From 168b2bfcb0b5d4151ad79d493410ba8768d5e1d4 Mon Sep 17 00:00:00 2001 From: Adrian Todorov Date: Thu, 23 Jan 2020 18:24:22 +0100 Subject: [PATCH 01/34] replace references of [IP] to [hostname] Signed-off-by: Adrian Todorov --- getting-started.md | 10 +++++----- scripts/photon-openfaas.sh | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/getting-started.md b/getting-started.md index 390c1c83..fe22812c 100644 --- a/getting-started.md +++ b/getting-started.md @@ -40,14 +40,14 @@ **Step 3** - Power On the vCenter Event Broker Appliance after successful deployment. Depending on your external network connectivity, it can take a few minutes while the system is being setup. You can open the VM Console to view the progress. Once everything is completed, you should see an updated login banner for the various endpoints: ``` -Appliance Status: https://[IP]/status -Install Logs: https://[IP]/bootstrap -OpenFaaS UI: https://[IP] +Appliance Status: https://[hostname]/status +Install Logs: https://[hostname]/bootstrap +OpenFaaS UI: https://[hostname] ``` **Note**: If you enable Debugging, the install logs endpoint will automatically contain the more verbose log entries. -**Step 4** - You can verify that everything was deployed correctly by opening a web browser to the OpenFaaS UI and logging in with the Admin credentials (user:admin) you had specified as part of the OVA deployment. +**Step 4** - You can verify that everything was deployed correctly by opening a web browser to the OpenFaaS UI available on https://[hostname]/ and logging in with the Admin credentials (user:admin) you had specified as part of the OVA deployment. At this point, you have successfully deployed the vCenter Event Broker Appliance and you are ready to start deploying your functions! @@ -213,4 +213,4 @@ kubectl -n openfaas logs deploy/vcenter-connector -f 2019/01/25 23:39:10 Response [200] from pytag-fn ``` -You can access appliance specific logs on the endpoint `https://VEBA_FQDN/boostrap`. For debug level information, turn on debugging during the appliance deployment process. \ No newline at end of file +You can access appliance specific logs on the endpoint `https://VEBA_FQDN/boostrap`. For debug level information, turn on debugging during the appliance deployment process. diff --git a/scripts/photon-openfaas.sh b/scripts/photon-openfaas.sh index 1498da06..5f9b9032 100644 --- a/scripts/photon-openfaas.sh +++ b/scripts/photon-openfaas.sh @@ -30,9 +30,9 @@ cd .. cat << EOF > /etc/issue Welcome to the vCenter Event Broker Appliance -Appliance Status: https://[IP]/status -Install Logs: https://[IP]/bootstrap -OpenFaaS UI: https://[IP] +Appliance Status: https://[hostname]/status +Install Logs: https://[hostname]/bootstrap +OpenFaaS UI: https://[hostname] EOF From 9a5be39b44461999ec180daf2c02426efaaaf62e Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Thu, 13 Feb 2020 09:38:13 +0100 Subject: [PATCH 02/34] Add commit best practices link to CONTRIBUTING --- CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ee44a90b..4f2a4ab0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,5 +19,5 @@ Feature requests should fall within the scope of the project. Before submitting a pull request, please make sure that your change satisfies the following requirements: - vCenter Event Broker Appliance can be built and deployed. See the getting started build guide [here](getting-started-build.md). - The change is signed as described by the [Developer Certificate of Origin](https://cla.vmware.com/dco) doc. -- The change is clearly documented -- Contributions to the [examples](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples) contains a titled readme and the title is listed in the [use cases table](https://github.com/vmware-samples/vcenter-event-broker-appliance/blob/master/examples/README.md). \ No newline at end of file +- The change is clearly documented and follows Git commit [best practices](https://chris.beams.io/posts/git-commit/) +- Contributions to the [examples](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples) contains a titled readme and the title is listed in the [use cases table](https://github.com/vmware-samples/vcenter-event-broker-appliance/blob/master/examples/README.md). From 811f75de347508e7190ae11c14deacd409e7d9b0 Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 24 Feb 2020 22:36:45 +0100 Subject: [PATCH 03/34] Implement VMware Event Router Signed-off-by: Michael Gasch --- vmware-event-router/Dockerfile | 36 ++ vmware-event-router/Makefile | 62 +++ vmware-event-router/README.MD | 384 ++++++++++++++++++ vmware-event-router/cmd/main.go | 161 ++++++++ .../deploy/event-router-config-aws.json | 40 ++ .../deploy/event-router-config-openfaas.json | 39 ++ .../deploy/event-router-k8s.yaml | 47 +++ vmware-event-router/go.mod | 16 + vmware-event-router/go.sum | 233 +++++++++++ .../internal/connection/connection.go | 30 ++ vmware-event-router/internal/events/events.go | 83 ++++ .../internal/events/events_test.go | 109 +++++ .../internal/metrics/metrics.go | 72 ++++ .../internal/metrics/server.go | 147 +++++++ .../internal/processor/aws_event_bridge.go | 332 +++++++++++++++ .../internal/processor/openfaas.go | 167 ++++++++ .../internal/processor/processor.go | 13 + vmware-event-router/internal/stream/stream.go | 17 + .../internal/stream/vcenter.go | 133 ++++++ 19 files changed, 2121 insertions(+) create mode 100644 vmware-event-router/Dockerfile create mode 100644 vmware-event-router/Makefile create mode 100644 vmware-event-router/README.MD create mode 100644 vmware-event-router/cmd/main.go create mode 100644 vmware-event-router/deploy/event-router-config-aws.json create mode 100644 vmware-event-router/deploy/event-router-config-openfaas.json create mode 100644 vmware-event-router/deploy/event-router-k8s.yaml create mode 100644 vmware-event-router/go.mod create mode 100644 vmware-event-router/go.sum create mode 100644 vmware-event-router/internal/connection/connection.go create mode 100644 vmware-event-router/internal/events/events.go create mode 100644 vmware-event-router/internal/events/events_test.go create mode 100644 vmware-event-router/internal/metrics/metrics.go create mode 100644 vmware-event-router/internal/metrics/server.go create mode 100644 vmware-event-router/internal/processor/aws_event_bridge.go create mode 100644 vmware-event-router/internal/processor/openfaas.go create mode 100644 vmware-event-router/internal/processor/processor.go create mode 100644 vmware-event-router/internal/stream/stream.go create mode 100644 vmware-event-router/internal/stream/vcenter.go diff --git a/vmware-event-router/Dockerfile b/vmware-event-router/Dockerfile new file mode 100644 index 00000000..9247d351 --- /dev/null +++ b/vmware-event-router/Dockerfile @@ -0,0 +1,36 @@ +# golang:1.13.7-stretch +FROM golang@sha256:d16d1e0b4021e15dfc17dc58e794ad1e794155abf74c579a4c7b8a2c83ff8682 AS builder +ARG VERSION +ARG COMMIT + +WORKDIR /build + +COPY go.mod . +COPY go.sum . +RUN go mod download + +COPY cmd cmd +COPY internal internal +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix nocgo -ldflags="-X main.version=${VERSION} -X main.commit=${COMMIT}" -o vmware-event-router cmd/main.go + +# debian:stable-slim +FROM debian@sha256:55f6837fd25a8e2ab94790bc73e762ffeb0d5d2e510177aef76101d2822d5937 +ARG VERSION +ARG COMMIT +LABEL maintainer="mgasch@vmware.com" \ + commit="${COMMIT}" + +RUN apt-get update && apt-get install -y \ + ca-certificates=20190110 \ + procps=2:3.3.15-2 \ + && rm -rf /var/lib/apt/lists/* + +RUN groupadd -g 61000 events +RUN useradd -g 61000 -l -m -s /bin/false -u 61000 events + +WORKDIR /home/events +COPY --from=builder /build/vmware-event-router . + +RUN chown -R events:events ./ +USER events +ENTRYPOINT ["./vmware-event-router"] diff --git a/vmware-event-router/Makefile b/vmware-event-router/Makefile new file mode 100644 index 00000000..cde4b409 --- /dev/null +++ b/vmware-event-router/Makefile @@ -0,0 +1,62 @@ +COMMIT := $(shell git rev-parse --short HEAD) +VERSION := $(shell /bin/cat ../VERSION) +IMAGE_REPO=vmware +IMAGE_NAME=$(IMAGE_REPO)/veba-event-router +DIST_FOLDER=dist +BINARY=vmware-event-router +BUILD_TAG=$(IMAGE_NAME):$(COMMIT) +LATEST_TAG=$(IMAGE_NAME):latest + +GIT_NOT_CLEAN_CHECK := $(shell git status --porcelain) +export GO111MODULE=on + +PKGS = $(or $(PKG),$(shell env GO111MODULE=on go list ./...)) +TESTPKGS = $(shell env GO111MODULE=on go list -f \ + '{{ if or .TestGoFiles .XTestGoFiles }}{{ .ImportPath }}{{ end }}' \ + $(PKGS)) +TIMEOUT = 20 + +.PHONY: release tidy build tag push output vendor test + +default: build + +release: build tag push output + $(info Make: Making new release for image "$(IMAGE_NAME)" based on commit "$(COMMIT).) + +vendor: + $(info Make: syncing Go dependencies with vendor folder.) + go mod vendor -v + +tidy: + $(info Make: syncing and cleaning up Go dependencies.) + go mod tidy -v + +binary: test tidy + $(info Make: Building binary "$(DIST_FOLDER)/$(BINARY)".) + $(if $(GIT_NOT_CLEAN_CHECK), $(error "Dirty Git repository.")) + CGO_ENABLED=0 go build -a -installsuffix nocgo -ldflags="-X main.version=${VERSION} -X main.commit=${COMMIT}" -o $(DIST_FOLDER)/$(BINARY) cmd/main.go + +build: test tidy + $(info Make: Building image "$(IMAGE_NAME)".) + $(if $(GIT_NOT_CLEAN_CHECK), $(error "Dirty Git repository.")) + docker build -t $(BUILD_TAG) --build-arg COMMIT=$(COMMIT) --build-arg VERSION=$(VERSION) . + +gofmt: + $(info Make: Checking code is gofmted.) + @test -z "$(shell gofmt -s -l -d -e ./cmd | tee /dev/stderr)" + +test: gofmt + GORACE=history_size=5 go test -race -timeout $(TIMEOUT)s $(TESTPKGS) + +tag: + $(info Make: Tagging image "$(IMAGE_NAME)" with "$(BUILD_TAG)" and "$(LATEST_TAG)".) + docker tag $(BUILD_TAG) $(LATEST_TAG) + +push: tag + $(info Make: Pushing image "$(IMAGE_NAME)".) + docker push $(BUILD_TAG) + docker push $(LATEST_TAG) + +output: test + @echo Docker Image: $(BUILD_TAG) + @echo Docker Image: $(LATEST_TAG) diff --git a/vmware-event-router/README.MD b/vmware-event-router/README.MD new file mode 100644 index 00000000..87859ab5 --- /dev/null +++ b/vmware-event-router/README.MD @@ -0,0 +1,384 @@ + +# VMware Event Router + +The VMware Event Router is used to connect to various VMware event `streams` (i.e. "sources") and forward these events to different `processors` (i.e. "sinks"). This project is currently used by the [*vCenter Event Broker Appliance*](https://github.com/vmware-samples/vcenter-event-broker-appliance) as the core logic to forward vCenter events to configurable event `processors` (see below). + +**Supported event sources:** +- [VMware vCenter Server](https://www.vmware.com/products/vcenter-server.html) + +**Supported event processors:** +- [OpenFaaS](https://www.openfaas.com/) +- [AWS EventBridge](https://aws.amazon.com/eventbridge/?nc1=h_ls) + +The VMware Event Router uses the [CloudEvents](https://cloudevents.io/) standard to format events from the supported `stream` providers in JSON. See [below](#example-event-structure) for an example. + +**Current limitations:** + +- Only one event `stream` and one event `processor` can be configured at a time + - It is possible though to run **multiple instances** of the event router +- At-most-once delivery semantics are provided + - See [this FAQ](https://github.com/vmware-samples/vcenter-event-broker-appliance/blob/development/FAQ.md) for a deeper understanding of messaging semantics + + +## Table of Contents +- [Usage and Configuration](#usage-and-configuration) + - [Event Stream Provider and Processor Configuration Options](#event-stream-provider-and-processor-configuration-options) + - [Stream Provider: Configuration Details for VMware vCenter Server](#stream-provider-configuration-details-for-vmware-vcenter-server) + - [Stream Processor: Configuration Details for OpenFaaS](#stream-processor-configuration-details-for-openfaas) + - [Stream Processor: Configuration Details for AWS EventBridge](#stream-processor-configuration-details-for-aws-eventbridge) + - [Metrics Server: Configuration Details](#metrics-server-configuration-details) + - [Deployment](#deployment) +- [Build from Source](#build-from-source) +- [Example Event Structure](#example-event-structure) + +## Usage and Configuration + +The VMware Event Router can be run standalone (statically linked binary) or deployed as a Docker container, e.g. in a Kubernetes environment. See [deployment](#deployment) for further instructions. The configuration of event `stream` providers and `processors` and other internal components (such as metrics) is done via a JSON file passed in via the `"-config"` command line flag. + +``` + _ ____ ___ ______ __ ____ __ +| | / / |/ / ______ _________ / ____/ _____ ____ / /_ / __ \____ __ __/ /____ _____ +| | / / /|_/ / | /| / / __ / ___/ _ \ / __/ | | / / _ \/ __ \/ __/ / /_/ / __ \/ / / / __/ _ \/ ___/ +| |/ / / / /| |/ |/ / /_/ / / / __/ / /___ | |/ / __/ / / / /_ / _, _/ /_/ / /_/ / /_/ __/ / +|___/_/ /_/ |__/|__/\__,_/_/ \___/ /_____/ |___/\___/_/ /_/\__/ /_/ |_|\____/\__,_/\__/\___/_/ + + +Usage of ./vmware-event-router: + + -config string + path to configuration file for metrics, stream source and processor (default "/etc/vmware-event-router/config") + -verbose + print event handling information + +commit: +version: +``` + +The following sections describe the layout of the configuration file (JSON) and specific options for the event `stream` provider, `processor` and `metrics` server. A correct configuration file requires `stream`, `processor` and `metrics` to be defined. Configuration examples are provided [here](deploy/). + +> **Note:** Currently only one event `stream` (i.e. one vCenter Server) and one event `processor` can be configured at a time, e.g. one vCenter Server instance streaming events to OpenFaaS **or** AWS EventBridge. Specifying multiple instances of the same provider will lead to unintended behavior. + +### Event Stream Provider and Processor Configuration Options + +The following table lists allowed fields with their respective value types in the JSON configuration file. Detailed instructions for the specific event `stream` providers, `processors` and `metrics` are described in dedicated sections further below. + +| Field | Value | Description | Example | +|----------|-------------------|------------------------------------------------|---------------------------------------------------------------------------------------------------| +| type | string | event stream, processor or internal | "type": "stream" | +| provider | string | identifier of stream, processor or metrics | "provider": "vmware_vcenter" | +| address | string | URI of the provider (when required) | "address": "https://10.0.0.1:443/sdk" | +| auth | map[string]string | authentication options for the type provider | "auth": { "method":"user_password","secret": {...}} **Note: see provider specific options below** | +| options | map[string]string | provider specific options (see sections below) | "options":{"insecure": "true"} | + +> **Note:** Besides event `stream` providers and `processors` the configuration file is also used for router-internal components, such as metrics (and likely others in the future). The `type: internal` is reserved for these use cases. + +### Stream Provider: Configuration Details for VMware vCenter Server + +The following table lists allowed and optional fields for using VMware vCenter Server as an event `stream` provider. + +| Field | Value | Description | +|----------------------|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------| +| type | "stream" | VMware vCenter is an event **stream** provider. | +| provider | "vmware_vcenter" | Use this exact value to use VMware vCenter Server as a provider. | +| address | "https://10.0.0.1:443/sdk" | URI of the VMware vCenter Server (IP or FQDN incl. "<:PORT>/sdk"). | +| auth.method | "user_password" | Use this exact value. Only username/password are supported to authenticate against VMware vCenter Server. | +| auth.secret.username | "administrator@vsphere.local" | Replace with user/service account to use for connecting to this vCenter event stream. | +| auth.secret.password | "REPLACE_ME" | Replace with password for the given user/service account to use for connecting to this vCenter event stream. | +| options.insecure | "true" | Ignore TLS certificate warnings. **Note:** must use quotes around this value (is of type string). Default: "false". (optional) | + +Example of the configuration section for VMware vCenter Server: + +```json +{ + "type": "stream", + "provider": "vmware_vcenter", + "address": "https://10.0.0.1:443/sdk", + "auth": { + "method": "user_password", + "secret": { + "username": "administrator@vsphere.local", + "password": "REPLACE_ME" + } + }, + "options": { + "insecure": "true" + } +} +``` + +> **Note:** The JSON configuration file is an array of maps, ie. "[{},{}]". The snippet above is trimmed for readability. The examples provided [here](deploy/) are properly formatted. + +### Stream Processor: Configuration Details for OpenFaaS + +OpenFaaS functions can subscribe to the event stream via function `"topic"` annotations in the function stack configuration (see OpenFaaS documentation for details on authoring functions), e.g.: + +```yaml +annotations: + topic: "VmPoweredOnEvent,VmPoweredOffEvent" +``` + +> **Note:** One or more event categories can be specified, delimited via `","`. A list of event names (categories) and how to retrieve them can be found [here](https://github.com/lamw/vcenter-event-mapping/blob/master/vsphere-6.7-update-3.md). A simple "echo" function useful for testing is provided [here](https://github.com/embano1/of-echo/blob/master/echo.yml). + +The following table lists allowed and optional fields for using OpenFaaS as an event stream `processor`. + +| Field | Value | Description | +|----------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------| +| type | "processor" | OpenFaaS is an event stream **processor**. | +| provider | "openfaas" | Use this exact value to use OpenFaaS as a provider. | +| address | "http://gateway.openfaas:8080" | URI of the OpenFaaS gateway (IP or FQDN incl. "<:PORT>"). | +| auth.method | "basic_auth" | Use this exact value. Only `"basic_auth"` is supported to authenticate against OpenFaaS (must use authentication). | +| auth.secret.username | "admin" | Replace with OpenFaaS gateway admin user name (is "admin" unless changed during gateway deployment). | +| auth.secret.password | "REPLACE_ME" | Replace with password for the given admin account to use for connecting to the OpenFaaS gateway. | +| options.async | "true" | Use `"async"` function invocation against the OpenFaaS gateway. **Note:** must use quotes around this value (is of type string). Default: "false". (optional) | + +Example of the configuration section for OpenFaaS: + +```json +{ + "type": "processor", + "provider": "openfaas", + "address": "http://gateway.openfaas:8080", + "auth": { + "method": "basic_auth", + "secret": { + "username": "admin", + "password": "REPLACE_ME" + } + }, + "options": { + "async": "false" + } +} +``` + +> **Note:** The JSON configuration file is an array of maps, ie. "[{},{}]". The snippet above is trimmed for readability. The examples provided [here](deploy/) are properly formatted. + +### Stream Processor: Configuration Details for AWS EventBridge + +Amazon EventBridge is a serverless event bus that makes it easy to connect applications together using data from your own applications, integrated Software-as-a-Service (SaaS) applications, and AWS services. In order to reduce bandwidth and costs (number of events ingested, see [pricing](https://aws.amazon.com/eventbridge/pricing/)), VMware Event Router only forwards events configured in the associated `rule` of an event bus. Rules in AWS EventBridge use pattern matching ([docs](https://docs.aws.amazon.com/eventbridge/latest/userguide/filtering-examples-structure.html)). Upon start, VMware Event Router contacts EventBridge (using the given IAM role) to parse and extract event categories from the configured rule ARN (see configuration option below). + +The VMware Event Router uses the `"subject"` field in the event payload to store the event category, e.g. `"VmPoweredOnEvent"`. Thus it is required that you use a **specific pattern match** (`"detail->subject"`) that the VMware Event Router can parse to retrieve the desired event (forwarding) categories. For example, the following AWS EventBridge event pattern rule matches power on/off events (including DRS-enabled clusters): + +```json +{ + "detail": { + "subject": [ + "VmPoweredOnEvent", + "VmPoweredOffEvent", + "DrsVmPoweredOnEvent" + ] + } +} +``` + +`"subject"` can contain one or more event categories. Wildcards (`"*"`) are not supported. The VMware Event Router periodically synchronizes the its internal pattern map against AWS EventBridge. + +> **Note:** A list of event names (categories) and how to retrieve them can be found [here](https://github.com/lamw/vcenter-event-mapping/blob/master/vsphere-6.7-update-3.md). + +The following table lists allowed and optional fields for using AWS EventBridge as an event stream `processor`. + +| Field | Value | Description | +|-----------------------------------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------| +| type | "processor" | AWS EventBridge is an event stream **processor**. | +| provider | "aws_event_bridge" | Use this exact value to use AWS EventBridge as a provider. | +| auth.method | "access_key" | Use this exact value. Only `"access_key"` is supported to authenticate against AWS EventBridge. | +| auth.secret.aws_access_key_id | "ABCDEFGHIJK" | Access Key ID for the IAM role used. | +| auth.secret.aws_secret_access_key | "ZYXWVUTSRQPO" | Secret Access Key for the IAM role used. | +| options.aws_region | "eu-central-1" | AWS region to use, see region [overview](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) | +| options.aws_eventbridge_event_bus | "default" | Name of the event bus to use. Default: "default" (optional) | +| options.aws_eventbridge_rule_arn | "arn:aws:events:eu-central-1:1234567890:rule/vmware-event-router" | Rule ARN to use for event pattern matching. | + +> **Note:** Currently only IAM user accounts with access key/secret are supported to authenticate against AWS EventBridge. Please follow the [user guide](https://docs.aws.amazon.com/eventbridge/latest/userguide/getting-set-up-eventbridge.html) before deploying the event router. Further information can also be found in the [authentication](https://docs.aws.amazon.com/eventbridge/latest/userguide/auth-and-access-control-eventbridge.html#authentication-eventbridge) section. + +In addition to the recommendation in the AWS EventBridge user guide you might want to lock down the IAM role for the VMware Event Router and scope it to these permissions ("Action"): + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "events:PutEvents", + "events:ListRules", + "events:TestEventPattern" + ], + "Resource": "*" + } + ] +} +``` + +Example of the configuration section for AWS EventBridge: + +```json +{ + "type": "processor", + "provider": "aws_event_bridge", + "auth": { + "method": "access_key", + "secret": { + "aws_access_key_id": "ABCDEFGHIJK", + "aws_secret_access_key": "ZYXWVUTSRQPO" + } + }, + "options": { + "aws_region": "eu-central-1", + "aws_eventbridge_event_bus": "default", + "aws_eventbridge_rule_arn": "arn:aws:events:eu-central-1:1234567890:rule/vmware-event-router" + } +} +``` + +> **Note:** The JSON configuration file is an array of maps, ie. "[{},{}]". The snippet above is trimmed for readability. The examples provided [here](deploy/) are properly formatted. + +### Metrics Server: Configuration Details + +The VMware Event Router exposes metrics (JSON format) on the (currently hardcoded) HTTP endpoint `"http://IP:PORT/stats". The following table lists allowed and optional fields for configuring the metrics server. + +| Field | Value | Description | +|----------------------|----------------|-----------------------------------------------------------------------------------------------------------------| +| type | "internal" | Metrics server is of type `"internal"` | +| provider | "metrics" | Use this exact value to configure the metrics server. | +| address | "0.0.0.0:8080" | Bind address for the http server to listen on. | +| auth.method | "basic_auth" | `"basic_auth"` or `"none"` (disabled) is supported to configure authentication of the metrics server endpoint. | +| auth.secret.username | "admin" | Only required when `"basic_auth"` is configured. | +| auth.secret.password | "REPLACE_ME" | Only required when `"basic_auth"` is configured. | + +Example of the configuration section for the metrics server: + +```json +{ + "type": "metrics", + "provider": "internal", + "address": "0.0.0.0:8080", + "auth": { + "method": "none" + } +} +``` + +### Deployment +VMware Event Router can be deployed and run as standalone binary (see [below](#build-from-source)). However, it is designed to be run in a Kubernetes cluster for increased availability and ease of scaling out. The following steps describe the deployment of the VMware Event Router in **a Kubernetes cluster** for an existing OpenFaaS ("faas-netes") environment, respectively AWS EventBridge. + +> **Note:** Docker images are available [here](https://hub.docker.com/r/vmware/veba-event-router). + +Create a namespace where the VMware Event Router will be deployed to: + +```bash +kubectl create namespace vmware +``` + +Use one of the configuration files provided [here](deploy/) to configure the router for **one** VMware vCenter Server event `stream` and **one** OpenFaaS **or** AWS EventBridge event stream `processor`. Change the values to match your environment. The following example will use the OpenFaaS config sample. + +> **Note:** Make sure your environment is up and running, i.e. Kubernetes and OpenFaaS (incl. a function for testing) up and running or AWS EventBridge correctly configured (IAM Role, event bus and pattern rule). + +After you made your changes to the configuration file, save it as `"event-router-config.json` in your current Git working directory. + +> **Note:** If you have changed the port of the metrics server in the configuration file (default: 8080) make sure to also change that value in the YAML manifest (under the Kubernetes service entry). + +Now, from your current Git working directory create a Kubernetes [secret](https://kubernetes.io/docs/concepts/configuration/secret/) from the configuration file: + +```bash +kubectl -n vmware create secret generic event-router-config --from-file=event-router-config.json +``` + +> **Note:** You might want to delete the (local) configuration file to not leave behind sensitive information on your local machine. + +Now we can deploy the VMware Event Router: + +```bash +kubectl -n vmware create -f deploy/event-router-k8s.yaml +``` + +Check the logs of the VMware Event Router to validate it started correctly: + +```bash +kubectl -n vmware logs deploy/vmware-event-router -f +``` + +If you run into issues, the logs should give you a hint, e.g.: + +- configuration file not found -> file naming issue +- connection to vCenter/OpenFaaS cannot be established -> check values in the configuration file +- deployment/pod will not even come up -> check for resource issues, docker pull issues and other potential causes using the standard kubectl troubleshooting ways + +To delete the deployment and secret simply delete the namespace we created earlier: + +```bash +kubectl delete namespace vmware +``` + +## Build from Source + +Requirements: This project uses [Golang](https://golang.org/dl/) and Go [modules](https://blog.golang.org/using-go-modules). For convenience a Makefile and Dockerfile are provided requiring `make` and [Docker](https://www.docker.com/) to be installed as well. + +```bash +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/vmware-event-router + +# for Go versions before v1.13 +export GO111MODULE=on + +# defaults to build with Docker (use make binary for local executable instead) +make +``` + +## Example Event Structure + +The following example for a `VmPoweredOnEvent` shows the event structure and payload: + +```json +{ + "id": "08179137-b8e0-4973-b05f-8f212bf5003b", + "source": "https://10.0.0.1:443/sdk", + "specversion": "1.0", + "type": "com.vmware.event.router/event", + "subject": "VmPoweredOffEvent", + "time": "2020-02-11T21:29:54.9052539Z", + "data": { + "Key": 9902, + "ChainId": 9895, + "CreatedTime": "2020-02-11T21:28:23.677595Z", + "UserName": "VSPHERE.LOCAL\\Administrator", + "Datacenter": { + "Name": "testDC", + "Datacenter": { + "Type": "Datacenter", + "Value": "datacenter-2" + } + }, + "ComputeResource": { + "Name": "cls", + "ComputeResource": { + "Type": "ClusterComputeResource", + "Value": "domain-c7" + } + }, + "Host": { + "Name": "10.185.22.74", + "Host": { + "Type": "HostSystem", + "Value": "host-21" + } + }, + "Vm": { + "Name": "test-01", + "Vm": { + "Type": "VirtualMachine", + "Value": "vm-56" + } + }, + "Ds": null, + "Net": null, + "Dvs": null, + "FullFormattedMessage": "test-01 on 10.0.0.1 in testDC is powered off", + "ChangeTag": "", + "Template": false + }, + "datacontenttype": "application/json" +} +``` + +> **Note:** If you use the AWS EventBridge stream `processor` the event is wrapped and accessible under `""detail": {}"` as a JSON-formatted string. \ No newline at end of file diff --git a/vmware-event-router/cmd/main.go b/vmware-event-router/cmd/main.go new file mode 100644 index 00000000..26388a62 --- /dev/null +++ b/vmware-event-router/cmd/main.go @@ -0,0 +1,161 @@ +package main + +import ( + "context" + "flag" + "fmt" + "log" + "os" + "os/signal" + "syscall" + "time" + + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/processor" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/stream" + "golang.org/x/sync/errgroup" +) + +var ( + commit = "UNKNOWN" + version = "UNKNOWN" +) + +var banner = ` + _ ____ ___ ______ __ ____ __ +| | / / |/ / ______ _________ / ____/ _____ ____ / /_ / __ \____ __ __/ /____ _____ +| | / / /|_/ / | /| / / __ / ___/ _ \ / __/ | | / / _ \/ __ \/ __/ / /_/ / __ \/ / / / __/ _ \/ ___/ +| |/ / / / /| |/ |/ / /_/ / / / __/ / /___ | |/ / __/ / / / /_ / _, _/ /_/ / /_/ / /_/ __/ / +|___/_/ /_/ |__/|__/\__,_/_/ \___/ /_____/ |___/\___/_/ /_/\__/ /_/ |_|\____/\__,_/\__/\___/_/ + +` + +func main() { + fmt.Println(banner) + var logger = log.New(os.Stdout, "[VMware Event Router] ", log.LstdFlags) + + var configPath string + var verbose bool + var err error + + flag.StringVar(&configPath, "config", "/etc/vmware-event-router/config", "path to configuration file for metrics, stream source and processor") + flag.BoolVar(&verbose, "verbose", false, "print event handling information") + flag.Usage = func() { + fmt.Printf("Usage of %s:\n\n", os.Args[0]) + flag.PrintDefaults() + fmt.Printf("\ncommit: %s\n", commit) + fmt.Printf("version: %s\n", version) + } + flag.Parse() + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + f, err := os.Open(configPath) + if err != nil { + logger.Fatalf("could not open configuration file: %v", err) + } + cfgs, err := connection.Parse(f) + if err != nil { + logger.Fatalf("could not parse configuration file: %v", err) + } + + var ( + streamer stream.Streamer + proc processor.Processor + metricsServer *metrics.Server // will be set if valid configuration provided + bindAddr string + ) + + // TODO: support multiple streams/processors. Current behavior: if multiple + // definitions of the same type are given, last wins. + for _, cfg := range cfgs { + switch cfg.Type { + case "stream": + switch cfg.Provider { + case stream.ProviderVSphere: + logger.Printf("connecting to vCenter %s", cfg.Address) + streamer, err = stream.NewVCenterStream(ctx, cfg, metricsServer) + if err != nil { + logger.Fatalf("could not connect to vCenter: %v", err) + } + + default: + logger.Fatalf("unsupported stream provider: %s", cfg.Provider) + } + + case "processor": + switch cfg.Provider { + case processor.ProviderOpenFaaS: + var async bool + if cfg.Options["async"] == "true" { + async = true + } + logger.Printf("connecting to OpenFaaS gateway %s (async mode: %v)", cfg.Address, async) + proc, err = processor.NewOpenFaaSProcessor(ctx, cfg, streamer.Source(), verbose, metricsServer) + if err != nil { + logger.Fatalf("could not connect to OpenFaaS: %v", err) + } + case processor.ProviderAWS: + logger.Printf("connecting to AWS EventBridge (arn: %s)", cfg.Options["aws_eventbridge_rule_arn"]) + proc, err = processor.NewAWSEventBridgeProcessor(ctx, cfg, streamer.Source(), verbose, metricsServer) + if err != nil { + logger.Fatalf("could not connect to AWS EventBridge: %v", err) + } + default: + logger.Fatalf("unsupported processor provider: %s", cfg.Provider) + } + + case "metrics": + metricsServer, err = metrics.NewServer(cfg) + bindAddr = cfg.Address + if err != nil { + logger.Fatalf("could not initialize metrics server: %v", err) + } + logger.Printf("exposing metrics server on %s (auth: %s)", cfg.Address, cfg.Auth.Method) + + default: + logger.Fatalf("invalid type specified: %s", cfg.Type) + } + } + + // validate if the configuration provided is complete + switch { + case streamer == nil: + logger.Fatal("no configuration for event stream provider found") + case proc == nil: + logger.Fatal("no configuration for event processor found") + case metricsServer == nil: + logger.Fatal("no configuration for metrics server found") + } + + // handle OS signals gracefully + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, syscall.SIGTERM, os.Interrupt) + go func() { + sig := <-sigCh + logger.Printf("got signal: %v, cleaning up...", sig) + cancel() + // give goroutines some grace time to clean up + time.Sleep(3 * time.Second) + }() + + eg := errgroup.Group{} + eg.Go(func() error { + return metricsServer.Run(ctx, bindAddr) + }) + + eg.Go(func() error { + defer streamer.Shutdown(ctx) + return streamer.Stream(ctx, proc) + }) + + // blocks + err = eg.Wait() + if err != nil { + logger.Fatal(err) + } + + logger.Println("shutdown successful") +} diff --git a/vmware-event-router/deploy/event-router-config-aws.json b/vmware-event-router/deploy/event-router-config-aws.json new file mode 100644 index 00000000..b01c23b9 --- /dev/null +++ b/vmware-event-router/deploy/event-router-config-aws.json @@ -0,0 +1,40 @@ +[{ + "type": "stream", + "provider": "vmware_vcenter", + "address": "https://10.0.0.1:443/sdk", + "auth": { + "method": "user_password", + "secret": { + "username": "administrator@vsphere.local", + "password": "REPLACE_ME" + } + }, + "options": { + "insecure": "true" + } + }, + { + "type": "processor", + "provider": "aws_event_bridge", + "auth": { + "method": "access_key", + "secret": { + "aws_access_key_id": "ABCDEFGHIJK", + "aws_secret_access_key": "ZYXWVUTSRQPO" + } + }, + "options": { + "aws_region": "eu-central-1", + "aws_eventbridge_event_bus": "default", + "aws_eventbridge_rule_arn": "arn:aws:events:eu-central-1:1234567890:rule/vmware-event-router" + } + }, + { + "type": "metrics", + "provider": "internal", + "address": "0.0.0.0:8080", + "auth": { + "method": "none" + } + } +] \ No newline at end of file diff --git a/vmware-event-router/deploy/event-router-config-openfaas.json b/vmware-event-router/deploy/event-router-config-openfaas.json new file mode 100644 index 00000000..0f8fbd7c --- /dev/null +++ b/vmware-event-router/deploy/event-router-config-openfaas.json @@ -0,0 +1,39 @@ +[{ + "type": "stream", + "provider": "vmware_vcenter", + "address": "https://10.0.0.1:443/sdk", + "auth": { + "method": "user_password", + "secret": { + "username": "administrator@vsphere.local", + "password": "REPLACE_ME" + } + }, + "options": { + "insecure": "true" + } + }, + { + "type": "processor", + "provider": "openfaas", + "address": "http://gateway.openfaas:8080", + "auth": { + "method": "basic_auth", + "secret": { + "username": "admin", + "password": "REPLACE_ME" + } + }, + "options": { + "async": "false" + } + }, + { + "type": "metrics", + "provider": "internal", + "address": "0.0.0.0:8080", + "auth": { + "method": "none" + } + } +] \ No newline at end of file diff --git a/vmware-event-router/deploy/event-router-k8s.yaml b/vmware-event-router/deploy/event-router-k8s.yaml new file mode 100644 index 00000000..bb02d1b2 --- /dev/null +++ b/vmware-event-router/deploy/event-router-k8s.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: vmware-event-router + name: vmware-event-router +spec: + replicas: 1 + selector: + matchLabels: + app: vmware-event-router + template: + metadata: + labels: + app: vmware-event-router + spec: + containers: + - image: vmware/veba-event-router:latest + args: ["-config", "/etc/vmware-event-router/event-router-config.json", "-verbose"] + name: vmware-event-router + resources: + requests: + cpu: 200m + memory: 200Mi + volumeMounts: + - name: config + mountPath: /etc/vmware-event-router/ + readOnly: true + volumes: + - name: config + secret: + secretName: event-router-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: vmware-event-router + name: vmware-event-router +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: vmware-event-router + sessionAffinity: None diff --git a/vmware-event-router/go.mod b/vmware-event-router/go.mod new file mode 100644 index 00000000..33bf7a87 --- /dev/null +++ b/vmware-event-router/go.mod @@ -0,0 +1,16 @@ +module github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router + +go 1.12 + +require ( + github.com/aws/aws-sdk-go v1.27.3 + github.com/cloudevents/sdk-go v0.10.2 + github.com/google/uuid v1.1.1 + github.com/openfaas-incubator/connector-sdk v0.0.0-20191214130609-df5d76475412 + github.com/openfaas/faas-provider v0.0.0-20200101101649-8f7c35975e1b + github.com/pkg/errors v0.8.1 + github.com/stretchr/testify v1.4.0 // indirect + github.com/vmware/govmomi v0.21.0 + golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 // indirect + golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e +) diff --git a/vmware-event-router/go.sum b/vmware-event-router/go.sum new file mode 100644 index 00000000..7edc0846 --- /dev/null +++ b/vmware-event-router/go.sum @@ -0,0 +1,233 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.40.0/go.mod h1:Tk58MuI9rbLMKlAjeO/bDnteAx7tX2gJIXw4T5Jwlro= +contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA= +contrib.go.opencensus.io/exporter/prometheus v0.1.0/go.mod h1:cGFniUXGZlKRjzOyuZJ6mgB+PgBcCIa79kEKR8YCW+A= +github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/go-autorest/autorest v0.2.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg= +github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= +github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= +github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= +github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc= +github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= +github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= +github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/aws/aws-sdk-go v1.27.3 h1:CBWC7Yot0U6OU/uosUmq7tKJVBTq6HrhgW1Vjpt9SMw= +github.com/aws/aws-sdk-go v1.27.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudevents/sdk-go v0.10.2 h1:CAqHqDHmBkCG4OUeUBt7q2Ql8KV25U+bgPUtlcJelZ4= +github.com/cloudevents/sdk-go v0.10.2/go.mod h1:EHG6NmU3XkIeuueER6+vbnhYfWlgVlfUQVzPC+UK7ao= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-xdr v0.0.0-20161123171359-e6a2ba005892/go.mod h1:CTDl0pzVzE5DEzZhPfvhY/9sPFMQIxaJ9VAMs9AagrE= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= +github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI= +github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/uuid v0.0.0-20170306145142-6a5e28554805 h1:skl44gU1qEIcRpwKjb9bhlRwjvr96wLdvpTogCBBJe8= +github.com/google/uuid v0.0.0-20170306145142-6a5e28554805/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= +github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= +github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= +github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= +github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/openfaas-incubator/connector-sdk v0.0.0-20191214130609-df5d76475412 h1:9xbx42wa4TtNE7QuWhhQnbpCBclrI4fC6O9Q0oty/9I= +github.com/openfaas-incubator/connector-sdk v0.0.0-20191214130609-df5d76475412/go.mod h1:jHCtd1HCZwhuwdPy4OB8CQU7ZqzxBdWNhIhH/khCJqQ= +github.com/openfaas/faas-provider v0.0.0-20200101101649-8f7c35975e1b h1:3zAdXYHiFYX0rP6dEQyj0Ua3X51X06cRSu1GENTEQ/k= +github.com/openfaas/faas-provider v0.0.0-20200101101649-8f7c35975e1b/go.mod h1:W4OIp33RUOpR7wW+omJB/7GhIydRmYXvKf/VqUKI4yM= +github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= +github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/vmware/govmomi v0.21.0 h1:jc8uMuxpcV2xMAA/cnEDlnsIjvqcMra5Y8onh/U3VuY= +github.com/vmware/govmomi v0.21.0/go.mod h1:zbnFoBQ9GIjs2RVETy8CNEpb+L+Lwkjs3XZUL0B3/m0= +github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk= +go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c h1:uOCk1iQW6Vc18bnC13MfzScl+wdKBmM9Y9kU7Z83/lw= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= +google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +pack.ag/amqp v0.11.0/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/vmware-event-router/internal/connection/connection.go b/vmware-event-router/internal/connection/connection.go new file mode 100644 index 00000000..9c24dbd1 --- /dev/null +++ b/vmware-event-router/internal/connection/connection.go @@ -0,0 +1,30 @@ +package connection + +import ( + "encoding/json" + "io" +) + +type Configs []Config + +type Config struct { + Type string `json:"type,omitempty"` // "stream", "processor" + Provider string `json:"provider,omitempty"` // "vmware_vcenter", "openfaas", "aws_event_bridge" + Address string `json:"address,omitempty"` + Auth Authentication `json:"auth,omitempty"` + Options map[string]string `json:"options,omitempty"` +} + +type Authentication struct { + Method string `json:"method"` + Secret map[string]string `json:"secret"` +} + +func Parse(cfg io.Reader) (Configs, error) { + var cfgs Configs + err := json.NewDecoder(cfg).Decode(&cfgs) + if err != nil { + return nil, err + } + return cfgs, nil +} diff --git a/vmware-event-router/internal/events/events.go b/vmware-event-router/internal/events/events.go new file mode 100644 index 00000000..d30af1e0 --- /dev/null +++ b/vmware-event-router/internal/events/events.go @@ -0,0 +1,83 @@ +package events + +import ( + "reflect" + "time" + + "github.com/google/uuid" + "github.com/vmware/govmomi/vim25/types" +) + +const ( + eventCanonicalType = "com.vmware.event.router" + eventSpecVersion = "1.0" // CloudEvents spec version used + eventContentType = "application/json" +) + +// CloudEvent is the JSON object sent to subscribed functions. We follow +// CloudEvents v1.0 spec as defined in +// https://github.com/cloudevents/sdk-go/blob/6c55828dbb6915e1594e5ace8bd8a19980731867/pkg/cloudevents/eventcontext_v1.go#L22 +type CloudEvent struct { + // ID of the event; must be non-empty and unique within the scope of the producer. + ID string `json:"id"` + // Source - URI of the event producer, e.g. http(s)://vcenter.domain.ext/sdk. + Source string `json:"source"` + // SpecVersion - The version of the CloudEvents specification the event router. + SpecVersion string `json:"specversion"` + // Type - canonicalType + vcenter event category (event, eventex, extendedevent). + Type string `json:"type"` + // Subject - vcenter event name used for topic subscriptions + Subject string `json:"subject"` + // Time - Timestamp set by this event router when this message was created. + Time time.Time `json:"time"` + // Data - Event payload as received from vcenter (includes event creation timestamp set by vcenter). + Data types.BaseEvent `json:"data"` + // DataContentType - A MIME (RFC2046) string describing the media type of `data`. + DataContentType string `json:"datacontenttype"` +} + +// VCenterEventInfo contains the name and category of an event received from vCenter +// supported event categories: event, eventex, extendedevent +// category to name convention: +// event: retrieved from event class, e.g. VmPoweredOnEvent +// eventex: retrieved from EventTypeId +// extendedevent: retrieved from EventTypeId +type VCenterEventInfo struct { + Category string + Name string +} + +// GetDetails retrieves the underlying vSphere event category and name for +// the given BaseEvent, e.g. VmPoweredOnEvent (event) or +// com.vmware.applmgmt.backup.job.failed.event (extendedevent) +func GetDetails(event types.BaseEvent) VCenterEventInfo { + eventInfo := VCenterEventInfo{} + + switch e := event.(type) { + case *types.EventEx: + eventInfo.Category = "eventex" + eventInfo.Name = e.EventTypeId + case *types.ExtendedEvent: + eventInfo.Category = "extendedevent" + eventInfo.Name = e.EventTypeId + default: + eType := reflect.TypeOf(event).Elem().Name() + eventInfo.Category = "event" + eventInfo.Name = eType + } + return eventInfo +} + +// NewCloudEvent returns a compliant CloudEvent +func NewCloudEvent(event types.BaseEvent, eventInfo VCenterEventInfo, source string) CloudEvent { + return CloudEvent{ + ID: uuid.New().String(), + Source: source, + SpecVersion: eventSpecVersion, + Type: eventCanonicalType + "/" + eventInfo.Category, + Subject: eventInfo.Name, + Time: time.Now().UTC(), + Data: event, + DataContentType: eventContentType, + } +} diff --git a/vmware-event-router/internal/events/events_test.go b/vmware-event-router/internal/events/events_test.go new file mode 100644 index 00000000..92a04af1 --- /dev/null +++ b/vmware-event-router/internal/events/events_test.go @@ -0,0 +1,109 @@ +package events + +import ( + "encoding/json" + "testing" + + cloudevents "github.com/cloudevents/sdk-go" + "github.com/vmware/govmomi/vim25/types" +) + +func Test_GetEventDetails(t *testing.T) { + type args struct { + event types.BaseEvent + } + tests := []struct { + name string + args args + want VCenterEventInfo + }{ + { + name: "Event: VmPoweredOnEvent", + args: args{newVMPoweredOnEvent()}, + want: VCenterEventInfo{Category: "event", Name: "VmPoweredOnEvent"}, + }, + { + name: "EventEx: com.vmware.cl.PublishLibraryEvent", + args: args{newEventExEvent()}, + want: VCenterEventInfo{Category: "eventex", Name: "com.vmware.cl.PublishLibraryEvent"}, + }, + { + name: "ExtendedEvent: com.vmware.applmgmt.backup.job.failed.event", + args: args{newExtendedEvent()}, + want: VCenterEventInfo{Category: "extendedevent", Name: "com.vmware.applmgmt.backup.job.failed.event"}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := GetDetails(tt.args.event); got != tt.want { + t.Errorf("getEventDetails() = %v, want %v", got, tt.want) + } + }) + } +} + +func Test_ConvertToCloudEventV1(t *testing.T) { + vmEvent := newVMPoweredOnEvent() + eInfo := GetDetails(vmEvent) + e := NewCloudEvent(vmEvent, eInfo, getSource()) + b, err := json.Marshal(e) + if err != nil { + t.Fatalf("could not marshal cloud event: %v", err) + } + + ce := cloudevents.NewEvent(cloudevents.VersionV1) + err = ce.UnmarshalJSON(b) + if err != nil { + t.Fatalf("could not unmarshal outbound cloud event into cloud events v1 spec: %v", err) + } + + if e.ID != ce.ID() { + t.Fatalf("ID of outbound cloud event and cloud event v1 does not match: %q vs %q", e.ID, ce.ID()) + } + + if e.Source != ce.Source() { + t.Fatalf("Source of outbound cloud event and cloud event v1 does not match: %q vs %q", e.Source, ce.Source()) + } + + if e.SpecVersion != ce.SpecVersion() { + t.Fatalf("SpecVersions of outbound cloud event and cloud event v1 does not match: %q vs %q", e.SpecVersion, ce.SpecVersion()) + } + + if e.Subject != ce.Subject() { + t.Fatalf("Subject of outbound cloud event and cloud event v1 don't match: %q vs %q", e.Subject, ce.Subject()) + } +} + +func newVMPoweredOnEvent() types.BaseEvent { + return &types.VmPoweredOnEvent{ + VmEvent: types.VmEvent{ + Event: types.Event{ + Vm: &types.VmEventArgument{ + EntityEventArgument: types.EntityEventArgument{ + Name: "Linux-1234", + }, + Vm: types.ManagedObjectReference{ + Type: "VirtualMachine", + Value: "vm-1234", + }, + }, + }, + }, + } +} + +func newExtendedEvent() types.BaseEvent { + return &types.ExtendedEvent{ + EventTypeId: "com.vmware.applmgmt.backup.job.failed.event", + } +} + +func newEventExEvent() types.BaseEvent { + return &types.EventEx{ + EventTypeId: "com.vmware.cl.PublishLibraryEvent", + } +} + +func getSource() string { + return "https://vcenter.corp.local/sdk" +} diff --git a/vmware-event-router/internal/metrics/metrics.go b/vmware-event-router/internal/metrics/metrics.go new file mode 100644 index 00000000..07d23358 --- /dev/null +++ b/vmware-event-router/internal/metrics/metrics.go @@ -0,0 +1,72 @@ +package metrics + +import ( + "encoding/json" + "io/ioutil" + "strconv" + "strings" + "time" +) + +const ( + // expvar map name for exposing the event router stats + mapName = "vmware.event.router.stats" + // PushInterval defines the default interval event streams and processors + // push their metrics to the server + PushInterval = time.Second * 5 +) + +// EventStats are provided and continously updated by event streams and +// processors +type EventStats struct { + Provider string `json:"-"` // ignored in JSON because provider is implicit via mapName[Provider] + ProviderType string `json:"provider_type"` // stream or processor + Name string `json:"name"` + Started time.Time `json:"started"` + EventsTotal *int `json:"events_total,omitempty"` // only used by event streams + EventsSec *float64 `json:"events_per_sec,omitempty"` // only used by event streams + Invocations map[string]int `json:"invocations,omitempty"` // event.Category to invocations - only used by event processors +} + +func (s *EventStats) String() string { + b, err := json.Marshal(s) + if err != nil { + // will be printed to http stats endpoint + return err.Error() + } + return string(b) +} + +// load captures the 1/5/15 load interval of a GNU/Linux system +type load struct { + Load1 float64 + Load5 float64 + Load15 float64 +} + +// function that will be called by expvar to export the information from the +// structure every time the endpoint is reached +func allLoadAvg() interface{} { + return load{ + Load1: loadAvg(0), + Load5: loadAvg(1), + Load15: loadAvg(2), + } +} + +// helper function to retrieve the load average in GNU/Linux systems +func loadAvg(position int) float64 { + // intentionally ignoring errors to make this work under non GNU/Linux + // systems (testing) + data, err := ioutil.ReadFile("/proc/loadavg") + if err != nil { + // + return 0 + } + values := strings.Fields(string(data)) + load, err := strconv.ParseFloat(values[position], 64) + if err != nil { + return 0 + } + return load +} diff --git a/vmware-event-router/internal/metrics/server.go b/vmware-event-router/internal/metrics/server.go new file mode 100644 index 00000000..4294f9f7 --- /dev/null +++ b/vmware-event-router/internal/metrics/server.go @@ -0,0 +1,147 @@ +package metrics + +import ( + "context" + "expvar" + "fmt" + "log" + "net/http" + "os" + "time" + + "github.com/pkg/errors" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" +) + +const ( + // DefaultListenAddress is the default address the http metrics server will listen + // for requests + DefaultListenAddress = "0.0.0.0:8080" + httpTimeout = time.Second * 5 + endpoint = "/stats" +) + +var ( + eventRouterStats = expvar.NewMap(mapName) +) + +// Server is the implementation of the metrics server +type Server struct { + http *http.Server + *log.Logger +} + +// NewServer returns an initialized metrics server binding to addr +func NewServer(cfg connection.Config) (*Server, error) { + var username, password string + var basicAuth bool + + addr := cfg.Address + switch cfg.Auth.Method { + case "basic_auth": + basicAuth = true + username = cfg.Auth.Secret["username"] + password = cfg.Auth.Secret["password"] + case "none": + break + default: + return nil, errors.Errorf("unsupported authentication method for metrics server: %q", cfg.Auth.Method) + } + + logger := log.New(os.Stdout, "[Metrics Server] ", log.LstdFlags) + mux := http.NewServeMux() + switch basicAuth { + case true: + mux.Handle(endpoint, withBasicAuth(expvar.Handler(), username, password)) + default: + mux.Handle(endpoint, expvar.Handler()) + } + + srv := &Server{ + http: &http.Server{ + Addr: addr, + Handler: mux, + ReadTimeout: httpTimeout, + WriteTimeout: httpTimeout, + }, + Logger: logger, + } + return srv, nil +} + +// Run starts the metrics server until the context is cancelled or an error +// occurs. It will collect metrics for the given event streams and processors. +func (s *Server) Run(ctx context.Context, bindAddr string) error { + errCh := make(chan error, 1) + go func() { + addr := fmt.Sprintf("http://%s%s", bindAddr, endpoint) + s.Printf("starting metrics server and listening on %q", addr) + err := s.http.ListenAndServe() + if err != nil && err != http.ErrServerClosed { + errCh <- err + } + }() + + // continuously update the http stats endpoint + go func() { + s.publish(ctx) + }() + + select { + case <-ctx.Done(): + err := s.http.Shutdown(ctx) + if err != nil && err != http.ErrServerClosed { + return errors.Wrap(err, "could not shutdown metrics server gracefully") + } + case err := <-errCh: + return errors.Wrap(err, "could not run metrics server") + } + return nil +} + +// withBasicAuth enforces basic auth as a middleware for the given username and +// password +func withBasicAuth(next http.Handler, u string, p string) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + user, password, ok := r.BasicAuth() + w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) + + if !ok || !