd-j9p|0_$ZL2 zH0z!z;lNf*jVH9_F+ctcW?JPoZ&6S&d=ZZjn;2CSx|0IU+$qpw)*is5Y_nbXeQWUv85$SONLqHGeOG2sCzDHn%YbnSzV7%2yv z00z;{Hi;2U%SA<9E?J>pa6#XN8}7Y84Z@=eQKIvO3dsmIu;cR-xqVI5GV`1}i9|^I0Sjdb_=rY_caIYC-bYh*`?$fP2zaOYa)ni57V+`15EOrSNm;umWa@E5IxY^>%R7ZCh zd?Bv{WkP{b6Uxg<=XOyB&Xx7#)Xydd9Fmvn5Xm}&$sYCRlglWV+51^mkgp4ELnQEx z>^IyC0`zC+A+1l&FphPL$5)~VdROiV!oOyaRUqig=F@is*N3|SBnEHC*Mq@{zK=Es zC@cLu%74h{PYb+dpy%!c7{uX63Do_X#T3@Win-M#w-K14swld zkcJh;vndql)r?&*Rl(N?@(hd^vZg5si-FkLCbu=%N0Cp&E<>regFKWDC!T+JO=+|I zSSNm!p^68)#j>8Y6JH2f#CSy=fcyhA4o63^G5|}yhmro^A%lxzGvN*@)7O46rBN8# zk39~kxp(OEXH-CrxUnIjB`@5tOBFU$hP8ko?ppJ)l|QE7F?h@$BX(R zoV%vKI@H$i`PW<}RZFBg^EJ0(TqCRFOnd`J$;q6=&ralr0uSr33Z5i$fW{VR)q7QA zbOlKo3bbOVIHnM*qR30J3*ky4nk+(+*ej*C+N*ze05dJ#(hQ$Gq5LVxG1&C@8guzM z^y4j2Ulraxp)a_vd$}OROV^{^+j^Hbj3R^6%OVSST@~BY80Ztl`H+#0h zU~o*3H1=C%QqyN-kIB*}4$?xO#J^U+#Csxqu(jsHB;t3F?I$l{x+$`?=$Cq3keIvk zJlgBv9zzbh=F#}!5@)iN(&62n-&?Zq`8WEyM_MM@~&e*p$ zOUQ1rRYbBk_OTOUY+(>%$!-|34aRbw`CjMzb*}UK=X71w#mxIY+h@7&`}4fdo7QJ< zF&Iubxfp(NyOw5SorShIjQjl^<*@4yGuS(hX*V^VUhzCT^=f$a98`& z8t;cCrodm{eoqFmt5SvhZR}<}YZ|XW$wMOG<~A zEpyhSU+f%SCY-f%i{r6G%1qr%PTQEmRTdK3dJWgJk^x~B!Lom=`i^1>lr4?*=KRAL z6EmZA*VyE=FGlq}T?4K7{~;OeyH$*W6}we{z~$JSy#Kd>Wp0o{n4abKfa* zATsijSEan$VsL%OUlR(_>)lMAE2M1V6@?d+!+FJ%(v=iZ8b$RF2EG_`Sk{s7SJ<`r zhZ3wR{GS)|I+jno{NWCDqPqimG4DP0QReMT0(dckE2hX&!aMf5MxPE{-;El~{IO(v zg^WnsgzFx2z{HpGR8>{2FM0ATf?>>e1$8%=0?WWTA7};DXr1ThOS_D2hqa#mgkzDP zv`*)KE04b#+~%QF>Mimc{;btHLHx3ZdpJNP!?u5+rSh9tn(>Qx`TR>}dTv53FoM|O zNhycE?8swT*_CtQPwE+RY*Y#~)>7YA+v~_HvCZ%Bw#=|I3BGOQdRXgD3?ZPCx^yRl z5|F)+wD0+R(E8QVMe!+22TM_cCvA&VYg}@9tR)Mdb5GmzCv}&+aE%LuL<-E>t#G`4 z$Oa+%4XK2R^^#d!U{Jg~k3h|{tKoy4B>a|}PM=q}lScrR3_76Y*75R~<@FkYvH&*H ziCOgdmfgNold?a*O~PBGbn8flber<9@8|!U;`PESW#6k$RK+zM#8nfdXqOiW)9PH) zumQd5ues+G*)X0|Ew?sN^m)#;S7pV%k6ocL-w28EpOT>|4u2V~!>%S?cAF~=Px!iC zBGxxbQ;40sw^{4?mG0HwsE!lX7B88R=t!<`V`}9aW_@lvB{yqg|8a(=^xbKtA5)_d zUVg*G6v+imXWY59IB=5?+^x!({{iVeoBw3Su$JVxV0Ow+!|RT&B^7NIp%snF^7b8Q z^vl;q6*J)}wDoI*(G({)h{xSwT46|Xi(6E-l`OZ(>Fp~}C)EMw@r+LfThQ;=`3XpP zU8q_vvm5ajjd}Lq6oOb#9DK5|DFHts&S^g_cwz=RyjF2DHICj1c$?=`}+F! zii(7N*8kA9Tz}o_w*-mrl160fipy=iYtAP$HiTPdMQ9{{rFjhNZpU!26wUhIP~A$U zxD*MK{TsnsZ`&Dr*?Ij>WsXj!{BW^pYI{3u!nEOaaR_Ln$gDPDp(hm;c;JyDV*0?} z-@o?_!&RT2U%yrukFXez-Zf~r-R2d9E3EfjTtqE{5BRf#4+Zt}w5_p4#*Lm!ec`zt0-M6( zQ#e#NK7)e>0x?KtzRM)|q(-t`3GNevz9}FeaQN$Hwlg&yqg`_-Wo}*`0TmmyH5aF{ zwUVDL=`txh6-;_LUF(^T9QQ$lu={r5QaP99l0X14AkV;_6}&eL-Mc1_&|Mq&{OaO0 zY0R1PYW-nLv*+|sU77@^Yo)-(y*z`-wSaQFe?M0m54n*HtD$E@LZK9}H=l`^vc{xIR5*=_vhS-v z(|L66h(I8>C@)6_z*!|wvv6sC35kE3blko(AGD96o`-wyv)4O}O5akx6~W6I_#nd?by^PW9e$1YTZtWUdenD`g+RU_PcB z>mzi9OMQ9cyHebA+P=~_@rqrjwkKriTP!if?|*r21^cTpCND)<xs>m4Xge_u!lrH_%y6tUl zZtjPKgnPTIBLz=#&WscqicO|wXZKgVoapN7gHKeww6nLrG8NZ|`(e+pva-_XjmLhu z3a>*JM`|)Qoe@Bjes}~V!g9OysBSTm!Xz@5OTlA*_T5m$bN!FfFHL4y>|Fm; zMDFZ({T>=(7=6gdqb?Syo_1O1i~tMY>uCc=D~N{%xy_rcD;BJL0s`CzK+H5k!F$1q zVML6|LWgt|dbhW>Qff(^aG$s6YMKZb#B1gE8*U~4fdc)T@(6-97~MmSZ)T{j`K2Y4 z|1NmxSqAXUz}6%|{Uh{7W3!}>JTgSBKP^`xf+G+kQ2EJ*Q9d|3ZIoT z=19ZVLZVTpAmoZJ@UXyTiVrC%ta#bn1lhH+ zwwi;*bflbT-lLCqBD0hNINXp(5hx1XdH_+&jnV^0t8j{=bPEkjgMY7%6pAnp5|ss~ zuDRB?Y|gd?^?sCs!-Xb~M+qknisqQX1{Ynbcv&kr*Pp7Fh4Z?5FJ_v<0#6Q>d_Z>+ zGcqR6`Qk8BQmDN0*hjGLROJh>zxQ=?V)H^0gUH?*t3a><5n0-C;Cg6qyoOyKlIseH z3%N(%7>xKjFv3)v7b5OH&w_u+X25^|Vx`5tjNc2C)Kwn%C4t1Mp zJ{Qufw;Kp50A}EytoZoZ=5>OyBvvA_>qMXGmL4TWm`V0pO*f{`i%4@eg#-VmvM|%F zm7X)?=%3f>aKXJgJMgv><2o-v&qa*jB(}sHKi3h15;d<&A|3E43tKj3Fo@PPj}{r* zHd7!%ZvJ=UC*a1hm?B=)--ueY48`(b4&D8?=V#wT`#!0@IwKMLc)nQ}+#pd`dEC>} zbF_x^#N>g_{6H?v<6O?P@w+p`yN014Lmhs&ao-t4Jp+#*<4D&yr9HNbiklS8)3_j` zqB*AcAE5sp6s-jk4=92X6A}V} z4}$2lfA?3m2K{1h`cktEV*0-(cZR{*zeeuTy{&#Zf$farajkqY66LJ{NhSw_UtL|| zGtow!5Qu#a>)rTUaO`hP$H=!QuOw_cZXK|UNBeCrUYRs^f$w63B~rj-t`yKd=Cgx8 zY!)I|oNk1iDm;Jwyqxi2uAXU?vvCVf<;}Ht4Zf>gXMW(63TJ|ct1j$Q8gaO2O$KeZ z#F)Xr@Q>{H2E4(Bv-6y?;@I+tr~VF^-mHbsim9xY`ZDbt91=4#Gt)9N%|n0(@1lPE zP!tl1emPMUpPuf-Kf)3TlSY%6t>{(w-)e=~6B_5N>RID`b0R;fQ9u>w)37K9U5kKq zDQ0G78?FS6>WNXwXpJBicx7W%1PO>>1~^ zN0x2lk8@}q|II>HN}?735PM&La)>WyREK@3QDC?#YS*14sEw3-qpNZ}T~ z6NbVrhNj|z#;2TE;;A$#_zB4Ix#pL^kLQ3(MtI8_XabZQ8JTQr<@oFwYofrTzhky> zU+=&Bn_AopV$9M0zc+DC!{1sKQZ0ka?j`AsRXSZoIrNKapH(?M^1N6o<~74&b$OEq zaVk+2ANAA)G*N;y=7O3|)Oq7SLLK_8W6bp01M{_x>LWxK8qMx9RLQUBP!VmLqhA&bk$vVKF7n@dBB_$;pz0t_tWNq2n z)g=>;+(FXTReznZ}|c8}|0XHG+FzMh53p5YZffY#8u>m9g@<;3h1H z7*Nke?H@mWEdTzhRi60H0S=c8I`qO8o2r9|;)tu00)!6W_UBFgLIDo&9Re7w-r2tFt#jw=kXIB36p}fH3 z-O)F3adL}n(#~UdH8szHxbzjkTtxuGGQjE3&AOu$tQkT#ZiLm>D~i@FLmtF()~esz z>#;mZh*LSKX?Iz2pX+e%S0a8$Or*YRVZq(@_QKp$z=nu06rk2Vg$+e8{BQdCj0y;X zU1uy;JwR4FYvZ1lu3wXKL`~cJH+A91hr5czNlySC!<|YSQUF(_9w;$aU==ZG zk6_}Z@ZB9TWWb*+=fwFG0&G8J3)YzI3gak;p?W{hVA902-i{Vwrsb7!g(K5+FiE8C z-9?Ai*Yv<4^0Z6c4|i53{qe4gDOe&*57(ir?f(7! zNv6t`PNQ1~OWB@a-BMQqJ!V!%OZx%6!T>x7K?l_j2Dv{T`e)@;KR!RMqX5;Be0Je0xAuL}vTltRj*oUN~%P#13X%GwB z0c7ae;Q+qVl#r6rk$rmPkdT=8eE1tv$bK7-hPL*+%ISfwbuAc2!iNucckCU&ybF$y zAXjn#*VWFDjlXK)8wL{7CNi^%*8WsRzZlUZin-6Wz5#|R3QkMI z?E#LzwO&2Vs@%Ag6;N}yS}3=eW-ALoUd`Vqp=IDYNXzu3CRCq%v~tiPj5~PW`oVj) z!EuZ-6a}3OdQxP|BF6@@<-ejE&DQU@0J`SW1nBrzA9&);)534zN}m$ZEJe&xXJe{i z1>CJ5u@(eGl+$R5WQ;h_Qt|+H2khIWdi_U_XbzadHw%Zm_)drHppF=ssV=aTY~ofF zujnpL;hWjye8K#&D+kK*s>kv%N8X8pL56y@uR3U&J!bgSj&i-RoEOdg==MTB00_X5 zD~F4n4h{|gNb`zwng^GLSv_@g&k7*O{r>%XfBN)9osT)NGzgd&5(E#~hA9cyZX@oIN5SnruNbne^xpQQYd{okUCrkpfFN zIl-EJ1qf__w;uq91)tJwFZNQ0dz(iy zcJH5%HW)VIxRpKvixdZ77uS8+Y?=tt6f2>pr$?whJ1MChOv-rGOH<_E01!bA_UGc* z6@53kJ2|9Yw1ZhS227H>{34fp5^%NcHB>)gFJn3FdfIvPT|Q>(flsP;90%?eMnAm= zvd3(%%=CMJ=me-rKaM{F;4l~RoP#aW6prQ4Xaei+Hy^KV!=;m4;rq`KWzOY? zfk=6QOWx}iXG1_M{mo5~b)MvO5E#^ijeoob5!-Xj`knjm6ZLZEamkKYF0Fi>%&wlE zxjKBw-0rAlKA@i!0Iq=?ks@r|3g8Ez9Q*)B12FO%r1I7SN-$2L#)HLcS;2?TL6rUS z>JateH{gS=HNa1T7P^xu@@q&*MxA_mOiBNRe;Vk7J4oDy(cHCy3qX%B)=m=-+r^I# zH3kK^)XbjYxa0UZjbaLz0y!&#VGT9}Al@=^nK&c0B$J? z92u9;>zEz1$6i{$b?zESBO-fLWKIT!W2`{W!OD8<45~xHUG((yy88QgiKt+J~(@X(fU8|GoAqYUX`vC zP?hpdzUv%wGqAJgd{s~70cgG+r+j#;*>dujVARR0Hw8r4cJxm`m#1t?WSJsetEYn% z03Y>)l2o7y(tuGU$?%6VZ*(j!ElqrTl4HZAKKXpQQOVH4j~|5gNbg&a01X`-I7lOB z_|nFkdbLq-jpQ$)R*_D#-l0N(pa$$89c&jbKfMlNo+i}H#fB%_h%Y-H z{`(QVR7+w3KwiU<_ut=_gy1yvDI4G>-LFglw5%mPLxe~xDd7Ohz!|;cg(PFx9WuhuqcnHefP4>l zbXYvRY8yBKW*TTfMYc@wnq=977LndTZjKC#-H6EqWwO*8k1uV?IyyQ6rMpUxJAgCBfJX5q`TDp8X6k1+4>b9I3urpjW{h(WRVb z>;w&%z{S-se~D(3u%Y?&>sL9W7VP#Iz?vm_3P1gc8?4y#*ko`z7@@Y0zd!HkYl{%1W4<{BEouV z!lqU4K}-p7aUsYMrUr4fUDbkF+XBeUA37pfNmw$%eooBa6HS?fX=X8e^wN2#n zgdD|#D3J)PFh!(pbuh!mSdSxlR}XSZCqYnF~LleX_5}l1=vUngg9u z2?(RgfFI>)BU?jGNtTwCFOuK<%R`g4?;>W3qDAW>nof^5V30a_*xyb7Kx)>jCKOdv zRC;jzp2RpHJ87tq6&h7c(GBs-H5{^aRv{qu9lvJLDVvK052S*IfDH4v!GG67i3p;z zQN6FkP`<7Mkeo1CN)td?VMu5!w#Iib5R{cBQ_pKt9a{LWe0|R;#|#x3O@rM|2N`K| z;Qqyb?JT-haQtLL6S_az+YCbY3b@FtW=tJLLnupc(K~dtsBFrI4>RgKK^2uRCsII0 z)o%(80*VxaD+6H^lw!zhv$p080Q5OmK%$K*Ut9sy*8xx$AP`NGdFYd+6Htz#;GyE7 z%tn*?Y;1}sk1j3;{k&qh2{evx3P#_HB3W*3y;C`A0rAxdUUf_ReRCa%!iXk-80G4s1=(Ox1r#mfhX9qnTbL|qQf5U7C^O(L+~?WE?-rNSIRb932#lKy5ow2{8qObO zqf2Am9U&5*K@}#-9-f*ut`cfeJ?X&!pnqImq}*BHj%2drw^rU62*!D)#XD!z9FYl9 zb`r?uKjqu+cLUVQuHYj~<}AP{KO%cQiI%nGlq$fi1=Oot7#!P&5vU1BB^v;+&@^BK z?eaypou=yj&Vw@1RiNddGi1k1A@RSvT?O7Ajo#JQ>319#kNFXyp1BP)EQb0OBm1#P71PJ|&VZg|+ zpSdK1kN&9xbkqYV(b_c`mpf2XJb_4+qcx%Q9R4!Q6yy92JxT|X?jFd2#@Wh2vS2O% z@Onhs7&Qjqlr2~ZvIYa{P?7+cO_$rMt2#}4g<~7(30W*{;%c{*$OSq$Jmu`99h_Jf za16lczF6=-2K3@bCr6+^7PS>t0FJ?65qw~OLYhAHfAHWfa$EorLgD)&B>#p4>g>RU zWgZvvu(Nl80Nen;zt7=H{tz0mp;^giZA@mL|kG^R+}trm$}BXCiG+51m^G+|#Tukwj9;Ev^H zcnDd>SxZpV(@$ap)0jhafbCfUPS=s|SAZ&)0(e@yI`=~p6Ap5X78Dj2*js}qYTS82 zHHj<}|8GsJ$QX45toD}UtmlkV`0I`PGc1VyDC1_xJ8|-)h+@_*&!oboyKpREQs%Fk zxrJR|6AvZe(48ZSKI7x#WLo~7M07wox_AKo(w$L!{Po+!M&^NGcv-r%+VCz+8;{zICP&D4|U#TE@8<`aJG&&NgwaUJP@nG!4DALU^*n>TA>WZzOL_5#!@doD=iN zM>Y@W#2LGHzf4(MzDo^Ov%fAJy~O7?ZLrzH5)T31)TL?-SEpKfI}!Ps`bt7VLcM;z zjt_`%9zfV}2mk*D^a~QNA>4-R1=^kEhk0_D5Z<4)o-X4WOL%ZRh+Dd3mM$$|7FXMi zvZ8AJGn=CRVe%y+s0`?}VCv^TK~ZmM9$LwKN=JGli1M_ZfJdyTb9pCKI*%s+C(Qsd z$^cLmOe!2z0rFwo_pfjy=m04bfLc(N`G7?J0&v`@&g;2#&lJdBIf)JCgcB)ohJ8qV z<^}=XEpm$~{#+gi+BTxj4>ftU&xR4;*k3qe+K4Q3Bv~qO9sKeJAi8KEQM?%brV4Zn zjfW2f12aHHRZou@m?fDsi?{T2bwvcP0o5@jJKIvv@u1lzSaSzXX}P|U1d8LyZ^$cF z(VEhl^7ADeOZ9D?V4vwE(2wz{A^BTr4W~Sr|HnL|h3FSey~+#Giv&1ZQyVqv7PA>8pC+iPJ6vnQAzK9@A(o8g2>z8TX`s62M2c;BafZ^t7e zo?eG)QFUD63%TUQ9~WT`gFwoGbPW6Zv!Pi+Z4Zc=)V7zRBQ&%N7>r=w6`^=aZQ3Z) zI6}au9JH%q%@a^7k2L{?uL(tQ&=h(kRj|49&hXHQL73vl05E|V;CN}Y(${;hL(ywi zG@!%m04&133q$dA^`_l_O~Z5ujdfJ_!O_c?fy@ChNI;IzotVGPAEtfqt}r1Y;^}j; zTYW#gHc<4wUyh6I8D%;6Za2D^O~R8cexw#68Q52%;VOzJa|Z=^Y5!xb8#;U|HTZU(Q;pjTU^ zFnmMIr|{gqbu!-l#MW6sIpPi=yc^dKaGD*qpJMw}TQJ3*W zC^HLKXQK^*LbO~81?T-Tj@~80$uVU{zI@9t>{qikqF*tzZk1B$EVl9FH!fsyx~}z* zIV_KGvK}_ff;C|IHb=lmflGI&K2l7x)aOq`367pyZl5}RmeX^S@=@3YLgVpW%eK!j zkx&SPUmQgPO{dDGW(lhfONQ^I+eBH?3e!%V%g>2#5Jxqok2iIH=7yqv@gHg5hV2LZ zyR#|c<|WaIr-p`#ffs6c!+nN=vkH}3Hl}Yj2UwfuuQ`}ghkDaAbqnM@+@jzDxr~N-IsgJBFkz-q4;#?)ex?l!hvccY!IGzS{g7)EnAT-ezy++h?zU=mtZL~i$ggQh9bIS4>BpIyzMJF0-3tOGZ}CxpOrE%A1gZ z^cmMmhE1u>)P}$t*XVbYKI~t#2R6tw&VV>|7;dYD@7-#l>y>J49_H6iH$CFa2y2ixoS1ghDN`+886OpYzl*RhDwJ^3_B|C-z5T>y{IL1r z>;`PfCKf@#cyXiYV&Ic*whrp_y(f#Qv;Anl_~YKN-e#%0q)nw7-;fiFiwlp;FGC8Uz~fVTO7mj?h?D^Ml(T$9H1^^kGGtv>wnfnI~dLoN`-;^cwf zXwr$JZerFRAg1qr$Ve>^MF6~Qnf$|7E1Y%u@=TY_s>wW|u*c(M)4^X^b<}^*_T8J1 z!iy9asYAAuOarpdD0>qfdOW7SKL9}$Lc(TUkJJ!w>`nU-x5Yr8Q1XDL82**nr}Ko; zw+-hiGPXgGqZx%>skt^rWyU0sA%t;OXB!m{hZWs@mKL}!i9&~_(?8H}WHtaC-r)^V zMGBP~+JnI;I!Yc~P-Xa&Y%QEN&J%X+tV#U?^`FWGX=6)jN>k^YrBG&8`RG!yb&`G( z+V#EWx2ojFqo+)PSaUp~r*%w>-%+9=@zY3wqSSd;=-C9E=h-?r=-J?#t4v30nx=*i zd{14%T?nMspw2aQGia;mswLC;6kma&!YAzb+fs;ZC-^86UzjVWW6o@_8B&xW z^Ko@uJS3zL?!(kliR5CulX5?koGgGaqZ_t5`*S{oLLhw{NjTA=*A-0j|3Yc6K|ybl zpFl5qB=$_!Ln7w-V0WDS9qKN=G^!jULL=CF$IC`jCLh_WUi57~R&x2eZe6_R;xz@$FODzt5d#yn=+z6c+&dEy$HLddd) zOMU6nPpQ+J3~E3gGv4x5*~>4HbSF}CuU~jGY8ZT$?~)mzOns7|90P)(lsM;pGp5gj zSl!l?NeXMKC4JwDSb0o_N4ZIpN;pgjAKQU1eT(D3-^&%>k}ACmgMHD}ep3nbCkWTu z%oC!}p6ko2xO5(R<-0_KGr=DPzc8x){ZXS)`|~JiAW2})=-b11;_ZrfD?VpGp?#!` z4{?R&7Y`g8G4ruZ23T#qglM-?8dxbD83IUlYiaQIrkqgnS=#EBKWvzEk79q`{yNQnImf!n8=AaQD% z#7ket7jnyXm!WlH?yRVX7~yE5*I7h0TJN)4V+|_}kJrLW`hiTV8CWpAJ?q=*PUiRZ zlc`)Z#qa6(j{Mdpwam4`!r(q>XxDJ7Ri<#4W;Hth6PwFkBgFIl=AW*%c*g~ZqvS1) z=KH{2XvNI4=)txXOL;1uHFfj*U(|b<%~+6SsWmUIj&?tLHcQH!r;{Gs(x>755};PS zNO&X>Qs_kgz*Sv~wvO3L@al26{@3T1A|f>CTYuR*v5tfHgT{X9spPx*gU9?cw|4)( z8*b6a%*xa+wqaPfk3E~MQt-!w`JX?ssxN2pvpKtmjK!R}tkcRF85QIqXd_m}Eh~R` z98-dRkEJ%xp)-PwNTtl62%^wJCW}H}g_a~4TjF*g|CW_}GHtVKtEV;m)!DlB=xY_= z6tF>zg-~8y>RILmbPm{4{-NTE;izS(2wb{8t?mI!g%6Ioaziv6&qS21MmEqLS;3dC z=o=Qi5kd5XNzGb)IWEY7wmgLrYe*T)-Is~g{){cD<^2?s$3loEA%E&~XRz-*iGw7T z=^H}Wwhv(EN#45E%OrOWws35b^NfD@73yc(Lw5u(X!-VqmSIAV- zsd6dc(?g>?0oBnjEM`5GQuU{gpDNJ~H6K-J97l(Ze&KGS%)Kh;8L&T@t+pPZI9dJC zN-ZkxY>BsG$?LJyE0GP)<2}tT8B9+!3x^MmkhZgwE@3OL7dbJxxeWhvXq&rs_JN{; zDlw??Savj>##1tw1&iVfRFwUWS)q9af5zlxN;vPD7+v7{)JXTtCBa4CmWun9Oo1zI zRxtYVUdFhPr>*}&ShVN1AMOWyP#6F3&9U}!@W*9NS;VTXno8r{Ba)<{j{+*6*62s9XJ1AaFT&-`Grs;ma?>{_YO7}y=aewrR z1%lXwG?rIw%{UMCw%Te&tf$g=PAKWO{&NZ~pxJ1UD1MCJMGP!vn3ae3^0zK%b&q%9-5 z8_cEuZ4;AydSRvnuLC%QZk)F;gl@zdNN5SWeTC`D8R7$rN9UBDmr2Vig@ z*kpjsd*DZA2SDuq|35~)C}+G2%WXzntC9?u{iC#3t$ZXN`(o(U874sK9+4^C?=)%B zwGu96>$u}K(e+=))tScM<);qqnED%}qfxqYQ9^wRpX={mW-4GND|c^tdO%_Bxz>Tl zEXShgVeIP&ci%++4A1Vt9m1cwvPq_1z1sP;xpO?a;O+2*qxMOMigGH89z#5q_D)zv z<+SpoAzf#!?T+2<-O8l=46fSTr@HUG*&xjC{=2&g@xH+55y3vM_W&Medz!Jy9;B-| zHxh41F;F=)>$UFXJNr+F5L}>5Zxx)Cn7Tw!bDvOhM9t6`ezaFEs|Lj@SyMASIhEp+s6yqUv0F#&V#@<{M4Jw1Z;3qat4>`Js

    )P!<`iKCt(uoasVvw@yWIF1= zszYye_irLrj}{c>kF?j?U_6!c)`0a_Fsht;=R41;%*CT<*bbh+ZRE z(^+sa96kzwOPse8leVXMB?)25vFxv~p^NAAgWacimTWEBTEQF4s_dY3Km)F!B)eE` zp*}u8zQL(++CyYH9h9B@OP0UV8`D!5}pO zv#&?!v{VC47XU??^k4Arg3VuY<$XGfm zRGd9hO542l#z{*!F(IRC2>`6%7w=wy{9gVr!kf8Q@ z{%QA(>FK#0!pre`Z-t?y;I=DE-V5KPf0l~>Udr_mwx|t@Ok7GdsXmiWbnN`N0o}Jb z;dlTZSg@|0mDyd`{k3h}BoRF)=9}Rpy4+FD^>Of<>PtyUPooCqS86NQeE%YrlJNna z4@!Cc{ExgEO^&##mBr&db(Es!+g}vn%92++8%2oQkr9{4UU(aG5G4O3AMRap8d6#Y z4?5GP-iT61p4oLuNX^#0XV=ddNys!EAm-kg%5F^R%qG1Ce{(mD@+$=R1wuzJD90O4 zXLcUO7%NKn+}3@cY2v%4TfHM@_NUloeKl}@^3mjer{Td)PqL!i-jLF&W>HGB zzP$6|aeCXe(XYC36|Jh*Xk89}K6L&y+2^hBrd=U#57i_u`Wh)}P`Lx^55W({W5VLqDKfg8={278MczoWSW zqVqd->6T{*(Y9Q18uh=yQ*i$i0s#c}|Nmos5iDgyd*NxlOk8PdNi;~cbR)noJLPGZ zC^0x&u2&jn5-53k`uGArzk^I$u4oNmK0X*Y_k1CnK#(hsRpYZb4!LP}ukp+IpnVGP O=b@SotmK|m`2PZgR~3Z- diff --git a/static/images/docs/services-iptables-overview.png b/static/images/docs/services-iptables-overview.png deleted file mode 100644 index 78228489768d48f5857b8da19ced063aed58bdf8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 32514 zcmbTd1yq!6`!9-!3KCMH^hk$*lG5GX4yiJ@3qc4=wf){uIs+ycm1w=!nHIM3GY(f#lpfOR92GH!NS6ZVPV}^!@UjM z`Nq;t0({(lrK%{0b%ptt-BuWnh2`I%EGMn^W@abjRsxwJz2cqcU%+$oz)#!r;a}vQ zVLDq1rbXJ0#VtCXo`t&(=56Tq<1EP6*B&hOdu_+*i#hXZEb+;Gef_$fK==RKkCKno zhKZEYqXA;>o4})`y${h0dBp3?f3L#k-HA8?s~+t|vu*mzi2Z>31zNnvAQfndQPV1-z?OppHi@&A7Pe|gGwoin4`jsmj)6%=q>vJ0DdS+g{fUo|(M3@&{X510p-EJy1 zGo)U7y?=3qvbC2vo3n}*`Fczf`wzrh5+h!zRQx>Lz*aMj6qKFTWKO{l)cA96S!}w< z>(COD_6SX)JOgB=D?Oevzmbq#sdp{H^3pRuUBzy9Dr9SeQS*sC_N)NnqoRlbT|4)y zz`3@AZ(=etEwYkz-ai!F`$po&v_Hh~g{Uz#LH2ZR+(P}NH7~I`G(I^>%+NO>L<-D^ zEgoePyZ?T{VobEbKgp5W_Hsewifz$j#Eo;6tcYf%t-E6+^0Mdh7)9GL zp0|*%FSO|DAc5F@n>C%^QZb<0-hJXvtOS@9KLuQiuYOT3OHL`PSqrDyEb44)AMNip zUpVGrG^>KJZp3C+U-^gPbWUuZ~;y`y3KWGGmNr`hN-YjxVNEg z?ELo31b5g2L@NXP;=MmsTVk)#IL%5t!cP++mDzsT`WBs#s%&diXIC$W+exBStX^wY zYP?NH($Vnrg5~6htSEdTqOIEtf~=D6U3!N=zuVPKO)n2*%U4ZuzF&Lnb|qU3O+-LG z!$v*2fB#v63=@pO`JU-XLNg)~J+59jzuIfNJ+OxteBgyI4_a(P>}OY69~Q=&ckDX67Q!s#2C-@2>;N_fc~4v_||PG>f&VAQFdm%NMhM{aJFTcw+pIa zcc@D~I-C-86A2ZP}_FaW3@brdouqh!{B-N81l+)TC*;k**$V=JHFTqO~J$}ATPoe@Q8iuB( zhVl3pNPT7QdhnXxyC^G!;6;_)y$l7zUYZXR{`Q9D7VXCn|3Ah>bvG~aNZ_@4{AlPP ze_E`(US7(Gna}Z5{vd0AxgrOzhapyS67^7ug@~ z;`1Gc@$Y#Q#dZ%7CZEzG_T_u@;F296saB+rlg1IEvvuY&Mr7l1b)WhU18aw zq`o^Aj3AGdBVnJ;5*W+ zYMNeFp9-b0j-DB#tujoq(jt*}Fn(Q$Ebx4z!qHb}D9@oLd$u=qYUwWI+2{#8@7I#X zGFkLvWxm&%oav--MX?Biwi_>V&N@c|LQh+OauX`~aANZ>;pMe=WrIA2XJ2Bpee}#13*i?|1mG-WlQ@jbA-+{z=|txswM57kGrr zfue|$c@qNW6_oFgDuJEllQ!eONI8riDj{;)6b9Abh8{hPwO*<3>)e z7HCnFZQRM~|E1jPcO_od1&3v3z5XA898`i6gfA&*>-%>28m-m}#9WDH?z8|h=ABoK zsc-Z3du-`ewc|Oz!&PEB8tr9fn8fcU`a=qvoh;oL4Wm*3|I&=sHM2&)%N;+*Q|&v3 zOev)Hy3VDJu713**Ru3iBhdo$d3UeeFEK9+EP#P$;d4<{#1-P(gNKMtQfN1GOU2#I z)9$0c-iSmg{C%*g);Xhk_Q?7!5Kn@cVGLBLD_UbWkNJkyim{4YRR54Efh=bz8NZzp z=Hs1I&rjZdjBh(b@uk{~@41{&#>B0dP$xg9bwdtOKGDJLM9vJ035w9>n1AC76<(g) z8C;pnBdSM0{Uy1!twBc!Sk^KMJ6aA@-d&|>>QfJ<1~>WMcfCT1pu8RWCzcKZ6E5HJ z%J`ySwk7(xf(2|nOmht8yop*@13_a|y&8g(sYG>R5U5QtJ7S@ru*9e;)vJ$pO7YV8 zl4ZnaUb#W!=s{$G)AVF*(t84h>MV%YUu(pJ)ROWHgElFzF-f3Y#9yrQ{{|wsOxM1L zSP3WYFIf45hsa$5nf`(nyuWYAU>rLZPTU`$6DSA5!?@!AuLubQU?4e+nfRI1iOYq5`vU{r@#y_yH0!?EaE7F zyTTH28(0SKcu~RrrvYi1_ZFFx#b23;KFK{`M9#r@*Dan#+`4|@p%uArn}N)Tcu>ev7GXP@vzg=9TdyRv@Y;~pU9~n{xu$zuIl-n)*e#U(V)_c8j%tB`NcP{lytj1lun6&L^ z(H;&(EQI!@KZsuEi!@Y}^YTTkPOqtO1uxP)7$RVi6Xx!@!LH2m7?!vR^OLMY-6Y>kx&qTinwf_td1#aGceopQ+GT6f@8-U70px;xt7+`&ZT&`ESO>`lX>A zXb@?Wdi1nY6bHiQ63x0%^kY=llDrlpG5jkFEXJ&gUo+nQS&+QH_tC?eBVGeP&|;HM zypd2tmfdJ=Xb-!w%>BV0E%%aSp*twCPibH0GaIZ&bEubGCo6fcJodq^V?XKC^%C#q z_g}!@X4fem=w?Y)GcN8Uo19)MT}W9v5dxC3hU&-;4|T*N5T(yV|lcBGKv(G_|4LSTt@} z>i3=9ZFFfqZJ6y?$X7`iFj(^K$nWcK-&W^f1RNFvY&abL(LHdcy67iT*a+KeX}7z? zt^2j17iS62nnTw%4{Uq=&~sk1=1hMq?A~j65D7f*KD;Ghs{AZclD`r9Eq!1sGb=j0 zSjz0APes5Nec=Z_D_X9LodHr)PY`K$dVi&He`kGKzul!y5i&A! znMog`%^0&m`kU&}FP5&AE2DWu!G`dqrRc7j(>V5asCSfY%6gUb=nPt7e|uq(^s}!< zz>6wJ$ze9fYjYckY(p+nH&klg4QxI6$X=op%djT+J%U2Oo=6_MfrqlJAljx{yrHTCm7qLEeUJ^6j9&(Zd#7e@;EC9j?L_wJ7O z6j4idbJk4;H0mdo>h<`xx;6dUn(^G1xN1yWKRN0+NEp7+YkeLo?mKIC{?+bUTGcD*B}Txd%(y`^Kv zF)LUaTWM>y&>}$0CcF6a-2Tz#&2T9eBT#;5uUQ&Pod!ziYQ0Ma#C&LMpg-B(AUr6j zGdup--F;DTgl4-Vt8_txNl}2>K+h*@!2G7?_wDWeHN9yC$jFsD1J@sk=!hDXYUlgP z@R;JQEQ%jty^(ANa)mJU)OpL3eFtJv=E z8O(1tCq?<1bBwduJ4_Zq3D2(GuLA1`&(P%Ki9#`D^EwzDqc30_QLY6I#j>Gwg=FpkXl`@oe^{D|iJKAMC#;f~- zeP62Zw8q)lsicIn7msP>!`r^gl!9}(!ZG5==T&c^SVR9ftvr3*7Z z8~fQkxqc(;FNZs?gA#mWWn{VFjGLQJ!BeeKswX>LWmUXikoOq!d2(x_zM=_=)F3pu z<+3-nTQQhyq--xrSr!BscQ**eKw+R;rtiZnpy4nW6C!o=@ctX8Fw^Y3AH&@82BW1) zj-QVgs?*kK9A;aj^?GN0h>o`)2YYx!V4*bPZSj6PcpJ?)28;zIl!<-KA$Z zv>^`AS;tQ`2?MhNV+~Q`bB|-S=e{hoC>6e*&GS?5vT{&elOId@aR)OP)Eg=Uck0`jBV{c~kDG86v6Af>fjb2GYgzH^vVFe< zKJe1kXn+rQ{ZscE+9iVENBEI58o7Ree$cerDM2_G+7|!LUxL>!c8T`JuAqFp8Xtrw z<_E&=cA0xUuU}^lCCgD;TthwT#5fw)E1U2dbx=CfE2XH34P$!^MB|an`!X#`wu$}} zgEef3>iDn*n2>=a+$f5($$=4F)uC9tO0Zg!%zbadb!`Ve8{@Xo z7yU@{5Fp@yQ9=_99l&YUr(fmpS5l1cMXAiyy|!t$b;XuH(*z>@8vV0pt z@J)$1(8PT$$Mt!tm1P`4%OWe2Z5W%CH`q%vzNQ48ptxB2)}2mpd88@xc4O>JjfrAxdAe5qv zDgbj(!WlZsFVS2-mMUlRjSV*R_SBA# z=hp1CteuqO2%5XfrsoiQM$XIVX^U$|HUExL&Z-U=+ zGEM@^q;D^|oi+z}ZAkcWXx#JZ)#-C`kU|lL?bO#0oB{Te9hYsNO^+RFt?i(j48>$ChNBX0MS!q92%G;{TOjzsyE^(L zizn$eC4kd*j!X&*pyBUx>!K2@KQC7~I^uxU0j>;VrFIJ=_6n*swIpBDp@;VRTIl1x zh%=)pgS_r3qlqV40J7_2tr{kW<9lizjq{%qu{>LO!zMV`qjU>kGh;6&h7UcF6v7x^mYpt1A5(k4>) zmB#v8q`KTlfQB+9p2PU<-o3`C>f{3ZQpsX|+dG_&=nbdNmoVZ#K6_tj^!J(9h5q_P zo&I5urGC<`5L17T`j)<+VOi5z0_EDnu=>x+2CUx zmO3ZixXF^XyVi6{+s_~`6iew2`~12ksB23cCbmMVWum9`(5FPMgc|_P{7A~=N35FA z!;8MH5;dP%!%F@p!KpS{)FiN$!S%TcG;6F{MLo}r(Pp8kUbwNl0}pIwEx<%|l?Qe(h(9&O!yjYDAjflYbLDY0#)1NZA)hY@Sh)xXftlMKvbl`%l)KQb?oG z=*|t?`I~%VD-*;2i7gJ#Bj7OLp>{iD_&0CHzx;vMdzuVtw_Vn6JcCW}v6hfBnxpLm z`M(ex%8@7o$PCBnMT9EX3PA)*F;@ z8PZr2M&UDMMt}j3(h2XD4#QvL6p?4k%#%r-riQ_4wALMGJ~3rRM*sz z@^_A8^ZA?XR7%=Ew$3fl-1I~2%2iSk7-)&5EKiw1Pm6=%j<^j|1c)|(R}<3UO-EnU z=GlNk9)^isQ)E)-MVp?>buJ|GH{py}m|b~GZTJj#B}-(Sol1%h;KBe}F5SlBO=|fC zvx|`YO=a$wqv45rpqOi7jo6$Bc==c)pY1;{KYaO2bF(J+(~T7pfaSv>{Rb~a?A*Q6 z%Wvls`8_7QxFLF<_2NJW=kKt}wVbIpMc( zTO!o+cdu?>gz)<7^{J}Wl%vrs4 zmyAJng%y&&Yxo*8M$^6vf+4ra-Mut4GiKc{_Z`rWzrPpLd3;S=YBheeel{r+T?38J z;Zt4r3PV&B;KnLmSHj5l zP0QDIQ0-r>$hs@i5d!+4v8lfICY zFn=YoePxjV1#O!0bcH>Jzawrc-_M|a1%j!v&(tP$J&w3_t+7%Q?U#=uu!Vye)E{2B zm&n_i*Ids9&>AVZ8o}zP-&3A&k9m##jx69Q61xOU=~_2}Wu)yHuLQ;HA+oPd;Ar8U ze<$=yS=x^Ao{leGZVtlrr0e}_0nlG5WJ}5EPAVn%HLv@`7O5x}*+V?jo?xd~Px|#*fLOMMb6EBqjAXA{->{oh{1aL0tI>pG9> z+hq4ARApOh^H>~)OYw+3>y7VND`JhPrxT%NsY(J`k<X0sUd33H;e~ZMY@DlcK_a@F;)a<-EBlYS$8EJ$_$XLFr<*G*3 zkb-H4XZ6`y-C^{nhYsxluDQ)y>EU+gzt=cKIThDcp`PQ^3(ci;~X32oha?>R#G?OD_K%RbtZ%}~2j z<)2z>8Ljg$)=Fz|{;LF#e@dbf0=az%kv0qM^V`LW4k8Q%BO3`<60^k)jZW2elhvu? zCfxC9Sw*@G>b(JtBxh`=0sqtbWf?^sy}Swl6F+kLQ7v;tYcMn+51fHR2Gs_mM=hb~ z7jb%P{EXGgi~lwWhC$z~`Rh?q%DXmH?o#g;Y&q@swxo^6O=pzf5YoBH+IyZq>hhsd z0Th$P_;;1z*(C#H3{3shh68?=nIX!|(U)E?t{&^>+EJFC8WdcyXWY(`c4u^qcY6l@ z$ME5`;)614hXlN{-oIC)8`Zf${+!55Qsi80tCA)}Ou|Wv)+5KVP}T~;D7ILyXR|2% z+t-f#{T=ZLa&}aZ5`3WULT`6nR9A+s{JeZUHQ|(%u*MuhviSha6C(M+4=6ZvQ!6YK zCu6EVIHaI0xA^-n4kDg5t!F*s$p1D>7rUU|>kTGlAH64_G(5Pxk9{|9CX{ za^JJBRQl~EdnWUGSB3tIP?MhAkO7^HQg<_6G2NwLW?Np|?%!&Un1T!;+&>J=NC?Ar zpTZRFFMezLBL2i_hWubU6I38Us_^Fk52N1P#O-5^dbut6PTgKsPDJErlfs9CNssBC z9*(5hYTNq)FXde8oNamBzfMSRwUQ|m_YOR)JTiaM{eaSmDad_-Ycq$4e$l87s;zEm zMbUd0-&092=>4lRa>$^2nuIYhp|wmmqEhl2HApe-P~<%KmP?j-6l1^={rYA2SkT1T z0%>tb#?z`O;rAPeuB7`#!sctAeD~Vrw<6~|$Mc4{^qZ=`yWZ=DkWiMny(4*Jm!p^q zijaJB?3y`1njxXE6(#pq?AYJiNMGcu1*2`VS2rt55>;0(4~`0Cm|u9rzaz0JlzojRu`kzH zLMXpSlu(WLtOynvo7LIqfZfM(-}|_gl;1vdfbm>-kLf~F4fX5n6ZG>{tX8Q4?`Zon z@s8BK{9a4zp21PNI_IgsvBkoeEo zk~*_OQ$Anb^!&C@8bcLrO|n-i5IVdf`sdlj#>)aNF?Y1@;q(XlyK{GtL4}4TVUFn* zL}ycV6&#jAV+y^*N=njOn`Pr( zdJXDV(C$xW#xrHo36~zpJCvoFZT5j@hizPV@ky2Drj8n)qyAymlsiGYmD*o4zR|s! z{Wywu?K4ImP}YKOJ|sE|u6nQd(DE!9U72R70f}OY)k>}NtUy>R=S31Dzi!_8v!6kI z^v`;K6FlD==T#w$II zuH)Xdm4gY#`ehSB>4?zkt7 z0oA-8itY4OO27C~rCvPDo#v8m*Ue0YGth4bl)7%+z#s&ftw(iIllS-3@;~(?b_=fG z^F?;w$0N(qBZhMhr2Z6DprlD~z~0Q75$H*|FwS*tu?{Rd$PyEy#W@TJ@;G-I9L1UEdunX>@;ZKSvRSn6D}}dF@TM~EU5&&?O%{VS z>>dROiP>j|$>3#7h;+JH_1Hy^dD7z&^&cBnDkX4ACP0eSHfP!QlZ@SYxZ^iJ{ZgA&JyBmHs{k(b!)qvVwJ+CO>^{57XUlrn0e zpN*bYmI}X@TL>}*1$g_!d#TlHf7?o5R!9w~S?{zqSoIMHzZ&Ks6FyqHNmU9hJu9*h zB+}x$XJ4w41V2FN+Q|put@NDEi`jqJc1b`b(BoPFWmhuA`uELJD$wFO1ob_hs4dUc z_;o{Lw8YQ*Kl(+EH&=``#S4L0THI#F+fu`xiPoSm+->p>^+tSQ>>m`3o4neMA}omP z6|TN|r)*VomMTBrPi1o&_(;cY#oY6PHiOfRVtZ`e<>oa6)R+Su4!6>{1oXU*qtn+O&>M6FHk=RFP?_oG=rZKuJL6vk&~c8eu**)e2&`E*HToot>m8P z(`d{3$4f~z{QM`Zdqs2l>9?}(`bnLw)GPCY4m5$LtLIa0)$0j$tAR7ZR&GzI-+S(C zClh4|jnW@w>Hiu_FcBUmHDkWKM7{n^4`ey!vKo=!2fatXD6-M+<56MZFxz2$@fMJj zYZVp102|9$Js8;dSZJVi`~LS|KKl*+ZF**(wAVBf>6t%RdBjOS7fgAKs=M@z(O~4( z{xfpuW7(5}xz7-$N@Lg8tw|>}4w)nCPbo%EXCk4Z)z4@G6O3f+jY@|CNf$w1(oN~mlLd2CFVpD(?g$BQ)B3nM|d{b z_QFI)aWEyX1o&Ls1flNjXH2D1Dv+PyhmAX`sSKJ65^`-$$WPg>w4sc!qhm6Syek_} zpfBpk%b7%JGp5Nw`Cg3ysWbs5KT$2Z|8~-tkfjAa7?;92IG80VW zrZdBRCCXOD{z`+qBeepCW`88)@FI;m_6wU_d+&0nfUf+#evRJ=16bS^*Mi&2i)>(# zg_*5oGBgZ9n@#gH|^iB@Y^9MYY8S>V#T zBTn4O)jva=%PZdUDEA9TYi{T3-iFtlnugu%j62gsm?#yq*WMKF4cpUnL8#~{H(rTz zbHW-Cib*(;dLZUIM}tS=<_4@)k{*cDuv0pp^NFTMnoy?gz&mkfIMq&T>z;z8tFA37 z<;{;p&yp|IqE~bPstN=n=GxjII+5IFM!GEez497aAV6&Mb-iNPYpF~n(Ic?zM*BWA!>sPS(Js83EQv{^f|bDBLJ8VIX-wnUlno}nMhnIEMuO#^3;;+TJu5b} z)A{VP;Z0p`%jR^aTO;lK*-IIPS_W@oFM75fClz&XxCsT;rhbuMYp$)d)i8GbWabJE zHef;38$>^CwYL0yFB4!;CFNbk!1YXn40VOh7~TWCM;V!8WOuL-Z`Jj_5n z#~2dq%7o2+A=%+m$n*RPOH;ozS{<9#o(b$;gLCL zvTnnM!`-b3zfoei49#gyql>@LcGy7SZQYA&*c05nE2R^+)9VLk|4CI`P8LY| zG@hyh0J-$BQbwh|O1e&^R{DKL@VmmydL2N4AhrF)zEn>?*uZ7Fy}7c9K|QL(QqREZ zX<|m=OOM+XQi{Oh?1 zGqd!I3*SIgudIOlcVeAMAa=Eh=9={lmVwR(A6oa@S-Rw#(+TOx+%?ZbhZ!=^k9MzB zU!No-jvOUOzH|zPeI=oc<*~2xVMg(Df4J7SK=?>q%;ILjw8>SX7Ve`EPF?~1pypM} zh^#9&ZznGxvnN(^T7FXO42wRPlfrvcy%pnKz32`Zj0r_!2#s17FIoobo|M7&(z`73LVnDDL>)1`wVjjIF4j+SIzN!{m`cZj2E7T?&0N;#5y3?A? z`f=c**Rl;FqqH;tmsT$`f`^)LUq1|1Gp+e;I7>0!s7)$E%|NiI}q4EIR2@ijO(mE%{$Fo_3Q#eZ{v`vu>jv^ zX!XMtQkHpdpUPiU#Xi(UJ>H3+sXE~?(ln#E%cgySHURL0)EW|6i z#xn&sTAjT80UQTFnFwC@NtB%SF0y)s1sF_qaKOEc3QoYCcD*aha-f(+UN$ZV7v5Bp zg~7RE#J;%4KC^B)75U*1q3g)jn*Rb`t}hZ%u9z&}nx)5<3mAP`*JPUo^c#1y?aa{5 z%~SkjwQEi!r*tkdc@U9`5^8*aG|qE$lJ9HX`#loeJxKVHS$n$B>`3MEAnY9Z(*US)lCbZy{<~6vRRuBsH~R@4-RcjA=MwIM1sG#p+`fa! zd@J|I5c?$XhmgH8jkTv94u)i3KFDUaTeKgxHNO2T-fYgD$SmsdQrL)4BZf(g@U~ML zyNR|IcG#br$M0ux2-hWK#!eBzK0UJN9jOy=!z@wlLxkBN`IruKO`lPvt|yUxKtQYb;y!(g zWd-sykRix^XApgw(Z4k!zC1QoRo*u)0YG8BX)tApN0f`*$VSqma6jo7aniu^U-@-* zfOW6=_a<}ZL|9uFdDpp)rL!Z(_KzPEc=vS#eAdsX@@e#nyx*IQ;Sc)*(u69?6z(~c z3`jaBoKih18!Y3V=A)SYpiM+Q{*_}r@Lyv|80pvT7%wtlIbPKC%$p;0*d#ISqfS>c zlwN^zzZ_9?`SDG#f^@1*mg{hIHtp_X7_W+P@Y5+*fHD&K>BG5E6~+lO%oLYSWY0jH zQH?Om6wEsNT&^1tqzROeANUPs&T;>==85B)jiR0)nEo*QlhO|gTBUQ}j~fNP%7|P6(T=;3_?>pAPtvhkY1$zH&NV;N*Xb66xy74;}Fqj}>TOnYW?!`OJH^ z^If1MJxRc;)%hY~>o6?3uc2RYumUyC9f5_W@A^_`aAqc(S~73fCi%wOa>$F$vutyF zHhHuP26x>l2sD^p_-B>m+QAa046Mugbq-z(=X>!{S~v<4)zer!!)C8u6MQINKoEE7 z9olQhHcThSSeM`;R^2fgO+}>#!gtyE(qn`8Mb{q4i4<#}JN#%q9$$Q&D%b|>)MJjc zE)S>0uxU-tx$TiJwpWN)GyHmx4?i{t&~!PpJ}Kv(Eis|Hc4636V25uyj7c0q&3=V3 z`*`0DeOMLMK|zPbHH43!*ss14ziXVjZW+Kk#PU&!VrA-PqBg)O>jRmAUXj4~LS4N6 zRpy~7CTGAG96@)_`Y{HN4{xIx1GL|dc^j7M7)`V$MK1pv#YUPbP@Kgf=VJeCOhS5` z)9!@wV*^!n;K*7n59OgfbbGPSh&V8T#S0v#9j&<#bH9`)b+(6dSma2`5|Y&_I%Pj) z_<>}z_R7?byZi!!|pG4`U$i9vnsvg=8< z;f0v`E^pD=3PN@a|CpQCUPSidJYTb@E^Cu)1{8P;&VzJFA~|bXK+Rb{*`m764G4JM zxmM6;1)1oXpl(UFmqBzXukqwQFB2+)%!mC>WK2~C1I)Uda8Lnv8cHPQw?ZFVxZAJd z+=suT@yX_`o-_%iPT84n=b_|>P%oviR;R)upIrgfl}Fs$qMd%)Qw4k2eR=&ZHUgd;}fo+zRke0$zuJsva|hMXvLt<=H>TxsQeF-ufJWE z*exK~{`UX$sc`#T+wHCVGPUhoL-KAygPLSGhDXhkf^V@E^S@WP-TQpD+Xf|7X_#x5 z0=va)5M;B{C3^Ln=&9-KT#2*5yRu>K+{SXmT){Jj)BRbru`lPdZVtV(MM@LYHH-O4 zo@f5UWd}g>t(|Ee$32ei&gBZkt#vc2E!>OMe?^d7>{KCs^%<5rPCq3Hq~3i|4^_B~ z0qhU6xTmKulINh#z+F0XzPD8W(XRrNiqLiegqzd6hMi0~Vz=Gyw#!2qxn}AyE=R&7 zFZn{sWRYuxZd0S}!0#RGw5zH7>`UXA0l4?#7FnT<22*A+>xiHU%W@JGpS@&*`PxF+ z<&G)7?`*f5+?S+n;6%Gtr?ZyXiDT(KV*1;`HlG>N6kMHoN1p&jnH@DHv@fYl*>6#bU>-i)u@r~K>>>bSM25h_q>Y*SP?adPV z=yo3q*^xPZEl0g zsG0A~b4Be$b{`1gHlh@rI+#eZ20m-@7NK;Vq1)``s7wE1kQX~+B&^}p&VT&C$~Ix} zpx{Gc5s-$08$4L#lnU#+aQ(GL~Hpc#6C}HJ(%W93M_qWF_O16#6 zx6vhO#rXltU=e7en7lqHV7xdII4=Pd6b^=T<*2sZ_@*U!x!$X7#%);1*@I=pyG-S} z-boc`lxfcZRGm57Vh4d3%HObZlCmJao0**jn_c++-&Kvu;;$5jdZuQ{P25%*?}Hwh<4a4wGfY9iTT%bPIw`q(V1jLQd+o&) zQe+%+(u-K>y~KU@UDyZp>5=IsUS!t6pvt%Y!!1|VlIi%_RpVvh#9KNn;|^Mdtx3zj zNRE+eg>ao%6y+VG9F`2mn~|-HqoYj+-{e5_6X2!e23O1h5};4Qk-Rp&{^fT&gD<&CY;36{ubuGN-vqP6hB?-@<`TI0X;=KbVq+WDpivi$s$wZ7wGwe9M= zEGTVDZ4_Kwqio$iK%7CU{ic$)#5aAwCF4*ejCvrx=Ybw5|NLybZ+JSp#=yFOBtxPZ zLx9_=5N1#l3^L6$Z6B&|Oz83BLN?SBc=sAJNxP`P=+FV1dB~}3aa_t40Oc5UL->LC z2K7^{{Ha5x8%R!Zc5(6R;ay1R0B=T6sE>J{B!OnuWC2NQSIGjhFN+(UWZyT(hMRX@ zG+nvhfrXT97AqHI$YRD+2_E&6EIkeQl03}7bkoGfpRnDkwhV1jXeDgFO1$aAY#(cU zlWE1URru=Bs{RRs{qT12hdgBNdpRig)29#M1d=&u#X@HSoa*S#eQfz?3-yP{%CLds zN4sd1PQG3R;0ya)TC5xA)IZQ~)C(yvI{EBT=_FhU;kf!vyF$%lx5EA6W(Bv-^E775 z5oG8g$D41%t|aYa@I?sAO_ocTHnRJPJ88J%>r#B$&U|KWZ1z5s&rS&&KE%&4D!s$R z&+5%tqIv0l-iMF0_rG4wZk@0Eo&(AYM|YQ9{bMr73#1~P%+`NXp>CdNBP~Wa4kJ{d z5Pi&HAE(^f0T!f*yVdAUtgA>VQ0p)%3Xw`ZvSfZB>D($;`0{PFuPRQp(dvkD9Vu}* z6cVn1Bs{(!6g#;`t`wWw@H*z!whvXbR8M=>@7YV&jH(4HanbSCuhxqO71Tl4JLX2* zW`{ll_#z0J`b4X}uGh%D$tO52$&2>q*)>zEJ{*;em)*svL1+S^OsLoM(5Y z92FoJiy)Ukau&3>zeNI$OKgzX1U@RA?>uuq&`>Vp`4T9`5_`w^cDvY$mg++#kf?Xa z=*&?(@q+AA$Edsu0R_xgJf+wm-aI`qMh}SFl3XetcY9p9*Yvf&-DJ4|Kyee=7Taur zcN0dXC$gPBjaUP-@$G8(_EcCD)L^(W68E)e+&yo?ztb!M1xCXYo}&RhOGz zteGOlfpE;i^dSvfO>BM%lHM<{5S@tjN&zcyQ- zo>uAfMW5XsuYD=M-Qp^i91)C{_vD9TnkYUS3=wr6pB&aB*Rj6vQ-|-NU3szOdKepQ z{M?S-@ovqW=4bI^N5%u&2#hlT-Q&#<0wfSyk+Ofmn^^qT+oK}4zH+yeuK8s&2GuEx z60dznQ(PY}0z!OFi2=u|q@9lcOCExn`lm%wTh(XUm-CIa4+LUu1%EZ`rco_vydtb3 zQ(B_zKr}y)0wte98$|l-S9$8!{Yk!F7KT<`T|Th;v-yIHT*Y%4K zB@rzmB+;Xn=+PxnqXj|qkU{k5MwbL3$|xb)Ob8}=ADtkg_cBH&N*H~#!EkPQzUO_P z_dDM?=Z|w;bKPUi?6&T`*ZQsBUTfb2%ky&N)gn(ozCvfV31oN3`*RSb9_ha(0>?~JQ zKysCZ`xTOav+Sm6+%LTKJyr{>NR~FE^(BF`|6T`nAqN6oWBuZYv#OAmW-G#<@pth)AOL{FB-Gg z9x*e;lq)y`8I!8PFP@F;h>{Z5;dO=Xab;wh4<%Cd`&}PcY91as3*2ts0dEuSeUaGq zy*MoNz7wHQ%1g7}{rvVX&pHOEH3N+q+Y$%l?S8bB$$4?IOm8C)iT1&WOwm4SRTKU4 zB1AZ4MAnW-cL&z-#wY&TlAsWEC+C^Hq&&~dq(37TjZ2lK_uqR(2~Paz+xYkyV+i4} zRTxxcFg@~B_h*BZ*XD}+l9*xK#{*ULQv>oEje+5KJ-Ica@{e&UofX`0g`G{_IdZ3A*^is8S#+m(h)-u)#XOlP-lttn#FN5 z^B$Lbnm#YcnkHX?OxW`D#ta{idtqMLle83?RJJz}edpIW@>0jTUldRVfZmITh_WXu zAPy4v@?-_96y>4^@*l()*5#i$zL$s|NPKX}v@R-#!68g8bDBsavQy%kgCIdo+@PwM zII`?eQ5Urft%{!x?G43+Uo(PbT&HB*bMZxhp+KP`DdJ<>U^|IlRLp}ekAOWnWzR$tZs!I2SEwRs^len zd8uW_g3dg@HxGnI7kTojxGE_z^DilvD@)`Aa-Vkf@+CqT;xvmonR^1TOuuC zLc-yB*Tq$t;1XwJGSCy3O>lA1mdy`tWy_c&EV1D3oYvLMkC~ z&BF`luN+`Ssrp^At2J@!zMc6@wSee_6qj9#aHkkj%ZtsZhAYk+tl*S>xeQL6JylK;=HLNg`3G-#t!;~9 z-eKz}D~pY@JH2J6Wo=%UVxiRSOCIGqr<>0@EvdGN$G=)er+UpO$TT%>tJK-xex&UZ zfGb1mRvOxRQ^gd8T;#xkRZ`BF?=n@lMm+j{md&dH!^&ED%Nd0Rxfe=nXJ^9fzrpDWy;Tc$Z-Z4u3>N{`kMkFH~aa5 z708CC8-@e>B^BBAl}#mL=a2Kj4%l-y)X`L!ZOheyH5qC^SaRJX*H?}8FFKiFBG(6a zEEX;!te<`0dgWt(?@Ey*KON%hbq+nPt09#ms2#qw<4o7rvTw#RJw2oSR9UVkzq5Xk?^+Wg_Xf2Bbn(u*3PlfVVC5{f> zm#hWlqv-1yT0*`|!s{kBfiG4XwTeV!+*J-o@^pi7muV(9sei8fGcF~6<0Bdm%X<1W zWItIgFC|eD?H^DM@Z7zdQ;pEc%EIJ2AX$&w?`4F$syirg=A3yE*a#OsdUdt^6E(rw1-5(rRyk<0{v75s zW4t{2twmEKuL01}>z}Tuk6IWH#y`4wf%6DI0m$O@e%{;y8pI9V@K~23V~LV{;P`}- zYhMeS1p*#d--fn47?#jbE|t5pP&)r;%J|u0UO)8ozKap0IGcyq^ z6+2vO(u1r%ht(Fo)vH%Fs<;5cwfM*KiDpLaRLJ!&HvwczgOa#YV9k}{Rzrz$k-|bJ zr`pBOE`!R_!*!C#rz;#j8+$3zxoiF8Am_<1?6tx+#m+7>TI`UOX@pG=@9^cVy+50e z>}}8OqvyH2 zDRw?}+92hfbI?`;@wEmFnuJT*%x4I};Uz>*^maE2&O!hehIN-*Ovv z_V`AGiR}$F3|)*Q6}5!lNVq=0oT{)IS?E3;l|_IT?4bl?F7kBt?dWCb+@vKSmFvC( zZFv;Zf5%Avn2W7EZXP)8MlC{=F8vFpn#zahMy=WkFdp`YtnQ#dYDIR7@iheCQ9@!6LU+Y6tdQfoa^;Mf}b#QoXd=cI4Go(}kZATHXW?0_YPQlF_q>P@exDo{(1X{Q^`|!riQpA^Xs)li$ z@pZG;KKAX*ft@cSU_gdP8rNjv*SLi>FUsHUpF9USX?HwN7@#duFmz(p1U}yIwLH7y z7O!6~ZZ8DhI@tuy#P~+ewfDY^vwQEjo~kjG=Yyb9!|F!KBe`Ewp7zSe@0PDj1$yZ$ z;o+^d8wE;4!93UB@19Lcd0(w1#cebi4bkzGiHZ@#zNe5lQG8`sLng8LZkg#84Nc)hbc7<+tj2ZMff4^;H3VeM{?WsPtIJq z6B4ES9)Y=)$nhYI(+u-ALL%QW3}_jKB^ykU&W_x3%78E>HAbc!u8|mfDG4I%^o6a@ z)y0|v%OrfTv%B`wpw5_^B6teEAK#DijUW1H32pcNI$|DZG>7vjr6;O7jhN_Ass`T8 z7TiMx(kx+urguCdc2*Oa2mHFf@Lt1H=w=-$ZlHh5K5gfx<(|PAJ+D_6mFtrLT_#HG z(7wL1rQx0b+titmNwI3^v`zQ7wU0ghyMUlvod!I-ysp*hu@76K0Jmy;ZyP*v4!nuD|KF-wx zOGga^2`gO{_hpFld{??k`pzx@4=?^!ip?);HmQK*&u`fpU(hVBo`-7PY9}&}yhBtH zQYjp_2uyaZTepYqJj7(QurI8=*I2{2lfX_5BFP-@-fMU0CN^gw!V6~4s_b9YX_!zi z&V4ZwSpi5M(8Qm=t2<;gXZdRyX_gV-vD4Lm_0Oypj>*!z^Hy`MB9@gvu$*8BBUA%D zd-6Ux$lZ(ur=)j4DbuXTT5BOeH zx?&Du9vcaRYacWV)gh)eg|6VS-$*gs%p(z;mtSwlbx-aOm6G;cVSpYKn=n8D(OQdD zx3-F`-p6efO+})bV+yy(WF^DkUZ|6PN4V;j;Ldz~a*wNPy~C()?jik~VYUzY>24tN zk37q{rSO7}E6iBHfUXFgQmT zWxRY*mIt)!!zMP-c37p3PjwCj=lWPVHQE9 zHB;$`a(4EY$|?&o33A;RI!W(qR%(GQUk%fIxBPK~43$2X_Y?7PpZGba>UE@${c-L^ z)-a(&eip>2(-?m$y4Nrv;8Tfta{2uqg6+Z;OEP{U`2?tj4ie9eC-O9p9l7<3t(+@~ z+)$yhdWiQE!uD7-9lFk>Mit=GagNWLTkW6oqkxpv%hRy_di_cD{c}bZ;AsE#`k#JO zXS*Mn5P)GRs@=<}3~Eku_D3EChV#$%`6)3=A|DRKuLH;}-8S7}7hFP0)!Du(L;1$4 zJF0Mz2mX|Q>@loz#LGN42E3!9g%CXmeF*7(V0eYA=k| z`6^06>IglZiOFn>&$@5L0+}9ph#ba3lT?@i)UUX!1%z*#W5yLH=eB!4lY)|mRBD_h z(8o9f+Psud+nJuOBpc4OsnzEBsQTw!<+T1&2Pt(t)0*IHLGYvGUlf0UDs9o_$6i8amd-E?rYN5Q! zCS6xoTdoe>wW%*_q;dIk*OIi3D)HXE&W7z`5bi~<9uvBalOj(Mn^InZO&!&9yLqXl z3yu{LU#yD4ctq;oqwMsh_XxAX8TB=U^=r1ImJdGfQ`g?oeURBk&l zRLd}Sb$RXM=JIW3!m$Xnbbw})llbfoVqGGjD1Y`_l|Ppa+yVPmjrKSa4|hM^+@f0} zFf_S4&v8p7Rck3AbQo+X)$%DTva=h{V84%2c?jq?WPX``+^RMB++X1Xb6|;T zJ@52-#Y_8V{IdLJTXv6>Ew>RFwr$j`kP7XFp=zfKqdR*ti1SHgUjpw7+y0m~+x!{g zK$2sra3{Grz8!_rxE9INT6lXDajvkj6 zW2kmLYc-BbD6{McEFN$fa!8zfGn3{jjbhioQ@QU{zqM{i5$!k*gF98`yy6*mocG0# zLi%aahFtf6x)v)Pneu9^8nO0QQ4;P2PN5BBs}%8=ChUsL%Y+q( zjD~|&nb@Mb4avD=o$HOK@7wKn8aD0c)BExPO_tjjKK%TFWt(LF2e`;LdTg+tmT`Vq z?_8d*wpreKHQKsKIh5g`O$r4%xg~i6?J6mEv8p{;jy#&&W6-R>Av9Of5R16NnbM3X zTu_ZApJVMcfEcYN;PZ$4YvJ{0tk z(GtfJ0pZBauZx;{%8Y^plj5w;g_%UX)7D)l;_^*Dr8aeR>lbGtW=||zXC3lMKwmIX z?)-JD#+Fh8)UL&$%n(6ereute^ejP_Y_y+o-Sh|n2}p8#)M(Fmdkyr%jF~RowR*dU zgJ|9&pnfYA`TQaUeXn4l$iiKJUF@i@ZCTXmZ94OKvW}F5_Ows2`&`JKSt0qTXWHUe zF&2y9Cz`aFJz2v*@)ymN%j#8bb0RSvoMY$Z(T?@FLv2%wX4SYX8x=Q6gH!PW!Jt_r z*l-rzU*GhmP`vtrXT}F-0%n}^?IF&$894+84*fU*B_I=zKpD@59j!c-5m3R56&zd< zVqvv+ukylJd(=;pDCD}=PRH9)czA6vu~RZYa{?5{oR27%0Ph zKu5rJ6OT%l`jif{iP&>@;RkZbAes|k}g(AncM)7iY|>L8v!SMbLan{0JW}<5Qqr?!kS6?AulIP zY^^B$bBnpkiEk&O&-c1_Kmfdn>s*s9p5jlks5eTk1T(%LSR9K8eF5*Fe~ox0t}yF-0xG>ubDVHll9K8g-@@46pMgI$yB%q z_VgH)u;8AM$t;JQx8G;$ExbsUBX#E7=~jm!0;u}0pGa+nYlv0zTQnA<(F1Y|SCOmg z9k$g8!{=baQ{ArT^t=&^qA&)Qq4zk4e{ zV1%l#%-j>VJbJqHRP;}G+hjFkxsv@RW2NZUOp7s){%yq3Nt0Gv4IpbAKqSUaAjFo; z^3CZo0)m>Ha`d*pEpwg(#t}uPdmOH6&A8@m3(<=i3?>w*AzQ+mm~lUe?%ubBQShXz zj)YI4OKO(#f;)Kn$g~0sIb7;Ht0__hSO(=3Uo3i-t996|QLw|xMo5`6s@`eZy*!YJ zx4=dClyprK3#S8OE}H*qIfIKONwNzcVzM`7OFk|ePh9q!HpwrwhdGtZJhRdqO`g&F zKB_gTiP``@vQBQYjHY46kvzs_b(7i!HT5Ph@%l7AR(PZ>&O7{`(lJ918+xm&i-Rsh zl{28~ME*FrmT$*-^VJaQh-f<8V=-o>%OJ;D1mjcK`9X-@6-b!m?ZXb9!O~VmuDO+~ zc0d1S@63yfrQS8yv%cx|N9{=c-A^oOc44sV$4z%xkzNen`q$Dw>oVET7-Hvt7+#-l zIZC9<>JVl;H6{JQ3s%~BbR@-JpUNSi-yqD|W8ODgGZI{r?x;kMhtxEE}YZu2W%^e${yW8mM8Qf}Ogv5s@|#JxeQ0%>zIWKseMP zjxN$i#af>gx>MuE4}T$H%jnPcn)=U5G-HGH(ZV$KBVD&P*8@|Gzst4c@9(~0$Xl^+ zl64&cyBc|QZ-Uf8ov#ftYab1t`HHP-pW^Ve^JC>r;+ka>UCz z+;M$WO4?uof84#8Hd)l3$3w3day>SJFL3GQkNkjp9q#+UZ;wE{h_q=eaVFW;F|{HDXJgnUtcm zXCflWSC}(#tXYo6vpiIUJXp+4K!-C8_aftD9VN2Z`D-tlEb7Ql^L_{bU>_p0yo+gb zF??~WsdFCOL%@`JPh)Fceu5*;y5pLAev8fBedY`1 zs9sfXCa+G=WG&fF^YC2e);TTji8>q4h7DW#PWJcgH6zYH*~of-FN|hsga+&zRBDMw z^tRJFvg)qMQw^vY&RD@b^v6GWN^=)2!(HWyk#fbc|{>^{y>dqd(N! zqB*qgs*4O!ydT3+g37lHd-`03C?wa_`A1UR)&ecOEkwfz3HUZ(&Z}0tG}5gS>cDfwbC@LB@SOBmbo?{ zDAIgZ?o+QZ&d}A08K-MIiSO|@pVls0jqNtOD0RNv0(|g(#ude|R zeamjmU%TLWy(_e;yHN}$fu1hFgv?1E$Mz4tFIHr0e!Zlg;*u073)ekRE;560a(1lq zn(ydi>oXk3No{fV?jKEWv#yn}5Lg0;fw1(vPGV0+?$_r6jHn%9>ihi<2`&++E{?lbJ8E+AuB(%Jj;s!v%Re70nf{WTi1aPAoGJK{tPoZwZ}y=6ZlHva#*SM}DgP zqH2IrZDeYUZI~PgpALyUpjT5C@920U+bHhkqS=vG7o#g;7Px-$wK!jX=BI!~B9|R+ z9ZIW<=_j_`--_`yyos%s64B4^7BS!0F(AQ0U#Tr{H|AFxAy;u?SiNW90Z1x6AO=j& z?Q-;Wdx;2j_qF7MgN9LFy>0Uf8nGV&w!hj01LK6*9~WQH~6FqLahD7!c&R5 z3Ixxhc3xbQhRZ?lZnEk2w#pIVlj0Fj;}NoZUi<4Ek3^M_9k}380;hrh{nuX~nVInw z6j(1W1i`_Imls03KgIv9<4;9@mHoQ}6$I~3vHvLXrvjjC#NQPF4gFpA?#;#R)Y&DRSNj zy7$i#4V)$;<4#3Vo@f(d7;e-PuoAZvk9vquQWUpe#Z2V~*kZibhF+1V)?6LfOSC0X z^|^{{U0@)fE?<^Kh4mUaoC{0`dAG_XH=cc(d1r5x;iXJbpa-K0NpPA=V0r;e=@)%Z zr;I<|m~n`ia~WnOWH)_h3+@&nWCy0v!W;e)!tAJpQZTv@VRrI@Jgu^Heca{sCr_E4 z)KYucE~#p`qlmbf!zTleiuF;4msNb*uQl^!K=;7QE>L7v=2Vvhg^ANfcn)T*#dBS{ z)!3_jH>x1m7RNqWH3!}EJ(t(aka#^k z3XvH(Db`ZtA6qvSS6!P6x4s`iIi3xISuzdwQ)})XSli5Dq?EsiVgTF6w*zH}q=^?RH(`ZT|KHjNnWGuY3~Bh_4- zm$Echf+S(<$6Bb_Un^h(jnggM*V8=KoZgJN1VNef@v3d#rMa)ly`1-uD}&8j0oHNTaIgsA25ib5KO0E!7abBKboIk)iAO@MEM+{iyNzkN9vU^ zGyOtm4dfg_!>Q_KnEG^)*`<=&T`PvQFL9?s7qYqDc@Y##qE+o?MB1q_ zr8^olZ2mnjOKR;Go#C)ocLVy`scu!` z5ZffySWR@gExc?$##1IfjkWJ~@aCyHE#)5HQaQgXGO}jo@bjkwbr=j6&)<8}m1{m$ zpo7(zAD@c4pXM8W5>&Qny0L`z9d-D`6dqU~=X93eXfrioElnL$vRY*6zwF|-LqUo? zg`IRZ45n7vzgjn*y2W@Lfoi^}RgaJFE1KOfhlZVA2tI~}GJ;NB?p&0Xbtz}4&Vue- z&>9Nx;-}b|kfqs%{uJ{`l9#z7Qy@HE%CBKHG5oK4-DO&UEOiwZ=fBIOs*hj@tarxA zxM)4JJ?Vb$uldQ)+#eM!kL9drbV{Breo|dgJpgkx~q4ebezC!<+TMN_bpH)mB6&9C=H zUwIcG!S&8!SYg#6x-NHEN~T}jG>cB%!L8kpGnx2{0Y(tb)|-X#{2DjO-H?5IbxTa) z;N@};w-u6uILq`TIspIwqvr{bta1<-w$g4vGb@fY*)68IWg@NqxEN`ASGQSw?&wp= ztX^e{;G8w0Z`$8XckJE;WV#r)K{e9XL}z*mGCs^6SCLh?d9O-xx zU<|L&6dVFe=11)z=g!r&%Skuu4y&erB>5{;23#68&q=4wrEkrVQy7C1F?!S@nxB>V z!s^#lr<^q-2>q+IsLplSO+4af5r1f3#p7QLGCfStc9PC*Q=cSmr0n!#_= zk0hPd0l>owh_b_;uR1n&txx#X?1n$1U_a0NAwMy(pl_=x&S<-T=hHL0nXB57QmN}K z0K};df30U;fA+|O4;!Ij8t{G6W81}jQJ%^Mcg&y68x%KTUhFUCq1o*cXdM3g+#Hlv zzO`rHC;t!yltsln#2WW!F? zWsYf0{`*w=NCk1J+u_qI?(0$hv$Die9E2)LaljA=vzuldl;cNU-@N$NW_0B%xka@3 zl()=&F1k-l&|w=ar(}$jTea|=J0hE9%+-R^WjbhjZte*U$#x`-98hHVS+*XWa2nSf z{Hit;=;DA|;*t_}Q}4h;E_y5<(xMbO;&{aQ!t|Q5RwS zGLuF?yu@q+u1(iaa!*@JCfu5cvSEmu;sa#S4m*57KDXGIE!-E3a!m{Nd6~=XCMr|= zt8U}3A#;h?m}xt8t(Wn9BYHNn$|JYNc;vn+TMiUPy4*~~&v9~_Am_0eUq{0bO#Ngd z@7}1gP`@?~K#&V=oa~zP+eMv1edO6X)g)rUVW4C1-s=7@4My_#paeNEEb87e9 zwKBQPwZ8f|8BVt-znjg?9E)Y2Dq|-6-?}&OSb?#};4iUeI0zB!O{mdA?6Y}zfk$Kr zYq|U=5W3Hl#F+AcZ^nB5VTIEx5Mv|eAq9(P8z z|IF%2mi=UdFKOMON7pT{%LStzL`D26$+=pYuZBHS2oCsA=r5#056Djnh?Zv#rKPD~ zcy9HZ#GAutN|8m$Y09@@68>Sgz-&_wU^Nfq zQYI_s3A07+7FZ_$cEX`TGvr}adTf|=2J}(+g5y2!^%LGKa=&){Sa$Lo>&Mcnu05+Q z+;EJ&RQ(p4S5gA9s)x?9mFQH{6uy1MEATaWI-+$fZ%n(luoTUi=G!NRYJdP5tCGf( zz1pIDy``2YYE0IFspuy}^w5aiQQ1+W2y~ES!@RrA`pB?aQTcIVE+M_@wDv#EgDB>$ z$CU_po7mi6IAG0GT?A4?H}IAQQl}=FAoa@tsw{bJrXGm9EhxK3v!=#mrdZ=R1-;BXW?e?lAD}s>eEU?&+oja% z1H`F(V^RPgIESXK&=oU2HcqQ);1Uj7H|U~o`8~Cm!wmJ2Jl7bvRRl# z)PN>sAdeMn(gA1a|J#kZ)et;NuxNb!eEMU|($cZU}UXgmp%@|T`bl@lTD^d$!NY~ z7OQsN72@Y=tE)5hfd+?is^7IRm#N08SONdGzD7cmnrZ+Th(!O--YF zBb&z3hm7X5u1yVJt6t8<7Hv|Tr&S$<1XUTB9()jc*)8laBHJAD-v+pn=m=n)Y)R*t z6Y?V2SX_=VG>JHW?wgvv;O`iVoPb`yo3`xy;s$`cM6X%^w^22!1k8RIfHkk)NSMp& zTMJ8vTmgJK;eQE@Kv;!9IMA$}KCQUwDQ}&T=epQ~=-0Z-Ea*<&APis0!tNsx!4D_q zqE0j83=f?`t1t`IBT{n>Gu0_9PE=n2Z)`j&8tHSxrFv`denI!W3Q(G)*0w9g6yrJ5 z&D02TQ0~|ivx(uB@Wj#DB}>}+j@2%`TTGg3@(W66eseKH`8ABB^Fi%Zz|AZpyW}m% z@xj!DOPxw-`L~E%20QIXE3GTz{KWbJJSwoR!U7{bUF@^K8Gx}i?9y|``hEp*d9SuD z$K!h#KiqKdNq$1;G3YX!_1kp`;<)8>Tv^FmeX-P@+Y114Qw(Q`?A^wgO24GTkKYQj z>bc>wFY6kIl>3bJ$qz0bxPA*l4$Q_J@{HYie_KpjVI|dJ=Xx>ACBhIT1aT4QQXsOk z5n`K*1sboOLC;vyS$33&x7BuR-}v6lIEndi^7LDBF8zy1fw`z-DAZl9uZbtmtYiPn z=&$AKb~Xk2bDEHSoPh09@;K zf&Y@p2ZFuDdUN-TncuyIlc&e^Lz`^_Q!f$GQb84H*KnA(D{bb+#B=l2DgW&|OaO3lwMoc11v8_bHGlDWq4O3c zYmD7_Jz=q1v9et|W7@oTU==1B%FXQFS7r5Q4qv*2B%PG`wD`_j`onsFSSVgOfl{lhm(;b3-DbUPCW~TuwVb~90RKD@$S$d{n>p7|)%yY~{cp`f2(t-dd^bn@ z&ipF|u*tJ@Gr3%QlZY(@O|f<5j8jsIyPW2-JpCiXF*c`(>`;gKQP&=CrF$77^vlm~ z27IC+)ulKniMoDJayYG0K>HB6e2Y$ffg$~@F}9i5l}tk+tmQvO>rV+ej1m(pF9N)1 z3y}L`#`l`yzitMcY3G&|RDX5vwDiU5%Zv0#VAqKHP_FJj)_k5%KEajAT9o)0`QrN= zFl1=cIKy5m;9u(ut}*BZ?kLG$D=$R?R;uEA>3nFSVXS@8KieJw!pE+<=>YDs`-pL}n( z3$n^(?Ap>`BmJkedQ4KKl~az$sD=Kjg;Lj&_;ktruj#f)5p7~z*=nLF*P_n=ZAA&0 z5OoABZ*1#v=ObiMI4kQ3DHsyv_|`X8U$)c53_~G%lw#*0Wll+3azE{E$HFn=Fklf5 z`QRx|{l?i{S-1l4@ft8X@d<7h_99;LE^pwi>^!ig|64%O?ES0DOKN27#lg_^Om6LK z>2Mkk{XpuymQMEH_B`dEU?|?TsE6`G73ppa;}+gif*KzFea3nNBM~Y&12=cAS2pX$ z9?}j>`o3Em;xT<|Q`=S2mVysI!5FXe94==wzAn!^f6?*UEWu_7@K`fEk8=e3+#|@r zUocNnTglm>>czCY1D9qSz!gsvpzm|8s|e0gJ3TaR?OJO;V30;u6($Af{@OJ??6UqQ zWmYapwcl6f$T_nD_x!dph)#B_qpKEEqlMXb*Y%k7d~h^(NRjFRwI4nGl{vuJMbKCG zh?nb!xrO84*!ikJ$O9rCVEO*%*eM|=_so2noC6A!z@cJgdoR~RS2x2(3oDCAX$LFy zYsKEI?^V)4wO2f3ys%mou$VjYr+tE`@#*9AG22!Gcb7U9$&16=Vk5lD1YH5`*zwK8K03gYm;xLA~<{lOyzICBD6G#|9-vf{zXumSKwr^n^FVf_ue~ zk#Uzc_b-*Eops5X(#Kq0Q~ds4?CS!d_80s6&yslm8xQ;sQucqS;~&iNFf6!|!oCVUNry-IE`HLp@Cy;hPDx_@R`6|6 zUI)4wfZ@i6d@#OWRm4mLx^gEd7D9&y`Cxcuagt@7Iyn0_9o_)L)NxE5;dh$mhxfma z4*kT#3+8=#Wzi^Lof=PjpKLJKGfNJCM-i>3%1#}j$Qt*5dy8bp$)D~1==~O+Bz^fn OQ8gtk#p1^=-~KOu-&T|W diff --git a/static/images/docs/services-overview.png b/static/images/docs/services-overview.png deleted file mode 100644 index 564bd857e87e3ffdf72e363e45a8d11a7a6cb1f3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 43306 zcmbrlbyU>r7dJXspn{}yNh4AsARwRu(jeWSbO=aGgGx$Bi*!mO-61I;-QC?eH1Fn~ z_xJx@_s&{poh9OYXP(&mQ`_&Yj3~xE;(G`L0z+I(SRR46;ekM)XrbMKpM-f$$in|_ z*}N84M1z+Ln!Ydm`R+$CH5&xt{=oHrD8B#pxx)4rl__lM=AnbEMr68raANqDK0UVC?5fN9;#lNcdV2qq#d_z z#XnxCe^Q}Ydnk7g+fO)%s^GX#lg?~Z%>FLg3nky?(6~N&d(H}%^dL|6Qu8YQ0?B)5 z&rtpM3&s4)4NwAZkc%U3^drRA^S)q7#%mrv#4>&$d>W69!r>u`<55ppAvM%jS;BXk zt{nI-+M~W-NWO^~{;{@GGPBrydI!Uc@+)y|`Im`pemlGR9dnF<>PrFnrAfJ#0~rSJ zAO``8zVhw!dLoJ*E93bgX%x?;t|eJI+*Rj0Rth9kl>hg&qmO+n(c`~YJ%=|X;`Xio zUh(X=P#FIAO97A2UZVW>@-#w!g&6v>7fPjjvl{LBzK%jn-@C#vJ+unjuf;#Ur*oyr zg(xY7;<<&z{IZwVR-YJHLVJOT&hcOPi#X>;zKuHNUb)P^`h zIzftxo;Ij0A*Z=7$y_0ZdIxcNaZcN(`}(|sCBta{HZ^~a38QePilE|>d|P zaJ&U9`@>s~tKxWzhVt6-U(@ph?xZV^6t8|(i1PFmPEO}im=U;V)8}`sns?M8nXqHx5Fy}oYu4HKSb0w9wYaoGIAIcoTa))VzG;^M1u?R`QK*~CyXFi zFE4cO(B9@jcirqaJbP48z3kw^Uz)*hZ@Y;TTZK8BW}xv^BsGR8KBks>q0nbcPuDMe z3U^xnm?R-3&1~l@v-7j8$4t*_FKzP3Mm#iG6w>KMPjRhR(S{#p*S@ax&&ymsNKIu!M{<~X)&et~bX_eMza zS7v9fr+4IoFo8?5%yh0rT9MS|uOH`|?BVv06dvE6I+=e#H}pW-JiXp^g-C;KE!RLS z^{1jzWLOxEPj^V?^#_|romcz4x~9OLWjvfm@{_mH)_LpU#yGNRq&;XQCaT=giGavz zmh@y3SKV$yBVR7wkRCxc;XE(!DS6K!q0NS8r~k%zki{S5&YM>VE(J~J!1}aSw#98X zh3WZ)gpTrZGtSl_=0C1I$G`F#yd23|ZTibng>O^g`1SM+{>mx;o!Oa%OUF#Q!lqxi z=YV9-?{%B`WPff+SAe3e-{fa(?946^Dc{R zSO1RO7M$xz!i0m()Nej!`zKwR;PR8ha~?*krrX+$6=&b+iWT{BFr;}gVzNSqoabVo z?tFzC|CyC6{p#C(%wJy5v7TP;|yA)y)(r-A7d8z0vw7tA#L>=&9`~PIE&ee%mYhoP|-VcDAe6dBxBohCjUe-`xbHzI?smHc)NUM2b$qeU( zM)Xck<$5Bqqr^RHar7z~rw5VtNor-uEzV(ER4w9G5+Fn_;cTULz{#z6(22rrZ?RwUF1mdrh5KyxPKweQ`}?( z+p{ud4OGc{)?(;&;!aWwr*!zmA5DV?`ESg-!95W3yO#`CHuSURvtnEJBC7`2_F~&Z z3S-$rzMsTo0iKx;?KdljPqc||!sdP4;`%C9SJZUuocYir;-NvR@SX33_BZ*dIW{Jo z2HH3x!f-@krB2isf0WubW$t^tDXSa)%46EUIpOrq*ihO{`5tUlr#vF7aiksEL-+i8 zf!9|oof5~w&}8v@b>ddq_-W0z34fN<|10GLbnz&}^u+=3XdAmejc{lLmWYzUZC-D> z;*Zv?V--SiUHNp(bhp%$9;#QK!UJ=xs!wag{qEgL6j?t~<#WgxB+<}Tms;DTv{smB zWc(+htmI|VpXDbwIP1Hb*v2?Stzo8AIVBwE^W-6u6S1iFkT_N^oW}cgRr*AU8We&5m zwUnBxG~~z8aC0VUFY-UU@s_5R$@bZ^5;M~2nsW^Jo174q!5-b6f5C*$_Jx{s#RKOb z8qjJ^UGNb&$m+Pp4u%N zi`a>zP!@d2>o@VPtyEp4WnyJEY{pY*_rE`&-QAUo8YZZgGW1PBTfXU%Vw!g693{dQ zgPCl>`b20ut>C+5I6$319rJu| zUDUMOhT@s$?l!6`SlM9K&rK$DS@ueiIaKfW;*k`l^j~r+oqZ`O7?D?-#+IkMjX)dKUU;_ z@iXERNrh(moN$|@tnTn|kuT*h$<#hZoHmYXv@ zNe(q#W=A*PvP8`vPCLECuFu>`8mmIWhr&`I5e59m*xp77-F89D{ROw{x7tjlK*Hj^ zKHZ^i5(y|&h^5jlC>Z_)5zG(MXj5Cg;KmJ!pQlYc(4F_0XYA@ohWpFeq@!l_$ZVQe z%tHM}rFVKc=1&h3NzqU$3vAm<#B%ASn3XoyJV9=y^Yqhb`SVezzEGW?6(9cX7Nc6& zlY_Q9dNgW_Z*io&`>b7G>4WO?pMaZbx3Wg13PD@m68ddzOU=&}0Ei)W{FGXJmfO+XYt8AKN$;QY-K~%9lHYncN)zqM zUab&ChY&i&eSKT^rp&eeVC;)u!kgDDWRJM{v6;1QmPkga@{~40XU&P@OElB>&M6FS z`n~>D^N4b#;gSARB3Abc%fS5y`Im@op(}*HwtaSx>vbd0q@!l#5BZ8U&Fh%Z;eUU$ z@Y6l3SHs4ueIeKTo>F^-ywC&^K#AjLMez(JhD)ohTWV>kEl&7T!czY26t&_}(KHSv z^&hAn;`g0N`3^-}d&2t~UQoHnD147-&&xO5-O?c_u-{6w&RxU0gCH618mU4iKWB|u z(TFmArXL)WT>T``kbe&dLCtinmnKVNdoM<7*9B}36>KfqcK^A+FN*C;J2``a)U3kK zg3G})%)Eq|-uNby>Xps^|DzS)#jI*Q9)mPlc9=bP2%M4I)4qq{s5mRv2BY^j;b zMt|Wq(H|Jb2XH_nD@i0~DrL>iq6pU`v-gki@h5pTZ3(ypp36tL6dPXvJP;!ziw7rWJZr%qmV~L5!aNIsz>fZxwfAEvd z$LhX&R><;zH*1@;WPPC$pZ3+NNBeKvnfl$0Q&W65(K5DoV>e0~xw`Al$c{FhCv7@O z&Ud@m;G6957e)(&O)HaEIa>dcKkqy@M9r&t!w|ffPRpRD5`W9@J$HCuep=(Cno60a zW;yj`lhoPtn}}fJziHIh$OC)o*Ii!sx3uI32W0ud6}cQmD$W@%T0M%+MrzIj=|8H- zqCyjg?@JY>B=;js2G;L03+d}8A$twK)(4NO$@mUi3lyZ2mevcRfurI8w}|$W`!UYT z6nr~=JRi^fBE7cbx0)pJGldf9lgtS+w2zviB3a@-=?y-zMGsKg`|6y~Fl~b=kHKu1 zJCUzzR+qV5u(kP0pLS}g#c$KpsL_s`J#g02CFxvCJ-oZJ;!B%Eb!TQ>o&4&@g>>4F zi*1Cw-@YxaMP| zyRuVfQE2k$!LG2i{M_@BS*G+S+P_|GpYFOx%xy<(+h?QKETuLT9BsY=YWQNvIg5em z&wQCIV&!N;N=ki1aA=+Ly46@0Y=?d(4Q;Tr+8^lRi@O*#tr^oT_*ynR;KF?>t5N@x z=K`9}!s)L0LEKYW$0yv(o)?0(-{963D7e$P9*`K8=B}IPYqBgKpLSQk2^@3su0Cq4 zC63Qdo{)Osrh{G&D@VAurfV?H{b@<`!^H>UviyYQf9cyllF}QE-Y+*uc5LN6gFDFc zdyhYl;wox?T)EHeoHVUGqGK`k*oILl;vsP0nZpQF#ac{&6-z)O)?5=XX#0=>bL6Co zMko|oRbS`MKR_X5TW`H+4^kFUyIU32O?S{P_rmS$R@9bIg!c4CxN6?k6|ToCjwz#s z7@fx**AU~ZkEq1Sn!*e2VKt^j;&Z_mppi{?J|!7_=mMo?(0R1PunhNanpRz*!7g4Y zt7~+MnE)sqsM6+IbnbiGORtMAHpfdUBigs(s{F-Iu5wNaSVao6RjV0{hRfeXs^AscoTWv zc)#3dOHW%VZ!i*@BFTDVWUL!u-0zInUAM3GrAf!$8r{8`BNl+IrW3ke*P5Q`?X}U) z>6>gjX(F6ov!Dr_O1lzxfRZ%4S_!+~ZYeBZZpyzmRu&JS^cvwD4n;j~1w^hWyfaV3 z%^$)){qMSok=@ke#i-+ZG`n^w2xm-qxF?)_JNNC~Xtp9N-2)Asn;-WV9>C!aZ_TR1 zj`OZlrQYgl8bdL^XsxpUC8gXPZ@Ki{nh%ZoTV#OCe%oD-Q;mXE!->25+>l9gSrRg}N+v9IC#JpB;9nJ! zV)e#7)ZTn!HiMw*kGR z%UnbJg9kz4$a(!l-sN@u9zq*4L_~-#r>W+DK^%+0^ZD#}`*y$P)h& z*o8d~c?M>d`jNgn)Jz&Ld+#&;YpWlT-{qr~*nMqky548juyJS9(O_FWDF5n4fpEip z$xB85$TRU8vH-a0fBWvt;~(Ma{~G+OXR-WRvxgHX$Ut}^IcQ$5^C!s8P(`{Ec|T2Q zb@nvPFEmj|R{Xv&dfe{c)-Co(km>eYsn&$^Hr~Z)DVC@(Cq6WfAY^A=cKZ4Xk*44! zYxFMmwGfq*Cgc>Lo1vYRr1VR*(1?tKgx=tvfr%B$s5m=~x7IQ!b)Z}|0^EK*{8wtT z!nz`$VZ-*G&C?zZuEzSD+puPgUES%F`&&Imau(@(+b`aoe!eqGM6uA>hM^-D8zq8V z)-h;6t;@hDk8H~l3snA~Gg3MJuH-PI@{8)U(=GoX^~0(=4Ab0YDD&jRh^Zg9w4Mt~ zC{jZ6zE>#UCM_$htmLOkWzcX|mtpH7Z^3i}Ietiz!ljsYk+^HTwj!r355JB8aRt5( zgI+B!x?|xq+S_W4D_11fqbUBKp1$`j!{h6my<6hcA*OwsJk2>9?f$SeVSX6p?Vt@F zpG4&SJ2(8L9-<^I{)**3Q~<({a_W z9ii19nY*T`toPkX_KA-eO$%sMUDWC9P@^8#)PByvGZ0baX2Pf+k?8%-WT-Fl9#$@v zFR(HsO}fVL4}bPZ>1NAUOy%rUgC?&cyS8tzxF6pQHW2T+0CLbgc6fMcbR;kTJzFYD zj59pUXA1*S=OAdZK7_GfPp(;lRiPQA5QQRjdW=-xH=q?}oLAv~;_?xdQjkN0@h5pp zO@S4Fq;|_UM{&qa@!^#7fBJhI+bq8MMjwI{mQezJ)D(NGFmTAtny{D1=>!W?vA>Bd z)o=0&Bd72r`R*+1vn#&MLKW39devBUoG|)LIIArn|H?HvIq{LP@%li9XquPfhRzB3 z9|FuG*VT^dy3NY=o){>R5&UL5e3cQ<5ezEDXkJ^>YoARy(L{BK1uJb-ec0?{3m!?E ztb=#%9pX?VYETrlLp_I^#$(f(txZy4;%A4CcbXmvI+L7r_vO^6!;5Y@*<-D22Bt?X zS6luVKgTM86t;a=AsF^`?~*822sSkdep!%%|I%q<68pPp{%P3d8?jX4#~kb5K&4#% zvI}bD&NR{{8rgcn8*I$Qhw@1fND=Z6uDE}B+cj$!D1Ie^P-gw0p{DJh9z_0N>q`&k z)0D#M@PK161Iz_&iLIuz)fJNA=gI`d2k7jDzaN2U(j7RRZ1h2UUBJ8fDV3+WZjrL+Vclb5>Tl zoGKNyydTV}8WlG%TN{!v!U*yg;evo|B5WX@2GsUa``)r)2kMwy)8(k$R12h0}-B|c32*3YuGQ9 zDw0|FSCP5>zcbN))M6C~e=dlayy-K*w1wWCsX>(Vb4_p1k%@^Zyp`ss>=B8TZRf9v z=M^^#gxe1cV&cd6!%GeWK_{Y~mbOi1qmP^U=CcaW?&YJUBNq;zdcN5gK!#O$Djp3E zq|*p$6jc9p#oc|}(GhNf5eFJpIuoOuXE^@iH7qc6E4oiDNmAmN&F7#TWPv&9Evp{v zARI@Kv)1)w`!u|tkWgckeLp6S66gIp)03C4G_})>!=4qJ=8Fy)oewJ?8_&5RmGt0kZCZqt1#UDJn5u5`+JBn=N!&@|9f2ZF0{`Z=dBLIh` z9D%XK^}&bGCeqdgm>4UyKkv!0n~!G6SbYNN80Z`ToHiLhg(}mN8jTyumZJ*%icxVm z09*;|3ydj|7Fr;gxl2%ie1c1~NwMSID#0L#PfY3$=wX2c?c@ z2Z zy2$)?>!f5Pa-Q-to=3``OJ8iTM)W@M=)Zchd|sD@dz-V^md#}LCCI)e?2j;TTEM+} zdU=sBT5Ef!Ed=G9$Ng53`_bE~%k&C!Gf*{pH!Gss%ST(iL=Fp?#CwAed6CqEJz38D zmGf$K+%iXQdwojl*bHN-aJ~x@c4{&kTS|(ohr@DGS9tH&8*<-G<;v1pKvrrnbx4A$ zdAGivXnT0{zFf__586(ld*`RgNokD>vO`Y~N@P()&?n#)n=NEpWB_tg^u9@sij$cx zf8eFXzpI)*_?AWC+6%qpSx}+;v@jCkB^QrgI z<$U*30RE9)>`zIQQ|!H$8$%I7|jc>=RjzmAbbtDKQkz3@g(Oj$;I z{4!b7WoQ(#5x+y1gzc7Bj}G@uhmlf22frA&aS`b#sPlXUp|Wcva^W$5dO7{K z7k;ZH434PHo1|5;WM+%Pt>J8%{*s|>LAwwt`eoR(#A@^3L`l3VPYFG%7WU0wGM|*{ z#${8Cc)Xnxl&iSr!cwb? zRaeb(yVKERy%7I^AR|`{U(T-Oy~)bV{eZW(y-UoGj*8T7m$Ece zPpenj>i7J+qR?=3+SJI`l<7$CoD@mG*xvA#3y(_s@O}L?ygNeV#o38D6Umbs7@Zn> zOKW@^8fQg9iLJb z@Yj4n+Oe)chfXo{=_m@BL(9s47X;+Wpr1)n+wAuER3SgW(Pi0I+fVIOPIBTQE>M-v z|FmJqeJhsGUdZ6H5I6y4GTZ5Jj-Xa}*IhGGd%^Yphny)>Q~gw{OJ#VY7_FWA($)2^KtLd zf9?uI23hDgd0V}2WxXai##5o5teGqfyh}9?b6m|RK_1F+G())l`j_Gr#s}UAjn|~H zEnok9gYO|y{xUBfB?iw8H=&UPrMZv@x#c;b`ByxUz7L5G1uRYE1S|$CfP-Ma<83bh zA8&g4rKqr%PEi5`{jKVC?A`Q)tS$$+SDEH~tXb zvH??Bm#M@PvavpJ13ztQbk{!I7xR<@=v988CS1B$ z(p>zi{pRX31uh=LUx~Ehw-?iuNdReYdxUr~!_7189De_If!Iuti&N?0;#Ws9Q3cUp z|2=u&V`w!Sugc5j;++(bOQwQU^ZO*M&6e;5QB0{;FBp(HsbaZ4ckwzH z?7)Q0qnP$yPPe>U`SCkTigp9IO1!5n;rL4-I1hbGYahANb-N~Z^4@8wzU+T>87t@y zQ02pg?PJSJ``4pEqs6PQyLT;TTvseX6#o9bgB+CaubCw`pQ=5)J!;Z~>ez2{PGUzc zk%Qr<_+@$OB+@)Vn!0_P^tzYF&l~B@&PX_#u!jf)Pv2J~AZe{G``noz)dI3t+U*Kk za&`<1b288!RCw)9Wn=PjR7?P3TXffb2JS!UC59jS2r1E^%X69?vj`?+y^&-@YLVw^up_7G=oKSclKc7Pppf8%&@ zmR{gh6AojMGWomZsQgf@xsC$6gly6>`>lG(j?w|FDLBoa4$t^WRe2I(!=Eqy?whCL zntANw=2-W}>9{1UJ-2!6kfi^~?RPG}xnl&QHK`|y)2M}X&caJw-(;sckh8~?*P9(X zeNev4zE7;qTV1E zHc=1yNW_%QTQpC`Z^MJC>B3n_&Fk3@3Lr}W0QPyE>)=H*7x7|Rv;JgsF6o+Gz}tMi zk|n#1f&9_C^*|>}UA1i@P?@z{oq`fNeMfaNQb~TQacq8b2hkNH*;1S8bSaHj$84e@ zg7Al$m1Fl$K8*%fIqG2ZaSP0c9*I8)+4f_|auWEy0!}2=x$PbpI|=APw(0@#7rS zHP5FL>)I_{S16h3_*1CdSRd^vP>hiL_-Fb`5nr_hBt+Ew#^#~cZ*|u-T+^0p&EBvv z66GiO%Oz_g-M>ryu;kp9#VW|e+zjslsS@LS#?DsO(vx$WS*xmN52b&eiK!i}&fcFb ze}2J$Mou|AI5PfG0nAh7c`Jj^q`fagsl*R|3o zy)7pp5{GB?4c=g7g`^khA{Fo9eJU7I}+^60bql#aHy&T+DXALtpt@W=3cL>s`8|v{7*OATp(cN`eC&3Q18`avzl(4C zS!QV=|DE+r<1OhYTIwd@+sr$A;=j@k@qUyT(0Tu zbNjVms49;aq3+I<$o9@|T+N*mkK3Tod_Bds+Qb8jgtugvXr%8AqRLR$)^i7vWORB* zyc^w{^!zNOknY0xdFwh123{VG=+x`s9z5{NR-bQpp~~!i?=ZL(Cn)CP%gQK+^4Gw6 zu`(EX7r4MpLPmZ90flp~S++A>9TS{aIaYIh+`o>XNd}Sd)MLv?wcV>Ogi&q zM(HK~vH`aJCJkg)@C<*+smTQedESLG%2xRMPulVh>Q*J_haPpy+92Y;{T}z=FQn97 zb^k@@;4>oSJ5ut#lgY=u((vl(9Ce$NuP_Zxiji)RQnvkd<_H|Y2*(=C3!(Qiyx=Wm zZQv_Or%tN@*MY3$f$MA>G1o5$rL8(d7XNq)g%VVPruu)x9<*R zqhN6z#2+ZvbazAWY~}nFd;@to?avTZDPHBjhl)hqE+C=U5c=9}BAxCZLjkhoVd(99DVR`)Tow^A> zBk-{Pdwpub`u~vK{QvWa;!KPTI#^6FlEdqANhg1s^e=|A2ki0rfRvlo`dgF}(*wi; zMkbcGm!%&D@d39Ir+q;2Y@rkwiTU@HVbK!!HMFaJF@tmw)G)kNS&$vc2VWq-_=bSs z+sh$11?KhTZx}URCbIvPmZdpuxgGHg`6ui;v-vUlwpu0_DDStYNI;nnHl>0{;zX^L zHf^VCkMJ|Q1M-Rwo|;MDM^{-or*k*e|=(QFIj6vAM=R>fP$I z;bsWNDlc8xM5Kw%sqF--D8%e3+CX+LGO&1IDKoD98EEsILOTqwKF*3PU1Y zxZ9$$+V?~`4>R>P&M8!#XyW0YvzJ&54lHFXRya;SHh)%TXJKj+uMRr08dqN^*dKD@ z)BByI@V==G+$nzy;F1-6NTuy~qmDE0ej+FBx@J6XRJ=#F$!@OtR6G9BQmm{s9bh+OPGBe1)B6K zImr`F+q8|PUiA3@Wr!)mv|MKT|MOi6gtLm}l6zm6yQu$_@K2)T3k1ily?ExEDBd9h zN7|o7aP=SY@!XLn<3E?(e#H{S?OhT0X8*&ZTbDXv2_XS~B{${Vj4~ORP$(hx2XZ^! zqCS|1#EKTCAdB?=32-`Ng3MP!o44f5=p$fxphzt|B`Vu)%ATyX!VXdWTw03_XB6YH z3ZzWj4KX)Q1OGsZ0vzGwtioh=X#y-`E|Bow%76a?&jRH>+yoxTUSMzhk^hE>s6_Y3 zXCUX_W8%eJdP-WJR>>K2v3ndof=E)=hs*fS|L`EK3i^!4*^D2$)5*;0nNm@<%VgO-2|018_mzL%AdU>gPsQGw;Eo93vDMV2o4gejn4Me z(o-9b0MUj(U;njFd< zLuJ5Jh6fY*?9WsJf#$FonKy(*A zplj-nTnMMc9`C!~lhsgTY+>Fo8QymE?o?0SlW{z+{c)UV1|FG$w)$7l8qA%7b!Q~M zeFwYX1j4YhOPQ1K0EQ`kNsW!|YGCRzG}~~b1Sv!L*eI{aJQScO*JkhIf^k^YPw-I(R^Gv33F$CU<*B^Z2Z6rj zP9Y~WM+-I{;(T@mC+&@7H$u{<6y1H^<~rp|y}ejtHgYvz1$gM)WaUj)x;kk{%$Y4z z**S3!Kd_+W=fb>cMGvsnbppRk3bDrzPj)`DF4{*e-A|b=83Loh|Xql;Wa|E z8L%1Q>6-474J{H|X^)0jTl*)@5fIChxWC`aT~c3a&JB`49!|RT{K5kZ(&_7cqdnmv zR3CY_J@jR^sII<#Kq8v;(LgYy1t425BBzZHxk=Tst@;@i0n@iqZg%{ua9Yb`Hg%yY z`&GIvQT>k8PR$C%hXVAYJnTq zdKCZFJqU<`m?Ne+!#Q=bUoHOxQU&|VRgJwpLuv4=@C74WxRmal6m8>XGTg>b+lOfT z#qQPloh9A{jS^hx5ONZ4F&g=ptAlAB+$~psX!c-ym%hSy%_%Q!K6d2#z*T|iv4sD% zc6C*oaNl?3sWornPQ&eZ!I$@c9Ra5Ig82k0*Y4loC84|8u{Ua8NvTZ*&W}R^KJ}vB z3RowEd9C;I4TO(l4Uf7-vHY3<_TiH3%#4UFTL|?G^rk>A3yx3m`q_)5D1NpQ3z1jK z#1=POtgMzz?-lm-a2KR{DLB7)eSuczB%h|+dRvPcA~ju&I*N>f5MP6&fsmw1!UG{X zoBaV6_$V1@V{pQKF?N#IGl*6Qe}=~41?IQnzhFM`30e==e#EmEzhq>M%I zDbW5RUKAKokC#x6yAh$~g}pqZFEBpUt1h;ux{WK(&PB!!h?;X1s-8o}-G8r;=-K>* z)A%R*4$Roe!W*!+#p`^;WH)gEyD%{RQ;4~WTqXyqjqos!VX>{;CdFHi0(a(Ta3k8h_d zlC)ci%691IKIh5(h;yT_BO%(wK6c)c!}fsO_5^PY>axX`h&fEWLorDeie+*k$PWV@ z!?GR~5<#R-J)qiHyBk}Ho(TLkd|~-|(!{-*FP5P0IOf3@dK4HK3cQN0f%x}~z$Yqe zwTET-I`6g}EJLu?TFY-Uk(?t%$OENbFuHi*O9eJHg9$UANkpNN{7VmK+(J|8!9nw1DP5b$+N?v-$0Q zWy_H4FI{~D$<{|<>=y53tt{}Z{!GD>hW;i%r|9KOxB*1Uad#i%u-1_CC+{glDrZLu zSk;}puSaS27i6H=IbKbZw9BZc2Gg@&My$f1GUx`V% zq7wQDNb^!1tleG8J zBv>~*C&N!&9#~$-M?jA_%KhP^DCu+JuJZ>n7KoeL>VNZ#oU9D{9jYsn-GuzEWBuM* zzxsCw)-|o9%wrKf?9W6rrZcpMs}jyg#sn0W_WC8sc6rW&{kA3z+2hohx3!7$bcSUhbHYpKYPz3z_{aIfWh4FAQbM3XC zLCk`IF@{OnT1zqY=Wl~Itk7d7#aGIYp~V>wX0pP>0A%sxu~Q2!?3wzv#VHr^RhhVm_R?@B*W_PJCr9kU^&eVE~gsmteS? zKEs^&f7v9W)K(3miXyuazAfFOX#5U+vB2TT6yV+V7qN`%L2D8ESbxa z05!oa)R~D$3J`D%m&*7|hLMhlH~%g_>lhu*%>^Z_@>|K&=(&7hC4V#B6gpb>DFdx< zjLm!%%|nc)VF8=|&vgw0WXI%=>2xB*^~5E}gX4wXyw z$Ez7+kAvtJDrpm-kR_eFmm?WV-FPGB*9Ddr7spXX4hNqY7=PuBcVE_koL2B0-(dz^ z;tdUUOt@N%%>NoomOnxaJFU+KEb;3@dJWD%4}g_KK$VwMQp=MMhBzx^3qbrSFZ?o* zrKi(S9YlTg&Mxr5Mt#(jN-aHbyz4CIb=Yn=o?7vZ+QezFoYOiuh9@u>wj)sP38lTM zD_1lZd0Nc2+c>T0RtB0L%F%_!F#r1mxMR?hc^sn zf_$$zd4>94R6PNO@aWX&S_Xw{FfYFRIN z-=tr1cWcRjhH0vXGhuGbnFexgniD7YVG)K+Rn{%OIL`kP!kfnS05uBEis(+W&{r+~ zKjE^&)4S!9WH;<7Uii&Oiu&&G;y!Bc5VyRO=lB7+I5-|K z3=^TR# znK|g*%pV%3yUD=>aeBXlU7D4KB;MxYK*w!o!>f%yXBro413iNeD>S_!a18T>ijlwN zd?1Md#6$>MpTn7EZ}~r)8G0trJ}$2FH}gbB`eK0p%C1Q^o7dd=c^9i%rC2*W=D-a`)M2J_Hfz+6!<1?~sRz$cX^9KZIDrjk)I(ctt}cDzJHAmzwlrLT$a6~`4nn@)^2wbdq1Y!8!YM7LG1avkbW%G&G! zWKN-^dzIy#VRd~teE`}1USP|~NtrpK^<>+h1A3SoYD5Rk{wi@NClZb^|CLZWA*nnf zm3d`P?3d(*Sxo?dm+^hpXWwSCnGb%b@NC%?oDrU96U>kz;mMSR90%R~Az+tBnAKEHAmRb#{*(nc5{XvT_nrDN)I8hVhQm z<4gXi{lEc9Uqi5Eu1AZnhXu{%NK3Zt-};h4wO?}yM8yWM66J6uBi|(bSVEGGtt2^> ztxU%12I#qn)K+hPwgfochFmi3E?}50?yP?K-mw_|kN`vrN{G%}cmZ@^3 z&8T=UL?1#T@B&q--k+%QMYs&&qCs9BQcT&}TtRNmJlFEU=s7<~QEyrwDXg3|yfFBZ z9)wDkjR{t0?Bw1}x#8|fznh$IT#SaSmB?y2@aS_nl?;u;&K9^#sz8r1rl{lfZ2 zTU_yr-DZ`Cbcp3qL+gIhR3(1yLpyqYu5-_IS@jarZ>m(Z%v{AX$XL5?YyZmvj7?P7 z&#(e1enc&R0|z|Gi<2_HUtV!=*G^5m382}khv63fkjT*z~oRQsPa!N)#g~&mhkUV`qTDKZ9@bSMqws`{l4$?}MR5ST=`ip$G=Q zKr3*2Sz9%|1R5jbM*bJqG_Mnn*Pkj5DLNpE-;z5`2ve2*PKwqJU+w`}gxT`z!Cn|` z0SV0)2;|#MG1{-Ea*zV-3wc^**8-DFXbJs~snyrmitJ$a)~DFVMX*WtE<~t=PvX-G zlXF@~eSLNZ?$+m|8go4%3>40KHO*+lZoVo8`Sju7E6LZsmT~Rhm6WI|Ii#LsXWhVS zY%eWoI`yMHME(W!(l^-Q_S|-b4@9eHD^@jFHZLPguEtaMlAmz_oFBPt?)Wjzb3MP- z0|P^;lu?pZ%Ah`+{g&q(M4l!RrdBzowJ)oDkI0(SdMgTa7R#?0FkM>I{?zR6HFE7y z{u{rQe$@hbT3*W3f(+Vsv1yLKi%%o`m0(B$%pdT{45*nSRtIZ3;cvjS3+1aR_L+1j znY42h=!^@bkiI5e5FMAhR|F#7#PfoSM@Ek`-0tZ5;Z;c4)7MXH85H)`D1KW$eW%|W zS~eU@w|2^tM=|LSWZ{@>ynQB0Q2%%%t%OTESORLIJ2Rm)=xHopbTR8L16}p8%BwC5{-ozUonNuVp%_ghaD?w2S>!*qP3j?> zc0H686nDk}W-G*cVGOrn6+>ru^?c1p=>j9PLmxadab}SvIt7qi=tXUE!s#7}tuHNg;P<<^wf?<%e)mUEVHt=)1wv?%F z`w0&wR);q}vkB8A9m zuEzE^-U?}8t0>8Jyw&_MYz0kFaV`K+h+{b{j);uH3yF#pThH@PV!7`u@-DO1Z}FY-yW(jFVwIflH92E4Wy$)qpCqpIs0I} zzPEapF_qqVTF}18a8z1M*5k~PoT8|RqsR!?5c!XJxzD0$y@KpiC!n%Gr^1fFaC5lu zN>%-cLb9i%|H;|3*pLgqC+6_!T8vkbq_hNsEt#m&? z$sNrphIwZOhN;-NPN)QvBh48z8Xtbdol#y9OY^-;TMy+fD}L%EV5V`z$HKv3!~256 zPg+o#c4p5ik9_p?iG;SIWuJCk@OEa67~|@5)6hT8cb*?3HC<%4(#P*_FB8XHx;igi z*6vs8sJ$~WH`}TD$MX1ZR26quuT#&bixC-*y@>1u9u#zBoqvTFEsOTlk7$h<#ojLg z#l(+D$%e{vG1^;5%wuq>xde;8h)}?x~W$f!%fY6`@LbhB^eXi zw1Tr(K%nmN*}lota$P~LxK*#C1cLLYRI(j&3g-SyU1q1CwDSt#%d(#sb_oPqbV&BH z-%n4+9Y}ei`!yo1P4{s$Uzky)d8gN0#`wh$l8E?j-(D+O&)#0^vff(_XcDhUaV2mI)o^*iOd~Rh(D###cSKnEoN2aJPT7W`*fNUTk9sr(nO{geV=7 zb;Chk_X7>M04Y{cNdd<@+!yu^+bxbVh?INBqb{cXb3Q>RIm4xxjDA-o2muB&4bwhX z*Bh$&T7sI{14|1nA_HdQJ~Qh^s~2m_cUn*4$G&_sl1{lX+3R3w<8na(Vg+V`MWams zv%ur8#S2X@XwO1Cxfz$|E-`~WcE}Kkzj|<~i!jI(P>XyiS#LUw>(~v1&M>|MdGP^e0*(B;k ztTjT<_2gYgHD*R%;=}xZlacwzh`6)}40(y<&n|(Xj}+u_uQbM0!=nFO8jPtqV(=2n z#EMDF2uoyITJcma5rpFEn)JNlBl=Y->zuy*w`M1&BCX_7m&>j|?S~iwMg71zp5NWA z(X-BN;i%$EvHK~;mq>~_jwlf0U35zA3+RoMZ8$&3`4P8FR0qF}R^>|D+C;_kXeiMxIrbZgbfsY6)k)*m6D_Vv zZJ`U6qLnyLIOJ^ar@C&GM0ykGxTo4-|ZxBmYy_Losne_z}%Jb;u)3DO}b zF{E^dC?G@0(B0i#Qa`#ChLmolr8`8B7U}Mi?uPsDzpne;z1H)rguEe8Iz?>XX^Xgk^mwegVal$9-M3_}R3(cU zch?^psC&Nfv>BLM+rROoXP#hz!_M!&Q64TF;%gxP8BzUeB7LdPrOEcIvoECH!FD@t zH$U%~7DUR=V!!T@U%FzNS)Q33X$wCP*kTHXr>CZ#Or|PBlH|sh={r(YF-Sh{rbNzI z%rnnC6W;j^)9p@}=H7vw=$kSX945p^a=f4@6_0+>H`n=;=84kVRs~sM%Jr6yHyf5aKQ$*_C=qWP=)#6w5W z8{`bPma~-~K zz5O$;+!Eu?GFQsJhIGFwukQXatLYcS?Dl_^hn>il_6lm+2z@)(JD!l%h%(LinC!#>wNXre;Q{7+lU+L3n7! zkhk9G3vOG*yPBK??H2M{ZCvPwMWbUTaLt+#Wu2)L-1|-3?Vi_`Nt>2AnL$pgQ*HyS zEZba$AtOi3qTT_5rQQbm*|dC$yN}Tn5Z}grDz_K+C+jEVlj5FX2f|n7!ctl#i=Fkl zO?;K@-M1yR1SV{)WxxA3kqhKe>hoqATC@0WvzPslmjF}MEVhK#_z2LV*nx91dSJG= zi+)ad4m4e6%={b@6Wu(%uko0$jRB?Qq7(U>N-3KUJ=ufrj{DZ|nenXVn|v{zRJWIc zQ?Ugi(*OGFZn?{_hcb8^%Ew8xLyxYSC!YjH04Ra<7j53F6wZ1UlFUE(yxGASB~ZSyE;m)y-V-y+vv7bgkSIn%A{Faf*LZiROL??nxJbazbpRK;h!#Yhks zG+X~HB|fn~265nDPE*yETAyjogLe~yURZ5a=pUjYyBB&T^_>O^XC2O2?o-7U{z-#J zc5rcJ;NhU@Ve9wlZ`-`C-0PBDSlgs$B zS8dGDTr4I7uW&NviCbz|CGJ=4!1;D;I zDw&M}Spy%`iv`w3lF~0!l)F8<#9B-9%~%)4oehqk7-HD=um2HWsct+M_oq1+{B_H~ zjLe?-n(GyI?2P3!8gZiDkOqdObLTUhwJ;D~CGw{%0p)_*mCsa;`IiOkQv)`KQqqn4u+=UjDasT&Jp_ z3Pwxs(bs!;?$j~74_#ham;b2{D3?)gRuwa5@i!pIrr!vYrf9KM%-8(L>*fXggo!7yx2L|d~W&cFq`HH*s zber6bsmsc>W>AViZR5n??pX<$3)y=wt*5@`HLj(7>SYo;Z&$ZD_Fn}O;mTTT(+|x4 z`r_vcE?}6~5&H20V4E~1@8!6kscnNdQ8aAA$+9<-j^HiQM63*on>M&pNUO;%Y58If z){X#clHhvk{Ym)zLf4cs{(=vxRx|^*ai19)9x}E)ZE4iH@24ae`01J6d}8)> zV=4~i-CNtT0u{IDLkD`%E%8{a*DYCotpKqbAFP4u!Q22S0;%PL zpT&C401V3lFeqV{(bK(ve?X+Wbv)QJ)vwkD)h zzBW%l^>}TXw12wpRLCc4@W(vkq}_P*Wf2}oZn93DA|-nij^{-Rn;Zwp6jj>av_$s0 zzE~Gp@>qPz_VvpxWH)^{rmpw$z$)Zre~S?SwgOM8OZ#9~{Za@ey3@_v+rOjmqUjQ@ z`EFl-Fk!iO|LP8;RsOJoirqQbMAO3X>5Fxpl>*q1T$e(o>a9*Mthl!gs!j46f?wE% z%A0IbXOiD$ycP1Tmx{+xv9|H*gpKOu9tu@08kFvT$Ik2=m`ek}q1+nBpsSxOHMvPo4_<%2^3<_#W%8 zA1n9*LBY-rWMi#LF9AGot`cQIoXh%>l-j3r;ao9&t3SwJ^!r80enlG#T{<1K=v)Xj znu%)r-hWQowBaZMjaGb$`y0a-p(xF)`DrH=ch0YZF3Cx*dJEd6b6y>-43s$zG*hWF5-OuoI=zwPs9y@ZRwC|51ahX8)soEgP@UNB!P9JHHvKE;_ z-iO|6&3Mn{uYM7(5~g-}V-;KT9bG|}Cqu_os8se8aa2F3WyqP2qh8=vto{R#uL`n;cw9>nT!Fth3P_GFY6?#cf)=K+e((Nah{ z8i&olW+UdCY{uB)Dj_wet%C-CH_`^;Htk4dx?y+>Oo@us-9F8HeRHPFPe|H4MB%PY z;!G+5^*h!jX2O>Yn1l1PDO~rZ$3hC!pR}1CF$(ywx$m;60C#gj*}PB8j!et>nnaE98AzXKGm3Dx_nG zBO#6k>7A~X!d$0I7o;eD)pJe_r`jy;R5<_wjEwd7vm@mJ)$+#+PJQ)R5{$8Y+~|b< zc~eV8a&Ttotv($%L&6hYQ_HMwB2#$m(ZAD2>8YENRg{vVoy?*SCz)`=L9@QwIG>?Q zKV*uf7h*^fP8g~DQPa~`%U$+5qIrF8U_f|yvM12gA!6+;@-`|WhY|dNrGUAYR3emA zLNG+ZATR#+W5ydMBo**agp!_}MNd9H{x9J=X72yj3%}zSkbcfcm21ym4Z6|qsIj8_ z&SMoA-I6=v>-dG{iN27$T$otQ3z4FcycQ+ftStjEfGnIov6{#JYnbSijf$oPl#X~f z71i%u1pH|pB4|!naVa5wN~qx@z@+rn8U^(842S<@Xm866Z8!a;)6JwJ2N}Ah@CjBj zSFNW7)qdC1>UmjlDs}kQf7RI4Q|fE7T!DI)9=xGz(F0ArcTRA2E4OxvQQRiNyGzglWJF_H-}+ zpu-CKYDVRxqz-|m)Uot}Q@Ef8frU$B@_J*|{Zx2|cl5x0Ei-faeuu$=JLTFoaiaE_ zuQ|@3SM*=|*@i6mg;L(`w9l*>}H_7sa98FXBj7j04? zH?aG*#mulay;yEi5vTJ<1F5~hDcXzf+zSp<^E>0bFs3EB86;~42Xql>uD;W3|Npo!3Tpt=OJXG4Z$m*RBxsx0tM4m=%6k7dj%< z;Th~c5>5E!&JTJ|9(+&8cFbFXK_JvmT0IkAC&ND6=1rp)d3<2BpoPZY8<_=;X0x1R zE?bH%Zazpw^WVvh+wLZ}T+1k?+P6z(foPK7asIpgYsvjFUFU7tpR7^w#R?mMqn#9ELB&Mi-*v(SUta9lYl_qsG>mx4LDImYNG^7NY<+uR*SR=RM& z=$8Sk2E<9~fzNDZW!?4e1m~RfC-XL_R~~`m21VuLghB`$2Yunt5R0OEZAKl8nNtZ*-Xvtkd3y&WxBPB^%xrDLMz&_ zu(D%E2b{RQ={iGM16Azf39&sTHaaB=laSDBUV zsF?w!({U4Ro!MK&MWpZMqI%NY%jzjex zSC0We{Ug+Y@HeTOcZIec{oLxN(7W>!zH3`VvMs*Kf>xdOj01pMHmqp8ep(4Id%hxs zQdcBO)Ng+=(%>wKUAa_=TresvZ?SB|r{g`*+f)RX`C7v^UHMHRV-)zADp9ECVwVPUNlSS3Uj9UdoUkGH}Z6vyzmOVtANtVrQvp zQ`!fVwf7iYA@VnxZFVl1nEK#)Tep~!6vdtq`)x7VMo}?UzqEJ3uv70lYe0e&fx7VU z%gRtPeWIJy|B+Wmx4e2KdOL1#(<;{XNU5GBpRxjQ#1d0iWTI^LynS`&!QiGm6C~-9 z#SOrGee`eQ0B0uKC8vJTnVLe-;Isb{4jW)Cv6z1Fe8is}sAQxb@uepZJ?U7|A7o`X z`FlRQZ~kivX{B0`w}K->?km51nz(609WCay84U7ldKNP{@WHsZdbw+^WsobAWsE`p z>IK-0kV&Q*>{{=-t!Ls}rLxyg{t#MwO9$ccdyoBg%mn#_cgU9*&^H&~ecixK-Un`M zS#s@!TM?;FJAK2Era+mf=rQ}M>e~GAcE?lSb*{kIEFfW1w)u4frLCIpt+;EZTh!%} zI#WG)tzK!0K!CRSc|0DaSw+j+P^74oqa@$VNbiTH*-Vahhue9EugGVtl_Ynj; z#DCTs+$|qYzoL2#V{$CNX6S<71hA(*wNrI;D_00R_@xs&9MSu$Uug2KcIY7tapU;R z=YSzF=z1+A7-WL3Df@|{wF3^$g9IG#*E~O#AX1*M?nYB%o>IoL?E7~~k3u_?jSNy4 zLG=uz{kv$NL}P2e)v*maP$hY$>@02j&1WU>I-^dS)GEz3{CbBMNA{PNT^mXOz^#tbuBi`XE)*ZCG9I(l z`f4ggG*j|B@9nyS5utD_T)1@&(Qk(JN z+w$*!o?!Qbt0~xl0mypi~?*_ke!p0R_CW;s^cK zKWNPD3D*gO+wxw%`6=HZ5X4Q#qmF>w+L2Y~`|_1YG|+2Jw?h@V_HWM67I}bB_nLDF zO}D!_vdSErg4ruBBkjZSorX`bUX7G3$^HGO|H?C$yF!AiDS11xHVa^ZYEqRM(?1ZG zTOU_qZD=?T(GtGDuwjgUcNGD`{Jl#>W(T&C0P(y#d`&kV)8LZ}rE_= zmuMs+?ylclY3P^yLwd&g<+T_vS_*;G3{tA3lopfSLbS^2dk!WpOoK!K^5NgSd?2Z( z9w80J+Lg{7#N2xV&zZHoA5))=2j0)cOhus2LmstNGI@FiJ~mn~``>x&tR04=(nHDQ zKmBGaPO!bP&r}-9|8d_ea8xpx2INr!Vtlzf9F(WGdc}Npk$`bd;@B7XHu;X(EMNlE zMvGFz8kjiYCe?E*awiG&x-hADnFKU&LDzH~#V~+>P9EcmKm!@g3pJEA3fkuxI?(!c zbmq5JCj`pJT4AJ9dP+XRN0q#`09ZnhOBd=6G5xka;2#|V(f(i~9rLKA9guL#Ia9`; z1$QN4L(^4g{bFQ;*$K{DSI32Dn=ZxU8jJkrc8ULQFTgJ=m}}-akWOPCf?qw+5tORZ zd*!@${-QGqWN9a_9nM^}`&&?YbJU9M=7cLF@zXmFJFX z-xCgACIV|k9Kb(>@3@n?TcZ(7>@dl%Pd?#c+|Qe+`jRX-|o$Fq)h zwGL5fT8WGHM`LC;af~c&Wk+pT%^;;{QLBJFU#1ILARt82I`*uh3Q}6I>~5ZEetr&% zK9&g|vG8BYp$5hWAIzj0Tgh)b?D+j3@gF?;8mRAxS##Wq+uRZ1lOyDKQ)AGQ|5k2` z(n~SfjvI}I^N>Evw#IVG6GM&H?NJ*1S-e?!`twV3-3qc=?K!HiJ#6~#a*7OSSrS_q z6j}wMI2@)W@;PhFelpf+DB(!R+do4ft(XxT5Qn>kWX&zy3*T}dNg$__`=)gQQ^df~ zRKD+yAM%~|Q=f%j`8De{?>P#v-x{j@C?gAT49Cp<$PxmP_V_CR)Q7jo2<2kJLD~c$ zUMrW^g@Pye*iN{+f3VmvfHkf6nUUfI4&a$P8imaCn zHK*T>7lQzH4Q!`@6x)6og)r80H5Onyep_tS&o0kZL(yN`=+#Y|u1({bO*GbDNXV-v zxr>gjl6DQev+YkPoSnk`5Qek)x3$J5?T$Bf;F;E`&(PXc?A;CX29X-LDYRt78ORs> zs>gZ5UF?o0b{}*+-T*YTbUKkgB_J?*Grk?{Wgk(=nGQj|_HqFt*`vQOFh7d`nH6Ty zx09M*_55qxN5a6FuP%P6R?#y{e#;ma5(fsGYn^w=4(F^l3tL7gkCNrt>;?J~D840` zXGBRC8w>g|EhH>;l$zo@j8bfk$AC!+4muz@c~J8%qNRpG zi-P0b7Vq~ldrK!NEdlktAHvoaG13?%q{?88`feIv$+R5C=Oit5s z?QB$FIm@mpEi&FLrMBUi4a$dnc?cQJpJ))D{*2xo#vP&F?UANLE8d+CfccG{U42t2 zQ40mE4Ywtx#AeTu$AASIesq~GU~qan{`2dI1?SPW)!a*(p!SXi&TrvIXtS&=rQfDY z2xN{puESGdBhV8}g9(JwB-70In-|67ub^xZpc4b_231E8Evv1V9RpOgxYYxZPtw(x ze?f_l5H=L9G(-Zcm$zEfizr`9*l9ibk`0vVFNsFC`L3HQ9PsC>&dnCOu3R+|c6x87 zGScv{{EdIj$sRJsCZd<;!p3U?yQ<2*vS5xFb_LCKl;SaKnD_|L(+S^d!2lxx2AMp) zUNFAb&hwijpGU7B6xV;*H`1u{w4mqW+X#uxB=E9;voUAQGod)sSN5N`>!UYu1RQD3 zziQE87?&?rp27HM^mePs2A+J0lg_tRoG#IuvP1 zx-9yP+@huclD8%(vp@kkP2pdCd`ru=BzfK8$=E$emKqLfx^A%tf#YUlEA87v0IM}- z6O@?)2m^s}i>4>=?cr)-+b3jU;{Rea#S z3fvA0gE*3(u!B=kX4kQ8iv_LHzMHzgG1t)08kOTaFEH#00A;N2e!U7~^iCUyn`U>h z$^iM~-i?+MU)EH`WfY_HZP(E;bdi-9#hZ2@S|6Ky?yp~8gsXdI_YS#>{X?i|JM z&L2S*UmDVv`-<(D%@KbF6EB6-(kAtW$`UGbOGsJzs6#_0ha5kIu`-vWN%M}aS zODy<48I|$yJIA|H>Wcl4_uI4Jvv@5hJ-#%AUQp^xjV^lP5rwwK0I}G<6?$W zEPvIf8uqj?IH6P|S5#N0C>+Zct*sN#(#y7_nN@f`(ROb*z~C(jNzcwBW1o%ae+FJL z)~y%B&-V?u+M(JNjkVNv`>fC0#bZN$U;z7pyI+(_Uc!ZhErX}By7m?5X9D^aP>5_l z*3!$WMZc{h!Q(6kHG~%I+t&^p|JLkkX-vOa`KhmYe?$UwdnDlDuh9MnHdHo9V&C>hTieU$ zOEwwL*>3^>M_k{U(dXc+dksQ>?}6Xsql6?3yRwmevQtkQ7}UX~Vh@U98Z9!h=35Wl zlTtf+)S4o(fX}y2w+P}4C4@&}tmtXHJYUx(0W8BmUp9(VoGR1h2 z34G!#J~8gSkq*N5w~DXi6CLw~e#+i~KSYifMSDNHuDlPwPtF;%fu;owPFs?gGAckI z83bq&LGs0*A-SBum69AARgP~UCMu$4u!gOc{j9IJp?;+7kv9`7A3GBKWf>R`)Drer z@71#|a@WcR=={M#$#$jhyr!GW9rt(S-Vu2!P3#`%BN&}3F^*Q+;Ojzu(TM^$^?v|O zuk7m08;GeZ+BZhuwOd?OrE&k`3_4Qy3M?uvNBoYdBzF!0oZ(_UtZTW;|F)Xywhsqh z6PWiknYBobR`+lLUZ7lQl}_=s0loDM#kcSRf8Xy#G<|%xZm3d~Cc|R^`eCOJR0-f} zZ)(leDs6Uv54d?-HV#OCwqBDcD6~%iN5DGEK>VEqO>{Q96yZ1x@^|NV7E_j=l`J#= ziS7YRVK`)~|2FyI1?Vr4Z>eqhHa$=wsfqEnu9EuWcEGi}0BH2;UX$$MZ?MD%4PiT4 zRMI=v;dkzOTp9O=e83fy-w9wR`gf;h`6r^|V4&ky6@8hiHK~u8i6zgW$Pry zxaa#yxiaW8*!FV$_r~%I!imm~xd5>NMX#Jfe|9<-t^A=ebCsOP0o(&TUuWQ`Yl)j+eZl&utPaF&%#3b(X(JnkBQ!^rm2Cs|2ECb zR!$T1fdL=^lVH)!@J`}=r|OZ9|GMp6*cadICdqy1BUltV; zwBtZcGdt6yF^*^}Jk}T@PhIb+P9^;mfg!L78jeyv=_ygE$`)8A#j!dY|6gkbv7&1B zT$~)8VZQTN4R=vfi7=jpr4*{)0EEo$(!hwEwRGitrUtgEZ;Y{xoLp!XtG|1{_rsK) z_Ey<(72NwYRR8>lkY3P^j1~LDAn6&DkV5o->>I*-lm8!9&Hvw?&i~g7m2+e}02Unt zLP5kTEt6Hy^RMwh5sL zA~<9@#xoMZ%Q&s1hJdFb)C<4U|g%!FO)*=)5`dXzm}NJijPs;}tNDFb{+G4VgYl z(k;hQ(FCFXp|&Nq*Kfb22|Z1K+p(Xw6Xrit#sr@ZLes^TB`u1BiIxb7%tPG&dOk*= zkiG+YUBa{BQkXQmL3qZ&c%lB}?cB#1;83@6Z)VP8;J{$M z1nn%yTWBSan61Y6gq)*-a9h3h&v7{Kd&z0Kadp-beVaGY>BX;cC9RLQCzW? z`2&n06@=?wj13L#Dp_A~y%MV;c#%JaLBko0rzi`ZOmJiQ^|H-4))!JB!=u_()DmQ< zWT4!QL9^f&WiLf#3Gefuc`sINj3m9e`f>cOm{AbMRSRRXE1Jj&R~?l;94U3_zJg4F&^%#KR^Qw&iYE|N>G&A z^Nvgw%1&(jA>#OV1;pZG6~35XeO9%xQiel-A(AHM(y9$^WAK*q=YZO<(iat)7$bUo z`!Z0nyI$>M^utCxqeQ0Py1d(oUfL21@of$Xx6nSnvDbK#P|XHclpd58|8I>wW$idL zLE4qlXKTN0k9z{Yqo71WaqHf+Z@$U;DIFoQ3j)3$ z41w}`G z|96xpGSEQCB08@=`iu;e-E8)p>acEqv!GqD=J|*0mH@XoXWvsii81yV1H^y$62e#} z(SyyQyjM+FFZ1V6T+rka`r->bLt2~pP^xyY72enW97{!s3JD}NL|jq= z#O{gLnu^tXSPI&+^|qY4X>C!&ttS$r1>ZH61V&-bGpSxNn)k}pH4h~a?86eoam6>E ze1yCIdAs90{rGhuBksq?joR$fZr}a}YU*Ss1cR=Q#8@}x&YqUxt?Z@6esubntR{^9 zbiu2L5Q*kJwgLGA-BCQ18nX(FG`e>E6W3#Uef9V_&*}4{65$GCthh-@ckcp3Z|l(h zvCwoC>EI~+z?V3E^6$klw|&w6#b25r2h>^=&8p?LIQY{Mb_7&d($nM{ z*t}Fo@ILZ($V<$<%R;eWym=Vkcj<0zNr#vj@dH|ZkWwWugsNFRTwT5Ka=rsx$BQh}0Y{Wa}Dwk5XHWUHXM*AlNf9`Iv zKhO3tcSw??9^*-1I2-UBBJ4(a$F2t=;3kjhAQlh0PEXVIehIf7-!{74t?}(aABs!W zH@=P2W;|Nn*`EaPzO!G{331YG*}4s=ON58j2+mx>RV74E#6M&;gme_b3F$CpKU=6m z7h@S7K?8+-0Y{#Yn)AFpu(sIqNez=GWW&|1G6%sU5k}KK+!%Th;0y1YeH>G`ma2(Je6js& zo_QXM14CEl8X^xK^Fb*hlx>7O*o_C@KcJmGpZH4-VH#eJNCom6^uGbi@V=^i@`N1W zR;s2a6{U*a*VQ|*Eu|>-Vtg;O$(#P-$S6fbmo@(quin8#X{HUjY(AxhBW_1a>zeT^ zP+uR$A)L&&rSchL>w3ztG%z~!xgI2QM-0r)r`GEtjNZdYUj=Oi*3$h!xs=1er_H~; zqX`AInLxrLi}iH3WcD-w;iL%-$zxOudM*Qrhd;-R#aY$+^h_;rV(j#|d#L+9yNB*| zH^B>HNu$3$%`H~z#XRLNd-bifp3*4MyzhR$WU%RPeHEeNRCfDkH4ia|Iqt?cS*ArS zi`6gOqE|p4?|pO;79L3prNbv@))r>+T(QtU?T>*$F)>=+!C^)LM$N?3@* z)6eMp>sV-BjaGb84or={bnBy-;n_B*5D}mYPipfBP)>@)rz9?2v@RS6Fc921zYCPg8jOCrjuiXM+ zzGy|gD`fw0{TSn(ky7sR#W+9n6um)^~J@8E&=ICh}G_Dk3c*LJi`G4|%m zoBfq<_$XVYtWGggYH@6aa*T3GIP>{Bmfz02u7cVAQz@3#(qaM=dDONOnhQF89Kp|| zZ@vi`DrIYEYmNSRYi(0vE8xAyEfi~;yIM~Kt`B|5(_%$R;eI)XEyeP=9-CHuWz zHPk6Z7w+8P$JVnFnJz%n!R-z1dYa;o-3z(<3S9wgUA5mtFjVHCtAnZ&5=~ z|2z!Z1-)PRHS;%>2wTh0+<17}x^UXriGi}G#$|j$8t&O*MfA89vBVjpTgpDQkAiEexME0VyiW+BgWzhLkl?7Ux-*sW{Wa&S(Xl!Tq z70q5OXK=vhTuz=oCFMc&Xlv9LvSGGiV#PV_^9gDAL_CUvBj!h%s859A#UJB29?TUbPj`i7iRu@M7#u^`J~%W+W8{Q@d&7uw=O%4JCOj|$yPc>|Jd8`VIsXuphVAYG8!-}UC6Mp$rQZD&Sf7Cv5@`ql{5z|JftAwS{1 zvMQI$)^&c3{QSY%CBv9F7LV-3e<>-XD1tZ>_KUtQST_oL-5q5VenT4hiuVwvruw7N zn>OT%?RLR^sbsyCv6;RQtNn5LZVOvW+hY=N(KdVtsdZAMB*d+kf3?6y5^5+BW+^@~ z@BQ+RI*e2uRHHtEZ({|$6Xhd#e`S3BlUDWxY9=aKlG z&j^+M(&RK$w%)}GILZj+S$#~(re_Gh9J36Gf9J_fhFy1X{X($&OG^)=;$V&Kj=z<~ z`l19mOS?Ej#m#ZlUhG?>qj+IQeUleSdez%Osrp2BNm%dRl6G*65;T4R{r>OWE=mcp zgvR=hwj4rcnl9&dK2WJ1;aJoEDph4f3)Usb^TlqrzY^b(V?4upNyC9O4AZMuD=J#- z8G9X=#xH>AX~{tcyZRDsAxnEFBRHbmHXf&$+l3Zu@~$rjyR8aze0$aI^`G4Jj8w@} z2jNNe=(PBd`rAtLI`6LF$8X9jj1y(y;NU))A!h1+n;yz(J46_#95?0V5id$3C#z`u zQ`EM2DcRRpzPtYB(k;Vlp=Zr=)wS2e!Q*50igF)4G@no+3WW(tB%rJvPSa&^Rnbuy z0q+XJYw?%#hrs;<;C#h!ktq zdgA-OZ56&4!SGEzC(peREnlpQ&;~xx_0jUBqNn}t!_!l$W9!?`;g1iEVt)So1$nTw zr+T8jCUW};N;i2F`I91e0}~%g*~!Ax!{aZ>zLv_jiG$N`Sv{dbv4SWE;koA{#1Kvv zeFWkdN(56+O|UWi-oYAL0bC*sHljdD{*sb?K$U)fEjPorXYw&^dL-N6S4{3|&RIN> zl`4;JM4nFV4_0@HyA#*@kcH^0wQO^H zk({^8oSa-5t)?9J?srq}R(wPoL?GgFM(#D+z7izGkckuud*&gQ#qD1f3tS4(bS1-| z$#^1T&@dqj`ImJ3)rUd-SOE%@9D&w8d2=(>kdwx7z1c1H`}aWmuioH9Y^|?zJvGh6 z_nXeBX^ilpg)em(;ETCF|8APYY$)}!`@m;=_FoHw`?fVvV$fu!CzgNkj_>-Ws`F>~ z-?mi)VP;R#J)yiEj37J;!KTbX^zp%3WH?MeOYC!y8^weX&HLED(J)UPz@h_K#nm{* zB;kFEFpk%fN=t2^0^}4o;8DwM?R~sKxbAxP0 zLKd%9>S7yK+{4FQY)QX^(iL1*(23?mcz{o+DY)}?qkngE*$+Xdkf zS*V}?X8PUuBKe~iJ~ZMu%ZL(%-)Cj=nP(F_D1aOQfB@Tmd1FOE$_#A;HzgS|JjW?~^?0NgIlsQxEF@^n%XaVRHUjO_&~-JM zu3`&wlSGu-e@`Vh?VE#g)^>5T%J({Mkqz;`5K&_~!PGMe9LG2wdmD z%@hQJO(R+RV@EIPFif>byELOWe*&WCZN?coOtoaTgdK#(T{;?dpN@7iGa4_SXx?i# zx1?TC`(vYy=j0H({;ijpV9ocj>`4?ZFNP=&g303-0$$5_%N)z^e@PkITFQfDVyV_f zw~E#xQAng4J#?`4G2_>$`r$!_YRTdS`=p&d&C4-rPM4}nUUbB>2H%9o18yJIgNJgqh5^|AQ`gt%wNJlIYR_;&iit7__5AVzS z8~H(rQ2EKrrked;u|<2PbK-b7Xuyvujn<91nTw3go)EWPUYT#BEYNHLgmmOX^hgAu zXTrB$K+9KWI;QjU=#7nSwX-Hc`2YOdd7RyAY01>j0lcL@HYU3Mi+PA{E^P!YLr^kq zbAh+V^R4UGKAKoGjgT7`+|cjS--2HSc~D+zUc8~ODAr1Rk#EB^k{}+0*Ff*rK&k!* zoTkz(^pv^xM`rMYs3oeIa#r^3D}^aRmF$ssT*T_o)ONbOiLhodMw{Sk7 zuE0oDtzIulEV2-ZapJyM?Lu8@D33e(##+9P;k2nsB zhZjHs{fisrSA+4mK&Dv7rwy{euz}b>Fr(t(`%LpipvOL$b8>vuKs{!B(f&!6+KbWP zj2A#!g7zJ@_z5k0%2-Ugir!gwZYj#O%zx z4zl>zs01|)#_N2x7Zj_|D1Q^MX?o6d8IgnVd=xl-g&~}A5_5FRzM{T3BkPU#u(BkYQR zi$4xXCk^kz4ajc{jSj$WJkswYkiy^~y41ROgSPc5{~7eLC_tY)j(Pls9Yx4R%pEOp zr#k?uh%vu=h}sz1+b#}WuL0FW2_XTeUICv821~(-f(&i(Mng6bdhcN}&n2p#Ok}Z= zCt?Csh6>y}4n}18--sXKeK+D_?TU4l;ENCLz#vd0i7>5pwRXL_ZEWaz$p40=&3QZ@ zaSS*)(kT+H%U83fG#Tu_J|m2PLK#&1$60c|fD{g^QK-%lrU!BfLXtP1(%&c*aZL1w z`ooha6(2E1np|?>5vh2cNVff%b#|i?(DlMcIL9a{N9PaIJgvqvagQ$p2I9hQKA1J%NOv6>>8 zCBIo6Mgwj5lYpw3<4uB89S^@=|MY$uC<(~Bqaqa7dF9?LL3r(%;%bxkm|0&DoZn7! z;Dq`78W47?yp8E<7uDaoP}hgWh4fHU)jeB^2R3p17x<3v)6Dy`(@LucjxDS*{z@tG zYNwp>YFkcN3TDuMWvNo0Hc2$q!oe<3v&t918bVnK`p-Wi>$v11_D=kHR?$+o`C{hI zzs4zR#Wr*TyU7J>R+KRa*|IPi6^08}_ncj6`i7NhTxgA3GY37Hxn2Et{^DSl+KGL) z25te*;S=>sZLCwZO9D(eseV3~jB%7@&}h}zRnZ2n|HJ5a6uMZB4c8^RhYi{#3F|#1 zVp%5cGsyif5-vjX6h8lSev!tnIxI5pBfcykA)fbWHR04lJTQJA@-1SNoGN}`rt5EM zPr5IkU1=sDSuqlE`Y(zD<N*TKEIUi+A}0QC(j1}cj~Zq2#0d-3xxqi>Nu z!i24D6KmWEhpGu9ZwG4vsG~USuQpi-k~FQA{WIFt{6=%TlWEuzU-uY9eM239(B8`9 zYFdlAR=&m;h$e)rM;VstqPif5piKXqIB4I-ZvI`<`8u?Q7m4ACnd1COD#r$lST^nx zi7~CC+EvlEz1J_To4822@ZXl;lbaJ-@8MhTRq+R6|5#N1jy1s9-E0^IRbT3L(z*=v z(oaJYe%sE_oy@kcMmHVBVd`)1zj0qM?2kTI{Nepv78u~Q_1@Dgk;B(RkvnK4$SlfJ z4w*IQ>S+NqqG=cX1ti8pPIXKi-A|AR92SaEFEL3>c&L-ZHW?v(r2UKJmxKyo(+&Yd+=`IYP=+BN=3S5SV!7#64zOWL1GB(a^&xE<`qpgHmB5_5Pw@ZEP-tYaN5XxcO7g!Opf} zRKqipokd}c)1%>XC@ob1b^CLNlA6$xn%LzMI*LtuyQc$O-M2j?1YZ9oQGByBQ;4oP z$9MzL*s^a#_Ly&pXzm~xrMjfR=(s{3;hC601=CMU7l54ggvEM~n!hE0eJM%`8;uHy zh}?LFXoIXfd7?eHUG`t4Ab2rKyJ@?i->7bPa*qxRG>g=j3~AK=$9+LlNsY2Dm$dsK6D}y;|z{&1lyL5u^cqbeG;}@B6C}A#KyOzY3;sR@}jwa z@w9|vL+XO*sa$vRzjk+VQ@>H=i5d6Dd4-XniXT0BFfN~HX9mwk)4tkHYdj!;n#PN4 z;W~ECm8!KdrfJQG+~R+CU*OoCoWYhz_%VuOx!olzqitK)dM|!o^))Ts7vwCDkec(X znseVQ=8A>IIpoWqBqxZr9$bj=Km&iQZ!8hYoS#+%w!_5CFa850s&33xeG=oD2JP{b z;fIGqb$*eFrIJfW=??R-Fm)&-V)Ih{n?*1eM#svN&kPR#88AN>FCX2Xw|RGwDDPFj zAa5_J5rgop-jX6v3cxHif^qsujQuYH_U{W89ngGC8q^cQ5GqgoS7at;T&(v*+9liR z{hY1Sl)j5W%!wVW_zzW%)VHuFW?};j?+2OM-Jeb|?6vXtA0U+=d1+gZ>Xt~qhrI!l z!)?8%lh)I2?BJCHL+a6%y;L)nJ6S0kWG<ct1$V zPawk3pb-~_Z~*V`308GthK3)70Ec)5VUYICG;eDzmP?}o^b1nCEp66$|?)$o9n^w$b)#<^WW*|EAqR3n^3VE`owdqzhx?2u7 zZJ^E+BPD~*PiWqo%Flk54?kf%3R|S*zHCNK7Ue&d@2q5OJaKQnz7bHd=Sg@Aprt!a z_3fKf#38adijI8xZUBBor`8c2*qU#7HrF@42du8xCU#mbYe^ONF>Ly- zvxhqld2ozeOS7w%IBGx|vr8)u zJ|5XU29x??*7xkcH9E*2S!u}C#qJp!cpgZbnhtI@gc*AB8u$(HWtGy&IZC3TXKJnE z(3qAO+QwBz+U}nFA-xDOh#H%?`3>b(<6+Z`pv~tjS9RJnp27UkVCt5BMYinPj|4S) z&@P0S^;fp;3xj@l@q_$+H24`6jSY`)c=2B1dU_6|!`?#QlS!*@`LkR~sI|<}oBgWA z1gGTA3rj#E02Mc5288G(ixsDOCWAIH052FHcAYk6)5F(vHY>I2dDX-=n)w4vy`L+d z`DAXusn2~1#t(=e~caTw9U?%@6`T!?A9PA>f)c%Roz|br; zb4IN2ZiI6~CK`?5+y1|H=jmBA8dRp}tN9JT!(f8l<2{_ULAUtQ{&o3l>CGGllB z=0bO_HLUC&C;r_J~zn z`4`*wHzW=&HaK@b)%{s?g;k;&{>i*dmBo3MAdFc6C10dx%m{G#mZ6bhy@eNM$&E* ziP0z>IutPr zKT4*$n=-xD1+pml@fT%Z8!=!T9?1R}Lm)@oo3nvEgh29~OO}v|vg0EPAR-sGid_t>GuwfGI>mf;H`H+-EP_5ex+-ZY zp?mk>QZ;t$esrHd;!}n9`t3LNf5f8LBtDk%-JOUQFuhbLO$Z(9PO5>vaa7I-cBJSM zZ+jy8YD0X)E&FDAh>oQTD=1_uykZ?vZ0`no-m$*8eV7aKAubaT+h?Csbst#vO!WM9 zyfsJo3qFTA^vrZ=@?gw*K2XTAWA;|>(F4%AjWS?*0;%6OvajR~942v|4k~}zCel15 zyPZQU5%Q~kkkB8r^>=r)%$Ze0<4}}nc;RD(_u?y=kj=GqW){|s!SI)r>pw5M&V&VD zd$gemb2FXqf_GaO}IgDD?8)q*HpzsE8Cn_UsnGt~Qhcj}&+=AxMUU!UjDZeJ;wpjxJS>JXPAGUJC2V=siZ=;RAWJT}@(z z%J8=;)R?RQ!_xr$`8z|`ATM=aYeCiAX}EH=QL+PoM1F;ORc*($XgQtTP>1RhGVTlG zv1m!cEGd|w>`!D>d#O>+*zULd%(CJB-D=L-RuL_L*!D=26)2SI;TAs_|b8A7#^J-&&5i!r*~&OHd=d zMJwjBnzX+bi%TVrcI9yk3bwbw4iOtSNtoe7TwRt1*wjV;{yo>Ww?cznw&%k*2sox6 zxptyE2dvqGGKap4*u94RhXJdqP36IM?io7-)_^a5TTvx<{ha7Y^&8FRJ9$saLiZhk zvGkVX%QOsp^v?2bsj3obKg!IWHGE-lY-$MGrmeU9T>WJ6>5}Z$uSI;5^W-1?y^y4= z*^6%)f-PRIulqMG2~H!O#hQ#9I%Y{P7As2u;oL%|h9^q(j-kl>=fLYG01Q*qCk6r! zf4YGt_ZF_?sZ(8w%qk!S`YRp|q!@_NbZy+=W!JK9bdiSIQtis&jj_zM+xzGnwc}0n z$8zK(F9ISY8I^%-W%$9Ty{(dH-4vp_0XHgPz3znM0$I4t3P<0@(IxohD3o zZ<`w~6}d4RIEBRKvF1xZ7u zfk4+PVJq1Vzvowv zXwbOIjz`+&^5#?BrUwC#*49r9yucWYSE(NSE0Lg+GIoEO6Z>5-B3-O!7Eq-}1^mS} znD-Ux>*>}fIPpp|rr$xPHzk3o)8?U-C5ebje`5=a4z)kEyitlC0bH>_L+gE$hnYy; zQqAj$>zcHL2bfzr%`# zr^DD`Hb(@I>(a4>^>dQso*A}%&wKVMjpGYwwCYMuGwivzQXCe36Z^q6vnq)`O=D5L zbp`R9R0k*qcautd@;Xg&#_i$P?S=-?Qz&Z!F~Q1*luu9!xf)#)VaLYK`DN3k*LX!9 z@RRNzQ!f8m>RI8yO?KM$atG*`+8QE9h{mqFmWW)fv2x|w?zJZ1iZY3)L*VZFYAn)17gr+F^~^iX|FGhhJ1g~DcBv3>HNH@_);^bN;F-fy!tXiNH8 z`{Dr0=O+xxY*0%E#%sL)Fao>c9hXp26>`J<*05`VDb5Tl;cNtW357rB>gzxuThwB; z1YNq46B{|%vx}Mk8om~ZMHYolwCWOxknCsI+cfKw-dcP&#k&n*UJA{>Azr& z?;B+k=w#Y0rZvhPU~V5j5fodCqXt*R?o7lC?R~}UvMORHzkMt}<(CwPCr3=zCOs!3 z3|JfKqx{{zsJMXTP>OP;N|Ue!++tytX1McP54M8gP`j~K2oY-j)5F2NjDWNDty)Ji z6|kmm4zbhr`fN((>mp?#N(+PZk`O@kPOtnGi*_v~#W&LDMHDNqKnew;NyQ{Gju-R; z_9)$cU`en~tyM}}9EMC1h;+O&P>qUMJnp{i1Iw?E`%X;Ppd^W*{;1i`hX#pVy>bN|-{V~3p8KGlWa!R{b^8o(C;O~ylX$+V15RGcK;}$y{)C1rARNW^WmiUM z4;8ED`%D`URY(8^b|Y)KHizR|A}>NS;M1ygBDiXi-Y+)fy`aDBb<_%-4A`BvdvdeW z*XlR-o;9aV=h{cy2#Vzfdz%8%h`w6_zu{wzV?^z1?pdN5L*W|3wzsh3`T{5r^YUO3 zzjseVbf$ReBf$00R~r)=<%;iH6InroBbF;zTfJ{khvso-R$ zzTrQT3QtX6N1v#a{3BHP7wi)Fc+$dNrHrGzsjC8DAfDR{Acfko^3=hRg+sB@{p-C) z-u5j?H={hF{`Eq0J>7pc>T;(AbfeM|U$|Ph0xA-&n=!gP_dHqQNl$5j{9&|9u|xek zWbm2(WlS0-*pzAf8KHsmPkftAc#=#9K(pl+Is|+5oH4*F0?Zfd*(R}gKmdbwT*>|q zRHx~?y8trolnP9IGU{Qd*Qq!WB#F2L4&YQRf< zahH1UE1PWJuh)5~EdS(#n1dxA96_QIAS~>!-6lht4crRv5T|$1^h_37FHG6*YV`a5 zmfyz8-Syti`^)<_DHq#%jdy(T3Sfy#Ku`r`?EV}hYCrWy8B&zw+O^c6%;d8sIFt^= z1NK;8`%`unEpR;OL(R>Itcz^`wm!0Rd^RON#UlUQQQ3B1dhP}>dvzQui6>s;ZdJr* zFlL!Qoh^RQ(D;t51|Xzm0ZVx)_)yo9Y<+~ zv)I>{=Uy!~dCmPpa;w3x)w|I=_}SoO0_pPv#qOmmwOROg+pmC4k~;Er3p@ z4>DbaWIT#lVKt=LZC=WXuevoI@c|08|3_F0%of#P&C%2kc|fX!7x|8HjxH zpuPIADcvx!;qiBQK(Z5TRlsTjWlWP3LsNt4Un4-qm|Q<7^d2)XO>ECb7<*$8Jz6ls z`2o`yw4Od-&>;*2KJL>o((RvHniD$g-l6rreFnaL`TInc>7}@aaXy5lFOMk1%KQ0k6F$6XW{m8ez{KmF3M_Nf^j#acF5V^%jkeo5X$^p_9d-W)LYW9U%EBP{ABr_%NXqYC%E(B`$7mq~DF(OuxQRxB0dX z3XYctvFs0ySIpVhV*1YP&U!P5M!sYdJ>Bl3QM~Gh5u-IQMv21u<}Yc<7}$)sKEfArVCi{ zs6vQ1HA0~H{RhX{)+J+==^3~t;DS_@p)alcTf}M%%1iy#>sQuXxOW?lve^~`%MiRH z@UX9GK3|q~)HW+`fV;VKFumGi#^9hu+bj7JL^uZ^eusNITwd>PUeB|2#c=s+*(DA+m)uH4xOHm3=A80>ryhK!?6Q|Yk)jxvLlvW|V&UzC7Z&Vlp`;9C zu|4i}d-hTGZ^FfT`>We<9bd1CwD3fUMABY^8>{|kDx=moEd~>ewZ@B%_+GlyqEO^m zWpXnbjX4ddo5ZbBBvlH;>;F`bAf~gMqNr)yxG$8@XqS<9G=cN_^{RS1E@jqR2ioW5ZQ;OjJ|dI46=2ddp+l&VGai2ZWY%Pq|orxg%ST@$5b|#t5?9B zU}5|?;;Z-(@+?^5-&4X9_3aQLj2JF_SU$QQu)9t2-Q7m@?pqyE#g$WnsGz<59+wbJ zZ;oG!clMV`?376PwI^5|hoVlgzH@S$yw#X0WH969x~NQFl2To$^9I26sTBF{Q}E8l z?@^JU-IXH09e+2g%xe_PbT?dNFJ(ou>t~UH{5wXT_yHq>mMFb)07=Asl{)wE=tRK@ z1PsMITi!B-h|mlZ+b;AWB=%v#Gw(Z^<&$+RqzOV+0gR8_CaWRE=FseAAhw6Tji`zU zrmp55t)zNPSM!EpJ;@bPZjKqSudG;)u?(|i@~uMhX~D5NQ5Lu-R<{c<48Zaa`dsus zR=Ck>sVZn+7ta0YT5%QVS>xI^Oc?J^n!e+Rvo%)&@khqKj}N*$18#vpyv#u7;+;)p zBr*LtuauuDMSDgScqJ#4HWc*1RILM-rQqM2yMyN~pFdI!xm?r?yKoSE1*t(eBsyvj-CHy+>`aK? ztPK(0sf9w{z5OJ;=H~HUe9&HpcPie8 z=>f{N+`JFu~8 z#lO?9Acn+Y9C^K+$0wCKjqKmMZpVK4F<&nRDxUt>JsY2pvO#bUwW*Acl276x96_P6 zxdDLcSUU_?@jsZZNww1r>5H9miwT*>t93!clP_)l0N*hn9mNk8x+x&9dGskFocUFK z8DQeqy2nPcEYFpsEj6`I%2-vqwpL#8FgA4Q3Ez)Ny{_px!yVv|HlS^d^>BNF^kEH9 z-@a0TawOVi_7V{?u+y>{{gGuqfNQKK_Azz#KI-|NX`xJc(1R&YfAvZs^x)M#&}zYD`1WU+7qjPbGOe zZB{=ngeK)VMB8rt?yqb{xLZcgju@{!=?M=iw#6j?+uW>nn9sHDaG+1hCXh#$CC{f& z58fHlgKiqkRfBO(yvIVIE{RE5J-;$s?$n2WHRgpc6vZd(4m7%ysO@4+a~Rva$S1V) z^jgl?Y9M_ta=S{qOwaXtjMhcIpS`%+0sWcdiIlXGwweusK=Qr|lBWc~5*nQ;;xFSh z8v|G=whJ6!$jf3+x|Ov^=DGFF{nZ+WXf*GNkQNv?;(%Zcc-sKhIsac5*?jRJaH+ul zfuW@3Nd*3M{DAx6ngY(??1loY#26jGg+z;s5fUL5I_6(4!cz8US!nsa zVjoMPUgv)0)VR87eE23B)$=Ekj>PjWV{fm1btRRr`Qy@K>*rVX|K~%6bdju`Lk-`fcTFc5K@3|mwEIitKa=yzf%yi0 zdU{%;Mo;z25=!{*)srD-`ht?;|BPqG4@s|4V`O|B5LXbNgrbOXa(qloM<>njo#SihXZ_azJ(`rMrJFWrM- zg?Ue9Ma35%@?$?C>g}N&Y-8JDU*fX7PjwJYfFQ~z6XjpAhw$p1TLh(-@wt|65HiTL zU(V--Hz>WGJM@i0Sn=9%ex}nI5#k3&fag%QxDq#j+R+b ze>3!qhtkeRH7lzEOE?L2FlcUCyvw+ zB1ivu8Tp>S7}ETt2#vk;rv2@t1M;>ne*g&xiS`+&3v7Y6`djleOVSH( z4=M}CDULvlx&kr*o}isH&NSNd<3>`+Io2C?mzkwgin9twcPV$0L7522yz)h{*?o5V zB1$r_u-)AIgHFfBmXJ{?(CL5}0C0SKb<%tC*!zhVV+0jX5jWoe0FXdmRJbkY#WTwY z#LKro+i_kLnH&k+hpL-)hz39+;v8uUeIk2{m~^7bTkuz95hsG z$V$w{)Etw}4jp)!g+@21%zST?1pNz1h#A$7*kw zBot`{bMix7P7GB!q316S%qfwO8J!Is512aQD47g#%dK~klT(8n%kocQOE~jC;y8Km zrqNKb!hskHe-@W?|8C9(+Q|r{9%Tnp^hV?xbA9}9!Y$;CBgQO^*#I#I^dydE1 zrK3VGSty&022`3&A(f&a4j;9Vq5}q@5JaC1i7}xNmOFz|PjfCjU2Cu$qX`|IuN_*g zJU?Ng?M@;_lZ&-T(?nvU>g3rD3otP%2D0m0eIy%H3oI7+0V!P1AO`j-sBAU6TTTif#Uwp<1oiI&xcr|Sdl=Eoh531|$I z_*xlE*1PDTR*rj}-9Y$RZ{4u)S+~UI?p`={y@MHbw?^g4;eex%!&zz3XW9r(Zt`6X zZV-vE`*nhT@O@o-_|24JqsyFkI-@>NTm& zK#;`qI@qe7O=)I_lT}K z^Y?a6CFd={67?qh=na^^li9j}KJhhX`Rpi*rQq||yGqw};_u9AO=-8%m^E*c9yiX; z%nFUsGwL4SP3YTU>P?L%>5xnQi`%yoP1E2YF`xkL5sPt=wj=I=O9IN>-HXHB{Xh0+G{UdXt{H4(*#YqeA`n`)}e?HYyoE9nOKDdCn>U`Ye#Rz@d zrwRfoInGX|ppBu<#?x>LN~F!QxV<9DOZ+L#B|NyEw3P8}vwbZxO@_ysh!QJV3^|m` zZ>$5RHTC;TmlSR?!nZtxP1g!&)a55n3eg9&Kwi3gU*X5vgGetK-Gss1B1&Uz7eeDZ zp!33M>*0(Wq$iqtJrWCT`rTF9aNJl~EWO4%KVcoFEV+j#Zt0+~>c-OG)MjfOWWC7C zcZ!5gZCOXxn6_x>R98_-UwF8DY}t)XAnq6?o3#=u06+$tZ`f+9MoPkgH}UDX%&G(y zGCJ`yrs>khN2otl5Oh0LB~%Vqcax_qp=L{{A;c^;?XiSx+c;=H7`4z(IgkUH$zJW5 z8q??Bvl%X@!W<%Ss^gjTp6c^uz=IrUs`<)#2=|-yjmSqVT%>g-T7c#>-XcM9=Zihn zLk4!4mDDTo45%#^N@Jw2c+*l&IrI{ zWg3U$7_6B84`^N=&jNzj*Z{oSvj_}Kz8mWTn{8DAHd|0;6DqzoGtGTFOSn5aYf>i< zJw7yo`CCpi?u;gT2sEM}(0`_k=lY%HXq?i=orli57CL`xV18>Hh#cTVn$|!amnZ&2 zw#;f}+Vr?%?o3jg#%y8amjyP+O;_(N;2(icch#Xd@)(Aj@Ii%0E@|*ysz3R@SRs1k zO&u|4E^NV(|6@GF7}3wV;gnhlMR`*MwDdOL*__4G-Rf7fBsp9tTrBHn`$vdcX1CeL zPk%Kvm_|Ra21P`W)61t2BjtU`q{}l*vRW{vI!`V*=LIxN^LB}K?D;Adw7P0%r5jp4 zBD${4Wf;Mn$8wCy0S#G6n5inL!C0lAAVdhv7aBejMNbyqd@?~vjOBLsi44)dWY2p{ zPW_j_j4p*%TaId@Kx*~%A@HnA*#Ge*;rmob>C4oMhX4mczumMOokwomb3N?b1^B`$ zQ4Vb*zfr$`LKb}$pjfHEw)Y{qs(CoT`7Q${+YM2Z*I8m?HiBXJX-@3U-MbRnwE34c zdDTA4?Uj6DqEW#e)C!DDkog%1&UI!)Z2v|U3`2GjLi1&`xOdzyKImOJM8eyG&?H;I zn>KaE^`1~P319wnXS|ZK#&~!``;kfXzT?Zi{X!jFMiGtr@W@VNj=ZwmA#$6#zU(Z7 zxd>U*WOseKpIus+It*S?es?Fx%|S3#a~(2MVWbfa!4d7Dv3nCI{C2ykleE#EI!Lf! z>FLVX)~^y)H8HUJois93f6+#c;;4c;qmOJk*k9}JZ0mM@mV#cVE@eO(^X{Ha-l31F zYQQ$7E?kq{zYFUMG$lw_@GOqSR@X_S$faSMHR&uP{m;|i{h1sv$y;K?)H`^Dy(2>e7i)NxrKU?mIxs!h5dV=I?r%E}{QPBhYQsEW57CBQvB{n((T1Dn@0-j$8$CA?C5Mbx5xD9v})X703r4-v10Mr zM}2}d!u8;}>KGScq);4ANTGQPGp(h;j`m4X67PAD1g#HCx<`c=()y22<2>Ud+ewDG z(5PrKhp15PFZ#mg8&=%rRmrT($>o!i<4AGApzz^L5gC2d$xY`9vG3Q-))bd@XETq9 zbIhC)CK`4yBkc=Mi{+x+I@(~ zZmlQHpl9aHWL&-8Za!gGt21mcS+{=$lk}?yFLXj)7_1`xJC5s_n?|;p)Za>qlMJZ- z0uTz952tqYM_`aiHc0P|(6Tr~Y%rCr^kuB^zIr`)WJP)?yn5R#F+}jmk=>l=9~!&m z5LV~{6n=OMW@cuBKp=bkd0~{}(^FDDzBlQsd}`0py5#M- zjk4b2qA|f2+iM%7wqpmPXu=nic!D7>Lr-nz(=iXTw~~l3E8CB#vDy=kKY#;i3-w1^ zCP8ga=q5kFZeB#TM}=R2?KjYnP9vhr5p(V)u#C_>Y_53$&4#}&Ls8(D$n7WETb|a8 zH|-MlWyV{;)O<|eLIs38B6wSVdB}gT^6OXEEXTdVbw9qUKnwDR%x?zI8yI2keK9H_ z9weg&LLU>Rmksvc&8T%6srQ)@9ilpxBd9_t!o`2*>kUh3OUeG7-phpfDSlOMVa|f7 zO?i_S0odo%>#2c$jc5UrecO=J--Jd5bboSC1^CMV>_1rdnv*jWNCW|hJX#a4pli4L zABtjPVh3N*f!@zuH^U6~U%#o*bZk(B@h8YKH~$!SCwKmtil(QgW<7RvcWjI20pZon$mLX5KjW*&p0rB-+wX@1x^#OiNZ&tG{$qP$!u`0Yp(8nbyHT5h%Oi)) zd?`=ibI2aXuPJ;k6rOr6jnt=676oL%6t7QCdrrbC&g_abi|DNO@Na(izn=1H#ZZ#X zL_I+wbV|86+r?NE6(?MMi8#m&KL9vGd_@ZcvD=fe)3{~XkcST_aqUdu|GK0&OEc4QU8_Lf-O_}IT(k%^e)l_WUCMkZelvyZcm>x$3(5CAx&fz+FIk(Vqu`$hevG{IS~ z7p0~-?TezzXNB8w>;>LT8~t<>XJlQVm=SVS^9!Ef$9a3^>&Z^$?<9mGH2T+ zThtN@x8`jczz~^equap16omZtxwSA0Ge$fik+Efmp}3?EA}T&Kr>mtsga8}|W7Iar zr(@qsQ4~SOYzJ#X(2IvRMz=rzRbyT~_Q+3$_+e~_1)@b}{6*HwH#ZpXy-UKJ#tN*? z9)P?TlR-hEau*+Jy|*Lg-IVmDV3&xY^gwbndj*T97>P-a8aF0GoOvqTB?MK_5S}lRTp~q`x+mS_#aq_N|>KFASjMBzjlzt0mx37@9P_- z(`(9t8$qp$R`PTIfti^-gkJcmO_daWE~J|}JPI+fLR+h^pD1dewb>up#%iyw6AEx* zq`Fa)Hs~!Fm|Qg7)s=C3gxh+XZ?kto2%3=P3(ZIbikQdv=xPl`msL?vFouODACe{` zFkii<9^-)CAf~1lt|$aFa`lxVtTRy~Jz}`3K0?l#w1kJxjMh3eS>%T)4M*rTxPB?t zd4|w^en{FPp(6TG6MzVP-qT%5O5vC<(^%%aI)g_Sw6#8lo0-))61vr+DEXj_TCx{h zkR5t5P0*4pclWkBM2$k@*V)ib-&&yV`so9hXm}J+X438(Dpv-=&MZ=#p3Fd|z+X!j zxJ8C8e4VRcCR*I5J~}fa^Brx$LAPLg-amsTjTY|j170pCif4am4YfC04RVs;=$jHD zS_JWYWNQSur>i~Q8}JhJ`sO?0Mh?4Fbw%PR=SlEAi4O1`Zz;9NKh?>ALbB0_ZZ&Tv(1mgHeCJmAIbsh;-tvCT&U=|DxP0%Z}mq zV#Ou)o-G_7hSh5_4Mi>u=Kn8V3k%vSivKlb-fnuT(Z6FydqQE`b(2*4_ju-RcORp%kgPh9hwb*it z(jMbW;iAec;n~Qr+n~2E0?s_`B;kv)!%>B7CaM>f zerTh_ppo#YMQ=v9Q8#>EyrQf#HskUuF*2Qk-SZZRKYu@#j|L&RW4RTC?qapIcH9m{ zj79wQGX5Su^&ayYl`2Eaj-H4qIq>Q(5(OqO6SPHzieF-M7Ot(O`GG#zZ@$9i%=JSP z2H7GP0+tu?L;h-e0l87D?!cVV7(jd~9{!eal@;_0X}YD?W&1Vc8L&HxXnGj6cWyyB zBWQS3-6iX4L?pxPO^)5^b}B735g>k}R|HseZLd}}g2<^z|$2rPI1WW4hRzJCXZ zo2?-?itHVnTZ|P?K4DcOY&NI+4|XGWT6kWQXY^6Id*k z4oC^?S8Dr3s6~AV?|^=zk?6e-W(iFSDgzDB+}0E`Kv_Wb>ja!@IV1YeK9_Rr%iDpjWAT02}Pvfw(z0C zrz?0&hZ}uHpufl{|7LFELx(&$i^UAHK}g0LBPmEEL>XCm`bZ4D z{6^vKTA=9N;*rXYHViu=o5@{~OmCt_pZPRovMDzp_z$yAdvr^yomzgR>7RfOYLU7> zCI#7b1ZOAMn8+Q?s`(UjPX_k!NSzi!NT(s04kWF=v%)ATLuGwDGg_ZE{&3I*H{k5y zsC6d^yg|n?e(@w>GafB)3^64 z@E`Xa##~|e|M=B!`A(XW)KdqCD%;PPK?zar-{_4*k{DWkvm$athYzZC;d}gUPai)u z1v=^;#d*81TQ&f4mD0rZOKcI7eK5X%=s>T*T(|g}=Ff#lKi%C}XtSjky?R>!g>>@u zzOp>41#q5ZOcwt28u4L=h)_t904A3(NY#d5qrA8=&hzmF0ZUMBXb`N`L{@xZ~6Ygwgg3$*DEiQXSaNvPxLL zfh6nfGcW)BkA4B(CIU3kIdI+EHL)KdQ4dh8E(jpWefJYoNEw1YijxJ1tSl$xa z6sFwPkECJyn@kH2ty)WE(VHxt{lK29=Q&DJu3aXT6y%7z4IW*#y^>4gY)^UG6_Mj- z@U2UhD)lJ+PQi$F6vfYOImfKD9(tgHmu^knvsA6{r~(DI#X!m^g&cBRNy#f%p}$vI z7+`4GUwB;VT9-7^ofd%P8)F#I70Z0*!@u_@=Pk%x?dOY?ySb+;ZbkyXj_;af!S+4N zes<>grnpP}qfPtq36kCCoCzBxSJ-kbDtnho&!EpGMa~?m;jF^%9nia*GPRbe-jpEi z@{I_;LEevvKj8`*?1o_mGqBUjtARZHNs`G}sAh9Bno1L+niiqiiGu-dD+sFW3U5HH zRTaFRN!6q;J+ewZPqj|rFru=*7b?s{FDva8@li{w!yisaV^doplNCdTY%EtpV%+6z z%l6_lh#o&dlMw?tyfX9W>;?u=y&f5)Y-)9JX+G=GdNz3;C+Ln0Z(N6V#qmxnA^;&Q zv%dCf+%dE7BN>8tk*Y%T*rAy^5@Vgs$}U&__crC^ujgU~^4UUnea(7X^M7`0_Uxaw zJ+H)|Um-vYKhYJ7#ceoeu8Xs08;!||ZsH{~`3W+Gi<>s1Q<+>8^Tmok`j=Yr zr~~>)_CMtKkq*YZO3E^uaH-JcQrmrKS675%2YX?uEPw5651Z*f z!6It%m3mf12#X^8=5GW`e=rT$Rbcsxgq3>%o7YU>^QYNR;x3e;qno|k^pX|8omNu9cmP~ zqSvOX?(3zHMa(>8kHnI>PsaMV>?h+71x)&MDwP@h$9~@GHcfZ4lLSXJQSN<*L}AB` zSgn?KsiH0zT^GO~g-@SJUZiYW7i88&jMQF%$FqhBpK-vj&wIs^n+ zzfsmh<$n(6S3(7~(R}8_uL!2t^>P7es9}CC()`+s?C_r%k7*+VIcU*g&$J$UiX}8Lnc6Ch!ezB#*D+^z--MO^=~W& z>V=ZBevCoDj_jaxbyp6UT{5Pn?oBduR-grKqjiYN#k`9J)XXk|^@xSyP=y0THWY;Z2w|$V#7j5b@s3{>$hY zoWHkF3cnbs$jwk?SkwL_j<=?Q#xdzW{pY-gm#A0J%VRhj2r z$0YDJFX)Hy3CUTD?oC>bm?P0P`w4eN_+F=Pcq;&U%ip1lwr+$6K&MK_nZAt9l|-b`(-63Smd7rR3S&6#Pfk&|MO^$D zm~JS7`_23xQE+1E6h#Oph|twTQudo`&t4ip4n*On3_2glU(D#NjbE+Q4(KC2QDz%X zOAD#5jD9=?S31HVc6pl9;S*8O!B-E2i)eV7X>E=!>BRs%!O9l;1BwP%^!1VIw&eQ; zp>HXa3 z!{Coz3gSM=cxx%#lo{#K+c?HstJVO;9)7fbb2ir5E6S@5yW@2-$HizA4obA&bIf%E zfXnl7h}aA0v(=KdS^tWeSbnbX`3&rDUVZFIj|R-?H7@tL0H6Z9V06gGC)7W;(v8`` z0@LA)*nyPL8`szKhF|yjT&cCq_j%Y87!0)Jq$2%9_lhr46ux;VcD4Csr$(b^%pIe3$ak^4oKkH;EWEu4Y;5`?k`q>e<@q{Kw;2~E4&~LePAl>`TH9 zEUpduOp-I8oD{lun$y)0y&rc2Pz@048C=#OA8%fRUl6f-u^OVlZ=Y5czC>x(XnPUd z@FE9E-~s1$U^0X~un5i;(QSj7$qNidhAGTMkihzWQQRjl{Mq#5U?31RMzTXMj(x5i z2{?06GN~4dkRvyoA$`Q6i8{4+cewxp#n(^nB!{K(8ppk?U!AR~_OXUvK9Eb@%b@>s zWopJY)b{@|t17%cnA?cXG z<+c8Z&8jip7oc5PlEuxAB!V-(P`H*XIb3IPAh@ENqNwQlcvP$i3%DAiPRRY;qpJcc5XO^{vgw8jQ_bwxY=n< z;H8ZwhE=Tmpaf@;T|xF0SKCh+u}b}Mu)+Nf&r@uK&z;-#c=!XO+H{C>5-``^sA5G> zV5`Hc(fN1qZE1S}_xkZ(v9l=o-mEmGl6UcQN1KyhH<N`K@tc;A>0zL#;`V4F0p!2b)PHDN6+P`DFMLB8o{z=+wp~egeOC}jkfrT^aS?@ zxQ6PIa{b)ovYX-Yn)+n9;6_A>H6{1Y{zod>P--bkPVmKz`dBOZMbZLuGi`PMd|mO) z3i7t5K5Fbe;0S}s%A-eLhwuYjxQbdmG9Wq5l%^qBrrMC-|Grm%I1a6{uXjy4=d7TBhYTOaCsN- zs_G+jG*lkj2aYiXt7a&HpB%mar1Um82U)XIxhbi6^RIlE6}7cF(Y5v&5a-E@3Wt{H zvLP~^BrT#(mqu!;l!le_q0$CauHR#Y?0n$Zr*K9lQH5wE4l^ z3%p^=vBb`gK;2jC3J+vP=Yg>DT%k=h-eCqOzTtP|b|QF77{l9r!yQH?USZ^Ws<7=0a082Rd}8NL|b^ zqy@brsu+XBCu5j9OxS)x|8i(|!yTexq@i zB7NXL?I8uC0j4EcveK(9W%t1#s?*Z(HL(Sxp=5w&{4pbuP_iW%KW$dW_rbUh=I;v2 zp7K1kM-fNsXGJ-4BL&M%wKpTIlodR9;e#Pt=;U@lLN>+|qZhAy?JjNf}O3I{3*t&eO72?mc7^HfLwFF6lM5gI8Ho5&g2QQcw*6YiK_`fS9*T{h^wb zlE41?yE1(+Xf%sfTt<3tR2(xWQKVv)ehAl)e0gg)itF`7XJi2bB*x5IokTUICOULg z%!->uz{5y5DGGd$xNb?{y*bd}Ur7o4TtQ-=;fBVkT@GE*F7A z>D3rf%w&R!V+=sd7=HK3o#~tDq4s&CTCi5^Fj`oTvpg+ATpUtgMFS~JECOQ>_}Lm5 zFM%)&v-@P)NZQmg^I&4=IeJV)CRjVE{ZQz5u^~A#AuX8|Cu0#8IBFn>QnYt)bi?5x zp|LF%ow&J~dG7J?YxeRL$}CyOx4AG2yg4v$Yb&6Kd3B$|9fGnvaWYO;V#BJX5YYPx z77K+QijOX8yBy8n0Ue4y2j?pOTo6l}tw|bApEBN%o~QQFJGTGzsJaV9wK{AH`B$el zv1jAgn@=@yIOgurI29*TV(h4aL|T-dH2F@)m7#zGDp+K+faLfuAA?<&Ng!-%iM$lK zB>{gMts6i2*S%_ymII4d>bGA^n0?4hIcJ?**KhvhuNlVx@Cl*svQu5c`|@GOSC^n( zA|gsg!Js5;h(-_b;%0+zO6KJjbg@v-`mf(}&*fXT3LVr?0vkLdJIs|#og#V?B-)R} zDF!DiFN_b;T(QqfHt~(uX!sV=(-S<&aNQjk14qI{Jhbb)4&*b362I(Jx=8#OVPU_K z7ai(_OBR6MFx_8+CBmdclaLrra66IWb%IGpOl7mfnw%v`OkRJi{!0jt9;VgLi5YG1 zPjKNJ{1RIb@OUGUw3RSwTY1+X!8AId9O42)T-h`-W0!vt*dNE6TC4*2n?hqFTK8qV znOR`SSQ*mk)W2N6-({tVnWtr&2(B})4sy8LPvVNNco2BL2Xir;P@W)4_2qaLihGe ztsDq3tS0zb|JI0;@E-`CH9#|}@kEy;x0#iin$(m9Px5lu(f%|ad(ECgZH88 zZ-3V`z;Ve+S2zL0?w0htpbmXzjYiW-pbRRdj3VzYyuq}!1DR>Vu`KSaoV=*bBI<7p z`2yL#VF@sK-H_f^vt!5nsnE%=yyBT?`tQdPxOvJIrj72TafZymc3%`SSz%Ht06P9n zE;anh_i%|cHfVyJ8Myv^pne^0h(xp)mbECfBamPamO-Q=wM1o&YHm+7GvQ)grd#@_ zf>;EQ4oVCwKJ|K_N2@Rv6(EbzWY=mci{h~eTGsd$2e6%v6yV1+>W^Zgj&&Z0R5O+( z${gha=7rY~kD_Al;OC+i==pcvrQJbU60wMJqET%PNAO-iB zPwG{h7cGS?HZWHTx)Nwwi@4LL+u|r__ zx!YH=WM2{g>|}FkH1+B|*>-1HrD2bQgKqSirUf_}L@7Bjc?;ux&q6^Yvdq7oU{)_4 z*n4`0Yv~Ap&?gSqD&BU89E5!0&NwC`9nMt!JD&=LJ)t2)d2DYm8cJfKLAzn$4j0%P zvAh8W0QIvRyvs-tu84lR?bQrKX`qJD?>X_>B749hz2V?s4_+bXN6Jy~j*Ol1HItwk zFZp}mT$>NeaPC^(=1fHwZzrgnFNiMV5j<~r8{DEXV|R8u{&mLxfUxv2;Hu>FlDPGe zfx|)`qCZTfv8jI&YT)3qncM*MH;1*jk5FVhB`e!G^4aB5cv#a@ELG>0uLU;ygg7Ce zlUr+j|KqYe*%n-e>V*bRJVvrkrt{64C<>fUt{4VP6Ns^+kIW}fGH~{& z@OcV-DdUx(A09Y=GXqJ_d?~K{ujm}lTpV;#-;R`^I|8BUM(#yZ{aFf0Lr-Qdc6&rQ z`>X}^umG{l$EW7GieBMfjB4nKYdpt{M@S<^IlkC^*<;1YMycxGz7@QGhn|Gd+k;X^ zPV(|iBF+y#Y31gxs=3AL^6NH|hDL8eF)+r<7-4{`vUq97sHHZuZmB$EQgSc{yqYaw zi%o;dPlrfY{tq#4-BkUK*(2)%@?7fE8;#oFFt_+Rwa{O@!M*z&FoED?J?;pfFOSno zjW#KdYd-CSu3zIpL(Xyhc8o6k?+EgO^$CUY(VrgYH^C{K6uU7G+Sw_<78hhhn~w2o zJ>(zF8^LJzD3~08DSFcL#yH1`$o-GYW>bTP2v=yJizVbni}-o~zuY-QpQ~5C;;Uz7 z<#9Y^yrVf`mlH*R2H%aVxN;@OG0tW)l!-2$|JmrxqkHTRD6v>ugw-2vAneOJx2Mjx zo@wwkA(X#eHh*@!+LvGUmGCzp_O+eRvAkP?zW=T|=uJFp0UdOY2%12HyeC@d_a{Y>Im+v&J5H1gj3S%Ua;)hS`H|$j9g4) zLW%2z#LqV(x_+}miXd+N=^7Ml7tw;sj%$fdMI5eJ@O~=4zj;lE5f1*_mHjnu&YJ4j zY0nO6$KFG}%tZD_;@2u}+aEBcn6y)=$6vo@)@P*Mok{lK?NJ}o)5OuNDqkm*BHZ$4 z7S}tS)3$63&-@D$I#hxfdEy;x(xW&=fvYNX?Vq*bjmn%cu5P21++l?Mfy(BBbc0;^yl$MnF}&(7q=?yW$>vic?(&jPw zGSdPw#0+WUH+H6wrdzXq0xW5gTSUPVMKGYWr3U4vLjg{P4cU(&B;zfC_;o*QRxIP) zlgs@*UCUh88-a>Fw$|e=HkMQlz!6=-hUR3Dk17fa3$Bj`n0|zB)j?v#iwW6|GZtS~ z3FvClTdqA1#n6#_#0^vGYGYt^&1FXE;4p#;ODP3i^nBU1?EdNcrnJAp1$?f4#|Du&j1USenzgI>Zw` zMe3vU&FyG^uf%jeKik@9s190*F{?i>y=cdx%;6tQZ(JhoV!sxMD zKDWCfE84p@&`SOn>n>V~>k4E+k6hEwP2kg;6+lJ#t?gDXSb^e@cSrQn}0A^O8sG?x3Dy^GscR z;(Pd1Pl9#ffp7P0)46tk1;CT83DxPvX!udvGF1Re{DyOX(q7}TEz`D#es|EA1Rk1Q zlJr5a!!HV%(_lPRWb|Bl8V@npv$zZKitT>#Zl3=O^P{{u?ygu|Vp5(||5Hor$Ca|j z7?GLJ1qUgX)?~oeJEY5qxMTH3z+NFk|CTM>4=gX_$W3`>mf*ZAUH|%Lvd4`VE?goH z>})j2SC>gLvt4#aV|0e6b>P|_lR*|6QLa0KGf8+x{n2ja3gAMwYKTX#9~%ec>Of`4 zm^sk3r7ilgA&uhEe&TIJW5tvl|9N&5%YA|Yl-epfZQGiAotK6riyvv-WtEY_I+IHk zcCCqyjn>W8U*V0zWa!8Eky{oq`kM>&Gx5b93vkbiNSKVrt}#wYwxe+TC(xT(_p)hW2ccPNP$uJM z%c&S?7e_eH?*p_<6ua{mx9iMk*Fq`91SV%+vaw#2aFB*(#W z>8|f|5~mBAoYdcy_1?#)jtu986F_u=f408K%~q^jl{LOu<*x6+WjX$1XrBbV@+2G7yl;> zY@Gfo4@r?ts@{^2m`B4Yy)^h(UBs=-f-T48*ZxmAsMuZn|NVldOEa`rdih0Xo>ltt zFNvleg&T(utNg8Nw~}kzJi4Sj{lk+GxhKX^CEfa4AHSuW1#)hD0;PIV%;Oi|W>fw@ zH6ejBH14@8zAySBW}yPMczR~6H&dM_xeKDg?I|a8=1#n7T9-buf21??nmD(eSBGEw z)PP=orrvYB7hWC4;L#&`lE6!Pxdpa(@>z|WrOj25fha@Q_RR%&Y$0>pd-ph`LCam$I+ zX+bzQb+#ljOeNPGG+JSFtI3I1exzJs-9oDQ9KmO$e9&L<>qu<_oUDwx`>1ETRG^7J1Rr!bU$9#L`vAMPLr-_1Ms?_RHaodu_TY7c>u#m76^Lh}2oln+dNfnIc&52F2tv(XN1bE*oJ}6j&%25z zGNfPgxPnP~5YL?w zap3L+DUp-&>vev0wgucyL@poS3)FF)tl05&CmbfBM5H2QIb#=UY9h6)YFM}t9N?Mb zIDZh=!BDtRxvbpUix6NUu>q}&@J{^ghY4bV8%YH0Dh&n$_!u%$Mt9>TSogbGin`8ANQSwviRDdmGet3+tie%v8oj9K zYk#uh?{2VJnwaQ|+Dd-NoBxE6zYH%g@1|5+5<02lbFC`xQACxqcPpjq{Ev<6D?RF+ z*vh7sir7vbE&YOU^-bsSxjRBX^}9VDVk3#?h&LMRw}L160rK9qrQga&XF1|scwj$|USsTDf8Gx%w7g$0QU;r?+F{LzGXCVg_J3gf?FutWp4Ev59QOv4H_wEd# zz_yfXv!pAKr)IDfJ2AoGm(t}s_i<(rG7&5slt`w6B5?f2ES1mN4CC(fGsrJi~+{5|{WVyLr!6UK5>`aS+)qIsE zOc#B^qPd7wHWvS)$q>?YGduUQ=RtjNmhljTuH2NQ5^ePKO-=zd(PL4Yp?GNGFIRV**NPTi5Bj87?Rs4 z(qGQg+*B5vP^>GAdkh2b-?DSbsh+Q?)cU{i7Jr(-i%yO2m(v}_*_}wtK48;r>hwgt zqV$Z?Vty8;pw2;~m6h%L({<&w{gnEOuUCIN73uPHCv&5EBBSt1URWe;uWsTzijq%x zTjb2(=V4L05E@#ruT6i*+tSpEww`$&$Hzm|P zCY+$Ea_m@UX`PI|4wL2>HlA$TF=v5~Y`6I{1!kIPC#DJgp7sG(dyX)H<=(c|Mg-nk z`n#$tt723x+qGnE%9CYtJw1-?5ol!+nRSZV#O9M!0>bOS`Dq ztaX7_PHa74&`Di2NG8s-I9}h_F%s*Xg>kH$7%a7wq&2n>lz^dJac_mTt2-S-IhIaEGxH94;9%u^4*4WY9E{MoZd>34pt$9VYFrN=@M7j z{!8T-%|>cJJqYHiHHC}}VXk|3F4!gEH~~vnzkmL8p6Bw^Gr108F#cFk5R& zt8>E}=6Qv6O!lvw+8i9j+9K9c7G5czQq)|Q8BL&h_F^o<^c;x7sfSzof7tr!sJMb> z%_JlwK|^rY;O;sE2o_v}ySuw2xD#9kcXxLm+x=}}N+e9iGP zpIvl{w1bZvyK!bZ+w7P}IHv2Wi1=#&dztTaofBd)C|$%sR}kN(Gi*A+xJaO;IP;ma zo((~g+vc4Lw6kmP@igB@lP5b>2BY%{!6@n*Pi1NBw2ss{cIm$7Fotq@sbcLRUE;a} zI;l8oOb}~WMia63;*Ydy+C*J%!tSi#2uZ_5*z~HE&xycSN@)Wy;;mw>6D9*4wtTxA z`dBGU)KVOtC-~ZMyZ4t8yW=;HXnGf~3(9)U+?@!*;izxAH8*>f=H;KK8obd}q!wb` z`_TFh=c_L!m?o?B7zok)Qxh%~6dff7e~Q1=l5CeeUWm?H;otJO=_91dW<>de)sj=x z=f^>>)f`DK%N=Mpq>(C(Kf`~PY!clIAICY`$I4(*<`WmSH_lj_m;+z3z%^y4%(Ufw zfYiPuH^I(TKf+mS@G{nXK)j+6M&mnQR0Nk#Sfb{>;p{SAibvKFb zdA>P!#Ip_CmXK1sdpbm=*3_72QVO1a#amNXc~j{^e~(aX4tj~nN*F%a3U>3*ClxOc z1}&7=d~@W?T&w=QSqRyL+Nhp*l{0o`l7dhTM|uLeF%sgH1(B_3vDZAd+&0+t1w~6IM_mTGA%@%A)Z33YJDm>QYNt5V_o; zq?irf`FRQj@1a_|>~0-!#@%U@tYjEp{eGS@Rvek^iwp%_V<>Jkqw!UwA@1M3?tGrl zO#((9aIFkq@_1MJAWn>7wMXq2(_+MdOicbObWjQg?~k=U_Y^Tv%r?FeW2jFFLYbqv z;&R0J#7#kVl|vL1P8~Dta{M1nXAAD)%2x}ss01?W+UQGSDOq7R>k3b^tFxGlY$l$GWT4p+O~7)g7Wf8NP-CorayvU`X< zP-Ba}Ld?it*z`Y8OOcWw7V$FsHU`V4P&2k#ts`LLPGdmrlzy1-mE+fYg{N)313EeZ z{zT%LJ&D1#Brgr1kZ5|-O>$qVtwgS6(j;n-{mBsr{C-!lq8|_ zE^Vi;(7bE_K8~npomDI z#&QIN$F!)4qFV3WpxNdzH6wmfiyzgUI5w5y-a79cIz-Dp+~!Gd_iG97Q2JQAr^|M? zg~~<~?$&gd1ZTg$UbC#x1lMa9!^Mt?EJ5_wZ^0P7MsFMJn0$MyA?xM9?;(YbxOSpt zU0&Z3s1_dnMG@dw)XY0hEr`whi9>vdpDg_D2NUfiq{u0!F&-_b z;(M?Fly2Tpk?BH5Q)DWLms47I?C%liZ_IIab#;nFxJ;NxZh0A|rrgfr(LfBrBu%j; zxx1F`)>o~+lW~1cRAKKJJK=hn&4VlEdNd9~ewjHSEnOjPnZ7a;Ne8DWQF<7-=2NgiG9dz^Xm))aCO?gIGfU(TUx+w2 zxh)AQ|2bI+SBzUGq)Whr5!J(ibxlX$jPj%1-B!zCCQAfoc$0p+{hPHFf{6FNw=!`A z0KxIQrtvv+S9d`0fqjU*9HFe`$ zHoQexD$Eet?I~3AeJN)zHcWZC95PD{BVUtJmg_z^+m@E?$~4HbD(^cs>ke7m4<%Zb z8n(M3ka(e^+O*%_mnGKd@~@O5fax(-g3kiIPaZlYH`ok;iS( z&rt9bq87rAP1EdF?00SlN!X~8d<14tOA^*rKdp#vdLF6qRc4?Qr45TRWr|F^rBnfG zN*u>YxOpQ>0T}w2=^K2Tlbvn*2MK{c*$GIo5Df7s_0S@hfApjq-e=#CoaVW~6L5s| zM&X4Bc7IR{0BYLpQck@jYaQ;*qlM$X_fMx|?Z5u1-#65*c6P>kQHVmul5bhh0j9*W zCdWY1uM_>$(D0Rm{;JPvOUcjce&g#KRe|=XRL+F86q{7e#++Lj<3WXXb2^Kh>ZSxW z?w^Y5>;xKoQ2zROJt=aj3~ix<3ue_@5)b@nD!_yk`I_m;^z!M&=laGeGz*G(lx)4f z5_!3`qL?gQA!uQJRbx1WCoBe2b4)48LWioi~$@w9uCf`dC&tiE=ViG18vs%iK z$ybISJGErD^l|gvRGS4zSblVw&H9Ezv50l-QR;;RC?x*IAsV^ikA3jSk=SxJ-wHw_ibNQ;H}pv zTl33CGoq;zlnN_K|A)a3WOQ)I*C?D+b}tN8hxkN)T0f&s|jcPJW5$d8=l zL{WBvZdG2o+SG+m!4b)=0Q#s_TQa!9{23w}5`qISd(EVY?H$SBIF>_Yi&PENJ9}0` zv*e@=Zi+DJ)#0Q&Ew(H7&o;VHK3O`|EkW4;G9GnElc4@{D^}ivQVl zwssfRiH5`1QOlL9N3eumv*a@3y`y!e*`~wQV2y5$qK~Ujk3VXLQB_S&S{I<>=AdN1 z6K#5?ef!sa8e{obRT?}H;-oh~AAy6z0!RLp%p|$hX{XstTS;hS{+ix%LsY{ul_I4t zTOg>y3{NLBdb)gMNm()6y8o*h`AbuYp0mC2tE&%Vvq+p-d6D5rtLSSc z5*kDuoj<9|ad9y2#P5plmU`RiTb$8mY}LCSq7S(*B55Lk$=zF~ST$QyWD$99WG=C) zZqkAGsC`vxRn;sl-`KqBtns!-jHEkMzbedU=SxRQOBRROo6~oA12T04 zGq)mzWZj)mHvHelysRikevnD16sJiV|(?02Ib48-P+{qE(E=9dTf0ekUI&@q2-3NVTFIM z<~893=rn#?x<*TCZ-y$Csrr34v^NmL zm5<7C$#pT+U#osLt+AZS5tIh_U3ZKGFMVCRG5=w-$^5f%=`zn#K{XNqFz{U-s+7U5 zNO+3O^H)?{sHUjHd&Z3N*2{yd<?Oc2#ZN4B9SFlYJ!I-dgQ!36Ex-uOC^Ld{pijy zxhBv6+|woG3nBP$CZx?UQ7E?r>Pd+IVptIwh~;S`=G*J&c_J^EWVQvkJexGE+mlbN zkjszNTeV!8mu)pCi$rA~F7cV)H3bA122~%n)w1A$r-F%uenQ_QRCfGi#~^WkdY^Xc z-AFY(KqPtsnyA`s&@9qa^6xYy>%O*>5QH@5A)VJ=FYDHBW>6J-9f_=nOH)Gg$Uoa^ z%P^PCT=cib3%D^out3;OmmcN)cFS5GggIBQ-i!x*Z4i9MF|LHg&8}<9?qy8{ge6wP zN=BA$26NpCbVl!jZI3gc1`YGmIFW{TnAjUAZsv3veI?VmLi!7m8o68fY2GoyU zzBkpvnn|BXwcJoF*1JpKX}RjATf9Fa3NjiT3Q$ejx(zdG9#_vV+CZZIcvO)qdeTeX zj8PqSLA$#vS6u9NZ+fd_;u3o}77Ka`KHBtqZzUk{K`H89&a~;sx?rldpL!Whi^gs` zSLAjnBmH#K#Crbv!6l6|5`V2d0xfC3waRt}n=}ZxQEdX0a9zPFOJD^F| z#}ZD1L($)HGZ%Jr#g2oH`|KN=EVQo};>$?Mxt^qpjC7f{u-EH|B}3upG@tmxpa zmdEH2$$~-`<89SJl01VXDjiTV3hijHYcibKx_gA!V`62)bMQ25WJ9l)AS=HqjVVJb z5(G7#H77sdu$vJ22?FT)LLPH{Ar6nHyOq8ZjYH?#K4RpARz64W%Oyx&DZNAKZi~MB zqdecKPd$RfH1W)iszU1%Yhc&d2adbiSI30h`>3G}U|dslnGtwQA-j ze!)R|#B<-0z>b%R1=uUx05uc0=RV_I36}0&N)(c^{Gy^HG3_@qPocm6Q5NuDvj0=)e=7XHgnX1A{%}@V7uj+wPJQid5QeTI3erQc?N@4AKB@C$C_&dY91abU_486v7qR4~^&q zypJm=yqd*40xMc>()@4ddTLIdZCWS1X*d}_?pr`!N{2fd?RmTELD2;+fO&R?f#|61 zc$m#`#R=waDLo+)=62ypW%nQlj&sXB-w1_5s|m~X3nM%{{-*oaO?_!_VF zW`%S*nz*9vmr!Ig;zzFwLHa42B8Xeb?2}U57OsRJleHh~TcgHmT!PG{~ zW(SUEM77_dB6B3XB5yP8j-ot8-v8!^&z1kW6Liv{gi%}4v$wF8G)crJF3 zYiy+=R7g97n2e)a&QTi~EJfF~sdx4_dta@!Z5yG)qSkuEBo!>o&5IWrjp#H7&p`Y0 z=aRz0Z!mB)OUOL{Nayy{0Zjg7bv9gD84ElNyb+tXra9oxcmni2@~b6YmtzJ)6%!RD z|1C1aNXD6$jS4Df&C0wvEUA7hCKXnjCc(phe}tEE4@Fk4APxi4(vU+1*~1>Jx1F+8G(TJO|0eHu6>9L`FF2SaCSM($ zeAB77qx7h@2BH^GRJRo+%rT^cjKEozRVFg{#MTF0iWpA8J^KD|NYEqW7P_?)(oEqohe1KE#k*cHa&;X^%hz`^v%IKIkf24E^7clnq02jX!V-=>%!mD3!@ zHBw12C5oDwBh&d(p+Cr0e|=I*3>?`t7)@q*T~1FLSxNq_rXMZRz@EBEm?$Y;+^reC zz9~cGzaTZ$MgF)WsrQ$BV^@5v{_)(%!6+zFq&!*Mj-|8uhW+$w_f8+d1}LYU?61tL z$LB}q*jVKX@2rTjwYR6u%;}AQip|w;*8I*=#N)U}+ao6oSJJMEEsQAdQvb%p_sv&n z^iiW#P1j?1sRlYatu&Ea)66=Vvd*G^lRC@{)YIqGu>@)Td&WeO%q-wYW>tqTkmqp3 z0#5RcBLJrcj69b(6&-in9ctT zxcPeeJhL6a`}j-CVXvD0`N>%oa8ATIx%hQ2fQ@luHq`L`YKpG;JiAj-;E_c(nLV-p z8$2kAxIe;oW$dUFnDPj-WRJJmX=pvw-;3Smv7D}IAD(Wo<|jf$Mn?9!ni5~_E~iE) zOn1Q}iWaBb{!H3;i*of`FU9~=p~G)3D)SHRg-c^+3u<MTRg0wn zVR#N1&H`lP1bsi2R!av}NLE9Eu(@`8?B4iilQ|*u{(J*{JD9`~n^$bXJ*R zu=RAD^VT%~%0)OqM6zF$a3{e>XHJZSIyP4s#FNC9+v7Wbq+|hqi8=Q8ig{DWx(lGX z!kn))1`|_TrJ4cQG>Z`wjVBzv!XJdPFRHPn41YTYnq!Gjo)G*L%m*Py%481p^ZBrI zGib20S*cKG4Hq%d%P#XZc1BW4GD|^@il=+%Ce}fW$euR%n&~&}Lz;uKZsMr=>k!Gl z$!c#2NtJ&G$#7wPe%SfTdd*$oxes0Z-nrK9_8g??ep>v79Rux3`u(>k9i9}72JxYb zZs5_pf^Jh9dXzw_1jP^c((dXxm9E!u>1(il@)4XVkm=oZIEOt#;p_%*P3`8@O|y?$ z>c#`VY^{HG!uPBk-@SYP5%r}2yA*5w;$qYTcJC~Jy2kO_Fj{gWhJj(RA<}#)U~GK; za-7GAvp|1y^1ITT{?pU<@^cj@tJ)@RUx5*(R}8Z5d$B;KVMHBE3y1H z;fMZ}T*i54{(?aBet7~uh&Z0HOcBVLDU1deJR(B^_-&l>NKZFXGszz5I3a*NbG)+G zb~)a=wp;&dwl1!^Hd$Fi4^~-ba(V+sWPk4Zk;6$70lV~Z@nn!mKdDpn@g=kK|IsBP zl(YDLf`V_`)s0(dbRM4j6?X>IpLl(u2JgAjCAQ?Mpv zfZtokER8tQu=wi7#x)(X!?*Qg2)SMm@2=&U_}B(>j&jhCJYlpjsAm+o4=9yxXx- zwW?xm?-u)dr(3GV42-r@gKZhYUUvo?Mq#{D=ba`&BKY5D0R)MO<&Wjh66s5}dl~fcG!2#KMHMhZepu5Uk_C`qmE_24V&@mk^)={;d&lby7F4xG zCV)kr4tofqhF$fO(@BXVQ)=CxiG{$!vCaY_}n{7;0Q(buKTJ=F8V0}a&n_-tEa-p99I1$>e zc;Y?>M`V{znCbZJzvk(lOVX0v6pvP7wqr&Z z;zDVhVNtHmE?vM~a*VkKq}<0E@$7u?a>AhO?l;W)@mxg(Uc}RQ^8#dlZ|l=Le=xyn z)n{}8kDU9fDfAPw!R*v56D*|E7RE+C(Uj6?!w(#pz?mreOr?Z5V(@)kXEpA$BhpxX znig9)#NV8H`J>s5Rmmr|vtLKJ8Jm48pu_@mbWSVQ*mO4zpfz8Pn>Jp_JC+ejfqqd> zrT7+3xJGf2dTT#4Aa|wz==+4j0i3V`y&p2d@Dz6(NWBFDR-5*v+|GdwF6f#nXRXS9 zgp??SVN!7H30H3E4-eFd6;8x*o{K#vs`eJcHlQV{eS|DDw0g z%M8N$aYQMM7~ldU@%Z23-w3L|E1h%SdXr;nJ64s@{@4YI4E|j4z8?<@LwNV+4ItB& z_%-bXh={=!Oktw-s0BaE&QMpOdE9SMeQIsM0;j#+>~wT8BR0)@>XY%bdcGPR*>BLQ zwQQVw5Oum>kWAUq;Ay$U9I=X`?8trNabiLr)DXSRZoqP-?PH4vpW5+wR446E>|p*z zW~QjPxO>+jCOMfp(~7k3h3}#B@qKE+#!OZ|hZx(JvsX;85dIn&4dcTW-1_lP(y6x% z){3iEIfv=16S7G`Gjq5OsRdskGc6($(AE32x9j7+;6zbpLkyL5+`3kP%f$B6-ffE~ zWSxU>S(rus`vS&0KxEJ!&YN>>u&2QC+ZM(SQ|q5gxM{6xKUEaswS780sebFLJ+2I} z^SzWG@w$tErecUlu-N41#z9b@^aek39M6w;8GPW~?_=HsRILQP8DRWJ51&^DKKOeU zcpZRW=DBxE^e5{Cay!iB`^a@#*Ko-LYcE*K0CjX4!dOl!b9Y*a{LIzUJcg``#=Cqj z?={!Aq3&t_-~mMg;Db-T9w&29Z(8M7#J^oOhfL|Ycp~zPqpX`EvzeV^WH zHehYaNNg|CfTrlE;`I8l06H}pcGLkf5Tl;Ay{LvegZj$0n*F2dm*!^Se>IsSB+;XD zD(q-R7HmlixX;{I1NeADmU!_2LwT?i)|9gnBEbv$AEKUl1qOTNFtd%nei6?}wc_YPS3s;D|0rw9b9 zA7c(_RT)+XV-6U~7IQA1))@=MV^K?n-Jt&JPgYk;MpuLr=+WtY>JVK&Du)hG5Y1Do_Xh=NlZrflx`1mBM0eN!5Z4*tpF8uYwgyD@BfiOaHg)O{TW2RhBUW!orO8klrZiCTyGJF<%H=4Jmg8_r zvZqrcU8;XWPo>*UdNcnyj4EP8j#QB=euSwrETxpwQOhfNUX=@?bLH3;gF=tb-|;51 z{T@eUP3LJh$kNUX;n^ea;)#uTlY19qoYxm8O5(#U;EBI5!}V=*26Yi$wKo#_zqu^v zkp=1@g-`RLar80CJ;KXY^*?;jh(*o(QJ0<2)P|(E?Pb>D-3Dq<*TS==Q_ZG6NjKb3Kv%{b zX~3N-WU|KB+4{490twR1=-06=#Ac-ORH68{uEE_4nZC}B zunJ2xvH0c}x4?vc(s6-JH-qX`s#=;bKLh`;nwJV=(Qe5Qh^}WG8&fmRM=VUu1vbwc ztHeqzaZOJQOyh+y1q`6sBAM#1(AXGI{jb-=86~({9t(y6z>>R%BlS_uw%8jxjMZ#I zO?bq0&p`JhVAFnlT6LOva&7X#i4xx92n;pV?u&~S z9Jv0aJ@B{N+l-nir;aj2>X&+}!#8{N;=ca-koQMRP37-D#PyUXG}V5^b-6p|zrTv( zcN(!hNQfEq!-d*|<819u*eV^i_W64h{NY4P&2g?Wnepn~NHfP)Bfv-Bl-m<5eVlP$ zG@4KlKZKyMTk-k{ErY>RX^eYM+aF+88#D2<^^>L>WYpQQ?nIR#-VNc+{UD?jkR-AIyID6PZg77{PKlk!hSFS`WU?Z0||1 zZH$|9eGf_V#!^3*#RweVu3lo;v1SwVT8q)T1uMB<6da{^?vUWo{glMvjtR~Em~E~8 z!%`Ei@d>7pmMBDzXFU4Zlx1s>#_M5_ZN;TG(um@bdbKJ2iG^y4iVJt7rmMls(z;)) z=ap9IyUkr}crJe)eYG`^;87Q2m6apywq39)X$IJla#-NNH6e0G-DjJ7L|u$c;Z ztftAiGGls!v((_Tve5PS(gGs@TV_ul5H&CDYnNe5|0^cyu9KD4wQLLC?t#M!NJPvG zU#0?iP|hn{Q(xt9fM9{ADKUQBKiDg_p-?tH>|cUrPHTLgN*1A3_Q(xayo7|$8o(VL zRFX;$vp~7uj-p)3J+^nm{m_4`cfYk8KgYQh8E)EDwRt5WMY^m!+M^=+qZiGJ*OnwM zUGTR)+@pfF)?k4Q@Us~G(>V9ZnA2xKNR>u{e1;{GI zKIaWqVl$icEq{i<&5CmpH~xnY;09h>KyFcMWGG#jpRxKYR9R9&9X5TRT(J(-xJoV1 zPjw*2{b#)i|A*Sz>J+X3e*J%}xc?@!oOnZyCNZs?{#xd}GGZZ_Hd%BoI7!t=qV}&L z0{=FRRjigk3)eUQVcq(&fBrXdcGXT3Camp^C^Kg5z=roKw^fL@-%??};9Yq>8cw`* z)|40UAAJT{aCdEt{5IIHVRf%9=#%66AEa8yi&$1^$wfK(Mu$4D@_+12vnva_URj$-rFA0x>LAsN z#^59I*f*18#jSsTm5sHZXdM@qK1@RuMfElOd_YrIQ9~7uIytdFH9_<4P8TsG`qut5 z1+?L`|6ettzgMG9qS^pY`cff1KBv1C)CeUdRR(idfIBz9+sxpBJ9;2OV9x4fA>p=6#|i$_41wutda0k9 zubsS$c_OJ@`6tT|gmT&&I8%^CixB$xt&h)X_1C?BE%)u}T;1(p$~We-<94d4RWvqf zePtleiO+IJ6_4iFa$9%*QIa9VnJYB1uL}Qfj`7P!o*X6_Nj7Y+B^Y_N8j1Qr-$!#~r>6Z+SHl+whM%wU>C` zVl84%I9pGXoH)is2p!frxkxY3#2CiUCXs4c|MzLwJ}ubN8!jPaW$C%TG&uoT+!4q< z{wOuNKH`V@nLD2Op9&LbU0?9ox(~`x)mtz73#DrEp)A!rG3K0D*EKX;Dz)v46%f6= z+>gU-$JrK6TaGGPVXIU$^z?nqNKZa5u0F?m7DX0o>YorcCP~?{FGb|R2z!jBm9!1`f3w?fDo?81a zy?6j`0ck?+GUx&xI~y)86=K*H^m~<+Pm$`ENjWX(gG16hO>pcQZuj|I62n9i!dbQ3 z6!UANIZL&74)YE{5d=NmE1$a%IL|j*p=U$bwUP%MA@SS`T)z6dIqGe&J#gJ-q3y)z zDd?Zy0Ru8!&gC#*AQAkA@X5+Ab{GpBaoPr}@tqWeb7vm?eVJ6L)EH!FTpfhF6_gAo z0u^og-)MGJ4<~53_0RFYtVpppJ+Rr>xj>qWy4EwAfIyoL|IV?cuE0VWo;;mgW2dtz zMAx&%gZwnR<78rYTOmgNJ)Bo3B*9P)fC7oG3Jzpj+d5x>bvN~bwyvMtAZktJq1ezz zxZ92!p57p2Dh`&j)l3S-fp0U6kO`)az8g+#@n~G9!8B|WdNFSmOb-&GXOd14f9HPw ztFGs^^BciXo_82Kw}+>s<=UMg_%`j~#y~n;_9td9ZCfA5Dc;kLN5I;>9(^!dG?D7{Wy$orX;O-$$+RccXVSOAi0%GYI-(f(WP@nY$cQ;P)CRqNVW0edOQ`U^oA!i$`IH@a zwN_}fyw)j5`Mzpv>e9#C*Y@-%6|u(jW~~&k>yuHh+6(V?u&Q>oX++u4n2479;P|*& zFe?&4APDdHoiEnl`6Vq|uVoknZ3iLF0Cu{%l_;E#{G)F=H?lJYJQLk7_w?EEUM_0u zSby9j4!(;|o$DOKV`3bKtQ;t5wPXZMX{k82mvIA`uo=m!MYzfi9`Ag%-&#ej3wExi zW)6pzig_UK%gy(rTdg@q0A0Oq<}I5*bp~dY4OY6fVKc?*t|}dwSmXK&*}X=ogd7VM z`DqlbdA|+$jaR zRVEy}L{oQC`Cj#Q0^_X$ojNQmo)7Oc+^-p2Y#uUB+aE6GVl!dC)TSIEvf@B?KNZVF zmNL)a^+*Bpo>Ug!HCO5Vgdgs*Lxk&*cMDQhclw+QY^5;wE8wwgT*WP$ogL`qPow+U zRF0^dDRBj^qc2y^A&24MLB#QHc?qwzD0(j`UkfAd2pXjYr!x{iQwpHqL7X{$aUGC`7P*Tieo9+V}uf(5_)o z(ON&D#`HyJIOePreQZhqpWD89A7$aCGzD5^2SX_FDPVRf)0jxo9o^E*G9 za+id{l?!Y>Pi{!?y}q)zA@78A-i_tFziOuC$wxqe=rS2fxFO|&1jpMjHA}az=Z2eW zFjO=%0fd@yhbDVq?IAVmlc`~wELtP&=C1Czg@eTtq8|TtEk_QD80<`$_x(R*g^_kS z(Gf_tvU1dN+`%pZ#XNoDkNWIDoAy%vXb#Ip^z|G%20Zb#8lM@|T39O8?Ttm~oP$*M zg6&fJ1B1$Vx$k`iMoT$;dc@a1HgGL7+@xu2;D#Ei=J>V9wq_pz|NQ{UI_NB>qYo|U zh9FPm_{}iwa53}p{(K?owZDV=Q?sZtZ}7Gwc7cwn1udjjR44NRV2!tsuQ~IkVMk@7 ztYl*Z*Y?Yb7YX6Eh6C{12Z=(-~nl6M*-xa$!I_?2Uvh5$Uy)}wNPVO!R$;r_XPWw%dwUdIq4xUs;N`JpJ z{zUr&B@Za6)(5K6lY6Q^9WLTiDXcOJu*RxWgey`+4hVLZ^E{NzP>WGvLXKNX6xCVSX&YP)BcHU~DP`A-tfoF9ku4ca?1;>J}qU zcPp0(`!!Xe+de7XLJ~IBmC@3zC3PdWeXSMfB=w5@77WYtNIF{jzhy359$eFQV*R_}AFLIxO z#R1Nis`huImC5_CVQstk2?2&d8wJvpn4=1}k&j%7fJGTN6zileQSGQD~BAXNq7 z!2YbH;0{!|NW2J&=Z6iK#YnGCGonI9$QG1Q zUMrtO)zkA=bOq#66iCgs6k@UHH)RMS!=k9QJO4?R>P&L9VxK1AbRrO-!JY_|-z&E40`+0>BlmFp*s+0pHT@>vuDfvS-P%wR1C z+U+ifpZ;QJ$Gsv=4#Sxfom#>cF+YXBe>*@S^!|85F{mR3>cbfxcKFR*G8|@>FdJT# z^#&fbIf+5Zb+!%UV2D~9HO&7gA!xN{(GA5Koi%5(@Tqm&Lqx(~&fSChuTS*WstYdL zXnKkh(y}tv@YVa-wDWEjFSJnmDu@KbqGz&Swi(4CpvwKlMtnc&ja}lAAStj`P*Y0+ZmUndt#=!T*MQ=>*L%{_ z-F|o2el4{Isg!oAz|t1}#w_~N@x3{+;0dqaz}W93&krcoZw-k(L(oBuRTguUb#bFfBV|;^r1f9uRyzNBk zj# znnCw;zSb}UB_r=vBB=##@$qpK*qQNpo49|oiuB1KTpOhA2^mnN%Ya8F zBC42v-xs8qs0+Wy!qdG${ONmLq2TVG!NN?r2}QS`?q9xr;h2+MoYK>Ak=x5l^4YPW z;r!7on8N=5k`21I_5ENn%A8&?Ed5(I!Nhe*Og98;)8|-cRgJ2&z>h<9Bt>S*apwyFCoI;&vnY z9bG6OVg&MZKR6Jd;vS2~*T%Ze{!qK*R^UhTdWjDxC}s!CWK;gFkcgQZQns^jRk247 zdC&Q*#ix+sV49b&rVe4ucXRokkMIPGueXs9`uz6z)h(p^^2KY_S*ukwLTrAjNC@YM z3!3NNxL&Ajt)e2~hmXpC@yVk;1XWP;-FJ6=ymhY!2J+0*p1)C_A{142!91A; z$Yy&;=y4W1663`3T=jF@?43}K$PrDM{@cO8cBUx zORm$L%SrL3LUo*xJ#X0$b`B%_lx-a0F3<3n)0c8~KDQQ>axX|$`TUnV=vthTSBLWn zQo*hcOJ$F%lk#R-+E%;$Y3*8low{DQ){+RB;~FOhNr_`72Lr2hW~)(YIotH>zyXo; zR5-G0pi`E96DmYDU*6c620d~<&II{+sRqLDPvn(mR>|I>R)biWGo7by**9%)V=K4! zbC@)2xYTU52{-4xsQdj6Wc_JJL1XW5*S!+ZM+Ib>ZvTZ!V8SLot}9yVSa|Wk_^|p& z@Tc5^<$l+cy0a;LC{D18yoOZqfWt)g#g7+xd6HzZE7-Pe;P#ObX0pgFc#Xr*i#G1DyY~xjKGSq*ql4rCPQ2eo zrr~C*OPGGsIQ)|yo_h4<@1OR;l!;T(u<+Z$&i<(OgF4GogRtfGnWRWf!Hrc^z(#SX z?TpVx7ha{$Ln~tP)mCjtjvvXh1BEf6&UcS4!#+hT_U1eY z8>i?(zfW+EP+l44ZvQ-EWB>j4?_xybb-U&q!Gg&$EnpR|I4GXpD%D zt$}D5ydqU9m~jp@$++U{Ie&;LI7+2vJSz+*e_HWY0sAPgo1Lr#Wie7I2jt}qgg@|J zw`I1AH`a2i$hm3p>vsbfJsPZ~@X}slDj}mn@!wK8WqU}}g>Fpl&h#mu8WN*f!ERZR zw+vzwoDpP^@O2q=M~g8s>(l`{L2U<7 zx*q=YCabAOTn`o<0!hX?8Ls(qDFhzQX3|_|0=~@VymHDu2H3RMM`^t4DkTlyJEx{lUA037#y8NdDFm3m#{uqrU{TKIe#ykLkNw z$y4poYPV1kLagCC%m`Rl!^ra`Os?`m`UG$lS;$_pj(W!-J(Lc#g_&f{hdkW3GhObd zB6vQBK2vyC6JJ6a+}xhj*lze_hoW$8W@-pbI}&)8X#=l9tBqDj!?|Bs5@j=U-7b7* zp?neoW#J8Mw8*GSnLJvof2^7s#Yb zk>0bBq6p0P$znxpp%`yiPkWnW-C$rx*UU?`P61VX|Z5UWE((W7lFLjC8HZiP$F|spL zITxA&oUP$FBs^%Giz6#OW~eRuT*4^)v4dp)XyWxRI9|5u{qvX2`)F6@_~_?5c_V7A z`;}&P7JXts<@v=*Q^F3ZZ7Q8!pKfQ=(WBmu{qkmG0j_~YpvwG2x(isS4hp5(TLq9yevbovYhmg zl9Citeoxlyi%fY(+iHK_)SB!@;AbZM=SC5n@ID;N~o4F5#Gshy?57#4}C_| z26-hhZGYfFBH>jJAI{9)K5cxQ2blTrYDG#Z^3vuaF((gP1HY{-M?#2h;FUEnmS?d*G{`k{bf0VuUBF2kcHQ>CBR99@>_)?Ly7*+Plb_}e0savANsjdmD; zd}(aG7WQmo+csRZpshtuF)2~hK-)R{0^pErangM+yD;rUiAz27Yn0*hWVol1V5jTQq# zCVD^OQIu;eRiQ1R*wu?fF%*81Qiw2t5YTfJGMBhlqp4upT!qCgR!2z@P<=oOU&`QF0R_$kac{_g#a$aM~vq? zv^WyXMqc-Go|UdAFDx(%ao$F}L$f+o4Fm*XL^ro*ED;JTV&&*@DyA?-tg7E_>56=< zW=y;^?f3G~Y)iCyG8=^@H%sHrXUpgf#6-U$<^}lOfpY;wz0sdqaC3WcaKWy@VK*Gz|6PuKf&tJ&!E**YWM;&@Qx zzD=(O!s$}S`aiJ7a}Q z9mgoCF9!ZHLo|!k87}Z3bO9K?yu7n8%iRcDjTxTjIl)--o+X2na5|Ka(H%~2SIq$W z``s_t^3DTEM45X5~z0NCIe;HLx9C1yA%3)T{mM{be|h)pK?Wu zWYn_0+U1Jq^@N|Vl7&F4Ew?{7tP4(1>`TOm<|h}M?Nf$cUhuKTVM@C?h72M)XMbD) zgFgdbb@D4ZJ6wq?fA;n602=w_r0bUYeFI)BDM2*rO2mP3gY5`Rwv#(6g|sV5l`4O} z^|t1yI_l0Pk}tP(%H>SNJw7RGdWIMF<{!c34PLiSYr+Cks68M+PM%s}7g4{vuaqHy z-RXnc)=adXgExZV+cSjsGQ&}>gqPaSfl>&5LhPThB3-80qg;svzWUU|^pV5shKA$< zK1UN>JRD%?W)B4S)%?x*37=c^b`To|iyM^ho1gd16Ay?H#{GnWH+?>^d*4)X`21O{ zRs&IR z{#SPH*H0LE_X`g~Gp*4I{l)splT;4l;~cZk?77}{e3`mCeeejBZAe-}uvlX{W($DH zcxQ0etvkSWkG@Byny)Gb3f)k{4-KbsU8?y!$y@ z`DFlG@m%z8p@XSSYs+LP)5RI@4u*)!>t-QHtySC7_>?T+l*4(YCi!yGg6{4igRaiU zg+6{>&|nL-JH02Q3^~N!Z=J}S^UEUs}YL(FngSWo}Q=FvInz zPXUBnnzy%t>BxS6jKelD5{9=fG;Z{8nwuq%a67K4h7-hd@}sfN}WlcS=0!%A*Fi1ZdQ)|5%AiX=!i0C zOGHl|W&1p)z0#A&)}1azSAiZ;2A2_ASm%3z@?`f06Sx)lJ5QjK)s`OU%hUT)i=K!g z+`m*fMC8*`-F&!Tqm%to=K%}Br{AL@kSeyXM8OZwrYmy`L=2%wbp-&I^PGp*c?rvsbHxntnYwGl}M|Jm)4<5of{yvx%wOX zY=LuEDG{5OFD^n&SE3Djsh`c5782eGrW5Y>DvtLJ9RIRU4YR#LFjtLjF{-M_+%84B)y#%aN7qplZWGs%ph%+@O##&=i$0SzuyL`#!T+cbN*#};Ie(I zXJe;?lQ}!B<9k3rZhQGDOghihC0PdKar5tE{H4U5{9og0|B%MC~K*sfnM@- z^2CR4)=Sh{5wfcGY+)=;JCUbK8jXe|q|FK5_Pmf;qBnie1-`+%U)X4qtJbW<5`ytx z8;BL5D&K0A8jU9OOz3j5d!h@C}3`Z@ZDRUnQ&ZbY__?U z&Y-`4@8-F66!@bVk(dlodi(e|IL#{$b55e5qbk~#_s`F#)R1wWFGdq?Y51)JN6${i^?EYQ%w>WD2U_oU{sn#+O6q zIjB`pP}B}7d>+_dx5tLHBjV%3Zy1!dcW1|AOL;D(G#L~@NlMy3#TB>DeYUYN`oqTu zpOOEEnHt6Ia`UlZP+itk6%GyzM@8l26F3|OTBIaNJ`)ZK`i`86ZTE6NaMH4Gb3T@z zkB)L&YGjPtVVd zK>7mu>yEjhfXiCn&_JJ#>;CFluu_TP4Lmar^%^X~u7V)1pbP|$?-$?=i*j&m#H{g; z7_mf2Alan9Apf8L$AJy^ZJ+Cr4?_|`4xc27N?khD$k-U5I0E$LRi8D({`rQacQ`Am z;*=ZNi1L9pRce0egj?BBs4C#3|NJNKkUpna&9!qcZQA;3mUo;iizmk#npRO6_i;Ty3phLx{Wu*g=SlSHm!xvs)r96 z4$?70d5Q3%nu6RX4-DkK=e0|k3EsG|Nu z#)Tg#)C-vZuSa$9JddP(GW~s(PS7e!=FEqN`4H^nKwKl^HUbDU$0qZN^Pe9`h-bhn zR>f^?@kk3$+3e{01%>Qubg>RcH~=@dId`x58Vk42!Va7i)FXrHMMx*d0wy9PzrW>i z4%=3mbc5bJ|0N{JSQJ5OlmM33vHkq~E{YZFp~r4+p88~n6cu!1WM&btaYJ&;Q>n&B zCg}tbNjf{dAz^L=K5+kPs{Rvm)#X)@g@_FM5o&57HJDM<=wCcfYi;vF{80?oX`-%V zOo~rV4qhxnLPC>}&!r>G<-|QWG>%hK4(aF%JxL9-Oz(Nq8T3e0(L@yayK_VCJXdwj z`T+Xs^=Wu@@H6+^v}!MTH6RMQ>}^Czm)BYe9I8Z;FUzbss&Yix5O*iZ)cplyZgR`| zYEjbKijft{ru+N3L;ci#^yu^U39TT&oc%~D`K!mTPn3Gg0^gRMqg+x z!S;8I;I~{J@cI-5PHX;-eT3ghNCl-iN$^!TVb*zM6W8G49)9>-zjZR5Zf`8MA8}3p zXd+1l#v1)gjuO8X9*-BSfY}YnGWq?Nnchr;#sgojzG(N`jZiZlyNKhR2cFL>^p6_% z3}16jjUM~hK*_Ko=0ZgAE>I`uz7X&ifZ52%ftMUKH^U`xVA2CbBYyqJfe(1Mq3JI7ZZ^?GWd%qdKGE}WO}&EZs*-x$`}NeB!ux_zAc zDtKSDq$Z;3!6*Uz%@-eF4SSDeTTsAZy>oOdqt_5{K~N`y^9yYL*}R7zXxZXOLjy88 z8JN1x`u(O?Fav}GwQ;FS8h`S(kdM|>Dneta5b2jHSo6OF&7X6Auua{z|DFA>@XgnY zPphSb0#-2VzMK*L|G6Yr5FHe#>Ic&^WA%Skn_jjnXa4eab$9+hvzi~%`K%$j|1;E7 zI{1wW|JehX0U{|afB0*GFZU4))eZIqlV3>+>;KukomMzmhSGO~Ldg(b=vYxF9Z|~j z5(lkg?L3Ze2mMnoOENmy%)LTI3&a*fpQ5f+k9(6YkDd0 zAdRU0JWl%lT$lOD#2|oh^SKiGX;sC{cj&IN2m)x(dQ9;A*bKQ~?`}|{HfqQI6PNHZ z54oQz7QuKm5povXFs|6CME&pEBOppRaKFyw82_VY0I02BHi0C|FnoUb3U18L8_3*v zIgfP8a+gXu1yh?WV^fDk#CR1oRvwiM?zqY|o+aIqNPN&&t6)p_D5qs|lRw@>SipX> zgxzZFTP}p$>Yr@`#HA~Cj|E`_V|qG%#mWU7X!$hSjHRtt$S1z46l%k4kPw(1{AbS9 zGM`ocb|x}h$0ht~^EZEn5fgSDC6Z^C)};5R9VQ&xaaKON1LrpgNWLfUcF?5haZaPW zcp|ZK3G!ogg;R$1`>J}6jxQ(fQ#z5Hh=yo;)m+QfYuiVoQ^^RztU0kf&Pvu9o$qwb zNNt9R{mP}=(y1w5sq6(@QTr9+-1P5%o3`Kr{6yQY*&XxXJ&Qx>T&^rl>ox=EG@p zxrYwyAD00MTNgXV;I2$x`IMC9EI??ee9d4hMHPLt+OlN0T@3Tp|M|+sQsyTr&*W&1 zHK9^fD#Hqkgb*BbS#mUyK*R3Vo46`a3zG^PzO+R~0R@T{1w@adv*&n%^w|y_%(R$Wy&Wepjc0S^>v#Cgp9UQeNA?@Wcs#tq z`Dzn{EwRT1#+(@o&Q5DIMM`zP+=S}Ew*6bPLnGRR`o*0RpKepY5FiZv$^EU|0+k;$ zls@{CB|W?$vK_CRS7enT`i)`QcWN&mpAvhqJE~)|PY0nMVSBSmmQ(A!D0+bfzh`KK zpbRFENFm8Fg>5HyY;4K;n9OphI?Op}!i?=Kc66 zIHfaMY!HcdLednHvp6EU<#ErmA()Pcc@a~(w$ft7b-rY?cM?aG$?1{~RU)mej1iGf zFp9;f6wBoF#F^e=7xPqHk4DTqrF}H{6#*4%P6)z{AU`VAGr|U)>~Jxn5QEPn>ROie zk}8g)ifnZ}VY>cj`4LbuClMAaTJm}CTSFk3Xp(i%AlH5H-o&?;_&_``OsJy$vmNM| zBl|Sh>wSRFc#0W|My#b~e>KJQ-%K%!fNqbU;<(9d=?X>@qN$ka9+95L_NHm0Q+Xo~7Yo^rD!NwMt8@8zZcmGSowgb(4gLih#dA}vbm`g- z+bn>5^R`mUNS?p@vYlFL(TAL19O?d8W*BWblH=ZVw!sG}zMRmCnRZ;qK1nW_7^MW) z#$IU4?^@}~4pqj$Qz4q{+MfNC&64}R$2-HRY>)-6+g^(YRDeJ6Af54}&dj}HqUHLN zK!p$R7-towk+)X**3=y5@*B$;L%Icz22sI|V&%-sSR;^ny!sfDu%24&+oyphc>PVf zy@2K#1H3+n+UtHzj0vIoqObg`dzQkA*{xITC5^l76;2I*qg+ndnvlm6zJGJ`GlsW& zU!y;3UnIUT{g!ll@J>r2{`Lmec%>GR`9_6;4HFRo0rYmN&RI)`c=WMGG#OE(?@+=* zD2>zTHyyl{w5ID3okrvOyJG7g)X(@67AUo_(@2i9tmupfSAGZ~-saJc7b zIiuAtr`~Nyn`d|34AB1k+D@TjTxYG$myXW$dv2ci-a~%E;tFPbqj}_<_`Vm7KTnbDHzYP z2qkR_AiHMpyEU9bNk;^QTvY6T%32>~NSl3oZ?GG-jM1K`NZtj`-!Z zbh#Z;SAN!#bZp~8Z106XHWELQjIWyin`EZPjO)nv7Sk(6Ti_y_BXchMRs*r1xYlemXD*8q*qZB4!EhFDR>g0%`O zKiZW&Hal<8c)Af+OCX0LB7mMgGCs`)yeNCy-r@cU5=>=VhCdOi8QQ|v}$82eJ++RHE zcXA045Y|SX_28XE>(eoxF99>!fp791EcnKJOL(ct8RvpMTcyTV9x>0}{*Hi)hc9j* zf?0%$)(&?nl+cTV=jDN!H1*d#at{B=>upeZs+g*i(S-9dgJhoM*1BXFfk1!uD(5=_dsm*O1qW^Shbz6XPWK0ChO8g1$`o++gs z5*j*hgDgf)4QupwJ+ zj;1<@&5Sxv*ARIq8b44!bSL*$zmJau%QkPdGK?;-IX3_StWLBK?YOvZucJm{vYBCb zaMT!It8ZyP4HT^TI7tHFmt=_y`gbnCI+-RFa2t6l?uoDK`zf;r_^j2UvDU8hhxL-% zyE4e#z#KEX<_nE2$?mK$d(}U}p{zh59+b@y%P#UOAvG5c7P*!_>Re5T(Rn9Qj^q$P zC?#+0i<&zYE3Zg%&|wjHOYC?LGat{i>jX0e5R9NXZ13YBS_ZERBf#}oASspA?s z7rj=Ca;4P)_g$_~ewi;lYLA&))AcwSyxqxtm@>I)yJ(*@>;L5f2m#Q#EY%Szioz`D z{QPz7dX+Qff){htwtfGu(DOA{>5d$I9$Rb`^TYvVTfg3lC(sJpieUt%g(UjODAb%V7z~gK z@r?mf$nF?|VQ?z=n+2td&T8J)`+X9iJR8BTkj&?#$L_VUhOXM4Sz|M)v@Vt!P-zu^nSJTxeFF zk*;BCu41xFaDiBiylpcfg#CUm;~h6R{b{&@HapV9MH^LXqFsrBK1Z48i~fK<@P&!9 zHHL(N!EXdP4FOh~gg0b#W z0e%!zIB%9Tpuo3$&ddM4ma5WYs|DCJZ8zP=XHZGT=ICng4JmLtn)?7#v_dt&M5IT!m~KN6B7njy&^SiJ0B&wJmS= zW_txE{iLT+O!g*H7-6#9f`F>z5pZQC-+D1K~>dtGNgDDRvbtw6sQE;}-=J!vDf$nIz*}t>K$xq&b=N2dlBEaD@^7%@3Ink_2 z-XD&=e_Ym6($suQ$u?;&%WTh!*C{5H>fdgb*HzKU3(N@xW45&wZ?=vpGIo5lq%<)Z z!a6*yEZ-X_ew=uBB{7@Q1G`nV?kpdhcssmbZGNYoRj4x;`3b|;SYr>z-L?(-=1jDw zsPb*I>`_z%5{+r?zQawe{z`qk*`ELSyIZPrAM--lm!f^SRfqf}Mdoo>i=6&##xkcP(aT>}aJd79EqcQPjx z(gNHcwyJSB+!KvPDcCPnCfp6EJLXVGKfHi-IhnLruLrB4aP(L*Zs$|%w_nUK_$tBY zNo9=h<4}Yp42QJj5Eo5|e^xc4yE^}M?nxRe?96=7X}C29xNT+0h6d?Z7Z=GNg8sXC zf+eJ9gh&t}9+`$`lOSX!O`e-@${eE{*uj=5L94sa>G>-etc4f#mJ#hR{N42#Xg@4* zR^&}AA+;ZZSgH9*1j{+}Jtfp@$@n+_u+CxsMjqP3?g$A~Ah(hr`W2sMug|Q6q0vXD z+N{vXjWV~KI`fmFIk&j;Yt6~Ld~Ae{y6OkuT;Usdn^>{pa%KqIL2P6^^6yU~f_T=B zeskqU%-J7AtnIK6AlBrXm$+n~t0Eg8z3xv-Qj+rCvMOi{u0y4@2kfB(^kFB*b;qAv zHsC&mDW-k=Lv>x$thMIDm8GUa&5hTpu%z+QR zh*@3zqdgsV99bl6G6P8|qw5$cV_iN;O;aElWTc-drm=d)G23?x85MJ8#>iscv4tdX zi{&y9li=429v{f8sjRU^od?_p;%*wR+aarIB~M@Inodp-p{x+{*A(~XBsYjKOKDs; z_wz$^br*s|HN)=e6&rywhU~1D-|08RTN$^s4vq{&p?pya$o#o*F*@xrDWb&|1)xt~ zwaGI_xDby|`L&h*mL7%F8=i>^$To(*;EUrGEcQF5w+=gemff$KmQUBogA9a15;U!c z`I>=>)TZJM7VZX8-_@T+rK=AzYE?}ezDEq8C?neJFNnRKE)Eo386qfm8a1xWQ|jjw ztrt1?BlZf3pDCxiACS!I?=95n(EP2;BFr~Q=8C|%f3nZK45`aN8G?9i3^DIlKzTEH zqqDr2%$GZfeqDAvnasyvc0TXIWc!}tuEApXgNEftKbK4&u9oBoCb!9;m9wLgg#o9D zb?>MD5S?J15A`&l=<1xeCEgw`!!t_qLKcxwsI;2x2I&Yx23}gZel*|na|z_*nscC& zNtq*HN=IoNSF(1P9nGh~;`a(}@9aT(l@&b2))Q4R%5qlxm9Up~@YivThE(dMa9h); z=+7s_IbkF6^W3z+Zj!3wBdT!Sv8VJG`wN4%Ui|g zD2Jk|*tf^SAu426Z?7shaXM6STB)Nttf-{i=0cQ?;m^O9=kMX6^p%PY)wzB1F41c7 zj}=LCM*D_5=io_bOCv{2ALT#N&*VvYZJ1_>sa$CDv_-%1;2o9?{|33yaVLM3BvzF| zJdQoO|N4qG$AZF5UoLVOR({~5!G5~R6-aPbjJ*O-kP{CC|4UYi0F?b(C}tCbw;hZ> zlMswd9vBAQ|0S4!h2TP%)#h|eXyxL3x`3ybg&VpQ8;b9nN)@V##B;$gDl1U)R z92QxqPDFI(b2?K5t)+JLb~uCR%MoH(>Z-=efyHJg8iP0fw_$!{iqi0V3f9@n9x0HE z`D;=bW6+|ckUa~yA$+srnP>&KR4~|z(aSx4hB7^xs(Wa7JlgBsMc7e-8;e!^U@Xqa z``rd;SLP=Jl@$e1ZJX70E2i?n>cjmOO~ky@H_^Kd^?l24*5tvWYqY{qsK%+lq(Gi? z^PK?x;e0AuUC&Vp&B x9f)q8Ab4YCbCpQxlp!^5UIc0yVRA49j{LR$DQm zF)YTb-eq{W9Aya>XhvYr{dmGz{}bpk5Bn&~b$6!17aKA*+IRAYrni05;^rcROr#Wk4@1U{zA zCTkZ_%l338?$*`J&SZ^DRLWX$qK}-7<(Vo5DQQdA;eQ=;33_nPBnxdkUg!p1V~aFX z-UO~{?j6X^%>(0BE3Sb)9Y<$zf{h+cO-udBQ>VOV6;!V$IgZD2X9Cokdm6;{>3s+7U{ISo^_BfZx zoWuh*a%yn=ScomZdrZo?=~{g!#u`8FP@t;)UtkHdV_Nvr`F0teykv5O`751;s1emdmITXTJYAEk;895N(g5dbPxE;1&bbQXq1pe5G6`P;$9ZOXHctCtCR+?0n7i(2rqvmVko0o znxl3tLNRQnbhjE?b)pTF+xkeQFAAvnSrFG$rH#%Pl1C{muk1auSJcpqAr$^oO5hnh zQ|7>ICYMuET8qL$hTPEg^B$!AtCD~URn5qi85S>X;7Q5#j4O)2^sjGIE1!Jl^f-9b zn6P3+`13?ku?B^~-W?+htJCFQQbLF%8Ev5+5#xf1vbl@rg$m(on+PaILoWcI&uteT zmRtd)&36~(93IbXA|c_m1sq4?o`a}+1Mn^vD?BJrG#dn?-Q|u`Bq@N<H2f-%k#mgN54LQbN zQe9oglhsDlyO6EIY|=PfrP#L1ojxdjp^_+Toh;tr5JxJ7mXwe&-D|BCwCc<`Uo+Fq z+_(g)h~qUZf8cS!c+40U3sJal5gtoHFwu7K&Dzz>1-NJm^&3e9LF8vWd&>Y8bA}|Q z=$`lZBKW(eiwizBe*&5PtE!yWu_VDcM)sJ1n7>s);syf;)I=U977zTd?cg86zts2c>q4$mXE&8g{44?jMESJn`ww2f zTjipYmMu=-Yn{Q)m!tWUzFo1V-*4QV9cLnMN>h7r>oul_AU#KcQ}Q{@9NjPoldRGZbfTfu?mJ5Lo{{ zBg8%G{aHswYO3MxessntuZ`_VIwh3Qz8}hD2oEQmO7KZ3J1_{4=|rYXqfSwAei*+n zQk=uixvim|1Bh8>rp)e?O=>x8#&6J2I{6Gq_H;~7*g=0)JRS>aHzo7HzaCLW@Y zcpW=ja(_4%GxI>O8G0{v)rutj-dNMcUbHp*qTshe8_QDj$JeRo0U549=nvK{y>Ht6 z`f3tVZ6ifrJYAXvH#-cV___JoQmkfoE-)=u$2Sv?#wC^cg}LxW%f8bnfkhDGOmEJg z1gW!%@za|iMARa~bg0GPj8k4eBvCmKuZjwZbowv;AC_Q~{%p7BB!;r!0CDD_F!DD2uwB?sNLJs zgX2R3+zY$s_fO&h;k>fnU^$nD)>|;NUAB z0p@(G=ctNu3aY%)I=woAN*@dynxl&}wR%-45>JF{!qvIqsH>#P{3hLIY0&|60vowhx zUa|30Nwsq8FB3~7LxEziav9C`_!%4TA6nkzYFc=+iBHTJaad*WdsDgHIxfH1bxcvU znW@YNX&54Atj2;1Xw{Ebx=fB|%A-t%V19c3sh5P2tjyt%Vo)V=le^JuY7IUz zTu&EF93(_goAjydCX8Sm-$S3zTQWLTQ#3tUvhr+U(Ne}6t+SoYcMQ6B9%;7;kr2xZ zMk7kWKs~W;s-I~xKO@GnIkKNFvUN8i6S- zeHWL8^Pq{a25fuR=f}r#tRZyde!3pD>7WnW-CKk0Tf3)3nmsFeHu}My2wVMqHQ(LJ z-QfyNo@t%P{E^`-v#$4^tan1SiDGi#ST?U|>?kRtw86cY-TlP9R%yk=Fw(^zUJhh6 zN5+Vf2*0jJyk?*J*swW2qw{naTD`^~C)tcKi<0cYv+d2{#o(Hm?d@Uo!FP>sU!YgW zP42G=DU{2PD71Ye%IB{B2M_4i!vODOo;!9f*Nejaak@6kSwkF$+l|K^BVx;1{aK`B z9MiY#2$8`Ih2Na3-8BJ+O0q}w8n!>6qR#^zAK1}! zaIrJtIpq9aW)Gi9y;W_C0%|+zN7Tuv9G;BY8+)iFo?#HG?c%1gh+0L6lt$`Ae z=bMLlIVAk5nazs(0w-G1=L?QZCKI0TwukLe`{CK+dwETTv4-i&W3}bUVfIQE!9`|C zXuiWNc(wZGyy!CI{IKlV&?d+rn-0&_>IA* zd`_%&@KVaJpb5HI}iW9m0hN`yCW?LRB)}%PTZ)r_l%^`qXC86CHtTr!I zNQUpLmL!*_$K6$iM(sg65i>O9hQlyj>;9M4tFsQ8fE_r?qKI&%XJnCD)^sO)%k46% zUq9w~@A2i~0e(*8AY6oLUY{9O-mhJkx#rj7y+~n)YP93Dan%6A{zU(ER4=&{>LV zy{i+Gg#_fqYHN1OlXm3t{(f-Nb)EgLA)f9n<+vu*Ecjb(sMu`*G>askS9GZE3zb=1 z*e3O1pbm?-^SV&y>zq$es95}^^G)xZmHU*%uqF0zSL{K2V#2VC(LKBs$D9I7R!hzo zksFUSlEvaJ!k}Gs8pfF*hX*eoc1J{xjsp#?9&`y^Yj_k!F9u)_8cDu7FC>> zwLb*Xyj=2jYm@mAuu=)bY+`=XB&cV`wC;wolTM#4*Uhd*Op8iAUp6^4bf)L_cMRORxafCRqlKmhw_#3aJ0=GUGyBud zd4>lesi_E$#Ir_=bkH6H+NME6gC88UdX;LiT#oNV(|umB$mTr_{ zR9Gz72>3JG7VGTn^a&1OUz~u4CW*cyBs^exUc|)&7Kj-sUYnR}UqJ;KCD^|tG<`@l z9~ZKam;)|~R82W)Da5k93#gJ6o7RofHBwN`i>V5Cv$Q;<8e4dfLqf(`Kb?N&InEI6R*m^z&1Bd12-lvzLc6^di9XlpKLdOKGDVj#V z3F(JH?5W9#Xuvx5bk%G1^GLzy!^RR&afPOiK(u35lv!R8veW-64`3q6Vpc;+Umeb- zljMh-bYfAVx_W?#-!p>z;o4Hs6ptelOq~ipdpHo6AX`Bz>gt5rhNPpqDE*;bm5CV_ z(C`4m-Ndt2h3?CZ8MGvE+f(kZf|`71v;X8dci)@c-j9gow$xM7lj9;GNqUivUO*w^ z(b*IpBumJ~5t_ZCo3TOr;N^oeqbz7poK+5PFIQY^e}{beRJV3z6gx)1N0yLtf;Dle zGDm}Tsh!E^m?Zc)Zy;1<`C_7PTunV`BI9Ye;}Azz>&85QNq+!oS&0$ z;jk#L$SW^KlMjyyAI>@>(u$Ug zG~FvDeo9f!E2E@1H4=|$nBU$O^Xnbxu>&F7?9M)_n%;YSkXKL)nx2_a2IDC;igk(4 zND_1~_!Gi|rDlkem6i42-dSiWH?XZLq1BQDY6exO0QKnNlIjY+@5C7T>R1Tu$wx9+ z)ac?79`1xtj7jbau7PRWnFX7ev^ayV92Oovbm+P-DY@h4*Ampq(UNc-aFxv)zj;bb z#&PS?q^PPR#Sbp?*WY$8OwPbMCL{Yvb&QJg_Tde}X&^3vDZRB60!4*nMtvmU9Pgm7 z1fPtIB1E5_Uq%HpOLxS6aCU1;Hj^v#?~>!k6KK88ZDLa5%-Uk4X-mR^^gz~;X>LVa z{Fy1vlyQDP^P1NB3H(|rs|j_v#mxMcpoa=gh$+b*-n55@gPO@n-d4c{Z506z8y;Sv zKTKB4X;+DT8q}0Lmyak{bYz5ceXZeb!mC0}`f_5p?@wxbY^WQU1tSyoMtuV}@bbE< z(n?-zPxj!*q|rp26CnoarRkzZE)M|%I1#Q)tzWJl#GVIP{HJ0+4 z+7ZjgMCRc~iQ%glA%Dxuotc+sXEuiTdkNg`l>2G&RPp5Gz^g91S`{}}Z1iA%ErIxA zVPiqKu}e4$?cFLSzl1AS825wHK0EJC5!UzvmVMI%~-H{+=(ANtj8@+MVNNPMrF%?BGcJ znZ`3p2S>8Nvv~hAOr9qb_#X4{E)<*vVug#7Tx}mCR_M20{A>A1kn^^Ya=cy)*WGVc<6Q!X^S1o*Eh?aQg)MO@v2^U22NjZr3_ z(S%y0Do)~b=vQ~R1!d@GcfUc(k(CGM1_zu@3P=(N01z?!6$-l!wW_7wOTxxG;?trn zNl=Q<0DF@(}9dKK*r%McMrV?{!l>z(``CQ9*u=4QBoSw`ZCI{%fBi|Bohj1&!I2(j`n6D^D8S6OfD#+QzzHVc*nwuD5!dFTq>|MC!PrN zjsKV|fDKNz%X95OKbaR6XBXFFElyfRV*!{pDWMWL+di+~xHB>YrB1o<`{sUCl=`#A zxNZ#fWr2}r{N@Og;*nD2<#4WEm_(E|LNq?b2AMlWmOUv0cq3x;J)1~%e7Rnt;{1F| z$9t`kzZ`S^2WrDYy!2N@Lj3`~$-48a@z)VVZ~Pn&z;onge5Ph^1`7Oe7k?OjGyb;z zTVN3~j#58GjJz0!y;kOy{|tPC0)4)u7IPRL$NmS`Lz;JtBUR#7RfvN{ZubKQ3ya-3ATw`cEu%XVK{fuU_X8U9&NOJ8Q&dj=;N{+|;&T#tF! zArhjVNYLmLL%U%^X$W2?_$Qo7WM&1}zpD@2tywi}{^ROlH~{&K1Z^n%{M8#^n6C*W z`GNueB_NX-?W2!Eyqz@p`EfzuH+pBCpYW?MmzLwd8S- z-Y?_VuV2*?!UD?2_e?wR1o$rhQz~OXxhL0CU~r-PTOFON9{bA20s|s%% zXo5&d#bWe7ir-fp@!kLR&rbs&7?5zZ5;`zJMcx4awFlptpA8ioWX%}m6#c)-qLl?P zj^M_ls{fhE`SU*lq@i(w>;JUQfd5a}?EkNL_Wvm${U4U`|GeHV_y!prP=|+@eGB{X P{Fj7?tZ=oUe!%|^4K#bU diff --git a/static/images/docs/stackdriver-event-exporter-resource.png b/static/images/docs/stackdriver-event-exporter-resource.png deleted file mode 100644 index d853cddecfa0050867ecba170fa300e586fb5077..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 105378 zcmZs@2RN7Q|2Iyhlm;cFB4lJ!Q8FTwks>15gb*2JYf&L75|T~IEF&_Lkd&E>vI)r^ z+5WGy`}aHk$MYP|_j}wUx6ioF>wUi8uXSF&XVp$_*~Gkwf`Vd;(kXcj3JS_;{8dN2 z9zW3@4ok*A)|;rDl&4rF|Boq33dT=1UOjcek%EGOll(=gq_KY-KiuG?bXs9U_j-m+ z6oL{ZjGhz}`zVy;Wi?&e{Qi*od+8E(oT6qszGkS^M(kqk(#m-5fYKnl^zE9( znYPfd_Q=SC7B%xVU&0*~>Ex*QD+TRW%1<0JqdSFv3EDhJ{=UEJrXczG|Mf@F7?pqj zb#4B?SN+c)HE(sh74P?sdHIq$wAv?*CzGBNuN^wSWpJQ2nwyJjy_VLc1Il<|LmE>Z zrIW;7Ha51*b^m^cYhOm}zqkB9Kei!lZ=DaVxS3r0%!~MBUhRuVzYouJ)J?B^UK#x% zq!ctAx@FME$0y;%3y0}J^^r?Cx>cV)vkM7rD`>B&m04XXxRI2X7Z!gqu*XT_M&n;m zQPEGIKj+)fIvm+!^W*Kvv&LiB|1h<-w%+*R_arK+rZvmr(%I1cN((7e)2XTaq6ZJs z$;I&aT`$S6?w8Zj`e`ekbSC=y%G)bH-VXo192y!L91-EJzvW?2P!Qj2&6y}k*RMnU z0|SO4Mb_5_>tctkn9M9JvTm%d$fU93=jU{Fd81YK;cIh?EU9lSXt(`PR;Hw?Dxb8N z)4tF9eQoWwB7?vdt36dB+q2r~z?eY)3b!zCi}MuVjR zpIu!|URx2cJDz8gT2gR!_91)*K3-l?an040C0DiQM{Y$&v*NpcsI3ir{(MhOw9K~S za&l`F;~$sZ+t%yw?&XCnyq(D4jN6~<$FO#a)UxgQ*ZQvnpx$oyu(*}S47ty-XvWP+B9dWHJ55(XNogbAB<*5uP;~SeV`DbFwxV~!a?8588LzpYKlSi-va+%X z2?>wF!+o2qIHjca-u(7Wa}y1XP(&r`jitxR;XaHk?rgkcC`7eK z%I(Sc_|=-{N6QvwhACU#m~KE(hpBR%PuEkz_07-Ew~) zjJ-@&&arB;tdFBwSy{m!%+0xGhMNcQMV??Ig@?adp7rsjMUB!1S9zBjb^U40YOxXH zXP|K_ib~fnSW{xaz{A56lbuZ;Uw>-q*Vi{cMo__%Q&U2l5-6}QUnmAJAG+MIPC=bV zNQfK7_wprAPfw3!Q}Ry5cy((X`I9Gi?AoP-??AnIv)PZgSH7iQ2u?`Yk4mb2%yAMg zO42X5o_aBN>x~;Xbh9mGo07HO=%(@b$>D#Al2|R=W#0!6_H%LF#Vy~oY17psd+>E1 z@oFWX)zSGh(OY@BAz`C)`!&Yc*jU`I**~rEhx2|nXPm*et@`w7A1eI%NE;?P@KhS!8fVRrSjy_d)DBHg4{F zU0p_gety|qdLm3H1vc;ZLry){3tC?r-+5Z{{{4Fuwe?djlK92~k+>G4tk!IUIUmRM znp#Z;#ST@~)uzh}Gt_L+UpSQJH|5E81ULB`Ot)AF2uzvk|6JaK_(zOi!K5=pE4;16YN=G#)Tg|h& zuO7kYJ(qHSiYD_wk;B;7_)lj^Nkh(*%1qrh7RgUie}A6P)TB?*&iLM-rL{AqDVb^k zb-T2@EW#Y%H2i%F%E-%08ecE;O9Xlmrbb}poj4w|OPAe zZRmug;897vOY>9Ys)Hx;uMI1r_TB%E7V+G`WqtS{_qn=yBQTN{Jl*(2knH>_X~CS&N9W8G|yLR`0DLvU#5Nj<&iVh;+@r0~n@@7xLt zV?uQwb)V(uJD>XAOq7m^>D2J|G;C)^su^$Zb=OCKR-uzmxD}zd1wDH79=lt}HLyS} zi9=ZUQG0>&4!q#b`YkQ!YpYW-t9MF`_KArxBsErb6uB#@sVQbOXBn5RkBf_Ysgbw| z*WQoTncz536T+eq zUmN~j^v431NrAo-;ufuzv;&1%YV_VV*Yu4Jt=!r3=kHebvK=|Xq^0$y)du@qz%pM? zkV2KKQQ=l=zeD%+0{epYu&?Gww?@R=^rf^D;{*;dhf(;+w1T2+SVN|GRV+B zBgDtoc>CP(;}qsuyA;%~7PO;%dDG48)t{S?u#RmV>O5pNq}{f% z`>N3)<{UcOz)DB;U2E}KdV-9&Lei&h-@b~k^>*QNA-biOR*u6fohUhKWfhf;Tem(v z8AbpYOWmrf95p6X^;3b1mgrkEzng-K6bN1u`Z})tlSe@vQ##wW{n@j_)}M_C2&}s4 zl`<*CqwudfxAs|ClYiO&e?mZ~6MBF7|C&}lY=1QKg&;enh2S;+fkbh}qkaFd^PyVwew!1f|svy#NAt&hd76XVvGe`X3K0OZ5jP!4Tq!(+SRbB&DfNhQ}K4B z!*uEkGNN0&Kfddj?f$IRFX0C*ye=Nsrl-=|Uva_U;}EvGoWyZ07$PajjMJs5ggFNnmoa__UdOj;RJqR)b;eV~4Dd2imXw8hj?| z***NB#BkIxbfF`pVK!&sxmuD9^{Iwvrw;|=E@>{RZjw>{ca5~P%KIIvI-WVTE=;?- zO0r0@)Q;Kq<+qRS);QyNZROXd!RFTo9UL9!2jc@>=KDi0WLwgq&K1;;crF~;EpGeK zJS&!G6VL^}&g+|i*>i&2!-P zHtD&WXt1tJRV;Rif6=om(SE(Oi_X&fjFqfL2^G)v@{ z>P@hR=fGPs2{o&uH%ALtdfX5AeZZPC9lOqtYe>M<`w}4@Xk2!elAvzsg+UHKe}76Q zNf%*0?ezWZ?6-wVmV(BL7q>WxKR?Vax1iw{*k+*{pUc8_m)k868*J^Jn}x3PP0&ObmeJ0SwA64G)EweDR5v!ackA)+V;F zaB15C$FcxhHb6IJmSWGvxaQ$Y2QTIiQM0A%h_BwC7ZMEh{~93< z&haDHZeV3`EXk@Vna3}#{kOR=lQ7ffkjV=Zo;S<=8M7P*)PN;j{=BI~SERt^y9WxO zn`;~JW8?++-II`ziB^l~#~~pKfa>p7R~GHs-bv+(MyfeCO)bxSZ>(N6aC4I&5F6hl zgipI6*Ur$v!GY8&^|oymn9D!yEB9{RbL0^|t?|X_-S{-1-7bHjVk4|ErVqumThaM3 ztjdMgMwIuqvAzHUoBq?fgKeEyM8HwUUys0EF!g-{0||@`ne0pP_ltY&(69VG^}>mG z#Q-J|lXZqSmJef@vMuXxPfj`%FV9{aEnc+!@ZkelSOTHXL`!Geb+Y^eZk;>b2ef&o zQbPW2VRdjWXn%gh{x;yUZNZ2bR{XHlw|z1)(SQb^s^(eYC{@R<_mpC`Kkt{D)Zczv z-TwjeHTMTbXIsSqKRGKaUhulbu@Y8L+>#QRgXUk1K0i62dn+aRGa$kRY}oIPI=D27 z)rIB~owqi-z+x?c{J_&sA8Vc4w9vV_B930m#n1ns+3-drX$zT|q6S{`m)_d6-Zsbx zExXfjS|y{I>|<0BFhAL{b+IQ_A8l|0#mK^bF}SgO4Z!`=moH1FEAd6UbD9lIC;O_t zWf(^9`Io!w%)t5aR=9HprxMPUe~_IC+Eg)thzUK zaV*aod4U*5x&GRUUU24q&NGA~sNh6@E(ee5ascO8tqN4;fBKR%#4 zK)hog2ge;?)3uKtKQ4{1EB39oG#l?K1-^;|0s+!0kCJjvU*O*msaA=rW|DAvdA%jmwfsY=NxRyHw-`?K+s zxIjj8^-J}5e4OtNZb&?Ia^wy|#JE-!+&)$$n0I5<3(7$$ey63_^Vn`No0!XuFPgvc zP3c>&VhME$T|_Wu$B!SdNImoR_TKF#s7X&1SXmaQ;Ez$X z6Lb4-=Z$E02INM?20YSTmGfK>HZ$eX@F&zK=d>0I% zpz)_71mU0RxwADi+s1y6xMy z&&~d@bN&4)$z^rQuh=2L=eo)YM>D47iNtVF3lt8D?k2*r`NY62c3Uo?E zrNELaKBHgf4b?n^hTzAKWfx~hFn!iiQc||nOpct=(h8S!6-7VmU;f)UfM!|I?+^>R z`yoVVK0iFe&`pv>F_7ge`te2@ns{`t!oMBv;82&jgLhxsqOVSGUK@29+6IV5xp~$b zv#RYQ2`=3m7d1*Q8W=qMkE3X5fkl5TFIU&p^ft&yLiM!iF=w@^qP)*Y&Cqvx{@sh2 zVlhA2|MBBTJ(1|iYo0>DjV31S802gc63;*?D<14RQRFt0Jx?p1DJYW=tDohH8GG==;`S- zlkJM@+h{Uk7bjmN^PW!$IU}?D1n}jc=YkUv?H~}GQdKpp3gU!-6U27nu2Jp}41vwq zHu2|@)SgRR^TQ1)G#FEGlo!&XP<){Iiu-gNAoIn)Cl-&bT_`WJ^78V6 zaN=F${+A41jAjw8FbqFOx0OET<7ywE&DJsg_H_6E&- z71{+5hMBX0)#DMA7~scH|GVu%*EVltgS4|BgcMxYs`>0e)Yz$0?`_1g?0XeKlV81h zg-ufvd8`r*ODFFt8yIfy`&(hzy^g*vB$gX zN-ajhWN=WZVGUak)6grh0UP4;Gtrx{#VRqNAd^}2eDp1x{LDwcb7y_*i4B|Auf+v> z;KHE#-n@`y{`mRx)POL3m2l@jEssH+pWkC~yN~}_^E#HXs#CVTy`u7Wv>l^nGqi^I z)YJ!ab1ux{wqNiG*#1wRK6O|e$(lyUNbNArh{t8XV?%G8i!c zP?N6M{1*V4z*Oq$&aU6a@&J?@#1oQ|hQ{`>!l|ufH$qHCo1-YHN%q9ry@K?Ly?w~C zj^d`owcq1k4%P}g{!%3nY>Fy}=6hp#*pUB1rZ-T% z+w31DU?tZcU+#ZX5Ir`qaY#O+nTQbp91v$kupDJjbAKFIwwEmeE)`D|)Ox;i)OwFC zCLoLfGDWX^Omv<4MS8dA;w-*k&e)t_0fpqkVEmUbkvl+<2GhsD5rH9g(9xBScbB=& zwpzIM28i?U^P8djLw`U6D8s<5g35E$X^<9O$S&~^kkO?}m+-QK*M4h8x%6xlvuU|m z*4FDU* zXVA#b>5hWk;`Y$e(O8uK`%Kg~MT&;T#;V#{ZtS{`ALX&jh}R=3x*h$l z^GBN3FKiH8&d6W8zDNy7bsQ%jE_K}W+6~q{mSfy}RkG{fQg3iiV@ikuX|nM3yf;ETNGZo^Y9~y|HovXmK7} zdG2>gh9wL)g&juyA}h@);>`8~A>`K03P9AX?-$#1Pn>TNowUWH7 zJ60dP7fgAyUrC%Vu<``t*6bf$USp2$5=*w`{z%gwTalWPOKPlt=V&3}JgPVJbl{?c zQ{Tcf^>OPvCj{?sE8U3fm=2Mdve-K;dVjUZt*7Mh%TCpyrPfQXo|O6pU(zZqp9CHc zNhnzp`LMbpeXVAGx}cJ_L!v=Ct=#v-h*$S)MSoi|Y+E+0lFtYYlnq(&qNhK5oZ3f4 zDzN+MF-mtW78`3h>UIU$A`A!IbmfN?O3f@BsxMTee;wMt-@C9-5;oB#wss?I!jdab z3uxD%T-$92=6v~W`X`HRhV0rRw4B10P7gY{3FLKV2JBEMt+h|<3HR7ix=0P;OEj6Q+blevn;Up*!2f7`)Cy7 z=|DSGgjzsr-HM7EM;I=OJ?^Q_w$ilAv{3$X~yos$00hMB_+o?CXf zdO%C#fv-C~ykDeKqVtB&K9}xI=YsaP>-Mer5H#(+HRhs6-tvbisCiKE8akgo@8bBs zec}JLiHRs!5)@noLwVPyAK&*6NkAupeM)5hYf3?8$3qh?hLm+5r?#(_(NPTAzpIW@ zX<^lDn|@G&Ohn<`e==d_y_JEyt7-b3pU);I8#HFU)Y58VaXb*MFF>?NmW61PXC0Wb z+uzaCC^Of&?tAdyc2fjOPEw=uPh2YD^EMjmD4HJm5eiUOpQyt4J;PAQ`qn?yav|Cn zkX~}~69-{n7-r*b)*0%0dS8fbfI_2q{bK}vLNtUS;8GZkaghGV-7Pjv$F;UTW>ZF?H3R@ z{hc3IF|_(k;AmfZ^YG=i>;tHIq5(XYxxoUd42>JY2-j)z%|;IYn+13#e5LJ>*UG#F zS{vCZ*gm3K$(p6+SrawK#*9S6!-S335Je0kPwzw}s|7qd$-h4xH8Tt%xuZRTnho3o zAoNFh&R&3ogA07XDih^C`tBYbhoX@%lVx-IUSiWak981AKsW=$h%A>0lM4l8&00^C zY-d}CW)=rYU2@{%j%=$YzekT~F&b*XP2m6bf?yi|%(GX0cE}gC4>b)KKOUM2tVn@0 zhzCIZ(8aM5T@LRkj$lwiz9Kpqnx*vOpM!*s0@U3E7s7&VW|0izj&iv@IB0o3RfqCD zV2>(@U+M*-JO7C_42a_?Tv-_2zkmO0ry&i<9A)u=(tZXRu*PsBRpsT^RaI4?uYwK% zfBTm^RAs|I`aadXsbbu^{!d3y1V)M@aM3vpjX0@OA3Hmvp(@d_u&AMGh&Bfg)u!e3 ztw8C8Q~z$4(rjIZ0$?0KWen&s42#tBDYH@V@@Q6^89dM&t7>Yv#KpB2{{VNrx|o|j zn=RC7;d!tV)+q!! z{LZ~N9(Xp^!y1*9m8Lnm^N>edGcVCVvD&bYjg7G5gOCW+q9m(Sgo-`_c)Bc2RN@_Q z1H2Z7xQka;+%ck|apK}8W||Ehk(2;}{R|A3^P__ob|b6x_f+GL_vtdv6TyCU!1f)R zGtgk9b4L{_8gB(t8G~^Te9)KYl1Ougmpb)zZ*p0DqU8d*H>hrGEFbn~xh9u=q0w#KCBO znfw`bL*VNc=0h*1BT-gSUJI8o8@@o&Okd2+%FJ}>57B^NLrHmtTrrdbqg{e{P6Ao&J`K ztoi@j5}D?^!@ou;U%Gg=yjNKO`+vXJ@Rdtgm^Q0b@3J~8UW(2+#1P*&R5#?r>y2qVUz%EYgoT&QxwLjF*D;C-Y zqd*$(e-~p|fvR*J$!Wgt=NAVuf~K=F6}@^kP4_S{5^01AkDHn8=j7xh7JP1p8x0UX z=*!UewB5IE-NO3=*;he8NTC`5seOHI_&l?i%_(?!&Yhm((Cpc zgP%UF$iCcY*_xU7Uw~-yU^4$=8*KXL_ z_wd+gjB*Gs1xZRIBqq`^GM>bhz+onKdK%o|dWg~JfSlGX0w0HG9KiD;yaLt`t6ToK z4AMt{y+r6j%m9QNgtW{|)PDBQ1!8zY7DA=sjj$~g!LTVnfzS*g`U!@=jpHHN9%g3c zg6ktLkc8k(Yz2L}1VThsb>v6xLFnT_!NG)owdC5dLc}SG8U9 zw?DF{5PG%b;-4%C%_kT>ZPB!M?Y)@Tdsai^cB@TAXQ$!l@u8AK@i!>7A$o@sk?`)ZdZDY- zY&pG1hHPYw%%y_oYTW41d3x!ckxze&fKG0>S2ht*oW!%qpHb+=iF;cy!G7Jfi-);; z?AYS7sgR%`xm?@!7U&$DokG04J&B-x*9hWdnl&@`*BfJ%jB)0k)9t9+?nrT4>?)Vx)`Uw_?5$=q7IAro1E zyIc2u_S?yq-8qSOd^`6!$s|fJM7*=p|{Ep(~K|a&Yw}$Cz=To_hJ7=4W4Wsx* zg|L#qdO4n2B8EG2Cq67Yuo)Kfj&}OZCx@Lc_n80fT;4n9a0&c$s5Oh*t!O1^robd} zy1)6axS`bea)F7fflfteV}jC-(ZVUU&!0bM7aEQ-75C>qMzTzfx)jRnaco~#2rq~N z06QdWXFRMjBOwE)v5vhrp&dc8Wo7Z2GrrQB@m*!@Yuz-W9{s$rx*XCWBq(T(-<+GD z2RJ$-Z2V!Jf#-}C5==yhAZ3KyU_Z3KkopORk;L5riirPZ9Qlli=ZX#N>+f$0>;y4^ zLCD}s>75Nj5TC7^)5}M$PvPwlQ&9Bsl7_5EfFwHUf9{icx!+EJ6w1)*@+-OR6|l>Q zngoEb1e^dbCkn;_z+Tv)%iAGum)Hn-;J?9BLHgwrS_U!Uz)fsA3d2$3uP--pp}Sai z6duKpr)Ol$f;xgu0g3KFdwd&+M9XRGZDo-s7ufPS?1Z*{%wrpRml=H@KbYR3Jpbv!#G-G~L+XJI527wP-xrKU`kt<@0`VC+E{dkl-V1ESJ2S(60QUqWEp0e>ri4S;$H*d7Ex>vV~FtwdV=u5^%{sbb{7h+ z3*g!i$ZL#|T}xaVL`1PhC#XxY*8mcT(}m$|z4$IQb#v~I(@03wO8wn~)e8MG24C$f zhEDcz3t=WGv%SQ`g4B=TO#~G5*koP;{t%1|c0yU}Zcc9y~>mO2u?=**@xe@j!jKIRB$!gp$ zFaU*6LH#gsJC+UGSWq=kUw4VwFafuOwhQ4Npqv4_yxVQLj~)$28-`Hz;WiZwxI|rA z>k092RidJjfeLvu0IVd-bMZPP7m?6qTIK_)B%a3l|$YwOv+sh zR=uEI;lz6ExU_E#P_7C8!446%`o;sxkZd4`dC-rMHH-F~-G!PoL!Du>tLNJ4qah=h zBe^tQ_9aT{;&8c2uKBhiZ1)FDBDcG`x~jcux~~#l^eR9X*O@3{E)Y`zM1zRDgz12B zF=7J9%H9%t_5@xoP%Q-vDyPxxoGFV-7bWI?8E9S=pjah9B|&+l{+)l?ZvcAK z{=->OQ32NgeoQZEPb*_(Ltaw&Ykd0zQ(Pgd`f2-aCy$eQCKJ4Zk}R3G7=MHe8KE*+@>; zoghU6zIY#L$e^ewHE>X19HgC2#3-ur64)(9pPvEfBbE9$Z@pSz+tt6bEK1Pw7zGcz+Sp(2nN zUgrYtc~mcsjzi?a~}03b#QFYj-^MfhU&@VG=wK2n2hCh2!z z@Da@y-wAuGCC{ECV7GXMc@|tnz(Fo)=_rfi*!9YEblya_#y$kll+@Z*!8O-28sn76iZmLoCA;oOP(Z zK%8O+m+C(BHJA+ezz-)`J>@Y`2}WJ`odVw(k^%|Vja(Nv4byY|);*uluRhh*4iqnr z#$U{}g~aRA(4cX5^Da3|^e`Al*dkrH&7|+aCX3Ieg+ z8co)tyld##dkhS+-S2GJwmt?8iO45t1R6P3S|eG+A%Y7=iXkuW$jBJ5)khmK#Fv#Y zjIdJQZ|kF_A|261Iy4(wcd~0BND!{aragZrzB8H;BDExtf}W2Q?k))@9>~jW&Oo`c zpg8z|cuccDEpJZjHbFUYNx9GVy{TkL`BpvMGzL(Gq;*omUh_tWPM=xwG=oDVL$A_OAefS(RK9*NolUXBl|;9OAAI2F*-2o z8&UC4-m|B#|7j_eS((@dvwh=nh#IfXr#<^VOwb4r1h=%bL4kB~`n51Z*rgCs$S0#W+!4#*k(7K6&Bl6%PsX>H zHY8!8Nk5l#4I(04SQum(YV@)G=+z}|pjq>|@orq!6u>i*cQVV&%m0>*PRMiu_GTUOxfAQ@D$X@_r$dCQm`8N=; zAy`gMe_H6+*5$Te-%Wg?Cr_?I^oPiT=qHD?Gz*Re0D6Ly5yu}`6zs)z z?IOu5R27nR*igm4M`{qSA!?bRe!gYpDDFCXJ`pSMJ8a&0*I4-*k)If0{^CQ50;VV5 z@>d96s0TeUDa@TDwaCG5uNoD`K!55nJw{d`kGj`epxwtWFV>%AC7`wM7(2mnFWvLffA(3@}0+sWvi2Az6DxbICXTz;vUFmV7%SK&xs5GhJdQAPd~9Znc6)3 z3Zes4VN?>p|5xlCfYYmqSMtwdm$v3#OL@x*e(R@}R0bNIW3AocwRok&^RNCF^Q^b5 z92^`ZV~$P|k3imG>+hD8H!~jWR44_(PdQV3_fdx0NXwf$m;u(I38a65ixMjah@vOG zU^L&%>zagq;yc#$cPQ_a-o$zn%?+rKFhm7^2CZkp^K~b-k%$H6EpfGljwKk{_tk{j zDX3@vh=OlTG^lWZVbnVIgX)hG6oy$xp=%+4D?)`}&pCG!)RIiG?+CunFuc*U)q6}- zFGB1Jv}!_8(7=IqWv^ZxUln`s(Jm%A8N=X%RgNES_(r9L0tv@o58!6|4mPEPf?CjH zcyE_-o2CUS?EyGugqccr^ytyHfs%#aeD!e(G>Bd8$F;K0j<)lG4Sq!2jt5vfV3a)h>-_oeJEwx5J>!MGqJXvk_x(}@!EP)Bo z5PvWkKk`>4i@Pdj77z^kGqEeYzrUyPA)C)>)toLs{s~*06JSgpODzvQq8#IjFLEuy zc!KE1@){aJK-N#dG}(_GyGR_1I0Pxsc9hWR4GGQrV4mfR>QX~I!4L1{3xIqd9n~LE z<7!(3oMY!IWmec21oe182=={D4QDSj$Uu|X0V|OngP{k*a|ggBBc=ydb5md?hxGFF zIrR(!sd`Xl5fm9Z8ZTz=M;t9uz-bT#^vH7TO`j&KooIPGfI50uSLf~_>=c5*upKRl z0bb7%vT1Z^f$V~UY7iMuVh9_e&E1E=e;+4J?kfdz`GW8GLDVAnBQ`l1IQ|inxb5>W z(Mx`LKt6&Jkp1bkI6@Yx=gu~1TAay>gX10t3ETvYnHU%*qd(t~fA*jknUvn9LR5<(4*i1^ z`*x%gX%iC@Lzl1MNC8iHC#@Xy1Z4F4FwRLeiomQj&e1Ig z|NOVW`p)f~Fzok3trWuO5RB-=4)O;E6@d>V0$xI-%n6XR`}k;o%oAS#2VYc_FQ}_O z+Twj}16PH`QJCWjPzlrXWpLk_q};NhxbLhE6=Jk2nt6)U3gfvKs&r6e7=HyU*%1Crk7}pcpL`Ar6icoA*j+5)2y$s&4{)-vo6Ky1WcpbRR;W zFQ}Ox`8Kc){Iv}|$sL4yR*uEa$)=y!{oRZH|5x%)O5Z%O@IwM(D5xtAGipU-J9Wo8 zb<;-Ky%_N+vqr;snT&%G^~H`k*@D+Lz8{`pCuf+pGcmoK+3z`YG*S)C6M#mg76+SV z+yLoAyoQxaguLG)F4j22o0yo)ix}U(5iQcbZ6R zJA%|fF-Op*?dL7Of6N*==b3dvU);-A7k=v_6m6b0?^iTMGn_C+*TVQc9^n;0CBfty zC^9g}%kxD~CnxoPjgJ`O;H*JLv$?ln+JIZ4XClugd~ddOP{kRSS5V2Hu<3G)|5(pQ zsx+@+p}P{>k--*yMv7FUFRH7~O~6vv~SxG^x?%|Q! zzPz()1`aRGi1kk7@BbOVI_2&*_~DApBy;|LeG6eBe*Py}Kk*Yv{UF;*a@07+GXD2( zDEH3aWUxh&yt<<=(lSk;&@0D z85L4R`OH3akV#g4 zml(Kc(w5bSk*y9Q4lVNCy5XX~=95ZlLHHLW91}k&jjR89f$zhI6((;i zRkpuKOeAIrZlTLq(O(?z?FI1Q0IWw#3B{~>i0C%xrRBGmbbum=;!4M&f03R|6k^P! zI^dVll2xy+=8znZ+L+?2dF_ynpn(yO7k;Cb7UtP0z#Wp|#Yp~OCMx1SYlHM4+m)R> zb2F{YM0ACQL=Krrj=x`<`Q6Ys!3?Gkd?H1LyJQVkP9F1G%6t3mz*7F7q0b?FyC7g8 zCIk`TyzcpHz*LBY=`OB5~%5RGuyNrW)5Js{!{;v+1*6kSEQ7s^P^5& z{YM6ClM|`xZ}u@9r+Ra9x?|VxCu4ygQ~a+L&UF}0nvdq_(A;&caa=f*bavzaW&s2( zqCF9es(}=vg#Oa$wJ3lTGcpH}=uvt&~ICW|Nb6E*qfZ3OAQH1WU|Q&N8d?K<^}yYZex>L zd=N6nwj!Su?fAI3HOGz}>(V|ScRE7sab)CIq<8`%B6cIyb&X$-kB?85nm0tbbOEk^ z&j%kG7Z(@m&Jg894{&`#hC`IgF+6u2yPi6}igG~NmBU!O@9*D>p@D|!xCOj3K&Og9EQIO z2gpar_UIiQeR$_iS?7x}r#IX}WjwPd7q}okBjD=c;bHJeVC7`2#w$pk za{LUYmoLv3*owZ?Kp+g^k{@laC5npneHnB!!K69kO@{nAyn~$9Oy^W`vwQSc1R0x}yz=aH?2oD6={?lsO^l1XjT;&JP~#Q7 zkKDuukw&W=%R|p(=s%@K{Ag-wLQFKS-qQQxp$t*O75g>%&SL3JRwAOJAF8YUv5V|S z+71^M782n2at$Sfbdke{%fEcteDL5ww7lUuy6=kDt{p}(nL-QF)YdjNGJ^VSA9<_s zbWBf=3Hr}2X^$iLoFhk$>qM_0fj>AC~6{-3+IZc&1Lkdo_fv7yNKEy(@FW6RwX5~r`PCrB3em;zeI%Gvv+U3RSpv~^Y_@z zo|&E2e7p0#yy!M>*+K*msO~V`NnVL|VsJr0`{6?dt>$g{`D<`GnKae}jRVN?zrbCQ zGnBSg`(~S~o0fhs$?3y@Qf#XGSny0kfcq6?t-a;xv9WAG=ZCJeJpqYn8d@CqI)aTs z47hAv0WmQ#$l|-Oi}!EeNC-6YKcx)~L3mOFnP;dS;6@;oHLo=N?%mr!q>?XR9w6h0 z2MhS>308jkbRR4fhhjLg=fOBUCabu~sbnD`A!HZHQ5Cd;mrYj5$;nI*@p06Ok>@(7 zk}{Mk9A;-&Xu-b1b!6h0lGj}K1`rk$Gm+KhI&n6H%q}9#!GBPJGA0_nIZ*@Wo3`QP z-il-M1FSRjACMjdd^AqJ@$ArbjS|*=rAg*Lq(F5oEgyVm1Xnx+6USD)kK6ss6S;o< zy2nI0Bk2L;#8USMszc0M)YR0zrDz923pj`fCgW^d}#y;1!rg? z$!bC(4Q=@S&FV0k6*+4Hbq<-qa`?XfcsFErc|w$vQ&Om!3vAaOI(V?`^JhPxvIYni z;DE>(e^VLhd@c9o%NLk)^L7p*GOsRF;>^Oib9XW_gs`M?`?uF8Yw@L~rr!7U?M4G< z+O>;r&z=W~iJaImnp#?H+kG*H%SuZrk<7&>5rY(Mb-M|_(-@}N0A4~40g%o}1MTo8 z$`3I!+>VcUiM6#gc0PGZ2N##3%SjZ4*SQ!@Zf?h^U#C%u8n2!JVwsqk$)7&G1tXRN zdZdbq3gIp~XHGucBO80RYjBW9Cr2oAYlhyt+w$zOct*@k*heNtMmMpqe%oBRA}}5; zjw*$d4PXE*D%i;PRg)D7;L63uAXT$=?OK%BJx$(zAf3Knzo63IKA%D!$AL+Mq(M}H z5;GGMEuKgM>x77=pi#F)p`4$D3U8J3j6p#6Y>AgAi=@kOxDPcoHIg24`0d?zAOPi6 zdwXN}%HWQ>LzJ}!_QGX_qp+4lw0e7bKHz8qo+~5A6}zkdC~EyJ8x zC(HKu6!oS}A6i<%pv9--`jivd5r+o8*1$7bpeSzgx&7yl4ZnZ@$@wWND&i>e1k~oU z7cMBFjvgx~qGuIeeW(pN76OxprzhDup+bfPvG(=#y$0b#Zbk{hGSoxjt$ylvAbt$I zT46CUb8yF>g|5NSf?wl!#h;N8IHYGt{I(1%Z0=81ZJp&IRKOdYu24OF8ih&wO9f#Q zkP32c5eF}g5tirS#*OQR+<+*}4>h)OVFr#Mhwa~Bl_476NS=&1} z5N?f`m4%+b=oaDR=`cTe3CGF(QI425G&D2`8n1*aF&o}wX0qdOeYooE&zvMpUUl9O z9Ise^@#4h}kEzoLZw6#!*hRjZlHshQL=ja$@+OumMie?aCNySeABh#h2iqgzbpP2i zW=JT?FwUst=25d8q1CU@GTz^$L{|Sqoe65eXQQV39c|ta%R|hir{kNf>>V9VagY$I zA{A~oR$v|niG&XyPQ(_68ewE%aT1cMprGK~+?)|+7H-ME1w`|I=P{qz^}Xrc>=Whw zbLrFgaN|bnme*_msKmq3EAiT^t*s5_N}hcH8-h_R50mbBWF%E_CvYK&h7$_|=wc>l zk?QFMa-^&&rJ3(t9XbI-3F29OG84tp9>AkbkYEGsaTu&)!$GX~D7sd}cF1XBSecI9bV!(1c6PE_SXhuWK2ZKq+yZxZcM?#;JiY)AejBTF zA0jm_uC8xDh(4N#K-c#C#TDy#*$z<5+1a_P`64G!)k%H^B1WQt4dJO9XkZ*Tt^#Sq z9>*MUhUcN4U{Z4OrgP`cVT9co&>dn9xC`sc9+^VuWpYkVhv1YIPSqSk7U~U>qhG#$ zJ%C36;TSi(Sei|+o1g6K+PR5}LOWfr8$ooZk+u-vHeOy{tP3Mngec_*h?p1~m*Th+ zIr#%qCA~N2WqS$KJQLI?a%fk3E4HB1d3%M!xP@vaCm5P_wOfub0_;qr>2FsGBU(g` zh+<8#J=YEAzm37MebH9DlmAYowus& z-;OFc>N>ff_$IBHRA|6J*7q<|NloGqI!HD;5Q!?ow)N>c?Uot%^~)DR_=H78Ay%T7 z`hGwBZcxyp;oD!-DpQ@v)8+SehInkXGC*$jlOiejd z4c_V1;81Ina)rs2DPY=rz%95Q(m2L7<|DeZgwnVg%#s^KDi zaL-K5%`0GRVkVT<*FT03Pbus+ZP}JL4pd^^kf;wZGPW_rE6s&33U($Y zaNroPI zQgR56WNCiYM%QA8AO}F&HL6oL??rM-ylz@WW#v62gC;R+-XK!+Ox&&pxG~RTUUa*! zH=LY_!FmpI_*911f`Y;oJ4MyPjaP%15ttOFC}*^SYq@hBSd zFbJSjY~z0LL)GU;9^(>;9`_(107IN)*-48b3I^my$DWTH@viT#4KpYw1_5{mLEHZl zjs<|v5-wu8o><)#6(sgSGC1g^biVQ=c>&M94!JKNHXq<=ur*9&S{4?;Z`z3(boBJz z0HwSkq!y8tllSl_G%~~5-#Vw~%pWtw02Ch$7p{ABR1I1@?P}l9P!-twT|hH&yN(1D z55>=7&j_@^>th{X(WI$NRY3Is?N03{tXJ;mV>L<_95;h!Pd}@F;=~C-gThmnE^%V! z^gy=wP@K$HjrzvG*s*7iUZqRWsr`85h!KEle0;BC`v|}f*Xd{ECgFvj5Hq6nmDjm= z5nSaftgUd-OPh*|i%C|DBo}~aiA6u~^fKTax+y3ciKXS`UP^FzuNkkxx6cQHV(UT`1QS#&C z#_alH&G#cPHXF}dHy_l zm%zHmFl*WHNV6?^v1b7<&L%By@>zpl+`M`7OIXP8qdtT!EG(Ee;gI{u&7813?I0T*tHPagds8jf|6ggvQmaA zg_szlUSX}oq98(8s4}^;hNzfRr%&Szh;u;BZNMi6WhTcca8YKWyTI4bjZMtW@8az> zUTGdtKETHpkKurfJi_n*WAqheb#=6WZ?YS+b8}A$hMM9cAB2vc>W0ZFC&kChi&kA) zS-HVi{Ux{LSpGgzrc}~D2QxC0K()WDR2@Q z8EQx*M|V)wWZULnANdUB@tu9|dTD8C$RJlC?U3gwJb(V2z*}u?Vg-XyaD5|86gn>* zGqay=nmIx|@(Zwkb-r2OA8a` zK5itMs@%`p8n1B5Z~e)WC&7_XLoKbXMdP2&u|LM6464bzX-K4jf#P~udr`(9W;nLe z@K)!JSb^=nFJHZi#mP+cay$&@6=a;68nvswpUp(cX>kPwstsHBASX=^sEl5I_wi#o zqPYX=V(QRgeWCsE2nZzR=RX5?0LcP%#br~|jUz$~6~OrNWhLy*R)mxABoIzKTMkWb zJ2W+z5+R0=Cd0uxXNK zlG}4ro}CSkjR2cLUwrfWHOZLOW(z|w08zzxR)A{KT#@Ym{o4xEiyZG078dRT*ukMj znp*Ii$B3{2U!l5BC29~9$j?vjt%ZJqcYrEI#Au+>D{a}`NK%;~6;Bi&z)*m`zpBld z1qH`Qj7z{ScTJ(GJSW^g+0RdYMA3hASgF`(icrM&$GQTip!7=bV zzu-&DzS0zhI*!fY3ye)G4>w)}2Y&+Z+_@us5<((EA9{r@kFmi@o*X|6@W#ohpu-Jy zorE_fy_Ul8z&moz4h$5dxC>!&_w+aeU0nn>&%J*8mOM9xfG3Q2Jhx=L;kJGzc{D+W zRls2CeQjTg?2qQv58A<$>kp7}~}dvwiC0 z)6;z@LnC}HVyZ$!Cjqqr5Pg%C)r+=A9vT^fA5h(ilK4M3JcDx6U zgfBomUZh7b^f(ctL;OqQ!i6e4j0snege(g5_iz{%bs!LUY(;=>nxbH+BQhXR6v){S z^u#VScbv1pmnsM0fYBZYolA~+uuX;nr=hWa_rU6mp_5{tVG2Sw+YJ&8XS*fKVw-N- zQ}GU$wV=S*)a0QK;P>lDmqkOf@B2hY9%BNPtvSQc0^^W?bo6|(PZ8(>%!>#1ynX!p z-nB0h63D4y04$758a!#S3(JeA+&O}j0g4~Ju_6h~oQURt$n_)wOV}&0mU4wh$!U%J zd^zCtMKavQ=s(i#_Ur{F#7>`a2UI(Sa@6>*| z*t4%8hS+u#Dq)iW?J(5LZrgK&grLS}XBjF~cthB?`??H7IzwK0QCRpK_FQZ#xD~WG zIn1xFHb(z)qDJ7Rb`K12Ke=RN^d3P5VG)s74BC=ilF9x_h{Q3#zQE&Rf-u?0Qyu<4 zqTU0p=e~Xa&$^_zkiC@#2@P9BAtOpiSxGW4vNA%E?2$^!DoG_tRtRYsSA$f@PLh_< z5J~#{pXcTN{{HvlaX-HI*U0Dde!pJlIF92yP9o)VCR9=NiY$tO08bj55mN`#X;C-c z1s+XFPyYZ9^O0}L7x8>RIx&?X~mxto?YG5$(vdGu&{3$jAe zbZs-U|H%ZA@V6OC9--{)fg_%`8*@zmgDc! zYf=`))ZV*V@3@{7ya^R_A{T z+M)DeLc+V|&THLc48tcrw;nd8^6R!QU9YW}JUp#31UnGbIn9UHt=RW zo|al`-^qN=gsH>7RnMt3&uxUU3V*C9`1<3j$NBdAUV3M`UOy|p(5}d}sJ!`@Ns|tY z+*_{OQ031b+;(ACSNB$nV`j>IJT-VYw4aw^S*KEeQ<)vgnHa?AnEd7<~L3s1GOmi9S#yx8F*SEu=A;boX`@Rst3JiY>_`abjEl>sB;}_j# zYza(vubm;r)szdwG690FJLi5B3DI+}I$h+XVsZxbnm=@WFM?Q-XxXt+eLM51S#zF? zNs`Hzrg5iEZ54At=qc&>;H)G_qRL0G&|#90q+ zf5R{#3!s^1ZTI!-;(2!e?p;sX;3Len0oMdDzd{Wt#^5JT?5Fj7`}VEC56FQbP~>+5 z0|P;{R3Xq{vJULqr%J1P|LIdd1~8Bp=AO!2T=X_>7*!u&kOwu&>cU4|Knix8cso?& z0K|Qp=()`#+sd0gcWy7W*2kVbCY1Je@NDu4zr+Gi>+$sN)Ip;M!w3SgiUGGspaig#rs z6Ij3!G#+7^y``e8ZWn1@}C}b%52|PHl-GF)}$e$~r<&Le4Gt z{MfTX$BAI@b{EmclA3wM%9^U{zr4-^a10Y>e#3@~|GY4S{1z-7Z+R!aD}9t9bL7)> z+kg>v1p~eP^W$+DfB@@pscd8mF;o2=1Z3@mCs0; zu6f|v@yXJv-c$RQNGMSKt!T)PGt~~=zrQKvh&jO+oxixfxm?yO-f(W2^K;s*k#ws7 z{4@b%>WyKcef=i9;OCWXB#^^JHvFP6HRf|cR=z40)EOSQu~`1*sz@9NYqs5(y$p1 zvRX*HDF7x!DAYAA*ADT?5II#^nridrUPB%2F#ACR!c$*hQJYVF$X!stBVVb?BQ`dGd1*r5ZR^3I5eUZCOi{i4QcCOv)HX49r$ zxltSD#=D)QGT>T!x^^*f>kK+YEc;ByTwf&lghRg{EDa%ATq^1jARs)YoG{fa`xuUne%QhfiZyC386Hl zNfFN^ht(xMl|cjzGKq%wIJzXYtQjSD!l&vHwEg`2TzW3X#&r+qeS*nsE32)*I|!~L z9SvT-dbI|*kP@s~D*ByCc)KEXvTV|pzR97%sEpy} zh$0kDP0_$({LlUS_n$p?4!&VKR<8SLu9Rc1Dh@YNZ#xxdeIfv&7Pq{xXse!qv3Wpj zv?VgTKr9W2r!V>hJauykAOp zvL(7W^{eJlHdmMnr6&^K2)dtkflV-^AZX8ybM-@8H#WeTfb$;PNexa2y=ALToo0ov zkl8$>#Jn}-Unww}H`W%b$?ccw9?0?FWdkA|qJ~}JB@6-%6nhi(I?#0)vKAPYcP~zd zU@l66PtmBaM(@X`zl$2ieSJ6kn``&*ZplgG82yLzQ^H$6KI?>`zP|LKNrBPVA1fTN z4y=bz&5__r`_~wnmKZ6d{oA*qDI|*ABOGF+D-nqneN4c4dj0mDI)zwA1Wxp|-Q@dZ zj-^jpfsEv083$_LWAP5U7E{zK9$%4X0dbZ?msT(Vf+Jmdy54*mOUSbpI1g}csdz1p z8j7`u!-^Gp8ckt=x1vk=O5OBp_pUQ}E zF>d_$V5$*@su=0>T*sKbGOauYG(c6!Z{GZlSREM|DMyU}N!v7#dF+!^SzW<|Nk#za z9{^4NN0yH&8on=97qW~;DFqfYjeBhMhy(lRBvwr>yb>`U1XJT+a|v=WG;LTD}!xfr_M| z9RAf*OYjn~u7b&eA*;-leH0hw#_bIc*8$WBICd-xwIGREjA~$ck~ZU_R!CJ0*aSf7 z33l3Tb6Gt)HmMYOHz1($#PL5S^fAfuqwrZ2;2^Q`kC4)P<-XC2UUXqgOq5L;Tr%3( zLYgd?+e$&t8!et_+QFrhT`7wH(uX#QHAfpa^qj# zkjTj%K9pok!6ywa6FdYs2nA0-Mc6_PX+1HxB@0Qh@A@GFij10qsp!j`;_+vHD* zrxt7&xL#FtU%P{L;L{rz9ThZ(YzttR_wL!LLwX#!RTF1j|<}9rlw|!60NLv{wtdBvp^jj-Pt!*22b7s zP&J9)YTLH0OY0x#_NZG%1KX7L{6Y;SB{JDxe6%Tilt3}=B_(<6-K)ZU#I1H0yx@rh zxFF5Tu&{>rZf4Zj5mbz3jhrHzODGeL^s|3N1Q%09N+)5@d5DaOm;tH?-7$~<3rNbd zxOnkmcZQY7KV)Ashz+d#Mh08K(_{?Y=|e$!JRjtb!$dr{>e*V9Up(eNnymMv)Nz_> z_3PK)KuyAkMa$WT*YBEgL2i(!#3OkOHcRtG z)xfJqk6INz$KPnc04Jm*NWv?2qz2B63gc4)yI$T{xez>60BOdvc=R71ot#xzt;4-X zxQundlic&$xwGVYaY_y2ip{>W`6wcg`qIk4=8B{SxXy_h9+03OQ{f{yiJW&+cRm+% zpFBX$%15d%YT_v?pRNE><;*d7^dfH4AmGf5s2Si@f{2k#r42*$kZ7dFK)t9;@VTXO zmX4Tt8VWL*-DQkU3*e8BaT)zfxUp)Cf;ZToqpgJ|2c4eGh@qd;H!^bMU=q5OXwAgl z2k7nK!GnU(QWWvJ;S8l-Bo7szl(HR9$~FgOU9Ef5*=5`|Tv$arf>@Yu2nGe*i4D_FM^eE8m}Co()S6 z$g%-68>g*$mYmW5TUj}QtIZe&ddnR{GAXznf>JXwqFY6N)1--(2?#(az>hyH3>8gp zQM4{!et-s%z@`C!N3K?iuh^SQa3e-gY>T|UMd^R@ge4_=V`2snu4tyL%G!!cDmut7 zZ{yOyJa&ZCLqFYoE3FQCOA(5G$$x26Os<0^x?nckc2hm$43|m_<(s(Yth-Jiym9c_ zFU^g=DKli6=urKuKn%x@9UEF0E%f16O2JlcL1;-#tn3H1 z{Epn_U50Ab-r>r%d-f(f+ZQxI>0N25kY7O^A3(gW1YF?&R5MfE=*N4`uh>{7% z-|plni+`o~Kyw`O^73qLZH2g_=x8*?G9>dcm^@Kb%#?Y_GABxLA?jEq5wpR|ptFLk zgiRjoRy&x-8iE)~cuB-BxZ_%I>BwyEVTBVyGUcMnu-FC_rnCQLnnY$3q|N5^z?uo7 z!1%*10x5`%+#BIO7%0n2XH+?vh{X_d&&S@hT_<30Dwu`N|L|cn{;-~g&6+i96dD4q zAXKgC8%n9?SC{ynYD!;Zu%T>T#{o+&-jxlj%9o z>!zfP4^W_R5Q2{B#V1WeCALqM003U!TJHsusuF~g^d6ahO@eW1_ zaR8}_1OhoJa066;dbeGKL%yNN?4G}Rbp>gn z;L@NTzz}CRY^Lsr5L9z^3?DAe%)!X8#Iqwk-GXe1+%k!(1As`JDyYsfctSA4$E|W0 zJr*eg@X=4qFk%U7@fFunO@=aPrq}b$>0iCe&X0`H*^v|3aO$4Xrx&Tj`v))BeDsHL zzl-7Dugr{Ud(=Yv#70Ht)^jt0eK%Lk;R%Y#9~>(a{S&`^djk^GrqJ#hZ>pbsM`oc$BZ8iiN#df|z&$UwOxsi&w06wi(Hg`M z3MaU@M$o&IAu^^@MzgBdP&3${6P{7QuAO=wMWIQ zTYm#M!>{ITJh^Pvu9pQRp1Z#&Kv|_Vk?{s#39}m>=UVwtRYlqCqiI{|c#j5XagKQE zsi>&cU+A*sAIxp{AAO`6+UXVRvq%ckWnoNd+XF*mk1DwSy_7mg9W-gZzyV+{nf%aV zUQ=Ie5+wNO}{Ux}9qR>U;Wz3Obok1D< zFXVikb)(NeR1`4MqD>OZ8`@qm1r)YEC&yoYgC|c8ZxrqQMSJY>f)93&$8=p5GgJId zV0JMa&|nW6JdkW{fk&1hS$q;lnG_2)S|Tf&QZo|#D1Ar|rI7??knWK4{A zgm9Bem%c#&c4-I}FD{x|rQ54l;!yLzzlR5n|O-swKp<5@uvZ2hAVVAib^6yU(Il!4O(7-8&B#D;jz@gfc_|P{CT(j$;3)j%JeOSn++_le)kuc_=k&gc?7gj5gk>N3~P`_}bSK`bB}Ow_f_bS!?? z)(*z~9&m#1syf$$8zgR0GV3p}C*^U&qhmuL5>%NzQ9g3z%eYW9Eeht7;VZ`XES2p7 z@?Y-0@Yp1cr+d^)*oKDk)8+8^t+);eWW^w>R!{4jqvvFp;@XUsQ6}}-8=}wfvXa1f zrojok2-*Uq?+t5@ohc!E@DK#Wr6(ZCNZb>H4vK4_ecowua`JY$1Z?L30p0+(NOMSk zzz&-$?gbKgDXcy+m<Q-Pn-AQgXg||`%e8s5CuWr#xp}2 zMtw5!;!a#l7lV~f9kh*zymHN&$Tfad*PpHA$s_3})vC_uJVv7>=}R33jUS5X_dXs7 zSCugr%jdh$mBDd{7A|u!N1^+G0d3GbNjRa!2AYHa5x4-zgAEsn+1Zu$vAgzNjc(EP z{L`gVBA?QP$tqM-FmqK(%A@a6odH8_TN(Q0`m={YDgG3SZiMdLcxW<81kS2h{;Qaq zBGo$T1!-av3u-n=KdRn)9vm|&?sX@Z1w%qQ?|NGR?HF&~s!maOWogXJajBK3zt$Z^ z`N#mBsHl~XWaYLIek;I$*wlcWtvIyWk#k4=vIO5cx+K?^Ga)Mp>qX@cI8j@#T)C34 zt8S6%XT`OriWxao8P@;QrC)~5bPg_sJaAWSo)~}Wg6k;$;f!5x7lpzns0*Q5)MqV} z-Vam%{bv4Fye6#3#A>*Cysz}x)A@~_+Ln$Gbm zG>w>sV&L@G-MI-t_r8V6&n%C=@;EIuRZQWi<^*3rubfRpr*9Wy3{1FyJBZ2*+^aL6 zFG5vx?5#NQTswf=rkw`vcSzoesGYJzjQoJ}>6*Szr~*Gij+c{HR~LzKR5~`MR=R$4 z9ot$2qljP-DQ_gCoZ|KkE}Y%bFk)7HVzYjdd}Sdgj+4|4gk59Jg! zD`&XAi+SYB9v3v({aue$~1P%4$)dp}0 zo&;~N)vFEgI#A2f(vr_0FqMcPc&dL9zz97uOU*@fdmCB6!5 zGX)U8>L6rq&HpyHwTqc~fFD5LFUv>q{B7B`?O60U=qyChP4$MVk`Ga1UNG$fgFFC9 zbVgsg9k-s=?o_zRUx*IeyVb2)R0Qsc23Z881S$D0;=P3Gk$lAaUA2CFyF2j=oZ#kC zzjneZnzaqmCNf{w+p2DOtoqXa9fb=Ae3iLLXf={FpkgwRKmZ7@AwYK)>%UiROHE=JA}&6OegCF&Rv2vHpapzy(ykdn!^1muVFfa}5gMNrXb?vw(<#woul5@ybyHh(a9>N>)uUb2Xo}JW_HoktmQmrH^9Dnu$?1 zYZ&A~Xa2jj$+t+A>4Yt=iXzfux~7^8Oj<|OmJT|our#jF?Vo6A*XpmoOgp$=?|&is z*zf3d?#3^4)b@<7zP;{fj7jvQTI)@9#y>4S7cO<5`|DRmNk-v;r)ft*^If8UR~oiX ziFtK4nr>o;YWgJk3!rFX=7`cP|BguQOYMVpq%9lqq@BH_oIq@bnCo>wnu8R6~;n#@h2g!{CGj5E?+5ENCb(Wo- zSnZIdCqf0#29F^=#TTS}p`s|8^)?Smn>zVS1!7GJ2qF;R{L-+>#00{C#5qeI4|z_wcmIeuawy&iH%PF#q?7uTDGtm02xhdt$bYB!*C3w(I2v=t7ArAa-I9MLcs?P4j5sL5PF3wGW6T zj*IIC4#83s;n8#W%Nsy4q0TVZCx&o5O_fJ6xF*ZBpkN7StnBGoa9sh_B(g?uMIhSA z^8j7w(6s$lmh%Y@YwDV=l z@cHu=sjG6asi0|-aV99YEMsSCULLhyN$r`9Oo7}Z+@U6MKo`V_oX8=?C>Bd?PLkTm zzPLTWQlQ8!N9jBw=5=_Jd}yCSiW=^nKB6Xkg6nRj>Mtu&)Dx2ehEB1nq#Bcrl<+l7G}T=uZ5mJ$9b!1-Lh=giPvF(N7SDLr0oUwF(^n zFCHP$vX4=GD|rcualSEQL#Qn0EX~f|eJ3WyrHu!h2g#hG%H+ziA-gu<$Ttm(?^BlN zPdN~BdEu|K$kV&aFzv()lgRU_$Fj4prs+JL)Yl&=a54Y_4xaAw<18v`#=8tqhf*Ub zv-Z1dtC_vy7nNKwA5deSw&msez-iGsan8*A7Jvl^BHQoGXWEN{orjo`64;zGpTvXP zAR1A`4OA?R0K{aZ2CnYR4=FR~Bynb(hmH)Q@YFP2@%A5rhzI4oA>UY#ed{jde({Wi zi9`7*6I?*<2(QLc%W+Pq{PBx8^p>#*M^x+V*RH)ZA^}5ojlnrL1x&gG}v(<1XZ_giYGty{?oFG1csU&zlapXWC*y!cn$LLvWw4L0*T=F zrruh&oYWdR#O~;b5lhl7Dt|%NoxlfFnr0cIUcUUdN%6Xx2TO`59mLc{`cimO!0sEU zQ29mSN?>Kg5FdrTK*O+JjwtTbdOZC1-$U(B#KrwqUFNOb>N~m;D)$1`9rPGD@Cd** zwJ0;4K4Isxi`jiDYmlgEb<`TNwF#M(cz}y(0O6PVP>5FAA2C~`9?vJ~h@K2!+hoS$ zOV_XK@DtJ0l_LsXgJ`6e@|TT_wts+TrgB_OVggIn?4!-DF(3m(Hq0Gu=W&S_>z)LN zuq-5g=zPV#k{tMfrvR(B4SuRNzyCMl6JM`9{dF0-Cm9U{pBGS)C;$c^Z9Q;5S=oL} zB<36EG0G(^0GxiC_HY!GEBYN;GS|33SV2*-0XuW|F`^SY9dZO4^R$N#?_zInFLed* zr&yJp>B2aNMB6ym0mL!-PsTD*I6B~^GGrk9D0uWL#^eDtfj#~PKXN;LzmIPUUwi@Y zfDYXX|KKGnj=ye0Wj@4|WLGm12rZ1sgn?SPSxK#sm@SZcHoT-Myj?kpHhR zwL-!(+u2kd6h(A;j1MD;F~{viZahJf5Vf)(wGAY46Fp7A{q!nb9c{qk57$~ z;V;C2vL}xY6l0=r_$yhA141h{M5xwRty{+ucf$1UTep5q?QpAw2XI0r%PaZ0?fT9h z8D%r^Adb49!@8AV6%xOj>#521iB1ra?jLOK|7z!B|)t;#Dd?zQ9&&#Q;Aac8Qu@n;+3;3!3^m_<^&d$yoY z0Jqt}bS`p40-)8Eg_E!aLyzsJC${@f&P^|ku$bD{-C> zW)6Fa!apN8-n?RK9E(XBV9aWqw=-z;nIe!w$ej?KJl_)pm0>tM7v(bH^?yt>2~;q6 z?u-NE0DJKMaIpWfBKI}GX?_@EgNB@)b88^n8cdzqR@9g8(G`)#fh_a67_vK!SdO}p za^`UDTk)D^HHn4|e*-_yW;nTAzka=cd6zC-E?vF4fEa|-t_6Fkw_U-K!o$N`FUGZX0IUX+`i?SLNxT3-`!bU>pfWC zGCM@#WM)ASFD|tZlu*=?H3j|y=*Q~>_R zMCA}<4Sd0B=9mMJn94vqrJ<+>d$95iJ|Ms`6iArjjcUIQ_o0@>5oW|{m4(aon3m54-F029}7yuKtC#yZ4C+6fB+ak?a9oFG)m z8WDjeaX*K5m6j*sh?06kNwSpwBJhKs*2m)y0}M;#g9uy%i~<_~UuV4tYuEzNDvZB{ zw5^cm&!yf4(IP9fWw8R9(L{QmGz2gN5rM3v?Z;1rvIg+>Z}JdxHohb@g0t8RfRScJ zY=uOy4my0~h)r-eP=4v^SOtx2gffgOlqHSbqXtbq6=@xDhNvbTF?+__b0TT~S^Lf9 zkTWN}+9nQ{;E+qHJ8Kwv21_5-+8e&dZuuWv7@&(BJLe}N^ z9rj6e>d^ErVh#gYKE3abZeCegi8?V1*n@bCb&p>x^WvGMRq%$0?Nbqn6S8y+45rM# zj9N#A`DxRHgJV329l#@)+LQSb>Mv#(rK*!a0yYMPvYlt=xNKP(ktB4^Xut&@muJlB zRXjburATpjLT^9ux#yCOSeNng<;=Y$7n)L3FnAJF+-@_1$1}NpllIVo_|_?k2JL7e zib~MjiP#j}`fmFZKL!6f6IznuH$)RAw{mqeYO1S^7hZ7d-*u$6uL06{-5=b7u0|QV z8115gE0!hoq3bbwQyB?90Lns8xtV%PgaJ4J)awpW%UOQ#asc>t*yNMCzhxnbQR(mX zJE3!Fr9wH}{XSfYB-hYZ`}B9gb6R}Qxt4XQ@N8UPO4D#r;Lmz!w%j za{~DXYLO65iHs9dT(gVhU}$K8;~Go{Cs+(7T*_xaG}9GHMjA-%b2@bytfrzR&WO$e z0Ugm5#kL0z7oqWfn@A^a9WabIrLmaW({m-}R?yC)xVIuN;X#UxI*yS5EHda0W+L&3 zdHLIWU7R5UvW}`!oJ*ZS?!tux%;gOEABnRM3mItQO$5&5 z)RT~brQes93j9OpK(f=z_6pNdxcVaGV$|$#!@E=}9Dh-tnJR-4(2Jd-ZW2KvIxJKK z6G<&17hx1SX68dGJ=wUGlQZM8uAjgEn!4JJ4C~iDuSPl6l7eM?hv sM5SYIupg) zW4r~fCC)_L1@SY&ivMuO17nkYv?lJ}zyGku@>XhUk4vi9k z$tVL2jrThO2OJ&R&;E{{-E6>XggZQs9mvYZ&pg}foq4boL_mceZdnNKQ(f5pofKa5uKHgw(qG2LN2l_?zHS7rNkuEqsEAsb-nM-D3Q|#<*Y5jxA)nvbCM|LdVM%0rg*=IC)ZBZ&>N3 z;t6vfmGvOZZ9vsgCi-NGwGlA3xY}Q0aFUSbQ$W8z;fn_WTCH>Ebc`WoFOaA-4~&J5 z)vBi;PgrlEEs;52tYDBDqrMwWHvtYVWgJ+Fgm&-?$xHOk0A=ViQ~7)Rf;P;qv|jle zkxrz%anx_m7ZSfK@Kl;`FukExc4vkC+sjK97A<`D<%_hf>0Qc)QS_!^4am5-Ly~6` zT!g!ca>-q>1z9xd9UGpL2z`XM!(urJ*i!cCLQA-vbGKx47wVe#dymqa)4c#(O!^A4 zjcmyv-ra{#=XLqC&!V2Tqthj0T0dS4>O&N8BDmwwgOXgP3wbVLCqY4ai2#NP+IRq6 zk!g}GWwr!U+;5j|!dQ#97xhp1w{J)z#72O?Q;Zl=Y;VZRzItT@;sm4NONy6oL3qK>Ff1h{2jKssi>hC9iMp!c>icny5QtOGlLgyJTG$tywJN^Ni%p%9-# z#*UJc&0hYrKI*Nk{=dl<2pu&#Vh(RhQ>m|cmSzAj0ym;SrdeR~5;b9%eY_i&R|;DU zi>M4JL9d`1B(tE$4?`Ko*_Q3i4Bm>qhY26T;P{Y%?fHf)w?bI~BxM$_#q|E|#=O=4wRPMQY)V_2KIRxb zXkFiT-+UNg+*D*Bu&yfF9YOzn*q2yvNO%T`_s{_(vnGH4y^y+k_N{dXU{lT2CTLGS zF%GXZ0W7H(eJ3{@&`VX6WipaWx)*sXy$%&^nPPmOIofW!2KVqxn5R#sdc=(hZM1A> z2gR}*lwHNe#T1fxs44%WAXA-aFnQpg9Z%JU0z@+3(2-zK%6=^tYcfCYUa2#57Mdq6t6R-c`{{L>ioVx=Y3 zr3nWDAo|w;$uHHq71Bb@?xol-a*FJt(pJ{3|{^+vHZAWn?&|5GlwBB-H2B zRT?h&vda@Pj+_18$K2JS#=ai$0T=*Hz=Jn$x~yOSLwCfZ_)a`7j2K2KtJ}4&TWo*y zd<$qz`pM}{l#TM^yYW_lTUD4@vr!2 zKQi>v_Pc9a)PJpb-?g&cwjn(qH8rYp&~NfgvCQSSPRy(Q@qc|RA7r%F2<-Z*Wp=LO z>4Fvu0~~f94LJMcp7QyznT%4i%OAB|3l_6_d>vLj{RQB2S1 zZbwHx%|Z)FH$}M`%J`uO%t00?1Vki8TMgpTD`O?_3V3BgN=g&;hT=;nybn9N_qa$a zJt4Hh@>SA$;e5z|G!T1^A3wfv=dnMZA~)?Z`}-`pw?Ao*DAnHy?1vVJZe>D5zZvIk zM*+kk?IM-I9t>sq`F(N){NR}I?7X5PTPOQvsG1Sv2J`u>7hd9y^s0BC%!_!mBacTm zbigAEg+@gtuGl0>X2t6R@gaBzU;~(Bp^fZVhaS+uy8;+0AJ&xppxk6YcIp+-TqIur zQxq=5g9;F`EY=?tkJdA)8`{3Km&Uy(8S8*qF}=DtE(T}7nNr=pP%Z5F0( zEc`h`sX`h7KxQ_@5ha484$2(b{s)wAA~h4!D!z%>zX{$!m9d(lXzr%Z10?Yn-~j@l zD^6w50`SCaU)}&{fiUuL#hl~iIg}e7JW-jvITqD}Lv!Ec?+W*sJJ1N?f$ken#K)KY zU&JRWaNfi?N`}xva*|W8=*!qoGFC%zfNb9qdA#3cjBZ7V38@LvFnOr+^TquyL#5yv zB*?yuGJ%N`A+jQ->WGgY;GuY4klYCImsolU=n%^*Ww$us8=`DW6ls)h3;6PsTOy;O z`s{!^xX2brH6nMZ`~8cTSIrquuQx-X%~hc*zE8jbT5|n(CG1;-;&6ygmFsX)jr-5y zrHX@fNE*mX$1L|6j*R1jn&XVfccrC~r}ge#_ePm6j1O^6{{wm$ zRWJ>H$MESX$|6dAHWCR%Et&z|GT$vPLruPuv zC;n<5u88!|n2*zwRqjey>f%NHw1-D+c(-$nkzt99$kTlmYj4 zt^&4g6Z({Ajw)8%emTiRqr(@XK=L`U@~7`qzgHDANDFPL`SG3e1%uaTunm{epQe?< zgbUoo4D;VdE$#z*FUDjA>4NL|Il>rnOhZ4UZka;PG-B>V+HTBOBfnLe90>+i?M5dG zq{IA@U<0yuQ;Bk43B|U~@Lc55vdE-mCt5$!F>*!!+CmBHba5Y;(RC%{+dk@)8nX+wc$SCD)lf%tIGL6?8u-KCr z&F`sXwlTGuGDUq(^k&QGoDiaTYhSzHdaVDZ!;NKCw*USDk&=6bXy?Qo3?i2ZcERbhuOdmV8qab^`! zOx2i*1;|ZthTJHq)Y_0RSIl$q!8qLd!L$_xclrkd3kf{Uq#lFnT}yw3`#E)N>}%*y zvutV5lFfnB`(+P4RufuLsYKM&>D%|hUc*W~noDIQA*7&m`j<%kB2Yhp{K?d|7w2tT z8|SX5;|Xm?Ab62_fFMyX0CbHmNpwu0A?3IYO#Ar^qt78o7(hFen1?t7n`Rw8xeHYr z7j<@9ga znywh!?dHjoT{sH!(BX5MTOmSbi<7uO3to*-ABBto*3iH{W=ofzyZe}~gFnz5>KpKZ z$ifQ6L(11P7axA4;wDonNC-%*51u_c^1t=Q?+OcdweTRkTtWtq&`4@7?l}mQa14OR zC^o=*Pcy&u{rf_SNLoI+QDM5#ekrTtTP-^vXj0fYkwiPk)PKmu zi)BZ*OrJ6(ksUTN698z#cM&{O?5nVMBTnN9(iKFRyCX)b&}6=|HE2uFN(%PCepjJT z_$T;iQ`ieu*fsq_ga@gimXhKt?&U-kp&Y9&N?!A6}V@&wvcbzz$2%g(0)B zXvz%}<8&nSO`s5gLZrI~HUzFSB08jW8TQX}eHtin^a40wvow$$g`iwZp7CWSMY$Vx zF-t`i3Xog7KHxR5LfS0nxO-Gdc7mR`eiL&UB_ReVO0FOiqbRh!vv~-|glKF;>XgA5 zgbxpRHG|iGIidL*c^qfdj7sQSfD`W>J6Nf?WmyZD^hL%2|0ka(0fR)Zh8$92wN?_P za=pcj5>Or8WvFl~p(7Lix~-nA%zFV_{B;U@4_36dqFzxFSrS|%B&8NUQT(5yLq5lk z@9m6Rf;eluc=6M+S2leVRTnuQoaHo_CBVez*lh<{T|~n`-ZH0@riN4M4%>`chV;fX z-Ko}PM-i2ySCI9r+)R}3<1FqHK3EDRD2VRMVsLXQWoZ5$Fl-};7#e{+EjDf3SdI)$ zU?iDXCG*F4x*6rz;IN;n-=~evdM`D<`8lSvMS<$kZfoH zWGycUhrsM8x9h>C3lqS{7U+Br{dKEJB91uC5Bp z5?8ztMYzly;9oY*=8ENrpAF;YW}qUWlPcgF5mv-?1>(5qWlV48C}iSN!aa09G2(`6 zl`g-?IWnMNiEy)=P|19h*k!SEOa<}YN2*@=qA;_Nmh4V94?ygnTkpeR8Oal9W>@2W5qs zcym!=&Q>!dUdUW6CA6inLMDf)=O@HlLWwgwK%$=Ba3>f(dG;>CcaSAZy;6qg_(LPK z|3!sBZ#NbTU?sqp=^rN|E|l4I5*TfSlt)y)KUtI*db#Oe4R{CQ3n-N>{Gzx=P>Hdn zu|5@39-WgGbb&k$@Onur(1zlv4vX${SmOoA6nBgtXGV+1{j;1sL-BmOlf|)W-!kMl zmHgKv>;=0T%8!o7q~4ewi_^dLz1ID47lPTGS#VV7UK|yQ*JGJ{W=v;ncqb|Q9$g1w zM-P2z@7Tp^N^H+w`sD0ht4q+4M&Z8)C6YI=AedoLFe1Z#_Rp``o}S=#;wwr$EdZ;K zlnrl$|4ap&*F2gpOsCyJ(f-l#;hW*@F>unCFgoCsh#^P|1nXmmjo#oZNs7#W_s;6x z>shw8<4CN6$0m!WGHL2brKpBylI2!?qO9)d_jXvShSM>L4Rg&Aj*(c zsQdZ!4=A_NaU2%2B~UFI&^*>Q01At1J7h@V0qj#29JcaL{ zgbvcaCJy;0XFz74se;5g1FBw3TEvxvZL@=sfA_XIKMy=@`rn^w=;1Z*oimi1km9#Y zts{!GK2c^=CbDFcTP$Hmj6)b{0^Nb8)x7?YS)S0kIHX&cS!r;1_{@fkc@k|vNfyC@ zps0`+zNa~{(sFMGO?6u`_&c&&#?_7iUT(klm7Vr3_6ssHzoIA{uy$(a`}-0Wtls?g z`Ky;Ng=VH;+nG4;9XHy2VJsO4t+5gR04M%FKSN8y`^b@kJS7a?kYGD_-1@sQV=Yd{2s2n1A(#YAm9V2N z>a)m&lAF~a!GNC9yi-UO-rS@6BZv`)Z?|~ovM!o&F~0d&(6g~2Q}%8&cp7c!VAHd; z^+`Tcp!CMKhq^i&2Y zGt@m>Fw-UJ>@>mYG=GX5+E$_-;b{-!+B5je%HR*IBiEqk=y!Ey6viqk+jDNgm|WF2a&-Vi5ROP`(Z z1z+D6LjmCptDX!zH%(Wpgs0FXi?@@Aj#cQTL^r9*A)~&~B?k8qhf0bmt()1vc92T_ zuwX$ccuKtDJtv2^f)i*<``DUep@#mU6^F7NLtyVQ(-lqVd^8R7In1p0nn-15d_{qR zUYkIyLmuftlGf${-z7ryfup#`I1vsL7txEgLN0sx#)k6Kd^M!CvUjZ|NtlYi&*VVk zUY;%F;YgiIEoU!}o;`^!;OOZ3EgHE!+?P?^m*t_9PRe8`M_MvxT^4 zw1u)iO|dV#TE(Y%KJb<3$WGt5VM`RZfjruWTJ66jqtw~E5k<5_KQ39DT5&Yx{}{fP zcsla)KIpvME$=@_-FkTQ0NkZ)RZ-b9UDC3%l91C0dCK{bpVr zhx3Q%NOyD9#mkM;0@rhzHuW_3T29M*;Ku292CR5J7&cLx0!5dH6TvHBCMz=XboLJ2j2m5!oecz^A%Iqr#^~ z@Y4!~4{Lu-ebyNPm`}KK$9nVAcR{@_Z!n>?r%7yFynneVnwrkt)M}Lv}()(SZ zwQ2WA71Kz~&yN~Ty=ep9^m)giCDwkqS7Ks*&-pAoKTm@w{yR1U$dU)p%}D3C##$JK*CW-z=`{{4I1oLmO!&(0rWkolZ5 zdk7vM)X4sZ9G0818MN#H2ZMAYFsysWmWttD{KF0In@4}eLxsjgwy~(O ze}M|zzIvF~5f|#pfh%7BOQaOIgpBNCr|?SmZ+G-Tyt&ooOP4m5w4X8XfJw<}*O%Ar zuP)D6v*ve8>axs{_*y(NFiv&Rqh^MCY!)`UDQ z{AiW~2F}hS{q`+P-?7BO`Dy>4#`N7Vc91ddk)PbcPQ}H~iVO7Qv_q4!J(dPp5wva` z@DC&&jW><)i4!O0+D`4CAKw6(%D)8_xqUwUq3rH8ebW>cCO@~)m7+yLbP3P2bH)Gt zuRnjNUBW*r20^~n{jF~v3oqAg!Fw70^Y>T0>T&U*aB%7JW9l@O)q!`>>D)~1<@CQF zRX1!Est7K|4!$Bab^jm7&5Bs!GSa5!lcx_6liXb4~>LdeB{N-~# zDpg}>yle_SE%-xTrB??%ehga!h})HZAcX1&C{*0jXg=;_#8hz5zK#;i;EKu@3r{6h+K+o zj1P@_D7M3}NHIr;c5IluM+Rct2S90}<&b4JAYB|Cc}Q4DO3w+1g|3G~B?ckTOte8t z-JM2WzIZVqE33jF`^J9;ZC$A$`Fjuo;Us{emNk^exKTa^iIzQtCX4ptwSpD*(b;JS^5R`*8 zX98)Fc-DaliYS}V&0YlY#FniDj~@Lk3lBcMFe5sLj#i}?IL*YpOtFg766o{^QY+&$ zB11;HKP`H07e0Xih_u}>F8enQtZOEOg-rN}KSsg1I_GV@inqu1;krC~tZ0ijzjp85 z6SK~KhAE>3gS;G#Fc24Zw()aAvMNMQiGj z4vM@+>i)j)$7B~qA2ye)fi|Pmv-vq^_G}#dj`cTD^hNK%59J%{IjQ{W{i`1u9x&FX zeps7SOd1L+8z{AZxf31IV@{e0Do%(kaAs|k{ z?D7lk6Lv?pXV0_NVRNHF%XTp~2P^Uo>I!W65LL;Z5hl793knM-4tbY1$bT`9nwZ9{ zA?oGG!{IiOm<+g{_c}1P2RUJS(I-S?=MDo%Z)5EfR}P^j)TE|Xnb*Oipqrc%eq_Yl zuywd0+}3}Sv$#J(t~-x6E11o}e28wO9MSs35tZm2=;o+%219^@KZ(h2;=EHFHsPDZ zB0}Bsu5FNZRXo7iZT#oFT8?g&A2l})Pp7?Tu_^VCy6(KXBgK=pULTB2a=H>P780O^Sjd$H;`2{dc%!2`Ozt1H6p7wxHen{+~?+Tv$+K_BD&(tcOnPTs^_^U6QRaf z)A8uhLZT#u2zy@lwRj)lbhKoFMqrr2#PT^tc_OnCSwCUxBA8C`YqzPn0jUwS&8FHP z!?!D=FuA!2y@Ts4Zn#njRV^07Af1@}i#eHwe-1IJtD3V^;)@Bv1!qD;Jz zsaCDKfgoMPR7aNDPzo?+GmMTKnu)!CS|@d+P6d!o=ARHhHK0Lmnsl;2E`j4hFcRuN z0#0!&T#hU{Vc!u&gcvGu;VL+DYkt?bq%5DcafGg4s&2lXr_8>9O_wJ&?$)A9m*3B4 z{xmmQ%SH_}z}5IF4Ix^fhL>p0l$p#y(_JS39SsH-BC&wwmeH0>NZ-s85KTYQIp8mP z>fNIU_wP8VO;n^|qF%p#59aC1a0<1d@FW0))WX}Srl+aT7WSI_E1G%I6UtMO!^oe4 z{Sw5CCQzOQDkCb)0``8(c*R1a_qij@z5>KDQ}l98^p4L;S@@VW8#;zAXp;zT;z5pfkl;%{>)Apa9%aH5&^C9Qcp)lVnjb`wnWa@S z$wYt6r08T0dg#zxlzl*1QU&ruf`<6J4DBNE84dL8+51~~fJBblc8;HdMNJcI5+MnB z=@k2ix&G8MOWxcZz$a3xgi_Tf93z|{OUu?qGu@jyi=_En1r{lC8mMyGVqt2ahxjt|4pI>FaCA*^UeIKC0_d;a zW1N;5Xu5&Y2n{inBEVY`a&*SLWwQ+k!V-29)`yHIxlzoC6BH2M>6}vBnM7|2B8>&= zel*^~-O>&7{aO>h(1w#z{VG;596j8q+1ZF_MgvEKI|-LZdJUl)lvuFzsqX)f=@(cW z;4%cmC>G;F=kV49&tarXjBKP-A-WhMIJookV<*AEL4Ht~Q%0dE*p0jFf}czX37*6| z`9-00fq26q>>`#odH*nVBf8qB}s-qN{nH2V-(P{czFJlxh8lu@O^Ov;Buf{4ZW1} z2c)@N2D?U!ZwYhBM+s-B9RUhuJVO^rj~;z7s44e)y=w$90yJt2=snYj7|TBfBUBRE zejh#b5`fX=6%}ACyz;+$9SBXF$2A+LF_dF<8(RX)^r~09Pr;+=n_y1>iy}%s{zDac zK6U4t0X~=C(>pq`zT!wr4>jR6EFW zY9YlrZ3krDeQV{t_|ue@|D07GxL>2Yu5HWE@zD*E)AfzwO}-2(Y`jM1w4yGg4StS4l@lp(HbL ziQN|S&!Zq-1^gjvBVg!@AwIA=>^FMElUe4JOH{D3a@DrFp5$yG<4jI4LLDaGsB8tC z6Z9KS9XAQH@NBVUNX){IcobKT*-8O@lG@KkE(hcue)_a&3tJq{WR)>)D94Le*YkFl0YoPXTM#{(C19vbfBs;NPBBRF}8hi;!5 zQd;WDek33i8IeUU40|YK7n5EScpb1HwV;Q_TWSvT!0LDRn}DvE2~1gtNZFiDl@xLA z+e+ez=DF*T&D0CJ=SZi=X? zJ?qkhN#9eMwoZID z?31v8=gjcskR9vc*;Gu;5FyD1X||y|Qjjr!Jm%sd&>$~rKIP9k-s1>Sjj0{PGlQd| zx}30`0jOL}VBp@#%4fVS*cWyW;9?^U?|5Tg(knEMDPuoE}C7A6VD^zf36TSWJWO94^m z&o@k9`isIT8(5scOoh-m0jWM+kR(xA(NO1uCu--Pb8c_AG;jFR;le6YYjlWJEi zSa6rx{l71MIVa->M}am+re7gjhWZ;ONvt+`w=eKQ_}>CTln|bv z;eaaR|EQ+{=TB!Y_WYe&7}J-gB`@ROf0YRoI6O(P!h;!eC(O|pciuXtnww> zbXiSHZ%CIO85)>2vcoed^2}AhPgV}&bl!N>rF)7 zjqGJ#rNjHDzszWT1qv|EXUx#^CM5zVN-#URWZJ2DoJ06K$}?H4`KlXrB6osRVNMK^ zXaC2cT+C+~9ETQ+{&s-k0*q>utuZ@w?E}i-566=SxG+gio*V`tQ#PG|C)jcr`K{A* zL2Z;9H*P#CT%%AT8XviD!a5pEDl0#aRL|F9{ zr^~l*-+HvFpc_JfsLoI!zLkuj^?ov^-`YNX`f$Hxb1Ae5G+8QT0DDh%7}}FU&Omxa4f2LZabo zEcP8Nh7KKSZEIWo{cEtIi-(V^kabaP6Qe@Kj@gX(?9iw?-dJyk$8QR-Q zS~nDzGFCeRZrTrd0XNUPr~8#nCK5k8W+BXt-STT7D%5uUvweKjfLER~pAP03jxh=s z%faU%=+3ZVv#QTuy?U4&mPL^Zxal!7>LZsBbX)mHMp~NuM80X_;UXrOcI|3RYbV+* zIxGpP+(V>rGHk|4lo2?B5SMvl#MBcuk!^189?-EF^G*CLEA))aQHy~Z!31!`mq;+1 z(WNoi7tvda-wam%v^IkV%_ytSzY@mGBg-H;PLPVBj0#FpBb&oodNN7H8ltmLKfL8p z@-N?|w2`?z9vj_!7UE`b>_m`aI!Wl4*0HnymQJ1uOg3n7xKs(kXb&i91wO?iZ9(ZYTS2_<{x1U@k+lg^sqg9acL0MCY5}q?icR=mOLjVFd?Zn*v5nuzD zeW^-hz=5w2YHgQXdYcj%{DMe||Fe;i5qJalU(49|gjg(L-UFd#f3ZJnkfhjhGUwBgeVYy0o5QDIWQyTHJ~!ed@kx+oj2>Y`O;Hcggpxu6m@$$32(fQ! zN1C98B^q?!Z_b_&jwHRpi=f*7H(BH+O zX3d;1=b+oVefb}_blx1R zl@(Gf;*@lOYO-zpJ|_`_lU6_lMp1l@x3qkK@{SWLSzTngs33@ogm53~3)Hyn2d(H# zgH<5vI9eW%Y0)kcF`04IM2|oP#1jB4QN>3)R@u#A*rt~I9u_gy}B~gr< z@IJ?$SesS`N16Q6(lok$G^2Uobut;u(xeJ7%9VJhaBe`j5dX zY@(7tNNgKMQ`fNZuq}7?mAGRBj+X8jbQIB%=_@DrR1dS0L^Y)JxKy2hF$M{n+DHAFvzr#vdv|fh*b<`aiwTo+MUqChPW8(Pc$e= zzYGTs92=h9r0X{XA%q4Mr#_gN0VZ+f$0E5Sm?tgSPs^KEP@r{~+UPD7^fvep>S;BL z>Wu5V=1%n=r%B|0{pL+EGl{gMLg33r4qlXqyD5B0iFp|9w4B^dpemv`hL~vtc@k?d zx%!WdLLyC$=*j^@MpJw9?4(7bjEvn-u0gsu0}9ly=U*Ccf(GwCyIwoHTfA#s=j&Xr zJ~B3o5JP#Eo~v_Sp=4_=wFE_|LV4R!QJKOZ#6meE zoPDI+c?%YN%UTo>6*srd=8x0c`V@L8;=YWK{gy~lW!ZsvEdgdJ&uSg>du~7dAjRa! zr!sMb{#CB3wr@FW-B>?6w>T%*Cceu3TF?uU*=zH z&-(jjnEXn6`>V8O#&X9xr{(kXV>{`WwVU*XWS#W(>Nri;RWY?Dg;Vhuz8Dh|$|SY3 z@%W-28p~SMW&{O4Q(UOAt18Kf`xL0*tsFc15#fq*0h6!OJHu)W^QOES{w-&?;%8dJ zrByZ0#!~9@#S_?o1o&dQ@}TRB0gB_7I`{ARaAHP8&cL6g56dB2jNNK&%Racxi3@bM zuh}4@^nlCE9m`**D2d*3$A63BT;+FnZSTW(+)Hx{|38|}1Fq-3ZU5N~E+W}0WF*-; zl z@>W!MB!3*3^wDF`(hm(ASC2V1X2tvkM^mRee@yU6eOhX?p$7BN2D85B#aLAxxAvS{ zUUzJ#{CA3X2UrN#()(!c4x3>Qm*r3E|MyRKawyYNn_lV~otHQM&=~93RF9>LHtY>l zG`V40>QJw3n|>uvYVDTR<#N+*UOO7jgSDROGBGspt7|*{hfM}Y`Co=k>@?@@UR@C^ zH{9%$ZxU`&TAB3pK}gY7sJBzIPq(toik{t@L2jG8ZzgbEtTI{OrEUm6-MDrAs<1_z zk;D2Pn&d+;fx9fx>$;v$H5%p3cE+)|XClj`T-yjM*X58m+Fv+iR5)y_ru$@8B9tJn z5*ERLoYn|urtk-XbxfCu;+c&TO!7F2x3Yw>s^^(v?h3GTW_d1 zXfvo3TTb{H+~KJwSzJL1=*m1<-G!8Q>v5G7PKzo)a9m({ zVhiOQlZ(DU&9q*$7^*E+0zA<)zU3Flh8|!F3L8k6*Lm-+;2K86k8+7!i8=nX<#Cn>_kW2ICYtLcap!(qFVXAM_^GGmI*VNp4w({R=+Cr_XG@ z=v$Hk%M?`TdqBa+`lk~dDc>5Ohp+NRAjp)&Z*T#o8pT71Q6Q}O?*QG3sGU0}L$OG%WV}mk zKF$7NL(llxvk&aed@V<{aoZ|I7m(jPLk(KV zQIVDo31!Tjk=QB7<_YQyvY=VPJVKlxx{RI7+O;w}C>Mh0MN zWlabe{$rd(;hbBKT-ygx@%>Q!cARPyo5n~e`5$EVhx$vNql`%+q06<{oC4s^?zd%! z+DK@4^hgm)<7c?a4|ZEnACAGV{4GuS;%T5?zhb7JjQ0PB2)qxpRjth~yu!vJ@u*c~ zJy0yofe}K&^#t%z=JIGleO^D6sY)yW!|{cs9uh-APX0s^GJ>|g!tx>)0T4nOBs&}E zY*_0j%0ealusCJ!7$bw!TgmZawpYj>jt2;jdi(aqT&iaG+A;(EuECy9G!3$`jwz`& zgO)aSN^>a_w_IyhgdjP?$>K-($5}ie6{>I|+o9lK+1&_w@|zMd4NQYk3rbrV#S_LA z`Vdj{*}XaQOepE4^kv{pmQ3?2DIdYi79&xS!i4gXO{%nb=`N;Gvwi=KDW*7)=g%Ys zz=rr>jX@But*y=9i9b`X`O(%zt=qIw`KTJ^di3cnSF@)|3S9Rw%I#qHE*v+9FB`M?ZBfAJC=INHbZgOq!du= zWv|E*XH6JN@tF4VnT6pr;0CvV>6{JA=h48y7|DhY7+0MWsWtHe#`8r0c7J%KBcrN1 zd25r^#v~OkE5z*~eCIqZQ&9)J2V|k=P1;bG6;v${PLCsXU0@WnOGHW^z>heF$GEw&eHUb0o*@4t2IV(l zN<<_808NN1AzKuF{aR!A!Gxu_h}l7K3gC~FuCZ7afQci*=C9!-F#$QK33>kB509HH zJ=$q3Yc+&WPxp>3TGSg0NWIJ8=!#Y}__BGCh$IGI ze1g}cF2Xk#O@`B+g8>nrWa3C%1UrtpP4Gb4^W0LWCom$@bfQ=G3w`;>(z84$pms<8 znbW6jd0p~aXi3Cnk*?g@V*&m~#Pc&Vg-K!dHJ`>#_A{fS2S=yN&G0-imbt!Gn#G>) zgDGs29(y05*Wq(e@p*OH5X9uNG3_HA9k$PL*Sc;Kbbt8;gE z*hJbrPxu41fPsmyAWpW&6dkVF#?kRU1cWU9Vvqt$LV_6V4|ox6 zzzz5q?`K=4M3^2@LQreW$z|ZUE!VV=URnl4@$5xT!+Og!MqB_dWFHViRzf*2k|VnV ziE?NMg%c(f3^qH%E<`Y5fs51PzSDHSCF07@9Gnt_Q55ilY;~m@W8Nj5zQ$pgBUlTd zT^h%X6^F-5)=@K{SZ~HzlZg&U(>AdDwD{0UVsB3Dm(qcuT$b)A4c1oBgqJ~himMW9 zr%CMPkPf^U8Ni%=k|L#}Fak7cXv24zMazU6>cmTCGYIzm+4D#bD z@X0U%sWm^_3HuHjK-xW?y(Y|EkVil`nT}^LkjXPqnWcHfBXOtk8&3rmM6ts2B}ohO z3GR!cOcoyS;g}oY_43&BzkZ!Y-V$*kX`A9lTwEPr;LQB)prr~3Je;b4ajd0+ZecnT z!Bz(I#Zyu@)}SDmkJg6y;&26n(JT2eZk||lV`wmpCCXS=$|y22EFLmQ^;6Uzw6nt4 z(sJ`ABv_|uwWO`2VFdLxK0M5yv6s3E2Vk*LvNA!kLXDK5{-{A+c{ zWw80CF)OQ)b?`lJfM4)P0KIP_!zXIlK^jo=aGfTCBoaItcN*Ou2pxgpFQf`gp?K^% zAr7kQBUl07{xSYqn`pH`(4t%v{vc}GYBAf{{^$DM^!>OuYhcmi6OLa|AsoQ6fye}o|B#haY1(G>%^5v>5>emorc zU7-AskXJgo)@VzZK4z+oT7icgpIs(Rd1f*m2UP%b6;2h4 zdQXJkgkAzdT)%?gkdS!z;kLzbq^$?Yb>Y+P(G1HU1`dj6VvN6-^z@#Gh;@P3jv!BA zYekO{BZ3J@n9p2;H>3e^H_&N~G@Yun