(p == password && u == user) { + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte("invalid credentials")) + return + } + + next.ServeHTTP(w, r) + } +} + +func (s *Server) publish(ctx context.Context) { + var ( + numberOfSecondsRunning = expvar.NewInt("system.numberOfSeconds") // uptime in sec + programName = expvar.NewString("system.programName") + lastLoad = expvar.NewFloat("system.lastLoad") + ) + + expvar.Publish("system.allLoad", expvar.Func(allLoadAvg)) + programName.Set(os.Args[0]) + + for { + select { + case <-ctx.Done(): + return + case <-time.Tick(time.Second): + numberOfSecondsRunning.Add(1) + lastLoad.Set(loadAvg(0)) + // eventRouterStats.Set("EventStats", &stats) + } + } +} + +// Receive receives metrics from event streams and processors and exposes them +// under the predifined map. The sender is responsible for picking a unique +// Provider name. +func (s *Server) Receive(stats EventStats) { + eventRouterStats.Set(stats.Provider, &stats) +} diff --git a/vmware-event-router/internal/processor/aws_event_bridge.go b/vmware-event-router/internal/processor/aws_event_bridge.go new file mode 100644 index 00000000..16f0fa5b --- /dev/null +++ b/vmware-event-router/internal/processor/aws_event_bridge.go @@ -0,0 +1,332 @@ +package processor + +import ( + "context" + "encoding/json" + "log" + "os" + "sync" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/eventbridge" + "github.com/pkg/errors" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/events" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" + "github.com/vmware/govmomi/vim25/types" +) + +const ( + // ProviderAWS is the name used to identify this provider in the + // VMware Event Router configuration file + ProviderAWS = "aws_event_bridge" + authMethodAWS = "access_key" // only this method is supported by the processor + resyncInterval = time.Minute * 5 // resync rule patterns after interval + pageLimit = 50 // max 50 results per page for list operations +) + +// awsEventBridgeProcessor implements the Processor interface +type awsEventBridgeProcessor struct { + session session.Session + eventbridge.EventBridge + source string + verbose bool + *log.Logger + + mu sync.RWMutex + patternMap map[string]string // rules pattern to event bus mapping + stats metrics.EventStats +} + +type eventPattern struct { + Detail struct { + Subject []string `json:"subject,omitempty"` + } `json:"detail,omitempty"` +} + +// NewAWSEventBridgeProcessor returns an AWS EventBridge processor for the given +// stream source. +func NewAWSEventBridgeProcessor(ctx context.Context, cfg connection.Config, source string, verbose bool, ms *metrics.Server) (Processor, error) { + logger := log.New(os.Stdout, "[AWS EventBridge] ", log.LstdFlags) + eventBridge := awsEventBridgeProcessor{ + source: source, + verbose: verbose, + Logger: logger, + patternMap: make(map[string]string), + } + + var accessKey, secretKey, region, eventbus, ruleARN string + switch cfg.Auth.Method { + case authMethodAWS: + accessKey = cfg.Auth.Secret["aws_access_key_id"] + secretKey = cfg.Auth.Secret["aws_secret_access_key"] + default: + return nil, errors.Errorf("unsupported authentication method for processor aws_event_bridge: %s", cfg.Auth.Method) + } + + if cfg.Options["aws_region"] == "" { + return nil, errors.Errorf("config option %q must be specified", "aws_region") + } + region = cfg.Options["aws_region"] + + if cfg.Options["aws_eventbridge_rule_arn"] == "" { + return nil, errors.Errorf("config option %q for this processor must be specified", "aws_eventbridge_rule_arn") + } + ruleARN = cfg.Options["aws_eventbridge_rule_arn"] + + if cfg.Options["aws_eventbridge_event_bus"] == "" { + eventBridge.Printf("config option %q not specified, assuming %q eventbus", "aws_eventbridge_event_bus", "default") + cfg.Options["aws_eventbridge_event_bus"] = "default" + } + eventbus = cfg.Options["aws_eventbridge_event_bus"] + + awsSession, err := session.NewSession(&aws.Config{ + Region: aws.String(region), + Credentials: credentials.NewStaticCredentials( + accessKey, + secretKey, + "", // a token will be created when the session is used. + ), + }) + if err != nil { + return nil, errors.Wrap(err, "could not create AWS session") + } + eventBridge.session = *awsSession + ebSession := eventbridge.New(awsSession) + if ebSession == nil { + return nil, errors.Errorf("could not create AWS event bridge session") + } + eventBridge.EventBridge = *ebSession + + var found bool + var nextToken *string + for !found { + rules, err := eventBridge.ListRulesWithContext(ctx, &eventbridge.ListRulesInput{ + EventBusName: aws.String(eventbus), // explicitely passing eventbus name because list assumes "default" otherwise + Limit: aws.Int64(pageLimit), // up to n results per page for requests. + NextToken: nextToken, + }) + if err != nil { + return nil, errors.Wrap(err, "could not list event bridge rules") + } + + for _, rule := range rules.Rules { + switch { + case *rule.Arn == ruleARN: + if rule.EventPattern == nil { + return nil, errors.Errorf("rule event pattern must not be empty") + } + + var e eventPattern + err := json.Unmarshal([]byte(*rule.EventPattern), &e) + if err != nil { + return nil, errors.Wrap(err, "could not parse rule event pattern") + } + + if len(e.Detail.Subject) == 0 { // might be a valid scenario, emit warning + eventBridge.Println("warning: rule event pattern does not contain any subjects") + } + for _, s := range e.Detail.Subject { + eventBridge.Printf("adding rule event forwarding pattern %q to processor", s) + eventBridge.patternMap[s] = *rule.EventBusName + } + found = true + break + + default: + continue + } + } + + switch { + case found == true: // return early + break + case rules.NextToken != nil: // try next batch of rules, if any + nextToken = rules.NextToken + continue + default: // nothing found + return nil, errors.Errorf("rule %s not found for configured AWS event bridge account", ruleARN) + } + } + + // prepopulate the metrics stats + eventBridge.stats = metrics.EventStats{ + Provider: ProviderAWS, + ProviderType: cfg.Type, + Name: ruleARN, // Using Rule ARN to uniquely identify and represent this processor + Started: time.Now().UTC(), + Invocations: make(map[string]int), + } + + go eventBridge.PushMetrics(ctx, ms) + go eventBridge.syncPatternMap(ctx, eventbus, ruleARN) // periodically sync rules + return &eventBridge, nil +} + +// Process implements the stream processor interface TODO: handle +// throttling/batching +// https://docs.aws.amazon.com/eventbridge/latest/userguide/cloudwatch-limits-eventbridge.html#putevents-limits +func (awsEventBridge *awsEventBridgeProcessor) Process(moref types.ManagedObjectReference, baseEvent []types.BaseEvent) error { + + input, err := awsEventBridge.createPutEventsInput(baseEvent) + if err != nil { + awsEventBridge.Printf("could not create PutEventsInput for event(s): %v", err) + return nil + } + + // nothing to send + if len(input.Entries) == 0 { + return nil + } + + // TODO: investigate limits on number/size of entries in a single put + resp, err := awsEventBridge.PutEvents(&input) + if err != nil { + awsEventBridge.Printf("could not send event(s): %v", err) + return nil + } + if awsEventBridge.verbose { + awsEventBridge.Printf("successfully sent event(s) from source %s: %+v", awsEventBridge.source, resp) + } + return nil +} + +func (awsEventBridge *awsEventBridgeProcessor) createPutEventsInput(baseEvent []types.BaseEvent) (eventbridge.PutEventsInput, error) { + // TODO: Array Members: Minimum number of 1 item. Maximum number of 10 items. for []*eventbridge.PutEventsRequestEntry{} + // https://github.com/pacedotdev/batch + awsEventBridge.mu.Lock() + defer awsEventBridge.mu.Unlock() + + input := eventbridge.PutEventsInput{ + Entries: []*eventbridge.PutEventsRequestEntry{}, + } + + for idx := range baseEvent { + // process slice in reverse order to maintain Event.Key ordering + event := baseEvent[len(baseEvent)-1-idx] + + if awsEventBridge.verbose { + awsEventBridge.Printf("processing event [%d] of type %T from source %s: %+v", idx, event, awsEventBridge.source, event) + } + eventInfo := events.GetDetails(event) + if _, ok := awsEventBridge.patternMap[eventInfo.Name]; !ok { + // no event bridge rule pattern (subscription) for event, skip + continue + } + cloudEvent := events.NewCloudEvent(event, eventInfo, awsEventBridge.source) + jsonBytes, err := json.Marshal(cloudEvent) + if err != nil { + return eventbridge.PutEventsInput{}, errors.Wrapf(err, "could not marshal cloud event for vSphere event %s from source %s", event.GetEvent().Key, awsEventBridge.source) + } + + jsonString := string(jsonBytes) + entry := eventbridge.PutEventsRequestEntry{ + Detail: aws.String(jsonString), + EventBusName: aws.String(awsEventBridge.patternMap[eventInfo.Name]), + Source: aws.String(cloudEvent.Source), + DetailType: aws.String(cloudEvent.Subject), + } + input.Entries = append(input.Entries, &entry) + + // update metrics + awsEventBridge.stats.Invocations[eventInfo.Name]++ + } + + return input, nil +} + +func (awsEventBridge *awsEventBridgeProcessor) syncPatternMap(ctx context.Context, eventbus string, ruleARN string) { + for { + select { + case <-ctx.Done(): + return + case <-time.After(resyncInterval): + awsEventBridge.Printf("syncing pattern map for rule ARN %s", ruleARN) + err := awsEventBridge.syncRules(ctx, eventbus, ruleARN) + if err != nil { + awsEventBridge.Printf("could not sync pattern map for rule ARN %s: %v", ruleARN, err) + awsEventBridge.Printf("retrying after %v", resyncInterval) + } + awsEventBridge.Printf("successfully synced pattern map for rule ARN %s", ruleARN) + } + } +} + +func (awsEventBridge *awsEventBridgeProcessor) syncRules(ctx context.Context, eventbus, ruleARN string) error { + awsEventBridge.mu.Lock() + // clear pattern map + awsEventBridge.patternMap = make(map[string]string) + awsEventBridge.mu.Unlock() + + var found bool + var nextToken *string + for !found { + rules, err := awsEventBridge.ListRulesWithContext(ctx, &eventbridge.ListRulesInput{ + EventBusName: aws.String(eventbus), // explicitely passing eventbus name because list assumes "default" otherwise + Limit: aws.Int64(pageLimit), + NextToken: nextToken, + }) + if err != nil { + return errors.Wrap(err, "could not list event bridge rules") + } + + for _, rule := range rules.Rules { + switch { + case *rule.Arn == ruleARN: + if rule.EventPattern == nil { + return errors.Errorf("rule event pattern must not be empty") + } + + var e eventPattern + err := json.Unmarshal([]byte(*rule.EventPattern), &e) + if err != nil { + return errors.Wrap(err, "could not parse rule event pattern") + } + + if len(e.Detail.Subject) == 0 { // might be a valid scenario, emit warning + awsEventBridge.Println("warning: rule event pattern does not contain any subjects") + } + + awsEventBridge.mu.Lock() + for _, s := range e.Detail.Subject { + awsEventBridge.Printf("adding rule event forwarding pattern %q to processor", s) + awsEventBridge.patternMap[s] = *rule.EventBusName + } + awsEventBridge.mu.Unlock() + + found = true + break + + default: + continue + } + } + + switch { + case found == true: // return early + break + case rules.NextToken != nil: // try next batch of rules, if any + nextToken = rules.NextToken + continue + default: // nothing found + return errors.Errorf("rule %s not found for configured AWS event bridge account", ruleARN) + } + } + return nil +} + +func (awsEventBridge *awsEventBridgeProcessor) PushMetrics(ctx context.Context, ms *metrics.Server) { + for { + select { + case <-ctx.Done(): + return + case <-time.Tick(metrics.PushInterval): + awsEventBridge.mu.RLock() + ms.Receive(awsEventBridge.stats) + awsEventBridge.mu.RUnlock() + } + } +} diff --git a/vmware-event-router/internal/processor/openfaas.go b/vmware-event-router/internal/processor/openfaas.go new file mode 100644 index 00000000..7488f810 --- /dev/null +++ b/vmware-event-router/internal/processor/openfaas.go @@ -0,0 +1,167 @@ +package processor + +import ( + "context" + "encoding/json" + "fmt" + "log" + "os" + "sync" + "time" + + sdk "github.com/openfaas-incubator/connector-sdk/types" + "github.com/openfaas/faas-provider/auth" + "github.com/pkg/errors" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/events" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" + + "github.com/vmware/govmomi/vim25/types" +) + +const ( + // ProviderOpenFaaS is the name used to identify this provider in the + // VMware Event Router configuration file + ProviderOpenFaaS = "openfaas" + topicDelimiter = "," + rebuildInterval = time.Second * 10 + timeout = time.Second * 15 + authMethodOpenFaaS = "basic_auth" // only this method is supported by the processor +) + +// openfaasProcessor implements the Processor interface +type openfaasProcessor struct { + controller sdk.Controller + source string + verbose bool + *log.Logger + + lock sync.RWMutex + stats metrics.EventStats +} + +// NewOpenFaaSProcessor returns an OpenFaaS processor for the given stream +// source. Asynchronous function invokation can be configured for +// high-throughput (non-blocking) requirements. +func NewOpenFaaSProcessor(ctx context.Context, cfg connection.Config, source string, verbose bool, ms *metrics.Server) (Processor, error) { + logger := log.New(os.Stdout, "[OpenFaaS] ", log.LstdFlags) + openfaas := openfaasProcessor{ + source: source, + verbose: verbose, + Logger: logger, + } + + var creds auth.BasicAuthCredentials + switch cfg.Auth.Method { + case authMethodOpenFaaS: + creds.User = cfg.Auth.Secret["username"] + creds.Password = cfg.Auth.Secret["password"] + default: + return nil, errors.Errorf("unsupported authentication method for processor openfaas: %s", cfg.Auth.Method) + } + + var async bool + if cfg.Options["async"] == "true" { + async = true + } + ofconfig := sdk.ControllerConfig{ + GatewayURL: cfg.Address, + TopicAnnotationDelimiter: topicDelimiter, + RebuildInterval: rebuildInterval, + UpstreamTimeout: timeout, + AsyncFunctionInvocation: async, + PrintSync: verbose, + } + ofcontroller := sdk.NewController(&creds, &ofconfig) + + openfaas.controller = ofcontroller + openfaas.controller.Subscribe(&openfaas) + openfaas.controller.BeginMapBuilder() + + // prepopulate the metrics stats + openfaas.stats = metrics.EventStats{ + Provider: ProviderOpenFaaS, + ProviderType: cfg.Type, + Name: cfg.Address, + Started: time.Now().UTC(), + Invocations: make(map[string]int), + } + go openfaas.PushMetrics(ctx, ms) + + return &openfaas, nil +} + +// Response prints status information for each function invokation +func (openfaas *openfaasProcessor) Response(res sdk.InvokerResponse) { + // update stats + // TODO: currently we only support metrics when in sync invokation mode + // because we don't have a callback for async invocations + openfaas.lock.Lock() + openfaas.stats.Invocations[res.Topic]++ + openfaas.lock.Unlock() + + if res.Error != nil { + openfaas.Printf("function %s for topic %s returned status %d with error: %v", res.Function, res.Topic, res.Status, res.Error) + return + } + openfaas.Printf("successfully invoked function %s for topic %s", res.Function, res.Topic) +} + +// Process implements the stream processor interface +func (openfaas *openfaasProcessor) Process(moref types.ManagedObjectReference, baseEvent []types.BaseEvent) error { + fmt.Printf("of topics: %v", openfaas.controller.Topics()) + + for idx := range baseEvent { + // process slice in reverse order to maintain Event.Key ordering + event := baseEvent[len(baseEvent)-1-idx] + + if openfaas.verbose { + openfaas.Printf("processing event [%d] of type %T from source %s: %+v", idx, event, openfaas.source, event) + } + + topic, message, err := handleEvent(event, openfaas.source) + if err != nil { + openfaas.Printf("error handling event: %v", err) + continue + } + + if openfaas.verbose { + openfaas.Printf("created new outbound cloud event for subscribers: %s", string(message)) + } + + openfaas.Printf("invoking function(s) on topic: %s", topic) + openfaas.controller.Invoke(topic, &message) + } + return nil +} + +// handleEvent returns the OpenFaaS subscription topic, e.g. VmPoweredOnEvent, +// and outbound event message for the given BaseEvent and source +func handleEvent(event types.BaseEvent, source string) (string, []byte, error) { + // Sanity check to avoid nil pointer exception + if event == nil { + return "", nil, errors.New("source event must not be nil") + } + + // Get the category and name of the event used for subscribed topic matching + eventInfo := events.GetDetails(event) + cloudEvent := events.NewCloudEvent(event, eventInfo, source) + message, err := json.Marshal(cloudEvent) + if err != nil { + return "", nil, errors.Wrapf(err, "could not marshal cloud event for vSphere event %s from source %s", event.GetEvent().Key, source) + } + return eventInfo.Name, message, nil +} + +func (openfaas *openfaasProcessor) PushMetrics(ctx context.Context, ms *metrics.Server) { + for { + select { + case <-ctx.Done(): + return + case <-time.Tick(metrics.PushInterval): + openfaas.lock.RLock() + ms.Receive(openfaas.stats) + openfaas.lock.RUnlock() + } + } +} diff --git a/vmware-event-router/internal/processor/processor.go b/vmware-event-router/internal/processor/processor.go new file mode 100644 index 00000000..6e447191 --- /dev/null +++ b/vmware-event-router/internal/processor/processor.go @@ -0,0 +1,13 @@ +package processor + +import ( + "github.com/vmware/govmomi/vim25/types" +) + +// Processor handles incoming vCenter events. This enables different FaaS +// implementations for vCenter event processing. Note: in the case of processing +// failure the current behavior is to log but return nil until at-least-once +// semantics are implemented. +type Processor interface { + Process(types.ManagedObjectReference, []types.BaseEvent) error +} diff --git a/vmware-event-router/internal/stream/stream.go b/vmware-event-router/internal/stream/stream.go new file mode 100644 index 00000000..6db2307a --- /dev/null +++ b/vmware-event-router/internal/stream/stream.go @@ -0,0 +1,17 @@ +package stream + +import ( + "context" + + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/processor" +) + +// Streamer establishes a connection to a stream provider and invokes a stream +// processor. +type Streamer interface { + PushMetrics(context.Context, *metrics.Server) + Stream(context.Context, processor.Processor) error + Shutdown(context.Context) error + Source() string +} diff --git a/vmware-event-router/internal/stream/vcenter.go b/vmware-event-router/internal/stream/vcenter.go new file mode 100644 index 00000000..05805e06 --- /dev/null +++ b/vmware-event-router/internal/stream/vcenter.go @@ -0,0 +1,133 @@ +package stream + +import ( + "context" + "math" + "net/url" + "sync" + "time" + + "github.com/pkg/errors" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/processor" + "github.com/vmware/govmomi" + "github.com/vmware/govmomi/event" + "github.com/vmware/govmomi/vim25/soap" + "github.com/vmware/govmomi/vim25/types" +) + +const ( + // ProviderVSphere is the name used to identify this provider in the + // VMware Event Router configuration file + ProviderVSphere = "vmware_vcenter" + authMethodvSphere = "user_password" +) + +// vCenterStream handles the connection to vCenterStream to retrieve an event stream +type vCenterStream struct { + client govmomi.Client + stream event.Manager + + lock sync.RWMutex + stats metrics.EventStats +} + +// NewVCenterStream returns a vCenter event manager for a given configuration and metrics server +func NewVCenterStream(ctx context.Context, cfg connection.Config, ms *metrics.Server) (Streamer, error) { + var vCenter vCenterStream + parsedURL, err := soap.ParseURL(cfg.Address) + if err != nil { + return nil, errors.Wrap(err, "error parsing URL") + } + + var username, password string + switch cfg.Auth.Method { + case authMethodvSphere: + username = cfg.Auth.Secret["username"] + password = cfg.Auth.Secret["password"] + default: + return nil, errors.Errorf("unsupported authentication method for stream vCenter: %s", cfg.Auth.Method) + } + parsedURL.User = url.UserPassword(username, password) + + var insecure bool + if cfg.Options["insecure"] == "true" { + insecure = true + } + + client, err := govmomi.NewClient(ctx, parsedURL, insecure) + if err != nil { + return nil, errors.Wrap(err, "could not create vCenter client") + } + + vCenter.client = *client + vCenter.stream = *event.NewManager(client.Client) + + // prepopulate the metrics stats + vCenter.stats = metrics.EventStats{ + Provider: ProviderVSphere, + ProviderType: cfg.Type, + Name: client.URL().String(), + Started: time.Now().UTC(), + EventsTotal: new(int), + EventsSec: new(float64), + } + go vCenter.PushMetrics(ctx, ms) + return &vCenter, nil +} + +// Stream is the main logic, blocking to receive and handle events from vCenter +func (vcenter *vCenterStream) Stream(ctx context.Context, p processor.Processor) error { + // get events for all types (i.e. RootFolder in vCenter) + managedTypes := []types.ManagedObjectReference{vcenter.client.ServiceContent.RootFolder} + eventsPerPage := int32(1) + tail := true + force := false + + err := vcenter.stream.Events(ctx, managedTypes, eventsPerPage, tail, force, vcenter.streamCallbackFn(p)) + if err != nil { + return errors.Wrap(err, "error connecting to vCenter event stream") + } + return nil +} + +func (vcenter *vCenterStream) Shutdown(ctx context.Context) error { + // need to pass new context explicitly to avoid + // "*url.Error: POST ... context cancelled" + err := vcenter.client.Logout(context.Background()) + return errors.Wrap(err, "failed to logout from vCenter") // err == nil if logout was successful +} + +func (vcenter *vCenterStream) Source() string { + return vcenter.client.URL().String() +} + +func (vcenter *vCenterStream) PushMetrics(ctx context.Context, ms *metrics.Server) { + for { + select { + case <-ctx.Done(): + return + case <-time.Tick(metrics.PushInterval): + vcenter.lock.RLock() + eventsSec := math.Round((float64(*vcenter.stats.EventsTotal)/time.Since(vcenter.stats.Started).Seconds())*100) / 100 // 0.2f syntax + vcenter.stats.EventsSec = &eventsSec + ms.Receive(vcenter.stats) + vcenter.lock.RUnlock() + } + } +} + +// updates the internal metrics state of the provider before invoking the +// processor +func (vcenter *vCenterStream) streamCallbackFn(p processor.Processor) func(types.ManagedObjectReference, []types.BaseEvent) error { + return func(moref types.ManagedObjectReference, baseEvent []types.BaseEvent) error { + // update stats before invoking the processor + vcenter.lock.Lock() + total := *vcenter.stats.EventsTotal + len(baseEvent) + vcenter.stats.EventsTotal = &total + vcenter.lock.Unlock() + + return p.Process(moref, baseEvent) + } +} From 6c34f73e145c2d8c4a5e5913b4bc3f29258ce7b6 Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 24 Feb 2020 22:38:52 +0100 Subject: [PATCH 04/34] Update Python Examples for CloudEvents Signed-off-by: Michael Gasch --- examples/README.md | 6 +++++ examples/python/esx-mtu-fixer/README.md | 7 +----- .../python/esx-mtu-fixer/create_secret.sh | 5 ++-- examples/python/tagging/README.MD | 25 ++++++------------- 4 files changed, 17 insertions(+), 26 deletions(-) diff --git a/examples/README.md b/examples/README.md index 3159f65b..898dd2d4 100644 --- a/examples/README.md +++ b/examples/README.md @@ -1,3 +1,9 @@ +# About the Example Functions + +This page lists ready to use functions curated by the vCenter Event Broker community. They serve as an easy way to use the appliance and as an inspiration for how to write functions in different languages. + +> **Note:** These functions are provided and tested to be used with the vCenter Event Broker Appliance deployed with [OpenFaaS](../architecture.md#openfaas) as the event stream processor. + | Use Cases | Python | PowerCLI | |-----------------|--------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------| | vSphere Tagging | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples/python/tagging) | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples/powercli/tagging) | diff --git a/examples/python/esx-mtu-fixer/README.md b/examples/python/esx-mtu-fixer/README.md index e8abe208..7cf2843a 100644 --- a/examples/python/esx-mtu-fixer/README.md +++ b/examples/python/esx-mtu-fixer/README.md @@ -1,14 +1,9 @@ # ESX Maximum transmission unit fixer -This is a remidiation function which will be triggered when a VM is powered on. It will make sure that the Maximum transmission unit of the VM Kernel Adapter on all ESX hosts is at least `1500`. You can find out more about why `1500` is an optimal value in the [wikipedia page](https://en.wikipedia.org/wiki/Maximum_transmission_unit). +This is a remediation function which will be triggered when a VM is powered on. It will make sure that the Maximum Transmission Unit (MTU) of the VM Kernel Adapter on all ESX hosts is at least `1500`. You can find out more about why `1500` is an optimal value in the [wikipedia page](https://en.wikipedia.org/wiki/Maximum_transmission_unit). ## Set up -Prerequisites are : -* Binary [faas-cli](https://docs.openfaas.com/cli/install/) -* [VEBA](https://flings.vmware.com/vcenter-event-broker-appliance?download_url=https%3A%2F%2Fdownload3.vmware.com%2Fsoftware%2Fvmw-tools%2Fveba%2FvCenter_Event_Broker_Appliance_0.1.0.ova#summary) or [OpenFaaS](https://docs.openfaas.com/deployment/kubernetes/) and [vcenter-connector](https://github.com/openfaas-incubator/vcenter-connector) on top of [kubernetes](https://kubernetes.io/docs/setup/learning-environment/minikube/). It is preferred to go with VEBA as it is single installation. -* Deployed arbitrary VM on your vCenter to trigger the function when the VM is powered on. - The function needs credentials and endpoint of the vCenter with which the function will interact. You can see how to create a secret containing those credentials in your kubernetes cluster in the [create_secret](./create_secret.sh) script. Your `kubectl` must be configured to communicate with your remote cluster first. ## Deploy the function diff --git a/examples/python/esx-mtu-fixer/create_secret.sh b/examples/python/esx-mtu-fixer/create_secret.sh index 573ee169..ea035307 100644 --- a/examples/python/esx-mtu-fixer/create_secret.sh +++ b/examples/python/esx-mtu-fixer/create_secret.sh @@ -1,8 +1,9 @@ #!/bin/bash +set -exo pipefail + # Note: the default function namespace is openfaas-fn # you can change this namespace to your own -kubectl create secret generic vc-credentials -n openfaas-fn \ - --from-literal=vc-password='' \ +kubectl -n openfaas-fn create secret generic vc-credentials --from-literal=vc-password='' \ --from-literal=vc-host='' \ --from-literal=vc-user='' \ No newline at end of file diff --git a/examples/python/tagging/README.MD b/examples/python/tagging/README.MD index 9578eb1c..55ff50b7 100644 --- a/examples/python/tagging/README.MD +++ b/examples/python/tagging/README.MD @@ -32,7 +32,7 @@ Take a note of the `urn:...` for `demotag1` as we will need it for the next step For security reasons to not expose sensitive data we will create a Kubernetes [secret](https://kubernetes.io/docs/concepts/configuration/secret/) which will hold the vCenter credentials and tag information. This secret will be mounted into the function during runtime. This is all taken care of for your by the appliance. We only have to create the secret with a simple command through `faas-cli`. -First, change the configuration file `vcconfig.toml` holding your secret vCenter information located in the tagging example folder: +First, change the configuration file [vcconfig.toml](vcconfig.toml) holding your secret vCenter information located in this folder: ```toml # vcconfig.toml contents @@ -62,6 +62,8 @@ faas-cli secret create vcconfig --from-file=vcconfig.toml --tls-no-verify Lastly, define the vCenter event which will trigger this function. Such function-specific settings are performed in the `stack.yml` file. Open and edit the `stack.yml` provided with in the Python tagging example code. Change `gateway` and `topic` as per your environment/needs. +> **Note:** A key-value annotation under `topic` defines which VM event should trigger the function. A list of VM events from vCenter can be found [here](https://code.vmware.com/doc/preview?id=4206#/doc/vim.event.VmEvent.html). Multiple topics can be specified using a `","` delimiter syntax, e.g. "`topic: "VmPoweredOnEvent,VmPoweredOffEvent"`". + ```yaml provider: name: openfaas @@ -70,17 +72,17 @@ functions: pytag-fn: lang: python3 handler: ./handler - image: embano1/pytag-fn:0.2 + image: embano1/pytag-fn:0.3 environment: write_debug: true read_debug: true secrets: - vcconfig # leave as is unless you changed the name during the creation of the vCenter credentials secrets above annotations: - topic: vm.powered.on # or drs.vm.powered.on in a DRS-enabled cluster + topic: VmPoweredOnEvent # or DrsVmPoweredOnEvent in a DRS-enabled cluster ``` -**Note:** If you are running a vSphere DRS-enabled cluster the topic annotation above should be `drs.vm.powered.on`. Otherwise the function would never be triggered. +**Note:** If you are running a vSphere DRS-enabled cluster the topic annotation above should be `DrsVmPoweredOnEvent`. Otherwise the function would never be triggered. ### Deploy the function @@ -104,7 +106,7 @@ If your VM did not get the tag attached, verify: - vCenter IP/username/password - Permissions of the vCenter user -- Whether the components can talk to each other (connector to vCenter and OpenFaaS, function to vCenter) +- Whether the components can talk to each other (VMware Event Router to vCenter and OpenFaaS, function to vCenter) - Check the logs (`kubectl` is installed and configured locally on the appliance)): ```bash @@ -118,16 +120,3 @@ faas-cli logs pytag-fn --follow --tls-no-verify {"status": "200", "message": "successfully attached tag on VM: vm-267"} 2019/01/25 23:48:56 Duration: 1.551482 seconds ``` - -Or via `kubectl` locally on the appliance: - -```bash -kubectl -n openfaas logs deploy/vcenter-connector -f - -# Successful log message in the OpenFaaS vCenter connector -2019/01/25 23:39:09 Message on topic: vm.powered.on -2019/01/25 23:39:09 Invoke function: pytag-fn -2019/01/25 23:39:10 Response [200] from pytag-fn -``` - -You can access appliance specific logs on the endpoint `https://VEBA_FQDN/boostrap`. For debug level information, turn on debugging during the appliance deployment process. \ No newline at end of file From 7cb1c844462c4189720352bd0a46566db1d108bb Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 24 Feb 2020 22:39:19 +0100 Subject: [PATCH 05/34] Update .gitignore for VMware Event Router Signed-off-by: Michael Gasch --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index 20eadc95..fd636b92 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,7 @@ packer_cache/ output-vmware-iso/ +dist/ +.vscode +username +password +secret*.json From 7b52f9e7623b5ea284019aede1f0d8d2af9ee36a Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 24 Feb 2020 22:39:50 +0100 Subject: [PATCH 06/34] Update docs for new VMware Event Router Signed-off-by: Michael Gasch --- FAQ.md | 86 +++++++++++++------ README.md | 12 ++- architecture.md | 45 ++++++---- getting-started.md | 166 +------------------------------------ veba-appliance-diagram.png | Bin 68397 -> 153782 bytes 5 files changed, 97 insertions(+), 212 deletions(-) diff --git a/FAQ.md b/FAQ.md index b972faf9..9a6d7e98 100644 --- a/FAQ.md +++ b/FAQ.md @@ -9,6 +9,7 @@ Feel free to raise issues/file pull requests to this Github repository to help u - [Architecture](#architecture) - [Event Handling](#event-handling) + - [Event Types supported](#event-types-supported) - [Message Delivery Guarantees](#message-delivery-guarantees) - [The Event Specification](#the-event-specification) - [Functions](#functions) @@ -29,7 +30,9 @@ Kubernetes and its dependencies, such as the Docker, are deployed as systemd uni > **Note:** We are considering to use Kubernetes' cluster capabilities in the future to provide increased resiliency (node crashes), scalability (scale out individual components to handle higher load) and durability (replication and persistency). The downside is the added complexity of deploying and managing a multi-node vCenter Event Broker Appliance environment. -Currently one OpenFaaS vcenter-connector is deployed per appliance (1:1 mapping). That means, only one vCenter event stream can be processed per appliance. We are evaluating options to support multiple vCenter environments per appliance (scale up) or alternatively support multi-node appliance deployments (scale out), which might be required in large deployments (performance, throughput). +The [VMware Event Router](architecture.md#vmware-event-router) is responsible for connecting to event stream sources, such as VMware vCenter, and forward events to an event processor. To allow for extensibility and different event sources/processors event sources and processors are abstracted via `go interfaces`. + +Currently, one VMware Event Router is deployed per appliance (1:1 mapping). Also, only one event stream (source) and one processor can be configured. The list of supported event sources and processors can be found [here](architecture.md#vmware-event-router). That means, only one vCenter event stream can be processed per appliance. We are evaluating options to support multiple event sources (vCenter servers) and processors per appliance (scale up) or alternatively support multi-node appliance deployments (scale out), which might be required in large deployments (performance, throughput). > **Note:** We have not done any extensive performance and scalability testing to understand the limits of the single appliance model. @@ -37,6 +40,10 @@ Currently one OpenFaaS vcenter-connector is deployed per appliance (1:1 mapping) As described in the architecture section [above](#architecture) due to the microservices architecture used in the vCenter Event Broker Appliance one always has to consider message delivery problems such as timeouts, delays, reordering, loss. These challenges are fundamental to [distributed systems](https://github.com/papers-we-love/papers-we-love/blob/master/distributed_systems/a-note-on-distributed-computing.pdf) and must be understood and considered by function authors. +## Event Types supported + +For the configured event stream source, e.g. VMware vCenter, all event available in vCenter are supported. Since event types are environment specific (vSphere version, extensions), a list of events for vCenter as an event source can be generated with this [script](https://github.com/lamw/vcenter-event-mapping/blob/master/vsphere-6.7-update-3.md). + ## Message Delivery Guarantees Consider the following most basic form of messaging between two systems: @@ -71,42 +78,40 @@ As of today the vCenter Event Broker Appliance guarantees at most once delivery. - Using asynchronous function [invocation](#invocation) (defaults to "off", i.e. "synchronus", in the appliance) which internally uses a message queue for event processing - Following [best practices](#code-best-practices) for writing functions -> **Note:** The vCenter Event Broker Appliance currently does not persist (to disk) or retry event delivery in case of failure during function invocation or upstream (external system, such as Slack) communication issues. For introspection and debugging purposes invocations are logged to standard output by the OpenFaaS vcenter-connector ("sync" invocation mode) or OpenFaaS queue-worker ("async" invocation mode). +> **Note:** The vCenter Event Broker Appliance currently does not persist (to disk) or retry event delivery in case of failure during function invocation or upstream (external system, such as Slack) communication issues. For introspection and debugging purposes invocations are logged to standard output by the VMware Event Router. -We are currently investigating options to support at least once delivery semantics. However, this requires significant changes to the OpenFaaS vcenter-connector, such as: +We are currently [investigating](https://github.com/vmware-samples/vcenter-event-broker-appliance/issues/38) options to support at least once delivery semantics. However, this requires significant changes to the VMware Event Router, such as: - Tracking and checkpointing (to disk) successfully processed vCenter events (stream history position) -- Buffering events in the connector (incl. queue management to protect from overflows) +- Buffering events in the router (incl. queue management to protect from overflows) - Raising awareness (docs, tutorials) for function authors to deal with duplicated, delayed or out of order arriving event messages - High-availability deployments (active-active/active-passive) to continue to retrieve the event stream during appliance downtime (maintenance, crash) - Describe mitigation strategies for data loss in the appliance (snapshots, backups) ## The Event Specification -> **Note:** WIP, this new event spec will be a feature in an upcoming release of the appliance - -The event payload structure used by the vCenter Event Broker Appliance has been significantly enriched since the beginning. It mostly follows the [CloudEvents](https://github.com/cloudevents/sdk-go/blob/master/pkg/cloudevents/eventcontext_v1.go) specification (v1), deviating only in some small cases (type definitions). The current data content type which is sent as payload when invoking a function is JSON. +The event payload structure used by the vCenter Event Broker Appliance has been significantly enriched since the beginning. It follows the [CloudEvents](https://github.com/cloudevents/sdk-go/blob/master/pkg/cloudevents/eventcontext_v1.go) specification (v1). The current data content type which is sent as payload when processing events is JSON. The following example shows the event structure (trimmed for better readability): ```json { "id": "6da664a7-7ad1-4b7a-b97f-8f7c75eae75a", - "source": "10.0.10.1", + "source": "https://10.10.0.1:443/sdk", "specversion": "1.0", - "type": "com.github.openfaas-incubator.openfaas-vcenter-connector.vm.powered.on", + "type": "com.vmware.event.router/event", "subject": "VmPoweredOnEvent", - "time": "2019-12-08T10:57:35.596934Z", + "time": "2020-01-13T15:31:26.846182Z", "data": { "Key": 9420, - "CreatedTime": "2019-12-08T10:57:27.915136Z", + "CreatedTime": "2020-01-13T15:29:35.300455Z", [...] }, "datacontenttype": "application/json" } ``` -> **Note:** This is not the event as emitted by vCenter. The appliance, using the OpenFaaS vcenter-connector, wraps the corresponding vCenter event (as seen in "data") into its own event structure. +> **Note:** This is not the event as emitted by vCenter. The appliance, using the VMware Event Router, wraps the corresponding vCenter event (as seen in "data") into its own event structure. `id:` The unique ID ([UUID](https://tools.ietf.org/html/rfc4122)) of the event @@ -114,11 +119,11 @@ The following example shows the event structure (trimmed for better readability) `specversion:` The event specification the appliances uses (can be used for schema handling) -`type:` The canonical name of the event in "." dot notation (including the emitter, i.e. OpenFaaS vcenter-connector) +`type:` The event category (event, eventex, extendedevent) with a fixed VMware Event Router prefix `subject:` The vCenter event name (CamelCase) -`time:` Timestamp when this event was produced by the appliance +`time:` Timestamp when this event was produced by the VMware Event Router `data:` Original vCenter event @@ -134,7 +139,7 @@ Please see the section on function [best practices](#code-best-practices) below ## Getting Started -The vCenter Event Broker Appliance uses OpenFaaS as a Function-as-a-Service (FaaS) platform. Alex Ellis, the creator of OpenFaaS, and the community have put together comprehensive documentation and workshop materials to get you started with writing your first functions: +The vCenter Event Broker Appliance can be configured to use OpenFaaS as a Function-as-a-Service (FaaS) platform. Alex Ellis, the creator of OpenFaaS, and the community have put together comprehensive documentation and workshop materials to get you started with writing your first functions: - [Your first OpenFaaS Function with Python](https://docs.openfaas.com/tutorials/first-python-function/) - [OpenFaaS Workshop](https://docs.openfaas.com/tutorials/workshop/) @@ -152,12 +157,10 @@ functions: pytag-fn: lang: python3 handler: ./handler - image: embano1/pytag-fn:0.2 + image: embano1/pytag-fn:0.3 ``` -`pytag-fn:` The name of the function used by OpenFaaS as the canonical name and identifier throughout the lifecycle of the function. Internally this will be the name used by Kubernetes to run the function as a Kubernetes deployment. - - +`pytag-fn:` The name of the function used by OpenFaaS as the canonical name and identifier throughout the lifecycle of the function. Internally this will be the name used by Kubernetes to run the function as a Kubernetes pod. The value of this field: @@ -178,20 +181,51 @@ The value of this field: - supports common CI/CD version control flows - changing the tag is sufficient - > **Note:** `functions` can contain multiple functions described as a list in YAML (not shown here). ## Invocation Functions in OpenFaaS can be invoked synchronously or asynchronously: -`synchronous:` The function is called and the caller, e.g. OpenFaaS vcenter-connector, waits until the function returns (successful/error) or the timeout threshold is hit. +`synchronous:` The function is called and the caller, e.g. VMware Event Router, waits until the function returns (successful/error) or the timeout threshold is hit. `asynchronous:` The function is not directly called. Instead, HTTP status code 202 ("accepted") is returned and the request, including the event payload, is stored in a [NATS Streaming](https://docs.nats.io/nats-streaming-concepts/intro) queue. One or more "queue-workers" process the queue items. If you directly invoke your functions deployed in the appliance you can decide which invocation mode is used (per function). More details can be found [here](https://github.com/openfaas/workshop/blob/master/lab7.md). -> **Note:** The vCenter Event Broker appliance by default uses synchronous invocation mode. If you experience performance issues due to long-running/slow/blocking functions, consider running the OpenFaaS vcenter-connector in asynchronous mode (`-async` flag in the Kubernetes deployment manifest, TODO). +The vCenter Event Broker appliance by default uses synchronous invocation mode. If you experience performance issues due to long-running/slow/blocking functions, consider running the VMware Event Router in asynchronous mode by setting the `"async"` option to `"true"` (quotes required) in the configuration file for the VMware Event Router deployment: + +```json +{ + "type": "processor", + "provider": "openfaas", + "address": "http://127.0.0.1:8080", + "auth": { + ...skipped + } + }, + "options": { + "async": "true" + } +} +``` + +When the AWS EventBridge [event processor](architecture.md#aws-eventbridge) is used, events are only forwarded for the patterns configured in the AWS event rule ARN. For example, if the rule is configured with this event pattern: + +```json +{ + "detail": { + "subject": [ + "VmPoweredOnEvent", + "VmPoweredOffEvent", + "VmReconfiguredEvent" + ] + } +} +``` + +Only these three vCenter event types would be forwarded. Other events are discarded to save network bandwidth and costs. + ## Code Best Practices @@ -199,8 +233,6 @@ Compared to writing repetitive boilerplate logic to handle vCenter events, the v However, as outlined in previous sections in this guide, there are still some best practices and pitfalls to be considered when it comes to messaging in a distributed system. The following list tries to provide guidance for function authors. Before applying them thoroughly think about your problem statement and whether all of these recommendations apply to your specific scenario. - - ### Single Responsibility Principle @@ -277,7 +309,7 @@ As discussed in earlier sections of this guide, the vCenter Event Broker Applian A workaround is to persist the event to an external (durable) datastore or queue and consume/process from there. If this fails a log message can be produced with debugging information (critical event payload) or the event sent to a backup system, e.g. dead letter queue (DLQ). ->**Note:** Strictly speaking this does not address the appliance-internal scenario where the OpenFaaS vcenter-connector might not be able to invoke your function (resource busy, unavailable, etc.) but addresses common network communication issues when making outbound calls from the appliance. +>**Note:** Strictly speaking this does not address the appliance-internal scenario where the VMware Event Router might not be able to invoke your function (resource busy, unavailable, etc.) but addresses common network communication issues when making outbound calls from the appliance. If your function executes quickly, retrying within the function might be a viable approach as well (retry three times with an increasing backoff delay). Pseudo-code: @@ -306,13 +338,15 @@ To support idempotency checks, the vCenter Event Broker Appliance [event payload { [...] "id":"0058c998-cc0f-49ca-8cc3-1b60abf5957c", - "source":"10.160.94.63", + "source":"https://10.160.94.63/sdk", "subject":"UserLogoutSessionEvent" } ``` > **Note:** The "id" field is a UUID which, practically speaking, is guaranteed to be unique per event (even across multiple appliances). "Source" or "subject" can be used for faster indexing/lookups in tables or caches. +In the very unlikely scenario that the appliance fails right after emitting an event and then immediately restarts, depending on the event source (e.g. vCenter) some events might be processed again since they are delivered to the VMware Event Router again after a restart. This would cause the generation of a new UUID for the same event(s). This is easy to detect though, as vCenter also uses a monotonically increasing counter available in the event payload +under `"data.Key: "`. ### Out of Order Message Arrival diff --git a/README.md b/README.md index 420425bd..7f10ae78 100644 --- a/README.md +++ b/README.md @@ -35,11 +35,15 @@ Please refer to the getting started guide [here](getting-started.md) The vCenter Event Broker Appliance follows a highly modular approach, using Kubernetes and containers as an abstraction layer between the base operating system ([Photon OS](https://github.com/vmware/photon)) and the required application services. Currently the following components are used in the appliance: -- Photon OS ([Github](https://github.com/vmware/photon)) -- Kubernetes ([Github](https://github.com/kubernetes/kubernetes)) +- VMware Event Router ([Github](https://github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router)) + - Supported Event Stream Sources: + - VMware vCenter ([Website](https://www.vmware.com/products/vcenter-server.html)) + - Supported Event Stream Processors: + - OpenFaaS ([Website](https://www.openfaas.com/)) + - AWS EventBridge ([Website](https://aws.amazon.com/eventbridge/)) - Contour ([Github](https://github.com/projectcontour/contour)) -- OpenFaaS ([Website](https://www.openfaas.com/)) -- vCenter Connector ([Github](https://github.com/openfaas-incubator/vcenter-connector/)) +- Kubernetes ([Github](https://github.com/kubernetes/kubernetes)) +- Photon OS ([Github](https://github.com/vmware/photon))
diff --git a/architecture.md b/architecture.md index 76ce8adf..2638b713 100644 --- a/architecture.md +++ b/architecture.md @@ -2,29 +2,38 @@ The vCenter Event Broker Appliance follows a highly modular approach, using Kubernetes and containers as an abstraction layer between the base operating system ([Photon OS](https://github.com/vmware/photon)) and the required application services. Currently the following components are used in the appliance: -- Photon OS ([Github](https://github.com/vmware/photon)) -- Kubernetes ([Github](https://github.com/kubernetes/kubernetes)) +- VMware Event Router ([Github](https://github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router)) + - Supported Event Stream Sources: + - VMware vCenter ([Website](https://www.vmware.com/products/vcenter-server.html)) + - Supported Event Stream Processors: + - OpenFaaS ([Website](https://www.openfaas.com/)) + - AWS EventBridge ([Website](https://aws.amazon.com/eventbridge/)) - Contour ([Github](https://github.com/projectcontour/contour)) -- OpenFaaS ([Website](https://www.openfaas.com/)) -- vCenter Connector ([Github](https://github.com/openfaas-incubator/vcenter-connector/)) +- Kubernetes ([Github](https://github.com/kubernetes/kubernetes)) +- Photon OS ([Github](https://github.com/vmware/photon)) -In the following sections we describe the individual components. +
-
+In the following sections we describe the individual components. > **Note:** Encompassing details are also provided in the [FAQ](FAQ.md). -### Photon OS +### VMware Event Router -Photon OS™ is an open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a **secure run-time environment for efficiently running containers** and out of the box support for Kubernetes. +The `vmware-event-router` implements the core functionality of VEBA, that is connecting to event streams ("sources") and processing the events with a configurable event processor such as OpenFaaS or AWS EventBridge. -Photon OS is the foundation for many appliances built for the vSphere platform and its ecosystem and thus the first choice for building the vCenter Event Broker Appliance. +### OpenFaaS -### Kubernetes +OpenFaaS® makes it easy for developers to deploy event-driven functions and microservices to Kubernetes without repetitive, boiler-plate coding. Package your code or an existing binary in a Docker image to get a highly scalable endpoint with auto-scaling and metrics. -Kubernetes is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications. +In the vCenter Event Broker Appliance OpenFaaS powers the appliance-integrated Function-as-a-Service framework to **trigger (custom) functions based on vSphere events**. The OpenFaaS user interface provides an easy to use dashboard to deploy and monitor functions. Functions can be authored and also deployed via an easy to use [CLI](https://github.com/openfaas/faas-cli). -For application and appliance developers Kubernetes provides **powerful platform capabilities**, such as application (container) self-healing, secrets and configuration management, resource management, extensibility, etc. Kubernetes lays the foundation for future improvements of the vCenter Event Broker Appliance with regards to **high availability (n+1) and scalability (horizontal scale out)**. +### AWS EventBridge + +Amazon EventBridge is a serverless event bus that makes it easy to connect applications together using data from your own applications, integrated Software-as-a-Service (SaaS) applications, and AWS services. + + +The vCenter Event Broker Appliance offers native integration for **event forwarding to AWS EventBridge**. The only requirement is creating a dedicated IAM user (access_key) and associated EventBridge rule on the default (or custom) event bus in the AWS management console to be used by this appliance. Only events matching the specified event pattern (EventBridge rule) will be forwarded to limit outgoing network traffic and costs. ### Contour @@ -32,12 +41,14 @@ Contour is an Ingress controller for Kubernetes that works by deploying the Envo In the vCenter Event Broker Appliance Contour provides **TLS termination for the various HTTP(S) endpoints** served. -### OpenFaaS +### Kubernetes -OpenFaaS® makes it easy for developers to deploy event-driven functions and microservices to Kubernetes without repetitive, boiler-plate coding. Package your code or an existing binary in a Docker image to get a highly scalable endpoint with auto-scaling and metrics. +Kubernetes is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications. + +For application and appliance developers Kubernetes provides **powerful platform capabilities**, such as application (container) self-healing, secrets and configuration management, resource management, extensibility, etc. Kubernetes lays the foundation for future improvements of the vCenter Event Broker Appliance with regards to **high availability (n+1) and scalability (horizontal scale out)**. -In the vCenter Event Broker Appliance OpenFaaS powers the **function creation, deployment, and workflows to trigger functions based on vSphere events**. The OpenFaaS user interface provides an easy to use dashboard to deploy and monitor functions. Functions can be authored and also deployed via an easy to use [CLI](https://github.com/openfaas/faas-cli). +### Photon OS -### vCenter Connector +Photon OS™ is an open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a **secure run-time environment for efficiently running containers** and out of the box support for Kubernetes. -vcenter-connector is an OpenFaaS event connector built to consume events from vCenter. It leverages the [OpenFaaS Connector SDK](https://github.com/openfaas-incubator/connector-sdk) to **bind and forward vSphere events to OpenFaaS functions**. \ No newline at end of file +Photon OS is the foundation for many appliances built for the vSphere platform and its ecosystem and thus the first choice for building the vCenter Event Broker Appliance. diff --git a/getting-started.md b/getting-started.md index fe22812c..edb3d28a 100644 --- a/getting-started.md +++ b/getting-started.md @@ -49,168 +49,4 @@ OpenFaaS UI: https://[hostname] **Step 4** - You can verify that everything was deployed correctly by opening a web browser to the OpenFaaS UI available on https://[hostname]/ and logging in with the Admin credentials (user:admin) you had specified as part of the OVA deployment. -At this point, you have successfully deployed the vCenter Event Broker Appliance and you are ready to start deploying your functions! - - -## Function Deployment - -The following example walks you through the steps of deploying your first function. The function will apply a vSphere tag to virtual machines after a `VmPoweredOnEvent`. Please make sure to run this example in an environment that is suitable for this exercise, i.e. not production. - -### Requirements - -* vCenter Event Broker Appliance fully configured and running -* `git` to clone the function example ([Download](https://git-scm.com/downloads)) -* `faas-cli` to deploy the function ([Download](https://github.com/openfaas/faas-cli#get-started-install-the-cli)) -* `govc` to create/retrieve tag information ([Download](https://github.com/vmware/govmomi/releases)) - -### How it works - -Functions can subscribe to events in vCenter through the `topic` [annotations](https://docs.openfaas.com/reference/yaml/#function-annotations) configured in the function deployment file (`stack.yml`). Based on these events a function can perform any action (i.e. business logic), such as tagging a VM, run post-processing scripts, audit to an external system, etc. - -**Note:** The current version only allows one event per function. A simple workaround is to deploy the same function with different associated events. - -vCenter events can be easily mapped to functions. For example, a `VmPoweredOnEvent` from vCenter would have a function `topic` annotation `vm.powered.on`. - -**Note:** In a DRS-enabled cluster the annotation would be `drs.vm.powered.on`. - -### Categories and tags - -For this exercise we need to create a category and tag unless you want to use an existing tag to follow along. - -Create a category/tag to be attached to a VM when it is powered on. Since we need the unique tag ID (i.e. vSphere URN) we will use [govc](https://github.com/vmware/govmomi/tree/master/govc) for this job. You can also use vSphere APIs (REST/SOAP) to retrieve the URN. - -```bash -# Test connection to vCenter, ignore TLS warnings -export GOVC_INSECURE=true # only needed if vCenter certificates cannot be verified -export GOVC_URL='https://vcuser:vcpassword@vcenter.ip' # replace with your environment details -./govc tags.ls # should not error out, otherwise check parameters above - -# If the connection is successful create a demo category/tag to be used by the function -./govc tags.category.create democat1 -urn:... # we don't need the category URN for this example -./govc tags.create -c democat1 demotag1 -urn:vmomi:InventoryServiceTag:019c0a9e-0672-48f5-ac2a-e394669e2916:GLOBAL -``` - -**Note:** You can also create the demo vSphere Category/Tag by using the vSphere UI. Once you have created the vSphere Tag, you can browse to the Tag inventory object and in the browser, you can copy the URN which will be in the format `urn:vmomi:InventoryServiceTag::GLOBAL` - -Take a note of the `urn:...` for `demotag1` as we will need it for the next steps. - -### Get the example function - -Clone this repository which contains the example functions. - -```bash -git clone https://github.com/vmware-samples/vcenter-event-broker-appliance -cd vcenter-event-broker-appliance/examples/python/tagging -``` - -### Customize the function - -For security reasons to not expose sensitive data we will create a Kubernetes [secret](https://kubernetes.io/docs/concepts/configuration/secret/) which will hold the vCenter credentials and tag information. This secret will be mounted into the function during runtime. This is all taken care of for your by the appliance. We only have to create the secret with a simple command through `faas-cli`. - -First, change the configuration file `vcconfig.toml` holding your secret vCenter information located in the tagging example folder: - -```toml -# vcconfig.toml contents -# replace with your own values and use a dedicated user/service account with permissions to tag VMs if possible -[vcenter] -server = "VCENTER_FQDN/IP" -user = "tagging-admin@vsphere.local" -password = "DontUseThisPassword" - -[tag] -urn = "urn:vmomi:InventoryServiceTag:019c0a9e-0672-48f5-ac2a-e394669e2916:GLOBAL" # replace with the one noted above -action = "attach" # tagging action to perform, i.e. attach or detach tag -``` - -Now go ahead and store this configuration file as secret in the appliance. - -```bash -# set up faas-cli for first use -export OPENFAAS_URL=https://VEBA_FQDN_OR_IP -faas-cli login -p VEBA_OPENFAAS_PASSWORD --tls-no-verify # vCenter Event Broker Appliance is configured with authentication, pass in the password used during the vCenter Event Broker Appliance deployment process - -# now create the secret -faas-cli secret create vcconfig --from-file=vcconfig.toml --tls-no-verify -``` - -**Note:** Delete the local `vcconfig.toml` after you're done with this exercise to not expose this sensitive information. - -Lastly, define the vCenter event which will trigger this function. Such function-specific settings are performed in the `stack.yml` file. Open and edit the `stack.yml` provided with in the Python tagging example code. Change `gateway` and `topic` as per your environment/needs. - -```yaml -provider: - name: openfaas - gateway: https://VEBA_FQDN_OR_IP # replace with your vCenter Event Broker Appliance environment -functions: - pytag-fn: - lang: python3 - handler: ./handler - image: embano1/pytag-fn:0.2 - environment: - write_debug: true - read_debug: true - secrets: - - vcconfig # leave as is unless you changed the name during the creation of the vCenter credentials secrets above - annotations: - topic: vm.powered.on # or drs.vm.powered.on in a DRS-enabled cluster -``` - -**Note:** If you are running a vSphere DRS-enabled cluster the topic annotation above should be `drs.vm.powered.on`. Otherwise the function would never be triggered. - -### Deploy the function - -After you've performed the steps and modifications above, you can go ahead and deploy the function: - -```bash -faas-cli template pull # only required during the first deployment -faas-cli deploy -f stack.yml --tls-no-verify -Deployed. 202 Accepted. -``` - -### Trigger the function - -Turn on a virtual machine, e.g. in vCenter or via `govc` CLI, to trigger the function via a `(DRS)VmPoweredOnEvent`. Verify the virtual machine was correctly tagged. - -**Note:** If you don't see a tag being assigned verify that you correctly followed each step above, IPs/FQDNs and credentials are correct and see the [troubleshooting](#troubleshooting) section below. - -## Mapping vCenter Events - -A vCenter Server instance ships with a number of "default" Events but it can also include custom and extended events which maybe published by both 2nd and 3rd party solutions. In addition, with each version of vSphere, additional Events may also be included. For these reasons, it is very difficult to publish a single list containing all possible configurations. - -To help, you can refer to this blog post [here](https://www.virtuallyghetto.com/2019/12/listing-all-events-for-vcenter-server.html) which includes a script to help extract all Events for a specific vCenter Server deployment including the vCenter Event ID, Type and Description. - -## Troubleshooting - -If your VM did not get the tag attached, verify: - -- vCenter IP/username/password -- Permissions of the vCenter user -- Whether the components can talk to each other (connector to vCenter and OpenFaaS, function to vCenter) -- Check the logs (`kubectl` is installed and configured locally on the appliance)): - -```bash -faas-cli logs pytag-fn --follow --tls-no-verify - -# Successful log message in the OpenFaaS tagging function -2019/01/25 23:48:55 Forking fprocess. -2019/01/25 23:48:55 Query -2019/01/25 23:48:55 Path / - -{"status": "200", "message": "successfully attached tag on VM: vm-267"} -2019/01/25 23:48:56 Duration: 1.551482 seconds -``` - -Or via `kubectl` locally on the appliance: - -```bash -kubectl -n openfaas logs deploy/vcenter-connector -f - -# Successful log message in the OpenFaaS vCenter connector -2019/01/25 23:39:09 Message on topic: vm.powered.on -2019/01/25 23:39:09 Invoke function: pytag-fn -2019/01/25 23:39:10 Response [200] from pytag-fn -``` - -You can access appliance specific logs on the endpoint `https://VEBA_FQDN/boostrap`. For debug level information, turn on debugging during the appliance deployment process. +At this point, you have successfully deployed the vCenter Event Broker Appliance and you are ready to start deploying your functions! Check the [examples](./examples/README.md) to quickly get started. diff --git a/veba-appliance-diagram.png b/veba-appliance-diagram.png index 64986361f0609b33aad44804993d3732108cd688..9bc005a6619bf7c5620f904c9d7040693ef4b32f 100644 GIT binary patch literal 153782 zcmdqI1y@{Avo;6>f(Do11b252?k>UI-Q6L$h2ZWEK^q!};O_430UDP~=iYC=o4j{^ z!LSZ%b)R##ls{FqJ5otO@&f`M0t5ua2WcrW6$prTt>FJ1xcA^YzzaMO1O&p6m8hta zw5TYFlCy)km8}^Bgj8g5D(n|kE$qNcAEu5es6>S$d2d*nd|0If!XlBMK9wyg z;S%)J<&g%PLBP@=#K9!gkzm_~7(-TJm?|j`_5_!eoxMw8Zg@Vw037-qw*BVgxzBRB z^l<3BfyhH&B2}iWf)-9;mL$O48;wwuGTjP*MSUuRf`Mq@K}TaFB}K|(6?oGV1m$&> ztu<#v++KG5)>J;YCMST%gZr-9g06r)GN|k~juz;04W!7;?2AWEsm&Hp6;d3^ilm85T^!hdgdKbMIrJ*d(|N61 zFb3Bu#Kb0LpSmY8e0Y!t>uhcx>WebF{0VIq>E$y7oG9`82uS2^v?WNczzaEKhvlER zF#fV)qy53`{>UMb8>~bj6nkGL&6ieJR-u@kEK1{kwsj7-!A--naiZaEeh|2kx{YBF z#|Xp*5m=#G*h;`cD#gI&@#KopFJZGrb#|Xp|F0X|Ku}-bsY?q$4reb6ZkEkT?$S*KY7Z#>?3W^NWM%N z@)IsEe0E5U@cNWM88Ke)hDfdvbV+x`4`f@Y)$ST*4CJuF?J!5YtPh7hFu%-OkZOWa zdd7e8JmC4_r1UUtqd}9HhQ=L{X++TNgolzvO3{)^Xpo6Z(Wr#6liEp9IpZgOs!dS* zNbvQmkzo}xQJSF~($|pTfvN%9-tQ*XEaPd2X{%}eW6THmDN*wS+Q#d3^tSw*AKEZ= zA{hD?3>6KTj4zF0>xdn>2?#BsTzX)3(H)Oluv+9>I$9`o`D*aF0`Yrxukbu&+o=Qz zCI=3;5U<*4Rs4u5fRu%+Q#0-HHs+{W2XdS^hN6K zIPYNZKpNv;y?09BmQbNg|HdypUF15Wt%6&g=$Z&h0L95s;wP*R-3&uH3%17ihWe(j zDZYs*=YLUpp_ay^F=N{&Db99|zmAhB&QS6zi<~1kF}EhX<-cXQErgQq(GDu^R{v6{ zls{GFD7)Q6syzKAvAji!MX^rpDsAUOzov{B1qOu>Me~exF+y>YOot5F2)h~IzT-aq zzWm7Ti01d)$}M#{H7Kx}3$w^mj5F`mohnKy=;vMMjpzF+ z^eXzSX|3a|>#RrTXy+6vhmYXaLnjI>W&l(1Gd@ST7RO`86FcK8+?7rX)mnuo+9!f1 z{I{gHl(%gsxf~zyAn|bVR@t@LiL8v-8Q2eP80XhYy_9c~Qz}xzu_Y^|PRkbj?7pmu z@TvHOxi{Upoud)zWs?vlPS|JP@YcE>0|kM{Kt9*WBjn?0P&)|Pn-4T`(qUM}k`^N; zfx8Q3^2I<$=!-#xLHTB}kh!5Xs>zRuyy30HPs3C5%=3=nM&a8(5_6_?3zH>2NZiLp z4%7_z?&=L>4-`_CP&!fK%W2EyWL9L>%iYM~%MoWNkGGH4k5`Ocr0tIBjkAs2XKXeG zGGx&|U}Ir((HqHH$Oi4}k6tVL^FnsP-=x6+CpRJdbN4hYdr*BjephqtzhiRLcUyktHNb9B z!iK_P@VxRA<)`=%_tg4aeQk3u`4aLH{n7@d24xI2@{R}=54r?~6B-$o2c{a%8fD;p z_->1r^uBWJsu#I+pG`Id*OK4p^6wI>VSLCjxAP8;f z1%wMlF~<(YJ(vmF`~Q52dQ>DkC)Jd2mzXZVmYkRLi@1y3Kz}6}pqId#MXUUniK&Cb zhj&P4#Hj;}0?l$>>5j{{``Dvg zi~%V)Y4@`TV+a#bami0~i#2Bk{krO{c-q+7aTCywuC)3nj+#Y`y1L1BHZso!g~v%00aw_0Ge9Wb9low}EdWSiU8;RS0VIURS;hjZDka`FWj zfMb>Fnp#C)RpkblzNl{N`hGKdsqvt}em=d?;52!pf3czS?0d&?vAAr|{`)3AnE07C zgf_EMu0p2LX})z{5#=Y*(aZ2{DG+ZwV<)2)HVoFRDX|IXMEB(6r0EpE-u+?bYrd#- zxINLG(AtXS{Fh}h2UIH~yd2cE~noWgubzPMH*8-9CV-%0qD$O7{+FRvR%#4hoL zjHwkr);&|nOv%+qgQ@@?Pnq9p{Z>u0Iui*Km|3_&nI7&%dUJ0lx+|?gas7lS6N9;3 zE=F%*HPQJvOa=(;uANECUU&6}`>L92wOQ>a-c9=%H%$kp3X6&_C!o_v#>1Ked`2#9 z2jIHxY0j+QLCSr#3*gnk0N4j~IlpLcTNhvv@avH7s28-~yzxoD-&mXM5V|Az{prqV znygr|IKGKk^VR%KCuvN}9k|)``zfi63gtcbJEnltmp8K?TQs*;$7~%IZjDgTFzKH&2c)zqatNGOqxc8&>Un4;xp0gHk_-c2Ts5 z2PC2et$nLr_nyjcT-FXPOk}&Zy1x5y{9d_Z0Il|2Rb4ru>5S#r!l0^cId6!<}L zKtim@Lr5W(c%MiIm2|$NgnyyRIccNn#|=DjhbXv#gcBWHKe7z2C_sTgE0cJJSnBy) z^BYsTBIH$#-WhQv<9l3umuMS#I}e0`&*0#o_P}7*LSFv{Y~E|18k5i`nQ(}*#)c0r z$fvT@qp-h8e?z?Xp;k%YlkP)6KxSL1eR2IFFUM=*V8>`=>R@cf=xOH&#=H;^{GPnv zk9KCRMkJngw)QT(o&u!*^#(8a^Pk&Hq$L0KimQzP=@)q=5>W?dGZGF)c1C7WK?D*K z5`Je>b6yoOiT^Vk{7rz=($&?Gmx;;4!-LU-jnTo`f{BHPhlh!om5G&=0sIDoi*?2RBy%Qqn&Q{olX;-lv(T)&Hzy@A7}h z0u#ve=Lr)FBQw+gof|xq|Ib}sB`Z%e+b?2Pc4qc2;57t!IN13A>;3=r#)ce9l#~R(*bU^f$SHx?9R+)|0wh?$hG3u8})5 zEEEaEe_k-c-Fgs*fvOOYsQ>E{hakn_f`SW#`1ca-K@A*YNRy4kfc#&B0*Cqq{?{5L zO3ctC&WHypJ7U5R(Eo9fI6I;I=L!&Tm`IQjYr(DGxzYajwjy-b-u-_NA__qYFl3}q zfd0=Fgu!Io{|61=umArc;}`Z=`j!|%u&|~k4k5p1g15K#Tqyv+W!_a=8!sUtF=yfF znfBr@6ef}npBo$)l=PRRVc}ZV?OFY0WMs;!s$yhhW#>zQzzk~}oAQzp3A@7kQpH?_ z+uK{@??{xNyNRG`nE8Cq7!DEsCCzRYD5CgqZEbDKx0lC8!yc&HbS?)XX+&lMIMWaaF?&vGoXT2qc%R#8#Vhs+m~!l)-Rn!->>A)BJ) z<>f^yjRp%nLkf|YiOnds0N)4z%%0YE2~t`YH)#y?_Xho~Ny4+skJtNi zOG{}oDnB8ELc!{evGX}kfdmzf`g5E6xwiLJKaMnzsPCWAf!WYS(KmI2M6!bfE-}{U zx85v@HQBz={n%pmb-Kq$6RHDqQF&NKZT9QDcmxDv-3Z_Qu@vDaXj)oY%l;@VnO{-A z`qMT*xY#xb5o^XB*G>~Uq30Fql}E>=xf;9HyJ8_+{}{1pa$wA%!0nvs@pn~)psjJ* z$CptgQm)@M>E{$FS53el$-{*|D!!jb7@__x07@vvR9SiLVnqFz-6nWj$n>BghP>$X ziSi-uMn!>J%-3^=096yaPqwr9;Vpl2yH!{ix^`^trSrZcUV-nN{oAe2HrOr!Ll;5v znVi!m@d6Txf{)|_OW4azgU7-Dm&d}NFcMhW=`?GKP<*%EHCj#=hzP1@>7YZQwn{@_ ziTvvB4n%JvwdZo!(1j}vb@@xNQ6Yj_ps^Ws%YN2GY>bSIv|OPorTuY3H^7R9l{OEi z*KL#lCB1LOKCA@)um%$Y^0<>;FJ0)aE?(Ki#f2r?TRE3b%pOwzjcda*gvj^TXYB^_ z4`5@0;upGNq=Dw@+1S)@tmy_kI0v zfVPGBk1G~e*do023`cLH%63&rOrl$M1Vh}-VCe{zrlwUX z3*Ic@sxG9aoV`2OXc6)N$?c;!h9YLr5>+7rQq`>`D?(Y{11ZXH86&0N5WnS#2Sx@q>aH}f>G&oU^e<@8u zE%Zo>tP4z2-I1Ny)#`XD+C-%4m3IdyAH^?%v1JRYqM~9Xk~JT77+!df(&GE=M^=;T z!gxU$k99YkTM)=p;P(-d87Z|@^|{Nq(vC(6Uf|y>fq?>3`SYdbez0LU}M(C$B9Ru_i6*kaLyk&?yZz5i+~g=5c@RN;%AAii@H5fB6!_tUx(abu7VdV!dAq_K24+k2l8^l{E!mFC2q|?!zMq=Cvf_ z@YGa7hMEkJQdaiDlqa3NVsIWEt=Y0JyXrL1_w!$1f)YIeTOX~xX?xxJx*{@vneQ8i zTQOpToPxT3+@oc^q~L89iLbC4D!}%P_L|xX$$*@ok6~&B)e|KZUD;m=)p^OIhkqA8eQpB1Am_R`FVMnw;}cv za15hQs(Pr>Zi=!89#fv2pO4GT#XSg+&j{AF#Bs6#eTU<0c_anP)8 zTh6JfC@J|`(|#?(yZ>GFI>RU*lZcdSR8wVOW5fHj8uSxG(UjwmWHMrHH$!y&q7}1f zrs^Pe>>ofzq65v(F5;F?$nWk!5pzmp<>ODf*|!EMUjj%ZQk2_IpF$Z3`)!&UCHAu3n6I>74AP- zk5$vd{s)fjm+BTb;xPA+u|)K;;--V+CqmJ4?12FtD+b`5o|uO{{FEbcrn>&|TGrI0 z-n3C;(6!;dYW}{M&bibl=p-X%xM&Qn2j#E5=6!@8;?_Iv<)>&&e&&iZh3Tm`8&#{k zXtbKG|3=I@4Hi4ECsmaWAg-qC&HJ0y_iXoiBqf~aReK^2dwp)#?N;XOiBJeJ-R+TY^AWlFOI`0(dqR)|1nFWv-*ylzQ6ArAds0zleUbu@bTm|j z@Iw5>e&o9grET363@>KES}jf05OfX)8KIl$ z0Fy58_!ZwiZ@yA<)s|;rEzgFwsWmkrx5D_{_Pc-PBT4u!41YU2H)OvgmbmJZAW&NgJ@BttWDp8!T2WFjFYO*+X_9*-gkF-`upQFB=jPl8!I^ zO@;E?i7QhP<090BQV?!Z(v}GGKa&=T3j-Mz!vWWOYMGB#tF1=iSXfvxd;~6IELO=V ziK=AaAd6QTT1VuyhX#B+$Rs2T;M=p#)3|57$k0vyK@SK0m%j%Cg&z{a+AgJG3#wi% zeHr=CG?8QJ@P7#A403vJ!oHcvmM&~(D62mJna z+VvI=g{1D792^ z82!L_k%oD--V9OCZC-tD-7WwS`dJ_ED9{H6#%tN?Zv+EYlAxDQTiY;#nIflUy+Ora z!F9AFFq4Z!k$K1i0{5h(KRGAqM*Q)9i=B5ICzqFs=xncBjElbdL`TdDM>0YzD*wQA z2)I3nAZ8{u5cYgHU|BzSJpeIyEXQ}M zBkM_z4Sg?;w{R6 zYazdJ$rHuLsn$P?yYUahA)p?m@>;$CK-Lyg(Q*dNr zut*oXORKA6J0JR)zOA2bxdX9PU~2;q|8qD$G~S#yFw;)JNK5j*ROppPKAU%5qbbU7)HdjwE zFfh2T+5wd9?5gcJ5r*q*R%hPzty3F3cX~2x z&ID5NN`e%?qcB>9Uba!J4kxmkbv@Dv?T9D8ePtYJ-U|JE3LpQeb_ErXlX&+|xVeg7MqJRCYqFa-FIMYF zYU;URg^7F`UF4HvbR#n+)E%WZ0(+)B2>7w;lak%i^Zb6dbM`J^w04De`3jdvvcAyc z+Co4GBC1wT_Kf9_{JS9Z6MTl^^;eF@>e?L6JGtUR6wcW=|0-c6M;rnwXebgx#Goig z{Bfj?pE6{&%Q>s(CHM~Qi5gX3jFvS7@u(3JS65bKQgxl--8?*2onw)Ko6;RMTFpzr z|3x-6G!&_&5dR^=lkljyb;S`~sA?|{x0vB?r4O%ei=RNhCi*N*JPJiyyKQ-)GiaZV zAIg1>32&=kj4Lt^u1g2_+RB@GC>(kco+=*=EI zHkds5NjH zbvt%tC_=s`)v@i7a)zqd*~iZJm}|=4k&ml1G|9UjUzhb6i6I2_Q!veq2RtSXT2y9jKWq^94;u^jcV50o+sEPr8_b9 z`MAEHX_khqnJ*Kq3Wq#M{rPbE96!E5bHxI4?{R-dnj=iV_~e(qP86th(l1W%CVg_r zn9d*uvvFv>#fePM|8XA^N&C{8ZO>YXEjO&ZWh2=1Mna-LQ+_2Z9f#K7u+}D$PwKbF zBOY(Sw9Si+rQcY>4TS{qqX@~*!l{c@kiygUDOG~d-f*h%p*)XS)r*H_RY_8&`<{Hd z^3)o|ud$$3*L7eL^T0-r>|OyXNB9Cb`|WdP1XtPY+s--v1Sm6|N8>z0@tP_Ww`p;l z>5Yzs&A=f%jWz+QU)2Yrsizs5``@GPSFk3hq~-7E&%bL@#rN`x7~Tf)xH13`jDqof zu0}j=n|FUp$hKhNAVX)7{-OjN=)b)@|9Wjg`-QVvm!jifK+AA&{=-oA~Dj?OA(h0`Et?7baH3KdZ0c=ldX zBsMvUZ#}_>Trl*pvjj#hLL;=>ehM5}#EvnM&|oLZGsu3xsbIjxy>YQFEff;-X$zU- zA|M4sm*tO$-jsR|N5`=%e46BG6L?d3T5};Tayysj(QNjmotnFb1nw{WF5WFUpC~mh ztn!lB3R}Pi?)2X)tty%2B=ZYJ>4?0_906$zTe~fCyeR#4@i%|iQV}Cz77Zmg<##@> zU#|29bos#CwlQCHW2e0*EA#xo{Nt1wtV;`5Ib$94Z-=2>D(QpXFqviSt1D2Tp~^nc z*#X+h3|`(u5USUgCC){!BY{im!cm3lf&pvlbulDF8e8t8;>lW`=$!2wT*qUKFJES* z?{h#nW9~VEyhTHS-9bIpPm}Y+MdKZ+tWvS$!*FV0_p>omK+|azgsuzV>Cs-2q5_S* zpd>AKBHbu-cEH=?-0G^$Bha<=K((#S^QlJXeM$kOT02d!2>U7=*aiuT8@Jw`_QDBp zT0HpKgoO;|6?L?Zp57VFLK!$aW4-<&Yf@A09dC0K|12DO5y0=lsO>u2zH({HE$q?t zj8;L1tH5SvK0WMe_Mcbv|xBW1L zWvr~B*SGsFMR0YnXy1mj3=A_<&bN$4Smi>%JA40eX`B|!#pB%+mKKy+->GTFk!wfa zs}8-!lXD|HP-e7F$DV4Xfa`tOZKJbv`bC%>8frq#D6#+b?#IH+ou(9=VU(P^!74ai zP^Z*Y0j4s0xsA}x!9J;F7!1NSpr-cD0I1-+RBM6$!lnrU!GxWey{!X&wKOOz?9i=(2&y9b)AFPm{# zFOtO7g>)LmaiJ_E;`L-n%GuA8@kR^#ZP04-o2;Ec3V9N4z!lKMtSJ=b(REl@q@B+={b( zMn&?$u|W0g$ch#y4N}bq2BWpIQrz`~z%m$=Dl9_bIU7y2n%O1!-3MbLE3isq3q(IM^So1~ zvvM5C^;N}NnVu<)>&(Tym)8aFSGFybGt-CwyoC_tG);kK74NisK`z2PR_K2@U4fTh zeJQomKPuyR*Q4oIgMuQVm97-_f(nPJ0!O&6I9hTRtKC(jUc)gmqu@W(X<4m5jw2oe zN|}t!M}50{b8>{(t~NCso-zZ%Ly@km_SG0;%y-DulaDU(v7?5O z+oOYQ<=Q6-%aqz`qti%=DfAf0zYkM2MO>{}OLBJTT~-tZMIB*JGihY$@s7ygX35yZ z#;6v{^j-X^%kxiovT1mde`_XvMgu9QdYNFbhZuJH-aSfb_+%ZRR#(CyVx0>=XY}>7={si1u*MG zSa2`O&_&m;XAKr1?=c>JWdR8Ge?6yul`=Pvb)Pq5d>XsLn%>}k5AJE~>8~&O8L#~^ zhELO*?^_1|_}qa9OwLn{un?keK#+f;hkE0zkC19y|40PoIzWIxdX0{qv7R7K)NF5 z?VH&?xd=FRt5A^KpP=Z647ok^tMPU)(aP|f2r#R3#6@WGgSXXTCc0fS%$u&M;u>?5 zZk2zV67?xbNjh~uC8hUhJp-_w?9lbe8hQ97!d}9Xcd-$cSDO^;|I30=I3TXDEKO zG&8J|!(jb>D4&S(1$9!Ftx`}a3>^D#QYkp2BYyg`fVxHaM7{QVzL~@9AwO^x-fEW8 zraIIa!?hKAsRxBq4vzbk>?;`m@V3)qI6ieY=?aH`7^}T-rVoE7@Yy?wDv-@()FL^7 z>(ZLEfi1|O8J^o~()?MMb@&pD^V7*?c|Ld>6vZH*sgiGj1Tu|T5O_0=@GE0I3mU{6 z_S;6=B%|9dJ6Bn6-1Svuu$8~Md<~oxGA{GXZnf{XpFe))TzqU+9cRZ1#IQ-lfGGTXlSYUcQBNoB%0f=$28cPkcCmP zAF&dFiHkoj2=Pb*NaV;~rkjiIBwKDZU%ryAqFr3kGxQptMl4gf4ofG`DRC$t%P7Xn zUY-`!^ejalcfJkU^SWrIYaftj--xWOksA&QWM*2VXqQ{J?=m^5$R>JM4WId4EuD(K zsL;zD5~?ed5@<*uyMd$#-y5$;bPxM1G>c$Ie46HK2&rrpjPqB|dV-I-_|sl!0nGpO z=5#|$!e?_3yGT+Llm-_H>cuJtIl`aIHUEfZ7@qqNsa!k(KZjxhlkV-zDMsvRbNMtd zOLT&X1*Rptyn1{YblG%1Ph6jbvz|IX4poX;OBV?FMO-;o_810TA6 zj4K}2bbk{!nY#8IjPv1)SInjLTQHCte#G}t7-I1@fP>+tf?IN%RIeKu}#V(jG1d%-ff-|(rWQ22bU9PX1yfiIPX2ifNTQ|YP%T%0-kWVq;O zqiA(KJ2JqXB+KK*8L*F?tL}g@OB0@w7}M49w4KuerO6~J+2zJkyV{ElO_?NIPBrl{ zkR2gx1IMacL~RuMti^%>ryv3;;-Vb+f&wL7@g)rbVcGz-wLD>jdE#Wg(&|#*Ms?q# z6(t`PQIGo&e(CCuwLYGP5>TT5*zL@=tZRugrS8eGKSfzTR!QP$NS&b1zkDkWN4}$+ z{GDL+rG{E>Ai|&pdg{5rv6f*130mwv;>`-lZtUaNBc^GiKMmvoPD(l>{l-1Phpmv5 z2k7$ez}8_R#sDx#9nZB1`xYFCnm`c@#uDqH+2oDhvv7XVI*tbG+3lwXd^*0adu!mc zpYK*l5;VbUkk&HdARt0nVW7UMDz3J0aNP`3h==bN4vjx1{>10BC3*bflzjoie}?C9 zSK+mf6BaT(P)6IOal`>1}0WNie)?6mFpjL+cru#y< z?o&w2d01#S=-)}YlNcrj!i_s*t5*w3sQ%vAFP(g;Pik&_AG2W{u>XzqsXt&rRX+Xh znO=l*s5hml3caW4`Kqde+|$P7@y#!1g(e9#PlmG(AIYvuW{!4gEbJ@a&u{)6N|tZ;Db zMp-W`6DYsX#jzrES%v_7#Aw>Pk&|@HdOh?&7Ztamv^z-qoCDOqy$qQ@SJjpLq zC1YzGD`dsdF*!}^Vh_|J59Auk0A&N7&+y>ZT)Ro_mC=PSqYK*4xQ|IGNvc~5qD#KA z<{nD9E{o&ni6ti|dwpi@D2<`dnGyQ^sE9{2(SF$?ml>zndH}br~(=0gM zIXBwWIdjFCi$kr|$~!ik3V4;Uan7>*c)U);Qp1Ex6B;5+A4GJaLEx~K?Mr;fS)%!> zcJ1M%AH1+Ri<3I7H9BgH2t^ETNPLIq1}DwR2jIXHf!r(Htq)ZYUBy^#t)9E=BN16$ zeE&UhDa9^7lhcm$(e$K|^076YQW8i&9vH<1%Y+aG4FwP9ib8?i%D~^?%&VZ!IV?A9 zUIQExKP1psP^ERLmtmu0eGw)(gyWunCf$fExEJSV{RIno2p*+9jBzM{R*M^ z^|S&VW1alA_3a5naSY&dcg|2?GP2N&1BE*=Q2oexhoc%QW~=tH6;`q^TD=1^8*$=p(jaIz_&YtRy_L}uI2^!HI<7k1CX_@J9@*v^w?k!x7(UeM{0{AeFfQB4 zU|}+Lk%O0FHv(KG6+ZF{%7lQ93JFxtHg(%5vQ?hoNqh#)DkhCpWtHPQbAXSrWLr5G zjeZ6f_FR4yRhS9?Uhe-)JEnSex>Q*o-R=W=z1up{VdL2h^AX>DQJx=7l|KoEzY=Y5) zgh`?N?cMac7IpVhXcIH_W$hF29ReQDNSf{j+yfRyodWxKpLWAfuYSNlqDD}FRj*EN z>m5{>Tz7?jeZ^vZ4`->Ey^jxHwLzEQ?hUdEJh+3%st_OADhYw*aG{6s9S-^%+Q+T^ zkc|xoM(5JSp|Ozz45|Kx=Sw|*;A!idXU~WMw4;uJt>!^!Bq|&fNgiC@J&ZjxDm5ci zL8=&+*@;+fr2VK_sw(Myxqj-Vron!wQpsS+6v-f5 z3FkS&eVLcnaLb$}cahj@Zf>6W`T?I+aMMUr;IW)`7bKOI34NWvle|E)o_>DnFVSPQ zmfAQyxI=XeYJAeT=UR=*y@p}VBy?<)0lV?*CCy{}#V}fD-QZ(?MUoI5Of$P-OC(Bg z&|+MX{v&gd_86}zm5df*7vPh64?S!*;YmcAvNfy{t@NlvsZm_Z)iy|}uzpTErI(q6 zl~P}Y23p=XTDt@!%`@-^x`cPyglsQ}d-^J75G>E?`RYCVY!6q#r#d3V>$z9Z z%k8e16R5@92?UzfX=niwF5~sN{Z@O~>7TYUv>^_<>m;!gwA|41vJXkct2CKEZi)xZ zOln$T$aXaQe0O(;J_ch6?6y7@nCG)db#|Yq@XnVu#&0=968EeC5)Y)%vV3cPlsbTU zbnXe=y6XhrXjwh`b;@uW>NAPb9yIH@->1{1XV3Ffu#0YetW37Lj8_RW31U-JXToIy2Ydv^x-^=sU%c{9wWPN0Zv1ojZ205-Fi% zboqNqo-_NE;mHDGu43NYFG`cbwbm@Vj!bB58Vx{B1vf0wl{fRVxbe3Sz+8gU=ck2_ zgDthIeGB?f4%by9tVUVsIveQEd>xT6SGBphEpO)%&7X2D0gcO&x!fgLcwc_#KSyMW zU;Jcgsn@uOUVV`v8GUz;s3UpQ+ty~OX%Q&Hv2{q60!o%cG@sgJUy%=9$YQ4R#arVa&yA#aNu8nsUgyA9`K8-Ms6*7N#7g!f_gx1)_yd(B+Qz!p4|xbPo}x%f9^XH<6_9FSZlqb`P&-ra2A zXm*xnn6`*C&iWX9eCU5ETH(xy}_yO z^KD~DS+VqaxGu5!!eQ-XJM!fxa+V+Tg0rkOzsK6k(p3wjM&Z+KWU7L;*=AQ&mY|Pu z|CjGfS=we93PcG3oz{V-{J&i?O)Shh_lYAHR|!WU_(+t8+|m`V%4A4T+KB9k_7a$5>RI`6_6foF@^t{<3)vF%i&BfG%eR(CX1LNhaXjfgdF zO;S|2DZ1KrbSm~%z=AptmA4)h6TNYfc-|DP{_AJ`O$4Of&SfXErAp;dmZ_-d+TY4fCbe4}VR9A!7M#Qsrj zJye7-cfYXV%R@%14bepj%I1a_tga4WUo(0RPSQ)AQ_e$#XJ!=Lld+>3&)>Jw>tHB@7zQCwKlMT66T-pv*V_pEW7 zJy)%Q^HT55^e7WHck|}4ogOAOC_X-@M!;x$0pI?V%Jo&tlBEZ9ZKlsi{()XR#l^RD z!Kc1M{IZQAtRo-d8kQ!S^`uQfL&j#NU2H?}iI5;CFiv5afbt+lH&J#E)g zUkc;dXfS4eqJIIeIgz66<^$&CMCrQW(EGacM5TjBo@BdM9s4`B`;hDtf zTn*YKa-TQS*ay{k==V>AMcto-&s^SFE*R5n?LOi&$BnK9K$Kw=wmdNR zqSm2WpF!_O|7w({sj zbrV{TBRJikfBi9@)!lhPVrR!j9RFNbNIS>dRQ@G3{rjw&q?7DLNGj)4Y`|sVW;-); z{%9k;&UGxCjpt*&%r|Va|26{+AA^_OakSfx+5~sbQT2(up)@lEGzN|IIF!^AUXHqf63irUv69_AcNt-D_5gV=~-6wKAKS|*r&z7vosp95E z*y_8#cXursRr?(#uY|ML)^$!uZaXknD1@DNNwg>59q(veG3bJjeWo+)g>a3`#E^+Y z&Fjm{Oei)tO%k`Bl0@pXXVqZz9Y(-<+*veO49`y*(JU-+;0VM9t3n>%_V!<;KEFUxdIuoNb^cWqy5Ijvq$%Wt|tN4M-1RTDB4t5i?w zY<5i2(o2!Rgyqm!R(}&Ewwhw1M~!zg{R&2&lf-bdO5L*Ag~@wXyx%HtawOOeh!nA6 zZ-)1;XfO(dT0fMjBgsoofAE&BW-3zG>@mbaI^!9_vTobw!w&v z9B%o;4biRZ6~%fJ+y(!*B*#$uxJ6d`v=|C}PDJ0O*IWKF*zi_{6M-i)) zW{o3-J(}Lw;uD9dVG;LKyFq*b1g6Dz1SCiy&m(?euN@fcPlCy3>r=SJNk@pZo_4)$aQ5PH}0?R8|FAf)GyF(^~Tp&Rf4H?S6kf1af6wP>zp}*GhAc-~NP<0Di`jWGLA^qQB%$iQ$ma;ke_awD+*2LWMZK7BoF~;%r^RRGRW6lfhM; z5jLi4EqKgI`sQlu8O*ESnKaV&TfT`RsLp;|MZ?Mbuq51yWnlN{?MVZLiwOUoLKhq! z&Hd3!*kl&<& zAb`&f`pJ&YSnp5IV&7;$Tc!fy?o!yNS1E4FX1T(Ax0N&YHx&`X0jef>Ar&I&3>}M? z*D8D{l1sWOl0Fan^JSy*s=t}w(9-Hu z(~c+-m(-5g%gr1-bbhX}-p2Zbad2saA8lZD`{7roYfy^ca92U7&Lm#NQOjej>p{Ia zulI2J+>brim9`VkmES9Rb80Jv(1|}|u|=jWDhDIuN}nYMxrii7S-y&2Mhmp;K@(|n ziEX~ROfGrq;D$4p=$Nf*<6iQ1R|EJ~Oa^zN;8G%sitt%6waAc= z1-~t2yCu@X&R+!nKKllT=@@?-eY$5Wy{~^a)rT_cu9o_lB4#!S#H%+XZ}h%Meg&TC zT};33IF6p}Uqqe3IvNgnx$fi|l3Q;zCvWy-U*BqVXbD%Ur7j*a;pwImt2WVR8egE3 zsy9Z`U;_fVOTdc05?v?yZpDffIdOuM_VlrS{rZdna3@G^mCB8`1R0-1ktZyaiZ>lm zW%ZKB6Jk1K9|+U0%j8Y#QdN+*S8vFj1x%LVZA8|yGX7qbLbEqKz}E8U!foc7KA z-SpbtPWscochKpF&Y(+AUQEkQy^=b3{BPUp?@?oT|JYbvDYMZTkM;d%QLFnK(7PI?M-4usT4_cPnd?8q0KP-zwfzc>W8mCUAV zo4-nbZaka9++%`M=~WA^uL^ zS-XgCYFtjO6*VlD`K5$EK;e<`@sNIxht|}!(3*-FbWYE9`fmHbX?`HJiTF%2h3BLZ zke_n&zOaV>p{}Fo$NSHuSBB=XA+9Tf{9REMqyAkR`&M$ezOQYiZW-Yh&LjNI?DaR$ zcK=Cqf9JdD$nx#<)frFFx%DqwD;!dTfP(}?Uy080Qf566MBf#?$hFdMd)QU);N^vB zrw9~c#hXY(+08MYDAR>nXMd1NkNLb3xXL~)htc<&j-nA4zo8m1U(1-^R8hE}!?>ybktqvkudjmc z+xHC33=YNEgGX)?K<|spu1}EbuNV6l(0BKJn4TS4##JJ}3<~mhLMn?)f67D{ORot2 z?!GcSpFXwY3VL_zdb(~V_r$2$$}f<0(VSVCkqQKyARs!ciW?>}aaQzQCix{wGifck z(wv>C8-mEq6y2nzEA)ytT143mJCP`pZpwX?OK8c-m(!N^LHd7BZl>K{Tr!w{ZDy3ulCF!(RF9WF51r+U(y+m^?f}}^syda4>ummKAbs$ z+n(w-4@lrE-IVYD+!S@{W6>3b}2{nEWsT5uCN$&$O9g@;4*a`|-nM#Ir`f9vW*DG-)p1kn2;vkS7< zUr)bmKZRRw-%EZsS5mx^fO5&chpA>Kc6hwIyrFt_a2dUC(|m5#{X1PebrsF@b){+r z@jxIe1Vm?LDsrvpJG)O#M*3vkwYIiWe}DQ9PkKRz3FC2f7WuN(D_-L|ntHcK@!P=5 z2$+rQlk>}$ZjZXKvg?{e+lxLn<})x7rkW$pSDhCB^y)r(yR~1UEYT@wn84*@(WEloLf$)TM_gyCLPP|viXrJG zl*KNONjkvef4}$mYxLHEUYhfsuTfXY0veU+oFmTc`N7OjqQ~>sZON9ip5PK4r($n{ zu_8Q>Nu$zn6(ufu=&}ZS*CDdbGF++z9k^r2B6&?UI!bgD&@GM*tF$G;D&>u1r!m2=Wbg}9SU0KG5LzW^`sgi@DmzmRS?c&?gAig*IH z)ST3?@)#{++hwcOxV)3tv3;4aEFLkQ002M$NkldOEfB zkJ2+++PO=x2v!c@0*a_y&`?2lerg3h_W5_wqn|&K?m7QxTGCWaA$ijv;#8f8CS6qv zuJY23$GR!&ExHmnl7u&$R67su{m>|dROgy{S6w#GQImf#bQz~@g*ZA`6jU&IqkJ$^+aoz7!%;nE}U zNZm^64m0ayH@%tJ;UQW-bRKDXUdvrL-jOnnH?W{8xtv>2bZOXC)s(Va#p+; z@XtX4=zWpeMbW=%PjoM%3%6fF{~SD=Uj%X2{IK+PFcYg%Z?QkmOim?LT)FZ0RV~FA z=BH9lBNeV3i@$_RJY{FRz8fzY+mU=YKgn0}mvV^H%QYSsdmxZ~0;01-Z)NJN=)6qx zG)p%r-Icd)-D*~rl>A0`p<M#p8Bj3pU{e7(VG&;Heg$V@y$^zBJLlz`PMvkl6&E->Qo3|R1 zP-O%#`-!CY#r@C6|Gq|-NP1uV;q%4S`$GTif2eZ>eR=N%)H=eVG@NMcIkyM#7YlD4 z8u9abeP!B%?VvwMAAQ%H2?AHQIjyFQK6Lmj`pJ`Tlb4%*Rr%!)f0VT4t=Q(jDonN5 za$<=hEw!pEGw&;>;z~?*60Xu|fh9a^>(0)8dTDzrEjVUAd1oF&!NI50*xg8UWkP>- zrJK}`RiFcZBp;{qaG=;(H7V=h{@~nNYGNV#_cw-VUr$ixC!!j@zgk$(9zNU0>)@8s zNsF)+Zl)LJfVYvle07{$zw^_z#CI_dMR>bxK}^E8eEd>a_11_9O3j0d)a5Ou1DEPj6WWECGA{1Z@KC+rCoMeRw&3lmI6G1)o{p1Zw@unJsl^~Z`+Th zfSX@3^Lo^#j@Jfj9WLkc{3lg=N9c^24W`lH2?E(9AbP8uG84I0be^5(I4L66T1zgv zD%*JjWXo2eR=iSKis*|LuF1Gc8ga&S$?QlH&d$`i%Nvw`_t2uQJ}WcV$0 zloP=!Ga@gV%3YRuUq;%BK-HHMlILx)p{(e(Dv^b`5>%*a~Xr8NB5M zhP3`nt@hB&IuCI}A)EyQBkocfb#XUG`2u9>xTi(Gi(8taT)&&Ec)4H}+$i@78R3cK z;PQh2dS4{JP8(Q!UbXv^)aIAoP1?*7v8mkT<`=YQ*StvAH$Oy&mLG_X66GU;*UR?2 zt{@BHQF>SPX7#zM>2LJyJs+k=dynEFLXw|)9UPUK*P-`U(pPtVihj4?b{5n7qQY?q z0@)>?hK6QXeOS?XcAjO{MeZn1l(BpF?u^f21TDE4vzyF>g`KPt^G}?C8SFfJDE&Mb24$1WESRD)W|H6kq~X8S=-e)phT)V4}KWd#H&0P>-(CB zRcY9q61b7B%VIl5;Ia+X$}0&}_F_kylB2DENTqjk_ecG?TS_6}vNi7Oe(VjG0|Z3K zF61${@`1CLKzV4Gm)_!8SLF*}$;r3I0mo+b-z^8M!=%jw(EB1WQ0Y?qy?q~~O(Qe; z#+KQRqnyk_&M${%`a0D$5fY zT7i|-aFEN@OxN%G5dF`bd#IkfLc@W;WD&5Uw?yZO-t+nR1@0uetUs~r+OOjisQuTjJ%W34|l8ilPAnvn-x@fRUzeC|yo{B(OF8KoOBad#<+U(Vov z|H>Zv=n>6SQ?3bNDVx~u<5u54uG>wea&hEAmi@(!>V_=){7;EmNx=S^z!hJKDe*X5 z_m^XiV2m$uO#UXkIyrabzFaF0tS_|%21Qo8%OKkH$-D!F0N0YaW$8+*Zgq(|!!0gd|w4`q% zy;{Ds7*8MP><|I;zK8|8X}F1g+Ij}R1Lo(*;K;-X(t^tZ_x&}m(k-)pO)aGz6T@vf z65)LJ++WcZyZ(b7@8ubtgDi9>wCHk8%0n1#<#L`@`=;$e+oscinIa${dP{Vdk232~ zAbPLpMDG6mnZFsc@>Zb;?#H}1#X_riqlIdsi(nMO`o1x}61E2AC9=?PsAQt?*fcLr zq=`s*XRQfP9}C@AcX!dpezArQonB2I&h)JVJ=EtPr4kuy7ZIT%M73_pl1_Om8``o! znvm7=ltx*JBf?huZxFKLrEH23O&H6$NqliK7Fc(>pMD&@9gi6uV*Ob1cGAA}62d~U z5cp{KU+Hg6XHsW~$JNT01r7v2z*Yi*u!rtxJCU{rd6LFpf2?hfm)^y#r~f_s0mlTc zo~a0E$){_3IXyqHDAJ;Wg3{KcC6QOi&-NZlYx)<`j*$i$43<)bXN2am zcs-$NGrha!?WEm|B_GM}Gdund9groAqQCQjVfs0j_mb(WXkJNM(lQ|e2slANbXO%E z%*eDAy_ZpjCW*2xa;+%)QJ2hw2L}SVML-vsvNh3hriInh7z2%dsoIhB#<)se^7FAw zI;Dodsz6P2dboV$KDXAbSp2mJ%7E4~8xf@(CgM{QuabeDN2H~f!!?T%XMA6a$C1TF zY)6iifw6rp#@Ju+j~2UTeq#x+0|Es|;KqIbMZ3#e=-K*rYs>xw&BhEC;ECguKp+bQ z?rwcI4S9LOCx2f|Za!W@@8ZU%=)~$xF=0jzSt97ZjuYsX1Mj6R{wAJBnHLd?^j4Be z%*`{Ad)W7olKpf=(?96^hUd8FQoNdvSPXAc`Tnr=!#qh()c2jo3=jFHkd*s+Zq0=Q zfyp4CbXWXaIAM{j=)Hu7(+JG^x&T&`z4Q%-1A$y6Ai6PCCvl_WM;{w)=>k}`#*f6& z!(>0q;xfoHEX$HTAs&+(3O}stU>N zwW?qufVGdb;L53nIGy%SGM10#ul7}lc8(&1#V-=d5y#6cWtT4O#&a_IsmKof;cVeR zAZG|vg$C)@+rC7fI`|;fy108-IoEe3yoM()V?r{lfFGdEKk_BwUKtV&2Ld1vLtrHA z<*vW);^ha-T5;WUh<7i2ZN?KZ>5LxRN2bz8wtSH;-E}d&IXr{>svaHXIycBwAAfio z^fJIZS@C&7s0~(g+v@X0k#U;~MwlrIR@NN8-dwBO);r7@tH#)}@t}T-l0q^F|3e5u5DP zi{;3^@{srvSK`U!8|*}ox>)$?(L~^?Zpx7`5z}H#eI%)T_*kv8%jvj-vuey0K`b9- zQ8u#24+3RAEg#J%{$Kt4#LYri#IEUwAAs3E=){*KOXrPjK)^`?PxUOOgRUm7luVWk;>o7IJpJ!f!fV^c zbF!}Pe{8*!9v?V{$MCRFW>K5aNjS%o_>xZ2$8(bJm#6Mb`so0RX;UJHiXgXAx`N)c9I$=R0&#J6h6|rgTEu{%N z{yRb8jrpoX$}Xpu*4~Tmd!F`o_mhW}wAd19E4{PyeMul?QTa$XCsx)}7E(qnOiL-@ zM5T2zX*Vq*udiH-D@F`X$zOgz2=up-&)-fBRc<~X7nebcBsSncpil|;xVz&=yB??0 zd)LtJl4jcPn@T;ND*mn{croPi&{Y1ez<~e=#1eR@^GL1oi4Jmksl{`EKGpa_bjaB8 zfzdkp%Fa*GEB+-!qp@9`$0C~Tj1JH%v_z%9Z^4~v+^<=*Pc=SI-{1EE+8yFn-{_@{ zxWaq5>qt7YZoOGj_g($rEn_0%Srxght;q-U$17}*O1YBHdc$+P z;=msS#t7)5bj%}#9kVpLpFa?$fsrtEduCF_q32NTqLnngX^|4RaZN|MDo(8`Bl+0n zWWuT-SF-MilnsYO>_&vFWFlfVB06QsB2D~?x3v6fVpxl$l}Nf!Hy?f$g_obn9*G{> zS!9on&`{eJ>fZP`^}qI8YV@{KMTrRB@jNxF_zMDsN1#5~L-j*Fw0x-W&JAY-0@)<+ zuf9XLLXqB1#yW>9C~p~kY|2aIOVEmY>%o<@dgO@o1+IRAER0vXj-Xo)tfU{b{89Iv zu$BC!95;2G8_7p6CvUmjYkDVltmjv2Vmh-R@?pJ@E^)@Q9Cd52jM`vvO=79HoQ% z2dHO=#{lW7QYDJ~;kr;-SVd4qOv{00RO-tyPc2+bsMg>}kVJ_jS3YtqV|WKfw8=1( zuw{WOsST!7S>)Ko;#Kz-+j`e#u_|I$IejbfgIl<~{8pS>pd>Hlct@2>d6baX+ep>T zhw^6`jh^rYI{3_u)ce}6h*v=(AJ3v?#GsqN76d>51V8`;bOJkgOzfTjPdF9b#aM>s z@HpBJ*1x7ljoH4%V{dOga0dIwSwe;DFXA3aT9+!W;70k4RCGRKb##z!J$MG4KXpyq zb#J8{H?^I^>A7604vZ9s?d=IP(9V%Ynp2A28WAekWRZaAFHbl#k!wZw*>Q?lZOQHJ z?ajE%0e+JJ2LicBU|g6bE?qoPCPG()VEYhvRGjxAns>%EarBvx#b45DLR7-F{FRW^ zl(GsB^L|CCmxudlO{bEJ{8LVnseJi}GZbGD$tn-spM6>TYA%vY9dLK7aQ|Ht9({ug zDqWV1fl?f);Weqqh>F5dufWRgO-%wp@)AA)FE8(-x+zE17~Ivl+%-%euYHad zl^&o?BTe-C&ZB8C#678Ex*P{6;HxIF_v6{WGtE!RF~!wIoo;@M80 z@N}Ah75!yJ_t|k?SrxfGJv|whIY=cLr$s^#aEgGjB{o?e#+F>;zNBj%uB6gqucVfD zT|)bM{q*})+vw2^2Y5W}5YImBqEa4{Dy^3#ykNa3P$hIlsp^7KiBpk_{AM}QBrAeb z!nHVh_hIc=30w(dCmWW|TD*v#9xgGISZ06ipLocB`6psp+mkFMsrvA~61#dFJ{C9O z5rG9Px%uHC?#nB&&JQJ{8#OUJ%u6v;{UoGdslhwBKE#-Su*F+3ENbmnmuxeH3$sFK&WjpzQ_y__pYnMY zJbp21`7kN}PJd&(V!|H;93@~ye_7FecAOMMt{oI%qi6|;s1w1Oij%myGp0K@SVCpT zf1Rcu_gQ*vZ!g{W)K>cUo^CbSQ#H4wjfU@W)mQM+DH9AEbHqLfI7gu0T|w(Am(ydlE9v># zqiL6S1`W$gn}qjv=H>CRNNftW(~$$O(|fz0qLcexq=rCe<_2v{DdP6E(gyl#uttk2szZHf9fm|bC6u7dV zNN^d$^>keWTsa>4Nfx;0(`)%$z%aD@Sf+~5 zlaIvVf3k+HRGLb_Dj$ifMbbpA7G3toZAyHJr&-}36{e+%*yli1o%2?SVMBba^;gnr zxpI&kjJXNV2?qbM2xF1ChL4n0ZMn}gw`KD~!+xT!JIFKjI;uPJ0&3f{hH66F)H=K4 zHn0Z*&J);C(n2>iT|$3q{2=vJ)@#G?)gavE2UHAQIkkY1vy@0O8MnH;6Pw9 z2q^t!`plNRG*)z9a_h-sWVI#NO5bcNZxWJYKnxJbjDTKu8U<`TOL|;ATxL=3t6EC4 zkH3Uk2g3CIzi*=bJtI`AkAanXSR|uTl`I^^fHI=}+GrKG__IY7S465NKBan;xsD}{ z3YIPJXaZG5AB!vHkvQtFilf;ywg9VO{-X%W^Njf` zp<#tYpj#95{RM?MJTHOycv_9;-x$_*(ec2po%9yuk$v@ z;!=(^fvcrgfe}9yC~4SJrQ;nHU-D3KRO~TL% zuUbSG&AXA>ywa^QyKaCd-uZFEa{5c{JpSR}FJVN?#w~?>Q8~`D6*KAk(~h7{5BJW1 z0|AE#RJi2Dkg>jrWXKg(Zy^41dyOUid|&hTJG!Fa@#XEIDYT|9y_eP;EE2xF$g$Kz>5AVDv{gYAOFjp>>^o#oXj@DK_F8C zQXlDclD>^+%NVX&alOqnae%SM@?>A>Z2x-|qNUB_VfZ{!7IidaQg_P9Th5ScDV;foZ;8llp<{J$`|@ z$Ip{I>GfRH$cB%li{eVa-Vhl6hNw46+?(i&bSsEykC{c09v{i#ork|ORR^`&}-)WoF3(H<$a zakp|L&zQOp6*(w=S{%(^{3Me2DS@kOs6;BACW^JV+I}Scm|Za-cD0Y>r{$yh>i%*x zv3fT1U_VI^DUCWG5w?+!-g>L#xI7fAoTSB!)vO$cc`d@>b?UhK(D%@QKPE>Gg98D3 z3AFp_>35AECMx3=$V7b(?aem1wZS3!{nT@5d+F@taczn*#FO^iSGSOYRlG)Mx?L&w z$HP_Tquh_mu zNetFg*_}|FR1zRgQ4`qbZK4+|SMUp#9P2j7za7D{3i@O1`?7X@dOaodWZ6u9-^Aa| z48BNVUi16ql1AFcOE1BJfRh9kmmT2cx43~NdQ2-X)6>S?j^7%Z5jXqKPhZ9L4Bz8n zvq$BSY6-rz<4n4I&*wf&F7m|#f0b{o46dUT%PFVgCyL|X%8(w zs7J*X1hPuNivF^q`|LPLvu~~)c1>+qQS@P%bOsIta*Tjcxavhy8cjclY$cxf%T|W3 z^@eMxcJ>O|(=|XlItSHqL29BVrSU}MY4J4$sU2(kn#j|a3ep9t61WioC{?T`KBX;G z8C3T4ePvB~YXVnVWu z>ru8Pt#nrwF)RCq?#ilTwLD;O$>b$~#F2fm64=Yj3hkhpsmdU;GQMTMxZ#4~6a4W9-m}TNP-Dr6kZ7!+i z-<`O>8ktx|8W5O3U{*;7&FA%Ji6?8D;G{*BdlEd}6aRa2bk#QcSncyfB^48rjvYwF z8|0T>0T$7+Rh9Ty==ct&|5V*`w4!3ixL?%XKYAAv`MA|seH{$n37*Zl$=ju!LsS|Z zf7wwV>-yjP?6QvSI#Hoz2l{!~qjR{;i zP=1-*977|cDi?K(KOkT?0sbaY zyJrgV^JZ>3p5?j2%dJ38IFm1ThnpY9MKq}2s|+*sFjIG_`Z{N50m(ohB?70{a<^kO z(V4NH;2WF8>4WV@^F3&ClSeFH*ZdI8bMKC%Pbs^Jk$BmlCEjgx-K;-P^p86FK;3Kf z?ZyY_UDexYS}707k)?!W=}hkCd`#tzxZRwi%-|3NY$sqve_7FecAQ97MQ+H#I3_EQ z?EnQEAYeuynV>aGBNHW6%sNs9Z93RTqudH3cGOr|u5Lwaijq?=g_ZD>Lk{JAUEnIY zEAdzZvg}mxMc9tZR4u(k5rM00idj{c^D%!HmB8f)vem>j?}!sWi7Sa^qduDDF(J&J zs=Qj11dj;(9Ko$NwN+eE&z+`?J09J^h3a6dF8(Jcz()Av5&PQzoywFC_>cVKS~T)s_Sv!GjO?jHIZ~ojMH7+8|JA+hXVm;2*^y|EhBp= zES-_0g(asPe>Xf{nmfEFrc`tM+~Yyk-OkkUk5&zj2W*rvjRvRxmKnU#+hqgc(Ezms z`uV#r-)%S$aE`!H+!DH?bThY#au<84cZ`mELELoUOd2&EcdJEQS-XLLG4C!qu7Z0H z`Phb=C#zCsqHG!M>iaCD?{7bzcB}Eax@Y`tg?oe~zZ+WqNcYVB1>HaAHhOQ}`uGVD z0s;;bfXGb|ur)<*p`uQ)e24}D=@KwL>=~ccWM4jdxV{zpBFL(m4x>Syd}UX+HXe7p zg;WwsERmf2Pg-#KpB!slk7c4MJ{C>KTa}NBp<=5r@slK)OcY_rHpGuTL#$x6q>-&e zRR6WDQQ(fn;~=$AkY;2oPbp8bZ{;Wp>M7icd(jDpQhf!_q#ER7PG2JAOP#<}Lki3Kv$Rkb& zkCMP6nC?&vHU?}=v9WRQy|1@7Z&Po#>3!eaJJQkBz0#Fd(n?p~*muvIX=mnl&e6vIPEYVQ5V45O>+Q6| z5*?#{BpXk*6-NYu1o-}bY{?(o#~{=aK`*=;DSNbcg?(-Jg+tx*&d#lS#{T=TZ`$V< z{n%E-(5oA-!LI>-4=`Vs;yKEByLo9d4fYnNSK0sBc}ZT1qo1z8Hb$>*eAwnhF~vtl z1P&R2(OP=NGj?#guXwtp`iwv4rCuQr?qCYb!HhB@Fw+R+bYV_pW^>eyJ5y~9$aWD8-|s3R{r9MIFx^`XV#^`^yr3v`9Dt>-U-~S z7^ai6xghSJ+_hX_MspFfX?vlaP0O7jz-VtI=N^X%c}c45~Jt8h~Wh9y64hY&>W zE0FH|H0B=4h`?7ptmLp}1&7RL_QM;F{=cOUsr z_KTJOW*=+5&R$t_znxR{s9jL~kj442wvb75+xJ?|vp=>SS;$vzA~3B99E|=t7~MA! zP^MXJJrPAx8X_=t1iXk1UU9VE#Bkjr>@Od;-R-^T%}r%{L#ZlVVz5x$x<;jQ%=O?> z%;p3tj?T_=2BBQdxw*J-8CYnF-Z1?^fr~g^s4{N$|7_a1Q+EkXI?gI%_*2vKXA5;hB)DE&3S10XcEgsvfb{}5Cu*GlhTnkrr8@<2 z?w9F8PwrM%zSx}APVBoA{UZXCK%f>Yg1>FwwYH!GBM7ETZ!Z7X#H04PUH@+J0&{ZX zcy~VA^00-X(b2z3P2u2@Q*03^g+MKa z0e^DQZ&01Ep2=_eW^8kBv;E`tH`&{2Y$JD2`r%1 z)tj_#^iZ#vS8rc@-6{6ZZ#d27VCx|3dkh_~-$4T-g?zGn6u2xq?YSd+YbowsuP)pM zjwRM9TV7 zX^WzFrXm`K(Byx)YvSkyGOtP5$sa#H(?pmq+!@BX!Q#WaOyDGf0yb2~?FeiW^vYwF z*(JxWu*2pxWZTreSlP1eTbOpc8xaxMiB~UXnOE9*vD}r1`R7Eg6T{xlun@iJT{vR( z*Sh%-;;_nyz$6p+tGz$4o=BB_bJ2Tkf7N_^Xu$`Y6n;}>C~jjFR+;LuOLzX%zPSAh zqh9%6_dkGl)a;tZHI}H1VF4|?JGs9b1CjY|qL-EL=(?W$_QhTI*(nLkp~tI9uOWu7 ztN-Qu4GEY#fw<)m<;Fyh{bkEj_E&9O8C^yMrj|fsw8uU=|0a8&bER#{;N8W1*+GK` zI^AnOZhI*{1V`-Ci+^crDqkG*F2PnG?zJnI{=_cb^bvfQ<%_|W#2cI^yX~s|=h|!M zJZxvyJ?}kq6af*KBmxq-lLS`DiU0{X?G`}6DlZhnf)y}5XlSyXN#W?kscUpP8+@~s zBSkIe(z?-3bVGtnb3pDw*g0(nH^@Ku<-$OQ(%R9NKm#>oFIhPkD;zJfW0y49JS+qi z33Ct!0=ORzd1i+iS*`N#GNY$?0mTO{a& zERPheya2*_aqH}KqaWSTAa`yoAxq068Yf)pHqH6H8La!!h^?3qr=pY=H=@Xhz&HuS z@H~EU=YQJKJ>x zth#^b%EyJ$sYPS{%Dwm5@qPR4$MtLMv5IC(aUnR)DR2gVQ4(oelI*lsbZoWvwmfG? zCR^RBIZWUpd=ieKI&7!nzk20TDR{u&ubSQ-JH2g(y{q*(yQFKI`$$$WtQ8-cD7 znmf;L?D}x7x{G92XLVs9;wV_Ny(&3@3lA@RvpuLeNsC~NGbnKVUbi`co2#t*k&zUJ zL8s8QdC5^r?V~R{(oTlRoifvpio53l2;84rf8P_}<7Y+WM5`0l6t64{8yLY~&drHi zx>MjXo)@@0NBZuZy-^go;02~h_mKdnG9oa^1h{YRt6KkPr*=MK&r}{}4^%w<07nsow=gzIeU5c4v5?)do0#u zyRbrR0)H=>Q+>8R(Pqc=9k3%4EmrB?%fY{G`PW&6#`~+bJmH2O=lk)T`Q_iRTFet( z-q&d-LR=r7XvIQPqYLsv>B&t5CX&EAF?V)za<2W$?pLFFK|K?EVOcLFyX@Y~I(z@t z_t{%J?zWH3|D7$Vz=zrr%|9&pjosF9glLi$`>EpP$U&3ARKvG448seNqG?@LTk z!9+j=#zR0NcRbV-M+9;Nyujrt>&DY%`7E15#p30&I!k8X_5 z9|RrkY)Df6IiZ{j$9cXB(980-7awD9Ib{`m83040t=B@C1BiginnKj2LZ=;CZ$L1A^BHT)KII%kcbhXc>BM*|Y0< zfZ3ZnxV3`kk3cdaFeL=$r}o+W&V6=9_k;NK61TMbpc8yACMp}~ImH8Bfzb^KJCNrH1Sy95BY_IczvsNgQp|A>!e85kMRrCB9ATdE?nZN>d6eMt7J(@t z5W(V6|G4;iYe`kxw_09_ss;N==bLn&?akEK*I&HA?(11=|F-yQJEeAGeyD=yOJe)& zb4#zacW(YG_;Y1*)?Yb;_bq|Nr@r6vQoEq>X*;HBoA=RC1Vmth2}tBlFi<5oy9iKN zd7;ar7h2ve=2aPe_oGLH9)t1r9vXpCu4 zv^Kc+bBqxcTm+^G0Seu(uDBYx!S+G>F|;_%52ksQh^y1W)}D-8bF}omqFEPR*zknC zrSWe2S=(8twgx}Oy5ggbd%AatUA6Zd`@)i+Tg?c=mNWSD)S9lbzDxvvV=`71NmwoB z{>q4e2#iiZB6oB~3LyeT2?T|e({Z_w-cEnoeK<~mOLe0+6{fK&=6X)DLKa~t+E9r( zsYrc?hy(vQKMGyA;K!<%LA=0aLzSx~FK?=`e|_W0+2P3)v%R-q=3QSb2i)j@20`|U97>%Nx^SZ)XAcuI&;Q)Y$xfuQmz5C_k4M)ark&~V zoZ{8H=gys5PSm=%Uf@#H!tO*aDtA8z5z#DMkAE;cyQc#?sSM;8ZZaYu0wN#+HvD!15WbMGm+*k4`oBiqu~WWVb=Ww;ncDizUwyR7jJTV07& zlgD7@M7r$*^KP~~I@j6GbR+65e4q^)tTKMp-m~r1jSt%e^-nn;)~HD=dbO!$o3~|(fb?5;&J^}9Zq5kqb^%nxzA3h+G1zcZ?KcAH#-p?hCl0M84(bH zECGpJJqaRk5CojQ%hOg~&@x%4)pAGgo@l4wG`9d0S39O~&8~OMeoIJ2=s;FfUcfR9 zCn0&n39B%=d4HxwSFUjU_pdxQCvbbMzv~+4!9Tzkf-_W&BQly*(k>0g%NoYc7Gkg{ zaAU7BFGQj0#41Iq%S5&!b$*PSb*K16D*@NQ(RDlXoPPY}(s5yOZp?-AqnP#LHW$a8 zL)^NaTlU^kH1lgX?Ksfz7+Hva!j|aRV^sr-=+IL}1g4Nc2J_C7cx(N$S?tpA4^`lw zFrV`h3@5jykgi*)6>+18her2=824ccY3BYWOh}sfi7@~C+cH5}&QD(Fvy(syLx5jQ zG}ygetL>Wor`pXBgY9ALS`dlZ8>(&@lgQnI1*Y!nIt*1%b{f%8qG3BMzRUi{!rO*A zmw0x1-3EJS(;b-m`$|`z`uaB;J!Q#AjeTL~YixbxZdU`}+VtrWE6gmyMkm3(1AptL7 zsTCBg|^ChqJ@+U2JnhOK*+Apm@PewP!t@OLxrTvO8pceN><+5U89 zz>+)9rOOK;Eq6heH@f?C`en}tdvEE7pBK0;EY6unx(~$7g>z}<#4RgiAKuNqWyQ`f z-*o5DWDd{b^>FZp_Sh=?6SCd|TWl^msbxf9N(r=MJD%NGEqzO!MfO)>K04;Oj*x+H zGHmG!vAXbzk%vC^Bb@E3w$OGobb0K;6aehym1#snd|9W3mSW07Q=vxr2p9KWQM^}C zykD_|MWT4WC~`;2w2wE2Ba`FbM(*>SNk%clpaNnY%?%8>lo5f0A@FR^Li=soad!2A zGwks`{Qc)V_zd2KbQhLv2-&Vk!R6*~1HhErsq%ud|PCeY-u`v&1&1mmwdlA8|b_1c$=;z`0}YMdiq* zG~VIdqE>DAh<#n>8FpRAOYGQ+jdpqSU3PK99c`$0V~5uJ*_tRWzgJ8N#W3OX4C zavIYm%|@Nmb2#(j*ZX^S28>{9j;;ect-fx#&8w-f&Apvigvv=pRB2Aqx<+SK;8Gsu z1TEq+9aL{F6w_jrm&X3LbrmuD_=QK(2^HrCXu{vYLXkN5iZkVGoyjBT{$}H6|MitA z{8-1jhA)LFuYeyaUe~MZ&b>&@4NvyHxAgNu)rT86XB_%7_qlWn4o~LLWK`Zx+*0VW z_m)Q-g2ta$taYxvd!NI$NWKigfU=9gBoN@E{CKlP?pS2~&o)@Rk1M8^^8Cdub;91l zBA3rJlIY)AVP0SmmXyPu0lb=Qdy z*-s8^vUfD!Zf|S4%eX(Vj0ns|0)s8!*;sm&Sp*J}K(JnPx-OTVx6_~YV7R6lEM&3s zNt=7z8e4%mw9oHp$G)8KS5+dtekV#@;>b@{j8b?z@rrXN!VxYj$=SF@j$9mu z&HcQHb@2kC*17vIUdS>>48wHL5_U)WPswnV=7y`|AsJP(@%Atl9i`I6tbIKBU#jxG(l$jW= z8LjQJa7DsW?X~DM%g&{rvJB`#Gn&AIT`TQ#*jx6Njw3N=6>EX>s|m%RtGL`hx$^Z} zcc{j;VvcPoBKMzmz8Y&;;Nf&aIe-Xak@eX>FS|D2IDYG!njWwlT930Ix1NK%=WQv( zWU)7|GsDW0buR5+L?#n%(}fWf4|T7wC%PBe@7s^IPcOdCj<4QYS~3bH0%b&ipNM5d zKm;a%5Z(_} z&Y-(D4Zn+zS(+_D21A^Z52Lci6Gj=W^nH5-QMaX@rX&^o~z6t0Yn z^MSdy{CezrV}s$CxXUejk||!9^W4#e=UiJh%IVH96tx@ihF5sr$}*kcXtaRxRc-n34t%q^Pcma z_xaAu?+^IRJF_PfxwG$k>ssqt*IoGsDvHvPijH_Jv@w7 ztvWaBO?|fyu#oHl2~bBPboVV+lnfKb!OqJB(~Od?JhiXoU2&D@Vqr)UY%Trv z(+a3SSrHdXJS4t|8_X~l(Cf?4LJO8A_O?e>OwO^I(j6}0(LJy6Gj3CVpJ86fTU|1e zz9=n<7a+U-Nt4S_AJc$av!f~_Rl2o#xQM!qtVE#uqR>s!{U`|6u+W+eB)c}%Q04S> z=pFF4w8W6e+Q%1Z$SIe}2`rt6S%Ti8EG~KfUP`JE9N}QL9-hxvK^an2jhFb|RxFMg z{))5C?Pa=J5wiS#5W&Ew(If0s&e|L1Ww&;BGj`sYw|Qe_L%#&bWZhmQ8=)b&W_9=Q zQSpYkGo8i06Pn&4Dy3jbn#S0+aGVwa-`Vdh0W5AM$9gu%s~GO6oZ=DIG%xNe|ARhz zKRV_w?}B;1tj6H0Q8m%MLJP(^NjQv!XBZztF2umI;O`yCJK6)bKs2X4;uxLKxuqEh zHa0rhR~vavP{UQ*tWd(!gJ|VhlRs{V*&nOfG=O!lprK!8y5IV;%k|)@IM!<-0VpCN z4SPhqmI^yrcwenntgIH0*MMwSrS!>r{}4(Z7LP!1$ciWY=(E4ExTqt=ee?B)_n$x- zv@epU(E0T|Kdg$G-zyVh;z_|hSr~lU0I^k=&k#poBi{@RySY{`+wyQQ3i%Z%{CTPF zmX-~TpL>xutsNl$B7#uui{hhAhNmw;YQznKAA5pFq5bh2Jeu*%T%GS^J|{y01e9M1 zb&bwyzp#h}c{YI9cr`SB^KwEK2eaRsQ#8Hfq`6C{j1_YjKPvAU79>sDZ{#NG_VeIH z(mLL_L~3+V@HdS#4KIUxtkP%GVUpAyw^#MGI>hb-DNsVCZ;^7rNBTy@_H&H5N;L9# zyjSd%!x@)*UE5C#nvJdSk`xVFx^tO~BP8#KN35u>7V2~&R`dH4zwW1ynGT{GTov2+ zbe6!X6>OH5pp z(p8<~8P?*{Eid6{Tu*y9F?J1rC7a$K6ih`jfwt`!B@$UC0&ZCmHbTJmM-7+}ArP9z z!_71(w0RfyJ9W(AFjp|1GtyKBjvk_Mth69mJKlh(s=lD6wuM@=YyHCMVHOQC1V+LUe&1h=4!)E;T!z}WzCie>a!&|BAuTTKhY6v z$PLH7T_=1A=)^*$S*d4==hO(H_K+Qj^8uWxE@+sF>J=R@#B7l9BTs2cN+n{smS*mi zdb5vnYMR8E2GhX1LS+_%IW2@U=fhMcBbl-Sn)4jeT5HF`aGzKcPFQM08$7ii17<&V zwe&(=_yfmeeLJO*nD2kb0~{lG?ueKrH9JGuz1E5ACltRY`^(Sxa*pODdm~m6N;Q;AF$4F_ zEHA=-Az-lYcOO0v@;G{$(9*GIHzmOj(OEjORU^ z>U<^(uDwdpwNo@7RMeXPsjpA|_%34DA%=aUGS$^>q32V;2)ABD$a8L6cU)60Ogj0R z*X~rwBMB}RuP2!cr16}RdHm?q!tQPibZHR#N9E(3w9i%ELQnHBcYsD=yqnt_&yX3E z-c~M7o{BA$5m7XH_0Ev__f(k*?j9JQ>piru>=H3x>=fQkQX}?PrVHTK0|sfa*7F(6 z0;U#BDxAk6x+!gQB(^1~j`84*hGAAXu0Df9srEKF#qTBJ`%a3&)9(x-vIyZ{r1sNF zO(*KDFO{1z;-fIpF_%}HmdY1>p3>;>D>cbN-)E3uqF2@D=JwrNtVhGsTn(!yINItN z0!G?afp)_4N7DF3X_AB=d4-SXppf&U+Bd(rp839>ZEtpt^|hG-oyF)x_Vo`5)4B&L!(@=p{b#7O$VI;2bWM~ zv&2AL&4txeLZHFgbVhF6xWcL@zTRvGovI+dzZn(j%PN<)x+tiZjsENX@kU3N`_|{d z%&`iQeoc+zic_h=?)MVHl;vWao8AGG$+3qdi5r4A3GjX}GJeYXPB2zwRJ^of^5vpo zqiqjIJ%i#vdXc3T`HN&nG%~1vcDMa*f|JzofdAumv97|pjwhnMqKoow>7RHx#_{ot zTXK8|1H-=Nk)4a;oi-sX2L6P+xU)BU+^>5rrH7~QXMzR&JP($wZ|~9JW>|pv3U7U0 zuRE!fW`k|l#V)RLw5}L@x#~{lt$YPC(}amK30M3oA;7@>@P%5XYG&o#?&FKn>hV;n z9^-DHb^F9oPp)S4ltWAIzJ+j(#i4|u9ivyRc*n)An+nRAHPK>d>VF_a;!k!KBAoz$ z6NwpJ!l&$yD-RcZ`gZ!c#SK275C8n;>-|`^{K9QcO=;B#W32 zq0w2wP@9+(;G#-@K=giSeNK?;O`9QZAhoVGakCGWkMS-e-0_N6jj2@j%#bL3zy|8; za&M(sb_Y*>${Bikf7dw#*FtM+TsCwM>#ElyyS?idyjoIW#POtg=}N_fP0QZVdLaw% z>l05Q2%sG823?|D0~)>~D}uX9WSjx9PkV6Q1sZn$8>FjhYoC@NRrdrlCOa<Q*A;Ib^?oz0So1x{n(}P4sUe^&;29s*m7N1*$`aJF-MUQooi4?t;yqV6s9o02 z!6ld4;V|2X03>77jdjviyxF3%m%|RT0R^v~(9H2>{NX{8vs>`#+j`!Iuir_Kzjzd& zyA)GtSeF%HnL8-_tP4K1a|m12xa-}C&bx8~7O&jfU&$1eoZN383_U&}>u-I1pW9}8 zr2j-Q!Me-u`CC8<$AXM9lVaey+&C(MUo4c10{DHhFXAM){P8#{B+r<`Gk5YA%$jJ$ z#>1E6#d@lW*~$=wfI~>z;^ja{aiw~lh}i_hH#(y=cj$hjw5}XC1C?h0K5Y@%dHu7o zoRriJrIM;X%2d3+mBx_!Y{;cXj^%cj-snnx=4QYq%p|b2)4wBKN?O-GkSGfuf7Vw) z*kCYuHsW0#x^TI6mfqGt)JW8v?wv*{w9SjhM6raNc;oeC_X3|H#MbADboZehSZYCM zI{+gZM|9Ol8P#u+SdNPicLs+s3>*=zp9V}#tZd+FaBYv3Eq*)fZI++C2Yp&$KFw{f zRJQ)auD1Rlt6}Fm#JVsuf#)GDm&V(lRT{~}SxyFdTSLm=`-~m6#RP|mRcTzueoZiJ z4(YR=%>kb31K61RVs!-4RLLW?zX*>B`e1Z@c4z}^@H?S&;H@vISaCY;U+LzhSB^pF zXKJ82E*|DLM-QKndm1(e^yqN1GGkE zD3P|0gI;;<%%95cO?nLWp#hj5GEc6QNp{S8dx)Q(RKbmGelIXR7yqPYUpEZmlS3HH{IQ!3wzTW_b3 zzgQRTvfX$%`bp*a@=5<>fudXQDdh9v_QE=mPE zzTcmF%pJxB6!aJhg24`cl zDX&cX_l6E`asGdj+}axH*xB9tIY-&Hq(t8oh!fW-SpHJaxoQlBA*_v<8ws!BzxIo( zlqmpb*M1|TI%vK~6@(OGs$LlKvy3k!uG5O?uwKdN&Bm0Mw!4YSpDd{G94ff39ynPi zVmCsHOiOd!cXL2l;73ts3u!oriF7rL#$?_wbj41dAN&SGu?`3mU3jaS+}v72RYYLi zk;7(UxRO;rHwAN(IWL22*a_CYLt)aJdT|GY*uYABJ5N$E@$(+fZ;!>Kj~`#HHc*=u zF0>o{THo)=wldzLLo;Q_*4Q8mU}?l8dZqkvvf1lT*rco9M>_-k-dnt7%PSwmbKxWV z2M3_ojh3+aoCso56_sz6$!#&AMYk+pIG|aG%@Oqaq9-MT+Q#wyEw2ifh@c1vYqnHp zG-Ul?NW?P#)8n+uk$$XRa|*GHwW%gPn$2Ab0tXLXHrWV+`*$KuopA~V5#qo*&&e^w zDVc5r(s819YkOoW(z~58f!OUhR?OlwdSP)|Mnzy@l9=&t8Slu`5b zDBVi3ww3?Y#x^`HCIMO#>E~d%AgWu7Q;~jNq(6K68%g24-~30uE3Rk;*j+E@FZiI5 zN1ON}z?q&lURTjw)jY)+tuzT4w;kxpfAAX6kHF~ThTYXS*Rt5;Br?HP9z23L1QAc% zE=C@v%inpowQWYZ&d()P*Jp~!H~mVinaikXPw^nqe}y}@EcV^dYJIbpZ3iUeJz@$YfxcA?iMaP0HciIw)5ft`wfl1l;j`C*7Zcs?^r*bH za3GRo6J%ZVs&wOw5g@qbQO$tgDSkceX)<*^w+-vf8{J7hf{GoAAXb#P;(a*!_p)z!(PLOQ`dnAI<& zY=hbw_g5P8bttQp8bVl=cI>mTtX)=@cD+bJo1!Di_$N}2 zj;)Zf(iKNlp(8+}_bNc56Znx;=tV$^EXvN^f$(j6P`n^3`*I;U3P`z>gkv6*n-es< z{t~UfX=j5i__q&}P+jThdO=6*j;3AfYYQI#!rykBzqScer}1{>8#2Hipu%8#FR55mT{wrm)H!7yv3nn?!3{Afp>-zRDHq}iHG6K0irl`O+1d96s>E1U;u{MC zITCu@b-&bgsCh*qV>fjd*7s<{yg|#X35Aot#N^tmzc8QBL7}a>*Y} zi9q~(-BI7>?n=GUrekr_hD*arh~(u>^!2AvGr#FS&*cHhks`GcR(YC9t1%~q-%Q-s z^oQ%R&hugpsr-eCc&<6vMm0hR8yd~L>n`1m>K1BKX*M@>EaHD?=_3@w_#<;P#i!ym zo8!u&felFlA}PCK9=DDQyok^YVEt!b7Zq1x((WLhGrJ;zj`}N;md4Xh!lfI1A`^dv zA+rJ#C<`sv9u?#%|92;KPhHh2*N75cqzT934=dfSLDDy3#-T8fJ^t&&o-D2+flAZk zbueAEp~ltkKB>?(?Bt1v7<%q5bhR0Ue|f(v1CqJE2JJq<9ei0?X<%E7rR%G{tO2hD zwU4dVe2z6V$9FTOjEfM`EBZKr@z&kY@od|zA1oeA^p1-Bv;EZ@k`$?D)w@2wEebq`C<2}m3IHVdXKBFRq zM}iGjYIM(G`*Mi>c5K+tN`6>YNA{N-vf$(;05pup7gZ(D$zQM8nYNjodF$7%gc@*ldCLJon20a{KYaF%7*S zxL-p?9cvKXfPN1f_&t5RV{ji2yI|@JT%tU{s5+vPj&3c4rlKd1iw#V>Mo$vhiJKQ% zEuLC^|L%jT+6HyXvkf;)D!dm*fBKmRhL(pRCBT#Y3)0c1w6cqnv%d25uq*j zRa$)kA9=#Gc$i8~fG*b4=6NDRj>BI|0sqB&Au<-AG>(h4~Zvarm-xQv&M% z9h0)c;Iyb!M6fBDq5J8e6_Mwu%F36JXqlRTTYbhb3ihA6Uxz0;%xQ0{LX%|gpLrR1 z;<;xEi@&9C?%-zCe5;%ibAFW~A+t9f#P_)}N`XS<*>|pl0&!`!&kQfC6e!G?eO z%`0X*pEIGUetHx*&ujyEQx$loX5gK^Fr0-iOn4?Tp3Az#|GJV*1&H`@IcS`zER&(~ zYrl507#qJ0*4N&w_oDIDY?#+;0ek^1MNIJA;yGL$7azPd45_aIw(EPZF@S%hCJ~2s zRaUw)Nx@Z1t@ISOURUK$aN(t!2s8kUPaO>m&Zj9xtZ^<6?ClTB`1%Cmh|MztJ{rD& zm;$Z52)03yHzU}vka|L8nv2_JArS%^K>AP+Dk?BY%Q1gzv!q`8sYc0BZL5k}7MDHb7flOXPe$_dp*KkP$kE&*z$s> zpHw1-7dbS3ahd#)jQ?>My&Zqw1n{;epHR;(9VJgRj1i=YlD%InQHYO}YCm;|`q1NY zOk#D9aK6dIF7Zcsg;2!;HvqEua@^$lI%O~|^m%+U_lnKA3E6>R=U3yRGt|*4&*VuL z;~qCTm<0kJQDWyicNDM)(DSHi+YM%e!jE35^le{indYa+Cr+)5!T4HY9YbCwYm6&Ps%a*ehFNDQ`#jdFl z1NP2C%KPZc6QOwoA`c&BB%w$*sPe6|ov4?DRBg0kk=A)v1{+&1@Nm2r7QE8kR*if5 z+t=eB5Q3@KuT3FrWT*wl_P*g`D@!W5Y7vSRlX}&XA zE5Xpi0wXV@vV!ZJlBltjGZ+!NgIp1tzM`>}|E51_#LU+ehkxr8nu7Vku8d*p zLG#myYlv#2b~hc{%Z}Uf0ban2&fqu9de-;?#sILqWABf$41qi}Uz(V|@Ym4v_pPKb z^U_-?AIo#TzPD}^EjK0~E&M55BJ1ju#ON}VUIx&NKIX7eHlB~+7O2H`@oYL#%gJ1B zRxZrYIG5})OX|a4RGHHwxmS14vrA8J|NM9*9@QRLvetKFe?rN52>vP8E0n|XJ$*xzLqUYI z6&BIUYKbo4`Q<9SGuQYEjUWewi5C2VXo6Pe_C<@1*)MCniKNXJ6QGRA;7V7~dV=bs z^uR>4q{y$6(Xu#FxLhho-Wo=6s%49?4X>-hlkj^(Y;#UBT~wYLRF=NDa@)Ft zrJwoNI;4Ca6*pyUf#DZOUoBl?Y*lUi`mZb}3;9|vok;^u3CRp1dCKAs6ctCD5S@tU zypE@SB10@}%e7-hr!~J3VF`vQ=2>n@7PK5dSKGpzLYIS;aK9v_orXB$8?ABUXIS{;~GLARiI++O!L6wW|U8Wse<+Y0m}>giLMoWMAj?LT#+Y4iQ4 zquBW+{n_`@!@0}0mWvVOJ0j5K$_@%;*}kL28`$7B57X^ADV0P^vPXBos@-A=LL*gl z*aPLVjU5;Y*zps!{pI^Dh z71@Wy8AG#yq6=uxpENNne#y_d z7z@|pvVg?jUpuut6&OhT)!I-akd&K{p_&<7Ehvx^ z?=cgre#XxvF|p|*rxMQHrd`F7ZY<$e6Viggt@?Q^^h3E1P&RMQdPL&`r^2&WMAKUD z4w~9!;PGWic@!p8B3n`l9dEvaVU@#eQhG?NP<6ndQN^ufRw5m{)JMMW!D-d9OY%r# z5AIzCe7-@zw2@y5a3^a!+qkK{`HJ3DFqHg+mh_Cp?6wmB$Zx#GHLo6x?mBf7U&iG{ zJOGoW1ap)bEqLJTXc0Yg4ZY(YX632Y$2~8BTczJDv)&`N3_{MoT+nl8%p+KdXowoi zb0XwsU`&H9_l`$*R#)AL8wrNapfq{+WTX4G4B2~nZ1UX7oa?cN?~&E{`U_l(=tP*+46Ol4FK~j{Y*M`XRjL9zrj&lg)iq z1{=K?cE!ImN;>WDB$&IV1FsxJroSHh4Syj^AS=@fx}_xc4EaUH%BjhM@svZSVmzAu zEt3N>&YZ~s^yu3uDZAN~pT2vFallAm0m82^52FB=Cr`bwIU5EB)byEJ;a}rFds^{o z0PEG{uL#{&B&kaX|=L;(Z$S6oTU6pX+kG4QkwUidJ9fV3A&}H zJ*&*}1{U?x92lr5Z#h>iVIO2x0-<6P1~{e_%L{n{zLt{OdJLzN}8N)KtEXO4a~O1^xh|jIBN`7TJ(f@tq+sa;j-6gM^GG$nCiQ zQ1*mGlgS;FiF;)-(PeIxk{KwMB^3>_$}Td;w?EotwT{q5F|_cHjt19<2;P+zN4{44P-q(D%zm zS*IbOCqiml^U^c*1?IQ}p5xdO{ zO>l0i1Jme}_B@>-MytTx6$9v?$E%y0ua<`{ha(+jgcDJJ`8mIz;tjAS%mdbCtM@G} z5PaZY=^#-MRk^nX`}YQlMoS0-{VFx*vrrnKE_Be5-*c`QVUcnC;jyM>I7kBQP|tz?fG2dtUg~g% zCv6cd6A+n)sM;mjNR(<>-uQCe4Z+WmBUG3L2mJ;3M#dqSo){xGm_{>o9pF%tnlfOB z--o$XdOR(=TgaflyYwBZOZhElP+dwT z;sEW8L%D!33D$%uVm25v1N(t%)r`892);CZmIgDu8BSW6IZ)lidLFYZ_SPHO(-YCv znob8h!FsFqq`oV#f9Z7&b@WXwiHwp}mt3*q#eKvxVWH-(axp07Tdt7i$}rDt1b0h? zx2V|0MxN8;8usMUHK(q6ye|H$J%JC1bgKsBUgd)&Q*UO~y&O&lCur@dOq2F~MbHyZ zB0hmy8tlyTZ_FL^815&#zRAzyg=exrCaCbHqF7r<^_0vMwQ>uR0MLajyOyDc_lZ_S zhPwb6r$dKnC%p^;#xNS4_#b8x4G|3=itM|El`2OcDqn@B7nmv#N)wpfYIX~ zq(*a#_x;t2mZJ4=NlmgOurubYVHvUm-h2SoyFYRL;~~Tj7zsbCUS<~;B;pgUw3>Id zFEpCNRroZN6&q==rg~6Mq_5qqmAdK56>90$YOdM(hY7VmT#k<1N7U@cCLhyneZF+_ zA9crWPC6r~l)Id>Y0o$fyzxhLnrO;8Aw8I`H43wLGeu=^m6QUEwBot6*C zs*>ak9}W=p`YwS(A!_rNqcn4Y2hL!`Y+ z&?MUqlU4ouEVr+7ZVI8{S`05`dPlk|vjR(xOI+hV# zUsAY2qV5z^KdSZu^NkU@wCk`WVrqmJuV;ZPA}8~Yj3=&B!LJyJt=H*p%xAYz9x_*` zFy{EGDeEq;Wux9b&GgZ@86CGcHygPlH}t`aZ>zk=Lfo&^*xQDHFMgw$OPUkMfRo^@ zXl-qjJP)q&oxsLR`!RP)fA_DY4PfEi+C*p+P88O3!ZAZedpldx`daYujWzg|oHlEUQpv zW%PpoGF;^9gRcKQ!hSrkBlx71h>hNqcmQt{3~Qo3cYNE_mjtQv=~np4u!;1g3^?7u zrnQ>**4Xwa@RmItU@0n!Vs2u?fcNSu%wCyY|q5e&}YbpxX2v%5q4e< zkyVYxhZHR)NU6ToZ80o#$#XA`sv<&{gDR`#cTxVXJp(jkG%cjo&GD2yZE{ZQtNGFZ zuiojIia(u}uJvgxSBV3Ak%Yw!i+y`z$ob6kkk#q0-Syu|!G-l5pmLo{eO;mMR#m`F zX|p9ATGnNuso0U++a-iR+r&~;?d*wtXtxL82Yew?B{rt#cV)%OiWznNp*1y+8~Vn> z@~!1Eu=m?54~PEt#;j$xKd?de?^*+LGg7@?Z#UQ|XzDh*{EHQuL~2y~xx#j)Lv{3Opq6(jqwfSmPF# za&FDSbnk3px_nqM_4zTE@St_L?#M!z-yVgnBCzV!p;uXzkj`16#7)u#`~DHEFQ$uI zEaR?nrET)BeJXfZso}7miZfmpXWXngt8$e!Guc)Yl3XFyf2fu-wOms=W^x!RkSZ1a z{BS=)$JKt=>$X3U`@zAumZAPYTFRe-Lad|)0zE3Pi>Cfu-(22_5krn1+SYXJ&<^oi za7(w}H$QHDh)89Vt{!oy*@Wilt~wa%-b?9HWwqwirFY!sph!W8D*HI|>*?!M5)BPz zt@xYjX7TrAx$RVW`yJNh8-%aLXD^}(+wJ&K(TwD67G59p|>}mF~vt zMXqfRmwlK*THHYKm&kcN%Kj6x(QxPRsAIrHY!zxU@R0Qza)_6@Ply+vjlJ}2b}bjJ z1;%H*bJrB3&rqTd7{o$wCm3b+(WHldZa<^AmMI_Uz;eP-Rg~o=Y5Qs#uj~P=v~g>; zspwM%Go9d;%wF+?9BYTi$YEbP&n@knUq_v3|KdSh&ey@G@{Tf2ncorJ=znei?Hc;D znK$|?w|{~!;=-7;M*1lbOA&xY74@Q$*NY-EHIw&Vh;26)O0jH5(!jeUMjhkNDWdSJ zNFdqyFYvTFJbvuB(soI)4u|BsosuybeEOkZtP4DlKL7EB)~@JsUAI{Er8DMb9kZ-b z*V_8W#g&B%CgFAqU5SSw$E_Mx)bM;l4G*jJM6T^G`95#%hEZ(xf_2ypeX^enWG{uU zt9c$ANgd>rn_L9eqpTL(i_%_Mu;tKqUs@4gap-t3?`0*WvUb7u4j2f>NUb4yU-4hbKv`g~P&1s+c>QB zo)CIm-_e(O+&7>XV>Rr5(|E1JY>}nw#o_h-DrWz5lcw%?^*iQH zk(z$X&nA?7gfOnrNuzK%YTAuKNKVLdlDq54q~Og9E3c01 zPHG_h`UhT#i;Kg`1i%yb;mhtoj^T5gI#R%&7DDnv=wZYBQ55WWR7*$)7@z7%Qej_j zWiCphCS#lQ?3Z(M!;|P0Wa7cHZM<2_8yXd&UwsT}ky!2i}wjxECM0TX1z$3Y$aCb4P5flqgPGU2o0OEgpv zzoVz}#LnQIw)S-~#Kp#;z3X;nV2+&Aa)?ZZSj%}Gigi_J8KnB1gcoHdyYyth=eEVU zk8E{|JzKs1wBe&&Rb`qp@O$19|y=bS_;i%5q%?u6P}mtq5() zhA*?oig|NtDH0!lbmv%9Hhag_eztk-cyR^4R*7xk9sO4)FzZx*2SQ!KCla2z; zC8kD%c!HZV+#0qyUZLY`I$rKDzrL$340XArcg#)`Fy%;y6}WGE z3Nl^LzgGSDrxnB4L%B(T|M6%J%)c5$@6J&Zw#*0HLxpp}QPL1G+tN7JvUwqB^^P}` zdd$7K&BQc^NDR%K{fklE8h_?K(S0#vmCkjImgo%zV!Zm;G%b7OBelUJ%!T*9I~5x- z>&euHbz|)f2b69eb4PRruQKeE_(3fK5BZQOR|eJv`tD?ZRP=NpKg2v~q7B2v?6~rk zZT;pe(%}Gi;lS$eXvgmw(B<-QSbj2w8&AYuvNs&VL`VGQy;3j93rK!9Qhbf?0Be12 zqFXlY(DmPL+#!lpo1eN{@fk^jNht8erKF%+6c5fhZl~O|j)mzx49qYkjV)}ObYf$* zNIG;~=iMMG+fz;2MgS9S8OCQ5k#iF`loul%VhxwZT#EHwlsH4leYi72N+Y2(v2j;U zk<^}Ll7S7$!ZW9S_gc*MVuid?Sjy6OYfYO_$RQ2+K~BvOlX4L3yQ1e5uPm&=(Ki3` zsJvR4Y1Rsz>pda*(H-Yug;a6`y{O`=ZEo%L5b4nF%Xv~6iWk2Fo_&2y7}6Q7Efg(| zUa6$nWBCQm{TkwFwJOB)N`u4a0idN4 z=BZ!T<*2Ac5w0d;%9c$m=fr^nY7Xut+yc^GbVRC&A!J+Wiy7g9aF1hNJD%Eknj?b% zA$e_qpyl(fi_4gZ-W>9yt?(MN|A?Znsm98is zrDN!9`gTXTxl~?BWZe_P7OKE@b!Dq}TF5=EdVO;C3?=LpdPKbo38bdv%S!F*(m2~G zOsuE?;t>U2R-z6z!t?jfbk{_(v?5UQp;Pt3cv~t8pZ|rz>%z5>Z;!hNBtJ#w$qIxU zOh}816B&z$Eku5lvNQ4HLW|LR|6M%Sxlq4p%LdAb*cvpJJwa{<5W)a%#_d3W7w-(z zn!`d14=+JdaMBw(90`kHJ_F^AWLjy8-OecA;s4BA1UzfZqdMFKL*+;O?6`!(oXxm| z>iuup4SZ(6mdMO`)4aDx$%)y_<$c7E+bzU&+lmTZ3^6Ha4q?WMPyyo8w26krINa|- zkWJ!V?*3GNs1J~LRm$l;;sA^47(x!k|AE_r@3d~tZho>TeDe|edet`{5*%rUa(&{d z<7^I?R=GhvYLc!Dq6JchVg@YZCUVgooTk%+DPiKnb`s^0lr%LZ8h!)g6+I;G>D-ER zy2^WJecz1ozbP1DihI97usE2`|N1ldTu%e-QzMg*i)0Nd_oa7;M9is7+c{BpdZe>OS4pk?a;+5<&e!}{82+Vtp`{bq$@3io^?y!-@ zYa_S@Yi`DnJmvv)RZd53H?ahtx8~Ao$^>zPqC~TnQ*TD9HgH$kvy;!^Yg1tI0qnAD zO33-d{tj-*AD>Og9nWgkE=s;)2d5|q7|w?`e-O)CYib}B=EV=bQ@e@rbHBcCKaN?@ z0qXGSekjZ*NRaq8L6ar%=BI2SqK-+a&KquYZ9|@-YHL_|TzVpM>wL*>cSCbl6?i4y{smGwdx{%=@Xz#D+djmK_S^F5z+d(Z z|9-SrL}U_(g<=VVHu;!UDFR|w5YAvov}dWg83_sx@#kt6syUgObLI<%Cw#hE(K*uQ z7Ome*fON3-1@670NGRm)=A-OGTcYF~*w^D&V{fnL`kfdK#QN&yV*T~zJC%hKb|&7~ zQXfO_b6qnm88JK;8C$Vz2Qc(VXtNlX z(g^4)ehqfqLq^*VfRo(x?eO8$A$_ZHq(>8nUiJeXt^%4#dG@?+HkZ#3y}7GPjJUBl zwKDz5OA;8s&uUBg4Xs0&K%mfG?a$5&T5i?dEx9el*j-DFtz11e11`O`O3F{kJa&`f zWDDZxD`Qy`JEn1S(vHg8-i|~~jbjT+9iJjqsHr~m(F8vtP1&H*!&RYqI*Yk7@aDMw zI1^b?P1M}Jc=ffs3IG#^I2>wOdh?CV2MIQQiaHoGVrzvm=>wck(hn7#1W=(|ob8`C zETyEFo2e^V)Gd)2tM_G5s+=$4 zeUo}?A8QUuR%$JNaac1V7A0Fk;eh0U4lCE0dNhT@*Jl9eW$PfLFmOU?262;jH6aer zx$&|QtBuKjxpq+I?+wj>kGsa&03cs-SoA)jH{x?PVBKz*TH3__`4JXP6$VJ`@E^Z4 z7Yt<8I?GfTr8(+;`$nG)+SDFgp9hSo`(08dKp6V7&+n+{1zR_kZPdkLu2xA|PvU!~ zS-biKo43Z^nfrXa`A-lid@tJhYk4h-sA)8k_rX?1@a5tvSJ285x0lVP7Ed$Jw7op5 zjvdFa)0ayN;U>4pIgIxo1ATwLGA~E`%jo3qhw@vAkJRZK&_CADeiT%1CHk`B zVZ0l=qCap-$o$%FAT^hDwdy6M=pE0Z&Rz`@#AZMMMk87&8P>^+P9s=3DTZ8YTEcKA zQZ&8XQOl`FhkJVu-PxN)3+45=ORWjTV>^*`Ic`NLciR-iXLCGt5U^+!lLlPXa zV=#D|zr&IM>t5smS@sn_kd?c12{xua<0t=$@0F(BMe5OfbO`%wHc+NF=U|i|k%alQ^FnhiJ5C{t#D0!S4x2 zo{<9J&=`+SMXMD-@8@Md6v+ZYuej<_R$evIdUqI0UKI0~|cs0N?L$zL0mC*1ne zImHGoU3WC&d2Pg*T0+*+;is*{PTjxziT$IXT5E8xopRib?m^GZ`BcnL;{@XZ=f$(G zoeqM5FEeV}x~zY~vD~FM#k`Rbme3#Dly)lWh+c+bwc#I~<(XbBe_>q?BkS<5hs)LM zn_t<9c4z%}dcn~2VBG>!_|HP}4{H-Gnv0e+UVnDRCn^zdGof-@iSIxEeShvS))j4! z8K$PeVjm{*6Xv0cV%w^uQLr&ldx^232H3&1N~|Q@#7&#bTXguRXn@&kJN-Y6t_*B; zx|VJB(Bw^Yn5cKs;_F3oJnDdiog>MLqbF`hxt~Kh37gNN7#$DG)%V&&K{U$^R{e<* z^=qQ5Dg1 zr+0QAC<^=Dy9pONaiIfC%6cormTccteOH&RsIz}52YkF0w4B0qS) z1bafFr$}2`Y)9JfSdE-eamD&TIM*My@Ur9brO}E#w6GNl5?c#{t5iY*MDF5aqEEmAJzO_B{L=JIn7SA(5H{&V{O_ZJj@y~Ofw4%`22)n9M2?Jz%XC61M;N&MsMzb|BPzQp<8kNOiA zH9FNzzgWZmiv{*?mq?dq{(E2i>wQ2qDxQh%+lDVsU;M8h;|AyW{@H@R8l?Odg+Pz& zXcW`_Kg~mZeA(pn?0-M%aL6}l2hg${vGiXoy?+*Z&58dE#(z(s{|v@|R>uEbAOBey z|Gg|w8`J;y%E(imANlWC0RP#t{%3>zkNo&I@%LW>@&D(-oPZH2m zj?E2~{6txug6S`95gTOHVB@qZ!@sSo$A6i|l0&uH^ycgHG?CE5+P!&_lI6w;`Z7o; zuWmD(=p`z?kL2Ra_7~)OLirr;b)OqGO8xeHx2n0fEe3X?me7FC{Q&4?W6(!4!hh3ulDE+pZ+hPHf`@sx zQNTw->(OrI^hH^UE$moi?3Rb=FXHXLYc57{kHCX=Y&B!-s$zd>L%RleY*-y~uC3c< zWj{rtqNx6HHLd(NZ1t+KQX0saC;h*!X2IHBtM9mEz*?qL`}$9z*Mp_}f5`gEu(+0G z?LY_;f(HxkA-KB+2u_gT?(RNFa0u=WAwhz>5AIGNxO>RJ3_idh->~;N_wIeaU&F)d z)vLOzyX38^?%#FCB_kjnC1A`r1=KmTK{P0=j&kiRbCL{it{TXDQ9VHa3STum;M)-Qr&pQ*;x*DnVC;9Ma%W(;8w6frBVfY zaN>W98vbT@OycL|c{3#5*kFZSk-!zt;AsK7n{%f|4ZS|&BBjAMXueWar z#D9orANfDz8y_M4Y9be^x50f+?Ul6}88s{u$jpf|@)qM?J1*lA-Yl;*{)rbIUZbu5 zrWtMxi<85RcwtIG{C}*_zx|Jl)~8|-aEJP&^goy5Uw@y$eT995pQZm_cirQ3U-!J> zZ)Nie#CtXA&3=dK>Brydc|`YAJ&di*LRS!4>q&pv}(ro{FFn4BIOkNM9nn(l!L6=D?#Z}2Ac4x|2I_m7hzs!?+t7%G+LsBKnt-HPRQ zn-1z~RW~17b*&0&Rx}2ntunT1QK7E2u}rPZtOUjzURXISIdnB<Txz z4F2h07z^TlOrLTGGI3F=M1!yUK6kJA+}>RMY8SITjv%875(F% zXlVYmZtGLw{ITyiN6`Vlz*;|4ll}E;DJ{M0fl^)lB809R&<&8-flTximtOySdhp-} z2T%65^J1Lo&v|z5eFHo^T0um*=~~O&e$H*}=FIMr@+8R!pwJ?4Qi^|eU`KwwKm>au zW(0#Bd2KZ2A6o@J!0T&xG5N6_f_pv>zokS=nT?T|+4Z(m&d5x5`*ZRT=mp6V^e6); z=g%@!^URi%c^+SDd0al&Rd#5G^uI5Vp8lS?_QLSFA^MjNUM3P8vJUF6sBaO!eE$2V zTV7gR4lLhsR!_z^zpJ(#)NOA!bEYHN-AXWGmt17q_(obB=OfZDVXz1{kWgBBZ`#Xs>A=(lqUXlPTGu_dvns1w9U@|FL`Sb~n=BjE#R+bZeEP(DME z7kKWE`-V8pm^*22S!Av!NRzuuoc?9>#Jrp50L47;+D+&Ff~J!nyM96J3Pz2-YtgY zh5yU0&(sM5i1MynLy8LHREVvVjh|2qQ_5&i3R^m)gYkCU7PA89Xr?tag09DCB z9@+O?l{LTea<#_7^Y79_sd1tJgLxY(ET5c!)CS#lRE0RZ+5RV2(E(jT&EUzGJs82m zbDb9{+@jEyT_`lm#CJu3&vSh!l>swb<>3GbCFif_@w9O1ZCMT^F=V~aYgp;vaNhAuOqHmuehXY-s~x) zE9%I^&}EtMRXD=%3LAaX#vQ$z<6z*|*2*PlMFrrZJ&B8xJL=a>V|p2x*Sa|KI}h(f z_2{WEk%h5V*g7K~rGNCN-oB8!{lthu$49qbNL2P>+mJ`=L;Lwm1K{3lBXv$igxLxl zKr#$IE?ep#{p@RqBO4@6XUOU3^IObss`K_#EMaSqr}KbY^=SnL?ZtGjaz^aM1miJCVuYR#Ve^q0Ql z!#v@HzfDxGkzUipq2rpzFA8soGLuH36lGWgWNqPmM%D{k-LDnydspSxWv_gt*0jX8n={h-nNPqpZ0h$#+8qm%`TR zB1A7nUeL50{qgoG$_ep2>>hgjC^J@0%P-2R*LCB=D7@jCnaB*8b*KE*c>K~xZ6uLT z^n4MBh)w<`WmzlVYdF2#CF#e!j4hm|zoRPyNyJ?yE+QplO+K7t~Tf4Ba$oBA~VkC!vj| z>kgE$h7yBznKjgzeoUXH?|;l!#QRv;-&mNwc9Yab7-%^kuKUe=g|77tOJxF>Olzqy zrU^qugj(-(JB*F5n8}@XuFJQ>-C>I&k`a5J&S>o~u^btBMucdnLP~!bYDjmhtA1%d6_-uMQB)pUpe)ecnyt z_mLxt*K=yKlUdKx+L9j3%75%{HjL|AGh_qOdFi|4UN|kYn&CfexyTY7#M4k!)( zUm8iLGA%hG!`up=V~(_W8Cs0@ zs$cR|m#E91u9f;9OEU@qzI?iVxnjBo3b^$TrFxU>1{K}RR>8yn9}Ojr(?a?rO(GKV z^3{=6$*G1$-<32-4@u5_Fw9O8B}CgP+UuNCdq2?F8st5m;TTtKoTTu1*|BXUqt>^F zTB3lf$j!+Yg_JSXTgB=!gS^Gfr0NL&iYhCcAy;c-SHxp!r_G8YpP=Vhis-AG*BX|U zc{!^dLzEHQyzBYwT^dyOzCK8GCrdM_;o7%& z*rt`4s=L%t&6prZIj-Y8gcAud!C?urMC)cPx3s)Nu}h6mKhLVIpo7GJS12ihs20pL zc>fG&zR+<}*kG)5o`WWQ$J?`&LLp~LF=+&_8`Pbi!HZCgr0o(s<{#Wbxaoi1MeVQW zxeQ;viM`Y|J#Ydu_MAR5{Ca8a?Evsx37BAUy>;j^SKQ?)6GqQmcsvm+B6V@P@4u=h zIdxF!*txe{YcuK`E5hKbNc&E49h$N;Fjou-c)|7#IfvSw1~V9N4X;Nui^&~z|M0&9 z)Z~V9PU~XNNH>Int(+ZXUcUy?W=}bOm+s}?^R;2!yV+i9Rlhpn2RB?F<30DR8gCmj zzSZ5Wze;ydpnMx(30V(li+96;dV=`6jFVOi*K#9@M}{__8+G3biY?DisvnwuT62bC zh8?rg_EehQ>4wTvha0}K*FDdLDuBqGCSD>y2HMsZjITOxK#$ZG2g-PebS=m)?!W)9 z#9I=FiwfS4zXV?g;fISKtY@1a8t_S z5<@uv&@rdk`G*sd;;E~}_9DC@GYBlB-=sL3rzbkt4GMfeC@*h8Bl$bWNF2j)a`V~k zNo)#Ix|!(1l~Eez1xGfgp&D}CqukP2V_-P)jrKfGORN8yn(tX;ifOK!$%ppcEemAG z0>5FXl(CGct}0!hM=X2nI-(O;k8A#+q>maajf%<-3y3@9K@r3YNb2S+K;4>s7uQKY zP-&$U19q;nr|tSEQ)X*kW0QN)8*J=+8Lrc1KCHX3Y41?T+3uems*n|eEgX=3y1d=V z2wY^n5iw|KqM?uDQo0|ixiBv*)4bhMp<2tj;Z_>|qk#?8VPxhRJz)e+hd+48d%F{* zv8vX;HhINnAF;K_{O#a|iS_H`-KnkB)n z8W7OIa9V#siKNL47T)(T5o410{TthXs6UpYUrBL~c%7}B!e7>Q3u%H0kG&-D5bNPx zqVQU0kiJE|)4Hfnyqx))`~ZzIEQ$omG#PCdvq3`QhDqbqOTmh@l4;!U7L59@eV(n1t(pY0;^_i2q4`5E$TE{_CWlIilhz%` zNTrRzKJ#2_?QO~W4b#;}*P8M0`^u2LmuQvvUV$MkkDs0xc1Q!4bB9Ln$%3eBC{Y_i zzW$6#>ZVGk!#YBR-e~54SnEYf6$zu8z1A#=9rcrO2&>G=CGN#rhl1IKLV9M#3IQkpH~#AzpRvzy7DFI&k2d!))KU4_tUO#H8n5HX zK8`xCw|~cYhxnyiO~M$F-iy!+k}FAM|EQjczjB`GSejdkfOD!`Y%fxoY3mZ-=_rf_ zQ~HwWxlKmV{bp57@4jx8S3+pG)|Z2F(7nOqjpb;x0o>E5Lr|{p3_OGwrwP~dPk>Lg zb~;`QRN!AM z6N8j)x{|FHp%OeX#xoC?ZkDt@uA}nP83aiL+jYU3DiuL&LSFJ$cRTs$)e=pi3S3pU z?P4ydte}a8K;A%vZ)iu7F@G?;N3cT&y=vw08@_7!Bb#~Z^el3iFI#oCaF`7$!O8w#JheuV9cd)tQVnmxjd(&CI|ILpGKU6I_eCGYjqDDhFw- zU0T`Yzv(ofjDb5QW`kQDe3r|YJned&&`wNdllyvn!>(MThnSBf z`H6+v`Es+rD>trlP80G}{Y5idi@guhr}+|^mQeeA9X@C?Rizf1@7&_T;BELy2SvD; zdi-m_C`Rd(8wdh!nes$4r`&#)!8DbWS z6ZHc7CnsNzZkxM!_qQteNT45iVI>}LN4Vy=|IX{r7g21KUEvG^*I(7bi&evZG8V6_!+$l234F+3^lFLuebKzh?| zpXs>b>yUh8$2V_$WxvGoyah^qA~eJDrSHm1qBMCTT z+3?M65}y|`cKBKEQ}XJ&6P|QYH_L|~tz%(cptIzNqW#8nT8c5!9L^DC=N!eAvr4wn zpp9E2PRyyU%wfTb`=+=7V8)WKb|BWayjO4O>~xvOAV_FOeAc}Q8>wk~k;L-mMJ|O8 zY{*Q0tP-kRTTC=i-#~HMN{8anmYd!>g)z_jk_=dcI|#{(V~=Yxz{~X<&t~5z)5^5t z)YLVR49Vok7h_2EuGNlBw=)4YT*NJ1QBiD6kQv>@03S92jJ`Sl;!TG`K(R2Z^o!~> z+V4CbC!7Z6!b(Guf;@Q&tBsD*#+}&HPG^2pmB-8mNbDT7xXwNo4K_^vD-m-0*yCa7 zCRxAp?lSxpe~@h2v=UEhSTavja*IGiA%&3+4Mu?<1}6)M0{T_7HwKuh&V?E)W`2hj zk*-JF(`UIPM1ZBM2G$}k0n&_$CKwXkL_gM?I*ung@%C^+vEN8sf1T{$Q$UcVCi|@s z{Q71)h-u^5>=gob^kliy=%~N(${}Lwo>$)#4z5T>yyW+FG)PS} z#GpLSM`Losn_*aSeGir{nQVt{In&I#sftG3x>pcLC^y$!LXn7mLMmL@S%CLz+NnpI zF~E#x<7ciGgQPRnU96TODpmhC^2HVeIC}?YoLzqcuRf*=LEae2mO(q(Li{}95gzC(DPZ%tq+f?C z0+dJ0aZ90_g`Mgu84q&1Sz)wX8(=4w{3pvjWSXyQZ|!jC71sU)5tly#w}d){ipku^ zMGpzyZE}9(DNsE=KuJ4(tz_XYZDpO>-~GfR6VhkDvTz0mxN4kHf3%+UnpCr};UKL# zP1qUvct&0LlD9|6A?AwuFo+!?FyMQ1+w;D~Y8Cl@0 z{Lx@?^}b1twr`(C2B^g=nVgEjB|kqPNSt-}yZSDTt!Lm+Zl(kFM&RN>B?GM$+G%0X z;QHePO^3TQ$%d5Q|GDQZcm;o9RN@L_dw~ykL_R-3y0onxJhZ{RbK1@)CmRQMhFlQ~ z-Nz#~eL*oa+^_rGJ05;+;Mp>F-0yHyDt*~xwiA>@>_pS`Pdf)u%uasRrns5gxS|8B z^Lkfv8ea8a-N(UEoJq5o4-|JbY(1B0`SE7!=RoLe+zq%n8#GQ!uThZ(RN*d6ga?_A#53cWf_3yFXSv24WPSNaE`W+Lq0 z%Wk=7ORB-sZ^}=Rv&aKJl-Y*9sm_#V&S6qjYztSN+AO<7EvUm0>sEl~suMQk@5Bda zxf;LwEfWUgRw@sow=XWRCYqgA(T3iXJATeIjoLW;WixF`;BJ)jOT}`ZHj+H7)ItZW zme8w%!%;MHWQyO(tn--cRFdO7OL`Lz!?gbTDpmyDO{H2b;Jc!Yx@2CyBc zkyE2P?Lm)r^qQ(!C*Kc)8z{E)dIde_(Ml7y^Wp z#zJps7Fz_+6hdfgWcBTsLc3Yc@Np3`hUu*-dcTiSWHpq!PET-@0R;-}S06`mS%#X! z)l%c$k>@k2ji;6)Ra5sEisKPEb|zEx0a+DLM0DE&E1HVvuIdjbYX)G<7giz3X`hhN zNZ?Lx`U?KssX1AYHb06}Kp-J#ot(=KXq}dgHDStYK`M2OsK~H_oy@(qa%|s}InhQ0 zY9IsgFHr9nXz}-02alYEkw7>>^}vH!GWEXR8j65k-xXD>;v}JIJ0Le;%%xXI__^zD zr4=LTL6P>@XeXAIl`{5$-S|aK?(?Y*!>tbS%5hceYfDLI2Y=ePVeCeRd*`NM4jL58 zY?az70{RQ)(dIyliuo(zL2}F1!GnBm@&pzMGnB<<&WhOF%IO%lLI3tle*mI?_R%== z&t|;YKe{x-#re(^mD9tMp_|LM$hF|Q%VNF}+YFWVu>11f+Y3_fKY85>aT>iI4Zm(V zyGQ{02QKKc4~nR)W9r@;;KyUJH2wf5g6P*dP8?96Q6T@mTMLEN6NNN9HQ&4;A1nyx z7XV7>I$~WQkCu&+j`dZ|qoukkyvTuaq=n}(|IspfeB zZ&ZQ!Z#s|S-V<~a!898Ynz_g&>&E^|SRRMit>0M3uiajc=COB*Y8@bCfu7+$q`I@% zbgsNY-t7U&cZb1TIhojR1byY`i0#7EKQ#=`z6S=X4@+z7H11zFy8PV<(cLd@hv<|Fch2OW!NJh|r8C#P*gpjK>o82VyI1n*Hd zC-|+bDc#19wWJ*=gSdFMcKwrouk2oei=9xtqz>L6j&B}Xm%p6M0QQ2EFkk{1$y1uk zo5Q7B1Nm~O^K@6fSuA;bF}VN)P?kDcbvw(>1ebP~y!XbqCIMd0p7xuW7@ucmqA1a! zOQYT4l{1KSz&Ccu9ldrNp9%GVj$HSXHIt(J^q`h2O{YuW3OK|uMjBLPN6|XY7K7>Z z4l$>DuUFl&N$i)fIrXoGxYSRhL_qz?3$EbitDJ=94cBVm102{6fx|l-sTS7R21a*! zi~=6q$*e42fH~cUz%%5HC`tyV*pp}3QM(d)hW^)|-rL@d7DfLArEe6!7%a&mS$6Zw zti`2GAqcVIXVZO_FuM6dfN<&=+t1Aoo*<8a<7rw;=}l`e^E?q8N+}y$UWk#r@_q-$ z$0w4LmbRYJAC-nmx$w@QB>!F-e%A1-bl26toWEtmyYnjT;Ig8G0E8irLU34hJo`zw6vMnFD?aY6tQipcC zY>cfQym6}{%LV%%fw>sY>W>)~VoQ?T*__o{cJ@{!AENu{ak8fI~qv~(p=;bj2>VuxnZV&oJ;a6&yXSaZZ37X5*$oLYaH*YZ8v)Jr%_U(D5WQ5v9V|R^`AtMdK6;2u`BLpy2QtG3! z4V_To-=7p9a^vfC3ZPAgKI?Mg!nsOa->xrm$&;gKh*dAS$-2J8y=VjX&SW6XV+AC=_w|9Gjc2qJ*B{mxYRTSzHReKjX{OcSS$PLw2b7^;K_5YN>8~| z61Hl^B_lyiJ@??tmYCcTxpF=4iQlR|^mg@Ym)FPbUD503r9gGSd1Z?k zLTbNXCxx)jP;sjKF+VxZkVs^|^>TPbxqDO!9!eesf}<^eaibrFER1nx$o%9wz#djX z0ls3(pl!ss@LUx_p;v|@hiX~9dhA1_UX^GQ?v*FOCi^xS$)cSiY%;@iU2=BMg%^t5 zR{LDe4Jm_8nKoqNN45C`)J=}YajYlM+l1)nrkc)@?K+1f3e)SIm0I$#&$rWN14;7QQ#gornZHbKj0)?Cdl)&ywi}MwDzEf?tF*vRcHLj zQ>5mjTkB1`QQ}K$nC=#%N2I09Ig6kAt8YU33vU_7@0{oLszpyEb(69$kqLkFYFfKB z-&7RrOVtt(OWzsUOEO zCJ!eSm!~<^aelA6q{gIa62+ziW_tZ?ZHXZbbYUoZz9##-KMmqoPOk5Gn$0bOrCI!0 z=7nK$6LxIyOZ3J*(sh7%sa{VcGGZf{sg`y_op?FKN;Cw=LK{HRJGDCVdEdNe%K9Mo z%MaK1(+v%%{UKb<@Q` zQ`EhR?cd-!EgC&2lOtk)2l;q{Q=IZ8*BTeJOXYWNv*qKt+KUe~VT8*?Z4hzI4&SA1Fj2ctVhi4>{kUw0d;3ReP!Xpkg?Z*@9hWyho&JK1!m<19W)8vM8 z3G`P?9E=ZgK{r!Tfyg0yUdx)Q+>lm(VZXko;Cg(iqe#p5a;ht!w{w4z(>~6qL-E}0 zW4}9Y_Fh@X&NYGL{%EFVv6#*V*22by4gwHH-X z&(8DLf7!BM9UYrLh;W3{V6 z49spW3v)@6CP_xE8aDcFE6*LO^68Tuctmc@1a3AX)bNc64%f8wv%S#}j-#NrDaIlm z#KPumY141H)nmFf*4PT=Oi*%Wx;Z{IiTofiJb_k>M~i(qNRhw7{#t}FaS$Rpb;E%@ zTy+enThPwRy4|AaRgrmTTlmW4`yK70B&d$I6*x5JH$Q|M;^)Vw#=>{nXDw*ca8fWU z1g($UyQXGBjL?vGEeZLyuL@5e;DhhXHS6CG-y}aTuW4Yqavobh4j%s~m+%aHc$9sH zxBV`o?A^%3>w)nzH#N!g?N6fpsd(x1gcORy84y6a`LtgRg{m-p%z zGxne9Vmv3R%7mH*D7@N%(Vrzbec!uwd}Y4GVaCz9Qt;YkG~&+^A^u;%YR>n@@SC|g z?Nr>D5YfZMUl+(!gsN3`)DgR9<0DP>nP=L46VUNMXQ*?((+IfWVaU|ghaxQq1mzl5 z6p=gXf|Ro^1E6tC7DV(T0sdxUy#BDUq{*$H6+$(r@2sWuEyZdVtR}u=-Q*f3G<0I< zsjXA+I9sME6=;_3U#6F=k~GCW*!250`FIG4ApMZO40!ZWj6VpgoR}>)k8>?*Tle#H z#t?&~@6q3bny)cOVs4%dJEaZjpO-y)WkAJ^zI0xDe*8OBD+>=~YB`0ahCEYxlZ=~N zK*OYG*gX5*7+5irK@4E1ZgR)VQB-XiEGI}NW!q}FsjD2|xkL_ey_$rTC{{RR({7PS zxW_V9DCLAW7(#oc-;;-@A5JKnFP zJrtpSJf@zrea+BLI(qjX#hR3}(yq5RzBS6CslSc^ymO^KatD{>1Gp%V^C&2aocARn z)QMHx*gb?}@HJE;kH{@v0}?ptX1O2XBa-X=ASPDCqGyK1tgHc#TZrQfzlM7tnbgHM z@J&id^EaNHk}JX}&CXNlzhz}9l1EWWG)9pS4!}eo6X8s`h1s$d-}Bt)Q;O)NHL4pS~67yq0#wnd~rkHS^w_#rv)|zr?%Mv ztE#iho;wfHdERxonR@@PN0n|32`XtSrgD)8#3%ggnq)`t}c*jTr3Ol55F@irK#&VJkQ#qrct z^?fuIlmuJUt{@WZ?US10Gb>cA$jSmOT!wgo+jEY#v z*w6~3o;%sj782&Ra2<2Qdm%mJLC0<7_SS6rHAUd&^J0GpS+5+y>>uO0c9_wl{7cs2 zs}`X(RyA1dR>5OJ<+Us)EA5K5>^H#HV7pot3*K`ebd-_q03L+ z77Oe~-+b|{6NH|xtl-|hiQ|ik`2}cNJxg!Bc8KpQ6U1Q~$=F-(W zq3@lnvy!x*5`lgPdCpk%h?8;i@QD7J9M>{K;_3^OP`$?;icmJ)VkRKi;X3a`^aM|I z$op|TC6dc;d6Lav#&c5$o1FZ@j@m=FE&X%-^;-64E4%e`#-UdVDUHq_t+w}z!3LvT z4dzSN-<>i*#|y|Td~Kda*>%9Yzmf|n$>1VLos!!@SGiq}wzq4jkko~EgBn1;VlrvE z`S(jJUV3AAKRSe7quV$Ip1O;Fz=G)x*SN z3dY8bSHTq>wj4!Y>!xWtHb;iQZQ#LyF;P(kbQi19>7mx9?G#hyM^`OMI3Zf zm%sS1*Yk5yGsDvG@=z>IrXP>>w>5MOT$m`8k|Rt_ve^&%({&TLIsV5*|3X1|Gbd&w zmlS&~{2>2=UT7%fq!)l`Sl|$tgSW_G!z~a#=(Ljlp!^aC!dJQJJ5xKKnt#JpD$uZD zemOq|NZdagBERE_qSCA$U8QzDUDm5r4p>Q%@iy>gvHnzhK=DAjf6k^1l2%}qC5OzG zKTbU+HEIiuL2B>^N7nE1A9)>AdTLko1#Z{lWl7oKx3`!u_0F&J0pqLgU}DMdGNz2c z(%1_HPO!6$F@g#OFMu^`FPGWD!GnzJsX=yJOh{-kE*@a@d}Rp2+(nTN@T^r{KOb5@ zw<9vn;^?Ce*(eybiOJlMYnp((<>@Bi^Lotm1UK=acY)shmB=~%I_N|Z-Bv)_xRh!W zYS#8^uqFkz(t6;lgMJ_`Kt5~U1?p`;XIHmmUbsn7hrkbe^=O^`O*fAUfLX?eXy@x; zRWggI_9t494sDeQMiIQ0C$&RwU1!504=KH$2s^O;lKXl^@NQ6=K`%m_TW3lVbpj77 z;36<1s(G%#7iI#>-&mmokw13c#1N(qQwmSVrE9%$Q^!RU+-5v#`@C3EseCu)PIN*F z+K&!bpPnyHP7?~0c*)iv$1_gWVG8?zsP1#dX7S9fx7|kWvmJL(K%G0=Pww?Um0S@=c@ub)u()h=(F8}H3ANNNZAE6BwQ`;_mMy}D{{$0KE3GR zgwn`xPDFjb3B%1HBE(&xUZp6qic>)A40#QRb$}n-$ITVDRWyNy+iEjB{pZpZ@r?|w zIv~(HdhhabShHe>0yffI2!N3ji)V7!eh#6^pvKC8NWB=}Rxl_?1m3?3{a%^-c-6JH zS$%J`57=|)^B>P>!XpBByL-R1VHN_&H+8pd30IiDwJ3>Kc+Nc;!?t#@i&gXjbjrpM zLm05_(DgRE3p&Sb22OJr;qamoUfC@3NFG{UH{Jf4-eM^1Gh`3@iS{9c#p^y;r}@D2p_LrVWNr{i*B=#*cwi1cn4GFtq23)CPJ zOL0{Lkz>6V|CA>zTm%50o)@;q2-T0EI2;luEHnwNZ;S4A#e>}ML?{v|=^^$DroYo$ ziIQ!h{mZ#SS5wtSO_Q^5=$vetwQQUMk+uS!xVcgny{yQOaQ>ykP}s_d*XR6X(a;FI z!nxXPIt490t#LeWYt98YAs6&7`zF`}@>`}>nij>fw9j|&SDN_N{Dlp5k+%&umCrVY zpapIVbAxhuM##860Tne40h(f$kr(zIlCrC83}g$dra7iRy}I`XSFg9Hq_0nh-3Jw& zpbTGGw74v=ynTPbg&Hy3(cv>2Zs@L)p|qL*wCG~UJHzoYjgF#LORG*F2_W)_h@0^dQF}-D5m+|*`_7Pn4gB4fpouyUz z$H#kc#E`Ed=~ zH>%ALfpY_;PtBD>c?Sx>iRs9$tEfl#z0pTE8Y|}~df1Hb(v+ruw@s9<-8ig)x!a%m zIDc_1!+$x6C9l7;s5ktVPN;_`tAUxjXTK?+BUF8_!N6$^z@!321)mXAJfmAf;5L@ZO@E#IK3pd;nxkb*^xqKRuIaKC}DL5NuY%+S| zx}$%8!