    r4sX@eRab59R6xSHqGagehNd!<)#`-zY z+Qv75bKVhG&=;SX@PZF5lg<*IKoZ0E=d#Ux(;6+GoByu`p#A{QxzBSEd%$kpWS=j? zdt<4ay~n4aEtL#UONi{DDX63P8~FKkWw;priEEK2%SMry@DqYr?f?F2D;P5|&NHT8 zBSNSREvj&*P>T?ML2QhpLLjnip?XAGS8;a$--3#a#3tF2_6;p-V;Vy71LRo5Nd&Q)7t1g- z$$1@EpAdZiNp5%#|M|sq;Li$MiH(jDc}pBVMSKK4O*JRnBP&Y&qN%vR6NX5!UCjL` z&jf50W&|>jA?LaPi!>y^-umeY>5TSiF&7(116$mOd}4XR$WA%Ys+;{~FkUJ){xsA9 zbOdh9Q*jWKF*~Yl3Joa{L`mdDPh0lr~GSOcT7!eLf#&OJZb3MN6Q}ao~0$eLoSZ)!+U$Xa_ghIN)hEjH- z(>Xpx1Hn0;Cf6HP4f2YZmuQ&h0hua)GpDNn9fQYGq z>;n@&VH^P20xYg%0HafAKU!l9#DIFUDhFtOo*SIMn7{QL#rvfp6j6%I@B{iQu@Mwj zhI}k*GGRlSy^sI&^)z}5FCO7OntZAiZd8v^qpA;P{$#_i^xJSP*eL=_&pM}s*BQAf zTkLR9Cdlc-g}0UWS@2oG&iST9qk1CcfxFhb|BkZtB&acjt|-JAQ3Cd-wof^?VP=iE z9*e+=&_Rn%CWdP(jzdZ5f{hTny!LZX*)=d3%K)yR=tCJHl(h|XX_Zr+p1{OL zdw&7$wA9uW^Pnge>BSvChN5%!EWvM}3+9fiA z50F0}ox)ePoKWw;BU~GEWPbPNDs17wN1ati#{5N88sH3|24Z$kLuv=;qC}IOpP>Dk zs*x`82F;b|HM}#M;<=633}oljxsu^7pEO8}VqwfjAT=8aCHcy8^q(&SDFDZlx!}=I z#RO1a;CclI@t)&cH=nfs4hzrYmoNW{__2T>-yqMA@<5t5*_~8bd5cxGaBmEi-DP0o z7ef;)#}Gw7W0)dJh0x<1b;WJtLv-wU=wb z{@;c+aasYdl4x0Ca_c>1*|XmHNxNY?{j*$1R1j>WD>R!*z&e8XOoo#!Ll)A~1K^;DlgON_1*L zd+43sV}WALUalT$@x;5X`}tu zb<0v5*<%lmS2ssAni=xKti&`-> z#_Z389<7$G?zz6U&A}=5O-xpxur?U!(E>-Kp1+E~aNCo4!KNMh9GlboV9Cy^jDShq zP8Zxi?dttZVYOn~W3@>&hEHgQSpNnX$6i|=8Swy&mxd|-zpTLgZ|yuEZQj5oGqiUlrzxG5hcX~ zju}24BrKVa2meCA=bjprO(+qxF0dmb>QO*d|KoY8__oJ}znR*=`5lh28|7*O0^{{^N`>d1<#pg2ugMZ(ZcEV{Z?>QU%Ea zF;J%_hO=iOf!E^2NPeh7s5RaL6{ADK@s8UraWFmf14V)C0i!nrsEK1A4C5C@RFqN> z0EEd}RL12Og86=___St(EMB6nLj1)!;tKQH+}zz&El?rr5Z?vzVrf`ET%8er0jX); zzwAC{4;5QI#i(h5I1w%Snm4z4|Eh#LNk!X1Oh;e?fUG-62;oLE49@ig4+ZfNrDzV#*!uQ-$;vj z!m>)8#3=uTDSSr#OBp*$opBOm6IaOxye3fbZUY81=U~%n1D?wt;^9%)`ZFbrTwvYi zs)PIH_ic5dX}yNEuO5B(r#d-6u}Ak$d#^A14n~e_x82B)1XNm5qQt!1KB$!vianVz zH&`8TXAu-ES_;{U3Gj#p;4S?)?~lB%wB~d6E?Ng@MtmNTdu&38PvL;iS4%QAf(vhu zL2)kS$b3XT1#Sn>jut{|STuajXP@Q!i!W_~)@U%xkrOASFJW%t#EAyO8rH8baR3l& z5|0Y7O|lntJ}w|^E!8Dqi{u888Y=h&EVaXPjVn`7SlG3XGzMH4S*;CgyjOtkGsP)iTOufyrL1B^Zoa$Q-GiddBJMLw)aYy%t8-ifUw&lMgTgBf@hza&Fw&K82+_< z^jHKyvTcS5FVf*wgfFHPeVi#N@%B6V3X{A_#P&srb4ElvQ8aM zqYAWL@afYOnl16}?$V_Wg%d0iI4cqh6_oBW9Lnp4VU=!76n897q}33M2<{lzvN(b8 zq-5flU&sZPjd#dr`wba#lPOxz2)@eg%uL2ETQhkWZj#bCIp`0_5jsmmTr#4Bo==2& zXf+7@U{H}rV$jpnd4$J8+KTbL4+>FHpda~HCM9>4SJH)%L^o~bt%xotfc19e&73h~ z(}d&U+!QkV4E7L$-T|=D@!+<(-CykM?AdVtRSJtb=p8BW@8AETr}o}+`~h9k zGVg#=6DoBCFK%4U06v|}n_@TzvuHTh#&#f7W<<#adI`J1OwHIwhW-g{Jb zpL;fHtnJDb)na~ZSdL?}PeT4Guc_BC*R*_d|JqptgRv33*7;GB*1uvQ!p$fB>mV!% zeCb{NH7LiyA0;}%9pcbqs%&6BXHEt^3e@azo+L9v4JoLh0QfEdM27(_WDpFrylc@x z*_X+A5hZ{4xNT)J$)&0JGw{>N$4hJNo|?6FQ{S@HiN9^j*4kEr5OMLrWVeB4!0=r| zTOrYoJ6gy*t^5mY6jdPo6U;OJ`PS z+y6*$g`Phh0eu}KF5q@=i;E``==m>5u|ZW9qedbFMsojUj05@xS^rJlLjm zq+*0jn1O3+Ec!oSV_?T8!~>#vd-YSOjbfk5mT9nKe4?-z@y%-ox&(MK6EqXV}WLj}$OS z(-uEGdf%vm8~4j+^n88$h+4%pou?;K z9?Uk;Dm$I@JYm7CIddvr4$0nA{Hf+`-dCNO`g5X3@A{A$Oeqg!Ow2qK5|VSsI{H%3 z#*t-;#9b~U7VH|X_??2jt9H%EnjnYr4O7A{e93#Ehv~zsli@675#c6zN4%0meKepP z`f;Y2*@U%gFFvwCtPP#(vB@*?rscVXb&xr<6ld*+56@0`!6+sLnarMI)$)+40H6z7 z2^#`z^+TfHhhbI!^rG5*7-JUgvwI%Dl1MFSQ8u&Td_;%Xrdx5IdA(jbI)y-9isIe7 zxGSUlKBa9qoVT-72~|5EHJ#teG=QJAFKN(qzF1C~;t< zyxTo8Zr}C=#gTo^82Ye<72$_K)#TbkeB9JGcjlmar^XUhJjm`9;K|gC96Ksf^35iC zo|H#(S@FrVT0QY80H}-2dW*Y~_*Y>&TFv~NVaJj&D9h}r1Z0v0s+c-wSF_BzV`ZCRA$gPy-fo)04oHWs?>N zs7MK@zOjxs0x1U(A`y|-k;Tn7|Myc5*}A@}^zC?faU)*IFz{|wpY+bd6_Esdj%^z@ zI66F)&1KY)TE=JG>%=HLjx0oJEPNogl-q%Rz&|pnbbVS@{;>ZzI2f*2+NLf~Lo8wh zKP78Yo*6M!Ntl+AB+NtU-4F=6A9tVAs&m4dyywqJQ(Eh-7o3`%x{cPnUpRPA+pyHh z9&_}ftK!DitPrUSln~AUQ8O>Sy!)h4ZP2K7+^A}wmDV98p5-5i0_pv2g%xr~KA5E^~__1S^ zNLAfw{Q(>bek0zdlPsVjSW&){Y8*B~m^oBrT^2t3QE~e8Y0;tz%tPro)O}CFuKhW> z_d`4RWrd|O1;A94GqdLCM{=j@Rf6 zp~Z;2IJ^LmH1MA!dh96c)D(kNwbPIiEP-Uxdob&W@-eJe!rMr|0mhUN&D(;eS+8k|Uk2liN3L;*5{7)>!ry&l`Ld?SqEepK>5P{nSr(*AC=vWAkmve5 z?T!K;B#X*jAXg?W4Ekse+*s|Fxc2J~MgdX$5-?iA9FTcfiqYsO+7tAwPPs|jApq$} z#ciG|Cd-ca1-ZGo6s*bF%NV)2PA$t4)qLt4@h+O7%<`{HP&%RjE#VUkMX4Jwn6AV0 zt*F@m#YIns14nn|s88=cuNje2TjkIt?_y9;8{lKX+sK=&b(C!u{NkhZW$ZGm)2LA+ zdNbMd!D1LUR}Q(%Fw^OXFh{nrgB#C^G%g@3{ZCDgD+F3$o<2^lY?-nHbQDYzXhn2I zu;|wRYPa&s;8V&(QNYQ)i!NtRLGLKQ^>c zt{;cmG93L|bQzdF*)3akmqG+{lO7CU@^yXy7y_ma0TmEKeI6X>lO2DZv384>bgERu z_et=VNw=`{K(NS6`~r95`C=$$dG78b{+k>VDwZKS&{AFtJvQ8>REj)jJES$#)TU8r zSDgD=CHZdK)+lU!nF=MBluev+VJ}(i%D~859uA?o9n36A?|-7W7?;nJqO&Bb5-%o0 z{vkW?I)53K3#41>Ei%^9LBW@Pv`;kF?mB3Y25>&p8C)(Xy*lg!z0Ujci7yr=j+(f2 zeW1L4+gH3eKi+&AHy{o>33){Yqe(;f*r{$J;3BS<)CtpG_b5QB48=p*(=B5D(NT#{ zdJJ9;olBF|t5;Lp(O{oIK*gS z#{Po`+tZDn%K8+ztRamFc$G7fC}C_Umgt-|6yHnys#!3NVUoq??#;L3LMf&|7@En&lO3_dZ?0#$Asht4 zel?klhmqy6$@W6o#z>;U@J&pg0bIm)pZ0|%f^I}tC{p|Z;~9uY-XVL;#i9qc7zG64 zrRyMNvg4!8;AI*d`7W$4;~vP|1UCeUy!MC@Z2>$8DFOx4b<1Q0=T4wZf{vK@0@$#- z2vmEDyL*+xw6lCtiYH(W>^Vf0fh?R9iTqDw1A;jVnk@d-o2W#bF>jX<5%Ia}lkcFD zM~LUMt0PO_v!^M~T2wBCX~ynJsI;^U)mVgHi& zal)c*!lNB|A%zLTsTmIKKF3%iF>8cc5@y-Cwt5}!s=m&AKn-BkbZdeyeu*?DxG2J# z@g9N!4In9DBV-@7Op(fT1khhRQN*S{F!VKwRP+(D83B@!c|DouVv{& zI7a0(+p@wyCIaBTse;uiOnV=s$-;%xfLzXdJqp+YeJ-7&;S8PYn=R`#JgxGP2%YkH zMfB;@V!A|%t>!>6{G>Kr9~2W{aVE}rAd>|CiCX@!yx_ke;Gh))8d5N$}*0JAm-@ts5tAneX!5F3z0!{S3enE?5by%>ZnF zm0*oCzyq;dSrqef2T4qXSzEV)hloGd<7J95KOc@9aeCQ?=a~oY8*AG?85z~BTNj_+ zD$S}QhDIp+nl@0|(MnyzV8@5?{=GGWy^d*lb?y*RsXc8<^L=C8zwe*Cc)+_qTk;O; zg^NabUAC?6fYlE}XH{DMw7d_{%asH0M`R?<0O${}%aF4zyB~=}b@Jg*c$Oe2L{IVF zQ^IyboJJX0z}5}zn|NrlQOLP_r%`TuLFr@)gwly#Yktc5HY}M0NMXmL5(O_KU%MYK z6`KQrnmBlPrxU&pcO*=pUpmZ9t3w^4%QF1zOO3cH3rnrgD5mOIyMG^*R79QpzL zu}1kmS@kt!8Q+rl`G@U z?c^S0@acRpB|%Lg)0aRuQXkmNJAPKHtLhqc|2*G{h}9_Fa&tRk7)$L0(@%9?2(`fm zNmk-g006$LC@VMfz6ZK5jW>8hJ<*$rl|Jn_%oK7>Z6q7Sf&)_`njMOI`mugaDd~{F z0WOT0yw7B4mU+rmgIYJH#yJS$A&armA~Et=dAPCtfHq+5kP?_JJQVGnt7|c@=jOtG z%5hrgCDa2>GlGu*Ts)IV}P{$aG2- z+A;4tiwtAT7}MH8Z^y3?K=Z$;Z)lZPKYsvBa}JTilN9*WTtw=dhM=%popn2D2fSTt z^94D-v}LJ`CGB80k*zA-GBZq-E#JHNR1sFp@m@m?hh8j#LN-7ZO>QK zK6`Mse~__PaUA3Xa0}Wy^tj5(@k7-2O^G0J^6^pRh!ZLOH>lIvJo`g`lIwBeKtaTw zQ<63iJN+CgvV}uJ5cYMYtO8*JiLD#l)TbE=Vm*dZxG?eXkj07`a$5JA^wZvj)*|KHcHQ1(ZwoK?rpYLsVmGvQz zH00lv6k&*S`vn<88`MESSTGa{@iyrqh&5ue6on!hDF~ZXWHyg9L>w#l_O0*hai6a+ z0 z%lnju$#*z`9pyRcOjf^$rk-Li<(vj0vWdhtaE?*6zY6($&<*KOfuI|9kVa<^zo4`* zwY2nuXyWxF80gP-W~6t(rE1(V`C1}VbFG+;{+bCmt!Gh;#vCK0jrwtaphQb?_@`k~ zsbc~~F4Q`Z#y*I8)L5cKj%DXShk1i8=}d=xVcmo%Vc;)$?J^4xF|`%Xu#53a6a5Me zUX!eO`kz~xY%SwElU=S+mB6DtX2kFia z1aSN|=2EULe-9CQbwPRq!BJ+J=*xVKIWw`tTnj2Ncrw8 z64OKqwpIL53DOjQ2$Ss5A&JtGXdq-iH;w2Zfu7<*5ap2%GnNjb$})uYk{8Jvp@8Ub zlU`q}6OjS~`ugSnCSz%mdJ1XCm*CPOKqie6u0rC%M9aAZkhMMe`qQUnq;UQUX&y62 z|Jg~?#1aId4I@nZIA|w2w*zD9vT4{lFX$cll&`G@R9wQ9AZ2uHk3i8ea?tU-K4hVny0JbJnaa`}glZcT;>2S%#yh z*AzJ@Flv4SmIsKv1ADhtuV&Z5RNv+V16FR=Nd zYPi{zt5=Jsfe^Lp*K-_Y{5xv)4w!r>RqifS2M|AhA%<3c+=5UAH^|(=%ja9V>YoLf zBT>;4MqIpT=BCZ^@e&gA(W7HahWOT9U{o}eCB>wjM#MtTk4|(#3na90gdP)IXy#_= zy_sZWRP@+j%@sf2>gnIi{7YgD35tRnIP2^m=QxUu3RExZ{;6H~9XOvWdn)wq`s~2A zn%{3!y9EelgG687+xq7cU&Qp%ro_@ZHnx@e?{=y`z!P^)DC{se4A$MqXmek! zvY~0Vap*aEYMgH-f5^AzBhRib(T(Tnbk_fHHPL6#nJo8D?-vIfN4oD{{U(zaWEyoL z_q%y&>Z{`HyT)33E*|VlOB;BVzt7q$)qZsVQz=A%>BwAh2waG+-*EU{RCJ*me$ESj z__IgYdM~S3G4-VN5cwcQTsqn9;n2MGUF$bqkmTl1sV2LW3S6a?mDzNn^T$`0VjtPx zAuX$-l%N<4&n<T1o_P% z3hl9q72Zg+ePjY@p9qrz^YDS2TMSAR;duh5gaS**If9jvH1M?NLf0|a$s+{f+=_&R z3Ik+hm1Iuxj{B{-bLMn^wuij~hH&Laj_hIe6r_*aIuvWw%@yZ7cc{b0kaq_O1GyrT^t_- zsN3kLK`Q~R8&r92CZz~oL|>_W;GX5xwPL?PEll(M&wmP+o7fNVIMp%+QNwY007*-C zuS`x#BFh%SI|(crHTy0oj%*Ce%E}Vo6h;p~QI{e>;Xh)W>-sg;VY!a-rI%+TStndr zIF2r&>x7*Pp&kTKpfFqJ;6Mu^6Nlo}!o8UuHk#+Lkfee=py|w+2Dl6Yby4jP7Ck-f znurwuYF8vzXrf}x#~8O8pfb$_A7%m?AATCs50OxW?+U;DCNA47te;K#f-w2+{;2~z zM+SOuk(uH^zaTmjGDR<4-SNjCvmhERLOlwk^q+JC5nMYZ(Ap<>BXsom(*NbfT;Ec&KdC4wjxA}3Fu@b{Mc)Hb3%^d5bY3RH+2 zdcyvgwNfL^%d|*I?j~A4sDw0-ul;wt0|VzK$I(6YDlb~VP7%hM)%$#-e&=P#3V{qX zm=8$g!mnAx{7iAk<-oyv$(^Bml9i(p-S|63{rM6v5Hf%g@@m=ULpf~NbvI91y+w<0 zOs9}SpJiv;#+h@@y0SB3sm~!U2z?&d?{y>`vMr0?DL#2zu3xl3n=Gdd0PXYM_(03G zm=2p{LVdv&3UxiAl<(4Tg*rA)rci(!J}MdnJ$vaDW>OzAqejUj0HK!~$UM$E%40wL zXwL+No7=Ar(|QBjh?+`DPg);)LVUU_Nr_%nY(i;h#5-FrxqRQFckgWus_RIz5AGn= z^JmYDJS9#++8;h?rrXU-%!csxk03nI*U+(&Ade)7+o!U(K{%*=k?&dubBP$_vkIZ6Om z_^}+IHOL}dCzX_1HT=tAeGjvxRikZhD0A8;;%y)`B@b)Or)QI!twEAq4B*NS1;FHv zJo8z4DUO1`gBLt6M22J89_m@UPVDRO%iYP;$bx&zEZRM`)Gbd;?Q(F6>}(fGk=h>A z%f`;G>xo+}H8l2yhVHhCZKeHHgpCA;@QULuqa2!oHcq150&(w;q2uU?RU&$yo zzr&fo7mZq*;j2#kx-rK4NftOBpLtt+{ErQn;v=JLUi5NM{Lb_grGv?snn571sUAt) zrv}i*ZyjU2837{eB8Kypo1yBw_LZRx5%?3yWgn9)KX2N{+7gu!wA{TGCZlHRea^6r zV=t@0=wJEuppL}UBco4q|A_&q_6PnzVH^TM=TREqUdPQ$(@$XxOmGVK%5S>}?p%{D z$i+c_^G^B2xCfz*bRvjI_G2 zLy_;Ex6f=s43Codrjb6F z{vsgtqmkiZ@SZ`gN8_ag7s0U2LgYbo&dd&br+C-~>D{5Khjz zWnc+E-i+YP1j6^<4~ecRH9sw3PlHfe3u9y(SAz8@Vr>zb&}DG;0bD7MTXb6MKe74a z`G2Da$BJpWc)MQuCb_{ICh&X4Fa=0LYQHN1FIv-A9TIqBtav&j}(urQidjA z`Hs`UBP=^a3Iss-aV>A>_U$ql3YQ5uPzOx>7NS(9t#jA^n8t1Y0LDJ zT`^jfxcIt~vL^Lq)&fk(NL>IIl^d2YJ^6-SMG;q_=P$hkRJ~+y(_dzU-XqSWt2D?nZ zB7^@ZD~YNyWy|l5a&C;uR)R379-Lt(i|sL|PdDGuHR~N(G@AST-R2Fc10FBcIM60~ zpZH-=+i)ei4H`6i_TlkHYSK~^_#|eX*TZoQ<`2qB44+V^_zeCR0#_uWLssO6jXco8-^0uV^Loz(J+B2VpoGehaiCl>qpP1PUY6-70- z7Gm|Y%3=@&1~f*zNsBpj0C7XVf1h-tH)jD#=()z7waQH14sDddHibt#?^MULXMJyX z@|oTH9e@!n)u?hY86-qVCnl(RcZPI@LE6@X-6Em#4d(Dchp6glY+2O;#Lqf3p zc6}DmOkG{KeB1iXtn=#mXnd`I-8Z&zIP}t~x3oBwy9eMjfM$V~S%%5N+>?+i$woSq zUZhV7{@U-B4Hb5k7Za8p`&;rgRMQ9A;Kt27>Q~*hf%}9B)T)ErmTq>UoZ@JkUaWQW zGh@|3&gYECfmBUCeYLd8u38Pcl4Mm|5w`p>w*2lh3#gU%9F6N@Rabfkb#;E3Z*`&i z)8l;CTGi@^`QMtWd}yNCc*40$2S+(Kk9p;Czpd)RucOyqy7Tkr_DZME3fFcyRVHV) z^fj#<9+%ydY5KPfY~F?TL5B`$8*kCgy)}cCFKU{~f`efLsXjhU3N& zrqanPrN2hyUgD0;w~zZ|*rt&*S;P^0H<;r1_85z!Q)^8Q#lDKRf6!64pw5t`4t*{U zOaFTQ(aoD%xn}3M>I5y|C6J8%NbXS}%j6<&QY?PikhKGqSV@?odK-u39F-AX{9dfy zNK6doHM3{ChjJeEhiGs}Vf2Ygas&mX#8H!4g%4;Dn*(-+MFtHpfER*y!<>r%KSWj` zMB(e{B`7i>HF+%Io>w3$qGqdF)%ko`OL4uGVc%9&56A4B(W>Q;zpp6oX5g5A=f%bE zTO6($IXWsWZ`|5#{Vu5{%j$2ca$%V`_A)0f_lTAYyJCzT}dUq4zo3|cY=W{%o&wynb1l+7y|J(zcP4%Q!#6uS1{vRkMouh3hB%ulz zh&Llo$pk8k4zOi|-wGr+ZP^rbhuor~s@i6~wze@DuI}8_#;K*;c_0DQ0w(a-gm*ir4caA@j1g26VO1p-susB2;HdlE5{*dmcS^s&6qHNGznCo+Si%xe&{vu$S zYWdYTg<+FcrcG|2xK#h@F5~nk4_dBInK*TC;9 zj(nTzHR>1gfG0@@Hl433I6kS!@S5rR^+}IR#p{4NIU@8t;{5LAJ{MITqg^)Y5ejuJ zE*#}4(}aohG4p@_K03NNzYV_PsQmr7q7+P6a1~Rh5~hK7skz7$z9xm%1wMPHTp{}4 zydPEhrTXBhkaeYb?Z3}__tO!h49?tpmFDODjPKW;-}x~taMi~Nx{C+)$y+(~(6(Q< z=lwdYR{L$$PVIa3e3meV0X!}l4rwzD)l@iJpG||fO{`#f2(v2(k#Q$4hc{INa8T;Q${AVAp%GJ^$eD5L=DOtD8`8g97@eET7eNGT^hnoJy%b15Fe&1RVtk(R>4(Q5Bx*nySth=hx|OJ$AUDUh7P9qy}dovXfgU9vEOh0~IsrY`$Mb(kVO$S_q&x z^-ink8ON+|^2TxNSiRx18akMlZy3HhwfFJKzFy0FxEM8f*>8#Wz>VKlHNM%%CAnBa2;emFOawdBBETvyg2WB^$#qD9boOgmw#!Po7<Jksg=n&{@UD-+qUD!MAh z*WB>2gWyU1K3r2nqaR=w;?YxQ&rXQWI`3Bc_D|o4Z!N8IdASh;5}=SVeY!je5J)Z3iMjO3@S5!SX1}fmf(@SPc3)qyCSt|tiCu&7 z&V~3$E0ZA~?jC<0MTzv|thKvFkOCv6Clgz4ngl_RX$!!eWi$lrO2BA>r>Gwt9nUnI z-y`sz_~P*6&E0LF^^Y)#O`7E)V^iX1QmAOX|Bex|N-$SA+0xMT*QbYB;Z(u&0L39% z04)X(AlFv&%<&}f{+UkpMaxH?oKE@0De+;moQKN0{JEju!Wh&h9g{ktCGk!?s-Mk#2DaU0-ba)E3zmXoFPsv1TknU3|V9<3-JRlY>)oW)?!EZKd&75#T*7{ z+`xe#CkxQN(vlrPTm!@$CXUemjsJHUK0FAa8X`(VRQ3`n2>R4Ff>baH`w*vPw~rBl zGHgT#BD@xxwaO|tgjO4CDULN^6kZwvwsc*HjOi`sRnZoGPu;G?@N!aJ|)^>2d< z-h_^sKeXb*#{CyuY%jmMyf}Vdvuf@AAI}z!S~@2BN$JtTmcKhKyVP8TzPjo9>1Qg3 z5M)n=y6-?6q^?AqAjhLV3P%@D$*sghS_XXgN4hjL;Nl_9h(QVWLuBLBI#RQLBG zPksM$71a)>1>B+j_(ypDQg1vtHeO9`Gbl9m945Co;oVrBsXviO0?1KFzl3B0*@EOt z;6jt+B~S0&^W(2+hD!nCMKpqq0c!xW%SZ$Q<9&)ciE?QP4tZWfucxKeq2FPfUgy1^ z-7CIDT(CG;ocJo_!D5hMf+B+vMQ6Jo{v6=38wLlks0Z~sw;D!jvW*8bCdw;kuGAEA z=w98rMFUh;^=~(+NY621%oo(eYiS}-sZ2-B3~w&pGYkYsF{BcT{u)!4di;!G##nKU zHh4r92IZ8w$q#l($xAjLIdUZb(^^;8RvJ^b8_5r23ASs(ER*LJ$>uH%BLCWJSSdG5 z2$;@LJsNe6so1PAFOAIFNGpx7`0iZ>O}>|D6#KYFJ##@M#kwihe9g;T6)+_Np9(|Y ziBTS*yc&@P!RWf(M4$twDD?xQUk532+>5)ZuJZS+YkP?%KX2)Sz<>Z0as69278KGf znuH@3d@^D}4j^S9Viwm0F%F|HRLee>&`4H#%bs$?J{p>uwULEr2H!t!Ew zOrszaN)+&h=F{he<9ig9k~r}421Ah+=;FlyxL2Xf64w+^o{C5ZrX3$JKwJ;TqG`h7 z&=Uc@G6Gvn0ffS8GvGlG*eJ!(cw zG0c?cVg}nI64Vm8;zsa69XJE*KiYH%bi3bE3 z|4R85{QK*z#X~}T)?E*N==x`!Wxc{rP9A@*Rm&r-kb zJwlJts8%*H_1L@0bndmBnj^2ajO{eR;7VYA^4v|Iw%q)qdv`CWL9Suug9qLF^f6BI z(o#$!1j;UGJ`m$I%h|MG1#mlxN@mt{7jh zWAw=Rjp?-uMEvsP@=pG#jj{u-BL7HPaE%jWRNJREU|$j8&K|rH)jjjk*PxpO zt5Fht7~0oOKzL;=9UvtNA}HfBgv83jn^NJ-pkln~K`0z#yCRW6@u_esJQXx}<(tSe zXN=Dj)((wy3Jz-B9~er@;zMd3Mj+^IWElmR!mULEJntto19nWZqiW5U=l-}7 zGfFZJV7$|Ya&<%}QqTaXm$AoTCWtu@9OIkK!txbbJP1Km!9YrFdBwh(Rh_0074aMc zDOC%gEPVA>RlJ<{mqw{5wo!Dp%|^#k+{fn3`pcF^4?UaU=;q!45O`#Y=3twf<;scVJD14d1N>$XXU|!3Fn0DvxU0axDj=AuZ zQi4O_CEs2OE`*vGOB3?kjF~gjfXydCG|8wH6o7PMSbMfP{`fZBLCKFFEy8lgY@&n) z14@(fWX+ljZU%A-HrGxJf4uZIMu(0=>>M1XBDD~EM*^daK5R)7Gbbh)Wex^^d2v2c zdU;*EhE6dj;S~ZvqXnD?00Sb0 zeMPfB4NGUKGh4X7iBy+KUTzlWtn6mH6^QN{Y_@XEOH>R+EQgkxKT2saob_TLslDM~ z44XLnk8v8Xdd->>3|Uciy_s7QHq!NMsIwU3(a+0prJ{vFqDQ3@x~Ln3nos&&Wgduy zG%_TVnwb5YryvfvFcNO3zQWST6m_lXlwz)jEF2NVJi~A`Zwila332VLYU-dw7dzau zb`)z!Pvva=xlt^lNbF*rNnG_Yi{6kwnrc||sc5ZF=N2=XjDgqz{JDMLybKO&a6E3E zXHtwnVN9(dA|OF;`6Xm=2un)Pn^+Zyd=#!-fKU!Ue_dzFP^de6fA3TD`t*N8TaP!E z7-3SPMDi584wAFP=ZZ)uzR)ti3V;dSEH>vid+O-ayT-r*Z>5YCxF|EGF;dQ-UCdez zbndL>nMf}>;dtpkepi8|Ic?&|N<4^Rl=7q^|9on~NaBDG9Gj&9~7B*&#>0o(q zaNA3(@EM?P3e$DJd1w;%pcmOGTYdG`EL_JA-|v)0eELlUk`<2P%iPoc8*<-#N*tMX z;)wATDz7<|!T(cfKBPyw1MKAUoyw4URLoqt!1E4k)J~|@{qYDpzD&v@y1r)KaSTNs z-DRoB!-Gb~Ao+6e%R~dUzRN)d7+y+VIdaX1Yv8+Jzj$m@?De=jUkvLh_4$TeVwfnw z7%(C_((hlZt81IEJ{FHML>2~!CmH``l@+Q;I%!<(&?m`&A!Z_m;hnJ$I#eHR$sQD% zG@!JX^M6g_8Iow9r+TJ3Z`4w}3pD7v1PfV$d~x{2)CEfi!}AiAWciOu7<<6uQKW&r ziOHHA7BVfMib#B~?hYX?k}r@x^cX(8P5g`dglPD70j!|su#`$C`(WvW9H%)GAvDS& zq_J!MkBUkfW;1vQ<%Ju`K01V4ELLNj=|r=kf2VNS+e8vX64!LiEXG@9=oy@M-P`Rw zyuUfX&KogBVqvj^BZ=Cl{OcG^-$2_xsWf_d>75w!X z?;(so!iUx3qT?NY1MWn1kqUW@H33x>QS+-;KtxjrLfB)lcR3DDhWQg;oZ6`Rp~}i` zv@mG~ibxTTIEYE6tb1paRaM^tnihjAC&$i>JKH=_Ds6pzapl8LD6#9t4^CEFnZiLu z*&u~lNeWwzIuN_~K|v<-!-ClLX!zJrQOHi52r&)9BMI6~xdqcW&ieOQ4Bixol3`Y; zgC2O_^81*T_~wj)*OUrgoRJvasK_>kxsHba>n>8c_(uI1}|C4=ud6P#2L3sIz8Up|e zM5Sfc9iDPJY4Q<=bbXx)=#rzBk|chlBCc_WO`foPxont2E2YAv0R`nGins#FCvmJg zWY2O+AXxi7M5V{1UTLXeK#j4WN1!gtA_TX?jsDx_>{DDp2s>~;S&tCz9!je?rluUR z>;Vd~Cw$CY_s_cdX6q+oGy)tZ>wT$i{}JErGJM03cuTd$Aw=}3jAIQ29?J`uuilI+ z6GEX*qe@2MBq012I=wDzRJxpSV=Y?GjX3Kwi#qT8A{D-jl2m~}4vmOKCY~wR zyJM9;JBLWm;*s=Muk?O%-334%hYvRvrUovcmO4EP?7ZGLRdg+hn({XKqPw(O@0o^$sxp#pSjyRz@i=fX+VD6GteM6V4@{u5 zjrkiAYZB!UVw5Mw0&lJk6-SK7$cCGk96!&THg|b4@o6~A+?f|4VZy}=O~VDPIB=0M zkdj~QIg z{LvI3@BQ>rjv_muE=EKi=$>cUq+8sHIOukxT6OatR~t=p=TcGU392Q_u|~~4>c4B( zt{FPviHU9FU+e^@ft1hr3=iwNpeazzq=+XYHCi|XFM4A;1>Bg(!=f#}4BK$nOYtnj zfzjQ8Wjo(Drbjw;yOLGmRFewln3lGgBNoti!45pTMB!TcHY0sBS{KCMpt6Ki7-2O# zP7*=I=fD#lXw7?%B^8nLe9k8%$Kdh7Qzl2Crv!C*P_MAVCo4CnO={maLM*{y_j&U@tF}pCljI(Tz5Mu_x-`@f22~%|R3mOgzNtwajjEf9yG7 zl&Cnh&Nu0DYAPfuV26yn!;<(11Yl>L&z%-5M^+gS;5qIx7DQa4M->6``S^HQcq_kr z#0YVHmDQ}I_4_o5goH&!xBU?i$(%f>9j_TM2EZ4JKeehBprsV`AvJ<>Q+7Y;WrZ;f~%tR4_M0Vsf*4<0nx1ld(WL9vo~H^9)PP@?^Ew6(QWbC00GR4KL_ z5ab=<|4LWz<`NRJ2-S&tN@9vZTe*nds++d<0L)1WD#!nwh1df-V}5Qva(I4Oo&UUo z9^rT&KHU)93|+6XZ}7k+|Ih?CZLgqr!>v))0#I{GLLkrzuEwHsupx?%lYDT#Jkko0 z?c;ZveUzW%0rFxHY#C5abB=+Rg9rU<$Y?XzGUz8Yt1Rr60W|P`UIvGQ{C5&XIaw1d zWo4$z8}L}9dgu(%^IIz`GciV2sp_HuI7-ogL%a_qgpB-P+|Ln_0Uo|Q!?PVmtm#Y< z3#CBac$;tJY%iM8Nj&UHq6}Ryo5Po;8sHvk!TrE};Kn$O(vs(cVoeQ4Cj$f7DaZtE z!AmnBQt(pZH`-RtwawW%QM0kdgy+r~=|w;4K*jN(!;kYkI-VyHu5Y?4J08R^1cK$j zLCtmblePv}`;U}CtsrB;U-3CJH$UXo0KpM2xVeVLnr+eLPF|i|I$5DYJd)c3$n@>1 z3CUcB6G47OsLXt2_3^VY8MXzW2QrBU>BU_7Z?MB z|B+c{&u%Vn@{hTQ)@kn8`QsS%X+p9g#cJ=5veKC^2psjB-b@RN-WuVTL*~p`ut0aV zw|i?HLiv}_!tK81Y6t$#4;fux`iF|9FWttiuZlR=+=4lCUMMzZF28bT+KLlnJD)Hx ztUF0vr9(vTCyRQHxI3evhJR3<27S7E*=rcs)K@n$*rB1W+~Gvm!QPrv>h|xlH}~Gx zca@FuJT|JR*0uAg8Ew)r{ek|5u$mVRq}Z~`C5*DHTDgT#caBgRHoq;j@-N)5{JU*u zt$FpA{zPRm-4ft)YX9xoTBmBtPRWe2dL7+n%HBuwbVMso-6N9`oZQmD)M_7&N$I0; zO=p^$yIHE$O#iGlGA5Q;=$U6{J6m?VU~gY{^H}97J+Jtpx3UMEV*uA(PbN8V+u7F9 zeUhdvlY7Nso(~D@?-Jj0TAzPiD_(#nZ^~M6oQp=&XCIt;0!ha{e$MLQ*FMdZ>(@=| zbY#q%_EmrevLlnC5u}*Vx~_27&}9dcFTDCH5-A_GHbbr?|GyTX)d1=p2BKvOVp)Ri zrB}3TUHkV}kIuRaBGoHrd0)&}2yySo+XsHERIATt?_9rTE>O+AE9YVX(Sd2!fmO{* zc2B52Le@ZT`~Ymsh$=?>X!my8PGZ7RaNYZ$C9NqhXeo#PkG91yLh^!)jUIX$ZeTgYOAc5E%!szv$`=q(D69XqUU^A5#9dflG0ubT+Jso)uzPrbW(NZVc1CtIn~z38dJzWQ~W zYzrjBzuyKjeI6AEUGxeMC(0~Qn8M^r0rp_=e%&&%?Tl$npeUKb`80?3MWFL!pMThUb>NXjHA8SQc zyqY{hcTlnGkyj%s-x)6|tPZ(eFg7}C0AnnSp%}w$=^A`~7S%%LK^}ds7}NY^@U2t5 z+CR+06~&ko!>4u~bbC2a6dcgOyr2->Tfz6LoqqOyrqP-0!FeZxE2G~Jan%~MubWMR zMK3+Qz|32{<`3Sp;YZ4{j+fpi(^!$YiSUgEwcVAJUhsay@Ysm=gGYXMdGN>lsojU9 zZ$LTcfZ~7xw_3%f#`K%I50UgDoFD!hUP}XNA?RFrx0a-ZDh=a{Zh#jnrG*aYGtbn) z*#aB^m+AS7%}R>%O@^1Bo^|pcK%IRf&jdHQM3GUu0XAcmwq6h5S{o+6o`3ymp_ff@ z)Mn(`FMD<$#Mi-Md;ab|26Wbx%kS29pWK{!_U|A$_MGVKrP>8Ymyv!>*Dc$)>Qh@% zKoaOAWVN2;N3av*yd`Y1r4*+F5R-$^it5#f9ag0L)<&uX0!PKXEMeY~jEl@&)!tt2 zgj)!kEoAOGe1mJB><-{7ScXj(bE?D$;2}zCBf{%mMdnElLT&RETPVsi1)Z zuo2{xg1a#8R>%E~8p>o8T=^~5F5z@4CaZiu;ElgBQGi{_Yu7MGtjNNqqTc>bKjptj5($zpU0 zyGyUN;d&|l^hq@di#9woC3OE6^;jjmYxfJkLX$pS|v zN(w{Y0eujCNKZgUIlr;S9dyR4+hoa=A`d6DimMg%y_8G)y2-RAbtva9u#qm2f*dQp zcDOssQ~p<`~Uwh?WLt%NHkHYsD!jt zw3F3Db!<|kw0Be#MWIweQe;L#QVEqLAqmkkQbvjI^>NPo^Uv?{JAYM&*LXgkkH_PF zzpeXEv7z3)IY!`1K{~;+)>cWT?8yv&l>NDztk&*nAPn+o4ZwXT zWMU^NpO(H}YIv~$Mv!DHQf&>*hZ0tw+hpatRFtc4oQ zlnF!C5g(OY{17$gZ@OPdoAR*-2zCSic!Z?YBds)$l3ZkVB2hso&O!Z=9fgLQZcXaw zLBa_DgfqA^5+b{vw?{H0EQ)ER!hi%jLPl#tl;g)8_x~<`Yy5M6!Hu(j@Nm6E?tp-57Cj>80Sz_WK2#n;h!!hP#o+T+v4s_78a0PkE*mb@ z8IcSJs+HPMKDQ$6ws5{8?|fP*!+odW7N3Q+1xzt4Ebjy}Kf?0*GL9XzxQZi@{_8=d z&f2VDE#yz|VLm)Q_a5L*#4$sZcz5ojo-ye4Db1Vlj~0jJu_>63C`KD6ie$D1tC9z% zZVhUF?%3UEG}c(&PWV*sfGom^dtuVbY5RlyqGhX`$nPa%h+MOfsS+AYqT#k$P}ey4 z-6{Mo2v0F#TUfW)SH!fr$W7h4o60%Yg35~%N{mgU0~hmd#8e~!h(I5MRgI$cWK+Mw z*eOPWx)ul!Q9Oy3SC{oo>B`r&K+XE@nMBO1CUJy9OE{2BVU1D@Fox55*)X`Zn4h{&EAxM;I*=f4wng69-u)m4LLv6D-nP)L3}h zkbG}IYbBm=S=oSqd+$U%D=!CPl|tyHkb+a0fc<2!b)sDm1?0?zx0^xS>cG@Q^tzC; zvGGxDgVu^xnVn!7`!Ov(Ar__sg1N&lN!-+GF7JnZ>u%w9w&`Eh;e!qz0H78dlkiv2 z;!-1Ek?$v3&*Z<~ZN;exwMHkekFuJsh&#tMSDdi_4;F(#>Ndjw5(G2L9!#J6i1@L8 zsX(I2#65?p`+&Tmf-fTuQnud!tvx8vA+d+?7XT13iN#YvNGH(dP|^teNemIA@_DwV z=|IQsq@pohb(xIBJ1aGD0@A4S^xLfWQ~+CgytnPodSY9g8G=etC8}yZtyn|!y^K>j z;~Y}c+4f4A$`P~dBRDt_qwvTZ73rk3*QN2sia=Uz2%y>~iKw<#_pkUD*$UKC?hLyRAF04sMsBi&*jdYWig|^@6ce? z5WB`Z!5Z-gjt7`L;z6&%m;-2%Tmt@+vOx%ed2d!V`z%kL0F|h0mD+No>r9n`&f2htWa5oxihWVWI^YgoteK@eY&cK-$gjyK9ut4$mN=JWgHqKTw zCgR}&`2mH&{OgjLy^;tW>NQ}$W3Xm|oTZ`fwW@b;S}8Q)abY4sv?6k)P@pvV6}Lx@ zKs`}F9vwZ1II0|0-KV2v^N{E`+{UaJGAV=Jw$Dp#by;g3n9NMC%AmB=R2lN5hPVrH zASpa(&usl~-XKnlwjMtfYCY|t(qnpe(HYpK+EJ(TKZ+~t6FhDItayKJ&L17=ewCVb zDn0*%+iR`dGBIFQ?Uq>`(z|v@R^2)NN%sEwgU@UB^m^o=oD$IIu9cpgXyi9u>E5B2 z%GCPkll#X0+i&+09vI3(PPAiwBjT=KFd$%C&97q9*#G)*6)}gHZ_dUykRoE;uFs18 zyS{`3xXV0PNk8@sF#z>vvvu;8DMLh8P7fB8IG?X{7SgxbW3d$M`X!L1zMy*W^*-PhF_U;KTCh8W_6tWnV+_F*soe}!4$%)|oAnt# ziL(%u2*((*rl$d@Me*2S=jOB(VyZ>gL#IxoZ@Yow8s3$YzC4GA9TA=234m@rnfr;4 z__;73Lsp=WL#Bta&Vy(LNMVX8ni9(5b~fjNx9^hd(dpo&Z}M_-vtoY#mlz~eEKJQH ztwl)Qaq7H3{lTZtwxo4?3%{7E?=5MLxbvc;OPM{%2Str1kVwM)}Q`%=bpDjo}X~WO)FkIw7jNJ9>AM%2qa1Iccpdh9O!=no= z9KFXRV1B`mF%&|ubrf{b&j#r;V2)R#B%6mE3n7SgxS}%Onokr(8!N0w0w*dzyMWzG z5yub*nHcXRJk&C~sz!*wOO8t}!&S&+jxa!IK@lL|H>X?@(H=YrXHXAejTggeTwoce zQ**F)%w!B6fG>@^(xaAvkLc={YJhUy7Fs0Xt}g@{D4ViMd_q zYETz$AfH1*1SW&)+9MzVY!wKL1bTJ+6i1;6I2gtB9acZ=!0k8h48rop4J<@xpv@s6 z#xhW88~#+(1#9j|DUERw-ms-UpiMzj^D@;jSBO;PQSf_IS{(^krtcSHb%nMeE>1$^ zV2bk|v)>#zBmNbwFF7U7)$x@Q<(vBNN|M1_&T})jd+TA&ZN?w=1D)gYmlx³Ud zIf!iL27YIsh|5?MlTTcD~yy>S_$kg*nXB;xHMLS{B<5tlr63QvX5l63joYYr{A~PhOBxQ*C#k|D=7CrWcQVg!6dujgcE&2i) zX)(Ekx=LjE2#qtF9gQ$*Ad19xYgyBLoOF6Q8ch0|D5L6zef#zqnfJI%Ax=9z(zrsD zZ^W-S=%%Ze>|WV0WTEFHI2Jut3_9jBm4#D>z(rYopj#893q{teaAS3Lg#}P~xUNQM zYp=ieas7)K5e5-5(EQB>iu;uKkX#4 z4=`dgg0JzXiYSPQ>~4IC<}lg9QaiimALi^e;#i?dxH`2pn_5^5qusr`CC5#jl>+%q zwDVH57`u|zt!rJoW(_GFilat#id*jL%BA_A%<<}q5IZNQj%PM2QtQwfdUf^`-8+yJ zFtfOB6mLL(tXsM@RzOq%<0H?Rj4z}NI(v3Ml@;yP>u_U(+X3HA)b}#YahOzRYS`qp z?>n(mW_;M6ExiR$S4pWHX=^aM5kdfxlY&di-_i~WuoOWm4uP>oA7x9;mxWX>d|vu^ z`*VIO9vq13m2{y)li(XKz1(S0!|EvBIdnU8*O`RDD#+uGk!r)G$PZ4-sJ!X*K=tJ0ydmU?e8H zHppdXimWXB19+56)s>^pxSReLgn{@=L<2j_B4Qb#`(a=uWGx+Y-WjzdUU_&inB#UIB4= zD;tmM)thEi)C#N=F)>+!U<=$E^S~;(*FUs`mxxy7Gl~iRE^Hnix7gQN(LAIpEdAHf z^9~=bT)D|kC2TwlJW9L#uYgw9*%lohYfx#!88ZU2t>)Dm$_Q$S1KLWS3Z-__E=;xb zwz4-4Uqi`mx7le90lj z65wQIQsetFPVdCp)b6wZwWtMiAt(fx#D;wQ)T#2zJKu{CGErzdf9%TjpAT37OBjd( zedetFAKa!)ktrXubN`2R@%TU4gyVuP)m(KxNi{hjVODMD#}-j}4tq-+UMoE^;k>4Z zZoM$A^2On`&`l$%#2F{3w*R=N-Un2Ax5yXGTN1**wuH8P?wd)0DguA&>%&$*{^|43 zB5Jvb36l>ihtHePc9D)RJvVoyzM8{iuqxXd3J+jm~*DGU_!{HVPq`KbKM<(;fT zcW{yF1AFSh_1jCR7sTXTIN2A>UeInynzrNHAebbm?$&QR*HdKUcyP;1oh;@TP}HFC zIvM*>siBGW@SqdOg88G z3ZaaJQ91rEZ6q|OV8#gG#IXDSoISWZuF^+3DBj`~AXG(iG@uW51EcqntXnoB2F}AJ z%lKtI#%}i+&}PT|%ivXF2rME9&U^sj0RZVhMshVm5P|<0bDntE=*@)-8S;RPM0QFc zE)fAZE|tS+J+*6>vm_s?w$h#0WGD<#yhCSHh3eG`Q5cvz)kv@g2 zaE^wo(waEoV3tK0KflxD-ZhIg>fG9Zx)X+12pLos}m2N1nI`ZlfBCNY;g zm3hg}z_eW;6E8AOL1b*rYofRU<<792_2kitTevBoc>PZShrQ#f{bV#)+~A4AsR+c1mJ|WaMqZVfi8m5`+u>Y<{QhX3;-jP(WlN{u{4ALruw2$ZKJK$5q5V zIYO$R>3}oXzUWN1zP{Oq+O3?Om}u(E$~Ux6cpfolFtyK}pP@+?GSsjZT3evKeG7FMirRZwuiDmz%1+eF_0+kgL&CE`x9XtZmPA|*& zX#x$#?drl>?eI7M(6+KJbq{=-R>PxPi zIbBw?UXP=kBM<8w7~Gf%6M|8^0h>k9XHunc#`vVC8TQHCI%NejApwCBmBlzbwqHCa zE#;bV%}uzmTgVf@uvACgFwy*(G@rD=OQqDeaFORD3eP393SuY;%|B*L09CIeNcaJ4X#Gx6uE#gRi3fpP?nPH`?;(f={v*l;*E znWOuhXQbf49u2Xe**+cW23IC$Kh)ULH51o~%$}di*{CuoE%(6jNF^0W!}HT8NwnnTeB(y0*Sy@6eXfP~|~tqi0% z`P3{_F_na8xK#eVJl~9(!cQ5+Nb^-jv%hT}Z)28Y-YUa{Lj1 z<^V`IIfP0MqF>+|fFd-|VsZkoJP074Nl1nfmyT9ec4wJ`lP$nTj*4$4R0Km&0-5>J zwd)8iEeP2EL{#P}(Yf__Nu*_0@) z25|C03x7Z@3{!EFCWUTqPH-;!Sr2+7u^Xdw6cHhCWFi}k2ah(CMZoC=IL_@7W;ZS{ z7yUr6_18^4Uc#PdX$|;baZ~ny#m$r~dNFH_4T3fi zh~;suho{a3Gc}f}X}q&c_VqDqNGctj{fV1C>}Y}VqktE;NXDhS54)%sn8SVx0l;ol z#rSus3P3Xf;fTVMjghksJVel0%%lMv0k0OU6fADyZp5$`K?CTA$M&icY7TZf`YAff zI@U@*Y3V~4J2)Ar__07N0>co|6fAp+b4kCf`5Y72<}x@&MTSmk>4-z7RFA)FEU%RG zge%2Wiw1lN^*ue8i0!7SKZ6Vp08p^KJo2qiXWj8jSH_J0pSRf=Fbe*n=(J>RwKQEK zze;BsJM+D*R;nv`0lJ=t?%)42d`~Q?b6_iU3rFV%jX*l=|OZYTyWa=gpUoOww|W+(&h zaEijW@!*L0GMiz9_>zp~!om!J;f0fgb-;^nWSw##9p(6$?j6K2jl8iVcm)Cvj#dkf zaI&w5fk?A}p0k8SAtBmoa11g30kf^Z8KK-51G#}j2MRBt#Y5aslaSTD!vSrr(9Wgu zmxouKR#|sFA$WIfV?uG(%!T#2jh6Sj_2_ZVU@44&SIl~3JntP#5BdS25tf}f4Pz(=08!b64yMe4VFKj!YV1!*j298M zX>A2i@%H_*maSZy`|6drWjtS!HXWXsTUbE-Eo3)9hRoxRq6rr*5Gti?L9DGTUH@!P z1w^sDk=Q7OwVVY6V+DD0<=V9lyd9e?1p#^>j@f5uRtOHDyb#V-HYJ3Ud@)hr{Ld9h z?F_lj*o3E0S<1>igI+GA?{0tom4Te|hEu2h?2$5+YnqB^DY4<5rI;@-=v{$rGJKY6 zy%03HsVe9+DWe&vdwI3oK%Mq%|7r9M^cmn_YSbnoaa&Z^TtC_&F{VgVsxX#O;B(Xx z!bQgdhp{|Cnt)INA#CI3rv5j7g_k`_HH`plG}SuBf7nN%V`J-Ldv&DpMDj6*X)ZiM zeR?gIi_3AA`$P}D-WRG#ZkqPxZ3pJgX2Z&EFpl62~jqOSh9YlL(aSVc!Ba`MOzS+8%k zuT9?VRzIm``_TQf?Aqi~O*$TME!SBWHR1o$TGsVmlR#54^54(n`pEF%f({qDiZ--y zA%wJR!?!EczT^yp#kU3jE(XIJp{n|0ugAMK+63r3VH>|{t|`I8H@&z1+Rt>aU4Cm$ zL=4Eaqze+W1_gIZAgNUN8so37JBQrcPT@rv)izoO`=&$xSfQTz;hMZdE|0@cv{h8H z{dA0z0vE(jSyn?{^>dbeY4mxnX64D!OkGGdMqaqr3QD(Lsp8*MD&`15(g9$ zkQ-G4xB&yBdhMfX&%L{O0Vc^)qR$$+ppi0!7Hu;qDY_3bbA(!tVWQVqu}GO)s}gxu z4nl|0y%0O`tfK+^rf?1uAo8=im=5xtgaDt!{S|XLm~1G)n~6|%c7GwR!%;wuCW0Ke zQb5dWsVSDutn0wJEzAfE{bh|d7nZb&SbF>lqbMh;s;Z1u7j@7+jV>CzgU9;gmSp27 ztB^s{0A95v_a+3!(T`9|wzW1Uo6@XnG#&WZ0qn4Z|aDH@M*<;9r8b-U~4L0C1{>}?aH%LPL)wa>rP>$qY3BoknI!cYh!7^lA&H!grc;r)i8HiO^CqcMmL zg$IPro^1w*mHKKV*bdGp@<3C;fTtr5VXCPGf(5={XR0=6W86*Gck2s36^0J%{?uX^ z<_8J!71x6*ej=<92(>6}d78?pzXh@Yvce=631P<)dUjA&;jZ8~$1^XQOW~P+ZsDjr zzOT*mk_MVIF~5ex(Stmar%v&)jIjaPp7-@ZXUa$++jc2EJP_ci_y6%eNYoApM-LP+ z_Xk0*DEF~HUR^a#sOOL=3Oha0C@VETlL!uk%fe-ar3=PtHcXzGK}fMp#)gU5Q72T! z3r`7t$5L*Hh+^m0M0$aKaF~-mM<^}6ki+sHxn$65L-#>nPw!d96E|3E_cZidRD}|3 zo`x(JN*_2Ys=;=m4iS_-qN8D#lQm2ev+M0zOKf5@$Ik26*fe{LH1k(}qz_z=vscOH z7@*gIR!iyzDX_Zv04ubFW-L~kOM-jPDCpi+b%H(=PC>(}O9x0lUJQ!!D=2=2uE^4m zn>@K6V}4jh+HK9fXs|@>g3IfFX()gIiHW2T4@T#zfC`*Ql`M-O;tj+o0YFdD9kPxj z*z7-IJV4l05bjDEJxJm~Xhn#56qaI^?;I4%AhMi@&|!R67#G9Wdl$uBj(*p%@d$!6 zT2>ZyfKvP)V_L#TbNY1Yu=5cF(R+|Z;XmiqksFR+?F)_~#@d*#E6n*@v2XHvB61Cz z|M-j@Y%(Fnu`1k2T!E65O7408T<6Re0+ucQE<$nwBnlTQrZ5R%iO}?sPDlEr4tgvJ zK%=WXvuK%DAn=h8`y=;VM3DloBsP6KNkuE55|K9u5F_vn)azbhj#F_oA`22bJGW72 zA8E66f^)_AL)M149vJsJ+04z;&~QaawJw6<716>|5~nT@aZM7Mv~r7#(oZ2&vitC` zZQI!LEFq-K{ah}ovhx6$JuDcJRwIP#M@RPVVv`vV`Ob*>4#;GvcSQlmjexZiLIgT4 z>W4)v;%#}M{ds3pOiZ{OLlw7d$viHuv*MqmV5T_HE5 z&_xsqwCA2USA~E=P7K_w=IsP5c?=*YJeo0IgFGukVKPtukf?sI* z?xs64!-Y8(5JZT8cxQ^%k-B{miHngz^i+Zl=hn~{2g4)+;(`VV3=W{6zjBKTi%0|k zpnz>NtBCX!(jI|vu9S-{V;tBPDn$tJn%mji;MD}%`iMGirkpt3yMifO(uMG$cdi;g z6YNH)Xq(!c7zbY;hvKB_JTcS!g&9J*iOXJ#9g(=k^7gq}1086~vFAW?_VmQC%~lV=Z79 z$BCdb7!TeZZ8bX^Mc785FVWheQq*~$0V}$dE*MkECaQLZr%Cc91d@TnIgAoP70Dij_hMV?%K5z7a~7dySl&5e4KnDErh^WY#R?GnRL#?C@tD*ywwd-#ZtOS988 zd^F#*Bs*5j*GoZ#jDbUz&5pLhtZv7&VeBj22L7iJ>RrUt(h6o1f8-z(*ej1QRFXb0 z9<<5_k*7yD#D@Kf>m`yWpbgMV-GFZqq+w0XX%1qDAhtvF#7$fg0lU)IR){h;F%~z`uP5seT9oXpNgoH!yu)+BXgMJU)?rgaJoFG~gYyhXhfYignCUuDwdwKT zaB#7xS!LoW;%tVULV5(9{DD}fhwL(fHNxqa_fJJ#hHOS|Za?}xjybRo&;}7SK&#KP z&)_XUN5QI@3HI0~HW%oHE?oo|p`wEt7a#xwK%v;QBY$_4ObL+f!MVSlNUJ1l>?3XnvLUSPhu6;T1UuQ)*?RxKaItMySZTVv`M%uxB*T(C#pCw7Q z35DjCJMItvPwciPY<2cp#ojZ=Y*NwfixikFOc1%lAQ4?!rwmAln!GY(6)Wsb=wy}N zGZ$XH%}m#jRjD(0r@i{!i??0Z$XwFuTa;(0E0?e;rN%rQp&S2eM)xF((G8aIgNIAK z@Ecx!ZvRvHrw9J#uJ5EPxp!x0x9Y%E3y(cmU2D8-GT)qcI(J~*%C~#%PgWk8?>NKw zXRcuYypk?yl43v`g3SZRw)@2Nne> zEO?>Oy7Zgk=f}1?GTQQ8j<#1lDZOg&cbLV-;h@5gLb);;9}N~O5q7+MOto91)Wd4K zgzVw!Zo{Nz-jmujb#?E-T^1cKYirY!?A&)pMzQgdZigj-t-}1HbALOyxdpEdLH(Sl zm*wq_2lpKanZ zCcL$6K*DUv@J?Tx7fBmvjEQ(KqEbICAcAn;u}qOe@6G%J#*C6# zEIW2(dngW?a&aQs#B$sU3k$5^!>vbP9^VW z^St8%@TWdzg6&W3nw;YPsqGbRsdet;s5hytBzqFNCU`|Up?|vmg`+va87+<%j#1!@ zD{B^*IQ~si&}B~(_yXIBsH|z+ygNG6kiNB26KXLUO~7MQ<;=!U(Jfpya;msW%&d@~ zIB{8wl9)D1zzNfEg#MS)qGXL6Ml-fbYD})6$WTK2^y2|2g%}ShjusJt1RhDrLR8se zdKSu0Y-%4pl$=no;+POD8uwg8ABypt!e9YCfpdhnm~&;>>(FJNC=xC%;gg@5AGCV{ z-3|tPO0~Ry<`EsQ=7(NUlpT;&Pbzj>O7*6eh1ocmB6mOZa(iZ}juRX>Xp90I! z_z7f1727QEQ~(f0dcwfx^i5~SM_gQT!zh1+mq5)aJgwA>!z-=tt}WkV82-lSyX1%K zKI`P=Ff1W!FFZta9h;+IawA_GaowGlqv18nmB0g>@oX4Xq6lI&Dn`F4xu!I zRrX=g=sReTbI#>sD?DrSbZ5Svb@lm&z`)e(ws*3G_JhGJKu1DRdRD^?T$gTd@87TM zMX}7OK{Y2RCol<`@mnVGo^0Z;P@~gbBKZ|c622Y^5_*O+5qTC-eHinBy@LZ63Bc>V z4+${9Ui6#;WW-4?;sk)xApszfPjCT3Rtd^m@FL<2#7Fv+DsJ1$tLe(=iLjDLa5taU zoR1Mloa4}~!nZ-=AWBiRUyIWs$zCXN@NBsk+iZc<7bGH2W+ajm0UCx0MF!Q=P%LIC zm_me+i*r{P;?-^SdBzbz$gYLRrLvO{(E!A_c0+py>^|MK;a1|JAjsg@;g?KMABpz? zg<*2Dr$Q?rL_Y>Vixp4f+>R1}c4HFH844Q_Q^EqkLnSmWqIJODKqn>u8Xga@Lc!QG zxmq+TNEP83$qg079G?sAfKY(qN`Nq4FEj17QM3TyxB$EYHN;W)Q!nmuh!?~FF<={K;UzYR@V^i+u*;#tt@V`Ppiq?V6InG0!Oh!8U*FYv ztfADn9&I~Qlh4?1j4A-_j?Ol`vJ7W_N^FT+CIVQIQeN)JCL-p`@>zf%YJ>h>hB*{! zI>_w;2NH!RLGo<@{@P7BB4U-b^wBzk1enpkM;aT4tU`Aq(&?K}0$d=M%qo6Jk4~sn z;25Y8o*X>rE5ELOCo2j+O3+J*-elbIK!b#_tD&cnAQ75-FUe3d!GQ+7{P5+=i2^I{ z@T5Yxl?qEgQuh!IT&EWXJenP2cG<>^7kg?Z3A95XwNR!K11z#@B!tSJXF@pKSnz_s zB1*wW*_^$@$tl{({oVH+Y~%AeP}r`n5RD`hIJ93()_erF_!(N7^1ck2LF`YfY09-Y zP%#Im^LH1N2~V@LMY~2D62&xdZcQd9O!MCFmtA(R%4=>b*?Ey+Mm?X*?$Whg-@aFM z8s^&CxXv)9Qo*L70|vz zid`>0FZ%T-3KT2Q>qib zst7g-Z{EJpP>*@TV%{&kG_CaB;90Dw&v{`3g_8qBpo7Rkg$Rry!>LEw!x(GOmH!Lu zVN#~a-oL-HKWr1bE%+wswT?LK;c}iat?Zb)yEz&@Av$K~n1pZlcH)mkMK-Z_UUfv6 zu-CE0P5VCt@sDxV>T!LYR}D4n6#Gw^{r>eDwh3;&Pf!dT;RIS?U~n}5tD>svtLAXl zM$z_MJ$ABbZ}isIIyyL9Kp;jbDa=)DCq(;;L>ykWDnTDi1C7(5BRbqR^&-3W^i3X4 zw?oGPgXD-qJI30r@qWp2qHRE>ed9Mdnc9w8w6PQ{$?nF zB-;f`ow!P!Ik87tpE}zagAl_S+r%G+I1#-e?)O7Em77tBa>my+6xupwP0gQj-+}{k zt#`$}1%f+=4-mLcRKVX;B`u%SgI(J5apSlXmo{^yL8y+M1_Xxids6I*~Wx1_FQyy(*Iwc$$90fcwsK_}^cdpuonM&Cv54i)u^SW^ z`0#V4ymgd7D{T+m*oNfSjxB+?WsTvt_Fr1lcjO6a&rJ#mu`35HR|p!HqG(xSG1YFG zug0)R!v`eLKnwjhbjz<_zkYrz=$AWXc=tVci;?#{IbN>4y{b2W{1qNCPL7oZ29;*7 z!UzlC7@#wvg?<}r8&H1>K0;g|@bODywg%)>c3CXfn@j3}M87i4gib~&Q`pNug{N;? z2L?>P_l(x=WN7Hy7(MC?-W#~Btnp6)&NdpG1>WX>Av94E8(8?%hmw?Evyef!B?kb{ ziOr+6!CQbaGgUGbU(71b}Cifxr6sU+Hl#Wje~?Bmr}*5&;pegcfGw` zdVhn7boc*8T$^qIL(6)%85qYy?n&fxY9?oLD1^n)$;nBit+ULQ80Iys%d@|NhLS?@tX`jKWd8QXKf4i1wmYPn+0-+bT9h zn4sXhch52puyJTk)DhE9LN~&CK?E@o0hm&zh^3Ly-1P#T9DC>>G6?Y|TCiahIbJT8qK_R_vLieD zWX!F*wPe8!g7>zy3Sp;4b=*N3iLzh2#28B`9JrfTV4fB!TUpQ?=FD$@Hm8^7BhIqB zN+-eN1ct+k5js$DqTSf$3H*X=Je#vm1TF|#nDSg?AZA7mVnC}Hze_NtxP(*G)F?Ct zic^wm8!3wroFZ8e-xa)r+P^X+*#Bd6{<^fv`sIXa!?=pm8D>pXo>cVW=7D#l;2q2o zLKfKf_|hXoIpGAQ2~l&F3#Q7oBr`~0{&$p4Li0bWlc1$(lgXapsC~w~;P@(o)p;TJb1EG- zbxyT*`0}S~&CmRw#oK(3Tpi=FdYGGcPGwq!Lus9}Z_?2tM>-|0i`blZWMoEiXxs1I zS~F#OsrZB$#-}d-NyUBPMuAdi zF0RK@t)<=8#aXA;yqls|dHG1$RNwcDJEV3+Nu0CjMNY`XecRGJb2j9z8=Usr*VN#^ z^eqcL)Z#;jUP})Mb~vQvwnba6`N!An9s3-$YJRQGzx2J%cEzWaoflRb#n{%jJ~+KY z!$<3fX@1*oZ}!oadrix)yG3^$b@ua1siM$%N$YKFJOXw-82)^SPi|k&?9K1;9sdq; z%X8Y|np5u*5s~o8>h#`{?>n?=8u#2Q>}9%lM7h{2_DT=<9kOZofaZv(FX>u?|CIm_ z_680lno3;sGVtsazFv-1Lv_8I!9Wkz~W+>Ka$Ay`uf^ z4|j3fT3+*2N8avVf8BwAxWLX{VHfm&bm!;zZS6@qJ{5r%Cai607q-TBwzuMlFZ^0< z`@qm{Cw>&~Zb)e^ONT2P?wVYEu>{&VCNEX7KU2U0uuK?k;X`FmgMMR-(uKNL@{jd*or!(l+$C*hTe~bj?ZT(ucWNIVKc$O? zZ2K9eZ9guzGgUdC6Z5V7edmDDy+O0uJ_PlZX-Vt;I#0bt;m-l>z{@e)3(K79e|%Hy zA>%Tzm*x-ESbf)Fd1V%kPxY%^YF(!2wb^vg9P@rg#DfPX!p+Z{yqMlOGxGR}Q*u#y z-E1ec9{c6@EPa3nzLU)5(lOqv9ZG7}mq)z{+-K>l|G7bPw|&zz&tdmAEy+!t5TD>UhaZev5kHK&`l^?#1OL-XoPP`nBt!Ra2hy;C7GTRtv*5RRyJG9~yQw z)oXvMKOJ0Rr<7G&<88C-LV(`UOK;wK?|G~`CH%C@vz@Cw13x{nU$kgv-9y{a_8H*@ zr7O-ai`NV8QR;f>)Qui_L8Rc2Q65Gb0!3dj#FQqiN%F!o1+h*9W2Byz8r%e$@^($xn3G zZy22Ud5d@M-UE#>Id4n!Er*VeJMLv(xV_q5Gs7cKz47Wo)u>O(6*y1i<%*RuJX=*9wJ-B%!~CAd z&nu*i4)CsP_&D`Z`n=_LUA4V#$DdkPtnsoc|H7Xy4qT(N{@%~e9ZwrGHazh6i?c71 zci#Q+SFdQAO9$6+Va@q|ZKbUx>lSP)kg>=yU1XYcx{uE<3s|+?aTeWem39SOs9JbL z>Pz-Mw}Dr`c8XNETN*X|`7ZOZq2nfRx7&GS{kxOF{;vHpBSYTqkr?V{`B-XxuG1Uq zw;mgfwtqRNds@Y1W=nqj)`aW}%iG`7etGPR!~PBx8Vx@d)g^~aH_AMAC27!%n;O11 zCf8S_f4lW|>55HC{T@rnkJcD2VXAIe7vO%*rcm#1SJ~kj_pa#8U;HU4;eej;j^4v7 z%*$)Fets^v7$2cBT1CZoE&Hlk>DlAyUac?uPg0z5a7{6s~%v6>)7#zW&>oEN|=ngN~$Y=H4E0 zeYO18H$Hc_e$IIP=5pZ8JMHs5WFLLC4gVDN>hjId*>3BM6Z^=tPOn!E?KNC+`XrC9 zqt|hKH0^eu*_b-JVa*<$T}G<8ty`3CY_m_S?r`Gj#9-&aJSkDOZ5vHg&L1y3YNu1V zCFGSW{I!e*mV(pC2iZ(rWbs+DlkepeE9odNAta({(dc?EYtRPbJwsP3W%q~ zNU>z+!AC7U>Z^Y^J$gLfKJfR%W*5UTCx~Qu{d$--I4^(5`-5n7jOqRDX3x*J*Y}vO zbn?+_v)e=R0-mdlwVF^e{=r%{h{e;_t$&PB$*CK4va{+uFQN&F7mL zAEn3eqV}D{Az&b%9U{O3J0Rijvi@srQLOX#%5?atYs_Xd>juu8j;vtwC8^nu^~ z+?TY~k7w~s`o~%JMw_{sSXSFNPoI!&m>ONyDd_8{#opnHy-#SIF~9iyx%7&aUQfPW z&|MTZcYxCFfXa17Po9+S(X~GRWWCG;i<$>>&YfGcjN`)aY)H6f%8jgm%|iyrMif5# zv3lqrwQHRtmFixf>ew{2eM@pl&fMjzZzm?ou75qu(qj3dg-w6ky*FwZLD6ec^heU) zxk2xZZR@4Xqra|vTBy8K>(8hM^R*Wn>|VrHYBJS9;71Qw&ieT2W|ntwh|Ja1 zKT-DJ^MuGf8Cs9s9~?R|Upwdd?(Vr$3fAvA)Ft9*=8>NpnxFmRp*)^8HN!9}Mml#& z^Y%H@Yr@y&+!>)6qFq|%9%~S^t&_Um-|;fB&-k~o#cNW2yB8i@<8ZS@V@Gvm$^wg* z$u)?JjF;ZtvIc#*)$6>Rt;YI{PdxEeTVb z*yMTg!n8Wo=ldSFwm({MC;rm%k-ydI-i`lR_3pU6*Zi}8TW9$1s@5|z-1OAd^7!eK z8+l^3{p`FpIpos%B{Cl7Ml3-czI%b;wr@qI>F<`tPBQ;EvB5z0#<%)KyBf#H1#TNQ z&H2#f{(ngPc#zaB&f;1B3(>zW+&EnL{bQMvaoyBT)3!Gaa&qdqYSo&RduqFQn>*%~ z_vtbGjo+cBt^NVOq^u{e-0E}LLw>yUr`XM3V~VBA&FwRk4f^D&w(~Kbx4OTFY(!}i?f@v_q@(mk91o({j!F6Zm7Au>~53UI&K5z9iAR%a(mg(C*_~aUfi}GGO#gz z-=TX0l-4zLjeYN|=p$7#C&K3P+k`#6?vD>!Zo0^BmRV=_$*a4@C+MBjut_@Mwns%_ zgw~N{t>sIaJ(8YyK8gtT2wHuzLy^k)1+wF{LONba_UgMSzRr8nFm1aFr}M2VeC-c@ z)(Gt0xz}*>?+M|L(&xU6FxaA195>ul{kZ$_YoT8z?s4sZ=Vy`=Pm#>hb3TpQ@17gi zw=KMX=}mcMw7EgL+n1$NUa5?CU;lTL0_WB5w5-?pe~$ee^Q)+FlL_JC2H$MOLDKy z`P0Kq(`ne=-+yM#sN6D%GkHp}+z72sJw^@+>Q~V-%kf=Srw$AEUEf&M$x~s3?uSN8 z=>cY-j^hliSL!a-m7k>L9q?bl`6H?JH15a!D0R3legu`pZ(mZ zcjeaZ3F8fHuQoJwRh_(I*uc0xzQ*}Z?X89;ukRjn`Nqi1zBYONFMW+ZsAIlRXTPWK zH&64zK+72kw?{rzO|a?x*?pF``S!GyFZ(o;kJwz`pfWcK?ATty-0)NFS)&2UhI91q zZ%-KDBzN6h-c#Yq&>NFW^tayDRvjlfXYw(gsyl(hzp7a+SZ*fi)^pz3g991{?`Vj$ zo|QXsN%wi)FMGDnyN+mRfB4WRCr({`mi61?#^<@aG<*9_uE`CPI9=$jH}Qmw;cTa| zS&4nU%@5wtNEq;9`$T2QcJ3+z%U`HXK71=C#OzwMoT{p%q35jJm)l1+ZPiVc3OAd$ zJ<8DKMbFX8UfjEt8yQ^?^S5|jyn4@J)9P!ydppv-WX&y}IC#glrMq@y23@-+S$O1X zY6C^UpKl>EAH586O8lF>VEdD8-`Ae^xK|jw*KfwoXID4voEkJC`NBEx0?LHKtS^Os>oGb15ioJL+3} zPsu2HiNcI`nNgEV9#2u$TD$VVjlo%SBlp}Fi&MwkMX@k*eEgGx{vk$aC*CwtenD@t1Z zsd5&KFZVwDMXKBO?ZkKd-6XAStni_+bDY&$+fk;PhgyA#^^>o}I_hlHc)V`9MAFk& z5gT5)k6Pnv9rU$R#=gm(H#$V z+MZIe;`qsvAJ2BSDfjPeapsL1lNs0a9@_7?bwKNgsd^_pzE8g3Rw8{nsr2;rFEfru z{#azBkiM~Cz@jJSmIZ3wJ&$a3urKL8#%;5r`ukP`PQ@z^ADp?ciIsJ{>)oP8zpu{a zwh?E1HBaa%YQPkjrM}(&?Y--nd*7BncX67oo&0gr)gXD_?tbPY3pO-Qt&Vf*VXbO( zHqT||%DwdpUZYGF>F*fgHLAyTD_6zu-A31@eoJ>ADSzf#V8!^wk!6h&^}L!6t*uV_ zYJ|-q`APNesjgvC9lhR6>G|AS;oF@HeS4hqO6@yT^|xx_wHHyYqi_5F=xpQHFs-Zo z%WrSvPakR;WE322_AElC!Ygm6OUs0|Il7-!R5jc;zbU%DBym@lStJ}?)WL8GPpJQl&_tv*X;-A z#@KeqH{CNR8aV1 z^4zR&uEy{8>hG=fR`uo+b?|bTN zrygnD+`i40RWm%hbaCR<&~6S-6vM`KJF$3PudQV6mCaV$c;9^d{nv&LQI?LsDFi_ykSuzs6^=^^T(N zQg4(KTP9RV`Yc=BQBU38)nr3wuitSai!LPWAM9W_-lo5D`6qA1u~TZh`O9|M>hW-q z=b`bb?gJv#{JcjL*%-~r=x?;{#u(Kxsxcd{emzq5xR*~sh5Z%Fl=_1z+m@MzdO1Hq zuK&Ko?*5UIE4TgPOiCNuQ8`zz7{J;svRr)1oPHI#=0|6#=ET3=(BtiA>uZ|^bqX!~ zuF$gW&HO8Fyl8#3sYe^y3J z_>1OIF?%9=J{YKDAboLkTl1)JqfrjOn7LYpNjIfg&T7P-_4#|Y{AwD~SeJkPuhrLj z^UA%ZM`CPUTVq`YR+br7cTw-PWbau|<@?0CfBJAGsAx}ybAr=T&CL!0^?5t9KlwU_ zR5r?2l`fy)t@lv2cYKk+!)g!qxwm8F+m*}H{hu8a?Z~7_4VPAaZQa`GP>Iif=K9*r zvzMEh8SYSx{`-1)`gnv>k|}McFZmv52=+MUfK-X?CV8J@%nNHXg-J33bz}QUnVxl} zP;E+6i+tSwz_rN#S@oOjN9_LeAN(eCPU27GZ2kLd!b~InB*F~DpZCe4Ad&7bM2QSgZ?f?J) diff --git a/static/images/docs/static.png b/static/images/docs/static.png deleted file mode 100644 index bcdeca7e6f56222e00e8e6f23d9ea1ef3bf23a34..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 36583 zcmeFZc{rBq-#01^git9eLnu;0C^M1LV5*d4E<%|y&l*IQA{3dT0V$E8+f1c0g`|kv zJY**G%=@`$t=9AG=lx?p$3FHx-hDid^;^G{%6(nubza}^_cNWo>Z(fXXtvT&P*AKp zc2w~c1;xsP6cm*0)Rg#6`oc&n1%-doF-3U|r^tauXE%+`x~aw4&p}$L6|boeUrnf? zVPSGV^X)Hfv!e$!7-`SG*nDMu!s-SZ>U5gTE3TiKoRN+#BywjxC|Q~ zrO6fe{}|V!EyOSB*0NGi9Q5bBzLJ8Xc;60dd{4rA6+H#T_M&@l@drCtHi%PDTw^^% zNku_%@8bV~e@V8HDrR?ZiBq0lqtew5VU_BxvesQ(9%Eb{F*l~J|D_YaQAo0AEW(Xn zvn+0HI87aRbO*cJuXit#vUju41^KdH@HX5LTvEj0=~ka^_E`PsWb4?f;iv0|S8n>i zpuxIknA;|U(u7PhWLdXvUEtAY`UM`c(Sk~z_Zo~@j_?H6<+(b#ySpDd<~w({TlRSp zmq$AH@+U|7b0}GAwwROI#jRWX1oK&Z6`fYF;?us>*6KU8-U>1HC1vbrr1~!NA>ar; zicwCz^+SMJILSgg#F*?*F<#jDqm^`#Ofn14bDb2}z5A;>zYY$cD0K6&9^!B-sX6|-6Q6`5M6X-?bok1Rfn0U-SX`uaj}C#9+Nq( z*5W=vJ%yatZyq68@NV!m66Ra%`{16GOA*7o^yx1A!6hACT?KO^WmTpc6NM$=k#j=# zHqKj1Sl^C{89psVCPhRfqN$=t>Yr6yL& zE#{I)6HfzV&y&oxq}glTO{qde!Y=XJbauK-1xDL#+q%_dymzM;^(so)=*qtFpC5|! zsfM4@E?xb%5_ZMtO6GtfrMp`@CueP+a|~j=8s_HMC(Ox~=H}*>mJ`!%SOiAuj)vLw zfA1*zzx?N|E9}xDG+9apRta?Jz4YNAleEvD-{7n0;o-p(9M~mj(>WQmr^uOQX(PRR z_ce(_Rp1o&g6*xX8CQD@*%%)WZNQ2KmuT$%p0eU&c>%W=2YLOisp~XtR8)c047`i> zA@NrS;&14vw6w6tnUx-NOfutk@=*v~FQ+a)*J7}*o|-eLZ86^X!pMN>A zCY$bR&fUSA3Ke*!H>Tb(f6&rbPdd(BWb8G&b@Q>7nB6%;USjHY%a1Ofde}*tJz#d; zLv34Ye&0aQ+j;FArdisVGsePOIK4J9MsZZiG8}yLV8~6B2T%FSWiKU4<|CoGf$l7p zuCA27KK7JG2PIkYWREViU-C9Ae)*J?p1$g)d~_wRU=`2HtJwjAa=*kDno~W+^cz}^ z)sDWH|9D(e@2HWLW&4ZnQrT<$&&n;V)Wk&_q)mJTRhgNKyJsY~`cyYZo#WpeP_(Y_ zULWm@n=G?Oe&^v?D__O;Sp&mPZNr(>o5)Ey7d$7$GbWu27@xd(GyaZ>Be(03tDf8N z;i`#}OVRvgmrYGgGg#8i$Dbz>Uv>)-^D3PMd-v|O{rTC<%&bIKW2@qrjhbCaLCxK} zckS)%@$U-lQ_}2Krl!^wIRcVZAF1oQqOix>ho4oOWwFdJ93Xcs1U~JEIK=CDyyI?v zdE}yG_S8bPrAS@cuKKuD`L8)n`dW~Oopea=N@$;Di}W9B@nTf)u6lCVPav~}(pk5o zw6ru>RWczq_G2o)iSS2f$FfIfuBzT0NV`*IDZ;6E`0&T*g|YbNg^3J>+wKb~_qAQ5 zADvc}=&VxWu%}mRGGqC)QB69H{~dvO{y85 z=XDjSd(}PelBYM+Q4+lJ`nBdExgBzrYCD3Dgqxj@|s?0 zX9(zI{`#(|zi!P<1?sGqD3%5D16C%FoPW-Y_a$ex(S#<;`I`%0l4e(%(7tY(qiX8l zRXp3*+e=rtOF&@4N!nNO!n+%*w~1NO-BQSL7}&c1^0$ZkE_Q@qf5}ECKYxC7AtN?+ zr<|O=tTZcqS&O`C@Q_5D*_xa0!o$N&MSF*xE~K3E@W?l05q9U}C%!&cR))qi%}xyL zIlU#IsQTNt`z1zCs-EY%X%$U!Oq-O|Dd&IJID6Le$Lm&K-bd7HZem#-o829EF{L&- zI(*gAdEGv9V^Bh4xAkI3iBbN@gXI2(ERoHAw+dVH-DhXq@-_9{$H%JGI3(>%&CGg2 z_G)*ywwYlEElhWXhJ>g-6ngylu{`xY$H9gy+b$Z;%a<=#NRNL0^y!l_&*%V_|Nd#! zEz(ZEGOxDd7R<>ZSMMEL?Y2}Hn~qW67N6}n`5N35a)-WohMYK2GU0> zq^!EXJl4*z95}bOh_fZA`}mFxw9EoJuMOT^Td@*F{`*VKReibTmUBzeT z{(4U#Je02Is*;)P#zWnE2zil5j5)P{fb|jPL zJv_Mrr~334UCQ^@>R{9%UIh!XUfLxUclY@StNbhrGU?#Xm8;&lM|l>N!kMQ;kC&8Q4=E8)mqoPo&4oWOpcaI7#PU zsZGLu5t3@%s35&C)y}Nv)QZm?tu0vCAErDr@4>Z0^9QMM@KsDg!m&9Mug_s3MO~xi z5BEJyNx3>X*m&m5nX-_*qtkBJ4;s{^8sn>Z>XX=D!Qw*7#Uh>!zH2w~%>D9_yC0D^ zQGZ2Edf1EcNo;IvcD4&PwGzEx)HnyXIsi5y|5C!zUcvBZm!fqV8`ob>GK>&1d}auEbwD1g3Kx^ zMn^_!lJytM^cRF()10LBPM#e0)1P}16VsAX#IB8zWf#+iBxymxJ#0xb&bxQ& zY31r%EIbuG>(s*R5V8Gq<-E}n1vdN5w@}GVbp)%uc=>W&p%Y$g;(Ad)*K!{5XXT?} zQh59Y@6VH}?zh)h($dmK$=(bP-x^)nm5Ub_J?ZdJQ(ot>%~~rQEEL(3P%KYvXDk+Y zU80+ZnQ!OLomK_&4*Z*4C+bWDbNYoVp8TXClhT@LI*wI3tQR)_ffv|o?M4sW_2&q& zp)2~c^*cj#E|5w6L%ts`;KezU98}U#CRpIs=F2O)I5&zqnUrMNSMzEkuPVkbb}5H` ztW@8N(?`|U-#tR??+1G{J$}8Tx^?T80(C$UchTNXE3N#M>FMciqY=&h)$sw0ZIQMW z&ONcAfBp5>#9*T<3P~};UBSFDwD%ztiHQoV!}xd2$^N=(%QOR_bGo_~S~c;}9$W7o zx%niMNJx}b|5Fcq%$`>Cw;v+X_*!ID9fouHr%oQm@D^2WxU*u~slnOG|-26p~F))3%!=aSQ6R@2P!_-!v~e)iz9coVrsgc~d;YSZ=sO}|chYvN@o!GE zAiv?3Q=$}83}xgJ6ih}}D;I0N-zDEsz~Md?i1s`2>dr=1i-Ica4xO#b=vCnf;1nnbPC`{Sthm$0F#Ozj%8(G~4+(+`f9T=0!# zy+3s4oq;ue58sVAU{RlDq9(-RHaA>^0+nZ8mpU^u!zSgR<2H=Bp^mk_p@G#`vE!?7 z9aT%DoNk`WIB&EY*HEOa`^-pZS#s`3X_$z~U{fBsZ(Mftv&h9ych+0T?5Zdj>ExXZ zJ03eT*2As8&E}?qh_U#Gbfr*3meifo*?mc~6L{xC3+6udjiWuFpHOkQ{X&n^%Cd=V z80mf*kdHRhSf_Qzz0_lmsf9(OzE?j!q-#{=p-?Naxv^2ce*MZ7ACC8_{>>FEA)tl* z@JHro+X@MyoyfS@khX3)QlMw*QBGl_*P4&<&))DkiKx+5&6wzgI~g9xLvE~YEk6R zhNdjjmzWkJsJ}oob##sFw7=q{&EB}rPGC8(19Eev1Bz@>d=_!B#3G`CNnt`o9dgdo z(;5^I5D2OE8_}=R8UIztP%zczm!NUEBxvVj_3ob$Rsz^$&Icy~+Zn6bb)W3b($BOu z6k=hOb<5-*Y4n&KK&!3pJ{HapFPyWlQ_x82tZW_aA5F2Y8y?$hZ zY}IUCxDI1|*Qm_+x6`O!HbTx7krEyS1#xkogzgv!Wf~T)iT`z0UH#XmZC3c3eiuqw zVw4qD+qZYm9x|Zwm&b?jr1`u| z&CR7}x}O4U?|u-z@8YNax-@i^@BNd}7+z0Tq)A1ThwtyhXnQpF6b82|HHm0lw9!;d zotFjgrzL*siH}~GELfD;;QKuOm+<|l;0I`|!fHV)b%3>#x?7dMmC0Y>^b$EK80vw| zh)H}Tz*tvT7X`YqGN7ov)jBgNDG3vtX0l$1k?>}}!%wUFxkJS+U%5iQJ6~HQX-ubB~07HJ? z_m{QIlaY*aRDo%kcSg@L(%droIiPskt%y;f_)Rz_erdLX$~@!b16*Fa`1pEQ?z*g( zqdGh>q){PI{QP-x^5nD|%D$>1#@BQFA*%76k4udeJ6vxwaxu|h*zq5dvq=bdh+u1r zz8W2Q%Lco5acFTN8MpuD&6`6$^ba!n`ufz+qcN6wOqb~oq8p&6{^jS_xJ6T=WkKar zO4_fOx!Ld%qmFPkuDW>) zGE6z)veM*pP0Ibqa$`!=pl zi|J2Xi}p>S9a0aCwFa6FO-wITUllp#@Uev99@V6eYgcs@2v9+r(Zt{8RzF=mWQG9_T zwj!Kfx$K4S76bi-c33ag4CW>18Yb@1?=>n@9qgIGbq=I1%CtCk%xf}-Dr#zyb{w^- zkZq>w)3m(Y29=EF&~QiJP5vm6(u+Cc9>;Rp(6Q=MH{sWs)0-FCOREkx^`-oo{2$;TIIC z*7CK-4xL9bDkQXaQx<8^Hiz~>2aR*%gSfajWuA7OL#I3Hg9UGMsNCiV-R?1VJiZ!5 zr{b2WO7-WD`brgn$u-&8*>;kzX3yR4aG>lOozB%GDlGQDu@)e#r)})P-3+Vlg-JYuQpQ2OuY#MNBjDI8`uE#+Sb_CV}QP*9M8(8JJBUOAPYr9E_QO3ZCV zJ8yH`O>O68q5IT6jAcByUC7|=wS(JZX1o0r*=AcCSmpe|gY763!b1YPCb$M2jBZU~ zt2IyX@U$CHn@35Mh-_-Rd_ENbex!JyVLHC=?CktleHU&tCT2SmP08e!2FXDAIo1mw z0$ds8>fiW9+eyw7j08<&HACoAmA?kNI=;;I`2_3R3{VO2Wo#7Z^eSo}Mp6B!qpp5W zHGW+o0Jg6pS8xd??#TDnj{%_{xs8-a4A+FI$acv_tL0x0xqqLDi3ucFL38x{T5;Yb znzntzhX99)%2Vggbq_mvGjIsFrkzS)nz#1(EQ_0q%#g5=x^63bcY1z7eb){X=Q$5g zdHL&eQ+*?k*~409-DJf$jFiByiLrGJh0HPbPtLl_>RY-~@_5k8EUjH$$73L*YSE`v z-JkAmyK?z5Aek&0&(0GeUl<%s`;$3To2;G1JKZRG<=z#GsdIW&cG0f6S&RjLHYAVD6GGk<2y6(2W%GS%B$I7jjv)nFn zatR`ev$6{r9K?Jf%|7Xp_gMY5hq!L!`0B=HwXnjqk+$^O`PWM|-?;6}oNGKyZAf+y zV!8A2!aIXsC-i4d?P4l@ET%pjJ@k0Q;#&{*0UJXaWk$L4>*Y}N>m|x9gguO&8i}(` zxa0wZBxv-GR>}!tO4t`Nzsuccjw5pA6-O@#l?8qC4Go~Cr&Z7U&wqDU*X`7JAY+lL^j1gDw&Dm;6ik)oGUXlS ziU;?UrH+h@fMV(Q*~q3)e5UpO)A$ytuFnGE(WMQnssuA%k=C#AOjl~U^PW`<-XAoi zk<&Sqp%)8i+vPfI<}?qqDbcnmakmx882uXejInh(La4%>@V5Aua6pTJp3U*VCf&%VwYED;c;ehr})B>O8QkUo0)+W z0~GJEJ742S9_@c??85G$B24+#m0j4YEb|dKdqMaa>jkQLY zTN8~8Nr7eZ5pjGOcAJ@*W-fdt4WR7d-KAcIMaH`v{eh?I|-uODdWf*c0uw$vMe|A7DIZ{n$V1u~Ub=q4B#1rG%qe>Y+ zdvB6+QZHS%qar?stt|Dtw)U+)<_HPO&JW2qr>?$=oU&(>vkY!z;PtYmksIOS7-4$B zUuGtK)aNs|t?69s)Be%;Cl>riWXY(9_^LQ8+c3RV!h9ptIGbBlq}@KszL9qCj`2nI ztIXcMV?oBEzIf3K^q4c4-M4k?RvXc~Wgc6jXd-pOrDpkG)b`nHPev$G#s?R*8zvkX zV<9w(09xb8!p_dllEbI4W~oZ*Z!$DX`F?`($<57u>MwabPTYkd!6Y&`exyK^p4an9 z|M=>tb?Iz<`K&yrpG%aI26Un+Z!T+7NjuX-C9HcBX$KySuQsNf9LyOyd-iNam`FT{ zbU-=HcG(uY6FaMOO(WYLsbl1k%_-PSI}>sd@_p!={M z5TszGTvELx-j(;!ZuR*nd1LlsM=>5^>*?r2k$gfiR7(PrPDN)Q?awj%Zm@PAZ4gAu zmLr2Y`oDgiQ?mAK_(kVf)jImDi!1IeA@|X=@pfhI&M;t;ALzbb?aL=bC{#D51^czTA-=}AK5x0KL>W&dvkKo|((aTWXRlftsXE5E^s5gH_o@jI z_Mqm;clK*Hh(~pEUW2Sd{9xirPe1?j@!ebE)OByrK;P|V-__jx$Va4(X9$bC; zxqv)n{KkJirbCp_dB2>|u-3h?N|o1zdU>^|cH?@Am|mzVUzaC@#19NE-h3LNF@zeN z?StFcVeRte5XJKSs=s4;apKu>uhC<@*szGWHGR9ij0hAQ?3ZJ(u-HT7E&p}d@ zi!}SEv-I1>VwP@9!}`rdnlte$Rj-G|@m;y3mkj2Dnpo@Fz6a4xa~=f^zH`Y-EwgTt zn$t}-8br1$ImdAbkIfnckz+$aL%-kbvEjo8e=%Y?#^`X1?}7*Q2>x9!ELftWPchE& z$-u3SIn7=t@UNhVM!N_k18|>O*|lf)?)t8U6%^vzu~sLqS0Cch1Iu2YZQnQ6Q!V9j zBZa@Leb~G{y$6HWMg`P-e0{h8`p7jgH+L>jiG95S|M~P?Of+vuq>3mhu`p#lyQ;&X zIySz|L(RZ#V49&vY-gP6QS%HB4Xyq0L)>lZSAguyE*3g(g~wnNnrzDUD%`%iO-vS) zAFwI#+VN-4QhZ9bzfLmRCfL{wx$a1qFj0t z011JhAh|QqtmQ;&WPFmJ?*T3V^8$yOchU*ps+5cu{?8T z(m6F%%XnZx-6=_P#Psh9QzEk+D(91}=NZ1DW1O)PD zdS7B!=1;sy#-8%uB610=T8|wumJ8d1jSev`j}WthCjq)#Fq;)#MvIP0%_oTV zw(F`Lq91gg+5FX_UPa20o? zwc*f2sAO}2z`%=}-84%(`8rLU`kQtXxZa(nUA0|0ztY?1XB*C??`7^EcL^?eR@+ye zFRfWbRXXoS&u73}R6U-DOD|{^e0i#Y{w;$EZc{LFE=TPx-N99cLTbbebXTWt+Tuv*Njwr^kXLc zDP3T~13bo_K0f4QS(kd4It7GWwW^c_gfz$>&>sTFNhZ zE=Ifb@=d!#QtFS3;|VAlh4SE#FBbN>j-;!u{&ws8#={IW%Z>M{gCID;x1+w0i6lTD zLbW$H&u#l_4^cBgm(gtz?zqVy`^zQo`}gnhk6e0ZhYAF}SRksRctgYa0HjhaYC%qV zPJB6`!Em_t@5{;<@2g!L2`xx`@nXa!53k=N5t9mtQGMesVEjd#ezl-h!a@`sEx2Gi zBY(CYKRMyd%d>fSms6kXX=tQ_lms#4n4h7(%P9OOUNA>U2tP=9MkO1v)I#r^rJ$&9 zJx_G5r0NA1>JA!<2TNas$d_r|`rbh3$JOs*WYR21W(iVs6ZV1{u}6^@9M_E_qN^bBFS0 zp*G&*JhXeyo^^%4oTP;ZwgK)#5V7aX!lxGWXQyHQ1L$vce0-K9+!1B|uM zELiC|TI(X*vgtFoEPeJ;;k4ZG^7IIk$;3RH&p~6^4m#ITswCYU$i4?Q_$F#+fUOh| z6hsdM<(Qe7>GbihP0$ouu}Ubi=43DzV4+Lz^93I5c;q^`1*$1_Lg-%Ykomht>ngJ% zL#1CvxSI=6{yPdBZCq_bPDdb0O>9~kKw*P*=H=_Xc44*(SaVbBQC`bz?xA5c5< zC>&UQKE!^N>`Dro)mWqFZ+og9@V&0^VR>dP&RQA-y29%mgk~_Z9%EHX&7O<%E2-%3 zOH_l>rCPW3Te7}fbY+HJ&#AD9P0Y;6T4_A2^sds6lzBuf8!`zal@bJ+eMPLc-%ctu z;zCA*z&VmTwd;y_PG|2)%6#(VNgHvE#LtIbjBTI``5Nr{z=}y8x%tX4k*?mC$(xlf zPe$DF!R&tmYF3!ZqrfaD-tXdZ)Q^d=8I|;%LO%K)=LdlWJ$QqH=}N}GqnYU(`5;=Z zm*=uG_!wlp(P?N(FI~ZGpGbf8g=Zn{1#h3;NQ$@Ns+;ey-^mVm(LFpCR)qd~pyFi1 z^(Hg(oWTCtk9h-DvCZ6GbAcCA&cP^Wto8KB-I-PfPw~s&c1_3ne;42U)eBX&_Z;Q~rGKze|`sJR$<6OVQc) zhpDK`Xt~%T)Y*Fp5xEVAa|Wb*Ibt@Vhn{@*-9KJ0Ue$%#=?v@14i1fgqSKn1nx{?) zqbTy)2lojL*>-y^O*_{jKS^3&)9&c(+^bFM&zo%0er+Hxy0zR$*e0cu`|@_?Yh@|^ zF(=f2R{6419u+ zWTp254&CyEg;JdESGGNOS*k2VPqcEmUvF1phESk}^Oog^WK?8*!XYCg#zPt#YT0wt%>bhjatr+{KlwFeEhAiH# z<1TR0w4pwtP+t1>{3Kx|Jys|L1}iF{EKJ#(tW<14VZC;FxIW!QKv8%JQOcYjb6_OYw>R*To!5_F4!5K-l;MPc-NEUBEy z6fd;I$5_)e?R5IusLFF$_-;;rYFX;gDvE=&crmM1#w$6xQs?R=8?xAl5393sG~E6D z3_(n^IM*iR$gE;&y0`qzYmrA*|93az|GeXW*R=nV*!iDj{eOxt`n~jSKhS`e;KEy=-x-Xe3bFT%SW<^CyQ&rWI}k5 z_%{b1HYe=-HruL2qlzvGZ|Q2SSP7ACcBU^`ia{~y=~CVNn<})wLIc{|NH_~NnASp{ zf|1fa?lWVc9wwX?xL0TJzigB_wfh0^SD1{egEYH7j4De+nWVVf$}z+LK(ieg=?p9} zvdkGEfpQ5A6@%XZRL~6gAHq9tYdd<2S?`>N#u$7L(69)!nw&Qg&iEuT(Y*ghio$J0 zuHjU03A&#B1>Mu9xWGElIHnA$D%u1 zxQEg$q?l;Nd#a0s?!eN-ylGP%iH&-d$4GEAHRlH34?sb=P#aM3jD^E~vt)rs6=e@Z zsVZ>=LYwotedK9fqfN2ya_{R9-EE!3&8zJ9*Ix^uRTf~@;DB<8Iq>}X^InX2?5FrZ zb(l9aG~^n*y8(QbcrN8aS49-;N*gRVlF94#6~BMv&p}OLJr#4KZ-YjQ9YK}xt55dT zTEPkeN8>hOquUl_x!JnP4$W=bw!M7$QlVZrJ;dG{RV!4 zCr@-V!q}HP{Aq7SLlB}iF5Qp8N>Ow2ml3ushddSkI9P)XfyBTfq=By5e`WI_x-7rt zk+hH^Sz9cXAo-%~z8=HARf#;t&>PGDrlw3F%a>c{URg=u;*GI7ab>)Z&Mu?cBwaM#C|JH$_!-V>x4hD( zFI8<>(|DI-`?leg_KDoj+0^n>qb3=__Xz63U7bqBtfoVgaHxx5e1EJqvK&-4#2HdUbNrKjs@*{)J1JUjzh5TO z?HFCD>tAiSkRj3XbYk*H#bmT&g_!r zRBA@(Y)_`x^bpwDCO}Ha8izYu9^Y76#xEi|wBONRZ6ktpF}rN>UQf3Mmj9&)Q;4y1 zUQ=6J+q_IoYNCdNN6Yn{LOg#+*__wE!)jt3O``i z{RM6=0FC0xx;ocj257nPFFyi}fxN-h8ZDFkVq!qO>$V+$JsN-bF-Tq;trkTt&Ph4^ z65mJQ#Cd1ZjT@8&&5MU+E zB5=)96PX4E*{QdE<7YKB;ZG-wWZ0?RhIS3)M>4M9q};lq9K++ZV3WYr&(C$qc}{nR zVt0et62gyLoQ__chR06^{|$Lidb6L(Bk4M!J9y;@`~)l3YYSJ{&TKUAH`B}f&7-f4 z+*VQ@_@7ChhmHO`YL0L$U}RH+=N~Zy+ra=uE_hd6K^Y+rkycz>^GZ9~W5z5iBWEZd zwI{Z^2isN0vC$rJuSdIIB_^`s%0LWodp(qP9s!*Lhy4OPOGAY3c;)qjJ2q@NV15oZ zQaJ1(nDTEHQ4wJepyfV6pVmFK%f~Dn z%rlDn;`d~a{jliUN$Q?E_fVOKu;JF%pV#t1JqjMGg4Yg!+b*Z@UaV}P5XL?W@}^Cj zUY>mw#BA`O+#0$BJGO(B$7sZGdr{Ga6kOUUTzw%N1^>7tw_Fe(``73$SeDw6d97Rh z(nbrbcaR2pzQ#hV$btD0EdoUeK={sT+Rc$3Gd*F-KfN}pvWQ#9H2B);QW4&U;5{>& znVF?(tzPqAfnuU?8+8pXR(Ry4;rT-WD)e55w_&zK&7*B}8Y*Z$o_~ps#osw=QWQOb{*zzLD8}-BA`kpl%YT^IRGrE^AxJ10HVD-&+s_ZcG+;b1md6q$hLNqIm ziSsHS_A&P8>|Lps9C}}s_V2Cd>1g{%`BAE%edp+OKYx_;Sr4z$rX!ck>uPgD7fYqm zHtsJJ>WDqhaD3tt`9Np~CB@`LHhE}&@zwJEoTg&UU&i;;l+ly=S0A64{*g5FnySOm z%CS!1-+Um%s$+RR2kCbe*FVg42vNQn8K7vRCvOxr{5k(L_3+mdf>BpLZK=r8FcEM6LL2f12x@2J7|Z2Psqd2HGaCOop-AHOYA4 z&XRHmZBkD4-^0uvw0-!Bz@`L59&PNp*y)!xN^4RQYL{bG^&l_yR01ps)1zIG6XCej z@;`3ZszgO$dT6z#6eMW7t2Cdd2kfL%cGZqJ4Q6!_ZkKcX6XjMOws^M0)<1c&YOpaU zlwT|8cr4}hw{0K&j9(x;^Pi_5muc9AL-t-VHN|)Xp9z}Yk&`D+Ub)hTzzbA3h+(1* z{pXfKf}rrKpusD#J1bIOg^9lSih{UOTjY##>?t7IV?4nXAK4|FBP__Ua#%@5$+q7S z0sg!wp&(`ZQ(5*a8{=s&f~+6}LZ@DPNdpFX-gSl}UOfmGEn;+lbVg9|u(?=WzI;B_ zs01`M%wRB8whvEz@ZAV^@I~?jC|Xr$Znz-7kML;vST?mdCpYB^dGFug8^;2%}vT+RbjWD**Q zB^p0mTB_JmFzmR^kJl2z7v~4COM9wSnwYYe8x*Lg=wp)@=U`=tJ3exGj4fjy-9n?m0_t_F`O?5_OHVYH(`@jEe6;vzwgFuxegF48#%K-pF;5g^$8x6h#*ADhx8t zH6wT*D~yC0WXA3>UO=}h^kImWae%-mKUe~aU=KCkMua<#prV1gC2~k3E)!6CK@iT*4|&SLn1)eE-1S84sXAS|e^kpM zyaK;k3p+cm>ogwH6FgJjmGZHDc!_i^fyoa>SxaISwvo8?IBa-_xG>uLi_<=uVgv z;>?b41tPoVCy;Flv2)~vO-6~)*DX@kA=BMX#KIu}^v>XmmZUiJZ`kRhhRU5mzXOp} zjI+~!t#$I$q_6LdK={F^Xs{&7OYY(qD9!^3re@ z4M#JptjMP(@W-YkC1%ak!H&x`BaPE9UM3-qr-4@-F-rs?FjvrUe$ZbS37wmBD@z4& z8wZzyIyI;jHLy?zw$#q{Nk4Ns6V15Wsd97#(M1u&a3-htqf8Nln%_R{2p}m z+0{?qc~v7H!dSIukLIiM_Pq)5m=8Cyi)a34I^I+(M2CCw3kQo%h1TtHSQ8doZZc$l z&G6^;GS-6KZ0c7lM3V;CHL$QpmSYiRvA0v@*s2OwZBl-GS;-@&dg1sNc>NGr1!&k| z-MuPa=(XC&)(@ESklRm99dRs}Z3Jc@&`ST2)$rxSi?1F6Pi+ZYD&{_8*Qm5&yU!U- zP4I9;q0>vba7#xlLU=Dd7pCx&EmiH;YPpOA=%QNAhjbrJ+PTBa2@@l3?G__O76bt| zuzh+6qYg0^6X0Qt@z;xkyd4|{XnncYHwX!-j6$ZVMQ~!T7Yp(jn)xG}st(xXSH9cs z@(>jpx+oN^pTTjc}cfkP}On~0t?|H`XBE7|8T?A|6h1Hwl+Q?LU5aK zDz0bPsJvcb^=~0&O55YvJwb_pqC=(h6zYoD!5hS7vVR;h2)`s5r5az26r3w0Z42^< zs)^=EL7W*Whc`;K%xXtk2GBzO!c3pdwdaisCA~I(0~F#F8cq65W#<8*N4UqkB}~nG zOzVe*Ni05)Y{IN`A?3&1G%+s0RMS5?P2~TwJUbZw9;Vkuoel82z=3oLFn(7Q(pM(!)|1cw1sBL@12&=^uJa-fOAcwu2?w)U379?hgkm>Mj| znDqsjKFmQ-vay$uui}!mXV$w3F-)x%qEMj zv-dXs8A1sE;A|via6uqu$7Hw8J(xGZGgXAb>Y<9HR7R6aS=MNXw&gV7VC^eyUa#jb zUPxl#hhc2MRCKr3YyLiXETn+12yq;P&st8){OL=aA6}e!>BR`ThZkfJ$Kq5G(q{71 zSBd!L0ND}KH^PaHJ(`)DmxkkIm*pcnF=4vG)I{hyUPpJ}oQzqwe6)6n(w5J=yb2AS zkEeSsE}-G}jc+Ab5yI#K>lp|e5TsO;E3h|YO1Br>VpT$}T2VM`jED$aM*eWCrxC?L z`rq;(6$Go7Z$PWi+=`S!Am<;4n9A9f4oi%|NZO9Ut2fzGtwcTib|r(jvo=?tkV+an z3QRNzxU+mhY?XhHwF0$7&GG5Iy#MmzNDoO4r1`uRx}(f;_k;WltZ|B8hL zo5-cl-BnMkd&a<681?=n^!RYdMoS*C2p*}XPj|N10@C1Afd4RHUHz&2XYj!Y`WewN zM12Y5Am{YUpe*%$>n~*fb}pnHrwU!>khjP0`_OV^WMw&qS9h{SM#)E6qf-x}qYF%{ zo>+_XdqI=;HY75}dU=v8bl6JDJi*6f@pA|_*uTf3FUMM-H4z*qk?t02v3)14Jj7&+^rE_)mPAc1wxaGM_KF9KEU z2u#m5X{L47(D3o7ezhpl!vHZk{I1(dtt6Jk?WOhz6RzD`J|Q^KT5iB+s(Y0!=S<`Y zVeyDM(q6d@C1e}d>4VdK4ymFhi%(w7mZ$PNGgzz}EMnpW0{`7f8^14k%h-zOCG~vY zIUD3qY8TCymFjEym!~EQSgxfI|4cBXa&KK&6WMPla;4xJ3DT;EpSg|cZ09L%fMcO8Kh-NASL zhTr_kvX?g)ESnpxe^EQEn0JfXQ{(pPYgVkQnmCR+g31Al{>X_67n_PtVai7wzPXRT z)R#ddx~npp!|!8iL10>#w0S{u0iYf1N=S>S_FC5kG&VOWp4C-vvLciC*Qq{|mSCiQ zom%qS83rSAq%BlgoHP(z2V@Gl6tgHQh0S4oG6_}=1Wg#*9$xgv_>SLO$^|uR2|P1M8zxkWc9iVsYAZO3*jMP4bpw6}(Fn2=4`^Gzit5=7yAK7Sbooib~k^Y;mAPRek zaV*&`H5kwZ)3-7YB9zlhZnK}D{~ZT)I2Bb?%Ha&z;`b3IC24jJ8JDr&ejLOrbmLV1 z!)Xlz9Y>IAp7uv>M#jVnE*k(Ahd2AWOgrt*-(oB=O3lr614BvJ%0ON0^15Br&Q{O^ znt(W`V4G#8A$}97nAeHxw|bvEcdq!J3hzJFve)DgN7$3`sT7h$?YD2N2*(0awHE~} zb_#m(71*`k6;q9p{7xE>ah+fVuMNC})R3Hm28i$>r;wwRRyzTN1n=8g@z-3n z0&$*V;fiHKRQ))_6?}*^d#GHv1sRSb<;q8q++N4$DBue}l7AQ{BFuvDNVAC8_4QV2 z{Qrg6R6uoYlu*=SfbwuuORElPg*}yr0Y;}O)A&yaP(~h)#la~V`Qxvk3Y&d>hRp!W zVgXW&UC z`JAUV2Sik=|K#9vg+IvJ3wyTot60`FG?9hyt6*DeP97}XxsU$r zTuZSc95l<5$x;^=J-CD~55wO!%2F+gDE=Yv75Z?q@@)Oa1i3A8l*!`vcB3@E)ByHG*SL0yyLrK5SHjShweN z!Z)CQ@X_!q!;y+pCwA3pY{L<0*q9DDXB+`AQcV3W4X9f7U zw7(!2u#4%%t5-N1XynwS&BJv3Mx0XM(GNsadUuw*ippI>7Qz!q_0#<9sZ(u<2Wkh4 zN@Ood91EY{n;N>_EJLhLf|+g&dERay|FC9s1M80Hx99lrM=xmAfR7-KPVwKm|F}oO z#r=cVhF97VmcED+W?3r{EIClir5J*f!mx_o-fN~`@bB3ZvG1a{a{Gku(urX*hbX%U z3=E!)u*KCXa2Lwje7LYr;+|mF?Tlql99ViaL^+|g`73fMy{|K(khspLF;L7f);-5` zWcLFX_!>_qFs*G^zY}jKj460KFPVXxNiE8S6%zs;&aSbph_#`iBQWT1fIJ&PSyomS z0sii>9J^`8|Hcy+hY7L%=V8_*gs_sxv4mbo>blLfhYP#GW=a(L>eDL143Cpat}8c2 z`Z7{{Df@Z;`QY2&q|>}It8&@>ca5y8Y9Idg{W~0m;0+6pH3C2ARA;t7{iiHnR`Pp5 zWN?Dk>Tm@*!P=gj^)nnZyC3P>tKfvyOW65$-*fY82{jHfDhnz(|B#GTfc)tPnQBVf6*lUhdj+e!afQQ&A)O> zgpp2z$OBC->#z)ek~;*2^6!8U;g*7hE$Io=U>LgpajdBm1ujnA{=)L&Z}<2jLO|e6 zL>@>6To?EC>YIPOaYUx*-vOawGvd(5n3umTSAR@1#P#rLL_MUuxy&pqt&aSX8;1e6 zakOPD=1(9B)}4P_@Q^Pd&ZX?$z3g-N6H@|fMZ|=7|4wtkc@L>norqaA5?lt5;2#^I z0bG0k&RxL_^ncW{O5k8h*j64!tG62SB_QUwTYjlfuplUn}C^_g*@F@Hs>7F^W(@Pu&u6Z#w$m&?ZRiDCM znJ;HrwUjovSN;5LmOsQ|I~N@9L~x=|0p~pmD!a;vSkv021H90>>q!>jKSA{Z+n9&* zWH8i{kvDiON%{5+u@4W?xxg91@`>nOu&=|@($Ay*-|)rJL~yQggx;luGLbr3(l<^} z+L$+SI^1WJRdX^RvbQ0swIqk5a2Vav!Ym^-YnB%KJ|cSdzca=a4A{*6%3nv31gYO4 zQsMj4zIe0_Ub%f%n0{I4P_0WvRg!C6O&PWbykCwfR$O9}Z-lthTgvoM`J2&J$2#Ls z<7QuO)+Ka{tQ~u1Lkp}zh4%`5vjbLBSa)1lvaR-fYhW`t#)xctdSJrCTI6=} zf_c^GS5bNtG}oQ7Z0|qYbTK^67BLfu3Ybe^G#Htk|JG{5_6KbL<_g&Z;&Im8qe*_k z8IzNmY6Eqcu-^-@@FTnjpA#H4###VqBnzddCwX;G@C3J7pOcl|dKYX6)Mw&N|2NLv zr&8TF&i~z zBn5Glr!gEEa30`@h7Ag$Vq(ZpIRUo8Jo8D*Bx+MY5r|C-G7c4}vzJ16*AKIWI-;b} zgoUuIo{W0tFxcP>7!8MX>HQ?6MvxmpN|P`xcYrkbiLpB1$WxMqzUTZncmu)>XcmqL z5phOilw%X07xgWLII||uK>)2j7UUBl{DA?nb0K~I8lq530mi)z;RFNlHfhRr28#R) z^Rw|^m$c4e&NbE|EG?p2*DW2XD_TzE262AW5TGUCIUf<2L^;nw#yye=r!PQ{_4}w? zeW$2h;kLE7+jGxLtkTOEgLRGgtzOBIyzfJkf;f2-&*MaV^&xM%gv3Nqy2AEh1U>_b zM4-5;@9G$KLW-tY*R~voDiX)VVIgtuN4km-M#7RvwZWQy0Gv?WHj1Sw4C9Nq0by$* z>~4s({IzLMg=AkMI#QVu&RkeVK#&mEay|ks!JsIpO-hW3F#v_C>KDPPZXKr{YbrW} z02|0!-9eS4qc?OE|1Qu=adE<}XRHO?6O9nsQEzQB0yf&&b_vGd2mc8IZSywNssX)+ zoD>Xqg1Xl4R+B8CAQG-`oEuu9+SoyB4(|z$9DEZqJ76vUCm_dNC9RIGx2ESRQbHiMWvqJW9=p6P4$?0Ly0bo|rMl;!THAc{k7%cDL!7WyJ9p{QKn<5!hG*ST_#}RUKnp0sxlcyXl^|lDO`VSUt-lkKanjFkl@prXsl?GW zmVbxGp(ersFoTyGLyOk#2Q;fF5qF!Iofj6lQo9=`M*rIkk^(*zr^?pXyFg3CVUsw? z6cj^jYL@(<923o6olGG{>JRP1I03E;Rt1R0WE|xvVasCy1D+Q#0TU_!60mm;%+9@# zF2fO$YDwo(6c#k&OhLmVxeEpr3^o{7P+D8Oi<`9nD}g|&d0N%oJ&*AMR0K?N`{^!% zpR-v6_1-*P;Rqfd#4c>MN!h(GV0S`_TpMB3n=yYSt^DHw18_+g<$H~g_R$?i`Dad@ z`YLcYxFGY7CSdo!+B@@bs`s|-uWA=XQ7IabcAJ!`Qf3Op&QPHck&wvBP(+djqFs?} zw6f4hny_TaT&YZDNM%@tGPEirl%ZvK&hJuo`#$dbexBoa-{XCb<2~;6Z-Zs6-|zdo zuJbz2&oy_UhsAg@9JlOJ3I z18~VQQV%S6tGl=oL0a(4^Z$&Gce|KiEvPIO2J<31*~cv&mCTd8v-v6R4p+vqL@*{6 zu}l+tv11Lu>IMVTB*=XYI4VdgES!5YwbhX}VW_WxsRm3}W*xE@%9Be1KM)&TCzIu10`C1% zq4UDp>EjV|$B9l(;Q|7|1u*uWw~Q@pS;2qx+O<{!vT{8YgGm?UL|GOy|LYyM=X4cQ z-kHFtEQNc5YqyT&_c+8S@f)Wyoj1`W|_2fvRM zcYw!XcMnmOtp*WBTgnDhSlvsQYo2}ThkATW6^u6bgR-pu#t=TUXE z;pdI~oWsYwa?%>si>hW;F=XyK2vGDS;Xvr-u?RcyO6Q#Z62KDU^q1&bMO*bvXD?8R z@#?s-|5NyCW;LGOcoJGM98TRn>(nL1ImYOS_Mh;&ETCrCzpCTJv%DrnqfA2&FtzSh zP2>5iI?W;zQeFP?q-ld3@P!tAfO zT?q)Re>q^Ft#_a68IiOV=2pc$n@2~6+svt~s6orV-Twg4hA$(#^}K<@E79$CsiDEzKUn-B`~5MSQoCx?*f*|*A}nvXWELI`z?4EyCZoVE&}1`k=U%z83nnWj6_!Gx7i0R<^A-bz zNmKZ5+_{rZRTB&Aa!bPzJj`V6V>P{{CD8Pjz$Hu?eSCqKz(3uU8tP}2w)-rVh48#O z=<%o;AXK;D3aWHvX}-H)f2gl@p@dm84=M9|WWT}gW6N}+!I-gluLPe zBWINwm7#&e0dnW-;)QAlbC!dBt{FyJM2HquLdBSB@l4Uk*ZHNpGTl&;Ftl*02QHPD z$AIX7sc98~Q$tyQ2jGbR>+0$Z77M0qSej};|Ay!e$@=v^HDTAkm$p+*(A6hX`U$TG z?)Vge7eW^bTb%dpBdh`ZUU%+9#yWUXrF3gg3r1wUr0Yw^Pe5Y8i*SP4Bfr-e~88m@m6%Q(Ge}JzMAJ+n0;JD~x zsW|wm+s|&eit2&7Z(o!SKh$4*;-#7?=rcgyA2HAW_6js-2>;3pXG}RE+AmpaX?m|G zAHoxy^t6?~%|F}dRlS3M#euOpd95)Li#9vv?ZTuP4la-i2M4-a2)Y68-<6RY@f|OU zHHMM@E)ET}5S~Wq$0qS;f?`aT7=Y`79^&pE#Vnu`NN^O_aeH-g6WF8p?&!veq~qxF z@A5-!gkf@jQ$T)odqav{0SbNkb7*Xi8EaD(OY-#T|ATu(vG=H%W62R zaK^yq4}0iWrFlv!OoD^Out1eBK=*1Tu08IsfV%nVTJ`V`@r5*q?J1dmMyY|?PNa6zOeqsl+s#97cnP^m z|BW?#*lb5B#oAa0W0%HH`P#fRGnL-B4Kdy^r*5BKdXE)TQ$5FA?cG+<+1bXS)Ocqa z{ptImYzk$@3b0p@4i7s~qjN5{;$C*cr;FP=KZVo3Sr$H5tz~HjAb@ZaCkF1M_JIff zVpfHsC95}gjOMtw=;%yxwEx~Ie3zuZN-L;bI!8<`B@QdSSx-7*eJ4s)W6=h1I~dQT zTF7Ldl*$ONJ|Ep0rzW0=^Au7Z@v{(TL*O~^M%`-lnuml$mG&NVWms5PS@}JjEDV_c zA51OnGW%F@Y!NC_OY8Tx*u{;$5h0{)jc?^a^kv;X^t7`*tqCtbok`rENM+$!gRc?e z$u>05+iY#+t4F-nl;))*)u-hI1n4#Qa}teWykU35sI}CuuG1*NwDzE?A0C3WF`d0A z{%}#_7aw6YjbMtiIAC#Rvqzu6Z(-XSrG*to7RPy0ly?yT*s^$4(Ujmz_H3HYJ2}E$ zCvKtBPx1zzyOF&O1aAzk75=9m_$iAVpVVg&K=x2G8UVRP*nj|mFrLx+QlW$Uaqqr; zdDv@!)LA2HBHWs&00FdxVnHmw7?t976bsXWB_0o>F!i1g!Dd)#!>a?`LmwxdLo� z*>Cx=hM7Po!Q_s(2#yAlO!R$*8wq_VP{AVnWCDbG5+z^Hvb*rD0zfrKn-t&%(Q?#- zt{7KhU^TKR@cxH{n2E=Z=9E2#sS`gYbMw-BV4$pBBzXD>DdNydkXjWPWkfbUDC>LF zjOD^fzOmu$VDR%{*upA)XVY%WV*EXlKhmB*!VVZ=qvG?&XFpfYdMVeUxsqlGCMr0} z${xFrccfBt|Jy(z?pqz50-Q(KY&2_H5M*=}c*I#u*!sT*3fV$;YBuS`%DgP5Vy6fG zGT~o>h%E6KM+hi1zjMJ0{jpt#6R~yx083_J3qBnfK=WI#Jj5q~QU0*4#N(GqrfFe! zxZGqS@;nZindVd;`eav+8rcW1eA{h7Z4Ajv8|s)EShvC>=ChX91C0#Sr7d$m&Uh;S zeEpdIqRgLiCd4>4tQ)JAbQjxoIDJj$2Eh~IC)iVQ>42*2Dkj;(5T?<0p&nHYC_Ao2 z=OoaJ0{#xr>Zn@)$BLcB*JHLDaZUoQ2Nz6e&K!8LGTWkv@()8eyu{hw)5SH1;Cm3% zJ`9t|FsEr$?3Avm${Jtws>Dsg+V!w-X@~r+d&5o(_eWFF+yOSl!V@O|-)%=PJ9qFM zY$Z`z+I^`i_BXqIh%OT_(i`vh^&`5SgE&^Z>N8EnYOo*%@bP@i2Sc+;nKXe*uN!j`iIJvjlkm)9+KB2InNElGh5cFp$zq z_Xoj)xBzYtnBI;cb}(h)gepay%N1xyIQY$uz)bQSD3D$vkSKx?dH;ySw7JGfDV z>H=Ig7*Wn2Gzm9P>hh7>YOGLHu7hBh&9j|9IsUcd42876{Lc*k`rF>Q~!a<|q#O`>~;$b|PpRG0|-lpB98Vu1x~CvXYKvF!tYCr(C_`0umNj>+vH`np|)A z>7fd=Mpy#QgSov4VtUu*{he{YFph8CycsR5@EMU6SI`@x z?7M)$5k4Ut!cp<@NL6CaTv}2BZ#8^#b#q2l#jL301(9QK+o|eDj~=0qA;`3RxJQu^ zCW9%o{)lGdI)?V?OVkd-lx?>ywpd#a72=O^{r$dV77Q8{NbCj*!q>^E8Nreep!Wh$ zqLZU~loK%8MRG54a%2M>?ie4~+61^Aa)L<`A~&!D-bKwYcOufcmS2S_S;nCkz4Fcu zEwSCY^@+3@!QYwCv?J#v0pEA?{{0$7Bb7~yX5S}NeViXKfe{nk{@g*b7z!}3$c@Mx zbixQ1kwzO&%AT}?>k-8t?$nQZTHm%nY~d^YkvaI&KXuT%P||58NsuC)K*gm4+ZJ?j zBxkg6(;UGa4$V_OTp#p7Q{&4dI|3Dkgp}Zot7%?JwpW{rmN) zqEHN#!2)w}`SwKqhzF!?*rbY{UML$iahEmg^m(!4=IK-Ew{sn}O3*&^J6ejQQLXas zwFbQf>Pqo)!`CETtMGE^oKv@Nxq7vIb+(L36G|D9gC&t6!`7#}eOwq<=^c59edTLU zYNzK)c1`Osl_qUDTbX2SiSk9I>ka8wBX0#S{BpZeqhn2$z%MGN2G-$LXeN~=nJU5~ z7K~8Ep)Y%Um)Qrz=O#hHoNO%cH0AOq$b}pPo1}Oi9{sfVNXjOfVFDrx$Z~R$663bp z*yQD}zCh@Grpd%EBvbkg78XalQ~V1!y+}MDUZ#hp@u9HCq4~iY%{-#q1zo{_AG*JJ zfPpH+NoPDqg>4U~T6gt^eB9!pHA`6ug%tj1EG*9_AL^{!sc7?O{TttZY zfh)j_qnpH!?Z#8FwVBdca*u>Hj_DCXk;MX0o+WA(NwJrlLc|>+uI|(h!M&EqV8Gh7 zWy^{^6^knE9>f!+_V6vfDyC1oG99w&k|r2QiBEXXb(H zBO0Ik<;`|(Tn?7<(D6V8sBmY9JJ~Z;DpTDwTQ+kpS05XvnR3GwQ)#!eR$S;fLOd5o z-(UL}b#`oyGENU#r`B*Yiwv6Jeb}@3R(;qVA!2#Y!689NaeSkdV37hAkq zQPCo*t=k8iMO<0L@~7ll^O;cc;0l(Nle57R7#o{7$TBW2I0Ug0MYDuS&FqCkj>R!PxK?kC}`gw~R7k`WC42Cu{umukFD{A*OBz}NXl$6Q9p$q{h zIfURtOajeNa{2P*s6-GBSssX`E9q1Y2Cy2)`a&TOp1y$T&+(=O&Lf`TrKgp99=AiY zz~(3G?b}s>ti|)$h_|w$LID&?%vR$NtcEtT4Q1^>c?7c}q<$WSau7*kxPJgbNhXoP zX+a>9kQG|QAUJQ;Q^n^vyLaO8j^>VN#SnTzHTr5|_GKldr@vzNA~_9%IF5QhD1O=@ z0M=o8v*qfB&ic$=*f+7%RM7|_Y<&25k-#yWwGmAo_{d33a_iVKgPC~or$|aD3VU?2yhi}})r3Cvr`a`@6`!?TlENUW6^|c7&L(n`Slmk?P z#e#C^Fj-9W1(6^t*VSbm?6MiG;RX&IoMId;G4zJxlZKiPG=xd-KI(88LaSMIvsR`w3n>H1O>uxpzPN6X3=li4 z^p;WSdny;xI;Rq5wev-M$FasplR&j3lXCc+&|^V|IBADq1MYxsA2@-ryM`WHTDGQ? zF<0JZ;k2OEPE>ESUeOnc6rM-zbMZBXmmV&v-Bijz!vU|el4olXESOGiO#I^cO#v`~ z8(&mRx^_*MSHejcRKQ=uLkOG^$Y5}ooe3VMHnaFZ@x_f|#jN$t{HSgPk%>r2G2R#CV;&0eXAZwd91Xd5If~5O{7>B(OSTQJ~g<2OWZjFE>AX)JEWok+mtxqaWN(f0u>|>zZOcn=L%b3Y@(@@e<12LIR#t>34g|sJCulMh z=cmiu0+s={y{3NllViX6e%orS!YiQ-8?X?AY9+Vlg@<3%%*xP2F?=D;8GpoB9|c;v zV@@3;XmkPuGV3cH1S$p3iHAtUlwXH$m@M`2vqKMfCz;-;>%P`LUU}TNEHv1z5}oR~Mnq{Jy_}7f)Jip040I3Fiy$B~`qRq! zRFrKatL@!Ka0%7z@G$5|w3dPcbOM~~x>LV@VV<$8_8$uI;G)$gQ1q_I?H1cnZ)iLv z(HQq|CY`2j6IQ}S?^zo9I^>YL+1a|huFx7(U*8e>}spm6<6hDTrQnRK?1Xig=HRwpXDaUxZ%3~sxSxI{grtk;BMotRY@OTH}?4^HY7y2Et9{IPGFaNtN&n{SW9JJVU+|C5Wb!u z?KDnUXjD&IJZdZ3teYB~Yoh-eN~I;-9VkCW@qH_eA>g-H$q@U|%aw;c*;U(ARBOm< zXBh=RI~)|qlA-a`RIABiC`t9UD_?vwq+GU}GnC+Y0+A7ae$U0L{kA_UdhscSd@6rE zIPnVtF91j@?GxOMpfY1*f`E_tbId~Ko-UrF7^?D4#CNa~{|Q>n+$Awwgx2|~M&lEz z*kAPDZTOezmuS@@O-KiT4|F&f$jyMw`)5**O{S#&N*Y}&;7GQci{)$F7K*^>W!juV zoaxt@h>qaE0sU74qR)@rwDchTYrp0kZ=Yf|ZoyUVXes2*vDP3&2J20+15T81E}?4| zL^~vk=4iis`H~KBDr8iy;Q;3ivC5Oq0+Z3{1z7Pq?{CAb#BY)MOXyvDL{8T4@7uj{ z>T;|;HNSXJSue)lB)z2(Bcb3KT#^rBG8^Ssuj}fTbrFP$xX+sj5|7D#SD5{$i>iXA zZ~(%j=j;0|N@&S}wULpRkJfVAyZ2UMi!Wrn))721F+37%#%ZE~1*n8qPoUHdS+8mr z)W31}YnVt0br%a`A8p@T!<6Ma2hk9*Ia}FeomX{r9~BFV4TJ}VM}SfwZ5SRl4G?=U zx!i=!u*DHlqiEZamN?^lkt_~HKKyBzIOxu`Oox@eSOa^Y9>=8PUzR5;Z~7AVGWPB+ zDq<=aC;?|vh{bv2=LO>St;aM3S-a0;Pkd6kh~Pd39st%&cwGT~X~Kz)wdCC~*md*| zPg{IcE&x-KClfFTB&weK<;B=0PSAhI{5dtX8x9Cx2!N9i|hQ z_rj;$zi!gQVh+5fN#N=6D2T63x-wMw%NHMY9MIAjieiar+vKaQG+pRb()tAoNGD(v z_&OtR4*wJ>ql@>Tx!^IZ1bz7XW4JBp72!7hV(gh9j)!w(Xbj$rh0N}Y2{InoriPCR z)|HaIPFuN46C6f2v^IiaHUd}yvB1g8%g;iWx~2oAjwn7KLL9*nPgu>h%3N~uCq%k% zQDUKId{&DRZYyxvO{6WOV1dJkwkE}n)OLc+@Tim_%_Jv|a6G|%VBJ-8bo8*I*wZ=n z)@Z(d)D&5Bw0gRRg%7C*|Kr%LZFwdm)lLM{By6{8X%k#nHbkcSs*WW>?7{HfX`OM) zomN#T!jDWS)Q>Z*hc&$z8Lpk@6M?TI8;jwM_>Q`Uv#M347HKt0hcdmdMz@lUZpvQ2#*7$;=i|M?wg-a~ppDl34zQ%AZkf#^5BxTo$(m@K2yY$RYWOXN(Q+ma*+-t3~)V zK^O$#6iWa0tOL&Q?g0dX!QM$cunn=DbYCC-&-I}}SX~2|6B)ds1FN$0ev`ieUj-Q; z+-hhfP@^LE%X(~%0r-p2hPN<}$hi#7Iu5w->@agqRD7O22~_5OWj zHGy~hN4>52wo2Vy&r5FS1GBVhZ6UdG2q6$LVz_c?2G^gEt2MW6mzleZeaN)oe zW=q@h3SZZ6>mA&P=`2VaHT=V!3R+rCnG>CHuo~`J91b2JS|ra&v?bFQDsR?2R<;{A zgJ|Mxx|d;{sFjo-YDg4hjC@&+K5|FsBnM~GgPIuqw%k_}9(@igYcUZyr3(f*kc{^B z_L31FUfqhWH{A9HxbWTs#aG+5-`MvcVg_YE0Qt#04#@)(oLA`?_$GHM;CWHCGQJA# zMeL^@VdVz|u$hLo_@_h3ITGj+lzZ=#X?VIx(cO>d$dUBL`G-F>wV4?x>HNXVD=m#rc3p8h_|cvDH&Bhg<4AzBlB*5+rbq;;dzk;&nMB`vtyvI3qVab5*fjE02>i6y=-)0D zBDAmnxbXkiUHIdT!2gXf*9q@dYXf1W1lVAHURzc4jz0qN9?K~BEt;Z!B+){x8KG4b z6=a1p*}05%Ik$1rwiY4|jo;5tCbSg7lh?`(;$Xgvsu4N{Ua^TDe{V`+ABTZh7^avJ z7RZ88hS%=mZVwMU`60m@A_5IBJYCWFL8Lx?0%dgfSnlzAW(lWby=D&b@ct<4{M5zB zju5PlNO0aqSS3s1k;FBMy9+H_V$Rml7bc5yFh^g%nhNlaqAGK#u@s^9bHs7ztz@}pwIEXIm10-+$~9p z^U16=;PVObqL-i?)JjF4T}9z;!8&rhHhr(K#xL(DaN~*&5#1FvH5Ml1HMTGSxhyDm zD%o|PwwSqpZBF`ea6yM>LLUNWb_aa*a3IX3CM_7G#jL;rxCh||b8D~~9P`}=VSdp27pT>Zid~W21tl?3PCpoeqQruhEYGbG!1$ly4)>-MJs;J?5;H? zkNHvtQiogjeBtMA<{MiKNb%%P+&lqGBKb*zc5SEx$;Og@OrcOzPLg|JQQ)zGgdHlZs;t%1q diff --git a/static/images/docs/synth-logger.png b/static/images/docs/synth-logger.png deleted file mode 100644 index bd19ea3ee41dc5cd6730ce6a3f54431b09f32a85..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 89284 zcmce;bySvH*Ej0kZWV)&6c7-QE~OhqLQ13?q?=p11XNH;M7p~hq+7(BF6r*>?)WDA zdDzc;{&>$gXMFGXUBj`7&3)CHYpywevAkcu5=Fg3aOc{!Yp7x`g=DW?yUBm;+Vw{$ zf5LAbl6|3sFW0RF#pF>?P)4StC*enY8)0P|IfQ|Yy|$J9HA4%8xjuunu9d#Ng|!jF zX5)G-oZ!(lF`?)34$-S)_R4ZfB)2xLSx}s@_OWl=kijSWnmL(yCs*-pmr38SqMDM6 zX_%c+mTie`uZbFt{HQY%w!Bc?hws7F*FB_A@DI*rj#G_M)f$1 z`u=fkv^C@0;^IrVqkkQ&=vjr=uYS1p8a;#V>W8k^FE#%7_Ydzs3oc(i?cWD0wye_C z_wfneDlQ-T?*sKyFV5BXM%1X{8e0xkCkGpGypG?k>lcR#)AI5Vm8^5~^L7{KXZo$7 z)vMke9UZMYr{Ci#2qtR!xWi{rh9L%PNypBE~^w7?{;xsX}9*h zuyEzqgPZ8Y?=~mvZevlt<&5s_?VX<1;ovAm`r?U-h!8w@V59Tq-yhzTE;!A?(SQ%G zQV;*JpkUu+SeJ(OAt^F6?g7W4g8kT?hK2@uMZ?q`2j1~8EmxYL=1@ir0wSUuuVr7R z8k9SCREvy$b4Ecw65WNKG-)1s;v0m7 zQ4|sasnjNG=mOX{xWy?nZ57@078Vu;1_p+mu?n*}D5N1FAzJUYgw4&@(q)pUeU_^h z|MiTM6Gn$#QxiGouJFaFx?GMm=ADb-)XDQ{3*v^{%UCpwXRYPWW5OUQ2i z*u%)!xIL1kl6*lkB0QX4y{K!TbD+ACC#Y_5yt*60rfJcb?7>tmIzdf!b4a@WSIPY$=@=ONyuF7?%+(YWaC$UKEynl{C$HPv+w1D;et3pKL{zQY_%$+; zU@qMK<41$`$hqlhSp@~#rS234wGuC(MBD}=BcpWL?yjzUr#%x54GqSyk-@Ad*($=(dPfPetm40+4`Z=^3MrDI2{o$Xy*&X$*#A?^_)B@E=`?p#hg z^X(AiY01e|7w0F~!sZh-E*s<39^XD(zxCPE(|%(-CUvQ(s3?ZVzM-+PRG;&5Oo=3w zlRJ}TVgd3;uEY7RWImE_YMqfOb^dZxqC7>Pt)m}>$cAr8ye~tE4hFE z{CT4-R$o`wdTu-9?m}m&QXx_2c%Am|Y2i5fGk+nnrB&r#T^YR&WkUh`pxx79lKoOE zTF(!RhC3g}TU}k$<;S~xdPc*I$JAj}XJ^$NcT)Sx)YpG} zxPIc`yu)y0RbEwAb~rxfY(G7XLh4d=GFq8sNe+XNAor7(m)AnQ_WlEGJ!5^OK_L(4 zO(G(qkTgln&k478^0DK76&8MX9XT4w9xB{l8yk6QotK@HgN21DB_$=Gz8O$ZG5Reu zv_CjQuI8x1J@oCT+Otsiq#1cpQQ_vn$v5+LyPHdDuH&OV>=)V@S$|x=X*OCGfMGS$ z;P?GIvzFF`diX?sUIa{N$Bq4#6n_HDJ44sg@t+7$G{1YS#={Wwg z@oMK=Xb-!3dI-6!W;+EgPJfG%AR8KDxoyQMgKpfq6~|-0K2`6judna%ZKL*rpPHJQ zhGq%kRaI5>{QNv2ApvG7i($uOkHO(#i;0>Tq>e^~O-4n`Ul z=)}B^+q0GS8=7Tr>jnnwhl`Bu?CkF1G0OA&2o4So3=E8qkB7ua#Q*MasL;^o1})-Pt^IvsJ}1br(Gd~&LEVx3F2{is60~%5dFth4nBF3O1jXhf zC71>TRRTE*{o^i4%3X&BUQfc!e%rPx=kyZMG&!N@u0UN`Gfs%r$>~VWnfB*S%R^DUG zX6KFSu;5@J6z#$xEw{71@Ta;4ZQ%vFjcCOF2SbK&-a?7^ECzZ82AG0&kkCvA7=`ch z5;M`$)ARGY!Y?G7VOm4#$Hv9QB_t%o!!tB7A$a)kAqk1w>7k{dS6G({SsY<3fc zJ8M&Q3x}K!*4M@=OG82wEG@SnsQmo=4BI0^!o!>752rjyKBJS27aB@a3JQ9Kg!DC% zxV@We!4dSz&0SA;;i>7o#wI5xm+*Sf<_o5`9wabAb~6;z%Y%W2Mod!ji@(3WpP#<0 zv76=yqULvBpUcJB0VJQ+V0z6ePF~)3KRs@X`V-G>Igq^Dd=57-+Z<$SY8r8;HI(5l zDk>4@+sUP#vu;XhMvY?kK~58mxV1Mm zErz>2TU}j+Ar5bBZf^EOd-&MHDEkn&Yv2 z&cO?R$zbc7o10r$bm)C#W@i5A?jFG^B?q&9!u4eB?BoE4f;nRK{OknoIW;vEiR@%5 z_4M>4vn{roYk}NUlb9%I*#Zk>xDYyNa!n0CH@DMrZ$?Q;N&B1=BO*&4q)|Iaiy8u=rMn*>XS@E*o7%4Ho3&-u-Tu!^xp7ko#PQ|aO z(}MvWN)DnyhJIt+cUA0v1~fDgw@NRn4cR1ha#*M=k86aSCPM_ z-rCsOj*X7}LY?--V;Zk;48qtR!i&?YaM-dq)krK_q<=!4fARhg4-7oKunomrcw>>A z#)(mt&Mq!4Iy%!wg$v2DG*RubPb@zw?J$@W8096vG$k z9~6j2!c8C4j6zB-^7X-!w~svQ%Uw=Nva(k8On)D2Oe|QH=lQ!<+sE-&R8%Z2Es6R+ z%#nBE5l4yOaO02bjN>*}h1`oKMD*6u5}y#$OjlPnXvAb5yLT5k^cG)ZVFgW3PX{$hQ}3_8RzAyJh{2vR z)ttAAJnv-k*D%{ny*V_pV=GRFG@SO)4Qjcy&l<(jAA#|Gfu(jW?R&-0QX%#9n+#L) z%(JoaqL0kKqh74ubcp;;P0N)=xh-pt@8twWPNf;N0}-RNpaVIocddn(ZxDty$h7Y$QlbuDg@3e zr}q7*F`5YBJr4{bhW^gGPI*2r+iB0Ob0hr9UlqJ=7j2tw$TB{@v0GSBK*PW=R-~Pz z(-RUr8(edKZo+Z8t{xj3+w(I`;FWl0ZU(-9Hm_XMoK>Ur12;bI3U%sJD5jms$%BX~ zZ1v>5Z{Hrs)uf}P)uF_+t6isj}S&t zIo-lU&bZ$~Q&dv8F9>m_ytSv~@eQha_@_uebwS1OKyM!hY73?vs;tb+@87>e1-84l z$H&WyLhADicc#w$mQSNj!69ULEJ{gED5%|Up<9eq;9z0(>~44pK7U^KJ4uwr#|lak zJG+w7QhRIbm5EvbQV*3;=lQmX47oH$%_;}TCQwgT*sk=ijg)3(U2LPLh@Z4gl!VIt zEG{mFau^OLCnuNV-KBxN2?)7HKf;CO<>UPk1l0Oag=uCH{1y+`q8I_ARn}etzxjYt^ zXg)nT5?!09H9W9DkZg42=QoOpwW;wVc`1e4eeoCx@bRt7qSIYYZj&N9qh(Z7$}Q_} zn#b-F22IT7b2a)C-CdlR7#f-jGan&9`prDWEY2EOZ)k+Jqw1jUL@7^wsMbCX3gD=qiR`>AIoD1}6nthIuTp<$ zJs~})O!G9Wp&xaQ-c>%zYPo)rWMXQ6Xt%6fNF{{yZG61%EB*rFH&V{ej;r}}8wTiVpqezvi_OSbsm`a4Rt}J3D7Qc56SPCoL%M@xk5!2?6KsevX>QH`hP@Ae|9}G#nil zwlGk-5naBKd+u5+t{8xUIcvVPl0hFy3Ec=qkVfY(90X5*cIQCEQAN;8`pO7-MY_Nm z!quwD1y9+Gs;r#xADXz%Omm98tn;^*CmxusOzCa*1bk5qc&zuneVRj~b~r@GGyx0O zsPxE4Bp_e=Et9V!mO8G5>p7ZRS>9Z%Z@G@QS%>n1Sl-aN9s9`Zu%4nGkKL9Z{J7-r zj%s5&XtS`TNv7g+QVbAD-tK0R`>rRJLzSc&oMz&*NkjB4m07>x93J0}uqsfp2y4ef z5_6D|Pg}g}Q};DHl8lFuB6<0eMO$4xItfiZLtUL?9%34f_AHE9m~;!Uxb~;=#^Rnt zMew!x6*1pgA!C{gmG@dZGHDp;N{<{kT=ng2k81l!!$h|dPNDGydS?v5SHuDdRVw)~ zYdd54A{uRNZHaK(CYU)mYHhXxgMwyWYiWhNaQD0i{YNtZ08yIVO3U3y2}na&6XCPd z)7_)4YOq4`xopdeilmT23=|i$wLoRk)Phjj-`!qr;vJ@o^gNLk*MQaUzHMz=N=gc( zNg^Tx?X;E?%#gG!#T+M?^iaW`L3MX}ic7By9b5_2C5`?hS!*^>XX@`>eBB!C* z`T0|jJZT||ys)sazP=uC0zRXzcyDOuqd8?BV?qby(32|Vb8yE;qc5a*Q|A$w-B5R#@0TSHcS>ts1j8Z=RtnL9z-Gl^gk3T6*yF)7=QSzviqQ6%`dNEOM)> ztE~oTN3vK(>gl9=O_udN|1MIu=ouJRR+gn>ImLRm?~{vmxLi~ho4USsBqR@O?Tq20 z3K5Uvb(NIq^;_XE`TN+mvd+n-CpoiC%7jNel|}= zG(}Lex`swhPEM)C_|G;RZmY%3TRRIe+>YJ7z4G)H=@^R8#glyD?y|AR%n-6V>`L(P z_$x9M)`RcNg)l=4z5zvPu*b6u0(8_4T21 zNzBtA+&iY`kIRd$2yE7~Dvu8B!Sqgs62inYA~JB8>CtKPHt&+ zIq}|sm?qKk5%5FYRBhH9Jj8UGfFU~Nzf5ODMMv}n>w#3kz!SX>x+SD%f>`g z=#!Yfc#?8HCUu+i!#J)957B7r>CdsiTb-Fkk>ie(&SNKh3P0z+(-c>;=x)7beits& z*RHAM+v;?f-7@xkVqDO0Z=BWp3#G?u&9|K;*3#<(+qX&0aB*ze@-*qwjF0zcwkQ8! zzmj-<$9T+M$vkc%Uhlsn&S>~#7pDn)yYf8yxZ=Qy*d9Ny^h)$^V8z8b`0zZ_}VIW+`S}SfCm6>(^gA&L^pJEE5q! zJ}R$rN{%ZxoOc(WTKsenY>GnEI38|l!#6<_dS4*`xY<(Je7Ce1ZQ0E0!&5)0*zbsm zoAhkkDQRg*qsY)l$-i-Z3nfZ;c4$pa&9)5XRLY~E=KYO{TDJ>V{)eOPXKP(;KLbmx|w(a?*) zxuDtJnwpw|mC<>>YPa18dYMwh!OjjLuS0$d-yNt5$jHe0b2Z=_r=xBCdD(Z+3en0X zVnd@>Vm2h$v-=s95EBcFg_)UvfI#HSgQstPyvKDij8rJsX)AgmH5hy!ijm11Ia-yk zXhXzPWFu4W-o2yr?kohFk8Z8BP!52F+1X{Wk&=Q+qm3ezK?OsZh`>*Cf=H?&z?<>P zD{+No-bqL>FytVVa^!>Gaz2Ds@{q^=or_ED`F>Q}moLf5ja&BX>Cu3lGGTiE>HZOV z>YVHxb2Bp^UteYVP=E|vU5T;8%%vEDB$!K|q*2pyaD>s|c?&^T-nl@RmK*+}jfa~* zE-ol0>A|a4cKh!?WFqcE0a{*GR>kkcIuVF4G|fs$LFyF9i=;V>jy_>wVHq+jfkLj( z*V;gY(idrEX-UJx#KFwm;;1>Q$mAA%v38o#r++UYy1LKJZdtrK{4$MJ7QQLeQu_HEsn6`;5l29h@E)uFMK~h zxqW;&B}6B+ru?b2Z>uKeu!3cDqrOVSrcO|cZwq06)k27zy4!`yoS&yYCVsowg^Vnz z>-i3O;C9iV$G3Uz;->>#1aeI_@~SksxpLKKI@Z-xhDubaO2=jR0&VHr)+{v_MdD;h zIqfz@W!dd_oi8@}9zSGn{rS=tLzXJA-*-+@)V_zdUXOrMN3;em3Vp z%a%H)+xgFK@I+ zS^o7W_??5{gWoJkX+6W`jYV&gW1wJ{^P)?m!@s#C96@b>0qHd3!z45;%S_H+$`RSB zwe9ZO2)>NtcY$I)ow~QL&(_|)6BeZ`^j0{?)Wx&T!NMYfSQi$wc1!n2|K#kk=)B&g%Hq-u> zDct~sUry|n5IXqoV1M62V;OKq-}2j&0!BQ8!9TKuJ6GXe1&hPenPSE`O~N3f5Vl6k1=WZ$$W$o zp@T?`vkT8j@~W^Gm6}+D^*DrZrizck69KpM2Gh8)`mj^E)56rTF^7Yijn7 z%O9kNMkg~f^UIfeb9{6tq_P>iaMcQ%rD@>E{PQ}0JiqQXysLY+owl)4-2?Y#-)^y- zBN9h0tM_wV_U4-h`1lO!RWGTrQ&W>4Q&0?zj5s?uVG7O`MI(<3rEq-#J~4_66;BZ= zr}L3*zQ+73a6!&P8QYdAXZy8HYhf^Td!HcqGx1y>H9HNRMd3^YZb~3Bk+Kq?bE28StG8 zDaIss$sOLpy^BothP+1UEG#46cv<{T+bQ|BW#H0PpjJ2^OYMDndb;6eBg1(2S} zot}>%wB=F<2M1Y|o>K;`4OLgBr@!p!b|Z>UPfrI}%G=xf7WzYZVt!#6U?i|{Gbggv zaT2JPiwACU*xPJ=t80n!t}QdTNH&g#xK4P@sr~aW18F)z6kp`=;fz02&JooOx;i=# z9{^%SM@NU>dB^Vt4X_U`;K^U`S?1fL(jaFB=MS0D(a}XnHke6voQ~;)&OF^~zA&(T z`selQ5vVi~JX%f;4j!LA0SqQ71Gr2mhOE4NZ^cs)VPQ6Qc1Gp=N4&i1N=iyH{5FeS zT-NijUZ_{tcw<;W%LrhkOp*u<(}U=zxmeR6cO~Qu09K`HUD99i$#aFOTh&l* z_55}`|J*)0-HED&%@A_uFOh}@*^Hv9%R^mM>0s|^5{=I?URPd}TB#^HiSXLU#Y}?~ zKm#plSc1psi*dohMTP_GFc8^o^Z-H&$^addocwG2{D`j!fQN{X&(I=3X?cmYC1z!r z)|FDz$W)^S=)C`k`5}>+^w;m-GF{2rKc2h4isN?KZTb!6G+Dq)HMPo5CzR|Ql0J#u z-Lk;iF0Zae1MwLWF*mt5Sf3=S8iYd#{0cs=UQ?lA=c|VTHBgNJ)Lv<~(yv~a@=;ce zPz_nmV$kt!t$09F@AVxhe3>KK>gql?n&_I22tH_`a@t=NyKe&M03eApY!rP>Oy1 zuv_)4SjdUxYBOIE;Lg6$ZnL)UBIz5TrARZF2&s}T5y0hW;f=nh(4kSW+9HO*5}8JS!t%G<&myE3Ks@~{h8(=yP;Lt7y-hqhF50Nc~3y$Bd4&8lPV zI2u-CaVZQ_@+ z8jB;+*>OchwX};fu5+S5*Hc_uLE)0+pvU!90*cr5?0CZMf)8lBM;Nd^l$V$DIc!b> z#7uQbyT3aavllqsd?6$xWMfk#M263-htl)s4uhhxv9X?>o`b_7&~`AD^_W$jJ$nx! zC?xb3%UEQ@)+PB2oME;~;r!}Q;fD_&O#8FBET@HRZHv>=7UG|~L*?i4?p-*?9f&^y zcC*3dzAUJp0c`@3^7{4bFz?C9$<-{iZ{Brty{(O^%hX<%F zDD;3&jP{nJ401V|3yb1FoF6U3A%Ln33hK#GD}Dd|{pjc@d;=|6QW8ArSpPocvw16aqyrL;I)234EMA0Ji*@&HZ?AQxR;T%=ddkGK67IOaeW z0747Hx*0*CTWBqM-QT`l5*ukt(j(PLa3$yr%elCK#(pk7p)dZ}5A7=&U_#wJJ-)s^ zX|*`6t4%UK!k<2W3JnXBNRb65dx~7dO9=JnwiSuiL`4O+_L0{9Zbnv?{nE6Kw)XGA zK~B~uUESS*D%yC2SS;+EWo2c_RaIuIgKrqaB(PK;V~%-OvMjZ8pb>LE%Ea?SMa#|3 zmLIwmgV8-WxHw#F`rP%onPeMP93!lpz15ZWG11XC(Fhz)2cL$t?CtG!Fm?cF*9*j~ zfaOPZ#s#aWv&pW}C$~wV46P$2g};FMo>j^hse_L0pBly2Jp28rZewqMzX7lF{N!YO zUY?fn>u)hJIVD3pmX^=!KZ<;LXt}XoojX=hQC=CtTdXx2 z1$Qf9-AH(`W+E*6{F6hsDLZ3-1#*r|RHB;0b5LoMuKBfStv^gtT0)|AS@p;>F=4_5-Stvmflst5;DEn zzh6PAY%oEGgC48UPOxTX(lq8qAwBoHS~)aQ4luBT#`1?5U(oIrwPSe&T4z=cFV`MA z+$KG8bWAP`n}_nkac^5(>{SAFCLn*h4PT4%^P4(aWIGIvy*dTXBm?x4sh3a7cknv2 z9ud_rD4B>aPk-`NT`ZU>y-i2MsEvCwQ-ionyQd*=y7s6gxf&ZAJ6mJty79JL`|Ky4 zbJ6OGisLjX0ZhTe&{NBq#^0 z6S83;iru`WxjBN-@Xlcp*R-9uW@l&&z?Pl0##3M7P#fQ z(<2}#-)&SM%y-6-U}OK9v+C*TQOZ%Z1yVXoDG%+zlQ%#>w(r#d*7ot^$IZ=6fcshS zW1pdM?v@nfhM{8nnkE;RLdB5%I`PeN-C0%n; zt0q7-DzUl0@95m{1xJhV!hE5_8zFfN97mh$X5&|4au4-ttG*vU9-ZdA<>RXcv@E7} z{k6(7`>E3-8o9K0r*SE$iJuP-53LP5_cu2md5n5jLaHWUr}%=@L5_MA*ykJ8#PeC6 zIy9AiQzQ)Sh^Xhg=tE_i#L&H9(W|HwuJjGD%qx{v^*XLN?$#MfYLA(8Z zC`wvH!&b9blSIFMeZckeF?~^D;`C-hecOpb`c*V*#-}IP>r~_Rc6PCB&bU$SK)PD~iuEcTclB+Y zxh?+JeP^_$bLt*iY}QZa4qg z$;P~c;(%DkI8BX1-cY&jJp<951HtI>hl(QFW5emYA~cSwukkFO+MixCE&TmzPGNd% z!8#VFcgZ+Q>uryE+Ef3Q-J+o$&kt5r`+Lje9Pva+WevRfpoF8{n#sw z^_@ROIbDg@83S5Kc(X>G#n@Pokf^++>DulUw`372xW1zHIo`7|7<^s%2~lQZsVt_V zF!D<8zF-CsqIDn#i_dZUS5s3{N5^_j>4YLPtVNt-SFz~;P~@4Jv_6TT za%$O7G#{&?prR5@IrqJF`cdnBR!*vVx?Q-GY00QYk8h7vp_Hx>GCtC@@RRS5jSX<@ ztWtQmxXg1q^PLi6V%1J_ExxysMhRpHYKHH#xnw$w7Dcu^i*%-mvJ;Oy{VTKjQTyKb zXcsn{T3JVHs$FFeebs)vWU=>rW1nET$kyJDgyc)0SpGOWIXQGtQ&o|{RsaD{__wz# z`>8GFe_VSuHD{o~=O-uSHxN3oz)wHjs*lbhUpvTURXtu>skjyMAfyV1^zqEEgfP@y zVW`s|a@#CI%Mj;!Oe2?=lES9nf*m0l8lG;6#dOK6P4+nsF*!u_zuRIuQsXRLDhj~! z&om|<=O4$#JtY@Klc4DS5&vU3lNLF)rHZ%ND$=c6XE7~dc|0Wj&SZd2s3F`|n%W&fWfR?q%$+M$F zh0W4|TNOn=+hovO*D3GgStF=w1EqbhZKCg4Wze;QxK#kwll$Z%%4%v7Dcz8yq0@V6 zKlit~_At#9zE|i_m|Rv+pkmmk})g)|P^JX6e5b)h6fueb?}x zXD>)?Z(RLAaOZzcxBLI;61|Ib$QYs*&Q9B3-3&diZsXe8^}_$VH)t7&TR_d+plJU{ zYvh{*Thrnp^HxFC@lAXw6qTWoS!D~2kNE)^Lt|bi7E12I2Oj*Xs&^|0*;0%l#UF}`(TZhAC73c%;tukmjj^p-N&*!y;TbGhXxtH+JX(L1N zdM{LRI}>VlnU^{TYGk^*T7x-S``+k^vw^-tsI~LU!I6u0PtSFF2X^k&K7YD^>MLFK zVX2J9lf~@LCF8_BYZHZnmm(+`p;~0SnABEoC?Q(pU_gw8o*)fiLxmW%RPInRsHfNVFI!J-qaGONy3njG@SROsbc0+hHurAMd9&{J7d)AWPyf~S21VyQ%QUvmeu3Z8WA$L#=d9e>RpfM@LFfv zV??tnPo7M^(t(bXlFx}-r}oUexRz1tmVWMzUwLql_O8Kc@e+S}VZIsjXB zbJpQW%RPKola`kD@^NNvZmMx)BDEmOj@#u0FOS24MB~UK0bv=q7ihTsNd$0F{$hyh zi_M?|AvypE39qR`#8v1+$#nl?oA^=tFsMR@80b|rPhA58MQDQ}BZq&gfShc`ZfP6} z`q9yfJTP2`qay1HJ| zhOpcBj%sL`kNYGT*0ET#yk?}qyR)*g(%#mVZEgl+=`iMlt5;Yw1}L$Ojm`AT3<$YY zm6ah3LE~9!HuO_355VT0uP$OKvM*k|2>Hp*@L={WC(MZQB+A@lhB%91sapCJk*%VV z)P~+R)+HHPpy1iqip_7|yE^-DE%0 zSalW#sbkc=5*k~5BO_%XwMIphh8sphr3ct$bH2rdgoH&Y(PDTJ68zWOCSpO&OimU` zi5?2bTzX8iZO@~|W*=PM`KIUQNYR`8vAOx#Zq}H%xQU;7j8}KF_yES=0|N@W5G(#T zX%wI`5l-Sjirqymc~_Ld-dwBa;4^4#T>-oT=(9D@#O|}PveHvims!n;w^nztw$E&3W@RbtcP2tg zRU_h#>jYG!5>&!*6*~D|<&`zwS^U=Zb)Ut>kcGqFdsWF0wxw53)71=#ivMU9%h~w^ zcy}B+#i9bX$W(}0kSs+wL?}#+kXpA_nb10fDvQfj68(_zB|EmhUX*VL?VqOkwu&WRtt zehC4k2W^?s2Z)eSM!wsB{Rto<#BPD|7o_{u6}$e#_0|8^(hwazDp+hMp>bcZ1x9FP z1<+H@hhK%rp8t9G>aXSVmFb})zJA>uL|A|-m#9ZTPBxoZ=X&@R0PUclAa%yPygcw& zS(U3(1{EWiu0FXbU1w0JLXYcN53T|I0%bs-xVX4X4)m3NpJ&kB;EzM-=;#<3!BT~K z@1Ca2Kc9=A0-@AnOflfmz>i|h^F3?tj@&{eQV}HyxSLw-ZSZL+uQ2U0v^*$0OU6 zwpN4h?qULn%FPb6f8GHKsYlXrbjq37>r^4i#M|w`dLa{>r<*aBu~Dtdv14t+*sBE@ zvcY&k<(ig0we_O|>S36Iob<8Lq0PoLq_bV_5gH7iPX?fcQD?VF zABJ{33;Q(2(70^Xp1l2exBKoutn0+195V}#3iZPK>l4J%$MJJ_>k`YZM+=a7{KeTW z(dPfHg-~-B^Xf@|WF6BL-zW1xmeiGw~(BR2>@FATM8oEd4zcNA~ z#pE_)3`kS$AKPmE)GIDnvT9E~dN@mHgJ87P*PqnSooJUI7;4D(FZjwwDiqfkH)<&T zTwhSwMNws}=jZYXlfyp=KHeomTEq4ME|P6hgLj5Ocx&}kV_2`Cdd>pmQn(x*-EcrM#%6T+p7T>JKQG5X}=RN!}2fmqG#nt{x1-Wy8 z@60wO*;6^0Zx}pHTuNx$CiEn3dp3Sm=fxMMOKX_dvh5=A?v*@x>gGRu!#ypQUYv;! zk-37|Z-^+_OwH$)TU#oKh*EF6iEgEGn!S1ls9d*ox{U@BzLLh9f+$hQu{chKJmyz( zyDRvnYhTW6iY3*&UQ^3)MswKzl5r$@eamJYJjhD#bNc(05k*!O;&ahrvvftSA zU((0g&wpDxEE4F0X8V-H#C$LcgDfpY#=Gaw=y|E-;+~fyiey-Giob*@ULmIV-%}Jz zmyA8^+V*POtL)>rgV0CR#MPFjwG+aG`rc)aIKsYqOozU7=~uRPC{M!S3?b>;YD$C09g|y%}NsDyK_Ggb%jTr2ImIB^^ zX6Jtl-Pc%e{m&srEsc$7g}PU_eeL!CArJ^@y#5}banXjW5W5ziIMfRWC+Oztr~h;L zx`NZGFWWnT7hjgLU;p##VC}sBF>Cw(zXjrlz)fKpGxo~Dr1xLzmsbC|BhBE-%1ZF( zMMMmNb4ycB?gh%!TTbXx3uitm-S~TW!uxl;ue1P{pF1=JpW^=ZHW<dPb@o z3qc(W)V8oN68s$8JQW7*Kr^?6KUHT8!w8Iu;(^kr(>WoUXA&gozqvPW>@Vde30g`L;Rb+oZJNN|wM1>9vXjgz$ z!9qeqOKTz#73X$-)D%FD)Y;mcs=rOT&>4r&{bpi5Ugh}X{U1PSRRNFYTx^U$)ViG5 znVPPEe-{dHzh~HM<%WTY4(AjS76ziVJ%)#apFb9Z*=cuCAxjbL+im0Hu5e-6H1$e5^Q~zl zpVO{#{+kcbr>iq|HZ>iB;SDiX(Z|}cHPh$`tvMGLsFwi*03{>TxC6btyVFQt5U%9a zo^#9jwa#glTYbXVZXiUcm%U9`DhqcIeDNXzGeS~PL*vrL9YUuB)DWG?`F1N4c!6ot z^3+P9?zRAH`bvM!2>5Y;4UCw`f^Gsh!EJ{sAnw5umz|vr@-;L<_U!VkUK^W#$Hc`! zs#Mhc#ztIZWCi$fcNRK9MGCTqGq4G+udl<4hejDX%7&d9bI`JHfU;Jt%3%v0Z#YR5U9idP zKKb$f+RED6*|_tDf`USE!4?9%)}0GjfYfwl=0??@U)M@OH=xOdxP z%F5x;4+R6u`H=rzI0hy-@JvjcW}EIuruKAqgWV6B(#)J3A}lQOfR}K>D$AJ$8o5+3 z+|qjD5fj%qZ0Q8N4F2}*$D9=?G(apX0Bk()w-7g|51zz>hXI|0|FOs6$qAVI9`ZRA z6%@#Q`Wx=x6O^I$;r)O)4ZeOPs6Ht{CzW5F9gmb@E?R~+y907T>Z6Nfh6(^ zE(2R3GhX+o6vJ9SbEP%I8D&afDTBS3uib#Tfl0ytqrNTY17K6V7 zx_PJlAw&O%T+?q5`qlfxreO7Q+-c{4o9DUjxP`>Kq`UF(F1^wk)!&nT_kn>J2yf%U zw_whPPgejf7qSyh>^OTrsJRGy`X?K;T0$ijV@~a|Ldl@~29GSm$s$-}?N$d#$sn7d zqo9QIIhPEX;Rf79B{)1jzQlPT|B!X3NQ8lmhZQubW;Xh)1dU&bqJn~0z(_JXt9Rdc zq-5a{ikRcppj5#dQP| z=BE1;$PB<%jS~Q-wz=#u>xB*m)uPKjoen&*;^J0%bT2;Nld;Nzrtng(zB(j#BqLN+ zU46Mj0K6-o{UMOd0%cxS#(6Zs^;9Z~9qin<(a<1q7Ju&mW%@&!lOSn+#~D8kp;_34 z0&oO)T{hO%t9U*5hCV)H#jj-yLx9}MB?w< z+RIAfvMUorDP`87Asc*NJf5pj32tgNdfXHC`#3l$tcrP>XY)}ApC%xVMf{0#=-+MD z-CFa?-QL*=!P3WuXCwy`0J~YZyQM;gN}<7+%fT3#6+{Pkv4Ql3P~C#7@9gh?_4W1j z_b=6bk)v7+GJPO|n>#!4E(6!AsUBTmw93&M)W3_1i<6UY=9rJ{!eRmgF$oEI9JlrS zL|9-W9DQy0h-qH6UAqO5UoI#$g3~1nAPIu84&D+I8{6K8Tg0H=SOk4aa0CN287z9R zB!dsq0Y@|(fxi7dH2XaAY4*%9ZFU3SfMR|HQRzWbe zMPT9L_CqR!1-y3i=iQdm=bx;eGe`MK(iDmne*Z3{2h#)Ah)elUv1$$sh;qjYX23$6 z8$Sz+H54LHv+&!mM~_jx0MqH^%z*Xzw@ERG;Y+=9TZaA}o)|D0KvfT6T|V=b2c-GR z`#;C^0eZ?-EzV3&Z(0}V1}6&a2GHu*TVo*sE*KCdK(ZLDb8S(rdFKc-2ws~#r`vf@WaKie`P~vsXHdC-Fx|H5 zP_@`3qy!$KUA^dg(O1N3Wbgx{-gKF|x;iLjDvz-C#~l{{V~Q3fc1%9)1KZ6x1T=LJ zDX90Wb&z-N7dQq%gysQT4)qE;Dyl-Lkcdc$aStU6iyT+;ThKKF-2huhyiI!*1L(}Za{HP;w}5%M;S%n|Ik0l+vMA?bQxK-}8ef}JqbV5=bzAv~<= z5AiykA-Ql^FJBN6D*s+1k_7vXwDd>|xU`4R9jPk8?hq}uRbNR2VuORRiHRBA;uxrv zG?2zHJo*!V01E+I0Yx$Eiyw`QL2v;Mf4RHIcl}m)|B$tOn!wiBk{c8nx<7GoZa>=; z0KbRW%FD{i`aaCFQI#ZF!xGgF6(m?HYP|-dr){bS6qcc+r&G*c>`Ci{AkS7;%1(r& z1?#ibfQJ1UpwvqKPDfWO)FS}E!8{2MYf#7q(w3|~&7Ii?@anrI%tjXA^B|h21QV&E zVkol$kW?$%bFE~7F)?S5EQWulHS59rjp^<;DTZB3Y?FVQLShN-PS>gho$g);c*YN4 zA0#k-zR`+`zqViM%BFhZ9a4JzqaUb|K0p|nADBn=&1D`oHzJWHIzw6~X+msLqrNXXvLyG&n* zcuHWnAsyf`svp7zF1SpZW`(M-nHZG3u*Jqejf->P(CJEEtt%*RA*Io3Xv2hs)Xx#s zo`OjIU&Or!SXJ4!C5%<2B9wxP2^9ntC95P60Ywlci{xlTGLj`5KoJE*l4K?493+d0 zjAY~xRdSS^p~nI2y0828yLDgp|Nisc&wC0E`|Q2eTr-S0=a~Bo5@lDGX9{Vp``#Q2 zzIOu#2{xD|iZIxWGp}yh7SWni{dw!mj#UBVdQf`nl%E9rd>qu1eiD#lrU1jYxw%;e zEsdW(-9|jX;8{A7fKcH&+Fe)Xn+j=chEh;xc$^$eQ^>=Bf8%ccQ=S*0g4*zv0gRgTCY3Q(7Wd$4GDn1@avQepMW5cSk{76FR5XM;!F^tycY>dH za18~E4$??!>Ng{b2)l-vr6ujj8^TSA>Y8>_4dLNO?)W~A{iM8xPoEohadF|KmbAAo zs0Gu(804okLHD=NHQYdEt5SkO#Pt*03wbm_+{P_2}0j>ic5b*P)wp5zgxs zHvi&sWuKZie${~iBBn;tv|Q83js0QSq%6O@U!h@UwXJjzY7`*B;$}w`qebpQE8h^05`MH#_y# zV6)@J1~lr*T+}n$q~D72_nU~`jQgba(l-6tpiAf@)j;*8gfR0Ofkj)Jo6#K&6b*@^ z9sSuQ=A#C^t!s<>T54Kzux&rRtoxCv29OHtRizaGWr5Cr>yLK-gLw@*|-$n{P0`*Ld>LQf>p~_J5A%{=X$k` z27UYk!}lE$$nV*>jtUBzyE-%7x$RC9rWTN%Vst@rggjr%Fd`ZcH#~+>`+g=Rhrdd-}2_d=G)gH zs=h4BskU?DSm%K$>j+Op4XfLwFOM=SCLTC-%h~y!jg13Xoq!Nb=SwWqCuy!!@^r*c z8lub=O{>J#*8pW+Zf@9tOm1><%T$ddbn4B+Xh6e&P6}ZHc&xNYcq7R zo6&VY&oYXSGjU4cIf2n`RUdHa*86km;abyW%$Y_%;LQ-jnW2}s9JGpfcJ3#}53A8^ zbm@?LBANYi)l$JRF^6>Bbi)}7_OChbZNGJSpBDW=Gh?A{r#XM_=1=qRo$gY0Z6nsN zyB438r#(>*o}7(Pq|G1yR^G$xM?*2ym^ETn8P%1vG#WAHetgA5z@|;Ntg0jPy$5yT zWz}O9qan0=4z_smW)w$UM%8+c4L?Uw!iOJCs+t|?uJU0iMygv0jm!>C7l$t-YMh2w zjqvU){C#-tsaD#vKfehsOz-w-`myf=QO_rNH2{n%h0L^ZHl~Y zYA|oPRp&d$$fF^L!dqPGDM>;z3n8g03C$r=skhW*e5h#KJQo^RI!=zhHNThF*Hqbk zR&fuZVxgHQb&o_wc<}D+ST#Lda7jMQc~R*+K{5;T^M4LmQRZ+tl1u}5En zfquhiJbUZdqY<~qxQ_{k#oDQ=X}k+RA-LdqS$47MXvA4so6MiS=1!`<%*Jx1v^yWyCCP!JSel7XkkfNP3X zbHM#XIF~wtJqBN|4+ z+!JsRyb6?rtU&1HgBRZYP9YI=#vD&m#wKevP_HxeH3fb&!0VGb`UNb=|Y2% z9oi4XeOR`8KnjVWwL*f*!82w=E=_dkLdht=M?xwd?)m)OTqU#^96P`&b^T^#QUbVb zgb+jDzo#NjLK{Mh{&C>HI87NKrG=hRHOg;*pZx08D{$cXjQF760^P&Vave8PhJYWy z%PE{&6Y8D&%q^z?UyOwvWE4 z6PG$rW^H<|kuR)`_Fh>=!|(L;Y>7v8?xgm*vVTplsP2tuy=|J->sH&>HdQ&w+ER#< z`RQ_@kGiZ`*PaC5kgC15<|j9*`UYH;?*6>e;?`Pb$l$4i<%Tz;tgL+7*Rrpg?&Qgo z*RRhBd(}M@4hIAR|En1uD%KcC2{QDBx(%^FpK_#v&Y)=#?kmsUKLLKIVSTZ#fJM?( z4DQ~&i;x7O&;tAtZle5_^Y{fkL-$&p$4x|h23zY+!=Hn&3_G{~#IrtQ&ZP3LZoi!h*2ghz6FrkZK zDexqS6n4BOw_qX#R~9E~B|&s((O=t51h?!)ploRz7RQVV<|6fq%%_gbla-^D3&tLLX%^oN?`DTxH?A$xn>MP-4xIV$TW)!pnpE99 zbwakX^2w!@8Ke7b$K`~@*aF{<)U}?q)0kB(N|blXRbVDp8`W1dyXMKocU73oUZY<& zs-Ql0kT5&4SlQw1+|^Arq7i2_)~h)#QaDPreWIJwbU>%Hd^_HmRmwLFr}|KNFI@>U z-EI^0htH^(is2mdt%z>5{OVh$g3ekI(Gi9mGIDZ0l&Liz1>ENL^r;mVj2)f+b^XX0 z8Bg}rAj+ZV=C*)pycl)`ez%ASlwu-e1#L|1c|RWlzPcEu)B1J{mNM98Bs(hDIu_Mj zVn)d7P>_=|M-f1fX$dC@drIX2lZlwF4L<@pjJ6L-4|qtxy7sz$))U}4dbArrD80%2 zq>h8bie6%vQlWjmvl_A!0Lf=sO{L}J)euZq_D3DGqLZX!?V$u z8OO|f@8>l^1ULoV0uiH4v6Q?@%R z3r9_P_tm*lji`jxXy=85B#;}%vl#0Ti2m;O(w3i78JZp!2RZ0J2bvHjmlg{(TzZUb zN|{0%vYjv9^j>LuB^|b_Z6#8}hiWC;KU+BQgYAIjQqXWYo3TM-)l1XnKx2)=p^TNu zYE0jj-J_<1;AZVC49uTvk5`C`l=#RE^#JUXABP&TJG}{VXTa+KU%8ZkX_Ux&j0HqY zif9w*KcK{kDj7`l^r6wweJ~w3x=d_rz!SeCW>rnseq$Ehpv$^joOdI*o|F@UcrolIF|Qg{ z!>QLe1aOc(Ri`cz&Y(Vm%tMC`p`R8ymY?4a+LYKt46hQ3Mh|0{YsP7804k*IaiebcD9$6l%T3DebJAicKXn< zNsDJgDvQMh0qhm&0~}c;qHTOrI~952E)H7X30GX%V%6cm)U!i;WS4KXmV)cWvw182 zTG}bvYE#q0jvs?c_mwI)*-U=-D=)S@)?sUe{KFN7_@_i59PtH@S)WX|9K&{AaC%r< z=a}&R#OcF6{wQ`gg8lFir5XGAlhOnJ!t(OM=;{(f!w3n3e31U|VW3cCdV2HTfG*XN%ExVpN9gEfWP0=Fy&+S4G#9a?EsK^@!-UyWp~tuop*W*%gap zL{AK!9-qy$zKRL~?mm(bflzfXUi`!*h`$Ae6dYh!%(iUPJ8g-=Sv?ccU@)x>yzs+q8MaT_@~ zY4^!wERbvBVdaHv&C2P48JCsxPoXutM>>?!9m1TcXj`JD;(`i|pWm{DWmtoxFp zWdPR)3lmTNilfc6l0Wagj#7PcOl{z?GFhs34+aga%?KDLvu~4qyR@<|wAkuwy{fQ@ zZzb#gE6Q9d?rt@W-`^wLWmQ+QHIuGdWSkRZ9ka6v*3R%5stA-mrYCH&r=Y)KG-PDP zVo#9XH}*l7>BPdh9F{#_Zdcm1SKss!&7z}Ds0#GaSD7}v@?K#(BcbpL?e<-iX|1-5 z8D?LoXy%(2n)hXk_fUEJy|hYeVM@{0NRFyA_4q6!81UrO%QSBGuQyL>a(v9qgb9)g zKHJ>ZrXE%2y7%P!8!7r-ybj z_~((4ep&+Da{_=hhk!skAU1$^Wf9e2fq^un0%|fLJ8jZc@(_U*i_#%_8S?W$E9 zei?Fz7ttGnW22X%1iB0a1%~$SeiD%mD+?Vfv&Di1NQ|JVp6KkD)pksIjdVd_LRY$6 zx^$@|E~$Wt9#|sL@4@>saHHT?p_-uEl?NnB2a0nnL`YEY;CMWBL^-Jz_F;+mJT`tkB})l`K-kGrQfK$jSuU5vUeRk{Bwbh*~SbQTMl-wF&N}kzvNK__a4G&`K-Q4z~QKY4- zpn8+RAS2I#yq7*Ux*ge24L&c)q!+BeIqkvbh>gZ5J|&h4jE=6rZ&a}UvMUuRFjA7u zYF%*yAHj7{T-?&7C!ghcFzV%cAWP|emn%ZI*gwdsJ3r;I#>(-_%O9FETIqdul&2U( zxf}2e-%})3j}S|k4cpFiPe1hjgmd=h35{%(pU|%1Tg4|Oh==OFYCJ=*xw%br^*UBZ z(s0GxbsY)2+hRJoZM{JD+%CHRiJ4_fBszQ>6(2YgMY(z~NjgVQuY-al|2H6;*R#XY z!H8`RyPv(m9UyWGX?&ynDW9Ti0Q4^+$&GzPT?ABy+-37MB<=NQwH836?a8WuIsMH+MPx}9SS+oH#%y>Ne%Qi59wFH2jw8G7d~S# z^p==x0lD{CC^h6vBjneB!~4{qm;1`JInir=h=CyzDixv(y4JGyz*28JO-@e2|1M)( zQ&J>c?n^s2dA@v!B9FLq_;y53eS3}WijNa|QpWkVP*7y$l88W%fm9zH3TKjebx=-q zzf<%1jEpOP>#gcm78XXv7@@%yTJ;R=noxu)$SiK(o}i$rrp7{#oZrQ;np>xyUP31Y zh?(btU($-t|ymKz{B^u5IK{MyA||NC(5U+8c5_n}pxIVbXvx`|Ae>Ja@= zk)Fc=(r0oHkVN;dp}(E%<^g+0t>a^ysr+5=qj&wUPLQsBxA%XJ8ME#0(Ec$*z4qDr zdY$oW`0IZKh*k?!U%QMveW>2OIMD#-OK)P1+s|*hdHIbLO$xEefWn%+_GX?O5 zUA-2H3vC+Cmq4x##ei~;gRJXc&EKq#Jwpx|H{Dk?d93MA~^ zAkARR*fuRAa=c<&Y=Z0iq1Ob$KY1%-o?$h+!nKwD^y#lH1DbE5;w+-%b*^vNutDrX zR9*AfX7S2a9k*+o!{@GB$QT%KB`2exj4Z*(!Hf%lFd!3sRLTIPiXhJ*6b5}p|3cYl zcxbnR`Z4(j|EKRenCNHE^!qy*;g2ze7Q{ zQ_7SwOlLD$+9O@Pu;lS(TJ@>Enh)BXprEQmKz!}QN9byBNJT~MhYM1AgdR8_NQt}^ znbwYs?(T&o^9JzBJ)yOK3pWPtv^1tQxVi22fXP4Ziu#V^OVhM*{5??ALE^Cw)I=b^!TuJ_5-;}FRu2rT9b4(9$K~b_jTWO4vxKhVdFLJ zPCFuTH0L)Nj=#>tf5YMbb(19b_iN9e`x->SMd=Z`_>yaMacIco?jYrQ_AX=Mr^Uq9 z@!cLmS3T17idaAWvKap&5BUAmFxFspKLu@;f;;yWf@oH7g%l5O7ENm+ea>T>`J88$ z2u~~OHnW|Ek$AhcjV2_0RsYWJ=aIHc+r0nyFvk`~VZ~_rt%OYrO;a$!QmS?nLFTXF@)97{6)g*ISf}s6d4z80QvZq?@ z|1yszeerS7dq{#_5GGPgB0c)>;ct(MPN4eZv+I70egR|+ri|#918bF@=Ui{DCo6k3&aW-O~GWXcp7>DIkcWDEM&1%+(_|Snf&?l?q+h*EnAF}pD+on z>PafC%?*tg|HIqp9KzYfm7Janckd==H53X-D-KJ=)xQ7jx8J-TOGTyqU^c8gP+1%I z42YYYS=34Y=RK0L!`f$}wRT4mYP!D0NB>g14X@Atj@Sb{)^QCvhzd~4AS(=NG1rS> zrMGr?ynFW!h+P?L*1(w-~{{G1`oibIai-!1NeQ;Y>CFL#_jG@k3lA7CcdIk8u`>*=xJuZ0eU z|HK`PTW=7k=Y%_$0hbwB8&z9v;B-C;{H?Ct#OjGQXa$zqa{F zqIm}JE)>+lB*F*sJ{(%xCK>a;nX&)R)!@Hf0Pz3&<=Cp&)>a@| zq;B*3*8EBOmsZnd*&TI(>f6q(mpCj(_5Xf-+1yU}h;i}0Q0C|jzbw_isBUm6PyZbw zWeCx`z7Kxyp{JiyBui!Y4^(<8{krHwvAVDexeI$xxy6m6B(aD0abhtw9BEsGi3 zKQ$eUal^e7nCE$0%$JHQJZs3FdOfhJpkEW5sata<3lwvG7*40WbWZ%{+Ja#IvtM~! z@AA+`F%mgZjSazVpG6plX$4#T{9k=*wT=zz>^VO}VVIC!82t9}>?rr=zp2vya?_2U zoUbRv{a8zkM5i|u4~vPHnd$O^L}8#{gC&nk{4sjJJ4x|YPi$&o#9Q~)?9%T*lr$|H&SnJGM-Ym8iR8 zcZQt%aL{s-3%vT0<_zLi%Deqd@BPzl!Ui?fYai~vd%S`E1{*hRn{^p9KZ%T~Q@eaq zROWeDiV3L|>mvN{oa6=o{uji#{uB<+T&QV!{9<0})309%?%_UTEC~uKViHD38<Dj#B* zNJPS6Gf=HZ=>aQ)KfHMHqJqMk^*_-;%>N1%iGhJE^h82pQFo18iv;I2Kl)byzZ#lb za=q=_%7#Z(nm9$qta1^6laqKMFLltpMiWKCoG&@+r$#dV`~k9^+bJCK8|9hlKUp0W z$v(Qv+R&S*w*>)d{@EPuSI8qSJuovi7SksXUt1Gjd$aD^iQ`*=@Vi)4X%o(8 zgrq-@Jh)eqPtLc7bJM(+05S`QP2WTe=yFi6P`{3wDNQ&aIhsQgF$^$Sg=S-SQc_io zgqT=t^}JjA^=gzMqn29y(xq9jYKjQQEw$*V?JnQieg+94OG_i`rkh)Z!>i@e&Bo90 z=|=bI6m=z{J9I_3#X@-++z+d4bD4X`tHV&>qC>!R~MIfg3DcN z-MW0yZvXSbTW(?9XU?EJH)57o40xn_?Ygc2_gr|wakomJss}fdximC8X|mmIEP;oq*X4~ZNu}&mTRjl zUhuz^JYEgt&t<}B(ZSWCsb@!P@|*f>jbm9RoWECY*uEn&9l2ljpj_GI`PhS%WX65l z9wFzsi24#FIe9Ec)NWq}@Lr=WM_7v?+;*=;`uF|I0QYos2(qz_3}7dA!{uC4=lr@R`LLMUb%#&&yzx0TxXu8a(skaSMZbS868sr>QulGyi8mE_YzR3q6_ zAQ6r>(?~bXIhOlS8~0lv+5f8vi9DAdnZ$=ok6WQBPf{5dB!~G z%)s}^tGcGf4ZOL#Nusx_O|C3-HcS+ezdlp9IJHZ$_x)z-a2yyO^vDIKL}GxB3-p}Lyj2^@U0hJ+dpvWc81K*E-pp=*dwiOVaP8} z48e&nD7;7aUpSwk|Ni}R0)@P2R1=h)qE1MwgGSf%^TfYg(7#mwKQroUUUrt7^y{XB zmAb?rKZ;c=&UCQI;Br_4XTG3>P85UIt%#n}8G!>2Zq{wXVp=tfQ*E#7UQ8>Dz zwulsKqIGrlK%TDE@!`PdXT_g>%ASISsg^I~2~yn_OTKDvQmPfqM`>GCbR77NB~S7= z=47OwG5FF%qd>^@IdWv=>_ngVjMcoAbBWRZm)mR|>SG$@DKdm?Y4gI+{MI3sl)=7!!RyVN_c|Rk+sej^V=SGE)a>qW-Xkf0P~EC&iZriITKH6znu4iW#LQjRwusBQo=$zSo8sEuXX;d8({xi(1a?o@EJA45nrmiqg3_ad z`^a|nwm(D8B}G3-@SdhHGOGN-XlBUY?c7J5*!pRx{=tN>BF}}^4RK31b-Fx_Q19i_0 zhRPehKTdC@m^gOvH>Qon42GLlOPud6M7Pw>mPAjB+03mNq+7`ihPnpVi0F)}ynOL? zqJovR%8F*C_xFgIXJ>ydUAg0Xb?e>>OEko@tuVJleU-n92tZ|V8v4oTIfdQP(f zv-+wL`Buxp@%4daNlCi(?qvGSf^x#CY`2V-^+yw0&EiBq?9ZUs1?8JJMLUw?9gtX% zlYgN5+YdJSr+iYh%l(dNpzdiZ+8(qQb(D2l+O z$l^%p&!hI{ z3^@vK8~w%?JO*2>{I=C-i&=WKw~53Kr^J{q4LWIOR4sOQ_hp)&X+uVC0X<|)f+%A} z&XnlN3J4US?{Ay$nt8nMU;d^q7X6yYo;0HyPBG^eiViWV8zqo|NOuPEnoiCSP#s^3 zh|kF%a7heClNZt_BZR4@p+=MpBr2r{34>}KWz+lj?d#Wmu;yMw$KbQ=Xfs2*Qp(T{ z^dBHI;K#8@iMM{t}(_b}6ZP8qudtm@G0oz8n>U%iLO=eU{S zJ00K3&Yl#iGU?FF>)rNZ3tf$zaoIPTauafD^4{=`Z29@K?%5?nmGgve zECHf=J=$lSYvPYzobYGj^#6P=r1lBAV{WnK6&bbrwC(3&iat!guh=y4NWg)ZG!yxL z?Z@dn190MB+6kw3PjtVrr{ z_;a(@C5>qMN^c`4ugh7SYA4;cZMtTY*K%~84jw8pd0aGY(O20^QFcCTJd)Lc)8GvI z%I!1v^cA!@4aiI<%oCa-eQE`Ak9|GbD$GUiO8$t-Yp}lUrq+W@M#QTy=_aN)4dA^nH>6-uRN+qhH?SNd!!l(@F;T z>P)omx2@HfI#n)+R-2^itV2NonL@={b4DtgMX&PX4efbuzE*8cpG>4B$@F;5$g5I8 zJVW&q=`XW`LfN1NMqa8(V1_f?7&X)92LSxN4qmVD-L zY3CLN8e)I-R>6maCZmBL1MKv@QW#2eFe|qtR>mo8&MetMopyV+$x%L}f)|rETW;d{ zQ&(A27;S&<6Ashl9Gph`V$Y^8wJc@(j+Z6Io7Y&p5Ogq#jEXvTG$=dwhy;5g{Y%WV z@bbFF;s0QG>x1vd=uxGr=s?c2vd85~k`3S7gt)D)?tou7`EY`y2q*nZKR>G}?Z;*= zf9m$L)5EdF;?0Tl4T{}&rrNUy|B?L%kN$CoWgX*HNw1UENS(93JM-d1x76i+#(j!~ z6`!rl^My6%PZ^xavZ|Z!om+I69^otayfFG>cIKAo<0JH2wjU-Hs*lYVi}qtUVo@LI zMG&fIJE5$8x0hg}mI%!|Nv~l|>=@G$1%`bNTA3eI&L>H_DMv9l-R`GUB z%d75)IfZtdj>6u|dut3(yt;Yh2G?7<&|`Q7Fa-`A4svSQGKK+oiB1&biT zfu@qBh?7>bGGLDTg^8MqQ`tS0EZPP=-P&4Pw0iZg=BjMenS1|6vx6bBK2G7X zwbjJ?{3n()g}vHZ36&0u+G+J#j5imk8v^A6{Ca5(G96w=8%epkcn`&S?-mL_5<#O$ z`zD)v!kUv@DIi2)p(7_TIM2_HBkh2PzG&Lx^d~=P8CsitvIrFge##aq!MYq@MAJwz z@DN)20+&Ps>^K_oN41x4a-`YLEIH^*$Ob4ge5qR@JH@K|GK)|@8^+pKQy+vk$Br-5 zq+eawEap>~PLL~+=0R<;S5{UQW$2AhE&y&_U0j%2=hlL}pB-09?x?eB7A&Gb9z}dR zge3eDCm=}y&pyW6`qoK@WI&R<`Bj`E6s%Waz=@pK!;lFQGeAZT+Ld{1m6V4J4lVlhU;p zh&|0+Pz)|uIImY%@j3lo^9sM%(Diyxp+M#Giebqz6)!5{Ch^ZLEjh@W`FI9ADtHr2 z`Th3Lpkr~8Kwpl2S%5en>$fk8>_1WkdZYt5o3wUYE!FtMToHN`ML9>15a%-ukgYxZ zlZqm7(JyMWz}H|O^TZ7i;Su|EtEJw^k?J7A;%m{gL)w4@?ysben+K^0GP670n_|)V z;=0p+bAYlR_n@k%ia^d}Mcu*|LA4XOVnfch3jQVTlOhwdXEYLPJzpA%o;@2-+$euC zDm2!7*q{34OtQaMg7Ua$rne&{tZhpmlgzeYQIFqOtk`I^N>U3E6I;?PTvyQNw1 zijsc5EaXcl`<*#XX;F@(*v$At=94rX*4Ag;6XGaT0=Dha-@nl4<&)(msOHR}=Xb$; za6rCn3*C2Gh6D4jR28Rk-(Gfa&$U>TdcRE3k`w!tkdpewlk)p`L5IfY(z#n2l^K2_ z8V>2Mc6yh;gqIgabQKf4{G@!}Ba9~?oOeF=5!$b1* zyzA>Q;^Gir=R|9M)hD@y{vyde_{o5lwO^ULgCf5Qo6fj2u4gFBs1nwTJNk~RtmlcVubjP3 zdH>G=YsIuA8BEAr>HO3@e8r@A_2yPTcI%qq)sLT3qABTlPl}AN5bv3!?bF6bt8YlE zucZHKKm4bU^qqT{nQYRePNj~uConfCcplhFmYT2B|do>s2wkG>I+ z5GcrclvT5NB_PJ>viFz32wxtlR=Wv$9Y$9Oj5e{>&zs7e#REm}r` zppz7QG{4aNwpKXdgL~qqTH>Cad(-*w{Ms`7*;jL@BK@?5Ox(+F6`ZS+}GFX zgLk@}C~-H#e#Sy0r;k&*X}yW7ZOse8Yp&-Np`erH}S9V!|b~NM=ZnbMy0<+cWCdP)ZS&`{^=8M+{cla2Ha`|Y`yt0{}qh;@Y7Mbfm zvr=DLd7gA^wz2L<`Ipjzy%!iiR@QS=4`wIlr`uYn)(>+~kkfT^xcFu)UvfzAR`t=A ziEt@t`#`wWD#2{?jD1nileiQUlgp+F3G;&Q)1xo@DknsAUmaxUe{Rci^Oe+9mE9?) zb_uER+4q($2b^Mci!Gb_$)fd2!dc$vpc<=S}&6x*NOr z4>%H~`EaJ1H{UjVh1o`I@VN(6864~yjVh!bK7kCDyKO&8#6QOaVYWS$i73wGeYS6Z zSLBwELK#tNsH)0_HtaSpGdea}ez5n4OlAJVH!*K0>8GU@JypMSxp}JkSoCxc@?I|I z5gO4oZP03rWOFSSE6)-N>nM>;dp-#Y6*Dj%kP)Tsb=VyrUC*mC71-?pDgx389^ zN=S<8@D7xWjz1>e9`{m~isDh`U6xDnd6eH9(vGMoX3Iq=XVWW03XwVq*~%p_rwt@9 ziz6k!I)t^t z>!0hgzmDFrYL-q@#n+0GNUw=X7bw+Z9w=CG#@JA)D=mur`w92efQM^$GGrjf_WR?EpMg?@LYh$Cg0+3nW+ zvnz6^i9Pfy)ai-Knqwx7tecxWeJmxndhkf>9=R|eE`2gLZ!~L=&a&HWVkI`mH%TTb zosxd}`ujHT2{33L?@UVqJ{~3p{j_Px^HdgOfW@6HU^bpcQDw9%+h}K10;)QiA4FZNw2n-IO3KNxIXj?qV$(e^bQq*bu!`)Gh=datO`|o8-_WZd9IFL9w z{pW`8FX8#iHunn;ifL*(fC>pk$=Q>&6&3nL4>zL986IRT8r0l0!8*k6u$+hXfXP%8 zf})~olq*NYebiEJh{(uPqbC_%;}JYIjFhjHyEPRLBj>WN-8<=&@v)%3(ZJq{kxtBHjAK*`Sp%uNdbrvzwJ zuw-1|M_@U8J6^J~=!i)}WRL!-#>k#)ry8{k-6GX8Vt50dXXxna5(y!|jj?&tCRCm>eI^xi=P??(_Qfq5ewL)Qq%bjiNvXRsU6| zH1sn3ny&2_uGi8?(@Ef-pq9W73d3T82o-wVR(e-SuNxTHb-vr6s@lTxqdP%zYtfOp z#L8CBLi6sSA?&e=JnI&^g5~)^ls}{KL<;5p;4(nERJj0?=T4&50u1H-x3PT0In>(K zhfsP#wu>ox+tZIoiE(nGTf+vlcxdjx1ml#nvXD}4Rp7y{o@hG&2`5!g&UR6$|(Iu;V@e8KD4#v zqd;ch(du?|B}i5_-y&|z>Oa4BM+^Dpii!$i-vG`Rs(et`c+M{QIri#R-r9z(ZV3Jn zUfpoLjQ*Y;Zj^*K2o^a}*3yz;MbNrFiQ{F`T{iF|Lm|LwYh)#H{Sz9rG#;((O6cl_ zV4q2AKofz)qu22(^b3ot(y=k7@~j6oR(gO6Y7qZn;`iRYsB0o^i^jJ6FB{|-zqb1Qm>dqk6J_=F z_4QaBF})@yLj3`W_Vv?uKmtebfJBK(fIsmBfKLM4IbgFYLQ95Rw9I+Z8WeIulY$Vi z0QLPK-l}y;*ZgODq@BV&;g17NB?P^28$6hxd61V3CC7azo!8}%ChKiYc=(FXGLcfq z&IUY#pp0N*6||eLZ*SKit-+F_y#HCDLpQhvW5=*GV2f)`*YV8Am;&_@Dur1bUvV3# z=<3E&en%HdZ8ExWcd=_MqM;JvwR)_1?u2q9@P3INc|LN0&7)gw|!~niQv_ccrnY;TJlysrO5057I z2<`U$TB^yw!bL z_FrBZMz5^`De5K~LDzBq(WV%R>ZYa@G?NlbOyrpMuqajM+sr`kUtYN<)BiQ)2l$gf z@8^Sp>>rCJ8wb%s4fYTepqcen9aJaP($VQ39Tl{m)b3{wdOVjAB1xKpE+?IDcwCfM zrLPF;-DJQQS_Hv8tULH*Lc7!Pi1gWV~)o z#HCbX>-9a^@+7g+cJo3t(M}NJEAzB=rZ)BvsYmU0s1uK!39my@sYB5<3)Je!w=Ie1 z-#q51jcF2TX{Km_zjVpDpkNuA1bSvaEv*Ai1uANAW>Gbx03z6OM{o}jM~p(cps7mkJP_$Zzh7T{9S~+gZsc$(Nywak;Q6F&bbajfjkl zO)A0hx3hI4O2CjnbxnmPH*39?z(ec`tZ_hwpL-CLUXMAnqmTM|x5!O7Uvpq>yvziX zU3M{p^i1K*R2woTB_+oX9eRyMZ!pl}1rjsVCV_hHGz=x0qcLp)jI{f?bj^Nz-b&|) z|1@jL0+Sco4v6f(u@_9>N?;#+j{{GV0W}5V!mg8qEj^%E>+ffDylZ9_uaQ5G-feR_ zsK8>_d3x7E7_6>R&za#C-_dJM1$D@y)T5`LP8eDoTFG*}>oSxHoiLUabRPj;Ug7@2 zyI2O-{1|l0$Y6j71g0u&vF1ezH`iw3a{lE#UA=IkS?}tE z6f8D46Zp{cO6LeS4qSk^wKbK~tn(jC{QA)##8eV3;#7koZk1AqI98O7?i<7tIv4yJ zC%Cz}d3cN(V&y@9TWw7|0v5D=+Gy*sfKn-fQdu+2#l&wm4HVv^d(|{~h|GkOtNK%8 z1DgK8$${QNun}@#XkWjkC*&f+eknW$b~#AU!5;enC(jyI6g5Lmlz6_0v9XgJ9D|@7 zMCGzn;AuMkjube8I7?eeNtGa4M1nxEZU}k?tpw>93W$hPMNXW!3*Q&M5Gr9CJgzl& z^C`W#6Chw`jTSc~-_V^X2!8~YdUg5X0%1sM*s>dw()2Isr%o+Zg&1#9hC7-(WY(ok zrmSa*eM0FLEPp#ZUUV>kfXHc8f3GfP34_tPb`iDabc)Z|M@1E$l!Otc>40_NRf+rV z?_1R|I4hBl^@%#4D7p6GqF1%!xI6N!IJ7EW;ShtI75qk4Xt)%MICbPm7hGi+Alzg* zdWO-A?9`}-wN70)2ZXRWT_IrZs}8o!p{|B1wNcB>bL~4;Pl5~NwRiSGL_~Kkwf<@# zLUMn1-}hgwhxcFq0`7wTHthD#qK$us1pXH;_$Q}r&(KhO#(}jvJ-2&QUmXlZVgbDC zx6bnR+Io-9zXAvUy36)C$MaBf20d%nAW6MPqeX^5qRJEuw&+6G|ak<{Nl>FcQWj$|ed) z?F^%ic1%_x-Hw*wLI;QJo!vh9`F5ah1eYn@%}wig>bWLwHuW=WHKeVrYB6%~9PvW> z3QPr`N=rdzXSKXI2LkhrYR}L(fEEDQ7EE=4_Cw|m)OEAaa}O(E)K|bo0S4)G-3Bqz z?Vz7}_kvdiK||O@*Nbiktk7=o-oLK2R0k^LsF>GXV`C8RDrjkGU9Sv0=5#kH4h_&C z+pO~E5}$HQNioJuV7L*f&-KC5hxZ`)Zs$T8P5u@)$P0-KFsUxEZs43mL{i_@#=oE_ zu(D`M_Yvd`=;?wwVYZ8ax~LTeHAcy@H#(8G(18sWZ4kTgFklDNt$f3;mdTarb0=925zc0YQ%R+sFvWSk?NO>V5+^ zFFL8O=I3FK5lSV|u#5hQ=dP|-Wn~>HW#h)t>R=fcFp_GpS2KC0ulh%t&Io0i2dT2=+2#9mMzo5NHtf7}PJ85hS8eV5d&WYHF@P5y9XhBRr=8`S}6R zhLwfIkrEy}2Fm%U8~{OT%!iV1ziI){SwD(D5va49Y6eU`@dNd0 z*(MQ(nkd}%aeOW+x{k27wj4+1GC3?dame*d`b)6QAyM|JygUv;21tffH{7|3QB@s? zBCyI}z7{1t3HEdlBOtd1(*BI*&3n?#8^C^tsoC&WdGs19K764nZbsmAmv ztSwp+YlmC0M2c8!1bQgdzCc=o2n5kB0;vbrP_pFkc zL$f_%$|D&mz@)Ce$e0{yQyox^2oDFYfR`A%6D5`r;}3AU%LfCAWWI=sy>tOL0|vv=8ILMYf_YTpCr!HzIG?giC7f|YO{2#&vdV*|b@;@RgT zn6L`~X%v#Mp+%kvVR7P>u*a0&5d!w%t1&SED@8me7)l8KPnhiPn<8-jAWL)T-iCj` z?08%;F_4mYu+hpjlR4c$h+i9klL3XsE2a9nQ6B1| z%!f4>U7v_)1J7EeBCLY{4$2yql0YF+8ylOLB?eI2JjIro^~>t(>mwSKkdy>O=R|0D zDC7){2sA-*>J*CM&v-C#aS^*=5xa%~Rkg`g#6d*3J_45t(oN*k!a3-$UogPh;?y#C z?p|HR`?eT?h&zX2yK@~7!39Fm|5Wo_XF3&87&*Ddx#Mg z=VN3epb-_6>>lI)#K6tSRiB$JdEsNskjh8P~Zj10C(IzptuX6!YhA&|Iw(x^?z=SR@Lgl^xL5#i5Ye?AP%{^uBhsF|y-P=HI=`^Mjx;_TJd{5PIm1FVMPIoI zk|zXj5D$cTryZ6T@ndqD0`SDczHEuXC&Q2ySfOHw-K9}mup$x9Buwk% zq5!&*r_#zTMp_wJ!GC$qJdT4-czVI+c6O6I8j#J5l8J75wrLbh=Jyaqau@xX95M2CZ*TI(&Qd=ureVGymBh_T5LW zy8&KeVfDf&5ZI^MR3|49gnshF{(0c+#j9+28Dnq4bMNnxfmV$ukjId{kdTo4{3YN} zK#lM(au=GfvUFy~$IB`zys8{u4z=ZGfw~%9?=Mvp;Wu6_yxjmJ7v2E1k4UpDb_Qgw zFOMqt*nkJ$8q+`*fET+S;2lR?hcODWD`NN!KzVxc3xH>W5a-=BHLXh)!6Ol=s0#op zL8bTw1OTzT2fgQH^22IXfL;hJ7P2&eg)$Ktpi#8@q*D-CdU;~y>J+w};YB+M2S**I1ffjy zk_SCeGs?==!cLOgi!zCd7DN5>=+(S9%WArG zpFV#c7#v)fomEm%AwCZ3s=$BA$;HKbuS1M<3=}|U(~9bxxHU7-zVfV7CcXD(jHiF> z^Ff?t92(IP?b+mC6f=D}7<}U-GzJ5!V+E}P7ZOlkVr%x#qF=EO?E~O%I_G2LVuOEo zcHrmFUQ5=Ikno26iZBn}zT2n8I@M$@yd^ty?Quy4etiYW-;d}1%5nYr^85c#fAa4| zowpicouN@e_$&<(OTjufZ-ze4&du#LCjg`sy?C)PPH{A!8Q%L(qV}Sp5dc^O3$bW` zeB}VFG~bPnqyXBpA9aR_5-V5ENr7H901!4vzTv$Q-3~Yaj8rZxH;GMm;MzJXNt_&F zKHARD!%Q4$0ygDUodHCLC@x=7X>+Keva%^&xeiDST#CAUp$)6g`oa@53=bX@ftz>q z#}Cu7?;?Bl_yR_{v(Gc%FXBN;${2trAhF<~c@eM+Y!~Eoo3`N`ea4)CRZ+u=mqHe-b;6Dc{4* zMgWKdCSWz*1tpZG*#Wt0g7Bd68)mrBQUn8{;oC|{NaR88pu`XcVZbLs`o;FIRaI3m zQ)FAVFe;~p4^+a+Y3AKKiIfXooSbsjrpR%@S>*#!A%MTWB8%YFYK|f6cqkw4)NBcD1 zyjzu-k{GCGA!oQ$q;whuwv3L+Sy_s-$p{s{-8 zt@R9-p?;m`_q+G8kK@>Ti+%DaHjI9PCsms;fsvkVjLCw;n?NR4?yWFt)STnm-VbA@ zKRR~A+G*J`D&X-s^K-`Ud6JA4z#tvZO`H5%n$l|So9Q$=!9C&06Xy`ZVC|3*SyO(C zP|KpHBV^btk7aTf_|3(t8UL5;Yszg`p=O6yp`VEU&`&!fHa%u7S3U`Kb5M>C&z({`le)>>sE@Tic zZ1`dmGMgWH)-Kg(%1WhiDsc#W%-}G1aMoaVR^w^(Pmc<>%o=y#*=nkRcz7BlW$!np~oN;Q=Pg-Q?VpcOJo4 zkr@*eJT`5rW6L$_0>K8Jj*}>ETqEbQzifd-84F)OebQ$65{O)cfy7+>Af{bX)X!xr z1w&w{xgKe=G>jjONS&UR#t{sTj&|_z!K{%{q(ex(8XQ~zS^F$yQG)GRuF`rlH4*@a zka>@qW5yW&Jk4vWd3Ds;y#;=PSn9*|q3Yw*=d61_w|Wr-WD1~}><$@WVp52Rh>&70p0(;=;} zKE=$)=!1yVa>X5VXWaogoR_nHv>l|{vlp1HE439BU%_8JN6b8}V^Lc2Y0Hd3%<+0e z?ZS;b?E<6z4Y3>Pj)H2Z)WH1}Pm5C)J)@!*XB=j4D)MW8BrNQ2auExS%HE5=66PtA z$J`-`%F5JWaICGL4cVt5+^MqnRWjx?i=W_vYSXhnyr=BwYLl)|gT-yu-#4d=`;G41 zo1YW0rc~wo(Jz^C%zuct7?aaSzt1?^`4SCmQu{vsDRb_LeUHY>W_|^MKI6iL`#M)G z5?PnFmc9cSFlBF2HBfT@6z8!PP0H>`vk{I7@hFQNCYF;ciw&b1w+lf$Rsj$P>2S@aGOgDSt_NtTqu zR5LE{^nx>yGUaeKHn&f|T)@#4tKXz<6|DLT3xj+Nuj`ALQ^FD$MyPSP4R`lR#6ZF? z=Gp)3pRwskx_0)wrR?P6coom)#3LO(f4;CdDg&W4K0Jj*I`iFO#}Xf0>!nYY{>-TZ zmGYey(p=t@J&kOc3vtH}=fPpq4+}+$6&wUSOLyx?k~t zV&l~&@fMf$Ec$v;HuEImCKmApfO63lYkZ!SgsSZJ=|5t`38LhX%(-Bk^u)$d3!W5R zw^ZyyNpK{;L%?6?-U}?}fSu#p*2)KFZK_-R1Vp=nJ9h?<5V$RT`CrKX zF7EbhKFZF@dcr^}pd?NVxKSPqrOq)`M}4N4)F^yxUSv+~B(s!AMbSu=LAWjQyj2e2 z@%qi1c-I$1@IHeFpDA&(@Fso6OyAC!mhpisvdINY6PqxXyt?4(!cIe0aTB3fZel3m zLA2nLbdwu0bm+$?i6f#;kK$eImnr9S=|XF*-+SQ6*q5-yh~X!vx=6}F!jU|0Ag=hpn;%j{obZr+c!q-&%^5tf-7!}%sFSo?0TXd829lP!*XNvit zX`9#Y{W^N|XmJ-2u$pi>XYSl#yiVc?6U7!Vbe^ADT+>K_M10T>0tZp;q#*<+wXLUqD)wH{8vT;J3taK2c~1{3~JUJ2YIN3>P+v`NDgT z9=@9+NBQJ%(d{s{A>t!f;(&?skCbfQD+(Hk`_TUVo`fi6%|Um?>BT?3e&yg;Gae0q zz*2dQeO&|_3=(H;FPLmTDeJ4$Cscl&jWK}UZ>-!n$`q1;!(Jnz!nIjvxrsnWN}eOT zE?vIt_oZMoDr9ecsR63jNHM?PHNNo0dqHK0)=$O-(M^LWKn-_%*E!(&k~M2``Q#Mt ze`o6FdHkV8Wm!&t2(lJoOl#sq(Lupz<0sm!6k}uu5tQIVgXLPs_{qXKntL&6}~EQP7NUbQl8>MMaB%^Yyq&w5#&u(W4VMWDEmU zKqFu4VpTf0)VI-|p`6EaQ(q3|pi(YU?B4Y_q#xS^zL@pbfLO=RM-q!LVe&T+w5pa+!Bd1gMDDgALV4kZ#QIuT#Le);kevZ#xF2n)|52b*h#A?)i&*d_=f|e|^A#wmq*%XyI~lTwosi>#xU4IAOx0`}gNa zlzsj@bl^ZFs_p;=${7SSabG0FtUk&4Cw#~U%x4USN3QCrpLOXHfvFmN4F~{p+qB1; z_LWM7yWCG-YLNN|R%b$Y>aKkoK*9D0GjTulfXJkzlaj?%O)Dd%Xg0NhZQUV5o;mpC zjFXwGn;Uz=p0kCJTn%#vKWXL50-h>#EJFJqI@yk!%Q*W$84-n&>)t(x!sB(BEdN{{U7y22QgJ~MK{~CBAp|Q>1Q51;ZzlXV> zy3vjI3r{32tpf<}*tP2*92KJ!;l){E`5J@(?2JFV;z7(2t^6FUiZOgv_y&-Nt%T!> z6_Y6v_#K|_gX7b(3F=y{Udbsbh-t4VdxvC-Baa`MIg4VuZT7pIDBqn>Q~VrebQhHR zx8;1xP=;@!B4?TC-XU5OFnSJI_b$t@W()bWq$ZI;%B!56ivgvZ?*HNDrkv4BIYZTE z*!mb!b%zWU>)yZqVn4^3opq@;8SGgU7Z}-;oQ3A)Bir<2^C&r5eQCfOCcF+e@+fx%HA248B24D`rV)}v7vfh(zaSFKpVVBg_A zd#dr`(K@RpY?qPG&v9I~Y$C4KcngL>8_3EOoKJ?2jn9GK@g?#7r|2w7!uIQ0%cG}I16_? z|BeLB_96KVi=j_AGRwavCa)VMr!`GZ_dXmL@};F9qpEsmYX3WIxh?ij6FhJ}1S_O|?K zF)F_d>%33VfIWs!IaUCleD_0@PWv zee#Dd(3Uy~+;nu>;veHIN^kK0-c2_n6pDV@e;tY=v`K!iemq)D&HQ&1KOYf1@$JO- z`(gGsmyU&ph8^L#lK@3p=^#2KECwKP)i~+O3#?n<{%EXx1R0{kuE(W3S0(_A{@$+Z z4taKh7Q1Vxs>NkjcX9;DQY=TNt}!2&)8;WXfOKoohxcFEKkKUT9(_s*89@!sw(jqmOcZfKkdg024eQK`>v zlo`__>c$QZr6nb;1Y9jYwc(3SYW-P+_~Dea=h-vL{iVd6eB^5?p;zG0^>HTsU~CAV z#pE6F1n^&N(g_KTtf(?7o#s^^v%cH$PwYDA_C2>46*d*(4pTm_T$^obiZ|g3$~E;WL5WHVD@ILiZ7ZzJ6_Pjj9diSZm-^U7 z<*vo=*?w5puv}7?U={farNgCAoiO1GxPh;E8WSID@V1oSl>C0TT-0arTw zXIC;yHMSQ*y5TtnhKSW0*qI;WgMELg+)W|rpL%!c(&fAB>_1>?nYl#D8CplQKDZN7 z9(-8|en-DK$OJenJ=`m_(Fi4LmAi+)N|0{cxop-Y<@4$n)QL-V_ze8sEB0K{(+_-o1-CE2IF)(jSY8V(ZQ( zkm$Bg&A58`@{rf$z#BzH?%=;m+P}Vl9$@|ni!6uV2w^M=#vEAflqvZ+v1>q0ge!4t zIi?xBR$T9c`&JvzovQ<;Bzch>zx+v`bw{SZVMhanz2>spQXEbW^n0%hOV(U8nucZS zKzO(%9M!v&KiFyL$wO=34nI5NRB>cKTC7TcMSm!Yn(E@_mfSj*LReff55tRxyJN?W zeA*GJs^_ph6E(fr5yxi~R|#RA5=BowAT)Brj~}#B@xpIF$nlxt=8xr#mGU11QdY1v z|N4b-;ViIBRrMi41l$iq_&raLI2iBZGCM4SqkD&#dm#6lLwPg*zU%HoqE2KC@=2bz1do7hrZmK(GqPvH*VZm zb5*H;G z(`KEO;o{^3f%gy&Epa~c7w;DoB=X^@%WIYm)Ao`LMB_yn(3ITo!vb2&6%Z7k=(*$V z?-0?=i)T~<(^uwQzb-BlUbAKm+PCPGsJY~x^pDL(XbSRqo{<_TL-G+9SBV?3xirvc zC}L+9WzO}z1}#GQ0#0tmMkg*Sta0fwdCHW{Teet}{FRkWYgTjBRDO-+6}&Gilj|OO z*_uZqawVXn9WsPS_8tVZWk5R zQJ8V^`Tn)g0rTtdn20|B>?UVX>|4Tseg$sf(-~YVkh1nVlb|LY*29U zKs@f&-TsuWg3n)lD3W}_maI9hdfHN|dv`d654iJE?X;+Kc|9XAT_`FV{Vw?S&xdRZ zYT5FyKJ})9&2RtR$=5vN-_7kc+jSjf6b%5Qp0ob>SHrE4Ggck`_mbWJYg_vNN9@DE zJ3|FUnJrs>k(IG3QC_~{k?q^Po5=nMN*>1o-ix1PzSpMUQ?ZO9N<*(azHwv5_gqF* z{5;k?TXbKOL%N9lGvd-$jwWTVYpV%w5K1S9r0nkQPQDbkSAA{bd$9vuQC(f#U-D}L zDh~kJfk*)e3Y39)#vw|Jo4H~iv8hm6y1#y9wPK%n#7Jx|*2xQF9ZiYSu%1kWADIIa z=Y-`5ci|tFYbX>QF*g6Nfy-Q7j~+hE_j*9BBq_&!Nmi5BR#xJ~z6u0@HL9F^32u~3 z_4)H>@GBuz#BzT?5R5`fax%IPLAHPI-X{j>f`$n6$Qj+_XePkBa1nP}^$7q7a*DC< z7rO^1RPsmgjJ}YkjvhI3Dn3311OdHv=|!gaVr56zS~q1CBOJiD(D_--75h^9Wr}h7 zk=IwEN0Z1&rS~3-Eo4}McgUb^XsD~-YfRET25f?Hy$56VeJ=_M`&Ry;D8<#dTsaz} z=HCvq=`+USB-xgy*h*rZ?|%96<-LP6YIvndo5aOF+$B27`YBnlNniu_3L3DnvGFR5 zH5WyEO?)-LKQUI}*I1Mk4;V(OV}2IWP(6G*M1*6CWDJpGmc}y#J~B zcUnoE-}|VX+4&7qN*XhD{O^CtNiDK1$~d0$!`8Jl%VPwaj41z0OZ~|zf}nEnV|DdP zH@6}E`_GDCgIe~!>c9O?jp*SV0zq5N10_BTW3}m$B{4wQgC>2p>dDGTbZpQ6$?dtK zrfWkf8`ey5sR=PBPZ}5-C!RdnQ6*095F|E7+-M}V!|uQSNG=f+zRuIL@b29*`95T>MT-`VA3r`=oe(;W;%lp3J*6vu=P0{)U%hgFoz+tSo&*3> z#uH=M?S`zlmoR$y@@9|#aS(T2@slS$zPY|pTC(B+<*9EG zEjF#(2v!!}?5m`72F*#(g80(up%0iu18t*wq zSbjwmwG>Q6{cf)5#fv|PH(k09nr~~n8GOY#4hRs!j5-R~$F6x?Nl4grqwK@SkJ!ID z2=mO%%c`o1A3yFOG;#6xAr*5cQN}d@&4mC|lt+&&7A#oMW7mn4l&E9Jqy#3^58R$N z0D1#WnD&$KW5?_kEErX?7AGfhi)Hfv2xu3*%6>)fog6Xl(Tf*jl$5#&OVSqd<|2Cb z{O4G4y2`WL&#{+l4RKT*0MWMggdNr}bMu~po{w|{9t?z9eqgQ-4U7y*M(xZdYQX06 zjaRw4M*rDwIWWJ0A5P$fVmrryX^O$u$a2OEhAa=HAnDh22chEcXV3f*x;bHc_s%sm zyhUw|4Y5=Ec6(-?Nlj%Z=0Hvy00ps%sdE(UCX?Me2`k*)9axjjKS4hw<>932(qmUe zS=rVKkz7N<^rzNkq1VIeZ$#RjAxqzu%j)XtdV4n$F`Zpp!k?)Z6c+v?U$7k!Q!cVH zPBsrT5mSYA6x*f>6V=rzyZQ)vkwSO@oIoSxHdm!@-@e?)9y9niY#N>`D`QkyRaZCO z!*I@=l-%55t!q}Sc)NCT`KAl!&tt-G_GtxhgJwk19zQ&gl|xKriOyoNw5F?|m+%-9 zh^mxmHo#B@Yw_#!(4+U!F9#gEEPupoNY?kFmoJZG#U&;E#GP>Z^l6SLtOXe> zGX@#ne5S#_f{{#6U03xDJDSEXr?fLw=$$$TCq)muyN|t&IvETE1SK&c@4!+pC%);#O{3+n-b%^>sv)GU?#Nu2MJHzOE-5 zdRlpJg_GpN73U)(`$19vIjx$SIFftqnqm(sv9}*8tfk8&Yn$=5%a^AR2ff4<>o6BJkp@_J_mZz%!vGR!Lqvlz0apLLIGMlu9^hlF3 zX^(aCe6$kuRRBQkEuUC7oP=CoiZ>zPC&E3@Ga9S&E6NskJ0yiX8-x>J%xcU0d7B znc09)JbfzKj)iP)L9jt5`(kq%ICyXefuo3r z4Y?~lBLgDcnBkwMr&3Z;8;kywtPW(**j5&3xv#>C0EwYQFrR8JnX0$^}i&=I6 z@-?6wPmHVR7jTQoTEAffO90=xD};|Z{+7`PZ}%%LeVG~?TSh1)7IhKmI3ka50L=T{ zrf)efubmK+lr)7rM)j}jRWFz>2%&sI~C3fO|hBLefx-5?VlUg zlG9SWz}obv;iutNzAryZG-(R~uOCI(Un)41EWiECGmnoB4vG0reVyOqcJ3NE>9BnE z+7Tr$I|?7NHd!^LMQGhhtH_iHc0v<;yEEB8{@VU!MT^Ey^ORS(|7nc(gJ0hVlr%Mr z@3*+UsdvEnSa0j6zx~g~^tPXq@%!MiFL!<8XPNc8;JfOVmO*{)yccaIU(Kb>M|>~u zc2o02cJ?B$V`es&my3#gKVavDix-KLk~^*g0bzfdS$~CT{B&ZXod2}7B+ANlxjZ-y zGRnmX`z+X%(=VsD=;w7=c0PpG|Y(gxQK}WYLC8LP;1?=E*8yLNLC$33Kot@b>z}4@287-`sEgVoOT%oy|Xm)twH$J>@(5 zaCm_ea58i!l2xq2?M@tcgp@Gq;5VAMqK6dUz^n^iKsfm3nj^y$z82LN%R z7wcy2#n$bPhhU9Xul@|jd{uczn>u{`yRXeQHZ}uxLan{8tb`qWuVfOV3%x>Fvvb$3 zM%_Y6d%E=%bB{{@`9N&WeY z!>#jdY{*R^6_capiZyTlqL=4he9Fqof_#*5ar58BE&SQklx%xpcis}ne$fc`_M@@z zAI~eOP2GQG&2DGsBD1R@{z-Yd#U|33pS%P(e0XIo8;CV&{R9CZ26qDrFq@fDrJA>-HU`q0x7Z z-mehy>$P=Zxi0MHLhK!>;x|t6Tet%wY>H+!P~)3Lbo`GWylsO|^OL@}_lFO2Hng+| zPdgG)pfqvx)E|>J>?jy3v1o9ayWb-X*-v@G2k+KHTHcU?AFDe*zZ%ugec3XMobrB# z&*yg$V$MhfM$0Ud8oXW2xh!=?lkeoeX0}jFi%cpd%sgA1aeMo(FVB6Pa ztEW|+6@=?%8tS7oOh;ZfkPnmC6_OORKg26V5T2fFUayf7InO$=XGN8D?aD9fu1$T_ zPEfbmFI46h+lFnCAx42}FAiNvKb=w? z-T3Or3QrS3Fr8~W@_NJGjiwLxs5!Tbn!b#59yCVl4_oo?ICax{*NQmT^vchA1JmEz>&&=|eJR-BvqzVzXB`Vtrs`Q2e=yDMEQAhHPtG2>PvTzL zTHw>mmoG>5S~+$2bIbionLe4=Y#(LaaO2~8*a4}kC*z<`^BwS&54>j=J%fFmT=#`dea#9-=CK#YgPT$ zJi6Vw{QLgsP?sW)yoe`WX}{VcxBd3-*4%CTzl&?}HMZu<=i<{vZAa^P!}4rkMYMwBijoU%@q`;^*^az5v49N9j;JWvCgD&c0C=c zFJHatAW-cX7~I63IzZ|+4qcod<9Y>y8z5V^S2SVvxssCuA=u>8O5~@fTM%IIq3C)` zbfl1=q5xAyIG_4U^u5AllRK{Z{+gt${8xU3xycN3b8!POTZx4LN|4t`vYL4o3QdpA zbnhQh+dlJz=q#W|tC#tmP3!~Tw{Kr;tlUmVmWTfqdyO##B2Pp|n;lLB@<9q_y1k%- zPo2*5@}J}uPz0Yh>hR&_k7uv$A3>^l{_I&M(@8RGeAFUr8m;DT17+ZYH(I|>EQ=Kt z4Gayx>uy?j7C_KAOWEH_!vEqb@D$wr+}X1~nw8@p#XXLX<%5f3E}UhuqO$V6f`Zs9 zTPTZp03mh9+HNb`q#M}SG-F*jH*!c17t}^kU~n^_F9*I9nDc$&iL3Fa>{K?v`$Ke` zyz=qGhtnx3zNiFekDmpH@DVBaC`d3x5DIzp*yuqlf`D|7(*XRedT#ID2Pku}M>j2H zGT;BseBROEBjzGkUTVGk_B^nj4e}4QgYxLnUB>g^!6>2&sH9|AjkU9L6{Z=en|1;m zKL8Bc031WDQ1!Jr!h`Px;d?SZp1*-W()Oh6WMvk#RZUF|-#*81>uv{o`*Fi|-dZ}8 zCD>Y8hqE3H|Mj$SUboY?hj!kchH;Ahw5o^i(Y;I0%8#q*9Su70H|bLE0_^U0l@-uN zkZ=m&l0p_O!t^tsg&@pysarbWw$lXag6j2~hx-a~XU@FJjF3?L7*BVG^WA>T^%=Hr z6Z{agL7}aYu`#_+(CHgCY~aDrlvX}jWf1KU#arGiIGwBx51V+gn?)>Qab0Y(}DFM`sIN~l|oD?;8AJwy&SwcjDmz~FRw;!Sg zDld=gr^D$h5_(lD%#(&W|KxJP*IP|bdigIefT^)Dy~hKjm>2Ma5+0eSw9Z9&E3+tH+`?u)gX(+GKcQn_h9IQ9OrlEUbz=hXgI0=kRJK3UM;e>kD8m1 zaOzYq6_pr^X_8uJ5)<*u9llWpErCnAibokxXg4o%x7`WMA7OpvG&Byl*%s`6c(j-K z<~zRwha7y=C#b`L74Vn7o8GiG8RkqIFB3Xd(kA$)gH8Lmt)d~2<_oC#;L^_ty}r9- zRbSm^`84E<$9B6AzrEK3YF@nOaiN<(45EDJ#}j$PfTW}v>fvS|ohxF?0L)1G(!IlVkK4^k z|GRdJQ^dK)3baAnvVQF>aa5+1bXRN1q z{(Q2EN{_{9lp*wvZ`jaRq9fPu7xLY$gynGL5eE*S|8_~~6?lL7Svq|lJgDVvRub9v ze;q|xz3_@x8Wq91br~=>xLHs``1=WQap`RK9JB|mZ4w(hrzHQUMx=g0{@ zh})!B%#EPQBR19%Y7ptWtAs?1@W6@JVScAddA0H$!6A`PW07P#q`Nv zpseNEa7N7zsm5j|D&-C+e@6LMb}Kbi#Z!4oRF9Nq|MrE+Ta-p`B~nJsZ40sK{k>-2 z!dyKG2dfKpL+EqBH1uO5oiI6xiPeiD6Ev3?x8~>S5OngYJhx;Y4GonYHR^luL`aA? zIP9sq;U{2rfn)rl)q!9i^ZgZx1D6IEcBkWWt}Zqz)2z(_g~uBoFJ-f9XgB)h+QrQm zYi#c?BZVbsU-fZx2+-hf{H3ZS`J|SUY=5%~Fg~*#6o_8BX&zF*wt_k8dBp>zd>$WWTOh$t+(dK5~ z^!~A@PaADKuee~}ejGR6US3qFc~>#=ie2c^F$BUjZ>9|T9KFR-Q4A-O)YU^j8ddiX ztGIsk(W6HQZ*>Xp^;W7}xpD<*`t$qu`AgF%-z==GB99$2P2B9Hg&3r!so6-XfOw=G zh=($C=+NKl8WE3Vm9B#a3Qirc=y}J3B6iM?&|f1Ig=-GMui8>)8xJq))-fU~Fxf!- z`#i^aIw_$CPDkIk@1WKLM}bp@*}%-`6KhM&w)rlD4X&uLw6im{t4?r?{Wjz0z=Mw_ z%I)hEv3QRAZG-ldiiis;3(pA;t`aLa`{*y%{U=SBQ25{h=KkK&GptOP{xrU_*XhKY z{5y({?!VsMO-Q9xBPlg?F(h)s@h%Oz9rnz$w6^Xd_!MPWGiL+Wi9(CCpy%R}fS|!I zqmhL4ZSOYV_2KUFv!aM-5355;;tf-raveX{)Et@YA-^wwD*H9SLBZ?AekZ)TI$M7H z^+iR?VH<#k2}Mn(3mP$$Re>7N##u{_$fY?0YPJ-5Ko!zB(EYLVUuY@9#C~sJQ!>C>mz; zjo+tk$J^9XkQp=x^B&-|!!d1tZ?E4RyhSf4neD2M~luG^wcQ=#=0ViI4BpQuK}AeI5k@Zr6TPV%_)8t>bkf&xy)n6YE8 z`yc`mUXUjAWV6B zkIHE6Gk~BmOq=q3VN05c`~|QNp5`n;H(pWi$1lLD}x;u z@^%?6u;gpcH`RP80ooroNuL1&B%%hRToKebN1lr-v&ygS7X-*&rZz-ITA?&~d3o8` z9QIPh2|>VNepK&g)$1=arV&DJZv_Vk`H&0G4+HT`h-tr77VG-Cb26Q+EG#hSJ)}jQ zm=a6NacmE~6_CojSD-x_`OVGKJXclr(^OZF2zBI;gKVii$hq(s1-mC<1k0+~o!m5e zZ{r(Hc*75j>sq1;aSZ#euisuSjv)no`}e=`qWbVPxEV;+%w9p=-0|Lh|N1GGZ;`678Ny4r$Bz(IJE8uJbchQzc3fpH~VznPMDR* z@nJ49@F}m9{*m&too`hTgEvA#M39fs|6uJEw`9k~#jz*n;NAGgqS+La)Wb)Q|!aYF?`x)b??_~ zx84l%_=i>|;RKGaEUadFr0-VM29Ew8dYkM@%^R9A_PD0H|ou(%OA zajqd9$;E}{1Tm)}{e)rS=E_vD1F>I76#=Gi-v#sLsjhyht`L4WDr$}aVgM-&tIx|z z>qcMEuihEfH#~iBgrB*)2XoNq-#ACT5I54PNZnRFVRj~`lg%N;wFgP&?bXH6;03UFdJ zg43utH!G8`Mi2VW+cUm$jaltTevSwegC8MxcE)F}$yj=;D}s6F?L85jjvO&*KCiE* z*t2SF_|c=YRU~ahGQHP{UT#B!HzTU;b^AdZ+noy^-Yc3mf12^)b*~F=zc%xhagh#J zUonsQvRu}ntwKw-queIJL^p7PirpYBER#d>MLf}1YoG3-uhnnfW{rrX(SP^F*MEUK zfy!QAUym}eY2!wdLxWDcQn^vk03YgibAstkrk<%@{}bR!hMALiC}P9N!JiS8&2Nu- z^-9M_y59O!YL*>X73YS(uT8u1?D({_u)9@$MV8h~yb=VGSh)$?s(1-Z1Cp}tG+IHS zy};ZN$puljmiFz_hhcL|2E2R!J`+T`wCW^r+N%(2T0rNhKgklrr{68a@i`vZCG9ZV z0KgE@!Hwj~n3YN@Dy_iuwuXKFsNqOE3Ml*I#~0xtf>cgV_XJX}pJGp-NWWK^<)d>I zRX!4Ix)s|-L4mmmT*hDy6kdYe$Bw;bCW=DZ@U7Td+EsQ$#cLS(^x?xl@{w0ly`0^c zIo{UD(%M6N>>42>F;+>5Bv-a-JSqv_l-D?P=;~Fgj)aGIDBam}ypn8vl;rD9Vnm9a zmqmj`=j~+#qq4O)ab4~oxj@HLZS9&VQLThx(7>U0|LG`LY-?+B;%~9dyP|^hwG8=? zt{i+D+uA06qnPCt(F7tPAu)iiAtE1B32$X6{Or89qPz+T3rsjpNog>70ANzKbjy?| zKN@N=_fkPqxMaNe1Ww4SO#}4;7nv``@4%5$Mm?X>E9lwBjHQGJx%QY>-%-`^|4VhQ zz&xd(pfGta;vE?^1LsS<)i28n91L+l29I&=V|hUjHJK^yXcp(r&6_oAw6d}rPna@= z0QR-Mo_SR3admlmZsu_c*RbTkWl+a}#EYLjV?ajQzJ1dB^3gz>P>;*5C7w9ZA<8gr zF*zXI=rf1_`xa6MGp*7uT%i9^1OaZ7IS~}jIF5=APkayBq?KY%NXXs$_oHY7gd^ek zIF9qfjCttL0QqiM7{OxXLsQ@dCTTDgL4^{TMTGec*p*WpuC@Zc3^vKnToGmz5gLkk zi(3uS!)5vM&Mq4Yyu&Ii$i5q44S0H{^hSUN%Ree3e~R$0wieYV7YO9_cR@iga{Wb6cizVmlGN)Bk2}UMfRLUVLcE)v(uBi{eoLAOY_qr5<^8vrsu*qw=tTXNHe?#$+ zrG}uTJ9proW9I3(rZ+w_CYGqF9aR;lGF_asv_q%lm)yFyuC|`TWe;{tIvyBtrv^!V zMr!|0!rGr~y?1aZDqE|VZDVd8wr3Bt;*oiZOoIcygi+1HKH`sjt0zRQgF^y*bMW#s zQ&vQO?MV|jQ_7B$MGVJ{%UUa{rSz<+FJac^eKG(_HCp^{f{5H z81S0xM#m4HX=PeC#p0)7ga?6UhvPyYAMFNh<3ziT5%1*DMM{QZ`~?eBR!kr7r)=|J ztwfKmUFi+W_NbUSdv=JPtnASc9TUUI&P|&PWsh17+B4ItV__ClnUnMjMpIue#uGov z`{aqgx*45%OMdv1=hD4T4sq1=Y0?|!aOchO*T#wmg4|T=-ek`j=CZ{#hEY)1;?e15 z8W><2_-+}jxNESd@sh^y&|cp23kwS5ovz)fP+Ev%CwNUNz+MLci9o28PDW3Cf`#32OFf4j0_(kb(@nXM0QJm4daSfa| z7+&x#l^gXB6-V8;C@|{P^hLYxFaP!HSBQc9niCN9vsR zTi^0x@U2QpNojAY9kMUK;%jsJtpQ^G8nDwiqFug+$;zhYW^UOOEv<1j>EiNMiYz=w zEyTbw<<2c?1e(H*qg1YU@f^0V%W9b_`-s zG$uw6Xc5HmFA+bVI~g7A4sam_A2`sd^a`D)eS5s3I2Id+?%l)iGEP{+Gy^JbGQJjb zB-YEu40l+#@Hx)M*5${K9l3PLd)2D3uRk{OF-hvAdf^)Is!Zv^moJ{dKTM2_MBhD8 z6E_*PTMy}UIXn;n((?@rD86V`VuH_cx)AZjf!S3@ewrI7-A)MFw@>syZqGZHmPYGB zWrJ5vmEqpmrvSFOqs>fA28lM>b{&EiK@(C9)EA2;#-I>#%Ju?Spmn@nW}4xQ7I|#ON%Th1w@SH{RbP;3esOZVl;mbh_4bmt+T2Qw%*-5UsDdM7hC|T% znGzU68H?lQ_6frQ;giASL0D96!9#=+x#J&x7P*X@ON`cHgZiR)c`k>WN-@0ur z8D8gj;(!)N@y=bk+}N~rt*c2G=>(338dp>*eM4j=J2??`C_F_Qaw~HD3AB6}xlWohBo^7&*T?U{l*{zyx zcZ@bHYwLqIkDe^Cn`IIod3r>=gTY?cB}-IMe0YLET@>zG9V@xlNm#637sNLI`(v@ zGK$u~lx7swat=vCLXvv@yxpGm~` zIG@)s$%eYK91C5Bd#($2B^Rbq3@0Uxjh!b^WH;j7kz3CCFWUXApE0tf9rt$O6Ebbq z(W4}U{Ps=TKNTCDUR-J)_UH*1qM4$x*X)5fI*0b}zpKIvQi)XM*r<5GHg0duz}5c> zzRhRy&xdarT<+gl>c&sM*FSXzsx1|VZoS=E4~rChc1LG{MolEUt?Eqjv9r#b|jMqxSv7*OhQu!VTr5j?78Q#DIc23 z^E+^8V%(KQ*47D0NnML}&bPGO9;v3J^pWpb|K>>3;qu?=V_=C0x10-Xsnd|J2&*>_ zzdl!}J}8BcQ2&1Nkh$yDedRpTsP~(>LzGGgCXrr-vLyp^W0paZ|4&Qf+arBEbCwjY zUA(YG*Acvh6#^B#)EqGYVV$S=FE*}6DoTTxsz!8t-JmT-*3@yUvrO6`i!(j z34b$nVEZqQ-Pcc<23FP48MfRcaCHB(fbo+jolp(wH46AOW6Rw$y1OictlO=r4?8`^ zBP9KZROb%)9u1R*GO>;@DhT2Tv2#oEFl(o>cqp+4V4}o%&;ib`;hlR)uUvZ~G*IuR zs|%#+kt1VU&zoIzuk;yHWoq>mPinA70v{QIQKwo%Lj!FQ;r0_mQ!o4T{3LWB0f||U z%!C*Qc&IuTc9t(3(JOe#;lrlyz?kT!EVHX0PYhIPDwuISWmjk6au$K2}h6G zg&@_^>)msawyM;KIHNlqL#JG$$Yesz+l*N_bO|u@=r|4>S-$&yw{A1NW#r=fPv3Z6 zF#i6tb~mZkPNjdXF80z3>FE~c=B%yY!qYZ51Pf-y3xewg508NwtNO%$RE#|o@um8{ z>;9mrFf&}OEF%+R<1r&gjzqXuUgWWPVt<5H!aU>3UEE!3w%oXVTY)-TWqk#WpLueG7F1d9_Mxc?&>r=fY5$o&fcl(-kC~nQOXsp z^sU;GhZ=Unsdk@@S*w_DR-ab*^5vihzp1XSUC4t%q)rZxj9jid0Di{TXQe)@%F;bE zOVOR07Mt7HXwhWGz9OHI0SQL@-V{bn{aoLamCn4dKgL>B8VW#GXlG7f4ScX`*L|Vn z1edKHk|1i07>dQ215?6)d)E)fM?CWS{Zm7`F5uQu8U*(5d%Ja>!lAG*HD2DNqvJ-6 zg7Q>eF@<(?ErwZ0)Q2f1npSmp%y5qY&Z^_MDw;Ts- zM2>~u0VKB*0`=wW&L4`3q6=VF!sElH3U+DuG{d8#rKOdfGF~7kZ&$*_Z2NZU8-VNe zb_dcI=LGMNkaD^#h6MM!cGCOMQo`Pkk?~^3iES(7;Q&a{`aE zv+$3-Ij@wj2HOt)qA4{KX2Zgwy>RcSrgUzXH7i$oLk8kWroOOIe#*aP*BpI8-GxKi z-kx;c-#jJ}JFD^uqzAKMVxu*2VCzJe9(7RZ)3r>kAAm;Wl4%%hg%@Z&|D7+ukehCO zAO2&!K2`ge_GMYY*kJnnUhO~%v7>O4LgUjdiYQTUu)XNrsA1Oa!CMPm0io0rR3SY* z?-Uk_B9z_CxmQ9S6cikuwq??jkGxyDLL(0xP&<4Nz|&q3{WqpU4pJpAp9{#vkEoF~ z@5Q;sm_IiqE9=nf@*K(G8-MAZSrPqtFhHMj2F%J}X~<}hbYKLZLW~i1+*a5~{C7yg z%$s0Z-PfWAi?;eLaw~k=PLM+R&(8!EZ{EZic`%uzZsBV$Wjt1p5bo%3+; zWmgg?QXG$sD&K7o2UT-@s3L)(jztn6_)A^NCm%m}FmuJ<@&cVWQayTHOiPRXtDAsu zB=zJ7`iYZ^i{)4yXU97~_Dpav(Xvd^@_sEY5@0@9XUmLp=fs13DTL?rXvKNV7T0Du zGop2bEzx=?c#;qmu&GbzoYV=aA*_i|v9aaUN#gY@Ql&v*2*PWFs@%UWgU@uc003e6^ zD4&%XG~6#;|oNyK7MWk|%S1IZE*9tFcD>~wUp-sO4n#JALT1%2j??Rm*&%>8BlGZ#u+dKErZ zGQL+>cZGPz>XfYtriWlv7AzP#!O4hWQiS1j>3Ki5R6Z~pc0lo?;mRLl#0Y%o%Zpv2 zTtLSMY4Vy&IG}^#=z76=$;0zDirn^){-Rf0Z2K1iu3Yh1u|iSX+O~aRT8!q|nfjI_ zCnwABLx<=LlRk?BYnt!RK0Q=mFYCko;q-weA8yo!eKczRFl+DZix4Jr1qd=&_Rcwst~&@BHqJP{YS%=0yD;kDldBv`Qp89sG~ei^2l*avX& z8uIen{`hg*&s|~}d3ZuCWsaz@#m8g*i0LqA%pS&M5`dzhLh>6#;U#mpjK_QGr^CmV zFmo6q6m}xmKSpqrc}x_8VE%c_5@wu>N|Scud#YB_zN$DRX!714_eG|hw&JwSDspm; zkh3sLJ4*9fem9o3699I&{>yv+sIQoeKu25{uyZK8AhDIm$>kLlNvlloXRY9#J>9>( z{Uv?LU83VQZ2JEG{#osZ{OT;As!3HqlRJS*8XYyzm5C*ra zL*EtOmh$>f-z0QWu;$pnVR_3g-LiCDvxXT~-6SRRRFf}UC@v~Go7v$c#2BrTu>D(@ z1VP&xF$Q_)U1cSMHqO^Y59l9Srr-`-A1+>GIe9}i4)r=Z>;BUlI25o@1{Kpt_@q9kB+Xa>=N2< zh_Ted*j;XZ`NRR{hSxGs^u#XC(>vZs?TVteuG4=RBWF+3q z*O+QrBjR${uu_-Xvw#2hpFdAyW7v><24JyEXT$pSF%fjr(A_8Q78o(2!_?7&$Q~2j zZzg#)9r&ozRd%lKxQ$3Wmo^BZKw4E*)oUgHBxLxD#S0fAQFpt#oHo2JMN#-Atjx`~ zDtv>rGmwr5>Ly6^=uyJTO1hG1EPP!%{Y3}*&$YF+vDeU@Bc4`;PM#EGEuWMHtSFLQ z_arw(T*$@`@P`iAX>q@xg2vAC%#$@WmD--?^`%nswV?F3A)+i(tp^SrYR~vG611%? z(bhOoM-cjjumeh`Ux>(dhlM$EgaJGZn*(nRSb~EF1*5|A5`Bg~)g7zu%ud|g%OY;b zCdH2zSo1S{_;4obQNgepcS!yiS6mVtwRr;?sgUYNG*DEE-IYco$Ev98oVr4sGEEu6 z)hwG_!q6+1qG1E<<1Q6+4lH^P(U(oszI^$5ct6K&P6Vz19ttxFuWz5vxa+rC8kJd` zEBY|Ece7?RZrNm`ou3RbM(zBxqM_L*z28nxoT8qNNuRjBjFNKF5_#me1&X#cA zZVNZN#=vgPIXuB|?pzg&kCaJmCI+<~oF2~^Gpf)$_|fEfI#)yg6}rqv~2G4%<*IvEk5@?p6+?jIN6_%$o1`@DZU8M1hc-=NykyKT>{D|`N)ZfpCJ zNrx@#mPphaE>%-i9iZhovL)a$UGPljJvM6kzZ>j=>bf^PUilFBbo&PT6KBqBL9n`- z-KTV@gDe8@*d|HGFr)c!?eHya^IrV7x4K;E%YlT{Q>GUNYI~_RZ`Su|$*MI|vAaw3N%D&}yR#b{@~w|w-W=9=<-`5Kf?#dAj`?K!THUifm(8enc3%Q) zQ5bQ3+cv+s_8yau$^D#RF)Tq{QzOm!1#@4^H(@@xKmVx1+23D^y9NKN@$8?Uy=iIg zmnV?wy;m^y1M3oYonmX-;1LZQ>T|>PM>0}M#kXzPJYR3?j=A+y8~%r5T_&h)Na=@U zCA>ZlSN@$dbyJzvA_&C?A^tyq*G}{8&|%;ysgMGT`4*pO*nd#iy3oG65cBtn<^A4) zHwNtVMTSut0n)P6&O4m39J9>aW9r8C_R~J^Q@@y;T($5nC3SnDvZ+D+l`yKS!l`@znBjwM&|;XU$6B9;K!A z6k=#*v9nwMxv= zdS&(cDZWpW55tPIHvZZdzMtmr+Y9&hly0g0oV_bpn%20b@X188(+4{xN%Rq`Fhcm`LL#vP1LeDUV#-3pHw7o%M- z@$)bhk!(z#H7h(Ug50*?OJdIgE2%$G@h5*++|4B?V9FFQ8fu%`)to*^^K56ixw$s& z@EEM6C2*XgsmC1N{E`&71UYzkfEHIk~jtks(C^%y5p(o0q-l zqt|YW0db4ya^ETHxK$(OdS+$AgAz59SYz)IYVYPXoseEDx5qrb!Z7z#OYQdSCRPDm zL_2h+_WZB53-P*6-Z#4K6x;T6L(P?Sm#=tTE=p^Dxqaqolmk)m_ZiF1Aqh@1XU=(4 z4Ogxl$SRABjLLoRz%s%7?1L42a@$!0)=O}1m5gaSF~?$2u~UNsj|olJx%R9li|&p5 zQ@Z8SD6@aXs^1HsW!>$nXR`q<12X}d2Wt-*IF#QIq&R+_qhsN-hgR0sUsqZB+iL1; zZn*EfH`93NT#EY@rKY1sS!*vJJVjOJ_GfQBS^e?jA=mMi2&=ZG{(4nchNE#2 zsAT(&^mVhDzwVs;I?3_&Q~hD`W8F>y{^Rv7@h8i{BR(ip;JuwsSp6rKNG znG#dD!UMLNXIpAxlVh>Hkd-?#So`^(Ctv5qWIZn*G{_K?go0;}4RMMeEcUzW9OX^Y0mc7p$MThIKXvJR;lZ0e^Xm_KqjJH*)Ujm>>oBLR zm;XYO*kRfuw6#Z^*{?GtU@HGBt^tPw3v8CaqGO%G*JVx3%jb-43Hd%*QC5|ZSh_kt zO5bdCp+&-)vTL79eN{3vY};-(?U(fF)uC?PruMd5=--M$M>*}iodkLI_Km=5k2W$= zam;`50z~&4HhDX5U9W>_pERD1Zthtep_a{!~o-VA{@R}Dx9_bZUA+*0PrO7^dAuO7-Go;V zBOn!n63?7DlbF~?QE}d^SqUdk0--*r@Ss0r^X6YvnlxtsxdINF_0Na>!{IIkUR=x= zd>%pKo_mbnY4{Suh)55;MuHU zR%T`cQ8^|gl=rlH2chrwd*fisJ{57*FqYbCgR!Q@e;uL9vfq8%Mf3&&{di zkv47AX@Ac#k+g+3XlQZk=l>k}yYNBma) za4USkzQn|ovM?H<$BJ_{BOa+KHVRchU-V>m7SmafDvWWY{LRf>NwUm+#q?u`(Zb7rMxW4a&46*b8$N?&LH&w}p-90&k%dnQjqnETsx^+9 zjM;NaD@5h@XsPFzBQ$!8-J#Kea|l%z`8iVLEBKXhON@W=Y!={9%q36~0enby?JCR= zq8bHh5;LYW1TWXr{D|zw_hstn|2*37Tyt1=;ON1FM-L8KJ6wB2LsW0EIwLEdF-Q=T zStBDNHZap#Y}>9~nN;Y-vddA7Fne#i8p-${V#GI-*x*cOOSc~##IS*AaJp?X*L)P z=QMy0Sp}UbuiVyyVZuk_fb2(%Epu z-Xj^O1FQAd?J{nu#2ZdqM`t8@Y<+!!G~TnP^X^5Zf5`9kUB9krl%=1kd`_VJ?))mR z?Z(CqWDTu4*r^E9Yk)}ZVrX(-V5h}+!!a6W{u>R}D#__~4>FgOkl5yF2?x&^&NcrJ zzRT6xT3XhHCywR;aTnDR$?t{!w~pKN5#O1;=t>bE{eLRM4 zs4Z;X+IITZk2hP+U3q!=rSd*oO#l|DKNsU{K#5B?q5JC9Dm2bjh@$0*a)3wuMck1E zu(PvgXD-pBZXI%PaZ`n<)?#+$UoY>@hf>AcyD`|0S`DcZI`fUxKEk>~h!+=Eia8v= z9FE7g*?$H|Hbib+4dQh`On_TqmOGvsIPFY`@x}52WZBQpk3~&GF5j6P{SXh4`Y2nZ zPe=j)gJ4ClVyj`8!^DZ{gbNN78h|jb4UieEsX2_Z7tyU=G6t1MQpTVuqdbrjoHV=T~C68Pmy= z?*MIT_GKISk1u2T2BToNAeS*}z7Ep1a@8ur^6`9EIysR(Kx@SHMWcry6t%LIj_RI! zb>F_V)>ll0+-|$t%fv5zp}-F@aF0$%Ev>4&eJwRYJ0iA(n18mum;L9mYK=Z|yD@oa zKX(R&lYr_zduGwlCfj5)pjTHu7TikPhRLGCWM+87@m$(=EC%#J7X;-3$PYY*8IS)e zlsO@X4p~TJ%uQK0fhU0q6kxGyM{&iVK{68b_4HFzoMN@~pLZsu{b96jmy9Bld;sAB zGk^8$|7Y7))-~7vhNXmeGe(+M*}O9DPr3>h{myi;2}1b-X>R z)4#voI%C*B6Y_+={Qvsp!?bbYVlC3-4Q)5#|MiyJ(xeUl|GlNrFUg%GFPz5UW8@Nc zn!UOLMIoi3L&kSa`@h~+tl0O(e(MGBAO$a9{y>@KoXg`t7bsE{1X+NtH zom%RVQoe~h2uLLKg(-;gH=L|)%-rkPL8iykk5XHGrp;eJqq)H9=D|@bx?YMf&kY)J zB=W^W$JV}iUs}`U+eRGqY|n4Iy6wlOe3gs(|Gtb`xu*P6+W9{^9=Fdtdetv}#0{+~ zyR5h3HxHkG6ESXeKhN4jADV1MGH2R{nJ!ip&GS6}^pKvB{CM%Ho^Dw;miay_{P*v= z<5WEP#QCj7>3^=cl=Zk}^TP2fUv(UqH^T3+>!aIuqc5etco`QMq_Hw%z@mb=SI=w3 z<#&Aa%|i8#%>u149qU$}{+M%1K4--jo3H)H?#$mJHp%iz$yuZJm;Ddlj5~5%a;Dh= zi}-bhx$dc(Lw5&P-@H;C5+)m?+w?1?ydj4J5=;pwW7R1)a{B#pQz<}N~t^a zYF^&`W#M#qThWjv^OfuMCasd0dEBPqk^BqQRh#u^D@ITEb&I-?5m_0dv5ZV;XTwH!j)Zqk__57vUo%DU4!>y5l(ho*MV8FQ} zn!VGG-t|%Bh&_3g>LT)c9Ha+R;i5+(P)Y2%%OS+!C<-Pl5NGMSU#kgU#V@aa{8!V@ zmT#XRF-YFmVdF2dB`Fl9B_icU0nY3#nz)>|aGr4w$g$N$uoqbVSXQrR?P3%r_dX@O zS=MZmIZ`7gDWd+T5z4|M8#%-A?0J8$mZov7$7jxUnAw~d*sQRkL&dpkKHco|+FO!y zPcPW9TXE6i1r1*U-J)MlTh{v4BS}p${#%6nW2=?@Ri|0UmiS37NZFvD)|8ZWb(Ds3 z$-@ibqb|4^-kS9I&6P42>oTp?84K6jf62>_DyaKDeDZ4Rpi1$>+wz8Ab@|@!&Ed#9 zM~9s;7!vSftPS5kYFx^AqkhBf0vwmQ?A}|WnPVoESUlCt^Xc@fM^dZs_JEOsytC5ySa&;00k zBrnEAbc`{2DpPvkw(-sNqTmb1L+*!!^}5!?{%r( zb2ARMR;oF+G|1fiq_?P5P859XYtIGNB{3@-R;!6@Jts|Gt~S-vp|90~){$eB9#g!? zn$TS~Wy%!nyzh3;mk}lr(Cxh4m|C`{ygUMh(}{^!8GlII3sio?&lZk-49`c=sYYRj z;7vje6pxgHq&nFLvHK#Fi|BaS)s*}ch~y8{>JqV>#dyly#}1#&mQiL{i;{qFD(nji zqI5vF-%UaS!|6#9O!S?B=@Tb4kDG$bYwUZPQ)sX>k3SF|PHort`Q>Va+#?mgaCnMu z7c*LSoa76$&l5H(7*Sy@t)gNR*%vGPLa~3%2nh0kf)YrK8t@Aad%DOWe8I#ayzn^X zOzAmX}zO+*H)880&tCkjB16|#jYFK)Mc80@;dW2&M|BhR8{X}WOURGiHN9qnG^#&zk9bi z?4z-+_LbG1k{>96X7A z!tB{4X(YUKzMH-L&W2-9EI<*k1z!7?Kv2TM3gFRj@8?o3)8`U^@1+R$$xD|;U@W}8 z`Vj6N9KIT-&>2I~-kmu&qpIgFr&fGn2OLBc4hW)4*ArR<4pmk@3!QBv5ld$mow)Q1 zgC~_3Wbg+h!}LM#;n_IeypCBi{2`A}c6`UJ>fO~wA~B^B-m_;97rXUWqrYpHwO0j~ zE&xc0SUf{|E+XbOU@6SA>-9ds{IqI^9wdrWa^a#ExGJ9|6&hW z6O#!l$q7D_0tWT+y7@S4)Vx8a63MR?=qoSTukU=a`*g4Ur9PVODa!9dH$@&FEul7` zyunpRK`lC6G4bsYrNZwY6EDOEojPwBKlMO|BbJ^rCVP*z+AFHR2`paL)wd5d46Jpg zO}s5kFj-I5OevP@%vrOTPb^Fo>)ErXtO+(UdGu85!J)C2_AQB6U_x381nw0;h!tXB zV8Femb(0bl>IF?MyW;+QzUnU`NpJF=5Ru#at&N9=p2*Y9TguV0&ifO0m}@y#T1vutg*{SZJlP{X7oV21%R65PPr*oyMZ60sl=$SPw?+Gp*uyDCFZ z2Sjv7@pMMU91ag3iMTKSiV*sK?#<54-Lrc)=N-Kk0Lsn3exZDCj%xmUHEm0KxqrgC zbqFE-{3Hf76n$6k)fHnO8WA!_yX#(8U+MNX-0O1g;qmV~6wK2bdM)ko%rz1#e19Hm zJET3y(b9JQ^SVzVcT;`5uIeP!&t2aCiF{Ah)m3N9`|WgX{C*A*PBAXkwG%C;V5&6ZAw#y&iHD94y z{tc0nk!6H_vCTEqb>v8Z_7=b1Tz>U@T#$KuzH3}whk)^YUv-%fgYALf8w7er0!8OE z{bEgsiqXPAP;v;NvuXDZn&lO@$FNHEd&i!HEk8dTJ4__-iw-@J>KEVB7Z;u6*KW>< zNEWT0CIi9l&r&~FmQnxH+d~>Z1n?(z=uKNQv*TBI?T!5 z{uH|Cv$IhJDDUjSK0sn>?wuBsRYpKv&8CouWuq~I*78ye9VdYw)PC+|q~)>Sl3YnO z!QDYPS(FSyHLv}BJl1;t%0DGE1_5(w>AT-njJ+^=+xb`VYB@Hx(|5?Mm}p_KEL%$X z+=a~>R&L!q-`ud~{iVaJ2F1mG+P~_a?~{%#dHcd@i~4oiFt+PgHiVOr{*hYM(f8*j z57E+?H^bWRYeL0~T?gmO)fSygJJK`IE~vn&rE|@?!k0eZn`$UE{JS0QvA?+c!tF8a zmt53?Z1;iF7O++6j{pGr1)@(K#XTcY1o0zC(0)&PSn&LLX7^`)p%D=zFwQn#r5Hqj zjXYpJi6UCSJ4U9=;Qfhm5eJJqcZ@AV${T*Vjh_GX4edopG0K_y2I0qSoj|aF8#l)7 z&k94v_`aH;O_*ZpE2tLBhg0<)$ydhu*>-juOk?pQqogDUw3$4)l2Q~P-X1MHR}M2m zM`>MwW4Y4Ch7a8WGxdfK$K(Nf60D@`Q#_7;eC*#v&k~>Il_1DQxeT4QdH8K1>NY$+ zOldgpck<;g|&4_|8JyvbsMI?Ov@F94R7rY4djI^Uo08^-1h{3kto+j=~0nBUkpx0TmB z@7E7?DmJbuoT^z|;5sta_)hbclO-lHM<0q8ZyHO|1Rj||x;2GC5l$%{nU5Zw3+sYgRnf)Q z)l_JFL+DHFfxSMz_(Ili5?hO-1>#wWSZX&Otp^$9>wzfd*wKi&o>n!|gwHPv+3@_y zlM7_z%+VVfp)Di9bB>$;Vc8zHHz zi6DGTU3ccvCC~ZuqxkQnNgYf+qCSj^SsoDH+n8i!bTGpP-io_DnA5`1kWRQhS4Ql;&Kl z_QJ#OIP_?G&HQ4?((&8z|O0$S?)KFCoKgEK^y8*q}=9q zY3U=_c!GLdzH54VI!L%5qbxgk8Y{vs0n2{-@grh_1=i05?&013d2awdr{-t9#e6Tb z7G)g@Phy+7^C~@ckcH8?)qgk@(90(*BL>K?~QliTQruhIZuy~j3&Z3Bx zbz0Uw$>Z^tk@2JN;NHAV_pFvLin*%1G{YMrW9w^@ygkJw$BxKlzc!#Ovpc1B~+m(*_^&$QR3>CY)P+J_5L zbacPEBvu*XBNLMyxCaDg_INvnxfm3FX!Uq7g&-mR6~uf5s0Y0ya;`XMeOWRjFcWZ# z9C?bB6|@7>FeKClg{8n*vmFx?63#BT(T4#7%OkN5==dzjpMc3`bw=| z6T}7M8C&Kp0>_h96FvBzL^T#m@W-QIEc_b=|x=dJMa*sudC+Z@|Hw%?WqX7DC z;Y9|XW4is(fPfq)1(o51(Dk04>dtyh{}G8gE*FPr8B0IOuMVw4w7wLa*q@e`mT-l= z00`oHe=P_WRQH{gTY>{%mS{QNMoS2()R zyVi$>A!wH*x5sdT2GS2TIocj}P}>mI);o#=j36Vo^yd&G2Qt$SOZ54C^NiW7R%sWf zpIc-#K5`|1Wqsz8^uOW{rP94(-r>WI&l5^7$n{fre-i9>#Cl1Qlp>~61%3RCelrgIZ4a4sl%b+g>Bu1 ziuL%zp82Y#e|!Y^wY7Z$InUGwWYAugKeei!6zLbop4}WycPU)j+Sw)&$#!QcrRlTv zcOStqhj&h?Q~i?=hv5T{hZqixJNt~nejXj_!$smHXdma@X+z9c8ya_d zv-8ihr%!LLel^@-9(-t^-1@?2GRgf<_+9L8VIY5Smj8gD;Nuger@rpxclW@@D6_eT z*G{i|Dd~4QI9NM>gR1ot4k!@c%okJa{S&I(6OxL zxcIeTZcxwa_K&tXJktN7^Nhrhcdi=>M+98CR(^9}%g1Zy+cX^(&sUs(^+n#{$046n zzl~}4{8`jby*6edwKOhxgm-eLjHy_1$I@AauN78DefnIblOjLxmY_taDfFS>@tzQ4 zr>UWFjs6xgVA7RvZ}xwA*?MJia&5YoDD%cfD=R1%&|M26M5WVRail8}Ah*%Y7zC05 zk!YhP!Ihi^l3`9Vk{#QCjLBix4`ztGYE58iDee%}&FN$rr?=L6)=AF4n z0Dp!jp&Xa1koGSQU-@7ifP=HFKDd0Th6Q3^#7gON<1zF|QM8s?t zo}fZI1HXDOzhiY_yUaK*jRix@U)KaT=YSGc?QfpOfFGbHfLp$`>g}}}t{M<&J&$f` zMB7iZKu&)cRiKzEf@YCUho_Z2TvC}H&0&t)S>lNkT!WjtyS2g#n$7uq^r>)xx?&GSeYNB0NuH3V0SM>NT2klHEHNqEhRy7lXI9d@7(b{{T zp4ML%ipKwr4z%N6r<;T%tfhu1k~!}j3Ay|0i@P@Zh&(=8oIgZ*S3YvazQF87b!l#+ zSsm|Z>{HT=lKemO0^zgwAIXEW64IP~`#`j@Z-X6_3J~FiL7wgUD$=|Pf8s$Fgz4DNC!#7vVSlpJoZSe{l zl+?5#OQK~NCnZKpzsOw8bpUUdCfn)snX1|AqMgpWn~X+k1@I*cMrQ;_$xu}sEFb6O zF!pmHndj3iLfJO!B7f%5C(GbLSrA zML9xFK>8lRnoWL%P`*56}<>(m~#{94N3o5N6OT<~$s47>&g9 zgRGB`jQVA*=bFf1m@c7TAx#7TTtL*K^)fVmGYvEVy`}NE5cq(&|5ga4T)zA)H}^BM z+JrMtOKTI8VO`&mS=7^w*(Z>*OB*Z=GeUMqlj!z>_@-&C4tHZQxtSKCishOb0e(eTp1t2YyvuM92O;ShX zqorlp_{8)z+3G#>jsoRp!A_2&sxF znQ4y6haOQ3ItY4AN4Ln<(eWsHPE^8eTNo+Eejc*`E8Sm9ulg*oQqOHLU=zRgA4Ej&HWx!_pfmg3V z8w+I$2Mr7gLrWMo%cHq}e`$uFESLgrW#;j#sJe+d=x~AHIfl4}jrH|32}RIt#LORb zg0z7VhJl+Pazf1bNa*d?oCHjccU7MrHzD@(Nhn!C`L% z8c-@#5?AbGXt~0}k_}8Eh2h+RM@u(&d3Eg63EP6=AnX_WC@UWg5BFkS!W;z5-b3-X zdE-Wm69HoK>ohm5E+29J`0;@U_iz(|DLIL_r(~Ap0i#h@v19RA^T?Ew=olRlM56T* z1!|-fr#H(C8`>rL%;b1<1h3s8e^@Ac!yT_6I&k1w#ad;lJR)Dn{ko(ElP~s$D>?!&w zj9tD>l$eH30}f_N(maAzPLJ!}r9Z!NOzhtMC$oifa;Ds@W7HKa&8{S4&D?DXr!@{w z^*ddpc48`Uq;Gp$(-c(=jXe*R?2{kP2a_wGC3NZ1Rd@X^i$w5}=Kuq=DZJ<+xjzf$ zTcJ>DgJshurO{FE3k&x}gxTmD^k!31>k)ZRo;f4gty}L~ZwDOKC>KWytH(evcC<*a zCS=qjyI%7ip%|(ahNEHQO+*nKu5~|KYLshj=ZyE5j;2&KA{X9N*f%Xr$&rx?5xJQQ z-}w?Eex(inBjLQSX*xU#S|I~vC^I-F^b7> za&l!FPMT+w4Pp={cNG8Q@yPAQPYMgIUptU}&zf;o({s{gAtO$d8poB^OW0$OZum^? zhgbL_*;87^5+T~M70ZviDL=@fijYis6((u9b?XF|f&KRfW_Jrra4st@K88p9!eN5( z_|c>EA?i*W7+3A?;pzEcxLRc>jH_J|UPswghZ)V4@)}Eo@>v$IC1*NznQ_!Tc@`lR z*iUdOoHQw(szOzD+ee8fY5F?l;>HHju~KLLcNSPV()N3&@OZ_X(;9Pn#lUqjUx6om z@}y?x&U+Z^mz?&V@XtSUUSd54sGKE5B`Az&Acq}ZDj2t38_Vw zB65dlYTBi3y>;NgY(f=z-ZmLL9Skr$cr{*xBpW{}yQlN&*N$`2?$s4|=f(L2>{JKN zT1eFs;H}T8$dy4sjvT?~>K)p28ca#>Il0RamUXNxvh&d!{3Y1$WHfmJw_9L1V zRM{kzf*mseYuPTMpCHl=3VMX!AAOL&X;Jup$+efn1A~HmAoXz&fM{Zjqo#}m{remm zYAoQmxE)b9@jxJ>A0fY&Z~@_VhDWHW>B_-Q=7&oI2s##h?eNvL(|W@=qb`!|_5)x5 z$m`(H1*c;3jOcCyGDDdGU3%?W#Bcgj zuv+z>V}IRROssE_;0rMS2I(fYrEJ0rSFYfG^nwIZGfzB(S*)q6mj=2H0=Y&-{rbg= z^@LxbL-rysc-o6}@?E`(kf6Mn8Nij5e|a;@Dk{DK8x#fKyxBsIMqgosjy)=r6nHZ- zPr`*W%L=ez{>3H265&v&Q)4g&b%{IOli=Tk`14HjrQemCL9Nr3mfE+)k^|o5Eh@hi zgoc_M#?N13W}KxZz(M+tK#aIknFqj(X7IE5c6N*#K6U;2Mou!YIvVv`8mq#v9fLU| zEz|w(<)4_yxWxnp9}(*7{I6cVOkTC%s$1lN1J7BrYflXdC;-e^V;pPCP>;PTsb8NS z&n1WFjMLn2COy@1_UutZhmru&%4uDlcm(%!g5Y0#x<_dn1{2ZTK7JWqSwxT9#fEsP zqJrJE%goqVtghiU2sLR45VnDDo8g{&YI8d~)Wd*Li<#-(&-iY>>HdRFuP99A<(tr+ zBCEFS9i%#^F3o;4C^{Nea8f<)7KNDK*VCK~kT`twG(sJBul6phs>ITm!;wO$3R$h#W2fCKO5h6ZYeJwUt8 zsed=n+l9DxJK$3VC{Q32b4N0izu3TBi zc-q2?v9Tq9KCEy^sv~GZ$vD=mNiLXX-RX7>b7e=MX(LbqaLcS#39RUnBGw4g41*8v zKyu8_0U>H6KFqjVD*ck7@F+)ko2Dt%H#!?qLOJwe+Qn0velgG?5u=!T#o&PIe#_{2 zAQa@!mk6IU+3M_!umTH%p>a|-a9bc<4G%YUGqz8W2!CWoC&F*VlDhd`!760)=CPr} z_6@A`)SiJqbjzJ>h7JhF-e%#9@0UWYStbW)*sczcrx40IV7r_&+y{uXZQ*8`db zW}8wbMt0TOvM5J;Vtv)16LI9Y&|(0SNS+ubIb^u>#Dv|u9K+sRlD}2|+jL)~SSf<)1 zYW$00=3fObBzlnN3Xmd=ICR2o^(*6Yuj`Vmrba}}MZZNYN5P@7dOsNP%-e^)t8+*b z#R-H}WdBR_WKBq{=MiFV-D-uQsboMh{UGGq^hQD8u(ps(8m3qe`o2ig`OSQ^c?2Ty z?F;#DwA-MiTsl0vK((v2WbyM4iXPJ$96pX2k{REkJ%&`6v^-XI+|g{Uy#GhZz0UbH z`Ck2vjC{+pLkJn*s3=;>Ukn;IE-I_68}{zpbkZw-92L5EKT%Lcga%heO-?r5^m7w= ztaA)uMIx3BQ1bQzr(k$ptWIB+wIQeNwQKr--dptSZESQ$jhe05i{D>5UsI>gO1c9! zUgCGq41#HaMcA6EFRw2F+NM)!P~DM-GMLiIsh!n?pyWiFuPI9pC(Y&7srCo8#COS)^O1Lbp=RC~7v&xUW{=!qm)XAb z^>xfwIg2?<^4&;$@K_V8W zwIoZQP{^~=)Sj?g_n=?j3+3N~>aT|zSe^e+zO{4F%U++gADD$_l^Ki~Lv`Q{MgSPM zaG1P6eRshTlhXv(dU)xctwRebWA?*+y1%*H#c6|@2G}|{2lsf zW{H*S4?>gUG8hhlfC{#?h7*X0&)5spcmOQqfg)SvI_L8#^cGxMaexLKgl&jb5dGDu zWmr>pn8ZF|_UitwP|YwbW)J0lM{pDuw2cXKg;*nGMS%UV#3!VncB5FRR4r3)Bgv{1R#ujkslWLQ{lI}4;CNsC!KBGKQ-&Ngw+xY!6lw!{4Y3Ky4|=dk zd&&&Y?J|e;T&6H@<;H+{13k0o!~$hgm5c^blDo zf3p4V6>9#{dDE2-my6H!M3IBjS_0TiVFhMi6)Uk}frahpu+ z#l|Y^@eAtA=tG!>y)vhhl1M(}d@ckUzm_XD%8pk|KK*jj^aQsR-abC`jIg!MTao}dxP!}pL5LK{TCYzb?`JvTuY1sA&)-6sNj5~lckh@-wrlrp z5ZJP7BWjmsL_a01v^Z?bT!uRvWTcGs&6yi5h!G&9$;DXD+z4`S1p1S`Iyi{QOPPbVAms=NK+MAeMQ=#z!}b!8 zh77skX3M$^d?dfV6p1#OESf2@PPC25SFWJsNsx3J_>_+wUOIJ-DA-mrBUeG{&lKJE z1*~MiQ2{8ynGx+-d_KCacB6NLzs*eEIJLj(V}<(VP-}6KyJHHo(n%Cldi3xhGa)je zR3%aD=@bH&rhj|Lq_!O$Hm!D6Fj;cgbx5DUSJc|I+P#T?AL=$b&zxJnBWod(`uf*K zYohXX-r~^+^iJqc#L0*Q#LzX&OK156Yqi528Jj+*#n05=vBB@WOR^n3s*Oja<%boM z21&$Hs+T;K@7>$Xz8{(TlznOdHmj40x2A>VXrGFc&A7Yuk{ge%lG>h#cLWIv6#`wI z=9i5?DNs2M+&W{>@ZtFYplL^uG_mIdoDk({kXcs_vWTRF``=Hc-M&O zCkn=tUl^gYI@+0J9CjmP%vn-pK0#CTJG4-UnP}OfOhVRDqCe)mLyC!^vsRyj=J8lH z0q}{pv+e6K&kUKW>b{J4S$n1rpB*7x_#(c;Z*FRBpa~ev2#6Oh_v0=5obS`BuZRC6 z{PphL+qu)ePegphcY8C4n?d~xcu_)$9esc|7M=Hvi>e$Gf67$BNnO0Au<#gpW zQ4JFEisceB?jkxXy*|b{T%~`w$DN%PLVyF6q1AbJmKy0Xy}-7pSKzIv9e^ZursJX2 zUJ>C0|D?CR+Ab$H-YzrYp^9bvpyUgPU3ui05o?-;)PRVFHp~f6_;44+B0{(P{OQ#u zjZyyxtr=E$9-eAib3#4-!dCA8RP94XaM1AYgf-`a-)Sw?x&8aAWeCuU*8ZuHdH>E> zOKpyZHQVR(95C;5UD1p={XG=!7&WOX_RQ&O{X186|BeVwYo?luu1?hy+iI_{hD)%i zXu)ZiQhmDbnrv>*9C6jc^6X>#du_rU6Et{v$oLRPJ%u|(!2TOYV==}gJ zyR5qU;SxOssryv*wYMHMHhOt``rj*|P#f>tc9VDjm2vmlG~ksjG^CdnCLI#8Y&$zu z5g0bse57Xl#a7xiy?;1*@zn?tN(F^TD!Z2RpRX}55`v*e`{_&y-P-qabNV5cDYK67 z7-Dc*A{JDJIKO;??X+r#aFnx1i`K9I&RIi%rLn2j*0@^o358U8UZ$!DjWdHN0Corf zO-w5!V4+huOoZ7KltoRZpfrzZT2f((4%|hH5-uI1 zwjQT>_$x;+Iv{Qv&PqLdk=cE*QeN6Zhk zvbv2;Bl=L;lHyIpEWG(U?$TfNmvx}7OoN1U_=A$sr0wWhVugR_8zf$oNr1j>aq0T| z2P)2a$PrS<@YG+w$h4YTevSy~PRM3*L(}s=OC1}D!%Vpo`HozMdY!A%96A*7G+?%l ziG)$G-!)9rQYe2Z(x4Pv*2x4~lB@FTHwlAR2E?q*xeVHVdo> z6D63l_leu+d~HVN){8TtuK9S^MFiz`RyWaFh^*VU|8exk5t>fw#_qSXBj-k*z?*x& zBjplU;i<=rRW~veWb1*Q_ezw;Z+=D_f*zmCcSt9-k<>=WNpk{hOg{ieWu*O;q6#rO zyj40SX@Fcla2`M$3^1(oGODbmu5+GtxvQH<4=kPooc0B-mzj14LWI2E(yMR^K?$I* z@wUW27=wMk>?#Jqwbhn%5Q+oNOqyb+MFy~9X!cbXl~+`N4IMpv_!o^+BzvXWcbIKe zQZt`T=uP_7)Wa3-pS9mK&xFV{Gyl~qoCK!;2#I9c3Y8vr_Ba|WY5ZGLtWsx5iQ0Fh ztIXEDyOe0ldin67lmo6);{%__VOJyC0HuO;w8HH|>iE|rD zPa*YGFB;5>#;x8Zb2nnOL@f1~VC&3A34hed1#G-S$lx8}I~V0#D3{d>GFSgExFO_s z{yMFDU`XKjlwex|^-jyz7c9n3Y>IdTIX8Ssb})(Y)V~wh{SHkJZb6!BM)~CYjemy< z%mGq;iqNJv882R3#R|bDkqqADk7G)Eg75VgDNpeBOB;h(k&LXY+Su+E$Eqa<1g*$8 z?O16R^6nWeTeF>sY(O7+HW5(b?E{a;Zt=Wqnd|8Fc zErHPe(kJm&uA=V%b?vJcN)kG+Xx~}%K)k&S_wg^))q7RC`p|s`?;&e~WH2jcIU-wd z!_;>alK`R&|1e%%XLmBO&zelz;V|9F4Rl~gkx#p?bpHgu8i6eSJy+4kp@T` zAQf}6vq`TeH{QD+Zu(Z}$p$#5C>b5KV9uP~F}shwi-j&hFehN#b#1hSB>YS%qPwB5 zqGCYn$y#(3ltj$!s9?h}Zm^s0pby~qxK3xBqm^#vO!`{FAPUgaq4&M9VKqbwKT~@x zkF*)t8*N}iehpc&JUEvcb=;a_VTuh6|JPT;c{l?#ytntL0FcShNUL(2ZZz{Prz zAQTyS2A%)>v$XFN!~v!%#tD)}lM5`b`niKxmVmXOFDD^^zWny(?GLCY@@6!)z)PGd zvEC{NFTUb5sNtBVo+JH-R5O!cV5r;s)aMU`;W}MA?f}IvdHD=xofk?*a6$|Z{p5;j zPaGqa`czqoCkZc+%42~{*y4ZSC!qYsygWG#(VL>1kX3mYux}rTKm)Zh+|QgGD4q5X3Ti#dSUY zm>xc4J9~#T@0ltGwnTF=E0Y~6>A@8o-s%%imlep3~*&~5${V7WcG?Zd(6RsG0fKX zJ~Ac_L-j#eax2)w`UuX0K1)ysfc@beYf{$2RL3>ej4E4lx77A0> zI*OyO5N7rMhL_!q@!+g$y!DR)dPJd`fsLl*9h%DVUayPT0M|~6rG>@$eGsnF4V5Z} z8)f9=Cfi#lDAj^k1)n(@ZkFsBx_e)FfTeYO!XkMC9R-)d!-ozPJ6R0Smt#?)SCj3! zE5qyqJKVqf5uY%0X~?jZgK*1+7418Hlw5dnXn6nR0M*uohm-_z#7*?DvO#Ol*z%*& zmhuY%M|JW$-9znk!4!98t=xdN0jKbn=&%hY-hM3b*Wcn} zmj8z^x!6YhzqQ$&{$IY#Y)P*L-u=I`k7)lRUA=np*e+{j1XZ-9nYHP8lZ89}7nb(H A8~^|S diff --git a/static/images/docs/warning.png b/static/images/docs/warning.png deleted file mode 100644 index 1d58e4639c312d777414e69fd9d9a72626ade116..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2363 zcmV-B3B>k^P)002P<1^@s6nbld000006VoOIv0RI60 z0RN!9r;`8x010qNS#tmY3ljhU3ljkVnw%H_000McNliru-vefdrZiK_vhpShg?8#X7*dxG0#VCGC+H|C zly)kp*O zo!oQmI3{o8ku1m8$LF5&_w)SE|2*e$V2qf!^=u26F2K&bK52u2dP2aj1$-vpR{|cN z1k4|>uL$T8ATu5p1w1fT#%PWOuM+8TYyhSWc-sY@7hsMB?=nUkC^!B5CE(9M$fsEn zXm;VBH{0K_p5@tL1yBHv_x_z5h8bSW(tmk9HW=0H;0g(TzoV;W)#E z3wLT5t^p!>d})T)?&&*{;045ie--f2xCk6^s!gD=k>|%RYyMR8GcXZF2Cv|pd?p&Q`^$B=>+!MSP z8c~nbt5u|4`N=1k_4Uer`Z_!5ZfMXA_AGE8kZ{Lq7>8@Qm zvabQ!-SOyI8R?h1fOAR^>g$>M;fEN}X#cg-r%%(>)rIT2G-PNk`T6JcG&Pa>^i$of z?{eXS7>^t#;2%n^F->`O@7{i15<2LeRyYI@2dfoLG0i|L*0OdWm>VQgY+LR>? z&Ye3a9mnwnD;A5%^XJcJwNGr^m?3R}|AEvTa-THNzmN5T1cR z0K>>$ha%gz=USP5DXq)_k6BZbJqXjpaU9?Fp->3Z%pRs$TTAKw{kg_* zU`*>Q0pA3k^mi!(N=gVn^UUBuXuxtDXAoFGx}Vb0bie-AB4EXs1j|e6tpa@GDJ3OS zjvd2@M0`Un;&UA!8jTVN1bmZ(Q;r@bC6!XuBF&xlm;oz;L>~iIs?sl^M;^gyZuafN zwry%_Ykl9VtE(dv@;`sI=Fi7|_+g#0UkyB3EV3_V82(;)lc`gQ9#B(=Wm!y{=9}iC ztgOt}v-)#hZ@q;Xixo7k5eLg#0sjCfXB1wyj=(+lsP|l&)zGr6L91a_2+x>7_}OQ5 zL$n0^&K)CRxDZ&X1j2Q3Hf+!j!Zekf6^TTA2|jb-aMrKKPrLa63`z$U>Jsymu%bCdKRP)IZC!~*KwBvyeQIMHnL!4?CR$#r2-I$Mv1)e zLhjUuVPM;K!C(P6Teo6{Lb@j30_F@SXKxMzD1e`<+DTx_sZ;soi421h#W`U#8qEtV zfbz~xop%BJEQ4o9Gz|9u_bN$!?OFoUr{~?DN|dTR&UZ4^)r8ls)it?a!0r(XL+@Lu z0+gdND=H}2u>;KfyI08r%d&Vvu~WEDP5i+Oz`kIQGhwx^Q%XJ%!Y%4%M>^pbYr7aN?VeDKUnaRyT(jf)eirZ@cJN?9d@yt7Ou_@s4IRg!v9YnB z{$lUELrUM|Ki+(b3sy!_?|Y;x@cc=7^=g6-6jrt#kH;x5FV9}x%FC&%t1GBKtGOBH zsi(9KDB!z8**BVbdK4nP^6gSeg-8Tv(-daLch{$9#{%jvqf>l>V>1|GpHVkczib-aPH$ zfc3JD94{|kT$G6<5(&9z(IQ{4mMmE!uUxrOl>1y>xG)#lZ!L)6MY{5(QQIHj!W|rpWfg9R(51rGI{8bEVi9EaYEMA)MNowTU#qno;+FfdnFGZl)|!fV11ky zX9;-O(^dXqF?TLgKllJN$5X?R4!d{nCYem)I1U{h9h8=q7GHbaxIxdndGwt)p-c3> zH=O-0VRP*TN_3w zge;O+98ELAVVss0l7|ng0E+`Jy71$h_!#-te@Y-YYZhF;t}DhEN3JEovbgclN4Yl0 zuABZB3Rz+JH@sgfOj?%x)rIDMoh8!MFS90b@wNMfSMXwrG;cjY5leF>n1z6^2?&@T z$xoTYL~A8L&~)Jo;E$7dXzfofT)Vj;yIG*Q-CG<}llWkg{sHJufH%pM4j$3Fq{|B@ h&C64`o?aKg{{cOX)t87U(dPgF002ovPDHLkV1ma>c2@uZ From 5940c00e709ca0b9c33055ed09c168fcfef8890c Mon Sep 17 00:00:00 2001 From: ydFu Date: Sat, 7 Jan 2023 11:20:07 +0800 Subject: [PATCH 023/537] [ko] Update Link for Istio The URL for the ISTIO documentation has been updated from https://istio.io/docs/concepts/what-is-istio/ to https://istio.io/latest/about/service-mesh/#what-is-istio. Please use the new URL to access the latest information on ISTIO documentation. Signed-off-by: ydFu --- content/ko/docs/reference/glossary/istio.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ko/docs/reference/glossary/istio.md b/content/ko/docs/reference/glossary/istio.md index 86f0ac9b3bb9f..59d92a5a5c62b 100644 --- a/content/ko/docs/reference/glossary/istio.md +++ b/content/ko/docs/reference/glossary/istio.md @@ -2,7 +2,7 @@ title: Istio id: istio date: 2018-04-12 -full_link: https://istio.io/docs/concepts/what-is-istio/ +full_link: https://istio.io/latest/about/service-mesh/#what-is-istio short_description: > 마이크로서비스의 통합을 위한 통일된 방법을 제공하는 오픈 플랫폼(쿠버네티스에 특정적이지 않음)이며, 트래픽 흐름을 관리하고, 정책을 시행하고, 텔레메트리 데이터를 모은다. From 39f15d694d1edda18b1a3588f144f65e51c4db6b Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 6 Jan 2023 20:20:38 +0800 Subject: [PATCH 024/537] [zh] sync kubectl-node-debug.md --- .../debug/debug-cluster/kubectl-node-debug.md | 172 ++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 content/zh-cn/docs/tasks/debug/debug-cluster/kubectl-node-debug.md diff --git a/content/zh-cn/docs/tasks/debug/debug-cluster/kubectl-node-debug.md b/content/zh-cn/docs/tasks/debug/debug-cluster/kubectl-node-debug.md new file mode 100644 index 0000000000000..e0a3638215bc1 --- /dev/null +++ b/content/zh-cn/docs/tasks/debug/debug-cluster/kubectl-node-debug.md @@ -0,0 +1,172 @@ +--- +title: 用 Kubectl 调试 Kubernetes 节点 +content_type: task +min-kubernetes-server-version: 1.20 +--- + + + + + +本页演示如何使用 `kubectl debug` 命令调试在 Kubernetes +集群上运行的[节点](/zh-cn/docs/concepts/architecture/nodes/)。 + +## {{% heading "prerequisites" %}} + +{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} + + +你需要有权限创建 Pod 并将这些新 Pod 分配到任意节点。 +你还需要被授权创建能够访问主机上文件系统的 Pod。 + + + + +## 使用 `kubectl debug node` 调试节点 {#debugging-a-node-using-kubectl-debug-node} + +使用 `kubectl debug node` 命令将 Pod 部署到要排查故障的节点上。 +此命令在你无法使用 SSH 连接节点时比较有用。 +当 Pod 被创建时,Pod 会在节点上打开一个交互的 Shell。 +要在名为 “mynode” 的节点上创建一个交互式 Shell,运行: + +```shell +kubectl debug node/mynode -it --image=ubuntu +``` + +```console +Creating debugging pod node-debugger-mynode-pdx84 with container debugger on node mynode. +If you don't see a command prompt, try pressing enter. +root@mynode:/# +``` + + +调试命令有助于收集信息和排查问题。 +你可能使用的命令包括 `ip`、`ifconfig`、`nc`、`ping` 和 `ps` 等等。 +你还可以从各种包管理器安装 `mtr`、`tcpdump` 和 `curl` 等其他工具。 + +{{< note >}} + +这些调试命令会因调试 Pod 所使用的镜像不同而有些差别,并且这些命令可能需要被安装。 +{{< /note >}} + + +用于调试的 Pod 可以访问节点的根文件系统,该文件系统挂载在 Pod 中的 `/host` 路径。 +如果你在 filesystem 名字空间中运行 kubelet, +则正调试的 Pod 将看到此名字空间的根,而不是整个节点的根。 +对于典型的 Linux 节点,你可以查看以下路径找到一些重要的日志: + + +`/host/var/log/kubelet.log` +: 负责在节点上运行容器的 `kubelet` 所产生的日志。 + +`/host/var/log/kube-proxy.log` +: 负责将流量导向到 Service 端点的 `kube-proxy` 所产生的日志。 + +`/host/var/log/containerd.log` +: 在节点上运行的 `containerd` 进程所产生的日志。 + +`/host/var/log/syslog` +: 显示常规消息以及系统相关信息。 + +`/host/var/log/kern.log` +: 显示内核日志。 + + +当在节点上创建一个调试会话时,需谨记: + +* `kubectl debug` 根据节点的名称自动生成新 Pod 的名称。 +* 节点的根文件系统将被挂载在 `/host`。 +* 尽管容器运行在主机 IPC、Network 和 PID 名字空间中,但 Pod 没有特权。 + 这意味着读取某些进程信息可能会失败,这是因为访问这些信息仅限于超级用户 (superuser)。 + 例如,`chroot /host` 将失败。如果你需要一个有特权的 Pod,请手动创建。 + +## {{% heading "cleanup" %}} + + +当你使用正调试的 Pod 完成时,将其删除: + +```shell +kubectl get pods +``` + +```none +NAME READY STATUS RESTARTS AGE +node-debugger-mynode-pdx84 0/1 Completed 0 8m1s +``` + + +```shell +# 相应更改 Pod 名称 +kubectl delete pod node-debugger-mynode-pdx84 --now +``` + +```none +pod "node-debugger-mynode-pdx84" deleted +``` + +{{< note >}} + +如果节点停机(网络断开或 kubelet 宕机且无法启动等),则 `kubectl debug node` 命令将不起作用。 +这种情况下请检查[调试关闭/无法访问的节点](/zh-cn/docs/tasks/debug/debug-cluster/#example-debugging-a-down-unreachable-node)。 +{{< /note >}} From e3c09aedf14996816f9f5d189159b52facdfc78a Mon Sep 17 00:00:00 2001 From: Ritikaa96 Date: Thu, 24 Nov 2022 19:13:46 +0530 Subject: [PATCH 025/537] Adding references and glossary tooltip to control-plain-node-communication --- .../control-plane-node-communication.md | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/content/en/docs/concepts/architecture/control-plane-node-communication.md b/content/en/docs/concepts/architecture/control-plane-node-communication.md index 785040cda316e..2cfa37d5c59bc 100644 --- a/content/en/docs/concepts/architecture/control-plane-node-communication.md +++ b/content/en/docs/concepts/architecture/control-plane-node-communication.md @@ -11,7 +11,8 @@ aliases: -This document catalogs the communication paths between the API server and the Kubernetes cluster. +This document catalogs the communication paths between the {{< glossary_tooltip term_id="kube-apiserver" text="API server" >}} +and the Kubernetes {{< glossary_tooltip text="cluster" term_id="cluster" length="all" >}}. The intent is to allow users to customize their installation to harden the network configuration such that the cluster can be run on an untrusted network (or on fully public IPs on a cloud provider). @@ -30,28 +31,28 @@ enabled, especially if [anonymous requests](/docs/reference/access-authn-authz/a or [service account tokens](/docs/reference/access-authn-authz/authentication/#service-account-tokens) are allowed. -Nodes should be provisioned with the public root certificate for the cluster such that they can +Nodes should be provisioned with the public root {{< glossary_tooltip text="certificate" term_id="certificate" >}} for the cluster such that they can connect securely to the API server along with valid client credentials. A good approach is that the client credentials provided to the kubelet are in the form of a client certificate. See [kubelet TLS bootstrapping](/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/) for automated provisioning of kubelet client certificates. -Pods that wish to connect to the API server can do so securely by leveraging a service account so +{{< glossary_tooltip text="Pods" term_id="pod" >}} that wish to connect to the API server can do so securely by leveraging a service account so that Kubernetes will automatically inject the public root certificate and a valid bearer token into the pod when it is instantiated. The `kubernetes` service (in `default` namespace) is configured with a virtual IP address that is -redirected (via `kube-proxy`) to the HTTPS endpoint on the API server. +redirected (via `{{< glossary_tooltip text="kube-proxy" term_id="kube-proxy" >}}`) to the HTTPS endpoint on the API server. The control plane components also communicate with the API server over the secure port. -As a result, the default operating mode for connections from the nodes and pods running on the +As a result, the default operating mode for connections from the nodes and pod running on the nodes to the control plane is secured by default and can run over untrusted and/or public networks. ## Control plane to node There are two primary communication paths from the control plane (the API server) to the nodes. -The first is from the API server to the kubelet process which runs on each node in the cluster. +The first is from the API server to the {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} process which runs on each node in the cluster. The second is from the API server to any node, pod, or service through the API server's _proxy_ functionality. @@ -89,7 +90,7 @@ connections **are not currently safe** to run over untrusted or public networks. ### SSH tunnels -Kubernetes supports SSH tunnels to protect the control plane to nodes communication paths. In this +Kubernetes supports [SSH tunnels](https://www.ssh.com/academy/ssh/tunneling) to protect the control plane to nodes communication paths. In this configuration, the API server initiates an SSH tunnel to each node in the cluster (connecting to the SSH server listening on port 22) and passes all traffic destined for a kubelet, node, pod, or service through the tunnel. @@ -117,3 +118,12 @@ connections. Follow the [Konnectivity service task](/docs/tasks/extend-kubernetes/setup-konnectivity/) to set up the Konnectivity service in your cluster. +## {{% heading "whatsnext" %}} + +* Read about the [Kubernetes control plane components](/docs/concepts/overview/components/#control-plane-components) +* Learn more about [Hubs and Spoke model](https://book.kubebuilder.io/multiversion-tutorial/conversion-concepts.html#hubs-spokes-and-other-wheel-metaphors) +* Learn how to [Secure a Cluster](/docs/tasks/administer-cluster/securing-a-cluster/) +* Learn more about the [Kubernetes API](/docs/concepts/overview/kubernetes-api/) +* [Set up Konnectivity service](/docs/tasks/extend-kubernetes/setup-konnectivity/) +* [Use Port Forwarding to Access Applications in a Cluster](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/) +* Learn how to [Fetch logs for Pods](/docs/tasks/debug/debug-application/debug-running-pod/#examine-pod-logs), [use kubectl port-forward](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/#forward-a-local-port-to-a-port-on-the-pod) \ No newline at end of file From 97693ff04461081a488a11a1ddd81f320e8be2fd Mon Sep 17 00:00:00 2001 From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com> Date: Fri, 13 Jan 2023 11:05:25 -0500 Subject: [PATCH 026/537] Update page weights in /tasks/access-application-cluster, /configure-pod-container, /configmap-secret --- content/en/docs/tasks/access-application-cluster/_index.md | 2 +- .../access-application-cluster/access-cluster-services.md | 1 + .../communicate-containers-same-pod-shared-volume.md | 2 +- .../tasks/access-application-cluster/configure-dns-cluster.md | 2 +- .../docs/tasks/access-application-cluster/ingress-minikube.md | 2 +- content/en/docs/tasks/configmap-secret/_index.md | 2 +- content/en/docs/tasks/configure-pod-container/_index.md | 2 +- .../assign-pods-nodes-using-node-affinity.md | 2 +- .../en/docs/tasks/configure-pod-container/assign-pods-nodes.md | 2 +- .../configure-pod-container/attach-handler-lifecycle-event.md | 3 +-- .../en/docs/tasks/configure-pod-container/configure-gmsa.md | 2 +- .../configure-liveness-readiness-startup-probes.md | 2 +- .../configure-persistent-volume-storage.md | 2 +- .../tasks/configure-pod-container/configure-pod-configmap.md | 2 +- .../configure-pod-container/configure-pod-initialization.md | 2 +- .../configure-projected-volume-storage.md | 2 +- .../tasks/configure-pod-container/configure-runasusername.md | 2 +- .../tasks/configure-pod-container/configure-service-account.md | 2 +- .../tasks/configure-pod-container/configure-volume-storage.md | 2 +- .../tasks/configure-pod-container/create-hostprocess-pod.md | 2 +- .../enforce-standards-admission-controller.md | 1 + .../enforce-standards-namespace-labels.md | 1 + .../en/docs/tasks/configure-pod-container/extended-resource.md | 2 +- .../en/docs/tasks/configure-pod-container/migrate-from-psp.md | 1 + .../configure-pod-container/pull-image-private-registry.md | 3 +-- .../docs/tasks/configure-pod-container/quality-service-pod.md | 2 +- .../en/docs/tasks/configure-pod-container/security-context.md | 2 +- .../tasks/configure-pod-container/share-process-namespace.md | 2 +- content/en/docs/tasks/configure-pod-container/static-pod.md | 2 +- .../configure-pod-container/translate-compose-kubernetes.md | 2 +- .../en/docs/tasks/configure-pod-container/user-namespaces.md | 2 +- 31 files changed, 31 insertions(+), 29 deletions(-) diff --git a/content/en/docs/tasks/access-application-cluster/_index.md b/content/en/docs/tasks/access-application-cluster/_index.md index 4d7af48310008..e6556d9c923b8 100644 --- a/content/en/docs/tasks/access-application-cluster/_index.md +++ b/content/en/docs/tasks/access-application-cluster/_index.md @@ -1,6 +1,6 @@ --- title: "Access Applications in a Cluster" description: Configure load balancing, port forwarding, or setup firewall or DNS configurations to access applications in a cluster. -weight: 60 +weight: 100 --- diff --git a/content/en/docs/tasks/access-application-cluster/access-cluster-services.md b/content/en/docs/tasks/access-application-cluster/access-cluster-services.md index 456662692ee25..8d2d47e349190 100644 --- a/content/en/docs/tasks/access-application-cluster/access-cluster-services.md +++ b/content/en/docs/tasks/access-application-cluster/access-cluster-services.md @@ -1,6 +1,7 @@ --- title: Access Services Running on Clusters content_type: task +weight: 140 --- diff --git a/content/en/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md b/content/en/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md index 897d44a54f926..69aa7a9668e16 100644 --- a/content/en/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md +++ b/content/en/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md @@ -1,7 +1,7 @@ --- title: Communicate Between Containers in the Same Pod Using a Shared Volume content_type: task -weight: 110 +weight: 120 --- diff --git a/content/en/docs/tasks/access-application-cluster/configure-dns-cluster.md b/content/en/docs/tasks/access-application-cluster/configure-dns-cluster.md index 3535fdb8bcdf8..71ba2694a7772 100644 --- a/content/en/docs/tasks/access-application-cluster/configure-dns-cluster.md +++ b/content/en/docs/tasks/access-application-cluster/configure-dns-cluster.md @@ -1,6 +1,6 @@ --- title: Configure DNS for a Cluster -weight: 120 +weight: 130 content_type: concept --- diff --git a/content/en/docs/tasks/access-application-cluster/ingress-minikube.md b/content/en/docs/tasks/access-application-cluster/ingress-minikube.md index 251bebbaeff4e..8fbcbadf1a1f0 100644 --- a/content/en/docs/tasks/access-application-cluster/ingress-minikube.md +++ b/content/en/docs/tasks/access-application-cluster/ingress-minikube.md @@ -1,7 +1,7 @@ --- title: Set up Ingress on Minikube with the NGINX Ingress Controller content_type: task -weight: 100 +weight: 110 min-kubernetes-server-version: 1.19 --- diff --git a/content/en/docs/tasks/configmap-secret/_index.md b/content/en/docs/tasks/configmap-secret/_index.md index d80692c96701f..900d96aa7e593 100644 --- a/content/en/docs/tasks/configmap-secret/_index.md +++ b/content/en/docs/tasks/configmap-secret/_index.md @@ -1,6 +1,6 @@ --- title: "Managing Secrets" -weight: 28 +weight: 60 description: Managing confidential settings data using Secrets. --- diff --git a/content/en/docs/tasks/configure-pod-container/_index.md b/content/en/docs/tasks/configure-pod-container/_index.md index 462b19e4e9385..230cb8da91163 100644 --- a/content/en/docs/tasks/configure-pod-container/_index.md +++ b/content/en/docs/tasks/configure-pod-container/_index.md @@ -1,6 +1,6 @@ --- title: "Configure Pods and Containers" description: Perform common configuration tasks for Pods and containers. -weight: 20 +weight: 30 --- diff --git a/content/en/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity.md b/content/en/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity.md index ff5df861df9c1..27fd1d3a6ce0f 100644 --- a/content/en/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity.md +++ b/content/en/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity.md @@ -2,7 +2,7 @@ title: Assign Pods to Nodes using Node Affinity min-kubernetes-server-version: v1.10 content_type: task -weight: 120 +weight: 160 --- diff --git a/content/en/docs/tasks/configure-pod-container/assign-pods-nodes.md b/content/en/docs/tasks/configure-pod-container/assign-pods-nodes.md index 1e19a26fbba88..9c70faca16815 100644 --- a/content/en/docs/tasks/configure-pod-container/assign-pods-nodes.md +++ b/content/en/docs/tasks/configure-pod-container/assign-pods-nodes.md @@ -1,7 +1,7 @@ --- title: Assign Pods to Nodes content_type: task -weight: 120 +weight: 150 --- diff --git a/content/en/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md b/content/en/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md index c952ab361cbbc..c84c8dd4b1561 100644 --- a/content/en/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md +++ b/content/en/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md @@ -1,7 +1,6 @@ --- title: Attach Handlers to Container Lifecycle Events -content_type: task -weight: 140 +weight: 180 --- diff --git a/content/en/docs/tasks/configure-pod-container/configure-gmsa.md b/content/en/docs/tasks/configure-pod-container/configure-gmsa.md index e191de41ef21c..b74c0f46ea350 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-gmsa.md +++ b/content/en/docs/tasks/configure-pod-container/configure-gmsa.md @@ -1,7 +1,7 @@ --- title: Configure GMSA for Windows Pods and containers content_type: task -weight: 20 +weight: 30 --- diff --git a/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md b/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md index 308c078136236..fa70999f893c7 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md +++ b/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md @@ -1,7 +1,7 @@ --- title: Configure Liveness, Readiness and Startup Probes content_type: task -weight: 110 +weight: 140 --- diff --git a/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md b/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md index 11a8dd44b2336..5e4ab927d5b54 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md +++ b/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md @@ -1,7 +1,7 @@ --- title: Configure a Pod to Use a PersistentVolume for Storage content_type: task -weight: 60 +weight: 90 --- diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index 02329f931ca4d..d21c9b49a98af 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -1,7 +1,7 @@ --- title: Configure a Pod to Use a ConfigMap content_type: task -weight: 150 +weight: 190 card: name: tasks weight: 50 diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md b/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md index 97457b55f1115..aa99a152b0aad 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md @@ -1,7 +1,7 @@ --- title: Configure Pod Initialization content_type: task -weight: 130 +weight: 170 --- diff --git a/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md b/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md index fb558931db6fe..a3a7ec10f3c2a 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md +++ b/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md @@ -4,7 +4,7 @@ reviewers: - pmorie title: Configure a Pod to Use a Projected Volume for Storage content_type: task -weight: 70 +weight: 100 --- diff --git a/content/en/docs/tasks/configure-pod-container/configure-runasusername.md b/content/en/docs/tasks/configure-pod-container/configure-runasusername.md index 58028f9c8983a..43f60a7f73c9d 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-runasusername.md +++ b/content/en/docs/tasks/configure-pod-container/configure-runasusername.md @@ -1,7 +1,7 @@ --- title: Configure RunAsUserName for Windows pods and containers content_type: task -weight: 20 +weight: 40 --- diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index 5b783d2dcca01..50d68e4bc0ecc 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -5,7 +5,7 @@ reviewers: - thockin title: Configure Service Accounts for Pods content_type: task -weight: 90 +weight: 120 --- Kubernetes offers two distinct ways for clients that run within your diff --git a/content/en/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/en/docs/tasks/configure-pod-container/configure-volume-storage.md index 1ee34aa225721..d33d221a4e137 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-volume-storage.md +++ b/content/en/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -1,7 +1,7 @@ --- title: Configure a Pod to Use a Volume for Storage content_type: task -weight: 50 +weight: 80 --- diff --git a/content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md b/content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md index 24b8efea5a8cd..4ba0b26fe76bc 100644 --- a/content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md +++ b/content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md @@ -1,7 +1,7 @@ --- title: Create a Windows HostProcess Pod content_type: task -weight: 20 +weight: 50 min-kubernetes-server-version: 1.23 --- diff --git a/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md index 393d546623857..a3c29bcaadf79 100644 --- a/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md +++ b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md @@ -5,6 +5,7 @@ reviewers: - liggitt content_type: task min-kubernetes-server-version: v1.22 +weight: 240 --- As of v1.22, Kubernetes provides a built-in [admission controller](/docs/reference/access-authn-authz/admission-controllers/#podsecurity) diff --git a/content/en/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md b/content/en/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md index 4157d6ba67430..c7f056481b215 100644 --- a/content/en/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md +++ b/content/en/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md @@ -5,6 +5,7 @@ reviewers: - liggitt content_type: task min-kubernetes-server-version: v1.22 +weight: 250 --- Namespaces can be labeled to enforce the [Pod Security Standards](/docs/concepts/security/pod-security-standards). The three policies diff --git a/content/en/docs/tasks/configure-pod-container/extended-resource.md b/content/en/docs/tasks/configure-pod-container/extended-resource.md index 25fa11b0d9f6b..6b9d8446648c6 100644 --- a/content/en/docs/tasks/configure-pod-container/extended-resource.md +++ b/content/en/docs/tasks/configure-pod-container/extended-resource.md @@ -1,7 +1,7 @@ --- title: Assign Extended Resources to a Container content_type: task -weight: 40 +weight: 70 --- diff --git a/content/en/docs/tasks/configure-pod-container/migrate-from-psp.md b/content/en/docs/tasks/configure-pod-container/migrate-from-psp.md index 47f0c21922e31..5c85093c97564 100644 --- a/content/en/docs/tasks/configure-pod-container/migrate-from-psp.md +++ b/content/en/docs/tasks/configure-pod-container/migrate-from-psp.md @@ -5,6 +5,7 @@ reviewers: - liggitt content_type: task min-kubernetes-server-version: v1.22 +weight: 260 --- diff --git a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md index 05193031f45c2..0b21934cfcce1 100644 --- a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md +++ b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md @@ -1,7 +1,6 @@ --- title: Pull an Image from a Private Registry -content_type: task -weight: 100 +weight: 130 --- diff --git a/content/en/docs/tasks/configure-pod-container/quality-service-pod.md b/content/en/docs/tasks/configure-pod-container/quality-service-pod.md index c1a00bcc3d68e..f48413dd6e0bc 100644 --- a/content/en/docs/tasks/configure-pod-container/quality-service-pod.md +++ b/content/en/docs/tasks/configure-pod-container/quality-service-pod.md @@ -1,7 +1,7 @@ --- title: Configure Quality of Service for Pods content_type: task -weight: 30 +weight: 60 --- diff --git a/content/en/docs/tasks/configure-pod-container/security-context.md b/content/en/docs/tasks/configure-pod-container/security-context.md index 7e1a04e9a439e..2059000780650 100644 --- a/content/en/docs/tasks/configure-pod-container/security-context.md +++ b/content/en/docs/tasks/configure-pod-container/security-context.md @@ -5,7 +5,7 @@ reviewers: - thockin title: Configure a Security Context for a Pod or Container content_type: task -weight: 80 +weight: 110 --- diff --git a/content/en/docs/tasks/configure-pod-container/share-process-namespace.md b/content/en/docs/tasks/configure-pod-container/share-process-namespace.md index 773a0b6544fc9..415905f91f752 100644 --- a/content/en/docs/tasks/configure-pod-container/share-process-namespace.md +++ b/content/en/docs/tasks/configure-pod-container/share-process-namespace.md @@ -5,7 +5,7 @@ reviewers: - yujuhong - dchen1107 content_type: task -weight: 160 +weight: 200 --- diff --git a/content/en/docs/tasks/configure-pod-container/static-pod.md b/content/en/docs/tasks/configure-pod-container/static-pod.md index 23191e1ffe688..b1b0d33ec0978 100644 --- a/content/en/docs/tasks/configure-pod-container/static-pod.md +++ b/content/en/docs/tasks/configure-pod-container/static-pod.md @@ -2,7 +2,7 @@ reviewers: - jsafrane title: Create static Pods -weight: 170 +weight: 220 content_type: task --- diff --git a/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md b/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md index 705c6caca4be8..e8700b464232e 100644 --- a/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md +++ b/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md @@ -3,7 +3,7 @@ reviewers: - cdrage title: Translate a Docker Compose File to Kubernetes Resources content_type: task -weight: 200 +weight: 230 --- diff --git a/content/en/docs/tasks/configure-pod-container/user-namespaces.md b/content/en/docs/tasks/configure-pod-container/user-namespaces.md index 332a2752ca362..96e1ff2d01a0b 100644 --- a/content/en/docs/tasks/configure-pod-container/user-namespaces.md +++ b/content/en/docs/tasks/configure-pod-container/user-namespaces.md @@ -2,7 +2,7 @@ title: Use a User Namespace With a Pod reviewers: content_type: task -weight: 160 +weight: 210 min-kubernetes-server-version: v1.25 --- From 6dfa72861850188bec7ec40b5a38d8ac27d88663 Mon Sep 17 00:00:00 2001 From: EuricoAbreu Date: Sat, 14 Jan 2023 19:33:14 -0300 Subject: [PATCH 027/537] Minor fixes --- .../concepts/security/windows-security.md | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/content/pt-br/docs/concepts/security/windows-security.md b/content/pt-br/docs/concepts/security/windows-security.md index 4d6573afb2936..e29706ece70e1 100644 --- a/content/pt-br/docs/concepts/security/windows-security.md +++ b/content/pt-br/docs/concepts/security/windows-security.md @@ -1,6 +1,4 @@ --- -reviewers: - - title: Segurança para Nós Windows content_type: concept weight: 40 @@ -14,25 +12,24 @@ Esta página descreve considerações de segurança e boas práticas específica ## Proteção para dados Secret nos Nós -No Windows, os dados do Secret são escritos em texto claro no Nó local do -armazenamento (em comparação ao uso de tmpfs / in-memory filesystems no Linux). Como um cluster -operador, você deve tomar as duas medidas adicionais a seguir: +No Windows, os dados do Secret são escritos em texto não-encriptado no Nó local do +armazenamento (em comparação ao uso de tmpfs / sistemas de arquivo em memória no Linux). Como um operador do cluster, você deve tomar as duas medidas adicionais a seguir: -1. Use arquivos ACLs para assegurar a localização do arquivo Secrets. -2. Aplicar criptografia à nível de volume usando +1. Use ACLs em arquivos para proteger a localização do arquivo Secrets. +2. Aplicar criptografia a nível de volume usando [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server). ## Usuários dos Contêineres [RunAsUsername](/docs/tasks/configure-pod-container/configure-runasusername) -pode ser especificado para Pods com Windows ou contêiner para executar os processos do contêiner como usuário específico. Isto é aproximadamente equivalente a +pode ser utilizado para Pods com Windows ou contêiner para executar os processos do contêiner como usuário específico. Isto é aproximadamente equivalente a [RunAsUser](/docs/concepts/security/pod-security-policy/#users-and-groups). -Os contêineres Windows oferecem duas contas de usuário padrão, ContainerUser e ContainerAdministrator. As diferenças entre estas duas contas de usuário são cobertas em +Os contêineres Windows oferecem duas contas de usuário padrão, ContainerUser e ContainerAdministrator. As diferenças entre estas duas contas de usuário são descritas em [When to use ContainerAdmin and ContainerUser user accounts](https://docs.microsoft.com/virtualization/windowscontainers/manage-containers/container-security#when-to-use-containeradmin-and-containeruser-user-accounts) dentro da documentação da Microsoft _Secure Windows containers_. -Os usuários locais podem ser adicionados as imagens do contêiner durante o processo de construção do mesmo. +Os usuários locais podem ser adicionados às imagens do contêiner durante o processo de criação do mesmo. {{< note >}} @@ -52,5 +49,5 @@ Mecanismos de contexto de segurança de Pod específicos para Linux (como SELinu Contêineres privilegiados [não são suportados](/docs/concepts/windows/intro/#compatibility-v1-pod-spec-containers-securitycontext) no Windows. -Em vez disso, [HostProcess containers](/docs/tasks/configure-pod-container/create-hostprocess-pod) +Em vez disso, [contêineres HostProcess](/docs/tasks/configure-pod-container/create-hostprocess-pod) podem ser usados no Windows para realizar muitas das tarefas realizadas por contêineres privilegiados no Linux. From e609b6e10e9d546d812ba543087017177dba0112 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Fri, 13 Jan 2023 16:49:09 +0800 Subject: [PATCH 028/537] [zh] sync blog: 2023-01-05-retroactive-default-storage-class --- ...01-05-retroactive-default-storage-class.md | 293 ++++++++++++++++++ 1 file changed, 293 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2023-01-05-retroactive-default-storage-class.md diff --git a/content/zh-cn/blog/_posts/2023-01-05-retroactive-default-storage-class.md b/content/zh-cn/blog/_posts/2023-01-05-retroactive-default-storage-class.md new file mode 100644 index 0000000000000..9162281c74b67 --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-01-05-retroactive-default-storage-class.md @@ -0,0 +1,293 @@ +--- +layout: blog +title: "Kubernetes 1.26:可追溯的默认 StorageClass" +date: 2023-01-05 +slug: retroactive-default-storage-class +--- + + + +**作者:** Roman Bednář (Red Hat) + +**译者:** Michael Yao (DaoCloud) + + +Kubernetes v1.25 引入了一个 Alpha 特性来更改默认 StorageClass 被分配到 PersistentVolumeClaim (PVC) 的方式。 +启用此特性后,你不再需要先创建默认 StorageClass,再创建 PVC 来分配类。 +此外,任何未分配 StorageClass 的 PVC 都可以在后续被更新。此特性在 Kubernetes 1.26 中已进阶至 Beta。 + + +有关如何使用的更多细节,请参阅 Kubernetes +文档[可追溯的默认 StorageClass 赋值](/zh-cn/docs/concepts/storage/persistent-volumes/#retroactive-default-storageclass-assignment), +你还可以阅读了解为什么 Kubernetes 项目做了此项变更。 + + +## 为什么 StorageClass 赋值需要改进 {#why-did-sc-assignment-need-improvements} + +用户可能已经熟悉在创建时将默认 StorageClasses 分配给**新** PVC 的这一类似特性。 +这个目前由[准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass)处理。 + + +但是,如果在创建 PVC 时没有定义默认 StorageClass 会怎样? +那用户最终将得到一个永远不会被赋予存储类的 PVC。结果是没有存储会被制备,而 PVC 有时也会“卡在”这里。 +一般而言,两个主要场景可能导致 PVC “卡住”,并在后续造成更多问题。让我们仔细看看这两个场景。 + + +### 更改默认 StorageClass {#changing-default-storageclass} + +启用这个 Alpha 特性后,管理员想要更改默认 StorageClass 时会有两个选项: + + +1. 在移除与 PVC 关联的旧 StorageClass 之前,创建一个新的 StorageClass 作为默认值。 + 这将导致在短时间内出现两个默认值。此时,如果用户要创建一个 PersistentVolumeClaim, + 并将 storageClassName 设置为 null(指代默认 StorageClass), + 则最新的默认 StorageClass 将被选中并指定给这个 PVC。 + + +2. 先移除旧的默认值再创建一个新的默认 StorageClass。这将导致短时间内没有默认值。 + 接下来如果用户创建一个 PersistentVolumeClaim,并将 storageClassName 设置为 null + (指代默认 StorageClass),则 PVC 将永远处于 Pending 状态。 + 一旦默认 StorageClass 可用,用户就不得不通过删除并重新创建 PVC 来修复这个问题。 + + +### 集群安装期间的资源顺序 {#resource-ordering-during-cluster-installation} + +如果集群安装工具需要创建镜像仓库这种有存储要求的资源,很难进行合适地排序。 +这是因为任何有存储要求的 Pod 都将依赖于默认 StorageClass 的存在与否。 +如果默认 StorageClass 未被定义,Pod 创建将失败。 + + +## 发生了什么变化 {#what-changed} + +我们更改了 PersistentVolume (PV) 控制器,以便将默认 StorageClass 指定给 +storageClassName 设置为 `null` 且未被绑定的所有 PersistentVolumeClaim。 +我们还修改了 API 服务器中的 PersistentVolumeClaim 准入机制,允许将取值从未设置值更改为实际的 StorageClass 名称。 + + +### Null `storageClassName` 与 `storageClassName: ""` - 有什么影响? {#null-vs-empty-string} + +此特性被引入之前,这两种赋值就其行为而言是相同的。storageClassName 设置为 `null` 或 `""` +的所有 PersistentVolumeClaim 都会被绑定到 storageClassName 也设置为 `null` 或 +`""` 的、已有的 PersistentVolume 资源。 + + +启用此新特性时,我们希望保持此行为,但也希望能够更新 StorageClass 名称。 +考虑到这些限制,此特性更改了 `null` 的语义。 +具体而言,如果有一个默认 StorageClass,`null` 将可被理解为 “给我一个默认值”, +而 `""` 表示 “给我 StorageClass 名称也是 `""` 的 PersistentVolume”, +所以行为将保持不变。 + + +综上所述,我们更改了 `null` 的语义,使其行为取决于默认 StorageClass 定义的存在或缺失。 + +下表显示了所有这些情况,更好地描述了 PVC 何时绑定及其 StorageClass 何时被更新。 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    使用默认 StorageClass 时的 PVC 绑定行为
    PVC storageClassName = ""PVC storageClassName = null
    未设置默认存储类PV storageClassName = ""bindsbinds
    PV without storageClassNamebindsbinds
    设置了默认存储类PV storageClassName = ""binds存储类更新
    PV without storageClassNamebinds存储类更新
    + + +## 如何使用 {#how-to-use-it} + +如果你想测试这个 Alpha 特性,你需要在 kube-controller-manager 和 kube-apiserver 中启用相关特性门控。 +你可以使用 `--feature-gates` 命令行参数: + +``` +--feature-gates="...,RetroactiveDefaultStorageClass=true" +``` + + +### 测试演练 {#test-drive} + +如果你想看到此特性发挥作用并验证它在集群中是否正常工作,你可以尝试以下步骤: + + +1. 定义一个基本的 PersistentVolumeClaim: + + ```yaml + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: pvc-1 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + ``` + + +2. 在没有默认 StorageClass 时创建 PersistentVolumeClaim。 + PVC 不会制备或绑定(除非当前已存在一个合适的 PV),PVC 将保持在 `Pending` 状态。 + + ``` + $ kc get pvc + NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE + pvc-1 Pending + ``` + + +3. 将某个 StorageClass 配置为默认值。 + + ``` + $ kc patch sc -p '{"metadata":{"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' + storageclass.storage.k8s.io/my-storageclass patched + ``` + + +4. 确认 PersistentVolumeClaims 现在已被正确制备,并且已使用新的默认 StorageClass 进行了可追溯的更新。 + + ``` + $ kc get pvc + NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE + pvc-1 Bound pvc-06a964ca-f997-4780-8627-b5c3bf5a87d8 1Gi RWO my-storageclass 87m + ``` + + +### 新指标 {#new-metrics} + +为了帮助你了解该特性是否按预期工作,我们还引入了一个新的 `retroactive_storageclass_total` +指标来显示 PV 控制器尝试更新 PersistentVolumeClaim 的次数,以及 +`retroactive_storageclass_errors_total` 来显示这些尝试失败了多少次。 + + +## 欢迎参与 {#getting-involved} + +我们始终欢迎新的贡献者,如果你想参与其中,欢迎加入 +[Kubernetes Storage Special Interest Group(存储特别兴趣小组)](https://github.com/kubernetes/community/tree/master/sig-storage) (SIG)。 + +如果你想分享反馈,可以在我们的[公开 Slack 频道](https://app.slack.com/client/T09NY5SBT/C09QZFCE5)上反馈。 + +特别感谢所有提供精彩评论、分享宝贵见解并帮助实现此特性的贡献者们(按字母顺序排列): + +- Deep Debroy ([ddebroy](https://github.com/ddebroy)) +- Divya Mohan ([divya-mohan0209](https://github.com/divya-mohan0209)) +- Jan Šafránek ([jsafrane](https://github.com/jsafrane/)) +- Joe Betz ([jpbetz](https://github.com/jpbetz)) +- Jordan Liggitt ([liggitt](https://github.com/liggitt)) +- Michelle Au ([msau42](https://github.com/msau42)) +- Seokho Son ([seokho-son](https://github.com/seokho-son)) +- Shannon Kularathna ([shannonxtreme](https://github.com/shannonxtreme)) +- Tim Bannister ([sftim](https://github.com/sftim)) +- Tim Hockin ([thockin](https://github.com/thockin)) +- Wojciech Tyczynski ([wojtek-t](https://github.com/wojtek-t)) +- Xing Yang ([xing-yang](https://github.com/xing-yang)) From 9d5fdac34bd11f8984cb80d6558d35c2c6397351 Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sun, 15 Jan 2023 05:52:31 -0300 Subject: [PATCH 029/537] Changes from code review. --- .../kubeadm/generated/kubeadm_upgrade_apply.md | 11 ++++++++--- .../kubeadm/generated/kubeadm_upgrade_diff.md | 8 ++++---- .../kubeadm/generated/kubeadm_upgrade_node.md | 11 ++++++++--- .../kubeadm/generated/kubeadm_upgrade_plan.md | 6 +++--- .../reference/setup-tools/kubeadm/kubeadm-upgrade.md | 6 +++--- 5 files changed, 26 insertions(+), 16 deletions(-) diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md index 6cb9bbe87aa36..d9de39d4eb5b6 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md @@ -32,7 +32,7 @@ kubeadm upgrade apply [versão] --allow-experimental-upgrades -