}B9tcIwdbHFj)$KzU@maLi_@k?1CLbm7!k-$IQ&|=g#0(RzU?yY1x3TKES{3CynhZm5%#+ zPE8$=oj+|S%p^g?cb5Ep@BRQ2QXdAkqBmbxps=pGYsuW3zO6}yc4_hUJ->B#p+4M2 z59NvX)0^BB;3hllcSX$l;1p!zy2T9Nqr}e>#XL6Ji=MMdJY^Zdt#typ-BBM_IA8x8 zhp4ZgC;T#*n~g;TFw@*sZ6dPmhX&h8#SLw)={-RkQ(cy@{UhOezy8NyKnsyQlV;K{eq zCZ1eh`}Mbxp6J}}$J5#arxhPZun`b5Ew*^Je3vjQ4vnBE&4s9%ysrTh#j`m=P85cQ zjoqcH8)><-jJ`|4ecpzuc)C~-w&nT0iy0j4EA9F(c-fkBr`PlR&)Y+H1L!5|Z%IQb zzFme@@_iDy67Fk&mk?yV%XShp%ct1P$oE&&>{|{gUTG5DK+Kc!T90nO8eM{?#_wp? zS3E&1U&MLgmPfV{cVm@wtoUm~>R19C(DxSQYGn9gidp4s@eP4F8$#W-D$Frtk;3re z9s7|C;v~7uvuI!gG<2s1uXOd$h*bN)Q+8IZdK*H(p1oJoPfky~O?V?5)uZj<_sS!2id z*Ky!F|8lmn2p%f_oXdcRD?*{L-IyA|&AkwrK6gA^ixrjo)Vzvuk z^kgolVF0?&6pbhNGy4O52lOmV9%)_qL%FRvQej^46s^ga647=ck$FCqT+6!ftN2kW zZ-*jcS8l!y?;-MV`i%Y9_ufHL6W2gAaJ8iOJWIF-Qe&WBlsSwb$TMNN&ZPeZcu3GV z%h&SL{@KGmH2e}a0>3ULy45MbOg?eY$_EX|K)4lVAu5b>5c7(7YP6Qr4=PUj!6aN* ze>UM7+yjF8DPV$|)r1$KSsUaHy%_Q^XeR4}rVs)D{*APZl^IJ7CV=6HtXpU6Q~GnQe;4N0wAG_FWL`DlCW<1!WhJc^$d( zE&MBIUd1I}I(mB;qy$6Q8D=ddMK;KC#$ee~#fJ$?8fJ#${t9ze`R<})fMx>|QPC1Y zVH?C+yLN2kO1lEzV36=<3!J<0^yzJjolvpYCZ>jjNdM``3N1sdVsB241IgNJA zBKG1yujqBwFVhU(ncWmiXEzpoEQ@g+lRDlSTX^L{!!-S@n}}uQKkE>l1Z@Tuyz*-j zWpsJ)o6Kh_%InNd^jv8X(&L=JY^A@fVmQ5U$N3x1^xQSm?HOqEpBerCp-9{C30^Q< zQ2+3cbnO4W-2DY!!U6u$c_-)%|KQ(meEc)g_207q{`0RVD4*~N%3rw5>H10A_mOh? z?5?qtrAQiH^X5iOP3wSlQTTtUI(ho;wOtJ@fIZmTJEb@J7*`fQ)L$;n-o`U);qyYU zY4yYmY1EbO|9<2z{gUzI*IGqvd|~l7flOE)wW7AxUnN2+v`GoZx_vObS>9ePGpBXh zi2c?2f9E~uMoRoW>IB2`*pJF9J+OrR(vF(XUBXjY)@wuS)HFRvYEWY~9r^r-o_>fir*|UB+Z09ZPZd{rJ{#LQQ#rjuK z2Rf{bL2@4KKMhnk^DAf5>W6sQqBFTK;$bPfwaLcuxo-3eMVqjJd<3# zGUZ_DsE*Xh5AXuRpn=fONvi|yJZaiSvc;2Y_q?sn_s42Jo6^{8G-~dh4!AeErtft* z*Y?Ijqk2t=%bZfyF;)rzQy!d#`fcX7)nxyvQq0gpDlX~qNaPorIjE63`H<%oX8@z0 z@EA8)YMa^RE1AjR`^|rl?9mp#rfV`=%xH4U&zOB2ojf$Fl^n<2obl36wnDvjO2Er! zO$$!eix2R18f+9?w1JRRem+fo_Wdsv`gfgVG%A9a>z@Rki)5H1^>CHSyO8%&weLNZ zM962XL9WZrxhng7+1v+9FG?`#Ayfr6s8x)1kBgldg4aWHgk8eQq6ym7{P&ksEeQE{ z>t}z(^v}P*r@<#ok3=1b01GjUWkSvKh;shp!SKzBI~ioVm2(;IuMJZd+D+@4MeB{J zQ$IwGC{P-M)pNcN+O3PL% z>>Q%>-uZeppKBgQF;7`ZcD{IJ#S9+cfm0YkK$63XD@jM(U)3S-LW^$NI$N~Lfo^hG zf-qrJ_P3tKtdGeII`jL@g)`(UKzq*24FQX`#G?=pP|njzUaLfXG9^p@SDM>_OG&1C zek}|~zeFtHjee3R9Xwj!eYUc*s%v5MBp+=I`5q19`_K}T^aJfRt!*by5?+g&>D}K3 zFgl1hFgFek4bi=n)H6_}>Iex5-<^q?^R~HpDJ>UK`4{HGDMcyAJTcq?-&6```i03$ zaxck(50;xR`42J#bkdV~dAbDlL?EJ;A98ohbHQeOHl7F4d2&nkMmfS&o$RrkbXa)z zvdpuL0SB_q42?O%Wr690@T1DgndP2lZDeeJ0^(~1Rq6p919>v)c!HTMVW_LFfgVdUq(i=H zxlLNK;A>2*3K4hshYx#TP<5(S9I15c!G8X3@DF4&RWzxSC~0iWDA;0L>=u{lU8t-xNAf>tuQ~O4|}`lb%Dx{eIMeDS;42^<}fm%T<`(C@hUV)7^@&h()nKY$8lce zn9XwsT@IUi?GQWADek8gO; zT89NMvWO%$_&QkXY$uK9(jzH5nWmL8ek;)gUIyHzVr7v}+jzHGPT!z`dF2+4LTiN` ziZ7LR&+CT$Jr#pCQXtYPCQH|E+oqkzwLfc&39de6+c)$!FIw zsRxxAy>h`IjnL%DPKut(iXM-H#>+pRI#k`Qjic}^X*uu=(6O^)Qf!W~uhWX#rIpHg zKT*HW;1hmBML?F2UIYmKxNSqmLv z(IPcXeP(?AhxMtvBtGSQjyG#MUW!bAX-Q)N8e>%Lq~Dn+l~{*vvTySH_#ve2R}LbR z0-w|3V(8DaW7P*sL`@+%D)Wb;p2?P8hP#<56ITNxJGRj_DU3cDzdx8}DxV4sZ7^w# zO*$sMWqA2#!y^3I!TdV~Ja`C4;k@nUO7NEu^H!Q+RE1iyh0*6U)opLXDkK!-T`;IB zkx#-*FC*Uxl_`S%rQ3#v+95>h zW%M|6@5gDKD*xDh{K)QPH+)o3#KwarT10PnKLNpO*#wV}--7}=-M~=V4F5XwMG;Kj z5LPBe-W%8OIltl9STNI*jl__x7cU#@tI2|Dsz-XRb_+ zwhVZsK@6IHv(Y8;y)xbLiCX_ot6{tL`TeROoN{iB_JsH;14@`mE3VKPVb`;;MIVG- z6Z6%qztt75SEkolR=2%C1xkck7H&73WN4bLJ`65|0tHq=$ zkO6{_YxOe+N%Lge6CQi>0?*FwleV14(YNDPB|%Ch^2rkai{z=xI5{;>+vOI(OZMV14d~>}iVnZh%3mpo(=11UKo5xGDN=6F&$xIgGquz#o&ot-0OtCdh#`8D zqVKF#e#r&{yyz}r{cuV!#zUOfDz&3ZEYge|?L6eiXUvc| z9KS&@vrHUHdSF#N0q1g&)Y7L+Ns!Z?LP79NCTiUNq-Kz!z=u{_mo~rH7VW1^lA#gp zx?xY|yJ2`A?}T*S4*OU%OhSBULhg3TK?fJ&VDdyJnqr3Y2+(=qAgj(a$(0%z{crJX z+Y>4%>S++@mc+XJU4(IMO+f|R#R3lIKFeW$So;0)<6Tyc8$7Yl=irOBnfo>>Mr0_e zC^^bc$=mRH*)zzMy%JMRUkjcG-(PrYK@>^nt$r;dNKBK+_l=Tgb{+{r$CQBYkDB_> zXn6ck@cpW31UbjAKbU(?9kp`joqJSE4Sv~TpJBtpiwKXTGBWq(n%yiZ1LlVkht#Ak!dxDmSt!w$a5b*nd=k)qM~GqRAKUJi1flUAF|Q&+wAh<0M4tX;Jj`5^{X{ztddK$N1Ui9%7M z4-G>txK8j-=?&U+&zs5+@o&RMjZn5ddcj?ENChEgQYz~+1rlhU3vUOnp`BPJ9v*2> zTrbB{%zH^g$*EDHYbxQtP*(k|MQhDnT^1{0QY2F10RcQZMG+x1YqrO1XX~QGNj>Cf zp1}sBHAZSE?$rG(ZPTLZQNCXJx7GBOhKzn*@7y^g+LGnv6vJUoein@fX-6`|^NcyOuyEk#D7 zq)-VbkP=eTRHfWd#=yFskuGlgS%5e>>kbKF#4_PPg`wPOTQ?dZ0A<$Ox!WU0)$m=H zI7@xg98L0z zQ?B?@8eIXRSCIOD;5-cmA}mIMDyWvM$uY#64yL>P$u`M*$D2~K9xue6b%$+P&%z^^ zP3E?fPXy=lB zY&P>eujkrr$zCxkCP<{?v`vx9_5Pw*-!S}Z84sPv!bByQKyZz|nWWZ)8F#(aB-7`n zntE6BMr*0Vs68DLfsK=4$UW+>t^G|XhFjtXR7gQi`6CNv`{gpj*^0=SDv{^}nlv!|cCIDe z5(%#2DELiF5dal75aMj{y(k_8{)_w(eWg(F2$E+iJIP*&+lU+`#5z3L9WBYb9E7T~ zsz`sk&`6+f#40Ex!7?1ug~tI*Horc5!pr-1f{&kx&rGWbj)gZP-8*_{Q4JT}eb-Ng zH!{;r$TY9}RTdqRd}5KTf@M&(s%;Raeu$65x+i5#&G$2dh8}BRh_FXnI}Gq6B}m!e z@Z3$>4sNWHrx905Xln)cY#LKI4eO?f};Bz;=bo- zRrgu-KzDl~ppO$)Ti42>yst%v(#tHj&wJUhCW|iL6=ZXr{V2wPaLyhp+50|am4wKi z9)s@eoypJU&v<}?AF=K-KmArHw{7s9pG?rZ@|g&LhtpD&^PUh{oH9QY1ex+XR6+E# zSrg1c3DY^2i@zl)N?JrlGuy$`XF1{z7x|7?Odw(>7oXy@V~Xo>!6ECS@}sU!DJG?R zYj88~Dz7cS^vfq<2d;8$(+H+)WtOZdw=`yzVDHTbxFtjdrky|MOEoeUQSwKJM=X6Q zS5B54^3J=jgK?uu1|BkgC%(uT5A|bQ5S2r47X!nQNCc5nCbc>fb(C4`2n$>-$*4&` zm3w}=16(zebiS&7lP_Qh9ES@>NGHU_O&*y+6Eo{2S*AC+!Eo?pdV}6Vk^66D0BD0w zDtS|~bXlqmRqh#5q+HHqx7^GhKFTJm@L7kpRtc({mn`u(0fsBmwx+)26~l4u;pQ`P zv~@@9b=m#2zfJjw3o><&l#$s&K{aKIE5#~Bn}{VL^ZL<~92I?Yt@(&ta)o6g1H{iM zeNtP#8ww8DEO|b^T+|WyA8O`N%@-6hvTKK1bO&2n3sFhB_p;KR&A;yj23Vu^UgIRh z8M8uoQu7wwjxqtpnN)$q5Nj)LV$PXNm0gLdNL0`}QzQD-o&{OqVRK=}r0En|yUTh> z5{i0)9`8E4dhY9X^NXB~2FzV$6_s3rW3x_gL0K2aFqVpGt;rPr*OfvHlLQ`XyQVpV z2FvDcd^!*#48544%-u$dq>bY6QSxi-0-O*%I#GU(?aWcQaIolDuoU%K0tsWR;xjaL zW9;e02>>?YcEOL<){oS@P^2q~J*iP9Bz2edN?yT%m#FnP-6ihmj{lgJKA3v%3=I(6 zbUnuH!$ROKNu~c>-3QB?0Jia*_$9KTjTHTvD2awpkrLz%MIeeehQvVGynIgGnaSt| z)GYKIhb>&NPi3b}&&q|2s-Z%PZF||!X$e`GZt%&->FLw%0nfopo%c^%Y!-+ta_5RM zp4yRX5fI?HZU)jy^)!CP%=MLRO3*j;B%P`~&_~{*-XX>2MUN(YLO$K z4{QRnox#AzRlpnO9k1Tv7$rC%{zoui1l|I01osnIv76Z~D@@drlQyZA0lV8;Na0`O zZr!DC>F1f^x_8>kF)jq@95bk?DZv=3rjLusn}*vE_^?j|!#UapDc!afizX#b zGbg{KQ4zydcO1S5LPh3%^p0kR{K9>E+hu>ZN$HwJj0g zY%-Ck7ToGlIW6y9yg$MwVHf#*=PAgktq8CAhfLVT@-Ii1)WyGYfAlJb3B!l4FCRHA zPYy%4_CA%C{!Hk6%idr$3S6}|vwhLk!G%uK4CQ$f(lONf>I2*1kP6_91 zjB$8E%pUjq*g9z!^IJ;ay=_VV*IFEth#sUYYtPBf#$1sOFdr9$4DXInVXjv%EAIlRbBkUBR_67ip*YGB2B~Ov;T@ z$fxLak}C@Nus6}~XSpwIEibH527~QvvdSlTebHx4rQeAIby?!n6zK&R?7wg=i@4#N zo@Q{MS^m;ohMZZK+sHutx;D#DX*7Q3%cXA*Ff!FDC5^Q6_{l<9T?BJaKNfXQ$YZv> zM>Q5`^7TswNijvbFF>KLy1IK#!gvV@kwFX*Ga!wMpQ1Mn2R#Q-^W8dB+{ML5e%pc? z;^tdp!fjZ>didX74B%RaU-rwR{aZ`H7b3A%|JUJ-9!ClhtHgsh9edWt@>zN@r~F|; za2}+E5IjZEh|3HlcN}8wxb)qKIl02(Scwh5GCOeuge=GH64Do5poFrUb3E~RH z^#C~>ndNA(>Wqk5Ufb|6etg$wYD(k>Yqs?Kz;Oog zm~}$5#lJ{!yO=vTSkenV!rQNx$Si@%&JV9q?zzC9R~=(h&cjcd$d_piku}4ULPXUj z4rxsXZA6T`P(9@WN%z-U2|C;|avj13F4=QPrqH0Mq!s9Bsn)~fy7il3AH9?&g{5yc zwyZS4!nL|@WUE4mt1RvpaEkJ5y;kEG=^WNl;L}%+T5%Du@~M|p{UqFlhUT+2{`Ud= z>(BC;gQ!;BWsUuw`=sEE!qOz41Q?JJVx<)@jZe4r^Go*BEh29=hd#r)Chj8j@?aQP zR@%1J-2vlDrSl4k_RypR8^y0tMFIOJuVTH$0#-4WpKQnTZP!^QwRPm|&OEKqWb-i3 z3B?6szW=6J2$XdHA2%KnAl8+@s}nTZa><8Ed=CD|4^{EtmPSOL<0kAyGQH-?(ZXdArRV$-IS=;@^$AP}Lj-Nr#?nCmYW2>b z5k3lxP{yc+yn7uL&J{`afqsZVKDk%GXDPo1?W36wt->jT<$9FpoQJLknfN8sTTxEvF?i3k0Ld{w~^mYh0RL|Y8AgJkH+CKhc`8=5ftX+^sYoK97hoX zDND}|k2olrh>9oYF`D;!BxnP}zgcUqvN0Q$b^ZD>Av+q1bi>Fuj}6QaddyegTv>Gx znsU~tNq*|uAGzYtDJ+x z4rO%le*KnzAgR5>6k2RW5o+xCT>S>r))=T=Yx2T8j=)3nx_gm$8GtSP$xQ6SVf5zO z!mwrd%?5&Ej{M4_r*v-UFii_~>~90b)Qj>nU!ZFF@W~1rGY!Q# z#UDs%d2XVFUs#2N-3 z(vAl*g=y?)Anaw}3b5m1L( zQcq;F*(&u>R}Pv2H4&1D+S=_wX}i!SA-0D zdwMMdgJk=Gg?TOf!5+0&yt1N=ma9f87CgEEU#t zJMtZQEADVyNJf>AK0*A7NJ&=i%K!#Q1Q}F%#QAvUI2A#6BB*JUAngcE*l6NA0+h*V z$278dE>g2|)tVz)DlUG*`L&9Q5;v~Lf>?RG$}xHsP$DF_T5|U{u+=UV_M&;EY{OI= z$0(fF`37{%~K62W!&0sft~I&L<} zc@~zU&hA3Bth7DU+~md>&0K6{gJR41`CAa4>O-glQzS=dvMrx)HOKPX_2Ln_AN#{h z?N3?I9J~Ppvmxx_ayK8cf_0HOaxji?%$tmJ<;o?k!9L^ zg|73M6x)X-+Xs`E)q^s{Ww@fcetgtie{}FKgPIwi0CmW^=@fypOz22d1kC);%Oc#N zcu9x~3SXlV1YB4#A#dbSCgpY)=H+Yf`j_eHZkJbu5N6HW)Z&L#lkj87>A!67Mh?I$ zGeuYt6uOU;^~@LR{0AJh$Ty|%7>rz`b&H`E(D+rE1t}7Dl;rC6)GXvQWU5g0<3{uT zgx-`cKAH>+t3Ld4m+`o0y{a1&;{NsN>*FwNm(9 zk@y`v=m4Smx}jz497|g7*F0T5>fKnF5Eay8KaNw~BtgGGWug4Nu`*@uRK>g?r^7i~ zo(Sana+cZwtShH2+vd_@ZB9;(k%qq~V=Zgj5J{@LfpBb%>P^M-W#h521xRy8-#x%G zOegUe?1==_|5p$lB72|;#?EfhfOD9G zAueH)3dsUBWonbk-}UQA)HH(u>|fU6 zZrzql#ntgv`W!0E^c3?MTmcX}9|--?`UnADIsO?U8a%LJJ-Z4g_=|%DfGG8u0$D$y z*QhVAXo+PkH*?Y;!K`o2_hru)sk#W**j5NyYsNV;UvK@5eE!C%Mr7QcenPYL$+{D# zq8#)pm7&zRAX?E3 zfne-q>`X+lDVgzxjDgY-!!nQ)P*P}6+^cl#wiA+ISNdha?Q7o(^f$0tqBE?7|KTuUJ%5n_g|pD_Z| z=R=T0aci*_&~)!8Q^*6OI2Nf0slGZRI9nHpn5hlFQCTUxxy~d7yT$1>%V$9Mf3Il$ zaEF^8MZ8P7JVIqCw7#0UO#;y)4D!DCPU_vqo?)D_^o>&#`IzW&bB8vh@f`%eDa$9! zPm&Y_I7vPQkA$L&WF9gDea1e0=siXqyaKUqpPXAzJ1mr+q|}`$W@+-Z{#WAP2FQnR zDtZxYZ`sF>bBb)n;Ih*D#NgIwp`Q%&tA!0GkL;ut9F&R2@x#>am0vpPBC8mM1pHpH z>UpEUvHF4N9-DdxiPmvtf+lc{9`gDq75O(u?9~G7ea8W(zrN9tH`N$C1m%-$o0#bD ziol!F)cksdr`Szx!!()jhE-S3rgd4o3v9`+xPrP=A_jYnp6}9 zl4OyZE%JyxsL}`-Tm3Yck0nJUm9T3ua!3y61gi}=t);$SKb|y+_rK#?jZ3JnK_RL0 z=Ihx9Veh!hmYwCvx4qbwIffoxh_k-LJy+Y`SJ$`d7T^oKg@`wRN?chVNQI@>C4C!i^yYv z>#UJ{0NGR6%lvl z5@ZRGDux*^NgGi?FvKW(hI^mk>|4>P1~o{D&fMTQ&wy9v9bm}Albc+0&2Qh+ZS~x&XOhHG zh!P+pzVOLdTM?*k?J?H<>JT0LdYd(7E7Ba|E<`dttJEEQZCMA;X47{2b){ztWewq^y~%z}%W-H&sETEvQ{DHhJDC;0|>9?`V@3AZ=(lQkDU zm0ML2Ou#tbpqtV!WU2~kW&fc#*p=}(S!32%2Omnt#WnkRg3*I~hAlFtC#LNg_1AG! z31`nukR%X|J{5c#QN1Gd67vEWiTx(A-Ag0JW|D9^G)(>F-VW~6hwr+F0524B>hP10 zUr^07S4TR#xtW-Zqg!&YQ=Bb~jY0-tU1Jtq?mu%5`Y`8ira(7g)Gm8ldSsvuT$1%= zfFu`%*o@}gFBe4Hglg&Zo)mBh&n>~y&%Cjo==_#m`{dIW`Y;@p>i;4#kQKrMOuGh1 zVF3apFMtZRRj`OXtKsH10f)mBikM490$Wc)yg%4R$JXsQ)bJE1@^k)2-S}3Ev|DHQ zqL~?Gkdu3d!zJHdO8i4P>dmv~v;3UKnL?`_oTEitMD%Y^?_dkL4wjL7>27)>bmzjSOXLp0^Q;2Un^W2uiDVy=Iv4~@By5YUy^*?{g|_M z`i|s08DmerX3)j|JNOR~LoawTECu&^a?l<~aT2^<9Y?84pul4<{vgGVmWR3&?5rO9 zs)NBl!k6xA$SgzpS`hB9x=VfD$LS!>d4!EL2r)OM8zNqR{*6Yj6Dk<=Ef^3SMLvH9IDYvR z<9E}G=DC$i;dM)Wcmj75nd7Uz?dzavDxdYm^-JvT>RmXTEz^msd&cv*Nr~RM?h_%) zu-~JN-`a;O1AY69Rp?HrWpD|w&Pj(|j3FbBoHX&vhL%R7=((IFCYH3Y{>%L~k`mZl zeGeFYN-=bYRTfB6@LlZasd<(jLYLOgE^Q+^j-7S<@tS z3IBNiCDATH*>N{KsD*v==i2}T`ynIl%o;S}qhQEV^Gi=WA;KY>n^rgKaL6bbkF&p2 zj1?+_++v>usHST#{cQT@cXsM|1m{Q-#Wub>Se9#9kCJW0f+)qY*$8j%?gSkj#JN^9 z*y=qzy)Xn;M~6q1F4z9Q-W2x}@86ltk+$y}tZGBtI^=#-`Xdq*9F>q>Wp2&wt+Tw| zWVt_`PW*iSh=^$)zA&vK?9Q~G3?&jXC?F^-$U97UO#A#*0oUvAV9j~Iy&OUHI~tXm zBQ2dx;*4fALJZf)kOyT%{`=Dm*t%UfWWhkP17jBB6*}+>+&)R?G+L{F)s=NDoSX|8 znaMP32=lK579TTN&UWm?U0!60c9h&UW#WCJ)B$H&`ya^Fk&cmF);HXuv{!7X3<=V0 zV0w34yl~J1B5$pQ6qRcG+?KHut*HS2magxcEslUM}u4iz8T0H2$$%h7u$R zAFuY!Vb0@i<#pHdU@goOqfsiUml%$OSf0eaEb3A`w z4GcOymuBmCT1n$^CfU=uS&)ZL``JqyZ{Ap&J7yDiH759`0$0(Y9#nK0H|FLHKi%jq z-FB1KH_-_kvbi?a_4qffHeKdpfI$?;|v14?d4UzB;wfC3i}|&+JaXp5QT> z7G>K$%%~^pOx<+pLVeN!vJQG0h~bhsP-2F!0j16lfm$|fnxz#fNeOVmI$~KQxUr1`2X;Y_V>Yzd2aZKoDwFtVJ&oI-?XBmb^lBS7~`2^5I_`Aef zSpOwq$R!E;IPpa{BcEe*Q@R}?=Feo>Y0@fiH#>DZ=%#p>`$@D}mspf!2YTxZ?bulu zD{08vASE8$h-Mko&KMhk05v<(_BwTQGsOYAba3i8MJJ*p)we3U_AHNs3mN)O&7cD% zT=~bE034|wvQFcnQ~xr}HdJXe_F6~j+~@=?h=VM00`7QoQ;V}d4%bkkX(5Bhz`P&5SiF^L}N?x--B(uo8iJ<=;3A?KsJkk!ypXuO@MCIN;Xg^m2YQf<| zGVvjgV*hdkyC65oQQRqT4D+68DgB{ZVjACH_!wlO#{soHVIz3iYN9rUfXOh9C(+hH z(An~lwHI-qO)?~)BfluoazEDCcx>S(MY}3HwhdF2M#uH;Vn5#WX2(Pa8(hf=4Ga)V z2dQN6dNK}it?mOtP|R8#+50y31E&49V`RjfwY0#4^8O;H}G35aX>x{XmbL zPb%)^2P8z+2yi0w$kg#w)vQ9#F*s6pU+#bh48Z`Ph*w)+zF18@u?M26!-eu9?|ODmO)9+z81sUIZMR zs`-%<6t@KHdZuS5WeSh*hKt3wFg4|W)f$5))3%PD#>U~s_-w|*Y zezAH`sUh=Oz47+^C_qPf)q#=Y!cM#B+dmb_kt33k2bcvoqoO-}oMfTcN;3WFzF(1? zviW#Jyt=89UDdy5CFNItIwI5xe@RWf4q_u26gYe;f)fSXNefV~w?AV%TJy<9;IspJ z_>q1VBNi5iEPzbfm?o1rqb@`^F^BhBrex>*CLcFWKrQ2=aN<^GmPK-&mKFp2BfFx2 zEc=dRfjEHT?r2Og{UxU0c$aP}D4Edtj17))u>4=iyz5%BYkcW4PXUc9W+{PVp*l1$ zBz96Q1Glny*(}Awo^F0xkn~EVP1&?4@;&maev&!SqDS$9?RUdJE#Jl;81O=<9u`f| zPHel$7X^b$L>!Virm9s_teqQIgWotvF`1;Je{anl6LDAZ#)k9dJSW52JXuEHkO+ox z^qc1freFJ_{amtBgpR_mvU_mD4R`)r63~C})#xCFFY=rI2kgUQ`gj@__0u`!%utf# zMPF0IoUjst);ZfOCqg6DlFCrwxleI)okIzh92oqjq>4`aqQClHOTZz!$-F)M6tTw0 z*oaKBI?`{~@zOZMD79dwYM~g36Q~@H6q?I%3T71>;;ZvYts|o{e&~T)y6ihBwD>t_ zp=NnK=32?qO?reQnr&HFd`Kc+EJYY3$8cuh_&uxTz44pPAN3gU9Y^WUbh3A(o#K+} z_FTCWCmVrWr_8jHX_1EJnJHO3B!5coWb6#WcLM^PgD|_jepT049j*G+-foc}Haf&m zG}(#x3zT-g#1aONca=BV-NQq=3;t`HmI(czI$e3{*ywNrSx~By zUKGd3eB0%t~5S|g&e6ni5kyuNK#*V$7(@C-?a_5_c^w7 z(ujQ(_%cl)wefuL)$7)B>ETvG*rX6ao5sMK_R#D={3dW= zNHi!~Uer3dBk?alZA+8;yTU0M{F0T3m3Ga3nQGD_7k30p2^qR1x)hk6HQkaaHFZt8;w84 z^YEkhmC+ypt7kO8d`zAFr|+z&ho}%d7U+sl68fQ=Eb37$|QX*Jv%`ZE?G@FWN ztsU@y8I8Q#<51*R(iXx!Nulp)RcgVD@2aL2gYNkvE&4B9#PxJsj`s9394cZ)ShBUU zC~s>v%$OF?5O%>;8Un9>FBz7Ss{bj--NJy+tpz4vQFoz=s&=_fYR-FaMPS|u$}$8J zQCX37y!px5wIK2mFn8gE9JMpRhX)EAFZVE@hC0|})Q6N%zvvY-^3Ow~^NlJ&8SK6g;f$*j`17WR!}!f2Ds12|a~<9&m93F^ zNbYKvZRkYfHT}d%=U{y>Ol@y~N1SzM_36R|q_L}s1A*p*9oA}$8HfiVVWEbXduwJ_ z>SHXpaAsGqcYMLy5hioLF>-1C(O(CmgMIh zwN3@SI7QGxXCtNS_~YS$eW`S&R51Ku1nU+9#a0+9un~mv_|+m)*Bd@$4>m8xiUCSq zY5GTMju!;u9jrM5ejU1XIZA++X{8jQed~ zUyPxFOUJCoXV=4annr^_E+)OLWOo$-@3T%|fKI(W zzka~iRexTD*dBOWhpaxku|ulhop5G3zBzvwod&8^;)~#=9SSpBgB}FCyhBUUs)mX=XAp7%Z0*$*ZP z=w|Q0k7t!KNHoNuF!sutl{p~P7FG%dwbyl!L}`@buiKPb=SzWaDKKo3U8UI;Ib^nA zWn{nt*<8#&Jrm!VNBJ7@c%ZhowDm%W+M@N?TH%M>c92d&o0Zuu@ap*l>qpQ5dhy0bt%8SUF0+lD3p4JU7r;g_FyC@YpzY-?7gTL_ z%3I!^p#SEV5Og?`evY&+zR8p*K=e3VuX^PpAk8dVIf){K^u+^79q9%JXo~d;Wn%ml z>kctD#GvW-odIew@j!NG%-+a?#~E!yOG;S0meIYC3B0@(m^&&v0-b!2yUG@)KA_?{ zUkYT8o)jegDmMU~FOglUP_mkeeEbbPFl=dr5el1qrLYKnX2Wfb`z5)q1qgYa~X4EPmn+DNGw5l<|V|ixh9{uX?i_-qv#Jb(<&hC zjBQMsG~mgVW;d8`h#giEsMcjiFRGt`^hj`Ae|m#%2%4OP)V+I(&KNaDSW73p$**NT*p*R$Q8=pH2K?MYnz37au#z%y)iaS<>^-} z(!KrGziLiod0(rbkaWU82U?KhAnkVcB<7ODT$q%yrGVTX!(^lDecBO2tf4R$JBsX4 z5N(9g5TRawX40452q<$ZC_MhyGO_%OGo|FYz0b+q1!IF{V$ECT*5d>jk-gko$Vg zo~OcB-EV1_ny(`}%G`V7t4WmUBOk(%!jotq*YF#;!ZSwD;H_u58)+1?66^Dzvzy49L3&}WC&-{0OgA#yB_^2sp- zHAGM8S0Ac7O2mzlG5*L#NjA>aXr);%3`)aml{?tZ1d&(omdu~a- zBSHoR;NeWX=<^son!oV@`8%N@?i7^6{x)I8y-7pZbxCWW9vXw9UTc%X_xcISuJpmJ zYD&%o!3);v-EGGcp}VA5dm6e8&4g7)Pi$UJ*p26vhO6gXCmHTI-xgcaO)`#XBmsM| zgE-^KDlSo_u#A2^(9B3;Q~;n3GSCWqfng_>f*u9w^>^zOa)|7wildcv%uh{oNxF;g zX?sNP+(5*O9;=PEBA{)%EY}` zZ$XKxka|zt6JpPx8e0=8P77ur5-AC3qu3|e;Zp&K)WL@3AA70Qp)?mE4ImeeeK*GR zN_$7jkOx5-GXzWiG`Mk%TB+=SA*O@l;?>}PrR3m~SfWdjuDG(dRc@QePAU2!mAaoT zTpuuc@DmP-_x+d=l`B$$&f#_Bj~lHpHZv7q`XRyMehn2 z(}8n+61yjx5&?yFH)SK*(sqe}!Huj|r}A>$HsUiupp{X`3vlwiqy5GCU1N{t&d1p3 zy?0~a+Zov^>-!Xx*XW=>7lwl;BjXaZ6lfNfte^5jlham&32JmP?vVqe8BM1#BvhFIOIo~r{#_Nh#k%+{WESz}x_bA37Tw;5we z2%}mDgh90IHCq`1#FU>)=qK=PenD06*q3f+buWPFG) zcgOdIg-u-0x1!keBDk#txDW>#Di%LG6%#}Xr=m1*yFoey4XknfRy?m&i1(}c1&P*{ zz4II0>3};J^Q}4%an?bM>76myQU5Jd~v(*}v5$}ku;Vr@j$EBO8`tH|ee)U63Im715X|8wc zTST&g1LyH?f;$btQ`GCQ1J?xdKlVqq_Jj1lOOW%~ z-N2vikVTaTw3@#JH*G`f8sL;;aX-c|!^0By+nnnGH5>Z*&;V{nIzkb??f5KjtvI8< z@|V(U2Q=4ITfCN|u(C>pi?WpWCRx?L}R^u#mD5+Ut|B`evW8v zHOtiwDFt6%)pL}Z4VJF!$-qv#flov#9^TK^nm_(PJ)!gvkM7W$_9|W_aJ7;$^xFwS zV58_I4O9Q|a~-GH)LPZ778TH@?v{ZVAvk`$kU2SP)q@zw>p$}8xg!orjZO;T8t3oc znvzaeY;h;2<`U>j(1U@)HN%7HeF3dK17OHn^6~imF4wtcg_&Y8jupl-;4yc9S-V(1 zzkj{ptR^T}M!#39`Tt!2Y8kX8=t^Qj&V+uwLsw`JwnA}$mPZwCc&==?7Ac&cu$gp? zhG4>K%c_9C`XE?62!MjXspz&14Zz=y0Qe`|$(p2+==zO*(s64c57d0e!;mbp^GK#_ zT-_PpHKyWdac}fER~x-}A~W-f56RbFqa0CzZxSKN${z20fgUYewSz0n&lg!%IUz+U zd7k3@#?W~HFKyj@k2Y+gM#6^f@Y<#tTKWN&L&-N40_k;MqO?GN0~(_LD^?EyaOcO? z9RkqbDDpgx=`GOqVcL8ucuR@*bO3~ooE7EfTC|qXEhcti^s3!~b)a=_A!|>K@6(nU zND~GW@T{cx{~$6-ARsW02T|kaq zl=7@bQxcR~>s{us>o}J4Bx*_r!MGE{CXa1q5{-@YAcZDDAhM-)bqlY~{o<>eTl=+2 z9FNXB>9>7<&3w6(f>-)E%JHgA}oKCO4hZtjlcYA1F_@}#LCEahoC0hM0RywY* zQS7RP=w>hak&IfEPixuiBCma@q#Zxhq=jKo03qt2z&QS?DX{gW5EJQj=&X{#xYX&m z1(t-}t~~cKa1V&1eE{TDNwf1rwsRd4St;q+t?>0vs@bGiG&}{$vf*ueZdHalko3g1L z?dUH(-a-*STPgI7yXqWnY3U4UovbE1g|}wSPP_F^2%K~6j`2++1by7{UU)=*q^Mo>G=>ZM7b`5??{GUo6^BAIPQA-qBkk*HsziuV*D;jaI)by!k#bZVL{imw^xp7BC=WHFU3X zQNmCXie@)fzM}R|Fq78j@4=_Tk_-5J8+SXCS`cz+la-yraUJ_0$zTXPR+i5~JHD-R zRk}-TXV{@+d@SL6b;%jN0YAb61!S=Dfde#iB<+d{i!TH9Eiyy_x^D;nGO)EwWkBOHS!KevO@~xA47SGI%PzV^f}ubOqX7d{tYRSWS(Gg} zxa?TPa**VD?N}@mVlzmYAay5+(xq~8{Z{=2c7Nnl@?+1XRs~Yxiyag8wmfofBc*q4)pw@% zDXeUv<08m*Wa`bQK$WIYSUxVNUU+dFT|H_jxmDJ!OQN}$QJkw zN9EcP!gy@F&OCGZ%Z&!Cqv@L&QtL)lvG9$A5ke8FyvOO1U|+{-kY zp%}49z#P6ed>P3lR;Pn?sZ}ZckJKlx9gt!jb0?en^&?Y73xo>kB&9KILGL-o)DiTU znt5==zDCi{?w01RkYggMHB};D^WM%S1vAN1!yCz{S~y}g^JH3esEpMO7Eq!kAWWQm zd^2W*rjNB#8yYu`Tskz>X?d1vxb0%&ghCva=}R0jQmRJpysA8LCHaEU=9?@^l@`WcRTZI4RUX?n9K2o8 zqpM?ZdC8JaE*$(PJhT0yG>>(;Z_}18;h6YaoR4;5nWS5|nUVNBG3gRV&c6QePp8B( za+@FDmYj*aBd@lIm4g&>3@bs6F~V9P9{L`DA26*3)shJ^mUBjfy^2AALxUR#Mk*q1 zSRU;*A^y#+>lTc2D@YEgHC+nMbHGnS;6r@S@imSw7mO>2BzjGWWz@5kI)4m^wQWcL z%6zXX!9PVFx@v~tjh0re_xAzY<_vzLer!?gkaVj|cm~@7HG*mJX$=?KDyiV_B`rqLyjL&nMqncV#i_B% zYsOwX%_G76E!if&AB-`Y`=X{cex?CXGM;bh?cym&^=W_L$uk9EQ9JL{$*dB)pJ~;x zk0LrcICXpdWekj_^g6P5SOnvqt5JqT0Nsw+sK_A15~iiAz+N}wY0^>C_UTKqkUwat zpL?6MRQ(NRH^0}qjW)h##xm*~J#Sp&b2dA{KXG)&Fs~XnJ1y=Hnt>CBcStlmO?NgT zD*3M^9S(VTThkh9Fghz59yy`04YH>X$JpXD4{*lW*5|*l%2`d?(y!^)_xU6$Y;!05 zj?B`NS6n`t`$?!2zwA)M-#Yu-W}k1vifcdf0bvK8&Sq|WtDV>^HbCx~+r2Ix)xi>R zPqm0{kl}rfda8Jr!FNYz4UF1=gB8yGB_TJDS&zk$JOK?x7k)68-AYMO`4K~%w8-A0 z1UHW5bK8R!y;8@w;eLF2&)yXV#I1#-oF6?ieVFu-Z%Lz#jXAW^sM~PzIPQk1?y*hr z-iWOmI31-E_*zU*;PtrhBJJ(lDG4k3dn`<)GKQb+b?hS7QgqC$qdJOvJR`Ld>7l?s zMawzUt!*%9oHyti_YBOCb0!frpq}ouuez^Km?`1Kr@M}3vf%0W*;u_VVy;~6y<3H! zdo^ZvJ`3QKAIuo1k@1lpVscB6<)}R{on6{J5Bd+nOy)WqEWvnNLk4mRBsP3cwzeJK zb?F$7S?%~oXX+&()Y9d;`$f(PpsAau35S^>$E#ab=s|^! z|K1Xi&H}lIc_qS3)K9cTH%Mk@GJ`|W9I&(UkjlEAFZv{1Eipo7jK&@|knJ;B#v0T*VC!x@@=pVRt%0>&CZOjV)q=U4(-gN%aJeEo`4MQ<=VsoS z&NbS=)m1LK8=KpBtwB8nFTA;X$AT-xDvglT(~dl^N#n~Odu=SaWVw!{1dP)sYM8Tu z=*Hz=!++-urn+Pac$XC7!C;T)GH|9lMhm7(Tqo-tWAA`9ot|L>=-hTU6EuOQgh{W`G_qt~% zu*kQ?@}@_$P?;T8UxMv1 z^Y*Mj1-$SaOHmT!Z*8iCUc14?{srb%TK#b@+wCqv_x{-}RgPQqj0P(XgJ^;|zDJo! zdhX0!Ax8S&Uc(g-C=j=!*S1C3U5FDyIxFO~jaS4wK5N~HY_%P^-Sd6s%aL5I*+ZfN9CsJ6l;AaabKTi7=utg8gW|~0u5WbZ<+kiVK$|Y0j=MK zH6~P3gBrH=%Hx}FX*Eta>mO(0pC8p7N>31(%`9*|RIoMz*Cg}O!OJiGU~Tv`E%Pr_ zkTFlA2R?56f*6J8SO`Mk9dM(=>_aS_z0kVfgn3px{BVv7`ee#c$4r23jET?LAXGCz z^Z`nt0L}95)3(c^6zrV$1zc?RGc3Mag?gxZe|p(+g4l$GujNJxX{dx`>L~@qV4>g; zI}ZU#L~#pr@dFSz)Tdi?MO;xgH_&$Q zg!oz16WJMRDAB4)*iRP;3{&2Ha*C+2a1<*`;56j=tM?ANL6HJ zesrANQ1t+H&LchoZfF*lK<}n6+AiZx&@36-t7RySvlpB?lXXp&uj+OtQ>TI#9>e!4 zKV%qKDk!wuT+XOZLp)~ZWj0}-ew4l(fVLqc@1T*YG~EaZks~Q zIk?kEQzOo;Rx_BG-nvs=jlr#X*=DtG-!hMl>HbybNjApcTq>Isu}Z|Ol}`OPr1c(c z1#XoztWe>&W+pdVe{L zO!$CfSLg@`5tSNU9782wEkZg%M~E2lTk{8n@DGl{(uX_uhK3WqdL70BzsVxtUGWQw zI5wVWdQeq$z-H!It{y{tJQ|B289M;D3 z3eH_?KQ^3081H;CFp3B~igtd`bPlT_+Ls*E*yD2OsY}cBDX0WjY_hu!NpC2Nclc2l=cHcPV;V47z-vEKdEz;NOmudTEx}?L9%hj0{(K1$ z22~2Yp+5eY$^q%A=J=~#S}Jm7v>RiWWO@>IG959YhOA&P#fBygA4}Y4BW91_S*^F3*1#X*kQYT`A{2l$;3}y92~qj zSCFBw?~p6fZ)8P zA0JG>+@;1;QHKzD=f{)1E04vn3mfJ{J!@)SQKN{Q-J}iwW!RFKgS8dkS?8TWc0s>! z$)uhs^R$SQl+5w0ECY!h1z3yJ4wJ9HD=A9c^PputMEJzZvI3jMd>le7GoVlD?A&?oZa?hjztQWL;|!$rF?}igK<)(l7!~3^I&0@1Bc8`GqWikR4lu~5 zR#134S$Gr|Z2KBPy2@viAj$WM4$a(>$k)e4qvQ+Bn=fAozm6sQwLp7O%TGF>WADH_EHA!kge5nW)%y_;ghu63p-%trwf3413s#{UE)3ePRR(H4G7qoj(H{=|{$pDL* zgLeLy*ZuK-45j#8D3T1W))^u!w`4?-xyrh8R37eKceFMilyEiV}Np2&5s?pVcNd3Z*Nl&PX;<>U~lhi zLrYaJexl~6N-(YhQxM9aq^8`C$@*wdO=aCe67Kx?`|q(=f?xC8DcuHG3S$?owt|&D z$XxUibUXMLHTESD0GCvq?D}_=kWQJQwQ%-rnY^5oIa-?>w==$#is@22ig-53fW;c%L>!KTlk@aCGgG1W_y6(INL+f%KV^(=C{1v`fhf((X1aMz{&r~5r zG_+6%ai8xA@3LI|E>;QY$IHitVsSgaB~Bh@`~}neiSx?(^(t_zyyYWI;DUzparTz- zY?07*otIPEr|0%PIvCV9l`&jYj8tv`JgFq9H{UgP9qN`ptP37*HkbzDL>LREJXB{Y zx9)sf`bKj;n#}OiyWVwfEdO>XsK<0pi=<}s!RLBZ3v)^mvQ#GePsW;Or6#;@{d(NI@Y~6b%#UPkQzXnk_S+#n!?khxdI}aj)SLDBWaa!#Z&NYd>p+O?;(C((8-{ zGp0H$${m&Egp>0iW(=0FV?hPR^p~cdEpCo%yLa#C+S+Xv5bxKd2tvNF`gQyQ_ZFNt}8%i7{V_bB;cSzvK{jx@& zBM?xEY*!4lv$zrKfyrwZw&YCPO?eUIy3%eodE&sxWAT}?@6F!(xz$8$S!>6hAr$i} zt(xwggF#zw>(#)|C3?FXF3XG;*@{$xoh+C-@)2$ zd%#ZOj9aK^V_jribl|7t-;(&p#LGql)liCJt*39%2mUyI>o-^NUS-V7ISHSq@l}c| z*I=0#XSDfL+9>DmkUzjyeRh!utgUNik8)$Xf^jh8rdnwl6E;ywtZ67~gyXCOE;V)8 zHPkq^nny+HdovJQwU>)T(PY{(f!fsyB$1dL+igUOVvNSA+WjnppC1!Y7PqK;&v;Eg zUbZ&Sw@)`Bu!s2Radn_Atr!9#^!l)eJ-)7~uS~BHC9r~xoL3f*N`dmqQgIBk{Z=y^3+oBF% zhr`5=El!cl1>m#jjT-fVsWPoxz8rNl-_dv;0y)~^q&)sOXBkrOIq29^aF57Z@ zNM-H8mxV@-fO);IsCJLFE)Akd5yz}(i>=%3CRz!WIk1dqyNQf|0v%S!LbR6@=*{9X ztd+z1E(pSOvWC?g`=oZYF^Y56bpqZCD>mtNH9cjvhrPu^98OM9mD%M@!u6B|3t0@k z_PQ&!wHxz!^Ebn4haGWoSqMb>?Pz_vH-LfBNrXNcyD;oP?XKx)*c*cSO_~4zo4gi1 zHPDW#-zPFN2fI()nN-O}`CDfX=Gq~iFKez&@bt1DBW-R-at@JCYiDw+YVT>5wnT%a z_p@y|teW{-eFR#4ltc9_GTid(X2u_Bv)@S@eSs`<$|&hV^^8HKeCelRd+ZHd<{_zN zy?j*W{XGb5;rq;^OzmX>yx+}bJrtkIz@z^C%EpTpm>=+{)YPvAXQCR~s;GJ1#WKXv zw3xy|BM9Zv5sM}Z8!D1I=e6;Zm`X|JbP0A@9hZ>?ZS=apKK&eTYE4qqZJNOVCk)$t zHO^yZDM$agFq8OTLKqaW7j>(}M%OWUeX(OMgtzLvAl;j24=-#J1?^xLFuDwT>5RPV zvIIUJqWw_SBfLEnx;|agWwCNMPDj4etroz*l#^SlXR;F7uVX_NQcW^^2tX>F{c+WN z{i_siH=)YLxza%(dYACsmSPVJ6WDakq2D1))_LH&7%SGmBA5@LAl~0T>Um+Z#c;vY zZc0_mCc-^0_ednY-A!peiphAq;tXu7h>b6VyM*-DF)qx zERBAGPkDK#!DwTjDDj80-v@8+cZwveT3G^0k5x0e*tronMe8DV*x0-{14gvsX}yiI zDu!EgzUDASn`PM}(?P&GVf&unnM6q*ZU!m1z;C4MbHr9FZ4Gdg90Txx2lYe!dw2tB z1VU1YZ@bkP?RsbFV$V@1rC9v{Tl0&i4xd%VxXN?Sr_Byg!JcwL_qGQgV_Gw(uS$#t zyPB{~!SBZT{R-Zu@w{@{!scV%(hH6TI;f8?3!mO9_UP&|P20bBwl6_(%q5q}t~%>x z!JW*b7zhukw%!KKCx#yDJxz>I(1fNWKemy)AJ%sueVWFml11PrWAN%_bGP@*ZDcZ5H3S8VspmCRNUa#)a>1s5^ikudJ_$A5Pu! zTRf8qsq*Rfhbu)bFpw9GhVnkb1Z^xGQ=m8e<`QqG_$q`QVK=4-AN?R){pN)E0^_mg znt2xepr_l|>t~63z%NLqPtT>TXM7hE@Q14XhKz4v?CjC(5w6Y))C9IhPJl|Uit}T6S>n_$O>)r}z@TiYa^MQ9trf+~+%R`i5G#)empHYQxz;l6I(n}*5MH^UrRHMw zx7SSOc)v_!Ffke!2B)Xna*X2i^r7+)Nc5S+6povv%l9O0=3|eUY&a0ABTrkCv zob&8OX!4Z=9+_`>z%vbN>A+G1)lwkV%pclfJf{>PC!z0He`XW~RFl`iY2lFNI{@~$ z5t@6uLtUv=A8cLKu*WA$_*RvhA;-+7l|%I0`^vfywn9qy-iuS73$Mlc=*Z&7P$&0p zxRaxlz6`AQk9TqDL=0svFv8-(Y^g2Qwx(Z-fh=MjC49$#_U@c5ZvX?N^AG8C=`XS_ z&f>;qAo*AR@b0WdHgM#ggu3fb?J0klpZUg{*vnRjb~O_S@eK>{rn92Xb;CNwKp(0( zT?%TbJ6yDFUoB3K%~mSA^Pf9;@fJd4O=(5XVyx%^I2kJLfOki1G}Jl0w2deF*h zKw~~vUgcP61h4tiP37MW7M+>KI-H{KTkv+K zJ4fcn(uy%0hwfwhT*a^z`9A(|vq%)6!ysr)(A^oYZZ(n_I4lJFU8CR$SNba7cLcq=}kHQ1kjdZ4`15on52iJ^jeNvqA)?8mrr}-CY;DML^({QM(rD z&aZKVT2Uz*HGIcI%8FPQs2paKr6SiKb|WW*e*)0alF@6GqKL=(cyXN>8T?&1lP%f4 zA4aogfP6k=?h2sjETlig;yBtY*~on3Yq@QD7Oz^R%TDx%f*C&5Gf2+fd)<`(UHJHh z&@f;mlO~=Nas&N6X56OM>%IPjJ2yf4ek62@M+RxEVKm3iamsxL>z^ov{@>uI4Be%Z z&_4mv*=~@Hx~}C1ayz*|G~#44X-2hEhLXdg5ehJ4)O^$Ai&b}@Fy|<;jUF@s7gHye zwBBhg`fw1>&Y7!%7f5R^l$SATCXW6hvLfl)+R+w_|v2(sBt32QR!r-dHeb6eG&VRSVDF(Q6CURrD6(LX=pjuPwss zLt2pZNpG7k;$af9ax*SdtC)5Bc?x~8W=wK1{OvQLU!1voym248ZD?@%RC3If1XJ9) z989CVa<&(}-Rs#>v-v}0exJ-yq1&?zkH5(?*hp1m4coGP8gD_iLLm~ckuPLAz7CVz zF1&sh=gz(9kxhN-20=A2RgCar=Sv8=x*Q@D4EeX0qBmcqf!DaN&sBv^EF%9cB&=Yc7q`C$;@5Zc03OOnH~mia&vyM!INX& zv?ykIKnl<4@(x2z0cy8{QCAC(Bj>7?bRCmV&3Z?mwU;j1a%cU5!BnI%(N8R;4tm|| zp@~GKrRh|{3fS#W7s$rbZ+f090AP2OP|9iBRy;u>Bkx*nYhTu!1={iw0sFhL)*iLn z-L?Vwd4h|rW+L$IC)NWtkurnsGJnQBsUtXEM4W4%48yl(qkEyT*o$h6o;FOScrxdG z3eg)$$6Fm42)rmZoLDHSoO5SF&be*U-7o6C)5uy@OfzMS5a^QQ=f1s@ zPFc1N`=i?VIeIwLJ#Si#A!oYtx|2N4)d)s39R^E$t-vMU$gAkul+KFC9R^yF;I6fo z8KZ!Mkf%+RbnmiD$m!wH3F!NBLd+!gRE$-Y@$ns%I}vhUzV=D|&GGie zanH%29v!Fi5m(JIvHy~t;g9tv5cziZ8wsIltA6WS*0O4m#}+OwQ_}IzpQW|H4aByh zF3PdkHm7S~3b7@+80H7s`O^pYySUe7K^W(3Al+)!+V%LI_gsShOT>Mhq;bZ>C@a+U4l!2r{SJ49c9nd9%7VSm77B` z&L4|itgXDgLx78D=$XBKjNz%mTKWsVMNzfc?~BbiFhe)U&e?mo)`sebv`ut73?q+8!6Y=4$3l~|9J+2Hli2sk3r>DUl+OHRPDNP@`dsmr@wT8CSA6dEK zE6^HzhZF7ksry`io4iDqKz;cYa*XYPkaUd)FH)=8)zP_MV`aOX=J-y+Cx~+MIoK;y zOXkPaDOz2&_E*aI5K0)I`(^Q#+R|POJkRVg$)9j}mD*q~KBEUCpoeE4oU`~otvKV+ z`R{o2GpkX9T$Jd~k-Mfo!^(+CRJ4UuP;8KDZS&&$$I{7-G;E#_B&UZhg-*uDenPQ` zDOQZ~L1VP0`vVOlD0{=mTTh3o8Nv_l7Zx{W)D<9LRsHLlJed6V13U zj<93vdH0RYy2ju*m$$_aJ8I!peigWXor<4!{b=_?93g(_YvWn*Bolq;;0-gx;W6^E zZRQQbxM=~)0)aw#AfMW~Ah<+pRYW*Y=HXkP(_L2T9A`vwweto|BfFK8L6qyNwaq1O zo=}yofefrb&^r-JptNbz*Ir;d){@@hVI@yla$|02m(@9-F!uw)#CC_iuw=|FXuye! zBryM}D84r{7B@RD>|>+pR)`ziN|7#^p$BEa0)3n5vMPRup{V&&R||TQW+PO!H?%V5 z{0)egGFB@@Ru2TXr5Y0taH^^TR>WQ<1UCINha~Y*#5%9Ss1Ly+Bi-x#byR3oS=2lV z8KtIUmJ3A$gR6c#R@h4KL&fq<3y^m61ry~J1&lG&{=h(uvf^6gLyw(su~?TB-u+r!RXvX10eV|4AZE>96JsN702$N9E(*U?1Cv;Q$sR3u3_ z4n9&>33GcDjm}|Aoc&9tck2=cw^MkGpkZ!h2hm$GJYTRQooCZkAhloghW^Sd^K4uJ z+G`6QjCz0rY8(s>U@{C2Oco$&=_r&CjaVly#tACNPIzi~j|qIHQ8r46>Cr;rc5?EW z(l)nUsb8|XZl9{ZtAiRIWU;^quhc$t!Ekg9OMKE=03o5SmdSPt&DuI`h%{CVI(YcB zrii*{l!P93==b8G>C~cezBut~a*Hx_1)47to=OX5`Y)0aIP<$fXTGm8-;RBoPTBm^ zg^GNm;MjwB=f&SCC?~w4O0=jEw*J9#2!tAyxr#KBfk1j_hSW``{n|aj zD3o(;jDmU7FXa2dS=)u7ORe&Zkii^RH>ER43dN0P7h=lwbir^V5wPkahmPCSf9a$_c+F<>Dcd_~LZhi~`~Pn8B^ zLU@vWgYcO!9o_z|VmN7JC_FkJVGAITcs{xG9OA=KB{n5zEvf_X;+ zyh~il0XFB?ROH%FJ*)_DarSkT6-N|S485seZG!h@E;_LoOV|)IP3&zD`xJ2F5 z9Et3zKYc=8Dwgpt#j9}oOd0@Fo-+FYSgrOCBENMiLJ28dfxw_TkiC974ULDL5(P|o zkMZ_i;jdx#r|fT*JZQ-y-nD(Zs@uu#bI4eFWHTijpt`^?x~UJfLB%3G9bhC2$ep51 zn>Bk0#rnHaJWg6YP~b^;Tj(@E@y>gQD$cufQnUh$=}TaDOxP(X@wjh9@f2ZVnxYW~4sTvZaZ_-i?W8Aeu;;Cb~^^;FCPzN(!y zu5yk+@mjmQXjy-0!19XCVu@3Twg1a_(=Qm8qM|gm(a{oi3ZU?Zr9KLktFMo0Z7ad- ziJM0_V;r?>sN(<&(pXUz{&5R@?siKew+%g8FB39709mn1!U8n+H=S)wMe>GW)$L2E znhSY44tkCHk1OM=^39{J7XYJ-?Stz)3677^7bK&^MAycAOfDCEuexuWutq+4#g2U)0%(rlQReHwS7 zF}&0SgDrT+f3YYvkj;>JqgmzyM>D`}eMlIf{4peil^L53g~Iv zj-}e_IEh9rNo;hq#I*o;?#bhmDa@CFKD-Ig9$d-^GuXP$GB2EuIEGE1ysm((pGvfz z%yLRY>^w`uh%5LB7YC~BN_l2=D@xYqee5AuWuW50+aYTqe7@6VSmC-56X7=I-BeNb zP8U0FFIn5mUjfoX&09$e9N5k>B$|&Xcd@>&2GXRwT!z>dbnX<=Mj zgbP=Fj8+Tt19M0(ksdS8$?$4}%`Ag+sb$rPlgmtWIqBRGiAL z+t|7maB=29lyo|J?S~`22zIBL6#bVT@1bQ9O&BHfu4(uJXTF#_dz)#l=Rt)t>|q+*mq|XbsL*aY^lTvdP>_}iSgKVQ zi|KvNn*efE7t>STF~yQN4dp)fW!2_uJd5`#&n`7QFkhwQFx@6#5Z!Ovia$DhLE**` zQ0f-eg6xN+|S$AxJyvWvH(k0zrr|?GLklcPG+6k_j5URU*|IHKQ%kuTzJ`z zLu{4a{jS^q9mw6<>CAt3XpmzbGBe1|20FtniVWP*7mddc2b)DIfYVJ>FPTc7DEJ-~ z)h}YyE$*-wY;}I_9xKIDTS+5VD)`3EfjtDD=j~Mo)DS%HbZ0u0DX~o3cmBTW(@*5i zV1i5>P@`+GK+L!?_6>SG@mhq;;XGv5^SH;y8g?bM2kYM4G6K2#(bmamcB=mIY0G16 zBwAeI$3QirD+N?m;W2#gb6stlQF`~4C}=$k+M+5U3yiV+$J^qgaR^Q%%w1VXkw@T{ zNppy8PrXNj8(kR4t{FD=SwcBTox;_`C<__M%hsqi%T&*d`_$D!&Z2$WzsJ9RKUQnk>p0he6DwqB z%a%mI0FdyArHu6ygU-xJSLcK7A0_eDd<3FHjg81!4lQo#MR10sbC0@ntSA<(=NK;t z5r0?smd;M%=AfC*(Y+jEJ~@6J(C5aKhSa{KG&;ratL3K}O+^jesvPK6?(r*fzOU+( z4{bBZ4g3)iWFM9sKOus;`Mp|Zs7e#Bg0(rE0C_|Ws%c(lT=Uh--jOW|@GX^|Tk8(~ z)bi=5esfm@+VUk2=6bYeAO7?CD3@uG@p>i;rqm%ki>zLI7))-=$T$6Zf=7`v_%Z&C z#b{&S=PVe>Q0x8TaVZ(ty;QLW#*F>%c$tVJa8P89r{BWGCZzNAdIH98-&&VN7p*gJ zm9tLYxMVm$wtQBUEvkIph5=?A72I^7MI#>K(Uj@ph?WZ)MqMp0YhMgI0Y5zW(ZQy1%=Z@od=bvw1Akpc7qAUkR90ohno$7BCTi3 zh%KEwc>dHh*7e~NINC<9YpNNEq_0J-pLB-3mKZkqJuR5ht1E1fxFVqzD$DjqQ2OSt zc!BFH_Q(6sen~CC`m5|$ZAC+Saqck;J;7>XN+DPQ9=6+7Y+M|Q9J}~HS`UM-Dho&? z;abcm&KReY*VDH<9ki>L_5@lJl_iM9x5j?{vb!D7P0CL-7`&^oaFjLAC3tr5f0rQ( zM2*|?vMvcC&8fL^Wskn*!cuJ03m$M_(+=*U#?sSAM_&3F`?d5omSf^+p zgu;bs94RuSRiqWKfa|(y3O9N$)X2!}2wq}T;uL0(&m>m?RggDO!ycQo*c?WNGF9Pc z*RCUX+Yo*N546aeZS!N>H(yDRW*i~<_xB3B`hb%v=Wo6YyUeaY)~l*^1lBKd7aMf% zW$N+cK8)u{x-hLd_1p>xv^>?U$1KdW=P$pcp81dp+>NRK zR$J~DByI~H6{KLHwj6RUG+-WqTTc{yjn!S_O z3Ok8|I25}g{_^pdzF>xIu)<&)3lEb9J&48!Tu8B$OD-`m^w8b0_W{m2R}3f9yHF=V zH3-Ndc?uxERJaQ&V>6@)lb;&qm?U@S=$! zbBBJ8@y4s?73@+9`}=+WaedTEjmMmVpAB@ew& z!vJ`?>51Ar1Fg#ywMZ5jUkk&G$7Wbr$}0v0hQARf7EeU` zl(n9fbbUO5xf99king^<&0@{%T<3Xkrz`B7su(B|Syg2p`Z1z@ewDjVbC2Hj&f0-x zqq$rz?rdMH?lQQ!xoPa`C5xDcYHVLgiw?4PeR)811&W)SU#|wx$ydH z7}Clot$qpf4viDp&W_X#AQ9rb`%&AGReiNetw$EoaykQ;&-ec`HT0^i6z@&yWo+J$9GCGkYDMmG1xVu zuOU|g37RAdb6us4Yg04UX)dugM=k$bSs{q)RqR%62O9?7QH65K3B9e8o}-6{d7U?C zeTb4(xhd{GpMu!ulx549oci;~f|;{fq;|`^#+qmK8|J4-D8E;p^Zikh0POzR)=8w5 z*$_0-h~a~P)+38}80jdXBpZ)g!-+y4#E&uW8;Ugs)c(`?EP3zu7iOFUdc-Ef`cH$U zM*5m+lg?79U8ib@Sh!#KpA;xV6ePN_6xzPe6?*P)3X0obw@TYX#O;iT5G<8JJu&@n zObit@T(^iy?~y#>eg9JnAbdEl(H0kadwosdVJ%XI)ss|j(YQ(EuHe#^%#dPKD|=!K z^g2!%>)%t4Juebn5}VEGI0?Slv8oyNz{IRL=_n^`<`EL0y(~GlUz`*G;GK5(!$O~^ z!vvtf5f9rsIdQke)(MVeg+SW}FbO6-i>z>e(sVme9mvN&IkzJ756{m4pFX958U6af zlcQSzqy5k>&UQFnE=7|;vQ_7vmC-6T!4*lo z7zixxp&+g&1G|*;&Ob!Yj~! zXW918xFAC`r;Rd2;P$pv9>lw@uk3;#{vKO*r!y zM|l|MIEoqYK180XX1&tqO*uH?W1_Tpk)a8gg^37yI&g!Qk2a9e=g+4UnVGW>Oo3c~ z#)+;991heMg=cLrHG13?8R0>IH~-ihlp!u0?}ZD#u|{=fayIwj_QHR-ya{GA+}LkR zmLCz9tJXp;5h8fOwD=hJ=eMhU$?_|5oc}_Ud}&5*&+1}jbDKhFx&TH-`C3q8R;On5 zPn?|#M#5YADg@z-ci=V~t$2fha~FJ=_m=GR)nS~I98?p~ zkP|9%$It08s*YU~kGQws)^9XoIgXo_lw}K(+A}8}*Mex`_KSp9dd=w{*4Xpp-PvPP z2|s3Bgxa&ZT6?wp>>~2NiMBDrwzo(lCMx8B=v(VH$oCKYwn20n4%=})@>Ig4L=liR zpr2S3xM<75bVLftB(okAiPSmER>x%n^p^#C%)p4rw47A%McH^WiLy9kQOk z@=9)_HEjqBGO!6n-J2Z6uYYCcJvBz?lLmWOWyIYF+$S1@69v+Q-ZT`R0qiv?()K7+ zu17gNoY+*Q#U{@JN$FmJrdu!v-zrKR3lXra7@_Z(d9DB%qg?9R8)biRaH(#f5h53` zFve!>KPb5X4{b`A+p^vD%LJYg_pEad+B z9`tTpBM9j{=+|qUuftX@*2%o#=(-?rA;?N`6F$IqK58ceHfxNuG`SR~ooRA?$XMWE zBiCXl#4PRXb|@_FO(`A!!d^Dtn!2^TD$jZfgW)DsrD~OezQWok&s*`uMIp{ur~Dne zy-w5B*;}`1+G)nU4zMLHq^Tn2;%eX-^fDDDJgugFq3?sVm=>@a{b(?`;kK>|@e8}v z^t#it56@oNhM;3^nLnsgX;Kia*|lJIyI z(Lxb2Co&nu^Ni~_;;z2kPtRclT~T_B>1QPH2_iRzq*Ui;Cosl%D;Eqnu%$O+4;S)N z52)=KaLk)N;9@y>0c|$(%(oZd%0&&HfFb#b?nkjF|Aog zRgT@G9HpYWQoNO3uXNVt^lI}1$hN4I$d<7`4lJ(yX@nWOJY)XLt!QtiVX{;HoEr!s zEknQ3FhB)sxz5n#qrlDA7U)$Zy^=M>_U!gL*e2Pv{n#5KrTPy$@JQx_%gzpN0UBn# zHQ5$^{wj(Xa4QE!XaO#Gc9^Q4S@SWvVht8gohU+<`z!t^XM2eQ)Mw|USDSs-(Z+wa zIbD{YDn1hP)?fyGfcS~qLI2Ef<$)SgGzj@27Auz}f7bO{m|XS#x@`VX)_mv<8poCC zF*0iPfab3EeBt{d$8co&Nn5p{i$XrAuq04NNb^ygSZ^N> zQ;tLecl(z@9Vo9^G|BLyQ-K6<9iyu6`hNJ1Q_mMflo2 z6juGoP#^={#gU>hV3u;lP@D9}D$GN!^9^ZrY_3kW!MK&oyc8Ha70eEJy@+zbryKes zn3rG~bm^G@+S5-Z7mg4^fh{#8ZTl0SaxqbhCa=i8%BMA&_>L)ljpQp+GT-ygud;QlHxqR)w~_sS zdFWa-0^7cyI&to_oDCTgzno|1;0hp@MK5}#6knnNIbNSJp6*H| zOB=UC#TS=?_+XZ0e&iiVInlT->T*7H-NHUlB+#ZFHAK}SO*V`ZU|h9Qj2Q1$KhG*> zB4#vkgVb2_VaQhC0^HpOW=^?ru)yar>gE!jz9R~7&R+3f7k)LK{{VlQ)_Uo)$5YOJ ztoocxA2x$zk59Tp$N&NbQuMz|FJ zP7pEUGw17QM1(_2o?12gp2)Jr?UKxk(tg&kKRgQGtqJ~!s~}eNl1+A@#WpCDJctJ! zsU2g?g2%LAI0VhBc6S{a=>2tXKvb|_K{4&;G5b%yC!Ca+^)6e;l}6KBvlxKYqsY_( zkAlOD;s9Rt6bB)7!qIKl;~6W$^0jfUxM&BSE+ddjFTq;@M|q!Y`CPw~H_W(1JJJ)- ztLqzq%u5R2MsxGoaUwK}=5MEtmY{lPu4LCw~^IszU(}@*rtGV$7sQ*x~3# zMQqz#D`FitWSe8BFC?!A#4IAj0w*cblmClhLn>*cWGoo_c`4S^S9w7vL(P}ntw#`< zRfgQm&}o4FV5eGB=u8u0v5kQcl9UcNM<4P4BXNbtX6oFFki&oHXD|CPu8;5uceLzXUZ z!IXx<|0F+U_e1Co;0p|~#sA4w3bLnyWc&Z=0_9FIX;()%=au~(G#w{6s=_*h8bSbB($9J^I6mzBiwi+(f5)#_98Tk}i~}d= z#6_)UwLwXhzlmVdWD9V}=hdD<2!onl+=}4C8LRF)Z~DL8u~ivDLfj>wfKX+x|6$3g zLAZr^Tmr`i684sfTHP~bDhmIHb{!Fh19rrIwa{a)&K~Z)-Vi@pN>Wz zqUy1TEGYc9eIT4Hqt<~(wSpu_UcP*&fee!ayT9bl_Gd_?_!G_T7?E2rD*utOJ~4+R z52+Wqz#GbA>C{IE)qln^kN58@X$Upj;};MjG(^{*rYE!#FxAIoXv&K6Pv&W$%Mf(P zhZL2>z}Dhgr#|a4F@9OtT<1qZwb@!5ww+uZxYKPzhM}UT*>$tv*-aI`*ET?I~O8F6=XosF*XEziUS;r z{~z|=f+?|F)O z{E7m-R(LK2bcVexDcd)VfY;%MIVoScHj5qgxu!P6punNz`Rbg3>|2yAatO{v6J?nlhVRzZg+WL z763g-VFY$k2fyH33SxJgrQh~IA0(F#d^X0i5rsODr3wF&1vqUf{UW&;$`<=y$T~y{ z(#(=MehYZ3`#fU@&svj-Yc0?mtw!mqrhB|chx|VOZYkySW*+zmj%hG(Q>fb|TxhtZ zo3b26R`G`-h<|hiKg|;z1yAu){2w!vfB$X*?bWo@=W~VDr2bynf8YPcf&Ke$|9K<~sx>W!#jO5U(F(wF zeTOP;ly`JgO8=|UMKV4@ElSw!PRT!v{2zla0RO9CPtZR%=U*Pc?+;m^{jPN%Nm~Bz z(053o`kuR>Jod}~5{2g73k@#Wwz7YBzWry=f5;#bff5Xl6(0@d+rK{{|M{zrx7YpR z&m8_S9e?i78HAdNjLy%W|1ZV(zj`ebBYrEtKji%9ZjS~fnCOeDWYPbnSRXoeg7a~W z|2uS)Uv}sJG3z&P{vWgcUPb>uSXrctf~HEJx4*R~xAM7t-86F>Ig4{#Un2u^eJ~MD zsz%PaFdcqw3HRIV|F!s_?ft#4TnI)t4^L(b4x6~l`5T;{R(Lwd}1;+1~mQ z(tq%N$Q}o(Ll%|NSQ{DuyG)Qyk83dY+t}!Tz5x2wx0qi^k~|Erk_;OIf4zWqDEWu= zm%T~V;0l(M5*M1^4#GcPVfX7<)@(4Zj_>cMgMV0ibNs?$lF+B&Nco?$dV>r9n*kb`d}pn zz93_({T2fxqBJh*5zN%f}H%R_}hIv8#JS}^OuSR+s1FDT13~^G}$7`4uk*GGzM+b=< zaI5`~onjID=3#bKV#pOE(8wH9@}&>m87lfVph|#u`^PUPWBHhl#QJc7F%s{`8IQ_H zq~}2H<9A|bjux2)?-xU`Vd544A$H#38G&a@&#VBa&FEftx~vTF|1hfFjx^TmYnhI6SraOO-|p5N+U>J0w z6AxS@&M^~H9|Y$yP10qleq=~_&(t?_zncbJJ{;qtdL^%qxuF2UBKysmYEiEC_xN&*z_ z$b~V0>D{PFp@QavCY!0(VnVIT2Y?$Q%r50Y)_FA+jOCQw2Hy)oXDryc5KISHWrR9+ zyO&3!83@!WMu#)Rnig%4u5(9xpHr(Y5@XkY2^1HUE>NnX@-%JSmoG9ozUlDwQ?-4_ z{xYLKJzogzK7EX=c!6eaZ1xfott{|CrJSw-j~TYZmEOpcB#CYwss73MzJ*MsIwBm) z98h5rl7f_%RIu>}#rBWPeho(`u;LZ_x=p4kA$tByO<@?-dmYWBEi|{s3zSf~I2Wph zPHtsSduAW~-1|a>9c7lHuP^1Q#lo~#R+D~~3ZaHYbN;@?eBROE^VO(k$0N@0K`SwH z(-7qW7vCM!PyWZ!Fp7b$^SPYDa%{h6q5~0v)$E*2Q*4NM1(j9989SLDe^5(@RX{nUO>nj)e_(Dkk350mA9DE1 zKb+)jxI^GdZYLXF;;ZJ+f7<^#--^0Aj#yunob9(*`3_L_dgfhD5zffsY>eBpqrO)) z5Nq12Gv}-^V@1a&d61`@z`FD$$KbzVN1**bLPz!m17kjziGCS3jEPtt=kmR+{(y6G z6M)2%;qaiR;jwsJZPA@Bu-Bzgc(%)JM{=ngxvn&`e8_MZwd}Yq=-RS;ZLhV_^78l5 z3V%;ch6{ATq!?2rSO~3rFtYL@Vb0)hdaEB;!Q(RensOY~T*EwlV_a|qxBlq?96#?} z?BaHH-#x{*;<+8nw-4qs7+Y)`e0M~(sQhjapn%%UWG76c z^$*vo$@e-H@H6x>X@z=)FM|fw%okHKsc!v4IGn$ySfqSF)#5gx$+R|Ogk7YSsW51> z&vvRk<=5(;v!a&-ACpb9Pd5L-TPQKEkx=#$(_P4pFpXt;FdA7s!Knum0AbT= z4m_Tz$34BQs@I2OU`U%^fc17>m!H2%PpXb8m?(7BCfndEuU&5O!1uYpJ-g0FTY7q7 zRG2cesmW+P_bB2n~9|#KRG9*Ep?)5wDMElut()Y zd^Ker=|lO7YK6JAn1Zc_zkN&Gm{_HV-lP1~!mr=|J{b7{fv zR?dmhp_G`LTQ^XQqRA$zZ|o}faHhikwg7gKT72-|7AF=OiqKd6)FQxee#usaQmhw{A$2&; zqqkFiwZleQrt&whp&qFGFV#adR;m&|9(~j z(rK9H37(ZVYBMfzVmP8Q(c`nv^(HZic=RIUIbMRHAI7jJ@SXm5bny#*|L*mC_%qSg zCyvNUtIzXvY;~H>Y|Irr(39w#u)jrpnZxIc3U3N;`gjz8?AugTPtSlF?{8RP=-uN` z(UZ`li{nHP;H``64M46gX)HJy$q5gQT&6ZlEQFruElw8<0+OX{>@yR?9 zXhX?&C_9U35wVL+&j@^PEAc&CIy^G!su7~xVLK3+!=E3M-1f>AX zKQANLx3(h%)*AU3&RArP$3iBK!DOFqM$r+^UP{8pHGbwoI7Ah}-okZ{!9FOlHtlb8 zbb2O6F?j`_A0j|HDgF)ipBE6(-kq-CQnfx1RzwPp7b!|(LL#$4 zf#Zqfu4m9A1WB_AzrexmAyMSkz&HuW=$ID7iI+K&fB8M?`w3c7U`;*u&}yOM2NjkW z8?Gl(o znAu_3#hVd*NqO<%5sLhgF7e;NkwzlOZ@iqCe*LY1CvbwZxRa$l15<=h)`bc~$m7|u zS*;PbBPkz&yxd@@j|zx-jH1}~`5-)Jm584%$u#%8iQ{f3PyRM;(i^fs#~`M8z!SSU zV~oCn#&u^fmrB64Img2BHY^CoJb}bDd>G<`di%j{tR5h4&=K#gV!FweDty zag?OASoAjtQ(4VZp;|~Ai($+7Y2aFnpX(}{R!pASTGxf4QrrTg$6mlt34#Ss>Fkme ztYpz(PJQEWb=^e)~eJ6oysmp z!Zj&QR^#!`<{QVP3A~(dD5CM>Od2By{>$rO#FNW%P8`d_uQ1nw)p7ogpDSsHSuwO1 zP7Be`C_o@CtYVWgiWcX#uPqjwpyNig`TL)VltDf?PRx?XBY|R|BxLEz0c*;_&&59E zk0X}m5tQ9SjSp)xYWxewPq4v7lACFwj6?M2kGo3V068PmBiDw51h4-00RE^w*?u!i zer!+bzora2adJ?>a}|o{bMf4+4FfThi5!U+=P|9sx{uyMk1`a5-&I409ns~dJka?bTL%@jp_u_x_RbhM;y~) zSU;v&-CvG?m-thPItMw2!r>y_`PJR=;rA)~*Q)Cx0f zJro_9LDU+>0A9$F-@o61xEb8)&a!?w$6VDjs$%BSX<4yq+Y{;Rf&s9pl2m}{4>HW6 zoVYj|*Xz=B!kX!)E6Lv%NZBh*>7^o{llJHvD}5ioXjn2==2nmd*E$>g~!@D z&3E*BYojmPO3+wdB$>|b)|}+O45^&yZwb+{d1nnza}_TIp9*Wky|8;>p1I0I?NEMd z*AuC@S$tTv8HTJQX(^hyS+VzAHbS;`VT|Y>vm64o1RkeFu;YnK-ZYg$U2oAn!FX(B zoI-g#Q89pIn#ffrTRjWw+mNM55Bc}P( zC3a;DihX}*le>qp9&%Y6eJ7I7w73zgJRBE2DZ&B6NPH7^>$d|iXodyG=W_4GXk?5V z$)2)H()SN3KPHTm3B9=*7=e%J?iCL+$_Jk)Q6mFsv>89HUOFUeu&%uPuO7lUQGmIW zo8aT(KzVsbS^@^mFu3+QNRUU%J5@w*%A+=wxfKZ4NmHvfV@^h@-hi#=ONq{@p6;ktTatf;LPfOVjDA z0}j=t%6&x7bMJ;TO?%%EYbcO5rIswi1&Apaz5Q79xH$PK6i^zE|G5XC$F-5|*3%y; zfk2ZQ(Jg{aHbNa}8xw(X^Y#3?vh-`p=8kKx(O^uBRdn^+3AXWo`fx@V|T13O)+c_G4Ra8v{MJff|sOUF%j4dC^$Rs=>Dfge@#m)}d zK3XhhG9t6Rv1I3^<9*kl^f0$p#FW(H6ht?m7P#(68rviwSv;hmH*ECbm}o}kQ$7j{ zhAWjAb>h{&`TA%y9c__Wnm9uf&+^#^A}?%^m_|}StXSX-qgA=t`k*7xq>$gh{zBcG z!)RVZPUj9~qvk|KE6&~X>Iw>TF|Bzh}t*II2d(+8OsKSuddlYpq15x`nIQi!w|5t3RHCvT%jgExRIm4 z40CN%8MA3ERpzaW2$hYd1THRWY0@v7)5pA{A;0(#YV4Yhs~^s)RHO(3aJivQ-Dm;(NBg-&#)C7W}i1W^u>C8*JTK(cgJLHsBSnZKKtUkp;}! z^wRK*wQ?G+(7e`ARwQ$Y^RH|$p^*g8GX+fWQftZXIFzFYADR|aUwL3vilodL`pQL} z!xI7yKCj-6_F9EjB>M;LbDX~qL0*Ndm%5yFpE()0)}7j(wqxcRYv!q4$Ah)i&lT1+ z=?Ufz>m44M9ldHEZx*K7`pY*SOPuQK4e_)E?yb&IRUvJ|Od{G8NMF8}4udIm$g6o_ zpYj$juH0DrgTUMrSGvrij3)xUOmiC=-YMZ%bI9d-=`9l`UO6M4J-MVG zk$&>{{CESm+cGF?@$91L`ZYAC)R%Rx6WKC&1GSKfmV}<+VnR(N+t)o;%+~xoHEUX3 z`uid4>xsX-Y|`0ZUMv{vI_mZ@*uSJEQ@*h#HPRXi?qWq0Me3!N$Y?k{I+l)5c5IQ2 zk&BxY{!{^M=M+SkUSEwmgkiMQRVrD4)73mGU|?u&jgXOymIn4IffJQz%ghB_5*~bJ zF8ogTba;muG%MxITV`g0>Sn7MEf4Hr_NXAP5Ucog`G{l1u zVC@fCVZ(H_%hvm6W4p_}n$-B}^U8`5*>Q!qZTcPOOz<_|7i;h-;oS@mX+DV;l>$&u zr+3~gvyC8~Jmwv5Zq|^51Vp=;?W4gjmJ50Yl;4w?xRvqjWXxv+`sRv|R0A%y-hhwc2N<;Q z*`tTNLr6r_-e!qIHj7!C!QKcIy>E_hc~xptrs^$Bire}qy3T2N_q$H3zx+HW2r&c{ z)~L`D!#FLPE*>^TI;mg}P}4}1Bonpsy9a-JrHLhN6ptQ9zI}*V%nCk!54J~{8FT4= z4>RK_TYSzwWY~5u%mM_ZTtO-0!KlB|zcsyvaWRwPg1U_ufww<@eIdFr z?LMzTPOqine8TLi@All-Ln4ER*81W0o$UcsEqP0RBWIT{14fJiQmGZsd~h;LCJ6&= z1zRR5HY_ju^$QmaBh@&C zBqK*unP(XKwZjsG+J^Yx)%+Yr4pNbxsO01tdNyAVH#%0+=OsBt9I#2SASM{m%XThf zsnWC%%xu@S3~f%9Fo%V9DSH$JUPLnJhlY+TTeyQ*w9dR@!YpPUwX*j}0M65^j zlIT!~NFQ0D)#-Go|HlHCOZ0<)kV2KaS+6)}{g4S>^lYEFEw)c&>_V^*1@n~^Bwm;3 zOekv@_p6}nt&IDzaPspFKKejAB2Y6iLdP9B?2(+?P^znEe(tBi zl5EVdzC9Wh?7>&Yh(&10_mjH27=@YOa*`P=eJyGxN{!}c-(l*iJ_L3+YA-mk$M@r$ zFlCPh0{c9XZMPEU+jrTYs?cD@22l=~K>028DX*N!rLU2TR|&wZ8fQ<)+#1w|udSwK z{Y&Gs@M73z#aD84(-})25rigqHfoylK0nr;z`5M6aBB_L@9(M05%q2Q%CS~*0UAi% zLgGv$1RF@TFg+ZfC^j>5pDHevOdS_dBMVh$^3>-xg=I}^_K_)DT`d-kOKSH6;QMs8 zZ5oJW%(jNtIZF098f^Pb^8o3WhEk}_i5#!-a?AKuUh4yONJGlwN(PrH$4c(X?oGQJ zlx1KX-4b@bG+3{k+B(+-@jWae&my%4ML{i9yC)2G#N>uB%%K=5JWO4IK5OY~vDs65 z1D;1TpPz9H(p^8bhtAF08y5+%Ge70VoEl{iPISS8j9VXwgziicl(lpKraQ+mrn_MS zc_1w1p~5PK20g9bd|753P4so0o#RWdxkh zbK3-*xhkNj8QYnsOyu;PCbt(8FmwAmJh)?O4|s-mnr z^PB+Yvc;Vxz$xzZqmH91*d#~K+8Se_i`m9m!Q~Ly@+4pW9L+AeGiO9 ztxFCRVB5!qxnT5N+x$FL?_ntuMQ2U+!j8lbRVUD)QUNU^VQef8wU(1_EH)IO!Ad&X zL6Kh2?DmmiCT`E*oO1#jx>^y@Fdh|quyl}l0o=fKDsrvbi z8|B6;d+tgI7#SVqU!ckuNEoKW z)6Hx(V^&}ii$PCPgXM8^ifCCVaV@-h*i~O_3vZnDRID01uTlx3KD3=_{FEP5>f$(q za%koOq@Fy3gIEu}9@3STCZRUI;9an7E9MU0;Zq3TO9P&JICkAtW8cmF|XaP-!OIuYx-F~+ppe>C8Y;8)E#=IU5 zlCS3{OrmYU=rpubsQCeTKdO%-Yd+)fAohL2E>hxF(%FOHpySr1a#GObynYJdmZCG+ z09#^qK!{5Zr7d_9=VIjgl#Fe8&iU#bw^gY?X4Y;)9xa}y3_rrRuw z-fE7@SGIciSqZ?0RZuNs-qZtyxzZYb@1BG4*Q!5Jfm)qM*G&$~K-f;QSBwN0jOnBz zE{YNW!P&EwFV1?$#Bp!4Cnz?D)2j?ZkaP#V@Z;YGUIfPr#Ui;H*tF8wM9Zi#Q}A;k zuI5A1i;qPcGMred=his6VeFi(^@2?}?0p}6=*H45XlpL8HSDLYIlLga&$X6Km5B2& zlKeczS$xYuP;;L;H1`nB1m3)=J+Aeh4DG6vRS(Y~hskltpME=`D{jBiC&$UwB54@k z`Yt>v!}sus-=&kMRQkHhUK$HQXtlC7^uDhVM46avS#EFo$nIiM%tRD;wQH3(32CeA z_{>MquLT}%jk9w}r}45N*I?|o*_M$*&OD^f57n!0zR&K-p~xldzSW)js#Y-R2G?8H zG|Uwha*2TNx@x6E@l|P?rL3}lCcrGz7z=~15Pp8RH<#$^)C*Sd_7U4z$hvU}FOhVoeNi!2=-0iRI@>;`^1(GeCKal@vwa!@f{) zO`3Cy>!%I|m$Yq=rYCi2XRbUc%q_WHKA>8NYwk@Cs0c1=;H4t*J@n-6@df?#T73WRW;^(z?UxFa$X~)^MhlmIO<;mpQ zI;Y=a zUOQyd0~353R0-E6jKm(e@FS#B;Z3qV3>)&8C!=NYhy%=09Dv#u^iKvxkin5YJrF3p zc1{Sm4-1*(;ZXiH93$d-7>-x4MQLm(c6u`^P3ZC^-NM&xB3hX zO|Ccw4-kj^wX>*TT$S*~de?;EE1~b_D;*wa05f(Das1rfAIF`ITJ(%>D)`B!WyD!7 zk9zfnfFmzH25ysOHT6!pc{m7Il`+P1%QN&R?Ix(TG_X98e|TGwu=x$gpsaRbMvYq% zkZi_WN9e1hYBS_$@xV=tXI>)ByHpK=1=d&3uuh;;&h7!c>IlOE>Qu50-h}{=YRd&5k&-M2bQe`qp_anG5H?@M9BE=E(|R6QINUGqVqjh=?L*^q;KpsJmUd3b z&nPVsmyPyH%b#OCAG%MZ!aXe2#`5}pfq2{&(oLD|S!(I#BwBG#U>HPK1ebYJ(l6Ez z;-PGy9iIXMUp3&REt3!V;*U~egrj854+t;WV|$*lJ=f|pGvq&1C!MYt)tOZ#S|$c} z5z?_0)TkEk?{W~9*f`W-m*wl9U9Ok>qUbYm_+2f2M48>j&7Xa-`xxjJkC!%k8?ggE z&yQ2>3l7IXnyaB*yh;-*fA`S4T3KYWHm7j$XbIjZ^H-bx@ozY>dy)%pdvy_QA2T?B zZ5S?Aia`tOZ%yC4`~aKlMVy)j;)q>_ZvGga+u=W1-eziiNxXM7$H6nAu|^sKY{vD# zRnBy9X+k`wLI^fRORqf6?I7qoILlfS^pZz!zF<+H&v#yNHxTgl&F={xkDyqTv356X zZn3&JytYB<)o1JdI%m|An^8H-WRsY0Zu{<)bkk2*nbl00aoW7F`l!EH)GYpud?w_> zTpR$FX=Om>;8lC4*c z>e@!+Ne{X%gxT3{&^za8F%=vyIlHuD=`oC-6@E&t-zqp#r0cr?1(eOp#HyxEb)eAW z=o_YlII10>^^Jw zFLeS?>X6XpM8OD@!W@n^k-&lJrRd0-8xpkiw!`As1f`Y6uTWy+!SdQWo16Y;H)k-k zCAKSf-K9?igp8x z;g6KYs^V(;@YigoerQG2jbFs7C)9~a2kf?fUEbN@q94{?ci=&?140fGzIu%92oU;b z6YO&|^Qk+E|2A7_J5aOr;^7r!=l*4J|MaX5>Ot^hMYNWG0DJ}5$a79_BR@-z3$vX&r$7l7fWwD7Ut(*8~gHx zR#EmsTdTJy=0GS*>`q&}92IpUfk`ugT5)X>jY&sHUmOw=FatB>Q&N zhx``a_A%&A=G`sa#muVQ7r}tLgd^2gJoTvIveBV8)(v*LtzVMg_2;E2m21OA90;$+ zZ2DeO*>=mRITxADFQ3KK@)Jp9AEn2d`@J1oRwTP7UEnD0o>%08B^z8OjH6wQB2u$> z0U9TMc;Iu+i2NzZZLa&Saf}!(P(Rr%Q(KsNQ%pfv1dT)IA7dPZ4x09SWz=%Ruw?1kK zhP{y`IB$(DpK`ZnWFrwm<(_rfnwDy@fq~BOm_4n`O=3ea@OhFXvAD@qRhkT zdG(-{XMb;$4f1&qZp)_YYl71qsvGl?1xj|Q67Q^q)2qt4T^_)1dQ+8gVm0=WH_s1x zF0kr+5pn6_TfRc#=_+us(7O{_>9>rLzOs(N_>LG6-PIUY<#&2EAJMY5ITbnx-D>)I z#)CN#sMip<{%UDgVe8VNX40@>pAO<^*jMHjUq2BF1=ao~F)*P}bM#G1-YZF#ynDkQ z9-uL@74^+}B_DmhiTKhyT~%x6%SwRIJue%XsAWLEROwvq%j7TF7Cro?0fYYSUGvs=FJ zE`IEU-zw?kG&4$;92O;-E~(D-XZu8rRt z(#;c6;sLI8*G_8^e6$+X&zg%;%HhInTvxa%@N!3;RNT26Y{F?pC}Rf2x_#Y8svWQ^ z<|{u~oh4SJqGejL<#+ntl|Y?5yq^?z>=wFvd8yMsv2Ypx@MH4WWXJ=V`>xjsa5KAi zea*csnVJ&xYG%VKiWAbjU17<}VfkmD`9uxsg7CSS!gzg6h-+dPj*j%ck?gSIT{{UL?3`bj`)j9gO2Ub_8A=^LWY|-CHGTrUHn`Q0)?#?H2+N-z! z(J=xs#=`hIHnWh8g1iBPY!>w)o@T71s?^_&u({hxS}I0$SWL#@LkoeZr>rVh@Ub6pC?ZY!>E=z000*tr${FXLj~2JWQK+QhX6W|IX(N5^MF!n~VpMtetj~pw3Dua(MYt@&lS1C^DtCakvc6oM zSnxBoG3Z6E+Yxa(<#oF+WUz?5;aRRTVM)g{P(A@Q913`8`y-TYP<`^sCu!~szy_L3 zP7F7dmh@{z5?m;M$xcAL29M6?0g((H+tA1*zng!7vC$@$1Bj37)mAZ5>W{OtHB=0$ zNwhRKzj}_^w@qHmw7;I*aXMy^9CTHykdR2fY57B*Sh8k;>k01`l9jL^D_%nih||2> ze{n`0t)5iUrIhLRw5B3+y(^Gs5FY8<6lzMSID|U1ve5r)pl7A@N`1} zd_1QEYjK>w?qc{_KRv5})i^)cyPBN9d6_ml4gZ6zVii;q#%g{$fOV|eD*u7IF5qoj z?GZCHl}=#P6lRfpdnea5R0)TagtID_TjEdT0>4=HmP%tGT>XHBC!tr#iX&J8Vj` zr%Cd{M{CUeb{a`Pn3<)p%{t#A?c?BtUsjvi zt~|2V!(r8&)w$fBm4}x}w6PJF$l_nVa=md z9~K1r&F?`M_RgLbw&Z4$o`r_a(svdnWm0-NKG#fpkL3a%u*krWRer4B*3D{;P8=c3rajZ4dZ|$@mc@i9*wj?@_@m-Np$bCPmtddT%i7Q%d7GK*$y+NnJf7Ddg(sdS9vOY5N zRbj;r3L(bzDlr)#eJ|C``S|e>UpUc>SA%)-unhPhvZVPGXTr7-Rp=`ZX4A@&4=BiK z97dy1*HQ7B65i==6v-c4?$x$T@}D2CXl=HllqB1&VNQ7h@`hA=x?8rDj-dTSn|piG z4oIws@4YqHm*%V))0NG4v`!ee{n)(R=m{DO?KVP6izyv9wUtj$s6X-u#la=RRk0L( zZcAn!Gv}5NTx)04cg-Vy@n{i(EPX&b*%*%LVWV%9Y<-y4!#D&cXcKIz$a46$ZeD>9 z#3)!T5KbrPQ{)0smJ}_y^)La^)cwk0Lz7Yr(4sZS+sL7Dn8pSJ)bRUy4$->u5%7j0{m^4a-KTfIXFYi)lb*osFi)Qvt|v56t<3%xb}|ubJPm-(>IPzuVAAVSWc%MYLVq z>F%A}pP1w19^5!vw&lUDmo#UZb=Y=Y_|)oswd$u0FJWdt4#I9VLl81PSB$EzFbO52C=3S$Nt zYCw8*>Ri++>F68>ixD&MBa&JetD8;4taQFO1F=2%QKs$f@fHbT?V?tE7#lyA`MSyW zMd|ux9{M(?nO?*3U8Yy0=o}!q1l4Lzl>&)S6sOvJtnE()kWY+2OeMnTtsN*;Is*xI ze&8+q8~D?F5Kdr@PSxOXO=P1o8ts-LZk)66EuD& z`65j=$|doym(PTf%TiJ)=CFwu#OvM5ga^`{$g(Ip_u80-q7wHib?gji&32N5b}Lk? zAo!!YjMfgGB-zqGYtSYE@?tZJQt(Za9iz<{dHF5p&N^fn0399P8wR}ig)-p)`!^U^ zE$%0&42TN>&rNMJ^QoU27GVpFY&{>_HF62MoigS{PpWID-zo5`wKN+6ibn1l9e0v! zHzOy9A7czb%_CshV`i-*!gH}Y-orwLAlu{mVv(71*CCeqZ-4SeXztKB!}mBDG8KBM zu$5D!zU%+GBPdGu4AfzI=B7-Ak^DxyHRi*@6f~B1ku2i*&RR2ct=wO+d=#T|9Z%3X zZ6A#`VSE)H7eV@c3>rU3=9oNEbRY6co!OK=yld+5Rwv)lK`Xw_7`0RZ&MASvV|>CP zBXk9gR$`azKM|&x$KasK#&y}CxHVbXv}$@&st#E<_q{y6{1EC@g!zd$J&@=I_PI>u z1vKyf)#BO(183>J^$hgPt=phK8`CNhET&^NrD_3a6OO*a)pP%RcT!8dSN<^2g5ux) z@LtF`hN$-ZI(6_^C^pip7`j;$`g*R^SR8aYEGOMKu&TaS8!mV}(A1~NFoO#5MR!~T ztsjCTK5;;VF-v1i{Hol{)+Yl7iR#n;^1(aAzO4>+IE{E%_O_5xE{k*)tiJ7IzVhNW z%q?wmKr;hk%6oG^-IPwyz-iCr!rAgNy;;9(+g#{Gx4iFrUUBvYbn_`I)kwJYF@ex! zSx~hqK<3F-69+GNL&fZ!Z(WwrQ9Y`Y1X-`S(Su%>;lRKm<&-5|jfop~^jBV(h>96H z9-*Znv8?y%Khb_x^3q&!iR3w@l9E_GNbt>G_;!`cs&rh46zsda2#=#^luu% zfI#Kxymr~!IG8ZwPRA`(rAhRu*iks~tmj}Q z8m1YZ^X1r_&gQK(JQ?gAA!S0N8?-4{Jtax}?&2EGg$a=EQc#iRsh;rmmYa!z9bw_K z!G}k4#UM=>IdlJ@b{TI{zL#lW_SH+|@la(*3BqbODjh?lv5K2Y%wkYG|a*%oSig{d%MDmm%3=~>|ufn)7!xg$o#RVwf7 zGeMiTNcNwPg>4uK_v5#Dxp+R8;@TGdm_8Q2)dMr0K?C5*7K1V=%}G*V#2%lTZ0{{| zwxT9iUP+jJ>ZzTgRa|;`xQ5OSkal*hIs}$7iwh+SGTbWmJ%I18T5g{N0R&03#HO5i z?}2L5$%P{a4^?ni{Q_T7I&uAZV$8k$#${KU?}lPv54fAf0r_Ym%|`d^#_tU$vEJwX zAt<-VW4vh3P7iy=9Um{iz|{?E7Sb0{gYLv(k0^Od@eU%4}QK1D5YvE<6aX zIF9tk9SH9B?0K|eQVA4y$EOg|M?Jv#Vx6*=Vc+&6=qBx2s@A(+My4HZQvE7eYGBq1yx5pmJB|b@Pw);f2m0KlY1rSdFI zG?=jgSAbL<7AA}0#6!%PX=mCj#DV4qz3w?4d-D)m<)Hu{qMKuKw2h6=w>+Ww>QS1X4=H0@UTCQtKHjWQ2-2%0X5&T= zU_Sgr%s#Ck@i8lmVtMPuJ7?qc@JgNru5Q17Iiz;F8B_nazt+c2$P4ZVs232O0~?@0Y{y20QQ`3qM<@(0{q)z_2uOvW?-NRWW+))O+0M%ndv$|zaL}WIkm)u4C zM`&Q;{a7-&i_F{S<&0r61N()xUKIBzr=CLq2&>dde z2%@j~L`d!t>3v5%Oflb`ec;M(F7Z3(_n!t3Zy9J+QF&R}@`&u^J|5cl7fcie&{ES% zIPKXXv@6Ii=rgV80HLCH$Vd=^geOjBuVTfOvOhrEr9{&^=L`Pa}%Y zQcQj}U5`B9`$LSk`cd5m)dN}Ac`#!rHj;!t8)~ZO_{|4xY2j{VP# zq9Db1VW|uv7z+G}5&onMp!af0fha&w05@02x0kQw)Ro>2MXfro1?v?Sm=Q57d|h0@B+BD26VWdK-PVjI46XFZa?W!seT76e+|a_8wFJ8 ztP@zQsi*eyJ(##gsn07u)#WlOi*Dlrvs(~#yNoX*SYeN-zYmMWV-2=d7}fPsO2vW( ziM&5-x%E;GAbRNI3u3kJL*^Ux8sO)Wk)rMgm%fal^n9E_mWv#U>Mv4|$c`euz6@t- zfJxh0b37|IJDMtv3f)h{Uausf;E(z3kpC)!{C%458oMFrOWM$W9Da;(<1z@?5 zKv;Za7Al|s4~ZU}zMXsi*P#9k?FRdKu;y|jF`*0+3`Nw|O;4p6Cm)+;<;r*qVb-~k zvl44X>^zf!^dl06)X2OB!=};Fm+xJeO`=0xii$amdrNG7_yF6&z=VyVDzy5!BA#5 z;QM#|{Wn;j5NO8ETFa^}rNj)19X_q4DNjqbeH}GidP(JJ-*Pwv?T@)UZpaf-jF9rb zzPcTtwe9^j+v`#+Y|ki(F7sd>Vcu~ZkCza3*Z5*>gI~1_JP{mKa+{^bd3I_P`(a*3 ztj>_Y>cIm6_9#Mhsib1Rq@sf4PbTND`-vem3D)ZFz)|}N<`e5Yqod@iF5Ve^?A|gq zR=+xyH$6`w{`3MrgJ$?4mhWXF;wO$O$1Ev(_6?N*H`OvX63G{M0LQ~h3YzTupDfN6 z$0D?uACnZqwx>~Z#cwW<&6fGTPY58{$#)hI!C4aay729-ELnX{shi8Vf&UkOBEQi> z8Kg+JuoDAI`WetRPqCaO@^k(KyN;n-HyYGTgiB-mwdCk#*fpYTG#g)ccr3&7u!$hp z@Z;VATZmb&4TZeqPHRPwt@wyK~tU(u~j6+p`Ud4=K(i)c^jO^MJ>v$A_Yq(pN~L5Sz6G!7gPBMrTsqb;03 z)?O%hkSMaJ-G`YPXfc;9HHS)ZrO}=;C9=;|rphgJg>tY}Y!1!;u^j@3>k|#(}*P4A4t* zEu>^xjX{CphGH37zeto2WyE7#UEMU}+t9R40ke$^><2~ECH&kQ&S*`repr+lSATKeCO8{H}7s$c+qXYqD zaFCT=M|Q}+{V`0G2}+b=JX`bX-5QPPHW6EQSU;S&edcOhREi(Aqa6C@{_5{Q%_GZ~ zRblofPT-0b*wL#QXHc83EPxjOq(joF1h1YHMTngXycp2{Nd#ZAEr4gMbo&c8#K(*@N99Q>2pq#(Lm>qMrn)-^rLSX+q@K>fVuFl1Z6Z?F$p za=N;(hJ{bCnrizdK|)Gt`Isi5$4v&$t4(MP*e*isqY;e8hQ4O~kDejX|6Hlegg9_| zzzHRcfw{gBIpn7+F3dDXEmST>fy*BX?2+WlD!E@yJ;;Jo>+j>ON;@uoR8|@~TeF!a4Bc%%T#hL2L2WQIXT(&}HQNtEw7km!6Dy0bkpJ{?g8%2I zuP+bWDPs)}wgbGip3c=(cRIR>kuaZP?&Mf1;h?c|9Gu5PVo8Y^3Koj~eERBtGXSyf zOPINZ`C%LO<(q+riktfl?Q;LqN7cD&@T_oeVTL+1)?Oq%Tkgq;859u2rIW;mOBlY< z%D4*;O0?5x<@UN-K<@P)=Kp5`1l=(4^GcHP%FOmN@k1Q0R)+`sL*?nz%c}CoTa1Ty zSkQ9AOwrIYn=eM7%}U$>*=VAz`agyQt|W%MTik=1>fclP&-eb_q)e~`4pLA6-0tW9 zp?=YP@4(~_K0AE4_YDy>Dkf# zkHi@)>GA$#`}W6n3_LF+zP}9kNZ+3F|47cj5`Q4V*6aW1M~uMtuNIsCr=Y*W@BdTK z|34nY=lX6uP|?nxPf07(@w82l!TmgTubwMZmhy|HQcJ+9`PxxL@E^X z^Nj-h_HFx_;c`<&+S$sQ;7GUur;8q!M=%&N&cDxfI_7d5GaJTz#%xk(y<4UwBQ+f{?XwgQSWNtHS^~xiKE4bNZGbhaH|*AW#$&Hvt%cyFUb4H~L<|utxc8H$ zRsey^yYLRLl~Bxh%jmhMrU|h`knzWYNnu!yxfZ1^u!Dfh+UnYmGC?i z+^U73ZApWU3JcL{v_HTDlI6YATfXBeIpYSe&P|;Hghwqu3#YLv!WCTRid7Vj$9C|S z=J(zi?A-r_AAXIfQ~6~t<>ixO_1)kCJT}{6?Yz{SzsDSVmZXrQQJL4;f5GElAVM%u zSIfhATE|H9{V$vtaI$2E)AlbT9Qo2*F=hMVk0CJ;|DU+)2$gCm(MxCgKX^3pXF%^& zVVq*%AIn{Xg=76g?Y@E#FP|$WXP7{LwX1F}P8!}hiQsC*;jRh&iP&2K-F?KydBPcS zDr@JXV65|cK53?J)DdI}U3mM0u7bb6KEszs@|2Nz+~==jQI`#jxX;mcRMJfj#D7dD z+SdZ|N$MPnT-QoC=Cn+8Ai_?#KS3;sXLX$|_D}PC2g3wrGv%tNv+^c)D@Lsue=q@Xq*)R1om{Zm-IuJOu=hGPcV$c5tJgyG z*xLS|#grgO8P)(gip4w&}pxyGisrc&@nop273z>b)-d>W$kS@AVZgHdtQ=m!apdFF9_Mx z-Tub(*&0O^#>(|DalkPWNROM5-QXN1u&M3HS=3jv&_YlO^Ii1u>@u5 zDG8AjNxAS!<7AS`Fb3M(FZiRtapnf`r*%!i#&gNz`ao!B`$o%i))ZyjL0aM0+va}sN^ z2k{Sk-Lilb=;J=jpCCRGssv!j5-RSsPDY8QB16Z>9mC6etZW5;uCfqJYd~u90qCZ9 zwl^!p>I;xS5e`+R2GNoW1rO1kmhRU9;EWWqY~4oyqQkz z8aYY7EGR7;o3C7s{DYdlr~OgWOU(H!R2=bFLy?4 z3oUhSmx42YStw#x#t6V998i606RHI#qLYw{yYCByiRN00+hrzP3)OP3D%vjVzqUM0 ziIG&o#-Kv2kq+Jg!pAo6J3Tw!tkV~$zpkX^{m}h$(UX12UnHG$O*DeT){2Y2QBYGm zT6AXeIiCh_ecOV@Sp?ByE}nl5MUb^jU-bc>jWWXsn1GFDMYCCS-O~Cm!^)oO+YkGEkR{&I8Qfe*nu~36fIa}7=BPlTtX}U*BD#R zlX~r;VoJ?@R;+gGa02ae&>t4iF48@vYyEH#df{*zKaSvVJKd>{PYc=(%|%3O?lL9W zBJ#^0!b56O9nHTuWX6lpRUp44ki1#PPY_4zD+z)hB%*Ga7(dcGQet;d2%uilBF280 zuU9`iG0U@b6%9h11S-)Y`Y4jI;^2`k;^UHXD+m}lCdEZ$%`fwgG-2b%dKH{vAO8N+ zC#EtXxu$h9k9cgxN(6kufBEhvTl&)lja4eB5#Y)Su>paB(T^ zQBhDA0FxI`YSs4N@!8kpp9?lAqV3}dw&}jU!T???+;;Nl zRd?FPM_vdY9AM;~Y^M2VPfh0vtw)j2v1K)@03uO=E%((@T>t5ey|)Tu&G$5-oCJSHJUUw-5;6ywAZgAQ!-2s|qz;yQL99x#7NgZCw$d{}9 zJ`;WDhMjgXjDskUfSVzEh!lATs(xB z6!x2UoB;|1-_Cq~EG|Qe+XSpA4~_BAWiSHbUIW zi3~QntQ2?~x%V$~)O);8Oo~Hx%RS5sGL`+;dLGQ(h>u}=X*_HX8*=+uvJ+ffc|eHEbIWbA3?v5|OUsc-**df!@pl1gn!;=p8R1 zd2_dIE;I`8wewx6(HNt-{qGvb|I`HcOeGcnXwd0h|0$y?y zsMKwtsiRB|YR&hiF~njZz_;_29;wlOY-%!t2H%`;QWqh6<}Blp6$u0&`K33|*KWtn z0f`wNx5(hX#rYK(i-$a03j^n;yYZdFxY11%($lwa zTajJiu$G?@m&&yMlPlyoS5NW?Nka2?Qw+nmkeW<5lfY5_T4QWq+<*3 zw;|tm$1DCjp;S$l-70yX)b>}Pcuap7bSl=Dl95RS$4VU9~yz;RrS)83^cP4 zNqlCB(kdMZgbhQTE7YFd)+5tq$_#g}9VmEa_KK?wyQ2SzxVC}5(hq4`TmmdzI&UO?LhrsfN` zUr$Lero)q-bwRJ(eo*KIO=-dfD2bdE7njtBn_^{&>oQZw%}gZFlMSDjwNFw@=@k2{ z*Dc{D=~1!(38r{1rI2PouzE#PUn;~fuYA(Ow2b!$QjRJMw@3J3*0;t$v+*@^L27c*`}pE3$N)AB zmW#trATl{^bjq@gGa@uMmhjN*041f0&uz9N&CHpnRdm&L+FY$k^=58~n?+H{VLWQYA(*5S`}V%le)p#kjZmrbnB+SN@gqgT z;SZAi=<9ZwHn^J82*0cp^qy0`0a3ydtwrjI7TS%K73QUr&5GW;1N{Lsg zuwx#I^ctjjrF~#O>0~E6#kF4uF>Ia@|q%Bp~^1SS#oVyz+*6=6-HS_XqHAyadZA*T8 zWi@!YGm$?PL z5aOw{7?A80|*4}Mrm0{Y}4DI)X6#lF8;bK^jxCI~+#=ywyLdqoAt_vSY?nmuO zhSVb^lLfCXrST0}fXvaYwi}h7+vkzHuq!!{@ zqvI$jI#h}mOU9OqtvedK>XY&aF`I_tRf-?`qzEsht%`Ok0Q`Zm?1e*Axn0NU(peG& zdoDX0!`f*6NeBQCvCWw^4{e8!MD#ma4>us!uDjCK%NL20saO`cYwlarU(d`Dzpsm= zb(!Mf8EqCpdzQmE=Nq>%oq9{mtnWABR4=AOUOethNNnaj9JOj3=RM~9G4yFn@*jsY zg|BNr8O&S?#W8y#UfIxeGR_w~O&AJq6{vWHN6RVkcZbK^$&IJa`&o=!&-A2P*tTec9r#`(6ZiR|Ji{rM9f+YbCIGr4zzDy}mXAAg~l0 zL6IvyB9gWf>X_kKUw8RCCSzLg+$uFu7C`7{LD9=R#3dWpN4A#kjK+OLP9=9$Ou^m!}6|dU(Ne^o6!~zRII&J+nvY~E8`;~j6(9FrzLVf$k zcF5%iMHHdDx87aTH}{8wM^n;^>2t<7!^O+%nZsnRVVwPEZVlM!);9yyi@1f|>E|O! zB4B8UY@+oibcrOpz^fN?P4K;OzMNpPuAO7{pV`iX1nz$)%SJRi<&jE) z2#`v}re(`y{FISGDh`eD*?Eb3(*E>(;S8ZVxVTWmk*PSb^40ae zZ7Hy-sQ~oSNEyk@kgb;nn8!R5O=+UnK<8b=1)CaREzyqIZl;FDtETKs(|j`txa@gZ z2RnyWwTlO2>4z4q!q4%zt?G&OjmXL$ZjG81(w%9sz!I-MLvy)A<+hl8a`M*f6sNDO z+3*1aEjVK?*Rd~7OCo!xvnp!gEfgHSrqkgru9ggUoqVv1Cc8nY<~Tg=Etaji^VMK( zlh%L8;-#rVnz5%=C4i#I+ca#jbxm1}&k2YeBQm~{m;o*%*xx71#q}F#+&U92Twb`5 zsf#?Adu znzIzg9aAvJ!fQj*X?AzG<$X8Mb3d4PxMIlu+ueyKm%MO0VU!@*3HL{b8w1OE&YSB! zN0mG0Y?(k4^iR9~)1kG9>dA*%j&gP#KqsuDEPKfHZ@v3f%-rq%%q6_`IkkvbtpN_b zJmSg0Lb_rWz9X}xs;V^i`J~P{<*;h+jt#DiE<9b6_U~#DM(7vN+S+-YC(=0K1y~z3 zFWyYQ4bD93nvx6((B)s;(K*6@^NOP1s1x}tua!!+VR!qEwe zkIryI;={ji4W(|**%PeIw6p;)FZ*`-78RV>+v^VQzo=UgPk&Dp>gdm1miFXop*1|9 zV=QycseLS7SoJy`VS7G7FMn^jvGykSJcucFvqQq^Soh%pl;btAsR33?1ax@JFQC-e zihY_5>JmhcN>}0Zn~cTRI%~L?&cQ<#O~K`A)~`ON?&B{u1^#r26ki!T@8Rc(8&D8e zQiXRDYzqlrEk);(A!Q8Sv>&Vb7fxShxF$wmgtQHtp%dLx^3 z!A1R`krl)l;l&?q25t0*h4&T4Ud{GiV=Jb*PFHwjlFkN8O`OD*n+A8JV>dn~jS}wj zujR(K78|+uy7$z~utq>~t1eMiy3-M07^; zZ!wMh)1-NWqKz_e@+UU%KIxu0csvr3{-MH+PEkasQ&M0x+ljenuC!^6%G^l~_?$ai z7F`UDxDL%4B~c!0JIAsR43LNqo%vkbV!_;2rQF>5HS5GlL*xDUXM|1$gOE?#di{gGHMvcS_2cBi1o>A zGp>h4^^OZpZ}Iqz+1qngPGC9VNLrV|WtUqQJZ|wf39OK@2{Gz|lx`t!$D_HY` z?K3obXN&Ih!@{gnp^s_C@sSdZk#te-W}DG1PVRZ;TT;{=Q+F*78`atyob*>fl&;kl zBN=OXn9ZVyOFmIV*Ga~2*6pHAC)`-XfogCzM(kAjMy#E|m2Zy{Rg!V4%bklar}@jf zjDu)|9`-;N4MwU{EvDi07%xnNVNv|niO%PS3fZZ}%Vr#a%ySB)Shp}l(1v}D)u?gl zt!Gba<_)JU6Y%9e4&Uc>x`I(;D()1$iI2n7^@V=GQE4rKf3M$S%??`%Ra86hhG$xh zYE{ode)U1Rd{VouO@#;KkRBu5@*|5Z+WqGBE4y*NG_6;GkUPQjY`oui7YC)SEI-tK zm8#M(@amneN50#0e3yR3C2toUYkPZB=F;7Fz>*vN4I0XihWXr>FBbC?<{@j)nDO=@ zV@o$mnr(Uj8Io$aP+cZB$=l$%p!f5|pK1>db0k$YXa&ImlhW zh#$#y7GKi0#7ZU6>HO<1fS+==iSoEVkeNl?u+T)-$RL~t#-$_VDB9>uLz8cj`#2V{34##tDEDD6KL4vEW<|agx^aURv%0-K61E&S zEV_WU#jAY}B4`4}UWf1zOmUi})5D_`($g^Dw=wW~4Yk88N1mULEJ~1|s3#>^Rwcr? zpkb+ppFf@+f}zEQCxZk#OU!(Kcphk@g-fnJv|veUOXr@WmI*}0LkZvj?cOp_G{DKr zL?K!w)Tjd-jZ-6@!PEoM2%OkUXFl}CC(1@N((IHO2sy#8O+&2k)+ECVy6;IdmgWnb zEv9l#fn7@!HDk~8MoROa9AT(cx>V(+Nu3{_SPs4VqVCq7$~qYstk$8bk{FQMo>#RJ z8vM2Zv3T~?%NG9{be;j@iM^i!!XLiz;_TEPglXB;;?qF+MuP-RBbUuLx@?aIVJWVO zb#$L2mpEepg8O3XUj0R^#mr@uw)!J195s!qFVaqQKtOsV>foc-P~!oJi&36hlChSF zF;?W}@>wW`DfRJXVkmX9eGic5g3oijjWKIC;YAa+z_+?0P9A$MLNjYHZ@Y7Eh2 z?DmPK`7XP%8~(zDVv=ORK8#u?Ekt$NbXB)b z?qzP+=nfo|CeGz%*G7!iJxL13VL#y;2y>&mL#S5C47+KM?*NXJ;h7?4;|h!- ztqI53i^2|*%CKyXAvh9mY+mF!wFS>(qKjY8&h6&4Y+4+0)%WnWo7c&MSlRNYYMPv; z9dJmf9;eP~g0WwG7iV9j10G=9 zjLK&V#p+jqO_omb$GLbv%hm~npk#McI6<-g@rlUmF3ONaLM01tM371QSuP0iBmyp6 zal>2OK98Hl(CclsBD~{m)f6XMO*=%Kk5tm}qZlVSg>sCW1ffa+!HM{7!dmtiUL7%E zEmbx27|K~wJ?x>J0>(AH4dkcaiacd#YwtSo&ssa2&LSl8THUc3latm0pm`>4HiQ`@ z%?E&*_DYL7mY#L_+gTIP0?Zrilmbp0A3Y;QQchJm9UPuH;}uJMA|*DoQ}_{0Q0TQr zt#CbmX_t<=*0)$2h5C)1(LNi07=MPvPunu@b%M(Bdk2j}M!+%J?><_tKJ8|_I!A@^ zMi;FEgWZ^rl%%MW`D_bNpEDMulM`k@`8Jj=rH*%w@CN6k@se&jKxkoO5w>pN{mQe( zDbUhh$TBsf7BKN6r_DR*nXYASvG+K{cymsiGfh;@H?onCb_&#BZ3&tLIzqu$1Dxs` z%ZviBNL9b)@p7q&lgsoidHo6mqMqy>+e-=`kgD|u8Lnc+PT4l?+(Z* zwq7qCbklpEu?Uz;L%ZRId#g0NsAizDSTJmy5({y;dGyToI;%ymJ6EG1XPv8W=<0{XtlE^L=qiKJ zY|-wp2^24Kj!78f8`-q`%Eg6+)JhUfKR~9LtGLe9P?*CUGLsWUsqHUkw%8dHodlDy z{RyhHj$nV0j|=3_R| z5=)defb`T;SWDCbuQSs9GWsj8@y*9+^uaf0RJmVKIeS0XUJRde2q;7V6mz{LmM@z0 zR5qTbuFh9av?G+Y&Zy=qVJynj!C~JzgU8?JtSqCkrw>~ublNdl>UdzCpQ+hu*Yeb# z4e4y)cvjkuBz~uz>A64Za*XQMS9m-zDrSD8#$?8wxXGGFbW(3|<68&8Pmg%b zZKEnwheOlUF}yNXyPp>G3Mk@CreC3b`CehvrqxyMGS-QulZUjMZF7!m4Egs`jg!tk zMpc4A^EaR^h#kf5Dsb{CFYb<)abzI#0UKg1$lqeeTB2eRWCy7 zu)srTlfdIMr>NwG0WN1_!!-Jdrl{#Rf_EkqqWXysxy*Kc-VSYK$we5nyPh4}bg#J; z_yAFHzQ^1M(~w112}i}O)Hjl~ma+=7)f*v9Q72{&kK8jwiSr582riz|*ZOegUboh>fsQgbEN$Dl{GDG5e=>Pj}Q`GmF=U?pIJ^*v$NX z(LdoR6vySgk(HG^5mSH5kxy=1LK%1XNqkia4jjPY>(>ImVU?~^4j|NiRyA%1f>6qqJ zL?2Pqs;d42YlE&X*V4>UnGp}c^PK~c{>R11Rft(?`)|~r$Q!q15hjMWi`l*@-aX4 zgf?2A+2H#T%EaUrT!x%|MYIPuu*ueZYh+P3+kA(ki0X4_d~Nftjb!D=e)zpm{@fUC z&Han~%>JxQ zg1jj&recJa;Az-fg@5W}F1tS4w=Eeh4N)elb&2m(wFP`I3QU#c_Ca|Dp0D*1X)e|Y zO~~I`uk;wuq%TbNWbOgj9-5RovCZ*+!a=qtDJkS^5?Xy~AyfmI(|5SIz#neX6gVRs z6fE5~ARfKf`S}hS5(UYNl;bZ@b}?RMqQrP(DVC?eZX9)NTsB}=G}_phc!qm^VR#~Ej;(>L+Ku&W+Zmv~Pq?-`p=daEL@WBrVPAUv z%e2tb0fD)a=lV=rPlD(;xcpYzqvBxVTji()$R_#?@PUr`>O~!SCU)eTEt%?w7y(U- zWu&oI?WHLEN?`Wb4!Y62oWZ210xmT&q$3?=1P76*Y-Dq%_}dWfWc-Y!dKwI;RQ4A1 zEpK-)75g3dW_9~$30gUJ1i!)G!XGN|WKerIzH)TMbDz0e8`=xzU3(F;%I7Hzta4Km z+}U4A$Q3ZmE6+8TPm}k!X+%8K)n^D-DogG*EDoT%whKJQ?!RBro$UtJzn0)~3fSlb zEg&r?ZodaUL$tsUSu{F4<46Vsa*B3vJA<*;6P0eRqq&JbL*fuSN@qbE-;-{#yH}Xg zn#h@SDV1w4NEYT(WE?hJ?9A|4s>?3kHY!r`5~PrB3iGs+jJ@i@^Dzr&{n3b#iOFoa zdY$QNqt!GTSG`N+jMO?(OW_i!Mb611RPSl*&9Z#6vcO;Z8b5{8GD7AlcOs5wUcS9LC54i=S9?+FbGV@ zT?QT)PbJr@PM4hT#e_8qvO0*&xDR#p3)UA~DSKkTlG0k(PT=At}{Gk0ef?vv$${(9^X2|*e)}}OP0EjpqeVo8 z0^Z!|3U$v8;2M;b_Jw@#PlpKaFjW~+0!EbBEQblzSH^~(Cbqp-x#G73B6Il1|_p-r-zd4k5jQ7mBH+I|H-xOzDhe9W@gO%SV`G;&sUAeXi5s=y&G z1LscJIo=-gcfQFa4V0u0uqk{+@V;Z6J#;F0zr=H3gu64-4%pYfc_6u~U8r7sdIuRB z=!@oMB)r)FQ&s?kr3Nm2>PUu$8N5ez8c6K^IWt)X&-K_tP%s*A`4yFawZATnyS`oc>hnowLn{_Pi0fyeTtXbiT zE*IEyfC=Hk1;_TDD1K}tU*e2-Zq-;Snzl*fxb6PfCKQ6IML-sfPCMIg?t7Qf95Nj& z-1X0?-qK4aju67?^XUhoZQY>3!QOc0$fQiut*#2%>|JBGB~rGV>0v3G4@HnG%S-~R zY(MR_fzV#fE^25sljX*b#n3iz+AphkFTSJWRT6pq)EXEv;(5pWuUkVCA91QjhK!Z- zr@>d^QIYjjtt>TYyx1?^ez;?4BMwJeU|eob%VP#qP@AC7yHq@O_1E=6f4R}9b>nAO zD&w6M_mVz7X|0>OuC7vpcX|0%#EiD*7@NP&8o|Z;wTb(YWyZ%fvAJ>B+R@58oqW0F=U_DU~ z#0ppJ(giBiA=zZEz#Z;rd-Mq}Ip4LMmn2J13X;L7hJhqwdOxkKGFDnyH`A!I91ylP zGoz5o?m%|FR3lhrvulmob~8PgO=&151-LLn z6({{%1c@i+eUsHI2{7 zyYaSWan|JNu{sUY?D1ZC_50l4t)?N0g_hpA>FD6?)XYq;*9V;MQ(v9=e|}#^(^hZA zq*YebXziq`OWkD*GWeBm9!Pie;{}o=IT=+-NHtf=AiDX%Xl*)D*Lp9J_DC6jr)B2u z2W|KUj!e%1=p0w}%6#{HIY~I}O-?+#k^|}X+fFD)rzr;H8JV6DcjXZ~I5;qXbRz=p z&6aD83Wco`XL|HaLOj#upc7Xh&0!-IK7A8t2xmkP`?6#EaOl!eZ|_!!#q7pAIacZ2 z9+kPdx4*21p4LwG*ossy`52Ih2!i4 z**TGWV8JSde&M+MP4;r-M|tCX z0&=^s7|TERq0MXILbYV7!@ndPZ0q3f+?t1jGHS%vxrfjI?XWZIN=~9_xfsX1IWJc^ z$|H(eMgpawllWy0wmN0{9%Jz+Xe5c=MmE=Ld^kx3F7uz=&3w+t(UQI`K&?+uA2>KB zy#*VkbBvC&dmC6;!&!9Qk|D-&75d~vxVx$}S!uF3T?yufeZp7luoIgq%kW7PazM(^ zK}2ly>;4LnTO_0kj?NA;jKH#Dwg>y;nS#4MRM})p`5dhR82Lo$8OcI@_Dqz9wg_s3 z{(|HNJ~hqB%HR8CD^Fx0;Up9BS_eyX8)cbfmm#r2$XN^X4x`4aGMy`DSc>Bb>7m z(^jvNW_>rUedA0arKG|7ecZisnLKo7GwYJk0$a1#J-#Me#}|r07kQbMXQ!YV9PAUQ z_eDrZ+(t(5U8us9EDiB|ziY+V$p<|zdzqTGVPs z8d}RI;WMvM=%0DMzJit+RqQ_1O;=mUczZ#OhM4Npg5V6Gi=R^ z++7BxroFA!z67^tF2wOnu7@(0W1y$1*O{UJiV31k{Q2&vbN;pZ49}^nVbGx!5S>x_*<=fpAkj>#ycFteS*UXCMzgl{L8N!Z;=(1dfKp< zh11O{i=<4>CeZ9rX4``?w$QdR8+4>9{O3YdgB~UWzo{UxCHJA7P8y%m{8ZSN-jT~- zz-+NYl-Hr$+9&iM{(-Z<6s?9MY7Ln~#pN2x!#^nFZZWq5N{+7J3%0tdR%&ckigz;; z%Kb&V_z6TH%a16g?cmU3cRz0~3CEdC3UgnB;j9S|RTAkx+R+EpzL84f$wu4MkN`K!oz2Wv7`0H`mQN%XO5u}zM`4>c&Ae|e#?3#;YJ&Cj0+ntp`hi6yT zyPZfsTyL`mbRfAKD6`O&+z`SQ#djTmB{@Vp!9Hhs?Vl??5jkGEnfdm4u}^irq)0JG z$Zs`v`S@6x<0JRzs?S<|m7}b-Y+j6|JdV7zpW{=n-AqjE3SPy{B8Bk-J49@G23$r& z?EC5>h%8=wUS*LF=hL8OL#*a)iSc!6q6#&OF_Ta&^E+iKulU*zxMt>Z*u)qW`km8y zhBuFSj`DOqrr`lh^-}lv&r2klG(og?M7chV&Tx-#;I>!QeVRbQC26_8fXtq zmj!?hO2&2A8`NRSvvyT3CpXT$2IuEkZRy`GG6ekzwrnAC^Mqtmn5j4>EYo7*9Rh|L zP6jiI&Y}#2J-GPdg6+s9O&VrIXuRP2d~uFXM=~HrmD1-`#Le%&Yc$YG7jYWeBWAft$nQm{TdW-DS4MgIoHQnt)eBf z@9{j$hy$Yl{{?+aCg<1hAC#YWW2wC=xeCLXD}OP%mcuevbGB#`Nf@uSVwbPGhGg2^ zBq7DHx}{J%!SHmxW<~)b4<&|*y7o9udLHq{^jJ+DHdBhR!*lueXTBdE@xm5&8J%5f zeo>BER-RE8xBbTG9Bncm{K-E`-jR8@WA9YrE)w#_GG5EynmA~#h7+1S`Fg^%Z{a=z(Cjc3Els)?4X!l5<9Zehe- zp1*OOR_@~!{PDPdl;JqhL12+aobQ`@FShAT9p&*)5?`fk;8D6|DXsHtrbn2mM09t@ zW&eBkqb&c0wfL5ryrRPCb=}#Q<+(?gj{4imZrUxUSXA5F78MWq*&KCPV9!wC$)FFV zs)_UcBlJ3DO!{rnQN?oHTB7yJqx)SQ7tz;7P=S>8?N>@_0f3%&xHDlJaI%2O)IL#U zV6lP9v7%#v97EZ=)no0_SY;YoJi276=7yT{aAW<|wFQf0@RcppBv3mYzvU;-i(sJH zq9fHgxySN|tV@iLB0>jp4=Vzj@*+aZ^p9zhrx={9D7-ScsHBn;frjO6^YW1Tv)CV$ z%*o^T@NH(d2A+`*YHeS>__gj|!^$ix@~_LcLP@@(V28r?)|Ni!{M8v1EFa)SzeLD8 zme;lamJvg>C<`%3fF!|p7kBinj_gI+F&%Y$MVAFzwBGaCezrl}l@N>)14&9Bvo>C( zIhNX_&u=443}@{axf25`*Yau)dZxm*tOXOXo)FpE>z^w6zbODj8D9m3|pcMwpC&WmJWuKm(wDhQl8VG=rfkv8_wU1kvC zZkJJA=yrEgwL?Rnrb15UWDmCaP&EqFdo;y$FS-MQIK>t#&vQP*04!(n^UEdQwjzl} z43f;V7^EyVIODQJS6S4V!`S0}wTdG!?4GyUKGyrJFF9>)2PrxmvL24ip_;C=w4BQt z)km#c_qI5W1a>xKk4Q;<(!Cm3CCR!9?y6AeA8_?^BBAco&q4WnywtK zsyB-~h?4r}8Bem+-OFj`7#VWwtqUg9pZ3Rw7>^l#W@u|Lvm&)}tN#i0VL=nnPWy5+ zZI803rnU!3$)+uHjni>IzjB=<){E_}S&=zdJK@C@_k{)EI)48GD3k+I^>bP9YUHMU z=&|xDJMfle;*sWbvB5h6FC5WZyFZh{Xs$Qq?atcUa@i6m0E$9ldQUlsfWS$l(0_%?s5S*Z#+VT6U zKkRKT?XuxcdFhT9B;a7OFNHa1&%Lbbzt~QGw_4&9xUb-e?N&;`(QYXnl7=g4K3-Bk z4)*8$n1uiTHTRWoQN7#WfTMH>0!m9OrP7T$l;luDBhnxs-6c{YB_)k?4m~hKqja}) zGjvHK@Y|kqo%4nB`~wfyezAG6*Q|TRXVrc0{ZM7Ct^H!n&>7Mv9+SrJnkF-M;-D9y z-+gxNI#cp1(`g*iF7Z06wanlv@i(552usBsWv-$sT%qk2Wy)}8^xBJncU_#1G8VO# z41T!@nAskg2@{Tz;{|LkagEHzhpy9=l%@RSjBrcNeIeQ|&A<*fjw?_4J=!JT_aP1B zJlNQT2OCX285&#r#bgo{jDPh%&et3O4F!DEa}1mZ0>S2Z1`%ouX($YhBp;CXy=8Sjbct7w#GwK)Y;X4 zE6If$$%->BKH~^=sHn(`P9iOD)28>Zsz|lh{e$wHe@;(a@;TxKA4ahem@L!=}Ims7A{@>?LNQ%%SDDf;I!*$(ME%&)6Mf5_Ce*L-qR5(Ul! z%uiV~2siv;I=z@Qcc@hV;A1gqOjoT>$*2~(X~Cy2i@|GeKBx7x_zI(;Qx~Bq6^t4q z&}mM-Rai?}|L#pcu<(xvvId{qkTri01;cMHiQ!aRGvGT#eM$%P4!&L*HH7R}v?ELEL zEKPENuecvdYpUI4s_)Qe&8HfZlQt&xn*CTu&?}PJ8{?YHqC`?A80~9N*_j)~?&I~) zq2GtC{&x8xm$L5g2r}Kt4p?jSC?(H#o=PL09`1z27Is1}T+!XOom}e1mUXG-#kL*l zQ=6d{u_GykdA{pSMg4np5s+x-2V~i2YA>n{NIzz#tv4pxNwKA6+E`A#=o6$E()i%D z&<6=qvT2QUCt<0{y1q33X=Lql?Y!-FSj*7<`f99dBy7g$Fr|?z)1^L=?OVd|VgZ^{kTFgRm(&oA0fd=rTlyg3CXlqQyLZsHZZMjwyRcBfd8Qgu(=KF%+ zxehOd|5(Y8q$tmIA?6c~8C~(qV)>sad4dPs)MekrbO)N4?-?S#Sg9|((4KqL zVosai-`f1k-F&tcQ(Xzi`g-8nEM=xES=$xysgdvsHSZNRd9a&%f*6a~AQ8#~k1Na= zkoD6&v%?P7?}8pD+@o_>a7>Est;_h*ocBgf&SEe_GRI1hfeS-9AtyfhuEDGm%czUB zvM?8Cn}KM!>aix(=Xmlp&Lv+B?~4fNz5H{XZO6+=efJ9zjRHf8hx1xvW@8@f8N8xA zzuO4hZF6&w4z7WSM7_k~&$=P^E;|~{x$$QFIS%)N;?HVBP}pFJ=?^G9M`b5l9twC- zh3fb{sb>o;kdNg0gLyf<&kJn-Y)_Ii)H()}>AQXSGsCe35o!#wJxw7(>xJ zZ?cWsGDGfB+8CmXC-`4cfuMXD&L!TX_My=etqBO)jUH8<7oGyrr%mhLpu&^>#J zEz|UbEx`g@5@O>}9;V+ZoE4v&;!NRnx)7A(p_;dqZ3B&6KVbdl3G%+U5ocX-zqGfqoVyA2gUf8sZm>F9ub+A5e3N9<0)t>{CqB zlO^5#(;-$_R~XN74=J#xhKcHr^;LdB$(|pqSX+^l=%ZKkc`7X>O#yYCBh5i+;e&Cq zX@-6|*pJ)srvx7xhee$D&s9-)z@pNNy+TG_`0%TjZ%;Fsf~aQ^KGdTXJS}MaL_u%xC8c9Fo4Cn2Vg;-Kn#?Bq%o6GL z1;d4BZWjE&{)tC+&x!`!_ufSK_I&KWQo)Vo*kRK8A(q(h8dIx}D4UWx=`B1iu$nUI zty3piVBu`_&}UyQkeV7OfnJDk3`+-aXF5c{1QPopR|MPM`JeQ*c>B}$r*OAg&F6kP zHK>S6*Jd0)i*)L@U&=W@Pd{qyy_y~8Gu!9rX zH$8oRAJFOfSTd(v=Hnsfzu~!;*{prIY+gBv6Xn;004EIW+{g^*Y%Yuv3}0&Ld~3zf7&{0zE4Q)RIqMxMtJTr-pDOde!yCph zX~Jhd^hduzW_y{pNxR`-KZ7b_JVHi1KArD(qjTg%lH|o4`@l~dP;?n_Q%*A10ZRod z|7NO)KJ6v>E-#Do5IVs$(>o~c0I$C6@lVqn$%=FHAq?-H%`kI~_kXm@q@Vd^tY11V zJ6%%6um=&q`ZL3~Cmut-_;;Vqne8F?L;RCv2g>T6W@g{Hs?YR*t)i(O%*^)QM_dTh ze2ogRa(ooJnBOh9mxIj(N*GPOSTWrYf37Di?I!BRgUSOres!och8;QZRJRmfZAUff z5OW~H?z}nT>G;KPF_oYv_LF}CIjVIi!;nd7*Xm3pl$60 zr0X!%)ZK;)8~4=&GkKTXZuQrgGocFcN@E}6uh+&qC!KW8y}*NIj=h6Q`A(yw5d$di z$^5=NDb+KSoAqvH(6nFck?RKjn7>BH``z%`&!Y)?*b?eLoJ{xRZL^p+{ec2LsKEhA z_UO1@$46q9dZ6u*1@$j3Z%|7%-F;}Yre+P_<#vL_)YQ@{56#5LRHW=3YMSt^?mP2Z z+6m~f2?hzxUmwZUAAJw>T2!6$A?cjsuQxl2@0=g+G-oGvE%5gjk{wZ(Eql>(sV=2! znaFtmCw&X9pnVa@=5uwYt2^NbW9@L6nSO{Rrl5AoGAU`QJ%n>Gy@Cb5(5e_{lNUf7 zi;tgEy&fcpq6(5ZCxTID8j;G@mn+pEx2gOqnbvKEPD~v*---EXi(1k>4=G~jr(RBu zPhzm2B_A;#EX$T>S7@89=aLJFziPlt z$s`UDeJv^-#G2N4f`~m%&RjU>L{u{+R(Pf{#l}^m23!Jhu`$p3I_BsM9}jjJ(h;#? z_|z<&YpSP2y0dvwcD~t2ujm&`(kRhSiENM_&Ra6I&;D(e>XyS4#fF}zZNZ5jtzS7{ zzV~*{n7*`j$@;v6V=k9#{ECvJKsIx(eDk0y$m0orOK|rh!JjbF#K;&s@zY7Vu)Tk0>D#C|Ton)00`Aq&-TDoNuAMedmq!sjrxT)^FqfhN`ThsEvoMpbL;cE zi0zH7(q zVbjwgI~2B5%!k17A!2f54n-ZY9eNr+RLRerwG+Q8#rX$&2NFM|SkIlaJxx6KlkaFa zT51XYnf>5duoKCo%olj@!>isEH=ayg9lSpytG23gbA1o10xe(OkhDsIZw+fGXZgE~ zZg3h?sG!C&PSfvx@wC4guzap}&nk0wg1Lh@X$r@>9~D0 zheI8;f))i$`zA|Hotquz>Nd`m4_nugbIN#z<%{;8tLY~bT}4esC{P7GA2jJSUL`fA zlG0LFmrT3dGUKRHTf6{OAmXr?T^4$K`-jDk#nK5Dzhn-r&vAA8ND#=F40;$zN+QaPWKZZBq=!oAyDkL8xw@PC;&5=5 z!$;5`C<^$YT>iwEIq?@>p01)Q1OfF%9H;>@M{*;`~Z@C7Uh|tjg zbNLxRrW29@Xjc@p7gburireT7^NW6X{T{>U+N&||;FoCBb-@W^B}lO+SmXb@Q|iB>5{UL) zqaAz+c-^UR;I`GMR{D4G;#38W!eJ>8E%&h zJ!d=e_Z=$PGuuMkymFZfAu(+i{3HCTR;1Pl;Y~@kfWX(m1m*8EoW8}vi(?dUqC8r# zS(Kfes$%U_o?m3>U?*AU+dXgw`N91}E1j3dM;naG+7CRc$(6Ol=9U&mDjGl{S$bm= zha-*4!}|`RmW`=1-jrTL$4Ca(?Co2jh2nir0W4Ob=;R6JuQ}({alTI z?9V6qy-kt17M|%WXK+Y`@LA530wKlS*I4guJ;JUI_In+7rqfg;zbA>EOWv0PCtUbdN%V&=L@=1Icr#5D*Q30r@m09W1oX_5fnHJU+jjji%-&I%Qg z?RcfMC^-&!e#5k zPGatcTs{rni}P;2i3$KX`r&PqQMtNojN~((vuSaZL60HI(SPKjx^{PGyf3yPF%-3I zB~4i`=1eU=a8X~N&ngIDyvV#*x-QIi%g!Ar`q~dsxPrv2hR=<^9K+&ww9TO2wjFBc zxR$GbT}-m`@NLu0r5uwG)iWU5KZooPU&a=ZH5R&4Vx@Q~>3QH2eG z>tXi8PU&wgi5?ytsp<_oY%uUjeS-Ygw169VV~h+3@UCXrBW}~kHJC9xD;fpWcgr@J z&E}h)DV@evyMaId=78^hu?yZbV5E2}~N42Pm`YwUwMoi?&8_IFRaV%azxxc059J&84U zKJ}8~;TuorG8EkTug?KDej&1S39w?x>CX*imd_@7yqSGz?kU^x8~1i*pX7)L|GY39uQFjgU^_v zsf>)DO~+zsZ_-0`L7>3M-1doVLfKooo1&+Sl)>2MXbpKUwg{K(4~CV!%P0gJWPfHV z?kLXB|L)K)I(}fsdSv~W5MLA4j!nw5U2Ok~e*p78(DASJ$hc#4ez4{ck~;jNPNK&I z9Is`!kc3hBc5^i*$Jkg5bMe`RvAllffI5nxD^3HdaZJs)5wn7dyj+O#j(;_O?DonpRY=;LY*mzF>r zctc}Tptkbee_-mbE$Lz?Hs+Ac(4V&!goG1|##+W5(vNRD4=eD`fDhic8YeamRr_Ur zWvXu6oh|0hs0NOIAW*Fj(M;PA0H zIyJ2~n5g*4)ksLfc3|jOy=UD-3oGU=8YGFn&K%qJ>~{v)GIWX(K}p2av7h6J>7fKY zqfi3{Qc}{m2uMiz4|^<|?vzr^<}0O~!PMRg_OXwPw^aSC46B2;5*XBvGO9ay>A?cjue|lQK@H<$VflSfIF=H9NQSd&CK?Yq9+TQ zdPVPc!7V@L`|dVp&jHRVbcMTlE4dYz7ssNPTdOQH;=%mc<=HVEv3II0N1r}rWi9pW zv5(PEEUFu|7Y!*&&qRE>x?0vELWYQ7nN!}#u9^lx;Q6k<1cgVz@xfwcmS0Jrhbjd+ zT_MvM8T82gHcD$jo7OJHK2fKpI3%&U?B>-Q_p2zbA5MZ0OtkG=0V~dzeK*?51YruS znC8CTyP%My^0jQW>KGD)eUqZdK3E8-U9AP3NgKjqUW&p;V)NcC!$v9yb$#Eeg$SVm z+mZgk)+Rd;V@HfGgRt8@sAKTjePQ{-sI{z+x10eSq?nU)b0t!ER_5lVA|hNXDqfTO z%bAYdPE5#;1zH~F>!11aN-ISN^N<|jJP)^ReUdgdHn!#^tzi=*8>vQe zdU>E53i(&2h=DDCV4X>9;xW%WTtd#F4L+Im;6lvg&xcV62FB19Qw`|YAX?$9@9bMh zSuf~WzKGuP2Y?1021W+=7I6)+q?Y3Vn55>TAn?(0ymDX`ZBu`wF-7n}P+FiHl9+7? zOssDtL%_WzGu`$AyHM7Iwb^n>U(`sJx1s(#e-+S*ore*B0icPGiwJX7;hm5hQS-4jp zA#eSA08QbMTlCKrG+-clI}vaPsgawE;b+ipy%^-puzgG6hb^s}ektPu2DYRsZSAH*IlBHv1ECY8uA1CKXJVauCGu{~t0J3d(HmJZSM zjCD2-;~c`(0)^a$1TaiC1+U_oyhyK4x#rn5r)fQhC z7Zqh0Ty8+sH10(}7)pr{FO83P=alBo$Ex$PvzgXNtZZxbMja!~oJbXq@NVTv=tMGl z7@P-?yZy7PZ1`}3^2*AXo!VWof`Wqbs#&!{JbEZ97IVd-vB3UZn~hrSBZN^1Itk-tp4uS+XnjjG&4ZP#A7wauCu8C ze0$9P2h~Jx692za1}`r!!{g6a479o4WaBF|_=t3gka0(KxHyH7(( z`G4X651}Yfc`P4U4W;Yjca7UKk*r-Vb6)(9J7NSYi4c$v(TA@Jp(Sw92-w(N@+yR> z3MFb-eZGOJ719j5<)uX87@Q5-T#(;$JM&VcQJ~_^zIEpCE$&n(hF)=Z@QgG#aiAFyT zs_g4iM4qiCSpay({3gNxoWaFki&Bj*H2srOhIw0G5W_Q)pJhH z3M9vl_J*SZ?<{uOP2&Xae<`LbPjs*Q!GFF#))4aCZzUhD8rQe-m}9XIAVTm_T>^c+ zz#RmN=HSeeZzRV+QaqQ!(w=LPZbh@OPzg)tR-9|1!FW`644;NdPdt~wU*7#bwVgw0 zQ{&escJcn2S!4tmPbF4UX%BD8#{QUfV!ShOrfZfMc2s2e-X+tT{s$M)8NY}|;((^jsvqj7_3#OlBX0IQY{Ou1G9yn{JzSsfb25^+a54X>qr_>jm> zgNBR1!Y7guG}VcT35~*6XU{-@lQ)$eM1eBh=lw9>Ar+zLEI=9#vjDP<9|WZ98pto@ zw+KEn#Hz6fW(Jx9-^+ta@?yV*>x|98bP+1}FGz<2l@V{y==lR#TF#F)*N>-cbHl@b zF@_Rsonr}WRMwiQVB+cr3}J}3Sly_2{?<;fLApGzB-!7GdI_HvOi(&-N=iyPZWdP$ zePxn+H%mq_fF-fqb}DafX{qA1v$?VHZu+anB^GML+Ng}JqLw%h=YK+?geBdRgene5 z>-JmSNOtW?nXm~}{cueoJ9O{7`@z!!192m-BE+u*iuG#aq@<)42j~Z%nUwuXks((!fiUPfmvGPiEz~>h@msOyRtL`>Anqv1NKe>|^6jf**yFgC2!!Do$aYtCM@_}6stVrq^VtQ5|2Gytcwf1U8tq}!^bUg|H5IXOAC zW{dhTlq*(GsVi*5)|Z`DF8G&jXE$FHB?5;OTDv%bnfu65^*)vS%a`cI`t^y5LhD(s ze4%hWKsyw^A?>Ci$U4(r3iq>>_@zNz8A>mh>_*}Y4V3AlTEIZ_y_-7ECHb)bu}&l# zqUVs5S;?GL3lv@H>V+CnU`U{#KY%=U!hcNJHYzm!S>alrZ}!Jt56hzcIx(YoqDGLB z8XqZ^4!KE=C^!ZPWy;@eON6W_BX}g-FAMVW(sw;k!j4;I?HgWStg#u;j zXE148eXq{P8^3~$6l0En`3#-J51=`D^tFCabi?Dw`V9s&$~%+qN%{9Dz_f_~-2RkL|#IVtK%mnlU9x+!8vy zjwj64zX#D|0O($?w}@2us2(!EZQ4Aw`LrF+R(Cz~`9F+*(*zl}@j)%#L5&+r6_VpK z(>x6gAA4PH8st{=3E{fgUMf@l!He3Q_a7b}er+`lQ`h?z6cj`~q)Luo^I5HIO3s95 z?WvB(;nNW zcz>$#IXXJBe6R}0q}{GQHeLNi_f&TTIuv`(rQ2DTcJT2H!surAWpcf{R3}?>H0J)<&IQUS&cQyoa;`=x;&`3FI7|r|7n%u z`ViJ}8>b>*9-BWiUnr*O`&>G?1M_%`ahTrHR>En7S4<9)hft;AscRL=6IA}@&-a&v z|HQo}XAEN2r?1y@R__XeE63|Ja{TvNlb788GiNeU=z)r#6GprYt3HmE<=`?Tsj)hw7aJ}JeZO-#m%@MNvjcmMH!kfiAob9(l|{{F}E^q|Eh zw*31IT?aJYHL>4+l!)?le1u2L5$1pzH#RJhK=XEOL{&-h=W>idMy9`S2enDmVad<1 zv-RAxoCvXV*7f#}=r{G@E5VM%u375K37}aGQ#%Ii^~R?Trw+f;3QAy~pGxZvrET5I z7sI%>5@^2=`6i%owck!#@_8x%mt4{K0m-{9BE%EVZ>?Tu5k7wy>Q5I#d7jNrV>v(Z z#Cpba!@T@J#2sB-8C;$VxQ;-hKC*`82lG7utFb>Mdw6)Puf!YVpi(`;lasy8F{p6x z?%!}!Isy6Rs_b8Enx38(s0?OK{+lMqN;436O~9>_o;ph&9v?9o9M%fZy}H#| zmzAMoVUZ@SqPIcyBt(B=kci)=M~ku|?_?~Lo{nd_JBZ6wCjp>u7VDd@VQ4dVZ*&a4 zt$}nofjYi2SW$SJhxhJZo+Z%e$x&!km6Zd3k-Mbf{HgV9-J_4>sGBLcuMu`|X^Oay z7>7YaGJwsDPdPZ8-Wv>-{R9#b1w5B_xclCG^N)`%K#~)_%_4L&W&+K%o+SR=($eC* zylT4BVrj=bS60 zk<=I}mV2Z+7(|G&m89~jZlT#QO8$Zt7a*0bG-@XRlDsFv`gk`};wF6zo9ZN>B`S+c z&Z*`v4IJ!zxM{U5DPm~l-;q)pG&}1jCzJs&MMYL$o?4xo+deC$O!*%>2Z|wyA>xki zZU!yrCOHszs~9;upAnTN0pVu`44E^;D9?dTCz`}TQ&%7c21*PJ3_&N&xHtJ9p^uD< zlj7y&WrVdKL{4bCwIxoD2=yt_;Dce&5sEm+*5>BH$6FJx@$vCTe*KccB%l)b!=9me zaB^#)nyeskF!Z3`VCM0H=Qo#L2QDsL@=VodGS0DS? z1+2sW1vj_sr$P}F3Z)7Jb5b%g8elISxt)%#E>-Sq2JlhhR5Y;7VUIG#4Tt#mT(apq zXqsS~90|Nxig~5^e+it nRcwi6p`(s;ga2=Ts_7cj$)?F}GK5+k4fvClR0P9bz5V!qIThCu literal 68397 zcmXteV{j%+u(s3?(=vxB*ntr-9y6&af5 zp@#MwW5huHRLt6WMt-IcWSm<%u4sX6ZU`fbstA;&yf1=;1atz3sNAm%Q$#`nOA`zP zg>)5y1Tn*hkBHjP=>xZLpS}6(GW(HRd-HLzQYCl+D&%ZJMmE&%3m9rl=H7|pXb2SU zZ)mdufDi-0JPY~^Daf^aygNY1zO{Y`ZbuWW$!@G_yuVJrey~6HQKaPnM2aEjQ{W0L z10TrG^0EqA$1ouf+)}F0j5RDau}1%B!v8j&X~)*K(huMO_Qv5M!yy2Pac2z`au^4q z@M2ow_yp4up3A#I*u&70ZG=X#V{Iv}A-jK9hDIGkU6V)#XpD9}8@^8npZ^F3_rE6} z9;#&Y_O4z;CXlZA3yjgkm5@b%YZD=s09}dTegU9tMN=%rB86tYdvA+tuN%c_Q2X3X zCD{xEsS;wYJYGj8EvBilOF$r1Py?y#$ILq4@mJ|FZ)@5`j6Vac)@uQ4cfiSG_s`Py z7ZAt&Uk?n20ak3L$B|G4KU}P#$sIL+3HbW}Bzq7+Lhw>x5Cx!YfdovT=6$ehV3>O# zzQV|BpczuV_fncxM5w00d`bYsAkqRnwZP;8f*g=jA>KCln!xNmL@dzaJ?0E>);)49 z@Y{Y^aAB?pP-S9fDM*!|C1U;v#NR^C3AjfH5WD5nu{W33D}If61Y z)o82Xt-cszbEeyRt!k#UF!m81qu@H`HT*S^D<@mH7F^z#+!2O-M=s_Zo*BH;K$E>B zC$Bb>w#BxpHk2*+8?d~P^#03z{JVZn4gn~GD2E}BeaXAVS9DN9;YdT7JE9QO7St%{ zKhU`$ogvr*u!;Fnq*H4&4|KbSi zz++T;U)7M!bZ01MaBIp7->u#bgaBwhOFlheumh$6#IAUcQxCa6O)o<)Q~+N9aRBKL z{WmvA4zK~(Ez~Ad(axQ`{q8UOFsyr|;Ff-sZAU<#!G8!TnDHW*|Ef#TwX@!A}@*5)+x%pQt@-(I$ z3O@Q583nC5BL=OzRJGn!B$u|X{FW@A{Ab83!aW3xFbpe9nOM&dccf%eT}f6+>k;C3 zauQgQtjdB)oC=J}Xi1GMy%e0Rj`XNhx|E0X?4*(zooSJojA_k8R|0xcb6RXNee!jx zUP^L`OOkA2RT^%JPU4^OkMYy7)-ge4BAPjL5_B0fZ!`>aGqi1VR`hH%LTZ$hGZ|$W z$<+6hv{b7JkO`mE&D2xNA~p+c$iI;sg(AxJYSL;I%I&pL>ZMg9l?0mjD#6R}%SB5x zOE;B+7ZMlq7o*GJ>`XWmIJU7ku}<<0WzFW5=E)~1X?1DY8gUw(E3|gv*M`@k8-5!G zZt!jgt_tUTE9i4>^V9R!OMb`~V6tOym|?2r$Ztw$hHifCH(pSgNizCv@-`*YPqS6IV!fih%ro-d^hAq` zj~gdnHQn&H;#y(To;M}8Sg&Whpc~ko@7MmN3grcrCYn50R9tw7IBHKBlU%h({Kv_H z+M>)Q_^~Lueo`S_U$dbq-lqMMm6M$_PUjEr)y;wbnxAp;g2eNPJJR0%mDAc`B;_>g z{9_X4%H(3zz-4=DjYpYBKGL#9m16O%j{)v3$?m8>jX$+N|996n@i)TvB#1l6Fi3LX zMj$WPEqEl9IFuXsVbE8wO>jELx&u#x6~zz}8KbE!tDVdHiH^=t>yTZ0L#hX@$>p1p zoTZSZ$(cnMRB>26+6kTpcFS0k8G%_3d@C#?Ony95JXKsqEL%KXT#iX*BVyx8FccMzRC&~R zG6rW|?q+GFg_DvvQ{kgi?u4SG2fYckN^xuPi*UA|rpNQo^Q(V>*Vdaa4*AoLW3Nt7 z-cT-*ie6ls-`tXvf4EM!^ML%h?JDiR z+ZT7a{Z~^)lSjvKcWqi)tqHvi{`K^Ky??}C|6~#71#}AiDQMbrA#S{Te(Bgv_nYNM z_A;y+D?b|&z7l@!uNO@VzleT|W{vuT)JbShn@B&-=;dL0nW$3=S*k7>DXAK#kk+2+ zhNsHsez$h|Q2sCvn;n%VGd}T^IypKRAD>glGp|douCDZS9)3nhpvJ4wx=gj2k~fqm z$N%=3@>9`6crM7X6t#-6U3D!<~h`oe+5$;Kwbfx+G{Pc8rWM^phRx1M)#zIt7E zn`BGH5hF*Q`{UrxT>i*Rd)_6tqTsHt@VST?Z8Li>g7xN3%NoJ5z&gqjv+w+|vErZK z7MJ9IW!=(`88mfKI#ia#uO_Y!^rzc8mU8F19b?_>IxK8v4=)2(Z(qEh5O*BA=K~h^ zPo4xWd#b)pzS12scRD1_M{}5d!S-*>G$-ZG2lz#!SmyJO>?DBaX+K zecWH{cRYFmEL;!I?lN}Qg6|XV$D#I-P6$T$eZQ!l<|huTVWz~sQF|y$70L5gK8xOE zCrjp!QmH#D0xbk)2^3lX7<^~_yFAU@I!!q(ZDeUgaPf9YKgB-@*SGa%eq`A{o)FpT zef?2?lQ~`v-L3Y=)q>Z}@tXFU_EUY;xU$>k4ff!d&68E!9ql#vJ@Z5KT=-4;WwQGR zsMttrmG6{4*;DR+{(1547KA%{Ou@tz)2s{#CBwsp>C5H;PzeK+!V}(%7T>3yKKQ`= zSl2)M_hgqiuUZ7s|AwLfrpFFqOYArS7Kv&S8A%YpaC8<7Z4fPkpV?3TB$B76mHhri zaDYPGq+cTf05mBdzkLf`k>N#_eBsIu&~ftZ;PA8e7J+*#DY{(~uH)gLIgz+weDf@W0pm_cQdm;xcsAmT56lo+hI}d(nJI4J)Gy!{Ah*7WxV6 zW&iBbLcPP9dU!EIaN$PPNp@0tZVNus`nJU>fToym7i{mLsN(vh361F zk25e8eszZ~px#};YRoudveqF>IqNEWIrw#Mb$38qb5gZ$xGQ;=RwA8UC4shC2D)XY3Lu73Jl zibU;_nxYUTPQSXHOh47GJX&sXK8N#CyU<7MGv4g+`v}RyNeBLw@W#gk64MLRXEzd6 zLNQR?Ci7}GPds-pRQwAiGKL+x`iDR4E1XPNI-8nnG48vrJYJxPa6EQMS$V8EYI8hf zC}18Q?chGt0xgc;Q0A#5(AfOj-u`NcZVM~I7Nqg7iq0S+f6yq*lk@{gARAt8QN60e z)PTvea;3a(!iEBp&#~Zhb(#TQ6-2Q!1CLecMj#W`*+_%%+f^FrLtcmdxYG!ER1frT zZa?AX}W=bC)*dr(?+~Y{p=2tr@y7hN!^KNYK;pDT_hBcjJ zCXy;ZXeB+TIlo7>b>gf&KMleg2+S~E#&W%fLM|RwAzq2HBS|u~d@iqS?cSFZ?u_Y6 z0qW1>jN5~@WP2q5b8#x7Pm<~FLH%~3B}y1ZEO)Ub5{@;L${e;+0dcZlLr@Kxqup0N zv6|||+Q;0=#!Ssl0h;UZYvx=!{HD_&mYmFvxyyKsA9p(;XfXNQauRyh-U=FE+eg%jp7ceWwrTc?f3WY_`kYxW#|9&(9ev^_-f0uOZAU}nKF%g;P^PZNHWCF| zax0IlTbfVLW|B!9YNMiqRhnSuQ9;TFiRI*ZEAnYc98L&l9Q=f$fld19%Tx61bwbv! za?A7!pcth|zDE$7=E^@A{-sBUrt}~UhGiO4Q9?Nb$*yGZp>)ga5R~6WqJ^eONTR#> zdJRa{HSTs~?iUrFWKekhCG9S1JwGDhe2uM&kf12-u4aM0=Yv%xEkli_*eIjs$U>J+ z6a`^iWqBOCTa6OrsTF6bJ&RMGV~ z(a3$~)i|`zrBQZ(J_O`jCQ9yHB?ZoB1dW+=dLQZJZ<1A2`6h^@Q&c7}{PUD0!*iaD zLR{0#d1!U814VM7!?AL)b)4=8S@w(OnLm@fdp$ZSe&|WXzmR6hRU3dTL3;onq!3oqxqb!exdzn8}1dmy_Q!%~q6J))-Lj|1OT;V4C^mdrvw2NN`2 zSwswh%6LW2T9Li&xN36?H%{pLk>Go{&T)<%N8_oq-CS#?=1z#K!M+Bn{?o-DRw?A| zx82+!fAiZ#M%as5}jq&!0^dxx!c)MKE0e`9n9~;;QOe&%V$B5 z`m#Wf<$OzpUs(INv-n|Lezb&)(sKt(8OuP0$s23 zF3sD(-zVo)a&QmP-l64p;3^{CtoJg1I}&3TWvS(3&Y+RfNq)W zKZQrA;)ejD%q~Ymp+@Hhi?RdVKTByMI!w9y!&6=0J=7J*A%f8Q8vAhN-rg`>E7-Ml zqn|(DFivQ6*3z1SFfNaPU&&B7)S5usF#c+}N}RD243o&LkeQ?vcG@ryzCjp+6aMFO)#cGe^6D=S{$wn zB!KGgMjUHk)}VR%=?$0t?aql zsy$NHJ46P#Z5L~;xTbh(a!n1-V-}{|L_@jFX-JeX!=$*(%#n*y>!V|_9y~-$OpSli zE&;>E--Y94{*Dn-3R1pJW2}X7uneq_xihwjpJz9A=TY%vr57?vNG{3cRTVqN zWb=yMtJad~X04mMDpa?#$=ARiS#o(nJ-%57>3M(Lm25S`+;O=|h8Afiyktoacj`kU zDF0n?Ggu-BZp7a@*U6Q}XWQwjxAHB7Pdm7>;d|!S`O3#^tMUrWy=$ob6X$y|;w}Y+ zFvs**+h4?BUTgN~;`U7yPClU5l1fIVz$G!OB`~)r++{}Yac#pmWT2E@2~9V z=_hhg6-airO;_qtaRe$dHf$q`+(~K0q?>{(K7s0MRrRAJdIT?TIRs4JTQxXB?%+T6 z>2POh#w1v*Int{A(2x%UJ)}@_g_LAoH)Bo7phz*T?HSJD#mrJvq#N+n=VkAF<1akR z*%1Z%A;x*rLjwJ~Q=-U)mC23!4gwz93WbCTh4js06jLuXLSoQ0W?Ew{WV^F2;(PBr z)>D-hL=2R!yn7^a@eF0`%iJo;XE-h;hF-quktW&hm?p-3E&ASeQreDuX@)RjsSd9F zl%BrdzGdQ7560n#*8AR5mE4oLG}u$a8M!@Pu2S8>86Iw>iZ~N4Y_<@Y(Z4}^x!1}2 znCcf1!|Q0;M;Vug^$Xb=(d{6NhhpJrJ+)a+;_} zHLt12;6bs?q=TwKGiYsen(8~ugThkF)s49&uATET%_2e=FT}4?TU6B&GGoEs($Ba_ zBVn*1?rB4Jv%}`XXdZ{%Q%}2H#za;o=1PVi=Lfj`dO@6+#!Q*`>F{Vi^1?R(3p6wH zQGunQPxdYr|0iM_-0~gqd3i|R(Gp^37X-kbDRy|;TeO4c{ygc-h-5XK@&384SbWf3 zAdOiqw=R5d1i}%{?j|8LX1RRl`m;^FnNXlZ3oBus%XcL3^*_IJZ(KNL8(fn)7zJ6B zc__q;X%cW#>_d+l;_W)Ik37B_d){vc=;bO}okO(E(= zLpbezZ<&Ao7hL@=fq0he@O?<#JLH7DW!g2ms%>O?Diymqk!5h({S^;}Xu%p%lp|tn z=qyjQ&g2moZb1;sSqcceP5ALD_0kF(N>(H2tL#e{e5*H7?HN$R?67Tt{M*U z2R$2U8ypVer1-LrsV<`zr@$l>#D>}_v>xbXys_9-%%j1Lvym?W1Y*d zVUU@A zHB>HCH5S+Om(N&Md>2V##$GWq;X{TV9Z-8CDr3%mzine84?ysz_AP<0s^Q$-wzcVU zES8c|Y%PhaBl`!M58DN(Z9qZ+ z{f6-YKe#qVOO4~J`PPX6UY|`DQ<}hj-^WJWQnFnHJ)SGdi1~hY8buPk$)AroC-#d5 zRMzdt)YYHEyi^r1_6#U}2|TPt%ilApJ1bvSR6^d3>Fd_ zbS2`SVJOYYji_JLn;USO>w@18A)rye8RPnUe}-_{-9=G^!f{WrFRULsp1NPD6Pke{ z3k$<_zjBpK1pEDsgNC9S@X7@qmcEoMDh&nnr(7ipK#R4b^+n`zxW8JF*v2=qbfcN3@XBirDpE(0J<@-=Z)1dTJuKatX^{3F|bjpn!7&LEPL8BbZ$0d(UByva1$i$TLCIFc_@vfZ@ z8nYZQ>%h5ZJX{=sXcy!MMgehrwf=F zYD`LZS7`8>GmrZ(e56JAK8HU5*P#$s>zq#&D4!r?l6L{qm%8g1K`jgzTUKw!^0Cl} zJG4KoFRYJ%7KQ%17>H$H0YAs;Q15RB0?|OAG-l^raC4xIR)%-6LoB1nb~GQJC-6X- z#N#~^gxF7?s4^v{pTZ+5!=Ja7*JbWMWrO;d-8=2;@?oVtin1 zv>~zPzL7R2dJVD}6UTf4Y9f>4ib{|#aCW_tPgg9Yv8g0wZZ%;LoR1sDl)&WDLIO+*JEJ1=@1eMK zU^OJ#gQRyXn~AyTGBheeyDs^xjh-RbR=E{~NS!Y#{wp*Ok2>j99ow@rJ=kjHkr%?C zz+{0_o|Um6M?m&&mQ`8+#ZLA+@6#IH3LoeFX4lLMQ*vf_ub2OU1Nj&Ues&67oG1_T zGMV@mC0M7mO77c0puk%dRNOf)^U5lbnyxGTS1zvg@hu^L1(7S-^@NuGts(JcfWU58 zM2ng8?((t-)V&%{MpHx2X*ejJj+!um{03_Ux*)W4l8QJ?p{{!=013iqbBigxu2U1g$95D5GXR+1ZL`!YAC222no zZQ|z7b)+~;DRhbIZ3saR_r3T&!X60L{Z&My2`k_HGsHfn+oapBt-@VSyHcaMy(Lv< z+sEHrpS*IARs>?hF{B2tEDJ<<_5k9MP?4MX_q$50Nw(Pip>3ORR z`MsqI0+4;41eaLaA05o3h-14ypCMgw;)y;AZ*B*5_|dq(N1QioOo%^BIxOastC|JN zXVAM8R&NoS+uy&Y@&w)jkTuM>kXKW0x8i`8qgWSbRq?qY+4prJ6>L4LnYHe09 z#~tiyHBN>&D1j%$rlX_#i289))G?kmrJ==uaX;ulVo~Yz8+k1_jo*9o?p=7%xYU2^ z6rFRvQ8bozJ=B{wI&ONZMQ~(@6N^9sdKxADb7S68)8Ru?gf{c+j8`o}%q2G6_XZEe z`S50**)ga64)HwZ)u_V{5r~@+PjI?-Ej1L10v@WlpU4urj2Vlk_SMOo zL?SM^V4_yNgtSM!->%tFt7!F^R6(o{)YvGz_}FS?kznNPy(}(3Q8rNdoFhgOV5FD?ISN7A*%@$1L=Xdg$ zr}>VLKrc5hyT~M%&>ROpX|Yl&7NpmPLd|c@68o}~553r2&Q=GyKzVQuhPlP9;2aK& z8RrU@0DFV{mUX@K6caz?W*JTj{F4Jc{K&SoX2?F@D=+L|Frkj2lOkKw)$l=ee9AJo zm%N%7TmDh#fsgv-mdqLnUKSOm(Jcx~sP7xjl`+}6$ob&gxadjOdS*;!`#vqRw$y-k z@)A@ainL^SjH0ei=`+TNQ?{M6F&GP!Ko@(^-{j!6o{Yo(SQiFd3cFVn`2u`5;B<>C z?T;GT7>|(ApSh5@0e&16((IkCX7GIt-HWI(^tSw<{j>{|n^qyKP=+YAD#s@Vx5m#e zrlM@b0j6GT{BOoveHhXrhpAL2nj(3RopQqGYv8JKkzr^XPHmdwKF@ihrj+6sHJFk2 zfFlwzlfN1J8tqVc_hP+;l#_zUL>;!e(OJq+{I_<|_D53<3&f)_ze*-W{OB3${)VfY zez}b;&q_Q)v7c6qRzxPv(^ao$qYma^J%NXTcHlO9>=?x7v*v^&thwpfT~D;3}wt|r!Tcb?1@r+V5Mf`yZ?nagnQ>NyOC zTp9ZBHxTRHscC;}$&z8m+J2(IgJ3iHb{Ixv($JAEMaCo(3JzV?aoW?yvfH(&4&O-K zGmOZjlItAmF;wT$4dkd6nSdIg{x3J8N^;z+h0P?oPGS`7t-+^U0}+a*gf@fmyBx|* zoJfU|qvZj9{G>~xovBxkhToBURBZ?}jr#)CMRn>keIRa9LH0cGCft>_Wb^FCRH?np zxmLHgUF>nLGyF58$Qi};{>r3+10~F|0-W@n1wQCSUp*8;-6&Q2tkT;3L2f6)O~&kO zgdczkkFoh*joEe&_MlQFy0gtrlneIt3pxzl(pc*lebi^D-|^QglhJnwGRs;sa`fBE z>hc6s>sR8^lK}nx7ZNN-9|R?bxfW`Ex_0=INihQ?nC8xeQ`mc6?@(-t?ZZaD@Y~@n z!AfX(s6cpS6%S+qA~<#nF~O>XzD{mfnd)j*GH8znF&^{U%oQQ372DJHq5*M6fu~pL zo{U$=fxx*(p*@kYf0Ja*rJq&{5+9>I5Wx(y=7m54_lu@iVrS~_K)qyXO66MJ7TXqy zCir{vF3w;6FPFxBno*+eh7O~_5*;SZA;Cak!XKYlE!!>s>?A3gx<%n2y#zgGcID;c z(Ctf6O|?plK$AKEs?c+!+;$kuDx!{@cCgn&^iAx8=L^O;B04b-`vmi_uK*gl;Z8m` ziAwq+ZENav>gFU8O`X^QBwp#tG*2ErM1zP3@!+0>G*a(+p@i0jhSgm$ar%fynGec$ z4v)4=A=+$WeaZI;H*5XkLhe1w*_j(UzxSU}fd^j8uZlH_Kh^>yyZ-H(h|P`x zQ1E2xnM&bs9K%ujt+9-uqM)+ivq*&sqTeAowzsJsaVL|vJI+(My;5t+WN}=WvlJzxI%G)8zRDyVf3{XWLN1QIj`u&ky;=&S1Bc3D zi5ITuk`XQPjz(T4Ae78T)`iw{glsnIc7jm8;(L7l>r)*L0fBvy*lbCaW$)8AHt@Vy z6q*&(rJZGY8tfD-neP0@~g{JX6pJ_*&Gxt9M1Vv}Yq;aB4G_8Na{BV1@Q4HZYOk$I?-#GpZaZ%jBN~-l(>u z)+?s9lu#c_KBhB$a#WR^pBkl5Gn?JjoTRItao&~-fkD#PYD}xuwLoR${SKri;t^$J zRx*Kk-?F#Z!G&PC;&CtDhRGbcqJPaQje%cp}_^mHjbgTU}c4`Jipdc<+H z*f;wemo6YpwCuNU>rEgK|pHpx_@CwAkTc-VFNuoW2_@$=Y1qbl%k~MM_5R0gf(PY4-!>6e_5J9x#jtd z%18gvO@7eY{|0)^$;|C^lkrEX1CPKeYChWzg>7g^#{6~DHg`iM{&`-_W5+wESVv$p zdBMNzq7t5vpBfir5Rvo)mA~qkFn*V$7yy^f4{PZ%Ru+`(YynX+@X0~#@i83zh{qe4 zq1r*x{=ia_Ia+|h%dQ=16A{O!O>bb|qxbE*eAv+4CO!};K8-^;Z(N_FwWM}fX989B zb=X}OuiIS%6=SKyYb{_davKZe zv%C-r%p(ArW2>dxdn!$pUW1A8oQj#Fhss1h?pBn~yc(fM5y}~1ovm|pIT#y9i#zd0 zMJg{S+Zv};zfJp(w{*Nr&@`v>MPK`z9}Pr;Tqk0(qZ|4<7qMj`x_l)m@M5qd4eB%= z|L4IX`N2Tf6ls|XESVYMgAtDXfs%tChYtBkl>>O}0zVJ*wm0Z;1&hJghAR_%cpjDDg+oQX z$*2GLCJn7jRZkK!UWcyUr^||PIX9CXMqctKpR;MLhnOb+!g@&Qw@E@0RVa~2=dT?c z!qfWYk-K7SC;W0#&XfJV7_2&au@B?}u-kcol&}KI+9~IKdzmFgiB1v-TMeiv4WXPw zCx~8m^`6Q;^}nj_vWCoUUavz6^WG$k?IE)He6+d%=yZR<%i+iJIr*b^QQp)~#jTeF znRIE9-1Uh9Iu0PVrl|{4%|!#N0ch?7??tMApWZHb`~*4Ju;Y^;S?ZgN(b;7iKZyMs_?(W z)k}03uzVHrDqiK8NWpXDVt7&L4k{U?mZ53D6L6|=ja?pIL;_(95-#Q3ku)bJzibLm zqAIoz9}Wf|DmFNi3_%?SYvOAWmM3k%3SAV%^I&1x;=0ti?sgAkNMQgtNSK$&>s_mi=(x#XXvQ&$T+A)=ChP-+ z76W17BgNjYi3TUT;7aYX%6hkNT`Hl_(cEpMNLqrVbQ%FN5Fh3Zi>@IooTUUjRfRYM z{RhdCVc+;sSFxkdsD)3~ZW~jkB&gq{48u1@Z)m_kKtDvZzZCh8`-StH_~|gqFZQJ* zx=VR!5G2hpAbhx@@&b@4tjw zEvTx}XBj)54ukP_U$C|PSZDiuo2KDW9C97wSRh}raI!HERu>=Rvn$VFcEW0_%+Z<3 zQViG*fhx9dgBq+tJS2q&tfvL2tQ{G*e7zTN;C^bf1{vun&KqI{J zf);-U^l7M^Vkcb6XrlpZ=y<4`xxbu!OGGBucvZ+fMv$z=Fzn8zDqF5xegjzw;mVi# zW;mCjp_2a`5vya$`X1Y9@po(RfZE>=x+N_@B!79Ly=#RO^f`bDIYLv5E^AH|;gKb> zZIMFFU=!k53IJgsV`XTSE{|9LVmMqQv<-=yEL{z>3V_tM6t=@Pm zgvu(S-C*?d3zQ_OG`$BPWCT@gP5l47?v0Cwt)NUKj&`;P9UrSKYt^t4rK7Wxen!de zjAWta5r&yQO09CVSJxrv>qoQ!#?4DxRpUfrM;;WRWX!M@WMDK_bgmP|AQHd#p^?`Wnp6XJ$=U+c6mcsfRI4reu!w(jrb}RwZ&j; zhHp#)ahgA{@<`3Ot3m7KSKK5I&tIEgp6Wf z&|NOKZE1YR`PSc)!vLguybrX!;H{Y`H}0uQ5^Cy@T9Qz<(i3QI_p}7DBHm5eV5n4A zhdNjiK`{#CO2*iF51E;er6}}l0yKNxb<>+%pGo9+4zY;^u*|u67ReEbkoEBJH!}j9 zSs80qhPkmIGRFZJGT7jlu;gu=Faod?e9}Pds^|uyPh%GlLr+31C0o;4EMRw_#&u#_}Yi2UDw%Lu3nm*aH^Bi+q}N%^;MQnVQOCvCY2EJ@uN z{Mek?Kp_|iN~(CWXyg9ZT9KH<1;=X&{>S9)EA;rHQ&aD$B>MyeSoha~N_d`OCGVs`bLNDd?n(irE_<-F6EnG;@!)Le@qCw55Lll-2@mKNlUS zG3itkj-<@B?tV4kG;UA@pop|wN>N@#K8;s6l?j}Xm37e0jq}EUY|vGz2jf=FP=xG% z!rIIS{_A8=dj~<+!%44;t^H~i^g@|J*au*O6_LG%%2U87%?X%_^wz=?V=k;zw6Q&E z=Ce@%>><`KSP&6)gBC>Qz1oWG z5&~rCzESBvv^`rFG>NCx=-T9hVzeC{VRb)c|D5UYf+NuKUe$m4+$VY`0(5}vYj7Mj?`Le1k(rM6S-%B?5vB?9yT)JPThBF9E8&c(4^OL{z#2`h7YMir zscV2%3=<1imod5_$`S~T%QP1Mw;_o=7Y)V>D%w@-nu~W487&yHjx>X9O+x@czMH>= zsjOnIV`2z)W2!Zm-w8IMAKU=b5r3j{`m6?tnq_&R8RCuwd z^e0BJA3VWc7m0|FoPt)q3?M1QU6KH4z*q(v^DhRU0Hx9&nfL;R!)vD8xBSA6Ivf*I zv>bWN2ieP$DW?`N14uyFVQ7ad{M~l15k#2cCAx0ZUh@x_GLY85(kkg(zc+6kIQ}pH zCdN!OGmOXd0&fvKv<;uuE?Q%J-W==hPG>eg5DKeDh9rdpetd{&OjTb9Bt_1WQd(a$ z(tFBBE6zx^kjJKrh0kG-C!BU=x!^w!Iuk6J9md0a%SfLkBOUbcRN@nNRA#VFc%1{$ zYv(R)P1Cc@F)|zU=hr>3w(fflY2!tL~e5pzLsC@2^o+MsP%L#IQkbOHj zuR5NSLMXuuJ|UwXb%VYcDpm#}_&4%l3LWP~`8n&H6JM38loXgYl`KOi>lj|JriHMu z+oh~unz1-&=7qRa*8PC#c`&cRP<;NG+J0Tx?aBhjt3#T`6y3qf5DX@K;DXgOWbi%G zN8wYvn-`C1i{I@ch!Q)>nwEEdY%z|E?}FU|zW$vpat#vlFg47Fc2mZ1Ge;=0Ob)wC zNFgzHn#kFol6xKYfgz)1623$6T}WX+FEjHF0yw$dQ?KU)$do2<`TrC=!Fu_$i6GqP zFzM=T(FC;KU_Pu~5~R(t^U-^#bwMNq%7NXTg?L}`+NDoArd(>oXhaHS-Shlvpsv-t z=(?+JIupFyF>}g?my!TFdc&Er?GL&SDtVw7j%|T}UqzcRx7}r*%ClpdctN0a(uN2n zns`BT01({BDHi9D3Zk(_ZxIe}5m4rc1Rysz(NcBrTV_iU5ccO8m8uu1L@L8X8a3&T&)W2f#Y?7JsVMz>x;yf)JLGiMb%N674g6GdOK$19@nOHtYB58MYXR z+Z-K0pmlE?f@ATCr3z{eF#113t`Mn(LiR5uH^`7?&GFALZ1p*NvH4hHy5Tg!K8~~l zpq%AXTo!s4o%vvvoIr^#I0XIvrN$Jm?ih&>wcQPQfyU4<$WB{YDg-~(OT9!wX!ViB zr|KWyL>D|()OoF?*_*jWNzpff2|>G zzi0aJ;f$*9sL3`oWT5*j6QCC%iLcC_ktfuymdQ>$iyur`!W?!-OtmVLOf7UCwAb$> z3iio9OnIDl!FepG(=zyk`q5{M8CUwYVr*n{?gib8b)ov8-o$cbKQ6 zrjDHiGwXD3qV81VYx^P5?qpM+VhF(?B6<+~F``n5CtN4x4-Gl*LB79Bt4vo=tV3PP zY@Pu^=j;AUEa~)DB`BQ8c4**8RD-3zj@2&+sWdL35_L%il#x`rS`ryN>= zae82c4yJ+#Z7ly;F*HXcM@TlyATG*~iex>8?HBg{#3GZDjCY|{=s0jPsCRWrQodhm zuZ%DxWk*Iq(mk{E0nh!kM-%K?UY9>TLy(&YLQ(<)M=#b}lH6hVA=_+k`x=ela74jD zn8IO1BbV>;AJQt znMQwVuuus}gCx*{MQk>^luPJeJE-`K-x}8@Ycm$90^b(XQ~(auIunRQT1OIBV-e+0 z1xIugB1Q?c6U-y2`$w(PTbkgtNsaq2$dODfmAv0J9v7Gn;S{c@-iy!_f_%zXqG9pKhY#mLD@(x=9GorKf z!$=5Pq6FUkK@%YODn|?mWWU5L?&=iZh?}?9eb;z--`y4ZuZvM{w94M3j`w>gZAlX} zLte2x=@*GSu@{U1;W#5r6&xs)@Iek}p+NBdyMJGG+1)Bs_2yGrCekM$?9rEK?}N<= zLX$}aL1jX!qz`NpqYE#r8$MV2BZ2GI7I|U+vcaq%eOcn{T+&>MC|87*$OUiKD3F>A zqP}+Emd0irbKu2yqqOwWrFo@7sGuAP1&$cgPCr&mxcaa`hqfWJ$J8STrV_K`R>0$4 z`kou`Z4?LwN3`wv;`>SDH)9HUIDEUf+>W>o^Jx1cH1jTYXg&&5KIFb+oq5UdDgULV zm9XsS&t`>xi^ev|+Kv(I^+gWH&qd$jlmV@v`#R==*qol_KYDH29ira+_-5 z({ct~G>V}vcf8}jt^&kYDhw*BjCM~|zVdlcI>oSpOX+u+tn=6k7LP^01DLq(yGAOo z>cdYfu67eof6H)3u+wd2_dwIsB6zXQc^Hv@*X?Yej)&)#>ORABmh;5=EP5DK?e+3| z^FIF{n%*(IlIQvVKCx}vw(S$!*;pIfwryJ*CmZL)=0+PQ8*Xf8?|lEC-~F_%>8q+| zx~8Y6>;39tmgG6^^Pmf;KmJ{Kl3hT?1y}4M^R-5Y^FZN6SJ{>NUWp#&4zI-xgggnP zJ7cDbHx`NJj+5pnF1X3`Yi;jXI(yn6+{H+6xB;Ih5Jz3apgnzRnmdyJ%@RTkIHsr5N@!yh~$#SMtVG6Kv9FA@5bJrnNcCac8 zCE3ag+RA0Bgk`iQU#Czw>Qni=7slLzxdCp05Fh5Bl3c%N1%LE;zp{HnrvMCn`L=FJ zAtzzzcT&E#rGOCJL;K{C_-lCI&xp>WZx!aG4-N}xxI3$^d9eixR34Vy?#;3?r0cjk zf4(xkWI7ca7`j2)HhWsQBb(k2IGEP-pabdwf8C7BG&CJq29<{TForq{+rJgpo{DHb zVeig11}i>IA3Du|r`hQJZY@q46Uc*2-&$ov`ci%Xw0C)s3&d5V8KcRof_@X!Zl$_z z$@K)Kz-sD2CmAQ$xrtyXIQ18Avj;=IJm3$6jX`_Stu^)?gr;41M+GNe+hhDI#@J7I zXesg8eoc)4x64F@{)F9>pn*+Hbx{YJ^wF{_0WfA_o2}E75ren6&$Ek(E2VQ4=)Ysr z=nQ71W`1Uk%;*-RLqA(Jt$$dlNT{mq)%An#sSAIR2fFEzizcjFisHkN*Vbqe6h6?Z zMts0vHzgV7&_u`64b=|d&w$U_<6_lTz7uearhY2i#;)~(062T{O|3ylOz|8PdtY4> z8geWVDwG3vkkpGUUW~W}d}0d>KXZCplC=Y^Q1SwYRgHT4w?Z2oi?_FY^$$2o1$f5i zKZ>HA{_i%OA0f6k9b4$25-Ex@_+`S;$jyMfAG@;UNZ{bhx{y(2Kf=b|MHMTK>ArRl zkCR2{@>OP}((&2%LVtm9iZX973M3OY`EO)afOYOPTCnP0%Jmti(DXF$GLo16NEr2B z6PKgz35Y;8JnHLy8{l*!D#wOFhDAo_c>ig~e7KMj@$h4hn8R-bR4dNiIWA!u638sj zVA)ooi>S;vjjzn)K~sI(?JEf1`46F)M=y+tI`c?`Zfml6iuD^UAj&{*t^9HfQCE3c zo26&+5ixUuSg@491H%^mMC25#(XYqyr(g4@MNqTiO{$O9L!5+Vt;<$>&p)J%th zY1)3b9g#mg6e3Tg2L8Lx>do{&^@Ic89&UeWBbzCw1+?X>48odx$Yt%BPc&5RhX^#( zQ;5lwx|s$+_JQF?z{g$=yt6u@E3DDoY{32)^i4TTHbm3Ox<}w>>q$qS{nyyqcUyCi zNQ@zqAQL<~ZvK%k2{u1-G<4q12GGQkNT-mYw+z}uX7N}Dxq|~!)>C8TJVS`}JV@Z> zX=cj0O=4U%@~tzobbiv^vZVh)#_cT(c5B9IhvyL=Q&)S|xj4K1j2WugZk7P&Bc@Fv zY5PXm9f{wh1?eFn36(%9D0KJ{k*DP4fR{>N)55MuXksug`=IAJ3?aHf-EiL^W}V@e zW}Av$H`rhIT=h;pc~s*oK#squ-3x<2TWeCZQ{j>Kb1&fiQH2Xzw_Ow~<1{tXQW!zS za-shInf7|P%yI6?Vxz05uHU|!P|6A)79EkaBvfKK9qYT3G!$eABpxDIXi6lID2X{` z*JQ325qe8=^x=T3DB?&R3-@evqxiOj(p)Ksmd&KM{r&}^>?0h9vhsp&VqhIdy=32B zD<=fJDBq0Y5o8@sa7{-tE->py$lBH2ju_pG*4K@(lBJ-UGKbGZ{oEqhHo=@0a{N9Euu2D-}AY%F7`WoX1cu; z#h@J#13QMw^8{GK3M=+G#P_HFb(X4*q|B#VsIB8UPY&eu5F!NQE=AUG#rJ$57r#LZ zRw!F6c??_9 zKMel3*+rrByQkCr)+KGwC!Q8UJRY|t#m?`9g*{_ZQB4}6^uxA}Qstx-cNhGWDj2ET zE&+X0rg6_5JaK`jO#~v!t{(pMtX=+W_S-I8M}o@>%l=iW*A*CDveBOSq{e9000Yww zql(#Y_+9AN?SQ6>@QY9odPEHcPRfMsc|#M}BHU_H8MhDh(jb#_5ZH362gv~Er0GCJ5wOraj8%l1_GQil)UCIS+akNgJx=nY>xs1DP)i?JqjKW3Y+)O zAp?`hjtn6%17S+6-O#y>*G)za5llmnSoM6xzoy;p4|pY7DZFCrGmcH1XuPT!0DbYy zASnnqUO2mCEtKFYKO0>PgG~t zMd35#5^gJk=uA;i4f8Brl!p73Og3o&0uXWu57%Hw)2WkaT*qJ%S&<)R47NLuJnJ}Z z1`~kPdEksGi-kLvP2!=-N>k_e6UTruxlew?_noW?9F|t)pac;{I(RJBOBMMNYyhZB zX9h3&+K45F--(ZAA@g2i+I$G;!3z%mo8nqj>67dnOm5HGBIn1Pquu$-?ouDzo6g29 z{I-!*l|Xb^nc$9pVaJC1rx-t71Z1O{9FR%OUy0{2IuNHlL9i;nT@-jdC|kgg=;=88 znxYOMN^BzJ?=nnszrz`C+lf5)$%+R}L%47lO! znYauSswAvw0JoA{Ic}d)lGTJPu2%sg$LVg0DL4aVIR0;-wet*6a@Cr`3fA~_{#o#c zqeZq$Fo)U2EzpfX8UdtI7L|2D)S8Pof+bbyvmPMYt*065Ag_P3#?-oY0vb6Kc)8Dn z4OFk$EDzc7J#8;RXJ4?{O#MsJ8rQ&-9iN|LcU~+e9Pc4Pl+BH>xD8sZl*hO#WWGx2 z&PWOf5{EpK?l8$%MH}Wv?+1rf&FE%(jBJ7@o;ZV@a9r&L_uTQvU!97cSVP&Uk4RyR zNWao-^nW&&LN3wR?ej#fKLqP|M9->_wX2g$cpLU>Y^;jd;DKE;m;C8=zx484p|mYo)KYBcBuxgaxr2h4QzZEkwW^U12M z&)23YVY03@Dbj`24+>Jx7s*T9HfC;;&4%O_@$=CxBsfx>0d8r)Aibx#SdLXJ&Q>(w zlTv9LvZFUDx6_WYW-=j02jg*dE!mq6?V|o+-Te{dBGbyr08iBiOQFnir&oN*1%L@B zB%2WaK?pm-LgWDY$O<0qn=!|f<-{S7by@+th6P}qazv5-e-;3uB|9aBI9`e9oi1&B zCm30twIhKbighpIZA|ysZ2!g3n zDsPMk?1w)U_5@e7{|Qrcc;S$gn=Xdi^%O8R6@0RmRxII;s?n2bdfEi6qg^h21 z-!J}7t5#4zs0#6jXy7$L%*z1JZWB7%7*;h2LOHIYsI|9Op=(9W4Rgmc1U=ZuJpCrmSi=~8FZTRGS0E*T z1Qt3#(HXM+Oq5yxD+GmC6A8i?^hrPbaY=5$Bua)=A$uN|iaU(yJ@dO=&959Oo6U4j!eb=8uy#w}^f2*)M)oxxia zoIBy3^;_%h_j0Cv_F&UJ%{m?de~rBJbkq@BH~X)HitjbQ{TB^pyVT834p~7MoVa<( z2+$~r8B@L(W6L5Xbd}$@$%I$sdkL-uVyr<(w<3ue)dJ3h&@Mn60~{B_39+rN%*A2A zN@5;j8a)%}?yxV1=o+8HAW0oAOn#gwv*D*fv{a0C)knkt>A%ahiyWqq2dYg^;jm)^ zO+QHpCAGyp?7^8*EPAMgMRoYbiAerSL^$dPv8e;zUc?SrqXGz*Vx(EZs`n}-K{*)W zT#^D{Z^m@Vx6Oc6BvM?#9*L4!`H{;YWXR&l<TR=DQ@8dNX# z_16aUvsdNlyiea~l&jH_5v(XjzhFcXZ&d?C>FD~xoN0c=cgun$SIiH-sx-86>_)&? z-2@9+0Bg#S%k=A}J;c zwq!zeL6`$PraS&{-^KVtM!#ebc5x4#U6~f@F5TZOO~ZC^v-qlni#0Gvs;BX=ekck)NzK0k( zvEsVn!Q@W~8smM%{He_p^F(gdDxn687*srh?ADdwkTK25>#GTA)3c6=PdeWvjW z$*rv8e7sM5?>V^82O$Xuf?D>6`6P`?*-S}~+u=1HWJ;<;XU!tt*#4rB>7=XQiZyOc z6)Mu4x}`uZ0*Ef1k$J3uQbEInXk6T@`_WCrm!}Uh^+&a7VF97A7;&ucUZ-_W`Z7}H4zKcpcBAWoRG%zj7xS$W79NI ziio3+bU^8&RQ26M3`&6kpO-WixLQEjBiBm_KfE^SOx{`onPmOtP?pXTqSujjcAD8jP0yMY1?lT48VSD~^$h3f*6iu9B=o=z zb*hq3!9A)hoz!KOTi=a4AN#Xd_13NP4b}ygl{L$Xz&${HH#h_-i!%>+Yk65~JcJzR zfwNN9QA>IBo3fXpw(R5gag+58o|hNd`7kD>thO??z>Oa!$5e*Nkh-N>{_zduGE^v8 zCgJ5=ree9o-E$cqGkz+bzHpfwWN;d(yH+Xz=&L-S0+5WHG?H4cf$F_+bS{-_s0q=wTMGM zVsc>jp%4|*E|ik)1wq=szQ4MBSYGn$yA|@gHjqONkB}Pdq^{KRfw-f6k&{+HndjqQj#!#c=Y$JE$$>jcVAPs0IsKCdR4+U-+*{sq$21&|oTLF`WwiK?ulH7!V& zQ@lylsaCNNK3NErutO(wIZ^C)yj6 zhZR`){IMKD&e&bdEk48mkX8tuBazlJ3B4piKHv3e@1ZqpR4IN@=qFw%;IC+!@j0^~ z+`Hys)WnaFNj^6V_5lh1mu3>PK_piFlVRPD`dQP?Hng|*Y3CB|65@rxtNKl2M!>W#ZxfQ*OEMjmp!Se&K~G+Ww;=D^nPrSC-#Kv@z4 zX1ZqNnkoW$6tP1DUL|g_jZo&#xku-_dV~YZy79ok7qB3d_!s1@o?1B7_-w>0)>f`j zdK?4cl@{sG-b1~*^EuUYvtU<^%NjpzvFMs61@tkB7d=N*U#fhG!0`iJgnSwfct*D$ zDRZu(VSe2$8cIlSWx|1&EhR5Fs544qju-}(8z<0Jyyc8LWXZb@H~k+8ZtG3|A{v0` zoml(h5?wGwdXQrh{-4C#6J1c1<#gSGXkft&z3Ub zgd~#!EQxY)k!3;J#B<{x(Wz%EiQCCl8|T#8qM!oa@G z`j~|>1!pTzp}guMk_D21ptg;mpG>__4J>)F>VrgJjt2DQev%N`r6o5K(38XnBIMGN z^)8MExB>Cu!K>yB5@iThf(VmRi`BdvFI?hDr$6@ojTLtvT>j11nf3zwW$@v4N{<#( zSc#4ckO@TEcQT}HcxZqs++A-B!|ZxryF0K5D=g{;FM3|f8KU{1Tr>jOeJdanvZ zA&s&=Z^F3{l_3A>S9qEnNYz26>$R#f2v}*uD%Rx&>*%rVvGRO&dLXD;-DBH8P*Tk0 zrHd*O5%Mm1EJH@GCKTO?P5-QMryP;TsGFT|1bqAsaTwGfW&SKS>JH zU|mmtNrmKwP%Ryl3+qx$PWtCyC`^fP$FDZta?JH#f-t?w5!m^%5*+XhB?4P;OnwZ- zujTfjy@5PI$dEo8Q)q{H`T&Z&958A|M8#@qc7;6qHG+{ejeWFME-re!R;t)+`lhXb z6$1*E&|=?Nh^$5 zs0{o4zOVT1Xxn=8i?AL#AZ0g zi(XS8bZ0|M@L*ISjL>gFpl@PDd{6W+KxEaUIJ;X%o$M3p9LPYbpXh|GRinE?<^i&3 z-Q}WAKJ|6mM!suZCX_*eEeQ63aNuBucfU z1CT=x@HtN{fa*T^q|Y)MK#wCQ;$d;{$mJDVGB8Q^9vr%+zgF6iY(3&W>hf)ei%E`0O5OeoK3B*oN$}>@==#-iyl% ze%Si6P}FNEIKKinJH?P63Q2mqbx8tR`e2F#j_R&UCIcjh()OmA+w$&Q>K-W1O#j^Z z=9n8PSr$?s$7S-8S>ruUW*TiZ)2=6_xP6;P@GX>Jt_|^t640KNOvKx{okoO=C&yi2 z3E@Vs| zlPC7~T7_gYF2H^sLtZ*~%#_3QE#wU@>38wXnj=oZ^O9(@?4cb8WTVf^b5DyQLZ%o5{s z_A{{bMv``Yr2RxjMl((*mnnX0lIM*uE>c2Up{|WwPG}n66#JMvo9sw%Kfd1*=rA945wk>3gdmKX#*g{+x3zZWG`p^bAWXiY41Yr&_X#ah#^X!pt zCQuvGW>!xr+f%GBRCT@021~z)bgz^;Y+|wJ`o1p(HJ@l2Sq=>svACBsUF~c#_V=Db zz7L~01dlEv5-c-XRa|N8l0r;#i<-!|gL!R8_uMZ3T%GtsW1G&W2qnz1U?yDOGGo2F zt+mZkxapgBq=f{Xc#5%Lif%WaPWE&b9po1h*LMtcB|A>CNrL>@As)%(p^F$Hv-Q=Y#5ciM+L@{+7xoAy1$qb5|+vOgzD_59Y^^wRajqzqZ zND2(}w-3K|R$vy?#XEN{{jMk(F>s+-rDce(#GwJKnk=7Eu< z$Kal8B95iXelRX`^3Fgkx(>I-MF1D%&On@e%h5ZG$uY7Cl6NMy?670>;QxbylHoOIyo`r& z!WJ|VDg)zs_>uwdwYLPs!B$l5w+CJCmqWZDA*I`Ov)64^PZDXeu;L)?Oi?C7m!j2m z!+N$WhH@XXtj0=PJ|K_tWC+pCR_F@*sD1R6PcDkeHnHiGbCgsd1L6B|a{WKF3dwNr!` z6a_b7{>GQhk^33l->8B=*FX3cs(E|tAMe60iB~vg%P+4eG3Sz9$Z~uo+oC^OcA7#wUXy5+z zpW#jc3_;~68>DsfA4yP$`G0%Iovp181^*ectl)Km*ykYIV}AZWDj~?_e;~rC^70=~ zt^XMW)xVs2Q#We%{KqoPK=>jV>M}Fg_g4OAILiKVI?WOMWB)&zVxs}=S5z)GHfKWr z8Cd83=d=LM4$JXBdgGz^S5z7D^7>ac{~5e1zMS4E7}t9JM?Yl5`HHI9KyTeg`9H%n z2Nd=ywEoIb=-uY#f1P2ZgJ*0ugqjm5qBM0j+p+0Zv_lqn4F6`1si)RE=Y#jZh8f6E z=qXV&l*Ea#myk-tJ_Rqw-Vm5nkf341-So{@wTbVvSjtVxgqL?(<>kNT>Uf&I`fNO* zPMRz$YfecyP;Y|AzY=~$7A<3D>d8O5(OrmhsmR(Sfls%t!(@@kNteYd#LUKNl(Bu* z^8kG|@V|R%js-=U3hN{#{t|yqkAO@I7iHxkOZITJK~1H9hNXkP z&@nu?P-iP!+x&lzhY`~W=SX(B?X1jNBED6qSNZj^mEI9*o6%a&i-kp&dU@3`=@voz zqcj13!Rl^*hE`#!l&BHxcOo2274-QlEXS(! z7zVBC`otO*2HpQ7P=W|m0Oy><3DE*OG+aCm=rZ+VPF^{oB^*qqdjKf4sG(!%tU64B z9yG>k%3svYxBs;xb%h_MP@Qn3PaS;FME_le~s?{qjY+g z0Ls#v5%8D4dyvswAwbin0dEQ9n^w$&e@Naf8EG~BU$5&hi|$f?GJe~n@}3W6%Cj*s z0YLp_?w+E%Bqzb%W?Z3e{A=;wKq;31>mH*c_6npjl}A)L8J2<@xpXo95gkq|Upb}c zX!>;(sH80D)}WhtVLqH5L1O~yTcnG}RrsNR2dp}#V>49Zd{Ire0&DB^;0)?)Lf?wv ze=+cS!ZQYlI+Ml$1hK>~m{M^64moGw-rGmXYpIad-{LoU@Amx!ZDSvAbJd~$m!hl! z@Qe({Pwd4hPb2Q65(zTCJX9>a#QJ4KCgb z28DxC^{PB=u=|O z>?zPZ&{ZRS1A}T=la*nJ+u6bJRjT(|u?wknC|{W1pazPUuok_2du@yBdrdpo31FEF z>NP8dfu%z53vukH-|H0^I4~L3o*<{cdD^1!Ufs5nW&9L3=X8DGD zuYto)50-(X_)0)CN*DT`HvT*f(q{>+E=-Xm4f4%~nI<3L-%FZ?xST^?4`=QH`epWw zIkEG~+k~IR;C3)KzPZEoy_85Q7p6f16wgMj*l!SC>>LDfjE{PsZ6`W+UF?V%n;lj9gD zQ7v_9@Y|jZYdw7EBoAiP@@+V{rYSs%ikh>t`TJX03^xe%Nx_AF64C)5Ntpikp6(un zyMx2wz^aCsGmNVYdCKO0M5YLTQMl5WsP{e`L!(VOh}tD9c7Q!jOuyvSm~nmQ5?E`(rsp<2Mp1 zo_AZor#MaL32?cq6VZk^!53G+ac)xCvjG66(56)XIV`L_u7ICDKv2NVI`QC7XMKz< zYct&m>z>EiF`*jZLehrvd6r-uhqiinVU?2So8VbHu9*Wei4|75A!ZhctGV{}pu^cq zS*m-zY~4C<cZ%IOZmhgL4DFLyVsQY&L=WF8Wztt%KP|)dm zQORxHMvW~~%}`d=KDj!H&$9qJUypWREKsr|%6AD)ToeBp3AI`5hxJ-Ez)5z`b0;mh z&w=js`FKQE!-rbMCgDDC`WU^#Y%KA_)jPpvT4~Vd3@!-Q66Dt|4Fq+<76`2EP)PMZ zyy;|WluXZz+kF_y!dLaqoMRvZ1cFC_Qw89^k!bCNXa5cajUvvYj$s({_6Z2n6R$~F zr)JUrK39SxUSld{5frZ9-vg0K{E73kys@k)nR^wq+L|3icdplAXfj%3%hDlP*Lv(@ zDu~BX(q&-Znja8KDWVVgZj?l8!e{d2ByLeQ3oi&qN6F1kKBO!N$qM$|(U>BVt)Un6 zV^Fi3_z?jBRX{{=&Y_|9X#xOrATFr@lZ3NyngGh$@gCjrI?5NL|@H0CAo;7hVIxSH(Vx${)w z_P+N}oI%)L6IqoaFZq-Z-otS-#Eb&QP&~&g-H3^&9oA=Qm$Y@KXLD?gHBbAhPc3_nGRCgLx)2T(1>4f8-RX|qDS?&B%)Xgn?}JUuP6Z?= z9Wv5kXj{bNS5^A(3w$dpm9iQ*i64((ufT^?$6{YSe(_tH>b_u)CJb>V{wpvvHHkD~ z#zNVszF+MKZkAJYIba+UyccPlI{%yEEWG(SL8G`@EO!y^)*19t7^pDVowRBXNJO?n zwB{+ueJjWv*44FQg`E$NxVHA}j_dpE3ETF8J6s?3{9`!o$#IT%T{pFq01mw$c(aPW z{Q^I!6arT;VbyJtI?;RUQ#D_MIzJ2G<=2)ZE06E{3<)!~GTCx<@Dj0;`-wl7KhCQv zjHmBb^^J(rREQ{vQ$|dpJLUf0i)wO!{Suz?hRi{?F7A*8?V+cHXEa&r#Rd?a4ug~8$m5*~_2^~kL z+D>&U`FWIbB(MmC19Z;&1SdLAfDp!NXRJm!?wlx?I^sd>!Tfn`#*GRB@?-%D=0J=X zJ`xc=r&If*I(s!Z@iWi>!VyN;fV;d#NOP2${(Casi~Q!H8(HNs)IW>r$E$ zEUO7?^X?@P0Gl0>U0@nr4CYFc2l%PzS>2^#mPjQQo08bwC1&8cO+ztaF=>2T->rzJ z&p(={$8x7rh(I8V8e~2@n@+d;yMUoSlww#05n%SkcNe-c8P5q3xJoyXRYX2Hb#3S{ zIumNz%E}ZK9}Afm5HM!FTy~)yxhBHUnUh3y`ms*h$FPF{6RruZc+cNLigF_SzLrRZ zTpd-zy$FJ%LD_lKANltjYRh39D6aI*k@bgmo$e~4dl*96fn98o0UicIT22{iC zsl53N$htOk!lgo0`TYXWfRUQW%T~Pr@>B|f{cCgqpGbLJ5Huq0(B)$?y=fd0=R8hupeM3>!??%Ub-6y53YOh#aOJ z5Nn+7gpmmp(*$YDhhKeI5k_V+vv~s8FWe&wC#>@%Sn~!StX#`l<7hYv`l+CK~tf zBq;>SVORddNv@|%1cTAfC!^;96xLXy5SiT23+!Q?F$A^|LEt!GKQz?j+fmliqXH!d z9s8;GDBh_4)hEWHT-9+Z94%Nuu%4_HB|!6%obfUZp#>?e>V7sawd*O=$fS;Ayd^UXX_cyZZ|L>TagGp3Kw2ew_b zV?%vkOWQlakb#L8im|3LC66eVKGImlD$toVu3C7~c)_L(qEvm(dk|EHzXmS}ym^NcuSgR0uahp`gP)~=w{c(arme^t)MICQUW`W^Q1p=(5 zVdJ~iK0`!}sV4<_8#xq<)Z=C`Xc9vfDDluPm5s08>U|n&{1mDw?UTp9Q$%H5C8tDB zvo3DI9fw>EFuUq(gc=X_K&rBPL8;F!rCv~F4I~J@O2D0m^AOsxSy8eB??T@pwrzT!&NMebjaL08#P{V_~v**i*!mXYq(cisP92DU!Y zd{4B8FY=BM1h?6xsTkcw$71PUG`ZwS89!dN5E<&&NBOB;fbVFvB6mi?{(6MK{(3)0 zb_31DGDq;hwjIBihFzec+te?)7X${$Y7JaI4STeDquO=Oh7CTdOY|msh>H|we}9HR z-@GXafi0J-XnJJZh@!bsSfsgr|HB?q^tBGnE`wnCzW5}{{LwD&wX=aP6x=@63&$9@ z>@qWv;hp%wk6e&{F8ZS)l-3%$e~aR!t5@{4;t_ zXJcttH4T^IsxMaQ9Ly5yEoP<5s3+-2R}H`6uR7at@ySW90l=L8^2tC~BT`f^%0c|) zY5TzElc{U%5oPz(;f@Qa9)L7*-hz=x6fr+#64(?%if>{;l7kobA5$UBBG;_y@U_@r z{@t)Rt2E{p;JMa_t%cL`j_N>fUClwglB`za5s5`M5Bp=C>*V=#2 z)B-{$_LjNsmr&a3hI!{gsXyLN|70Zdmq@p#>4=Sb#Z$yC4M<4sku7fig_O4IHRywn z05fy*FyiWKAJN~)BfH;Ul&iii_luIlK49HlB3pO?{Jvc_9d&^ZiZ=LSVxaWilxPsK zB(Uj$*{H?+c&QX-V%4qn2BI%Q)pma^iQWbvxXB>`51KU7{@PqeM>0M%DQjQ$4#(L# z_UUsIS0`TQ{W5UMI#J!Vek|Jjp=a=?3ez^Qu|VlHZbgCz{YVFW0znxI&2VLg`c0Fn5g9jPrgA6wrhAEzkOr@k@015h6J9vq~P1L?sFb4i3g#> zeNw(>W5HtkbZrSm$1pH$Xp|CCZwie|+UT?7@kJDV7LV%a^^nm`@)e&_6fUkk@rv$y z*L2@_@T`0~e#Ez6b@>{K^1lxcY1Ou;u3gfrrPs&k&HwOdPs3k!M}WpJZ&0ZL28W~2 z)}fooc2#@f>JCs1%SIIXPj40Rvwp$l#aUOwHf>$isQ4@y=E#YKze;BIHS!~Ksyx~d zqq-fE-Y#}%Wv?8Ws$Dy>bWMZPOZo>!K=x)iA9@i=owJR1X^(N1(BerhOxzQ*Y!+-h@@lMcG) zK)wG+i>Ca|N6^H?SP;?2%UD)$6Y96ZYu_i%rBw)pfA~#he88Vz?T;SfgN($_5d9A{ zGC@WhgMBX8h`j5%_yYbj5l*oCzioOAHLS`LeEr! z(4UTB?K)tb_;J0JW}$BH)hg@zeE%4*Sy%pD@ayc5sxH4>3&M<)oNt&y!g)n%AK zDsqYQYNc9$cJhja@-bH?dN8YGV$wlpSmB%aT^%_^qVl;C0)gYX2*8RSSOiCVJxbGe zsENZ0as(E5*i>(B_G)e)=@SO>`afdoTnC}2GPl1-h&cA{yvMkIB<{4NeK9wSct1R# ze4Nbom9jH@=*zQUw4}YGFFUeV#;MwFh_06Wue1}flvamwQg%L7&pw+sX)NsGVp6S# z%bWsx>ZDL)bIKB$my;g9jzpAv&HEg^BKfHYve4j1Yl(qd%By8X?8#%RV%mq-nK+ue zKO@wzX0uYCm=d5(m=(TT!J8<1iCy>u#Lr9vP3DGZq-A1&4aCxI$`e84xgDj6h&pDP zMoOkopg7rLu^B(sBtz&QhU8Q)a%ukCG)sT2-b@Oh znqL?=4r@tjUXHvhxY?a_#3#9tDm61^>`L&)iB*NBR;}c}q*D58v#KJuTQ$d9_~zFN zu^_OpNeSoGCMsX#1r$q{%d}6Loc0i_f&i-8nOeRxE(7dZ$VVl zE~^-Lx1uANx5i8Uo4^4Z%~x;C<#ShrBt{F3>QffJQVZNGj^k;E1vE5~x&85pB6MA# ziLh*!rk-bvi97bP{lFfhr9Ml7qGivbwg{p@9-IOD=q_Wr4ID5SjwhnXap_^zsnYM8 zENE^P38IX;5nz^91?fkDlcMsJq2GUjN|PmlDvsjSk0-#F_~ckKf@n2>KSZ0MLMEzrJ*t|-g;;JFpKk>~wstJM|vLm^# zKZ8_O=pKU#n&w7MGlT=6kRN5)pkD}J4S$tphl(IGCDDhg;;8N{5tuaR%-zxCF!=2*3Op7_ht<@NwJZh}p{n|*-;^0YRPmjI>1(fnQtpeB z7!heH6nv$)LMSe(k8ypD0n5P(GalZ^dw?KL0Lh<@^(j=h$K8KRj!@r|B~K7{FtWtU znYSEE_~7UxPqa@T@@W#XApceb#Et8P?^7Lvk^|^irDs@NPu#s(KElbj&VC#Y_3tkE zv6hBW0*~0hAr^5>`1zR7Bfj~p|Fz)s4AL$^xtpMm1>E2fFGzB*b@6)tGAL+KE9^V= zzD)qi@cqIixnZXYa=HVq=;V`sHu=T_4NP~vgQ+fi>8djThS~t*U_09j>fg620M6&eBXSg4(UEfAg&t=DVzpV0lo)RR zbDVs6=NJDVNFet`a%I2?4q}N2VDnBpaNjy-5F3m(wireDr7`|IaMAW)cEjrmX3Qln zn5gS&^fx@zJKy2_AXMR|)$s7}A!CRP*|sT#zQ=0^5jM-Kj1l)l8oaI4q}pzMJp?iY z1ia-mEi+A*FhJO~L6v~fTF`jr6bmk2St9r+ThVi*JE6Y{4#7fY+NF~y7u z?_2LIyeZ+VS&biJ-I4ixou*Rh={Z52(|3#1iT;0P2`^pwcx~ctuD{sSf>6!Gig1HW z*QkKCdVnA`)aQG8B-yFTOkJeT$|T4NI@WM}??0T|Prp_w$34{5B-D-sD4OHO$|^k3 zaktemf7BS}ApPzw2~f?xp8$j4Li*c)|HJ64>=W-j!9cOo!!)Ji>XCunSN3l!B!igrFkm`|70oR6{N#Zy(b-X zizr`lc1BV+-mM(O%Nu#4^nZ=k)#r@SbOQqAuFm4^|!)SV3O4rAJ zpF_$tu*JYB0hEll0BaUJ^>_(IC zmK}g9VVt{6X0JK@SX-(FuOQ>UI^KA3zf%QM!Ne~!-799xd4B-069~G6UviD`qvZOD zPiWS>EnMy~(kPp~cs+|EdqHUH5$sL7_(mW=nCiKn&lgS)jfU0x`?Th( zRlj2L!n~64VJ*{C-k}79W+y*d?wwYE=^38~(5JhJYf;>UQ?gVclcBxrULX^0FL5gK zr60emdxv-oFTjC9EsSinx(e&@s&NgEHA2#yA_dw*z+Pn+`7c43Leua;*`qNDhFV%# z8MEtKR}x^pIQ|M#TJqW?mL1lL(jBRv(bJYq0PzzFB&)!%vPNt6NiFBa(^Zyx@=653 zLcsH&R?E``Ql_aMP_aNI30+qE|G4|d_ez%U@gLstM3b4=$xLk9=ESybYsa>2+qP}n zww=r`=bZQF`#;?GwVv&3cX!o7Rdv^^)-s%d_m;3+E{~_UO`rWufa#~-jExpY6x&hk zxsfZdhhK#rZm*G3X#tx*C!#on9-8Z#%U45h=$HddCrE|&nV+^d{W;X&cl4{I#SObd z<)-e#QSMa4E;6R)SB>C}3cK|>R}OQ`wCEVvMG#6KWA7$qENO6At~EADFq-W}w6%mK z`$%Pfa}2#KQ6nh@Jv3EI4jBWrV-=zPO?Xo3KA6i|F0L7if zI)h|s%U{pGI!6~zVziO|48I(SzM8a_<{ZsG%6vadzs#QD&ttKJJMzdztUxdUTede<4@LqQv0Y33k zLP_aKlb+jjTyS>!L`0B3AFTp39)C!$#03t*OH${Zmk>-=FW>uQImwK#ne^!Mhv;V8h=ncx~RUt<1=$pCpn1?-r-#Y;tsR&~hDOpR5x( zP41=LG{J1EWMiR+CPMl%A(d-KkZGn{XbY%Bbo1C@Z*do8gf`@a5WLFMUNc6^;OGol&1dXdb z2DVgLLUL)DGO}-Zqg7~J)Y}jgfrW=@r)ZDe*=#U4NOFapyeQp#+!#DMj-L^#OYL#o zWb}?r#*Q6bx#+j15cUd8?ye|Pjh3qVCu;-61iuK$LWM%q91~BG8)66Yb*f1`OM;Yh z!-;lP%4U!(7b>(BhcVnf@>2LKSsTf_5A+q0jIi6lMe=S>DxDJGytbxgz!zYC|2pn) z&h8`B)7;yVGY$*WP6aX`o0%rV0u)D(g^Br;3tQD0*jMsPS{*D%cP7I7{bXaVl|)}D z!98S4H#JV(5>bmJvCVqMHXc|xw~%q^vSK4~tok{|=w)scBgpV)!W5zHj0!)saTggy z@Ju!9?6tk$-GbR6LvMKJh(f^U1%Y&C!ms!$p0lpgkw%=YNxZB+we?t)fit+(-&Vvv zdB-$IEt~gCy7}|F-yx8btLFjeLMyPoID541!e%J}yyxu>v-`t#B?Q+yG!?06y~};* zU=W~RVkF`70!unB_#3#_<~i%uuq8V6Re&9r@=W4&Zj7Q}JkexsX(%&RzIqYkuJi$WYqR;0SZ|AxQv!0Sr@|}#{4`uG2OOXjR7fg+LVx=R_6$j`(UOO^ z5KG;@8aVa>;wwFb#_oPMVDR*x|1_kR%j-$2p8}iztMq$Xkki7M82*ZL zvw&=i++PI*TC};3pNEK~KfZ*P0H(jeXT7_Gdh8yK%r3_buF1@s|1{xKA7}AnP_>}9 zINnoF*a0TtA2t3X)cha-LZ0-7NaILW>6I{rj`N^WNK&hP`pk6q_v{D<_-_iOYY&D+ z8YZ;=X|Ge(d!BK(;^Hk*EerMfU2{TiVN)+889wu*F>cFq#IEmlQ(Sp~Bs=vU4hR7Q z{v}`KzN-`Z=b+EnTs9}UoVH`z&9+Xv%O+=j4z+5t6)^6bsyiMjDz!=e+;=s+bcDXz zJay=O`A6wrYG;5ECFk4oQ$|Y(nBshIJ$P*pQ%xv9D%Jw>_5`VjhI&?AO}m<})orRd zS2VO5=A$lkqF^KZXX!6ntHDIaC)$KxF0EF`>&!Zw7G znHb}7>EKM^Hmn{@D9x3A(D-6ntfrAFd_(?6bR+`Ly&FwBv(tU-5U34qC-clJyZtHX zS-j<1(SH9uZvWBv*QD(sVb(TC{r^1{5;>Yb=+D^n`8bqF5gSCjtQ{Y6Nl$&4Dd~UR z@&Sd72UUEyRm*0C>HGfgbG{)bgFt|0k9&*ei2rN!ufVuR{^m{36~Q0zpS$q-V94MD zM&W{yOaIa9KO!mZ1Ncf?M>_vsWB>p0CWix&5fBuoSv0Hdbn*XB5wd_ujJd93pfHJM zjkrAwscX+S|6&T_iWU|9ht*wfQ$CYcJ!K9??5~)pHX#MXhpTM9>SLVMg&XR-+DdmD zUM3#cLz1%ji0RWAp21AGF{ypAxN^Utz@h)oh}*l!02!E97D~%;T!{b61t7zQhF86J zgA4qAnzWmKGgAr%Bgos+K(=Mk1~Zmn0P4SwV;UNXjz*%-iurFq{vZWFqz8()Wl#ku zscW0mBHeJiv&~q6)szz*>ey;I@`7+JneMV2Dyv5n!bJnN*W&zmDSYvRjIv4)Z5&4&i_*lBE=EuF|}Yth3X}v}Gm%>*$+wnpg?~1DI7Rb{2M- z*SISfFA(YX$l*i(%1D*ny_*Aw6<0g-w**ZvOZxg>oQ9%>O{T^|ronucb8%msl z32@=fz)-M7YpzA*IbDK38_dPl$`9*$6E6ps&ywG+3Q}V&2y}AeJ0mi+qWQ{G(d_E? zuK#V+S|;fAx|*%#IPB(L89QMKO!hWuI4qW)3KMMYH-8*N6Ne#oOZ)}HmP76`ZQVvs z%`i)?wlyucy=q5ppq4G|t8E}Nr8lSzIr5#`)X9MRV#m?FGN)=h$Gw~cni*KJ!kuqW z=RYH)Fd45T9_JE`h4JvZ@Kk3#PboMloYgMo=PV@WT%8_hT;)C+hx%Kg>RoWf%Ca5@ zb9pU%nbX?rA(4`{y7`E~C}K!H*Ym7>;uVET`!Prr`W~X7p5A>4hUh4pvVH&L5^jSF zKUY3Pd`WV_tgS>Ll9GH{y@TcGr1o+3ZVpakZS%}+tO7suzoSGlEQ|t_@Su^B5HH4A zJ*L;dz&ljfN8%=}1&{sKn}wKtT|una86JAA3Z>PXHgH2N71MGfR54L2rXk5LN|e*0 z#-Xz36uCv403js4f52Y?k|016n>SocXwew!k$JU)G<~JxTWD z2iWZIld0F~1yE_vm@#3=Ev~K`Tx4u4Zn;mkz81`4hO64DybK7(8<$V(jnSV`mZa;$ z#|kP@X?`{cn;KL#Eh7lyJP(AT9gt`XZZpt4;lDJZ;()AD z@9jHUDy3!kav7h&?ln2t;K<0N-V4MRcx1GfUDV7C#A#ozInsuLCSsSfyLr% z&@plBkdlaLq0rHs%R4+=#q!VUW5<1Hg=R}HJ^SYRG+~HQNI}8iDb9HvL6t_eAh+R& z$}D}KYDu#mbL@!dx35AvC7rhcz6FL+BZqcMBq7Do(f)C9n!>+Flevr#Kl%{iYE8 zRdt$i0kuHcTo2115WcHPomMff4DByvj10%YriD&Yh*u=U+IHddmXySljsXiRlH=E^ zyNUld5PvOTP#gSxslO_P8yu|~O5$PGKW(|Tp?htfo}QhjbJj@VSu`bS^B6Rkmeka0 zopw)ivoikn4pDy#fOT3JgkR)Zrr6TYN5a?wiH~WAyM=D^99me+ZhX|}*uXqHyBHi4 zUQsr?FgQ|;vl?$fMe?eP4ub`yn$Z2tiF!bay_$VJ(2S~#u93&7JI2o zjTR$_T;p_Y7q1<+a1tw%RB0Q=M*&(AhGzyWGhhT?<&?^%I`1Q(8bTy`?c}@+A!rB6 zmCRHfljQ|FQBxua#?mEjdgt7FCJ{p`Et~EhYwcjLhbUF;a}V!E%)!a+>a_IK zEmUobOjgK)C#YhF^d9HDjnK}caYA_ZFI!idWRMvuWfPa9NPAlp<1?em+%v!1-*FcxBm)%efv?ElJl+B?fqlxp-1?(ne7{^f%eWNIxRw_Bc{Q zu2`M>J-#+av0a?hdnCkD| zb*tu3qQX!j^4_qJhhrPDd=@64B_;#o7A0mEoAvd}3UV#6Hx0R}oL0uF9My?kS7A=d ziOwc4)#Mh})vO~Xn4C@}+bSX~9VQUFzdS;|_4Bl>pF*6hW6+c4L-BJ5k2f{N3ju{f zLMe?zFDgX0y;#>>Y#<6Rm~`pF9U}lUUbjMZD;y}nm({e~x=VFA-b7LCqPUYhI;ws4 z;@t7!nDN4){2tF`UZgL5LfGlL=%a8-sQfWX$yHz7e2Xxc?RdQT9GR{!z(slFoeolk(4K+rURunzdBysOVKR zeC7g-1jY5;ji;+^MfIwRpN4-2=B`{aQOw(m%B0j1DN6XO8iz+hV7CCv(>Nq%FS?Z3 zgDdf4yYRsU$#gIZ2@#d3a6%6ahM`DbW3TIH0xe;W{A0enOF7wQz8lif;M1)fx3!uN zw1{K1%!Jm#-Vi@lCr;(uIJ(=sHDjlVMYTv5=uxn>wbLHIS%Ktv&j;%cJTVRxJ2AGM z_Rt_=!{B)?n-aTz=@#+Vwo$S&K^f2PFj(mwBA4})TwdGGaogJ`HK|fu(Poxv&3yariOU(Ag#c+$IKhk=`CwQJu z_#qgtzn^q#CXmnTn*09}*74FwOUQ|YFQ#o|bo(*IA2$#<(k!cjh|62GRN$^0YD80j zZJe)qnKy9FaiYA{bQ^RXGeZ)Ox5$byD6eV}O|54Wm^udNiJTKTiNYO17{@=9a#x+Q z|8&>5FRMct;L61iCW5IG%wSOBRKJb=Ucv;`Uu_p_n;)V~^PtCD5&5epxsXD`96f`X z;K%aANx1HZFLf86QV8nPQ?dekCsXBlzd5ga`kyVoMK+jBCi>)}1>AEF;wMyl;f*?l z(@Z+G@T;zOtdByb!<)UEydCZUUE>sO%DvO*1`s3o4vGnVk2RTeL7#DPSYi>9E7o3q z5cU@*;`MECdu5SEjj(&Zw}V;o8Qo|NFv4-Dbb*8mnE#!cm$80&oB5Zw}a| z&c8!@Jp@=4gs#bKWKo zQCU`YmIW5kIQEXAfYaGoH6LnGR*Q}|;gF_>GUx7~S-1<=xcn3ltYzoy=1oia#$GFd z2HOEj$jPqqwhdqfM2)gt3R>7MZgJWbeLh%la5B2*8YF<~&gS*RmG49IDQRtu4!ONg zcaN>-LT?I7S6Dr4SYgf~rU+}M6Z$ff&_4+z`9pTu)ivAs;Oq*{hME{3IKo?37Fk;* zHOKIFtgaDvmVqGox?#sZ1ctt4E;-k#%iAFKP?Rf*i7KN!wVo+pu=-adg6q|=MM=}=;@qONql-&1QG zX+)ig{^VC}M^<_E{>@UVz(@C6m9ICoBGE#{>L~KOE_0bpJ!Xy4eTcmb1k z?Zc{0`x@|YA99Q!oqRDww!D6E-K+>y|Bgz5^&r4|uw28(9r0o@gO!S=Sc)zq-98Uu z9FuTn9z{Jt1yNb8Kugx_%||dPLzqFcReTC_nF3>TugS zS-|}~0w7F7(ha zTM)O-xWHloCaw%71c}JSPoELkOIF@9SVWo0ir_YV5%`Cd)m;vaHC{CZ9j);D^m8tf z3o@~i4l^I-cSN7mQ$@J@YLy+?l#r>Gh59yT_T4b&u*;~7g%q-eORkDZRPAZkpmf0> zC6>t$vmo0`1lz5pHeD)5W*?_1?j=29c;h(4+9@;ArQEMz_s5A#%QMS)t;#gTc(v4m zcXtbbZ9XymkJcrSu!#ZZkc29nCA5oslg}VM1P({!J8!2m;K5%?=Et^DrC?Kv)Oo_pGY)?Q97+FwSz_V%Sq zcT^LX1d?VoykhYfj3lgCJV%I}t1N+V#IfODQFqaZ5!30hT`0J|Ie?s>NbuJFLo4XtbEq!!!tE=Ked%akR>_0tCABSPboWbF*5 zC*g6bpGB1}2jo&w%)mwE+Vl72R`46fTAfwysPJmvuf5^BuA>(Y(!d2VS$8L}QI(!m z>GG{Oa%Ejc{Mjh1YxVcbnQ0np{dX8wVJeob>j`SE%HWd|l15wghb+Ww%PRkjPSEP< zdGuPe&Kq+x)3du*A?{jK+4;HlhDwjFQEGjCw8eP;c|UN5Cf%tmy4S0rkwN@tgZF=7YR}L4B*gO zP4c0XnnAGF`$dEoeP+E0tQl94gCh)2o+BdFD~A#6@C4S_=JRG5>GIPwaXt`v%zn5z zI~Qu>`E!Zz#8@yB7+1qgAZsl6m;5qv*_^9^6@dL$OJ1;?q%F+?@D_3I)I z_iWHmX{~)7@nLpqiSb*Aj+0xwJ;s=0M&k~c^m5PMTYc21YMUFcC9;BuWEX?u;ASy! zJP_;P!|~#y(O~QWG`;{;{*wAvC`v6sBHr;#CV8w{E6O};c7ltV@84LaL@lxf=`nE- zl@3RqM@1j0%>q9kpK)N!hnS5oIfN6x&rc?lC9{II$(n$ZA(eV&kRc3L0Q?9(ELhOa zy?MjfD;wE?a)GZn^rC=ibOvOge~lNulUBL7D(rofla6H3uC%&@u3y|YP8Y)ddxX(| z2Rdg?Ob$m`&7N;L)Q`xAU~>hNE6<+hq&i5g!c0ZA6UU>X>=4VCL=Cfv``8l|a}iL1 z(0k{x_YOJFh5O~^8|dqT#2o_}4)M;+QNcdarTKK?^s({n^Odu#u7ocTWVUhJub9SB z#S0%B`PL0`_;hJ}E9q`}Lre(k&MBJWv7@RbDVYiRx05qc$votAY?Bg*K-D|bg$K=( z)g8|8iw-CL*+kbtuOi46r6Y9lJ9ffs>9M1rUSHSVFgLnxDzD@cGe@6 zIe6k|Nzxe^vqmYPDf6Kd%+I&t=3X!Ev1VG;7XmD6+2JQp=AITQh7*fUOH=9>gXRr3 z3Rt5n2UClwRfUtWu__h^#7m7+I|b}k2q=y@p)VjUL|KXT3dLyh^4qE2W|y$751w52 z<-J_lya?!El1PVKnzrLI#@hpa;$giH!@&o-f`?C|0h*lV1*k0okMQVZylrba4%ysgvji?VSC7_-?66e`9?8PPbpO>bH!5$qW?ezn)w z#SSj_EXNu&c}(GWI^KoIn>F&=->NkNf!rWSZpPG_0|ZW_pIjMS$DV$d-jabp?{wQN z_xZ9>r7|3acyFG-_nH^9jQU`68izu7Ez#)Z=ICy8?J^5h36$su|arr}(! z+e7hFCrKj(dE&W0_R12J`J;9mpIZE*jJ4h~asBHRpmCTLvYHy*c?f7%4)RmS~uw^PkV-G;ff6I+^8O#K#AHz+hM{L8Q~C&g8ON+ z7g&vDk_Fl)|riHi&Rn1N1=>4)bF!OvZqd|5I{8TiWK-0f>zh;Fg^e> z4V@a8W6YB>4t_pm-057h@?=+r9|pxwTbx0tsNbVmUSrBx?zhCpg}a3grK?3Vqr;at zWwVqh$mrf+O~L?VgRseJ&!6^$FBYsmUH2@?$wDPVaqOH(!|%?BPU>0HBm<25vk*7Y zpdnD9vWIz9XxaqBxwfqyC}vD13J-b)uQO(vJ@>-E||SJ$21C6gLj-oe}8!eP=vRNopQr$kpW;g)rxHa$S_G!HS$M# zNwZ5Sa2k~{vsj3{L<`YLk%0rN((EICu3+EBv7*hRVaoB3qWl{bf?>8pLnl^_#d&7G z^Af18wcNfsW#ie*ZWE&MAml3?hRcgD-VV?~C%9HmFKe_9iBViUhT1~{?g_*e`*NYw zU-P$BKv*v*J(tCFJu@$5T-5!M(c6&FuJ>KQe{?TJY8YnFry_JdM-wGk*1E_AIwG1+ zJsC@KfI)3ajSY%SpWKgW2#YZ7`8nWb zJn>Uk_z(N$uR;_uR58gEirUi0O}F}=bX4f7S)5hZMz`gj?=C4K;8xyvk5JqcV&A1= z@`|knWwnx3f|1R>w`>M>ojW4<#3`H;8 z&9We8#m4>N3~cTi6rNf)J&H~zhMbq$w>w|E0fKy=zcVZkx@88oX_O_Sf~w=-8yBec z9kgrXdUU{;A9RkejzB~|c!S>Sda)b6rHkO-<6vo)j9u55kp9>Zg7xILT1d05Q(U=l zIzJy{wtH4B+prDFgyv$b0|6C77Q$FDCyMF6`s*0RLYgRaa*-hJ^2iwL5Vv%w(J{rT zbMl#9F?PAAf7p>^w6&bT3dU<{J05NjO$&lfFt{VK0g%idOu+(mh1h~2=+04FEwD?o^5A!c@_<3dQ3)Dew7^`#1X7c?-_LMEeP(+xD_r1<10X&sAf_WKsgMzomFWnt80}C9 z=wYkqutp#1-(9=5z#0JuV_gDiZmkXA&N)ub>5%i%-@Dc~XwPTsS!5t)OSbRRqOPi9 zR9Ba%2snk|DYHA|ssXk)e0#oUrjA6-aHyGmWF?Dr%61ev_ue0uXXj>4y=_c}kV7mL zK3ABIQC0wu0E}Ap(b8eH>Z+oA(Jf<{kxJ08R1VyKn~`}?8^9=drlK8(>mV|PimY&Y z#4U;=taUSZ5u^n#ufB5C$*Z!J2v?8|3jUdF?O*P(H5h))d?{=n#B~BmG>=8wq3WR8IkD^xx_4nBP6c|_kBx{Pk$-lF!fy<*>#PWG(~Y~*tb@1>V8}oABF!r3|Cmq_XSIBso(0>J z47!4ffUaIY1!NI4GM>|We{akx7F_!Mipz~g0`c`Ws^V=g>}@?kU1uJ6RWo?m{J`^i z#C&}YM(;B$LzV`EFz65f)xRcDSjACEHPFf$RT&w#_%gv$?OD>g2xr|?24&sgpZjuz zmi!#k=aCkV>A$Xye0XU@wXl`)TzA{}%27hAWh*(E#b-C{nN+#ou)I`X3+$t7Jl0U! zGlyjf5!$hY(9e<-P|;OVg{?+_YgTM_>YaCOml45n#&;Aqc2ksM6t)h#_Eyx^U>29| zK2INX(U3hT){HiAvDFHaD{IG{GgBR(@Wb6p;Uwm1YVk5Q02sPXlPrO!Aysy}xVzds z1-^rT)PV(x+24+D4!u3U^xo!R$$<_6x4xfJ7dur7PTkbsL}MpGEpxZ%@Q{`4`FH&E z;>GaqqG~y8HV11JUW)2^!AUZkEU?+Kzle6C081=G-9!a}Kuz#R)QoCx?^LUU(WY3> z+eevFIg;3_vpAAnQMjzRCm%o^j##2F;sonJ=74o=T?g}<2!ImVWPbUi#`4$`!*UUm z0@3_vBy#twz-kd5|Kny3F*Y%^tK68MG4y@b(Atcl{tbwJxg^H(~*jDK8sr_rlPMK$G9At>#ncUh>5MHCR0q8 z&Tak>ta3zzgaT;k*(Wo^j_&(r2x@8AMPBoz3?sqRhvUfd9)dJ9$a3+8{PMX3ff|lm z%O;WQ#&)dX1E8HyfaE%XJO?bN`35ti4JT8(DWU=&h6mQJV3Ahl>xbpN(CSJQPdVNj zuSu&(K?25PeiSnzr&=CuZ-`@fO-p5YEWA#Aqzouq#9HpFq1}tp5+Fj{kVv`3+;kRO zdT7Sr80Kye6)K>wx{is_pkKnO8UhvB6Evn=vDhDT;qm0%u3$6lw6${fFlBGNP_%zw%_O!(1uV4*8-F{A7_#4pC-9!IAfUc;4-SOoN4h1iR~fmK+BWDavA4 zpM_G|y@bsmrR72(_Q*>}hxH(g?5XO1Nsw%EPml09wib8zo+%7ayvOPS6Ws4(*V&RY zi_JooCx%*j2X{dr9sY49tSGDj)&0qP&PR8p_?n2QqV+>`w_?!Fh(4S5k2m@Pa+?)D zQza~QJJjwL;&J7S>T)-AaRs$VREc-Ur;3aV;0YfL2;yvEEv3kO`f*sL?Z6dX%$l@} z>ls%0>nN!9`D-fxBtRnIm4ZllDng*`pt7xZ)m}WwcGn+1{iC-d{^DsRQ3G&Bgfdd7O(s74QNlv>Ga17bl zuC8L(BAzNJKeXJRD-YY;)bn#d<)(XuoC{dNbuq7juA@s&>l@4$9)YVg$kSac3yp1U zhhYtpc#_OC^z~wj<0nxDRXJ_3Ink;iN!oHjcOVeiE{9FgUouvjgMa+RkgNR6x675zz%fLN-1{7mbO% zUPvXLPHm1$Q5+dqvSj}3?ptT^m-|7e|3=}8xo@Yh*;cXC%Ernh0 zGam&`D^X$fj55%?In~b&|c{)R||Km6oPmd6KW&r zL)fkVL4#v8V7vxgD3qoiv=0)SnarHZ-Nm6_D-Pzo*aQ`#N=S06On!K)pW0)r{*@5@ zCvmTNE9kc$#AxO8H7kxWR+)2*ozzU|OLmt(OA39I5-;i>L+r(5c!z z>>D{BYv=Mq2QNN>^_D7fk7>(+@Yb;*XIg3=W(C#hBB`ZqlXsEIA`^?5;}!%lqOOi- z5LKp38*+NQUp&lC08=5`q+_`%!F1`9@MH8l!P)!zz`(Wh4?EaR3K?1Cc7;3vI?fxL zpvcLYtXHh+k{B3^5X+ymS|p(~iXA6cu#?{nb>;D$rnsJLSmG0Wt>T%)TRN4S<_=n* zo5e;(9gLkatZ3oFkXk9vK1M%JR)X9~AyAi@zTJQXm0uo4sqIy^ zQK^=pR3VD$VV!tvKTSyCH7LH6C2$+Y{k}`kRNMw((EE_m&3spX9+-k5_NK;WLJYyH z5u%ltwPiHP`gwmu>p11otV}$GQv$*?MsZUm-mx1ek_)N3M>bnw523-148q~QJjVc& zWmICIvJu%(!9#(J0J)3|smb9DLt)|>Bvxw;`}5MYgQ4}t`{)UJ#Khw=)8^{-w|rNE zMy72Q(eC=vL1v-ifsOsZ8q>9O*lI3|w~wttZUm3@sqF7=)xpQp5=5XMUf89SQ`l*7RDA z*5=WRMl9SZ`(Ck5@A|Iiq6gn1M%3NHw2&4KRYrR6s_dlSwg`*p%p=8VzS7C{fmz0Z zMIFO=R;(|oM3npuT^)qS0?^Q4??G7X7AR{GKb{cPChOnsot&SDZ~#E$^j$+<@!ld5 zJN74XeOq#4@5u!Z#ddmpS3QonyrC6b+v1xrvLzi=9oHm;7NX-|NSZby;c@Lxjx9q# zxA!{|6fxgZ+ZS`$E|jl6BSa2L)HJcX+!t*M(8110^dhYzv@}vAVt^kg8Dd-W2KDku zDNRg{SaDI3B3UEhUUpdTb~R3gS!?~w9~#E1PyKa$PXl5;Vips&|9*HJp69b`^I zF{`hVi!?PFzbR%shby{JdldSR{|6aze35POG4WJBZ?QPH_pwjPnss-Ny`2M6k7>h3h&Jko_k!Xh}N9Q zf92b$7#?s_k`b*m3R4eYm3RDYu9z4lC={hGkul;2$>)Y!2j_ItXM@z6U8-^{f>KF= zMiI#1^$FnnBIXLt`agf7?f;~cEAt+9R3`J5C9f*KRVI7%zi>BCK(N@ZUnil(d>SPSsd1 zVO3b<-ta5&aeG))d`79$vCW!6y>WIje^Z7RSN$+?y`Oq1L1q2|fVWyLR#`AZ;XRVu zxvgtwEf1q0%b#-fi7!+juBtB)pIdtESC=TAS(m;mLqEZksJ*B|K#|&zGDD3O*<}G1 zVwDxDg^&CnF4*l+;Qh2&wt4)8CxHV~KyyTWxVVwa5 zjqEL}x3-V7KaRm^Q@YUT!zsVePTqATzEiiVLgoT;Z(qA_e=~7~@+r#ob&=s$uih%} zk>p%oa?xci?*&VkZ{I%q-2Vf-?vcIqYrOHI-8xg9B1#{GM2hzExrRQgZ6uH<8*Ge! z2;=?(;4PE!vKQCgfD}lUR{F~c@rID$$qKs~x*Z6sHCUm&0g(>T{zZytBSF1KvQaNZ z49+5M;UddyAi5M1>hi`oidCYVE*72H;u19ZUi}OIqkvK2AOJrYd8T=CceN`u8mVfmV4Cya3v}j7h1B_9hWAYSchE}yke!R&a6^U7|mKu zd3TR#+&>x9xZA+*axy*;CMA~v2p#{xtCSuv-7Ky>0;=U#b9%roeq0TyUbgL0#hcqy zmlYZ32a~4GB6(wr1i2yW;W*q5rIP*+twW@)2UO{gVjOf<}^L3B!9^r%7-2Z9hD;?ylqpt6e6`eMx@e#I6ZrH95 zk&4`JH~*>s=)eGBpHi#?G)$jfm;bK#VyT6{;(;Mgz8K|SHGLt(@L$0yDUfZ$`Y-VN z1<@M)gP}682dMpDujc;2P#M8tg8qN>Cdn*sIkfB5EsNvSYX9pu0OD}%yPW-ZQddiT z)oJs1)|waL-z@dl|CxfeiWE>}fVJ(*{lb9}_1KlsraOs|4fsXy(!M~1*jUms;6!8E z(D3l^Rpf30hlzjcKTW~WF0U!h?U?rWJ zsB5CE)=i!&wJfnPF|m6mamWr&5&b>?(=BxbsA~pu^u(%tM#f`z$ll|Id{H?~Qr$ha zkN5%z!~<&8loqhzWA?Gk(onO)5EkNT^q65;mil54#`qr(Zto!dfdLgQda2PeYo%V( z%iZkh_i>b@U7OU_S}wer^#yc-!7#^VZM3g=?xkubF8V|H7akD(mV2?@x%xlab`;sW z=)2gSU+Y<>Vwr{5pH{|7l+XMmb` zLN@Sj5y7PeXhzfx(@+Y}`(Uc&#XVc;<~Tc9i_I%REw&xSj1^PB(Q$HDr7Qf{8b zioLZ^si)`3GZn;_uE<1-Y}R0FmE z-%Z3AUqJ*~&n%ckm+|Jx)F+>!Dq33!SM~g_Wwc;02KC-s3#(@4r>7VFyj^?d46GMa z%3sXs50AawKdGtx@l1zi{6-;yqWGd%Ty8jFL+5NDLs)JZi&0#$e1VMA;p%5IN7P50v#wzTk~OOSEynn zT%hpXxg<*U-*H?N^|xw^COq+@#WJz0+Z4Qt2vK>-%as3Trn?Bx5tVfxm_fH^b*9A| zMG)j~7wAq2WRY&LMf+FKqMyVG)p@VuW`txhjfpkE(+3bIrec=8T5K$oKj{t!(~)iJ z7YNIlahi-7AUIM(*PI>Czl%}fEj~^3PaeNLCyuJadqI79A~=jf7HIMDKx(Pl*9n7# zbQDGdJ>&Z!ZDORy;9bo?BFk&_3*>SLgggyT~5 zsw=PEA17eP2PFSe8ZfpypMLJ@f53FRCRz0{0D`t;=1eu`&P$r)oR=RlWE!+#X+T^n zc6fHs-%)HMLH+}IHx%Z|Tzz(NGpoT9(%u4j%$=TVR6EtkdB{ReUvLQjX^je#)s55_) zk$N&RtXEcN7ykCAPC?&YX@2=mE(-X^teOV89a6z-=2tz5kPE_pC~qQY7>rCbKW+P8 z4!S4#)Rek7NeNI8f5Oa<${4a)+`dsv`sR$Fd7u zoy9%J6&pMp6*4Dh??J;%RIWns*ouAvd8tr0fN&y!q)y*~7THa4&e z0`}K(o+E&A%*i;l1Ro?9Dp#gw*q4ox)D$9t{!|r~H470G7QnjNoJD4J>a4gwp(a@Y zveETs;GqYzN{!KqmH9R9M!MsK;q)@wqp~_ZU@%Cm1wkKJdhZ0WG}qUue`ZP=|B#&GWe2&4vSOAwWXsH9_OlfSu0jbzD>@`wr5B3sCWiBLe5ZwX_SJ zx9E=uxQ9P-9UtwpcmUQqzvh*2PtW;3VyEcC-`Ad`K9@V)?`=8AX;1JlY{nZ&oiCDa z7os&=sa4I(FcViQ%q#1nth}Nc78=xudH()lsRYz?o@aA;ypv%~MzS(#btX4)jaAKB z<(V7$sk3&o@?0j{-AJ2nRwMBk5cG)$MEMPnzRGkB}T zRNsuQ?eZ#cM>dF-s?^dlS3XsW3p#5EB4{Y677iLWIa@#AiFh6s1?m(MDfoFh5Zgzm7 zG{J%yfA=-;#uM8RdW~N}4ZrM9Hps8URLG>(jWvf5+n=2H^LYBAi?I(YHJWXiyeqA- zVG#t*Ez&BSjtS@I*>SIXmE-_Q%H?b}eM&TtE~6fmu$p$!j4J-&z)96~vUIVU_1aGD_Z|~ zfb;$EuDNd+6r%Kx4+K?C^(Rn()J6f0lTCuxM=X0&jfB_r^FBK{l>{g?3km&u?KEER zU^`o_z-V0Tm$Ddpi`AcwkIB3v?B;$4#0P5?Wtx$K$Zkok7JL?zREqB%6om;BO%v_SWspQ z4&=(40Soqd0mC7xUEtz7$Ax`3Gsc)hDUCO(jG;xPb_59p*0{sb41x}`(tJ`oFR{GD zqu^=6>Ju;=4{cU|zRP?n0t;rlja03zg?PO|Rg}4sZq>i*FcuURQ$}Zw2la09SU0)C z7;RIvZE11Ebw#Rme*@xM_f)Wdm$O7(hmF&)l%sKe<4@LOzz`2mKaGpznh)mJwk&8Q ztj+s9yo6F>_XzZg zaC_}f$oSbB1gn-I?&b$AkWslAsuK&c3qQ@r<&lra2R{VWw`mA<*{*p{!>g&~HkS6j z+eo%Z<0xA0SB&VGzcN?Q99%Y9jpe!zibWRF5|;L3YQ}LO--v6K&2}QM}85+48vFT#+{-$}!xp^k7a> zL+D^m`Gu*FL-Bd`FZrJQLx2b*;L*9lmMRN1`rp}BqQ)A-2z!-n7a~Y09=}u;2b%~} zlk_!>xqa@jq0ucg@abY40!gs}`NecAbR4-V6MEl`QpTTvN}`S8H?{&H`9-ZR8;w0q zbBhBv>mXeLd1}Tzo?QiP``%_qaVBTHvjBw{Z z#vm(5g1XX04T7~-Qbht9c4?33?QSL?{p)89$wu-Gz28ZdxrX82!^o)-j+y~6#Biuq zLvV|(wkxmYG|eHL4_OZSN-x(jnl`86hXQ5XYP`&4lBws z9FIsAB%)YkvU?x3G5DtUe~?ZK3l>-D#oYaJG8VG=$diGI*1Dr9)5_HQ3R?OHU0{h?08B?$fhk-L!b@$Im|>O znuORTh%bpo#Q{#j=$xZ|)b1^gkI3}W0{i}~6;VDOxRM#F};SJX_7?(I2~NR5m5>ldx+Blp_G z8CEpP92}Iv&FL<@3pOfYm(3MsR$nTEB;MW531_y33BhP|jLsr<$-$VWP)XX9-aLi zn;9CY4tARUdRu)x^x%a_*rD@Tzq)vXb-$mltGp_v;>OTsMBpA;lOHud?cCR1X@Aku z@;*3rp-*)1em+pft7piSP>a=8!k>Buq{;kyHXMQ?hjzv(hfm7(`yO6OiP(=7PG*{l z8si38)LBlmiWrR^D~&ZBmeJtPm!ee>EMB)3OZ`0H^(pFG#TA8&HLqM4z(8>OPTpPZ z!jD7kTsqUD2@OR|o8rWOi>I+{!E?71^=-08>+SK3t5KtSjz(CH24DSn6bv0}{Qb|# z3bYR4@69q}y+`U5{=`wpo%_2yHcz8i zmaf1weGi&%=+zM2_ZWTlM_LV2UDr#GQ&ykz#RhaWz)rBh@TbzoiALiU#aLR%^ArXe zS7VR{h`axfwzvGNtLfQ5aVzfb?(XjH?(VjsxVyV-+@YnoLveR4#VPJ?8;8Slzvui3 z=eNGDnOT!u$z+nOgortwSJdZm!~iRJwG7L@d$ZNLZr2{>LaDMhxyv?+&vaCeObc(j zIbfU`R(_7Qc+bTDfdG`iLy{@4nwnf?;u`ON6-(6WF%APu%Oc+$t_fzlB+q`F%J~30 z`%&IfmUI3)LxAu}GiUVRB>_OzZ>S1JUoLI2*=^rh)E3do9leu6dQ6 z4n(X}Hbb!+V2XWy^8>DFsCxt`sDD$Rs1MvK=Va=og$#HVo#}ZK|M4w-3Q`nbof2M) zcoX6o3v79!MdIr(pqfdS3B1mj;2;L*+##sp=RBcRiF9D6j` z>UZYOQ4jU*;6F~$ey>bkz+QM! z?iAg+6_}*r&Y*Z6|Fx@O_pfu&wfmgC=%t3=O@B8@`Y1?}nExxuE=E2G0w41p2WP2l zcf_SRFD@1F6ovRB?X*;(2wu2)ht}!0Ih|A3Cg3r~w^K(+~8NL(RZY?)iC7~5THk2KbTL2!lve|Mu#HFf%{X~Fr-!4 zi6Ts}>P~?!Pi1@Cf~Jtj37oo1TKY67@Q)2T{lB*t4Z$;j-!-OuEw;a z;%n4sVJjNji#)XJ+S2cSVY-S{TAjntHJSVtuLI@Rai_;bUtKek$)8B)B(=w#?gUG? zG|b;r^8tvYZowt^vdllvn8z+dp`e?r1A7@?$KDOD9!yKNz?w21CePjdf|mYud}ONS zVqEN;2j@rK)qW3QHjn~-?q$xdB~*Fx1t0DzTa|V!?7?5KIQ|cq*_GZAI?LR66X0RX zmXtD7V*So;>lH9o_{!^#TlXUhxK_&kXCxbQ)&x{BZ;w9&^5hxSAN|d*&^vts!rm)2 zEoAs*2uXMB-?9mSYY$at7k+EqH~q_)Ml2HxaZs2}*HSKVrF~r~q=L}zgl6(HH6EDO z);!B)5E@C3`6)zY67j2T@idEmJpV2=S$?J`N0U-qt&k@N%^!qA*F?_Iv8UKn?p->a%z=7#nvvLmI)lw3PMs&~7?ctn#Lu{&4Kw2!FjdIOq&DG|xb2-~e?0 zvo|{*YRLnx(L+cFuK%{|-j&8@_?7Gik@BEaMd`!@80~H@U%{D&^dLVni4m`o;)729 zi4ntsyHf|1u@&f~9e9fkMr6t{c`q*qt)6`#yMT&g@-M5g3JWE4CvQLLTHs4{Lvxw) zC}l2g|9`aro=?9Sc`A3ZQB%s3Hf%I>e4+eg|4zkY<(o~UQG9Higqq1frm+iIz$OG|1tj0WGHq^^L<|v^kN-IBiPo(mb>v3ih>u z`@rwJcmgac3`ZGK!*mE9YG_~8K`GJue5w@#jEsnWWojL5WNAvu(pZTkaq;*rgcpwR za6E4_27x2q{L9g-0F#ErL2M`Fx#wxkVt}TOpPrX}UmP#kD{n=xDBz5_mMH2QrmHsv zhwdDr7b;8e<)mjr-4)BU-};KB_&>+*LPuh8kfHXKI^=eB33oO9CH8MwM)pJ$@SBL< zh;Y$2a4GC`iU?4GCnFJAyAt}XSvcKXpNlH==~LM!>y)H_o~V=na%f`#_H>)}vW!Ei z%1x{@&_fq5%ZDf@!06h=t93`*$4tP8lBu%k+}p9RQInhtSBUmr@ma@S6fO9tP=lp% zyk8^+NvA?F+;Bsm%p)H){3g*p9~P4nYQNK_Z@ycL7%VM{Y+fXVhmr%++3ui?&kq(m zM6aAuWgyZ49e_{6=1vX`xE$?6&GFG{<$oMHThG*RF(IqcZ*JB)O?#ayGqn8LYE(Z` zdI>Q9G5@$A^*gl>%L7Yzix@M@KZ+&U2ap-x?(CBEh zfUa5;JbSBMqEc(|GRUuD^8hj}#(HCraQUg#?jV84ssXdB>pJka-=@+`@Hbpl)6gx! zdx_Umf-SYn+W5GdzP|V&Fjv#kqBqgVyDi_{r1KpM6+XMDy%lUQTJ=In)4nSdI_hw5 z;M&lW61=KWci>L6P~dHcny*DwQ34g$w8pRT4KU_AgQ58MADSL+$}7xm+sDdahB1a) zLD~SW3HrXSk^weNOBAAjh2bz!30txH9p7@H7=%W7O|S!EXfY0N)!9V(2I_w2*0o;iW+i$%j_M+rBa3F-2 zZTwnE4|=cF(vP7&_sXEXC8!(o@D7a)y=jppYLf{w&^$TgVhgRt{nrGG{P~qolm!bW3iUy9 z{>k8XeVt@Tk8_E)80}n`vD7jnB~a_rvc%2*LLO19P8qdg(hXt~U;wMsF=&oL`@CcM zXo;K6{;5nz0C-~fayqJ;RwSzHcwz!q_(k2)h<9D00VsX3_kB)wRrAVmT&*fF-U~lS ziNNqF{kv=&(%v^2j6fxx`kJDh90jGVFEZ*j0eb4=VG~=>VSU`8DfwF{bV8FsZ}WQ4 zT<8v{O`VG~F8^8CsOY4kMzD%(qA0Wf+N0XpvteZsOW(~-U}b9ER1rlD zjcJts^-`nLFm78GKv77w^9%`*G{z9*$+McxZqFj^XmkVN)cFrqjs*f9WsJ(60}L)3 zzw+&W-kG>7rmmy|*SDHKUvES-^M;V2m0S5#>VeR-Q2PKv>Uf*Ko!lGr(t-IJT>arJ zHX$h-*0^3}q2fZ1W8(ocao@Ie8De(RIxoHM29O@#b1ya1-`Y03!9tWnPD$u(Q=TwE zsv*>M-@EK+_K6X}TwTbln1Fx+e{(Qou@dh-r(_&_@Jy&Q^iAXyVZaNY0EO17hg)T2 z=Id-XdGLcC81vDFgh2>I)0Z;@1{3$eTIjsfa?V@*rNSY@xJOHUP(%J{j5#iGJ$ioY zhpbopbx47J(`M{u0 zllA~L-TcAx-G+1nJ1<*kWoxrV5mrU@+~7`cOti^HG5TLbvHDSgZ%gD__+s&&Hzy(* zjRP9y+jd^cE)`onL2q=xMxy#Y(*!dTX%+jo8hOm;>`fAY9C->RCC9PHGXj`A`e+rG z_HBIm(0(=sCm3mCBbAfAzQxtLf2VB;V)x7A4Ux!B$xBcXAdL`1g^lgy#6p0UP zQHV9BXKl4s@F9&?(2BEavROI+tR5`blVN<%;s>bH$DP@piCu^!y;%m_mb~6wB)m;D zgs-SCRLe)Id4TD$+nkX{K3}UUp|(I+_&5wHf*T1UJBh((j~JRW&}<9ZuStUK%-ncI zNw`$=zEG8!ITW=Ql$uqrR{0k>tZ-%B`cu;Mwv-|OR2cYuW=4KGLpynImi}YEaKbv2 z?IS7Oc{mLISAi|1MIqk1XF^$t0~d3jRRgy6;+JoTF89LbqFbG(Ay!5|7+xH^4{zis z{)!x`l}7te^?<0Vu4zjXd!v(QW4{j;A1y#xxjxAA&kv_g?dM=*mR3}1Cb-r#d|3Ii z4z)lgHaG3#UcerUErYSuh=(b=w3DV?aQ}+UK~;aC_c1FE%-<#dco+KIAWmVp9c14n!Du2*1*S{b%ww2# zNYm;4EB80>s_UG;uu=bq%$S-Xf{r2`SeCQ4AFV#Lcshow`VKrbzDhs~0^G4;>LqG^Dc4uBVsoch}K|6La0NL%vKkkAk-O z7DsTsGWs-=187CXIp9Yg!V<446D)`Q0?#T$;8~(cQ=M!AXmJ&2#c*@sic+Hgc3fd# zMEOxD_=sh5Y=az+0@*9^xX?v_CAwO%f&qq9S+D0;43=5Y9%#5Dq`Iw6huV2m;72WJ zrY|+Jq-$edcPa7dYG}VV?^7LXUq=13x9;3#pi?~u$=(VPciNSqvM8T)R{WHoQ-<_) zlL|o4rnJ2YqT^ZCVDCAyOjh~E?*i-&pRP}|->Vk!E!lLc%~yeWG9U>Fc{x{TVs&3$B4zr<;6YMHGi zHkgz2E5r;X&}0zADYeVqAny%v*Xx6)Oy0{Knk@X3oN80|14Av>fjQO)ILfbLt9l#x zp09o9+L^r4E-(M|rA5FOlr6dNQh!bh6Eh@2FDHM8@%`LJj& zTGKyljW$t@-n83w)>9t`JwGnaMw1LI8XFlt%cpcFxtMYUob&>>DC2eK(B&l&m)hH+ zE&ShsLH=PRpgh~#2+4DSN&ts0`03-mr=hyjf(o9r~5F8!e);g07|>h1$Z6Q-O){hARX`)`Ocr+yKD?O^;}`VM_4Z+tnk9Ezt$VBBOB6O3=dVWY;X2+DnFPB~e*6IUP7d;p z_s@#}*zbnRK8GS$-8i90P~TSKWaZPVrN>kMGU_#!S&RZ0X+YGutpK;i)oK1tI+}6c zrrfXRjMt%1*0_zf(U4LhQxWTzMg?ty7doX{jC?b=HEUS*>Q$!;@e?Z)X(~ho*ryQg z)Ku=P^Yf+Or`M<3l{f6O5!@7lc(H2HiZ7h&}+l5F8w;9(_O0rG}umr_qj31Cob2z&a?8rY<(>2P5cr zX>MfTwF|AbI8Y3YB11Wg%-VKL{T2unW2X*f4H2RzMhiuaJODQs)p%%GxPkab2Sw4i zx3LGaNxWAu=_pk&3W?w~jE&Lze&Pq<4NWklfu!o_^X2bdBgUEflVN%k;QU+eq!n8M z>?gPOM39$D5@G*^FYXQrsy4QnomTa1nWj-j|D1<%&)1zoHY3k z@HNE83txYgHbJBsN>LFw97g35C)Wa*CTtwm4`W{PHZhLpV|O=@WEy!994*9ZR9`hY z<^V~=JxjQ$SN9*XBU3Blq2K9eW=p<^oltdAY45n4iFLi}^qpVf_)zmY!PXXa;kd11 z1|O1ngRQOgI3=~-YM2T znNv^omAeh@v4jgRQ-g=li`HQ>=JLkc!{x$yk;zgSha$E8`nr&6(LUI-$;2h?6FfXN zH%6@lWxV2K$+gI+eVK#=*FXaUx3XVp8h;@#S*@ATVOmgMrIe_Ieq+)vm3<*Kwoi+^ zF91UY33d$?Lky9167Lcvb-Tc{bQ*A-V?xwsK=gIcGObnAY44&c29tWFtb^G{|F2+%gVAh<$V%dyt@&2ANEti0e6{Kpm*!|F^h!JZD2q^C zk&`A<#al)Bv;41sSdedq#cEFT3D=k^UDE_czwm4KmIM%n$wH{elhEyGwx_pdCCVi7 z{2FU;5&6`Br(;eCRKq9PR;@T4eiqmogD-Jvga=0%rlF*(5zbCtkf&7!`&m-1pyb{v zA;JI=8~in)ArZvM-=x~wY2VEMh#M;kLtYe~8WL8b^nchRKvNYTA5r_m{ojD(5IEXm z%k3iDwExIDCJmLY+6Y)|p8jt#OHv4VT0CCbHOeoNe=Uv%PL=LR$mP`Ze|(D$Mwf>{ zj^+M8Id_y4g{LBrQChG59}xckTvpUt5CvN0Z|ta%cRO|gcB#tBMBk)j?*9OY7ZdzV z{ZAKrsfQg^x^6sFD6E5zxw*atcQ$dWdGBVT=QMO*V27scWn=boihNBI#D?|AO7mA($Pz^&r}v#mlf=qyX45at3@I zS^tsx$rb92kF8Q4HQ6T)#_IXSbM@0RKTo(3>~=99TV0N?SW;$Fy}L+9_~tl}?kmw~ zJ{p!W_tx6~N!AYeKW?xSg4@%jSE@BPRlCVL2VF;NvYe(F2`p7aXsY8MNEOPN$*DT` zJZ7b9Ls7Bsa_P%OCS`N0{HK!RWrBwW`YJpO3@jfG51Yr9($Nv7^$1$?)1F%bq&dc) z&=z3m|A(h!DY&7M%yrYdX`6EYf5AhhFY;FMdQRuMc0PS8&&MqD{|S9CIqN&zkhwD* zJ^c6tk`tXtL<+ljaoSH$s~?!y5yi1eBGLLK|A)rl2vNqvl;2uLsXD0gc10Rr>a~Ko zjfY-~3(^`b5&8H3z125GhB{a#)N3m#KM|#F50cmO&OixI)xpi?gZk02uPaDDzd{Q) zM@0;r?NV{a($D*E7)KabNpIIbT3dY<|}f+%8890 zm-|ZiKUMrcJ(tX)oAxoijG_ZB)S?oIP!xjuXF&j?9aMv@ACMr z%FQyJ5#{VJE8KI)j2GWULDDQpF^!|FK*>*T%oD&U&*&@ib-eX$NSn@}A+)5>`cpoC znCq!|Bvj`HwY8V7@8fj7-wqT6@~y@aB?&Q)-{?^@;V2q#E_ZLCra~TxyBP%(2)e#+ zHU>OcpBP1QXcPUe!eqtVE4$3qdY0q}b z%y=M-{Uk^C0O0rVk(pmG7GF2vLg@qe-YsERr9M5^?2~i|Y|MyXT zt1_E7K@bJ8Ai#<6ClfazTn$ap6Rclo`9Lm+l({oW;uWm&`q8lWn=noah0>r~H6QJ4 z&so%nTg^t$p!Mo+@49oR=gPbj{%BdY$x-u+tbk9u{-zt&EYkbraDF=oZp!`rA*pJO z0-*nZRiF&&zjn)0F{7L>PLT${QEq0QIE*R&Rs8W9nwsJE8e1o8@~Q8$8-eCyXHxk6 zQ3h=u`cEcLKY1cdmXsJD^Ya1?!hz%H&vSlzwAlOzsC|{ZWlu83&nLl&jWghDn^T$r zw`0o7ul&Zl{WeSQaDA0uX!aWXw9h7z6)?;V%`g{z^JLL{ZOahX578^_2UuHf$ zL{pCHZYYh|VfqA7RiKLTW|K1U);yC?Sm|!m^8_eGG5j06g*PR$5ovy{aIM%5aX}^v z6<;rGlN*XMZ-6jk&}SO4kEd7d+ezu;B$5Zw?MvmAMB<3+A(Y1Bekl9CK*X42Me<|1C*s!8=q|m7idYg#6VKgE4|KjrPfy8juaWTx^?#?jvY$by8R() zoTwm}gday@TM&$QZou-g@6z)xB8Ii2WuRO9p=bi~>u9Je{v#Z{_No5sRUk>6-i9zC@q=|`-WNt+P_sgk(2e+qE z+xFRB%|i6l)kj!%?dc~{Ml|k3vV5dKpT7-u+Hk|(YplFZLo1C^jvNw> zD{B-{`HN2aGp1MaR;b18*m3SRo+=;9t+1psmq+4+%ReL2E`k(W!;hyO^GZh0SO|yN zst+qvZ_F6*iauQob&@AgnD#95>0s%B@3yK9OVr_J{PSbAs9NtlZFb9;l;vvp4^4s` zqBYwFc)zQna@(-gS>%Cku6PWmAG#GBv{JnYvy5@P+@}w0wkQW(9fqDCielK@TI#gw z_tW*p=;%32?qX8~IF7@HKV?1_h%sL11e1hF=GqBtJJo%#oxL=pzpmVxsgUtr$3RhL z+NB*)TPGsdyHe_SGUVXDpo zrp3XnC%#TXr`1>TgoJF$yyoqDaU}Bc#@^YvSqa1darSHjbIlP`Cl{_NB}|vl5p)K0 zFd0)-e~K$N!%Uk?4V*>+))@Gf9v8?}?euGe%)AET&4xE#a%?NGGEeX8D@iNS*;s^;;jI z?RJB256n;L=;7lN7%}hXf+6lG;A;@o^^M$q=rfZ)3E z(-&c_ogr4vYK9ZoB^T|^2vs%00l0kGGbg?2q^u6`REYxafj8{QVJggsFhz8RLun~` zYJyvVE)ux-aLlSt%0FWagU9JnW3waTsi28(_9$xw=w`geQNwLNQJv9kc@&>n3j^l3 z=&uU<#HIHM_R!x(xEOxSM!D`y19vy%@sN3Tya=amCI7(2Y!A)w65cGuXB(CDF=ewf z?q~p0;e&o87hT(m-~&Z@2w!QVIA%i|+Zltu(xNTHC`#k>K@zG|*5m$l#xZWEsw+@2 z2cvAS!VkWN`2QkR!#&x#H)sXtkiel$R0zU1aypIFyH6KH!865bb_CbFZ@G9&*XNl9 zM~}?KF!PvEGiC3D)7^2_de9E)6Jn6-O~Ue@h_sar(r%8zc$f7ky{vIsAb|6@K zbJ_YvD}>nWyubATjnCRE+2^m0-JPg;6Xw}+Kiv>Pioi}v;1n{DBGy2unqZXqF+ zS4=TYZ{=;!hZ0H7Budzp{}7FVG9$Hi47-%U6ua&bHKx%C$x*6uFtt zlsVru+|M%agwQ(XOlY+tTH06A*jEz9O1uyhDk9q~+`c-3Qp@Yfl#J1Z27C8Ktllj) z1zE_0S77@3uUhF-C4IU$J|=eU1rdEB8B~S@%hIAoqt2y^NYCwU>M0jZQo$DKsl^pN z4`r_uWCpOUeqz|7l4AVPju(KYt0U_9=}|9euLoNgA^HzRgkZ*<8Z>@c_^#|mX}$8( zta?