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões candidatas alfa/beta/release do Kubernetes.

    +

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões alfa/beta/*release candidate* do Kubernetes.

    @@ -83,7 +83,7 @@ PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true -f, --force -

    Força a atualização, embora alguns requisitos possam não ser atendidos. Isso também implica o modo não interativo.

    +

    Força a atualização, embora alguns requisitos possam não estar sendo atendidos. Isso também implica o modo não interativo.

    @@ -111,7 +111,12 @@ PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true --patches string -

    Caminho para um diretório que contém os arquivos chamados "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou apenas "etcd.json". "target" pode ser um dos "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" pode ser um dos "strategic", "merge" ou "json" e eles correspondem aos formatos de patch suportados pelo kubectl. O padrão "patchtype" é "strategic". "extension" deve ser "json" ou "yaml". "suffix" é uma string opcional que pode ser usada para determinar quais patches alpha-numerically serão aplicados primeiro.

    +

    +Caminho para um diretório contendo arquivos nomeados no padrão "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou somente "etcd.json". +"target" pode ser um dos seguintes valores: "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". +"patchtype" pode ser "strategic", "merge" ou "json" e corresponde aos formatos de patch suportados pelo kubectl. O valor padrão para "patchtype" é "strategic". +"extension" deve ser "json" ou "yaml". "suffix" é uma string opcional utilizada para determinar quais patches são aplicados primeiro em ordem alfanumérica. +

    diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md index 475d78766bbcd..e533129e13b73 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md @@ -32,7 +32,7 @@ kubeadm upgrade diff [versão] [flags] --api-server-manifest string     Padrão: "/etc/kubernetes/manifests/kube-apiserver.yaml" -

    Caminho para o manifesto do servidor API

    +

    Caminho para o manifesto do servidor da API

    @@ -53,14 +53,14 @@ kubeadm upgrade diff [versão] [flags] --controller-manager-manifest string     Padrão: "/etc/kubernetes/manifests/kube-controller-manager.yaml" -

    Caminho para o manifesto do gerenciador

    +

    Caminho para o manifesto do controlador de gerenciadores

    -h, --help -

    Ajuda para o diff

    +

    Ajuda para diff

    @@ -74,7 +74,7 @@ kubeadm upgrade diff [versão] [flags] --scheduler-manifest string     Padrão: "/etc/kubernetes/manifests/kube-scheduler.yaml" -

    Caminho para o manifesto do scheduler

    +

    Caminho para o manifesto do escalonador

    diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md index 03846f98b6cfb..aec5a9b0a09f6 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md @@ -18,7 +18,7 @@ Comando para atualização de um nó no cluster O comando "node" executa as seguintes fases: ``` -preflight Executa as verificações de atualização pre-flight do nó +preflight Executa as verificações de pré-atualização do nó control-plane Atualiza a instância da camada de gerenciamento implantada neste nó, se houver kubelet-config Atualiza a configuração do kubelet para este nó ``` @@ -82,14 +82,19 @@ kubeadm upgrade node [flags] --patches string -

    Caminho para um diretório que contém os arquivos chamados "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou apenas "etcd.json". "target" pode ser um dos "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" pode ser um dos "strategic", "merge" ou "json" e eles correspondem aos formatos de patch suportados pelo kubectl. O padrão "patchtype" é "strategic". "extension" deve ser "json" ou "yaml". "suffix" é uma string opcional que pode ser usada para determinar quais patches alpha-numerically serão aplicados primeiro.

    +

    +Caminho para um diretório contendo arquivos nomeados no padrão "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou somente "etcd.json". +"target" pode ser um dos seguintes valores: "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". +"patchtype" pode ser "strategic", "merge" ou "json" e corresponde aos formatos de patch suportados pelo kubectl. O valor padrão para "patchtype" é "strategic". +"extension" deve ser "json" ou "yaml". "suffix" é uma string opcional utilizada para determinar quais patches são aplicados primeiro em ordem alfanumérica. +

    --skip-phases strings -

    Exibe as fases a serem ignoradas

    +

    Lista de fases a serem ignoradas

    diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md index 5f97c80c79764..57159cb421774 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md @@ -34,7 +34,7 @@ kubeadm upgrade plan [versão] [flags] --allow-experimental-upgrades -

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões candidatas alfa/beta/release do Kubernetes.

    +

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões alfa/beta/*release candidate* do Kubernetes.

    @@ -85,7 +85,7 @@ PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true -o, --output string     Padrão: "text" -

    EXPERIMENTAL: Formato de saída. Um dos: text|json|yaml.

    +

    EXPERIMENTAL: Formato de saída. Opções válidas: text|json|yaml.

    @@ -99,7 +99,7 @@ PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true --show-managed-fields -

    Se verdadeiro, mentém os managedFields ao exibir os objetos no formato JSON ou YAML.

    +

    Se verdadeiro, mantém os managedFields ao exibir os objetos no formato JSON ou YAML.

    diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md b/content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md index b1073fcb2b0ec..fc255dc5d6fd2 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md @@ -4,7 +4,7 @@ content_type: conceito weight: 40 --- -`kubeadm upgrade` é um comando de fácil uso que envolve uma lógica de atualização complexa por trás de um comando, com suporte para planejar e executar de fato uma atualização. +`kubeadm upgrade` é um comando amigável que envolve uma lógica de atualização complexa por trás de um comando, com suporte para planejar e executar de fato uma atualização. @@ -13,7 +13,7 @@ weight: 40 As etapas para realizar uma atualização usando kubeadm estão descritas [neste documento](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/). Para versões mais antigas do kubeadm, consulte os conjuntos de documentação mais antigos do site Kubernetes. -Você pode usar o `kubeadm upgrade diff` para ver as alterações que seriam aplicadas aos manifestos de Pod estático. +Você pode usar `kubeadm upgrade diff` para ver as alterações que seriam aplicadas aos manifestos de Pod estático. No Kubernetes v1.15.0 e posteriores, o `kubeadm upgrade apply` e `kubeadm upgrade node` também renovarão automaticamente os certificados gerenciados pelo kubeadm neste nó, incluindo aqueles armazenados nos arquivos do kubeconfig. É possível optar por não renovar usando a flag `--certificate-renewal=false`. @@ -21,7 +21,7 @@ Para mais detalhes sobre a renovação dos certificados, consulte a [documentaç {{< note >}} Os comandos `kubeadm upgrade apply` e `kubeadm upgrade plan` tem uma flag legada `--config` que possibilita reconfigurar o cluster enquanto realiza o planejamento ou a atualização do nó específico da camada de gerenciamento. -Esteja ciente de que o fluxo de trabalho da atualização não foi projetado para este cenário e existe relatos de resultados inesperados. +Esteja ciente de que o fluxo de trabalho da atualização não foi projetado para este cenário e existem relatos de resultados inesperados. {{}} ## kubeadm upgrade plan {#cmd-upgrade-plan} From 52cb7250db2a2b9b0cfa3b0dd68bfa1d2d2793a3 Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sun, 15 Jan 2023 06:08:48 -0300 Subject: [PATCH 030/537] fix term release candidate --- .../setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md | 2 +- .../setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md index d9de39d4eb5b6..606846387cbaf 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md @@ -32,7 +32,7 @@ kubeadm upgrade apply [versão] --allow-experimental-upgrades -

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões alfa/beta/*release candidate* do Kubernetes.

    +

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões alfa/beta/release candidate do Kubernetes.

    diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md index 57159cb421774..b7e77702db7a9 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md @@ -34,7 +34,7 @@ kubeadm upgrade plan [versão] [flags] --allow-experimental-upgrades -

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões alfa/beta/*release candidate* do Kubernetes.

    +

    Exibe as versões instáveis do Kubernetes como uma alternativa de atualização e permite a atualização para versões alfa/beta/release candidate do Kubernetes.

    From 7caf05d69af3e7cdc9d93ab10db3c550bfabcefb Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 16 Jan 2023 00:30:04 +0200 Subject: [PATCH 031/537] [it] fix deployment apiversion error --- .../docs/concepts/cluster-administration/manage-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/it/docs/concepts/cluster-administration/manage-deployment.md b/content/it/docs/concepts/cluster-administration/manage-deployment.md index 4d687652147d9..f2e6dbb309f27 100644 --- a/content/it/docs/concepts/cluster-administration/manage-deployment.md +++ b/content/it/docs/concepts/cluster-administration/manage-deployment.md @@ -298,7 +298,7 @@ repliche nginx da 3 a 1, fare: ```shell $ kubectl scale deployment/my-nginx --replicas=1 -deployment.extensions/my-nginx scaled +deployment.apps/my-nginx scaled ``` Ora hai solo un pod gestito dalla distribuzione From 2d08c71c18f924df52053b5d3f2affd09ea3ac03 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 16 Jan 2023 12:54:41 +0800 Subject: [PATCH 032/537] [zh] sync blog: 2023-01-02-cross-namespace-data-sources-alpha.md --- ...1-02-cross-namespace-data-sources-alpha.md | 260 ++++++++++++++++++ 1 file changed, 260 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2023-01-02-cross-namespace-data-sources-alpha.md diff --git a/content/zh-cn/blog/_posts/2023-01-02-cross-namespace-data-sources-alpha.md b/content/zh-cn/blog/_posts/2023-01-02-cross-namespace-data-sources-alpha.md new file mode 100644 index 0000000000000..5053e5b5f63aa --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-01-02-cross-namespace-data-sources-alpha.md @@ -0,0 +1,260 @@ +--- +layout: blog +title: "Kubernetes v1.26:对跨名字空间存储数据源的 Alpha 支持" +date: 2023-01-02 +slug: cross-namespace-data-sources-alpha +--- + + + +**作者:** Takafumi Takahashi (Hitachi Vantara) + +**译者:** Michael Yao (DaoCloud) + + +上个月发布的 Kubernetes v1.26 引入了一个 Alpha 特性,允许你在源数据属于不同的名字空间时为 +PersistentVolumeClaim 指定数据源。启用这个新特性后,你在新 PersistentVolumeClaim 的 +`dataSourceRef` 字段中指定名字空间。一旦 Kubernetes 发现访问权限正常,新的 PersistentVolume +就可以从其他名字空间中指定的存储源填充其数据。在 Kubernetes v1.26 之前,如果集群已启用了 +`AnyVolumeDataSource` 特性,你可能已经从**相同的**名字空间中的数据源制备新卷。 +但这仅适用于同一名字空间中的数据源,因此用户无法基于一个名字空间中的数据源使用另一个名字空间中的声明来制备 +PersistentVolume。为了解决这个问题,Kubernetes v1.26 在 PersistentVolumeClaim API 的 +`dataSourceRef` 字段中添加了一个新的 Alpha `namespace` 字段。 + + +## 工作原理 {#how-it-works} + +一旦 csi-provisioner 发现数据源是使用具有非空名字空间名称的 `dataSourceRef` 指定的, +它就会检查由 PersistentVolumeClaim 的 `.spec.dataSourceRef.namespace` +字段指定的名字空间内所授予的所有引用,以便确定可以访问数据源。 +如果有 ReferenceGrant 允许访问,则 csi-provisioner 会基于数据源来制备卷。 + + +## 试用 {#trying-it-out} + +使用跨名字空间卷制备时以下事项是必需的: + +* 为 kube-apiserver 和 kube-controller-manager 启用 `AnyVolumeDataSource` 和 + `CrossNamespaceVolumeDataSource` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/) +* 为特定的 `VolumeSnapShot` 控制器安装 CRD +* 安装 CSI Provisioner 控制器并启用 `CrossNamespaceVolumeDataSource` 特性门控 +* 安装 CSI 驱动程序 +* 为 ReferenceGrants 安装 CRD + + +## 完整演练 {#putting-it-all-together} + +要查看其工作方式,你可以安装样例并进行试用。 +此样例使用 prod 名字空间中的 VolumeSnapshot 在 dev 名字空间中创建 PVC。 +这是一个简单的例子。想要在真实世界中使用,你可能要用更复杂的方法。 + + +### 这个例子的假设 {#example-assumptions} + +* 部署你的 Kubernetes 集群时启用 `AnyVolumeDataSource` 和 `CrossNamespaceVolumeDataSource` 特性门控 +* 有两个名字空间:dev 和 prod +* CSI 驱动程序被部署 +* 在 **prod** 名字空间中存在一个名为 `new-snapshot-demo` 的 VolumeSnapshot +* ReferenceGrant CRD(源于 Gateway API 项目)已被部署 + + +### 为 CSI Provisioner 授予 ReferenceGrants 读取权限 {#grant-referencegrants-read-permission-to-csi-provisioner} + +仅当 CSI 驱动程序具有 `CrossNamespaceVolumeDataSource` 控制器功能时才需要访问 ReferenceGrants。 +对于此示例,外部制备器对于 `referencegrants`(API 组 `gateway.networking.k8s.io`)需要 +**get**、**list** 和 **watch** 权限。 + +```yaml + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["referencegrants"] + verbs: ["get", "list", "watch"] +``` + + +### 为 CSI Provisioner 启用 CrossNamespaceVolumeDataSource 特性门控 {#enable-cnvds-feature-for-csi-provisioner} + +将 `--feature-gates=CrossNamespaceVolumeDataSource=true` 添加到 csi-provisioner 命令行。 +例如,使用此清单片段重新定义容器: + +```yaml + - args: + - -v=5 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --feature-gates=CrossNamespaceVolumeDataSource=true + image: csi-provisioner:latest + imagePullPolicy: IfNotPresent + name: csi-provisioner +``` + + +### 创建 ReferenceGrant {#create-a-referencegrant} + +以下是 ReferenceGrant 示例的清单。 + +```yaml +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: allow-prod-pvc + namespace: prod +spec: + from: + - group: "" + kind: PersistentVolumeClaim + namespace: dev + to: + - group: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: new-snapshot-demo +``` + + +### 通过使用跨名字空间数据源创建 PersistentVolumeClaim {#create-a-pvc-by-using-cross-ns-data-source} + +Kubernetes 在 dev 上创建 PersistentVolumeClaim,CSI 驱动程序从 prod 上的快照填充在 +dev 上使用的 PersistentVolume。 + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: example-pvc + namespace: dev +spec: + storageClassName: example + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + dataSourceRef: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: new-snapshot-demo + namespace: prod + volumeMode: Filesystem +``` + + +## 怎样了解更多 {#how-can-i-learn-more} + +增强提案 +[Provision volumes from cross-namespace snapshots](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/3294-provision-volumes-from-cross-namespace-snapshots) +包含了此特性的历史和技术实现的大量细节。 + +若想参与,请加入 +[Kubernetes 存储特别兴趣小组 (SIG)](https://github.com/kubernetes/community/tree/master/sig-storage) +帮助我们增强此特性。SIG 内有许多好点子,我们很高兴能有更多! + + +## 致谢 {#acknowledgments} + +制作出色的软件需要优秀的团队。 +特别感谢以下人员对 CrossNamespaceVolumeDataSouce 特性的深刻见解、周密考量和宝贵贡献: + +* Michelle Au (msau42) +* Xing Yang (xing-yang) +* Masaki Kimura (mkimuram) +* Tim Hockin (thockin) +* Ben Swartzlander (bswartz) +* Rob Scott (robscott) +* John Griffith (j-griffith) +* Michael Henriksen (mhenriks) +* Mustafa Elbehery (Elbehery) + + +很高兴与大家一起工作。 From 88fe83a1176adcb101404339641afe93390fe47b Mon Sep 17 00:00:00 2001 From: Bishal Das <70086051+bishal7679@users.noreply.github.com> Date: Tue, 17 Jan 2023 10:45:50 +0530 Subject: [PATCH 033/537] Update content/hi/docs/reference/glossary/docker.md Co-authored-by: divya-mohan0209 --- content/hi/docs/reference/glossary/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md index fa2f223cc4848..94c97a275d19d 100644 --- a/content/hi/docs/reference/glossary/docker.md +++ b/content/hi/docs/reference/glossary/docker.md @@ -1,5 +1,5 @@ --- -title: डोकर (Docker) +title: डॉकर (Docker) id: docker date: 2018-04-12 full_link: https://docs.docker.com/engine/ From 684a3135ecce6e8edbee1ac6ee10392fcc84c877 Mon Sep 17 00:00:00 2001 From: Bishal Das <70086051+bishal7679@users.noreply.github.com> Date: Tue, 17 Jan 2023 10:46:24 +0530 Subject: [PATCH 034/537] Update content/hi/docs/reference/glossary/docker.md Co-authored-by: divya-mohan0209 --- content/hi/docs/reference/glossary/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md index 94c97a275d19d..142778af90745 100644 --- a/content/hi/docs/reference/glossary/docker.md +++ b/content/hi/docs/reference/glossary/docker.md @@ -4,7 +4,7 @@ id: docker date: 2018-04-12 full_link: https://docs.docker.com/engine/ short_description: > - डोकर एक सॉफ्टवेयर टैकनोलजी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे कंटेनर भी कहा जाता है। + डॉकर एक सॉफ्टवेयर टैकनोलजी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे कंटेनर भी कहा जाता है। aka: tags: From 77c0dd90f58cd27786c127eacff6e11c18149e16 Mon Sep 17 00:00:00 2001 From: Bishal Das <70086051+bishal7679@users.noreply.github.com> Date: Tue, 17 Jan 2023 10:46:32 +0530 Subject: [PATCH 035/537] Update content/hi/docs/reference/glossary/docker.md Co-authored-by: divya-mohan0209 --- content/hi/docs/reference/glossary/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md index 142778af90745..5ad71e5175ea4 100644 --- a/content/hi/docs/reference/glossary/docker.md +++ b/content/hi/docs/reference/glossary/docker.md @@ -11,7 +11,7 @@ tags: - fundamental --- -डोकर (विशेष रूप से, डोकर इंजन) एक सॉफ्टवेयर टैकनोलजी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे {{< glossary_tooltip text="कंटेनर" term_id="container" >}} भी कहा जाता है। +डॉकर (विशेष रूप से, डॉकर इंजन) एक सॉफ्टवेयर टैकनोलजी है जो ऑपरेटिंग-सिस्टम-स्तरीय वर्चुअलाइजेशन प्रदान करता है जिसे {{< glossary_tooltip text="कंटेनर" term_id="container" >}} भी कहा जाता है। From 4897065c0854d90450fb5e48f6233313f2075f22 Mon Sep 17 00:00:00 2001 From: Bishal Das <70086051+bishal7679@users.noreply.github.com> Date: Tue, 17 Jan 2023 11:08:49 +0530 Subject: [PATCH 036/537] Update content/hi/docs/reference/glossary/docker.md Co-authored-by: divya-mohan0209 --- content/hi/docs/reference/glossary/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/reference/glossary/docker.md b/content/hi/docs/reference/glossary/docker.md index 5ad71e5175ea4..e354f6364cf80 100644 --- a/content/hi/docs/reference/glossary/docker.md +++ b/content/hi/docs/reference/glossary/docker.md @@ -15,4 +15,4 @@ tags: -डॉकर लिनक्स कर्नेल के संसाधन अलगाव सुविधाओं का उपयोग करता है जैसे कि cgroups और कर्नेल नेमस्पेस, और एक संघ-सक्षम फ़ाइल सिस्टम जैसे कि OverlayFS और अन्य स्वतंत्र कंटेनरों को एक लिनक्स इंस्टेंस के भीतर चलाने की अनुमति देता है| इससे वर्चुअल मशीन (वीएम) को शुरू करने और बनाए रखने के ओवरहेड से बच सकते हैं| +डॉकर लिनक्स कर्नेल के संसाधन अलगाव सुविधाओं का उपयोग करता है, जैसे कि cgroups और कर्नेल नेमस्पेस, और एक संघ-सक्षम फ़ाइल सिस्टम जैसे कि OverlayFS और अन्य स्वतंत्र कंटेनरों को एक लिनक्स इंस्टेंस के भीतर चलाने की अनुमति देता है| इससे वर्चुअल मशीन (वीएम) को शुरू करने और बनाए रखने के ओवरहेड से बच सकते हैं| From c4b70832ddb664c33b244731a2ee3945e0238ae9 Mon Sep 17 00:00:00 2001 From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com> Date: Tue, 17 Jan 2023 09:14:01 -0500 Subject: [PATCH 037/537] Include index files --- content/en/docs/tasks/debug/_index.md | 2 +- content/en/docs/tasks/extend-kubernetes/_index.md | 2 +- content/en/docs/tasks/inject-data-application/_index.md | 2 +- content/en/docs/tasks/job/_index.md | 2 +- content/en/docs/tasks/manage-kubernetes-objects/_index.md | 2 +- content/en/docs/tasks/network/_index.md | 2 +- content/en/docs/tasks/run-application/_index.md | 2 +- content/en/docs/tasks/tls/_index.md | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/content/en/docs/tasks/debug/_index.md b/content/en/docs/tasks/debug/_index.md index 0d990ec949dfd..d0064c978a6fe 100644 --- a/content/en/docs/tasks/debug/_index.md +++ b/content/en/docs/tasks/debug/_index.md @@ -1,7 +1,7 @@ --- title: "Monitoring, Logging, and Debugging" description: Set up monitoring and logging to troubleshoot a cluster, or debug a containerized application. -weight: 20 +weight: 40 reviewers: - brendandburns - davidopp diff --git a/content/en/docs/tasks/extend-kubernetes/_index.md b/content/en/docs/tasks/extend-kubernetes/_index.md index 7109fddde0ed2..af99c7af02440 100644 --- a/content/en/docs/tasks/extend-kubernetes/_index.md +++ b/content/en/docs/tasks/extend-kubernetes/_index.md @@ -1,6 +1,6 @@ --- title: "Extend Kubernetes" description: Understand advanced ways to adapt your Kubernetes cluster to the needs of your work environment. -weight: 90 +weight: 110 --- diff --git a/content/en/docs/tasks/inject-data-application/_index.md b/content/en/docs/tasks/inject-data-application/_index.md index af98de866d5f2..de88bfaebad7e 100644 --- a/content/en/docs/tasks/inject-data-application/_index.md +++ b/content/en/docs/tasks/inject-data-application/_index.md @@ -1,6 +1,6 @@ --- title: "Inject Data Into Applications" description: Specify configuration and other data for the Pods that run your workload. -weight: 30 +weight: 70 --- diff --git a/content/en/docs/tasks/job/_index.md b/content/en/docs/tasks/job/_index.md index 9e41e241c135f..a556c963dd71d 100644 --- a/content/en/docs/tasks/job/_index.md +++ b/content/en/docs/tasks/job/_index.md @@ -1,6 +1,6 @@ --- title: "Run Jobs" description: Run Jobs using parallel processing. -weight: 50 +weight: 90 --- diff --git a/content/en/docs/tasks/manage-kubernetes-objects/_index.md b/content/en/docs/tasks/manage-kubernetes-objects/_index.md index 541ca58c0c734..85f77c2b3f600 100644 --- a/content/en/docs/tasks/manage-kubernetes-objects/_index.md +++ b/content/en/docs/tasks/manage-kubernetes-objects/_index.md @@ -1,5 +1,5 @@ --- title: "Manage Kubernetes Objects" description: Declarative and imperative paradigms for interacting with the Kubernetes API. -weight: 25 +weight: 50 --- \ No newline at end of file diff --git a/content/en/docs/tasks/network/_index.md b/content/en/docs/tasks/network/_index.md index 0dad8191a0b1e..c935c17a5a433 100644 --- a/content/en/docs/tasks/network/_index.md +++ b/content/en/docs/tasks/network/_index.md @@ -1,6 +1,6 @@ --- title: "Networking" description: Learn how to configure networking for your cluster. -weight: 160 +weight: 140 --- diff --git a/content/en/docs/tasks/run-application/_index.md b/content/en/docs/tasks/run-application/_index.md index 920df4098cf81..0fec791cde57d 100644 --- a/content/en/docs/tasks/run-application/_index.md +++ b/content/en/docs/tasks/run-application/_index.md @@ -1,6 +1,6 @@ --- title: "Run Applications" description: Run and manage both stateless and stateful applications. -weight: 40 +weight: 80 --- diff --git a/content/en/docs/tasks/tls/_index.md b/content/en/docs/tasks/tls/_index.md index 6fb6923847839..e654ae0a7b3af 100644 --- a/content/en/docs/tasks/tls/_index.md +++ b/content/en/docs/tasks/tls/_index.md @@ -1,6 +1,6 @@ --- title: "TLS" -weight: 100 +weight: 120 description: Understand how to protect traffic within your cluster using Transport Layer Security (TLS). --- From 30dc5522a1f34cfb144f4d7398aa3714b6957629 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Tue, 17 Jan 2023 15:33:05 -0300 Subject: [PATCH 038/537] Add content/pt-br/docs/tasks/acess-application-cluster/communicate-containers.md --- ...icate-containers-same-pod-shared-volume.md | 139 ++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md diff --git a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md new file mode 100644 index 0000000000000..ea85606a0152f --- /dev/null +++ b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md @@ -0,0 +1,139 @@ +--- +title: Communicate Between Containers in the Same Pod Using a Shared Volume +content_type: task +weight: 110 +--- + + + +Esta página mostra como usar um Volume para se comunicar entre dois Containers rodando +no mesmo pod. Veja também como permitir que os processos se comuniquem por +[compartilhamento do processo de namespace](/docs/tasks/configure-pod-container/share-process-namespace/) +entre os containers. + +## {{% heading "prerequisites" %}} + +{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} + + + +## Criando um pod que executa dois contêineres + +Neste exercício, você cria um pod que executa dois contêineres. Os dois recipientes +compartilham um Volume que eles podem usar para se comunicar. Aqui está o arquivo de configuração +para a cápsula: + +{{< codenew file="pods/two-container-pod.yaml" >}} + +No arquivo de configuração, você pode ver que o Pod tem um Volume chamado +`dados compartilhados`. + +O primeiro contêiner listado no arquivo de configuração executa um servidor nginx. o +o caminho de montagem para o volume compartilhado é `/usr/share/nginx/html`. +O segundo contêiner é baseado na imagem debian e tem um caminho de montagem de +`/pod-data`. O segundo contêiner executa o seguinte comando e é encerrado. + + echo Hello from the debian container > /pod-data/index.html + +Observe que o segundo contêiner grava o arquivo `index.html` na raiz +diretório do servidor nginx. + +Crie o Pod e os dois Containers: + + kubectl apply -f https://k8s.io/examples/pods/two-container-pod.yaml + +Veja informações sobre o Pod e os Containers: + + kubectl get pod two-containers --output=yaml + +Aqui está uma parte da saída: + + apiVersion: v1 + kind: Pod + metadata: + ... + name: two-containers + namespace: default + ... + spec: + ... + containerStatuses: + + - containerID: docker://c1d8abd1 ... + image: debian + ... + lastState: + terminated: + ... + name: debian-container + ... + + - containerID: docker://96c1ff2c5bb ... + image: nginx + ... + name: nginx-container + ... + state: + running: + ... + +Você pode ver que o contêiner debian foi encerrado e o contêiner nginx ainda está em execução. + +Obtenha um shell para o contêiner nginx: + + kubectl exec -it two-containers -c nginx-container -- /bin/bash + +Em seu shell, verifique se o nginx está em execução: + + root@two-containers:/# apt-get update + root@two-containers:/# apt-get install curl procps + root@two-containers:/# ps aux + +A saída é semelhante a esta: + + USER PID ... STAT START TIME COMMAND + root 1 ... Ss 21:12 0:00 nginx: master process nginx -g daemon off; + +Lembre-se de que o contêiner debian criou o arquivo `index.html` no diretório raiz do nginx. +Use `curl` para enviar uma solicitação GET para o servidor nginx: + +``` +root@two-containers:/# curl localhost +``` + +A saída mostra que o nginx atende a uma página da web escrita pelo contêiner debian: + +``` +Hello from the debian container +``` + + + +## Discussão + +O principal motivo pelo qual os pods podem ter vários contêineres é oferecer suporte a +aplicativos auxiliares que auxiliam um aplicativo principal. +Exemplos típicos de aplicativos auxiliares são extratores de dados, pushers de dados e proxies. +Aplicativos auxiliares e primários geralmente precisam se comunicar uns com os outros. +Normalmente, isso é feito por meio de um sistema de arquivos compartilhado, conforme mostrado neste exercício, +ou por meio da interface de rede de loopback, localhost. +Um exemplo desse padrão é um servidor web junto com um programa auxiliar que consulta um repositório Git para novas atualizações. + +O volume neste exercício fornece uma maneira dos contêineres se comunicarem durante +a vida útil do pod. Se o pod for excluído e recriado, todos os dados armazenados no volume compartilhado serão perdidos. + +## {{% heading "whatsnext" %}} + + +* Saiba mais sobre [padrões para recipientes compostos](/blog/2015/06/the-distributed-system-toolkit-patterns/). + +* Saiba sobre [containers compostos para arquitetura modular](https://www.slideshare.net/Docker/slideshare-burns). + +* Veja [Configurando um pod para usar um volume para armazenamento](/docs/tasks/configure-pod-container/configure-volume-storage/). + +* Veja [Configurar um pod para compartilhar namespace de processo entre contêineres em um pod](/docs/tasks/configure-pod-container/share-process-namespace/) + +* Veja [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core). + +* Veja [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core). + From 59e571b608645088affe8b27f77490f46ab18b2d Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Tue, 17 Jan 2023 15:51:46 -0300 Subject: [PATCH 039/537] Add content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md --- .../communicate-containers-same-pod-shared-volume.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md index ea85606a0152f..d8a93d0bd9377 100644 --- a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md +++ b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md @@ -135,5 +135,4 @@ a vida útil do pod. Se o pod for excluído e recriado, todos os dados armazenad * Veja [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core). -* Veja [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core). - +* Veja [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core). \ No newline at end of file From b7c08f30544a07da7bb6227d2510329419e1b9d0 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Tue, 17 Jan 2023 15:56:02 -0300 Subject: [PATCH 040/537] Update content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md --- .../communicate-containers-same-pod-shared-volume.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md index ea85606a0152f..d8a93d0bd9377 100644 --- a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md +++ b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md @@ -135,5 +135,4 @@ a vida útil do pod. Se o pod for excluído e recriado, todos os dados armazenad * Veja [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core). -* Veja [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core). - +* Veja [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core). \ No newline at end of file From 18b85cb10fb8a43d0c573bb9111824d813f4db31 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Wed, 18 Jan 2023 16:23:18 -0300 Subject: [PATCH 041/537] Update content/pt-br/examples/pods/two-container-pod.yaml --- ...icate-containers-same-pod-shared-volume.md | 2 +- .../examples/pods/two-container-pod.yaml | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 content/pt-br/examples/pods/two-container-pod.yaml diff --git a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md index d8a93d0bd9377..19598f6422b2c 100644 --- a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md +++ b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md @@ -1,5 +1,5 @@ --- -title: Communicate Between Containers in the Same Pod Using a Shared Volume +title: Comunicação entre contêineres no mesmo pod usando um volume compartilhado content_type: task weight: 110 --- diff --git a/content/pt-br/examples/pods/two-container-pod.yaml b/content/pt-br/examples/pods/two-container-pod.yaml new file mode 100644 index 0000000000000..031ada7112b4c --- /dev/null +++ b/content/pt-br/examples/pods/two-container-pod.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Pod +metadata: + name: two-containers +spec: + + restartPolicy: Never + + volumes: + - name: shared-data + emptyDir: {} + + containers: + + - name: nginx-container + image: nginx + volumeMounts: + - name: shared-data + mountPath: /usr/share/nginx/html + + - name: debian-container + image: debian + volumeMounts: + - name: shared-data + mountPath: /pod-data + command: ["/bin/sh"] + args: ["-c", "echo Hello from the debian container > /pod-data/index.html"] From ab954ffebaa1d69fab38a3acf056982caee3e21d Mon Sep 17 00:00:00 2001 From: ashwin Date: Fri, 20 Jan 2023 18:40:41 +0530 Subject: [PATCH 042/537] Sorted the order for entries in data/i18n/en/en.toml --- data/i18n/en/en.toml | 156 ++++++++++++++++++++++--------------------- 1 file changed, 79 insertions(+), 77 deletions(-) diff --git a/data/i18n/en/en.toml b/data/i18n/en/en.toml index 465d94877ed7f..3e438b35000c1 100644 --- a/data/i18n/en/en.toml +++ b/data/i18n/en/en.toml @@ -148,23 +148,23 @@ other = "Latest Release:" [latest_version] other = "latest version." -[layouts_blog_pager_prev] -other = "<< Prev" - [layouts_blog_pager_next] other = "Next >>" +[layouts_blog_pager_prev] +other = "<< Prev" + [layouts_case_studies_list_tell] other = "Tell your story" [layouts_docs_glossary_aka] other = "Also known as" -[layouts_docs_glossary_description] -other = "This glossary is intended to be a comprehensive, standardized list of Kubernetes terminology. It includes technical terms that are specific to Kubernetes, as well as more general terms that provide useful context." +[layout_docs_glossary_architecture_description] +other = "The inner components of Kubernetes." -[layouts_docs_glossary_deselect_all] -other = "Deselect all" +[layout_docs_glossary_architecture_name] +other = "Architecture" [layouts_docs_glossary_click_details_after] other = "indicators below to get a longer explanation for any particular term." @@ -172,12 +172,84 @@ other = "indicators below to get a longer explanation for any particular term." [layouts_docs_glossary_click_details_before] other = "Click on the" +[layout_docs_glossary_community_description] +other = "Related to Kubernetes open-source development." + +[layout_docs_glossary_community_name] +other = "Community" + +[layout_docs_glossary_core-object_description] +other = "A resource type that Kubernetes supports by default." + +[layout_docs_glossary_core-object_name] +other = "Core Object" + +[layouts_docs_glossary_description] +other = "This glossary is intended to be a comprehensive, standardized list of Kubernetes terminology. It includes technical terms that are specific to Kubernetes, as well as more general terms that provide useful context." + +[layouts_docs_glossary_deselect_all] +other = "Deselect all" + +[layout_docs_glossary_extension_description] +other = "Supported customizations of Kubernetes." + +[layout_docs_glossary_extension_name] +other = "Extension" + [layouts_docs_glossary_filter] other = "Filter terms according to their tags" +[layout_docs_glossary_fundamental_description] +other = "Relevant for a first-time user of Kubernetes." + +[layout_docs_glossary_fundamental_name] +other = "Fundamental" + +[layout_docs_glossary_networking_description] +other = "How Kubernetes components talk to each other (and to programs outside the cluster)." + +[layout_docs_glossary_networking_name] +other = "Networking" + +[layout_docs_glossary_operation_description] +other = "Starting and maintaining Kubernetes." + +[layout_docs_glossary_operation_name] +other = "Operation" + +[layout_docs_glossary_security_description] +other = "Keeping Kubernetes applications safe and secure." + +[layout_docs_glossary_security_name] +other = "Security" + [layouts_docs_glossary_select_all] other = "Select all" +[layout_docs_glossary_storage_description] +other = "How Kubernetes applications handle persistent data." + +[layout_docs_glossary_storage_name] +other = "Storage" + +[layout_docs_glossary_tool_description] +other = "Software that makes Kubernetes easier or better to use." + +[layout_docs_glossary_tool_name] +other = "Tool" + +[layout_docs_glossary_user-type_description] +other = "Represents a common type of Kubernetes user." + +[layout_docs_glossary_user-type_name] +other = "User Type" + +[layout_docs_glossary_workload_description] +other = "Applications running on Kubernetes." + +[layout_docs_glossary_workload_name] +other = "Workload" + [layouts_docs_partials_feedback_improvement] other = "suggest an improvement" @@ -367,74 +439,4 @@ other = "Warning:" [whatsnext_heading] other = "What's next" -[layout_docs_glossary_architecture_name] -other = "Architecture" - -[layout_docs_glossary_architecture_description] -other = "The inner components of Kubernetes." - -[layout_docs_glossary_community_name] -other = "Community" - -[layout_docs_glossary_community_description] -other = "Related to Kubernetes open-source development." - -[layout_docs_glossary_core-object_name] -other = "Core Object" - -[layout_docs_glossary_core-object_description] -other = "A resource type that Kubernetes supports by default." - -[layout_docs_glossary_extension_name] -other = "Extension" - -[layout_docs_glossary_extension_description] -other = "Supported customizations of Kubernetes." - -[layout_docs_glossary_fundamental_name] -other = "Fundamental" - -[layout_docs_glossary_fundamental_description] -other = "Relevant for a first-time user of Kubernetes." - -[layout_docs_glossary_networking_name] -other = "Networking" - -[layout_docs_glossary_networking_description] -other = "How Kubernetes components talk to each other (and to programs outside the cluster)." - -[layout_docs_glossary_operation_name] -other = "Operation" - -[layout_docs_glossary_operation_description] -other = "Starting and maintaining Kubernetes." - -[layout_docs_glossary_security_name] -other = "Security" - -[layout_docs_glossary_security_description] -other = "Keeping Kubernetes applications safe and secure." - -[layout_docs_glossary_storage_name] -other = "Storage" -[layout_docs_glossary_storage_description] -other = "How Kubernetes applications handle persistent data." - -[layout_docs_glossary_tool_name] -other = "Tool" - -[layout_docs_glossary_tool_description] -other = "Software that makes Kubernetes easier or better to use." - -[layout_docs_glossary_user-type_name] -other = "User Type" - -[layout_docs_glossary_user-type_description] -other = "Represents a common type of Kubernetes user." - -[layout_docs_glossary_workload_name] -other = "Workload" - -[layout_docs_glossary_workload_description] -other = "Applications running on Kubernetes." From 37866ea7c9f4d7f4dd0607734d22843e0388cd7a Mon Sep 17 00:00:00 2001 From: Mauren Berti Date: Sat, 21 Jan 2023 17:26:32 -0500 Subject: [PATCH 043/537] Changes from review. --- content/en/docs/contribute/localization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/contribute/localization.md b/content/en/docs/contribute/localization.md index f90fe8c873d21..2832e72900c8a 100644 --- a/content/en/docs/contribute/localization.md +++ b/content/en/docs/contribute/localization.md @@ -93,7 +93,7 @@ to find your localization's two-letter language code. For example, the two-letter code for Korean is `ko`. If the language you are starting a localization for is spoken in various places -with significative differences between the variants, it might make sense to +with significant differences between the variants, it might make sense to combine the lowercased ISO-3166 country code with the language two-letter code. For example, Brazilian Portuguese is localized as `pt-br`. From 2d4569ebca1b43a73678093184b3e8d3e8971d9a Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sun, 22 Jan 2023 11:04:25 -0300 Subject: [PATCH 044/537] Changes from code review. --- .../setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md | 7 ++----- .../setup-tools/kubeadm/generated/kubeadm_upgrade_node.md | 5 +---- .../setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md | 2 +- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md index 606846387cbaf..81b1601e98a85 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md @@ -75,7 +75,7 @@ kubeadm upgrade apply [versão]

    Um conjunto de pares chave=valor que descreve feature gates para várias funcionalidades. As opções são:
    -PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true|false (ALPHA - padrão=false)
    UnversionedKubeletConfigMap=true|false (padrão=true) +PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true|false (ALPHA - padrão=false)

    @@ -112,10 +112,7 @@ PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true

    -Caminho para um diretório contendo arquivos nomeados no padrão "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou somente "etcd.json". -"target" pode ser um dos seguintes valores: "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". -"patchtype" pode ser "strategic", "merge" ou "json" e corresponde aos formatos de patch suportados pelo kubectl. O valor padrão para "patchtype" é "strategic". -"extension" deve ser "json" ou "yaml". "suffix" é uma string opcional utilizada para determinar quais patches são aplicados primeiro em ordem alfanumérica. +Caminho para um diretório contendo arquivos nomeados no padrão "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou somente "etcd.json". "target" pode ser um dos seguintes valores: "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" pode ser "strategic", "merge" ou "json" e corresponde aos formatos de patch suportados pelo kubectl. O valor padrão para "patchtype" é "strategic". "extension" deve ser "json" ou "yaml". "suffix" é uma string opcional utilizada para determinar quais patches são aplicados primeiro em ordem alfanumérica.

    diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md index aec5a9b0a09f6..c38fa732c8fbd 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md @@ -83,10 +83,7 @@ kubeadm upgrade node [flags]

    -Caminho para um diretório contendo arquivos nomeados no padrão "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou somente "etcd.json". -"target" pode ser um dos seguintes valores: "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". -"patchtype" pode ser "strategic", "merge" ou "json" e corresponde aos formatos de patch suportados pelo kubectl. O valor padrão para "patchtype" é "strategic". -"extension" deve ser "json" ou "yaml". "suffix" é uma string opcional utilizada para determinar quais patches são aplicados primeiro em ordem alfanumérica. +Caminho para um diretório contendo arquivos nomeados no padrão "target[suffix][+patchtype].extension". Por exemplo, "kube-apiserver0+merge.yaml" ou somente "etcd.json". "target" pode ser um dos seguintes valores: "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" pode ser "strategic", "merge" ou "json" e corresponde aos formatos de patch suportados pelo kubectl. O valor padrão para "patchtype" é "strategic". "extension" deve ser "json" ou "yaml". "suffix" é uma string opcional utilizada para determinar quais patches são aplicados primeiro em ordem alfanumérica.

    diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md index b7e77702db7a9..68e84df686c8f 100644 --- a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md @@ -56,7 +56,7 @@ kubeadm upgrade plan [versão] [flags]

    Um conjunto de pares chave=valor que descreve feature gates para várias funcionalidades. As opções são:
    -PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true|false (ALPHA - padrão=false)
    UnversionedKubeletConfigMap=true|false (padrão=true) +PublicKeysECDSA=true|false (ALPHA - padrão=false)
    RootlessControlPlane=true|false (ALPHA - padrão=false)

    From 1dc2a5f4578942dabb9394d3ecccfa9965658899 Mon Sep 17 00:00:00 2001 From: Asaf Malin <116791938+Asaf-Malin@users.noreply.github.com> Date: Thu, 26 Jan 2023 21:11:51 +0200 Subject: [PATCH 045/537] Update cheatsheet.md --- content/en/docs/reference/kubectl/cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/kubectl/cheatsheet.md b/content/en/docs/reference/kubectl/cheatsheet.md index 0e3e3f285d54e..0f5e6921ede92 100644 --- a/content/en/docs/reference/kubectl/cheatsheet.md +++ b/content/en/docs/reference/kubectl/cheatsheet.md @@ -41,7 +41,7 @@ echo '[[ $commands[kubectl] ]] && source <(kubectl completion zsh)' >> ~/.zshrc ``` ### A note on `--all-namespaces` -Appending `--all-namespaces` happens frequently enough where you should be aware of the shorthand for `--all-namespaces`: +Appending `--all-namespaces` happens frequently enough that you should be aware of the shorthand for `--all-namespaces`: ```kubectl -A``` From a8c561986be32f54697bc742e177e7838d334cfe Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sat, 28 Jan 2023 13:08:09 -0300 Subject: [PATCH 046/537] [pt-br] Add pt-br/docs/tasks/tools/install-kubectl-linux --- .../included/kubectl-convert-overview.md | 14 + .../tools/included/kubectl-whats-next.md | 15 + .../optional-kubectl-configs-bash-linux.md | 61 ++++ .../included/optional-kubectl-configs-fish.md | 23 ++ .../included/optional-kubectl-configs-zsh.md | 28 ++ .../tasks/tools/included/verify-kubectl.md | 33 +++ .../docs/tasks/tools/install-kubectl-linux.md | 260 ++++++++++++++++++ 7 files changed, 434 insertions(+) create mode 100644 content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md create mode 100644 content/pt-br/docs/tasks/tools/included/kubectl-whats-next.md create mode 100644 content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md create mode 100644 content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md create mode 100644 content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md create mode 100644 content/pt-br/docs/tasks/tools/included/verify-kubectl.md create mode 100644 content/pt-br/docs/tasks/tools/install-kubectl-linux.md diff --git a/content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md b/content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md new file mode 100644 index 0000000000000..3920c64f31b45 --- /dev/null +++ b/content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md @@ -0,0 +1,14 @@ +--- +title: "Visão geral do kubectl-convert" +description: >- + Um plugin `kubectl` que permite converter manifestos entre diferentes versões da API. +headless: true +_build: + list: never + render: never + publishResources: false +--- + +Um plugin para a ferramenta Kubernetes de linha de comando `kubectl`, que permite converter manifestos entre diferentes versões da API. +Isso pode ser particularmente útil para migrar manifestos para uma versão não obsoleta com a versão mais recente da API Kubernetes. +Para mais informações, visite [Migrar para APIs não obsoletas](/docs/reference/using-api/deprecation-guide/#migrate-to-non-deprecated-apis) diff --git a/content/pt-br/docs/tasks/tools/included/kubectl-whats-next.md b/content/pt-br/docs/tasks/tools/included/kubectl-whats-next.md new file mode 100644 index 0000000000000..1707d9812ff96 --- /dev/null +++ b/content/pt-br/docs/tasks/tools/included/kubectl-whats-next.md @@ -0,0 +1,15 @@ +--- +title: "Próximos passos" +description: "Próximos passos depois de instalar o kubectl." +headless: true +_build: + list: never + render: never + publishResources: false +--- + +* [Instale o Minikube](https://minikube.sigs.k8s.io/docs/start/) +* Veja os [guias de introdução](/pt-br/docs/setup/) para saber mais sobre a criação de clusters. +* [Saiba como iniciar e publicar sua aplicação.](/docs/tasks/access-application-cluster/service-access-application-cluster/) +* Se você precisar de acesso a um cluster que não criou, consulte [Compartilhamento de Acesso ao Cluster](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) +* Leia os [documentos de referência kubectl](/docs/reference/kubectl/kubectl/) diff --git a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md new file mode 100644 index 0000000000000..9f56cf51cf43b --- /dev/null +++ b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md @@ -0,0 +1,61 @@ +--- +title: "autocompletar do bash no Linux" +description: "Algumas configurações opcionais para o autocompletar do bash no Linux." +headless: true +_build: + list: never + render: never + publishResources: false +--- + +### Introdução + +O script de autocompletar do kubectl para Bash pode ser gerado com o comando `kubectl completion bash`. O script permite habilitar o kubectl autocompletar no seu shell. + +No entanto, o script autocompletar depende do [**bash-completion**](https://github.com/scop/bash-completion), o que significa que você precisa instalar este software primeiro (executando `type _init_completion` você pode testar se tem o bash-completion instalado). + +### Instale bash-completion + +O bash-completion é fornecido por muitos gerenciadores de pacotes (veja [aqui](https://github.com/scop/bash-completion#installation)). Você pode instalar com `apt-get install bash-completion` ou `yum install bash-completion`, etc. + +Os comandos acima criam `/usr/share/bash-completion/bash_completion`, que é o script principal de bash-completion. Dependendo do seu gerenciador de pacotes, você tem que adicionar manualmente ao seu arquivo `~/.bashrc`. + +Para descobrir, recarregue seu shell e execute `type _init_completion`. Se o comando for bem-sucedido, já está definido, caso contrário, adicione o seguinte ao seu arquivo `~/.bashrc`: + +```bash +source /usr/share/bash-completion/bash_completion +``` + +Recarregue o seu shell e verifique se o bash-completion está instalado corretamente digitando `type _init_completion`. + +### Ative o kubectl autocompletar + +#### Bash + +Agora você precisa garantir que o kubectl autocompletar esteja ativo em todas as suas sessões shell. Existem duas maneiras pelas quais você pode fazer isso: + +{{< tabs name="kubectl_bash_autocompletion" >}} +{{< tab name="User" codelang="bash" >}} +echo 'source <(kubectl completion bash)' >>~/.bashrc +{{< /tab >}} +{{< tab name="System" codelang="bash" >}} +kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null +{{< /tab >}} +{{< /tabs >}} + +Se você tiver um alias para kubectl, você pode estender o autocompletar do shell para trabalhar com esse alias: + +```bash +echo 'alias k=kubectl' >>~/.bashrc +echo 'complete -o default -F __start_kubectl k' >>~/.bashrc +``` + +{{< note >}} +bash-completion fornece todos os scripts de autocompletar em `/etc/bash_completion.d`. +{{< /note >}} + +Todas as abordagens são equivalentes. Depois de recarregar seu shell, o kubectl autocompletar deve estar funcionando. Para ativar o autocompletar do bash na sessão atual do shell, execute `exec bash`: + +```bash +exec bash +``` diff --git a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md new file mode 100644 index 0000000000000..56d50a8108883 --- /dev/null +++ b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md @@ -0,0 +1,23 @@ +--- +title: "Autocompletar do fish" +description: "Configurações opcionais para ativar o autocompletar no shell fish." +headless: true +_build: + list: never + render: never + publishResources: false +--- + +{{< note >}} +O autocompletar para Fish requer kubectl 1.23 ou posterior. +{{< /note >}} + +O script de autocompletar do kubectl para Fish pode ser gerado com o comando `kubectl completion fish`. O script permite habilitar o kubectl autocompletar no seu shell. + +Para fazer isso em todas as suas sessões do shell, adicione a seguinte linha ao seu arquivo `~/.config/fish/config.fish`: + +```shell +kubectl completion fish | source +``` + +Depois de recarregar seu shell, o kubectl autocompletar deve estar funcionando. diff --git a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md new file mode 100644 index 0000000000000..caa0e485c5096 --- /dev/null +++ b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md @@ -0,0 +1,28 @@ +--- +title: "Autocompletar zsh" +description: "Configurações opcionais para ativar o autocompletar no shell zsh." +headless: true +_build: + list: never + render: never + publishResources: false +--- + +O script de autocompletar do kubectl para Zsh pode ser gerado com o comando `kubectl completion zsh`. Este script habilita o kubectl autocompletar no seu shell. + +Para fazer isso em todas as suas sessões de shell, adicione a seguinte linha no arquivo ~/.zshrc: + +```zsh +source <(kubectl completion zsh) +``` + +Se você tiver um alias para kubectl, o autocompletar funcionará automaticamente com ele. + +Depois de recarregar seu shell, o kubectl autocompletar deve estar funcionando. + +Se você receber um erro como `2: command not found: compdef`, adicione o seguinte bloco ao início do seu arquivo `~/.zshrc`: + +```zsh +autoload -Uz compinit +compinit +``` diff --git a/content/pt-br/docs/tasks/tools/included/verify-kubectl.md b/content/pt-br/docs/tasks/tools/included/verify-kubectl.md new file mode 100644 index 0000000000000..b9d4ec99c58db --- /dev/null +++ b/content/pt-br/docs/tasks/tools/included/verify-kubectl.md @@ -0,0 +1,33 @@ +--- +title: "Verifique a instalação do kubectl" +description: "Como verificar a instalação do kubectl." +headless: true +_build: + list: never + render: never + publishResources: false +--- + +Para que o kubectl encontre e acesse um cluster Kubernetes, ele precisa de um [arquivo kubeconfig](/pt-br//docs/concepts/configuration/organize-cluster-access-kubeconfig/), que é criado automaticamente quando você cria um cluster usando [kube-up.sh](https://github.com/kubernetes/kubernetes/blob/master/cluster/kube-up.sh) ou instala com sucesso um cluster Minikube. Por padrão, a configuração kubectl está localizada em `~/.kube/config`. + +Verifique se o kubectl está configurado corretamente obtendo o estado do cluster: + +```shell +kubectl cluster-info +``` + +Se você receber uma URL de resposta, o kubectl está configurado corretamente para acessar seu cluster. + +Se você receber uma mensagem semelhante à seguinte, o kubectl não está configurado corretamente ou não consegue se conectar a um cluster Kubernetes. + +``` +The connection to the server was refused - did you specify the right host or port? +``` + +Por exemplo, se você pretende executar um cluster Kubernetes no seu laptop (localmente), precisará que uma ferramenta como o Minikube seja instalada primeiro, para em seguida executar novamente os comandos indicados acima. + +Se o kubectl cluster-info retornar a URL de resposta, mas você não conseguir acessar seu cluster, para verificar se ele está configurado corretamente, use: + +```shell +kubectl cluster-info dump +``` diff --git a/content/pt-br/docs/tasks/tools/install-kubectl-linux.md b/content/pt-br/docs/tasks/tools/install-kubectl-linux.md new file mode 100644 index 0000000000000..19538ac4febf5 --- /dev/null +++ b/content/pt-br/docs/tasks/tools/install-kubectl-linux.md @@ -0,0 +1,260 @@ +--- +title: Instale e configure o kubectl no Linux +content_type: task +weight: 10 +card: + name: tasks + weight: 20 + title: Install kubectl on Linux +--- + +## {{% heading "prerequisites" %}} + +Você deve usar uma versão kubectl que esteja próxima da versão do seu cluster. Por exemplo, um cliente v1.26 pode se comunicar com as versões v1.25, v1.26 e v1.27 da camada de gerenciamento. Usar a versão compatível mais recente do kubectl ajuda a evitar problemas inesperados. + +## Instale o kubectl no Linux + +Existem os seguintes métodos para instalar o kubectl no Linux: + +- [Instale o binário kubectl no Linux usando o curl](#instale-o-binário-kubectl-no-linux-usando-o-curl) +- [Instale usando o gerenciador de pacotes nativo](#instale-usando-o-gerenciador-de-pacotes-nativo) +- [Instale usando outro gerenciador de pacotes](#instale-usando-outro-gerenciador-de-pacotes) + + +### Instale o binário kubectl no Linux usando o curl + +1. Faça download da versão mais recente com o comando: + + ```bash + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + ``` + + {{< note >}} +Para fazer o download de uma versão específica, substitua a parte `$(curl -L -s https://dl.k8s.io/release/stable.txt)` do comando pela versão específica. + +Por exemplo, para fazer download da versão {{< param "fullversion" >}} no Linux, digite: + + ```bash + curl -LO https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/linux/amd64/kubectl + ``` + {{< /note >}} + +1. Valide o binário (opcional) + + Faça download do arquivo checksum de verificação do kubectl: + + ```bash + curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" + ``` + + Valide o binário kubectl em relação ao arquivo de verificação: + + ```bash + echo "$(cat kubectl.sha256) kubectl" | sha256sum --check + ``` + + Se válido, a saída será: + + ```console + kubectl: OK + ``` + + Se a verificação falhar, o `sha256` exibirá o status diferente de zero e a saída será semelhante a: + + ```bash + kubectl: FAILED + sha256sum: WARNING: 1 computed checksum did NOT match + ``` + + {{< note >}} + Faça download da mesma versão do binário e do arquivo de verificação. + {{< /note >}} + +1. Instale o kubectl + + ```bash + sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl + ``` + + {{< note >}} + Se você não tiver acesso root no sistema de destino, ainda poderá instalar o kubectl no diretório `~/.local/bin`: + + ```bash + chmod +x kubectl + mkdir -p ~/.local/bin + mv ./kubectl ~/.local/bin/kubectl + # e depois adicione ~/.local/bin na variável $PATH + ``` + + {{< /note >}} + +1. Teste para garantir que a versão que você instalou esteja atualizada: + + ```bash + kubectl version --client + ``` + + Ou use isso para visualizar mais detalhes da versão: + + ```cmd + kubectl version --client --output=yaml + ``` + +### Instale usando o gerenciador de pacotes nativo + +{{< tabs name="kubectl_install" >}} +{{% tab name="Distribuições baseadas no Debian" %}} + +1. Atualize o índice do `apt` e instale os pacotes necessários para utilizar o repositório `apt` do Kubernetes: + + ```shell + sudo apt-get update + sudo apt-get install -y ca-certificates curl + ``` + + Se você usa o Debian 9 (stretch) ou anterior, também precisará instalar o `apt-transport-https`: + ```shell + sudo apt-get install -y apt-transport-https + ``` + +2. Faça download da chave de assinatura pública do Google Cloud: + + ```shell + sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg + ``` + +3. Adicione o repositório `apt` do Kubernetes: + + ```shell + echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + ``` + +4. Atualize o índice do `apt` com o novo repositório e instale o kubectl: + + ```shell + sudo apt-get update + sudo apt-get install -y kubectl + ``` +{{< note >}} +Em versões anteriores ao Debian 12 e Ubuntu 22.04, o `/etc/apt/keyrings` não existe por padrão. +Você pode criar este diretório se precisar, tornando-o visível para todos, mas com permissão de escrita apenas aos administradores. +{{< /note >}} + +{{% /tab %}} + +{{% tab name="Distribuições baseadas no Red Hat" %}} +```bash +cat <}} + +### Instale usando outro gerenciador de pacotes + +{{< tabs name="other_kubectl_install" >}} +{{% tab name="Snap" %}} +Se você estiver no Ubuntu ou em outra distribuição Linux que suporte o gerenciador de pacotes [snap](https://snapcraft.io/docs/core/install), o kubectl está disponível como um aplicativo [snap](https://snapcraft.io/). + +```shell +snap install kubectl --classic +kubectl version --client +``` + +{{% /tab %}} + +{{% tab name="Homebrew" %}} +Se você estiver no Linux e usando o gerenciador de pacotes [Homebrew](https://docs.brew.sh/Homebrew-on-Linux), o kubectl está disponível para [instalação](https://docs.brew.sh/Homebrew-on-Linux#install). + +```shell +brew install kubectl +kubectl version --client +``` + +{{% /tab %}} + +{{< /tabs >}} + +## Verifique a configuração kubectl + +{{< include "included/verify-kubectl.md" >}} + +## Configurações e plugins opcionais do kubectl +### Ative o autocompletar no shell + +O kubectl oferece recursos de autocompletar para Bash, Zsh, Fish e PowerShell, o que pode economizar muita digitação. + +Abaixo estão os procedimentos para configurar o autocompletar para Bash, Fish e Zsh. + +{{< tabs name="kubectl_autocompletion" >}} +{{< tab name="Bash" include="included/optional-kubectl-configs-bash-linux.md" />}} +{{< tab name="Fish" include="included/optional-kubectl-configs-fish.md" />}} +{{< tab name="Zsh" include="included/optional-kubectl-configs-zsh.md" />}} +{{< /tabs >}} + +### Instale o plugin `kubectl convert` + +{{< include "included/kubectl-convert-overview.md" >}} + +1. Faça download da versão mais recente com o comando: + + ```bash + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert" + ``` + +1. Valide o binário (opcional) + + Faça download do arquivo checksum de verificação do kubectl-convert: + + ```bash + curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert.sha256" + ``` + + Valide o binário kubectl-convert com o arquivo de verificação: + + ```bash + echo "$(cat kubectl-convert.sha256) kubectl-convert" | sha256sum --check + ``` + + Se válido, a saída será: + + ```console + kubectl-convert: OK + ``` + + Se a verificação falhar, o `sha256` exibirá o status diferente de zero e a saída será semelhante a: + + ```bash + kubectl-convert: FAILED + sha256sum: WARNING: 1 computed checksum did NOT match + ``` + + {{< note >}} + Faça download da mesma versão do binário e do arquivo de verificação. + {{< /note >}} + +1. Instale o kubectl-convert + + ```bash + sudo install -o root -g root -m 0755 kubectl-convert /usr/local/bin/kubectl-convert + ``` + +1. Verifique se o plugin foi instalado com sucesso + + ```shell + kubectl convert --help + ``` + + Se não for exibido um erro, isso significa que o plugin foi instalado com sucesso. + +## {{% heading "whatsnext" %}} + +{{< include "included/kubectl-whats-next.md" >}} From 9a727efab86b1779b8d90fd67e68f4d92926e1c1 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Sun, 29 Jan 2023 19:44:57 +0800 Subject: [PATCH 047/537] Remove redirect entries for docs/admin/... pages --- .../concepts/storage/persistent-volumes.md | 2 +- .../kubelet-tls-bootstrapping.md | 2 +- content/en/docs/reference/glossary/kubeadm.md | 2 +- static/_redirects | 67 ------------------- 4 files changed, 3 insertions(+), 70 deletions(-) diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 2ae3d42964d2e..e42091f11dec3 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -59,7 +59,7 @@ needs to enable the `DefaultStorageClass` [admission controller](/docs/reference on the API server. This can be done, for example, by ensuring that `DefaultStorageClass` is among the comma-delimited, ordered list of values for the `--enable-admission-plugins` flag of the API server component. For more information on API server command-line flags, -check [kube-apiserver](/docs/admin/kube-apiserver/) documentation. +check [kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/) documentation. ### Binding diff --git a/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md b/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md index 31ab932589918..c1b33647407c1 100644 --- a/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md +++ b/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md @@ -307,7 +307,7 @@ roleRef: ``` The `csrapproving` controller that ships as part of -[kube-controller-manager](/docs/admin/kube-controller-manager/) and is enabled +[kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/) and is enabled by default. The controller uses the [`SubjectAccessReview` API](/docs/reference/access-authn-authz/authorization/#checking-api-access) to determine if a given user is authorized to request a CSR, then approves based on diff --git a/content/en/docs/reference/glossary/kubeadm.md b/content/en/docs/reference/glossary/kubeadm.md index 74cc0d1f6aaeb..e1e7e0a831020 100644 --- a/content/en/docs/reference/glossary/kubeadm.md +++ b/content/en/docs/reference/glossary/kubeadm.md @@ -2,7 +2,7 @@ title: Kubeadm id: kubeadm date: 2018-04-12 -full_link: /docs/admin/kubeadm/ +full_link: /docs/reference/setup-tools/kubeadm/ short_description: > A tool for quickly installing Kubernetes and setting up a secure cluster. diff --git a/static/_redirects b/static/_redirects index ba55969fc1337..3b7fe31bbb38c 100644 --- a/static/_redirects +++ b/static/_redirects @@ -23,50 +23,6 @@ /zh-cn/docs/ /zh-cn/docs/home/ 301! /blog/2018/03/kubernetes-1.10-stabilizing-storage-security-networking/ /blog/2018/03/26/kubernetes-1.10-stabilizing-storage-security-networking/ 301! /blog/2020/08/25/kubernetes-release-1.19-accentuate-the-paw-sitive/ /blog/2020/08/26/kubernetes-release-1.19-accentuate-the-paw-sitive/ 301! -/docs/admin/ /docs/concepts/cluster-administration/ 301 -/docs/admin/add-ons/ /docs/concepts/cluster-administration/addons/ 301 -/docs/admin/addons/ /docs/concepts/cluster-administration/addons/ 301 -/docs/admin/apparmor/ /docs/tutorials/clusters/apparmor/ 301 -/docs/admin/audit/ /docs/tasks/debug/debug-cluster/audit/ 301 -/docs/admin/authorization/rbac.md /docs/admin/authorization/rbac/ 301 -/docs/admin/cluster-components/ /docs/concepts/overview/components/ 301 -/docs/admin/cluster-management/ /docs/tasks/administer-cluster/ 302 -/id/docs/admin/cluster-management/ /id/docs/tasks/administer-cluster/ 302 -/docs/admin/cluster-troubleshooting/ /docs/tasks/debug/debug-cluster/ 301 -/docs/admin/daemons/ /docs/concepts/workloads/controllers/daemonset/ 301 -/docs/admin/disruptions/ /docs/concepts/workloads/pods/disruptions/ 301 -/docs/admin/dns/ /docs/concepts/services-networking/dns-pod-service/ 301 -/docs/admin/etcd/ /docs/tasks/administer-cluster/configure-upgrade-etcd/ 301 -/docs/admin/etcd_upgrade/ /docs/tasks/administer-cluster/configure-upgrade-etcd/ 301 -/docs/admin/extensible-admission-controllers.md /docs/reference/access-authn-authz/extensible-admission-controllers/ 301 -/docs/admin/garbage-collection/ /docs/concepts/cluster-administration/kubelet-garbage-collection/ 301 -/docs/admin/ha-master-gce/ /docs/setup/production-environment/#production-control-plane 301 -/docs/admin/ha-master-gce.md/ /docs/setup/production-environment/#production-control-plane 301 -/docs/admin/high-availability/ /docs/setup/production-environment/tools/kubeadm/high-availability/ 301 -/docs/admin/kubelet-authentication-authorization/ /docs/reference/access-authn-authz/kubelet-authn-authz/ 301 -/docs/admin/kubelet-tls-bootstrapping/ /docs/reference/access-authn-authz/kubelet-tls-bootstrapping/ 301 -/docs/admin/limitrange/ /docs/tasks/administer-cluster/cpu-memory-limit/ 301 -/docs/admin/limitrange/Limits/ /docs/tasks/administer-cluster/limit-storage-consumption/#limitrange-to-limit-requests-for-storage/ 301 -/docs/admin/master-node-communication/ /docs/concepts/architecture/master-node-communication/ 301 -/docs/admin/multiple-schedulers/ /docs/tasks/administer-cluster/configure-multiple-schedulers/ 301 -/docs/admin/namespaces/ /docs/tasks/administer-cluster/namespaces/ 301 -/docs/admin/namespaces/walkthrough/ /docs/tasks/administer-cluster/namespaces-walkthrough/ 301 -/docs/admin/network-plugins/ /docs/concepts/cluster-administration/network-plugins/ 301 -/docs/admin/networking/ /docs/concepts/cluster-administration/networking/ 301 -/docs/admin/node/ /docs/concepts/architecture/nodes/ 301 -/docs/admin/node-allocatable/ /docs/tasks/administer-cluster/reserve-compute-resources/ 301 -/docs/admin/node-allocatable.md /docs/tasks/administer-cluster/reserve-compute-resources/ 301 -/docs/admin/node-conformance.md /docs/admin/node-conformance/ 301 -/docs/admin/node-conformance/ /docs/setup/best-practices/node-conformance/ 301 -/docs/admin/node-problem/ /docs/tasks/debug/debug-cluster/monitor-node-health/ 301 -/docs/admin/out-of-resource/ /docs/concepts/scheduling-eviction/node-pressure-eviction/ 301 -/docs/admin/rescheduler/ /docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ 301 -/docs/admin/resourcequota/* /docs/concepts/policy/resource-quotas/ 301 -/docs/admin/resourcequota/limitstorageconsumption/ /docs/tasks/administer-cluster/limit-storage-consumption/ 301 -/docs/admin/resourcequota/walkthrough/ /docs/tasks/administer-cluster/quota-api-object/ 301 -/docs/admin/static-pods/ /docs/tasks/administer-cluster/static-pod/ 301 -/docs/admin/sysctls/ /docs/tasks/administer-cluster/sysctl-cluster/ 301 -/docs/admin/resource-quota/ /docs/concepts/policy/resource-quotas/ 301 /docs/api/ /docs/concepts/overview/kubernetes-api/ 301 @@ -501,41 +457,18 @@ /serviceaccount/token/ /docs/tasks/configure-pod-container/configure-service-account/ 301 /third_party/swagger-ui/* /docs/reference/ 301 -/docs/admin/cloud-controller-manager/ /docs/reference/generated/cloud-controller-manager/ 301 -/docs/admin/kube-apiserver/ /docs/reference/generated/kube-apiserver/ 301 -/docs/admin/kube-controller-manager/ /docs/reference/generated/kube-controller-manager/ 301 -/docs/admin/kube-proxy/ /docs/reference/generated/kube-proxy/ 301 -/docs/admin/kube-scheduler/ /docs/reference/generated/kube-scheduler/ 301 -/docs/admin/kubeadm/ /docs/reference/generated/kubeadm/ 301 -/docs/admin/kubelet/ /docs/reference/generated/kubelet/ 301 - /docs/reference/generated/kubeadm/ /docs/reference/setup-tools/kubeadm/ 301 /docs/reference/setup-tools/kubeadm/kubeadm/ /docs/reference/setup-tools/kubeadm/ 301 /editdocs/ /docs/contribute/ 301 /docs/home/editdocs/ /docs/contribute/ 301 -/docs/admin/accessing-the-api/ /docs/concepts/overview/kubernetes-api/ 301 -/docs/admin/admission-controllers/ /docs/reference/access-authn-authz/admission-controllers/ 301 -/docs/admin/authentication/ /docs/reference/access-authn-authz/authentication/ 301 -/docs/admin/bootstrap-tokens/ /docs/reference/access-authn-authz/bootstrap-tokens/ 301 - -/docs/admin/extensible-admission-controllers/ /docs/reference/access-authn-authz/extensible-admission-controllers/ 301 -/docs/admin/service-accounts-admin/ /docs/reference/access-authn-authz/service-accounts-admin/ 301 -/docs/admin/authorization/abac/ /docs/reference/access-authn-authz/abac/ 301 -/docs/admin/authorization/node/ /docs/reference/access-authn-authz/node/ 301 -/docs/admin/authorization/rbac/ /docs/reference/access-authn-authz/rbac/ 301 -/docs/admin/authorization/webhook/ /docs/reference/access-authn-authz/webhook/ 301 -/docs/admin/authorization/ /docs/reference/access-authn-authz/authorization/ 301 -/docs/admin/high-availability/building/ /docs/setup/production-environment/tools/kubeadm/high-availability/ 301 - /code-of-conduct/ /community/code-of-conduct/ 301 /values/ /community/values/ 302 /dockershim /blog/2022/02/17/dockershim-faq/ 302 /dockershim/ /blog/2022/02/17/dockershim-faq/ 302 - /docs/setup/release/notes/ /releases/notes/ 302 /docs/setup/release/ /releases/ 301 /docs/setup/version-skew-policy/ /releases/version-skew-policy/ 301 From 87c38562e23b109270109e6f89130c000d1aade6 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Mon, 30 Jan 2023 14:01:00 -0300 Subject: [PATCH 048/537] Update content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md --- ...icate-containers-same-pod-shared-volume.md | 48 +++++++++---------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md index 19598f6422b2c..705a84afa7a39 100644 --- a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md +++ b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md @@ -6,10 +6,10 @@ weight: 110 -Esta página mostra como usar um Volume para se comunicar entre dois Containers rodando -no mesmo pod. Veja também como permitir que os processos se comuniquem por -[compartilhamento do processo de namespace](/docs/tasks/configure-pod-container/share-process-namespace/) -entre os containers. +Esta página mostra como usar um Volume para realizar a comunicação entre dois contêineres rodando +no mesmo Pod. Veja também como permitir que processos se comuniquem por +[compartilhamento de namespace do processo](/docs/tasks/configure-pod-container/share-process-namespace/) +entre os contêineres. ## {{% heading "prerequisites" %}} @@ -19,30 +19,29 @@ entre os containers. ## Criando um pod que executa dois contêineres -Neste exercício, você cria um pod que executa dois contêineres. Os dois recipientes -compartilham um Volume que eles podem usar para se comunicar. Aqui está o arquivo de configuração -para a cápsula: +Neste exercício, você cria um Pod que executa dois contêineres. Os dois contêineres +compartilham um volume que eles podem usar para se comunicar. Aqui está o arquivo de configuração +para o Pod: {{< codenew file="pods/two-container-pod.yaml" >}} -No arquivo de configuração, você pode ver que o Pod tem um Volume chamado +No arquivo de configuração, você pode ver que o Pod tem um shared-data chamado `dados compartilhados`. -O primeiro contêiner listado no arquivo de configuração executa um servidor nginx. o -o caminho de montagem para o volume compartilhado é `/usr/share/nginx/html`. -O segundo contêiner é baseado na imagem debian e tem um caminho de montagem de +O primeiro contêiner listado no arquivo de configuração executa um servidor nginx. +O caminho de montagem para o volume compartilhado é `/usr/share/nginx/html`. +O segundo contêiner é baseado na imagem debian e tem um caminho de montagem `/pod-data`. O segundo contêiner executa o seguinte comando e é encerrado. echo Hello from the debian container > /pod-data/index.html -Observe que o segundo contêiner grava o arquivo `index.html` na raiz -diretório do servidor nginx. +Observe que o segundo contêiner grava o arquivo `index.html` no diretório raiz do servidor nginx. -Crie o Pod e os dois Containers: +Crie o Pod e os dois contêineres: kubectl apply -f https://k8s.io/examples/pods/two-container-pod.yaml -Veja informações sobre o Pod e os Containers: +Veja as informações sobre o Pod e os contêineres: kubectl get pod two-containers --output=yaml @@ -83,7 +82,7 @@ Obtenha um shell para o contêiner nginx: kubectl exec -it two-containers -c nginx-container -- /bin/bash -Em seu shell, verifique se o nginx está em execução: +Em seu shell, verifique que o nginx está em execução: root@two-containers:/# apt-get update root@two-containers:/# apt-get install curl procps @@ -101,7 +100,7 @@ Use `curl` para enviar uma solicitação GET para o servidor nginx: root@two-containers:/# curl localhost ``` -A saída mostra que o nginx atende a uma página da web escrita pelo contêiner debian: +A saída mostra que o nginx responde com uma página da web escrita pelo contêiner debian: ``` Hello from the debian container @@ -111,27 +110,26 @@ Hello from the debian container ## Discussão -O principal motivo pelo qual os pods podem ter vários contêineres é oferecer suporte a -aplicativos auxiliares que auxiliam um aplicativo principal. -Exemplos típicos de aplicativos auxiliares são extratores de dados, pushers de dados e proxies. +O principal motivo pelo qual os pods podem ter vários contêineres é oferecer suporte a aplicações extras que apoiam uma aplicação principal. +Exemplos típicos de aplicativos auxiliares são extratores de dados, aplicações para envio de dados e proxies. Aplicativos auxiliares e primários geralmente precisam se comunicar uns com os outros. Normalmente, isso é feito por meio de um sistema de arquivos compartilhado, conforme mostrado neste exercício, ou por meio da interface de rede de loopback, localhost. Um exemplo desse padrão é um servidor web junto com um programa auxiliar que consulta um repositório Git para novas atualizações. O volume neste exercício fornece uma maneira dos contêineres se comunicarem durante -a vida útil do pod. Se o pod for excluído e recriado, todos os dados armazenados no volume compartilhado serão perdidos. +a vida útil do Pod. Se o Pod for excluído e recriado, todos os dados armazenados no volume compartilhado serão perdidos. ## {{% heading "whatsnext" %}} -* Saiba mais sobre [padrões para recipientes compostos](/blog/2015/06/the-distributed-system-toolkit-patterns/). +* Saiba mais sobre [padrões para contêineres compostos](/blog/2015/06/the-distributed-system-toolkit-patterns/). -* Saiba sobre [containers compostos para arquitetura modular](https://www.slideshare.net/Docker/slideshare-burns). +* Saiba sobre [contêineres compostos para arquitetura modular](https://www.slideshare.net/Docker/slideshare-burns). -* Veja [Configurando um pod para usar um volume para armazenamento](/docs/tasks/configure-pod-container/configure-volume-storage/). +* Veja [Configurando um Pod para usar um volume para armazenamento](/docs/tasks/configure-pod-container/configure-volume-storage/). -* Veja [Configurar um pod para compartilhar namespace de processo entre contêineres em um pod](/docs/tasks/configure-pod-container/share-process-namespace/) +* Veja [Configurar um Pod para compartilhar namespace de processo entre contêineres em um Pod](/docs/tasks/configure-pod-container/share-process-namespace/) * Veja [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core). From 4442de1ce79bdc91f5b02f260c157d3a884ca088 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Carlos=20Ferra=20de=20Almeida?= Date: Mon, 30 Jan 2023 17:24:06 +0000 Subject: [PATCH 049/537] Grammar fix replace contrainer to container in security-context.md --- .../en/docs/tasks/configure-pod-container/security-context.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/configure-pod-container/security-context.md b/content/en/docs/tasks/configure-pod-container/security-context.md index 7e1a04e9a439e..0fc2bfa4631b2 100644 --- a/content/en/docs/tasks/configure-pod-container/security-context.md +++ b/content/en/docs/tasks/configure-pod-container/security-context.md @@ -442,7 +442,7 @@ To assign SELinux labels, the SELinux security module must be loaded on the host {{< feature-state for_k8s_version="v1.25" state="alpha" >}} -By default, the contrainer runtime recursively assigns SELinux label to all +By default, the container runtime recursively assigns SELinux label to all files on all Pod volumes. To speed up this process, Kubernetes can change the SELinux label of a volume instantly by using a mount option `-o context=

    150+ माइक्रोसर्विसेज को कुबेरन

    -     अक्टूबर 11-15, 2021 को KubeCon North America में भाग लें + अप्रैल 18-21, 2023 KubeCon + CloudNativeCon Europe में भाग लें


    -
    - मई 17-20, 2022 को KubeCon Europe में भाग लें + 6-9 नवंबर, 2023 को KubeCon + CloudNativeCon North America में भाग लें
    From 33c430b09313ee387ec70f98f700d7a4d2b02386 Mon Sep 17 00:00:00 2001 From: Aayush Sharma Date: Thu, 2 Feb 2023 19:03:27 +0530 Subject: [PATCH 054/537] Kubecon 2023 dates updated --- content/hi/_index.html | 1 + 1 file changed, 1 insertion(+) diff --git a/content/hi/_index.html b/content/hi/_index.html index 77bdcabb4798f..2009559be3bab 100644 --- a/content/hi/_index.html +++ b/content/hi/_index.html @@ -47,6 +47,7 @@

    150+ माइक्रोसर्विसेज को कुबेरन


    +
    6-9 नवंबर, 2023 को KubeCon + CloudNativeCon North America में भाग लें

    From 9daccce6a9a00335d5b0dc90eb2ff1b5b900d1b6 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Thu, 2 Feb 2023 18:10:30 -0300 Subject: [PATCH 055/537] Update content/pt-br/docs/reference/issues-security/issues.md --- content/pt-br/docs/reference/issues-security/issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/reference/issues-security/issues.md b/content/pt-br/docs/reference/issues-security/issues.md index 319ca3a586c8e..706a69f5fd0c8 100644 --- a/content/pt-br/docs/reference/issues-security/issues.md +++ b/content/pt-br/docs/reference/issues-security/issues.md @@ -1,7 +1,7 @@ --- title: Rastreador de Issue Kubernetes weight: 10 -aliases: [/cve/,/cves/] +aliases: [/pt-br/cve/,/pt-br/cves/] --- Para reportar um problema de segurança, siga [processo de divulgação de issues do Kubernetes](/docs/reference/issues-security/security/#report-a-vulnerability). From cbe8d90c2bf6ea04cd722edfc0332eb1cd1258b6 Mon Sep 17 00:00:00 2001 From: sp-yduck Date: Fri, 3 Feb 2023 20:33:35 +0900 Subject: [PATCH 056/537] fix url link to cloud-controller-manager/main.go --- .../administer-cluster/developing-cloud-controller-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md b/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md index 36e28ea4554e7..d4f5a4e9fb8bd 100644 --- a/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md +++ b/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md @@ -22,7 +22,7 @@ Kubernetesプロジェクトは、(クラウドプロバイダーの)独自実 Kubernetesには登録されていない独自のクラウドプロバイダーのクラウドコントローラーマネージャーを構築するには、 1. [cloudprovider.Interface](https://github.com/kubernetes/cloud-provider/blob/master/cloud.go)を満たす go パッケージを実装します。 -2. Kubernetesのコアにある[cloud-controller-managerの`main.go`](https://github.com/kubernetes/kubernetes/blob/master/cmd/cloud-controller-manager/controller-manager.go)をあなたの`main.go`のテンプレートとして利用します。上で述べたように、唯一の違いはインポートされるクラウドパッケージのみです。 +2. Kubernetesのコアにある[cloud-controller-managerの`main.go`](https://github.com/kubernetes/kubernetes/blob/master/cmd/cloud-controller-manager/main.go)をあなたの`main.go`のテンプレートとして利用します。上で述べたように、唯一の違いはインポートされるクラウドパッケージのみです。 3. クラウドパッケージを `main.go` にインポートし、パッケージに [`cloudprovider.RegisterCloudProvider`](https://github.com/kubernetes/cloud-provider/blob/master/plugins.go) を実行するための `init` ブロックがあることを確認します。 多くのクラウドプロバイダーはオープンソースとしてコントローラーマネージャーのコードを公開しています。新たにcloud-controller-managerをスクラッチから開発する際には、既存のKubernetesには登録されていない独自クラウドプロバイダーのコントローラーマネージャーを開始地点とすることができます。 From 8e1a175dc5b808344afdc80cf452760760327d04 Mon Sep 17 00:00:00 2001 From: Maciej Filocha Date: Fri, 13 Jan 2023 09:20:50 +0100 Subject: [PATCH 057/537] Synchronize Polish localization for ver 1.22, part 7 Synchronize Polish localization with upstream up to f612b11003f4103ae88813f0f881f5d335f40e01. Part 7 --- content/pl/docs/concepts/overview/_index.md | 169 +++++++++++++++++- .../concepts/overview/what-is-kubernetes.md | 92 ---------- 2 files changed, 165 insertions(+), 96 deletions(-) delete mode 100644 content/pl/docs/concepts/overview/what-is-kubernetes.md diff --git a/content/pl/docs/concepts/overview/_index.md b/content/pl/docs/concepts/overview/_index.md index 1c0ee2815d544..3dd5486b2dd9f 100644 --- a/content/pl/docs/concepts/overview/_index.md +++ b/content/pl/docs/concepts/overview/_index.md @@ -1,7 +1,168 @@ --- -title: "Przegląd" weight: 20 -description: Ogólny zarys Kubernetesa i komponentów, z których jest zbudowany. -sitemap: - priority: 0.9 +description: > + Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach. Umożliwia ich deklaratywną konfigurację i automatyzację. Kubernetes posiada duży i dynamicznie rozwijający się ekosystem. Szeroko dostępne są usługi, wsparcie i dodatkowe narzędzia. +content_type: concept +weight: 20 +card: + name: concepts + weight: 10 +no_list: true --- + + +Na tej stronie znajdziesz ogólne informacje o Kubernetesie. + + + + +Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach, +która umożliwia deklaratywną konfigurację i automatyzację. Ekosystem Kubernetesa jest duży i dynamicznie się rozwija. +Usługi dla Kubernetesa, wsparcie i narzędzia są szeroko dostępne. + +Nazwa Kubernetes pochodzi z języka greckiego i oznacza sternika albo pilota. +Skrót K8s powstał poprzez zastąpienie ośmiu liter pomiędzy "K" i "s". +Google otworzyło projekt Kubernetes publicznie w 2014. Kubernetes korzysta z +[piętnastoletniego doświadczenia Google w uruchamianiu wielkoskalowych serwisów](/blog/2015/04/borg-predecessor-to-kubernetes/) +i łączy je z najlepszymi pomysłami i praktykami wypracowanymi przez społeczność. + +## Trochę historii + +Aby zrozumieć, dlaczego Kubernetes stał się taki przydatny, cofnijmy sie trochę w czasie. + +![Jak zmieniały sie metody wdrożeń](/images/docs/Container_Evolution.svg) + +**Era wdrożeń tradycyjnych:** +Na początku aplikacje uruchamiane były na fizycznych serwerach. Nie było możliwości separowania zasobów poszczególnych aplikacji, +co prowadziło do problemów z alokacją zasobów. +Przykładowo, kiedy wiele aplikacji jest uruchomionych na jednym fizycznym serwerze, +część tych aplikacji może zużyć większość dostępnych zasobów, powodując spowolnienie działania innych. +Rozwiązaniem tego problemu mogło być uruchamianie każdej aplikacji na osobnej maszynie. +Niestety, takie podejście ograniczało skalowanie, ponieważ większość zasobów nie była w pełni wykorzystywana, +a utrzymanie wielu fizycznych maszyn było kosztowne. + +**Era wdrożeń w środowiskach wirtualnych:** Jako rozwiązanie zaproponowano wirtualizację, która umożliwia +uruchamianie wielu maszyn wirtualnych (VM) na jednym procesorze fizycznego serwera. Wirtualizacja pozwala +izolować aplikacje pomiędzy maszynami wirtualnymi, zwiększając w ten sposób bezpieczeństwo, jako że informacje +związane z jedną aplikacją nie są w łatwy sposób dostępne dla pozostałych. + +Wirtualizacja pozwala lepiej wykorzystywać zasoby fizycznego serwera i lepiej skalować, +ponieważ aplikacje mogą być łatwo dodawane oraz aktualizowane, pozwala ograniczyć koszty sprzętu +oraz ma wiele innych zalet. +Za pomocą wirtualizacji można udostępnić wybrane zasoby fizyczne jako klaster maszyn wirtualnych "wielokrotnego użytku". + +Każda maszyna wirtualna jest pełną maszyną zawierającą własny system operacyjny +pracujący na zwirtualizowanej warstwie sprzętowej. + +**Era wdrożeń w kontenerach:** Kontenery działają w sposób zbliżony do maszyn wirtualnych, +ale mają mniejszy stopnień wzajemnej izolacji, współdzieląc ten sam system operacyjny. +Kontenery określane są mianem "lekkich". Podobnie, jak maszyna wirtualna, +kontener posiada własny system plików, udział w zasobach procesora, pamięć, przestrzeń procesów itd. +Ponieważ kontenery są definiowane rozłącznie od leżących poniżej warstw infrastruktury, +mogą być łatwiej przenoszone pomiędzy chmurami i różnymi dystrybucjami systemu operacyjnego. + +Kontenery zyskały popularność ze względu na swoje zalety, takie jak: + +* Szybkość i elastyczność w tworzeniu i instalacji aplikacji: +obraz kontenera buduje się łatwiej niż obraz VM. +* Ułatwienie ciągłego rozwoju, integracji oraz wdrażania aplikacji (*Continuous development, integration, and deployment*): +obrazy kontenerów mogą być budowane w sposób wiarygodny i częsty. +W razie potrzeby, przywrócenie poprzedniej wersji aplikacji jest stosunkowo łatwie (ponieważ obrazy są niezmienne). +* Rozdzielenie zadań *Dev* i *Ops*: obrazy kontenerów powstają w fazie *build/release*, +a nie w trakcie procesu instalacji, +oddzielając w ten sposób aplikacje od infrastruktury. +* Obserwowalność obejmuje nie tylko informacje i metryki z poziomu systemu operacyjnego, +ale także poprawność działania samej aplikacji i inne sygnały. +* Spójność środowiska na etapach rozwoju oprogramowania, testowania i działania w trybie produkcyjnym: +działa w ten sam sposób na laptopie i w chmurze. +* Możliwość przenoszenia pomiędzy systemami operacyjnymi i platformami chmurowymi: Ubuntu, RHEL, CoreOS, +prywatnymi centrami danych, największymi dostawcami usług chmurowych czy gdziekolwiek indziej. +* Zarządzanie, które w centrum uwagi ma aplikacje: Poziom abstrakcji przeniesiony jest z warstwy systemu operacyjnego +działającego na maszynie wirtualnej na poziom działania aplikacji, która działa na systemie operacyjnym używając zasobów logicznych. +* Luźno powiązane, rozproszone i elastyczne "swobodne" mikro serwisy: Aplikacje podzielone są na mniejsze, niezależne komponenty, +które mogą być dynamicznie uruchamiane i zarządzane - +nie jest to monolityczny system działający na jednej, dużej maszynie dedykowanej na wyłączność. +* Izolacja zasobów: wydajność aplikacji możliwa do przewidzenia +* Wykorzystanie zasobów: wysoka wydajność i upakowanie. + +## Do czego potrzebujesz Kubernetesa i jakie są jego możliwości {#why-you-need-kubernetes-and-what-can-it-do} + +Kontenery są dobrą metodą na opakowywanie i uruchamianie aplikacji. +W środowisku produkcyjnym musisz zarządzać kontenerami, w których działają aplikacje i pilnować, aby nie było żadnych przerw w ich dostępności. +Przykładowo, kiedy jeden z kontenerów przestaje działać, musi zostać wymieniony. +Nie byłoby prościej, aby takimi działaniami zajmował się jakiś system? + +I tu właśnie przychodzi z pomocą Kubernetes! +Kubernetes zapewnia środowisko do uruchamiania systemów rozproszonych o wysokiej niezawodności. +Kubernetes obsługuje skalowanie aplikacji, przełączanie w sytuacjach awaryjnych, różne scenariusze wdrożeń itp. +Przykładowo, Kubernetes w łatwy sposób może zarządzać wdrożeniem nowej wersji oprogramowania zgodnie z metodyką *canary deployments*. + +Kubernetes zapewnia: + +* **Detekcję nowych serwisów i balansowanie ruchu** +Kubernetes może udostępnić kontener używając nazwy DNS lub swojego własnego adresu IP. +Jeśli ruch przychodzący do kontenera jest duży, Kubernetes może balansować obciążenie i przekierować ruch sieciowy, +aby zapewnić stabilność całej instalacji. +* **Zarządzanie obsługą składowania danych** +Kubernetes umożliwia automatyczne montowanie systemów składowania danych dowolnego typu — +lokalnych, od dostawców chmurowych i innych. +* **Automatyczne wdrożenia i wycofywanie zmian** +Możesz opisać oczekiwany stan instalacji za pomocą Kubernetesa, +który zajmie się doprowadzeniem w sposób kontrolowany stanu faktycznego do stanu oczekiwanego. +Przykładowo, przy pomocy Kubernetesa możesz zautomatyzować proces tworzenia nowych kontenerów +na potrzeby swojego wdrożenia, usuwania istniejących i przejęcia zasobów przez nowe kontenery. +* **Automatyczne zarządzanie dostępnymi zasobami** +Twoim zadaniem jest dostarczenie klastra maszyn, które Kubernetes może wykorzystać do uruchamiania zadań w kontenerach. +Określasz zapotrzebowanie na moc procesora i pamięć RAM dla każdego z kontenerów. +Kubernetes rozmieszcza kontenery na maszynach w taki sposób, aby jak najlepiej wykorzystać dostarczone zasoby. +* **Samoczynne naprawianie** +Kubernetes restartuje kontenery, które przestały działać, wymienia je na nowe, wymusza wyłączenie kontenerów, +które nie odpowiadają na określone zapytania o stan +i nie rozgłasza powiadomień o ich dostępności tak długo, dopóki nie są gotowe do działania. +* **Zarządzanie informacjami poufnymi i konfiguracją** +Kubernetes pozwala składować i zarządzać informacjami poufnymi, takimi jak hasła, tokeny OAuth czy klucze SSH. +Informacje poufne i zawierające konfigurację aplikacji mogą być dostarczane i zmieniane bez konieczności ponownego budowania obrazu kontenerów +i bez ujawniania poufnych danych w ogólnej konfiguracji oprogramowania. + +## Czym Kubernetes nie jest + +Kubernetes nie jest tradycyjnym, zawierającym wszystko systemem PaaS *(Platform as a Service)*. +Ponieważ Kubernetes działa w warstwie kontenerów, a nie sprzętu, posiada różne funkcjonalności ogólnego zastosowania, +wspólne dla innych rozwiązań PaaS, takie jak: instalacje *(deployments)*, skalowanie i balansowanie ruchu, +umożliwiając użytkownikom integrację rozwiązań służących do logowania, monitoringu i ostrzegania. +Co ważne, Kubernetes nie jest monolitem i domyślnie dostępne rozwiązania są opcjonalne i działają jako wtyczki. +Kubernetes dostarcza elementy, z których może być zbudowana platforma deweloperska, +ale pozostawia użytkownikowi wybór i elastyczność tam, gdzie jest to ważne. + +Kubernetes: + +* Nie ogranicza typów aplikacji, które są obsługiwane. Celem Kubernetesa jest możliwość obsługi bardzo różnorodnego typu zadań, +włączając w to aplikacje bezstanowe (*stateless*), aplikacje ze stanem (*stateful*) i ogólne przetwarzanie danych. +Jeśli jakaś aplikacja może działać w kontenerze, będzie doskonale sobie radzić w środowisku Kubernetesa. +* Nie oferuje wdrażania aplikacji wprost z kodu źródłowego i nie buduje aplikacji. +Procesy Continuous Integration, Delivery, and Deployment (CI/CD) są zależne od kultury pracy organizacji, +jej preferencji oraz wymagań technicznych. +* Nie dostarcza serwisów z warstwy aplikacyjnej, takich jak warstwy pośrednie *middleware* (np. broker wiadomości), +środowiska analizy danych (np. Spark), bazy danych (np. MySQL), +cache ani klastrowych systemów składowania danych (np. Ceph) jako usług wbudowanych. +Te składniki mogą być uruchamiane na klastrze Kubernetes i udostępniane innym aplikacjom przez przenośne rozwiązania, +takie jak [Open Service Broker](https://openservicebrokerapi.org/). +* Nie wymusza użycia konkretnych systemów zbierania logów, monitorowania ani ostrzegania. +Niektóre z tych rozwiązań są udostępnione jako przykłady. Dostępne są też mechanizmy do gromadzenia i eksportowania różnych metryk. +* Nie dostarcza, ani nie wymusza języka/systemu używanego do konfiguracji (np. Jsonnet). +Udostępnia API typu deklaratywnego, z którego można korzystać za pomocą różnych metod wykorzystujących deklaratywne specyfikacje. +* Nie zapewnia, ani nie wykorzystuje żadnego ogólnego systemu do zarządzania konfiguracją, +utrzymaniem i samo-naprawianiem maszyn. +* Co więcej, nie jest zwykłym systemem planowania *(orchestration)*. W rzeczywistości, eliminuje konieczność orkiestracji. +Zgodnie z definicją techniczną, orkiestracja to wykonywanie określonego ciągu zadań: najpierw A, potem B i następnie C. Dla kontrastu, +Kubernetes składa się z wielu niezależnych, możliwych do złożenia procesów sterujących, +których zadaniem jest doprowadzenie stanu faktycznego do stanu oczekiwanego. Nie ma znaczenia, w jaki sposób przechodzi się od A do C. +Nie ma konieczności scentralizowanego zarządzania. Dzięki temu otrzymujemy system, który jest potężniejszy, +bardziej odporny i niezawodny i dający więcej możliwości rozbudowy. + +## {{% heading "whatsnext" %}} + +* Poczytaj o [komponentach Kubernetesa](/pl/docs/concepts/overview/components/) +* Poczytaj o [API Kubernetesa](/docs/concepts/overview/kubernetes-api/) +* Poczytaj o [architekturze klastra](/docs/concepts/architecture/) +* Jesteś gotowy [zacząć pracę](/pl/docs/setup/)? diff --git a/content/pl/docs/concepts/overview/what-is-kubernetes.md b/content/pl/docs/concepts/overview/what-is-kubernetes.md deleted file mode 100644 index 7391ed6602c80..0000000000000 --- a/content/pl/docs/concepts/overview/what-is-kubernetes.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Kubernetes — co to jest? -description: > - Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach. Umożliwia ich deklaratywną konfigurację i automatyzację. Kubernetes posiada duży i dynamicznie rozwijający się ekosystem. Szeroko dostępne są serwisy, wsparcie i dodatkowe narzędzia. -content_type: concept -weight: 10 -card: - name: concepts - weight: 10 -sitemap: - priority: 0.9 ---- - - -Na tej stronie znajdziesz ogólne informacje o Kubernetesie. - - -Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach, która umożliwia deklaratywną konfigurację i automatyzację. Ekosystem Kubernetesa jest duży i dynamicznie się rozwija. Serwisy Kubernetesa, wsparcie i narzędzia są szeroko dostępne. - -Nazwa Kubernetes pochodzi z greki i oznacza sternika albo pilota. Skrót K8s powstał poprzez zastąpienie ośmiu liter pomiędzy "K" i "s" .Google otworzyło projekt Kubernetes publicznie w 2014. Kubernetes korzysta z [piętnastoletniego doświadczenia Google w uruchamianiu wielkoskalowych serwisów](/blog/2015/04/borg-predecessor-to-kubernetes/) i łączy je z najlepszymi pomysłami i praktykami wypracowanymi przez społeczność. - -## Trochę historii - -Aby zrozumieć, dlaczego Kubernetes stał się taki przydatny, cofnijmy sie trochę w czasie. - -![Jak zmieniały sie metody wdrożeń](/images/docs/Container_Evolution.svg) - -**Era wdrożeń tradycyjnych:** -Na początku aplikacje uruchamiane były na fizycznych serwerach. Nie było możliwości separowania zasobów poszczególnych aplikacji, co prowadziło do problemów z alokacją zasobów. Przykładowo, kiedy wiele aplikacji jest uruchomionych na jednym fizycznym serwerze, część tych aplikacji może zużyć większość dostępnych zasobów, powodując spowolnienie działania innych. Rozwiązaniem tego problemu mogło być uruchamianie każdej aplikacji na osobnej maszynie. Niestety, takie podejście ograniczało skalowanie, ponieważ większość zasobów nie była w pełni wykorzystywana, a utrzymanie wielu fizycznych maszyn było kosztowne. - -**Era wdrożeń w środowiskach wirtualnych:** -Jako rozwiązanie zaproponowano wirtualizację, która umożliwiała uruchamianie wielu maszyn wirtualnych (VM) na jednym procesorze fizycznego serwera. Wirtualizacja pozwalała izolować aplikacje pomiędzy maszynami wirtualnymi i osiągnąć pewien poziom bezpieczeństwa, jako że informacje związane z jedną aplikacją nie były w łatwy sposób dostępne dla pozostałych. - -Wirtualizacja pozwala lepiej wykorzystywać zasoby fizycznego serwera i lepiej skalować, ponieważ aplikacje mogą być łatwo dodawane oraz aktualizowane, pozwala ograniczyć koszty sprzętu oraz ma wiele innych zalet. Za pomocą wirtualizacji można udostępnić wybrane zasoby fizyczne jako klaster maszyn wirtualnych "wielokrotnego użytku". - -Każda maszyna wirtualna jest pełną maszyną zawierającą własny system operacyjny pracujący na zwirtualizowanej warstwie sprzętowej. - -**Era wdrożeń w kontenerach:** -Kontenery działają w sposób zbliżony do maszyn wirtualnych, ale mają mniejszy stopnień wzajemnej izolacji, współdzieląc ten sam system operacyjny. Kontenery określane są mianem "lekkich". Podobnie, jak maszyna wirtualna, kontener posiada własny system plików, udział w zasobach procesora, pamięć, przestrzeń procesów itd. Ponieważ kontenery nie są związane z leżącymi poniżej warstwami infrastruktury, mogą być łatwiej przenoszone pomiędzy chmurami i różnymi dystrybucjami systemu operacyjnego. - -Kontenery zyskały popularność ze względu na swoje zalety, takie jak: - -* Szybkość i elastyczność w tworzeniu i instalacji aplikacji: obraz kontenera buduje się łatwiej niż obraz VM. -* Ułatwienie ciągłego rozwoju, integracji oraz wdrażania aplikacji (*Continuous development, integration, and deployment*): obrazy kontenerów mogą być budowane w sposób wiarygodny i częsty. Wycofywanie zmian jest skuteczne i szybkie (ponieważ obrazy są niezmienne). -* Rozdzielenie zadań *Dev* i *Ops*: obrazy kontenerów powstają w fazie *build/release*, oddzielając w ten sposób aplikacje od infrastruktury. -* Obserwowalność obejmuje nie tylko informacje i metryki z poziomu systemu operacyjnego, ale także poprawność działania samej aplikacji i inne sygnały. -* Spójność środowiska na etapach rozwoju oprogramowania, testowania i działania w trybie produkcyjnym: działa w ten sam sposób na laptopie i w chmurze. -* Możliwość przenoszenia pomiędzy systemami operacyjnymi i platformami chmurowymi: Ubuntu, RHEL, CoreOS, prywatnymi centrami danych, największymi dostawcami usług chmurowych czy gdziekolwiek indziej. -* Zarządzanie, które w centrum uwagi ma aplikacje: Poziom abstrakcji przeniesiony jest z warstwy systemu operacyjnego działającego na maszynie wirtualnej na poziom działania aplikacji, która działa na systemie operacyjnym używając zasobów logicznych. -* Luźno powiązane, rozproszone i elastyczne "swobodne" mikro serwisy: Aplikacje podzielone są na mniejsze, niezależne komponenty, które mogą być dynamicznie uruchamiane i zarządzane - nie jest to monolityczny system działający na jednej, dużej maszynie dedykowanej na wyłączność. -* Izolacja zasobów: wydajność aplikacji możliwa do przewidzenia -* Wykorzystanie zasobów: wysoka wydajność i upakowanie. - -## Do czego potrzebujesz Kubernetesa i jakie są jego możliwości - -Kontenery są dobrą metodą na opakowywanie i uruchamianie aplikacji. W środowisku produkcyjnym musisz zarządzać kontenerami, w których działają aplikacje i pilnować, aby nie było żadnych przerw w ich dostępności. Przykładowo, kiedy jeden z kontenerów przestaje działać, inny musi zostać uruchomiony. Nie byłoby prościej, aby takimi działaniami zajmował się jakiś system? - -I tu właśnie Kubernetes przychodzi z pomocą! Kubernetes dostarcza środowisko do uruchamiania systemów rozproszonych o wysokiej niezawodności. Kubernetes obsługuje skalowanie aplikacji, przełączanie w sytuacjach awaryjnych, różne scenariusze wdrożeń itp. Przykładowo, Kubernetes w łatwy sposób może zarządzać wdrożeniem nowej wersji oprogramowania zgodnie z metodyką *canary deployments*. - -Kubernetes zapewnia: - -* **Detekcję nowych serwisów i balansowanie ruchu** -Kubernetes może udostępnić kontener używając nazwy DNS lub swojego własnego adresu IP. Jeśli ruch przychodzący do kontenera jest duży, Kubernetes może balansować obciążenie i przekierować ruch sieciowy, aby zapewnić stabilność całej instalacji. -* **Zarządzanie obsługą składowania danych** -Kubernetes umożliwia automatyczne montowanie systemów składowania danych dowolnego typu — lokalnych, od dostawców chmurowych i innych. -* **Automatyczne wdrożenia i wycofywanie zmian** -Możesz opisać oczekiwany stan instalacji za pomocą Kubernetesa, który zajmie się doprowadzeniem w sposób kontrolowany stanu faktycznego do stanu oczekiwanego. Przykładowo, przy pomocy Kubernetesa możesz zautomatyzować proces tworzenia nowych kontenerów na potrzeby swojego wdrożenia, usuwania istniejących i przejęcia zasobów przez nowe kontenery. -* **Automatyczne zarządzanie dostępnymi zasobami** -Twoim zadaniem jest dostarczenie klastra maszyn, które Kubernetes może wykorzystać do uruchamiania zadań w kontenerach. Określasz zapotrzebowanie na moc procesora i pamięć RAM dla każdego z kontenerów. Kubernetes rozmieszcza kontenery na maszynach w taki sposób, aby jak najlepiej wykorzystać dostarczone zasoby. -* **Samoczynne naprawianie** -Kubernetes restartuje kontenery, które przestały działać, wymienia je na nowe, wymusza wyłączenie kontenerów, które nie odpowiadają na określone zapytania o stan i nie rozgłasza powiadomień o ich dostępności tak długo, dopóki nie są gotowe do działania. -* **Zarządzanie informacjami poufnymi i konfiguracją** -Kubernetes pozwala składować i zarządzać informacjami poufnymi, takimi jak hasła, tokeny OAuth i klucze SSH. Informacje poufne i zawierające konfigurację aplikacji mogą być dostarczane i zmieniane bez konieczności ponownego budowania obrazu kontenerów i bez ujawniania poufnych danych w ogólnej konfiguracji oprogramowania. - -## Czym Kubernetes nie jest - -Kubernetes nie jest tradycyjnym, zawierającym wszystko systemem PaaS *(Platform as a Service)*. Ponieważ Kubernetes działa w warstwie kontenerów, a nie sprzętu, posiada różne funkcjonalności ogólnego zastosowania, wspólne dla innych rozwiązań PaaS, takie jak: instalacje *(deployments)*, skalowanie i balansowanie ruchu, umożliwiając użytkownikom integrację rozwiązań służących do logowania, monitoringu i ostrzegania. Co ważne, Kubernetes nie jest monolitem i domyślnie dostępne rozwiązania są opcjonalne i działają jako wtyczki. Kubernetes dostarcza elementy, z których może być zbudowana platforma deweloperska, ale pozostawia użytkownikowi wybór i elastyczność tam, gdzie jest to ważne. - -Kubernetes: - -* Nie ogranicza typów aplikacji, które są obsługiwane. Celem Kubernetesa jest możliwość obsługi bardzo różnorodnego typu zadań, włączając w to aplikacje bezstanowe (*stateless*), aplikacje ze stanem (*stateful*) i ogólne przetwarzanie danych. Jeśli jakaś aplikacja może działać w kontenerze, będzie doskonale sobie radzić w środowisku Kubernetesa. -* Nie oferuje wdrażania aplikacji wprost z kodu źródłowego i nie buduje aplikacji. Procesy Continuous Integration, Delivery, and Deployment (CI/CD) są zależne od kultury pracy organizacji, jej preferencji oraz wymagań technicznych. -* Nie dostarcza serwisów z warstwy aplikacyjnej, takich jak warstwy pośrednie *middleware* (np. broker wiadomości), środowiska analizy danych (np. Spark), bazy danych (np. MySQL), cache ani klastrowych systemów składowania danych (np. Ceph) jako usług wbudowanych. Te składniki mogą być uruchamiane na klastrze Kubernetes i udostępniane innym aplikacjom przez przenośne rozwiązania, takie jak [Open Service Broker](https://openservicebrokerapi.org/). -* Nie wymusza użycia konkretnych systemów zbierania logów, monitorowania ani ostrzegania. Niektóre z tych rozwiązań są udostępnione jako przykłady. Dostępne są też mechanizmy do gromadzenia i eksportowania różnych metryk. -* Nie dostarcza, ani nie wymusza języka/systemu używanego do konfiguracji (np. Jsonnet). Udostępnia API typu deklaratywnego, z którego można korzystać za pomocą różnych metod wykorzystujących deklaratywne specyfikacje. -* Nie zapewnia, ani nie wykorzystuje żadnego ogólnego systemu do zarządzania konfiguracją, utrzymaniem i samo-naprawianiem maszyn. -* Co więcej, nie jest zwykłym systemem planowania *(orchestration)*. W rzeczywistości, eliminuje konieczność orkiestracji. Zgodnie z definicją techniczną, orkiestracja to wykonywanie określonego ciągu zadań: najpierw A, potem B i następnie C. Dla kontrastu, Kubernetes składa się z wielu niezależnych, możliwych do złożenia procesów sterujących, których zadaniem jest doprowadzenie stanu faktycznego do stanu oczekiwanego. Nie ma znaczenia, w jaki sposób przechodzi się od A do C. Nie ma konieczności scentralizowanego zarządzania. Dzięki temu otrzymujemy system, który jest potężniejszy, bardziej odporny i niezawodny i dający więcej możliwości rozbudowy. - -## {{% heading "whatsnext" %}} - -* Dowiedz się o [komponentach Kubernetesa](/pl/docs/concepts/overview/components/) -* Jesteś gotowy [zacząć pracę](/pl/docs/setup/)? From 0d2bb2c8ac453e0911cbf1c74c2da07375115c96 Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sun, 5 Feb 2023 11:12:26 -0300 Subject: [PATCH 058/537] Changes from code review. --- .../docs/tasks/tools/included/kubectl-convert-overview.md | 2 +- .../tools/included/optional-kubectl-configs-bash-linux.md | 8 ++++---- .../tasks/tools/included/optional-kubectl-configs-fish.md | 4 ++-- .../tasks/tools/included/optional-kubectl-configs-zsh.md | 8 ++++---- content/pt-br/docs/tasks/tools/install-kubectl-linux.md | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md b/content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md index 3920c64f31b45..4f7460921a999 100644 --- a/content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md +++ b/content/pt-br/docs/tasks/tools/included/kubectl-convert-overview.md @@ -1,7 +1,7 @@ --- title: "Visão geral do kubectl-convert" description: >- - Um plugin `kubectl` que permite converter manifestos entre diferentes versões da API. + Um plugin para o `kubectl` que permite converter manifestos entre diferentes versões da API. headless: true _build: list: never diff --git a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md index 9f56cf51cf43b..0032395f862ba 100644 --- a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md +++ b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-bash-linux.md @@ -10,7 +10,7 @@ _build: ### Introdução -O script de autocompletar do kubectl para Bash pode ser gerado com o comando `kubectl completion bash`. O script permite habilitar o kubectl autocompletar no seu shell. +O script de autocompletar do kubectl para Bash pode ser gerado com o comando `kubectl completion bash`. O script permite habilitar o autocompletar do kubectl no seu shell. No entanto, o script autocompletar depende do [**bash-completion**](https://github.com/scop/bash-completion), o que significa que você precisa instalar este software primeiro (executando `type _init_completion` você pode testar se tem o bash-completion instalado). @@ -28,11 +28,11 @@ source /usr/share/bash-completion/bash_completion Recarregue o seu shell e verifique se o bash-completion está instalado corretamente digitando `type _init_completion`. -### Ative o kubectl autocompletar +### Ative o autocompletar do kubectl #### Bash -Agora você precisa garantir que o kubectl autocompletar esteja ativo em todas as suas sessões shell. Existem duas maneiras pelas quais você pode fazer isso: +Agora você precisa garantir que o autocompletar do kubectl esteja ativo em todas as suas sessões shell. Existem duas maneiras pelas quais você pode fazer isso: {{< tabs name="kubectl_bash_autocompletion" >}} {{< tab name="User" codelang="bash" >}} @@ -54,7 +54,7 @@ echo 'complete -o default -F __start_kubectl k' >>~/.bashrc bash-completion fornece todos os scripts de autocompletar em `/etc/bash_completion.d`. {{< /note >}} -Todas as abordagens são equivalentes. Depois de recarregar seu shell, o kubectl autocompletar deve estar funcionando. Para ativar o autocompletar do bash na sessão atual do shell, execute `exec bash`: +Todas as abordagens são equivalentes. Depois de recarregar seu shell, o autocompletar do kubectl deve estar funcionando. Para ativar o autocompletar do bash na sessão atual do shell, execute `exec bash`: ```bash exec bash diff --git a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md index 56d50a8108883..38551680534fb 100644 --- a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md +++ b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-fish.md @@ -12,7 +12,7 @@ _build: O autocompletar para Fish requer kubectl 1.23 ou posterior. {{< /note >}} -O script de autocompletar do kubectl para Fish pode ser gerado com o comando `kubectl completion fish`. O script permite habilitar o kubectl autocompletar no seu shell. +O script de autocompletar do kubectl para Fish pode ser gerado com o comando `kubectl completion fish`. O script permite habilitar o autocompletar do kubectl no seu shell. Para fazer isso em todas as suas sessões do shell, adicione a seguinte linha ao seu arquivo `~/.config/fish/config.fish`: @@ -20,4 +20,4 @@ Para fazer isso em todas as suas sessões do shell, adicione a seguinte linha ao kubectl completion fish | source ``` -Depois de recarregar seu shell, o kubectl autocompletar deve estar funcionando. +Depois de recarregar seu shell, o autocompletar do kubectl deve estar funcionando. diff --git a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md index caa0e485c5096..1007237de9e45 100644 --- a/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md +++ b/content/pt-br/docs/tasks/tools/included/optional-kubectl-configs-zsh.md @@ -8,9 +8,9 @@ _build: publishResources: false --- -O script de autocompletar do kubectl para Zsh pode ser gerado com o comando `kubectl completion zsh`. Este script habilita o kubectl autocompletar no seu shell. +O script de autocompletar do kubectl para Zsh pode ser gerado com o comando `kubectl completion zsh`. Este script habilita o autocompletar do kubectl no seu shell. -Para fazer isso em todas as suas sessões de shell, adicione a seguinte linha no arquivo ~/.zshrc: +Para fazer isso em todas as suas sessões de shell, adicione a seguinte linha no arquivo `~/.zshrc`: ```zsh source <(kubectl completion zsh) @@ -18,9 +18,9 @@ source <(kubectl completion zsh) Se você tiver um alias para kubectl, o autocompletar funcionará automaticamente com ele. -Depois de recarregar seu shell, o kubectl autocompletar deve estar funcionando. +Depois de recarregar seu shell, o autocompletar do kubectl deve estar funcionando. -Se você receber um erro como `2: command not found: compdef`, adicione o seguinte bloco ao início do seu arquivo `~/.zshrc`: +Se você ver um erro similar a `2: command not found: compdef`, adicione o seguinte bloco ao início do seu arquivo `~/.zshrc`: ```zsh autoload -Uz compinit diff --git a/content/pt-br/docs/tasks/tools/install-kubectl-linux.md b/content/pt-br/docs/tasks/tools/install-kubectl-linux.md index 19538ac4febf5..5487d215c2ff5 100644 --- a/content/pt-br/docs/tasks/tools/install-kubectl-linux.md +++ b/content/pt-br/docs/tasks/tools/install-kubectl-linux.md @@ -10,7 +10,7 @@ card: ## {{% heading "prerequisites" %}} -Você deve usar uma versão kubectl que esteja próxima da versão do seu cluster. Por exemplo, um cliente v1.26 pode se comunicar com as versões v1.25, v1.26 e v1.27 da camada de gerenciamento. Usar a versão compatível mais recente do kubectl ajuda a evitar problemas inesperados. +Você deve usar uma versão do kubectl que esteja próxima da versão do seu cluster. Por exemplo, um cliente v1.26 pode se comunicar com as versões v1.25, v1.26 e v1.27 da camada de gerenciamento. Usar a versão compatível mais recente do kubectl ajuda a evitar problemas inesperados. ## Instale o kubectl no Linux From 96b174da80f59912b64690a0a6c6e5dd4e716c75 Mon Sep 17 00:00:00 2001 From: Yuiko Mouri Date: Mon, 6 Feb 2023 09:16:37 +0900 Subject: [PATCH 059/537] [ja]Fix invalid Japanese words --- content/ja/case-studies/sos/index.html | 2 +- .../concepts/configuration/manage-resources-containers.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/ja/case-studies/sos/index.html b/content/ja/case-studies/sos/index.html index c63fa4ab516e6..07ab28aad6dcc 100644 --- a/content/ja/case-studies/sos/index.html +++ b/content/ja/case-studies/sos/index.html @@ -37,7 +37,7 @@

    影響

    SOS Internationalは60年にわたり、北欧諸国の顧客に信頼性の高い緊急医療および旅行支援を提供してきました。 {{< /case-studies/lead >}} -

    SOSのオペレータは年間100万件の案件を扱い、100万件以上の電話を処理しています。しかし、過去4年間で同社のビジネス戦略にデジタル空間でのますます激しい開発が必要になりました。

    +

    SOSのオペレーターは年間100万件の案件を扱い、100万件以上の電話を処理しています。しかし、過去4年間で同社のビジネス戦略にデジタル空間でのますます激しい開発が必要になりました。

    ITシステムに関していえば、会社のデータセンターで稼働する3つの伝統的なモノリスとウォーターフォールアプローチにおいて「SOSは非常に断片化された資産があります。」とエンタープライズアーキテクチャ責任者のMartin Ahrentsen氏は言います。「市場投入までの時間を短縮し、効率を高めるために新しい技術と新しい働き方の両方を導入する必要がありました。それははるかに機敏なアプローチであり、それをビジネスに提供するために役立つプラットフォームが必要でした。」

    diff --git a/content/ja/docs/concepts/configuration/manage-resources-containers.md b/content/ja/docs/concepts/configuration/manage-resources-containers.md index 499e2a7214976..8dc1b36f636b6 100644 --- a/content/ja/docs/concepts/configuration/manage-resources-containers.md +++ b/content/ja/docs/concepts/configuration/manage-resources-containers.md @@ -378,7 +378,7 @@ Kubernetesが使用しないようにする必要があります。 ## 拡張リソース {#extended-resources} 拡張リソースは`kubernetes.io`ドメインの外で完全に修飾されたリソース名です。 -これにより、クラスタオペレータはKubernetesに組み込まれていないリソースをアドバタイズし、ユーザはそれを利用することができるようになります。 +これにより、クラスタオペレーターはKubernetesに組み込まれていないリソースをアドバタイズし、ユーザはそれを利用することができるようになります。 拡張リソースを使用するためには、2つのステップが必要です。 第一に、クラスタオペレーターは拡張リソースをアドバタイズする必要があります。 @@ -394,7 +394,7 @@ Nodeレベルの拡張リソースはNodeに関連付けられています。 各Nodeにデバイスプラグインで管理されているリソースをアドバタイズする方法については、[デバイスプラグイン](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/)を参照してください。 ##### その他のリソース {#other-resources} -新しいNodeレベルの拡張リソースをアドバタイズするには、クラスタオペレータはAPIサーバに`PATCH`HTTPリクエストを送信し、クラスタ内のNodeの`status.capacity`に利用可能な量を指定します。 +新しいNodeレベルの拡張リソースをアドバタイズするには、クラスタオペレーターはAPIサーバに`PATCH`HTTPリクエストを送信し、クラスタ内のNodeの`status.capacity`に利用可能な量を指定します。 この操作の後、ノードの`status.capacity`には新しいリソースが含まれます。 `status.allocatable`フィールドは、kubeletによって非同期的に新しいリソースで自動的に更新されます。 スケジューラはPodの適合性を評価する際にNodeの`status.allocatable`値を使用するため、Nodeの容量に新しいリソースを追加してから、そのNodeでリソースのスケジューリングを要求する最初のPodが現れるまでには、短い遅延が生じる可能性があることに注意してください。 From f6c26cafe8d2364b16346e7529073e07245ae273 Mon Sep 17 00:00:00 2001 From: "paul.zhang" Date: Mon, 6 Feb 2023 17:31:31 +0800 Subject: [PATCH 060/537] =?UTF-8?q?[zh-cn]Fix=20delete=20extra=20words?= =?UTF-8?q?=E2=80=9C=EF=BC=8C=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 删除多余的“,” --- .../docs/concepts/scheduling-eviction/node-pressure-eviction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md b/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md index 401ca43d543c1..c68809b40aea5 100644 --- a/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md +++ b/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md @@ -238,7 +238,7 @@ the kubelet uses the lesser of the two grace periods. If you do not specify a maximum allowed grace period, the kubelet kills evicted pods immediately without graceful termination. --> -你可以既指定软驱逐条件宽限期,又指定 Pod 终止宽限期的上限,,给 kubelet 在驱逐期间使用。 +你可以既指定软驱逐条件宽限期,又指定 Pod 终止宽限期的上限,给 kubelet 在驱逐期间使用。 如果你指定了宽限期的上限并且 Pod 满足软驱逐阈条件,则 kubelet 将使用两个宽限期中的较小者。 如果你没有指定宽限期上限,kubelet 会立即杀死被驱逐的 Pod,不允许其体面终止。 From ca3daacc172c45c6c5e4cbeab20ae1f2929ba337 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 6 Feb 2023 20:37:55 +0900 Subject: [PATCH 061/537] remove obsolete caution about cordon --- content/ja/docs/concepts/architecture/nodes.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/content/ja/docs/concepts/architecture/nodes.md b/content/ja/docs/concepts/architecture/nodes.md index c61b63b63d1df..582f3172e2b64 100644 --- a/content/ja/docs/concepts/architecture/nodes.md +++ b/content/ja/docs/concepts/architecture/nodes.md @@ -223,11 +223,6 @@ kubeletが`NodeStatus`とLeaseオブジェクトの作成および更新を担 ノードコントローラーは、Podがtaintを許容しない場合、 `NoExecute`のtaintを持つノード上で実行されているPodを排除する責務もあります。 さらに、ノードコントローラーはノードに到達できない、または準備ができていないなどのノードの問題に対応する{{< glossary_tooltip text="taint" term_id="taint" >}}を追加する責務があります。これはスケジューラーが、問題のあるノードにPodを配置しない事を意味しています。 -{{< caution >}} -`kubectl cordon`はノードに'unschedulable'としてマークします。それはロードバランサーのターゲットリストからノードを削除するという -サービスコントローラーの副次的な効果をもたらします。これにより、ロードバランサトラフィックの流入をcordonされたノードから効率的に除去する事ができます。 -{{< /caution >}} - ### ノードのキャパシティ {#node-capacity} Nodeオブジェクトはノードのリソースキャパシティ(CPUの数とメモリの量)を監視します。 From 6fc72c068078685d3a92c668f36081cb5f59870b Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Tue, 31 Jan 2023 16:16:33 +0800 Subject: [PATCH 062/537] Fix examples test for newly changed example manifest The newly changed `my-scheduler.yaml` breaks the test case. This PR fixes it. --- content/en/examples/examples_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/en/examples/examples_test.go b/content/en/examples/examples_test.go index 670131237dad9..82c2fdc14aa99 100644 --- a/content/en/examples/examples_test.go +++ b/content/en/examples/examples_test.go @@ -320,6 +320,8 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) { case *rbac.ClusterRoleBinding: // clusterolebinding does not accept namespace errors = rbac_validation.ValidateClusterRoleBinding(t) + case *rbac.RoleBinding: + errors = rbac_validation.ValidateRoleBinding(t) case *storage.StorageClass: // storageclass does not accept namespace errors = storage_validation.ValidateStorageClass(t) @@ -454,7 +456,7 @@ func TestExampleObjectSchemas(t *testing.T) { }, "admin/sched": { "clusterrole": {&rbac.ClusterRole{}}, - "my-scheduler": {&api.ServiceAccount{}, &rbac.ClusterRoleBinding{}, &rbac.ClusterRoleBinding{}, &api.ConfigMap{}, &apps.Deployment{}}, + "my-scheduler": {&api.ServiceAccount{}, &rbac.ClusterRoleBinding{}, &rbac.ClusterRoleBinding{}, &rbac.RoleBinding{}, &api.ConfigMap{}, &apps.Deployment{}}, "pod1": {&api.Pod{}}, "pod2": {&api.Pod{}}, "pod3": {&api.Pod{}}, From f67d9b2358af57af1f42f9f195a3b30d8f493c75 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Wed, 8 Feb 2023 14:01:47 -0300 Subject: [PATCH 063/537] [pt-br] Add content/pt-br/docs/concepts/configuration/windows-resource-management.md --- .../windows-resource-management.md | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 content/pt-br/docs/concepts/configuration/windows-resource-management.md diff --git a/content/pt-br/docs/concepts/configuration/windows-resource-management.md b/content/pt-br/docs/concepts/configuration/windows-resource-management.md new file mode 100644 index 0000000000000..4a6443f6fe108 --- /dev/null +++ b/content/pt-br/docs/concepts/configuration/windows-resource-management.md @@ -0,0 +1,75 @@ +--- +reviewers: +- jayunit100 +- jsturtevant +- marosset +- perithompson +title: Gerenciamento de recursos para nós do Windows +content_type: concept +weight: 75 +--- + + + +Esta página descreve as diferenças em como os recursos são gerenciados entre o Linux e o Windows. + + + +Em nós do Linux, {{< glossary_tooltip text="cgroups" term_id="cgroup" >}} são usados como um limite de pod para controle de recursos. +Os contêineres são criados dentro desse limite para o isolamento de rede, processo e sistema de arquivos. +As APIs Linux cgroup podem ser usadas para coletar estatísticas de uso de CPU, E/S e memória. + +Em contraste, o Windows usa um [_objetos de trabalho_](https://docs.microsoft.com/windows/win32/procthread/job-objects) por contêiner com um filtro de namespace do sistema +para conter todos os processos em um contêiner e fornecer isolamento lógico ao hospedar. +(Os objetos de trabalho são um mecanismo de isolamento de processo do Windows e são diferentes dos +que o Kubernetes chama de {{< glossary_tooltip term_id="job" text="Job" >}}). + +Não há como executar um contêiner do Windows sem a filtragem de namespace. +Isso significa que os privilégios do sistema não podem ser declarados no contexto do host e, +portanto, os contêineres privilegiados não estão disponíveis no Windows. +Os contêineres não podem assumir uma identidade do host porque o Gerente de conta de segurança (SAM) é separado. + +## Gerenciamento de memória {#resource-management-memory} + +O Windows não possui um eliminador de processo de falta de memória como o Linux. +O Windows sempre trata todas as alocações de memória do modo de usuário como +virtuais e os arquivos de paginação são obrigatórios. + +Os nós do Windows não sobrecarregam a memória para os processos. O efeito líquido +é que o Windows não atingirá as condições de falta de memória +da mesma forma que o Linux, e processará a página em disco em vez de estar +sujeito ao encerramento por falta de memória (OOM). Se a memória for +superprovisionada e toda a memória física estiver esgotada, a paginação poderá diminuir o desempenho. + +## Gerenciamento de CPU {#resource-management-cpu} + +O Windows pode limitar a quantidade de tempo de CPU alocado para diferentes processos, +mas não pode garantir uma quantidade mínima de tempo de CPU. + +No Windows, o kubelet oferece suporte a uma flag de linha de comando para definir a +[prioridade do escalonador](https://docs.microsoft.com/windows/win32/procthread/scheduling-priorities) do processo kubelet: + `--windows-priorityclass`. Essa flag permite que o processo kubelet obtenha +mais fatias de tempo de CPU quando comparado a outros processos em execução no host do Windows. +Mais informações sobre os valores permitidos e os seus significados estão disponíveis em +[Classes prioritárias do Windows](https://docs.microsoft.com/en-us/windows/win32/procthread/scheduling-priorities#priority-class). +Para garantir que os Pods em execução não prejudiquem o kubelet de ciclos de CPU, defina essa flag como `ABOVE_NORMAL_PRIORITY_CLASS` ou acima. + +## Reserva de recursos {#resource-reservation} + +Para contabilizar a memória e a CPU usadas pelo sistema operacional, o tempo de execução do contêiner +e pelos processos de host do Kubernetes, como o kubelet, você pode (e deve) +reservar recursos de memória e CPU com o `--kube-reserved` e/ou `--system-reserved` flags de kubelet. +No Windows, esses valores são usados apenas para calcular o nó +[alocável](/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable) de recursos. + +{{< caution >}} +Conforme você implanta cargas de trabalho, defina a memória de recursos e os limites de CPU nos contêineres. +Isso também subtrai de `NodeAllocatable` e ajuda o agendador de todo o cluster a determinar quais pods colocar em quais nós. + +Agendar pods sem limites pode superprovisionar os nós do Windows e, em casos extremos, fazer com que os nós não sejam íntegros. +{{< /caution >}} + +No Windows, uma boa prática é reservar pelo menos 2GiB de memória. + +Para determinar quanta CPU reservar, identifique a densidade máxima do pod para cada +nó e monitore o uso da CPU dos serviços do sistema em execução, depois escolha um valor que atenda às suas necessidades de carga de trabalho. \ No newline at end of file From 0e3d84297dd691e2f949f96f5e213396d7ebbedc Mon Sep 17 00:00:00 2001 From: EuricoAbreu Date: Wed, 8 Feb 2023 18:57:19 -0300 Subject: [PATCH 064/537] Minor fixes --- content/pt-br/docs/concepts/security/windows-security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/pt-br/docs/concepts/security/windows-security.md b/content/pt-br/docs/concepts/security/windows-security.md index 21332f6aecd9b..9039830b29281 100644 --- a/content/pt-br/docs/concepts/security/windows-security.md +++ b/content/pt-br/docs/concepts/security/windows-security.md @@ -14,14 +14,14 @@ Esta página descreve considerações de segurança e boas práticas específica No Windows, os dados do Secret são escritos em texto não-encriptado no armazenamento local do nó (em comparação ao uso de tmpfs / sistemas de arquivo em memória no Linux). Como um operador do cluster, você deve tomar as duas medidas adicionais a seguir: -1. Aplique ACLs em arquivos para proteger a localização do arquivo Secrets. -2. Aplicar criptografia a nível de volume usando +1. Use ACLs em arquivos para proteger a localização do arquivo Secrets. +2. Aplique criptografia a nível de volume usando [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server). ## Usuários dos Contêineres [RunAsUsername](/docs/tasks/configure-pod-container/configure-runasusername) -pode ser utilizado para Pods ou contêineres com Windows para executar os processos do contêiner como usuário específico. Isto é aproximadamente equivalente a +pode ser utilizado em Pods ou contêineres com Windows para executar os processos do contêiner como usuário específico. Isto é aproximadamente equivalente a [RunAsUser](/docs/concepts/security/pod-security-policy/#users-and-groups). Os contêineres Windows oferecem duas contas de usuário padrão, ContainerUser e ContainerAdministrator. As diferenças entre estas duas contas de usuário são descritas em From 07e120bd5de9c9f0584f1f36aee466311e785175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paulo=20Gon=C3=A7alves=20Lima?= <18203100+PauloGoncalvesLima@users.noreply.github.com> Date: Thu, 9 Feb 2023 14:32:27 -0300 Subject: [PATCH 065/537] Fix: Translation erros. --- .../dns-custom-nameservers.md | 37 ++++++++----------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md index f2c72efedf480..3e6b3441b02f4 100644 --- a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md +++ b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md @@ -1,15 +1,12 @@ --- -reviewers: -- bowei -- zihongz title: Personalizando o Serviço DNS content_type: task min-kubernetes-server-version: v1.12 --- -Essa pagina explica como configurar o seu DNS -{{< glossary_tooltip text="Pod(s)" term_id="pod" >}} e personalizar o processo de resolução de DNS no seu cluster. +Essa página explica como configurar os seus {{< glossary_tooltip text="Pod(s)" term_id="pod" >}} de DNS +e personalizar o processo de resolução de DNS no seu cluster. ## {{% heading "prerequisites" %}} @@ -23,15 +20,15 @@ Seu cluster deve estar executando o complemento CoreDNS. ## Introdução -DNS é um serviço integrado do Kubernetes que é integrado automaticamente usando o _gerenciador de complementos_ [cluster add-on](http://releases.k8s.io/master/cluster/addons/README.md). +DNS é um serviço integrado do Kubernetes que é iniciado automaticamente usando o _gerenciador de complementos_ [cluster add-on](http://releases.k8s.io/master/cluster/addons/README.md). {{< note >}} -O Serviço CoreDNS é chamado de `kube-dns` no campo `metadata.name`. +O service CoreDNS é chamado de `kube-dns` no campo `metadata.name`. O objetivo é garantir maior interoperabilidade com cargas de trabalho que dependiam do nome de serviço legado `kube-dns` para resolver endereços internos ao cluster. -Usando o serviço chamado `kube-dns` abstrai o detalhe de implementação de qual provedor de DNS está sendo executado por trás desse nome comum. +Usando o service chamado `kube-dns` abstrai o detalhe de implementação de qual provedor de DNS está sendo executado por trás desse nome comum. {{< /note >}} -Se você estiver executando o CoreDNS como um Deployment, ele geralmente será exposto como um Serviço do Kubernetes com o endereço de IP estático. +Se você estiver executando o CoreDNS como um Deployment, ele geralmente será exposto como um service do Kubernetes com o endereço de IP estático. O kubelet passa informações de resolução de DNS para cada contêiner com a flag `--cluster-dns=`. Os nomes DNS também precisam de domínios. Você configura o domínio local no kubelet com a flag `--cluster-domain=`. @@ -39,7 +36,7 @@ Os nomes DNS também precisam de domínios. Você configura o domínio local no O servidor DNS suporta pesquisas de encaminhamento (registros A e AAAA), pesquisas de porta (registros SRV), pesquisas de endereço de IP reverso (registros PTR) e muito mais. Para mais informações, veja [DNS para Serviços e Pods](/docs/concepts/services-networking/dns-pod-service/). Se a `dnsPolicy` de um Pod estiver definida como `default`, ele herda a configuração de resolução de nome do nó em que o Pod é executado. A resolução de DNS do Pod deve se comportar da mesma forma que o nó. -Veja [Problemas conhecidos](/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues).. +Veja [Problemas conhecidos](/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues). Se você não quiser isso, ou se quiser uma configuração de DNS diferente para os pods, pode usar a flag `--resolv-conf` do kubelet. Defina essa flag como "" para impedir que os Pods herdem a configuração do DNS. Defina-a como um caminho de arquivo válido para especificar um arquivo diferente de `/etc/resolv.conf` para a herança de DNS. @@ -48,7 +45,7 @@ Se você não quiser isso, ou se quiser uma configuração de DNS diferente para CoreDNS é um servidor oficial de DNS de propósito geral que pode atuar como DNS do cluster, cumprindo com as [especificações DNS](https://github.com/kubernetes/dns/blob/master/docs/specification.md). -### CoreDNS ConfigMap options +### Opções CoreDNS ConfigMap options CoreDNS é um servidor DNS que é modular e plugável, com plugins que adicionam novas funcionalidades. O servidor CoreDNS pode ser configurado por um [Corefile](https://coredns.io/2017/07/23/corefile-explained/), @@ -56,7 +53,7 @@ que é o arquivo de configuração do CoreDNS. Como administrador de cluster, vo {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} para o arquivo Corefile do CoreDNS para mudar como o descobrimento de serviços DNS se comporta para esse cluster. -Em Kubernetes, o CoreDNS é instalado com a seguinte configuração padrão do Corefile: +No Kubernetes, o CoreDNS é instalado com a seguinte configuração padrão do Corefile: ```yaml apiVersion: v1 @@ -88,20 +85,18 @@ data: A configuração do Corefile inclui os seguintes [plugins](https://coredns.io/plugins/) do CoreDNS: -* [errors](https://coredns.io/plugins/errors/): Erros são registrados para stdout. -* [health](https://coredns.io/plugins/health/): A saúde do CoreDNS é reportada para -`http://localhost:8080/health`. Nesta sintaxe estendida, `lameduck` fará o processo -insalubre, esperando por 5 segundos antes que o processo seja encerrado. +* [errors](https://coredns.io/plugins/errors/): Erros são enviados para stdout. +* [health](https://coredns.io/plugins/health/): A integridade do CoreDNS é reportada para +`http://localhost:8080/health`. Nesta sintaxe estendida, `lameduck` marcará o processo como não-íntegro, esperando por 5 segundos antes que o processo seja encerrado. * [ready](https://coredns.io/plugins/ready/): Um endpoint HTTP na porta 8181 retornará 200 OK, quando todos os plugins que são capazes de sinalizar prontidão tiverem feito isso. * [kubernetes](https://coredns.io/plugins/kubernetes/): O CoreDNS responderá a consultas DNS baseado no IP dos Serviços e Pods. Você pode encontrar [mais detalhes em](https://coredns.io/plugins/kubernetes/). sobre este plugin no site do CoreDNS. * `ttl` permite que você defina um TTL personalizado para as respostas. O padrão é 5 segundos. O TTL mínimo permitido é de 0 segundos e o máximo é de 3600 segundos. Definir o TTL como 0 impedirá que os registros sejam armazenados em cache. * A opção `pods insecure` é fornecida para retrocompatibilidade com o `kube-dns`. - * Você pode usar a opção `pods verified`, que retorna um registro A somente se houver um pod no mesmo namespace com um IP correspondente. - * A opção `pods disabled` pode ser usada se você não usar registros de pod. -* [prometheus](https://coredns.io/plugins/metrics/): As métricas do CoreDNS estão disponíveis em `http://localhost:9153/metrics` no formato [Prometheus](https://prometheus.io/) - (também conhecido como OpenMetrics). + * Você pode usar a opção `pods verified`, que retorna um registro A somente se houver um Pod no mesmo namespace com um IP correspondente. + * A opção `pods disabled` pode ser usada se você não usar registros de Pod. +* [prometheus](https://coredns.io/plugins/metrics/): As métricas do CoreDNS ficam disponíveis em `http://localhost:9153/metrics` seguindo o formato [Prometheus](https://prometheus.io/), também conhecido como OpenMetrics. * [forward](https://coredns.io/plugins/forward/): Qualquer consulta que não esteja no domínio do cluster do Kubernetes é encaminhada para resolutores predefinidos (/etc/resolv.conf). * [cache](https://coredns.io/plugins/cache/): Habilita um cache de frontend. * [loop](https://coredns.io/plugins/loop/): Detecta loops de encaminhamento simples e interrompe o processo do CoreDNS se um loop for encontrado. @@ -119,7 +114,7 @@ O CoreDNS tem a capacidade de configurar domínios Stub e upstream nameservers u Se um operador de cluster possui um servidor de domínio [Consul](https://www.consul.io/) localizado em "10.150.0.1" e todos os nomes Consul possuem o sufixo ".consul.local". Para configurá-lo no CoreDNS, -o administrador do cluster cria a seguinte stanza no ConfigMap do CoreDNS. +o administrador do cluster cria a seguinte entrada no ConfigMap do CoreDNS. ```config consul.local:53 { From 11f0311f08752037039802806ca1788ed6d9b8a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paulo=20Gon=C3=A7alves=20Lima?= <18203100+PauloGoncalvesLima@users.noreply.github.com> Date: Thu, 9 Feb 2023 14:40:21 -0300 Subject: [PATCH 066/537] Fix: Translation erros --- .../tasks/administer-cluster/dns-custom-nameservers.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md index 3e6b3441b02f4..ce9822509b918 100644 --- a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md +++ b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md @@ -50,8 +50,8 @@ cumprindo com as [especificações DNS](https://github.com/kubernetes/dns/blob/m CoreDNS é um servidor DNS que é modular e plugável, com plugins que adicionam novas funcionalidades. O servidor CoreDNS pode ser configurado por um [Corefile](https://coredns.io/2017/07/23/corefile-explained/), que é o arquivo de configuração do CoreDNS. Como administrador de cluster, você pode modificar o -{{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} para o arquivo Corefile do CoreDNS para -mudar como o descobrimento de serviços DNS se comporta para esse cluster. +{{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} que contém o arquivo Corefile do CoreDNS para +mudar como o descoberta de serviços DNS se comporta para esse cluster. No Kubernetes, o CoreDNS é instalado com a seguinte configuração padrão do Corefile: @@ -90,8 +90,7 @@ A configuração do Corefile inclui os seguintes [plugins](https://coredns.io/pl `http://localhost:8080/health`. Nesta sintaxe estendida, `lameduck` marcará o processo como não-íntegro, esperando por 5 segundos antes que o processo seja encerrado. * [ready](https://coredns.io/plugins/ready/): Um endpoint HTTP na porta 8181 retornará 200 OK, quando todos os plugins que são capazes de sinalizar prontidão tiverem feito isso. * [kubernetes](https://coredns.io/plugins/kubernetes/): O CoreDNS responderá a consultas DNS - baseado no IP dos Serviços e Pods. Você pode encontrar [mais detalhes em](https://coredns.io/plugins/kubernetes/). - sobre este plugin no site do CoreDNS. + baseado no IP dos Serviços e Pods. Você pode encontrar mais detalhes sobre este plugin no [site do CoreDNS](https://coredns.io/plugins/kubernetes/). * `ttl` permite que você defina um TTL personalizado para as respostas. O padrão é 5 segundos. O TTL mínimo permitido é de 0 segundos e o máximo é de 3600 segundos. Definir o TTL como 0 impedirá que os registros sejam armazenados em cache. * A opção `pods insecure` é fornecida para retrocompatibilidade com o `kube-dns`. * Você pode usar a opção `pods verified`, que retorna um registro A somente se houver um Pod no mesmo namespace com um IP correspondente. From 714ac3a67b8cf24ba190898041182a660ea51fd1 Mon Sep 17 00:00:00 2001 From: grainrigi Date: Sun, 5 Feb 2023 20:11:01 +0900 Subject: [PATCH 067/537] [ja] Update container-runtimes.md and related links --- .../ja/docs/concepts/architecture/cgroups.md | 4 +- .../docs/concepts/containers/runtime-class.md | 2 +- .../container-runtimes.md | 512 +++++++----------- .../kubeadm/configure-cgroup-driver.md | 6 +- .../find-out-runtime-you-use.md | 4 +- 5 files changed, 189 insertions(+), 339 deletions(-) diff --git a/content/ja/docs/concepts/architecture/cgroups.md b/content/ja/docs/concepts/architecture/cgroups.md index 8a9f14d7c3320..0243916d96c01 100644 --- a/content/ja/docs/concepts/architecture/cgroups.md +++ b/content/ja/docs/concepts/architecture/cgroups.md @@ -49,7 +49,7 @@ cgroup v2を使うには以下のような必要要件があります。 * コンテナランタイムがcgroup v2をサポートしていること。例えば、 * [containerd](https://containerd.io/) v1.4以降 * [cri-o](https://cri-o.io/) v1.20以降 -* kubeletとコンテナランタイムが[systemd cgroupドライバー](/docs/setup/production-environment/container-runtimes#systemd-cgroup-driver)を使うように設定されていること +* kubeletとコンテナランタイムが[systemd cgroupドライバー](/ja/docs/setup/production-environment/container-runtimes#systemd-cgroup-driver)を使うように設定されていること ### Linuxディストリビューションのcgroup v2サポート @@ -103,4 +103,4 @@ cgroup v1では、`tmpfs`と出力されます。 - [cgroups](https://man7.org/linux/man-pages/man7/cgroups.7.html)についてもっと学習しましょう。 - [コンテナランタイム](/ja/docs/concepts/architecture/cri)についてもっと学習しましょう。 -- [cgroupドライバー](/docs/setup/production-environment/container-runtimes#cgroup-drivers)についてもっと学習しましょう。 +- [cgroupドライバー](/ja/docs/setup/production-environment/container-runtimes#cgroup-drivers)についてもっと学習しましょう。 diff --git a/content/ja/docs/concepts/containers/runtime-class.md b/content/ja/docs/concepts/containers/runtime-class.md index ce2f40390dfc7..2c663bf7c13d9 100644 --- a/content/ja/docs/concepts/containers/runtime-class.md +++ b/content/ja/docs/concepts/containers/runtime-class.md @@ -88,7 +88,7 @@ spec: ### CRIの設定 {#cri-configuration} -CRIランタイムのセットアップに関するさらなる詳細は、[CRIのインストール](/docs/setup/cri/)を参照してください。 +CRIランタイムのセットアップに関するさらなる詳細は、[コンテナランタイム](/ja/docs/setup/production-environment/container-runtimes/)を参照してください。 #### {{< glossary_tooltip term_id="containerd" >}} diff --git a/content/ja/docs/setup/production-environment/container-runtimes.md b/content/ja/docs/setup/production-environment/container-runtimes.md index 0f48e26f64bc3..171b2994bbcc6 100644 --- a/content/ja/docs/setup/production-environment/container-runtimes.md +++ b/content/ja/docs/setup/production-environment/container-runtimes.md @@ -1,439 +1,289 @@ --- -title: CRIのインストール +title: コンテナランタイム content_type: concept -weight: 10 +weight: 20 --- -{{< feature-state for_k8s_version="v1.6" state="stable" >}} -Podのコンテナを実行するために、Kubernetesはコンテナランタイムを使用します。 -様々なランタイムのインストール手順は次のとおりです。 +{{% dockershim-removal %}} +クラスター内の各ノードがPodを実行できるようにするため、{{< glossary_tooltip text="コンテナランタイム" term_id="container-runtime" >}}をインストールする必要があります。 +このページでは、ノードをセットアップするための概要と関連する作業について説明します。 - - +Kubernetes {{< skew currentVersion >}}においては、{{< glossary_tooltip term_id="cri" text="Container Runtime Interface">}} (CRI)に準拠したランタイムを使用する必要があります。 -{{< caution >}} -コンテナ実行時にruncがシステムファイルディスクリプターを扱える脆弱性が見つかりました。 -悪意のあるコンテナがこの脆弱性を利用してruncのバイナリを上書きし、 -コンテナホストシステム上で任意のコマンドを実行する可能性があります。 +詳しくは[サポートするCRIのバージョン](#cri-versions)をご覧ください。 -この問題の更なる情報は[CVE-2019-5736](https://access.redhat.com/security/cve/cve-2019-5736)を参照してください。 -{{< /caution >}} +このページではいくつかの一般的なコンテナランタイムをKubernetesで使用する方法の概要を説明します。 -### 適用性 +- [containerd](#containerd) +- [CRI-O](#cri-o) +- [Docker Engine](#docker) +- [Mirantis Container Runtime](#mcr) {{< note >}} -このドキュメントはLinuxにCRIをインストールするユーザーのために書かれています。 -他のオペレーティングシステムの場合、プラットフォーム固有のドキュメントを見つけてください。 -{{< /note >}} - -このガイドでは全てのコマンドを `root` で実行します。 -例として、コマンドに `sudo` を付けたり、 `root` になってそのユーザーでコマンドを実行します。 - -### Cgroupドライバー - -systemdがLinuxのディストリビューションのinitシステムとして選択されている場合、 -initプロセスが作成され、rootコントロールグループ(`cgroup`)を使い、cgroupマネージャーとして行動します。 -systemdはcgroupと密接に統合されており、プロセスごとにcgroupを割り当てます。 -`cgroupfs` を使うように、あなたのコンテナランライムとkubeletを設定することができます。 -systemdと一緒に `cgroupfs` を使用するということは、2つの異なるcgroupマネージャーがあることを意味します。 +v1.24以前のKubernetesリリースでは、 _dockershim_ という名前のコンポーネントを使用したDocker Engineとの直接の統合が含まれていました。 +この特別な直接統合は、もはやKubernetesの一部ではありません(この削除はv1.20リリースの一部として[発表](/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)されています)。 +dockershimの廃止がどのような影響を与えるかについては、[dockershim削除の影響範囲を確認する](/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you/) をご覧ください。 +dockershimからの移行について知りたい場合、[dockershimからの移行](/ja/docs/tasks/administer-cluster/migrating-from-dockershim/)を参照してください。 -コントロールグループはプロセスに割り当てられるリソースを制御するために使用されます。 -単一のcgroupマネージャーは、割り当てられているリソースのビューを単純化し、 -デフォルトでは使用可能なリソースと使用中のリソースについてより一貫性のあるビューになります。 -2つのマネージャーがある場合、それらのリソースについて2つのビューが得られます。 -kubeletとDockerに `cgroupfs` を使用し、ノード上で実行されている残りのプロセスに `systemd` を使用するように設定されたノードが、 -リソース圧迫下で不安定になる場合があります。 - -コンテナランタイムとkubeletがcgroupドライバーとしてsystemdを使用するように設定を変更することでシステムは安定します。 -以下のDocker設定の `native.cgroupdriver=systemd` オプションに注意してください。 +v{{< skew currentVersion >}}以外のバージョンのKubernetesを実行している場合、そのバージョンのドキュメントを確認してください。 +{{< /note >}} -{{< caution >}} -すでにクラスターに組み込まれているノードのcgroupドライバーを変更することは非常におすすめしません。 -kubeletが一方のcgroupドライバーを使用してPodを作成した場合、コンテナランタイムを別のもう一方のcgroupドライバーに変更すると、そのような既存のPodのPodサンドボックスを再作成しようとするとエラーが発生する可能性があります。 -kubeletを再起動しても問題は解決しないでしょう。 -ワークロードからノードを縮退させ、クラスターから削除して再び組み込むことを推奨します。 -{{< /caution >}} + -## Docker +## インストールと設定の必須要件 -それぞれのマシンに対してDockerをインストールします。 -バージョン19.03.11が推奨されていますが、1.13.1、17.03、17.06、17.09、18.06、18.09についても動作が確認されています。 -Kubernetesのリリースノートにある、Dockerの動作確認済み最新バージョンについてもご確認ください。 +以下の手順では、全コンテナランタイムに共通の設定をLinux上のKubernetesノードに適用します。 -システムへDockerをインストールするには、次のコマンドを実行します。 +特定の設定が不要であることが分かっている場合、手順をスキップして頂いて構いません。 -{{< tabs name="tab-cri-docker-installation" >}} -{{% tab name="Ubuntu 16.04+" %}} +詳細については、[Network Plugin Requirements](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#network-plugin-requirements)または、特定のコンテナランタイムのドキュメントを参照してください。 -```shell -# (Install Docker CE) -## リポジトリをセットアップ -### HTTPS越しのリポジトリの使用をaptに許可するために、パッケージをインストール -apt-get update && apt-get install -y \ - apt-transport-https ca-certificates curl software-properties-common gnupg2 -``` +### IPv4フォワーディングを有効化し、iptablesからブリッジされたトラフィックを見えるようにする -```shell -# Docker公式のGPG鍵を追加: -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -``` +以下のコマンドを実行します。 -```shell -# Dockerのaptレポジトリを追加: -add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" -``` +```bash +cat < /etc/docker/daemon.json < /etc/docker/daemon.json <}}が使用されます。 -```shell -mkdir -p /etc/systemd/system/docker.service.d -``` +{{< glossary_tooltip text="kubelet" term_id="kubelet" >}}と基盤となるコンテナランタイムは、[コンテナのリソース管理](/ja/docs/concepts/configuration/manage-resources-containers/)を実施し、CPU/メモリーの要求や制限などのリソースを設定するため、cgroupとインターフェースする必要があります。 +cgroupとインターフェースするために、kubeletおよびコンテナランタイムは*cgroupドライバー*を使用する必要があります。 +この際、kubeletとコンテナランタイムが同一のcgroupドライバーを使用し、同一の設定を適用することが不可欠となります。 -```shell -# dockerを再起動 -systemctl daemon-reload -systemctl restart docker -``` -{{% /tab %}} -{{< /tabs >}} +利用可能なcgroupドライバーは以下の2つです。 -ブート時にDockerサービスを開始させたい場合は、以下のコマンドを入力してください: +* [`cgroupfs`](#cgroupfs-cgroup-driver) +* [`systemd`](#systemd-cgroup-driver) -```shell -sudo systemctl enable docker -``` +### cgroupfsドライバー {#cgroupfs-cgroup-driver} -詳細については、[Dockerの公式インストールガイド](https://docs.docker.com/engine/installation/)を参照してください。 +`cgroupfs`ドライバーは、kubeletのデフォルトのcgroupドライバーです。 +`cgroupfs`ドライバーを使用すると、kubeletとコンテナランタイムはcgroupファイルシステムと直接インターフェイスし、cgroupを設定します。 -## CRI-O +[systemd](https://www.freedesktop.org/wiki/Software/systemd/)がinitシステムである場合、`cgroupfs`ドライバーは推奨**されません**。 +なぜなら、systemdはシステム上のcgroupマネージャーが単一であると想定しているからです。 +また、[cgroup v2](/ja/docs/concepts/architecture/cgroups)を使用している場合は、`cgroupfs`の代わりに`systemd` cgroupドライバーを使用してください。 -このセクションでは、CRIランタイムとして`CRI-O`を利用するために必要な手順について説明します。 +### systemd cgroupドライバー {#systemd-cgroup-driver} -システムへCRI-Oをインストールするためには以下のコマンドを利用します: +Linuxディストリビューションのinitシステムに[systemd](https://www.freedesktop.org/wiki/Software/systemd/)が選択されている場合、 +initプロセスはルートcgroupを生成・消費し、cgroupマネージャーとして動作します。 -{{< note >}} -CRI-OのメジャーとマイナーバージョンはKubernetesのメジャーとマイナーバージョンと一致しなければなりません。 -詳細は[CRI-O互換性表](https://github.com/cri-o/cri-o)を参照してください。 -{{< /note >}} +systemdはcgroupと密接に連携しており、systemdユニットごとにcgroupを割り当てます。 +その結果、initシステムに`systemd`を使用した状態で`cgroupfs`ドライバーを使用すると、 +システムには2つの異なるcgroupマネージャーが存在することになります。 -### 事前準備 +2つのcgroupマネージャーが存在することで、システムで利用可能なリソースおよび使用中のリソースに、2つの異なる見え方が与えられることになります。 +特定の場合において、kubeletとコンテナランタイムに`cgroupfs`を、残りのプロセスに`systemd`を使用するように設定されたノードが高負荷時に不安定になることがあります。 -```shell -modprobe overlay -modprobe br_netfilter +このような不安定性を緩和するためのアプローチは、systemdがinitシステムに採用されている場合にkubeletとコンテナランタイムのcgroupドライバーとして`systemd`を使用することです。 -# 必要なカーネルパラメータの設定をします。これらの設定値は再起動後も永続化されます。 -cat > /etc/sysctl.d/99-kubernetes-cri.conf <}} -{{% tab name="Debian" %}} +kubelet用のcgroupドライバーとして`systemd`を設定する場合、コンテナランタイムのcgroupドライバーにも`systemd`を設定する必要があります。 +具体的な手順については、以下のリンクなどの、お使いのコンテナランタイムのドキュメントを参照してください。 - CRI-Oを以下のOSにインストールするには、環境変数$OSを以下の表の適切なフィールドに設定します。 +* [containerd](#containerd-systemd) +* [CRI-O](#cri-o) -| Operating system | $OS | -| ---------------- | ----------------- | -| Debian Unstable | `Debian_Unstable` | -| Debian Testing | `Debian_Testing` | +{{< caution >}} +クラスターに参加したノードのcgroupドライバーを変更するのはデリケートな操作です。 +kubeletが特定のcgroupドライバーのセマンティクスを使用してPodを作成していた場合、 +コンテナランタイムを別のcgroupドライバーに変更すると、そのような既存のPodに対してPodサンドボックスを再作成しようとしたときにエラーが発生することがあります。 +kubeletを再起動してもこのようなエラーは解決しない可能性があります。 -
    -そして、`$VERSION`にKubernetesのバージョンに合わせたCRI-Oのバージョンを設定します。例えば、CRI-O 1.18をインストールしたい場合は、`VERSION=1.18` を設定します。インストールを特定のリリースに固定することができます。バージョン 1.18.3をインストールするには、`VERSION=1.18:1.18.3` を設定します。 -
    +もしあなたが適切な自動化の手段を持っているのであれば、更新された設定を使用してノードを別のノードに置き換えるか、自動化を使用して再インストールを行ってください。 +{{< /caution >}} -以下を実行します。 -```shell -echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list +### kubeadmで管理されたクラスターでの`systemd`ドライバーへの移行 -curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/Release.key | apt-key add - -curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | apt-key add - +既存のkubeadm管理クラスターで`systemd` cgroupドライバーに移行したい場合は、[cgroupドライバーの設定](/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/)に従ってください。 -apt-get update -apt-get install cri-o cri-o-runc -``` +## サポートするCRIのバージョン {#cri-versions} -{{% /tab %}} +コンテナランタイムは、Container Runtime Interfaceのv1alpha2以上をサポートする必要があります。 -{{% tab name="Ubuntu" %}} +Kubernetes {{< skew currentVersion >}}は、デフォルトでCRI APIのv1を使用します。 +コンテナランタイムがv1 APIをサポートしていない場合、kubeletは代わりに(非推奨の)v1alpha2 APIにフォールバックします。 - CRI-Oを以下のOSにインストールするには、環境変数$OSを以下の表の適切なフィールドに設定します。 +## コンテナランタイム {#container-runtimes} -| Operating system | $OS | -| ---------------- | ----------------- | -| Ubuntu 20.04 | `xUbuntu_20.04` | -| Ubuntu 19.10 | `xUbuntu_19.10` | -| Ubuntu 19.04 | `xUbuntu_19.04` | -| Ubuntu 18.04 | `xUbuntu_18.04` | +{{% thirdparty-content %}} -
    -次に、`$VERSION`をKubernetesのバージョンと一致するCRI-Oのバージョンに設定します。例えば、CRI-O 1.18をインストールしたい場合は、`VERSION=1.18` を設定します。インストールを特定のリリースに固定することができます。バージョン 1.18.3 をインストールするには、`VERSION=1.18:1.18.3` を設定します。 -
    +### containerd -以下を実行します。 -```shell -echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list +このセクションでは、CRIランタイムとしてcontainerdを使用するために必要な手順の概要を説明します。 -curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/Release.key | apt-key add - -curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | apt-key add - +以下のコマンドを使用して、システムにcontainerdをインストールします: -apt-get update -apt-get install cri-o cri-o-runc -``` -{{% /tab %}} +まずは[containerdの使用を開始する](https://github.com/containerd/containerd/blob/main/docs/getting-started.md)の指示に従ってください。有効な`config.toml`設定ファイルを作成したら、このステップに戻ります。 -{{% tab name="CentOS" %}} +{{< tabs name="Finding your config.toml file" >}} +{{% tab name="Linux" %}} +このファイルはパス`/etc/containerd/config.toml`にあります。 +{{% /tab %}} +{{% tab name="Windows" %}} +このファイルは`C:\Program Files\containerd\config.toml`にあります。 +{{% /tab %}} +{{< /tabs >}} - CRI-Oを以下のOSにインストールするには、環境変数$OSを以下の表の適切なフィールドに設定します。 +Linuxでは、containerd用のデフォルトのCRIソケットは`/run/containerd/containerd.sock`です。 +Windowsでは、デフォルトのCRIエンドポイントは`npipe://./pipe/containerd-containerd`です。 -| Operating system | $OS | -| ---------------- | ----------------- | -| Centos 8 | `CentOS_8` | -| Centos 8 Stream | `CentOS_8_Stream` | -| Centos 7 | `CentOS_7` | +#### `systemd` cgroupドライバーを構成する -
    -次に、`$VERSION`をKubernetesのバージョンと一致するCRI-Oのバージョンに設定します。例えば、CRI-O 1.18 をインストールしたい場合は、`VERSION=1.18` を設定します。インストールを特定のリリースに固定することができます。バージョン 1.18.3 をインストールするには、`VERSION=1.18:1.18.3` を設定します。 -
    +`/etc/containerd/config.toml`内で`runc`が`systemd` cgroupドライバーを使うようにするには、次のように設定します。 -以下を実行します。 -```shell -curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo -curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo -yum install cri-o +``` +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + ... + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true ``` -{{% /tab %}} - -{{% tab name="openSUSE Tumbleweed" %}} +[cgroup v2](/ja/docs/concepts/architecture/cgroups)を使用する場合は`systemd` cgroupドライバーの利用を推奨します。 -```shell - sudo zypper install cri-o -``` -{{% /tab %}} -{{% tab name="Fedora" %}} +{{< note >}} +パッケージ(RPMや`.deb`など)からcontainerdをインストールした場合、 +CRI統合プラグインがデフォルトで無効になっていることがあります。 + +Kubernetesでcontainerdを使用するには、CRIサポートを有効にする必要があります。 +`/etc/containerd/config.toml`内の`disabled_plugins`リストに`cri`が含まれていないことを確認してください。 +このファイルを変更した場合、`containerd`も再起動してください。 + +クラスターの初回構築後、またはCNIをインストールした後にコンテナのクラッシュループが発生した場合、 +パッケージと共に提供されるcontainerdの設定に互換性のないパラメーターが含まれている可能性があります。 +[get-started.md](https://github.com/containerd/containerd/blob/main/docs/getting-started.md#advanced-topics)にあるように、 +`containerd config default > /etc/containerd/config.toml`でcontainerdの設定をリセットした上で、 +上記の設定パラメーターを使用することを検討してください。 +{{< /note >}} -$VERSIONには、Kubernetesのバージョンと一致するCRI-Oのバージョンを設定します。例えば、CRI-O 1.18をインストールしたい場合は、$VERSION=1.18を設定します。 -以下のコマンドで、利用可能なバージョンを見つけることができます。 -```shell -dnf module list cri-o -``` -CRI-OはFedoraの特定のリリースにピン留めすることをサポートしていません。 +この変更を適用した場合、必ずcontainerdを再起動してください。 -以下を実行します。 ```shell -dnf module enable cri-o:$VERSION -dnf install cri-o +sudo systemctl restart containerd ``` -{{% /tab %}} -{{< /tabs >}} +kubeadmを使用している場合、手動で[kubelet cgroupドライバーの設定](/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/#configuring-the-kubelet-cgroup-driver)を行ってください。 +#### サンドボックス(pause)イメージの上書き {#override-pause-image-containerd} -### CRI-Oの起動 +[containerdの設定](https://github.com/containerd/containerd/blob/main/docs/cri/config.md)で以下の設定をすることで、サンドボックスのイメージを上書きすることができます。 -```shell -systemctl daemon-reload -systemctl start crio +```toml +[plugins."io.containerd.grpc.v1.cri"] + sandbox_image = "registry.k8s.io/pause:3.2" ``` -詳細については、[CRI-Oインストールガイド](https://github.com/kubernetes-sigs/cri-o#getting-started)を参照してください。 +この場合も、設定ファイルの更新後に`systemctl restart containerd`を実行して`containerd`も再起動する必要があるでしょう。 -## Containerd +### CRI-O -このセクションでは、CRIランタイムとして`containerd`を利用するために必要な手順について説明します。 +本セクションでは、コンテナランタイムとしてCRI-Oをインストールするために必要な手順を説明します。 -システムへContainerdをインストールするためには次のコマンドを実行します。 +CRI-Oをインストールするには、[CRI-Oのインストール手順](https://github.com/cri-o/cri-o/blob/main/install.md#readme)に従ってください。 -### 必要な設定の追加 +#### cgroupドライバー -```shell -cat > /etc/modules-load.d/containerd.conf < /etc/sysctl.d/99-kubernetes-cri.conf <}} -{{% tab name="Ubuntu 16.04" %}} +CRI-Oの場合、CRIソケットはデフォルトで`/var/run/crio/crio.sock`となります。 -```shell -# (containerdのインストール) -## リポジトリの設定 -### HTTPS越しのリポジトリの使用をaptに許可するために、パッケージをインストール -apt-get update && apt-get install -y apt-transport-https ca-certificates curl software-properties-common -``` +#### サンドボックス(pause)イメージの上書き {#override-pause-image-cri-o} -```shell -## Docker公式のGPG鍵を追加 -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -``` +[CRI-Oの設定](https://github.com/cri-o/cri-o/blob/main/docs/crio.conf.5.md)において、以下の値を設定することができます。 -```shell -## Dockerのaptリポジトリの追加 -add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" +```toml +[crio.image] +pause_image="registry.k8s.io/pause:3.6" ``` -```shell -## containerdのインストール -apt-get update && apt-get install -y containerd.io -``` +このオプションはライブ設定リロードによる変更の適用に対応しています。 +`systemctl reload crio`または`crio`プロセスに`SIGHUP`を送信することで変更を適用できます。 -```shell -# containerdの設定 -mkdir -p /etc/containerd -containerd config default | sudo tee /etc/containerd/config.toml -``` +### Docker Engine {#docker} -```shell -# containerdの再起動 -systemctl restart containerd -``` -{{% /tab %}} -{{% tab name="CentOS/RHEL 7.4+" %}} +{{< note >}} +この手順では、Docker EngineとKubernetesを統合するために[`cri-dockerd`](https://github.com/Mirantis/cri-dockerd)アダプターを使用することを想定しています。 +{{< /note >}} -```shell -# (containerdのインストール) -## リポジトリの設定 -### 必要なパッケージのインストール -yum install -y yum-utils device-mapper-persistent-data lvm2 -``` +1. 各ノードに、使用しているLinuxディストリビューション用のDockerを[Docker Engineのインストール](https://docs.docker.com/engine/install/#server)に従ってインストールします。 -```shell -## Dockerのリポジトリの追加 -yum-config-manager \ - --add-repo \ - https://download.docker.com/linux/centos/docker-ce.repo -``` +2. [`cri-dockerd`](https://github.com/Mirantis/cri-dockerd)をリポジトリ内の指示に従ってインストールします。 -```shell -## containerdのインストール -yum update -y && yum install -y containerd.io -``` +`cri-dockerd`の場合、CRIソケットはデフォルトで`/run/cri-dockerd.sock`になります。 -```shell -## containerdの設定 -mkdir -p /etc/containerd -containerd config default | sudo tee /etc/containerd/config.toml -``` +### Mirantis Container Runtime {#mcr} -```shell -# containerdの再起動 -systemctl restart containerd -``` -{{% /tab %}} -{{< /tabs >}} +[Mirantis Container Runtime](https://docs.mirantis.com/mcr/20.10/overview.html)(MCR)は、 +以前はDocker Enterprise Editionとして知られていた、商業的に利用可能なコンテナランタイムです。 + +MCRに含まれるオープンソースの[`cri-dockerd`](https://github.com/Mirantis/cri-dockerd)コンポーネントを使用することで、 +Mirantis Container RuntimeをKubernetesで使用することができます。 -### systemd +Mirantis Container Runtimeのインストール方法について知るには、[MCRデプロイガイド](https://docs.mirantis.com/mcr/20.10/install.html)を参照してください。 -`systemd`のcgroupドライバーを使うには、`/etc/containerd/config.toml`内で`plugins.cri.systemd_cgroup = true`を設定してください。 -kubeadmを使う場合は[kubeletのためのcgroupドライバー](/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#マスターノードのkubeletによって使用されるcgroupドライバーの設定)を手動で設定してください。 +CRIソケットのパスを見つけるには、systemdの`cri-docker.socket`という名前のユニットを確認してください。 -## その他のCRIランタイム: frakti +#### サンドボックス(pause)イメージを上書きする {#override-pause-image-cri-dockerd-mcr} -詳細については[Fraktiのクイックスタートガイド](https://github.com/kubernetes/frakti#quickstart)を参照してください。 +`cri-dockerd`アダプターは、Podインフラコンテナ("pause image")として使用するコンテナイメージを指定するためのコマンドライン引数を受け付けます。 +使用するコマンドライン引数は `--pod-infra-container-image`です。 +## {{% heading "whatsnext" %}} +コンテナランタイムに加えて、クラスターには動作する[ネットワークプラグイン](/ja/docs/concepts/cluster-administration/networking/#how-to-implement-the-kubernetes-network-model)が必要です。 diff --git a/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md b/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md index 90205b610677f..c4381bb8c95cc 100644 --- a/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md +++ b/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md @@ -10,17 +10,17 @@ weight: 10 ## {{% heading "prerequisites" %}} -Kubernetesの[コンテナランタイムの要件](/docs/setup/production-environment/container-runtimes)を熟知している必要があります。 +Kubernetesの[コンテナランタイムの要件](/ja/docs/setup/production-environment/container-runtimes)を熟知している必要があります。 ## コンテナランタイムのcgroupドライバーの設定 -[Container runtimes](/docs/setup/production-environment/container-runtimes)ページでは、kubeadmベースのセットアップでは`cgroupfs`ドライバーではなく、`systemd`ドライバーが推奨されると説明されています。 +[コンテナランタイム](/ja/docs/setup/production-environment/container-runtimes)ページでは、kubeadmベースのセットアップでは`cgroupfs`ドライバーではなく、`systemd`ドライバーが推奨されると説明されています。 このページでは、デフォルトの`systemd`ドライバーを使用して多くの異なるコンテナランタイムをセットアップする方法についての詳細も説明されています。 -## kubelet cgroupドライバーの設定 +## kubelet cgroupドライバーの設定 {#configuring-the-kubelet-cgroup-driver} kubeadmでは、`kubeadm init`の際に`KubeletConfiguration`構造体を渡すことができます。 diff --git a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md index a6d297bdd8a9c..e9ae0e3fc1df3 100644 --- a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md +++ b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md @@ -6,7 +6,7 @@ weight: 10 -このページでは、クラスター内のノードが使用している[コンテナランタイム](/docs/setup/production-environment/container-runtimes/)を確認する手順を概説しています。 +このページでは、クラスター内のノードが使用している[コンテナランタイム](/ja/docs/setup/production-environment/container-runtimes/)を確認する手順を概説しています。 クラスターの実行方法によっては、ノード用のコンテナランタイムが事前に設定されている場合と、設定する必要がある場合があります。 マネージドKubernetesサービスを使用している場合、ノードに設定されているコンテナランタイムを確認するためのベンダー固有の方法があるかもしれません。 @@ -42,4 +42,4 @@ node-2 Ready v1.19.6 containerd://1.4.1 node-3 Ready v1.19.6 containerd://1.4.1 ``` -コンテナランタイムについては、[コンテナランタイム](/docs/setup/production-environment/container-runtimes/)のページで詳細を確認することができます。 +コンテナランタイムについては、[コンテナランタイム](/ja/docs/setup/production-environment/container-runtimes/)のページで詳細を確認することができます。 From 19675b1acdb3cfdca60773fdf342e08a96a866cd Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Sun, 12 Feb 2023 21:15:44 +0800 Subject: [PATCH 068/537] [zh] Resync configure service account page --- .../configure-service-account.md | 637 +++++++++++------- 1 file changed, 406 insertions(+), 231 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md index 3b4c0f300e28d..8f2ab826654a5 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md @@ -16,68 +16,114 @@ weight: 90 -服务账号为 Pod 中运行的进程提供了一个标识。 +Kubernetes 提供两种完全不同的方式来为客户端提供支持,这些客户端可能运行在你的集群中, +也可能与你的集群的{{< glossary_tooltip text="控制面" term_id="control-plane" >}}相关, +需要向 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}完成身份认证。 -{{< note >}} -本文是服务账号的用户使用介绍,描述服务账号在集群中如何起作用。 -你的集群管理员可能已经对你的集群做了定制,因此导致本文中所讲述的内容并不适用。 -{{< /note >}} + +**服务账号(Service Account)**为 Pod 中运行的进程提供身份标识, +并映射到 ServiceAccount 对象。当你向 API 服务器执行身份认证时, +你会将自己标识为某个**用户(User)**。Kubernetes 能够识别用户的概念, +但是 Kubernetes 自身**并不**提供 User API。 -当你(自然人)访问集群时(例如,使用 `kubectl`),API 服务器将你的身份验证为 -特定的用户账号(当前这通常是 `admin`,除非你的集群管理员已经定制了你的集群配置)。 -Pod 内的容器中的进程也可以与 API 服务器接触。 -当它们进行身份验证时,它们被验证为特定的服务账号(例如,`default`)。 +本服务是关于 ServiceAccount 的,而 ServiceAccount 则确实存在于 Kubernetes 的 API 中。 +本指南为你展示为 Pod 配置 ServiceAccount 的一些方法。 ## {{% heading "prerequisites" %}} -{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} +{{< include "task-tutorial-prereqs.md" >}} -## 使用默认的服务账号访问 API 服务器 +## 使用默认的服务账号访问 API 服务器 {#use-the-default-service-account-to-access-the-api-server} -当你创建 Pod 时,如果没有指定服务账号,Pod 会被指定给命名空间中的 `default` 服务账号。 -如果你查看 Pod 的原始 JSON 或 YAML(例如:`kubectl get pods/ -o yaml`), -你可以看到 `spec.serviceAccountName` 字段已经被[自动设置](/zh-cn/docs/concepts/overview/working-with-objects/object-management/)了。 +当 Pod 与 API 服务器联系时,Pod 会被认证为某个特定的 ServiceAccount(例如:`default`)。 +在每个{{< glossary_tooltip text="名字空间" term_id="namespace" >}}中,至少存在一个 +ServiceAccount。 + +每个 Kubernetes 名字空间至少包含一个 ServiceAccount:也就是该名字空间的默认服务账号, +名为 `default`。如果你在创建 Pod 时没有指定 ServiceAccount,Kubernetes 会自动将该名字空间中 +名为 `default` 的 ServiceAccount 分配给该 Pod。 + +你可以检视你刚刚创建的 Pod 的细节。例如: + +```shell +kubectl get pods/ -o yaml +``` -你可以使用自动挂载给 Pod 的服务账号凭据访问 API, -[访问集群](/zh-cn/docs/tasks/access-application-cluster/access-cluster)页面中有相关描述。 -服务账号的 API -许可取决于你所使用的[鉴权插件和策略](/zh-cn/docs/reference/access-authn-authz/authorization/#authorization-modules)。 +在输出中,你可以看到字段 `spec.serviceAccountName`。当你在创建 Pod 时未设置该字段时, +Kubernetes [自动](/zh-cn/docs/concepts/overview/working-with-objects/object-management/)为 +Pod 设置这一属性的取值。 -你可以通过在 ServiceAccount 上设置 `automountServiceAccountToken: false` -来实现不给服务账号自动挂载 API 凭据到 `/var/run/secrets/kubernetes.io/serviceaccount/token` -的目的: +Pod 中运行的应用可以使用这一自动挂载的服务账号凭据来访问 Kubernetes API。 +参阅[访问集群](/zh-cn/docs/tasks/access-application-cluster/access-cluster/)以进一步了解。 + + +当 Pod 被身份认证为某个 ServiceAccount 时, +其访问能力取决于所使用的[鉴权插件和策略](/zh-cn/docs/reference/access-authn-authz/authorization/#authorization-modules)。 + + +### 放弃 API 凭据的自动挂载 {#opt-out-of-api-credential-automounting} + +如果你不希望 {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} 自动挂载某 +ServiceAccount 的 API 访问凭据,你可以选择不采用这一默认行为。 +通过在 ServiceAccount 对象上设置 `automountServiceAccountToken: false`,可以放弃在 +`/var/run/secrets/kubernetes.io/serviceaccount/token` 处自动挂载该服务账号的 API 凭据。 + +例如: ```yaml apiVersion: v1 @@ -87,11 +133,10 @@ metadata: automountServiceAccountToken: false ... ``` - -在 1.6 以上版本中,你也可以选择不给特定 Pod 自动挂载 API 凭据: +你也可以选择不给特定 Pod 自动挂载 API 凭据: ```yaml apiVersion: v1 @@ -105,20 +150,25 @@ spec: ``` -如果 Pod 和服务账号都指定了 `automountServiceAccountToken` 值,则 Pod 的 spec 优先于服务账号。 +如果 ServiceAccount 和 Pod 的 `.spec` 都设置了 `automountServiceAccountToken` 值, +则 Pod 上 spec 的设置优先于服务账号的设置。 ## 使用多个服务账号 {#use-multiple-service-accounts} -每个命名空间都有一个名为 `default` 的服务账号资源。 -你可以用下面的命令查询这个服务账号以及命名空间中的其他 ServiceAccount 资源: +每个名字空间都至少有一个 ServiceAccount:名为 `default` 的默认 ServiceAccount 资源。 +你可以用下面的命令列举你[当前名字空间](/zh-cn/docs/concepts/overview/working-with-objects/namespaces/#setting-the-namespace-preference) +中的所有 ServiceAccount 资源: ```shell kubectl get serviceaccounts @@ -181,23 +231,23 @@ metadata: ``` -你可以使用授权插件来[设置服务账号的访问许可](/zh-cn/docs/reference/access-authn-authz/rbac/#service-account-permissions)。 +你可以使用鉴权插件来[设置服务账号的访问许可](/zh-cn/docs/reference/access-authn-authz/rbac/#service-account-permissions)。 要使用非默认的服务账号,将 Pod 的 `spec.serviceAccountName` 字段设置为你想用的服务账号名称。 -Pod 被创建时服务账号必须存在,否则会被拒绝。 - -你不能更新已经创建好的 Pod 的服务账号。 +只能在创建 Pod 时或者为新 Pod 指定模板时,你才可以设置 `serviceAccountName`。 +你不能更新已经存在的 Pod 的 `.spec.serviceAccountName` 字段。 {{< note >}} -你可以清除服务账号,如下所示: +### 清理 {#cleanup-use-multiple-service-accounts} + +如果你尝试了创建前文示例中所给的 `build-robot` ServiceAccount, +你可以通过运行下面的命令来完成清理操作: ```shell kubectl delete serviceaccount/build-robot ``` +## 手动为 ServiceAccount 创建 API 令牌 {#manually-create-an-api-token-for-a-serviceaccount} + +假设你已经有了一个前文所提到的名为 "build-robot" 的服务账号。 +你可以使用 `kubectl` 为该 ServiceAccount 获得一个时间上受限的 API 令牌: + +```shell +kubectl create token build-robot +``` + + +这一命令的输出是一个令牌,你可以使用该令牌来将身份认证为对应的 ServiceAccount。 +你可以使用 `kubectl create token` 命令的 `--duration` 参数来请求特定的令牌有效期 +(实际签发的令牌的有效期可能会稍短一些,也可能会稍长一些)。 + +{{< note >}} + +Kubernetes 在 v1.22 版本之前自动创建用来访问 Kubernetes API 的长期凭据。 +这一较老的机制是基于创建令牌 Secret 对象来实现的,Secret 对象可被挂载到运行中的 Pod 内。 +在最近的版本中,包括 Kubernetes v{{< skew currentVersion >}},API 凭据可以直接使用 +[TokenRequest](/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) API +来获得,并使用一个[投射卷](/zh-cn/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume)挂载到 +Pod 中。使用此方法获得的令牌具有受限的生命期长度,并且能够在挂载它们的 Pod +被删除时自动被废弃。 + + +你仍然可以通过手动方式来创建服务账号令牌 Secret 对象,例如你需要一个永远不过期的令牌时。 +不过,使用 [TokenRequest](/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) +子资源来获得访问 API 的令牌的做法仍然是推荐的方式。 +{{< /note >}} + + -## 手动创建服务账号 API 令牌 +### 手动为 ServiceAccount 创建长期有效的 API 令牌 {#manually-create-a-long-lived-api-token-for-a-serviceaccount}」 -假设我们有一个上面提到的名为 "build-robot" 的服务账号,现在我们手动创建一个新的 Secret。 +如果你需要为 ServiceAccount 获得一个 API 令牌,你可以创建一个新的、带有特殊注解 +`kubernetes.io/service-account.name` 的 Secret 对象。 ```shell kubectl apply -f - < +如果你通过下面的命令来查看 Secret: + +```shell +kubectl get secret/build-robot-secret -o yaml +``` -Any tokens for non-existent service accounts will be cleaned up by the token controller. + -现在,你可以确认新构建的 Secret 中填充了 "build-robot" 服务账号的 API 令牌。 -令牌控制器将清理不存在的服务账号的所有令牌。 +你可以看到 Secret 中现在包含针对 "build-robot" ServiceAccount 的 API 令牌。 + +鉴于你所设置的注解,控制面会自动为该 ServiceAccount 生成一个令牌,并将其保存到相关的 Secret +中。控制面也会为已删除的 ServiceAccount 执行令牌清理操作。 ```shell kubectl describe secrets/build-robot-secret @@ -256,7 +383,7 @@ kubectl describe secrets/build-robot-secret -输出类似于: +输出类似于这样: ``` Name: build-robot-secret @@ -277,42 +404,60 @@ token: ... {{< note >}} -这里省略了 `token` 的内容。 +这里将 `token` 的内容抹去了。 + +注意在你的终端或者计算机屏幕可能被旁观者看到的场合,不要显示 +`kubernetes.io/service-account-token` 的内容。 {{< /note >}} +当你删除一个与某 Secret 相关联的 ServiceAccount 时,Kubernetes 的控制面会自动清理该 +Secret 中长期有效的令牌。 -### Create an imagePullSecret + -## 为服务账号添加 ImagePullSecrets {#add-imagepullsecrets-to-a-service-account} +## 为服务账号添加 ImagePullSecrets {#add-imagepullsecrets-to-a-service-account} -### 创建 ImagePullSecret +首先,[生成一个 imagePullSecret](/zh-cn/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod); +接下来,验证该 Secret 已被创建。例如: -- 创建一个 ImagePullSecret,如[为 Pod 设置 ImagePullSecret](/zh-cn/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) 所述。 + +- 按[为 Pod 设置 imagePullSecret](/zh-cn/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) + 所描述的,生成一个镜像拉取 Secret: ```shell kubectl create secret docker-registry myregistrykey --docker-server=DUMMY_SERVER \ - --docker-username=DUMMY_USERNAME --docker-password=DUMMY_DOCKER_PASSWORD \ - --docker-email=DUMMY_DOCKER_EMAIL + --docker-username=DUMMY_USERNAME --docker-password=DUMMY_DOCKER_PASSWORD \ + --docker-email=DUMMY_DOCKER_EMAIL ``` -- 确认创建成功: +- 检查该 Secret 已经被创建。 ```shell kubectl get secrets myregistrykey ``` - + - 输出类似于: + 输出类似于这样: ``` NAME TYPE DATA AGE @@ -322,36 +467,35 @@ The content of `token` is elided here. -### 将镜像拉取 Secret 添加到服务账号 +### 将镜像拉取 Secret 添加到服务账号 {#add-image-pull-secret-to-service-account} -接着修改命名空间的 `default` 服务账号,令其使用该 Secret 用作 `imagePullSecret`。 +接下来更改名字空间的默认服务账号,将该 Secret 用作 imagePullSecret。 ```shell kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}' ``` -你也可以使用 `kubectl edit`,或者如下所示手动编辑 YAML 清单: +你也可以通过手动编辑该对象来实现同样的效果: ```shell -kubectl get serviceaccounts default -o yaml > ./sa.yaml +kubectl edit serviceaccount/default ``` - -`sa.yaml` 文件的输出类似这样: +你所选择的文本编辑器会被打开,展示如下所示的配置: ```yaml apiVersion: v1 kind: ServiceAccount metadata: - creationTimestamp: 2015-08-07T22:02:39Z + creationTimestamp: 2021-07-07T22:02:39Z name: default namespace: default resourceVersion: "243024" @@ -359,45 +503,38 @@ metadata: ``` -使用你常用的编辑器(例如 `vi`),打开 `sa.yaml` 文件,删除带有键名 -`resourceVersion` 的行,添加带有 `imagePullSecrets:` 的行,最后保存文件。 +使用你的编辑器,删掉包含 `resourceVersion` 主键的行,添加包含 `imagePullSecrets:` +的行并保存文件。对于 `uid` 而言,保持其取值与你读到的值一样。 -所得到的 `sa.yaml` 文件类似于: +当你完成这些变更之后,所编辑的 ServiceAccount 看起来像是这样: ```yaml apiVersion: v1 kind: ServiceAccount metadata: - creationTimestamp: 2015-08-07T22:02:39Z + creationTimestamp: 2021-07-07T22:02:39Z name: default namespace: default uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6 imagePullSecrets: -- name: myregistrykey -``` - - -最后,使用新更新的 `sa.yaml` 文件替换服务账号。 - -```shell -kubectl replace serviceaccount default -f ./sa.yaml + - name: myregistrykey ``` -### 验证镜像拉取 Secret 已经被添加到 Pod 规约 +### 检查 imagePullSecrets 已经被设置到新 Pod 上 {#verify-that-imagepullsecrets-are-set-for-new-pods} -现在,在当前命名空间中创建使用默认服务账号的新 Pod 时,新 Pod -会自动设置其 `.spec.imagePullSecrets` 字段: +现在,在当前名字空间中创建新 Pod 并使用默认 ServiceAccount 时, +新 Pod 的 `spec.imagePullSecrets` 会被自动设置。 ```shell kubectl run nginx --image=nginx --restart=Never @@ -420,6 +557,7 @@ myregistrykey {{< feature-state for_k8s_version="v1.20" state="stable" >}} +{{< note >}} -* `--service-account-issuer` - - 此参数可作为服务账号令牌发放者的身份标识(Identifier)。你可以多次指定 - `--service-account-issuer` 参数,对于要变更发放者而又不想带来业务中断的场景, - 这样做是有用的。如果这个参数被多次指定,则第一个参数值会被用来生成令牌, +`--service-account-issuer` +: 定义服务账号令牌发放者的身份标识(Identifier)。你可以多次指定 + `--service-account-issuer` 参数,对于需要变更发放者而又不想带来业务中断的场景, + 这样做是有用的。如果这个参数被多次指定,其第一个参数值会被用来生成令牌, 而所有参数值都会被用来确定哪些发放者是可接受的。你所运行的 Kubernetes - 集群必须是 v1.22 或更高版本,才能多次指定 `--service-account-issuer`。 - -* `--service-account-key-file` +`--service-account-key-file` +: 给出某文件的路径,其中包含 PEM 编码的 x509 RSA 或 ECDSA 私钥或公钥,用来检查 ServiceAccount + 的令牌。所指定的文件中可以包含多个秘钥,并且你可以多次使用此参数,每个参数值为不同的文件。 + 多次使用此参数时,由所给的秘钥之一签名的令牌会被 Kubernetes API 服务器认为是合法令牌。 - 包含 PEM 编码的 x509 RSA 或 ECDSA 私钥或公钥,用来检查 ServiceAccount - 的令牌。所指定的文件中可以包含多个秘钥,并且你可以多次使用此参数, - 每次参数值为不同的文件。多次使用此参数时,由所给的秘钥之一签名的令牌会被 - Kubernetes API 服务器认为是合法令牌。 -* `--service-account-signing-key-file` - - 指向包含当前服务账号令牌发放者的私钥的文件路径。 +`--service-account-signing-key-file` +: 指向某文件的路径,其中包含当前服务账号令牌发放者的私钥。 此发放者使用此私钥来签署所发放的 ID 令牌。 - -* `--api-audiences` (可以省略) - +`--api-audiences` (可以省略) +: 为 ServiceAccount 令牌定义其受众(Audiences)。 服务账号令牌身份检查组件会检查针对 API 访问所使用的令牌, - 确认令牌至少是被绑定到这里所给的受众(audiences)之一。 - 如果此参数被多次指定,则针对所给的多个受众中任何目标的令牌都会被 - Kubernetes API 服务器当做合法的令牌。如果 `--service-account-issuer` - 参数被设置,而这个参数未指定,则这个参数的默认值为一个只有一个元素的列表, + 确认令牌至少是被绑定到这里所给的受众之一。 + 如果 `api-audiences` 被多次指定,则针对所给的多个受众中任何目标的令牌都会被 + Kubernetes API 服务器当做合法的令牌。如果你指定了 `--service-account-issuer` + 参数,但沒有設置 `--api-audiences`,则控制面认为此参数的默认值为一个只有一个元素的列表, 且该元素为令牌发放者的 URL。 +{{< /note >}} -kubelet 还可以将服务账号令牌投射到 Pod 中。 -你可以指定令牌的期望属性,例如受众和有效期限。 -这些属性在 default 服务账号令牌上无法配置。 -当删除 Pod 或 ServiceAccount 时,服务账号令牌也将对 API 无效。 +kubelet 还可以将 ServiceAccount 令牌投射到 Pod 中。你可以指定令牌的期望属性, +例如受众和有效期限。这些属性在 default ServiceAccount 令牌上**无法**配置。 +当 Pod 或 ServiceAccount 被删除时,该令牌也将对 API 无效。 -使用名为 [ServiceAccountToken](/zh-cn/docs/concepts/storage/volumes/#projected) 的 -ProjectedVolume 类型在 PodSpec 上配置此功能。 -要向 Pod 提供具有 "vault" 用户以及两个小时有效期的令牌,可以在 PodSpec 中配置以下内容: +你可以使用类型为 `ServiceAccountToken` 的[投射卷](/zh-cn/docs/concepts/storage/volumes/#projected) +来为 Pod 的 `spec` 配置此行为。 + + +### 启动使用服务账号令牌投射的 Pod {#launch-a-pod-using-service-account-token-projection} + +要为某 Pod 提供一个受众为 `vault` 并且有效期限为 2 小时的令牌,你可以定义一个与下面类似的 +Pod 清单: {{< codenew file="pods/pod-projected-svc-token.yaml" >}} -创建 Pod: +创建此 Pod: ```shell kubectl create -f https://k8s.io/examples/pods/pod-projected-svc-token.yaml ``` -`kubelet` 组件会替 Pod 请求令牌并将其保存起来, -通过将令牌存储到一个可配置的路径使之在 Pod 内可用, -并在令牌快要到期的时候刷新它。 -`kubelet` 会在令牌存在期达到其 TTL 的 80% 的时候或者令牌生命期超过 -24 小时的时候主动轮换它。 +kubelet 组件会替 Pod 请求令牌并将其保存起来;通过将令牌存储到一个可配置的路径以使之在 +Pod 内可用;在令牌快要到期的时候刷新它。kubelet 会在令牌存在期达到其 TTL 的 80% +的时候或者令牌生命期超过 24 小时的时候主动请求将其轮换掉。 -应用程序负责在令牌被轮换时重新加载其内容。对于大多数使用场景而言, -周期性地(例如,每隔 5 分钟)重新加载就足够了。 + +应用负责在令牌被轮换时重新加载其内容。通常而言,周期性地(例如,每隔 5 分钟) +重新加载就足够了,不必跟踪令牌的实际过期时间。 -当启用服务账号令牌投射时启用发现服务账号分发者(Service Account Issuer Discovery) -这一功能特性,如[上文所述](#service-account-token-volume-projection)。 +如果你在你的集群中已经为 ServiceAccount 启用了[令牌投射](#serviceaccount-token-volume-projection), +那么你也可以利用其发现能力。Kubernetes 提供一种方式来让客户端将一个或多个外部系统进行联邦, +作为**标识提供者(Identity Provider)**,而这些外部系统的角色是**依赖方(Relying Party)**。 +{{< note >}} -{{< note >}} 分发者的 URL 必须遵从 [OIDC 发现规范](https://openid.net/specs/openid-connect-discovery-1_0.html)。 -这意味着 URL 必须使用 `https` 模式,并且必须在 +实现上,这意味着 URL 必须使用 `https` 模式,并且必须在路径 `{service-account-issuer}/.well-known/openid-configuration` -路径给出 OpenID 提供者(Provider)配置。 +处给出 OpenID 提供者(Provider)的配置信息。 -如果 URL 没有遵从这一规范,`ServiceAccountIssuerDiscovery` 末端就不会被注册, -即使该特性已经被启用。 +如果 URL 没有遵从这一规范,ServiceAccount 分发者发现末端末端就不会被注册也无法访问。 {{< /note >}} -发现服务账号分发者这一功能使得用户能够用联邦的方式结合使用 Kubernetes -集群(“Identity Provider”,标识提供者)与外部系统(“Relying Parties”, -依赖方)所分发的服务账号令牌。 - -当此功能被启用时,Kubernetes API 服务器会在 `/.well-known/openid-configuration` -提供一个 OpenID 提供者配置文档,并在 `/openid/v1/jwks` 处提供与之关联的 +Configuration document via HTTP. The configuration document is published at +`/.well-known/openid-configuration`. +The OpenID Provider Configuration is sometimes referred to as the _discovery document_. +The Kubernetes API server publishes the related +JSON Web Key Set (JWKS), also via HTTP, at `/openid/v1/jwks`. +--> +当此特性被启用时,Kubernetes API 服务器会通过 HTTP 提供一个 OpenID 提供者配置文档。 +该配置文档发布在 `/.well-known/openid-configuration` 路径。 +这里的 OpenID 提供者配置(OpenID Provider Configuration)有时候也被称作 +“发现文档(Discovery Document)”。 +Kubernetes API 服务器也通过 HTTP 在 `/openid/v1/jwks` 处发布相关的 JSON Web Key Set(JWKS)。 -这里的 OpenID 提供者配置有时候也被称作“发现文档(Discovery Document)”。 - - -集群包括一个的默认 RBAC ClusterRole, 名为 `system:service-account-issuer-discovery`。 -默认的 RBAC ClusterRoleBinding 将此角色分配给 `system:serviceaccounts` 组, -所有服务账号隐式属于该组。这使得集群上运行的 Pod -能够通过它们所挂载的服务账号令牌访问服务账号发现文档。 -此外,管理员可以根据其安全性需要以及期望集成的外部系统选择是否将该角色绑定到 -`system:authenticated` 或 `system:unauthenticated`。 +{{< note >}} -{{< note >}} -对 `/.well-known/openid-configuration` 和 `/openid/v1/jwks` 路径请求的响应被设计为与 -OIDC 兼容,但不是与其完全一致。 -返回的文档仅包含对 Kubernetes 服务账号令牌进行验证所必须的参数。 +对于在 `/.well-known/openid-configuration` 和 `/openid/v1/jwks` 上给出的响应而言, +其设计上是保证与 OIDC 兼容的,但并不严格遵从 OIDC 的规范。 +响应中所包含的文档进包含对 Kubernetes 服务账号令牌进行校验所必需的参数。 {{< /note >}} + +使用 {{< glossary_tooltip text="RBAC" term_id="rbac">}} 的集群都包含一个的默认 +RBAC ClusterRole, 名为 `system:service-account-issuer-discovery`。 +默认的 RBAC ClusterRoleBinding 将此角色分配给 `system:serviceaccounts` 组, +所有 ServiceAccount 隐式属于该组。这使得集群上运行的 Pod +能够通过它们所挂载的服务账号令牌访问服务账号发现文档。 +此外,管理员可以根据其安全性需要以及期望集成的外部系统,选择是否将该角色绑定到 +`system:authenticated` 或 `system:unauthenticated`。 + 另请参见: -- [服务账号的集群管理员指南](/zh-cn/docs/reference/access-authn-authz/service-accounts-admin/) -- [服务账号签署密钥检索 KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1393-oidc-discovery) -- [OIDC 发现规范](https://openid.net/specs/openid-connect-discovery-1_0.html) +- 阅读[为集群管理员提供的服务账号指南](/zh-cn/docs/reference/access-authn-authz/service-accounts-admin/) +- 阅读 [Kubernetes中的鉴权](/zh-cn/docs/reference/access-authn-authz/authorization/) +- 阅读 [Secret](/zh-cn/docs/concepts/configuration/secret/) 的概念 + - 或者学习[使用 Secret 来安全地分发凭据](/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/) + - 不过也要注意,使用 Secret 来完成 ServiceAccount 身份验证的做法已经过时。 + 建议的替代做法是执行 [ServiceAccount 令牌卷投射](#service-account-token-volume-projection). + +- 阅读理解[投射卷](/zh-cn/docs/tasks/configure-pod-container/configure-projected-volume-storage/) +- 关于 OIDC 发现的相关背景信息,阅读[服务账号签署密钥检索 KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1393-oidc-discovery) + 这一 Kubernetes 增强提案 +- 阅读 [OIDC 发现规范](https://openid.net/specs/openid-connect-discovery-1_0.html) From 14b83a1f8755c3cd56451065df8bded037ce45e1 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 14 Feb 2023 23:57:48 +0900 Subject: [PATCH 069/537] add weight to developing-cloud-controller-manager.md --- .../administer-cluster/developing-cloud-controller-manager.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md b/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md index d4f5a4e9fb8bd..2219eeea05ef8 100644 --- a/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md +++ b/content/ja/docs/tasks/administer-cluster/developing-cloud-controller-manager.md @@ -1,6 +1,7 @@ --- title: クラウドコントローラーマネージャーの開発 content_type: concept +weight: 190 --- From e03d7e4d248f3676cc3eea81183c2bc49ca7b394 Mon Sep 17 00:00:00 2001 From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com> Date: Thu, 26 Jan 2023 10:12:00 -0500 Subject: [PATCH 070/537] Remove Ruby as a dependency from netlify.toml file --- netlify.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/netlify.toml b/netlify.toml index 9caf5eea793dd..60ac752a385c1 100644 --- a/netlify.toml +++ b/netlify.toml @@ -9,7 +9,6 @@ command = "git submodule update --init --recursive --depth 1 && make non-product [build.environment] NODE_VERSION = "10.20.0" HUGO_VERSION = "0.101.0" -RUBY_VERSION = "3.0.1" [context.production.environment] HUGO_BASEURL = "https://kubernetes.io/" From 0aa084fa3b5e53d53c6950bb2901608001bfd862 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Wed, 15 Feb 2023 09:31:22 +0800 Subject: [PATCH 071/537] [zh] sync /scheduling-eviction/assign-pod-node.md --- .../concepts/scheduling-eviction/assign-pod-node.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node.md index 4f58e3541eb32..32c00c54635ff 100644 --- a/content/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -815,6 +815,18 @@ Some of the limitations of using `nodeName` to select nodes are: 而其失败原因中会给出是否因为内存或 CPU 不足而造成无法运行。 - 在云环境中的节点名称并不总是可预测的,也不总是稳定的。 +{{< note >}} + +`nodeName` 旨在供自定义调度程序或需要绕过任何已配置调度程序的高级场景使用。 +如果已分配的 Node 负载过重,绕过调度程序可能会导致 Pod 失败。 +你可以使用[节点亲和性](#node-affinity)或 [`nodeselector` 字段](#nodeselector)将 +Pod 分配给特定 Node,而无需绕过调度程序。 +{{}} + From e36fc155505cd36b84f941af56c717f1f1c7a4cc Mon Sep 17 00:00:00 2001 From: windsonsea Date: Wed, 15 Feb 2023 14:51:04 +0800 Subject: [PATCH 072/537] [zh] Sync blog: free-katacoda-kubernetes-tutorials-are-shutting-down --- ...-kubernetes-tutorials-are-shutting-down.md | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 content/zh-cn/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md diff --git a/content/zh-cn/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md b/content/zh-cn/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md new file mode 100644 index 0000000000000..0b324e787e140 --- /dev/null +++ b/content/zh-cn/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md @@ -0,0 +1,79 @@ +--- +layout: blog +title: "免费的 Katacoda Kubernetes 教程即将关闭" +date: 2023-02-14 +slug: kubernetes-katacoda-tutorials-stop-from-2023-03-31 +evergreen: true +--- + + + +**作者**:Natali Vlatko,Kubernetes SIG Docs 联合主席 + +**译者**:Michael Yao (DaoCloud) + + +[Katacoda](https://katacoda.com/kubernetes) 是 O’Reilly 开设的热门学习平台, +帮助人们学习 Java、Docker、Kubernetes、Python、Go、C++ 和其他更多内容, +这个学习平台于 [2022 年 6 月停止对公众开放](https://www.oreilly.com/online-learning/leveraging-katacoda-technology.html)。 +但是,从 Kubernetes 网站为相关项目用户和贡献者关联的 Kubernetes 专门教程在那次变更后仍然可用并处于活跃状态。 +遗憾的是,接下来情况将发生变化,Katacoda 上有关学习 Kubernetes 的教程将在 2023 年 3 月 31 日之后彻底关闭。 + + +Kubernetes 项目感谢 O'Reilly Media 多年来通过 Katacoda 学习平台对 Kubernetes 社区的支持。 +你可以在 O'Reilly 自有的网站上阅读 +[the decision to shutter katacoda.com](https://www.oreilly.com/online-learning/leveraging-katacoda-technology.html) +有关的更多信息。此次变更之后,我们将专注于移除指向 Katacoda 各种教程的链接。 +我们通过 [Issue #33936](https://github.com/kubernetes/website/issues/33936) +和 [GitHub 讨论](https://github.com/kubernetes/website/discussions/38878)跟踪此主题相关的常规问题。 +我们也有兴趣调研其他哪些学习平台可能对 Kubernetes 社区有益,尝试将 Katacoda 链接替换为具有类似用户体验的平台或服务。 +然而,这项调研需要时间,因此我们正在积极寻觅志愿者来协助完成这项工作。 +如果找到替代的平台,需要得到 Kubernetes 领导层的支持,特别是 +SIG Contributor Experience、SIG Docs 和 Kubernetes Steering Committee。 + + +Katacoda 的关闭会影响 25 个英文教程页面、对应的多语言页面以及 Katacoda Scenario仓库: +[github.com/katacoda-scenarios/kubernetes-bootcamp-scenarios](https://github.com/katacoda-scenarios/kubernetes-bootcamp-scenarios)。 +我们建议你立即更新指向 Katacoda 学习平台的所有链接、指南或文档,以反映这一变化。 +虽然我们还没有找到替代这个学习平台的解决方案,但 Kubernetes 网站本身就包含了大量有用的文档可助你继续学习和成长。 +你可以在 https://k8s.io/docs/tutorials/ 找到所有可用的 Kubernetes 文档教程。 + + +如果你对 Katacoda 关闭或后续从 Kubernetes 教程页面移除相关链接有任何疑问, +请在 [general issue tracking the shutdown](https://github.com/kubernetes/website/issues/33936) +上发表评论,或加入 Kubernetes Slack 的 #sig-docs 频道。 From 84af547628f31f785f321380d40c6ec9497f9887 Mon Sep 17 00:00:00 2001 From: David Hadas Date: Wed, 15 Feb 2023 12:24:48 +0200 Subject: [PATCH 073/537] Update index.md The post uses wrongly the term `Analysis` instead of using the term "Analytics" --- .../blog/_posts/2023-01-20-Security-Bahavior-Analysis/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/blog/_posts/2023-01-20-Security-Bahavior-Analysis/index.md b/content/en/blog/_posts/2023-01-20-Security-Bahavior-Analysis/index.md index d10abcd5f3a85..433fac80e40c9 100644 --- a/content/en/blog/_posts/2023-01-20-Security-Bahavior-Analysis/index.md +++ b/content/en/blog/_posts/2023-01-20-Security-Bahavior-Analysis/index.md @@ -8,7 +8,7 @@ slug: security-behavior-analysis **Author:** David Hadas (IBM Research Labs) -_This post warns Devops from a false sense of security. Following security best practices when developing and configuring microservices do not result in non-vulnerable microservices. The post shows that although all deployed microservices are vulnerable, there is much that can be done to ensure microservices are not exploited. It explains how analyzing the behavior of clients and services from a security standpoint, named here **"Security-Behavior Analysis"**, can protect the deployed vulnerable microservices. It points to [Guard](http://knative.dev/security-guard), an open source project offering security-behavior monitoring and control of Kubernetes microservices presumed vulnerable._ +_This post warns Devops from a false sense of security. Following security best practices when developing and configuring microservices do not result in non-vulnerable microservices. The post shows that although all deployed microservices are vulnerable, there is much that can be done to ensure microservices are not exploited. It explains how analyzing the behavior of clients and services from a security standpoint, named here **"Security-Behavior Analytics"**, can protect the deployed vulnerable microservices. It points to [Guard](http://knative.dev/security-guard), an open source project offering security-behavior monitoring and control of Kubernetes microservices presumed vulnerable._ As cyber attacks continue to intensify in sophistication, organizations deploying cloud services continue to grow their cyber investments aiming to produce safe and non-vulnerable services. However, the year-by-year growth in cyber investments does not result in a parallel reduction in cyber incidents. Instead, the number of cyber incidents continues to grow annually. Evidently, organizations are doomed to fail in this struggle - no matter how much effort is made to detect and remove cyber weaknesses from deployed services, it seems offenders always have the upper hand. From bbd7aa8d29dda43c310e8a42b0a91a12680ceec0 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 15 Feb 2023 19:47:01 +0800 Subject: [PATCH 074/537] [zh] sync enforce-standards-namespace-labels.md --- .../enforce-standards-namespace-labels.md | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md b/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md index 6a0912f8e668e..124bbf16bd2d0 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md @@ -1,7 +1,6 @@ --- title: 使用名字空间标签来实施 Pod 安全性标准 content_type: task -min-kubernetes-server-version: v1.22 --- +名字空间可以打上标签以强制执行 [Pod 安全性标准](/zh-cn/docs/concepts/security/pod-security-standards)。 [特权(privileged)](/zh-cn/docs/concepts/security/pod-security-standards/#privileged)、 [基线(baseline)](/zh-cn/docs/concepts/security/pod-security-standards/#baseline)和 -[受限(restricted)](/zh-cn/docs/concepts/security/pod-security-standards/#restricted) -这三种策略涵盖了广泛安全范围,并由 [Pod 安全](/zh-cn/docs/concepts/security/pod-security-admission/) - {{< glossary_tooltip text="准入控制器" term_id="admission-controller" >}}实现。 +[受限(restricted)](/zh-cn/docs/concepts/security/pod-security-standards/#restricted) +这三种策略涵盖了广泛安全范围,并由 +[Pod 安全](/zh-cn/docs/concepts/security/pod-security-admission/){{< glossary_tooltip text="准入控制器" term_id="admission-controller" >}}实现。 ## {{% heading "prerequisites" %}} -{{% version-check %}} - -- 确保 `PodSecurity` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features)已被启用。 +Pod 安全性准入(Pod Security Admission)在 Kubernetes v1.23 中作为 Beta 特性默认可用。 +从 1.25 版本起,此特性进阶至正式发布(Generally Available)。 + +{{% version-check %}} 下面的清单定义了一个 `my-baseline-namespace` 名字空间,其中 -- *阻止*任何不满足 `baseline` 策略要求的 Pods; +- **阻止**任何不满足 `baseline` 策略要求的 Pod; - 针对任何无法满足 `restricted` 策略要求的、已创建的 Pod 为用户生成警告信息, 并添加审计注解; - 将 `baseline` 和 `restricted` 策略的版本锁定到 v{{< skew currentVersion >}}。 @@ -89,7 +92,7 @@ namespaces. The Pod Security Standard checks will still be run in _dry run_ mode information about how the new policy would treat existing pods, without actually updating a policy. --> 在刚开始为名字空间评估安全性策略变更时,使用 `--dry-run` 标志是很有用的。 -Pod 安全性标准会在 _dry run(试运行)_ +Pod 安全性标准会在 **dry run(试运行)** 模式下运行,在这种模式下会生成新策略如何处理现有 Pod 的信息, 但不会真正更新策略。 From 681e433bb1e419f94a7a8eb2bd5940b64303a1e7 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 15 Feb 2023 20:18:56 +0800 Subject: [PATCH 075/537] Fix typo and add blank lines in enforce-standards-admission-controller --- .../enforce-standards-admission-controller.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md index 311a4d54759e6..614d5c3b56ade 100644 --- a/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md +++ b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md @@ -13,9 +13,11 @@ You can configure this admission controller to set cluster-wide defaults and [ex ## {{% heading "prerequisites" %}} Following an alpha release in Kubernetes v1.22, -Pod Security Admission becaome available by default in Kubernetes v1.23, as +Pod Security Admission became available by default in Kubernetes v1.23, as a beta. From version 1.25 onwards, Pod Security Admission is generally -available. {{% version-check %}} +available. + +{{% version-check %}} If you are not running Kubernetes {{< skew currentVersion >}}, you can switch to viewing this page in the documentation for the Kubernetes version that you @@ -29,7 +31,6 @@ For v1.23 and v1.24, use [v1beta1](https://v1-24.docs.kubernetes.io/docs/tasks/c For v1.22, use [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/). {{< /note >}} - ```yaml apiVersion: apiserver.config.k8s.io/v1 # see compatibility note kind: AdmissionConfiguration @@ -63,6 +64,7 @@ plugins: # Array of namespaces to exempt. namespaces: [] ``` + {{< note >}} The above manifest needs to be specified via the `--admission-control-config-file` to kube-apiserver. {{< /note >}} From 5e86649304fe4ad206f1039c5f2613dc81a9bcea Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 15 Feb 2023 13:22:33 +0100 Subject: [PATCH 076/537] add french translation for task 'Define a Command and Arguments for a Container' --- .../tasks/inject-data-application/_index.md | 3 +- .../define-command-argument-container.md | 102 ++++++++++++++++++ content/fr/examples/pods/commands.yaml | 13 +++ 3 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 content/fr/docs/tasks/inject-data-application/define-command-argument-container.md create mode 100644 content/fr/examples/pods/commands.yaml diff --git a/content/fr/docs/tasks/inject-data-application/_index.md b/content/fr/docs/tasks/inject-data-application/_index.md index e6d3f386a4ec0..dbe02187c6ccc 100644 --- a/content/fr/docs/tasks/inject-data-application/_index.md +++ b/content/fr/docs/tasks/inject-data-application/_index.md @@ -1,4 +1,5 @@ --- -title: Injection des données dans les applications +title: "Injecter des données dans les applications" +description: Spécifier la configuration et paramètres pour les Pods qui exécutent vos charge de travail. weight: 30 --- diff --git a/content/fr/docs/tasks/inject-data-application/define-command-argument-container.md b/content/fr/docs/tasks/inject-data-application/define-command-argument-container.md new file mode 100644 index 0000000000000..bd151e20f1555 --- /dev/null +++ b/content/fr/docs/tasks/inject-data-application/define-command-argument-container.md @@ -0,0 +1,102 @@ +--- +title: Définir une commande et ses arguments pour un Container +content_type: task +weight: 10 +--- + + + +Cette page montre comment définir les commandes et arguments d'un container au sein d'un {{< glossary_tooltip term_id="pod" >}}. + + + + +## {{% heading "prerequisites" %}} + + +{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} + + + + + + +## Définir une commande et ses arguments à la création d'un Pod + +Lorsque vous créez un Pod, il est possible de définir une commande et des arguements pour les containers qui seront exécutes dans votre Pod. Pour définir une commande, ajoutez un champ `command` dans le fichier de configuration. Pour définir des arguments, ajoutez le champ `args` dans le fichier de configuration. La commande et les arguments qui sont définis ne peuvent être changés après la création du Pod. + +La commande et les arguments que vous définissez dans le fichier de configuration écrase la commande et les arguments définis par l'image utilisée par le container. Si vous définissez uniquement des arguments, la commande par défaut sera exécutée avec les arguments que vous avez configurés. +{{< note >}} +Le champ `command` correspond à `entrypoint` dans certains runtimes de containers. +{{< /note >}} + +Dans cet exercice, vous allez créer un Pod qui exécute un container. Le fichier de configuration pour le Pod défini une commande ainsi que deux arguments: +{{< codenew file="pods/commands.yaml" >}} + +1. Créer un Pod en utilisant le fichier YAML de configuration suivant: + + ```shell + kubectl apply -f https://k8s.io/examples/pods/commands.yaml + ``` + +1. Lister les Pods + + ```shell + kubectl get pods + ``` + + Le résultat montre que le container exécuté dans le Pod nommé container-demo a complété son exécution. + +1. Pour voir le résultat de la commade exécutée dans le container, on peut afficher les logs pour le Pod: + + ```shell + kubectl logs command-demo + ``` + + Le résultat montre les valeurs des variables d'environnement HOSTNAME et KUBERNETES_PORT: + + ``` + command-demo + tcp://10.3.240.1:443 + ``` + +## Utiliser des variables d'environnements dans les arguments + +Dans l'exemple précédent, vous avez défini des arguments en donnant +directement les valeurs en format string. +Il est aussi possible de définir des arguments en utilisant des variables d'environnement: + +```yaml +env: +- name: MESSAGE + value: "hello world" +command: ["/bin/echo"] +args: ["$(MESSAGE)"] +``` + +Il est donc possible de définir un argument pour un Pod en utilisant n'importe quelle méthode disponible pour définir des variables d'environnements, ce qui inclut les +[ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) +et les +[Secrets](/docs/concepts/configuration/secret/). + +{{< note >}} +Les variables d'environnements apparaissent ente parenthèses `"$(VAR)"`. +Cette écriture est requise pour que la variable soit correctement +interpolée dans les champs `command` ou `args`. +{{< /note >}} + +## Exécuter une commande à l'intérieur d'un shell + +Dans certains cas, certaines commandes nécéssitent d'être exécutées dans un shell. Par exemple, certaines commandes consistent en une chaine de commandes, ou un script shell. Pour exécuter une commande dans un shell, il est possible de wrapper la commande comme ceci: + +```shell +command: ["/bin/sh"] +args: ["-c", "while true; do echo hello; sleep 10;done"] +``` + +## {{% heading "whatsnext" %}} + + +* Aller plus loin dans la [configuration des pods et des containers](/docs/tasks/). +* Apprendre à [exécuter des commandes dans un container](/docs/tasks/debug/debug-application/get-shell-running-container/). +* Voir la [documentation de référence sur les containers](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#container-v1-core). diff --git a/content/fr/examples/pods/commands.yaml b/content/fr/examples/pods/commands.yaml new file mode 100644 index 0000000000000..2327d2582745f --- /dev/null +++ b/content/fr/examples/pods/commands.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + name: command-demo + labels: + purpose: demonstrate-command +spec: + containers: + - name: command-demo-container + image: debian + command: ["printenv"] + args: ["HOSTNAME", "KUBERNETES_PORT"] + restartPolicy: OnFailure From d0b3ba5ccea5138c06ece1ad9f4e4c2b0c5ef897 Mon Sep 17 00:00:00 2001 From: Grigoris Thanasoulas Date: Sat, 11 Feb 2023 12:19:41 +0200 Subject: [PATCH 077/537] Update DaemonSet guide Rewrite "How Daemon Pods are scheduled" section of the DaemonSet guide to align with the current state and be more clear. Signed-off-by: Grigoris Thanasoulas --- .../workloads/controllers/daemonset.md | 95 ++++++++++--------- 1 file changed, 52 insertions(+), 43 deletions(-) diff --git a/content/en/docs/concepts/workloads/controllers/daemonset.md b/content/en/docs/concepts/workloads/controllers/daemonset.md index 98147a6e647bf..19ad8e27c9e36 100644 --- a/content/en/docs/concepts/workloads/controllers/daemonset.md +++ b/content/en/docs/concepts/workloads/controllers/daemonset.md @@ -105,30 +105,24 @@ If you do not specify either, then the DaemonSet controller will create Pods on ## How Daemon Pods are scheduled -### Scheduled by default scheduler - -{{< feature-state for_k8s_version="1.17" state="stable" >}} - -A DaemonSet ensures that all eligible nodes run a copy of a Pod. Normally, the -node that a Pod runs on is selected by the Kubernetes scheduler. However, -DaemonSet pods are created and scheduled by the DaemonSet controller instead. -That introduces the following issues: - -* Inconsistent Pod behavior: Normal Pods waiting to be scheduled are created - and in `Pending` state, but DaemonSet pods are not created in `Pending` - state. This is confusing to the user. -* [Pod preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/) - is handled by default scheduler. When preemption is enabled, the DaemonSet controller - will make scheduling decisions without considering pod priority and preemption. - -`ScheduleDaemonSetPods` allows you to schedule DaemonSets using the default -scheduler instead of the DaemonSet controller, by adding the `NodeAffinity` term -to the DaemonSet pods, instead of the `.spec.nodeName` term. The default -scheduler is then used to bind the pod to the target host. If node affinity of -the DaemonSet pod already exists, it is replaced (the original node affinity was -taken into account before selecting the target host). The DaemonSet controller only -performs these operations when creating or modifying DaemonSet pods, and no -changes are made to the `spec.template` of the DaemonSet. +A DaemonSet ensures that all eligible nodes run a copy of a Pod. The DaemonSet +controller creates a Pod for each eligible node and adds the +`spec.affinity.nodeAffinity` field of the Pod to match the target host. After +the Pod is created, the default scheduler typically takes over and then binds +the Pod to the target host by setting the `.spec.nodeName` field. If the new +Pod cannot fit on the node, the default scheduler may preempt (evict) some of +the existing Pods based on the +[priority](/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) +of the new Pod. + +The user can specify a different scheduler for the Pods of the DamonSet, by +setting the `.spec.template.spec.schedulerName` field of the DaemonSet. + +The original node affinity specified at the +`.spec.template.spec.affinity.nodeAffinity` field (if specified) is taken into +consideration by the DaemonSet controller when evaluating the eligible nodes, +but is replaced on the created Pod with the node affinity that matches the name +of the eligible node. ```yaml nodeAffinity: @@ -141,25 +135,40 @@ nodeAffinity: - target-host-name ``` -In addition, `node.kubernetes.io/unschedulable:NoSchedule` toleration is added -automatically to DaemonSet Pods. The default scheduler ignores -`unschedulable` Nodes when scheduling DaemonSet Pods. - -### Taints and Tolerations - -Although Daemon Pods respect -[taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/), -the following tolerations are added to DaemonSet Pods automatically according to -the related features. - -| Toleration Key | Effect | Version | Description | -| ---------------------------------------- | ---------- | ------- | ----------- | -| `node.kubernetes.io/not-ready` | NoExecute | 1.13+ | DaemonSet pods will not be evicted when there are node problems such as a network partition. | -| `node.kubernetes.io/unreachable` | NoExecute | 1.13+ | DaemonSet pods will not be evicted when there are node problems such as a network partition. | -| `node.kubernetes.io/disk-pressure` | NoSchedule | 1.8+ | DaemonSet pods tolerate disk-pressure attributes by default scheduler. | -| `node.kubernetes.io/memory-pressure` | NoSchedule | 1.8+ | DaemonSet pods tolerate memory-pressure attributes by default scheduler. | -| `node.kubernetes.io/unschedulable` | NoSchedule | 1.12+ | DaemonSet pods tolerate unschedulable attributes by default scheduler. | -| `node.kubernetes.io/network-unavailable` | NoSchedule | 1.12+ | DaemonSet pods, who uses host network, tolerate network-unavailable attributes by default scheduler. | + +### Taints and tolerations + +The DaemonSet controller automatically adds a set of {{< glossary_tooltip +text="tolerations" term_id="toleration" >}} to DaemonSet Pods: + +{{< table caption="Tolerations for DaemonSet pods" >}} + +| Toleration key | Effect | Details | +| --------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------- | +| [`node.kubernetes.io/not-ready`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-not-ready) | `NoExecute` | DaemonSet Pods can be scheduled onto nodes that are not healthy or ready to accept Pods. Any DaemonSet Pods running on such nodes will not be evicted. | +| [`node.kubernetes.io/unreachable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unreachable) | `NoExecute` | DaemonSet Pods can be scheduled onto nodes that are unreachable from the node controller. Any DaemonSet Pods running on such nodes will not be evicted. | +| [`node.kubernetes.io/disk-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-disk-pressure) | `NoSchedule` | DaemonSet Pods can be scheduled onto nodes with disk pressure issues. | +| [`node.kubernetes.io/memory-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-memory-pressure) | `NoSchedule` | DaemonSet Pods can be scheduled onto nodes with memory pressure issues. | +| [`node.kubernetes.io/pid-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-pid-pressure) | `NoSchedule` | DaemonSet Pods can be scheduled onto nodes with process pressure issues. | +| [`node.kubernetes.io/unschedulable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unschedulable) | `NoSchedule` | DaemonSet Pods can be scheduled onto nodes that are unschedulable. | +| [`node.kubernetes.io/network-unavailable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-network-unavailable) | `NoSchedule` | **Only added for DaemonSet Pods that request host networking**, i.e., Pods having `spec.hostNetwork: true`. Such DaemonSet Pods can be scheduled onto nodes with unavailable network.| + +{{< /table >}} + +You can add your own tolerations to the Pods of a Daemonset as well, by +defining these in the Pod template of the DaemonSet. + +Because the DaemonSet controller sets the +`node.kubernetes.io/unschedulable:NoSchedule` toleration automatically, +Kubernetes can run DaemonSet Pods on nodes that are marked as _unschedulable_. + +If you use a DaemonSet to provide an important node-level function, such as +[cluster networking](/docs/concepts/cluster-administration/networking/), it is +helpful that Kubernetes places DaemonSet Pods on nodes before they are ready. +For example, without that special toleration, you could end up in a deadlock +situation where the node is not marked as ready because the network plugin is +not running there, and at the same time the network plugin is not running on +that node because the node is not yet ready. ## Communicating with Daemon Pods From eb3cb4d410da5d3c524b4441a5bcd16f12b6007e Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 15 Feb 2023 23:27:44 +0100 Subject: [PATCH 078/537] final pass on typos & missing translations --- .../tasks/inject-data-application/_index.md | 2 +- .../define-command-argument-container.md | 30 ++++++++++++------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/content/fr/docs/tasks/inject-data-application/_index.md b/content/fr/docs/tasks/inject-data-application/_index.md index dbe02187c6ccc..6ec828ecba7f0 100644 --- a/content/fr/docs/tasks/inject-data-application/_index.md +++ b/content/fr/docs/tasks/inject-data-application/_index.md @@ -1,5 +1,5 @@ --- title: "Injecter des données dans les applications" -description: Spécifier la configuration et paramètres pour les Pods qui exécutent vos charge de travail. +description: Spécifier la configuration et paramètres pour les Pods qui exécutent vos charges de travail. weight: 30 --- diff --git a/content/fr/docs/tasks/inject-data-application/define-command-argument-container.md b/content/fr/docs/tasks/inject-data-application/define-command-argument-container.md index bd151e20f1555..bf55910e4459a 100644 --- a/content/fr/docs/tasks/inject-data-application/define-command-argument-container.md +++ b/content/fr/docs/tasks/inject-data-application/define-command-argument-container.md @@ -23,23 +23,30 @@ Cette page montre comment définir les commandes et arguments d'un container au ## Définir une commande et ses arguments à la création d'un Pod -Lorsque vous créez un Pod, il est possible de définir une commande et des arguements pour les containers qui seront exécutes dans votre Pod. Pour définir une commande, ajoutez un champ `command` dans le fichier de configuration. Pour définir des arguments, ajoutez le champ `args` dans le fichier de configuration. La commande et les arguments qui sont définis ne peuvent être changés après la création du Pod. - -La commande et les arguments que vous définissez dans le fichier de configuration écrase la commande et les arguments définis par l'image utilisée par le container. Si vous définissez uniquement des arguments, la commande par défaut sera exécutée avec les arguments que vous avez configurés. +Lorsque vous créez un Pod, il est possible de définir une commande et des arguments +pour les containers qui seront exécutés dans votre Pod. +Pour définir une commande, ajoutez un champ `command` dans le fichier de configuration. +Pour définir des arguments, ajoutez le champ `args` dans le fichier de configuration. +La commande et les arguments qui sont définis ne peuvent être changés après la création du Pod. + +La commande et les arguments que vous définissez dans le fichier de configuration +écraseront la commande et les arguments définis par l'image utilisée par le container. +Si vous définissez uniquement des arguments, la commande par défaut sera exécutée avec les arguments que vous avez configurés. {{< note >}} Le champ `command` correspond à `entrypoint` dans certains runtimes de containers. {{< /note >}} -Dans cet exercice, vous allez créer un Pod qui exécute un container. Le fichier de configuration pour le Pod défini une commande ainsi que deux arguments: +Dans cet exercice, vous allez créer un Pod qui exécute un container. +Le fichier de configuration pour le Pod défini une commande ainsi que deux arguments: {{< codenew file="pods/commands.yaml" >}} -1. Créer un Pod en utilisant le fichier YAML de configuration suivant: +1. Créez un Pod en utilisant le fichier YAML de configuration suivant: ```shell kubectl apply -f https://k8s.io/examples/pods/commands.yaml ``` -1. Lister les Pods +1. Listez les Pods ```shell kubectl get pods @@ -60,10 +67,10 @@ Dans cet exercice, vous allez créer un Pod qui exécute un container. Le fichie tcp://10.3.240.1:443 ``` -## Utiliser des variables d'environnements dans les arguments +## Utiliser des variables d'environnement dans les arguments Dans l'exemple précédent, vous avez défini des arguments en donnant -directement les valeurs en format string. +directement les valeurs en format chaîne de caractères. Il est aussi possible de définir des arguments en utilisant des variables d'environnement: ```yaml @@ -74,7 +81,8 @@ command: ["/bin/echo"] args: ["$(MESSAGE)"] ``` -Il est donc possible de définir un argument pour un Pod en utilisant n'importe quelle méthode disponible pour définir des variables d'environnements, ce qui inclut les +Il est donc possible de définir un argument pour un Pod en utilisant n'importe +quelle méthode disponible pour définir des variables d'environnements, ce qui inclut les [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) et les [Secrets](/docs/concepts/configuration/secret/). @@ -82,12 +90,12 @@ et les {{< note >}} Les variables d'environnements apparaissent ente parenthèses `"$(VAR)"`. Cette écriture est requise pour que la variable soit correctement -interpolée dans les champs `command` ou `args`. +développée dans les champs `command` ou `args`. {{< /note >}} ## Exécuter une commande à l'intérieur d'un shell -Dans certains cas, certaines commandes nécéssitent d'être exécutées dans un shell. Par exemple, certaines commandes consistent en une chaine de commandes, ou un script shell. Pour exécuter une commande dans un shell, il est possible de wrapper la commande comme ceci: +Dans certains cas, certaines commandes nécéssitent d'être exécutées dans un shell. Par exemple, certaines commandes consistent en une chaîne de commandes, ou un script shell. Pour exécuter une commande dans un shell, il est possible d'envelopper la commande comme ceci: ```shell command: ["/bin/sh"] From 296e40e619d13e5f466ffc242bb3fde041b344f0 Mon Sep 17 00:00:00 2001 From: seancrasto <103709488+seancrasto@users.noreply.github.com> Date: Wed, 15 Feb 2023 19:37:42 -0500 Subject: [PATCH 079/537] Update topology-aware-hints.md Added back to correct sentence --- .../docs/concepts/services-networking/topology-aware-hints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/services-networking/topology-aware-hints.md b/content/en/docs/concepts/services-networking/topology-aware-hints.md index 8d298d2627afa..7a6d212476e53 100644 --- a/content/en/docs/concepts/services-networking/topology-aware-hints.md +++ b/content/en/docs/concepts/services-networking/topology-aware-hints.md @@ -126,7 +126,7 @@ zone. 5. **A zone is not represented in hints:** If the kube-proxy is unable to find at least one endpoint with a hint targeting the zone it is running in, it falls - to using endpoints from all zones. This is most likely to happen as you add + back to using endpoints from all zones. This is most likely to happen as you add a new zone into your existing cluster. ## Constraints From b606edb0794c21b51b1b20310dcaaf7ce27cc45e Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 15 Feb 2023 20:02:06 +0800 Subject: [PATCH 080/537] [zh] sync enforce-standards-admission-controller.md --- .../enforce-standards-admission-controller.md | 51 ++++++++++++------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md b/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md index a83dcbb22f1a5..f526c26b25348 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md @@ -1,43 +1,66 @@ --- title: 通过配置内置准入控制器实施 Pod 安全标准 content_type: task -min-kubernetes-server-version: v1.22 --- - -在 v1.22 版本中,Kubernetes 提供一种内置的[准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers/#podsecurity) -用来强制实施 [Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards)。 +Kubernetes 提供一种内置的[准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers/#podsecurity) +用来强制实施 [Pod 安全性标准](/zh-cn/docs/concepts/security/pod-security-standards)。 你可以配置此准入控制器来设置集群范围的默认值和[豁免选项](/zh-cn/docs/concepts/security/pod-security-admission/#exemptions)。 ## {{% heading "prerequisites" %}} + +Pod 安全性准入(Pod Security Admission)在 Kubernetes v1.22 作为 Alpha 特性发布, +在 Kubernetes v1.23 中作为 Beta 特性默认可用。从 1.25 版本起, +此特性进阶至正式发布(Generally Available)。 + {{% version-check %}} -- 确保 `PodSecurity` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features)已被启用。 +如果未运行 Kubernetes {{< skew currentVersion >}}, +你可以切换到与当前运行的 Kubernetes 版本所对应的文档。 ## 配置准入控制器 {#configure-the-admission-controller} +{{< note >}} + +`pod-security.admission.config.k8s.io/v1` 配置需要 v1.25+。 +对于 v1.23 和 v1.24,使用 +[v1beta1](https://v1-24.docs.kubernetes.io/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。 +对于 v1.22,使用 +[v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。 +{{< /note >}} + ```yaml -apiVersion: apiserver.config.k8s.io/v1 +apiVersion: apiserver.config.k8s.io/v1 # 查阅兼容性说明 kind: AdmissionConfiguration plugins: - name: PodSecurity @@ -77,13 +100,3 @@ The above manifest needs to be specified via the `--admission-control-config-fil 上面的清单需要通过 `--admission-control-config-file` 指定给 kube-apiserver。 {{< /note >}} -{{< note >}} - -`pod-security.admission.config.k8s.io/v1` 配置需要 v1.25+。 -对于 v1.23 和 v1.24,使用 [v1beta1](https://v1-24.docs.kubernetes.io/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。 -对于 v1.22,使用 [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。 -{{< /note >}} From 4ae516aee8cd16b771e7cd1857daa08e0ff90256 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Thu, 16 Feb 2023 09:51:12 +0800 Subject: [PATCH 081/537] Tweak line wrappings in PV storage concepts --- .../concepts/storage/persistent-volumes.md | 371 +++++++++++++----- 1 file changed, 272 insertions(+), 99 deletions(-) diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 2ae3d42964d2e..13ede898e5933 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -16,25 +16,45 @@ weight: 20 -This document describes _persistent volumes_ in Kubernetes. Familiarity with [volumes](/docs/concepts/storage/volumes/) is suggested. +This document describes _persistent volumes_ in Kubernetes. Familiarity with +[volumes](/docs/concepts/storage/volumes/) is suggested. ## Introduction -Managing storage is a distinct problem from managing compute instances. The PersistentVolume subsystem provides an API for users and administrators that abstracts details of how storage is provided from how it is consumed. To do this, we introduce two new API resources: PersistentVolume and PersistentVolumeClaim. - -A _PersistentVolume_ (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using [Storage Classes](/docs/concepts/storage/storage-classes/). It is a resource in the cluster just like a node is a cluster resource. PVs are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV. This API object captures the details of the implementation of the storage, be that NFS, iSCSI, or a cloud-provider-specific storage system. - -A _PersistentVolumeClaim_ (PVC) is a request for storage by a user. It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes (e.g., they can be mounted ReadWriteOnce, ReadOnlyMany or ReadWriteMany, see [AccessModes](#access-modes)). - -While PersistentVolumeClaims allow a user to consume abstract storage resources, it is common that users need PersistentVolumes with varying properties, such as performance, for different problems. Cluster administrators need to be able to offer a variety of PersistentVolumes that differ in more ways than size and access modes, without exposing users to the details of how those volumes are implemented. For these needs, there is the _StorageClass_ resource. +Managing storage is a distinct problem from managing compute instances. +The PersistentVolume subsystem provides an API for users and administrators +that abstracts details of how storage is provided from how it is consumed. +To do this, we introduce two new API resources: PersistentVolume and PersistentVolumeClaim. + +A _PersistentVolume_ (PV) is a piece of storage in the cluster that has been +provisioned by an administrator or dynamically provisioned using +[Storage Classes](/docs/concepts/storage/storage-classes/). It is a resource in +the cluster just like a node is a cluster resource. PVs are volume plugins like +Volumes, but have a lifecycle independent of any individual Pod that uses the PV. +This API object captures the details of the implementation of the storage, be that +NFS, iSCSI, or a cloud-provider-specific storage system. + +A _PersistentVolumeClaim_ (PVC) is a request for storage by a user. It is similar +to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can +request specific levels of resources (CPU and Memory). Claims can request specific +size and access modes (e.g., they can be mounted ReadWriteOnce, ReadOnlyMany or +ReadWriteMany, see [AccessModes](#access-modes)). + +While PersistentVolumeClaims allow a user to consume abstract storage resources, +it is common that users need PersistentVolumes with varying properties, such as +performance, for different problems. Cluster administrators need to be able to +offer a variety of PersistentVolumes that differ in more ways than size and access +modes, without exposing users to the details of how those volumes are implemented. +For these needs, there is the _StorageClass_ resource. See the [detailed walkthrough with working examples](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/). ## Lifecycle of a volume and claim -PVs are resources in the cluster. PVCs are requests for those resources and also act as claim checks to the resource. The interaction between PVs and PVCs follows this lifecycle: +PVs are resources in the cluster. PVCs are requests for those resources and also act +as claim checks to the resource. The interaction between PVs and PVCs follows this lifecycle: ### Provisioning @@ -42,7 +62,9 @@ There are two ways PVs may be provisioned: statically or dynamically. #### Static -A cluster administrator creates a number of PVs. They carry the details of the real storage, which is available for use by cluster users. They exist in the Kubernetes API and are available for consumption. +A cluster administrator creates a number of PVs. They carry the details of the +real storage, which is available for use by cluster users. They exist in the +Kubernetes API and are available for consumption. #### Dynamic @@ -55,7 +77,8 @@ provisioning to occur. Claims that request the class `""` effectively disable dynamic provisioning for themselves. To enable dynamic storage provisioning based on storage class, the cluster administrator -needs to enable the `DefaultStorageClass` [admission controller](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass) +needs to enable the `DefaultStorageClass` +[admission controller](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass) on the API server. This can be done, for example, by ensuring that `DefaultStorageClass` is among the comma-delimited, ordered list of values for the `--enable-admission-plugins` flag of the API server component. For more information on API server command-line flags, @@ -63,26 +86,51 @@ check [kube-apiserver](/docs/admin/kube-apiserver/) documentation. ### Binding -A user creates, or in the case of dynamic provisioning, has already created, a PersistentVolumeClaim with a specific amount of storage requested and with certain access modes. A control loop in the master watches for new PVCs, finds a matching PV (if possible), and binds them together. If a PV was dynamically provisioned for a new PVC, the loop will always bind that PV to the PVC. Otherwise, the user will always get at least what they asked for, but the volume may be in excess of what was requested. Once bound, PersistentVolumeClaim binds are exclusive, regardless of how they were bound. A PVC to PV binding is a one-to-one mapping, using a ClaimRef which is a bi-directional binding between the PersistentVolume and the PersistentVolumeClaim. - -Claims will remain unbound indefinitely if a matching volume does not exist. Claims will be bound as matching volumes become available. For example, a cluster provisioned with many 50Gi PVs would not match a PVC requesting 100Gi. The PVC can be bound when a 100Gi PV is added to the cluster. +A user creates, or in the case of dynamic provisioning, has already created, +a PersistentVolumeClaim with a specific amount of storage requested and with +certain access modes. A control loop in the master watches for new PVCs, finds +a matching PV (if possible), and binds them together. If a PV was dynamically +provisioned for a new PVC, the loop will always bind that PV to the PVC. Otherwise, +the user will always get at least what they asked for, but the volume may be in +excess of what was requested. Once bound, PersistentVolumeClaim binds are exclusive, +regardless of how they were bound. A PVC to PV binding is a one-to-one mapping, +using a ClaimRef which is a bi-directional binding between the PersistentVolume +and the PersistentVolumeClaim. + +Claims will remain unbound indefinitely if a matching volume does not exist. +Claims will be bound as matching volumes become available. For example, a +cluster provisioned with many 50Gi PVs would not match a PVC requesting 100Gi. +The PVC can be bound when a 100Gi PV is added to the cluster. ### Using -Pods use claims as volumes. The cluster inspects the claim to find the bound volume and mounts that volume for a Pod. For volumes that support multiple access modes, the user specifies which mode is desired when using their claim as a volume in a Pod. +Pods use claims as volumes. The cluster inspects the claim to find the bound +volume and mounts that volume for a Pod. For volumes that support multiple +access modes, the user specifies which mode is desired when using their claim +as a volume in a Pod. -Once a user has a claim and that claim is bound, the bound PV belongs to the user for as long as they need it. Users schedule Pods and access their claimed PVs by including a `persistentVolumeClaim` section in a Pod's `volumes` block. See [Claims As Volumes](#claims-as-volumes) for more details on this. +Once a user has a claim and that claim is bound, the bound PV belongs to the +user for as long as they need it. Users schedule Pods and access their claimed +PVs by including a `persistentVolumeClaim` section in a Pod's `volumes` block. +See [Claims As Volumes](#claims-as-volumes) for more details on this. ### Storage Object in Use Protection -The purpose of the Storage Object in Use Protection feature is to ensure that PersistentVolumeClaims (PVCs) in active use by a Pod and PersistentVolume (PVs) that are bound to PVCs are not removed from the system, as this may result in data loss. + +The purpose of the Storage Object in Use Protection feature is to ensure that +PersistentVolumeClaims (PVCs) in active use by a Pod and PersistentVolume (PVs) +that are bound to PVCs are not removed from the system, as this may result in data loss. {{< note >}} PVC is in active use by a Pod when a Pod object exists that is using the PVC. {{< /note >}} -If a user deletes a PVC in active use by a Pod, the PVC is not removed immediately. PVC removal is postponed until the PVC is no longer actively used by any Pods. Also, if an admin deletes a PV that is bound to a PVC, the PV is not removed immediately. PV removal is postponed until the PV is no longer bound to a PVC. +If a user deletes a PVC in active use by a Pod, the PVC is not removed immediately. +PVC removal is postponed until the PVC is no longer actively used by any Pods. Also, +if an admin deletes a PV that is bound to a PVC, the PV is not removed immediately. +PV removal is postponed until the PV is no longer bound to a PVC. -You can see that a PVC is protected when the PVC's status is `Terminating` and the `Finalizers` list includes `kubernetes.io/pvc-protection`: +You can see that a PVC is protected when the PVC's status is `Terminating` and the +`Finalizers` list includes `kubernetes.io/pvc-protection`: ```shell kubectl describe pvc hostpath @@ -98,7 +146,8 @@ Finalizers: [kubernetes.io/pvc-protection] ... ``` -You can see that a PV is protected when the PV's status is `Terminating` and the `Finalizers` list includes `kubernetes.io/pv-protection` too: +You can see that a PV is protected when the PV's status is `Terminating` and +the `Finalizers` list includes `kubernetes.io/pv-protection` too: ```shell kubectl describe pv task-pv-volume @@ -122,29 +171,48 @@ Events: ### Reclaiming -When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy for a PersistentVolume tells the cluster what to do with the volume after it has been released of its claim. Currently, volumes can either be Retained, Recycled, or Deleted. +When a user is done with their volume, they can delete the PVC objects from the +API that allows reclamation of the resource. The reclaim policy for a PersistentVolume +tells the cluster what to do with the volume after it has been released of its claim. +Currently, volumes can either be Retained, Recycled, or Deleted. #### Retain -The `Retain` reclaim policy allows for manual reclamation of the resource. When the PersistentVolumeClaim is deleted, the PersistentVolume still exists and the volume is considered "released". But it is not yet available for another claim because the previous claimant's data remains on the volume. An administrator can manually reclaim the volume with the following steps. +The `Retain` reclaim policy allows for manual reclamation of the resource. +When the PersistentVolumeClaim is deleted, the PersistentVolume still exists +and the volume is considered "released". But it is not yet available for +another claim because the previous claimant's data remains on the volume. +An administrator can manually reclaim the volume with the following steps. -1. Delete the PersistentVolume. The associated storage asset in external infrastructure (such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume) still exists after the PV is deleted. +1. Delete the PersistentVolume. The associated storage asset in external infrastructure + (such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume) still exists after the PV is deleted. 1. Manually clean up the data on the associated storage asset accordingly. 1. Manually delete the associated storage asset. -If you want to reuse the same storage asset, create a new PersistentVolume with the same storage asset definition. +If you want to reuse the same storage asset, create a new PersistentVolume with +the same storage asset definition. #### Delete -For volume plugins that support the `Delete` reclaim policy, deletion removes both the PersistentVolume object from Kubernetes, as well as the associated storage asset in the external infrastructure, such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume. Volumes that were dynamically provisioned inherit the [reclaim policy of their StorageClass](#reclaim-policy), which defaults to `Delete`. The administrator should configure the StorageClass according to users' expectations; otherwise, the PV must be edited or patched after it is created. See [Change the Reclaim Policy of a PersistentVolume](/docs/tasks/administer-cluster/change-pv-reclaim-policy/). +For volume plugins that support the `Delete` reclaim policy, deletion removes +both the PersistentVolume object from Kubernetes, as well as the associated +storage asset in the external infrastructure, such as an AWS EBS, GCE PD, +Azure Disk, or Cinder volume. Volumes that were dynamically provisioned +inherit the [reclaim policy of their StorageClass](#reclaim-policy), which +defaults to `Delete`. The administrator should configure the StorageClass +according to users' expectations; otherwise, the PV must be edited or +patched after it is created. See +[Change the Reclaim Policy of a PersistentVolume](/docs/tasks/administer-cluster/change-pv-reclaim-policy/). #### Recycle {{< warning >}} -The `Recycle` reclaim policy is deprecated. Instead, the recommended approach is to use dynamic provisioning. +The `Recycle` reclaim policy is deprecated. Instead, the recommended approach +is to use dynamic provisioning. {{< /warning >}} -If supported by the underlying volume plugin, the `Recycle` reclaim policy performs a basic scrub (`rm -rf /thevolume/*`) on the volume and makes it available again for a new claim. +If supported by the underlying volume plugin, the `Recycle` reclaim policy performs +a basic scrub (`rm -rf /thevolume/*`) on the volume and makes it available again for a new claim. However, an administrator can configure a custom recycler Pod template using the Kubernetes controller manager command line arguments as described in the @@ -173,7 +241,8 @@ spec: mountPath: /scrub ``` -However, the particular path specified in the custom recycler Pod template in the `volumes` part is replaced with the particular path of the volume that is being recycled. +However, the particular path specified in the custom recycler Pod template in the +`volumes` part is replaced with the particular path of the volume that is being recycled. ### PersistentVolume deletion protection finalizer {{< feature-state for_k8s_version="v1.23" state="alpha" >}} @@ -181,10 +250,12 @@ However, the particular path specified in the custom recycler Pod template in th Finalizers can be added on a PersistentVolume to ensure that PersistentVolumes having `Delete` reclaim policy are deleted only after the backing storage are deleted. -The newly introduced finalizers `kubernetes.io/pv-controller` and `external-provisioner.volume.kubernetes.io/finalizer` +The newly introduced finalizers `kubernetes.io/pv-controller` and +`external-provisioner.volume.kubernetes.io/finalizer` are only added to dynamically provisioned volumes. -The finalizer `kubernetes.io/pv-controller` is added to in-tree plugin volumes. The following is an example +The finalizer `kubernetes.io/pv-controller` is added to in-tree plugin volumes. +The following is an example ```shell kubectl describe pv pvc-74a498d6-3929-47e8-8c02-078c1ece4d78 @@ -213,6 +284,7 @@ Events: The finalizer `external-provisioner.volume.kubernetes.io/finalizer` is added for CSI volumes. The following is an example: + ```shell Name: pvc-2f0bab97-85a8-4552-8044-eb8be45cf48d Labels: @@ -244,14 +316,17 @@ the `kubernetes.io/pv-controller` finalizer is replaced by the ### Reserving a PersistentVolume -The control plane can [bind PersistentVolumeClaims to matching PersistentVolumes](#binding) in the -cluster. However, if you want a PVC to bind to a specific PV, you need to pre-bind them. +The control plane can [bind PersistentVolumeClaims to matching PersistentVolumes](#binding) +in the cluster. However, if you want a PVC to bind to a specific PV, you need to pre-bind them. -By specifying a PersistentVolume in a PersistentVolumeClaim, you declare a binding between that specific PV and PVC. -If the PersistentVolume exists and has not reserved PersistentVolumeClaims through its `claimRef` field, then the PersistentVolume and PersistentVolumeClaim will be bound. +By specifying a PersistentVolume in a PersistentVolumeClaim, you declare a binding +between that specific PV and PVC. If the PersistentVolume exists and has not reserved +PersistentVolumeClaims through its `claimRef` field, then the PersistentVolume and +PersistentVolumeClaim will be bound. The binding happens regardless of some volume matching criteria, including node affinity. -The control plane still checks that [storage class](/docs/concepts/storage/storage-classes/), access modes, and requested storage size are valid. +The control plane still checks that [storage class](/docs/concepts/storage/storage-classes/), +access modes, and requested storage size are valid. ```yaml apiVersion: v1 @@ -265,7 +340,10 @@ spec: ... ``` -This method does not guarantee any binding privileges to the PersistentVolume. If other PersistentVolumeClaims could use the PV that you specify, you first need to reserve that storage volume. Specify the relevant PersistentVolumeClaim in the `claimRef` field of the PV so that other PVCs can not bind to it. +This method does not guarantee any binding privileges to the PersistentVolume. +If other PersistentVolumeClaims could use the PV that you specify, you first +need to reserve that storage volume. Specify the relevant PersistentVolumeClaim +in the `claimRef` field of the PV so that other PVCs can not bind to it. ```yaml apiVersion: v1 @@ -334,8 +412,9 @@ increased and that no resize is necessary. {{< feature-state for_k8s_version="v1.24" state="stable" >}} -Support for expanding CSI volumes is enabled by default but it also requires a specific CSI driver to support volume expansion. Refer to documentation of the specific CSI driver for more information. - +Support for expanding CSI volumes is enabled by default but it also requires a +specific CSI driver to support volume expansion. Refer to documentation of the +specific CSI driver for more information. #### Resizing a volume containing a file system @@ -364,22 +443,33 @@ FlexVolume resize is possible only when the underlying driver supports resize. {{< /note >}} {{< note >}} -Expanding EBS volumes is a time-consuming operation. Also, there is a per-volume quota of one modification every 6 hours. +Expanding EBS volumes is a time-consuming operation. +Also, there is a per-volume quota of one modification every 6 hours. {{< /note >}} #### Recovering from Failure when Expanding Volumes -If a user specifies a new size that is too big to be satisfied by underlying storage system, expansion of PVC will be continuously retried until user or cluster administrator takes some action. This can be undesirable and hence Kubernetes provides following methods of recovering from such failures. +If a user specifies a new size that is too big to be satisfied by underlying +storage system, expansion of PVC will be continuously retried until user or +cluster administrator takes some action. This can be undesirable and hence +Kubernetes provides following methods of recovering from such failures. {{< tabs name="recovery_methods" >}} {{% tab name="Manually with Cluster Administrator access" %}} -If expanding underlying storage fails, the cluster administrator can manually recover the Persistent Volume Claim (PVC) state and cancel the resize requests. Otherwise, the resize requests are continuously retried by the controller without administrator intervention. - -1. Mark the PersistentVolume(PV) that is bound to the PersistentVolumeClaim(PVC) with `Retain` reclaim policy. -2. Delete the PVC. Since PV has `Retain` reclaim policy - we will not lose any data when we recreate the PVC. -3. Delete the `claimRef` entry from PV specs, so as new PVC can bind to it. This should make the PV `Available`. -4. Re-create the PVC with smaller size than PV and set `volumeName` field of the PVC to the name of the PV. This should bind new PVC to existing PV. +If expanding underlying storage fails, the cluster administrator can manually +recover the Persistent Volume Claim (PVC) state and cancel the resize requests. +Otherwise, the resize requests are continuously retried by the controller without +administrator intervention. + +1. Mark the PersistentVolume(PV) that is bound to the PersistentVolumeClaim(PVC) + with `Retain` reclaim policy. +2. Delete the PVC. Since PV has `Retain` reclaim policy - we will not lose any data + when we recreate the PVC. +3. Delete the `claimRef` entry from PV specs, so as new PVC can bind to it. + This should make the PV `Available`. +4. Re-create the PVC with smaller size than PV and set `volumeName` field of the + PVC to the name of the PV. This should bind new PVC to existing PV. 5. Don't forget to restore the reclaim policy of the PV. {{% /tab %}} @@ -387,7 +477,11 @@ If expanding underlying storage fails, the cluster administrator can manually re {{% feature-state for_k8s_version="v1.23" state="alpha" %}} {{< note >}} -Recovery from failing PVC expansion by users is available as an alpha feature since Kubernetes 1.23. The `RecoverVolumeExpansionFailure` feature must be enabled for this feature to work. Refer to the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) documentation for more information. +Recovery from failing PVC expansion by users is available as an alpha feature +since Kubernetes 1.23. The `RecoverVolumeExpansionFailure` feature must be +enabled for this feature to work. Refer to the +[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) +documentation for more information. {{< /note >}} If the feature gates `RecoverVolumeExpansionFailure` is @@ -397,7 +491,8 @@ smaller proposed size, edit `.spec.resources` for that PVC and choose a value th value you previously tried. This is useful if expansion to a higher value did not succeed because of capacity constraint. If that has happened, or you suspect that it might have, you can retry expansion by specifying a -size that is within the capacity limits of underlying storage provider. You can monitor status of resize operation by watching `.status.resizeStatus` and events on the PVC. +size that is within the capacity limits of underlying storage provider. You can monitor status of +resize operation by watching `.status.resizeStatus` and events on the PVC. Note that, although you can specify a lower amount of storage than what was requested previously, @@ -406,7 +501,6 @@ Kubernetes does not support shrinking a PVC to less than its current size. {{% /tab %}} {{% /tabs %}} - ## Types of Persistent Volumes PersistentVolume types are implemented as plugins. Kubernetes currently supports the following plugins: @@ -423,7 +517,8 @@ PersistentVolume types are implemented as plugins. Kubernetes currently supports * [`nfs`](/docs/concepts/storage/volumes/#nfs) - Network File System (NFS) storage * [`rbd`](/docs/concepts/storage/volumes/#rbd) - Rados Block Device (RBD) volume -The following types of PersistentVolume are deprecated. This means that support is still available but will be removed in a future Kubernetes release. +The following types of PersistentVolume are deprecated. +This means that support is still available but will be removed in a future Kubernetes release. * [`awsElasticBlockStore`](/docs/concepts/storage/volumes/#awselasticblockstore) - AWS Elastic Block Store (EBS) (**deprecated** in v1.17) @@ -483,14 +578,21 @@ spec: ``` {{< note >}} -Helper programs relating to the volume type may be required for consumption of a PersistentVolume within a cluster. In this example, the PersistentVolume is of type NFS and the helper program /sbin/mount.nfs is required to support the mounting of NFS filesystems. +Helper programs relating to the volume type may be required for consumption of +a PersistentVolume within a cluster. In this example, the PersistentVolume is +of type NFS and the helper program /sbin/mount.nfs is required to support the +mounting of NFS filesystems. {{< /note >}} ### Capacity -Generally, a PV will have a specific storage capacity. This is set using the PV's `capacity` attribute. Read the glossary term [Quantity](/docs/reference/glossary/?all=true#term-quantity) to understand the units expected by `capacity`. +Generally, a PV will have a specific storage capacity. This is set using the PV's +`capacity` attribute. Read the glossary term +[Quantity](/docs/reference/glossary/?all=true#term-quantity) to understand the units +expected by `capacity`. -Currently, storage size is the only resource that can be set or requested. Future attributes may include IOPS, throughput, etc. +Currently, storage size is the only resource that can be set or requested. +Future attributes may include IOPS, throughput, etc. ### Volume Mode @@ -515,12 +617,18 @@ for an example on how to use a volume with `volumeMode: Block` in a Pod. ### Access Modes -A PersistentVolume can be mounted on a host in any way supported by the resource provider. As shown in the table below, providers will have different capabilities and each PV's access modes are set to the specific modes supported by that particular volume. For example, NFS can support multiple read/write clients, but a specific NFS PV might be exported on the server as read-only. Each PV gets its own set of access modes describing that specific PV's capabilities. +A PersistentVolume can be mounted on a host in any way supported by the resource +provider. As shown in the table below, providers will have different capabilities +and each PV's access modes are set to the specific modes supported by that particular +volume. For example, NFS can support multiple read/write clients, but a specific +NFS PV might be exported on the server as read-only. Each PV gets its own set of +access modes describing that specific PV's capabilities. The access modes are: -`ReadWriteOnce` -: the volume can be mounted as read-write by a single node. ReadWriteOnce access mode still can allow multiple pods to access the volume when the pods are running on the same node. +`ReadWriteOnce` +: the volume can be mounted as read-write by a single node. ReadWriteOnce access + mode still can allow multiple pods to access the volume when the pods are running on the same node. `ReadOnlyMany` : the volume can be mounted as read-only by many nodes. @@ -529,12 +637,14 @@ The access modes are: : the volume can be mounted as read-write by many nodes. `ReadWriteOncePod` -: the volume can be mounted as read-write by a single Pod. Use ReadWriteOncePod access mode if you want to ensure that only one pod across whole cluster can read that PVC or write to it. This is only supported for CSI volumes and Kubernetes version 1.22+. +: the volume can be mounted as read-write by a single Pod. Use ReadWriteOncePod + access mode if you want to ensure that only one pod across whole cluster can + read that PVC or write to it. This is only supported for CSI volumes and + Kubernetes version 1.22+. - - -The blog article [Introducing Single Pod Access Mode for PersistentVolumes](/blog/2021/09/13/read-write-once-pod-access-mode-alpha/) covers this in more detail. - +The blog article +[Introducing Single Pod Access Mode for PersistentVolumes](/blog/2021/09/13/read-write-once-pod-access-mode-alpha/) +covers this in more detail. In the CLI, the access modes are abbreviated to: @@ -547,13 +657,15 @@ In the CLI, the access modes are abbreviated to: Kubernetes uses volume access modes to match PersistentVolumeClaims and PersistentVolumes. In some cases, the volume access modes also constrain where the PersistentVolume can be mounted. Volume access modes do **not** enforce write protection once the storage has been mounted. -Even if the access modes are specified as ReadWriteOnce, ReadOnlyMany, or ReadWriteMany, they don't set any constraints on the volume. -For example, even if a PersistentVolume is created as ReadOnlyMany, it is no guarantee that it will be read-only. -If the access modes are specified as ReadWriteOncePod, the volume is constrained and can be mounted on only a single Pod. +Even if the access modes are specified as ReadWriteOnce, ReadOnlyMany, or ReadWriteMany, +they don't set any constraints on the volume. For example, even if a PersistentVolume is +created as ReadOnlyMany, it is no guarantee that it will be read-only. If the access modes +are specified as ReadWriteOncePod, the volume is constrained and can be mounted on only a single Pod. {{< /note >}} -> __Important!__ A volume can only be mounted using one access mode at a time, even if it supports many. For example, a GCEPersistentDisk can be mounted as ReadWriteOnce by a single node or ReadOnlyMany by many nodes, but not at the same time. - +> __Important!__ A volume can only be mounted using one access mode at a time, +> even if it supports many. For example, a GCEPersistentDisk can be mounted as +> ReadWriteOnce by a single node or ReadOnlyMany by many nodes, but not at the same time. | Volume Plugin | ReadWriteOnce | ReadOnlyMany | ReadWriteMany | ReadWriteOncePod | | :--- | :---: | :---: | :---: | - | @@ -593,13 +705,16 @@ Current reclaim policies are: * Retain -- manual reclamation * Recycle -- basic scrub (`rm -rf /thevolume/*`) -* Delete -- associated storage asset such as AWS EBS, GCE PD, Azure Disk, or OpenStack Cinder volume is deleted +* Delete -- associated storage asset such as AWS EBS, GCE PD, Azure Disk, + or OpenStack Cinder volume is deleted -Currently, only NFS and HostPath support recycling. AWS EBS, GCE PD, Azure Disk, and Cinder volumes support deletion. +Currently, only NFS and HostPath support recycling. AWS EBS, GCE PD, Azure Disk, +and Cinder volumes support deletion. ### Mount Options -A Kubernetes administrator can specify additional mount options for when a Persistent Volume is mounted on a node. +A Kubernetes administrator can specify additional mount options for when a +Persistent Volume is mounted on a node. {{< note >}} Not all Persistent Volume types support mount options. @@ -627,10 +742,19 @@ it will become fully deprecated in a future Kubernetes release. ### Node Affinity {{< note >}} -For most volume types, you do not need to set this field. It is automatically populated for [AWS EBS](/docs/concepts/storage/volumes/#awselasticblockstore), [GCE PD](/docs/concepts/storage/volumes/#gcepersistentdisk) and [Azure Disk](/docs/concepts/storage/volumes/#azuredisk) volume block types. You need to explicitly set this for [local](/docs/concepts/storage/volumes/#local) volumes. +For most volume types, you do not need to set this field. It is automatically +populated for [AWS EBS](/docs/concepts/storage/volumes/#awselasticblockstore), +[GCE PD](/docs/concepts/storage/volumes/#gcepersistentdisk) and +[Azure Disk](/docs/concepts/storage/volumes/#azuredisk) volume block types. You +need to explicitly set this for [local](/docs/concepts/storage/volumes/#local) volumes. {{< /note >}} -A PV can specify node affinity to define constraints that limit what nodes this volume can be accessed from. Pods that use a PV will only be scheduled to nodes that are selected by the node affinity. To specify node affinity, set `nodeAffinity` in the `.spec` of a PV. The [PersistentVolume](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/#PersistentVolumeSpec) API reference has more details on this field. +A PV can specify node affinity to define constraints that limit what nodes this +volume can be accessed from. Pods that use a PV will only be scheduled to nodes +that are selected by the node affinity. To specify node affinity, set +`nodeAffinity` in the `.spec` of a PV. The +[PersistentVolume](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/#PersistentVolumeSpec) +API reference has more details on this field. ### Phase @@ -671,24 +795,35 @@ spec: ### Access Modes -Claims use [the same conventions as volumes](#access-modes) when requesting storage with specific access modes. +Claims use [the same conventions as volumes](#access-modes) when requesting +storage with specific access modes. ### Volume Modes -Claims use [the same convention as volumes](#volume-mode) to indicate the consumption of the volume as either a filesystem or block device. +Claims use [the same convention as volumes](#volume-mode) to indicate the +consumption of the volume as either a filesystem or block device. ### Resources -Claims, like Pods, can request specific quantities of a resource. In this case, the request is for storage. The same [resource model](https://git.k8s.io/design-proposals-archive/scheduling/resources.md) applies to both volumes and claims. +Claims, like Pods, can request specific quantities of a resource. In this case, +the request is for storage. The same +[resource model](https://git.k8s.io/design-proposals-archive/scheduling/resources.md) +applies to both volumes and claims. ### Selector -Claims can specify a [label selector](/docs/concepts/overview/working-with-objects/labels/#label-selectors) to further filter the set of volumes. Only the volumes whose labels match the selector can be bound to the claim. The selector can consist of two fields: +Claims can specify a +[label selector](/docs/concepts/overview/working-with-objects/labels/#label-selectors) +to further filter the set of volumes. Only the volumes whose labels match the selector +can be bound to the claim. The selector can consist of two fields: * `matchLabels` - the volume must have a label with this value -* `matchExpressions` - a list of requirements made by specifying key, list of values, and operator that relates the key and values. Valid operators include In, NotIn, Exists, and DoesNotExist. +* `matchExpressions` - a list of requirements made by specifying key, list of values, + and operator that relates the key and values. Valid operators include In, NotIn, + Exists, and DoesNotExist. -All of the requirements, from both `matchLabels` and `matchExpressions`, are ANDed together – they must all be satisfied in order to match. +All of the requirements, from both `matchLabels` and `matchExpressions`, are +ANDed together – they must all be satisfied in order to match. ### Class @@ -738,22 +873,38 @@ In the past, the annotation `volume.beta.kubernetes.io/storage-class` was used i of `storageClassName` attribute. This annotation is still working; however, it won't be supported in a future Kubernetes release. - #### Retroactive default StorageClass assignment {{< feature-state for_k8s_version="v1.26" state="beta" >}} -You can create a PersistentVolumeClaim without specifying a `storageClassName` for the new PVC, and you can do so even when no default StorageClass exists in your cluster. In this case, the new PVC creates as you defined it, and the `storageClassName` of that PVC remains unset until default becomes available. +You can create a PersistentVolumeClaim without specifying a `storageClassName` +for the new PVC, and you can do so even when no default StorageClass exists +in your cluster. In this case, the new PVC creates as you defined it, and the +`storageClassName` of that PVC remains unset until default becomes available. -When a default StorageClass becomes available, the control plane identifies any existing PVCs without `storageClassName`. For the PVCs that either have an empty value for `storageClassName` or do not have this key, the control plane then updates those PVCs to set `storageClassName` to match the new default StorageClass. If you have an existing PVC where the `storageClassName` is `""`, and you configure a default StorageClass, then this PVC will not get updated. +When a default StorageClass becomes available, the control plane identifies any +existing PVCs without `storageClassName`. For the PVCs that either have an empty +value for `storageClassName` or do not have this key, the control plane then +updates those PVCs to set `storageClassName` to match the new default StorageClass. +If you have an existing PVC where the `storageClassName` is `""`, and you configure +a default StorageClass, then this PVC will not get updated. -In order to keep binding to PVs with `storageClassName` set to `""` (while a default StorageClass is present), you need to set the `storageClassName` of the associated PVC to `""`. +In order to keep binding to PVs with `storageClassName` set to `""` +(while a default StorageClass is present), you need to set the `storageClassName` +of the associated PVC to `""`. -This behavior helps administrators change default StorageClass by removing the old one first and then creating or setting another one. This brief window while there is no default causes PVCs without `storageClassName` created at that time to not have any default, but due to the retroactive default StorageClass assignment this way of changing defaults is safe. +This behavior helps administrators change default StorageClass by removing the +old one first and then creating or setting another one. This brief window while +there is no default causes PVCs without `storageClassName` created at that time +to not have any default, but due to the retroactive default StorageClass +assignment this way of changing defaults is safe. ## Claims As Volumes -Pods access storage by using the claim as a volume. Claims must exist in the same namespace as the Pod using the claim. The cluster finds the claim in the Pod's namespace and uses it to get the PersistentVolume backing the claim. The volume is then mounted to the host and into the Pod. +Pods access storage by using the claim as a volume. Claims must exist in the +same namespace as the Pod using the claim. The cluster finds the claim in the +Pod's namespace and uses it to get the PersistentVolume backing the claim. +The volume is then mounted to the host and into the Pod. ```yaml apiVersion: v1 @@ -775,12 +926,15 @@ spec: ### A Note on Namespaces -PersistentVolumes binds are exclusive, and since PersistentVolumeClaims are namespaced objects, mounting claims with "Many" modes (`ROX`, `RWX`) is only possible within one namespace. +PersistentVolumes binds are exclusive, and since PersistentVolumeClaims are +namespaced objects, mounting claims with "Many" modes (`ROX`, `RWX`) is only +possible within one namespace. ### PersistentVolumes typed `hostPath` -A `hostPath` PersistentVolume uses a file or directory on the Node to emulate network-attached storage. -See [an example of `hostPath` typed volume](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume). +A `hostPath` PersistentVolume uses a file or directory on the Node to emulate +network-attached storage. See +[an example of `hostPath` typed volume](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume). ## Raw Block Volume Support @@ -819,6 +973,7 @@ spec: lun: 0 readOnly: false ``` + ### PersistentVolumeClaim requesting a Raw Block Volume {#persistent-volume-claim-requesting-a-raw-block-volume} ```yaml @@ -858,14 +1013,18 @@ spec: ``` {{< note >}} -When adding a raw block device for a Pod, you specify the device path in the container instead of a mount path. +When adding a raw block device for a Pod, you specify the device path in the +container instead of a mount path. {{< /note >}} ### Binding Block Volumes -If a user requests a raw block volume by indicating this using the `volumeMode` field in the PersistentVolumeClaim spec, the binding rules differ slightly from previous releases that didn't consider this mode as part of the spec. -Listed is a table of possible combinations the user and admin might specify for requesting a raw block device. The table indicates if the volume will be bound or not given the combinations: -Volume binding matrix for statically provisioned volumes: +If a user requests a raw block volume by indicating this using the `volumeMode` +field in the PersistentVolumeClaim spec, the binding rules differ slightly from +previous releases that didn't consider this mode as part of the spec. +Listed is a table of possible combinations the user and admin might specify for +requesting a raw block device. The table indicates if the volume will be bound or +not given the combinations: Volume binding matrix for statically provisioned volumes: | PV volumeMode | PVC volumeMode | Result | | --------------|:---------------:| ----------------:| @@ -880,15 +1039,19 @@ Volume binding matrix for statically provisioned volumes: | Filesystem | unspecified | BIND | {{< note >}} -Only statically provisioned volumes are supported for alpha release. Administrators should take care to consider these values when working with raw block devices. +Only statically provisioned volumes are supported for alpha release. Administrators +should take care to consider these values when working with raw block devices. {{< /note >}} ## Volume Snapshot and Restore Volume from Snapshot Support {{< feature-state for_k8s_version="v1.20" state="stable" >}} -Volume snapshots only support the out-of-tree CSI volume plugins. For details, see [Volume Snapshots](/docs/concepts/storage/volume-snapshots/). -In-tree volume plugins are deprecated. You can read about the deprecated volume plugins in the [Volume Plugin FAQ](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md). +Volume snapshots only support the out-of-tree CSI volume plugins. +For details, see [Volume Snapshots](/docs/concepts/storage/volume-snapshots/). +In-tree volume plugins are deprecated. You can read about the deprecated volume +plugins in the +[Volume Plugin FAQ](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md). ### Create a PersistentVolumeClaim from a Volume Snapshot {#create-persistent-volume-claim-from-volume-snapshot} @@ -912,7 +1075,8 @@ spec: ## Volume Cloning -[Volume Cloning](/docs/concepts/storage/volume-pvc-datasource/) only available for CSI volume plugins. +[Volume Cloning](/docs/concepts/storage/volume-pvc-datasource/) +only available for CSI volume plugins. ### Create PersistentVolumeClaim from an existing PVC {#create-persistent-volume-claim-from-an-existing-pvc} @@ -949,20 +1113,25 @@ same namespace, except for core objects other than PVCs. For clusters that have gate enabled, use of the `dataSourceRef` is preferred over `dataSource`. ## Cross namespace data sources + {{< feature-state for_k8s_version="v1.26" state="alpha" >}} Kubernetes supports cross namespace volume data sources. -To use cross namespace volume data sources, you must enable the `AnyVolumeDataSource` and `CrossNamespaceVolumeDataSource` +To use cross namespace volume data sources, you must enable the `AnyVolumeDataSource` +and `CrossNamespaceVolumeDataSource` [feature gates](/docs/reference/command-line-tools-reference/feature-gates/) for the kube-apiserver, kube-controller-manager. Also, you must enable the `CrossNamespaceVolumeDataSource` feature gate for the csi-provisioner. -Enabling the `CrossNamespaceVolumeDataSource` feature gate allow you to specify a namespace in the dataSourceRef field. +Enabling the `CrossNamespaceVolumeDataSource` feature gate allow you to specify +a namespace in the dataSourceRef field. + {{< note >}} When you specify a namespace for a volume data source, Kubernetes checks for a ReferenceGrant in the other namespace before accepting the reference. ReferenceGrant is part of the `gateway.networking.k8s.io` extension APIs. -See [ReferenceGrant](https://gateway-api.sigs.k8s.io/api-types/referencegrant/) in the Gateway API documentation for details. +See [ReferenceGrant](https://gateway-api.sigs.k8s.io/api-types/referencegrant/) +in the Gateway API documentation for details. This means that you must extend your Kubernetes cluster with at least ReferenceGrant from the Gateway API before you can use this mechanism. {{< /note >}} @@ -986,7 +1155,8 @@ users should be aware of: When the `CrossNamespaceVolumeDataSource` feature is enabled, there are additional differences: -* The `dataSource` field only allows local objects, while the `dataSourceRef` field allows objects in any namespaces. +* The `dataSource` field only allows local objects, while the `dataSourceRef` field allows + objects in any namespaces. * When namespace is specified, `dataSource` and `dataSourceRef` are not synced. Users should always use `dataSourceRef` on clusters that have the feature gate enabled, and @@ -1030,10 +1200,13 @@ responsibility of that populator controller to report Events that relate to volu the process. ### Using a cross-namespace volume data source + {{< feature-state for_k8s_version="v1.26" state="alpha" >}} Create a ReferenceGrant to allow the namespace owner to accept the reference. -You define a populated volume by specifying a cross namespace volume data source using the `dataSourceRef` field. You must already have a valid ReferenceGrant in the source namespace: +You define a populated volume by specifying a cross namespace volume data source +using the `dataSourceRef` field. You must already have a valid ReferenceGrant +in the source namespace: ```yaml apiVersion: gateway.networking.k8s.io/v1beta1 From e14d2871c3369d326532926509a96a95214c8e4e Mon Sep 17 00:00:00 2001 From: Toshiaki Inukai Date: Thu, 16 Feb 2023 02:05:09 +0000 Subject: [PATCH 082/537] [ja] Set heading IDs in daemonset.md and assign-pods-nodes.md --- .../workloads/controllers/daemonset.md | 32 +++++++++---------- .../assign-pods-nodes.md | 8 ++--- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 42647228e6180..32e62fb74b6c9 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -22,9 +22,9 @@ DaemonSetのいくつかの典型的な使用例は以下の通りです。 -## DaemonSet Specの記述 +## DaemonSet Specの記述 {#writing-a-daemonset-spec} -### DaemonSetの作成 +### DaemonSetの作成 {#create-a-daemonset} ユーザーはYAMLファイル内でDaemonSetの設定を記述することができます。例えば、下記の`daemonset.yaml`ファイルでは`fluentd-elasticsearch`というDockerイメージを稼働させるDaemonSetの設定を記述します。 @@ -36,7 +36,7 @@ YAMLファイルに基づいてDaemonSetを作成します。 kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml ``` -### 必須のフィールド +### 必須のフィールド {#required-fields} 他の全てのKubernetesの設定と同様に、DaemonSetは`apiVersion`、`kind`と`metadata`フィールドが必須となります。設定ファイルの活用法に関する一般的な情報は、[ステートレスアプリケーションの稼働](/ja/docs/tasks/run-application/run-stateless-application-deployment/)、[コンテナの設定](/ja/docs/tasks/)、[kubectlを用いたオブジェクトの管理](/ja/docs/concepts/overview/working-with-objects/object-management/)といったドキュメントを参照ください。 @@ -45,7 +45,7 @@ DaemonSetオブジェクトの名前は、有効な また、DaemonSetにおいて[`.spec`](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)セクションも必須となります。 -### Podテンプレート +### Podテンプレート {#pod-template} `.spec.template`は`.spec`内での必須のフィールドの1つです。 @@ -55,7 +55,7 @@ Podに対する必須のフィールドに加えて、DaemonSet内のPodテン DaemonSet内のPodテンプレートでは、[`RestartPolicy`](/ja/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy)フィールドを指定せずにデフォルトの`Always`を使用するか、明示的に`Always`を設定するかのどちらかである必要があります。 -### Podセレクター +### Podセレクター {#pod-selector} `.spec.selector`フィールドはPodセレクターとなります。これは[Job](/docs/concepts/workloads/controllers/job/)の`.spec.selector`と同じものです。 @@ -70,14 +70,14 @@ Kubernetes1.8のように、ユーザーは`.spec.template`のラベルにマッ もし`spec.selector`が指定されたとき、`.spec.template.metadata.labels`とマッチしなければなりません。この2つの値がマッチしない設定をした場合、APIによってリジェクトされます。 -### 選択したNode上でPodを稼働させる +### 選択したNode上でPodを稼働させる {#running-pods-on-select-nodes} もしユーザーが`.spec.template.spec.nodeSelector`を指定したとき、DaemonSetコントローラーは、その[node selector](/ja/docs/concepts/scheduling-eviction/assign-pod-node/)にマッチするNode上にPodを作成します。同様に、もし`.spec.template.spec.affinity`を指定したとき、DaemonSetコントローラーは[node affinity](/ja/docs/concepts/scheduling-eviction/assign-pod-node/)にマッチするNode上にPodを作成します。 もしユーザーがどちらも指定しないとき、DaemonSetコントローラーは全てのNode上にPodを作成します。 -## Daemon Podがどのようにスケジューリングされるか +## Daemon Podがどのようにスケジューリングされるか {#how-daemon-pods-are-scheduled} -### デフォルトスケジューラーによってスケジューリングされる場合 +### デフォルトスケジューラーによってスケジューリングされる場合 {#scheduled-by-default-scheduler} {{< feature-state for_k8s_version="1.17" state="stable" >}} @@ -102,7 +102,7 @@ nodeAffinity: さらに、`node.kubernetes.io/unschedulable:NoSchedule`というtolarationがDaemonSetのPodに自動的に追加されます。デフォルトスケジューラーは、DaemonSetのPodのスケジューリングのときに、`unschedulable`なNodeを無視します。 -### TaintsとTolerations +### TaintsとTolerations {#taints-and-tolerations} DaemonSetのPodは[TaintsとTolerations](/ja/docs/concepts/scheduling-eviction/taint-and-toleration/)の設定を尊重します。下記のTolerationsは、関連する機能によって自動的にDaemonSetのPodに追加されます。 @@ -115,7 +115,7 @@ DaemonSetのPodは[TaintsとTolerations](/ja/docs/concepts/scheduling-eviction/t | `node.kubernetes.io/unschedulable` | NoSchedule | 1.12+ | DaemonSetのPodはデフォルトスケジューラーによってスケジュール不可能な属性を許容(tolerate)します。 | | `node.kubernetes.io/network-unavailable` | NoSchedule | 1.12+ | ホストネットワークを使うDaemonSetのPodはデフォルトスケジューラーによってネットワーク利用不可能な属性を許容(tolerate)します。 | -## Daemon Podとのコミュニケーション +## Daemon Podとのコミュニケーション {#communicating-with-daemon-pods} DaemonSet内のPodとのコミュニケーションをする際に考えられるパターンは以下の通りです。: @@ -124,7 +124,7 @@ DaemonSet内のPodとのコミュニケーションをする際に考えられ - **DNS**: 同じPodセレクターを持つ[HeadlessService](/ja/docs/concepts/services-networking/service/#headless-service)を作成し、`endpoints`リソースを使ってDaemonSetを探すか、DNSから複数のAレコードを取得します。 - **Service**: 同じPodセレクターを持つServiceを作成し、複数のうちのいずれかのNode上のDaemonに疎通させるためにそのServiceを使います。 -## DaemonSetの更新 +## DaemonSetの更新 {#updating-a-daemonset} もしNodeラベルが変更されたとき、そのDaemonSetは直ちに新しくマッチしたNodeにPodを追加し、マッチしなくなったNodeからPodを削除します。 @@ -134,9 +134,9 @@ DaemonSet内のPodとのコミュニケーションをする際に考えられ ユーザーはDaemonSet上で[ローリングアップデートの実施](/docs/tasks/manage-daemon/update-daemon-set/)が可能です。 -## DaemonSetの代替案 +## DaemonSetの代替案 {#alternatives-to-daemonset} -### Initスクリプト +### Initスクリプト {#init-scripts} Node上で直接起動することにより(例: `init`、`upstartd`、`systemd`を使用する)、デーモンプロセスを稼働することが可能です。この方法は非常に良いですが、このようなプロセスをDaemonSetを介して起動することはいくつかの利点があります。 @@ -144,15 +144,15 @@ Node上で直接起動することにより(例: `init`、`upstartd`、`systemd` - デーモンとアプリケーションで同じ設定用の言語とツール(例: Podテンプレート、`kubectl`)を使える。 - リソースリミットを使ったコンテナ内でデーモンを稼働させることにより、デーモンとアプリケーションコンテナの分離を促進します。しかし、これはPod内でなく、コンテナ内でデーモンを稼働させることにより可能です(Dockerを介して直接起動する)。 -### ベアPod +### ベアPod {#bare-pods} 特定のNode上で稼働するように指定したPodを直接作成することは可能です。しかし、DaemonSetはNodeの故障やNodeの破壊的なメンテナンスやカーネルのアップグレードなど、どのような理由に限らず、削除されたもしくは停止されたPodを置き換えます。このような理由で、ユーザーはPod単体を作成するよりもむしろDaemonSetを使うべきです。 -### 静的Pod Pods +### 静的Pod Pods {#static-pods} Kubeletによって監視されているディレクトリに対してファイルを書き込むことによって、Podを作成することが可能です。これは[静的Pod](/ja/docs/tasks/configure-pod-container/static-pod/)と呼ばれます。DaemonSetと違い、静的Podはkubectlや他のKubernetes APIクライアントで管理できません。静的PodはApiServerに依存しておらず、クラスターの自立起動時に最適です。また、静的Podは将来的には廃止される予定です。 -### Deployment +### Deployment {#deployments} DaemonSetは、Podの作成し、そのPodが停止されることのないプロセスを持つことにおいて[Deployment](/ja/docs/concepts/workloads/controllers/deployment/)と同様です(例: webサーバー、ストレージサーバー)。 diff --git a/content/ja/docs/tasks/configure-pod-container/assign-pods-nodes.md b/content/ja/docs/tasks/configure-pod-container/assign-pods-nodes.md index e2e4e1d647ca4..4e09dbaf9325a 100644 --- a/content/ja/docs/tasks/configure-pod-container/assign-pods-nodes.md +++ b/content/ja/docs/tasks/configure-pod-container/assign-pods-nodes.md @@ -7,13 +7,13 @@ weight: 120 このページでは、KubernetesのPodをKubernetesクラスター上の特定のノードに割り当てる方法を説明します。 -## {{% heading "prerequisites" %}} +## {{% heading "prerequisites" %}} {#before-you-begin} {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} -## ラベルをノードに追加する +## ラベルをノードに追加する {#add-a-label-to-a-node} 1. クラスター内の{{< glossary_tooltip term_id="node" text="ノード" >}}のリストをラベル付きで表示します。 @@ -54,7 +54,7 @@ weight: 120 上の出力を見ると、`worker0`に`disktype=ssd`というラベルがあることがわかります。 -## 選択したノードにスケジューリングされるPodを作成する +## 選択したノードにスケジューリングされるPodを作成する {#create-a-pod-that-gets-scheduled-to-your-chosen-node} 以下のPodの構成ファイルには、nodeSelectorに`disktype: ssd`を持つPodが書かれています。これにより、Podは`disktype: ssd`というラベルを持っているノードにスケジューリングされるようになります。 @@ -79,7 +79,7 @@ weight: 120 nginx 1/1 Running 0 13s 10.200.0.4 worker0 ``` -## 特定のノードにスケジューリングされるPodを作成する +## 特定のノードにスケジューリングされるPodを作成する {#create-a-pod-that-gets-scheduled-to-specific-node} `nodeName`という設定を使用して、Podを特定のノードにスケジューリングすることもできます。 From e2a33136c2b31546205dd3a992936276e7ebbb96 Mon Sep 17 00:00:00 2001 From: Sajiyah Salat <109643863+Sajiyah-Salat@users.noreply.github.com> Date: Thu, 16 Feb 2023 08:10:47 +0530 Subject: [PATCH 083/537] Update names.md --- content/en/docs/concepts/overview/working-with-objects/names.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/docs/concepts/overview/working-with-objects/names.md b/content/en/docs/concepts/overview/working-with-objects/names.md index 22b0403dad1c6..b9294a14dc4b8 100644 --- a/content/en/docs/concepts/overview/working-with-objects/names.md +++ b/content/en/docs/concepts/overview/working-with-objects/names.md @@ -24,6 +24,8 @@ For non-unique user-provided attributes, Kubernetes provides [labels](/docs/conc {{< glossary_definition term_id="name" length="all" >}} +**Names are unique across [API versions](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning) of the resource. API resources are distinguished by their API group, resource type, namespace (for namespaced resources), and name. In other words, API version is irrelevant in this context.** + {{< note >}} In cases when objects represent a physical entity, like a Node representing a physical host, when the host is re-created under the same name without deleting and re-creating the Node, Kubernetes treats the new host as the old one, which may lead to inconsistencies. {{< /note >}} From 721b220745cc1b20b73e4106bc29c684b17ed659 Mon Sep 17 00:00:00 2001 From: Jian Wen Date: Thu, 16 Feb 2023 10:51:44 +0800 Subject: [PATCH 084/537] Update cgroups.md Add an example of uber-go/automaxprocs which is used by lots of applications to avoid CPU throttling. Related to https://github.com/uber-go/automaxprocs/issues/49 --- content/en/docs/concepts/architecture/cgroups.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/concepts/architecture/cgroups.md b/content/en/docs/concepts/architecture/cgroups.md index 377c073b42b36..86627a65d185d 100644 --- a/content/en/docs/concepts/architecture/cgroups.md +++ b/content/en/docs/concepts/architecture/cgroups.md @@ -103,6 +103,7 @@ updated to newer versions that support cgroup v2. For example: * If you run [cAdvisor](https://github.com/google/cadvisor) as a stand-alone DaemonSet for monitoring pods and containers, update it to v0.43.0 or later. * If you use JDK, prefer to use JDK 11.0.16 and later or JDK 15 and later, which [fully support cgroup v2](https://bugs.openjdk.org/browse/JDK-8230305). +* If you use uber-go/automaxprocs, update it to v1.5.1 or later. ## Identify the cgroup version on Linux Nodes {#check-cgroup-version} From aa686a8d3a36fe6fe01c8f58dc9708db0f45fb99 Mon Sep 17 00:00:00 2001 From: Sajiyah Salat <109643863+Sajiyah-Salat@users.noreply.github.com> Date: Thu, 16 Feb 2023 13:01:19 +0530 Subject: [PATCH 085/537] Update content/en/docs/concepts/overview/working-with-objects/names.md Co-authored-by: Qiming Teng --- .../en/docs/concepts/overview/working-with-objects/names.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/en/docs/concepts/overview/working-with-objects/names.md b/content/en/docs/concepts/overview/working-with-objects/names.md index b9294a14dc4b8..0b499386374d1 100644 --- a/content/en/docs/concepts/overview/working-with-objects/names.md +++ b/content/en/docs/concepts/overview/working-with-objects/names.md @@ -24,7 +24,9 @@ For non-unique user-provided attributes, Kubernetes provides [labels](/docs/conc {{< glossary_definition term_id="name" length="all" >}} -**Names are unique across [API versions](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning) of the resource. API resources are distinguished by their API group, resource type, namespace (for namespaced resources), and name. In other words, API version is irrelevant in this context.** +**Names must be unique across all [API versions](/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning) +of the same resource. API resources are distinguished by their API group, resource type, namespace +(for namespaced resources), and name. In other words, API version is irrelevant in this context.** {{< note >}} In cases when objects represent a physical entity, like a Node representing a physical host, when the host is re-created under the same name without deleting and re-creating the Node, Kubernetes treats the new host as the old one, which may lead to inconsistencies. From b9b8af1bdebd50f2cae8080298de7468fd74f264 Mon Sep 17 00:00:00 2001 From: Kirill Kononovich <41591254+kirkonru@users.noreply.github.com> Date: Wed, 6 Jul 2022 20:21:10 +0300 Subject: [PATCH 086/537] [ru] Add and translate logging.md Update content/ru/docs/concepts/cluster-administration/logging.md Co-authored-by: Dmitry Shurupov Update content/ru/docs/concepts/cluster-administration/logging.md Co-authored-by: Dmitry Shurupov Update content/ru/docs/concepts/cluster-administration/logging.md Co-authored-by: Dmitry Shurupov Update content/ru/docs/concepts/cluster-administration/logging.md Co-authored-by: Dmitry Shurupov Update content/ru/docs/concepts/cluster-administration/logging.md Co-authored-by: Dmitry Shurupov Update content/ru/docs/concepts/cluster-administration/logging.md Co-authored-by: Dmitry Shurupov Update content/ru/docs/concepts/cluster-administration/logging.md Co-authored-by: Dmitry Shurupov Update content/ru/docs/concepts/cluster-administration/logging.md Update content/ru/docs/concepts/cluster-administration/logging.md Add counter-pod.yaml Add two-files-counter-pod.yaml Add two-files-counter-pod.yaml Create two-files-counter-pod-streaming-sidecar.yaml Create fluentd-sidecar-config.yaml Create two-files-counter-pod-agent-sidecar.yaml --- .../cluster-administration/logging.md | 205 ++++++++++++++++++ .../admin/logging/fluentd-sidecar-config.yaml | 25 +++ .../two-files-counter-pod-agent-sidecar.yaml | 39 ++++ ...o-files-counter-pod-streaming-sidecar.yaml | 38 ++++ .../admin/logging/two-files-counter-pod.yaml | 26 +++ content/ru/examples/debug/counter-pod.yaml | 10 + 6 files changed, 343 insertions(+) create mode 100644 content/ru/docs/concepts/cluster-administration/logging.md create mode 100644 content/ru/examples/admin/logging/fluentd-sidecar-config.yaml create mode 100644 content/ru/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml create mode 100644 content/ru/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml create mode 100644 content/ru/examples/admin/logging/two-files-counter-pod.yaml create mode 100644 content/ru/examples/debug/counter-pod.yaml diff --git a/content/ru/docs/concepts/cluster-administration/logging.md b/content/ru/docs/concepts/cluster-administration/logging.md new file mode 100644 index 0000000000000..66bf34fca9126 --- /dev/null +++ b/content/ru/docs/concepts/cluster-administration/logging.md @@ -0,0 +1,205 @@ +--- +reviewers: +title: Архитектура для сбора логов +content_type: concept +weight: 60 +--- + + + +Логи помогают понять, что происходит внутри приложения. Они особенно полезны для отладки проблем и мониторинга деятельности кластера. У большинства современных приложений имеется тот или иной механизм сбора логов. Контейнерные движки в этом смысле не исключение. Самый простой и наиболее распространенный метод сбора логов для контейнерных приложений задействует потоки `stdout` и `stderr`. + +Однако встроенной функциональности контейнерного движка или среды исполнения обычно недостаточно для организации полноценного решения по сбору логов. + +Например, может возникнуть необходимость просмотреть логи приложения при аварийном завершении работы Pod'а, его вытеснении (eviction) или "падении" узла. + +В кластере у логов должно быть отдельное хранилище и жизненный цикл, не зависящий от узлов, Pod'ов или контейнеров. Эта концепция называется _сбор логов на уровне кластера_. + + + +Архитектуры для сбора логов на уровне кластера требуют отдельного бэкенда для их хранения, анализа и выполнения запросов. Kubernetes не имеет собственного решения для хранения такого типа данных. Вместо этого существует множество продуктов для сбора логов, которые прекрасно с ним интегрируются. В последующих разделах описано, как обрабатывать логи и хранить их на узлах. + +## Основы сбора логов в Kubernetes + +В примере ниже используется спецификация `Pod` с контейнером для отправки текста в стандартный поток вывода раз в секунду. + +{{< codenew file="debug/counter-pod.yaml" >}} + +Запустить его можно с помощью следующей команды: + +```shell +kubectl apply -f https://k8s.io/examples/debug/counter-pod.yaml +``` + +Результат будет таким: + +```console +pod/counter created +``` + +Получить логи можно с помощью команды `kubectl logs`, как показано ниже: + +```shell +kubectl logs counter +``` + +Результат будет таким: + +```console +0: Mon Jan 1 00:00:00 UTC 2001 +1: Mon Jan 1 00:00:01 UTC 2001 +2: Mon Jan 1 00:00:02 UTC 2001 +... +``` + +Команда `kubectl logs --previous` позволяет извлечь логи из предыдущего воплощения контейнера. Если в Pod'е несколько контейнеров, выбрать нужный для извлечения логов можно с помощью флага `-c`: + +```console +kubectl logs counter -c count +``` + +Для получения дополнительной информации см. [документацию по `kubectl logs`](/docs/reference/generated/kubectl/kubectl-commands#logs). + +## Сбор логов на уровне узла + +![Сбор логов на уровне узла](/images/docs/user-guide/logging/logging-node-level.png) + +Среда исполнения для контейнера обрабатывает и перенаправляет любой вывод в потоки `stdout` и `stderr` приложения. Docker Engine, например, перенаправляет эти потоки [драйверу журналирования](https://docs.docker.com/engine/admin/logging/overview), который в Kubernetes настроен на запись в файл в формате JSON. + +{{< note >}} +JSON-драйвер Docker для сбора логов рассматривает каждую строку как отдельное сообщение. В данном случае поддержка многострочных сообщений отсутствует. Обработка многострочных сообщений должна выполняться на уровне лог-агента или выше. +{{< /note >}} + +По умолчанию, если контейнер перезапускается, kubelet сохраняет один завершенный контейнер с его логами. Если Pod вытесняется с узла, все соответствующие контейнеры также вытесняются вместе с их логами. + +Важным моментом при сборе логов на уровне узла является их ротация, чтобы логи не занимали все доступное место на узле. Kubernetes не отвечает за ротацию логов, но способен развернуть инструмент для решения этой проблемы. Например, в кластерах Kubernetes, развертываемых с помощью скрипта `kube-up.sh`, имеется инструмент [`logrotate`](https://linux.die.net/man/8/logrotate), настроенный на ежечасный запуск. Также можно настроить среду исполнения контейнера на автоматическую ротацию логов приложения. + +Подробную информацию о том, как `kube-up.sh` настраивает логирование для образа COS на GCP, можно найти в соответствующем скрипте [`configure-helper`](https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh). + +При использовании **среды исполнения контейнера CRI** kubelet отвечает за ротацию логов и управление структурой их директории. kubelet передает данные среде исполнения контейнера CRI, а та сохраняет логи контейнера в указанное место. С помощью параметров [`containerLogMaxSize` и `containerLogMaxFiles`](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration) в [конфигурационном файле kubelet'а](/docs/tasks/administer-cluster/kubelet-config-file/) можно настроить максимальный размер каждого лог-файла и максимальное число таких файлов для каждого контейнера соответственно. + +При выполнении команды [`kubectl logs`](/docs/reference/generated/kubectl/kubectl-commands#logs) (как в примере из раздела про основы сбора логов) kubelet на узле обрабатывает запрос и считывает данные непосредственно из файла журнала. Затем он возвращает его содержимое. + +{{< note >}} +Если ротацию выполнила внешняя система или используется среда исполнения контейнера CRI, команде `kubectl logs` будет доступно содержимое только последнего лог-файла. Например, имеется файл размером 10 МБ, `logrotate` выполняет ротацию, и получается два файла: первый размером 10 МБ, второй - пустой. В этом случае `kubectl logs` вернет второй лог-файл (пустой). +{{< /note >}} + +### Логи системных компонентов + +Существует два типа системных компонентов: те, которые работают в контейнере, и те, которые работают за пределами контейнера. Например: + +* планировщик Kubernetes и kube-proxy выполняются в контейнере; +* kubelet и среда исполнения контейнера работают за пределами контейнера. + +На машинах с systemd среда исполнения и kubelet пишут в journald. Если systemd отсутствует, среда исполнения и kubelet пишут в файлы `.log` в директории `/var/log`. Системные компоненты внутри контейнеров всегда пишут в директорию `/var/log`, обходя механизм ведения логов по умолчанию. Они используют библиотеку для сбора логов [`klog`](https://github.com/kubernetes/klog). Правила сбора логов и рекомендации можно найти в соответствующей [документации](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md). + +Как и логи контейнеров, логи системных компонентов в директории `/var/log` необходимо ротировать. В кластерах Kubernetes, созданных с помощью скрипта `kube-up.sh`, эти файлы настроены на ежедневную ротацию с помощью инструмента `logrotate` или при достижении 100 МБ. + +## Архитектуры для сбора логов на уровне кластера + +Kubernetes не имеет собственного решения для сбора логов на уровне кластера, но есть общие подходы, которые можно рассмотреть. Вот некоторые из них: + +* использовать агент на уровне узлов (запускается на каждом узле); +* внедрить в Pod с приложением специальный sidecar-контейнер для сбора логов; +* отправлять логи из приложения непосредственно в бэкенд. + +### Использование агента на уровне узлов + +![Использование агента на уровне узлов](/images/docs/user-guide/logging/logging-with-node-agent.png) + +Сбор логов на уровне кластера можно реализовать, запустив _node-level-агент_ на каждом узле. Лог-агент — это специальный инструмент, который предоставляет доступ к логам или передает их бэкенду. Как правило, лог-агент представляет собой контейнер с доступом к директории с файлами логов всех контейнеров приложений на этом узле. + +Поскольку лог-агент должен работать на каждом узле, рекомендуется запускать его как `DaemonSet`. + +Сбор логов на уровне узла предусматривает запуск одного агента на узел и не требует изменений в приложениях, работающих на узле. + +Контейнеры пишут в `stdout` и `stderr`, но без согласованного формата. Агент на уровне узла собирает эти логи и направляет их на агрегацию. + +### Сбор логов с помощью sidecar-контейнера с лог-агентом {#sidecar-container-with-logging-agent} + +Sidecar-контейнер можно использовать одним из следующих способов: + +* sidecar-контейнер транслирует логи приложений на свой собственный `stdout`; +* в sidecar-контейнере работает агент, настроенный на сбор логов из контейнера приложения. + +#### Транслирующий sidecar-контейнер + +![Sidecar-контейнер с транслирующим контейнером](/images/docs/user-guide/logging/logging-with-streaming-sidecar.png) + +Настроив sidecar-контейнеры на вывод в их собственные потоки `stdout` и `stderr`, можно воспользоваться преимуществами kubelet и лог-агента, которые уже работают на каждом узле. Sidecar-контейнеры считывают логи из файла, сокета или journald. Затем каждый из них пишет логи в собственный поток `stdout` или `stderr`. + +Такой подход позволяет разграничить потоки логов от разных частей приложения, некоторые из которых могут не поддерживать запись в `stdout` или `stderr`. Логика, управляющая перенаправлением логов, проста и не требует значительных ресурсов. Кроме того, поскольку `stdout` и `stderr` обрабатываются kubelet'ом, можно использовать встроенные инструменты вроде `kubectl logs`. + +Предположим, к примеру, что в Pod'е работает один контейнер, который пишет логи в два разных файла в двух разных форматах. Вот пример конфигурации такого Pod'а: + +{{< codenew file="admin/logging/two-files-counter-pod.yaml" >}} + +Не рекомендуется писать логи разных форматов в один и тот же поток, даже если удалось перенаправить оба компонента в `stdout` контейнера. Вместо этого можно создать два sidecar-контейнера. Каждый из них будет забирать определенный лог-файл с общего тома и перенаправлять логи в свой `stdout`. + +Вот пример конфигурации Pod'а с двумя sidecar-контейнерами: + +{{< codenew file="admin/logging/two-files-counter-pod-streaming-sidecar.yaml" >}} + +Доступ к каждому потоку логов такого Pod'а можно получить отдельно, выполнив следующие команды: + +```shell +kubectl logs counter count-log-1 +``` + +Результат будет таким: + +```console +0: Mon Jan 1 00:00:00 UTC 2001 +1: Mon Jan 1 00:00:01 UTC 2001 +2: Mon Jan 1 00:00:02 UTC 2001 +... +``` + +```shell +kubectl logs counter count-log-2 +``` + +Результат будет таким: + +```console +Mon Jan 1 00:00:00 UTC 2001 INFO 0 +Mon Jan 1 00:00:01 UTC 2001 INFO 1 +Mon Jan 1 00:00:02 UTC 2001 INFO 2 +... +``` + +Агент на уровне узла, установленный в кластере, подхватывает эти потоки логов автоматически без дополнительной настройки. При желании можно настроить агент на парсинг логов в зависимости от контейнера-источника. + +Обратите внимание: несмотря на низкое использование процессора и памяти (порядка нескольких milliCPU для процессора и пары мегабайт памяти), запись логов в файл и их последующая потоковая передача в `stdout` может вдвое увеличить нагрузку на диск. Если приложение пишет в один файл, рекомендуется установить `/dev/stdout` в качестве адресата, нежели использовать подход с транслирующим контейнером. + +Sidecar-контейнеры также можно использовать для ротации файлов логов, которые не могут быть ротированы самим приложением. В качестве примера можно привести небольшой контейнер, периодически запускающий `logrotate`. Однако рекомендуется использовать `stdout` и `stderr` напрямую, а управление политиками ротации и хранения оставить kubelet'у. + +#### Sidecar-контейнер с лог-агентом + +![Sidecar-контейнер с лог-агентом](/images/docs/user-guide/logging/logging-with-sidecar-agent.png) + +Если лог-агент на уровне узла недостаточно гибок для ваших потребностей, можно создать sidecar-контейнер с отдельным лог-агентом, специально настроенным на работу с приложением. + +{{< note >}} +Работа лог-агента в sidecar-контейнере может привести к значительному потреблению ресурсов. Более того, доступ к этим журналам с помощью `kubectl logs` будет невозможен, поскольку они не контролируются kubelet'ом. +{{< /note >}} + +Ниже приведены два файла конфигурации sidecar-контейнера с лог-агентом. Первый содержит [`ConfigMap`](/docs/tasks/configure-pod-container/configure-pod-configmap/) для настройки fluentd. + +{{< codenew file="admin/logging/fluentd-sidecar-config.yaml" >}} + +{{< note >}} +За информацией о настройке fluentd обратитесь к его [документации](https://docs.fluentd.org/). +{{< /note >}} + +Второй файл описывает Pod с sidecar-контейнером, в котором работает fluentd. Pod монтирует том с конфигурацией fluentd. + +{{< codenew file="admin/logging/two-files-counter-pod-agent-sidecar.yaml" >}} + +В приведенных выше примерах fluentd можно заменить на другой лог-агент, считывающий данные из любого источника в контейнере приложения. + +### Прямой доступ к логам из приложения + +![Прямой доступ к логам из приложения](/images/docs/user-guide/logging/logging-from-application.png) + +Сбор логов приложения на уровне кластера, при котором доступ к ним осуществляется напрямую, выходит за рамки Kubernetes. diff --git a/content/ru/examples/admin/logging/fluentd-sidecar-config.yaml b/content/ru/examples/admin/logging/fluentd-sidecar-config.yaml new file mode 100644 index 0000000000000..eea1849b033fa --- /dev/null +++ b/content/ru/examples/admin/logging/fluentd-sidecar-config.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fluentd-config +data: + fluentd.conf: | + + type tail + format none + path /var/log/1.log + pos_file /var/log/1.log.pos + tag count.format1 + + + + type tail + format none + path /var/log/2.log + pos_file /var/log/2.log.pos + tag count.format2 + + + + type google_cloud + diff --git a/content/ru/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml b/content/ru/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml new file mode 100644 index 0000000000000..ddfb8104cb946 --- /dev/null +++ b/content/ru/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Pod +metadata: + name: counter +spec: + containers: + - name: count + image: busybox:1.28 + args: + - /bin/sh + - -c + - > + i=0; + while true; + do + echo "$i: $(date)" >> /var/log/1.log; + echo "$(date) INFO $i" >> /var/log/2.log; + i=$((i+1)); + sleep 1; + done + volumeMounts: + - name: varlog + mountPath: /var/log + - name: count-agent + image: k8s.gcr.io/fluentd-gcp:1.30 + env: + - name: FLUENTD_ARGS + value: -c /etc/fluentd-config/fluentd.conf + volumeMounts: + - name: varlog + mountPath: /var/log + - name: config-volume + mountPath: /etc/fluentd-config + volumes: + - name: varlog + emptyDir: {} + - name: config-volume + configMap: + name: fluentd-config diff --git a/content/ru/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml b/content/ru/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml new file mode 100644 index 0000000000000..ac19efe4a2350 --- /dev/null +++ b/content/ru/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Pod +metadata: + name: counter +spec: + containers: + - name: count + image: busybox:1.28 + args: + - /bin/sh + - -c + - > + i=0; + while true; + do + echo "$i: $(date)" >> /var/log/1.log; + echo "$(date) INFO $i" >> /var/log/2.log; + i=$((i+1)); + sleep 1; + done + volumeMounts: + - name: varlog + mountPath: /var/log + - name: count-log-1 + image: busybox:1.28 + args: [/bin/sh, -c, 'tail -n+1 -F /var/log/1.log'] + volumeMounts: + - name: varlog + mountPath: /var/log + - name: count-log-2 + image: busybox:1.28 + args: [/bin/sh, -c, 'tail -n+1 -F /var/log/2.log'] + volumeMounts: + - name: varlog + mountPath: /var/log + volumes: + - name: varlog + emptyDir: {} diff --git a/content/ru/examples/admin/logging/two-files-counter-pod.yaml b/content/ru/examples/admin/logging/two-files-counter-pod.yaml new file mode 100644 index 0000000000000..31bbed3cf8683 --- /dev/null +++ b/content/ru/examples/admin/logging/two-files-counter-pod.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Pod +metadata: + name: counter +spec: + containers: + - name: count + image: busybox:1.28 + args: + - /bin/sh + - -c + - > + i=0; + while true; + do + echo "$i: $(date)" >> /var/log/1.log; + echo "$(date) INFO $i" >> /var/log/2.log; + i=$((i+1)); + sleep 1; + done + volumeMounts: + - name: varlog + mountPath: /var/log + volumes: + - name: varlog + emptyDir: {} diff --git a/content/ru/examples/debug/counter-pod.yaml b/content/ru/examples/debug/counter-pod.yaml new file mode 100644 index 0000000000000..a91b2f8915830 --- /dev/null +++ b/content/ru/examples/debug/counter-pod.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Pod +metadata: + name: counter +spec: + containers: + - name: count + image: busybox:1.28 + args: [/bin/sh, -c, + 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'] From eed0bc8417757819dae46960fee44368dd9e1daf Mon Sep 17 00:00:00 2001 From: Kirill Kononovich <41591254+kirkonru@users.noreply.github.com> Date: Mon, 4 Jul 2022 20:20:20 +0300 Subject: [PATCH 087/537] Add flow-control.md and translate it Co-authored-by: Dmitry Shurupov Add health-for-strangers.yaml --- .../cluster-administration/flow-control.md | 328 ++++++++++++++++++ .../health-for-strangers.yaml | 20 ++ 2 files changed, 348 insertions(+) create mode 100644 content/ru/docs/concepts/cluster-administration/flow-control.md create mode 100644 content/ru/examples/priority-and-fairness/health-for-strangers.yaml diff --git a/content/ru/docs/concepts/cluster-administration/flow-control.md b/content/ru/docs/concepts/cluster-administration/flow-control.md new file mode 100644 index 0000000000000..0424b87d2969e --- /dev/null +++ b/content/ru/docs/concepts/cluster-administration/flow-control.md @@ -0,0 +1,328 @@ +--- +title: Равноправный доступ к API +content_type: concept +min-kubernetes-server-version: v1.18 +--- + + + +{{< feature-state state="beta" for_k8s_version="v1.20" >}} + +Контроль за поведением API-сервера Kubernetes в условиях высокой нагрузки — ключевая задача для администраторов кластера. В {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver">}} имеются некоторые механизмы управления (например, флаги командной строки `--max-requests-inflight` и `--max-mutating-requests-inflight`) для ограничения нагрузки на сервер. Они предотвращают наплыв входящих запросов и потенциальный отказ сервера API, но не позволяют гарантировать прохождение наиболее важных запросов в периоды высокой нагрузки. + +Функция регулирования приоритета и обеспечения равноправного доступа к API (API Priority and Fairness), или РДА, — отличная альтернатива флагам. Она оптимизирует вышеупомянутые ограничения на максимальное количество запросов. РДА тщательнее классифицирует запросы и изолирует их. Также она поддерживает механизм очередей, который помогает обрабатывать запросы при краткосрочных всплесках нагрузки. Отправка запросов из очередей осуществляется на основе метода организации равноправных очередей, поэтому плохо работающий {{< glossary_tooltip text="контроллер" term_id="controller" >}} не будет мешать работе других (даже с аналогичным уровнем приоритета). + +Эта функция предназначена для корректной работы со стандартными контроллерами, которые используют информеры и реагируют на неудачные API-запросы, экспоненциально увеличивая выдержку (back-off) между ними, а также клиентами, устроенными аналогичным образом. + +{{< caution >}} +Запросы, отнесенные к категории "long-running" — в первую очередь следящие, — не подпадают под действие фильтра функции равноправного доступа к API. Это также верно для флага `--max-requests-inflight` без включенной функции РДА. +{{< /caution >}} + + + +## Включение/отключение равноправного доступа к API + +Управление РДА осуществляется с помощью переключателя функционала (feature gate); по умолчанию функция включена. В разделе [Переключатели функционала](/docs/reference/command-line-tools-reference/feature-gates/) приведено их общее описание и способы включения/отключения. В случае РДА соответствующий переключатель называется "APIPriorityAndFairness". Данная функция также включает {{< glossary_tooltip term_id="api-group" text="группу API" >}}, при этом: (a) версия `v1alpha1` по умолчанию отключена, (b) версии `v1beta1` и `v1beta2` по умолчанию включены. Чтобы отключить РДА и бета-версии групп API, добавьте следующие флаги командной строки в вызов `kube-apiserver`: + +```shell +kube-apiserver \ +--feature-gates=APIPriorityAndFairness=false \ +--runtime-config=flowcontrol.apiserver.k8s.io/v1beta1=false,flowcontrol.apiserver.k8s.io/v1beta2=false \ + # …и остальные флаги, как обычно +``` + +Кроме того, версию v1alpha1 группы API можно включить с помощью `--runtime-config=flowcontrol.apiserver.k8s.io/v1alpha1=true`. + +Флаг командной строки `--enable-priority-and-fairness=false` отключит функцию равноправного доступа к API, даже если другие флаги ее активировали. + +## Основные понятия + +Функция равноправного доступа к API в своей работе использует несколько базовых понятий/механизмов. Входящие запросы классифицируются по атрибутам с помощью т.н. _FlowSchemas_, после чего им присваиваются уровни приоритета. Уровни приоритета обеспечивают некоторую степень изоляции, обеспечивая различные пределы параллелизма, предотвращая влияние запросов с разными уровнями приоритета друг на друга. В пределах одного приоритета алгоритм равнодоступного формирования очереди предотвращает взаимное влияние запросов из разных _потоков_ и формирует очередь запросов, снижая число неудачных запросов во время всплесков трафика при приемлемо низкой средней нагрузке. + +### Уровни приоритета + +Без включенного равноправного доступа к API управление общим параллелизмом в API-сервере осуществляется флагами `--max-requests-inflight` и `--max-mutating-requests-inflight` для `kube-apiserver`. При включенном равноправном доступе к API пределы параллелизма, заданные этими флагами, суммируются, а затем сумма распределяется по настраиваемому набору _уровней приоритета_. Каждому входящему запросу присваивается определенный уровень приоритета, причем каждый уровень приоритета может отправлять только такое количество параллельных запросов, которое прописано в его конфигурации. + +Конфигурация по умолчанию, например, предусматривает отдельные уровни приоритета для запросов на выборы лидера, запросов от встроенных контроллеров и запросов от Pod'ов. Это означает, что Pod, ведущий себя некорректно и переполняющий API-сервер запросами, не сможет помешать выборам лидера или оказать влияние на действия встроенных контроллеров. + +### Очереди + +Каждый уровень приоритета может включать большое количество различных источников трафика. Во время перегрузки важно предотвратить негативное влияние одного потока запросов на остальные (например, в идеале один сбойный клиент, переполняющий kube-apiserver своими запросами, не должен оказывать заметного влияния на других клиентов). Для этого при обработке запросов с одинаковым уровнем приоритета используется алгоритм равнодоступной очереди. Каждый запрос приписывается к _потоку_, который идентифицируется по имени соответствующей FlowSchema и _дифференциатору потока_: пользователю-источнику запроса, пространству имен целевого ресурса или пустым значением. Система старается придать примерно равный вес запросам в разных потоках с одинаковым уровнем приоритета. +Для раздельной обработки различных инстансов контроллеры с большим их числом должны аутентифицироваться под разными именами пользователей. + +Распределив запрос в некоторый поток, РДА приписывает его к очереди. Этот процесс базируется на методе, известном как {{< glossary_tooltip term_id="shuffle-sharding" text="shuffle sharding" >}} (тасование между шардами), который относительно эффективно изолирует потоки низкой интенсивности от потоков высокой интенсивности с помощью очередей. + +Параметры алгоритма постановки в очередь можно настраивать для каждого уровня приоритетов. В результате администратор может выбирать между использованием памяти, равнодоступностью (свойством, которое обеспечивает продвижение независимых потоков, когда совокупный трафик превышает пропускную способность), толерантностью к всплескам трафика и дополнительной задержкой, вызванной постановкой в очередь. + +### Запросы-исключения + +Некоторые запросы считаются настолько важными, что на них не распространяется ни одно из ограничений, налагаемых этой функцией. Механизм исключений не позволяет ошибочно настроенной конфигурации управления потоком полностью вывести сервер API из строя. + +## Ресурсы + +API управления потоками включает в себя два вида ресурсов. [PriorityLevelConfigurations](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#prioritylevelconfiguration-v1beta2-flowcontrol-apiserver-k8s-io) определяет доступные классы изоляции, долю доступного бюджета параллелизма, которая выделяется для каждого класса, и позволяет выполнять тонкую настройку работы с очередями. [FlowSchema](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#flowschema-v1beta2-flowcontrol-apiserver-k8s-io) используется для классификации отдельных входящих запросов, сопоставляя каждый из них с одной из конфигураций PriorityLevelConfiguration. Кроме того, существует версия `v1alpha1` данной группы API, с аналогичными Kinds с теми же синтаксисом и семантикой. + +### PriorityLevelConfiguration + +PriorityLevelConfiguration представляет отдельный класс изоляции. У каждой конфигурации PriorityLevelConfiguration имеется независимый предел на количество активных запросов и ограничения на число запросов в очереди. + +Пределы параллелизма для PriorityLevelConfigurations указываются не в виде абсолютного количества запросов, а в виде "долей параллелизма" (concurrency shares). Совокупный объем ресурсов API-сервера, доступных для параллелизма, распределяется между существующими PriorityLevelConfigurations пропорционально этим долям. Администратор кластера может увеличить или уменьшить совокупный объем трафика на сервер, просто перезапустив kube-apiserver с другим значением `--max-requests-inflight` (или `--max-mutating-requests-inflight`). В результате пропускная способность каждой PriorityLevelConfigurations возрастет (или снизится) соразмерно ее доле. + +{{< caution >}} +При включенной функции Priority and Fairness суммарный предел параллелизма для сервера равен сумме `--max-requests-inflight` и `--max-mutating-requests-inflight`. При этом мутирующие и не мутирующие запросы рассматриваются вместе; чтобы обрабатывать их независимо для некоторого ресурса, создайте отдельные FlowSchemas для мутирующих и не мутирующих действий (verbs). +{{< /caution >}} + +Поле `type` спецификации PriorityLevelConfiguration определяет судьбу избыточных запросов, когда их объем, отнесенный к одной PriorityLevelConfiguration, превышает ее допустимый уровень параллелизма. Тип `Reject` означает, что избыточный трафик будет немедленно отклонен с ошибкой HTTP 429 (Too Many Requests). Тип `Queue` означает, что запросы, превышающие пороговое значение, будут поставлены в очередь, при этом для балансировки прогресса между потоками запросов будут использоваться методы тасования между шардами и равноправных очередей. + +Конфигурация очередей позволяет настроить алгоритм равноправных очередей для каждого уровня приоритета. Подробности об алгоритме можно узнать из [предложения по улучшению](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1040-priority-and-fairness); если вкратце: + +* Увеличение `queues` снижает количество конфликтов между различными потоками за счет повышенного использования памяти. При единице логика равнодоступной очереди отключается, но запросы все равно могут быть поставлены в очередь. + +* Увеличение длины очереди (`queueLengthLimit`) позволяет выдерживать большие всплески трафика без потери запросов за счет увеличения задержек и повышенного потребления памяти. + +* Изменение `handSize` позволяет регулировать вероятность конфликтов между различными потоками и общий параллелизм, доступный для одного потока в условиях чрезмерной нагрузки. + + {{< note >}} + Больший `handSize` снижает вероятность конфликта двух отдельных потоков (и, следовательно, вероятность того, что один из них подавит другой), но повышает вероятность того, что малое число потоков загрузят API-сервер. Больший `handSize` также потенциально увеличивает задержку, которую может вызвать один поток с высоким трафиком. Максимальное возможное количество запросов в очереди от одного потока равно `handSize * queueLengthLimit`. + {{< /note >}} + +Ниже приведена таблица с различными конфигурациями, показывающая вероятность того, что "мышь" (поток низкой интенсивности) будет раздавлена "слонами" (потоками высокой интенсивности) в зависимости от числа "слонов" при тасовании потоков между шардами. Скрипт для расчета таблицы доступен по [ссылке](https://play.golang.org/p/Gi0PLgVHiUg). + +{{< table caption = "Конфигурации shuffle sharding" >}} +`handSize` | Число очередей | 1 слон | 4 слона | 16 слонов +|----------|-----------|------------|----------------|--------------------| +| 12 | 32 | 4.428838398950118e-09 | 0.11431348830099144 | 0.9935089607656024 | +| 10 | 32 | 1.550093439632541e-08 | 0.0626479840223545 | 0.9753101519027554 | +| 10 | 64 | 6.601827268370426e-12 | 0.00045571320990370776 | 0.49999929150089345 | +| 9 | 64 | 3.6310049976037345e-11 | 0.00045501212304112273 | 0.4282314876454858 | +| 8 | 64 | 2.25929199850899e-10 | 0.0004886697053040446 | 0.35935114681123076 | +| 8 | 128 | 6.994461389026097e-13 | 3.4055790161620863e-06 | 0.02746173137155063 | +| 7 | 128 | 1.0579122850901972e-11 | 6.960839379258192e-06 | 0.02406157386340147 | +| 7 | 256 | 7.597695465552631e-14 | 6.728547142019406e-08 | 0.0006709661542533682 | +| 6 | 256 | 2.7134626662687968e-12 | 2.9516464018476436e-07 | 0.0008895654642000348 | +| 6 | 512 | 4.116062922897309e-14 | 4.982983350480894e-09 | 2.26025764343413e-05 | +| 6 | 1024 | 6.337324016514285e-16 | 8.09060164312957e-11 | 4.517408062903668e-07 | +{{< /table >}} + +### FlowSchema + +FlowSchema сопоставляется со входящими запросами; по результатам данного действия тем приписывается определенный уровень приоритета. Каждый входящий запрос по очереди проверяется на соответствие каждой FlowSchema, начиная с тех, у которых наименьшее численное значение `matchingPrecedence` (т.е., логически наивысший приоритет). Проверка ведется до первого совпадения. + +{{< caution >}} +Учитывается только первая подходящая FlowSchema для данного запроса. Если одному входящему запросу соответствует несколько FlowSchemas, он попадет в ту, у которой наивысший `matchingPrecedence`. Если несколько FlowSchema с одинаковым `matchingPrecedence` соответствуют одному запросу, предпочтение будет отдано той, у которой лексикографически меньшее имя (`name`). Впрочем, лучше не полагаться на это, а убедиться, что `matchingPrecedence` уникален для всех FlowSchema. +{{< /caution >}} + +Схема FlowSchema подходит определенному запросу, если хотя бы одно из ее правил (`rules`) подходит ему. В свою очередь, правило соответствует запросу, если ему соответствует хотя бы один из его субъектов (`subjects`) *и* хотя бы одно из его правил `resourceRules` или `nonResourceRules` (в зависимости от того, является ли входящий запрос ресурсным или нересурсным URL). + +Для поля `name` в субъектах (subjects) и полей `verbs`, `apiGroups`, `resources`, `namespaces` и `nonResourceURLs` в ресурсных и нересурсных правилах может быть указан универсальный символ `*`, который будет соответствовать всем значениям для данного поля, фактически исключая его из рассмотрения. + +Параметр `distinguisherMethod.type` схемы FlowSchema определяет, как запросы, соответствующие этой схеме, будут разделяться на потоки. Он может быть либо `ByUser` (в этом случае один запрашивающий пользователь не сможет лишить других пользователей ресурсов), либо `ByNamespace` (в этом случае запросы на ресурсы в одном пространстве имен не смогут помешать запросам на ресурсы в других пространствах имен), либо он может быть пустым (или `distinguisherMethod` может быть опущен) (в этом случае все запросы, соответствующие данной FlowSchema, будут считаться частью одного потока). Правильный выбор для определенной FlowSchema зависит от ресурса и конкретной среды. + +## Значения по умолчанию + +kube-apiserver поддерживает два вида объектов конфигурации РДА: обязательные и рекомендуемые. + +### Обязательные объекты конфигурации + +Четыре обязательных объекта конфигурации отражают защитное поведение, встроенное в серверы. Оно реализуется независимо от этих объектов; параметры последних просто его отражают. + +* Обязательный уровень приоритета `exempt` используется для запросов, которые вообще не подчиняются контролю потока: они всегда будут доставляться немедленно. Обязательная FlowSchema `exempt` относит к этому уровню приоритета все запросы из группы `system:masters`. При необходимости можно задать другие FlowSchemas, которые будут наделять другие запросы данным уровнем приоритета. + +* Обязательный уровень приоритета `catch-all` используется в сочетании с обязательной FlowSchema `catch-all`, гарантируя, что каждый запрос получит какую-либо классификацию. Как правило, полагаться на эту универсальную конфигурацию не следует. Рекомендуется создать свои собственные универсальные FlowSchema и PriorityLevelConfiguration (или использовать опциональный уровень приоритета `global-default`, доступный по умолчанию). Поскольку предполагается, что обязательный уровень приоритета `catch-all` будет использоваться редко, его доля параллелизма невысока, кроме того, он не ставит запросы в очередь. + +### Опциональные объекты конфигурации + +Опциональные объекты FlowSchemas и PriorityLevelConfigurations образуют оптимальную конфигурацию по умолчанию. При желании их можно изменить и/или создать дополнительные объекты конфигурации. Если велика вероятность высокой нагрузки на кластер, следует решить, какая конфигурация будет работать лучше всего. + +Опциональная конфигурация группирует запросы по шести уровням приоритета: + +* Уровень приоритета `node-high` предназначен для проверки здоровья узлов. + +* Уровень приоритета `system` предназначен для запросов от группы `system:nodes`, не связанных с состоянием узлов, а именно: от kubelet'ов, которые должны иметь возможность связываться с сервером API для планирования рабочих нагрузок. + +* Уровень приоритета `leader-election` предназначен для запросов на выборы лидера от встроенных контроллеров (в частности, запросы на объекты типа `Endpoint`, `ConfigMap` или `Lease`, поступающие от пользователей `system:kube-controller-manager` или `system:kube-scheduler` и служебных учетных записей в пространстве имен `kube-system`). Их важно изолировать от другого трафика, поскольку сбои при выборе лидеров приводят к перезагрузкам контроллеров. Соответственно, новые контроллеры потребляют трафик, синхронизируя свои информеры. + +* Уровень приоритета `workload-high` предназначен для прочих запросов от встроенных контроллеров. + +* Уровень приоритета `workload-low` предназначен для запросов от остальных учетных записей служб, которые обычно включают все запросы от контроллеров, работающих в Pod'ах. + +* Уровень приоритета `global-default` обрабатывает весь остальной трафик, например, интерактивные команды `kubectl`, выполняемые непривилегированными пользователями. + +Опциональные FlowSchemas служат для направления запросов на вышеуказанные уровни приоритета и здесь не перечисляются. + +### Обслуживание обязательных и опциональных объектов конфигурации + +Каждый `kube-apiserver` самостоятельно обслуживает обязательные и опциональные объекты конфигурации, используя стратегию начальных/периодических проходов. Таким образом, в ситуации с серверами разных версий может возникнуть пробуксовка (thrashing) из-за разного представления серверов о правильном содержании этих объектов. + +Каждый `kube-apiserver` выполняет начальный проход по обязательным и опциональным объектам конфигурации, а затем периодически (раз в минуту) обходит их. + +Для обязательных объектов обслуживание заключается в проверке того, что объект существует и имеет надлежащую спецификацию (spec). Сервер не разрешает создавать или обновлять объекты со spec, которая не соответствует его защитному поведению. + +Обслуживание опциональных объектов конфигурации предусматривает возможность переопределения их спецификации (spec). Кроме того, удаление носит непостоянный характер: объект будет восстановлен в процессе обслуживания. Если опциональный объект конфигурации не нужен, его не нужно удалять, но достаточно настроить spec'и так, чтобы последствия были минимальными. Обслуживание опциональных объектов также рассчитано на поддержку автоматической миграции при выходе новой версии `kube-apiserver`, при этом вероятны конфликты (thrashing), пока группировка серверов остается смешанной. + +Обслуживание опционального объекта конфигурации предусматривает его создание — с рекомендуемой спецификацией сервера — если тот не существует. В то же время, если объект уже существует, поведение при обслуживании зависит от того, кто им управляет — `kube-apiserver`'ы или пользователи. В первом случае сервер гарантирует, что спецификация объекта соответствует рекомендуемой; во втором случае спецификация не анализируется. + +Чтобы узнать, кто управляет объектом, необходимо найти аннотацию с ключом `apf.kubernetes.io/autoupdate-spec`. Если такая аннотация существует и ее значение равно `true`, то объект контролируется kube-apiserver'ами. Если аннотация существует и ее значение равно `false`, объект контролируется пользователями. Если ни одно из этих условий не выполняется, выполняется обращение к `metadata.generation` объекта. Если этот параметр равен 1, объект контролируется kube-apiserver'ами. В противном случае объект контролируют пользователи. Эти правила были введены в версии 1.22, и использование `metadata.generation` обусловлено переходом от более простого предыдущего поведения. Пользователи, желающие контролировать опциональный объект конфигурации, должны убедиться, что его аннотация `apf.kubernetes.io/autoupdate-spec` имеет значение `false`. + +Обслуживание обязательного или опционального объекта конфигурации также предусматривает проверку наличия у него аннотации `apf.kubernetes.io/autoupdate-spec`, которая позволяет понять, контролируют ли его kube-apiserver'ы. + +Обслуживание также предусматривает удаление объектов, которые не являются ни обязательными, ни опциональными, но имеют аннотацию `apf.kubernetes.io/autoupdate-spec=true`. + +## Освобождение проверок работоспособности от параллелизма + +Опциональная конфигурация не предусматривает особого отношения к health check-запросам на kube-apiserver'ы от их локальных kubelet'ов. В данном случае обычно используется защищенный порт, но учетные данные не передаются. В опциональной конфигурации такие запросы относятся к FlowSchema `global-default` и соответствующему уровню приоритета `global-default`, где другой трафик может мешать их прохождению. + +Чтобы освободить такие запросы от частотных ограничений, можно добавить FlowSchema, приведенную ниже. + +{{< caution >}} +Добавление данной FlowSchema позволит злоумышленникам отправлять удовлетворяющие ей health-check-запросы в любом количестве. При наличии фильтра веб-трафика или аналогичного внешнего механизма безопасности для защиты API-сервера кластера от интернет-трафика можно настроить правила для блокировки любых health-check-запросов, поступающих из-за пределов кластера. +{{< /caution >}} + +{{< codenew file="priority-and-fairness/health-for-strangers.yaml" >}} + +## Диагностика + +Каждый HTTP-ответ от сервера API с включенной функцией РДА содержит два дополнительных заголовка: `X-Kubernetes-PF-FlowSchema-UID` и `X-Kubernetes-PF-PriorityLevel-UID`. В них указываются схема потока и уровень приоритета соответственно. Имена объектов API не включаются в эти заголовки на случай, если запрашивающий пользователь не обладает правами на их просмотр, поэтому при отладке можно использовать команду типа: + +```shell +kubectl get flowschemas -o custom-columns="uid:{metadata.uid},name:{metadata.name}" +kubectl get prioritylevelconfigurations -o custom-columns="uid:{metadata.uid},name:{metadata.name}" +``` + +чтобы привязать UID к именам для FlowSchemas и PriorityLevelConfigurations. + +## Наблюдаемость + +### Метрики + +{{< note >}} +В Kubernetes до версии v1.20 лейблы `flow_schema` и `priority_level` также могли называться `flowSchema` и `priorityLevel`, соответственно. При использовании Kubernetes v1.19 и более ранних версий обратитесь к документации для соответствующей версии. +{{< /note >}} + +При включении функции равноправного доступа к API kube-apiserver начинает экспортировать дополнительные метрики. Их мониторинг помогает выявить негативное влияние (throttling) текущей конфигурации на важный трафик или найти неэффективные рабочие нагрузки, которые вредят здоровью системы. + +* `apiserver_flowcontrol_rejected_requests_total` — вектор-счетчик (кумулятивный с момента запуска сервера) запросов, которые были отклонены, с разбивкой по лейблам `flow_schema` (указывает на FlowSchema у запросов, попавших под соответствие), `priority_level` (уровень приоритета, который был присвоен этим запросам) и `reason`. Лейбл `reason` будет иметь одно из следующих значений: + + * `queue-full` — в очереди уже слишком много запросов; + * `concurrency-limit` — PriorityLevelConfiguration настроена на отклонение, а не на постановку в очередь избыточных запросов; + * `time-out` — запрос все еще находился в очереди, когда истек его лимит ожидания. + +* `apiserver_flowcontrol_dispatched_requests_total` — вектор-счетчик (кумулятивный с момента запуска сервера) запросов, которые начали выполняться, сгруппированный по лейблам `flow_schema` (указывает на FlowSchema у запросов, попавших под соответствие) и `priority_level` (уровень приоритета, который был присвоен этим запросам). + +* `apiserver_current_inqueue_requests` — вектор предыдущего максимума числа запросов в очереди, сгруппированных по лейблу `request_kind`, значение которого `mutating` или `readOnly`. Эти максимумы описывают наибольшее число, наблюдавшееся в последнем завершенном односекундном окне. Они дополняют более старый вектор `apiserver_current_inflight_requests`, который показывает максимум активно обслуживаемых запросов в последнем окне. + +* `apiserver_flowcontrol_read_vs_write_request_count_samples` — вектор-гистограмма наблюдений за тогда-текущим количеством запросов с разбивкой по лейблам `phase` (принимает значения `waiting` и `executing`) и `request_kind` (принимает значения `mutating` и `readOnly`). Наблюдения проводятся периодически с высокой частотой. Каждое наблюдаемое значение представляет собой число в диапазоне от 0 до 1, равное отношению числа запросов к соответствующему ограничению на их количество (ограничение длины очереди в случае ожидания и лимит параллелизма в случае выполнения). + +* `apiserver_flowcontrol_read_vs_write_request_count_watermarks` — вектор-гистограмма максимумов или минимумов количества запросов (число запросов, деленное на соответствующее ограничение) с разбивкой по лейблам `phase` (принимает значения `waiting` и `executing`) и `request_kind` (принимает значения `mutating` и `readOnly`); лейбл `mark` принимает значения `high` и `low`. Минимумы и максимумы собираются в окнах, ограниченных временем, когда наблюдение было добавлено в `apiserver_flowcontrol_read_vs_write_request_count_samples`. Эти экстремумы помогают определить разброс диапазона значений, наблюдавшийся в разных сэмплах. + +* `apiserver_flowcontrol_current_inqueue_requests` — gauge-вектор, содержащий количество стоящих в очереди (не выполняющихся) запросов в каждый момент с разбивкой по лейблам `priority_level` и `flow_schema`. + +* `apiserver_flowcontrol_current_executing_requests` — gauge-вектор, содержащий количество исполняемых (не ожидающих в очереди) запросов в каждый момент с разбивкой по лейблам `priority_level` и `flow_schema`. + +* `apiserver_flowcontrol_request_concurrency_in_use` — gauge-вектор, содержащий количество занятых мест в каждый момент с разбивкой по лейблам `priority_level` и `flow_schema`. + +* `apiserver_flowcontrol_priority_level_request_count_samples` — вектор-гистограмма наблюдений за текущим-на-тот-момент количеством запросов с разбивкой по лейблам `phase` (принимает значения `waiting` и `executing`) и `priority_level`. Каждая гистограмма получает наблюдения, сделанные периодически, вплоть до последней активности соответствующего рода. Наблюдения проводятся с высокой частотой. Каждое наблюдаемое значение представляет собой число в диапазоне от 0 до 1, равное отношению числа запросов к соответствующему ограничению на их количество (ограничение длины очереди в случае ожидания и лимит параллелизма в случае выполнения). + +* `apiserver_flowcontrol_priority_level_request_count_watermarks` — вектор-гистограмма максимумов или минимумов количества запросов с разбивкой по лейблам `phase` (принимает значения `waiting` и `executing`) и `priority_level`; лейбл `mark` принимает значения `high` и `low`. Минимумы и максимумы собираются в окнах, ограниченных временем, когда наблюдение было добавлено в `apiserver_flowcontrol_priority_level_request_count_samples`. Эти экстремумы показывают диапазон значений, наблюдавшийся в разных сэмплах. + +* `apiserver_flowcontrol_priority_level_seat_count_samples` — вектор-гистограмма наблюдений за использованием лимита параллелизма для уровня приоритета с разбивкой по `priority_level`. Использование — отношение (количество занятых мест) / (предел параллелизма). Метрика учитывает все стадии выполнения (как обычную, так и дополнительную задержку в конце записи для покрытия соответствующей работы по уведомлению) всех запросов, кроме WATCHes; для этих запросов учитывается только начальная стадия по доставке уведомлений о ранее существующих объектах. Каждая гистограмма в векторе также помечена лейблом `phase: executing` (количество мест для фазы ожидания не ограничено). Каждая гистограмма получает наблюдения, сделанные периодически, вплоть до последней активности соответствующего рода. Наблюдения производятся с высокой частотой. + +* `apiserver_flowcontrol_priority_level_seat_count_watermarks` — вектор-гистограмма минимумов и максимумов использования предела параллелизма для уровня приоритета с разбивкой по `priority_leve` и `mark` (принимает значения `high` и `low`). Каждая гистограмма в векторе также помечена лейблом `phase: executing` (для фазы ожидания предел на места отсутствует). Максимумы и минимумы собираются в окнах, ограниченных временем, когда наблюдение было добавлено в `apiserver_flowcontrol_priority_level_seat_count_samples`. Эти экстремумы помогают определить разброс диапазона значений, наблюдавшийся в разных сэмплах. + +* `apiserver_flowcontrol_request_queue_length_after_enqueue` — вектор-гистограмма длины очереди для очередей с разбивкой по лейблам `priority_level` и `flow_schema` как выборки по поставленным в очередь запросам. Каждый запрос при постановке в очередь вносит один сэмпл в гистограмму, сообщая о длине очереди сразу после добавления запроса. Обратите внимание, что это дает иную статистику, чем при объективном исследовании. + + {{< note >}} + В данном случае выброс в гистограмме означает, что, скорее всего, один поток (т.е. запросы от одного пользователя или для одного пространства имен, в зависимости от конфигурации) переполняет сервер API и "срезается" (throttled). И наоборот, если гистограмма одного уровня приоритета показывает, что все очереди для этого уровня приоритета длиннее, чем для других уровней приоритета, возможно, следует увеличить долю параллелизма для этого уровня приоритета в PriorityLevelConfiguration. + {{< /note >}} + +* `apiserver_flowcontrol_request_concurrency_limit` — gauge-вектор, содержащий вычисленный лимит параллелизма (основанный на общем лимите параллелизма сервера API и долях параллелизма PriorityLevelConfigurations), с разбивкой по лейблу `priority_level`. + +* `apiserver_flowcontrol_request_wait_duration_seconds` — вектор-гистограмма времени ожидания запросов в очереди с разбивкой по лейблам `flow_schema` (указывает, какая схема соответствует запросу), `priority_level` (указывает, к какому уровню был отнесен запрос) и `execute` (указывает, начал ли запрос выполняться). + + {{< note >}} + Поскольку каждая FlowSchema всегда относит запросы к одному PriorityLevelConfiguration, можно сложить гистограммы для всех FlowSchema для одного уровня приоритета, чтобы получить эффективную гистограмму для запросов, отнесенных к этому уровню приоритета. + {{< /note >}} + +* `apiserver_flowcontrol_request_execution_seconds` — вектор-гистограмма времени, затраченного на выполнение запросов, с разбивкой по по лейблам `flow_schema` (указывает, какая схема соответствует запросу) и `priority_level` (указывает, к какому уровню был отнесен запрос). + +* `apiserver_flowcontrol_watch_count_samples` — вектор-гистограмма количества активных запросов WATCH, относящихся к данной записи, с разбивкой по `flow_schema` и `priority_level`. + +* `apiserver_flowcontrol_work_estimated_seats` — вектор-гистограмма количества предполагаемых мест (максимум начального и конечного этапа выполнения), связанных с запросами, с разбивкой по `flow_schema` и `priority_level`. + +* `apiserver_flowcontrol_request_dispatch_no_accommodation_total` — вектор-счетчик количества событий, которые в принципе могли бы привести к отправке запроса, но не привели из-за отсутствия доступного параллелизма, с разбивкой по `flow_schema` и `priority_level`. Соответствующими событиями являются поступление запроса и завершение запроса. + +### Отладочные endpoint'ы + +При включении функции равноправного доступа к API `kube-apiserver` предоставляет следующие дополнительные пути на своих HTTP[S]-портах. + +- `/debug/api_priority_and_fairness/dump_priority_levels` — список всех уровней приоритета и текущее состояние каждого из них. Получить его можно следующим образом: + + ```shell + kubectl get --raw /debug/api_priority_and_fairness/dump_priority_levels + ``` + + Вывод выглядит примерно так: + + ```none + PriorityLevelName, ActiveQueues, IsIdle, IsQuiescing, WaitingRequests, ExecutingRequests, + workload-low, 0, true, false, 0, 0, + global-default, 0, true, false, 0, 0, + exempt, , , , , , + catch-all, 0, true, false, 0, 0, + system, 0, true, false, 0, 0, + leader-election, 0, true, false, 0, 0, + workload-high, 0, true, false, 0, 0, + ``` + +- `/debug/api_priority_and_fairness/dump_queues` — список всех очередей и их текущее состояние. Получить его можно следующим образом: + + ```shell + kubectl get --raw /debug/api_priority_and_fairness/dump_queues + ``` + + Вывод выглядит примерно так: + + ```none + PriorityLevelName, Index, PendingRequests, ExecutingRequests, VirtualStart, + workload-high, 0, 0, 0, 0.0000, + workload-high, 1, 0, 0, 0.0000, + workload-high, 2, 0, 0, 0.0000, + ... + leader-election, 14, 0, 0, 0.0000, + leader-election, 15, 0, 0, 0.0000, + ``` + +- `/debug/api_priority_and_fairness/dump_requests` — список всех запросов, которые в настоящее время ожидают в очереди. Получить его можно следующим образом: + + ```shell + kubectl get --raw /debug/api_priority_and_fairness/dump_requests + ``` + + Вывод выглядит примерно так: + + ```none + PriorityLevelName, FlowSchemaName, QueueIndex, RequestIndexInQueue, FlowDistingsher, ArriveTime, + exempt, , , , , , + system, system-nodes, 12, 0, system:node:127.0.0.1, 2020-07-23T15:26:57.179170694Z, + ``` + + В дополнение к запросам, стоящим в очереди, вывод включает одну фантомную строку для каждого уровня приоритета, на которую не распространяется ограничение. + + Более подробный список можно получить с помощью следующей команды: + + ```shell + kubectl get --raw '/debug/api_priority_and_fairness/dump_requests?includeRequestDetails=1' + ``` + + Вывод выглядит примерно так: + + ```none + PriorityLevelName, FlowSchemaName, QueueIndex, RequestIndexInQueue, FlowDistingsher, ArriveTime, UserName, Verb, APIPath, Namespace, Name, APIVersion, Resource, SubResource, + system, system-nodes, 12, 0, system:node:127.0.0.1, 2020-07-23T15:31:03.583823404Z, system:node:127.0.0.1, create, /api/v1/namespaces/scaletest/configmaps, + system, system-nodes, 12, 1, system:node:127.0.0.1, 2020-07-23T15:31:03.594555947Z, system:node:127.0.0.1, create, /api/v1/namespaces/scaletest/configmaps, + ``` + +## {{% heading "whatsnext" %}} + + +Для получения подробной информации о функции равноправного доступа к API см. [предложение по улучшению (KEP)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1040-priority-and-fairness). Предложения и запросы функционала принимаются через [SIG API Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery) или в специализированном [канале Slack](https://kubernetes.slack.com/messages/api-priority-and-fairness). diff --git a/content/ru/examples/priority-and-fairness/health-for-strangers.yaml b/content/ru/examples/priority-and-fairness/health-for-strangers.yaml new file mode 100644 index 0000000000000..c57e2cae37245 --- /dev/null +++ b/content/ru/examples/priority-and-fairness/health-for-strangers.yaml @@ -0,0 +1,20 @@ +apiVersion: flowcontrol.apiserver.k8s.io/v1beta2 +kind: FlowSchema +metadata: + name: health-for-strangers +spec: + matchingPrecedence: 1000 + priorityLevelConfiguration: + name: exempt + rules: + - nonResourceRules: + - nonResourceURLs: + - "/healthz" + - "/livez" + - "/readyz" + verbs: + - "*" + subjects: + - kind: Group + group: + name: system:unauthenticated From 87ece51122aabf579e3d07f9370fdc3c48fd1916 Mon Sep 17 00:00:00 2001 From: Kirill Kononovich <41591254+kirkonru@users.noreply.github.com> Date: Fri, 25 Nov 2022 19:08:34 +0300 Subject: [PATCH 088/537] Create & localize _index.md Create api-eviction.md Apply suggestions from code review Co-authored-by: Dmitry Shurupov [ru] create api-eviction.md [ru] create pod-disruption.md --- .../concepts/scheduling-eviction/_index.md | 35 +++++ .../scheduling-eviction/api-eviction.md | 121 ++++++++++++++++++ .../docs/reference/glossary/api-eviction.md | 24 ++++ .../docs/reference/glossary/pod-disruption.md | 24 ++++ 4 files changed, 204 insertions(+) create mode 100644 content/ru/docs/concepts/scheduling-eviction/_index.md create mode 100644 content/ru/docs/concepts/scheduling-eviction/api-eviction.md create mode 100644 content/ru/docs/reference/glossary/api-eviction.md create mode 100644 content/ru/docs/reference/glossary/pod-disruption.md diff --git a/content/ru/docs/concepts/scheduling-eviction/_index.md b/content/ru/docs/concepts/scheduling-eviction/_index.md new file mode 100644 index 0000000000000..f2e598a2a5a42 --- /dev/null +++ b/content/ru/docs/concepts/scheduling-eviction/_index.md @@ -0,0 +1,35 @@ +--- +title: "Планирование, приоритизация и вытеснение" +weight: 95 +content_type: concept +description: > + В Kubernetes под планированием понимается поиск подходящих узлов, на которых kubelet сможет запустить Pod'ы. + Приоритизация — процесс завершения работы Pod'ов с более низким приоритетом и высвобождения места для Pod'ов + с более высоким приоритетом. Вытеснение — это проактивное завершение работы одного или нескольких Pod'ов на + узлах с дефицитом ресурсов. + +no_list: true +--- + +В Kubernetes под планированием понимается поиск {{}}, подходящих для размещения {{}} так, чтобы {{}} +мог их запустить. Приоритизация (упреждение; preemption) — процесс завершения работы Pod'ов +с более низким {{}} с освобождением места для Pod'ов с более высоким приоритетом. Вытеснение (eviction) — завершение работы одного или нескольких Pod'ов на узлах. + +## Планирование + +* [Планировщик Kubernetes](/docs/concepts/scheduling-eviction/kube-scheduler/); +* [Распределение Pod'ов по узлам](/docs/concepts/scheduling-eviction/assign-pod-node/); +* [Overhead Pod'а](/docs/concepts/scheduling-eviction/pod-overhead/); +* [Ограничения на топологию распределения Pod'ов](/docs/concepts/scheduling-eviction/topology-spread-constraints/); +* [Ограничения (taints) и допуски (tolerations)](/docs/concepts/scheduling-eviction/taint-and-toleration/); +* [Фреймворк для планирования](/docs/concepts/scheduling-eviction/scheduling-framework); +* [Настройка производительности планировщика](/docs/concepts/scheduling-eviction/scheduler-perf-tuning/); +* [Упаковка расширенных ресурсов](/docs/concepts/scheduling-eviction/resource-bin-packing/). + +## Завершение работы Pod'ов + +{{}} + +* [Приоритет и приоритизация Pod'ов](/docs/concepts/scheduling-eviction/pod-priority-preemption/); +* [Вытеснение из-за недостатка ресурсов на узле](/docs/concepts/scheduling-eviction/node-pressure-eviction/); +* [Вытеснение, инициированное API](/docs/concepts/scheduling-eviction/api-eviction/). diff --git a/content/ru/docs/concepts/scheduling-eviction/api-eviction.md b/content/ru/docs/concepts/scheduling-eviction/api-eviction.md new file mode 100644 index 0000000000000..c545b597a06ea --- /dev/null +++ b/content/ru/docs/concepts/scheduling-eviction/api-eviction.md @@ -0,0 +1,121 @@ +--- +title: Вытеснение, инициированное через API +content_type: concept +weight: 110 +--- + +{{< glossary_definition term_id="api-eviction" length="short" >}}
    + +Вытеснение можно инициировать напрямую с помощью Eviction API или программно, +используя клиент {{}} +(например, командой `kubectl drain`). В результате будет создан объект `Eviction`, +который запустит процесс контролируемого завершения работы Pod'а. + +Вытеснения, инициированные через API, учитывают настройки [`PodDisruptionBudget`](/docs/tasks/run-application/configure-pdb/) +и [`terminationGracePeriodSeconds`](/docs/concepts/workloads/pods/pod-lifecycle#pod-termination). + +Создание с помощью API объекта Eviction для Pod'а аналогично выполнению +[операции `DELETE`](/docs/reference/kubernetes-api/workload-resources/pod-v1/#delete-delete-a-pod) +для этого Pod'а, которая контролируется политикой. + +## Вызов API Eviction + +Для доступа к API Kubernetes и создания объекта `Eviction` можно воспользоваться [клиентской библиотекой](/docs/tasks/administer-cluster/access-cluster-api/#programmatic-access-to-the-api). Необходимая операция оформляется в виде POST-запроса (см. пример ниже): + +{{< tabs name="Eviction_example" >}} +{{% tab name="policy/v1" %}} +{{< note >}} +Вытеснение с версией `policy/v1` доступно начиная с v1.22. Для более ранних релизов используйте `policy/v1beta1`. +{{< /note >}} + +```json +{ + "apiVersion": "policy/v1", + "kind": "Eviction", + "metadata": { + "name": "quux", + "namespace": "default" + } +} +``` +{{% /tab %}} +{{% tab name="policy/v1beta1" %}} +{{< note >}} +Признана устаревшей в v1.22; заменена на `policy/v1`. +{{< /note >}} + +```json +{ + "apiVersion": "policy/v1beta1", + "kind": "Eviction", + "metadata": { + "name": "quux", + "namespace": "default" + } +} +``` +{{% /tab %}} +{{< /tabs >}} + +Также можно попытаться выполнить операцию вытеснения, +обратившись к API с помощью `curl` или `wget`, как показано в следующем примере: + +```bash +curl -v -H 'Content-type: application/json' https://your-cluster-api-endpoint.example/api/v1/namespaces/default/pods/quux/eviction -d @eviction.json +``` + +## Как работает вытеснение, инициированное через API + +При вытеснении, инициированном через API, сервер API выполняет admission-проверки +и отвечает одним из следующих способов: + +* `200 OK`: вытеснение разрешено, подресурс `Eviction` создан, + Pod удален (аналогично отправке запроса `DELETE` на URL Pod'а). +* `429 Too Many Requests`: вытеснение в данный момент не разрешено из-за настроек + {{}}. + Попытку вытеснения можно повторить позже. Такой ответ также может быть вызван + работой механизма по ограничению частоты запросов к API. +* `500 Internal Server Error`: вытесение запрещено из-за неправильной конфигурации; + например, несколько PodDisruptionBudget'ов могут ссылаться на один и тот же Pod. + +Если Pod, предназначенный для вытеснения, не является частью рабочей нагрузки +с настроенным PodDisruptionBudget'ом, сервер API всегда возвращает `200 OK` и +разрешает вытеснение. + +В случае, если вытеснение разрешено, процесс удаления Pod'а выглядит следующим образом: + +1. К ресурсу `Pod` на сервере API добавляется метка времени удаления, + после чего сервер API считает ресурс Pod завершенным (terminated). Ресурс `Pod` также помечается + настроенным grace-периодом. +1. {{}} на узле, где запущен + локальный Pod, замечает, что ресурс `Pod` помечен на удаление, и приступает к + корректному завершению работы локального Pod'а. +1. Пока kubelet завершает работу Pod'а, управляющий слой удаляет Pod из объектов + {{}} и + {{}}. + В результате контроллеры больше не рассматривают Pod как валидный объект. +1. После истечения периода корректного завершения работы (grace-периода) kubelet + принудительно завершает работу локального Pod'а. +1. kubelet передает API-серверу информацию о необходимости удалить ресурс `Pod`. +1. Сервер API удаляет ресурс `Pod`. + +## Зависшие вытеснения + +В некоторых ситуациях сбой приводит к тому, что API Eviction начинает возвращать +исключительно ответы `429` или `500`. Такое может случиться, если, например, +за создание Pod'ов для приложения отвечает ReplicaSet, однако новые Pod'ы не +переходят в состояние `Ready`. Подобное поведение также может наблюдаться в случаях, +когда у последнего вытесненного Pod'а слишком долгий период завершения работы (grace-период). + +Одно из следующих решений может помочь решить проблему: + +* Прервите или приостановите автоматическую операцию, вызвавшую сбой. + Перед повторным запуском операции внимательно изучите сбойное приложение. +* Подождите некоторое время, затем напрямую удалите Pod из управляющего слоя + кластера вместо того, чтобы пытаться удалить его с помощью Eviction API. + +## {{% heading "whatsnext" %}} + +* Обеспечение работоспособности приложений с помощью [Pod Disruption Budget](/docs/tasks/run-application/configure-pdb/). +* [Вытеснение из-за дефицита ресурсов на узле](/docs/concepts/scheduling-eviction/node-pressure-eviction/). +* [Приоритет Pod'а и приоритизация](/docs/concepts/scheduling-eviction/pod-priority-preemption/). diff --git a/content/ru/docs/reference/glossary/api-eviction.md b/content/ru/docs/reference/glossary/api-eviction.md new file mode 100644 index 0000000000000..0ab35ae3fc140 --- /dev/null +++ b/content/ru/docs/reference/glossary/api-eviction.md @@ -0,0 +1,24 @@ +--- +title: Вытеснение, инициированное через API +id: api-eviction +date: 2021-04-27 +full_link: /docs/concepts/scheduling-eviction/api-eviction/ +short_description: > + Вытеснение, инициированное через API — процесс, при котором с помощью Eviction API создается объект Eviction, + который запускает корректное завершение работы Pod'а. +aka: +tags: +- operation +--- + Вытеснение, инициированное через API — процесс, при котором с помощью [Eviction API](/docs/reference/generated/kubernetes-api/{{}}/#create-eviction-pod-v1-core) +создается объект `Eviction`, который запускает корректное завершение работы Pod'а. + + + +Вытеснение можно запросить через Eviction API, обратившись к нему напрямую, либо программно (через клиент API-сервера — например, с помощью команды `kubectl drain`). При этом будет создан объект `Eviction`, на основании которого API-сервер завершит работу Pod'а. + +Вытеснения, инициированные через API, учитывают заданные параметры [`PodDisruptionBudget`](/docs/tasks/run-application/configure-pdb/) (минимальное количество реплик, которые должны быть доступны для данного развертывания в любой момент времени) и [`terminationGracePeriodSeconds`](/docs/concepts/workloads/pods/pod-lifecycle#pod-termination) (период ожидания корректного завершения работы Pod'а). + +Обратите внимание: вытеснение, инициированное через API — не то же самое, что вытеснение из-за [дефицита ресурсов на узле](/docs/concepts/scheduling-eviction/node-pressure-eviction/). + +* Дополнительная информация доступна в разделе ["Вытеснение, инициированное API"](/docs/concepts/scheduling-eviction/api-eviction/). diff --git a/content/ru/docs/reference/glossary/pod-disruption.md b/content/ru/docs/reference/glossary/pod-disruption.md new file mode 100644 index 0000000000000..e2a0a0f3db37a --- /dev/null +++ b/content/ru/docs/reference/glossary/pod-disruption.md @@ -0,0 +1,24 @@ +--- +id: pod-disruption +title: Нарушение работы Pod'ов +full_link: /docs/concepts/workloads/pods/disruptions/ +date: 2021-05-12 +short_description: > + Процесс, в ходе которого происходит плановое или принудительное завершение работы Pod'ов на узлах. + +aka: +related: + - pod + - container +tags: + - operation +--- + +[Нарушение работы Pod'ов (Pod disruption)](/docs/concepts/workloads/pods/disruptions/) — процесс, +в ходе которого происходит плановое или внеплановое (принудительное) завершение работы Pod'ов на узлах. + + + +Плановое завершение работы Pod'ов инициируется владельцами приложений или администраторами +кластера. Внеплановое завершение работы обычно вызвано непредвиденными обстоятельствами различной природы, +например, с недостатком ресурсов на узлах или случайными удалениями. From cc2fe4da21cd954d208172d53e7566fcd34a2ca7 Mon Sep 17 00:00:00 2001 From: Kinzhi Date: Thu, 16 Feb 2023 22:48:22 +0800 Subject: [PATCH 089/537] [zh-cn]SYNC pod-scheduling-readiness.md [zh-cn]SYNC pod-scheduling-readiness.md --- .../pod-scheduling-readiness.md | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness.md b/content/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness.md index 291a71c300480..637f1a299df38 100644 --- a/content/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness.md +++ b/content/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness.md @@ -47,22 +47,7 @@ each schedulingGate can be removed in arbitrary order, but addition of a new sch 该字段只能在创建 Pod 时初始化(由客户端创建,或在准入期间更改)。 创建后,每个 schedulingGate 可以按任意顺序删除,但不允许添加新的调度门控。 -{{}} -stateDiagram-v2 - s1: 创建 Pod - s2: Pod 调度门控 - s3: Pod 调度就绪 - s4: Pod 运行 - if: 调度门控为空? - [*] --> s1 - s1 --> if - s2 --> if: 移除了调度门控 - if --> s2: 否 - if --> s3: 是 - s3 --> s4 - s4 --> [*] -{{< /mermaid >}} - +{{< figure src="/docs/images/podSchedulingGates.svg" alt="pod-scheduling-gates-diagram" caption="数字。Pod SchedulingGates" class="diagram-large" link="https://mermaid.live/edit#pako:eNplkktTwyAUhf8KgzuHWpukaYszutGlK3caFxQuCVMCGSDVTKf_XfKyPlhxz4HDB9wT5lYAptgHFuBRsdKxenFMClMYFIdfUdRYgbiD6ItJTEbR8wpEq5UpUfnDTf-5cbPoJjcbXdcaE61RVJIiqJvQ_Y30D-OCt-t3tFjcR5wZayiVnIGmkv4NiEfX9jijKTmmRH5jf0sRugOP0HyHUc1m6KGMFP27cM28fwSJDluPpNKaXqVJzmFNfHD2APRKSjnNFx9KhIpmzSfhVls3eHdTRrwG8QnxKfEZUUNeYTDBNbiaKRF_5dSfX-BQQQ0FpnEqQLJWhwIX5hyXsjbYl85wTINrgeC2EZd_xFQy7b_VJ6GCdd-itkxALE84dE3fAqXyIUZya6Qqe711OspVCI2ny2Vv35QqVO3-htt66ZWomAvVcZcv8yTfsiSFfJOydZoKvl_ttjLJVlJsblcJw-czwQ0zr9ZeqGDgeR77b2jD8xdtjtDn" >}} -或者通过**exists**运算符限制不匹配: +或者通过**notin**运算符限制不匹配: ```shell kubectl get pods -l 'environment,environment notin (frontend)' From 7cecd6a4ab2919b43ecd3573d40c6f43e7629d92 Mon Sep 17 00:00:00 2001 From: longalong <35618556+iamlongalong@users.noreply.github.com> Date: Thu, 16 Feb 2023 23:50:19 +0800 Subject: [PATCH 091/537] Update _index.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix markdown syntax mistake of "网络插件" link --- content/zh-cn/docs/concepts/extend-kubernetes/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/zh-cn/docs/concepts/extend-kubernetes/_index.md b/content/zh-cn/docs/concepts/extend-kubernetes/_index.md index e9b747100ced4..a69cf493e70aa 100644 --- a/content/zh-cn/docs/concepts/extend-kubernetes/_index.md +++ b/content/zh-cn/docs/concepts/extend-kubernetes/_index.md @@ -542,7 +542,7 @@ allow Kubernetes to work with different networking topologies and technologies. 你的 Kubernetes 集群需要一个**网络插件**才能拥有一个正常工作的 Pod 网络, 才能支持 Kubernetes 网络模型的其他方面。 -[网络插件](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/可以让 +[网络插件](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)可以让 Kubernetes 使用不同的网络拓扑和技术。 - -## Motivation - -Kubernetes {{< glossary_tooltip term_id="pod" text="Pods" >}} are created and destroyed -to match the desired state of your cluster. Pods are nonpermanent resources. If you use a {{< glossary_tooltip term_id="deployment" >}} to run your app, -it can create and destroy Pods dynamically. +that Deployment can create and destroy Pods dynamically. From one moment to the next, +you don't know how many of those Pods are working and healthy; you might not even know +what those healthy Pods are named. +Kubernetes {{< glossary_tooltip term_id="pod" text="Pods" >}} are created and destroyed +to match the desired state of your cluster. Pods are emphemeral resources (you should not +expect that an individual Pod is reliable and durable). -Each Pod gets its own IP address, however in a Deployment, the set of Pods -running in one moment in time could be different from -the set of Pods running that application a moment later. +Each Pod gets its own IP address (Kubernetes expects network plugins to ensure this). +For a given Deployment in your cluster, the set of Pods running in one moment in +time could be different from the set of Pods running that application a moment later. This leads to a problem: if some set of Pods (call them "backends") provides functionality to other Pods (call them "frontends") inside your cluster, @@ -42,14 +43,13 @@ to, so that the frontend can use the backend part of the workload? Enter _Services_. -## Service resources {#service-resource} + -In Kubernetes, a Service is an abstraction which defines a logical set of Pods -and a policy by which to access them (sometimes this pattern is called -a micro-service). The set of Pods targeted by a Service is usually determined -by a {{< glossary_tooltip text="selector" term_id="selector" >}}. -To learn about other ways to define Service endpoints, -see [Services _without_ selectors](#services-without-selectors). +## Services in Kubernetes + +The Service API, part of Kubernetes, is an abstraction to help you expose groups of +Pods over a network. Each Service object defines a logical set of endpoints (usually +these endpoints are Pods) along with a policy about how to make those pods accessible. For example, consider a stateless image-processing backend which is running with 3 replicas. Those replicas are fungible—frontends do not care which backend @@ -59,6 +59,26 @@ track of the set of backends themselves. The Service abstraction enables this decoupling. +The set of Pods targeted by a Service is usually determined +by a {{< glossary_tooltip text="selector" term_id="selector" >}} that you +define. +To learn about other ways to define Service endpoints, +see [Services _without_ selectors](#services-without-selectors). + +If your workload speaks HTTP, you might choose to use an +[Ingress](/docs/concepts/services-networking/ingress/) to control how web traffic +reaches that workload. +Ingress is not a Service type, but it acts as the entry point for your +cluster. An Ingress lets you consolidate your routing rules into a single resource, so +that you can expose multiple components of your workload, running separately in your +cluster, behind a single listener. + +The [Gateway](https://gateway-api.sigs.k8s.io/#what-is-the-gateway-api) API for Kubernetes +provides extra capabilities beyond Ingress and Service. You can add Gateway to your cluster - +it is a family of extension APIs, implemented using +{{< glossary_tooltip term_id="CustomResourceDefinition" text="CustomResourceDefinitions" >}} - +and then use these to configure access to network services that are running in your cluster. + ### Cloud-native service discovery If you're able to use Kubernetes APIs for service discovery in your application, @@ -69,6 +89,9 @@ whenever the set of Pods in a Service changes. For non-native applications, Kubernetes offers ways to place a network port or load balancer in between your application and the backend Pods. +Either way, your workload can use these [service discovery](#discovering-services) +mechanisms to find the target it wants to connect to. + ## Defining a Service A Service in Kubernetes is a REST object, similar to a Pod. Like all of the From 0dee0cf41e939d0aa3a09ff7d71a39506cc8f321 Mon Sep 17 00:00:00 2001 From: Shannon Kularathna Date: Thu, 16 Feb 2023 21:39:07 +0000 Subject: [PATCH 093/537] Clean up using secrets as files section --- .../en/docs/concepts/configuration/secret.md | 48 +++++++++---------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md index fc3bdc616d5f5..2186366fee9a6 100644 --- a/content/en/docs/concepts/configuration/secret.md +++ b/content/en/docs/concepts/configuration/secret.md @@ -201,25 +201,8 @@ If you want to access data from a Secret in a Pod, one way to do that is to have Kubernetes make the value of that Secret be available as a file inside the filesystem of one or more of the Pod's containers. -{{< note >}} -Versions of Kubernetes before v1.22 automatically created credentials for accessing -the Kubernetes API. This older mechanism was based on creating token Secrets that -could then be mounted into running Pods. -In more recent versions, including Kubernetes v{{< skew currentVersion >}}, API credentials -are obtained directly by using the [TokenRequest](/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) API, -and are mounted into Pods using a [projected volume](/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume). -The tokens obtained using this method have bounded lifetimes, and are automatically -invalidated when the Pod they are mounted into is deleted. - -You can still [manually create](/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-service-account-api-token) -a service account token Secret; for example, if you need a token that never expires. -However, using the [TokenRequest](/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) -subresource to obtain a token to access the API is recommended instead. -You can use the [`kubectl create token`](/docs/reference/generated/kubectl/kubectl-commands#-em-token-em-) -command to obtain a token from the `TokenRequest` API. -{{< /note >}} - -#### Mounted Secrets are updated automatically +For instructions, refer to +[Distribute credentials securely using Secrets](/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume). When a volume contains data from a Secret, and that Secret is updated, Kubernetes tracks this and updates the data in the volume, using an eventually-consistent approach. @@ -638,13 +621,28 @@ A `kubernetes.io/service-account-token` type of Secret is used to store a token credential that identifies a {{< glossary_tooltip text="service account" term_id="service-account" >}}. -Since 1.22, this type of Secret is no longer used to mount credentials into Pods, -and obtaining tokens via the [TokenRequest](/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) -API is recommended instead of using service account token Secret objects. -Tokens obtained from the `TokenRequest` API are more secure than ones stored in Secret objects, -because they have a bounded lifetime and are not readable by other API clients. -You can use the [`kubectl create token`](/docs/reference/generated/kubectl/kubectl-commands#-em-token-em-) +{{< note >}} +Versions of Kubernetes before v1.22 automatically created credentials for +accessing the Kubernetes API. This older mechanism was based on creating token +Secrets that could then be mounted into running Pods. +In more recent versions, including Kubernetes v{{< skew currentVersion >}}, API +credentials are obtained directly by using the +[TokenRequest](/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) +API, and are mounted into Pods using a +[projected volume](/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume). +The tokens obtained using this method have bounded lifetimes, and are +automatically invalidated when the Pod they are mounted into is deleted. + +You can still +[manually create](/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-service-account-api-token) +a service account token Secret; for example, if you need a token that never +expires. However, using the +[TokenRequest](/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) +subresource to obtain a token to access the API is recommended instead. +You can use the +[`kubectl create token`](/docs/reference/generated/kubectl/kubectl-commands#-em-token-em-) command to obtain a token from the `TokenRequest` API. +{{< /note >}} You should only create a service account token Secret object if you can't use the `TokenRequest` API to obtain a token, From 0effee1f4674f68a2f15f00e9f346dc585f8ccc9 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Fri, 17 Feb 2023 09:32:44 +0800 Subject: [PATCH 094/537] [zh] sync /translate-compose-kubernetes.md --- .../translate-compose-kubernetes.md | 80 +++++++++++-------- 1 file changed, 47 insertions(+), 33 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/translate-compose-kubernetes.md b/content/zh-cn/docs/tasks/configure-pod-container/translate-compose-kubernetes.md index 6a70baec9cdb9..7b10d43e5c1be 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/translate-compose-kubernetes.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/translate-compose-kubernetes.md @@ -188,28 +188,16 @@ you need is an existing `docker-compose.yml` file. 输出类似于: ```none - INFO Kubernetes file "frontend-service.yaml" created - INFO Kubernetes file "frontend-service.yaml" created - INFO Kubernetes file "frontend-service.yaml" created - INFO Kubernetes file "redis-master-service.yaml" created - INFO Kubernetes file "redis-master-service.yaml" created - INFO Kubernetes file "redis-master-service.yaml" created - INFO Kubernetes file "redis-slave-service.yaml" created - INFO Kubernetes file "redis-slave-service.yaml" created - INFO Kubernetes file "redis-slave-service.yaml" created - INFO Kubernetes file "frontend-deployment.yaml" created - INFO Kubernetes file "frontend-deployment.yaml" created - INFO Kubernetes file "frontend-deployment.yaml" created - INFO Kubernetes file "redis-master-deployment.yaml" created - INFO Kubernetes file "redis-master-deployment.yaml" created - INFO Kubernetes file "redis-master-deployment.yaml" created - INFO Kubernetes file "redis-slave-deployment.yaml" created - INFO Kubernetes file "redis-slave-deployment.yaml" created + INFO Kubernetes file "frontend-tcp-service.yaml" created + INFO Kubernetes file "redis-master-service.yaml" created + INFO Kubernetes file "redis-slave-service.yaml" created + INFO Kubernetes file "frontend-deployment.yaml" created + INFO Kubernetes file "redis-master-deployment.yaml" created INFO Kubernetes file "redis-slave-deployment.yaml" created ``` ```bash - kubectl apply -f frontend-service.yaml,redis-master-service.yaml,redis-slave-service.yaml,frontend-deployment.yaml,redis-master-deployment.yaml,redis-slave-deployment.yaml + kubectl apply -f frontend-tcp-service.yaml,redis-master-service.yaml,redis-slave-service.yaml,frontend-deployment.yaml,redis-master-deployment.yaml,redis-slave-deployment.yaml ``` +4. 清理。 + + + 你完成示例应用 Deployment 的测试之后,只需在 Shell 中运行以下命令,就能删除用过的资源。 + + ```sh + kubectl delete -f frontend-tcp-service.yaml,redis-master-service.yaml,redis-slave-service.yaml,frontend-deployment.yaml,redis-master-deployment.yaml,redis-slave-deployment.yaml + ``` + -{{< note >}} 如果使用 ``oc create -f`` 手动推送 OpenShift 工件,则需要确保在构建配置工件之前推送 imagestream 工件,以解决 OpenShift 的这个问题: https://github.com/openshift/origin/issues/4518。 {{< /note >}} @@ -659,10 +673,10 @@ If you want to create normal pods without controllers you can use `restart` cons | `on-failure` | Pod | `OnFailure` | | `no` | Pod | `Never` | +{{< note >}} -{{< note >}} 控制器对象可以是 `deployment` 或 `replicationcontroller`。 {{< /note >}} From 6a60f037d282e7225b528a03bee07985ab56d0a6 Mon Sep 17 00:00:00 2001 From: Jian Wen Date: Fri, 17 Feb 2023 11:45:17 +0800 Subject: [PATCH 095/537] Update content/en/docs/concepts/architecture/cgroups.md Co-authored-by: Qiming Teng --- content/en/docs/concepts/architecture/cgroups.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/concepts/architecture/cgroups.md b/content/en/docs/concepts/architecture/cgroups.md index 86627a65d185d..f2090dfe1c91a 100644 --- a/content/en/docs/concepts/architecture/cgroups.md +++ b/content/en/docs/concepts/architecture/cgroups.md @@ -103,7 +103,8 @@ updated to newer versions that support cgroup v2. For example: * If you run [cAdvisor](https://github.com/google/cadvisor) as a stand-alone DaemonSet for monitoring pods and containers, update it to v0.43.0 or later. * If you use JDK, prefer to use JDK 11.0.16 and later or JDK 15 and later, which [fully support cgroup v2](https://bugs.openjdk.org/browse/JDK-8230305). -* If you use uber-go/automaxprocs, update it to v1.5.1 or later. +* If you are using the [uber-go/automaxprocs](https://github.com/uber-go/automaxprocs) package, make sure + the version you use is v1.5.1 or higher. ## Identify the cgroup version on Linux Nodes {#check-cgroup-version} From 260d241ddc0d3e6b347cbeb74eddcb62060e5bf6 Mon Sep 17 00:00:00 2001 From: Kirill Kononovich <41591254+kirkonru@users.noreply.github.com> Date: Wed, 11 May 2022 11:28:31 +0300 Subject: [PATCH 096/537] [ru] Add RU localization for docs/concepts/containers/* Apply suggestions from code review Co-authored-by: Dmitry Shurupov --- content/ru/docs/concepts/architecture/cri.md | 31 ++ content/ru/docs/concepts/containers/_index.md | 33 ++ .../containers/container-environment.md | 51 +++ .../containers/container-lifecycle-hooks.md | 87 ++++++ content/ru/docs/concepts/containers/images.md | 294 ++++++++++++++++++ .../docs/concepts/containers/runtime-class.md | 131 ++++++++ .../glossary/container-runtime-interface.md | 18 ++ .../reference/glossary/container-runtime.md | 10 +- .../ru/docs/reference/glossary/namespace.md | 17 + content/ru/docs/reference/glossary/secret.md | 18 ++ .../reference/glossary/service-account.md | 18 ++ 11 files changed, 703 insertions(+), 5 deletions(-) create mode 100644 content/ru/docs/concepts/architecture/cri.md create mode 100644 content/ru/docs/concepts/containers/_index.md create mode 100644 content/ru/docs/concepts/containers/container-environment.md create mode 100644 content/ru/docs/concepts/containers/container-lifecycle-hooks.md create mode 100644 content/ru/docs/concepts/containers/images.md create mode 100644 content/ru/docs/concepts/containers/runtime-class.md create mode 100644 content/ru/docs/reference/glossary/container-runtime-interface.md create mode 100644 content/ru/docs/reference/glossary/namespace.md create mode 100644 content/ru/docs/reference/glossary/secret.md create mode 100644 content/ru/docs/reference/glossary/service-account.md diff --git a/content/ru/docs/concepts/architecture/cri.md b/content/ru/docs/concepts/architecture/cri.md new file mode 100644 index 0000000000000..efa0708d75e17 --- /dev/null +++ b/content/ru/docs/concepts/architecture/cri.md @@ -0,0 +1,31 @@ +--- +title: Container Runtime Interface (CRI) +content_type: concept +weight: 50 +--- + + + +Интерфейс CRI позволяет kubelet работать с различными исполняемыми средами контейнеров без необходимости перекомпиляции компонентов кластера. + +{{}} должна работать на всех узлах кластера, чтобы {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} мог запускать {{< glossary_tooltip text="Pod'ы" term_id="pod" >}} и их контейнеры. + +{{< glossary_definition prepend="Интерфейс Kubernetes Container Runtime Interface (CRI)" term_id="container-runtime-interface" length="all" >}} + + + +## API {#api} + +{{< feature-state for_k8s_version="v1.23" state="stable" >}} + +Kubelet выступает в роли клиента при подключении к исполняемой среде через gRPC. Конечные точки ImageService и RuntimeService должны быть доступны в исполняемой среде контейнеров; в kubelet их можно настроить независимо с помощью [флагов командной строки](/docs/reference/command-line-tools-reference/kubelet) `--image-service-endpoint` и `--container-runtime-endpoint`. + +В Kubernetes v{{< skew currentVersion >}} kubelet предпочитает использовать CRI `v1`. Если исполняемая среда контейнера не поддерживает `v1` CRI, kubelet пытается перейти на более старую поддерживаемую версию. В версии v{{< skew currentVersion >}} kubelet также может работать с CRI `v1alpha2`, но эта версия считается устаревшей. Если согласовать поддерживаемую версию CRI не удается, узел не регистрируется. + +## Обновление + +При обновлении Kubernetes kubelet автоматически выбирает последнюю версию CRI при перезапуске компонента. Если это не удается, происходит откат, как описано выше. Если повторный вызов gRPC произошел из-за обновления исполняемой среды контейнера, последняя также должна поддерживать первоначально выбранную версию, иначе повторный вызов будет неудачным. Для этого требуется перезапуск kubelet'а. + +## {{% heading "whatsnext" %}} + +- Дополнительная информация о [протоколе CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b/pkg/apis/runtime/v1/api.proto) diff --git a/content/ru/docs/concepts/containers/_index.md b/content/ru/docs/concepts/containers/_index.md new file mode 100644 index 0000000000000..e04cb3cdb1898 --- /dev/null +++ b/content/ru/docs/concepts/containers/_index.md @@ -0,0 +1,33 @@ +--- +title: Контейнеры +weight: 40 +description: Технология упаковки приложения вместе с его runtime-зависимостями. +reviewers: +content_type: concept +no_list: true +--- + + + +Каждый запускаемый контейнер воспроизводим; стандартизация благодаря включению зависимостей позволяет каждый раз получать одинаковое поведение при запуске. + +Контейнеры абстрагируют приложения от базовой инфраструктуры хоста, упрощая развертывание в различных облачных средах или ОС. + + + + + + +## Образы контейнеров +[Образ контейнера](/docs/concepts/containers/images/) – это готовый к запуску пакет программного обеспечения, содержащий все необходимое для запуска приложения: код, среду исполнения, прикладные и системные библиотеки, а также значения по умолчанию всех важных параметров. + +Контейнер по определению неизменяем (immutable): код работающего контейнера невозможно поменять. Чтобы внести правки в контейнеризованное приложение, необходимо собрать новый образ, содержащий эти правки, а затем запустить контейнер на базе обновленного образа. + +## Исполняемые среды контейнеров + +{{< glossary_definition term_id="container-runtime" length="all" >}} + +## {{% heading "whatsnext" %}} + +* Раздел об [образах контейнеров](/docs/concepts/containers/images/). +* Раздел о [Pod'ах](/docs/concepts/workloads/pods/). diff --git a/content/ru/docs/concepts/containers/container-environment.md b/content/ru/docs/concepts/containers/container-environment.md new file mode 100644 index 0000000000000..465f841615453 --- /dev/null +++ b/content/ru/docs/concepts/containers/container-environment.md @@ -0,0 +1,51 @@ +--- +reviewers: +title: Контейнерное окружение +content_type: concept +weight: 20 +--- + + + +На этой странице описаны ресурсы, доступные для контейнеров в соответствующем окружении. + + + + + + +## Контейнерное окружение + +Контейнерное окружение Kubernetes предоставляет контейнерам несколько важных ресурсов: + +* Файловую систему, сочетающую в себе [образ](/docs/concepts/containers/images/) и один или несколько [томов](/docs/concepts/storage/volumes/). +* Информацию о самом контейнере. +* Информацию о других объектах в кластере. + +### Информация о контейнере + +*Hostname* контейнера — имя Pod'а, в котором запущен контейнер. Его можно получить с помощью команды `hostname` или функции [`gethostname`](https://man7.org/linux/man-pages/man2/gethostname.2.html) в libc. + +Имя Pod'а и его пространство имен можно получить из переменных окружения в [Downward API](/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/). + +Контейнеру также доступны переменные окружения из определения Pod'а, заданные пользователем, а также любые переменные окружения, указанные статически в образе контейнера. + +### Информация о кластере + +Список всех сервисов, активных на момент создания контейнера, доступен этому контейнеру в виде переменных окружения. Этот список ограничен сервисами в пространстве имен, которому принадлежит Pod с данным контейнером, а также сервисами управляющего слоя Kubernetes. + +Для сервиса *foo*, связанного с контейнером *bar*, определены следующие переменные: + +```shell +FOO_SERVICE_HOST=<хост, на котором запущен сервис> +FOO_SERVICE_PORT=<порт, на котором запущен сервис> +``` + +Сервисы получают выделенные IP-адреса и доступны для контейнера через DNS, если включен [аддон DNS](https://releases.k8s.io/{{< param "fullversion" >}}/cluster/addons/dns/). + + +## {{% heading "whatsnext" %}} + + +* [Хуки жизненного цикла контейнера](/docs/concepts/containers/container-lifecycle-hooks/). +* Упражнение: [Подключаем обработчики к событиям жизненного цикла контейнера](/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/). diff --git a/content/ru/docs/concepts/containers/container-lifecycle-hooks.md b/content/ru/docs/concepts/containers/container-lifecycle-hooks.md new file mode 100644 index 0000000000000..78f6bce799595 --- /dev/null +++ b/content/ru/docs/concepts/containers/container-lifecycle-hooks.md @@ -0,0 +1,87 @@ +--- +reviewers: +- TBD +- TBD +title: Хуки жизненного цикла контейнеров +content_type: concept +weight: 30 +--- + + + +На этой странице описывается, как контейнеры под управлением kubelet могут использовать механизм хуков для запуска кода, инициированного событиями во время своего жизненного цикла. + + + + + + +## Общая информация + +Многие платформы для разработки предлагают хуки жизненного цикла компонентов (например, Angular). Kubernetes имеет аналогичный механизм. Хуки позволяют контейнерам оставаться в курсе событий своего жизненного цикла и запускать запакованный в обработчик код при наступлении определенных событий, приводящих к вызову хука. + +## Хуки контейнеров + +В распоряжении контейнеров имеются два хука: + +`PostStart` + +Выполняется сразу после создания контейнера. Однако нет гарантии, что хук закончит работу до ENTRYPOINT контейнера. Параметры обработчику не передаются. + +`PreStop` + +Вызывается непосредственно перед завершением работы контейнера в результате запроса API или иного события (например, неудачное завершение теста liveness/startup, вытеснение, борьба за ресурсы и т.п.). Вызов хука `PreStop` завершается неудачно, если контейнер уже находится в прерванном (terminated) или завершенном (completed) состоянии. Кроме того, работа хука должна закончиться до того, как будет отправлен сигнал TERM для остановки контейнера. Отсчет задержки перед принудительной остановкой Pod'а (grace-период) начинается до вызова хука `PreStop`. Таким образом, независимо от результата выполнения обработчика, контейнер будет остановлен в течение этого grace-периода. Параметры обработчику не передаются. + +Более подробное описание поведения при прекращении работы можно найти в разделе [Прекращение работы Pod'ов](/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination). + +### Реализации обработчиков хуков + +Чтобы контейнер имел доступ к хуку, необходимо реализовать и зарегистрировать обработчик для этого хука. Существует два типа обработчиков хуков, доступных для контейнеров: + +* Exec — Выполняет определенную команду, например, `pre-stop.sh`, внутри cgroups и пространств имен контейнера. Ресурсы, потребляемые командой, прибавляются к ресурсам, потребляемым контейнером. +* HTTP — Выполняет HTTP-запрос к определенной конечной точке контейнера. + +### Выполнение обработчиков хуков + +При вызове хука, привязанного к жизненному циклу контейнера, система управления Kubernetes выполняет обработчик в соответствии с типом хука: kubelet отвечает за `httpGet` и `tcpSocket`, а `exec` выполняется в контейнере. + +Вызовы обработчиков хуков синхронны в контексте Pod'а, содержащего контейнер. Это означает, что в случае `PostStart`-хука ENTRYPOINT контейнера и хук запускаются асинхронно. При этом если хук выполняется слишком долго или зависает, контейнер не может достичь состояния `Running`. + +Хуки `PreStop` не запускаются асинхронно с сигналом на остановку контейнера; хук должен завершить свою работу до отправки сигнала TERM. Если хук `PreStop` зависнет во время выполнения, Pod будет пребывать в состоянии `Terminating` до истечения периода `terminationGracePeriodSeconds`, после чего Kubernetes "убьет" его. Этот grace-период включает как время, которое требуется для выполнения хука `PreStop`, так и время, необходимое для нормальной остановки контейнера. Например, если `terminationGracePeriodSeconds` равен 60, работа хука занимает 55 секунд, а контейнеру требуется 10 секунд для нормальной остановки после получения сигнала, то контейнер будет "убит" до того, как сможет нормально завершить свою работу, поскольку `terminationGracePeriodSeconds` меньше, чем суммарное время (55+10), необходимое для работы хука и остановки контейнера. + +Если любой из хуков `postStart` / `preStop` завершается неудачей, Kubernetes "убивает" контейнер. + +Поэтому обработчики для хуков должны быть максимально простыми. Однако бывают случаи, когда применение "тяжелых" команд оправдано – например, при сохранении состояния перед остановкой контейнера. + +### Гарантии поставки хука + +Хук должен выполниться *хотя бы один раз*. Это означает, что он может вызываться неоднократно для любого события вроде `PostStart` или `PreStop`. Задача по правильной обработке подобных вызовов возложена на сам хук. + +Как правило, поставка хука выполняется однократно. Если, например, приемник HTTP-хука не работает и не может принимать трафик, повторная попытка отправки не предпринимается. В редких случаях может происходить двойная поставка. Например, если kubelet перезапустится в процессе доставки хука, тот может быть отправлен повторно. + +### Отладка обработчиков хуков + +Логи обработчиков хуков не отображаются в событиях Pod'а. В случае сбоя обработчика тот транслирует событие. Для `PostStart` это событие `FailedPostStartHook`, для `PreStop` — событие `FailedPreStopHook`. Чтобы самостоятельно сгенерировать событие `FailedPreStopHook`, в манифесте [lifecycle-events.yaml](https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/pods/lifecycle-events.yaml) замените команду для postStart на что-то заведомо невыполнимое (`badcommand`) и примените его. Если теперь выполнить команду `kubectl describe pod lifecycle-demo`, вы увидите следующее: + +``` +Events: + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal Scheduled 7s default-scheduler Successfully assigned default/lifecycle-demo to ip-XXX-XXX-XX-XX.us-east-2... + Normal Pulled 6s kubelet Successfully pulled image "nginx" in 229.604315ms + Normal Pulling 4s (x2 over 6s) kubelet Pulling image "nginx" + Normal Created 4s (x2 over 5s) kubelet Created container lifecycle-demo-container + Normal Started 4s (x2 over 5s) kubelet Started container lifecycle-demo-container + Warning FailedPostStartHook 4s (x2 over 5s) kubelet Exec lifecycle hook ([badcommand]) for Container "lifecycle-demo-container" in Pod "lifecycle-demo_default(30229739-9651-4e5a-9a32-a8f1688862db)" failed - error: command 'badcommand' exited with 126: , message: "OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: \"badcommand\": executable file not found in $PATH: unknown\r\n" + Normal Killing 4s (x2 over 5s) kubelet FailedPostStartHook + Normal Pulled 4s kubelet Successfully pulled image "nginx" in 215.66395ms + Warning BackOff 2s (x2 over 3s) kubelet Back-off restarting failed container +``` + + + +## {{% heading "whatsnext" %}} + + +* Дополнительная информация о [контейнерном окружении](/docs/concepts/containers/container-environment/). +* Упражнение: [Подключаем обработчики к событиям жизненного цикла контейнера](/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/). diff --git a/content/ru/docs/concepts/containers/images.md b/content/ru/docs/concepts/containers/images.md new file mode 100644 index 0000000000000..3b78e08ed0512 --- /dev/null +++ b/content/ru/docs/concepts/containers/images.md @@ -0,0 +1,294 @@ +--- +reviewers: +title: Образы +content_type: concept +weight: 10 +--- + + + +Образ контейнера содержит исполняемые данные приложения и всех его программных зависимостей. Образы контейнеров — это исполняемые пакеты программного обеспечения, способные автономно работать и дополненные конкретными предположениями о соответствующей среде исполнения. + +Как правило, образ контейнера с приложением предварительно собирается и размещается в реестре, после чего его можно использовать в {{< glossary_tooltip text="Pod'е" term_id="pod" >}}. + +На этой странице представлено общее описание концепции контейнерных образов. + + + +## Названия образов + +Образам контейнеров обычно присваивается имя, намекающее на их функционал и цели, например, `pause`, `example/mycontainer` или `kube-apiserver`. Образы также могут включать имя хоста реестра, например, `fictional.registry.example/imagename`, и (в некоторых случаях) номер порта, например, `fictional.registry.example:10443/imagename`. + +Если имя хоста реестра не указано, Kubernetes по умолчанию будет использовать публичный реестр Docker. + +После имени образа можно добавить _тег_ (как, например, в командах `docker` и `podman`). Теги помогают идентифицировать различные версии одной и той же линейки образов. + +Теги образов могут состоять из строчных и прописных букв, цифр, знаков подчеркивания (`_`), точек (`.`) и дефисов (`-`). +Кроме того, существуют дополнительные правила размещения символов-разделителей (`_`, `-` и `.`) внутри тега. +Если тег не указан, Kubernetes по умолчанию использует тег `latest`. + +## Обновление образов + +При первоначальном создании объекта типа {{< glossary_tooltip text="Deployment" term_id="deployment" >}}, {{< glossary_tooltip text="StatefulSet" term_id="statefulset" >}}, Pod или другого объекта, включающего шаблон Pod'а, политика извлечения всех контейнеров в этом Pod'е будет по умолчанию установлена на `IfNotPresent`, если иное не указано явно. В рамках этой политики {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} не извлекает образ, если тот уже присутствует в кэше. + +### Политика извлечения образов + +Политика `imagePullPolicy` контейнера и тег образа определяют поведение [kubelet'а](/docs/reference/command-line-tools-reference/kubelet/) при извлечении (загрузке) данного образа. + +Вот список возможных значений `imagePullPolicy` и их влияние: + +`IfNotPresent` +: образ извлекается только в том случае, если он еще не доступен локально. + +`Always` +: каждый раз при запуске контейнера kubelet запрашивает [дайджест](https://docs.docker.com/engine/reference/commandline/pull/#pull-an-image-by-digest-immutable-identifier) образа в реестре образов контейнеров. Если полученный дайджест полностью совпадает с дайджестом кэшированного образа, kubelet использует кэшированный образ; иначе извлекается и используется образ с полученным дайждестом. + +`Never` +: kubelet не пытается скачать образ. Если образ уже присутствует локально, kubelet пытается запустить контейнер; в противном случае запуск завершается неудачей. Для получения более подробной информации обратитесь к разделу о [предварительно извлеченных](#предварительно-извлеченные-образы) (pre-pulled) образах. + +Благодаря семантике кэширования, лежащей в основе механизма поставки образов, даже `imagePullPolicy: Always` может быть вполне эффективной (при условии, что реестр надежно доступен). Исполняемая среда для контейнера может обнаружить, что слои образов уже имеются на узле и их не нужно скачивать еще раз. + +{{< note >}} +Избегайте использования тега `:latest` при развертывании контейнеров в production, поскольку в этом случае не понятно, какая именно версия образа используется и на какую ее нужно откатить при необходимости. + +Всегда указывайте содержательный тег, например `v1.42.0`. +{{< /note >}} + +Чтобы убедиться, что Pod всегда использует одну и ту же версию образа контейнера, можно указать дайджест образа вместо тега; для этого замените `:` на `@` +(например, `image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2`). + +Изменение кода, к которому привязан некий тег, может привести к тому, что в Pod'ах окажется две версии кода — старая и новая. Дайджест образа однозначно идентифицирует конкретную версию образа, что гарантирует идентичность кода при запуске контейнера с заданным именем образа и дайджестом. Таким образом, изменение кода в реестре уже не может привести к смешению версий. + +Существуют сторонние [admission-контроллеры](/docs/reference/access-authn-authz/admission-controllers/), которые модифицируют Pod'ы (и их шаблоны) при создании, из-за чего рабочая нагрузка определяется на основе дайджеста образа, а не тега. Это может быть полезно в случаях, когда необходимо убедиться, что вся рабочая нагрузка использует идентичный код независимо от изменений тегов в реестре. + +#### Политика извлечения образов по умолчанию {#imagepullpolicy-defaulting} + +Когда информация о новом Pod'е поступает на сервер API, кластер устанавливает поле `imagePullPolicy` в соответствии со следующими условиями: + + +- `imagePullPolicy` автоматически присваивается значение `Always`, если поле `imagePullPolicy` не задано, а тег для образа контейнера имеет значение `:latest`; +- `imagePullPolicy` автоматически присваивается значение `Always`, если поле `imagePullPolicy` не задано, а тег для образа контейнера не указан; +- `imagePullPolicy` автоматически присваивается значение `IfNotPresent`, если поле `imagePullPolicy` не задано, а тег для образа контейнера имеет значение, отличное от `:latest`. + +{{< note >}} +Значение `imagePullPolicy` контейнера всегда устанавливается при первом _создании_ объекта и не обновляется при последующем изменении тега образа. + +Например, если в Deployment'е используется образ с тегом, _отличным_ от `:latest`, а потом он меняется на `:latest`, поле `imagePullPolicy` останется прежним (т.е. _не_ будет изменено на `Always`). После первоначального создания любого объекта его политику извлечения можно изменить вручную. +{{< /note >}} + +#### Обязательное извлечение образов + +Для принудительного извлечения образов можно сделать следующее: + +- Установить `imagePullPolicy` контейнера в `Always`; +- Не устанавливать `imagePullPolicy` и использовать тег `:latest` для образа; Kubernetes автоматически поменяет политику на `Always`, получив информацию о Pod'е; +- Не устанавливать `imagePullPolicy` и тег образа; Kubernetes автоматически применит политику `Always`, получив информацию о Pod'е; +- Включить admission-контроллер [AlwaysPullImages](/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages). + + +### ImagePullBackOff + +При создании kubelet'ом контейнеров для Pod'а может возникнуть ситуация, когда контейнер пребывает в состоянии [Waiting](/docs/concepts/workloads/pods/pod-lifecycle/#container-state-waiting) из-за `ImagePullBackOff`. + +Статус `ImagePullBackOff` означает, что контейнер не может запуститься, поскольку у Kubernetes не получается извлечь его образ (например, из-за ошибки в имени или попытки извлечь образ из приватного репозитория без `imagePullSecret`). `BackOff` в названии статуса указывает на то, что Kubernetes будет продолжать попытки извлечь образ, постепенно увеличивая интервал между ними. + +Так, интервал между попытками будет расти до тех пор, пока не достигнет установленного предела в 300 секунд (5 минут). + +## Мультиархитектурные образы с индексами + +Помимо обычных исполняемых образов реестр контейнеров также может хранить так называемые [индексы образов](https://github.com/opencontainers/image-spec/blob/master/image-index.md). Индекс образа содержит ссылки на различные [манифесты образов](https://github.com/opencontainers/image-spec/blob/master/manifest.md), каждый из которых предназначен для определенной архитектуры. Идея здесь в том, чтобы любой пользователь мог получить образ, оптимизированный под конкретную архитектуру, используя его унифицированное, общее для всех архитектур имя (например, `pause`, `example/mycontainer`, `kube-apiserver`). + +Сам Kubernetes обычно добавляет суффикс `-$(ARCH)` к имени образа. Для обратной совместимости также рекомендуется генерировать образы с суффиксами в названиях. Например, универсальный образ `pause`, содержащий манифест для всех архитектур, рекомендуется дополнить образом `pause-amd64` для обратной совместимости со старыми конфигурациями или YAML-файлами, в которых могут быть жестко прописаны образы с суффиксами. + +## Работа с приватным реестром + +Для чтения образов из приватных реестров могут потребоваться соответствующие ключи. +Доступ к таким реестрам можно получить следующими способами: + - Аутентификация на уровне узлов: + - все Pod'ы имеют доступ ко всем настроенным приватным реестрам; + - требуется конфигурация узлов администратором кластера; + - Предварительно извлеченные образы: + - все Pod'ы могут использовать любые образы, кэшированные на узле; + - для настройки требуется root-доступ ко всем узлам; + - imagePullSecrets на уровне Pod'а: + - доступ к реестру получают только Pod'ы с ключами; + - Специализированные расширения от вендора/пользователя: + - в кастомных конфигурациях могут существовать специализированные механизмы аутентификации узлов в реестре контейнеров, реализованные самим пользователем или поставщиком облачных услуг. + +Ниже мы подробнее остановимся на каждом из вариантов. + +### Аутентификация на уровне узлов + +Конкретные инструкции по настройке учетных данных зависят от среды исполнения контейнера и реестра. Для получения наиболее подробной информации следует обратиться к документации используемого решения. + +Пример настройки частного реестра образов контейнеров приводится в упражнении [Извлекаем образ из частного реестра](/docs/tasks/configure-pod-container/pull-image-private-registry). В нем используется частный реестр в Docker Hub. + +### Интерпретация config.json {#config-json} + +Интерпретация `config.json` отличается в оригинальной Docker-реализации и в Kubernetes. В Docker ключи `auths` могут указывать только корневые URL, в то время как Kubernetes позволяет использовать URL с подстановками (globbing) и пути с префиксами. То есть `config.json`, подобный этому, вполне допустим: + +```json +{ + "auths": { + "*my-registry.io/images": { + "auth": "…" + } + } +} +``` + +Корневой URL (`*my-registry.io`) сопоставляется с помощью следующего синтаксиса: + +``` +pattern: + { term } + +term: + '*' соответствует любой последовательности символов, не являющихся разделителями + '?' соответствует любому одиночному символу, не являющемуся разделителем + '[' [ '^' ] { диапазон символов } ']' + класс символов (не может быть пустым) + c соответствует символу c (c != '*', '?', '\\', '[') + '\\' c соответствует символу c + +диапазон символов: + c соответствует символу c (c != '\\', '-', ']') + '\\' c соответствует символу c + lo '-' hi соответствует символу c при lo <= c <= hi +``` + +Учетные данные теперь будут передаваться в CRI-совместимую исполняемую среду для контейнеров для каждого действительного шаблона. Ниже приведены примеры имен образов, удовлетворяющие требованиям к паттерну: + +- `my-registry.io/images` +- `my-registry.io/images/my-image` +- `my-registry.io/images/another-image` +- `sub.my-registry.io/images/my-image` +- `a.sub.my-registry.io/images/my-image` + +kubelet последовательно извлекает образы для каждой обнаруженной учетной записи. Это означает, что `config.json` может содержать сразу несколько записей: + +```json +{ + "auths": { + "my-registry.io/images": { + "auth": "…" + }, + "my-registry.io/images/subpath": { + "auth": "…" + } + } +} +``` + +К примеру, если необходимо извлечь образ `my-registry.io/images/subpath/my-image`, kubelet будет пытаться загрузить его из второго источника, если первый не работает. + +### Предварительно извлеченные образы + +{{< note >}} +Этот подход применим, если имеется доступ к конфигурации узлов. Он не будет надежно работать, если поставщик облачных услуг управляет узлами и автоматически заменяет их. +{{< /note >}} + +По умолчанию kubelet пытается извлечь каждый образ из указанного реестра. Однако если параметр `imagePullPolicy` контейнера установлен на `IfNotPresent` или `Never`, используется локальный образ (преимущественно или исключительно, соответственно). + +Чтобы использовать предварительно извлеченные образы (и не связываться с аутентификацией для доступа к реестру), необходимо убедиться, что они идентичны на всех узлах кластера. + +Предварительная загрузка образов позволяет увеличить скорость работы и является альтернативой аутентификации в приватном реестре. + +При этом у всех Pod'ов будет доступ на чтение всех предварительно извлеченных образов. + +### Задаем imagePullSecrets на уровне Pod'а + +{{< note >}} +Это рекомендуемый подход для запуска контейнеров на основе образов в приватных реестрах. +{{< /note >}} + +Kubernetes поддерживает указание ключей реестра образов на уровне Pod'а. + +#### Создаем Secret с помощью конфигурационного файла Docker + +Для аутентификации в реестре необходимо знать имя пользователя, пароль, имя хоста реестра и адрес электронной почты клиента. + +Выполните следующую команду, подставив соответствующие значения вместо параметров, выделенных заглавными буквами: + +```shell +kubectl create secret docker-registry --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL +``` + +При наличии файла учетных данных Docker можно импортировать их как {{< glossary_tooltip text="Secret'ы" term_id="secret" >}} Kubernetes вместо команды, приведенной выше. + +В разделе [Создание Secret'а на основе существующих учетных данных Docker](/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials) рассказывается, как это можно сделать. + +Это особенно удобно в случае нескольких приватных реестров контейнеров, так как `kubectl create secret docker-registry` создает Secret, который работает только с одним приватным реестром. + +{{< note >}} +Pod'ы могут работать только с Secret'ами в собственном пространстве имен, поэтому данный процесс необходимо повторить для каждого пространства имен. +{{< /note >}} + +#### Ссылаемся на imagePullSecrets в Pod'е + +Теперь можно создавать Pod'ы, ссылающиеся на данный Secret, добавив раздел `imagePullSecrets` в манифест Pod'а. + +Например: + +```shell +cat < pod.yaml +apiVersion: v1 +kind: Pod +metadata: + name: foo + namespace: awesomeapps +spec: + containers: + - name: foo + image: janedoe/awesomeapp:v1 + imagePullSecrets: + - name: myregistrykey +EOF + +cat <> ./kustomization.yaml +resources: +- pod.yaml +EOF +``` + +Это необходимо проделать для каждого Pod'а, работающего с приватным репозиторием. + +Процесс можно автоматизировать, задав imagePullSecrets в ресурсе [ServiceAccount](/docs/tasks/configure-pod-container/configure-service-account/). + +Подробные инструкции см. в разделе [Добавить ImagePullSecrets в Service Account](/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account). + +Этот подход можно использовать совместно с файлами `.docker/config.json`, определяемыми для каждого узла. Учетные данные будут объединены. + +## Примеры использования + +Существует ряд решений для настройки приватных реестров. Вот некоторые распространенные случаи использования и рекомендуемые решения: + +1. Кластер, работающий только со свободными (например, Open Source) образами. Необходимость скрывать образы отсутствует. + - Используйте общедоступные образы из Docker Hub; + - Настройка не требуется; + - Некоторые облачные провайдеры автоматически кэшируют или зеркалируют публичные образы, что повышает доступность и сокращает время их извлечения. +1. В кластере используются закрытые образы. Они должны быть скрыты для всех за пределами компании, но доступны для всех пользователей кластера. + - Используйте приватный репозиторий; + - Может потребоваться ручная настройка на узлах, которым необходим доступ к частному репозиторию; + - В качестве альтернативы можно завести внутренний приватный реестр с доступом на чтение, скрыв его за сетевым экраном; + - Настройка Kubernetes не требуется; + - Используйте сервис для работы с образами, контролирующий доступ к ним; + - Этот подход лучше работает с автомасштабированием кластера, нежели ручная настройка узлов; + - Если изменение конфигурации узлов в кластере затруднено, можно использовать imagePullSecrets. +1. Кластер с несвободными образами, некоторые из которых требуют более строгого контроля доступа. + - Убедитесь, что [AlwaysPullImages admission-контроллер](/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages) включен. В противном случае у всех Pod'ов потенциально будет доступ ко всем образам; + - Переместите конфиденциальные данные в Secret вместо того, чтобы упаковывать их в образ. +1. Кластер категории multi-tenant (многопользовательский), где каждому пользователю требуется собственный приватный репозиторий. + - Убедитесь, что [admission-контроллер AlwaysPullImages](/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages) включен. В противном случае у всех Pod'ов всех пользователей потенциально будет доступ ко всем образам; + - Создайте приватный реестр с обязательной авторизацией; + - Сгенерируйте учетные данные для доступа к реестру для каждого пользователя, поместите их в Secret и добавьте его в пространство имен каждого пользователя; + - Каждый пользователь должен добавить свой Secret в imagePullSecrets каждого пространства имен. + + +Если нужен доступ к нескольким реестрам, можно создать по Secret'у для каждого реестра. + +## {{% heading "whatsnext" %}} + +* [Спецификация манифестов образов OCI](https://github.com/opencontainers/image-spec/blob/master/manifest.md). +* Сборка "мусора" в Kubernetes — [неиспользуемые контейнеры и образы](/docs/concepts/architecture/garbage-collection/#container-image-garbage-collection). +* [Извлечение образов из приватных репозиториев](/docs/tasks/configure-pod-container/pull-image-private-registry). diff --git a/content/ru/docs/concepts/containers/runtime-class.md b/content/ru/docs/concepts/containers/runtime-class.md new file mode 100644 index 0000000000000..7169da2868f73 --- /dev/null +++ b/content/ru/docs/concepts/containers/runtime-class.md @@ -0,0 +1,131 @@ +--- +reviewers: +title: RuntimeClass +content_type: concept +weight: 20 +--- + + + +{{< feature-state for_k8s_version="v1.20" state="stable" >}} + +На этой странице описывается ресурс RuntimeClass и механизм выбора исполняемой среды. + +RuntimeClass позволяет выбрать конфигурацию исполняемой среды для контейнеров. Используется для настройки исполняемой среды в Pod'е. + + + +## Мотивация + +Разным Pod'ам можно назначать различные RuntimeClass'ы, соблюдая баланс между производительностью и безопасностью. Например, если часть рабочей нагрузки требует высокого уровня информационной безопасности, связанные с ней Pod'ы можно запланировать так, чтобы они использовали исполняемую среду для контейнеров на основе аппаратной виртуализации. Это обеспечит повышенную изоляцию, но потребует дополнительных издержек. + +Также можно использовать RuntimeClass для запуска различных Pod'ов с одинаковой исполняемой средой, но с разными настройками. + +## Подготовка + +1. Настройте реализацию CRI на узлах (зависит от используемой исполняемой среды); +2. Создайте соответствующие ресурсы RuntimeClass. + +### 1. Настройте реализацию CRI на узлах + +Конфигурации, доступные с помощью RuntimeClass, зависят от реализации Container Runtime Interface (CRI). Для настройки определенной реализации CRI обратитесь к соответствующему разделу документации ([ниже](#cri-configuration)). + +{{< note >}} +По умолчанию RuntimeClass предполагает однородную конфигурацию узлов в кластере (то есть все узлы настроены одинаково в плане исполняемой среды для контейнеров). Для гетерогенных конфигураций узлов см. раздел [Scheduling](#scheduling) ниже. +{{< /note >}} + +Каждой конфигурации соответствует обработчик, на который ссылается RuntimeClass. Имя обработчика должно соответствовать [синтаксису для меток DNS](/docs/concepts/overview/working-with-objects/names/#dns-label-names). + +### 2. Создайте соответствующие ресурсы RuntimeClass + +К каждой конфигурации, настроенной на шаге 1, должно быть привязано имя обработчика (`handler`), которое ее идентифицирует. Для каждого обработчика создайте соответствующий объект RuntimeClass. + +На данный момент у ресурса RuntimeClass есть только 2 значимых поля: имя RuntimeClass (`metadata.name`) и обработчик (`handler`). Определение объекта выглядит следующим образом: + +```yaml +# RuntimeClass определен в API-группе node.k8s.io +apiVersion: node.k8s.io/v1 +kind: RuntimeClass +metadata: + # Имя, которое ссылается на RuntimeClass + # ресурс RuntimeClass не включается в пространство имен + name: myclass +# Имя соответствующей конфигурации CRI +handler: myconfiguration +``` + +Имя объекта RuntimeClass должно удовлетворять [синтаксису для поддоменных имен DNS](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). + +{{< note >}} +Рекомендуется ограничить доступ к операциям записи RuntimeClass (create/update/patch/delete) администратором кластера. Обычно это сделано по умолчанию. Более подробную информацию см. в разделе [Общая информация об авторизации](/docs/reference/access-authn-authz/authorization/). +{{< /note >}} + +## Использование + +После того как RuntimeClasses настроены для кластера, использовать их очень просто. Достаточно указать `runtimeClassName` в спецификации Pod'а. Например: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + runtimeClassName: myclass + # ... +``` + +kubelet будет использовать указанный RuntimeClass для запуска этого Pod'а. Если указанный RuntimeClass не существует или CRI не может запустить соответствующий обработчик, Pod войдет в [фазу завершения работы](/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase) `Failed`. Полное сообщение об ошибке можно получить, обратившись к соответствующему [событию](/docs/tasks/debug/debug-application/debug-running-pod/) (event). + +Если имя `runtimeClassName` не указано, будет использоваться RuntimeHandler по умолчанию (что эквивалентно поведению, когда функция RuntimeClass отключена). + +### Настройка CRI + +Для получения более подробной информации о настройке исполняемых сред CRI обратитесь к разделу [Установка CRI](/docs/setup/production-environment/container-runtimes/). + +#### {{< glossary_tooltip term_id="containerd" >}} + +Обработчики исполняемой среды настраиваются в конфигурации containerd в файле `/etc/containerd/config.toml`. Допустимые обработчики прописываются в разделе runtimes: + +``` +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${HANDLER_NAME}] +``` + +Дополнительная информация доступна в [документации по конфигурации containerd](https://github.com/containerd/cri/blob/master/docs/config.md). + +#### {{< glossary_tooltip term_id="cri-o" >}} + +Обработчики исполняемой среды настраиваются в файле конфигурации CRI-O (`/etc/crio/crio.conf`). Допустимые обработчики прописываются в [таблице crio.runtime](https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md#crioruntime-table): + +``` +[crio.runtime.runtimes.${HANDLER_NAME}] + runtime_path = "${PATH_TO_BINARY}" +``` + +Более подробную информацию см. в [документации по конфигурации CRI-O](https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md). + +## Scheduling + +{{< feature-state for_k8s_version="v1.16" state="beta" >}} + +Поле `scheduling` в RuntimeClass позволяет наложить определенные ограничения, гарантировав, что Pod'ы с определенным RuntimeClass'ом будут планироваться на узлы, которые его поддерживают. Если параметр `scheduling` не установлен, предполагается, что данный RuntimeClass поддерживается всеми узлами. + +Чтобы гарантировать, что Pod'ы попадают на узлы, поддерживающие определенный RuntimeClass, эти узлы должны быть связаны общей меткой, которая затем выбирается полем `runtimeclass.scheduling.nodeSelector`. nodeSelector RuntimeClass'а объединяется с nodeSelector'ом admission-контроллера, на выходе образуя пересечение подмножеств узлов, выбранных каждым из селекторов. Если возникает конфликт, Pod отклоняется. + +Если поддерживаемые узлы объединены неким taint'ом, чтобы предотвратить запуск на них Pod'ов с другими RuntimeClass'ами, можно к нужному RuntimeClass'у добавить `tolerations`. Как и в случае с `nodeSelector`, tolerations объединяются с tolerations Pod'а admission-контроллера, фактически образуя объединение двух подмножеств узлов с соответствующими tolerations. + +Чтобы узнать больше о настройке селектора узлов и tolerations, см. раздел [Назначаем Pod'ы на узлы](/docs/concepts/scheduling-eviction/assign-pod-node/). + +### Pod Overhead + +{{< feature-state for_k8s_version="v1.24" state="stable" >}} + +Можно указать _overhead_-ресурсы, необходимые для работы Pod'а. Это позволит кластеру (и планировщику) учитывать их при принятии решений о Pod'ах и управлении ресурсами. + +В RuntimeClass дополнительные ресурсы, потребляемые Pod'ом, указываются в поле `overhead`. С помощью этого поля можно указать ресурсы, необходимые Pod'ам с данным RuntimeClass'ом, и гарантировать их учет в Kubernetes. + +## {{% heading "whatsnext" %}} + +- Описание [RuntimeClass](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md); +- Описание [RuntimeClass Scheduling](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md#runtimeclass-scheduling); +- Концепция [Pod Overhead](/docs/concepts/scheduling-eviction/pod-overhead/); +- Описание функции [PodOverhead](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/688-pod-overhead). diff --git a/content/ru/docs/reference/glossary/container-runtime-interface.md b/content/ru/docs/reference/glossary/container-runtime-interface.md new file mode 100644 index 0000000000000..8bb24114a029f --- /dev/null +++ b/content/ru/docs/reference/glossary/container-runtime-interface.md @@ -0,0 +1,18 @@ +--- +title: Container Runtime Interface +id: container-runtime-interface +date: 2021-11-24 +full_link: /docs/concepts/architecture/cri +short_description: > + Основной протокол для связи между kubelet'ом и исполняемой средой контейнеров. + +aka: +tags: + - cri +--- + +Container Runtime Interface (CRI) — это основной протокол для связи между kubelet'ом и исполняемой средой контейнеров. + + + +Интерфейс Kubernetes Container Runtime Interface (CRI) задает основной [gRPC-протокол](https://grpc.io), на базе которого осуществляется коммуникация между [компонентами кластера](/docs/concepts/overview/components/#node-components): {{< glossary_tooltip text="kubelet'ом" term_id="kubelet" >}} и {{< glossary_tooltip text="исполняемой средой" term_id="container-runtime" >}}. diff --git a/content/ru/docs/reference/glossary/container-runtime.md b/content/ru/docs/reference/glossary/container-runtime.md index 25916582e51ef..0ff3f1c47d574 100644 --- a/content/ru/docs/reference/glossary/container-runtime.md +++ b/content/ru/docs/reference/glossary/container-runtime.md @@ -1,21 +1,21 @@ --- -title: Среда выполнения контейнера +title: Иполняемая среда контейнеров id: container-runtime date: 2019-06-05 full_link: /docs/setup/production-environment/container-runtimes short_description: > - Среда выполнения контейнера — это программа, предназначенная для выполнения контейнеров. + Иполняемая среда контейнеров — это программа, предназначенная для запуска контейнеров. aka: tags: - fundamental - workload --- - Среда выполнения контейнера — это программа, предназначенная для выполнения контейнеров. + Иполняемая среда контейнера — это программа, предназначенная для запуска контейнера в Kubernetes. -Kubernetes поддерживает несколько сред для запуска контейнеров: {{< glossary_tooltip term_id="docker">}}, +Kubernetes поддерживает различные среды для запуска контейнеров: {{< glossary_tooltip term_id="docker">}}, {{< glossary_tooltip term_id="containerd" >}}, {{< glossary_tooltip term_id="cri-o" >}}, -и любая реализация [Kubernetes CRI (Container Runtime +и любые реализации [Kubernetes CRI (Container Runtime Interface)](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/container-runtime-interface.md). diff --git a/content/ru/docs/reference/glossary/namespace.md b/content/ru/docs/reference/glossary/namespace.md new file mode 100644 index 0000000000000..9e876227cdfe6 --- /dev/null +++ b/content/ru/docs/reference/glossary/namespace.md @@ -0,0 +1,17 @@ +--- +title: Пространство имен +id: namespace +date: 2018-04-12 +full_link: /docs/concepts/overview/working-with-objects/namespaces +short_description: > + Абстракция, которую Kubernetes использует для изоляции групп ресурсов в рамках одного кластера. + +aka: +tags: +- fundamental +--- + Абстракция, которую Kubernetes использует для изоляции групп ресурсов в рамках одного {{< glossary_tooltip text="кластера" term_id="cluster" >}}. + + + +Пространства имен используются для организации объектов в кластере и разграничивают ресурсы кластера. Имена ресурсов должны быть уникальными в пределах одного пространства имен, но не в разных пространствах имен. Ограничения на основе пространства имен применимы только к объектам на уровне пространств имен _(например, Deployments, Services и т.д.)_, но не для объектов на уровне кластера _(таких как StorageClass, Nodes, PersistentVolumes и т.д.)_. diff --git a/content/ru/docs/reference/glossary/secret.md b/content/ru/docs/reference/glossary/secret.md new file mode 100644 index 0000000000000..4abf91292d024 --- /dev/null +++ b/content/ru/docs/reference/glossary/secret.md @@ -0,0 +1,18 @@ +--- +title: Secret +id: secret +date: 2018-04-12 +full_link: /docs/concepts/configuration/secret/ +short_description: > + Хранит конфиденциальную информацию, такую как пароли, токены OAuth и ключи ssh. + +aka: +tags: +- core-object +- security +--- + Хранит конфиденциальную информацию, такую как пароли, токены OAuth и ключи ssh. + + + +Позволяет повысить контроль над использованием конфиденциальной информации и снизить риск ее случайного раскрытия. Секретные значения кодируются в формат base64 и по умолчанию хранятся в незашифрованном виде, но могут быть настроены на шифрование "at rest" (при записи в хранилище). {{< glossary_tooltip text="Pod" term_id="pod" >}} ссылается на Secret как на файл при монтировании тома. Secret также используется kubelet'ом при извлечении образов для Pod'а. Secret'ы отлично подходят для хранения конфиденциальных данных, [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) – для неконфиденциальных. diff --git a/content/ru/docs/reference/glossary/service-account.md b/content/ru/docs/reference/glossary/service-account.md new file mode 100644 index 0000000000000..87abd6a1935da --- /dev/null +++ b/content/ru/docs/reference/glossary/service-account.md @@ -0,0 +1,18 @@ +--- +title: ServiceAccount +id: service-account +date: 2018-04-12 +full_link: /docs/tasks/configure-pod-container/configure-service-account/ +short_description: > + Отвечает за идентификацию процессов, выполняющихся в Pod'е. + +aka: +tags: +- fundamental +- core-object +--- + Отвечает за идентификацию процессов, выполняющихся в {{< glossary_tooltip text="Pod'е" term_id="pod" >}}. + + + +Процессы внутри Pod'а аутентифицируются сервером API и относятся к определенной учетной записи (service account) (например, к `default`) для доступа к кластеру. Если при создании Pod'а служебная учетная запись не указана, ему автоматически присваивается service account по умолчанию в том же {{< glossary_tooltip text="пространстве имен" term_id="namespace" >}}. From 4f3f22403002b1a31d0dc927fcfb64349be55690 Mon Sep 17 00:00:00 2001 From: Kirill Kononovich <41591254+kirkonru@users.noreply.github.com> Date: Tue, 13 Sep 2022 18:00:27 +0300 Subject: [PATCH 097/537] Add RU localization for system-logs.md Apply suggestions from code review Co-authored-by: Tim Bannister Co-authored-by: Dmitry Shurupov --- .../cluster-administration/system-logs.md | 185 ++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 content/ru/docs/concepts/cluster-administration/system-logs.md diff --git a/content/ru/docs/concepts/cluster-administration/system-logs.md b/content/ru/docs/concepts/cluster-administration/system-logs.md new file mode 100644 index 0000000000000..3c108e0461b58 --- /dev/null +++ b/content/ru/docs/concepts/cluster-administration/system-logs.md @@ -0,0 +1,185 @@ +--- +title: Логи системных компонентов +content_type: concept +weight: 60 +--- + + + +Логи системных компонентов регистрируют события, происходящие в кластере, что может быть очень полезно при отладке. Степень детализации логов настраивается. Так, в логах низкой детализации будет содержаться только информация об ошибках внутри компонента, в то время как логи высокой детализации будут содержать пошаговую трассировку событий (доступ по HTTP, изменения состояния Pod'а, действия контроллера, решения планировщика). + + + +## Klog + +[klog](https://github.com/kubernetes/klog) — библиотека Kubernetes для сбора логов. Отвечает за генерацию соответствующих сообщений для системных компонентов оркестратора. + +Дополнительные сведения о настройке klog можно получить в [Справке по CLI](/docs/reference/command-line-tools-reference/). + +В настоящее время ведется работа по упрощению процесса сбора логов в компонентах Kubernetes. Приведенные ниже флаги командной строки klog [устарели](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components), начиная с версии Kubernetes 1.23, и будут удалены в одном из будущих релизов: + +- `--add-dir-header` +- `--alsologtostderr` +- `--log-backtrace-at` +- `--log-dir` +- `--log-file` +- `--log-file-max-size` +- `--logtostderr` +- `--one-output` +- `--skip-headers` +- `--skip-log-headers` +- `--stderrthreshold` + +Вывод всегда будет записываться в stderr независимо от его формата. Перенаправление вывода должно осуществляться компонентом, который вызывает компонент Kubernetes, например, POSIX-совместимой командной оболочкой или инструментом вроде systemd. + +Иногда эти опции недоступны — например, в случае контейнера без дистрибутива (distroless) или системной службы Windows. Тогда [`kube-log-runner`](https://github.com/kubernetes/kubernetes/blob/d2a8a81639fcff8d1221b900f66d28361a170654/staging/src/k8s.io/component-base/logs/kube-log-runner/README.md) можно использовать в качестве обертки вокруг компонента Kubernetes для перенаправления вывода. Его предварительно собранный исполняемый файл включен в некоторые базовые образы Kubernetes под старым именем `/go-runner`, а в актуальных бинарных релизах архивов с kubernetes-server и kubernetes-node он называется `kube-log-runner`. + +В таблице ниже показаны соответствия между вызовами `kube-log-runner` и логикой перенаправления командной оболочки: + +| Использование | Оболочка POSIX (например, Bash) | `kube-log-runner ` | +| ---------------------------------------------|---------------------------------|---------------------------------------------------------------| +| Объединить stderr и stdout, вывести в stdout | `2>&1` | `kube-log-runner` (default behavior) | +| Перенаправить оба потока в файл лога | `1>>/tmp/log 2>&1` | `kube-log-runner -log-file=/tmp/log` | +| Скопировать в файл лога и в stdout | `2>&1 \| tee -a /tmp/log` | `kube-log-runner -log-file=/tmp/log -also-stdout` | +| Перенаправить только stdout в файл лога | `>/tmp/log` | `kube-log-runner -log-file=/tmp/log -redirect-stderr=false` | + +### Вывод klog + +Пример оригинального "родного" формата klog: +``` +I1025 00:15:15.525108 1 httplog.go:79] GET /api/v1/namespaces/kube-system/pods/metrics-server-v0.3.1-57c75779f-9p8wg: (1.512ms) 200 [pod_nanny/v0.0.0 (linux/amd64) kubernetes/$Format 10.56.1.19:51756] +``` + +Сообщение может содержать переносы строк: +``` +I1025 00:15:15.525108 1 example.go:79] This is a message +which has a line break. +``` + + +### Структурированное логирование + +{{< feature-state for_k8s_version="v1.23" state="beta" >}} + +{{< warning >}} +Переход на структурированное логирование — продолжающийся процесс. Не все сообщения структурированы в текущей версии Kubernetes. При парсинге файлов логов необходимо также обрабатывать неструктурированные сообщения. + +Формат логов и сериализация значений могут измениться в будущем. +{{< /warning>}} + +Структурированное логирование придает определенную структуру сообщениям логов, упрощая программное извлечение информации и сокращая затраты и усилия на их обработку. Код, который генерирует сообщение лога, определяет, используется ли обычный неструктурированный вывод klog или структурированное логирование. + +По умолчанию структурированные сообщения форматируются как текст, при этом его формат обратно совместим с традиционным форматом klog: + +```ini + "" ="" ="" ... +``` + +Пример: + +```ini +I1025 00:15:15.525108 1 controller_utils.go:116] "Pod status updated" pod="kube-system/kubedns" status="ready" +``` + +Строки заключаются в кавычки. Другие значения форматируются с помощью [`%+v`](https://pkg.go.dev/fmt#hdr-Printing). В результате сообщение может продолжиться на следующей строке в [зависимости от типа данных](https://github.com/kubernetes/kubernetes/issues/106428). + +``` +I1025 00:15:15.525108 1 example.go:116] "Example" data="This is text with a line break\nand \"quotation marks\"." someInt=1 someFloat=0.1 someStruct={StringField: First line, +second line.} +``` + +### Контекстное логирование + +{{< feature-state for_k8s_version="v1.24" state="alpha" >}} + +Контекстное логирование базируется на структурированном логировании. Речь идет в первую очередь о том, как разработчики используют лог-вызовы: код, основанный на этой концепции, более гибок и поддерживает дополнительные сценарии использования (см. [Contextual Logging KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/3077-contextual-logging)). + +При использовании в компонентах дополнительных функций, таких как `WithValues` или `WithName`, записи лога содержат дополнительную информацию, которая передается в функции вызывающей стороной. + +В настоящее время за включение контекстного логирования отвечает переключатель функционала `StructuredLogging`. По умолчанию оно отключено. Соответствующая инфраструктура появилась в версии 1.24 и она не потребовала изменений в компонентах. Команда [`component-base/logs/example`](https://github.com/kubernetes/kubernetes/blob/v1.24.0-beta.0/staging/src/k8s.io/component-base/logs/example/cmd/logger.go) показывает, как использовать новые лог-вызовы и как ведет себя компонент, поддерживающий контекстное логирование. + +```console +$ cd $GOPATH/src/k8s.io/kubernetes/staging/src/k8s.io/component-base/logs/example/cmd/ +$ go run . --help +... + --feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are: + AllAlpha=true|false (ALPHA - default=false) + AllBeta=true|false (BETA - default=false) + ContextualLogging=true|false (ALPHA - default=false) +$ go run . --feature-gates ContextualLogging=true +... +I0404 18:00:02.916429 451895 logger.go:94] "example/myname: runtime" foo="bar" duration="1m0s" +I0404 18:00:02.916447 451895 logger.go:95] "example: another runtime" foo="bar" duration="1m0s" +``` + +Префикс `example` и `foo="bar"` были добавлены вызовом функции, которая пишет в лог сообщение `runtime` и значение `duration="1m0s"`, при этом вносить изменения в эту функцию не потребовалось. + +При отключенном контекстном логировании `WithValues` и `WithName` ничего не делают, а вызовы журнала проходят через глобальный логгер klog. Соответственно, эта дополнительная информация более не отображается в логе: + +```console +$ go run . --feature-gates ContextualLogging=false +... +I0404 18:03:31.171945 452150 logger.go:94] "runtime" duration="1m0s" +I0404 18:03:31.171962 452150 logger.go:95] "another runtime" duration="1m0s" +``` + +### Логи в формате JSON + +{{< feature-state for_k8s_version="v1.19" state="alpha" >}} + +{{}} +Вывод в формате JSON не поддерживает многие стандартные флаги klog. Список неподдерживаемых флагов klog см. в [Справочнике по CLI](/docs/reference/command-line-tools-reference/). + +Кроме того, запись в формате JSON не гарантируется (например, во время запуска процесса). Таким образом, если планируется дальнейший парсинг логов, убедитесь, что ваш парсер способен обрабатывать строки лога, которые не являются JSON. + +Имена полей и сериализация JSON могут измениться в будущем. +{{< /warning >}} + +Флаг `--logging-format=json` переключает формат логов с родного формата klog на JSON. Пример лога в формате JSON (стилистически отформатированном): +```json +{ + "ts": 1580306777.04728, + "v": 4, + "msg": "Pod status updated", + "pod":{ + "name": "nginx-1", + "namespace": "default" + }, + "status": "ready" +} +``` + +Специальные ключи: +* `ts` — временная метка в формате времени Unix (обязательный параметр, float); +* `v` — детализация (для общей информации — не для сообщений об ошибках, int); +* `err` — ошибка (опциональный параметр, string); +* `msg` — сообщение (обязательный параметр, string). + + +Список компонентов, поддерживающих формат JSON: +* {{< glossary_tooltip term_id="kube-controller-manager" text="kube-controller-manager" >}} +* {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver" >}} +* {{< glossary_tooltip term_id="kube-scheduler" text="kube-scheduler" >}} +* {{< glossary_tooltip term_id="kubelet" text="kubelet" >}} + +### Уровень детализации лога + +Флаг `-v` задает степень детализации лога. Увеличение значения увеличивает количество регистрируемых событий. Уменьшение значения уменьшает количество регистрируемых событий. Увеличение детализации приводит к тому, что регистрируются все менее значимые события. При уровне детализации, равном 0, регистрируются только критические события. + +### Местоположение лога + +Существует два типа системных компонентов: те, которые работают в контейнере, и те, которые работают за пределами контейнера. Например: + +* Планировщик Kubernetes и kube-proxy работают в контейнере. +* kubelet и {{}} + работают за пределами контейнеров. + +На машинах с systemd среда исполнения и kubelet пишут в journald. В противном случае ведется запись в файлы `.log` в директории `/var/log`. Системные компоненты внутри контейнеров всегда пишут в файлы `.log` в директории `/var/log`, обходя механизм логирования по умолчанию. Как и логи контейнеров, логи системных компонентов в `/var/log` нуждаются в ротации. В кластерах Kubernetes, созданных с использованием скрипта `kube-up.sh`, ротация логов настраивается с помощью инструмента `logrotate`. `logrotate` ротирует логи ежедневно или при достижении ими размера в 100 МБ. + +## {{% heading "whatsnext" %}} + +* [Архитектура логирования в Kubernetes](/docs/concepts/cluster-administration/logging/) +* [Структурированное логирование (EN)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1602-structured-logging) +* [Контекстное логирование (EN)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/3077-contextual-logging) +* [Вывод флагов klog из эксплуатации (EN)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components) +* [Соглашения и правила для определения критичности логов (EN)](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md) From f16f67eb56547ef7eb6700d38d84d01e31737536 Mon Sep 17 00:00:00 2001 From: lianghao208 Date: Fri, 17 Feb 2023 15:22:08 +0800 Subject: [PATCH 098/537] update pod scheduling readiness gate in pod lifecycle --- content/en/docs/concepts/workloads/pods/pod-lifecycle.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md index 852f965530c63..43f9c70ccf399 100644 --- a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md +++ b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md @@ -267,6 +267,11 @@ after successful sandbox creation and network configuration by the runtime plugin). For a Pod without init containers, the kubelet sets the `Initialized` condition to `True` before sandbox creation and network configuration starts. +### Pod scheduling readiness {#pod-scheduling-readiness-gate} + +{{< feature-state for_k8s_version="v1.26" state="alpha" >}} + +See [Pod Scheduling Readiness](/docs/concepts/scheduling-eviction/pod-scheduling-readiness/) for more information. ## Container probes From 7e343b331366b8f242262b154945491b243cf384 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 16 Feb 2023 21:15:25 +0800 Subject: [PATCH 099/537] [zh] sync /controllers/daemonset.md --- .../workloads/controllers/daemonset.md | 132 ++++++++++++------ 1 file changed, 87 insertions(+), 45 deletions(-) diff --git a/content/zh-cn/docs/concepts/workloads/controllers/daemonset.md b/content/zh-cn/docs/concepts/workloads/controllers/daemonset.md index c90130bcb57fa..2902f32d18758 100644 --- a/content/zh-cn/docs/concepts/workloads/controllers/daemonset.md +++ b/content/zh-cn/docs/concepts/workloads/controllers/daemonset.md @@ -202,36 +202,42 @@ If you do not specify either, then the DaemonSet controller will create Pods on ## Daemon Pods 是如何被调度的 {#how-daemon-pods-are-scheduled} -### 通过默认调度器调度 {#scheduled-by-default-scheduler} - -{{< feature-state for_k8s_version="1.17" state="stable" >}} - DaemonSet 确保所有符合条件的节点都运行该 Pod 的一个副本。 -通常,运行 Pod 的节点由 Kubernetes 调度器选择。 -不过,DaemonSet Pods 由 DaemonSet 控制器创建和调度。这就带来了以下问题: +DaemonSet 控制器为每个符合条件的节点创建一个 Pod,并添加 Pod 的 `spec.affinity.nodeAffinity` +字段以匹配目标主机。Pod 被创建之后,默认的调度程序通常通过设置 `.spec.nodeName` 字段来接管 Pod 并将 +Pod 绑定到目标主机。如果新的 Pod 无法放在节点上,则默认的调度程序可能会根据新 Pod +的[优先级](/zh-cn/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)抢占 +(驱逐)某些现存的 Pod。 + + +用户通过设置 DaemonSet 的 `.spec.template.spec.schedulerName` 字段,可以为 DamonSet +的 Pod 指定不同的调度程序。 -* Pod 行为的不一致性:正常 Pod 在被创建后等待调度时处于 `Pending` 状态, - DaemonSet Pods 创建后不会处于 `Pending` 状态下。这使用户感到困惑。 -* [Pod 抢占](/zh-cn/docs/concepts/scheduling-eviction/pod-priority-preemption/)由默认调度器处理。 - 启用抢占后,DaemonSet 控制器将在不考虑 Pod 优先级和抢占的情况下制定调度决策。 +当评估符合条件的节点时,原本在 `.spec.template.spec.affinity.nodeAffinity` 字段上指定的节点亲和性将由 +DaemonSet 控制器进行考量,但在创建的 Pod 上会被替换为与符合条件的节点名称匹配的节点亲和性。 -此外,系统会自动添加 `node.kubernetes.io/unschedulable:NoSchedule` 容忍度到这些 -DaemonSet Pod。在调度 DaemonSet Pod 时,默认调度器会忽略 `unschedulable` 节点。 +### 污点和容忍度 {#taint-and-toleration} + +DaemonSet 控制器会自动将一组容忍度添加到 DaemonSet Pod: +{{< table caption="DaemonSet Pod 适用的容忍度" >}} -Although Daemon Pods respect -[taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/), -the following tolerations are added to DaemonSet Pods automatically according to -the related features. + -### 污点和容忍度 {#taint-and-toleration} +| 容忍度键名 | 效果 | 描述 | +| -------------------------------------------------------- | ---------- | ----------------------- | +| [`node.kubernetes.io/not-ready`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-not-ready) | `NoExecute` | DaemonSet Pod 可以被调度到不健康或还不准备接受 Pod 的节点上。在这些节点上运行的所有 DaemonSet Pod 将不会被驱逐。 | +| [`node.kubernetes.io/unreachable`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-unreachable) | `NoExecute` | DaemonSet Pod 可以被调度到从节点控制器不可达的节点上。在这些节点上运行的所有 DaemonSet Pod 将不会被驱逐。 | +| [`node.kubernetes.io/disk-pressure`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-disk-pressure) | `NoSchedule` | DaemonSet Pod 可以被调度到具有磁盘压力问题的节点上。 | +| [`node.kubernetes.io/memory-pressure`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-memory-pressure) | `NoSchedule` | DaemonSet Pod 可以被调度到具有内存压力问题的节点上。 | +| [`node.kubernetes.io/pid-pressure`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-pid-pressure) | `NoSchedule` | DaemonSet Pod 可以被调度到具有进程压力问题的节点上。 | +| [`node.kubernetes.io/unschedulable`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-unschedulable) | `NoSchedule` | DaemonSet Pod 可以被调度到不可调度的节点上。 | +| [`node.kubernetes.io/network-unavailable`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-network-unavailable) | `NoSchedule` | **仅针对请求主机联网的 DaemonSet Pod 添加此容忍度**,即 Pod 具有 `spec.hostNetwork: true`。这些 DaemonSet Pod 可以被调度到网络不可用的节点上。| + +{{< /table >}} -尽管 Daemon Pod 遵循[污点和容忍度](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)规则, -根据相关特性,控制器会自动将以下容忍度添加到 DaemonSet Pod: + +你也可以在 DaemonSet 的 Pod 模板中定义自己的容忍度并将其添加到 DaemonSet Pod。 + +因为 DaemonSet 控制器自动设置 `node.kubernetes.io/unschedulable:NoSchedule` 容忍度, +所以 Kubernetes 可以在标记为**不可调度**的节点上运行 DaemonSet Pod。 + + +如果你使用 DaemonSet 提供重要的节点级别功能, +例如[集群联网](/zh-cn/docs/concepts/cluster-administration/networking/), +Kubernetes 在节点就绪之前将 DaemonSet Pod 放到节点上会很有帮助。 +例如,如果没有这种特殊的容忍度,因为网络插件未在节点上运行,所以你可能会在未标记为就绪的节点上陷入死锁状态, +同时因为该节点还未就绪,所以网络插件不会在该节点上运行。 -## 与 Daemon Pods 通信 {#communicating-with-daemon-pods} +## 与 Daemon Pod 通信 {#communicating-with-daemon-pods} - 不同的团队可以在不同的命名空间下工作。这可以通过 [RBAC](/zh-cn/docs/reference/access-authn-authz/rbac/) 强制执行。 @@ -337,7 +339,7 @@ Secret 的数量进行配额限制。 Job 而导致集群拒绝服务。 对有限的一组资源上实施一般性的对象数量配额也是可能的。 @@ -542,7 +544,9 @@ works as follows: - 集群中的 Pod 可取三个优先级类之一,即 "low"、"medium"、"high"。 - 为每个优先级创建一个配额对象。 - + 将以下 YAML 保存到文件 `quota.yml` 中。 ```yaml @@ -560,7 +564,7 @@ items: pods: "10" scopeSelector: matchExpressions: - - operator : In + - operator: In scopeName: PriorityClass values: ["high"] - apiVersion: v1 @@ -574,7 +578,7 @@ items: pods: "10" scopeSelector: matchExpressions: - - operator : In + - operator: In scopeName: PriorityClass values: ["medium"] - apiVersion: v1 @@ -588,7 +592,7 @@ items: pods: "10" scopeSelector: matchExpressions: - - operator : In + - operator: In scopeName: PriorityClass values: ["low"] ``` @@ -746,7 +750,7 @@ from getting scheduled in a failure domain. 因为带有反亲和性约束的 Pod 可能会阻止所有其他名字空间的 Pod 被调度到某失效域中。 @@ -769,8 +773,8 @@ spec: ``` @@ -795,7 +799,7 @@ plugins: 基于上面的配置,只有名字空间中包含作用域为 `CrossNamespaceAffinity` From 141050b4289ff34bf018613c87f21247dc99af70 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sat, 18 Feb 2023 00:45:45 +0800 Subject: [PATCH 104/537] [zh] Resync pages in concepts/overview --- .../concepts/overview/working-with-objects/annotations.md | 7 +++---- .../overview/working-with-objects/kubernetes-objects.md | 3 ++- .../concepts/overview/working-with-objects/namespaces.md | 2 +- .../overview/working-with-objects/object-management.md | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/content/zh-cn/docs/concepts/overview/working-with-objects/annotations.md b/content/zh-cn/docs/concepts/overview/working-with-objects/annotations.md index 8c8b5c107bbbc..bb903ff85b23b 100644 --- a/content/zh-cn/docs/concepts/overview/working-with-objects/annotations.md +++ b/content/zh-cn/docs/concepts/overview/working-with-objects/annotations.md @@ -153,7 +153,7 @@ metadata: spec: containers: - name: nginx - image: nginx:1.7.9 + image: nginx:1.14.2 ports: - containerPort: 80 ``` @@ -161,7 +161,6 @@ spec: ## {{% heading "whatsnext" %}} -* 进一步了解[标签和选择算符](/zh-cn/docs/concepts/overview/working-with-objects/labels/)。 - +进一步了解[标签和选择算符](/zh-cn/docs/concepts/overview/working-with-objects/labels/)。 diff --git a/content/zh-cn/docs/concepts/overview/working-with-objects/kubernetes-objects.md b/content/zh-cn/docs/concepts/overview/working-with-objects/kubernetes-objects.md index 83a3a094c7d30..e74da9595c392 100644 --- a/content/zh-cn/docs/concepts/overview/working-with-objects/kubernetes-objects.md +++ b/content/zh-cn/docs/concepts/overview/working-with-objects/kubernetes-objects.md @@ -18,7 +18,8 @@ card: 本页说明了在 Kubernetes API 中是如何表示 Kubernetes 对象的, 以及使用 `.yaml` 格式的文件表示 Kubernetes 对象。 diff --git a/content/zh-cn/docs/concepts/overview/working-with-objects/namespaces.md b/content/zh-cn/docs/concepts/overview/working-with-objects/namespaces.md index 5ff45d85f90ba..8e2b194d6d31a 100644 --- a/content/zh-cn/docs/concepts/overview/working-with-objects/namespaces.md +++ b/content/zh-cn/docs/concepts/overview/working-with-objects/namespaces.md @@ -268,7 +268,7 @@ kubectl api-resources --namespaced=false --> ## 自动打标签 {#automatic-labelling} -{{< feature-state state="beta" for_k8s_version="stable" >}} +{{< feature-state for_k8s_version="1.22" state="stable" >}} 与对象配置相比的优点: -- 命令简单,易学且易于记忆。 +- 命令用单个动词表示。 - 命令仅需一步即可对集群进行更改。 Kubernetes 是一个可移植、可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化。 Kubernetes 拥有一个庞大且快速增长的生态,其服务、支持和工具的使用范围相当广泛。 **Kubernetes** 这个名字源于希腊语,意为“舵手”或“飞行员”。k8s 这个缩写是因为 k 和 s 之间有八个字符的关系。 Google 在 2014 年开源了 Kubernetes 项目。 @@ -61,7 +68,13 @@ Let's take a look at why Kubernetes is so useful by going back in time. **传统部署时代:** @@ -74,7 +87,10 @@ Early on, organizations ran applications on physical servers. There was no way t 而且维护许多物理服务器的成本很高。 **虚拟化部署时代:** @@ -83,9 +99,13 @@ Early on, organizations ran applications on physical servers. There was no way t 因为一个应用程序的信息不能被另一应用程序随意访问。 虚拟化技术能够更好地利用物理服务器的资源,并且因为可轻松地添加或更新应用程序, 而因此可以具有更高的可扩缩性,以及降低硬件成本等等的好处。 @@ -94,7 +114,12 @@ Each VM is a full machine running all the components, including its own operatin 每个 VM 是一台完整的计算机,在虚拟化硬件之上运行所有组件,包括其自己的操作系统。 **容器部署时代:** @@ -108,14 +133,25 @@ Containers have become popular because they provide extra benefits, such as: 容器因具有许多优势而变得流行起来,例如: @@ -140,7 +176,10 @@ Containers have become popular because they provide extra benefits, such as: ## 为什么需要 Kubernetes,它能做什么? {#why-you-need-kubernetes-and-what-can-it-do} 容器是打包和运行应用程序的好方式。在生产环境中, 你需要管理运行着应用程序的容器,并确保服务不会下线。 @@ -148,7 +187,10 @@ Containers are a good way to bundle and run your applications. In a production e 如果此行为交由给系统处理,是不是会更容易一些? 这就是 Kubernetes 要来做的事情! Kubernetes 为你提供了一个可弹性运行分布式系统的框架。 @@ -162,7 +204,9 @@ Kubernetes 为你提供: * **服务发现和负载均衡** @@ -172,7 +216,8 @@ Kubernetes can expose a container using the DNS name or using their own IP addre * **存储编排** @@ -180,7 +225,10 @@ Kubernetes allows you to automatically mount a storage system of your choice, su * **自动部署和回滚** @@ -191,7 +239,9 @@ You can describe the desired state for your deployed containers using Kubernetes * **自动完成装箱计算** @@ -201,7 +251,9 @@ You provide Kubernetes with a cluster of nodes that it can use to run containeri * **自我修复** @@ -210,7 +262,9 @@ Kubernetes restarts containers that fail, replaces containers, kills containers * **密钥与配置管理** @@ -223,7 +277,13 @@ Kubernetes lets you store and manage sensitive information, such as passwords, O ## Kubernetes 不是什么 {#what-kubernetes-is-not} Kubernetes 不是传统的、包罗万象的 PaaS(平台即服务)系统。 由于 Kubernetes 是在容器级别运行,而非在硬件级别,它提供了 PaaS 产品共有的一些普遍适用的功能, @@ -237,9 +297,17 @@ Kubernetes: Kubernetes: * 不限制支持的应用程序类型。 Kubernetes 旨在支持极其多种多样的工作负载,包括无状态、有状态和数据处理工作负载。 @@ -251,10 +319,18 @@ Kubernetes: (例如 Ceph)。这样的组件可以在 Kubernetes 上运行,并且/或者可以由运行在 Kubernetes 上的应用程序通过可移植机制(例如[开放服务代理](https://openservicebrokerapi.org/))来访问。 * 不是日志记录、监视或警报的解决方案。 它集成了一些功能作为概念证明,并提供了收集和导出指标的机制。 diff --git a/content/zh-cn/docs/concepts/overview/components.md b/content/zh-cn/docs/concepts/overview/components.md index 97c4bbcc17b67..2c59b84aefb05 100644 --- a/content/zh-cn/docs/concepts/overview/components.md +++ b/content/zh-cn/docs/concepts/overview/components.md @@ -22,16 +22,16 @@ card: weight: 20 --> + - 当你部署完 Kubernetes,便拥有了一个完整的集群。 {{< glossary_definition term_id="cluster" length="all" >}} @@ -152,7 +152,7 @@ Node components run on every node, maintaining running pods and providing the Ku {{< glossary_definition term_id="kube-proxy" length="all" >}} ### 容器运行时(Container Runtime) {#container-runtime} diff --git a/content/zh-cn/docs/concepts/overview/kubernetes-api.md b/content/zh-cn/docs/concepts/overview/kubernetes-api.md index b4272751b7ea8..e5c3a22ddf7c1 100644 --- a/content/zh-cn/docs/concepts/overview/kubernetes-api.md +++ b/content/zh-cn/docs/concepts/overview/kubernetes-api.md @@ -201,7 +201,7 @@ The relative URLs are pointing to immutable OpenAPI descriptions, in order to improve client-side caching. The proper HTTP caching headers are also set by the API server for that purpose (`Expires` to 1 year in the future, and `Cache-Control` to `immutable`). When an obsolete URL is -used, the API server returns a redirect to the newest URL. +used, the API server returns a redirect to the newest URL. --> 为了改进客户端缓存,相对的 URL 会指向不可变的 OpenAPI 描述。 为了此目的,API 服务器也会设置正确的 HTTP 缓存标头 @@ -213,7 +213,7 @@ The Kubernetes API server publishes an OpenAPI v3 spec per Kubernetes group version at the `/openapi/v3/apis//?hash=` endpoint. -Refer to the table below for accepted request headers. +Refer to the table below for accepted request headers. --> Kubernetes API 服务器会在端点 `/openapi/v3/apis//?hash=` 发布一个 Kubernetes 组版本的 OpenAPI v3 规范。 @@ -311,14 +311,14 @@ API 服务器可以通过多个 API 版本提供相同的底层数据。 直到 `v1beta1` 版本被废弃和移除为止。此后,你可以使用 `v1` API 继续访问和修改该对象。 -## API 变更 {#api-changes} +### API 变更 {#api-changes} 任何成功的系统都要随着新的使用案例的出现和现有案例的变化来成长和变化。 为此,Kubernetes 已设计了 Kubernetes API 来持续变更和成长。 From d08ae655fd29f3f4544358c9d40f78054fb8c9ea Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sat, 18 Feb 2023 01:07:55 +0800 Subject: [PATCH 106/537] Clean up page device-plugins --- .../compute-storage-net/device-plugins.md | 98 +++++++++---------- 1 file changed, 48 insertions(+), 50 deletions(-) diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md index b26a25af04d9e..a241ccee3d40a 100644 --- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md +++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md @@ -88,56 +88,56 @@ spec: The general workflow of a device plugin includes the following steps: 1. Initialization. During this phase, the device plugin performs vendor-specific - initialization and setup to make sure the devices are in a ready state. + initialization and setup to make sure the devices are in a ready state. 1. The plugin starts a gRPC service, with a Unix socket under the host path - `/var/lib/kubelet/device-plugins/`, that implements the following interfaces: - - ```gRPC - service DevicePlugin { - // GetDevicePluginOptions returns options to be communicated with Device Manager. - rpc GetDevicePluginOptions(Empty) returns (DevicePluginOptions) {} - - // ListAndWatch returns a stream of List of Devices - // Whenever a Device state change or a Device disappears, ListAndWatch - // returns the new list - rpc ListAndWatch(Empty) returns (stream ListAndWatchResponse) {} - - // Allocate is called during container creation so that the Device - // Plugin can run device specific operations and instruct Kubelet - // of the steps to make the Device available in the container - rpc Allocate(AllocateRequest) returns (AllocateResponse) {} - - // GetPreferredAllocation returns a preferred set of devices to allocate - // from a list of available ones. The resulting preferred allocation is not - // guaranteed to be the allocation ultimately performed by the - // devicemanager. It is only designed to help the devicemanager make a more - // informed allocation decision when possible. - rpc GetPreferredAllocation(PreferredAllocationRequest) returns (PreferredAllocationResponse) {} - - // PreStartContainer is called, if indicated by Device Plugin during registeration phase, - // before each container start. Device plugin can run device specific operations - // such as resetting the device before making devices available to the container. - rpc PreStartContainer(PreStartContainerRequest) returns (PreStartContainerResponse) {} - } - ``` - - {{< note >}} - Plugins are not required to provide useful implementations for - `GetPreferredAllocation()` or `PreStartContainer()`. Flags indicating - the availability of these calls, if any, should be set in the `DevicePluginOptions` - message sent back by a call to `GetDevicePluginOptions()`. The `kubelet` will - always call `GetDevicePluginOptions()` to see which optional functions are - available, before calling any of them directly. - {{< /note >}} + `/var/lib/kubelet/device-plugins/`, that implements the following interfaces: + + ```gRPC + service DevicePlugin { + // GetDevicePluginOptions returns options to be communicated with Device Manager. + rpc GetDevicePluginOptions(Empty) returns (DevicePluginOptions) {} + + // ListAndWatch returns a stream of List of Devices + // Whenever a Device state change or a Device disappears, ListAndWatch + // returns the new list + rpc ListAndWatch(Empty) returns (stream ListAndWatchResponse) {} + + // Allocate is called during container creation so that the Device + // Plugin can run device specific operations and instruct Kubelet + // of the steps to make the Device available in the container + rpc Allocate(AllocateRequest) returns (AllocateResponse) {} + + // GetPreferredAllocation returns a preferred set of devices to allocate + // from a list of available ones. The resulting preferred allocation is not + // guaranteed to be the allocation ultimately performed by the + // devicemanager. It is only designed to help the devicemanager make a more + // informed allocation decision when possible. + rpc GetPreferredAllocation(PreferredAllocationRequest) returns (PreferredAllocationResponse) {} + + // PreStartContainer is called, if indicated by Device Plugin during registeration phase, + // before each container start. Device plugin can run device specific operations + // such as resetting the device before making devices available to the container. + rpc PreStartContainer(PreStartContainerRequest) returns (PreStartContainerResponse) {} + } + ``` + + {{< note >}} + Plugins are not required to provide useful implementations for + `GetPreferredAllocation()` or `PreStartContainer()`. Flags indicating + the availability of these calls, if any, should be set in the `DevicePluginOptions` + message sent back by a call to `GetDevicePluginOptions()`. The `kubelet` will + always call `GetDevicePluginOptions()` to see which optional functions are + available, before calling any of them directly. + {{< /note >}} 1. The plugin registers itself with the kubelet through the Unix socket at host - path `/var/lib/kubelet/device-plugins/kubelet.sock`. + path `/var/lib/kubelet/device-plugins/kubelet.sock`. - {{< note >}} - The ordering of the workflow is important. A plugin MUST start serving gRPC - service before registering itself with kubelet for successful registration. - {{< /note >}} + {{< note >}} + The ordering of the workflow is important. A plugin MUST start serving gRPC + service before registering itself with kubelet for successful registration. + {{< /note >}} 1. After successfully registering itself, the device plugin runs in serving mode, during which it keeps monitoring device health and reports back to the kubelet upon any device state changes. @@ -297,7 +297,6 @@ However, calling `GetAllocatableResources` endpoint is not sufficient in case of update and Kubelet needs to be restarted to reflect the correct resource capacity and allocatable. {{< /note >}} - ```gRPC // AllocatableResourcesResponses contains informations about all the devices known by the kubelet message AllocatableResourcesResponse { @@ -318,14 +317,14 @@ Preceding Kubernetes v1.23, to enable this feature `kubelet` must be started wit ``` `ContainerDevices` do expose the topology information declaring to which NUMA cells the device is -affine. The NUMA cells are identified using a opaque integer ID, which value is consistent to +affine. The NUMA cells are identified using a opaque integer ID, which value is consistent to what device plugins report [when they register themselves to the kubelet](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#device-plugin-integration-with-the-topology-manager). The gRPC service is served over a unix socket at `/var/lib/kubelet/pod-resources/kubelet.sock`. Monitoring agents for device plugin resources can be deployed as a daemon, or as a DaemonSet. The canonical directory `/var/lib/kubelet/pod-resources` requires privileged access, so monitoring -agents must run in a privileged security context. If a device monitoring agent is running as a +agents must run in a privileged security context. If a device monitoring agent is running as a DaemonSet, `/var/lib/kubelet/pod-resources` must be mounted as a {{< glossary_tooltip term_id="volume" >}} in the device monitoring agent's [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core). @@ -360,7 +359,7 @@ resource assignment decisions. `TopologyInfo` supports setting a `nodes` field to either `nil` or a list of NUMA nodes. This allows the Device Plugin to advertise a device that spans multiple NUMA nodes. -Setting `TopologyInfo` to `nil` or providing an empty list of NUMA nodes for a given device +Setting `TopologyInfo` to `nil` or providing an empty list of NUMA nodes for a given device indicates that the Device Plugin does not have a NUMA affinity preference for that device. An example `TopologyInfo` struct populated for a device by a Device Plugin: @@ -396,4 +395,3 @@ Here are some examples of device plugin implementations: * Learn about the [Topology Manager](/docs/tasks/administer-cluster/topology-manager/) * Read about using [hardware acceleration for TLS ingress](/blog/2019/04/24/hardware-accelerated-ssl/tls-termination-in-ingress-controllers-using-kubernetes-device-plugins-and-runtimeclass/) with Kubernetes - From 30b23dd10704bf61ad1bad2b991fcfb694620918 Mon Sep 17 00:00:00 2001 From: grainrigi Date: Sun, 5 Feb 2023 10:42:52 +0900 Subject: [PATCH 107/537] [ja] Add /blog/2022/02/17/dockershim-faq (/ja/dockershim) and dockershim_message --- ...-12-02-dont-panic-kubernetes-and-docker.md | 2 +- .../2022-02-17-updated-dockershim-faq.md | 194 ++++++++++++++++++ .../migrating-from-dockershim/_index.md | 2 +- ...migrating-telemetry-and-security-agents.md | 2 +- data/i18n/ja/ja.toml | 3 + 5 files changed, 200 insertions(+), 3 deletions(-) create mode 100644 content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md diff --git a/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md b/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md index 09e2a5592e4a6..46b9cb28b8722 100644 --- a/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md +++ b/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md @@ -43,4 +43,4 @@ DockerはCRI([Container Runtime Interface](https://kubernetes.io/blog/2016/12/co 経験の多寡や難易度にかかわらず、どんなことでも質問してください。我々の目標は、全ての人が将来の変化について、可能な限りの知識と理解を得られることです。 このブログが多くの質問の答えとなり、不安を和らげることができればと願っています。 -別の情報をお探してあれば、[Dockershim Deprecation FAQ](/blog/2020/12/02/dockershim-faq/)を参照してください。 +別の情報をお探してあれば、[dockershimの削除に関するFAQ](/ja/dockershim)を参照してください。 diff --git a/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md b/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md new file mode 100644 index 0000000000000..329a07016b6dc --- /dev/null +++ b/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md @@ -0,0 +1,194 @@ +--- +layout: blog +title: "更新: dockershimの削除に関するFAQ" +linkTitle: "dockershimの削除に関するFAQ" +date: 2022-02-17 +slug: dockershim-faq +aliases: [ '/ja/dockershim' ] +--- + +**この記事は2020年の後半に投稿されたオリジナルの記事[Dockershim Deprecation FAQ](/blog/2020/12/02/dockershim-faq/)の更新版です。 +この記事にはv1.24のリリースに関する更新を含みます。** + +--- + +この文書では、Kubernetesからの _dockershim_ の削除に関するよくある質問について説明します。 +この削除はKubernetes v1.20リリースの一部としてはじめて[発表](/blog/2020/12/08/kubernetes-1-20-release-announcement/)されたものです。 +Kubernetes [v1.24のリリース](/releases/#release-v1-24)においてdockershimは実際にKubernetesから削除されました。 + +これが何を意味するかについては、ブログ記事[Don't Panic: Kubernetes and Docker](/ja/blog/2020/12/02/dont-panic-kubernetes-and-docker/)をご覧ください。 + +[Check whether dockershim removal affects you](/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you/)をお読みいただくことで、 +dockershimの削除があなたやあなたの組織に与える影響をご判断いただけます。 + +Kubernetes 1.24リリースに至るまでの間、Kubernetesコントリビューターはこの移行を円滑に行えるようにするために尽力してきました。 + +- 私たちの[コミットメントと次のステップ](/blog/2022/01/07/kubernetes-is-moving-on-from-dockershim/)を詳述したブログ記事。 +- [他のコンテナランタイム](/ja/docs/setup/production-environment/container-runtimes/#container-runtimes)への移行に大きな障害があるかどうかのチェック。 +- [dockershimからの移行](/ja/docs/tasks/administer-cluster/migrating-from-dockershim/)ガイドの追加。 +- [dockershimの削除とCRI互換ランタイムの使用に関する記事一覧](/docs/reference/node/topics-on-dockershim-and-cri-compatible-runtimes/)の作成。 + このリストには、上に示した文書の一部が含まれており、また、厳選された外部の情報(ベンダーによるガイドを含む)もカバーしています。 + +### dockershimはなぜKubernetesから削除されたのですか? + +Kubernetesの初期のバージョンは、特定のコンテナランタイム上でのみ動作しました。 +Docker Engineです。その後、Kubernetesは他のコンテナランタイムと連携するためのサポートを追加しました。 +オーケストレーター(Kubernetesなど)と多くの異なるコンテナランタイムの間の相互運用を可能にするため、 +CRI標準が[作成](/blog/2016/12/container-runtime-interface-cri-in-kubernetes/)されました。 +Docker Engineはそのインターフェイス(CRI)を実装していないため、Kubernetesプロジェクトは移行を支援する特別なコードを作成し、 +その _dockershim_ コードをKubernetes自身の一部としました。 + +dockershimコードは常に一時的な解決策であることを意図されていました(このためshimと名付けられています)。 +コミュニティでの議論や計画については、[dockershimの削除によるKubernetes改良の提案][drkep]にてお読みいただけます。 + +実際、dockershimのメンテナンスはKubernetesメンテナーにとって大きな負担になっていました。 + +さらに、dockershimとほとんど互換性のなかった機能、たとえばcgroups v2やユーザーネームスペースなどが、 +これらの新しいCRIランタイムに実装されています。Kubernetesからdockershimを削除することで、これらの分野でのさらなる開発が可能になります。 + +[drkep]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2221-remove-dockershim + +### Dockerとコンテナは同じものですか? + +DockerはLinuxのコンテナパターンを普及させ、その基盤技術の発展に寄与してきましたが、 +Linuxのコンテナ技術そのものはかなり以前から存在しています。 +また、コンテナエコシステムはDockerを超えてより広範に発展してきました。 +OCIやCRIのような標準は、Dockerの機能の一部を置き換えたり、既存の機能を強化したりすることで、 +私達のエコシステムの多くのツールの成長と繁栄を助けてきました。 + +### 既存のコンテナイメージは引き続き使えるのですか? + +はい、`docker build`から生成されるイメージは、全てのCRI実装で動作します。 +既存のイメージも全く同じように動作します。 + +### プライベートイメージについてはどうでしょうか? + +はい、すべてのCRIランタイムはKubernetesで使われているものと同一のpull secretsをサポートしており、 +PodSpecまたはService Accountを通して利用できます。 + +### Kubernetes 1.23でDocker Engineを引き続き使用できますか? + +はい、1.20で変更されたのは、Docker Engineランタイムを使用している場合に警告ログが[kubelet]起動時に出るようになったことだけです。 +この警告は、1.23までのすべてのバージョンで表示されます。 +dockershimの削除はKubernetes 1.24で行われました。 + +Kubernetes v1.24以降を実行している場合は、[Docker Engineを引き続きコンテナランタイムとして利用できますか?](#can-i-still-use-docker-engine-as-my-container-runtime)をご覧ください。 +(CRIがサポートされているKubernetesリリースを使用している場合、dockershimから切り替えることができることを忘れないでください。 +リリースv1.24からはKubernetesにdockershimが含まれなくなったため、**必ず**切り替えなければなりません)。 + +[kubelet]: /docs/reference/command-line-tools-reference/kubelet/ + +### どのCRIの実装を使うべきでしょうか? + +これは難しい質問で、様々な要素に依存します。 +もしDocker Engineがうまく動いているのであれば、containerdに移行するのは比較的簡単で、 +性能もオーバーヘッドも確実に改善されるでしょう。 +しかし、他の選択のほうがあなたの環境により適合する場合もありますので、 +[CNCF landscape]にあるすべての選択肢を検討されることをおすすめします。 + +[CNCF landscape]: https://landscape.cncf.io/card-mode?category=container-runtime&grouping=category + +#### Docker Engineを引き続きコンテナランタイムとして利用できますか? {#can-i-still-use-docker-engine-as-my-container-runtime} + +第一に、ご自身のPCで開発やテスト用途でDockerを使用している場合、何も変わることはありません。 +Kubernetesでどのコンテナランタイムを使っていても、Dockerをローカルで使い続けることができます。 +コンテナではこのような相互運用性を実現できます。 + +MirantisとDockerは、Kubernetesから内蔵のdockershimが削除された後も、 +Docker Engineの代替アダプターを維持することに[コミット][mirantis]しています。 +代替アダプターの名前は[`cri-dockerd`](https://github.com/Mirantis/cri-dockerd)です。 + +`cri-dockerd`をインストールして、kubeletをDocker Engineに接続するために使用することができます。 +詳細については、[Migrate Docker Engine nodes from dockershim to cri-dockerd](/docs/tasks/administer-cluster/migrating-from-dockershim/migrate-dockershim-dockerd/)を読んでください。 + +[mirantis]: https://www.mirantis.com/blog/mirantis-to-take-over-support-of-kubernetes-dockershim-2/ + +### 今現在でプロダクション環境に他のランタイムを使用している例はあるのでしょうか? + +Kubernetesプロジェクトが生み出したすべての成果物(Kubernetesバイナリ)は、リリースごとに検証されています。 + +また、[kind]プロジェクトは以前からcontainerdを使っており、プロジェクトのユースケースにおいて安定性が向上してきています。 +kindとcontainerdは、Kubernetesコードベースの変更を検証するために毎日何回も利用されています。 +他の関連プロジェクトも同様のパターンを追っており、他のコンテナランタイムの安定性と使いやすさが示されています。 +例として、OpenShift 4.xは2019年6月以降、CRI-Oランタイムをプロダクション環境で使っています。 + +他の事例や参考資料はについては、 +containerdとCRI-O(Cloud Native Computing Foundation ([CNCF])の2つのコンテナランタイム)の採用例をご覧ください。 + +- [containerd](https://github.com/containerd/containerd/blob/master/ADOPTERS.md) +- [CRI-O](https://github.com/cri-o/cri-o/blob/master/ADOPTERS.md) + +[CRI-O]: https://cri-o.io/ +[kind]: https://kind.sigs.k8s.io/ +[CNCF]: https://cncf.io + +### OCIという単語をよく見るのですが、これは何ですか? + +OCIは[Open Container Initiative]の略で、コンテナツールとテクノロジー間の数多くのインターフェースの標準化を行った団体です。 +彼らはコンテナイメージをパッケージするための標準仕様(OCI image-spec)と、 +コンテナを実行するための標準仕様(OCI runtime-spec)をメンテナンスしています。 +また、[runc]という形でruntime-specの実装もメンテナンスしており、 +これは[containerd]と[CRI-O]の両方でデフォルトの下位ランタイムとなっています。 +CRIはこれらの低レベル仕様に基づいて、コンテナを管理するためのエンドツーエンドの標準を提供します。 + +[Open Container Initiative]: https://opencontainers.org/about/overview/ +[runc]: https://github.com/opencontainers/runc +[containerd]: https://containerd.io/ + +### CRI実装を変更する際に注意すべきことは何ですか? + +DockerとほとんどのCRI(containerdを含む)において、下位で使用されるコンテナ化コードは同じものですが、 +いくつかの細かい違いが存在します。移行する際に考慮すべき一般的な事項は次のとおりです。 + +- ログ設定 +- ランタイムリソースの制限 +- ノード構成スクリプトでdockerコマンドやコントロールソケット経由でDocker Engineを使用しているもの +- `kubectl`のプラグインで`docker` CLIまたはDocker Engineコントロールソケットが必要なもの +- KubernetesプロジェクトのツールでDocker Engineへの直接アクセスが必要なもの(例:廃止された`kube-imagepuller`ツール) +- `registry-mirrors`やinsecureレジストリなどの機能の設定 +- その他の支援スクリプトやデーモンでDocker Engineが利用可能であることを想定していてKubernetes外で実行されるもの(モニタリング・セキュリティエージェントなど) +- GPUまたは特別なハードウェア、そしてランタイムおよびKubernetesとそれらハードウェアの統合方法 + +あなたがKubernetesのリソース要求/制限やファイルベースのログ収集DaemonSetを使用しているのであれば、それらは問題なく動作し続けますが、 +`dockerd`の設定をカスタマイズしていた場合は、それを新しいコンテナランタイムに適合させる必要があるでしょう。 + +他に注意することとしては、システムメンテナンスを実行するようなものや、コンテナ内でイメージをビルドするようなものが動作しなくなります。 +前者の場合は、[`crictl`][cr]ツールをdrop-inの置き換えとして使用できます([docker cliからcrictlへのマッピング](https://kubernetes.io/ja/docs/tasks/debug/debug-cluster/crictl/#docker-cli%E3%81%8B%E3%82%89crictl%E3%81%B8%E3%81%AE%E3%83%9E%E3%83%83%E3%83%94%E3%83%B3%E3%82%B0)を参照)。 +後者の場合は、[img]、[buildah]、[kaniko]、[buildkit-cli-for-kubectl]のようなDockerを必要としない新しいコンテナビルドの選択肢を使用できます。 + +[cr]: https://github.com/kubernetes-sigs/cri-tools +[img]: https://github.com/genuinetools/img +[buildah]: https://github.com/containers/buildah +[kaniko]: https://github.com/GoogleContainerTools/kaniko +[buildkit-cli-for-kubectl]: https://github.com/vmware-tanzu/buildkit-cli-for-kubectl + +containerdを使っているのであれば、[ドキュメント]を参照して、移行するのにどのような構成が利用可能かを確認するところから始めるといいでしょう。 + +[ドキュメント]: https://github.com/containerd/cri/blob/master/docs/registry.md + +containerdとCRI-OをKubernetesで使用する方法に関しては、[コンテナランタイム]に関するKubernetesのドキュメントを参照してください。 + +[コンテナランタイム]: /ja/docs/setup/production-environment/container-runtimes/ + +### さらに質問がある場合どうすればいいでしょうか? + +ベンダーサポートのKubernetesディストリビューションを使用している場合、彼らの製品に対するアップグレード計画について尋ねることができます。 +エンドユーザーの質問に関しては、[エンドユーザーコミュニティフォーラム](https://discuss.kubernetes.io/)に投稿してください。 + +dockershimの削除に関する決定については、専用の[GitHub issue](https://github.com/kubernetes/kubernetes/issues/106917)で議論することができます。 + +変更点に関するより詳細な技術的な議論は、[待ってください、DockerはKubernetesで非推奨になったのですか?][dep]という素晴らしいブログ記事も参照してください。 + +[dep]: https://dev.to/inductor/wait-docker-is-deprecated-in-kubernetes-now-what-do-i-do-e4m + +### dockershimを使っているかどうかを検出できるツールはありますか? + +はい![Detector for Docker Socket (DDS)][dds]というkubectlプラグインをインストールすることであなたのクラスターを確認していただけます。 +DDSは、アクティブなKubernetesワークロードがDocker Engineソケット(`docker.sock`)をボリュームとしてマウントしているかを検出できます。 +さらなる詳細と使用パターンについては、DDSプロジェクトの[README][dds]を参照してください。 + +[dds]: https://github.com/aws-containers/kubectl-detector-for-docker-socket + +### ハグしていただけますか? + +はい、私達は引き続きいつでもハグに応じています。🤗🤗🤗 diff --git a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md index b93d71071e2b0..a37dffaee3ae9 100644 --- a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md +++ b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md @@ -10,7 +10,7 @@ dockershimから他のコンテナランタイムに移行する際に知って Kubernetes 1.20で[dockershim deprecation](blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)が発表されてから、様々なワークロードやKubernetesインストールにどう影響するのかという質問が寄せられています。 -この問題をよりよく理解するために、[Dockershim Deprecation FAQ](/blog/2020/12/02/dockershim-faq/)ブログが役に立つでしょう。 +この問題をよりよく理解するために、[dockershimの削除に関するFAQ](/ja/dockershim)ブログが役に立つでしょう。 dockershimから代替のコンテナランタイムに移行することが推奨されます。 [コンテナランタイム](/ja/docs/setup/production-environment/container-runtimes/)のセクションをチェックして、どのような選択肢があるかを確認してください。 diff --git a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md index a3b9a03d186db..e74dc4fd35e75 100644 --- a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md +++ b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md @@ -8,7 +8,7 @@ weight: 70 Kubernetes 1.20でdockershimは非推奨になりました。 -[Dockershim Deprecation FAQ](/blog/2020/12/02/dockershim-faq/)から、ほとんどのアプリがコンテナをホストするランタイムに直接依存しないことは既にご存知かもしれません。 +[dockershimの削除に関するFAQ](/ja/dockershim)から、ほとんどのアプリがコンテナをホストするランタイムに直接依存しないことは既にご存知かもしれません。 しかし、コンテナのメタデータやログ、メトリクスを収集するためにDockerに依存しているテレメトリーやセキュリティエージェントはまだ多く存在します。 この文書では、これらの依存関係を検出する方法と、これらのエージェントを汎用ツールまたは代替ランタイムに移行する方法に関するリンクを集約しています。 diff --git a/data/i18n/ja/ja.toml b/data/i18n/ja/ja.toml index 3fdeebe8d2a3c..3bce106158a19 100644 --- a/data/i18n/ja/ja.toml +++ b/data/i18n/ja/ja.toml @@ -37,6 +37,9 @@ other = "現在表示しているのは、次のバージョン向けのドキ [deprecation_warning] other = " のドキュメントは積極的にメンテナンスされていません。現在表示されているバージョンはスナップショットです。最新のドキュメントはこちらです: " +[dockershim_message] +other = """dockershimは1.24のリリースをもってKubernetesプロジェクトから削除されました。詳しくは、dockershimの削除に関するFAQをご覧ください。""" + [docs_label_browse] other = "ドキュメントの参照" From bce9885a764f0c644ac14218d44731914e672ed2 Mon Sep 17 00:00:00 2001 From: grainrigi Date: Sun, 5 Feb 2023 10:57:24 +0900 Subject: [PATCH 108/537] [ja] update dockershim deprecation to removal on tasks page from 9211599 --- content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md | 2 +- ...ts-you.md => check-if-dockershim-removal-affects-you.md} | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) rename content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/{check-if-dockershim-deprecation-affects-you.md => check-if-dockershim-removal-affects-you.md} (97%) diff --git a/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md b/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md index 329a07016b6dc..89696d1bb4416 100644 --- a/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md +++ b/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md @@ -18,7 +18,7 @@ Kubernetes [v1.24のリリース](/releases/#release-v1-24)においてdockershi これが何を意味するかについては、ブログ記事[Don't Panic: Kubernetes and Docker](/ja/blog/2020/12/02/dont-panic-kubernetes-and-docker/)をご覧ください。 -[Check whether dockershim removal affects you](/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you/)をお読みいただくことで、 +[dockershim削除の影響範囲を確認する](/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you/)をお読みいただくことで、 dockershimの削除があなたやあなたの組織に与える影響をご判断いただけます。 Kubernetes 1.24リリースに至るまでの間、Kubernetesコントリビューターはこの移行を円滑に行えるようにするために尽力してきました。 diff --git a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md similarity index 97% rename from content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md rename to content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md index f854f051f7320..8fa9132ec889d 100644 --- a/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md +++ b/content/ja/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md @@ -1,5 +1,5 @@ --- -title: Dockershim非推奨の影響範囲を確認する +title: dockershim削除の影響範囲を確認する content_type: task weight: 20 --- @@ -7,9 +7,9 @@ weight: 20 Kubernetesの`dockershim`コンポーネントは、DockerをKubernetesの{{< glossary_tooltip text="コンテナランタイム" term_id="container-runtime" >}}として使用することを可能にします。 -Kubernetesの組み込みコンポーネントである`dockershim`はリリースv1.20で非推奨となりました。 +Kubernetesの組み込みコンポーネントである`dockershim`はリリースv1.24で削除されました。 -このページでは、あなたのクラスターがどのようにDockerをコンテナランタイムとして使用しているか、使用中の`dockershim`が果たす役割について詳しく説明し、`dockershim`の廃止によって影響を受けるワークロードがあるかどうかをチェックするためのステップを示します。 +このページでは、あなたのクラスターがどのようにDockerをコンテナランタイムとして使用しているか、使用中の`dockershim`が果たす役割について詳しく説明し、`dockershim`の削除によって影響を受けるワークロードがあるかどうかをチェックするためのステップを示します。 ## 自分のアプリがDockerに依存しているかどうかの確認 {#find-docker-dependencies} From 773a7d80ce35aa8e318c41bd46a03a294ccd841e Mon Sep 17 00:00:00 2001 From: grainrigi Date: Sat, 18 Feb 2023 09:12:42 +0900 Subject: [PATCH 109/537] [ja] Fix typo in /blog/2020/12/02/dont-panic-kubernetes-and-docker --- .../blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md b/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md index 46b9cb28b8722..3e57783328a82 100644 --- a/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md +++ b/content/ja/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md @@ -43,4 +43,4 @@ DockerはCRI([Container Runtime Interface](https://kubernetes.io/blog/2016/12/co 経験の多寡や難易度にかかわらず、どんなことでも質問してください。我々の目標は、全ての人が将来の変化について、可能な限りの知識と理解を得られることです。 このブログが多くの質問の答えとなり、不安を和らげることができればと願っています。 -別の情報をお探してあれば、[dockershimの削除に関するFAQ](/ja/dockershim)を参照してください。 +別の情報をお探しであれば、[dockershimの削除に関するFAQ](/ja/dockershim)を参照してください。 From 42c3d5074a21c90a27f4dfa48ddeb57f03be913e Mon Sep 17 00:00:00 2001 From: Bo Li Date: Sat, 18 Feb 2023 10:52:16 +0800 Subject: [PATCH 110/537] update output for APF dump_priority_levels endpoint --- .../cluster-administration/flow-control.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/content/en/docs/concepts/cluster-administration/flow-control.md b/content/en/docs/concepts/cluster-administration/flow-control.md index 15456f2b91cca..5cd5ca339e624 100644 --- a/content/en/docs/concepts/cluster-administration/flow-control.md +++ b/content/en/docs/concepts/cluster-administration/flow-control.md @@ -705,14 +705,15 @@ serves the following additional paths at its HTTP[S] ports. The output is similar to this: ```none - PriorityLevelName, ActiveQueues, IsIdle, IsQuiescing, WaitingRequests, ExecutingRequests, - workload-low, 0, true, false, 0, 0, - global-default, 0, true, false, 0, 0, - exempt, , , , , , - catch-all, 0, true, false, 0, 0, - system, 0, true, false, 0, 0, - leader-election, 0, true, false, 0, 0, - workload-high, 0, true, false, 0, 0, + PriorityLevelName, ActiveQueues, IsIdle, IsQuiescing, WaitingRequests, ExecutingRequests, DispatchedRequests, RejectedRequests, TimedoutRequests, CancelledRequests + catch-all, 0, true, false, 0, 0, 1, 0, 0, 0 + exempt, , , , , , , , , + global-default, 0, true, false, 0, 0, 46, 0, 0, 0 + leader-election, 0, true, false, 0, 0, 4, 0, 0, 0 + node-high, 0, true, false, 0, 0, 34, 0, 0, 0 + system, 0, true, false, 0, 0, 48, 0, 0, 0 + workload-high, 0, true, false, 0, 0, 500, 0, 0, 0 + workload-low, 0, true, false, 0, 0, 0, 0, 0, 0 ``` - `/debug/api_priority_and_fairness/dump_queues` - a listing of all the From 6844bc085ebeb8b7a24d0d7eac315d774a293ab2 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sat, 18 Feb 2023 19:06:48 +0800 Subject: [PATCH 111/537] Clean up page deployment --- .../workloads/controllers/deployment.md | 738 +++++++++--------- 1 file changed, 368 insertions(+), 370 deletions(-) diff --git a/content/en/docs/concepts/workloads/controllers/deployment.md b/content/en/docs/concepts/workloads/controllers/deployment.md index e5fc14f64d732..646aaa28349f6 100644 --- a/content/en/docs/concepts/workloads/controllers/deployment.md +++ b/content/en/docs/concepts/workloads/controllers/deployment.md @@ -45,8 +45,8 @@ The following is an example of a Deployment. It creates a ReplicaSet to bring up In this example: * A Deployment named `nginx-deployment` is created, indicated by the - `.metadata.name` field. This name will become the basis for the ReplicaSets - and Pods which are created later. See [Writing a Deployment Spec](#writing-a-deployment-spec) + `.metadata.name` field. This name will become the basis for the ReplicaSets + and Pods which are created later. See [Writing a Deployment Spec](#writing-a-deployment-spec) for more details. * The Deployment creates a ReplicaSet that creates three replicated Pods, indicated by the `.spec.replicas` field. * The `.spec.selector` field defines how the created ReplicaSet finds which Pods to manage. @@ -71,14 +71,12 @@ In this example: Before you begin, make sure your Kubernetes cluster is up and running. Follow the steps given below to create the above Deployment: - 1. Create the Deployment by running the following command: ```shell kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml ``` - 2. Run `kubectl get deployments` to check if the Deployment was created. If the Deployment is still being created, the output is similar to the following: @@ -125,7 +123,7 @@ Follow the steps given below to create the above Deployment: * `AGE` displays the amount of time that the application has been running. Notice that the name of the ReplicaSet is always formatted as - `[DEPLOYMENT-NAME]-[HASH]`. This name will become the basis for the Pods + `[DEPLOYMENT-NAME]-[HASH]`. This name will become the basis for the Pods which are created. The `HASH` string is the same as the `pod-template-hash` label on the ReplicaSet. @@ -169,56 +167,56 @@ Follow the steps given below to update your Deployment: 1. Let's update the nginx Pods to use the `nginx:1.16.1` image instead of the `nginx:1.14.2` image. - ```shell - kubectl set image deployment.v1.apps/nginx-deployment nginx=nginx:1.16.1 - ``` + ```shell + kubectl set image deployment.v1.apps/nginx-deployment nginx=nginx:1.16.1 + ``` + + or use the following command: - or use the following command: + ```shell + kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 + ``` - ```shell - kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 - ``` - - The output is similar to: + The output is similar to: - ``` - deployment.apps/nginx-deployment image updated - ``` + ``` + deployment.apps/nginx-deployment image updated + ``` - Alternatively, you can `edit` the Deployment and change `.spec.template.spec.containers[0].image` from `nginx:1.14.2` to `nginx:1.16.1`: + Alternatively, you can `edit` the Deployment and change `.spec.template.spec.containers[0].image` from `nginx:1.14.2` to `nginx:1.16.1`: - ```shell - kubectl edit deployment/nginx-deployment - ``` + ```shell + kubectl edit deployment/nginx-deployment + ``` - The output is similar to: + The output is similar to: - ``` - deployment.apps/nginx-deployment edited - ``` + ``` + deployment.apps/nginx-deployment edited + ``` 2. To see the rollout status, run: - ```shell - kubectl rollout status deployment/nginx-deployment - ``` + ```shell + kubectl rollout status deployment/nginx-deployment + ``` - The output is similar to this: + The output is similar to this: - ``` - Waiting for rollout to finish: 2 out of 3 new replicas have been updated... - ``` + ``` + Waiting for rollout to finish: 2 out of 3 new replicas have been updated... + ``` - or + or - ``` - deployment "nginx-deployment" successfully rolled out - ``` + ``` + deployment "nginx-deployment" successfully rolled out + ``` Get more details on your updated Deployment: * After the rollout succeeds, you can view the Deployment by running `kubectl get deployments`. - The output is similar to this: + The output is similar to this: ```ini NAME READY UP-TO-DATE AVAILABLE AGE @@ -228,44 +226,44 @@ Get more details on your updated Deployment: * Run `kubectl get rs` to see that the Deployment updated the Pods by creating a new ReplicaSet and scaling it up to 3 replicas, as well as scaling down the old ReplicaSet to 0 replicas. - ```shell - kubectl get rs - ``` + ```shell + kubectl get rs + ``` - The output is similar to this: - ``` - NAME DESIRED CURRENT READY AGE - nginx-deployment-1564180365 3 3 3 6s - nginx-deployment-2035384211 0 0 0 36s - ``` + The output is similar to this: + ``` + NAME DESIRED CURRENT READY AGE + nginx-deployment-1564180365 3 3 3 6s + nginx-deployment-2035384211 0 0 0 36s + ``` * Running `get pods` should now show only the new Pods: - ```shell - kubectl get pods - ``` + ```shell + kubectl get pods + ``` - The output is similar to this: - ``` - NAME READY STATUS RESTARTS AGE - nginx-deployment-1564180365-khku8 1/1 Running 0 14s - nginx-deployment-1564180365-nacti 1/1 Running 0 14s - nginx-deployment-1564180365-z9gth 1/1 Running 0 14s - ``` + The output is similar to this: + ``` + NAME READY STATUS RESTARTS AGE + nginx-deployment-1564180365-khku8 1/1 Running 0 14s + nginx-deployment-1564180365-nacti 1/1 Running 0 14s + nginx-deployment-1564180365-z9gth 1/1 Running 0 14s + ``` - Next time you want to update these Pods, you only need to update the Deployment's Pod template again. + Next time you want to update these Pods, you only need to update the Deployment's Pod template again. - Deployment ensures that only a certain number of Pods are down while they are being updated. By default, - it ensures that at least 75% of the desired number of Pods are up (25% max unavailable). + Deployment ensures that only a certain number of Pods are down while they are being updated. By default, + it ensures that at least 75% of the desired number of Pods are up (25% max unavailable). - Deployment also ensures that only a certain number of Pods are created above the desired number of Pods. - By default, it ensures that at most 125% of the desired number of Pods are up (25% max surge). + Deployment also ensures that only a certain number of Pods are created above the desired number of Pods. + By default, it ensures that at most 125% of the desired number of Pods are up (25% max surge). - For example, if you look at the above Deployment closely, you will see that it first creates a new Pod, - then deletes an old Pod, and creates another new one. It does not kill old Pods until a sufficient number of - new Pods have come up, and does not create new Pods until a sufficient number of old Pods have been killed. - It makes sure that at least 3 Pods are available and that at max 4 Pods in total are available. In case of - a Deployment with 4 replicas, the number of Pods would be between 3 and 5. + For example, if you look at the above Deployment closely, you will see that it first creates a new Pod, + then deletes an old Pod, and creates another new one. It does not kill old Pods until a sufficient number of + new Pods have come up, and does not create new Pods until a sufficient number of old Pods have been killed. + It makes sure that at least 3 Pods are available and that at max 4 Pods in total are available. In case of + a Deployment with 4 replicas, the number of Pods would be between 3 and 5. * Get details of your Deployment: ```shell @@ -309,13 +307,13 @@ up to 3 replicas, as well as scaling down the old ReplicaSet to 0 replicas. Normal ScalingReplicaSet 19s deployment-controller Scaled down replica set nginx-deployment-2035384211 to 1 Normal ScalingReplicaSet 19s deployment-controller Scaled up replica set nginx-deployment-1564180365 to 3 Normal ScalingReplicaSet 14s deployment-controller Scaled down replica set nginx-deployment-2035384211 to 0 - ``` - Here you see that when you first created the Deployment, it created a ReplicaSet (nginx-deployment-2035384211) - and scaled it up to 3 replicas directly. When you updated the Deployment, it created a new ReplicaSet - (nginx-deployment-1564180365) and scaled it up to 1 and waited for it to come up. Then it scaled down the old ReplicaSet - to 2 and scaled up the new ReplicaSet to 2 so that at least 3 Pods were available and at most 4 Pods were created at all times. - It then continued scaling up and down the new and the old ReplicaSet, with the same rolling update strategy. - Finally, you'll have 3 available replicas in the new ReplicaSet, and the old ReplicaSet is scaled down to 0. + ``` + Here you see that when you first created the Deployment, it created a ReplicaSet (nginx-deployment-2035384211) + and scaled it up to 3 replicas directly. When you updated the Deployment, it created a new ReplicaSet + (nginx-deployment-1564180365) and scaled it up to 1 and waited for it to come up. Then it scaled down the old ReplicaSet + to 2 and scaled up the new ReplicaSet to 2 so that at least 3 Pods were available and at most 4 Pods were created at all times. + It then continued scaling up and down the new and the old ReplicaSet, with the same rolling update strategy. + Finally, you'll have 3 available replicas in the new ReplicaSet, and the old ReplicaSet is scaled down to 0. {{< note >}} Kubernetes doesn't count terminating Pods when calculating the number of `availableReplicas`, which must be between @@ -333,7 +331,7 @@ ReplicaSet is scaled to `.spec.replicas` and all old ReplicaSets is scaled to 0. If you update a Deployment while an existing rollout is in progress, the Deployment creates a new ReplicaSet as per the update and start scaling that up, and rolls over the ReplicaSet that it was scaling up previously - -- it will add it to its list of old ReplicaSets and start scaling it down. +-- it will add it to its list of old ReplicaSets and start scaling it down. For example, suppose you create a Deployment to create 5 replicas of `nginx:1.14.2`, but then update the Deployment to create 5 replicas of `nginx:1.16.1`, when only 3 @@ -378,107 +376,107 @@ rolled back. * Suppose that you made a typo while updating the Deployment, by putting the image name as `nginx:1.161` instead of `nginx:1.16.1`: - ```shell - kubectl set image deployment/nginx-deployment nginx=nginx:1.161 - ``` + ```shell + kubectl set image deployment/nginx-deployment nginx=nginx:1.161 + ``` - The output is similar to this: - ``` - deployment.apps/nginx-deployment image updated - ``` + The output is similar to this: + ``` + deployment.apps/nginx-deployment image updated + ``` * The rollout gets stuck. You can verify it by checking the rollout status: - ```shell - kubectl rollout status deployment/nginx-deployment - ``` + ```shell + kubectl rollout status deployment/nginx-deployment + ``` - The output is similar to this: - ``` - Waiting for rollout to finish: 1 out of 3 new replicas have been updated... - ``` + The output is similar to this: + ``` + Waiting for rollout to finish: 1 out of 3 new replicas have been updated... + ``` * Press Ctrl-C to stop the above rollout status watch. For more information on stuck rollouts, [read more here](#deployment-status). * You see that the number of old replicas (`nginx-deployment-1564180365` and `nginx-deployment-2035384211`) is 2, and new replicas (nginx-deployment-3066724191) is 1. - ```shell - kubectl get rs - ``` + ```shell + kubectl get rs + ``` - The output is similar to this: - ``` - NAME DESIRED CURRENT READY AGE - nginx-deployment-1564180365 3 3 3 25s - nginx-deployment-2035384211 0 0 0 36s - nginx-deployment-3066724191 1 1 0 6s - ``` + The output is similar to this: + ``` + NAME DESIRED CURRENT READY AGE + nginx-deployment-1564180365 3 3 3 25s + nginx-deployment-2035384211 0 0 0 36s + nginx-deployment-3066724191 1 1 0 6s + ``` * Looking at the Pods created, you see that 1 Pod created by new ReplicaSet is stuck in an image pull loop. - ```shell - kubectl get pods - ``` + ```shell + kubectl get pods + ``` - The output is similar to this: - ``` - NAME READY STATUS RESTARTS AGE - nginx-deployment-1564180365-70iae 1/1 Running 0 25s - nginx-deployment-1564180365-jbqqo 1/1 Running 0 25s - nginx-deployment-1564180365-hysrc 1/1 Running 0 25s - nginx-deployment-3066724191-08mng 0/1 ImagePullBackOff 0 6s - ``` + The output is similar to this: + ``` + NAME READY STATUS RESTARTS AGE + nginx-deployment-1564180365-70iae 1/1 Running 0 25s + nginx-deployment-1564180365-jbqqo 1/1 Running 0 25s + nginx-deployment-1564180365-hysrc 1/1 Running 0 25s + nginx-deployment-3066724191-08mng 0/1 ImagePullBackOff 0 6s + ``` - {{< note >}} - The Deployment controller stops the bad rollout automatically, and stops scaling up the new ReplicaSet. This depends on the rollingUpdate parameters (`maxUnavailable` specifically) that you have specified. Kubernetes by default sets the value to 25%. - {{< /note >}} + {{< note >}} + The Deployment controller stops the bad rollout automatically, and stops scaling up the new ReplicaSet. This depends on the rollingUpdate parameters (`maxUnavailable` specifically) that you have specified. Kubernetes by default sets the value to 25%. + {{< /note >}} * Get the description of the Deployment: - ```shell - kubectl describe deployment - ``` - - The output is similar to this: - ``` - Name: nginx-deployment - Namespace: default - CreationTimestamp: Tue, 15 Mar 2016 14:48:04 -0700 - Labels: app=nginx - Selector: app=nginx - Replicas: 3 desired | 1 updated | 4 total | 3 available | 1 unavailable - StrategyType: RollingUpdate - MinReadySeconds: 0 - RollingUpdateStrategy: 25% max unavailable, 25% max surge - Pod Template: - Labels: app=nginx - Containers: - nginx: - Image: nginx:1.161 - Port: 80/TCP - Host Port: 0/TCP - Environment: - Mounts: - Volumes: - Conditions: - Type Status Reason - ---- ------ ------ - Available True MinimumReplicasAvailable - Progressing True ReplicaSetUpdated - OldReplicaSets: nginx-deployment-1564180365 (3/3 replicas created) - NewReplicaSet: nginx-deployment-3066724191 (1/1 replicas created) - Events: - FirstSeen LastSeen Count From SubObjectPath Type Reason Message - --------- -------- ----- ---- ------------- -------- ------ ------- - 1m 1m 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-2035384211 to 3 - 22s 22s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-1564180365 to 1 - 22s 22s 1 {deployment-controller } Normal ScalingReplicaSet Scaled down replica set nginx-deployment-2035384211 to 2 - 22s 22s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-1564180365 to 2 - 21s 21s 1 {deployment-controller } Normal ScalingReplicaSet Scaled down replica set nginx-deployment-2035384211 to 1 - 21s 21s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-1564180365 to 3 - 13s 13s 1 {deployment-controller } Normal ScalingReplicaSet Scaled down replica set nginx-deployment-2035384211 to 0 - 13s 13s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-3066724191 to 1 - ``` + ```shell + kubectl describe deployment + ``` + + The output is similar to this: + ``` + Name: nginx-deployment + Namespace: default + CreationTimestamp: Tue, 15 Mar 2016 14:48:04 -0700 + Labels: app=nginx + Selector: app=nginx + Replicas: 3 desired | 1 updated | 4 total | 3 available | 1 unavailable + StrategyType: RollingUpdate + MinReadySeconds: 0 + RollingUpdateStrategy: 25% max unavailable, 25% max surge + Pod Template: + Labels: app=nginx + Containers: + nginx: + Image: nginx:1.161 + Port: 80/TCP + Host Port: 0/TCP + Environment: + Mounts: + Volumes: + Conditions: + Type Status Reason + ---- ------ ------ + Available True MinimumReplicasAvailable + Progressing True ReplicaSetUpdated + OldReplicaSets: nginx-deployment-1564180365 (3/3 replicas created) + NewReplicaSet: nginx-deployment-3066724191 (1/1 replicas created) + Events: + FirstSeen LastSeen Count From SubObjectPath Type Reason Message + --------- -------- ----- ---- ------------- -------- ------ ------- + 1m 1m 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-2035384211 to 3 + 22s 22s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-1564180365 to 1 + 22s 22s 1 {deployment-controller } Normal ScalingReplicaSet Scaled down replica set nginx-deployment-2035384211 to 2 + 22s 22s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-1564180365 to 2 + 21s 21s 1 {deployment-controller } Normal ScalingReplicaSet Scaled down replica set nginx-deployment-2035384211 to 1 + 21s 21s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-1564180365 to 3 + 13s 13s 1 {deployment-controller } Normal ScalingReplicaSet Scaled down replica set nginx-deployment-2035384211 to 0 + 13s 13s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-3066724191 to 1 + ``` To fix this, you need to rollback to a previous revision of Deployment that is stable. @@ -487,131 +485,131 @@ rolled back. Follow the steps given below to check the rollout history: 1. First, check the revisions of this Deployment: - ```shell - kubectl rollout history deployment/nginx-deployment - ``` - The output is similar to this: - ``` - deployments "nginx-deployment" - REVISION CHANGE-CAUSE - 1 kubectl apply --filename=https://k8s.io/examples/controllers/nginx-deployment.yaml - 2 kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 - 3 kubectl set image deployment/nginx-deployment nginx=nginx:1.161 - ``` - - `CHANGE-CAUSE` is copied from the Deployment annotation `kubernetes.io/change-cause` to its revisions upon creation. You can specify the`CHANGE-CAUSE` message by: - - * Annotating the Deployment with `kubectl annotate deployment/nginx-deployment kubernetes.io/change-cause="image updated to 1.16.1"` - * Manually editing the manifest of the resource. + ```shell + kubectl rollout history deployment/nginx-deployment + ``` + The output is similar to this: + ``` + deployments "nginx-deployment" + REVISION CHANGE-CAUSE + 1 kubectl apply --filename=https://k8s.io/examples/controllers/nginx-deployment.yaml + 2 kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 + 3 kubectl set image deployment/nginx-deployment nginx=nginx:1.161 + ``` + + `CHANGE-CAUSE` is copied from the Deployment annotation `kubernetes.io/change-cause` to its revisions upon creation. You can specify the`CHANGE-CAUSE` message by: + + * Annotating the Deployment with `kubectl annotate deployment/nginx-deployment kubernetes.io/change-cause="image updated to 1.16.1"` + * Manually editing the manifest of the resource. 2. To see the details of each revision, run: - ```shell - kubectl rollout history deployment/nginx-deployment --revision=2 - ``` - - The output is similar to this: - ``` - deployments "nginx-deployment" revision 2 - Labels: app=nginx - pod-template-hash=1159050644 - Annotations: kubernetes.io/change-cause=kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 - Containers: - nginx: - Image: nginx:1.16.1 - Port: 80/TCP - QoS Tier: - cpu: BestEffort - memory: BestEffort - Environment Variables: - No volumes. - ``` + ```shell + kubectl rollout history deployment/nginx-deployment --revision=2 + ``` + + The output is similar to this: + ``` + deployments "nginx-deployment" revision 2 + Labels: app=nginx + pod-template-hash=1159050644 + Annotations: kubernetes.io/change-cause=kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 + Containers: + nginx: + Image: nginx:1.16.1 + Port: 80/TCP + QoS Tier: + cpu: BestEffort + memory: BestEffort + Environment Variables: + No volumes. + ``` ### Rolling Back to a Previous Revision Follow the steps given below to rollback the Deployment from the current version to the previous version, which is version 2. 1. Now you've decided to undo the current rollout and rollback to the previous revision: - ```shell - kubectl rollout undo deployment/nginx-deployment - ``` + ```shell + kubectl rollout undo deployment/nginx-deployment + ``` - The output is similar to this: - ``` - deployment.apps/nginx-deployment rolled back - ``` - Alternatively, you can rollback to a specific revision by specifying it with `--to-revision`: + The output is similar to this: + ``` + deployment.apps/nginx-deployment rolled back + ``` + Alternatively, you can rollback to a specific revision by specifying it with `--to-revision`: - ```shell - kubectl rollout undo deployment/nginx-deployment --to-revision=2 - ``` + ```shell + kubectl rollout undo deployment/nginx-deployment --to-revision=2 + ``` - The output is similar to this: - ``` - deployment.apps/nginx-deployment rolled back - ``` + The output is similar to this: + ``` + deployment.apps/nginx-deployment rolled back + ``` - For more details about rollout related commands, read [`kubectl rollout`](/docs/reference/generated/kubectl/kubectl-commands#rollout). + For more details about rollout related commands, read [`kubectl rollout`](/docs/reference/generated/kubectl/kubectl-commands#rollout). - The Deployment is now rolled back to a previous stable revision. As you can see, a `DeploymentRollback` event - for rolling back to revision 2 is generated from Deployment controller. + The Deployment is now rolled back to a previous stable revision. As you can see, a `DeploymentRollback` event + for rolling back to revision 2 is generated from Deployment controller. 2. Check if the rollback was successful and the Deployment is running as expected, run: - ```shell - kubectl get deployment nginx-deployment - ``` - - The output is similar to this: - ``` - NAME READY UP-TO-DATE AVAILABLE AGE - nginx-deployment 3/3 3 3 30m - ``` + ```shell + kubectl get deployment nginx-deployment + ``` + + The output is similar to this: + ``` + NAME READY UP-TO-DATE AVAILABLE AGE + nginx-deployment 3/3 3 3 30m + ``` 3. Get the description of the Deployment: - ```shell - kubectl describe deployment nginx-deployment - ``` - The output is similar to this: - ``` - Name: nginx-deployment - Namespace: default - CreationTimestamp: Sun, 02 Sep 2018 18:17:55 -0500 - Labels: app=nginx - Annotations: deployment.kubernetes.io/revision=4 - kubernetes.io/change-cause=kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 - Selector: app=nginx - Replicas: 3 desired | 3 updated | 3 total | 3 available | 0 unavailable - StrategyType: RollingUpdate - MinReadySeconds: 0 - RollingUpdateStrategy: 25% max unavailable, 25% max surge - Pod Template: - Labels: app=nginx - Containers: - nginx: - Image: nginx:1.16.1 - Port: 80/TCP - Host Port: 0/TCP - Environment: - Mounts: - Volumes: - Conditions: - Type Status Reason - ---- ------ ------ - Available True MinimumReplicasAvailable - Progressing True NewReplicaSetAvailable - OldReplicaSets: - NewReplicaSet: nginx-deployment-c4747d96c (3/3 replicas created) - Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal ScalingReplicaSet 12m deployment-controller Scaled up replica set nginx-deployment-75675f5897 to 3 - Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-c4747d96c to 1 - Normal ScalingReplicaSet 11m deployment-controller Scaled down replica set nginx-deployment-75675f5897 to 2 - Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-c4747d96c to 2 - Normal ScalingReplicaSet 11m deployment-controller Scaled down replica set nginx-deployment-75675f5897 to 1 - Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-c4747d96c to 3 - Normal ScalingReplicaSet 11m deployment-controller Scaled down replica set nginx-deployment-75675f5897 to 0 - Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-595696685f to 1 - Normal DeploymentRollback 15s deployment-controller Rolled back deployment "nginx-deployment" to revision 2 - Normal ScalingReplicaSet 15s deployment-controller Scaled down replica set nginx-deployment-595696685f to 0 - ``` + ```shell + kubectl describe deployment nginx-deployment + ``` + The output is similar to this: + ``` + Name: nginx-deployment + Namespace: default + CreationTimestamp: Sun, 02 Sep 2018 18:17:55 -0500 + Labels: app=nginx + Annotations: deployment.kubernetes.io/revision=4 + kubernetes.io/change-cause=kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 + Selector: app=nginx + Replicas: 3 desired | 3 updated | 3 total | 3 available | 0 unavailable + StrategyType: RollingUpdate + MinReadySeconds: 0 + RollingUpdateStrategy: 25% max unavailable, 25% max surge + Pod Template: + Labels: app=nginx + Containers: + nginx: + Image: nginx:1.16.1 + Port: 80/TCP + Host Port: 0/TCP + Environment: + Mounts: + Volumes: + Conditions: + Type Status Reason + ---- ------ ------ + Available True MinimumReplicasAvailable + Progressing True NewReplicaSetAvailable + OldReplicaSets: + NewReplicaSet: nginx-deployment-c4747d96c (3/3 replicas created) + Events: + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal ScalingReplicaSet 12m deployment-controller Scaled up replica set nginx-deployment-75675f5897 to 3 + Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-c4747d96c to 1 + Normal ScalingReplicaSet 11m deployment-controller Scaled down replica set nginx-deployment-75675f5897 to 2 + Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-c4747d96c to 2 + Normal ScalingReplicaSet 11m deployment-controller Scaled down replica set nginx-deployment-75675f5897 to 1 + Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-c4747d96c to 3 + Normal ScalingReplicaSet 11m deployment-controller Scaled down replica set nginx-deployment-75675f5897 to 0 + Normal ScalingReplicaSet 11m deployment-controller Scaled up replica set nginx-deployment-595696685f to 1 + Normal DeploymentRollback 15s deployment-controller Rolled back deployment "nginx-deployment" to revision 2 + Normal ScalingReplicaSet 15s deployment-controller Scaled down replica set nginx-deployment-595696685f to 0 + ``` ## Scaling a Deployment @@ -658,26 +656,26 @@ For example, you are running a Deployment with 10 replicas, [maxSurge](#max-surg ``` * You update to a new image which happens to be unresolvable from inside the cluster. - ```shell - kubectl set image deployment/nginx-deployment nginx=nginx:sometag - ``` + ```shell + kubectl set image deployment/nginx-deployment nginx=nginx:sometag + ``` - The output is similar to this: - ``` - deployment.apps/nginx-deployment image updated - ``` + The output is similar to this: + ``` + deployment.apps/nginx-deployment image updated + ``` * The image update starts a new rollout with ReplicaSet nginx-deployment-1989198191, but it's blocked due to the `maxUnavailable` requirement that you mentioned above. Check out the rollout status: - ```shell - kubectl get rs - ``` - The output is similar to this: - ``` - NAME DESIRED CURRENT READY AGE - nginx-deployment-1989198191 5 5 0 9s - nginx-deployment-618515232 8 8 8 1m - ``` + ```shell + kubectl get rs + ``` + The output is similar to this: + ``` + NAME DESIRED CURRENT READY AGE + nginx-deployment-1989198191 5 5 0 9s + nginx-deployment-618515232 8 8 8 1m + ``` * Then a new scaling request for the Deployment comes along. The autoscaler increments the Deployment replicas to 15. The Deployment controller needs to decide where to add these new 5 replicas. If you weren't using @@ -741,103 +739,103 @@ apply multiple fixes in between pausing and resuming without triggering unnecess ``` * Pause by running the following command: - ```shell - kubectl rollout pause deployment/nginx-deployment - ``` + ```shell + kubectl rollout pause deployment/nginx-deployment + ``` - The output is similar to this: - ``` - deployment.apps/nginx-deployment paused - ``` + The output is similar to this: + ``` + deployment.apps/nginx-deployment paused + ``` * Then update the image of the Deployment: - ```shell - kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 - ``` + ```shell + kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 + ``` - The output is similar to this: - ``` - deployment.apps/nginx-deployment image updated - ``` + The output is similar to this: + ``` + deployment.apps/nginx-deployment image updated + ``` * Notice that no new rollout started: - ```shell - kubectl rollout history deployment/nginx-deployment - ``` - - The output is similar to this: - ``` - deployments "nginx" - REVISION CHANGE-CAUSE - 1 - ``` + ```shell + kubectl rollout history deployment/nginx-deployment + ``` + + The output is similar to this: + ``` + deployments "nginx" + REVISION CHANGE-CAUSE + 1 + ``` * Get the rollout status to verify that the existing ReplicaSet has not changed: - ```shell - kubectl get rs - ``` + ```shell + kubectl get rs + ``` - The output is similar to this: - ``` - NAME DESIRED CURRENT READY AGE - nginx-2142116321 3 3 3 2m - ``` + The output is similar to this: + ``` + NAME DESIRED CURRENT READY AGE + nginx-2142116321 3 3 3 2m + ``` * You can make as many updates as you wish, for example, update the resources that will be used: - ```shell - kubectl set resources deployment/nginx-deployment -c=nginx --limits=cpu=200m,memory=512Mi - ``` + ```shell + kubectl set resources deployment/nginx-deployment -c=nginx --limits=cpu=200m,memory=512Mi + ``` - The output is similar to this: - ``` - deployment.apps/nginx-deployment resource requirements updated - ``` + The output is similar to this: + ``` + deployment.apps/nginx-deployment resource requirements updated + ``` - The initial state of the Deployment prior to pausing its rollout will continue its function, but new updates to - the Deployment will not have any effect as long as the Deployment rollout is paused. + The initial state of the Deployment prior to pausing its rollout will continue its function, but new updates to + the Deployment will not have any effect as long as the Deployment rollout is paused. * Eventually, resume the Deployment rollout and observe a new ReplicaSet coming up with all the new updates: - ```shell - kubectl rollout resume deployment/nginx-deployment - ``` - - The output is similar to this: - ``` - deployment.apps/nginx-deployment resumed - ``` + ```shell + kubectl rollout resume deployment/nginx-deployment + ``` + + The output is similar to this: + ``` + deployment.apps/nginx-deployment resumed + ``` * Watch the status of the rollout until it's done. - ```shell - kubectl get rs -w - ``` - - The output is similar to this: - ``` - NAME DESIRED CURRENT READY AGE - nginx-2142116321 2 2 2 2m - nginx-3926361531 2 2 0 6s - nginx-3926361531 2 2 1 18s - nginx-2142116321 1 2 2 2m - nginx-2142116321 1 2 2 2m - nginx-3926361531 3 2 1 18s - nginx-3926361531 3 2 1 18s - nginx-2142116321 1 1 1 2m - nginx-3926361531 3 3 1 18s - nginx-3926361531 3 3 2 19s - nginx-2142116321 0 1 1 2m - nginx-2142116321 0 1 1 2m - nginx-2142116321 0 0 0 2m - nginx-3926361531 3 3 3 20s - ``` + ```shell + kubectl get rs -w + ``` + + The output is similar to this: + ``` + NAME DESIRED CURRENT READY AGE + nginx-2142116321 2 2 2 2m + nginx-3926361531 2 2 0 6s + nginx-3926361531 2 2 1 18s + nginx-2142116321 1 2 2 2m + nginx-2142116321 1 2 2 2m + nginx-3926361531 3 2 1 18s + nginx-3926361531 3 2 1 18s + nginx-2142116321 1 1 1 2m + nginx-3926361531 3 3 1 18s + nginx-3926361531 3 3 2 19s + nginx-2142116321 0 1 1 2m + nginx-2142116321 0 1 1 2m + nginx-2142116321 0 0 0 2m + nginx-3926361531 3 3 3 20s + ``` * Get the status of the latest rollout: - ```shell - kubectl get rs - ``` - - The output is similar to this: - ``` - NAME DESIRED CURRENT READY AGE - nginx-2142116321 0 0 0 2m - nginx-3926361531 3 3 3 28s - ``` + ```shell + kubectl get rs + ``` + + The output is similar to this: + ``` + NAME DESIRED CURRENT READY AGE + nginx-2142116321 0 0 0 2m + nginx-3926361531 3 3 3 28s + ``` {{< note >}} You cannot rollback a paused Deployment until you resume it. {{< /note >}} @@ -1084,9 +1082,9 @@ For general information about working with config files, see configuring containers, and [using kubectl to manage resources](/docs/concepts/overview/working-with-objects/object-management/) documents. When the control plane creates new Pods for a Deployment, the `.metadata.name` of the -Deployment is part of the basis for naming those Pods. The name of a Deployment must be a valid +Deployment is part of the basis for naming those Pods. The name of a Deployment must be a valid [DNS subdomain](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names) -value, but this can produce unexpected results for the Pod hostnames. For best compatibility, +value, but this can produce unexpected results for the Pod hostnames. For best compatibility, the name should follow the more restrictive rules for a [DNS label](/docs/concepts/overview/working-with-objects/names#dns-label-names). @@ -1153,11 +1151,11 @@ the default value. All existing Pods are killed before new ones are created when `.spec.strategy.type==Recreate`. {{< note >}} -This will only guarantee Pod termination previous to creation for upgrades. If you upgrade a Deployment, all Pods -of the old revision will be terminated immediately. Successful removal is awaited before any Pod of the new -revision is created. If you manually delete a Pod, the lifecycle is controlled by the ReplicaSet and the -replacement will be created immediately (even if the old Pod is still in a Terminating state). If you need an -"at most" guarantee for your Pods, you should consider using a +This will only guarantee Pod termination previous to creation for upgrades. If you upgrade a Deployment, all Pods +of the old revision will be terminated immediately. Successful removal is awaited before any Pod of the new +revision is created. If you manually delete a Pod, the lifecycle is controlled by the ReplicaSet and the +replacement will be created immediately (even if the old Pod is still in a Terminating state). If you need an +"at most" guarantee for your Pods, you should consider using a [StatefulSet](/docs/concepts/workloads/controllers/statefulset/). {{< /note >}} From 6337acdd9d77c47656bcb98423805f5f4d6b4ea6 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sat, 18 Feb 2023 16:05:30 +0800 Subject: [PATCH 112/537] [zh] Resync page device-plugins --- .../compute-storage-net/device-plugins.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md index 751560ef429db..2b0a54b4e2dd2 100644 --- a/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md +++ b/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md @@ -141,10 +141,10 @@ spec: The general workflow of a device plugin includes the following steps: 1. Initialization. During this phase, the device plugin performs vendor-specific - initialization and setup to make sure the devices are in a ready state. + initialization and setup to make sure the devices are in a ready state. 1. The plugin starts a gRPC service, with a Unix socket under the host path - `/var/lib/kubelet/device-plugins/`, that implements the following interfaces: + `/var/lib/kubelet/device-plugins/`, that implements the following interfaces: --> ## 设备插件的实现 {#device-plugin-implementation} @@ -348,7 +348,7 @@ of the device allocations during the upgrade. 采用该方法将确保升级期间设备分配的连续运行。 ## 监控设备插件资源 {#monitoring-device-plugin-resources} @@ -375,7 +375,7 @@ for these devices: kubelet 提供了 gRPC 服务来使得正在使用中的设备被发现,并且还为这些设备提供了元数据: ```gRPC -// PodResourcesLister 是一个由 kubelet 提供的服务,用来提供供节点上 +// PodResourcesLister 是一个由 kubelet 提供的服务,用来提供供节点上 // Pod 和容器使用的节点资源的信息 service PodResourcesLister { rpc List(ListPodResourcesRequest) returns (ListPodResourcesResponse) {} @@ -383,6 +383,9 @@ service PodResourcesLister { } ``` + ### `List` gRPC 端点 {#grpc-endpoint-list} @@ -535,7 +538,7 @@ NUMA 单元通过一个整数 ID 来标识,其取值与设备插件所报告 The gRPC service is served over a unix socket at `/var/lib/kubelet/pod-resources/kubelet.sock`. Monitoring agents for device plugin resources can be deployed as a daemon, or as a DaemonSet. The canonical directory `/var/lib/kubelet/pod-resources` requires privileged access, so monitoring -agents must run in a privileged security context. If a device monitoring agent is running as a +agents must run in a privileged security context. If a device monitoring agent is running as a DaemonSet, `/var/lib/kubelet/pod-resources` must be mounted as a {{< glossary_tooltip term_id="volume" >}} in the device monitoring agent's [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core). @@ -591,7 +594,7 @@ resource assignment decisions. `TopologyInfo` supports setting a `nodes` field to either `nil` or a list of NUMA nodes. This allows the Device Plugin to advertise a device that spans multiple NUMA nodes. -Setting `TopologyInfo` to `nil` or providing an empty list of NUMA nodes for a given device +Setting `TopologyInfo` to `nil` or providing an empty list of NUMA nodes for a given device indicates that the Device Plugin does not have a NUMA affinity preference for that device. An example `TopologyInfo` struct populated for a device by a Device Plugin: From 6a05d3004e7c262189df3d5c683152ae21b53f92 Mon Sep 17 00:00:00 2001 From: coder2835 <83513452+coder2835@users.noreply.github.com> Date: Mon, 13 Feb 2023 19:39:15 +0530 Subject: [PATCH 113/537] Add note about checking kubectl version In "Test to ensure the version you installed is up-to-date:", the command "kubectl version --client" is given but on running it on my system it says "This version information is deprecated and will be replaced with the output from kubectl version --short". But kubectl --short also gives a warning. So I thought it would be best to update the docs to add a note to ignore this warning. Co-Authored-By: Tim Bannister --- content/en/docs/tasks/tools/install-kubectl-linux.md | 10 ++++++++++ content/en/docs/tasks/tools/install-kubectl-macos.md | 11 +++++++++++ .../en/docs/tasks/tools/install-kubectl-windows.md | 10 ++++++++++ 3 files changed, 31 insertions(+) diff --git a/content/en/docs/tasks/tools/install-kubectl-linux.md b/content/en/docs/tasks/tools/install-kubectl-linux.md index a48dcd654e617..6752a7a4a28db 100644 --- a/content/en/docs/tasks/tools/install-kubectl-linux.md +++ b/content/en/docs/tasks/tools/install-kubectl-linux.md @@ -95,6 +95,16 @@ For example, to download version {{< param "fullversion" >}} on Linux, type: ```bash kubectl version --client ``` + {{< note >}} + The above command will generate a warning: + ``` + WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. + ``` + You can ignore this warning. You are only checking the version of `kubectl` that you + have installed. + + {{< /note >}} + Or use this for detailed view of version: ```cmd diff --git a/content/en/docs/tasks/tools/install-kubectl-macos.md b/content/en/docs/tasks/tools/install-kubectl-macos.md index a02b027b2808b..8b384979ad578 100644 --- a/content/en/docs/tasks/tools/install-kubectl-macos.md +++ b/content/en/docs/tasks/tools/install-kubectl-macos.md @@ -116,6 +116,17 @@ The following methods exist for installing kubectl on macOS: ```bash kubectl version --client ``` + + {{< note >}} + The above command will generate a warning: + ``` + WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. + ``` + You can ignore this warning. You are only checking the version of `kubectl` that you + have installed. + + {{< /note >}} + Or use this for detailed view of version: ```cmd diff --git a/content/en/docs/tasks/tools/install-kubectl-windows.md b/content/en/docs/tasks/tools/install-kubectl-windows.md index 235e6f548009c..4717ef16a8c8c 100644 --- a/content/en/docs/tasks/tools/install-kubectl-windows.md +++ b/content/en/docs/tasks/tools/install-kubectl-windows.md @@ -66,6 +66,16 @@ The following methods exist for installing kubectl on Windows: ```cmd kubectl version --client ``` + {{< note >}} + The above command will generate a warning: + ``` + WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. + ``` + You can ignore this warning. You are only checking the version of `kubectl` that you + have installed. + + {{< /note >}} + Or use this for detailed view of version: ```cmd From 99b7d29a3038fd14ff8d94fa49df2fb3425f1ce3 Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sat, 18 Feb 2023 10:15:10 -0300 Subject: [PATCH 114/537] Propose mrerlison as a reviewer for the pt-br docs --- OWNERS_ALIASES | 1 + 1 file changed, 1 insertion(+) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 7b89fd113741a..22c9332976326 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -168,6 +168,7 @@ aliases: - edsoncelio - femrtnz - jcjesus + - mrerlison - rikatz - stormqueen1990 - yagonobre From e5545e0e6cc45e51ea9a1810dabd9b43542192ab Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 18 Jan 2023 11:35:14 +0800 Subject: [PATCH 115/537] [zh] sync /storage/persistent-volumes.md --- .../concepts/storage/persistent-volumes.md | 536 +++++++++++++----- 1 file changed, 401 insertions(+), 135 deletions(-) diff --git a/content/zh-cn/docs/concepts/storage/persistent-volumes.md b/content/zh-cn/docs/concepts/storage/persistent-volumes.md index 487337b263b5b..4522f0e6fcdd9 100644 --- a/content/zh-cn/docs/concepts/storage/persistent-volumes.md +++ b/content/zh-cn/docs/concepts/storage/persistent-volumes.md @@ -28,7 +28,8 @@ weight: 20 本文描述 Kubernetes 中的**持久卷(Persistent Volume)** 。 建议先熟悉[卷(Volume)](/zh-cn/docs/concepts/storage/volumes/)的概念。 @@ -38,7 +39,10 @@ This document describes _persistent volumes_ in Kubernetes. Familiarity with [vo ## 介绍 {#introduction} @@ -58,7 +62,11 @@ A _PersistentVolume_ (PV) is a piece of storage in the cluster that has been pro 此 API 对象中记述了存储的实现细节,无论其背后是 NFS、iSCSI 还是特定于云平台的存储系统。 **持久卷申领(PersistentVolumeClaim,PVC)** 表达的是用户对存储的请求。概念上与 Pod 类似。 Pod 会耗用节点资源,而 PVC 申领会耗用 PV 资源。Pod 可以请求特定数量的资源(CPU @@ -67,7 +75,12 @@ Pod 会耗用节点资源,而 PVC 申领会耗用 PV 资源。Pod 可以请求 模式之一来挂载,参见[访问模式](#access-modes))。 @@ -82,7 +95,8 @@ See the [detailed walkthrough with working examples](/docs/tasks/configure-pod-c #### 静态制备 {#static} @@ -129,14 +145,15 @@ dynamic provisioning for themselves. -为了基于存储类完成动态的存储制备,集群管理员需要在 API 服务器上启用 -`DefaultStorageClass` [准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass)。 +为了基于存储类完成动态的存储制备,集群管理员需要在 API 服务器上启用 `DefaultStorageClass` +[准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass)。 举例而言,可以通过保证 `DefaultStorageClass` 出现在 API 服务器组件的 `--enable-admission-plugins` 标志值中实现这点;该标志的值可以是逗号分隔的有序列表。 关于 API 服务器标志的更多信息,可以参考 @@ -146,7 +163,16 @@ check [kube-apiserver](/docs/admin/kube-apiserver/) documentation. ### 绑定 {#binding} @@ -162,7 +188,10 @@ PVC 申领与 PV 卷之间的绑定是一种一对一的映射,实现上使用 PV 卷与 PVC 申领间的双向绑定关系。 如果找不到匹配的 PV 卷,PVC 申领会无限期地处于未绑定状态。 当与之匹配的 PV 卷可用时,PVC 申领会被绑定。 @@ -173,7 +202,10 @@ Claims will remain unbound indefinitely if a matching volume does not exist. Cla ### 使用 {#using} @@ -182,7 +214,10 @@ Pod 将 PVC 申领当做存储卷来使用。集群会检视 PVC 申领,找到 用户要在 Pod 中以卷的形式使用申领时指定期望的访问模式。 一旦用户有了申领对象并且该申领已经被绑定, 则所绑定的 PV 卷在用户仍然需要它期间一直属于该用户。 @@ -193,7 +228,9 @@ Once a user has a claim and that claim is bound, the bound PV belongs to the use ### 保护使用中的存储对象 {#storage-object-in-use-protection} @@ -201,17 +238,21 @@ The purpose of the Storage Object in Use Protection feature is to ensure that Pe 这一功能特性的目的是确保仍被 Pod 使用的 PersistentVolumeClaim(PVC) 对象及其所绑定的 PersistentVolume(PV)对象在系统中不会被删除,因为这样做可能会引起数据丢失。 +{{< note >}} -{{< note >}} 当使用某 PVC 的 Pod 对象仍然存在时,认为该 PVC 仍被此 Pod 使用。 {{< /note >}} 如果用户删除被某 Pod 使用的 PVC 对象,该 PVC 申领不会被立即移除。 PVC 对象的移除会被推迟,直至其不再被任何 Pod 使用。 @@ -238,7 +279,8 @@ Finalizers: [kubernetes.io/pvc-protection] ``` 你也可以看到当 PV 对象的状态为 `Terminating` 且其 `Finalizers` 列表中包含 `kubernetes.io/pv-protection` 时,PV 对象是处于被保护状态的。 @@ -268,7 +310,10 @@ Events: ### 回收(Reclaiming) {#reclaiming} @@ -280,7 +325,11 @@ When a user is done with their volume, they can delete the PVC objects from the #### 保留(Retain) {#retain} @@ -290,11 +339,13 @@ The `Retain` reclaim policy allows for manual reclamation of the resource. When 管理员可以通过下面的步骤来手动回收该卷: 1. 删除 PersistentVolume 对象。与之相关的、位于外部基础设施中的存储资产 (例如 AWS EBS、GCE PD、Azure Disk 或 Cinder 卷)在 PV 删除之后仍然存在。 @@ -306,7 +357,15 @@ If you want to reuse the same storage asset, create a new PersistentVolume with #### 删除(Delete) {#delete} @@ -320,17 +379,21 @@ Cinder 卷)中移除所关联的存储资产。 #### 回收(Recycle) {#recycle} {{< warning >}} + 回收策略 `Recycle` 已被废弃。取而代之的建议方案是使用动态制备。 {{< /warning >}} + 如果下层的卷插件支持,回收策略 `Recycle` 会在卷上执行一些基本的擦除 (`rm -rf /thevolume/*`)操作,之后允许该卷用于新的 PVC 申领。 @@ -341,9 +404,8 @@ the Kubernetes controller manager command line arguments as described in the The custom recycler Pod template must contain a `volumes` specification, as shown in the example below: --> -不过,管理员可以按 -[参考资料](/zh-cn/docs/reference/command-line-tools-reference/kube-controller-manager/) -中所述,使用 Kubernetes 控制器管理器命令行参数来配置一个定制的回收器(Recycler) +不过,管理员可以按[参考资料](/zh-cn/docs/reference/command-line-tools-reference/kube-controller-manager/)中所述, +使用 Kubernetes 控制器管理器命令行参数来配置一个定制的回收器(Recycler) Pod 模板。此定制的回收器 Pod 模板必须包含一个 `volumes` 规约,如下例所示: ```yaml @@ -368,27 +430,32 @@ spec: ``` 定制回收器 Pod 模板中在 `volumes` 部分所指定的特定路径要替换为正被回收的卷的路径。 ### PersistentVolume 删除保护 finalizer {#persistentvolume-deletion-protection-finalizer} + {{< feature-state for_k8s_version="v1.23" state="alpha" >}} + 可以在 PersistentVolume 上添加终结器(Finalizer), 以确保只有在删除对应的存储后才删除具有 `Delete` 回收策略的 PersistentVolume。 新引入的 `kubernetes.io/pv-controller` 和 `external-provisioner.volume.kubernetes.io/finalizer` 终结器仅会被添加到动态制备的卷上。 @@ -398,6 +465,8 @@ The finalizer `kubernetes.io/pv-controller` is added to in-tree plugin volumes. ```shell kubectl describe pv pvc-74a498d6-3929-47e8-8c02-078c1ece4d78 +``` +```none Name: pvc-74a498d6-3929-47e8-8c02-078c1ece4d78 Labels: Annotations: kubernetes.io/createdby: vsphere-volume-dynamic-provisioner @@ -427,7 +496,7 @@ The following is an example: --> 终结器 `external-provisioner.volume.kubernetes.io/finalizer` 会被添加到 CSI 卷上。下面是一个例子: -```shell +```none Name: pvc-2f0bab97-85a8-4552-8044-eb8be45cf48d Labels: Annotations: pv.kubernetes.io/provisioned-by: csi.vsphere.vmware.com @@ -463,8 +532,8 @@ the `kubernetes.io/pv-controller` finalizer is replaced by the ### 预留 PersistentVolume {#reserving-a-persistentvolume} @@ -472,8 +541,10 @@ cluster. However, if you want a PVC to bind to a specific PV, you need to pre-bi 但是,如果你希望 PVC 绑定到特定 PV,则需要预先绑定它们。 通过在 PersistentVolumeClaim 中指定 PersistentVolume,你可以声明该特定 PV 与 PVC 之间的绑定关系。如果该 PersistentVolume 存在且未被通过其 @@ -482,7 +553,8 @@ PV 与 PVC 之间的绑定关系。如果该 PersistentVolume 存在且未被通 绑定操作不会考虑某些卷匹配条件是否满足,包括节点亲和性等等。 控制面仍然会检查[存储类](/zh-cn/docs/concepts/storage/storage-classes/)、 @@ -501,7 +573,10 @@ spec: ``` 此方法无法对 PersistentVolume 的绑定特权做出任何形式的保证。 如果有其他 PersistentVolumeClaim 可以使用你所指定的 PV, @@ -548,7 +623,6 @@ the following types of volumes: * {{< glossary_tooltip text="csi" term_id="csi" >}} * flexVolume (已弃用) * gcePersistentDisk -* glusterfs (已弃用) * rbd * portworxVolume @@ -581,6 +655,7 @@ new PersistentVolume is never created to satisfy the claim. Instead, an existing Kubernetes 不会创建新的 PV 卷来满足此申领的请求。 与之相反,现有的卷会被调整大小。 +{{< warning >}} -{{< warning >}} 直接编辑 PersistentVolume 的大小可以阻止该卷自动调整大小。 如果对 PersistentVolume 的容量进行编辑,然后又将其所对应的 PersistentVolumeClaim 的 `.spec` 进行编辑,使该 PersistentVolumeClaim @@ -607,7 +681,9 @@ Kubernetes 控制平面将看到两个资源的所需状态匹配, {{< feature-state for_k8s_version="v1.24" state="stable" >}} 对 CSI 卷的扩充能力默认是被启用的,不过扩充 CSI 卷要求 CSI 驱动支持卷扩充操作。可参阅特定 CSI 驱动的文档了解更多信息。 @@ -659,17 +735,18 @@ Similar to other volume types - FlexVolume volumes can also be expanded when in- --> 与其他卷类型类似,FlexVolume 卷也可以在被 Pod 使用期间执行扩充操作。 +{{< note >}} -{{< note >}} FlexVolume 卷的重设大小只能在下层驱动支持重设大小的时候才可进行。 {{< /note >}} +{{< note >}} -{{< note >}} 扩充 EBS 卷的操作非常耗时。同时还存在另一个配额限制: 每 6 小时只能执行一次(尺寸)修改操作。 {{< /note >}} @@ -677,7 +754,10 @@ Expanding EBS volumes is a time-consuming operation. Also, there is a per-volume #### 处理扩充卷过程中的失败 {#recovering-from-failure-when-expanding-volumes} @@ -689,17 +769,24 @@ If a user specifies a new size that is too big to be satisfied by underlying sto {{% tab name="集群管理员手动处理" %}} 如果扩充下层存储的操作失败,集群管理员可以手动地恢复 PVC 申领的状态并取消重设大小的请求。否则,在没有管理员干预的情况下, 控制器会反复重试重设大小的操作。 1. 将绑定到 PVC 申领的 PV 卷标记为 `Retain` 回收策略。 @@ -714,10 +801,14 @@ If expanding underlying storage fails, the cluster administrator can manually re {{% tab name="通过请求扩展为更小尺寸" %}} {{% feature-state for_k8s_version="v1.23" state="alpha" %}} +{{< note >}} -{{< note >}} Kubernetes 从 1.23 版本开始将允许用户恢复失败的 PVC 扩展这一能力作为 alpha 特性支持。`RecoverVolumeExpansionFailure` 必须被启用以允许使用此特性。 可参考[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/) @@ -732,7 +823,8 @@ smaller proposed size, edit `.spec.resources` for that PVC and choose a value th value you previously tried. This is useful if expansion to a higher value did not succeed because of capacity constraint. If that has happened, or you suspect that it might have, you can retry expansion by specifying a -size that is within the capacity limits of underlying storage provider. You can monitor status of resize operation by watching `.status.resizeStatus` and events on the PVC. +size that is within the capacity limits of underlying storage provider. You can monitor status of +resize operation by watching `.status.resizeStatus` and events on the PVC. --> 如果集群中的特性门控 `RecoverVolumeExpansionFailure` 已启用,在 PVC 的扩展发生失败时,你可以使用比先前请求的值更小的尺寸来重试扩展。 @@ -756,11 +848,10 @@ Kubernetes 不支持将 PVC 缩小到小于其当前的尺寸。 {{% /tab %}} {{% /tabs %}} - ## 持久卷的类型 {#types-of-persistent-volumes} @@ -791,7 +882,8 @@ PV 持久卷是用插件的形式来实现的。Kubernetes 目前支持以下插 * [`rbd`](/zh-cn/docs/concepts/storage/volumes/#rbd) - Rados 块设备 (RBD) 卷 - 以下的持久卷已被弃用。这意味着当前仍是支持的,但是 Kubernetes 将来的发行版会将其移除。 * [`awsElasticBlockStore`](/zh-cn/docs/concepts/storage/volumes/#awselasticblockstore) - AWS 弹性块存储(EBS) @@ -825,8 +914,6 @@ The following types of PersistentVolume are deprecated. This means that support * [`flexVolume`](/zh-cn/docs/concepts/storage/volumes/#flexVolume) - FlexVolume (于 v1.23 **弃用**) * [`gcePersistentDisk`](/zh-cn/docs/concepts/storage/volumes/#gcepersistentdisk) - GCE Persistent Disk (于 v1.17 **弃用**) -* [`glusterfs`](/zh-cn/docs/concepts/storage/volumes/#glusterfs) - Glusterfs 卷 - (于 v1.25 **弃用**) * [`portworxVolume`](/zh-cn/docs/concepts/storage/volumes/#portworxvolume) - Portworx 卷 (于 v1.25 **弃用**) * [`vsphereVolume`](/zh-cn/docs/concepts/storage/volumes/#vspherevolume) - vSphere VMDK 卷 @@ -892,10 +979,13 @@ spec: server: 172.17.0.2 ``` +{{< note >}} -{{< note >}} 在集群中使用持久卷存储通常需要一些特定于具体卷类型的辅助程序。 在这个例子中,PersistentVolume 是 NFS 类型的,因此需要辅助程序 `/sbin/mount.nfs` 来支持挂载 NFS 文件系统。 @@ -904,9 +994,13 @@ Helper programs relating to the volume type may be required for consumption of a ### 容量 {#capacity} @@ -962,7 +1056,12 @@ Pod 和卷之间不存在文件系统层。另外,Pod 中运行的应用必须 ### 访问模式 {#access-modes} @@ -974,8 +1073,9 @@ PersistentVolume 卷可以用资源提供者所支持的任何方式挂载到宿 访问模式有: `ReadWriteOnce` : 卷可以被一个节点以读写方式挂载。 -ReadWriteOnce 访问模式也允许运行在同一节点上的多个 Pod 访问卷。 + ReadWriteOnce 访问模式也允许运行在同一节点上的多个 Pod 访问卷。 `ReadOnlyMany` : 卷可以被多个节点以只读方式挂载。 @@ -1002,8 +1107,8 @@ ReadWriteOnce 访问模式也允许运行在同一节点上的多个 Pod 访问 `ReadWriteOncePod` : 卷可以被单个 Pod 以读写方式挂载。 -如果你想确保整个集群中只有一个 Pod 可以读取或写入该 PVC, -请使用 ReadWriteOncePod 访问模式。这只支持 CSI 卷以及需要 Kubernetes 1.22 以上版本。 + 如果你想确保整个集群中只有一个 Pod 可以读取或写入该 PVC, + 请使用 ReadWriteOncePod 访问模式。这只支持 CSI 卷以及需要 Kubernetes 1.22 以上版本。 这篇博客文章 [Introducing Single Pod Access Mode for PersistentVolumes](/blog/2021/09/13/read-write-once-pod-access-mode-alpha/) 描述了更详细的内容。 @@ -1028,9 +1133,10 @@ In the CLI, the access modes are abbreviated to: Kubernetes uses volume access modes to match PersistentVolumeClaims and PersistentVolumes. In some cases, the volume access modes also constrain where the PersistentVolume can be mounted. Volume access modes do **not** enforce write protection once the storage has been mounted. -Even if the access modes are specified as ReadWriteOnce, ReadOnlyMany, or ReadWriteMany, they don't set any constraints on the volume. -For example, even if a PersistentVolume is created as ReadOnlyMany, it is no guarantee that it will be read-only. -If the access modes are specified as ReadWriteOncePod, the volume is constrained and can be mounted on only a single Pod. +Even if the access modes are specified as ReadWriteOnce, ReadOnlyMany, or ReadWriteMany, +they don't set any constraints on the volume. For example, even if a PersistentVolume is +created as ReadOnlyMany, it is no guarantee that it will be read-only. If the access modes +are specified as ReadWriteOncePod, the volume is constrained and can be mounted on only a single Pod. --> Kubernetes 使用卷访问模式来匹配 PersistentVolumeClaim 和 PersistentVolume。 在某些场合下,卷访问模式也会限制 PersistentVolume 可以挂载的位置。 @@ -1041,7 +1147,9 @@ Kubernetes 使用卷访问模式来匹配 PersistentVolumeClaim 和 PersistentVo {{< /note >}} > **重要提醒!** 每个卷同一时刻只能以一种访问模式挂载,即使该卷能够支持多种访问模式。 > 例如,一个 GCEPersistentDisk 卷可以被某节点以 ReadWriteOnce @@ -1103,16 +1211,18 @@ Current reclaim policies are: * Retain -- manual reclamation * Recycle -- basic scrub (`rm -rf /thevolume/*`) -* Delete -- associated storage asset such as AWS EBS, GCE PD, Azure Disk, or OpenStack Cinder volume is deleted +* Delete -- associated storage asset such as AWS EBS, GCE PD, Azure Disk, + or OpenStack Cinder volume is deleted -Currently, only NFS and HostPath support recycling. AWS EBS, GCE PD, Azure Disk, and Cinder volumes support deletion. +Currently, only NFS and HostPath support recycling. AWS EBS, GCE PD, Azure Disk, +and Cinder volumes support deletion. --> ### 回收策略 {#reclaim-policy} 目前的回收策略有: * Retain -- 手动回收 -* Recycle -- 基本擦除 (`rm -rf /thevolume/*`) +* Recycle -- 基本擦除 (`rm -rf /thevolume/*`) * Delete -- 诸如 AWS EBS、GCE PD、Azure Disk 或 OpenStack Cinder 卷这类关联存储资产也被删除 目前,仅 NFS 和 HostPath 支持回收(Recycle)。 @@ -1121,16 +1231,17 @@ AWS EBS、GCE PD、Azure Disk 和 Cinder 卷都支持删除(Delete)。 ### 挂载选项 {#mount-options} Kubernetes 管理员可以指定持久卷被挂载到节点上时使用的附加挂载选项。 +{{< note >}} -{{< note >}} 并非所有持久卷类型都支持挂载选项。 {{< /note >}} @@ -1145,7 +1256,6 @@ The following volume types support mount options: * `cephfs` * `cinder`(于 v1.18 **弃用**) * `gcePersistentDisk` -* `glusterfs`(于 v1.25 **弃用**) * `iscsi` * `nfs` * `rbd` @@ -1170,10 +1280,14 @@ it will become fully deprecated in a future Kubernetes release. --> ### 节点亲和性 {#node-affinity} +{{< note >}} -{{< note >}} 对大多数类型的卷而言,你不需要设置节点亲和性字段。 [AWS EBS](/zh-cn/docs/concepts/storage/volumes/#awselasticblockstore)、 [GCE PD](/zh-cn/docs/concepts/storage/volumes/#gcepersistentdisk) 和 @@ -1182,7 +1296,12 @@ For most volume types, you do not need to set this field. It is automatically po {{< /note >}} 每个 PV 卷可以通过设置节点亲和性来定义一些约束,进而限制从哪些节点上可以访问此卷。 使用这些卷的 Pod 只会被调度到节点亲和性规则所选择的节点上执行。 @@ -1247,7 +1366,8 @@ spec: ### 访问模式 {#access-modes} @@ -1256,7 +1376,8 @@ Claims use [the same conventions as volumes](#access-modes) when requesting stor ### 卷模式 {#volume-modes} @@ -1265,7 +1386,10 @@ Claims use [the same convention as volumes](#volume-mode) to indicate the consum ### 资源 {#resources} @@ -1276,7 +1400,10 @@ Claims, like Pods, can request specific quantities of a resource. In this case, ### 选择算符 {#selector} @@ -1286,9 +1413,12 @@ Claims can specify a [label selector](/docs/concepts/overview/working-with-objec * `matchLabels` - 卷必须包含带有此值的标签 * `matchExpressions` - 通过设定键(key)、值列表和操作符(operator) @@ -1376,10 +1506,10 @@ Manager)部署到集群中。 当某 PVC 除了请求 StorageClass 之外还设置了 `selector`,则这两种需求会按逻辑与关系处理: 只有隶属于所请求类且带有所请求标签的 PV 才能绑定到 PVC。 +{{< note >}} -{{< note >}} 目前,设置了非空 `selector` 的 PVC 对象无法让集群为其动态制备 PV 卷。 {{< /note >}} @@ -1397,20 +1527,25 @@ it won't be supported in a future Kubernetes release. --> #### 可追溯的默认 StorageClass 赋值 {#retroactive-default-storageclass-assignment} -{{< feature-state for_k8s_version="v1.25" state="alpha" >}} +{{< feature-state for_k8s_version="v1.26" state="beta" >}} 你可以创建 PersistentVolumeClaim,而无需为新 PVC 指定 `storageClassName`。 即使你的集群中不存在默认 StorageClass,你也可以这样做。 在这种情况下,新的 PVC 会按照你的定义进行创建,并且在默认值可用之前,该 PVC 的 `storageClassName` 保持不设置。 -但是,如果你启用了 [`RetroactiveDefaultStorageClass` 特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/), -则 Kubernetes 的行为会有所不同:现有 PVC 无需更新 `storageClassName` 就能使用新的默认 StorageClass。 当一个默认的 StorageClass 变得可用时,控制平面会识别所有未设置 `storageClassName` 的现有 PVC。 对于 `storageClassName` 为空值或没有此主键的 PVC, @@ -1419,9 +1554,15 @@ When a default StorageClass becomes available, the control plane identifies any 并且你配置了默认 StorageClass,则此 PVC 将不会得到更新。 为了保持绑定到 `storageClassName` 设为 `""` 的 PV(当存在默认 StorageClass 时), 你需要将关联 PVC 的 `storageClassName` 设置为 `""`。 @@ -1433,7 +1574,10 @@ This behavior helps administrators change default StorageClass by removing the o ## 使用申领作为卷 {#claims-as-volumes} @@ -1463,7 +1607,9 @@ spec: ### 关于名字空间的说明 {#a-note-on-namespaces} @@ -1474,8 +1620,9 @@ PersistentVolume 卷的绑定是排他性的。 ### 类型为 `hostpath` 的 PersistentVolume {#persistentvolumes-typed-hostpath} @@ -1498,12 +1645,12 @@ applicable: * AWSElasticBlockStore * AzureDisk * CSI -* FC (光纤通道) +* FC(光纤通道) * GCEPersistentDisk * iSCSI * Local 卷 * OpenStack Cinder -* RBD (Ceph 块设备) +* RBD(Ceph 块设备) * VsphereVolume -{{< note >}} 向 Pod 中添加原始块设备时,你要在容器内设置设备路径而不是挂载路径。 {{< /note >}} ### 绑定块卷 {#binding-block-volumes} @@ -1620,10 +1771,11 @@ Volume binding matrix for statically provisioned volumes: | Filesystem | Block | 不绑定 | | Filesystem | 未指定 | 绑定 | +{{< note >}} -{{< note >}} Alpha 发行版本中仅支持静态制备的卷。 管理员需要在处理原始块设备时小心处理这些值。 {{< /note >}} @@ -1636,8 +1788,11 @@ Alpha 发行版本中仅支持静态制备的卷。 {{< feature-state for_k8s_version="v1.20" state="stable" >}} 卷快照(Volume Snapshot)仅支持树外 CSI 卷插件。 有关细节可参阅[卷快照](/zh-cn/docs/concepts/storage/volume-snapshots/)文档。 @@ -1670,7 +1825,8 @@ spec: ## 卷克隆 {#volume-cloning} @@ -1700,7 +1856,12 @@ spec: +## 卷填充器(Populator)与数据源 {#volume-populators-and-data-sources} + +{{< feature-state for_k8s_version="v1.24" state="beta" >}} + - -## 卷填充器(Populator)与数据源 {#volume-populators-and-data-sources} - -{{< feature-state for_k8s_version="v1.24" state="beta" >}} - Kubernetes 支持自定义的卷填充器。要使用自定义的卷填充器,你必须为 kube-apiserver 和 kube-controller-manager 启用 `AnyVolumeDataSource` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。 @@ -1726,6 +1882,48 @@ kube-apiserver 和 kube-controller-manager 启用 `AnyVolumeDataSource` `dataSourceRef` 字段可以包含对同一命名空间中任何对象的引用(不包含除 PVC 以外的核心资源)。 对于启用了特性门控的集群,使用 `dataSourceRef` 比 `dataSource` 更好。 + +## 跨名字空间数据源 {#cross-namespace-data-sources} + +{{< feature-state for_k8s_version="v1.26" state="alpha" >}} + + +Kubernetes 支持跨名字空间卷数据源。 +要使用跨名字空间卷数据源,你必须为 kube-apiserver、kube-controller 管理器启用 +`AnyVolumeDataSource` 和 `CrossNamespaceVolumeDataSource` +[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。 +此外,你必须为 csi-provisioner 启用 `CrossNamespaceVolumeDataSource` 特性门控。 + +启用 `CrossNamespaceVolumeDataSource` 特性门控允许你在 dataSourceRef 字段中指定名字空间。 + +{{< note >}} + +当你为卷数据源指定名字空间时,Kubernetes 在接受此引用之前在另一个名字空间中检查 ReferenceGrant。 +ReferenceGrant 是 `gateway.networking.k8s.io` 扩展 API 的一部分。更多细节请参见 Gateway API 文档中的 +[ReferenceGrant](https://gateway-api.sigs.k8s.io/api-types/referencegrant/)。 +这意味着你必须在使用此机制之前至少使用 Gateway API 的 ReferenceGrant 来扩展 Kubernetes 集群。 +{{< /note >}} + - ## 数据源引用 {#data-source-references} `dataSourceRef` 字段的行为与 `dataSource` 字段几乎相同。 @@ -1752,12 +1949,6 @@ users should be aware of: used. Invalid values are any core object (objects with no apiGroup) except for PVCs. * The `dataSourceRef` field may contain different types of objects, while the `dataSource` field only allows PVCs and VolumeSnapshots. - -Users should always use `dataSourceRef` on clusters that have the feature gate enabled, and -fall back to `dataSource` on clusters that do not. It is not necessary to look at both fields -under any circumstance. The duplicated values with slightly different semantics exist only for -backwards compatibility. In particular, a mixture of older and newer controllers are able to -interoperate because the fields are the same. --> 在 `dataSourceRef` 字段和 `dataSource` 字段之间有两个用户应该注意的区别: @@ -1766,7 +1957,27 @@ interoperate because the fields are the same. 无效值指的是 PVC 之外的核心对象(没有 apiGroup 的对象)。 * `dataSourceRef` 字段可以包含不同类型的对象,而 `dataSource` 字段只允许 PVC 和卷快照。 -用户应该始终在启用了特性门控的集群上使用 `dataSourceRef`,而在没有启用特性门控的集群上使用 `dataSource`。 + +当 `CrossNamespaceVolumeDataSource` 特性被启用时,存在其他区别: + +* `dataSource` 字段仅允许本地对象,而 `dataSourceRef` 字段允许任何名字空间中的对象。 +* 若指定了 namespace,则 `dataSource` 和 `dataSourceRef` 不会被同步。 + + +用户始终应该在启用了此特性门控的集群上使用 `dataSourceRef`, +在没有启用该特性门控的集群上使用 `dataSource`。 在任何情况下都没有必要查看这两个字段。 这两个字段的值看似相同但是语义稍微不一样,是为了向后兼容。 特别是混用旧版本和新版本的控制器时,它们能够互通。 @@ -1821,6 +2032,61 @@ the process. 如果没有填充器处理该数据源的情况下,该控制器会在 PVC 上产生警告事件。 当一个合适的填充器被安装到 PVC 上时,该控制器的职责是上报与卷创建有关的事件,以及在该过程中发生的问题。 + +### 使用跨名字空间的卷数据源 {#using-a-cross-namespace-volume-data-source} + +{{< feature-state for_k8s_version="v1.26" state="alpha" >}} + + +创建 ReferenceGrant 以允许名字空间属主接受引用。 +你通过使用 `dataSourceRef` 字段指定跨名字空间卷数据源,定义填充的卷。 +你必须在源名字空间中已经有一个有效的 ReferenceGrant: + +```yaml +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: allow-ns1-pvc + namespace: default +spec: + from: + - group: "" + kind: PersistentVolumeClaim + namespace: ns1 + to: + - group: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: new-snapshot-demo +``` + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: foo-pvc + namespace: ns1 +spec: + storageClassName: example + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + dataSourceRef: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: new-snapshot-demo + namespace: default + volumeMode: Filesystem +``` + #### 可选的 Secret {#restriction-secret-must-exist} -当你定义一个基于 Secret 的环境变量时,你可以将其标记为可选。 -默认情况下,所引用的 Secret 都是必需的。 - -只有所有非可选的 Secret 都可用时,Pod 中的容器才能启动运行。 - -如果 Pod 引用了 Secret 中的特定主键,而虽然 Secret 本身存在,对应的主键不存在, -Pod 启动也会失败。 - - -### 在 Pod 中以文件形式使用 Secret {#using-secrets-as-files-from-a-pod} - -如果你希望在 Pod 中访问 Secret 内的数据,一种方式是让 Kubernetes 将 Secret -以 Pod 中一个或多个容器的文件系统中的文件的形式呈现出来。 - -要配置这种行为,你需要: - - -1. 创建一个 Secret 或者使用已有的 Secret。多个 Pod 可以引用同一个 Secret。 -1. 更改 Pod 定义,在 `.spec.volumes[]` 下添加一个卷。根据需要为卷设置其名称, - 并将 `.spec.volumes[].secret.secretName` 字段设置为 Secret 对象的名称。 -1. 为每个需要该 Secret 的容器添加 `.spec.containers[].volumeMounts[]`。 - 并将 `.spec.containers[].volumeMounts[].readOnly` 设置为 `true`, - 将 `.spec.containers[].volumeMounts[].mountPath` 设置为希望 Secret - 被放置的、目前尚未被使用的路径名。 -1. 更改你的镜像或命令行,以便程序读取所设置的目录下的文件。Secret 的 `data` - 映射中的每个主键都成为 `mountPath` 下面的文件名。 - -下面是一个通过卷来挂载名为 `mysecret` 的 Secret 的 Pod 示例: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: mypod -spec: - containers: - - name: mypod - image: redis - volumeMounts: - - name: foo - mountPath: "/etc/foo" - readOnly: true - volumes: - - name: foo - secret: - secretName: mysecret - optional: false # 默认设置,意味着 "mysecret" 必须已经存在 -``` - - -你要访问的每个 Secret 都需要通过 `.spec.volumes` 来引用。 - -如果 Pod 中包含多个容器,则每个容器需要自己的 `volumeMounts` 块, -不过针对每个 Secret 而言,只需要一份 `.spec.volumes` 设置。 - -{{< note >}} - -Kubernetes v1.22 版本之前都会自动创建用来访问 Kubernetes API 的凭证。 -这一老的机制是基于创建可被挂载到 Pod 中的令牌 Secret 来实现的。 -在最近的版本中,包括 Kubernetes v{{< skew currentVersion >}} 中,API 凭据是直接通过 -[TokenRequest](/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) -API 来获得的,这一凭据会使用[投射卷](/zh-cn/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume) -挂载到 Pod 中。使用这种方式获得的令牌有确定的生命期,并且在挂载它们的 Pod -被删除时自动作废。 - - -你仍然可以[手动创建](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-service-account-api-token) -服务账号令牌。例如,当你需要一个永远都不过期的令牌时。 -不过,仍然建议使用 [TokenRequest](/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) -子资源来获得访问 API 服务器的令牌。 -你可以使用 [`kubectl create token`](/docs/reference/generated/kubectl/kubectl-commands#-em-token-em-) -命令调用 `TokenRequest` API 获得令牌。 -{{< /note >}} - -#### 将 Secret 键投射到特定目录 {#projection-of-secret-keys-to-specific-paths} - -你也可以控制 Secret 键所投射到的卷中的路径。 -你可以使用 `.spec.volumes[].secret.items` 字段来更改每个主键的目标路径: +当你在 Pod 中引用 Secret 时,你可以将该 Secret 标记为**可选**,就像下面例子中所展示的那样。 +如果可选的 Secret 不存在,Kubernetes 将忽略它。 ```yaml apiVersion: v1 @@ -479,159 +352,45 @@ spec: - name: foo secret: secretName: mysecret - items: - - key: username - path: my-group/my-username + optional: true ``` -将发生的事情如下: - -- `mysecret` 中的键 `username` 会出现在容器中的路径为 `/etc/foo/my-group/my-username`, - 而不是 `/etc/foo/username`。 -- Secret 对象的 `password` 键不会被投射。 - -如果使用了 `.spec.volumes[].secret.items`,则只有 `items` 中指定了的主键会被投射。 -如果要使用 Secret 中的所有主键,则需要将它们全部枚举到 `items` 字段中。 - -如果你显式地列举了主键,则所列举的主键都必须在对应的 Secret 中存在。 -否则所在的卷不会被创建。 - - -#### Secret 文件的访问权限 {#secret-files-permissions} - -你可以为某个 Secret 主键设置 POSIX 文件访问权限位。 -如果你不指定访问权限,默认会使用 `0644`。 -你也可以为整个 Secret 卷设置默认的访问模式,然后再根据需要在主键层面重载。 - -例如,你可以像下面这样设置默认的模式: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: mypod -spec: - containers: - - name: mypod - image: redis - volumeMounts: - - name: foo - mountPath: "/etc/foo" - volumes: - - name: foo - secret: - secretName: mysecret - defaultMode: 0400 -``` - - -该 Secret 被挂载在 `/etc/foo` 下,Secret 卷挂载所创建的所有文件的访问模式都是 `0400`。 - -{{< note >}} - -如果你是使用 JSON 来定义 Pod 或 Pod 模板,需要注意 JSON 规范不支持八进制的记数方式。 -你可以在 `defaultMode` 中设置十进制的值(例如,八进制中的 0400 在十进制中为 256)。 -如果你使用 YAML 来编写定义,你可以用八进制值来设置 `defaultMode`。 -{{< /note >}} - - -#### 使用来自卷中的 Secret 值 {#consuming-secret-values-from-volumes} - -在挂载了 Secret 卷的容器内,Secret 的主键都呈现为文件。 -Secret 的取值都是 Base64 编码的,保存在这些文件中。 - -下面是在上例中的容器内执行命令的结果: - -```shell -ls /etc/foo/ -``` +默认情况下,Secret 是必需的。在所有非可选的 Secret 都可用之前,Pod 的所有容器都不会启动。 -输出类似于: - -``` -username -password -``` - -```shell -cat /etc/foo/username -``` +如果 Pod 引用了非可选 Secret 中的特定键,并且该 Secret 确实存在,但缺少所指定的键, +则 Pod 在启动期间会失败。 -输出类似于: - -``` -admin -``` - -```shell -cat /etc/foo/password -``` +### Using Secrets as files from a Pod {#using-secrets-as-files-from-a-pod} - -输出类似于: +### 在 Pod 以文件形式使用 Secret {#using-secrets-as-files-from-a-pod} -``` -1f2d1e2e67df -``` +如果你要在 Pod 中访问来自 Secret 的数据,一种方式是让 Kubernetes 将该 Secret 的值以 +文件的形式呈现,该文件存在于 Pod 中一个或多个容器内的文件系统内。 -容器中的程序要负责根据需要读取 Secret 数据。 +相关的指示说明, +可以参阅[使用 Secret 安全地分发凭据](/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume)。 -#### 挂载的 Secret 是被自动更新的 {#mounted-secrets-are-updated-automatically} - 当卷中包含来自 Secret 的数据,而对应的 Secret 被更新,Kubernetes 会跟踪到这一操作并更新卷中的数据。更新的方式是保证最终一致性。 @@ -693,72 +452,40 @@ in a Pod: 中以{{< glossary_tooltip text="环境变量" term_id="container-env-variables" >}}的形式使用 Secret: -1. 创建 Secret(或者使用现有 Secret)。多个 Pod 可以引用同一个 Secret。 -1. 更改 Pod 定义,在要使用 Secret 键值的每个容器中添加与所使用的主键对应的环境变量。 - 读取 Secret 主键的环境变量应该在 `env[].valueFrom.secretKeyRef` 中填写 Secret - 的名称和主键名称。 -1. 更改你的镜像或命令行,以便程序读取环境变量中保存的值。 +1. 对于 Pod 规约中的每个容器,针对你要使用的每个 Secret 键,将对应的环境变量添加到 + `env[].valueFrom.secretKeyRef` 中。 +1. 更改你的镜像或命令行,以便程序能够从指定的环境变量找到所需要的值。 -下面是一个通过环境变量来使用 Secret 的示例 Pod: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: secret-env-pod -spec: - containers: - - name: mycontainer - image: redis - env: - - name: SECRET_USERNAME - valueFrom: - secretKeyRef: - name: mysecret - key: username - optional: false # 此值为默认值;意味着 "mysecret" - # 必须存在且包含名为 "username" 的主键 - - name: SECRET_PASSWORD - valueFrom: - secretKeyRef: - name: mysecret - key: password - optional: false # 此值为默认值;意味着 "mysecret" - # 必须存在且包含名为 "password" 的主键 - restartPolicy: Never -``` +相关的指示说明, +可以参阅[使用 Secret 数据定义容器变量](/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data)。 #### 非法环境变量 {#restriction-env-from-invalid} -对于通过 `envFrom` 字段来填充环境变量的 Secret 而言, -如果其中包含的主键不能被当做合法的环境变量名,这些主键会被忽略掉。 +如果 Pod 规约中环境变量定义会被视为非法的环境变量名,这些主键将在你的容器中不可用。 Pod 仍然可以启动。 -如果你定义的 Pod 中包含非法的变量名称,则 Pod 可能启动失败, -会形成 reason 为 `InvalidVariableNames` 的事件,以及列举被略过的非法主键的消息。 +Kubernetes 添加一个 Event,其 reason 设置为 `InvalidVariableNames`,其消息将列举被略过的非法主键。 下面的例子中展示了一个 Pod,引用的是名为 `mysecret` 的 Secret, 其中包含两个非法的主键:`1badkey` 和 `2alsobad`。 @@ -776,59 +503,6 @@ LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT 0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames kubelet, 127.0.0.1 Keys [1badkey, 2alsobad] from the EnvFrom secret default/mysecret were skipped since they are considered invalid environment variable names. ``` - -#### 通过环境变量使用 Secret 值 {#consuming-secret-values-from-environment-variables} - -在通过环境变量来使用 Secret 的容器中,Secret 主键展现为普通的环境变量。 -这些变量的取值是 Secret 数据的 Base64 解码值。 - -下面是在前文示例中的容器内执行命令的结果: - -```shell -echo "$SECRET_USERNAME" -``` - - -输出类似于: - -``` -admin -``` - -```shell -echo "$SECRET_PASSWORD" -``` - - -输出类似于: - -``` -1f2d1e2e67df -``` - -{{< note >}} - -如果容器已经在通过环境变量来使用 Secret,Secret 更新在容器内是看不到的, -除非容器被重启。有一些第三方的解决方案,能够在 Secret 发生变化时触发容器重启。 -{{< /note >}} - ## 使用场景 {#use-case} ### 使用场景:作为容器环境变量 {#use-case-as-container-environment-variables} -创建 Secret: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: mysecret -type: Opaque -data: - USER_NAME: YWRtaW4= - PASSWORD: MWYyZDFlMmU2N2Rm -``` - - -创建 Secret: - -```shell -kubectl apply -f mysecret.yaml -``` - - -使用 `envFrom` 来将 Secret 的所有数据定义为容器的环境变量。 -来自 Secret 的主键成为 Pod 中的环境变量名称: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: secret-test-pod -spec: - containers: - - name: test-container - image: registry.k8s.io/busybox - command: [ "/bin/sh", "-c", "env" ] - envFrom: - - secretRef: - name: mysecret - restartPolicy: Never -``` +你可以创建 Secret +并使用它[为容器设置环境变量](/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data)。 +Kubernetes 在 v1.22 版本之前都会自动创建用来访问 Kubernetes API 的凭据。 +这一老的机制是基于创建可被挂载到运行中 Pod 内的令牌 Secret 来实现的。 +在最近的版本中,包括 Kubernetes v{{< skew currentVersion >}} 中,API 凭据是直接通过 +[TokenRequest](/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) +API 来获得的,这一凭据会使用[投射卷](/zh-cn/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume)挂载到 +Pod 中。使用这种方式获得的令牌有确定的生命期,并且在挂载它们的 Pod 被删除时自动作废。 + -从 v1.22 开始,这种类型的 Secret 不再被用来向 Pod 中加载凭据数据, -建议通过 [TokenRequest](/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) -API 来获得令牌,而不是使用服务账号令牌 Secret 对象。 -通过 `TokenRequest` API 获得的令牌比保存在 Secret 对象中的令牌更加安全, -因为这些令牌有着被限定的生命期,并且不会被其他 API 客户端读取。 +你仍然可以[手动创建](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-service-account-api-token) +服务账号令牌。例如,当你需要一个永远都不过期的令牌时。 +不过,仍然建议使用 [TokenRequest](/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) +子资源来获得访问 API 服务器的令牌。 你可以使用 [`kubectl create token`](/docs/reference/generated/kubectl/kubectl-commands#-em-token-em-) 命令调用 `TokenRequest` API 获得令牌。 +{{< /note >}} -对于用户提供的非唯一性的属性,Kubernetes 提供了 -[标签(Labels)](/zh-cn/docs/concepts/overview/working-with-objects/labels/)和 +对于用户提供的非唯一性的属性,Kubernetes +提供了[标签(Label)](/zh-cn/docs/concepts/overview/working-with-objects/labels/)和 [注解(Annotation)](/zh-cn/docs/concepts/overview/working-with-objects/annotations/)机制。 @@ -44,6 +44,16 @@ For non-unique user-provided attributes, Kubernetes provides [labels](/docs/conc {{< glossary_definition term_id="name" length="all" >}} + +**名称在同一资源的所有 +[API 版本](/zh-cn/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning)中必须是唯一的。 +这些 API 资源通过各自的 API 组、资源类型、名字空间(对于划分名字空间的资源)和名称来区分。 +换言之,API 版本在此上下文中是不相关的。** + {{< note >}} - ### DNS 子域名 {#dns-subdomain-names} 很多资源类型需要可以用作 DNS 子域名的名称。 From 2ff785dfa4721b6be4892f2067eedc8addd8f173 Mon Sep 17 00:00:00 2001 From: yayoimizuha Date: Sun, 19 Feb 2023 02:19:11 +0900 Subject: [PATCH 119/537] [ja] Update install-kubeadm.md In Japanese page,it says old method ```curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -``` . But,recent versions of Ubuntu,they shows warning about apt-key add . and I also see English page, it says newer method. so I copied English page's code and translate some comments in Japanese. --- .../tools/kubeadm/install-kubeadm.md | 36 +++++++++++++------ 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 854ac81739da8..44a0cf3033016 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -153,16 +153,32 @@ kubeadmは`kubelet`や`kubectl`をインストールまたは管理**しない** {{< tabs name="k8s_install" >}} {{% tab name="Ubuntu、Debian、またはHypriotOS" %}} -```bash -sudo apt-get update && sudo apt-get install -y apt-transport-https curl -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - -cat < Date: Sat, 18 Feb 2023 18:42:54 -0500 Subject: [PATCH 120/537] Update persistent-volumes.md Minor corrections. --- content/en/docs/concepts/storage/persistent-volumes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 13ede898e5933..27d5bd2ac71b8 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -1123,7 +1123,7 @@ and `CrossNamespaceVolumeDataSource` the kube-apiserver, kube-controller-manager. Also, you must enable the `CrossNamespaceVolumeDataSource` feature gate for the csi-provisioner. -Enabling the `CrossNamespaceVolumeDataSource` feature gate allow you to specify +Enabling the `CrossNamespaceVolumeDataSource` feature gate allows you to specify a namespace in the dataSourceRef field. {{< note >}} @@ -1138,7 +1138,7 @@ Gateway API before you can use this mechanism. ## Data source references -The `dataSourceRef` field behaves almost the same as the `dataSource` field. If either one is +The `dataSourceRef` field behaves almost the same as the `dataSource` field. If one is specified while the other is not, the API server will give both fields the same value. Neither field can be changed after creation, and attempting to specify different values for the two fields will result in a validation error. Therefore the two fields will always have the same From 9f3f8b8ad139c7c0fcfcaba3034f0e5bf5c8cf41 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Sun, 19 Feb 2023 14:01:07 +0800 Subject: [PATCH 121/537] [zh] sync /cluster-administration/flow-control.md --- .../cluster-administration/flow-control.md | 41 ++++++++++--------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/content/zh-cn/docs/concepts/cluster-administration/flow-control.md b/content/zh-cn/docs/concepts/cluster-administration/flow-control.md index aa0c1f0baef62..92948200c35ab 100644 --- a/content/zh-cn/docs/concepts/cluster-administration/flow-control.md +++ b/content/zh-cn/docs/concepts/cluster-administration/flow-control.md @@ -154,7 +154,7 @@ configurable set of _priority levels_. Each incoming request is assigned to a single priority level, and each priority level will only dispatch as many concurrent requests as its particular limit allows. --> -### 优先级 {#Priority-Levels} +### 优先级 {#priority-levels} 如果未启用 APF,API 服务器中的整体并发量将受到 `kube-apiserver` 的参数 `--max-requests-inflight` 和 `--max-mutating-requests-inflight` 的限制。 @@ -262,7 +262,7 @@ flows of the same priority level. To enable distinct handling of distinct instances, controllers that have many instances should authenticate with distinct usernames --> -### 排队 {#Queuing} +### 排队 {#queuing} 即使在同一优先级内,也可能存在大量不同的流量源。 在过载情况下,防止一个请求流饿死其他流是非常有价值的 @@ -304,7 +304,7 @@ any of the limitations imposed by this feature. These exemptions prevent an improperly-configured flow control configuration from totally disabling an API server. --> -### 豁免请求 {#Exempt-requests} +### 豁免请求 {#exempt-requests} 某些特别重要的请求不受制于此特性施加的任何限制。 这些豁免可防止不当的流控配置完全禁用 API 服务器。 @@ -322,7 +322,7 @@ single PriorityLevelConfiguration. There is also a `v1alpha1` version of the same API group, and it has the same Kinds with the same syntax and semantics. --> -## 资源 {#Resources} +## 资源 {#resources} 流控 API 涉及两种资源。 [PriorityLevelConfiguration](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#prioritylevelconfiguration-v1beta2-flowcontrol-apiserver-k8s-io) @@ -338,7 +338,7 @@ A PriorityLevelConfiguration represents a single priority level. Each PriorityLevelConfiguration has an independent limit on the number of outstanding requests, and limitations on the number of queued requests. --> -### PriorityLevelConfiguration {#PriorityLevelConfiguration} +### PriorityLevelConfiguration 一个 PriorityLevelConfiguration 表示单个优先级。每个 PriorityLevelConfiguration 对未完成的请求数有各自的限制,对排队中的请求数也有限制。 @@ -511,7 +511,7 @@ FlowSchema in turn, starting with those with numerically lowest --- which we take to be the logically highest --- `matchingPrecedence` and working onward. The first match wins. --> -### FlowSchema {#flowschema} +### FlowSchema FlowSchema 匹配一些入站请求,并将它们分配给优先级。 每个入站请求都会对所有 FlowSchema 测试是否匹配, @@ -656,7 +656,7 @@ The suggested configuration groups requests into six priority levels: them. --> * `system` 优先级用于 `system:nodes` 组(即 kubelet)的与健康状态更新无关的请求; - kubelets 必须能连上 API 服务器,以便工作负载能够调度到其上。 + kubelet 必须能连上 API 服务器,以便工作负载能够调度到其上。 -## 健康检查并发豁免 {#Health-check-concurrency-exemption} +## 健康检查并发豁免 {#health-check-concurrency-exemption} 推荐配置没有为本地 kubelet 对 kube-apiserver 执行健康检查的请求进行任何特殊处理 ——它们倾向于使用安全端口,但不提供凭据。 @@ -870,9 +870,9 @@ PriorityLevelConfigurations. ### Metrics --> -## 可观察性 {#Observability} +## 可观察性 {#observability} -### 指标 {#Metrics} +### 指标 {#metrics} {{< note >}} -### 调试端点 {#Debug-endpoints} +### 调试端点 {#debug-endpoints} -启用 APF 特性后, kube-apiserver 会在其 HTTP/HTTPS 端口提供以下路径: +启用 APF 特性后,kube-apiserver 会在其 HTTP/HTTPS 端口提供以下路径: -## 一般规定 +## 一般规定 {#general} 本节列举一些译文中常见问题和约定。 -### 英文原文的保留 +### 英文原文的保留 {#commented-en-text} 为便于译文审查和变更追踪,所有中文本地化 Markdown 文件中都应使用 HTML 注释 `` 将英文原文逐段注释起来,后跟对应中文译文。例如: @@ -38,7 +38,7 @@ This is English text ... 无论英文原文或者中文译文中,都不要保留过多的、不必要的空白行。 -#### 段落划分 +#### 段落划分 {#paras} 请避免大段大段地注释和翻译。一般而言,每段翻译可对应两三个自然段。 段落过长会导致译文很难评阅。但也不必每个段落都单独翻译。例如: @@ -77,7 +77,7 @@ First paragraph, not very long. 第一段落,不太长。 ``` -#### 编号列表的处理 +#### 编号列表的处理 {#list} 编号列表需要编号的连续性,处理不好的话可能导致输出结果错误。 由于有些列表可能很长,一次性等将整个列表注释掉再翻译也不现实。 @@ -124,7 +124,7 @@ First paragraph, not very long. 4. 列表终于结束 ``` -#### Frontmatter 的处理 +#### Frontmatter 的处理 {#frontmatter} 页面中的 Frontmatter 指的是文件头的两个 `---` 中间的部分。 对这一部分,解析器有特殊处理,因此不能将英文部分放在前面,中文跟在后面。 @@ -152,8 +152,7 @@ weight: 30 - `title`、`description` 的内容要翻译,其他字段一般不必(甚至不可)翻译。 - `reviewers` 部分要删除,不然中文译文会转给英文作者来审阅。 - -#### 短代码(shortcode)处理 +#### 短代码(shortcode)处理 {#shortcode} 通过 HTML 注释的短代码仍会被运行,因此需要额外小心。建议处理方式: @@ -171,9 +170,9 @@ English text 保持注释掉的英文与译文都在短代码内更便于维护。 {{< /note >}} -### 译与不译 +### 译与不译 {#keep-or-translate} -#### 资源名称或字段不译 +#### 资源名称或字段不译 {#resource-name-or-fields} 根据英文原文写作风格约定【也在持续修订改进】,对 Kubernetes 中的 API 资源均按其规范中所给的大小写形式书写,例如:英文中会使用 Deployment 而不是 @@ -187,13 +186,12 @@ deployment 来表示名为 "Deployment" 的 API 资源类型和对象实例。 这时在本地化版本中一定不能译为“秘密”,以免与原文的语义不符。 {{< /note >}} -#### 代码中的注释 +#### 代码中的注释 {#code-comments} 一般而言,代码中的注释需要翻译,包括存放在 `content/zh-cn/examples/` 目录下的清单文件中的注释。 - -#### 出站链接 +#### 出站链接 {#external-links} 如果超级链接的目标是 Kubernetes 网站之外的纯英文网页,链接中的内容**可以**不翻译。 例如: @@ -209,7 +207,7 @@ Please check [installation caveats](https://acme.com/docs/v1/caveats) ... 注意,这里的 `installation` 与 `参阅` 之间留白,因为解析后属于中英文混排的情况。 {{< /note >}} -### 标点符号 +### 标点符号 {#punctuations} 1. 译文中标点符号要使用全角字符,除非以下两种情况: @@ -218,7 +216,7 @@ Please check [installation caveats](https://acme.com/docs/v1/caveats) ... 1. 英文排比句式中采用的逗号,在译文中要使用顿号代替,以便符合中文书写习惯。 -## 更新译文 +## 更新译文 {#update} 由于整个文档站点会随着 Kubernetes 项目的开发进展而演化,英文版本的网站内容会不断更新。 鉴于中文站点的基本翻译工作在 1.19 版本已完成, @@ -238,9 +236,9 @@ Please check [installation caveats](https://acme.com/docs/v1/caveats) ... ./scripts/lsync.sh content/zh-cn/docs/foo/bar.md ``` -## 关于链接 +## 关于链接 {#about-links} -### 链接锚点 +### 链接锚点 {#anchors} 英文 Markdown 中的各级标题会自动生成锚点,以便从其他页面中链接。 在译为中文后,相应的链接必然会失效。为防止这类问题, @@ -255,8 +253,7 @@ Please check [installation caveats](https://acme.com/docs/v1/caveats) ... 此类问题对于概念部分的页面最为突出,需要格外注意。 - -### 中文链接目标 +### 中文链接目标 {#link-to-zh-pages} 由于大部分页面已经完成中文本地化,这意味着很多链接可以使用中文版本作为目标。 例如: @@ -281,7 +278,7 @@ Website 的仓库中 `scripts/linkchecker.py` 是一个工具,可用来检查 ``` {{< /note >}} -## 排版格式 +## 排版格式 {#layout-format} 以下为译文 Markdown 排版格式要求: @@ -309,12 +306,11 @@ Website 的仓库中 `scripts/linkchecker.py` 是一个工具,可用来检查 甚至将超级链接中的半角井号(`#`)转换为全角,导致链接失效。 {{< /warning >}} - -## 特殊词汇 +## 特殊词汇 {#special-words} 英文中 "you" 翻译成 "你",不必翻译为 "您" 以表现尊敬或谦卑。 -### 术语拼写 +### 术语拼写 {#terms-spelling} 按中文译文习惯,尽量不要在中文译文中使用首字母小写的拼写。例如: @@ -337,7 +333,7 @@ Website 的仓库中 `scripts/linkchecker.py` 是一个工具,可用来检查 镜像策略(Image Policy)用来控制集群可拉取的镜像仓库(Image Registry)源。 ``` -### 术语对照 +### 术语对照 {#glossary} 本节列举常见术语的统一译法。除极个别情况,对于专业术语应使用本节所列举的译法: From 07526a10ce575f81614ad854d5355024f685c789 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 14:58:34 +0800 Subject: [PATCH 123/537] Clean up page assign-pod-node --- .../scheduling-eviction/assign-pod-node.md | 103 +++++++++--------- 1 file changed, 50 insertions(+), 53 deletions(-) diff --git a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md index e6c793bf07459..1ce5ea8e95337 100644 --- a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -8,16 +8,15 @@ content_type: concept weight: 20 --- - -You can constrain a {{< glossary_tooltip text="Pod" term_id="pod" >}} so that it is +You can constrain a {{< glossary_tooltip text="Pod" term_id="pod" >}} so that it is _restricted_ to run on particular {{< glossary_tooltip text="node(s)" term_id="node" >}}, or to _prefer_ to run on particular nodes. There are several ways to do this and the recommended approaches all use [label selectors](/docs/concepts/overview/working-with-objects/labels/) to facilitate the selection. Often, you do not need to set any such constraints; the -{{< glossary_tooltip text="scheduler" term_id="kube-scheduler" >}} will automatically do a reasonable placement +{{< glossary_tooltip text="scheduler" term_id="kube-scheduler" >}} will automatically do a reasonable placement (for example, spreading your Pods across nodes so as not place Pods on a node with insufficient free resources). However, there are some circumstances where you may want to control which node the Pod deploys to, for example, to ensure that a Pod ends up on a node with an SSD attached to it, @@ -28,10 +27,10 @@ or to co-locate Pods from two different services that communicate a lot into the You can use any of the following methods to choose where Kubernetes schedules specific Pods: - * [nodeSelector](#nodeselector) field matching against [node labels](#built-in-node-labels) - * [Affinity and anti-affinity](#affinity-and-anti-affinity) - * [nodeName](#nodename) field - * [Pod topology spread constraints](#pod-topology-spread-constraints) +- [nodeSelector](#nodeselector) field matching against [node labels](#built-in-node-labels) +- [Affinity and anti-affinity](#affinity-and-anti-affinity) +- [nodeName](#nodename) field +- [Pod topology spread constraints](#pod-topology-spread-constraints) ## Node labels {#built-in-node-labels} @@ -51,7 +50,7 @@ and a different value in other environments. Adding labels to nodes allows you to target Pods for scheduling on specific nodes or groups of nodes. You can use this functionality to ensure that specific Pods only run on nodes with certain isolation, security, or regulatory -properties. +properties. If you use labels for node isolation, choose label keys that the {{}} cannot modify. This prevents a compromised node from setting those labels on @@ -59,7 +58,7 @@ itself so that the scheduler schedules workloads onto the compromised node. The [`NodeRestriction` admission plugin](/docs/reference/access-authn-authz/admission-controllers/#noderestriction) prevents the kubelet from setting or modifying labels with a -`node-restriction.kubernetes.io/` prefix. +`node-restriction.kubernetes.io/` prefix. To make use of that label prefix for node isolation: @@ -73,7 +72,7 @@ To make use of that label prefix for node isolation: You can add the `nodeSelector` field to your Pod specification and specify the [node labels](#built-in-node-labels) you want the target node to have. Kubernetes only schedules the Pod onto nodes that have each of the labels you -specify. +specify. See [Assign Pods to Nodes](/docs/tasks/configure-pod-container/assign-pods-nodes) for more information. @@ -84,20 +83,20 @@ information. labels. Affinity and anti-affinity expands the types of constraints you can define. Some of the benefits of affinity and anti-affinity include: -* The affinity/anti-affinity language is more expressive. `nodeSelector` only +- The affinity/anti-affinity language is more expressive. `nodeSelector` only selects nodes with all the specified labels. Affinity/anti-affinity gives you more control over the selection logic. -* You can indicate that a rule is *soft* or *preferred*, so that the scheduler +- You can indicate that a rule is *soft* or *preferred*, so that the scheduler still schedules the Pod even if it can't find a matching node. -* You can constrain a Pod using labels on other Pods running on the node (or other topological domain), +- You can constrain a Pod using labels on other Pods running on the node (or other topological domain), instead of just node labels, which allows you to define rules for which Pods can be co-located on a node. The affinity feature consists of two types of affinity: -* *Node affinity* functions like the `nodeSelector` field but is more expressive and +- *Node affinity* functions like the `nodeSelector` field but is more expressive and allows you to specify soft rules. -* *Inter-pod affinity/anti-affinity* allows you to constrain Pods against labels +- *Inter-pod affinity/anti-affinity* allows you to constrain Pods against labels on other Pods. ### Node affinity @@ -106,12 +105,12 @@ Node affinity is conceptually similar to `nodeSelector`, allowing you to constra Pod can be scheduled on based on node labels. There are two types of node affinity: - * `requiredDuringSchedulingIgnoredDuringExecution`: The scheduler can't - schedule the Pod unless the rule is met. This functions like `nodeSelector`, - but with a more expressive syntax. - * `preferredDuringSchedulingIgnoredDuringExecution`: The scheduler tries to - find a node that meets the rule. If a matching node is not available, the - scheduler still schedules the Pod. +- `requiredDuringSchedulingIgnoredDuringExecution`: The scheduler can't + schedule the Pod unless the rule is met. This functions like `nodeSelector`, + but with a more expressive syntax. +- `preferredDuringSchedulingIgnoredDuringExecution`: The scheduler tries to + find a node that meets the rule. If a matching node is not available, the + scheduler still schedules the Pod. {{}} In the preceding types, `IgnoredDuringExecution` means that if the node labels @@ -127,17 +126,17 @@ For example, consider the following Pod spec: In this example, the following rules apply: - * The node *must* have a label with the key `topology.kubernetes.io/zone` and - the value of that label *must* be either `antarctica-east1` or `antarctica-west1`. - * The node *preferably* has a label with the key `another-node-label-key` and - the value `another-node-label-value`. +- The node *must* have a label with the key `topology.kubernetes.io/zone` and + the value of that label *must* be either `antarctica-east1` or `antarctica-west1`. +- The node *preferably* has a label with the key `another-node-label-key` and + the value `another-node-label-value`. You can use the `operator` field to specify a logical operator for Kubernetes to use when interpreting the rules. You can use `In`, `NotIn`, `Exists`, `DoesNotExist`, `Gt` and `Lt`. `NotIn` and `DoesNotExist` allow you to define node anti-affinity behavior. -Alternatively, you can use [node taints](/docs/concepts/scheduling-eviction/taint-and-toleration/) +Alternatively, you can use [node taints](/docs/concepts/scheduling-eviction/taint-and-toleration/) to repel Pods from specific nodes. {{}} @@ -168,7 +167,7 @@ The final sum is added to the score of other priority functions for the node. Nodes with the highest total score are prioritized when the scheduler makes a scheduling decision for the Pod. -For example, consider the following Pod spec: +For example, consider the following Pod spec: {{< codenew file="pods/pod-with-affinity-anti-affinity.yaml" >}} @@ -268,8 +267,8 @@ to unintended behavior. Similar to [node affinity](#node-affinity) are two types of Pod affinity and anti-affinity as follows: - * `requiredDuringSchedulingIgnoredDuringExecution` - * `preferredDuringSchedulingIgnoredDuringExecution` +- `requiredDuringSchedulingIgnoredDuringExecution` +- `preferredDuringSchedulingIgnoredDuringExecution` For example, you could use `requiredDuringSchedulingIgnoredDuringExecution` affinity to tell the scheduler to @@ -297,7 +296,7 @@ The affinity rule says that the scheduler can only schedule a Pod onto a node if the node is in the same zone as one or more existing Pods with the label `security=S1`. More precisely, the scheduler must place the Pod on a node that has the `topology.kubernetes.io/zone=V` label, as long as there is at least one node in -that zone that currently has one or more Pods with the Pod label `security=S1`. +that zone that currently has one or more Pods with the Pod label `security=S1`. The anti-affinity rule says that the scheduler should try to avoid scheduling the Pod onto a node that is in the same zone as one or more Pods with the label @@ -314,9 +313,9 @@ You can use the `In`, `NotIn`, `Exists` and `DoesNotExist` values in the In principle, the `topologyKey` can be any allowed label key with the following exceptions for performance and security reasons: -* For Pod affinity and anti-affinity, an empty `topologyKey` field is not allowed in both `requiredDuringSchedulingIgnoredDuringExecution` +- For Pod affinity and anti-affinity, an empty `topologyKey` field is not allowed in both `requiredDuringSchedulingIgnoredDuringExecution` and `preferredDuringSchedulingIgnoredDuringExecution`. -* For `requiredDuringSchedulingIgnoredDuringExecution` Pod anti-affinity rules, +- For `requiredDuringSchedulingIgnoredDuringExecution` Pod anti-affinity rules, the admission controller `LimitPodHardAntiAffinityTopology` limits `topologyKey` to `kubernetes.io/hostname`. You can modify or disable the admission controller if you want to allow custom topologies. @@ -328,17 +327,18 @@ If omitted or empty, `namespaces` defaults to the namespace of the Pod where the affinity/anti-affinity definition appears. #### Namespace selector + {{< feature-state for_k8s_version="v1.24" state="stable" >}} You can also select matching namespaces using `namespaceSelector`, which is a label query over the set of namespaces. The affinity term is applied to namespaces selected by both `namespaceSelector` and the `namespaces` field. -Note that an empty `namespaceSelector` ({}) matches all namespaces, while a null or empty `namespaces` list and +Note that an empty `namespaceSelector` ({}) matches all namespaces, while a null or empty `namespaces` list and null `namespaceSelector` matches the namespace of the Pod where the rule is defined. #### More practical use-cases Inter-pod affinity and anti-affinity can be even more useful when they are used with higher -level collections such as ReplicaSets, StatefulSets, Deployments, etc. These +level collections such as ReplicaSets, StatefulSets, Deployments, etc. These rules allow you to configure that a set of workloads should be co-located in the same defined topology; for example, preferring to place two related Pods onto the same node. @@ -430,10 +430,10 @@ spec: Creating the two preceding Deployments results in the following cluster layout, where each web server is co-located with a cache, on three separate nodes. -| node-1 | node-2 | node-3 | -|:--------------------:|:-------------------:|:------------------:| -| *webserver-1* | *webserver-2* | *webserver-3* | -| *cache-1* | *cache-2* | *cache-3* | +| node-1 | node-2 | node-3 | +| :-----------: | :-----------: | :-----------: | +| *webserver-1* | *webserver-2* | *webserver-3* | +| *cache-1* | *cache-2* | *cache-3* | The overall effect is that each cache instance is likely to be accessed by a single client, that is running on the same node. This approach aims to minimize both skew (imbalanced load) and latency. @@ -453,13 +453,12 @@ tries to place the Pod on that node. Using `nodeName` overrules using Some of the limitations of using `nodeName` to select nodes are: -- If the named node does not exist, the Pod will not run, and in - some cases may be automatically deleted. -- If the named node does not have the resources to accommodate the - Pod, the Pod will fail and its reason will indicate why, - for example OutOfmemory or OutOfcpu. -- Node names in cloud environments are not always predictable or - stable. +- If the named node does not exist, the Pod will not run, and in + some cases may be automatically deleted. +- If the named node does not have the resources to accommodate the + Pod, the Pod will fail and its reason will indicate why, + for example OutOfmemory or OutOfcpu. +- Node names in cloud environments are not always predictable or stable. {{< note >}} `nodeName` is intended for use by custom schedulers or advanced use cases where @@ -495,12 +494,10 @@ to learn more about how these work. ## {{% heading "whatsnext" %}} -* Read more about [taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/) . -* Read the design docs for [node affinity](https://git.k8s.io/design-proposals-archive/scheduling/nodeaffinity.md) +- Read more about [taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/) . +- Read the design docs for [node affinity](https://git.k8s.io/design-proposals-archive/scheduling/nodeaffinity.md) and for [inter-pod affinity/anti-affinity](https://git.k8s.io/design-proposals-archive/scheduling/podaffinity.md). -* Learn about how the [topology manager](/docs/tasks/administer-cluster/topology-manager/) takes part in node-level - resource allocation decisions. -* Learn how to use [nodeSelector](/docs/tasks/configure-pod-container/assign-pods-nodes/). -* Learn how to use [affinity and anti-affinity](/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/). - - +- Learn about how the [topology manager](/docs/tasks/administer-cluster/topology-manager/) takes part in node-level + resource allocation decisions. +- Learn how to use [nodeSelector](/docs/tasks/configure-pod-container/assign-pods-nodes/). +- Learn how to use [affinity and anti-affinity](/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/). From e9784b98be593077f56d2e1b209c42baacb242e5 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 15:30:04 +0800 Subject: [PATCH 124/537] Add syntax tag to highlight the shell --- .../run-stateless-application-deployment.md | 152 +++++++++--------- 1 file changed, 78 insertions(+), 74 deletions(-) diff --git a/content/en/docs/tasks/run-application/run-stateless-application-deployment.md b/content/en/docs/tasks/run-application/run-stateless-application-deployment.md index 62bd984ddc7e3..370892522b9dc 100644 --- a/content/en/docs/tasks/run-application/run-stateless-application-deployment.md +++ b/content/en/docs/tasks/run-application/run-stateless-application-deployment.md @@ -9,27 +9,16 @@ weight: 10 This page shows how to run an application using a Kubernetes Deployment object. - - - ## {{% heading "objectives" %}} - -* Create an nginx deployment. -* Use kubectl to list information about the deployment. -* Update the deployment. - - - +- Create an nginx deployment. +- Use kubectl to list information about the deployment. +- Update the deployment. ## {{% heading "prerequisites" %}} - {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} - - - ## Creating and exploring an nginx deployment @@ -40,60 +29,71 @@ a Deployment that runs the nginx:1.14.2 Docker image: {{< codenew file="application/deployment.yaml" >}} - 1. Create a Deployment based on the YAML file: - kubectl apply -f https://k8s.io/examples/application/deployment.yaml + ```shell + kubectl apply -f https://k8s.io/examples/application/deployment.yaml + ``` 1. Display information about the Deployment: - kubectl describe deployment nginx-deployment - - The output is similar to this: - - Name: nginx-deployment - Namespace: default - CreationTimestamp: Tue, 30 Aug 2016 18:11:37 -0700 - Labels: app=nginx - Annotations: deployment.kubernetes.io/revision=1 - Selector: app=nginx - Replicas: 2 desired | 2 updated | 2 total | 2 available | 0 unavailable - StrategyType: RollingUpdate - MinReadySeconds: 0 - RollingUpdateStrategy: 1 max unavailable, 1 max surge - Pod Template: - Labels: app=nginx - Containers: - nginx: - Image: nginx:1.14.2 - Port: 80/TCP - Environment: - Mounts: - Volumes: - Conditions: - Type Status Reason - ---- ------ ------ - Available True MinimumReplicasAvailable - Progressing True NewReplicaSetAvailable - OldReplicaSets: - NewReplicaSet: nginx-deployment-1771418926 (2/2 replicas created) - No events. + ```shell + kubectl describe deployment nginx-deployment + ``` + + The output is similar to this: + + ``` + Name: nginx-deployment + Namespace: default + CreationTimestamp: Tue, 30 Aug 2016 18:11:37 -0700 + Labels: app=nginx + Annotations: deployment.kubernetes.io/revision=1 + Selector: app=nginx + Replicas: 2 desired | 2 updated | 2 total | 2 available | 0 unavailable + StrategyType: RollingUpdate + MinReadySeconds: 0 + RollingUpdateStrategy: 1 max unavailable, 1 max surge + Pod Template: + Labels: app=nginx + Containers: + nginx: + Image: nginx:1.14.2 + Port: 80/TCP + Environment: + Mounts: + Volumes: + Conditions: + Type Status Reason + ---- ------ ------ + Available True MinimumReplicasAvailable + Progressing True NewReplicaSetAvailable + OldReplicaSets: + NewReplicaSet: nginx-deployment-1771418926 (2/2 replicas created) + No events. + ``` 1. List the Pods created by the deployment: - kubectl get pods -l app=nginx + ```shell + kubectl get pods -l app=nginx + ``` - The output is similar to this: + The output is similar to this: - NAME READY STATUS RESTARTS AGE - nginx-deployment-1771418926-7o5ns 1/1 Running 0 16h - nginx-deployment-1771418926-r18az 1/1 Running 0 16h + ``` + NAME READY STATUS RESTARTS AGE + nginx-deployment-1771418926-7o5ns 1/1 Running 0 16h + nginx-deployment-1771418926-r18az 1/1 Running 0 16h + ``` 1. Display information about a Pod: - kubectl describe pod + ```shell + kubectl describe pod + ``` - where `` is the name of one of your Pods. + where `` is the name of one of your Pods. ## Updating the deployment @@ -104,11 +104,15 @@ specifies that the deployment should be updated to use nginx 1.16.1. 1. Apply the new YAML file: - kubectl apply -f https://k8s.io/examples/application/deployment-update.yaml + ```shell + kubectl apply -f https://k8s.io/examples/application/deployment-update.yaml + ``` 1. Watch the deployment create pods with new names and delete the old pods: - kubectl get pods -l app=nginx + ```shell + kubectl get pods -l app=nginx + ``` ## Scaling the application by increasing the replica count @@ -120,25 +124,33 @@ should have four Pods: 1. Apply the new YAML file: - kubectl apply -f https://k8s.io/examples/application/deployment-scale.yaml + ```shell + kubectl apply -f https://k8s.io/examples/application/deployment-scale.yaml + ``` 1. Verify that the Deployment has four Pods: - kubectl get pods -l app=nginx + ```shell + kubectl get pods -l app=nginx + ``` - The output is similar to this: + The output is similar to this: - NAME READY STATUS RESTARTS AGE - nginx-deployment-148880595-4zdqq 1/1 Running 0 25s - nginx-deployment-148880595-6zgi1 1/1 Running 0 25s - nginx-deployment-148880595-fxcez 1/1 Running 0 2m - nginx-deployment-148880595-rwovn 1/1 Running 0 2m + ``` + NAME READY STATUS RESTARTS AGE + nginx-deployment-148880595-4zdqq 1/1 Running 0 25s + nginx-deployment-148880595-6zgi1 1/1 Running 0 25s + nginx-deployment-148880595-fxcez 1/1 Running 0 2m + nginx-deployment-148880595-rwovn 1/1 Running 0 2m + ``` ## Deleting a deployment Delete the deployment by name: - kubectl delete deployment nginx-deployment +```shell +kubectl delete deployment nginx-deployment +``` ## ReplicationControllers -- the Old Way @@ -147,14 +159,6 @@ which in turn uses a ReplicaSet. Before the Deployment and ReplicaSet were added to Kubernetes, replicated applications were configured using a [ReplicationController](/docs/concepts/workloads/controllers/replicationcontroller/). - - - ## {{% heading "whatsnext" %}} - -* Learn more about [Deployment objects](/docs/concepts/workloads/controllers/deployment/). - - - - +- Learn more about [Deployment objects](/docs/concepts/workloads/controllers/deployment/). From 876ce6c7a7a15d2464f8a42e9d44206bec804a11 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 16:13:59 +0800 Subject: [PATCH 125/537] [zh] Resync some tiny changes in page under tasks --- .../update-api-object-kubectl-patch.md | 2 +- .../configure-pod-container/configure-volume-storage.md | 4 ++-- .../docs/tasks/configure-pod-container/migrate-from-psp.md | 1 + .../configure-pod-container/pull-image-private-registry.md | 4 ++-- .../update-api-object-kubectl-patch.md | 2 +- content/zh-cn/docs/tasks/network/validate-dual-stack.md | 6 ++++-- .../zh-cn/docs/tasks/run-application/scale-stateful-set.md | 1 + 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md b/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md index 4bd40719ac201..4a2f7e3ac072b 100644 --- a/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md +++ b/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md @@ -261,7 +261,7 @@ kubectl get deployment patch-demo --output yaml The `containers` list that you specified in the patch has only one Container. The output shows that your list of one Container replaced the existing `containers` list. -```shell +```yaml spec: containers: - image: gcr.io/google-samples/node-hello:1.0 diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-volume-storage.md index a0f6fa6b0ee71..2065d4ef37897 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-volume-storage.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -49,7 +49,7 @@ restarts. Here is the configuration file for the Pod: {{< codenew file="pods/storage/redis.yaml" >}} 1. 创建 Pod: @@ -88,7 +88,7 @@ restarts. Here is the configuration file for the Pod: ``` 4. 在你的 Shell 中,切换到 `/data/redis` 目录下,然后创建一个文件: diff --git a/content/zh-cn/docs/tasks/configure-pod-container/migrate-from-psp.md b/content/zh-cn/docs/tasks/configure-pod-container/migrate-from-psp.md index 0061e4cd0c7ee..99d03c80e6b54 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/migrate-from-psp.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/migrate-from-psp.md @@ -356,6 +356,7 @@ For each updated PodSecurityPolicy: you can compare the pod with the PodTemplate in the controller resource. If any changes are identified, the original Pod or PodTemplate should be updated with the desired configuration. The fields to review are: + - `.metadata.annotations['container.apparmor.security.beta.kubernetes.io/*']` (replace * with each container name) --> 2. 比较运行中的 Pod 与原来的 Pod 规约,确定 PodSecurityPolicy 是否更改过这些 Pod。 对于通过[工作负载资源](/zh-cn/docs/concepts/workloads/controllers/)所创建的 Pod, diff --git a/content/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry.md b/content/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry.md index ed0f33623b648..21ff6407bdbb3 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry.md @@ -44,11 +44,11 @@ as an example registry. -## 登录 Docker 镜像仓库 {#log-in-to-docker} +## 登录 Docker 镜像仓库 {#log-in-to-docker-hub} 在个人电脑上,要想拉取私有镜像必须在镜像仓库上进行身份验证。 diff --git a/content/zh-cn/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md b/content/zh-cn/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md index 68ca773fce205..81274916b5510 100644 --- a/content/zh-cn/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md +++ b/content/zh-cn/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md @@ -639,7 +639,7 @@ kubectl patch deployment patch-demo --patch '{"spec": {"template": {"spec": {"co The flag `--subresource=[subresource-name]` is used with kubectl commands like get, patch, edit and replace to fetch and update `status` and `scale` subresources of the resources (applicable for kubectl version v1.24 or more). This flag is used with all the API resources -(built-in and CRs) which has `status` or `scale` subresource. Deployment is one of the +(built-in and CRs) that have `status` or `scale` subresource. Deployment is one of the examples which supports these subresources. Here's a manifest for a Deployment that has two replicas: diff --git a/content/zh-cn/docs/tasks/network/validate-dual-stack.md b/content/zh-cn/docs/tasks/network/validate-dual-stack.md index a0b70b97e6cc0..18d50d70eeb86 100644 --- a/content/zh-cn/docs/tasks/network/validate-dual-stack.md +++ b/content/zh-cn/docs/tasks/network/validate-dual-stack.md @@ -7,6 +7,8 @@ content_type: task reviewers: - lachie83 - khenidak +- bridgetkromhout +min-kubernetes-server-version: v1.23 title: Validate IPv4/IPv6 dual-stack content_type: task --> @@ -316,7 +318,7 @@ Events: ### 创建双协议栈负载均衡服务 @@ -336,7 +338,7 @@ kubectl get svc -l app.kubernetes.io/name=MyApp ``` 验证服务是否从 IPv6 地址块中接收到 `CLUSTER-IP` 地址以及 `EXTERNAL-IP`。 然后,你可以通过 IP 和端口验证对服务的访问。 diff --git a/content/zh-cn/docs/tasks/run-application/scale-stateful-set.md b/content/zh-cn/docs/tasks/run-application/scale-stateful-set.md index 02e7f13aa8e5b..c8ca657e8335c 100644 --- a/content/zh-cn/docs/tasks/run-application/scale-stateful-set.md +++ b/content/zh-cn/docs/tasks/run-application/scale-stateful-set.md @@ -1,6 +1,7 @@ --- title: 扩缩 StatefulSet content_type: task +weight: 50 --- From 19085a3853a3662f4e3ae253bc6f1e0bb436ae1a Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 16:15:11 +0800 Subject: [PATCH 126/537] [zh] Resync page quality-service-pod --- .../quality-service-pod.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/quality-service-pod.md b/content/zh-cn/docs/tasks/configure-pod-container/quality-service-pod.md index d93b183fd19b1..4691bd2079de8 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/quality-service-pod.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/quality-service-pod.md @@ -62,7 +62,7 @@ kubectl create namespace qos-example ## 创建一个 QoS 类为 Guaranteed 的 Pod {#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed} -对于 QoS 类为 Guaranteed 的 Pod: +对于 QoS 类为 `Guaranteed` 的 Pod: * Pod 中的每个容器都必须指定内存限制和内存请求。 * 对于 Pod 中的每个容器,内存限制必须等于内存请求。 @@ -116,11 +116,11 @@ kubectl get pod qos-demo --namespace=qos-example --output=yaml ``` -结果表明 Kubernetes 为 Pod 配置的 QoS 类为 Guaranteed。 +结果表明 Kubernetes 为 Pod 配置的 QoS 类为 `Guaranteed`。 结果也确认了 Pod 容器设置了与内存限制匹配的内存请求,设置了与 CPU 限制匹配的 CPU 请求。 ```yaml @@ -247,7 +247,7 @@ kubectl delete pod qos-demo-2 --namespace=qos-example For a Pod to be given a QoS class of `BestEffort`, the Containers in the Pod must not have any memory or CPU limits or requests. -Here is the configuration file for a Pod that has one Container. The Container has no memory or CPU +Here is a manifest for a Pod that has one Container. The Container has no memory or CPU limits or requests: --> ## 创建一个 QoS 类为 BestEffort 的 Pod {#create-a-pod-that-gets-assigned-a-qos-class-of-besteffort} @@ -308,23 +308,23 @@ kubectl delete pod qos-demo-3 --namespace=qos-example ## 创建包含两个容器的 Pod {#create-a-pod-that-has-two-containers} -下面是包含两个 Container 的 Pod 配置文件。一个 Container 指定内存请求为 200 MiB。 +下面是包含两个 Container 的 Pod 清单。一个 Container 指定内存请求为 200 MiB。 另外一个 Container 没有指定任何请求或限制。 {{< codenew file="pods/qos/qos-pod-4.yaml" >}} -注意此 Pod 满足 `Burstable` QoS 类的标准。也就是说它不满足 Guaranteed QoS 类标准, +注意此 Pod 满足 `Burstable` QoS 类的标准。也就是说它不满足 `Guaranteed` QoS 类标准, 因为它的 Container 之一设有内存请求。 创建 Pod: From 3ca95d6c88fe7af0bf2da0c5f2363ba41c86ef9a Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 16:30:51 +0800 Subject: [PATCH 127/537] Tidy concepts pages within Label and Annotation --- .../overview/working-with-objects/annotations.md | 10 +--------- .../concepts/overview/working-with-objects/labels.md | 8 ++++---- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/content/en/docs/concepts/overview/working-with-objects/annotations.md b/content/en/docs/concepts/overview/working-with-objects/annotations.md index 02d3982c695ba..721bb67c7d704 100644 --- a/content/en/docs/concepts/overview/working-with-objects/annotations.md +++ b/content/en/docs/concepts/overview/working-with-objects/annotations.md @@ -8,7 +8,6 @@ weight: 60 You can use Kubernetes annotations to attach arbitrary non-identifying metadata to objects. Clients such as tools and libraries can retrieve this metadata. - ## Attaching metadata to objects @@ -74,10 +73,9 @@ If the prefix is omitted, the annotation Key is presumed to be private to the us The `kubernetes.io/` and `k8s.io/` prefixes are reserved for Kubernetes core components. -For example, here's the configuration file for a Pod that has the annotation `imageregistry: https://hub.docker.com/` : +For example, here's a manifest for a Pod that has the annotation `imageregistry: https://hub.docker.com/` : ```yaml - apiVersion: v1 kind: Pod metadata: @@ -90,14 +88,8 @@ spec: image: nginx:1.14.2 ports: - containerPort: 80 - ``` - - ## {{% heading "whatsnext" %}} Learn more about [Labels and Selectors](/docs/concepts/overview/working-with-objects/labels/). - - - diff --git a/content/en/docs/concepts/overview/working-with-objects/labels.md b/content/en/docs/concepts/overview/working-with-objects/labels.md index d57e47ab4a3ae..aec2c4cc013ed 100644 --- a/content/en/docs/concepts/overview/working-with-objects/labels.md +++ b/content/en/docs/concepts/overview/working-with-objects/labels.md @@ -79,7 +79,7 @@ Valid label value: * unless empty, must begin and end with an alphanumeric character (`[a-z0-9A-Z]`), * could contain dashes (`-`), underscores (`_`), dots (`.`), and alphanumerics between. -For example, here's the configuration file for a Pod that has two labels +For example, here's a manifest for a Pod that has two labels `environment: production` and `app: nginx`: ```yaml @@ -259,7 +259,7 @@ or ```yaml selector: - component: redis + component: redis ``` This selector (respectively in `json` or `yaml` format) is equivalent to @@ -278,8 +278,8 @@ selector: matchLabels: component: redis matchExpressions: - - {key: tier, operator: In, values: [cache]} - - {key: environment, operator: NotIn, values: [dev]} + - { key: tier, operator: In, values: [cache] } + - { key: environment, operator: NotIn, values: [dev] } ``` `matchLabels` is a map of `{key,value}` pairs. A single `{key,value}` in the From 7b59d55a64a6f57c3ea88bcabb5c4793a33d7621 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 19 Feb 2023 19:59:24 +0800 Subject: [PATCH 128/537] [zh] sync kubeadm_reset_phase_remove-etcd-member.md --- .../kubeadm_reset_phase_remove-etcd-member.md | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_remove-etcd-member.md b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_remove-etcd-member.md index 8b69953efd8af..b95fcb7cf84e0 100644 --- a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_remove-etcd-member.md +++ b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_remove-etcd-member.md @@ -3,7 +3,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference conent, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -12,18 +12,17 @@ guide. You can file document formatting bugs against the -删除本地 etcd 成员 +删除本地 etcd 成员。 - ### 概要 -删除控制平面节点的本地 etcd 成员 +删除控制平面节点的本地 etcd 成员。 ``` kubeadm reset phase remove-etcd-member [flags] @@ -32,7 +31,6 @@ kubeadm reset phase remove-etcd-member [flags] - ### 选项 @@ -42,6 +40,16 @@ kubeadm reset phase remove-etcd-member [flags] + + + + + + + @@ -68,11 +76,9 @@ remove-etcd-member 的帮助信息
    --dry-run