`Y+2&|Z;Ovc<|B4gTu{ig$h>#(d!HD4J(MAD9*TXoK%f z_62-!I_Q&^d2^0>^wbK?mSFrGcTJ^)%eyHEY?4?djO7-v000R=t@kAz4fU-GzvuZv zv2r%C0N5xVPw8h2AjD(hH-|h`>||Ib+$TW^d@CDli4PQzx6?Q<2^1e}y#IPZ1m(Bm zXLn-kSyB{Rz1?-PJ)koyHwMB-CDOv)=jA}3L!ej_(d0$08(Zo3SlA8D_6~^RpPaj2 z)sc*cU&+oeBE&hMYzGan`R)V+M(|Eg1nkx!hh!q1 zgBGN{rJaSFLKKpH>*Qa|z5f%qvsb}1W_wB%I7T7~g?CdCGd-ii?&vSV?TolmB$zdUz)*8j zMm+&A^>ff3El1Et?sb?zgko)OVwn$OuWMJ{O@WRciN)=WX#!HFWPIyZ*SW}$<~`~_ z|2Qy}Rc=X`2zoYb*yx#$z2D{YX$KH@%>RCU%7J$w z?o8Y*cR<%NJo%au^O3n7Zf3;KugRs*LT+zXk@Ba5M^Y&6OwrtDVcQ-c$(4=;idK%Pq?#Yq|dx^rY((tKJ< z=eQ#+Df`bn`~LKYdBXd##5uZ}gcvYwg$$9rbbGEmS!meUwHsY`X{U z1%KQymJz2H*)6OV2~a{zY`_J#B;vnFet@z!Zt=%;T?;jXHfddKGdYfiOdjs48)dkM(h@|!MVDj!Cr|Y`t1DO*% z`!Et3g&pZFyU&W`Mw_&A8WFETKsG@h!wFtO+D!8;H;}P&)oHq#?x%t*LKbGJYRupwVmQMmiU#umKR5G6(B>RkQtmsdk|&9rN_qG>^q6`U|R+IeL{ z3bTbbsZjPIFeO^WX$G=nJlcf<{dFcWSCVvMD(X;H>R}8 ze()ntLf8|>1Ol4g21Eg|{wq$F1)34jB>(#+M>N7)2UU_w9(yKv>Tw-a-(H)_@LWR9 z4G7c?;-;YG8x3LJKMfD?&cXs>79)v$?WjJ%IE+i>i_>=#NDgm}4KprFrPn_;X$Eii z&m`3KkNXdko*NP42!jYJSY8xCT#};LXuRuYy~9Yc=G!u2-EUJYviGIU14#=cv|EZo>$o|3EPbV-rY0x%LO1q`@(twwBvr*w%lQGIDc1w3+;Qx^2*e0Oq>}Mt z*&mVp!H6KMqCfTm@DYjM_r_EVY0h_%8!nxtZT&_nR}b#vN#xswDk3pmnJ2IN%cRJhpdN-brYftG zE=VwTk40XmKALJADeme`_@uHdL*DWp8im_{Yxoqy)qWBB#N$8x;n$!BZgI#-!FrhO zgQsSR2->|{ySSOLNV`&{0Lg+S8={Vs12L>^ua#GoGNgV~8Knk$MdGkNo2hVRs2GEePH3e)79dT$?FjRY~X<=a#Zw7T|wNd$EL z{h{t5QXsckPd@8=7gieA<1Tz=F#TU1z6jk_ayW`)Na#uqwI?66N}b=R`*Wu6=4fOu z!S8FfIc4LKO%{HUN+Bzra4CAP`BX-NK=Bl-6$tLRX?Y(jDk{Q?>x$=zIEO@tR|$;R zn_`lo%$$4O0UJ=#L!!dZuu#$$0l zFgGg=oUS+|?qK~wpe=W~e|XO`yZTQIN&Xdh^++4suvN44i?(6(0OvB!+6a@Uta7}w z#W6R$*NwIGhu%=y>DlyUT#rd?Uo{0L|GvU4J*!`~%TlN=`iMSR(B2v$qa=wwuLV2{$lGb)H$8I0m7{a$%VX zHRP-8-nSO@lRh6INVez8nc$XKVjgA8DvC$0q5V4rosh0KYC=u}5VMzDu!kMFVl4|`k>RLbyYO8}3%w6ZC*+58es}f`0 ziE*lHq7v(PFCR26e4IXlz_ceX23sj)C)gqW5#Nj;&|jLYRn_x@8>?bUMdX{wxD%`R zs$TM5(F)IjPfU zdGbIZe}QD1@O>prHU5fWXT2o54pJX~umHz7as2md@)qz~romjv?kf_ChA_|gl{J3Z zgPxUFFD?v-Qo9C<96GiV8dO_{;Njj-DU7LY?)?p^;L|82^K8N2s zWVuCrXri~mq)h`Kny7B8)*IvlO;8C`VD=;bcDTLM7n0%4OzqBT+9C_AqDMw@ZdI>c zp*-~Qr?hh{@Sp1#^8pM4zxiYG1k>Gge3M*lhCM*t8j3qZkv|+Qv!{v%xha}N!{xB5 z`6^S1r74?hQ>61& z6L}8`U$WSo_WBg=UMV9megka9HB()JC7YtKUi{X?0>cW^_^)Hd=e%d%iEd6RL%2wV8N+8Bx^ zbIT8f;l1EJusQ2f4U&FNE7Q0QBD~6>wQ$qKVkE2PAasUQSH-owlnAuaQN4KRV8UqY}3xJ4G9a8Y_c5 z2Lz<86qZ@*OTABGvVlH~j3PlSwufAD%OQ>=Hu!gBMGx(6bKp!-w??7Yn~C&og>V?86w1ea0B&B$1J)| zE{5Ed9x=qjL-P%CU30N=BAy7gI%II$Xw8H`-m6xMpc(fQU6D2cdrpd(EF~Xr8-X0q zNI8l@!wNMcF+*ht>PWIiFqTd!i7Onzjy;T88CKP)Uv7<)0j`vlcmNu;0OHP4BaX6_ zZL#5;T#(EyVnCzk%nIN>6d7crj=^PA!#UewhBu~tu%5cf=j9FrJK`_datlFg^JRO0V2I>)2d7(~ z{K>ZDz$pa+w{q`%+hdVI0x?E8QFORMxNjZ_QHxJ^T!t49#mjQ=Y(Y&gNmNRK4f1!Q zdwrFX^c)vB`q1lfJtC1)&?!D&Az;Nv@U#C$*W>EDkOl;Rqx6=2NFsx@5DCAd`DVg_aE@~Y7aei=t3Y=~a?XtI87 z;SM+30Ei5QXcIB2Mo+?^`@n0vK=rO(_Hx5-42bF|A+(}@RM|ddfG1&@QeJuAHY^$n zx7BT$vJ(k=UBr!!HY4X%l57N)5PZfD0he0TXC1Vjq$+EXi*A|PG? z17?qMIIO$-teGK+A;VDM>Ui9P(4sP@6%0gEqAG2zV6t@7nrBWxbIx!GYlCz&hhpG?%DKrod<}NdS#sVm%$C*otyhqZ+~jp9 z7_dzv@|?nB2e&g+*io)a+yziI7W@b*^ZSW4Z-Rk)dJ$=PA`oLv25Q1TjyB8SboNaK zbMed}Z?Dq^w6wH_P}3qH*OF}WBNzm;x)fm;M0EA7(&fKlKd+PpmDi)b)@q=FY}AOM zN}2=>;O4`%Vvb3Lr4}UBZYaAl`;oVnLoXDI%vL#EXRZxUNZ(#jImifPV;p67Jc&d3 zBT;`O=sK{q%Fgf0{}JI#aS%Rj>ug{`EFtK4LSNQjllG|49`W$R7Jax8_on?0*+U8c<#JABsd-%5*8 z=Vl(7cVgF_JNOyq_$E!uvzztOdD99$9d9l~WL-!&nC&9X)~L4AU_>B9@a5m%X`89x zTUT2LK-XI~W^f|}8GPIIg^~cH{d7ZLSA#lYoTgw5W62yHYW?y?l#+xTX8-jf=MAII zkt9B38v32&@o1stkMsiGKWrhGbWw`BKM8j%saKsQu;aGm_}Kr8E#Pxi#<{iQg<0X} zdLTxaSP97@Ew8oWxyYTXj(H@JKuq4dL2$LQ{6jNZg*W9_$+`VAvGK zFCe;qW+dr>TDZwL)yD+`$J~tx_!nDvF3!oq2N8MOW@-FoRXJ7tR@aS6__cj@Ak12v;OwT z1BlknA9a?{#8WL+K8YRR)N9faGatXu>--Oj$xq;fs7N@w!{x{>OB@xBIbF=%E%usx zqENGF*-V)8`XAax8}K*RxPandLD5iqfjVk>Q4e&OQ2yAXIV#?yVCK~KX`!QVbc!QUtB&18ax(a#y9A;KV>8F$>>UfYQT-l33O#LvX)MG>1^|G?!9xd*ViYl(8` zJphtP6gkJ$Z1Z*&e7aB29RJ=@Px0vT&D2OL4zA!)rw<0Y*0EluPde%GN?04554EDR zfZ_`2Bu85|XR^F)+D2YN-zeF05z`uTUM?D+3D(WmfMa96-qp?oEg0wAZv_Vi=FU?Nw!`40E!~QlBxY+8-I-#f>79VE$n03Yr z#z<54MA7n~boQ8yuDulpzD)*I53Hruzx_pdN$6hb8TaP6wSK;v)tbos+j%gK@&U1i z+-lsRZWFv&&)J>kh==tT{6`Ji??)j1Mf#A^&u<0e@ zXtW6PM?LAwK0sVHGnJt*dBm}1Z8%*l0n37!BeMtshJUqgYz+@8ZeLwR0O}KFI%bih z30=6!3HhYm4Av!14y$z*++5F0jSfA~9r`!bbskjm1{MMX0_}^!@nmt6NGNm=V^od? ze5(ZA2>E!4z4Vn{=pu8NlUX`e0Ca1;&F3nOGu#R0$|2$R$P|E4wDE2$sKWi2VOo}w z9yF=U$g(oZs{abtxQE$9gt!FFch^XmlZVSBa}hS+0~f~-+48cR46UBQROPE%Oz`Z_eU2aZF`X!K;Bil-M2Bx<->!SqPWDh&aOB)2D~X zzA-$~t!Lg<`GY_GbK_TF{hzflj>y*}D@@YZI;cHey{I12MkXKgZQF^w&#@c7haUv{ zLm?5nvw$gIVRCj{`0BfkSOe2FzBCpIZB*IdG-7_tQ8xE>k=+*8UeJ*XC2r)*Ex6`49(7r9 z4smV-dIZly00OJcGsxy+=ItP^I6(9`$9GlOvVL-hN5f=6Xu@LSHE#V$AkAqPK+I97 z#@xoQ*Bpb?^~5l_GnxIAKhO)(Kbn_(O}$Mel_d_W?%Zu4;0bdP*qjH>VXgL{ot(TpJ4VO~5pZoYaT-vsd8@1ZW38h2sKkuk5J6!2jn`(358! zqJ_0&6HXeMWMXdKXx5`&9ikjD6f+mL1U0WPqWSZE!tm{!l9*5Fj)C=GwWpYf|1ZkkW-%U7&Sp<2UK*%H>U-qN7GQ`r~umpt5MHo`AAPZnbW14%|= z!eCUM4Gq*2Hf*7 zQI2ePSpDj*K#XPMP+|LnP@$ZQ%^n{E_Mxd$tWM(hKm%pZOPCu=wrs_v=WPBNvUXm? zKL(TEGlYx|6kV=rt2sMSNT3}$;~6Sfg>Cpx-)XH3<#M^MwEmwd8>n-%zPR8i-`ARQ zd}I9-)6;yX-rEP{{ZZ+;lVr5}!Y!Rd*;ya#Iom5|?#M0-T^auG*Y#6N%fG}wooj5r zHAMP#`rq~7Wv6qT63z*5xlcW>{F1-)wDo*?t?tWwOPiM}DvtDY#&P&}v z>#z9~CrCLhWI48Fo}hC00**5`3=(cmH}sdysE+KLQ!kr%u;cEYB&UPSTNiO~JI@a> zp1E=1r6!=p2U>y#f>jZ}9vmue2$~w?tntFv)p?{nosw9ywb~t`Ipi3knk``xw#fJpBt08)ET)!Y|R9Cw<@K61G z@Ym&%RZidbZkF*E@?BeYXxj24n(tdWcDK&63{&3uGx284|A(i#=bZAzr=#v4ooG^0u7eOdrQ^wqUwU) zG|XR-nyD(X+wn?73`4Vj(`D#7&IxllR;b%pANP%33tq%~OcA(txX^hKFJ$eoHE8Yd zxx&j~khQ~wptZwyCS){&lhO%4(AweRJ6o=T{hA^JT03m6a!UcSc32p=cKD5qdG1zl zTuZhC*A5@!?KJZM2kjfs+F?T0UV8A_gMoozou`Xq2u>&H-ITdhC&p>!c-V1XEAN9{4ho6^<;~HWQK_PG zuOgrkoU1|l)f^6}e&pOTg_E=O)ftzW>KdW^;1mejoWaIedg^s6hz0bvfi5see7Jj} gI>5f{I`E&}_38;BIo(}JK$kOky85}Sb4q9e0Mq$K?EnA( From be766b4261bd91bc5790a530346a813caec35f31 Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Thu, 27 Feb 2020 22:05:28 +0100 Subject: [PATCH 07/34] Use ErrorGroup Context to return on first error Signed-off-by: Michael Gasch --- vmware-event-router/cmd/main.go | 8 ++++---- vmware-event-router/internal/metrics/server.go | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/vmware-event-router/cmd/main.go b/vmware-event-router/cmd/main.go index 26388a62..c5d2cd5b 100644 --- a/vmware-event-router/cmd/main.go +++ b/vmware-event-router/cmd/main.go @@ -141,14 +141,14 @@ func main() { time.Sleep(3 * time.Second) }() - eg := errgroup.Group{} + eg, egCtx := errgroup.WithContext(ctx) eg.Go(func() error { - return metricsServer.Run(ctx, bindAddr) + return metricsServer.Run(egCtx, bindAddr) }) eg.Go(func() error { - defer streamer.Shutdown(ctx) - return streamer.Stream(ctx, proc) + defer streamer.Shutdown(egCtx) + return streamer.Stream(egCtx, proc) }) // blocks diff --git a/vmware-event-router/internal/metrics/server.go b/vmware-event-router/internal/metrics/server.go index 4294f9f7..88c43991 100644 --- a/vmware-event-router/internal/metrics/server.go +++ b/vmware-event-router/internal/metrics/server.go @@ -73,6 +73,7 @@ func NewServer(cfg connection.Config) (*Server, error) { // occurs. It will collect metrics for the given event streams and processors. func (s *Server) Run(ctx context.Context, bindAddr string) error { errCh := make(chan error, 1) + defer close(errCh) go func() { addr := fmt.Sprintf("http://%s%s", bindAddr, endpoint) s.Printf("starting metrics server and listening on %q", addr) From 55b287c257484991ae9b4c845f377660af7fd9f4 Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Thu, 27 Feb 2020 21:44:17 +0100 Subject: [PATCH 08/34] Consolidate docs on architecture Signed-off-by: Michael Gasch --- FAQ.md => DESIGN.md | 45 +++++++++++++++++++++++++------ README.md | 2 +- architecture.md | 54 ------------------------------------- examples/README.md | 2 +- veba-appliance-diagram.png | Bin 153782 -> 202499 bytes 5 files changed, 39 insertions(+), 64 deletions(-) rename FAQ.md => DESIGN.md (80%) delete mode 100644 architecture.md diff --git a/FAQ.md b/DESIGN.md similarity index 80% rename from FAQ.md rename to DESIGN.md index 9a6d7e98..8d475fc5 100644 --- a/FAQ.md +++ b/DESIGN.md @@ -1,12 +1,13 @@ # About -This page provides answers to common questions around the vCenter Event Broker Appliance architecture, event handling and best practices for building functions. +This page provides answers to common questions around the vCenter Event Broker Appliance design and architecture, event handling and best practices for building functions. Feel free to raise issues/file pull requests to this Github repository to help us improve the appliance and the documentation. If in doubt you can also reach out to us on Slack [#vcenter-event-broker-appliance](https://vmwarecode.slack.com/archives/CQLT9B5AA), which is part of the [VMware {Code}](https://code.vmware.com/web/code/join) Slack instance. ## Table of Content +- [Components](#components) - [Architecture](#architecture) - [Event Handling](#event-handling) - [Event Types supported](#event-types-supported) @@ -18,11 +19,40 @@ Feel free to raise issues/file pull requests to this Github repository to help u - [Invocation](#invocation) - [Code Best Practices](#code-best-practices) +# Components + +The vCenter Event Broker Appliance follows a highly modular approach, using Kubernetes and containers as an abstraction layer between the base operating system ([Photon OS](https://github.com/vmware/photon)) and the required application services. Currently the following components are used in the appliance: + +- VMware Event Router ([Github](https://github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router)) + - Supported Event Stream Sources: + - VMware vCenter ([Website](https://www.vmware.com/products/vcenter-server.html)) + - Supported Event Stream Processors: + - OpenFaaS ([Website](https://www.openfaas.com/)) + - AWS EventBridge ([Website](https://aws.amazon.com/eventbridge/)) +- Contour ([Github](https://github.com/projectcontour/contour)) +- Kubernetes ([Github](https://github.com/kubernetes/kubernetes)) +- Photon OS ([Github](https://github.com/vmware/photon)) + + +The VMware Event Router implements the core functionality of the vCenter Event Broker Appliance, that is connecting to event `streams` ("sources") and processing the events with a configurable event `processor` such as OpenFaaS or AWS EventBridge. + +OpenFaaS® makes it easy for developers to deploy event-driven functions and microservices to Kubernetes without repetitive, boiler-plate coding. Package your code or an existing binary in a Docker image to get a highly scalable endpoint with auto-scaling and metrics. In the vCenter Event Broker Appliance OpenFaaS powers the appliance-integrated Function-as-a-Service framework to **trigger (custom) functions based on vSphere events**. The OpenFaaS user interface provides an easy to use dashboard to deploy and monitor functions. Functions can be authored and also deployed via an easy to use [CLI](https://github.com/openfaas/faas-cli). + +Amazon EventBridge is a serverless event bus that makes it easy to connect applications together using data from your own applications, integrated Software-as-a-Service (SaaS) applications, and AWS services. The vCenter Event Broker Appliance offers native integration for **event forwarding to AWS EventBridge**. The only requirement is creating a dedicated IAM user (access_key) and associated EventBridge rule on the default (or custom) event bus in the AWS management console to be used by this appliance. Only events matching the specified event pattern (EventBridge rule) will be forwarded to limit outgoing network traffic and costs. + +Contour is an Ingress controller for Kubernetes that works by deploying the Envoy proxy as a reverse proxy and load balancer. Contour supports dynamic configuration updates out of the box while maintaining a lightweight profile. In the vCenter Event Broker Appliance Contour provides **TLS termination for the various HTTP(S) endpoints** served. + +Kubernetes is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications. For application and appliance developers Kubernetes provides **powerful platform capabilities**, such as application (container) self-healing, secrets and configuration management, resource management, extensibility, etc. Kubernetes lays the foundation for future improvements of the vCenter Event Broker Appliance with regards to **high availability (n+1) and scalability (horizontal scale out)**. + +Photon OS™ is an open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a **secure run-time environment for efficiently running containers** and out of the box support for Kubernetes. Photon OS is the foundation for many appliances built for the vSphere platform and its ecosystem and thus the first choice for building the vCenter Event Broker Appliance. + +
+ # Architecture -Even though the vCenter Event Broker Appliance is instantiated as a single running virtual machine, internally it's components follow a [microservices architecture](architecture.md) running on Kubernetes. The individual services communicate via TCP/IP network sockets. Most of the communication is performed internally in the appliance so the chance of losing network packets is reduced. +Even though the vCenter Event Broker Appliance is instantiated as a single running virtual machine, internally it's components follow a [microservices architecture](#components) running on Kubernetes. The individual services communicate via TCP/IP network sockets. Most of the communication is performed internally in the appliance so the chance of losing network packets is reduced. -However, in case of a component being unavailable (crash-loop, overloaded and slow to respond) communication might be impacted and so it's important to understand the communication flow as depicted further below (TODO). To avoid the risk of blocking remote calls, which could render the whole system unusable, sensible default timeouts are applied which can be fine-tuned if needed. +However, in case of a component being unavailable (crash-loop, overloaded and slow to respond) communication might be impacted and so it's important to understand the consequences for event delivery, i.e. function invocation. To avoid the risk of blocking remote calls, which could render the whole system unusable, sensible default timeouts are applied which can be fine-tuned if needed. Kubernetes is a great platform and foundation for building highly available distributed systems. Even though we currently don't make use of its multi-node clustering capabilities (i.e. scale out), Kubernetes provides a lot of benefits to developers and users. Its self-healing capabilities continuously watch the critical vCenter Event Broker Appliance components and user-deployed functions and trigger restarts when necessary. @@ -30,9 +60,9 @@ Kubernetes and its dependencies, such as the Docker, are deployed as systemd uni > **Note:** We are considering to use Kubernetes' cluster capabilities in the future to provide increased resiliency (node crashes), scalability (scale out individual components to handle higher load) and durability (replication and persistency). The downside is the added complexity of deploying and managing a multi-node vCenter Event Broker Appliance environment. -The [VMware Event Router](architecture.md#vmware-event-router) is responsible for connecting to event stream sources, such as VMware vCenter, and forward events to an event processor. To allow for extensibility and different event sources/processors event sources and processors are abstracted via `go interfaces`. +The VMware Event Router is responsible for connecting to event `stream` sources, such as VMware vCenter, and forward events to an event `processor`. To allow for extensibility and different event sources/processors event sources and processors are abstracted via Go `interfaces`. -Currently, one VMware Event Router is deployed per appliance (1:1 mapping). Also, only one event stream (source) and one processor can be configured. The list of supported event sources and processors can be found [here](architecture.md#vmware-event-router). That means, only one vCenter event stream can be processed per appliance. We are evaluating options to support multiple event sources (vCenter servers) and processors per appliance (scale up) or alternatively support multi-node appliance deployments (scale out), which might be required in large deployments (performance, throughput). +Currently, one VMware Event Router is deployed per appliance (1:1 mapping). Also, only one event stream (source) and one processor can be configured. The list of supported event sources and processors can be found [above](#components). That means, only one vCenter event stream can be processed per appliance. We are evaluating options to support multiple event sources (vCenter servers) and processors per appliance (scale up) or alternatively support multi-node appliance deployments (scale out), which might be required in large deployments (performance, throughput). > **Note:** We have not done any extensive performance and scalability testing to understand the limits of the single appliance model. @@ -42,7 +72,7 @@ As described in the architecture section [above](#architecture) due to the micro ## Event Types supported -For the configured event stream source, e.g. VMware vCenter, all event available in vCenter are supported. Since event types are environment specific (vSphere version, extensions), a list of events for vCenter as an event source can be generated with this [script](https://github.com/lamw/vcenter-event-mapping/blob/master/vsphere-6.7-update-3.md). +For the supported event stream source, e.g. VMware vCenter, all events provided by that source can be used. Since event types are environment specific (vSphere version, extensions), a list of events for vCenter as an event source can be generated as described in this [blog post](https://www.virtuallyghetto.com/2019/12/listing-all-events-for-vcenter-server.html). ## Message Delivery Guarantees @@ -210,7 +240,7 @@ The vCenter Event Broker appliance by default uses synchronous invocation mode. } ``` -When the AWS EventBridge [event processor](architecture.md#aws-eventbridge) is used, events are only forwarded for the patterns configured in the AWS event rule ARN. For example, if the rule is configured with this event pattern: +When the AWS EventBridge [event processor](#components) is used, events are only forwarded for the patterns configured in the AWS event rule ARN. For example, if the rule is configured with this event pattern: ```json { @@ -226,7 +256,6 @@ When the AWS EventBridge [event processor](architecture.md#aws-eventbridge) is u Only these three vCenter event types would be forwarded. Other events are discarded to save network bandwidth and costs. - ## Code Best Practices Compared to writing repetitive boilerplate logic to handle vCenter events, the vCenter Event Broker Appliance powered by OpenFaaS makes it remarkable easy to consume and process events with minimal code required. diff --git a/README.md b/README.md index 7f10ae78..269b4ef6 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ The vCenter Event Broker Appliance follows a highly modular approach, using Kube
-For more details about the individual components and how they are used in the vCenter Event Broker Appliance, please see the [architecture page](architecture.md) or [FAQ](FAQ.md). +For more details about the individual components and how they are used in the vCenter Event Broker Appliance, please see the [design page](DESIGN.md). ## Join Conversation diff --git a/architecture.md b/architecture.md deleted file mode 100644 index 2638b713..00000000 --- a/architecture.md +++ /dev/null @@ -1,54 +0,0 @@ -# Architecture - -The vCenter Event Broker Appliance follows a highly modular approach, using Kubernetes and containers as an abstraction layer between the base operating system ([Photon OS](https://github.com/vmware/photon)) and the required application services. Currently the following components are used in the appliance: - -- VMware Event Router ([Github](https://github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router)) - - Supported Event Stream Sources: - - VMware vCenter ([Website](https://www.vmware.com/products/vcenter-server.html)) - - Supported Event Stream Processors: - - OpenFaaS ([Website](https://www.openfaas.com/)) - - AWS EventBridge ([Website](https://aws.amazon.com/eventbridge/)) -- Contour ([Github](https://github.com/projectcontour/contour)) -- Kubernetes ([Github](https://github.com/kubernetes/kubernetes)) -- Photon OS ([Github](https://github.com/vmware/photon)) - -
- -In the following sections we describe the individual components. - -> **Note:** Encompassing details are also provided in the [FAQ](FAQ.md). - -### VMware Event Router - -The `vmware-event-router` implements the core functionality of VEBA, that is connecting to event streams ("sources") and processing the events with a configurable event processor such as OpenFaaS or AWS EventBridge. - -### OpenFaaS - -OpenFaaS® makes it easy for developers to deploy event-driven functions and microservices to Kubernetes without repetitive, boiler-plate coding. Package your code or an existing binary in a Docker image to get a highly scalable endpoint with auto-scaling and metrics. - -In the vCenter Event Broker Appliance OpenFaaS powers the appliance-integrated Function-as-a-Service framework to **trigger (custom) functions based on vSphere events**. The OpenFaaS user interface provides an easy to use dashboard to deploy and monitor functions. Functions can be authored and also deployed via an easy to use [CLI](https://github.com/openfaas/faas-cli). - -### AWS EventBridge - -Amazon EventBridge is a serverless event bus that makes it easy to connect applications together using data from your own applications, integrated Software-as-a-Service (SaaS) applications, and AWS services. - - -The vCenter Event Broker Appliance offers native integration for **event forwarding to AWS EventBridge**. The only requirement is creating a dedicated IAM user (access_key) and associated EventBridge rule on the default (or custom) event bus in the AWS management console to be used by this appliance. Only events matching the specified event pattern (EventBridge rule) will be forwarded to limit outgoing network traffic and costs. - -### Contour - -Contour is an Ingress controller for Kubernetes that works by deploying the Envoy proxy as a reverse proxy and load balancer. Contour supports dynamic configuration updates out of the box while maintaining a lightweight profile. - -In the vCenter Event Broker Appliance Contour provides **TLS termination for the various HTTP(S) endpoints** served. - -### Kubernetes - -Kubernetes is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications. - -For application and appliance developers Kubernetes provides **powerful platform capabilities**, such as application (container) self-healing, secrets and configuration management, resource management, extensibility, etc. Kubernetes lays the foundation for future improvements of the vCenter Event Broker Appliance with regards to **high availability (n+1) and scalability (horizontal scale out)**. - -### Photon OS - -Photon OS™ is an open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a **secure run-time environment for efficiently running containers** and out of the box support for Kubernetes. - -Photon OS is the foundation for many appliances built for the vSphere platform and its ecosystem and thus the first choice for building the vCenter Event Broker Appliance. diff --git a/examples/README.md b/examples/README.md index 898dd2d4..e73c84eb 100644 --- a/examples/README.md +++ b/examples/README.md @@ -2,7 +2,7 @@ This page lists ready to use functions curated by the vCenter Event Broker community. They serve as an easy way to use the appliance and as an inspiration for how to write functions in different languages. -> **Note:** These functions are provided and tested to be used with the vCenter Event Broker Appliance deployed with [OpenFaaS](../architecture.md#openfaas) as the event stream processor. +> **Note:** These functions are provided and tested to be used with the vCenter Event Broker Appliance deployed with [OpenFaaS](../DESIGN.md#components) as the event stream processor. | Use Cases | Python | PowerCLI | |-----------------|--------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------| diff --git a/veba-appliance-diagram.png b/veba-appliance-diagram.png index 9bc005a6619bf7c5620f904c9d7040693ef4b32f..7ee908cc3b4d360840839d5a890616546da15d20 100644 GIT binary patch literal 202499 zcmeGEWk6J2*8mL94BcH)14uWbbeD8W2}p-@cXvpqq#&Tu-3`(uN_QjOJ$!?D-Ov5q zm+#N_-#eT$v(MSN)?RztjnZ(e)V^=4Qe>B3qmZj3ak@utN=o{LTEXc-?TL51y=d{Sg;xR7Cx3a zHX{y^Gw>KLwj?3wX;yT1$SewopQTh#5c$Jbnvmob*bG@-I_VNR;P}WjT#`iE4iPnS zbi0zwtD_;=$q8jP4mJ*beLyge__-OoohC;_rfAp(lc7Ev%ojs*$uR0sL;YzAm@^j^ zQ8_d^n)+aWgKTRNLuJZ&VAPUk#6;9PuvHc%Jp3g2!-H?KiN5|)Py12b_QS)HN=o2>d4$1-jQyLbK1M^QB z6bj7)h^UH5OGAHEjT}r&Y#hyPos1X8zCm9g*}c?q1OQNQ9&aGveFh&3tyv6=Z4FIW+^p>$+X3*q@j{clK`c;lan1UE32!kD~szh7F!21 zR(2j99#%FERt^qkXbEOVcN-@IH)b10s^5+L(~h`_qmhG!os)&F4fwHL14CP9Cjm;z z$BzE<`8`e(H;e!4$;R;ySWp02A9GmQS=dv`txas41pg1?{J(no|I7TpasIBTWZ`CFr73O!t?3AbNsyiG1=pWy|C{yKs#^b7 z^#vE_f7kr4od2r%2m`O8g9UV;29HP-Wanr7*SkOE`B@(^{9hRVJ)OVaLg!NunV}LmKGahW00;x5#YNQIfO{5twQ6QO9e#xdX3OOby21$eJP5R3!-@<4@AVO&M2ZQ-`rpf+M_3ryk4LF*AopM6@I!nF%;5!tDF1ai z`uX7k9CKomB>vSP5GxiW?EJ6pp#$0k0Ol*G z{H0A~z>j}}1jI^(f&Bn@VMFHPs{Eq!moD1HLAc>K*qb5P`jW2!Zdd^nm^z_9IZ17CcoW3A!27ylX_pqPb;vvfW+ zEz>#>21XM{xQRHcp?BNrT{yjU7(aIx=*4d0e91f*|cVNX-G+DQ2?dKCs$0|;F>*7`C?88Yz1HgI~p z%g~jm3I0tw{+RweEG#3)aKfLs&tLs7h8`Cc7#>Q*hQj0YeqoM)rv7sGm(?kZ z3MJ%jzg*S-#T9gMvCTnO8rz(V+BMc+#zY8hH4G?G`0q6>u3rmXZThuIpH8U$1vMDN z4s8_^CPLx=(D|R$&~8Nq5gIo<#l^)P;#aTP0L-lKIPMOo^c=H+>z>AoLg1VFn62L^=NH zkPQLpDR@*`8tLmA9mI_vk1HTO&?7M5XCM@bnJ><9o5ZLZ-WCF&6Yl$!W=)IF)?66VpHVjJ*RBWY3W3 z>>$)DRL^;UCMo9qN)RP~Dv9>uGO~f3Ux;ZZp?T!SEM6wMk1)OT3s?pOLGJc&n;`KV zjKhk7VD5lZHI(kH?Nd$FY=L`^wI&s^Zi2y~ONoz0IuzM4a#hvCNAU^R`|r<9YRj3Z zFgNoe=oi~R6X%WeRc8NB|7 zKJ{y%*wn90DL@=Z>&ClP+V><#B#C(SfvUVu&Xv6mXP2TgPg!?a9$V1hl$-2`oENTFJDs z=A7>gkwBvJWZ<8*9PC~82?Vs_h5+oHE8Ry_eaW)L!U zSRH4BG}4m8+JcJ?_CfTNZ6b)s2zWgRQl0p*qEeq{EPz@sGKDBwr2jXsOznDPa9zP= z#gR}>(yj&z&n~)v_@RQBaUg~sK(~gV@?HFMk|@)NCE2-}cwi=eGsgRA&ku9ie56v^ z_|?v64V7mbeU!zPMCGpKS4;6(7*ciRo!pvYT6)mIMVL@qr7ckNfwC z6B=(eC-{6Y?#~LHaep%-e=RBKv}tL49Eg3SXgLfZ@)-%<#tZv!D3eb~DTwle&_sQt z%<0RyOuW2~9Kl|c3gNUPyETrMMs7YK9$LDdb4M3+H;tIfRD58kSWrH0w2X@-+H@lk z$x!X-xQmq%Ex*W)8KGBl%jztAKw-&xQg#e5@->?Mlxo1E0$je5Y(BZ1T(GV!r<`En zDV(k_)Z2+b`8MyZL&w@@VkbChhH1Jkseyd<9Fo4lftP2O8s%FIS(fA~q1ZEsKUBye zk2wkQ=#oVxeg>GofgkS}J2j&No=7}JuGJ#yPo2tqo3_(`gfSRADX7VU+B64Ge@yZ5GcM9uA2$pN zJaWGdg&-kb0hqyrpayp%a zv?KP~0Qs>{ij8C5U;&?O8v>;;WW3<`xcBCvKO3!wSG@+|r4Az;KydBLm?Pq}{Hy&b zA`aM77>EO46vu5Xh_&whB&FGrLbG3~k| z`(U|IH9h^^$A$;D`;X+wavTgcPeyuQ;};V!u}`LRq*xdB@a9mWX9g?Ab-@i@Dl1 zs_6xNY>Ft*<|~4v*`A_6YfL`RkiDiD(&~_8A4W#GD%q(-{Zg-JoJntS+#$MkYq2X< zqaSxR^J4y4(b>2on@Jz%NK-U;KE&G_cU3R)AvdHH)7LuU6L5DVO}PtA+<&(`uU!)^ z99(l^Lf>AC66CBHB(xe z^JYA5KfxZcN0Wah+}>u2y^Ysy$YluFuh*hgXO}552?g zM=pt{kw&`mrzrf@?UcN&OwI87+*iTs>X?YUXDOg?`rxiX3aO4NlFgkd;r{ZE9G>6C zS2Bih*OqeKXV~m*YiRYX%gKt(*k)dOi`e|sWco}emo z@S`nhb(5I%J|LC0cw(Uug1B0DuS3ppA@|qXg-W^DV4W2H2aqP_Q!yg3UPqpngN-KF7eG2@O~pHbYV_qp zex}vFMh;LU!5vA{0ch;^EI~QFC^&@013R0S`Im4BmGy*!0-aVMB7HeISi3R$Zdp`u z2ydH6Xcxt#C~T;M+7>(XW1L+%eg+4f8XBiDZF2CEkU>Fi`Wl4iw{R$sLvkbVXKtXiyqre3qW4)kT18q>OA%ob-`5O zjCU^rT)$0}AS=Tt3D-m65b9I}95|Fsn{0%OmA!4SsA?~d>pS;KHmD9GM(WPVhcKiq z9)yT|L0Wp3jXG-|^nO(OHZQz01J8 zt=aw38{`|(@5Qk+KO0B&V7yLxs*8SlAEVdSp4^H2fnX=h1Snz|Ri6GPg13eO6XKp_ ze-vYaU$5Ma_r2`XYpN;dKQ;n?93;6?WTEl0k>Bdf5CsUA;RZe=)30xQygvvPnS}`R zq($c&Y}Hm{vK}MrP`dyoy8VZzLJKl%Z-o#I5+I!h$6Ue1a2s05>7-GRo7+XfF?0%A zwz>j2iG)*P3S9dUq5Jwc6c63v1maS0%t5Atggky56SYG>Kg{r;&Z z;HYSnLL-Tv8w?pacra4d-n^-crm2DCwg)v&pQfs#!KG4-Ry)4n32uImtobC-Y}&F3 zff}o)6O%CO$2ElhZKyLx`JSV**#2Z#w63o6aj420Jr+3r1ga zo#k4krOX!S$hM)Td9P@YA0Shi-3?ikqrLS(in`udU^MqEuO(R|L zq}6#V$uXyAZ`e?5VQXr+8N6>e2+9qAO#>g1qW`wL;;UZWBupUz@5SdQ9f+_f$B^j)5NUxWpcLdrN?u?)&4yq~=o(a-&*J|9(N@9YN zeSISb;s%HSVMzRb%dw-<-kH+@<1h*5k0kZ^QR~Db)qQ;S=aB|u=F^oIm-crAxU!`e z=CC87*qFJNmrlJ~R?S(>^`5(^K|lt~ca71Nmjwt{nY^wdwje{7eu3IlWj6hyxZeR~ zFF0?;^JCXL2L}UT|!m0qr{GWqbZw?VM0e$>lo2ArB;>PuKbaHLgEi+_Zkot}G@7XIH zZ*YIsf0|d5A;|vf7Cj`!uvtbc;R4J_b1y&A2jAK9*LBNKlylf5vkw}Ljsg_0DZB2S{y zuEu&(V|NLD*C?>eGZg&wC+;X|z{%=L%1>*d)m2V71@8}`K)UVJS|#>tu+u-HbLyid zAzXs?QHs<*!1lY_3X0)~ie0R2U|_*q^4^Qx?=>{T^{^OddoV8~+6?s+37G&S8?slK zEtxxjRJfIHh&rUuYI9}7hvo_}wPWC}p1el*+L^O+PE9D1UoQ3`+2(Qu{kB83x0nfo zW&;cOek+pg#21xnT(MQftj-8a@W5V?(T{|V5?{oP_uDjrNaD(vt5vUM3ud{`u|sCd zkxL|=ewI7(0WEpR`B>S{3I@-JANucrtbW6RcG)OGqzfIZj;Iab^hxB@rD)=7uFa#Q z05|p%i4QaB?^VPzIX$F&g`wZejIkLf0kkSjE!8*gC>e6bs<}%L&OB3j>x#- zn=)28*#z*(+}nk)2BAZitOAV9U=tCzS7bqlb~Ddd)fyAmpCTYLtox6oz^M+$UCJ+S zbDQImutl^^svJP37~ zz!~ra23Ig~9E)P-x);_*^1{K)k}an1FGxC1;kJSvz@HE51b+)E;>*U+3FRiD(0x?T z{CS`@1|&E%WKIR-v?w5ps@tjQ;+Z5-84T5pCws)uk9nR|Szu&jgMGeRY4Ty$RvgX5 z^VC2=8%T_>ozJcRi`|aCVuJS?OheA9XkIEFx1oDPbht7G@#r%HJgkWh%6!_$dpwix zc7O}X8VN!)R`$IB7Q!i*LHPHlikox*AsCUXU~6V|M2gJQrk(l*FkAyov5jwa>l{6x znVyG$CyK10aCu8}we=+jQIsS9=_ooXk^mNwt!nLNEFAVQL|UlJz+Z8 z_=%Yuu1`3`)}ZPuJP6cAvs#*pkf7^zManTjBT#~B-D|kQ&CIjxOd(zLNJ1e2j9B4? zpa6?JS^wtA2-L-NJo!TLQV^$>`}E z*1fhmE|BUr^naYZN+nqM5eaud$W3zZBJxr@{Q72IDwCx?AZ~PRLE$KXfWU!0sG!`^ zYQKu>(xv`(j(v3z*aNCNL?KVF!0=|4x{c!`r*(z5Q$@BL>BU2z@)c59GE!_=T;FUC zg?p`6NRo^$QeRrLWIflrr{uS#jYyJo9#Dg^YsJ^-42abm4cb|I;r-?|24*tqdaqh8 zjK!6~qrOyZ+CH*v>av<|5IMS7ijM$(x?HEe06?lWPCJ;Dx1*Zm-?ZWl$x#UpaK*xv z*WvSvHuS;3Rhqk~)so#>*32{#^d>bHSg)Ba@L{^+D(%aSr(@*U=;{bd5&{?!2}D@n zwYUjxcW!jt3<>f4vBq$}0#yRIUm2dTK8kl$8GZzuv+OtZD574r#%O+FUP2U?i6U37 zxRFP2M%n&K!*S}-b`I;DgzV@SZe?jH!Q;#NP)DWESBZo(2CH#N|5#DZ7@hJGyiS}p zPYu8Q_0H&l@WDx3aoB^Sq-8$ad?FV?W>~hLgZBqJ4hBTRz!Xrj{nI3(Fb94KAS+H@ zz0Y^&00Orh9sy?D=H=Z6d#4wYu{btD2|}NumTi!kP&oS9odT;7QS?qX)Ioz`$aGrT zO(C(6a2`9VMa-c7_-IjnT`DGcUS&md3ihp%!f-g=|oJJ6++xhSJu;AEwU!lpP;DxktMn>R z;X@5!i~ljgAF&|41Rk+;?7VoS!qk0O^MfIY32;$;+*Lm;oNurq{^7WhY$#A6ApESHxo9ZB-I=XXQ6#RYddjfJB}7`)8@Vt;F%zysV9zZJwD*}i z`XhQfLp#zNECZIw`=MR6>y77&3XC9RXWDwgLWLv85CuEj_Y*`<*uRZ9tmr(5C+=U% zHtjW@<4wC$^w0zQjCm3PMffhWyG?T>mlaPbt9Vk^6eCehQ;^YbY(tesIr!XN0v9N9 zmB+CIN%BTxdOY#H3>N9aJO|-~C>48Sb~sl{8T@)&uirBT{YnGJt5M7;*98^P$G3Cn-{*ny@tail zx^D1w!s2Cuj(Aa5^a(@%ak0uh8qEsQKXv{Vf9*QarR3+>(e$S}(3=QF^9jD8I80bm zsNV~PT@T9^Rh58kSLY%3y}X%zSwR0EC?cFSTQ)$8RM~?CU@^|ocT2Qn1(N^_e#~Z#}S@FGNn(RWg~@$Eg_DLhqPoIGQyDSOppcp=4o4f-j99yHj)Y8%fL=6 zEs@4oM)D!GrP1t=yUqrPft1gD>sT;BE9M&CnnG_Ws2U%UPeF0{zLd_6zk}j~G@Zju z+V_=NPu6~EG1uZ71S$3@-+BD(;~ITnckdhi=+l+P?x2&mSA^(%9n7fHi_h6g{dhCO zF{DZkAB}|23-IVTe)3zF%fJVb?C<&exnc(J;sJ1Zck1b8PrfkCfmTinWMNKy-@kHn zdQbJG`bk)Fwj@Prt+4qQ#1hdZf91Q(X$%2k(d}u@J8*=wP#S#nTgAXVAq$d17Xya= zi|?YmcuTmSuDL*}XQT*x21#+&X}FuDZdK1^QLM;ol}P47u;%Hu9c};`2Zcu0o2CVg zJ$nTa={+O$=Azl_&jCX(SgQ4V{kN5m3_PN_SsKZs5^tX=OSw7YgSiEKG!nDxeH47S z%7jxkidFEJo6351X#Jz=e~@c+?|ve5v{dQ#47~f}?`r47hB_ji7%rj%nUOT(H=)(cH zWf`hIe3GsSbZ)^9yA^S-7S%Uvh$DwHV4>;z45vpIorH$GJ+EwlH0jY7wFg+fpZEgS z!LJ_6`SyVh8*_NA>YGyQ%c3?~5`<&>cQDA`j}ccA!ml|Gvxg|5d$v=Y`ghsV`NP8K zMA0}2pJs)PS2_Ors4E@>_vwoxSvLfxpa0CdW1w&%`{I0GwFCVxBCxwbQes;*=c`Ma zbF80`*bWw8;jdfC5Vh(jC}ud^(jfo5>rnL2i@jODtTW9XWm5h$2k>$SlOvZ{9z7az z`-xBLLnP>9LLGfVi{i*u_PA=jyex6{=27cYBsqAtFTQ{Y_WH>{R)hi*E$7nL>(Lek zF9)fn91)wm_7>YENG(V)i-!6#CQ0F@^~xLh8L`n(z~vW&esG|!g0;9wfNq?_rfVZe z?$vTM7AoT&;S#vO!Oo!nG=(6V8Ifq8)e9rgt^>UH^5}r0OQvfUam5iLSP(G9SI*dj zx%=KxNz>q|uaE0%WC-Z)>Q8qR#$x#|t_tbHkCNk?K6~JdTPX+dJw$ zp}JJ6H_^h+Fz(iBo~@X}#loOOa9tP}h|5*v7=6d}m||vZCwUMz%j`I_!-ZsqQHDac zHQ`h2yb%z$hsdRR(=hH_ua|9;M++Pyik}+pcbu5Il^s}-WgE7)+eL#o3*QCl>M1;_ zWg7bGlGtT5!9~b2W&cua)^f>2N?cIUtaBW(<)UhS zLe+v0?W_eebk|U$%_MTbR$DoTqYQH6u^n%=y1g1kVM4lexv>3?rnm|;MO8-nc%!*l zj97m}HhlEjAY4i7y$yMTM=NvBWU!N*BEN}@5Nci(SGnoYH67!Kcq&mT(+#-TbjZCq2AmX>NI z?*7bIWvNg6kHRrR0xSXAZE7;oJaRa0MkH|zNsnhoaD=b!Gcj0PXf7Zm!DKfWw&|h=1GGdafWE&g>f@t6hv^9~&w830~b9oY= zFcLyRxFWOK$(i`;NUBaVHkDRG5td2pmw^Ev=1RE6P^m$xX~A|3$P-pTxltZnFrFx( zl+n`kf}s@ns32c1YONX)v7Q35npUpAAA5Cb-3xJ{wVG5jrY!k89n2YH420AJeZFHy5gK5G-FsG{Y3KPq+ZT}s~?HOrg zG19I8iOsgNa{<&(Jy4+_rmW|Y!{#USwFh|2Z2O!?B%SJdu_Eeo{fZMT%hAh~S(NkB z@&f>zbuv4geJO1PfKM7ajKyP!8%c{Yw{34gf)k{bGSvh1p zKBvmFJHTnEQs?j$rEE&8dDYC=G& z$%^={R4W5P$i}6KaZQJg<*F`+a&BQ)e#xEuUYTBux|5Oby)|(nGQ~``UdEcU!o)N( z_3*~7jBc9yhN|FXq-GQ64|*i8X+0!mjE?kyM5a49_G?Tb0Dq1|^byPGnXUgDJ-xL8G&CsuHi@;Prdxq!!P zERb}xC z%?BSpEPGxhq*zS8nc~n7EvE)&UhdlRs4Q7Km%w1w=BhuqwgzGpBn$+Y)xMYw93``l z>^aVGy;Jz`&i#w!-;WpYs@kaq6`oiuQr8pZuPE^lj5>wxVu4eh`psz-xco!S7-5h= z^Yh;#1sF6TBa9E2h*0%^l)T!9sDv8=^V)AK3a=Yv5sKT(hDM9Kse;At&I}=risX~P zu*Ogj5!`_~qIpw{%d|sOqQ^=M2s_x}pb(vv)>%O^AZvBFh15pvMrDZkO$5(b1KaT> zRnNHpnAbgFP^oU{?D5pj(6mv>voQqV^SydPQdcy@e&dzFgC~Vdc5gwMOKXe!GHe}Y zM_u`(dcN0^3C{W*EtZoSn!K<*<{B|P7oHW%I{1(`3x? z<72M1eg(x!jYW%!SI-+pP6BuG*SxOTV6wJuFkdg))Z{HU0!@^(0zRXZL&988b1}3* zr3*(zT*MV)M&v<k$+H)Tlcl}W34YX{jEn~t{;OXAvYau^oe{+v7nDaG-+y zxbsL2IM$p=v!#F-XeXU7;>K71`QUttkYElF(jgSR?NHQUIK(yDKIx$o_0CskrWFlk z0!^g$vS3D!?ZV)iYIMukA=6KsD>O3_IjcC>nD>)hUy!gAoUq~&cxVs?I3G&vZJgTS zjijXWly4=@aptz7lYfeJng1q?UGl8N{@xVlWsfNQH%{zT;?ZHb*KcJ4o)yw!L~FVR zioH}PMfth`Lq1Or($me5xVA9rwBs76fjQkvpSxX{Mb`tz)Px!Fhd28dTk&W;BL4+i&cbKyc z+!*>mXu&0TkpGkW9e8~z#P=$9o*y{5QPzDlrKKf3IAm3IHf)NMB?`3jJu-8>-En5Bm~qclAzlus#+nfoTly>7h=dZek2V2?{t&N64fLZ4DZNuGb{1#CYc=h&5g~@< zTi#sf63GT`luU! z#m~fM`K1>AHymKlF*Je??4y424}bq}V4o#J<^E^2+lh9+==;Cn0Aht@Lo<)7;uZgr zms;@{JXRr581&mh`5you6T)|ouBq%KufIi8M^QsnwkT#^YMo#4alfJa=X;eF8ghD9 zy#B9vW+*O9nI7Y$tj6hA{u_cnX-pw#=BgQW_FwY;zp4EHrt<&2RoQ>+Dd6c%1GdP^ zGo_-UI$)*nH(UR`bWK6P)~fTxEF|iDPDvd7HZg@?B(J}TNfN3V^P@{m14S1Wl7dSd?=yqjQ;6$TpQY0{lhFds zu8!R$cT+j}gTUnY5*Ja*wrBIh(fI8O&qJmZFL|lZsN>4v9jVLsRBjj2Et+pkYs^&V zWk^|Qo2Rc}W+ArebQwly?>5I7BzNsyYwzu8ulWP*?S5A}Co3i-6h73-&CPt|MR!(7 z^s^XYZEfD4`{9Qe4?0(QqgrRSzFEE7mK8n|OU9!dW$wM6Es;JKcQr@Xb~+WMx8 zHyegF)rDtT^A!i-(G$1Fy$QOP5Vtd*dv-6D8$Mr8sRyTuZ~J8uZ(O;SyWU)0O7`yG zU+>=S-^)3dwT+T@U9vGfq)&A%wLJ7kSKQq=Lbeaj+wRA+W1LZMk$f+q`>gN!_4Xk@ z!6tMUB00?COIu2~K0Usr>N>kT;?w1~cN1E%3ur2YoI&p6TDz9=4$T=R74?#Nu49=yeH!M`dNuC+Tl%<67dAA^b#`%{3ns`gOM>d)`uf5$ewR&3 zxV}2D+zyFBz|gHM@2@vEH|&TXh?4C66KEf6x@9BTEpyY;k2iXHlz_QVKJWNst2%Aw zWgjC0C}o4Xg}6Db_|QoLH>JKkq?JiV{5o-@kObg7>X)v))GW%Z@_>W&MOGU3xKTw@ zg-9$9Vdd;>uNa-HPfc3y5Qe#3uIZSu3`a=+B5%KzcgnKC*mX>-q}R$@ zSZMYNPl)w@I|%)&G68Uq#6;Xd;Wgr@ESW2zxk0%dzBpk??Js!7Xj;g;@l;e|v>szb zzX7jG6z(L!y${Sy#X|-VlU8)EJ29rZW?A}e{R}`i+nLBW{-vuB0^cjp(&THt*|OiY zT(AwytDJojn8*4o8Xzytb8d&bh7o)^HClhh*zveauuUOe`MmUX&3or^AaSv^h+C?a z3lK&@Me&1mV&EYajsy(VNNHW;L0w7ou-F+OFkab?u~|T`Mr{V-kQWF^$tu5*SK#zC zm*jEJYu}^BJQGu4qF~<+9a_v#$f}z803b}i#E<~|ICl8GE1A&(Tk{NRdahlyt2XwS zDD!_VU=d2RB>%R;aStNpkc%?$s(i>0YhXw*%zVjp37bN}CL6Hi%K$wdrt690d8S~)7<5_`s1u$i_JRNUIcHX=28lhP@bV};y} zS*i-qGT6JbPzVXgHh|SM({wFx(91DtiI0@`v$~$FFcsOC|$7V)HEh zao{>WUiJ=WF`eGKely=z)%e=LJq}eBuarbW@HPwQ#xN5>3ow)4zgs$&c)OHC#oxxz zVosP@Kx;m&{R%<7-dKY0`;|f-mCX2f^Q|N^O?+H2stON#IxjVf-Cilr!?5Qc4oD73 zDp${72fJGckFrjqGgsBh>u)P%Ui&J1&M%~WZ6sSJP_dCJa4MOw@sZYlr3s;jPjwt+ zRJ`6vtcyyi^C@p6fXPzmhtb~MZ(AXBWy1L$aE}FD`XDSmvrsZMEu;}aiV}fqzG@mj zB_E=hsSPI|cQcg4_j-1dTr&J%9E+h0i`BY@v{oXTVUw_aK4HbQk|BM!UyzJFNn1uY6 zxc=rZx71*C!L+rTJxk~IKJB57>6EU{is+X4I_CFJoMM~vzPx6&p{GebI~OaK__HM` z!*y+t5p>V(YolZ&JS#V+cvsYwGCJ1b6OM!oi#MuU;3r;A@OH;7;p}qn=5OWwegu#< zi}g#p+}|KG27oM5^9DXW;{@3iC2_<01!ts>4L)VM(CY1BRoA(|#Yiju zTy4{j+P&TCr%`mqd86zp2>6}FXS%SaFpr+y&$u(fF*$goax#@m_k9j?&8725)?U{t zM>(@e@2tp!U7{8ptEc4Gzv3a&5tXkr?M5)%o`zz~)NJ${Aw%szvmPOPs~guB9hR2G zpm%~MQ6-1f(->LY=JM9}$?&Qr76irx;gJF1F@QlQM6{!8+&ii#nK@J;J(ODBI-j!% z@$q1aHHv*TiWzJ0P#pGcTWf~1ysCO4*z&uzqB7j(iiN~j?qSr@;R4!5?HD9S8=J#@ zf~wjI@*efN3~Sg=pR79CI|WjPt8Q&|-=Yj~=wkCE#ZJZRJWwiOtA-h=R=C(_-OkzR zHF&RN*UhvV=_aEw0xzUGS+EYfO!A3JF+_?g^UA?%kZFgiP(V?4?iZ^jC+7-PzdVn6 z$m(>C=+h!jy5Syxs-Ai+b5@GAMy}BKx97$fLau$SkTDUQK*(`;Lz>t)k`l4Q*s{4lae!RJ)H0QHwvuQ7YObrjS~HdmsWdP$@u z!|gNaIv8_jvzi}*=jPH=m+sRe9rnMV46;*_=&Za4joOw}!JM}!xU&^Y&QYaTNV#m9 zU#|>iFR&qB^b&g(x8%7pz2WSYg@(gY&F91Id@>RVREYFH>2$hf#mKM>Z9V%!TC`uy zNtfI?`P9gN=!CU8gL`qz()Q50CcYEZtn;PBoF(5AW)%2}z3$kuU*7+WVOY9UTg_MI zZJvj35zPrn+C8JJ0SMUJ9_-I!1AKXz5Om2wTjo367y9R`UQJf7TJLu+UNm`-;Qj=9oEv+47p{sMM#>o&pIvgdfk@9_INxvQWNf!E#A9k|$G}etj)?2ylMt_FK z+m4H%WI#l&N`Njc=2|$snG21j8H;m5y8)STC%-g3+C(2L@FUHBAX9ot9Q4A6LUM~$ zM{6B_-GEAdr48ZT-X+tM6+T*6SE|ugf=r7^-jsB_Fxx-d2za z!|9b87-WgcJfS2MruEy@;=DIq8$BdpH=RHHQQ@!87PYJP#M_sAZOeOtT1g)95_h7z zx_ixwgk{*iAT!F1{E!Dv;rL^y51}dO)+q`xI+I)5@9u~obl>rfH-g!+zYL}M&fuxa ze(5Rl{)IeV?arP1NbXat5?kK5JpfrKYeGM~6zU1Mpi0Of z)Lso!(C@V#SvIp#p4H#(=twv^6?w~N<*giX{tX!%-OVF(wS27R-i>vaN>G`{r+X|% zN8Ihm`?GA&?=ir!;2mHIK?`$H(Djgk_RjIAioUWr+r&ZbeWnEIY;x$0=gY z3NkCrP_5tn4}s8Gt1xwkV&kiq;`uL4T3;>x^S=P(s@-+dYFyD~ zx7u1J;6p+_fa8Dc3>6{DR3OSdh1w>>$qs)K5Kp@>jX194$_<8@YkMQye%OkcUgED` zDrHdU{CPmHU|xuyJmC4B?qMV5a#l!4*V0v2#}MIXW66`#gogL5q*Cn9^g&Af)*ySB zV3DcR(Q;A#wwH#1CPXdkJ8W?usam+5n-S7nuNppZdf@)mB`sNH7b2)1>SnaF6{t%3@j|r zKyu5P$>0MkBF#&TXeVz?%;=q5BYqwBw9e;Uxy_j%33<@SscW&*GyY0bO87CmPA>IS zv*mh(mDr^nySVk&6ad&K;n5=l;)KAfbIITJAe8ZJcDl|~6x1PrHk`F_f9I~j|!pe|}B&4g|X(76d>f5-`Bz@b|u$B02 z*y|bgR_ZS7?oXm>1PH|1)8zFtz5tOz;3Rd5y2&gv0q!iRhFX(g(40E@;Y4Cj3&T+tXy1a4(3xBMIfmrvBWXK*?t+EH&8 z>XBB!ewPCdja`vRg?1!+bN%wHkIc!RmTv)pUFxv)T5DuJRpe%Be^Ef*1=cf$bx69> z#zy8qM=9ajL0324rb|rhVz?LmHH##D0|3m(`$pzG)%RRZ;Nvlj_oPRUA0IhVJ5nwJ z@$LRb3mY1%ID02?_O=P8olF%i{_aXGaBd1#o;9y$)h=CTB137+zXndvn!L7$kcaN; zT|2%L`~}Hj-79x#^?1BuvE|baw}n!em-A#+uiZX+es?%gDTYTzLAER7I!m`_6mycq zU)Ez$f4OpE9Nj5R*=*0)#5J4t6?Sm62N#J`5;scEmbhC9t}`UaT|uPs6 zfcwP4``DQI!bv<}(tuibq-e@2&^8k+Y6uS zK0US;YAnzz%1YVAhcRCGkVpB}T0XiZpoS8^p80SZDau?ZD5U|T*-j81lt3lromzM^27+?`UELZvziDM8Zsz@i2& z>HdkwE(i{p@$+cS%Q9$R5vNXN>6uJZ6KBurC#i~9t)Pwhz|=@JiqG3fyp`X;S-0k>6ON)KTX%dIOYV-x=Jyf*=S&aJUmNeKRuAph+P2%gs$CwRW zlF-O5Ki$%8v}a8|t)|+CsV#)D2#q&;{u3+7y)2#&-*BL(s*#XCvb{zKs`TPLB~niH zMIS9yMr=R)Ve(l$=!iRb+d0wFQl_#*tl`_)X^r~irO#ZHgNgQ|L2N`2SC2RC4WJTl$kyoJLEf2Ts(E2=rjK}9niS@0U$qCs$A9E_83V3h{f zSBsTy-oy7Z^Tj{5r^z_Mu-Tu8Cr#n>#rK`H3QZT%x2`h7N=CDx_O&78eA4S@g?TZ!TI>YR_$NwE@&Yrr)<86WHJ+`(SjA1Il0sTv(S~ zIU^jRqmrNOq8-l#_eBOfBIV=nmR%zPOB z7@byEM{y(jnzYnGFfOhB+3@$B>`0!h4}7j&{X{@6-3XV1GJGBx*U237$T~~Rv`S`J z{LaAwhQ~7DIYbkeBQmCq;nFgMWxxR`p5yk_WOgdgD&Ifca*~PSy>9RZM_1N3&onci z{LT6|RlSKT1M)P1z(h%L!X^EPmjD}-*8Wkqa=V|;&ldw-N*V-2HUu#qFsE_HXgnXP z>Vnj<7aDJcY;HHe#QQJKDY6y_1LrI)au0wD6d#=H{pnj4+T9yVF&Z7LYR-q`tplC5 zWqS)A%D^X0%0CP<@y)9XoG@J5)N9{=`nc6W@K`lJ+y3~zN-HbQ#LECLD?DuN9ewuj z^R@OIR+2BmbOk=(Ogi_MZ-EI|Z*q$L<~5ae{*pY)%7!8V!|Bv6_w+!>XzRn81bw!3 zUx)p8XPaGFnrhG~xEEjqhfluak%voHUu!8R7AxQ+^644yLsCP%)^YvyIy@7z&iCHblD<@V5)I@@))%bu+3 zx4SVa{yQHmv3aFg*c%>W>L{50{y}TT+_ndQRd0{K(`M%*{2qkO7t>w{OI&UFYxgd& z#o(2mo{F@OSa)Z?)i(Cp3rN%RJ6f#_LN3!1tDMI&J&j-Z!VVfx)~!){@vR1@0Prnx zZf1(xjbbkZ!bL^wGN(a_OmRoP{fOUY;(Z)X8 zk98`(^-`lP&q#2q5qkv-^MLAMSFbIwzrLu{(ILOL_O{#ie_3y(V9JirWDbuNbUX7m2chYkuy(LcDM4D)C6U1Qt|g~X$;Hrj4%m&gW?+@c)?{jE@} zU4>}_zjG(+Nha!eGU^-Bf+;+`7&&=mSBw4WQ+0MlZqP7AhcVS}Mwx*)x)DzONRr)s zX}Mjxs=)HFoYw>{n2U zz83TNz3@*TJ$Qb<|9TVV^ru?~8`v=yywCW)x~?+CcJ6Ptmv*#3!JCZta?m-aVD6OJ ze6M27B5o}lc3n_}Kerz*4ZM3@W5yuyqV&5v^9$`uuu&JCf|=I6Q;;5P}~pOKIHLG7ZQyZ-D2Edgn^E3NDL~KDrvYgs6D+X15z2EaOqj>LPKXIqLzd?yi-!wlc;cjmVf zTmEsT2-_8=jUOMV$+VXbblA5a-fw?&|2bBS-KT((ySbPk|zA#iCrm{K)GEN8Gv!|Ml!)ZEZg-uwAI^j9|vj{ zqyCm)V5S{u-N}I+bVSN<{{kq+Inc!EeDOLer?|D@I~W)^+KI%X|GJ9hgFfgs4p?BY zi90AQ#y|lTIDG!X>GScp$0D58Ry+qt&+5ov!LKlIHPpoCDACSAc;z_H@}HtR<4{uZ zK?~J7)QxTAiS#bQPGKC7qvfKjx3C;uhd!zs7(n`B<(~ZlJ_Bwb;|S_HvRZ^PSWM7+V}OM!}7nG&s}_`SZ^>`v;pr3E^1Coq-XK$F2vyEJgk|iJ1GUImcv;?fd9_`8Q3W1M_Z}Ea1j8=Ci}98#7rKX^&jC)k7u6ax`fu)i6)Uz5 zxzT`3yiIPtVu5YIR&jLgSjqMKFSgiqHM#cL53jUEmD%om_@f8PjIY1dZX2=KFkZnB z{uAsa2==$HEwbObWs$91Qt09j-{Ze?guS7q$2Puj#6I`a!?qziFlVNg&^vzP9PL-I z=l$KWCgDVT|LpLpl zkQao}h|%Hy{bq;#s?LXdw=PuDb zBbP?%KFRcqCOW0fLNtc`p^gKuWuZ#?HpU;JRN zd!86A??0JiKG<09Km&R{7WMqUZ(nR{R}?`}bz;YuVRfOi)C8s46>Dqlzx?okElPoT zE|q;DAQTL0QLZ;_z?2Wv`K&aSHWi48_Jf_>_SKIswre(2yR}2yg~-Q-brtrb7aFXu z8>@cfTs-Ly->>f?AOfeK0AEo>Snnn5s9;@zb6&|GzQ*tDWAxyUgAqBfeDfoGc)i(h zaa`cgX7QTm`+S+9A9PY$gDqJiOLMxQw z-@-aG3t?d}gty02uQk{+Z#3I>w6(wgfoi+-+!D8T0mJ50$HQ2V_J95Kpc~QTIlgbG zNKS%qPbK>WHF@@(J4&$F9M&$tJah_=9R2IY`>7Uf?0zWkAAGsNM$msLfuJ>+bs>U; zzF@?jI67eKk+)A=S8i(-=3reMES3u^C{Cs1zyX#1y}g5W1WNpWd9Kc$hf?^GA`HSX zZBZ{n|MTumGTqq=>S35c%E?LHest z)>;DMD&TrN2rL;9JOQESw=XHNFRm}M0tnbt{th5b9cU|eAuW%A_u<-ZD~E8#Hk9rB z>2@xk_-Kdq+iD2KPwr^9UxyIu6abOP=R?t+522gNPxB-JH z-+c6l9dGTo8Y~|8)BES!yb=sDp{-}z)rEHbF)TFs)7P4<0%gfjXokZ+!~iS~w?W3g z9|Hn^c}^k9EyMNmIJ!KHIH?@xfEX9QejNh^-+QaguCE9NnxY4UqIuD>;pH7erV?QUFNY^!wfdoR z3hZ-tm$|{P41|-40ZEnt>n1t=3YH$djPxL(zHA@7M$)VnFPR zIvXDWKF<|+cy>eRXhw%UAKR$VyoTiQ@h-j~ zO3_&4;9+wP4>L{4*zogVYZ=hQDeS1R zWy4*GPRE^BFG8b`X`lJZHY-QopcEc+jH4Tk1ckwVjMgS$G=VRVOlahP{+U&FErkCx zyto;UFP~s5B`PTrY%!D})wi#3bKZaZ8~g05pI&bFT)znAz?UXhT83#7{82$eN1?hJ zTQYs(4k#NSnEl|1!;Ys9dn{q6`HM5TLOId}DMMM}XD7`_z?xUcrVHhp12%m5r$pGW z!TS0qSJ^e|E8P8L?aPVGM}`pwI%#ywZ! zVWVz`3R+N96+=-_kz?O|^ng9_a-H+XVrEC8p&6QTIGVO{*MbUIq;TY(0`}_C^q6zi zsfc(Qov1HdQRzCmtb2jE+=y$KnPL=)i=P={W5Wi6t7x|)&WSY)N-l6Z0HwxP?^$H` z-n0Z^;?;bO8?o9A3u^wk*QLlwJFU7NzW&iNtK5GN3(a^KRySh=X^gD#9M8oKO zvd*)!_03PLup2j2x)6Q2;?{`rWEgcK5}6JnAOdF{0lqW10Px|u9$PX$ckG=-3$2Y1 zHs9FRXgPQnd2{RN41@&@3I+XmN1wZ-!0x<$iEDEie)KC~5tO<73p>1)Vab?ckG$P# z7tTwuqnJ{76@=l?K{zhjYo0E*1AGe z@orCqF#Us1ErHc!Ar`dDwjzvrPUhJDY(Br-evX9?e+tXT5xk4p#``vq_px1J+jiZC z`F8nvB`zp3|K9UWR)z%skGq%I8Yps$Fp3}TE;zTsHmohPFaPU1_A)FZi?Ak5XL6eT z>@&--Mnjp+L)#ebHep)bWf!&CSAVj{o_e#{Dq#)aECHfDo~GZ-J1s)D9_q0HSeuMF zoX85%~plJ1!JIa zz8``g>)sFUUSg}36~am}onB))j%+u#VnFDnWA=wXK4`1bMlB7>DfZ2x+chSY%KgVM zMee^}TV)@_fDQ*OINdXry9mnh8!oN1$G04{zkR&cO+EDkbgYX^>w%Vjx8Uag{@4<` zaCOO~N_<*b(0cW{3mfdeerJzm^bMeogZ`ukhXgQv6#g4A6>{x@Z2Pm1Ep%a)!OC|s zcky{WcFp(}#?R823=FvOe$F9kfnBx1p8!PNLZmzLvvcsr+EXR7$hG+Hm%ew4a4n9*JXHK|t~D90fnFaYmu19#aKAb$zw{`fbbc&dP;$yaRl3}9fQdl zSA{Jv%CN;%LB}BwXcFDRbWGKq|G2}h!*l>Y2auZo!w|NvxUj-?L@1n4fTrNm4x#lp zOo=+dk>+(}P*Th*N_Q;z!eGAHVE@5wo%Z|RddDs-OCOty$8<5@)M8TLWq5Q~UQp(? z%j0*J3D471oLzl~8++xV1L1s}nGa6SNY9$s`QYfzQE0FiLNOJ*cxhS}i%qFx?DNBN z2saXkFK^27~!F#K+MLA_c6~0u`)GBrnnk4P1)$UkQHCn%NFF> z@BZ201#j z0+yn~kE#cyT(FzS)$8ZEwA}E;t+uHcT6NS#?^x%38T&fF`MlDxI!|THiRBt7hI|-0 zihu~5T?F`k;5&53p$@woope79fF`n^`_MA`1B_-KIMQy_Fq7pd8{Z|9IleO~MAF)b zqwaL0cu`Xo8dg~IUG3hTk%0JCW1CnCrEeoT1#D6wdqD_F!h0PH2tr}+cAr5w-}#Ld zcJsz@g<~WL*A}xyWPa!vKFyiSA>e)C!^`Ya2*_+h`3__J{vGD;=L@zN=ElXj#rFSv zD%1YyXZ!4t7mr&4{Ii|+j>0_Gq51r$*4lY1Fsc~2#P?rxm^?>ZT*qM90!;U+%6Du1 zeD|4JD*L);aygj5K8p{VNux#Gxe#Xm>^Ili zXaDER#wCru@}Jh&g|J+sbN3*jObg%jOefc^aXceK7O-%e@|7u6B0WO zKO9yFufEJ&GmNtD#?%H1!^q~CV|kJd+gdkm1$~drn7Vq;Rr9S3{X+8aX=nLTiNLx? z$11`8%MMKc_ym;scV9QI829(Fee~r#h`u5Rh;q^2&dtcS2hcBFjJEQd5ACX}aA=bUsGagZ>+NGhZw-Iv-y?gxhsc=u~0Af{Sba@Y!Ql zjJ_||;h{C`KD6T>#sI}V7${hS={a;PM=FkdI(d%MOUZ@(*Lj<&VKtL!fA{0PcJNTU z%LDUH$G#P}3SS88ir>0xxv}l03+fXqaik*iByM8%QUQHy150un%8ZgdC)KOoPn|(9pRHXv3z-5?%ffP0^r?on{XHErhDjm(20NI z<>OX^7g9Fnu<=3SgHeD5zV61ux*qdzAN=J}`%}!RUNkyvHJIy06MHty-thr(4=Nhh z2cJA>hYz<}E0hKot|`IGtJ(=$e9$Q{Jo4;8t8eUfqo#a_C{Vq55JCiA+-$V{Tsi+z z;>(=-{qm0w7hkMLVFLH~^BB1v7_@whtS`cpg`I~wZ86@F>?jOi&iep;65g(jH7CN<3!ctKr#QMui?x!UE)zbr0?5@0#Zg@!Ofji6iu zN`@fr(uh;eu?$Ml(eRB^CwecBK7Yui2bO}iVnL4GcHLqus}!5pf2B z_r5)b-5g%QJbS)0ixA#N@ba%f<3|6kQA0z&ab3B+bNqlaZTA}4AQh+QlV!nnv2>qI<`{#d5xLSeD_f_bjf$nxYrHfFCtq44Uqdbi~kIj+FS*Oix4 zTTOYUtK;mHlR5J@l|we|ctWz>er2^2{>g%las2$*L-r)BA`U>y-UZfNF!8)aId(g& zW0t~6Fb|*oetHSw2!wxnx){@} z@*^YQ>{~=D9O(yxcL*0F|LC8TLJ0dqj1FG`#Ri@4FANT24S~IF&XSU0ESaC<-k0=4 zfvv14(|#XYA|8XH`IlIKrwH?g`6^|4Y2j4?Ve5jG#jbzDz7^lEeE%KBU`1nVpPP=r zwNO@I8lV$eaSz{@+zIG`+m_nC!yWcK)=nu$n~LZrIQsMLYZm%<_hTTX0C{G983zT) zW6gaKs?za(#jWtqc7fJ|6xjayv*%*UTN0+0<>7n~7VoKV9l&%6SbL%Tc%FZBOEA*< z07hK@9_HiMW7&P0qMs?peyc(0!|4okK^udCDGbhV^qp3wJ~ceLep#de$|RfX7g!+% znF1k}W#EEAg$|Bf+>rrLnRN*3K>h9w^X>jympMffefavo`&uD9GG3a)Q<$bBb2fMs zp0C6}68V4XAGTR8R+NTOiQ`UxR4zP=^&bA^lPm3xYifAPrIlsLx2|lBUu2)WdzCFjAHe%%IW}=Y-y;}+!*mZm3o91p zxia4OCV1@W4yJX;d6 z=4Du%D$M64>|D9x#qoIv|2Luk%|Q(IjTkV)q&w;c>js^`?ky_#oboy0v+)21(`XU! zPmdij4jDx&*4TgbiU}%j?!RGy8=Pbq!L#e48T+7xC>`@A_udIe0r1`#x)3;;zZffn z|K&qRFkd|1Zh|J9!Uf->e4(?k;lukW?9cnb%d70+EywNu`j5j_oiJ===$iVxwbKGJ9$E(c+ST*z8*jGSHJENVge16z zI+gPV>ut%xLEHIGqdmQ~(SE$Q%kmLs89FL{8pBKbM(oj@9X5*2%I%lW$IClN3AM;; zur<<~yPDjzg%Q4(VmPMPzkvBN{rbP{w68o{k2&qbPB3o3_y36(_a8if#u)|R8+iW$ zq8a@+{(X;q^YO!Wl%xOPzZ>%o_F@5~FZ|Y8D?lTcz-%7rc%GG!yc^8N z8@g}5Hex*}vpvVU>fCy*)qP1pa^4!@%3HJu7N&)4$#YQ)Hwx!?`V`2W!VQV zDzT4$v&F8(YQ?>LkRpzXp=U6K)<5};waz4tWyDVB zedt*IA1tW24sr5Xisi=26%PwLM&J7RZu|S6AGWPne2JQzO(<9HIKugsvFb&vFm+A@ zMBvO4;JcFV<(*K9{{l)sD#E=G%13`GgyTQFZ?)ZcX$2NOJz)O_TLNw>OmgiZ`x9Qt z$W(g)?I^Yy{=09zX@wBLIhuPfgf3cUdB@S_$DTRhgjx1m_*_tkw}ZXq%XW_%O7 zcV6WE!>}pr(RpE*10maYHlmHdR;=?2EEmFCJ4Pyb-vDg)&&N7F6#fH&HxMY;ANl8> z?!mn2ZY%;fwk*p_w!9sWEIV;x6URx&4hbP8 zp+JGAjFyj<(y#pr<%5<|TH2-`vjYNjkPs3e4Xb4DIB^m?PHe|}Z%LLd$&$6#_y3*u z9_i}(O1hTisdH@I``-6G?-~EIo^_t%get7%Co_;bRtq?Z{tIcj$B&DAMELa-E49P& zIpi>pFG_3?2~=5!pa1k zpz%m!o%~rn_wpXwE84O`j5odqCdk_5qB&#iR^c1PjcAv}7mc+~-#pR&^r7vxbV9Uk z5aHQj(aC=--wpVFBKR@E`pyyEZ>~Eip$#W&Ng1NPhJUN;6n9+AFHa7dj~LC#`d=<* zfwxE#4)af1)R#Iw_3D26^-FtI)@C^?YAAzIv-cc%wSal7a^1*VUIzwAs^(oJH)| zh;#!c7igR5qOotgs$2Qy$JaBjm)Xj<G$y_rWxT z6GLDS*_0D2$l3ljov}>|$t*Dn-+6em9TgLO=XF!HfU+nuNkzSNq%@WzWpeh3and|X zNbr;A_u9Wcu}4mQw0}vObtWQ$#(+DzZlW~cZz~Pp{u0TCO(4_V&o|;?B9J# z77VIqw$2#lK4GjRb47U__QRJeBmfy{ACTskdh;%O`)<+RrrN`i<320~rc1!^!^ii? zWNW{UfNQb>;d4bH9^|o{h=e9Ej2ib=CSu^RWqa-2SCw{QfOdfTzpBYH|JZGGUA1-# zH1*X)_3a<8v-`9U@w}1p>MqeT6C9@0c>lk0;URm+1;uVrp+-zVm}PzUkUKb3H5qjs2SRUygin=5>+^Gt=`PLxXRK%uD1f zYO3}a5`5o$@vU-qQiZy&(^U0VXMbN%Io}1BYN1{rtq~G#U$-(b;XjaI<82X{*X!Ir z#uX?|Qz2fIL@@tvE#a#BW#~ce={`(dJA9z5&W~K zcG#CCU>GA9uTwoJYNPgbRyIUJ$tcI(QVI710s(>3iGZ70#1Vb{C!1}~^g^2`4Jh+t zWML*vzAV?+V~*0{k94xfzdyFiz9(mS*T~@*j0tOjrXUxXURc+EEFmV!ym$SGwdtE~1Wnwy3$?583F`M{#A+K^p zeq2hAow|R|r!JCjnrI!NJopU2+?&&0V8W8uw|gyOL3;7c3j5lRH`*%gp&lh?YKH{w zPv5GspZs~cwl|EAtzS_qc+EC*|Godc*&bR~V-qxuA5}Z$tg3R`LO-hQgv{Tpbp>*? zcDuHXy;rB#TrVpCzeZ5j6AfxAN7G>l0=+_hD41~Qwx%P~z9V{zefX?zevK=a#pyu_ z`is<&z&tTTwT#weu-+?6jW2$8wY{{h&UWj)nX-nRRBD}4!!!Fc5@gwpp^?{ouERmHe{eeEf*3e5{ zESHa?7S&5Mi|(zG+2Z%aaAWrG>YxHLb{=|sn|jPzce#Z4pSxv}ExIVOT7hTZQU$^MpL7EF%v6u1x*-{wH?ZeG=+j zr6YaiTwe|%+w4&}*n4<&wX?p(;s@az${_|hTNFy=lLPA@0%HZu|0CitzV%$0T|H42 z9iq=<>}$(6H`#x@eZ<}?e;SkI5P6G)1B`L7B+wTSWPJLr^SZ`8^gqwtMC9^wRORQrlzU379W>3!aw4@#kOO zyV_pZqH!w4&U9_lco*&wTf7%aVBxXR=0^U61GM?NAl+fZg+%ZugIGTs9qAs|M>NGdqL8)3&&{xpaw62av_Okv8~Z$edBx` z^%rMiO&qo*j8+}l3&mS_HT40>e3ll@joYfMT~a^NA#f)B4DHo_sjSXMivdEo&SZiK zGRL7!lW8HDt150n=N&I`W;!CTMls_o?h|z+3L#f2_7ZJ1I3)AL@oqwiCNB3d?t>EG zl;-|66ta_M^LPwk#}g!U!=%P?2rE zII3mZ0C}2jID+~rLMDW=x?Q?(UC1agL7vaog?G?ir<81Yxi6UNLDxKg+ zWdMrJJF4xkf4beyQ@L3bdJCTUe|b%%eNXk|lqS;m^@M=TroV_Fm?Y`^+?e*-r?*?4 zogaAafGrUgIHp6p;)6H!x=4;Mzx3pO`~BNyh`5Tz0ddZka0yI#1D^?7B?MZ&w$k1$ zM^B#ED3-bBN6s&_Ez*GDeY%YWSN*0+ee;fM#yi0RY581VTzNny^b!cEzofE2&e@h{HI=x@N5`To|7SmI&;*nn3rrlM;pFW zn*Z6-csd1v)>=*``r+d{?PXa!E|T`vodq7tphRV4?Y~DS$l#Y}k~GqkgPCuhw6)7O z$~;;(m@i@YIQ{4!WVOY%%I$L0HdXWYB81?I@98S=S|aB2rz;QH$8N560szmH6iJJT zrnOF*V&TC{a*p4MBSo~*fgt*otnDJE~`lu^#_0(nzz zn6i}{tL&cp*V{TBO}tow8uHeE=Y9W?=l0p{S7QbpSr@S0O_Rk|r%qQ8bb}Ts3)U0t zsZW>rIe4+otvS+WzojFiU;C5UveJwE{16vfV3&k3Dqf) z?q9ffjlAj~v6))qX2?1fn)Qh8gF}}3$UC(aW2ux(w4GbG^xl4%m4EM%E%v(B-*?9P zkdoAjrDF(XtimY;|L^BJ-I|TFK3|YoQmlRK+6ngia<+G~Jp3OKq4ptp(l3cwF;HH{ z(py`q<(zuAb;ttlTJ?2LB8^uD2xy*MTc!2A(dJFsY1{REg=m2f+fQ%46vS5j8_R<=1}jyFr7^`D}(|LKnxxb~-=>0?V|6|i z<)1);2Ql9xWl`c8;G?3ATSd2CCdFK)#%QO~h0!k6nonO^xuedt*Eli8q)C8=z#5_lmn}vhFz|NEd~k#O1FY1ZtzGhF zvs=ga^!U@gZ8Fu`DHHPj@-0Ap3HcHLaGXtzCOSVMkXNQA90U&0;w;Ih2Dbh?aF870 zC78Y5oOOIyQossnWqqJLOm>IGX-2vDCq2KJ1TjHdwYl0!t;s)r^59+eUDwpe>|G&7 zR=LG%**YClBPxKs@$mu{70uUW~Sx7QLm-20o4UtoX#$&2jE zAG^^0;Eq|&Byy%!L&yBnX!;M{hh&ofPY-UgB59T5y~QUh3(dn8hXw$frA| z@1qa~qqIPHkHx-RJNDGr6Pu1W0f-lO%!g`8cWnWSwN%1`O80h zVw>&JnBnNb`2GuKbeRwW0s(=u0|6Yvy(I10SAMX@9(r=8W7zyW95I*CfX>&Pc=-im z?BD)up?&WCGi_6yG=!QaV$+AKEJQo=wG#*?%md5~C=`4g;&ILW-hyZTS8c9xr~XJB z>h?a94%__@s58gIs3XXn<+mKfrmxCFN9`*T5?@uC=kjJ=b6ei@&Af$G*s|S6ZI8^) z37!$=s4(_;BeahX9Oc#~<_^I>W8mxiw=1u=E}~!aN4fAVGDA50 z?2RhhAxDP<70FpVvZZ3I@~Kj~T{yTH-5=aXVDX>7*!b-7H3?z(-e${_O4x>|=Kd``Dt~Gxdl` zhxowk*9R;iCg~)Gy)qk|tEy^f91~o-N}zLC^^og>r3Vx1gTi?!IFCNcDtdMzPqJQ_6X--k)XfP$r z+UFTWl7zM)zjS$T{MCzl?7?N_HbE8{@nufTn)rkb5}q6uUjIP{HASDOwAD8LjF{#R&^+mhTl87#Bv7B`erG_ zI>fwJNSKt2W_Prw`ohiw^^T6A0?>1lWXW2mI^ypii`rf4D{R>ut9JHPzWcUWvKGj- zf0Q-xQLW|08vis1{n+6WUwFNQ0I6CEvzC zIyGO)F}C5v7d!F&O|q!C=hr)R^rHNtCFwVb@x$*EL!d9Z|HM)r;&1y-jJLHWro?$uLv zNg3JW1yS+f6C%E3<$#kH9K5mcq!K7U+c^5dRLW-O$=~@mfQi>6-Y65bG7)VPA!K^N z)#p!tI;3qe@zE%IsT?tFkcZn&`F|Ltbk=DP;TX>%PjPM8v9woFhEEz-GRVhf1Zas~l#l&&?O#)aO> z9~Z@?&AK;D?GfeQ{gn6J9ItH;I2Vi$SiHexH@B*02^q1JwCFkhqX=D(hM@vR002M$ zNklVTEo1M&~_%U8-QPbT}G28)lM zcnz6%00Fu*C($Z(Y{_Z&BNAdmW5R5E8gt*ldbf>3u=ZMCQp?j~TBhv^du5f10Kf;@ z`eFo7;4Utg6P*b3J?I>F#I)9S6a~kY%BK?b9Z#;ZhHsZ(3h(`onh zDM6guN|Pi(ZhYI@XbK)^OyLZbD18=NUW0stQhN65Mcp^g&p zbiIGZH|dtiiDr%x=_8BySHkrPA`k=sCkSAFuhXenAPeO*4^8qOO{n)hy33YpK;QG3 zOPyIY1I`cBOXd`5Z?nwEb%TL>vO;f68(F$%;(j=HlfYn%FG~Eii_ptQRDLw&t zuhmh694*K~LcG;-WXYaA$=Z%9xF%N-I9`ZAzekIJaD$^X`!_c`woZu!Z~`Kk{&Vyc zA@Pk=yPc1RZ;CC_vXx4T?+KK|Jo)Y8Cwms|1q1>DXD0&8waj^=L{G3sc+IXlSx!k1 z@Z4_u#2qta){WCSXpU$;L(_W4b<@N+9I^k@96CoPx>y08jKJEY|HsU6<+iiL zn$V#Hg z2`w-&Pi3w5rE*MmFE2P8v<<^EhzL;-E>z0%JJuBOmIyw*u5W=Md5G02UcLNB#0UIM zO_jB2eYLh;XpO|DR(z zY`N*BNnKQ)k=8*8BAA~D9_k{U1OF zc7gD40s^G+>R7`i6()e)Ug=fIRwt-cGUVGJri1N=U;Ow* zwlu~_!Q`JQfqI|L;IV7ge(tArwB&YeV_>c0IJpWj`uh(yxT6g5ZG`DQ^co5PE%*Jd zQHk~Ht*$f&)^>RkMs;loj76?%XmO_WZdvOsfmlXv)l6twC;U;`)N`CP0yv$F4|Tk~ zWk6lcvMmaPz#_Q2dvMp_8a%kWySux)ySpzeI0SbH?!jf@u8(|spS|yW@BDuM=j`rT zRXw_A$*3P`oVkc-1-Un`o;I*$Sd04Z3Y*bkRY6hSyJ%g@y4?yT4~<2S;%Q*`ffQZB zvOWB-wU(!mgjstr8;Q9CHCvw%V4ak9$)7yMtnXzWJ-Eq?<4VEH5H1}=vEI6KtsN=7 zU*Bve&IEPmVxrJwyB_-14^~0k2G^O0Hb9P+h2a*VAoLrUoaY^5%B}FeP#4M1>{~KL z7G*R?WZ6ViDG&pW_G`5l_6^8~BktL!YeG*meWf$t{mn82Lb=+?`mWlFUyTalrnmxS}8yW?Meq=z9J~2!-0GY2nJSc_WZ@+pzVV@Gh5|qM(3)@?(ar?Yp!Nc(>e-mk$tpUKa;4RV|9?kb4Ph(lO53iY6z61 zPw|Di8;m}w1b7Ulk8=9w(|PN~_pTxOL*a*0Y?YOvuY7IPk#$4@dtfy01GMk;kvu=4 zdV*G6<(g-hVqb5lcTsSgmDIDx->=Cp<+k>`Q6#&ywW#-*9w{G0F$gizRvL2Yn#tM@ zK0OkBCNm8sA9hH6QEF?kl-s%|*x2R8-=PAK5Pk7O^Tlrmb)zxNYKXQzu5R=EwOlWIJdS{VJlN{)op&;;k+tgYw-U+4|T@XJQhc)47Oc>&R!{;TE=vHtd z(j?Ie%a~Tr?wkI(x^_ZpSn46+Ci||xZX&H@cA{+>@TpWQ8a~KmayUzftRuH7L?p4K zPzt7xMklP>Vn=_KV$Lm#$+5P(XJv{#NL**lcE{LQDwka3Hd)as`IOKHIO6m4;?w?| zQtmSUQh!$Dhs9fSj{5#IHaM0#$oQOCTk8~)g&cq^5zTAYdpphI38Ka)eDpt|T&?DI z=un%CaTmKd($1rUe!n>SeCN99JC>uSNIsP0p>VrZRQGUvq0vQ)?d{km^7OE!U5j&7 zR_6?3{6mlX8SD&=|BE$Km|wf#KhEy|<2;LmbY2e*9633<%lR>|VC-^kMrRlLliaHT6fq&RzmTJa zx~kYIEWuX_y}cZ@c95=@z`z%X3=DsEY}~~S(mWBQgRU!dm8Q+`Q=s%tYAg=Gpd5KH zZhnAJJA^g@y5FW8zLE)o36Y+YU65NBFWbvM!y7-PbU+TJjBNTJO(GY@iu=THwO>$6QwKCn<6z7d59 z%+pC@^kT`wr^2#V3vnmBLty8GWEMtwwtZ8usd@Fa8ec?RQ|1^EGWVSdKls24UUXq+B|H6*SH=^K32A-6^!bp zYjKP0Zv~1Oz#3GqC()JAnC{%suGv_*Xh(>)Q|i_pjNT;no4>1-F%ZbF7I)>4u45}J_AmuNOoKB5Z#EBn*?>H8IDI4}J#YiL zSwYZ%Nt~H1C{f)I?lQ*p>z_z4L&chF%S*8_k!8&uWZaT|Myx>mxY_7MvNkzXyaa;) z!>9-crxZ^zI@7#+%&;B1u*fotBexU;b2o8rlQ1X!J5|ZZ=K$b4R~m4LLcDc!TKr6I8;f*<9USW1^YPvb83qmLah0e_wXKten zm7<;VjXEAIxDZD%UJI$Zo2$6iA;=Wm->+vm)GwqH_de?N4Z;y#dPW6CrSjJy3a>ku zwm&0(veVO;DbW;lXyY5Iqn$v+=Y1B4m_s|rQq)yE!<52D&SL%zlFbOTTT-fbV^ekK<_>h=wzV+ z4y#f34v`N$IP*`cwbl-PQ+51_of{Fk%vUefKAoxWootYQ&F6J-a`G6@@y;?+TOp+J z-CaRIFn>LAx80yB$fC(3W}2kfr_ya2L2{rC75hoceo>@urR$4}|PW`hJFs9Yr5eaOXx{5G$R7v3I7 zfW}R|tr{3V7?Y7xq4vE31=%ZQmCZ9KnsLZkS?+JXa7btP$z-(RS@X%5vG(NCbeMW2 zI;#pN7*w_xT2-!g-xn%G*Pvraw|Rei(3KS(&Bp9)@4($;!o&tUv^P_caTmFtJ1g!r z;WISjjbZGKk^Olu;I8Nz#hZJLD0C<*;eHGsO!pe`$BmHzbj28RZ-nja^Cn7o&5~r} z6tnzD*dR&I3bnI9mRGeSaI7qP<dgO)DOk@U8r_7un05t9 zDjbT{W|$E~gsUY7eBP!mVzg)*A&YwsJHl~C$1 zGIwOTEMIJB(;);ulsQJ_Y0trAcx5CboG=H5JKFST^AdNjXTq*z zFcXw_du7df%%QeWKGuEUm8P@EPMCl?S3rZ3cMDxf)k*c#({qP7(+H`0o?K!JVh6OW z9+MQMo7dLH?Hw@2Bj&uJc%?7Ex9ULvWqO~FdRD<+I~y}*q@nv^fZlV9V|5MY2bB%h zC(@!gz2~Tk(|zpy@YjZ{8B1;b61#Q*6=?jv7LH)K=8aXg)onbs*!gBsNOB-Nm5^au z!c%~AF&@1vCPeu4;nCM2^-P8!&raa3;y|9)+YaU`2Y>q#-~Be1OaJF!X64C-Y8(a4 z;{2-L5IW>SzTGh)%LO}9gC`R4A3lc?ZM4;sQ)~clhi#H1OW>d!m}o)*AxdN5BOZ83 z2NJ5444>x-Pn9ejjCmrxG(_N?$RHMihM0wr+r@;iOP{SYYuM51;r`fLro+z!j;m{8oDgykkFMlZN85I2HAa?QQ`_j!&ntqfM|NSpW| z`H#$_iq7YNndbV6`O)d3NWlRn#kLyP#inIt=Jof$d+F5sgEP@Dl?jByWbokNNB4m5 zUJXT4C$4z$=024?_+Z2{XfU`oI%Ke5dy<=Zf!z%yee5Y5Cx`r??vr>43w|PixH;ad zn@lw5TV7)sI#%d!P{MNIsqkXzihlaO?TmdW;M8Ki1>11WIcVzram%V*ajNhlf3wlAQ*;EFct}mr z)Rl7+{EjU)dJOjbdlrZ(c$@MC3Aj>R6l|r*A(c2dOrOkK zyX<8NW%4QPzuRxyDF=3zxWmzrAE8VSH+~zN%C7pgGeER0F$GKZIA{^e^)B)e;v`t& z`Wd}-jn8mW!?3|TlC!qC+fk)R_!@io+1n9bSePsA895|LvObR*2%X(OQ#ZqnS`3#B zlsl-5O^REbm>W&>@I#++X)a#=We}5pqLZoB+czXB?stb(>uewCwaq&CBJ|*V6C#Q# z%Cg^j8`pgG+I#P4Cfj^S*ID%|Iq?!KF)I8mLPq?wqhMIjCVa(PTwPf8sS9-z=+uC< zA>Gm?b|h{X)+JlZOXP?K`J=nVs7jmeDR?JXJbZA;Spvrj63$+K<^{&(pbB|qp`xCA zg3q`p_K`o~#t_hr{w%_x8d(Ek%K5FGDMEOTLMOLrl64Uy7q}6%b(%4ges`K7{O!dI z_(lBq?9;-Kai3}ImH#6JKEd&klVWI7ev{HR=Cuk`-= zBjLQ#w1=DIovMj+|KJuS3Nk3X?PeM&Q1(YMvvK8^_3bJ&s7|^R`-XA&bH1zth{5B znXKb77PS$}J!`gk{v60&lkt78p6`wQT~E-M>i)B?F^W!jJqP?A^)l4U<_uMwddUV? z2$DQe`}%2j+;Rz9TR2>&nO`A{W?t->Q5hPJWZIF0bDb` zddZl?XV+pkmw4HR8v2|2#iV z=`IuGE3-{#4eTsGin^lN0L|T@D*zU9rEU z#!25eAkNd5v+rh)h1q@2)bL@j@EO98wmxx8*)4o#sEu#&VLB|}2gOi-c6q*?TU+kG z(L6@Ny}KN_YhAd}i`>mS+00!sW^rPj7m)-JYYcyiUEdknUoB)fYl^2sjpU3G~syd*L2z0<#l~AjE(Ax{d)pt3HZ4e3knTo)})#F zIvvpR6t!)~o4PKYWcaF%DIC)@{QQc3o5HZ-_gJct20)Et{cp16Ym6~^dZ zC*$y_iS8iHE|ZdgRy@arX&8H5F)`n)Qrc5AVihr$pf^cHY1yaH+0s}%M?Z~yu9}m2 zK00P!#wg~4U7qO9e)OnJt{N~OSrT2>{b-!2tynO6jO{e)^H{C#d!@ShZD7N30?m~* zKX(jTt?6RLp2QETQ|;uXMW-4VyQW41?QE#UGwTDpd-$l>BG+Qe+c1%X>CGb^#rq1L z;g*}WD*2J5q-E_|oun|mri0rlC=PfBIU2hJVy%hYCf9#|KlsQL3$?Yd8~q{y{YTec zu-^MLMDi|rGi>2ECr<4RjPkJ|Ag(5pXLiGP&Z%AY$QB9yioy3LqSJK4?s|`^*yac8M8^?ioLDQ-{92Y8V3KC>pmz1)z9{O|>6Ja#%G;97 z>L{+(y9qBFRd(?~q&Yo)4Qg)1X&XqKP8fKm7R@!Azs7i0`+ejpzWlM~+@tlRNt6gB z@34qsk4^D=L*++V2~>8`&C5Rb3|$7LNFpgfAZ$=gLuJOm*WElvu_O+G75$vuED}zF zD&oUQVzKN)?N+h`n0bSoZB@RW!FZ%=KM(%&BLevI^<}MARg|V^PE+gaP>}0{-4}(r zJHyNH)cd7MPh2Y#L6OSGXZr06`xPVrgdb{UEVJzl(S2t&sj^y>t&Y;4w;RP0 z*=SjZP}BqiCUHm%e5iobt#6lCI?s!g_shWDN_B&9;P+J=SPOSRCXITLX_}MzXC=Xl}moBAjTt0GBZ$*163FL z){*|#B`Jw^%`f@n#%CW_ObIGO4BtjJ`ZP9Fv8&c2q9ZqG_5T)-4dLD5gBL0ujV>AIp99ej2_s7$O)#C}F)04=CD4Aju2 zZ5>f60uQ~8?ho2KZ&r);Oa#*@gdC!tnVo|iySDh z5R~JlP<1<=(0WeYvREZze7jrG=4DB+nnR=(Zvq(OVIpttWfU>$vHplWjNQ#TK~Sgb zQ2kX)igbe@RP9QaZgk#imIX>MsnQDa2*kMMKlB@QIkjM=@Ic_s4xu-nDkuIIrLohti^12u+=<;k3WI_XYY@?(XB<*hXS z?R^amz`$9*?K1B zn8)u$7@*ejXF9+q=+iA{Tvx{yZx`mIDa@N6>_77U= zRAaL1kE3O0P}hEg3Ky*Y{)y8wcgnv>=8O|Bu%RG+<- zz!i$=uQ);wpI|WdC$Nmw0CsQ$;M|#{sd?L&m_@6vSChVPr!y{H3&!CW^S%={>f8en zyGGXsQ>U|Cj}(_+|Sd{bfXMjb2pZR40d)nD4$Fb4iVw$@Q$Fp>w|4MM)?fhC8KIjpDuA zd&h}KS7l;re=rY_ytshhfGK*On)m8T9U9B>+24O^-}F1YtRvUqAt@^r`*~%{Ee_C4 z?B3G>ON%#jDVKMFhapi(o`n!DdeOv?z0+ey@VTGRrv9^GV>U2zAhTy{GWlpib0s!* zBh8;7}xji#zNJQajyR{{awcNEuZzpa%O=crJU0APGta4meQ$=6Oh}$O= zLmxwT^fP_xag^elmmO+sPsLo2isEY7H`UKJ%nqn|Bm=u-d_RvR=n6faBqKL#MrTNU z2vB*+03=vwz)Vb5JX9{1PX&Q)kQ;>rz!Sf~go4@!gQo_0HwsVaEilwlH9cYG8pK~u zpIjBGSrT^2`{zLF$O!|8w!a~m`z7P_BYOQBFv_(tCvfqT85eRG-(Jeit>biG!sY8G<4Ja;~mO}QVG9_1EUhIc_*KBH;i6A2{)g=!hXfbdO zZVj_LjG1W1|ISg`H2-$u+ssp7_*O*{+H#(l)~sDY2M#&fo8Ea7&E}x>_&dVk`84!^ zt8XPb`mD%Piz%gMZs~2X)_^Z$vaBxX-4S7TAYd;Ic$Lq7;ef%M_ z#fubj$>Aw=dVMcnY})Um`&}%h-M3M~GXvMo(fFp17sK@3PK!HT`u9+sAa#LqY0R;x zpDwxZw_6nZHkql>EA|Gm9eM$>3qScqA;5$}|2Py#ccGDzWUujt3IKI*))p7>lECyb zG*Qb8doQe>X<$loeGAu)fza+iG&Ibx5#hYP6>&XpgP6~?JJmnB9jy`|6W1K}4o?h; z&Yg;f#we2nRKIuX!V!6!^%}smcC}TF+vxIc)Wi#o%mi4#KK09-Q`!3hoJWnBIKLBI z+KYtleVI}ZJR%HIRY_j%uI4r47=1#6<%S4oyuNw1j6HW8za2Pmu05HC_;4uC+jLq) zfH0!-YyQN{3onbA&9|%L5Kh8&)nNO6Mj7S**}1UMWY9g4TnGP@?bH9%c^JUtvOPY7 z@`o^4zIrC+n3a@PUd)W9*IiMJyBm*Q-<#-HZK^T6=+L%H*C81BPG6FJ|7jwMtkUQo z)6SUnlBt9tH7*{np~nGw1R%yOR5xZ5-P}x$$Dd{vMkKV0;-G|@qZR7A5?V_Oi%dLQ zMhBxBZNA#2X!B9frKe-R;Hu8@?kEHX8Z_TdZ>h_2J4WiTzCG)m)<)kus_VGJ_fhNT z<0>5>7eX|p`4|H@H^Eq;G>jgS-OGNkwyZm=HU{=|{H1@#pTOtk^SlUOQmtG7gdmt5 z$>EXq6AOX#$w?+C^S$$fVD$nsLV=)oU>x7Muos0;&4{+p9bkFzqGEFC#a=-PaTz?F2Z1fY8V8G4KM>ji9A$v*>ookUC zkZx4?)1h)4-lzIBOr*1D(}PUwDej$uU}3;J(((vB3_|CcH?D_Le+J_~)7Eji!_3|Bn))f0#Uj{8L8T*wkj zatI7x%?br<}V-?x65Kuy~?RVr>X z@4!dr$CYf)#Y%~VW_jaysu>T7d4U>{?F*4s}gazuHczTeEY?MjgT83Pm7vBYbdAy;s*pvgv6_-+*cC)TWc{;n~M?|^TW zPC=gd6roK|Vvm-Wy~(Su5{=r>G2gGV%IDI^!t(4Y#9irLao0EBw9yBG-z@P5{OlvB zf&uMkXo=dQw>V|3ng6}pLWllbdTpSM4ep)y@|UnomcdwozD^G&0>i^5NBxPWbc03sQ#H+4Ag(KG-kSbsrZtqle7(K zI_ZNp1Z)_$yFmLxeU+tLtN=U5RW}E%`(KYA*5?f&d*#$r~rRwc{0opUq zUoTKSdwo=So~ZbmnUgz1lP%_c7^(ega=~59pz(0_*`EmP@N?Qu8~i7T{$-N=_nPyn zmXlKSrFI5FLs*kzDkeHwYy+G$B|Vdw=@zqdID+2A^NL2>Z(WPWdk?nF(raox2{Kt# z)zXNcGf4O^ax+1MY;~M(q~a)pc;T;etizhD^0>Gfpf1Y$;TMTdxu2C88V;=6#>-|k z*p8^)q4u5^Li*WNKCNedx>Hrf#$J*6;rCVx-Mo@riMVQ=8ap49MLFWtytix8HV4No z!pR5@Y#CAHGHo04ABMH8JXJ7{l43R{&;J&l#`^TcR;IPX%ne$w?Y7QU|Dk{0Zc&h_ z)JV25u|SxpDkYU^=;3qq0`94&T^;IVo^4(<*B3sS2Rh%zwc-f~Q68Hm73-r2fp=`PizTZy81`o? zASAusWwUHnS;~k;&J&gKAR4ckiX6xiZl8nE{DERc(EE7h^O}8p|2#dC0^^viO?kcQ-Y=63 zvQYqR!slw=N!S|)$zdMN-}m#^b_H!3L$EP&htE9`&3<&S(8?R#54|4GOV0D`x+zp` z6{v=(?50t~@xE`>!gsf&cgtEZ16<)-w`_YcdU;f~Rkc8B5|NG)x_T=BxD9ruvF`IN zz2_U~>vJ{D;A&OEb_#<~-;OwU^)a;dlO>9Nk4vcP?&6Lr$*#Byu#Ke>`DzB2Raz@| zv!i`MN26_O&>+6>o@00%V=Qw!?S>qKO2oxes3iE=Uh3dmd`ny@q|r=8hLz@axC$4S#puiPe+jGgI_#z8qn2$k|2sZT16+~<}Vrq#`Fgw z&kq_eJHRyn_EWO79*E?KRAZ_D=*4sJwXstpcVFlbo@hE%jR!`DlT{kR_9N-for&t? z(`^t8c~7S6V4Xe3(?gz>wMXr>M4|TkMAO~tM~Qg!RVM^f0XUIwjqCV z$kTZapB{%y++J1KZW-jdE%Dj`WSFT6K2W(pwd=t@-Q_WOr-_{5I?Y~WQwq~NKoO+< z9J9ny`$3Ay_j562_&lg|0+|Y}#C1vhY||h&vG5P#2J5_uEVUEP?U|OR&P?sYP<+s{ zG4Vwt=KYE>b9yPlB(;lXCY@*D`1c|B)b3n}gU~Y5FEb2Nb?4J5n@yRBtKSfLXa-EkZw@W0HEbPAx*L_(*^4)MzaOkxrFv0Eqf$(xU;0yMUpBu`omMq= zKVP^{LSSo5-A_EU=3I(XHELW>wfHvAtH54kH}GEZP5jwu&pPDj3-x28Zd9tm9T10K zq=W(IiZKS{WP^{)WM#gq2>p=kYP_y8n=N)&A;;Kby(MZe-bB=yY%#YT2e)1(q=es- z25El9@JD26Q~hKeT(rrp`%7$?c+l9OglyJvWnW1H0-AJnH{LrmW+koY)%|)G9ZyoL z4VZ5`$~EmJNyCLO#PQYKrqVn<5CI)wQi)~Bii-@Fa*hTg)9kQ#;q5o5ER8BFKCR;= z6RX74jBt)j20%-3s=89`vF*P2D^#n-qtO?eVt|QOlDU6bw;1EL1))Vfq#2EN-iJD? z1uy=_x$@2jG@Wxfu+xwY=HIDoi?6hiQI?c9F(KDd@31l$@O}0-wv0gZXuV3#_x10) zD%S{}p%layav@CDh$=8NV|&}mkn!w_ZNF>c7@+vM$Vo)t(yol%_=v&llppCAKZvnE zPsMUvASAqDB39sC$)A>yfdYBE)t-BUcLZi{jJLEgo=G*<7VyAvlT|@|Lp&lxcOlWf z{BN1SGE$*j{Nn>pP9Cw!w*gcK>k#QPzn8c=H+3CH8P8n?`fF;YrJoA|YOY$X6nRb%Lt&$bz z`X^qjyAb4hSt)t{S(e7??O`9wiWQ4YXQjCz+s?s~sWfVE^TuPblVBty&PHTEr_rS1 zi7DSVOZC$ENU8;ers7n1i+p`7bw^e6&iA0CFH#Ix=8aAUvdvZANJ*yQ7A7_pNqI;E zLQRK$rcNGHEjl%I1EhPrG7CDKNGFye#8$Nv!$5{jws|IE013V@gEA4$jJ2l)s67@` zFUtiJsJ~s5%Z2i^QM{uqMHWY7l`7no`>kaW__F65p(9sBZX@MNRR=U-ac=5NGI!+H+;@wAO~E zX$pXR_oN6S=O?SK;%DkD zu5~(ZbqK)Yz-)hn!8xafVa)N`$-9o-!M1`9;p05=iKQw6RuRS z=C?wWu4)E;-zR1wf_@|O8<#0Mwx?F_5lBt$?j;!T3{gYAriQhgB*{0sz0@$724LE? zD9I}7b0(+|R(v(VU6kGWg%P)g4)5l36|w&QQLNgs0m1ulCA4)Wn#@7;ggqr9xm2p> z@95^;ho5`S*>}Y!QdYfD$Tm`fIZ0~nKQ`Kc!J^jMiPb9(zkFUC+M4rOmxFDjY+6LC zr$}|b7giTIa&0`+&5~B1&n(PCk97 zilOw?z8T2vatxSQEZ0IcI-BAYjY}e?*r4&MF!sM#3Hj}_Ym{E z%OHRje;4eBJCJIl5l1ezODD&n`_dS1sbzn_35GI;Ac@^JvHBqw$Mf_EahYyWcb`@U zi9P#-7yu?K1l!NbY{t6T9s|kJlbaic_4}7U)8II7@&I#J8f_NiYuY7iq`EN*1wXKm zmM9!Y1yk49KC$UfUu#_)8E(?$BUyV0k$#_n6(dtVS8)9t-4JiD02krsQMd_SieSD? zqa*v+hC~Wf2viv3LZ6zozK9!1SbxS03tC*g%P>q^WdRLd`|}9h8~>wFYc!vNoBLOe zb9tXM=2?@aYgt9Y^9NUCy`Hl~DC<$9(gFm|i?5!O)QA)cNStXrcg1WHY%H@eb@_XR zLU*Auy5^NXYpUbdAm}N|^u&&9Wad?nw7cH#lT{i_ftYYsF^qmo`y5z-wqLDS|`%PZ_n2BrBdr6+6P)xf$ImqQ36JcAR(+}{Ymgh;I8W0M;c z4R9b2Vu*)fKI)>TC{@w8Ej9?^Hb}&=M3w%CxJvg&o9bb~RGr3{zB*oK9jj1;czP!v zmoSPUEbT{@_g~UNSfasJmS=XAem7?pjpCM#^ zFLu&&C5BsaMW1l>Ir?Fa`}+bHssp6&dB9xuRX53-5>|OnpGiv9EG2+aX2NE|F*w#+ zo_-+`K2-CgNdyc9;!_TF{y1clW`g-zC$(9%>{5-`3~{4*3$$WN!lDEWiB5ym#Rmo5 z*F`ncE}arqw@ngh0LR!Wi@GL02Wg zw0QQy5xC_;UCUl(D?Qyc%XQ44c2=O59T=?EBFlW*Ha4f)Ea`Ga8;r8#%2$EZSGUBxeio zY`c%D*St4XaUsD43^0#z8(5Bx(oMkQ;BXhDO~KG`L3!22Cu#nfr|WNL@y#6V0a!#;i*`IMG6UIymt3QymP9$xZ><{FQ{PYlV zT6-a#1K^vauIGU>Dg{O^-z9|Vj}T(NnLJv^u-6SN2h99f#C<+hj#L7nNCZj|QQ~QG zz}st16s23+Lt>4l3PAf!m!xYE zfk%#t`bYeTi9UPU@AsYFh6Tj;w%wJUQ#qoN@zC9**g=FSMt-6KmHR#ofO}eoE?uYXXGS^BczDu-7c4J zb3MII51)+mq((ncztP!XXy!1 zK6tnqhE)EI_eTl!sDp>+QTCt}36AqrH>JVCd(qbY$f(l#@{K>Oy|bL&-1N`Ah(cZ3 zF&YaRA<-N06YlL08}V0VC-08j4%nG<7~jS0A9Ac;789PV&h;SA}11|B4+wGP0 zSgA&D#5pK0qf+Hla*FxQI{E|E#lm>*y0D_gn)~Te zgs_kQQwkzv5P=MiW%=E}VfA66leh0ag1KimWYV{cz!*gSAfy$Uxx!lUw%{p6e*q-0 ztS?Ez1Rr@$0v|pnUhNJuDfaDdGl)F|Lq1v0_uNG$vwqxz(aMrg6Nw~gpT2_3h5 zH_gJMe1Tll%mWRi)Hz2wN5=o7+Au*?@h4lH$6YexQ5!R&OW$aclYUqs+|yUl<0&M- zFDR2^2J-Nu2sVIoOa(`)^UVM`s28U+P+nQL>cSfjkfjL$209TEN*N@A(+?vRpo|M+ z4*It~kC<3hJx6Jz7fqF}gZkjGz;BHd8ua(D8U3~g{#m)*ccd^kQInH=DgP`|2(WQ? zpg67YS?}Dg4C-oX^?c@=HwMx0>kfAPxw$usonn>L-AeLd@BDn)1GbcmR>nGYafC>vEE6JeFhCVNdPGlINY`u2X|@sE>e@| zkD05}aL~Daa^CrHaJg8N`q19O+xKb%8H33}xasR!>g1(b-m$5g)s>@=@RoD0tnp62 z$%n^)e>!(@ew}@q<4f>P`?kVQc<5?tKCmgb=aKh_c;%_)TV!g-Eumrr!#sSH3qO*L z`ytSsBQx9j;|4bQRMSsq`BDEUS}%-*s6^M%#Zxm8LoY_SPs#!C!P$We4ynmzY@55D z3@AqYFarn(VMy?#0gyEv_kjAS;lZd=m=dqbgrf+UAM_-GrEL|CMm44d?ms3oDF#{e z`RFuBTtB<;>`p%?+8JPs0C0me(CEA?vGAqzg8mrpZ!%qalt2_hJ+Vcbvn&8i&6Ah} zkpsxhkY(!N3u_GfuSxO2JGc&vO;^Hb(>LLr8HHY_upui%0)H8SA4q2liT-PxwlFX! zi5gj6Y%VJ^n|1D!&tSC86V)Jg7bSo1EpJyf%}R_dC2z2-$Zy=gssFKSI0%T#)ki4e zwi+^Sqw3_uL`$9)+ZM`{>be;XzmK}(tOs&#VbN*o8cdAaUR=aI$=``;uA{cKD;~I6q1crL!m3|^@;jvq_HZ?axg7+L@ z$q-NdW0`Rf5VRd!ZEYwJyN7UkT##_wb7=Cg3X?{VBs3Uiar*jFW9e)1`BwjEMgSlX zY7_}If=)NP&|5AdENA8UAt$d!XD1-8FK619zZGo%lt}YJas!uKfGn!wt?puA+zzaIK1^Q4CWfN`_x3WvH8T#eI#MyQv$da3WVY(gy*bFvUne!%}D z^1yHbps>`nQ(6Ty>O$NCwx7U~w;L3z5S7qBm>}`lpIA093l+joX@%<-%s;REUx4v1 zmB@>Ilq!ZeoP_@Tx3d3>DF1pO?r$w)h_qs81k}H*;s5=>|34!*4*zCVV*R%u|5@38 z*D*;9`Oz~3RqpPDkAm-VgiGlbT!s9j0283)M)$wJA&U=TzK`wGHFrz1&b`JVr*~I4 zb*LJ8=G5xB2EzD~_46txoa-}qPx{i=eChwM)c#IQ1W9uDZKD1U%kuU|KCR5 ziV_8T<;!?8VY;d|$4^;Rur^$&tSW2l6?0b6^cf-^JFjXO2WpJTR}GU84P|h{R`rT$ zYKzs+7olq?uP|25IyWzY9+lrg7il+4zwYIRJGw(?!LS|P)U^CFUw?ktX-CakJXdx}xw;&uWlOI z^Hv;`s2u6&`>M%M-)YVQ64+N-{c7naOve?miPgyxM1%n0NBny!zv6%W&T-K^#g#|d zqpNG9s!cP+)rF-;>r5+)14s6sx8`GK!{~+libDQl>+F6A=9fH-N9Ra8QwU%I*Uzd3 zM@L~uvqr?z`k$@atAQZ<%uIci>`OixnM@1l!4{3SAIGORw3pL$fQu$)wcx+$g#U9& z{^!g8Zni87NV}y}io0%Nx_+?_SQ*n)T{^uJuPy_zq3?NFgR2?Auc%I*#s3c%z`^G7 zLXF$R?29#21;+bv!K`@WmrI1fOcmv(iK47y|McXno1b2>^_c4{Aq1)S(?8^-` z2xd%yG$KNX1BVa2JGMCsum4}G_>0*e0_wqz0i$>arC8I=p6JfLbkNy&t_(K4&(3nw zCuDYyRco8Pt|00CI38ksDOVmAP0b@>Ml@?-zr3f*CZ%IB^p}~cYVTpoW>xztEPs@1{WRV z$2ayKNf9Ui??UH9fYck-G``E-wC~xN_v+4Gd}MjN$Rt(tMSG179DJa}pq9ZlJ+3Wo zQiy@T)bQ{wH12w%J}Fx@J(7A`n{|MlS_Xj$g2gT2_MQJ{hO7aAlgl6v(`@;Oyz1JY zOeD`W>~^~r?V>~b2e|(MzMgUczuVCD7gCf%=~^H)uyW5Vu~?2g%@ z#y4kn4NtL>=6BtXQr>P0kPKUjJxG<7uJ$ks4dUZ`7&(z6-uv&gUXZ^oc-}UcF0b6O z{HJ!pR?p)ai&%3krAUEEiSS5r?{j;*fcN2S2RF14I0NLh%9&@%?hE43e~*Aw0qA)- za8-(Ue2+^C;@ow_)zbK6WYsrs9E3MGVcS*6$|x{o4icfG>7Fh z6C-2PAMPH4=KoV^%Wlot(WrgvQejt+B~?RI=b4%`a=!7yn%+IO&#Zkt^%_(tdHL zl?>g0MzKcwLOD1kuLJ`Lq}ha;5q4#l0lsJ>?M?uqgon>r-Nb>c3{-iqF!O()iIWuB zZa*}8VNJ;vzDc~g{;jO(h<5kphSs}9!?Zok2c1`DBLPOlwcGGJY?qdukpEJXEVo0w zfjzgAio@It1*L!h7NeC&7d&o`EjG5gAQDm_t=C`HhQE6|oRqQJxsA@|wYbR%&D`6Z z$1u&;BBZCIP@59bh#nYYoZEO~4@+x(`Y8DoUsJsuV@VB-(*EAyo~$-|U-M(%X5bPT z5&lOlUC40?1t0yunwrjP+sf6)y+gthT`X-eXObvTeFMy*!`8y6kZB)a&S+vd!`q`s zF0cy~SB#XAKAg1i8dc@_vlfjOR&H;0xH@WP>MImTv=Be_VO9Sv3Og@A-s@C7sf+d8 zYl^k|LRqziY?rs!NY>4g6|~tr#?Q4o5=+lVTe|D@cVlz)cw;Ts{rUlxyLs>T@vbir zek|?YLP!5bI6W#-BKofSu1Sl^%4(QF-S?G&hfG;%3QotjumRU@xtBss-sz16T6Hi@ zz-(1>$z;sJyttWX@S5Q zN8mjDDy8e7S19^RlzD`F+<&&T2%u-Fg`GqFc3XHMuQ7b?SCFgAuyDQVN$%G?rI;9m zM~t|5K@af~{PK^+cr)BIcr1e?=#I@<(=~&X>N&{CI6D_2-w;3ai2rVa#7F_7GvAwG zV(6Hbu|={7fPdXfvmhXUVmV#S zW^pbJ4Hz3o2;!#{gJiK6)@E&-;p4$>(3C(~QxJ(y>|=G2nS@P!RfV%}rdjCDC2JEX zJ*)W|ji!9I__GhD94YGJm5{giM_0Z5TSE>=~J#b-(=-Si%Ejznr$LBO__aSVXnQ>bNS$-(_#$T z`n^gK*`YVYCzN&^w9E!&5ezVS8r2eTck{5Ble7%EfkZ#-Hh|$ zviz7-K^_jVg8-PF`-(?rZ#Iir52-XahQaS~u1E2Xt=(0P=GaVRGd23~V|nED5p4_p zY$D=FwIgabh+TfCZHlS%F*$0qjUFiBCzm0*d)f8Q79GyzMG_kQFXCi>;J;(m=Ju6? z<&3>g&~WeO5i!D3e}OQbmbhtSv8#!iv3fc!xJGqeU8dRD`Rj$383|Y$4=qQ(!+;q) z888Ce(rUpR(;x8!wd+BhRJp7tNm20nnwd^YC}m@Vlt43nWdO0M*;&oeGSo6QkuHsR z>U7*G(^n^dB29@%Q2wX#V)N25-F$OtLGSdMVzWP#&O{s;F$%p%0Fuvv<|A(q~ zjIJ!~mW6k0b=a}Zj&0lOxZ|XgbZpzUopfy5w#|<1?0s{-d){;I_iz8%W2`aOT+gg$ zR?R9{uv7IS=QGchwQ!&kp>Y1yf6f&J62QHIfu^-O=Fty|ARHlx6-KE3aMZ6I`X!&S zB=mx`;;|!)fCt1%0jJel1T2T>+%6mZ#l4!AK0UZb zC`&Ck;y_9+-`sEoIx3X8S{)JBc2!MDL=%{Q=b`Xxgi(qD{iL=O% zMHugwRNjvcwNkH9aKPWsPOw3t%iZNz8_V?uR#v^v+d{|7{_nxfJ@s??2CkzV7uAvb z*+CKFj}fa_*LXt+oVAGdpBBt_#Raz{x2_)z_Srwc!xI1SR@xYQrsIJ=2(2J+NQ4}9 z1CJURYNuCvtO$a4>K+2V_2v05BNb5neT`unDlYIH~d!!xG zTV8zEhqmvUUGRv?s7R%il^B`1fWm;;vq+EGyNEUQ50zc5 z^|dT53>a<^eg7P3vTH&6$F5_il^A0e%`IB-r+-Llr7plW{WYcgQ!}OR+;xhvQx9Ug zW{xV$YaA}?4PTW}Ck*F*5Q8H+80<51J%WM;RfVcD5L2q?8`JgJ46eY5HWmVb7< zAAj^fk+ki(N3eh6*u~ZE zog3C@QjA#zrvmx)zF0*t)ad3cW07FZ-{FT;jV^f z-Ud@W`i?CAXdLFCr{k}_;~KGd{gH%hY9T_ouX$czskuf? zWSZ&cPEW~9wH|<%_`=oIWVRC zt<=AheC298+$F;|QS!&q!}APsFD@;PLvrg0fDMzI;rXB#LAH+ca@HtcA(6^;vnXFrNbA{MBOiM!mX@;7L#NeEh;kMGxbwoAWZ*iEWWw%=xNBU1rzAJ_Y7}r-ZeHcR_`0+NgJJCRQS+Yk?bTz{XA3|9xUK4o*=2 zb%R@D>{eZGPzChR9;ax`PXKGNW08c5t=5e6LRlrEfBzFw`b21aYv5gxMLugkL_MEe+?>WcB(lr z0wgC7Cz=%FYjtjDVi#vwtina5T1*y&!oL_020Or7G=3Uk|Gh6QBD4EfAeyaAUss$_Tbw!y7>Ib@^Ap(P^F6N zLWNM&`DSf-R!gOc-?#;X_Z2RYMvp*#99s5UoUA@67hYr?&i@z9S4#Q753JZbRY|G_ zr(06K{SEac`~EOn&-0%?S$w_W-?;drFu6%au5xAcUnMr6s4MS%3w8*1UcB0OWG*A# zTARNJW|umiFUu*Plr-GAg6^c3q7%E&?+)trKRf-ygt$smb6e)5gp>Q zJ0Q=;_Daw8iVpL3PcuJP^NJmp)N7yTZrAG;bW8yB>+8v1J||c@0E>7~@sioyun-;# zfCD;KnE?%&6j2N(j2YF)5DABR?eMhBG``ka^b+`{K{sSJlYQo3BgL-83+dshi8AQ? z70I^;u1WQz`Ma$B=ct&)Z%fgJyziMnn#}LH;M<6J)8v^;_V>+y^!B!JYEw=(7hlRU z$%-;`*BYyX{ZW@u2?S|zP;WK-&ghKb2O70iRk(V;7xfvraack+eLVq#^x*oY*I4#J z@GCEkE?ra>Y!&IvRGthI_+ReiS`3aW()N;DFD5Nq@v!|JA(w|rv;_D}P6V*3cCjQ` z4+as9!Jp72hLoD57<%CBu4ntn-*XYNoSTdG6)xZ^fIQg0%rrW=+6AcYp?>8 z#C)(eOTN1Xzb$b`+FzLB%wQF07 zy2XnQVGZYNz)!g4s<#YGd-?bAq%vrQxEHag@#D@c9qU)QaDW8v@nBk}j{f#=X6|e| z&w`&D6%~UGCu1i@)rXq|`f+5|mgnOYA|D%!E{_s#30QS_m2Xtl7TgEv1XVIvL{~H0; zK_)WH^Yyb_Ju>p?Tb;}KHpd3L5Kg_!hMggq;E(iIrz+PZ$^>R*i) z)k}hsR=0qHVWl8^CuvUhm6l2cFnAs7Uffi&ZbDEiS&s{yUUh+cg>RN@PtO}W@mN3v z$;Fs3k0&N4vq7~t{$wqi(`6NjcY`?RR!_tS?PB0S+w-<-%rI-TrhB`)X3J%k>QPke zCZ5%iL)nsUFnk>`aTm?x*Gw~3hmmKbGpj3`k2DVEU3%Q{S~!BGCxm49jb=7?L4ANx z6Zvr*4mN@9gS7#+GA(Wz9g;$n^~=!e_^za|4;^?)=oPfIDV5SkXS0;DrT^;#OhKV>}Xb@jJjKXRT zLH@81|F^ER2L04PBa)2mJfAw*z%gipidP0(o1gFR4B=BgLN5(7=$N(I&CY^h4h!G~@co|;;Bl+E=Hr72jK3v@@;r`0ZR7YpAO zq$f58zDj}bfwMk)*$(exyy#K~bI<{3d2i4pA%fmJdFWe9uLJje+h%xP7M7FF(({iV?)+44jZ z+@ppI1d|Jp9@a3~3~=ckaD5mMgBw=(rSbZD|MWmtxQy&TUn1sQpq(jfvfHQI-UYN} zxA)wLW`>2Px)`yOU*!{PnV-+7utu65(i#l_@&2}OHGuU@PfP&TQ0e*gIUo~3-vyHt z=L*G>wyw4GaljKkfI`NU?~?^sx0!j z8TX~Br#8q|bdRi1ENq~6@0K7`Uq@c!R!OH(9d0^KN#09P$ACtwph6$O0^Ro18=pk4 zieA=ft#Cv>UNvi-$K)wlAYeRQ&Q~y=PxDCZ)t|+}i~oP^iMU_rzv|4;(8>m*Ut5L0 zd^jXCc)iSFpQr=$RPAzpc5WURhF?tjSfgiUk_)RKZ38K*xdVXoE|iavpM|mg9T5Ge z3QJuh3OqSm1R<}y4JtHnYO$rCvO|bZx46%?x7|y4;}I9*|Nb(j(-((mH^&h{Cdpv5+Ir=(54}d2K7yL+?Ncf+W0p z{jY*bY%1>am2DNr?AEWXY_g~Mj>Htn_8O0h_aYA5Sx#)0N+9hc@g-=UiuYpqQ_rUg z=ehF-@aL;j31ufSH#gSdkvmn8kp;rlql$xDl^oq#8iK)S-?Drb%wAb*44LY4@-~!aFl}lo#C*D!W{Trv2%AnlWRei42Q2 z%N**J*vACoVRILAj-kuNcbmt83{S9Wtn-!C@e45>qTF`RIQNYDQUg5k_X1;M3BekP zZw?6O>&M0x3>b6iGUC8mY9pF z-;EN~8yEJO!?dh5astE|r`bJLhHS3fC= zqbD((fD;0sn{(_*jb5c{t%E%PGConrP(>zgtT}K2SH`K2GdnE z6+vI^s(sk+lmd;PG)pAF!9A1>LcH}~TUefnRB$nH6R8iq8~r`xMi-1kKeDgrJsNdJ zR0^mb8pe(WIw*^k{S+($6U&ok2OYRRZBSj~+8ZkdrG%NG!^~@9fA~xd zocWablphPafc!!!)wK5%(?y^apraw3CE^i2xSfOd(36`oZg;=a`UWW`ccHPygrcBu z-7>8%l?-3?YYkJ}okgaRRh0#nUB=NA-t%>XsUW2>_r@i>hK@(PXl~U%3)YrSebs== zamukcpkp`ZAe~Kk(9Lpa(J-%I4z=0$W%#!o>H3)gJc<{6}CWKI$NK+lFF z(`r{Sm96BSD?{>#VDQ$k>YgW({T^%Y+Y>3;&d}lRPdPu8^>Gs_`+XK9mcQ<*<)LG! z8~3n-9Fx@2`;LhkgaYGjX^Y8lE+%jZgZ#WdBjU`198$fzfWj%-ZJTa^it6; z%M}4E(cOB~-^Nu20j)ni#EZ%P`&vNU-%E=_O~y`S+7ya2D?zy#_g6_KbInbJqt=1% zqs8!k$2B<|R4fz$x2ONv#xKCvAJT>9x&LN_XbK-ER{+h!@>{-&!2*1gWOv@9urihs znhnW}q(s906nnM6fQLmaEIjU?(5LRVUq^8;&#sDJa6eavcvGByr?z1!CMzpAj#N=y zeSP7CxZUN6Q=3S|qxj}_u7TABExf6yuD!hTaMT#$eI`(fvzAUK6(Q5jfAUCIlDu+MxkmsMvJqqy{p-2Kj2`l!( z)0yW%BqSe!n!zE25F)~oyL83oH!@?4e~mW`;2O--o_H|`M1A!8dmHaqVeU&L&JRT0 z0ud3uajw!`NvgiV1{B`sMO}GCz(`nu{SBO2>K`XXQ!cWPP>f>`X8t7DiH)Q`K?xJeGGj5_%7hn zI@1KD)?!cg^Yd^D&GURPYN{VF=cNG|?D_kjGp3JvsfVd?o;zFQdXJo?EHuH;BRek2jxd`XgOo(avJ%q(W8+=riTHp4$qzLK&!ut0_MP{#s!(+r z72#a#qW3rpPKDXxRjZOB68i$7O|XSm*4J=qC{pV4n(g}u^Zg5ycLiK<*g2mVGh)nO zm+uzt?~lL9j+o*6KnwU8PY?5U*Ly2dn>{r0Jj-d8Jfy&98_wEeH>3(`8oK_3ibUBe9Fyml z!|=^yEVr8CB!%wHP{uTk`npp8H)c5>5#r!CU*jgn?!K|!tIjSuu0aw}wH|MOTl+bH z*y@o0O5R%>*2)Kubhk;Br1DdqgT4Eu-)5IEo3ff@8A!{=Mp~?$NjW%vDd{Q*iBl$r zS+4K|?6NVLH=#me|dXUVPb9a4>0MM~GP`KcI{BRDS(Mx^=9n8JY zlWm;3>u$DygPwwws&2WywD|jeCjOa%T zw!+3i+fH*Pf`N&`MT^`&=$IESEqmu4T)xTje(p%u&nODl9hCg7^PXBYn+!o-d z3YLyb&B zX%L5h?!`ESn#o9QC}av$#N-gmL5c^cwM|_RBLVWi%nQ+rW67cWZ7ai)FF*Z7Tb5Ak ztnHDFc`x7X(5}hKGEib?c!h~lFu_)~X$`)UW@9CW@kl3%e^lBA7ozVuyO5)EfhtkI zjkh4!-NLvsg*2%$)b!i9y^gB&lIMlgJ`Iz{GsbxczCX2I_I7~syRs*(`J>y){ln@J zA^*Z|>PWMV;HZ3j#p$u>0~=n@m0Ejx(Ywbx;rwZhL8{M)jEx&Hsh`McRA-@KSmK1l zqao;_{g%%2&M0CXVZ+RDB7HPUOTar#&dIfnwV-SNVh*4Y0gpzi@A2bT;|z{mhPXGa zvTMF!*z9}*wt9!wi`%d1lKeViQ-Z7+wycu&j>qr?jJ9Pv?mlrZ8xnwZwRE9|^O3$Ykle4XjggNs81=G} zL^42r(|6x&p|DSb`uvxf2(-Rl?XgY=N!(WA!i7V zgCnO@gU{(_*$y{1LgfRZ4w6EU;&g1NT68q7zQ#8m#8z;!OJ53Vk^p)wfK$16QZBVYZl81VhkxAGUhfH0&8lXbjc5|ASHgVr>=-#!2pS;cVhq>-J&Q(`1fKL zcK#tHz(;Uy8cO|rjY2!s4j==sB2oLu(MeZvT$G%)=BDrg_ZaU7P294d3fFVLJ2gXi zAy-e5wj|ecP=}9U67*PqB}TAE}$U@O=NY?ewI5my(N6v1@1f zk#^Mc8vFMp(br;#69hxoeY2yz7j95L52GmZ!3yI~6T;;GLP-AnYLWzdd?W%@nZ?zC z7VYQNxf7AjNDBSYiK+iiW(ehTJabes#I$*|jG7$zzpw)hI>kr`QfkwzgmSeuoU3|0 zjeeqB_9*#5a4D<4x%$fRzQrtg43l;DHS(a%abd&^DzrjLeGT;7?N-4>}4dcEXVhWkNUM-<5_;}&_aaq6eH1h~!y62?i z)P%H`MU-(&fk!939P(?>te5_>Q=HKNu)>E1G_yK#ztf=mrziN(SMVUrAP{PK!UGqA z3@Yo$#S0h7uS>r+E4QgX-cCz;8YESRA?5{=7dCigw7^f8Y^mcEx*#1One#+Xrwgo7 z@(tHh==7w}SGLDeZS-sIuuOFr>CwLHMhAj7`ailq2I`ciRS*}ct{quj>qyL7wsfK`VegsDkmyjua?|s2l@L}aw zMX0k|q*VmcXxL)zR5fp;E!2a8HmK`!h6Sl-)BW9zH6GLyTY*G}5&yA}M`@8WHC+Do zY34lsjxfw2LC|sRbX!9wmzXK>;{yXHKRo9cDKkXPRRoq&_MwoxiWj#4!U9K_7xzqJ zsZ$dPsTAa%p>G~8{l2Vib~`hSL$WikV-p=Xqah%#zcL_sacAk5FTvOoI9Gd*O-88g z=o7D;Z6nRtmuWiDwt)`@UxJLI77H8}cN+Tb*%+MSDC4-Af1B~zL>EokpqtzKOA&wQ z*B%pkfT(<_l0&MK-ro7|k&^%sA|5F=O1EZo)4f|5=!+KMMG&tveF#b_SRspiWPX6C zxH|FVl2BiLf-_^eSdbI10=y`+pX@GORHhEafQu+nq{r(Zb(&C>VBmm6x~9dI#cy`b zAzK^D-o#;*R;87%MU_E(VVaMUiRB(YO5w+>KhOX!+u^p{1jB^zUhEst4a=_Umtz`j z@aP=}xIFx;8EoPt#NkgBImW&^ZRx{D{HH6|+a zZKkS1EY@vV-&`XOdLll4XsOaY+l?Tfbg;#809-!ms_}^LAfWw@=6+-Zfcd3BY=gNs zbC#*H_dzm6ca6w8&|&}et+o^*8XQO;G5707qGaJFZj!M@$(wNxmG9Wj?_JFRuN+1B$P~um?_9{#&j~=CaVb9&e2-XpN?% z_S5eA;!lWhtMXsHvvoI81_0WfEdc=sk1HVA)2L+QZdy-^TB*Kn~z6Z#AJ$~w(kiIoeU^j@w90#21 zwBB+&)U9PVtJmLJVc1MwvI7GHElF?){eu+w^r^1YV9io#RNB5gx$yI z(u-qnf~S|jRo%oz&Atwkyd?s*?iXYerFe@PNcB;-Ij)dT9hx1TYd9i*a)Mmg48^EY z9DpP9cc-22yp`-l$cs_|nuCuxjxL1Iek66+b-4j(H?w;_?+c|fJPi_2U{khD?sSfl zJ*b=lCv$IQIe1nogC10JWcl1dx`shUSk``D`A)0sk9mZumeTnXopEQr$YUUnhD6`oY>uRl=;s(~vzd0JzMhGqajs+I@BM*>00?pV z$>rrU?ezM#kZXHmg56G)_uKQaOB(o(DgQFX%Mlg7KSg&J?wm9hs}41+h{jtm=?5UJ z#J4YmGd5cnY0}F~ub4|JNC{v`LvAF}{T34Il5wair1CQE3SlNn?>s7VlGC)g0wR30 z&tknz7-os64ES7z^Vtit3O+#v1Z2gNob?D5*a z#o6@#GvO#KgY93a7}YLMINc6~gdoW$9czQdLQ`q-X(}0iFP#$*UMHeNGibTAbA_vd zU2=y#xvU3Csxa)+fsqMUESlTLQ5sJaJK#6^rVMt21%PA{b{9J}@D@;K{Zw5C46beA z_OxVkn6E?d>1v9@EYfjDlSsIr4-R5p0aoxxh-j}W2Plb#OIq8=bCsyEvlGtq!>B+j zVjGFemLQb}`2AmIq(JE^ZZ()*idZ&DwjPB8Zx9T=Z0zV949xD+P;ar)cwX=8#I_HDJk1C$v>3g0xox4@K2-~y5-dn58#zw zQ?EIB2`t1V>SD4Qt{@ot9vi3j4!Nn~Kp1R1JS(x!0ya$~mR|u3*OR59m|$&63@AN0 z#%D?98YHMe=$$-bO#AcIFX>3B^;V#P3^X5c&5tRB+pp&D*(6#7R*M@_aPq&^U`T*7 zdl&PwcivHo@#m)jULbCy0Iv!+tXzJ@YQ(*u^h^zBftI)0V8C&+hO9yBSH9l`wRHx+ zg{Tf`vunsHSYnPV8mA$W7aIq=a2m;FvZBB9Z>wb%Ipt+*NC;fxE`o%B6*pNc(eX<5 zT&9hVQnRfm1LyG3#FMwnH1JU|p}J$yf4;px6A#)Nvqe4)#BA9I`5eLAESZv7_Gk^F`tXnoe#hY&s=$Nj9?3@QwtHAQ!gj#ZO~dRpv6qqx-&5zyW86{TA|-eG1shBSIXwlkF3)ANGJ#9Vn$&)zUdE zVzInGdxccX(&Pa8`SGCU=q55{Dw*g6iBdiXtlvQE#n{Upd_w&^B>ulegVQiow{<)9 z9}7JS0%?%IIKe;EtEd*kklJ0%wX2u}!65Kjwj>vw{n2Y(hZWlt;;j5kV#sWRCg7RC z-wf{Y|C#UoSA~4h)EtHseAw7w0OCgwvD(bI=^%BONho!JCh{FPrn@anO$~;5V0Hn@ z@0A&7NWncP!y})hO+-KWv)Up~n+U9WD5`a~5fUKYY=l&aikO&1{_T z?yjwNjRs#_^HuU*h~`(jRA3*Rg>Wet9BU1vTDCbYEopZTuW6{=1!5RTCfP_G_zBNc z5tCsq=x)83{c76B5F(sNGP_1m+lW^#_Z&7nC0ehF(S@OrMUj{qJu?mp+0$uUa zGk%{Juf;UzOh^0vlH^YZ*vqcJ8|4K<`%Ay87z2nbwsV|EGTOmg)b1^UD)+JR!1v&u z$^d5t69iB~HK$9jQyvl`+EO6Ny2FR}gh1_JLl0E)eK1nO^){ZHjQ5idY#vq{G_Fp= z{CzpIL(AF~AD1G7rs-k>d)SByq7f>0C{0%Uj2}|)`Cd(h=;vHyL7@jzU-0+;IUbx5 zQRitmQPBMewrF!cC>YS^=pSF3eqU+W`JOvkG|-UhnIT5%pfv5lQq(D^OB?U0AT;Y< zc$gwpO*s(uldvW>$2Xi@Zib_O8LV1n;^Nh9dWB5cwpJ}+F~|^EA~Iut$sV@Svld+B zkjgE;?BAx$h#^BgRF^}|eS@nL+nX<16cIz`LB(kUJOIhxvP)^a_HI;?E~KX`_vrLQ z!E5E5%2Al&8cOi*e@)!3P?}F;b{ElqP`Nq4cDp7kmZA?UEA9>>b@ zUJ1-fi@_;JoptoHm0**~oNizOAp^ZQz5F;vdw|2r?~$pDJUJ;Xg)`}12y&%x$?&Y= za*$OpRcSv?eR9ChMs!XLm?`O8_9E=y>%r$Qr}xt?>G&;gLqvCRJD%w((&tsS6q~iZ z0AoH{n$WC~@pijLzP;o1t!Y?B1VyblPy}4i^f~@ArI3hJYv-wE5UgNR-C8X+R}K4+ zyPbBK*z^Mc>gd9HLDzU5BauX7d1kP6L6f7&%p~q0XrW%_B#7SmUvVQaItsvXh7=Ic z*X}6YQJ>=lVxb+RVg0h%)3~S!9L4RvQKat%9WZ~pK~YM}m$MCVQ>QrR!HkL6rPsJ> z8T@x`Na>Ie!~6<$fUEM=6`;w*wg01<`=ZBmSn`na!+cXUI`+z&P3Xw)!nGI=*tO>! zhhmW_lIRY*OYESg0dv2;baWmb8S*6gD4H9#4e^U03h9>B)B2?&gC;imJw*SpSLsX~ z@c`(7qN>8J4BZX-crhKiB5Q1d;#hp>hiNIK&nXktr&(L?NrJjK#3n%UQ5YnFl_`t0oHXmpUYLrX7 zk!uC_yE5%(g&MN$uGG{FXL8}w-fBJJuAsjRirvwE-4M~>Vee1gX~*c?c@S_OdrW1n zf}3f6V8kH-Q~iczT!07oSp~Z2tojckkh-kTn{Ojm45ao=K>K40RKQ2GLG6pJ0ZYeC z!I5u(MlXyaD>XCL+>-2Lo6a-a_c!zLj3+`!2r5Y8_e>Kuieg0QCg$f`g&t@aH&OjU9^VJL#P4?LyU z(dP%E=HYAgjG)SEGL|2f=}w%jA?LW1QUsKxdTqMsc)Vmi?+>rJ>0E*E2R|2+GL8i12eur!bKdJP zyScShNML}YJwUc%W~t9;@IG>;gIBn|Dw+nn-g2Q7*yb}kfo%t19a8vWUB6GvcIqT* zKKwMn@%T40E-OfLaUI=Zh(k+Hc5vWb?oo1k)>{ZNzanZR!GCdAgEg&?X-~qE=KM^u z3p`_!Ivvo5^+mfGVgBy^x+U!i5wZwn^La!ieKDt*831ru+eUrz_4Fe2CpSvfj8oBXJEP+Q zf)2@&9bl>7L1{0&EM5oXPlfxSgwVGINAA_=XOo(mQ`h8C)*}@JqgUc9y?uq8-%(FWPidkn7-e$BeQ7$YY_aP_?Se}l79 zeG8a$&>#;T9F%Z_mGci_wY@)5r+4#CQ$CT}8fEc*3N)n(RCUjrk)@iG`L)Z{0aPZO zM%0Ox`&L?u+E6WdG(e1FT1YZZg#XLN^a5mmAo$99@vPdwY`QWlVkN!8wn7HMLuzlc3BG^$02mLPvN&;*Nl7V|e2Rn?2`K!cTf9R0dv zb~sBGo0Wd^@IN6E%4<@0H+)9?Q2svT=6n4T#qVKG*yNC=o$PetPlyk;zld@y3>Gkb z*$IUxn2f$jimcw9sC9K0z~uS6+_47ITI*VZ5DF$2-xY@{+;Mal=hO-u+aVD;&>r<$ zenL{HT)gaV9%C`M@hKaIet6-y#_xCCs@nwgA&5YRr(hV8Mq24lOt3eO7prQi-2wAV z??tY#TgStPtmr-1no6V|5&;QQUI4^ybtcbcXicoHzd*3U9dkXkdIZ5R9QG zSyq~`EMkIQFgBxi?;h-jLnK)_ga+YR6xd=sLv=2ZKalv|ms@-20>Bnw@{|=!*-OBS zqvKMlCg0tgAhIxT@Q0&c$+qa1=^t)ACq{Z-C< z`7E=97EnnG=!=rKTv6c5<`kMsb~}BCd!0=y*Z&mVtyahHF=6}!h@4U*l4t*r?G|J1 zeE4JTya_6QbDRCf=`*&^>9uXl&k4|_5BiT6KwdH6K$(qZ4-)+u$UccwQuVS~!y@%u z>8L*>@qy;}(~&~pm9REu;e_z4^cX&^X}whj(GT#$)+ZpSDkkf@A9Xoedj^(vQY8;f zi@?6l>JSa%4VXyicO-r+83z&O#34#3{78Z z-$><%{~eKA_X*)MdRco?S)J*@;{QoW&u*f>4P!AdFApaxrmN+QbEGcFBi*DoJK8YSR5n5CuO56H_4d%9n6W3uFF$?dAy59+MWIzK*|sLcHo{#R@bED69= z?`A|KCrNWfV$=3S*I!>7svd5gv;N~id!ll6R+R(Gg2w*?0u_RIb+%kUVW5h#v=IF} zulUb*WWL4FAba-S@to2eqHYcu*cOr<>$99Rs9Sl$EHN3p1+!p!RLtZ(B)LBrCH=MB$DbJ(oz%QK_gB==^uRHm_;Yj(WvB!puJ zpH8Tilrh!iqK*nCzHi3sPnW2PoTFsMz}+ikP}L%DGzhYrVz{KJngm93p}`WGdfwy zP3*6tqSps?Njb#Xf8z~f^gj#R8|_O}i@>iKcXs-()sX)T_lVkHLNvre%h3 z4Inpq=I!XLHwr7h+)ss&RroUCXl?R_$IWNig@%2!Ddzv_h( z!wrV}iEQ50&at2V^hO%C!^L6Sa&_If^}vfWm=|i`W-&_f@6Tpw-8NKRRZ*QLQBib3 z8JGfZnV~w2nA~$-4Cv6>WH~em*c|stf&sZ?Fb}mS8CztUmx}{+5_czf`vGMx#wLsi zZDj1s_cC0f&?DvHIjm%U+w(XxC7Z`I2c zKTlE2XG7rwaKRo}g3Uhy4(X3#5^xG8;Z8z4=Q$fedMIt09xv|&a5M~yyg%&nTl4}i zNT&v4t~S{qd@3}bmfxk@{i#%g`fuwH2k+QnXfE$6`BvLc8j^`<-g}+?x^ADYXN;l$ zfggDOf_?gYW=!yjbq@Oe0p>+uHi&en`{Z!*GxZ*Zc;ABmXz*`YT7Ol3MrA)>G_~a7 z@FDghJG^G&yBb!#+&mWv{13k%;mw1rEh%}C zbQy7)|0^~}gBIY!nRVsYa%!AD-9*WH#WskH5kz(x?DuTfvy+ECBZY~K0*+A$Y1ZuH zkkn0@5o?hAiqo(LgTJpBexzhV=tY<~{^6!>09(1-NBj>brEIgkKhP>kb--}JB{;dN zu=UL#sVJCVs|~-U4gs5CCA(=lN5EW${>hynSwfo=17gV}k6)9I5S4$ul3{vtT|NTV zN+@G1!2BV38}ln)*DR75%*+-P!$CFetY|B(Li_K$qb#JQz&4M=nu1@JRPF7!0sA5n zHFATby8lV+=GhQ8Z|9Eu<$);)-dy>!8a52OK4hu_X^d?pqrx%7*=?-?roG08FqHex zS^wXyR)i+=ALR`Ec)bqUK5u#9aZ9{9>YMk$JA9Ag4~V#5&TP`d@MlSy-bn9sZj4c; z7yniyE-n*Q)3gnj#rP*wxlo)Idmbrpt1xcA@T{f*RN@C8-{*Lk_Z3hq4^u>W4}6G@ zjmNl|NV+Y-5aU4XlRHAREzttT>up=uyg*8{n1?3zznK!;(#|`z>3Qu&#IFUdq|kuZ5_K+lWCP$pw#+9?Zu7Ux*wdhLv*9 z8Trq$D|`B1&GE4Q71OQ4Clx%$7@Sm^S!@Wzjh?P1R!seA(xoWeF^}X^)ms6_Oc|n| zyj82S)4RrWU&5sy%&#ReFo=LIQ+}AfJ1A;}7# zNfgLHIi*fGoJ=FsBtr$jN(e=+$|6-r0OcX>LJBM3&fZ<03#9wB51T`V5V-2X+`3yk z8Tz9)4!C>;*r6Y(dn@z051PDjWMWhx1NHj%90L73J25;?9`1ELrp0e=jo@Wf{a}EI zFi7+)S@#Z1uKP74W^03VDbn5Jk_V}On?7J?9>q6%`*aTs#n=8b+b|?!$qN?6W5*)l z!2dAi@9josU|l=tkj_{}xe8W+b$?3D=)huJyPmkxQ#m#yS->rPBq?)+D>~Htl<% z&u4+UjeX0j5u|MhDGHWxR`==Cq2yIv^zmn1y?|iNi5Zh>StSNDNi+ENHe_8s3~jv^ z!CV8Db)+5O;-ra)bhF>8m1F(d#H@-W`NB7-<<|A4d^&d0a1~{5Wivlg*I}2Lsa;m1 z-0p#c`b1?80hbJ`PEk_VeCpG^o?9DrQ4v`8Q%4~vVX=KjfaM4gphw5@$*(7LMoR?f zvQ~>E{69p!1AARvxGub6Co8sX+jbf?cG}o>R;kFwt9Iez@%80`?>KWiuR27miY`b5+!ncultc}&KL%Zw7~Uj1-IbJWtG z0?+^3z`r2r^M&_lNcSPvzS>D#Jz07cFn`%4-ORhvdnNHoD0hf`I}_7@JFES|2D_=8 zPX{5&AC1oUo2AI`XBt){lQ3#eM(8nSoo}S_uWy}fR+b7tiTAO~j|3*iLY31g3SW9W zx_pRK6AMrJ9@jXSLxqq$T_)DOke^i4^_ z0;H!D*1G&}vo>1!NviwYcEtkmj`D8nEns~vJHguUtKc8L^;Hc06Z7T?a^%i48zotF z638Iu(@qER`QzV7Q(@-hg5OSDNASO%yLWl7zRn=Rrm=yk^R7Pkl}xVUDj;39{a%^? zD?d_*v%ax^-pDp(*nis|a39*33b}TepkA!f@+qPGYs!7qeT!|L9)F84QQgsvC?0=*8H1m#8pp^e(Svfi~Xp4PySpg&4iWV`jJMli)q*!yxw)!%%WH zR+ul9?JN{pi*O|0m?d>4TW)qDFKj2f!gJjOT4ZK3*P}P5>pBdJIqz=(dN2-a!h<~{ z&kP5$VS`-RfM*W`BW%KDJqP3@g-a}bm)pO3E_DsbbC!mT;05J!iL4LIoDnbCQ zj!}>;p3g{#idxw)=h`@qqYY>Dt~OL2xJ=LqD8Mbbp1V#whTKc4`#JKsE_@e$C7Q zLrTmqNFFb<|8=@2wuft>dX~$dKElJKhQbmN`^|v z>puPECl_-bc2t6hBp_+$VG(uy)U0h(JNzfgJjWpgpj=(m`t_oZx)jEa=Oc=QKYk@UOqO6+6ENnywOXP3(y=B6mj+*pt8(9Hnp&j1`PMLdxD5Dns?4-T z$tD^QhjJD({sfF4GOr^1i}GHJzd$6}AzTaqbjW-{q|zPH9FP}#lU@6!IFs^IZOk$H zVmu_A@Gbv3X?41MdS(fm>M(Fj_M8+vKuEBwts4z04`t1y{pwb&gFqIqm4v&K9Qx1C z)tthb=PH74E8Fv%DQE1*G?~1v#^ZCpK~ApxUYtfue%viR1MyjT=iMYto~h2%19~NqtbGhCngv4ctWBPbeVrF=)p%ea@yGz^^~)C+5o1Py*VKPzToWoA0AA_TWi z%IvyGCTA6JHa(lGu2$ISx+_1#P2Sp;Ch+Yb#oHH}rw1jeL3&NbqCb3Ehe%2?93qi` zFhmC@s&PRG{oG`mroZ4FeEVzT725HXs`wvR2M^s3L=(NgIAU&X;LUm!qD~Q2_pN!= zvybYnZMkds`O~HB&DkRK^D#F!wCA_GJ|g=ej)W=#WODock~d*R#k~(lDbPlGK%Iy0 zLgFV3*V0BBV0cmwc?V;_2y4wN1eACJ3Lj9uHQY##GGC`_Ab=%*roWA9MTiLWCNxV;LAW;YVU>Uxy^qSuamFln_ z?A5|S@wwqX*(@C5-~*YOgYd*hr_#Z$ai1IP)Hl{b4T{hQxIt=S+t3xzK4;azZJ49k~)8Xr#f@EBv|RY5jZZ)V*RH z{kWNfXdh99^qB)XBll?V@WSw8gq3>rd)F(TL^NnJXvfh(Gt*VPnZD*)fGfM+oW&c+ z*ba26gHKQzMTmKFlxyxlDf`NXK=4SCm2cuuJ=WyGGFEwMIF>Lqf`9(Za+flu8IS?q zNyJbtbRGtzk=(ZBJ?eG`ImD|QrjS!qKEuZdp;&Oo@^aL{r=PfDx|;J2^ZCGfuzV zQPZpRi??5WWo!{ahJSl+y2iG*nC%EXOWhBpv50+OOF}LFi7-9g5D$CKx�AByZDK zI_$u9V!+f|!d`@cSpQy^PL5!)0pz$+e21v&+>^>BS|ZO3VTAmPjF+-t2Zhrhz2;ms z1iLuRMvr)TX2$Z5{Om_wc00DyM#LRR62g zai}sSp?IHjcIMg53;-uel+rC-sdXz{N8?8+>L5ZA1pPL< zCY<}#5ULDPWUOLx)yzJV9la`sVvxF9<}f=nyTJvtH^gV=N@qmh=S+mozx<5cHiKuO z)R2c)lresdNFq2{YG2$hvor^AG=`&2+b~vnFogb#Ej8XaHRdskD1j^xOQ%#>55Z z2(-4O>hx2qunj*D4E0*j8mChy`g?^O^HkwU5$)zy1f-H$6yhevEFWr#S7%PqJ1Hvd zuDokRZASK(Xd2X;FKZ^AC-xgDeDb}XZB>%GA-$@lh|6-XK;v!L)I+po7)bMNwd(Kh zdp|1_y*9$+lRn=3KQw=OaJG<=vG+uuQuoAP?iHHVR$3$4jmJ*QHw|~n3{*c%z&W_Z zNWQbl70`?6O)Vxsrm`~)SCX+(yIAjux>^Z{=^gtZOHCj`*2m@BTQtqzj$p?Gq;Y)2 zaF2dBT40Aeg{tTk2z?k85IH1T$?AQDLd-txEY-KfJEJ*NZY&g9AU#a#m6Ss#x7nhv zd7lwv6`D8Wc6ESbRBb>=LVXu-LW(!Q5s>pDg5_E$oRHBWHTFVXwIl1yO@#>a^62h5 z-yaSHZT!Us7q}h)4A}qP;l3|3@2y3yR|+Z1Qf>eVQM@y2)4sv^Y(2adE^iyuyMv_t z0R8*f?MA=HF>*e%!vfQLQK@e4WutgiQ2c@g%9*BqF&qZWoF9;ujwL!^1WOT1#1z0L zK4ZOX^QW{Qr8Yw!u^=XdeWBwZ^A!1i(Ad`^clzoi|J{GN81@g%F8(2%WpCEwgY^TB37c^wb-aGW^%c zC1JXA7lKWfw*LurkCHzqbvJP5STNFehQF^H4x4vmydu|8zCi!GcJ*eFzTf|#6S)qD z_-UVqV3>Uo7__!uN2($HM-%%a;y(zFaY#f&rrvpvJSRP~ZsmlQ;@GJ(_2*rfpg`sy zG{lpFtS1lnu9KZQq2Yjx)>}wK-`qDQMw6_AwrO+Jv#cu1{789Jku6iL|Q|ZEFgs zfWSX~EFm`kUak1!lwVmeO{wqS1+Cb9s_R_p1434s9$T7CCokruoG5E%p`-|M)&HNu7Av25J(@Ql- zWut}Q%E>@fknk_6Q$g;6jd>l8Qq!iJy8g#LlP(X7BmMtGjWrMg?1p(4iQ~9NM++g`D8D!eDVNLg#)JGVj$`&;Q?#`VX*(I`Kl6hP7HZ-A zMI(|&K7EKLz>*OPYEl*$Ki)b>#w!>QZOey%ZnW5k%~hO{ZDb&h&BPuB zn%2ROQ_J#l8nKc)#9&-pHE>9b=EwlnvuH*p`-;Iu2LOm4GO*A|rqZ}q$Dc9GP%O+F z+@^`n{2C&c#P#lNpb($m?`iQT=P}vzO`Cc@&N-nMQ-bPw+)|es#*qcy$uW5$VEZ3; zwy#PY*q+(^05RE_^|IsiKg#ot7%gaAjG1nScihC#+*-(GSy}EC4#}^w_VML&z9&(q z0M53~K|0z_{`Aa7*=r8%OQCAHO}@d-xy)p6nx&1dl#8{u1dsPk+I>B_`ZU@p@EV6n% z{PI`XcKd5hYxs!RPT1F~9JPO}33FIm@*QPLW+3%#bMmWuRYf49DL`hx ziH{#SfT_0yFMZ)Ua@b5KpDbz85R}OmaS@FJh8P}Kic&3q3*jniiy4`2faMl#hkDXe z$?n>}vebsU%$gv7pr@nEYgh_l{w<;4njs!X%o%bGnG24zP&7`3L#A9jk{OWziyKtP zg`E@HQegU@^g@pu2PjHk_I2M+LAPCx{9Wc52HEI=a4WdKfSedSQgMsF8A+_wkH9tz zbRcnEK0g1PhW_BPh%7?2A=foEdW;ObHrV|SaO zd7|rzB3WcDi#;brg;|E>!+4!3$xgG%a(4OdHNFyp)kcsvOZV@`|Z+O#w?W9FYr_)JAK3IB1#o2q)PNX;1n@Mr-irk7o~6S zo)GEnV(R^j)CEFVM#!B#5t;Kj?pTvu3375k8OTi3=Ke!ufuWKcEW} z`!!MRjjT+c(aLV%UevA4$nDmvr2P7WwFENHk2@Y`{V@hu*Bg_T?y`<(=Mg#RNZ{kbvX>r4T#)OwxVX5~~MWy^xCkVsW!Z%YTm4TJG;&7Q~uDJ0Be*auCle<=cVb7dH<#-R^SX#AVx+ z@wI`&5XmTZ4dSX8u2M=4yXCczc6hWl=?fYcV@dL((sArcdCCVE5#ayA3iTg z9qadhuf%0o#N!}+Z2+ZYE>Uj3nSqr5YYNQx-o&Thn1;T>)noNvkymDq6nnCihwqzr zKVyYiBkN0ed9e{2V6h4z)e{HC;O&opcEe6n$>A>}8vojNP%eMc?%z4)tD@bBysyVS`#%f^`(8nbjq+Bh zTxB+@+Aj49`uy3Jy~=(jZR5R3yP!i})5D$MD>JR3rX|?gx1@hx+4^DG<7QaA0Nkl7 z5_sR^^#A=(ECJavpRM6_;NJt2e?CajI>b>qPXs(K*rXT{euSXU@^eDPYZx@~T0CzD`@Utnk_B3IP9qD0yL*H%G2q`v09PD_63(-Q$*syYnqIpr~TY_dU% z;6jUlUAEx>L_FXq65fyG*#8#pad~?T8SZ(|2Y3C#J1toYDMcav-D|rF@evcUFO|+CzHpPgtlIcIHd_!U;6(A z6Lo8th-_K++=xd$ zf_RY9F~}?e=<@uy;oDv3(Sc(+2$*ILUQSq|@;$9hwx)X}(W{FkAY~Zlgn}K&x(fU5 zLMDY@Fvt6eXZMlm5f{{pFUOSq9{Ar*8??5oGd{IrLTKHl`}y)K$0lWm{(hz z9B^0y@&-c#2I6Q|Vm^!DpuYNxPyj1&TUFJmu2cc_dcYLvsSSN&cKK_EV^0j4GqD+! z9Xbty7B9?FbO?*c@Fb!&F}!eK@%m4)-OG1*zuPhb z=$s1nsjbO(}-PzHXbh+ta7P#@sEwy;vkdJW9WuO z-tRocG5Ck23JbLyMk|P<$Y9MNUIV)9p-SVnOnMu+MC&q)EZU^}H1tTWJQ>)%zCI#J z5ewbu9Wny?{_Xu`ni;(5*ETHWjuby>&;P^3G@s&3N5%!l`JDAv5_ZMaE!BQ(EpGf^ z3y_gJ=pd@aAeb z*R9vazLqb?zMSbPiNq=*Yb(xPO64r*7hXajL$i&$983?;XId8y+7%YO{_*lb*lO8c zH+6ex_aWmZbm|L@4qc}b3V;x?;+Li>K?J^$gJsKb;-yd zrnN`-;3s4=2bjyM7aaMQzO{?+oUk?O+mj|m6xX0atLyupuV}fPh`h8KO`<^_kbokk7 zgPkaLA=Ur=j9jdFS4s#uU;mO-r6)n|Aj|eFVv6vHr6e=X_Q$t4k^74=~l9S{l#?m8`wqpVmpMDNCC38BcF7wuKZh) z(`Cu#ZS5aZM?-ZVTM(KIi18|#Pl2c4@awqJ=c!_=S+O{Y95Xd5=qnp$ap*GwOj`oAK41M`M!r_T4f4A+;8w+-JVRg!k^fUe)K|N#? zsfg&z&`_e8uRah7G+Du&LNKSM*j>y zxOSKIK1g8nomAE-hA9kW*-+ZGaE~dEX5j9BPFnzeZdTPTd-j@I zj{;}L)rp_M<*2ZSFHc>?^K2O<`1*}uvxPg&o=q( z5*ojcb+4C4Jq1JAdl8iKF7`9-wblE#G;bAG!?(PUw&Y)}p-qA4-4vVTjrp*b42y+F zqPsXb8p1J?|FKL)W2||KTF{)YBT=S4O>kvJT0PcEK4;njdmeC1d^52UErmfyx(T@g z-011hmNEW!+87vA-^QUru*N6u#vmO}4>-FDOZvXgLXfpjl7Y2Lj>hH;$+INn7qHVO z`MrEq7=G2!#eBC|Kn5Rx>bv@ z$!G>(uoY;(E$dl}XF>h?)2BsScao4K6e?&Qp=h9jpYdnI1>(uEYGoz9>7t{LN7+Pt zuNkN*0>?>E1ZILfp1Nv7Cw^{dgPZ8cd#ej(xq2>pkyrwzC(7tY84YqE(=@o;w!G*5 zPcu>t4c)NwPdOYBkNQoYpvg-Qb~7tqJ})~?Po{CO8;TY(JVzv}m( zx8-Vl(4|`leiX|C0}f{ds_L{s#@ZZ)l&t%t#D!auA^pfcAw3-OawvwrnNdc?SCEKSQL=i-=MqMhlW3@yO&-h@cpYV%a{*@@B zxXgj-v|I5tAdt^VaaZ#B%-`=Yt}C9y6Qf!(FNl{Ur-WM2m1R?pu%hAp`i^~}ewfD@ zo?eScGV_#RS2_^4xRk5_8CYq8B=Nrjo@y@W1|=CQ{)nM3hMm*h{v&<)S-eCE69WnG z90@)061NG)s_MZSz7PCwLZeJk^F$XWQfb&A%N>v5UUnh5?kB zkjF3IW18nW)?STxT*zMRuOI$+O;lE^&|B7Ka5W#jAEvk!ZS=ED?qtFDy1QAy7fa?n zXrQs1jI82wbcCtMY#6h3kKfXMxpV^5@$z2l4bDPz&Y=*Zm z9xtSv=_hCwxC>vkmH75Q3+q~?8?;Cm{~Dr|DY$a2c|k!6E*$^S^tbJX0&zv-DJV~1 zVSYmzj9GJbh~kq1txlHS?flQPxFL0I_qQ6;=<2OoXf}X^f+=xnl^Rbk-%nS?VJ=dx zJtbB)8G*nZO{(F~$Z3(G}b?} zMVJwdG=chazY0HT&1q9>@pTZe@YCvq1@Gj!zOTcflSt2$pOj7*0(77V%%Pq=9W>CV zlY3$>|M!q6HZ~H<{EK`3xd-f3>eld|(zN()tqL*udY^xVdyLRNJeK|o*6^}QuA8~S znbm)R?+?Sbhu;dAR8mrwcD{b_Xx$8p61w)Ou5M2)4Z_E#rw+{8v&SXj`xtH&WyMry z=O=$pBH;Yg?BK!B7Goez6R`R)Ht*j;-T1_RXP~NVTru*( z(7D*FD}D~I@!X2z{Mj7Cr{|dISn0J-l!(>NPgE*{AE6%62&ByOQ*kM7Ds8YIm{=!y z&B^A5jkEhO!3)cmIpJe6U-G5-)VEHD`R?!=R-7kqrMh^6e|vz()RGACXQU-5H8vrKJI2Lv zAmcnPG15T#G-v$IcvyB?;RADzh}e4XeNL8tpCvoR*IFyWjHT;$SPZb(_&JL^4qr^j zWl6)Mlxn_NV7()+0GiA(FydcXW1J7&GVKv)=cE*c+l0|0ek(u3V(E%dQ!&+d#K&X^mb!$VqWiDS z_R}CG70uV*FFt=%SC%{cB^@MF*6E!aGDJ+8X?Xt)sZj zZ{q7w+e0Vu^6#S1kR1tMzXL`5_LOfNilV0DFc5F-XbJ~UF9kGPbYZ$*Bo2J@sb|g{aH_WQj#M(`^|! znRPB+)h0rJUx#=D!u)yf@p14d6msV~US`jlBrWk4z6kuRvSbXzGs(=L44kdmiJo8_ z<(4J19sgPV%yvXS5%BQvVQ<`tguyKCXf3+&(g3%qBwPG*iKZ;5I=!(ccwS8r+Q;8a z)wVN9*b$6lO}lkueSg*6sQTBBm;9Zyd*smEDl=yED17@L7i6;#%l3Rm5FZNpw#@F{ zqronE@Hc|`fZaE)f41Kaw@n?>xkatPcv}U;fN1?Ss~y>@@RiK$+@|yu?Gn=_6qhw4 zLl~EfMV~L_v8Kye#XuEwaP0EYa9WaIt{XO8z&uf2$4((TZzykgMPnH!{wGT zT#6G_HQ)gStmaXgru_s*=c;D--;|H8+$BP1A~sgJgjdaQf6r{hsM1b~tV{{nsP;>Z zCaUKotg9hYNv>a&j|iL|p+EhH4JF?-h1C^RT7_8iT2zfDX_c(yO?xxKM^;x88WxL- zI18K;CFOr|DcT$(qUHMl`#4eDRgLw?q`Dt?4^iidg%B+S6Yl-Ze9-XyvYs*7T%3Mi z`7OI64x-U6GAu6j*hcmHKYJj=B(QyphEjpw2U<2Z$hv>dWsm9nFs< zK1LJ2cTWnW*V+3W9oY^Y5rJfe>kPFpwCsr#fD~yG^IL5;24@v)0OfHb!Cz|%mq{H0 zuikEWa8e9g!K1(1&#H-8k{ttc3-Cb77k%cU8?W05ByA|)U;Ew-Ad!Nb#S|@W!^>(b ziEI%nN|N=U7dPn2eL|j5ylGDSwK4L95w4_$&Y&RhS_NWq_LWUbn`Z1b=Zs<8T$hy% z?;`bS*jT?Im0WZrsy+5t_C`&NG*B8rGGrRir*sk7oeIXwDm`~nkWmdiu-KsfG7_z&Y&(`2B&k*T}d{+>dXfHHkQ52*+~lp%)kN6`ey%F3>PWeX(# z*%VnCvsYh&O*Jx5f5ecAM21uuN{>42DMl8#Y-f4p5YS`w^Y3m886O7+#f?&MO4%E@ zR@wKeGbaqa27-U`Z;zx+0oa7&_|#ZC()c`TQ_WI^9zw~E-?xgbXGt_a=jl<5lHvJyD$eD9T(T#G79+&x@rRQAOh*PpJ802-q zNr-7zx-0?2lI*51pE3jF4$=XIQ=`yQ8I#xl9t{;HB+K5_8Mf$b7L1GK#l&)*6pM$L zsYj=ojg#LEXnlx?g4&{<`p&#OEADJAJ@uhMu+EN;M^UE1Q{G5{Y0W_lr=-U1MAHN_ z?~VfX({g0Q46Ot`-yKQ}qQTHfhV?@9WWQ8CQ0Aor-(JsHyi7&2zn3)p_OGC*p}_eI zFk65V(qL?s>zLVN8~}ws5ZJrhO9y?Nm$cEO@sGZF_&`B1n#+%NAR2lEd>lnyYYW{vcN%kuwCJZaI! zVYKZW)b!P1rme%|zR$L|z3RU=@mVcz+XC5ZDiaN(F1!Y77a6$QN!(B)GMAULs;?|1_bH0o zSow$PgSxl-R*{54Cr@wpg8s=%wRWbA>68HihS%e7&T2usCJe-C8z#wT+Zz6PjgMC< z(jynUIfvh$qow1F-}O*qKk8nNw2bbS7PEek;}3C*^y;`GH!>{v%Z@aubk=mt6r0@< z@vm3h>QvVV-)_WD^Z=IUE{lPr_r1gXLnRxya^bnx+W+>Z!-NqCn>lK)3r+P1=gRDY zLYUKIOaU)Zq6bb}M?u17BNffX1gBmy^HLqXN8kA*VWfl%)sFbsu z=jnx{1{3i{^nVB>EW{EDw1zPNl5oV>P&iu<0YYTuj2*Cx*%qNnpa@pgtfQ>0E6FgD zAyWQU&2$_rkO?nwn$UX~h5a(3TBA{rrEv_;E}BUf@-Dy4J8S!uiaB?eAq%QZD39P5 zeu9RAAgNU4^764Y61lU=8F_jZ7gu^mD7Wf;eAgQEdp-^C@OD}(o`ceSTf(rmx2^pM zVsu+l%>HX$I)MvDhd<;G^0OxN-#WD(t!@P2X`A12(bR8J1;g-i&$pHFHTSpY-`a&G zSEHw}v|%4jnLY4B+IRRO??lBc2}A!$N2I$|^l+~^dS`}(S(;t7nvkjYO)!MQtX}t7 zy!G6D5hGao=7o#Sg1uK-W!i?^Cl-TT(WU(`W`90cyHUOAhcDzFGumjkXzMh}vP64Ko zGdH-#c&+B^8S*yt7MB5W+%Zf2Hpan7h*ooD2IrM)B-1x~m2w^iG<*Dj1u<4I@FUap zV7YKzh@2JsZgy`|!XJ^2%D=skaNsETZ(5O)=?Gz4>yl(<3-K%iwhbSB@`rmz{vggA zw6c=GdAlYw_*ThER8(AR!ZWyAP?vpDU!696tgQ)1Yt`$#Z;v;8+^8KfWYab`_~#`e znfxZQg!6GQTQm?S{7mV%c&zL5ou7#*7U{XzPYuwc#XQG_O5~bkBfPFw*4);s=@r;r zJz5egOa6BH!02qFJe1Js4jcrPM21C9bo4h zdW_THrb{S0YR?PioDP^kY&e;beNXK7C%Lq_j4B>s) zO>zw6rk;pdqDjtKRd#^9=t0I!k{a4{SAobFvV z3+HPrqZF)uev}0`rf@bGz|KMk_E1uj9OGu?9hMNsSXtbhlj1rS30s6quQqWbf^dSC zlYs%}2_B#@$tOp_(33J8K(CgY-hs96$_Sq9MuO%D9^;Gp4_;)bV8s`=5@6c#EQeq7 ztYvP+I$>|Lf=(20JWqZ1b2vHoilp=RNyD!ld#7|D3s2}SFdczJZXap0bz9&>Jw5(t z;u4Jj^1rb&g&h|Ku#jhhme+ao_x5=O;^)}31<1V5{InjqgeiaTyyAn)rhJ)K-0=9g zeH-Kin92>5zuDjIw~~>M(a`OD~s_;v4YJFt#k zTxX#?a6V?N7YpkM54&G?*B7a9sBM*ggFa&Loj4hZ@wXY1^7eXTv)-i~U9VhkFZuRo z>Y$iT=z}9)qUql4xHVzqJ3A9GnbNxtnhXune%*G()g#?3?g$WvO@GEiXBq`?vH=zm zkkVROjwI0=nuZFKAh+8?q6g>pSW?u%O?x1s4-r81u^VT?a+UIxTtL;Z3{1lY z1IcvbRAC>jqFS~yb5J79R5{t7l~CdZFPPZnrEhOZA`nA*9FHjeU|APTS@gvXD<@(6 z@(wFjP-C}m;GGjne{9&DBEu78uX)N++*9d>^ga+R9alIPb7Gw0p7iBPuiR7{-pZ$@+RnXNaymc2eU-4JB9P7PLrVj z?fci_n=h`uJAQ5%$q>?#&{~nB$YIm&F&BNj4H~}2!qEQorOrxox!&EX%NHjYndp^> z+@{b9y?qV=IGe%tq||lATC!m2mOTc*44s7Bhwi zuGcR557O}l)kC&?1@N|fbuK=P_inDC{)qQBtUhPFUAr-h;SYDn`eF#T+mD$pL4Jk3 zze?OjlP1ZLMR*sLxZKo(D)i}l&59}<3t~h)d6=O5laJY1%*u?BTB7xV)7+oMOxC8z ziAqb)y6*p&Y;Ngv5}O4rjd&uleuUpJNx)#e7%!3e#-%wLp#LxnPX-7gjOy|uo7_LF zv7%843SPk6xP86xlNI|3Na$+awDIE_xQUbL<$9L3jEE(&Nb>%>K$DvFP-jSxx)5P5 zL^d3|J_kDzlGpCg%nvby!8Q|Zj020>M`6_M_QCRZxWnw)&!VLrn&1hpdqoUUrF?c8 z5ZDvszAzH=pk7b19zFa=6hi^35}gNWoh9_Qo3tSCtyCb^&sC%x%ba(y zuVuBXO6P(_xe+9RbZEM5EGUMs#ZJ#Qa_Jr-W&|G2=sOrUoXUTk3AU>#veAOsCrIep zX3p5W9)iu7vQ_TboK$EmOqLXqLOWNRh3SdB>)lKv!@i~6?vpefG@$p(dJv(hJKiey zkfHAip0aft6%fvm4xLqkZ|ylLbu`Yx8TJIF3wHFYpWJ|#n287Wzp0df9ghO!!7w^? zJ|wXbB1$|`&%%|(REAXBW9?+*M15OVyy3pmPnL#mgV?+7ck1qr61?>1iguksW&6Hj z3d`-G>mKvRz>n-5Z<@syl_tQ5mBP;I^ z7vPzyPGuLZ=K2j2u8h7y{YL;^qLomFQhhpr=i7)>_>NjvZop3uprE&_#KV}gI)7U} zuSs~8>bVcM0F;1ZEw0xI&%G1id8!UEsJW*u9!FUPe1B=r0zIEH;cYtyTJrpBCt0Zo zqE50M>72M?mo!O6u&C7c60^{P|AI1W2EX;hiHY;Bi|^<&$Al{v#6a-<^O4!w&Jb-}*x$4n&Y^@nXHlJ;7 z43scY6`WdhGq)EJdL|X6uV`GxrN6)Dki96*$3DRVGEjvDfnC&OqY#hL(47ciKqBOe za<%>3E0_qx{qin2&Y-#J73yBa{$_$x2-`TV<)#iLiz^TvBEeD2U%K#Wl(FPV6-td| zi29h3CCT2%Vc|C=JMOI>(~`G+vA5EHMBQl6A0$_mR*)w{fYDe6yywRU7-a%*rv&E{ z!QNd?9Mc8>GWvrbinIjUHWBCEcHaL%{A$kgat{9HMMU;IKf#^y@q%QuMUU~KSpabx ze=O?g8Z-N(hZ z-Fh>AKuT!JX@fPdA^8*M5z1$K_WjcQK+Fj3DoLL_L`oYG!sop$8B89>xO%~|(`0|1 z{+2hlhtWdWrwmJdJCywnzrf_4yJbU<&>VZd(a@}EI2plloae4Rj@r7@LQcqm*`Y_Y z`~Qy7ix_Cj@~y)FG0W&BhQojAUvbp1VHT~_ehteLG5?u5TIC8mTl!_66v94!0z_z5 z_r$DSTIiUC3{tqpiiMMektDC{_sF3h+Ry`k1zod3D)%L5LF?^!ShN{dvU54u?a3H# zHf`~3_@0tZ=i}G;+-PfBT?18p$uA4tyR$^b6Qu|muRFbXk{4BaOt6WtAijOT zC>S-JDqvR}I8s6?gumQ%wAoI@ET)-z3TsSKsn<&(kkyK&Dem!YeW@}5LBfunRLB2n z(W(W|EBO~oSNCz$D?N8uSRY^LOQWP6={s~Q%MSudqEhOwnK#{{M&#GNRxeUFlzoq} z3@2VMGv$Y;D3u|VWla*(YV7`q*VVL2Xs~W3^Hpk(ONUr5uv(J`n>NUBpYQ_A=WqRf zuHp)pn>vMr`vgED?A5RXdqb<#>dyv=xKx7ofHKw=0B!7;KHST_X~lQR-bHT*^Xy0Z zh}T;vG|dO&GElyBR35AyOK0noHCNM!(i6HYA0`Y^FS2?I2eeW z#3?R!j*ZhzHWK<1&%k3ddH0^v$aeoQ2#|Lff!J!d4e}~3WtJ^eqyW}>8{?qk#orj? zykrD-GQ+}&%HeyY8KS}=v^GNQP-|{^?-C($Kt5c{giH`Dk@&ENiRn8zdc^ACSEM+^ zOC~p@eX?*zS+EMSdJK0hn&|xLT2Z~U%LkHJL^M1g6&Imv+|bMQ$r&08R>i@VGNH&` z0jreEAy73VLEK;?l+vqYp$#$qMB!$TGGq`D2)H-?+2U$2yaNh_u%8dmWc~BGB^Ixf z56OJcQCW#+Uubdu)$8GSNF32&j(J7}<;dumI!H|+VVR}cjHztde61n7KfK#ASJ_Caf+Gf@jE%H@zSf#1Mik4HZ)v95h@hl-3XR zmB23X6ysV^Ef8}=(4gqN?k?v+5{`Wq=yUvUA_N;Zz+22p?y`?2V z0Bag@AxpZ|Wc;C`bq5!+dAPq%qd{yIMOYeArEM~E!MLR7<_gBKH%1j`ww$i#TG2RS zh8_ekP2(6;Gi7$Nx|~jKwm;2qV*{OBO%~UR#=O!_MM()a+4A}UK1Pr!2u-<2jFL}O z4EHdxaa-+G4Q##w4z)L$1$g3%uf2i$xR)y@jB!0kD+ZaAe(pGR7c@>z#em@a1tkW; z9eUjcxOsP0$45c{G56Cyjd}vEltSz@BgXiMU3-F}l1o)IKcPi=!^S6nClHrO3pRh< z;m7zwKh?P5E9fHKtBl{pDr?TkarrIi&tp^P+426$e7o*{K;Hrdn8RaJQC^#f+EJ1V zPkS$)R>~)+0N~CN2l3GSEoOSKFui5WAh+#f8Z!gBsxp%}9awNAc+fq_{2Fdu5FlZ>8zBEonHG&S{@9!~s86)-LXUo~yHMF#ow^KLXK zqYjwi=avTW10Dbz*1z_#Lh}T>o9w&dhc8jiD!-m_t_UG}8b?aT!%!GJFG zYq3c|{;Hb@XD7c}8g7n(`-Mp2TeJHSU&~`|l;A*qa-pNuoc6`KQJC&Jo984l>Lkcn z36~h|teV$g{47Za!|PnluUV2mykYi_SYlL76%9!U0oq!`%4~Xd+GrG{BxcTm%<5D4E^aI zj}^tVT!AYdNmaOYo@pZ@36@)}|BTv4DOVkYR5(_KbQ>GVsTm&xmio!zaxD(y!S zI_G&@lH~Dq8B)|5s{D}ox4llKDJ_V|{|#^EnALJMayS;&Yc&WmQaSmel}g71jXMwO za3n_VKNtXey}nUfPgFX#wF^b7CnM3aRN@v%44vCw{En7-tt@s5m&$*_-qQJ&-TB6Y z5}Bn*#}k&+f~iOx-Zpic$s;#d-8+s|EY_Bs`G%Y8;SKPL?)qlH;9AAem1pgFUx4__ zpJtH&N205J%*l88dc@2zt`g)l12-kycwy`0yG0~n>MRB8MWH@Uy1sz*fl1$M0>h=B z`&|`3{{wVqwB7YqLX@f36*@cf3u}@{LOLrZn{DU-QO)>z!)OYJTdzJs?37KXZ_I&@ zaPG)MX=8jhJaoak20hA0q?$(~EHmFJ$zPU{OtdK7fap)&WUZnEGo-=u&f%A6k@dW+oC@R}J`pF}(&i4K?3`wh^!IU<2W{&o%hd31FO21{^{?jYF=e?T^kJZ!^I* z9hgkq%w|W`Ylb&*zv4U+kO6H*3{tAPy!?IX#_zDj+z6|3hOa;NoT)$ciSMzOoyrz8 zr8u76VYJ^8p$9r~usQ!dBEnD#@BO1#lDJ4Sqh8I^Uo2%o{6++^~lesy0+y^ z)rpHDc<2ka!W&`1&W$KzyR?r>!98mBtQg57sICLm;O6?+WNY3j2cVdyN{XjZk$msr)zgzV1RdS+PD^nsl38z z5ngwGJ}iZ@i=b<1K^6ezi?t$f`26K^(NnSWir{H;OrMPWp44 zC{?lZ%ovqzh@rq&ruwuM#Q}=#wXVDSlMhTDP$^y>4TjnoPO_7?dD;6}6v2<*Ds`xq zT{Z`3yNh5N_wTs#1iz9Z0RzyC2;A*i(nxST$_; zost9ZI1kQ=7=>06SOw_2s{dv+A95vZfa7%tTJR75jd8>YA8dXxbI?0IDftZ$x^nGc za{X0itLa~CHI64B)+d^yi)La7n#9IxQZ*DNo+-U0amB-H3hO>j3TP%Pn?}pM; ziy8Fsev-mWZ@RcK55FadcTb?8ix4?BXQur!TVK)Fu{`bayv{j$=DFR<2m_cR7{Htf z)(SyNk1e%4=}IKeZ*|{kniu*5=mQhfEue(uXaxw#=U@mT_jSLNtYy(lOBwp|ZijQ5 zuP6U+)wIf2~*~v8)BaMPH3xnN==wl<*3&JBX~9JiaDvYMiN08k zW0d%8bl}oKghQp!Ca$SLXramN$8Nx$@~sV32F)cg%DB(c*F_}0YmQ1tUo8Z+!-8f> zhbm;hKK1msRgoUNlhDx5z$qilwIR@l#k~G3hf(FtlFRH#1K(eg`vB0ho8YTl9iG8& ztGjV8hN#t`ZM8C=g^--@(0bT#z~gT-TuPMt!n-F4vQkUqzD(uHg-~Vm%-xu5?wSt` zh_S!GS@C7j43YX*wX{ckQFjh^>DZmG?Wx8_LBFxrpBkhxaxBcoS1(iTvS()-rpI)J z9Df(bj#tJVYVmTdN9-Sjt%VFAonoO5w|Cf@TP|oXUi5+iJ`zrAGZMHP`Z7uo7Uc9X z9eZ~s)vwbx%rEPDJ}-qo>)`mOK1j4z#!N>v<1TpZkkWCpyyic{;i$XGOXaZsY*UN( zz_iKqpl4teT&0T&x-S5AGIL`0y<~J0@)gV3;v^eHiw!}&l5ILYpG1)^_%8d7)+0up zTL=p0!XvgrMQ&FWzKu%$Casy(Mxu9U}4JQ?<7qZcVXDmqyClh63WV=GiTmVP#ylj?B`P+96v|z&Eb412U45d zZX7qgpKG2^&fkU=UxW$6E4pssi)#jdVviGOJOPL{{0OhLWG{nNuVIYLb10}m)sztI zrfJG(vD;od#}!e{^(coNpcMx5Q3#3`6EHb6zpWc7FIbyfydq)yR57@lxSY~9Xa!RpW>hKx3izBj zCfUiK5Y;!5f4Qu>Y@UU#=^b^{y9+H`$2#hT!QXAJ^iG%LN{YN2&Do{jbfQ(;6^k=u zXk`u>@{!rwewlBxG(W@Vy?en>IIvGf2dZ>>cmDgm8NNMk>>^mi(BySQri|Y&z4UwDvNcd@;;66 z@3o)B3@*I+D1yn}pN?1)Nb0K?^=`7?{N$SMl2M|({F-SQwY(`|$l}-+FC+1pqA(ND z6d=Llee(X$(N@pQP&Lz`I{JEjk1few##L>U_xs^xv~W%x_h_`Gn#+n^)Q5;Ed8>fwkNN;PDP&`_=MlF zZ&7fwZq%Ke@tUV{4+rxDhevGS#i1la#*l=XCNd-L@pZNF8JW|~Ubdz!!g$oBNp#z2 z7FNr%f*}0;M`NVI9Mx*gC~cx{mwjsE5>(7OM~&Y5UT>AprF@UbDGqxwAmWSV3{5pu zhHbB8VSmRXO_;X3?-ObGJzmT3GA80&yE!ME-{5Har-8k!`s?qU3vGu{t8e1fX)dl# z(HvtYm)d@tIB_PBqX7d9nQMZ$;mg0?4@I4P?s21huT;h5WC1Icl{3y*L%#4b^}tKzEWvS zYT_h;86?YdICt8fAmN17fW*zD2zfOyqsU187tZdVAH*uU5lZ`~v`5Q`8}WyEO;mUC z@J;KRr`1&e&3(MB*DVIOFdzsfM4kZI5b#2C4e>E{ZvGGZvXg=^=>RNYLD(tFBL1z- z=W%~R7bpm8(KOYb5c_Qi?xCdVr(83%<`^_N^+A-&2)`cerEbdG4sR$Wp)ihy9HqZC1$K?`G+h#b-yrz{c4YQI=vbr~FiOOdn5(4T<-T19ijCmpHp zixuL+e}oQ}7g9zSj6T8VAM+~hkv+m(!#f(-{4uKbO!-#2oy9akc|YEu2Ybz`t!zIh zb)Oy{WQ%;qgo%IPLgGq(*6I7~DVah(LN`?}yUt=D>8r`rt~h5ju;^y@4*SfQ_UZJ! z=R3zGvtBM>h`$gI=T1#)w`8vhAsb~hSA@D$z*h6t9EY%f`j$JX$HYYY&_@iQ-?G_` zMdC5V2HVIo2|gea#z7jxT*#jh57Adw*G@v^D~QJmo6zn- z?7shSEIIP=T>ak;bU?p#xUwtzJbP~0f_1WgG0^pQaGf4@uh=VU+@z5w_!|8yMgm9U z>@oh}hibT}{o-3IYKj`OBqso+jMB)2qQ|3-g*B<)uc&=hbV{N~3A*gS$&PQiMlroe z313-nt<)Gc**&qqWI~T$7j80ri&-oP|7Ks2+5DTYJl+d~cDK_0@jE=sXd;C0hh?n~_e1rJp_NR&NT*?*#X01_*LGMj5 zW96&kM)g1%?eY5$CHN_)$~Xup$7~XkA`w!tPBKanhQm=9l&t&OvKq@j8qq1a^){RT z8%4v)_rQ&;gaOarYS2M{A@O2lfD#vk)9w967VI&1OBXVY5Zn~yII0K@^#6MMpwu)QM}&# z{l7H93r$-IYQ;=4kq@IQf}_2!OQH5u=36O03E9ZL#l(FNL`BZt<46QtW=Qs9Blz=; ziKw-#w$G-V=U_izMmjakGDkqh|vbtC}a0a24kcELmJPa+%-(PVhe8Vn}GJWPl84XcNteJLwtjyH=!rtp_m8k!Qif^)7spoYGwL(AqSUxxTO9WT;Nqv zo!9#^B~+)*;*<-kez8r(7QK`hvf<-tn6U%cm`W~SEC~z&Pf@^qgRMw*JigxlJKwPU=g@%^>5nMWGc%c0bbpv$>g)f?{x2-?M*y=fW&Ks9qU9O0Y;?b)$4wXg?VexuP(zQt>%e_^P_8wi710*ODk{YuQgjNTo4@0>3CdAaeG9HCE( zOBDQ(58;nXo8A?SLLbN&s9>bDm9^n0v=P`ohDT*fAPY4jNmf>ObLY6-$RqnNpqfFV zT>C}oAu#`w-Ws|)PeCh`-EUTbZ{q; zy<{|RH{x|+Rl*Bovv)ZVprz>d{n;lYd^sc=p?LeXh5$cERUg!Edd8FIzUO%!CiC@) zoH|=w0PQ;M1pVSXE)h2?H%dp&{D9nvdDJsULN9O8Y937{(Lbj_CT!K?ARmIo*Y{L8kKP6O2&J^|`qIEGh$SGEdID(ZQTp zTj+7p`D7f)GX`om`FfFLi^9le=j0*-YeOoA_AWlv|DO(Wz(Z~k!>@Q(CI0^DRHkpP zhc0XOTT;24KDwG|iUqKYB|?Eij}tFTzNi#7AW{FWsM~BhPv5qyydQ)UJYc>*%#0k| zwo^mjZ*?qi$z6}%`v?Y*vVOlHpcT~jKmHy`#iH#h24@ZSb47Z+;_op3$PTiEWQADo z5yn(HV?0sRA*hFigTBLgpTj;$6ZVIU&A%aCya?I-{D&_ zIso^>R+^mo)^9ww;i2=-W3Aq10u12Zm)`8`a%z}vLXA`zus6Aifc^ArwXO-@pGZmO zZnjGTt>u);qX%Ye0?8{C#D2iOye`d=m*nTd3y>2_QE^*-Aan`REy$D-{nk-FExJg- zrjUi1weRkibW0qb@SF*c;Xi$*`@)K>H= zmg1wCzxOR`cs&n7D-C*;lX&pY6yMM*3?5cgUr*qD!*KXBq^P)94jni!esUCrHjxPk zFnAwmr+@97)Hs<31XQ9-GJSCvb{HT#miYNRTz)elFgLGrECB{6*$qV)TODKwWM2D( z*zP**{j^AI_*Q(9ah@T{ksfj7uta_TK@=Q&L|%q2o_7}ekQ+K{x^`wE?q&l9TN7L! zV5eYfkb5%rdTo+dnj_V6f;2y{II%IGYIyE8;&}ZF)GjMKm2vuEgVTN8|6}H#@^4R=#?}wtWw_FE6{LcqB;we6uQY>s`Nzoi9@^?l=||rWUiD}_>lo$>%~L) z1bw0;xo{D6Qo5gjGPuEu-5y!4u`)|(nEP4iFZ2p~9&b?q zJX$u|cmA`4tF!@$wS3j-!DIV#H9mlath+Y;UmJBfpo08Ypl*D!_;!8>@I8|fOx@-? zyM}3`J$!~J7J7TldQGe@M{y!B z8PY;k1bXqKHzZrj{uBi7#tgt_CSF!VP%3>+4cFpfu10RDeVNFF2>5V4^U++e7p= zw)h;q(b@iXBlz~6{Vx{i!F2}36d7ahq+1?bxvgG(n3rcyv%Tutakm2pgPy@F5dOduZjOHGX|KGxD-2 z?GP=26B!c`4?68a<^xFIILP$Nqi!keC;w|hb$f6Z!?)ur&w0R$YOAbMnukR0(W2y? z5cHEqnQR%C`YWtgM}8I2FRR-60d;L|Gj)ZC69h~SO$A_GU$bib%+hdT$rwZncEakG zwUd31A|$f?Jlh%fFjcvTvW2?)^5N9bLAxjUyVi&2NUxt7_)}Ge22yM6))(0-K4$Wn zUFHg2jm8G8iv3`lF#73=gmpwM;f#+}j=$8Bk1b@Vd!O%45^SH3553-6Gzyddqxr!^ z2GM%r5|_sYK#+dXpkYK}AyP*HNmMrz&>9;e190X_0jJQDCnVKwSMX1NuOiu>K7rwZ ztI0NpaSr#x)-0Wsm2ov0Qwb_ensgwkr_E0E z0JSaYj(rzMs}5APVZZ;ZULHjqA2|htKN5t$r4%BNhf1ksfAMCix2iXEO6B?-twe0<4^2U~%{Pw36=g2qi?Ph1UP?!3M7Ld_6#ZW7aO6=(Tafr`ew!=PPumd>+ zt$pspXD60dh$kAZ5wznf61o|pjq{HMu&T&1#AM^dm-amO)3s1q-8nSD74;cj+3<#0 z93ax5_&Z+Oq-l@7FRy~eYk5wWI{Z7MTe45J7&12n(RSkDCsE@Ra)Zmf3vy zYw1d(edFB1{J$2P*~mS)$A$V6?jQS-m$@rXt|VN;e3QQN)S{l%@ql>MlAWD}^+Y}B zal5-+l40qx*u$T-+`kxdqIB*-~7&H1)WI^Z8seL$# z+-hk=`e_^*qqi;y4eu9OF#oSYg_f9`e-^V}Mk7#kh)}bYxodaVbaIc_@a=F4@ZQN1 zOl_{CI4699a9XnrHS`@PZ5qj>AkWbRRCGx?M}$O{Gia_rYd0*>iMH~%QzTy*7J|^$CiqL* z1DfjhL0<>bzV<`u2IemE^Sdyq(4E@gJ8TetCCcPp$s8rHXN;45plXP~dyaLVMrl=p zh|yTL9nFtq+6f2<7+0o0B4Cz?Y?O(%XKFq-l}|^0n?HJ=M?5IFRCeYrQe!L!IjUYK zOkGV~f-X(+GOwlc<|soz+0R@7l7G<06n=a`Kg?qka)}g!U1#V&)k$v(DR}ljJGAif zF$!+@HAonN%PTQ+%R>bS+-mgjP9fc7KIi#CdFn|sK+5I8XmPU3mK+!Km0T+bGlKIG zOpxVxRxxWiKDu%xw6R|ff~_{^o)`Uw|gEVDE~R{JLo{ag1c2} zlm!WWem3s~d2_@yv5mdW9L_~0dB97RAmub@W%HFBnKbHTL%Ug}ziJdX-%T*9vsu+! zYP7F7{^qtAMbmi#NcUtI>T3~ddCBYra|O$%<9H?tW9$bQEH@2RIMSqwBs)6T#giEN zy>~xZjCB>mLYKnm&LJpu= zHzmU*k;*bSWPsqHC`_nix?aFKJr@`x)KW?XAO*~Qa>91vD{*EhOj^!Gw_e7_iOjd+ z36)@-*i#*L3Q(6xkn@I^-$d4MM@Hdm65Q4#qj?}bP10SAIWj!M!Z$YaSg?X*3DJ;T z^dwsXdL-bFR+i?&j-Ri2tc?7wF>pFJKxW6`P=bhPSczzm#GB@eqv&1vp90*US*X}1Ud3*ekZ1XS;ez%+ zu?y4IfYz>gQjA1Q*n1Q*D0-(#lhn@BlDGL<0cvoC~>H&xf!YXyknuWHTyz5%3U6{~}l1SZP!?WyqN)Q}^ zgpV;M=z7T@l-&D?O`>y>=2)8~kim1x-V{5UIZ-zOped(&9alKdLbn%(3LLe%jBuM( z_~YcG|BUKOdluwWK-&Y}4cvmI={rHvQGpIsz(o+0x$EN7o6e;bq?))z5>q{g3rX|U zTkpX&kcg9-RdaF>se1XJ4Gq$eD3)H8pfsiMGsavZtUtP1%5=n?DrPo+^GX=8ZbBH8 zYK&Sz29NXnuN6HW1deVP#-B+3R{RS5ti!NSF1-IFtk&d%s3zd*^H3?GK|KF8jbRaJ*l3~MG2 zf?8rW1#&goMgLcoZDvPKzKuHi?D<(sdqH`qhpMs8YFXqE*L(<%7UcpgB*h%>{(HQv zqAbk&CggG2$mfH$fWSZMv*9>DUH70U#G{8%%FKDQ#pLz(atukCAB*(l>OTIf|Fl_I zUnMZCoNA}0yhUTc%se zc>cY-{9YhHCJ=w}*4W+gqc|Ur1PBlZ`=mce$$e>ul;?Vp&0(qk3?w27#?ZXtNqFXx zlxV@uw8w&TL4cmto9MZJ(OObq>TV$5-(@Rx+Le4meDZh#K^w|nYe@yE5t} zsP29ADm5XfpjA{##_mUbzH^zxxmNTvd=ijid9xd345=4!KCc1#LOvVuMXktANvIddV^jX%l^?S1>y zEh=NIXuQE|N+RF$gBlf{z4!Jxq0a#R8MXMM4QTfUt?6yAG%LPSCi-iCCb~gvbW95l zxRO#|p}6UowVfqJ6U*!p>ce=ZbE(+pzHpl0YZBLP_Y5u_WAZ_{kWPGMMayr6vS|8D z=YcYS-Uj>-5b#~@6{NUzptsI0=^xeWnq#S>WuN0O%+h%Z1&fsxlE|cg1H}N)rR}ei zp^MJ1RHIAy{eAd3zX=)31a=ROm_`oGN{QmR%f7C~c~xL@P1y3UPb9Z{S0Yt)vpc?f zy;Q3Jcjx_wE$LRvBEqa-^Br&@vD}{a$5S>aohZ;0#)Bhf#{Fe(b%}9WmlU3X0j-PI z4rY@9=%b%XUakr{npXXCG|cip8DD41`y`>-ve_&(NtE8j-y(+Ev~fR3pk$nn0T9Ql zxiLm(ZgP4iR*r-{m%Y)`(_q`-rnd2snrwbC^V&cESFV2s2jJbIIg)z!)U3=Br^0XS z0fL<(uGB@_$1LE!G}vRw#Pe|d-uCbyb&7qa;K=c-kA>v=w>>6(o9k`PNJ5Xhc5g$n zl>xi;`9PUXJq09}>Q`{W?&G76+fTDr=7?2qEw+tZqsOWh593^)hgOoEJ-f_VSvnENZ;H;T=MhFI~uSSH<0TO7D1Hcg?N4crZTn*pt(5rp+B1$RD6hgbiKSwBR zMN>-Pny2PTy@xw1;4Jsg>tgS1wG(aL8!qrB>%PX zrBWbcovXe7Rd8l<*PVkQ+~5&>?5w@gg*GG*b9HvI@BhV6{QTBz1}V5^Zig#EV3Zzr zh1pj7dt$L|r!9@X~WJ?fWV{f#-eh%#z&EvN?{74(k*tR# zgMb&B{JGv6+k`@w@eT)Yo;+hr$hpGYGP70kPctZKYTJP2zUBlhbP~=AF|b9X$Q2dm zPt!hMd^JfM{vSPULtC;Nis0|1VkJ*x#ubn<_y2y}-0*-OQn(!P&T9KdQi%mZtla`T z{zT1hTk&p!y*lH>hreJ*xb+;Xh;bli4)FP@+U@f&K<1Y9NRXEo>rXdJyz63oPm`3d zFFrwdOB!sutDpchgX%T|9tMQDRp=aCC8_!1UN1pKF)kIot>DLfA4R2r&Xx#q)ewJy z5rcMjmG>ZW3W_u$ygVo{Ad~+VOxlp&@yj&N-h=XiFD6-VcK-XCrD*of&Blv1(M{VV9w*E&w+JHKFOLZ@M zO4l?PMX5BAP`I)s7((&74>3nJ(R98(7zW7kx1dd|@YW=7uQO=PDxdOhB!=Zr0u?}W zuLao8_bt->G#FY5y~vC9^x#TAjMK8+J<|=1cL|p17qXtV10&=FO(1do_q8F{G2xBP z*b~Qyv46y89~eQb5n6%QF$1%ezn7YOI{hF3ZutNnTvdkBQzbD~F{1!z(rUGpYIh}@ zm23?TzSW|3CDuVfK03T(1v%nFs6oho*=Q9wpy+O9<1r06Y^UtuW4D`8g>T+x_IVGo zFKG8Bb0?*hM(uif#_z0-{=GkkR6Y=FR)wzpurO@ylU?8E+uQ#0bJXSXY0KqsOqML9 z&4@_oBBq8&{evN!2Bho*yW1Ta4D$CMO}u#c$)GW&^>W+13&|mhowaR}8#i>Z$x`4D zNV>3AYpq2NgIa@TdmI{8T{AylOWIRW}d(vc;(IN#3+K`-`E*s#F=;vDDrfS7upmur* zYz_NkZJPFkQi9e0a$!AQ09)XETl!|yp%m}1-4?e4kUac^cC*an z=2+{!#_q%=#Lv&7=671FEb<=km(f@l54Z~jc*3Efv3U0CQh+cSo@ds-Z`3xX@UVU< zJZzvZEjkHa!eJ(Z60XR@(Nuz!nEnf0B@gVQD+DDao7|B`N*nl0ar(&AOv=RGexn=D z8HvXO|2cm}umFV|eBjrwT4O%uP@H4l@0XySIc$>zL0TGs7eGDgDKH*Oii8K*xxa3N zT+H~k&cY$0Wj3DXX0-EIb&-&p6QK(iQ#R+F^y2f@Zw777Z+)en>zLK+^mFA*b~1Ue zufD?=V_tJIwx$o1tVT{N0r|&XNYE^{{)gmIL2Vv0>DP1NK9|o-vd^uuq*W5v?-h3L zg!giv7v%$L)L3RzWpXxIAc&KW+aRC2egDK?ZF+aNaO$Mo`)Qg)y_Uys-V(cfN0Jt} zUtaLPN67C?!)Y{0 zg6-0LzhThbe7xQ~m=tBt{QYYvs`@#q@{>(iVK2GLH+TSNDfqlPzefR7^Y|UZ6#@X0 zQ>tiHQh#}txyS2+kqZEnP@{Xeyn`P{L#s!{Y;%*#Nmn_iAY`i-*3QopRLbvM_byzV z@aLbP@lT%k#IqGiGr3>T=t8G{V0ltCHs;f3S$-wd|BMl0-)Hcj`<9A=+#;W_^$`ij zhh>h-_jDXH>46R9wW9AiVTn#T zef&+hu>IPX?Ea!mOYgN5axUyl&F8>oGxui2vEAhHlw2e^wtCvfL3PAb9wXKLF|tf1CkCC!F;ZQ8ED}5&dJ)dw3pAIRZ-)ogI@Tb z+)%GnoIl3;$VHuLA+H z_oWm@8c1fJxnl*9voB=m&}A~eY%o|$oBN@o14SW2<_cf(BBuaU-Nr&+NnFM#P!jU0 zSXrbuUZ2JxW4gz2VtWla)8ZnxG{0;d4Z=JEq@<=PyjP*x_+UE0at)0yX^C=&IQ`Gn z;s)7Z{sMB}zHUOy1q5y10w-^C%6X zEUV>Z^2n2#kLvZ|B2dg%+KG7+x_NY=1uQ{^7su(M}3}*vBrR z%k!`Yv`tn31#dKhl;rbV_N2qTpt#d9m#Cd_HLP)Xx=`;Qmkhu-QxthB#>mYVDSjax zt9!&rM4Yns9KgQLPGuU0nx}ULxMTa@^?#IkMFM@-~BfW zpz3jGP@F>o@lGON?k+qnmdP5tP>KuL*9ijB?a~3pLK1T@oMLN`Zy7|7xj8{we%|iK z$?J$KqZG%dS=V#lu1l}G)!aLtyTFr&269~e`4xuTr?oigA}AXPr%^(meB5Rw5Bfp~ zJTF%L`*>v-tcP8J9xvb;?11wB@L9KVpk$#q=xxLmB%k{eV1NZ_P|_LgS&EV-`Nmk| zyZ%23HWD<$1cg#%knHIf)#c2qTLRyvV-|x5NZKe3H*rcEV zFN$=w$-(|8`m-qjn3h!cMh!k72r`W({84uBhXHsJbCtGbKRp=4h}A+gtR_}!sj-+iOfOT@|zarE)E zt1D3LEhUuzgZn}9`5@zjy92TY z0ft=F5{pV}Wo)3|?v`55yB^fLTEywH)71i_#91p%f(Z1kR#&oW^De{R54I-eB}M(_ zbFNlzBlO0z0!RJBhcX9r8|V}lt&^BL6_F|cw- zqTq4_X2ORfd1+Fo#59}4i?g9-iN(db_T9JtmIz!KenUQ$zP2S#b{$?aD8Y0zn{5U&9^cf8@Q(!vJus)X{5_l?QFLOq zA9(_NU8~5 z|I3OdLIBNetS#PRHT7D0U;hz-AN{&+o)x{0zW3F6^?mv9qg=LW<2L~5%XSBDT>sAG z^PjipaQ`cTyOQ;Xpp{13lD5;gfYxSjj;m+-jY>3Hm}J!RpjvhqslSrD{W9Cuf`##d zKQXtfEQ8-?{`@eMlQ64*uDhr81f$!S^@L4NeZS`te@$}ZkoXx4T$(nW49qcUIuxV? z-_+_Ls^BOR&XJ*^@OV*BNG%r!qWV7jJ^X zO>Y{WGnYbYSc&?Yu%6~zlk%ScM67ez5K7cScy}m{^q>R=RgZP0mI3AmXXz#nG1zEe zO&&6)0&DVnEhRdfAe8%z?tDuSG8__qu_6@MM>5X$(0z7*+f zX#67?V2r?m{XTqe_XhnVimeIDDdMhoZ->P1sd)$Y`7~~u#P4N{5V^vWNcg?~IH$G*S91kx>NXy2540#U*ZTE;LrwIUdDkRHoDT}s_ z**IZYYvg2(A+HeZ`-Oj|2C!%kT}XomP|6%t&FAT=BjZ7NDCZI|ztN!b-zw|$ z24JNMMTv<@(d99L&J6;gNCcUMjE{EQ@T^|>Y`f#owQ=fv+A2cnkPv~vN zg|*lD@Qc-JZ_(QYhx6f24bl`ilbZow^z*6V-9Z;3HA}=pHNjB{g%DO=sjlwqf5@dJ zufR0>GDQJnK3L~n zt69NobXPUOx82=e#y3%l-M{|}UTv^?jiH;?b46=Fl~{^bjK^?1_SXuq=3Dw&qw*hV zlj?U-S3g~H(#gX@@Be_REDFp4d$_LCNI5o7|PN^K)LWznw@K#YVnQ z*ms>q5B7HhCr@E*zbGilHLHYU4xgyNNH1ko1MflL)%f{F;M2_Sxl-@9kp3?&kD25L z+kelt&Y|HzyC_QEMrO1>;`0mkdD}3QL*yUl1DWSL)xJph)~E{>WJ-;A63hu-Q87Mr z(#VD0tTxJjReG5x&JyUJxpRZ)s~(b;c)FPRJ;Sh$*jM{B|D?WYmZ?RN=iH6&S!S|f z_zQ~*wl|qOm_F)QPS~A=3~-_L3@>H1Pr$W*%DRlvPr2^F1W17i$w1iK-hWnBULMQ9 zX@_d7ga3!1^HMO_75LRq*a*+t_MgCf4XUUuW`-w0iDGfIj<5y#U!4z;4~6nmG@_SfmWOL;66nRP{|mhb% zkh80hZpxLVgR%?llv<~$D|qO@!KDBg|GPm}b9qv8-fBdxhS%vaaf2PIn(D*4@4@oS z${bXB<4^~-V}B9$`e^CH-(dt-*IoO$eAlVOXpgV=CN)I+IYCP2l(5VHVbS^S^c!yZ zcfdac^JY`rCjgOTX)YpdVW;!Q&5*&z<`E;m3!7G-EAsv`+hob9nMDTdtHyujar*b_ zEG&WO<(bpJx@#^2*%5PQxD^@_erj}3yLvymb6SN`4aUt$#J>tQdr85-LxP8aC$Q3_@Nezw5$=x&`8X_kEA=+E+F`&Gg)LD zl16$!?WfY)jmf_^RbXz8C|F2977EgUTpE09yxK@;tz=O6U9-o=SJMrVLU`TzOn_Dz zya@StY}PD^H;Xi>v!|iZnA;ai-pcu`Z|2}Wo6UbW%8Gr1O+|smvqWM?^3KM z$HuDOO?|_)?d7&x^SP_=XMSj|Ov9y%9dH~RWKPD+RVXy~{eSYl$t$gmVsj^JT~31^ zYzKj#B_3u*&xe^M7^Jz+yc3fWnc2ngu?r{Xmk5Y#no7O50a}EuZa9L6}7z zj_ECp|G9Icv^tK|7gy;Yeu69+#59V4JHgk0dsI{nt0X0kXw9N-`r|1k05^f+3n`e%QM>_qKbo_A)fK(Z3e%>@Fy zF%`ykv#8kS^G0Ngc0R$keI_+pUppD1%0DpVPzHYNWcdH6ddH~D0=8}V$~D=xeP!GB z zOg3;tEOj6pua`_;Q{ zZHGG2y?)~#-uUK!qZsiQN0~p@l)xe#(i$stTrCF;hb})~POC>ZKk~XLIci{pRlJw~R8kZcOGrGZ3|0k0=u0`Ks=*-p$n!bry%FnrqQ5zFnH;qcy6?!8gbS$-7@A)GBBI0x z={9*`RyFEyqQwXolD2$N#8>z(!)d%VDrGKyj0^dXjCXC`!E{kt;aFRj{Y`!46reP* z^69GuA!r9ufa5UeU02VIhqu{G{|CGIs%9!oDVw` zj{-aUR#l%Ufqvcb)GZ6Ds-8t!glj?a3&Z6ceZl(utH1Wv;eeN-uDPm3{jm-(TcN9ikH1fF2C)Y3^or^+ zX{2vP$uia(Lg4us;(R$6$XBP(dTIkfCJ2807MIh-V7B!(JBqN#ObIXTC=J&1XUUIX z212D2Jbrdk_!8oGyy}*o^SO(7a%PEck0cJ%+rIxR`B&mDdb9T=5ozG>>MrC5SiHRg zF&K@;e1Z^Ye7yLsjt+g<=}t*aJFSga!87Xk; z4`czBGC{yMa71)Pu_sr$)Jo(kvg$$N^74ha^%b21h)T-0}##lJa_T_Ie z^(3DyQ{y>m4Cc8bT+hBBzQ0=S-qQ;m6Y~6RRd%hB1QJ%Mhmqi+xuA3Hqvc9MsjV?_ zzy#&`p9>pfFRQ;{p2@WF^B#G{pMq~;3IcCKu{m*jFG(QNU2cj26dCID^Ez*EM7l zeN;uzGyjDUoAN#%*ytPnVv~%3_*olBqol1Xw-apnpB2OjfeJG?GEuW8`B z|GIQsDGsO{B}Hy~k7`J8{>$Y?F=K!@6ZB_Y`v zX5Fu1Ihr35V6{19g-kVz_EByJj$$+>H?UFT``Q$O*jD~ufcd|-V|zGAkD=nKr+*xn zHyy&wr8eg|U2N~TxP(awea&}>-7%V8;4o*#WlZoQ7&sT~CZu0y%#0M6ciI*kwMH@v z|IZtaqibH700a_j=ie|l$3yh6;y;nkSLv%epHp=tQd2a#|?Uqs-}5JS3KN~-*D z>|Lr|f5eAn>R@(N(=kJlCj79H9)mNvn5irKi)e=_$Bq>U)@_XfPq)7v3_}UN+qRE# zUt$9qGqt&tfn`$#G|qF}I0#;&K41F3Dztn~kxFw_CUWF@K_vJw9%kLCN&^wP14#A3 znOvKh-~x&+k}EdOJ{IZUp-gNa&r4I^SFJI@Oti@;#MRyHN)zd)M*Vih zyF@7Ng1ZUek>&1lnKU{+P?;q0AMoe-k`ue$4o7E}l{);;tZjdFNo@3n(jJgNqk5o$ zAAF0N9@Mj2O1-^zHpi`MleudvW1_=1^bQI%)1IV3Q2f~K`Z;t;{X!9dL-u!MU23Oz z-mK2w22&ksgoFbX(kUQ&bJg2nXX!SScFB!CE>`TV6GI%8nHoAu^F03Cl*$6b z{K^IzC8)de;4S@1o0lOEVWxDA&8D_%^j=B0&47GGfI^WshH;$ z7RvF2G5U;yC0vP7j=l}Dq4Ex1|8AEp&j9QqQb_2${$-FI_2?w`c&PW_P{zr5d zR&}2QlU4A@_m0B{eZ9Q6d7j|Vxj?)B<*1^Mmo0fVThAE*P$KWJAfb#C)65EigqDRw z;qg7nh2~i#O0(CpLf#h^Ulv3~hCYyT%>c1O?=*A%xJ~+EhtA61z8R^lB0ijXGJ#fa|Qs`q42&e}e^0!8b#m&r&A~b$ObW&Mpz##9+{<+4S z=ZCBa$`%sjCi$LV{*YrQJWBWJ8Gsm=A-s9r0B9D)? za5?CHGTFjgy7QapY{n>g9d1a#d`*Vq%Sl8sKr(wX1q;?B*2XT!sc7&T)rtBr5BeHu z%{5Ituu@GZ_vL}P@2@+`3jffy(Ovkl<|>ww*=Iil5F*67W@u|JSer%>ZCT{K1aT zy}d)+eH@-0IYC4VP65Rq1;1!a08Ohn_S7D2olHWoS1J46YvA^$3mn=II%l*z70iHb zuP+lo^)%r=Y~0&p)kTqSTjy%Qzy*#1tWz0C5=D`QLJZ^OQ{B-mT#_aXVS?-xicaD& z0_dj93+Qw2bYUI5^RPfe@dEhCPF809E*6KeC=>rf^oW|-8a;61JwxNdi2&zm9;Q}S z3V!K7hPr3Hdd<5uFKJgVM8=yU6r_ctz;D-gEZk$iBrW6r;w+3&Z|}pyBA+mdWRu3H zx5K|cAw;~XyaaW(jkSG4<9#|;TQXjIdg~tX`?_>)MR`oX#BibEnhL>ruYNC(wC!l< zR0=}d26=7)=4NsQ0}GseEW<4ecr$r%iqDniA;zVip>F&IY580-_M??b>jnc={`8;okx5 zZ&LK{>d5({qGVcGt6JpA&MWAZ5dLFvm)Urnw6MA=s9iSFoPJe|s$!0vOTV(Wf_YALA;C zy$s77*T$s=wmknD<0FVENEojK*kg1;~#HUrnIGkgq9oEz#qJUZR0J)nIWQ8e9@fX zYnG?vynyoFuhUT^C3sd;uuG^HS+YQQ!{-nMV%jq{g+S$B?5Le|0{;T6fV`I^Gh<>fcmxbBT)hn;-ZJ#fA}d>{b&n&I1QzPCLq3* z5>dtp8w@V`2eAbU;4Qis{BI8{5)B}z<=U!44gfpfSLq6<4VWrG0#(7+?LL9C zeg(eb8$8R@CDnZ?^m%gDfi8LAwwD`_e_T?^nhHixemc*O^R&*Pru9<4?qfvA)1sKY z-8*+E(;30ug1q7J$sRDyg`B{uc5BRCWRPnF(7?Yl987|dIYuOGCC`1`Ur~%PBA8J< zuR0;THj(>0(bnFKQA8Ec+}Lerp8H2|mhtj~LajNqYlrIhaQBijmYMnXW^a=_^e{Lyk* zrN7m)D8lQAuuq~N^g;0zIR5?l*fnV8V^WalAsX<8Jfvw{SWoH@5sWC_D#8Xco(^yOCS1|cg1L9g zfGNkaR{~V``^X_VGS@x+rXUj83Ms z!8%R9xXw{oaK5BjDrnRz=FS0H5ZC##HUQZb3;a6fB)9EM@!M}x!-GPlOQhUVe$1fnw4l-qQghlW}{c*k0o0hDk8jdhH z-$F%vvH~{zRS%W&l2ijfly+nZHlFn>M}FK2ATMTzImW(tP=h3;^QcaMDay zX66Po{mN+c3HKF?L*6BmblU}ZOmM`!KMmZpUZz>P~F~k+eg)f4#ftxf|zO9{TcCnCY|maw!c}41#h(JUCnn z?ipOE!OcSBGA@~TcK>coB#9j&UuHwsh4d~#m*Y?h+p-s~7YjG7er62`AA`Y?$T0q)BodmUFz`A6k0)=| z=+ipHY`K6&z5lErbUhPC6Xi1x^%(y|Kf# zWzmdZ1NaV8pQ{4^W)Qk2x(yoFk>NUfMda(wXKV4YevT8$@~<|x)qC{Y!dGcxF};<- zY%A68y=-5kUb4nUj$af)_kA!0Oi78Kc^#L4xYO1NevqL#@Tdbj2+})6OI)S!m({R( znpwqCE#sj5}&uZR&CRKQ_;I@e`~?x*)=miL6fzQ;VSc5TgE=_@koDv+B%47ul#(pXA} zk4<-G(KgNDY=xfB?cJf}7Q$UxTf2n<)J@a~&AYPtr>qRjKL(g`%zn#-DDSS~RL1b5 zPW~4>JjEP7`+c4KH_~rg0X3a15^m=kV|*Wkc9dl#a=Ju+3bjP|53t1;hm z7X5Uwqjrql$c&R(@TGr+1LFmBWBE9kQX})k(%jc zio@06Tq5X}jPaRwkEBdB)0v%PYc_^{ZWkXLVUdBZfA1(Fxg89{>g=o)LxcKJ4gu~C zx@|)U2yy6uKU6PcdZy3Q5uUh%IsT@g<>J^2ktZZev7t7w-m@aHBESB^pC(NcJeKJ= z{8FaM$6&cZ;1!G@UM)?TA3;VR=Pn`#b%YNe-bhW-cJQ{>-EWE4;~`1`u2*oXNE~jg zyBM*+fwvbk+?xsk#9}6T8us%;Hk1q4(*jzk&$A027H;Rd^)s#B2A!LFbW>N)%rYBD zdA8T|G}O49E683zcvR*K%7DY&bA3!iVv-d@y`qIrU$iOC*}#u7tFr{WC!qoZz>Cur zSoqn`yz3a%h=)u!aF`c4Z7`SU`kM8oeICjJhHqT)lc~C^YcO$d3{8_y68R(nEGH=+&UN52wL1zhY7E)_4-?jEX%K~)*zA%d>4NefbP$b{x{gOtP(R=H3 zEf?2ScNu82rr{2O8~!Z$UxTr>%b*UA=g%~shhhCX+PmmI%3ePrKYYc9*FAY-!I=XQ z!y1&HPn=_0+oW9VyabrKyi^#Ww;J1x8Zf?BC&L4n7<6G?vbW_)qNGE*a>{1Q`afn> z@i=2ihEml(zjH*C+y`JFHp#gKNwvOQS0WV2c8}nj-8$$olhZEGd`z$k>T|rY0lFSd}ULh1EgDpH2O#gqbfsU1mcQ;Sbctm zNv#?%6_*yC4uVHT@sq;}pKrVFC7;(svt@u?AVH~6r7^6b?iNlhLGKLmtX#S{qFA>o zi%+AzR7&Zu45f$B ztP`;9aJP~S%AhP-=8d{3r=;4M=Skj@3*hFEda)s|TA-KsHN==mS}04iR{7e}XJG%! za|v;EexF>|ddPT8K7a<#ZbNt1n=>3LH^D5SaA%b%N3$_$)LkcJbkQ*SD1YbpRl7?nk z&Sfg~4&;djtDzKLgMFDYuGG#F2Nf%%dMYxU{&QBzwBk}IAFCHqLEIK8L~g=q$huT* zPgPhxG-H7PBZc^(g<+5K;1@kC6Ea{zSOU`Oiqe0y27WT6f+Kfg577|v%u+TsE1rjE z-#twiTGa^$N@LsJKF1pQYb(HB9?M$#OflsNLTFuNP@QdvHJfg7F+3hE+yBN&J}Gpt04$E z{Im@@(bY>QpIrPdtNOs0*m*w&YSR=KfND`;~jintM}!*5$oP|^Uxh+v8aMK`K!svpK^kR zg-fe-p}qKuAd10>=4xpv^>tcB=5msw4SzFeDVxuI<~)X}F$&Q(!$Q72o%cAf z&cBL;K6@TaW`_uIYo@!ip9H=hn0-`%2aF<=VwHS#gs;W`yoKH3nqfdXT4RQbYVTLx zENZf4{a7RAgLfVCIvY}^%!Zf!04Pc5StdrBGF;<8!8(@N8$c~1GAz)gC@`72BrK_SV&R7 zIshdCVJnAAo;hZ>*JG^bhhd0g7@!7F+G|;&Rp{=iN8f0}Uxg_mqN@!CMNNzk**XTM zz+h^4brpm1v7!uF=j{(RQk5om;kQMy?_IW6f8iWsNY{LtcKR-{G7QJ1t+AI17ry_k z$*~v5^O^|TuP`cJi{=bvD|(J)?&^xLp>CmiOLo$@;u6*Njj!cgg~L!f8e7TPEoxl;9=k9&>2Pp-Rq!%)KPy2rnE z$$X1Vv*Rl|MU6LX)E6Lj?z>ukt#IMhUyNdw1{vxf=-bBCnt^a1P%9f7gm`v*m(#1y z@ZOnQ0m#!}&IE&j3_|$DFg|{-Bxl)Y!%kjsmrouCL`yoBXXUg2CloUoPN+f5NzU9) zat*?|N3Awbx8;YD%}Tc8hV4(@ zgMv5c1ryg!4|Nr55TC`jVm1*>LU74)Ms%2$RVpA%47Qw+q57j!%dhpf=&zB*;dt!W zr?=sq$w`b~{s?PN<4B0TN=O>V;XNxNIJ4;?^0b`~oX3FMkNZnsm;)H@@Xvs*rv(F< z*PFKe%q-&M{6XZu0bm|*{lswSNrfJlvp2h>@BMCA4`DZdtRkvAX2iuVX|rT34_y03!B7@+z zNPn2Zf1tl)&yYZJKji{__awhasx`-9v=&yT0kITXKU6>VV4>4Z>#?IVvmQLRT-W)! zbawBU0fD9`4*KD4CZrd4_!F(bFh)X%8`hJ;nh>IHY!L1uBmNBqZZsh0xAqFGg;hl@ zn+yZ()$=uc38^q_CgIX5=N_n-eSU6IU!VSnw8{eX_U0@laG>B(U=KgHdnN`jkt@JF zOvozr6zkUCD_qSnpSh$-d*%VWT656KY#M%Pr?qxhInpYJ?z}@L_OF98#mA>K7R~N$5 zvs9hIrRPAxowip%A*&<*(uZ3*WjsN_x6NnMmz+df^d$@S`MbdLrWMTx!fqBr9X`6T zO*j$6Nwq0#qV=|Mll`5X7*3!Lcw=+~Oe7u+G<`!qI~Bi!hpfncZM^_W>w>Tg89Egn zE;QE!<3ca_V6bRHgL59nw(rBl^mk8J|ENB(_~Cz{QEaZ`CCD#-9VLTSY^SzB&r#JK zaA7T)|JHvdC1YS0UZz(+xy1Cq0WEGEGZhG_HU?&v{*;6)XqMH1qNy1XMI~AiLR;;P!0ca7Sw818>@Ao^b*i=8Q52&;Yvecl;pFMD2il4Hzyslhm`-Rg@?WSkd@WS0 z+#{MDi}Y#dzSRcs{avMDZOTe58Gbm0M}Ro35;7cl$dur|jXzuID>iw>#eX;F zzTfFtRDed-Gi*DmJlpTMr^3MHA}dq1ef`%=f!mg%@0iJMiPh#-&?_<5Xn1pc_p6VR zVGtD6x!J&kj?_5N{xb{mDIXXn{ukk*Q|R4`!}jh~-pBrI)G!=oqHT(Z>Ba$kS4lRE zDm=^bB_6!dD)w@>dR|sRjTvk6E6+K`f@;a#8bT`uklHPnl+kRYP`n0ETI*X?$QFuR zV!9cil$+_s>PsPFPY+u(zxeawn@S3LKBNk-#_=Eb_2=Duw#_x@IYLKiggqdgb%*9_ zIV8Co?d3nrj*=9C%{nnOQ5^L3apRdBlAduYFryo4p1CH7MEJ_$!MQs*082h+3zBr1 zzVCjNhe>x|$x9yXGemj{m)p$+4iy;1Lw9o2A|_OlEw%g3Uu_HyV5!L5ESKem=9t(y%+5qZLf<192O5sX z&a*zED%@?zJc=^g7=_Kxl^(C`m$HOAL0I-<`knr!tgW2fAO;IR@l=7u$()=^pyknC z%L*@#nm!|sBluDHEkD{|&=}WsoFoRq9VpCi|HcfMqD?ErefNu@^Vz6$n_P$;2Ek*R zHPZ%=%E=|w^pvyu ztsCYu$D>Wa-MZ{olO3=e+U0ex2{FfKLJ4Wgi`ggG;HJ&i$_B zQSi#dREFqgy=C`bQkgboN0=dLSgHXx>H*~|bJt+S_F9&#i8C+PkTMM`g>8{xU3Vv; zV6WTET_0m+q|_4kFQx1i=Jg2@g=I4FX{Hl0>-LWEy()PhxX1p>|Lj!-q!`5_heB7n zD|qszW0dZb6FSv;c-D~AM+;pN^2{4GK+D#!N!mgG3sh|2WRMekswGN?yc1z;#tK5n zW1v@HiE`dC2;`g>&dCc37hzZ_n;7%5*FtpI)HwKz6wDB9^m_4lqZ?5Q(9SFCwNQXX5l%es75#Nm>Rkq}QBx5F?^l2f!~ zvmK|tGh)LyI2qAZ!)76h!X6xprPphq;cVa`M*{x-5P zCgf~(W+DUEdYyus@2kU~dh;BL)XD*ek*CKXzP#5qIC@ySKqLP|Q@i&F)5D45j!V{a6V+@nwW3EMLiZIP za@|++GXj7j5#i%dEmkO}c5@ei!lGcqk*{(>3kEMT;(IU~t<0ScBIRE4ZSP%zb=g)h|CI@|W=81*bDf4lpgf-u zt(0A|2*khB6ov-<+18>N*Ma1w=J`A>^5y?ZT0uAQTlM7q_~^694kmTnT;qsU=PQ0d z!9GqxwE&*7PmYSisX%62U-%792Ix+P;xYZrQI{$?Y5iSfGV)CbZ*Ivbo$s+8tr4$S zN`%HtZ+`>h8F)}%?*{R6F)_l-ppBLnK)eiSd~9>AkKji-8v8Uhfvj#{Z*;k zI75Z&t_}v`=DrjE-_dBxS}FjZp0&TfC032Dy!aw)-HR>zg3{2+6TV~V1f;5?v3N69-*1jP zOCc$6@<03#j4ST3tLH$|xW?3Cu-jsvOCRrA47y-|d3*F}VpRg@5WCtj+`;J0%7-y|SbCewUb77IEO8tHFov)}_!PdeyuYR!IQ){xv)rqbk*g3NsxnF&o)LQ?>mM3inxm5GS$3=G4hPtS zX)f{SS|RQyd?`8Ro#Lrn7L$QsuhQWu1SWE?^sz%#9hW2+#O!lb+SpitttKE0>HW&; z)znh*A@MVRD74rO$oElJ%%tP(>9{K;vCZ!*)Isjc#K?${{+G`Z*)Jnp@;N+5E;_RD zC$;3r1{OhX!n4cNR_qV$8?W-cQG-`C*tnhTQGgCS`g~-izW(|YYv4b9Er8?Qm!N{z z9VzI9UHkhFrm|*tN*NA76~&59+W!tRAWBlu<{}37eBB)K{EXOA4mJ9?1jZu58t#s2 zCZC7=B%#G&?D#&x`AgDvOJy)M(@;yV{6XHMHc{ku3mzz$bxzaExwS>|UcWxSe>p_x zjcUJ-*nB%Y^sh$nAz8w9NAuKHPXYoPc4x=ZUtX^&xm1zU0PD944mq-kWhu03@9Bre z8a`KaLQK{5^+aN#jN|1zNhk!$e>F7yKoSfzQ;I=$Ph7^M z83k4GQ39KC(@QC$j5IuoxzbiJDovlk z1hUa0ZAqb;5?WqdmnQ#&A=VOJuH7)?3H=4B`k+OmhIF3pA(RWj**~P1v4p{;c_xRQ zTp9xP_kyoVYi(qZfI+3)KE6)f2O@q7csV)wTVKbkCX7rlM1}G6E>d#thy~{IRo0(0dlmr@=n8(p$=&ov&7VRFzntq*ZRucNs)wHaRKWUyj+ zjc(K<1l_(8nt=s`nEt37UQ_z77l4%--bV}3+f^c9tOetm~4eE|?u$`3kFO9~`Vkgis>=xHBYoakfz7l|%R8#)KTFH=&PwyDJJR z1CX(VFV$3*Mp`<26F%&4@6GwJC=Nj|IM(tU4FtE?Yq7R&o+`})%`b?I#sn<9?&(>9Img4`LU*aSw!4L>9=B-2byEgwNp z`C>^Gc#=Pz>RuqV&`*r_P3$Fz{7ObN(7v3-p-xOLkM>yRM+mVv4gUwUz9nTnyFl&b z@$arsk}pl85VpGiV^6H#scV)zjUcB0Q77O#lP=lkWo__P@n&cPY%jbB!2gjvvTIm9 z1zFhgs%X*=S_LvU$^SKuSjJ|bNJhIu!T1(S3=e4&{AZ1k+lx~JI&|o@dnAMcTiUIo zq%X_WN?cY0Bg?bcxJA(}C~C&_iG%x8pFHp5$w5xXnhsJKD8O1zQx{r^bXnQV{j_tO zre-lY{Ow7=km!d}Fp1&)2`{>(J1-9EB zUWj}QF&;EU$;WMuS%$S8xxU5~uls@&Uw}(0*F})brRl%%!wYWgrbrYbc0-t4MTlek z0QFe?8?gxA^$4I(R4?aK`ves0f~+|LPWdF-U|+}VrJnnVODA8WvsB&*$d4glFo9=3 z+>Wp_EUCFFdX#k@?p9^WsjgMm?`aM98RY6YU;(&I*tQ_Bf8oo|=uV2@Q0zjRHLEEu z*S(xX0mo4nOmlTC#^(8c_o$pr9N#LrvaML{C&kEPDr!{ROy(cITpDJ8Y7H%4!O&n+ z=Q(n4m6HfX?ef55)FP7JsWlkNZ;{CfZ2XxiV{CA|6)VWn>^<>1TeMtrE42PkvX~re zZxIW-B)T&k@rMWT``J8RSr6Oz;~!THrR)e)j!pzMY;D7*YJ0g`r|wOZZ`8-9p`uhTT(#&Ct9zkUr zI?vB)O2elPZ&5#A*eI(E%lh^il9x=MCS|0PmY!-d1+oEX7CUy?moZb7uw8pU!C{O2 zo4ce$J7QRupcFF0=#Kex!T3OIb?r22L~ko;rUGxsz+3fyFWDu2ur%eTItAJudjB>b z1aI5=jxcTc1U{J=4QPfPLoA(+!pKF0#vrNC=<*BFLI?c1ndO{xBK`|e0NG&ELrML9 z;$Ci`VXHbt2npdTxTTrR>>2XGV{TUlqJqc-IPpF5ngu7gA!z=kx z7%Z)Zt|k3=vkYftSae!2GjNH-QGRXBt|j|Hl!;m{*o|l&$kfqHSN^$`tU7QiiCLkP z?nw>*eBNL;&%T|bqq5F&8PqiSHn z34#Fsf_KK+hf16^RkJ)tXL1hKap6k{JoYL%)}ku@tETVt6m@;)x^+b*2GyJS>w*+# zfkzqinE#2ux`ZUQl^&-IkhI9p-b_M0-JcK~{q^9p(*A>gwrGx3*hzlSgql5#U|^;J zS`;xM_97n@5btETu8jhHg}djDoo5=A(nH{p{m9#Dj4#Drswi47Fm|LXKO z9a?o$8MTew?r=LN+l7j)ab6J%zN`#8em)>dEB-^j`Bzq?!Q0yU=T8j)JYmkMNEw2J zFWY`CX4I$f|9=>DfxVJSb2?#6Fq#Pa=5MgXnGMf^hCTJB80K0RigD=<;z^-o+Gs}i ztEz$#S{t$%aa6Y+#;|A}Lq1y1;CzMaw=Iie7H{>?4V`!25?Nxp zf=flO=0gRkq1ZaPRK`kxxe$32^1EDqUgdFu=(Yc51+{z%ZFIM%uE=*v27lU0T1Mpp39?~P__drKgD5d5eIDjLckDK8*)>o=THkTs*@lP<5lV(rda$I zcfG03gqat;koLOSK?{datec z(0M|$@;=H>bLM$wSOGT6$9^rv{2C9MZs`$N@m)hRbfS9BE>^lZHUr6_*Y-}WQ z4}Q}YSDk5Y7A(?}-BF-9W+ODW`~x9AqkunG^Q}SrIc)6`GFsywodPIPMp}2>>^7Ij zq_41u1;46-Rl}3^YNhu(J9t{N0@ zkD}Kh{F&Dop%E`w!YcngCT(R^aMyQ?-*uOd&(XzT|M(8R{3-F4r1CgiY-TOONDn`i3nPh}EP;IpxPS8I(@jV>itK zCfa&{8|f0|sBdUn43jFPe}eyF!6F@*<-to?qb}vxd2LP#A2D5U)~=C!c${x!eTy~( ztwXcI{**O)?Q@$Y$}or1qo^aqK=}h=x}yrA`x8S0H!K zaz%^_@h@CUnR|O;@{)AU6;Bko4WbioY;I;|Z~ABW_FEimtxjt9hmNe|DyN}E2euAW z`{5i;75Y+bJPYzE=VB3Ij@Q7*7Qf*WFcy9=?~xXVL`|50oAYh(L6a0?dqQmdcSa