    + +不应用任何更改;仅输出要完成的内容。 +

    -h, --help
    - - ### 从父命令继承的选项 From 087ec081819aa670a6b16152f15430d20fc2063d Mon Sep 17 00:00:00 2001 From: Freddie Date: Mon, 20 Feb 2023 01:02:19 +0530 Subject: [PATCH 129/537] removed intances of k8s.gcr --- content/hi/docs/tutorials/hello-minikube.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/hi/docs/tutorials/hello-minikube.md b/content/hi/docs/tutorials/hello-minikube.md index 65cd3ee95bf4b..4a64cc18bc9a2 100644 --- a/content/hi/docs/tutorials/hello-minikube.md +++ b/content/hi/docs/tutorials/hello-minikube.md @@ -94,7 +94,7 @@ minikube dashboard --url प्रदान की गई डॉकर इमेज के आधार पर एक कंटेनर चलाता है। ```shell - kubectl create deployment hello-node --image=k8s.gcr.io/echoserver:1.4 + kubectl create deployment hello-node --image=registry.k8s.io/echoserver:1.4 ``` 2. डेप्लॉयमेंट देखें: @@ -155,7 +155,7 @@ minikube dashboard --url `--type=LoadBalancer` फ्लैग इंगित करता है कि आप क्लस्टर के बाहर अपने सर्विस को प्रदर्शित करना चाहते हैं। - इमेज के अंदर एप्लिकेशन कोड `k8s.gcr.io/echoserver` केवल TCP पोर्ट 8080 पर सुनता है। + इमेज के अंदर एप्लिकेशन कोड `registry.k8s.io/echoserver` केवल TCP पोर्ट 8080 पर सुनता है। यदि आपने किसी भिन्न पोर्ट को एक्सपोज़ करने के लिए `kubectl एक्सपोज़` का उपयोग किया है, तो क्लाइंट उस अन्य पोर्ट से जुड़ नहीं सकते। 2. आपके द्वारा बनाई गई सर्विस देखें: From e2e8192cb69a131dd50a5150d748849d04b5ce84 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Sun, 19 Feb 2023 19:46:41 +0000 Subject: [PATCH 130/537] Fixed Calico Quickstart link --- .../network-policy-provider/calico-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md b/content/en/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md index 0cf26dcf8caff..972c90e0fa248 100644 --- a/content/en/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md +++ b/content/en/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md @@ -43,7 +43,7 @@ Decide whether you want to deploy a [cloud](#creating-a-calico-cluster-with-goog ## Creating a local Calico cluster with kubeadm To get a local single-host Calico cluster in fifteen minutes using kubeadm, refer to the -[Calico Quickstart](https://docs.projectcalico.org/latest/getting-started/kubernetes/). +[Calico Quickstart](https://projectcalico.docs.tigera.io/getting-started/kubernetes/). From 1767db3e748818b8a35e5e0c46a3c52686cb26f3 Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Mon, 20 Feb 2023 11:28:51 +0800 Subject: [PATCH 131/537] [zh-cn] Add blog translators description --- .../zh-cn/docs/contribute/localization_zh.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/content/zh-cn/docs/contribute/localization_zh.md b/content/zh-cn/docs/contribute/localization_zh.md index f79ea8f41ef85..5f8e0e4a9bb6f 100644 --- a/content/zh-cn/docs/contribute/localization_zh.md +++ b/content/zh-cn/docs/contribute/localization_zh.md @@ -170,6 +170,27 @@ English text 保持注释掉的英文与译文都在短代码内更便于维护。 {{< /note >}} +### 博客译者署名 {#blog-translators-signature} + +翻译一篇博客需要花费大量的时间和精力,添加署名是对译者工作的认可, +也有利于激励贡献者同步英文博客,提升博客质量。 +如要添加译者署名,可在作者下面一行添加译者相关内容。例如: + +``` + +**作者** :Alice (Google) + +**译者** :李明 (百度) +``` + +{{< note >}} +译者也可以放弃署名,这取决于个人偏好,不是强制性的。 +译者所属公司由译者本人决定是否填写。 +多人翻译同一篇博客默认按照译者的贡献大小进行署名,贡献越大的署名越靠前。 +{{< /note >}} + ### 译与不译 {#keep-or-translate} #### 资源名称或字段不译 {#resource-name-or-fields} From 0dfd829c65bd99f9b142d2f1ae11fb2cefe76b82 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 21:26:00 +0800 Subject: [PATCH 132/537] Add code block in page run-single-instance-stateful-application --- ...un-single-instance-stateful-application.md | 183 +++++++++--------- 1 file changed, 90 insertions(+), 93 deletions(-) diff --git a/content/en/docs/tasks/run-application/run-single-instance-stateful-application.md b/content/en/docs/tasks/run-application/run-single-instance-stateful-application.md index bdc3b0c524a4f..de68f49892d36 100644 --- a/content/en/docs/tasks/run-application/run-single-instance-stateful-application.md +++ b/content/en/docs/tasks/run-application/run-single-instance-stateful-application.md @@ -10,28 +10,17 @@ This page shows you how to run a single-instance stateful application in Kubernetes using a PersistentVolume and a Deployment. The application is MySQL. - - - ## {{% heading "objectives" %}} - -* Create a PersistentVolume referencing a disk in your environment. -* Create a MySQL Deployment. -* Expose MySQL to other pods in the cluster at a known DNS name. - - - +- Create a PersistentVolume referencing a disk in your environment. +- Create a MySQL Deployment. +- Expose MySQL to other pods in the cluster at a known DNS name. ## {{% heading "prerequisites" %}} +- {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} -* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} - -* {{< include "default-storage-class-prereqs.md" >}} - - - +- {{< include "default-storage-class-prereqs.md" >}} @@ -39,7 +28,7 @@ application is MySQL. You can run a stateful application by creating a Kubernetes Deployment and connecting it to an existing PersistentVolume using a -PersistentVolumeClaim. For example, this YAML file describes a +PersistentVolumeClaim. For example, this YAML file describes a Deployment that runs MySQL and references the PersistentVolumeClaim. The file defines a volume mount for /var/lib/mysql, and then creates a PersistentVolumeClaim that looks for a 20G volume. This claim is @@ -55,80 +44,96 @@ for a secure solution. 1. Deploy the PV and PVC of the YAML file: - kubectl apply -f https://k8s.io/examples/application/mysql/mysql-pv.yaml + ```shell + kubectl apply -f https://k8s.io/examples/application/mysql/mysql-pv.yaml + ``` 1. Deploy the contents of the YAML file: - kubectl apply -f https://k8s.io/examples/application/mysql/mysql-deployment.yaml + ```shell + kubectl apply -f https://k8s.io/examples/application/mysql/mysql-deployment.yaml + ``` 1. Display information about the Deployment: - kubectl describe deployment mysql - - The output is similar to this: - - Name: mysql - Namespace: default - CreationTimestamp: Tue, 01 Nov 2016 11:18:45 -0700 - Labels: app=mysql - Annotations: deployment.kubernetes.io/revision=1 - Selector: app=mysql - Replicas: 1 desired | 1 updated | 1 total | 0 available | 1 unavailable - StrategyType: Recreate - MinReadySeconds: 0 - Pod Template: - Labels: app=mysql - Containers: - mysql: - Image: mysql:5.6 - Port: 3306/TCP - Environment: - MYSQL_ROOT_PASSWORD: password - Mounts: - /var/lib/mysql from mysql-persistent-storage (rw) - Volumes: - mysql-persistent-storage: - Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace) - ClaimName: mysql-pv-claim - ReadOnly: false - Conditions: - Type Status Reason - ---- ------ ------ - Available False MinimumReplicasUnavailable - Progressing True ReplicaSetUpdated - OldReplicaSets: - NewReplicaSet: mysql-63082529 (1/1 replicas created) - Events: - FirstSeen LastSeen Count From SubobjectPath Type Reason Message - --------- -------- ----- ---- ------------- -------- ------ ------- - 33s 33s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set mysql-63082529 to 1 + ```shell + kubectl describe deployment mysql + ``` + + The output is similar to this: + + ``` + Name: mysql + Namespace: default + CreationTimestamp: Tue, 01 Nov 2016 11:18:45 -0700 + Labels: app=mysql + Annotations: deployment.kubernetes.io/revision=1 + Selector: app=mysql + Replicas: 1 desired | 1 updated | 1 total | 0 available | 1 unavailable + StrategyType: Recreate + MinReadySeconds: 0 + Pod Template: + Labels: app=mysql + Containers: + mysql: + Image: mysql:5.6 + Port: 3306/TCP + Environment: + MYSQL_ROOT_PASSWORD: password + Mounts: + /var/lib/mysql from mysql-persistent-storage (rw) + Volumes: + mysql-persistent-storage: + Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace) + ClaimName: mysql-pv-claim + ReadOnly: false + Conditions: + Type Status Reason + ---- ------ ------ + Available False MinimumReplicasUnavailable + Progressing True ReplicaSetUpdated + OldReplicaSets: + NewReplicaSet: mysql-63082529 (1/1 replicas created) + Events: + FirstSeen LastSeen Count From SubobjectPath Type Reason Message + --------- -------- ----- ---- ------------- -------- ------ ------- + 33s 33s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set mysql-63082529 to 1 + ``` 1. List the pods created by the Deployment: - kubectl get pods -l app=mysql + ```shell + kubectl get pods -l app=mysql + ``` - The output is similar to this: + The output is similar to this: - NAME READY STATUS RESTARTS AGE - mysql-63082529-2z3ki 1/1 Running 0 3m + ``` + NAME READY STATUS RESTARTS AGE + mysql-63082529-2z3ki 1/1 Running 0 3m + ``` 1. Inspect the PersistentVolumeClaim: - kubectl describe pvc mysql-pv-claim - - The output is similar to this: - - Name: mysql-pv-claim - Namespace: default - StorageClass: - Status: Bound - Volume: mysql-pv-volume - Labels: - Annotations: pv.kubernetes.io/bind-completed=yes - pv.kubernetes.io/bound-by-controller=yes - Capacity: 20Gi - Access Modes: RWO - Events: + ```shell + kubectl describe pvc mysql-pv-claim + ``` + + The output is similar to this: + + ``` + Name: mysql-pv-claim + Namespace: default + StorageClass: + Status: Bound + Volume: mysql-pv-volume + Labels: + Annotations: pv.kubernetes.io/bind-completed=yes + pv.kubernetes.io/bound-by-controller=yes + Capacity: 20Gi + Access Modes: RWO + Events: + ``` ## Accessing the MySQL instance @@ -140,7 +145,7 @@ behind a Service and you don't intend to increase the number of Pods. Run a MySQL client to connect to the server: -``` +```shell kubectl run -it --rm --image=mysql:5.6 --restart=Never mysql-client -- mysql -h mysql -ppassword ``` @@ -161,11 +166,11 @@ The image or any other part of the Deployment can be updated as usual with the `kubectl apply` command. Here are some precautions that are specific to stateful apps: -* Don't scale the app. This setup is for single-instance apps +- Don't scale the app. This setup is for single-instance apps only. The underlying PersistentVolume can only be mounted to one Pod. For clustered stateful apps, see the [StatefulSet documentation](/docs/concepts/workloads/controllers/statefulset/). -* Use `strategy:` `type: Recreate` in the Deployment configuration +- Use `strategy:` `type: Recreate` in the Deployment configuration YAML file. This instructs Kubernetes to _not_ use rolling updates. Rolling updates will not work, as you cannot have more than one Pod running at a time. The `Recreate` strategy will stop the @@ -175,7 +180,7 @@ specific to stateful apps: Delete the deployed objects by name: -``` +```shell kubectl delete deployment,svc mysql kubectl delete pvc mysql-pv-claim kubectl delete pv mysql-pv-volume @@ -188,20 +193,12 @@ PersistentVolume when it sees that you deleted the PersistentVolumeClaim. Some dynamic provisioners (such as those for EBS and PD) also release the underlying resource upon deleting the PersistentVolume. - - - ## {{% heading "whatsnext" %}} +- Learn more about [Deployment objects](/docs/concepts/workloads/controllers/deployment/). -* Learn more about [Deployment objects](/docs/concepts/workloads/controllers/deployment/). - -* Learn more about [Deploying applications](/docs/tasks/run-application/run-stateless-application-deployment/) - -* [kubectl run documentation](/docs/reference/generated/kubectl/kubectl-commands/#run) - -* [Volumes](/docs/concepts/storage/volumes/) and [Persistent Volumes](/docs/concepts/storage/persistent-volumes/) - - +- Learn more about [Deploying applications](/docs/tasks/run-application/run-stateless-application-deployment/) +- [kubectl run documentation](/docs/reference/generated/kubectl/kubectl-commands/#run) +- [Volumes](/docs/concepts/storage/volumes/) and [Persistent Volumes](/docs/concepts/storage/persistent-volumes/) From d25a113ce00fabcf96523e3d38b7f6a64f4e9b76 Mon Sep 17 00:00:00 2001 From: s-kawamura-w664 Date: Mon, 20 Feb 2023 06:46:35 +0000 Subject: [PATCH 133/537] [ja] Update page weights under content/ja/docs/concepts/services-networking. --- .../services-networking/connect-applications-service.md | 2 +- content/ja/docs/concepts/services-networking/dns-pod-service.md | 2 +- content/ja/docs/concepts/services-networking/dual-stack.md | 2 +- content/ja/docs/concepts/services-networking/endpoint-slices.md | 2 +- .../ja/docs/concepts/services-networking/ingress-controllers.md | 2 +- content/ja/docs/concepts/services-networking/ingress.md | 2 +- .../ja/docs/concepts/services-networking/network-policies.md | 2 +- .../docs/concepts/services-networking/service-traffic-policy.md | 2 +- .../docs/concepts/services-networking/topology-aware-hints.md | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/ja/docs/concepts/services-networking/connect-applications-service.md b/content/ja/docs/concepts/services-networking/connect-applications-service.md index a7293c440cc40..17aced17830f2 100644 --- a/content/ja/docs/concepts/services-networking/connect-applications-service.md +++ b/content/ja/docs/concepts/services-networking/connect-applications-service.md @@ -1,7 +1,7 @@ --- title: サービスとアプリケーションの接続 content_type: concept -weight: 30 +weight: 40 --- diff --git a/content/ja/docs/concepts/services-networking/dns-pod-service.md b/content/ja/docs/concepts/services-networking/dns-pod-service.md index c499dca593c47..fe96775066954 100644 --- a/content/ja/docs/concepts/services-networking/dns-pod-service.md +++ b/content/ja/docs/concepts/services-networking/dns-pod-service.md @@ -2,7 +2,7 @@ reviewers: title: ServiceとPodに対するDNS content_type: concept -weight: 20 +weight: 80 --- このページではKubernetesによるDNSサポートについて概観します。 diff --git a/content/ja/docs/concepts/services-networking/dual-stack.md b/content/ja/docs/concepts/services-networking/dual-stack.md index 2365680691dbe..7a987c39bb591 100644 --- a/content/ja/docs/concepts/services-networking/dual-stack.md +++ b/content/ja/docs/concepts/services-networking/dual-stack.md @@ -5,7 +5,7 @@ feature: description: > IPv4およびIPv6のアドレスをPodとServiceに割り当てる content_type: concept -weight: 70 +weight: 90 --- diff --git a/content/ja/docs/concepts/services-networking/endpoint-slices.md b/content/ja/docs/concepts/services-networking/endpoint-slices.md index 6d0e13d8ee7a7..af9f9e98e7b54 100644 --- a/content/ja/docs/concepts/services-networking/endpoint-slices.md +++ b/content/ja/docs/concepts/services-networking/endpoint-slices.md @@ -1,7 +1,7 @@ --- title: EndpointSlice content_type: concept -weight: 35 +weight: 60 --- diff --git a/content/ja/docs/concepts/services-networking/ingress-controllers.md b/content/ja/docs/concepts/services-networking/ingress-controllers.md index 75dfb1d11b169..f62bc9a302267 100644 --- a/content/ja/docs/concepts/services-networking/ingress-controllers.md +++ b/content/ja/docs/concepts/services-networking/ingress-controllers.md @@ -2,7 +2,7 @@ title: Ingressコントローラー reviewers: content_type: concept -weight: 40 +weight: 50 --- diff --git a/content/ja/docs/concepts/services-networking/ingress.md b/content/ja/docs/concepts/services-networking/ingress.md index 22e4bb53f2512..1ffa22991319d 100644 --- a/content/ja/docs/concepts/services-networking/ingress.md +++ b/content/ja/docs/concepts/services-networking/ingress.md @@ -1,7 +1,7 @@ --- title: Ingress content_type: concept -weight: 40 +weight: 30 --- diff --git a/content/ja/docs/concepts/services-networking/network-policies.md b/content/ja/docs/concepts/services-networking/network-policies.md index d73a8581d9b08..d726209f8752f 100644 --- a/content/ja/docs/concepts/services-networking/network-policies.md +++ b/content/ja/docs/concepts/services-networking/network-policies.md @@ -1,7 +1,7 @@ --- title: ネットワークポリシー content_type: concept -weight: 50 +weight: 70 --- diff --git a/content/ja/docs/concepts/services-networking/service-traffic-policy.md b/content/ja/docs/concepts/services-networking/service-traffic-policy.md index 741c38c12a535..cfa2e71f81680 100644 --- a/content/ja/docs/concepts/services-networking/service-traffic-policy.md +++ b/content/ja/docs/concepts/services-networking/service-traffic-policy.md @@ -1,7 +1,7 @@ --- title: サービス内部トラフィックポリシー content_type: concept -weight: 45 +weight: 120 --- diff --git a/content/ja/docs/concepts/services-networking/topology-aware-hints.md b/content/ja/docs/concepts/services-networking/topology-aware-hints.md index ed26561f40ac7..d19e87a35424f 100644 --- a/content/ja/docs/concepts/services-networking/topology-aware-hints.md +++ b/content/ja/docs/concepts/services-networking/topology-aware-hints.md @@ -1,7 +1,7 @@ --- title: トポロジーを意識したヒント content_type: concept -weight: 45 +weight: 100 --- From 7aae1ad20715a6957fa41bd5a0f313ac4874600a Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Mon, 20 Feb 2023 15:26:33 +0800 Subject: [PATCH 134/537] [zh-cn] Resync kubeadm_init_phase_control-plane_scheduler.md --- .../kubeadm_init_phase_control-plane_scheduler.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md index 3b10963776ff5..da937ae7e2cb8 100644 --- a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md +++ b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md @@ -3,7 +3,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference conent, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -96,9 +96,9 @@ kubeadm init phase control-plane scheduler [flags] @@ -132,10 +132,11 @@ kubeadm init phase control-plane scheduler [flags] + + @@ -136,9 +149,9 @@ all 操作的帮助命令 From e277fe5f8c5d569737c3239de365b2fced07c2d6 Mon Sep 17 00:00:00 2001 From: mtardy Date: Tue, 20 Dec 2022 16:02:05 +0100 Subject: [PATCH 159/537] Update CVE feed layouts for new JSON feed format Also add information about last update time on CVE table --- data/i18n/en/en.toml | 10 ++++++++-- layouts/_default/cve-feed.json | 24 +----------------------- layouts/shortcodes/cve-feed.html | 13 +++++++------ 3 files changed, 16 insertions(+), 31 deletions(-) diff --git a/data/i18n/en/en.toml b/data/i18n/en/en.toml index eee6e8661b353..d477cb95b8a8b 100644 --- a/data/i18n/en/en.toml +++ b/data/i18n/en/en.toml @@ -67,8 +67,14 @@ other = "Issue Summary" [cve_table] other = "Official Kubernetes CVE List" -[cve_url] -other = "CVE URL" +[cve_table_date_before] +other = "(last updated: " + +[cve_table_date_format] +other = "02 Jan 2006 15:04:05 MST" + +[cve_table_date_after] +other = ")" [deprecation_title] other = "You are viewing documentation for Kubernetes version:" diff --git a/layouts/_default/cve-feed.json b/layouts/_default/cve-feed.json index a185fde22fc77..3812e9533b776 100644 --- a/layouts/_default/cve-feed.json +++ b/layouts/_default/cve-feed.json @@ -1,23 +1 @@ -{ - "version": "https://jsonfeed.org/version/1.1", - "title": "Auto-refreshing Official CVE Feed", - "home_page_url": "https://kubernetes.io", - "feed_url": "https://kubernetes.io/docs/reference/issues-security/official-cve-feed/index.json", - "description": "Auto-refreshing official CVE feed for Kubernetes repository", - "authors": [ - { - "name": "Kubernetes Community", - "url": "https://www.kubernetes.dev" - } - ], - "items": [ - {{ range $i, $e := getJSON .Site.Params.cveFeedBucket }} - {{ if $i }}, {{ end }} - { - {{ T "cve_json_id" | jsonify }}: {{ .cve_id | jsonify }}, - {{ T "cve_json_url" | jsonify }}: {{ .issue_url | jsonify }}, - {{ T "cve_json_external_url" | jsonify }}: {{ .cve_url | jsonify}}, - {{ T "cve_json_summary" | jsonify }}: {{ replace (.summary | jsonify ) "\\u003e" ">" }} - }{{ end }} - ] -} +{{ getJSON .Site.Params.cveFeedBucket | jsonify }} diff --git a/layouts/shortcodes/cve-feed.html b/layouts/shortcodes/cve-feed.html index 1c04efab7ea8b..7c4aa2d56c27c 100644 --- a/layouts/shortcodes/cve-feed.html +++ b/layouts/shortcodes/cve-feed.html @@ -1,19 +1,20 @@
    ---image-repository string     默认值:"k8s.gcr.io" +--image-repository string     默认值:"registry.k8s.io"
    - + 包含名为 "target[suffix][+patchtype].extension" 的文件的目录。 例如,"kube-apiserver0+merge.yaml" 或者 "etcd.json"。 -"patchtype" 可以是 "strategic"、"merge" 或 "json" 之一,分别与 kubectl +"target" 可以是 "kube-apiserver"、"kube-controller-manager"、"kube-scheduler"、"etcd"、"kubeletconfiguration" 之一。 +"patchtype" 可以是 "strategic"、"merge"、"json" 之一,分别与 kubectl 所支持的 patch 格式相匹配。默认的 "patchtype" 是 "strategic"。 "extension" 必须是 "json" 或 "yaml"。 "suffix" 是一个可选的字符串,用来确定按字母顺序排序时首先应用哪些 patch。 From f416212db369202351ea11c92dfd0c7108456397 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 20 Feb 2023 10:02:49 +0800 Subject: [PATCH 135/537] [zh] sync self-subject-review-v1alpha1.md --- .../self-subject-review-v1alpha1.md | 169 ++++++++++++++++++ 1 file changed, 169 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-review-v1alpha1.md diff --git a/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-review-v1alpha1.md b/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-review-v1alpha1.md new file mode 100644 index 0000000000000..ecf6c758650e7 --- /dev/null +++ b/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-review-v1alpha1.md @@ -0,0 +1,169 @@ +--- +api_metadata: + apiVersion: "authentication.k8s.io/v1alpha1" + import: "k8s.io/api/authentication/v1alpha1" + kind: "SelfSubjectReview" +content_type: "api_reference" +description: "SelfSubjectReview 包含 kube-apiserver 所拥有的与发出此请求的用户有关的用户信息。" +title: "SelfSubjectReview v1alpha1" +weight: 5 +--- + + +`apiVersion: authentication.k8s.io/v1alpha1` + +`import "k8s.io/api/authentication/v1alpha1"` + +## SelfSubjectReview {#SelfSubjectReview} + + +SelfSubjectReview 包含 kube-apiserver 所拥有的与发出此请求的用户有关的用户信息。 +使用伪装时,用户将收到被伪装用户的用户信息。 + +
    + +- **apiVersion**: authentication.k8s.io/v1alpha1 + +- **kind**: SelfSubjectReview + +- **metadata** (}}">ObjectMeta) + + + 标准的对象元数据。更多信息: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +- **status** (}}">SelfSubjectReviewStatus) + + + status 由服务器以用户属性进行填充。 + +## SelfSubjectReviewStatus {#SelfSubjectReviewStatus} + + +SelfSubjectReviewStatus 由 kube-apiserver 进行填充并发送回用户。 + +
    + +- **userInfo** (UserInfo) + + + 发出此请求的用户的用户属性。 + + + + userInfo 包含实现 user.Info 接口所需的用户相关信息。 + + - **userInfo.extra** (map[string][]string) + + + + 由身份认证组件提供的所有附加信息。 + + - **userInfo.groups** ([]string) + + + + 此用户所属的用户组的名称。 + + - **userInfo.uid** (string) + + + + 跨时间标识此用户的唯一值。如果此用户被删除且另一个同名用户被添加,他们将具有不同的 UID。 + + - **userInfo.username** (string) + + + + 在所有活跃用户中标识此用户的名称。 + + +## 操作 {#Operations} + +
    + + +### `create` 创建 SelfSubjectReview + +#### HTTP 请求 + +POST /apis/authentication.k8s.io/v1alpha1/selfsubjectreviews + + +#### 参数 + +- **body**: }}">SelfSubjectReview,必需 + +- **dryRun** (**查询参数**): string + + }}">dryRun + +- **fieldManager** (**查询参数**): string + + }}">fieldManager + +- **fieldValidation** (**查询参数**): string + + }}">fieldValidation + +- **pretty** (**查询参数**): string + + }}">pretty + + +#### 响应 + +200 (}}">SelfSubjectReview): OK + +201 (}}">SelfSubjectReview): Created + +202 (}}">SelfSubjectReview): Accepted + +401: Unauthorized From 9ae9f742908e10396b7102f64fd35eb0ca253f86 Mon Sep 17 00:00:00 2001 From: s-kawamura-w664 Date: Mon, 20 Feb 2023 10:54:24 +0000 Subject: [PATCH 136/537] [ja] Update page weights under content/ja/docs/concepts/scheduling-eviction. --- content/ja/docs/concepts/scheduling-eviction/_index.md | 2 +- content/ja/docs/concepts/scheduling-eviction/api-eviction.md | 2 +- content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 2 +- .../docs/concepts/scheduling-eviction/scheduler-perf-tuning.md | 2 +- .../docs/concepts/scheduling-eviction/scheduling-framework.md | 2 +- .../docs/concepts/scheduling-eviction/taint-and-toleration.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/_index.md b/content/ja/docs/concepts/scheduling-eviction/_index.md index 37b8e9507f030..b937c7e5e737d 100644 --- a/content/ja/docs/concepts/scheduling-eviction/_index.md +++ b/content/ja/docs/concepts/scheduling-eviction/_index.md @@ -1,6 +1,6 @@ --- title: "スケジューリングと退避" -weight: 90 +weight: 95 description: > Kubernetesにおいてスケジューリングとは、稼働させたいPodをNodeにマッチさせ、kubeletが実行できるようにすることを指します。 退避とは、リソース不足のNodeで1つ以上のPodを積極的に停止させるプロセスです。 diff --git a/content/ja/docs/concepts/scheduling-eviction/api-eviction.md b/content/ja/docs/concepts/scheduling-eviction/api-eviction.md index 5092c96b19b45..5834beae4bc17 100644 --- a/content/ja/docs/concepts/scheduling-eviction/api-eviction.md +++ b/content/ja/docs/concepts/scheduling-eviction/api-eviction.md @@ -1,7 +1,7 @@ --- title: APIを起点とした退避 content_type: concept -weight: 70 +weight: 110 --- {{< glossary_definition term_id="api-eviction" length="short" >}}
    diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index 6bc7af0dab6b1..7256b988f1b13 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -1,7 +1,7 @@ --- title: Node上へのPodのスケジューリング content_type: concept -weight: 30 +weight: 20 --- diff --git a/content/ja/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md b/content/ja/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md index 3eeb51376ec08..f46a7b15e26f6 100644 --- a/content/ja/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md +++ b/content/ja/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md @@ -1,7 +1,7 @@ --- title: スケジューラーのパフォーマンスチューニング content_type: concept -weight: 80 +weight: 70 --- diff --git a/content/ja/docs/concepts/scheduling-eviction/scheduling-framework.md b/content/ja/docs/concepts/scheduling-eviction/scheduling-framework.md index 23ab9f5750b59..d748f38ed5db9 100644 --- a/content/ja/docs/concepts/scheduling-eviction/scheduling-framework.md +++ b/content/ja/docs/concepts/scheduling-eviction/scheduling-framework.md @@ -1,7 +1,7 @@ --- title: スケジューリングフレームワーク content_type: concept -weight: 90 +weight: 60 --- diff --git a/content/ja/docs/concepts/scheduling-eviction/taint-and-toleration.md b/content/ja/docs/concepts/scheduling-eviction/taint-and-toleration.md index 6195519928898..582238deba8e1 100644 --- a/content/ja/docs/concepts/scheduling-eviction/taint-and-toleration.md +++ b/content/ja/docs/concepts/scheduling-eviction/taint-and-toleration.md @@ -1,7 +1,7 @@ --- title: TaintとToleration content_type: concept -weight: 40 +weight: 50 --- From 5c775fc202ae29df4b0ae54fe3701afafe288740 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Mon, 20 Feb 2023 11:34:05 +0000 Subject: [PATCH 137/537] Reword further reading Co-authored-by: Shannon Kularathna --- content/en/docs/concepts/services-networking/service.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md index 62eff0297c6aa..a74ac395f9471 100644 --- a/content/en/docs/concepts/services-networking/service.md +++ b/content/en/docs/concepts/services-networking/service.md @@ -1191,7 +1191,7 @@ Learn more about Services and how they fit into Kubernetes: * Read about [Gateway](https://gateway-api.sigs.k8s.io/), an extension to Kubernetes that provides more flexibility than Ingress. -For more context, read: +For more context, read the following: * [Virtual IPs and Service Proxies](/docs/reference/networking/virtual-ips/) * [EndpointSlices](/docs/concepts/services-networking/endpoint-slices/) * [Service API reference](/docs/reference/kubernetes-api/service-resources/service-v1/) From 070831ec002a888981c3868941cf787780760d9d Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 26 Dec 2020 19:20:05 +0000 Subject: [PATCH 138/537] Wrap long lines in ConfigMap task --- .../configure-pod-configmap.md | 143 ++++++++++++------ 1 file changed, 100 insertions(+), 43 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index 61a1fefe00fa0..cd7e1c09db778 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -8,10 +8,13 @@ card: --- -Many applications rely on configuration which is used during either application initialization or runtime. -Most of the times there is a requirement to adjust values assigned to configuration parameters. -ConfigMaps are the Kubernetes way to inject application pods with configuration data. -ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable. This page provides a series of usage examples demonstrating how to create ConfigMaps and configure Pods using data stored in ConfigMaps. +Many applications rely on configuration which is used during either application initialization +or runtime. Most of the times there is a requirement to adjust values assigned to configuration +parameters. +ConfigMaps are the Kubernetes way to inject application pods with configuration +data. ConfigMaps allow you to decouple configuration artifacts from image content to keep +containerized applications portable. This page provides a series of usage examples demonstrating +how to create ConfigMaps and configure Pods using data stored in ConfigMaps. ## {{% heading "prerequisites" %}} @@ -25,21 +28,27 @@ ConfigMaps allow you to decouple configuration artifacts from image content to k ## Create a ConfigMap -You can use either `kubectl create configmap` or a ConfigMap generator in `kustomization.yaml` to create a ConfigMap. Note that `kubectl` starts to support `kustomization.yaml` since 1.14. + +You can use either `kubectl create configmap` or a ConfigMap generator in `kustomization.yaml` +to create a ConfigMap. Note that `kubectl` starts to support `kustomization.yaml` since 1.14. ### Create a ConfigMap Using kubectl create configmap -Use the `kubectl create configmap` command to create ConfigMaps from [directories](#create-configmaps-from-directories), [files](#create-configmaps-from-files), or [literal values](#create-configmaps-from-literal-values): +Use the `kubectl create configmap` command to create ConfigMaps from +[directories](#create-configmaps-from-directories), [files](#create-configmaps-from-files), +or [literal values](#create-configmaps-from-literal-values): ```shell kubectl create configmap ``` -where \ is the name you want to assign to the ConfigMap and \ is the directory, file, or literal value to draw the data from. +where \ is the name you want to assign to the ConfigMap and \ is the +directory, file, or literal value to draw the data from. The name of a ConfigMap object must be a valid [DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). -When you are creating a ConfigMap based on a file, the key in the \ defaults to the basename of the file, and the value defaults to the file content. +When you are creating a ConfigMap based on a file, the key in the \ defaults to +the basename of the file, and the value defaults to the file content. You can use [`kubectl describe`](/docs/reference/generated/kubectl/kubectl-commands/#describe) or [`kubectl get`](/docs/reference/generated/kubectl/kubectl-commands/#get) to retrieve information @@ -47,7 +56,11 @@ about a ConfigMap. #### Create ConfigMaps from directories -You can use `kubectl create configmap` to create a ConfigMap from multiple files in the same directory. When you are creating a ConfigMap based on a directory, kubectl identifies files whose basename is a valid key in the directory and packages each of those files into the new ConfigMap. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc). +You can use `kubectl create configmap` to create a ConfigMap from multiple files in the same +directory. When you are creating a ConfigMap based on a directory, kubectl identifies files +whose basename is a valid key in the directory and packages each of those files into the +new ConfigMap. Any directory entries except regular files are ignored (e.g. subdirectories, +symlinks, devices, pipes, etc). For example: @@ -63,7 +76,9 @@ wget https://kubernetes.io/examples/configmap/ui.properties -O configure-pod-con kubectl create configmap game-config --from-file=configure-pod-container/configmap/ ``` -The above command packages each file, in this case, `game.properties` and `ui.properties` in the `configure-pod-container/configmap/` directory into the game-config ConfigMap. You can display details of the ConfigMap using the following command: +The above command packages each file, in this case, `game.properties` and `ui.properties` +in the `configure-pod-container/configmap/` directory into the game-config ConfigMap. You can +display details of the ConfigMap using the following command: ```shell kubectl describe configmaps game-config @@ -95,7 +110,8 @@ allow.textmode=true how.nice.to.look=fairlyNice ``` -The `game.properties` and `ui.properties` files in the `configure-pod-container/configmap/` directory are represented in the `data` section of the ConfigMap. +The `game.properties` and `ui.properties` files in the `configure-pod-container/configmap/` +directory are represented in the `data` section of the ConfigMap. ```shell kubectl get configmaps game-config -o yaml @@ -129,7 +145,8 @@ data: #### Create ConfigMaps from files -You can use `kubectl create configmap` to create a ConfigMap from an individual file, or from multiple files. +You can use `kubectl create configmap` to create a ConfigMap from an individual file, or from +multiple files. For example, @@ -164,7 +181,8 @@ secret.code.allowed=true secret.code.lives=30 ``` -You can pass in the `--from-file` argument multiple times to create a ConfigMap from multiple data sources. +You can pass in the `--from-file` argument multiple times to create a ConfigMap from multiple +data sources. ```shell kubectl create configmap game-config-2 --from-file=configure-pod-container/configmap/game.properties --from-file=configure-pod-container/configmap/ui.properties @@ -203,8 +221,10 @@ allow.textmode=true how.nice.to.look=fairlyNice ``` -When `kubectl` creates a ConfigMap from inputs that are not ASCII or UTF-8, the tool puts these into the `binaryData` field of the ConfigMap, and not in `data`. Both text and binary data sources can be combined in one ConfigMap. -If you want to view the `binaryData` keys (and their values) in a ConfigMap, you can run `kubectl get configmap -o jsonpath='{.binaryData}' `. +When `kubectl` creates a ConfigMap from inputs that are not ASCII or UTF-8, the tool puts these +into the `binaryData` field of the ConfigMap, and not in `data`. Both text and binary data +sources can be combined in one ConfigMap. If you want to view the `binaryData` keys (and their +values) in a ConfigMap, you can run `kubectl get configmap -o jsonpath='{.binaryData}' `. Use the option `--from-env-file` to create a ConfigMap from an env-file, for example: @@ -292,13 +312,15 @@ data: #### Define the key to use when creating a ConfigMap from a file -You can define a key other than the file name to use in the `data` section of your ConfigMap when using the `--from-file` argument: +You can define a key other than the file name to use in the `data` section of your ConfigMap +when using the `--from-file` argument: ```shell kubectl create configmap game-config-3 --from-file== ``` -where `` is the key you want to use in the ConfigMap and `` is the location of the data source file you want the key to represent. +where `` is the key you want to use in the ConfigMap and `` is the +location of the data source file you want the key to represent. For example: @@ -334,13 +356,15 @@ data: #### Create ConfigMaps from literal values -You can use `kubectl create configmap` with the `--from-literal` argument to define a literal value from the command line: +You can use `kubectl create configmap` with the `--from-literal` argument to define a literal +value from the command line: ```shell kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm ``` -You can pass in multiple key-value pairs. Each pair provided on the command line is represented as a separate entry in the `data` section of the ConfigMap. +You can pass in multiple key-value pairs. Each pair provided on the command line is represented +as a separate entry in the `data` section of the ConfigMap. ```shell kubectl get configmaps special-config -o yaml @@ -414,10 +438,11 @@ secret.code.lives=30 Events: ``` -Note that the generated ConfigMap name has a suffix appended by hashing the contents. This ensures that a -new ConfigMap is generated each time the content is modified. +Note that the generated ConfigMap name has a suffix appended by hashing the contents. This +ensures that a new ConfigMap is generated each time the content is modified. #### Define the key to use when generating a ConfigMap from a file + You can define a key other than the file name to use in the ConfigMap generator. For example, to generate a ConfigMap from files `configure-pod-container/configmap/game.properties` with the key `game-special-key` @@ -439,6 +464,7 @@ configmap/game-config-5-m67dt67794 created ``` #### Generate ConfigMaps from Literals + To generate a ConfigMap from literals `special.type=charm` and `special.how=very`, you can specify the ConfigMap generator in `kustomization.yaml` as ```shell @@ -515,7 +541,8 @@ configmap/special-config-2-c92b5mmcf2 created kubectl create -f https://kubernetes.io/examples/configmap/configmap-multikeys.yaml ``` -* Use `envFrom` to define all of the ConfigMap's data as container environment variables. The key from the ConfigMap becomes the environment variable name in the Pod. +* Use `envFrom` to define all of the ConfigMap's data as container environment variables. The + key from the ConfigMap becomes the environment variable name in the Pod. {{< codenew file="pods/pod-configmap-envFrom.yaml" >}} @@ -530,7 +557,8 @@ configmap/special-config-2-c92b5mmcf2 created ## Use ConfigMap-defined environment variables in Pod commands -You can use ConfigMap-defined environment variables in the `command` and `args` of a container using the `$(VAR_NAME)` Kubernetes substitution syntax. +You can use ConfigMap-defined environment variables in the `command` and `args` of a container +using the `$(VAR_NAME)` Kubernetes substitution syntax. For example, the following Pod specification @@ -550,7 +578,9 @@ very charm ## Add ConfigMap data to a Volume -As explained in [Create ConfigMaps from files](#create-configmaps-from-files), when you create a ConfigMap using ``--from-file``, the filename becomes a key stored in the `data` section of the ConfigMap. The file contents become the key's value. +As explained in [Create ConfigMaps from files](#create-configmaps-from-files), when you create +a ConfigMap using ``--from-file``, the filename becomes a key stored in the `data` section of +the ConfigMap. The file contents become the key's value. The examples in this section refer to a ConfigMap named special-config, shown below. @@ -565,8 +595,9 @@ kubectl create -f https://kubernetes.io/examples/configmap/configmap-multikeys.y ### Populate a Volume with data stored in a ConfigMap Add the ConfigMap name under the `volumes` section of the Pod specification. -This adds the ConfigMap data to the directory specified as `volumeMounts.mountPath` (in this case, `/etc/config`). -The `command` section lists directory files with names that match the keys in ConfigMap. +This adds the ConfigMap data to the directory specified as `volumeMounts.mountPath` (in this +case, `/etc/config`). The `command` section lists directory files with names that match the +keys in ConfigMap. {{< codenew file="pods/pod-configmap-volume.yaml" >}} @@ -588,7 +619,8 @@ If there are some files in the `/etc/config/` directory, they will be deleted. {{< /caution >}} {{< note >}} -Text data is exposed as files using the UTF-8 character encoding. To use some other character encoding, use binaryData. +Text data is exposed as files using the UTF-8 character encoding. To use some other character +encoding, use binaryData. {{< /note >}} ### Add ConfigMap data to a specific path in the Volume @@ -617,7 +649,8 @@ Like before, all previous files in the `/etc/config/` directory will be deleted. ### Project keys to specific paths and file permissions You can project keys to specific paths and specific permissions on a per-file -basis. The [Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) user guide explains the syntax. +basis. The [Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) +user guide explains the syntax. @@ -625,13 +658,22 @@ basis. The [Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files ## Understanding ConfigMaps and Pods -The ConfigMap API resource stores configuration data as key-value pairs. The data can be consumed in pods or provide the configurations for system components such as controllers. ConfigMap is similar to [Secrets](/docs/concepts/configuration/secret/), but provides a means of working with strings that don't contain sensitive information. Users and system components alike can store configuration data in ConfigMap. +The ConfigMap API resource stores configuration data as key-value pairs. The data can be consumed +in pods or provide the configurations for system components such as controllers. ConfigMap is +similar to [Secrets](/docs/concepts/configuration/secret/), but provides a means of working +with strings that don't contain sensitive information. Users and system components alike can +store configuration data in ConfigMap. {{< note >}} -ConfigMaps should reference properties files, not replace them. Think of the ConfigMap as representing something similar to the Linux `/etc` directory and its contents. For example, if you create a [Kubernetes Volume](/docs/concepts/storage/volumes/) from a ConfigMap, each data item in the ConfigMap is represented by an individual file in the volume. +ConfigMaps should reference properties files, not replace them. Think of the ConfigMap as +representing something similar to the Linux `/etc` directory and its contents. For example, +if you create a [Kubernetes Volume](/docs/concepts/storage/volumes/) from a ConfigMap, each +data item in the ConfigMap is represented by an individual file in the volume. {{< /note >}} -The ConfigMap's `data` field contains the configuration data. As shown in the example below, this can be simple -- like individual properties defined using `--from-literal` -- or complex -- like configuration files or JSON blobs defined using `--from-file`. +The ConfigMap's `data` field contains the configuration data. As shown in the example below, +this can be simple -- like individual properties defined using `--from-literal` -- or complex -- +like configuration files or JSON blobs defined using `--from-file`. ```yaml apiVersion: v1 @@ -653,9 +695,17 @@ data: ### Restrictions -- You must create the `ConfigMap` object before you reference it in a Pod specification. Alternatively, mark the ConfigMap reference as `optional` in the Pod spec (see [Optional ConfigMaps](#optional-configmaps)). If you reference a ConfigMap that doesn't exist and you don't mark the reference as `optional`, the Pod won't start. Similarly, references to keys that don't exist in the ConfigMap will also prevent the Pod from starting, unless you mark the key references as `optional`. +- You must create the `ConfigMap` object before you reference it in a Pod + specification. Alternatively, mark the ConfigMap reference as `optional` in the Pod spec (see + [Optional ConfigMaps](#optional-configmaps)). If you reference a ConfigMap that doesn't exist + and you don't mark the reference as `optional`, the Pod won't start. Similarly, references + to keys that don't exist in the ConfigMap will also prevent the Pod from starting, unless + you mark the key references as `optional`. -- If you use `envFrom` to define environment variables from ConfigMaps, keys that are considered invalid will be skipped. The pod will be allowed to start, but the invalid names will be recorded in the event log (`InvalidVariableNames`). The log message lists each skipped key. For example: +- If you use `envFrom` to define environment variables from ConfigMaps, keys that are considered + invalid will be skipped. The pod will be allowed to start, but the invalid names will be + recorded in the event log (`InvalidVariableNames`). The log message lists each skipped + key. For example: ```shell kubectl get events @@ -674,10 +724,12 @@ data: ### Optional ConfigMaps You can mark a reference to a ConfigMap as _optional_ in a Pod specification. -If the ConfigMap doesn't exist, the configuration for which it provides data in the Pod (e.g. environment variable, mounted volume) will be empty. +If the ConfigMap doesn't exist, the configuration for which it provides data in the Pod +(e.g. environment variable, mounted volume) will be empty. If the ConfigMap exists, but the referenced key is non-existent the data is also empty. -For example, the following Pod specification marks an environment variable from a ConfigMap as optional: +For example, the following Pod specification marks an environment variable from a ConfigMap +as optional: ```yaml apiVersion: v1 @@ -704,8 +756,9 @@ If you run this pod, and there is a ConfigMap named `a-config` but that ConfigMa a key named `akey`, the output is also empty. If you do set a value for `akey` in the `a-config` ConfigMap, this pod prints that value and then terminates. -You can also mark the volumes and files provided by a ConfigMap as optional. Kubernetes always creates the mount paths for the volume, even if the referenced ConfigMap or key doesn't exist. For example, the following -Pod specification marks a volume that references a ConfigMap as optional: +You can also mark the volumes and files provided by a ConfigMap as optional. Kubernetes always +creates the mount paths for the volume, even if the referenced ConfigMap or key doesn't exist. For +example, the following Pod specification marks a volume that references a ConfigMap as optional: ```yaml apiVersion: v1 @@ -730,12 +783,15 @@ spec: ### Mounted ConfigMaps are updated automatically -When a mounted ConfigMap is updated, the projected content is eventually updated too. This applies in the case where an optionally referenced ConfigMap comes into -existence after a pod has started. +When a mounted ConfigMap is updated, the projected content is eventually updated too. +This applies in the case where an optionally referenced ConfigMap comes into existence after +a pod has started. -The kubelet checks whether the mounted ConfigMap is fresh on every periodic sync. However, it uses its local TTL-based cache for getting the current value of the -ConfigMap. As a result, the total delay from the moment when the ConfigMap is updated to the moment when new keys are projected to the pod can be as long as -kubelet sync period (1 minute by default) + TTL of ConfigMaps cache (1 minute by default) in kubelet. +The kubelet checks whether the mounted ConfigMap is fresh on every periodic sync. However, it +uses its local TTL-based cache for getting the current value of the ConfigMap. As a result, +the total delay from the moment when the ConfigMap is updated to the moment when new keys +are projected to the pod can be as long as kubelet sync period (1 minute by default) + TTL of +ConfigMaps cache (1 minute by default) in kubelet. {{< note >}} A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) volume will not receive ConfigMap updates. @@ -743,4 +799,5 @@ A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#usi ## {{% heading "whatsnext" %}} -* Follow a real world example of [Configuring Redis using a ConfigMap](/docs/tutorials/configuration/configure-redis-using-configmap/). +* Follow a real world example of + [Configuring Redis using a ConfigMap](/docs/tutorials/configuration/configure-redis-using-configmap/). From 67aa5670b5b2ce646749895e570fef846fbdb7b0 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 6 Aug 2022 16:04:20 +0100 Subject: [PATCH 139/537] Revise Pod / ConfigMap task Co-authored-by: divya-mohan0209 --- .../configure-pod-configmap.md | 240 +++++++++++------- 1 file changed, 152 insertions(+), 88 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index cd7e1c09db778..f0c0ac149b827 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -8,21 +8,25 @@ card: --- -Many applications rely on configuration which is used during either application initialization -or runtime. Most of the times there is a requirement to adjust values assigned to configuration -parameters. -ConfigMaps are the Kubernetes way to inject application pods with configuration -data. ConfigMaps allow you to decouple configuration artifacts from image content to keep -containerized applications portable. This page provides a series of usage examples demonstrating -how to create ConfigMaps and configure Pods using data stored in ConfigMaps. +Many applications rely on configuration which is used during either application initialization or runtime. +Most times, there is a requirement to adjust values assigned to configuration parameters. +ConfigMaps are a Kubernetes mechanism that let you inject configuration data into application +{{< glossary_tooltip text="pods" term_id="pod" >}}. +The ConfigMap concept allow you to decouple configuration artifacts from image content to +keep containerized applications portable. For example, you can download and run the same +{{< glossary_tooltip text="container image" term_id="image" >}} to spin up containers for the purposes of local development, system test, or running a live end-user workload. -## {{% heading "prerequisites" %}} - +This page provides a series of usage examples demonstrating how to create ConfigMaps and +configure Pods using data stored in ConfigMaps. -{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} +## {{% heading "prerequisites" %}} +{{< include "task-tutorial-prereqs.md" >}} +You need to have the `wget` tool installed. If you have a different tool +such as `curl`, and you do not have `wget`, you will need to adapt the +step that downloads example data. @@ -30,9 +34,9 @@ how to create ConfigMaps and configure Pods using data stored in ConfigMaps. ## Create a ConfigMap You can use either `kubectl create configmap` or a ConfigMap generator in `kustomization.yaml` -to create a ConfigMap. Note that `kubectl` starts to support `kustomization.yaml` since 1.14. +to create a ConfigMap. -### Create a ConfigMap Using kubectl create configmap +### Create a ConfigMap using `kubectl create configmap` Use the `kubectl create configmap` command to create ConfigMaps from [directories](#create-configmaps-from-directories), [files](#create-configmaps-from-files), @@ -54,25 +58,28 @@ You can use [`kubectl describe`](/docs/reference/generated/kubectl/kubectl-comma [`kubectl get`](/docs/reference/generated/kubectl/kubectl-commands/#get) to retrieve information about a ConfigMap. -#### Create ConfigMaps from directories +#### Create a ConfigMap from a directory {#create-configmaps-from-directories} You can use `kubectl create configmap` to create a ConfigMap from multiple files in the same directory. When you are creating a ConfigMap based on a directory, kubectl identifies files -whose basename is a valid key in the directory and packages each of those files into the -new ConfigMap. Any directory entries except regular files are ignored (e.g. subdirectories, -symlinks, devices, pipes, etc). +whose basename is a valid key in the directory and packages each of those files into the new +ConfigMap. Any directory entries except regular files are ignored (for example: subdirectories, +symlinks, devices, pipes, and more). -For example: +Create the local directory: ```shell -# Create the local directory mkdir -p configure-pod-container/configmap/ +``` + +Now, download the sample configuration and create the ConfigMap: +```shell # Download the sample files into `configure-pod-container/configmap/` directory wget https://kubernetes.io/examples/configmap/game.properties -O configure-pod-container/configmap/game.properties wget https://kubernetes.io/examples/configmap/ui.properties -O configure-pod-container/configmap/ui.properties -# Create the configmap +# Create the ConfigMap kubectl create configmap game-config --from-file=configure-pod-container/configmap/ ``` @@ -122,7 +129,7 @@ The output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2016-02-18T18:52:05Z + creationTimestamp: 2022-02-18T18:52:05Z name: game-config namespace: default resourceVersion: "516" @@ -221,11 +228,6 @@ allow.textmode=true how.nice.to.look=fairlyNice ``` -When `kubectl` creates a ConfigMap from inputs that are not ASCII or UTF-8, the tool puts these -into the `binaryData` field of the ConfigMap, and not in `data`. Both text and binary data -sources can be combined in one ConfigMap. If you want to view the `binaryData` keys (and their -values) in a ConfigMap, you can run `kubectl get configmap -o jsonpath='{.binaryData}' `. - Use the option `--from-env-file` to create a ConfigMap from an env-file, for example: ```shell @@ -254,18 +256,18 @@ kubectl create configmap game-config-env-file \ --from-env-file=configure-pod-container/configmap/game-env-file.properties ``` -would produce the following ConfigMap: +would produce a ConfigMap. View the ConfigMap: ```shell kubectl get configmap game-config-env-file -o yaml ``` -where the output is similar to this: +the output is similar to: ```yaml apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2017-12-27T18:36:28Z + creationTimestamp: 2019-12-27T18:36:28Z name: game-config-env-file namespace: default resourceVersion: "809965" @@ -296,7 +298,7 @@ where the output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2017-12-27T18:38:34Z + creationTimestamp: 2019-12-27T18:38:34Z name: config-multi-env-files namespace: default resourceVersion: "810136" @@ -338,7 +340,7 @@ where the output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2016-02-18T18:54:22Z + creationTimestamp: 2022-02-18T18:54:22Z name: game-config-3 namespace: default resourceVersion: "530" @@ -375,7 +377,7 @@ The output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2016-02-18T19:14:38Z + creationTimestamp: 2022-02-18T19:14:38Z name: special-config namespace: default resourceVersion: "651" @@ -385,14 +387,17 @@ data: special.type: charm ``` + ### Create a ConfigMap from generator -`kubectl` supports `kustomization.yaml` since 1.14. -You can also create a ConfigMap from generators and then apply it to create the object on -the Apiserver. The generators -should be specified in a `kustomization.yaml` inside a directory. + +You can also create a ConfigMap from generators and then apply it to create the object +in the cluster's API server. +You should specify the generators in a `kustomization.yaml` file within a directory. #### Generate ConfigMaps from files + For example, to generate a ConfigMap from files `configure-pod-container/configmap/game.properties` + ```shell # Create a kustomization.yaml file with ConfigMapGenerator cat <./kustomization.yaml @@ -403,9 +408,12 @@ configMapGenerator: EOF ``` -Apply the kustomization directory to create the ConfigMap object. +Apply the kustomization directory to create the ConfigMap object: + ```shell kubectl apply -k . +``` +``` configmap/game-config-4-m9dm2f92bt created ``` @@ -413,11 +421,18 @@ You can check that the ConfigMap was created like this: ```shell kubectl get configmap +``` +``` NAME DATA AGE game-config-4-m9dm2f92bt 1 37s +``` +and also: +```shell kubectl describe configmaps/game-config-4-m9dm2f92bt +``` +``` Name: game-config-4-m9dm2f92bt Namespace: default Labels: @@ -438,7 +453,7 @@ secret.code.lives=30 Events: ``` -Note that the generated ConfigMap name has a suffix appended by hashing the contents. This +Notice that the generated ConfigMap name has a suffix appended by hashing the contents. This ensures that a new ConfigMap is generated each time the content is modified. #### Define the key to use when generating a ConfigMap from a file @@ -460,29 +475,42 @@ EOF Apply the kustomization directory to create the ConfigMap object. ```shell kubectl apply -k . +``` +``` configmap/game-config-5-m67dt67794 created ``` -#### Generate ConfigMaps from Literals +#### Generate ConfigMaps from literals -To generate a ConfigMap from literals `special.type=charm` and `special.how=very`, -you can specify the ConfigMap generator in `kustomization.yaml` as -```shell -# Create a kustomization.yaml file with ConfigMapGenerator -cat <./kustomization.yaml +This example shows you how to create a `ConfigMap` from two literal key/value pairs: +`special.type=charm` and `special.how=very`, using Kustomize and kubectl. To achieve +this, you can specify the `ConfigMap` generator. Create (or replace) +`kustomization.yaml` so that it has the following contents: + +```yaml +--- +# kustomization.yaml contents for creating a ConfigMap from literals configMapGenerator: - name: special-config-2 literals: - special.how=very - special.type=charm -EOF ``` -Apply the kustomization directory to create the ConfigMap object. + +Apply the kustomization directory to create the ConfigMap object: ```shell kubectl apply -k . +``` +``` configmap/special-config-2-c92b5mmcf2 created ``` + +Now that you have learned to define ConfigMaps, you can move on to the next +section, and learn how to use these objects with Pods. + +--- + ## Define container environment variables using ConfigMap data ### Define a container environment variable with data from a single ConfigMap @@ -507,11 +535,12 @@ configmap/special-config-2-c92b5mmcf2 created ### Define container environment variables with data from multiple ConfigMaps -* As with the previous example, create the ConfigMaps first. +As with the previous example, create the ConfigMaps first. +Here is the manifest you will use: - {{< codenew file="configmap/configmaps.yaml" >}} +{{< codenew file="configmap/configmaps.yaml" >}} - Create the ConfigMap: +* Create the ConfigMap: ```shell kubectl create -f https://kubernetes.io/examples/configmap/configmaps.yaml @@ -551,26 +580,26 @@ configmap/special-config-2-c92b5mmcf2 created ```shell kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-envFrom.yaml ``` - - Now, the Pod's output includes environment variables `SPECIAL_LEVEL=very` and `SPECIAL_TYPE=charm`. - + Now, the Pod's output includes environment variables `SPECIAL_LEVEL=very` and + `SPECIAL_TYPE=charm`. ## Use ConfigMap-defined environment variables in Pod commands You can use ConfigMap-defined environment variables in the `command` and `args` of a container using the `$(VAR_NAME)` Kubernetes substitution syntax. -For example, the following Pod specification +For example, the following Pod manifest: {{< codenew file="pods/pod-configmap-env-var-valueFrom.yaml" >}} -created by running +Create that Pod, by running: + ```shell kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-env-var-valueFrom.yaml ``` -produces the following output in the `test-container` container: +That pod produces the following output from the `test-container` container: ``` very charm @@ -582,7 +611,7 @@ As explained in [Create ConfigMaps from files](#create-configmaps-from-files), w a ConfigMap using ``--from-file``, the filename becomes a key stored in the `data` section of the ConfigMap. The file contents become the key's value. -The examples in this section refer to a ConfigMap named special-config, shown below. +The examples in this section refer to a ConfigMap named `special-config`: {{< codenew file="configmap/configmap-multikeys.yaml" >}} @@ -614,13 +643,12 @@ SPECIAL_LEVEL SPECIAL_TYPE ``` -{{< caution >}} -If there are some files in the `/etc/config/` directory, they will be deleted. -{{< /caution >}} +Text data is exposed as files using the UTF-8 character encoding. To use some other +character encoding, use `binaryData` (see [ConfigMap object](/docs/concepts/configuration/configmap/#configmap-object) for more details). {{< note >}} -Text data is exposed as files using the UTF-8 character encoding. To use some other character -encoding, use binaryData. +If there are any files in the `/etc/config` directory of that container image, the volume +mount will make those files from the image inaccessible. {{< /note >}} ### Add ConfigMap data to a specific path in the Volume @@ -649,10 +677,33 @@ Like before, all previous files in the `/etc/config/` directory will be deleted. ### Project keys to specific paths and file permissions You can project keys to specific paths and specific permissions on a per-file -basis. The [Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) -user guide explains the syntax. +basis. The +[Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) +guide explains the syntax. + +### Optional references + +A ConfigMap reference may be marked _optional_. If the ConfigMap is non-existent, the mounted +volume will be empty. If the ConfigMap exists, but the referenced key is non-existent the path +will be absent beneath the mount point. See [Optional ConfigMaps](#optional-configmaps) for more +details. +### Mounted ConfigMaps are updated automatically + +When a mounted ConfigMap is updated, the projected content is eventually updated too. +This applies in the case where an optionally referenced ConfigMap comes into +existence after a pod has started. +Kubelet checks whether the mounted ConfigMap is fresh on every periodic sync. However, +it uses its local TTL-based cache for getting the current value of the ConfigMap. As a +result, the total delay from the moment when the ConfigMap is updated to the moment +when new keys are projected to the pod can be as long as kubelet sync period (1 +minute by default) + TTL of ConfigMaps cache (1 minute by default) in kubelet. You +can trigger an immediate refresh by updating one of the pod's annotations. + +{{< note >}} +A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) volume will not receive ConfigMap updates. +{{< /note >}} @@ -693,35 +744,16 @@ data: property.3=value-3 ``` -### Restrictions - -- You must create the `ConfigMap` object before you reference it in a Pod - specification. Alternatively, mark the ConfigMap reference as `optional` in the Pod spec (see - [Optional ConfigMaps](#optional-configmaps)). If you reference a ConfigMap that doesn't exist - and you don't mark the reference as `optional`, the Pod won't start. Similarly, references - to keys that don't exist in the ConfigMap will also prevent the Pod from starting, unless - you mark the key references as `optional`. - -- If you use `envFrom` to define environment variables from ConfigMaps, keys that are considered - invalid will be skipped. The pod will be allowed to start, but the invalid names will be - recorded in the event log (`InvalidVariableNames`). The log message lists each skipped - key. For example: - - ```shell - kubectl get events - ``` - - The output is similar to this: - ``` - LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE - 0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames {kubelet, 127.0.0.1} Keys [1badkey, 2alsobad] from the EnvFrom configMap default/myconfig were skipped since they are considered invalid environment variable names. - ``` +When `kubectl` creates a ConfigMap from inputs that are not ASCII or UTF-8, the tool puts +these into the `binaryData` field of the ConfigMap, and not in `data`. Both text and binary +data sources can be combined in one ConfigMap. -- ConfigMaps reside in a specific {{< glossary_tooltip term_id="namespace" >}}. A ConfigMap can only be referenced by pods residing in the same namespace. +If you want to view the `binaryData` keys (and their values) in a ConfigMap, you can run +`kubectl get configmap -o jsonpath='{.binaryData}' `. -- You can't use ConfigMaps for {{< glossary_tooltip text="static pods" term_id="static-pod" >}}, because the Kubelet does not support this. +Pods can load data from a ConfigMap that uses either `data` or `binaryData`. -### Optional ConfigMaps +## Optional ConfigMaps You can mark a reference to a ConfigMap as _optional_ in a Pod specification. If the ConfigMap doesn't exist, the configuration for which it provides data in the Pod @@ -797,6 +829,38 @@ ConfigMaps cache (1 minute by default) in kubelet. A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) volume will not receive ConfigMap updates. {{< /note >}} +## Restrictions + +- You must create the `ConfigMap` object before you reference it in a Pod + specification. Alternatively, mark the ConfigMap reference as `optional` in the Pod spec (see + [Optional ConfigMaps](#optional-configmaps)). If you reference a ConfigMap that doesn't exist + and you don't mark the reference as `optional`, the Pod won't start. Similarly, references + to keys that don't exist in the ConfigMap will also prevent the Pod from starting, unless + you mark the key references as `optional`. + +- If you use `envFrom` to define environment variables from ConfigMaps, keys that are considered + invalid will be skipped. The pod will be allowed to start, but the invalid names will be + recorded in the event log (`InvalidVariableNames`). The log message lists each skipped + key. For example: + + ```shell + kubectl get events + ``` + + The output is similar to this: + ``` + LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE + 0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames {kubelet, 127.0.0.1} Keys [1badkey, 2alsobad] from the EnvFrom configMap default/myconfig were skipped since they are considered invalid environment variable names. + ``` + +- ConfigMaps reside in a specific {{< glossary_tooltip term_id="namespace" >}}. + Pods can only refer to ConfigMaps that are in the same namespace as the Pod. + +- You can't use ConfigMaps for + {{< glossary_tooltip text="static pods" term_id="static-pod" >}}, because the + kubelet does not support this. + + ## {{% heading "whatsnext" %}} * Follow a real world example of From 743df5fffb6d978bede021f913fcdfe8bd283956 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 24 Nov 2022 17:42:18 +0000 Subject: [PATCH 140/537] Add cleanup steps --- .../configure-pod-configmap.md | 59 ++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index f0c0ac149b827..2c48de9751abd 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -403,6 +403,8 @@ For example, to generate a ConfigMap from files `configure-pod-container/configm cat <./kustomization.yaml configMapGenerator: - name: game-config-4 + labels: + game-config: config-4 files: - configure-pod-container/configmap/game.properties EOF @@ -435,7 +437,7 @@ kubectl describe configmaps/game-config-4-m9dm2f92bt ``` Name: game-config-4-m9dm2f92bt Namespace: default -Labels: +Labels: game-config=config-4 Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","data":{"game.properties":"enemies=aliens\nlives=3\nenemies.cheat=true\nenemies.cheat.level=noGoodRotten\nsecret.code.p... @@ -467,6 +469,8 @@ with the key `game-special-key` cat <./kustomization.yaml configMapGenerator: - name: game-config-5 + labels: + game-config: config-5 files: - game-special-key=configure-pod-container/configmap/game.properties EOF @@ -505,6 +509,15 @@ kubectl apply -k . configmap/special-config-2-c92b5mmcf2 created ``` +## Interim cleanup + +Before proceeding, clean up some of the ConfigMaps you made: + +```bash +kubectl delete configmap special-config +kubectl delete configmap env-config +kubectl delete configmap -l 'game-config in (config-4,config-5)’ +``` Now that you have learned to define ConfigMaps, you can move on to the next section, and learn how to use these objects with Pods. @@ -558,6 +571,11 @@ Here is the manifest you will use: Now, the Pod's output includes environment variables `SPECIAL_LEVEL_KEY=very` and `LOG_LEVEL=INFO`. + Once you're happy to move on, delete that Pod: + ```shell + kubectl delete pod dapi-test-pod --now + ``` + ## Configure all key-value pairs in a ConfigMap as container environment variables * Create a ConfigMap containing multiple key-value pairs. @@ -570,6 +588,7 @@ Here is the manifest you will use: kubectl create -f https://kubernetes.io/examples/configmap/configmap-multikeys.yaml ``` + * Use `envFrom` to define all of the ConfigMap's data as container environment variables. The key from the ConfigMap becomes the environment variable name in the Pod. @@ -583,6 +602,11 @@ Here is the manifest you will use: Now, the Pod's output includes environment variables `SPECIAL_LEVEL=very` and `SPECIAL_TYPE=charm`. + Once you're happy to move on, delete that Pod: + ```shell + kubectl delete pod dapi-test-pod --now + ``` + ## Use ConfigMap-defined environment variables in Pod commands You can use ConfigMap-defined environment variables in the `command` and `args` of a container @@ -605,6 +629,11 @@ That pod produces the following output from the `test-container` container: very charm ``` +Once you're happy to move on, delete that Pod: +```shell +kubectl delete pod dapi-test-pod --now +``` + ## Add ConfigMap data to a Volume As explained in [Create ConfigMaps from files](#create-configmaps-from-files), when you create @@ -651,6 +680,11 @@ If there are any files in the `/etc/config` directory of that container image, t mount will make those files from the image inaccessible. {{< /note >}} +Once you're happy to move on, delete that Pod: +```shell +kubectl delete pod dapi-test-pod --now +``` + ### Add ConfigMap data to a specific path in the Volume Use the `path` field to specify the desired file path for specific ConfigMap items. @@ -674,6 +708,12 @@ very Like before, all previous files in the `/etc/config/` directory will be deleted. {{< /caution >}} +Delete that Pod: +```shell +kubectl delete pod dapi-test-pod --now +``` + + ### Project keys to specific paths and file permissions You can project keys to specific paths and specific permissions on a per-file @@ -860,6 +900,23 @@ A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#usi {{< glossary_tooltip text="static pods" term_id="static-pod" >}}, because the kubelet does not support this. +## {{% heading "cleanup" %}} + +Delete the ConfigMaps and Pods that you made: + +```bash +kubectl delete configmaps/game-config configmaps/game-config-2 configmaps/game-config-3 \ + configmaps/game-config-env-file +kubectl delete pod dapi-test-pod --now + +# You might already have removed the next set +kubectl delete configmaps/special-config configmaps/env-config +kubectl delete configmap -l 'game-config in (config-4,config-5)’ +``` + +If you created a directory `configure-pod-container` and no longer need it, you should remove that too, +or move it into the trash can / deleted files location. + ## {{% heading "whatsnext" %}} From 39b9fcdece59179b5aed5bd179c228f7f0a6d791 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 24 Nov 2022 17:48:32 +0000 Subject: [PATCH 141/537] Improve page style --- .../configure-pod-container/configure-pod-configmap.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index 2c48de9751abd..223b86aa87377 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -724,7 +724,7 @@ guide explains the syntax. ### Optional references A ConfigMap reference may be marked _optional_. If the ConfigMap is non-existent, the mounted -volume will be empty. If the ConfigMap exists, but the referenced key is non-existent the path +volume will be empty. If the ConfigMap exists, but the referenced key is non-existent, the path will be absent beneath the mount point. See [Optional ConfigMaps](#optional-configmaps) for more details. @@ -763,8 +763,8 @@ data item in the ConfigMap is represented by an individual file in the volume. {{< /note >}} The ConfigMap's `data` field contains the configuration data. As shown in the example below, -this can be simple -- like individual properties defined using `--from-literal` -- or complex -- -like configuration files or JSON blobs defined using `--from-file`. +this can be simple (like individual properties defined using `--from-literal`) or complex +(like configuration files or JSON blobs defined using `--from-file`). ```yaml apiVersion: v1 @@ -797,7 +797,7 @@ Pods can load data from a ConfigMap that uses either `data` or `binaryData`. You can mark a reference to a ConfigMap as _optional_ in a Pod specification. If the ConfigMap doesn't exist, the configuration for which it provides data in the Pod -(e.g. environment variable, mounted volume) will be empty. +(for example: environment variable, mounted volume) will be empty. If the ConfigMap exists, but the referenced key is non-existent the data is also empty. For example, the following Pod specification marks an environment variable from a ConfigMap From 0e3e953236b54c57fb364facda9d3353128a8b0a Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 9 Feb 2023 14:46:43 +0000 Subject: [PATCH 142/537] Add note about valid characters for kubectl create from directory --- .../configure-pod-configmap.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index 223b86aa87377..f07d2cde87fdd 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -62,10 +62,19 @@ about a ConfigMap. You can use `kubectl create configmap` to create a ConfigMap from multiple files in the same directory. When you are creating a ConfigMap based on a directory, kubectl identifies files -whose basename is a valid key in the directory and packages each of those files into the new +whose filename is a valid key in the directory and packages each of those files into the new ConfigMap. Any directory entries except regular files are ignored (for example: subdirectories, symlinks, devices, pipes, and more). + +{{< note >}} +Each filename being used for ConfigMap creation must consist of only acceptable characters, which are: letters (`A` to `Z` and `a` to z`), digits (`0` to `9`), '-', '_', or '.'. +If you use `kubectl create configmap` with a directory where any of the file names contains an unacceptable character, the `kubectl` command may fail. + +The `kubectl` command does not print an error when it encounters an invalid filename. +{{< /note >}} + + Create the local directory: ```shell From b6b970e067b0ebe7004ca08d9ffff2b9c7592a51 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 20 Feb 2023 21:15:49 +0800 Subject: [PATCH 143/537] [zh] sync resource-usage-monitoring.md --- .../resource-usage-monitoring.md | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md b/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md index f79fb0304e03e..ac7dd77a2a0b0 100644 --- a/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md +++ b/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md @@ -98,7 +98,7 @@ respond to these metrics by automatically scaling or adapting the cluster based on its current state, using mechanisms such as the Horizontal Pod Autoscaler. The monitoring pipeline fetches metrics from the kubelet and then exposes them to Kubernetes via an adapter by implementing either the -`custom.metrics.k8s.io` or `external.metrics.k8s.io` API. +`custom.metrics.k8s.io` or `external.metrics.k8s.io` API. --> ## 完整度量管道 {#full-metrics-pipeline} @@ -109,12 +109,24 @@ Kubernetes 还可以根据集群的当前状态,使用 Pod 水平自动扩缩 方法是实现 `custom.metrics.k8s.io` 或 `external.metrics.k8s.io` API。 -[Prometheus](https://prometheus.io) 是一个 CNCF 项目,可以原生监控 Kubernetes、 -节点和 Prometheus 本身。 -完整度量管道项目不属于 CNCF 的一部分,不在 Kubernetes 文档的范围之内。 +将完整的指标管道集成到 Kubernetes 实现中超出了 Kubernetes +文档的范围,因为可能的解决方案具有非常广泛的范围。 + +监控平台的选择在很大程度上取决于你的需求、预算和技术资源。 +Kubernetes 不推荐任何特定的指标管道; +可使用[许多选项](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars)。 +你的监控系统应能够处理 [OpenMetrics](https://openmetrics.io/) 指标传输标准, +并且需要选择最适合基础设施平台的整体设计和部署。 ## {{% heading "whatsnext" %}} From 9f485e7fa6247067b492e15f955325367a6750f9 Mon Sep 17 00:00:00 2001 From: Kinzhi Date: Tue, 21 Feb 2023 00:48:54 +0800 Subject: [PATCH 144/537] [zh-cn]SYNC generate-ref-docs/_index.md --- content/zh-cn/docs/contribute/generate-ref-docs/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/docs/contribute/generate-ref-docs/_index.md b/content/zh-cn/docs/contribute/generate-ref-docs/_index.md index 87f08c5f6d75a..9a4d18bcbc5ca 100644 --- a/content/zh-cn/docs/contribute/generate-ref-docs/_index.md +++ b/content/zh-cn/docs/contribute/generate-ref-docs/_index.md @@ -1,11 +1,11 @@ --- -title: 参考文档概述 +title: 更新参考文档 main_menu: true weight: 80 --- From 99a793bfbdaa9d8007514f15fe2d31267f0c57e6 Mon Sep 17 00:00:00 2001 From: upodroid Date: Mon, 20 Feb 2023 20:15:33 +0300 Subject: [PATCH 145/537] add announcement banner --- data/announcements/scheduled.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/data/announcements/scheduled.yaml b/data/announcements/scheduled.yaml index b8d0081b79826..ed25c714db0ff 100644 --- a/data/announcements/scheduled.yaml +++ b/data/announcements/scheduled.yaml @@ -130,3 +130,13 @@ announcements: message: | 5 days of incredible opportunities to collaborate, learn + share with the entire community!
    October 24 - 28, 2022. + +- name: Freezing k8s.gcr.io + startTime: 2023-02-21T00:00:00 # Added in https://github.com/kubernetes/website/pull/39575 + # This should run before and after Kubecon EU 2023 + endTime: 2023-04-15T00:00:00 + style: "background: #FF0000" + title: "k8s.gcr.io Image Registry Will Be Frozen From April 2023" + message: | + k8s.gcr.io image registry will be frozen from the 3rd of April 2023.
    + Please read our [announcement](/blog/2023/02/06/k8s-gcr-io-freeze-announcement/) for more details. From 9d1f69b96d09ff7294d53d18d0f4809154757e12 Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Thu, 16 Feb 2023 00:00:13 +0530 Subject: [PATCH 146/537] pt-br persistent-volume.md added --- .../reference/glossary/persistent-volume.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 content/pt-br/docs/reference/glossary/persistent-volume.md diff --git a/content/pt-br/docs/reference/glossary/persistent-volume.md b/content/pt-br/docs/reference/glossary/persistent-volume.md new file mode 100644 index 0000000000000..3ba2dee08e4e5 --- /dev/null +++ b/content/pt-br/docs/reference/glossary/persistent-volume.md @@ -0,0 +1,21 @@ +--- +title: Volume Persistente +id: persistent-volume +date: 2018-04-12 +full_link: /pt-br/docs/concepts/storage/persistent-volumes/ +short_description: > + Um objeto de API que representa uma parte do armazenamento no cluster. Disponível como um recurso conectável geral que persiste além do ciclo de vida de qualquer pod individual. + +aka: +tags: +- core-object +- storage +--- + Um objeto de API que representa uma parte do armazenamento no cluster. Disponível como um recurso conectável geral que persiste além do ciclo de vida de qualquer {{< glossary_tooltip text="Pod" term_id="pod" >}} individual. + + + +PersistentVolumes (PVs) fornecem uma API que abstrai detalhes de como o armazenamento é fornecido de como ele é consumido. +Os PVs são usados ​​diretamente em cenários onde o armazenamento pode ser criado antecipadamente (provisionamento estático). +Para cenários que exigem armazenamento sob demanda (provisionamento dinâmico), PersistentVolumeClaims (PVCs) são usados. + From 774872b43f8a79eb3faf4631b4ca03b81ba9ec5d Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Tue, 21 Feb 2023 00:01:39 +0530 Subject: [PATCH 147/537] updated content/pt-br/docs/reference/glossary/persistent-volume.md --- content/pt-br/docs/reference/glossary/persistent-volume.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/pt-br/docs/reference/glossary/persistent-volume.md b/content/pt-br/docs/reference/glossary/persistent-volume.md index 3ba2dee08e4e5..a5e65a5e4d082 100644 --- a/content/pt-br/docs/reference/glossary/persistent-volume.md +++ b/content/pt-br/docs/reference/glossary/persistent-volume.md @@ -4,18 +4,18 @@ id: persistent-volume date: 2018-04-12 full_link: /pt-br/docs/concepts/storage/persistent-volumes/ short_description: > - Um objeto de API que representa uma parte do armazenamento no cluster. Disponível como um recurso conectável geral que persiste além do ciclo de vida de qualquer pod individual. + Um objeto de API que representa uma parte do armazenamento no cluster. Disponível como um recurso geral e conectável que persiste além do ciclo de vida de qualquer pod individual. aka: tags: - core-object - storage --- - Um objeto de API que representa uma parte do armazenamento no cluster. Disponível como um recurso conectável geral que persiste além do ciclo de vida de qualquer {{< glossary_tooltip text="Pod" term_id="pod" >}} individual. + Um objeto de API que representa uma parte do armazenamento no cluster. Disponível como um recurso geral e conectável que persiste além do ciclo de vida de qualquer {{< glossary_tooltip text="Pod" term_id="pod" >}} individual. -PersistentVolumes (PVs) fornecem uma API que abstrai detalhes de como o armazenamento é fornecido de como ele é consumido. +PersistentVolumes (PVs) fornecem uma API que abstrai detalhes de como o armazenamento é fornecido a partir de como ele é consumido. Os PVs são usados ​​diretamente em cenários onde o armazenamento pode ser criado antecipadamente (provisionamento estático). Para cenários que exigem armazenamento sob demanda (provisionamento dinâmico), PersistentVolumeClaims (PVCs) são usados. From 2a77eefafdec52ec9a7e2eea0dd48ead418ecc1f Mon Sep 17 00:00:00 2001 From: Valters Jansons Date: Mon, 20 Feb 2023 20:09:13 +0000 Subject: [PATCH 148/537] Rename "Enabling Unsafe Sysctls" section Section called "Enabling Unsafe Sysctls" sounds dangerous, when trying to tell someone that `net.ipv4.ip_unprivileged_port_start` is considered a _safe_ sysctl in current Kubernetes versions. The overall explanation of safe and unsafe sysctls should be renamed more generic, and later subsection about how to actually enable unsafes can retain the pre-existing section name. --- content/en/docs/tasks/administer-cluster/sysctl-cluster.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md index a66ca9319b013..390a92ae62635 100644 --- a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md +++ b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md @@ -53,9 +53,9 @@ To get a list of all parameters, you can run sudo sysctl -a ``` -## Enabling Unsafe Sysctls +## Safe and Unsafe Sysctls -Sysctls are grouped into _safe_ and _unsafe_ sysctls. In addition to proper +Kubernetes classes sysctls as either _safe_ or _unsafe_. In addition to proper namespacing, a _safe_ sysctl must be properly _isolated_ between pods on the same node. This means that setting a _safe_ sysctl for one pod @@ -80,6 +80,8 @@ The example `net.ipv4.tcp_syncookies` is not namespaced on Linux kernel version This list will be extended in future Kubernetes versions when the kubelet supports better isolation mechanisms. +### Enabling Unsafe Sysctls + All _safe_ sysctls are enabled by default. All _unsafe_ sysctls are disabled by default and must be allowed manually by the From cbe9d2d3c5d25208a17d6e6c028011653e945ad0 Mon Sep 17 00:00:00 2001 From: Arhell Date: Tue, 21 Feb 2023 02:27:16 +0200 Subject: [PATCH 149/537] [es] improvement: kubectl install on windows verify command --- content/es/docs/tasks/tools/included/install-kubectl-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/es/docs/tasks/tools/included/install-kubectl-windows.md b/content/es/docs/tasks/tools/included/install-kubectl-windows.md index 427d0bcc75fb9..46a43a35ca855 100644 --- a/content/es/docs/tasks/tools/included/install-kubectl-windows.md +++ b/content/es/docs/tasks/tools/included/install-kubectl-windows.md @@ -57,7 +57,7 @@ Existen los siguientes métodos para instalar kubectl en Windows: - Usando PowerShell puede automatizar la verificación usando el operador `-eq` para obtener un resultado de `True` o `False`: ```powershell - $($(CertUtil -hashfile .\kubectl.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl.exe.sha256) + $(Get-FileHash -Algorithm SHA256 .\kubectl.exe).Hash -eq $(Get-Content .\kubectl.exe.sha256)) ``` 1. Agregue el binario a su `PATH`. From a41c3431b1d118f34e947a80ba2b6a6a75d0a93f Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 21 Feb 2023 09:46:03 +0800 Subject: [PATCH 150/537] [zh] sync ingress-minikube.md --- .../ingress-minikube.md | 280 +++++++++++------- 1 file changed, 170 insertions(+), 110 deletions(-) diff --git a/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md b/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md index e220d760f42af..f8daab406ae42 100644 --- a/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md +++ b/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md @@ -14,39 +14,51 @@ min-kubernetes-server-version: 1.19 -[Ingress](/zh-cn/docs/concepts/services-networking/ingress/)是一种 API 对象,其中定义了一些规则使得集群中的 -服务可以从集群外访问。 -[Ingress 控制器](/zh-cn/docs/concepts/services-networking/ingress-controllers/) -负责满足 Ingress 中所设置的规则。 - -本节为你展示如何配置一个简单的 Ingress,根据 HTTP URI 将服务请求路由到 -服务 `web` 或 `web2`。 +[Ingress](/zh-cn/docs/concepts/services-networking/ingress/)是一种 API 对象, +其中定义了一些规则使得集群中的服务可以从集群外访问。 +[Ingress 控制器](/zh-cn/docs/concepts/services-networking/ingress-controllers/)负责满足 +Ingress 中所设置的规则。 +本节为你展示如何配置一个简单的 Ingress,根据 HTTP URI 将服务请求路由到服务 `web` 或 `web2`。 ## {{% heading "prerequisites" %}} - {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} + 如果你使用的是较早的 Kubernetes 版本,请切换到该版本的文档。 -### 创建一个 Minikube 集群 +### 创建一个 Minikube 集群 {#create-minikube-cluster} 使用 Katacoda : {{< kat-button >}} 本地 -: 如果已经在本地[安装Minikube](/zh-cn/docs/tasks/tools/#minikube), -请运行 `minikube start` 创建一个集群。 +: 如果已经在本地[安装 Minikube](/zh-cn/docs/tasks/tools/#minikube), + 请运行 `minikube start` 创建一个集群。 + + 2. 检查验证 NGINX Ingress 控制器处于运行状态: - {{< tabs name="tab_with_md" >}} {{% tab name="minikube v1.19 或更高版本" %}} -```shell -kubectl get pods -n ingress-nginx -``` - - {{< note >}}最多可能需要等待一分钟才能看到这些 Pod 运行正常。{{< /note >}} - + ```shell + kubectl get pods -n ingress-nginx + ``` + + {{< note >}} + + 最多可能需要等待一分钟才能看到这些 Pod 运行正常。 + {{< /note >}} + + 输出类似于: -``` -NAME READY STATUS RESTARTS AGE -ingress-nginx-admission-create-g9g49 0/1 Completed 0 11m -ingress-nginx-admission-patch-rqp78 0/1 Completed 1 11m -ingress-nginx-controller-59b45fb494-26npt 1/1 Running 0 11m -``` + ```none + NAME READY STATUS RESTARTS AGE + ingress-nginx-admission-create-g9g49 0/1 Completed 0 11m + ingress-nginx-admission-patch-rqp78 0/1 Completed 1 11m + ingress-nginx-controller-59b45fb494-26npt 1/1 Running 0 11m + ``` + {{% /tab %}} {{% tab name="minikube v1.18.1 或更早版本" %}} -```shell -kubectl get pods -n kube-system -``` - - {{< note >}}最多可能需要等待一分钟才能看到这些 Pod 运行正常。{{< /note >}} - + ```shell + kubectl get pods -n kube-system + ``` + + {{< note >}} + + 最多可能需要等待一分钟才能看到这些 Pod 运行正常。 + {{< /note >}} + + 输出类似于: -``` -NAME READY STATUS RESTARTS AGE -default-http-backend-59868b7dd6-xb8tq 1/1 Running 0 1m -kube-addon-manager-minikube 1/1 Running 0 3m -kube-dns-6dcb57bcc8-n4xd4 3/3 Running 0 2m -kubernetes-dashboard-5498ccf677-b8p5h 1/1 Running 0 2m -nginx-ingress-controller-5984b97644-rnkrg 1/1 Running 0 1m -storage-provisioner 1/1 Running 0 2m -``` + ```none + NAME READY STATUS RESTARTS AGE + default-http-backend-59868b7dd6-xb8tq 1/1 Running 0 1m + kube-addon-manager-minikube 1/1 Running 0 3m + kube-dns-6dcb57bcc8-n4xd4 3/3 Running 0 2m + kubernetes-dashboard-5498ccf677-b8p5h 1/1 Running 0 2m + nginx-ingress-controller-5984b97644-rnkrg 1/1 Running 0 1m + storage-provisioner 1/1 Running 0 2m + ``` 请确保可以在输出中看到一个名称以 `nginx-ingress-controller-` 为前缀的 Pod。 + {{% /tab %}} {{< /tabs >}} @@ -118,7 +146,7 @@ storage-provisioner 1/1 Running 0 2m 1. Create a Deployment using the following command: --> -## 部署一个 Hello World 应用 +## 部署一个 Hello World 应用 {#deploy-hello-world} 1. 使用下面的命令创建一个 Deployment: @@ -126,10 +154,12 @@ storage-provisioner 1/1 Running 0 2m kubectl create deployment web --image=gcr.io/google-samples/hello-app:1.0 ``` - + 输出: - ``` + ```none deployment.apps/web created ``` @@ -142,10 +172,12 @@ storage-provisioner 1/1 Running 0 2m kubectl expose deployment web --type=NodePort --port=8080 ``` - - 输出: + + 输出类似于: - ``` + ```none service/web exposed ``` @@ -158,10 +190,12 @@ storage-provisioner 1/1 Running 0 2m kubectl get service web ``` - + 输出类似于: - ```shell + ```none NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE web NodePort 10.104.133.249 8080:31637/TCP 12m ``` @@ -175,34 +209,40 @@ storage-provisioner 1/1 Running 0 2m minikube service web --url ``` - + 输出类似于: - ```shell + ```none http://172.17.0.15:31637 ``` + {{< note >}} - {{< note >}} 如果使用的是 Katacoda 环境,在终端面板顶端,请点击加号标志。 然后点击 **Select port to view on Host 1**。 输入节点和端口号(这里是`31637`),之后点击 **Display Port**。 {{< /note >}} - + 输出类似于: - ```shell + ```none Hello, world! Version: 1.0.0 Hostname: web-55b8c6998d-8k564 ``` 你现在应该可以通过 Minikube 的 IP 地址和节点端口来访问示例应用了。 下一步是让自己能够通过 Ingress 资源来访问应用。 @@ -210,14 +250,15 @@ storage-provisioner 1/1 Running 0 2m ## 创建一个 Ingress -下面是一个定义 Ingress 的配置文件,负责通过 `hello-world.info` 将请求 -转发到你的服务。 +下面是一个定义 Ingress 的配置文件,负责通过 `hello-world.info` +将请求转发到你的服务。 1. 根据下面的 YAML 创建文件 `example-ingress.yaml`: @@ -232,10 +273,12 @@ The following manifest defines an Ingress that sends traffic to your Service via kubectl apply -f https://k8s.io/examples/service/networking/example-ingress.yaml ``` - - 输出: + + 输出类似于: - ``` + ```none ingress.networking.k8s.io/example-ingress created ``` @@ -248,15 +291,19 @@ The following manifest defines an Ingress that sends traffic to your Service via kubectl get ingress ``` - {{< note >}} + 此操作可能需要几分钟时间。 {{< /note >}} - - 接下来你将会在ADDRESS列中看到IPv4地址,例如: + + 接下来你将会在 `ADDRESS` 列中看到 IPv4 地址,例如: - ``` + ```none NAME CLASS HOSTS ADDRESS PORTS AGE example-ingress hello-world.info 172.17.0.15 80 38s ``` @@ -267,22 +314,24 @@ The following manifest defines an Ingress that sends traffic to your Service via --> 4. 在 `/etc/hosts` 文件的末尾添加以下内容(需要管理员访问权限): + ```none + 172.17.0.15 hello-world.info + ``` + + {{< note >}} - {{< note >}} 如果你在本地运行 Minikube 环境,需要使用 `minikube ip` 获得外部 IP 地址。 Ingress 列表中显示的 IP 地址会是内部 IP 地址。 {{< /note >}} - ``` - 172.17.0.15 hello-world.info - ``` - 添加完成后,在浏览器中访问URL `hello-world.info`,请求将被发送到 Minikube。 + 添加完成后,在浏览器中访问 URL `hello-world.info`,请求将被发送到 Minikube。 + 你应该看到类似输出: - ``` + ```none Hello, world! Version: 1.0.0 Hostname: web-55b8c6998d-8k564 ``` + {{< note >}} - {{< note >}} 如果你在使用本地 Minikube 环境,你可以从浏览器中访问 hello-world.info。 {{< /note >}} @@ -314,7 +365,7 @@ The following manifest defines an Ingress that sends traffic to your Service via 1. Create another Deployment using the following command: --> -## 创建第二个 Deployment +## 创建第二个 Deployment {#create-second-deployment} 1. 使用下面的命令创建第二个 Deployment: @@ -322,10 +373,12 @@ The following manifest defines an Ingress that sends traffic to your Service via kubectl create deployment web2 --image=gcr.io/google-samples/hello-app:2.0 ``` - - 输出: + + 输出类似于: - ``` + ```none deployment.apps/web2 created ``` @@ -338,10 +391,12 @@ The following manifest defines an Ingress that sends traffic to your Service via kubectl expose deployment web2 --port=8080 --type=NodePort ``` - - 输出: + + 输出类似于: - ``` + ```none service/web2 exposed ``` @@ -355,15 +410,14 @@ The following manifest defines an Ingress that sends traffic to your Service via 1. 编辑现有的 `example-ingress.yaml`,在文件最后添加以下行: - ```yaml - - path: /v2 - pathType: Prefix - backend: - service: - name: web2 - port: - number: 8080 + - path: /v2 + pathType: Prefix + backend: + service: + name: web2 + port: + number: 8080 ``` - 输出: + + 输出类似于: - ``` + ```none ingress.networking/example-ingress configured ``` @@ -387,18 +443,20 @@ The following manifest defines an Ingress that sends traffic to your Service via 1. Access the 1st version of the Hello World app. --> -## 测试你的 Ingress +## 测试你的 Ingress {#test-ingress} -1. 访问 HelloWorld 应用的第一个版本: +1. 访问 Hello World 应用的第一个版本: ```shell curl hello-world.info ``` - + 输出类似于: - ``` + ```none Hello, world! Version: 1.0.0 Hostname: web-55b8c6998d-8k564 @@ -407,27 +465,30 @@ The following manifest defines an Ingress that sends traffic to your Service via -2. 访问 HelloWorld 应用的第二个版本: +2. 访问 Hello World 应用的第二个版本: ```shell curl hello-world.info/v2 ``` - + 输出类似于: - ``` + ```none Hello, world! Version: 2.0.0 Hostname: web2-75cd47646f-t8cjk ``` + {{< note >}} - {{< note >}} 如果你在本地运行 Minikube 环境,你可以使用浏览器来访问 - hello-world.info 和 hello-world.info/v2。 + `hello-world.info` 和 `hello-world.info/v2`。 {{< /note >}} ## {{% heading "whatsnext" %}} @@ -437,7 +498,6 @@ The following manifest defines an Ingress that sends traffic to your Service via * Read more about [Ingress Controllers](/docs/concepts/services-networking/ingress-controllers/) * Read more about [Services](/docs/concepts/services-networking/service/) --> - -* 进一步了解 [Ingress](/zh-cn/docs/concepts/services-networking/ingress/)。 +* 进一步了解 [Ingress](/zh-cn/docs/concepts/services-networking/ingress/) * 进一步了解 [Ingress 控制器](/zh-cn/docs/concepts/services-networking/ingress-controllers/) * 进一步了解 [服务](/zh-cn/docs/concepts/services-networking/service/) From ac611f789da2cef12a1eca11b4e637ae7c8882c7 Mon Sep 17 00:00:00 2001 From: wuyanping Date: Mon, 20 Feb 2023 14:43:57 +0800 Subject: [PATCH 151/537] [zh] Localize docs/concepts/services-networking/cluster-ip-allocation.md Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Qiming Teng Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael Update content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md Co-authored-by: Michael --- .../cluster-ip-allocation.md | 253 ++++++++++++++++++ 1 file changed, 253 insertions(+) create mode 100644 content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md diff --git a/content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md b/content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md new file mode 100644 index 0000000000000..c74bd15249ecf --- /dev/null +++ b/content/zh-cn/docs/concepts/services-networking/cluster-ip-allocation.md @@ -0,0 +1,253 @@ +--- +title: Service ClusterIP 分配 +content_type: concept +weight: 120 +--- + + + + + + +在 Kubernetes 中,[Service](/zh-cn/docs/concepts/services-networking/service/) 是一种抽象的方式, +用于公开在一组 Pod 上运行的应用。 +Service 可以具有集群作用域的虚拟 IP 地址(使用 `type: ClusterIP` 的 Service)。 +客户端可以使用该虚拟 IP 地址进行连接,Kubernetes 通过不同的后台 Pod 对该 Service 的流量进行负载均衡。 + + +## Service ClusterIP 是如何分配的? +当 Kubernetes 需要为 Service 分配虚拟 IP 地址时,该分配会通过以下两种方式之一进行: + +**动态分配** +: 集群的控制面自动从所配置的 IP 范围内为 `type: ClusterIP` 选择一个空闲 IP 地址。 + +**静态分配** +: 根据为 Service 所配置的 IP 范围,选定并设置你的 IP 地址。 + +在整个集群中,每个 Service 的 `ClusterIP` 都必须是唯一的。 +尝试使用已分配的 `ClusterIP` 创建 Service 将返回错误。 + + +## 为什么需要预留 Service 的 ClusterIP ? + +有时你可能希望 Services 在众所周知的 IP 上面运行,以便集群中的其他组件和用户可以使用它们。 + +最好的例子是集群的 DNS Service。作为一种非强制性的约定,一些 Kubernetes 安装程序 +将 Service IP 范围中的第 10 个 IP 地址分配给 DNS 服务。假设将集群的 Service IP 范围配置为 +10.96.0.0/16,并且希望 DNS Service IP 为 10.96.0.10,则必须创建如下 Service: + +```yaml +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: CoreDNS + name: kube-dns + namespace: kube-system +spec: + clusterIP: 10.96.0.10 + ports: + - name: dns + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 + selector: + k8s-app: kube-dns + type: ClusterIP +``` + +但如前所述,IP 地址 10.96.0.10 尚未被保留。如果在 DNS 启动之前或同时采用动态分配机制创建其他 Service, +则它们有可能被分配此 IP,因此,你将无法创建 DNS Service,因为它会因冲突错误而失败。 + + + +## 如何避免 Service ClusterIP 冲突?{#avoid-ClusterIP-conflict} + +Kubernetes 中用來将 ClusterIP 分配给 Service 的分配策略降低了冲突的风险。 + +`ClusterIP` 范围根据公式 `min(max(16, cidrSize / 16), 256)` 进行划分, +描述为不小于 16 且不大于 256,并在二者之间有一个渐进的步长。 + +默认情况下,动态 IP 分配使用地址较高的一段,一旦用完,它将使用较低范围。 +这将允许用户在冲突风险较低的较低地址段上使用静态分配。 + + +## 示例 {#allocation-examples} + + +### 示例 1 {#allocation-example-1} + +此示例使用 IP 地址范围:10.96.0.0/24(CIDR 表示法)作为 Service 的 IP 地址。 + +范围大小:28 - 2 = 254 +带宽偏移量:`min(max(16, 256/16), 256)` = `min(16, 256)` = 16 +静态带宽起始地址:10.96.0.1 +静态带宽结束地址:10.96.0.16 +范围结束地址:10.96.0.254 + +{{< mermaid >}} +pie showData + title 10.96.0.0/24 + "静态分配" : 16 + "动态分配" : 238 +{{< /mermaid >}} + + +### 示例 2 {#allocation-example-2} + +此示例使用 IP 地址范围 10.96.00/20(CIDR 表示法)作为 Service 的 IP 地址。 + + + +范围大小:212 - 2 = 4094 +带宽偏移量:`min(max(16, 4096/16), 256)` = `min(256, 256)` = 256 +静态带宽起始地址:10.96.0.1 +静态带宽结束地址:10.96.1.0 +范围结束地址:10.96.15.254 + +{{< mermaid >}} +pie showData + title 10.96.0.0/20 + "静态分配" : 256 + "动态分配" : 3838 +{{< /mermaid >}} + + +### 示例 3 {#allocation-example-3} + +此示例使用 IP 地址范围 10.96.0.0/16(CIDR 表示法)作为 Service 的 IP 地址。 + + +范围大小:216 - 2 = 65534 +带宽偏移量:`min(max(16, 65536/16), 256)` = `min(4096, 256)` = 256 +静态带宽起始地址:10.96.0.1 +静态带宽结束地址:10.96.1.0 +范围结束地址:10.96.255.254 + +{{< mermaid >}} +pie showData + title 10.96.0.0/16 + "静态分配" : 256 + "动态分配" : 65278 +{{< /mermaid >}} + + +## {{% heading "whatsnext" %}} + +* 阅读[服务外部流量策略](/zh-cn/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) +* 阅读[应用程序与服务连接](/zh-cn/docs/concepts/services-networking/connect-applications-service/) +* 阅读[服务](/zh-cn/docs/concepts/services-networking/service/) + From 981f21e008e663509d776d6a7e45f0d822e6468e Mon Sep 17 00:00:00 2001 From: Joe Bowbeer Date: Mon, 20 Feb 2023 18:34:53 -0800 Subject: [PATCH 152/537] Update coarse-parallel-processing-work-queue.md Update detailed description to match overview. --- .../en/docs/tasks/job/coarse-parallel-processing-work-queue.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md b/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md index 41d64cdba0883..fef005c3bf707 100644 --- a/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md +++ b/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md @@ -21,7 +21,7 @@ Here is an overview of the steps in this example: 1. **Create a queue, and fill it with messages.** Each message represents one task to be done. In this example, a message is an integer that we will do a lengthy computation on. 1. **Start a Job that works on tasks from the queue**. The Job starts several pods. Each pod takes - one task from the message queue, processes it, and repeats until the end of the queue is reached. + one task from the message queue, processes it, and exits. ## {{% heading "prerequisites" %}} From fc933baf22fd59e78262e72fe673f44eedba6997 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 21 Feb 2023 10:52:21 +0800 Subject: [PATCH 153/537] clean up /service-access-application-cluster.md --- .../service-access-application-cluster.md | 47 +++++++++---------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/content/en/docs/tasks/access-application-cluster/service-access-application-cluster.md b/content/en/docs/tasks/access-application-cluster/service-access-application-cluster.md index c0d964bd9cd62..5e1ba07f65255 100644 --- a/content/en/docs/tasks/access-application-cluster/service-access-application-cluster.md +++ b/content/en/docs/tasks/access-application-cluster/service-access-application-cluster.md @@ -10,26 +10,15 @@ This page shows how to create a Kubernetes Service object that external clients can use to access an application running in a cluster. The Service provides load balancing for an application that has two running instances. - - - ## {{% heading "prerequisites" %}} - {{< include "task-tutorial-prereqs.md" >}} - - - ## {{% heading "objectives" %}} - -* Run two instances of a Hello World application. -* Create a Service object that exposes a node port. -* Use the Service object to access the running application. - - - +- Run two instances of a Hello World application. +- Create a Service object that exposes a node port. +- Use the Service object to access the running application. @@ -41,9 +30,11 @@ Here is the configuration file for the application Deployment: 1. Run a Hello World application in your cluster: Create the application Deployment using the file above: + ```shell kubectl apply -f https://k8s.io/examples/service/access/hello-application.yaml ``` + The preceding command creates a {{< glossary_tooltip text="Deployment" term_id="deployment" >}} and an associated @@ -52,30 +43,35 @@ Here is the configuration file for the application Deployment: {{< glossary_tooltip text="Pods" term_id="pod" >}} each of which runs the Hello World application. - 1. Display information about the Deployment: + ```shell kubectl get deployments hello-world kubectl describe deployments hello-world ``` 1. Display information about your ReplicaSet objects: + ```shell kubectl get replicasets kubectl describe replicasets ``` 1. Create a Service object that exposes the deployment: + ```shell kubectl expose deployment hello-world --type=NodePort --name=example-service ``` 1. Display information about the Service: + ```shell kubectl describe services example-service ``` + The output is similar to this: - ```shell + + ```none Name: example-service Namespace: default Labels: run=load-balancer-example @@ -90,19 +86,24 @@ Here is the configuration file for the application Deployment: Session Affinity: None Events: ``` + Make a note of the NodePort value for the service. For example, in the preceding output, the NodePort value is 31496. 1. List the pods that are running the Hello World application: + ```shell kubectl get pods --selector="run=load-balancer-example" --output=wide ``` + The output is similar to this: - ```shell + + ```none NAME READY STATUS ... IP NODE hello-world-2895499144-bsbk5 1/1 Running ... 10.200.1.4 worker1 hello-world-2895499144-m1pwt 1/1 Running ... 10.200.2.5 worker2 ``` + 1. Get the public IP address of one of your nodes that is running a Hello World pod. How you get this address depends on how you set up your cluster. For example, if you are using Minikube, you can @@ -117,13 +118,16 @@ Here is the configuration file for the application Deployment: cloud providers offer different ways of configuring firewall rules. 1. Use the node address and node port to access the Hello World application: + ```shell curl http://: ``` + where `` is the public IP address of your node, and `` is the NodePort value for your service. The response to a successful request is a hello message: - ```shell + + ```none Hello Kubernetes! ``` @@ -133,12 +137,8 @@ As an alternative to using `kubectl expose`, you can use a [service configuration file](/docs/concepts/services-networking/service/) to create a Service. - - - ## {{% heading "cleanup" %}} - To delete the Service, enter this command: kubectl delete services example-service @@ -148,9 +148,6 @@ the Hello World application, enter this command: kubectl delete deployment hello-world - - - ## {{% heading "whatsnext" %}} Follow the From 82585b02f1792149116a74aee0b021c3bb58e8c1 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 21 Feb 2023 12:42:55 +0800 Subject: [PATCH 154/537] [zh] sync sysctl-cluster.md --- .../administer-cluster/sysctl-cluster.md | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md b/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md index eb4a609affb4a..d7bb24f8121d2 100644 --- a/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md +++ b/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md @@ -20,10 +20,10 @@ This document describes how to configure and use kernel parameters within a Kubernetes cluster using the {{< glossary_tooltip term_id="sysctl" >}} interface. --> - 本文档介绍如何通过 {{< glossary_tooltip term_id="sysctl" >}} 接口在 Kubernetes 集群中配置和使用内核参数。 +{{< note >}} -{{< note >}} 从 Kubernetes 1.23 版本开始,kubelet 支持使用 `/` 或 `.` 作为 sysctl 参数的分隔符。 从 Kubernetes 1.25 版本开始,支持为 Pod 设置 sysctl 时使用设置名字带有斜线的 sysctl。 例如,你可以使用点或者斜线作为分隔符表示相同的 sysctl 参数,以点作为分隔符表示为: `kernel.shm_rmid_forced`, @@ -58,7 +57,7 @@ options for the kubelets running on your cluster. -## 获取 Sysctl 的参数列表 +## 获取 Sysctl 的参数列表 {#listing-all-sysctl-parameters} -## 启用非安全的 Sysctl 参数 {#enabling-usafe-sysctls} +## 安全和非安全的 Sysctl 参数 {#safe-and-unsafe-sysctls} -sysctl 参数分为 **安全** 和 **非安全的**。 -**安全** 的 sysctl 参数除了需要设置恰当的命名空间外,在同一节点上的不同 Pod -之间也必须是 **相互隔离的**。这意味着 Pod 上设置 **安全** sysctl 参数: +Kubernetes 将 sysctl 参数分为 **安全** 和 **非安全的**。 +**安全** 的 sysctl 参数除了需要设置恰当的命名空间外,在同一节点上的不同 Pod +之间也必须是 **相互隔离的**。这意味着 Pod 上设置 **安全的** sysctl 参数时: -{{< note >}} 示例中的 `net.ipv4.tcp_syncookies` 在Linux 内核 4.4 或更低的版本中是无命名空间的。 {{< /note >}} @@ -141,8 +140,12 @@ supports better isolation mechanisms. 则上述列表中将会列出更多 **安全的** sysctl 参数。 +### 启用非安全的 Sysctl 参数 {#enabling-unsafe-sysctls} + 所有 **安全的** sysctl 参数都默认启用。 -## 设置 Pod 的 Sysctl 参数 +## 设置 Pod 的 Sysctl 参数 {#setting-sysctls-for-pod} -目前,在 Linux 内核中,有许多的 sysctl 参数都是 **有命名空间的**。 -这就意味着可以为节点上的每个 Pod 分别去设置它们的 sysctl 参数。 +目前,在 Linux 内核中,有许多的 sysctl 参数都是 **有命名空间的**。 +这就意味着可以为节点上的每个 Pod 分别去设置它们的 sysctl 参数。 在 Kubernetes 中,只有那些有命名空间的 sysctl 参数可以通过 Pod 的 securityContext 对其进行配置。 -{{< warning >}} 为了避免破坏操作系统的稳定性,请你在了解变更后果之后再修改 sysctl 参数。 {{< /warning >}} @@ -262,12 +265,12 @@ spec: +{{< warning >}} -{{< warning >}} 由于 **非安全的** sysctl 参数其本身具有不稳定性,在使用 **非安全的** sysctl 参数时可能会导致一些严重问题, 如容器的错误行为、机器资源不足或节点被完全破坏,用户需自行承担风险。 {{< /warning >}} @@ -295,6 +298,3 @@ to schedule those pods onto the right nodes. 建议开启[污点和容忍度特性](/docs/reference/generated/kubectl/kubectl-commands/#taint)或 [为节点配置污点](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)以便将 Pod 调度到正确的节点之上。 - - - From f7ae32e58257dca7c7eb8288e8284de865fb922d Mon Sep 17 00:00:00 2001 From: tianlj <116049443+uos-ljtian@users.noreply.github.com> Date: Tue, 21 Feb 2023 06:08:24 +0000 Subject: [PATCH 155/537] [zh-cn]sync readme.md Sync latest content --- README-zh.md | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/README-zh.md b/README-zh.md index 55b457d980c51..ee45a6aa28570 100644 --- a/README-zh.md +++ b/README-zh.md @@ -60,14 +60,34 @@ cd website - Kubernetes 网站使用的是 [Docsy Hugo 主题](https://github.com/google/docsy#readme)。 即使你打算在容器中运行网站,我们也强烈建议你通过运行以下命令来引入子模块和其他开发依赖项: -```bash -# 引入 Docsy 子模块 + +### Windows +```powershell +# 获取子模块依赖 +git submodule update --init --recursive --depth 1 +``` + + +### Linux / 其它 Unix +```bash +# 获取子模块依赖 +make module-init +``` - -| 容器镜像 | 支持架构 | -| ------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- | -| [registry.k8s.io/kube-apiserver:{{< param "fullversion" >}}][0] | [amd64][0-amd64], [arm][0-arm], [arm64][0-arm64], [ppc64le][0-ppc64le], [s390x][0-s390x] | -| [registry.k8s.io/kube-controller-manager:{{< param "fullversion" >}}][1] | [amd64][1-amd64], [arm][1-arm], [arm64][1-arm64], [ppc64le][1-ppc64le], [s390x][1-s390x] | -| [registry.k8s.io/kube-proxy:{{< param "fullversion" >}}][2] | [amd64][2-amd64], [arm][2-arm], [arm64][2-arm64], [ppc64le][2-ppc64le], [s390x][2-s390x] | -| [registry.k8s.io/kube-scheduler:{{< param "fullversion" >}}][3] | [amd64][3-amd64], [arm][3-arm], [arm64][3-arm64], [ppc64le][3-ppc64le], [s390x][3-s390x] | -| [registry.k8s.io/conformance:{{< param "fullversion" >}}][4] | [amd64][4-amd64], [arm][4-arm], [arm64][4-arm64], [ppc64le][4-ppc64le], [s390x][4-s390x] | - -[0]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver -[0-amd64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64 -[0-arm]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm -[0-arm64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64 -[0-ppc64le]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le -[0-s390x]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x -[1]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager -[1-amd64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64 -[1-arm]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm -[1-arm64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64 -[1-ppc64le]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le -[1-s390x]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x -[2]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy -[2-amd64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64 -[2-arm]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm -[2-arm64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64 -[2-ppc64le]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le -[2-s390x]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x -[3]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler -[3-amd64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64 -[3-arm]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm -[3-arm64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64 -[3-ppc64le]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le -[3-s390x]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x -[4]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance -[4-amd64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64 -[4-arm]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm -[4-arm64]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64 -[4-ppc64le]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le -[4-s390x]: https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x - - 所有容器镜像都支持多架构,容器运行时应根据下层平台选择正确的镜像。 也可以通过给容器镜像名称加后缀来拉取适合特定架构的镜像,例如 -[`registry.k8s.io/kube-apiserver-arm64:{{< param "fullversion" >}}`][0-arm64]。 +`registry.k8s.io/kube-apiserver-arm64:{{< param "fullversion" >}}`。 所有这些派生镜像都以与多架构清单列表相同的方式签名。 - - +

    +不要应用任何更改;只是输出将要执行的操作。 +

    +
    --feature-gates string
    一组键值对(key=value),描述了各种特征。选项包括:
    PublicKeysECDSA=true|false (ALPHA - 默认值=false)
    RootlessControlPlane=true|false (ALPHA - 默认值=false) -
    UnversionedKubeletConfigMap=true|false (BETA - 默认值=true)
    ---image-repository string     默认值:"k8s.gcr.io" +--image-repository string     默认值:"registry.k8s.io"
    - + {{ $feed := getJSON .Site.Params.cveFeedBucket }} + - + - {{ range $issues := getJSON .Site.Params.cveFeedBucket }} + {{ range $feed.items }} - + - + {{ end }} -
    {{ T "cve_table" }}{{ T "cve_table" }} {{ T "cve_table_date_before" }}{{ $feed._kubernetes_io.updated_at | time.Format ( T "cve_table_date_format" ) }}{{ T "cve_table_date_after" }}
    {{ T "cve_id" }}{{ T "cve_summary"}}{{ T "cve_summary" }} {{ T "cve_issue_url" }}
    {{ .cve_id | htmlEscape | safeHTML }}{{ .id | htmlEscape | safeHTML }} {{ .summary | htmlEscape | safeHTML }}#{{ .number }}#{{ ._kubernetes_io.issue_number }}
    \ No newline at end of file + From 96fe0763305edc9fa0c65d1b83078f847f600913 Mon Sep 17 00:00:00 2001 From: mtardy Date: Sun, 22 Jan 2023 18:27:21 +0100 Subject: [PATCH 160/537] Remove unused localization strings --- data/i18n/en/en.toml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/data/i18n/en/en.toml b/data/i18n/en/en.toml index d477cb95b8a8b..d38f0e9c70c53 100644 --- a/data/i18n/en/en.toml +++ b/data/i18n/en/en.toml @@ -49,18 +49,6 @@ other = "CVE ID" [cve_issue_url] other = "CVE GitHub Issue URL" -[cve_json_external_url] -other = "external_url" - -[cve_json_id] -other = "id" - -[cve_json_summary] -other = "summary" - -[cve_json_url] -other = "url" - [cve_summary] other = "Issue Summary" From fdf59313cf61a0908c06d4dd88c37caaf67d54b5 Mon Sep 17 00:00:00 2001 From: Mohammad Sahihi Benis Date: Tue, 21 Feb 2023 14:18:07 +0100 Subject: [PATCH 161/537] Update kubectl-convert in install-kubectl-macos.md --- content/en/docs/tasks/tools/install-kubectl-macos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/tools/install-kubectl-macos.md b/content/en/docs/tasks/tools/install-kubectl-macos.md index a02b027b2808b..f44e22abeefe6 100644 --- a/content/en/docs/tasks/tools/install-kubectl-macos.md +++ b/content/en/docs/tasks/tools/install-kubectl-macos.md @@ -264,7 +264,7 @@ Below are the procedures to set up autocompletion for Bash, Fish, and Zsh. 1. After installing the plugin, clean up the installation files: ```bash - rm kubectl kubectl.sha256 + rm kubectl-convert kubectl-convert.sha256 ``` ## {{% heading "whatsnext" %}} From 84a000b212093eaccba6f23ae91010ac88fbc358 Mon Sep 17 00:00:00 2001 From: Mohammad Sahihi Benis Date: Tue, 21 Feb 2023 14:22:52 +0100 Subject: [PATCH 162/537] Add remove kubectl-convert* files in install-kubectl-linux.md --- content/en/docs/tasks/tools/install-kubectl-linux.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/en/docs/tasks/tools/install-kubectl-linux.md b/content/en/docs/tasks/tools/install-kubectl-linux.md index a48dcd654e617..d90818dea9d47 100644 --- a/content/en/docs/tasks/tools/install-kubectl-linux.md +++ b/content/en/docs/tasks/tools/install-kubectl-linux.md @@ -256,6 +256,12 @@ Below are the procedures to set up autocompletion for Bash, Fish, and Zsh. If you do not see an error, it means the plugin is successfully installed. +1. After installing the plugin, clean up the installation files: + + ```bash + rm kubectl-convert kubectl-convert.sha256 + ``` + ## {{% heading "whatsnext" %}} {{< include "included/kubectl-whats-next.md" >}} From 90618e984dc0baf5cc90034b5cdf7e1cd95c4657 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paulo=20Gon=C3=A7alves=20Lima?= <18203100+PauloGoncalvesLima@users.noreply.github.com> Date: Tue, 21 Feb 2023 10:38:11 -0300 Subject: [PATCH 163/537] Fix: Translation. --- .../docs/tasks/administer-cluster/dns-custom-nameservers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md index ce9822509b918..662654beee6a1 100644 --- a/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md +++ b/content/pt-br/docs/tasks/administer-cluster/dns-custom-nameservers.md @@ -23,7 +23,7 @@ Seu cluster deve estar executando o complemento CoreDNS. DNS é um serviço integrado do Kubernetes que é iniciado automaticamente usando o _gerenciador de complementos_ [cluster add-on](http://releases.k8s.io/master/cluster/addons/README.md). {{< note >}} -O service CoreDNS é chamado de `kube-dns` no campo `metadata.name`. +O Service CoreDNS é chamado de `kube-dns` no campo `metadata.name`. O objetivo é garantir maior interoperabilidade com cargas de trabalho que dependiam do nome de serviço legado `kube-dns` para resolver endereços internos ao cluster. Usando o service chamado `kube-dns` abstrai o detalhe de implementação de qual provedor de DNS está sendo executado por trás desse nome comum. {{< /note >}} From 7f5e0fafb10d5bcd5f3ba7b55496816ea5713271 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Tue, 21 Feb 2023 13:27:20 -0300 Subject: [PATCH 164/537] Update content/pt-br/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md --- .../communicate-containers-same-pod-shared-volume.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md index 705a84afa7a39..a71fd7aa45253 100644 --- a/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md +++ b/content/pt-br/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume.md @@ -26,7 +26,7 @@ para o Pod: {{< codenew file="pods/two-container-pod.yaml" >}} No arquivo de configuração, você pode ver que o Pod tem um shared-data chamado -`dados compartilhados`. +`shared-data`. O primeiro contêiner listado no arquivo de configuração executa um servidor nginx. O caminho de montagem para o volume compartilhado é `/usr/share/nginx/html`. From 92b9d3f1e005aef4022db86bd586b927cf5a58f8 Mon Sep 17 00:00:00 2001 From: Kinzhi Date: Tue, 21 Feb 2023 00:29:00 +0800 Subject: [PATCH 165/537] [zh-cn]SYNC labels.md [zh-cn]SYNC labels.md --- .../concepts/overview/working-with-objects/labels.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/zh-cn/docs/concepts/overview/working-with-objects/labels.md b/content/zh-cn/docs/concepts/overview/working-with-objects/labels.md index d3b7005e42e1a..edd0834824732 100644 --- a/content/zh-cn/docs/concepts/overview/working-with-objects/labels.md +++ b/content/zh-cn/docs/concepts/overview/working-with-objects/labels.md @@ -132,10 +132,10 @@ Valid label value: * 包含破折号(`-`)、下划线(`_`)、点(`.`)和字母或数字 -例如,这是一个有 `environment: production` 和 `app: nginx` 标签的 Pod 配置文件: +例如,以下是一个清单 (manifest),适用于具有 `environment: production` 和 `app: nginx` 这两个标签的 Pod: ```yaml @@ -427,7 +427,7 @@ or ```yaml selector: - component: redis + component: redis ``` `kubernetes.io/` 和 `k8s.io/` 前缀是为 Kubernetes 核心组件保留的。 -例如,下面是一个 Pod 的配置文件,其注解中包含 `imageregistry: https://hub.docker.com/`: +例如,下面是一个 Pod 的清单,其注解中包含 `imageregistry: https://hub.docker.com/`: ```yaml apiVersion: v1 From dead0d1b1abae8b7efbebe6a5cc2cd027dcae9a7 Mon Sep 17 00:00:00 2001 From: Kinzhi Date: Tue, 21 Feb 2023 01:04:33 +0800 Subject: [PATCH 167/537] [zh-cn]SYNC feature-gates.md [zh-cn]SYNC feature-gates.md --- .../command-line-tools-reference/feature-gates.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md index ac0df72450b28..cd28c546c11ff 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md @@ -485,16 +485,17 @@ Each feature gate is designed for enabling/disabling a specific feature: to see the requesting subject's authentication information. See [API access to authentication information for a client](/docs/reference/access-authn-authz/authentication/#self-subject-review) for more details. -- `APIServerIdentity`: Assign each API server an ID in a cluster. +- `APIServerIdentity`: Assign each API server an ID in a cluster, using a [Lease](/docs/concepts/architecture/leases). - `APIServerTracing`: Add support for distributed tracing in the API server. See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/system-traces) for more details. --> -- `APIListChunking`:启用 API 客户端以块的形式从 API 服务器检索(“LIST” 或 “GET”)资源。 +- `APIListChunking`:启用 API 客户端以块的形式从 API 服务器检索(`LIST` 或 `GET`)资源。 - `APIPriorityAndFairness`:在每个服务器上启用优先级和公平性来管理请求并发(由 `RequestManagement` 重命名而来)。 -- `APIResponseCompression`:压缩 “LIST” 或 “GET” 请求的 API 响应。 +- `APIResponseCompression`:压缩 `LIST` 或 `GET` 请求的 API 响应。 - `APISelfSubjectReview`:激活 `SelfSubjectReview` API,允许用户查看请求主体的身份验证信息。 更多细节请参阅 [API 访问客户端的身份验证信息](/zh-cn/docs/reference/access-authn-authz/authentication/#self-subject-review)。 -- `APIServerIdentity`:为集群中的每个 API 服务器赋予一个 ID。 +- `APIServerIdentity`:使用[租约](/zh-cn/docs/concepts/architecture/leases)为集群中的每个 + API 服务器赋予一个 ID。 - `APIServerTracing`:为集群中的每个 API 服务器添加对分布式跟踪的支持。 参阅[针对 Kubernetes 系统组件的追踪](/zh-cn/docs/concepts/cluster-administration/system-traces/) 获取更多详细信息。 @@ -775,7 +776,7 @@ Each feature gate is designed for enabling/disabling a specific feature: 到正在运行的 Pod 的特性。 - `EventedPLEG`:启用此特性后,kubelet 能够通过 {{}} 扩展从{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}接收容器生命周期事件。 - (PLEG 是 “Pod lifecycle event generator” 的缩写,即 Pod 生命周期事件生成器)。 + (PLEG 是 `Pod lifecycle event generator` 的缩写,即 Pod 生命周期事件生成器)。 要使用此特性,你还需要在集群中运行的每个容器运行时中启用对容器生命周期事件的支持。 如果容器运行时未宣布支持容器生命周期事件,即使你已启用了此特性门控,kubelet 也会自动切换到原有的通用 PLEG 机制。 - `ExecProbeTimeout`:确保 kubelet 会遵从 exec 探针的超时值设置。 @@ -1267,6 +1268,7 @@ Each feature gate is designed for enabling/disabling a specific feature: - `WindowsHostNetwork`: Enables support for joining Windows containers to a hosts' network namespace. - `WindowsHostProcessContainers`: Enables support for Windows HostProcess containers. --> + - `WindowsHostNetwork`:启用对 Windows 容器接入主机网络名字空间的支持。 - `WindowsHostProcessContainers`:启用对 Windows HostProcess 容器的支持。 From 11646a6a217a8f19621c9f815999870cea2c6c9b Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Tue, 21 Feb 2023 13:58:24 -0300 Subject: [PATCH 168/537] Update content/pt-br/docs/concepts/configuration/windows-resource-management.md --- .../windows-resource-management.md | 43 ++++++++----------- 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/content/pt-br/docs/concepts/configuration/windows-resource-management.md b/content/pt-br/docs/concepts/configuration/windows-resource-management.md index 4a6443f6fe108..41d07c21ad41b 100644 --- a/content/pt-br/docs/concepts/configuration/windows-resource-management.md +++ b/content/pt-br/docs/concepts/configuration/windows-resource-management.md @@ -1,10 +1,5 @@ --- -reviewers: -- jayunit100 -- jsturtevant -- marosset -- perithompson -title: Gerenciamento de recursos para nós do Windows +title: Gerenciamento de recursos para nós Windows content_type: concept weight: 75 --- @@ -15,29 +10,29 @@ Esta página descreve as diferenças em como os recursos são gerenciados entre -Em nós do Linux, {{< glossary_tooltip text="cgroups" term_id="cgroup" >}} são usados como um limite de pod para controle de recursos. +Em nós Linux, {{< glossary_tooltip text="cgroups" term_id="cgroup" >}} são usados ​​como uma divisão para o controle de recursos em Pods. Os contêineres são criados dentro desse limite para o isolamento de rede, processo e sistema de arquivos. -As APIs Linux cgroup podem ser usadas para coletar estatísticas de uso de CPU, E/S e memória. +As APIs de cgroup do Linux podem ser usadas para coletar estatísticas de uso de CPU, E/S e memória. -Em contraste, o Windows usa um [_objetos de trabalho_](https://docs.microsoft.com/windows/win32/procthread/job-objects) por contêiner com um filtro de namespace do sistema +Em contraste, o Windows usa um [_objeto de trabalho_](https://docs.microsoft.com/windows/win32/procthread/job-objects) por contêiner com um filtro de namespace do sistema para conter todos os processos em um contêiner e fornecer isolamento lógico ao hospedar. (Os objetos de trabalho são um mecanismo de isolamento de processo do Windows e são diferentes dos que o Kubernetes chama de {{< glossary_tooltip term_id="job" text="Job" >}}). Não há como executar um contêiner do Windows sem a filtragem de namespace. -Isso significa que os privilégios do sistema não podem ser declarados no contexto do host e, +Isso significa que os privilégios do sistema não podem ser assegurados no contexto do host e, portanto, os contêineres privilegiados não estão disponíveis no Windows. -Os contêineres não podem assumir uma identidade do host porque o Gerente de conta de segurança (SAM) é separado. +Os contêineres não podem assumir uma identidade do host porque o Gerente de Conta de Segurança ( Security Account Manager , ou SAM) é separado. ## Gerenciamento de memória {#resource-management-memory} -O Windows não possui um eliminador de processo de falta de memória como o Linux. +O Windows não possui um eliminador de processo por falta de memória como o Linux. O Windows sempre trata todas as alocações de memória do modo de usuário como virtuais e os arquivos de paginação são obrigatórios. -Os nós do Windows não sobrecarregam a memória para os processos. O efeito líquido +Os nós Windows não superdimensionam a memória para os processos. O efeito real é que o Windows não atingirá as condições de falta de memória -da mesma forma que o Linux, e processará a página em disco em vez de estar +da mesma forma que o Linux, e estará processando a página em disco em vez de estar sujeito ao encerramento por falta de memória (OOM). Se a memória for superprovisionada e toda a memória física estiver esgotada, a paginação poderá diminuir o desempenho. @@ -51,25 +46,25 @@ No Windows, o kubelet oferece suporte a uma flag de linha de comando para defini `--windows-priorityclass`. Essa flag permite que o processo kubelet obtenha mais fatias de tempo de CPU quando comparado a outros processos em execução no host do Windows. Mais informações sobre os valores permitidos e os seus significados estão disponíveis em -[Classes prioritárias do Windows](https://docs.microsoft.com/en-us/windows/win32/procthread/scheduling-priorities#priority-class). -Para garantir que os Pods em execução não prejudiquem o kubelet de ciclos de CPU, defina essa flag como `ABOVE_NORMAL_PRIORITY_CLASS` ou acima. +[classes de prioridade do Windows](https://docs.microsoft.com/en-us/windows/win32/procthread/scheduling-priorities#priority-class). +Para garantir que os Pods em execução não deixem o kubelet sem ciclos de CPU, defina essa flag como `ABOVE_NORMAL_PRIORITY_CLASS` ou acima. ## Reserva de recursos {#resource-reservation} -Para contabilizar a memória e a CPU usadas pelo sistema operacional, o tempo de execução do contêiner -e pelos processos de host do Kubernetes, como o kubelet, você pode (e deve) -reservar recursos de memória e CPU com o `--kube-reserved` e/ou `--system-reserved` flags de kubelet. -No Windows, esses valores são usados apenas para calcular o nó -[alocável](/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable) de recursos. +Para contabilizar a memória e a CPU usadas pelo sistema operacional, o agente de execução de contêiner +e os processos de host do Kubernetes, como o kubelet, você pode (e deve) +reservar recursos de memória e CPU com as flags `--kube-reserved` e/ou `--system-reserved` do kubelet. +No Windows, esses valores são usados apenas para calcular o recursos +[alocáveis](/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable) ​​pelo nó. {{< caution >}} Conforme você implanta cargas de trabalho, defina a memória de recursos e os limites de CPU nos contêineres. -Isso também subtrai de `NodeAllocatable` e ajuda o agendador de todo o cluster a determinar quais pods colocar em quais nós. +Isso também subtrai de `NodeAllocatable` e ajuda o escalonador de todo o cluster a determinar quais pods colocar em quais nós. -Agendar pods sem limites pode superprovisionar os nós do Windows e, em casos extremos, fazer com que os nós não sejam íntegros. +Alocar pods sem limites pode superprovisionar os nós do Windows e, em casos extremos, fazer com que os nós não sejam íntegros. {{< /caution >}} No Windows, uma boa prática é reservar pelo menos 2GiB de memória. Para determinar quanta CPU reservar, identifique a densidade máxima do pod para cada -nó e monitore o uso da CPU dos serviços do sistema em execução, depois escolha um valor que atenda às suas necessidades de carga de trabalho. \ No newline at end of file +nó e monitore o uso da CPU dos serviços do sistema em execução, depois escolha um valor que atenda às necessidades das suas cargas de trabalho. \ No newline at end of file From d1be50d94e2c7e3655c4ff71bbe7a4c0d0dca343 Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Tue, 21 Feb 2023 14:10:25 -0300 Subject: [PATCH 169/537] Update content/pt-br/docs/reference/issues-security.md --- content/pt-br/docs/reference/issues-security/issues.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/pt-br/docs/reference/issues-security/issues.md b/content/pt-br/docs/reference/issues-security/issues.md index 706a69f5fd0c8..c1c8584739491 100644 --- a/content/pt-br/docs/reference/issues-security/issues.md +++ b/content/pt-br/docs/reference/issues-security/issues.md @@ -8,9 +8,9 @@ Para reportar um problema de segurança, siga [processo de divulgação de issue O trabalho no código do Kubernetes e os problemas de segurança podem ser encontrados usando [ GitHub Issues ](https://github.com/kubernetes/kubernetes/issues/). -* Oficial [lista de CVEs conhecidos](/docs/reference/issues-security/official-cve-feed/) +* Lista [oficial de CVEs conhecidos](/docs/reference/issues-security/official-cve-feed/) (vulnerabilidades de segurança) que foram anunciados pelo [comitê de resposta de segurança](https://github.com/kubernetes/committee-security-response) -* [Problemas do gitHub relacionados ao CVE](https://github.com/kubernetes/kubernetes/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Aarea%2Fsecurity+in%3Atitle+CVE) +* [Questões relacionadas ao CVE](https://github.com/kubernetes/kubernetes/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Aarea%2Fsecurity+in%3Atitle+CVE) Anúncios relacionados à segurança são enviados para a lista de discussão [kubernetes-security-announce@googlegroups.com](https://groups.google.com/forum/#!forum/kubernetes-security-announce). \ No newline at end of file From daddedcb45d6ae695401d3dcd9b8445bf7da9461 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Tue, 21 Feb 2023 18:08:24 +0000 Subject: [PATCH 170/537] Fix Introduction to Cilium link --- .../network-policy-provider/cilium-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md index ebafa8527ab27..af266688d5e64 100644 --- a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md +++ b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md @@ -10,7 +10,7 @@ weight: 30 This page shows how to use Cilium for NetworkPolicy. -For background on Cilium, read the [Introduction to Cilium](https://docs.cilium.io/en/stable/intro). +For background on Cilium, read the [Introduction to Cilium](https://docs.cilium.io/en/stable/overview/intro). ## {{% heading "prerequisites" %}} From 987e74670d63c8020bd3602387d81b1135aa4039 Mon Sep 17 00:00:00 2001 From: upodroid Date: Tue, 21 Feb 2023 22:50:32 +0300 Subject: [PATCH 171/537] adjust the banner dates for katacoda deprecation --- data/announcements/scheduled.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/announcements/scheduled.yaml b/data/announcements/scheduled.yaml index 89c3167120c30..fdade5ddbb1b2 100644 --- a/data/announcements/scheduled.yaml +++ b/data/announcements/scheduled.yaml @@ -134,7 +134,7 @@ announcements: - name: Freezing k8s.gcr.io - Before startTime: 2023-02-20T00:00:00 # Added in https://github.com/kubernetes/website/pull/39575 # This should run before and after Kubecon EU 2023 - endTime: 2023-04-02T00:00:00 + endTime: 2023-03-26T00:00:00 style: "background: #FF0000" title: "Legacy k8s.gcr.io container image registry will be frozen in early April 2023" message: | @@ -143,7 +143,7 @@ announcements: Please read our [announcement](/blog/2023/02/06/k8s-gcr-io-freeze-announcement/) for more details. - name: Freezing k8s.gcr.io - After - startTime: 2023-04-03T00:00:00 # Added in https://github.com/kubernetes/website/pull/39575 + startTime: 2023-04-05T00:00:00 # Added in https://github.com/kubernetes/website/pull/39575 # This should run before and after Kubecon EU 2023 endTime: 2023-05-31T00:00:00 style: "background: #FF0000" From 1bd67491897ac5195ccc6b99c7705f4ba29f5093 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 21:33:23 +0800 Subject: [PATCH 172/537] [zh] Resync run-stateless-application-deployment --- .../run-stateless-application-deployment.md | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/content/zh-cn/docs/tasks/run-application/run-stateless-application-deployment.md b/content/zh-cn/docs/tasks/run-application/run-stateless-application-deployment.md index 55f9f9b120faa..96a188aabfd9c 100644 --- a/content/zh-cn/docs/tasks/run-application/run-stateless-application-deployment.md +++ b/content/zh-cn/docs/tasks/run-application/run-stateless-application-deployment.md @@ -15,13 +15,13 @@ This page shows how to run an application using a Kubernetes Deployment object. ## {{% heading "objectives" %}} -* 创建一个 nginx Deployment。 -* 使用 kubectl 列举该 Deployment 的相关信息。 -* 更新该 Deployment。 +- 创建一个 nginx Deployment。 +- 使用 kubectl 列举该 Deployment 的相关信息。 +- 更新该 Deployment。 ## {{% heading "prerequisites" %}} @@ -81,8 +81,8 @@ Docker 镜像的 Deployment: Pod Template: Labels: app=nginx Containers: - nginx: - Image: nginx:1.7.9 + nginx: + Image: nginx:1.14.2 Port: 80/TCP Environment: Mounts: @@ -161,6 +161,7 @@ Deployment 镜像更新为 nginx 1.16.1。 ```shell kubectl get pods -l app=nginx ``` + -* 进一步了解 [Deployment 对象](/zh-cn/docs/concepts/workloads/controllers/deployment/)。 +- 进一步了解 [Deployment 对象](/zh-cn/docs/concepts/workloads/controllers/deployment/)。 From a21e1f7aa9e1c9eefe882db012e27580e83b48e7 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Wed, 22 Feb 2023 15:14:22 +0800 Subject: [PATCH 173/537] Clean up page distribute-credentials-secure --- .../distribute-credentials-secure.md | 125 +++++++++--------- 1 file changed, 61 insertions(+), 64 deletions(-) diff --git a/content/en/docs/tasks/inject-data-application/distribute-credentials-secure.md b/content/en/docs/tasks/inject-data-application/distribute-credentials-secure.md index c037dea7cdcd2..26d39f36a6eda 100644 --- a/content/en/docs/tasks/inject-data-application/distribute-credentials-secure.md +++ b/content/en/docs/tasks/inject-data-application/distribute-credentials-secure.md @@ -6,13 +6,12 @@ min-kubernetes-server-version: v1.6 --- + This page shows how to securely inject sensitive data, such as passwords and encryption keys, into Pods. - ## {{% heading "prerequisites" %}} - {{< include "task-tutorial-prereqs.md" >}} ### Convert your secret data to a base-64 representation @@ -94,7 +93,6 @@ kubectl create secret generic test-secret --from-literal='username=my-app' --fro This is more convenient. The detailed approach shown earlier runs through each step explicitly to demonstrate what is happening. - ## Create a Pod that has access to the secret data through a Volume Here is a configuration file you can use to create a Pod: @@ -125,7 +123,7 @@ Here is a configuration file you can use to create a Pod: ``` 1. The secret data is exposed to the Container through a Volume mounted under -`/etc/secret-volume`. + `/etc/secret-volume`. In your shell, list the files in the `/etc/secret-volume` directory: ```shell @@ -182,17 +180,17 @@ spec: When you deploy this Pod, the following happens: -* The `username` key from `mysecret` is available to the container at the path +- The `username` key from `mysecret` is available to the container at the path `/etc/foo/my-group/my-username` instead of at `/etc/foo/username`. -* The `password` key from that Secret object is not projected. +- The `password` key from that Secret object is not projected. If you list keys explicitly using `.spec.volumes[].secret.items`, consider the following: -* Only keys specified in `items` are projected. -* To consume all keys from the Secret, all of them must be listed in the +- Only keys specified in `items` are projected. +- To consume all keys from the Secret, all of them must be listed in the `items` field. -* All listed keys must exist in the corresponding Secret. Otherwise, the volume +- All listed keys must exist in the corresponding Secret. Otherwise, the volume is not created. ### Set POSIX permissions for Secret keys @@ -246,63 +244,62 @@ secrets change. ### Define a container environment variable with data from a single Secret -* Define an environment variable as a key-value pair in a Secret: +- Define an environment variable as a key-value pair in a Secret: - ```shell - kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' - ``` + ```shell + kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' + ``` -* Assign the `backend-username` value defined in the Secret to the `SECRET_USERNAME` environment variable in the Pod specification. +- Assign the `backend-username` value defined in the Secret to the `SECRET_USERNAME` environment variable in the Pod specification. - {{< codenew file="pods/inject/pod-single-secret-env-variable.yaml" >}} + {{< codenew file="pods/inject/pod-single-secret-env-variable.yaml" >}} -* Create the Pod: +- Create the Pod: - ```shell - kubectl create -f https://k8s.io/examples/pods/inject/pod-single-secret-env-variable.yaml - ``` + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-single-secret-env-variable.yaml + ``` -* In your shell, display the content of `SECRET_USERNAME` container environment variable +- In your shell, display the content of `SECRET_USERNAME` container environment variable - ```shell - kubectl exec -i -t env-single-secret -- /bin/sh -c 'echo $SECRET_USERNAME' - ``` + ```shell + kubectl exec -i -t env-single-secret -- /bin/sh -c 'echo $SECRET_USERNAME' + ``` - The output is - ``` - backend-admin - ``` + The output is + ``` + backend-admin + ``` ### Define container environment variables with data from multiple Secrets -* As with the previous example, create the Secrets first. - - ```shell - kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' - kubectl create secret generic db-user --from-literal=db-username='db-admin' - ``` +- As with the previous example, create the Secrets first. -* Define the environment variables in the Pod specification. + ```shell + kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' + kubectl create secret generic db-user --from-literal=db-username='db-admin' + ``` - {{< codenew file="pods/inject/pod-multiple-secret-env-variable.yaml" >}} +- Define the environment variables in the Pod specification. -* Create the Pod: + {{< codenew file="pods/inject/pod-multiple-secret-env-variable.yaml" >}} - ```shell - kubectl create -f https://k8s.io/examples/pods/inject/pod-multiple-secret-env-variable.yaml - ``` +- Create the Pod: -* In your shell, display the container environment variables + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-multiple-secret-env-variable.yaml + ``` - ```shell - kubectl exec -i -t envvars-multiple-secrets -- /bin/sh -c 'env | grep _USERNAME' - ``` - The output is - ``` - DB_USERNAME=db-admin - BACKEND_USERNAME=backend-admin - ``` +- In your shell, display the container environment variables + ```shell + kubectl exec -i -t envvars-multiple-secrets -- /bin/sh -c 'env | grep _USERNAME' + ``` + The output is + ``` + DB_USERNAME=db-admin + BACKEND_USERNAME=backend-admin + ``` ## Configure all key-value pairs in a Secret as container environment variables @@ -310,23 +307,23 @@ secrets change. This functionality is available in Kubernetes v1.6 and later. {{< /note >}} -* Create a Secret containing multiple key-value pairs +- Create a Secret containing multiple key-value pairs - ```shell - kubectl create secret generic test-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' - ``` + ```shell + kubectl create secret generic test-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' + ``` -* Use envFrom to define all of the Secret's data as container environment variables. The key from the Secret becomes the environment variable name in the Pod. +- Use envFrom to define all of the Secret's data as container environment variables. The key from the Secret becomes the environment variable name in the Pod. - {{< codenew file="pods/inject/pod-secret-envFrom.yaml" >}} + {{< codenew file="pods/inject/pod-secret-envFrom.yaml" >}} -* Create the Pod: +- Create the Pod: - ```shell - kubectl create -f https://k8s.io/examples/pods/inject/pod-secret-envFrom.yaml - ``` + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-secret-envFrom.yaml + ``` -* In your shell, display `username` and `password` container environment variables +- In your shell, display `username` and `password` container environment variables ```shell kubectl exec -i -t envfrom-secret -- /bin/sh -c 'echo "username: $username\npassword: $password\n"' @@ -340,11 +337,11 @@ This functionality is available in Kubernetes v1.6 and later. ### References -* [Secret](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core) -* [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core) -* [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core) +- [Secret](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core) +- [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core) +- [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core) ## {{% heading "whatsnext" %}} -* Learn more about [Secrets](/docs/concepts/configuration/secret/). -* Learn about [Volumes](/docs/concepts/storage/volumes/). +- Learn more about [Secrets](/docs/concepts/configuration/secret/). +- Learn about [Volumes](/docs/concepts/storage/volumes/). From 5fc05fe1aa32111acd5e151a63ac8dda96cbf438 Mon Sep 17 00:00:00 2001 From: upodroid Date: Wed, 22 Feb 2023 14:39:03 +0300 Subject: [PATCH 174/537] use a darker shade of red --- data/announcements/scheduled.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/announcements/scheduled.yaml b/data/announcements/scheduled.yaml index fdade5ddbb1b2..d6aabff06ea12 100644 --- a/data/announcements/scheduled.yaml +++ b/data/announcements/scheduled.yaml @@ -135,7 +135,7 @@ announcements: startTime: 2023-02-20T00:00:00 # Added in https://github.com/kubernetes/website/pull/39575 # This should run before and after Kubecon EU 2023 endTime: 2023-03-26T00:00:00 - style: "background: #FF0000" + style: "background: #c70202" title: "Legacy k8s.gcr.io container image registry will be frozen in early April 2023" message: | k8s.gcr.io image registry will be frozen from the 3rd of April 2023.
    @@ -146,7 +146,7 @@ announcements: startTime: 2023-04-05T00:00:00 # Added in https://github.com/kubernetes/website/pull/39575 # This should run before and after Kubecon EU 2023 endTime: 2023-05-31T00:00:00 - style: "background: #FF0000" + style: "background: #c70202" title: Legacy k8s.gcr.io container image registry was frozen on the 3rd of April 2023 message: | k8s.gcr.io image registry has been frozen on the 3rd of April 2023.
    From 7b08c16746a77920e0557042d4c8bcfdf0527db2 Mon Sep 17 00:00:00 2001 From: Manish Kumar Date: Wed, 22 Feb 2023 16:36:14 +0530 Subject: [PATCH 175/537] Fix comments. --- content/en/docs/reference/labels-annotations-taints/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index 7d8c76241ed11..4b94bd11c744a 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -641,8 +641,8 @@ Example: `rbac.authorization.kubernetes.io/autoupdate: "false"` Used on: ClusterRole, ClusterRoleBinding, Role, RoleBinding -When this annotation is set to `true`, default RBAC ClusterRole and ClusterRoleBinding objects are automatically updated at server start to add missing permissions and subjects (extra permissions and subjects are left in place). To prevent autoupdating a particular role or rolebinding, set this annotation to `false`. -If you create your own ClusterRole and set this annotation, `kubectl auth reconcile` +When this annotation is set to `"true"` on default RBAC objects created by the kube-apiserver, they are automatically updated at server start to add missing permissions and subjects (extra permissions and subjects are left in place). To prevent autoupdating a particular role or rolebinding, set this annotation to `"false"`. +If you create your own RBAC objects and set this annotation to `"false"`, `kubectl auth reconcile` (which allows reconciling arbitrary RBAC objects in a {{< glossary_tooltip text="manifest" term_id="manifest" >}}) respects this annotation and does not automatically add missing permissions and subjects. From 89d6a54d86369cd3079bdb9a7a3594b6d4e2c901 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Wed, 22 Feb 2023 10:09:57 +0800 Subject: [PATCH 176/537] [zh] sync /services-networking/service.md --- .../concepts/services-networking/service.md | 252 +++++++++++------- 1 file changed, 149 insertions(+), 103 deletions(-) diff --git a/content/zh-cn/docs/concepts/services-networking/service.md b/content/zh-cn/docs/concepts/services-networking/service.md index c027fb3ada39f..1ab32ec16ba46 100644 --- a/content/zh-cn/docs/concepts/services-networking/service.md +++ b/content/zh-cn/docs/concepts/services-networking/service.md @@ -29,65 +29,60 @@ weight: 10 {{< glossary_definition term_id="service" length="short" >}} -使用 Kubernetes,你无需修改应用程序去使用不熟悉的服务发现机制。 -Kubernetes 为 Pod 提供自己的 IP 地址,并为一组 Pod 提供相同的 DNS 名, -并且可以在它们之间进行负载均衡。 - - +Kubernetes 中 Service 的一个关键目标是让你无需修改现有应用程序就能使用不熟悉的服务发现机制。 +你可以在 Pod 中运行代码,无需顾虑这是为云原生世界设计的代码,还是为已容器化的老应用程序设计的代码。 +你可以使用 Service 让一组 Pod 在网络上可用,让客户端能够与其交互。 +如果你使用 {{< glossary_tooltip term_id="deployment" >}} 来运行你的应用, +Deployment 可以动态地创建和销毁 Pod。不管是这一刻还是下一刻, +你不知道有多少个这样的 Pod 正在工作以及健康与否;你可能甚至不知道那些健康的 Pod 是如何命名的。 +Kubernetes {{< glossary_tooltip term_id="pod" text="Pod" >}} 被创建和销毁以匹配集群的预期状态。 +Pod 是临时资源(你不应该期待单个 Pod 既可靠又耐用)。 -Each Pod gets its own IP address, however in a Deployment, the set of Pods -running in one moment in time could be different from -the set of Pods running that application a moment later. + -## 动机 {#motivation} - -创建和销毁 Kubernetes {{< glossary_tooltip term_id="pod" text="Pod" >}} 以匹配集群的期望状态。 -Pod 是非永久性资源。 -如果你使用 {{< glossary_tooltip term_id="deployment">}} -来运行你的应用程序,则它可以动态创建和销毁 Pod。 - -每个 Pod 都有自己的 IP 地址,但是在 Deployment 中,在同一时刻运行的 Pod 集合可能与稍后运行该应用程序的 Pod 集合不同。 +每个 Pod 获取其自己的 IP 地址(Kubernetes 期待网络插件确保 IP 地址分配)。 +对于集群中给定的 Deployment,这一刻运行的这组 Pod 可能不同于下一刻运行应用程序的那组 Pod。 这导致了一个问题: 如果一组 Pod(称为“后端”)为集群内的其他 Pod(称为“前端”)提供功能, 那么前端如何找出并跟踪要连接的 IP 地址,以便前端可以使用提供工作负载的后端部分? -进入 **Service**。 + -## Service 资源 {#service-resource} +## Services in Kubernetes - -Kubernetes Service 定义了这样一种抽象:逻辑上的一组 Pod,一种可以访问它们的策略 —— 通常称为微服务。 -Service 所针对的 Pod 集合通常是通过{{< glossary_tooltip text="选择算符" term_id="selector" >}}来确定的。 -要了解定义服务端点的其他方法,请参阅[不带选择算符的服务](#services-without-selectors)。 +## Kubernetes 中的 Service {#service-in-k8s} + +Service API 是 Kubernetes 的组成部分,它是一种抽象,帮助你通过网络暴露 Pod 组合。 +每个 Service 对象定义一个逻辑组的端点(通常这些端点是 Pod)以及如何才能访问这些 Pod 的策略。 +Service 针对的这组 Pod 通常由你定义的{{< glossary_tooltip text="选择算符" term_id="selector" >}}来确定。 +若想了解定义 Service 端点的其他方式,可以查阅[**不带**选择算符的 Service](#services-without-selectors)。 + + +如果你的工作负载以 HTTP 通信,你可能会选择使用 [Ingress](/zh-cn/docs/concepts/services-networking/ingress/) +来控制 Web 流量如何到达该工作负载。Ingress 不是一种 Service,但它可用作集群的入口点。 +Ingress 能让你将路由规则整合到单个资源,这样你就能在单个侦听器之后暴露工作负载的多个组件,在集群中分别运行这些组件。 + + +Kubernetes 所用的 [Gateway](https://gateway-api.sigs.k8s.io/#what-is-the-gateway-api) API +提供了除 Ingress 和 Service 之外的更多功能。你可以添加 Gateway 到你的集群。Gateway 是使用 +{{< glossary_tooltip term_id="CustomResourceDefinition" text="CustomResourceDefinitions" >}} +实现的一系列扩展 API。将 Gateway 添加到你的集群后,就可以使用这些 Gateway 配置如何访问集群中正运行的网络服务。 + ## 定义 Service {#defining-a-service} -Service 在 Kubernetes 中是一个 REST 对象,和 Pod 类似。 -像所有的 REST 对象一样,Service 定义可以基于 `POST` 方式,请求 API server 创建新的实例。 -Service 对象的名称必须是合法的 -[RFC 1035 标签名称](/zh-cn/docs/concepts/overview/working-with-objects/names#rfc-1035-label-names)。 +Service 在 Kubernetes 中是一个{{< glossary_tooltip text="对象" term_id="object" >}} +(与 Pod 或 ConfigMap 类似的对象)。你可以使用 Kubernetes API 创建、查看或修改 Service 定义。 +通常你使用 `kubectl` 这类工具来进行这些 API 调用。 -例如,假定有一组 Pod,它们对外暴露了 9376 端口,同时还被打上 `app.kubernetes.io/name=MyApp` 标签: + +例如,假定有一组 Pod,每个 Pod 都在侦听 TCP 端口 9376,同时还被打上 `app.kubernetes.io/name=MyApp` 标签。 +你可以定义一个 Service 来发布 TCP 侦听器。 ```yaml apiVersion: v1 @@ -160,25 +192,32 @@ spec: ``` -上述配置创建一个名称为 "my-service" 的 Service 对象,它会将请求代理到使用 -TCP 端口 9376,并且具有标签 `app.kubernetes.io/name=MyApp` 的 Pod 上。 +应用上述清单将创建一个名称为 "my-service" 的新 Service,它在所有 Pod 上指向 +TCP 端口 9376,并且具有标签 `app.kubernetes.io/name: MyApp`。 -Kubernetes 为该服务分配一个 IP 地址(有时称为 “集群 IP”),该 IP 地址由服务代理使用。 -(请参见下面的[虚拟 IP 寻址机制](#virtual-ip-addressing-mechanism)). +Kubernetes 为该服务分配一个 IP 地址(有时称为 “集群 IP”),该 IP 地址由虚拟 IP 地址机制使用。 +有关该机制的更多详情,请阅读[虚拟 IP 和服务代理](/zh-cn/docs/reference/networking/virtual-ips/)。 -服务选择算符的控制器不断扫描与其选择算符匹配的 Pod,然后将所有更新发布到也称为 -“my-service” 的 Endpoint 对象。 + +Service 的控制器不断扫描与其选择算符匹配的 Pod,然后对 Service 的 EndpointSlices 集合执行所有必要的更新。 + + +Service 对象的名称必须是有效的 +[RFC 1035 标签名称](/zh-cn/docs/concepts/overview/working-with-objects/names#rfc-1035-label-names)。 {{< note >}} +### 没有选择算符的 Service {#services-without-selectors} + +由于选择算符的存在,服务最常见的用法是为 Kubernetes Pod 的访问提供抽象, +但是当与相应的 {{}} +对象一起使用且没有选择算符时, +服务也可以为其他类型的后端提供抽象,包括在集群外运行的后端。 + -### 没有选择算符的 Service {#services-without-selectors} - -由于选择算符的存在,服务最常见的用法是为 Kubernetes Pod 的访问提供抽象, -但是当与相应的 {{}} -对象一起使用且没有选择算符时, -服务也可以为其他类型的后端提供抽象,包括在集群外运行的后端。 - 例如: * 希望在生产环境中使用外部的数据库集群,但测试环境使用自己的数据库。 * 希望服务指向另一个 {{< glossary_tooltip term_id="namespace" >}} 中或其它集群中的服务。 * 你正在将工作负载迁移到 Kubernetes。在评估该方法时,你仅在 Kubernetes 中运行一部分后端。 -在任何这些场景中,都能够定义没有选择算符的 Service。 + +在任何这些场景中,都能够定义**未**指定与 Pod 匹配的选择算符的 Service。例如: 实例: ```yaml @@ -414,12 +455,12 @@ Kubernetes API 服务器被用作调用者可能无权访问的端点的代理 {{< /note >}} -ExternalName Service 是 Service 的特例,它没有选择算符,但是使用 DNS 名称。 -有关更多信息,请参阅本文档后面的 [ExternalName](#externalname)。 +`ExternalName` Service 是 Service 的特例,它没有选择算符,而是使用 DNS 名称。 +有关更多信息,请参阅 [ExternalName](#externalname) 一节。 #### 内部负载均衡器 {#internal-load-balancer} @@ -1191,7 +1232,7 @@ depending on the cloud Service provider you're using. 在水平分割 DNS 环境中,你需要两个服务才能将内部和外部流量都路由到你的端点(Endpoints)。 -如要设置内部负载均衡器,请根据你所使用的云运营商,为服务添加以下注解之一。 +如要设置内部负载均衡器,请根据你所使用的云运营商,为服务添加以下注解之一: {{< tabs name="service_tabs" >}} {{% tab name="Default" %}} @@ -1779,7 +1820,7 @@ In the example below, "`my-service`" can be accessed by clients on "`80.11.12.10 `externalIPs` 不会被 Kubernetes 管理,它属于集群管理员的职责范畴。 根据 Service 的规定,`externalIPs` 可以同任意的 `ServiceType` 来一起指定。 -在上面的例子中,`my-service` 可以在 "`80.11.12.10:80`"(`externalIP:port`) 上被客户端访问。 +在上面的例子中,`my-service` 可以在 "`80.11.12.10:80`" (`externalIP:port`) 上被客户端访问。 ```yaml apiVersion: v1 @@ -1793,9 +1834,9 @@ spec: - name: http protocol: TCP port: 80 - targetPort: 9376 + targetPort: 49152 externalIPs: - - 80.11.12.10 + - 198.51.100.32 ``` -进一步学习以下章节: +进一步学习 Service 及其在 Kubernetes 中所发挥的作用: -* 遵循[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/)教程 -* [Ingress](/zh-cn/docs/concepts/services-networking/ingress/) 将来自集群外部的 HTTP 和 HTTPS +* 遵循[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/)教程。 +* 阅读 [Ingress](/zh-cn/docs/concepts/services-networking/ingress/) 将来自集群外部的 HTTP 和 HTTPS 请求路由暴露给集群内的服务。 -* [EndpointSlice](/zh-cn/docs/concepts/services-networking/endpoint-slices/) +* 阅读 [Gateway](https://gateway-api.sigs.k8s.io/) 作为 Kubernetes 的扩展提供比 Ingress 更大的灵活性。 -更多上下文: +更多上下文,可以阅读以下内容: * [虚拟 IP 和 Service 代理](/zh-cn/docs/reference/networking/virtual-ips/) +* [EndpointSlices](/zh-cn/docs/concepts/services-networking/endpoint-slices/) * Service API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/service-v1/) -* Endpoint API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1/) * EndpointSlice API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1/) +* Endpoint API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1/) From 6f330b23df05b446c0115aa23618f378336dd5c0 Mon Sep 17 00:00:00 2001 From: Mauren Berti Date: Wed, 22 Feb 2023 10:20:20 -0500 Subject: [PATCH 177/537] [pt-br] Update enforce-standards-admission-controller.md. * Update the contents in the Brazilian Portuguese version of docs/tasks/configure-pod-container/enforce-standards-admission-controller.md to reflect the latest English content. --- .../enforce-standards-admission-controller.md | 90 +++++++------------ 1 file changed, 31 insertions(+), 59 deletions(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md b/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md index 7762fc1cf5581..d3eb331c5d91c 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md +++ b/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md @@ -1,43 +1,53 @@ --- title: Aplicando os Padrões de Segurança do Pod Através da Configuração do Controlador de Admissão Embutido content_type: task -min-kubernetes-server-version: v1.22 --- -Desde a versão v1.22, o Kubernetes fornece um [controlador de admissão](/docs/reference/access-authn-authz/admission-controllers/#podsecurity) -embutido para fazer cumprir os [padrões de segurança do Pod](/docs/concepts/security/pod-security-standards). -Você pode configurar esse controlador de admissão para definir padrões em todo -o cluster e [exceções](/docs/concepts/security/pod-security-admission/#exemptions). +O Kubernetes force um [controlador de admissão](/docs/reference/access-authn-authz/admission-controllers/#podsecurity) +embutido para garantir os [padrões de segurança do Pod](/docs/concepts/security/pod-security-standards). +Você pode configurar esse controlador de admissão para definir padrões e +[isenções](/docs/concepts/security/pod-security-admission/#exemptions) em todo +o cluster. ## {{% heading "prerequisites" %}} +Após uma release alfa no Kubernetes v1.22, o controlador de admissão +_Pod Security Admission_ tornou-se disponível por padrão no Kubernetes v1.23, +no estado beta. Da versão 1.25 em diante o controlador de admissão _Pod Security +Admission_ está publicamente disponível. + {{% version-check %}} -- Garanta que a `PodSecurity` do [`feature gate`](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features) -está ativada. +Se você não estiver utilizando o Kubernetes {{< skew currentVersion >}}, você +pode verificar a documentação da versão do Kubernetes que você está utilizando. ## Configure o Controlador de Admissão -{{< tabs name="PodSecurityConfiguration_example_1" >}} -{{% tab name="pod-security.admission.config.k8s.io/v1beta1" %}} +{{< note >}} +A configuração `pod-security.admission.config.k8s.io/v1` requer o Kubernetes v1.25 +ou superior. +Para as versões v1.23 e v1.24, utilize [v1beta1](https://v1-24.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/). +Para a versão v1.22, utilize [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/). +{{< /note >}} + ```yaml -apiVersion: apiserver.config.k8s.io/v1 +apiVersion: apiserver.config.k8s.io/v1 # veja a nota de compatibilidade kind: AdmissionConfiguration plugins: - name: PodSecurity configuration: apiVersion: pod-security.admission.config.k8s.io/v1beta1 kind: PodSecurityConfiguration - # Defaults applied when a mode label is not set. + # Padrões aplicados quando o label de modo não é especificado. # - # Level label values must be one of: - # - "privileged" (default) + # O valor para o label Level deve ser uma das opções abaixo: + # - "privileged" (padrão) # - "baseline" # - "restricted" # - # Version label values must be one of: - # - "latest" (default) - # - specific version like "v{{< skew currentVersion >}}" + # O valor para o label Version deve ser uma das opções abaixo: + # - "latest" (padrão) + # - versão específica no formato "v{{< skew currentVersion >}}" defaults: enforce: "privileged" enforce-version: "latest" @@ -46,53 +56,15 @@ plugins: warn: "privileged" warn-version: "latest" exemptions: - # Array of authenticated usernames to exempt. + # Lista de usuários autenticados a eximir. usernames: [] - # Array of runtime class names to exempt. + # Lista de RuntimeClasses a eximir. runtimeClasses: [] - # Array of namespaces to exempt. + # Lista de namespaces a eximir. namespaces: [] ``` {{< note >}} -A versão da configuração v1beta1 requer a versão v1.23 ou superior do Kubernetes. Para a versão v1.22 do Kubernetes, utilize v1alpha1. +O manifesto acima precisa ser especificado através da opção de linha de comando +`--admission-control-config-file` do kube-apiserver. {{< /note >}} - -{{% /tab %}} -{{% tab name="pod-security.admission.config.k8s.io/v1alpha1" %}} - -```yaml -apiVersion: apiserver.config.k8s.io/v1 -kind: AdmissionConfiguration -plugins: -- name: PodSecurity - configuration: - apiVersion: pod-security.admission.config.k8s.io/v1alpha1 - kind: PodSecurityConfiguration - # Defaults applied when a mode label is not set. - # - # Level label values must be one of: - # - "privileged" (default) - # - "baseline" - # - "restricted" - # - # Version label values must be one of: - # - "latest" (default) - # - specific version like "v{{< skew currentVersion >}}" - defaults: - enforce: "privileged" - enforce-version: "latest" - audit: "privileged" - audit-version: "latest" - warn: "privileged" - warn-version: "latest" - exemptions: - # Array of authenticated usernames to exempt. - usernames: [] - # Array of runtime class names to exempt. - runtimeClasses: [] - # Array of namespaces to exempt. - namespaces: [] -``` -{{% /tab %}} -{{< /tabs >}} From a1be4f42d4f56607b07a4b363c91d02700d5cb66 Mon Sep 17 00:00:00 2001 From: Mauren Berti Date: Wed, 22 Feb 2023 10:23:29 -0500 Subject: [PATCH 178/537] Fix typo. --- .../enforce-standards-admission-controller.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md b/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md index d3eb331c5d91c..ce2788a8dd977 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md +++ b/content/pt-br/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md @@ -3,7 +3,7 @@ title: Aplicando os Padrões de Segurança do Pod Através da Configuração do content_type: task --- -O Kubernetes force um [controlador de admissão](/docs/reference/access-authn-authz/admission-controllers/#podsecurity) +O Kubernetes fornece um [controlador de admissão](/docs/reference/access-authn-authz/admission-controllers/#podsecurity) embutido para garantir os [padrões de segurança do Pod](/docs/concepts/security/pod-security-standards). Você pode configurar esse controlador de admissão para definir padrões e [isenções](/docs/concepts/security/pod-security-admission/#exemptions) em todo From 1179ec8b11a8328cd12f77498d83c656b791172d Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Wed, 22 Feb 2023 13:53:38 -0300 Subject: [PATCH 179/537] Update content/pt-br/docs/issues-security/issues.md --- content/pt-br/docs/reference/issues-security/issues.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/pt-br/docs/reference/issues-security/issues.md b/content/pt-br/docs/reference/issues-security/issues.md index c1c8584739491..d0480ed558b3a 100644 --- a/content/pt-br/docs/reference/issues-security/issues.md +++ b/content/pt-br/docs/reference/issues-security/issues.md @@ -4,9 +4,9 @@ weight: 10 aliases: [/pt-br/cve/,/pt-br/cves/] --- -Para reportar um problema de segurança, siga [processo de divulgação de issues do Kubernetes](/docs/reference/issues-security/security/#report-a-vulnerability). +Para reportar um problema de segurança, siga [processo de divulgação de segurança do Kubernetes](/docs/reference/issues-security/security/#report-a-vulnerability). -O trabalho no código do Kubernetes e os problemas de segurança podem ser encontrados usando [ GitHub Issues ](https://github.com/kubernetes/kubernetes/issues/). +O trabalho no código do Kubernetes e os problemas de segurança podem ser encontrados usando [issues do GitHub](https://github.com/kubernetes/kubernetes/issues/). * Lista [oficial de CVEs conhecidos](/docs/reference/issues-security/official-cve-feed/) (vulnerabilidades de segurança) que foram anunciados pelo From 20d71a2682e069761d5d73fc6d9ea1537396ec5e Mon Sep 17 00:00:00 2001 From: Ana Carolina Rodrigues Date: Wed, 22 Feb 2023 13:57:32 -0300 Subject: [PATCH 180/537] Update content/pt-br/docs/concepts/configuration/windows-resource-management.md --- .../docs/concepts/configuration/windows-resource-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/concepts/configuration/windows-resource-management.md b/content/pt-br/docs/concepts/configuration/windows-resource-management.md index 41d07c21ad41b..fda4f54e589f8 100644 --- a/content/pt-br/docs/concepts/configuration/windows-resource-management.md +++ b/content/pt-br/docs/concepts/configuration/windows-resource-management.md @@ -22,7 +22,7 @@ que o Kubernetes chama de {{< glossary_tooltip term_id="job" text="Job" >}}). Não há como executar um contêiner do Windows sem a filtragem de namespace. Isso significa que os privilégios do sistema não podem ser assegurados no contexto do host e, portanto, os contêineres privilegiados não estão disponíveis no Windows. -Os contêineres não podem assumir uma identidade do host porque o Gerente de Conta de Segurança ( Security Account Manager , ou SAM) é separado. +Os contêineres não podem assumir uma identidade do host porque o Gerente de Conta de Segurança (Security Account Manager, ou SAM) é separado. ## Gerenciamento de memória {#resource-management-memory} From 2a2c5cc2fb2d20887715c418d266739f40049282 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Wed, 22 Feb 2023 18:25:18 +0000 Subject: [PATCH 181/537] Fix Cilium Kubernetes Installation Guide link --- .../network-policy-provider/cilium-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md index af266688d5e64..be41448480974 100644 --- a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md +++ b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md @@ -82,7 +82,7 @@ policies using an example application. ## Deploying Cilium for Production Use For detailed instructions around deploying Cilium for production, see: -[Cilium Kubernetes Installation Guide](https://docs.cilium.io/en/stable/concepts/kubernetes/intro/) +[Cilium Kubernetes Installation Guide](https://docs.cilium.io/en/stable/network/kubernetes/concepts/) This documentation includes detailed requirements, instructions and example production DaemonSet files. From 5e4a37ab639687511e18819d7cc8cc2c5bac6470 Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 22 Feb 2023 21:06:22 +0100 Subject: [PATCH 182/537] add french translation for task 'Distribute Credentials Securely Using Secrets' --- .../distribute-credentials-secure.md | 354 ++++++++++++++++++ 1 file changed, 354 insertions(+) create mode 100644 content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md diff --git a/content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md b/content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md new file mode 100644 index 0000000000000..1459282e0040c --- /dev/null +++ b/content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md @@ -0,0 +1,354 @@ +--- +title: Distribuer des données sensibles de manière sécurisée avec les Secrets +content_type: task +weight: 50 +min-kubernetes-server-version: v1.6 +--- + + + +Cette page montre comment injecter des données sensibles comme des mots de passe ou des clés de chiffrement dans des Pods. + +## {{% heading "prerequisites" %}} + +{{< include "task-tutorial-prereqs.md" >}} + +### Encoder vos données en format base64 + +Supposons que vous avez deux données sensibles: un identifiant `my-app` et un +mot de passe +`39528$vdg7Jb`. Premièrement, utilisez un outil capable d'encoder vos données +dans un format base64. Voici un exemple en utilisant le programme base64: +```shell +echo -n 'my-app' | base64 +echo -n '39528$vdg7Jb' | base64 +``` + +Le résultat montre que la représentation base64 de l'utilisateur est `bXktYXBw`, +et que la représentation base64 du mot de passe est `Mzk1MjgkdmRnN0pi`. + +{{< caution >}} +Utilisez un outil local approuvé par votre système d'exploitation +afin de réduire les risques de sécurité liés à l'utilisation d'un outil externe. +{{< /caution >}} + + + +## Créer un Secret + +Voici un fichier de configuration que vous pouvez utiliser pour créer un Secret +qui contiendra votre identifiant et mot de passe: + +{{< codenew file="pods/inject/secret.yaml" >}} + +1. Créer le Secret + + ```shell + kubectl apply -f https://k8s.io/examples/pods/inject/secret.yaml + ``` + +1. Lister les informations du Secret: + + ```shell + kubectl get secret test-secret + ``` + + Résultat: + + ``` + NAME TYPE DATA AGE + test-secret Opaque 2 1m + ``` + +1. Afficher les informations détaillées du Secret: + + ```shell + kubectl describe secret test-secret + ``` + + Résultat: + + ``` + Name: test-secret + Namespace: default + Labels: + Annotations: + + Type: Opaque + + Data + ==== + password: 13 bytes + username: 7 bytes + ``` + +### Créer un Secret en utilisant kubectl + +Si vous voulez sauter l'étape d'encodage, vous pouvez créer le même Secret +en utilisant la commande `kubectl create secret`. Par exemple: + +```shell +kubectl create secret generic test-secret --from-literal='username=my-app' --from-literal='password=39528$vdg7Jb' +``` + +Cette approche est plus pratique. La façon de faire plus explicite +montrée précédemment permet de démontrer et comprendre le fonctionnement des Secrets. + + +## Créer un Pod qui a accès aux données sensibles à travers un Volume + +Voici un fichier de configuration qui permet de créer un Pod: + +{{< codenew file="pods/inject/secret-pod.yaml" >}} + +1. Créez le Pod: + + ```shell + kubectl apply -f https://k8s.io/examples/pods/inject/secret-pod.yaml + ``` + +1. Vérifiez que le Pod est opérationnel: + + ```shell + kubectl get pod secret-test-pod + ``` + + Résultat: + ``` + NAME READY STATUS RESTARTS AGE + secret-test-pod 1/1 Running 0 42m + ``` + +1. Exécutez une session shell dans le Container qui est dans votre Pod: + ```shell + kubectl exec -i -t secret-test-pod -- /bin/bash + ``` + +1. Les données sont exposées au container à travers un Volume monté sur +`/etc/secret-volume`. + + Dans votre shell, listez les fichiers du dossier `/etc/secret-volume`: + ```shell + # À exécuter à l'intérieur du container + ls /etc/secret-volume + ``` + Le résultat montre deux fichiers, un pour chaque donnée du Secret: + ``` + password username + ``` + +1. Toujours dans le shell, affichez le contenu des fichiers + `username` et `password`: + ```shell + # À exécuter à l'intérieur du container + echo "$( cat /etc/secret-volume/username )" + echo "$( cat /etc/secret-volume/password )" + ``` + Le résultat doit contenir votre identifiant et mot de passe: + ``` + my-app + 39528$vdg7Jb + ``` + +Vous pouvez alors modifier votre image ou votre ligne de commande pour que le programme recherche les fichiers contenus dans le dossier `mountPath`. +Chaque clé du Secret `data` sera exposé comme un fichier à l'intérieur du dossier. + +### Monter les données du Secret sur des chemins spécifiques + +Vous pouvez contrôler les chemins sur lesquels les données des Secrets sont montées. +Utilisez le champ `.spec.volumes[].secret.items` pour changer le +chemin cible de chaque donnée: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: mypod + image: redis + volumeMounts: + - name: foo + mountPath: "/etc/foo" + readOnly: true + volumes: + - name: foo + secret: + secretName: mysecret + items: + - key: username + path: my-group/my-username +``` + +Voici ce qu'il se passe lorsque vous déployez ce Pod: + +* La clé `username` du Secret `mysecret` est montée dans le container sur le chemin + `/etc/foo/my-group/my-username` au lieu de `/etc/foo/username`. +* La clé `password` du Secret n'est pas montée dans le container. + +Si vous listez de manière explicite les clés en utilisant le champ `.spec.volumes[].secret.items`, +il est important de prendre en considération les points suivants: + +* Seules les clés listées dans le champ `items` seront montées. +* Pour monter toutes les clés du Secret, toutes doivent être + définies dans le champ `items`. +* Toutes les clés définis doivent exister dans le Secret. + Sinon, le volume ne sera pas créé. + +### Appliquer des permissions POSIX aux données + +Vous pouvez appliquer des permissions POSIX pour une clé d'un Secret. Si vous n'en configurez pas, les permissions seront par défault `0644`. +Vous pouvez aussi définir des permissions pour tout un Secret, et redéfinir les permissions pour chaque clé si nécessaire. + +Par exemple, il est possible de définir un mode par défaut: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: mypod + image: redis + volumeMounts: + - name: foo + mountPath: "/etc/foo" + volumes: + - name: foo + secret: + secretName: mysecret + defaultMode: 0400 +``` + +Le Secret sera monté sur `/etc/foo`; tous les fichiers créés par le secret +auront des permissions de type `0400`. + +{{< note >}} +Si vous définissez un Pod en utilisant le format JSON, il est important de +noter que la spécification JSON ne supporte pas le système octal, et qu'elle +comprendra la valeur `0400` comme la valeur _décimale_ `400`. +En JSON, utilisez plutôt l'écriture décimale pour le champ `defaultMode`. +Si vous utilisez YAML, vous pouvez utiliser le système octal +pour définir `defaultMode`. +{{< /note >}} + +## Définir des variables d'environnement avec des Secrets + +Il est possible de monter les données de Secrets comme variables d'environnement dans vos containers. + +Si un container consomme déja un Secret en variables d'environnement, +la mise à jour de ce Secret ne sera pas répercutée tant qu'il n'aura pas été +redémarré. Il existe cependant des solutions tierces permettant de +redémarrer les containers lors d'une mise à jour du Secret. + +### Définir une variable d'environnement à partir d'un seul Secret + +* Définissez une variable d'environnement et sa valeur à l'intérieur d'un Secret: + + ```shell + kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' + ``` + +* Assignez la valeur de `backend-username` définie dans le Secret +à la variable d'environnement `SECRET_USERNAME` dans la configuration du Pod. + + {{< codenew file="pods/inject/pod-single-secret-env-variable.yaml" >}} + +* Créez le Pod: + + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-single-secret-env-variable.yaml + ``` + +* À l'intérieur d'une session shell, affichez le contenu de la variable + d'environnement `SECRET_USERNAME`: + + ```shell + kubectl exec -i -t env-single-secret -- /bin/sh -c 'echo $SECRET_USERNAME' + ``` + + Le résultat est: + ``` + backend-admin + ``` + +### Définir des variables d'environnement à partir de plusieurs Secrets + +* Comme précédemment, créez d'abord les Secrets: + + ```shell + kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' + kubectl create secret generic db-user --from-literal=db-username='db-admin' + ``` + +* Définissez les variables d'environnement dans la configuration du Pod. + + {{< codenew file="pods/inject/pod-multiple-secret-env-variable.yaml" >}} + +* Créez le Pod: + + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-multiple-secret-env-variable.yaml + ``` + +* Dans un shell, listez les variables d'environnement du container: + + ```shell + kubectl exec -i -t envvars-multiple-secrets -- /bin/sh -c 'env | grep _USERNAME' + ``` + Le résultat est + ``` + DB_USERNAME=db-admin + BACKEND_USERNAME=backend-admin + ``` + + +## Configurez toutes les paires de clé-valeur d'un Secret comme variables d'environnement + +{{< note >}} +Cette fonctionnalité n'est disponible que dans les versions de Kubernetes +égales ou supérieures à v1.6. +{{< /note >}} + +* Créez un Secret contenant plusieurs paires de clé-valeur + + ```shell + kubectl create secret generic test-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' + ``` + +* Utilisez `envFrom` pour définir toutes les données du Secret comme variables + d'environnement. Les clés du Secret deviendront les noms des variables + d'environnement à l'intérieur du Pod. + + {{< codenew file="pods/inject/pod-secret-envFrom.yaml" >}} + +* Créez le Pod: + + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-secret-envFrom.yaml + ``` + +* Dans votre shell, affichez les variables d'environnement `username` et `password` + + ```shell + kubectl exec -i -t envfrom-secret -- /bin/sh -c 'echo "username: $username\npassword: $password\n"' + ``` + + Le résultat est + ``` + username: my-app + password: 39528$vdg7Jb + ``` + +### Références + +* [Secret](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core) +* [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core) +* [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core) + +## {{% heading "whatsnext" %}} + +* En savoir plus sur les [Secrets](/docs/concepts/configuration/secret/). +* En savoir plus sur les [Volumes](/docs/concepts/storage/volumes/). From 0e538cbbce8b5f82378e6113cfff6b2ce38f76c9 Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 22 Feb 2023 21:06:42 +0100 Subject: [PATCH 183/537] add french example files for task 'Distribute Credentials Securely Using Secrets' --- .../pod-multiple-secret-env-variable.yaml | 19 +++++++++++++++++++ .../pods/inject/pod-secret-envFrom.yaml | 11 +++++++++++ .../pod-single-secret-env-variable.yaml | 14 ++++++++++++++ .../pods/inject/secret-envars-pod.yaml | 19 +++++++++++++++++++ .../fr/examples/pods/inject/secret-pod.yaml | 18 ++++++++++++++++++ content/fr/examples/pods/inject/secret.yaml | 7 +++++++ 6 files changed, 88 insertions(+) create mode 100644 content/fr/examples/pods/inject/pod-multiple-secret-env-variable.yaml create mode 100644 content/fr/examples/pods/inject/pod-secret-envFrom.yaml create mode 100644 content/fr/examples/pods/inject/pod-single-secret-env-variable.yaml create mode 100644 content/fr/examples/pods/inject/secret-envars-pod.yaml create mode 100644 content/fr/examples/pods/inject/secret-pod.yaml create mode 100644 content/fr/examples/pods/inject/secret.yaml diff --git a/content/fr/examples/pods/inject/pod-multiple-secret-env-variable.yaml b/content/fr/examples/pods/inject/pod-multiple-secret-env-variable.yaml new file mode 100644 index 0000000000000..f285e4193262c --- /dev/null +++ b/content/fr/examples/pods/inject/pod-multiple-secret-env-variable.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Pod +metadata: + name: envvars-multiple-secrets +spec: + containers: + - name: envars-test-container + image: nginx + env: + - name: BACKEND_USERNAME + valueFrom: + secretKeyRef: + name: backend-user + key: backend-username + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: db-user + key: db-username diff --git a/content/fr/examples/pods/inject/pod-secret-envFrom.yaml b/content/fr/examples/pods/inject/pod-secret-envFrom.yaml new file mode 100644 index 0000000000000..eb1d3213efe34 --- /dev/null +++ b/content/fr/examples/pods/inject/pod-secret-envFrom.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: envfrom-secret +spec: + containers: + - name: envars-test-container + image: nginx + envFrom: + - secretRef: + name: test-secret diff --git a/content/fr/examples/pods/inject/pod-single-secret-env-variable.yaml b/content/fr/examples/pods/inject/pod-single-secret-env-variable.yaml new file mode 100644 index 0000000000000..af4cf8732fe38 --- /dev/null +++ b/content/fr/examples/pods/inject/pod-single-secret-env-variable.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: env-single-secret +spec: + containers: + - name: envars-test-container + image: nginx + env: + - name: SECRET_USERNAME + valueFrom: + secretKeyRef: + name: backend-user + key: backend-username diff --git a/content/fr/examples/pods/inject/secret-envars-pod.yaml b/content/fr/examples/pods/inject/secret-envars-pod.yaml new file mode 100644 index 0000000000000..1637c0eac3560 --- /dev/null +++ b/content/fr/examples/pods/inject/secret-envars-pod.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Pod +metadata: + name: secret-envars-test-pod +spec: + containers: + - name: envars-test-container + image: nginx + env: + - name: SECRET_USERNAME + valueFrom: + secretKeyRef: + name: test-secret + key: username + - name: SECRET_PASSWORD + valueFrom: + secretKeyRef: + name: test-secret + key: password diff --git a/content/fr/examples/pods/inject/secret-pod.yaml b/content/fr/examples/pods/inject/secret-pod.yaml new file mode 100644 index 0000000000000..8487da8d1c14d --- /dev/null +++ b/content/fr/examples/pods/inject/secret-pod.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: secret-test-pod +spec: + containers: + - name: test-container + image: nginx + volumeMounts: + # name must match the volume name below + - name: secret-volume + mountPath: /etc/secret-volume + readOnly: true + # The secret data is exposed to Containers in the Pod through a Volume. + volumes: + - name: secret-volume + secret: + secretName: test-secret diff --git a/content/fr/examples/pods/inject/secret.yaml b/content/fr/examples/pods/inject/secret.yaml new file mode 100644 index 0000000000000..706ca8670fa8d --- /dev/null +++ b/content/fr/examples/pods/inject/secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: test-secret +data: + username: bXktYXBw + password: Mzk1MjgkdmRnN0pi From 7bf363a7542cd17d508fc8edbc088a601353b139 Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 22 Feb 2023 21:30:28 +0100 Subject: [PATCH 184/537] final pass on typos & formatting --- .../distribute-credentials-secure.md | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md b/content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md index 1459282e0040c..f2052c52ff63b 100644 --- a/content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md +++ b/content/fr/docs/tasks/inject-data-application/distribute-credentials-secure.md @@ -41,13 +41,13 @@ qui contiendra votre identifiant et mot de passe: {{< codenew file="pods/inject/secret.yaml" >}} -1. Créer le Secret +1. Créez le Secret: ```shell kubectl apply -f https://k8s.io/examples/pods/inject/secret.yaml ``` -1. Lister les informations du Secret: +1. Listez les informations du Secret: ```shell kubectl get secret test-secret @@ -60,7 +60,7 @@ qui contiendra votre identifiant et mot de passe: test-secret Opaque 2 1m ``` -1. Afficher les informations détaillées du Secret: +1. Affichez les informations détaillées du Secret: ```shell kubectl describe secret test-secret @@ -150,8 +150,9 @@ Voici un fichier de configuration qui permet de créer un Pod: 39528$vdg7Jb ``` -Vous pouvez alors modifier votre image ou votre ligne de commande pour que le programme recherche les fichiers contenus dans le dossier `mountPath`. -Chaque clé du Secret `data` sera exposé comme un fichier à l'intérieur du dossier. +Vous pouvez alors modifier votre image ou votre ligne de commande pour que le programme +recherche les fichiers contenus dans le dossier du champ `mountPath`. +Chaque clé du Secret `data` sera exposée comme un fichier à l'intérieur de ce dossier. ### Monter les données du Secret sur des chemins spécifiques @@ -193,12 +194,12 @@ il est important de prendre en considération les points suivants: * Seules les clés listées dans le champ `items` seront montées. * Pour monter toutes les clés du Secret, toutes doivent être définies dans le champ `items`. -* Toutes les clés définis doivent exister dans le Secret. +* Toutes les clés définies doivent exister dans le Secret. Sinon, le volume ne sera pas créé. ### Appliquer des permissions POSIX aux données -Vous pouvez appliquer des permissions POSIX pour une clé d'un Secret. Si vous n'en configurez pas, les permissions seront par défault `0644`. +Vous pouvez appliquer des permissions POSIX pour une clé d'un Secret. Si vous n'en configurez pas, les permissions seront par défaut `0644`. Vous pouvez aussi définir des permissions pour tout un Secret, et redéfinir les permissions pour chaque clé si nécessaire. Par exemple, il est possible de définir un mode par défaut: @@ -230,18 +231,18 @@ Si vous définissez un Pod en utilisant le format JSON, il est important de noter que la spécification JSON ne supporte pas le système octal, et qu'elle comprendra la valeur `0400` comme la valeur _décimale_ `400`. En JSON, utilisez plutôt l'écriture décimale pour le champ `defaultMode`. -Si vous utilisez YAML, vous pouvez utiliser le système octal +Si vous utilisez le format YAML, vous pouvez utiliser le système octal pour définir `defaultMode`. {{< /note >}} ## Définir des variables d'environnement avec des Secrets -Il est possible de monter les données de Secrets comme variables d'environnement dans vos containers. +Il est possible de monter les données des Secrets comme variables d'environnement dans vos containers. Si un container consomme déja un Secret en variables d'environnement, -la mise à jour de ce Secret ne sera pas répercutée tant qu'il n'aura pas été -redémarré. Il existe cependant des solutions tierces permettant de -redémarrer les containers lors d'une mise à jour du Secret. +la mise à jour de ce Secret ne sera pas répercutée dans le container tant +qu'il n'aura pas été redémarré. Il existe cependant des solutions tierces +permettant de redémarrer les containers lors d'une mise à jour du Secret. ### Définir une variable d'environnement à partir d'un seul Secret @@ -252,7 +253,7 @@ redémarrer les containers lors d'une mise à jour du Secret. ``` * Assignez la valeur de `backend-username` définie dans le Secret -à la variable d'environnement `SECRET_USERNAME` dans la configuration du Pod. + à la variable d'environnement `SECRET_USERNAME` dans la configuration du Pod. {{< codenew file="pods/inject/pod-single-secret-env-variable.yaml" >}} @@ -298,7 +299,7 @@ redémarrer les containers lors d'une mise à jour du Secret. ```shell kubectl exec -i -t envvars-multiple-secrets -- /bin/sh -c 'env | grep _USERNAME' ``` - Le résultat est + Le résultat est: ``` DB_USERNAME=db-admin BACKEND_USERNAME=backend-admin @@ -312,7 +313,7 @@ Cette fonctionnalité n'est disponible que dans les versions de Kubernetes égales ou supérieures à v1.6. {{< /note >}} -* Créez un Secret contenant plusieurs paires de clé-valeur +* Créez un Secret contenant plusieurs paires de clé-valeur: ```shell kubectl create secret generic test-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' @@ -330,13 +331,13 @@ Cette fonctionnalité n'est disponible que dans les versions de Kubernetes kubectl create -f https://k8s.io/examples/pods/inject/pod-secret-envFrom.yaml ``` -* Dans votre shell, affichez les variables d'environnement `username` et `password` +* Dans votre shell, affichez les variables d'environnement `username` et `password`: ```shell kubectl exec -i -t envfrom-secret -- /bin/sh -c 'echo "username: $username\npassword: $password\n"' ``` - Le résultat est + Le résultat est: ``` username: my-app password: 39528$vdg7Jb From 351c4789df25beeb21449cf247e9e770b9047ec7 Mon Sep 17 00:00:00 2001 From: Arhell Date: Thu, 23 Feb 2023 00:05:43 +0200 Subject: [PATCH 185/537] rename config.toml to hugo.toml --- config.toml => hugo.toml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename config.toml => hugo.toml (100%) diff --git a/config.toml b/hugo.toml similarity index 100% rename from config.toml rename to hugo.toml From 997a437c76be4fee4f4cd02048e789669c54a828 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 24 Nov 2022 18:19:22 +0000 Subject: [PATCH 186/537] Revise glossary entry for Service --- .../docs/concepts/services-networking/service.md | 2 +- content/en/docs/reference/glossary/service.md | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md index df4895e52fbab..bb6b1d3750029 100644 --- a/content/en/docs/concepts/services-networking/service.md +++ b/content/en/docs/concepts/services-networking/service.md @@ -16,7 +16,7 @@ weight: 10 -{{< glossary_definition term_id="service" length="short" >}} +{{< glossary_definition term_id="service" length="short" prepend="In Kubernetes, a Service is" >}} A key aim of Services in Kubernetes is that you don't need to modify your existing application to use an unfamiliar service discovery mechanism. diff --git a/content/en/docs/reference/glossary/service.md b/content/en/docs/reference/glossary/service.md index eb2b745e222ab..305418dbc4677 100644 --- a/content/en/docs/reference/glossary/service.md +++ b/content/en/docs/reference/glossary/service.md @@ -5,14 +5,21 @@ date: 2018-04-12 full_link: /docs/concepts/services-networking/service/ short_description: > A way to expose an application running on a set of Pods as a network service. - -aka: tags: - fundamental - core-object --- -An abstract way to expose an application running on a set of {{< glossary_tooltip text="Pods" term_id="pod" >}} as a network service. +A method for exposing a network application that is running as one or more +{{< glossary_tooltip text="Pods" term_id="pod" >}} in your cluster. - The set of Pods targeted by a Service is (usually) determined by a {{< glossary_tooltip text="selector" term_id="selector" >}}. If more Pods are added or removed, the set of Pods matching the selector will change. The Service makes sure that network traffic can be directed to the current set of Pods for the workload. +The set of Pods targeted by a Service is (usually) determined by a +{{< glossary_tooltip text="selector" term_id="selector" >}}. If more Pods are added or removed, +the set of Pods matching the selector will change. The Service makes sure that network traffic +can be directed to the current set of Pods for the workload. + +Kubernetes Services either use IP networking (IPv4, IPv6, or both), or reference an external name in +the Domain Name System (DNS). + +The Service abstraction enables other mechanisms, such as Ingress and Gateway. From 9064af2b4dfd9948d9ab35c56e82347a73bc38e5 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Sun, 29 Jan 2023 19:44:57 +0800 Subject: [PATCH 187/537] Remove redirect entries for docs/admin/... pages --- .../concepts/storage/persistent-volumes.md | 2 +- .../kubelet-tls-bootstrapping.md | 2 +- content/en/docs/reference/glossary/kubeadm.md | 2 +- static/_redirects | 67 ------------------- 4 files changed, 3 insertions(+), 70 deletions(-) diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 27d5bd2ac71b8..6df299674b40f 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -82,7 +82,7 @@ needs to enable the `DefaultStorageClass` on the API server. This can be done, for example, by ensuring that `DefaultStorageClass` is among the comma-delimited, ordered list of values for the `--enable-admission-plugins` flag of the API server component. For more information on API server command-line flags, -check [kube-apiserver](/docs/admin/kube-apiserver/) documentation. +check [kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/) documentation. ### Binding diff --git a/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md b/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md index 31ab932589918..c1b33647407c1 100644 --- a/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md +++ b/content/en/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md @@ -307,7 +307,7 @@ roleRef: ``` The `csrapproving` controller that ships as part of -[kube-controller-manager](/docs/admin/kube-controller-manager/) and is enabled +[kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/) and is enabled by default. The controller uses the [`SubjectAccessReview` API](/docs/reference/access-authn-authz/authorization/#checking-api-access) to determine if a given user is authorized to request a CSR, then approves based on diff --git a/content/en/docs/reference/glossary/kubeadm.md b/content/en/docs/reference/glossary/kubeadm.md index 74cc0d1f6aaeb..e1e7e0a831020 100644 --- a/content/en/docs/reference/glossary/kubeadm.md +++ b/content/en/docs/reference/glossary/kubeadm.md @@ -2,7 +2,7 @@ title: Kubeadm id: kubeadm date: 2018-04-12 -full_link: /docs/admin/kubeadm/ +full_link: /docs/reference/setup-tools/kubeadm/ short_description: > A tool for quickly installing Kubernetes and setting up a secure cluster. diff --git a/static/_redirects b/static/_redirects index ba55969fc1337..3b7fe31bbb38c 100644 --- a/static/_redirects +++ b/static/_redirects @@ -23,50 +23,6 @@ /zh-cn/docs/ /zh-cn/docs/home/ 301! /blog/2018/03/kubernetes-1.10-stabilizing-storage-security-networking/ /blog/2018/03/26/kubernetes-1.10-stabilizing-storage-security-networking/ 301! /blog/2020/08/25/kubernetes-release-1.19-accentuate-the-paw-sitive/ /blog/2020/08/26/kubernetes-release-1.19-accentuate-the-paw-sitive/ 301! -/docs/admin/ /docs/concepts/cluster-administration/ 301 -/docs/admin/add-ons/ /docs/concepts/cluster-administration/addons/ 301 -/docs/admin/addons/ /docs/concepts/cluster-administration/addons/ 301 -/docs/admin/apparmor/ /docs/tutorials/clusters/apparmor/ 301 -/docs/admin/audit/ /docs/tasks/debug/debug-cluster/audit/ 301 -/docs/admin/authorization/rbac.md /docs/admin/authorization/rbac/ 301 -/docs/admin/cluster-components/ /docs/concepts/overview/components/ 301 -/docs/admin/cluster-management/ /docs/tasks/administer-cluster/ 302 -/id/docs/admin/cluster-management/ /id/docs/tasks/administer-cluster/ 302 -/docs/admin/cluster-troubleshooting/ /docs/tasks/debug/debug-cluster/ 301 -/docs/admin/daemons/ /docs/concepts/workloads/controllers/daemonset/ 301 -/docs/admin/disruptions/ /docs/concepts/workloads/pods/disruptions/ 301 -/docs/admin/dns/ /docs/concepts/services-networking/dns-pod-service/ 301 -/docs/admin/etcd/ /docs/tasks/administer-cluster/configure-upgrade-etcd/ 301 -/docs/admin/etcd_upgrade/ /docs/tasks/administer-cluster/configure-upgrade-etcd/ 301 -/docs/admin/extensible-admission-controllers.md /docs/reference/access-authn-authz/extensible-admission-controllers/ 301 -/docs/admin/garbage-collection/ /docs/concepts/cluster-administration/kubelet-garbage-collection/ 301 -/docs/admin/ha-master-gce/ /docs/setup/production-environment/#production-control-plane 301 -/docs/admin/ha-master-gce.md/ /docs/setup/production-environment/#production-control-plane 301 -/docs/admin/high-availability/ /docs/setup/production-environment/tools/kubeadm/high-availability/ 301 -/docs/admin/kubelet-authentication-authorization/ /docs/reference/access-authn-authz/kubelet-authn-authz/ 301 -/docs/admin/kubelet-tls-bootstrapping/ /docs/reference/access-authn-authz/kubelet-tls-bootstrapping/ 301 -/docs/admin/limitrange/ /docs/tasks/administer-cluster/cpu-memory-limit/ 301 -/docs/admin/limitrange/Limits/ /docs/tasks/administer-cluster/limit-storage-consumption/#limitrange-to-limit-requests-for-storage/ 301 -/docs/admin/master-node-communication/ /docs/concepts/architecture/master-node-communication/ 301 -/docs/admin/multiple-schedulers/ /docs/tasks/administer-cluster/configure-multiple-schedulers/ 301 -/docs/admin/namespaces/ /docs/tasks/administer-cluster/namespaces/ 301 -/docs/admin/namespaces/walkthrough/ /docs/tasks/administer-cluster/namespaces-walkthrough/ 301 -/docs/admin/network-plugins/ /docs/concepts/cluster-administration/network-plugins/ 301 -/docs/admin/networking/ /docs/concepts/cluster-administration/networking/ 301 -/docs/admin/node/ /docs/concepts/architecture/nodes/ 301 -/docs/admin/node-allocatable/ /docs/tasks/administer-cluster/reserve-compute-resources/ 301 -/docs/admin/node-allocatable.md /docs/tasks/administer-cluster/reserve-compute-resources/ 301 -/docs/admin/node-conformance.md /docs/admin/node-conformance/ 301 -/docs/admin/node-conformance/ /docs/setup/best-practices/node-conformance/ 301 -/docs/admin/node-problem/ /docs/tasks/debug/debug-cluster/monitor-node-health/ 301 -/docs/admin/out-of-resource/ /docs/concepts/scheduling-eviction/node-pressure-eviction/ 301 -/docs/admin/rescheduler/ /docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ 301 -/docs/admin/resourcequota/* /docs/concepts/policy/resource-quotas/ 301 -/docs/admin/resourcequota/limitstorageconsumption/ /docs/tasks/administer-cluster/limit-storage-consumption/ 301 -/docs/admin/resourcequota/walkthrough/ /docs/tasks/administer-cluster/quota-api-object/ 301 -/docs/admin/static-pods/ /docs/tasks/administer-cluster/static-pod/ 301 -/docs/admin/sysctls/ /docs/tasks/administer-cluster/sysctl-cluster/ 301 -/docs/admin/resource-quota/ /docs/concepts/policy/resource-quotas/ 301 /docs/api/ /docs/concepts/overview/kubernetes-api/ 301 @@ -501,41 +457,18 @@ /serviceaccount/token/ /docs/tasks/configure-pod-container/configure-service-account/ 301 /third_party/swagger-ui/* /docs/reference/ 301 -/docs/admin/cloud-controller-manager/ /docs/reference/generated/cloud-controller-manager/ 301 -/docs/admin/kube-apiserver/ /docs/reference/generated/kube-apiserver/ 301 -/docs/admin/kube-controller-manager/ /docs/reference/generated/kube-controller-manager/ 301 -/docs/admin/kube-proxy/ /docs/reference/generated/kube-proxy/ 301 -/docs/admin/kube-scheduler/ /docs/reference/generated/kube-scheduler/ 301 -/docs/admin/kubeadm/ /docs/reference/generated/kubeadm/ 301 -/docs/admin/kubelet/ /docs/reference/generated/kubelet/ 301 - /docs/reference/generated/kubeadm/ /docs/reference/setup-tools/kubeadm/ 301 /docs/reference/setup-tools/kubeadm/kubeadm/ /docs/reference/setup-tools/kubeadm/ 301 /editdocs/ /docs/contribute/ 301 /docs/home/editdocs/ /docs/contribute/ 301 -/docs/admin/accessing-the-api/ /docs/concepts/overview/kubernetes-api/ 301 -/docs/admin/admission-controllers/ /docs/reference/access-authn-authz/admission-controllers/ 301 -/docs/admin/authentication/ /docs/reference/access-authn-authz/authentication/ 301 -/docs/admin/bootstrap-tokens/ /docs/reference/access-authn-authz/bootstrap-tokens/ 301 - -/docs/admin/extensible-admission-controllers/ /docs/reference/access-authn-authz/extensible-admission-controllers/ 301 -/docs/admin/service-accounts-admin/ /docs/reference/access-authn-authz/service-accounts-admin/ 301 -/docs/admin/authorization/abac/ /docs/reference/access-authn-authz/abac/ 301 -/docs/admin/authorization/node/ /docs/reference/access-authn-authz/node/ 301 -/docs/admin/authorization/rbac/ /docs/reference/access-authn-authz/rbac/ 301 -/docs/admin/authorization/webhook/ /docs/reference/access-authn-authz/webhook/ 301 -/docs/admin/authorization/ /docs/reference/access-authn-authz/authorization/ 301 -/docs/admin/high-availability/building/ /docs/setup/production-environment/tools/kubeadm/high-availability/ 301 - /code-of-conduct/ /community/code-of-conduct/ 301 /values/ /community/values/ 302 /dockershim /blog/2022/02/17/dockershim-faq/ 302 /dockershim/ /blog/2022/02/17/dockershim-faq/ 302 - /docs/setup/release/notes/ /releases/notes/ 302 /docs/setup/release/ /releases/ 301 /docs/setup/version-skew-policy/ /releases/version-skew-policy/ 301 From b832ead744d3e8fc5be229cc1f6b83ea1815e017 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Sun, 29 Jan 2023 20:15:27 +0800 Subject: [PATCH 188/537] Clean up redirects for 'docs/user-guide/...' entries This is the second PR for cleaning up old redirection entries that are more than 4 years old. The `docs/user-guide` directory was removed on in June, 2018. It should be okay to remove these entries since those old bookmarks are no longer useful anyway. --- content/en/docs/reference/glossary/kubectl.md | 2 +- .../kubernetes-basics/scale/scale-intro.html | 2 +- static/_redirects | 100 ------------------ 3 files changed, 2 insertions(+), 102 deletions(-) diff --git a/content/en/docs/reference/glossary/kubectl.md b/content/en/docs/reference/glossary/kubectl.md index 61f93b9cf6244..7963cd77b2ab4 100644 --- a/content/en/docs/reference/glossary/kubectl.md +++ b/content/en/docs/reference/glossary/kubectl.md @@ -2,7 +2,7 @@ title: Kubectl id: kubectl date: 2018-04-12 -full_link: /docs/user-guide/kubectl-overview/ +full_link: /docs/reference/kubectl/ short_description: > A command line tool for communicating with a Kubernetes cluster. diff --git a/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html b/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html index c662cf00a6a82..3b83a61f0827e 100644 --- a/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html @@ -84,7 +84,7 @@

    Scaling overview

    -

    Scaling out a Deployment will ensure new Pods are created and scheduled to Nodes with available resources. Scaling will increase the number of Pods to the new desired state. Kubernetes also supports autoscaling of Pods, but it is outside of the scope of this tutorial. Scaling to zero is also possible, and it will terminate all Pods of the specified Deployment.

    +

    Scaling out a Deployment will ensure new Pods are created and scheduled to Nodes with available resources. Scaling will increase the number of Pods to the new desired state. Kubernetes also supports autoscaling of Pods, but it is outside of the scope of this tutorial. Scaling to zero is also possible, and it will terminate all Pods of the specified Deployment.

    Running multiple instances of an application will require a way to distribute the traffic to all of them. Services have an integrated load-balancer that will distribute network traffic to all Pods of an exposed Deployment. Services will monitor continuously the running Pods using endpoints, to ensure the traffic is sent only to available Pods.

    diff --git a/static/_redirects b/static/_redirects index 3b7fe31bbb38c..f4bd3250907d1 100644 --- a/static/_redirects +++ b/static/_redirects @@ -198,7 +198,6 @@ /docs/roadmap/ https://github.com/kubernetes/kubernetes/milestones/ 301 /docs/samples/ /docs/tutorials/ 301 -/docs/stable/user-guide/labels/ /docs/concepts/overview/working-with-objects/labels/ 301 /docs/tasks/access-application-cluster/access-cluster.md /docs/tasks/access-application-cluster/access-cluster/ 301! /docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/ /docs/tasks/access-application-cluster/configure-access-multiple-clusters/ 301 @@ -343,106 +342,7 @@ /docs/tutorials/stateless-application/run-stateless-ap-replication-controller/ /docs/tasks/run-application/run-stateless-application-deployment/ 301 /docs/tutorials/stateless-application/run-stateless-application-deployment/ /docs/tasks/run-application/run-stateless-application-deployment/ 301 -/docs/user-guide/ /docs/home/ 301 -/docs/user-guide/accessing-the-cluster/ /docs/tasks/access-application-cluster/access-cluster/ 301 -/docs/user-guide/add-entries-to-pod-etc-hosts-with-host-aliases/ /docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ 301 -/docs/user-guide/annotations/ /docs/concepts/overview/working-with-objects/annotations/ 301 -/docs/user-guide/application-troubleshooting/ /docs/tasks/debug/debug-application/debug-pods/ 301 -/docs/user-guide/compute-resources/ /docs/concepts/configuration/manage-compute-resources-container/ 301 -/docs/user-guide/config-best-practices/ /docs/concepts/configuration/overview/ 301 -/docs/user-guide/configmap/ /docs/tasks/configure-pod-container/configure-pod-configmap/ 301 -/docs/user-guide/configmap/README/ /docs/tasks/configure-pod-container/configure-pod-configmap/ 301 -/docs/user-guide/configuring-containers/ /docs/tasks/configure-pod-container/configure-pod-configmap/ 301 -/docs/user-guide/connecting-applications/ /docs/tutorials/services/connect-applications-service/ 301 -/docs/user-guide/connecting-to-applications-port-forward/ /docs/tasks/access-application-cluster/port-forward-access-application-cluster/ 301 -/docs/user-guide/connecting-to-applications-proxy/ /docs/tasks/access-kubernetes-api/http-proxy-access-api/ 301 -/docs/user-guide/container-environment/ /docs/concepts/containers/container-lifecycle-hooks/ 301 -/docs/user-guide/containers/ /docs/tasks/inject-data-application/define-command-argument-container/ 301 -/docs/user-guide/cron-jobs/ /docs/concepts/workloads/controllers/cron-jobs/ 301 -/docs/user-guide/debugging-pods-and-replication-controllers/ /docs/tasks/debug/debug-application/debug-pods/ 301 -/docs/user-guide/debugging-services/ /docs/tasks/debug/debug-application/debug-service/ 301 -/docs/user-guide/deploying-applications/ /docs/tasks/run-application/run-stateless-application-deployment/ 301 -/docs/user-guide/deployments/ /docs/concepts/workloads/controllers/deployment/ 301 -/docs/user-guide/docker-cli-to-kubectl/ /docs/reference/kubectl/docker-cli-to-kubectl/ -/docs/user-guide/downward-api/ /docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/ 301 -/docs/user-guide/downward-api/README/ /docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/ 301 -/docs/user-guide/downward-api/volume/ /docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/ 301 -/docs/user-guide/environment-guide/ /docs/tasks/inject-data-application/environment-variable-expose-pod-information/ 301 -/docs/user-guide/garbage-collection/ /docs/concepts/workloads/controllers/garbage-collection/ 301 -/docs/user-guide/garbage-collector/* /docs/concepts/workloads/controllers/garbage-collection/ 301 -/docs/user-guide/gpus/ /docs/tasks/manage-gpus/scheduling-gpus/ 301 -/docs/user-guide/horizontal-pod-autoscaler/* /docs/tasks/run-application/horizontal-pod-autoscale/ 301 -/docs/user-guide/horizontal-pod-autoscaling/ /docs/tasks/run-application/horizontal-pod-autoscale/ 301 -/docs/user-guide/horizontal-pod-autoscaling/walkthrough/ /docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/ 301 -/docs/user-guide/horizontal-pod-autoscaling/walkthrough.md /docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/ 301 -/docs/user-guide/identifiers/ /docs/concepts/overview/working-with-objects/names/ 301 -/docs/user-guide/images/ /docs/concepts/containers/images/ 301 -/docs/user-guide/ingress/ /docs/concepts/services-networking/ingress/ 301 -/docs/user-guide/ingress.md /docs/concepts/services-networking/ingress/ 301 -/docs/user-guide/introspection-and-debugging/ /docs/tasks/debug/debug-application/debug-running-pod/ 301 -/docs/user-guide/jsonpath/ /docs/reference/kubectl/jsonpath/ -/docs/user-guide/jobs/ /docs/concepts/workloads/controllers/job/ 301 -/id/docs/user-guide/jobs/ /id/docs/concepts/workloads/controllers/job/ 301 -/docs/user-guide/jobs/expansions/ /docs/tasks/job/parallel-processing-expansion/ 301 -/docs/user-guide/jobs/work-queue-1/ /docs/tasks/job/coarse-parallel-processing-work-queue/ 301 -/docs/user-guide/jobs/work-queue-2/ /docs/tasks/job/fine-parallel-processing-work-queue/ 301 -/docs/user-guide/kubeconfig-file/ /docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/ 301 -/docs/user-guide/kubectl-overview/ /docs/reference/kubectl/ 301 -/docs/user-guide/kubectl/ /docs/reference/generated/kubectl/kubectl-options/ -/docs/user-guide/kubectl-conventions/ /docs/reference/kubectl/conventions/ -/docs/user-guide/kubectl-cheatsheet/ /docs/reference/kubectl/cheatsheet/ /cheatsheet /docs/reference/kubectl/cheatsheet/ 302 -/docs/user-guide/kubectl/kubectl_* /docs/reference/generated/kubectl/kubectl-commands#:splat 301 -/docs/user-guide/labels/ /docs/concepts/overview/working-with-objects/labels/ 301 -/docs/user-guide/liveness/ /docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ 301 -/docs/user-guide/load-balancer/ /docs/tasks/access-application-cluster/create-external-load-balancer/ 301 -/docs/user-guide/logging/ /docs/concepts/cluster-administration/logging/ 301 -/docs/user-guide/logging/overview/ /docs/concepts/cluster-administration/logging/ 301 -/docs/user-guide/managing-deployments/ /docs/concepts/cluster-administration/manage-deployment/ 301 -/docs/user-guide/monitoring/ /docs/tasks/debug/debug-cluster/resource-usage-monitoring/ 301 -/docs/user-guide/namespaces/ /docs/concepts/overview/working-with-objects/namespaces/ 301 -/docs/user-guide/networkpolicies/ /docs/concepts/services-networking/network-policies/ 301 -/docs/user-guide/node-selection/ /docs/concepts/scheduling-eviction/assign-pod-node/ 301 -/docs/user-guide/node-selection/README /docs/concepts/scheduling-eviction/assign-pod-node/ 301 -/docs/user-guide/overview/ /docs/concepts/overview/what-is-kubernetes/ 301 -/docs/user-guide/persistent-volumes/ /docs/concepts/storage/persistent-volumes/ 301 -/docs/user-guide/persistent-volumes/index /docs/concepts/storage/persistent-volumes/ 301 -/docs/user-guide/persistent-volumes/index.md /docs/concepts/storage/persistent-volumes/ 301 -/docs/user-guide/persistent-volumes/walkthrough/ /docs/tasks/configure-pod-container/configure-persistent-volume-storage/ 301 -/docs/user-guide/pod-security-policy/ /docs/concepts/security/pod-security-policy/ 301 -/docs/user-guide/pod-states/ /docs/concepts/workloads/pods/pod-lifecycle/ 301 -/docs/user-guide/pod-templates/ /docs/concepts/workloads/pods/#pod-templates 301 -/docs/user-guide/pods/ /docs/concepts/workloads/pods/pod/ 301 -/docs/user-guide/pods/init-container/ /docs/concepts/workloads/pods/init-containers/ 301 -/docs/user-guide/pods/multi-container/ /docs/concepts/workloads/pods/#using-pods 301 -/docs/user-guide/pods/single-container/ /docs/concepts/workloads/pods/#using-pods 301 -/docs/user-guide/prereqs/ /docs/tasks/tools/install-kubectl/ 301 -/docs/user-guide/production-pods/ /docs/tasks/ 301 -/docs/user-guide/projected-volume/ /docs/tasks/configure-pod-container/configure-projected-volume-storage/ 301 -/docs/user-guide/quick-start/ /docs/tasks/access-application-cluster/service-access-application-cluster/ 301 -/docs/user-guide/replicasets/ /docs/concepts/workloads/controllers/replicaset/ 301 -/docs/user-guide/replication-controller/ /docs/concepts/workloads/controllers/replicationcontroller/ 301 -/docs/user-guide/replication-controller/operations/ /docs/concepts/workloads/controllers/replicationcontroller/ 301 -/docs/user-guide/resizing-a-replication-controller/ /docs/concepts/workloads/controllers/replicationcontroller/ 301 -/docs/user-guide/rolling-updates/ /docs/tasks/run-application/rolling-update-replication-controller/ 301 -/docs/user-guide/scheduled-jobs/ /docs/concepts/workloads/controllers/cron-jobs/ 301 -/docs/user-guide/secrets/ /docs/concepts/configuration/secret/ 301 -/docs/user-guide/secrets/walkthrough/ /docs/tasks/inject-data-application/distribute-credentials-secure/ 301 -/docs/user-guide/security-context/ /docs/tasks/configure-pod-container/security-context/ 301 -/docs/user-guide/service-accounts/ /docs/tasks/configure-pod-container/configure-service-account/ 301 -/docs/user-guide/service-accounts/working-with-resources/ /docs/concepts/overview/object-management-kubectl/overview/ 301 -/docs/user-guide/services/ /docs/concepts/services-networking/service/ 301 -/docs/user-guide/services-firewalls/ /docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ 301 -/docs/user-guide/services/operations/ /docs/tasks/access-application-cluster/connecting-frontend-backend/ 301 -/docs/user-guide/sharing-clusters/ /docs/tasks/administer-cluster/share-configuration/ 301 -/docs/user-guide/simple-nginx/ /docs/tasks/run-application/run-stateless-application-deployment/ 301 -/docs/user-guide/StatefulSet/ /docs/concepts/workloads/controllers/statefulset/ 301 -/docs/user-guide/ui/ /docs/tasks/access-application-cluster/web-ui-dashboard/ 301 -/docs/user-guide/ui-access/ /docs/tasks/access-application-cluster/web-ui-dashboard/ 301 -/docs/user-guide/update-dem/ /docs/tasks/run-application/rolling-update-replication-controller/ 301 -/docs/user-guide/update-demo/ /docs/tasks/run-application/rolling-update-replication-controller/ 301 -/docs/user-guide/volumes/ /docs/concepts/storage/volumes/ 301 -/docs/user-guide/working-with-resources/ /docs/concepts/overview/object-management-kubectl/overview/ 301 /docs/whatisk8s/ /docs/concepts/overview/what-is-kubernetes/ 301 /events/ /docs/community 301 From 9bb924d51901a28c39132fc02912b92dc79544b8 Mon Sep 17 00:00:00 2001 From: Paulo Alberto Simoes Date: Thu, 23 Feb 2023 11:55:34 -0300 Subject: [PATCH 189/537] [pt-br] Add blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md (#39599) * Add translation to Portugese Blog: 2023-02-14-free-katacoda-kubernetes-tutorials-are-shutting-down.md Signed-off-by: Paulo Alberto Simoes * Add / Fix blog translation to Brazilian Portuguese. > 2023-02-14-free-katacoda-kubernetes-tutorials-are-shutting-down.md Signed-off-by: Paulo Alberto Simoes * Adhere some comments/suggestions from translation > 2023-02-14-free-katacoda-kubernetes-tutorials-are-shutting-down.md Signed-off-by: Paulo Alberto Simoes * Adhere to reviewer suggestions Signed-off-by: Paulo Simoes --------- Signed-off-by: Paulo Alberto Simoes Signed-off-by: Paulo Simoes --- ...da-kubernetes-tutorials-are-shutting-down.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 content/pt-br/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md diff --git a/content/pt-br/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md b/content/pt-br/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md new file mode 100644 index 0000000000000..b5615e7c53628 --- /dev/null +++ b/content/pt-br/blog/_posts/free-katacoda-kubernetes-tutorials-are-shutting-down.md @@ -0,0 +1,17 @@ +--- +layout: blog +title: "Os tutoriais gratuitos do Katacoda Kubernetes estão sendo encerrados" +date: 2023-02-14 +slug: kubernetes-katacoda-tutorials-stop-from-2023-03-31 +evergreen: true +--- + +**Autor**: Natali Vlatko, Co-presidente do SIG Docs do Kubernetes + +[Katacoda](https://katacoda.com/kubernetes), a popular plataforma de aprendizagem da O'Reilly que tem ajudado as pessoas a aprender tudo sobre Java, Docker, Kubernetes, Python, Go, C++ e mais, [foi desativada para uso público em junho de 2022](https://www.oreilly.com/online-learning/leveraging-katacoda-technology.html). No entanto, os tutoriais específicos para Kubernetes, vinculados no website do Kubernetes para os usuários e contribuidores de nossos projetos, permaneceram disponíveis e ativos após esta mudança. Infelizmente, isso não será mais o caso, e os tutoriais do Katacoda para aprender o Kubernetes deixarão de funcionar após 31 de março de 2023. + +O Projeto Kubernetes agradece à O'Reilly Media pelos muitos anos em que apoia a comunidade por meio da plataforma de aprendizado Katacoda. Você pode ler mais sobre [a decisão de fechar o katacoda.com](https://www.oreilly.com/online-learning/leveraging-katacoda-technology.html) no próprio website da O'Reilly. Com essa mudança, focaremos no trabalho necessário para remover os links para seus vários tutoriais. Temos uma _issue_ geral do GitHub para rastrear este tópico em [#33936](https://github.com/kubernetes/website/issues/33936) e uma [discussão no GitHub](https://github.com/kubernetes/website/discussions/38878). Também estamos interessados em pesquisar quais outras plataformas de aprendizado podem ser benéficas para a comunidade do Kubernetes, substituindo o Katacoda por uma plataforma ou um serviço que tenha uma experiência de usuário semelhante. No entanto, esta pesquisa levará tempo, por isso estamos procurando ativamente por voluntários para ajudarem neste trabalho. Se uma substituição for encontrada, ela precisará ser suportada pela liderança do Kubernetes, especificamente, SIG Contributor Experience, SIG Docs, e Comitê de Gestão do Kubernetes. + +O desligamento do Katacoda afeta 25 páginas de tutorial, suas localizações, bem como o repositório de cenários do Katacoda: [github.com/katacoda-scenarios/kubernetes-bootcamp-scenarios](https://github.com/katacoda-scenarios/kubernetes-bootcamp-scenarios). Recomendamos que quaisquer links, guias ou documentações que apontem para a plataforma de aprendizado Katacoda sejam atualizados imediatamente para refletir essa alteração. Embora ainda não tenhamos encontrado uma solução de aprendizado substituta, o website do Kubernetes contém muita documentação útil para dar suporte ao seu aprendizado e crescimento contínuos. Você pode encontrar toda a documentação dos nossos tutoriais disponível para o Kubernetes em . + +Se você tiver alguma dúvida sobre o desligamento do Katacoda ou a remoção subsequente do link das páginas de tutorial do Kubernetes, sinta-se à vontade para comentar na [issue geral que acompanha o desligamento](https://github.com/kubernetes/website/issues/33936), ou visite o canal #sig-docs no Slack do Kubernetes. From d4eaff93a7f239d41503816d7cf3cdfdad8e31d4 Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Sun, 19 Feb 2023 20:31:21 +0530 Subject: [PATCH 190/537] added pt-br_persistent-volume-claim.md --- .../glossary/persistent-volume-claim.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 content/pt-br/docs/reference/glossary/persistent-volume-claim.md diff --git a/content/pt-br/docs/reference/glossary/persistent-volume-claim.md b/content/pt-br/docs/reference/glossary/persistent-volume-claim.md new file mode 100644 index 0000000000000..5f84b98138b09 --- /dev/null +++ b/content/pt-br/docs/reference/glossary/persistent-volume-claim.md @@ -0,0 +1,17 @@ +--- +title: Reivindicação de Volume Persistente +id: persistent-volume-claim +date: 2018-04-12 +full_link: /docs/concepts/storage/persistent-volumes/#persistentvolumeclaims +short_description: > + Declara recursos de armazenamento definidos em um PersistentVolume para que possa ser montado como um volume em um contêiner. + +aka: +tags: +- core-object +- storage +--- + Declara recursos de armazenamento definidos em um {{< glossary_tooltip text="PersistentVolume" term_id="persistent-volume" >}} para que possa ser montado como um volume em um {{< glossary_tooltip text="container" term_id="container" >}}. + + +Especifica a quantidade de armazenamento, como o armazenamento será acessado (somente leitura, leitura/gravação e/ou exclusivo) e como será recuperado (retido, reciclado ou excluído). Os detalhes do próprio armazenamento são descritos no objeto PersistentVolume. From 329dfd104fa0039d8a709aeec7d17c12f61f2565 Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Mon, 20 Feb 2023 23:42:55 +0530 Subject: [PATCH 191/537] updated content/pt-br/docs/reference/glossary/persistent-volume-claim.md --- .../docs/reference/glossary/persistent-volume-claim.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/pt-br/docs/reference/glossary/persistent-volume-claim.md b/content/pt-br/docs/reference/glossary/persistent-volume-claim.md index 5f84b98138b09..81fb952d52c8e 100644 --- a/content/pt-br/docs/reference/glossary/persistent-volume-claim.md +++ b/content/pt-br/docs/reference/glossary/persistent-volume-claim.md @@ -1,8 +1,8 @@ --- -title: Reivindicação de Volume Persistente +title: Requisição de Volume Persistente id: persistent-volume-claim date: 2018-04-12 -full_link: /docs/concepts/storage/persistent-volumes/#persistentvolumeclaims +full_link: /pt-br/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims short_description: > Declara recursos de armazenamento definidos em um PersistentVolume para que possa ser montado como um volume em um contêiner. @@ -11,7 +11,7 @@ tags: - core-object - storage --- - Declara recursos de armazenamento definidos em um {{< glossary_tooltip text="PersistentVolume" term_id="persistent-volume" >}} para que possa ser montado como um volume em um {{< glossary_tooltip text="container" term_id="container" >}}. + Declara recursos de armazenamento definidos em um {{< glossary_tooltip text="PersistentVolume" term_id="persistent-volume" >}} para que possa ser montado como um volume em um {{< glossary_tooltip text="contêiner" term_id="container" >}}. Especifica a quantidade de armazenamento, como o armazenamento será acessado (somente leitura, leitura/gravação e/ou exclusivo) e como será recuperado (retido, reciclado ou excluído). Os detalhes do próprio armazenamento são descritos no objeto PersistentVolume. From 610527826db478a60aa014d7217277329a13088c Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Thu, 23 Feb 2023 21:01:14 +0530 Subject: [PATCH 192/537] updated content/pt-br/docs/reference/glossary/persistent-volume-claim.md --- .../pt-br/docs/reference/glossary/persistent-volume-claim.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/reference/glossary/persistent-volume-claim.md b/content/pt-br/docs/reference/glossary/persistent-volume-claim.md index 81fb952d52c8e..72e13867d562c 100644 --- a/content/pt-br/docs/reference/glossary/persistent-volume-claim.md +++ b/content/pt-br/docs/reference/glossary/persistent-volume-claim.md @@ -14,4 +14,4 @@ tags: Declara recursos de armazenamento definidos em um {{< glossary_tooltip text="PersistentVolume" term_id="persistent-volume" >}} para que possa ser montado como um volume em um {{< glossary_tooltip text="contêiner" term_id="container" >}}. -Especifica a quantidade de armazenamento, como o armazenamento será acessado (somente leitura, leitura/gravação e/ou exclusivo) e como será recuperado (retido, reciclado ou excluído). Os detalhes do próprio armazenamento são descritos no objeto PersistentVolume. +Especifica a quantidade de armazenamento, como o armazenamento será acessado (somente leitura, leitura/gravação e/ou exclusivo) e como será recuperado (retido, reciclado ou excluído). Os detalhes do armazenamento propriamente dito são descritos no objeto PersistentVolume. From 4df5efbaea9b5ce4a9dfaf5f01800dfa1fd71547 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Thu, 23 Feb 2023 16:37:18 +0000 Subject: [PATCH 193/537] Add minimum and maximum values for PriorityClass --- .../scheduling-eviction/pod-priority-preemption.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md b/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md index 0215c4380347e..b118649ddab85 100644 --- a/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md +++ b/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md @@ -63,9 +63,10 @@ The name of a PriorityClass object must be a valid and it cannot be prefixed with `system-`. A PriorityClass object can have any 32-bit integer value smaller than or equal -to 1 billion. Larger numbers are reserved for critical system Pods that should -not normally be preempted or evicted. A cluster admin should create one -PriorityClass object for each such mapping that they want. +to 1 billion. This means that the range of values for a PriorityClass object is +from -2147483648 to 1000000000 inclusive. Larger numbers are reserved for +critical system Pods that should not normally be preempted or evicted. A cluster +admin should create one PriorityClass object for each such mapping that they want. PriorityClass also has two optional fields: `globalDefault` and `description`. The `globalDefault` field indicates that the value of this PriorityClass should From bee8feccc2a5068a26eb6af212b2f7fdad67fe30 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Thu, 23 Feb 2023 17:39:00 +0000 Subject: [PATCH 194/537] Add minimum and maximum values for PriorityClass Co-authored-by: Tim Bannister --- .../concepts/scheduling-eviction/pod-priority-preemption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md b/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md index b118649ddab85..d5607f48f5927 100644 --- a/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md +++ b/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md @@ -65,7 +65,7 @@ and it cannot be prefixed with `system-`. A PriorityClass object can have any 32-bit integer value smaller than or equal to 1 billion. This means that the range of values for a PriorityClass object is from -2147483648 to 1000000000 inclusive. Larger numbers are reserved for -critical system Pods that should not normally be preempted or evicted. A cluster +built-in PriorityClasses that represent critical system Pods. A cluster admin should create one PriorityClass object for each such mapping that they want. PriorityClass also has two optional fields: `globalDefault` and `description`. From 001c92e9bad3b3c709002230e8b0ed7cc9d298b6 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 23 Feb 2023 22:48:53 +0000 Subject: [PATCH 195/537] Use https://dl.k8s.io/ Don't rely on using https://storage.googleapis.com/kubernetes-release/ - use the redirector service instead. This fixes recent blog articles and the English docs. --- .../_posts/2022-12-12-kubernetes-release-artifact-signing.md | 4 ++-- content/en/docs/tasks/administer-cluster/certificates.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/blog/_posts/2022-12-12-kubernetes-release-artifact-signing.md b/content/en/blog/_posts/2022-12-12-kubernetes-release-artifact-signing.md index e8e5ac47a679c..c6a3e85c4b6e6 100644 --- a/content/en/blog/_posts/2022-12-12-kubernetes-release-artifact-signing.md +++ b/content/en/blog/_posts/2022-12-12-kubernetes-release-artifact-signing.md @@ -31,8 +31,8 @@ files side by side to the artifacts for verifying their integrity. [tarballs]: https://github.com/kubernetes/kubernetes/blob/release-1.26/CHANGELOG/CHANGELOG-1.26.md#downloads-for-v1260 [binaries]: https://gcsweb.k8s.io/gcs/kubernetes-release/release/v1.26.0/bin -[sboms]: https://storage.googleapis.com/kubernetes-release/release/v1.26.0/kubernetes-release.spdx -[provenance]: https://storage.googleapis.com/kubernetes-release/release/v1.26.0/provenance.json +[sboms]: https://dl.k8s.io/release/v1.26.0/kubernetes-release.spdx +[provenance]: https://dl.k8s.io/kubernetes-release/release/v1.26.0/provenance.json [cosign]: https://github.com/sigstore/cosign To verify an artifact, for example `kubectl`, you can download the diff --git a/content/en/docs/tasks/administer-cluster/certificates.md b/content/en/docs/tasks/administer-cluster/certificates.md index 3da130ca64a80..8901bc34fefaf 100644 --- a/content/en/docs/tasks/administer-cluster/certificates.md +++ b/content/en/docs/tasks/administer-cluster/certificates.md @@ -18,7 +18,7 @@ manually through [`easyrsa`](https://github.com/OpenVPN/easy-rsa), [`openssl`](h 1. Download, unpack, and initialize the patched version of `easyrsa3`. ```shell - curl -LO https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz + curl -LO https://dl.k8s.io/easy-rsa/easy-rsa.tar.gz tar xzf easy-rsa.tar.gz cd easy-rsa-master/easyrsa3 ./easyrsa init-pki From 1fab4929873189df47571b221448bfff85ef8b0d Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Wed, 22 Feb 2023 14:53:40 +0800 Subject: [PATCH 196/537] [zh] Resync page distribute-credentials-secure --- .../distribute-credentials-secure.md | 264 ++++++++++++++---- 1 file changed, 204 insertions(+), 60 deletions(-) diff --git a/content/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure.md b/content/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure.md index b5755b6d4a557..f7da3953ba371 100644 --- a/content/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure.md +++ b/content/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure.md @@ -83,7 +83,7 @@ username and password: Output: --> 输出: - + ``` NAME TYPE DATA AGE test-secret Opaque 2 1m @@ -222,59 +222,204 @@ Here is a configuration file you can use to create a Pod: my-app 39528$vdg7Jb ``` + +修改你的镜像或命令行,使程序在 `mountPath` 目录下查找文件。 +Secret `data` 映射中的每个键都成为该目录中的文件名。 +### 映射 Secret 键到特定文件路径 {#project-secret-keys-to-specific-file-paths} + +你还可以控制卷内 Secret 键的映射路径。 +使用 `.spec.volumes[].secret.items` 字段来改变每个键的目标路径。 + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: mypod + image: redis + volumeMounts: + - name: foo + mountPath: "/etc/foo" + readOnly: true + volumes: + - name: foo + secret: + secretName: mysecret + items: + - key: username + path: my-group/my-username +``` + + +当你部署此 Pod 时,会发生以下情况: + + +* 来自 `mysecret` 的键 `username` 可以在路径 `/etc/foo/my-group/my-username` + 下供容器使用,而不是路径 `/etc/foo/username`。 +* 来自该 Secret 的键 `password` 没有映射到任何路径。 + + + +如果你使用 `.spec.volumes[].secret.items` 明确地列出键,请考虑以下事项: + + +* 只有在 `items` 字段中指定的键才会被映射。 +* 要使用 Secret 中全部的键,那么全部的键都必须列在 `items` 字段中。 +* 所有列出的键必须存在于相应的 Secret 中。否则,该卷不被创建。 + + +### 为 Secret 键设置 POSIX 权限 + +你可以为单个 Secret 键设置 POSIX 文件访问权限位。 +如果不指定任何权限,默认情况下使用 `0644`。 +你也可以为整个 Secret 卷设置默认的 POSIX 文件模式,需要时你可以重写单个键的权限。 + +例如,可以像这样指定默认模式: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: mypod + image: redis + volumeMounts: + - name: foo + mountPath: "/etc/foo" + volumes: + - name: foo + secret: + secretName: mysecret + defaultMode: 0400 +``` + + +Secret 被挂载在 `/etc/foo` 目录下;所有由 Secret 卷挂载创建的文件的访问许可都是 `0400`。 + +{{< note >}} + +如果使用 JSON 定义 Pod 或 Pod 模板,请注意 JSON 规范不支持数字的八进制形式, +因为 JSON 将 `0400` 视为**十进制**的值 `400`。 +在 JSON 中,要改为使用十进制的 `defaultMode`。 +如果你正在编写 YAML,则可以用八进制编写 `defaultMode`。 +{{< /note >}} + + ## 使用 Secret 数据定义容器变量 {#define-container-env-var-using-secret-data} + +在你的容器中,你可以以环境变量的方式使用 Secret 中的数据。 + +如果容器已经使用了在环境变量中的 Secret,除非容器重新启动,否则容器将无法感知到 Secret 的更新。 +有第三方解决方案可以在 Secret 改变时触发容器重启。 + + + ### 使用来自 Secret 中的数据定义容器变量 {#define-a-container-env-var-with-data-from-a-single-secret} -* 定义环境变量为 Secret 中的键值偶对: +* 定义环境变量为 Secret 中的键值偶对: - ```shell - kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' - ``` + ```shell + kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' + ``` -* 在 Pod 规约中,将 Secret 中定义的值 `backend-username` 赋给 `SECRET_USERNAME` 环境变量。 +* 在 Pod 规约中,将 Secret 中定义的值 `backend-username` 赋给 `SECRET_USERNAME` 环境变量。 - {{< codenew file="pods/inject/pod-single-secret-env-variable.yaml" >}} + {{< codenew file="pods/inject/pod-single-secret-env-variable.yaml" >}} -* 创建 Pod: +* 创建 Pod: - ```shell - kubectl create -f https://k8s.io/examples/pods/inject/pod-single-secret-env-variable.yaml - ``` + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-single-secret-env-variable.yaml + ``` -* 在 Shell 中,显示容器环境变量 `SECRET_USERNAME` 的内容: +* 在 Shell 中,显示容器环境变量 `SECRET_USERNAME` 的内容: - ```shell - kubectl exec -i -t env-single-secret -- /bin/sh -c 'echo $SECRET_USERNAME' + ```shell + kubectl exec -i -t env-single-secret -- /bin/sh -c 'echo $SECRET_USERNAME' ``` - - 输出为: - ``` - backend-admin - ``` - + + 输出为: + ``` + backend-admin + ``` + @@ -283,45 +428,45 @@ Here is a configuration file you can use to create a Pod: -* 和前面的例子一样,先创建 Secret: +* 和前面的例子一样,先创建 Secret: - ```shell - kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' - kubectl create secret generic db-user --from-literal=db-username='db-admin' - ``` + ```shell + kubectl create secret generic backend-user --from-literal=backend-username='backend-admin' + kubectl create secret generic db-user --from-literal=db-username='db-admin' + ``` -* 在 Pod 规约中定义环境变量: +* 在 Pod 规约中定义环境变量: - {{< codenew file="pods/inject/pod-multiple-secret-env-variable.yaml" >}} + {{< codenew file="pods/inject/pod-multiple-secret-env-variable.yaml" >}} -* 创建 Pod: +* 创建 Pod: - ```shell - kubectl create -f https://k8s.io/examples/pods/inject/pod-multiple-secret-env-variable.yaml - ``` + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-multiple-secret-env-variable.yaml + ``` -* 在你的 Shell 中,显示容器环境变量的内容: +* 在你的 Shell 中,显示容器环境变量的内容: - ```shell - kubectl exec -i -t envvars-multiple-secrets -- /bin/sh -c 'env | grep _USERNAME' - ``` - - 输出: - ``` - DB_USERNAME=db-admin - BACKEND_USERNAME=backend-admin - ``` + ```shell + kubectl exec -i -t envvars-multiple-secrets -- /bin/sh -c 'env | grep _USERNAME' + ``` + + 输出: + ``` + DB_USERNAME=db-admin + BACKEND_USERNAME=backend-admin + ``` -* 创建包含多个键值偶对的 Secret: +* 创建包含多个键值偶对的 Secret: - ```shell - kubectl create secret generic test-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' - ``` + ```shell + kubectl create secret generic test-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' + ``` -* 使用 `envFrom` 来将 Secret 中的所有数据定义为环境变量。 - Secret 中的键名成为容器中的环境变量名: +* 使用 `envFrom` 来将 Secret 中的所有数据定义为环境变量。 + Secret 中的键名成为容器中的环境变量名: - {{< codenew file="pods/inject/pod-secret-envFrom.yaml" >}} + {{< codenew file="pods/inject/pod-secret-envFrom.yaml" >}} -* 创建 Pod: +* 创建 Pod: - ```shell - kubectl create -f https://k8s.io/examples/pods/inject/pod-secret-envFrom.yaml - ``` + ```shell + kubectl create -f https://k8s.io/examples/pods/inject/pod-secret-envFrom.yaml + ``` * 进一步了解 [Secret](/zh-cn/docs/concepts/configuration/secret/)。 * 了解[卷](/zh-cn/docs/concepts/storage/volumes/)。 - From ba99616c271e001ef89f4d0bfd9b6c0eaf45e410 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 19 Feb 2023 21:42:24 +0800 Subject: [PATCH 197/537] Clean up page in tasks/run-application --- .../run-application/access-api-from-pod.md | 25 ++++--- .../tasks/run-application/configure-pdb.md | 66 ++++++++-------- .../run-application/delete-stateful-set.md | 14 +--- .../force-delete-stateful-set-pod.md | 63 ++++++++++------ .../horizontal-pod-autoscale.md | 75 +++++++++---------- .../run-replicated-stateful-application.md | 45 ++++------- .../run-application/scale-stateful-set.md | 18 ++--- 7 files changed, 141 insertions(+), 165 deletions(-) diff --git a/content/en/docs/tasks/run-application/access-api-from-pod.md b/content/en/docs/tasks/run-application/access-api-from-pod.md index 41d6ea478e579..8012d236fe445 100644 --- a/content/en/docs/tasks/run-application/access-api-from-pod.md +++ b/content/en/docs/tasks/run-application/access-api-from-pod.md @@ -27,15 +27,18 @@ libraries can automatically discover the API server and authenticate. From within a Pod, the recommended ways to connect to the Kubernetes API are: - - For a Go client, use the official [Go client library](https://github.com/kubernetes/client-go/). - The `rest.InClusterConfig()` function handles API host discovery and authentication automatically. - See [an example here](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go). +- For a Go client, use the official + [Go client library](https://github.com/kubernetes/client-go/). + The `rest.InClusterConfig()` function handles API host discovery and authentication automatically. + See [an example here](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go). - - For a Python client, use the official [Python client library](https://github.com/kubernetes-client/python/). - The `config.load_incluster_config()` function handles API host discovery and authentication automatically. - See [an example here](https://github.com/kubernetes-client/python/blob/master/examples/in_cluster_config.py). +- For a Python client, use the official + [Python client library](https://github.com/kubernetes-client/python/). + The `config.load_incluster_config()` function handles API host discovery and authentication automatically. + See [an example here](https://github.com/kubernetes-client/python/blob/master/examples/in_cluster_config.py). - - There are a number of other libraries available, please refer to the [Client Libraries](/docs/reference/using-api/client-libraries/) page. +- There are a number of other libraries available, please refer to the + [Client Libraries](/docs/reference/using-api/client-libraries/) page. In each case, the service account credentials of the Pod are used to communicate securely with the API server. @@ -50,7 +53,7 @@ Service named `kubernetes` in the `default` namespace so that pods may reference {{< note >}} Kubernetes does not guarantee that the API server has a valid certificate for -the hostname `kubernetes.default.svc`; +the hostname `kubernetes.default.svc`; however, the control plane **is** expected to present a valid certificate for the hostname or IP address that `$KUBERNETES_SERVICE_HOST` represents. {{< /note >}} @@ -80,7 +83,7 @@ in the Pod can use it directly. ### Without using a proxy It is possible to avoid using the kubectl proxy by passing the authentication token -directly to the API server. The internal certificate secures the connection. +directly to the API server. The internal certificate secures the connection. ```shell # Point to the internal API server hostname @@ -107,9 +110,7 @@ The output will be similar to this: ```json { "kind": "APIVersions", - "versions": [ - "v1" - ], + "versions": ["v1"], "serverAddressByClientCIDRs": [ { "clientCIDR": "0.0.0.0/0", diff --git a/content/en/docs/tasks/run-application/configure-pdb.md b/content/en/docs/tasks/run-application/configure-pdb.md index ecfb1f5a6ce02..73ca733d0d992 100644 --- a/content/en/docs/tasks/run-application/configure-pdb.md +++ b/content/en/docs/tasks/run-application/configure-pdb.md @@ -14,21 +14,18 @@ that your application experiences, allowing for higher availability while permitting the cluster administrator to manage the clusters nodes. - - ## {{% heading "prerequisites" %}} {{< version-check >}} -* You are the owner of an application running on a Kubernetes cluster that requires +- You are the owner of an application running on a Kubernetes cluster that requires high availability. -* You should know how to deploy [Replicated Stateless Applications](/docs/tasks/run-application/run-stateless-application-deployment/) +- You should know how to deploy [Replicated Stateless Applications](/docs/tasks/run-application/run-stateless-application-deployment/) and/or [Replicated Stateful Applications](/docs/tasks/run-application/run-replicated-stateful-application/). -* You should have read about [Pod Disruptions](/docs/concepts/workloads/pods/disruptions/). -* You should confirm with your cluster owner or service provider that they respect +- You should have read about [Pod Disruptions](/docs/concepts/workloads/pods/disruptions/). +- You should confirm with your cluster owner or service provider that they respect Pod Disruption Budgets. - ## Protecting an Application with a PodDisruptionBudget @@ -38,8 +35,6 @@ nodes. 1. Create a PDB definition as a YAML file. 1. Create the PDB object from the YAML file. - - ## Identify an Application to Protect @@ -61,29 +56,28 @@ You can also use PDBs with pods which are not controlled by one of the above controllers, or arbitrary groups of pods, but there are some restrictions, described in [Arbitrary Controllers and Selectors](#arbitrary-controllers-and-selectors). - ## Think about how your application reacts to disruptions Decide how many instances can be down at the same time for a short period due to a voluntary disruption. - Stateless frontends: - - Concern: don't reduce serving capacity by more than 10%. + - Concern: don't reduce serving capacity by more than 10%. - Solution: use PDB with minAvailable 90% for example. - Single-instance Stateful Application: - Concern: do not terminate this application without talking to me. - Possible Solution 1: Do not use a PDB and tolerate occasional downtime. - - Possible Solution 2: Set PDB with maxUnavailable=0. Have an understanding + - Possible Solution 2: Set PDB with maxUnavailable=0. Have an understanding (outside of Kubernetes) that the cluster operator needs to consult you before - termination. When the cluster operator contacts you, prepare for downtime, - and then delete the PDB to indicate readiness for disruption. Recreate afterwards. + termination. When the cluster operator contacts you, prepare for downtime, + and then delete the PDB to indicate readiness for disruption. Recreate afterwards. - Multiple-instance Stateful application such as Consul, ZooKeeper, or etcd: - Concern: Do not reduce number of instances below quorum, otherwise writes fail. - Possible Solution 1: set maxUnavailable to 1 (works with varying scale of application). - - Possible Solution 2: set minAvailable to quorum-size (e.g. 3 when scale is 5). (Allows more disruptions at once). + - Possible Solution 2: set minAvailable to quorum-size (e.g. 3 when scale is 5). (Allows more disruptions at once). - Restartable Batch Job: - Concern: Job needs to complete in case of voluntary disruption. - - Possible solution: Do not create a PDB. The Job controller will create a replacement pod. + - Possible solution: Do not create a PDB. The Job controller will create a replacement pod. ### Rounding logic when specifying percentages @@ -103,16 +97,16 @@ that controls this behavior. ## Specifying a PodDisruptionBudget -A `PodDisruptionBudget` has three fields: +A `PodDisruptionBudget` has three fields: -* A label selector `.spec.selector` to specify the set of -pods to which it applies. This field is required. -* `.spec.minAvailable` which is a description of the number of pods from that -set that must still be available after the eviction, even in the absence -of the evicted pod. `minAvailable` can be either an absolute number or a percentage. -* `.spec.maxUnavailable` (available in Kubernetes 1.7 and higher) which is a description -of the number of pods from that set that can be unavailable after the eviction. -It can be either an absolute number or a percentage. +- A label selector `.spec.selector` to specify the set of + pods to which it applies. This field is required. +- `.spec.minAvailable` which is a description of the number of pods from that + set that must still be available after the eviction, even in the absence + of the evicted pod. `minAvailable` can be either an absolute number or a percentage. +- `.spec.maxUnavailable` (available in Kubernetes 1.7 and higher) which is a description + of the number of pods from that set that can be unavailable after the eviction. + It can be either an absolute number or a percentage. {{< note >}} The behavior for an empty selector differs between the policy/v1beta1 and policy/v1 APIs for @@ -120,8 +114,8 @@ PodDisruptionBudgets. For policy/v1beta1 an empty selector matches zero pods, wh for policy/v1 an empty selector matches every pod in the namespace. {{< /note >}} -You can specify only one of `maxUnavailable` and `minAvailable` in a single `PodDisruptionBudget`. -`maxUnavailable` can only be used to control the eviction of pods +You can specify only one of `maxUnavailable` and `minAvailable` in a single `PodDisruptionBudget`. +`maxUnavailable` can only be used to control the eviction of pods that have an associated controller managing them. In the examples below, "desired replicas" is the `scale` of the controller managing the pods being selected by the `PodDisruptionBudget`. @@ -130,20 +124,20 @@ Example 1: With a `minAvailable` of 5, evictions are allowed as long as they lea 5 or more [healthy](#healthiness-of-a-pod) pods among those selected by the PodDisruptionBudget's `selector`. Example 2: With a `minAvailable` of 30%, evictions are allowed as long as at least 30% -of the number of desired replicas are healthy. +of the number of desired replicas are healthy. Example 3: With a `maxUnavailable` of 5, evictions are allowed as long as there are at most 5 unhealthy replicas among the total number of desired replicas. -Example 4: With a `maxUnavailable` of 30%, evictions are allowed as long as no more than 30% +Example 4: With a `maxUnavailable` of 30%, evictions are allowed as long as no more than 30% of the desired replicas are unhealthy. In typical usage, a single budget would be used for a collection of pods managed by -a controller—for example, the pods in a single ReplicaSet or StatefulSet. +a controller—for example, the pods in a single ReplicaSet or StatefulSet. {{< note >}} A disruption budget does not truly guarantee that the specified -number/percentage of pods will always be up. For example, a node that hosts a +number/percentage of pods will always be up. For example, a node that hosts a pod from the collection may fail when the collection is at the minimum size specified in the budget, thus bringing the number of available pods from the collection below the specified size. The budget can only protect against @@ -156,7 +150,7 @@ object such as ReplicaSet, then you cannot successfully drain a Node running one If you try to drain a Node where an unevictable Pod is running, the drain never completes. This is permitted as per the semantics of `PodDisruptionBudget`. -You can find examples of pod disruption budgets defined below. They match pods with the label +You can find examples of pod disruption budgets defined below. They match pods with the label `app: zookeeper`. Example PDB Using minAvailable: @@ -246,8 +240,8 @@ on the [API server](/docs/reference/command-line-tools-reference/kube-apiserver/ PodDisruptionBudget guarding an application ensures that `.status.currentHealthy` number of pods does not fall below the number specified in `.status.desiredHealthy` by disallowing eviction of healthy pods. -By using `.spec.unhealthyPodEvictionPolicy`, you can also define the criteria when unhealthy pods -should be considered for eviction. The default behavior when no policy is specified corresponds +By using `.spec.unhealthyPodEvictionPolicy`, you can also define the criteria when unhealthy pods +should be considered for eviction. The default behavior when no policy is specified corresponds to the `IfHealthyBudget` policy. Policies: @@ -287,6 +281,6 @@ You can use a PDB with pods controlled by another type of controller, by an - only an integer value can be used with `.spec.minAvailable`, not a percentage. You can use a selector which selects a subset or superset of the pods belonging to a built-in -controller. The eviction API will disallow eviction of any pod covered by multiple PDBs, -so most users will want to avoid overlapping selectors. One reasonable use of overlapping +controller. The eviction API will disallow eviction of any pod covered by multiple PDBs, +so most users will want to avoid overlapping selectors. One reasonable use of overlapping PDBs is when pods are being transitioned from one PDB to another. diff --git a/content/en/docs/tasks/run-application/delete-stateful-set.md b/content/en/docs/tasks/run-application/delete-stateful-set.md index a867b73a61703..41e6ddd9702d5 100644 --- a/content/en/docs/tasks/run-application/delete-stateful-set.md +++ b/content/en/docs/tasks/run-application/delete-stateful-set.md @@ -14,14 +14,9 @@ weight: 60 This task shows you how to delete a {{< glossary_tooltip term_id="StatefulSet" >}}. - - ## {{% heading "prerequisites" %}} - -* This task assumes you have an application running on your cluster represented by a StatefulSet. - - +- This task assumes you have an application running on your cluster represented by a StatefulSet. @@ -82,13 +77,6 @@ In the example above, the Pods have the label `app.kubernetes.io/name=MyApp`; su If you find that some pods in your StatefulSet are stuck in the 'Terminating' or 'Unknown' states for an extended period of time, you may need to manually intervene to forcefully delete the pods from the apiserver. This is a potentially dangerous task. Refer to [Force Delete StatefulSet Pods](/docs/tasks/run-application/force-delete-stateful-set-pod/) for details. - - ## {{% heading "whatsnext" %}} - Learn more about [force deleting StatefulSet Pods](/docs/tasks/run-application/force-delete-stateful-set-pod/). - - - - diff --git a/content/en/docs/tasks/run-application/force-delete-stateful-set-pod.md b/content/en/docs/tasks/run-application/force-delete-stateful-set-pod.md index dc8aef28577b2..1a13c3f3f5243 100644 --- a/content/en/docs/tasks/run-application/force-delete-stateful-set-pod.md +++ b/content/en/docs/tasks/run-application/force-delete-stateful-set-pod.md @@ -10,24 +10,33 @@ weight: 70 --- -This page shows how to delete Pods which are part of a {{< glossary_tooltip text="stateful set" term_id="StatefulSet" >}}, and explains the considerations to keep in mind when doing so. - +This page shows how to delete Pods which are part of a +{{< glossary_tooltip text="stateful set" term_id="StatefulSet" >}}, +and explains the considerations to keep in mind when doing so. ## {{% heading "prerequisites" %}} - -* This is a fairly advanced task and has the potential to violate some of the properties inherent to StatefulSet. -* Before proceeding, make yourself familiar with the considerations enumerated below. - - +- This is a fairly advanced task and has the potential to violate some of the properties + inherent to StatefulSet. +- Before proceeding, make yourself familiar with the considerations enumerated below. ## StatefulSet considerations -In normal operation of a StatefulSet, there is **never** a need to force delete a StatefulSet Pod. The [StatefulSet controller](/docs/concepts/workloads/controllers/statefulset/) is responsible for creating, scaling and deleting members of the StatefulSet. It tries to ensure that the specified number of Pods from ordinal 0 through N-1 are alive and ready. StatefulSet ensures that, at any time, there is at most one Pod with a given identity running in a cluster. This is referred to as *at most one* semantics provided by a StatefulSet. +In normal operation of a StatefulSet, there is **never** a need to force delete a StatefulSet Pod. +The [StatefulSet controller](/docs/concepts/workloads/controllers/statefulset/) is responsible for +creating, scaling and deleting members of the StatefulSet. It tries to ensure that the specified +number of Pods from ordinal 0 through N-1 are alive and ready. StatefulSet ensures that, at any time, +there is at most one Pod with a given identity running in a cluster. This is referred to as +*at most one* semantics provided by a StatefulSet. -Manual force deletion should be undertaken with caution, as it has the potential to violate the at most one semantics inherent to StatefulSet. StatefulSets may be used to run distributed and clustered applications which have a need for a stable network identity and stable storage. These applications often have configuration which relies on an ensemble of a fixed number of members with fixed identities. Having multiple members with the same identity can be disastrous and may lead to data loss (e.g. split brain scenario in quorum-based systems). +Manual force deletion should be undertaken with caution, as it has the potential to violate the +at most one semantics inherent to StatefulSet. StatefulSets may be used to run distributed and +clustered applications which have a need for a stable network identity and stable storage. +These applications often have configuration which relies on an ensemble of a fixed number of +members with fixed identities. Having multiple members with the same identity can be disastrous +and may lead to data loss (e.g. split brain scenario in quorum-based systems). ## Delete Pods @@ -51,19 +60,33 @@ Pods may also enter these states when the user attempts graceful deletion of a P on an unreachable Node. The only ways in which a Pod in such a state can be removed from the apiserver are as follows: -* The Node object is deleted (either by you, or by the [Node Controller](/docs/concepts/architecture/nodes/#node-controller)). -* The kubelet on the unresponsive Node starts responding, kills the Pod and removes the entry from the apiserver. -* Force deletion of the Pod by the user. +- The Node object is deleted (either by you, or by the + [Node Controller](/docs/concepts/architecture/nodes/#node-controller)). +- The kubelet on the unresponsive Node starts responding, kills the Pod and removes the entry + from the apiserver. +- Force deletion of the Pod by the user. -The recommended best practice is to use the first or second approach. If a Node is confirmed to be dead (e.g. permanently disconnected from the network, powered down, etc), then delete the Node object. If the Node is suffering from a network partition, then try to resolve this or wait for it to resolve. When the partition heals, the kubelet will complete the deletion of the Pod and free up its name in the apiserver. +The recommended best practice is to use the first or second approach. If a Node is confirmed +to be dead (e.g. permanently disconnected from the network, powered down, etc), then delete +the Node object. If the Node is suffering from a network partition, then try to resolve this +or wait for it to resolve. When the partition heals, the kubelet will complete the deletion +of the Pod and free up its name in the apiserver. -Normally, the system completes the deletion once the Pod is no longer running on a Node, or the Node is deleted by an administrator. You may override this by force deleting the Pod. +Normally, the system completes the deletion once the Pod is no longer running on a Node, or +the Node is deleted by an administrator. You may override this by force deleting the Pod. ### Force Deletion -Force deletions **do not** wait for confirmation from the kubelet that the Pod has been terminated. Irrespective of whether a force deletion is successful in killing a Pod, it will immediately free up the name from the apiserver. This would let the StatefulSet controller create a replacement Pod with that same identity; this can lead to the duplication of a still-running Pod, and if said Pod can still communicate with the other members of the StatefulSet, will violate the at most one semantics that StatefulSet is designed to guarantee. +Force deletions **do not** wait for confirmation from the kubelet that the Pod has been terminated. +Irrespective of whether a force deletion is successful in killing a Pod, it will immediately +free up the name from the apiserver. This would let the StatefulSet controller create a replacement +Pod with that same identity; this can lead to the duplication of a still-running Pod, +and if said Pod can still communicate with the other members of the StatefulSet, +will violate the at most one semantics that StatefulSet is designed to guarantee. -When you force delete a StatefulSet pod, you are asserting that the Pod in question will never again make contact with other Pods in the StatefulSet and its name can be safely freed up for a replacement to be created. +When you force delete a StatefulSet pod, you are asserting that the Pod in question will never +again make contact with other Pods in the StatefulSet and its name can be safely freed up for a +replacement to be created. If you want to delete a Pod forcibly using kubectl version >= 1.5, do the following: @@ -77,7 +100,8 @@ If you're using any version of kubectl <= 1.4, you should omit the `--force` opt kubectl delete pods --grace-period=0 ``` -If even after these commands the pod is stuck on `Unknown` state, use the following command to remove the pod from the cluster: +If even after these commands the pod is stuck on `Unknown` state, use the following command to +remove the pod from the cluster: ```shell kubectl patch pod -p '{"metadata":{"finalizers":null}}' @@ -85,11 +109,6 @@ kubectl patch pod -p '{"metadata":{"finalizers":null}}' Always perform force deletion of StatefulSet Pods carefully and with complete knowledge of the risks involved. - - ## {{% heading "whatsnext" %}} - Learn more about [debugging a StatefulSet](/docs/tasks/debug/debug-application/debug-statefulset/). - - diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md index 97da59dcdd6c6..09c91f878031f 100644 --- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md +++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md @@ -79,17 +79,17 @@ Kubernetes implements horizontal pod autoscaling as a control loop that runs int (and the default interval is 15 seconds). Once during each period, the controller manager queries the resource utilization against the -metrics specified in each HorizontalPodAutoscaler definition. The controller manager +metrics specified in each HorizontalPodAutoscaler definition. The controller manager finds the target resource defined by the `scaleTargetRef`, then selects the pods based on the target resource's `.spec.selector` labels, and obtains the metrics from either the resource metrics API (for per-pod resource metrics), or the custom metrics API (for all other metrics). -* For per-pod resource metrics (like CPU), the controller fetches the metrics +- For per-pod resource metrics (like CPU), the controller fetches the metrics from the resource metrics API for each Pod targeted by the HorizontalPodAutoscaler. Then, if a target utilization value is set, the controller calculates the utilization value as a percentage of the equivalent [resource request](/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) - on the containers in each Pod. If a target raw value is set, the raw metric values are used directly. + on the containers in each Pod. If a target raw value is set, the raw metric values are used directly. The controller then takes the mean of the utilization or the raw value (depending on the type of target specified) across all targeted Pods, and produces a ratio used to scale the number of desired replicas. @@ -99,10 +99,10 @@ or the custom metrics API (for all other metrics). not take any action for that metric. See the [algorithm details](#algorithm-details) section below for more information about how the autoscaling algorithm works. -* For per-pod custom metrics, the controller functions similarly to per-pod resource metrics, +- For per-pod custom metrics, the controller functions similarly to per-pod resource metrics, except that it works with raw values, not utilization values. -* For object metrics and external metrics, a single metric is fetched, which describes +- For object metrics and external metrics, a single metric is fetched, which describes the object in question. This metric is compared to the target value, to produce a ratio as above. In the `autoscaling/v2` API version, this value can optionally be divided by the number of Pods before the @@ -110,7 +110,7 @@ or the custom metrics API (for all other metrics). The common use for HorizontalPodAutoscaler is to configure it to fetch metrics from {{< glossary_tooltip text="aggregated APIs" term_id="aggregation-layer" >}} -(`metrics.k8s.io`, `custom.metrics.k8s.io`, or `external.metrics.k8s.io`). The `metrics.k8s.io` API is +(`metrics.k8s.io`, `custom.metrics.k8s.io`, or `external.metrics.k8s.io`). The `metrics.k8s.io` API is usually provided by an add-on named Metrics Server, which needs to be launched separately. For more information about resource metrics, see [Metrics Server](/docs/tasks/debug/debug-cluster/resource-metrics-pipeline/#metrics-server). @@ -137,7 +137,7 @@ desiredReplicas = ceil[currentReplicas * ( currentMetricValue / desiredMetricVal For example, if the current metric value is `200m`, and the desired value is `100m`, the number of replicas will be doubled, since `200.0 / 100.0 == 2.0` If the current value is instead `50m`, you'll halve the number of -replicas, since `50.0 / 100.0 == 0.5`. The control plane skips any scaling +replicas, since `50.0 / 100.0 == 0.5`. The control plane skips any scaling action if the ratio is sufficiently close to 1.0 (within a globally-configurable tolerance, 0.1 by default). @@ -156,7 +156,7 @@ If a particular Pod is missing metrics, it is set aside for later; Pods with missing metrics will be used to adjust the final scaling amount. When scaling on CPU, if any pod has yet to become ready (it's still -initializing, or possibly is unhealthy) *or* the most recent metric point for +initializing, or possibly is unhealthy) _or_ the most recent metric point for the pod was before it became ready, that pod is set aside as well. Due to technical constraints, the HorizontalPodAutoscaler controller @@ -165,7 +165,7 @@ determining whether to set aside certain CPU metrics. Instead, it considers a Pod "not yet ready" if it's unready and transitioned to ready within a short, configurable window of time since it started. This value is configured with the `--horizontal-pod-autoscaler-initial-readiness-delay` flag, and its default is 30 -seconds. Once a pod has become ready, it considers any transition to +seconds. Once a pod has become ready, it considers any transition to ready to be the first if it occurred within a longer, configurable time since it started. This value is configured with the `--horizontal-pod-autoscaler-cpu-initialization-period` flag, and its default is 5 minutes. @@ -175,7 +175,7 @@ calculated using the remaining pods not set aside or discarded from above. If there were any missing metrics, the control plane recomputes the average more conservatively, assuming those pods were consuming 100% of the desired -value in case of a scale down, and 0% in case of a scale up. This dampens +value in case of a scale down, and 0% in case of a scale up. This dampens the magnitude of any potential scale. Furthermore, if any not-yet-ready pods were present, and the workload would have @@ -184,12 +184,12 @@ the controller conservatively assumes that the not-yet-ready pods are consuming of the desired metric, further dampening the magnitude of a scale up. After factoring in the not-yet-ready pods and missing metrics, the -controller recalculates the usage ratio. If the new ratio reverses the scale +controller recalculates the usage ratio. If the new ratio reverses the scale direction, or is within the tolerance, the controller doesn't take any scaling action. In other cases, the new ratio is used to decide any change to the number of Pods. -Note that the *original* value for the average utilization is reported +Note that the _original_ value for the average utilization is reported back via the HorizontalPodAutoscaler status, without factoring in the not-yet-ready pods or missing metrics, even when the new usage ratio is used. @@ -203,7 +203,7 @@ can be fetched, scaling is skipped. This means that the HPA is still capable of scaling up if one or more metrics give a `desiredReplicas` greater than the current value. -Finally, right before HPA scales the target, the scale recommendation is recorded. The +Finally, right before HPA scales the target, the scale recommendation is recorded. The controller considers all recommendations within a configurable window choosing the highest recommendation from within that window. This value can be configured using the `--horizontal-pod-autoscaler-downscale-stabilization` flag, which defaults to 5 minutes. This means that scaledowns will occur gradually, smoothing out the impact of rapidly @@ -212,7 +212,7 @@ fluctuating metric values. ## API Object The Horizontal Pod Autoscaler is an API resource in the Kubernetes -`autoscaling` API group. The current stable version can be found in +`autoscaling` API group. The current stable version can be found in the `autoscaling/v2` API version which includes support for scaling on memory and custom metrics. The new fields introduced in `autoscaling/v2` are preserved as annotations when working with @@ -227,10 +227,8 @@ More details about the API object can be found at When managing the scale of a group of replicas using the HorizontalPodAutoscaler, it is possible that the number of replicas keeps fluctuating frequently due to the -dynamic nature of the metrics evaluated. This is sometimes referred to as *thrashing*, -or *flapping*. It's similar to the concept of *hysteresis* in cybernetics. - - +dynamic nature of the metrics evaluated. This is sometimes referred to as _thrashing_, +or _flapping_. It's similar to the concept of _hysteresis_ in cybernetics. ## Autoscaling during rolling update @@ -316,7 +314,6 @@ Once you have rolled out the container name change to the workload resource, tid the old container name from the HPA specification. {{< /note >}} - ## Scaling on custom metrics {{< feature-state for_k8s_version="v1.23" state="stable" >}} @@ -344,20 +341,20 @@ overall maximum that you configured). ## Support for metrics APIs -By default, the HorizontalPodAutoscaler controller retrieves metrics from a series of APIs. In order for it to access these +By default, the HorizontalPodAutoscaler controller retrieves metrics from a series of APIs. In order for it to access these APIs, cluster administrators must ensure that: -* The [API aggregation layer](/docs/tasks/extend-kubernetes/configure-aggregation-layer/) is enabled. +- The [API aggregation layer](/docs/tasks/extend-kubernetes/configure-aggregation-layer/) is enabled. -* The corresponding APIs are registered: +- The corresponding APIs are registered: - * For resource metrics, this is the `metrics.k8s.io` API, generally provided by [metrics-server](https://github.com/kubernetes-sigs/metrics-server). - It can be launched as a cluster add-on. + - For resource metrics, this is the `metrics.k8s.io` API, generally provided by [metrics-server](https://github.com/kubernetes-sigs/metrics-server). + It can be launched as a cluster add-on. - * For custom metrics, this is the `custom.metrics.k8s.io` API. It's provided by "adapter" API servers provided by metrics solution vendors. - Check with your metrics pipeline to see if there is a Kubernetes metrics adapter available. + - For custom metrics, this is the `custom.metrics.k8s.io` API. It's provided by "adapter" API servers provided by metrics solution vendors. + Check with your metrics pipeline to see if there is a Kubernetes metrics adapter available. - * For external metrics, this is the `external.metrics.k8s.io` API. It may be provided by the custom metrics adapters provided above. + - For external metrics, this is the `external.metrics.k8s.io` API. It may be provided by the custom metrics adapters provided above. For more information on these different metrics paths and how they differ please see the relevant design proposals for [the HPA V2](https://git.k8s.io/design-proposals-archive/autoscaling/hpa-v2.md), @@ -537,14 +534,14 @@ Finally, you can delete an autoscaler using `kubectl delete hpa`. In addition, there is a special `kubectl autoscale` command for creating a HorizontalPodAutoscaler object. For instance, executing `kubectl autoscale rs foo --min=2 --max=5 --cpu-percent=80` -will create an autoscaler for ReplicaSet *foo*, with target CPU utilization set to `80%` +will create an autoscaler for ReplicaSet _foo_, with target CPU utilization set to `80%` and the number of replicas between 2 and 5. ## Implicit maintenance-mode deactivation You can implicitly deactivate the HPA for a target without the need to change the HPA configuration itself. If the target's desired replica count -is set to 0, and the HPA's minimum replica count is greater than 0, the HPA +is set to 0, and the HPA's minimum replica count is greater than 0, the HPA stops adjusting the target (and sets the `ScalingActive` Condition on itself to `false`) until you reactivate it by manually adjusting the target's desired replica count or HPA's minimum replica count. @@ -553,7 +550,7 @@ replica count or HPA's minimum replica count. When an HPA is enabled, it is recommended that the value of `spec.replicas` of the Deployment and / or StatefulSet be removed from their -{{< glossary_tooltip text="manifest(s)" term_id="manifest" >}}. If this isn't done, any time +{{< glossary_tooltip text="manifest(s)" term_id="manifest" >}}. If this isn't done, any time a change to that object is applied, for example via `kubectl apply -f deployment.yaml`, this will instruct Kubernetes to scale the current number of Pods to the value of the `spec.replicas` key. This may not be @@ -562,9 +559,9 @@ desired and could be troublesome when an HPA is active. Keep in mind that the removal of `spec.replicas` may incur a one-time degradation of Pod counts as the default value of this key is 1 (reference [Deployment Replicas](/docs/concepts/workloads/controllers/deployment#replicas)). -Upon the update, all Pods except 1 will begin their termination procedures. Any +Upon the update, all Pods except 1 will begin their termination procedures. Any deployment application afterwards will behave as normal and respect a rolling -update configuration as desired. You can avoid this degradation by choosing one of the following two +update configuration as desired. You can avoid this degradation by choosing one of the following two methods based on how you are modifying your deployments: {{< tabs name="fix_replicas_instructions" >}} @@ -572,10 +569,10 @@ methods based on how you are modifying your deployments: 1. `kubectl apply edit-last-applied deployment/` 2. In the editor, remove `spec.replicas`. When you save and exit the editor, `kubectl` - applies the update. No changes to Pod counts happen at this step. + applies the update. No changes to Pod counts happen at this step. 3. You can now remove `spec.replicas` from the manifest. If you use source code management, - also commit your changes or take whatever other steps for revising the source code - are appropriate for how you track updates. + also commit your changes or take whatever other steps for revising the source code + are appropriate for how you track updates. 4. From here on out you can run `kubectl apply -f deployment.yaml` {{% /tab %}} @@ -595,8 +592,8 @@ cluster-level autoscaler such as [Cluster Autoscaler](https://github.com/kuberne For more information on HorizontalPodAutoscaler: -* Read a [walkthrough example](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/) for horizontal pod autoscaling. -* Read documentation for [`kubectl autoscale`](/docs/reference/generated/kubectl/kubectl-commands/#autoscale). -* If you would like to write your own custom metrics adapter, check out the +- Read a [walkthrough example](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/) for horizontal pod autoscaling. +- Read documentation for [`kubectl autoscale`](/docs/reference/generated/kubectl/kubectl-commands/#autoscale). +- If you would like to write your own custom metrics adapter, check out the [boilerplate](https://github.com/kubernetes-sigs/custom-metrics-apiserver) to get started. -* Read the [API reference](/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/) for HorizontalPodAutoscaler. +- Read the [API reference](/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/) for HorizontalPodAutoscaler. diff --git a/content/en/docs/tasks/run-application/run-replicated-stateful-application.md b/content/en/docs/tasks/run-application/run-replicated-stateful-application.md index 89127691e999d..3513c4a9dc5ee 100644 --- a/content/en/docs/tasks/run-application/run-replicated-stateful-application.md +++ b/content/en/docs/tasks/run-application/run-replicated-stateful-application.md @@ -26,30 +26,24 @@ on general patterns for running stateful applications in Kubernetes. ## {{% heading "prerequisites" %}} - -* {{< include "task-tutorial-prereqs.md" >}} -* {{< include "default-storage-class-prereqs.md" >}} -* This tutorial assumes you are familiar with +- {{< include "task-tutorial-prereqs.md" >}} +- {{< include "default-storage-class-prereqs.md" >}} +- This tutorial assumes you are familiar with [PersistentVolumes](/docs/concepts/storage/persistent-volumes/) and [StatefulSets](/docs/concepts/workloads/controllers/statefulset/), as well as other core concepts like [Pods](/docs/concepts/workloads/pods/), [Services](/docs/concepts/services-networking/service/), and [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/). -* Some familiarity with MySQL helps, but this tutorial aims to present +- Some familiarity with MySQL helps, but this tutorial aims to present general patterns that should be useful for other systems. -* You are using the default namespace or another namespace that does not contain any conflicting objects. - - +- You are using the default namespace or another namespace that does not contain any conflicting objects. ## {{% heading "objectives" %}} - -* Deploy a replicated MySQL topology with a StatefulSet. -* Send MySQL client traffic. -* Observe resistance to downtime. -* Scale the StatefulSet up and down. - - +- Deploy a replicated MySQL topology with a StatefulSet. +- Send MySQL client traffic. +- Observe resistance to downtime. +- Scale the StatefulSet up and down. @@ -377,7 +371,7 @@ no new Pods may schedule there, and then evicts any existing Pods. Replace `` with the name of the Node you found in the last step. {{< caution >}} -Draining a Node can impact other workloads and applications +Draining a Node can impact other workloads and applications running on the same node. Only perform the following step in a test cluster. {{< /caution >}} @@ -492,11 +486,8 @@ kubectl delete pvc data-mysql-3 kubectl delete pvc data-mysql-4 ``` - - ## {{% heading "cleanup" %}} - 1. Cancel the `SELECT @@server_id` loop by pressing **Ctrl+C** in its terminal, or running the following from another terminal: @@ -536,17 +527,11 @@ kubectl delete pvc data-mysql-4 Some dynamic provisioners (such as those for EBS and PD) also release the underlying resources upon deleting the PersistentVolumes. - - ## {{% heading "whatsnext" %}} -* Learn more about [scaling a StatefulSet](/docs/tasks/run-application/scale-stateful-set/). -* Learn more about [debugging a StatefulSet](/docs/tasks/debug/debug-application/debug-statefulset/). -* Learn more about [deleting a StatefulSet](/docs/tasks/run-application/delete-stateful-set/). -* Learn more about [force deleting StatefulSet Pods](/docs/tasks/run-application/force-delete-stateful-set-pod/). -* Look in the [Helm Charts repository](https://artifacthub.io/) +- Learn more about [scaling a StatefulSet](/docs/tasks/run-application/scale-stateful-set/). +- Learn more about [debugging a StatefulSet](/docs/tasks/debug/debug-application/debug-statefulset/). +- Learn more about [deleting a StatefulSet](/docs/tasks/run-application/delete-stateful-set/). +- Learn more about [force deleting StatefulSet Pods](/docs/tasks/run-application/force-delete-stateful-set-pod/). +- Look in the [Helm Charts repository](https://artifacthub.io/) for other stateful application examples. - - - - diff --git a/content/en/docs/tasks/run-application/scale-stateful-set.md b/content/en/docs/tasks/run-application/scale-stateful-set.md index 6e34babf9d14d..51ae43ccfdd78 100644 --- a/content/en/docs/tasks/run-application/scale-stateful-set.md +++ b/content/en/docs/tasks/run-application/scale-stateful-set.md @@ -13,22 +13,19 @@ weight: 50 --- -This task shows how to scale a StatefulSet. Scaling a StatefulSet refers to increasing or decreasing the number of replicas. +This task shows how to scale a StatefulSet. Scaling a StatefulSet refers to increasing or decreasing the number of replicas. ## {{% heading "prerequisites" %}} - -* StatefulSets are only available in Kubernetes version 1.5 or later. +- StatefulSets are only available in Kubernetes version 1.5 or later. To check your version of Kubernetes, run `kubectl version`. -* Not all stateful applications scale nicely. If you are unsure about whether to scale your StatefulSets, see [StatefulSet concepts](/docs/concepts/workloads/controllers/statefulset/) or [StatefulSet tutorial](/docs/tutorials/stateful-application/basic-stateful-set/) for further information. +- Not all stateful applications scale nicely. If you are unsure about whether to scale your StatefulSets, see [StatefulSet concepts](/docs/concepts/workloads/controllers/statefulset/) or [StatefulSet tutorial](/docs/tutorials/stateful-application/basic-stateful-set/) for further information. -* You should perform scaling only when you are confident that your stateful application +- You should perform scaling only when you are confident that your stateful application cluster is completely healthy. - - ## Scaling StatefulSets @@ -91,11 +88,6 @@ to reason about scaling operations at the application level in these cases, and perform scaling only when you are sure that your stateful application cluster is completely healthy. - - ## {{% heading "whatsnext" %}} - -* Learn more about [deleting a StatefulSet](/docs/tasks/run-application/delete-stateful-set/). - - +- Learn more about [deleting a StatefulSet](/docs/tasks/run-application/delete-stateful-set/). From 6acd3108c46a5dc3239ea5b01ac5405142f085ff Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Fri, 24 Feb 2023 10:50:42 +0800 Subject: [PATCH 198/537] [zh-cn] Resync kubeadm reference page --- .../kubeadm_init_phase_control-plane_apiserver.md | 11 +++++------ ...adm_init_phase_control-plane_controller-manager.md | 9 +++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md index 4b3c97d9232d3..84e234d72c0c3 100644 --- a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md +++ b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md @@ -143,13 +143,12 @@ Don't apply any changes; just output what would be done.

    一组键值对,用于描述各种功能特性的特性门控。选项是:
    PublicKeysECDSA=true|false (ALPHA - 默认值=false)
    RootlessControlPlane=true|false (ALPHA - 默认值=false) -
    UnversionedKubeletConfigMap=true|false (BETA - 默认值=true)

    @@ -171,9 +170,9 @@ apiserver 操作的帮助命令 ---image-repository string     默认值:"k8s.gcr.io" +--image-repository string     默认值:"registry.k8s.io" @@ -212,12 +211,12 @@ Choose a specific Kubernetes version for the control plane.

    包含名为 "target[suffix][+patchtype].extension" 的文件的目录的路径。 例如,"kube-apiserver0+merge.yaml"或仅仅是 "etcd.json"。 -"target" 可以是 "kube-apiserver"、"kube-controller-manager"、"kube-scheduler"、"etcd" 之一。 +"target" 可以是 "kube-apiserver"、"kube-controller-manager"、"kube-scheduler"、"etcd"、"kubeletconfiguration" 之一。 "patchtype" 可以是 "strategic"、"merge" 或者 "json" 之一, 并且它们与 kubectl 支持的补丁格式相同。 默认的 "patchtype" 是 "strategic"。 diff --git a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md index ed54d6d8e59f7..e5a966082516b 100644 --- a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md +++ b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md @@ -3,7 +3,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference conent, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -105,9 +105,9 @@ Don't apply any changes; just output what would be done. ---image-repository string     默认值:"k8s.gcr.io" +--image-repository string     默认值:"registry.k8s.ioo" @@ -142,10 +142,11 @@ Don't apply any changes; just output what would be done.

    包含名为 "target[suffix][+patchtype].extension" 的文件的目录。 例如,"kube-apiserver0+merge.yaml" 或者 "etcd.json"。 +"target" 可以是 "kube-apiserver"、"kube-controller-manager"、"kube-scheduler"、"etcd"、"kubeletconfiguration" 之一。 "patchtype" 可以是 "strategic"、"merge" 或 "json" 之一,分别与 kubectl 所支持的 patch 格式相匹配。默认的 "patchtype" 是 "strategic"。 "extension" 必须是 "json" 或 "yaml"。 From 6b801158094a491924a36dcf493e2274b98f4779 Mon Sep 17 00:00:00 2001 From: Arhell Date: Fri, 24 Feb 2023 07:58:05 +0200 Subject: [PATCH 199/537] [hi] improvement: kubectl install on windows verify command --- content/hi/docs/tasks/tools/install-kubectl-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/tasks/tools/install-kubectl-windows.md b/content/hi/docs/tasks/tools/install-kubectl-windows.md index fc7d1e1870ad0..5af06aaf32792 100644 --- a/content/hi/docs/tasks/tools/install-kubectl-windows.md +++ b/content/hi/docs/tasks/tools/install-kubectl-windows.md @@ -54,7 +54,7 @@ Windows पर kubectl संस्थापित करने के लिए - `True` या `False` परिणाम प्राप्त करने के लिए `-eq` ऑपरेटर का उपयोग करके सत्यापन को ऑटोमेट करने के लिए powershell का उपयोग करें: ```powershell - $($(CertUtil -hashfile .\kubectl.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl.exe.sha256) + $(Get-FileHash -Algorithm SHA256 .\kubectl.exe).Hash -eq $(Get-Content .\kubectl.exe.sha256) ``` 1. अपने `PATH` में बाइनरी जोड़ें। From ec42ca7f2a932c8764f6e03cdd501e0d300d1a63 Mon Sep 17 00:00:00 2001 From: Anton-Vasilev <91203770+Anton-Vasilev@users.noreply.github.com> Date: Fri, 24 Feb 2023 12:56:02 +0200 Subject: [PATCH 200/537] Typo (subject-verb agreement) Grammar issue: "above commands adds" --- .../en/docs/tasks/administer-cluster/namespaces-walkthrough.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md b/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md index 3fa2f64098cd8..05d87ee6bb927 100644 --- a/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md +++ b/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md @@ -161,7 +161,7 @@ kubectl config set-context prod --namespace=production \ --user=lithe-cocoa-92103_kubernetes ``` -By default, the above commands adds two contexts that are saved into file +By default, the above commands add two contexts that are saved into file `.kube/config`. You can now view the contexts and alternate against the two new request contexts depending on which namespace you wish to work against. From f89b55e0e7df9a4b117c02cb7429549ca0e504bc Mon Sep 17 00:00:00 2001 From: upodroid Date: Fri, 24 Feb 2023 16:58:46 +0300 Subject: [PATCH 201/537] revert change to owners --- data/announcements/OWNERS | 3 --- 1 file changed, 3 deletions(-) diff --git a/data/announcements/OWNERS b/data/announcements/OWNERS index e0c719551b2e4..602afd0322d8d 100644 --- a/data/announcements/OWNERS +++ b/data/announcements/OWNERS @@ -6,6 +6,3 @@ options: no_parent_owners: true approvers: - committee-steering # defined in OWNERS_ALIASES - -labels: -- committee/steering From 2afb7d7d7e17c41d740d8fc9c6af552c3123cba0 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Fri, 24 Feb 2023 16:23:15 +0000 Subject: [PATCH 202/537] Changed the occurrence of scratch to test --- .../configure-access-multiple-clusters.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md b/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md index 03dc6b4dc031f..ca7f6897d32c8 100644 --- a/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md +++ b/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md @@ -41,12 +41,12 @@ cluster's API server. ## Define clusters, users, and contexts -Suppose you have two clusters, one for development work and one for scratch work. +Suppose you have two clusters, one for development work and one for test work. In the `development` cluster, your frontend developers work in a namespace called `frontend`, -and your storage developers work in a namespace called `storage`. In your `scratch` cluster, +and your storage developers work in a namespace called `storage`. In your `test` cluster, developers work in the default namespace, or they create auxiliary namespaces as they see fit. Access to the development cluster requires authentication by certificate. Access -to the scratch cluster requires authentication by username and password. +to the test cluster requires authentication by username and password. Create a directory named `config-exercise`. In your `config-exercise` directory, create a file named `config-demo` with this content: @@ -60,7 +60,7 @@ clusters: - cluster: name: development - cluster: - name: scratch + name: test users: - name: developer @@ -72,7 +72,7 @@ contexts: - context: name: dev-storage - context: - name: exp-scratch + name: exp-test ``` A configuration file describes clusters, users, and contexts. Your `config-demo` file @@ -83,7 +83,7 @@ your configuration file: ```shell kubectl config --kubeconfig=config-demo set-cluster development --server=https://1.2.3.4 --certificate-authority=fake-ca-file -kubectl config --kubeconfig=config-demo set-cluster scratch --server=https://5.6.7.8 --insecure-skip-tls-verify +kubectl config --kubeconfig=config-demo set-cluster test --server=https://5.6.7.8 --insecure-skip-tls-verify ``` Add user details to your configuration file: @@ -108,7 +108,7 @@ Add context details to your configuration file: ```shell kubectl config --kubeconfig=config-demo set-context dev-frontend --cluster=development --namespace=frontend --user=developer kubectl config --kubeconfig=config-demo set-context dev-storage --cluster=development --namespace=storage --user=developer -kubectl config --kubeconfig=config-demo set-context exp-scratch --cluster=scratch --namespace=default --user=experimenter +kubectl config --kubeconfig=config-demo set-context exp-test --cluster=test --namespace=default --user=experimenter ``` Open your `config-demo` file to see the added details. As an alternative to opening the @@ -130,7 +130,7 @@ clusters: - cluster: insecure-skip-tls-verify: true server: https://5.6.7.8 - name: scratch + name: test contexts: - context: cluster: development @@ -143,10 +143,10 @@ contexts: user: developer name: dev-storage - context: - cluster: scratch + cluster: test namespace: default user: experimenter - name: exp-scratch + name: exp-test current-context: "" kind: Config preferences: {} @@ -220,19 +220,19 @@ users: client-key: fake-key-file ``` -Now suppose you want to work for a while in the scratch cluster. +Now suppose you want to work for a while in the test cluster. -Change the current context to `exp-scratch`: +Change the current context to `exp-test`: ```shell -kubectl config --kubeconfig=config-demo use-context exp-scratch +kubectl config --kubeconfig=config-demo use-context exp-test ``` Now any `kubectl` command you give will apply to the default namespace of -the `scratch` cluster. And the command will use the credentials of the user -listed in the `exp-scratch` context. +the `test` cluster. And the command will use the credentials of the user +listed in the `exp-test` context. -View configuration associated with the new current context, `exp-scratch`. +View configuration associated with the new current context, `exp-test`. ```shell kubectl config --kubeconfig=config-demo view --minify @@ -338,10 +338,10 @@ contexts: user: developer name: dev-storage - context: - cluster: scratch + cluster: test namespace: default user: experimenter - name: exp-scratch + name: exp-test ``` For more information about how kubeconfig files are merged, see From ba9ad02b947d67e0d183bb0a1792589fed88bf2b Mon Sep 17 00:00:00 2001 From: Arhell Date: Sat, 25 Feb 2023 02:59:42 +0200 Subject: [PATCH 203/537] [es] Fix homebrew prefix error in bash-completion of kubectl --- .../tasks/tools/included/optional-kubectl-configs-bash-mac.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md b/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md index 00437e7a67377..ce0cce6be63dc 100644 --- a/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md +++ b/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md @@ -50,8 +50,7 @@ brew install bash-completion@2 Como se indica en el resultado de este comando, agregue lo siguiente a su archivo `~/.bash_profile`: ```bash -export BASH_COMPLETION_COMPAT_DIR="/usr/local/etc/bash_completion.d" -[[ -r "/usr/local/etc/profile.d/bash_completion.sh" ]] && . "/usr/local/etc/profile.d/bash_completion.sh" +brew_etc="$(brew --prefix)/etc" && [[ -r "${brew_etc}/profile.d/bash_completion.sh" ]] && . "${brew_etc}/profile.d/bash_completion.sh" ``` Vuelva a cargar su shell y verifique que bash-complete v2 esté instalado correctamente con `type _init_completion`. From 12d9b2c315baa57e5c0e546008d94f8d55e5f015 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sat, 25 Feb 2023 23:15:24 +0800 Subject: [PATCH 204/537] [zh] sync run-single-instance-stateful-application --- .../horizontal-pod-autoscale.md | 56 ++++++++--------- ...un-single-instance-stateful-application.md | 61 +++++++++++-------- 2 files changed, 62 insertions(+), 55 deletions(-) diff --git a/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale.md index 2f2695404f80b..3bde07b79c86e 100644 --- a/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale.md +++ b/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale.md @@ -129,7 +129,7 @@ Kubernetes 将水平 Pod 自动扩缩实现为一个间歇运行的控制回路 @@ -274,7 +274,7 @@ with missing metrics will be used to adjust the final scaling amount. 当使用 CPU 指标来扩缩时,任何还未就绪(还在初始化,或者可能是不健康的)状态的 Pod **或** @@ -287,7 +287,7 @@ determining whether to set aside certain CPU metrics. Instead, it considers a Pod "not yet ready" if it's unready and transitioned to ready within a short, configurable window of time since it started. This value is configured with the `--horizontal-pod-autoscaler-initial-readiness-delay` flag, and its default is 30 -seconds. Once a pod has become ready, it considers any transition to +seconds. Once a pod has become ready, it considers any transition to ready to be the first if it occurred within a longer, configurable time since it started. This value is configured with the `--horizontal-pod-autoscaler-cpu-initialization-period` flag, and its default is 5 minutes. @@ -308,7 +308,7 @@ calculated using the remaining pods not set aside or discarded from above. 如果缺失某些度量值,控制平面会更保守地重新计算平均值,在需要缩小时假设这些 Pod 消耗了目标值的 100%, @@ -325,7 +325,7 @@ of the desired metric, further dampening the magnitude of a scale up. ## 工作量规模的稳定性 {#flapping} @@ -614,7 +614,7 @@ HorizontalPodAutoscaler 采用为每个指标推荐的最大比例, ## 对 Metrics API 的支持 {#support-for-metrics-apis} @@ -628,10 +628,10 @@ APIs, cluster administrators must ensure that: * The corresponding APIs are registered: * For resource metrics, this is the `metrics.k8s.io` API, generally provided by [metrics-server](https://github.com/kubernetes-sigs/metrics-server). - It can be launched as a cluster add-on. + It can be launched as a cluster add-on. * For custom metrics, this is the `custom.metrics.k8s.io` API. It's provided by "adapter" API servers provided by metrics solution vendors. - Check with your metrics pipeline to see if there is a Kubernetes metrics adapter available. + Check with your metrics pipeline to see if there is a Kubernetes metrics adapter available. * For external metrics, this is the `external.metrics.k8s.io` API. It may be provided by the custom metrics adapters provided above. --> @@ -639,14 +639,14 @@ APIs, cluster administrators must ensure that: * 相应的 API 已注册: - * 对于资源指标,将使用 `metrics.k8s.io` API,一般由 [metrics-server](https://github.com/kubernetes-incubator/metrics-server) 提供。 + * 对于资源指标,将使用 `metrics.k8s.io` API,一般由 [metrics-server](https://github.com/kubernetes-incubator/metrics-server) 提供。 它可以作为集群插件启动。 - * 对于自定义指标,将使用 `custom.metrics.k8s.io` API。 + * 对于自定义指标,将使用 `custom.metrics.k8s.io` API。 它由其他度量指标方案厂商的“适配器(Adapter)” API 服务器提供。 检查你的指标管道以查看是否有可用的 Kubernetes 指标适配器。 - * 对于外部指标,将使用 `external.metrics.k8s.io` API。可能由上面的自定义指标适配器提供。 + * 对于外部指标,将使用 `external.metrics.k8s.io` API。可能由上面的自定义指标适配器提供。 此外,还有一个特殊的 `kubectl autoscale` 命令用于创建 HorizontalPodAutoscaler 对象。 @@ -948,7 +949,7 @@ and the number of replicas between 2 and 5. You can implicitly deactivate the HPA for a target without the need to change the HPA configuration itself. If the target's desired replica count -is set to 0, and the HPA's minimum replica count is greater than 0, the HPA +is set to 0, and the HPA's minimum replica count is greater than 0, the HPA stops adjusting the target (and sets the `ScalingActive` Condition on itself to `false`) until you reactivate it by manually adjusting the target's desired replica count or HPA's minimum replica count. @@ -965,7 +966,7 @@ replica count or HPA's minimum replica count. When an HPA is enabled, it is recommended that the value of `spec.replicas` of the Deployment and / or StatefulSet be removed from their -{{< glossary_tooltip text="manifest(s)" term_id="manifest" >}}. If this isn't done, any time +{{< glossary_tooltip text="manifest(s)" term_id="manifest" >}}. If this isn't done, any time a change to that object is applied, for example via `kubectl apply -f deployment.yaml`, this will instruct Kubernetes to scale the current number of Pods to the value of the `spec.replicas` key. This may not be @@ -984,9 +985,9 @@ Deployment 和/或 StatefulSet 的 `spec.replicas` 的值。 Keep in mind that the removal of `spec.replicas` may incur a one-time degradation of Pod counts as the default value of this key is 1 (reference [Deployment Replicas](/docs/concepts/workloads/controllers/deployment#replicas)). -Upon the update, all Pods except 1 will begin their termination procedures. Any +Upon the update, all Pods except 1 will begin their termination procedures. Any deployment application afterwards will behave as normal and respect a rolling -update configuration as desired. You can avoid this degradation by choosing one of the following two +update configuration as desired. You can avoid this degradation by choosing one of the following two methods based on how you are modifying your deployments: --> 请记住,删除 `spec.replicas` 可能会导致 Pod 计数一次性降级,因为此键的默认值为 1 @@ -1000,10 +1001,10 @@ methods based on how you are modifying your deployments: 1. `kubectl apply edit-last-applied deployment/` @@ -1053,4 +1054,3 @@ For more information on HorizontalPodAutoscaler: * 如果你想编写自己的自定义指标适配器, 请查看 [boilerplate](https://github.com/kubernetes-sigs/custom-metrics-apiserver) 以开始使用。 * 阅读 [API 参考](/zh-cn/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/)。 - diff --git a/content/zh-cn/docs/tasks/run-application/run-single-instance-stateful-application.md b/content/zh-cn/docs/tasks/run-application/run-single-instance-stateful-application.md index 857f549926b54..befa380f5b614 100644 --- a/content/zh-cn/docs/tasks/run-application/run-single-instance-stateful-application.md +++ b/content/zh-cn/docs/tasks/run-application/run-single-instance-stateful-application.md @@ -36,7 +36,7 @@ application is MySQL. - 部署 YAML 文件中定义的 PV 和 PVC: + +1. 部署 YAML 文件中定义的 PV 和 PVC: ```shell kubectl apply -f https://k8s.io/examples/application/mysql/mysql-pv.yaml ``` -1. - 部署 YAML 文件中定义的 Deployment: + +2. 部署 YAML 文件中定义的 Deployment: ```shell kubectl apply -f https://k8s.io/examples/application/mysql/mysql-deployment.yaml ``` -1. - 展示 Deployment 相关信息: + +3. 展示 Deployment 相关信息: ```shell kubectl describe deployment mysql @@ -111,21 +117,23 @@ for a secure solution. Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace) ClaimName: mysql-pv-claim ReadOnly: false - Conditions: - Type Status Reason - ---- ------ ------ - Available False MinimumReplicasUnavailable - Progressing True ReplicaSetUpdated - OldReplicaSets: - NewReplicaSet: mysql-63082529 (1/1 replicas created) - Events: - FirstSeen LastSeen Count From SubobjectPath Type Reason Message - --------- -------- ----- ---- ------------- -------- ------ ------- - 33s 33s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set mysql-63082529 to 1 + Conditions: + Type Status Reason + ---- ------ ------ + Available False MinimumReplicasUnavailable + Progressing True ReplicaSetUpdated + OldReplicaSets: + NewReplicaSet: mysql-63082529 (1/1 replicas created) + Events: + FirstSeen LastSeen Count From SubobjectPath Type Reason Message + --------- -------- ----- ---- ------------- -------- ------ ------- + 33s 33s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set mysql-63082529 to 1 ``` -1. - 列举出 Deployment 创建的 pods: + +4. 列举出 Deployment 创建的 pods: ```shell kubectl get pods -l app=mysql @@ -141,8 +149,10 @@ for a secure solution. mysql-63082529-2z3ki 1/1 Running 0 3m ``` -1. - 查看 PersistentVolumeClaim: + +5. 查看 PersistentVolumeClaim: ```shell kubectl describe pvc mysql-pv-claim @@ -180,14 +190,13 @@ Run a MySQL client to connect to the server: --> ## 访问 MySQL 实例 {#accessing-the-mysql-instance} - 前面 YAML 文件中创建了一个允许集群内其他 Pod 访问的数据库服务。该服务中选项 `clusterIP: None` 让服务 DNS 名称直接解析为 Pod 的 IP 地址。 当在一个服务下只有一个 Pod 并且不打算增加 Pod 的数量这是最好的. 运行 MySQL 客户端以连接到服务器: -``` +```shell kubectl run -it --rm --image=mysql:5.6 --restart=Never mysql-client -- mysql -h mysql -ppassword ``` @@ -246,7 +255,7 @@ Delete the deployed objects by name: 通过名称删除部署的对象: -``` +```shell kubectl delete deployment,svc mysql kubectl delete pvc mysql-pv-claim kubectl delete pv mysql-pv-volume @@ -282,5 +291,3 @@ PersistentVolume 将被自动删除。 * 参阅 [kubectl run 文档](/docs/reference/generated/kubectl/kubectl-commands/#run) * 参阅[卷](/zh-cn/docs/concepts/storage/volumes/)和[持久卷](/zh-cn/docs/concepts/storage/persistent-volumes/) - - From 35eda2c4abcc54bed9694e0cc3e07f093aca0ed8 Mon Sep 17 00:00:00 2001 From: Kinzhi Date: Wed, 22 Feb 2023 01:46:22 +0800 Subject: [PATCH 205/537] [zh-cn]SYNC coarse-parallel-processing-work-queue.md [zh-cn]SYNC coarse-parallel-processing-work-queue.md --- .../docs/tasks/job/coarse-parallel-processing-work-queue.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md b/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md index 5982367c609e8..5f60a5218e96e 100644 --- a/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md +++ b/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md @@ -28,7 +28,7 @@ Here is an overview of the steps in this example: 1. **Create a queue, and fill it with messages.** Each message represents one task to be done. In this example, a message is an integer that we will do a lengthy computation on. 1. **Start a Job that works on tasks from the queue**. The Job starts several pods. Each pod takes - one task from the message queue, processes it, and repeats until the end of the queue is reached. + one task from the message queue, processes it, and exits. --> 本例中,我们会运行包含多个并行工作进程的 Kubernetes Job。 @@ -45,8 +45,7 @@ Here is an overview of the steps in this example: 我们将基于这个整数值执行很长的计算操作。 1. **启动一个在队列中执行这些任务的 Job**。 - 该 Job 启动多个 Pod。每个 Pod 从消息队列中取走一个任务,处理它, - 然后重复执行,直到队列的队尾。 + 该 Job 启动多个 Pod。每个 Pod 从消息队列中取走一个任务,处理任务,然后退出。 ## {{% heading "prerequisites" %}} From efe8acd430c1cc2a1ce800296ddcd0bc6ecc87b3 Mon Sep 17 00:00:00 2001 From: Kinzhi Date: Wed, 22 Feb 2023 01:36:46 +0800 Subject: [PATCH 206/537] [zh-cn]SYNC pod-lifecycle.md [zh-cn]SYNC pod-lifecycle.md --- .../docs/concepts/workloads/pods/pod-lifecycle.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/content/zh-cn/docs/concepts/workloads/pods/pod-lifecycle.md b/content/zh-cn/docs/concepts/workloads/pods/pod-lifecycle.md index 71f8bc5050e1a..1cd444c1e3502 100644 --- a/content/zh-cn/docs/concepts/workloads/pods/pod-lifecycle.md +++ b/content/zh-cn/docs/concepts/workloads/pods/pod-lifecycle.md @@ -507,6 +507,19 @@ condition to `True` before sandbox creation and network configuration starts. 对于没有 Init 容器的 Pod,kubelet 会在创建沙箱和网络配置开始之前将 `Initialized` 状况设置为 `True`。 + +### Pod 调度就绪态 {#pod-scheduling-readiness-gate} + + +{{< feature-state for_k8s_version="v1.26" state="alpha" >}} + + +有关详细信息,请参阅 [Pod 调度就绪态](/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness/)。 + From ced4a3e31caeaea1d38c1783cf50edf07a94672f Mon Sep 17 00:00:00 2001 From: Alexander Idelberger Date: Sat, 25 Feb 2023 15:32:19 +0100 Subject: [PATCH 207/537] PDB maxUnavailable rounding logic Clarify the implications of rounding-up in combination with using a percent value and maxUnavailable. --- .../en/docs/tasks/run-application/configure-pdb.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/content/en/docs/tasks/run-application/configure-pdb.md b/content/en/docs/tasks/run-application/configure-pdb.md index 73ca733d0d992..d43cf9a23f317 100644 --- a/content/en/docs/tasks/run-application/configure-pdb.md +++ b/content/en/docs/tasks/run-application/configure-pdb.md @@ -86,12 +86,14 @@ Values for `minAvailable` or `maxUnavailable` can be expressed as integers or as - When you specify an integer, it represents a number of Pods. For instance, if you set `minAvailable` to 10, then 10 Pods must always be available, even during a disruption. - When you specify a percentage by setting the value to a string representation of a percentage (eg. `"50%"`), it represents a percentage of - total Pods. For instance, if you set `maxUnavailable` to `"50%"`, then only 50% of the Pods can be unavailable during a + total Pods. For instance, if you set `minAvailable` to `"50%"`, then at least 50% of the Pods remain available during a disruption. When you specify the value as a percentage, it may not map to an exact number of Pods. For example, if you have 7 Pods and you set `minAvailable` to `"50%"`, it's not immediately obvious whether that means 3 Pods or 4 Pods must be available. -Kubernetes rounds up to the nearest integer, so in this case, 4 Pods must be available. You can examine the +Kubernetes rounds up to the nearest integer, so in this case, 4 Pods must be available. When you specify the value +`maxUnavailable` as a percentage, Kubernetes rounds up the number of Pods that may be disrupted. Thereby a disruption +can exceed your defined `maxUnavailable` percentage. You can examine the [code](https://github.com/kubernetes/kubernetes/blob/23be9587a0f8677eb8091464098881df939c44a9/pkg/controller/disruption/disruption.go#L539) that controls this behavior. @@ -129,8 +131,10 @@ of the number of desired replicas are healthy. Example 3: With a `maxUnavailable` of 5, evictions are allowed as long as there are at most 5 unhealthy replicas among the total number of desired replicas. -Example 4: With a `maxUnavailable` of 30%, evictions are allowed as long as no more than 30% -of the desired replicas are unhealthy. +Example 4: With a `maxUnavailable` of 30%, evictions are allowed as long as the number of +unhealthy replicas does not exceed 30% of the total number of desired replica rounded up to +the nearest integer. If the total number of desired replicas is just one, the only one replica +is still allowed for disruption, leading to an effective unavailability of 100%. In typical usage, a single budget would be used for a collection of pods managed by a controller—for example, the pods in a single ReplicaSet or StatefulSet. From 7bc3d62860eced2e464409165c1a7b4a8cf316ff Mon Sep 17 00:00:00 2001 From: yayoimizuha Date: Sun, 26 Feb 2023 11:06:20 +0900 Subject: [PATCH 208/537] Update content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- .../production-environment/tools/kubeadm/install-kubeadm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 44a0cf3033016..9c7d200cb2a02 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -153,7 +153,7 @@ kubeadmは`kubelet`や`kubectl`をインストールまたは管理**しない** {{< tabs name="k8s_install" >}} {{% tab name="Ubuntu、Debian、またはHypriotOS" %}} -1. `apt` のパッケージ一覧を更新し、Kubernetesの `apt` リポジトリを利用するのに必要なパッケージをインストールします。: +1. `apt`のパッケージ一覧を更新し、Kubernetesの`apt`リポジトリを利用するのに必要なパッケージをインストールします: ```shell sudo apt-get update From 28963c634e8382edbe2fd510ce91d4a267affba4 Mon Sep 17 00:00:00 2001 From: yayoimizuha Date: Sun, 26 Feb 2023 11:06:38 +0900 Subject: [PATCH 209/537] Update content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- .../production-environment/tools/kubeadm/install-kubeadm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 9c7d200cb2a02..0f37918241e16 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -160,7 +160,7 @@ kubeadmは`kubelet`や`kubectl`をインストールまたは管理**しない** sudo apt-get install -y apt-transport-https ca-certificates curl ``` -2. Google Cloudの公開鍵をダウンロード: +2. Google Cloudの公開鍵をダウンロードします: ```shell sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg From cdb1a9c174f902fcb3d439d8c37541277bb030a8 Mon Sep 17 00:00:00 2001 From: yayoimizuha Date: Sun, 26 Feb 2023 11:06:46 +0900 Subject: [PATCH 210/537] Update content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- .../production-environment/tools/kubeadm/install-kubeadm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 0f37918241e16..e3a89b70e50c2 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -166,7 +166,7 @@ kubeadmは`kubelet`や`kubectl`をインストールまたは管理**しない** sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg ``` -3. Kubernetesの `apt` リポジトリを追加: +3. Kubernetesの`apt`リポジトリを追加します: ```shell echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list From 91714b4ce3e92091e05e74856adc7f6975d391a4 Mon Sep 17 00:00:00 2001 From: yayoimizuha Date: Sun, 26 Feb 2023 11:06:59 +0900 Subject: [PATCH 211/537] Update content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- .../production-environment/tools/kubeadm/install-kubeadm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index e3a89b70e50c2..72483a962752b 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -172,7 +172,7 @@ kubeadmは`kubelet`や`kubectl`をインストールまたは管理**しない** echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list ``` -4. `apt` のパッケージ一覧を更新し、kubelet、kubeadm、kubectlをインストールします。そしてバージョンを固定します。: +4. `apt`のパッケージ一覧を更新し、kubelet、kubeadm、kubectlをインストールします。そしてバージョンを固定します: ```shell sudo apt-get update From 58917dece81ce37be56233871493f1cab7d88033 Mon Sep 17 00:00:00 2001 From: yayoimizuha Date: Sun, 26 Feb 2023 11:07:06 +0900 Subject: [PATCH 212/537] Update content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- .../production-environment/tools/kubeadm/install-kubeadm.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 72483a962752b..738c3372a9032 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -179,6 +179,11 @@ kubeadmは`kubelet`や`kubectl`をインストールまたは管理**しない** sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl ``` +{{< note >}} +Debian 12やUbuntu 22.04より古いリリースでは、`/etc/apt/keyrings`はデフォルトでは存在しません。 +必要に応じてこのディレクトリを作成し、誰でも読み取り可能で、管理者のみ書き込み可能にすることができます。 +{{< /note >}} + {{% /tab %}} {{% tab name="CentOS、RHEL、またはFedora" %}} ```bash From dbde7cfe2716014b6a081bf495031f0e2490f7c3 Mon Sep 17 00:00:00 2001 From: Max Date: Sun, 26 Feb 2023 14:18:17 +0800 Subject: [PATCH 213/537] [zh] sync page in tasks/tools (#39666) * [zh] sync page install-kubectl-linux * update * update --- .../docs/tasks/tools/install-kubectl-linux.md | 74 ++++++++++++------- .../docs/tasks/tools/install-kubectl-macos.md | 18 ++++- .../tasks/tools/install-kubectl-windows.md | 14 ++++ 3 files changed, 79 insertions(+), 27 deletions(-) diff --git a/content/zh-cn/docs/tasks/tools/install-kubectl-linux.md b/content/zh-cn/docs/tasks/tools/install-kubectl-linux.md index 43650626ec43b..3cc5f2e831e71 100644 --- a/content/zh-cn/docs/tasks/tools/install-kubectl-linux.md +++ b/content/zh-cn/docs/tasks/tools/install-kubectl-linux.md @@ -21,7 +21,7 @@ card: ## {{% heading "prerequisites" %}} - @@ -30,12 +30,12 @@ kubectl 版本和集群版本之间的差异必须在一个小版本号内。 v{{< skew currentVersionAddMinor 0 >}} 和 v{{< skew currentVersionAddMinor 1 >}} 版本的控制面通信。 用最新兼容版的 kubectl 有助于避免不可预见的问题。 - ## 在 Linux 系统中安装 kubectl {#install-kubectl-on-linux} - 在 Linux 系统中安装 kubectl 有如下几种方法: @@ -49,12 +49,12 @@ The following methods exist for installing kubectl on Linux: - [用原生包管理工具安装](#install-using-native-package-management) - [用其他包管理工具安装](#install-using-other-package-management) - ### 用 curl 在 Linux 系统中安装 kubectl {#install-kubectl-binary-with-curl-on-linux} - 1. 用以下命令下载最新发行版: @@ -64,7 +64,7 @@ The following methods exist for installing kubectl on Linux: ``` {{< note >}} - 基于校验和文件,验证 kubectl 的可执行文件: @@ -101,7 +101,7 @@ The following methods exist for installing kubectl on Linux: echo "$(cat kubectl.sha256) kubectl" | sha256sum --check ``` - 验证通过时,输出为: @@ -110,7 +110,7 @@ The following methods exist for installing kubectl on Linux: kubectl: OK ``` - 验证失败时,`sha256` 将以非零值退出,并打印如下输出: @@ -121,13 +121,13 @@ The following methods exist for installing kubectl on Linux: ``` {{< note >}} - 下载的 kubectl 与校验和文件版本必须相同。 {{< /note >}} - 3. 安装 kubectl @@ -137,7 +137,7 @@ The following methods exist for installing kubectl on Linux: ``` {{< note >}} - 即使你没有目标系统的 root 权限,仍然可以将 kubectl 安装到目录 `~/.local/bin` 中: @@ -150,7 +150,7 @@ The following methods exist for installing kubectl on Linux: ``` {{< /note >}} - @@ -159,13 +159,28 @@ Or use this for detailed view of version: ```bash kubectl version --client ``` - + + {{< note >}} + + 上面的命令会产生一个警告: + ``` + WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. + ``` + + 你可以忽略这个警告。你只检查你所安装的 `kubectl` 的版本。 + {{< /note >}} + 或者使用如下命令来查看版本的详细信息: ```cmd kubectl version --client --output=yaml ``` - ### 用原生包管理工具安装 {#install-using-native-package-management} @@ -248,7 +263,7 @@ sudo yum install -y kubectl {{% /tab %}} {{< /tabs >}} - ### 用其他包管理工具安装 {#install-using-other-package-management} @@ -286,7 +301,7 @@ kubectl version --client {{< /tabs >}} - ## 验证 kubectl 配置 {#verify-kubectl-configration} @@ -302,7 +317,7 @@ kubectl version --client ### 启用 shell 自动补全功能 {#enable-shell-autocompletion} - 2. 验证该可执行文件(可选步骤) - + 下载 kubectl-convert 校验和文件: - + ```bash curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert.sha256" ``` @@ -358,7 +373,7 @@ kubectl 为 Bash、Zsh、Fish 和 PowerShell 提供自动补全功能,可以 If valid, the output is: --> 验证通过时,输出为: - + ```console kubectl-convert: OK ``` @@ -381,7 +396,7 @@ kubectl 为 Bash、Zsh、Fish 和 PowerShell 提供自动补全功能,可以 {{< /note >}} 3. 安装 kubectl-convert @@ -390,7 +405,7 @@ kubectl 为 Bash、Zsh、Fish 和 PowerShell 提供自动补全功能,可以 ``` 4. 验证插件是否安装成功 @@ -403,6 +418,15 @@ kubectl 为 Bash、Zsh、Fish 和 PowerShell 提供自动补全功能,可以 --> 如果你没有看到任何错误就代表插件安装成功了。 + +5. 安装插件后,清理安装文件: + + ```bash + rm kubectl-convert kubectl-convert.sha256 + ``` + ## {{% heading "whatsnext" %}} {{< include "included/kubectl-whats-next.md" >}} diff --git a/content/zh-cn/docs/tasks/tools/install-kubectl-macos.md b/content/zh-cn/docs/tasks/tools/install-kubectl-macos.md index c6be2f348097e..dc57ebccae1ab 100644 --- a/content/zh-cn/docs/tasks/tools/install-kubectl-macos.md +++ b/content/zh-cn/docs/tasks/tools/install-kubectl-macos.md @@ -188,6 +188,21 @@ The following methods exist for installing kubectl on macOS: kubectl version --client ``` + {{< note >}} + + 上面的命令会产生一个警告: + ``` + WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. + ``` + + 你可以忽略这个警告。你只检查你所安装的 `kubectl` 的版本。 + {{< /note >}} + @@ -421,10 +436,9 @@ kubectl 为 Bash、Zsh、Fish 和 PowerShell 提供自动补全功能,可以 1. 安装插件后,清理安装文件: ```bash - rm kubectl kubectl.sha256 + rm kubectl-convert kubectl-convert.sha256 ``` ## {{% heading "whatsnext" %}} {{< include "included/kubectl-whats-next.md" >}} - diff --git a/content/zh-cn/docs/tasks/tools/install-kubectl-windows.md b/content/zh-cn/docs/tasks/tools/install-kubectl-windows.md index c74102e816ee7..0aa3769cd8592 100644 --- a/content/zh-cn/docs/tasks/tools/install-kubectl-windows.md +++ b/content/zh-cn/docs/tasks/tools/install-kubectl-windows.md @@ -122,6 +122,20 @@ The following methods exist for installing kubectl on Windows: ```cmd kubectl version --client ``` + {{< note >}} + + 上面的命令会产生一个警告: + ``` + WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. + ``` + + 你可以忽略这个警告。你只检查你所安装的 `kubectl` 的版本。 + {{< /note >}} @@ -50,7 +47,6 @@ In your shell on that Node, create a `/mnt/data` directory: sudo mkdir /mnt/data ``` - In the `/mnt/data` directory, create an `index.html` file: ```shell @@ -116,8 +112,10 @@ kubectl get pv task-pv-volume The output shows that the PersistentVolume has a `STATUS` of `Available`. This means it has not yet been bound to a PersistentVolumeClaim. - NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE - task-pv-volume 10Gi RWO Retain Available manual 4s +``` +NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE +task-pv-volume 10Gi RWO Retain Available manual 4s +``` ## Create a PersistentVolumeClaim @@ -132,7 +130,9 @@ Here is the configuration file for the PersistentVolumeClaim: Create the PersistentVolumeClaim: - kubectl apply -f https://k8s.io/examples/pods/storage/pv-claim.yaml +```shell +kubectl apply -f https://k8s.io/examples/pods/storage/pv-claim.yaml +``` After you create the PersistentVolumeClaim, the Kubernetes control plane looks for a PersistentVolume that satisfies the claim's requirements. If the control @@ -147,8 +147,10 @@ kubectl get pv task-pv-volume Now the output shows a `STATUS` of `Bound`. - NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE - task-pv-volume 10Gi RWO Retain Bound default/task-pv-claim manual 2m +``` +NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE +task-pv-volume 10Gi RWO Retain Bound default/task-pv-claim manual 2m +``` Look at the PersistentVolumeClaim: @@ -159,8 +161,10 @@ kubectl get pvc task-pv-claim The output shows that the PersistentVolumeClaim is bound to your PersistentVolume, `task-pv-volume`. - NAME STATUS VOLUME CAPACITY ACCESSMODES STORAGECLASS AGE - task-pv-claim Bound task-pv-volume 10Gi RWO manual 30s +``` +NAME STATUS VOLUME CAPACITY ACCESSMODES STORAGECLASS AGE +task-pv-claim Bound task-pv-volume 10Gi RWO manual 30s +``` ## Create a Pod @@ -206,15 +210,16 @@ curl http://localhost/ The output shows the text that you wrote to the `index.html` file on the hostPath volume: - Hello from Kubernetes storage - +``` +Hello from Kubernetes storage +``` If you see that message, you have successfully configured a Pod to use storage from a PersistentVolumeClaim. ## Clean up -Delete the Pod, the PersistentVolumeClaim and the PersistentVolume: +Delete the Pod, the PersistentVolumeClaim and the PersistentVolume: ```shell kubectl delete pod task-pv-pod @@ -275,12 +280,8 @@ When a Pod consumes a PersistentVolume, the GIDs associated with the PersistentVolume are not present on the Pod resource itself. {{< /note >}} - - - ## {{% heading "whatsnext" %}} - * Learn more about [PersistentVolumes](/docs/concepts/storage/persistent-volumes/). * Read the [Persistent Storage design document](https://git.k8s.io/design-proposals-archive/storage/persistent-storage.md). @@ -290,7 +291,3 @@ PersistentVolume are not present on the Pod resource itself. * [PersistentVolumeSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumespec-v1-core) * [PersistentVolumeClaim](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumeclaim-v1-core) * [PersistentVolumeClaimSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumeclaimspec-v1-core) - - - - diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index bba65c0f58114..b15467ab94d04 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -15,7 +15,8 @@ ConfigMaps are a Kubernetes mechanism that let you inject configuration data int The ConfigMap concept allow you to decouple configuration artifacts from image content to keep containerized applications portable. For example, you can download and run the same -{{< glossary_tooltip text="container image" term_id="image" >}} to spin up containers for the purposes of local development, system test, or running a live end-user workload. +{{< glossary_tooltip text="container image" term_id="image" >}} to spin up containers for +the purposes of local development, system test, or running a live end-user workload. This page provides a series of usage examples demonstrating how to create ConfigMaps and configure Pods using data stored in ConfigMaps. @@ -30,7 +31,6 @@ step that downloads example data. - ## Create a ConfigMap You can use either `kubectl create configmap` or a ConfigMap generator in `kustomization.yaml` @@ -66,15 +66,15 @@ whose filename is a valid key in the directory and packages each of those files ConfigMap. Any directory entries except regular files are ignored (for example: subdirectories, symlinks, devices, pipes, and more). - {{< note >}} -Each filename being used for ConfigMap creation must consist of only acceptable characters, which are: letters (`A` to `Z` and `a` to z`), digits (`0` to `9`), '-', '_', or '.'. -If you use `kubectl create configmap` with a directory where any of the file names contains an unacceptable character, the `kubectl` command may fail. +Each filename being used for ConfigMap creation must consist of only acceptable characters, +which are: letters (`A` to `Z` and `a` to z`), digits (`0` to `9`), '-', '_', or '.'. +If you use `kubectl create configmap` with a directory where any of the file names contains +an unacceptable character, the `kubectl` command may fail. The `kubectl` command does not print an error when it encounters an invalid filename. {{< /note >}} - Create the local directory: ```shell @@ -396,7 +396,6 @@ data: special.type: charm ``` - ### Create a ConfigMap from generator You can also create a ConfigMap from generators and then apply it to create the object @@ -543,7 +542,8 @@ section, and learn how to use these objects with Pods. kubectl create configmap special-config --from-literal=special.how=very ``` -2. Assign the `special.how` value defined in the ConfigMap to the `SPECIAL_LEVEL_KEY` environment variable in the Pod specification. +2. Assign the `special.how` value defined in the ConfigMap to the `SPECIAL_LEVEL_KEY` + environment variable in the Pod specification. {{< codenew file="pods/pod-single-configmap-env-variable.yaml" >}} @@ -597,7 +597,6 @@ Here is the manifest you will use: kubectl create -f https://kubernetes.io/examples/configmap/configmap-multikeys.yaml ``` - * Use `envFrom` to define all of the ConfigMap's data as container environment variables. The key from the ConfigMap becomes the environment variable name in the Pod. @@ -627,7 +626,6 @@ For example, the following Pod manifest: Create that Pod, by running: - ```shell kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-env-var-valueFrom.yaml ``` @@ -646,7 +644,7 @@ kubectl delete pod dapi-test-pod --now ## Add ConfigMap data to a Volume As explained in [Create ConfigMaps from files](#create-configmaps-from-files), when you create -a ConfigMap using ``--from-file``, the filename becomes a key stored in the `data` section of +a ConfigMap using `--from-file`, the filename becomes a key stored in the `data` section of the ConfigMap. The file contents become the key's value. The examples in this section refer to a ConfigMap named `special-config`: @@ -682,7 +680,8 @@ SPECIAL_TYPE ``` Text data is exposed as files using the UTF-8 character encoding. To use some other -character encoding, use `binaryData` (see [ConfigMap object](/docs/concepts/configuration/configmap/#configmap-object) for more details). +character encoding, use `binaryData` +(see [ConfigMap object](/docs/concepts/configuration/configmap/#configmap-object) for more details). {{< note >}} If there are any files in the `/etc/config` directory of that container image, the volume @@ -722,7 +721,6 @@ Delete that Pod: kubectl delete pod dapi-test-pod --now ``` - ### Project keys to specific paths and file permissions You can project keys to specific paths and specific permissions on a per-file @@ -732,7 +730,7 @@ guide explains the syntax. ### Optional references -A ConfigMap reference may be marked _optional_. If the ConfigMap is non-existent, the mounted +A ConfigMap reference may be marked _optional_. If the ConfigMap is non-existent, the mounted volume will be empty. If the ConfigMap exists, but the referenced key is non-existent, the path will be absent beneath the mount point. See [Optional ConfigMaps](#optional-configmaps) for more details. @@ -751,7 +749,8 @@ minute by default) + TTL of ConfigMaps cache (1 minute by default) in kubelet. Y can trigger an immediate refresh by updating one of the pod's annotations. {{< note >}} -A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) volume will not receive ConfigMap updates. +A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) +volume will not receive ConfigMap updates. {{< /note >}} @@ -821,7 +820,7 @@ spec: containers: - name: test-container image: gcr.io/google_containers/busybox - command: [ "/bin/sh", "-c", "env" ] + command: ["/bin/sh", "-c", "env"] env: - name: SPECIAL_LEVEL_KEY valueFrom: @@ -850,7 +849,7 @@ spec: containers: - name: test-container image: gcr.io/google_containers/busybox - command: [ "/bin/sh", "-c", "ls /etc/config" ] + command: ["/bin/sh", "-c", "ls /etc/config"] volumeMounts: - name: config-volume mountPath: /etc/config @@ -875,7 +874,8 @@ are projected to the pod can be as long as kubelet sync period (1 minute by defa ConfigMaps cache (1 minute by default) in kubelet. {{< note >}} -A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) volume will not receive ConfigMap updates. +A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) +volume will not receive ConfigMap updates. {{< /note >}} ## Restrictions @@ -926,7 +926,6 @@ kubectl delete configmap -l 'game-config in (config-4,config-5)’ If you created a directory `configure-pod-container` and no longer need it, you should remove that too, or move it into the trash can / deleted files location. - ## {{% heading "whatsnext" %}} * Follow a real world example of diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md b/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md index aa99a152b0aad..5f185341dcef5 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-initialization.md @@ -5,18 +5,14 @@ weight: 170 --- + This page shows how to use an Init Container to initialize a Pod before an application Container runs. - - ## {{% heading "prerequisites" %}} - {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} - - ## Create a Pod that has an Init Container @@ -37,55 +33,63 @@ shared Volume at `/work-dir`, and the application container mounts the shared Volume at `/usr/share/nginx/html`. The init container runs the following command and then terminates: - wget -O /work-dir/index.html http://info.cern.ch +```shell +wget -O /work-dir/index.html http://info.cern.ch +``` Notice that the init container writes the `index.html` file in the root directory of the nginx server. Create the Pod: - kubectl apply -f https://k8s.io/examples/pods/init-containers.yaml +```shell +kubectl apply -f https://k8s.io/examples/pods/init-containers.yaml +``` Verify that the nginx container is running: - kubectl get pod init-demo +```shell +kubectl get pod init-demo +``` The output shows that the nginx container is running: - NAME READY STATUS RESTARTS AGE - init-demo 1/1 Running 0 1m +``` +NAME READY STATUS RESTARTS AGE +init-demo 1/1 Running 0 1m +``` Get a shell into the nginx container running in the init-demo Pod: - kubectl exec -it init-demo -- /bin/bash +```shell +kubectl exec -it init-demo -- /bin/bash +``` In your shell, send a GET request to the nginx server: - root@nginx:~# apt-get update - root@nginx:~# apt-get install curl - root@nginx:~# curl localhost +``` +root@nginx:~# apt-get update +root@nginx:~# apt-get install curl +root@nginx:~# curl localhost +``` The output shows that nginx is serving the web page that was written by the init container: -

    - http://info.cern.ch -
    - -

    http://info.cern.ch - home of the first website

    - ... -
  1. Browse the first website
    2. - ... - +```html +
    +http://info.cern.ch +
    +

    http://info.cern.ch - home of the first website

    + ... +
  2. Browse the first website
    3. + ... +``` ## {{% heading "whatsnext" %}} - * Learn more about -[communicating between Containers running in the same Pod](/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume/). + [communicating between Containers running in the same Pod](/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume/). * Learn more about [Init Containers](/docs/concepts/workloads/pods/init-containers/). * Learn more about [Volumes](/docs/concepts/storage/volumes/). * Learn more about [Debugging Init Containers](/docs/tasks/debug/debug-application/debug-init-containers/) - - - From 4ad5616ecb75bfbc1660cddb1b8c6eafb10086e9 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 26 Feb 2023 21:21:13 +0800 Subject: [PATCH 215/537] resync pages --- .../run-application/access-api-from-pod.md | 25 ++++---- .../tasks/run-application/configure-pdb.md | 28 ++++----- .../force-delete-stateful-set-pod.md | 58 ++++++++++++++----- 3 files changed, 70 insertions(+), 41 deletions(-) diff --git a/content/zh-cn/docs/tasks/run-application/access-api-from-pod.md b/content/zh-cn/docs/tasks/run-application/access-api-from-pod.md index bf6f6fc2a0b59..f80b4fc04516c 100644 --- a/content/zh-cn/docs/tasks/run-application/access-api-from-pod.md +++ b/content/zh-cn/docs/tasks/run-application/access-api-from-pod.md @@ -48,15 +48,18 @@ libraries can automatically discover the API server and authenticate. From within a Pod, the recommended ways to connect to the Kubernetes API are: - - For a Go client, use the official [Go client library](https://github.com/kubernetes/client-go/). - The `rest.InClusterConfig()` function handles API host discovery and authentication automatically. - See [an example here](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go). +- For a Go client, use the official + [Go client library](https://github.com/kubernetes/client-go/). + The `rest.InClusterConfig()` function handles API host discovery and authentication automatically. + See [an example here](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go). - - For a Python client, use the official [Python client library](https://github.com/kubernetes-client/python/). - The `config.load_incluster_config()` function handles API host discovery and authentication automatically. - See [an example here](https://github.com/kubernetes-client/python/blob/master/examples/in_cluster_config.py). +- For a Python client, use the official + [Python client library](https://github.com/kubernetes-client/python/). + The `config.load_incluster_config()` function handles API host discovery and authentication automatically. + See [an example here](https://github.com/kubernetes-client/python/blob/master/examples/in_cluster_config.py). - - There are a number of other libraries available, please refer to the [Client Libraries](/docs/reference/using-api/client-libraries/) page. +- There are a number of other libraries available, please refer to the + [Client Libraries](/docs/reference/using-api/client-libraries/) page. In each case, the service account credentials of the Pod are used to communicate securely with the API server. @@ -97,7 +100,7 @@ API 服务器的集群内地址也发布到 `default` 命名空间中名为 `kub {{< note >}} @@ -155,7 +158,7 @@ in the Pod can use it directly. ### Without using a proxy It is possible to avoid using the kubectl proxy by passing the authentication token -directly to the API server. The internal certificate secures the connection. +directly to the API server. The internal certificate secures the connection. --> ### 不使用代理 {#without-using-a-proxy} @@ -190,9 +193,7 @@ The output will be similar to this: ```json { "kind": "APIVersions", - "versions": [ - "v1" - ], + "versions": ["v1"], "serverAddressByClientCIDRs": [ { "clientCIDR": "0.0.0.0/0", diff --git a/content/zh-cn/docs/tasks/run-application/configure-pdb.md b/content/zh-cn/docs/tasks/run-application/configure-pdb.md index f01102b103fe1..8ed9f740354f0 100644 --- a/content/zh-cn/docs/tasks/run-application/configure-pdb.md +++ b/content/zh-cn/docs/tasks/run-application/configure-pdb.md @@ -115,17 +115,17 @@ due to a voluntary disruption. - Single-instance Stateful Application: - Concern: do not terminate this application without talking to me. - Possible Solution 1: Do not use a PDB and tolerate occasional downtime. - - Possible Solution 2: Set PDB with maxUnavailable=0. Have an understanding + - Possible Solution 2: Set PDB with maxUnavailable=0. Have an understanding (outside of Kubernetes) that the cluster operator needs to consult you before - termination. When the cluster operator contacts you, prepare for downtime, - and then delete the PDB to indicate readiness for disruption. Recreate afterwards. + termination. When the cluster operator contacts you, prepare for downtime, + and then delete the PDB to indicate readiness for disruption. Recreate afterwards. - Multiple-instance Stateful application such as Consul, ZooKeeper, or etcd: - Concern: Do not reduce number of instances below quorum, otherwise writes fail. - Possible Solution 1: set maxUnavailable to 1 (works with varying scale of application). - - Possible Solution 2: set minAvailable to quorum-size (e.g. 3 when scale is 5). (Allows more disruptions at once). + - Possible Solution 2: set minAvailable to quorum-size (e.g. 3 when scale is 5). (Allows more disruptions at once). - Restartable Batch Job: - Concern: Job needs to complete in case of voluntary disruption. - - Possible solution: Do not create a PDB. The Job controller will create a replacement pod. + - Possible solution: Do not create a PDB. The Job controller will create a replacement pod. --> - 无状态的前端: - 关注:不能降低服务能力 10% 以上。 @@ -183,7 +183,7 @@ Kubernetes 采用向上取整到最接近的整数的办法,因此在这种情 ## 指定 PodDisruptionBudget @@ -238,7 +238,7 @@ Example 1: With a `minAvailable` of 5, evictions are allowed as long as they lea 示例 2:设置 `minAvailable` 值为 30% 的情况下,驱逐时需保证 Pod 所需副本的至少 30% 处于健康状态。 @@ -256,20 +256,20 @@ of the desired replicas are unhealthy. 在典型用法中,干扰预算会被用于一个控制器管理的一组 Pod 中 —— 例如:一个 ReplicaSet 或 StatefulSet 中的 Pod。 +{{< note >}} -{{< note >}} 干扰预算并不能真正保证指定数量/百分比的 Pod 一直处于运行状态。例如: 当 Pod 集合的 规模处于预算指定的最小值时,承载集合中某个 Pod 的节点发生了故障,这样就导致集合中可用 Pod 的 数量低于预算指定值。预算只能够针对自发的驱逐提供保护,而不能针对所有 Pod 不可用的诱因。 @@ -440,8 +440,8 @@ on the [API server](/docs/reference/command-line-tools-reference/kube-apiserver/ 守护应用程序的 PodDisruptionBudget 通过不允许驱逐健康的 Pod 来确保 `.status.currentHealthy` 的 Pod @@ -526,8 +526,8 @@ You can use a PDB with pods controlled by another type of controller, by an 你可以令选择算符选择一个内置控制器所控制 Pod 的子集或父集。 diff --git a/content/zh-cn/docs/tasks/run-application/force-delete-stateful-set-pod.md b/content/zh-cn/docs/tasks/run-application/force-delete-stateful-set-pod.md index c19a050638a95..f25453745adf2 100644 --- a/content/zh-cn/docs/tasks/run-application/force-delete-stateful-set-pod.md +++ b/content/zh-cn/docs/tasks/run-application/force-delete-stateful-set-pod.md @@ -17,7 +17,9 @@ weight: 70 本文介绍如何删除 {{< glossary_tooltip text="StatefulSet" term_id="StatefulSet" >}} 管理的 Pod,并解释这样操作时需要记住的注意事项。 @@ -25,7 +27,8 @@ This page shows how to delete Pods which are part of a {{< glossary_tooltip text ## {{% heading "prerequisites" %}} * 这是一项相当高级的任务,并且可能会违反 StatefulSet 固有的某些属性。 @@ -36,7 +39,12 @@ This page shows how to delete Pods which are part of a {{< glossary_tooltip text ## StatefulSet 注意事项 @@ -47,7 +55,12 @@ In normal operation of a StatefulSet, there is **never** a need to force delete 这就是所谓的由 StatefulSet 提供的**最多一个(At Most One)** Pod 的语义。 应谨慎进行手动强制删除操作,因为它可能会违反 StatefulSet 固有的至多一个的语义。 StatefulSets 可用于运行分布式和集群级的应用,这些应用需要稳定的网络标识和可靠的存储。 @@ -68,7 +81,10 @@ kubectl delete pods ``` @@ -93,8 +109,10 @@ The only ways in which a Pod in such a state can be removed from the apiserver a 从 API 服务器上删除处于这些状态 Pod 的仅有可行方法如下: * 删除 Node 对象(要么你来删除, 要么[节点控制器](/zh-cn/docs/concepts/architecture/nodes/#node-controller) @@ -103,7 +121,11 @@ The only ways in which a Pod in such a state can be removed from the apiserver a * 用户强制删除 pod 推荐使用第一种或者第二种方法。 如果确认节点已经不可用了(比如,永久断开网络、断电等), @@ -112,7 +134,8 @@ The recommended best practice is to use the first or second approach. If a Node 当网裂愈合时,kubelet 将完成 Pod 的删除并从 API 服务器上释放其名字。 通常,Pod 一旦不在节点上运行,或者管理员删除了节点,系统就会完成其删除动作。 你也可以通过强制删除 Pod 来绕过这一机制。 @@ -120,7 +143,12 @@ Normally, the system completes the deletion once the Pod is no longer running on ### 强制删除 {#force-deletion} @@ -131,7 +159,9 @@ Force deletions **do not** wait for confirmation from the kubelet that the Pod h 最多一个的语义。 当你强制删除 StatefulSet 类型的 Pod 时,你要确保有问题的 Pod 不会再和 StatefulSet 管理的其他 Pod 通信并且可以安全地释放其名字以便创建替代 Pod。 @@ -155,7 +185,8 @@ kubectl delete pods --grace-period=0 ``` 如果在这些命令后 Pod 仍处于 `Unknown` 状态,请使用以下命令从集群中删除 Pod: @@ -168,12 +199,9 @@ Always perform force deletion of StatefulSet Pods carefully and with complete kn --> 请始终谨慎地执行强制删除 StatefulSet 类型的 Pod,并充分了解强制删除操作所涉及的风险。 - ## {{% heading "whatsnext" %}} 进一步了解[调试 StatefulSet](/zh-cn/docs/tasks/debug/debug-application/debug-statefulset/)。 - - From 71a81bf8afe536c5132145325f858968a95ee82e Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 26 Feb 2023 21:32:23 +0800 Subject: [PATCH 216/537] [zh] resync service-access-application-cluster --- .../connecting-frontend-backend.md | 22 +++--- .../create-external-load-balancer.md | 4 +- .../ingress-minikube.md | 10 +-- .../service-access-application-cluster.md | 10 +-- .../web-ui-dashboard.md | 70 +++++++++++++------ 5 files changed, 72 insertions(+), 44 deletions(-) diff --git a/content/zh-cn/docs/tasks/access-application-cluster/connecting-frontend-backend.md b/content/zh-cn/docs/tasks/access-application-cluster/connecting-frontend-backend.md index e26970d92f829..90583761edce3 100644 --- a/content/zh-cn/docs/tasks/access-application-cluster/connecting-frontend-backend.md +++ b/content/zh-cn/docs/tasks/access-application-cluster/connecting-frontend-backend.md @@ -148,7 +148,7 @@ First, explore the Service configuration file: {{< codenew file="service/access/backend-service.yaml" >}} 配置文件中,你可以看到名为 `hello` 的 Service 将流量路由到包含 `app: hello` @@ -182,8 +182,8 @@ given to the backend Service. The DNS name is `hello`, which is the value of the `name` field in the `examples/service/access/backend-service.yaml` configuration file. -The Pods in the frontend Deployment run an nginx image that is configured -to proxy requests to the hello backend Service. Here is the nginx configuration file: +The Pods in the frontend Deployment run a nginx image that is configured +to proxy requests to the `hello` backend Service. Here is the nginx configuration file: --> ### 创建前端应用 @@ -195,7 +195,7 @@ to proxy requests to the hello backend Service. Here is the nginx configuration 文件中 `name` 字段的取值。 前端 Deployment 中的 Pods 运行一个 nginx 镜像,这个已经配置好的镜像会将请求转发 -给后端的 hello Service。下面是 nginx 的配置文件: +给后端的 `hello` Service。下面是 nginx 的配置文件: {{< codenew file="service/access/frontend-nginx.conf" >}} @@ -235,6 +235,7 @@ deployment.apps/frontend created service/frontend created ``` +{{< note >}} -{{< note >}} 这个 nginx 配置文件是被打包在 [容器镜像](/examples/service/access/Dockerfile) 里的。 更好的方法是使用 @@ -261,7 +261,7 @@ command to find the external IP: 一旦你创建了 LoadBalancer 类型的 Service,你可以使用这条命令查看外部 IP: ```shell -kubectl get service frontend +kubectl get service frontend --watch ``` 负载均衡器的 IP 地址列在 `LoadBalancer Ingress` 旁边。 +{{< note >}} -{{< note >}} 如果你在 Minikube 上运行服务,你可以通过以下命令找到分配的 IP 地址和端口: ```bash @@ -264,7 +264,7 @@ Internal pod to pod traffic should behave similar to ClusterIP services, with eq 内部 Pod 到 Pod 的流量应该与 ClusterIP 服务类似,所有 Pod 的概率相同。 ## 回收负载均衡器 {#garbage-collecting-load-balancers} diff --git a/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md b/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md index f8daab406ae42..a9668235124d1 100644 --- a/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md +++ b/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md @@ -1,7 +1,7 @@ --- title: 在 Minikube 环境中使用 NGINX Ingress 控制器配置 Ingress content_type: task -weight: 100 +weight: 110 min-kubernetes-server-version: 1.19 --- -### 创建一个 Minikube 集群 {#create-minikube-cluster} +### 创建一个 Minikube 集群 {#create-minikube-cluster} 使用 Katacoda : {{< kat-button >}} @@ -201,7 +201,7 @@ Locally ``` 4. 使用节点端口信息访问服务: @@ -327,7 +327,7 @@ The following manifest defines an Ingress that sends traffic to your Service via Ingress 列表中显示的 IP 地址会是内部 IP 地址。 {{< /note >}} - @@ -439,7 +439,7 @@ The following manifest defines an Ingress that sends traffic to your Service via ``` diff --git a/content/zh-cn/docs/tasks/access-application-cluster/service-access-application-cluster.md b/content/zh-cn/docs/tasks/access-application-cluster/service-access-application-cluster.md index 6023ebf0f429a..f70afb8340393 100644 --- a/content/zh-cn/docs/tasks/access-application-cluster/service-access-application-cluster.md +++ b/content/zh-cn/docs/tasks/access-application-cluster/service-access-application-cluster.md @@ -73,7 +73,7 @@ Here is the configuration file for the application Deployment: 和一个关联的 {{< glossary_tooltip term_id="replica-set" text="ReplicaSet" >}} 对象。 这个 ReplicaSet 有两个 {{< glossary_tooltip text="Pod" term_id="pod" >}}, 每个 Pod 都运行着 Hello World 应用。 - + @@ -117,7 +117,7 @@ Here is the configuration file for the application Deployment: --> 输出类似于: - ``` + ```none Name: example-service Namespace: default Labels: run=load-balancer-example @@ -154,11 +154,12 @@ Here is the configuration file for the application Deployment: 输出类似于: - ``` + ```none NAME READY STATUS ... IP NODE hello-world-2895499144-bsbk5 1/1 Running ... 10.200.1.4 worker1 hello-world-2895499144-m1pwt 1/1 Running ... 10.200.2.5 worker2 ``` + 跟随教程[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/)。 - diff --git a/content/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard.md b/content/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard.md index 47375267f4627..654c5d11a1980 100644 --- a/content/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard.md +++ b/content/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard.md @@ -79,10 +79,10 @@ To create a token for this demo, you can follow our guide on [创建示例用户](https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md) 上的指南进行操作。 +{{< warning >}} -{{< warning >}} 在教程中创建的样本用户将具有管理特权,并且仅用于教育目的。 {{< /warning >}} @@ -110,11 +110,11 @@ The UI can _only_ be accessed from the machine where the command is executed. Se --> UI _只能_ 通过执行这条命令的机器进行访问。更多选项参见 `kubectl proxy --help`。 +{{< note >}} -{{< note >}} Kubeconfig 身份验证方法**不**支持外部身份提供程序或基于 x509 证书的身份验证。 {{< /note >}} @@ -124,7 +124,10 @@ Kubeconfig 身份验证方法**不**支持外部身份提供程序或基于 x509 ## 欢迎界面 当访问空集群的 Dashboard 时,你会看到欢迎界面。 页面包含一个指向此文档的链接,以及一个用于部署第一个应用程序的按钮。 @@ -163,28 +166,37 @@ The deploy wizard expects that you provide the following information: 部署向导需要你提供以下信息: - **应用名称**(必填):应用的名称。内容为 `应用名称` 的 [标签](/zh-cn/docs/concepts/overview/working-with-objects/labels/) 会被添加到任何将被部署的 Deployment 和 Service。 在选定的 Kubernetes [名字空间](/zh-cn/docs/tasks/administer-cluster/namespaces/) 中, 应用名称必须唯一。必须由小写字母开头,以数字或者小写字母结尾, 并且只含有小写字母、数字和中划线(-)。小于等于24个字符。开头和结尾的空格会被忽略。 - **容器镜像**(必填):公共镜像仓库上的 Docker [容器镜像](/zh-cn/docs/concepts/containers/images/) 或者私有镜像仓库 (通常是 Google Container Registry 或者 Docker Hub)的 URL。容器镜像参数说明必须以冒号结尾。 - **Pod 的数量**(必填):你希望应用程序部署的 Pod 的数量。值必须为正整数。 @@ -196,16 +208,18 @@ The deploy wizard expects that you provide the following information: 以保证集群中运行期望的 Pod 数量。 - **服务**(可选):对于部分应用(比如前端),你可能想对外暴露一个 [Service](/zh-cn/docs/concepts/services-networking/service/),这个 Service 可能用的是集群之外的公网 IP 地址(外部 Service)。 + {{< note >}} - {{< note >}} 对于外部服务,你可能需要开放一个或多个端口才行。 {{< /note >}} @@ -241,7 +255,10 @@ If needed, you can expand the **Advanced options** section where you can specify 添加到 Deployment,并显示在应用的详细信息中。 - **标签**:应用默认使用的 [标签](/zh-cn/docs/concepts/overview/working-with-objects/labels/) 是应用名称和版本。 @@ -259,7 +276,9 @@ If needed, you can expand the **Advanced options** section where you can specify ``` - **名字空间**:Kubernetes 支持多个虚拟集群依附于同一个物理集群。 这些虚拟集群被称为 @@ -268,8 +287,7 @@ If needed, you can expand the **Advanced options** section where you can specify Dashboard 通过下拉菜单提供所有可用的名字空间,并允许你创建新的名字空间。 名字空间的名称最长可以包含 63 个字母或数字和中横线(-),但是不能包含大写字母。 @@ -287,7 +305,9 @@ If needed, you can expand the **Advanced options** section where you can specify 在名字空间创建成功的情况下,默认会使用新创建的名字空间。如果创建失败,那么第一个名字空间会被选中。 - **镜像拉取 Secret**:如果要使用私有的 Docker 容器镜像,需要拉取 [Secret](/zh-cn/docs/concepts/configuration/secret/) 凭证。 @@ -306,8 +326,7 @@ If needed, you can expand the **Advanced options** section where you can specify 文件中声明。Secret 名称最大可以包含 253 个字符。 在镜像拉取 Secret 创建成功的情况下,默认会使用新创建的 Secret。 如果创建失败,则不会使用任何 Secret。 @@ -343,7 +362,11 @@ If needed, you can expand the **Advanced options** section where you can specify 特权容器可以使用诸如操纵网络堆栈和访问设备的功能。 - **环境变量**:Kubernetes 通过 [环境变量](/zh-cn/docs/tasks/inject-data-application/environment-variable-expose-pod-information/) @@ -382,7 +405,9 @@ Following sections describe views of the Kubernetes Dashboard UI; what they prov ### 导航 @@ -435,7 +460,10 @@ HorizontalPodAutoscalers。 #### 服务 @@ -454,7 +482,8 @@ Storage view shows PersistentVolumeClaim resources which are used by application #### ConfigMap 和 Secret {#config-maps-and-secrets} @@ -484,4 +513,3 @@ For more information, see the [Kubernetes Dashboard project page](https://github.com/kubernetes/dashboard). --> 更多信息,参见 [Kubernetes Dashboard 项目页面](https://github.com/kubernetes/dashboard). - From b1ed291dfda6385a0328f3d1af0c1e748ffd1b11 Mon Sep 17 00:00:00 2001 From: Erlison Santos <98214640+MrErlison@users.noreply.github.com> Date: Sun, 26 Feb 2023 12:54:17 -0300 Subject: [PATCH 217/537] [pt-br] Add /docs/reference/setup-tools (#33105) * Add content/pt-br/docs/reference/setup-tools/kubeadm * Fix spelling mistake * Add pt-br/docs/reference/setup-tools/kubeadm/generated/_index.md * Update translation Signed-off-by: Mr. Erlison * Update translation corrections Signed-off-by: Mr. Erlison --------- Signed-off-by: Mr. Erlison --- .../docs/reference/setup-tools/_index.md | 4 +++ .../reference/setup-tools/kubeadm/_index.md | 32 +++++++++++++++++++ .../setup-tools/kubeadm/generated/_index.md | 6 ++++ 3 files changed, 42 insertions(+) create mode 100644 content/pt-br/docs/reference/setup-tools/_index.md create mode 100644 content/pt-br/docs/reference/setup-tools/kubeadm/_index.md create mode 100644 content/pt-br/docs/reference/setup-tools/kubeadm/generated/_index.md diff --git a/content/pt-br/docs/reference/setup-tools/_index.md b/content/pt-br/docs/reference/setup-tools/_index.md new file mode 100644 index 0000000000000..09ca0c9e49ab8 --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/_index.md @@ -0,0 +1,4 @@ +--- +title: Ferramentas de Configuração +weight: 50 +--- diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/_index.md b/content/pt-br/docs/reference/setup-tools/kubeadm/_index.md new file mode 100644 index 0000000000000..da5e972af8228 --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/_index.md @@ -0,0 +1,32 @@ +--- +title: "Kubeadm" +weight: 10 +no_list: true +content_type: concept +card: + name: reference + weight: 40 +--- + +O Kubeadm é uma ferramenta criada para fornecer o `kubeadm init` e o `kubeadm join` como "caminhos rápidos" de melhores práticas para criar clusters Kubernetes. + +O kubeadm executa as ações necessárias para colocar um cluster minimamente viável em funcionamento, e foi projetado para se preocupar apenas com a inicialização e não com o provisionamento de máquinas. Da mesma forma, a instalação de vários complementos úteis, como o Kubernetes Dashboard, soluções de monitoramento e complementos específicos da nuvem, não está no escopo. + +Em vez disso, esperamos que ferramentas de alto nível e mais personalizadas sejam construídas em cima do kubeadm e, idealmente, usando o kubeadm como base de todas as implantações torná mais fácil a criação de clusters em conformidade. + +## Como instalar + +Para instalar o kubeadm, consulte o [guia de instalação](/pt-br/docs/setup/production-environment/tools/kubeadm/install-kubeadm). + +## {{% heading "whatsnext" %}} + +* [kubeadm init](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-init) para inicializar um nó da camada de gerenciamento do Kubernetes +* [kubeadm join](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-join) para inicializar um nó `worker` do Kubernetes e associá-lo ao cluster +* [kubeadm upgrade](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-upgrade) para atualizar um cluster Kubernetes para uma versão mais recente +* [kubeadm config](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-config) se você inicializou seu cluster usando o kubeadm v1.7.x ou inferior, para configurar seu cluster pelo `kubeadm upgrade` +* [kubeadm token](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-token) para gerenciar os tokens pelo `kubeadm join` +* [kubeadm reset](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-reset) para reverter quaisquer alterações feitas, neste host, pelo `kubeadm init` ou `kubeadm join` +* [kubeadm certs](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-certs) para gerenciar os certificados do Kubernetes +* [kubeadm kubeconfig](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-kubeconfig) para gerenciar arquivos kubeconfig +* [kubeadm version](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-version) para exibir a versão do kubeadm +* [kubeadm alpha](/pt-br/docs/reference/setup-tools/kubeadm/kubeadm-alpha) para visualizar um conjunto de recursos disponibilizados para coletar feedback da comunidade diff --git a/content/pt-br/docs/reference/setup-tools/kubeadm/generated/_index.md b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/_index.md new file mode 100644 index 0000000000000..d507fe1de05d5 --- /dev/null +++ b/content/pt-br/docs/reference/setup-tools/kubeadm/generated/_index.md @@ -0,0 +1,6 @@ +--- +title: "kubeadm (auto-gerado)" +weight: 10 +toc_hide: true +--- + From e16623fb9602a9948829ed0e255bbe3ca97f1d13 Mon Sep 17 00:00:00 2001 From: Mauren Berti Date: Sun, 26 Feb 2023 17:06:50 -0500 Subject: [PATCH 218/537] fix: remove excessive line breaks in headings and titles section. The subsection Headings and Titles of this document contains a dos and don'ts table that was not rendering correctly do to a few surplus line breaks inside the Markdown for the table. This commit removes these spaces so the table renders correctly. --- content/en/docs/contribute/style/style-guide.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/content/en/docs/contribute/style/style-guide.md b/content/en/docs/contribute/style/style-guide.md index 651da5e946148..dce6eb291ff30 100644 --- a/content/en/docs/contribute/style/style-guide.md +++ b/content/en/docs/contribute/style/style-guide.md @@ -459,12 +459,8 @@ Do | Don't Update the title in the front matter of the page or blog post. | Use first level heading, as Hugo automatically converts the title in the front matter of the page into a first-level heading. Use ordered headings to provide a meaningful high-level outline of your content. | Use headings level 4 through 6, unless it is absolutely necessary. If your content is that detailed, it may need to be broken into separate articles. Use pound or hash signs (`#`) for non-blog post content. | Use underlines (`---` or `===`) to designate first-level headings. -Use sentence case for headings in the page body. For example, -**Extend kubectl with plugins** | Use title case for headings in the page body. For example, **Extend Kubectl With Plugins** -Use title case for the page title in the front matter. For example, -`title: Kubernetes API Server Bypass Risks` | Use sentence case for page titles -in the front matter. For example, don't use -`title: Kubernetes API server bypass risks` +Use sentence case for headings in the page body. For example, **Extend kubectl with plugins** | Use title case for headings in the page body. For example, **Extend Kubectl With Plugins** +Use title case for the page title in the front matter. For example, `title: Kubernetes API Server Bypass Risks` | Use sentence case for page titles in the front matter. For example, don't use `title: Kubernetes API server bypass risks` {{< /table >}} ### Paragraphs From 48543290ccfb0a9e38348284a20e772054defdf8 Mon Sep 17 00:00:00 2001 From: Sanghong Kim <58922834+bconfiden2@users.noreply.github.com> Date: Mon, 27 Feb 2023 10:50:31 +0900 Subject: [PATCH 219/537] Update to use subsectionID instead of full-link In "Windows containers in Kubernetes" page. --- content/en/docs/concepts/windows/intro.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/windows/intro.md b/content/en/docs/concepts/windows/intro.md index fb813b20f2c3e..16a7ea3d8a119 100644 --- a/content/en/docs/concepts/windows/intro.md +++ b/content/en/docs/concepts/windows/intro.md @@ -238,11 +238,11 @@ work between Windows and Linux: The following list documents differences between how Pod specifications work between Windows and Linux: * `hostIPC` and `hostpid` - host namespace sharing is not possible on Windows -* `hostNetwork` - [see below](/docs/concepts/windows/intro#compatibility-v1-pod-spec-containers-hostnetwork) +* `hostNetwork` - [see below](#compatibility-v1-pod-spec-containers-hostnetwork) * `dnsPolicy` - setting the Pod `dnsPolicy` to `ClusterFirstWithHostNet` is not supported on Windows because host networking is not provided. Pods always run with a container network. -* `podSecurityContext` [see below](/docs/concepts/windows/intro#compatibility-v1-pod-spec-containers-securitycontext) +* `podSecurityContext` [see below](#compatibility-v1-pod-spec-containers-securitycontext) * `shareProcessNamespace` - this is a beta feature, and depends on Linux namespaces which are not implemented on Windows. Windows cannot share process namespaces or the container's root filesystem. Only the network can be shared. From e97e4bbb842e659442d94c2404451b49efee2b09 Mon Sep 17 00:00:00 2001 From: Jin Li Date: Fri, 24 Feb 2023 10:39:33 +0800 Subject: [PATCH 220/537] [zh-cn] Translate docs/reference/glossary/feature-gates.md --- .../docs/reference/glossary/feature-gates.md | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 content/zh-cn/docs/reference/glossary/feature-gates.md diff --git a/content/zh-cn/docs/reference/glossary/feature-gates.md b/content/zh-cn/docs/reference/glossary/feature-gates.md new file mode 100644 index 0000000000000..a6089be9b763e --- /dev/null +++ b/content/zh-cn/docs/reference/glossary/feature-gates.md @@ -0,0 +1,46 @@ +--- +title: 特性门控(Feature gate) +id: feature-gate +date: 2023-01-12 +full_link: /zh-cn/docs/reference/command-line-tools-reference/feature-gates/ +short_description: > + 一种控制是否启用某特定 Kubernetes 特性的方法。 + +aka: +tags: +- fundamental +- operation +--- + + + +特性门控是一组键(非透明的字符串值),你可以用它来控制在你的集群中启用哪些 Kubernetes 特性。 + + + + +你可以在每个 Kubernetes 组件中使用 `--feature-gates` 命令行标志来开启或关闭这些特性。 +每个 Kubernetes 组件都可以让你开启或关闭一组与该组件相关的特性门控。 +Kubernetes 文档列出了当前所有的[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)及其控制的内容。 From 3d9ef706fbe47cdfb0d42927f739ca9dd4465758 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 26 Feb 2023 22:36:10 +0800 Subject: [PATCH 221/537] [zh] resync page in scheduling-eviction --- .../concepts/scheduling-eviction/_index.md | 4 +- .../scheduling-eviction/api-eviction.md | 44 +++++++++--------- .../scheduling-eviction/assign-pod-node.md | 46 +++++++++---------- .../resource-bin-packing.md | 6 +-- 4 files changed, 49 insertions(+), 51 deletions(-) diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/_index.md b/content/zh-cn/docs/concepts/scheduling-eviction/_index.md index de50c5def8b22..14442f4c471bd 100644 --- a/content/zh-cn/docs/concepts/scheduling-eviction/_index.md +++ b/content/zh-cn/docs/concepts/scheduling-eviction/_index.md @@ -15,8 +15,8 @@ weight: 95 content_type: concept description: > In Kubernetes, scheduling refers to making sure that Pods are matched to Nodes - so that the kubelet can run them. Preemption is the process of terminating - Pods with lower Priority so that Pods with higher Priority can schedule on + so that the kubelet can run them. Preemption is the process of terminating + Pods with lower Priority so that Pods with higher Priority can schedule on Nodes. Eviction is the process of proactively terminating one or more Pods on resource-starved Nodes. no_list: true diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/api-eviction.md b/content/zh-cn/docs/concepts/scheduling-eviction/api-eviction.md index 356b60355d926..dfff39e74cceb 100644 --- a/content/zh-cn/docs/concepts/scheduling-eviction/api-eviction.md +++ b/content/zh-cn/docs/concepts/scheduling-eviction/api-eviction.md @@ -3,26 +3,24 @@ title: API 发起的驱逐 content_type: concept weight: 110 --- - {{< glossary_definition term_id="api-eviction" length="short" >}}
    - 你可以通过直接调用 Eviction API 发起驱逐,也可以通过编程的方式使用 {{}}的客户端来发起驱逐, @@ -53,8 +51,10 @@ POST the attempted operation, similar to the following example: {{< tabs name="Eviction_example" >}} {{% tab name="policy/v1" %}} {{< note >}} - -`policy/v1` 版本的 Eviction 在 v1.22 以及更高的版本中可用,之前的发行版本使用 `policy/v1beta1` 版本。 + +`policy/v1` 版本的 Eviction 在 v1.22 以及更高的版本中可用,之前的发行版本使用 `policy/v1beta1` 版本。 {{< /note >}} ```json @@ -70,7 +70,9 @@ POST the attempted operation, similar to the following example: {{% /tab %}} {{% tab name="policy/v1beta1" %}} {{< note >}} - + 在 v1.22 版本废弃以支持 `policy/v1` {{< /note >}} @@ -87,7 +89,7 @@ POST the attempted operation, similar to the following example: {{% /tab %}} {{< /tabs >}} - @@ -97,7 +99,7 @@ Alternatively, you can attempt an eviction operation by accessing the API using curl -v -H 'Content-type: application/json' https://your-cluster-api-endpoint.example/api/v1/namespaces/default/pods/quux/eviction -d @eviction.json ``` - @@ -128,7 +130,7 @@ checks and responds in one of the following ways: @@ -158,18 +160,18 @@ API 服务器总是返回 `200 OK` 并且允许驱逐。 1. 本地运行状态的 Pod 所处的节点上的 {{}} 注意到 `Pod` 资源被标记为终止,并开始优雅停止本地 Pod。 1. 当 kubelet 停止 Pod 时,控制面从 {{}} - 和 {{}} + 和 {{}} 对象中移除该 Pod。因此,控制器不再将此 Pod 视为有用对象。 1. Pod 的宽限期到期后,kubelet 强制终止本地 Pod。 1. kubelet 告诉 API 服务器删除 `Pod` 资源。 1. API 服务器删除 `Pod` 资源。 - @@ -181,8 +183,8 @@ where the last evicted Pod had a long termination grace period. 但新的 Pod 没有进入 `Ready` 状态,就会发生这种情况。 在最后一个被驱逐的 Pod 有很长的终止宽限期的情况下,你可能也会注意到这种行为。 - 你可以使用下列方法中的任何一种来选择 Kubernetes 对特定 Pod 的调度: @@ -90,7 +89,7 @@ and a different value in other environments. Adding labels to nodes allows you to target Pods for scheduling on specific nodes or groups of nodes. You can use this functionality to ensure that specific Pods only run on nodes with certain isolation, security, or regulatory -properties. +properties. --> ## 节点隔离/限制 {#node-isolation-restriction} @@ -110,7 +109,7 @@ itself so that the scheduler schedules workloads onto the compromised node. @@ -138,7 +137,7 @@ kubelet 使用 `node-restriction.kubernetes.io/` 前缀设置或修改标签。 You can add the `nodeSelector` field to your Pod specification and specify the [node labels](#built-in-node-labels) you want the target node to have. Kubernetes only schedules the Pod onto nodes that have each of the labels you -specify. +specify. --> `nodeSelector` 是节点选择约束的最简单推荐形式。你可以将 `nodeSelector` 字段添加到 Pod 的规约中设置你希望目标节点所具有的[节点标签](#built-in-node-labels)。 @@ -182,7 +181,7 @@ define. Some of the benefits of affinity and anti-affinity include: The affinity feature consists of two types of affinity: * *Node affinity* functions like the `nodeSelector` field but is more expressive and - allows you to specify soft rules. + allows you to specify soft rules. * *Inter-pod affinity/anti-affinity* allows you to constrain Pods against labels on other Pods. --> @@ -263,7 +262,7 @@ interpreting the rules. You can use `In`, `NotIn`, `Exists`, `DoesNotExist`, `NotIn` 和 `DoesNotExist` 可用来实现节点反亲和性行为。 @@ -323,7 +322,7 @@ The final sum is added to the score of other priority functions for the node. Nodes with the highest total score are prioritized when the scheduler makes a scheduling decision for the Pod. -For example, consider the following Pod spec: +For example, consider the following Pod spec: --> 最终的加和值会添加到该节点的其他优先级函数的评分之上。 在调度器为 Pod 作出调度决定时,总分最高的节点的优先级也最高。 @@ -550,7 +549,7 @@ The affinity rule says that the scheduler can only schedule a Pod onto a node if the node is in the same zone as one or more existing Pods with the label `security=S1`. More precisely, the scheduler must place the Pod on a node that has the `topology.kubernetes.io/zone=V` label, as long as there is at least one node in -that zone that currently has one or more Pods with the Pod label `security=S1`. +that zone that currently has one or more Pods with the Pod label `security=S1`. --> 亲和性规则表示,仅当节点和至少一个已运行且有 `security=S1` 的标签的 Pod 处于同一区域时,才可以将该 Pod 调度到节点上。 @@ -615,7 +614,7 @@ affinity/anti-affinity definition appears. --> 除了 `labelSelector` 和 `topologyKey`,你也可以指定 `labelSelector` 要匹配的命名空间列表,方法是在 `labelSelector` 和 `topologyKey` -所在层同一层次上设置 `namespaces`。 +所在层同一层次上设置 `namespaces`。 如果 `namespaces` 被忽略或者为空,则默认为 Pod 亲和性/反亲和性的定义所在的命名空间。 用户也可以使用 `namespaceSelector` 选择匹配的名字空间,`namespaceSelector` @@ -641,7 +640,7 @@ null `namespaceSelector` matches the namespace of the Pod where the rule is defi #### More practical use-cases Inter-pod affinity and anti-affinity can be even more useful when they are used with higher -level collections such as ReplicaSets, StatefulSets, Deployments, etc. These +level collections such as ReplicaSets, StatefulSets, Deployments, etc. These rules allow you to configure that a set of workloads should be co-located in the same defined topology; for example, preferring to place two related Pods onto the same node. @@ -664,7 +663,7 @@ affinity and anti-affinity to co-locate the web servers with the cache as much a 你可以使用 Pod 间的亲和性和反亲和性来尽可能地将该 Web 服务器与缓存并置。 总体效果是每个缓存实例都非常可能被在同一个节点上运行的某个客户端访问。 这种方法旨在最大限度地减少偏差(负载不平衡)和延迟。 @@ -849,7 +848,7 @@ The above Pod will only run on the node `kube-01`. --> 上面的 Pod 只能运行在节点 `kube-01` 之上。 - ## Pod 拓扑分布约束 {#pod-topology-spread-constraints} @@ -877,7 +876,7 @@ to learn more about how these work. * Read the design docs for [node affinity](https://git.k8s.io/design-proposals-archive/scheduling/nodeaffinity.md) and for [inter-pod affinity/anti-affinity](https://git.k8s.io/design-proposals-archive/scheduling/podaffinity.md). * Learn about how the [topology manager](/docs/tasks/administer-cluster/topology-manager/) takes part in node-level - resource allocation decisions. + resource allocation decisions. * Learn how to use [nodeSelector](/docs/tasks/configure-pod-container/assign-pods-nodes/). * Learn how to use [affinity and anti-affinity](/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/). --> @@ -888,4 +887,3 @@ to learn more about how these work. * 了解[拓扑管理器](/zh-cn/docs/tasks/administer-cluster/topology-manager/)如何参与节点层面资源分配决定。 * 了解如何使用 [nodeSelector](/zh-cn/docs/tasks/configure-pod-container/assign-pods-nodes/)。 * 了解如何使用[亲和性和反亲和性](/zh-cn/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)。 - diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/resource-bin-packing.md b/content/zh-cn/docs/concepts/scheduling-eviction/resource-bin-packing.md index 35e7a2b52a15e..4246bd9d8eef4 100644 --- a/content/zh-cn/docs/concepts/scheduling-eviction/resource-bin-packing.md +++ b/content/zh-cn/docs/concepts/scheduling-eviction/resource-bin-packing.md @@ -4,7 +4,6 @@ content_type: concept weight: 80 --- 在 kube-scheduler 的[调度插件](/zh-cn/docs/reference/scheduling/config/#scheduling-plugins) @@ -85,7 +83,7 @@ the `NodeResourcesFit` score function can be controlled by the Within the `scoringStrategy` field, you can configure two parameters: `requestedToCapacityRatio` and `resources`. The `shape` in the `requestedToCapacityRatio` parameter allows the user to tune the function as least requested or most -requested based on `utilization` and `score` values. The `resources` parameter +requested based on `utilization` and `score` values. The `resources` parameter consists of `name` of the resource to be considered during scoring and `weight` specify the weight of each resource. --> From 307c08071b420453edeabd612a9b3999cc7828da Mon Sep 17 00:00:00 2001 From: ziyi-xie Date: Mon, 27 Feb 2023 10:05:33 +0000 Subject: [PATCH 222/537] Update /content/ja/docs/concepts/workloads/controllers/daemonset.md --- .../workloads/controllers/daemonset.md | 85 ++++++++++++------- 1 file changed, 53 insertions(+), 32 deletions(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 42647228e6180..da2671ca776e3 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -33,12 +33,12 @@ DaemonSetのいくつかの典型的な使用例は以下の通りです。 YAMLファイルに基づいてDaemonSetを作成します。 ``` -kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml +kubectl apply -f https://k8s.io/examples/controllers/daemonset.yal ``` ### 必須のフィールド -他の全てのKubernetesの設定と同様に、DaemonSetは`apiVersion`、`kind`と`metadata`フィールドが必須となります。設定ファイルの活用法に関する一般的な情報は、[ステートレスアプリケーションの稼働](/ja/docs/tasks/run-application/run-stateless-application-deployment/)、[コンテナの設定](/ja/docs/tasks/)、[kubectlを用いたオブジェクトの管理](/ja/docs/concepts/overview/working-with-objects/object-management/)といったドキュメントを参照ください。 +他の全てのKubernetesの設定と同様に、DaemonSetは`apiVersion`、`kind`と`metadata`フィールドが必須となります。設定ファイルの活用法に関する一般的な情報は、[ステートレスアプリケーションの稼働](/ja/docs/tasks/run-application/run-stateless-application-deployment/)、[kubectlを用いたオブジェクトの管理](/ja/docs/concepts/overview/working-with-objects/object-management/)といったドキュメントを参照ください。 DaemonSetオブジェクトの名前は、有効な [DNSサブドメイン名](/ja/docs/concepts/overview/working-with-objects/names#dns-subdomain-names)である必要があります。 @@ -49,17 +49,18 @@ DaemonSetオブジェクトの名前は、有効な `.spec.template`は`.spec`内での必須のフィールドの1つです。 -`.spec.template`は[Podテンプレート](/docs/concepts/workloads/pods/#pod-templates)となります。これはフィールドがネストされていて、`apiVersion`や`kind`をもたないことを除いては、{{< glossary_tooltip text="Pod" term_id="pod" >}}のテンプレートと同じスキーマとなります。 +`.spec.template`は[Podテンプレート](/ja/docs/concepts/workloads/pods/#pod-template)となります。これはフィールドがネストされていて、`apiVersion`や`kind`をもたないことを除いては、{{< glossary_tooltip text="Pod" term_id="pod" >}}のテンプレートと同じスキーマとなります。 Podに対する必須のフィールドに加えて、DaemonSet内のPodテンプレートは適切なラベルを指定しなくてはなりません([Podセレクター](#pod-selector)の項目を参照ください)。 DaemonSet内のPodテンプレートでは、[`RestartPolicy`](/ja/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy)フィールドを指定せずにデフォルトの`Always`を使用するか、明示的に`Always`を設定するかのどちらかである必要があります。 -### Podセレクター +### Podセレクター -`.spec.selector`フィールドはPodセレクターとなります。これは[Job](/docs/concepts/workloads/controllers/job/)の`.spec.selector`と同じものです。 +`.spec.selector`フィールドはPodセレクターとなります。これは[Job](/ja/docs/concepts/workloads/controllers/job/)の`.spec.selector`と同じものです。 -Kubernetes1.8のように、ユーザーは`.spec.template`のラベルにマッチするPodセレクターを指定しなくてはいけません。Podセレクターは、値を空のままにしてもデフォルト設定にならなくなりました。セレクターのデフォルト化は`kubectl apply`と互換性はありません。また、一度DaemonSetが作成されると、その`.spec.selector`は変更不可能になります。Podセレクターの変更は、意図しないPodの孤立を引き起こし、ユーザーにとってやっかいなものとなります。 +ユーザーは`.spec.template`のラベルにマッチするPodセレクターを指定しなくてはいけません。 +また、一度DaemonSetが作成されると、その`.spec.selector`は変更不可能になります。Podセレクターの変更は、意図しないPodの孤立を引き起こし、ユーザーにとってやっかいなものとなります。 `.spec.selector`は2つのフィールドからなるオブジェクトです。 @@ -77,17 +78,11 @@ Kubernetes1.8のように、ユーザーは`.spec.template`のラベルにマッ ## Daemon Podがどのようにスケジューリングされるか -### デフォルトスケジューラーによってスケジューリングされる場合 +DaemonSetは全ての利用可能なNodeが単一のPodのコピーを稼働させることを保証します。DaemonSetコントローラーは対象となる各Nodeに対してPodを作成し、ターゲットホストに一致するようにPodの`spec.affinity.nodeAffinity`フィールドを追加します。Podが作成されると、デフォルトのスケジューラーが慣例的に引き継ぎ、`.spec.nodeName`を設定することでPodをターゲットホストにバインドします。新しいNodeに適合できない場合、デフォルトスケジューラーは新しいPodの[優先度](/ja/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)に基づいて既存Podのいくつかを先取り(退避)させることがあります。 -{{< feature-state for_k8s_version="1.17" state="stable" >}} +ユーザーは、DaemonSetの`.spec.template.spec.schedulerName`フィールドを設定することにより、DaemonSetのPodsに対して異なるスケジューラーを指定することができます。 -DaemonSetは全ての利用可能なNodeが単一のPodのコピーを稼働させることを保証します。通常、Podが稼働するNodeはKubernetesスケジューラーによって選択されます。しかし、DaemonSetのPodは代わりにDaemonSetコントローラーによって作成され、スケジューリングされます。 -下記の問題について説明します: - - * 矛盾するPodのふるまい: スケジューリングされるのを待っている通常のPodは、作成されているが`Pending`状態となりますが、DaemonSetのPodは`Pending`状態で作成されません。これはユーザーにとって困惑するものです。 - * [Podプリエンプション(Pod preemption)](/docs/concepts/configuration/pod-priority-preemption/)はデフォルトスケジューラーによってハンドルされます。もしプリエンプションが有効な場合、そのDaemonSetコントローラーはPodの優先順位とプリエンプションを考慮することなくスケジューリングの判断を行います。 - -`ScheduleDaemonSetPods`は、DaemonSetのPodに対して`NodeAffinity`項目を追加することにより、DaemonSetコントローラーの代わりにデフォルトスケジューラーを使ってDaemonSetのスケジュールを可能にします。その際に、デフォルトスケジューラーはPodをターゲットのホストにバインドします。もしDaemonSetのNodeAffinityが存在するとき、それは新しいものに置き換えられます(ターゲットホストを選択する前に、元のNodeAffinityが考慮されます)。DaemonSetコントローラーはDaemonSetのPodの作成や修正を行うときのみそれらの操作を実施します。そしてDaemonSetの`.spec.template`フィールドに対しては何も変更が加えられません。 +`.spec.template.spec.affinity.nodeAffinity`フィールド(指定された場合)で指定された元のNodeアフィニティは、DaemonSetコントローラーが対象Nodeを評価する際に考慮されますが、作成されたPod上では対象Nodeの名前と一致するNodeアフィニティに置き換わります。 ```yaml nodeAffinity: @@ -100,29 +95,41 @@ nodeAffinity: - target-host-name ``` -さらに、`node.kubernetes.io/unschedulable:NoSchedule`というtolarationがDaemonSetのPodに自動的に追加されます。デフォルトスケジューラーは、DaemonSetのPodのスケジューリングのときに、`unschedulable`なNodeを無視します。 -### TaintsとTolerations +### TaintとToleration + +DaemonSetコントローラーはDaemonSet Podに一連の{{< glossary_tooltip +text="Toleration" term_id="toleration" >}}を自動的に追加します: + +{{< table caption="Tolerations for DaemonSet pods" >}} + +| Toleration key | Effect | Details | +| --------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------- | +| [`node.kubernetes.io/not-ready`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-not-ready) | `NoExecute` | 健康でないNodeや、Podを受け入れる準備ができていないNodeにDaemonSet Podをスケジュールできるように設定します。そのようなNode上で動作しているDaemonSet Podは退避されることがありません。 | +| [`node.kubernetes.io/unreachable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unreachable) | `NoExecute` | Nodeコントローラーから到達できないNodeにDaemonSet Podをスケジュールできるように設定します。このようなNode上で動作しているDaemonSet Podは、退避されません。 | +| [`node.kubernetes.io/disk-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-disk-pressure) | `NoSchedule` | ディスク不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | +| [`node.kubernetes.io/memory-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-memory-pressure) | `NoSchedule` | メモリ不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | +| [`node.kubernetes.io/pid-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-pid-pressure) | `NoSchedule` | 処理プレッシャー問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | +| [`node.kubernetes.io/unschedulable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unschedulable) | `NoSchedule` | スケジューリング不可能なNodeにDaemonSet Podをスケジュールできるように設定します。 | +| [`node.kubernetes.io/network-unavailable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-network-unavailable) | `NoSchedule` | **ホストネットワークを要求するDaemonSet Podにのみ追加できます**、つまり`spec.hostNetwork: true`と設定されているPodです。このようなDaemonSet Podは、ネットワークが利用できないNodeにスケジュールできるように設定できます。| -DaemonSetのPodは[TaintsとTolerations](/ja/docs/concepts/scheduling-eviction/taint-and-toleration/)の設定を尊重します。下記のTolerationsは、関連する機能によって自動的にDaemonSetのPodに追加されます。 +{{< /table >}} -| Toleration Key | Effect | Version | Description | -| ---------------------------------------- | ---------- | ------- | ----------- | -| `node.kubernetes.io/not-ready` | NoExecute | 1.13+ | DaemonSetのPodはネットワーク分割のようなNodeの問題が発生したときに除外されません。| -| `node.kubernetes.io/unreachable` | NoExecute | 1.13+ | DaemonSetのPodはネットワーク分割のようなNodeの問題が発生したときに除外されません。| -| `node.kubernetes.io/disk-pressure` | NoSchedule | 1.8+ | | -| `node.kubernetes.io/memory-pressure` | NoSchedule | 1.8+ | | -| `node.kubernetes.io/unschedulable` | NoSchedule | 1.12+ | DaemonSetのPodはデフォルトスケジューラーによってスケジュール不可能な属性を許容(tolerate)します。 | -| `node.kubernetes.io/network-unavailable` | NoSchedule | 1.12+ | ホストネットワークを使うDaemonSetのPodはデフォルトスケジューラーによってネットワーク利用不可能な属性を許容(tolerate)します。 | +DaemonSetのPodテンプレートで定義すれば、DaemonSetのPodに独自のTolerationを追加することも可能です。 + +DaemonSetコントローラーは`node.kubernetes.io/unschedulable:NoSchedule`Tolerationを自動的に設定するため、Kubernetesは _スケジューリング不可能_ としてマークされているNodeでDaemonSet Podを実行することが可能です。 + +[クラスターのネットワーク](/ja/docs/concepts/cluster-administration/networking/)のような重要なNodeレベル機能をDaemonSetで提供する場合、KubernetesがDaemonSet PodをNodeが準備完了になる前に配置することは有用です。 +例えば、その特別なTolerationがなければ、ネットワークプラグインがそこで実行されていないためにNodeが準備完了としてマークされず、同時にNodeがまだ準備完了でないためにそのNode上でネットワークプラグインが実行されていないというデッドロック状態に陥ってしまう可能性があるのです。 ## Daemon Podとのコミュニケーション DaemonSet内のPodとのコミュニケーションをする際に考えられるパターンは以下の通りです。: -- **Push**: DaemonSet内のPodは他のサービスに対して更新情報を送信するように設定されます。 +- **Push**: DaemonSet内のPodは統計データベースなどの他のサービスに対して更新情報を送信するように設定されます。クライアントは持っていません。 - **NodeIPとKnown Port**: PodがNodeIPを介して疎通できるようにするため、DaemonSet内のPodは`hostPort`を使用できます。慣例により、クライアントはNodeIPのリストとポートを知っています。 - **DNS**: 同じPodセレクターを持つ[HeadlessService](/ja/docs/concepts/services-networking/service/#headless-service)を作成し、`endpoints`リソースを使ってDaemonSetを探すか、DNSから複数のAレコードを取得します。 -- **Service**: 同じPodセレクターを持つServiceを作成し、複数のうちのいずれかのNode上のDaemonに疎通させるためにそのServiceを使います。 +- **Service**: 同じPodセレクターを持つServiceを作成し、複数のうちのいずれかのNode上のDaemonに疎通させるためにそのServiceを使います。(特定のNodeにアクセスする方法がありません。) ## DaemonSetの更新 @@ -130,7 +137,7 @@ DaemonSet内のPodとのコミュニケーションをする際に考えられ ユーザーはDaemonSetが作成したPodを修正可能です。しかし、Podは全てのフィールドの更新を許可していません。また、DaemonSetコントローラーは次のNode(同じ名前でも)が作成されたときにオリジナルのテンプレートを使ってPodを作成します。 -ユーザーはDaemonSetを削除可能です。`kubectl`コマンドで`--cascade=false`を指定するとDaemonSetのPodはNode上に残り続けます。その後、同じセレクターで新しいDaemonSetを作成すると、新しいDaemonSetは既存のPodを再利用します。PodでDaemonSetを置き換える必要がある場合は、`updateStrategy`に従ってそれらを置き換えます。 +ユーザーはDaemonSetを削除可能です。`kubectl`コマンドで`--cascade=orphan`を指定するとDaemonSetのPodはNode上に残り続けます。その後、同じセレクターで新しいDaemonSetを作成すると、新しいDaemonSetは既存のPodを再利用します。PodでDaemonSetを置き換える必要がある場合は、`updateStrategy`に従ってそれらを置き換えます。 ユーザーはDaemonSet上で[ローリングアップデートの実施](/docs/tasks/manage-daemon/update-daemon-set/)が可能です。 @@ -142,13 +149,13 @@ Node上で直接起動することにより(例: `init`、`upstartd`、`systemd` - アプリケーションと同じ方法でデーモンの監視とログの管理ができる。 - デーモンとアプリケーションで同じ設定用の言語とツール(例: Podテンプレート、`kubectl`)を使える。 -- リソースリミットを使ったコンテナ内でデーモンを稼働させることにより、デーモンとアプリケーションコンテナの分離を促進します。しかし、これはPod内でなく、コンテナ内でデーモンを稼働させることにより可能です(Dockerを介して直接起動する)。 +- リソースリミットを使ったコンテナ内でデーモンを稼働させることにより、デーモンとアプリケーションコンテナの分離を促進します。しかし、これはPod内でなく、コンテナ内でデーモンを稼働させることにより可能です。 ### ベアPod 特定のNode上で稼働するように指定したPodを直接作成することは可能です。しかし、DaemonSetはNodeの故障やNodeの破壊的なメンテナンスやカーネルのアップグレードなど、どのような理由に限らず、削除されたもしくは停止されたPodを置き換えます。このような理由で、ユーザーはPod単体を作成するよりもむしろDaemonSetを使うべきです。 -### 静的Pod Pods +### 静的Pod Kubeletによって監視されているディレクトリに対してファイルを書き込むことによって、Podを作成することが可能です。これは[静的Pod](/ja/docs/tasks/configure-pod-container/static-pod/)と呼ばれます。DaemonSetと違い、静的Podはkubectlや他のKubernetes APIクライアントで管理できません。静的PodはApiServerに依存しておらず、クラスターの自立起動時に最適です。また、静的Podは将来的には廃止される予定です。 @@ -157,5 +164,19 @@ Kubeletによって監視されているディレクトリに対してファイ DaemonSetは、Podの作成し、そのPodが停止されることのないプロセスを持つことにおいて[Deployment](/ja/docs/concepts/workloads/controllers/deployment/)と同様です(例: webサーバー、ストレージサーバー)。 フロントエンドのようなServiceのように、どのホスト上にPodが稼働するか制御するよりも、レプリカ数をスケールアップまたはスケールダウンしたりローリングアップデートする方が重要であるような、状態をもたないServiceに対してDeploymentを使ってください。 -Podのコピーが全てまたは特定のホスト上で常に稼働していることが重要な場合や、他のPodの前に起動させる必要があるときにDaemonSetを使ってください。 +DaemonSetがNodeレベルの機能を提供し、他のPodがその特定のNodeで正しく動作するようにする場合、Podのコピーが全てまたは特定のホスト上で常に稼働していることが重要な場合や、他のPodの前に起動させる必要があるときにDaemonSetを使ってください。 + +例えば、[ネットワークプラグイン](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)には、DaemonSetとして動作するコンポーネントが含まれていることがよくあります。DaemonSetコンポーネントは、それが動作しているNodeでクラスターネットワークが動作していることを確認します。 + + +## {{% heading "whatsnext" %}} +* [Pod](/ja/docs/concepts/workloads/pods/)について学ぶ。 + * Kubernetesの{{< glossary_tooltip text="コントロールプレーン" term_id="control-plane" >}}コンポーネントを実行するのに便利な[静的Pod](#static-pods)について学ぶ。 +* DaemonSetの使用方法を確認する + * [DaemonSetでローリングアップデートを実施する](/docs/tasks/manage-daemon/update-daemon-set/) + * [DaemonSetでロールバックを実行する](/docs/tasks/manage-daemon/rollback-daemon-set/) + (例えば、ロールアウトが期待通りに動作しなかった場合)。 +* [Node上へのPodのスケジューリング](/ja/docs/concepts/scheduling-eviction/assign-pod-node/)の仕組みを理解する +* よくDaemonSetとして実行される[デバイスプラグイン](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/)と[アドオン](/ja/docs/concepts/cluster-administration/addons/)について学ぶ。 +* `DaemonSet`は、Kubernetes REST APIのトップレベルのリソースです。デーモンセットのAPIを理解するため{{< api-reference page="workload-resources/daemon-set-v1" >}}オブジェクトの定義を読む。 From 6297df706a1851726b6e3cec4f5cf44858723209 Mon Sep 17 00:00:00 2001 From: Alexander Idelberger Date: Mon, 27 Feb 2023 12:03:08 +0100 Subject: [PATCH 223/537] Update content/en/docs/tasks/run-application/configure-pdb.md Co-authored-by: Tim Bannister --- content/en/docs/tasks/run-application/configure-pdb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/run-application/configure-pdb.md b/content/en/docs/tasks/run-application/configure-pdb.md index d43cf9a23f317..99ab27ab5db84 100644 --- a/content/en/docs/tasks/run-application/configure-pdb.md +++ b/content/en/docs/tasks/run-application/configure-pdb.md @@ -133,7 +133,7 @@ unhealthy replicas among the total number of desired replicas. Example 4: With a `maxUnavailable` of 30%, evictions are allowed as long as the number of unhealthy replicas does not exceed 30% of the total number of desired replica rounded up to -the nearest integer. If the total number of desired replicas is just one, the only one replica +the nearest integer. If the total number of desired replicas is just one, that single replica is still allowed for disruption, leading to an effective unavailability of 100%. In typical usage, a single budget would be used for a collection of pods managed by From 64dc81ad7d470367d19794b128fdb39f1e2a4100 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Mon, 27 Feb 2023 21:22:01 +0800 Subject: [PATCH 224/537] [zh] resync page cloud-controller --- .../concepts/architecture/cloud-controller.md | 103 +++++++++--------- 1 file changed, 54 insertions(+), 49 deletions(-) diff --git a/content/zh-cn/docs/concepts/architecture/cloud-controller.md b/content/zh-cn/docs/concepts/architecture/cloud-controller.md index 0286996770dbb..e2c63cc7e888c 100644 --- a/content/zh-cn/docs/concepts/architecture/cloud-controller.md +++ b/content/zh-cn/docs/concepts/architecture/cloud-controller.md @@ -83,17 +83,17 @@ hosts running inside your tenancy with the cloud provider. The node controller p 1. 使用从云平台 API 获取的对应服务器的唯一标识符更新 Node 对象; 2. 利用特定云平台的信息为 Node 对象添加注解和标签,例如节点所在的区域 - (Region)和所具有的资源(CPU、内存等等); + (Region)和所具有的资源(CPU、内存等等); 3. 获取节点的网络地址和主机名; 4. 检查节点的健康状况。如果节点无响应,控制器通过云平台 API 查看该节点是否已从云中禁用、删除或终止。如果节点已从云中删除, @@ -159,13 +159,13 @@ to read and modify Node objects. `v1/Node`: -- Get -- List -- Create -- Update -- Patch -- Watch -- Delete +- get +- list +- create +- update +- patch +- watch +- delete ### 服务控制器 {#authorization-service-controller} -服务控制器监测 Service 对象的 Create、Update 和 Delete 事件,并配置对应服务的 Endpoints 对象 +服务控制器监测 Service 对象的 **create**、**update** 和 **delete** 事件, +并配置对应服务的 Endpoints 对象 (对于 EndpointSlices,kube-controller-manager 按需对其进行管理)。 -为了访问 Service 对象,它需要 List 和 Watch 访问权限。 -为了更新 Service 对象,它需要 Patch 和 Update 访问权限。 +为了访问 Service 对象,它需要 **list** 和 **watch** 访问权限。 +为了更新 Service 对象,它需要 **patch** 和 **update** 访问权限。 为了能够配置 Service 对应的 Endpoints 资源, -它需要 Create、List、Get、Watch 和 Update 等访问权限。 +它需要 **create**、**list**、**get**、**watch** 和 **update** 等访问权限。 `v1/Service`: -- List -- Get -- Watch -- Patch -- Update +- list +- get +- watch +- patch +- update ### 其他 {#authorization-miscellaneous} 在云控制器管理器的实现中,其核心部分需要创建 Event 对象的访问权限, 并创建 ServiceAccount 资源以保证操作安全性的权限。 -`v1/Event`: +`v1/Event`: -- Create -- Patch -- Update +- create +- patch +- update -`v1/ServiceAccount`: +`v1/ServiceAccount`: -- Create +- create + 用于云控制器管理器 {{< glossary_tooltip term_id="rbac" text="RBAC" >}} 的 ClusterRole 如下例所示: @@ -314,7 +311,8 @@ rules: [Cloud Controller Manager Administration](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager) has instructions on running and managing the cloud controller manager. -To upgrade a HA control plane to use the cloud controller manager, see [Migrate Replicated Control Plane To Use Cloud Controller Manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/). +To upgrade a HA control plane to use the cloud controller manager, see +[Migrate Replicated Control Plane To Use Cloud Controller Manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/). Want to know how to implement your own cloud controller manager, or extend an existing project? --> @@ -327,17 +325,24 @@ Want to know how to implement your own cloud controller manager, or extend an ex 想要了解如何实现自己的云控制器管理器,或者对现有项目进行扩展么? 云控制器管理器使用 Go 语言的接口,从而使得针对各种云平台的具体实现都可以接入。 其中使用了在 [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider) -项目中 [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.21/cloud.go#L42-L69) +项目中 [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.26/cloud.go#L43-L69) 文件所定义的 `CloudProvider` 接口。 本文中列举的共享控制器(节点控制器、路由控制器和服务控制器等)的实现以及其他一些生成具有 CloudProvider 接口的框架的代码,都是 Kubernetes 的核心代码。 From 3305d7b1db96731d0b90150b0cdc19dfcc74b4f1 Mon Sep 17 00:00:00 2001 From: mtardy Date: Sun, 22 Jan 2023 19:08:24 +0100 Subject: [PATCH 225/537] Check that the fetched feed is a JSON feed 1.1 and fail if not --- layouts/shortcodes/cve-feed.html | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/layouts/shortcodes/cve-feed.html b/layouts/shortcodes/cve-feed.html index 7c4aa2d56c27c..887999305ab0f 100644 --- a/layouts/shortcodes/cve-feed.html +++ b/layouts/shortcodes/cve-feed.html @@ -1,5 +1,8 @@ +{{ $feed := getJSON .Site.Params.cveFeedBucket }} +{{ if ne $feed.version "https://jsonfeed.org/version/1.1" }} + {{ errorf "Build Failed. CVE feed does not comply with JSON feed v1.1" }} +{{ end }} - {{ $feed := getJSON .Site.Params.cveFeedBucket }} From cde1ecce7eda73783a433d0fe245d460d5859a31 Mon Sep 17 00:00:00 2001 From: Todd Neal Date: Mon, 27 Feb 2023 08:11:57 -0600 Subject: [PATCH 226/537] document the PodAndContainerStatsFromCRI feature --- .../cri-pod-container-metrics.md | 40 +++++++++++++++++++ .../reference/instrumentation/node-metrics.md | 14 ++----- content/en/docs/reference/node/_index.md | 2 +- 3 files changed, 45 insertions(+), 11 deletions(-) create mode 100644 content/en/docs/reference/instrumentation/cri-pod-container-metrics.md diff --git a/content/en/docs/reference/instrumentation/cri-pod-container-metrics.md b/content/en/docs/reference/instrumentation/cri-pod-container-metrics.md new file mode 100644 index 0000000000000..61b41b2e367cf --- /dev/null +++ b/content/en/docs/reference/instrumentation/cri-pod-container-metrics.md @@ -0,0 +1,40 @@ +--- +title: CRI Pod & Container Metrics +content_type: reference +weight: 50 +description: >- + Collection of Pod & Container metrics via the CRI. +--- + + + + +{{< feature-state for_k8s_version="v1.23" state="alpha" >}} + +The [kubelet](/docs/reference/command-line-tools-reference/kubelet/) collects pod and +container metrics via [cAdvisor](https://github.com/google/cadvisor). As an alpha feature, +Kubernetes lets you configure the collection of pod and container +metrics via the {{< glossary_tooltip term_id="cri" text="Container Runtime Interface">}} (CRI). You +must enable the `PodAndContainerStatsFromCRI` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) and +use a compatible CRI implementation (containerd >= 1.6.0, CRI-O >= 1.23.0) to +use the CRI based collection mechanism. + + + +## CRI Pod & Container Metrics + +With `PodAndContainerStatsFromCRI` enabled, the kubelet will poll the underlying container +runtime for pod and container stats instead of inspecting the host system directly using cAdvisor. +The benefits of relying on the container runtime for this information as opposed to direct +collection with cAdvisor include: + +- Potential improved performance if the container runtime already collects this information + during normal operations. In this case, the data can be re-used instead of being aggregated + again by the kubelet. + +- It further decouples the kubelet and the container runtime allowing collection of metrics for + container runtimes that don't run processes directly on the host with kubelet where they are + observable by cAdvisor (e.g. VM based runtimes). + +Collecting this information from the CRI will become the default and the current cAdvisor collection +of metrics from the host will become fully deprecated in a future Kubernetes release. diff --git a/content/en/docs/reference/instrumentation/node-metrics.md b/content/en/docs/reference/instrumentation/node-metrics.md index ce5984e5ed89a..32eab955bdce2 100644 --- a/content/en/docs/reference/instrumentation/node-metrics.md +++ b/content/en/docs/reference/instrumentation/node-metrics.md @@ -37,17 +37,11 @@ kubelet endpoint, and not `/stats/summary`. ## Summary metrics API source {#summary-api-source} By default, Kubernetes fetches node summary metrics data using an embedded -[cAdvisor](https://github.com/google/cadvisor) that runs within the kubelet. - -## Summary API data via CRI {#pod-and-container-stats-from-cri} - -{{< feature-state for_k8s_version="v1.23" state="alpha" >}} - -If you enable the `PodAndContainerStatsFromCRI` -[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) in your -cluster, and you use a container runtime that supports statistics access via +[cAdvisor](https://github.com/google/cadvisor) that runs within the kubelet. If you +enable the `PodAndContainerStatsFromCRI` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) +in your cluster, and you use a container runtime that supports statistics access via {{< glossary_tooltip term_id="cri" text="Container Runtime Interface">}} (CRI), then -the kubelet fetches Pod- and container-level metric data using CRI, and not via cAdvisor. +the kubelet [fetches Pod- and container-level metric data using CRI](/docs/reference/instrumentation/cri-pod-container-metrics), and not via cAdvisor. ## {{% heading "whatsnext" %}} diff --git a/content/en/docs/reference/node/_index.md b/content/en/docs/reference/node/_index.md index 9d015e7e3c7ff..13363202a5f15 100644 --- a/content/en/docs/reference/node/_index.md +++ b/content/en/docs/reference/node/_index.md @@ -14,4 +14,4 @@ Kubernetes documentation, including: * [Node Metrics Data](/docs/reference/instrumentation/node-metrics). - +* [CRI Pod & Container Metrics](/docs/reference/instrumentation/cri-pod-container-metrics). \ No newline at end of file From 99721e51b5146972be0ec19958755a277e9c6e28 Mon Sep 17 00:00:00 2001 From: Todd Neal Date: Mon, 27 Feb 2023 10:11:52 -0600 Subject: [PATCH 227/537] pr comments --- .../instrumentation/cri-pod-container-metrics.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/content/en/docs/reference/instrumentation/cri-pod-container-metrics.md b/content/en/docs/reference/instrumentation/cri-pod-container-metrics.md index 61b41b2e367cf..c526d4b20edbf 100644 --- a/content/en/docs/reference/instrumentation/cri-pod-container-metrics.md +++ b/content/en/docs/reference/instrumentation/cri-pod-container-metrics.md @@ -23,7 +23,7 @@ use the CRI based collection mechanism. ## CRI Pod & Container Metrics -With `PodAndContainerStatsFromCRI` enabled, the kubelet will poll the underlying container +With `PodAndContainerStatsFromCRI` enabled, the kubelet polls the underlying container runtime for pod and container stats instead of inspecting the host system directly using cAdvisor. The benefits of relying on the container runtime for this information as opposed to direct collection with cAdvisor include: @@ -34,7 +34,5 @@ collection with cAdvisor include: - It further decouples the kubelet and the container runtime allowing collection of metrics for container runtimes that don't run processes directly on the host with kubelet where they are - observable by cAdvisor (e.g. VM based runtimes). - -Collecting this information from the CRI will become the default and the current cAdvisor collection -of metrics from the host will become fully deprecated in a future Kubernetes release. + observable by cAdvisor (for example: container runtimes that use virtualization). + \ No newline at end of file From c92f1d3a1c365c76305bd5b4685712284f761877 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Mon, 27 Feb 2023 19:28:48 +0000 Subject: [PATCH 228/537] Fix misspelling on Pods page Signed-off-by: Paulo Gomes --- content/en/docs/concepts/workloads/pods/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/workloads/pods/_index.md b/content/en/docs/concepts/workloads/pods/_index.md index 29446151282f1..e31978f7fa193 100644 --- a/content/en/docs/concepts/workloads/pods/_index.md +++ b/content/en/docs/concepts/workloads/pods/_index.md @@ -296,14 +296,14 @@ Your {{< glossary_tooltip text="container runtime" term_id="container-runtime" > Any container in a pod can run in privileged mode to use operating system administrative capabilities that would otherwise be inaccessible. This is available for both Windows and Linux. -### Linux priviledged containers +### Linux privileged containers In Linux, any container in a Pod can enable privileged mode using the `privileged` (Linux) flag on the [security context](/docs/tasks/configure-pod-container/security-context/) of the container spec. This is useful for containers that want to use operating system administrative capabilities such as manipulating the network stack or accessing hardware devices. -### Windows priviledged containers +### Windows privileged containers {{< feature-state for_k8s_version="v1.26" state="stable" >}} From e4740b448daf4e0793f9ab6f560b5b09df6b458a Mon Sep 17 00:00:00 2001 From: Markus Bruns Date: Mon, 27 Feb 2023 21:55:00 +0100 Subject: [PATCH 229/537] Update images.md Fixed Typo --- content/de/docs/concepts/containers/images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/de/docs/concepts/containers/images.md b/content/de/docs/concepts/containers/images.md index e6a0beb1668a3..bbfb0a0446990 100644 --- a/content/de/docs/concepts/containers/images.md +++ b/content/de/docs/concepts/containers/images.md @@ -277,7 +277,7 @@ Pods können nur eigene Image Pull Secret in ihrem eigenen Namespace referenzier #### Referenzierung eines imagePullSecrets bei einem Pod -Nun können Sie Pods erstellen, die dieses Secret referenzieren, indem Sie einen Aschnitt `imagePullSecrets` zu ihrer Pod - Definition hinzufügen. +Nun können Sie Pods erstellen, die dieses Secret referenzieren, indem Sie einen Abschnitt `imagePullSecrets` zu ihrer Pod - Definition hinzufügen. ```shell cat < pod.yaml From c2d4ca7b190de18e21b7ce90967a6522e5a478e2 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Mon, 27 Feb 2023 23:36:18 +0000 Subject: [PATCH 230/537] Add volume.beta.kubernetes.io/storage-class annotation Signed-off-by: Dipesh Rawat --- .../en/docs/reference/labels-annotations-taints/_index.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index c78884a314b47..0032c56525886 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -431,6 +431,14 @@ Used on: PersistentVolumeClaim This annotation has been deprecated. +### volume.beta.kubernetes.io/storage-class (deprecated) + +Used on: PersistentVolume, PersistentVolumeClaim + +This annotation can be used for PersistentVolume(PV) or PersistentVolumeClaim(PVC) to specify the name of [StorageClass](/docs/concepts/storage/storage-classes/). + +This annotation has been deprecated. + ### volume.beta.kubernetes.io/mount-options (deprecated) {#mount-options} Example : `volume.beta.kubernetes.io/mount-options: "ro,soft"` From ad9b54a466bba765aabbc31b5705a346e2404c84 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Tue, 28 Feb 2023 07:49:49 +0800 Subject: [PATCH 231/537] Add config API for kube-controller-manager configuration --- content/en/docs/reference/_index.md | 1 + ...kube-controller-manager-config.v1alpha1.md | 1811 +++++++++++++++++ 2 files changed, 1812 insertions(+) create mode 100644 content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md diff --git a/content/en/docs/reference/_index.md b/content/en/docs/reference/_index.md index 05db47b7b46e3..a24535ba0ce98 100644 --- a/content/en/docs/reference/_index.md +++ b/content/en/docs/reference/_index.md @@ -89,6 +89,7 @@ operator to use or manage a cluster. * [kube-scheduler configuration (v1beta2)](/docs/reference/config-api/kube-scheduler-config.v1beta2/), [kube-scheduler configuration (v1beta3)](/docs/reference/config-api/kube-scheduler-config.v1beta3/) and [kube-scheduler configuration (v1)](/docs/reference/config-api/kube-scheduler-config.v1/) +* [kube-controller-manager configuration (v1alpha1)](/docs/reference/config-api/kube-controller-manager-config.v1alpha1/) * [kube-proxy configuration (v1alpha1)](/docs/reference/config-api/kube-proxy-config.v1alpha1/) * [`audit.k8s.io/v1` API](/docs/reference/config-api/apiserver-audit.v1/) * [Client authentication API (v1beta1)](/docs/reference/config-api/client-authentication.v1beta1/) and diff --git a/content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md b/content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md new file mode 100644 index 0000000000000..4ec29226a5d0c --- /dev/null +++ b/content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md @@ -0,0 +1,1811 @@ +--- +title: kube-controller-manager Configuration (v1alpha1) +content_type: tool-reference +package: controllermanager.config.k8s.io/v1alpha1 +auto_generated: true +--- + + +## Resource Types + + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) +- [CloudControllerManagerConfiguration](#cloudcontrollermanager-config-k8s-io-v1alpha1-CloudControllerManagerConfiguration) + + + +## `ControllerLeaderConfiguration` {#controllermanager-config-k8s-io-v1alpha1-ControllerLeaderConfiguration} + + +**Appears in:** + +- [LeaderMigrationConfiguration](#controllermanager-config-k8s-io-v1alpha1-LeaderMigrationConfiguration) + + +

    ControllerLeaderConfiguration provides the configuration for a migrating leader lock.

    + + +
    {{ T "cve_table" }} {{ T "cve_table_date_before" }}{{ $feed._kubernetes_io.updated_at | time.Format ( T "cve_table_date_format" ) }}{{ T "cve_table_date_after" }}
    + + + + + + + + + + + +
    FieldDescription
    name [Required]
    +string +    		 +

    Name is the name of the controller being migrated +E.g. service-controller, route-controller, cloud-node-controller, etc

    +
    component [Required]
    +string +    		 +

    Component is the name of the component in which the controller should be running. +E.g. kube-controller-manager, cloud-controller-manager, etc +Or '*' meaning the controller can be run under any component that participates in the migration

    +
    + +## `GenericControllerManagerConfiguration` {#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration} + + +**Appears in:** + +- [CloudControllerManagerConfiguration](#cloudcontrollermanager-config-k8s-io-v1alpha1-CloudControllerManagerConfiguration) + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    GenericControllerManagerConfiguration holds configuration for a generic controller-manager.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    Port [Required]
    +int32 +    		 +

    port is the port that the controller-manager's http service runs on.

    +
    Address [Required]
    +string +    		 +

    address is the IP address to serve on (set to 0.0.0.0 for all interfaces).

    +
    MinResyncPeriod [Required]
    +meta/v1.Duration +    		 +

    minResyncPeriod is the resync period in reflectors; will be random between +minResyncPeriod and 2*minResyncPeriod.

    +
    ClientConnection [Required]
    +ClientConnectionConfiguration +    		 +

    ClientConnection specifies the kubeconfig file and client connection +settings for the proxy server to use when communicating with the apiserver.

    +
    ControllerStartInterval [Required]
    +meta/v1.Duration +    		 +

    How long to wait between starting controller managers

    +
    LeaderElection [Required]
    +LeaderElectionConfiguration +    		 +

    leaderElection defines the configuration of leader election client.

    +
    Controllers [Required]
    +[]string +    		 +

    Controllers is the list of controllers to enable or disable +'*' means "all enabled by default controllers" +'foo' means "enable 'foo'" +'-foo' means "disable 'foo'" +first item for a particular name wins

    +
    Debugging [Required]
    +DebuggingConfiguration +    		 +

    DebuggingConfiguration holds configuration for Debugging related features.

    +
    LeaderMigrationEnabled [Required]
    +bool +    		 +

    LeaderMigrationEnabled indicates whether Leader Migration should be enabled for the controller manager.

    +
    LeaderMigration [Required]
    +LeaderMigrationConfiguration +    		 +

    LeaderMigration holds the configuration for Leader Migration.

    +
    + +## `LeaderMigrationConfiguration` {#controllermanager-config-k8s-io-v1alpha1-LeaderMigrationConfiguration} + + +**Appears in:** + +- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration) + + +

    LeaderMigrationConfiguration provides versioned configuration for all migrating leader locks.

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    leaderName [Required]
    +string +    		 +

    LeaderName is the name of the leader election resource that protects the migration +E.g. 1-20-KCM-to-1-21-CCM

    +
    resourceLock [Required]
    +string +    		 +

    ResourceLock indicates the resource object type that will be used to lock +Should be "leases" or "endpoints"

    +
    controllerLeaders [Required]
    +[]ControllerLeaderConfiguration +    		 +

    ControllerLeaders contains a list of migrating leader lock configurations

    +
    + + + + +## `KubeControllerManagerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration} + + + +

    KubeControllerManagerConfiguration contains elements describing kube-controller manager.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    apiVersion
    string    		kubecontrollermanager.config.k8s.io/v1alpha1
    kind
    string    		KubeControllerManagerConfiguration
    Generic [Required]
    +GenericControllerManagerConfiguration +    		 +

    Generic holds configuration for a generic controller-manager

    +
    KubeCloudShared [Required]
    +KubeCloudSharedConfiguration +    		 +

    KubeCloudSharedConfiguration holds configuration for shared related features +both in cloud controller manager and kube-controller manager.

    +
    AttachDetachController [Required]
    +AttachDetachControllerConfiguration +    		 +

    AttachDetachControllerConfiguration holds configuration for +AttachDetachController related features.

    +
    CSRSigningController [Required]
    +CSRSigningControllerConfiguration +    		 +

    CSRSigningControllerConfiguration holds configuration for +CSRSigningController related features.

    +
    DaemonSetController [Required]
    +DaemonSetControllerConfiguration +    		 +

    DaemonSetControllerConfiguration holds configuration for DaemonSetController +related features.

    +
    DeploymentController [Required]
    +DeploymentControllerConfiguration +    		 +

    DeploymentControllerConfiguration holds configuration for +DeploymentController related features.

    +
    StatefulSetController [Required]
    +StatefulSetControllerConfiguration +    		 +

    StatefulSetControllerConfiguration holds configuration for +StatefulSetController related features.

    +
    DeprecatedController [Required]
    +DeprecatedControllerConfiguration +    		 +

    DeprecatedControllerConfiguration holds configuration for some deprecated +features.

    +
    EndpointController [Required]
    +EndpointControllerConfiguration +    		 +

    EndpointControllerConfiguration holds configuration for EndpointController +related features.

    +
    EndpointSliceController [Required]
    +EndpointSliceControllerConfiguration +    		 +

    EndpointSliceControllerConfiguration holds configuration for +EndpointSliceController related features.

    +
    EndpointSliceMirroringController [Required]
    +EndpointSliceMirroringControllerConfiguration +    		 +

    EndpointSliceMirroringControllerConfiguration holds configuration for +EndpointSliceMirroringController related features.

    +
    EphemeralVolumeController [Required]
    +EphemeralVolumeControllerConfiguration +    		 +

    EphemeralVolumeControllerConfiguration holds configuration for EphemeralVolumeController +related features.

    +
    GarbageCollectorController [Required]
    +GarbageCollectorControllerConfiguration +    		 +

    GarbageCollectorControllerConfiguration holds configuration for +GarbageCollectorController related features.

    +
    HPAController [Required]
    +HPAControllerConfiguration +    		 +

    HPAControllerConfiguration holds configuration for HPAController related features.

    +
    JobController [Required]
    +JobControllerConfiguration +    		 +

    JobControllerConfiguration holds configuration for JobController related features.

    +
    CronJobController [Required]
    +CronJobControllerConfiguration +    		 +

    CronJobControllerConfiguration holds configuration for CronJobController related features.

    +
    NamespaceController [Required]
    +NamespaceControllerConfiguration +    		 +

    NamespaceControllerConfiguration holds configuration for NamespaceController +related features. +NamespaceControllerConfiguration holds configuration for NamespaceController +related features.

    +
    NodeIPAMController [Required]
    +NodeIPAMControllerConfiguration +    		 +

    NodeIPAMControllerConfiguration holds configuration for NodeIPAMController +related features.

    +
    NodeLifecycleController [Required]
    +NodeLifecycleControllerConfiguration +    		 +

    NodeLifecycleControllerConfiguration holds configuration for +NodeLifecycleController related features.

    +
    PersistentVolumeBinderController [Required]
    +PersistentVolumeBinderControllerConfiguration +    		 +

    PersistentVolumeBinderControllerConfiguration holds configuration for +PersistentVolumeBinderController related features.

    +
    PodGCController [Required]
    +PodGCControllerConfiguration +    		 +

    PodGCControllerConfiguration holds configuration for PodGCController +related features.

    +
    ReplicaSetController [Required]
    +ReplicaSetControllerConfiguration +    		 +

    ReplicaSetControllerConfiguration holds configuration for ReplicaSet related features.

    +
    ReplicationController [Required]
    +ReplicationControllerConfiguration +    		 +

    ReplicationControllerConfiguration holds configuration for +ReplicationController related features.

    +
    ResourceQuotaController [Required]
    +ResourceQuotaControllerConfiguration +    		 +

    ResourceQuotaControllerConfiguration holds configuration for +ResourceQuotaController related features.

    +
    SAController [Required]
    +SAControllerConfiguration +    		 +

    SAControllerConfiguration holds configuration for ServiceAccountController +related features.

    +
    ServiceController [Required]
    +ServiceControllerConfiguration +    		 +

    ServiceControllerConfiguration holds configuration for ServiceController +related features.

    +
    TTLAfterFinishedController [Required]
    +TTLAfterFinishedControllerConfiguration +    		 +

    TTLAfterFinishedControllerConfiguration holds configuration for +TTLAfterFinishedController related features.

    +
    + +## `AttachDetachControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-AttachDetachControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    AttachDetachControllerConfiguration contains elements describing AttachDetachController.

    + + + + + + + + + + + + + + +
    FieldDescription
    DisableAttachDetachReconcilerSync [Required]
    +bool +    		 +

    Reconciler runs a periodic loop to reconcile the desired state of the with +the actual state of the world by triggering attach detach operations. +This flag enables or disables reconcile. Is false by default, and thus enabled.

    +
    ReconcilerSyncLoopPeriod [Required]
    +meta/v1.Duration +    		 +

    ReconcilerSyncLoopPeriod is the amount of time the reconciler sync states loop +wait between successive executions. Is set to 5 sec by default.

    +
    + +## `CSRSigningConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-CSRSigningConfiguration} + + +**Appears in:** + +- [CSRSigningControllerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-CSRSigningControllerConfiguration) + + +

    CSRSigningConfiguration holds information about a particular CSR signer

    + + + + + + + + + + + + + + +
    FieldDescription
    CertFile [Required]
    +string +    		 +

    certFile is the filename containing a PEM-encoded +X509 CA certificate used to issue certificates

    +
    KeyFile [Required]
    +string +    		 +

    keyFile is the filename containing a PEM-encoded +RSA or ECDSA private key used to issue certificates

    +
    + +## `CSRSigningControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-CSRSigningControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    CSRSigningControllerConfiguration contains elements describing CSRSigningController.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    ClusterSigningCertFile [Required]
    +string +    		 +

    clusterSigningCertFile is the filename containing a PEM-encoded +X509 CA certificate used to issue cluster-scoped certificates

    +
    ClusterSigningKeyFile [Required]
    +string +    		 +

    clusterSigningCertFile is the filename containing a PEM-encoded +RSA or ECDSA private key used to issue cluster-scoped certificates

    +
    KubeletServingSignerConfiguration [Required]
    +CSRSigningConfiguration +    		 +

    kubeletServingSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kubelet-serving signer

    +
    KubeletClientSignerConfiguration [Required]
    +CSRSigningConfiguration +    		 +

    kubeletClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client-kubelet

    +
    KubeAPIServerClientSignerConfiguration [Required]
    +CSRSigningConfiguration +    		 +

    kubeAPIServerClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client

    +
    LegacyUnknownSignerConfiguration [Required]
    +CSRSigningConfiguration +    		 +

    legacyUnknownSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/legacy-unknown

    +
    ClusterSigningDuration [Required]
    +meta/v1.Duration +    		 +

    clusterSigningDuration is the max length of duration signed certificates will be given. +Individual CSRs may request shorter certs by setting spec.expirationSeconds.

    +
    + +## `CronJobControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-CronJobControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    CronJobControllerConfiguration contains elements describing CrongJob2Controller.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentCronJobSyncs [Required]
    +int32 +    		 +

    concurrentCronJobSyncs is the number of job objects that are +allowed to sync concurrently. Larger number = more responsive jobs, +but more CPU (and network) load.

    +
    + +## `DaemonSetControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-DaemonSetControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    DaemonSetControllerConfiguration contains elements describing DaemonSetController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentDaemonSetSyncs [Required]
    +int32 +    		 +

    concurrentDaemonSetSyncs is the number of daemonset objects that are +allowed to sync concurrently. Larger number = more responsive daemonset, +but more CPU (and network) load.

    +
    + +## `DeploymentControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-DeploymentControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    DeploymentControllerConfiguration contains elements describing DeploymentController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentDeploymentSyncs [Required]
    +int32 +    		 +

    concurrentDeploymentSyncs is the number of deployment objects that are +allowed to sync concurrently. Larger number = more responsive deployments, +but more CPU (and network) load.

    +
    + +## `DeprecatedControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-DeprecatedControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    DeprecatedControllerConfiguration contains elements be deprecated.

    + + + + +## `EndpointControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-EndpointControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    EndpointControllerConfiguration contains elements describing EndpointController.

    + + + + + + + + + + + + + + +
    FieldDescription
    ConcurrentEndpointSyncs [Required]
    +int32 +    		 +

    concurrentEndpointSyncs is the number of endpoint syncing operations +that will be done concurrently. Larger number = faster endpoint updating, +but more CPU (and network) load.

    +
    EndpointUpdatesBatchPeriod [Required]
    +meta/v1.Duration +    		 +

    EndpointUpdatesBatchPeriod describes the length of endpoint updates batching period. +Processing of pod changes will be delayed by this duration to join them with potential +upcoming updates and reduce the overall number of endpoints updates.

    +
    + +## `EndpointSliceControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-EndpointSliceControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    EndpointSliceControllerConfiguration contains elements describing +EndpointSliceController.

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    ConcurrentServiceEndpointSyncs [Required]
    +int32 +    		 +

    concurrentServiceEndpointSyncs is the number of service endpoint syncing +operations that will be done concurrently. Larger number = faster +endpoint slice updating, but more CPU (and network) load.

    +
    MaxEndpointsPerSlice [Required]
    +int32 +    		 +

    maxEndpointsPerSlice is the maximum number of endpoints that will be +added to an EndpointSlice. More endpoints per slice will result in fewer +and larger endpoint slices, but larger resources.

    +
    EndpointUpdatesBatchPeriod [Required]
    +meta/v1.Duration +    		 +

    EndpointUpdatesBatchPeriod describes the length of endpoint updates batching period. +Processing of pod changes will be delayed by this duration to join them with potential +upcoming updates and reduce the overall number of endpoints updates.

    +
    + +## `EndpointSliceMirroringControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-EndpointSliceMirroringControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    EndpointSliceMirroringControllerConfiguration contains elements describing +EndpointSliceMirroringController.

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    MirroringConcurrentServiceEndpointSyncs [Required]
    +int32 +    		 +

    mirroringConcurrentServiceEndpointSyncs is the number of service endpoint +syncing operations that will be done concurrently. Larger number = faster +endpoint slice updating, but more CPU (and network) load.

    +
    MirroringMaxEndpointsPerSubset [Required]
    +int32 +    		 +

    mirroringMaxEndpointsPerSubset is the maximum number of endpoints that +will be mirrored to an EndpointSlice for an EndpointSubset.

    +
    MirroringEndpointUpdatesBatchPeriod [Required]
    +meta/v1.Duration +    		 +

    mirroringEndpointUpdatesBatchPeriod can be used to batch EndpointSlice +updates. All updates triggered by EndpointSlice changes will be delayed +by up to 'mirroringEndpointUpdatesBatchPeriod'. If other addresses in the +same Endpoints resource change in that period, they will be batched to a +single EndpointSlice update. Default 0 value means that each Endpoints +update triggers an EndpointSlice update.

    +
    + +## `EphemeralVolumeControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-EphemeralVolumeControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    EphemeralVolumeControllerConfiguration contains elements describing EphemeralVolumeController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentEphemeralVolumeSyncs [Required]
    +int32 +    		 +

    ConcurrentEphemeralVolumeSyncseSyncs is the number of ephemeral volume syncing operations +that will be done concurrently. Larger number = faster ephemeral volume updating, +but more CPU (and network) load.

    +
    + +## `GarbageCollectorControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-GarbageCollectorControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    GarbageCollectorControllerConfiguration contains elements describing GarbageCollectorController.

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    EnableGarbageCollector [Required]
    +bool +    		 +

    enables the generic garbage collector. MUST be synced with the +corresponding flag of the kube-apiserver. WARNING: the generic garbage +collector is an alpha feature.

    +
    ConcurrentGCSyncs [Required]
    +int32 +    		 +

    concurrentGCSyncs is the number of garbage collector workers that are +allowed to sync concurrently.

    +
    GCIgnoredResources [Required]
    +[]GroupResource +    		 +

    gcIgnoredResources is the list of GroupResources that garbage collection should ignore.

    +
    + +## `GroupResource` {#kubecontrollermanager-config-k8s-io-v1alpha1-GroupResource} + + +**Appears in:** + +- [GarbageCollectorControllerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-GarbageCollectorControllerConfiguration) + + +

    GroupResource describes an group resource.

    + + + + + + + + + + + + + + +
    FieldDescription
    Group [Required]
    +string +    		 +

    group is the group portion of the GroupResource.

    +
    Resource [Required]
    +string +    		 +

    resource is the resource portion of the GroupResource.

    +
    + +## `HPAControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-HPAControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    HPAControllerConfiguration contains elements describing HPAController.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    ConcurrentHorizontalPodAutoscalerSyncs [Required]
    +int32 +    		 +

    ConcurrentHorizontalPodAutoscalerSyncs is the number of HPA objects that are allowed to sync concurrently. +Larger number = more responsive HPA processing, but more CPU (and network) load.

    +
    HorizontalPodAutoscalerSyncPeriod [Required]
    +meta/v1.Duration +    		 +

    HorizontalPodAutoscalerSyncPeriod is the period for syncing the number of +pods in horizontal pod autoscaler.

    +
    HorizontalPodAutoscalerUpscaleForbiddenWindow [Required]
    +meta/v1.Duration +    		 +

    HorizontalPodAutoscalerUpscaleForbiddenWindow is a period after which next upscale allowed.

    +
    HorizontalPodAutoscalerDownscaleStabilizationWindow [Required]
    +meta/v1.Duration +    		 +

    HorizontalPodAutoscalerDowncaleStabilizationWindow is a period for which autoscaler will look +backwards and not scale down below any recommendation it made during that period.

    +
    HorizontalPodAutoscalerDownscaleForbiddenWindow [Required]
    +meta/v1.Duration +    		 +

    HorizontalPodAutoscalerDownscaleForbiddenWindow is a period after which next downscale allowed.

    +
    HorizontalPodAutoscalerTolerance [Required]
    +float64 +    		 +

    HorizontalPodAutoscalerTolerance is the tolerance for when +resource usage suggests upscaling/downscaling

    +
    HorizontalPodAutoscalerCPUInitializationPeriod [Required]
    +meta/v1.Duration +    		 +

    HorizontalPodAutoscalerCPUInitializationPeriod is the period after pod start when CPU samples +might be skipped.

    +
    HorizontalPodAutoscalerInitialReadinessDelay [Required]
    +meta/v1.Duration +    		 +

    HorizontalPodAutoscalerInitialReadinessDelay is period after pod start during which readiness +changes are treated as readiness being set for the first time. The only effect of this is that +HPA will disregard CPU samples from unready pods that had last readiness change during that +period.

    +
    + +## `JobControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-JobControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    JobControllerConfiguration contains elements describing JobController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentJobSyncs [Required]
    +int32 +    		 +

    concurrentJobSyncs is the number of job objects that are +allowed to sync concurrently. Larger number = more responsive jobs, +but more CPU (and network) load.

    +
    + +## `NamespaceControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-NamespaceControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    NamespaceControllerConfiguration contains elements describing NamespaceController.

    + + + + + + + + + + + + + + +
    FieldDescription
    NamespaceSyncPeriod [Required]
    +meta/v1.Duration +    		 +

    namespaceSyncPeriod is the period for syncing namespace life-cycle +updates.

    +
    ConcurrentNamespaceSyncs [Required]
    +int32 +    		 +

    concurrentNamespaceSyncs is the number of namespace objects that are +allowed to sync concurrently.

    +
    + +## `NodeIPAMControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-NodeIPAMControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    NodeIPAMControllerConfiguration contains elements describing NodeIpamController.

    + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    ServiceCIDR [Required]
    +string +    		 +

    serviceCIDR is CIDR Range for Services in cluster.

    +
    SecondaryServiceCIDR [Required]
    +string +    		 +

    secondaryServiceCIDR is CIDR Range for Services in cluster. This is used in dual stack clusters. SecondaryServiceCIDR must be of different IP family than ServiceCIDR

    +
    NodeCIDRMaskSize [Required]
    +int32 +    		 +

    NodeCIDRMaskSize is the mask size for node cidr in cluster.

    +
    NodeCIDRMaskSizeIPv4 [Required]
    +int32 +    		 +

    NodeCIDRMaskSizeIPv4 is the mask size for node cidr in dual-stack cluster.

    +
    NodeCIDRMaskSizeIPv6 [Required]
    +int32 +    		 +

    NodeCIDRMaskSizeIPv6 is the mask size for node cidr in dual-stack cluster.

    +
    + +## `NodeLifecycleControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-NodeLifecycleControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    NodeLifecycleControllerConfiguration contains elements describing NodeLifecycleController.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    EnableTaintManager [Required]
    +bool +    		 +

    If set to true enables NoExecute Taints and will evict all not-tolerating +Pod running on Nodes tainted with this kind of Taints.

    +
    NodeEvictionRate [Required]
    +float32 +    		 +

    nodeEvictionRate is the number of nodes per second on which pods are deleted in case of node failure when a zone is healthy

    +
    SecondaryNodeEvictionRate [Required]
    +float32 +    		 +

    secondaryNodeEvictionRate is the number of nodes per second on which pods are deleted in case of node failure when a zone is unhealthy

    +
    NodeStartupGracePeriod [Required]
    +meta/v1.Duration +    		 +

    nodeStartupGracePeriod is the amount of time which we allow starting a node to +be unresponsive before marking it unhealthy.

    +
    NodeMonitorGracePeriod [Required]
    +meta/v1.Duration +    		 +

    nodeMontiorGracePeriod is the amount of time which we allow a running node to be +unresponsive before marking it unhealthy. Must be N times more than kubelet's +nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet +to post node status.

    +
    PodEvictionTimeout [Required]
    +meta/v1.Duration +    		 +

    podEvictionTimeout is the grace period for deleting pods on failed nodes.

    +
    LargeClusterSizeThreshold [Required]
    +int32 +    		 +

    secondaryNodeEvictionRate is implicitly overridden to 0 for clusters smaller than or equal to largeClusterSizeThreshold

    +
    UnhealthyZoneThreshold [Required]
    +float32 +    		 +

    Zone is treated as unhealthy in nodeEvictionRate and secondaryNodeEvictionRate when at least +unhealthyZoneThreshold (no less than 3) of Nodes in the zone are NotReady

    +
    + +## `PersistentVolumeBinderControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-PersistentVolumeBinderControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    PersistentVolumeBinderControllerConfiguration contains elements describing +PersistentVolumeBinderController.

    + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    PVClaimBinderSyncPeriod [Required]
    +meta/v1.Duration +    		 +

    pvClaimBinderSyncPeriod is the period for syncing persistent volumes +and persistent volume claims.

    +
    VolumeConfiguration [Required]
    +VolumeConfiguration +    		 +

    volumeConfiguration holds configuration for volume related features.

    +
    VolumeHostCIDRDenylist [Required]
    +[]string +    		 +

    VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the +controller from plugins.

    +
    VolumeHostAllowLocalLoopback [Required]
    +bool +    		 +

    VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc) +should be allowed from plugins.

    +
    + +## `PersistentVolumeRecyclerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-PersistentVolumeRecyclerConfiguration} + + +**Appears in:** + +- [VolumeConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-VolumeConfiguration) + + +

    PersistentVolumeRecyclerConfiguration contains elements describing persistent volume plugins.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    MaximumRetry [Required]
    +int32 +    		 +

    maximumRetry is number of retries the PV recycler will execute on failure to recycle +PV.

    +
    MinimumTimeoutNFS [Required]
    +int32 +    		 +

    minimumTimeoutNFS is the minimum ActiveDeadlineSeconds to use for an NFS Recycler +pod.

    +
    PodTemplateFilePathNFS [Required]
    +string +    		 +

    podTemplateFilePathNFS is the file path to a pod definition used as a template for +NFS persistent volume recycling

    +
    IncrementTimeoutNFS [Required]
    +int32 +    		 +

    incrementTimeoutNFS is the increment of time added per Gi to ActiveDeadlineSeconds +for an NFS scrubber pod.

    +
    PodTemplateFilePathHostPath [Required]
    +string +    		 +

    podTemplateFilePathHostPath is the file path to a pod definition used as a template for +HostPath persistent volume recycling. This is for development and testing only and +will not work in a multi-node cluster.

    +
    MinimumTimeoutHostPath [Required]
    +int32 +    		 +

    minimumTimeoutHostPath is the minimum ActiveDeadlineSeconds to use for a HostPath +Recycler pod. This is for development and testing only and will not work in a multi-node +cluster.

    +
    IncrementTimeoutHostPath [Required]
    +int32 +    		 +

    incrementTimeoutHostPath is the increment of time added per Gi to ActiveDeadlineSeconds +for a HostPath scrubber pod. This is for development and testing only and will not work +in a multi-node cluster.

    +
    + +## `PodGCControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-PodGCControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    PodGCControllerConfiguration contains elements describing PodGCController.

    + + + + + + + + + + + +
    FieldDescription
    TerminatedPodGCThreshold [Required]
    +int32 +    		 +

    terminatedPodGCThreshold is the number of terminated pods that can exist +before the terminated pod garbage collector starts deleting terminated pods. +If <= 0, the terminated pod garbage collector is disabled.

    +
    + +## `ReplicaSetControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-ReplicaSetControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    ReplicaSetControllerConfiguration contains elements describing ReplicaSetController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentRSSyncs [Required]
    +int32 +    		 +

    concurrentRSSyncs is the number of replica sets that are allowed to sync +concurrently. Larger number = more responsive replica management, but more +CPU (and network) load.

    +
    + +## `ReplicationControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-ReplicationControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    ReplicationControllerConfiguration contains elements describing ReplicationController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentRCSyncs [Required]
    +int32 +    		 +

    concurrentRCSyncs is the number of replication controllers that are +allowed to sync concurrently. Larger number = more responsive replica +management, but more CPU (and network) load.

    +
    + +## `ResourceQuotaControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-ResourceQuotaControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    ResourceQuotaControllerConfiguration contains elements describing ResourceQuotaController.

    + + + + + + + + + + + + + + +
    FieldDescription
    ResourceQuotaSyncPeriod [Required]
    +meta/v1.Duration +    		 +

    resourceQuotaSyncPeriod is the period for syncing quota usage status +in the system.

    +
    ConcurrentResourceQuotaSyncs [Required]
    +int32 +    		 +

    concurrentResourceQuotaSyncs is the number of resource quotas that are +allowed to sync concurrently. Larger number = more responsive quota +management, but more CPU (and network) load.

    +
    + +## `SAControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-SAControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    SAControllerConfiguration contains elements describing ServiceAccountController.

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    ServiceAccountKeyFile [Required]
    +string +    		 +

    serviceAccountKeyFile is the filename containing a PEM-encoded private RSA key +used to sign service account tokens.

    +
    ConcurrentSATokenSyncs [Required]
    +int32 +    		 +

    concurrentSATokenSyncs is the number of service account token syncing operations +that will be done concurrently.

    +
    RootCAFile [Required]
    +string +    		 +

    rootCAFile is the root certificate authority will be included in service +account's token secret. This must be a valid PEM-encoded CA bundle.

    +
    + +## `StatefulSetControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-StatefulSetControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    StatefulSetControllerConfiguration contains elements describing StatefulSetController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentStatefulSetSyncs [Required]
    +int32 +    		 +

    concurrentStatefulSetSyncs is the number of statefulset objects that are +allowed to sync concurrently. Larger number = more responsive statefulsets, +but more CPU (and network) load.

    +
    + +## `TTLAfterFinishedControllerConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-TTLAfterFinishedControllerConfiguration} + + +**Appears in:** + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    TTLAfterFinishedControllerConfiguration contains elements describing TTLAfterFinishedController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentTTLSyncs [Required]
    +int32 +    		 +

    concurrentTTLSyncs is the number of TTL-after-finished collector workers that are +allowed to sync concurrently.

    +
    + +## `VolumeConfiguration` {#kubecontrollermanager-config-k8s-io-v1alpha1-VolumeConfiguration} + + +**Appears in:** + +- [PersistentVolumeBinderControllerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-PersistentVolumeBinderControllerConfiguration) + + +

    VolumeConfiguration contains all enumerated flags meant to configure all volume +plugins. From this config, the controller-manager binary will create many instances of +volume.VolumeConfig, each containing only the configuration needed for that plugin which +are then passed to the appropriate plugin. The ControllerManager binary is the only part +of the code which knows what plugins are supported and which flags correspond to each plugin.

    + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    EnableHostPathProvisioning [Required]
    +bool +    		 +

    enableHostPathProvisioning enables HostPath PV provisioning when running without a +cloud provider. This allows testing and development of provisioning features. HostPath +provisioning is not supported in any way, won't work in a multi-node cluster, and +should not be used for anything other than testing or development.

    +
    EnableDynamicProvisioning [Required]
    +bool +    		 +

    enableDynamicProvisioning enables the provisioning of volumes when running within an environment +that supports dynamic provisioning. Defaults to true.

    +
    PersistentVolumeRecyclerConfiguration [Required]
    +PersistentVolumeRecyclerConfiguration +    		 +

    persistentVolumeRecyclerConfiguration holds configuration for persistent volume plugins.

    +
    FlexVolumePluginDir [Required]
    +string +    		 +

    volumePluginDir is the full path of the directory in which the flex +volume plugin should search for additional third party volume plugins

    +
    + + + + +## `ServiceControllerConfiguration` {#ServiceControllerConfiguration} + + +**Appears in:** + +- [CloudControllerManagerConfiguration](#cloudcontrollermanager-config-k8s-io-v1alpha1-CloudControllerManagerConfiguration) + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    ServiceControllerConfiguration contains elements describing ServiceController.

    + + + + + + + + + + + +
    FieldDescription
    ConcurrentServiceSyncs [Required]
    +int32 +    		 +

    concurrentServiceSyncs is the number of services that are +allowed to sync concurrently. Larger number = more responsive service +management, but more CPU (and network) load.

    +
    + + + +## `CloudControllerManagerConfiguration` {#cloudcontrollermanager-config-k8s-io-v1alpha1-CloudControllerManagerConfiguration} + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    apiVersion
    string    		cloudcontrollermanager.config.k8s.io/v1alpha1
    kind
    string    		CloudControllerManagerConfiguration
    Generic [Required]
    +GenericControllerManagerConfiguration +    		 +

    Generic holds configuration for a generic controller-manager

    +
    KubeCloudShared [Required]
    +KubeCloudSharedConfiguration +    		 +

    KubeCloudSharedConfiguration holds configuration for shared related features +both in cloud controller manager and kube-controller manager.

    +
    ServiceController [Required]
    +ServiceControllerConfiguration +    		 +

    ServiceControllerConfiguration holds configuration for ServiceController +related features.

    +
    NodeStatusUpdateFrequency [Required]
    +meta/v1.Duration +    		 +

    NodeStatusUpdateFrequency is the frequency at which the controller updates nodes' status

    +
    + +## `CloudProviderConfiguration` {#cloudcontrollermanager-config-k8s-io-v1alpha1-CloudProviderConfiguration} + + +**Appears in:** + +- [KubeCloudSharedConfiguration](#cloudcontrollermanager-config-k8s-io-v1alpha1-KubeCloudSharedConfiguration) + + +

    CloudProviderConfiguration contains basically elements about cloud provider.

    + + + + + + + + + + + + + + +
    FieldDescription
    Name [Required]
    +string +    		 +

    Name is the provider for cloud services.

    +
    CloudConfigFile [Required]
    +string +    		 +

    cloudConfigFile is the path to the cloud provider configuration file.

    +
    + +## `KubeCloudSharedConfiguration` {#cloudcontrollermanager-config-k8s-io-v1alpha1-KubeCloudSharedConfiguration} + + +**Appears in:** + +- [CloudControllerManagerConfiguration](#cloudcontrollermanager-config-k8s-io-v1alpha1-CloudControllerManagerConfiguration) + +- [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) + + +

    KubeCloudSharedConfiguration contains elements shared by both kube-controller manager +and cloud-controller manager, but not genericconfig.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    CloudProvider [Required]
    +CloudProviderConfiguration +    		 +

    CloudProviderConfiguration holds configuration for CloudProvider related features.

    +
    ExternalCloudVolumePlugin [Required]
    +string +    		 +

    externalCloudVolumePlugin specifies the plugin to use when cloudProvider is "external". +It is currently used by the in repo cloud providers to handle node and volume control in the KCM.

    +
    UseServiceAccountCredentials [Required]
    +bool +    		 +

    useServiceAccountCredentials indicates whether controllers should be run with +individual service account credentials.

    +
    AllowUntaggedCloud [Required]
    +bool +    		 +

    run with untagged cloud instances

    +
    RouteReconciliationPeriod [Required]
    +meta/v1.Duration +    		 +

    routeReconciliationPeriod is the period for reconciling routes created for Nodes by cloud provider..

    +
    NodeMonitorPeriod [Required]
    +meta/v1.Duration +    		 +

    nodeMonitorPeriod is the period for syncing NodeStatus in NodeController.

    +
    ClusterName [Required]
    +string +    		 +

    clusterName is the instance prefix for the cluster.

    +
    ClusterCIDR [Required]
    +string +    		 +

    clusterCIDR is CIDR Range for Pods in cluster.

    +
    AllocateNodeCIDRs [Required]
    +bool +    		 +

    AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if +ConfigureCloudRoutes is true, to be set on the cloud provider.

    +
    CIDRAllocatorType [Required]
    +string +    		 +

    CIDRAllocatorType determines what kind of pod CIDR allocator will be used.

    +
    ConfigureCloudRoutes [Required]
    +bool +    		 +

    configureCloudRoutes enables CIDRs allocated with allocateNodeCIDRs +to be configured on the cloud provider.

    +
    NodeSyncPeriod [Required]
    +meta/v1.Duration +    		 +

    nodeSyncPeriod is the period for syncing nodes from cloudprovider. Longer +periods will result in fewer calls to cloud provider, but may delay addition +of new nodes to cluster.

    +
    + \ No newline at end of file From c207222c09ff72d561d24bcf5ef3a259e55ff347 Mon Sep 17 00:00:00 2001 From: Shiming Zhang Date: Tue, 28 Feb 2023 09:57:54 +0800 Subject: [PATCH 232/537] Add blog post for introdution kwok Co-authored-by: Wei Huang Co-authored-by: Tim Bannister --- .../2023-03-01-introducing-kwok/index.md | 75 +++++++++++++++++++ .../2023-03-01-introducing-kwok/kwok.svg | 1 + .../manage-clusters.svg | 1 + 3 files changed, 77 insertions(+) create mode 100644 content/en/blog/_posts/2023-03-01-introducing-kwok/index.md create mode 100644 content/en/blog/_posts/2023-03-01-introducing-kwok/kwok.svg create mode 100644 content/en/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg diff --git a/content/en/blog/_posts/2023-03-01-introducing-kwok/index.md b/content/en/blog/_posts/2023-03-01-introducing-kwok/index.md new file mode 100644 index 0000000000000..5500a7c5d67b4 --- /dev/null +++ b/content/en/blog/_posts/2023-03-01-introducing-kwok/index.md @@ -0,0 +1,75 @@ +--- +layout: blog +title: "Introducing KWOK: Kubernetes WithOut Kubelet" +date: 2023-03-01 +slug: introducing-kwok +--- + +**Author:** Shiming Zhang (DaoCloud), Wei Huang (Apple), Yibo Zhuang (Apple) + +KWOK logo + +Have you ever wondered how to set up a cluster of thousands of nodes just in seconds, how to simulate real nodes with a low resource footprint, and how to test your Kubernetes controller at scale without spending much on infrastructure? + +If you answered "yes" to any of these questions, then you might be interested in KWOK, a toolkit that enables you to create a cluster of thousands of nodes in seconds. + +## What is KWOK? + +KWOK stands for Kubernetes WithOut Kubelet. So far, it provides two tools: + +`kwok` +: `kwok` is the cornerstone of this project, responsible for simulating the lifecycle of fake nodes, pods, and other Kubernetes API resources. + +`kwokctl` +: `kwokctl` is a CLI tool designed to streamline the creation and management of clusters, with nodes simulated by `kwok`. + +## Why use KWOK? + +KWOK has several advantages: + +- **Speed**: You can create and delete clusters and nodes almost instantly, without waiting for boot or provisioning. +- **Compatibility**: KWOK works with any tools or clients that are compliant with Kubernetes APIs, such as kubectl, helm, kui, etc. +- **Portability**: KWOK has no specific hardware or software requirements. You can run it using pre-built images, once Docker or Nerdctl is installed. Alternatively, binaries are also available for all platforms and can be easily installed. +- **Flexibility**: You can configure different node types, labels, taints, capacities, conditions, etc., and you can configure different pod behaviors, status, etc. to test different scenarios and edge cases. +- **Performance**: You can simulate thousands of nodes on your laptop without significant consumption of CPU or memory resources. + +## What are the use cases? + +KWOK can be used for various purposes: + +- **Learning**: You can use KWOK to learn about Kubernetes concepts and features without worrying about resource waste or other consequences. +- **Development**: You can use KWOK to develop new features or tools for Kubernetes without accessing to a real cluster or requiring other components. +- **Testing**: + - You can measure how well your application or controller scales with different numbers of nodes and(or) pods. + - You can generate high loads on your cluster by creating many pods or services with different resource requests or limits. + - You can simulate node failures or network partitions by changing node conditions or randomly deleting nodes. + - You can test how your controller interacts with other components or features of Kubernetes by enabling different feature gates or API versions. + +## What are the limitations? + +KWOK is not intended to replace others completely. It has some limitations that you should be aware of: + +- **Functionality**: KWOK is not a kubelet and may exhibit different behaviors in areas such as pod lifecycle management, volume mounting, and device plugins. Its primary function is to simulate updates of node and pod status. +- **Accuracy**: It's important to note that KWOK doesn't accurately reflect the performance or behavior of real nodes under various workloads or environments. Instead, it approximates some behaviors using simple formulas. +- **Security**: KWOK does not enforce any security policies or mechanisms on simulated nodes. It assumes that all requests from the kube-apiserver are authorized and valid. + +## Getting started + +If you are interested in trying out KWOK, please check its [documents] for more details. + +{{< figure src="/blog/2023/03/01/introducing-kwok/manage-clusters.svg" alt="Animation of a terminal showing kwokctl in use" caption="Using kwokctl to manage simulated clusters" >}} + +## Getting Involved + +If you're interested in participating in future discussions or development related to KWOK, there are several ways to get involved: + +- Slack: [#kwok] for general usage discussion, [#kwok-dev] for development discussion. (visit [slack.k8s.io] for a workspace invitation) +- Open Issues/PRs/Discussions in [sigs.k8s.io/kwok] + +We welcome feedback and contributions from anyone who wants to join us in this exciting project. + +[documents]: https://kwok.sigs.k8s.io/ +[sigs.k8s.io/kwok]: https://sigs.k8s.io/kwok/ +[#kwok]: https://kubernetes.slack.com/messages/kwok/ +[#kwok-dev]: https://kubernetes.slack.com/messages/kwok-dev/ +[slack.k8s.io]: https://slack.k8s.io/ diff --git a/content/en/blog/_posts/2023-03-01-introducing-kwok/kwok.svg b/content/en/blog/_posts/2023-03-01-introducing-kwok/kwok.svg new file mode 100644 index 0000000000000..50c6fed067d6b --- /dev/null +++ b/content/en/blog/_posts/2023-03-01-introducing-kwok/kwok.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/content/en/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg b/content/en/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg new file mode 100644 index 0000000000000..12a24197ce195 --- /dev/null +++ b/content/en/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg @@ -0,0 +1 @@ +~/go/src/sigs.k8s.io/kwok$~/go/src/sigs.k8s.io/kwok$#~/go/src/sigs.k8s.io/kwok$#Let's~/go/src/sigs.k8s.io/kwok$#Let'sgetting~/go/src/sigs.k8s.io/kwok$#Let'sgettingstarted~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwith~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokctl!~/go/src/sigs.k8s.io/kwok$k~/go/src/sigs.k8s.io/kwok$kw~/go/src/sigs.k8s.io/kwok$kwo~/go/src/sigs.k8s.io/kwok$kwok~/go/src/sigs.k8s.io/kwok$kwokc~/go/src/sigs.k8s.io/kwok$kwokct~/go/src/sigs.k8s.io/kwok$kwokctl~/go/src/sigs.k8s.io/kwok$kwokctl-~/go/src/sigs.k8s.io/kwok$kwokctl--~/go/src/sigs.k8s.io/kwok$kwokctl--n~/go/src/sigs.k8s.io/kwok$kwokctl--na~/go/src/sigs.k8s.io/kwok$kwokctl--nam~/go/src/sigs.k8s.io/kwok$kwokctl--name~/go/src/sigs.k8s.io/kwok$kwokctl--named~/go/src/sigs.k8s.io/kwok$kwokctl--namede~/go/src/sigs.k8s.io/kwok$kwokctl--namedem~/go/src/sigs.k8s.io/kwok$kwokctl--namedemo~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreate~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclusterCreatingclustercluster=demoStartingclustercluster=demo[+]Running2/0[+]Running5/3Networkkwok-demoCreated0.0sContainerkwok-demo-etcdSt...0.1sContainerkwok-demo-kube-apiserverCreated0.0sContainerkwok-demo-kwok-controllerCreated0.0sContainerkwok-demo-kube-controller-managerCreated0.0sContainerkwok-demo-kube-schedulerCreated0.0s[+]Running5/6Containerkwok-demo-etcdSt...0.3sContainerkwok-demo-kube-apiserverStarting0.3sContainerkwok-demo-kube-apiserverStarting0.5s[+]Running3/6Containerkwok-demo-kube-apiserverStarted0.5sContainerkwok-demo-kwok-controllerStarting0.6sContainerkwok-demo-kube-controller-managerStarting0.6sContainerkwok-demo-kube-schedulerStarting0.6sContainerkwok-demo-kwok-controllerStarting0.7sContainerkwok-demo-kube-controller-managerStarting0.7sContainerkwok-demo-kube-schedulerStarting0.7s[+]Running6/6Containerkwok-demo-kwok-controllerStarted0.8sContainerkwok-demo-kube-controller-managerStarted0.8sContainerkwok-demo-kube-schedulerStarted0.7sClusteriscreatedcluster=demoelapsed=1sYoucannowuseyourclusterwith:kubectlconfiguse-contextkwok-demoThanksforusingkwok!~/go/src/sigs.k8s.io/kwok$#G~/go/src/sigs.k8s.io/kwok$#Ge~/go/src/sigs.k8s.io/kwok$#Get~/go/src/sigs.k8s.io/kwok$#Geta~/go/src/sigs.k8s.io/kwok$#Getal~/go/src/sigs.k8s.io/kwok$#Getall~/go/src/sigs.k8s.io/kwok$#Getallclusters.~/go/src/sigs.k8s.io/kwok$kwokctlget~/go/src/sigs.k8s.io/kwok$kwokctlgetclustersdemo~/go/src/sigs.k8s.io/kwok$#Switch~/go/src/sigs.k8s.io/kwok$#Switchto~/go/src/sigs.k8s.io/kwok$#Switchtothe~/go/src/sigs.k8s.io/kwok$#Switchtothecluster~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontext~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwith~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubectl.~/go/src/sigs.k8s.io/kwok$ku~/go/src/sigs.k8s.io/kwok$kub~/go/src/sigs.k8s.io/kwok$kube~/go/src/sigs.k8s.io/kwok$kubec~/go/src/sigs.k8s.io/kwok$kubect~/go/src/sigs.k8s.io/kwok$kubectl~/go/src/sigs.k8s.io/kwok$kubectlconfig~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-context~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-demoSwitchedtocontext"kwok-demo".~/go/src/sigs.k8s.io/kwok$#Create~/go/src/sigs.k8s.io/kwok$#Createa~/go/src/sigs.k8s.io/kwok$#Createanode.~/go/src/sigs.k8s.io/kwok$kubectla~/go/src/sigs.k8s.io/kwok$kubectlap~/go/src/sigs.k8s.io/kwok$kubectlapp~/go/src/sigs.k8s.io/kwok$kubectlappl~/go/src/sigs.k8s.io/kwok$kubectlapply~/go/src/sigs.k8s.io/kwok$kubectlapply-~/go/src/sigs.k8s.io/kwok$kubectlapply-f~/go/src/sigs.k8s.io/kwok$kubectlapply-f.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./~/go/src/sigs.k8s.io/kwok$kubectlapply-f./t~/go/src/sigs.k8s.io/kwok$kubectlapply-f./te~/go/src/sigs.k8s.io/kwok$kubectlapply-f./tes~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/k~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kw~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwo~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/f~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fa~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fak~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.yamlnode/fake-nodecreated~/go/src/sigs.k8s.io/kwok$#Getallnodes.~/go/src/sigs.k8s.io/kwok$kubectlg~/go/src/sigs.k8s.io/kwok$kubectlge~/go/src/sigs.k8s.io/kwok$kubectlget~/go/src/sigs.k8s.io/kwok$kubectlgetnodeNAMESTATUSROLESAGEVERSIONfake-nodeReadyagent5sfake~/go/src/sigs.k8s.io/kwok$#Apply~/go/src/sigs.k8s.io/kwok$#Applya~/go/src/sigs.k8s.io/kwok$#Applyadeployment.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.yamldeployment.apps/fake-podcreated~/go/src/sigs.k8s.io/kwok$#Getallpods.~/go/src/sigs.k8s.io/kwok$kubectlgetpodNAMEREADYSTATUSRESTARTSAGEfake-pod-5f58597466-ffq791/1Running05sfake-pod-5f58597466-gl2dc1/1Running05sfake-pod-5f58597466-p6vvw1/1Running05sfake-pod-5f58597466-wk44d1/1Running05sfake-pod-5f58597466-xzwbq1/1Running05s~/go/src/sigs.k8s.io/kwok$#Delete~/go/src/sigs.k8s.io/kwok$#Deletethe~/go/src/sigs.k8s.io/kwok$#Deletethecluster.~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodelete~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclusterStoppingclustercluster=demo[+]Running0/0Containerkwok-demo-kwok-controllerRemoved0.1sContainerkwok-demo-kube-controller-managerStopping0.2sContainerkwok-demo-kube-schedulerStopping0.2s[+]Running3/3Containerkwok-demo-kube-controller-managerRemoved0.2sContainerkwok-demo-kube-schedulerRemoved0.2sContainerkwok-demo-kube-apiserverStopping0.1s[+]Running3/4Containerkwok-demo-kube-apiserverStopping0.2sContainerkwok-demo-kube-apiserverStopping0.7sContainerkwok-demo-kube-apiserverStopping1.0s[+]Running4/4Containerkwok-demo-kube-apiserverRemoved1.3sContainerkwok-demo-etcdSt...0.0s[+]Running5/5Containerkwok-demo-etcdRe...0.1sNetworkkwok-demoRemoving0.0sNetworkkwok-demoRemoved0.0sDeletingclustercluster=demoClusterdeletedcluster=demo~/go/src/sigs.k8s.io/kwok$#That's~/go/src/sigs.k8s.io/kwok$#That'sall,~/go/src/sigs.k8s.io/kwok$#That'sall,enjoy~/go/src/sigs.k8s.io/kwok$#That'sall,enjoyit!~/go/src/sigs.k8s.io/kwok$clear~/go/src/sigs.k8s.io/kwok$#L~/go/src/sigs.k8s.io/kwok$#Le~/go/src/sigs.k8s.io/kwok$#Let~/go/src/sigs.k8s.io/kwok$#Let'~/go/src/sigs.k8s.io/kwok$#Let'sg~/go/src/sigs.k8s.io/kwok$#Let'sge~/go/src/sigs.k8s.io/kwok$#Let'sget~/go/src/sigs.k8s.io/kwok$#Let'sgett~/go/src/sigs.k8s.io/kwok$#Let'sgetti~/go/src/sigs.k8s.io/kwok$#Let'sgettin~/go/src/sigs.k8s.io/kwok$#Let'sgettings~/go/src/sigs.k8s.io/kwok$#Let'sgettingst~/go/src/sigs.k8s.io/kwok$#Let'sgettingsta~/go/src/sigs.k8s.io/kwok$#Let'sgettingstar~/go/src/sigs.k8s.io/kwok$#Let'sgettingstart~/go/src/sigs.k8s.io/kwok$#Let'sgettingstarte~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedw~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwi~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwit~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithk~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkw~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwo~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwok~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokc~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokct~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokctl~/go/src/sigs.k8s.io/kwok$kwokctl--namedemoc~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocr~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocre~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocrea~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreat~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreatec~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreatecl~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclu~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclus~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclust~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclusteNetworkkwok-demoCreated0.0sContainerkwok-demo-etcdCreated0.0sContainerkwok-demo-kube-apiserverC...0.0sContainerkwok-demo-etcdSt...0.2sContainerkwok-demo-kube-apiserverStarting0.4s~/go/src/sigs.k8s.io/kwok$#Getallc~/go/src/sigs.k8s.io/kwok$#Getallcl~/go/src/sigs.k8s.io/kwok$#Getallclu~/go/src/sigs.k8s.io/kwok$#Getallclus~/go/src/sigs.k8s.io/kwok$#Getallclust~/go/src/sigs.k8s.io/kwok$#Getallcluste~/go/src/sigs.k8s.io/kwok$#Getallcluster~/go/src/sigs.k8s.io/kwok$#Getallclusters~/go/src/sigs.k8s.io/kwok$kwokctlg~/go/src/sigs.k8s.io/kwok$kwokctlge~/go/src/sigs.k8s.io/kwok$kwokctlgetc~/go/src/sigs.k8s.io/kwok$kwokctlgetcl~/go/src/sigs.k8s.io/kwok$kwokctlgetclu~/go/src/sigs.k8s.io/kwok$kwokctlgetclus~/go/src/sigs.k8s.io/kwok$kwokctlgetclust~/go/src/sigs.k8s.io/kwok$kwokctlgetcluste~/go/src/sigs.k8s.io/kwok$kwokctlgetcluster~/go/src/sigs.k8s.io/kwok$#S~/go/src/sigs.k8s.io/kwok$#Sw~/go/src/sigs.k8s.io/kwok$#Swi~/go/src/sigs.k8s.io/kwok$#Swit~/go/src/sigs.k8s.io/kwok$#Switc~/go/src/sigs.k8s.io/kwok$#Switcht~/go/src/sigs.k8s.io/kwok$#Switchtot~/go/src/sigs.k8s.io/kwok$#Switchtoth~/go/src/sigs.k8s.io/kwok$#Switchtothec~/go/src/sigs.k8s.io/kwok$#Switchtothecl~/go/src/sigs.k8s.io/kwok$#Switchtotheclu~/go/src/sigs.k8s.io/kwok$#Switchtotheclus~/go/src/sigs.k8s.io/kwok$#Switchtotheclust~/go/src/sigs.k8s.io/kwok$#Switchtothecluste~/go/src/sigs.k8s.io/kwok$#Switchtotheclusterc~/go/src/sigs.k8s.io/kwok$#Switchtotheclusterco~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercon~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercont~/go/src/sigs.k8s.io/kwok$#Switchtotheclusterconte~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontex~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextw~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwi~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwit~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithk~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithku~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkub~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkube~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubec~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubect~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubectl~/go/src/sigs.k8s.io/kwok$kubectlc~/go/src/sigs.k8s.io/kwok$kubectlco~/go/src/sigs.k8s.io/kwok$kubectlcon~/go/src/sigs.k8s.io/kwok$kubectlconf~/go/src/sigs.k8s.io/kwok$kubectlconfi~/go/src/sigs.k8s.io/kwok$kubectlconfigu~/go/src/sigs.k8s.io/kwok$kubectlconfigus~/go/src/sigs.k8s.io/kwok$kubectlconfiguse~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-c~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-co~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-con~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-cont~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-conte~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contex~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextk~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkw~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwo~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-d~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-de~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-dem~/go/src/sigs.k8s.io/kwok$#C~/go/src/sigs.k8s.io/kwok$#Cr~/go/src/sigs.k8s.io/kwok$#Cre~/go/src/sigs.k8s.io/kwok$#Crea~/go/src/sigs.k8s.io/kwok$#Creat~/go/src/sigs.k8s.io/kwok$#Createan~/go/src/sigs.k8s.io/kwok$#Createano~/go/src/sigs.k8s.io/kwok$#Createanod~/go/src/sigs.k8s.io/kwok$#Createanode~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-n~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-no~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-nod~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.y~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.ya~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.yam~/go/src/sigs.k8s.io/kwok$#Getalln~/go/src/sigs.k8s.io/kwok$#Getallno~/go/src/sigs.k8s.io/kwok$#Getallnod~/go/src/sigs.k8s.io/kwok$#Getallnode~/go/src/sigs.k8s.io/kwok$#Getallnodes~/go/src/sigs.k8s.io/kwok$kubectlgetn~/go/src/sigs.k8s.io/kwok$kubectlgetno~/go/src/sigs.k8s.io/kwok$kubectlgetnod~/go/src/sigs.k8s.io/kwok$#A~/go/src/sigs.k8s.io/kwok$#Ap~/go/src/sigs.k8s.io/kwok$#App~/go/src/sigs.k8s.io/kwok$#Appl~/go/src/sigs.k8s.io/kwok$#Applyad~/go/src/sigs.k8s.io/kwok$#Applyade~/go/src/sigs.k8s.io/kwok$#Applyadep~/go/src/sigs.k8s.io/kwok$#Applyadepl~/go/src/sigs.k8s.io/kwok$#Applyadeplo~/go/src/sigs.k8s.io/kwok$#Applyadeploy~/go/src/sigs.k8s.io/kwok$#Applyadeploym~/go/src/sigs.k8s.io/kwok$#Applyadeployme~/go/src/sigs.k8s.io/kwok$#Applyadeploymen~/go/src/sigs.k8s.io/kwok$#Applyadeployment~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-d~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-de~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-dep~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-depl~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deplo~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deploy~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deploym~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployme~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deploymen~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.y~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.ya~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.yam~/go/src/sigs.k8s.io/kwok$#Getallp~/go/src/sigs.k8s.io/kwok$#Getallpo~/go/src/sigs.k8s.io/kwok$#Getallpod~/go/src/sigs.k8s.io/kwok$#Getallpods~/go/src/sigs.k8s.io/kwok$kubectlgetp~/go/src/sigs.k8s.io/kwok$kubectlgetpofake-pod-5f58597466-p6vvw~/go/src/sigs.k8s.io/kwok$#D~/go/src/sigs.k8s.io/kwok$#De~/go/src/sigs.k8s.io/kwok$#Del~/go/src/sigs.k8s.io/kwok$#Dele~/go/src/sigs.k8s.io/kwok$#Delet~/go/src/sigs.k8s.io/kwok$#Deletet~/go/src/sigs.k8s.io/kwok$#Deleteth~/go/src/sigs.k8s.io/kwok$#Deletethec~/go/src/sigs.k8s.io/kwok$#Deletethecl~/go/src/sigs.k8s.io/kwok$#Deletetheclu~/go/src/sigs.k8s.io/kwok$#Deletetheclus~/go/src/sigs.k8s.io/kwok$#Deletetheclust~/go/src/sigs.k8s.io/kwok$#Deletethecluste~/go/src/sigs.k8s.io/kwok$#Deletethecluster~/go/src/sigs.k8s.io/kwok$kwokctl--namedemod~/go/src/sigs.k8s.io/kwok$kwokctl--namedemode~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodel~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodele~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodelet~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeletec~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeletecl~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclu~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclus~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclust~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclusteContainerkwok-demo-kwok-controllerStopping0.1sContainerkwok-demo-kube-controller-managerStopping0.1sContainerkwok-demo-kube-schedulerStopping0.1s[+]Running1/3Containerkwok-demo-kube-apiserverStopping0.3sContainerkwok-demo-kube-apiserverStopping0.4sContainerkwok-demo-kube-apiserverStopping0.5sContainerkwok-demo-kube-apiserverStopping0.6sContainerkwok-demo-kube-apiserverStopping0.8sContainerkwok-demo-kube-apiserverStopping0.9sContainerkwok-demo-kube-apiserverStopping1.1sContainerkwok-demo-kube-apiserverStopping1.2sContainerkwok-demo-kube-apiserverStopping1.3s~/go/src/sigs.k8s.io/kwok$#T~/go/src/sigs.k8s.io/kwok$#Th~/go/src/sigs.k8s.io/kwok$#Tha~/go/src/sigs.k8s.io/kwok$#That~/go/src/sigs.k8s.io/kwok$#That'~/go/src/sigs.k8s.io/kwok$#That'sa~/go/src/sigs.k8s.io/kwok$#That'sal~/go/src/sigs.k8s.io/kwok$#That'sall~/go/src/sigs.k8s.io/kwok$#That'sall,e~/go/src/sigs.k8s.io/kwok$#That'sall,en~/go/src/sigs.k8s.io/kwok$#That'sall,enj~/go/src/sigs.k8s.io/kwok$#That'sall,enjo~/go/src/sigs.k8s.io/kwok$#That'sall,enjoyi~/go/src/sigs.k8s.io/kwok$#That'sall,enjoyit~/go/src/sigs.k8s.io/kwok$c~/go/src/sigs.k8s.io/kwok$cl~/go/src/sigs.k8s.io/kwok$cle~/go/src/sigs.k8s.io/kwok$clea \ No newline at end of file From 8a7476c1579b276ad28ff877f379cae4ad7218da Mon Sep 17 00:00:00 2001 From: lakshmi Date: Tue, 28 Feb 2023 12:51:20 +0530 Subject: [PATCH 233/537] corrected reference link for ComponentConfig. --- content/en/blog/_posts/2018-12-04-kubeadm-ga-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/blog/_posts/2018-12-04-kubeadm-ga-release.md b/content/en/blog/_posts/2018-12-04-kubeadm-ga-release.md index 7ce410607622a..9fc3f4702df88 100644 --- a/content/en/blog/_posts/2018-12-04-kubeadm-ga-release.md +++ b/content/en/blog/_posts/2018-12-04-kubeadm-ga-release.md @@ -33,7 +33,7 @@ General Availability means different things for different projects. For kubeadm, We now consider kubeadm to have achieved GA-level maturity in each of these important domains: * **Stable command-line UX** --- The kubeadm CLI conforms to [#5a GA rule of the Kubernetes Deprecation Policy](/docs/reference/using-api/deprecation-policy/#deprecating-a-flag-or-cli), which states that a command or flag that exists in a GA version must be kept for at least 12 months after deprecation. - * **Stable underlying implementation** --- kubeadm now creates a new Kubernetes cluster using methods that shouldn't change any time soon. The control plane, for example, is run as a set of static Pods, bootstrap tokens are used for the [`kubeadm join`](/docs/reference/setup-tools/kubeadm/kubeadm-join/) flow, and [ComponentConfig](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/wgs/0014-20180707-componentconfig-api-types-to-staging.md) is used for configuring the [kubelet](/docs/reference/command-line-tools-reference/kubelet/). + * **Stable underlying implementation** --- kubeadm now creates a new Kubernetes cluster using methods that shouldn't change any time soon. The control plane, for example, is run as a set of static Pods, bootstrap tokens are used for the [`kubeadm join`](/docs/reference/setup-tools/kubeadm/kubeadm-join/) flow, and [ComponentConfig](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/wgs/115-componentconfig) is used for configuring the [kubelet](/docs/reference/command-line-tools-reference/kubelet/). * **Configuration file schema** --- With the new **v1beta1** API version, you can now tune almost every part of the cluster declaratively and thus build a "GitOps" flow around kubeadm-built clusters. In future versions, we plan to graduate the API to version **v1** with minimal changes (and perhaps none). * **The "toolbox" interface of kubeadm** --- Also known as **phases**. If you don't want to perform all [`kubeadm init`](/docs/reference/setup-tools/kubeadm/kubeadm-init/) tasks, you can instead apply more fine-grained actions using the `kubeadm init phase` command (for example generating certificates or control plane [Static Pod](/docs/tasks/administer-cluster/static-pod/) manifests). * **Upgrades between minor versions** --- The [`kubeadm upgrade`](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/) command is now fully GA. It handles control plane upgrades for you, which includes upgrades to [etcd](https://etcd.io), the [API Server](/docs/reference/using-api/api-overview/), the [Controller Manager](/docs/reference/command-line-tools-reference/kube-controller-manager/), and the [Scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/). You can seamlessly upgrade your cluster between minor or patch versions (e.g. v1.12.2 -> v1.13.1 or v1.13.1 -> v1.13.3). From 3d850f6b9a79115ca5db3c5dea0a67882b17e268 Mon Sep 17 00:00:00 2001 From: mtardy Date: Tue, 28 Feb 2023 11:08:32 +0100 Subject: [PATCH 234/537] Clean CVE feed shortcode i18n caption data Previsouly we were using two data items: ```toml [cve_table_date_before] other = "(last updated: " [cve_table_date_after] other = ")" ``` Which was simplified, using printf, to: ```toml [cve_table_date_format_string] other = "(last updated: %s)" ``` This is related to the following discussion https://github.com/kubernetes/website/pull/38579#discussion_r1116992896 --- data/i18n/en/en.toml | 7 ++----- layouts/shortcodes/cve-feed.html | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/data/i18n/en/en.toml b/data/i18n/en/en.toml index ff3a2fc4b030a..b598f8f595eaa 100644 --- a/data/i18n/en/en.toml +++ b/data/i18n/en/en.toml @@ -55,14 +55,11 @@ other = "Issue Summary" [cve_table] other = "Official Kubernetes CVE List" -[cve_table_date_before] -other = "(last updated: " - [cve_table_date_format] other = "02 Jan 2006 15:04:05 MST" -[cve_table_date_after] -other = ")" +[cve_table_date_format_string] +other = "(last updated: %s)" [deprecation_title] other = "You are viewing documentation for Kubernetes version:" diff --git a/layouts/shortcodes/cve-feed.html b/layouts/shortcodes/cve-feed.html index 887999305ab0f..0c5b54671dcec 100644 --- a/layouts/shortcodes/cve-feed.html +++ b/layouts/shortcodes/cve-feed.html @@ -3,7 +3,7 @@ {{ errorf "Build Failed. CVE feed does not comply with JSON feed v1.1" }} {{ end }} - + From aa9f17ed0a83dceefacd2be6347348b9d661052c Mon Sep 17 00:00:00 2001 From: mtardy Date: Tue, 28 Feb 2023 11:14:27 +0100 Subject: [PATCH 235/537] Transform CVE feed shortcode compliance check to warning Previously it would cause the build to fail, which could lead to confusing situation since the CVE feed comes from outside of the website and could break the workflow. See related discussion: https://github.com/kubernetes/website/pull/38579#discussion_r1116996184 --- layouts/shortcodes/cve-feed.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layouts/shortcodes/cve-feed.html b/layouts/shortcodes/cve-feed.html index 0c5b54671dcec..8b829079fba89 100644 --- a/layouts/shortcodes/cve-feed.html +++ b/layouts/shortcodes/cve-feed.html @@ -1,6 +1,6 @@ {{ $feed := getJSON .Site.Params.cveFeedBucket }} {{ if ne $feed.version "https://jsonfeed.org/version/1.1" }} - {{ errorf "Build Failed. CVE feed does not comply with JSON feed v1.1" }} + {{ warnf "CVE feed shortcode. KEP-3203: CVE feed does not comply with JSON feed v1.1." }} {{ end }}
    {{ T "cve_table" }} {{ T "cve_table_date_before" }}{{ $feed._kubernetes_io.updated_at | time.Format ( T "cve_table_date_format" ) }}{{ T "cve_table_date_after" }}{{ T "cve_table" }} {{ printf (T "cve_table_date_format_string") ($feed._kubernetes_io.updated_at | time.Format (T "cve_table_date_format")) }}
    {{ T "cve_id" }}
    From ff72b666e9b7c0fc383cf69fe22f143955ba68f6 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Tue, 28 Feb 2023 11:50:35 +0000 Subject: [PATCH 236/537] Add volume.beta.kubernetes.io/storage-class annotation Signed-off-by: Dipesh Rawat --- content/en/docs/reference/labels-annotations-taints/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index 0032c56525886..1cbe707a8dd4c 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -435,7 +435,7 @@ This annotation has been deprecated. Used on: PersistentVolume, PersistentVolumeClaim -This annotation can be used for PersistentVolume(PV) or PersistentVolumeClaim(PVC) to specify the name of [StorageClass](/docs/concepts/storage/storage-classes/). +This annotation can be used for PersistentVolume(PV) or PersistentVolumeClaim(PVC) to specify the name of [StorageClass](/docs/concepts/storage/storage-classes/). When both `storageClassName` attribute and `volume.beta.kubernetes.io/storage-class` annotation are specified, the annotation `volume.beta.kubernetes.io/storage-class` takes precedence over the `storageClassName` attribute. This annotation has been deprecated. From 9c86598eb1f07c3bfa7bcb9f3d3c98a2115b4000 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Tue, 28 Feb 2023 14:39:59 +0000 Subject: [PATCH 237/537] Update content/en/docs/reference/labels-annotations-taints/_index.md Co-authored-by: Tim Bannister --- content/en/docs/reference/labels-annotations-taints/_index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index 1cbe707a8dd4c..c0a7ae90ed499 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -433,6 +433,8 @@ This annotation has been deprecated. ### volume.beta.kubernetes.io/storage-class (deprecated) +Example: `volume.beta.kubernetes.io/storage-class: "example-class"` + Used on: PersistentVolume, PersistentVolumeClaim This annotation can be used for PersistentVolume(PV) or PersistentVolumeClaim(PVC) to specify the name of [StorageClass](/docs/concepts/storage/storage-classes/). When both `storageClassName` attribute and `volume.beta.kubernetes.io/storage-class` annotation are specified, the annotation `volume.beta.kubernetes.io/storage-class` takes precedence over the `storageClassName` attribute. From 2714d3455f02f74fad109f701c3ebda081df1b85 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Tue, 28 Feb 2023 14:40:09 +0000 Subject: [PATCH 238/537] Update content/en/docs/reference/labels-annotations-taints/_index.md Co-authored-by: Tim Bannister --- content/en/docs/reference/labels-annotations-taints/_index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index c0a7ae90ed499..ed27e3dcdd34c 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -439,7 +439,8 @@ Used on: PersistentVolume, PersistentVolumeClaim This annotation can be used for PersistentVolume(PV) or PersistentVolumeClaim(PVC) to specify the name of [StorageClass](/docs/concepts/storage/storage-classes/). When both `storageClassName` attribute and `volume.beta.kubernetes.io/storage-class` annotation are specified, the annotation `volume.beta.kubernetes.io/storage-class` takes precedence over the `storageClassName` attribute. -This annotation has been deprecated. +This annotation has been deprecated. Instead, set the [`storageClassName` field](/docs/concepts/storage/persistent-volumes/#class) +for the PersistentVolumeClaim or PersistentVolume. ### volume.beta.kubernetes.io/mount-options (deprecated) {#mount-options} From 9100a2260a1bde2ded85e577c61d4688bcb50fcd Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Tue, 28 Feb 2023 14:58:55 +0000 Subject: [PATCH 239/537] Update registry.k8s.io announcement article Mention the subsequent container image freeze. --- .../en/blog/_posts/2022-11-28-registry-k8s-io-change.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/content/en/blog/_posts/2022-11-28-registry-k8s-io-change.md b/content/en/blog/_posts/2022-11-28-registry-k8s-io-change.md index 604c6e738ea5c..64f2580bd9abe 100644 --- a/content/en/blog/_posts/2022-11-28-registry-k8s-io-change.md +++ b/content/en/blog/_posts/2022-11-28-registry-k8s-io-change.md @@ -11,7 +11,7 @@ Starting with Kubernetes 1.25, our container image registry has changed from k8s ## TL;DR: What you need to know about this change -* Container images for Kubernetes releases from 1.25 onward are no longer published to k8s.gcr.io, only to registry.k8s.io. +* Container images for Kubernetes releases from 1.25 1.27 onward are not published to k8s.gcr.io, only to registry.k8s.io. * In the upcoming December patch releases, the new registry domain default will be backported to all branches still in support (1.22, 1.23, 1.24). * If you run in a restricted environment and apply strict domain/IP address access policies limited to k8s.gcr.io, the __image pulls will not function__ after the migration to this new registry. For these users, the recommended method is to mirror the release images to a private registry. @@ -68,8 +68,15 @@ The image used by kubelet for the pod sandbox (`pause`) can be overridden by set kubelet --pod-infra-container-image=k8s.gcr.io/pause:3.5 ``` +## Legacy container registry freeze {#registry-freeze} + +[k8s.gcr.io Image Registry Will Be Frozen From the 3rd of April 2023](/blog/2023/02/06/k8s-gcr-io-freeze-announcement/) announces the freeze of the +legacy k8s.gcr.io image registry. Read that article for more details. + ## Acknowledgments __Change is hard__, and evolving our image-serving platform is needed to ensure a sustainable future for the project. We strive to make things better for everyone using Kubernetes. Many contributors from all corners of our community have been working long and hard to ensure we are making the best decisions possible, executing plans, and doing our best to communicate those plans. Thanks to Aaron Crickenberger, Arnaud Meukam, Benjamin Elder, Caleb Woodbine, Davanum Srinivas, Mahamed Ali, and Tim Hockin from SIG K8s Infra, Brian McQueen, and Sergey Kanzhelev from SIG Node, Lubomir Ivanov from SIG Cluster Lifecycle, Adolfo García Veytia, Jeremy Rickard, Sascha Grunert, and Stephen Augustus from SIG Release, Bob Killen and Kaslin Fields from SIG Contribex, Tim Allclair from the Security Response Committee. Also a big thank you to our friends acting as liaisons with our cloud provider partners: Jay Pipes from Amazon and Jon Johnson Jr. from Google. + +_This article was updated on the 28th of February 2023._ From 1f9b9e0a127e57941863f81a0334ab90967d847e Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Wed, 15 Feb 2023 22:49:13 +0530 Subject: [PATCH 240/537] Synced pt-br_cheatsheet.md with English --- .../docs/reference/kubectl/cheatsheet.md | 122 +++++++++++++++--- 1 file changed, 105 insertions(+), 17 deletions(-) diff --git a/content/pt-br/docs/reference/kubectl/cheatsheet.md b/content/pt-br/docs/reference/kubectl/cheatsheet.md index ab223c79495de..449522490c199 100644 --- a/content/pt-br/docs/reference/kubectl/cheatsheet.md +++ b/content/pt-br/docs/reference/kubectl/cheatsheet.md @@ -12,11 +12,7 @@ card: -Veja também: [Visão geral do Kubectl](/docs/reference/kubectl/overview/) e [JsonPath Guide](/docs/reference/kubectl/jsonpath). - -Esta página é uma visão geral do comando `kubectl`. - - +Esta página contém uma lista de comandos e sinalizadores `kubectl` comumente usados. @@ -45,6 +41,12 @@ source <(kubectl completion zsh) # configuração para usar autocomplete no ter echo "if [ $commands[kubectl] ]; then source <(kubectl completion zsh); fi" >> ~/.zshrc # adicionar auto completar permanentemente para o seu shell zsh ``` +### Uma nota sobre `--all-namespaces` + +Acrescentar `--all-namespaces` acontece com bastante frequência, onde você deve estar ciente da abreviação de `--all-namespaces`: + +```kubectl -A``` + ## Contexto e Configuração do Kubectl Defina com qual cluster Kubernetes o `kubectl` se comunica e modifique os detalhes da configuração. @@ -68,6 +70,11 @@ kubectl config get-contexts # exibir lista de contextos kubectl config current-context # exibir o contexto atual kubectl config use-context my-cluster-name # defina o contexto padrão como my-cluster-name +kubectl config set-cluster my-cluster-name # defina uma entrada de cluster no kubeconfig + +# configurar a URL para um servidor proxy a ser usado para solicitações feitas por este cliente no kubeconfig +kubectl config set-cluster my-cluster-name --proxy-url=my-proxy-url + # adicione um novo cluster ao seu kubeconfig que suporte autenticação básica kubectl config set-credentials kubeuser/foo.kubernetes.com --username=kubeuser --password=kubepassword @@ -79,6 +86,10 @@ kubectl config set-context gce --user=cluster-admin --namespace=foo \ && kubectl config use-context gce kubectl config unset users.foo # excluir usuário foo + +# alias curto para definir/mostrar contexto/namespace (funciona apenas para bash e shells compatíveis com bash, contexto atual a ser definido antes de usar kn para definir namespace) +alias kx='f() { [ "$1" ] && kubectl config use-context $1 || kubectl config current-context ; } ; f' +alias kn='f() { [ "$1" ] && kubectl config set-context --current --namespace $1 || kubectl config view --minify | grep namespace | cut -d" " -f6 ; } ; f' ``` ## Aplicar @@ -96,7 +107,14 @@ kubectl apply -f ./my1.yaml -f ./my2.yaml # criar a partir de vários arqui kubectl apply -f ./dir # criar recurso(s) em todos os arquivos de manifesto no diretório kubectl apply -f https://git.io/vPieo # criar recurso(s) a partir de URL kubectl create deployment nginx --image=nginx # iniciar uma única instância do nginx -kubectl explain pods,svc # obtenha a documentação de manifesto do pod + +# crie um Job que imprima "Hello World" +kubectl create job hello --image=busybox:1.28 -- echo "Hello World" + +# crie um CronJob que imprima "Hello World" a cada minuto +kubectl create cronjob hello --image=busybox:1.28 --schedule="*/1 * * * *" -- echo "Hello World" + +kubectl explain pods # obtenha a documentação de manifesto do pod # Crie vários objetos YAML a partir de stdin cat < pod.yaml kubectl attach my-pod -i # Anexar ao contêiner em execução kubectl port-forward my-pod 5000:6000 # Ouça na porta 5000 na máquina local e encaminhe para a porta 6000 no my-pod kubectl exec my-pod -- ls / # Executar comando no pod existente (1 contêiner) +kubectl exec --stdin --tty my-pod -- /bin/sh # Acesso de shell interativo a um pod em execução (1 caixa de contêiner) kubectl exec my-pod -c my-container -- ls / # Executar comando no pod existente (pod com vários contêineres) kubectl top pod POD_NAME --containers # Mostrar métricas para um determinado pod e seus contêineres +kubectl top pod POD_NAME --sort-by=cpu # Mostrar métricas para um determinado pod e classificá-lo por 'cpu' ou 'memória' +``` + +## Copiar arquivos e diretórios de e para contêineres + +```bash +kubectl cp /tmp/foo_dir my-pod:/tmp/bar_dir # Copie o diretório local /tmp/foo_dir para /tmp/bar_dir em um pod remoto no namespace atual +kubectl cp /tmp/foo my-pod:/tmp/bar -c my-container # Copie o arquivo local /tmp/foo para /tmp/bar em um pod remoto em um contêiner específico +kubectl cp /tmp/foo my-namespace/my-pod:/tmp/bar # Copie o arquivo local /tmp/foo para /tmp/bar em um pod remoto no namespace my-namespace +kubectl cp my-namespace/my-pod:/tmp/foo /tmp/bar # Copie /tmp/foo de um pod remoto para /tmp/bar localmente +``` +{{< note >}} +`kubectl cp` requer que o binário 'tar' esteja presente em sua imagem de container. Se 'tar' não estiver presente, `kubectl cp` falhará. +Para casos de uso avançado, como links simbólicos, expansão curinga ou preservação do modo de arquivo, considere usar `kubectl exec`. +{{< /note >}} + +```bash +tar cf - /tmp/foo | kubectl exec -i -n my-namespace my-pod -- tar xf - -C /tmp/bar # Copie o arquivo local /tmp/foo para /tmp/bar em um pod remoto no namespace my-namespace +kubectl exec -n my-namespace my-pod -- tar cf - /tmp/foo | tar xf - -C /tmp/bar # Copie /tmp/foo de um pod remoto para /tmp/bar localmente +``` + +## Interagindo com implantações e serviços +```bash +kubectl logs deploy/my-deployment # despejar logs de pod para uma implantação (caso de contêiner único) +kubectl logs deploy/my-deployment -c my-container # despejar logs de pod para uma implantação (caso de vários contêineres) + +kubectl port-forward svc/my-service 5000 # escute na porta local 5000 e encaminhe para a porta 5000 no back-end do serviço +kubectl port-forward svc/my-service 5000:my-service-port # escute na porta local 5000 e encaminhe para a porta de destino do serviço com o nome + +kubectl port-forward deploy/my-deployment 5000:6000 # escute na porta local 5000 e encaminhe para a porta 6000 em um pod criado por +kubectl exec deploy/my-deployment -- ls # execute o comando no primeiro pod e primeiro contêiner na implantação (casos de um ou vários contêineres) ``` ## Interagindo com Nós e Cluster @@ -321,13 +387,16 @@ kubectl cluster-info # Exibir e kubectl cluster-info dump # Despejar o estado atual do cluster no stdout kubectl cluster-info dump --output-directory=/path/to/cluster-state # Despejar o estado atual do cluster em /path/to/cluster-state +# Veja os taints existentes nos nós atuais. +kubectl get nodes -o='custom-columns=NodeName:.metadata.name,TaintKey:.spec.taints[*].key,TaintValue:.spec.taints[*].value,TaintEffect:.spec.taints[*].effect' + # Se uma `taint` com essa chave e efeito já existir, seu valor será substituído conforme especificado. kubectl taint nodes foo dedicated=special-user:NoSchedule ``` ### Tipos de Recursos -Listar todos os tipos de recursos suportados, juntamente com seus nomes abreviados, [Grupo de API](/docs/concepts/overview/kubernetes-api/#api-groups), se eles são por [namespaces](/docs/concepts/overview/working-with-objects/namespaces), e [objetos](/docs/concepts/overview/working-with-objects/kubernetes-objects): +Liste todos os tipos de recursos suportados junto com seus nomes abreviados, [grupo de API](/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning), sejam eles [namespaced](/docs/concepts/overview/ trabalhando com objetos/namespaces) e [Kind](/docs/concepts/overview/working-with-objects/kubernetes-objects): ```bash kubectl api-resources @@ -359,6 +428,24 @@ Formato de saída | Descrição `-o=wide` | Saída no formato de texto sem formatação com qualquer informação adicional e, para pods, o nome do nó está incluído `-o=yaml` | Saída de um objeto de API formatado em YAML +Exemplos usando `-o=custom-columns`: + +```bash +# Todas as imagens em execução em um cluster +kubectl get pods -A -o=custom-columns='DATA:spec.containers[*].image' + +# Todas as imagens em execução no namespace: padrão, agrupadas por pod +kubectl get pods --namespace default --output=custom-columns="NAME:.metadata.name,IMAGE:.spec.containers[*].image" + + # Todas as imagens excluindo "registry.k8s.io/coredns:1.6.2" +kubectl get pods -A -o=custom-columns='DATA:spec.containers[?(@.image!="registry.k8s.io/coredns:1.6.2")].image' + +# Todos os campos sob metadados, independentemente do nome +kubectl get pods -A -o=custom-columns='DATA:metadata.*' +``` + +More examples in the kubectl [reference documentation](/docs/reference/kubectl/#custom-columns). + ### Verbosidade da Saída do Kubectl e Debugging A verbosidade do Kubectl é controlado com os sinalizadores `-v` ou` --v` seguidos por um número inteiro representando o nível do log. As convenções gerais de log do Kubernetes e os níveis de log associados são descritos [aqui](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md). @@ -370,6 +457,7 @@ Verbosidade | Descrição `--v=2` | Informações úteis sobre o estado estacionário sobre o serviço e mensagens importantes de log que podem se correlacionar com alterações significativas no sistema. Este é o nível de log padrão recomendado para a maioria dos sistemas. `--v=3` | Informações estendidas sobre alterações. `--v=4` | Detalhamento no nível de debugging. +`--v=5` | Verbosidade do nível de rastreamento. `--v=6` | Exibir os recursos solicitados. `--v=7` | Exibir cabeçalhos de solicitação HTTP. `--v=8` | Exibir conteúdo da solicitação HTTP. @@ -380,7 +468,7 @@ Verbosidade | Descrição ## {{% heading "whatsnext" %}} -* Saiba mais em [Visão geral do kubectl](/docs/reference/kubectl/overview/). +* Leia a [visão geral do kubectl](/docs/reference/kubectl/) e aprenda sobre [JsonPath](/docs/reference/kubectl/jsonpath). * Veja as opções do [kubectl](/docs/reference/kubectl/kubectl/). From d1fec5ae9c858553d95a3c81d416bfa4cf989dc8 Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Thu, 23 Feb 2023 21:13:41 +0530 Subject: [PATCH 241/537] content/pt-br/docs/reference/kubectl/cheatsheet.md --- .../pt-br/docs/reference/kubectl/cheatsheet.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/content/pt-br/docs/reference/kubectl/cheatsheet.md b/content/pt-br/docs/reference/kubectl/cheatsheet.md index 449522490c199..7bb0b5b5c0a1f 100644 --- a/content/pt-br/docs/reference/kubectl/cheatsheet.md +++ b/content/pt-br/docs/reference/kubectl/cheatsheet.md @@ -108,10 +108,10 @@ kubectl apply -f ./dir # criar recurso(s) em todos os ar kubectl apply -f https://git.io/vPieo # criar recurso(s) a partir de URL kubectl create deployment nginx --image=nginx # iniciar uma única instância do nginx -# crie um Job que imprima "Hello World" +# crie um Job que imprime "Hello World" kubectl create job hello --image=busybox:1.28 -- echo "Hello World" -# crie um CronJob que imprima "Hello World" a cada minuto +# crie um CronJob que imprime "Hello World" a cada minuto kubectl create cronjob hello --image=busybox:1.28 --schedule="*/1 * * * *" -- echo "Hello World" kubectl explain pods # obtenha a documentação de manifesto do pod @@ -227,11 +227,11 @@ kubectl get events --sort-by=.metadata.creationTimestamp # Compara o estado atual do cluster com o estado em que o cluster estaria se o manifesto fosse aplicado. kubectl diff -f ./my-manifest.yaml -# Produzir uma árvore delimitada por período de todas as chaves retornadas para nós +# Produzir uma árvore delimitada por ponto de todas as chaves retornadas para nós # Útil ao localizar uma chave em uma estrutura JSON aninhada complexa kubectl get nodes -o json | jq -c 'paths|join(".")' -# Produzir uma árvore delimitada por período de todas as chaves retornadas para pods, etc. +# Produzir uma árvore delimitada por ponto de todas as chaves retornadas para pods, etc. kubectl get pods -o json | jq -c 'paths|join(".")' # Produza ENV para todos os pods, supondo que você tenha um contêiner padrão para os pods, namespace padrão e o comando `env` é compatível. @@ -286,7 +286,7 @@ kubectl patch deployment valid-deployment --type json -p='[{"op": "remove", " # Adicionar um novo elemento a uma matriz posicional kubectl patch sa default --type='json' -p='[{"op": "add", "path": "/secrets/1", "value": {"name": "whatever" } }]' -# Update a deployment's replica count by patching its scale subresource +# Atualize a contagem de réplicas de uma implantação corrigindo seu sub-recurso de escala kubectl patch deployment nginx-deployment --subresource='scale' --type='merge' -p '{"spec":{"replicas":2}}' ``` @@ -340,7 +340,7 @@ kubectl run nginx --image=nginx --restart=Never # Execute o pod nginx e salv kubectl attach my-pod -i # Anexar ao contêiner em execução kubectl port-forward my-pod 5000:6000 # Ouça na porta 5000 na máquina local e encaminhe para a porta 6000 no my-pod kubectl exec my-pod -- ls / # Executar comando no pod existente (1 contêiner) -kubectl exec --stdin --tty my-pod -- /bin/sh # Acesso de shell interativo a um pod em execução (1 caixa de contêiner) +kubectl exec --stdin --tty my-pod -- /bin/sh # Acesso de shell interativo a um pod em execução (apenas 1 contêiner) kubectl exec my-pod -c my-container -- ls / # Executar comando no pod existente (pod com vários contêineres) kubectl top pod POD_NAME --containers # Mostrar métricas para um determinado pod e seus contêineres kubectl top pod POD_NAME --sort-by=cpu # Mostrar métricas para um determinado pod e classificá-lo por 'cpu' ou 'memória' @@ -355,7 +355,7 @@ kubectl cp /tmp/foo my-namespace/my-pod:/tmp/bar # Copie o arquivo local / kubectl cp my-namespace/my-pod:/tmp/foo /tmp/bar # Copie /tmp/foo de um pod remoto para /tmp/bar localmente ``` {{< note >}} -`kubectl cp` requer que o binário 'tar' esteja presente em sua imagem de container. Se 'tar' não estiver presente, `kubectl cp` falhará. +`kubectl cp` requer que o binário 'tar' esteja presente em sua imagem de contêiner. Se 'tar' não estiver presente, `kubectl cp` falhará. Para casos de uso avançado, como links simbólicos, expansão curinga ou preservação do modo de arquivo, considere usar `kubectl exec`. {{< /note >}} @@ -444,7 +444,7 @@ kubectl get pods -A -o=custom-columns='DATA:spec.containers[?(@.image!="registry kubectl get pods -A -o=custom-columns='DATA:metadata.*' ``` -More examples in the kubectl [reference documentation](/docs/reference/kubectl/#custom-columns). +Mais exemplos no kubectl [documentação de referência](/docs/reference/kubectl/#custom-columns). ### Verbosidade da Saída do Kubectl e Debugging From 5ec836636e7546390457bacbcff09ccbb2897a88 Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Sun, 26 Feb 2023 22:43:59 +0530 Subject: [PATCH 242/537] updated content\pt-br\docs\reference\kubectl\cheatsheet.md --- .../docs/reference/kubectl/cheatsheet.md | 23 +++++++------------ 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/content/pt-br/docs/reference/kubectl/cheatsheet.md b/content/pt-br/docs/reference/kubectl/cheatsheet.md index 7bb0b5b5c0a1f..7bd742cfceb65 100644 --- a/content/pt-br/docs/reference/kubectl/cheatsheet.md +++ b/content/pt-br/docs/reference/kubectl/cheatsheet.md @@ -1,9 +1,5 @@ --- title: kubectl Cheat Sheet -reviewers: -- erictune -- krousey -- clove content_type: concept card: name: reference @@ -38,7 +34,7 @@ complete -F __start_kubectl k ```bash source <(kubectl completion zsh) # configuração para usar autocomplete no terminal zsh no shell atual -echo "if [ $commands[kubectl] ]; then source <(kubectl completion zsh); fi" >> ~/.zshrc # adicionar auto completar permanentemente para o seu shell zsh +echo '[[ $commands[kubectl] ]] && source <(kubectl completion zsh)' >> ~/.zshrc # adicionar auto completar permanentemente para o seu shell zsh ``` ### Uma nota sobre `--all-namespaces` @@ -193,8 +189,8 @@ kubectl get configmap myconfig \ kubectl get secret my-secret --template='{{index .data "key-name-with-dashes"}}' # Obter todos os nós workers (use um seletor para excluir resultados que possuem uma label -# nomeado 'node-role.kubernetes.io/master') -kubectl get node --selector='!node-role.kubernetes.io/master' +# nomeado 'node-role.kubernetes.io/control-plane') +kubectl get node --selector='!node-role.kubernetes.io/control-plane' # Obter todos os pods em execução no namespace kubectl get pods --field-selector=status.phase=Running @@ -307,7 +303,7 @@ kubectl scale --current-replicas=2 --replicas=3 deployment/mysql # Se o tamanho kubectl scale --replicas=5 rc/foo rc/bar rc/baz # Escalar vários replicaset ``` -## Exclusão de Recursos +## Deleting resources ```bash kubectl delete -f ./pod.json # Exclua um pod usando o tipo e o nome especificados em pod.json @@ -330,13 +326,10 @@ kubectl logs my-pod -c my-container --previous # despejar logs de um contê kubectl logs -f my-pod # Fluxo de logs de pod (stdout) kubectl logs -f my-pod -c my-container # Fluxo de logs para um específico contêiner em um pod (stdout, caixa com vários contêineres) kubectl logs -f -l name=myLabel --all-containers # transmitir todos os logs de pods com a label name=myLabel (stdout) -kubectl run -i --tty busybox --image=busybox -- sh # Executar pod como shell interativo -kubectl run nginx --image=nginx --restart=Never -n -mynamespace # Execute o pod nginx em um namespace específico -kubectl run nginx --image=nginx --restart=Never # Execute o pod nginx e salve suas especificações em um arquivo chamado pod.yaml - ---dry-run -o yaml > pod.yaml - +kubectl run -i --tty busybox --image=busybox:1.28 -- sh # Executar pod como shell interativo +kubectl run nginx --image=nginx -n mynamespace # Inicie uma única instância do pod nginx no namespace de mynamespace +kubectl run nginx --image=nginx --dry-run=client -o yaml > pod.yaml + # Gere a especificação para executar o pod nginx e grave-a em um arquivo chamado pod.yaml kubectl attach my-pod -i # Anexar ao contêiner em execução kubectl port-forward my-pod 5000:6000 # Ouça na porta 5000 na máquina local e encaminhe para a porta 6000 no my-pod kubectl exec my-pod -- ls / # Executar comando no pod existente (1 contêiner) From 0d87a3aff26e3dc2de72eef4d4371b5ccf9fdf6b Mon Sep 17 00:00:00 2001 From: Akash Kumar Saw Date: Sun, 26 Feb 2023 22:49:26 +0530 Subject: [PATCH 243/537] Empty Commit --- content/pt-br/docs/reference/kubectl/cheatsheet.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/pt-br/docs/reference/kubectl/cheatsheet.md b/content/pt-br/docs/reference/kubectl/cheatsheet.md index 7bd742cfceb65..3a272c35fb624 100644 --- a/content/pt-br/docs/reference/kubectl/cheatsheet.md +++ b/content/pt-br/docs/reference/kubectl/cheatsheet.md @@ -389,7 +389,7 @@ kubectl taint nodes foo dedicated=special-user:NoSchedule ### Tipos de Recursos -Liste todos os tipos de recursos suportados junto com seus nomes abreviados, [grupo de API](/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning), sejam eles [namespaced](/docs/concepts/overview/ trabalhando com objetos/namespaces) e [Kind](/docs/concepts/overview/working-with-objects/kubernetes-objects): +Liste todos os tipos de recursos suportados junto com seus nomes abreviados, [grupo de API](/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning), sejam eles [namespaced](/docs/concepts/overview/working-with-objects/namespaces) e [Kind](/docs/concepts/overview/working-with-objects/kubernetes-objects): ```bash kubectl api-resources @@ -441,7 +441,7 @@ Mais exemplos no kubectl [documentação de referência](/docs/reference/kubectl ### Verbosidade da Saída do Kubectl e Debugging -A verbosidade do Kubectl é controlado com os sinalizadores `-v` ou` --v` seguidos por um número inteiro representando o nível do log. As convenções gerais de log do Kubernetes e os níveis de log associados são descritos [aqui](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md). +A verbosidade do Kubectl é controlado com as flags `-v` ou` --v` seguidos por um número inteiro representando o nível do log. As convenções gerais de log do Kubernetes e os níveis de log associados são descritos [aqui](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md). Verbosidade | Descrição --------------| ----------- From a7cd38a07c8ca318d8829413095f84cf3a47fefa Mon Sep 17 00:00:00 2001 From: Arhell Date: Wed, 1 Mar 2023 00:44:46 +0200 Subject: [PATCH 244/537] [id] Add externalSetMarkChain to portmap config --- .../extend-kubernetes/compute-storage-net/network-plugins.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/id/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md b/content/id/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md index 5f02e629d3deb..ab3e5567c07df 100644 --- a/content/id/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md +++ b/content/id/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md @@ -70,7 +70,8 @@ Contoh: }, { "type": "portmap", - "capabilities": {"portMappings": true} + "capabilities": {"portMappings": true}, + "externalSetMarkChain": "KUBE-MARK-MASQ" } ] } From 2484c152d399f897026933caaaacc88ba0731ad3 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Tue, 28 Feb 2023 22:49:48 +0000 Subject: [PATCH 245/537] Record canonical URL --- content/en/blog/_posts/2023-03-01-introducing-kwok/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/blog/_posts/2023-03-01-introducing-kwok/index.md b/content/en/blog/_posts/2023-03-01-introducing-kwok/index.md index 5500a7c5d67b4..59c350d7c25a8 100644 --- a/content/en/blog/_posts/2023-03-01-introducing-kwok/index.md +++ b/content/en/blog/_posts/2023-03-01-introducing-kwok/index.md @@ -3,6 +3,7 @@ layout: blog title: "Introducing KWOK: Kubernetes WithOut Kubelet" date: 2023-03-01 slug: introducing-kwok +canonicalUrl: https://kubernetes.dev/blog/2023/03/01/introducing-kwok/ --- **Author:** Shiming Zhang (DaoCloud), Wei Huang (Apple), Yibo Zhuang (Apple) From 1a44be73365f24cc97954badc481265421449a03 Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 1 Mar 2023 00:16:40 +0100 Subject: [PATCH 246/537] add french translation for task 'Define Environment Variables for a Container' --- .../define-environment-variable-container.md | 112 ++++++++++++++++++ content/fr/examples/pods/inject/envars.yaml | 15 +++ 2 files changed, 127 insertions(+) create mode 100644 content/fr/docs/tasks/inject-data-application/define-environment-variable-container.md create mode 100644 content/fr/examples/pods/inject/envars.yaml diff --git a/content/fr/docs/tasks/inject-data-application/define-environment-variable-container.md b/content/fr/docs/tasks/inject-data-application/define-environment-variable-container.md new file mode 100644 index 0000000000000..c55aa45ac51ed --- /dev/null +++ b/content/fr/docs/tasks/inject-data-application/define-environment-variable-container.md @@ -0,0 +1,112 @@ +--- +title: Définir des variables d'environnement pour un Container +content_type: task +weight: 20 +--- + + + +Cette page montre comment définir des variables d'environnement pour un +container au sein d'un Pod Kubernetes. + +## {{% heading "prerequisites" %}} + +{{< include "task-tutorial-prereqs.md" >}} + + + +## Définir une variable d'environnement pour un container + +Lorsque vous créez un Pod, vous pouvez définir des variables d'environnement +pour les containers qui seront exécutés au sein du Pod. +Pour les définir, utilisez le champ `env` ou `envFrom` +dans le fichier de configuration. + +Dans cet exercice, vous allez créer un Pod qui exécute un container. Le fichier de configuration pour ce Pod contient une variable d'environnement s'appelant `DEMO_GREETING` et sa valeur est `"Hello from the environment"`. Voici le fichier de configuration du Pod: + +{{< codenew file="pods/inject/envars.yaml" >}} + +1. Créez un Pod à partir de ce fichier: + + ```shell + kubectl apply -f https://k8s.io/examples/pods/inject/envars.yaml + ``` + +1. Listez les Pods: + + ```shell + kubectl get pods -l purpose=demonstrate-envars + ``` + + Le résultat sera similaire à celui-ci: + + ``` + NAME READY STATUS RESTARTS AGE + envar-demo 1/1 Running 0 9s + ``` + +1. Listez les variables d'environnement au sein du container: + + ```shell + kubectl exec envar-demo -- printenv + ``` + + Le résultat sera similaire à celui-ci: + + ``` + NODE_VERSION=4.4.2 + EXAMPLE_SERVICE_PORT_8080_TCP_ADDR=10.3.245.237 + HOSTNAME=envar-demo + ... + DEMO_GREETING=Hello from the environment + DEMO_FAREWELL=Such a sweet sorrow + ``` + +{{< note >}} +Les variables d'environnement définies dans les champs `env` ou `envFrom` +écraseront les variables définies dans l'image utilisée par le container. +{{< /note >}} + +{{< note >}} +Une variable d'environnement peut faire référence à une autre variable, +cependant l'ordre de déclaration est important. Une variable faisant référence +à une autre doit être déclarée après la variable référencée. +De plus, il est recommandé d'éviter les références circulaires. +{{< /note >}} + +## Utilisez des variables d'environnement dans la configuration + +Les variables d'environnement que vous définissez dans la configuration d'un Pod peuvent être utilisées à d'autres endroits de la configuration, comme par exemple dans les commandes et arguments pour les containers. +Dans l'exemple ci-dessous, les variables d'environnement `GREETING`, `HONORIFIC`, et +`NAME` ont des valeurs respectives de `Warm greetings to`, `The Most +Honorable`, et `Kubernetes`. Ces variables sont ensuites utilisées comme arguments +pour le container `env-print-demo`. + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: print-greeting +spec: + containers: + - name: env-print-demo + image: bash + env: + - name: GREETING + value: "Warm greetings to" + - name: HONORIFIC + value: "The Most Honorable" + - name: NAME + value: "Kubernetes" + command: ["echo"] + args: ["$(GREETING) $(HONORIFIC) $(NAME)"] +``` + +Une fois le Pod créé, la commande `echo Warm greetings to The Most Honorable Kubernetes` sera exécutée dans le container. + +## {{% heading "whatsnext" %}} + +* En savoir plus sur les [variables d'environnement](/docs/tasks/inject-data-application/environment-variable-expose-pod-information/). +* Apprendre à [utiliser des secrets comme variables d'environnement](/docs/concepts/configuration/secret/#using-secrets-as-environment-variables). +* Voir la documentation de référence pour [EnvVarSource](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#envvarsource-v1-core). + diff --git a/content/fr/examples/pods/inject/envars.yaml b/content/fr/examples/pods/inject/envars.yaml new file mode 100644 index 0000000000000..ebf5214376f19 --- /dev/null +++ b/content/fr/examples/pods/inject/envars.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: envar-demo + labels: + purpose: demonstrate-envars +spec: + containers: + - name: envar-demo-container + image: gcr.io/google-samples/node-hello:1.0 + env: + - name: DEMO_GREETING + value: "Hello from the environment" + - name: DEMO_FAREWELL + value: "Such a sweet sorrow" From 43d3ffa532ab6cdfbd29b345a7510cfa83d0bda2 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Mon, 27 Feb 2023 22:07:35 +0800 Subject: [PATCH 247/537] [zh] resync page admission-controllers. --- .../reference/access-authn-authz/_index.md | 22 +++++----- .../admission-controllers.md | 44 +++++++------------ .../kubelet-tls-bootstrapping.md | 14 +++--- .../zh-cn/docs/reference/glossary/service.md | 22 ++++++++-- .../docs/reference/kubectl/cheatsheet.md | 5 ++- .../kubectl/docker-cli-to-kubectl.md | 2 + .../zh-cn/docs/reference/using-api/_index.md | 6 +-- 7 files changed, 61 insertions(+), 54 deletions(-) diff --git a/content/zh-cn/docs/reference/access-authn-authz/_index.md b/content/zh-cn/docs/reference/access-authn-authz/_index.md index 4a47d52636f6e..c921d8f2e01a5 100644 --- a/content/zh-cn/docs/reference/access-authn-authz/_index.md +++ b/content/zh-cn/docs/reference/access-authn-authz/_index.md @@ -1,12 +1,12 @@ --- title: API 访问控制 -weight: 15 +weight: 30 no_list: true --- @@ -40,21 +40,21 @@ Reference documentation: - [Kubelet Authentication & Authorization](/docs/reference/access-authn-authz/kubelet-authn-authz/) - including kubelet [TLS bootstrapping](/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/) --> + - [身份认证](/zh-cn/docs/reference/access-authn-authz/authentication/) - - [使用启动引导令牌来执行身份认证](/zh-cn/docs/reference/access-authn-authz/bootstrap-tokens/) + - [使用启动引导令牌来执行身份认证](/zh-cn/docs/reference/access-authn-authz/bootstrap-tokens/) - [准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers/) - - [动态准入控制](/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/) + - [动态准入控制](/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/) - [鉴权与授权](/zh-cn/docs/reference/access-authn-authz/authorization/) - - [基于角色的访问控制](/zh-cn/docs/reference/access-authn-authz/rbac/) - - [基于属性的访问控制](/zh-cn/docs/reference/access-authn-authz/abac/) - - [节点鉴权](/zh-cn/docs/reference/access-authn-authz/node/) - - [Webhook 鉴权](/zh-cn/docs/reference/access-authn-authz/webhook/) + - [基于角色的访问控制](/zh-cn/docs/reference/access-authn-authz/rbac/) + - [基于属性的访问控制](/zh-cn/docs/reference/access-authn-authz/abac/) + - [节点鉴权](/zh-cn/docs/reference/access-authn-authz/node/) + - [Webhook 鉴权](/zh-cn/docs/reference/access-authn-authz/webhook/) - [证书签名请求](/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests/) - - 包含 [CSR 的批复](/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests/#approval-rejection) - 和[证书签名](/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests/#signing) + - 包含 [CSR 的批复](/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests/#approval-rejection) + 和[证书签名](/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests/#signing) - 服务账号 - [开发者指南](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/) - [管理文档](/zh-cn/docs/reference/access-authn-authz/service-accounts-admin/) - [Kubelet 认证和鉴权](/zh-cn/docs/reference/access-authn-authz/kubelet-authn-authz/) - 包括 kubelet [TLS 启动引导](/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/) - diff --git a/content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md b/content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md index d675123f640e1..a6ba77a41e604 100644 --- a/content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md +++ b/content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md @@ -1041,9 +1041,9 @@ This file may be json or yaml and has the following format: ```yaml podNodeSelectorPluginConfig: - clusterDefaultNodeSelector: name-of-node-selector - namespace1: name-of-node-selector - namespace2: name-of-node-selector + clusterDefaultNodeSelector: name-of-node-selector + namespace1: name-of-node-selector + namespace2: name-of-node-selector ``` -这是下节所讨论的已被废弃的 [PodSecurityPolicy](#podsecuritypolicy) 准入控制器的替代品。 -此准入控制器负责在创建和修改 Pod 时,根据请求的安全上下文和 -[Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards/)来确定是否可以执行请求。 - -更多信息请参阅 [Pod 安全性准入控制器](/zh-cn/docs/concepts/security/pod-security-admission/)。 - -### PodSecurityPolicy {#podsecuritypolicy} - -{{< feature-state for_k8s_version="v1.21" state="deprecated" >}} +PodSecurity 准入控制器在新 Pod 被准入之前对其进行检查, +根据请求的安全上下文和 Pod 所在命名空间允许的 +[Pod 安全性标准](/zh/docs/concepts/security/pod-security-standards/)的限制来确定新 Pod +是否应该被准入。 -此准入控制器负责在创建和修改 Pod 时根据请求的安全上下文和可用的 Pod -安全策略确定是否可以执行请求。 +更多信息请参阅 [Pod 安全性准入](/zh-cn/docs/concepts/security/pod-security-admission/)。 -查看 [Pod 安全策略文档](/zh-cn/docs/concepts/security/pod-security-policy/)进一步了解其间细节。 +PodSecurity 取代了一个名为 PodSecurityPolicy 的旧准入控制器。 ### PodTolerationRestriction {#podtolerationrestriction} @@ -1364,7 +1354,7 @@ conditions. ### ValidatingAdmissionPolicy {#validatingadmissionpolicy} diff --git a/content/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md b/content/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md index 3a273471cb393..1a4d59b9ddb99 100644 --- a/content/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md +++ b/content/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping.md @@ -140,8 +140,8 @@ In the bootstrap initialization process, the following occurs: 6. kubelet 现在拥有受限制的凭据来创建和取回证书签名请求(CSR) 7. kubelet 为自己创建一个 CSR,并将其 signerName 设置为 `kubernetes.io/kube-apiserver-client-kubelet` 8. CSR 被以如下两种方式之一批复: - * 如果配置了,kube-controller-manager 会自动批复该 CSR - * 如果配置了,一个外部进程,或者是人,使用 Kubernetes API 或者使用 `kubectl` + * 如果配置了,kube-controller-manager 会自动批复该 CSR + * 如果配置了,一个外部进程,或者是人,使用 Kubernetes API 或者使用 `kubectl` 来批复该 CSR 9. kubelet 所需要的证书被创建 启动引导令牌是一种对 kubelet 进行身份认证的方法,相对简单且容易管理, 且不需要在启动 kube-apiserver 时设置额外的标志。 @@ -589,7 +589,7 @@ roleRef: @@ -869,12 +869,12 @@ You have several options for generating these credentials: ## kubectl 批复 {#kubectl-approval} -CSRs 可以在控制器管理其内置的批复工作流之外被批复。 +CSR 可以在编译进控制器内部的批复工作流之外被批复。 - -将运行在一组 {{< glossary_tooltip text="Pods" term_id="pod" >}} 上的应用程序公开为网络服务的抽象方法。 +将运行在一个或一组 {{< glossary_tooltip text="Pod" term_id="pod" >}} 上的网络应用程序公开为网络服务的方法。 服务所针对的 Pod 集(通常)由{{< glossary_tooltip text="选择算符" term_id="selector" >}}确定。 如果有 Pod 被添加或被删除,则与选择算符匹配的 Pod 集合将发生变化。 服务确保可以将网络流量定向到该工作负载的当前 Pod 集合。 + + + +Kubernetes Service 要么使用 IP 网络(IPv4、IPv6 或两者),要么引用位于域名系统 (DNS) 中的外部名称。 + +Service 的抽象可以实现其他机制,如 Ingress 和 Gateway。 diff --git a/content/zh-cn/docs/reference/kubectl/cheatsheet.md b/content/zh-cn/docs/reference/kubectl/cheatsheet.md index 004d281903634..2e7f0951f7c33 100644 --- a/content/zh-cn/docs/reference/kubectl/cheatsheet.md +++ b/content/zh-cn/docs/reference/kubectl/cheatsheet.md @@ -72,12 +72,12 @@ echo '[[ $commands[kubectl] ]] && source <(kubectl completion zsh)' >> ~/.zshrc ``` ### 关于 `--all-namespaces` 的一点说明 {#a-note-on-all-namespaces} 我们经常用到 `--all-namespaces` 参数,你应该要知道它的简写: @@ -178,6 +178,7 @@ alias kn='f() { [ "$1" ] && kubectl config set-context --current --namespace $1 ## Kubectl apply diff --git a/content/zh-cn/docs/reference/kubectl/docker-cli-to-kubectl.md b/content/zh-cn/docs/reference/kubectl/docker-cli-to-kubectl.md index c03f9a7228f1c..6011091d4b989 100644 --- a/content/zh-cn/docs/reference/kubectl/docker-cli-to-kubectl.md +++ b/content/zh-cn/docs/reference/kubectl/docker-cli-to-kubectl.md @@ -1,6 +1,7 @@ --- title: 适用于 Docker 用户的 kubectl content_type: concept +weight: 50 --- diff --git a/content/zh-cn/docs/reference/using-api/_index.md b/content/zh-cn/docs/reference/using-api/_index.md index f8e30916ad22f..099beb9a225a2 100644 --- a/content/zh-cn/docs/reference/using-api/_index.md +++ b/content/zh-cn/docs/reference/using-api/_index.md @@ -1,7 +1,7 @@ --- title: API 概述 content_type: concept -weight: 10 +weight: 20 no_list: true card: name: reference @@ -16,7 +16,7 @@ reviewers: - lavalamp - jbeda content_type: concept -weight: 10 +weight: 20 no_list: true card: name: reference @@ -218,7 +218,7 @@ part is omitted, it is treated as if `=true` is specified. For example: - to disable `batch/v1`, set `--runtime-config=batch/v1=false` - to enable `batch/v2alpha1`, set `--runtime-config=batch/v2alpha1` - - to enable a specific version of an API, such as `storage.k8s.io/v1beta1/csistoragecapacities`, set `--runtime-config=storage.k8s.io/v1beta1/csistoragecapacities` + - to enable a specific version of an API, such as `storage.k8s.io/v1beta1/csistoragecapacities`, set `--runtime-config=storage.k8s.io/v1beta1/csistoragecapacities` --> ## 启用或禁用 API 组 {#enabling-or-disabling} From 6eb1bde3ad8a662e0e82eca8c77c6f2789c52a84 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Sun, 26 Feb 2023 20:26:11 +0800 Subject: [PATCH 248/537] [zh] resync configure-pod-configmap --- .../configure-pod-configmap.md | 680 +++++++++++------- 1 file changed, 436 insertions(+), 244 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap.md index ce863b1e9a5cd..ccec13bd1bf47 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -1,7 +1,7 @@ --- title: 配置 Pod 使用 ConfigMap content_type: task -weight: 150 +weight: 190 card: name: tasks weight: 50 @@ -9,7 +9,7 @@ card: -很多应用在其初始化或运行期间要依赖一些配置信息。大多数时候, -存在要调整配置参数所设置的数值的需求。 -ConfigMap 是 Kubernetes 用来向应用 Pod 中注入配置数据的方法。 +很多应用在其初始化或运行期间要依赖一些配置信息。 +大多数时候,存在要调整配置参数所设置的数值的需求。 +ConfigMap 是 Kubernetes 的一种机制,可让你将配置数据注入到应用的 +{{< glossary_tooltip text="Pod" term_id="pod" >}} 内部。 -ConfigMap 允许你将配置文件与镜像文件分离,以使容器化的应用程序具有可移植性。 + +ConfigMap 概念允许你将配置清单与镜像内容分离,以保持容器化的应用程序的可移植性。 +例如,你可以下载并运行相同的{{< glossary_tooltip text="容器镜像" term_id="image" >}}来启动容器, +用于本地开发、系统测试或运行实时终端用户工作负载。 + + 本页提供了一系列使用示例,这些示例演示了如何创建 ConfigMap 以及配置 Pod 使用存储在 ConfigMap 中的数据。 ## {{% heading "prerequisites" %}} -{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} +{{< include "task-tutorial-prereqs.md" >}} + + +你需要安装 `wget` 工具。如果你有不同的工具,例如 `curl`,而没有 `wget`, +则需要调整下载示例数据的步骤。 + ## 创建 ConfigMap {#create-a-configmap} 你可以使用 `kubectl create configmap` 或者在 `kustomization.yaml` 中的 ConfigMap -生成器来创建 ConfigMap。注意,`kubectl` 从 1.14 版本开始支持 `kustomization.yaml`。 +生成器来创建 ConfigMap。 -### 使用 kubectl create configmap 创建 ConfigMap {#create-a-configmap-using-kubectl-create-configmap} +### 使用 `kubectl create configmap` 创建 ConfigMap {#create-a-configmap-using-kubectl-create-configmap} 你可以使用 `kubectl create configmap` 命令基于[目录](#create-configmaps-from-directories)、 [文件](#create-configmaps-from-files)或者[字面值](#create-configmaps-from-literal-values)来创建 @@ -66,7 +91,8 @@ kubectl create configmap <映射名称> <数据源> ``` @@ -75,7 +101,8 @@ The name of a ConfigMap object must be a valid [DNS 子域名](/zh-cn/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). 在你基于文件来创建 ConfigMap 时,`<数据源>` 中的键名默认取自文件的基本名, 而对应的值则默认为文件的内容。 @@ -89,47 +116,65 @@ about a ConfigMap. [`kubectl get`](/docs/reference/generated/kubectl/kubectl-commands/#get) 获取有关 ConfigMap 的信息。 -#### 基于目录创建 ConfigMap {#create-configmaps-from-directories} +#### 基于一个目录来创建 ConfigMap {#create-configmaps-from-directories} 你可以使用 `kubectl create configmap` 基于同一目录中的多个文件创建 ConfigMap。 -当你基于目录来创建 ConfigMap 时,kubectl 识别目录下基本名可以作为合法键名的文件, +当你基于目录来创建 ConfigMap 时,kubectl 识别目录下文件名可以作为合法键名的文件, 并将这些文件打包到新的 ConfigMap 中。普通文件之外的所有目录项都会被忽略 (例如:子目录、符号链接、设备、管道等等)。 -例如: +{{< note >}} + +用于创建 ConfigMap 的每个文件名必须由可接受的字符组成,即:字母(`A` 到 `Z` 和 +`a` 到 `z`)、数字(`0` 到 `9`)、'-'、'_'或'.'。 +如果在一个目录中使用 `kubectl create configmap`,而其中任一文件名包含不可接受的字符, +则 `kubectl` 命令可能会失败。 +`kubectl` 命令在遇到不合法的文件名时不会打印错误。 -# Download the sample files into `configure-pod-container/configmap/` directory -wget https://kubernetes.io/examples/configmap/game.properties -O configure-pod-container/configmap/game.properties -wget https://kubernetes.io/examples/configmap/ui.properties -O configure-pod-container/configmap/ui.properties +{{< /note >}} -# Create the configmap -kubectl create configmap game-config --from-file=configure-pod-container/configmap/ -``` + +创建本地目录: + ```shell -# 创建本地目录 mkdir -p configure-pod-container/configmap/ +``` + +现在,下载示例的配置并创建 ConfigMap: + +```shell # 将示例文件下载到 `configure-pod-container/configmap/` 目录 wget https://kubernetes.io/examples/configmap/game.properties -O configure-pod-container/configmap/game.properties wget https://kubernetes.io/examples/configmap/ui.properties -O configure-pod-container/configmap/ui.properties -# 创建 configmap +# 创建 ConfigMap kubectl create configmap game-config --from-file=configure-pod-container/configmap/ ``` 以上命令将 `configure-pod-container/configmap` 目录下的所有文件,也就是 `game.properties` 和 `ui.properties` 打包到 game-config ConfigMap @@ -170,7 +215,8 @@ how.nice.to.look=fairlyNice ``` `configure-pod-container/configmap/` 目录中的 `game.properties` 和 `ui.properties` 文件出现在 ConfigMap 的 `data` 部分。 @@ -188,7 +234,7 @@ The output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2016-02-18T18:52:05Z + creationTimestamp: 2022-02-18T18:52:05Z name: game-config namespace: default resourceVersion: "516" @@ -212,7 +258,8 @@ data: @@ -260,7 +307,8 @@ secret.code.lives=30 ``` 你可以多次使用 `--from-file` 参数,从多个数据源创建 ConfigMap。 @@ -308,33 +356,23 @@ how.nice.to.look=fairlyNice ``` -当 `kubectl` 基于非 ASCII 或 UTF-8 的输入创建 ConfigMap 时, -该工具将这些输入放入 ConfigMap 的 `binaryData` 字段,而不是 `data` 中。 -同一个 ConfigMap 中可同时包含文本数据和二进制数据源。 -如果你想查看 ConfigMap 中的 `binaryData` 键(及其值), -你可以运行 `kubectl get configmap -o jsonpath='{.binaryData}' `。 +使用 `--from-env-file` 选项基于 env 文件创建 ConfigMap,例如: -使用 `--from-env-file` 选项从环境文件创建 ConfigMap,例如: - - -Env 文件包含环境变量列表。其中适用以下语法规则: - -- Env 文件中的每一行必须为 VAR=VAL 格式。 -- 以#开头的行(即注释)将被忽略。 -- 空行将被忽略。 -- 引号不会被特殊处理(即它们将成为 ConfigMap 值的一部分)。 - -将示例文件下载到 `configure-pod-container/configmap/` 目录: - -```shell -wget https://kubernetes.io/examples/configmap/game-env-file.properties -O configure-pod-container/configmap/game-env-file.properties -wget https://kubernetes.io/examples/configmap/ui-env-file.properties -O configure-pod-container/configmap/ui-env-file.properties -``` - -Env 文件 `game-env-file.properties` 如下所示: - -```shell -cat configure-pod-container/configmap/game-env-file.properties -``` - -``` -enemies=aliens -lives=3 -allowed="true" -``` ```shell kubectl create configmap game-config-env-file \ @@ -375,16 +387,16 @@ kubectl create configmap game-config-env-file \ ``` -将产生以下 ConfigMap: +将产生以下 ConfigMap。查看 ConfigMap: ```shell kubectl get configmap game-config-env-file -o yaml ``` 输出类似以下内容: @@ -392,7 +404,7 @@ where the output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2017-12-27T18:36:28Z + creationTimestamp: 2019-12-27T18:36:28Z name: game-config-env-file namespace: default resourceVersion: "809965" @@ -434,7 +446,7 @@ where the output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2017-12-27T18:38:34Z + creationTimestamp: 2019-12-27T18:38:34Z name: config-multi-env-files namespace: default resourceVersion: "810136" @@ -451,7 +463,8 @@ data: #### 定义从文件创建 ConfigMap 时要使用的键 {#define-the-key-to-use-when-generating-a-configmap-from-a-file} @@ -468,7 +481,8 @@ kubectl create configmap game-config-3 --from-file=<我的键名>=<文件路径> ``` `<我的键名>` 是你要在 ConfigMap 中使用的键名,`<文件路径>` 是你想要键所表示的数据源文件的位置。 @@ -499,7 +513,7 @@ where the output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2016-02-18T18:54:22Z + creationTimestamp: 2022-02-18T18:54:22Z name: game-config-3 namespace: default resourceVersion: "530" @@ -518,7 +532,8 @@ data: #### 根据字面值创建 ConfigMap {#create-configmaps-from-literal-values} @@ -530,7 +545,8 @@ kubectl create configmap special-config --from-literal=special.how=very --from-l ``` 你可以传入多个键值对。命令行中提供的每对键值在 ConfigMap 的 `data` 部分中均表示为单独的条目。 @@ -547,7 +563,7 @@ The output is similar to this: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: 2016-02-18T19:14:38Z + creationTimestamp: 2022-02-18T19:14:38Z name: special-config namespace: default resourceVersion: "651" @@ -560,15 +576,13 @@ data: ### 基于生成器创建 ConfigMap {#create-a-configmap-from-generator} -自 1.14 开始,`kubectl` 开始支持 `kustomization.yaml`。 -你还可以基于生成器(Generators)创建 ConfigMap,然后将其应用于 API 服务器上创建对象。 +你还可以基于生成器(Generators)创建 ConfigMap,然后将其应用于集群的 API 服务器上创建对象。 生成器应在目录内的 `kustomization.yaml` 中指定。 ```shell # 创建包含 ConfigMapGenerator 的 kustomization.yaml 文件 cat <./kustomization.yaml configMapGenerator: - name: game-config-4 + labels: + game-config: config-4 files: - configure-pod-container/configmap/game.properties EOF ``` 应用(Apply)kustomization 目录创建 ConfigMap 对象: @@ -618,21 +623,26 @@ configmap/game-config-4-m9dm2f92bt created -你可以检查 ConfigMap 被创建如下: +你可以像这样检查 ConfigMap 已经被创建: ```shell kubectl get configmap ``` - ``` NAME DATA AGE game-config-4-m9dm2f92bt 1 37s +``` + +也可以这样: +```shell kubectl describe configmaps/game-config-4-m9dm2f92bt +``` +``` Name: game-config-4-m9dm2f92bt Namespace: default -Labels: +Labels: game-config=config-4 Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","data":{"game.properties":"enemies=aliens\nlives=3\nenemies.cheat=true\nenemies.cheat.level=noGoodRotten\nsecret.code.p... @@ -651,8 +661,8 @@ Events: ``` 请注意,生成的 ConfigMap 名称具有通过对内容进行散列而附加的后缀, 这样可以确保每次修改内容时都会生成新的 ConfigMap。 @@ -670,22 +680,13 @@ with the key `game-special-key` 例如,从 `configure-pod-container/configmap/game.properties` 文件生成 ConfigMap, 但使用 `game-special-key` 作为键名: - ```shell # 创建包含 ConfigMapGenerator 的 kustomization.yaml 文件 cat <./kustomization.yaml configMapGenerator: - name: game-config-5 + labels: + game-config: config-5 files: - game-special-key=configure-pod-container/configmap/game.properties EOF @@ -699,37 +700,28 @@ Apply the kustomization directory to create the ConfigMap object. ```shell kubectl apply -k . ``` - ``` configmap/game-config-5-m67dt67794 created ``` #### 基于字面值生成 ConfigMap {#generate-configmaps-from-literals} -要基于字符串 `special.type=charm` 和 `special.how=very` 生成 ConfigMap, -可以在 `kustomization.yaml` 中配置 ConfigMap 生成器: +此示例向你展示如何使用 Kustomize 和 kubectl,基于两个字面键/值对 +`special.type=charm` 和 `special.how=very` 创建一个 `ConfigMap`。 +为了实现这一点,你可以配置 `ConfigMap` 生成器。 +创建(或替换)`kustomization.yaml`,使其具有以下内容。 - -```shell -# 创建带有 ConfigMapGenerator 的 kustomization.yaml 文件 -cat <./kustomization.yaml +```yaml +--- +# 基于字面创建 ConfigMap 的 kustomization.yaml 内容 configMapGenerator: - name: special-config-2 literals: @@ -739,18 +731,40 @@ EOF ``` 应用 Kustomization 目录创建 ConfigMap 对象。 ```shell kubectl apply -k . ``` - ``` configmap/special-config-2-c92b5mmcf2 created ``` + +## 临时清理 {#interim-cleanup} + +在继续之前,清理你创建的一些 ConfigMap: + +```bash +kubectl delete configmap special-config +kubectl delete configmap env-config +kubectl delete configmap -l 'game-config in (config-4,config-5)’ +``` + + +现在你已经学会了定义 ConfigMap,你可以继续下一节,学习如何将这些对象与 Pod 一起使用。 + +--- + -* 与前面的示例一样,首先创建 ConfigMap。 +与前面的示例一样,首先创建 ConfigMap。 +这是你将使用的清单: - {{< codenew file="configmap/configmaps.yaml" >}} +{{< codenew file="configmap/configmaps.yaml" >}} - - 创建 ConfigMap: + +* 创建 ConfigMap: ```shell kubectl create -f https://kubernetes.io/examples/configmap/configmaps.yaml @@ -832,6 +848,15 @@ configmap/special-config-2-c92b5mmcf2 created --> 现在,Pod 的输出包含环境变量 `SPECIAL_LEVEL_KEY=very` 和 `LOG_LEVEL=INFO`。 + + 一旦你乐意继续前进,删除该 Pod: + + ```shell + kubectl delete pod dapi-test-pod --now + ``` + @@ -854,7 +879,8 @@ configmap/special-config-2-c92b5mmcf2 created ``` * 使用 `envFrom` 将所有 ConfigMap 的数据定义为容器环境变量,ConfigMap 中的键成为 Pod 中的环境变量名称。 @@ -871,50 +897,72 @@ configmap/special-config-2-c92b5mmcf2 created ``` 现在,Pod 的输出包含环境变量 `SPECIAL_LEVEL=very` 和 `SPECIAL_TYPE=charm`。 + 一旦你乐意继续前进,删除该 Pod: + + ```shell + kubectl delete pod dapi-test-pod --now + ``` + ## 在 Pod 命令中使用 ConfigMap 定义的环境变量 {#use-configmap-defined-environment-variables-in-pod-commands} 你可以使用 `$(VAR_NAME)` Kubernetes 替换语法在容器的 `command` 和 `args` 属性中使用 ConfigMap 定义的环境变量。 -例如,以下 Pod 规约 +例如,以下 Pod 清单: {{< codenew file="pods/pod-configmap-env-var-valueFrom.yaml" >}} -通过运行下面命令创建 Pod: +通过运行下面命令创建该 Pod: ```shell kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-env-var-valueFrom.yaml ``` -在 `test-container` 容器中产生以下输出: +此 Pod 在 `test-container` 容器中产生以下输出: ``` very charm ``` + +一旦你乐意继续前进,删除该 Pod: + +```shell +kubectl delete pod dapi-test-pod --now +``` + ## 将 ConfigMap 数据添加到一个卷中 {#add-configmap-data-to-a-volume} @@ -923,9 +971,9 @@ As explained in [Create ConfigMaps from files](#create-configmaps-from-files), w 文件内容成为键对应的值。 -本节中的示例引用了一个名为 'special-config' 的 ConfigMap,如下所示: +本节中的示例引用了一个名为 `special-config` 的 ConfigMap: {{< codenew file="configmap/configmap-multikeys.yaml" >}} @@ -942,8 +990,9 @@ kubectl create -f https://kubernetes.io/examples/configmap/configmap-multikeys.y ### Populate a Volume with data stored in a ConfigMap Add the ConfigMap name under the `volumes` section of the Pod specification. -This adds the ConfigMap data to the directory specified as `volumeMounts.mountPath` (in this case, `/etc/config`). -The `command` section lists directory files with names that match the keys in ConfigMap. +This adds the ConfigMap data to the directory specified as `volumeMounts.mountPath` (in this +case, `/etc/config`). The `command` section lists directory files with names that match the +keys in ConfigMap. --> ### 使用存储在 ConfigMap 中的数据填充卷 {#populate-a-volume-with-data-stored-in-a-configmap} @@ -973,21 +1022,32 @@ SPECIAL_LEVEL SPECIAL_TYPE ``` -{{< caution >}} -如果在 `/etc/config/` 目录中有一些文件,这些文件将被删除。 -{{< /caution >}} +文本数据会展现为 UTF-8 字符编码的文件。如果使用其他字符编码, +可以使用 `binaryData`(详情参阅 [ConfigMap 对象](/zh-cn/docs/concepts/configuration/configmap/#configmap-object))。 {{< note >}} + -文本数据会展现为 UTF-8 字符编码的文件。如果使用其他字符编码, -可以使用 `binaryData`。 +如果该容器镜像的 `/etc/config` +目录中有一些文件,卷挂载将使该镜像中的这些文件无法访问。 {{< /note >}} + +一旦你乐意继续前进,删除该 Pod: + +```shell +kubectl delete pod dapi-test-pod --now +``` + -创建Pod: +创建 Pod: ```shell kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-volume-specific-key.yaml @@ -1027,26 +1087,89 @@ Like before, all previous files in the `/etc/config/` directory will be deleted. 如前,`/etc/config/` 目录中所有先前的文件都将被删除。 {{< /caution >}} + +删除该 Pod: + +```shell +kubectl delete pod dapi-test-pod --now +``` + + ### 映射键到指定路径并设置文件访问权限 {#project-keys-to-specific-paths-and-file-permissions} 你可以将指定键名投射到特定目录,也可以逐个文件地设定访问权限。 -[Secret 用户指南](/zh-cn/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) -中为这一语法提供了解释。 +[Secret](/zh-cn/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) +指南中为这一语法提供了解释。 + + +### 可选引用 {#optional-references} + +ConfigMap 引用可以被标记为**可选**。 +如果 ConfigMap 不存在,则挂载的卷将为空。 +如果 ConfigMap 存在,但引用的键不存在,则挂载点下的路径将不存在。 +有关更多信息,请参阅[可选 ConfigMap](#optional-configmaps) 细节。 + + +### 挂载的 ConfigMap 会被自动更新 {#mounted-configMaps-are-updated-automatically} +当已挂载的 ConfigMap 被更新时,所投射的内容最终也会被更新。 +这适用于 Pod 启动后可选引用的 ConfigMap 重新出现的情况。 + +Kubelet 在每次定期同步时都会检查所挂载的 ConfigMap 是否是最新的。 +然而,它使用其基于 TTL 机制的本地缓存来获取 ConfigMap 的当前值。 +因此,从 ConfigMap 更新到新键映射到 Pod 的总延迟可能与 kubelet +同步周期(默认为1分钟)+ kubelet 中 ConfigMap 缓存的 TTL(默认为1分钟)一样长。 +你可以通过更新 Pod 的一个注解来触发立即刷新。 + +{{< note >}} + +使用 ConfigMap 作为 [subPath](/zh-cn/docs/concepts/storage/volumes/#using-subpath) +卷的容器将不会收到 ConfigMap 更新。 +{{< /note >}} ## 了解 ConfigMap 和 Pod {#understanding-configmaps-and-pods} @@ -1058,7 +1181,10 @@ ConfigMap 与 [Secret](/zh-cn/docs/concepts/configuration/secret/) 类似, {{< note >}} ConfigMap 应该引用属性文件,而不是替换它们。可以将 ConfigMap 理解为类似于 Linux `/etc` 目录及其内容的东西。例如,如果你基于 ConfigMap 创建 @@ -1067,12 +1193,13 @@ ConfigMap 应该引用属性文件,而不是替换它们。可以将 ConfigMap {{< /note >}} ConfigMap 的 `data` 字段包含配置数据。如下例所示,它可以简单 (如用 `--from-literal` 的单个属性定义)或复杂 -(如用 `--from-file` 的配置文件或 JSON blob定义)。 - +(如用 `--from-file` 的配置文件或 JSON blob 定义)。 ```yaml apiVersion: v1 @@ -1093,66 +1220,44 @@ data: ``` -### 限制 {#restrictions} - -- 在 Pod 规约中引用某个 `ConfigMap` 之前,必须先创建这个对象, -或者在 Pod 规约中将 ConfigMap 标记为 `optional`(请参阅[可选的 ConfigMaps](#optional-configmaps))。 -如果所引用的 ConfigMap 不存在,并且没有将应用标记为 `optional` 则 Pod 将无法启动。 -同样,引用 ConfigMap 中不存在的主键也会令 Pod 无法启动,除非你将 Configmap 标记为 `optional`。 +当 `kubectl` 从非 ASCII 或 UTF-8 编码的输入创建 ConfigMap 时, +该工具将这些输入放入 ConfigMap 的 `binaryData` 字段,而不是 `data` 字段。 +文本和二进制数据源都可以组合在一个 ConfigMap 中。 -- 如果你使用 `envFrom` 来基于 ConfigMap 定义环境变量,那么无效的键将被忽略。 - Pod 可以被启动,但无效名称将被记录在事件日志中(`InvalidVariableNames`)。 - 日志消息列出了每个被跳过的键。例如: - - ```shell - kubectl get events - ``` - - - 输出与此类似: - - ``` - LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE - 0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames {kubelet, 127.0.0.1} Keys [1badkey, 2alsobad] from the EnvFrom configMap default/myconfig were skipped since they are considered invalid environment variable names. - ``` - - -- ConfigMap 位于确定的{{< glossary_tooltip term_id="namespace" text="名字空间" >}}中。 - 每个 ConfigMap 只能被同一名字空间中的 Pod 引用. +如果你想查看 ConfigMap 中的 `binaryData` 键(及其值), +可以运行 `kubectl get configmap -o jsonpath='{.binaryData}' `。 -- 你不能将 ConfigMap 用于{{< glossary_tooltip text="静态 Pod" term_id="static-pod" >}}, - 因为 Kubernetes 不支持这种用法。 +Pod 可以从使用 `data` 或 `binaryData` 的 ConfigMap 中加载数据。 ### 可选的 ConfigMap {#optional-configmaps} 你可以在 Pod 规约中将对 ConfigMap 的引用标记为 **可选(optional)**。 -如果 ConfigMap 不存在,那么它在 Pod 中为其提供数据的配置(例如环境变量、挂载的卷)将为空。 +如果 ConfigMap 不存在,那么它在 Pod 中为其提供数据的配置(例如:环境变量、挂载的卷)将为空。 如果 ConfigMap 存在,但引用的键不存在,那么数据也是空的。 例如,以下 Pod 规约将 ConfigMap 中的环境变量标记为可选: @@ -1165,7 +1270,7 @@ spec: containers: - name: test-container image: gcr.io/google_containers/busybox - command: [ "/bin/sh", "-c", "env" ] + command: ["/bin/sh", "-c", "env"] env: - name: SPECIAL_LEVEL_KEY valueFrom: @@ -1175,6 +1280,7 @@ spec: optional: true # 将环境变量标记为可选 restartPolicy: Never ``` + 你也可以在 Pod 规约中将 ConfigMap 提供的卷和文件标记为可选。 此时 Kubernetes 将总是为卷创建挂载路径,即使引用的 ConfigMap 或键不存在。 例如,以下 Pod 规约将所引用得 ConfigMap 的卷标记为可选: - ```yaml apiVersion: v1 kind: Pod @@ -1205,7 +1311,7 @@ spec: containers: - name: test-container image: gcr.io/google_containers/busybox - command: [ "/bin/sh", "-c", "ls /etc/config" ] + command: ["/bin/sh", "-c", "ls /etc/config"] volumeMounts: - name: config-volume mountPath: /etc/config @@ -1217,20 +1323,25 @@ spec: restartPolicy: Never ``` -### 挂载的 ConfigMap 将被自动更新 {#mounted-configmaps-are-updated-automatically} - +### 挂载的 ConfigMap 将被自动更新 {#mounted-configmaps-are-updated-automatically} + 当某个已被挂载的 ConfigMap 被更新,所投射的内容最终也会被更新。 对于 Pod 已经启动之后所引用的、可选的 ConfigMap 才出现的情形, 这一动态更新现象也是适用的。 kubelet 在每次周期性同步时都会检查已挂载的 ConfigMap 是否是最新的。 但是,它使用其本地的基于 TTL 的缓存来获取 ConfigMap 的当前值。 @@ -1244,11 +1355,92 @@ A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#usi 使用 ConfigMap 作为 [subPath](/zh-cn/docs/concepts/storage/volumes/#using-subpath) 的数据卷将不会收到 ConfigMap 更新。 {{< /note >}} + + +### 限制 {#restrictions} + + +- 在 Pod 规约中引用某个 `ConfigMap` 之前,必须先创建这个对象, + 或者在 Pod 规约中将 ConfigMap 标记为 `optional`(请参阅[可选的 ConfigMaps](#optional-configmaps))。 + 如果所引用的 ConfigMap 不存在,并且没有将应用标记为 `optional` 则 Pod 将无法启动。 + 同样,引用 ConfigMap 中不存在的主键也会令 Pod 无法启动,除非你将 Configmap 标记为 `optional`。 + + +- 如果你使用 `envFrom` 来基于 ConfigMap 定义环境变量,那么无效的键将被忽略。 + Pod 可以被启动,但无效名称将被记录在事件日志中(`InvalidVariableNames`)。 + 日志消息列出了每个被跳过的键。例如: + + ```shell + kubectl get events + ``` + + + 输出与此类似: + ``` + LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE + 0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames {kubelet, 127.0.0.1} Keys [1badkey, 2alsobad] from the EnvFrom configMap default/myconfig were skipped since they are considered invalid environment variable names. + ``` + + +- ConfigMap 位于确定的{{< glossary_tooltip term_id="namespace" text="名字空间" >}}中。 + 每个 ConfigMap 只能被同一名字空间中的 Pod 引用. + + +- 你不能将 ConfigMap 用于{{< glossary_tooltip text="静态 Pod" term_id="static-pod" >}}, + 因为 Kubernetes 不支持这种用法。 + +## {{% heading "cleanup" %}} + + +删除你创建那些的 ConfigMap 和 Pod: + +```bash +kubectl delete configmaps/game-config configmaps/game-config-2 configmaps/game-config-3 \ + configmaps/game-config-env-file +kubectl delete pod dapi-test-pod --now + +# 你可能已经删除了下一组内容 +kubectl delete configmaps/special-config configmaps/env-config +kubectl delete configmap -l 'game-config in (config-4,config-5)’ +``` + + +如果你创建了一个目录 `configure-pod-container` 并且不再需要它,你也应该删除这个目录, +或者将该目录移动到回收站/删除文件的位置。 + ## {{% heading "whatsnext" %}} * 浏览[使用 ConfigMap 配置 Redis](/zh-cn/docs/tutorials/configuration/configure-redis-using-configmap/) 真实示例。 - From c6c09236c7b49ef8926204c83dffa6abe5cfc89c Mon Sep 17 00:00:00 2001 From: ziyi-xie Date: Wed, 1 Mar 2023 08:29:13 +0000 Subject: [PATCH 249/537] Update /content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md Co-authored-by: nasa9084 Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> Co-authored-by: atoato88 --- .../scheduling-eviction/assign-pod-node.md | 355 +++++++++--------- 1 file changed, 175 insertions(+), 180 deletions(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index 7256b988f1b13..a8cf9e0129b23 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -7,212 +7,230 @@ weight: 20 -{{< glossary_tooltip text="Pod" term_id="pod" >}}が稼働する{{< glossary_tooltip text="Node" term_id="node" >}}を特定のものに指定したり、優先条件を指定して制限することができます。 -これを実現するためにはいくつかの方法がありますが、推奨されている方法は[ラベルでの選択](/ja/docs/concepts/overview/working-with-objects/labels/)です。 -スケジューラーが最適な配置を選択するため、一般的にはこのような制限は不要です(例えば、複数のPodを別々のNodeへデプロイしたり、Podを配置する際にリソースが不十分なNodeにはデプロイされないことが挙げられます)が、 -SSDが搭載されているNodeにPodをデプロイしたり、同じアベイラビリティーゾーン内で通信する異なるサービスのPodを同じNodeにデプロイする等、柔軟な制御が必要なこともあります。 +{{< glossary_tooltip text="Pod" term_id="pod" >}}を特定の{{< glossary_tooltip text="Node" term_id="node" >}}で実行するように _制限_ したり、特定のNodeで実行することを _優先_ させたりといった制約をかけることができます。 +これを実現するためにはいくつかの方法がありますが、推奨されている方法は、すべて[ラベルセレクター](/ja/docs/concepts/overview/working-with-objects/labels/)を使用して選択を容易にすることです。 +多くの場合、このような制約を設定する必要はなく、{{< glossary_tooltip text="スケジューラー" term_id="kube-scheduler" >}}が自動的に妥当な配置を行います(例えば、Podを複数のNodeに分散させ、空きリソースが十分でないNodeにPodを配置しないようにすることができます)。 +しかし、例えばSSDが接続されているNodeにPodが配置されるようにしたり、多くの通信を行う2つの異なるサービスのPodを同じアベイラビリティーゾーンに配置したりする等、どのNodeに配置するかを制御したい状況もあります。 + +Kubernetesが特定のPodの配置場所を選択するために、以下の方法があります: - + * [nodeラベル](#built-in-node-labels)に対してマッチングを行う[nodeSelector](#nodeselector)フィールド + * [アフィニティとアンチアフィニティ](#affinity-and-anti-affinity) + * [nodeName](#nodename)フィールド + * [Podのトポロジー分散制約](#pod-topology-spread-constraints) -## nodeSelector +## Nodeラベル {#built-in-node-labels} -`nodeSelector`は、Nodeを選択するための、最も簡単で推奨されている手法です。 -`nodeSelector`はPodSpecのフィールドです。これはkey-valueペアのマップを特定します。 -あるノードでPodを稼働させるためには、そのノードがラベルとして指定されたkey-valueペアを保持している必要があります(複数のラベルを保持することも可能です)。 -最も一般的な使用方法は、1つのkey-valueペアを付与する方法です。 +他の多くのKubernetesオブジェクトと同様に、Nodeにも[ラベル](/ja/docs/concepts/overview/working-with-objects/labels/)があります。[手動でラベルを付ける](/ja/docs/tasks/configure-pod-container/assign-pods-nodes/#ラベルをNodeに追加する)ことができます。 +また、Kubernetesはクラスター内のすべてのNodeに対し、いくつかの標準ラベルを付けます。Nodeラベルの一覧については[よく使われるラベル、アノテーションとtaint](/docs/reference/labels-annotations-taints/)を参照してください。 -以下に、`nodeSelector`の使用例を紹介します。 +{{}} +これらのラベルの値はクラウドプロバイダー固有のもので、信頼性を保証できません。 +例えば、`kubernetes.io/hostname`の値はある環境ではNode名と同じになり、他の環境では異なる値になることがあります。 +{{}} -### ステップ0: 前提条件 +### Nodeの分離/制限 -この例では、KubernetesのPodに関して基本的な知識を有していることと、[Kubernetesクラスターのセットアップ](/ja/docs/setup/)がされていることが前提となっています。 +Nodeにラベルを追加することで、Podを特定のNodeまたはNodeグループ上でのスケジューリングの対象にすることができます。この機能を使用すると、特定のPodが一定の独立性、安全性、または規制といった属性を持ったNode上でのみ実行されるようにすることができます。 -### ステップ1: Nodeへのラベルの付与 +Node分離するのにラベルを使用する場合、{{}}が修正できないラベルキーを選択してください。 +これにより、侵害されたNodeが自身でそれらのラベルを設定することで、スケジューラーがそのNodeにワークロードをスケジュールしてしまうのを防ぐことができます。 -`kubectl get nodes`で、クラスターのノードの名前を取得してください。 -そして、ラベルを付与するNodeを選び、`kubectl label nodes =`で選択したNodeにラベルを付与します。 -例えば、Nodeの名前が'kubernetes-foo-node-1.c.a-robinson.internal'、付与するラベルが'disktype=ssd'の場合、`kubectl label nodes kubernetes-foo-node-1.c.a-robinson.internal disktype=ssd`によってラベルが付与されます。 +[`NodeRestriction`アドミッションプラグイン](/docs/reference/access-authn-authz/admission-controllers/#noderestriction)は、kubeletが`node-restriction.kubernetes.io/`というプレフィックスを持つラベルを設定または変更するのを防ぎます。 -`kubectl get nodes --show-labels`によって、ノードにラベルが付与されたかを確認することができます。 -また、`kubectl describe node "nodename"`から、そのNodeの全てのラベルを表示することもできます。 +ラベルプレフィックスをNode分離に利用するには: -### ステップ2: PodへのnodeSelectorフィールドの追加 +1. [Node認可](/docs/reference/access-authn-authz/node/)を使用していることと、`NodeRestriction` アドミッションプラグインが _有効_ になっていることを確認します。 +2. `node-restriction.kubernetes.io/`プレフィックスを持つラベルをNodeに追加し、 [nodeSelector](#nodeselector)でそれらのラベルを使用します。 + 例えば、`example.com.node-restriction.kubernetes.io/fips=true`や`example.com.node-restriction.kubernetes.io/pci-dss=true`などです。 -該当のPodのconfigファイルに、nodeSelectorのセクションを追加します: -例として以下のconfigファイルを扱います: +## nodeSelector {#nodeselector} -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: nginx - labels: - env: test -spec: - containers: - - name: nginx - image: nginx -``` +`nodeSelector`は、Node選択制約の中で最もシンプルな推奨形式です。 +Podのspec(仕様)に`nodeSelector`フィールドを追加することで、ターゲットNodeが持つべき[Nodeラベル](#built-in-node-labels)を指定できます。 +Kubernetesは指定された各ラベルを持つNodeにのみ、Podをスケジューリングします。 -nodeSelectorを以下のように追加します: +詳しい情報については[PodをNodeに割り当てる](/ja/docs/tasks/configure-pod-container/assign-pods-nodes/)を参照してください。 -{{< codenew file="pods/pod-nginx.yaml" >}} +## アフィニティとアンチアフィニティ {#affinity-and-anti-affinity} -`kubectl apply -f https://k8s.io/examples/pods/pod-nginx.yaml`により、Podは先ほどラベルを付与したNodeへスケジュールされます。 -`kubectl get pods -o wide`で表示される"NODE"の列から、PodがデプロイされているNodeを確認することができます。 +`nodeSelector`はPodを特定のラベルが付与されたNodeに制限する最も簡単な方法です。 +アフィニティとアンチアフィニティでは、定義できる制約の種類が拡張されています。 +アフィニティとアンチアフィニティのメリットは以下の通りです。 -## 補足: ビルトインNodeラベル {#built-in-node-labels} +* アフィニティとアンチアフィニティで使われる言語は、より表現力が豊かです。`nodeSelector`は指定されたラベルを全て持つNodeを選択するだけです。アフィニティとアンチアフィニティは選択ロジックをより細かく制御することができます。 +* ルールが*柔軟*であったり*優先*での指定ができたりするため、一致するNodeが見つからない場合でも、スケジューラーはPodをスケジュールします。 +* Node自体のラベルではなく、Node(または他のトポロジカルドメイン)上で稼働している他のPodのラベルを使ってPodを制約することができます。これにより、Node上にどのPodを共存させるかのルールを定義することができます。 -明示的に[付与](#step-one-attach-label-to-the-node)するラベルの他に、事前にNodeへ付与されているものもあります。 -これらのラベルのリストは、[Well-Known Labels, Annotations and Taints](/docs/reference/kubernetes-api/labels-annotations-taints/)を参照してください。 +アフィニティ機能は、2種類のアフィニティで構成されています: -{{< note >}} -これらのラベルは、クラウドプロバイダー固有であり、確実なものではありません。 -例えば、`kubernetes.io/hostname`の値はNodeの名前と同じである環境もあれば、異なる環境もあります。 -{{< /note >}} +* *Nodeアフィニティ*は`nodeSelector`フィールドと同様に機能しますが、より表現力が豊かで、より柔軟にルールを指定することができます。 +* *Pod間アフィニティとアンチアフィニティ*は、他のPodのラベルを元に、Podを制約することができます。 +### Nodeアフィニティ {#node-affinity} -## Nodeの隔離や制限 -Nodeにラベルを付与することで、Podは特定のNodeやNodeグループにスケジュールされます。 -これにより、特定のPodを、確かな隔離性や安全性、特性を持ったNodeで稼働させることができます。 -この目的でラベルを使用する際に、Node上のkubeletプロセスに上書きされないラベルキーを選択することが強く推奨されています。 -これは、安全性が損なわれたNodeがkubeletの認証情報をNodeのオブジェクトに設定したり、スケジューラーがそのようなNodeにデプロイすることを防ぎます。 +Nodeアフィニティは概念的には、NodeのラベルによってPodがどのNodeにスケジュールされるかを制限する`nodeSelector`と同様です。 -`NodeRestriction`プラグインは、kubeletが`node-restriction.kubernetes.io/`プレフィックスを有するラベルの設定や上書きを防ぎます。 -Nodeの隔離にラベルのプレフィックスを使用するためには、以下のようにします。 +Nodeアフィニティには2種類あります: -1. [Node authorizer](/docs/reference/access-authn-authz/node/)を使用していることと、[NodeRestriction admission plugin](/docs/reference/access-authn-authz/admission-controllers/#noderestriction)が _有効_ になっていること。 -2. Nodeに`node-restriction.kubernetes.io/` プレフィックスのラベルを付与し、そのラベルがnode selectorに指定されていること。 -例えば、`example.com.node-restriction.kubernetes.io/fips=true` または `example.com.node-restriction.kubernetes.io/pci-dss=true`のようなラベルです。 + * `requiredDuringSchedulingIgnoredDuringExecution`: + スケジューラーは、ルールが満たされない限り、Podをスケジュールすることができません。これは`nodeSelector`と同じように機能しますが、より表現力豊かな構文になっています。 + * `preferredDuringSchedulingIgnoredDuringExecution`: + スケジューラーは、対応するルールを満たすNodeを探そうとします。 一致するNodeが見つからなくても、スケジューラーはPodをスケジュールします。 -## アフィニティとアンチアフィニティ {#affinity-and-anti-affinity} +{{}} +上記の2種類にある`IgnoredDuringExecution`は、KubernetesがPodをスケジュールした後にNodeラベルが変更されても、Podは実行し続けることを意味します。 +{{}} -`nodeSelector`はPodの稼働を特定のラベルが付与されたNodeに制限する最も簡単な方法です。 -アフィニティ/アンチアフィニティでは、より柔軟な指定方法が提供されています。 -拡張機能は以下の通りです。 +Podのspec(仕様)にある`.spec.affinity.nodeAffinity`フィールドを使用して、Nodeアフィニティを指定することができます。 -1. アフィニティ/アンチアフィニティという用語はとても表現豊かです。この用語は論理AND演算で作成された完全一致だけではなく、より多くのマッチングルールを提供します。 -2. 必須条件ではなく優先条件を指定でき、条件を満たさない場合でもPodをスケジュールさせることができます。 -3. Node自体のラベルではなく、Node(または他のトポロジカルドメイン)上で稼働している他のPodのラベルに対して条件を指定することができ、そのPodと同じ、または異なるドメインで稼働させることができます。 +例えば、次のようなPodのspec(仕様)を考えてみましょう: -アフィニティは"Nodeアフィニティ"と"Pod間アフィニティ/アンチアフィニティ"の2種類から成ります。 -Nodeアフィニティは`nodeSelector`(前述の2つのメリットがあります)に似ていますが、Pod間アフィニティ/アンチアフィニティは、上記の3番目の機能に記載している通り、NodeのラベルではなくPodのラベルに対して制限をかけます。 +{{< codenew file="pods/pod-with-node-affinity.yaml" >}} -### Nodeアフィニティ +この例では、以下のルールが適用されます: -Nodeアフィニティは概念的には、NodeのラベルによってPodがどのNodeにスケジュールされるかを制限する`nodeSelector`と同様です。 + * Nodeには`topology.kubernetes.io/zone`をキーとするラベルが*必要*で、そのラベルの値は`antarctica-east1`または`antarctica-west1`のいずれかでなければなりません。 + * Nodeにはキー名が`another-node-label-key`で、値が`another-node-label-value`のラベルを持つことが*望ましい*です。 -現在は2種類のNodeアフィニティがあり、`requiredDuringSchedulingIgnoredDuringExecution`と`preferredDuringSchedulingIgnoredDuringExecution`です。 -前者はNodeにスケジュールされるPodが条件を満たすことが必須(`nodeSelector`に似ていますが、より柔軟に条件を指定できます)であり、後者は条件を指定できますが保証されるわけではなく、優先的に考慮されます。 -"IgnoredDuringExecution"の意味するところは、`nodeSelector`の機能と同様であり、Nodeのラベルが変更され、Podがその条件を満たさなくなった場合でも -PodはそのNodeで稼働し続けるということです。 -将来的には、`requiredDuringSchedulingIgnoredDuringExecution`に、PodのNodeアフィニティに記された必須要件を満たさなくなったNodeからそのPodを退避させることができる機能を備えた`requiredDuringSchedulingRequiredDuringExecution`が提供される予定です。 +`operator`フィールドを使用して、Kubernetesがルールを解釈する際に使用できる論理演算子を指定することができます。`In`、`NotIn`、`Exists`、`DoesNotExist`、`Gt`、`Lt`が使用できます。 -それぞれの使用例として、 -`requiredDuringSchedulingIgnoredDuringExecution` は、"インテルCPUを供えたNode上でPodを稼働させる"、 -`preferredDuringSchedulingIgnoredDuringExecution`は、"ゾーンXYZでPodの稼働を試みますが、実現不可能な場合には他の場所で稼働させる" -といった方法が挙げられます。 +`NotIn`と`DoesNotExist`を使って、Nodeのアンチアフィニティ動作を定義することができます。また、[NodeのTaint](/ja/docs/concepts/scheduling-eviction/taint-and-toleration/)を使用して、特定のNodeからPodをはじくこともできます。 -Nodeアフィニティは、PodSpecの`affinity`フィールドにある`nodeAffinity`フィールドで特定します。 +{{}} +`nodeSelector`と`nodeAffinity`の両方を指定した場合、*両方の*条件を満たさないとPodはNodeにスケジュールされません。 -Nodeアフィニティを使用したPodの例を以下に示します: +`nodeAffinity`タイプに関連付けられた`nodeSelectorTerms`内に、複数の条件を指定した場合、Podは指定した条件のいずれかを満たしたNodeへスケジュールされます(条件はORされます)。 -{{< codenew file="pods/pod-with-node-affinity.yaml" >}} +`nodeSelectorTerms`内の条件に関連付けられた1つの`matchExpressions`フィールド内に、複数の条件を指定した場合、Podは全ての条件を満たしたNodeへスケジュールされます(条件はANDされます)。 +{{}} + +詳細については[Nodeアフィニティを利用してPodをNodeに割り当てる](/ja/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)を参照してください。 + +#### Nodeアフィニティの重み + +`preferredDuringSchedulingIgnoredDuringExecution`アフィニティタイプの各インスタンスに、1から100の範囲の`weight`を指定できます。 +Podの他のスケジューリング要件をすべて満たすNodeを見つけると、スケジューラーはそのNodeが満たすすべての優先ルールを繰り返し実行し、対応する式の`weight`値を合計に加算します。 + +最終的な合計は、そのNodeの他の優先度関数のスコアに加算されます。合計スコアが最も高いNodeが、スケジューラーがPodのスケジューリングを決定する際に優先されます。 + +例えば、次のようなPodのspec(仕様)を考えてみましょう: -このNodeアフィニティでは、Podはキーが`kubernetes.io/e2e-az-name`、値が`e2e-az1`または`e2e-az2`のラベルが付与されたNodeにしか配置されません。 -加えて、キーが`another-node-label-key`、値が`another-node-label-value`のラベルが付与されたNodeが優先されます。 +{{< codenew file="pods/pod-with-affinity-anti-affinity.yaml" >}} -この例ではオペレーター`In`が使われています。 -Nodeアフィニティでは、`In`、`NotIn`、`Exists`、`DoesNotExist`、`Gt`、`Lt`のオペレーターが使用できます。 -`NotIn`と`DoesNotExist`はNodeアンチアフィニティ、またはPodを特定のNodeにスケジュールさせない場合に使われる[Taints](/ja/docs/concepts/scheduling-eviction/taint-and-toleration/)に使用します。 +`preferredDuringSchedulingIgnoredDuringExecution`ルールにマッチするNodeとして、一つは`label-1:key-1`ラベル、もう一つは`label-2:key-2`ラベルの2つの候補がある場合、スケジューラーは各Nodeの`weight`を考慮し、その重みとNodeの他のスコアを加え、最終スコアが最も高いNodeにPodをスケジューリングします。 -`nodeSelector`と`nodeAffinity`の両方を指定した場合、Podは**両方の**条件を満たすNodeにスケジュールされます。 +{{}} +この例でKubernetesにPodを正常にスケジュールさせるには、`kubernetes.io/os=linux`ラベルを持つ既存のNodeが必要です。 +{{}} -`nodeAffinity`内で複数の`nodeSelectorTerms`を指定した場合、Podは**いずれかの**`nodeSelectorTerms`を満たしたNodeへスケジュールされます。 +#### スケジューリングプロファイルごとのNodeアフィニティ {#node-affinity-per-scheduling-profile} -`nodeSelectorTerms`内で複数の`matchExpressions`を指定した場合にはPodは**全ての**`matchExpressions`を満たしたNodeへスケジュールされます。 +{{< feature-state for_k8s_version="v1.20" state="beta" >}} -PodがスケジュールされたNodeのラベルを削除したり変更しても、Podは削除されません。 -言い換えると、アフィニティはPodをスケジュールする際にのみ考慮されます。 +複数の[スケジューリングプロファイル](/ja/docs/reference/scheduling/config/#multiple-profiles)を設定する場合、プロファイルにNodeアフィニティを関連付けることができます。これは、プロファイルが特定のNode群にのみ適用される場合に便利です。[スケジューラーの設定](/ja/docs/reference/scheduling/config/)にある[`NodeAffinity`プラグイン](/ja/docs/reference/scheduling/config/#scheduling-plugins)の`args`フィールドに`addedAffinity`を追加すると実現できます。例えば: -`preferredDuringSchedulingIgnoredDuringExecution`内の`weight`フィールドは、1から100の範囲で指定します。 -全ての必要条件(リソースやRequiredDuringSchedulingアフィニティ等)を満たしたNodeに対して、スケジューラーはそのNodeがMatchExpressionsを満たした場合に、このフィルードの"weight"を加算して合計を計算します。 -このスコアがNodeの他の優先機能のスコアと組み合わせれ、最も高いスコアを有したNodeが優先されます。 +```yaml +apiVersion: kubescheduler.config.k8s.io/v1beta3 +kind: KubeSchedulerConfiguration + +profiles: + - schedulerName: default-scheduler + - schedulerName: foo-scheduler + pluginConfig: + - name: NodeAffinity + args: + addedAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: scheduler-profile + operator: In + values: + - foo +``` + +`addedAffinity`は、Podの仕様(spec)で指定されたNodeアフィニティに加え、`.spec.schedulerName`を`foo-scheduler`に設定したすべてのPodに適用されます。つまり、Podにマッチするためには、Nodeは`addedAffinity`とPodの`.spec.NodeAffinity`を満たす必要があるのです。 + +`addedAffinity`はエンドユーザーには見えないので、その動作はエンドユーザーにとって予期しないものになる可能性があります。スケジューラープロファイル名と明確な相関関係のあるNodeラベルを使用すべきです。 + +{{< note >}} +[DaemonSetのPodを作成する](/ja/docs/concepts/workloads/controllers/daemonset/#how-daemon-pods-are-scheduled)DaemonSetコントローラーは、スケジューリングプロファイルをサポートしていません。DaemonSetコントローラーがPodを作成すると、デフォルトのKubernetesスケジューラーがそれらのPodを配置し、DaemonSetコントローラーの`nodeAffinity`ルールに優先して従います。 +{{< /note >}} -### Pod間アフィニティとアンチアフィニティ +### Pod間のアフィニティとアンチアフィニティ -Pod間アフィニティとアンチアフィニティは、Nodeのラベルではなく、すでにNodeで稼働しているPodのラベルに従ってPodがスケジュールされるNodeを制限します。 -このポリシーは、"XにてルールYを満たすPodがすでに稼働している場合、このPodもXで稼働させる(アンチアフィニティの場合は稼働させない)"という形式です。 -Yはnamespaceのリストで指定したLabelSelectorで表されます。 -Nodeと異なり、Podはnamespaceで区切られているため(それゆえPodのラベルも暗黙的にnamespaceで区切られます)、Podのラベルを指定するlabel selectorは、どのnamespaceにselectorを適用するかを指定する必要があります。 -概念的に、XはNodeや、ラック、クラウドプロバイダゾーン、クラウドプロバイダのリージョン等を表すトポロジードメインです。 -これらを表すためにシステムが使用するNodeラベルのキーである`topologyKey`を使うことで、トポロジードメインを指定することができます。 -先述のセクション[補足: ビルトインNodeラベル](#interlude-built-in-node-labels)にてラベルの例が紹介されています。 +Pod間のアフィニティとアンチアフィニティは、Nodeのラベルではなく、すでにNode上で稼働している**Pod**のラベルに従って、PodがどのNodeにスケジュールされるかを制限できます。 +XはNodeや、ラック、クラウドプロバイダーのゾーンやリージョン等を表すトポロジードメインで、YはKubernetesが満たそうとするルールである場合、Pod間のアフィニティとアンチアフィニティのルールは、"XにてルールYを満たすPodがすでに稼働している場合、このPodもXで実行すべき(アンチアフィニティの場合はすべきではない)"という形式です。 + +これらのルール(Y)は、オプションの関連する名前空間のリストを持つ[ラベルセレクター](/ja/docs/concepts/overview/working-with-objects/labels/#label-selectors)で表現されます。PodはKubernetesの名前空間オブジェクトであるため、Podラベルも暗黙的に名前空間を持ちます。Kubernetesが指定された名前空間でラベルを探すため、Podラベルのラベルセレクターは、名前空間を指定する必要があります。 + +トポロジードメイン(X)は`topologyKey`で表現され、システムがドメインを示すために使用するNodeラベルのキーになります。具体例は[よく知られたラベル、アノテーションとTaint](/docs/reference/labels-annotations-taints/)を参照してください。 {{< note >}} -Pod間アフィニティとアンチアフィニティは、大規模なクラスター上で使用する際にスケジューリングを非常に遅くする恐れのある多くの処理を要します。 -そのため、数百台以上のNodeから成るクラスターでは使用することを推奨されません。 +Pod間アフィニティとアンチアフィニティはかなりの処理量を必要とするため、大規模クラスターでのスケジューリングが大幅に遅くなる可能性があります +そのため、数百台以上のNodeから成るクラスターでの使用は推奨されません。 {{< /note >}} {{< note >}} -Podのアンチアフィニティは、Nodeに必ずラベルが付与されている必要があります。 -言い換えると、クラスターの全てのNodeが、`topologyKey`で指定されたものに合致する適切なラベルが必要になります。 -それらが付与されていないNodeが存在する場合、意図しない挙動を示すことがあります。 +Podのアンチアフィニティは、Nodeに必ず一貫性の持つラベルが付与されている必要があります。 +言い換えると、クラスターの全てのNodeが、`topologyKey`に合致する適切なラベルが必要になります。 +一部、または全部のNodeに`topologyKey`ラベルが指定されていない場合、意図しない挙動に繋がる可能性があります。 {{< /note >}} -Nodeアフィニティと同様に、PodアフィニティとPodアンチアフィニティにも必須条件と優先条件を示す`requiredDuringSchedulingIgnoredDuringExecution`と`preferredDuringSchedulingIgnoredDuringExecution`があります。 -前述のNodeアフィニティのセクションを参照してください。 -`requiredDuringSchedulingIgnoredDuringExecution`を指定するアフィニティの使用例は、"Service AのPodとService BのPodが密に通信する際、それらを同じゾーンで稼働させる場合"です。 -また、`preferredDuringSchedulingIgnoredDuringExecution`を指定するアンチアフィニティの使用例は、"ゾーンをまたいでPodのサービスを稼働させる場合"(Podの数はゾーンの数よりも多いため、必須条件を指定すると合理的ではありません)です。 +#### Pod間のアフィニティとアンチアフィニティの種類 + +[Nodeアフィニティ](#node-affinity)と同様に、Podアフィニティとアンチアフィニティにも下記の2種類があります: + + * `requiredDuringSchedulingIgnoredDuringExecution` + * `preferredDuringSchedulingIgnoredDuringExecution` + +例えば、`requiredDuringSchedulingIgnoredDuringExecution`アフィニティを使用して、2つのサービスのPodはお互いのやり取りが多いため、同じクラウドプロバイダーゾーンに併置するようにスケジューラーに指示することができます。 +同様に、`preferredDuringSchedulingIgnoredDuringExecution`アンチアフィニティを使用して、あるサービスのPodを複数のクラウドプロバイダーゾーンに分散させることができます。 + +Pod間アフィニティを使用するには、Pod仕様(spec)の`affinity.podAffinity`フィールドで指定します。Pod間アンチアフィニティを使用するには、Pod仕様(spec)の`affinity.podAntiAffinity`フィールドで指定します。 -Pod間アフィニティは、PodSpecの`affinity`フィールド内に`podAffinity`で指定し、Pod間アンチアフィニティは、`podAntiAffinity`で指定します。 +#### Podアフィニティ使用例 {#an-example-of-a-pod-that-uses-pod-affinity} -#### Podアフィニティを使用したPodの例 +次のようなPod仕様(spec)を考えてみましょう: {{< codenew file="pods/pod-with-pod-affinity.yaml" >}} -このPodのアフィニティは、PodアフィニティとPodアンチアフィニティを1つずつ定義しています。 -この例では、`podAffinity`に`requiredDuringSchedulingIgnoredDuringExecution`、`podAntiAffinity`に`preferredDuringSchedulingIgnoredDuringExecution`が設定されています。 -Podアフィニティは、「キーが"security"、値が"S1"のラベルが付与されたPodが少なくとも1つは稼働しているNodeが同じゾーンにあれば、PodはそのNodeにスケジュールされる」という条件を指定しています(より正確には、キーが"security"、値が"S1"のラベルが付与されたPodが稼働しており、キーが`topology.kubernetes.io/zone`、値がVであるNodeが少なくとも1つはある状態で、 -Node Nがキー`topology.kubernetes.io/zone`、値Vのラベルを持つ場合に、PodはNode Nで稼働させることができます)。 -Podアンチアフィニティは、「すでにあるNode上で、キーが"security"、値が"S2"であるPodが稼働している場合に、Podを可能な限りそのNode上で稼働させない」という条件を指定しています -(`topologyKey`が`topology.kubernetes.io/zone`であった場合、キーが"security"、値が"S2"であるであるPodが稼働しているゾーンと同じゾーン内のNodeにはスケジュールされなくなります)。 -PodアフィニティとPodアンチアフィニティや、`requiredDuringSchedulingIgnoredDuringExecution`と`preferredDuringSchedulingIgnoredDuringExecution`に関する他の使用例は[デザインドック](https://git.k8s.io/community/contributors/design-proposals/scheduling/podaffinity.md)を参照してください。 +この例では、PodアフィニティルールとPodアンチアフィニティルールを1つずつ定義しています。 +Podアフィニティルールは"ハード"な`requiredDuringSchedulingIgnoredDuringExecution`を使用し、アンチアフィニティルールは"ソフト"な`preferredDuringSchedulingIgnoredDuringExecution`を使用しています。 -PodアフィニティとPodアンチアフィニティで使用できるオペレーターは、`In`、`NotIn`、 `Exists`、 `DoesNotExist`です。 +アフィニティルールは、スケジューラーがNodeにPodをスケジュールできるのは、そのNodeが、`security=S1`ラベルを持つ1つ以上の既存のPodと同じゾーンにある場合のみであることを示しています。より正確には、現在Podラベル`security=S1`を持つPodが1つ以上あるNodeが、そのゾーン内に少なくとも1つ存在する限り、スケジューラーは`topology.kubernetes.io/zone=V`ラベルを持つNodeにPodを配置しなければなりません。 -原則として、`topologyKey`には任意のラベルとキーが使用できます。 -しかし、パフォーマンスやセキュリティの観点から、以下の制約があります: +アンチアフィニティルールは、`security=S2`ラベルを持つ1つ以上のPodと同じゾーンにあるNodeには、スケジューラーがPodをスケジュールしないようにすることを示しています。より正確には、Podラベル`Security=S2`を持つPodが稼働している他のNodeが、同じゾーン内に存在する場合、スケジューラーは`topology.kubernetes.io/zone=R`ラベルを持つNodeにはPodを配置しないようにしなければなりません。 -1. アフィニティと、`requiredDuringSchedulingIgnoredDuringExecution`を指定したPodアンチアフィニティは、`topologyKey`を指定しないことは許可されていません。 -2. `requiredDuringSchedulingIgnoredDuringExecution`を指定したPodアンチアフィニティでは、`kubernetes.io/hostname`の`topologyKey`を制限するため、アドミッションコントローラー`LimitPodHardAntiAffinityTopology`が導入されました。 -トポロジーをカスタマイズする場合には、アドミッションコントローラーを修正または無効化する必要があります。 -3. `preferredDuringSchedulingIgnoredDuringExecution`を指定したPodアンチアフィニティでは、`topologyKey`を省略することはできません。 -4. 上記の場合を除き、`topologyKey` は任意のラベルとキーを指定することができます。 +Podアフィニティとアンチアフィニティの使用例についてもっと知りたい方は[デザイン案](https://git.k8s.io/design-proposals-archive/scheduling/podaffinity.md)を参照してください。 -`labelSelector`と`topologyKey`に加え、`labelSelector`が合致すべき`namespaces`のリストを特定することも可能です(これは`labelSelector`と`topologyKey`を定義することと同等です)。 -省略した場合や空の場合は、アフィニティとアンチアフィニティが定義されたPodのnamespaceがデフォルトで設定されます。 +Podアフィニティとアンチアフィニティの`operator`フィールドで使用できるのは、`In`、`NotIn`、 `Exists`、 `DoesNotExist`です。 -`requiredDuringSchedulingIgnoredDuringExecution`が指定されたアフィニティとアンチアフィニティでは、`matchExpressions`に記載された全ての条件が満たされるNodeにPodがスケジュールされます。 +原則として、`topologyKey`には任意のラベルキーが指定できますが、パフォーマンスやセキュリティの観点から、以下の例外があります: +* Podアフィニティとアンチアフィニティでは、`requiredDuringSchedulingIgnoredDuringExecution`と`preferredDuringSchedulingIgnoredDuringExecution`内のどちらも、`topologyKey`フィールドが空であることは許可されていません。 +* Podアンチアフィニティルールの`requiredDuringSchedulingIgnoredDuringExecution`では、アドミッションコントローラー`LimitPodHardAntiAffinityTopology`が`topologyKey`を`kubernetes.io/hostname`に制限しています。アドミッションコントローラーを修正または無効化すると、トポロジーのカスタマイズができるようになります。 -#### 実際的なユースケース +`labelSelector`と`topologyKey`に加え、`labelSelector`と`topologyKey`と同じレベルの`namespaces`フィールドを使用して、`labelSelector`が合致すべき名前空間のリストを任意に指定することができます。省略または空の場合、`namespaces`がデフォルトで、アフィニティとアンチアフィニティが定義されたPodの名前空間に設定されます。 -Pod間アフィニティとアンチアフィニティは、ReplicaSet、StatefulSet、Deploymentなどのより高レベルなコレクションと併せて使用するとさらに有用です。 -Workloadが、Node等の定義された同じトポロジーに共存させるよう、簡単に設定できます。 +#### 名前空間セレクター +{{< feature-state for_k8s_version="v1.24" state="stable" >}} +`namespaceSelector`を使用し、ラベルで名前空間の集合に対して検索することによって、名前空間を選択することができます。 +アフィニティ項は`namespaceSelector`と`namespaces`フィールドによって選択された名前空間に適用されます。 +要注意なのは、空の`namespaceSelector`({})はすべての名前空間にマッチし、nullまたは空の`namespaces`リストとnullの`namespaceSelector`は、ルールが定義されているPodの名前空間にマッチします。 -##### 常に同じNodeで稼働させる場合 +#### 実践的なユースケース -3つのノードから成るクラスターでは、ウェブアプリケーションはredisのようにインメモリキャッシュを保持しています。 -このような場合、ウェブサーバーは可能な限りキャッシュと共存させることが望ましいです。 +Pod間アフィニティとアンチアフィニティは、ReplicaSet、StatefulSet、Deploymentなどのより高レベルなコレクションと併せて使用するとさらに有用です。これらのルールにより、ワークロードのセットが同じ定義されたトポロジーに併置されるように設定できます。たとえば、2つの関連するPodを同じNodeに配置することが好ましい場合です。 -ラベル`app=store`を付与した3つのレプリカから成るredisのdeploymentを記述したyamlファイルを示します。 -Deploymentには、1つのNodeにレプリカを共存させないために`PodAntiAffinity`を付与しています。 +例えば、3つのNodeで構成されるクラスターを想像してください。クラスターを使用してウェブアプリケーションを実行し、さらにインメモリキャッシュ(Redisなど)を使用します。この例では、ウェブアプリケーションとメモリキャッシュの間のレイテンシーは実用的な範囲の低さも想定しています。Pod間アフィニティやアンチアフィニティを使って、ウェブサーバーとキャッシュをなるべく同じ場所に配置することができます。 +以下のRedisキャッシュのDeploymentの例では、各レプリカはラベル`app=store`が付与されています。`podAntiAffinity`ルールは、`app=store`ラベルを持つ複数のレプリカを単一Nodeに配置しないよう、スケジューラーに指示します。これにより、各キャッシュが別々のNodeに作成されます。 ```yaml apiVersion: apps/v1 @@ -244,10 +262,7 @@ spec: image: redis:3.2-alpine ``` -ウェブサーバーのDeploymentを記載した以下のyamlファイルには、`podAntiAffinity` と`podAffinity`が設定されています。 -全てのレプリカが`app=store`のラベルが付与されたPodと同じゾーンで稼働するよう、スケジューラーに設定されます。 -また、それぞれのウェブサーバーは1つのノードで稼働されないことも保証されます。 - +次の Web サーバーのDeployment例では、`app=web-store`ラベルが付与されたレプリカを作成します。Podアフィニティルールは、各レプリカを、`app=store`ラベルが付与されたPodを持つNodeに配置するようスケジューラーに指示します。Podアンチアフィニティルールは、1つのNodeに複数の`app=web-store`サーバーを配置しないようにスケジューラーに指示します。 ```yaml apiVersion: apps/v1 @@ -288,49 +303,29 @@ spec: image: nginx:1.16-alpine ``` -上記2つのDeploymentが生成されると、3つのノードは以下のようになります。 +上記2つのDeploymentが生成されると、以下のようなクラスター構成になり、各Webサーバーはキャッシュと同位置に、3つの別々のNodeに配置されます。 | node-1 | node-2 | node-3 | |:--------------------:|:-------------------:|:------------------:| | *webserver-1* | *webserver-2* | *webserver-3* | | *cache-1* | *cache-2* | *cache-3* | -このように、3つの`web-server`は期待通り自動的にキャッシュと共存しています。 - -``` -kubectl get pods -o wide -``` -出力は以下のようになります: -``` -NAME READY STATUS RESTARTS AGE IP NODE -redis-cache-1450370735-6dzlj 1/1 Running 0 8m 10.192.4.2 kube-node-3 -redis-cache-1450370735-j2j96 1/1 Running 0 8m 10.192.2.2 kube-node-1 -redis-cache-1450370735-z73mh 1/1 Running 0 8m 10.192.3.1 kube-node-2 -web-server-1287567482-5d4dz 1/1 Running 0 7m 10.192.2.3 kube-node-1 -web-server-1287567482-6f7v5 1/1 Running 0 7m 10.192.4.3 kube-node-3 -web-server-1287567482-s330j 1/1 Running 0 7m 10.192.3.2 kube-node-2 -``` - -##### 同じNodeに共存させない場合 - -上記の例では `PodAntiAffinity`を`topologyKey: "kubernetes.io/hostname"`と合わせて指定することで、redisクラスター内の2つのインスタンスが同じホストにデプロイされない場合を扱いました。 -同様の方法で、アンチアフィニティを用いて高可用性を実現したStatefulSetの使用例は[ZooKeeper tutorial](/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure)を参照してください。 +全体的な効果として、各キャッシュインスタンスは、同じNode上で実行している単一のクライアントによってアクセスされる可能性が高いです。この方法は、スキュー(負荷の偏り)とレイテンシーの両方を最小化することを目的としています。 +Podアンチアフィニティを使用する理由は他にもあります。 +この例と同様の方法で、アンチアフィニティを用いて高可用性を実現したStatefulSetの使用例は[ZooKeeperチュートリアル](/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure)を参照してください。 ## nodeName -`nodeName`はNodeの選択を制限する最も簡単な方法ですが、制約があることからあまり使用されません。 -`nodeName`はPodSpecのフィールドです。 -ここに値が設定されると、schedulerはそのPodを考慮しなくなり、その名前が付与されているNodeのkubeletはPodを稼働させようとします。 -そのため、PodSpecに`nodeName`が指定されると、上述のNodeの選択方法よりも優先されます。 +`nodeName`はアフィニティや`nodeSelector`よりも直接的なNode選択形式になります。`nodeName`はPod仕様(spec)のフィールドです。`nodeName`フィールドが空でない場合、スケジューラーはPodを考慮せずに、指定されたNodeにあるkubeletはそのNodeにPodを配置しようとします。`nodeName`を使用すると、`nodeSelector`やアフィニティおよびアンチアフィニティルールを使用するよりも優先されます。 - `nodeName`を使用することによる制約は以下の通りです: + `nodeName`を使ってNodeを選択する場合の制約は以下の通りです: -- その名前のNodeが存在しない場合、Podは起動されす、自動的に削除される場合があります。 -- その名前のNodeにPodを稼働させるためのリソースがない場合、Podの起動は失敗し、理由は例えばOutOfmemoryやOutOfcpuになります。 -- クラウド上のNodeの名前は予期できず、変更される可能性があります。 +- 指定されたNodeが存在しない場合、Podは実行されず、場合によっては自動的に削除されることがあります。 +- 指定されたNodeがPodを収容するためのリソースを持っていない場合、Podの起動は失敗し、OutOfmemoryやOutOfcpuなどの理由が表示されます。 +- クラウド環境におけるNode名は、常に予測可能で安定したものではありません。 -`nodeName`を指定したPodの設定ファイルの例を示します: +以下は、`nodeName`フィールドを使用したPod仕様(spec)の例になります: ```yaml apiVersion: v1 @@ -344,18 +339,18 @@ spec: nodeName: kube-01 ``` -上記のPodはkube-01という名前のNodeで稼働します。 - +上記のPodは`kube-01`というNodeでのみ実行されます。 +## Podトポロジー分散制約 {#pod-topology-spread-constraints} -## {{% heading "whatsnext" %}} - +_トポロジー分散制約_ を使って、リージョン、ゾーン、Nodeなどの障害ドメイン間、または定義したその他のトポロジードメイン間で、クラスター全体にどのように{{< glossary_tooltip text="Pod" term_id="Pod" >}}を分散させるかを制御することができます。これにより、パフォーマンス、予想される可用性、または全体的な使用率を向上させることができます。 -[Taints](/ja/docs/concepts/scheduling-eviction/taint-and-toleration/)を使うことで、NodeはPodを追い出すことができます。 +詳しい仕組みについては、[トポロジー分散制約](/docs/concepts/scheduling-eviction/topology-spread-constraints/)を参照してください。 -[Nodeアフィニティ](https://git.k8s.io/community/contributors/design-proposals/scheduling/nodeaffinity.md)と -[Pod間アフィニティ/アンチアフィニティ](https://git.k8s.io/community/contributors/design-proposals/scheduling/podaffinity.md) -のデザインドキュメントには、これらの機能の追加のバックグラウンドの情報が記載されています。 +## {{% heading "whatsnext" %}} -一度PodがNodeに割り当たると、kubeletはPodを起動してノード内のリソースを確保します。 -[トポロジーマネージャー](/docs/tasks/administer-cluster/topology-manager/)はNodeレベルのリソース割り当てを決定する際に関与します。 +* [TaintとToleration](/ja/docs/concepts/scheduling-eviction/taint-and-toleration/)についてもっと読む。 +* [Nodeアフィニティ](https://git.k8s.io/design-proposals-archive/scheduling/nodeaffinity.md)と[Pod間アフィニティ/アンチアフィニティ](https://git.k8s.io/design-proposals-archive/scheduling/podaffinity.md)のデザインドキュメントを読む。 +* [トポロジーマネージャー](/ja/docs/tasks/administer-cluster/topology-manager/)がNodeレベルリソースの割り当て決定に参加する方法について学ぶ。 +* [nodeSelector](/ja/docs/tasks/configure-pod-container/assign-pods-nodes/)の使用方法について学ぶ。 +* [アフィニティとアンチアフィニティ](/ja/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)の使用方法について学ぶ。 From 9781390c523ab1a11e01a977f932daf8dce24fd3 Mon Sep 17 00:00:00 2001 From: ziyi-xie Date: Wed, 1 Mar 2023 09:06:03 +0000 Subject: [PATCH 250/537] add content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml file --- .../pods/pod-with-affinity-anti-affinity.yaml | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml diff --git a/content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml b/content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml new file mode 100644 index 0000000000000..f5f698d1f9b57 --- /dev/null +++ b/content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Pod +metadata: + name: with-affinity-anti-affinity +spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: label-1 + operator: In + values: + - key-1 + - weight: 50 + preference: + matchExpressions: + - key: label-2 + operator: In + values: + - key-2 + containers: + - name: with-node-affinity + image: registry.k8s.io/pause:2.0 + \ No newline at end of file From dbd72395cd23148315f03a9f7934a052b665a1c0 Mon Sep 17 00:00:00 2001 From: Peter Arboleda Date: Wed, 1 Mar 2023 14:29:10 +0100 Subject: [PATCH 251/537] Update endpoint-slices.md --- content/en/docs/concepts/services-networking/endpoint-slices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/services-networking/endpoint-slices.md b/content/en/docs/concepts/services-networking/endpoint-slices.md index 5d83300032771..30fbb4ae5bf1d 100644 --- a/content/en/docs/concepts/services-networking/endpoint-slices.md +++ b/content/en/docs/concepts/services-networking/endpoint-slices.md @@ -235,7 +235,7 @@ at different times. {{< note >}} Clients of the EndpointSlice API must iterate through all the existing EndpointSlices associated to a Service and build a complete list of unique network endpoints. It is -important to mention that endpoints may be duplicated in different EndointSlices. +important to mention that endpoints may be duplicated in different EndpointSlices. You can find a reference implementation for how to perform this endpoint aggregation and deduplication as part of the `EndpointSliceCache` code within `kube-proxy`. From 74746dd13ff32d13ae4a803dc2e9a9da616cc011 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 1 Mar 2023 22:14:24 +0800 Subject: [PATCH 252/537] [zh] sync 2023-03-01-introducing-kwok/ (#39739) --- .../2023-03-01-introducing-kwok/index.md | 168 ++++++++++++++++++ .../2023-03-01-introducing-kwok/kwok.svg | 1 + .../manage-clusters.svg | 1 + 3 files changed, 170 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/index.md create mode 100644 content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/kwok.svg create mode 100644 content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg diff --git a/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/index.md b/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/index.md new file mode 100644 index 0000000000000..88961f65cdc88 --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/index.md @@ -0,0 +1,168 @@ +--- +layout: blog +title: "介绍 KWOK(Kubernetes WithOut Kubelet,没有 Kubelet 的 Kubernetes)" +date: 2023-03-01 +slug: introducing-kwok +--- + + + +**作者:** Shiming Zhang (DaoCloud), Wei Huang (Apple), Yibo Zhuang (Apple) + +**译者:** Michael Yao (DaoCloud) + +KWOK logo + + +你是否曾想过在几秒钟内搭建一个由数千个节点构成的集群,如何用少量资源模拟真实的节点, +如何不耗费太多基础设施就能大规模地测试你的 Kubernetes 控制器? + +如果你曾有过这些想法,那你可能会对 KWOK 有兴趣。 +KWOK 是一个工具包,能让你在几秒钟内创建数千个节点构成的集群。 + + +## 什么是 KWOK? {#what-is-kwok} + +KWOK 是 Kubernetes WithOut Kubelet 的缩写,即没有 Kubelet 的 Kubernetes。 +到目前为止,KWOK 提供了两个工具: + + +`kwok` +: `kwok` 是这个项目的基石,负责模拟伪节点、Pod 和其他 Kubernetes API 资源的生命周期。 + +`kwokctl` +: `kwokctl` 是一个 CLI 工具,设计用于简化创建和管理由 `kwok` 模拟节点组成的集群。 + + +## 为什么使用 KWOK? {#why-use-kwok} + +KWOK 具有下面几点优势: + + +- **速度**:你几乎可以实时创建和删除集群及节点,无需等待引导或制备过程。 +- **兼容性**:KWOK 能够与兼容 Kubernetes API 的所有工具或客户端(例如 kubectl、helm、kui)协同作业。 +- **可移植性**:KWOK 没有特殊的软硬件要求。一旦安装了 Docker 或 Nerdctl,你就可以使用预先构建的镜像来运行 KWOK。 + 另外,二进制文件包适用于所有平台,安装简单。 +- **灵活**:你可以配置不同类型的节点、标签、污点、容量、状况等,还可以配置不同的 Pod + 行为和状态来测试不同的场景和边缘用例。 +- **性能**:你在自己的笔记本电脑上就能模拟数千个节点,无需大量消耗 CPU 或内存资源。 + + +## 使用场景是什么? {#what-are-use-cases} + +KWOK 可用于各种用途: + + +- **学习**:你可以使用 KWOK 学习 Kubernetes 概念和特性,无需顾虑资源浪费或其他后果。 +- **开发**:你可以使用 KWOK 为 Kubernetes 开发新特性或新工具,无需接入真实的集群,也不需要其他组件。 +- **测试**: + - 你可以衡量自己的应用程序或控制器在使用不同数量节点和 Pod 时的扩缩表现如何。 + - 你可以用不同的资源请求或限制创建大量 Pod 或服务,在集群上营造高负载的环境。 + - 你可以通过更改节点状况或随机删除节点来模拟节点故障或网络分区。 + - 你可以通过启用不同的特性门控或 API 版本来测试控制器如何与其他组件交互。 + + +## 有哪些限制? {#what-are-limiations} + +KWOK 并非试图完整替代其他什么。当然也有一些限制需要你多加注意: + + +- **功能性**:KWOK 不是 kubelet。KWOK 在 Pod 生命周期管理、卷挂载和设备插件方面所展现的行为与 kubelet 不同。 + KWOK 的主要功能是模拟节点和 Pod 状态的更新。 +- **准确性**:需要重点注意 KWOK 还不能确切地反映各种工作负载或环境下真实节点的性能或行为。 + KWOK 只能使用一些公式来逼近真实的节点行为。 +- **安全性**:KWOK 没有对模拟的节点实施任何安全策略或安全机制。 + KWOK 假定来自 kube-apiserver 的所有请求都是经过授权且是有效的。 + + +## 入门 {#getting-started} + +如果你对试用 KWOK 感兴趣,请查阅 [KWOK 文档](https://kwok.sigs.k8s.io/)了解详情。 + + +{{< figure src="/blog/2023/03/01/introducing-kwok/manage-clusters.svg" alt="在终端上使用 kwokctl 的动图" caption="使用 kwokctl 管理模拟的集群" >}} + + +## 欢迎参与 {#getting-involved} + +如果你想参与讨论 KWOK 的未来或参与开发,可通过以下几种方式参与进来: + + +- Slack [#kwok] 讨论一般用法,Slack [#kwok-dev] 讨论开发问题(访问 [slack.k8s.io] 获取 KWOK 工作空间的邀请链接) +- 在 [sigs.k8s.io/kwok] 上提出 Issue/PR/Discussion + + +我们欢迎所有想要加入这个项目的贡献者,欢迎任何形式的反馈和贡献。 + +[documents]: https://kwok.sigs.k8s.io/ +[sigs.k8s.io/kwok]: https://sigs.k8s.io/kwok/ +[#kwok]: https://kubernetes.slack.com/messages/kwok/ +[#kwok-dev]: https://kubernetes.slack.com/messages/kwok-dev/ +[slack.k8s.io]: https://slack.k8s.io/ diff --git a/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/kwok.svg b/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/kwok.svg new file mode 100644 index 0000000000000..50c6fed067d6b --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/kwok.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg b/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg new file mode 100644 index 0000000000000..12a24197ce195 --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-03-01-introducing-kwok/manage-clusters.svg @@ -0,0 +1 @@ +~/go/src/sigs.k8s.io/kwok$~/go/src/sigs.k8s.io/kwok$#~/go/src/sigs.k8s.io/kwok$#Let's~/go/src/sigs.k8s.io/kwok$#Let'sgetting~/go/src/sigs.k8s.io/kwok$#Let'sgettingstarted~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwith~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokctl!~/go/src/sigs.k8s.io/kwok$k~/go/src/sigs.k8s.io/kwok$kw~/go/src/sigs.k8s.io/kwok$kwo~/go/src/sigs.k8s.io/kwok$kwok~/go/src/sigs.k8s.io/kwok$kwokc~/go/src/sigs.k8s.io/kwok$kwokct~/go/src/sigs.k8s.io/kwok$kwokctl~/go/src/sigs.k8s.io/kwok$kwokctl-~/go/src/sigs.k8s.io/kwok$kwokctl--~/go/src/sigs.k8s.io/kwok$kwokctl--n~/go/src/sigs.k8s.io/kwok$kwokctl--na~/go/src/sigs.k8s.io/kwok$kwokctl--nam~/go/src/sigs.k8s.io/kwok$kwokctl--name~/go/src/sigs.k8s.io/kwok$kwokctl--named~/go/src/sigs.k8s.io/kwok$kwokctl--namede~/go/src/sigs.k8s.io/kwok$kwokctl--namedem~/go/src/sigs.k8s.io/kwok$kwokctl--namedemo~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreate~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclusterCreatingclustercluster=demoStartingclustercluster=demo[+]Running2/0[+]Running5/3Networkkwok-demoCreated0.0sContainerkwok-demo-etcdSt...0.1sContainerkwok-demo-kube-apiserverCreated0.0sContainerkwok-demo-kwok-controllerCreated0.0sContainerkwok-demo-kube-controller-managerCreated0.0sContainerkwok-demo-kube-schedulerCreated0.0s[+]Running5/6Containerkwok-demo-etcdSt...0.3sContainerkwok-demo-kube-apiserverStarting0.3sContainerkwok-demo-kube-apiserverStarting0.5s[+]Running3/6Containerkwok-demo-kube-apiserverStarted0.5sContainerkwok-demo-kwok-controllerStarting0.6sContainerkwok-demo-kube-controller-managerStarting0.6sContainerkwok-demo-kube-schedulerStarting0.6sContainerkwok-demo-kwok-controllerStarting0.7sContainerkwok-demo-kube-controller-managerStarting0.7sContainerkwok-demo-kube-schedulerStarting0.7s[+]Running6/6Containerkwok-demo-kwok-controllerStarted0.8sContainerkwok-demo-kube-controller-managerStarted0.8sContainerkwok-demo-kube-schedulerStarted0.7sClusteriscreatedcluster=demoelapsed=1sYoucannowuseyourclusterwith:kubectlconfiguse-contextkwok-demoThanksforusingkwok!~/go/src/sigs.k8s.io/kwok$#G~/go/src/sigs.k8s.io/kwok$#Ge~/go/src/sigs.k8s.io/kwok$#Get~/go/src/sigs.k8s.io/kwok$#Geta~/go/src/sigs.k8s.io/kwok$#Getal~/go/src/sigs.k8s.io/kwok$#Getall~/go/src/sigs.k8s.io/kwok$#Getallclusters.~/go/src/sigs.k8s.io/kwok$kwokctlget~/go/src/sigs.k8s.io/kwok$kwokctlgetclustersdemo~/go/src/sigs.k8s.io/kwok$#Switch~/go/src/sigs.k8s.io/kwok$#Switchto~/go/src/sigs.k8s.io/kwok$#Switchtothe~/go/src/sigs.k8s.io/kwok$#Switchtothecluster~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontext~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwith~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubectl.~/go/src/sigs.k8s.io/kwok$ku~/go/src/sigs.k8s.io/kwok$kub~/go/src/sigs.k8s.io/kwok$kube~/go/src/sigs.k8s.io/kwok$kubec~/go/src/sigs.k8s.io/kwok$kubect~/go/src/sigs.k8s.io/kwok$kubectl~/go/src/sigs.k8s.io/kwok$kubectlconfig~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-context~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-demoSwitchedtocontext"kwok-demo".~/go/src/sigs.k8s.io/kwok$#Create~/go/src/sigs.k8s.io/kwok$#Createa~/go/src/sigs.k8s.io/kwok$#Createanode.~/go/src/sigs.k8s.io/kwok$kubectla~/go/src/sigs.k8s.io/kwok$kubectlap~/go/src/sigs.k8s.io/kwok$kubectlapp~/go/src/sigs.k8s.io/kwok$kubectlappl~/go/src/sigs.k8s.io/kwok$kubectlapply~/go/src/sigs.k8s.io/kwok$kubectlapply-~/go/src/sigs.k8s.io/kwok$kubectlapply-f~/go/src/sigs.k8s.io/kwok$kubectlapply-f.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./~/go/src/sigs.k8s.io/kwok$kubectlapply-f./t~/go/src/sigs.k8s.io/kwok$kubectlapply-f./te~/go/src/sigs.k8s.io/kwok$kubectlapply-f./tes~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/k~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kw~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwo~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/f~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fa~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fak~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.yamlnode/fake-nodecreated~/go/src/sigs.k8s.io/kwok$#Getallnodes.~/go/src/sigs.k8s.io/kwok$kubectlg~/go/src/sigs.k8s.io/kwok$kubectlge~/go/src/sigs.k8s.io/kwok$kubectlget~/go/src/sigs.k8s.io/kwok$kubectlgetnodeNAMESTATUSROLESAGEVERSIONfake-nodeReadyagent5sfake~/go/src/sigs.k8s.io/kwok$#Apply~/go/src/sigs.k8s.io/kwok$#Applya~/go/src/sigs.k8s.io/kwok$#Applyadeployment.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.yamldeployment.apps/fake-podcreated~/go/src/sigs.k8s.io/kwok$#Getallpods.~/go/src/sigs.k8s.io/kwok$kubectlgetpodNAMEREADYSTATUSRESTARTSAGEfake-pod-5f58597466-ffq791/1Running05sfake-pod-5f58597466-gl2dc1/1Running05sfake-pod-5f58597466-p6vvw1/1Running05sfake-pod-5f58597466-wk44d1/1Running05sfake-pod-5f58597466-xzwbq1/1Running05s~/go/src/sigs.k8s.io/kwok$#Delete~/go/src/sigs.k8s.io/kwok$#Deletethe~/go/src/sigs.k8s.io/kwok$#Deletethecluster.~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodelete~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclusterStoppingclustercluster=demo[+]Running0/0Containerkwok-demo-kwok-controllerRemoved0.1sContainerkwok-demo-kube-controller-managerStopping0.2sContainerkwok-demo-kube-schedulerStopping0.2s[+]Running3/3Containerkwok-demo-kube-controller-managerRemoved0.2sContainerkwok-demo-kube-schedulerRemoved0.2sContainerkwok-demo-kube-apiserverStopping0.1s[+]Running3/4Containerkwok-demo-kube-apiserverStopping0.2sContainerkwok-demo-kube-apiserverStopping0.7sContainerkwok-demo-kube-apiserverStopping1.0s[+]Running4/4Containerkwok-demo-kube-apiserverRemoved1.3sContainerkwok-demo-etcdSt...0.0s[+]Running5/5Containerkwok-demo-etcdRe...0.1sNetworkkwok-demoRemoving0.0sNetworkkwok-demoRemoved0.0sDeletingclustercluster=demoClusterdeletedcluster=demo~/go/src/sigs.k8s.io/kwok$#That's~/go/src/sigs.k8s.io/kwok$#That'sall,~/go/src/sigs.k8s.io/kwok$#That'sall,enjoy~/go/src/sigs.k8s.io/kwok$#That'sall,enjoyit!~/go/src/sigs.k8s.io/kwok$clear~/go/src/sigs.k8s.io/kwok$#L~/go/src/sigs.k8s.io/kwok$#Le~/go/src/sigs.k8s.io/kwok$#Let~/go/src/sigs.k8s.io/kwok$#Let'~/go/src/sigs.k8s.io/kwok$#Let'sg~/go/src/sigs.k8s.io/kwok$#Let'sge~/go/src/sigs.k8s.io/kwok$#Let'sget~/go/src/sigs.k8s.io/kwok$#Let'sgett~/go/src/sigs.k8s.io/kwok$#Let'sgetti~/go/src/sigs.k8s.io/kwok$#Let'sgettin~/go/src/sigs.k8s.io/kwok$#Let'sgettings~/go/src/sigs.k8s.io/kwok$#Let'sgettingst~/go/src/sigs.k8s.io/kwok$#Let'sgettingsta~/go/src/sigs.k8s.io/kwok$#Let'sgettingstar~/go/src/sigs.k8s.io/kwok$#Let'sgettingstart~/go/src/sigs.k8s.io/kwok$#Let'sgettingstarte~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedw~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwi~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwit~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithk~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkw~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwo~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwok~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokc~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokct~/go/src/sigs.k8s.io/kwok$#Let'sgettingstartedwithkwokctl~/go/src/sigs.k8s.io/kwok$kwokctl--namedemoc~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocr~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocre~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocrea~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreat~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreatec~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreatecl~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclu~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclus~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclust~/go/src/sigs.k8s.io/kwok$kwokctl--namedemocreateclusteNetworkkwok-demoCreated0.0sContainerkwok-demo-etcdCreated0.0sContainerkwok-demo-kube-apiserverC...0.0sContainerkwok-demo-etcdSt...0.2sContainerkwok-demo-kube-apiserverStarting0.4s~/go/src/sigs.k8s.io/kwok$#Getallc~/go/src/sigs.k8s.io/kwok$#Getallcl~/go/src/sigs.k8s.io/kwok$#Getallclu~/go/src/sigs.k8s.io/kwok$#Getallclus~/go/src/sigs.k8s.io/kwok$#Getallclust~/go/src/sigs.k8s.io/kwok$#Getallcluste~/go/src/sigs.k8s.io/kwok$#Getallcluster~/go/src/sigs.k8s.io/kwok$#Getallclusters~/go/src/sigs.k8s.io/kwok$kwokctlg~/go/src/sigs.k8s.io/kwok$kwokctlge~/go/src/sigs.k8s.io/kwok$kwokctlgetc~/go/src/sigs.k8s.io/kwok$kwokctlgetcl~/go/src/sigs.k8s.io/kwok$kwokctlgetclu~/go/src/sigs.k8s.io/kwok$kwokctlgetclus~/go/src/sigs.k8s.io/kwok$kwokctlgetclust~/go/src/sigs.k8s.io/kwok$kwokctlgetcluste~/go/src/sigs.k8s.io/kwok$kwokctlgetcluster~/go/src/sigs.k8s.io/kwok$#S~/go/src/sigs.k8s.io/kwok$#Sw~/go/src/sigs.k8s.io/kwok$#Swi~/go/src/sigs.k8s.io/kwok$#Swit~/go/src/sigs.k8s.io/kwok$#Switc~/go/src/sigs.k8s.io/kwok$#Switcht~/go/src/sigs.k8s.io/kwok$#Switchtot~/go/src/sigs.k8s.io/kwok$#Switchtoth~/go/src/sigs.k8s.io/kwok$#Switchtothec~/go/src/sigs.k8s.io/kwok$#Switchtothecl~/go/src/sigs.k8s.io/kwok$#Switchtotheclu~/go/src/sigs.k8s.io/kwok$#Switchtotheclus~/go/src/sigs.k8s.io/kwok$#Switchtotheclust~/go/src/sigs.k8s.io/kwok$#Switchtothecluste~/go/src/sigs.k8s.io/kwok$#Switchtotheclusterc~/go/src/sigs.k8s.io/kwok$#Switchtotheclusterco~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercon~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercont~/go/src/sigs.k8s.io/kwok$#Switchtotheclusterconte~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontex~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextw~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwi~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwit~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithk~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithku~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkub~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkube~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubec~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubect~/go/src/sigs.k8s.io/kwok$#Switchtotheclustercontextwithkubectl~/go/src/sigs.k8s.io/kwok$kubectlc~/go/src/sigs.k8s.io/kwok$kubectlco~/go/src/sigs.k8s.io/kwok$kubectlcon~/go/src/sigs.k8s.io/kwok$kubectlconf~/go/src/sigs.k8s.io/kwok$kubectlconfi~/go/src/sigs.k8s.io/kwok$kubectlconfigu~/go/src/sigs.k8s.io/kwok$kubectlconfigus~/go/src/sigs.k8s.io/kwok$kubectlconfiguse~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-c~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-co~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-con~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-cont~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-conte~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contex~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextk~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkw~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwo~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-d~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-de~/go/src/sigs.k8s.io/kwok$kubectlconfiguse-contextkwok-dem~/go/src/sigs.k8s.io/kwok$#C~/go/src/sigs.k8s.io/kwok$#Cr~/go/src/sigs.k8s.io/kwok$#Cre~/go/src/sigs.k8s.io/kwok$#Crea~/go/src/sigs.k8s.io/kwok$#Creat~/go/src/sigs.k8s.io/kwok$#Createan~/go/src/sigs.k8s.io/kwok$#Createano~/go/src/sigs.k8s.io/kwok$#Createanod~/go/src/sigs.k8s.io/kwok$#Createanode~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-n~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-no~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-nod~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.y~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.ya~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-node.yam~/go/src/sigs.k8s.io/kwok$#Getalln~/go/src/sigs.k8s.io/kwok$#Getallno~/go/src/sigs.k8s.io/kwok$#Getallnod~/go/src/sigs.k8s.io/kwok$#Getallnode~/go/src/sigs.k8s.io/kwok$#Getallnodes~/go/src/sigs.k8s.io/kwok$kubectlgetn~/go/src/sigs.k8s.io/kwok$kubectlgetno~/go/src/sigs.k8s.io/kwok$kubectlgetnod~/go/src/sigs.k8s.io/kwok$#A~/go/src/sigs.k8s.io/kwok$#Ap~/go/src/sigs.k8s.io/kwok$#App~/go/src/sigs.k8s.io/kwok$#Appl~/go/src/sigs.k8s.io/kwok$#Applyad~/go/src/sigs.k8s.io/kwok$#Applyade~/go/src/sigs.k8s.io/kwok$#Applyadep~/go/src/sigs.k8s.io/kwok$#Applyadepl~/go/src/sigs.k8s.io/kwok$#Applyadeplo~/go/src/sigs.k8s.io/kwok$#Applyadeploy~/go/src/sigs.k8s.io/kwok$#Applyadeploym~/go/src/sigs.k8s.io/kwok$#Applyadeployme~/go/src/sigs.k8s.io/kwok$#Applyadeploymen~/go/src/sigs.k8s.io/kwok$#Applyadeployment~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-d~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-de~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-dep~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-depl~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deplo~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deploy~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deploym~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployme~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deploymen~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.y~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.ya~/go/src/sigs.k8s.io/kwok$kubectlapply-f./test/kwok/fake-deployment.yam~/go/src/sigs.k8s.io/kwok$#Getallp~/go/src/sigs.k8s.io/kwok$#Getallpo~/go/src/sigs.k8s.io/kwok$#Getallpod~/go/src/sigs.k8s.io/kwok$#Getallpods~/go/src/sigs.k8s.io/kwok$kubectlgetp~/go/src/sigs.k8s.io/kwok$kubectlgetpofake-pod-5f58597466-p6vvw~/go/src/sigs.k8s.io/kwok$#D~/go/src/sigs.k8s.io/kwok$#De~/go/src/sigs.k8s.io/kwok$#Del~/go/src/sigs.k8s.io/kwok$#Dele~/go/src/sigs.k8s.io/kwok$#Delet~/go/src/sigs.k8s.io/kwok$#Deletet~/go/src/sigs.k8s.io/kwok$#Deleteth~/go/src/sigs.k8s.io/kwok$#Deletethec~/go/src/sigs.k8s.io/kwok$#Deletethecl~/go/src/sigs.k8s.io/kwok$#Deletetheclu~/go/src/sigs.k8s.io/kwok$#Deletetheclus~/go/src/sigs.k8s.io/kwok$#Deletetheclust~/go/src/sigs.k8s.io/kwok$#Deletethecluste~/go/src/sigs.k8s.io/kwok$#Deletethecluster~/go/src/sigs.k8s.io/kwok$kwokctl--namedemod~/go/src/sigs.k8s.io/kwok$kwokctl--namedemode~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodel~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodele~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodelet~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeletec~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeletecl~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclu~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclus~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclust~/go/src/sigs.k8s.io/kwok$kwokctl--namedemodeleteclusteContainerkwok-demo-kwok-controllerStopping0.1sContainerkwok-demo-kube-controller-managerStopping0.1sContainerkwok-demo-kube-schedulerStopping0.1s[+]Running1/3Containerkwok-demo-kube-apiserverStopping0.3sContainerkwok-demo-kube-apiserverStopping0.4sContainerkwok-demo-kube-apiserverStopping0.5sContainerkwok-demo-kube-apiserverStopping0.6sContainerkwok-demo-kube-apiserverStopping0.8sContainerkwok-demo-kube-apiserverStopping0.9sContainerkwok-demo-kube-apiserverStopping1.1sContainerkwok-demo-kube-apiserverStopping1.2sContainerkwok-demo-kube-apiserverStopping1.3s~/go/src/sigs.k8s.io/kwok$#T~/go/src/sigs.k8s.io/kwok$#Th~/go/src/sigs.k8s.io/kwok$#Tha~/go/src/sigs.k8s.io/kwok$#That~/go/src/sigs.k8s.io/kwok$#That'~/go/src/sigs.k8s.io/kwok$#That'sa~/go/src/sigs.k8s.io/kwok$#That'sal~/go/src/sigs.k8s.io/kwok$#That'sall~/go/src/sigs.k8s.io/kwok$#That'sall,e~/go/src/sigs.k8s.io/kwok$#That'sall,en~/go/src/sigs.k8s.io/kwok$#That'sall,enj~/go/src/sigs.k8s.io/kwok$#That'sall,enjo~/go/src/sigs.k8s.io/kwok$#That'sall,enjoyi~/go/src/sigs.k8s.io/kwok$#That'sall,enjoyit~/go/src/sigs.k8s.io/kwok$c~/go/src/sigs.k8s.io/kwok$cl~/go/src/sigs.k8s.io/kwok$cle~/go/src/sigs.k8s.io/kwok$clea \ No newline at end of file From dda415932020c49aede37201e3cbca7d235fcc12 Mon Sep 17 00:00:00 2001 From: hxysayhi <51870525+hxysayhi@users.noreply.github.com> Date: Thu, 2 Mar 2023 09:39:30 +0800 Subject: [PATCH 253/537] Update topology-spread-constraints.md Fixed translation errors. --- .../concepts/scheduling-eviction/topology-spread-constraints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints.md b/content/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints.md index 37a2fd0b20937..afb4aefbc3985 100644 --- a/content/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints.md +++ b/content/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints.md @@ -958,7 +958,7 @@ section of the enhancement proposal about Pod topology spread constraints. - 该调度器不会预先知道集群拥有的所有可用区和其他拓扑域。 拓扑域由集群中存在的节点确定。在自动扩缩的集群中,如果一个节点池(或节点组)的节点数量缩减为零, 而用户正期望其扩容时,可能会导致调度出现问题。 - 因为在这种情况下,调度器不会考虑这些拓扑域,因为其中至少有一个节点。 + 因为在这种情况下,调度器不会考虑这些拓扑域,直至这些拓扑域中至少包含有一个节点。 你可以通过使用感知 Pod 拓扑分布约束并感知整个拓扑域集的集群自动扩缩工具来解决此问题。 From ee3ba4e39504c40d860bfccd3afb0eb6a62e19ad Mon Sep 17 00:00:00 2001 From: s-kawamura-w664 Date: Thu, 2 Mar 2023 08:35:18 +0000 Subject: [PATCH 254/537] [ja] update some roles and links --- content/ja/docs/contribute/review/for-approvers.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/ja/docs/contribute/review/for-approvers.md b/content/ja/docs/contribute/review/for-approvers.md index ea17bba99ecf1..822396fbf67ea 100644 --- a/content/ja/docs/contribute/review/for-approvers.md +++ b/content/ja/docs/contribute/review/for-approvers.md @@ -61,13 +61,13 @@ Prowコマンド | Roleの制限 | 説明 :------------|:------------------|:----------- `/lgtm` | Organizationメンバー | PRのレビューが完了し、変更に納得したことを知らせる。 `/approve` | Approver | PRをマージすることを承認する。 -`/assign` | ReviewerまたはApprover | PRのレビューまたは承認するひとを割り当てる。 -`/close` | ReviewerまたはApprover | issueまたはPRをcloseする。 +`/assign` | 誰でも | PRのレビューまたは承認するひとを割り当てる。 +`/close` | Organizationメンバー | issueまたはPRをcloseする。 `/hold` | 誰でも | `do-not-merge/hold`ラベルを追加して、自動的にマージできないPRであることを示す。 `/hold cancel` | 誰でも | `do-not-merge/hold`ラベルを削除する。 {{< /table >}} -PRで利用できるすべてのコマンド一覧を確認するには、[Prowコマンドリファレンス](https://prow.k8s.io/command-help)を参照してください。 +PRで利用できるすべてのコマンドを確認するには、[Prowコマンドリファレンス](https://prow.k8s.io/command-help?repo=kubernetes%2Fwebsite)を参照してください。 ## issueのトリアージとカテゴリー分類 @@ -141,7 +141,7 @@ SIG Docsでは、対処方法をドキュメントに書いても良いくらい ### Blogに関するissue -[Kubernetes Blog](https://kubernetes.io/blog/)のエントリーは時間が経つと情報が古くなるものだと考えています。そのため、ブログのエントリーは1年以内のものだけをメンテナンスします。1年以上前のブログエントリーに関するissueは修正せずにcloseします。 +[Kubernetes Blog](/blog/)のエントリーは時間が経つと情報が古くなるものだと考えています。そのため、ブログのエントリーは1年以内のものだけをメンテナンスします。1年以上前のブログエントリーに関するissueは修正せずにcloseします。 ### サポートリクエストまたはコードのバグレポート {#support-requests-or-code-bug-reports} From 3a9b4317b4329ba29d5a16a1f2e0f3add20e86c5 Mon Sep 17 00:00:00 2001 From: nurayko <88191393+nurayko@users.noreply.github.com> Date: Thu, 2 Mar 2023 11:40:24 +0200 Subject: [PATCH 255/537] Fix phrasing. --- data/announcements/scheduled.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/announcements/scheduled.yaml b/data/announcements/scheduled.yaml index d6aabff06ea12..31c135a9a2039 100644 --- a/data/announcements/scheduled.yaml +++ b/data/announcements/scheduled.yaml @@ -139,7 +139,7 @@ announcements: title: "Legacy k8s.gcr.io container image registry will be frozen in early April 2023" message: | k8s.gcr.io image registry will be frozen from the 3rd of April 2023.
    - Images for Kubernetes 1.27 will not available in the k8s.gcr.io image registry.
    + Images for Kubernetes 1.27 will not be available in the k8s.gcr.io image registry.
    Please read our [announcement](/blog/2023/02/06/k8s-gcr-io-freeze-announcement/) for more details. - name: Freezing k8s.gcr.io - After From d6445848fc32d9cb832f020a9fd5845f4d346ccf Mon Sep 17 00:00:00 2001 From: ClimberJ <98227175+ClimberJ@users.noreply.github.com> Date: Thu, 2 Mar 2023 12:14:13 +0100 Subject: [PATCH 256/537] Removed duplicate word --- content/en/docs/concepts/workloads/pods/pod-qos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/workloads/pods/pod-qos.md b/content/en/docs/concepts/workloads/pods/pod-qos.md index b2035c520f404..9b0b10dedadbe 100644 --- a/content/en/docs/concepts/workloads/pods/pod-qos.md +++ b/content/en/docs/concepts/workloads/pods/pod-qos.md @@ -71,7 +71,7 @@ A Pod is given a QoS class of `Burstable` if: Pods in the `BestEffort` QoS class can use node resources that aren't specifically assigned to Pods in other QoS classes. For example, if you have a node with 16 CPU cores available to the -kubelet, and you assign assign 4 CPU cores to a `Guaranteed` Pod, then a Pod in the `BestEffort` +kubelet, and you assign 4 CPU cores to a `Guaranteed` Pod, then a Pod in the `BestEffort` QoS class can try to use any amount of the remaining 12 CPU cores. The kubelet prefers to evict `BestEffort` Pods if the node comes under resource pressure. From 70fec9eb61999766a6f464dd6e3a9902fd0d7b0f Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Thu, 23 Feb 2023 22:57:39 +0800 Subject: [PATCH 257/537] [zh-cn]sync 2022-12-16-non-graceful-node-shutdown-to-beta.md Signed-off-by: xin.li --- ...2-16-non-graceful-node-shutdown-to-beta.md | 251 ++++++++++++++++++ 1 file changed, 251 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2022-12-16-non-graceful-node-shutdown-to-beta.md diff --git a/content/zh-cn/blog/_posts/2022-12-16-non-graceful-node-shutdown-to-beta.md b/content/zh-cn/blog/_posts/2022-12-16-non-graceful-node-shutdown-to-beta.md new file mode 100644 index 0000000000000..84c11355e05ea --- /dev/null +++ b/content/zh-cn/blog/_posts/2022-12-16-non-graceful-node-shutdown-to-beta.md @@ -0,0 +1,251 @@ +--- +layout: blog +title: "Kubernetes 1.26: 节点非体面关闭进入 Beta 阶段" +date: 2022-12-16T10:00:00-08:00 +slug: kubernetes-1-26-non-graceful-node-shutdown-beta +--- + + + + +**作者:** Xing Yang (VMware), Ashutosh Kumar (VMware) + +**译者:** Xin Li (DaoCloud) + +Kubernetes v1.24 [引入](https://kubernetes.io/blog/2022/05/20/kubernetes-1-24-non-graceful-node-shutdown-alpha/) +了用于处理[节点非体面关闭](/zh-cn/docs/concepts/architecture/nodes/#non-graceful-node-shutdown)改进的 +Alpha 质量实现。 + + +## 什么是 Kubernetes 中的节点关闭 + +在 Kubernetes 集群中,节点可能会关闭。这可能在计划内发生,也可能意外发生。 +你可能计划进行安全补丁或内核升级并需要重新启动节点,或者它可能由于 VM 实例抢占而关闭。 +节点也可能由于硬件故障或软件问题而关闭。 + + +要触发节点关闭,你可以在 shell 中运行 `shutdown` 或 `poweroff` 命令,或者按下按钮关闭机器电源。 + +下面分别介绍什么是节点体面关闭,什么是节点非体面关闭。 + + +## 什么是节点**体面**关闭? + +kubelet 对[节点体面关闭](/zh-cn/docs/concepts/architecture/nodes/#graceful-node-shutdown) +的处理在于允许 kubelet 检测节点关闭事件,正确终止该节点上的 Pod,并在实际关闭之前释放资源。 +[关键 Pod](/zh-cn/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) +在所有常规 Pod 终止后终止,以确保应用程序的基本功能可以尽可能长时间地继续工作。 + + +## 什么是节点**非体面**关闭? + +仅当 kubelet 的**节点关闭管理器**可以检测到即将到来的节点关闭操作时,节点关闭才可能是体面的。 +但是,在某些情况下,kubelet 不能检测到节点关闭操作。 +这可能是因为 `shutdown` 命令没有触发 Linux 上 kubelet 使用的 [Inhibitor Locks](https://www.freedesktop.org/wiki/Software/systemd/inhibit) +机制,或者是因为用户的失误导致。 +例如,如果该节点的 `shutdownGracePeriod` 和 `shutdownGracePeriodCriticalPods` 详细信息配置不正确。 + + +当一个节点关闭(或崩溃),并且 kubelet 节点关闭管理器**没有**检测到该关闭时, +就出现了非体面的节点关闭。节点非体面关闭对于有状态应用程序而言是一个问题。 +如果节点以非正常方式关闭且节点上存在属于某 StatefulSet 的 Pod, +则该 Pod 将被无限期地阻滞在 `Terminating` 状态,并且控制平面无法在健康节点上为该 StatefulSet 创建替代 Pod。 +你可以手动删除失败的 Pod,但这对于集群自愈来说并不是理想状态。 +同样,作为 Deployment 的一部分创建的 ReplicaSet 中的 Pod 也将滞留在 `Terminating` 状态, +对于绑定到正在被关闭的节点上的其他 Pod,也将无限期地处于 `Terminating` 状态。 +如果你设置了水平缩放限制,即使那些处于终止过程中的 Pod 也会被计入该限制, +因此如果你的工作负载已经达到最大缩放比例,则它可能难以自我修复。 +(顺便说一句:如果非体面关闭的节点重新启动,kubelet 确实会删除旧的 Pod,并且控制平面可以进行替换。) + + + +## Beta 阶段带来的新功能 +在 Kubernetes v1.26 中,非体面节点关闭特性是 Beta 版,默认被启用。 +`NodeOutOfServiceVolumeDetach` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)在 +`kube-controller-manager` 中从可选启用变成默认启用。如果需要, +你仍然可以选择禁用此特性(也请提交一个 issue 来解释问题)。 + + +在检测方面,kub​​e-controller-manager 报告了两个新指标。 + +`force_delete_pods_total`:被强制删除的 Pod 数(在 Pod 垃圾收集控制器重启时重置) + +`force_delete_pod_errors_total`:尝试强制删除 Pod 时遇到的错误数(也会在 Pod 垃圾收集控制器重启时重置) + + +## 它是如何工作的? + +在节点关闭的情况下,如果正常关闭不起作用或节点由于硬件故障或操作系统损坏而处于不可恢复状态, +你可以在 Node 上手动添加 `out-of-service` 污点。 +例如,污点可以是 `node.kubernetes.io/out-of-service=nodeshutdown:NoExecute` 或 +`node.kubernetes.io/out-of-service=nodeshutdown:NoSchedule`。 +如果 Pod 上没有与之匹配的容忍规则,则此污点会触发节点上的 Pod 被强制删除。 +附加到关闭中的节点的持久卷将被分离,新的 Pod 将在不同的运行节点上成功创建。 + +``` +kubectl taint nodes node.kubernetes.io/out-of-service=nodeshutdown:NoExecute +``` + + +**注意**:在应用 out-of-service 污点之前,你必须验证节点是否已经处于关闭或断电状态(而不是在重新启动中), +要么是因为用户有意关闭它,要么是由于硬件故障或操作系统问题等导致节点关闭。 + +与 out-of-service 节点有关联的所有工作负载的 Pod 都被移动到新的运行节点, +并且所关闭的节点已恢复之后,你应该删除受影响节点上的污点。 + + +## 接下来 + +根据反馈和采用情况,Kubernetes 团队计划在 1.27 或 1.28 中将非体面节点关闭实现推向正式发布(GA)状态。 + +此功能需要用户手动向节点添加污点以触发工作负载的故障转移并在节点恢复后删除污点。 + +如果有一种编程方式可以确定节点确实关闭并且节点和存储之间没有 IO, +则集群操作员可以通过自动应用 `out-of-service` 污点来自动执行此过程。 + +在工作负载成功转移到另一个正在运行的节点并且曾关闭的节点已恢复后,集群操作员可以自动删除污点。 + +将来,我们计划寻找方法来自动检测来隔离已关闭或处于不可恢复状态的节点, +并将其工作负载故障转移到另一个节点。 + + +## 如何学习更多? + +要了解更多信息,请阅读 Kubernetes 文档中的[非体面节点关闭](/zh-cn/docs/concepts/architecture/nodes/#non-graceful-node-shutdown)。 + + +## 如何参与 + +我们非常感谢所有帮助设计、实施和审查此功能的贡献者: + +* Michelle Au ([msau42](https://github.com/msau42)) +* Derek Carr ([derekwaynecarr](https://github.com/derekwaynecarr)) +* Danielle Endocrimes ([endocrimes](https://github.com/endocrimes)) +* Tim Hockin ([thockin](https://github.com/thockin)) +* Ashutosh Kumar ([sonasingh46](https://github.com/sonasingh46)) +* Hemant Kumar ([gnufied](https://github.com/gnufied)) +* Yuiko Mouri([YuikoTakada](https://github.com/YuikoTakada)) +* Mrunal Patel ([mrunalp](https://github.com/mrunalp)) +* David Porter ([bobbypage](https://github.com/bobbypage)) +* Yassine Tijani ([yastij](https://github.com/yastij)) +* Jing Xu ([jingxu97](https://github.com/jingxu97)) +* Xing Yang ([xing-yang](https://github.com/xing-yang)) + + +一路上有很多人帮助审阅了设计和实现。我们要感谢为这项工作做出贡献的所有人,包括在过去几年中审查 +[KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/2268-non-graceful-shutdown) +和实现的大约 30 人。 + +此功能是 SIG Storage 和 SIG Node 之间的协作。对于那些有兴趣参与 Kubernetes +存储系统任何部分的设计和开发的人,请加入 Kubernetes 存储特别兴趣小组 (SIG)。 +对于那些有兴趣参与支持 Pod 和主机资源之间受控交互的组件的设计和开发,请加入 Kubernetes Node SIG。 + From 63fb4cbc1f64b6cf4e3fdfdaf43f74d42f69d4a3 Mon Sep 17 00:00:00 2001 From: "William Walters (He/Him)" <44623911+wwalters12@users.noreply.github.com> Date: Thu, 2 Mar 2023 10:49:18 -0500 Subject: [PATCH 258/537] Fix grammar in check-if-dockershim-removal-affects-you page --- .../check-if-dockershim-removal-affects-you.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md index 267d614ef9dc0..47ff6088d0a71 100644 --- a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md +++ b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md @@ -8,7 +8,7 @@ weight: 50 -The `dockershim` component of Kubernetes allows to use Docker as a Kubernetes's +The `dockershim` component of Kubernetes allows the use of Docker as a Kubernetes's {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}. Kubernetes' built-in `dockershim` component was removed in release v1.24. From 4ce224a0e5ab5647dec21eb33206e27b7b77e5a4 Mon Sep 17 00:00:00 2001 From: "William Walters (He/Him)" <44623911+wwalters12@users.noreply.github.com> Date: Thu, 2 Mar 2023 13:28:43 -0500 Subject: [PATCH 259/537] Fix additional grammatical errors in check-whether-dockershim-removal-affects-you page --- .../check-if-dockershim-removal-affects-you.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md index 47ff6088d0a71..d31f708043d54 100644 --- a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md +++ b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md @@ -40,11 +40,11 @@ dependency on Docker: 1. Third-party tools that perform above mentioned privileged operations. See [Migrating telemetry and security agents from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents) for more information. -1. Make sure there is no indirect dependencies on dockershim behavior. +1. Make sure there are no indirect dependencies on dockershim behavior. This is an edge case and unlikely to affect your application. Some tooling may be configured to react to Docker-specific behaviors, for example, raise alert on specific metrics or search for a specific log message as part of troubleshooting instructions. - If you have such tooling configured, test the behavior on test + If you have such tooling configured, test the behavior on a test cluster before migration. ## Dependency on Docker explained {#role-of-dockershim} @@ -74,7 +74,7 @@ before to check on these containers is no longer available. You cannot get container information using `docker ps` or `docker inspect` commands. As you cannot list containers, you cannot get logs, stop containers, -or execute something inside container using `docker exec`. +or execute something inside a container using `docker exec`. {{< note >}} From c38e5c00fb8bb928eda06801f42868954e5135ac Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 29 Oct 2022 15:50:16 +0100 Subject: [PATCH 260/537] Avoid creating local manifest for PSA tutorials The kubectl tool includes a client for fetching manifests using HTTP, and we usually rely on that for tutorials. Switch to an approach where we don't create a manifest on the filesystem and then apply that. --- .../tutorials/security/cluster-level-pss.md | 25 ++++--------------- .../docs/tutorials/security/ns-level-pss.md | 25 +++---------------- .../security/example-baseline-pod.yaml | 10 ++++++++ ...ith-cluster-level-baseline-pod-security.sh | 4 +-- ...h-namespace-level-baseline-pod-security.sh | 6 +++-- 5 files changed, 25 insertions(+), 45 deletions(-) create mode 100644 content/en/examples/security/example-baseline-pod.yaml diff --git a/content/en/docs/tutorials/security/cluster-level-pss.md b/content/en/docs/tutorials/security/cluster-level-pss.md index 07273c3be8ee9..917b087d4330a 100644 --- a/content/en/docs/tutorials/security/cluster-level-pss.md +++ b/content/en/docs/tutorials/security/cluster-level-pss.md @@ -286,31 +286,16 @@ following: To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ``` -1. Create the following Pod specification for a minimal configuration in the default namespace: - - ``` - cat < /tmp/pss/nginx-pod.yaml - apiVersion: v1 - kind: Pod - metadata: - name: nginx - spec: - containers: - - image: nginx - name: nginx - ports: - - containerPort: 80 - EOF - ``` -1. Create the Pod in the cluster: +1. Create a Pod in the default namespace: ```shell - kubectl apply -f /tmp/pss/nginx-pod.yaml + kubectl apply -f https://k8s.io/examples/security/example-baseline-pod.yaml ``` + The output is similar to this: ``` - Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") - pod/nginx created + Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") + pod/nginx created ``` ## Clean up diff --git a/content/en/docs/tutorials/security/ns-level-pss.md b/content/en/docs/tutorials/security/ns-level-pss.md index 64aaf64832a56..fcea5280236a4 100644 --- a/content/en/docs/tutorials/security/ns-level-pss.md +++ b/content/en/docs/tutorials/security/ns-level-pss.md @@ -109,27 +109,10 @@ namespace/example created ## Verify the Pod Security Standards -1. Create a minimal pod in `example` namespace: +1. Create a baseline Pod in the `example` namespace: ```shell - cat < /tmp/pss/nginx-pod.yaml - apiVersion: v1 - kind: Pod - metadata: - name: nginx - spec: - containers: - - image: nginx - name: nginx - ports: - - containerPort: 80 - EOF - ``` - -1. Apply the pod spec to the cluster in `example` namespace: - - ```shell - kubectl apply -n example -f /tmp/pss/nginx-pod.yaml + kubectl apply -n example -f https://k8s.io/examples/security/example-baseline-pod.yaml ``` The output is similar to this: @@ -138,10 +121,10 @@ namespace/example created pod/nginx created ``` -1. Apply the pod spec to the cluster in `default` namespace: +1. Create a baseline Pod in the `default` namespace: ```shell - kubectl apply -n default -f /tmp/pss/nginx-pod.yaml + kubectl apply -n default -f https://k8s.io/examples/security/example-baseline-pod.yaml ``` Output is similar to this: diff --git a/content/en/examples/security/example-baseline-pod.yaml b/content/en/examples/security/example-baseline-pod.yaml new file mode 100644 index 0000000000000..eca57ea4de858 --- /dev/null +++ b/content/en/examples/security/example-baseline-pod.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx +spec: + containers: + - image: nginx + name: nginx + ports: + - containerPort: 80 diff --git a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh index 2fbd0dfe81e5a..8f1218b88d9fc 100644 --- a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh +++ b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh @@ -55,7 +55,7 @@ kind create cluster --name psa-with-cluster-pss --image kindest/node:v1.23.0 --c kubectl cluster-info --context kind-psa-with-cluster-pss # Wait for 15 seconds (arbitrary) ServiceAccount Admission Controller to be available sleep 15 -cat < /tmp/pss/nginx-pod.yaml +cat < /tmp/pss/nginx-pod.yaml + +# Try running a Pod +cat < Date: Sat, 29 Oct 2022 15:52:24 +0100 Subject: [PATCH 261/537] Assume that kind provides Pod Security Admission Given that Pod Security Admission has been beta and then generally available for a while, assume that kind gives the reader a cluster than includes this feature. --- .../tutorials/security/cluster-level-pss.md | 32 +++++++++---------- .../docs/tutorials/security/ns-level-pss.md | 4 +-- ...ith-cluster-level-baseline-pod-security.sh | 2 +- ...h-namespace-level-baseline-pod-security.sh | 4 +-- 4 files changed, 20 insertions(+), 22 deletions(-) diff --git a/content/en/docs/tutorials/security/cluster-level-pss.md b/content/en/docs/tutorials/security/cluster-level-pss.md index 917b087d4330a..3366c24d102f9 100644 --- a/content/en/docs/tutorials/security/cluster-level-pss.md +++ b/content/en/docs/tutorials/security/cluster-level-pss.md @@ -42,22 +42,22 @@ that are most appropriate for your configuration, do the following: 1. Create a cluster with no Pod Security Standards applied: ```shell - kind create cluster --name psa-wo-cluster-pss --image kindest/node:v1.24.0 + kind create cluster --name psa-wo-cluster-pss ``` - The output is similar to this: + The output is similar to: ``` Creating cluster "psa-wo-cluster-pss" ... - ✓ Ensuring node image (kindest/node:v1.24.0) 🖼 - ✓ Preparing nodes 📦 + ✓ Ensuring node image (kindest/node:v{{< skew currentVersion >}}.0) 🖼 + ✓ Preparing nodes 📦 ✓ Writing configuration 📜 ✓ Starting control-plane 🕹️ ✓ Installing CNI 🔌 ✓ Installing StorageClass 💾 Set kubectl context to "kind-psa-wo-cluster-pss" You can now use your cluster with: - + kubectl cluster-info --context kind-psa-wo-cluster-pss - + Thanks for using kind! 😊 ``` @@ -72,7 +72,7 @@ that are most appropriate for your configuration, do the following: Kubernetes control plane is running at https://127.0.0.1:61350 CoreDNS is running at https://127.0.0.1:61350/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy - + To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ``` @@ -255,22 +255,22 @@ following: these Pod Security Standards: ```shell - kind create cluster --name psa-with-cluster-pss --image kindest/node:v1.24.0 --config /tmp/pss/cluster-config.yaml + kind create cluster --name psa-with-cluster-pss --config /tmp/pss/cluster-config.yaml ``` The output is similar to this: ``` Creating cluster "psa-with-cluster-pss" ... - ✓ Ensuring node image (kindest/node:v1.24.0) 🖼 - ✓ Preparing nodes 📦 - ✓ Writing configuration 📜 - ✓ Starting control-plane 🕹️ - ✓ Installing CNI 🔌 - ✓ Installing StorageClass 💾 + ✓ Ensuring node image (kindest/node:v{{< skew currentVersion >}}.0) 🖼 + ✓ Preparing nodes 📦 + ✓ Writing configuration 📜 + ✓ Starting control-plane 🕹️ + ✓ Installing CNI 🔌 + ✓ Installing StorageClass 💾 Set kubectl context to "kind-psa-with-cluster-pss" You can now use your cluster with: - + kubectl cluster-info --context kind-psa-with-cluster-pss - + Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂 ``` diff --git a/content/en/docs/tutorials/security/ns-level-pss.md b/content/en/docs/tutorials/security/ns-level-pss.md index fcea5280236a4..03a23ccc0b388 100644 --- a/content/en/docs/tutorials/security/ns-level-pss.md +++ b/content/en/docs/tutorials/security/ns-level-pss.md @@ -31,14 +31,14 @@ Install the following on your workstation: 1. Create a `KinD` cluster as follows: ```shell - kind create cluster --name psa-ns-level --image kindest/node:v1.23.0 + kind create cluster --name psa-ns-level ``` The output is similar to this: ``` Creating cluster "psa-ns-level" ... - ✓ Ensuring node image (kindest/node:v1.23.0) 🖼 + ✓ Ensuring node image (kindest/node:v{{< skew currentVersion >}}.0) 🖼 ✓ Preparing nodes 📦 ✓ Writing configuration 📜 ✓ Starting control-plane 🕹️ diff --git a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh index 8f1218b88d9fc..953e255ada63c 100644 --- a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh +++ b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh @@ -51,7 +51,7 @@ nodes: # default None propagation: None EOF -kind create cluster --name psa-with-cluster-pss --image kindest/node:v1.23.0 --config /tmp/pss/cluster-config.yaml +kind create cluster --name psa-with-cluster-pss --config /tmp/pss/cluster-config.yaml kubectl cluster-info --context kind-psa-with-cluster-pss # Wait for 15 seconds (arbitrary) ServiceAccount Admission Controller to be available sleep 15 diff --git a/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh index 78039b442e138..7b6abab32fe4d 100644 --- a/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh +++ b/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh @@ -1,7 +1,5 @@ #!/bin/sh -# Until v1.23 is released, kind node image needs to be built from k/k master branch -# Ref: https://kind.sigs.k8s.io/docs/user/quick-start/#building-images -kind create cluster --name psa-ns-level --image kindest/node:v1.23.0 +kind create cluster --name psa-ns-level kubectl cluster-info --context kind-psa-ns-level # Wait for 15 seconds (arbitrary) ServiceAccount Admission Controller to be available sleep 15 From c6b3f34d5b971f67efc7e3bfeda8b8c3081d685a Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 29 Oct 2022 15:53:36 +0100 Subject: [PATCH 262/537] Automatically clean up after deploying PSA examples Readers who want to skip the clean up can edit these scripts; it seems fair to assume that a reader who wants that would know how to edit a shell script and delete lines from it. --- ...d-with-cluster-level-baseline-pod-security.sh | 12 ++++++++++++ ...with-namespace-level-baseline-pod-security.sh | 16 ++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh index 953e255ada63c..6712cf57e0b11 100644 --- a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh +++ b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh @@ -53,6 +53,7 @@ nodes: EOF kind create cluster --name psa-with-cluster-pss --config /tmp/pss/cluster-config.yaml kubectl cluster-info --context kind-psa-with-cluster-pss + # Wait for 15 seconds (arbitrary) ServiceAccount Admission Controller to be available sleep 15 cat <&2 +set -e +kubectl delete pod --all -n example --now +kubectl delete ns example +kind delete cluster --name psa-with-cluster-pss +rm -f /tmp/pss/cluster-config.yaml diff --git a/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh index 7b6abab32fe4d..6c1ddb80856b6 100644 --- a/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh +++ b/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh @@ -1,9 +1,11 @@ #!/bin/sh kind create cluster --name psa-ns-level kubectl cluster-info --context kind-psa-ns-level -# Wait for 15 seconds (arbitrary) ServiceAccount Admission Controller to be available +# Wait for 15 seconds (arbitrary) for ServiceAccount Admission Controller to be available sleep 15 -kubectl create ns example + +# Create and label the namespace +kubectl create ns example || exit 1 # if namespace exists, don't do the next steps kubectl label --overwrite ns example \ pod-security.kubernetes.io/enforce=baseline \ pod-security.kubernetes.io/enforce-version=latest \ @@ -26,3 +28,13 @@ spec: - containerPort: 80 EOF kubectl apply -n example -f - + +# Wait +sleep 3 + +# Clean up +printf "\n\nCleaning up:\n" 1>&2 +set -e +kubectl delete pod --all -n example --now +kubectl delete ns example +kind delete cluster --name psa-ns-level From a39ee496feac1bdef8d03335d72ad99a903b0d99 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 29 Oct 2022 15:54:51 +0100 Subject: [PATCH 263/537] Tidy PSA tutorials Various tidying to match website style guide better. --- .../tutorials/security/cluster-level-pss.md | 29 ++++++++++--------- .../docs/tutorials/security/ns-level-pss.md | 19 ++++++------ 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/content/en/docs/tutorials/security/cluster-level-pss.md b/content/en/docs/tutorials/security/cluster-level-pss.md index 3366c24d102f9..52d26f3af81da 100644 --- a/content/en/docs/tutorials/security/cluster-level-pss.md +++ b/content/en/docs/tutorials/security/cluster-level-pss.md @@ -82,7 +82,7 @@ that are most appropriate for your configuration, do the following: kubectl get ns ``` The output is similar to this: - ``` + ``` NAME STATUS AGE default Active 9m30s kube-node-lease Active 9m32s @@ -99,8 +99,9 @@ that are most appropriate for your configuration, do the following: kubectl label --dry-run=server --overwrite ns --all \ pod-security.kubernetes.io/enforce=privileged ``` - The output is similar to this: - ``` + + The output is similar to: + ``` namespace/default labeled namespace/kube-node-lease labeled namespace/kube-public labeled @@ -108,12 +109,13 @@ that are most appropriate for your configuration, do the following: namespace/local-path-storage labeled ``` 2. Baseline - ```shell + ```shell kubectl label --dry-run=server --overwrite ns --all \ pod-security.kubernetes.io/enforce=baseline ``` - The output is similar to this: - ``` + + The output is similar to: + ``` namespace/default labeled namespace/kube-node-lease labeled namespace/kube-public labeled @@ -123,15 +125,16 @@ that are most appropriate for your configuration, do the following: Warning: kube-proxy-m6hwf: host namespaces, hostPath volumes, privileged namespace/kube-system labeled namespace/local-path-storage labeled - ``` + ``` 3. Restricted ```shell kubectl label --dry-run=server --overwrite ns --all \ pod-security.kubernetes.io/enforce=restricted ``` - The output is similar to this: - ``` + + The output is similar to: + ``` namespace/default labeled namespace/kube-node-lease labeled namespace/kube-public labeled @@ -180,7 +183,7 @@ following: ``` mkdir -p /tmp/pss - cat < /tmp/pss/cluster-level-pss.yaml + cat < /tmp/pss/cluster-level-pss.yaml apiVersion: apiserver.config.k8s.io/v1 kind: AdmissionConfiguration plugins: @@ -212,7 +215,7 @@ following: 1. Configure the API server to consume this file during cluster creation: ``` - cat < /tmp/pss/cluster-config.yaml + cat < /tmp/pss/cluster-config.yaml kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: @@ -281,11 +284,11 @@ following: The output is similar to this: ``` Kubernetes control plane is running at https://127.0.0.1:63855 - CoreDNS is running at https://127.0.0.1:63855/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy - + To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ``` + 1. Create a Pod in the default namespace: ```shell diff --git a/content/en/docs/tutorials/security/ns-level-pss.md b/content/en/docs/tutorials/security/ns-level-pss.md index 03a23ccc0b388..a660222875320 100644 --- a/content/en/docs/tutorials/security/ns-level-pss.md +++ b/content/en/docs/tutorials/security/ns-level-pss.md @@ -80,11 +80,12 @@ The output is similar to this: namespace/example created ``` -## Apply Pod Security Standards +## Enable Pod Security Standards checking for that namespace 1. Enable Pod Security Standards on this namespace using labels supported by - built-in Pod Security Admission. In this step we will warn on baseline pod - security standard as per the latest version (default value) + built-in Pod Security Admission. In this step you will configure a check to + warn on Pods that don't meet the latest version of the _baseline_ pod + security standard. ```shell kubectl label --overwrite ns example \ @@ -92,8 +93,8 @@ namespace/example created pod-security.kubernetes.io/warn-version=latest ``` -2. Multiple pod security standards can be enabled on any namespace, using labels. - Following command will `enforce` the `baseline` Pod Security Standard, but +2. You can configure multiple pod security standard checks on any namespace, using labels. + The following command will `enforce` the `baseline` Pod Security Standard, but `warn` and `audit` for `restricted` Pod Security Standards as per the latest version (default value) @@ -107,7 +108,7 @@ namespace/example created pod-security.kubernetes.io/audit-version=latest ``` -## Verify the Pod Security Standards +## Verify the Pod Security Standard enforcement 1. Create a baseline Pod in the `example` namespace: @@ -132,9 +133,9 @@ namespace/example created pod/nginx created ``` -The Pod Security Standards were applied only to the `example` -namespace. You could create the same Pod in the `default` namespace -with no warnings. +The Pod Security Standards enforcement and warning settings were applied only +to the `example` namespace. You could create the same Pod in the `default` +namespace with no warnings. ## Clean up From c9640ebc325bc911190d70384dcb8c82021df16f Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 29 Oct 2022 15:59:09 +0100 Subject: [PATCH 264/537] Make it clear that PSA example Pods do start OK The reader sees a warning, but the Pods do run. That detail might not be obvious otherwise. --- content/en/docs/tutorials/security/cluster-level-pss.md | 2 +- content/en/docs/tutorials/security/ns-level-pss.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tutorials/security/cluster-level-pss.md b/content/en/docs/tutorials/security/cluster-level-pss.md index 52d26f3af81da..77d54e3c29847 100644 --- a/content/en/docs/tutorials/security/cluster-level-pss.md +++ b/content/en/docs/tutorials/security/cluster-level-pss.md @@ -295,7 +295,7 @@ following: kubectl apply -f https://k8s.io/examples/security/example-baseline-pod.yaml ``` - The output is similar to this: + The pod is started normally, but the output includes a warning: ``` Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") pod/nginx created diff --git a/content/en/docs/tutorials/security/ns-level-pss.md b/content/en/docs/tutorials/security/ns-level-pss.md index a660222875320..cff35050e1f49 100644 --- a/content/en/docs/tutorials/security/ns-level-pss.md +++ b/content/en/docs/tutorials/security/ns-level-pss.md @@ -115,7 +115,7 @@ namespace/example created ```shell kubectl apply -n example -f https://k8s.io/examples/security/example-baseline-pod.yaml ``` - The output is similar to this: + The Pod does start OK; the output includes a warning. For example: ``` Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") From 3c8df5ea553e1c2d14d73d7f28b45ed73dd05b68 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 29 Oct 2022 18:02:08 +0100 Subject: [PATCH 265/537] Mention that cluster-level PSA config might not be possible Some managed clusters don't let you configure PSA cluster wide, and users might not realize this unless we tell them. --- content/en/docs/tutorials/security/cluster-level-pss.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/en/docs/tutorials/security/cluster-level-pss.md b/content/en/docs/tutorials/security/cluster-level-pss.md index 77d54e3c29847..a892f366d637a 100644 --- a/content/en/docs/tutorials/security/cluster-level-pss.md +++ b/content/en/docs/tutorials/security/cluster-level-pss.md @@ -30,6 +30,11 @@ Install the following on your workstation: - [KinD](https://kind.sigs.k8s.io/docs/user/quick-start/#installation) - [kubectl](/docs/tasks/tools/) +This tutorial demonstrates what you can configure for a Kubernetes cluster that you fully +control. If you are learning how to configure Pod Security Admission for a managed cluster +where you are not able to configure the control plane, read +[Apply Pod Security Standards at the namespace level](/docs/tutorials/security/ns-level-pss). + ## Choose the right Pod Security Standard to apply [Pod Security Admission](/docs/concepts/security/pod-security-admission/) From 04cfb74c4819116982ca6f10235aa22348b79355 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Tue, 24 Jan 2023 23:57:23 +0000 Subject: [PATCH 266/537] Await input in Pod Security Admission demo script Don't run through the whole thing including cleanup - let the user have a go first. --- .../kind-with-cluster-level-baseline-pod-security.sh | 6 ++++-- .../kind-with-namespace-level-baseline-pod-security.sh | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh index 6712cf57e0b11..76e092807fd43 100644 --- a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh +++ b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh @@ -70,8 +70,10 @@ spec: EOF kubectl apply -f - -# Wait -sleep 3 +# Await input +sleep 1 +( bash -c 'true' 2>/dev/null && bash -c 'read -p "Press any key to continue... " -n1 -s' ) || \ + ( printf "Press Enter to continue... " && read ) 1>&2 # Clean up printf "\n\nCleaning up:\n" 1>&2 diff --git a/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh index 6c1ddb80856b6..637e23df51431 100644 --- a/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh +++ b/content/en/examples/security/kind-with-namespace-level-baseline-pod-security.sh @@ -29,8 +29,10 @@ spec: EOF kubectl apply -n example -f - -# Wait -sleep 3 +# Await input +sleep 1 +( bash -c 'true' 2>/dev/null && bash -c 'read -p "Press any key to continue... " -n1 -s' ) || \ + ( printf "Press Enter to continue... " && read ) 1>&2 # Clean up printf "\n\nCleaning up:\n" 1>&2 From cf11a9dc3b22e74c977d48c0d2a24c80c7e9a628 Mon Sep 17 00:00:00 2001 From: Arhell Date: Fri, 3 Mar 2023 00:47:29 +0200 Subject: [PATCH 267/537] [pt] Add externalSetMarkChain to portmap config --- .../extend-kubernetes/compute-storage-net/network-plugins.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/pt-br/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md b/content/pt-br/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md index 4d45bccbf448e..8c49dd2ef8075 100644 --- a/content/pt-br/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md +++ b/content/pt-br/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md @@ -92,7 +92,8 @@ Por exemplo: }, { "type": "portmap", - "capabilities": {"portMappings": true} + "capabilities": {"portMappings": true}, + "externalSetMarkChain": "KUBE-MARK-MASQ" } ] } From 58455c59e9de56e4e7e5ba1cdfb7810f4afed900 Mon Sep 17 00:00:00 2001 From: Guangwen Feng Date: Fri, 3 Mar 2023 16:19:50 +0800 Subject: [PATCH 268/537] Remove duplicate "the" in admission-controllers.md Signed-off-by: Guangwen Feng --- .../docs/reference/access-authn-authz/admission-controllers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/access-authn-authz/admission-controllers.md b/content/en/docs/reference/access-authn-authz/admission-controllers.md index f58fe099d9577..9d1b17796daff 100644 --- a/content/en/docs/reference/access-authn-authz/admission-controllers.md +++ b/content/en/docs/reference/access-authn-authz/admission-controllers.md @@ -107,7 +107,7 @@ CertificateApproval, CertificateSigning, CertificateSubjectRestriction, DefaultI {{< note >}} The [`ValidatingAdmissionPolicy`](#validatingadmissionpolicy) admission plugin is enabled -by default, but is only active if you enable the the `ValidatingAdmissionPolicy` +by default, but is only active if you enable the `ValidatingAdmissionPolicy` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) **and** the `admissionregistration.k8s.io/v1alpha1` API. {{< /note >}} From c90fd0f340ae93e91d1a319e4b3770655319c013 Mon Sep 17 00:00:00 2001 From: s-kawamura-w664 Date: Fri, 3 Mar 2023 09:08:17 +0000 Subject: [PATCH 269/537] [ja] Update page weights under content/ja/docs/reference. --- .../ja/docs/reference/command-line-tools-reference/_index.md | 2 +- content/ja/docs/reference/kubectl/_index.md | 2 +- content/ja/docs/reference/kubectl/cheatsheet.md | 1 + content/ja/docs/reference/kubectl/conventions.md | 1 + content/ja/docs/reference/kubectl/jsonpath.md | 2 +- content/ja/docs/reference/scheduling/_index.md | 2 +- content/ja/docs/reference/scheduling/policies.md | 1 + content/ja/docs/reference/setup-tools/_index.md | 2 +- content/ja/docs/reference/using-api/_index.md | 2 +- 9 files changed, 9 insertions(+), 6 deletions(-) diff --git a/content/ja/docs/reference/command-line-tools-reference/_index.md b/content/ja/docs/reference/command-line-tools-reference/_index.md index 89d64ce646db7..2e4806da13d42 100644 --- a/content/ja/docs/reference/command-line-tools-reference/_index.md +++ b/content/ja/docs/reference/command-line-tools-reference/_index.md @@ -1,5 +1,5 @@ --- title: コマンドラインツールのリファレンス -weight: 60 +weight: 120 toc-hide: true --- diff --git a/content/ja/docs/reference/kubectl/_index.md b/content/ja/docs/reference/kubectl/_index.md index 7b6c2d720b12a..6738659218c18 100644 --- a/content/ja/docs/reference/kubectl/_index.md +++ b/content/ja/docs/reference/kubectl/_index.md @@ -1,5 +1,5 @@ --- title: "kubectl CLI" -weight: 60 +weight: 110 --- diff --git a/content/ja/docs/reference/kubectl/cheatsheet.md b/content/ja/docs/reference/kubectl/cheatsheet.md index 7b2d782882cfd..31a56103ccf92 100644 --- a/content/ja/docs/reference/kubectl/cheatsheet.md +++ b/content/ja/docs/reference/kubectl/cheatsheet.md @@ -1,6 +1,7 @@ --- title: kubectlチートシート content_type: concept +weight: 10 # highlight it card: name: reference weight: 30 diff --git a/content/ja/docs/reference/kubectl/conventions.md b/content/ja/docs/reference/kubectl/conventions.md index 338c97152adac..a1ee10d6e1e87 100644 --- a/content/ja/docs/reference/kubectl/conventions.md +++ b/content/ja/docs/reference/kubectl/conventions.md @@ -1,6 +1,7 @@ --- title: kubectlの使用規則 content_type: concept +weight: 60 --- diff --git a/content/ja/docs/reference/kubectl/jsonpath.md b/content/ja/docs/reference/kubectl/jsonpath.md index 9b9caca4bb3b0..fc382444ddc11 100644 --- a/content/ja/docs/reference/kubectl/jsonpath.md +++ b/content/ja/docs/reference/kubectl/jsonpath.md @@ -1,7 +1,7 @@ --- title: JSONPathのサポート content_type: concept -weight: 25 +weight: 40 --- diff --git a/content/ja/docs/reference/scheduling/_index.md b/content/ja/docs/reference/scheduling/_index.md index 316b774081953..6a44b52845201 100644 --- a/content/ja/docs/reference/scheduling/_index.md +++ b/content/ja/docs/reference/scheduling/_index.md @@ -1,5 +1,5 @@ --- title: Scheduling -weight: 70 +weight: 140 toc-hide: true --- diff --git a/content/ja/docs/reference/scheduling/policies.md b/content/ja/docs/reference/scheduling/policies.md index dd236d3c3db20..620adbc1a2603 100644 --- a/content/ja/docs/reference/scheduling/policies.md +++ b/content/ja/docs/reference/scheduling/policies.md @@ -3,6 +3,7 @@ title: スケジューリングポリシー content_type: concept sitemap: priority: 0.2 # スケジューリングポリシーは廃止されました。 +weight: 30 --- diff --git a/content/ja/docs/reference/setup-tools/_index.md b/content/ja/docs/reference/setup-tools/_index.md index 8341a25236359..0ccc1ece2f0e3 100644 --- a/content/ja/docs/reference/setup-tools/_index.md +++ b/content/ja/docs/reference/setup-tools/_index.md @@ -1,4 +1,4 @@ --- title: セットアップツールのリファレンス -weight: 50 +weight: 100 --- diff --git a/content/ja/docs/reference/using-api/_index.md b/content/ja/docs/reference/using-api/_index.md index 543b78b2c84a9..5df9a0391835d 100644 --- a/content/ja/docs/reference/using-api/_index.md +++ b/content/ja/docs/reference/using-api/_index.md @@ -1,7 +1,7 @@ --- title: API概要 content_type: concept -weight: 10 +weight: 20 no_list: true card: name: reference From 4a885ceca8839245502881a9834b5c05253b1b79 Mon Sep 17 00:00:00 2001 From: Shogo Hida Date: Sun, 19 Feb 2023 11:54:43 +0900 Subject: [PATCH 270/537] Fix paths Signed-off-by: Shogo Hida --- .../cluster-administration-overview.md | 6 +----- .../concepts/cluster-administration/manage-deployment.md | 5 ++--- .../concepts/configuration/manage-resources-containers.md | 2 +- .../reference/command-line-tools-reference/feature-gates.md | 4 ++-- .../ja/docs/tasks/debug/debug-cluster/local-debugging.md | 2 +- .../guestbook-logs-metrics-with-elk.md | 4 ++-- 6 files changed, 9 insertions(+), 14 deletions(-) diff --git a/content/ja/docs/concepts/cluster-administration/cluster-administration-overview.md b/content/ja/docs/concepts/cluster-administration/cluster-administration-overview.md index 9f27d7779df53..11c7285609b80 100644 --- a/content/ja/docs/concepts/cluster-administration/cluster-administration-overview.md +++ b/content/ja/docs/concepts/cluster-administration/cluster-administration-overview.md @@ -49,7 +49,7 @@ Kubernetesクラスターの計画、セットアップ、設定の例を知る * [Kubernetesクラスターでのsysctlの使用](/docs/concepts/cluster-administration/sysctl-cluster/)では、管理者向けにカーネルパラメーターを設定するため`sysctl`コマンドラインツールの使用方法について解説します。 -* [クラスターの監査](/docs/tasks/debug-application-cluster/audit/)では、Kubernetesの監査ログの扱い方について解説します。 +* [クラスターの監査](/ja/docs/tasks/debug/debug-cluster/audit/)では、Kubernetesの監査ログの扱い方について解説します。 ### kubeletをセキュアにする * [マスターとノードのコミュニケーション](/ja/docs/concepts/architecture/master-node-communication/) @@ -61,7 +61,3 @@ Kubernetesクラスターの計画、セットアップ、設定の例を知る * [DNSのインテグレーション](/ja/docs/concepts/services-networking/dns-pod-service/)では、DNS名をKubernetes Serviceに直接名前解決する方法を解説します。 * [クラスターアクティビィのロギングと監視](/docs/concepts/cluster-administration/logging/)では、Kubernetesにおけるロギングがどのように行われ、どう実装されているかについて解説します。 - - - - diff --git a/content/ja/docs/concepts/cluster-administration/manage-deployment.md b/content/ja/docs/concepts/cluster-administration/manage-deployment.md index 084ff304b5c6a..35def1de1269e 100644 --- a/content/ja/docs/concepts/cluster-administration/manage-deployment.md +++ b/content/ja/docs/concepts/cluster-administration/manage-deployment.md @@ -1,6 +1,6 @@ --- reviewers: -- +- title: リソースの管理 content_type: concept weight: 40 @@ -449,6 +449,5 @@ kubectl edit deployment/my-nginx ## {{% heading "whatsnext" %}} -- [アプリケーションの調査とデバッグのための`kubectl`の使用方法](/docs/tasks/debug-application-cluster/debug-application-introspection/)について学んでください。 +- [アプリケーションの調査とデバッグのための`kubectl`の使用方法](/ja/docs/tasks/debug/debug-application/debug-running-pod/)について学んでください。 - [設定のベストプラクティスとTIPS](/ja/docs/concepts/configuration/overview/)を参照してください。 - diff --git a/content/ja/docs/concepts/configuration/manage-resources-containers.md b/content/ja/docs/concepts/configuration/manage-resources-containers.md index 62b01aa0dfe88..7004d7348dc8e 100644 --- a/content/ja/docs/concepts/configuration/manage-resources-containers.md +++ b/content/ja/docs/concepts/configuration/manage-resources-containers.md @@ -170,7 +170,7 @@ Dockerを使用する場合: Podのリソース使用量は、Podのステータスの一部として報告されます。 -オプションの[監視ツール](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)がクラスターにおいて利用可能な場合、Podのリソース使用量は[メトリクスAPI](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/#the-metrics-api)から直接、もしくは監視ツールから取得できます。 +オプションの[監視ツール](/ja/docs/tasks/debug/debug-cluster/resource-usage-monitoring/)がクラスターにおいて利用可能な場合、Podのリソース使用量は[メトリクスAPI](/ja/docs/tasks/debug/debug-cluster/resource-metrics-pipeline/#the-metrics-api)から直接、もしくは監視ツールから取得できます。 ## ローカルのエフェメラルストレージ {#local-ephemeral-storage} diff --git a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md index 76ee414f7bbb8..a014c7c608593 100644 --- a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md @@ -346,7 +346,7 @@ GAになってからさらなる変更を加えることは現実的ではない 各フィーチャーゲートは特定の機能を有効/無効にするように設計されています。 - `Accelerators`: DockerでのNvidia GPUのサポートを有効にします。 -- `AdvancedAuditing`: [高度な監査機能](/docs/tasks/debug-application-cluster/audit/#advanced-audit)を有効にします。 +- `AdvancedAuditing`: [高度な監査機能](/ja/docs/tasks/debug/debug-cluster/audit/#advanced-audit)を有効にします。 - `AffinityInAnnotations`(*非推奨*): [Podのアフィニティまたはアンチアフィニティ](/ja/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)を有効にします。 - `AnyVolumeDataSource`: {{< glossary_tooltip text="PVC" term_id="persistent-volume-claim" >}}の`DataSource`としてカスタムリソースの使用を有効にします。 - `AllowExtTrafficLocalEndpoints`: サービスが外部へのリクエストをノードのローカルエンドポイントにルーティングできるようにします。 @@ -387,7 +387,7 @@ GAになってからさらなる変更を加えることは現実的ではない - `CustomResourceWebhookConversion`: [CustomResourceDefinition](/docs/concepts/extend-kubernetes/api-extension/custom-resources/)から作成されたリソースのWebhookベースの変換を有効にします。 - `DevicePlugins`: [device-plugins](/docs/concepts/cluster-administration/device-plugins/)によるノードでのリソースプロビジョニングを有効にします。 - `DryRun`: サーバーサイドでの[dry run](/docs/reference/using-api/api-concepts/#dry-run)リクエストを有効にします。 -- `DynamicAuditing`: [動的監査](/docs/tasks/debug-application-cluster/audit/#dynamic-backend)を有効にします。 +- `DynamicAuditing`: [動的監査](/docs/tasks/debug/debug-cluster/audit/#dynamic-backend)を有効にします。 - `DynamicKubeletConfig`: kubeletの動的構成を有効にします。[kubeletの再設定](/docs/tasks/administer-cluster/reconfigure-kubelet/)を参照してください。 - `DynamicProvisioningScheduling`: デフォルトのスケジューラーを拡張してボリュームトポロジーを認識しPVプロビジョニングを処理します。この機能は、v1.12の`VolumeScheduling`機能に完全に置き換えられました。 - `DynamicVolumeProvisioning`(*非推奨*): Podへの永続ボリュームの[動的プロビジョニング](/ja/docs/concepts/storage/dynamic-provisioning/)を有効にします。 diff --git a/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md b/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md index 3272582fb367c..a0ef6f361115b 100644 --- a/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md +++ b/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md @@ -5,7 +5,7 @@ content_type: task -Kubernetesアプリケーションは通常、複数の独立したサービスから構成され、それぞれが独自のコンテナで動作しています。これらのサービスをリモートのKubernetesクラスター上で開発・デバッグするには、[get a shell on a running container](/docs/task/debug-application-cluster/get-shell-running-container/)してリモートシェル内でツールを実行しなければならず面倒な場合があります。 +Kubernetesアプリケーションは通常、複数の独立したサービスから構成され、それぞれが独自のコンテナで動作しています。これらのサービスをリモートのKubernetesクラスター上で開発・デバッグするには、[get a shell on a running container](/ja/docs/task/debug/debug-application/get-shell-running-container/)してリモートシェル内でツールを実行しなければならず面倒な場合があります。 `telepresence`は、リモートKubernetesクラスターにサービスをプロキシーしながら、ローカルでサービスを開発・デバッグするプロセスを容易にするためのツールです。 `telepresence` を使用すると、デバッガーやIDEなどのカスタムツールをローカルサービスで使用でき、ConfigMapやsecret、リモートクラスター上で動作しているサービスへのフルアクセスをサービスに提供します。 diff --git a/content/ja/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk.md b/content/ja/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk.md index 2e771a13b40c0..4eac56f950514 100644 --- a/content/ja/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk.md +++ b/content/ja/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk.md @@ -456,7 +456,7 @@ DeploymentとServiceを削除すると、実行中のすべてのPodも削除さ ## {{% heading "whatsnext" %}} -* [リソースを監視するためのツール](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)について学ぶ。 +* [リソースを監視するためのツール](/ja/docs/tasks/debug/debug-cluster/resource-usage-monitoring/)について学ぶ。 * [ロギングのアーキテクチャ](/docs/concepts/cluster-administration/logging/)についてもっと読む。 * [アプリケーションのイントロスペクションとデバッグ](/ja/docs/tasks/debug/debug-application/)についてもっと読む。 -* [アプリケーションのトラブルシューティング](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)についてもっと読む。 +* [アプリケーションのトラブルシューティング](/ja/docs/tasks/debug/debug-cluster/resource-usage-monitoring/)についてもっと読む。 From fceca934ffbd6d3b508762fa36d1437e9a962b6f Mon Sep 17 00:00:00 2001 From: Shogo Hida Date: Mon, 20 Feb 2023 18:25:22 +0900 Subject: [PATCH 271/537] Fix troubleshooting Signed-off-by: Shogo Hida --- .../windows/intro-windows-in-kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md b/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md index 2fa71ad2fc77b..ea9e947f6ae99 100644 --- a/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md +++ b/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md @@ -365,7 +365,7 @@ Windowsでは、PodSecurityContextフィールドはどれも機能しません ## ヘルプとトラブルシューティングを学ぶ {#troubleshooting} -Kubernetesクラスターのトラブルシューティングの主なヘルプソースは、この[セクション](/docs/tasks/debug-application-cluster/troubleshooting/)から始める必要があります。このセクションには、いくつか追加的な、Windows固有のトラブルシューティングヘルプが含まれています。ログは、Kubernetesにおけるトラブルシューティング問題の重要な要素です。他のコントリビューターからトラブルシューティングの支援を求めるときは、必ずそれらを含めてください。SIG-Windows[ログ収集に関するコントリビュートガイド](https://github.com/kubernetes/community/blob/master/sig-windows/CONTRIBUTING.md#gathering-logs)の指示に従ってください。 +Kubernetesクラスターのトラブルシューティングの主なヘルプソースは、[トラブルシューティング](/ja/docs/tasks/debug/)ページから始める必要があります。このページには、いくつか追加的な、Windows固有のトラブルシューティングヘルプが含まれています。ログは、Kubernetesにおけるトラブルシューティング問題の重要な要素です。他のコントリビューターからトラブルシューティングの支援を求めるときは、必ずそれらを含めてください。SIG-Windows[ログ収集に関するコントリビュートガイド](https://github.com/kubernetes/community/blob/master/sig-windows/CONTRIBUTING.md#gathering-logs)の指示に従ってください。 1. start.ps1が正常に完了したことをどのように確認できますか? From 580a3a9eaf6e4a6656f5f97c6acfb72cd1543add Mon Sep 17 00:00:00 2001 From: Shogo Hida Date: Mon, 20 Feb 2023 18:28:53 +0900 Subject: [PATCH 272/537] Fix translation Signed-off-by: Shogo Hida --- .../windows/intro-windows-in-kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md b/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md index ea9e947f6ae99..aa30f5ceaa0b4 100644 --- a/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md +++ b/content/ja/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md @@ -365,7 +365,7 @@ Windowsでは、PodSecurityContextフィールドはどれも機能しません ## ヘルプとトラブルシューティングを学ぶ {#troubleshooting} -Kubernetesクラスターのトラブルシューティングの主なヘルプソースは、[トラブルシューティング](/ja/docs/tasks/debug/)ページから始める必要があります。このページには、いくつか追加的な、Windows固有のトラブルシューティングヘルプが含まれています。ログは、Kubernetesにおけるトラブルシューティング問題の重要な要素です。他のコントリビューターからトラブルシューティングの支援を求めるときは、必ずそれらを含めてください。SIG-Windows[ログ収集に関するコントリビュートガイド](https://github.com/kubernetes/community/blob/master/sig-windows/CONTRIBUTING.md#gathering-logs)の指示に従ってください。 +Kubernetesクラスターのトラブルシューティングの主なヘルプソースは、[トラブルシューティング](/ja/docs/tasks/debug/)ページから始める必要があります。このセクションには、いくつか追加的な、Windows固有のトラブルシューティングヘルプが含まれています。ログは、Kubernetesにおけるトラブルシューティング問題の重要な要素です。他のコントリビューターからトラブルシューティングの支援を求めるときは、必ずそれらを含めてください。SIG-Windows[ログ収集に関するコントリビュートガイド](https://github.com/kubernetes/community/blob/master/sig-windows/CONTRIBUTING.md#gathering-logs)の指示に従ってください。 1. start.ps1が正常に完了したことをどのように確認できますか? From 1ae0421446e15e0ff69ef9cab91fd951624f84fa Mon Sep 17 00:00:00 2001 From: Shogo Hida Date: Sun, 26 Feb 2023 18:28:01 +0900 Subject: [PATCH 273/537] Fix path and add translation --- content/ja/docs/tasks/debug/debug-cluster/local-debugging.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md b/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md index a0ef6f361115b..8fe2c4a5f4999 100644 --- a/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md +++ b/content/ja/docs/tasks/debug/debug-cluster/local-debugging.md @@ -5,7 +5,7 @@ content_type: task -Kubernetesアプリケーションは通常、複数の独立したサービスから構成され、それぞれが独自のコンテナで動作しています。これらのサービスをリモートのKubernetesクラスター上で開発・デバッグするには、[get a shell on a running container](/ja/docs/task/debug/debug-application/get-shell-running-container/)してリモートシェル内でツールを実行しなければならず面倒な場合があります。 +Kubernetesアプリケーションは通常、複数の独立したサービスから構成され、それぞれが独自のコンテナで動作しています。これらのサービスをリモートのKubernetesクラスター上で開発・デバッグするには、[実行中のコンテナへのシェルを取得](/ja/docs/tasks/debug/debug-application/get-shell-running-container/)してリモートシェル内でツールを実行しなければならず面倒な場合があります。 `telepresence`は、リモートKubernetesクラスターにサービスをプロキシーしながら、ローカルでサービスを開発・デバッグするプロセスを容易にするためのツールです。 `telepresence` を使用すると、デバッガーやIDEなどのカスタムツールをローカルサービスで使用でき、ConfigMapやsecret、リモートクラスター上で動作しているサービスへのフルアクセスをサービスに提供します。 From b3f8293850911fefb2bc614899e7bc0025f15e4e Mon Sep 17 00:00:00 2001 From: Madhumita Kundo Date: Sun, 26 Feb 2023 12:20:18 +0000 Subject: [PATCH 274/537] [en] Update outdated update-readme-doc --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cbc8617dff809..7aa81971cf126 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This will start the local Hugo server on port 1313. Open up your browser to . +The API reference pages located in `content/en/docs/reference/kubernetes-api` are built from the Swagger specification, also known as OpenAPI specification, using . To update the reference pages for a new Kubernetes release follow these steps: From 76694cd68c8b4414bba59cca63f5d03574c940f7 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Tue, 28 Feb 2023 12:02:18 +0800 Subject: [PATCH 275/537] [zh-cn]sync blog 2022-09-07-iptables-chains.md Signed-off-by: xin.li --- .../blog/_posts/2022-09-07-iptables-chains.md | 343 ++++++++++++++++++ 1 file changed, 343 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2022-09-07-iptables-chains.md diff --git a/content/zh-cn/blog/_posts/2022-09-07-iptables-chains.md b/content/zh-cn/blog/_posts/2022-09-07-iptables-chains.md new file mode 100644 index 0000000000000..2f6da8a69f043 --- /dev/null +++ b/content/zh-cn/blog/_posts/2022-09-07-iptables-chains.md @@ -0,0 +1,343 @@ +--- +layout: blog +title: "Kubernetes 的 iptables 链不是 API" +date: 2022-09-07 +slug: iptables-chains-not-api +--- + + + + +**作者:** Dan Winship (Red Hat) + +**译者:** Xin Li (DaoCloud) + + +一些 Kubernetes 组件(例如 kubelet 和 kube-proxy)在执行操作时,会创建特定的 iptables 链和规则。 +这些链从未被计划使其成为任何 Kubernetes API/ABI 保证的一部分, +但一些外部组件仍然使用其中的一些链(特别是使用 `KUBE-MARK-MASQ` 将数据包标记为需要伪装)。 + + +作为 v1.25 版本的一部分,SIG Network 明确声明: +Kubernetes 创建的 iptables 链仅供 Kubernetes 内部使用(有一个例外), +第三方组件不应假定 Kubernetes 会创建任何特定的 iptables 链, +或者这些链将包含任何特定的规则(即使它们确实存在)。 + + +然后,在未来的版本中,作为 [KEP-3178] 的一部分,我们将开始逐步淘汰 Kubernetes +本身不再需要的某些链。Kubernetes 自身之外且使用了 `KUBE-MARK-MASQ`、`KUBE-MARK-DROP` +或 Kubernetes 所生成的其它 iptables 链的组件应当开始迁移。 + +[KEP-3178]: https://github.com/kubernetes/enhancements/issues/3178 + + +## 背景 {#background} + +除了各种为 Service 创建的 iptables 链之外,kube-proxy 还创建了某些通用 iptables 链, +用作服务代理的一部分。 过去,kubelet 还使用 iptables +来实现一些功能(例如为 Pod 设置 `hostPort` 映射),因此它也冗余地创建了一些重复的链。 + + +然而,随着 1.24 版本 Kubernetes 中 [dockershim 的移除], +kubelet 现在不再为某种目的使用任何 iptables 规则; +过去使用 iptables 来完成的事情现在总是由容器运行时或网络插件负责, +现在 kubelet 没有理由创建任何 iptables 规则。 + +同时,虽然 iptables 仍然是 Linux 上默认的 kube-proxy 后端, +但它不会永远是默认选项,因为相关的命令行工具和内核 API 基本上已被弃用, +并且不再得到改进。(RHEL 9 [记录警告] 如果你使用 iptables API,即使是通过 `iptables-nft`。) + + +尽管在 Kubernetes 1.25,iptables kube-proxy 仍然很流行, +并且 kubelet 继续创建它过去创建的 iptables 规则(尽管不再**使用**它们), +第三方软件不能假设核心 Kubernetes 组件将来会继续创建这些规则。 + +[移除 dockershim]: https://kubernetes.io/zh-cn/blog/2022/02/17/dockershim-faq/ +[记录警告]: https://access.redhat.com/solutions/6739041 + + +## 即将发生的变化 + +从现在开始的几个版本中,kubelet 将不再在 `nat` 表中创建以下 iptables 链: + + - `KUBE-MARK-DROP` + - `KUBE-MARK-MASQ` + - `KUBE-POSTROUTING` + +此外,`filter` 表中的 `KUBE-FIREWALL` 链将不再具有当前与 +`KUBE-MARK-DROP` 关联的功能(并且它最终可能会完全消失)。 + + +此更改将通过 `IPTablesOwnershipCleanup` 特性门控逐步实施。 +你可以手动在 Kubernetes 1.25 中开启此特性进行测试。 +目前的计划是将其在 Kubernetes 1.27 中默认启用, +尽管这可能会延迟到以后的版本。(不会在 Kubernetes 1.27 版本之前调整。) + + +## 如果你使用 Kubernetes 的 iptables 链怎么办 + +(尽管下面的讨论侧重于仍然基于 iptables 的短期修复, +但你可能也应该开始考虑最终迁移到 nftables 或其他 API。) + + +### 如果你使用 `KUBE-MARK-MASQ` 链... {#use-case-kube-mark-drop} + +如果你正在使用 `KUBE-MARK-MASQ` 链来伪装数据包, +你有两个选择:(1)重写你的规则以直接使用 `-j MASQUERADE`, +(2)创建你自己的替代链,完成“为伪装而设标记”的任务。 + + +kube-proxy 使用 `KUBE-MARK-MASQ` 的原因是因为在很多情况下它需要在数据包上同时调用 +`-j DNAT` 和 `-j MASQUERADE`,但不可能同时在 iptables 中调用这两种方法; +`DNAT` 必须从 `PREROUTING`(或 `OUTPUT`)链中调用(因为它可能会改变数据包将被路由到的位置)而 +`MASQUERADE` 必须从 `POSTROUTING` 中调用(因为它伪装的源 IP 地址取决于最终的路由)。 + + +理论上,kube-proxy 可以有一组规则来匹配 `PREROUTING`/`OUTPUT` +中的数据包并调用 `-j DNAT`,然后有第二组规则来匹配 `POSTROUTING` +中的相同数据包并调用 `-j MASQUERADE`。 +但是,为了提高效率,kube-proxy 只匹配了一次,在 `PREROUTING`/`OUTPUT` 期间调用 `-j DNAT`, +然后调用 `-j KUBE-MARK-MASQ` 在内核数据包标记属性上设置一个比特,作为对自身的提醒。 +然后,在 `POSTROUTING` 期间,通过一条规则来匹配所有先前标记的数据包,并对它们调用 `-j MASQUERADE`。 + + +如果你有**很多**规则需要像 kube-proxy 一样对同一个数据包同时执行 DNAT 和伪装操作, +那么你可能需要类似的安排。但在许多情况下,使用 `KUBE-MARK-MASQ` 的组件之所以这样做, +只是因为它们复制了 kube-proxy 的行为,而不理解 kube-proxy 为何这样做。 +许多这些组件可以很容易地重写为仅使用单独的 DNAT 和伪装规则。 +(在没有发生 DNAT 的情况下,使用 `KUBE-MARK-MASQ` 的意义就更小了; +只需将你的规则从 `PREROUTING` 移至 `POSTROUTING` 并直接调用 `-j MASQUERADE`。) + + +### 如果你使用 `KUBE-MARK-DROP`... {#use-case-kube-mark-drop} + +`KUBE-MARK-DROP` 的基本原理与 `KUBE-MARK-MASQ` 类似: +kube-proxy 想要在 `nat` `KUBE-SERVICES` 链中做出丢包决定以及其他决定, +但你只能从 `filter` 表中调用 `-j DROP`。 + + +通常,删除对 `KUBE-MARK-DROP` 的依赖的方法与删除对 `KUBE-MARK-MASQ` 的依赖的方法相同。 +在 kube-proxy 的场景中,很容易将 `nat` 表中的 `KUBE-MARK-DROP` +的用法替换为直接调用 `filter` 表中的 `DROP`,因为 DNAT 规则和 DROP 规则之间没有复杂的交互关系, +因此 DROP 规则可以简单地从 `nat` 移动到 `filter`。 +更复杂的场景中,可能需要在 `nat` 和 `filter` 表中“重新匹配”相同的数据包。 + + +### 如果你使用 Kubelet 的 iptables 规则来确定 `iptables-legacy` 与 `iptables-nft`... {#use-case-iptables-mode} + +对于从容器内部操纵主机网络命名空间 iptables 规则的组件而言,需要一些方法来确定主机是使用旧的 +`iptables-legacy` 二进制文件还是新的 `iptables-nft` 二进制文件(与不同的内核 API 交互)下。 + + +[`iptables-wrappers`] 模块为此类组件提供了一种自动检测系统 iptables 模式的方法, +但在过去,它通过假设 kubelet 将在任何容器启动之前创建“一堆” iptables +规则来实现这一点,因此它可以通过查看哪种模式定义了更多规则来猜测主机文件系统中的 +iptables 二进制文件正在使用哪种模式。 + +在未来的版本中,kubelet 将不再创建许多 iptables 规则, +因此基于计算存在的规则数量的启发式方法可能会失败。 + + +然而,从 1.24 开始,kubelet 总是在它使用的任何 iptables 子系统的 +`mangle` 表中创建一个名为 `KUBE-IPTABLES-HINT` 的链。 +组件现在可以查找这个特定的链,以了解 kubelet(以及系统的其余部分)正在使用哪个 iptables 子系统。 + +(此外,从 Kubernetes 1.17 开始,kubelet 在 `mangle` 表中创建了一个名为 `KUBE-KUBELET-CANARY` 的链。 +虽然这条链在未来可能会消失,但它仍然会在旧版本中存在,因此在任何最新版本的 Kubernetes 中, +至少会包含 `KUBE-IPTABLES-HINT` 或 `KUBE-KUBELET-CANARY` 两条链的其中一个。) + + +`iptables-wrappers` 包[已经被更新],以提供这个新的启发式逻辑, +所以如果你以前使用过它,你可以用它的更新版本重建你的容器镜像。 + +[`iptables-wrappers`]: https://github.com/kubernetes-sigs/iptables-wrappers/ +[已经更新]: https://github.com/kubernetes-sigs/iptables-wrappers/pull/3 + + +## 延伸阅读 + +[KEP-3178] 跟踪了清理 iptables 链所有权和弃用旧链的项目。 + +[KEP-3178]: https://github.com/kubernetes/enhancements/issues/3178 \ No newline at end of file From 0dba6571d5bc7c524db95524f684cea3b201855e Mon Sep 17 00:00:00 2001 From: Arhell Date: Sat, 4 Mar 2023 10:56:17 +0200 Subject: [PATCH 276/537] [es] Change shell to console for code snippet --- .../configure-pod-container/configure-volume-storage.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/es/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/es/docs/tasks/configure-pod-container/configure-volume-storage.md index c4f08f29690e8..f5f8b17d97a77 100644 --- a/content/es/docs/tasks/configure-pod-container/configure-volume-storage.md +++ b/content/es/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -41,7 +41,7 @@ En este ejercicio crearás un Pod que ejecuta un único Contenedor. Este Pod tie La salida debería ser similar a: - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s ``` @@ -69,7 +69,7 @@ En este ejercicio crearás un Pod que ejecuta un único Contenedor. Este Pod tie La salida debería ser similar a: - ```shell + ```console USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND redis 1 0.1 0.1 33308 3828 ? Ssl 00:46 0:00 redis-server *:6379 root 12 0.0 0.0 20228 3020 ? Ss 00:47 0:00 /bin/bash @@ -86,7 +86,7 @@ En este ejercicio crearás un Pod que ejecuta un único Contenedor. Este Pod tie 1. En el terminal original, observa los cambios en el Pod de Redis. Eventualmente verás algo como lo siguiente: - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s redis 0/1 Completed 0 6m From 1318d4085311fa31566f16623c799035323682b3 Mon Sep 17 00:00:00 2001 From: David Xia Date: Sat, 4 Mar 2023 07:12:56 -0500 Subject: [PATCH 277/537] fix docs: update user-namespaces.md for English usage Make it grammatically correct and more concise. --- content/en/docs/concepts/workloads/pods/user-namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/workloads/pods/user-namespaces.md b/content/en/docs/concepts/workloads/pods/user-namespaces.md index 4241104ad4b61..0217490aa875d 100644 --- a/content/en/docs/concepts/workloads/pods/user-namespaces.md +++ b/content/en/docs/concepts/workloads/pods/user-namespaces.md @@ -10,7 +10,7 @@ min-kubernetes-server-version: v1.25 {{< feature-state for_k8s_version="v1.25" state="alpha" >}} This page explains how user namespaces are used in Kubernetes pods. A user -namespace allows to isolate the user running inside the container from the one +namespace isolates the user running inside the container from the one in the host. A process running as root in a container can run as a different (non-root) user From 6ceae5e94320cdc4b7d53e180bd94a15f7bb280e Mon Sep 17 00:00:00 2001 From: marianogg9 Date: Sat, 4 Mar 2023 15:06:16 +0100 Subject: [PATCH 278/537] added [ES] translated finalizer glossary item + concept page --- .../working-with-objects/finalizers.md | 87 +++++++++++++++++++ .../es/docs/reference/glossary/finalizer.md | 36 ++++++++ 2 files changed, 123 insertions(+) create mode 100644 content/es/docs/concepts/overview/working-with-objects/finalizers.md create mode 100644 content/es/docs/reference/glossary/finalizer.md diff --git a/content/es/docs/concepts/overview/working-with-objects/finalizers.md b/content/es/docs/concepts/overview/working-with-objects/finalizers.md new file mode 100644 index 0000000000000..04404f1e70cac --- /dev/null +++ b/content/es/docs/concepts/overview/working-with-objects/finalizers.md @@ -0,0 +1,87 @@ +--- +title: Finalizadores +content_type: concept +weight: 80 +--- + + + +{{}} + +Puedes usar finalizadores para controlar {{}} +de los recursos alertando a los controladores para que ejecuten tareas de limpieza especificas antes de eliminar el recurso. + +Los finalizadores usualmente no especifican codigo a ejecutar, sino que son generalmente listas de parametros referidos a +un recurso especifico, similares a las anotaciones. Kubernetes especifica algunos finalizadores automaticamente, +pero podrías especificar tus propios. + +## Cómo funcionan los finalizadores + +Cuando creas un recurso utilizando un archivo de manifiesto, puedes especificar +finalizadores mediante el campo `metadata.finalizers`. Cuando intentas eliminar el +recurso, el servidor API que maneja el pedido de eliminación ve los valores en el +campo `finalizadores` y hace lo siguiente: + + * Modifica el objecto para agregar un campo `metadata.deletionTimestamp` con + el momento en que comenzaste la eliminación. + * Previene que el objeto sea eliminado hasta que su campo `metadata.finalizers` + este vacío. + * Retorna un codigo de estado `202` (HTTP "Aceptado") + +El controlador que meneja ese finalizador recibe la actualización del objecto +configurando el campo `metadata.deletionTimestamp`, indicando que la eliminación +del objeto ha sido solicitada. +El controlador luego intenta satisfacer los requerimientos de los finalizadores +especificados para ese recurso. Cada vez que una condición del finalizador es +satisfecha, el controlador remueve ese parametro del campo `finalizadores`. Cuando +el campo `finalizadores` esta vacío, un objeto con un campo `deletionTimestamp` +configurado es automaticamente borrado. Puedes tambien utilizar finalizadores para +prevenir el borrado de recursos no manejados. + +Un ejemplo usual de un finalizador es `kubernetes.io/pv-protection`, el cual +previene el borrado accidental de objetos `PersistentVolume`. Cuando un objeto +`PersistentVolume` está en uso por un Pod, Kubernetes agrega el finalizador +`pv-protection`. Si intentas elimiar el `PersistentVolume`, este pasa a un estado +`Terminating`, pero el controlador no puede eliminarlo ya que existe el finalizador. +Cuando el Pod deja de utilizar el `PersistentVolume`, Kubernetes borra el finalizador +`pv-protection` y el controlador borra el volumen. + +## Referencias de dueño, etiquetas y finalizadores (#dueños-etiquetas-finalizadores) + +Al igual que las {{}}, las +[referencias de dueño](/docs/concepts/overview/working-with-objects/owners-dependents/) +describen las relaciones entre objetos en Kubernetes, pero son utilizadas para un +propósito diferente. Cuando un +{{}} maneja objetos como +Pods, utiliza etiquetas para identificar cambios a grupos de objetos relacionados. +Por ejemplo, cuando un {{}} crea uno +o más Pods, el controlador del Job agrega etiquetas a esos pods para identificar cambios +a cualquier Pod en el cluster con la misma etiqueta. + +El controlador del Job tambien agrega *referencias de dueño* a esos Pods, referidas +al Job que creo a los Pods. Si borras el Job mientras estos Pods estan corriendo, +Kubernetes utiliza las referencias de dueño (no las etiquetas) para determinar +cuáles Pods en el cluster deberían ser borrados. + +Kubernetes también procesa finalizadores cuando identifica referencias de dueño en +un recurso que ha sido marcado para eliminación. + +En algunas situaciones, los finalizadores pueden bloquear el borrado de objetos +dependientes, causando que el objeto inicial a borrar permanezca más de lo +esperado sin ser completamente eliminado. En esas situaciones, deberías chequear +finalizadores y referencias de dueños en los objetos y sus dependencias para +intentar solucionarlo. + +{{}} +En casos donde los objetos queden bloqueados en un estado de eliminación, evita +borrarlos manualmente para que el proceso continue. Los finalizadores usualmente +son agregados a los recursos por una razón, por lo cual eliminarlos forzosamente +puede causar problemas en tu cluster. Borrados manuales sólo deberían ejecutados +cuando el propósito del finalizador es entendido y satisfecho de alguna otra manera (por +ejemplo, borrando manualmente un objeto dependiente). +{{}} + +## {{% heading "whatsnext" %}} + +* Lea [Using Finalizers to Control Deletion](/blog/2021/05/14/using-finalizers-to-control-deletion/) + en el blog de Kubernetes. \ No newline at end of file diff --git a/content/es/docs/reference/glossary/finalizer.md b/content/es/docs/reference/glossary/finalizer.md new file mode 100644 index 0000000000000..765ab36a83ad0 --- /dev/null +++ b/content/es/docs/reference/glossary/finalizer.md @@ -0,0 +1,36 @@ +--- +title: Finalizador +id: finalizer +date: 2021-07-07 +full_link: /docs/concepts/overview/working-with-objects/finalizers/ +short_description: > + Un atributo de un namespace que dicta a Kubernetes a esperar hasta que condiciones + especificas son satisfechas antes que pueda borrar un objeto marcado para eliminacion. +aka: +tags: +- fundamental +- operation +--- +Los finalizadores son atributos de un namespace que dictan a Kubernetes a +esperar a que ciertas condiciones sean satisfechas antes que pueda borrar +definitivamente un objeto que ha sido marcado para eliminarse. +Los finalizadores alertan a los {{}} +para borrar recursos que poseian esos objetos eliminados. + + + +Cuando instruyes a Kubernetes a borrar un objeto que tiene finalizadores +especificados, la API de Kubernetes marca ese objeto para eliminacion +configurando el campo `metadata.deletionTimestamp`, y retorna un codigo de +estado `202` (HTTP "Aceptado"). +El objeto a borrar permanece en un estado +de terminacion mientras el plano de contol, u otros componentes, ejecutan +las acciones definidas en los finalizadores. +Luego de que esas acciones son completadas, el controlador borra los +finalizadores relevantes del objeto. Cuando el campo `metadata.finalizers` +esta vacio, Kubernetes considera el proceso de eliminacion completo y borra +el objeto. + +Puedes utilizar finalizadores para controlar {{}} +de recursos. Por ejemplo, puedes definir un finalizador para borrar recursos +relacionados o infraestructura antes que el controlador elimine el objeto. \ No newline at end of file From abef5d4560492b4bd452d24b17109adebaa97c6f Mon Sep 17 00:00:00 2001 From: ystkfujii Date: Sun, 5 Mar 2023 01:47:16 +0900 Subject: [PATCH 279/537] Remove outdated information about iptables configuration in install-kubeadm.md --- .../tools/kubeadm/install-kubeadm.md | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 738c3372a9032..35abdf6445fb4 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -48,22 +48,6 @@ card: 複数のネットワークアダプターがあり、Kubernetesコンポーネントにデフォルトで到達できない場合、IPルートを追加して、Kubernetesクラスターのアドレスが適切なアダプターを経由するように設定することをお勧めします。 -## iptablesがブリッジを通過するトラフィックを処理できるようにする - -Linuxノードのiptablesがブリッジを通過するトラフィックを正確に処理する要件として、`net.bridge.bridge-nf-call-iptables`を`sysctl`の設定ファイルで1に設定してください。例えば以下のようにします。 - -```bash -cat < /etc/sysctl.d/k8s.conf -net.bridge.bridge-nf-call-ip6tables = 1 -net.bridge.bridge-nf-call-iptables = 1 -EOF -sysctl --system -``` - -この手順の前に`br_netfilter`モジュールがロードされていることを確認してください。`lsmod | grep br_netfilter`を実行することで確認できます。明示的にロードするには`modprobe br_netfilter`を実行してください。 - -詳細は[ネットワークプラグインの要件](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#network-plugin-requirements)を参照してください。 - ## 必須ポートの確認 ### コントロールプレーンノード From beaadc5951e2b728fff1c4aa9c1be5db3902fdff Mon Sep 17 00:00:00 2001 From: ystkfujii Date: Sun, 5 Mar 2023 02:49:45 +0900 Subject: [PATCH 280/537] feat: update the check requred ports section in install-kubeadm.md --- .../ja/docs/reference/networking/_index.md | 10 +++++ .../networking/ports-and-protocols.md | 38 +++++++++++++++++++ .../tools/kubeadm/install-kubeadm.md | 29 ++++---------- 3 files changed, 55 insertions(+), 22 deletions(-) create mode 100644 content/ja/docs/reference/networking/_index.md create mode 100644 content/ja/docs/reference/networking/ports-and-protocols.md diff --git a/content/ja/docs/reference/networking/_index.md b/content/ja/docs/reference/networking/_index.md new file mode 100644 index 0000000000000..dd23f96f6e485 --- /dev/null +++ b/content/ja/docs/reference/networking/_index.md @@ -0,0 +1,10 @@ +--- +title: Networking Reference +content_type: reference +weight: 85 +--- + + +このセクションでは、Kubernetes networkingの詳細を提供します。 + + diff --git a/content/ja/docs/reference/networking/ports-and-protocols.md b/content/ja/docs/reference/networking/ports-and-protocols.md new file mode 100644 index 0000000000000..84d4e68009865 --- /dev/null +++ b/content/ja/docs/reference/networking/ports-and-protocols.md @@ -0,0 +1,38 @@ +--- +title: Ports and Protocols +content_type: reference +weight: 40 +--- + +パブリッククラウドにおける仮想ネットワークや、物理ネットワークファイアウォールを持つオンプレミスのデータセンターのようなネットワークの境界が厳しい環境でKubernetsを実行する場合、 +Kubernetesのコンポーネントが使用するポートやプロトコルを認識しておくと便利です。 + +## Control plane + + +| プロトコル | 通信の向き | ポート範囲 | 目的 | 使用者 | +|------------|------------|-------------|-------------------------|---------------------------| +| TCP | Inbound | 6443 | Kubernetes API server | All | +| TCP | Inbound | 2379-2380 | etcd server client API | kube-apiserver, etcd | +| TCP | Inbound | 10250 | Kubelet API | Self, Control plane | +| TCP | Inbound | 10259 | kube-scheduler | Self | +| TCP | Inbound | 10257 | kube-controller-manager | Self | + +etcdポートはコントロールプレーンノードに含まれていますが、独自のetcdクラスターを外部またはカスタムポートでホストすることもできます。 + +## Worker node(s) {#node} + +| プロトコル | 通信の向き | ポート範囲 | 目的 | 使用者 | +|------------|------------|-------------|-----------------------|-------------------------| +| TCP | Inbound | 10250 | Kubelet API | Self, Control plane | +| TCP | Inbound | 30000-32767 | NodePort Services† | All | + +† デフォルトポートの範囲は[NodePort Services](/ja/docs/concepts/services-networking/service/)を参照。 + + +すべてのデフォルトのポート番号が書き換え可能です。 +カスタムポートを使用する場合、ここに記載されているデフォルトではなく、それらのポートを開く必要があります。 + +よくある例としては、API Serverのポートを443に変更することがあります。 +または、デフォルトポートをそのままにし、API Serverを443でリッスンしているロードバランサーの後ろに置き、APIサーバのデフォルトポートにリクエストをルーティングする方法もあります。 + diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 35abdf6445fb4..3879af8950d93 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -50,30 +50,15 @@ card: ## 必須ポートの確認 -### コントロールプレーンノード +Kubernetesのコンポーネントが互いに通信するためには、これらの[必要なポート](/ja/docs/reference/networking/ports-and-protocols/)が開いている必要があります。 +netcatなどのツールを使用することで、下記のようにポートが開いているかどうかを確認することが可能です。 -| プロトコル | 通信の向き | ポート範囲 | 目的 | 使用者 | -|-----------|------------|------------|-------------------------|---------------------------| -| TCP | Inbound | 6443* | Kubernetes API server | 全て | -| TCP | Inbound | 2379-2380 | etcd server client API | kube-apiserver、etcd | -| TCP | Inbound | 10250 | Kubelet API | 自身、コントロールプレーン | -| TCP | Inbound | 10259 | kube-scheduler | 自身 | -| TCP | Inbound | 10257 | kube-controller-manager | 自身 | - -### ワーカーノード - -| プロトコル | 通信の向き | ポート範囲 | 目的 | 使用者 | -|-----------|------------|-------------|-------------------------|---------------------------| -| TCP | Inbound | 10250 | Kubelet API | 自身、コントロールプレーン | -| TCP | Inbound | 30000-32767 | NodePort Service† | 全て | - -† [NodePort Service](/ja/docs/concepts/services-networking/service/)のデフォルトのポートの範囲 - -\*の項目は書き換え可能です。そのため、あなたが指定したカスタムポートも開いていることを確認する必要があります。 - -etcdポートはコントロールプレーンノードに含まれていますが、独自のetcdクラスターを外部またはカスタムポートでホストすることもできます。 +```shell +nc 127.0.0.1 6443 +``` -使用するPodネットワークプラグイン(以下を参照)のポートも開く必要があります。これは各Podネットワークプラグインによって異なるため、必要なポートについてはプラグインのドキュメントを参照してください。 +使用するpod network pluginによっては、特定のポートを開く必要がある場合もあります。 +これらは各pod network pluginによって異なるため、どのようなポートが必要かについては、pluginのドキュメントを参照してください。 ## ランタイムのインストール {#installing-runtime} From d793e458a2cf92ad7f1acd816f4109ed1e28854d Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 6 Mar 2023 00:49:39 +0200 Subject: [PATCH 281/537] [fr] Change shell to console for code snippet --- .../configure-pod-container/configure-volume-storage.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/fr/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/fr/docs/tasks/configure-pod-container/configure-volume-storage.md index eed01fc4ed675..3c17aa3cda1bd 100644 --- a/content/fr/docs/tasks/configure-pod-container/configure-volume-storage.md +++ b/content/fr/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -45,7 +45,7 @@ Voici le fichier de configuration du Pod : La sortie ressemble à ceci : - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s ``` @@ -73,7 +73,7 @@ Voici le fichier de configuration du Pod : La sortie ressemble à ceci : - ```shell + ```console USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND redis 1 0.1 0.1 33308 3828 ? Ssl 00:46 0:00 redis-server *:6379 root 12 0.0 0.0 20228 3020 ? Ss 00:47 0:00 /bin/bash @@ -91,7 +91,7 @@ Voici le fichier de configuration du Pod : 1. Dans votre terminal initial, surveillez les changements apportés au Pod de Redis. Éventuellement, vous verrez quelque chose comme ça : - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s redis 0/1 Completed 0 6m From e342648b91f3bda1b7f35cd39feb8acca957d2ef Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Fri, 3 Mar 2023 15:26:02 +0800 Subject: [PATCH 282/537] Fix the description of Service External IPs to match the YAML example --- content/en/docs/concepts/services-networking/service.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md index bb6b1d3750029..09690eb71ece4 100644 --- a/content/en/docs/concepts/services-networking/service.md +++ b/content/en/docs/concepts/services-networking/service.md @@ -1165,7 +1165,7 @@ will be routed to one of the Service endpoints. `externalIPs` are not managed by of the cluster administrator. In the Service spec, `externalIPs` can be specified along with any of the `ServiceTypes`. -In the example below, "`my-service`" can be accessed by clients on "`80.11.12.10:80`" (`externalIP:port`) +In the example below, "`my-service`" can be accessed by clients on "`198.51.100.32:80`" (`externalIP:port`) ```yaml apiVersion: v1 From f9ccb1412d298eef83d739c1b13ea3c98a696c32 Mon Sep 17 00:00:00 2001 From: s-kawamura-w664 Date: Mon, 6 Mar 2023 04:23:41 +0000 Subject: [PATCH 283/537] [ja] Update page weights under security, storage and workloads. --- content/ja/docs/concepts/security/_index.md | 2 +- content/ja/docs/concepts/security/controlling-access.md | 1 + content/ja/docs/concepts/security/overview.md | 2 +- content/ja/docs/concepts/storage/dynamic-provisioning.md | 2 +- content/ja/docs/concepts/storage/storage-capacity.md | 2 +- content/ja/docs/concepts/storage/storage-limits.md | 1 + content/ja/docs/concepts/storage/volume-pvc-datasource.md | 2 +- content/ja/docs/concepts/storage/volume-snapshot-classes.md | 2 +- content/ja/docs/concepts/workloads/_index.md | 2 +- 9 files changed, 9 insertions(+), 7 deletions(-) diff --git a/content/ja/docs/concepts/security/_index.md b/content/ja/docs/concepts/security/_index.md index 0088a3ea95d7e..b0912322b0263 100644 --- a/content/ja/docs/concepts/security/_index.md +++ b/content/ja/docs/concepts/security/_index.md @@ -1,6 +1,6 @@ --- title: "セキュリティ" -weight: 81 +weight: 85 description: > クラウドネイティブなワークロードをセキュアに維持するための概念 --- diff --git a/content/ja/docs/concepts/security/controlling-access.md b/content/ja/docs/concepts/security/controlling-access.md index b9ec55417f5e6..576613895ee4c 100644 --- a/content/ja/docs/concepts/security/controlling-access.md +++ b/content/ja/docs/concepts/security/controlling-access.md @@ -1,6 +1,7 @@ --- title: Kubernetes APIへのアクセスコントロール content_type: concept +weight: 50 --- diff --git a/content/ja/docs/concepts/security/overview.md b/content/ja/docs/concepts/security/overview.md index c9d656a423268..ca4410b775196 100644 --- a/content/ja/docs/concepts/security/overview.md +++ b/content/ja/docs/concepts/security/overview.md @@ -2,7 +2,7 @@ reviewers: title: クラウドネイティブセキュリティの概要 content_type: concept -weight: 10 +weight: 1 --- diff --git a/content/ja/docs/concepts/storage/dynamic-provisioning.md b/content/ja/docs/concepts/storage/dynamic-provisioning.md index 94bee64ed101a..07206c09830c3 100644 --- a/content/ja/docs/concepts/storage/dynamic-provisioning.md +++ b/content/ja/docs/concepts/storage/dynamic-provisioning.md @@ -2,7 +2,7 @@ reviewers: title: ボリュームの動的プロビジョニング(Dynamic Volume Provisioning) content_type: concept -weight: 40 +weight: 50 --- diff --git a/content/ja/docs/concepts/storage/storage-capacity.md b/content/ja/docs/concepts/storage/storage-capacity.md index cff887a125a81..1151706a4f9c7 100644 --- a/content/ja/docs/concepts/storage/storage-capacity.md +++ b/content/ja/docs/concepts/storage/storage-capacity.md @@ -1,7 +1,7 @@ --- title: ストレージ容量 content_type: concept -weight: 45 +weight: 80 --- diff --git a/content/ja/docs/concepts/storage/storage-limits.md b/content/ja/docs/concepts/storage/storage-limits.md index 4f38361f0848a..e3df1f3bc9732 100644 --- a/content/ja/docs/concepts/storage/storage-limits.md +++ b/content/ja/docs/concepts/storage/storage-limits.md @@ -1,6 +1,7 @@ --- title: ノード固有のボリューム制限 content_type: concept +weight: 90 --- diff --git a/content/ja/docs/concepts/storage/volume-pvc-datasource.md b/content/ja/docs/concepts/storage/volume-pvc-datasource.md index fc1b7ae4b9d7d..8e0a9f7c7b86b 100644 --- a/content/ja/docs/concepts/storage/volume-pvc-datasource.md +++ b/content/ja/docs/concepts/storage/volume-pvc-datasource.md @@ -1,7 +1,7 @@ --- title: CSI Volume Cloning content_type: concept -weight: 30 +weight: 70 --- diff --git a/content/ja/docs/concepts/storage/volume-snapshot-classes.md b/content/ja/docs/concepts/storage/volume-snapshot-classes.md index ca381652d22b7..5c4c999625873 100644 --- a/content/ja/docs/concepts/storage/volume-snapshot-classes.md +++ b/content/ja/docs/concepts/storage/volume-snapshot-classes.md @@ -2,7 +2,7 @@ reviewers: title: VolumeSnapshotClass content_type: concept -weight: 30 +weight: 61 # just after volume snapshots --- diff --git a/content/ja/docs/concepts/workloads/_index.md b/content/ja/docs/concepts/workloads/_index.md index ca846cd0e7e99..94631dc878d64 100644 --- a/content/ja/docs/concepts/workloads/_index.md +++ b/content/ja/docs/concepts/workloads/_index.md @@ -1,6 +1,6 @@ --- title: "ワークロード" -weight: 50 +weight: 55 description: > Kubernetesにおけるデプロイ可能な最小のオブジェクトであるPodと、高レベルな抽象化がPodの実行を助けることを理解します。 no_list: true From 18107b55ae31f1b5739bbb166144da06e1ce8eb4 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Mon, 6 Mar 2023 13:43:44 +0800 Subject: [PATCH 284/537] [zh] sync page ns-level-pss --- .../docs/tutorials/security/ns-level-pss.md | 108 +++++++++--------- 1 file changed, 52 insertions(+), 56 deletions(-) diff --git a/content/zh-cn/docs/tutorials/security/ns-level-pss.md b/content/zh-cn/docs/tutorials/security/ns-level-pss.md index faf20f35993bf..1f793a4e375b6 100644 --- a/content/zh-cn/docs/tutorials/security/ns-level-pss.md +++ b/content/zh-cn/docs/tutorials/security/ns-level-pss.md @@ -11,7 +11,9 @@ weight: 20 --> {{% alert title="Note" %}} - + 本教程仅适用于新集群。 {{% /alert %}} @@ -24,7 +26,7 @@ when pods are created. In this tutorial, you will enforce the `baseline` Pod Sec one namespace at a time. You can also apply Pod Security Standards to multiple namespaces at once at the cluster -level. For instructions, refer to +level. For instructions, refer to [Apply Pod Security Standards at the cluster level](/docs/tutorials/security/cluster-level-pss/). --> Pod 安全准入(PSA)在 v1.23 及更高版本默认启用, @@ -59,15 +61,17 @@ Install the following on your workstation: 2. 按照如下方式创建一个 `KinD` 集群: ```shell - kind create cluster --name psa-ns-level --image kindest/node:v1.23.0 + kind create cluster --name psa-ns-level ``` - + 输出类似于: ``` Creating cluster "psa-ns-level" ... - ✓ Ensuring node image (kindest/node:v1.23.0) 🖼 + ✓ Ensuring node image (kindest/node:v{{< skew currentVersion >}}.0) 🖼 ✓ Preparing nodes 📦 ✓ Writing configuration 📜 ✓ Starting control-plane 🕹️ @@ -75,26 +79,30 @@ Install the following on your workstation: ✓ Installing StorageClass 💾 Set kubectl context to "kind-psa-ns-level" You can now use your cluster with: - + kubectl cluster-info --context kind-psa-ns-level - + Not sure what to do next? 😅 Check out https://kind.sigs.k8s.io/docs/user/quick-start/ ``` - + 1. 将 kubectl 上下文设置为新集群: ```shell kubectl cluster-info --context kind-psa-ns-level ``` - + 输出类似于: ``` Kubernetes control plane is running at https://127.0.0.1:50996 CoreDNS is running at https://127.0.0.1:50996/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy - + To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ``` @@ -111,7 +119,9 @@ Create a new namespace called `example`: kubectl create ns example ``` - + 输出类似于: ``` @@ -119,34 +129,35 @@ namespace/example created ``` -## 应用 Pod 安全标准 {#apply-pod-security-standards} +## 为该命名空间启用 Pod 安全标准检查 {#enable-pod-security-standards-checking-for-that-namespace} 1. 使用内置 Pod 安全准入所支持的标签在此名字空间上启用 Pod 安全标准。 在这一步中,我们将根据最新版本(默认值)对基线 Pod 安全标准发出警告。 ```shell kubectl label --overwrite ns example \ - pod-security.kubernetes.io/warn=baseline \ - pod-security.kubernetes.io/warn-version=latest + pod-security.kubernetes.io/warn=baseline \ + pod-security.kubernetes.io/warn-version=latest ``` -2. 可以使用标签在任何名字空间上启用多个 Pod 安全标准。 +1. 你可以使用标签在任何名字空间上配置多个 Pod 安全标准检查。 以下命令将强制(`enforce`) 执行基线(`baseline`)Pod 安全标准, 但根据最新版本(默认值)对受限(`restricted`)Pod 安全标准执行警告(`warn`)和审核(`audit`)。 - ``` + ```shell kubectl label --overwrite ns example \ pod-security.kubernetes.io/enforce=baseline \ pod-security.kubernetes.io/enforce-version=latest \ @@ -157,56 +168,39 @@ namespace/example created ``` ## 验证 Pod 安全标准 {#verify-the-pod-security-standards} -1. 在 `example` 名字空间中创建一个最小的 Pod: - - ```shell - cat < /tmp/pss/nginx-pod.yaml - apiVersion: v1 - kind: Pod - metadata: - name: nginx - spec: - containers: - - image: nginx - name: nginx - ports: - - containerPort: 80 - EOF - ``` - - -1. 将 Pod 规约应用到集群中的 `example` 名字空间中: +1. 在 `example` 名字空间中创建一个基线 Pod: ```shell - kubectl apply -n example -f /tmp/pss/nginx-pod.yaml + kubectl apply -n example -f https://k8s.io/examples/security/example-baseline-pod.yaml ``` - - - 输出类似于: + + Pod 确实启动正常;输出包括一条警告信息。例如: ``` - Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext seccompProfile.type to "RuntimeDefault" or "Localhost") + Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") pod/nginx created ``` -3. 将 Pod 规约应用到集群中的 `default` 名字空间中: +1. 在 `default` 名字空间中创建一个基线 Pod: ```shell - kubectl apply -n default -f /tmp/pss/nginx-pod.yaml + kubectl apply -n default -f https://k8s.io/examples/security/example-baseline-pod.yaml ``` - + 输出类似于: ``` @@ -214,10 +208,11 @@ namespace/example created ``` +Pod 安全标准实施和警告设置仅被应用到 `example` 名字空间。 以上 Pod 安全标准仅被应用到 `example` 名字空间。 你可以在没有警告的情况下在 `default` 名字空间中创建相同的 Pod。 @@ -246,6 +241,7 @@ kind delete cluster --name psa-ns-level 3. Apply `baseline` Pod Security Standard in `enforce` mode while applying `restricted` Pod Security Standard also in `warn` and `audit` mode. 4. Create a new pod with the following pod security standards applied + - [Pod Security Admission](/docs/concepts/security/pod-security-admission/) - [Pod Security Standards](/docs/concepts/security/pod-security-standards/) - [Apply Pod Security Standards at the cluster level](/docs/tutorials/security/cluster-level-pss/) From 02c313169af7dfb04013c84594cf9e077bd84bd7 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Mon, 6 Mar 2023 16:39:18 +0900 Subject: [PATCH 285/537] Update content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml Co-authored-by: atoato88 --- content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml b/content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml index f5f698d1f9b57..ba21557f2d6a4 100644 --- a/content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml +++ b/content/ja/examples/pods/pod-with-affinity-anti-affinity.yaml @@ -29,5 +29,4 @@ spec: - key-2 containers: - name: with-node-affinity - image: registry.k8s.io/pause:2.0 - \ No newline at end of file + image: registry.k8s.io/pause:2.0 \ No newline at end of file From 4813cb9484d02ac054730abe32c9fc3d65f3866e Mon Sep 17 00:00:00 2001 From: saliha Date: Fri, 24 Feb 2023 14:35:10 +0900 Subject: [PATCH 286/537] [jp]Japanese localization for main page --- content/ja/blog/_index.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 content/ja/blog/_index.md diff --git a/content/ja/blog/_index.md b/content/ja/blog/_index.md new file mode 100644 index 0000000000000..673c4aeef29ed --- /dev/null +++ b/content/ja/blog/_index.md @@ -0,0 +1,4 @@ +--- +linktitle: Kubernetesブログ +title: ドキュメント +--- From 0e57c72a23e4293140174cfeb3afc873e78777cc Mon Sep 17 00:00:00 2001 From: saliha Date: Fri, 24 Feb 2023 14:38:54 +0900 Subject: [PATCH 287/537] changed to blog[jp] --- content/ja/blog/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/blog/_index.md b/content/ja/blog/_index.md index 673c4aeef29ed..e66f28220ac76 100644 --- a/content/ja/blog/_index.md +++ b/content/ja/blog/_index.md @@ -1,4 +1,4 @@ --- linktitle: Kubernetesブログ -title: ドキュメント +title: ブログ --- From 2a8d459f079f8870be1f463b415eaf8eea15efd3 Mon Sep 17 00:00:00 2001 From: saliha Date: Fri, 24 Feb 2023 14:45:06 +0900 Subject: [PATCH 288/537] changing title to match with linktitle --- content/ja/blog/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/blog/_index.md b/content/ja/blog/_index.md index e66f28220ac76..113c7f5a6d502 100644 --- a/content/ja/blog/_index.md +++ b/content/ja/blog/_index.md @@ -1,4 +1,4 @@ --- linktitle: Kubernetesブログ -title: ブログ +title: Kubernetesブログ --- From ca59f533e514a74014c9a48a41c2c1d47ac17777 Mon Sep 17 00:00:00 2001 From: Saliha <49085460+Saliha067@users.noreply.github.com> Date: Fri, 3 Mar 2023 19:49:15 +0900 Subject: [PATCH 289/537] Update content/ja/blog/_index.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/blog/_index.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/content/ja/blog/_index.md b/content/ja/blog/_index.md index 113c7f5a6d502..f4f2c571cae07 100644 --- a/content/ja/blog/_index.md +++ b/content/ja/blog/_index.md @@ -1,4 +1,16 @@ --- -linktitle: Kubernetesブログ title: Kubernetesブログ +linkTitle: ブログ +menu: + main: + title: "ブログ" + weight: 40 + post: > +

    Kubernetesやコンテナ全般に関する最新ニュースを読んで、技術的なハウツーをいち早く入手しましょう。

    --- +{{< comment >}} + +ブログへの寄稿についての情報は、以下を参照してください +https://kubernetes.io/docs/contribute/new-content/blogs-case-studies/#write-a-blog-post + +{{< /comment >}} From 48c6be119ceb367dc1f6b4a25434323113d25a55 Mon Sep 17 00:00:00 2001 From: zhuzhenghao Date: Mon, 6 Mar 2023 12:57:40 +0800 Subject: [PATCH 290/537] [zh] sync page deployment --- .../workloads/controllers/deployment.md | 98 ++++++++++--------- .../workloads/controllers/replicaset.md | 5 +- 2 files changed, 54 insertions(+), 49 deletions(-) diff --git a/content/zh-cn/docs/concepts/workloads/controllers/deployment.md b/content/zh-cn/docs/concepts/workloads/controllers/deployment.md index 8f64bfeb3a5fa..657fba81ddfbf 100644 --- a/content/zh-cn/docs/concepts/workloads/controllers/deployment.md +++ b/content/zh-cn/docs/concepts/workloads/controllers/deployment.md @@ -8,6 +8,8 @@ content_type: concept weight: 10 --- @@ -97,8 +99,8 @@ In this example: - `spec.selector.matchLabels` 字段是 `{key,value}` 键值对映射。 + `.spec.selector.matchLabels` 字段是 `{key,value}` 键值对映射。 在 `matchLabels` 映射中的每个 `{key,value}` 映射等效于 `matchExpressions` 中的一个元素, 即其 `key` 字段是 “key”,`operator` 为 “In”,`values` 数组仅包含 “value”。 在 `matchLabels` 和 `matchExpressions` 中给出的所有条件都必须满足才能匹配。 @@ -158,9 +160,9 @@ Follow the steps given below to create the above Deployment: ``` 2. 运行 `kubectl get deployments` 检查 Deployment 是否已创建。 如果仍在创建 Deployment,则输出类似于: @@ -208,7 +210,7 @@ Follow the steps given below to create the above Deployment: ``` 4. 几秒钟后再次运行 `kubectl get deployments`。输出类似于: @@ -255,7 +257,7 @@ Follow the steps given below to create the above Deployment: @@ -296,7 +298,7 @@ Kubernetes 不会阻止你这样做,但是如果多个控制器具有重叠的 {{< /note >}} ### Pod-template-hash 标签 @@ -323,13 +325,13 @@ and in any existing Pods that the ReplicaSet might have. 可能拥有的任何现有 Pod 中。 ## 更新 Deployment {#updating-a-deployment} {{< note >}} 仅当 Deployment Pod 模板(即 `.spec.template`)发生改变时,例如模板的标签或容器镜像被更新, @@ -353,7 +355,7 @@ Follow the steps given below to update your Deployment: or use the following command: --> 或者使用下面的命令: - + ```shell kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 ``` @@ -492,7 +494,7 @@ up to 3 replicas, as well as scaling down the old ReplicaSet to 0 replicas. then deletes an old Pod, and creates another new one. It does not kill old Pods until a sufficient number of new Pods have come up, and does not create new Pods until a sufficient number of old Pods have been killed. It makes sure that at least 3 Pods are available and that at max 4 Pods in total are available. In case of - a Deployment with 4 replicas, the number of Pods would be between 3 and 5. + a Deployment with 4 replicas, the number of Pods would be between 3 and 5. --> 例如,如果仔细查看上述 Deployment ,将看到它首先创建了一个新的 Pod,然后删除旧的 Pod, 并创建了新的 Pod。它不会杀死旧 Pod,直到有足够数量的新 Pod 已经出现。 @@ -559,8 +561,7 @@ up to 3 replicas, as well as scaling down the old ReplicaSet to 0 replicas. (nginx-deployment-1564180365) and scaled it up to 1 and waited for it to come up. Then it scaled down the old ReplicaSet to 2 and scaled up the new ReplicaSet to 2 so that at least 3 Pods were available and at most 4 Pods were created at all times. It then continued scaling up and down the new and the old ReplicaSet, with the same rolling update strategy. - Finally, you'll have 3 available replicas - in the new ReplicaSet, and the old ReplicaSet is scaled down to 0. + Finally, you'll have 3 available replicas in the new ReplicaSet, and the old ReplicaSet is scaled down to 0. --> 可以看到,当第一次创建 Deployment 时,它创建了一个 ReplicaSet(`nginx-deployment-2035384211`) 并将其直接扩容至 3 个副本。更新 Deployment 时,它创建了一个新的 ReplicaSet @@ -624,7 +625,7 @@ before changing course. @@ -665,7 +666,7 @@ removed label still exists in any existing Pods and ReplicaSets. ## 回滚 Deployment {#rolling-back-a-deployment} @@ -697,7 +698,7 @@ Deployment 被触发上线时,系统就会创建 Deployment 的新的修订版 `nginx:1.161` 而不是 `nginx:1.16.1`: ```shell - kubectl set image deployment/nginx-deployment nginx=nginx:1.161 + kubectl set image deployment/nginx-deployment nginx=nginx:1.161 ``` * 你可以看到旧的副本有两个(`nginx-deployment-1564180365` 和 `nginx-deployment-2035384211`), 新的副本有 1 个(`nginx-deployment-3066724191`): @@ -748,7 +749,7 @@ Deployment 被触发上线时,系统就会创建 Deployment 的新的修订版 --> 输出类似于: - ```shell + ``` NAME DESIRED CURRENT READY AGE nginx-deployment-1564180365 3 3 3 25s nginx-deployment-2035384211 0 0 0 36s @@ -769,7 +770,7 @@ Deployment 被触发上线时,系统就会创建 Deployment 的新的修订版 --> 输出类似于: - ```shell + ``` NAME READY STATUS RESTARTS AGE nginx-deployment-1564180365-70iae 1/1 Running 0 25s nginx-deployment-1564180365-jbqqo 1/1 Running 0 25s @@ -828,7 +829,7 @@ Deployment 被触发上线时,系统就会创建 Deployment 的新的修订版 OldReplicaSets: nginx-deployment-1564180365 (3/3 replicas created) NewReplicaSet: nginx-deployment-3066724191 (1/1 replicas created) Events: - FirstSeen LastSeen Count From SubobjectPath Type Reason Message + FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 1m 1m 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-2035384211 to 3 22s 22s 1 {deployment-controller } Normal ScalingReplicaSet Scaled up replica set nginx-deployment-1564180365 to 1 @@ -855,7 +856,7 @@ Follow the steps given below to check the rollout history: 按照如下步骤检查回滚历史: 1. 首先,检查 Deployment 修订历史: @@ -929,7 +930,7 @@ Follow the steps given below to rollback the Deployment from the current version 按照下面给出的步骤将 Deployment 从当前版本回滚到以前的版本(即版本 2)。 1. 假定现在你已决定撤消当前上线并回滚到以前的修订版本: @@ -1229,7 +1230,7 @@ The output is similar to this: --> 输出类似于: -```shell +``` NAME DESIRED CURRENT READY AGE nginx-deployment-1989198191 7 7 0 7m nginx-deployment-618515232 11 11 11 7m @@ -1307,7 +1308,7 @@ apply multiple fixes in between pausing and resuming without triggering unnecess --> 输出类似于: - ```shell + ``` deployment.apps/nginx-deployment paused ``` @@ -1363,7 +1364,7 @@ apply multiple fixes in between pausing and resuming without triggering unnecess --> 输出类似于: - ```shell + ``` NAME DESIRED CURRENT READY AGE nginx-2142116321 3 3 3 2m ``` @@ -1388,7 +1389,8 @@ apply multiple fixes in between pausing and resuming without triggering unnecess 暂停 Deployment 上线之前的初始状态将继续发挥作用,但新的更新在 Deployment 上线被暂停期间不会产生任何效果。 @@ -1573,7 +1575,7 @@ The output is similar to this: --> 输出类似于: -```shell +``` Waiting for rollout to finish: 2 of 3 updated replicas are available... deployment "nginx-deployment" successfully rolled out ``` @@ -1584,7 +1586,7 @@ and the exit status from `kubectl rollout` is 0 (success): 从 `kubectl rollout` 命令获得的返回状态为 0(成功): ```shell -$ echo $? +echo $? ``` ``` 0 @@ -1603,7 +1605,7 @@ due to some of the following factors: 造成此情况一些可能因素如下: @@ -1687,8 +1689,8 @@ Deployment 不执行任何操作。更高级别的编排器可以利用这一设 {{< note >}} 如果你暂停了某个 Deployment 上线,Kubernetes 不再根据指定的截止时间检查 Deployment 上线的进展。 @@ -1831,7 +1833,7 @@ and the exit status from `kubectl rollout` is 1 (indicating an error): `kubectl rollout` 命令的退出状态为 1(表明发生了错误): ```shell -$ echo $? +echo $? ``` ``` 1 @@ -1899,9 +1901,9 @@ configuring containers, and [using kubectl to manage resources](/docs/concepts/o 这只会确保为了升级而创建新 Pod 之前其他 Pod 都已终止。如果你升级一个 Deployment, @@ -2114,7 +2116,7 @@ at all times during the update is at least 70% of the desired Pods. 如果以上比较结果都相同,则随机选择。 -本文列举控制面节点(确切说是 API 服务器)和 Kubernetes 集群之间的通信路径。 +本文列举控制面节点(确切地说是 {{< glossary_tooltip term_id="kube-apiserver" text="API 服务器" >}})和 +Kubernetes {{< glossary_tooltip text="集群" term_id="cluster" length="all" >}}之间的通信路径。 目的是为了让用户能够自定义他们的安装,以实现对网络配置的加固, 使得集群能够在不可信的网络上(或者在一个云服务商完全公开的 IP 上)运行。 @@ -51,35 +55,38 @@ API 服务器被配置为在一个安全的 HTTPS 端口(通常为 443)上 或[服务账户令牌](/zh-cn/docs/reference/access-authn-authz/authentication/#service-account-tokens)的时候。 -应该使用集群的公共根证书开通节点,这样它们就能够基于有效的客户端凭据安全地连接 API 服务器。 +应该使用集群的公共根{{< glossary_tooltip text="证书" term_id="certificate" >}}开通节点, +这样它们就能够基于有效的客户端凭据安全地连接 API 服务器。 一种好的方法是以客户端证书的形式将客户端凭据提供给 kubelet。 请查看 [kubelet TLS 启动引导](/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/) 以了解如何自动提供 kubelet 客户端证书。 -想要连接到 API 服务器的 Pod 可以使用服务账号安全地进行连接。 +想要连接到 API 服务器的 {{< glossary_tooltip text="Pod" term_id="pod" >}} +可以使用服务账号安全地进行连接。 当 Pod 被实例化时,Kubernetes 自动把公共根证书和一个有效的持有者令牌注入到 Pod 里。 `kubernetes` 服务(位于 `default` 名字空间中)配置了一个虚拟 IP 地址, -用于(通过 kube-proxy)转发请求到 API 服务器的 HTTPS 末端。 +用于(通过 `{{< glossary_tooltip text="kube-proxy" term_id="kube-proxy" >}}`)转发请求到 +API 服务器的 HTTPS 末端。 控制面组件也通过安全端口与集群的 API 服务器通信。 @@ -90,15 +97,16 @@ networks. ## Control plane to node There are two primary communication paths from the control plane (the API server) to the nodes. -The first is from the API server to the kubelet process which runs on each node in the cluster. +The first is from the API server to the {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} process which runs on each node in the cluster. The second is from the API server to any node, pod, or service through the API server's _proxy_ functionality. --> ## 控制面到节点 {#control-plane-to-node} 从控制面(API 服务器)到节点有两种主要的通信路径。 -第一种是从 API 服务器到集群中每个节点上运行的 kubelet 进程。 -第二种是从 API 服务器通过它的代理功能连接到任何节点、Pod 或者服务。 +第一种是从 API 服务器到集群中每个节点上运行的 +{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} 进程。 +第二种是从 API 服务器通过它的**代理**功能连接到任何节点、Pod 或者服务。 ### SSH 隧道 {#ssh-tunnels} -Kubernetes 支持使用 SSH 隧道来保护从控制面到节点的通信路径。在这种配置下, -API 服务器建立一个到集群中各节点的 SSH 隧道(连接到在 22 端口监听的 SSH 服务器) +Kubernetes 支持使用 +[SSH 隧道](https://www.ssh.com/academy/ssh/tunneling)来保护从控制面到节点的通信路径。 +在这种配置下,API 服务器建立一个到集群中各节点的 SSH 隧道(连接到在 22 端口监听的 SSH 服务器) 并通过这个隧道传输所有到 kubelet、节点、Pod 或服务的请求。 这一隧道保证通信不会被暴露到集群节点所运行的网络之外。 @@ -219,3 +228,22 @@ Konnectivity 代理建立并维持到 Konnectivity 服务器的网络连接。 请浏览 [Konnectivity 服务任务](/zh-cn/docs/tasks/extend-kubernetes/setup-konnectivity/) 在你的集群中配置 Konnectivity 服务。 +## {{% heading "whatsnext" %}} + + +* 阅读 [Kubernetes 控制面组件](/zh-cn/docs/concepts/overview/components/#control-plane-components) +* 进一步了解 [Hubs and Spoke model](https://book.kubebuilder.io/multiversion-tutorial/conversion-concepts.html#hubs-spokes-and-other-wheel-metaphors) +* 进一步了解如何[保护集群](/zh-cn/docs/tasks/administer-cluster/securing-a-cluster/) +* 进一步了解 [Kubernetes API](/zh-cn/docs/concepts/overview/kubernetes-api/) +* [设置 Konnectivity 服务](/zh-cn/docs/tasks/extend-kubernetes/setup-konnectivity/) +* [使用端口转发来访问集群中的应用](/zh-cn/docs/tasks/access-application-cluster/port-forward-access-application-cluster/) +* 学习如何[检查 Pod 的日志](/zh-cn/docs/tasks/debug/debug-application/debug-running-pod/#examine-pod-logs) + 以及如何[使用 kubectl 端口转发](/zh-cn/docs/tasks/access-application-cluster/port-forward-access-application-cluster/#forward-a-local-port-to-a-port-on-the-pod) From fb3b32507191c57396f864eb7ec433ec0a934d46 Mon Sep 17 00:00:00 2001 From: Shogo Hida Date: Tue, 28 Feb 2023 19:08:44 +0900 Subject: [PATCH 293/537] Delete DynamicAuditing Signed-off-by: Shogo Hida --- .../docs/reference/command-line-tools-reference/feature-gates.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md index a014c7c608593..5667cbee61b8b 100644 --- a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md @@ -387,7 +387,6 @@ GAになってからさらなる変更を加えることは現実的ではない - `CustomResourceWebhookConversion`: [CustomResourceDefinition](/docs/concepts/extend-kubernetes/api-extension/custom-resources/)から作成されたリソースのWebhookベースの変換を有効にします。 - `DevicePlugins`: [device-plugins](/docs/concepts/cluster-administration/device-plugins/)によるノードでのリソースプロビジョニングを有効にします。 - `DryRun`: サーバーサイドでの[dry run](/docs/reference/using-api/api-concepts/#dry-run)リクエストを有効にします。 -- `DynamicAuditing`: [動的監査](/docs/tasks/debug/debug-cluster/audit/#dynamic-backend)を有効にします。 - `DynamicKubeletConfig`: kubeletの動的構成を有効にします。[kubeletの再設定](/docs/tasks/administer-cluster/reconfigure-kubelet/)を参照してください。 - `DynamicProvisioningScheduling`: デフォルトのスケジューラーを拡張してボリュームトポロジーを認識しPVプロビジョニングを処理します。この機能は、v1.12の`VolumeScheduling`機能に完全に置き換えられました。 - `DynamicVolumeProvisioning`(*非推奨*): Podへの永続ボリュームの[動的プロビジョニング](/ja/docs/concepts/storage/dynamic-provisioning/)を有効にします。 From 5038eba0ac5205b61974f5e0cbefb85a3f462d98 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 6 Mar 2023 17:58:58 +0800 Subject: [PATCH 294/537] [zh] sync configure-persistent-volume-storage.md --- .../configure-persistent-volume-storage.md | 36 +++++++++---------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md index 57c4f13a30b21..d2fc135403649 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md @@ -1,13 +1,12 @@ --- title: 配置 Pod 以使用 PersistentVolume 作为存储 content_type: task -weight: 60 +weight: 90 --- - @@ -19,11 +18,11 @@ for storage. Here is a summary of the process: 1. You, as cluster administrator, create a PersistentVolume backed by physical -storage. You do not associate the volume with any Pod. + storage. You do not associate the volume with any Pod. 1. You, now taking the role of a developer / cluster user, create a -PersistentVolumeClaim that is automatically bound to a suitable -PersistentVolume. + PersistentVolumeClaim that is automatically bound to a suitable + PersistentVolume. 1. You create a Pod that uses the above PersistentVolumeClaim for storage. --> @@ -43,15 +42,14 @@ PersistentVolume. - * 你需要一个包含单个节点的 Kubernetes 集群,并且必须配置 {{< glossary_tooltip text="kubectl" term_id="kubectl" >}} 命令行工具以便与集群交互。 如果还没有单节点集群,可以使用 @@ -101,11 +99,11 @@ In the `/mnt/data` directory, create an `index.html` file: sudo sh -c "echo 'Hello from Kubernetes storage' > /mnt/data/index.html" ``` +{{< note >}} -{{< note >}} 如果你的节点使用某工具而不是 `sudo` 来完成超级用户访问,你可以将上述命令中的 `sudo` 替换为该工具的名称。 {{< /note >}} @@ -374,7 +372,7 @@ use storage from a PersistentVolumeClaim. ## 清理 {#clean-up} @@ -395,11 +393,11 @@ In the shell on your Node, remove the file and directory that you created: 如果你还没有连接到集群中节点的 Shell,可以按之前所做操作,打开一个新的 Shell。 在节点的 Shell 上,删除你所创建的目录和文件: + - ```shell # 这里假定你使用 "sudo" 来以超级用户的角色执行命令 sudo rm /mnt/data/index.html @@ -426,8 +424,8 @@ You can perform 2 volume mounts on your nginx container: --> 你可以在 nginx 容器上执行两个卷挂载: -`/usr/share/nginx/html` 用于静态网站 -`/etc/nginx/nginx.conf` 作为默认配置 +- `/usr/share/nginx/html` 用于静态网站 +- `/etc/nginx/nginx.conf` 作为默认配置 @@ -472,11 +470,11 @@ each container. 应用的方法与 Pod 的安全上下文中指定的 GID 相同。 每个 GID,无论是来自 PersistentVolume 注解还是来自 Pod 规约,都会被应用于每个容器中运行的第一个进程。 +{{< note >}} -{{< note >}} 当 Pod 使用 PersistentVolume 时,与 PersistentVolume 关联的 GID 不会在 Pod 资源本身的对象上出现。 {{< /note >}} @@ -493,7 +491,7 @@ PersistentVolume are not present on the Pod resource itself. -### 参考 +### 参考 {#reference} * [PersistentVolume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolume-v1-core) * [PersistentVolumeSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumespec-v1-core) From 22d83f4c65d6e8b341f55e44536a33cfa796a5bb Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 6 Mar 2023 18:02:50 +0800 Subject: [PATCH 295/537] add - before an unordered list in configure-pvc page --- .../configure-persistent-volume-storage.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md b/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md index a9a281f5b72d4..f60b36f7128bc 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md +++ b/content/en/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md @@ -67,6 +67,7 @@ cat /mnt/data/index.html ``` The output should be: + ``` Hello from Kubernetes storage ``` @@ -247,8 +248,8 @@ You can now close the shell to your Node. You can perform 2 volume mounts on your nginx container: -`/usr/share/nginx/html` for the static website -`/etc/nginx/nginx.conf` for the default config +- `/usr/share/nginx/html` for the static website +- `/etc/nginx/nginx.conf` for the default config @@ -261,6 +262,7 @@ with a GID. Then the GID is automatically added to any Pod that uses the PersistentVolume. Use the `pv.beta.kubernetes.io/gid` annotation as follows: + ```yaml apiVersion: v1 kind: PersistentVolume @@ -269,6 +271,7 @@ metadata: annotations: pv.beta.kubernetes.io/gid: "1234" ``` + When a Pod consumes a PersistentVolume that has a GID annotation, the annotated GID is applied to all containers in the Pod in the same way that GIDs specified in the Pod's security context are. Every GID, whether it originates from a PersistentVolume From 3ea1d6790a2ddcbd420310cc0649e7ac26892d86 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 09:04:30 +0900 Subject: [PATCH 296/537] Update content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index a8cf9e0129b23..d548e5e836e44 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -228,7 +228,7 @@ Podアフィニティとアンチアフィニティの`operator`フィールド Pod間アフィニティとアンチアフィニティは、ReplicaSet、StatefulSet、Deploymentなどのより高レベルなコレクションと併せて使用するとさらに有用です。これらのルールにより、ワークロードのセットが同じ定義されたトポロジーに併置されるように設定できます。たとえば、2つの関連するPodを同じNodeに配置することが好ましい場合です。 -例えば、3つのNodeで構成されるクラスターを想像してください。クラスターを使用してウェブアプリケーションを実行し、さらにインメモリキャッシュ(Redisなど)を使用します。この例では、ウェブアプリケーションとメモリキャッシュの間のレイテンシーは実用的な範囲の低さも想定しています。Pod間アフィニティやアンチアフィニティを使って、ウェブサーバーとキャッシュをなるべく同じ場所に配置することができます。 +例えば、3つのNodeで構成されるクラスターを想像してください。そのクラスターを使用してウェブアプリケーションを実行し、さらにインメモリーキャッシュ(Redisなど)を使用します。この例では、ウェブアプリケーションとメモリーキャッシュの間のレイテンシーは実用的な範囲の低さも想定しています。Pod間アフィニティやアンチアフィニティを使って、ウェブサーバーとキャッシュをなるべく同じ場所に配置することができます。 以下のRedisキャッシュのDeploymentの例では、各レプリカはラベル`app=store`が付与されています。`podAntiAffinity`ルールは、`app=store`ラベルを持つ複数のレプリカを単一Nodeに配置しないよう、スケジューラーに指示します。これにより、各キャッシュが別々のNodeに作成されます。 From 3db17caaa305b7b0f0f20a59a83206b5f073e83a Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 09:04:43 +0900 Subject: [PATCH 297/537] Update content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index d548e5e836e44..534356dc89d53 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -303,7 +303,7 @@ spec: image: nginx:1.16-alpine ``` -上記2つのDeploymentが生成されると、以下のようなクラスター構成になり、各Webサーバーはキャッシュと同位置に、3つの別々のNodeに配置されます。 +上記2つのDeploymentが生成されると、以下のようなクラスター構成になり、各ウェブサーバーはキャッシュと同位置に、3つの別々のNodeに配置されます。 | node-1 | node-2 | node-3 | |:--------------------:|:-------------------:|:------------------:| From e761735da67f5185eaae7fceac9e4ff1a8d92f21 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 09:05:12 +0900 Subject: [PATCH 298/537] Update content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index 534356dc89d53..c1d848d928ed0 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -351,6 +351,6 @@ _トポロジー分散制約_ を使って、リージョン、ゾーン、Node * [TaintとToleration](/ja/docs/concepts/scheduling-eviction/taint-and-toleration/)についてもっと読む。 * [Nodeアフィニティ](https://git.k8s.io/design-proposals-archive/scheduling/nodeaffinity.md)と[Pod間アフィニティ/アンチアフィニティ](https://git.k8s.io/design-proposals-archive/scheduling/podaffinity.md)のデザインドキュメントを読む。 -* [トポロジーマネージャー](/ja/docs/tasks/administer-cluster/topology-manager/)がNodeレベルリソースの割り当て決定に参加する方法について学ぶ。 +* [トポロジーマネージャー](/ja/docs/tasks/administer-cluster/topology-manager/)がNodeレベルのリソース割り当ての決定にどのように関与しているかについて学ぶ。 * [nodeSelector](/ja/docs/tasks/configure-pod-container/assign-pods-nodes/)の使用方法について学ぶ。 * [アフィニティとアンチアフィニティ](/ja/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)の使用方法について学ぶ。 From fc6c72fab683c648d6f7b06fd15918fda1fe03da Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 09:05:42 +0900 Subject: [PATCH 299/537] Update content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index c1d848d928ed0..a213ba723b487 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -262,7 +262,7 @@ spec: image: redis:3.2-alpine ``` -次の Web サーバーのDeployment例では、`app=web-store`ラベルが付与されたレプリカを作成します。Podアフィニティルールは、各レプリカを、`app=store`ラベルが付与されたPodを持つNodeに配置するようスケジューラーに指示します。Podアンチアフィニティルールは、1つのNodeに複数の`app=web-store`サーバーを配置しないようにスケジューラーに指示します。 +次のウェブサーバーのDeployment例では、`app=web-store`ラベルが付与されたレプリカを作成します。Podアフィニティルールは、各レプリカを、`app=store`ラベルが付与されたPodを持つNodeに配置するようスケジューラーに指示します。Podアンチアフィニティルールは、1つのNodeに複数の`app=web-store`サーバーを配置しないようにスケジューラーに指示します。 ```yaml apiVersion: apps/v1 From 7824b8d5e08eb462a652f9239a6c9e92c479dd06 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 09:06:12 +0900 Subject: [PATCH 300/537] Update content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index a213ba723b487..79852409f909d 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -317,7 +317,7 @@ Podアンチアフィニティを使用する理由は他にもあります。 ## nodeName -`nodeName`はアフィニティや`nodeSelector`よりも直接的なNode選択形式になります。`nodeName`はPod仕様(spec)のフィールドです。`nodeName`フィールドが空でない場合、スケジューラーはPodを考慮せずに、指定されたNodeにあるkubeletはそのNodeにPodを配置しようとします。`nodeName`を使用すると、`nodeSelector`やアフィニティおよびアンチアフィニティルールを使用するよりも優先されます。 +`nodeName`はアフィニティや`nodeSelector`よりも直接的なNode選択形式になります。`nodeName`はPod仕様(spec)内のフィールドです。`nodeName`フィールドが空でない場合、スケジューラーはPodを考慮せずに、指定されたNodeにあるkubeletがそのNodeにPodを配置しようとします。`nodeName`を使用すると、`nodeSelector`やアフィニティおよびアンチアフィニティルールを使用するよりも優先されます。 `nodeName`を使ってNodeを選択する場合の制約は以下の通りです: From 17971a75e1b9d0515d0416b0e3e229c05f5058da Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 13:38:40 +0900 Subject: [PATCH 301/537] Update content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md --- content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index 79852409f909d..4404abd8762ae 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -157,7 +157,7 @@ profiles: `addedAffinity`はエンドユーザーには見えないので、その動作はエンドユーザーにとって予期しないものになる可能性があります。スケジューラープロファイル名と明確な相関関係のあるNodeラベルを使用すべきです。 {{< note >}} -[DaemonSetのPodを作成する](/ja/docs/concepts/workloads/controllers/daemonset/#how-daemon-pods-are-scheduled)DaemonSetコントローラーは、スケジューリングプロファイルをサポートしていません。DaemonSetコントローラーがPodを作成すると、デフォルトのKubernetesスケジューラーがそれらのPodを配置し、DaemonSetコントローラーの`nodeAffinity`ルールに優先して従います。 +[DaemonSetのPodを作成する](/ja/docs/concepts/workloads/controllers/daemonset/#scheduled-by-default-scheduler)DaemonSetコントローラーは、スケジューリングプロファイルをサポートしていません。DaemonSetコントローラーがPodを作成すると、デフォルトのKubernetesスケジューラーがそれらのPodを配置し、DaemonSetコントローラーの`nodeAffinity`ルールに優先して従います。 {{< /note >}} ### Pod間のアフィニティとアンチアフィニティ From 8e42d86aa682d30e378b5e4a2eaa5cb5dbe5c72b Mon Sep 17 00:00:00 2001 From: utkarsh-singh1 Date: Tue, 7 Mar 2023 11:29:35 +0530 Subject: [PATCH 302/537] Updated french documrnt web-ui-dashboard.md Signed-off-by: utkarsh-singh1 --- .../docs/tasks/access-application-cluster/web-ui-dashboard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/tasks/access-application-cluster/web-ui-dashboard.md b/content/fr/docs/tasks/access-application-cluster/web-ui-dashboard.md index ba5d296adb5f8..539bec39f9ea3 100644 --- a/content/fr/docs/tasks/access-application-cluster/web-ui-dashboard.md +++ b/content/fr/docs/tasks/access-application-cluster/web-ui-dashboard.md @@ -29,7 +29,7 @@ L'interface utilisateur du tableau de bord n'est pas déployée par défaut. Pour le déployer, exécutez la commande suivante: ```text -kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/charts/recommended.yaml ``` ## Accès à l'interface utilisateur du tableau de bord From 20a3712cc78d0bad40a0a217aec33be7b09114a9 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:53:50 +0900 Subject: [PATCH 303/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index da2671ca776e3..876c1276536be 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -33,7 +33,7 @@ DaemonSetのいくつかの典型的な使用例は以下の通りです。 YAMLファイルに基づいてDaemonSetを作成します。 ``` -kubectl apply -f https://k8s.io/examples/controllers/daemonset.yal +kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml ``` ### 必須のフィールド From d47ec5d44992594ceb068cac40ba5706644980ac Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:54:00 +0900 Subject: [PATCH 304/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 876c1276536be..6f9dab1607d5c 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -55,7 +55,7 @@ Podに対する必須のフィールドに加えて、DaemonSet内のPodテン DaemonSet内のPodテンプレートでは、[`RestartPolicy`](/ja/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy)フィールドを指定せずにデフォルトの`Always`を使用するか、明示的に`Always`を設定するかのどちらかである必要があります。 -### Podセレクター +### Podセレクター `.spec.selector`フィールドはPodセレクターとなります。これは[Job](/ja/docs/concepts/workloads/controllers/job/)の`.spec.selector`と同じものです。 From 5ef089cdca11f4407991db1102d6c7255b960913 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:54:31 +0900 Subject: [PATCH 305/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 6f9dab1607d5c..d0f775db2f5a5 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -78,7 +78,7 @@ DaemonSet内のPodテンプレートでは、[`RestartPolicy`](/ja/docs/concepts ## Daemon Podがどのようにスケジューリングされるか -DaemonSetは全ての利用可能なNodeが単一のPodのコピーを稼働させることを保証します。DaemonSetコントローラーは対象となる各Nodeに対してPodを作成し、ターゲットホストに一致するようにPodの`spec.affinity.nodeAffinity`フィールドを追加します。Podが作成されると、デフォルトのスケジューラーが慣例的に引き継ぎ、`.spec.nodeName`を設定することでPodをターゲットホストにバインドします。新しいNodeに適合できない場合、デフォルトスケジューラーは新しいPodの[優先度](/ja/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)に基づいて既存Podのいくつかを先取り(退避)させることがあります。 +DaemonSetは、全ての利用可能なNodeがPodのコピーを稼働させることを保証します。DaemonSetコントローラーは対象となる各Nodeに対してPodを作成し、ターゲットホストに一致するようにPodの`spec.affinity.nodeAffinity`フィールドを追加します。Podが作成されると、通常はデフォルトのスケジューラーが引き継ぎ、`.spec.nodeName`を設定することでPodをターゲットホストにバインドします。新しいNodeに適合できない場合、デフォルトスケジューラーは新しいPodの[優先度](/ja/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)に基づいて、既存Podのいくつかを先取り(退避)させることがあります。 ユーザーは、DaemonSetの`.spec.template.spec.schedulerName`フィールドを設定することにより、DaemonSetのPodsに対して異なるスケジューラーを指定することができます。 From 74982a315514a707fb5531b2264af8c786b537cb Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:54:50 +0900 Subject: [PATCH 306/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index d0f775db2f5a5..1707ee10d73df 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -80,7 +80,7 @@ DaemonSet内のPodテンプレートでは、[`RestartPolicy`](/ja/docs/concepts DaemonSetは、全ての利用可能なNodeがPodのコピーを稼働させることを保証します。DaemonSetコントローラーは対象となる各Nodeに対してPodを作成し、ターゲットホストに一致するようにPodの`spec.affinity.nodeAffinity`フィールドを追加します。Podが作成されると、通常はデフォルトのスケジューラーが引き継ぎ、`.spec.nodeName`を設定することでPodをターゲットホストにバインドします。新しいNodeに適合できない場合、デフォルトスケジューラーは新しいPodの[優先度](/ja/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)に基づいて、既存Podのいくつかを先取り(退避)させることがあります。 -ユーザーは、DaemonSetの`.spec.template.spec.schedulerName`フィールドを設定することにより、DaemonSetのPodsに対して異なるスケジューラーを指定することができます。 +ユーザーは、DaemonSetの`.spec.template.spec.schedulerName`フィールドを設定することにより、DaemonSetのPodに対して異なるスケジューラーを指定することができます。 `.spec.template.spec.affinity.nodeAffinity`フィールド(指定された場合)で指定された元のNodeアフィニティは、DaemonSetコントローラーが対象Nodeを評価する際に考慮されますが、作成されたPod上では対象Nodeの名前と一致するNodeアフィニティに置き換わります。 From 93ffc31f3cf49e63e1d7b3fd97efaa4854f8e248 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:55:05 +0900 Subject: [PATCH 307/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 1707ee10d73df..45eb01b951853 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -108,7 +108,7 @@ text="Toleration" term_id="toleration" >}}を自動的に追加します: | [`node.kubernetes.io/not-ready`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-not-ready) | `NoExecute` | 健康でないNodeや、Podを受け入れる準備ができていないNodeにDaemonSet Podをスケジュールできるように設定します。そのようなNode上で動作しているDaemonSet Podは退避されることがありません。 | | [`node.kubernetes.io/unreachable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unreachable) | `NoExecute` | Nodeコントローラーから到達できないNodeにDaemonSet Podをスケジュールできるように設定します。このようなNode上で動作しているDaemonSet Podは、退避されません。 | | [`node.kubernetes.io/disk-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-disk-pressure) | `NoSchedule` | ディスク不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | -| [`node.kubernetes.io/memory-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-memory-pressure) | `NoSchedule` | メモリ不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | +| [`node.kubernetes.io/memory-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-memory-pressure) | `NoSchedule` | メモリー不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/pid-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-pid-pressure) | `NoSchedule` | 処理プレッシャー問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/unschedulable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unschedulable) | `NoSchedule` | スケジューリング不可能なNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/network-unavailable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-network-unavailable) | `NoSchedule` | **ホストネットワークを要求するDaemonSet Podにのみ追加できます**、つまり`spec.hostNetwork: true`と設定されているPodです。このようなDaemonSet Podは、ネットワークが利用できないNodeにスケジュールできるように設定できます。| From b942bf663538a55870137e2c91231778dca3bc66 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:55:22 +0900 Subject: [PATCH 308/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 45eb01b951853..fb3196dbd1267 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -109,7 +109,7 @@ text="Toleration" term_id="toleration" >}}を自動的に追加します: | [`node.kubernetes.io/unreachable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unreachable) | `NoExecute` | Nodeコントローラーから到達できないNodeにDaemonSet Podをスケジュールできるように設定します。このようなNode上で動作しているDaemonSet Podは、退避されません。 | | [`node.kubernetes.io/disk-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-disk-pressure) | `NoSchedule` | ディスク不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/memory-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-memory-pressure) | `NoSchedule` | メモリー不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | -| [`node.kubernetes.io/pid-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-pid-pressure) | `NoSchedule` | 処理プレッシャー問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | +| [`node.kubernetes.io/pid-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-pid-pressure) | `NoSchedule` | 処理負荷に問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/unschedulable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unschedulable) | `NoSchedule` | スケジューリング不可能なNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/network-unavailable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-network-unavailable) | `NoSchedule` | **ホストネットワークを要求するDaemonSet Podにのみ追加できます**、つまり`spec.hostNetwork: true`と設定されているPodです。このようなDaemonSet Podは、ネットワークが利用できないNodeにスケジュールできるように設定できます。| From b3db57752e6034f1dc255615bc3c396d79da9ce0 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:55:51 +0900 Subject: [PATCH 309/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index fb3196dbd1267..a9f7fdf1b1956 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -117,7 +117,7 @@ text="Toleration" term_id="toleration" >}}を自動的に追加します: DaemonSetのPodテンプレートで定義すれば、DaemonSetのPodに独自のTolerationを追加することも可能です。 -DaemonSetコントローラーは`node.kubernetes.io/unschedulable:NoSchedule`Tolerationを自動的に設定するため、Kubernetesは _スケジューリング不可能_ としてマークされているNodeでDaemonSet Podを実行することが可能です。 +DaemonSetコントローラーは`node.kubernetes.io/unschedulable:NoSchedule`のTolerationを自動的に設定するため、Kubernetesは _スケジューリング不可能_ としてマークされているNodeでDaemonSet Podを実行することが可能です。 [クラスターのネットワーク](/ja/docs/concepts/cluster-administration/networking/)のような重要なNodeレベル機能をDaemonSetで提供する場合、KubernetesがDaemonSet PodをNodeが準備完了になる前に配置することは有用です。 例えば、その特別なTolerationがなければ、ネットワークプラグインがそこで実行されていないためにNodeが準備完了としてマークされず、同時にNodeがまだ準備完了でないためにそのNode上でネットワークプラグインが実行されていないというデッドロック状態に陥ってしまう可能性があるのです。 From d68da8ec5d5e8048b765ee4df872de66905eaad3 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:56:11 +0900 Subject: [PATCH 310/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index a9f7fdf1b1956..f5222384b148f 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -119,7 +119,7 @@ DaemonSetのPodテンプレートで定義すれば、DaemonSetのPodに独自 DaemonSetコントローラーは`node.kubernetes.io/unschedulable:NoSchedule`のTolerationを自動的に設定するため、Kubernetesは _スケジューリング不可能_ としてマークされているNodeでDaemonSet Podを実行することが可能です。 -[クラスターのネットワーク](/ja/docs/concepts/cluster-administration/networking/)のような重要なNodeレベル機能をDaemonSetで提供する場合、KubernetesがDaemonSet PodをNodeが準備完了になる前に配置することは有用です。 +[クラスターのネットワーク](/ja/docs/concepts/cluster-administration/networking/)のような重要なNodeレベルの機能をDaemonSetで提供する場合、KubernetesがDaemonSet PodをNodeが準備完了になる前に配置することは有用です。 例えば、その特別なTolerationがなければ、ネットワークプラグインがそこで実行されていないためにNodeが準備完了としてマークされず、同時にNodeがまだ準備完了でないためにそのNode上でネットワークプラグインが実行されていないというデッドロック状態に陥ってしまう可能性があるのです。 ## Daemon Podとのコミュニケーション From 60ab92635e8495c53b6bf6ddcd727364fc3f5a29 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:56:27 +0900 Subject: [PATCH 311/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index f5222384b148f..09e361c6a9977 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -129,7 +129,7 @@ DaemonSet内のPodとのコミュニケーションをする際に考えられ - **Push**: DaemonSet内のPodは統計データベースなどの他のサービスに対して更新情報を送信するように設定されます。クライアントは持っていません。 - **NodeIPとKnown Port**: PodがNodeIPを介して疎通できるようにするため、DaemonSet内のPodは`hostPort`を使用できます。慣例により、クライアントはNodeIPのリストとポートを知っています。 - **DNS**: 同じPodセレクターを持つ[HeadlessService](/ja/docs/concepts/services-networking/service/#headless-service)を作成し、`endpoints`リソースを使ってDaemonSetを探すか、DNSから複数のAレコードを取得します。 -- **Service**: 同じPodセレクターを持つServiceを作成し、複数のうちのいずれかのNode上のDaemonに疎通させるためにそのServiceを使います。(特定のNodeにアクセスする方法がありません。) +- **Service**: 同じPodセレクターを持つServiceを作成し、複数のうちのいずれかのNode上のDaemonに疎通させるためにそのServiceを使います。(特定のNodeにアクセスする方法はありません。) ## DaemonSetの更新 From 78f342cc82e1c1345b31a41a14a28d025fff9232 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:56:47 +0900 Subject: [PATCH 312/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 09e361c6a9977..8a1a3090418e4 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -111,7 +111,7 @@ text="Toleration" term_id="toleration" >}}を自動的に追加します: | [`node.kubernetes.io/memory-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-memory-pressure) | `NoSchedule` | メモリー不足問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/pid-pressure`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-pid-pressure) | `NoSchedule` | 処理負荷に問題のあるNodeにDaemonSet Podをスケジュールできるように設定します。 | | [`node.kubernetes.io/unschedulable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-unschedulable) | `NoSchedule` | スケジューリング不可能なNodeにDaemonSet Podをスケジュールできるように設定します。 | -| [`node.kubernetes.io/network-unavailable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-network-unavailable) | `NoSchedule` | **ホストネットワークを要求するDaemonSet Podにのみ追加できます**、つまり`spec.hostNetwork: true`と設定されているPodです。このようなDaemonSet Podは、ネットワークが利用できないNodeにスケジュールできるように設定できます。| +| [`node.kubernetes.io/network-unavailable`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-network-unavailable) | `NoSchedule` | **ホストネットワークを要求するDaemonSet Podにのみ追加できます**、つまり`spec.hostNetwork: true`と設定されているPodです。このようなDaemonSet Podは、ネットワークが利用できないNodeにスケジュールできるように設定します。| {{< /table >}} From 947170af0bada3cf9800547f7a64ac2b20841de6 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:57:00 +0900 Subject: [PATCH 313/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index 8a1a3090418e4..d813d45b032d6 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -124,7 +124,7 @@ DaemonSetコントローラーは`node.kubernetes.io/unschedulable:NoSchedule` ## Daemon Podとのコミュニケーション -DaemonSet内のPodとのコミュニケーションをする際に考えられるパターンは以下の通りです。: +DaemonSet内のPodとのコミュニケーションをする際に考えられるパターンは以下の通りです: - **Push**: DaemonSet内のPodは統計データベースなどの他のサービスに対して更新情報を送信するように設定されます。クライアントは持っていません。 - **NodeIPとKnown Port**: PodがNodeIPを介して疎通できるようにするため、DaemonSet内のPodは`hostPort`を使用できます。慣例により、クライアントはNodeIPのリストとポートを知っています。 From a37532c0b85e93687e6804379f6e98510fe280cc Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:58:02 +0900 Subject: [PATCH 314/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index d813d45b032d6..c5b129442e56a 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -149,7 +149,7 @@ Node上で直接起動することにより(例: `init`、`upstartd`、`systemd` - アプリケーションと同じ方法でデーモンの監視とログの管理ができる。 - デーモンとアプリケーションで同じ設定用の言語とツール(例: Podテンプレート、`kubectl`)を使える。 -- リソースリミットを使ったコンテナ内でデーモンを稼働させることにより、デーモンとアプリケーションコンテナの分離を促進します。しかし、これはPod内でなく、コンテナ内でデーモンを稼働させることにより可能です。 +- リソースリミットを使ったコンテナ内でデーモンを稼働させることにより、デーモンとアプリケーションコンテナの分離性が高まります。ただし、これはPod内ではなく、コンテナ内でデーモンを稼働させることでも可能です。 ### ベアPod From 646bc62495d1847c221e440562820e22265fda3c Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:59:27 +0900 Subject: [PATCH 315/537] Update content/ja/docs/concepts/workloads/controllers/daemonset.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- content/ja/docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/daemonset.md b/content/ja/docs/concepts/workloads/controllers/daemonset.md index c5b129442e56a..f0f9379993e22 100644 --- a/content/ja/docs/concepts/workloads/controllers/daemonset.md +++ b/content/ja/docs/concepts/workloads/controllers/daemonset.md @@ -164,7 +164,7 @@ Kubeletによって監視されているディレクトリに対してファイ DaemonSetは、Podの作成し、そのPodが停止されることのないプロセスを持つことにおいて[Deployment](/ja/docs/concepts/workloads/controllers/deployment/)と同様です(例: webサーバー、ストレージサーバー)。 フロントエンドのようなServiceのように、どのホスト上にPodが稼働するか制御するよりも、レプリカ数をスケールアップまたはスケールダウンしたりローリングアップデートする方が重要であるような、状態をもたないServiceに対してDeploymentを使ってください。 -DaemonSetがNodeレベルの機能を提供し、他のPodがその特定のNodeで正しく動作するようにする場合、Podのコピーが全てまたは特定のホスト上で常に稼働していることが重要な場合や、他のPodの前に起動させる必要があるときにDaemonSetを使ってください。 +DaemonSetがNodeレベルの機能を提供し、他のPodがその特定のNodeで正しく動作するようにする場合、Podのコピーが全てまたは特定のホスト上で常に稼働していることが重要な場合にDaemonSetを使ってください。 例えば、[ネットワークプラグイン](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)には、DaemonSetとして動作するコンポーネントが含まれていることがよくあります。DaemonSetコンポーネントは、それが動作しているNodeでクラスターネットワークが動作していることを確認します。 From bccd515e3ea8ecc79a06cb7ae71204085225baca Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 7 Mar 2023 18:06:23 +0800 Subject: [PATCH 316/537] [zh] sync organize-cluster-access-kubeconfig.md --- .../organize-cluster-access-kubeconfig.md | 108 +++++++++--------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/content/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig.md b/content/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig.md index c181e32fcef7b..d89e7c7f1f3f8 100644 --- a/content/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig.md +++ b/content/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig.md @@ -20,27 +20,23 @@ of a cluster. 使用 kubeconfig 文件来组织有关集群、用户、命名空间和身份认证机制的信息。 `kubectl` 命令行工具使用 kubeconfig 文件来查找选择集群所需的信息,并与集群的 API 服务器进行通信。 - -{{< note >}} -用于配置集群访问的文件称为“kubeconfig 文件”。 -这是引用配置文件的通用方法,并不意味着有一个名为 `kubeconfig` 的文件 +用于配置集群访问的文件称为 **kubeconfig 文件**。 +这是引用到配置文件的通用方法,并不意味着有一个名为 `kubeconfig` 的文件。 {{< /note >}} - -{{< warning >}} -只使用来源可靠的 kubeconfig 文件。使用特制的 kubeconfig 文件可能会导致恶意代码执行或文件暴露。 -如果必须使用不受信任的 kubeconfig 文件,请首先像检查 shell 脚本一样仔细检查它。 +请务必仅使用来源可靠的 kubeconfig 文件。使用特制的 kubeconfig 文件可能会导致恶意代码执行或文件暴露。 +如果必须使用不受信任的 kubeconfig 文件,请首先像检查 Shell 脚本一样仔细检查此文件。 {{< /warning>}} -有关创建和指定 kubeconfig 文件的分步说明,请参阅 -[配置对多集群的访问](/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters)。 +有关创建和指定 kubeconfig 文件的分步说明, +请参阅[配置对多集群的访问](/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters)。 -## 支持多集群、用户和身份认证机制 +## 支持多集群、用户和身份认证机制 {#support-clusters-users-and-authn} -## 上下文(Context) +## 上下文(Context) {#context} -选择当前上下文 +选择当前上下文: ```shell kubectl config use-context @@ -116,7 +112,7 @@ kubectl config use-context -## KUBECONFIG 环境变量 +## KUBECONFIG 环境变量 {#kubeconfig-env-var} `KUBECONFIG` 环境变量包含一个 kubeconfig 文件列表。 -对于 Linux 和 Mac,列表以冒号分隔。对于 Windows,列表以分号分隔。 -`KUBECONFIG` 环境变量不是必要的。 -如果 `KUBECONFIG` 环境变量不存在,`kubectl` 使用默认的 kubeconfig 文件,`$HOME/.kube/config`。 +对于 Linux 和 Mac,此列表以英文冒号分隔。对于 Windows,此列表以英文分号分隔。 +`KUBECONFIG` 环境变量不是必需的。 +如果 `KUBECONFIG` 环境变量不存在,`kubectl` 将使用默认的 kubeconfig 文件:`$HOME/.kube/config`。 -如果 `KUBECONFIG` 环境变量存在,`kubectl` 使用 `KUBECONFIG` 环境变量中列举的文件合并后的有效配置。 +如果 `KUBECONFIG` 环境变量存在,`kubectl` 将使用 `KUBECONFIG` 环境变量中列举的文件合并后的有效配置。 -## 合并 kubeconfig 文件 +## 合并 kubeconfig 文件 {#merge-kubeconfig-files} -如前所述,输出可能来自 kubeconfig 文件,也可能是合并多个 kubeconfig 文件的结果。 +如前所述,输出可能来自单个 kubeconfig 文件,也可能是合并多个 kubeconfig 文件的结果。 - 有关设置 `KUBECONFIG` 环境变量的示例,请参阅 - [设置 KUBECONFIG 环境变量](/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters/#set-the-kubeconfig-environment-variable)。 + --> + 有关设置 `KUBECONFIG` 环境变量的示例, + 请参阅[设置 KUBECONFIG 环境变量](/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters/#set-the-kubeconfig-environment-variable)。 - - 否则,使用默认的 kubeconfig 文件, `$HOME/.kube/config`,不进行合并。 + --> + 否则,使用默认的 kubeconfig 文件(`$HOME/.kube/config`),不进行合并。 2. 根据此链中的第一个匹配确定要使用的上下文。 - 1. 如果存在,使用 `--context` 命令行参数。 + 1. 如果存在上下文,则使用 `--context` 命令行参数。 2. 使用合并的 kubeconfig 文件中的 `current-context`。 - + --> 这种场景下允许空上下文。 -3. 确定集群和用户。此时,可能有也可能没有上下文。根据此链中的第一个匹配确定集群和用户,这将运行两次:一次用于用户,一次用于集群。 +3. 确定集群和用户。此时,可能有也可能没有上下文。根据此链中的第一个匹配确定集群和用户, + 这将运行两次:一次用于用户,一次用于集群。 - 1. 如果存在,使用命令行参数:`--user` 或者 `--cluster`。 - 2. 如果上下文非空,从上下文中获取用户或集群。 + 1. 如果存在用户或集群,则使用命令行参数:`--user` 或者 `--cluster`。 + 2. 如果上下文非空,则从上下文中获取用户或集群。 - + --> 这种场景下用户和集群可以为空。 -4. 确定要使用的实际集群信息。此时,可能有也可能没有集群信息。基于此链构建每个集群信息;第一个匹配项会被采用: +4. 确定要使用的实际集群信息。此时,可能有也可能没有集群信息。 + 基于此链构建每个集群信息;第一个匹配项会被采用: - 1. 如果存在:`--server`、`--certificate-authority` 和 `--insecure-skip-tls-verify`,使用命令行参数。 - 2. 如果合并的 kubeconfig 文件中存在集群信息属性,则使用它们。 + 1. 如果存在集群信息,则使用命令行参数:`--server`、`--certificate-authority` 和 `--insecure-skip-tls-verify`。 + 2. 如果合并的 kubeconfig 文件中存在集群信息属性,则使用这些属性。 3. 如果没有 server 配置,则配置无效。 -5. 确定要使用的实际用户信息。使用与集群信息相同的规则构建用户信息,但每个用户只允许一种身份认证技术: +5. 确定要使用的实际用户信息。使用与集群信息相同的规则构建用户信息,但对于每个用户只允许使用一种身份认证技术: - 1. 如果存在:`--client-certificate`、`--client-key`、`--username`、`--password` 和 `--token`,使用命令行参数。 + 1. 如果存在用户信息,则使用命令行参数:`--client-certificate`、`--client-key`、`--username`、`--password` 和 `--token`。 2. 使用合并的 kubeconfig 文件中的 `user` 字段。 3. 如果存在两种冲突技术,则配置无效。 6. 对于仍然缺失的任何信息,使用其对应的默认值,并可能提示输入身份认证信息。 @@ -273,7 +273,7 @@ Here are the rules that `kubectl` uses when it merges kubeconfig files: -## 文件引用 +## 文件引用 {#file-reference} kubeconfig 文件中的文件和路径引用是相对于 kubeconfig 文件的位置。 命令行上的文件引用是相对于当前工作目录的。 -在 `$HOME/.kube/config` 中,相对路径按相对路径存储,绝对路径按绝对路径存储。 +在 `$HOME/.kube/config` 中,相对路径按相对路径存储,而绝对路径按绝对路径存储。 -## 代理 +## 代理 {#proxy} 你可以在 `kubeconfig` 文件中,为每个集群配置 `proxy-url` 来让 `kubectl` 使用代理,例如: From f5bb98716ec08b77242b05d996cb4daf357e103c Mon Sep 17 00:00:00 2001 From: marianogg9 Date: Tue, 7 Mar 2023 13:01:17 +0100 Subject: [PATCH 317/537] rephrased finalizers.md --- content/es/docs/reference/glossary/finalizer.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/es/docs/reference/glossary/finalizer.md b/content/es/docs/reference/glossary/finalizer.md index 765ab36a83ad0..af8367da7b62d 100644 --- a/content/es/docs/reference/glossary/finalizer.md +++ b/content/es/docs/reference/glossary/finalizer.md @@ -9,9 +9,8 @@ short_description: > aka: tags: - fundamental -- operation --- -Los finalizadores son atributos de un namespace que dictan a Kubernetes a +Los finalizadores son atributos de un namespace que instruyen a Kubernetes a esperar a que ciertas condiciones sean satisfechas antes que pueda borrar definitivamente un objeto que ha sido marcado para eliminarse. Los finalizadores alertan a los {{}} From e7f950f3724c8e7d798901404ff2dbae9f12440f Mon Sep 17 00:00:00 2001 From: ystkfujii Date: Tue, 7 Mar 2023 04:43:00 +0900 Subject: [PATCH 318/537] Update coredns.md --- .../docs/tasks/administer-cluster/coredns.md | 50 ++++++------------- 1 file changed, 14 insertions(+), 36 deletions(-) diff --git a/content/ja/docs/tasks/administer-cluster/coredns.md b/content/ja/docs/tasks/administer-cluster/coredns.md index a2c05085f10e0..a6fb9a7e6eb60 100644 --- a/content/ja/docs/tasks/administer-cluster/coredns.md +++ b/content/ja/docs/tasks/administer-cluster/coredns.md @@ -21,7 +21,6 @@ content_type: task 既存のデプロイでkube-dnsを置き換えるか、クラスターのデプロイとアップグレードを代行してくれるkubeadmのようなツールを使用することで、クラスターでkube-dnsの代わりにCoreDNSを使用することができます。 - ## CoreDNSのインストール {#installing-coredns} kube-dnsの手動デプロイや置き換えについては、[CoreDNS GitHub project](https://github.com/coredns/deployment/tree/master/kubernetes)のドキュメントを参照してください。 @@ -30,53 +29,32 @@ kube-dnsの手動デプロイや置き換えについては、[CoreDNS GitHub pr ### kubeadmを使用した既存のクラスターのアップグレード {#upgrading-an-existing-cluster-with-kubeadm} -Kubernetesバージョン1.10以降では、`kube-dns`を使用しているクラスターを`kubeadm`を使用してアップグレードするときに、CoreDNSに移行することもできます。この場合、`kubeadm`は、`kube-dns` ConfigMapをベースにしてCoreDNS設定("Corefile")を生成し、フェデレーション、スタブドメイン、および上流のネームサーバーの設定を保持します。 - -kube-dnsからCoreDNSに移行する場合は、アップグレード時に必ず`CoreDNS`フィーチャーゲートを`true`に設定してください。たとえば、`v1.11.0`のアップグレードは次のようになります: -``` -kubeadm upgrade apply v1.11.0 --feature-gates=CoreDNS=true -``` - -Kubernetesバージョン1.13以降では、`CoreDNS`フィーチャーゲートが削除され、CoreDNSがデフォルトで使用されます。アップグレードしたクラスターでkube-dnsを使用する場合は、[こちら](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase#cmd-phase-addon)のガイドに従ってください。 - -1.11以前のバージョンでは、Corefileはアップグレード中に作成されたものによって**上書き**されます。**カスタマイズしている場合は、既存のConfigMapを保存する必要があります。** 新しいConfigMapが稼働したら、カスタマイズを再適用できます。 - -Kubernetesバージョン1.11以降でCoreDNSを実行している場合、アップグレード中、既存のCorefileは保持されます。 - - -### kubeadmを使用してCoreDNSの代わりにkube-dnsをインストールする {#installing-kube-dns-instead-of-coredns-with-kubeadm} +Kubernetesバージョン1.21で`kubeadm`はDNSアプリケーションとしての`kube-dns`に対するサポートを削除しました。 +`kubeadm` v{{< skew currentVersion >}}に対してサポートされるクラスターDNSアプリケーションは`CoreDNS`のみです。 -{{< note >}} -Kubernetes 1.11では、CoreDNSは一般利用可能(GA)にアップグレードされ、デフォルトでインストールされます。 -{{< /note >}} - -{{< warning >}} -Kubernetes 1.18では、kubeadmでのkube-dns使用は非推奨となり、将来のバージョンでは削除されます。 -{{< /warning >}} - -1.13以前のバージョンにkube-dnsをインストールするには、`CoreDNS`フィーチャーゲートの値を`false`に設定します: - -``` -kubeadm init --feature-gates=CoreDNS=false -``` - -バージョン1.13以降の場合は、[こちら](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase#cmd-phase-addon)に記載されているガイドに従ってください。 +`kube-dns`を使用しているクラスターを`kubeadm`を使用してアップグレードするときに、CoreDNSに移行することができます。 +この場合、`kubeadm`は、`kube-dns` ConfigMapをベースにして`CoreDNS`設定("Corefile")を生成し、スタブドメインおよび上流のネームサーバーの設定を保持します。 ## CoreDNSのアップグレード {#upgrading-coredns} -CoreDNSはv1.9以降のKubernetesで使用できます。Kubernetesに同梱されているCoreDNSのバージョンと、CoreDNSに加えられた変更は[こちら](https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md)で確認できます。 +Kubernetesのバージョンごとに`kubeadm`がインストールする`CoreDNS`のバージョンは、[KubernetesにおけるCoreDNSのバージョン](https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md)のページで確認することができます。 -CoreDNSだけをアップグレードしたい場合や、独自のカスタムイメージを使用したい場合は、CoreDNSを手動でアップグレードすることができます。スムーズなアップグレードのために役立つ[ガイドラインとウォークスルー](https://github.com/coredns/deployment/blob/master/kubernetes/Upgrading_CoreDNS.md)が用意されています。 -## CoreDNSのチューニング {#tuning-coredns} +`CoreDNS`のみをアップグレードしたい場合や、独自のカスタムイメージを使用したい場合は、`CoreDNS`を手動でアップグレードすることができます。 +スムーズなアップグレードのために役立つ[ガイドラインとウォークスルー](https://github.com/coredns/deployment/blob/master/kubernetes/Upgrading_CoreDNS.md)が用意されています。 +クラスタをアップグレードする際には、既存の`CoreDNS`設定("Corefile")が保持されていることを確認してください。 -リソース使用率が問題になる場合は、CoreDNSの設定を調整すると役立つ場合があります。詳細は、[CoreDNSのスケーリングに関するドキュメント](https://github.com/coredns/deployment/blob/master/kubernetes/Scaling_CoreDNS.md)を参照してください。 +`kubeadm`ツールを使用してクラスタをアップグレードしている場合、`kubeadm`は既存のCoreDNSの設定を自動的に保持する処理を行うことができます。 +## CoreDNSのチューニング {#tuning-coredns} +リソース使用率が問題になる場合は、CoreDNSの設定を調整すると役立つ場合があります。 +詳細は、[CoreDNSのスケーリングに関するドキュメント](https://github.com/coredns/deployment/blob/master/kubernetes/Scaling_CoreDNS.md)を参照してください。 ## {{% heading "whatsnext" %}} -[CoreDNS](https://coredns.io)は、`Corefile`を変更することで、kube-dnsよりも多くのユースケースをサポートするように設定することができます。詳細は[CoreDNSサイト](https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/)を参照してください。 +[CoreDNS](https://coredns.io)は、`Corefile`を変更することで、`kube-dns`よりも多くのユースケースをサポートするように設定することができます。 +詳細はKubernetes CoreDNSプラグインの[ドキュメント](https://coredns.io/plugins/kubernetes/)を参照するか、[CoreDNSブログ](https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/)を参照してください。 From a45d7fe2d30a1e2ca63b7c4cd9ba111701667d2e Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Thu, 2 Mar 2023 17:14:27 +0100 Subject: [PATCH 319/537] Add blog post about forensic container analysis Co-authored-by: Tim Bannister Signed-off-by: Adrian Reber --- .../index.md | 373 ++++++++++++++++++ 1 file changed, 373 insertions(+) create mode 100644 content/en/blog/_posts/2023-03-10-forensic-container-analysis/index.md diff --git a/content/en/blog/_posts/2023-03-10-forensic-container-analysis/index.md b/content/en/blog/_posts/2023-03-10-forensic-container-analysis/index.md new file mode 100644 index 0000000000000..7edff1196a2f7 --- /dev/null +++ b/content/en/blog/_posts/2023-03-10-forensic-container-analysis/index.md @@ -0,0 +1,373 @@ +--- +layout: blog +title: "Forensic container analysis" +date: 2023-03-10 +slug: forensic-container-analysis +--- + +**Authors:** Adrian Reber (Red Hat) + +In my previous article, [Forensic container checkpointing in +Kubernetes][forensic-blog], I introduced checkpointing in Kubernetes +and how it has to be setup and how it can be used. The name of the +feature is Forensic container checkpointing, but I did not go into +any details how to do the actual analysis of the checkpoint created by +Kubernetes. In this article I want to provide details how the +checkpoint can be analyzed. + +Checkpointing is still an alpha feature in Kubernetes and this article +wants to provide a preview how the feature might work in the future. + +## Preparation + +Details about how to configure Kubernetes and the underlying CRI implementation +to enable checkpointing support can be found in my [Forensic container +checkpointing in Kubernetes][forensic-blog] article. + +As an example I prepared a container image (`quay.io/adrianreber/counter:blog`) +which I want to checkpoint and then analyze in this article. This container allows +me to create files in the container and also store information in memory which +I later want to find in the checkpoint. + +To run that container I need a pod, and for this example I am using the following Pod manifest: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: counters +spec: + containers: + - name: counter + image: quay.io/adrianreber/counter:blog +``` + +This results in a container called `counter` running in a pod called `counters`. + +Once the container is running I am performing following actions with that +container: + +```console +$ kubectl get pod counters --template '{{.status.podIP}}' +10.88.0.25 +$ curl 10.88.0.25:8088/create?test-file +$ curl 10.88.0.25:8088/secret?RANDOM_1432_KEY +$ curl 10.88.0.25:8088 +``` + +The first access creates a file called `test-file` with the content `test-file` +in the container and the second access stores my secret information +(`RANDOM_1432_KEY`) somewhere in the container's memory. The last access just +adds an additional line to the internal log file. + +The last step before I can analyze the checkpoint it to tell Kubernetes to create +the checkpoint. As described in the previous article this requires access to the +*kubelet* only `checkpoint` API endpoint. + +For a container named *counter* in a pod named *counters* in a namespace named +*default* the *kubelet* API endpoint is reachable at: + +```shell +# run this on the node where that Pod is executing +curl -X POST "https://localhost:10250/checkpoint/default/counters/counter" +``` + +For completeness the following `curl` command-line options are necessary to +have `curl` accept the *kubelet*'s self signed certificate and authorize the +use of the *kubelet* `checkpoint` API: + +```shell +--insecure --cert /var/run/kubernetes/client-admin.crt --key /var/run/kubernetes/client-admin.key +``` + +Once the checkpointing has finished the checkpoint should be available at +`/var/lib/kubelet/checkpoints/checkpoint-_--.tar` + +In the following steps of this article I will use the name `checkpoint.tar` +when analyzing the checkpoint archive. + +## Checkpoint archive analysis using `checkpointctl` + +To get some initial information about the checkpointed container I am using the +tool [checkpointctl][checkpointctl] like this: + +```console +$ checkpointctl show checkpoint.tar --print-stats ++-----------+----------------------------------+--------------+---------+---------------------+--------+------------+------------+-------------------+ +| CONTAINER | IMAGE | ID | RUNTIME | CREATED | ENGINE | IP | CHKPT SIZE | ROOT FS DIFF SIZE | ++-----------+----------------------------------+--------------+---------+---------------------+--------+------------+------------+-------------------+ +| counter | quay.io/adrianreber/counter:blog | 059a219a22e5 | runc | 2023-03-02T06:06:49 | CRI-O | 10.88.0.23 | 8.6 MiB | 3.0 KiB | ++-----------+----------------------------------+--------------+---------+---------------------+--------+------------+------------+-------------------+ +CRIU dump statistics ++---------------+-------------+--------------+---------------+---------------+---------------+ +| FREEZING TIME | FROZEN TIME | MEMDUMP TIME | MEMWRITE TIME | PAGES SCANNED | PAGES WRITTEN | ++---------------+-------------+--------------+---------------+---------------+---------------+ +| 100809 us | 119627 us | 11602 us | 7379 us | 7800 | 2198 | ++---------------+-------------+--------------+---------------+---------------+---------------+ +``` + +This gives me already some information about the checkpoint in that checkpoint +archive. I can see the name of the container, information about the container +runtime and container engine. It also lists the size of the checkpoint (`CHKPT +SIZE`). This is mainly the size of the memory pages included in the checkpoint, +but there is also information about the size of all changed files in the +container (`ROOT FS DIFF SIZE`). + +The additional parameter `--print-stats` decodes information in the checkpoint +archive and displays them in the second table (*CRIU dump statistics*). This +information is collected during checkpoint creation and gives an overview how much +time CRIU needed to checkpoint the processes in the container and how many +memory pages were analyzed and written during checkpoint creation. + +## Digging deeper + +With the help of `checkpointctl` I am able to get some high level information +about the checkpoint archive. To be able to analyze the checkpoint archive +further I have to extract it. The checkpoint archive is a *tar* archive and can +be extracted with the help of `tar xf checkpoint.tar`. + +Extracting the checkpoint archive will result in following files and directories: + +* `bind.mounts` - this file contains information about bind mounts and is needed + during restore to mount all external files and directories at the right location +* `checkpoint/` - this directory contains the actual checkpoint as created by + CRIU +* `config.dump` and `spec.dump` - these files contain metadata about the container + which is needed during restore +* `dump.log` - this file contains the debug output of CRIU created during + checkpointing +* `stats-dump` - this file contains the data which is used by `checkpointctl` + to display dump statistics (`--print-stats`) +* `rootfs-diff.tar` - this file contains all changed files on the container's + file-system + +### File-system changes - `rootfs-diff.tar` + +The first step to analyze the container's checkpoint further is to look at +the files that have changed in my container. This can be done by looking at the +file `rootfs-diff.tar`: + +```console +$ tar xvf rootfs-diff.tar +home/counter/logfile +home/counter/test-file +``` + +Now the files that changed in the container can be studied: + +```console +$ cat home/counter/logfile +10.88.0.1 - - [02/Mar/2023 06:07:29] "GET /create?test-file HTTP/1.1" 200 - +10.88.0.1 - - [02/Mar/2023 06:07:40] "GET /secret?RANDOM_1432_KEY HTTP/1.1" 200 - +10.88.0.1 - - [02/Mar/2023 06:07:43] "GET / HTTP/1.1" 200 - +$ cat home/counter/test-file +test-file  +``` + +Compared to the container image (`quay.io/adrianreber/counter:blog`) this +container is based on, I can see that the file `logfile` contains information +about all access to the service the container provides and the file `test-file` +was created just as expected. + +With the help of `rootfs-diff.tar` it is possible to inspect all files that +were created or changed compared to the base image of the container. + +### Analyzing the checkpointed processes - `checkpoint/` + +The directory `checkpoint/` contains data created by CRIU while checkpointing +the processes in the container. The content in the directory `checkpoint/` +consists of different [image files][image-files] which can be analyzed with the +help of the tool [CRIT][crit] which is distributed as part of CRIU. + +First lets get an overview of the processes inside of the container: + +```console +$ crit show checkpoint/pstree.img | jq .entries[].pid +1 +7 +8 +``` + +This output means that I have three processes inside of the container's PID +namespace with the PIDs: 1, 7, 8 + +This is only the view from the inside of the container's PID namespace. During +restore exactly these PIDs will be recreated. From the outside of the +container's PID namespace the PIDs will change after restore. + +The next step is to get some additional information about these three processes: + +```console +$ crit show checkpoint/core-1.img | jq .entries[0].tc.comm +"bash" +$ crit show checkpoint/core-7.img | jq .entries[0].tc.comm +"counter.py" +$ crit show checkpoint/core-8.img | jq .entries[0].tc.comm +"tee" +``` + +This means the three processes in my container are `bash`, `counter.py` (a Python +interpreter) and `tee`. For details about the parent child relations of these processes there +is more data to be analyzed in `checkpoint/pstree.img`. + +Let's compare the so far collected information to the still running container: + +```console +$ crictl inspect --output go-template --template "{{(index .info.pid)}}" 059a219a22e56 +722520 +$ ps auxf | grep -A 2 722520 +fedora 722520 \_ bash -c /home/counter/counter.py 2>&1 | tee /home/counter/logfile +fedora 722541 \_ /usr/bin/python3 /home/counter/counter.py +fedora 722542 \_ /usr/bin/coreutils --coreutils-prog-shebang=tee /usr/bin/tee /home/counter/logfile +$ cat /proc/722520/comm +bash +$ cat /proc/722541/comm +counter.py +$ cat /proc/722542/comm +tee +``` + +In this output I am first retrieving the PID of the first process in the +container and then I am looking for that PID and child processes on the system +where the container is running. I am seeing three processes and the first one is +"bash" which is PID 1 inside of the containers PID namespace. Then I am looking +at `/proc//comm` and I can find the exact same value +as in the checkpoint image. + +Important to remember is that the checkpoint will contain the view from within the +container's PID namespace because that information is important to restore the +processes. + +One last example of what `crit` can tell us about the container is the information +about the UTS namespace: + +```console +$ crit show checkpoint/utsns-12.img +{ + "magic": "UTSNS", + "entries": [ + { + "nodename": "counters", + "domainname": "(none)" + } + ] +} +``` + +This tells me that the hostname inside of the UTS namespace is `counters`. + +For every resource CRIU collected during checkpointing the `checkpoint/` +directory contains corresponding image files which can be analyzed with the help +of `crit`. + +#### Looking at the memory pages + +In addition to the information from CRIU that can be decoded with the help +of CRIT, there are also files containing the raw memory pages written by +CRIU to disk: + +```console +$ ls checkpoint/pages-* +checkpoint/pages-1.img checkpoint/pages-2.img checkpoint/pages-3.img +``` + +When I initially used the container I stored a random key (`RANDOM_1432_KEY`) +somewhere in the memory. Let see if I can find it: + +```console +$ grep -ao RANDOM_1432_KEY checkpoint/pages-* +checkpoint/pages-2.img:RANDOM_1432_KEY +``` + +And indeed, there is my data. This way I can easily look at the content +of all memory pages of the processes in the container, but it is also +important to remember that anyone that can access the checkpoint +archive has access to all information that was stored in the memory of the +container's processes. + +#### Using gdb for further analysis + +Another possibility to look at the checkpoint images is `gdb`. The CRIU repository +contains the script [coredump][criu-coredump] which can convert a checkpoint +into a coredump file: + +```console +$ /home/criu/coredump/coredump-python3 +$ ls -al core* +core.1 core.7 core.8 +``` + +Running the `coredump-python3` script will convert the checkpoint images into +one coredump file for each process in the container. Using `gdb` I can also look +at the details of the processes: + +```console +$ echo info registers | gdb --core checkpoint/core.1 -q + +[New LWP 1] + +Core was generated by `bash -c /home/counter/counter.py 2>&1 | tee /home/counter/logfile'. + +#0 0x00007fefba110198 in ?? () +(gdb) +rax 0x3d 61 +rbx 0x8 8 +rcx 0x7fefba11019a 140667595587994 +rdx 0x0 0 +rsi 0x7fffed9c1110 140737179816208 +rdi 0xffffffff 4294967295 +rbp 0x1 0x1 +rsp 0x7fffed9c10e8 0x7fffed9c10e8 +r8 0x1 1 +r9 0x0 0 +r10 0x0 0 +r11 0x246 582 +r12 0x0 0 +r13 0x7fffed9c1170 140737179816304 +r14 0x0 0 +r15 0x0 0 +rip 0x7fefba110198 0x7fefba110198 +eflags 0x246 [ PF ZF IF ] +cs 0x33 51 +ss 0x2b 43 +ds 0x0 0 +es 0x0 0 +fs 0x0 0 +gs 0x0 0 +``` + +In this example I can see the value of all registers as they were during +checkpointing and I can also see the complete command-line of my container's PID +1 process: `bash -c /home/counter/counter.py 2>&1 | tee /home/counter/logfile` + +## Summary + +With the help of container checkpointing, it is possible to create a +checkpoint of a running container without stopping the container and without the +container knowing that it was checkpointed. The result of checkpointing a +container in Kubernetes is a checkpoint archive; using different tools like +`checkpointctl`, `tar`, `crit` and `gdb` the checkpoint can be analyzed. Even +with simple tools like `grep` it is possible to find information in the +checkpoint archive. + +The different examples I have shown in this article how to analyze a checkpoint +are just the starting point. Depending on your requirements it is possible to +look at certain things in much more detail, but this article should give you an +introduction how to start the analysis of your checkpoint. + +## How do I get involved? + +You can reach SIG Node by several means: + +* Slack: [#sig-node][slack-sig-node] +* Slack: [#sig-security][slack-sig-security] +* [Mailing list][sig-node-ml] + +[forensic-blog]: https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/ +[checkpointctl]: https://github.com/checkpoint-restore/checkpointctl +[image-files]: https://criu.org/Images +[crit]: https://criu.org/CRIT +[slack-sig-node]: https://kubernetes.slack.com/messages/sig-node +[slack-sig-security]: https://kubernetes.slack.com/messages/sig-security +[sig-node-ml]: https://groups.google.com/forum/#!forum/kubernetes-sig-node +[criu-coredump]: https://github.com/checkpoint-restore/criu/tree/criu-dev/coredump From 4db706cff7ebe43fe550454352796727ec860a48 Mon Sep 17 00:00:00 2001 From: Arhell Date: Wed, 8 Mar 2023 00:41:57 +0200 Subject: [PATCH 320/537] [pt] Change shell to console for code snippet --- .../configure-pod-container/configure-volume-storage.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md index 8687c19ab7485..e0cbfa57a2bce 100644 --- a/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md +++ b/content/pt-br/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -49,7 +49,7 @@ reinicie. Aqui está o arquivo de configuração para o pod: A saída se parece com isso: - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s ``` @@ -77,7 +77,7 @@ reinicie. Aqui está o arquivo de configuração para o pod: A saída é semelhante a esta: - ```shell + ```console USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND redis 1 0.1 0.1 33308 3828 ? Ssl 00:46 0:00 redis-server *:6379 root 12 0.0 0.0 20228 3020 ? Ss 00:47 0:00 /bin/bash @@ -95,7 +95,7 @@ reinicie. Aqui está o arquivo de configuração para o pod: 1. No seu terminal original, preste atenção nas mudanças no Pod do Redis. Eventualmente, você vai ver algo assim: - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s redis 0/1 Completed 0 6m From 6798680f99bbe2d9b4b779e567fbb4242a65a423 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Tue, 7 Mar 2023 19:30:02 +0100 Subject: [PATCH 321/537] Add link to checkpointing follow-up article Co-authored-by: Tim Bannister Signed-off-by: Adrian Reber --- .../2022-12-05-forensic-container-checkpointing/index.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/en/blog/_posts/2022-12-05-forensic-container-checkpointing/index.md b/content/en/blog/_posts/2022-12-05-forensic-container-checkpointing/index.md index 14293556a43ba..9cd3832e5f44d 100644 --- a/content/en/blog/_posts/2022-12-05-forensic-container-checkpointing/index.md +++ b/content/en/blog/_posts/2022-12-05-forensic-container-checkpointing/index.md @@ -207,3 +207,11 @@ and without losing the state of the containers in that Pod. You can reach SIG Node by several means: - Slack: [#sig-node](https://kubernetes.slack.com/messages/sig-node) - [Mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-node) + +## Further reading + +Please see the follow-up article [Forensic container +analysis][forensic-container-analysis] for details on how a container checkpoint +can be analyzed. + +[forensic-container-analysis]: /blog/2023/03/10/forensic-container-analysis/ From e7e4de3a0fdb154ee446999040b6fc31085ac533 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Wed, 8 Mar 2023 13:37:12 +0000 Subject: [PATCH 322/537] Added info for shortcode in style guide (#39764) * Add info for codenew shortcode in style guide Signed-off-by: Dipesh Rawat * Update content/en/docs/contribute/style/style-guide.md Co-authored-by: Tim Bannister * Addressed feedback comments Signed-off-by: Dipesh Rawat * Update content/en/docs/contribute/style/hugo-shortcodes/index.md Co-authored-by: Brad Topol * Update content/en/docs/contribute/style/hugo-shortcodes/index.md Co-authored-by: Brad Topol --------- Signed-off-by: Dipesh Rawat Co-authored-by: Tim Bannister Co-authored-by: Brad Topol --- .../contribute/style/hugo-shortcodes/index.md | 27 +++++++++++++++++++ .../en/docs/contribute/style/style-guide.md | 1 + 2 files changed, 28 insertions(+) diff --git a/content/en/docs/contribute/style/hugo-shortcodes/index.md b/content/en/docs/contribute/style/hugo-shortcodes/index.md index 2d751f73f30c0..a6ba992ee785b 100644 --- a/content/en/docs/contribute/style/hugo-shortcodes/index.md +++ b/content/en/docs/contribute/style/hugo-shortcodes/index.md @@ -271,6 +271,33 @@ Renders to: {{< tab name="JSON File" include="podtemplate.json" />}} {{< /tabs >}} +### Source code files + +You can use the `{{}}` shortcode to embed the contents of file in a code block to allow users to download or copy its content to their clipboard. This shortcode is used when the contents of the sample file is generic and reusable, and you want the users to try it out themselves. + +This shortcode takes in two named parameters: `language` and `file`. The mandatory parameter `file` is used to specify the path to the file being displayed. The optional parameter `language` is used to specify the programming language of the file. If the `language` parameter is not provided, the shortcode will attempt to guess the language based on the file extension. + +For example: + +```none +{{}} +``` + +The output is: + +{{< codenew language="yaml" file="application/deployment-scale.yaml" >}} + +When adding a new sample file, such as a YAML file, create the file in one of the `/examples/` subdirectories where `` is the language for the page. In the markdown of your page, use the `codenew` shortcode: + +```none +{{/example-yaml>" */>}} +``` +where `` is the path to the sample file to include, relative to the `examples` directory. The following shortcode references a YAML file located at `/content/en/examples/configmap/configmaps.yaml`. + +```none +{{}} +``` + ## Third party content marker Running Kubernetes requires third-party software. For example: you diff --git a/content/en/docs/contribute/style/style-guide.md b/content/en/docs/contribute/style/style-guide.md index dce6eb291ff30..c7f020a5fc1a2 100644 --- a/content/en/docs/contribute/style/style-guide.md +++ b/content/en/docs/contribute/style/style-guide.md @@ -631,4 +631,5 @@ These steps ... | These simple steps ... * Learn about [writing a new topic](/docs/contribute/style/write-new-topic/). * Learn about [using page templates](/docs/contribute/style/page-content-types/). +* Learn about [custom hugo shortcodes](/docs/contribute/style/hugo-shortcodes/). * Learn about [creating a pull request](/docs/contribute/new-content/open-a-pr/). From 08aaa3fce587ae988af7c8912ddfd98509e6d269 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Wed, 8 Mar 2023 14:51:08 +0100 Subject: [PATCH 323/537] Add February patch releases to the calendar MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- data/releases/schedule.yaml | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/data/releases/schedule.yaml b/data/releases/schedule.yaml index 61d186ef8f0e8..df51c5a73af92 100644 --- a/data/releases/schedule.yaml +++ b/data/releases/schedule.yaml @@ -4,10 +4,15 @@ schedules: maintenanceModeStartDate: 2023-12-28 endOfLifeDate: 2024-02-28 next: - release: 1.26.2 - cherryPickDeadline: 2023-02-10 - targetDate: 2023-02-15 + release: 1.26.3 + cherryPickDeadline: 2023-03-10 + targetDate: 2023-03-15 previousPatches: + - release: 1.26.2 + cherryPickDeadline: 2023-02-10 + targetDate: 2023-02-15 + note: >- + [Some container images might be **unsigned** due to a temporary issue with the promotion process](https://groups.google.com/a/kubernetes.io/g/dev/c/MwSx761slM0/m/4ajkeUl0AQAJ) - release: 1.26.1 cherryPickDeadline: 2023-01-13 targetDate: 2023-01-18 @@ -19,10 +24,15 @@ schedules: maintenanceModeStartDate: 2023-08-28 endOfLifeDate: 2023-10-28 next: - release: 1.25.7 - cherryPickDeadline: 2023-02-10 - targetDate: 2023-02-15 + release: 1.25.8 + cherryPickDeadline: 2023-03-10 + targetDate: 2023-03-15 previousPatches: + - release: 1.25.7 + cherryPickDeadline: 2023-02-10 + targetDate: 2023-02-15 + note: >- + [Some container images might be **unsigned** due to a temporary issue with the promotion process](https://groups.google.com/a/kubernetes.io/g/dev/c/MwSx761slM0/m/4ajkeUl0AQAJ) - release: 1.25.6 cherryPickDeadline: 2023-01-13 targetDate: 2023-01-18 @@ -53,10 +63,15 @@ schedules: maintenanceModeStartDate: 2023-05-28 endOfLifeDate: 2023-07-28 next: - release: 1.24.11 - cherryPickDeadline: 2023-02-10 - targetDate: 2023-02-15 + release: 1.24.12 + cherryPickDeadline: 2023-03-10 + targetDate: 2023-03-15 previousPatches: + - release: 1.24.11 + cherryPickDeadline: 2023-02-10 + targetDate: 2023-02-15 + note: >- + [Some container images might be **unsigned** due to a temporary issue with the promotion process](https://groups.google.com/a/kubernetes.io/g/dev/c/MwSx761slM0/m/4ajkeUl0AQAJ) - release: 1.24.10 cherryPickDeadline: 2023-01-13 targetDate: 2023-01-18 From d86e129d6aae75df945ea55246208d49735a9338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Wed, 8 Mar 2023 14:51:47 +0100 Subject: [PATCH 324/537] Mark 1.23 as EOL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- data/releases/eol.yaml | 3 ++ data/releases/schedule.yaml | 66 ------------------------------------- 2 files changed, 3 insertions(+), 66 deletions(-) diff --git a/data/releases/eol.yaml b/data/releases/eol.yaml index 64e6306a26ff9..401c871946651 100644 --- a/data/releases/eol.yaml +++ b/data/releases/eol.yaml @@ -1,4 +1,7 @@ branches: + - release: "1.23" + finalPatchRelease: "1.23.17" + endOfLifeDate: 2023-02-28 - release: "1.22" finalPatchRelease: "1.22.17" endOfLifeDate: 2022-12-08 diff --git a/data/releases/schedule.yaml b/data/releases/schedule.yaml index df51c5a73af92..c1cc1a8af052d 100644 --- a/data/releases/schedule.yaml +++ b/data/releases/schedule.yaml @@ -109,69 +109,3 @@ schedules: - release: 1.24.0 cherryPickDeadline: "" targetDate: 2022-05-03 -- release: 1.23 - releaseDate: 2021-12-07 - maintenanceModeStartDate: 2022-12-28 - endOfLifeDate: 2023-02-28 - next: - release: 1.23.17 - cherryPickDeadline: 2023-02-10 - targetDate: 2023-02-15 - previousPatches: - - release: 1.23.16 - cherryPickDeadline: 2023-01-13 - targetDate: 2023-01-18 - - release: 1.23.15 - cherryPickDeadline: 2022-12-02 - targetDate: 2022-12-08 - - release: 1.23.14 - cherryPickDeadline: 2022-11-04 - targetDate: 2022-11-09 - - release: 1.23.13 - cherryPickDeadline: 2022-10-07 - targetDate: 2022-10-12 - - release: 1.23.12 - cherryPickDeadline: 2022-09-20 - targetDate: 2022-09-21 - note: >- - [Out-of-Band release to fix the regression introduced in 1.23.11](https://groups.google.com/a/kubernetes.io/g/dev/c/tA6LNOQTR4Q/m/zL73maPTAQAJ) - - release: 1.23.11 - cherryPickDeadline: 2022-09-09 - targetDate: 2022-09-14 - note: >- - [Regression](https://groups.google.com/a/kubernetes.io/g/dev/c/tA6LNOQTR4Q/m/zL73maPTAQAJ) - - release: 1.23.10 - cherryPickDeadline: 2022-08-12 - targetDate: 2022-08-17 - - release: 1.23.9 - cherryPickDeadline: 2022-07-08 - targetDate: 2022-07-13 - - release: 1.23.8 - cherryPickDeadline: 2022-06-10 - targetDate: 2022-06-15 - - release: 1.23.7 - cherryPickDeadline: 2022-05-20 - targetDate: 2022-05-24 - - release: 1.23.6 - cherryPickDeadline: 2022-04-08 - targetDate: 2022-04-13 - - release: 1.23.5 - cherryPickDeadline: 2022-03-11 - targetDate: 2022-03-16 - - release: 1.23.4 - cherryPickDeadline: 2022-02-11 - targetDate: 2022-02-16 - - release: 1.23.3 - cherryPickDeadline: 2022-01-24 - targetDate: 2022-01-25 - note: >- - [Out-of-Band Release](https://groups.google.com/a/kubernetes.io/g/dev/c/Xl1sm-CItaY) - - release: 1.23.2 - cherryPickDeadline: 2022-01-14 - targetDate: 2022-01-19 - - release: 1.23.1 - cherryPickDeadline: 2021-12-14 - targetDate: 2021-12-16 - - release: 1.23.0 - cherryPickDeadline: "" - targetDate: 2021-12-07 From 5cf475c0b7fc879ac9ce80bd1f21a408befb0784 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Wed, 8 Mar 2023 14:53:54 +0100 Subject: [PATCH 325/537] Add release dates for May and June MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- content/en/releases/patch-releases.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/releases/patch-releases.md b/content/en/releases/patch-releases.md index dc80e19baf225..874193f3283e9 100644 --- a/content/en/releases/patch-releases.md +++ b/content/en/releases/patch-releases.md @@ -78,9 +78,10 @@ releases may also occur in between these. | Monthly Patch Release | Cherry Pick Deadline | Target date | | --------------------- | -------------------- | ----------- | -| February 2023 | 2023-02-10 | 2023-02-15 | | March 2023 | 2023-03-10 | 2023-03-15 | | April 2023 | 2023-04-07 | 2023-04-12 | +| May 2023 | 2023-05-12 | 2023-05-17 | +| June 2023 | 2023-06-09 | 2023-06-14 | ## Detailed Release History for Active Branches From dc201c53807cc9d61932d150d85376f84cb9e939 Mon Sep 17 00:00:00 2001 From: marianogg9 Date: Wed, 8 Mar 2023 17:16:46 +0100 Subject: [PATCH 326/537] fixed translation typo in finalizers.md Signed-off-by: marianogg9 --- .../docs/concepts/overview/working-with-objects/finalizers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/es/docs/concepts/overview/working-with-objects/finalizers.md b/content/es/docs/concepts/overview/working-with-objects/finalizers.md index 04404f1e70cac..95a68f7852b57 100644 --- a/content/es/docs/concepts/overview/working-with-objects/finalizers.md +++ b/content/es/docs/concepts/overview/working-with-objects/finalizers.md @@ -46,7 +46,7 @@ previene el borrado accidental de objetos `PersistentVolume`. Cuando un objeto Cuando el Pod deja de utilizar el `PersistentVolume`, Kubernetes borra el finalizador `pv-protection` y el controlador borra el volumen. -## Referencias de dueño, etiquetas y finalizadores (#dueños-etiquetas-finalizadores) +## Referencias de dueño, etiquetas y finalizadores (#owners-labels-finalizers) Al igual que las {{}}, las [referencias de dueño](/docs/concepts/overview/working-with-objects/owners-dependents/) From 4b883eb10078304cf97eee18001b53323ddb94b7 Mon Sep 17 00:00:00 2001 From: ystkfujii Date: Wed, 8 Mar 2023 02:52:38 +0900 Subject: [PATCH 327/537] Clarify API version stability and guidelines --- .../docs/concepts/overview/kubernetes-api.md | 16 ++++++++++--- content/ja/docs/reference/using-api/_index.md | 23 ++++++++++--------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/content/ja/docs/concepts/overview/kubernetes-api.md b/content/ja/docs/concepts/overview/kubernetes-api.md index 5b6388a306adf..4fb0b6ec5a3da 100644 --- a/content/ja/docs/concepts/overview/kubernetes-api.md +++ b/content/ja/docs/concepts/overview/kubernetes-api.md @@ -145,7 +145,9 @@ APIの発展や拡張を簡易に行えるようにするため、Kubernetesは[ APIリソースは、APIグループ、リソースタイプ、ネームスペース(namespacedリソースのための)、名前によって区別されます。APIサーバーは、APIバージョン間の変換を透過的に処理します。すべてのバージョンの違いは、実際のところ同じ永続データとして表現されます。APIサーバーは、同じ基本的なデータを複数のAPIバージョンで提供することができます。 -例えば、同じリソースで`v1`と`v1beta1`の2つのバージョンが有ることを考えてみます。`v1beta1`バージョンのAPIを利用しオブジェクトを最初に作成したとして、`v1beta1`もしくは`v1`どちらのAPIバージョンを利用してもオブジェクトのread、update、deleteができます。 +例えば、同じリソースで`v1`と`v1beta1`の2つのバージョンが有ることを考えてみます。 +`v1beta1`バージョンのAPIを利用しオブジェクトを最初に作成したとして、`v1beta1`バージョンが非推奨となり削除されるまで、`v1beta1`もしくは`v1`どちらのAPIバージョンを利用してもオブジェクトのread、update、deleteができます。 +その時点では `v1` APIを使用してオブジェクトの修正やアクセスを継続することが可能です。 ## APIの変更 @@ -156,10 +158,18 @@ Kubernetesプロジェクトは、既存のクライアントとの互換性を 基本的に、新しいAPIリソースと新しいリソースフィールドは追加することができます。 リソースまたはフィールドを削除するには、[API非推奨ポリシー](/docs/reference/using-api/deprecation-policy/)に従ってください。 -Kubernetesは、公式のKubernetes APIが一度一般提供(GA)に達した場合、通常は`v1`APIバージョンです、互換性を維持することを強い責任があります。さらに、Kubernetesは _beta_ についても可能な限り互換性を維持し続けます。ベータAPIを採用した場合、その機能が安定版になったあとでも、APIを利用してクラスタを操作し続けることができます。 +Kubernetesは、公式のKubernetes APIが一度一般提供(GA)に達した場合、通常は`v1`APIバージョンです、互換性を維持することを強い責任があります。 +さらに、Kubernetesは、公式Kubernetes APIの _beta_ APIバージョン経由で永続化されたデータとの互換性を維持します。 +そして、機能が安定したときにGA APIバージョン経由でデータを変換してアクセスできることを保証します。 + +beta APIを採用した場合、APIが卒業(Graduate)したら、後続のbetaまたはstable APIに移行する必要があります。 +これを行うのに最適な時期は、オブジェクトが両方のAPIバージョンから同時にアクセスできるbeta APIが非推奨期間です。 +beta APIが非推奨期間を終えて提供されなくなったら、代替APIバージョンを使用する必要があります。 {{< note >}} -Kubernetesは、 _alpha_ APIバージョンについても互換性の維持に注力しますが、いくつかの事情により不可である場合もあります。アルファAPIバージョンを使っている場合、クラスタのアップグレードやAPIが変更された場合に備えて、Kubernetesのリリースノートを確認してください。 +Kubernetesは、 _alpha_ APIバージョンについても互換性の維持に注力しますが、いくつかの事情により不可である場合もあります。 +alpha APIバージョンを使っている場合、クラスターをアップグレードする時にKubernetesのリリースノートを確認してください。 +アップグレードのために既存のalphaオブジェクトをすべて削除する必要がある互換性の無い方法でAPIが変更される場合があります。 {{< /note >}} APIバージョンレベルの定義に関する詳細は[APIバージョンのリファレンス](/docs/reference/using-api/#api-versioning)を参照してください。 diff --git a/content/ja/docs/reference/using-api/_index.md b/content/ja/docs/reference/using-api/_index.md index 543b78b2c84a9..caad234abbd01 100644 --- a/content/ja/docs/reference/using-api/_index.md +++ b/content/ja/docs/reference/using-api/_index.md @@ -14,7 +14,7 @@ card: このセクションでは、Kubernetes APIのリファレンス情報を提供します。 REST APIはKubernetesの基本的な構造です。 -すべての操作とコンポーネント間のと通信、および外部ユーザーのコマンドは、REST API呼び出しでありAPIサーバーが処理します。 +すべての操作とコンポーネント間の通信、および外部ユーザーのコマンドは、REST API呼び出しでありAPIサーバーが処理します。 その結果、Kubernetesプラットフォーム内のすべてのものは、APIオブジェクトとして扱われ、[API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)に対応するエントリーがあります。 @@ -38,30 +38,31 @@ APIのバージョンが異なると、安定性やサポートのレベルも 各レベルの概要は以下の通りです: - Alpha: - - バージョン名に「alpha」が含まれています(例:「v1alpha1」)。 + - バージョン名に`alpha`が含まれています(例:`v1alpha1`)。 + - 組み込みのalpha APIバージョンはデフォルトで無効化されており、使用するためには`kube-apiserver`の設定で明示的に有効にする必要があります。 - バグが含まれている可能性があります。 機能を有効にするとバグが露呈する可能性があります。 - 機能がデフォルトで無効になっている可能性があります。 - - ある機能のサポートは、予告なしにいつでも中止される可能性があります。 + - alpha APIのサポートは、予告なしにいつでも中止される可能性があります。 - 後にリリースされるソフトウェアで、互換性のない方法で予告なく変更される可能性があります。 - バグのリスクが高く、長期的なサポートが得られないため、短期間のテストクラスターのみでの使用を推奨します。 - Beta: - バージョン名には `beta` が含まれています(例:`v2beta3`)。 + - 組み込みのbeta APIバージョンはデフォルトで無効化されており、使用するためには`kube-apiserver`の設定で明示的に有効にする必要があります。 + (**例外として**Kubernetes 1.22以前に導入されたAPIのbetaバージョンはデフォルトで有効化されています) + - 組み込みのbeta APIバージョンは、導入から非推奨となるまでが9ヶ月または3マイナーリリース(どちらかの長い期間)、そして非推奨から削除まで9ヶ月または3マイナーリリース(どちらかの長い期間)の最大存続期間を持ちます。 - ソフトウェアは十分にテストされています。 機能を有効にすることは安全であると考えられています。 - 機能はデフォルトで有効になっています。 - 機能のサポートが打ち切られることはありませんが、詳細は変更される可能性があります。 - - オブジェクトのスキーマやセマンティクスは、その後のベータ版や安定版のリリースで互換性のない方法で変更される可能性があります。 + - オブジェクトのスキーマやセマンティクスは、その後のベータ版や安定版のAPIバージョンで互換性のない方法で変更される可能性があります。 このような場合には、移行手順が提供されます。 - スキーマの変更に伴い、APIオブジェクトの削除、編集、再作成が必要になる場合があります。 - 編集作業は単純ではないかもしれません。 + 後続のbetaまたはstable APIバージョンに適応することはAPIオブジェクトの編集や再作成が必要になる場合があり、単純ではないかもしれません。 移行に伴い、その機能に依存しているアプリケーションのダウンタイムが必要になる場合があります。 - 本番環境での使用は推奨しません。 - 後続のリリース は、互換性のない変更を導入する可能性があります。 - 独立してアップグレード可能な複数のクラスターがある場合、この制限を緩和できる可能性があります。 + 後続のリリースは、互換性のない変更を導入する可能性があります。 + beta APIが非推奨となり提供されなくなった際には、後続のbetaまたはstable APIバージョンに移行するためにbeta APIバージョンを使用する必要があります。 {{< note >}} ベータ版の機能をお試しいただき、ご意見をお寄せください。 @@ -70,7 +71,7 @@ APIのバージョンが異なると、安定性やサポートのレベルも - Stable: - バージョン名は `vX` であり、`X` は整数である。 - - 安定版の機能は、リリースされたソフトウェアの中で、その後の多くのバージョンに登場します。 + - stable APIバージョンはKubernetesのメジャーバージョン内の全てのリリースで利用可能であり、stable APIを削除したKubernetesのメジャーバージョンリビジョンの計画は現在ありません。 ## APIグループ From fbace4202de162c960c2562ef75bd01928a14f66 Mon Sep 17 00:00:00 2001 From: ystkfujii Date: Thu, 9 Mar 2023 03:24:06 +0900 Subject: [PATCH 328/537] Sync glossary/service.md --- content/ja/docs/concepts/services-networking/service.md | 2 +- content/ja/docs/reference/glossary/service.md | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/content/ja/docs/concepts/services-networking/service.md b/content/ja/docs/concepts/services-networking/service.md index 7506c3b4b6a79..ce9b44419e702 100644 --- a/content/ja/docs/concepts/services-networking/service.md +++ b/content/ja/docs/concepts/services-networking/service.md @@ -12,7 +12,7 @@ weight: 10 -{{< glossary_definition term_id="service" length="short" >}} +{{< glossary_definition term_id="service" length="short" prepend="KubernetesにおけるServiceとは、" >}} Kubernetesでは、なじみのないサービスディスカバリーのメカニズムを使用するためにユーザーがアプリケーションの修正をする必要はありません。 KubernetesはPodにそれぞれのIPアドレス割り振りや、Podのセットに対する単一のDNS名を提供したり、それらのPodのセットに対する負荷分散が可能です。 diff --git a/content/ja/docs/reference/glossary/service.md b/content/ja/docs/reference/glossary/service.md index 304e781b53e3c..0ae5f9460a3de 100644 --- a/content/ja/docs/reference/glossary/service.md +++ b/content/ja/docs/reference/glossary/service.md @@ -5,16 +5,18 @@ date: 2018-04-12 full_link: /ja/docs/concepts/services-networking/service/ short_description: > Podの集合で実行されているアプリケーションをネットワークサービスとして公開する方法。 - -aka: tags: - fundamental - core-object --- -{{< glossary_tooltip text="Pod" term_id="pod" >}}の集合で実行されているアプリケーションをネットワークサービスとして公開する抽象的な方法です。 +クラスター内で1つ以上の{{< glossary_tooltip text="Pod" term_id="pod" >}}として実行されているネットワークアプリケーションを公開する方法です。 Serviceが対象とするPodの集合は、(通常){{< glossary_tooltip text="セレクター" term_id="selector" >}}によって決定されます。 Podを追加または削除するとセレクターにマッチしているPodの集合は変更されます。 Serviceは、ネットワークトラフィックが現在そのワークロードを処理するPodの集合に向かうことを保証します。 + +Kubernetesサービスは、IPネットワーキング(IPv4、IPv6、またはその両方)を使用するか、ドメインネームシステム(DNS)でExternal Nameを参照します。 + +Serviceの抽象化により、IngressやGatewayなどの他のメカニズムが可能になります。 \ No newline at end of file From 8a55837f796dcbfa69b7d8b40eff71ce56202e29 Mon Sep 17 00:00:00 2001 From: Arhell Date: Thu, 9 Mar 2023 00:21:44 +0200 Subject: [PATCH 329/537] [id] Change shell to console for code snippet --- .../configure-pod-container/configure-volume-storage.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/id/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/id/docs/tasks/configure-pod-container/configure-volume-storage.md index 2da9cebcdabe3..02d664d530457 100644 --- a/content/id/docs/tasks/configure-pod-container/configure-volume-storage.md +++ b/content/id/docs/tasks/configure-pod-container/configure-volume-storage.md @@ -41,7 +41,7 @@ yang tetap bertahan, meski Container berakhir dan dimulai ulang. Berikut berkas Hasil keluaran seperti ini: - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s ``` @@ -69,7 +69,7 @@ yang tetap bertahan, meski Container berakhir dan dimulai ulang. Berikut berkas Keluarannya mirip seperti ini: - ```shell + ```console USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND redis 1 0.1 0.1 33308 3828 ? Ssl 00:46 0:00 redis-server *:6379 root 12 0.0 0.0 20228 3020 ? Ss 00:47 0:00 /bin/bash @@ -86,7 +86,7 @@ yang tetap bertahan, meski Container berakhir dan dimulai ulang. Berikut berkas 2. Di dalam terminal awal, amati perubahan terhadap Pod Redis. Sampai akhirnya kamu akan melihat hal seperti ini: - ```shell + ```console NAME READY STATUS RESTARTS AGE redis 1/1 Running 0 13s redis 0/1 Completed 0 6m From 0064a0b3f9da167654735492ca28b4c888d523bd Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Thu, 9 Mar 2023 09:47:04 +0900 Subject: [PATCH 330/537] Update content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md Co-authored-by: Toshiaki Inukai <82919057+t-inu@users.noreply.github.com> --- .../ja/docs/concepts/scheduling-eviction/assign-pod-node.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md index 4404abd8762ae..6377b8540836a 100644 --- a/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/ja/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -325,6 +325,12 @@ Podアンチアフィニティを使用する理由は他にもあります。 - 指定されたNodeがPodを収容するためのリソースを持っていない場合、Podの起動は失敗し、OutOfmemoryやOutOfcpuなどの理由が表示されます。 - クラウド環境におけるNode名は、常に予測可能で安定したものではありません。 +{{< note >}} +`nodeName`は、カスタムスケジューラーや、設定済みのスケジューラーをバイパスする必要がある高度なユースケースで使用することを目的としています。 +スケジューラーをバイパスすると、割り当てられたNodeに過剰なPodの配置をしようとした場合には、Podの起動に失敗することがあります。 +[Nodeアフィニティ](#node-affinity)または[`nodeSelector`フィールド](#nodeselector)を使用すれば、スケジューラーをバイパスせずに、特定のNodeにPodを割り当てることができます。 +{{}} + 以下は、`nodeName`フィールドを使用したPod仕様(spec)の例になります: ```yaml From 05d117d5340d2d580cd4aeb5f423aee808f1e78b Mon Sep 17 00:00:00 2001 From: s-kawamura-w664 Date: Wed, 8 Mar 2023 01:07:15 +0000 Subject: [PATCH 331/537] [ja] Remove content/ja/docs/reference/kubectl/overview.md --- .../manage-deployment.md | 2 +- .../api-extension/custom-resources.md | 2 +- .../docs/concepts/overview/kubernetes-api.md | 2 +- content/ja/docs/reference/_index.md | 2 +- content/ja/docs/reference/glossary/kubectl.md | 19 + content/ja/docs/reference/kubectl/_index.md | 492 +++++++++++++++++- .../ja/docs/reference/kubectl/cheatsheet.md | 4 +- content/ja/docs/reference/kubectl/overview.md | 485 ----------------- .../setup/learning-environment/minikube.md | 2 +- .../production-environment/tools/kops.md | 2 +- .../tools/kubeadm/create-cluster-kubeadm.md | 2 +- .../windows/user-guide-windows-containers.md | 2 +- .../ja/docs/tasks/tools/install-kubectl.md | 2 +- content/ja/docs/tutorials/hello-minikube.md | 2 +- 14 files changed, 522 insertions(+), 498 deletions(-) create mode 100644 content/ja/docs/reference/glossary/kubectl.md delete mode 100644 content/ja/docs/reference/kubectl/overview.md diff --git a/content/ja/docs/concepts/cluster-administration/manage-deployment.md b/content/ja/docs/concepts/cluster-administration/manage-deployment.md index 35def1de1269e..280dda204660a 100644 --- a/content/ja/docs/concepts/cluster-administration/manage-deployment.md +++ b/content/ja/docs/concepts/cluster-administration/manage-deployment.md @@ -157,7 +157,7 @@ deployment.apps/my-deployment created persistentvolumeclaim/my-pvc created ``` -`kubectl`についてさらに知りたい場合は、[kubectlの概要](/ja/docs/reference/kubectl/overview/)を参照してください。 +`kubectl`についてさらに知りたい場合は、[コマンドラインツール(kubectl)](/ja/docs/reference/kubectl/)を参照してください。 ## ラベルを有効に使う diff --git a/content/ja/docs/concepts/extend-kubernetes/api-extension/custom-resources.md b/content/ja/docs/concepts/extend-kubernetes/api-extension/custom-resources.md index 9fea0905c6ec9..1679d2929f0d0 100644 --- a/content/ja/docs/concepts/extend-kubernetes/api-extension/custom-resources.md +++ b/content/ja/docs/concepts/extend-kubernetes/api-extension/custom-resources.md @@ -18,7 +18,7 @@ weight: 10 *カスタムリソース* は、Kubernetes APIの拡張で、デフォルトのKubernetesインストールでは、必ずしも利用できるとは限りません。つまりそれは、特定のKubernetesインストールのカスタマイズを表します。しかし、今現在、多数のKubernetesのコア機能は、カスタムリソースを用いて作られており、Kubernetesをモジュール化しています。 -カスタムリソースは、稼働しているクラスターに動的に登録され、現れたり、消えたりし、クラスター管理者はクラスター自体とは無関係にカスタムリソースを更新できます。一度、カスタムリソースがインストールされると、ユーザーは[kubectl](/ja/docs/reference/kubectl/overview/)を使い、ビルトインのリソースである *Pods* と同じように、オブジェクトを作成、アクセスすることが可能です。 +カスタムリソースは、稼働しているクラスターに動的に登録され、現れたり、消えたりし、クラスター管理者はクラスター自体とは無関係にカスタムリソースを更新できます。一度、カスタムリソースがインストールされると、ユーザーは[kubectl](/ja/docs/reference/kubectl/)を使い、ビルトインのリソースである *Pods* と同じように、オブジェクトを作成、アクセスすることが可能です。 ## カスタムコントローラー diff --git a/content/ja/docs/concepts/overview/kubernetes-api.md b/content/ja/docs/concepts/overview/kubernetes-api.md index 5b6388a306adf..5f9f03bcdf30d 100644 --- a/content/ja/docs/concepts/overview/kubernetes-api.md +++ b/content/ja/docs/concepts/overview/kubernetes-api.md @@ -18,7 +18,7 @@ APIサーバーは、エンドユーザー、クラスターのさまざまな Kubernetes APIを使用すると、Kubernetes API内のオブジェクトの状態をクエリで操作できます(例:Pod、Namespace、ConfigMap、Events)。 -ほとんどの操作は、APIを使用している[kubectl](/docs/reference/kubectl/overview/)コマンドラインインターフェースもしくは[kubeadm](/docs/reference/setup-tools/kubeadm/)のような別のコマンドラインツールを通して実行できます。 +ほとんどの操作は、APIを使用している[kubectl](/ja/docs/reference/kubectl/)コマンドラインインターフェースもしくは[kubeadm](/docs/reference/setup-tools/kubeadm/)のような別のコマンドラインツールを通して実行できます。 RESTコールを利用して直接APIにアクセスすることも可能です。 Kubernetes APIを利用してアプリケーションを書いているのであれば、[client libraries](/docs/reference/using-api/client-libraries/)の利用を考えてみてください。 diff --git a/content/ja/docs/reference/_index.md b/content/ja/docs/reference/_index.md index cafca8fe448a6..3940d23f429eb 100644 --- a/content/ja/docs/reference/_index.md +++ b/content/ja/docs/reference/_index.md @@ -30,7 +30,7 @@ content_type: concept ## CLIリファレンス -* [kubectl](/ja/docs/reference/kubectl/overview/) - コマンドの実行やKubernetesクラスターの管理に使う主要なCLIツールです。 +* [kubectl](/ja/docs/reference/kubectl/) - コマンドの実行やKubernetesクラスターの管理に使う主要なCLIツールです。 * [JSONPath](/ja/docs/reference/kubectl/jsonpath/) - kubectlで[JSONPath記法](https://goessner.net/articles/JsonPath/)を使うための構文ガイドです。 * [kubeadm](/ja/docs/reference/setup-tools/kubeadm/) - セキュアなKubernetesクラスターを簡単にプロビジョニングするためのCLIツールです。 diff --git a/content/ja/docs/reference/glossary/kubectl.md b/content/ja/docs/reference/glossary/kubectl.md new file mode 100644 index 0000000000000..ff7796060bd61 --- /dev/null +++ b/content/ja/docs/reference/glossary/kubectl.md @@ -0,0 +1,19 @@ +--- +title: Kubectl +id: kubectl +date: 2018-04-12 +full_link: /docs/reference/kubectl/ +short_description: > + Kubernetesクラスターと通信するためのコマンドラインツールです。 + +aka: +- kubectl +tags: +- tool +- fundamental +--- +Kubernetes APIを使用してKubernetesクラスターの{{< glossary_tooltip text="コントロールプレーン" term_id="control-plane" >}}と通信するためのコマンドラインツールです。 + + + +Kubernetesオブジェクトの作成、検査、更新、削除には `kubectl` を使用することができます。 diff --git a/content/ja/docs/reference/kubectl/_index.md b/content/ja/docs/reference/kubectl/_index.md index 6738659218c18..bceb521c2fa9f 100644 --- a/content/ja/docs/reference/kubectl/_index.md +++ b/content/ja/docs/reference/kubectl/_index.md @@ -1,5 +1,495 @@ --- -title: "kubectl CLI" +title: コマンドラインツール(kubectl) +content_type: reference weight: 110 +no_list: true +card: + name: reference + weight: 20 --- + +{{< glossary_definition prepend="Kubernetesが提供する、" term_id="kubectl" length="short" >}} + +このツールの名前は、`kubectl` です。 + +`kubectl`コマンドラインツールを使うと、Kubernetesクラスターを制御できます。環境設定のために、`kubectl`は、`$HOME/.kube`ディレクトリにある`config`という名前のファイルを探します。他の[kubeconfig](/ja/docs/concepts/configuration/organize-cluster-access-kubeconfig/)ファイルは、`KUBECONFIG`環境変数を設定するか、[`--kubeconfig`](/docs/concepts/configuration/organize-cluster-access-kubeconfig/)フラグを設定することで指定できます。 + +この概要では、`kubectl`の構文を扱い、コマンド操作を説明し、一般的な例を示します。サポートされているすべてのフラグやサブコマンドを含め、各コマンドの詳細については、[kubectl](/docs/reference/generated/kubectl/kubectl-commands/)リファレンスドキュメントを参照してください。 + +インストール方法については、[kubectlのインストールおよびセットアップ](/ja/docs/tasks/tools/install-kubectl/)をご覧ください。クイックガイドは、[cheat sheet](/docs/reference/kubectl/cheatsheet/) をご覧ください。`docker`コマンドラインツールに慣れている方は、[`kubectl` for Docker Users](/docs/reference/kubectl/docker-cli-to-kubectl/) でKubernetesの同等のコマンドを説明しています。 + + + +## 構文 + +ターミナルウィンドウから`kubectl`コマンドを実行するには、以下の構文を使用します。 + +```shell +kubectl [command] [TYPE] [NAME] [flags] +``` + +ここで、`command`、`TYPE`、`NAME`、`flags`は、以下を表します。 + +* `command`: 1つ以上のリソースに対して実行したい操作を指定します。例えば、`create`、`get`、`describe`、`delete`です。 + +* `TYPE`: [リソースタイプ](#resource-types)を指定します。リソースタイプは大文字と小文字を区別せず、単数形や複数形、省略形を指定できます。例えば、以下のコマンドは同じ出力を生成します。 + + ```shell + kubectl get pod pod1 + kubectl get pods pod1 + kubectl get po pod1 + ``` + +* `NAME`: リソースの名前を指定します。名前は大文字と小文字を区別します。`kubectl get pods`のように名前が省略された場合は、すべてのリソースの詳細が表示されます。 + + 複数のリソースに対して操作を行う場合は、各リソースをタイプと名前で指定するか、1つまたは複数のファイルを指定することができます。 + + * リソースをタイプと名前で指定する場合 + + * タイプがすべて同じとき、リソースをグループ化するには`TYPE1 name1 name2 name<#>`とします。
    + 例: `kubectl get pod example-pod1 example-pod2` + + * 複数のリソースタイプを個別に指定するには、`TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#>`とします。
    + 例: `kubectl get pod/example-pod1 replicationcontroller/example-rc1` + + * リソースを1つ以上のファイルで指定する場合は、`-f file1 -f file2 -f file<#>`とします。 + + * 特に設定ファイルについては、YAMLの方がより使いやすいため、[JSONではなくYAMLを使用してください](/ja/docs/concepts/configuration/overview/#一般的な設定のtips)。
    + 例: `kubectl get pod -f ./pod.yaml` + +* `flags`: オプションのフラグを指定します。例えば、`-s`または`--server`フラグを使って、Kubernetes APIサーバーのアドレスやポートを指定できます。
    + +{{< caution >}} +コマンドラインから指定したフラグは、デフォルト値および対応する任意の環境変数を上書きします。 +{{< /caution >}} + +ヘルプが必要な場合は、ターミナルウィンドウから`kubectl help`を実行してください。 + +## 操作 + +以下の表に、`kubectl`のすべての操作の簡単な説明と一般的な構文を示します。 + +操作                 | 構文 | 説明 +-------------------- | -------------------- | -------------------- +`alpha`| `kubectl alpha SUBCOMMAND [flags]` | アルファ機能に該当する利用可能なコマンドを一覧表示します。これらの機能は、デフォルトではKubernetesクラスターで有効になっていません。 +`annotate` | kubectl annotate (-f FILENAME | TYPE NAME | TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags] | 1つ以上のリソースのアノテーションを、追加または更新します。 +`api-resources` | `kubectl api-resources [flags]` | 利用可能なAPIリソースを一覧表示します。 +`api-versions` | `kubectl api-versions [flags]` | 利用可能なAPIバージョンを一覧表示します。 +`apply` | `kubectl apply -f FILENAME [flags]`| ファイルまたは標準出力から、リソースの設定変更を適用します。 +`attach` | `kubectl attach POD -c CONTAINER [-i] [-t] [flags]` | 実行中のコンテナにアタッチして、出力ストリームを表示するか、コンテナ(標準入力)と対話します。 +`auth` | `kubectl auth [flags] [options]` | 認可を検査します。 +`autoscale` | kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU] [flags] | ReplicationControllerで管理されているPodのセットを、自動的にスケールします。 +`certificate` | `kubectl certificate SUBCOMMAND [options]` | 証明書のリソースを変更します。 +`cluster-info` | `kubectl cluster-info [flags]` | クラスター内のマスターとサービスに関するエンドポイント情報を表示します。 +`completion` | `kubectl completion SHELL [options]` | 指定されたシェル(bashまたはzsh)のシェル補完コードを出力します。 +`config` | `kubectl config SUBCOMMAND [flags]` | kubeconfigファイルを変更します。詳細は、個々のサブコマンドを参照してください。 +`convert` | `kubectl convert -f FILENAME [options]` | 異なるAPIバージョン間で設定ファイルを変換します。YAMLとJSONに対応しています。 +`cordon` | `kubectl cordon NODE [options]` | Nodeをスケジュール不可に設定します。 +`cp` | `kubectl cp [options]` | コンテナとの間でファイルやディレクトリをコピーします。 +`create` | `kubectl create -f FILENAME [flags]` | ファイルまたは標準出力から、1つ以上のリソースを作成します。 +`delete` | kubectl delete (-f FILENAME | TYPE [NAME | /NAME | -l label | --all]) [flags] | ファイル、標準出力、またはラベルセレクター、リソースセレクター、リソースを指定して、リソースを削除します。 +`describe` | kubectl describe (-f FILENAME | TYPE [NAME_PREFIX | /NAME | -l label]) [flags] | 1つ以上のリソースの詳細な状態を表示します。 +`diff` | `kubectl diff -f FILENAME [flags]`| ファイルまたは標準出力と、現在の設定との差分を表示します。 +`drain` | `kubectl drain NODE [options]` | メンテナンスの準備のためにNodeをdrainします。 +`edit` | kubectl edit (-f FILENAME | TYPE NAME | TYPE/NAME) [flags] | デファルトのエディタを使い、サーバー上の1つ以上のリソースリソースの定義を編集し、更新します。 +`exec` | `kubectl exec POD [-c CONTAINER] [-i] [-t] [flags] [-- COMMAND [args...]]` | Pod内のコンテナに対して、コマンドを実行します。 +`explain` | `kubectl explain [--recursive=false] [flags]` | 様々なリソースのドキュメントを取得します。例えば、Pod、Node、Serviceなどです。 +`expose` | kubectl expose (-f FILENAME | TYPE NAME | TYPE/NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] [flags] | ReplicationController、Service、Podを、新しいKubernetesサービスとして公開します。 +`get` | kubectl get (-f FILENAME | TYPE [NAME | /NAME | -l label]) [--watch] [--sort-by=FIELD] [[-o | --output]=OUTPUT_FORMAT] [flags] | 1つ以上のリソースを表示します。 +`kustomize` | `kubectl kustomize [flags] [options]` | kustomization.yamlファイル内の指示から生成されたAPIリソースのセットを一覧表示します。引数はファイルを含むディレクトリのPath,またはリポジトリルートに対して同じ場所を示すパスサフィックス付きのgitリポジトリのURLを指定しなければなりません。 +`label` | kubectl label (-f FILENAME | TYPE NAME | TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags] | 1つ以上のリソースのラベルを、追加または更新します。 +`logs` | `kubectl logs POD [-c CONTAINER] [--follow] [flags]` | Pod内のコンテナのログを表示します。 +`options` | `kubectl options` | すべてのコマンドに適用されるグローバルコマンドラインオプションを一覧表示します。 +`patch` | kubectl patch (-f FILENAME | TYPE NAME | TYPE/NAME) --patch PATCH [flags] | Strategic Merge Patchの処理を使用して、リソースの1つ以上のフィールドを更新します。 +`plugin` | `kubectl plugin [flags] [options]` | プラグインと対話するためのユーティリティを提供します。 +`port-forward` | `kubectl port-forward POD [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N] [flags]` | 1つ以上のローカルポートを、Podに転送します。 +`proxy` | `kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [flags]` | Kubernetes APIサーバーへのプロキシーを実行します。 +`replace` | `kubectl replace -f FILENAME` | ファイルや標準出力から、リソースを置き換えます。 +`rollout` | `kubectl rollout SUBCOMMAND [options]` | リソースのロールアウトを管理します。有効なリソースには、Deployment、DaemonSetとStatefulSetが含まれます。 +`run` | kubectl run NAME --image=image [--env="key=value"] [--port=port] [--dry-run=server|client|none] [--overrides=inline-json] [flags] | 指定したイメージを、クラスタ上で実行します。 +`scale` | kubectl scale (-f FILENAME | TYPE NAME | TYPE/NAME) --replicas=COUNT [--resource-version=version] [--current-replicas=count] [flags] | 指定したReplicationControllerのサイズを更新します。 +`set` | `kubectl set SUBCOMMAND [options]` | アプリケーションリソースを設定します。 +`taint` | `kubectl taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N [options]` | 1つ以上のNodeのtaintを更新します。 +`top` | `kubectl top [flags] [options]` | リソース(CPU/メモリー/ストレージ)の使用量を表示します。 +`uncordon` | `kubectl uncordon NODE [options]` | Nodeをスケジュール可に設定します。 +`version` | `kubectl version [--client] [flags]` | クライアントとサーバーで実行中のKubernetesのバージョンを表示します。 +`wait` | kubectl wait ([-f FILENAME] | resource.group/resource.name | resource.group [(-l label | --all)]) [--for=delete|--for condition=available] [options] | 実験中の機能: 1つ以上のリソースが特定の状態になるまで待ちます。 + +コマンド操作について詳しく知りたい場合は、[kubectl](/docs/reference/kubectl/kubectl/)リファレンスドキュメントを参照してください。 + +## リソースタイプ {#resource-types} + +以下の表に、サポートされているすべてのリソースと、省略されたエイリアスの一覧を示します。 + +(この出力は`kubectl api-resources`から取得でき、Kubernetes 1.13.3時点で正確でした。) + +| リソース名 | 短縮名 | APIグループ | 名前空間に属するか | リソースの種類 | +|---|---|---|---|---| +| `bindings` | | | true | Binding| +| `componentstatuses` | `cs` | | false | ComponentStatus | +| `configmaps` | `cm` | | true | ConfigMap | +| `endpoints` | `ep` | | true | Endpoints | +| `limitranges` | `limits` | | true | LimitRange | +| `namespaces` | `ns` | | false | Namespace | +| `nodes` | `no` | | false | Node | +| `persistentvolumeclaims` | `pvc` | | true | PersistentVolumeClaim | +| `persistentvolumes` | `pv` | | false | PersistentVolume | +| `pods` | `po` | | true | Pod | +| `podtemplates` | | | true | PodTemplate | +| `replicationcontrollers` | `rc` | | true| ReplicationController | +| `resourcequotas` | `quota` | | true | ResourceQuota | +| `secrets` | | | true | Secret | +| `serviceaccounts` | `sa` | | true | ServiceAccount | +| `services` | `svc` | | true | Service | +| `mutatingwebhookconfigurations` | | admissionregistration.k8s.io | false | MutatingWebhookConfiguration | +| `validatingwebhookconfigurations` | | admissionregistration.k8s.io | false | ValidatingWebhookConfiguration | +| `customresourcedefinitions` | `crd`, `crds` | apiextensions.k8s.io | false | CustomResourceDefinition | +| `apiservices` | | apiregistration.k8s.io | false | APIService | +| `controllerrevisions` | | apps | true | ControllerRevision | +| `daemonsets` | `ds` | apps | true | DaemonSet | +| `deployments` | `deploy` | apps | true | Deployment | +| `replicasets` | `rs` | apps | true | ReplicaSet | +| `statefulsets` | `sts` | apps | true | StatefulSet | +| `tokenreviews` | | authentication.k8s.io | false | TokenReview | +| `localsubjectaccessreviews` | | authorization.k8s.io | true | LocalSubjectAccessReview | +| `selfsubjectaccessreviews` | | authorization.k8s.io | false | SelfSubjectAccessReview | +| `selfsubjectrulesreviews` | | authorization.k8s.io | false | SelfSubjectRulesReview | +| `subjectaccessreviews` | | authorization.k8s.io | false | SubjectAccessReview | +| `horizontalpodautoscalers` | `hpa` | autoscaling | true | HorizontalPodAutoscaler | +| `cronjobs` | `cj` | batch | true | CronJob | +| `jobs` | | batch | true | Job | +| `certificatesigningrequests` | `csr` | certificates.k8s.io | false | CertificateSigningRequest | +| `leases` | | coordination.k8s.io | true | Lease | +| `events` | `ev` | events.k8s.io | true | Event | +| `ingresses` | `ing` | extensions | true | Ingress | +| `networkpolicies` | `netpol` | networking.k8s.io | true | NetworkPolicy | +| `poddisruptionbudgets` | `pdb` | policy | true | PodDisruptionBudget | +| `podsecuritypolicies` | `psp` | policy | false | PodSecurityPolicy | +| `clusterrolebindings` | | rbac.authorization.k8s.io | false | ClusterRoleBinding | +| `clusterroles` | | rbac.authorization.k8s.io | false | ClusterRole | +| `rolebindings` | | rbac.authorization.k8s.io | true | RoleBinding | +| `roles` | | rbac.authorization.k8s.io | true | Role | +| `priorityclasses` | `pc` | scheduling.k8s.io | false | PriorityClass | +| `csidrivers` | | storage.k8s.io | false | CSIDriver | +| `csinodes` | | storage.k8s.io | false | CSINode | +| `storageclasses` | `sc` | storage.k8s.io | false | StorageClass | +| `volumeattachments` | | storage.k8s.io | false | VolumeAttachment | + +## 出力オプション + +ある特定のコマンドの出力に対してフォーマットやソートを行う方法については、以下の節を参照してください。どのコマンドが様々な出力オプションをサポートしているかについては、[kubectl](/docs/reference/kubectl/kubectl/)リファレンスドキュメントをご覧ください。 + +### 出力のフォーマット + +すべての`kubectl`コマンドのデフォルトの出力フォーマットは、人間が読みやすいプレーンテキスト形式です。特定のフォーマットで、詳細をターミナルウィンドウに出力するには、サポートされている`kubectl`コマンドに`-o`または`--output`フラグのいずれかを追加します。 + +#### 構文 + +```shell +kubectl [command] [TYPE] [NAME] -o +``` + +`kubectl`の操作に応じて、以下の出力フォーマットがサポートされています。 + +出力フォーマット | 説明 +--------------| ----------- +`-o custom-columns=` | [カスタムカラム](#custom-columns)のコンマ区切りのリストを使用して、テーブルを表示します。 +`-o custom-columns-file=` | ``ファイル内の[カスタムカラム](#custom-columns)のテンプレートを使用して、テーブルを表示します。 +`-o json` | JSON形式のAPIオブジェクトを出力します。 +`-o jsonpath=
    {{ T "cve_table" }} {{ printf (T "cve_table_date_format_string") ($feed._kubernetes_io.updated_at | time.Format (T "cve_table_date_format")) }}

    _=jb2y!4I7E3sB;`|&A^ugU`DOBBB1f)w|;BepIZxOUQG{>%JH*HaYocSm<7Nt zw_#a)6|FfYQaJxvRLQKDv+adv@s-EZFG-u^X)$}{ z&pzwd=EF7%D!hydMH$(X%2t{x85d6F z(4^+i{$_dlF7T32aYS+HjP5e}WMXo>Yx4=RrtKlvkbxW-efo9ryhr6|YFN#8eQeKT zo^vVZd51%2^~!J4#nCG~mO;rVP*$cXcMz7G^Bnb<{iF@zSbq+0KA5|Kx~hcf6)6+&CF$YE6&WTuv{}Y}oo(l3nNFqdgAAS6;#|E>C*q*9jn{V_OQzj>qP=BAT z*$XIRC?pIb?cQSo|G>ZM64~+toUkK0!7z-~rv&N6rK8O+*M9r5HyT9x28?;n0W5vI=X93i%!W{4( z(RvXt;kN#J%!DjSnWjxltC8o^QC6e1*Jd&C9g$HE$q(QPf2s5ngj%Aa_}Y&RDI*lS zoyCCWnqC#A&t7FYGXk3JA*3{d9uxMh=YP1FycaPR0xui}tS&RC$ZQ4x8e;4nR@ne< zp2BJ==jkH1~%vd(vRfG~Qe69x|z9-jUw zDodAe`zjh88QF{feS7XFfeE-xe9PTgM5P#e*ieCo*}+?D|75GkmtO*AYt=5G))?tR zmIV5>_9Mz@c?v3iKM-J**TOXQC0WBVtQd=CcN-l4sny1nH_#01}8_5Y7kN_r)+_WngMRs?s{ z-y=Yizja^m*}&KX;C0VcvgU!}e@wvF^mJO^qu+0SESa=N!~k>fpASlxenemiY}HIo zSNj~gT(+ovkjQK&C3PzAnQeB!4P|B;IxwDiS&tfqQqYQ?=;6poXW6)|Yd+KU?zKcY z4Zc#2&+S}{h!A!~-4V4vFX)EP@p;~NgnX+1#rV!GL( zhYSjRUwwbq+x<>i3$iuv`M*Qyfd*clyR5{Cy~{OjD?!TkS{ny?%mwn(>FMR?e-Y_5 zXXikejSirH(ZZXHEw=A&7D$n~cdt4wZfT4CNyb6HofaRPDNMUtJwyFqSH^vJ>J7Th zSFfKI9?9@r?cxR+HGJ5bG|Wah|@Tz zhuaC-V@xkbHZIjsm%To8y_mQqba-6X%PX_C`U!RBg$XfNk$w#5&U-6VY2f-)_-ZCy zJ~!z2+kq@|z`h8*sKW$*1nAFr>@-*xij-!5HzaI(p-G2+^-eY5G6FIKqyJ)3p0Tpl z_z2sH3VZDu3`uM-82Rrj0ePDAzPZSV`S9Wk%mX$YCML0Q^iMY*= zIiQ0^j>ok7Z9xK8a2@;ZDm>ug=6oeKKXhL`Y>Pa(dA0=1KIE0Mi20ANL8@x%Cna7P z`nX3M6Bw5;B|mCN`-2CqNV#DsitFi*ALY0=63Z>O9#phsU6)>^(3iEoBZZ0|^L z5OE~`FNDa$stLnm60*QU&U-P#QhCi+y5lIRsI<0PBQ6pTR6{~TPPa=YRTruvl7`im z$C1>|3wnln=g@Ify+1pe;UaMnmKy!CIVfnKTKWn3q17;OTKL6A7r53Qn**IAY}3h= z2@%S2JNk|<6>p&bmP=33>nV;$LSS}`2>L1XUGK}ylEP2O`8C3yp$;ZLvkMre%3guc^(?jmUe?WNL@S~8Hnci)ZXB?Gqlli|gbI{3<;Cl{_@ zY^3yUYrNN%#Kzav?`tbcHs>l7zHAxt(NI_qaWq;IVwZ!ix-|pj+uXi9!^N0zWSnDH zKpn|J02dEt;{VC@!CpGDWMqYmnS;szMSf3~8OQDF%tBfljg7b8V7S}D<4GJeOhJiz zd;8as$MleTkG7f{xY%S2l#0W<8+-FW`1#CwiaIX*X@ZWMv4}RNAg(O=w%jnFW$?D^ ziDLFfCAZO0;rh#PjN`^jHRTs!WrR->NNZp5M8u8uRc(L{q`f|ME~X}&CHFd*=t!V- z-x&wjEgcQ`+I(>9Bv^hIy0dQk^tINBIED29t9b8F`X^Fzp$x8ht1Hf!M`{aQ+`~`5 z9r%*{yrau{{JD2?H3_tdoJ?rW{P6nPqv5-OU&#GTAYulWPDVbCm{);;Ji6t<>`zi( z|A>rah*0A|%-W{G!eDDB;d#gM;;Bj&(;g9xK^cU;SuxODX1Owhoy@`p1h&l9v0r4g zJ%PNsI^W{uM{1ImrhRaKmdmkvrx(-SYYq6F%6@46CM{{(v{`|y`P9l&Tf(Sh7W8s|Rih-9WntYA-i~gO;`@MM{`6O+{wZYru z*9!yJ6%$CS{y7{c+fW}JVti?Eg2F&m-Cxg!k0f+ziI=LZnvC%3pURFWBqU7YfMiG= z)$B^OnElZfz#!=BNIcR*Mum&Z(Y4kso$D)H?U*nUhuNPT95eLM(5v;PtHq>eMO_{2 zG)Jq$armfHcnUxV+b@r5|Gb*^y>2zd0yG|{U%QOhP_b9zHjYf~It9QkjdYa;AIv({ z=KwOfLP@;=Z!=xB>y@%J=T~82-dN}0f1{uEEW)-Ly<~nMr!1R9f}r*i(91KL#q0`S zFlCTAk>BA232u9mhEpqZ1TY+g%K*)ZxQ>SQ{s`Ys*U^gU=AIf#iR|M_e}ImehwE5- zKN&-*pqjio26GX0)PbEKfa!(7#wtK&+w(?b>uNb(Mde-QMmF4ZD!?o4>M3Gy@=4(O z5B}C=fPQ!H@^t7K43uB&cEE=dg0kJH9nAF)R}NC_pU(AN#S)<|?Nf#tX3K`L{r7*6 zS2B|9?zlZ@36cx&J6_EjhOU={#hm^=EbH?WM>lfo$d&}cmvpjWv3Zy0eAy0uKIDD* z6fUGJgMwW88n;0kb9b7Gx2u&BGtNl4>;Nmj7K?ELh(S zcH032uvq6z6!ssZsdmpRutE#R((S4Ilf&>_c zk?YDQMa@Hi^1HeM{PR9&&3iq&F5))O76oaO?&%@oMj(7otik8Z0JPfUjU|~ska&lk z*|mn|#gDgl8*NNdkaT+pnE!RqH$)NFr7yGZkt7%E=h0Q8H7MV8y2`79@1PPUz+0P$qb>W+m)zQk6x1k1V_Nn@`TWNIg*gjrYdiDE$gI_zT&iJIf*c#GbgZ9a z!y|gd{P@>5bk!e|%AVc^vXvgl+x75SghlTq(gld`3cZpUao2(O+4QeK_&i!aANV8K zm)X$YW$pzfH8uHsWtXXj!X0!-$tJfyXa%Com_e(RAEa^?2eE09K`XrI6hzYFHKJ+0 z%r0oMo1Ba+2}cJmEE@x;K)nMmN7$NV(l|(FtU$y1_|G_xUSll#lQf%^zv3Bvi1g+8 zah@?W@D4lsK8zn)9&q6a_W+L71O)Oks%ROGzBq-7ni`RyU`oNR&OfF)i}pTY_1}~H ztD}Km{MXZ>zks#_WJwe{rlw>N;KgTX|CQg}!&X%oi#&W2-HErR>n*t=w~|G=07C6|TJ3e8U?-fDfz zNvk0cR9ITz&pnR8EW&440e4@$b$_yzIaTwM`bho z3Kb)P;JeMvOPqEgf13}`@C)PYm@&QBF};DN(s`-ioJ1h+J z_WrI)?p}8Y>G2KVavvS-&S!#jqZa6~IytI#O_@VEz1XVybdXzf2UE4NYQCV;n?_4d z@OFm-u?%QuI=ixLbO$i7ZlymvEJ*K#3$?EHThkt_R_)py$kdTdFO?|XwH3g z1-=_}mHn(_WC)lQA>UC814pkfTe24?evq%Shm6lUMF`!K*X&Kf&lXgj+-_NL8_d? zISL!`1(l{_a*%X2j_`Re8o&p*!5Xbs@e&B$J?tVt*?CNX!GuFwByFJV!x6^*YfVls z6~_n?1lPj~)76xXg7$qkRQm^VdJfa>o z0s3SUzl#@)HVWYzS$)a=Y$c0~Uqmw0TFb^ph11XfY#B^!bUaP~K5)?M-dV!mv^ z^Wh4mi0(msba;T4x;?o8yXElNk5@Xv->%1j!Km~4Ad%c!sR-;?((#a{tpPSH%`Vf{I@CLTV%EuRPSK6RVuMB{qCM6@K zt9g2?4+gUa@_oR^2_u02_aorpnh#F=&^jTBbneLmQ!2?z+!_F~G= znsBusHy;#9CD*sRZVuQd@83i1Y5^X66kl69*LS2M9j8MsoSGV5Z5{W!Q2E!@LtR!?`%4kb zLK`jE1J|pJuQ&+WBdu| zlt)uk*dl3c`gX!3G9+gqJvNxh+G7RCfa%owWccJYaa){@@unZk?&QWpv``CjkS?b` zRFWCye_O|J>qobq7j)OB0&wKf;kCBb zElc&O<`h%&+%@3(5|dH}fj<#AU0P~g$&E+|NR8NS9;~DHcKGte8f^)I0{vNFO-dbj zf{liNiQOfzt!1`3S;h=Fh3($GDC5Ahu$|euT=!X%hz$)-UlIn}U%T+94eR|^inM0x zGaE_;>e;_X@^F)qlFr#de3Vt+ZxyaKbwtXoT>^sj;|m-3pPH@urSCyl3vRFsH4d}9 zyuN`Uj73mV2@qk{8}Pw7N3&;Y*u~_SgW=cbvtH76(-obTfoB1X#;EeQKyOs|T#)1h zN#y8oYDoThJ_Kx&Uezu?fW3CJn#9zc2gp)u$bz{gfYv)achZ3tN8=@-+(pQ@NIW#m z061Qt`}CvZ_rh^3L6c?y&(j}Fv~4y!vm>AN?xY-;9z#EXH8ZH75#MDYWG0kB`_h+a z2V51+(y()b-WAgMVSPdxpA}KwI6%fHyygqro2?h`&m2LX&rmSeuu|B%h4ykyFHT&p z9mFW8$l7y*I0ZoP*bA+k#c-^BK~b-rmc-jWlecv~*w0${4nkbCoWWVM4sQm# zBj}y8IoB0=du_XHxrtzI{vL4JgWVP)+aR#xF-O0*J0$Hh@VeEwHj6k@)Le*e(?whC zYW&h39?&Bv8`}lHlm|znZSZgE!812=OyEar?coouVfH-9&64~$6(ddvmsR-%IH=lJ-}C(l|9BQljl*U+MuuT})K z)zOyQgA^Dqv{?vDMew)YNZS&X>6I*>R|St@ynZMJLr;Jr8G=hTsXW)rpqGZETPOnj zE}v-l18K#(CyhfcY*0V<=2U;Kn#j}a{@oA^f|$dMleIA(_>n>wEEMaZ&-poBv@v>N zy@cMu9VC+Q>3)Ka)HZSgsIw)j%iJ%FC$EgQdW7iWQj{MCOlGJVxVSLGZIVdV5gR(2 zt(Gh^C9qBRE!RebE3k_tSm%@8mtdB*2}TUR0_fn5{h1mS9r;aw)h~Z!IuxtEam!_I z<>=RUFz&pRIb|%7muO-BDWFzD zgvAS|gY^1EU{bh@Ua^D-A0{A@Mo4v9`m&gfzd2|0yCjns$ z1dr&~*+(VC_|BC#p!tLdc@|xKSL(bspYzxG-zZqq>*W!bW%C|NNcOSYjD5T>)p$*a zYMLef+c%1T!UwIe+Vl*-BMu^!E--D#tLoREz~c_Cou?v8cZIOdDA!0zl21#7LfjI{ z@H`uyq@RqB`PW(*g~2X)Fk+!gmcAa%FEwt1Rj4{Iu~R(;(FOeDKvZ}|Pn{MsI9rSL z^RMF|OHy$5Biim4P2Q?r-WR{?8r!+^{bJHUXJ0exOc*0R6Mb%P(|rom-sCbEq{}mD z>)g>7=o8yfME?5MKMw$WMx7L}>VCHdA(;y`%~)%IA22h$rpsPlwHYC1giKyI>OENF z@y2Pe(6P-@y=Rhg-FnWqL)-|S#(Bjz+4YHpaYRc6wnSeZ`4o3Tph&#xmy4D zItVm9rT~y--Es5@K$`}M-M3{bycqa=zIbtP^6kv6bjM79E3p^Ocz#03Tn2%@MUK)UCbvGlSpp3R7TYbpkd1+i zAIFo%!$&q_x|cBiVuLF5{zT5N*)NY`<2Xh{;gb@5N~?FMva4tF;9t^&{5$c`LecmZ zSrXT>*uAk3n0e>Uc?@fh>TT#NByX>mu+=ZoiK`E8zxMUN=I;>`h071rW~#dA3esjx zmGp3gcv;>NvRyE=SpT9E4UY<4-mkjx8~+Xf8ws2@WB*Ox{hDPPIi!ioIc_a8CpL@} z$#NNWh)~a#9LZB5Wo2VKe!|MCsnteJKb`H+y(75HcNY42?zu=b{P~aC@<2mAj^sCE zlDG#ab21jzDbB;8ypfUB6SDn;MhC4?weyOPy#PI&2X!0+yqc?H;}hpM)_Z4 ze(987Rw{2gJXVetH zP9aC9cQ24%CQnYGjJDvE3an_5fb{NnJhw2*{b6tmDz`k4`E2JDTen6i^LWd3b6)KI zh(?c)?G*JpazZ^6*rRo<1NWO3?$EBcy0rX6!DjN4RTB|&44zTNCT@-~>IR?JqcB+6 zj%+$EAKe$ugnysrj4wES>Y}^nP4u2JU@>OkL;dOKGfd2xkrovSS4O^xGT7Qd5tlkn zjjyHXO72X2Rqv1bM-HIxa9O=Yam?@N@_k3*U7aT+c&}Y-aCIRVTbNCMLU+fKRq{W$ z-?~F4QP?1Z!=S_=OnY>) zFA~U*Y#lx<)xzb1IH*eM?DdfHGr^E#p)Jvn4U~9>gk0;hC86Yzfftic*Zu*1O$GGR zSL!pTyw@D;aGN__rtDn3Q4d1fSy_oWcqi4Y-gMEw!>)3s3edHNwQf#W-H1r9z|HXA zx2vJ^cC?jh%wbe4{n16NbKOPnb|T#q#`b~Wr0co72_s}MU51X_;@Isp+&E%nBTrU>3Tcx zuzSJ=mD+&ncb+Km5b!+mG~gqxn`tz{Xns2ziC67R!OrO60oqvqt)`)UR8tL)IUi*SblEB z7S!qOD@WZ<`=hpS=xw-R-h66P4&y2ze9;6!lE{}9p*QB4wB_vbYC|4w$u~K|K)Ukz zF4ASL^mvW6-l~a;ih4tMH&5k%bAs@3ZQZ||5Fg_ChB_&kD==B8q+S{ae1%d%8M1JA zx6v@@`6}(3LD}R1OzuUN4x`U;9ITq8`2W{_Tz^F%Qh5kce! z_=I&PHMg7_O#T#~batLI9t0xg=H5+OA=Y;$k?&Gp4K%_Ti;dHss1-9KrKdtd{Kb;H zciJpOL4oMizRoa_CL;o5@IT;u<=gH**(GrhVvr~%j5(yM5{L&9==r@sPSU^_ZPN;X zstoLZE5r=7oGXPouP5LdSWxRWvrzz?vYunYYI3t*m`2KwL^FuQ7(xn1bwr_ za9*59?vo0bkqR;Hw~Ecr#73$TB3c^Kz*?8MnBy3TLKE!Iu#nixFed6oY7 z!PQ9CP%nKu(_}b7nOsD2M%oaY6Ulc&+?x`>@9u6=L;#ps+Qn;`=T9h2)IRdeVq;Znlb!HO3FQL&9PMtoH>BG;X8SSZ@*) zCH-`=`HwXWuYJwvgKo^y9}7KN&6L*dJjGWEk6^;)LcVyF4b_55ine`g;fB-N(T`)j z=WN8?A|@mO{*h92Z<|cNQ=9R?GdURW9FK+{%v2vETb19(zz_Yfg*}(=o#N8!RSTqe z?p*pfoH$aqL+YscIPevs zt^|XWDYX0Q*^aW8cjH_%95-sFoBBK$&JY2pCr!FgzO;n^ zg$(g8B~EXVqp%;|=0i->&B+gS>oe*PBEQ@@t`@e^H=25sc6=0YhhhSp2YCODYhi;v6N2S+zrbA~BF22dK}{ z!GJ93R^_aL#cHODkD4wjV&adJD*$19^V%v~CDDHbMhm}gGC3g~a@Et*p1aLfWZAt@ zuZA^K0^#0iD|6(nF_%|@M_A`PJO8}(Q5nI(eC(~pFtF~xgbumAm^CF8O3K#i2=UVF zRpn>-?lY*Kp+ns+>L(q>UNV*Kzz*9dG?$CaD;I}qqGU&|vDK7Yp3)SO-ol_J>q3}P z(hPjf|BW@r1n!cTl5%VKYozK^JvAnHDU<`Iq>I&qB{EyZ!Pb%vTJU=;+|(s=x}qc) zRz|Rq>@;Muo&RDA{5sBEN!p}#4PopmQTP z9}Ja@+Neq3xL){ff839ig|0t?aADu8`F||O*|5h8Dk$r*D%6nG^0^QvdQPs#tnQgTP~h5+bX-4bQ6 zE`3~AwE;CRhu2DON4g%fdecT-G%lXJ%re;k`-Ft>c5#p5uVrEnZuxO zg9?;)X@8#=4;LD0#z*t%nrPyCn=eye}U-dH?k45+D zk*;Sp*Um;4MgD2?a3nrJA*>O+^2jWKzX-km>=u-Ne4nk}c|Goj6)A?Bn5U&aiH{^9 zkWu%8V#Lt8NO0B>^V>0eo9ao`>q(Y28tB%9q&K*2KxBD2wuU8cSZQ9i1@d4_)Vyl! zHr6b;LCwqsV}oltVTY$LO1A9j>*u8!N{b@QbmY_%HdPYhb(Z$U1!<2^Hw&F^b=)ND zaw2A}zw1TmIBEQ4gSvL{;P*V(;&foG_n~mw%Wx1g-4CkQhE>cE0s0OQmQP@)3db+j6)$7&0-_g3Ob8KXd7IbW-NB-jf zy9OzsU15mlny0oha%Qqh@kvu5>(2)6ZTE-#PBe@C3&lzDMVa4jbKWE2wwmRwpSP)x zmMtC;+HEew-WT>7DVt<&4Q3RSOnt&nT6FB|v1z-J$KRBgWTd8;Ut?7FX0|2y^PIT- z(}m9GtGK#R1f#0uXnmJYkb!MA>iT5(T34W|+bJuaBP82Lp<>4R`ODD{^V2wRK?guf z0S`oJ7J-s!|074q`RljS+0#1FJRdjiYyG6BFWu-TiC+Ja;@@izG+tROnM5W6Hn+U~ zO2k0v)4TRTE!;N&PC&Lz8*lv6U8!6Z>nC_5?(=C0HbR0iV$r1_CC9Vxv*DzoqAgu} z(uo-afViMuS=q=Xf3x`e5p(l~!`Ah;VfxMu->=NK-5aOtWfMaDX{x@m3-6reD_0Q% z4!!G6)FaOVVvCDI9*|k0)yXXtly>amC+|5rU<9W!^Y8$d#hJ*_kXe#32v8<}(I`o+ z0%TAJKNWiv6_!%EH6omz(7N5x(Pda~<18$DeW#>)$#By=|%Z)j)aZR&`qcGN{1t?gSb#5#$Z z7Z3&J1QzjpmsToID*mnvWHo=tQ)N8DXE)IMzl!^_y{uCia!huMH$du<{&Zo42pHsy zO0wYr%pm&*W3~+KX~uLzXsO~Wmm=zLnITyuqh8?k4kswcJdYTzptN@-EsPVYQg)Bk zL%s+2o#nbAczGgc0X(8n$7Yz5jLe4R zd&4*lw1I?%UTk&$jMHY|L(agrPx`dZUB*Bj&HQGiom(>^Ra$-hyG~W{7JCBj=s`bb zWE2cJs(v>cjQCr4^fFp9~ zmXbglSm_xO>=|Tv=BGz__ZR%!_~|ykRH^H?uyxoJF5p*ao=}T)OunZnKbPCgqfs^diU{%19o-H@^eyl-pLRQQkE;aJgEjJC_IlhXV{zp4Pbinj>7_HzyT0|+`!Z}DN{f#LBh)=)7dRWUaVlR z_+5pqjn!3cjnXF}rX=PRTfE5c=0*PqWs#k0Dn&_zOGW?kB+rPf`-wmp_tocjWwI2)LJL5Lbmh=|!{1^NWd|y6BBn38vuvkRhQIWoJz=?L%$U_ftSP_0gBv^&FSBVQ={v zqEZbfoG8I+HIWzH@y^fg$oXfs>%<@_#^?H1Gj{B%do&bO$}!kDW{J0lYR^5%Xwcr| zz9u^#7DzaU=2%o1(TXJfAV|swczR`a$E8_*bg^P-85I(8+N-y2w#ni9)EEV-+0jEb zPF{!fS==j)DNP=D#hjrG5ndh56-)9-&61qmfYBqSG56hT6yOGQAXRFv+N9J)hE zX;_eO2$fQimhNs)kdC24V(1zAIpco5ujlvQ?z+ew*LBXj&UF*XUZJu5+WKOf6NFfr zd%;(fSvlF$h79GxLk(i&IGtV3X$zZJ$;3S!*KW613J?ta^(?kQ#_3&b$~7TAxUY?8 zn<7@#-+6S`!;>y|VY6NAjv{r3J=d$mOdAHepT>-{bw@Dlo@NBiI&l7~d2 zxsHUvq{F(rovO@yv)GecJFaab$VA@JmLz;N$D5|*2ZyLYR3aZ0;nfB58xG^xntuQ3gnUQf_bRzlGI8ae_!Nwd+8T z8S`shrA)lyo&3gGTbbwf*OcluznX11d9&KYZWWaICTx7%(kqvz@ZER}7_psI8z>g- z8$_L=`Rd|%x$wvaOTjBtt8LjVSw+r{=lBbKoFuv4^+`XO%jv^7j_da1u$*p?hVHZ) zUh+V)ssD2$?;-bxcGZke-DO(2>^?{9Wd(2XiHctT`Yaan_tK z_><|WE!GkTY~>Z+H*zqFY&QkoDb<-fjER1tBW;uNyTgHbOI)fGAQ-JByXohussWtp z%c5HUi?9P{XYyfL`IqkFP-XxHyar7E>(~n@vGJuJZx$Z9m}`fS+ZzdR`N@)Jr7y^4 zG=N6J*3`QcTFgANZCmEJvZ7=$@MHc<0t1b01G5R6cuqiCZC~@kwwjCGyQD&@@dE6T zz`;CHAW@S`Sxp)p;2J*X83juSx|i^n0#*~Qs|mOUCZ9)kEp}xTMuPu7 z{~034siHc&FTNu5VX`ue`A%x1nM3q@z2-&f;w?A&wp1>fSfm=OayTIcj@2og)ebc; zs0TS7yqc-rHj`hh9*9}B{UYWgomdBS_P9k?7%~4={EDTQ57xu$eda9$>Bj8Y>^|Md zd(%M+49-z-;GP40`YEz~XJxoVnzrQZeQip3@)bkLKc+`Sbl%xFw2rKlGaXL}gA=35 z8IS`jCvnx*^BB-hLo96^Mke zsq1BN%RFs7V0^Ox!joU28A!>dAg}d z25qr@(_7(eXk)z}Pghq^XcbuF;dON#v<+cXDyBob^On5gcLqCZ{AGZrO*gry0h#!}l&P`AJi$L==0lp`B|!Rgl}=NNTeq&d86 zVFo0SYi_Cni`A1Iu8dm^ls@R`0Q#1_1`tmB8VyKuHaV0YU2O=Ru8f#oR7$2Jjg#AK z64Yxw$TTNk_E7uDikNe%JaB$xoWeRG`+UlGvs~!5A5OXNkKRJYS+p$h$F(B%`hIDo zLP5zp`Y^}6%?A?Jl&2N%FzGvkjcVoYvvPqY%tbTM=%-Svg5h-m#cO-_i{EL*GJj}0 zSB<@iISNCHBY6Dq zb8SESb+Tb;6iXSboX!$8q!)Wv0|w1Z`pcO}|J0?{E}ivKd!HISJKL+3j8@BS&r(nq zH+QD643Pfhb&*NN8$8`{a9DmKs&2h0A$gR+--bxK#7n;LmBi*2pqkZhjBFp=qw4l3 z`0j#00BlvWko(db;17A%E5uJN zZHPCs>W?VB&Xeq@eDwSsAa||dflvakU)h>;Z1Y;Gpq|{A)J?8<)0m>+CmQ8}s^S-} z3^vNWyu^_0TU4=*7d=f`MSph+pbA5%y|ss4b?Bm^ofEMz2~ux~ti>%WF?_3^jHIo6e%3r% zgtVMKvbc9n7(U(TC++Up!KZh$b?J1(TP|V)m6?;$Ay938`PMBv{@D;Zvu0NVKw??F zmVI~1q!#Tb}jn{#z_cpi97P#Pq-Bwi1B zGa~X(6S!h1wQkF)O4UN1!hI@_O;#6=Eu#)kE5(AHt(XAzD!L549pEboFSQ?-Hmjzr z3)Tt79LJbDBOXFgwT~TR+>WCQ4%65E`I0o~<3)B#HaKEoi(Mq=`FC|(g24L_ulHYx ziPS4n8hh;0C#uDD3#OE74(?vTjf}qAoKE5Ob5p=(FBAy9efQh+c%!#;*1r zho>G9zXi=KYT^tha&F3Q679UWO<=D{uq3AA#fMvgy8 zFE&@_tGtIN9Xzjs*;2N&u{F7$i&2?t43n{IoU{Q$EJ{7ZU|f( ziE~t}Lp9ENwR&BaH`DV7?2_?EG@Gob&Ji;UuUv&kr167qub^zQQnapd^{KI_?7x3O z27WEEa_^5>H3Hli`26zhu&&s)HWGW`oyEF5s9oT*9I}l_*9R20>vH-bs;WfQkZ(cI z$d>P$wv?6wW_@~2&I3bc3R@8B!>niVEQ`T)+t*xDCwx5^&a;?a*6)9>caiw?&ZlTw zf2tKBk(jXAe_#8axa4_y2_F^fIG<`Pu)C=kP4R~rK$vGqilJrS8wt+mf~M!50Ggc$&J0>QET8(OSYvLYp43Z%a0|D@+jbc=3iIB;t!R{0MCUOb z(>c0|_#X<+6q}OsgetI=O*~!*x!U09liZlEeWpEAv?H#gIFTtsyvKV^Q3F4%_4T&{ z{swr#H|1?jH72Crvz4!oKESojyfsu@T#YikGB7^xeS1>W$wsI0G;kP!L$r?t=S3;1 z-Qur$yS&`;{6ee;RT|KT@~XA@;I?&^;zY-~@M%w^&4nM~c?X;!%)Z|Q%TSYyu^rD? z{n8jK1~Hr`Anw|)EEo!gqog$OZ=O31I83-~!K(%)l3$c2fw`!Tj<6+d#er?mBx5Vf zj*Dp9Zgy-KigvqY48x@}^yy$FymIl3?^@5JkuU}J z5en^}yY%vW^=}y1a6X}tmip=F;Sqzk`3;BjⅅR|$c@y&N>>8|={%3sZrW8Z#BeU${jxqXW7hMDiY^MVE^<;@rTKkDfT zGTZJFPCN$KDot_#x<|P0n;2YQ_|f||xCSxG-8&en9{YAFt2A95eL1f>%OYY}b&KmW zv28eIwMUIBvwut(vj-wRZWrH|OX1Iq$YA@MlH@^aOaDikuwUFZ2HNZ^D7rV$<|GEQ zN?QShLF$#>0#y(x5cbP`dlvj_Vr1Al%}h59)> z4Mm>wxwa?qe=EVyEvv7^Smz1}uhS=El4;sg(2FFA zEXoHPy0=@wyqn1WDh-PW$FRvg0kis-TJk?~#PG;2Q_n}hl>u9E$z^wg@)Fc?;@FN= zddh7AlvrX9E0ip|ak2Oj3leJ+I4E@~y--j{frS54i3PU|9PsUr-%gvyDHL4oqL z)o|<`TwTlUXWs1kWhlJ+>sMvaCuqQJz}Bdz==Qh8PPnmQ z$EK!aB(r*PQwRMe2NGDXi+Jhi&B*Xxy|@3t=3;R+|bqGm!T`krAuYlNFpht#Q5IQ zmH(hoscoJFa_9R>hlEof2kL92C3W4Y%(+gbFKld~)2&nuC!XWiykw~sy#a`LTl}Q#dT+B@{J^!0 z;adr*|2YWk%_6qs3R+Gj2#tF<9#pUAEq1$SvnS}g8>p|c)b>mdtqO0hC#-}s({^zo zT&}bAH-0>2aGQ=KIK&+7M0-jPnjdT7bgib%vbdjj%OA1-&4h`*JkDD1kk<$EAA&J% zFS~Fu(Eh6D!JnOz+9!`9T^^No!{!0ZbZyIo6#9T1*`yYyQ~HN-5L}H*29Ntb0yv6H zAoj7cb_|-J>kM_iAhC1k19$A7)>9u&+2gh`LtHO@sJ*;vhc01#6o_1PhK$>0WI%Fy znjf|6LPjE*a*>m2&;LK^F_3=Uh*bi`>AhldF`MvMroVj3snJ3p)EiZR zFxEfk{s{d(UKaLz|5b9!OCOZ*zf2@kSgT)R5Z4p!Ux~D2e3wa?41hgE*e|7mV$RI`udW9(ED6Pm;9$tFQUS63k{!NKM zKG=i3Jdw`&ZQt`{I`Vn-)l-gG%wF!=v*aet3htZ-k@!L%aPk#3alP%GPwrGH>3TqD z*j|mLnRBqC&VzxbRR8LD?s*&fi=p=G(azT8!a|UqaNc|Jcshx+S8PM3dVoEIo*s`x zw`ooye`9s37f^40giBqPUSP)pYgT2Gj zVD4tNWB!L-Fm(Du>c*GWd{#mV{#xRV@H?;RWg{sCLk%_~H+>GD)1!Qnlsl)`pmega zpuS0JfHpkOZR+zp_LcdecsXHII`tc_3oDhIDxjK_ckt0 z1r{L6)}Vpa%ulA7=!*gRUVgVWEig*OR4EAv2zC zlPO`*xN?cw&2`kcr&jq5t8H8>!f2jz_6fJk`IyG(LR4gbHaQqNJ(j$&{F+UKe-Z*C zf|1jASI@dlR~Nk$Iq-G+$iLZ5RxAk{PJeuiDs0+gsZ(yr$2E9*HlGw_VYQqX(3qjM z&V1|I_a7%70at)eYoZ6*NVt1b`N|KWO=!+2K?3J3`&Vr zb~I;{kTsW4Q|afYGnedk5+%8hrx>#K@z@bjHobeaM1w0HKS)lmOuwV_x|c03_JLTr z^M?n!$R;N)Ycc4_#0Mf~%198utSyd=>Js^)tfoGd>o9}lUZ@p8y>B8`iM{iyJ^%3m zio)hR<<~xJ56IV34J6!J%Va}Ej)!uBWkt&;FU^!x2n~Mb_9Ti_cvNwW`zzM&oa_4# z-%Wv1OZ}Mf52{B+nh~5KC5`i`jj+wq8i9;spf}aW&e2b+ zvrh6QhWr&FB+f>6-T1T)4agW(loqo#u0*UU2goULj(K~ zuC+qQPL6!EJMM}2x$>QudS;T9eSUzEVV-O6hz1c~5RYkUPf6@|uk?2s_~^ZWp2WPdioOLX#kTzO>@7_;1fyUaN~_ zi{C9=y?ET8Xge^J2JW^MmT-1H0;Lq9yy%Nm%|}?{-m7hO zl}y3`5Lncei%FOWS9H=f_G(9N(xjrO2`^z?@sVXZtK4DdTVV!KM5hM=v1fVtZiIf7 zBJf_Z+T@Q4zz3o^`w$@o8m4GTtZPb@Q;C4>3x*f_A~?q+Mn(u{eZ$o}`IAR@P`eBCs#@Yyu^fEL7&RZ=_e~Zl_!TQd>}iKH!H9u_{VpdkwO~2J!UeH- za|+2>jak&wk{ibXbgMBQmz%VMMm_l8h&P*55Q8s~6CHcg$DF4-V;}+!I&`5}&qpaw z>~PL6RxwQOyxQUlojy!RT~As42%z0qZ*-vdRn3~UlFN2OlxVeZ?FH%X(65+1@IX(H zl1+i@`RD)a!`6+MrctUc<{akm>#73FCP<1|2~sBD^V&~F#DD~?x`Qp5Tnagfita)kv5Puzi z?unP7u9ROFkMGf*}8y32Wj*QyzoB!FLVL8-;0;-~OxcG|)GJ5+N`i-eHC z`y7u^O_8q`n2d9)51-J`PNY40>Jc)lK7T!Ix^@yjEt36HCiyB}2y!AOrDYr>8 zbZ}TM8-rQdoKS;)KmV~LY2q@|F0pVjwfYj^fC#*tao4A;#p@h6jj$vcs(-Adc(aecF2pmG)84&&e&Rj=9TKal$V_#0UuggHp`WVg zTOJq8s$Xp&qiyg}!{6b!ce86ItE)%6+-8DVuJ0-SM|txznJHdjR8O0<=pQfdu^_Lf z$Y|azw~y?@R~YPE(y@l|()oFVzOQrH>87(9dVt}?k8fD&b-@|hT)5KH)RzDL*eG4t z$1!-?1^s=?K?*DYuqMo3t#Eh2Y0EmJb({bQabfF--{g!}SHh;9>xPeeo&(Q^W}2W! z*@}w|l(R;8BF5Wm{Ha88i&Fp<8dKaIbg)XE*t+zyB9}}$=WPgL|>iikJHC8HPe+kW0_Zmvc+KEZdric{wI-Qu z<;SM5H|23(S`w5fp->jH=pI>tD%Yuiu}5|QPSmHCA468I9KyN4bm1=sME8PaOWQ7P z>yq7B(;aso4{<*~MO=Ii7dQ%%7uZ~U-2Wnl+C`mN;*Jw0o5EET=i_|r;dz_ z1OuUKSSJSs^u|vXbLQgbaJU&L8@dFT<+Z-}D3zHg_reTsRO%9Qq=@x#o`!mTeeDCC zA@%~jq3l9AJ1Xe}bfR|78G9nPx24nBnAaPteb37|XU|9pDSG^qL-ld$(r?$}^N=<6 z*d<*=@(zGDPi`z{)3mUS1)C#rvPd_h%dA!+4iat>cJk-_5A(Bq>!g9yZd^Q9ZLH0T zt|>_X4F;DD5}OS7bnq-0#`uCgK7sa*HR200B>SLBUuSFdFig1<+v8APK7E?T6#J2ucXji6#}&i->Tg}KOq!Dk$#HcGEGcDm|VLng0p88R*CBPwl!ycq&z zd8!7@71@Z{V0VKdQ}&^Hb6{zLkO8|IhO(g}W&Z3JO0w;^QuYK_Xowu$VUlLMHUDqs z>L}{APnV~q7dPx1%_A%F|CHI5lSW*e5N+iUSxyR`W8(91@b%~8#XrBZv^9n8`CWf$ z@;y&h2@4pnJCLr!sh%^ly}KI>PtjpAIVF)?rB^o(SjeYzVp@7hegAWtfZl|3OpC6} zmNhTT%%w4X*HFJdJ7qM*fJ!DJ3W)w!?;%Fq#bNKAZns8ahiJ+%y>%l4?zJ*tIR7O- zWpEfTuYn)ItN(n1oQLV(?yTlR$@f|Z#8bPTgrZ3ibH8n%;Rg`K|F$B~{!4yV?jMi+ z4}de)**@<4@j_!ZLf?GjvcyJ>pq5TAi#s)yxG*!3@>;5-Z1C;oWfPdI| z&M<=H;3!Y05^4Wk+Lm4nc=0F6B=rY1eh|q1S%tV|e6tkXSDXY!CvvMuYwKtsZOS+* z1-XG2Z`uG?yS-&~<^qR{?R4l9BnD3wIu+ z_OwQLmcV~EY4KV#&@5C}u0Bw}^(wO~cnoRrf95}V3h`TcY=1(RG77gf0Ewukhzn?G^rZ$%_=2Zy1AXo?KS z-%b+e*NME7UTk?${pV$E;!x<9%^-#oNb0hcZ^_$f9`k6;eteaYgfM$VMQxh}|HQ0Y zEzmC9%=w$%iXcJh@j^q8{?A>pcLr4PZ?gHuZ5v^EF9O#{AAupBSKF6 z<<|*d6o_KuqF2}imsebVM>>oz(%Y7&(nDP1mmc)s*;U*QvVfLam)Dv1>UiH0-6yDP zd^T>L)(!BZ=%HBd9>4y7X`Zs-gO=#N4y}R)ih@Ikhq$?Z3{f zh^YW0l9ZV=Yhd%z2hDWiNC*Z&TpKc_2L@A85bDfzLgG*h`RKz3Z^J;UFE9Aews@#F zt3;Sej|%#-IJJYHo#}BirwD?(5S)R`FD{%l*&&#=+5FnNr^Vd6`3nO$gaiFqBgBd%ImvM-$(Ky8;0|Qj-9xa%38DDO`)0 z+&uxgN81abI`MfuOLJ+AI#&}O+14WYU4xCGeqwJDO%mQ5I(luFy;){qt3SBRCUW0vB3gpQJuvwvt#xAhwA0KM}Zy%WvR7KtP8^?vy!}sBClLYTnJS0fy*{`;j;o^^?!R_oG~ zDS29IXCn5VT0XAF+S zU;Fhi>-!VqH2ycT^NI3y33>ZZDc8gYpT7-*THvU))RcC{4{-x1-?cmVEZaTrC##Mo zTFIt_ePYdjWJ8-OiPZNEL&i5K=ZRxzn9JuwjF}tA3deU&xoI^kY&TL88@mIOx{o-5 z`?7v~HfZ_U%|s;|a)~f%Tn6q%hA41*zkIP;x-bxDUh3Qd*pV~!y61ZvlAoW)54P9# zL=z=cy84nRbQY9K;1b=s$t?$%wd>H`kBY0a^{U*vQ)6%Y;dArw5vmLL0h*Nx?r@;w z@JFisuX&jgs7QY!_5mxf_P%6)fI3%#DL-h{|0UmY%|Y#cAGx=8!7e%^QKRl+8};xq z1@gd2|9H#>j7xF;cx5+d8;mx11;W4i>uM?wcO1P)pU;>DDUHj=H?^29c}jmQU;1!4 zmF3C%C5Kwa)sbqyRS@n_*0qPA-(Fu52e(T)7+2TIc7 zKu2yO)_}mpmmNH>T~V$#Sq)iY()xCC4A&ky+*T?38D!-%HLI|KDKLIR<D}=0nuz(cVXysQ0nF%c-FPVgo(S0J}77P z{axGP?KTn|%4sMm5gc6!Lj}fa*{v=p;h}@=F*;P;&gm}p&vmY-Oi=cAMG5DmjY!<` zqZ-Omjdoo#R}`X`fZ_9aIlHSuo?g_HYZ3nkN&kCA_dOC%f4!JWv4$mWH>>6uaw<)g;@k`#JToPqHPyJ>*&g=$I4Z(gC=; zIcXsx*X-zVb%Zyh_MPh^AY(1r5363gm}ijq^BCDw&`J+AK#oQ#*q@%cw31rUwcT9N;nktqhV2#GM!3H-}oJztdDZFn4V38Y!BsAq)aq2CW! zis_pXGV*pZZD@5a#|kiX!30U7ol?448W@;1XZ)Jl!VGG_gs34eSW?HwmZT};WAtmH zFjOd7$nJKy*$$q~>^64R)d2MmcyZ^8JDx3388WF*PTXz|X?aQC@Rrx(Oq;%rCN?bb zS@wVIij1;BPBnpEesd;H+B9a+a=x?*84D8~5T?S3cGC5@F(yhzqeXxBBfAO-sBG6@ z7HE*%3dM5QQCR<2Xe&qWSm-5zu+wqx>8;qDAhc0S+QD~?guZ1>3%LG}5gMAIYAS^` z4KCQtywXGA%qb@@XAwH>@qBh0r(@yv^Nl6K?bBu&YbBn=<0{uHzYv!wPfG7D#p3&3 zLLJ<$QdUX&t-(Gb-l$FAkfpk1RrFEk*mC|aJ8Uy0INO!szy-o#%y7VU6c=%aCyMI+ zb#0{ur@BMd6Oi~3WjZXqYFInTV(QQb zV@=%`-nYSGBkAYHo?}LqCW_+EBqVqLW)}7qs|MYsylq~o1V+8-ebd&AKvgYA--(idWW0dAUB@(33U=jl5?`L6(lA`!^9bmqeglY zs4Tpe_sbQ+hndj^aMsb6YCGxyAC>Ra(m>|2U^?Zh4o{*;=AA5h<1UY+Q>sM9U6Um1myd>jLfgFQN`P{*pjta8=dd$*jJ0Bx6g%4atvf?)TWqBJ7J-h7 zEFALCq$n;dcn%)YJnOxW1hG>Qe^Vd)k2bHBL{3Mn?m)nq&kW#aDr3cah$DGZdM$bP z;HGA|btVD>!^9mevp-16c{d|;Wj6~$_1^%K2NlM21|vEFcoO8rh1w^aYkdy(h_lN$ zpovXfBVRWcm^K%@e8p)RQ4iD>Yn_De`6ebR)k+hwH9o?w@fYZve`E*R5H5fS6^Bmv zD_Jia1i&Pf9%LXB1K^)tRkx#%ZEG`&{GN2XznS4F)h1CY0aV5_xz&3 zF<+sxS^y^KC0awh!|}tQZMIaxOXdr%>v}1&yG?j2X`X6XeF#d_zJ8+q$Q`w zB_LhxmasKC+je)Os>|~qu!%_bH3jLv_%FB_lO8oaeYqHYh8qCM=J)|wRET?n`M!An z_yu}Pdw|$>8Qat2x-p--rpsxO{2{LkWX3b@EQNy5gAJQT z#8>x4*vrrz{n5jjAOOTNt#*>OdaXchYnWC>QR{3#sNSc1c zOqK$Y&*|AM$x5vKUb}9$PNF7)LGf?skMb)9mrS9{DKYbP>Gr`G?y-b6;PoKySs$z2 z^s75IwD501d>UxNHBIH4((!deA0C{1DDaRur=Qy{nbk)Ly=jZKp-D6g%Yp;b zHo7O8^T=%}XH881SM)zra3!28H$a)I_@@3(VNXqVV^@!Bv0z0afIcC5n8E0>E}J-bCyC(cjz&+Yan(d#1-PRzIcP-C0dkHX@G+WG71Y`9H)+`SzxHHq^lkEz0AAr8FuQ7X91{k*V+HLUL^To+FXytO2rdPVVi? z;}eZws)88!Z+TfFSI~{vfAtzcXaHHzy#~QoTo}EhCE-6=sqo+95p|)2`LwIW>sbz4 zo@*-V&tDPHR$a1-tDg9WO7DHj!}%8XYq%;4httrB-HQ8F+)wT<0ooL-Ry%?y7U|lt zOA1eT4O=QJnL>Ixonzs5ZaHFhdb(dj0oSqfy@Gpt@a7@bF?$knXC!WUzSQ2c{1#8h zRzCWsaGg)%Z?n$N@?nLc2Dp9HUKldnN>^u^C$VFeC$V6N8par&w?tKrv%;;Nv2I_9$V z?1B#SXYaxYemJg!gD70>tEw=Efv$oB_wK0qXe4^^z_q`^V?IxeB|`1LnVd*N7*!$& zum9_)$b@l3aQSp`RR5vzB2zD^4SZ{}9=^8tb-3*qYfiLN+cERG{JPK$F?X=HdspV= zK}z_XKh}AJ;^x588eR~2|JTSz^X-(!cQ1 zlsVDn&_E9WAOW{EJ&;;Foc7HJk+}y4gLF93R5iHgnmP^U{~Y2g_(+nmxUvZ5MijA- zAsJ)TsE4GSe=snC^SKecxQq2z`);~NUkA$+ccZMT`;^qS9RE?Xc87A!Ju@pBWy=OI z8%?JIXuSAysm)>^Y;m#4hfnKPxeU6og0_3)ctJi8i7QQn`cnb0?2R|bmx48a!Nc?_ z8>=$!S{85Qbn+;7?`A&!K2>KA>gKAm|NE%v2}TMMNZ?aNYQkYTFe?Xx=g;UHU|jFM zPww2XNkuzt-D!Ml@v5dw+8^R+=m^(0?wED8WnZSYHT!c+3L-@(6ry8Bw50B18C5v+ zWB7me`O*I1n$8;TJn=7C=k8DT34n^yjGpgF%L55#brE$^1stY1|MTekVcMHQ zZa;N&(tQ^*t}8wYnFFFRiS*0oT%TWM1b(qY zFU8?#9H2UM`({cAnbgXAs8#{*ro)-UT@3hMO3&NUZ_-)4NX=?qA2#6fgkA#co;0mC zio&Pc@Nm;C+3^EQlP!6=qqesHcbS8j={3bNxxXP=HfPF)P}IZhV8elZe(SN?i)|367Ae|JNiUrt!dd?AIx7>s~P>kn^nSgz5Ta=BNHQI z!;(X>ccTFupTz6=V~^gIFiXMSRyJnghfN6P2foeZ*U}lK9!K6nE4M zjKLCmj*10Qe>)%e7Vg*|Y<=01y{5Bw3##lg89y?}PA zoM|Ps!hxpL>biT-gfO<@zFPL%o`5zs&O)@iSp&x2VJqe_7lsWoTwER;OmjwtB|?9~ z8wi#!GPc)-&f08!x4-W<0aic-1ibq*9u%VTpQx6300BY2ICjo8)vI%3lA zhhDR$zW77`Pwqp)426Rij?n1waJ8x|XIrCEC~YCX<#!iK4lXYj>D9K_jRe#o{5obX zNe)7|dTix?VsP(u;A-6hs@XfKC#r67Ycwt%2c8cx<8JZ+s6GRDhA858)OZ*U&p>{p z16*JT+8m10C~t8&JQToZdEb)XU|?r%VuJ0Z^19XLa2;!aOBgCCw7?Qs!qVa1X8^_c zv*q2*-Q<(^w)&svTx4<5Eg4k)b!(GwwqjOde`-sfV{jR6~Y^Jm+JKF(h473j1VNEiR>_T|` zPCjtgzy7l;qS*?Sh>eK#=5SZAV8z zL3*ybt#R+qAC)$Z^?f+6bBKjbZDY0VjjU<03=1#NxPDK9G|B0DR5o-SoYAP(L(VuU z?Ce7*Fx6);xyV+;_@Uw{t`7IVp(M?^SS*`ny>*Fiqc-cid$ypJFm?Y*D-)>bIFFfb zMED)}l(?WR^mO}{pC)3ZrFR#8J$~q?NLGaFUpE8w7EaFu49r%}5Mrrp<+?v`78wq8 z>A4A~JV9hS0?dKf1S!K+!g?S)I1dfPN>q!9g|70F8!a{}g7iXE58mTdF~LJFHlo)wuPMKtN#B!G zNgrD{&}c!&77u9b#`?p`!Q-(-~`QTG6ajlWYT~znG zEOqrW!bv5xNGK|+KKs7-^mzXlCPE1coluMu4_>+gYB!&Y_We?v-0X$SUxQcO7&Ia< zPJ9dAp3fAeD4Nf8y_N2gR89(h+dD`+UG_FCvLH8)K(D1r`%e#%u5jhO)2f7{sd`Td z^EKA<*j|S-RQ9fqsmgYoG2O>>g|guD<)<|iI(mm_LId@R)u-f+b#okk4OQY!Rj<)! zzQ?ith667O;q;Cjm+y$)fc;^_Qqu4~*Be=a{|%jEuqT$LJirGYfJ_LTY>#PJ9H2H( z7hG@B?c1>VsrfXjI0ofb%`#HjRyDpjm&uR4u{rgi?Bx5dkn8&(lbiogy8Zb$KB+^W zxo}qVY~%1t|6`4}uJe0C{u_waDz23r=UvIEOVz}r8QZsnG7C>>2G6D|k1-ecswaj~ zE4&RP=&${o7naW@Yc?Gr#HKh}$KYZARGk`4WnsKL8-@alA0#`I1t^QSN&rL8Q**S_ zYmvCP1Fm8ni(jLDh#Bfa7Azmcd-0b5zH#x)dsx+ft2!*SN*q5tU+ztO9HHF+z0`&& zRLll(Blo2T!&*(0 z?!IFM)`z8>NP}YSRs_1}a|OQJd31$|E1uO;_8dj|X=MNEX}x&m9kOiRO~s1*G@{yX zEe?@YA%$j=Q{h&gL`>KPS9fWhZZO@xCAjVi12}^wv&;SWc5eBsDnQu-9SYZVSbTeO zoRm9HYu5KXJksYxe9rZ9c~>jF(n&a9ZU57>Fq2<%A5Ahn*8lDf`mjHm>n#7ceRYA6 zj`IW$ZTow{{AUeSqB{M^k%I9-ZvS}AE00mc;4w4$78y!6bM@e#_wpW&3ep60{+JO| zx{sDxVY1W$TbcX{#!b-fg58q}zNkC8QDtv!-CXk{d24tw?qwv*G8IPQFEamF&p7>Y zo+jS&^q5$}`)ZeX9vk-UIabm&hURdL08UhMs}zrr)2@zS`jTw4WXsYwZ70o~|>m8|K^(O>YM?$2ZhYZdgX6-baZPlr>3B3z7R)qe*BR%JilJ426TY*T3nwtaB~)=J;vu z$yqsEny5{}C_I(W*)_PrTaC;!kHGO`xKGs^JQV6t6D=1oo+zD@_-F0Yg`UJDcPWj8 zxAzl9b?nZR0chwG_yQFm8xOr&Cm;XnFsRmRv&P>Qv$XY+v4kM;+>djgx0K_Y$)j~! z9CE}6-E>!+m*P%+5A591?|GbTMl$E~L^N%;&N018d9W~9LXk-^ML7tcuDP51?2wLv zd3ImrMOoEDmVFDyfHVbnQ)z#V>Z)AyEev|B-#PwJFeS9=Gp*{5?wQIv;?(We*Dr7> zXM$-^Em$gQ7W;OU8P${Z=w?D1OMAkAHsyF@<3!7-iKvdE2UiOCJ-`A|FS3|~{_l1# z0Fo=I@%O44?$JqX04{pW&l`Uy?T0DAYT!!Oq$WKrBf+4<$@#kC_qrJx=Z+=n6rRfb zI3}JIt4{x<5M_r-a+AL;Eq3eQsQJ6qRMzh?+ABikr0CaM4QFs3VJrEm3Y-l`4ZW&vt^ZN{jF3nbDAl~4?%Hy zKFTY|qldTAY`S`kQ*#b!xoqS{6o=|Gxd{nDn1;n!rdJ#9FpSL$lG^lt%HGRuY7^{ z$syBW&P#-t>Yj;RMP^@HrPGA$Ca*7TfrmFM{t@98NWZlmgpewR)(iSS%xVl8xU*+t|WSQU)qjM+#Mw@qfN z)nL~vSxvcfKGTK$cI#Rj+Y2uzlw9RkOj+Gr8FK$flA)<0zJYY3WVipaNWdqsd*XKwG?;)ipEAd!)oopouhX6p{*9X0norSM#Q zYb5imM3a>74qPl@&3F#qL&n{gE&E8Hr2!y9oM!HsPxcA=S^}4Y`(kYtSt;|)XUFje z<-2J$_nx^vcXvn&BezGnK0SLcI&qWI$IVq<>ZRh5y8Xe$f4)o%Yq~`}$m^Z!5p7;j zRXAh%bJW>V-Z^u;D8nfwjT=sP?W)b0ID@Z%RAv%Mw$AqZ<~~h8YDc8S z{GQTva~(yfZ4{MJc=Qgd6XfgEcsP&Lzs1-5@tP98%Mctfy;rw}k+s8oG3RGs;CScZ zoQt&*2NVjPtGx~SpDYRbnUfoO>Nw`q#%z$`i>OL{vtQ>D@5nh6hmDpC#nwD=A6o_yAI==og%DNZu9_GwAqNtQ zz*4LX@7ZCPzlKOhRhKU07|OrP8%!pA7-#}4`r4;OjWBYm2c8bV9E{_zfc7=Jz6h^f zcZrldn<8taZ8FwnmpH7Tz{_l#L z(GZ>B{a&EWoI-KS14zE+~Ir~2MZd1$_{Ln0m)=C*W_ z5aPM)^YrOc96iYTRR7UIAEhwZme1wab~7dvY#M3Xu}QW?L{0`7U{Sf4wswGnty*+h_3W3Q^z0a9j=Q2mAVw zOR`UBglL+{RwRXZA9z3!a++Hcrg@!`1?XZ3jvaU%3V zdRO&DFT3!e1)vOF9&R^VJ?!oiN0E^mpB&lHxmzWsK5vT&f2s84MoG3mcVCCsj9^#9x;H|-PxC?9vNKH2kf`uTmVv%U?&B#JEoFtpYn&olku8Qf#0ddysNrN-qcdrTn44VCBCr|SK^uf%IYDcpH;UgPHH&kt!2B8`d!lJS~T z#{!OZ(8GCGD3l)NzL!&_sP&bzWX-#RPL(r^5jwvXj5^|!E=vsm&8BFE|Mo$=Wv;oI z)+faL&?173yD_Lk$3B^dZ~3RMM^|lK(b3=OMav`dff>*^0>JtiGPxO57uRXt|f8C;yY*2K`{lLiGXjkGkckBw`RA$Z^5l5gIaimi)%;P?+~s>f?zm2OW8 z+aS&%&$_?ajrR7CKWxl(TB8Z=fU^hBMYZ{#1Jls@M7*kTtsBp*>yxX9^ZWAAUHL2o zQx__`=~@G|nX^z*#BO=UHQB(tr<8g$^*-k~tbHyTh)UoNzi}W&d%f=gT^xV2`$UP; zz9DSqE~xzT|2pCy80#_2%FAzU8&4HSfpcgZy?1!$(;|YL>dKX?btM?7v31SJTq(D{ zVXuV;3AD3J2TInDRy`(q$-UVuhi?SHUdEd@qm4!CDi$x}DT|B$78V`cU~<1oT}ghe zuIDrU@=y+Et~h~VDP6}?*P@juMLbeMK6+9R+}@$!hn+-ulZTl6yxP{)Oq)KC7WJoK zFC;G8nGrAThFpgV2WvdSN`Najp~D(Z(N3}mtocCl2q$;y})PD$-d zbt(07xQK|d>V+u$fuY(xCgYl_2=C+KrX%vbwKs&C`6D#(^r)NgwdyTxPxa}^!I$$I zuLChMiI=OFj%wyaG|Xk~*bR3CX4GvHrpe8Ner`CS+bs{CqrBSQQrLC%m3nnrD7}Va zaL(mYu5#f(NjApGM{`BFe?Pug#t=_Fet@c!~D5Pfj0cHR*^#-B8?T zhws>PY3HA3>SyCAM8-O+6A0gBol#@^aHL*I`i0NY;ZN#$)EAqb#QLWXn3xw%Dl*XG z1;Q^zGhUj76}|{ywxnJDJvsG;9HDlwq~mfrU7bAJ)QS!gycT!0%7TXJ*@Eo^aAk|# zqN1Yq&d&azXt__m2yqB;9Lc@y^4j$GuLvuqyKBk2| zNVh6kKm8~(Gt-cdu7ASTRk{UD`5sTpL^AqZjwO^sSU$x}EfKYRq3W+)I5jFNWN~ z{(SOCZpgavPE;G!x$mu>8_#NTzJE8aI6I?@IPNSIyi#5~F)Xv`!{=E2oPfnVbUO!= zjkassXTBrtO9hV^^?Ik_zr*20pW>1!pwZ~sPBnn^yPslQ);D@?S5*9C|1Gq!kHr;JIQh4Av#>YZ!|Ev_G) z?@KtNy3j2eS;r!~X@9-o$=+g;$i!N&;IHqm@UmSg^0)Qd@;<${t=mJdLG~79)lb2Q z#GRTUdJ0DYNiatVJ(2|Pv@@})3F6p0qj!mDC+cDW>tjJ37zp;1*XoKoFPz~&SGE>m z2$ZqZE}KZn34xoB8lrM*IZs1z;t zk*T0y0&PO_^O9Q>ep@D&U*;4(c3PF{eaD^2Nm2MBL%(U;8VyZ3x%-j-`*kDlFRN5% z9frgEp|J+*N}a~~4pLAbZIsEr+3A{TvBLfe{iZ<#z_s1J(}2%_kM0NSp9dh6-?XJL z2gkKqGEWo|95{6qViU7@B%C0DYr?-dBN_G!e!`k?m-N^*SnN(ZM*E)OK0^ry=*OM? z%pm#6f?j^kU@&6%5PKNA);5KY7JVs8e@T4mN&bg;pLK59#stQtbKi-jlmlc(ywa

TxTV%n5YCt*s|b<6>Qpkvn^jvN!1RW;EWG!d09(a zL@mtDb+}-r3Z)Ge_0Xv5)|qvdK>sHgafG6|?rM)>0fqHQq~+wNfw`% zY2-2m+1IF;Z#Xa;jj;~ZIeDP@@o-hk2ebf~w8BwGHG2-d*E0 z>QQZvmr>N&$9o^+3C^LNb@>y|{+*E#CmU*{mFQ~ERde&1B1%@D3^7Bx#oafBTQ1sN zsHMZb+styx%zji~gXsGhU0BBppVr)B6eh4U=z7$BY9!7qP(7ciMbgsyv11+rs^Oo| zErZ4>JoO7V<0ZUz#msAJqoSLgAF=B{nP)r&lEMY@<}@#L#@57&;=mhfziw#paEhMuzE>r@59BmHDl&yN&? z3^uFhA%n`nC6;B$QfURvo(XOPv{dI$x=FWI-5+dPbdOb@5-ZM>HM2PyB-Lv;SR$I@ zdh|G6Iw#xCe!c~)?e$N0HTBQOrK#K}*uKvdbTE&t2G?A~;iF?RmeOAmy=%mpOL+{k zrQRo~=O}MmAHgsTwaNl4*LY*D?Z>7^IyA@IpjNCc}BhFt0TN?zt6*_ zojU{7MjrGBsJ62B%O;XJ@itXU&&smwv0IV~pX~{NGCck5#+6aUHr`_t`NL}={hXXS z_t-#dX9+~8He~mm759RyfFSlHMBMaSMu^_3pYXXS>}eN2c<-;W4xW9o zO4@0auTdR&B$ZWzowIYyWq76wxF^OZ5AE8N9o%4h1NMOO`Nk#Gaa5#f2VKiX4Y0ii zLaB*MHbyb8c`7!O^04ed|Q*2)HI`cF^=w z5oc7c@}3_T4Gp%ti7mC8sR|G7IHl|Z&H2^F{*e=yJG|22+>~YR;#Dlx9dW`LSO|-Nw4Cb=-mmg%c5Gi8JASM0+Kj(#Vjg| z{iz^cV1F>%&CM&tn+vzLO8q(ux2dA!2fv_ZlKMJ^n^#su}Q;S^hN81{yjb+%K7xpmvSg~GZTs8z@5tG^~5WaeI99q4%?OhMiMP3!61U~ons^jeCRsXz%&wLn1 z$0Y5swB{TYhCtipYu0ZTDWhP|gQ(Z1uww>K&X9oUiRdRH^p_l$`vX?`BlDv1zJaY7 z9ptP1+IofNROp*&MFK5Owdu|4BPH}@JVVO)k?d%9*91wY?Ez!+*XT;0C;;$ZMiK>> zqid2g6_fA~u1lKrH>s+M@p9+$DBX*`$JqGjKc-)CH`3p)cb9cVku`v4iHA|i!(u`z z+qRB_J)cC3bXvR|5ZVDg7`WTmsqSPBnb8ninyCPf-}>R7Q{|x)S@{jV{J`T4AES@2 zM{*Ii#%DM%-Oui0rT3qW;~W}r1y{wBFlEmoz6u|1Conot=rtD6N3QGyvh4ETu_l%# z%ynrM`osdoTU{yj&}=M5B*3=t!ZcyUHSeVwh}lr%Viq~??oy(#3ULT@h7%*-Eubc0 zeum>BvzTQ=o|?lJLT{YX#C6^c>B*zkxSg@0Cdh7>>S;?hKabYj!I^sH4dF(#ofWW~ z>Dr%v*NcD1Lt5hST!k=|e0#R!8ROub?!+oYh@UzgTC|af3In1B1?Iifm|eMfS@Wo= zZx*Usllsf$w`c1c(&KZSAthJ{RZ&lBSA!I(N5D z$){m8@zLG@FN{TDkv7~qK#WH=%Nt8$4GSQDbiuVU;sD(jUMe33xB1bFl_x}g@oDV+ zxZ03v~*p(yYYn(p1t)82+RBX1t}W?e6^Z0lU5X^e2`QzQ-<1ddbd*jMj(#*3O|FsXKe zIh#qJt1^o`P4U_{CjNM{%E|2UOlp;A)D*QV*W+EIF<|6e2ExU(KrRnkNjhAJ~yYs%w*0+)= zBb0T%V)DT!M&|s`0B&9hd{*$utM^aD#vJYRey@hPp>#SdNlV95uxp~|{e-AgFHgR2 zQoHA1PZCSNfrXDzQo~p3R;Ids7JL$7W|Xnw<78|+@3BSLN>_DJVy|E?GjWs`xOX`hz`_jG4Q>u;c8`cjD7MIpb1;G3c;j&B8 z_kl?$6wgDm5w6&5*C)Qbp&Tafe}OZMg=R|dr4iO+ev5mdw2>$bu3Hi!`9Nj|Q7O(s zxBKADWMCqhV0G-8N4()kaiZP2Etgi&3fke$mLtsC2jBt^obvAOUAlPIfPI28q$JyN z@TNx1i@T+2Rj}VSDnQ7pHwWY@vt97cyYD&!9uAudOj+>XVn%C>Q(8?|+j~@(EPiIW zN8hy+@j=PdvQ#@m*2O0Nvw2~#?xz$G{|m+#Hb+4+fVkI0B-XP0MqeDJ9!~+st1i{X zCkPD%7>u0-V`^#f-p{(jIApWQ<=3zrJh#$$N;Rs>8=jeIB5A3*phs|#DcdHS5bIT9 zpFnp&-o*xlwbRFw?O|I~pn1)Rx6sRew10PB-lHU*?K11=O4zQ0u0J(KTs4L%Z^0$&<(c#rJOb!nHXc~37uHZS z>{hRw>E9H8Q2V{5(HdD`mTL%6XL3HqUnD23U8%Te!a1y%2Q#Jr^>B+d zoaVG!_tne2!gn=vT<@$#8w@emb$@8cT%BJ~^lfQ;I=rM?P=SoA2i&^E>}OvL)L361 z0ynW@nTVw^NDDm*m9J3V6p?)z$R$*u6BWuNW_sASTEOi&Srp2Um)C0cVZ@3lrDpUl zXJT5{c`+N5_1qk9BTw1hW~|gkVf=NWifpNcwbPrfctCr^P6%I8*zr9=!B8CQX^s-G z<(ui*@^K8Rd#NxTD4?He9&0m~f@;(kvU%+`{mqDmZ*>fr4;sEteVm|PQ)!v1Zz!J3 zV-mA2+c@f_M=x|rvp68+P|+|v3py$c(CPBo^$jYNj+AH(dt2l-hnM7KchBhNsk2#) zl%?N0M2l2Sl3T8|)FrGAp`(bp71n98@3Gap=jr)fb#Vk1?>B&W2krpoB5S+uZPV%C zrx$ef?uKL@`n0ZFGIcl17|C;)Wpd2(_mJt=P+>QY7dkw|$DDfHZ}cw=H8PZ^(Z~Jg z^^On5gzO-lWIov!;p<$&#p;GLYh&N2XJOd!{Zn_Uq&UI3)2>fdA?`g`A;`(wH?WZi zNoQH7_UNegOp+*6kK-V&;8yI)zzD;sIK9E|r6TccRrAV>y*S+*<@hp^P_a*yq0AZC zFFr&<&TaPK!p!S8_gL1EN-1?70@Hz(xS*U+<{)ZtiZiR+`FLOqi}HMfBR*0$7dHnd z7(bWiz6&lf%vuvZd>|^?8d`Ftpk#7u5{_yB13(+N@5jsHJxhwU#6aqg=3kWgF1}iK zY9x%I+UDMT;svXgpkZ1~*97M@<*NouZe7IBGHby8E0lKl%@^tBCii z(&vAB#gdBqf=$1P=sHP^}|lBiRK)smp+r2TJ&``HEfP#Uw!yy$)H)>pu_= zEH)+LA0CMho)y_Ap@eNOjKti}a%m4`t6C1#L;)+pKp+0F6|z`0X;B_j<=`IBdERK$ zuB~BBmf152+Ux(|?%lIlEfW?B)#Vhsm^i0{hi<5dj|YWz<<4qM`QS0Oa7NM-BKh=A zR@QCQSq#@FUS2pLL@|`DRIPPobt-*XxEBJh*B2`F-hQH?5veS)TyHgO(UsGixY6Q9 zk=@+^qv2$=F^gl7k*U$cFz_h)F8+%8vc`3s#Am9VwA3ZjC z%K@H~L7PUS+5Oq!yS<4DDB;{d*uaCS#^_s4Dp-~(BCZfM1dYPEt#>Ic|Cy)Ts@jPs~VQ?d~E3!0%@v(S`or|PLsNs0CA22@AU7F<#dX~oFiV6Go5 zcc0ECMr5|V_o&!7&c-TvGViAD!TawH=b!?M@I+z1s_Z=+z2or@slD{c!}WJ-^0BSf z>sy>-E_*)#-S+3&a z*@Q9|RzA<0wsvVj7}QTua`C( zsydUarn#~ev!#_Qth&vs=Vy-n3(0$CJ@-O(xBanaNgWCGR#8))%aR9S%OuggJ?&@C zqU2J&$JJ`$rB{xFh!0btYfii``Ns<|`NgLD?|GGTHut3$HwAp}gh}Iz+>>aYhE+a_ z?(a@POP%;EsJ-@Vdx|qsaW`*B?w#Hz#t6eClMxr)J9FFMJQ+dN@0pi%5i^p#_`pX z6;V0=Z}5%T)Z4s`gn$!lNEQDJmV?D-9=j9Ei|J=Kqo7+GjE?qusCBn=m-ap7Q!fky zq*NEkyfYoC3H{4c9*wV&V7#*H!$O!$lj*kG-UKHL_B00`neT|g<;~U}q?3VIrjQFe zCSS>wamNSXGt&^kJJ>Fp(x1D=8aa|u&wCXXsuzxA{Ir9YX3bPV!~S97FXb=xuMk3S z98}|_Zi=$YIj>{H#`-M;w=}nphG(CGFwA_Nq#T4mQp&>T)Ex7@i>y?W3D?E@hDowTu_wNehSwA;$nV{AEV)?n} z$fKn0WRh_gh}8MVObv%*F5u53Ux*oD^*53{)40&L39$~e)DL(AOPll z_JzlRH1CA14B_38GI_c>JC8$Br{cA7sTcJ~A~saeZgkRo-D$lAvpTlEUW=Csw=jA= zXzn!P(K|JorWX_rXtB>k7dm{=lR8|X5wQW|+v&Hu>*#GU^Bbc4hkLxIC&^hX2q#Bp z#svINoz|l}M-aJQkbBJH2~Y|$I{chT*F`;pPu2(9ZLbL;XR83t+-gwGJIWYWH^K07 zSbN{@yjsO{#=UxT3xfpFqIoj9r<5@x$x60K z(Dyr_!C+0?JTGQ_6t0)tq54C|_HDq2w~`KmOa~hDdMjA!>Mgq zQfM-tZxaR2Ktb!>-5)Of@2M@s4)@YY=v!yd#Pr@bE1W|vO-*4^;X~Pqowj>2I26>|ljRYwT4`g=m*qKtKc1o1~V09HNkfGKvLzBQ{Be{bjr5cLizRhOYu!d|l1v&}fl7UAh{|H}ZHbd_n)IiUoBYe$F3LGy zUsROt`G8o}5@mL;MhU4YHC`m|s5@$`0hN~~?34k-lo>7GtwA~*acR$)627#{(bdS+ zwXt4WUls@`5qL3b^DLDcI$``?n)%_KxmiE*1B=DU7~@;!zU1)fA#5LIp%EW)Y)K`t zW6Tb<*gjEVwo-PPe(kM+V`b?o&Y{v{IH%kiW9@O0Z&Byd{qtZ1NcU8>d`LZqT-TLO z9ZZpyt?&1gs!Q8D+692olcRl;X7!`*xO+Qp5%#PdA%MWQd-rlnfW-Gt6*cs=jj?dgP0Nl&&`WG@vt1XS(AEUGKcxp6wa5ssorPDrGDEc{qwN-+imqU z8InQi@%txs5k-1ceUwDRECSgSSfEw#4A5D~dZwOJ5GO2S_V>uN<2ec5e-Fs;e)}Y9 zyI3&FKR4{_e0*P|wUT$)?V&t_h*&3L@XZap38acyvR-OGYz|O_iu#!aGg#u#PjW8r zmB^C)-j+xie^Hw736!mupQP7b( zJf!j1nb@D>sFJAAq1rq_-U{nxrFl<#V`_DB&6!v>i)+VL&A|FE#Er+)wDgdJvXGA!hpEq;tHw@}0R8mc4BaWxB{{&*4MR5!@mrjI_SxUP&pz+@zJLBc zpZC8t!&-|q>v^90x#PO8>y!Si`|*dGUXSrbz3bKavw3E`8OJ!1H{NrC>)k15v+P2i zRk6I*(4H(t)$Nu8x%ylTlC9DXws++Y*$+mRmv&WZm7n-PT{g6C{k5vAOg6bl4?8#@ zb?7{G@4w9csDObPZ(T=2=)ZDP2E_3V30OX`3* zDwi9|iSg5eGP#vd`@+*KrckBhyGotPv=Sh+gMv&CNYO-$+i_Qt3tGvGE5qE@lUes} z_Xd0yw;Nn`Y4K(}Tm!a!NrjGB1rni7I8=q|6#>`7*a7Q?AIoYO62G0isxvTOJt7^r z7;VQ+{6(Wao0H03<;m}yC<1D*QZ>&qj~jCjQIc&CbAtPD`puOT>#iB(DuNeNx}3Bd zxTkB?Pu2I>^;@%235WJR8nj+6BxtbenCLLnhWLn*!M63xuV5pa{i37pxL;4Ei5f$E z+(q}qnow;1lf3Fzb@AH;`|=(Q=Yub^{iU$DDR3WK-6T32J_~6f{mF0D41scF3_PmC zfXdKHI-JS_5}XG*^`3P;Z*xZ39K#AHs|Pj@Kir}VhQOP6Da$ZIyUbDq!kT(1G-CWBYZl(=2c95MrtlRo&yJ8Us$4TFu z_-aZs@H}St*gb)Qq0%JOBf}V(9KAgNf8|ocyWIytzC^6Fd-GX?S|zwMNqdfOd(5u) zGfA?Fo#(Fh`jB3}uHOzG)$N=00*%V(@`zhr2jJMnLLZ}+BQAp9s~Vuc9ndSlW4@I8 z* z7p}?og)q6(VL~Hx+_3Fb#IqeA9`I&=i9*EXZSKTFjtixp3jKeJRsS5;D&F&Z_^c&1 zwFwd{2idmu8QdC^0^AGmVmEKp@?F}$;%$A**^7P9@Vk)hXh(%=CLfLrv)%`6XiG{*>9x}zq~V~>IQDi@b!un)Qk+8(gQY7R78 z*{^*DF}U^d9G!0#k5+_P=Ny@?HM8XQK2v(JI*S3nwqGVLHgbRd99Xf*h)-chug>MU zX>>Q??hIp{;Y7?CNMrdEdw0&07+Yo zq#r`lDm>b(^kxcsbw_qML#iE@(;!FQQj>K}6Q|_PZ(6k`bV^5xCQ~~ea~ujXt2m~X z?57+BQWqHnkHy|+yf7+ivqUPrI1I;W9(!L1 z(3)?lGd`x?Q$R5AWSYkG##{ycNHs@hx-cuRC>|SA({7~o5@S}+TR;oD2XOmB@0M8Xx-F_jwb*B8!hKd|-V!z@E%QW{)(b6Q6CFl6HfFHc5W zRHYG#-X}Qx2>v|;9FERaF$<_@)y(UN zH9!*x7r9do4j5xH{~i(WFQ5>x>r20B1;_NaU|uhO0C1lkVj{p#Rt%)9B{NVf544%D}l>>iXFk9MZVL zN(qFA!;7tbF|6yX#>hyhp~1fBRgJK{PuOjdiRz~SMkvTClgyLbqf?F1QQ%xI5H{iX zjXCif-!#Fl9%+e}q8)SM(F~R2po3J!FFty=P6Xa-dWgw2m|Zcfd)@CLUE z*T<2-*vHeA!kHmI6C5=~qcCev@;9~VF>o$s$d_P+S9l60W=T=&H}-+?Fws%H;vY?; zEdNb^9LP8%n+N*60OT%~8sC zUlIDMRla$6F~qIZ!(P!6*Biq$eNWD3twxX@wle31;Mxv76?wm80;)sD??@z7K?oG9 z%hfgP*&2w|%sNBl6ZmEU-7VnFhKg6@D46{6#WU&7r8ezm%lAlI|Gu8;K4a1*G7Eb` zNqidh66|&aR81cFtWAN}2cneMpNQlF^30>wxss)wWa6^koo+h;L3_t}W+`AQ-^VDFFC1QWF+8cM0s00@5LvL`yaV>r6Um5>gqJ>Bwc z8h-0%eUC+ww0?e|;)9+XT&dmCljy_q;yseRpTnB=yY| zKM(N$)r5;zqr`tCivIrS=>sBmgBdd&0Q6kc6B&Q1ny1|M)s{zf(3<_4!6?N-V|Thq zm+Iq2gl_?>qM+bA19Kh(3_>s9uyfdPiZ>0{V2RMRYn;RF*kRISF`QGF7R&HCIk5oE zDX?hQv(OxABux~fT-u*JZK@a3n|Cxf6z(_4sxOkf=a>BG*FBI3UXgxv_lV6Gj8=Pn1MeS7J#5rz&`=Pp(AR~4 zSF(uipmPJ}=1-f&FY!;Fz4m5}YEFtw*|mXXdMUJAl~ZLP<=i&k8i3|cv;w>?V)%WY z%D+0gI2QirNEf%8HTW7__k*D)5_@_&xh@L%#sRR?I4vsiVeEOqw*MCOg%(w5WqV9egDci#T*I!9a^!$Z$%b1#atV8GpAO+%VXJYkvksUZ`HO^&ufek#{Z4r!*%trCX8vaLbQQq5p4 zZ63!=baBHu1Q}@di->z~F7;_e0;8%tasB&e%>*Kbbs0#8ltUt21Fx?O+CWoNv8h7_ zxAVetrv{gM@N)0=*M#?7!T{N|myxO}CZ7^+KQ6qh+xnjBa;`Ig{sMFZsU9e0mrh(} zrBM>S45y7Z);d90y~XgM*#L0Jgok?MTRQ1TD>pQXpf1H<-z-GILY1X0dXDV_Tn>}# z8Gg|%0P{Zoymz3FbN879^Lb#XAt0y>BwH~c`nB6V?l^NTVlpatIT)&)t09D5_n)c_ zuhz^tWzMX?a+yn-2hD7Erj`j9Es^_=6Pq2z_tv=iyIFiB0Ieaif?wNPMY#i{_~^$f=aj5sWp3R%#}O^$AnbD% zxCbwgiLk2@nFqUA$$<WHV%+a00jaOEUOG)ZIw0~cUuW?t&EosGGLI*VW~c$vI%NbzD-3Jw0vrd;C0oLC ziWO_t1w~p?r*~Q0at(cCxR92~_D_MN5BhfM1O&Qb!l<90SP5WmX_C^-;u?3iM3GKr z<@2ni94lrmN*?2R5|<>Z)W zJRtrhHr9Nx#muMm^kYg=n3>iu4OYd7FhmQ`{;Xj?P=4&LIS;d`E(9=a&x{bv?0bxm z#57DFd$X+NV^LOn9VF8ZdCq#od9P zjh|a&EP{3`aZ`h1#2=m&RknADT`gR5SsuC?#5O9kBz7F93ftjnt+psymd>v*jv`OM zgBR|`*o!=((g|4i7(XyS5M6oUd%R<@LH?kS@4}E z9S_?dzf4rsMK_BZ>rLdE5DzImH{w+p)!%R5e`I2f2)ao~1VKT#>zm(wEOvoBIsnctyji>~3#2+; zyS8@&*MmisBJ!G{n=4iqhK-jF^^2ph7AZ4~m z4Rrt->W%$~_puhIl0FA8L|nt>o34$ml~c`@w>)5_lRN{-=^oJ-$< z)wompiqopFi~e&lYoY#QTEo_QbPvtvU~ekN5V<%ex^)+Uu7TdQ*Gct$Nt#a|420e#q-I7O(kAy^Ggi$ z-^+Y7zO4rg`>UFn00tBZ)Kv#LdhT%j^K?g;c2)d4j@|b@at5HyuJ@#?AL*&D_~3n@ zxl-!5FFzAU0YLYE zN#?nNr*jB3z3j%KrQeO)5q6mz(sGdf4rn!mL-e`=hsc0MqP}QCnAe2gY>bFCP}@-cw`q_$eOq-=l|rM+f||&i;8s!+#&2BY}KQDirCzKJp*Kb$9gi z0X_$5L}1L{S>OM|cR(5cetbX9-qWssWv~Bxy!(&)Jw&@7AKcw8`(H9vfBlKwILN5- zYXPni#(#ePzn=GRfA#wcT=;tBJ>7rvE&lTSE9gkb^p5Qf-JE~Fe7wv(M&${eKwfzq=Lw zTj0X4FN*%2sNv5K_dlkr-wX{4)2 z#ori2f%1Pj_^*h73;*9T{P&^!f6MTHOz1zqp8p>$!*F(f3e-O=w~6{fxaB!ChqauY zQwEn(h_)k$IHDXgn^s9fIE(UswR9+=kU7!hcc+q`4>fU$tKd=f+jG!;e-ts1%M*dS zqhqSo^)F$7R(AZ&)TeA9gM8(Z;7ZGJc>r^{0a{bQBNx$LyQ-fY1jBaKHYaa*Kq)>F zHAh!T)KeaD9-umvUWVvXjXk*;cFEU@;j4uc-_R8rUw4p|cHaH#cww*l6d@!OI=4zU^OiaO}{Y+u&ji3{USCISs;Wiw_MEmPI z8QWam8XMSV{lcR^Pn7>KgB<+Cp9&5C+Wr{6iw6<2Dn?7L3j9xRWdZf!SHX8G`aCmfX5-)K!_%?= zHT$|o9y?_@gT322oJ76%$j>q3D|xQ|N!jXmAGz&}NTXgf7jP}B?+icq8e9)%1mLn zq++WWjBktboZyp#cFzEK)$8CCt5epn*{)$i^Th20a@({{oThrYe1Z-eYInWmX2i=_ zh|V)c4BW|OChf+&WY;xIl@=FgkZ>7A3-tNVpTXd@K6&G)%F3mwz`d1u2T){Z`WA$5*HKS=Dt>+ zYP4N(zGN)xu{qXrGm`WK%^_})|+)uBQP8c4ozpFNFp z644Ft7U{u$(%gBfS^kmJu}MVtIQEcH%kT5mzJyQewZuH!ml)O zRxJ6XHbd`aH0$XvYe2EV!}eY#R($a4xjuCpq~LnDtKD?qQVd1o+RmRl)x+3VKL;_9 zZY#(B&Y@$^XVQ3L`7}&rjY-bC%UON_1H;C(1D*K){*NmPyZclD|SI>Z^el(*#6(LW)=`}dX zWaN0tVK*VyY?@vT4QFW#elzl@kXuj5dA66=r(4nsa^g>awyki?<$ypSW@nh2=0IO( zM%D@PozDR?-t@Jva&vlv_jo6)nFG%~*^-JXVHJlx)nvEJDdlwh>@roQO2rNO%3;a- zCp;MQf8(}>O8T*2$P)`CcPNJetOZTR{uj7eIn%+)xjZF%Z#SrS5O`FUD7d^li;btn z+3#n`xJ)PXk`CT}!ft*nGKJo6c@K;gTcjrXQYf+hfF9rI^onjR>WYGPMg$){4og;@c~6ZIu*)bx6TI+mUDR}JOxAhxy0WL{}Gv_iXRwBWjW<9@dag?DPyy_d*y3a zWhARXVh3K;Ih;`QSvyojZJ}$Pteqr&OvmK8IuGJ>nW`D}i8Sn&B#4U-4iTdG$kHLw zoeotU*e|+{9;E?KvJJMR4naZ5qZshz53xy2hJN82JQL_PlbgIfmv`gL$;M z_UbNVJ!VhmgDjR`pIGxRT-fTYjPAz^uOe|hjI63~#oh~@Z?5uW{v`zFCu!A6i1ykii~W2?Z% zvHnQmevbH(WEWY&eC^`Mq$){$n7AyVyz7ucQXv@*~V8=wik&| zs}!hAPG$7cWqBQJ;~D(24MW()7Uv@Q;awSm7)_DyS6PIc2Ib(`bV?1-3SM`)@!jVT z`TR>G=pqiC_l3PRxP2;Jv0_JzOo)k9YlH$?ta%nrMz19qgl=i2oW?9P=33dcS8h{Z zy{rC-f~PN=cy_Ru{=AKHRG;7A$u)XNC25h~wK62puV5#Cpi#ZO%X8f{vwkb`sDoPT z5Yi0ozU@aKx;hn3o2Hsv!9>g|lh%cje&*Ru!jKf4*sOtvw28gbksuCa$_^?8{uPUdg;q7J^6&G*PSTf0vcN{)-=8z^kfW>&;8 z>I9BY*i5Q3$3z*BIG5v*e6}L7OPGtgg6WCP+ArYEOh{9CY>G69$!Qj!AkzoMr}gfp zOncxtS@^^-M^~Njlsa?`&PH1KGwIXhz*5m))nhzn<8QZRprR_!gThN!poSmPi>KSM zXN%8NndKKY43ny-t(#6`2+y9`8UEpX-dOr|2&?v^l=yiJ*P6U*HD1t(XgQ;fRzRqt z5NkeOeLV0ImOU5;G!0Fg9`YcKXlVY!ioR8?A$+6BLX?7hi1+o9^;W5 zRv3yu9c0JNPj6(E1tNF7>%Q4L?$WIG%}8bB%ECVT1`sz-Nwm~X#-$LT(XH95loV;` zeAcO0t(`E_=rO)yHx)~)HC3(d$gVX~3=NJ>ER*STA#_>@z;uOI98UL`l#Xpjl~@pW zp7`XLG6EJ;n2e(-eIS1Ha?6*hUz z|qQPYF7U840hF{2npcW8cTtt}sN0C}N)vFLb^!y*Z8c zy_~+Oq3nrBd=u$r!1GbKeIi?=pRnx7f6n-YYWuO6#*bwVKS>TsEc)a~!ghd64tNiy z{f0A01;u zDagzc390Q`jVFQLmb1-U=vc+&JNna0ZnOI48PVkT0ZXB3MuIo?*R|=T%krm8dy}3q zSe;!S?e7u99#N0_=-wDCud&;;B=Q%m8*VGau^9B@UKGC!ZaCXMi8Xi5c(dq#DuQJ< zUuuApWIBfCj0!RTN3CE1m4pNOzUkEZTVJ8({C>7n6grp394O-qAB&j1#_t#vM#ScQQm#W? zP(sQ+nlfq$KH-8gt%<#XeN*0=!Y|XwZ8bCMA83-Fw}dN}@y0t_SenKCd|8t1QqXy+ zco3u|pJ#nWX$+fxaaMeJ&>>CH%QI8`gB7nP1qGvN{P2b1Kr8m!(@PA z<(Xn01+WCsOl&7s>QN6?dnec2!-(VxSx!T`p2LCm! zx*$MspOQ6h3MoF#_gY3KLz2n5Bvbh)``Z5Vp%npJ2{nHPGdmzi@Nrvzql(XDwg??r~5M=Yt2?mRN)w` zZQaya%Iz}=w|ESR%5cF(Rr207dO5c&$uC$J(Iq3k&)=5nTM`#ZYVb~^=KrJRBU~5l zSVwrq#A_@AS_f?Mu+29u--#J%^@nVk4VB{Qg;q}TFuAvz#2p-*{K8n1c%uQ=dwRRe zopKC=zzFL-c8jaW8GY{_oNw}hJ4+M0;5@q1mVZnkRIa7X@S7O3$$9Ds^p)i;I+xW}e+c~n!x#f=ek1=XVm)!ObR>SZ43r~gKS4kto7cyNr#&;b%GH)<-|66cWpI`{Q_Pva z&8+)xVUr@ZpYqES_hPr5>mie)2}K2FOmG;eiW!j79`-v zZzyWRTqTg5YJ&Po;k^3wt^siTjN&Y5R)wkY_!FK*Z8zRr8ZXZuF2TUvXJWZ%NNoI5 z==0R)**37UzQW8Cye=Wx?>+DG+Y%V~OF&TT{bk=FX}78P$~lru`W`E8&)isz0mVcA zhdj&CvHJ9|v3Qw^?aG@(0k7%}7h}e0&8YVF0F1p)r$;G0!Ge~Z$?;)gGooV<{aJD< zkL?w0dic03WQ(@q)={3ribZNZE_6p1MxXfTxXK%xAfK?gCYE@%2eY(n%X`#I_a>oT z`$fAg|(xOawe{(R~aTpaP@|BiE9{J zBtK{aMlrjF_|zO7H+M1i;#b+L(_I*-VZu7Yz?_6#32TjAwcu4K`Vk2bS=dQKGAq`u zta4AF=X>5?FARQKQ*^v4Ix~LjB=hKh6+p@P72)*Q;-36^iNpVf{j%$vx!yIpMwG$| zg#sh=F~ixcLrn5qMj7UVco6ri;#X}eupO16yh)8pmz;Q0_`xK@gr|;f2Rc))KAsbtN0ki4l(RUq7^cznZ1qDr9x|O|9*{!Eb zLwWL4XD=;%3(!l5`6Y|srSpTd5YCorb4~K|{2lm2fmzsFIE3?Mepusqi5vLA6pfnC zZF-|q6M9_znNP!JyO;mgSe{j&?%7!z&z;}V`t2Eq)7Z~a3|Nk-YElTN%@+=40@=9m zivFtGh6Kk(vKzRno?f!eRJAG)Z}#Z!fqx-Fsq}{q*n3Z%PI^~&Q1BB!xNV&|nx3); z^-EIcla{OoHZq%B(qAJ|n|Y2Hp_(jb#tCP#IR7@5-Nncrr`r+IRBo>>Pj{G|;S&SJ zfjuAo75w~W^^#kW(^c6`(T)7?AFdC9(=}qguV!5=ZifkdUhCzB+ommFn`!NI;#hf{ z@GcCZt*Udkp|B?MmBM>t7ww8V z=8_Wd8b<*uk-X=+<`nn7?^sbd)NpvfEN@IGaZ&l~B?|YDSi`_#nm7&uo9TUMm9O9p z!*0`C9z-UyyIwusw44Z`UY-;RTZV`?jHVxQnhR!`6|Snewv5sDIGw(Sg_F~G^Bs%M zu(_6lwFB3f$|}2B_^f|)1i>@KKZ{Vww32dLYEF9LXbb7e-uq-WGZLBT{tI1hi_=9I zqMultFc`(3nR&V%a9XWcjS-bFhWcY>29eS3*!WvwmF9GMCPPNjEpLxE0bQ<>C(j&W0zw1((|JV&h)(=7V8GqJ><#{{d;iT3_6$o@{e%C5(08 zquYR~KFY2X4@!k-seN0W?T)hsir_#DPbquFUfY?z-Mpm8c0@B<6C}Bw8gqto?cXdX z4L_zu>59JVEZx!iP+Y@av#v&wRzwnRnDJj@i`EA#oJihm!}AXrhUFuLW^#ye_6scn zJSKcw7BUj<^WL%a$P%-gp)mNvYu$DnGdC-Mig=`jKTTocJ$W3nU^NX0?0G)@XcoPF zfqsRoy_Q5)&J*aA*SSX!5Y~B>sHNLzUnSoYF#9un|D>-GSH#-p!Na;sLIQBUZLdIdEi)JD2tvU9 z2)E9$V0CB3dl1q8P2uy-GlpI1A1;Fr{<$8$YQNh)$3(Kd1CVkI$=BZn`~$9H-wr1s z4RmxCD^cc&343Avu3VTv@Q>54_PuTh*63Ctf6gtFa}`5WTB4f$QLw?Y5g=0MYe!+y zt+t8SK}4=3d}%C^554Ho2YY^QGR0>m?_fLy<;W?Ix+ne2@?Ob%i3C@>D36F5Hf~zgSWES{x z9};klEeZ2WfNXBeGxaifhRDquN=tF6oiy7J@QXgaVR;QUgmIRrKhzRjmiUt_+7d-= zz@;FOM&_TmkFM{&W@QuLO#K3l@1h>2ihH_>Ghr*oqQlg`hey8R6R44qktTa{UQfua z`3?!_MqXoLYWscR#PU2p$aT1t40}^ZoZD><#t#3?RVGqNafEJpSJ|a7^%LG}RMjZa zV=UAtE(aurq7p45(|R(mUYGt$hy1rHi{CS*@TwtB!fM@hYPnD{ZTS@M|O7|)7Q2zp31 z5D4A%@0x&n`ek}jeM3*nO{TbDJphVkHeakIsWiCQg7)-& z(Y8B!(EgP!kYXJGDNr$h7E+tOl>-^A!wKK?Lx}l&WS4=v(p@T+GF2BZy|yRR8K}{O zMrFR||DPq7-wR6R%*r&PUXw%0Ubb`f|KN+`0Xf$LL=sQc9>r1;zfn+#i7E7s13>uE z3TBVblubK&D}$};OSH-|(hExOD7*xA(e5X{*qxWa{r#T*vNwiUz~$Itikd{zTkU?axWkfc_+Q=&Wa<{&4NEj7o{k zl&`GY;Yx&(*hfP?n=91^#4OLNtS0Vj4c$?EgeRfu{mQ}}9@w9$+e}&2`inVJ0{{!l zD~`X)Em4NSUf&R=d(E!|-=(^T0pKH3LRrcvzsS%ksMNa5nc_~CeY(HhL&(4T=;Hmz zg_@990Kjw6@|`qkcQTPy7x0=tfBqcITv2MWGhG$QZYWxp>G00jOUwCa?K)%Xz8tVh zYY(ZD3-$8-lN~iYj;`gNfY^mx1f=a+R_W{V%-OXoTvDz{g>T5~mdfRtgygfZEX1>z zFOJq-qmUqUveEe0>32H=ga5skQ4BvC`Z@m$f?&wGXL%c1ai))g*B8r3cNd}88NbjP z875%ar2QkC^!xkpD|$dnPv1M&|kzBRY>nP zBkZ)xjK0+Td#*f`0f|eVN@Y* z`@wjU9*3MSntM>-+4iNerPN(3?CTRNzV?;!N6fY^@&jXaL#SS%obAfgLQZdhwhz6n zu@X9fOF+l0KamdbNn-lg;ZN3699>$|i{?w;z7C;eo>xerht=$rl8W)h=jcKQM~dal zL2vARG8cA$25nt${Zi%Ep;XVXNLV9Tb!%iSql%A4f*Rz)g6icwJCE1xs?EC z6pxLvq09CR<0nzXj5T67_mj;mP%Yx-an%vlzW|8iii|xykv2#2Gex{1!;6?Aa}k-Z z`|>!KX@Qzxwe38cv(q}yQRPrEPQ+tTq9V&7R zMDB=R{W4jBaUxAcSoBqh{Am-o=l6_GymciaGTZRa-~W~)p&-oD6SVc*X3f9&Ddt&j zmu8Ym#QjuylLDqOkjR^DUq(>d15y zvDmvlNeIEMORC!vC;9V>D>(@2*f8nN@?7unaNdsx>0RK;m!V`=bqh68NL{5+6M__wKff3?-;8x8;WdV* zjgQmi@kFi+`B7#liYV!G$>zsqqSmHa`bm5$`k;@rSB^2?r=w6Tqq5Q+XOKbV2^*qCtKl_U*kyZz+ zQD*Nz=kJU1x8m1tZ@>Jha%d2O60ji_X+Nk`*1mHJoj_H{I>7pEs}SE2HOUuK>n z3Xq~=mLjtN)kdVgu+;?9KFw~Gqs(meK4OCfeZT{Rpz)sXtwQJaaTo7ktpHJI()L$N zNl$ByF5SIG=>S~n#qm3sdzRZM{pt1N!w&m|i)%cW*;TKS7$wn<^ClkKOXDY?^|IX5 zgV=dzL~+K;1ZE#YR=bP4Rzb8lJ*H6xg>WN!$82UYwU2gjc6|G9<2FUbZn`DuGflkR z0J@2tL!ePx1{&nieWpq;mo9;3J6hZLK_%f`xaUF%=r=_^FIcMp zj~~_?_R*d75~COYwIcR7ywba?i!X1jmMHj%#-YP1Wj!*moF z*@+V=_tY#%*5_+!^if$fwxbUFLMf!OUZegEgH9Agl~3Sf18zA!uOi|>=+Lqqxtf4w zWFzC<-$eFXXFm>AfbVhcWXy)b2y1+#mJZ{q?JPT?4E-&OPvBA6o{NoKb*7w*;V9co z74}L6Jd9-K*>n!o~@TYes{N< zQhBa$GOE;uU!7&&PKxlUomNF!kinsc82N5CEvNPQTL$4*`d`aBpFuV)}cEjY0o~wY%RzDPn1@Quk7f#9# zNFHFzes@aFUz^vI?e)v6S-x~Y#EJQcvcKytK57{RxP#nwif?=JS#^7_>Fqnvde7k| zraFNTR`miCd4-e+J|-=WD~>8oXIWF!P*tRXEvXUF z0(v45ky)ig2cXUwD0QU!1%ZON!SQ;LFK*~zu$h+U%D3FcVt@~MHpzvMjob)eTQ`~M zX3qv1ELbPXeA812%!Dw7n{fA%sSXIfEjPF zd80bhE0|PJZ)-e%`Q*bC9my0+P!KVDRa+R)6lNSS)jXzq+X>qPrXk*(M~%g6dDoP> zEX0??J!x<_p4i3ML;{cLcS@=mYa4pK);uD5g6 z6s>?ZMNUc3{Lw;-t?o7N!nNxw6ea!5x#B`SPdE1AWjH{t<8X8WmD$nZH9d-DHAu@b zYrQ&dznQCR1{gPbMO=?#=AlL3J`Om*{((snAVWq~pu#b&{!Ie;cL$BeJ`3&X=M`WPuV`w85bw(mbast(I@Pg5h~CO?V`~42Kcu=B&zk95+y~LfA>Uaet%Kx zIsb5GWO&cL33GbXr{;EO&aGAYt@GO}33uf5H+xMaXlSq89}!u)d{=qJhzz)JG;auz zq=+82`J-*#zyGx98&L$Cy89j-YGmu#?2*g-_V%_-c>^ZF;v6{15;EXpHpjL*0&T(Jn2ep8q?AnUd-E|RS z0imqKR9;Q}H)+%4Yz-k0R44`s=$f)_?PHiw$JvXdG+JRkgXWjn2@0dmnij%GvP{2L zTYXCEIFWTZ?D~J0dh15n6Zmqhg;l}F;vkxk&N&A*D8vweOt7T^R$ImYC}>`HF5k%> zN)Rs$5*0ysVpze_30bu&&qJ3=9nb6}diwy~wAr`oF_8?8%xg9C=c2uaMMPdA2Ocef z4}Oe$fp`eLd9b_vH5p=qy6lQkB_W@3@tHKm5{z) z%wFdBbnP(E3YsZ4QLG8H!LoG^hJ_T32k+#Ic|(3iPNt81tho0G_bav6Vg6gQwP+bT zBN?wW+d}jE60cG9o|3TY=S=L}q~TO(5tx=&7_a|4FeK|>aImsZ##ma(S3N$+H69Zh zF;41;oWxvQ5e7Av=rNRCFR$cV&1lthP7YI(8_7_N8p#ytjy4*DA!T;$-~c(3c~Ma9 zH@e~18ZN;UoK9bdX8<2^+}+|$o59(`~H?FUFtXi!zqkXRF0 z^lD2vQ<*hOl!sD9EQhE9Gs`}RYy9IUONigUe|O&RAF?Eny)o&hXyDa?CT*sNc40f5 z{FZBs^Iue5g&`}+J`>TU*>Z#TRBG9h(C1EDHS0$eJ4X-T`A2=T(aG~U`);vD5i>(w z6hqdvc%dO{SWbywHY;j(P0b#)!#&=qZ%Cf2g3jCE$IpZAxf;|iKGFJI>jHl?B&rJv zNq^`8$>&T6Bph0uhmp#mXg#+eDXyJM(=T)SGSoq_v7YqlgIY*RP_e|1h!@Qh52$~$k(;=<^#HBjjkWnZ#m7&Z+Sfr7|MMSB-lk=yW4g@ zw=_=QU`kK*hYXEvVkObfU1NfpzvfS}ZYn%{xEOkzVbvZeX0N&}X2Idrl|d-*DMiF}E>P#y%^0lofSpOJ z9J>L%MS5CL-W5505R?4FPV^>so=dwlb`6)l_vYavwJHq}opy%b~fZ&U!bxGQJ1I z-Jq<)xdwA~{ko;|gT(-`Tdu^7D+!Et?UBhIW_)7NPPWjmw`JXg5=z#sFDu?Rxlhb8 zmWv?b++GV0B-JO=g`_m9G}~xPQn-c8Qv(`(hFml3^W*}P?}~AIsqZGBI1@chMvt23 z2NR3GPD)^ghSU0GIcCvKeI}|MM@@tH^-UuYvv{+KPT!AQM{F7xr!5Y~`__e&K3-~|xhb5_ zy-XLc3U4Xpo1vEsT@Z;eNu}wrM4X+~ZB+5}NaCv8bERE9D{>!~iv8Enc0QF94etdc zx^B00M}B7|Z1M|Eb@v7D0^LIT?|J8e9aTaBc%-k!socXC*1n7#f=+fIxXzn54|4Tc z_a?w4gd2z0SaCGbpToz%z6(bKu83j&`D;L~Lw#F+O{d7>?f3U(w0cV}yVEHwBs@Ny z&rHAg;@5KDKi-&5aCh2~08|-|-6ePnL|$2ry59`ZSKwc_^~MmS_yDqSue0T1l=noE zYHZZ);wGqd#d$UqzJ^}Yor|=wi2n37RuGHy{p313&AZt@<=9z=dQdw&bScJP;6;8r zo%J(zB6>lcN&WPrAs3miH{_Z6%J?8te>|HPT)4pu!U8VFI~qJYK+QJ!kDFp z%u_x60jX+P{0@GrX^E8i!db%{rWmTyCi)(V0yPq3U;$)3M}jBYdC$KY4$b2H9|rml zYt8tkHQP$2?R9p3G=qKHWows2(ks<3b;U|iviQrlo61FNky>TknH`4}_uP-D&L;1{p*jiv`G)V~>>nbY zpi>O2=NM~kzH#^Oi2VA^G$ZfY#YISH6JG$=1j)3ipY8q6kHi978?6#kuG$@`} z^(^#b64O&G&neV+{4492%ey3LM4OC+n80(ZW)m-Tzv}vA;_5HojBK(+Hc@m8#@>9V z8{V{TfQ+CiVuW^6L0*Bbx5g)i%BdP(%T=Oe;79|p%85J*1l%P+YE)X zVFk5@$ErMC#r)aPK`Ma)!qsM+hqu6t`o{~$vb&gB1YSfJg+??Vvx;@NZ~TI~+oyY8 z#28owZ)Rj{K&QC1X;nuaI|2fsc}!Rp1AgpE(!pf5V+ljf4@j8us;NP9(Uk4}dHT77 zvK(A7v$TeryZFi(t&JC0YJydw)1X=j)9 zn6MyX#^jlF882YCci$mX<5G2Jbjv6A3KqyA#GCCp-gUInQ>;1ea4@oJ2Wz%l5INQOqW$>6qOpo`{>E`PF}13`C>$I!EI5uJvP;Q`frr#{{z@M9Ny&9nQqq;T3!!eb9pS zI)qG0>Y_`O;BRa*;AL?8-3GrqME9w4sX@o?`Jtw0it$NU4dhZ|FxRlu_)MPP*2JnC z&pRkT&RqH@L{9o`rWoXx4E3m`@f&>l=GvWt`3yOqEgZ3rA$9`XQ6doxV+t&rIDOMW zm_%@SIh-14*4VMtmgkS8vK0-pKH8oAT1|5L62dzo$QzoVeNqdyBVhA@An#hff|pxx z5e8umb+`}iiD>I-N0OGm&z8o1{{OM{mQhiLjk>TPAR#TykOI;o(kb0YcL>tWFhheh zNK3;264Kq>p#nqq&@ps(p7Gt^S>M`wpPww?56?X}*K;L-{E&)KZbsHL>~BdUw$e`| zDHOQ1f4eikg$1frBYT8@F*t41{mNx9B@)lGqG*#N`SnllVmcH@=75WbEgm{{u~e{$ z*~$d;mkVv25;ES@E;>eoXTsR49K{n!!e2l)_Ue026B z9(+kvI9G`9BVCC1W43(P?}@1KtR1w51y?Rzndcd2E?jt=TfQORy9)^C(Cl;sB$0#Q zM`kSoky-nZ{FBL0wHng8LvD*A73 zlcTN*2fxv;sk`Qru-#Ug&*8omm@c_X4{5Z5lDQ5K)qd@RF5$PJw)5?MVRw=Ze_X-m zFQvGt$v06MqP~A0tDsYLs-@XcH=lo@Uu%<|i%8w;e~qx?J*pl5i+Ztt+`$)oE?2wU z;w!tnl6Kd=BrDqL{gUM#aWmh{Vub6SnaFYg{)1EhFaG?m>rEV!P;T6bY-Nc;@m1wg zKFX7Sa+2=W1h)yPLu|8r&{e-WdZe5v3zdADUa(m-{=rUt7OH^UE1@Wj8n0xUzrV2$ ztkgy*4%X{4rAb8ebuInY7|k$(Oa>e#&I z!VPAj$geU<;hN0g!rF7PU~%kPv`IP9S9WO_vK!W$Pj-;dYyUp9xHnXgP~$bX`a@Sw zKjy;w73W>F_TILqfQbPz&)h(3>uTqcH-}AZW613TD$a#-wugxtZm8qxtqxodV)C~- zJ3g?#Z$M}+`l~j=+odW28t<{_(ra4hO~FpJ=8PPeECmND`e5_G*rR- z;l+wKU$ZofF7K9nVF^g87MrPq0S%L;3o7DlUA}d#TyMK`UBSAgiU?7Ne(4igpsLue z_gZ@?_vma(uv7;5VdL1NY-yDWHWWQ&7QAQNMB>kBv8n3{{cp&F$m= z6^n0Kg0jDN*CoIEmPuk)BT2uF3j@q1s9)%zp{De(s_@ObvMIs5jzU$}jMN!Li`Tg$!p4vf+n?Vf2hkUJ&RX|bqOQx-cAb72 zYPYO#4Pg3eGG-?Fw524B4ZnSU*GaNll*JG{kQn6#{5Cas_vZW0gk~pofR+B~ZXspc zg-h$!n=Ge#^m=9Ee4IvBi%#4q(e3N5Y}LVWu1Qkh3FR$L?5}Q-qfv-2tNS*hA=lq3 zrFIfB!1?JHZF{AUK#TJl9pWuGyq}x);$5K+Hr9C?_4DS1H^OL`gP7ut7hot&Qx{W|Axt>qsxO}#p|G_#xD{6DrUh^aN3yWwo+Xzt5g zz@(VR@MP0)faEK!%qX%C>KRtq1?khJWQXZGaU8dZof@0NQ0(t^3myd}4?hZ?P5@ibq)0kCN-^Fp$d+o?FT7%r zwTHRqrAC{bF#6Y4(7uJ!dMc>R-;1=8;#c$1H8S-j5j=L3i#^41peZvFIXfC6`||?j zL{rz}j>o#^u1`VZV)xeuk&BMc$BfU4;=V=Blnu*v+X|;Hr-_NW1Y2Ac2(n}{O0Ra> zH~gOT{CQGUR7IJb?*j_wb_4AI>jyD9__)w&}>mRLPvq%r%`dVe=GkA?I< zLGIBTWafgtori0!^kcU=`CKQkMB(j0fvJq z(x^D`N$}|exd~OX3?c4-XL#6ChjUPRS*yfMT}@GJ1NGxRri0iq0mB|R{_IK=ES1s4 zoLc`LZP3rcWrSLISx)1}w;R{k+jM3*pmz@teJ}e}JW^=p4v?^U(i81ECjGr^B z>q0g5V_1nImK>3)SKPx4k>C2BP!p?(Hq(X**2tX#h)-zyk1yzt;88&RKjyPvEHPaS zmOv@kIr$txr%Hm9vOwK;^|`KId`MqP%em?nrm`x4fgwUBHNVkwbz1jxhUVEDtJ@7H zFLe@4$9*U_bp1sF3M|44`IIG;{0FhoYHtiV&Tq3U)OM^6Qr#nFLG~8-d-J-3_2em{ z&~i>AOAM^rZAu_|&XvrPX5gRvBQ5ko<3+z|$)b?+z|Zzw(ROulldtwqE(Q0`o;V%> zvGu-q_w#>FDS>r_N*n^zPB5n}z2A1kN_VcuQ5#m?hkCP*-?<>$@EtyQty}v2bfA0` zTwAzuXL4l@c!`#z>ldGGah>kLu?%xbf`2o;3)N7|cnO3hKtE1 zRNZfj0;;4S(UhiITJr0{WuL5-I-2tww(hUv?29o(vli@;@%a3idu-_Sk>qI-Q^0TL zOmV6iFSmxOiU1rLh_?<)e4cF&z`2JoJoD&>o^Jl(z9Avhbewl!TbZA%$D-xzej<<% zr=UfZjpW=HS5_(izGF7=h+)60k?eTY) zK8i|aChy?qeV-i1;j*oxsY4T8O;jc#fL$`Dc4;9LQjlVNRIEPv>9q}0sua0KcreXs zaeuDp;X>}>cLfsZ3|^-kFlXB)EtSMVYk*{!XMWN&D1Q60zHxaxW55*&3+2^oDhaIZ zVcuXa{w9kdUX{{&79RgH46L&lwMxE~4|~F&yVqh0hQx&I;1m91c|Z4`f??%Q@RXm=x*yiy}eK!CrL z`2PC$&;!h7>j}%h^ z;*Qhc3#B8o#=AMe&hks8cq;W?9qr|x?Y0jD*j_~aa^wU}7*&0nY}~ikJOTEvoX+vY z?&HS16!5LeG$qK@^zCF%$9b>w=fz1q<4+$QXO+WA2G^C*F-d0dNh>1 zB@fo5oCA|awgb*nDJ?8 zn2QA`;{DX||IIKFoa(|DNrsP@a5+uWS@>CJ%O>aVNW8HlT0J~m?BIV3LaMiU4)ko) z9|VOgZmAM>x+q>p2a$1G%1s#!=W#6~;lD@rIbt<2F26r}rDEa1+2w12-A4VIiWg#e zPHAsx$!N7~=(9<^EB=Cr)^H)tjB4^zQKf(GCAUt?=)Q0RNzG(I3a39q(&` z^7Ytm{r;eXX@O1CpXPGu(Hp{fk=AGfJ1fsXU{(_!Rl_iND{)o;Bj5=2ssP2qzV2Pk3UtpL5a9zh2B3y(EuQU8y5J*~tTz{ZUj zQOoN-O?@^`vDR-Oi+FQO70yy~S}f2^Z9CefJCDAbziTarO2O+GLartGV3+dB0u77dcaT!zl1*(q1}h z1S4+~EL0U&&4N|@dGPD-deLg{3X0=Hu`*YvE&(j=ie%&WABneiC?6c_kOtNJsEA!{ zs=s#c)Y-ytEnTZ2f1plxJ^&s{|4wI2NY&+cZsn?uiaD!xolbN3xG{u9FS6Eov|$(^ zk$K}M(K&Mh7c|(vt2sROXsa(42yKpQCgS1#B9ejMu`I+h_lq+dT;DG!qmF3-voS|2FH~1YmY(P0YZ>d;!!7O zFDai<2^VySl(UB!E8NHc{%Iclfi+P>=qzbpkK&`D0cvau_OQD?TUyw0Efn_D>%*QY zsTLEbdgfy-qGPm@ZP5m-Q5wAdCY4cn4zPdqj78z9@Fp`NSvE0YapD{aS{@D znvyn|7@iLvAuq8B2d0bNzD98C(DKsJPD-b6hSQMK*$vUcTd~ofGo$={-*3$7<`Y!$ zrC0?edMUF*XueIF{mEKtshXT6%+Cb5k%eQ@Cie-%QVBqapFU(5AIur^Nw*sxOX6{- zz3d^a)pb4j=6A6O%hqZUH9CsWc1Y6Yj?x$huU`qeyJD!Rp)DE-wu_I}J4$!c;&eEZ z`;=S)5y!;dQaMeE+wbnvuL|jQY9`ej{5%M)!A`7JreX@m zUalx7t+Chnk{{wX=|*f4I&{Pc@?QVnE`W`lrP@|mp@1lgXsMbE>fGaR0Saspr`O*5 z$~;H5jGty6P&AmPq{d?Ej;x)|*VU^FlS`DZ zxGjc@{^~w=rPa9=6WH=?i=sQk0>nOfpzZV6=0eF3gHRw}Z2sAGUnDg|!}g+W>T#X! zS+sFwk>}NY9f=Rqhy*gQKZ;Bg?1HJ{@0a^kU%C-emwdwiduca zhfsss`gf}r`TKu(nJBQ+Zr)czhNiK1zwVcHD!rPEz;gZJ#|DD{D|^?RID}FT&93E9 zg5PzD#$}y_2<3lpB6^+2cp%&yoykP2eY+#hcFB6+Dx#4D@jrmDjtq{k>l~=-Ev9wU z^I_poJb8wIYvXXu$^Yb*$Zt`ms@8t9LT=@y`|Ko@CTANzvetJiI2+_)1M?d^4e;R@ z@)#bv4FR*%ke*QrRj(P&Xh$&4sJEc1pV2w+=jw*iq#Mv?(w-a)*%+}t9^q+FS%tMt zANc4+YsmH@X$*!z6mBpQgsAQeJw>~%2Kkntp2S$RJOXqSSi^o+vWn-rw6-G-HSt(q zVJ)2P!DC?KUl*D%W^2joA*i9cikF;)-?wI>j}a>KFA|>Cfs(gm>ynV-O`&F$e*YX5L@OtE&Z}rDkPL6F)#!et~DtDhEqNvEc z{%rKaR1aJJ!)<`u#XBJ+dYTDdtorIolL&O%AAP`ZS9JbT4p7V8I@v)yr%R4SCEeP^ z2NNd1Am(GN?W2o4h8gYmM~FsWuRPyamrt(rqI0`%Vt>3Bhj@nEba|${esY%c^VOA~yOH_xVbJ##GRg+;T!s^OCwHfhI1`A;B)UF2_RL;L zMOuCgUwSdA>o<0`n9INd;8+MWFolx{lA35&8a`wYpmlqmWkjrK+`|`&rp6H*jI>L? z#k|vbF~TcrOR-zreR~s;AS%>R{QUtgSeOW_ogH_Kt;kHm(~KpegQj>G#^YC5vBbIT zcU%ytxM=9Lr3M&9d3C_F1fZW*F=r==xh=;^MT`qBb`2dTZq%Rd<;9BkaDfXh=u-q( z;aFasw+(8W=c=L~Dwx6RE%i2+Q7*!92rzv01p$U{#`0IBecIhuIc~!Wi{&U`}3vmvoY6~V=H|DiRWisGe+#Xb{HF$m0B=Sy={#+s&(iq;zhYJnbbdHqLUONs#;4yEf&VEBIXG}*Z+xeh=uM35RvAKI6<$SIAH18^T ztS9NA<#1fQnCx*LB4za6@0~`z^QV$8cWao-FA>~2!KGL4>1|_op0ds7=Z?R>1VpG? zeQrM#Vy#FWUr>v4>6jG_lx#Vw>@);b%|}op?d)7X(L9}wzQe@ERudEN@zysBXhCrH zx){8t<|X%~GoLR@waR}L|; z=deUZ2mOU+JHBU{KbQ2h!|?y8DFKVp;(b3FBik-m|NRg6A8@?!`wPVp_g1K^`h+7-bOrtENRKD3cmXW z)Z;d&%FrcfrIi8bPcT&Jd(3R1Sr;Eo7R)mc5Q&rG)H&ZAYV$*eq4~A3{gVfi6;Cy1 zbMCXls|Z;p^J@5b(f8-j^K8o6+84Lf$<`VBRac9E-drv8Bz5>dYsT)MWOi735MHHX zp-QOtd{4jP>&B|=0u>z#+ElWs&TQI;aqK$3Z5zY`EA_kTZC8%!j@oEmR$2(}ANQktsF35XJZ9fEAAOlt0?;H0WTN zs5>d1AYS8xF({s*854?$)78=H|im^)iX##$z5~s%f+Uzw#9op3Dl+Bmuv5*2rJmIx<={y_uWJ=Mm zc@nL%V?=W&o{&9#d!bT)esQv-tn2d!%}h+zY$nljPRNS-`+NziZ;JHy74Y_ z^_q_M>6hpYM;~ogq<;3edCyn<_DWVpYHTdvr5ir+-h)Nis~R(KL@?po?YWi%ajYB?{VhO%U6kv;76UhFVh}fH z71Q|YiRGVNWS|rK!pa6ntvd*pX)3eh`#QWusu4h7F-6KMtUH3|vv;=5EBfRXwf^nw zHZmzUR5_gteh$s3Ed2X%bNh6t1#w-ub0Fa>E;r9=LzVsqjetb!%tvVI-`-`$+v?-s z+H#Q-62o>Dz&ca@owvDHxX*nDD=>lXpa{JiA4UAR>O(1iq2CPiSK1eX!z_QvgpGk+ z^O4Uc1?r8In{8uw`sq=)2zASjpu)W9={43-S$qnG#G*EL1F#Cs4XrP@)p&UC{t-ZRf@(3TD6)Oi2DRdT~ozw6epM zC${!YA!zgqec#JxCSdTmF7eG5SR{XaouACerLR#~?KYoEm~r^Q_A)$U(fa4*dq03K z_2-Etd=HbHjH%VwA%#TW^d-H*YP@@wg!8fryGCKBbfB41$&u`w$T>~x3;MVT?{}lG zF8KjB4XhYb8K~D`x1e~dsrxF=&*mKdVnNg?6oGleA`2)KVv&*B1;c@=XSDxi2|ONLKA)QgiVDX_?kS?J~dl~?TvzPT*9d!M(rc~VBft^Vr6 zjETa}_F*4x)<4%(rhX}UT$Q%V^ZqkVb8^|S_Y?eoZfgrz-KEWCF)QoVI1S3zh1`(3 z2?pLiq^kp3w-g%Y6ZK-}Rs63EQ& zpuafyB9V1NHDOwJqR5@MzT`>#=4LK0n%Q8c%=X?3vLQlYQdGEgDvt8KE^Y?h4Ymzl zz0jz0{&LPyU!ftsj&)-)*Nj{2dg(dxe95PUcJy;KP7}iKsZJDdL)^2J-!r_Bz5hC; z1)>X7?Yqh-_l!*)4*W|Id-xkIZbtJk|f` ztJK`S-aPMrLbH^@D~vHd@H+;HJ`g=l*fJAe8> zpoyTq_flB`9d?LvLb+Bujy(j&aqfnn)je?HJeEC@=%Kz6c=A`Y)V8RtApr(Y=7ttEYdgCgxhjBTE@BecVVN&k?;{M;Dz_gSLP|Q2ss${Ib%b9 zBP)oI$?#xp*dDv>mG3~zriW9?e=r~n2bnIp4KVdf^?xd32$Xokhwf1_=W_s}#|m+) zEc zvDK|ixSE^4P~!FM+?;-297>CsY7!}3@c zuLQ|l&_lm&TqZ$vrnJjaqabYk{Ulq_n{t>bXc6*fAzUuOOmNIg#vGbNe$X+;SlAke zwp+XACzRGd5T3`F!_yE{X6taE^fvkAJ{UY2Omi_BX2=X>J@=^&3<;Um(~R~+240b> z03DTMeUpiLL9-?WSSqg+s>pR&0`=$7f0au{oSj+FZb!Y#%BwtYOV&+yvGbO9Ft?v% z$LTCOxB2s~<$73p%buba{t~~ASQFWh37?8TRU|{HGdbLVZ1-kJ z*(sjYN~KX!4(oBS1!PMtr7VY7lMD`<$MOIfgkX`>fGl5QVg0&4YEJFRxCwNpDO3nfMMwSwnAQ6x z;IR`%Mfcg4GLQzHk=7J&_w<5Z`F?DT9)lAdTgZKHXS;@QrwNp;Yq`p~eb`4Jhjfb& zA|_V9^x80DmETqMGWHefn48<2eGI#|_67@mDBR<1v@>35vnX8%_O`vUpC1mhpGEw? zlS{b0TRdK9(96|T3v8tgu6>FbZ0P=abOB$MFDW&6Y`gnAEetJsmr`2oDK=BT+S9VK za)?F3!SdzR-ls0UwMZ_7+ta1&mj-Z1`(YWi?be*+brTz->3 zyd5c2kzu>2xwb&9noin{uR#$#ZdgJFNIOjC=?YhGB~avctk@V5tS}#SG!of66_r?5x7D_{hdub1^F~SF z8BQj8-tD~*I?cK>ce=6H&X9Uc*7VD+`)%KWhbLAzkoMtVssm7XCi?ez2KZpdX{0Im z6qV8M@jP*PnsrOm>FzK5@KVtG3bIG&yH;DwDeNXx^X8vUl>ZR{_6k0#*{J?6tcS1x z5+cp=S^gmN(Np-NYXVo;yGKMW{;XQCdtRg;X^aet!Eb|MoLy zd$c~TK5KYTS&nq{%;R!HdxURW(ly9GQNsuI{BJa_#m}n)zlJNs%vB_7^PU^>w6JeP zOO;)|3N9pKv=&Ebq#w~RlnIc?pHH1k*(dFCjFC=Viff-mw~55ZlWcF~P8JpLh$ddj zUZzKFs>qmAk6kom^w*4|75;EMcz531W8GDu3*z)~*%XZCz?UbC?I&BGNbzw_krJBC zB*B@@h^9)260Za%*dL&EU*o`J%j08(W-4M3hj&3+!Tuh2{C1k!5#Qeu&p%toq&a<1 zF9U$rj=G(r;1&Q zZcbfVx|lk0@&PZExene43b1Li-=c-hyQx>B^V@f!I{3mE5)4CC8agF`M7!%*ksQDJQ7p-e_Nheb9cjk#1y z>BlB*u~Lg|OeY_uuiqah9ME7~o0|4}OYN6)*>>>oVY+yNIWnRLpYO?LaS4YljxH|e z=Ik0T-mIaZ%YJam0U#!B?J&jKR~A2DwSL;;)But3zhPvYkZOiCyH->Dgu{XwPNeI2 z+I}I|CHI2O%&1$>o(?8eq?{jalZ_Y<19G1bO(g2d;{3N}jZ_M30_JD2GG43i!6K9c z%zvF$1FEDXB-%2D%;g<>Etgi%Z}HQCv^*dz>O;mFVMR{7q3?=2T{%7Qs^%d?&>9bvYQNrW89S$1Q#|vM-k1n1Vs^|T<4k>?#LudHn2j8* z?{sN8tM6+x-WMO+_}qG(Z!0faab&@f?8=@eK{%CH9`lm+foGgxYgNLICvA~JxmaHl z&lGbe58;I~mo1NonpCm7j?04bDzw27wR#02zVXJ}RFFvZ$I6+S8He*ntav-Q@ck8? z7Pc%B_SCj6jvwi?+s4C{66-|#wd!HVp*&G$K4Sy z$6w@xhdXydM~6S|&io4g$5gG(5Fk|K@-5c#|Lxxi?mA>zy=9MzHD~EM@^Rh^GPPnU zBnbU&=N#WRc@2pkB-!A#t$KSWMLje+SWEHq{&`M@hjKE;droE4mOh-6RygSQE0x%c z5&`wwxd@-K;-+ylx>Sm)@pgV3!RPdTS;tpx_W2uV@s1QN5YMDZjX!T(OC(vG07M^N zjlTx-za*J8_D$R&H$kpd!Ia4Qvz50aTC;+%gKtXnLA^~N{i9UK&NbIy+?cFsiGgLxs?Xld-hK-^UE6vI?~b;0G7Yt`y4 zH+y=yJigV=?sR#+ho!SWmz)_{NHT9T&JlNJENhu%f{e`rNN2HwYfN&O^JH~)3iTrY zRXzZdTZ??u&J2MoW)|nv+Mrg9N1CIqTLVq8kUOwuo1CZy!79HV#p~b(gH8}*!!Q+% ztp1O?#P3ywTWA)xT}(SdmkAUB&Otnp40g5j+p`viIG`3tBSY3~?}361oG#LSHl@iI z1;R+{iu-ZZuM7}ETi3X%F_L>LhgB2p!>)7Q7Tk5(!9bVzvXbgA6|oL4KTvOEt7HuD z1YZ)ZWJRJ>r)u;mAbJ$OWGYcR%#j+sTL7W60+s?|o-wpRSIXSrKaMaJe3$C8Iir za$@(698u<<=On;Gr~c~sBdEnSPIAeGutQrVv0Ya<3GrZEg3nW~mUE>}%|hjD21aX( zzdU*cGax&!W3%H3yikJE4d-@WikHXLxj@W%3F5NVbt<< zDQUBz5^;fGFa3WPh?z=2UXjsi)(n!G^iP+|J*_;Jtj15&KGyaII@)FW${t&$g=OOV zpWfSabWRANa?f=1^oorB6D3OK20D4iLn2AE_SEg#%MBV!jXXpzxZ}8j>^ep_l}c^P z!=7p^MoUltJRvpV4ARqhl8j#x>oDYh8?gl+CxG&0Ae!rO>9% zl~*fGDgr%H?>+feC|r;JOO;$zLGaZ_!e15t9}wV337Hrp?3n4+=jc5{2Sv+b{1G{G zL9gE7M2Zo{A@W2bc8cR?9z_N7@UL;XAB*SunUfCJUl+EE4ir1!=lJjn%x7Ye7r3#R zeZtfUw}hUuhRHXXI}WCQ*P%Ywd0o8kX&`~30U@%K6N#*q_Hy(`Nmy7L;b3s|Y`6~^ zL$|=GD#FBZ2Im5zMj|aE;$(cJPUY_6It@x|*FFH6HceaNE6Gq20%Q`(XoF|#5>77` zu1fb{v9);U64QyK?q(Z3z9%$7XXRhj2#$g(V+P1Y% znvjf_SPqUB(CG=BQm-O2bvY?&M_UYgD za$;-P++_XvW0N2piwE1`8|cHzf;EEDN!UjiYQ^DsbQW^$3{lgm>`! zImUp?`I8W+U9A^Qvr`37qW1g+^j(fCdJ2Z?B|n0l(zyWPzkyDF1+r zJT_?syD{&R8WTg}l?HMvfVd3;z zMZelLspQNjL%Tsjuk}hnP+AF(<8Z!pbOdR%!pF6u*2sIt7Xkb9R~)?$@38mMb&qkw zH-2FH9|M41Hgy030tv*!R#wXAb$_bF#88)n|0YfqA|d}~@U^4OQv~MV@>+@49wrBb z3)~^9!qBwJ)%BLVn}J)ei>MYx1}Z{G`L;J47TxEThvcS9BqLc^m;5^sEukJUW$PZp z8;Z%5pDn1os=g}(e8=Xu+T$OEeh1?Nc|uh(g%4e%^)2fa3hOQKI5 zm~jZzSF4P(_dw{l(Vsa^hA8pMLIjA!oSi9qi@gumQO*ti(lG<(LgNN0e_pxaq-+Et z`usS4Yzi7Km5u*E{Vq8Deqv^wXs4;%fvMq9-FUFsRO+RG2%n=Yj9TPu9?Sc1!Rzy#q)|)->+Ht!%F(T!^ z>PjcISbXXkQsv1K=~I3>-n}2X!wZP4#S(&(*$J35tR*)EW@@iB*!r?}hykKEHKzrQ zH$Gm!o6JrLn2|IfnkW14mziqiH?aGdu~CU~(C36Kn;v;qT1cALoKM@Ho)K^bi3~gJ zRMCN)15s6W%lm)hre|eV-WZ#)=NPP}d8Wag9}lF=%vR^1$j0mo98fwn|Nb8(_)n7= z*`E89VTaw`M%SPr`-{l1=&_n+(uL$C)3}qW-(e z^-4`^>4koe4mpcl_Toi62wy$beYud=wP)mky1#0Mz>u8k;>GxYLU>@yFNNgK%Hq!d zx@qiy16NNkUqxRUw5u11BjrWn%J^*ZfVe3SR=-)|9R9e1oA@&$72WER7M`$gKMt2OH0$u5r%E*z-@PRHo2H~= zMNcT1cKCTj)YPnHp_WpK^eHK(@vg(ln|g0Umk}q`6DtRY_$eG>M1-l9$s)i~Ri*MT&rXXzmkUp#3873bk;e zN|tK`eKp~%+i=tA9)EDs0y9Ce&Kfv;=hBio*2;7#R7~$ZzZSr0VH006%CM|xf1d2m zwYo&${-Ze2wpeOyo%3g`#rW^{i`10I>_M+C&JEZi8rC>&`)@F)u9=}On?G|RLJYU#9fj&8R%#;q|46{U1JWKP+YN0KD z3bk;fY`hkcn|p@zzFfs{$+(L8?ra_FUcJE-i@2-{3$FN>ZfSb#0NmhD(=$c|mnoDM zYS#&pv&Bci z;Oa{2u)q24J_1od>KZZah$}xq{7R{mF$M5nIDtUSSFW-1MYEkaji&Iaigw+;^VJf? zk8^#ke8;RE4|Kl6Y&5PYXz$70=N=<@2g7~uvA(Eacc>`yAM&DjyhrPAZf~89Ctrjq z{M_JejGq!jF(6}St~;+DGR7ARc05GnzPHg0QHc||^8XIwBV5ytO*s9j=8B?LQa@+) zw64}-J2y^e-a>b16TGcu{dlcvzL5sl=>$~f@p095UaK$=@7egywVd-=vtwP(oVGXg zF|R5|kFrv#-5*6VBRT|#3%4`og;%r;f%46bxqvC((OtUc-I^hzQ}RW;*su6- z8e)rucIRjs%(_U8woZcVgsl6u1>Klz6Wa69C>tdFRn=ag}g_hLs*7_9` zE(pu&S9u~zs=orZyP zsn1V+P!g16ofAS)(L3porE|@T$p9A=YE^Pu`)A2e660>tp>jBFauHi!xb!*1t~9gs zKhCt*t7Rt9j6$u5aMtbL->KfP^*~@I)L4CN^6`?D*&=V!SuaFXTC*{pmEE`S>hN^{ z*evR$NOD}4Qx7z}5ubd|e8$4;@?=cD*US&c4$X83;d|YPP?CaWuyHOZDQ}O>c|qAS(u)oLtSHQe={l@8+qECSJ`xvjCwZvnxLC>My7K>2cZ3^& zRaR{&nGKPf#Y65Oc>jFDJVSSMRgcZg^k0^tXPf}H-3fd{#-S8WPUw$k9M@gx|Hs>z z<4dFzKuB!n;vaB_DO26xhWYE$b!XzRE|F4ttdW|U3_V|B%_lDyZC{{AHD#n=Sx&#^ zgGjWbfH`~DBA+hdq?K%$mmY4X`db(~w(V|F-4w6?J74cHT7m#`7$Jor9ifp)E7jg% zqW;2e1`Qr%Z-pyf!P-Y!n!V;jmdiS~y}Q3dpr0&Q&%{E2V@s-Nrnb)&ub**WH+5YO zQ_Gysr@1zAvme!HU}$bkG3dPHwR0ADIT@>G8j->?Q5$4zMeKP;h=;T$)LIUA{Jam$ zY8%(Cl)w)iV~cai!xrk8bHa`)Bx^PB+i1geZUZjoFENZT&v$$7weJ?uM)uL9_SFZy z_{$b3(TX=i`vaH>V1N5Gi{SovoZ9Zr>UDnys?OvWpL>NI59$yc8v`z{mjg1a`GW#J zlU5e$7KOe0Yg4@cRYkV(-cu`RO{}S5JN5T9w((3+m&7E={1?9BlL3)pug0?*3e;X* zA9yOObBCl}Q%s7$drlShY-n4g9~*^qlAcGH)r;9GGOUZTQ-Z=|-oiYYmdnv0>2WNm z04`4R@nIChm1eE>FC5gKs20oX{-6}638oYgI1}(?JOqBHT;W9Gyi}iYe@f}=@07?z zGCy5^#660&ZSJu>_<>raQSzgndvxLII!1?8iGUGbMvWc3_2CKKN@cj$>C~ITc-d@0 ze%7}sU`2NA^J^y6CY3-|_V+>WVI!YwPZ6e3D_ zvN(Kwk@e)f1zM5*8aCkG-rgeBHGQ9o}hOqYt}^Ckc@M-CYpjz&GkV)%^f?WR8mTIP#}lFlCa)lr0X zA`}2A#pHK6l%iJ9EJ+XA<>PA(kauxHOPCY;wro|*grMH&fs-Jm9SG!@}Q!kZ~PVvPH(C$Ux;uF|mVeFv!JkfgG2YV!>gX%hD zQTTP(!l>A7>fVVrGD>>w_OKQw5YR5_H*6(iRC~YPmD7t}*=N=b(bL?0`raVD`tLKc znkumQ_%vYn6%kG5&AR2v6U|*(_Q`{--wl;bOu;A{-YB8cSwgsyUK~Q^XCCGTnSHwn|%=NIa6Qs z`}gV_`9T_$5KP)vX7+#NY}1FfB#MWAmdCKU23TYENmJiXY4C}fvr^|qoWAY zv##Ilw*K24sM7jPaURHa!G`@So_V46rp}UglyH2b&)UB zqsQx8W#Lv)v&H>t9F3|_rF>uT$BjOkHjYINzu+FZGmyfNrAN7r@ORUA*7m-<)b+ML z_%ESj6U6NGh+a{mrgcRNCFNDa)NgU3)JUV%mbA=0UW|@|q)-^o4w8Im24fd7 z&x`RAa5!{Z>KqvsrLjTVL)n3~mvrqEtb&Z~|D-T3r)ghQ1-;;sdWQW77er-u&3>fU z0lNvq$*qff8(12N!?rL_fftwqCAp=k!JMCMr};LvhyKa!6Y0Dm;MT5Pduede%EKm# z=9|&l#_a90ZM*LfQ<{Y;8a9hx-KXSZtS(%zW*(TP!wuuh-r>%0svqGhxkZUlA+C!T zo45^ps)O_9#6b`?&Mg$eWX$SYcFTmv5QBW&97!nQmt%K0NFUcGLtp5=bn4lA4`9^gOXMHaCQ}a{y|rY7ooq(>Cy=EVif|Ag#C$kIKN8* zIi0KmJggm>@z!v3q#~s%PpR#Z!My810%O!DlDCviTfW)-R%*P1QxV?^gUg&AprF4(T_8buxGB9D`m`vx5(bo!_=0GyJgqXLI7f)kunBK zSDQ`(Kl`WEPvjz|Xqn(sF?<|hL$UEE<7{lb3V9U{=bqZuhmE*eauu$2(Ufo}W~?z{ z!E!{yg|i`}KBNMifT}4@IbkuV?Zk3uteAG&WY}~pafQ{|U5!tCJMGSeLASzr>$EGC zCE(DY<-eT!bnbJo0KR&5y1Y37ibApdt(y+$&s6n(NObp1l}0z!3HH!2 z8(++ci^MO7#=P5MmX8s9DyWY0_3!jK0{=v;O#moMB1YOcDv&~wJ!g?f+ZnKgri_$eNO&8jfl8VeX z{9>O7eexU$$XY<_haZz7zlUr!HyC8d;pffhz0E#s6s%Nqhay?=B^_5phwvtGJ>G1! zdrphEK86guLrSCRjM`)IB8i4LmmcPKm?P{!-mGxXDn$c|;^e~fEnR*aXLI72BVX@J z>bj5?u)`^;!8524354gU8v&b&Bb{{~o0hjnU`3Wur|(njqG0Zim}(L^hiu3|OTVaM^s!}{c-Uh-CW3CCxZEeV~+>OGq3 zqoAN5IWouBzAxe6(vw&#=AqsovBPIU2?i?i%gevfABmwV|JF^LrPpk`LwB|3SlQ&) zm7qGPhkP5W6ef5%7++~D&ivJ!!6xT()N7wc>2bC2(>+!hKAS)(0XU6TqDU-O-}(!moxTuI!Ihpwdz#=mmYEY^k7 z!@7dqSrj+8c_(fX8OFwVV&wW~XmQ2giDyKb+=VkkEkIh4Lk z>`dhDyzwyLvKxxW>`);P;(x2Z@x&Yzy)5*OGUJr~zJ7DJdheY1i5tmgB~_e=?qlAF z)U`UnZ|Bf{oI#M#?jB@CMm@Z3FLW)L(EGh@(2xK9UXv!Q0rsfSuD8o(hY|ceAN==& z#Lt1p%xRt@ir)@vK@&Gmc@ow#w`bL|eLa$R`_ikXwhdmA|Lsn2$o@|z$kO2zLi_rn z)8auZ&g#0T!Xn{^$Vdo`WmsYG z--r7zBLu!G91X@2U+`N_`=93U-xlak1N+Zg4^2S`;+iT;OOulSZ8d)BO>JQOZ^>%C z{(rs0vIhxRNgR)W4Y0qj{-5^Y ze-8~T(i;Bn*z*5wXbv2JFfN_MDoaZLs|@{$06?OG{rdbNz0`QM??PI4fL35ePhLK@ zM4M3AB9XpOsH8l>n3K5~0#FnEQ>_!>nL=a?41*?DFJGQSy=MFE?9^@|G_`V_|FBja z&&kP4`9eX){zQ_{n=;i_*A1v4tz)cgiO3l9$0K4!w{t`&=(Bx`W$rtpMPFEBN(oHv z!2xN7W!gtjbKTDY0qNrLbOkn~idm4^5{Xq(!8E!L%TJF&Hd{}kN{)l|)|**Ce;=o$ zP&*;heMZ#=SMY~wC;DVA8{fTdX`qZRkGGjk{vo{pSGN&`<2=r?cy}hBFP`3Tyz%db zK^6sAQ zcV~+EczJod4=cBZ$0p3?G3Jjhosu;V9xKX=l|oWkcmXyhoq6YUgW|VNdo`M~*E7Vs z<7*22&Lf=iwTcpaZ&^?LL;^w(H@I()L5=S%LE(9G&F5#zHG_k*TR>lod-?c5ZmAdV z`j~GO%}L*xbCxVZ9WnJ+xR}$?Ori%emh?b% zx4HXVWhRYtp=$se;UGp8JUON1c9;BW$4K5%f1yf0Xi41m#=iA2Dl9DQ1I8Y25_ETq zX* zEw$Q=jn*ON{$R`pjMon}tP$*rHfqjp{pT29hGJkJ^DK`(fA$~sBZCfN?{T|)sgQr} zIadob{yv{EIMNx9T6u3vP4U;w#76<#iynCk3mri3{Z#}0O%9H=2*biGec*7}vV0%* zETDJJXh@`i``om0!{ZtWFjaeZ@(?ZETr2c#jHPQ!=2BQqYW%cia4a8hfFQ=#zifov zZRbm0?61TAf7?4qc=*g2iFbg)V)5vc%M;XbFV$HQ z&KmkgEdz{7)|^w_d$+)lkR0EOy?irB)R`iUt?JMsmC8|ncwcn=J2-S65{Q{e#I2;=nX!DXL zlNyqKqU9l`<$e+DJQTlWJzsT6^m{{@KjwzdhyZMpaUB%hi$6a5KlnFG2*eMM%1D?` zH-_C9yuDvbHWA~X@@u@ zx>&jY@z7FfL4};*V1|HL%nLf0TDGnrRN9(a^ZEBhB!)$TgfY=&qtfK-;x;K!NQS=K zFoF%I0%EaFmLk-l-?J+-OU{0p9(NiS-iaSX{dK5vDHH!DdtKl4tV>#y@2{W#uZevC zp-SWwRAVm62Drj(2gHw&@KgDzdC*xhUkCa>ry3R#3JYoE$cqq-1_2>CP)DkCheoL? z4gtp|>+NFX-C*ZFhM;V}Hyeb{0rL{>M3JNK0caV{&>uyn(XT8OP>vbQs)S88g7Y9C zAgBu8Xx7u!GX^Ue9+C&NHwFg>ug96e@;W8eC;*!()|hZqXlczbbGBRz{hiYPV;XG- z#4D#ht&4==kG~Gu>M|kM`;vnML$M{BotwlTmhi;C=WB;c#X^;~ud;*42nZHR&p2HU zv4@g25X9fPs(9m29O(2_Y{=J1^EUDs<9+n~tpzO5i#ULV8;@BtfTmed_*>g@qdf-E zJ8vAV_MA!OU|%yuCX2-kuuP+gxx002R_iF>+<~s#gqspR2flJLv&jpAT!0deGky8| z&!XlfFW&YTX+w@%1|#vykjv`{)eGe2Y=T)UBpYs|S^?A#biKVZppj=Tc@@YLk$Pn= z(w?=@uC-(V<;j~GxO?B54lFh{WnIGGuJAc;)?ec4yUtpjf389HrsMGmu*BH&?xX@%ZQ9?HRBfIi* zdt|A;6{GR2bXg)X^t-34)+da;mZG$KpewwBOdZzn z^$vvU^?>PGwQW1ixsH(EHlp_+aM=CL>^=pJLna8NB_+@iB|@LC^BpMzh2Q;Ia ztWc37m#xDmdb5xQxE~D3&j=iwgDIV*m5YF<8oIOdDwwE~;R6bve1#s;s(8=4u1hB$ z>-S5pffl#80L1(5=kQ>$M2AwHr<>;OAGXVp7=SMK{V7xw$!u=EilsL`#8QdoQC;<1 zV;S{xk^$w^YAq2XSIkpOLr?Wd*jSUre9?Gyskkm#<)T(0lj{n`lj*B`FUFcT23Wfi z=(h(-TWGtP(vH}9R#-fRg9n7X805Pg%r3EGI6Z#Mk{dfcJ0i z4Ik`r4Q%BN1}>@~w`59&rhV?2bEy*KHx849I;+lxfv>(RvO;G)3EK*_`eOtFc|Z@G zDz_fV1O_K^yQ8_;gSth*q1~yx3wo)st4QK`9OAP$=X3YPnnC|`pPd_~Vp20zA@5e6 z9!x|;US?(WKu?4UySotc2i^}2=2O;Cx-F@pk8veht;6poy9&gQxGWl@r?7z5ykQ9p z=2^^<>cp`ca4^<8w#AY_3W==HdN1x7r(LP(x6D##eM+|n`fmF4$5NSanHKr^`N`bXm`yQ(`T4=&rH@K0VVX@_JA;9x zJS-h%%G#`HBVXYlW9vl?BoGCan`?S?ZuGwA`!G@?;o4#bQ?6&-jrj_D@ZI?5P4k86 za8z}nH$fC0w})5>Ebo)3O#DS>O4LQoQruLPZn#~pp5qCebUnY%z5;pk+76#BOUtsvJLgumT z!de)RH#f^@8tm0+Q2O`d6GXf3ems1f0Qn}6+c@Ouh9)p1Ap2Dpl+5xKTU?VhZie{1 z8}6r%z5@+z4K=wZt@i@qGPGYj7_hILv?{7aZZfm`LNr%Hhze^*Pw3Icn-saa{Chv# zn(tzZzM6UHB3UGpqIPiF?6wTpymFaiR zwC7fqC6S{E#^whMADD?AqSu92!VXyUgb`H^3cuIypMIZTuR92ZQZW%kPgEMm=RMh_ z&az|6z<_|)aH6*M_QYr>J`t=Sp*}tVxo@O|#ltYT78e;kbO)0%)0O^Mp6~CM^0L*B zgMkgrvdA4w4-)hyx;bS%rMouDBX8eJw8zQ9%caROB>1{2(0?(1WpsOw@+Ce&`uoU! z8$${RlMWlE*3rW0dT9X66m7W`G0l2+G6bD+1O+lxT<8}q`7S)UWIZ=2c%=$jdSyDo z9ztTN=`V1)QiX|m6-|rKUdG5f>e0p+8JUs5N-8bkK`IV)%_po;fGGWjnxNMG%g2eMOkUWD%cV{~)?1zJ& z-AK=b4C$A>NqsHlr!xEmi}|<%!8T#V&dL_Xn5+1TTT(KF#+H_2Bh$JFZ5J~5r|LLn zgWQjPN>1L45AGxx#^j8BL;G-kGcdE!LICd8HzYtW0UyfBF@Z?ghokp>Mtv<=!PpEc zMbcdTsWV~*3#Ri`aIlB-0&a2ZVJ`<_ZJk+QeiP=ujrO~S{%tz=1JH4)?`6R_PZ<(6 zk>N_zG3p}Ub#{=+fN@x=G#EhF2O2SG2($H#=pVqzaiy{>hw z++nSBLXweij{qHcF}++_C_Hw{JNE{wEnERXfdOsM(uI`C5*1D#t|%tQPd~=I(gp6w zv8t7k*Bj>e>5$7&{5@j$`r&TI#0fYplYdA+^t`bmob(kAhkMMhW|Qc~gP8PGp#J(L z`xV~UWwQ`zsRM4o>k1`mRE+Y}Pane_Qq)gZL&}aJBiF(+Nk%5}&tmOv<>0z?gW7QJ z`Z|Xca2k)fhMzgDY-7-J)#LZzaU8Dl4ELk-OP{@992|Dd$0p${?XMFx>YN#To+Z_F zVNE<-709YfbHH`2I%B@XM>3*80H?E|D^GqT1%9?MRgzPgl)|JQ+hY})`muL#1GtkW z6WD8+cke*#K8$(xM^O^rwYVK27SA{M;evBV?}fm@$=BW{vgxufwLcs{vb{6>V)%xD zF7O-DtFF7PcNfO;ueLNqYc{m*<7X@G(m2d*#bIXW<^u62?vC4CoE1d(n6JD129I`W2#^xRmSQ;ru^FN zrIoS$Sofkh?!lh}e>3zCe(e=Y?Q4eozWG?j(O>Hv*_?Nq)VIjUShY{T?m#0Ghp4p8 z^x%IznXISy!iz?$BWg*c4VXRB2L|1AOpbKhVYlOQ78@j}pF@r(Y4Zxke%sgXDuPg;J%*EO!s-*q zP{b%J@A1^}_Mt}jb=FhXH+hj`9Dk4&ocucR4%a7b>t9U`C@IjKa;mmBbvZ~DNCg9snKlULq* zi4Is%KLL9oYL17T#9rJkj5n;x5zxykTPr@Q3ZP%2mb&y~Qls~32Y9*{AwpybttJ|H zhx(&PVo8#bF#K3tA}ZtN8s`%A$t1xfW2mzG*s{Rhew{VGjZP+cs*qUfj`xYG(7OZ2IZb!&pJOf{?=|O#Ol=J$ocmXI{nu-D*k}n@Hf* zbJnqT&lj88zh1FHFc_ny)HHlZ2RY~ejOBXjn8SukJDoZnJ5B=uu4=RqEG{k{rO+Qs z{hD6&6qIOS#w>CT**$MP12Tb9p~-(-BBzDR^`2kv+a#EHLgdSZr1IEIpJo`kf{hDdt-=SEZ3YdNLO$2Bx7wiCB8G9 zTKx3ohN9gut5vaurr1bAj z&I9PtN;2NvxaEoYZGMqcwOLgg8roGtdmes5cc&ZCi#ydIg2PIbQ51GxD6+UK-z=*F z?8%t-&3aXY2em5I9Xuk2cOc3zjRy1aUZH)W@Mg-lgr<~fzj$>4lSOSfT`u52DI zJmayl9Cc~}It6kJ(v27Q-aqUt{sb7ynk^3o_ngah7EFiBDWy0E{wj5-!?%4RQ3T!q zjuhb|2YPPLv4;aiwyor8NB-Oj42tLaqW%zk1=3upQJ*JMuUt}FQW*GBt~z_9=&7{n z$W`ejSfz@Gyu7jaHw9P~YFI3AU9uIwP5|3hDuv5N1A^j|)RQe)9r!IhzQMXa4V_&9 zVdiNlij^*oj+R!$d`l~)N(L(k9FF5)`Anmq0tCJOI4+pp+h!HNkLJ!JEd;~Qbuzl; z$t?vYY{6kY3MOuyM~eD>?%*KC*x$tIBz}|{?($Nn|LDVwbV!6kRF4-Eg6P2RZxDWY+63&AhK6-IXz8)t$w)f0fA!6iszEsA?D)Ztt15@*41HTzK(Xg zS5?!CSuc9WQT(mA5x(m@25o1*%VZbU{D6`ho28vdM!YsoX5-MO=gS0L#!vM>J_Wx{ ze+d^cAwE#tCp=_mwSA4@L}yMQ90EE!NVTA}*KG$=kjscm`ys6R1unEz*_%*_LvE;? z2_16F6ed*<=Us*dkt=gJ{3I?5R=1M_3x>;FZllF%d<+0LOri1y-%E?Ab}f|8luw}P zD<$by>YsKJi7sRB&t-URdLij!wW^K_HgbkiMQe*J4Ntg0aKlC`+>0Sc&UW$fUs^u~ zAn6Wz_swA4Gw`>dIec-95)(JYE}koss}9GC^f)nm%_c}s4Ew6Rf%%AIbSYT>&#?FB z9RCJCzQgKOke&Xw`O3#p{&+3(s!LxqYs@J$TJ59^o~u?m)yCP+tLWjL$`$0?Ii|YFHUxIlt4wtqub?sK(L}6I+!w9rOEgW{~7YnU#HW;2Yml2 zs+<8glshqA!Utlyd#kX8MTqv(mFWJP+&!1s**;!_g5iDoEeL^_l3B_T_R7#`#it~v zlVZi-yeh4+s)GK9&5-7({Qe;SouPw$7{4IN4%Jp=V71^|bv{)o1>~YDb^BoR7lMuN z%8#qA7Ofi6Xhy@&V6)h(av<9zkVjDom?cccV35}r6b40N=brMhh0BaFm>tsfAM8j5 z@5*NzqYQkw@D=zu>c8W(zxwUo01#h?wh60f&3eu}t*hGgsIY-)^Jw14y_)^kDYtKn z+d2WU8{1rjn94kX^^kI4wzjrS3sSNun5WlG7xm<34O+7-({tpHN@8@BvJ$lXG3bpuf{L0AqLU2b`svQCym@6vckStIFq=HbiKK zJ(E~Q2i1D}`nts*DUI#kpz20cGVGd96{(E-su90=V@S+Ao&VK<+=qm_SC{CqXKnnw zj`2D8z|2ImU;Ak@i`6ATGBP)g8e$0PY$-2_X0LnGQ3AfAp<43hsJ$(pj4_Tv