D`@gR2+J$;*y>0o8(cu#k_vn?Yhwnjj&11BDp+ap0=QcPwdkm;ktVI^3`%tl1K^k zVba69Epnca;G?`QT$>|Wb!|1=6w^|~;qsWnAG3@Jm-Dql_lKDGJ;(#^u%JpFfwbwT z4-&#F9&TKI;J*yRnw)F+N5ZB^j>aUKzSTP3)w|7{$p9f^I2m9}9LkstPHG%@U|$F%a09CDK5YC3#^7E5 zc?DaDSq#RXmYgHpjC+BZi1-abc)aVm=yEiT=)L(Z?(;?JCeZFONx}>s;a2G!Ty5c} z`+M*Ct~V7R4?1Ri{HAZzVJK$N4%9|6+)&nDDc|{aEVVC}_YqR5SBJBEDGwlL&&Tb- z%%@iy#XO4mUhp4A%O~pASCGITbVuny;7>i8zXq9sK(%*gtY|`P+@Fq3a8c$TgaWf* zuM@lsCpF+A8!D_eJbv6KnRl7K0$8ShFdfJ4IuS*dgLA|W3f7P65-D16qkOK2!X`xj zzA0;zsQf-O&Jl%Vf@HKCFiuu1_sCI!KRRCy8?U!oqF`l1SayZBv*^%6V4{&u<=cLL zN%0*w56^5fa<>~Ev{wP$kvmg|j6r0;F{v-Nb3~~Yq4FhSYMgI}{@tAoDDP|VJ>0n) zDr5R>FMp5*uPez@3To6ad^_G^hT)4#U5dk75>JZ2x&7JG_F-fRRmmX7fdtRRILTgs zrnKlv4n>H=i?j+p6-&dc$R1@_ex;LTk?P9Q_ri04;epU{Wv(@pct&)VJN0A5#F1G7 zGFV}hZ4c;3GCLW{^_uzXng-#O&k%o!Dwclqd*(arRm--aKwA!7J4tZY!W|MIxI4k!sgIuS=`}N7zkj&vu2tM4 zThBgwKl}b%yUocCkANxXP?8HHq={>kbn;?(J#_f9fhJ(Wt6|HmpV)jth^uL0_cv~k zQRv!1z(vr7&)ZMFwisy-M;RzayC*5jY;<`PUnY3mV@^8Q4V^iAejl!TjdM|u=$Yh{ zEzERXXZ5%=bk^w4Fe{^QLJ$p+qLNgW^=T(gz6Ca;y}`*vO(#1W>$C75XU2j3Ve0Sb ztf5V`0r8T63uugtn?9hxm6W$UpiC=4-41?@R)lYsZ(JLxx5|LmzEEvcxss z90ij5nMsTBXqSwhJWwMYjth?%bRO$8-=%M#A2!P~=(qiB!`DeaFqO0l`PS(sJZ@4{ zi$Y7ePU?vlAv5mz!!t5Be1{mEa_2`rpbQ57)(1+jPM*_jUw;iZHBw2ZWRjJa@76<6 z2s(@+u(6;{RZ)>bDoDax ztxea)HpU*mv@UKRuAQx9oFc09rwQ6UF0UY)r;oB7EjE{K=0~AOs$rz6c;y`jv{)eH zffQA)JdbmC1Dh#co1EPa9-&krVi09`xnPl-GHFG7cS(qBG7$h5@^?eH@#w|0)Y1d8 z2F2&PX^HY);pZI&tSfZ;uKSO9)#htA+2nlbm~vf*4a;hOC8!!jpRn@C5JZtMx-4#u zS_hfpPNQPQ<7Y~-{-t3Frn8M@0IYpV?tM23bD3n7xgrVhLvF=-V>7#MZlaU&x-c6k>7 z4CijOhzL?b^m3@~mOxN=?PyDu+Q{kQY0QQH1SYz4YI5|l#{ak(XXYma?#{Lx0+%7Z;8oDG9? zRTs~x_Gr(;uE`?4ENSNFNdyUmdnrz9kqJ*smaR~DRK*dCTl&o5}j*( zq*9Ocig$ZQMVM|4@{B8n(_h{O#hl4XjK zAi*12{Z9H?DQs{O-Z)_PQ8`uWVy|cIL?zz+YdY3-CFC+=wy8(CA4(S^8hle_NY(rD1YTCD)Ni#6M?R8M+1uc>sGBKGeI(8pSgE%*QfXG#MHbXU`M&zHW z&|~yt(E(|IND->r_jB=>YYtMpZ;(IB+biQO?69qEj+7vg+whPVj~d@%=1K>)`V3d@gOHM$-3oixkLya9?yNB~?So@Ge7G*nb#aPjeL!wBhK z14j9Jb^QN|k8Df%wTkE&bv`Nwsy-Bw@`6*F)lI@t1UcMIUv@ba1x~?yeN1Zo9Zb*3 z)5b6B=FNLxLC3@h>Oilkf~*~$bLELcy!%^0vN%Jw7?%EK4{91ZkJDX5 zxF#x(SEz0R(^~sznGxF98JIEGvu}288TT*_=xUYoJ7Er7{H!}dAz`fjEacokA+14y z5zGYKw~tikw>I3)bX@SIlf%#KJOa=+;copO)_GAhc>ukE7@pB$@XeS3z*=vtaSsx~ z8%;;!$&DTarh{~Zt+Yn#sC&*}>Te0=_>V3)Bla+`<7c_2-Q^p)sHN3TWRw_{I*YoE zcB}&l(GYYA*aA!x&jaqPQBr4uP9zeX898HwH0t~CwVVt-TA5tZst2uBY7^CQk+)-L zaHBqbZJuP5=dakJX9Lf6SbT1s`Xv?#6~;42@B?LErEQMh*|{G#3F=NQF{-THS?!A< zDqA8|Ju-y55bl?1j(gDu8MWIEsPRoxr@2vN`DWjeocK2Wk}6?KvkQz%*6=#hEx9XM zu~vk3vvoh}iJ2BzPT31m*JT_p#lz&nRj*Z;@r@Ao%tC*hAUY4iAl@~Yfr#G>C($K= zNH?#SJW@ByG~|fSd%rA=pUWSzAE;i{Jkj8M_%*|8%t4ZNg?*3FRS6q2P3FV@a+OM+NfwS%tag`aSqmfMl&;_C;}*_D>tuN&S14(W?@0F&~YD| z-}gE*k(DVSi7}a~Mkc%Mx<5nheo!)Gs4CPq$>i5C7yiI<2H z@;$;m)o=_BxzOXodl6qGI92rU&0(IOH>1yip@r4$r08(G>E5XDTKXU9WH7PT$_(47 z4e!QeiZFett2<<2LYvto$zL+_DUIs2{ycs7r-?(f>yY38N|z-Ic=`W_N%e5_4;0qZVNrZ`|O8@ZEm^R$8FK(a6{c} zKGVt+PVM*@#hYwGdg@<|7(b+zjaz48ZkW?mIN^g%s?qQE9*~O&%w{DtQm+fOOd_${ zmpOruhgr#XT=Yqju0bu}amdV@AR>*(vPl(^L!AUvDIvEmE8TWPbKpLvnj?&j8wn*_ z72n*j$9Vh=nO(xvoOb6+-egZ$LR#a~PC!V&>y?u5cXV~sObNZ98J;VMG>7uUWL}<#il5?4=$01-ZK-H zeU4D44C|6WN8^daiuQGEX?j?8qxzt_vl{(-N#MMh%H;}q1(w@`$3Z6n=@-v zpYDso3V-^-v05z|vKk#@LfV|nhB3UO51o<}Q^NSYEi&=>4{NH^=U`095D}P*?+*=X z^as2r(cxb#19+xt1rJQoNH{8}sA7V?@y3s~5;6e%FPj5T*?B{FXN82_HY3UdhKnFipV<(_Pvt~W@ zvk+XPvO0G+B4Z*#vmA1RhxO&ojt*&b(u&x?&=@iLWnfezX8#JTxOe$CKL`KMHkt~m zs_Y*Q7*eIfCVsm(`%s8$nx@Djnj-{OhixUKQ_(QmCuX&-#B;M@4Gzn4(wf6I8S3gr zSOO7>HU?G89P9>8c!om(q6k)+%=)x8nw7~Cw*+g^U_=SPj$8;4SQw5N4DA`%LLv8+ zO=f1{^&K0PO<8nk*S7Z)TkD%$={aF?A1y*qHlw+~ z=XX;Xel^Qa+i$YVFG#B@Ex-hyb5R7Z^rktP7bkyBkmY*#ytm7`(%x{-cFTLFSWuyS zC((w(F~Ua_q{Q|h>kVenp}W7b0F~p{+SR2M0nFZP5S%uqq6&YHw?c-v#S>J#U_{pa zDq3J%G*{hJ-UB#tqas#Ae0kZK*^l89%t;X6C;=i^+`;qsAaJFmUG&0LQmcn+MlQGYc;9FD_NVmat|%CLb1|yM_k2(iBh@KO8KmTL zhq*>l$QHHPLgco=bw@wwMj$Bil{OxJ2YHvl{h@i!{)kBILzn@-R37n;0(Q1ihu|q# zVk2{#^A7V7eNNv)AiI!%65OVSvYTgB<4Hr(s_GHSooq+=)<+%-0L7#Zj;(lUc&*PBiUB+J?JE4lA z%btUfWJ%cH4NA?l%)ybnL|$9X%TXLaCfQ9Jr(F@K;38K*$Wk58l%>Y|QZeJ8KxQ|G zvuDxSxrpTpO)ASaZxWU2LFL4k$jRd(uj$aMTmE(7`_G=fKR}q`Qn@ zjMi#hDE{iRU=X5hlIVRFYv52c0_YJwSX*1YKV3T06qXwSI!H2batcQLem+6X zw@u=BxlLKbb@fT@eQeC?k_Q#s?JW7TRDbunwg z*z)r7!otGd$BI-G&c{5UAK@#lh`*BD2qf2>kpWt7XKc*<``!`YN9cv|gV7Vl50Xdo zGwEb|`jQ{Al>&7`x_09tFsV5s886NsJ}3f5C^zLeB0iFgZD4q6?^+T&3NP4WEZR>k zzQe3cYq0}m)*j(76Qt!d&0Rb9jd2`CPfPh)WXKgi4Voa{HC1Ir+GeEnU-D;Ww%+2t zsrnw*lqU2DVE3%+IIWm>k_rf)oIA5vdW#v-Y2zU0P~|)#67Oa;yu`WU=VxwWD3SQ2k~TH z1B?vXKbOj7ul}-xbH>dsD)Hzs=R;2ztFoU484C`!Iaer$&XFr?T4SnK_3eg(;A?XG zq}FL3+!KFT5k?Orx!yIrPg1q+* z>DKr}7PWVk4N@!RPzg!7ONe{^6sGY$b1wKyqMATG)r>|WVnpTzGqWEbP+vAlQE2o) zA7(0qyP+6GiL4u@VG31jzBM8Yv?PD(H(iSXiX+G9=3Pw(%VN47%X}}kk7S&35`p)J zum2j>*s2$e&rZmTplS|;uTHht($!|6QhaaHD{V`0IhBQjAGmHiii7MnLU$sDIKJUC zCDfsU1|ur?wMjFV`I)eEO!Tp@a=74Tl?G$UJ;pWQ3}gWX-R+V;YDsvan2j{F(t!7^ zG}{{9qNXneMet>yGJ$V)IPT#Ta*e(kp^ zy2!=Ed0KE!e1;(t^m-GDsWQYd-*&_@#Arx)CdaTjB9nmNB~bLd)p~yYwKIO<$zd?% zMO>EZu4v0VZc2TgCps8Zz&E-zXX&3Yb;Pt@84p;B{*-P!?JR;PlJ#hqoSf{}cmKRy z1J=Ot8$mC_EB!Ob=U9XZNgq8_s}*^^7K~uX4#vlQBr4u#I!_znh#55>?tNzsr4-tK;P@vImpi$jI zHO{D&CA=C;p`5H+szE|b!X9>bYl|t@R03u+c4P^=4brTfKS`PbCq8Q~O9Ji$BH=sh z^{S*Lep^fbA=Ht6pW<99nAXv7BR$Wkr?frNuHBdRd++#}B8b?gumY-|tc-%>Fbncn z=E_vgMG7&3;YuxPpKxVkX%!r>6;HcF&h(Q}X&2fs{Ou%dnxK~WS={ClYuzFjq)OlE z9>~IA5|q)>|NaHRv^DMVmXlWS~GE!!=nR6dq-EDc%-g z<}>qAFt4XzjwqRBVTQ3iNtwK!U%7KTKBF12amY!E!QcKQ9W@)Y>B!&hgjnv_SXZd^ z{D{%{7W^3HARdOFNL0Ed`h5M;a!wy(_?&o^)qh%%aPJ^4d)#fy^qBoi)P;Q4`RDjn z$FxkJT_w-!k1FyH^VX&HnTeFFKFhtvyyReZJCXgKCJWT75%R7Zory@hD}G7*?b1-t_$%?Z8`1I1t$ANvSBB*1Ptw#gtiX(!CE*Z8b)QQ%X32Au}Y zNfZT2Dbu^}^yI)?`WK-l8sb&>qI3&x^8Hw<$*qk)Wzm&gdq-T*(_9}5m$=iZ#m`tCQed9 z$`j6aE>s4|eIAYP4(UXrW4j%Z5r0AXrd7baM{K-#6hj{Vz5Y){Jv|*OA`E^w;)~FW zdp1dY+LK?X8s&X&|Bb`&7aYUC9(uuuena+$Us8k-%1uZ5&CKbt-A=iFHaCwV70AIL zlZsA;h>#h>ir(z2$e*k}fA={#FieQ?z3Y@eE5G6Z$h>$AU8RDTcp4nD>_)u^2u30t z08TW%-zd1OT#=&i=!tXeJ`^K_dq+I@pZ1a5u|MsJazOoqOsxd;8C0GY-M1Dp{d|rX z4Ur{7g-hGp5(s|adc}Dwv@H=X`llKtu$4V#mi%Hc(N~}l!_jTf*75Drxe)Y@S zal~GxYO?ErF8MisP?G^@+9o3;;#rU{IV_(}Bg#8+*p{GOLI^)3kX}e6>^=p12D)2b zy|a^(Q%Z0EKY)jpb8hpQI-h-|1O3pUdpIT%c7Q~gkgUgN%(hz$ac_u7>$ed^;At0E z0(OqKC9cO4(htSc;r*x9E&Nqzw2I?Z%L%{Lt?t^0(TmDA0G%J4AbTbOL+O^G#sMX@-t`7J+;K~>%m#*Z->Gi*Cajg zz*BstzGdcBTy@FVv+3Kb9Rt+KCdSm?FAcH?lV<|MUy-7Tj9GH!UOOF(|1(=)Lnlq zqsjWE9g7hr`Y?KqZAx|k^(J!%{`$J|FSiUwm&?-1Kh}XC;>SBqWufbHK3pL`54x}} z(0~>7R1HrD1kUN-P+|88yW6J(o0*+|@4O?vd*;0vxqcvvuc^;Ka}oJ5Yd3vYh9>qM zP_?Q$k}>|S{9fHmbY?S2jDx@@6)AJRQPRNodUwN$k5c9F$Z+^GamBk!EGgWunv0W) zKt++Xr;w0W1@|YRY=N#tY2cYMARs^Y@6^bD$$u`Qq94GWW`7wpu&&APS~GoDqsIB3?>DNni zT%~|1Cq$rakK52Y#v%P?IUal8PF!X~6bn#Ve*_rO4cgN~SqncwkFoS+0Q}=l0%o8s zRFxvP(!p(87<)G+v<2LT`exebbDsf!-37Pj!M4Sg$_w<`aqEeV+J{(&$&0()anSwg0@om@U)c@6GtF*%OF5c;f|hrU|!o|3eYEORojtfn?}vQp&1_LW4u=JG>Ou zc*VIT@U0}qAewGP3SACJ=lP8MStj>wA&>poxu z&t8e`Jk3u{$QqazFL^wDMwH=?{1Ia!0YFBe7qhh!mlY?et*u>kS5t(*dmF09ohuJgZSLGq% z)*D%nK}Fm742ztya=-;duK;BDD&(;?=lKO8H`{ybigzV;Alpj~^fV0~4mhV#Ycr}g zeVrulrQFe5Qfwk4N&&LQj+Nte1_)fEq|w8)A1O`F&rytVTNLgb%JKVdG?|Y037z`u zZZCE|-INL%#$)413wj^+%FS0>R9;@A4Wh8NzcDi_QbSw>wQf#Or9q>w(NkGbgLOH9nKFvSV>+dI1hqbP!{RO7Zx&4zF~LGLtK^eFD`?$kWb6R`k}v#YTE zIfBpMzklc83`$+(Dc=6(3;L5AILy^ z;z->WpqDJ_X#Dy47NiaA*94mDA!y>S(#1C?E5wUtg+}C|i z>v7(^ySz>9?c;9mUY zWt?VH7;(WEed1(Gq*ghyO^QB-nXl;}c?OV3```ot4rVKOqOVs(9DlGqyo2|QPe@>f zp53ZDxBadY@>pH2@tRkg0!gE;kvE*u-~a=P6jBJlfSw-7>1ST4z-)q4SP#Wp$Z6kc zSNZSGdhg1%4i}8nM-};BX)ZOu?dj=X;y7z|&CuvYv!4O*KbQzO(Tw;YI+ky5F-ajD zP^Neym|Fi205)Q2@x{O9`=1YpMl>MJ{vM7Xnc8z-tdgsaByrJR>y1?zLqC6x(+`CD zrx?*o<66lRgoNd#1r~<@Im1@xU?wK!WZs*@mrG^RcwL7U@pI=IYHpf$FR5>sRuoD? zjx2jfC(|+#V=XF~0%%%Q47CCZ(jO51grR1@ zmWMrbfH2CN$tg87No9Y?&{PSUNvBsI2j9LzqB}ZSvabv}F*ywC$W8Z1<98CT|2!}j> zUeXC|J+Eg4DI+_(*kZdB4ufC9qPV!YqdGe|Xc{n(CgUlb|8i;m^aybMZ^&To;ZNme z-={zB9w?n(?B2-9Sll$3JI#Vd`mfHtJFnp9PIqN7(Qo$VDoL#Go_u}dv?4JK+= zwNXnM)i@5_qJ4`K$uX`Fo07g=R``eaT3YmHXJ?y}qcb=!SEDm=KiwGq$=4+y_GXp1 zLF+Re96|6lJNfBbV{BDptEG#s4iF`Qo$NA*?Ct((z~T0gvL3@FB*bLsamfoAq?2`5 zVRbv39Ujx=kxa-{xW__TTgO4o?Uy+Cn!0po+cBEV^KI8q?SdYWVmv|}dc0OI? zi&~oT11#1@pcprVLW&$<`Yb1RI^9|4lXqwE;tfQ{kvD6nZL-A8?<$K5-@4bi%c?lU z+-1kbvF{Rq7uo-BZN&B!i;eP;0uk}{Y3>3;_TBfvMLHX5s`a`=e7ceDZZ3x5iI;S3 zk4K9zQIDsXf?Y5bt|J_594U2z%A1~vEYL%HZ7ohZ@M(w0{a!&{ezd*$k7!@Bkk^9S zKk##f1l(YWBm=o(2V`7Sq52D+mVb~~z*b_U=R;#Rj5XY-h8he+kCfl8 z@!vVz|G}6a`GL}ynCMtxO5n4SLJ1B)(o+|fRT*iV{}gN(>W|=4_a39iP#S(3xp9rz zA<@Tk?zl#;?NF#wqmb(fUg-^nEN~RwrwZymh1iSwsFFSs**OIpq*`bAKS#*FhaA;_ z3mGcKK+D*1iCIB}!!~-0x#_XDi{3GN5E|n5aYj;d?dTidP)H-Vl9i%t#iM6!Q6CiH zZ+yRd9MXBzzo!ZhD0shz{||eJ>wouxV+b>ijtEX=`5B%|haUZ8bg+sOl$+~0mOj+j#k{r;1-Zu^NO2~pfL`7v21S=e>ScAuTfv> z68E$Qdgp>u$cV));8w4mgujL=5##&&WevEZ*u9n>YeWBnHMi{+~+M0mEJOEQ8dmKVn0s-ybw=%174L<}{y?mF&7#Zhe* z2kwRz0tz_#Ifu`to=Z2k%kg%h!i_Q+B04(W%sK`ctTiOw_Av=X5p4rPakC!BwC=h~ zR?Dl)`*+L9?8|KlNoFJ2%0wA%`8-W0t(`KA-uX7877u1qQe<}X*Db>CctxCMhZY?9OvkoKc?9QlmErVWE7jv%H1Zkjh7v1b5l%u1K%}u4SEb*4# zea#r`p0J3mIDsCm*8_9KjaLf=ts)P;Lo+`#0Wd6=!#Qy{2ccXCY>Qy9MRd+D>tveokJ z-SW!j&0x)&gHJ^9ed8J;l`ngXf2LrZ2&%ps zdS-fD8w}jD;-@@or#js11_L0(_>987ur=-zES#}!AFVpjlCO7x zm|;E(tQ22qUt)UxX_9`Z@%WMIFK%WbLMC4;opNU4bpy`}wwr%mdUMN5KJ;1*rQd3* z7UH-2z`%{*0ZXswl}7hUEP&pn^-T@8{VSBo)fqy#j}h6Q5%+v@K1(`l69qY4^?DY5 z|1PN(52UZzt-%#cK~B2>0z@*LZn2Ju5r?N74skFvWAu!OYCh!-VmYz0^~g~rNC`LI zEqT(GQ(40_@hx9YDdB6!j9J9Q-7N1;$@N?+S`00_d)wu2x(>%EnjEB;XAim_J1?!$ zSughKbi`*Vt)aTOMrkTjjGyDV`K&KWc}Ma{jveU?#oOxKAgb z%=_dzRh?~VRiNKG&7+jK>iZ<|yZ+9W?1fxM>^@n7kFZ9`9GkxJB&Qjzp(-=7BkSrL z1Fb$mIKeJv`OdbUaRY;w*GptnQ!1{YynXHHF_V~M8=PO9%LhzTlTs70?Gpv9XvYUH zRQ!Xt7s4wRAO854xLx(47fJtM_HHNZ(5JkHw&kQnS^O7fKb0s=S5Ra=9;DXci2UoX zB)7{?bv6aOXTdjeQ-l_D+gmxu_b*GG;BM#NVxiKR|5-6Fl(1ZD#d76A`B|zsN+`!( zmxU*XIpT(xrsNiL!3 zic(QO1=zDfMwhu<3;<$#{I*qq*zPUQpIOa<8FkzL(xHkdFO4JWdpHOVxyx|c+2gk^ zlo?BC)!@u=fRcG2q&#sw-JJs>Qy#RahIfA)rTiH%!`=}<7~)5#7B2!#`XxAc##x8v zzgCw9A@7$G_-03^yD9wRnJWM@x7gU$HWSW!(XBE;zi8CJD zD9b4M-w4WIffOw`qqk%SXG5nyaw9K)`W^f(xT6F>qD8s+1|MTkG5A|NKCWt6$NZJ> z`9CH^0-(6*h?)vMkNn6mh65w!aVhQotO2|BHfv(R?jI~-J{4w<-R9Sfk8SsnWce!a z?f>9j{ee3>Y6JJ;e^rKl6#NTu@NaAV*R1&vO95gQ0sr7XyzIT>Yl>W;-&dp9`iOtq z&_BU!|9(RTxT62{rT=|=gn6->O~|jbTmL)c{PzrA2HyRj&;5HEF9Wk-zyZQG_t3ZZ zomEKb~btjB~ot6D zfFJ6ERK^W#(>xAQ+_As$J_?$gqbxO-(3?C;pNY{pYSCLLR?MYGJ9dP3wGq_Bi8Z+! zF!hrl9O*#dz1aWtZ9O~0wp}1#B&IbDe0n;`#YT;`Ou2tZ9{+nhHnV$mD4UXhiuaAh zLue89EIhP!W|iLNi?4G&KfT5>NG?(Q3_cJWgTWunMxDJz5iQ9vO&$;ese;>}Aanfa zRv*=L{qdhRVy#?iO&A9tW%8I&-2*N+c|YEOF}SD{c&=w6d+lGHV*hBoYbZn($5&|@ z=+D}H{d~&icFW08RLUfmO>&rW+azwarY!0Pjba917fN9M__@j&Lyac)iH+L3T!4nq z9Jcxg8iBFSV(eGv+xn@$$^UP9{Xx@@D8Q2!SrKYn4nn|S|Wmx1DvK||NQgAxvrsMNi(6Q{W!BqcDr31Yvy50Yio)=^hpc8mH^ zEMrbTgvvxc%JlMb(O$=tnW_V8pMWraYHezL zikvUT;+o1oX5c9PL(YeKDp+C zY=Gb4HM*S5L0l7M7~vHMpoMw zsp!%r)UY`tvmT7g0^319Ja#!5N~CdvX}dAR2;FYLIx(a^Y{zS>GT}wH-4{^7>%hV=jO@kRczYE!w@ALCqknk zxf+w?Z9>C3#%NFqoox_b16%}H>yf=m5RGg}km%WnIt#00QUG~th-HHcq(SXp@qWV1 zk)=p=;eC_&2W9#~I3x5oVj`mv4<-M`0`Tk~xXY*E{6m1a&Oms zPng`EB=Lz8Fo40`t~t|J5>Mnb7v zrX}%9+{k&;)XcLbl4&@_w>fQ6-4}2fIs0Bz%dnywfPvU(ib z5FLx_8M4i_c@ymZDC2pC0+>1+>oHz!$@G|4pS2cu}i}02N zb0UnQ146HQ-{s1M()5*$;`8;FPevkCXFl1vPSz( zZGe7|cC=wUrQ@ykm>(`gITz%FXiCOgKBADS3;TZPW6OrZ@}u9O)m|uP=LL##t{7keA;$Se^e5v)j*Husx1OR<0(A{j5Q0w? zpC4wxo7eSW*nk|kaN2xGY%gjsCJn_qYh(^A0k#<_A|t$iq|FQ0R!}->!vjKIBe*<| zHXGa(EFZmjlH3Rt@P*z9-M`y3B_cVMMW2RFa0MF2gv|~-grOr|K?$_u@LBh7p9?tK z)v(E_j##e1nMC3Nh5cPAVq(#aaApoJKP(^A3D!zq=W-$v&Sk{Wo-w*$If=Ey5LjMH z{*(DJ8mDxehXZUiTZMy5IjL8drdW=SdW@b!;h65ts7^0q8Bj-N^g1*5h!USgO0Qep zuC%e*p^Zj2U+WOGX{gB>h7lW67{y6WKn$nsO>q26-!G^0nPxKnDbBE1 zzc;QAGGB`9U=(4JB{bGBb+~~#jeGjWQ!#NPQqN9NZ@0^ zDy9Nb2p%4)9B*Dn4zARmK8uo2AvJ~jLY?a9Ih94;r&H)wuqKUed?+N=%mHj-PX2Rj zb3Phkh6T{Ve-y1aj02bVW`ivOt-Dma?2{?LSHufw<8AbuWVGC(Hfr|3E7iz4^jlVQ?HLJex=;rElI62fPUq|0EGEf{AQ zEW^kpwRqDFz;ukqR$t)7M0ab-CtN%8a=5#=xs|yE$PPCrePvaIA>h&7`Y1K#h zfLm#-;Z3O<(vR!cv5#96Sw@Qi2+`i5%K`2IZ%eEfC zn$H0?;M_sFBJH#Dt#x$Av!2P#v%#?S9jju%75K4!V+5=nPc34Y*#^o-Xn?1RhcWNu z)}xrJb~u>wasH?+mW~jz%^-jic_pXrm2b+OZ!1r;ga#>#|I^Qac!vVaAf}gckt^|V zyUf~FAUTyYD#%D!og11gXZPgwHTwG1QDMY8f%-$QlYT`T&A%f${*0jz8YBSIiC|dY zOiYa1;McY6cE@`JxBD9GJ6p@;2x@O?l!)eJ6I|9vKPZ{{tVKGA<-V=Drh$z@`-kXl ziAj46g~1ld#~@>QpapsFac7~onSyaZrX_Lg?$_#viGz>>cWfd~0Pg*BFp^rNEbt-Y z)mEjdLpG}>5yvFWk9jJ&CrTZ($SH}ctG&N`*|lLxNTUy8fB^>IorYPN^GLr?^L9E3 z!>GI?9MGpTAvRXx0Ec_IrZ)eb!JI0U#%Ey;zg2iq(y>uVXOwsJd$|zF|FEqU%5W@7 z0KZ^dd>rpC66kO0)IEO~BoApgFF;DtUR9+q7j+JkLPC4g)44tQy_Ad@IyDX)gIaq zN=aU&pWUNz6BNTHN+5V+3q7%(c7$#~;MMj?w3`BLMZNlKN?J`F^>~{4dUdr|lEtJg z$<9VoD*v(+6}Uj3lk?rYY6n>nXOnE7?E*#`#=cN@{=|o_Bjua+N9epD21NF&*O90d zXPRleqE}7Ep}DtVLv_`q0h|Ti8spe~e3&1=-)t&_(YrV*np-AtGk~l7 zB~0@DU~k1lj{x@4sP(pvV>CTA&{X~<1I2yApUyom`X;TP+XaH{Sy%jNlL&^&2rkkO ziw)>N0X)wXEu=NpK1;H(dTpqw6yd|ve>}VN zd~toMk=UAw16!u`{A1Zec4_zUu_G2Jvx)r`U=5gc zZKnQm>$sa`Tq!#b=fB&oVF_F*DGh z*Fl~DtWCUAlY}QNz07F4qvfX0zI2a?my3H6Wy{7K?EtTMbxczNF?Sg{wSq}tZ>0%1 z>JJ)8ukGQ)`YjGNRpOLvt!<`ENF}rW>bu8qy#e3%=`7th9(lN_Gq&tKu)y1wiJ~RQ zb2#={nK-U&sNwG1UHA4{-0tbP#WJ5wRhsQt^62jxRpfOD$k^zn%!s(VVYl4rWIIki zlaG2Fij=l%-U#pI%dC%CHpdkB^@ni%Ne@-|wOAoQoz;)q1ncu1bT*-|Y z_)^GT*)7%idZ^*euw8?-Wg-JQDry_cC~}xY=-A3u2{(N`s^XD=R!=d7MZG=1`_`TF z=4j`8cXQJ`zS+P|2g?DMx@Ua#TZd&qlE)T)@Y{;CB*_EOQ>o90jO7xt`B#R`u)jEp zv~s)G3y1jmf|C=?by5>OhW{cTi7)Vr*~d|^RW!m$tK}Q{^ERg2$${7O&w?bI)r;gy z0aKl|$Wg6}YzZsI$h$fpwz>!mu>+VXeNJMCtG8M#P9ZpgKbFYe@lH5w>ojy0+c2v5 zU3T5iyRW~}!zrvvey2a6hW^P+!w_R)%Ea;+<~!rDKxX0$zdoxI+L%dUvB~cec5dl5 zhetTi<9$vC=#{I|)$%G)aqTa8aOgv@el|tAjvv+i3}(uC zeZ$C-nb&`%5_H5!+iw)(dc}_2Lb(O$=hV+XCYuXvwifs4;gO!!x>#1Tu3bcZwS3wg z6679wP96#NMG!3hnGaq`WSVA=TpJ(D(!28%QF=x?0QUHKlhU4QbU`cobe!t+4LM;<1{vWS#&s_3LX>lbWb-2vZ{W6t z=ciA;a*^z(+9MxGXVcKSZXf$g=n68)9KQTg+332DX8GX!Y<6io^*P-m>h0Ui0d*(+ z{yT-+qZrdU&Tlh)^e65n3K+kewZ;ghURUN%tx5tN1P8PXiPf)k-_Ac^?zlAbBHd-y z9>2RFo1>PsS(0v9`(9wK_sh}wb})B(sSCSVmq0BKuC-53#bru;EvehbkaxVA%Yae% zOw(PBvvP6Qz1r_4yUXcjo)1dIu{b@!6vITzIbWGFvB6*U+1Z}ex@+c^i;O8RPfQ-x zQ_S|wBC5k%U|Y5`&4+4326rhM5(RXe^c?Pg>*<0x2qgmmyCR5~_>Go)vrr6eWVFcq zcFa;d;hJSVZX0W1>$3m@QEJ%4KyXI$?F|>djhjoKXj1omFw^W!LP}adY(@f)eSUn? zo$MjJ^KE|c?z4v`-WN;uma9AIZ^bfQTJ{9x4}w;K30>7XRy6l9+At~VYplA0XB!n1 z@l8Xjyvtc1Sv}U>RZiC*&j_{VcX|j-e8PeYmiTA|ZGhfdf2r;QF|p2`xAPy96TZ}{ zymkK=3(3?<(fsy(z~W>nq*3|2`4P~gBp#6O44|iaMtz&sXlvKE$;z9r*xgtME152$ zkeA;Y0(7KcMEl5uY(&z7_y}V4!5#nnbRA8vquXO?8If09k22x-l-mQtk;Y0J=U}u} zl`hFKTg2JC;**(VbMG;~tc1n1I@#3*FKn3?u#WncPef;3#=!p7WV;pOs{%_~Z3aMa8o`epRUP9R!36y*q7 zWbz)vZaUB+3ceHrAhAus?M^>MB43pfUIFNxIQ!~JF#uY-2}~uBHR$Ws>J@AJyHiC;r^v48;?&210 z*4_0zhDSs9hU?qIyKkOUPWr=x87yP^zW;t`H44Hz#eM5p^8SvoPXg-bt(*|i5j6GD zvaI71NQ6bW9TmkK?@i9HS0Ogv6)Qe2V|JgX*qmj^xEX&`fGetdi=maA=|{ZtC|}!t z%XWd!WC{mjb%xik8&2z61;f?R60L`G33JDhq2NRLPA+G{O{B^MlYGc zH@vKyDB#L&Z5o5#The03719r=dd~NJZ6}XkdQWe+ZZvaUYy>-Q$A|c!iO$K=ByA4b z)fF(EO~y3iW3p~Yex$X+7KuHV7HK7Z9175)-?Zn=|c#JH2b((}4dQICCSLMqVr_KA^njsZT@P1zRs ztN0oBe6{B{0A>F(=Ek@Qiaxf%7wQ7V45`_v=YR1{B;@BCimvyX`$*gTZ$~%a=9&-y z@0)AkMSU8`cJZflKz_)8F?HZ?M?AytGL&x-Km0$ozA`MXEorxLhXe^O5!@}fy99T4 zO>nnHLvVt-Yp~!>Hy$KF@Zj#&!L9o;bCNUj-8nybn*FTWwQ5(r;sx_RE(*Q6GbcTW5fC1)GmmTun3l8nn!U!K+RQyTIi<d@<9Syeh2IfYm%DR#ZmZdYVkI)1pUM(?7nIgG(tKNGAVPf6i~I)Teu>bNDVQCNRT zrawpA>)Y{gQOoP9TJBqOs`5@g-YozJ{WYD1EZ`UmB6h`2=vnZ{{u?!)(Y$%K+Dg{f zhj(boZBE4_RsEUY(Uuxxi@ z)UUJgVX7w0@aHA=ujg)r>gg>~eY!w7marEoxAQf4%|Do3$p~*rC|o6eDGT3oxvE2o zk@&vlZ>;ZUJPY_5TZ=XQ#s;A*r9b=%Q9Js4{nx&a%z7?MqDXN;9`!KR3k7T%Ce@R? z-?Rq3R>}*C^vXXq`qdZJMh!%-qv!S;KY3x(UTJadiF&LQgCaVlQ9)=j_h>^P z?{o-u+&`fC(dG-V9I4F?WMI9UZ>uNBwDFH~5lUlc!IQcr<~4OdGe0SQ7Mr@n$at}C z?wA=}12uC8iGI;!Sa}nz@Ju@~Fni={umN(}ej_4mImWcoKt22ew-{pDh2yUlfRbSK zJX#IEa_|uv=Q+Ez8TQ=B3l)!DuKTki1$VmfQc{typMY~XrgV{k?{eYER8E%z(i)o0 zy%OX6+W?ixu13X%_RpG*NvJBszZQvbuRnV#7F&z9WyY1zvwl3z8rflfH$UnWc2Gh$ zjL}g>_r0$H%{z_l?Fc5y<}YI|Zq14wU-bw&6>W0&)@_j$8{xppi65*R3MLTeeiN zmjjvSnIAVj*{hD7@=Z=i5OD*IbBNRRM{L0k=Az}`!@_rY9MmII>j%0&c}tl>B4Ppw z(-qb*>=#s(kR;Xh82kja(E;|q{dzalJ#F0=uE}2+(TfIIabe{p6@v9=oGV6r1b1iLKu6KuA6o)WFImE4zQq1u#Z9123Di)FCerT68PHmZX1@2UNxv1HL$C#w zk?u7zWcjoduyV(4H;eZLt7a2Kuc7I@o_R*hz~`K#t;v0}01y6VdrQ0&pt6cxz3eHh z6-N1BN~*HsUVSc4rZQXIdmmXHQ`{x66oIP{_=HO!@MxYb#H45}R?z zx8ykFdy0Ezb|9gj6<1iB?erPsJi{S~rv=~ArfdZ4AP_AA9cy+O%1^~dx2PfQAcsCI zV7WMVG6nP%4X#zsdXCOh&QDO*Xxy8B{tp_92CKeuLPZa}kro~DvcV1tcledih|^5q z5>0}>sjY-f^)x_E#DhbXvI;kP-t(RIjOD@ zLng79`wRtC_6mq=;l+4fM5j?I-Vm8=(p3fIQ6o78E9g@ zw{6mXkkpFWm>D}3CTlYRmS)!?zBQ8DT9_{qW65?KFOcUYG~M8&R87+Pk}Smhp7%L* z*9V4^?ohMb&E&lbdwi4*9bN&v;#LY;OnZJ8khW|`=oX}s%;|YDCTctJ# zu3}s5wjLMxxv7M}%6Bsj-{&JRvt4ZJbaqQ$Xp&7f^OJOvIEdT5#>YnQBPY>cdh?Tx=d+5C5XE-^JKaEoiyM*Rb zgBj4wNIBPs$bowV1pE`j5H4$>Y3*C=qD`AZndMfD$oS3E8kY&+uiV`E2p=sTm4Ys% zoQip1>kku;c3Q+@KE=khWS3fW{=1|7g z8w4UuJ14pb8lKTaM_4}si}`jqAWe{92qXyigv`UG(3yD?YMoNF`O%uBwRhjj7ThU- z&hvus0qatC0M%cFjc)`bsAKcI`yhP{Tzmxc-tA}p3>eD@$i^|{g6z7 z#F0yv36hT4#|e8FXC3aB8^r+&;ik-mIy1W>CY`H1Ron9o(&gUcp3e)AUw!>^kx2lc zD+)~`DVGNu#si|uM7rRF2_QO4Cqy3QE zMy%)`tE9WtXF+5>(J|8&*(su(e*Uj1{EEpp_f)CY-PX8^(uhXLP!2skS`xfS6y}(Q z-+4OU`+4iU8`0sc;j?`I5yN=Gr0v?Ig%sxH(R@BUC4@ECAgp9TY(!7H#k`h4aOHV< zJ86KFJ*VGNZK?ERCu-rMT-35AC61;qDno;Q1^ju5rw<8_mkvpkOnM0=FRnJ$*F!3# zi4G-J5iLruH63-r()CHfb2oSij@1Dfe#}jPo(5!&tydR?w?`!sT?1#Fy<0*Y?#7QS zvV>7&ndX*^@{&oPoh`94ed}M^aBJId-W<=gDZi%4{{k`>E+sE1HizTkg$?xqr5X-I zz-+-aol6@_jKs6DbIRD?!#$AZM!yYcKI+1nIi}9PSIoy5A(lk1K2VQy40IzMYe6Xt_RK*l!?rj0=DN(l9e*m_RrY9grL|h4dy%;bx^R zQ{D{y+CW_TJ#KsyXCh>@Ek#J&r@&Rt2qgXz(j9M|U16VE-}5e%kl2T^trGX5(W4I; zwL+0d7Rj4LV&{sz>ZLXbw8{Y5tRBK1yZxYH$Nr;f4*AFPE$;id?Y>=v+{jsgO@z~!tw@4GfGP!QR? zr7p5Zy&Ty>sI-1){mJJwcR?oD&lU{3He(!anVz#5?2a`OMrrA`8&&G(*?-B#vl_Ll zV|9k&_K32K=j#381R<6YTz`^lI)mbmfA3Jdr0lwcuzE#ptO1ET8)D^LGDae%;D!f9DjGd%5j;AEp&U znP0l#KvR-^@&(goo48AEFPUmtRLZ$vL9xJ^80qly__PmU+&Ye&ic%KWnyz`h9eIX8 z8wwp@gM5pCeTff2Y4ud0x#aRqK9@*!nQT&%CO7uJ|OpccY*2BEH2rIF6L; zN_cyaNKhmDavdE*7CO{&LNMEIX-^ItTfZ3g|3z>#m^2D3Mh|Fcm2J5%Wh56FpS9Xi zc}wmsSQD1nqCjhHCa6HU+?vyf$eWhi(=>_EVhmL$bb6c3&=d0|7*08WsP~q>dktKop)u4E zY9Fx+ZN9Sj%h<`p2F@buCKLmR=98R_srSt^h!o<5w+2?7(9VJ+lY^i^Z#rhDFh&O( zl@*4+F$a7N&&EBpEO30~_7Vcs9DnM99hppY?bA9E?gff`}~-$M!7g z0A&Qf`!V{Y#_8xQNw1?! zWgY6P8Jy@K2mm52K~{DCJIc)U74{c)Zr6DPn^^=xxFFwVQ${~88c)!ym z{q)t5y+*eeYXz2_6z)3Mo(Er9NV*I2%}1)$nk8Ag$(qdBd5i1zsC>BZf*y##;e5om zX!JWu)r}jE-IRzPh_$%S{Wfp=N8-^2UewnF?)~Cvp{)V+ZHASV6=UNPU>R4nCsK!W zeC_SM8XFx`&@G&5TH-)J$gb)t8UHKzy+F&oct_X02;8pi+po!o&T$SVq9dgkpx9#t z(Yb8-?$5cOBi*c~uTwiHN5GH;vJ%Wz(YZ)auPdm=5cCPUn* zN644m?BE8HOEzb%NzR%-yev|^!EwcOpXo~ub(F6q6cMg}1{dr6dKr4EI~U}K4q=ci z62?97bP<3=wDPrF-3VIza9y8M#J0viymlJ^0M^eD0@+jK}g~8Q{##*}S(E)6>gQ#@F&MK?zq7MZ48#s&=t{Wux$7 z_on8w&l%3o$@%5NoA)OQ@|0G%2$t?FFZV2V?mc1?C#Z{DkLegM@;R0cL)T3|I#Jq^ zB_olk$DeSl;~X_tu$;7C`P2}+He8K(jJB>gW;IPyF`*+a;Ei_6IZ=(oS@wMHdUV5S zNU|){OmP%#rmnAT00$Q1Qi{B*7d!>0C?F|pw3FRJ(YXIzfk{o=9%qPkc0}L zZ;-*#rAXJvfsn{Cy~)wPQ$WlJo}sFtg$)a1r2g!^CQ${EZ?0Ir5qwL=TcUn47eYqN zr4}~Qs9_GL(_yWp#?}z_h$Hak0*ehE6;Cf(QHyuZPBOkjZ3<-L*a%-Asd^VED1$fkbJ zmb-Sg`bR>Nw)Nx}*8tK~8bbcHCFm`G4Col0Q{|U{x5rRe_6WdA@tc@Z${h7|VxEY> zR4ZdkSI2gr+HA_|Athm~M`6s*d*f3Yq{vyW;e#5zIycy6%ZrmroXf!ng;sb)`t!mp zOP~8orrwp{o67g6-Evb1Tlh}F9UaKi{AGZ6eaYbTfzP{!2(B2In8|db5IY6-_fsn5 z4@xeN8f+HdVB`N)1we<0tp~UE!iiYL0DL#W~qQhvFFE)c_s&0-ydRVBboNjU_T`1$t?&J%y5{MKv z1~}Uy2eejWiTIS0FQw#%Y}$-`?iX%=Y}O407?17i~D0$pFZHr&V zwr$3#c|q4Y!?X6{pUgM@Iyy()8_qv<24leI_|RlY73XXItg-OaDDT(I@VL-%i?=Y8 z*@jJ8`^9((Mx_Shn^e5Ow-^Mi6c1@~cPY`|!H&kZg~d6R4|hIUdDZqld^V)U9f>`# zxpX2YWc3Hw2N_fzW_u~i5BRN*-iUQSYtl)F4(V=y0RaGAF4H6QtF>9~4>#L-1c+{T zSl5CVap)|zCva^rU$f;sSJLPHW`AOsG;sY1p3**Nqfy+7R3l_ekHLBO?@BxutZTBu zNUL*VOKcu^_~cEw#Dlcr*eHF*={OM|C?2kTOV+iG1)rbtc9PMKvN*{>w}e!dXJdAa zG}v@I8l3WAEA92&pj{yc#qQjRlK|F z9OX^5dr?m7bbd&Lv;LhB&YPtB77t~TUNWBP4`msFCt?N#ezL@BvfE%G<+-oJ;y~n4`rc0V8H;R|{rI1Ph-h%ob6JZ6 zzOO4s#oR)s`xN6DBi|zPs~bm>w-qdQ=1i({4Q^ZD_#)6?FMfobdFw$_wHZ@HkZPga z#^qPROKzepHyH4|AK;l`_z%Df7sg+$Vm8|YO5vQhs4j(U>CVZkh1`k7rfI%wC`8#tPjf&PUh0m~o-$q-%F! z-rshV%4z1KV4ICV@K*#w4br~n9nUv?Ggl~XdQFQ4+xD~pQz^!k7#^^b# z3lYZ4&2V#u+=H#D0=fxNapCX}?c_;ISAkDrz9jy3~e#^4BbrRT!SstH|*GRq9(wRGZCCP&1jlFacaoe(g1EE*}0tKUEp*`_uTEDc`Wik6VI{A|U_8PXorp1Y4#FvoRW}F8t@?RgU6>Ba9{V z0f8}PXVtC)g|X*1gHxIghRN4GuYSR9ET`C_UJ{WQqvzhpo^aip|AvH5*cmaXQy@2l zm;Q&lQa(!RkLUnOOQ(->uctw;?CCw7{g*bb`OUPPs2w6_127||C z!rvmM(=&||f?w%foLbp-8BY|0(lR6Yb=|#q!{gp|rDhlys%K6yyL^? zjdN>yLtRolgWO??X|e(@;9eD!JdmD$*7at z!XfA6^IYTk-~HdVEKabXT;(8?lZgAv@Yt0BOby{VKGy{sJxv#C*-t$GdX#KM>&Kd& zd@2a&f=(shoDb6|j$E(Z16Lw32vZ9}S#Iqzv>B3jjG=4q8$k9Xr|npcn4jrb$NDgT zJ(~;d2}yPT@Kb^N22v-TCE?gD3p%Soh{X~3us9PzIQw>^Qi>XaccZ;Rp6fsE)^U8n z@xJmvRIZxvoH*mNjTysun3#Ovx+sm(SL;9dX=#&ZLEQrRV&T#Oh2Ili+{rbNjIzl0 z`p+0P1bEupubW*E$n51`ZGkFa2#l-Q-q5$AR`4rsj@Wj=>&+S-lP7NYGTcdIGw8n9;mI`LA z$~#k@lQ^I==nDFbYJ*1|1*92)Sx&s0?A-07j1XFsoog8XUAVythxXYPzpOo74hn>| z{IE=V+6Yg8559~dbJQ!H|1MW!gkH1KFzq$UC!&aYp*L<}S^WiLBY(F7C2ORpp%U|a zKEq1!Zcxj>8;Y2!F8VlQ(a*v<>=buH3mGr+k-f0BN@zb_f}qbjoI2fF;yzwfdQ8$XhXu&&6Fxpl4&sMUe8FDCT6+OP?8-{#19ZlVL6Rd0H|2Tut)7InX{ z<^xoFR^H!%mM;deTA+`dDp|XWoLwgZBdH$~ckz$X(*~w?BeLMpsl7hEcyL^4$0|ip zYpLwI`?y6NFEi5ZNU;Q9Zdb8+Bzq!RWjURiOXI}H@niu^{y^wnhaLL>;c1hJvSEa9v>Pu{6Uge!^rws z`g1Gxot>T~nAE_(0qI)fYpS0t$?}1Uc2OWHYOpr&mZM42lS&ch7UsC$tS4R`Dp^Xj zwvp^rqstHrD(4OsfVN_t-W;6U*lg*|up+tIT=R$Z?983ce`19_P-}2Ti}qCMiO;(` z-of@btK!)8?zKB6Ln|B&B4tu$duT^M*qC}ye8)}x_mw^Z_O9y>NR7r6rmPsqv3sKYs9F6~(Qqfo>+%AjrW$1TXXj8c&2QgiVs?>e`9$6=@89Q5wG6oUM= zGmc%uWPgD_%V&yVdbZ#70uz&*XkG-Ow@cln9K-9jBq{Q@v-+=^-8VP@IG00C?XyIM zNoOT7TxeW^kG&es&Q^)3v^Py%Ys4MB!ugPtNSGGtaeAG%QM(6=K?G}hd{D(MJBr9^ zzyU=1eFcU&ra6B_D@4UAAPkRAY&E>(-uZFEui5!_b({I7|G?wMdzlX5!vAPf9975j zhP1vOLP@4v9CorW89}Pml-I;BJ|Z%O_bY?hFZ%oW8Y6})q-$R{nqO9&+VC}SJPqd9 zF+bovDU>LXD@hb`;@nd5PLh?8V6W?eT&xY|8X_STN)Py0Xqo%(cuFh_99lx;66+4m zjl}rOT2S$2%S9hpr z#^3TX{7~=J?K0STJEunSV`ekwDpv2Bg_z_1UQg_@82){Wm0cCtq{a6XQT;jG?%0F3 z_>&wp?;pwYSw8Y!sL-?DAo9Qy9%6ox=nA;DdS7$ghr*H(iaGGeC;>`B$!HF}3(r{y zBV-Uz?Ku!0F7Ab$Lv^-kNqQ}Ls=+`bL2L!97bftGr(S7$Y{`dhW2f62)!t#RFStx( zyD2GtMtm0#V9Sm4PgYyfo_gRKYkT*ub>Qt;!0DYQ z!HLfolAmPtvC?5FS9AqTRdk(w)gMtu9!{z_sNB@r$~3l4?%osbP!$jC9Dk^``&@1R z8+J#7YvrjTFs@(Lgy~r{uD5(p7pV4WLWuJ3Oyislf6+F*3aSk$e$-(N3~sBYS_et# z0noQ{Gu8*g)awn=@^A#FqD5&H7}(iO5KxjN%&L%gXtwO@5n8MQSUfmGATgtBHSFhf zz9_dUYGA9UGOymdnF0d?zSoP?Z`v{=;2iyG2~1NysmY4s*8BuJaHfAcJH&^w7F!2L zGac$?>}hMzJjBPn*L&g9GKcCi`pCUpGYlhWMq&@p#_CvjI68eJ@HUsUOwdylR9QVQu&?D}CS4%au0A1MfdB zeb1w+X?e8Dxo2{{K-7^dO(FpFnVBTk8Am`fLY8#~Tcz6*oXC3btvIcf0|^KlR^}Qc zA(HQ&Z9iScw=V*6S)Ujvj?DQHSl98<=ndqI?V|I;Hgm!}UP)__MU!(evG1!+(LTVh< zcqotWC+Xi6FfGFD>>nEHb5i!Pbgr7U1TShBo!9vWIiEY!sK>|63MenlnLdTUKe+&= z>!v5ijqJoUxzO|vd%fxyByWY#Owku8JQ5Z`p)heD6a$(30HbuA5l=)&u_ZInI3~2p z&GIPeY`klR%#ni`B{wrQWTfoP{QR@t-ITZMNNv9u*-cOgFEQ;NNcpbNijDkYZxL8> zlZJlzcec2ilS0FLfN0G3LP@_aso%Q3cIj?WG-##^Rd(N9fl8RTKUCP{qj^rPq9;b_U%iq;z(N(+Pym69@%%z zU_Rxj@u2ZK8~ZN)w`x;QgPq|7Y))`nuB|`J>0}g!dN0@a;Pbv)!9en>PDTGQ^%y;k zd;MLZwQ(jHehWaNjzgZ>4ywCzy$Nw>D|PcGIMX%ft@b7|D-UPcIH~tk@i`IfK0q|};13V^9=rLLkCtSSg$ac7-^ey@v z?2mfur(Eh|;au#nZAFtc86L&>)GUz&Kqt1SQG~$;Er5x{&AM{yB5_e(!uMLP;AS?i zHPFuP5ApSWiA8?rOSOTWk^G*tsD+jj_BzC=!$lXAjHCIA+cf{DgDKa++^%86rxPG>>wbo-bu zX^Bc`1JPjj$W}6cT?jKA+9%vRJcsMMpIYfU!$C@H$!DZBSEV^9b8lqjWn(WF z2R!u=YUsazUKQ*7@Wk(l^W)Cnam=6}vTI-Q0q`3yOjsr?@sDZR?g-AJ`Pu%@rc&`n0M3eE(kR`jMl;iMM>lX2T0%QHxEC&ErK+%`dx&JX2e7pbhx z8_0V5LftG|syC%aCrM}*iGA8cr?8ha4;5?ktp8xV>Mu zSXZ}el}ypaQPvon$hj-z194hS>#J^_Ooh1l8STvoF@a9^C}ShNX}!S%T3%j`olCiC zmq0G4wdwU!MhI;4lB)ZcC~z0&DyP-Y_AEr`So3iiHJokqW$qvzPI!cat~l(69ST1* zNNHX4p1kV5*7+}p4o2nZQN;mWv2`0T`E2&&iONmsZAiefy+Z~JAeZ2D+0usg?Lbt=GUlfODDDZ6Ay{R2II zc-N53*{U4HI4^kZIFV>jdHuet>g7XL53F#JI8K>om=5Vq&+0B+K^rz+-?!RN#+n&{ z=!xii_N|F3Kyp09z4FjNDNH=MD=cK5;9_XHmoLuNq3}{9SQrl~HSwR&=kHp9CoJ6| zhf3B2FM3VS3eXjQLEz=Q?2Lb>eYMe6r^u9^6lT#NW5a}FaVC_vZRc90>@=Sd#)5uCnRYZNvtw0%5QxLAXyG=# zqqH=N7|>2Pq5XB#7~>K0RA%BiQ-o>2$wNr1R!&v%n2|zs@^d1BH2s)z^sC@U|BW74 z5Kv-lB&h#0`htM!{N#=qK90Dj(;8u2&L1b>uXdDw_jEm#k>duvE&xm{Wd&u)2YM-xo>iydxY_2{$>}+?YB#G4 z;UP;JeyNe6j3u}1vH5T>jjX->@j-^mk*n&rDx#^6Zy0brI2FOI=af_`b3F6}T~3Hk zBZ}h3&fuk9AGrRmV*1au{5x~B!h{%`1`l3lD>f6sL&zRh3tZKoiX9hPji}UVt_WfB zy!YwfDJ@;+)9rUpW7Evr5 zny#~tjs6Q{xEML;@li#3SrmQwzWGm7@A4IlEGeQp&goS?xk!7cvoC=`nX z1-oz~ls_POn<}9|nmGAL4^uyXyt-GasgmD9VLT%uj+v!@CpiA|3U5%!RFMMfQ`Ff` zi>ZKGwJ6px3cZ}%qji)Kc{#~|F_Twdv0})LoSSFrOUMrNPyM8au42O@6BVzi_~tBT&-Kbww=?B z*8FJvhq)vs1McNGKBWCmY=~=0dXKP{YAj%BxG1&|DtZ~+{OF+fre8~}e6SR?5uzZy zO*F>{@Ewt7E&iI2B6`_EfYgz8l^l85bWPWLHH)(M8jhYkG_%bdC!i2w0JaYimgOJJ z`tSC@KXijhgTc?W0hk>Xw+&k`$d*CMnSvPh$U~Jw^jbAH`Au)^v*Jew#S#tjVsR5Z zg(%Ye$Gc1>|kq$r|cH*cM!rB2)gxiY>@W~L`rH6&D*u7n2WhF9{*$jRp9w-0)Cm1_zY=wVO8rp`9VXXsPg`+B zWskGvhR9ysh4i!gSpr`y8q9G6xct`rAEa_#Vy%o3kae8(;-Xe@{`xj7`X}p!nSwQD zDtosvJ>G-+CCz#m|3~DB8QAA4^0N2G(!$Di1w5i+&ioEp*36J<-5S_}P=t~hKA$A(f_lJ^lu8e-4S#~&NH+Fq_ zfBxMR@_#h0qaD1AAsk!0Qs5AjB|9y)+6LDTe~%gj%W%HOskHAtXmSWFhQ{YaN8(aC zWE~7r6A)Lz#~*C`B7N=el`kCatINHXGfdT^fk?M$LR0_H40#p71VgB4u9?FM+rJ$*_NUHu=H;7HuB_d zohZl33_P=3E_+G4c_YfPGROc(RXS5WQ+5po+E)@*>}|m2hS?~VCWF2+t9m*hpQH5M z9IQp2tL}MfJzAjOU=n`{Rh?W23cjN1P`pc(WDah9!29xdZ{B|~<7qsLkt>pDmdR3& zu*ho2z0&v~-i&Gk8wxnA5>X}LdGiftt;pLZ_x1G;FCT2p1!h%M0sN?Mek_Z`sQINK zkjE#l$UP+7&19M)Hk?_9g?u~3d|4xeXw0>P2((33yomz}{HYiEKgLd)GH6Z??ip({ zZC2|(z1N~7CDOUWo2hJL7oSh!cZC}051)QM=9U+fQ6A?XjoCbM>7LwYZ3A1scaO|zdRt*^GOvj~jL!Ae-<+)WbdguW3KTYcY&EQVNm1pRIh%2FjIq4bEuEYK( z&+{vd$q#z2u8cI?rBw+}q&V>a(sYA^Z9dM|2(0QkrxFYmXcks6Vs@VR6agps1)|Q6 z^i0IxG=LqF;(N*l)XtiJhn4TO+;S+f^c2xKOFP~ zdfeehbFBZ-Iy^OW93v{iu`Pg1+eQ9CyRgB(F+m61TmK&x{P|;zh{^;#(0omyN&l~w z@c&ks|3W8EPxAcv=Rfx7-!Jm?wE zqneQgeXFWp>U~$EY5_on9{lD_saIf;#T#lY2Fw;mc#r9SdQvDzm?Sz;eUgr&q&DNB zwj7a&936oE*x6}_+Vp;x@Tb55Y<&UiA0!IgjrX*%SiLH!uHK2h+GNk- za&V&q>|NE|z>W%tFA(?E3GMg*SC2I-vHwe2EIWMky|TQLly(t;{|}Othgw>mSX`vQ zu5V8pI;2?e*K{6U#nr;xjy?YPA%E2u{fnb0a#T5pD%CLmb%q>!^uQ3r8|nQqGC-ER zu`*#IoQFO^AkXle+4&y<{m;d9h@rmWfKiSZZ5H+-P(g4at6_JmwPizcRR5K5`Op1& zaR+%7-PBrNQp&#aUL*DW@OM`3KeRl_X|&RlM^2QzTCtq`56F-xNbFy7i5lMdr?u=q z^!)29ch6JV}yBhchwnu~ao`gE^$8G0=;XhgnB1telAjE0@ zcfjZWV@P2lIMWC&e$*^>s3QtL#dZ37pS?ir80*N%@IM}wk1H!Qjkij->n`1{`d!9F z58Z0}5}Y`VL20Z&Ke2c%onHL?pX4bTe5kPYt_DDdZegMtgcAUKF$u40^B%|C+Mdwo zbth^O?Q3d2G@%kyFMn9_&zb+dZ|OC6+OraEz|vW|g40q1`?n!^nFd;7{R)9vzYjuB zz4bjK?ZKbId{yE_{{D@o{q!txN@twh^p&`osu z-uj_a0}fx;n=CfYaiOMJM9BQ)vQBLioIsZxs^mg=3(GW zdAP4KXVyI;P|9rlJI^^!)BXXXrrGPfH?&9?B}MriZwT-dIN2c|)SXrmYQ0>fu(T@e z`w~ePpC29d=!g)&(GTsV$OO{E$0h?0J#zm?7=p|*z?tH3YluMf1NkG`ZVer| zXiU-#dw7jFJ%J+XIoXer49Mjhj2cmvA1va)86dP?`w~U7UfFNSds|GxR44-m%{CQO zbz%_c(#tBmlTLj)ZXfpKKm0G#2jPQw8sJUh*OZ4q^z-55GlpJHwnWB{)@hU%CR$>+ zYQt&Su%V7NKoHIn|v34{{G)R?nI56(50zuT7WkY!E4hmZO?;w|Yk-E>QDct$nbL z?oHT~cUlNW?)X|l0W|s%x-dXjvRl++9~o$VA_CuT`akvpTr0YURSbxK8W)JsA%8tI z2l^NcWz;Y9^3o+*^%q2MxSrg|jV@xRM^y!%Ms(gWCcufvh6UooaiXiQt>=M!1bbvK zwX-+67gLMOukcxEQoWqI<;-iHtX?V^&qot#&21_xkgCi)>#h`Km=vP_1R?oCX7Z1Q z4V;+`CKZR9SgfdoqIHX)wP*O&`luV6fwt+P>I`^N00)x@z9;kdd_4CSw|`R&2`P^eA~YPdnkUwexz`xy|a`gW7VIP$X|# z*-{x%#eBFDR3fy-ze`g8qYIyA>A=I+RKSDLp!n13YLX0Si=;kZeCw4|_)i(V)?g)JuQFZsT1BJ*olqrrA176A#=; zf4Sb2tHf7SqliJzuW|=!r}o^>Qn}e5ETsrpcv-Mg*||(s6j@)q`(@I7;ipKRJ2DZ7 z`w^LI?W)x7tDQFOj>_{qi=fZ`qcX04Hy8aktEAUrq}RAL0hliy62F>y^5pnO1jB|= zPYk5!b6z|UXULOU8 z$DjrW^xLFMNJJE;^Y+hlUh^EnLH}0bu%uCm2ZJ7{?7P7N4aB~AM|mY&wOc4;m_@Lw ziur z&Wbd`k5Sqx@sr0p{-T8ZE&BBi!{=tgcY5HmKrOt|GgM)Rz+{H;-C1#I-s0QnaO9;i4)`a6I+PIKobhl@y;oA= ze-PHn%oos6SHOqsPtpBrV9LLNG??zqzc?mxXHN@l`+|{}?hQ(fcudYZbwUFA<1Dlc z9UE6Qa#qXP?8j>biMKQH%PGF{D$@hRma8Y5i&im(@WK0mG4$IY_b38iKcT^6xOTRf zI6n{QYM|J)D$0PTiXHx!JLQClD|=Y8m(b!)FNw3Y%M%8g;n(!PbX}3aI+8^*z%!>T zx7LN~_b%U@GL~#qm8QIm;j>99yIN(mha8JkhQ|>YV_ReKshu}C|G^4R0L|$Q8kr`N zDC05&*2VGB#p){6{&5{0x*@D8AAc)F;yKubuR)n;f z=!gBjCq46Jv3r{R_xC6DB*9O?sKA(+<-PZ(aMxk4(bqWY>|eK>R+$-m(ysJ>Jp$eS z@k+!x0VP%2i>*QsNjpnk#J_2ObMg#)3CFZJ9TwBxR%_==*u*JKl^as(yG5|pc6=VU z!?|>&o|0#9K>XJ2qM$A^F%KS`yWfqbh)VPx?G+#OPu-d;z83O-+x2K%_&dJjOX2?A zZV^z^vtlI3>Uz@{k+AOw!_oWL;qj*3HY{SYU|i)+n;UIQmEzi|1f#TQ{R8d2)7X-m)r0c-P69EE&&_Oe zXIsb7@W>oZBzKXw=_xbTilr*}l`GhKR`LhMQAqgQM2WjiVmqjsT1t#?+c)eP=21yZ znX7Beg{fy%0`~B0aEMf5y)!KFn64zX*M7V0fW-m$Z`x{T;h>`OS}dbiyz8qKl-f-_ zf|T;MnyXqfa8E98G?Ei&?x>z+Dcrcz6P`u5YAJiupz(%*b?#}@FUPCOA0(`#i@^Du zXfPXM1Isl(^Jgvlu62>G>$BIUN{w-UZk((hG4>1mT5*-(C+rZdoZIAV|C_T2Bfp0_ zruWM;VXVtD5pVSlUCWr_*{Zj*DDqj}ueC(b-^}Yjw1oC_YSW$;?$gCUstMHSKo^J% zh_TnE+bKi=cP6w@h?!zgNnZGu#Z)_qFARv;eqGQ>#VkHna?hvL*Nc=m-GlbjNf-{I zSYx%C?s-j}I8uBRqhzOpJT2+ucoSj{qJITTV_(AGZAW34LNY0af~y1WZUb^=^twEC zky!Z5g9XGMlbfmKacYVy>}qRSf^FTJ58f*Hk(E9A6Tm(CMz95#i`&wS>2tg=$M7FZ zH2>K~v*T1I(JUxCKd7~(onMdhhYxFI^Z@aO2knz1@f|9(1^T_uZ`1`SG13)JZz3Qv zwp2)^t4~WYKVr(FJu4zukx-ZjXHgskb|%+e>H3nNHwcQBr&^ea!p&h6GrI4$ z(z|UuD4jAC$xhE|Tu%}=foS0DD1GbA&Ba*%=*$1Ly%xn=a7AGqNJ|N7VZfji99L!( zNkn&v1__djr@30#9ORVPhHN@~IqfeoWKSBsFf(93L}IW?)CO`GF;S9LZiD9f-Fz<0yh^9D5U;iJU@Z#)IoIy=4@1b#5wGNDWKgBVq04odS}uAQ)G9dd9mHle zZ*L1(rN1Vb!W&+ciNrWO#`(WOL6V~Xe{8*FSesqft&O`D_fo7tad&B1B;I0s9Q0>} z=2afX0sXJsAg%8v*hPr-={vlrlWnE^Ua_qVwd44vVBO=5+vBXAo#!_T1h-F^quClY zj4@jxWtLmm(46QY42EUO0^n3#kpAZ3NW|1bhXG>q8MKTcq&yYQ425Dc#~P`ws-8%H zA&4byzetJg&lZn&1x$X+zXAs1!&@GOaXFR_Bf}d?r>-IcVnlt4%$w*D(GAOjbi&VN zSfxDcGy<^-Egiz?^7m7tuiq@*t5vNX)5w*G|DKvA2;@ODAlUbqFxs1G>4CM8{m+i9 zFUfNp97&|F+U-|BkF2W&d9ddj-JL%=^6ug#4<9IX`r_r%#c$#MoXh`;lLE)gT=cji z77TFl!k3M~R!N4e9nf|F{MTc7ljQj7?0m2xi=_SWR9L20d)x*-9P0=~k2r5C@Zk9I z52Y`Z1{MgFOy_u|G^k^zP?bg!ZeWT53C{$T=y#~r1ch_ku>!$O_XRbgHJYPll!0CZ z{=)T~KZV7{r7;CYHvTbC;w<2t;n4pYu1#-_*=~rEG}3?L0?F69{7s#`U0Jw$>;vm3 zp<_aC~N6)jCJsB5^%2XhcuRAn2BzMrf36RO&3v+*MN6ki8aSHlS`TL z!%Lp#w&X&0Tc(cd}+xLA#Y}GXfpyPY@2I zYsHxDscqTJBz%GAsb~JSg5C1XAnu3tx}pnZbE`f4xQs7hFG0YL(%%9v>*AUFTcuCO zfUHW^-lYq{_8{EMVTBm{ytHn-I2sxlY=Bo=TO4~YJC&`lqUz!4X5R8|ii;j9zMub# z<8dTLi0g#Q58$+AGPlZSv;?APn*bOZ{F)lL{2_Q^4g&*hQjWVXF6Q2uY-`iKYQpErActS7fSfbrz09WHEwZDJM7hp z5D}j zIOk#!A2mVZd%oQsfAZ8XsWf&}SL*Pbu&2>&PuTVh282QI+bmZ><6LZ(0;49U>dPA= z-Ql9 zeAV?4817@&MBT*lFN^gpR&Af!>neRGCj|Oz@!k#OFUlRUeUX#)nPGb2VQpoQ{IkX< z%+79edF3R{>h*L5imnY?si_-!nh?y4rDm!~HvaMBn}r@Zgd2=_xJ7p8h`i zw&RvrHaQ;MrO?`GYDY5O$o|$d#s{I8b1DG0QXTv@W0)z+=PDXHI)o5Ta1Uf#t7-c?|Ecz3bP7# z#-YdG-1h17>mT$nrzbDGbst6>i;`-G*qv7FAN_b_dh9%#r=cfPaHuu7^^62r;RMq z=iJ5b<&8AVz9g@e8j*sUh>I~iGfQepnf`upDRg@`vtSHSFaDl~4Yl2F+y1tJ^#V1i zk-d8~B3oRL)6ZI|{KpTp!V0?J(kXk5#jk&Rp9n2W1Fv@~GiwIM3%IAF8^2q!8)GHy z)bGl#g;-&`2}#@+?mBZg8DPDVD3p)hHB|_NVy>;$)${HwD*B~n0v-a(t#8tGW^6d z2X>H-#3qWlqK;qqz{w@dy7XqMfI1jMhwoYEo7_xA@FY@iHW=eUPu;H5W*p756a?S+ zdW8G;0!W;g{luty*a#RDCZ)aJrx5rh!v}7nLPa!qq)4!2_L}Kv1uB*VlFu zyWxJ|&%pXTyHE8*rq|*;EUPtF=ZH7L;VpPu|`(HGSsn%&SF{m>X{5*OEaT-$VO!*Py&bj_9$h7bQ@lX;?Z!3@=03W-0D z6F?L^Wz1))I@h zQDIo?{|@m)ec!YJ6BZ7pg}4x5G89S(+a<%e!+=?(w$elk^GP`d`9-c)HJ66dUmR5 zB2msw-Az1bZn2~H^S&VPvU0)RPdh-Q7-mJf_9y!H{hislai{B7v%|2$0;CotJ#zQ? z@Ooc27W;rEv=05kk1D}^K{?OHwlD9M!yCUJ?2u1gk!yWKQTfGbuqF;l`u|-~KymuEv!qZhheq1qM@kB;3Vy^||0JdB^243Gi zmFQ-~Vy6Uia>}MKHtL^?>9;hqIGO>fB-7kI6)1Z<5yE&O)@*$04WiL^IyZLTmPCV| zH_b4FHY2d1TCp?{rX4hNk_9Ne9BGwuM1L$F4rs;`c@RAX09#y+hcA*Ci1le#CvDg( zK8}?J3Qf4(=XO14QnG+IJ$(>sx?M>d_E@LAA2~QluIpM=Ri3_>~*fMC!n=* zodkWMuEp@z*V9z83Kf8v6KoB@5iKr{lE@$VTE@VzF_)WuPUJvoYJkPVp%=ZD`!ln) zZ*$}WK0M=8G#n*b$CWRdpjvWT5Sy{?mmqiY!3F1}-VJc~c zWBvWS%ZB&ZXAO0q#xLOHjRj$6-&1$t%totc4|c6JuvB_j7c|V*F+8Rv7 z@;DrH`G7he9_U>_0uR|PWt#hq#XD%Ur)iqG&-92>z)ZM_E+^PAx&Fs(surhKijC+c z^(0Z*M~5QB(bp3LpyNJw=YAq7U+Kug_XbkcTdvww{)$g$5T!i*sFSf+0QkzA7Jn%1 z@&(Ymc{}z)BbAPTK{m->B;Hj1v!p6T6=4v5Sgg)uj^19fv{~-Z{dl7IT%59j012ow z+^=Lu+(HD42K;_NI1|EF&f*y0ViSFtBgAVuenDxukg#gr6@Mud@GF^#${;kdiSjSk za;?&VI+S7{(+kB}zc?QHotd@r`=<}AjynHXSpV^Ono$1}-wJ2NY^iLOuJvT1!r#oEoHv31KK3-z;THB}TU%sM#_dM)N$xl}q9{6TPb}*YypV=sNChxrC zw)*z^r5ebMT}p6{%zAsb-rJNbJofXnc`ogHWgk5P1iy%>p@Cx0LzX8g&<+%_9Q%{P zq&i3F#``@(50adXXTCTznd&5om1UcB8@j@8NfI*g&rI)*O?9!gn!tJ>lHaTFi%*|7 z{Kwj3_yaEgN~5AWbH1c;_Hr%l zjBq41lp;0U;A7duznD@rx?b<>kPPVziq(v?2Z;weB?o7$CUTv9&BZ?pHxLef=(0}j zxUcSL2^yFem9@pBg+vqb)zWP`-)IOt;(AGP8HtW3U+uokX zzjTkQ%Ekk1){GpL+()b1>*8Z@BN6b4!?dxAOF2S+s%v~6W_~-{B<}axGfAfYju~rA z7#6xywVs-nH1Hn&GMc=BXRsf|(5L06{V=E&APDW|n-FKy9)-RvPLex(enF{o_WH>l z-d`o#_V|MRX|O?{q~=$H^UUvV142P!83saSe!5A7;W<^cwSBd#`qpVF#4vEr(_g&_ z)lCc88NAPI+K`k^-VSWvzuKSe#*#^o_4;g9w1+i`wKRP9Fq|@dgrv{n5oRguOCubu<5L3kL;T(#6c@VF1fuWS4SMqAQYub?#NLwSGix zCnEmQ^uwGXHDFLi*}A@IP@No#elX05k5)qOaJPbE*zSphMST11Sbgn=V0e8i@EaKz zcuaN!-Pzz9X#&`Mg{g(VdCuG*OA=I7Cl{d3ICy7j4DsKdQQy zQCz(L2a)14^x~Y$@h>M5m<+cj@NlVV3%cG3D^FaNqP1;K4@NlU6X7ZGQ|Q{;@DW?v z7;AV~(d1r?_m)!}D;2dW;UD9$oE+AwT3hW~<_bw43X<}_TOjbl$7ybtH%*0KCu7Tv z;>lWbdXQ&H*X!4OGNo3RbVT;xef$`v`^Fy4rhAmP^1W!576#jJEuNpaT)`90MxFJS z5a9JOU6UMIPgp}W7`^|%H<^3O@y1E@~2mXvvntG?;6l>}ZC&{w@VKtcYg zMVzIDoq@qtV)QQL$?RuiWw-ivNpQUbw6H#>HTG5Cp=8I%VkzA(jW+T*W@e$d4&LVi znvc^RC)tt`c9&z!2^+hvh@FS<%}S5j29z6%&2~3atiq64$|@jG@gb1dW_*C(L4tA0 zP!QF^Rp1gI!yz9PoP$x7*}Wd^R-tt6_kJvq!f@#tuTV6O?w2F46J3MR&Ia$l50Y+j8CRE$9gc@w zu|PtvKy*Ugsz#hcmQMqp^yrR!<`07vN`+B;Z2u?ku=Np--|P)O@Jx=Zy4kmIS893; zg^5k;_oG0(mj8~VB4hzzB>$pa6}z?Q#^E|Q2x%0%=oRbAs(c3|RLOLeT3k?qP1;nC zX+HqycPV#GCP%?^-_?JpnfS)BY}~6z%Z;1JxZ|!Q4FU7z#4K-4>-ORpt>Wx|qd(Gu znMx<<@2`Lr9?=AIG!u4aoMg%14Ol+V9+45dpan)X2qWQ6xWoIO(0**TyWjXvZo#nu zFJFRJ)Nvm_ySq-9@v=Qd(}ZiX6ne9Cid!h2nXh~2bjmd3q~O16x6T248nJr>Qmm0A zIKU+FL(U5JmlcULx1y84MZ zxXHbfc6(YxZrxfJ+YDXdKGW9lkIljEnT-L7Hjr&TH+lgsf=L-1<#3FIE#WqNw!ip7 z9)#+$>5&=)$ygYB5Y%E-Tg5sF@_HL z#rI3t19pbIea{zJJinPU$W`Dwn49!^WUI#2`nuwNuLI?x8_KF;Z3O)N0(@F#wQnYK z9K()nT_g4csUK>ZJoTe_U{}A&e>7^VLCkykYa`s$OjbsO2wd)TR~PEOpRxBnZddZn zWIjS0E5k2+LjY_DQ#gQ6|`A+-}cp z8pje;S|N>!2P*A~6QTpyRpd_5+J26@ZLKfO3&I*#-g_&FXh`}VF1kIEpBl>TCtDt0 z4Oo&nuBc-^K93Oom8_4M{=ypd8E_xW=;>`ildHEG`OY5iz0~KQXn1TbLD7-D_hL`Z zG#i(-wL6mMqF=hrAmfu1kFOy2Epwt|bzJs7M)HGSA-R!s|JME^!Q!(QAQWKaZl=8L zsoC=S6bir}G;x&T5+`0Ju=PqJ@w`Qc?8|~?w@N7G;Rk1_@pLtIKrDJ!gazyhCdv3V zTmEML4rB1!F@YtLq~Y!FK8IBP&eooM{`e}7UW=MW&uzP06Y%OJTvrz61Y^aKuc4scSEAW=w11|M^i}>p2SJef zufWhe7v;))@usDbj-1ksO@J3m3%jQQt9CP;31zKp&jtlI5A?ovX=k8kIn)BUaTg^k zpre92O!met=w7gUgiw(E?bmdQW&5LwtRvh?4l;3tVm)`-PW)=(%V6$wC>8TRNw}P_ zRrGv#SlYHhyHU4d$+x_`H<+P;s+wM~ z>#`?{5XBh0FZiP%-~TR|{6YoC(T~kCCVafI!Re-`!*Qg@t;Ps-wNNO6dEe4`$cX;# zU11qJ*5KWb@hYxs>q08$Yy;TtQ8yE64`TiRf6AJSUn9JSJ14qr<@tAEdX=^785;8j z?$Rmh?lO;Q&BKPu^V=>x>*1$mVX70I-jvTipA~D?P`C73?Imew9x5Gd(pstv&hX*B z{h97(6iIVOxK0F8Ae4JZsj$OJ7+!vWR1iTC;dD(N~-CZ=;)5Sk)=C!N#j{JTNRTLdUyo zt$~y^z@B5D9KaoFhMbzTWhKv+phV7B%rQ0cqjIsFG`1f4Lh`ko%HG5BFOQRr@H%Q2 zpP3b5?$mV2IN{PNc)VjaAo% zO#(9d{1ZpZZa`?tJflO+Ue#h*VsuRMKip{EJzpk^-2UoOHSz!jplfSex@@}JGmh`; zK2^24Xot*=e|~&!oHY1juf%Hz4>vTvq8=@Pv{x8s9vBQe<^T~!3S}<7Jfw4agydv7 zQ6P#(T`TEUb*iOW0W)Q&p(zKjnf0xJ54oIefR8b{+)3IdQlM;Y%jc^$&B@2{Jcqpt zH0o9Yd%lqhSgg>fem08`N_podMP`9lz(o=J>yWYCAb!m=vy};(IZ`>OtFsm1jH08x z&Q2L5BQy_rhlKZ|z_t2H`~0-@-5#8Mr8ZA}@A{YB`q_c$c~gBC1eZ}2@WOrINk^VV zac4Oz)=oV0NsdZQdvXJDtqBJK#`+KB#&%8LW(&N$upRtjdXXsD7R?|!AI8AS^Hn4@ z$?j##n->Nm^aU;h5j}v&PAh07sFiipGG9Uu;d0m}2~u31DYZX6ZDc!8BeH&>m78dB zJ?M+?L|GsZS;a8_?wok5#DGb9Y8MMWo|j`79t?GJpw`N<3BXOE(pEuL`+|;x3N`ZS zymtRL80FZ6Le4=1qZr6tY@Y-bgCgqQT>5@6U*iFA-N#2mj16e51v4_&DqzavixQKt zG0Qoh*oxn6xl(REO=1c6X(pjtp_gBi4!Xq)<;FNV#+kxt-`5H<5aC@nTe>!MQ^Y#? zX7)peSvaz#q(0+?;Qii#F+`}dOsM3)JB|%*7@tPL)eH1g6zEB}| z%1v6iy-Mf(3j%{cH3KO?P8G?r@ZevA^g<~d;2}Dk-^hAWsm&P*%0d(9I+DzZK0H{?yDZ>M|l8kxH zmSAoFW~^v_q!S3G8HL4#s8*uMnq*p-5LKniSf(5kD}IWLJ`pTX(iMT!x#w~Zl{!fP##uQ@t7)n82~|SsJkH@)t>H_ zY^=XAsN>~`8NU@LUz$nL+A8!k`u)qcb96-^$3+Z8(!wmIFnHRO%JZbd^sgB3@xEEt zsYOLay!c`Bw`+a`)>CmBhwxf>m%?cuR%c;YLRbIZDR{`U(@4vs^C8T?6D&j_PB!g= zbv>CY;d}PnzwJw&EbzxO7cZ#~How^dhs(OXwi>Q&4VO$24>A?Xg}&Dr2#FT;P@J3% z>;&c9w^cK%OVbU>ci z*u!*cJKPeoq9?+ zk+UBCDm3?LJno!hK%-yxLLdI5yx8ED&d6;eLmLu=P*fR<6s%=kvizCY4mfb~FD^=C z_XU)WY0zPKv?akewY)ouhvQxE+uY24VqdYOEt>JRVjFZ-VD`MuQ35*(@GNKOK95n5 za?l>48IjupU-TCb1`DpDf-{T2Ce( z#grtwX(3gBmpu&8#IBZ4v&4icI|Z9{!{u7phx8$Fg(vmKx(0I;HeJs!TLsXKr@(lwNh!>`&r9&V|N@d;+N5UDxA9_32egkHLkO;c=H@A3M5s zu3;=_1{;irq2$5i*KLtIH8-L;>q%>>RC=C~=)ZWwuf^>q{dc_l1|OQZi@LdgU{MrK zzfLOF;xg2p`Z8X&s5Yg!>tP_mrQYl_U0($pbq!!hxDNNiuS3^yz*}o}beIBf4DqM` zc}Jb(*kycx!9aWVyQ)>h^g0E$9^C?IO71;W+SKnp3 z=+U`fz66Y$cR1akPwGsZM-Ev8`U!17#Fp2*d@TQ4lQEF}r~T8hh#I-a4Wp^GAc-0O z&(k!lu7I%@W;EcM#%ActK6|-bIsacNx=WXLt_iifL z6}W?L6m?vo-+hmsSMW(IEcQXaC-yh}_g#N%EQCZD+4K(<{>aR@S@oQ|bhz_uq>>Yj zWh;VQVr!QRzf&kVTV}h;9&RE<`-wO}e>qm0ef>FY<;h;5pf{#XUr)j!mYnSA&th@5l3}YTf;6w> zwD5aaeD&=brw7NxPw()NCH&@#ZsOE3V}vlpob6=GmvPV_4EC&n9}pq6uQnndetq0< zm95qX$}qtt3ca6K`J3Mp);M-~aHD@&y~g)hi;MsI3C46y+B<^(dVeK4dW5xvA`@I}BVPkak#K^HZPQqilRR z9nIVpRKHpC`N!_55EmB<(4&L)yqvPzIa9N4Lyn%ol!a@WQck=Z9_tvLl6cQw@;)3h z&{SCN6mD+LCtDlHcKLtWc$+E766XY*ecYM7l*luGoqMEZhNJjebJJDzUd!J8aJdAX zY0pCDyS$&`fsCF~mCjr+5wBapcYeLj;KQz5>#B|p+W~2JBeIgm8RE{I3se>$uH<)! zxrlsxmgfTB!!}k;`g9R`XgZ}5sh80=He}>=%RnbeBMb6Cb^@-A-HEs9Hf-JH>v}5z zTgTqqZbKC_vP>2l!@BV*kI;Y~;7?7mHK&VfS%8T(9SdS28q)c<_jKv*Y=GA)CWReV z+&9@oD%|uNo(CiFXb9nL2NC+8MJK%_gUkQp%_la;oQ(+?$d~cmM$PzB5OjQo+< zA%(k|0EY!jMfK9bVPYr@{kU_wxc!;5rdZ`kw$tz)QPgTuoqHHaU{m;Lq;pX z&Vcs*--zkM*T*C~x$l2lB$EGrO{}SC7uLhrd@Tj5o@QkKbGmk+!EfYat{q z6oPHs=js_NrN86&g4i$b%2;kr9w=ACI@(jG;A4QT3^$UwSG;He`X@5YfDQ}R3a@}s z(YU4JI04W9hASh#^CwE1U>(}*wnM6Uxga&rJ;A8pbT{l-sE~!-#!BX_8KWwnkuXS` z`55LXs(9VZ)~Tk3I>iwuVSDeGpm&0v{|j=P!=1v$iV^=2&S+yMy!Q253fcHQnToV^ zNa*446mcO?iuz0G2sr(NIDUeVccK#<_l`~6%&6uo71STz2)NwmB$)qcSI#iofSZfo zloIj03+@#Vb&({ySwh+V^x zq=t2w_`fE>*OcCEW*B}QYYsE6FsPvYQfqwE+lVx;VlsfcDoTK~L|1m@r4&9S+Vj(% zu@33&wzumoy^bAsZS7$VOot9g$-ZQ6emKQFb1ko)9U0Uk?D4Im%QqA0z!G#Gh2*Uj za=7Ty?_`V}f{Uo4WZLr^7+>Man67d1HNzLAc97Waz@ZWbz=4)-P#!!4Qa%O0ZyVSbKOhWb^u`{KeGJkGm|EvJh~{07WW>N#QsU~-&f2B zi^?fAzt~-u@(Tp5!_5OUAbbqFmiHW`&fjCRj-=C@x0|*V_G!pATW})@&!i&8!HUdr zdY-HH;V(j6r4J1D575vtodkn#d>Pw`2kXe}071;%&nCpYPiWsc`AZU$rPS(Po#e5n zat7@PpA1Hle0>YsoQ23C-6g52LViDPUK0b+Q$5GgSsv%wv4GH9dxL=OZ=F{=dPro8 zN>Z|Pfh}~x0aNy`*A>zeOqixBcZ8=!I!b?tewD!TE9(^5Xq>gS2dO_r3Nm zay^HnU6%pkhtHlB7AT-D?vW>8Ma`}3ui-sWBwXL`1Ozax^;_Iif*ICWU~GEAZ>DCb zclR2CzKNCK!@tksb{ZMqGp|7Q76=DXFs<)bD=GMWjELDdf12PuJlRYK{QLXu2)2+bd=GNL&#AO2#z-ca{v*!F$IgBEfa$8GUTSzpKY(#-hT~ z_R-=HT*%o`3s(#jyx-NbLhV{X0%N#Y{W)A_l~5JQchd*S`8 zNM8iJ7H1@DKF%vWi1wh<^XC#)ZXTPzZaBY)nmR3d43QN*9LUFAt@fEL)xn8x(unnN zHhsS3Xp#SzZUZ0cv`NM0ZGfW+o88aE?y~{isrtJm*oy?@ z31p0bo_3KjmZVpmR-y0+qqC7pgM!WVguvRF2nXM~H;Y_m74jkwq-RJp;$mC)@tcYm z6?0X-+4~4Bctu}m99P3v`cRt|Bp~JU)xOIthp@6MJ!IU{@!hB#vjyOrLj;4|&bIVJyJecniWQtnJ@i{W`)dp@K-5KaLA4s2GT3 zImA%q!5YGF%_d}qFy7^^H{PP^hl;2iY7I;q zt8F8EK)uIn>v`#@$(`aTi0>%-f}?e*k-Owzo8HqpnFIePWp=z*{{0c#2MG+N^RmN z<$A8J3s=&34Rdq)hK(LaR+|wN~lj3m{|L{_UTaTbu&cdqL?pmx*T;lu|pT9O3a==$buisq1z$8u#^w6uzw>vJ+bhjBycSKf@c1fzQ7Uk?KWS zNb$MN@I3?iF?^HOZ|=sU(%_=J#k^HH_Fl1JJmIVF_LLYx|ILizz%t;d)on__LJwYA zoi&9MZ-XqsdMrjt&?B*)8bZtgvATC-w?fQwpwzfx#K0x|p&+j{I`wR8FSR{+G$$}V zq)}4B_hMK8kl44N0Z}oB{V2ZvQj-%G-(^9c>Ag!MVYYz8Sfu@c`4_R8)N&%P_vJ|X z&tg|gQ0WF)hpGhBoe>kw3JJOuJ^7Q-anez3)4si(P}jhTava%cAOb-@HcNzDf4}nL zZmIIrQ$+4bHSu)h{Iq>$Ih{Od|2ZFG;Qjn%_?2;puze|Zk!s1KdzAExAJrCz2wP?U zw<%P;cJrSYHz{<|n!3a(8ohkudXD_ZxW~$4StzIaS9&hjV~!p#2g zDuUYJ(dW*E%b%LmYXM_(U^Nd*;z53g&kSLE$gLywIhDuiA7jS#-cNAu@9RDe&4E4b zTre^}el+w`5*77S;$8G`d?C+G?A?@;fJ{&Cq4~&NcH3jELY?J_Cc#CI3-ErPc9v#? zF%Iu;{I-JGN!zWXMnu4XEpa@>cDM<&t#hKo*}Zsz#x_h>4$o(ccC^b~1wE4aS)77! zyS0IKDj?~|^P+?Y^cL3e+%*m^8?ZQIlm97Cq8708SN`U&nLEE(z&{@~?Qg}={W_I_pWK*T_{DEy4f-vx6HPDNcW;vG@{}zndRncbu|VX25Vq6k zh!QcInES63ZNEvhTw$r}VuQ^mChVd#Ezh@<-P>7OW?3%K%bX>6d5Ml`P$lC(t#QyK zfOk38lN0t@Sm$!AVn|~*iwt4h+6^0Lx~lFm3eWR}{D^y6IXV!z6;a=CAxzmm6b@MG zF%D#&s&T%n%%QofEArvj_8gJYw7)a9hmFFUpMZ&XQ-m)sh%Q{U{eL$jsk;HWfos7U zgWQl-VS+x;(lC2Y>Vwac@V!=TzEAT&&E0_c@8}a_i9WCWaN^uzobJF%sHr^xPsv0C zb|(i_?OB{T-Q*3?tVd7S{XM9IKSKZHEN5l?`3FM0!%s7MKZIN$?topqtN9gjbPh@0 z1Z&z%GF3C|7axG+;4g2!X%Sy_*aL+{GzDkdLLo}ffWzV-Ka5M=cb5fT%#-ZecCown zbAYNpU+@UfEMhq7T>XElQ$B|~XBF`Xy|Djce$Sg8o&AsE7N5oUR&|2e^em^Gvl0ye z)2XjxzYQ3xp6Ukw)?L=yjM(g&iP3vr98dP%owDz&t68w4IRc;9Qa$wqfP6c{U>6n_ z-3kjoW>sEU#3c0a*+;)%iYXkmPd6WG?iN}Qc%Cc}mLV94mf@Fl=Bb^e*O_V3To|mx z>7L~wh|*C+A8SK;JnZ{;ER`kcXnK9D&8%6wpECA6WBZT34~sANnfzS+Py={RHuwAb zZHlH^@|7s3Q(Ca8yBlR|`98l+u9v)C?Z$ve>HV?eNh0DPzP;^3>efUXSPa4+E#~1dA6({VmV-uC7ufDjYxM+C7eRr^?4%eCdkEgX<#uJVWq~4>%MI zf1>jjEO#;lZ-}1rCUAXn#NN(yp)W|?U;1&nx7aBVx4(LB__()Z3?rgCqfi;QMg@$D zZWA#+v3a%TlD|SnyR5ap*m|f#?jT_nk3!c)naI+Lv1p8Ln^Wo4g*|#j(4%pmE6e|x zN+~zwD)yJ${6pSN8srDA=-s`p=TR6vQt+7skw?hK-TO4{Z0b4a&fZS%C6V{q1#8vD zLUiP7&1iq`KW^QBG*gk{RviJ%yJU+o{*-Pom7hNBBA?S`F^M0+cyz+2oXr-feeIgF3MSX%zV@b@WNmvA9l zJ)((_c!uo8*>?`-z&3f;%5IZQjrMtn>BY?120xJWLQ-6+gS2#T=OOjYkUeKUS3?&h(`SsiD#@<+L)wWK|VDp7z!#Ti5=4MQ{H}pis znjJHdGG8?fjq-cVHVuiTO3MkFms3WPWaUryrSlIy(@~KgRM5KM54!fodftm@_Df47 zeH{?6)NAUrkfF?m{wV~c(Vf!=NA+z+*sdb2Mg?>j=qF+EQwZt2m`*CIQhe8Ym>bA# zhs{_Cr^I*J)zP}64!whGxwxQw80#RU-%Gr{wPh){jV(-%#*RaFcwQZLx7P&<)f`qH zu1Z%%7z3Me#k_x`HYz+$KQ5mY|F^s%r+|yFgWcj8SBLXG8uOj!8NOokxHCm#p?t_t z_RQcS-yhc2@6DIJ-LD1v@rk}%6#lA)Wz$WL&4LyruQ5Cks|xCRQh1;~{(;ARzICEa zgA0<4Ks9)T_E;i0-tUM49sO&B#C&W}gu2zjGdbNoJew}^1E2w$t9^ZZ!7EiBXB8!t z!(CSX)K*!75tqNB8=ZD}o>+VH6)*yP9|)UT9}3bdQHo)cX2z%%#Zvv=K^Hn{)i3Reo#E!BYr) zT-heaysaB>o#Y=De1qKG00+Iy6-d|D7Y{h=m3c3*-WbbV(JI!0*Yj*n;qE^CSE5g~ z1MbVSxyBji2N43yZEh;tg&f6gU%s`C4W6w}y@j9Vz9wB$flbjp3as6}18;0es&md0 z6Dm1Lzj)I)0dMB*^*GPOr&N5uJ-``GCVw+rT*2*AH1@*Ui3U(;BsK z!70l6S)M;-RgYr$0us?}6?!sDgxkfBqtDD9UsNXGaw?1N zLhyo<7QWd;36*sYeFMrsUqvRnE)``idK)VXkaPS{Lv>pLrDdON)HGTm>oK1{s1lX4 z$t*<+ws-&OGg?wh`kkP^{^ew=M`mcOh>dSMT;8@WP~pY}UUq-{lD2P1)Wje0CJ7ay zj^6rBZ$^-{{*CXiko+!M$%#klF zvvSMyY ztRL@xtZbbdY_u_^cuSqs8>Yf-cC;d|(Y4uzQ&YhpJ*&T$9BjBOv30&|%Zf6X$=hy& zVWU;Y(}q9~@0EP-E<`6xe+2pSsPa*LE$pYtYA2cWr1#Uc&ZrArLs)FZ+VW|w9;#O6 zo&j-e(Ub0$k2Sod-AoXaeBoYIH^iyV(U?RDdTW0jJj`ADzEmlcd8moCs%^Nd659}) z%zL7>J_Fxx=V|G$Hq&XQ&pQBIdxSc6tPYqS1$ds)g#@g!i<6Y>|P zRL*knUl~+Jf1F1a@r&EC>&2HWR`6DAxTAHVqSaF~k?I{$84YmAgOC}2UYscANBJM$ zlR6AWO3qDqN-T9pOOjQO~YC(l!au%*%y>u3GkSY`Jiq(TUb$p?tDdE zRt}$T7iz1EU&wWv>Os{SdsS~8x$nc=p9XDhH>r6w#tP~a-D8$NOKD*1PUNMJ3m*6P zg>yGO>>_5KDDHHM%O&0x3pb$5JU9yFfpK)%D)z7>V%k)Cx8QTQPeJ)mh?Z!)U6t*- z9&C0oQ|GD7$f&4E)2@C4Cm{zV0ZE*iw8ofX#n=;C~eDi(CAn>Us2}W;MHVYB zTTNV<^jg0FYSiM!zRjxLv}k2ny>w_|9)Hj~PBAHVqUEVDLREV`{8WXMoktMnmYZOr znBn^6V-lytb?%;Y%3Sy5Sgujoi8dLxQgN%HdH4kbMVl?&X+mAOOM71E`se!FS)2Od zcMEjXYN8ibxPVO@q(5$(`h zNf6}6*V%deHNNP%(DJwY@rF&j@117686tqUzVQTP^`}yPlS~BN4>XvRg+iOhaw@!h z$i3Qi_CL-eIU1}w47n3xAY}-W5N2_F^~p#__evzY-%Dfp)#B3?ZCu(^C+jdvT8ks% z)`l|v_U}2D#H6MxjfB(@+vyuJB**hsp&31@k^T=+`FA*tbOfElW`m0U%gedb60ijx4P5X`Z;$14(c}?RdG;dkheTC%n;$bz-t4?;F{XfD0>+RdC zl=Q5V4`{lJOk`q2HlU4o*nMCbH+qQ&T9SRxJ~MHs;ptt67xbc6S-tgSk6) zMpwK$)q6+N9n#TOVsiS7FqLn&--iM{iEnz0h1Y#tI(5FPk-s5tBB;!|YSwQx(PIT0 zt^6CXObPUN!MoPvBmxY7r})*cbM z5Mte^eQss^>y1s@GyiH12X&Qa^Me57YBV2`eT%v+ z=zEHNr5}w&MSj9Pht;f74lD&M#WEqC3wbEvXaaZGvbKHqYd@-sU@kkQlH@B}bG4%Q z+KYfukE1S$(hhgz^l*~rc*ON#TN-dBp06onBDb0+rCtw>!l?N9V&Xf0!IoQL)#bhr z1-!(?5=Y&dCqU9NKmKpW%m0T#=h*p<-v$lFO-Bx6=w{85reRFTgZTLZmn1pe8|(V=XH#KT1XYte{!jlG7iSn1!MjYsmsiBwRpJU~qO z(4J|jWXQ^TR=v9|5ffSnYeM4E61nS6ek~XBxXuY^n7s{-Rm;8tKFm}g8XD=h(}NFQCkOIy218m+-lfY&S`UsU#a{p z-0Y6{cDMLJdawyZ2wr}0+K(g^9}Rdz)A&Z}oxw1K?Ce{Z+?xTWE*KA0k*2&X?}$4+ z=V=R!B*51#>sqI^-kvHgY@!RKcvDC@c|VeO2uOVS0hv})b1T+kVD z1=Ic!@bLR?m6It?|3*btrMHMJ!XBwgUlfA2`qgV)7rknY@++S5RMxva(XO^8EE5EC zCLH`wtNFnOAL3h(5QwE$s)(9XvbSOag=RAIxNz|sxz3=}Q_s2o+sDKZX z>+ve!@)@uTkEkQn_-gilczesRIFj~zcyMip zawY*zZ2-uqB#W>bKioSzpRuGLgANFUwAJFjXbx@d>xLO1&r8l=KAy+4?v=beF?}?> z#nDG7c5r<$GCgMW0-+}%5@+Dtj=~68ndk-dYe{|M0JjYbRvzxlB8S=O68UU(kv#Si zU#$2|mDRg#5VyZJ5D127cZ@%Ke2Ti9x?cRpVLOusr!oL$Y>{5#)3(<@(;wg_-27e~ z?O`Lo!R{57wk5(EM5r>bnYz4q^Y%DG%Jl8%{dN1WREov1njdu5n41tDjd}ror?&tR z4F7%X=T_okl368kwvimHp4~O|uqi=uw|CN~E5CViEAj}w@cZe$Ir_btxN$xAkFVn> z3r=MO%y?VcDI>L|GTo84vXW;sO0KC_N~(4>0OD{Hycl6~Fa4a2&C9{?&}JD;#2IK{~(IQp=5cScyB8f=Y}4M~9QmMGZ0z9v0ePJ+i5FsymFw#{KVT3Y65;65fB?&o&xXN5j zekX7J&Kq=EsqS*z@AZlJc^r{a)V#ws=A^?`d8UB7zyB7x?i_MfTkzM;@;|FA zQyVtA5n3d$VOJP*{{yql)0A>>0oTz`~{=@TMsU8);sZ4+wARC$gs-dd|A<#=%*x-0f ztm+4#kdm*Dapa-y5^aNxZM-)sWt*~x1zOAQQ@^|Y+Sg8oEG$lIx@bq@W4HecW`BOe z>zUibS5DX?$Og&v-Bkns z`1M@STC*+n!N+?{V@sGf(tmPh4oF_lHYq~4}$i) z-C#G^H=6)ut9QR*sejTiI9EV!?PXBZCsOp~`!L~UB`|>e$qz@<=19bDAQ&V>|LiMWH8@a5TUf~7 z-5@oT5%(FvI{vimp$@#dOB_p}Flzf($IAa5n#=`Q19v!)w{1vYgj;sw1zR?uPiA?? z5;Z7fGE2HBO1TIvWi3oO$e9L)-iRsFL<^9WcUO{q7mvle^L#ccBYufu`6t5u*NKz| zH>d%=9isMO0JV1dGnSek^fZ%BA849lxMU4G#9*pmdFEUzqX^xF zHe0gH|BKt~KbZ77zV!=^d~4Lri+6u^S0M!>^mM4@#Y)X0#bCI<(oKXzV+ z=?^t*f_@K0!7vT;PZRPQ6RJVew?I=2eDF3*9#1>|3sxC^h3_ki;k68p>9`P;t!{tLL{mG0KTNGkcC zsbG1_k2|&B zJi4nh_fr?%IT$V@8ujxQkknE|gVus1Wgx_ttUUAe&f=Ym)fhJoB1pQ{vxqbs=zg+H zzQ5`=`a`=`Ny@HBPOHzpbdvh{Qk-tgjh~=r{I8?&0VaVZA(z$W7_EM*UA6I&WLe*w zboyUyFj@1ikmkKA8Md5f{#N__}qe)4#r)^m>~KWC;KZ*)0U9*A+PNguc?@{3UAl9l?QU8TuTp^Uemym)i@?%6 zK0H#I-95%~f;ANAL!te}UM7s7<4&Z62ZF<2N;Y^GUn^_>g^Yi$3Bn+M2|vSR^2ukV zU?1!+%C8}TY(C)B*nvGHTB!1z(#ws(RM4~eRi)=YSn{vMR6+bk> z*Mam1Hy}pwE!67oD&ha!B4Po}>Xg|CFbi>}%1XLx|9AfCe=yY)hmZg3djHAhvzGFA z1Is(Hqr4G5wIDz-XqCJxFKbZ4{=RW$yr30W+f43N8e|)q0=(K=5lX6gowB#>Q`(;K z{G9DxH}b9N`+5hikS7mFR%x5UZi`pH^N5Dia`3Qy@-E?wV(EUh#J#?~=~ zD0}RFXLK zcDm85LL8)MKOP`VexD`9w!bnh@YeF+VNyOCxMt<*adQ@3us!X$tt#hBH^?=pRf!Hs z^|JkOQ?N~b>{Hx?PG|3Rr(mu=zTf(4j7kQhkLd<6TG9u1BeXFiiwZYHWx%uw+C#!O zZ_E-}4yB7->E&4H!=Xhm#`_^>vQt?&+rLeZ|86e+8+tnsGi6}E)eo2eJi#-yWI$P( z9gXAZ@XOHz!$roZ0*$FE)Lb^pKL3+~Yb9MuPjTm41&lIIne5K^Iu4Dhb|Njeklx(5tgP}#BUqnE_>lsLAlk4ZIgV}kNc5mMI@87dm zGJtz-^71I@XCS_r9BoOGfR_u`i(?9t88nH|uDv|YT!HkMRSDK47)qKDpKg9dqMs=_ zt^eS?1SEuaI2Hk9B2KeSfteF)%gcdU27X9P*@gk589bt*C}QjE)z#IQ$d2!Fh5}k? zlc8R-;_{v!VQd zpz5`sW*v!y7a33vmj9+T_37o>_V-x{P&m*s#}|GwfY8a=Ij*~%vI)RYsRxyKjr?-5 z`HgL;#3|g^9PmvJ(E=@Bu$j0h!0mFHGuJg2w|vq>Vvmk}4;Siz30JB$K>z=GC4Y{m z0|}1D3LYRE%(f0Bi!mMEdF>&kjscg_XBUbAl=d)gx5smEAJuifkARKT9KpCyM723Gf~bc8ZL+AGB7nyM zBE!J;A&L9@OfWgRWkHJ*wC;NZ4op($8$d25WH%1$*&2@m=tr*j__R#LE|Dip2=?x2 zP#0OwO5p|${Cesv4Da~)0dQ!n!w6klBa+>YE;)&PbW$mzEZ9H$Zi>PCKhoy^1r}gf zs?#P00F8fG(yWN3 zeJ+m1Pw&SbYYZK~D%mU1>=$#=bopQA0H|04b4<_vP9Og!hxre>zP_-7 z38sfWE&x00<44`oPytAfulrh5{1j)!sdHI-;s+409KeuPP|!+>hnK|num@eVR9Jc_j_rn8vu6q<-Tii0^YOw;aRzGnqW zTt^l6-b)qtK-`!?%v^*G4=RZD)R42-|ANrrCPwvRobne@TR&2k`dG?u1OM zzv9_xZk_xCQZA=K{I8&Y_Eai)157IbR-bHoD*et-T7H_q$qmz~+{W<1pF>i>m0-Ut zQc~?|8zR=WOSQ~87o_v^bG>W{Dy8t{(EI4-s=DLu%ex$i&l9a#N+SCDS7!s!;HKb* zlQ!H&WB6-zz4pXHJa1(R3>8rd4xlh$U&XUtt>lGj+)AfD;63J8goE!IWCKPf^+uXV z%byi0zzF|)SCk-ESXM3k#515&)^ia}!dx*|`-=~Gt~Zn`GWCt(sQo_&u_R2;{Tfgc zi;LlF&)4{Z%Iob7-w>Z*o(A$uUnpp=R2YI~f_HBDjav>|A-$fvIWa@wNzvkg^S+n; zHxER67_AG-Zd~K@R9Hzw!b#8yac#`7L7v*Rg;3+d%?MBW>Vz;9*%ol%>LvnZA_}Zk zY4eT_BlNnP&`F|U@efK|a@F1p9b7yBQydp%JE`$4vaRDW>B($Pg$-97z)>Ns{}G^2 zBldK>IgdW$PFw_N`kD%*OnL1wDiAiKzy5&VAobT#uK#g|UoQeoUvqGb0Qd&;HPZUE zXiG95Ovx{vgnRoE`1KF+D#7S@DY=nD0oKzc>$Z>vsNrO`lAp@GfO4oUZ14t@O2gcN zm(Nd}$sSCTDm%FqQF@QaB%JOvUV&zEyzS$KCCzTUhpmW5ZD!h*vf7y8E9}YNo05CS zqkUVQZW;UsVrMJ2 z+`XX3kx`@x`7Rh#5p5zQDw%oce-51uFrfPtpiaS0H=FCtCldQp(;VE+l+`H69Ju?E zKAXBOZMQT#Iex_-?{c^-qc>pD;@mWagX0zN+ zqaCw5_;?!A3iZ?m5R`b1uum47G8-E1IckN0M}b|~C~BD41*|MptT6tH-!Tqmh4b~Z za~^OOE-55*cV_-q5|6~+-~RR{+0A53?Fg{=7s1uvK9J5I`fC$QOA&@oxBZ9;Kg3Rd zpsW`(zF_*kgc45JtN5Ku_U^Ie_^(!r-C))_vDUndgzw(jd+k3=V(Elu>4U_+c0MHf zS}_DTF!<+ZzExltl%n2*(TLJj-dSp`Q9|m(@JqHYl=p8prYo+46w5>DWB71XoU5O) z6N=lrK`o(tUPsxXo|u-l&Y_*oI1z4!A7c8uH;&|$)H)mk!7L>S_pwMjTJ4ZHYS{M( zai!<`f64uH$V&V{%1_p?YjCvKhyu53h`bhzjC#${kgf2*FQDE7GIRlu1|bPfEk%-~ z!;Y|SRSPAUZBOplQ-b*MwS0+$Uo0ml+mWjp$QPfXx6HNP4+p5!k@t3rYK^bA!7hvm z1ugqId?QhZxzg*jRCwtDP0fatC{P?RtiAL$t`KBv98fpu7JCA#-|6~ji8JlAUKZKA?Dp@aC=^eD%qt%Zq zToF44HyFrd6?)uN_{sJP{r+t1MLEj1QzAdU39d0g z(TpY3`_76j=Zl9XPjzVrp^-vhrUT;k zBwxBW^(iBIZWn>W$8Ol)y?lWKG1f_M`DMYKe;qzfq{v-6#njpldLC)t2?Qf42hC*4 zIVhiwGpb5c(gc*bQv@7T>-juESiAX46dmEUvsRvNdm&ojH9Ny_bG*jA7*Zn1Q-;x> z)BQ+Ly-P?3F>9~tj7V=cu7oz;z?j0DQ+8a))^{-zNNCTae^8lsXOs8>I)4~}FqJFj ze?2R3jRF`#Ljl{{YsJ@aL&y5MHtJV6#(lk&nd)9M2tlDoXgsz>$Fk_pI zc)mOk_AlFJak#iRAF&K~$Dc!Mq-;^~j!?7;!7Qw-hN6wSOdlR~C&pvez_RxQ2=zhc zJ82lPp&xZ^A$!svao#=9@@s2;3|vgQ+dGaiwfsmvXJ_r|2--;r!5l+R#Xc|sd^Gr1 zL6#0Sx&gZ5VqFW|u1L(o=lsI_sb^E5j-t+$TFjY%OWS}=%ZK~a3A}Su;jem*vfs`I z2WW-*ndjaC2g%SP+%d|i#U9{GA|C35JY#m`!|CW5BRjCiIHRYD*x3QrGnrl7(W#Qh z0~#B!7nj}Gn+wwFXA~~L@wK;5b(Np&XvIEAhB?W1+tjfiTsWHt*cNY4cINsorBMKR z!!qsOzUP}C*y*hFfNIGqhan+x9)49C>j+mAxt|lRn9@>_xnFB1Vcd`iVD)!Qk=(|-FgbQ)0pb4%Cl+mJzJ_WUM; zy3;{|{#4i5p0A&fuDj2Q`Wk$B2h-lk@G*y8y9=_g@1%{M+nh@x?#}z7I6bs0(wUp# zCk{y6y_?|W5&rV?-ut74#fXD^8%r#Q+|~WV6h)?FCHVVeq+ReK$d!^6=nc<;R(iSX zYZj0z*rY6o-#>hKaF&6fxn2@u-({jpGbQpjWD*8!hWw%AYSk0vZ2q{8K<dZhU4kfuc$iFynHC>+#sfjOOsJp@7qwQ>YBtgGS`{IUn zQpS6KwvYhTa@B;{)O=qGAQX#*xq|J(wXsH|(&a)?{Dq=AQ;X7DmMw0T8^a`jRClsj zheYzA!w>;7a3pk2(V!l|`!di02!a`E%CYdXG4|(xGQoZJ73WC2s&|_AXL#St&*&ih zGN`)N_gqEv`@H{NYjArl8nUUc)I7&0z9e&bg&wVt;>Y!v!92Ic?iVKk*XEXA+@3tCqmR7H& zvV1cP`^O<|EELNR>je-#9CzVrc*FZab%w&;GOkmr1KZO@b zs4s5r4SPID(;nCPq9zMuNXP1n1}fNUSdVNq*9 zSu?{_aElxK`>$^K)XAZ367NiEvHo&-_&y*t;MpK66&0c857D&Syf6&u#l$`Sdg9I~ zzKmoV%Zf5bq1$veY$tXXZbnOTK_fJL?^p{^)9zuo+}*a=Y#QDH*YYPUe>(589c{Q! z{>(A)J4YiqhB7lcW^gc0zNKrXqrH|X5aPQdwtQLV94qY}7bL5Ojq7N<{$wvqO2C{E z;r=oW;aHekH^DVOUu4TY-@kL!Z#X8l@5-pqmiycd18Scc!(<^Q7%lAs`ks>LU7US% zoLe?=nO6MIDwxmsg94gHYqsXJD}sQ%qx?Bu)IDB5G0no!6ONT{*G6F&DbGy};Hx*a zDC7Kc%v}}11TZ9FiuT$Iq117P`8wf&^f zcCvZW98pY{^C*S_)?%1-IW9RDjJ(Bpz1(Ju)qGgGILWtsjKg+()o_D-9Jf@FCh*5M zcYS}SI}!iI=*U-uI6x(`@nC_h!0Y#XBje&~5(@3n&lcS%yri|RPLO7jXmKEvUcWedmeOl znEp8C*wx-fe*S=2%F0T&eBDuYd#BG<@axxayhH}JuZ_z^yYV%a>o~mGk#FF_6=c>UuY4LqewfG_fsJ;0RRDRic14l6krT0S02nre~ynBKThr$HNbidd?UOLvYcjPi_ z&ARroYqtY~F#y;$Pz1UE1^*csRx z*$^@20eGXYu11D%E%{}UFQ<&0i*S~|9~kVA%Csjcd3Hm|fhh{yL_9jM1h?V_=m-7$ z9*@^Cw*z|uY9R1kS;T!tv4#`Dd4xvZZaLY&lu5(fp=h;(htKh##*Q%<6q_YUy`c(o z1hcUYbTqhkbGG{y~p&^~!*MpGLayIK^7ap6_ZeXy}YlY({D~)q!N| z$1c_@k~s#ybUpE}!#5tVmxn+Rl()8%ydoDjZpc^7#LcId7atwgrTt!u^VdWbKhQJe zE)X;~d*d4u9H4x^@8j-#;HoI_%b^8)Pdu1Z&AD>t8!YSo(CsySs1%K2ueUV)Hx~dx zTTrkvxOGO>o51C52u!f-iXJz&qX#_l$_=z_<+gnI?FLCy0TFD_>7%WQIH;3c^Z(9|85iN zI2190U_Xhj>cN!39`eyUWvyV%ysOP?s)jwBtJwbT8O%iZU1j>+j`7d-h#_QVou-+U zUZgFe6M9L1s+V~>u?6vZ{~dC$A*bmIo=5QBw!rw zR*a3(BwvryGsM-KzE6osJ?xc*Fi1P|G?LIQ)1Cdu9G4rCb{)y#qRIKU&VjjAo=Y=o zdakoR8VbzYu-sj;QkcGRgmt!dJt6PV_KcRH>)&?NNrwjR6}N*Ne|9S(l3-+$o9HjL z8Q3Y}ij%JZ_;~*g`59r&?#C8NYcn@6wtk{(etgb)SB?p~y8`C7aAVlFek#SO2r=i* z{8fm5BUH7DFe1Y={_G50I9ndfV}ZmqW% zxXsnOVk=3 zg*(#^&rtfr9b|nu)>{C)-N8?9f1nVNi!Mwh2=qH;+5Bcjv(k`C`MI`eE)c?3KL3F?N)4HTb2M&rqZB0 z70uWQ9P6Pit3Rt%SU})$Xnw&C^7`T(Vp7@IGZv!cbNBmZGZeHOT$JFHrDoj@L10p) z7+e|EzwNLDMcO}2U-5zNxaZ^~p)ztt-3%Pw15>!X*p`8&w`BfwUQuY*C9+zzwt8Eu!gXA~!16-aP*#(KQG7}NZ@bG*ND+gh{AZWq5H zI!d-t6WjPO;4>0GmsAfeMLrY zBA5^Zv+oLvnfzH8d}XnX6=^h+WA*cbeA4q8BTG$ZvbL1%q%K&< zT?*-Y!@Q5NBNR(d>0Z&#mATcZxn!kU_nYYtlp&VamnNDEq3n22`<>e~T=-K(ws#}Y zwX>I8{7;E>l8LU608-!nN1WFV}4_>|+OVH`7)T+y|ra%)GL! z@sWB}XvIPMm?YSUg>flcMYcSPEiI$+wB|KBYP^H-%!}OEGOuL&_z@gN?C_fg=7ZI= ziwCV=xeL-f*BT3$qWa=dc#J;oz8PJ!dwMoL5!%hZ$O0fUj6`n#)|TCA77TIJQ%yJP zI=NB}|5;Nv&9LU~f@b8WNoB_1)UyUfkw-^-;Blq<^<2WUL^M@TbZ}WPpz7U<~MRWCEC(B;2Xx<2~)UE3em$3q^03hwsT3 zJqs)h>z}ie9V_-qPM5wbNoXg2l0kH*6z0b$Cl$W;RukDNTWR%uOr{wOaSnQUcYiN3vt0jwpcflLQtE{gK6wQRy zBDl_C`yXhKWR1zG5pM&@&ap4gicr0VZP!}`0_5n`+ZV_#f6d-!6GDv zy34|&Jl?mxqRX^#8Ix_amO{J=@4H4Eq!-wITxq+T!q#(N6k}$~aM3>b9z^PKUvzwX zEN-74kgRXLABtsIx9e{6X#ygfLZ^zAPx$`OTz=sPA zZLndn@4z_mK(0Kp>*>L*S7i>%)m;^hCV7k8=J^4sqOAc{epm6$2Vq;t39s+(pGC;- zz&fnYpPSePdSy)my33)=5L%+-0>=|FPr1mo?fRCK6>mmgZYn)qn`3VccNIFlE40n> z-_gizg?yXodTwdSg9drsy8c)+hzX<--tFp)W_x?6s@$tv7{%(&G(?wgW5Jq4uIGbV ztSEpEJ|Va%_`#4ihe$p1$TJ*P;L~1xyYkKYu-|mtzQ6n{EXAY5xgDpqZ-bL3W!uG< z6mTOYtr+~kJ4t$u3+H8%Q3{BXnw=l|JFy2(y5!h`82M`WwITl^D8+x<;qS1H0i6fJ zHxa?t&fr0U`i(kZx#Vh>2e&iyaj}&DAsiP`-;E2{==Gpy!a0^(5%m#khrBoR!qp)t z*Gdf^xxtyU%puTtSkdB^nwJ1W=^iz#$e)2AKS3e48ju=?A0s<6)PDo5vusR&)6IQy z;PYfy*>MB9LB^hHKml_liMYMc4lXl5ZzQ&GU${@|NTz-~r}KLN6Mx&uq|!8t z?=cgc-P|Ba{hUZ@Ld7aDJXfuBKG0|*VyQAfu&-f3k!G@^Qe}{u@wK0aq^nRv*tED@ zLqSg~Jqja^P--_zhf`(P3`V$If7l$31HK(#!_`^-DrzcZX$8dUyn)ORh!8VJVn_+P&Kr z_<~@t-~m|7REAMSeduP1@}+Y{9ve7Q+Z*E{>NOI*r?R$}WO>WOYrNm}nti-^(T+bw zva#Rq4vE5(f}(h*bEF<`ebCO0CmQ_`8o|=6xysg%Ysrc~E=O@Jr_-&n$%EA(FZ^XX z{;J71ECGd59XcDYr z^UmKldtp+*vA|kpjuweFbw1_S|lE~;}oqdfldjVRmNJx z%Q~(DneB)S3R247h*z6}9DdEH8_|CT84`T|9dz4+kep}c#hUGVttfb@$Dd9#L?09g zf?q)~tHS+UXZ;@g3M-#BAjb#JDbcl)g4=>a^Z_;=F~rJ%NQYZeCGzc$l7B6~P-+Tb za^sdC(c^JF(VIqfw)R1e`eV}qlG6#@Ll`Z#=;Z`*GYkALV!#!6Js%4=lXYLLlhmZ$ z5%7r}=F5$A4Dmd)ae96G>{Rsa{_vThy)a5n)3zYBh`e989>qmMA=%m5u1}mof?tN& zb8LiNn+1o(ICDoy`x7s>>LA5cq!9~jm`OAn<9odd7BMmL^ZDR##vno1f#$65FM#@?n)>?^VXAId= zL@%yc?;7xZxSYYycwsqEA%xdZC&U?F>D@)MPbxQS9VG8)3#s7Qx;2S!z-} zWT!aXq<>PNSU)Y~u2;R44#hH~{0|f|hW@c7A0Y;>XR8C@Tux#yn5%KCm8s>w0qPgc zJ1GQc&Y}S%nc|z6g|5XYgW+T~gr7d`iz4XcX8q{zmQ6aX66N<7z)tri9L#T+x zZ}2J=bm&oMoRpsixdj`;&)YNi2aO-~-4Ef947*T9CbS+cgx-Gr?l(Oa2W$YKgy*$q zsQNVs(25{p0J4zv9sQo+uyi&^8}WU=|LJLXNQ+pYIo4w*9DX2BEHGdADZ;XF^uvat z^P`!iUPZqg7E~OtH4%TH{q zBL!t*J$ia>mAm63-9TTkjZZ={e6>6?-9syGv|(QOBNg_@)wI1ZORv0SCr!a^vLhVB z#7Wr>iIfr)QV;|37g$}imZl>7-xw}N@Vjq$-K%-sL(dj0*}8vNQ$4ElcQtBSR20{d zkrWF2=D}XjoOdr00)%YlsiRZ3TxJJlA=ZlqpZ0@rL(J#(xGx=LEtgBi(qt1wCfD=70N zASK}fy9rex7nm1R9EHvbwtJX;^LW3mc)RS4pBqb;#Io`(Y`3fUS1ZP7rM)D_2OLV) zE)p9c2S3)nj_kM3RvQwlQ7LPJGE-|b%p;0s+Hdd8ca#EvLMY)^vocn;?+==>nHhG} zi`L_d&||8(W8nfDSYW@x`O^}<|74yn`sd#4=vkVx4_)n9nGm60-BS5H zc-0WgvA%ut@v0LpdL;7*_D7S+dh97%S3?7(V7ndL^PT0m z(M`~=4ySANbQ?PUfbnqP(>e08#}zi`u=EdD33d=<+q?l%s<@!JXmg-kQ0>j~<<9%$ z3C7_YLCVT|nD&?T(0wv`IXmRjla=vJ_gZV%%iRgQ5mfg+o$8q)kN45(s{%bsC$DgGyxcXnDG_Dh zk&SNWiiZwk_MIpUU9l>M(I?^u@jmJ<5HZp-na_dZBP6GMyP@;||Kj;QnBc{eQP^>l zUk@e>MSn|wgf%M!C1oq`dvVfMXeO6Ve-+K0olF>6)zGj)4Eve%r$Q>qj_j!vVD|W9 zej_lN2BJO3ydp&NHkn&n@5g&JtHDXRC^2FCNXec+AB;Aie)&|j*q}x(r%?j6pZK(4 zry@Ql)C9(h8)@2C7W~gu6%i59x(b7?=Vel5{hLz?so8s>e;Khq)oC5I!!j~pQ9orR z2xTn&i-7ggO=$*s$FtC70Gkt1ubmlXA~;}ro5$k5*1yDvBt{tfXnX2~J!{=%YM>=! z)PWXX>i}FkJ zp$YPv(7S|${i#=3ZHO1qg$!n}8G_g0L#&8-fHq!F4GY2H9^VY*XT|q46ZLE2A%-XL zv{MlxbCf1zZydZQb-9U!787E7+q`r$8q<_*Lv#YZK9gw+%?s)cOu-qM@$g7oyzsph zHmh>-kx!WXJ=Of@?w*N+7zS7o1^E$tdBQBO4sL7>u{rs6V|x8)v+ViM$Y-gVNA!K< z9hD7I&2!xfLe!~w(nP3nC%NwD2HH7j!SFDtlHVpWXN&(Mqvf6^Sx_6B(tC< zyo5&Y&+0m_)KO@;QAa*=?LO_mub@Vww@5E?qtTTPGcxgfkQCo_d+m6Fm zB%pHrg*?SLBUlG}&7?Rn>tRZznJI$9lx;BMt=^rg#xE@T$&%}S~y+m?Ry}s;PzL)mI6p=OvX;eeeD=23*Dl zDfl%V`ttbn$po6LX z^ZDlDfohEl>%4c#fq6bk@B2WpR=UnG0XefM$cQ6pUlG# zqN1z!wXC8kmM-fI_sDt*Qhb*`Y)z-h`|e~zoFNj~m=vE1sMXSA znT)ik@S?q(6~+?+bOJ@)U{TGWED+V^^$(3rku!-a%J zWmWtM^bS^)9`|@93`*rVnSFiQ$ZOlC3e4x+yZ<+YTBhGU)pBn;H^3QskRA&C9nbX(q za10I+PpMlGH2eg4Ao6acVtNErOMhRw6S#6zb?=K0D6t7dRfIpsPe5KMpU}A}fI-N% zae}rR*1SQpKXQpz$jN_4GL0`r5m)jLkNgaDW?X?u9v|%Wje!JlsV@UU9!$!9_E#7H z{jPT3-LC4}8}%-u*2a7H7t@TLEvNTaoa^d2o!B6sY>>!IiNAgL;vehij9}^dabrNb z;K-OLJT_LO3@Pn`1uJJx4v9cOw5Z>su6|(CoX$oMM(jQBv9z5rICA{Uuz4O^i)D5#{LDM zi}8ESEB%#Tg7851mjhzahx29K967DiL7Pd#RW`;*O$`MX;1y7hLHq$tQzLG^2y?n) zT8BK{XqTtuDBoC>ly;o?Q05rl@avTJ@V8tJMk}^c*ZGje_~nWwr0y9~L7g71gxULBO!|etL#&!evyB;?? zNfzGu_IyiBpqpqNLS;g%U2pt;t%P&N_4)oAaNZYxi7bvg?Qt5;Wr8V?K6V*TX;U3m zyQc@QW+Gidd5Yj!&<(Zn-Qc+p)R=CkpUr|nP#J4s>64MMqp|#Y=Hd$T#qdYv4Pn*Z zy4|rfI5)gW1Teto{qO5v8%E*+Jue{ti_e_pq}7C_2rFGE+;TO2=G2?PrhuD$8ja+E6U$I>(9dZmO|pYKg?w?l~x z;@5H{ol6L{kQv$J09Ays*{nvFL5mu&TdGi(S8J8s67v8Ve#~;MpNa>n|Bk-stng}h%RN&KJB0Vo^ zbT{nuraCi&xH-yeAX&AN$<+%zd}x?#*vH$C<_y`{F(vgg>x)Ckb!#y{x_oHhiO4-i zHO;mP^Q`+t`34>jO_;ZnES1F(_~B1JwvzK(qvLY)sH_2Qj)KfiN@R^vg`XUpip;bC z#oMaFBPPKvVHPsy94&-#`6fi{K9-5+Uh;prkRkrDO=EdZJUnovBWS0g>ad`@&xZ&7 zedQ0QQ39I8>Yv%%U(7?FWn|q(y&Fv5)Wm zQH;<7iy)%rKs4*;ae;4wIl^Cxk9&A|a%O0a(Y9A)gP~=qH00xDU@s8_E6n7alBgnx z`BNO>8XGBU%C&LgRd4q$E*V(fY(piHZus$WN{-x{BG4VXCE!qnL!6NGAA~^SK9WEq&J!Uy^d^dI~1p~HeOZSXOLn}R{u0<;UOvn6@ zGOH&JsQ&?ojSj!oqZ3&CLU2xUcI7@%G9A$xjj8zH?J-V(b^nErL32}h2_RWzgwHOn z3rb&byeHTWKzykl*ee)pv+oFPemQh{i@fpE(i`SYJ$GJ7)Q>R&yy=Zx!nNn#1fyUB z?h@L())mX(m!^9P&ViF=8*7e=h6daiU^@!P`y2MOWkfg?9u(3jBE2g`MOsxhM~ee- zc}~|YTWj3HK%Ao_{`(eljVB*5(m*4#6zzh!d|tdi)6X}EJ+Nf!$=)mBt+Gg9|M!*;eV*yc4XQ*zt>v9sIebVSBV z3lQIBW1xtXubFJ>Lg(839y0v6m}WmoH6bb(yOTt z7;8M1Q!Z3+hf;3=K0(O-dCccxRPq6NAEgE2swOXkV?ZB!b*zBBZPMJ zWoD%bufr_1NHN$ixSQ|_ooz8?<9OMcUr2?X2Ix|PtOdRo)>0xTLRIjNy;UrE5MdL( zirQ7xP7VS!HNi3^CmHE1;;MIb-mnb;?vz?Bw|#tEl}S&0Y*46SX`&r=!@e6R|2dX_ z7=t@%0FD}9!C;7no-u9<6hfmCY=XUs=HX+-ST64R2|194%*i2i+iH;2;y}0Qr>i~b zP(uxynPk3ZY}QkBfab~EO)i3fRnuBP#fg~UWBp3QMc$iO4$Lxqg`N+Ww#=1~&XWwhtRmyIPLtAf${sgRn&B{nrLhB@InO;4#yaqpLW zT+G|C>x(5YysQFEZ-?(yj8{k_yCNCGI0r;QLUkq2g0#lkNv16O)&}_j-85g6lB) zr9{Aj%=ztWo{Am!Nk7Lpa`0g7X)Ni}9t|bY_Ct!)N#MfCZ=Y%@EMX+oU}pVT(cWN; zmtFeLRUXE0&vzkkw;flO({KETXsQg%RwbP9SDZ$v9>E|U6Z`^Im6$@=f5W~O7GKq@ zjKaLS`n1f+E~oMHMj$%(=weKkGj9jMTDa31Pht~+Qv`mM=Ovt+#4UXS$LJ}<>(tZd zD*Ng-rHo)xK1UFt0vDL>O^oT*AGhd1|0eypCrO3C?|BI$|OCre`FxhOVr^+@o66*&*9kIDyJky-ALk03C~unf@>M zx^*61Q&END<^KQb`pT#_v$gF64N@Ee#oe72C|WE~TuO1*;!@n*inX|VX({gR1b26b z;_mP=DZiY_LyLZ1Xj%ag5Psw(0WNQRg;xRh%ISt z)^Kn^W3beza?QuLih&|_M^+u1Xi+w0vF)zLG5XoHf+o43xfMnDO%{f!%r??gV zk@x$<6Ku2srK%u(5;=sU8jBj)S5SbWa~drJ-lKYw3%R*BQ2OH=#^QAeL)mu6r;BL= zWHr%XSQFMwqnaa$4+s?qXFgx*alSed0A18%Hm$=?H2`~i@7Ub^5bad>J$4@Y6*(F( zaE)9f-V?t%KZn2glv9`W!klYU3)<^Nrq+fLcoF3C9ZKAtaHJJH@BPRl%Qt_r6kgKF z+V>d7ntRV#EcL{TcG>-fEx8z0tE%2S2!F4c422DS-j)DfSnMZx#}^M+a_$H9v>uC- z>*^-6pK5>Fcx51PR_giI8(nwWh+=ujxraw?R{=h88?K#(J6eAx{|2Ku3{{cNHNowAbg<>g@CPt4s) z>uQ0Hig4#jS);gqh^fn~0vi+3(CKoD=!p1cBt<3A z!A4T-!usM96?D$%1YOT~ zYaKUVsKt9z*XMVwCmRpC=nu*T@fHcw4ltw^J=)X2bZreBen|R+_1i zX3YVB8g@UDz4KQ#rvJoq>Go$O$k+KL5Ho$e7n$_f;da%g`T7#&?hye0s7%eiMzq*} zJ7{f<<=I6obv@hbS||(woVZ?2KOU3xU*GcPHx@k?4M^hhl210!r42uPQd6zd7ju{^ z<*srfjCbXG!rRCr2&_2Xj4(E)m3^*blT)rxaoqYz`Ik2-{kn1!YSn|7aDjo`}TVoBG#qxfbh?whjlE2m5vc2w|QP{~b>X z7p&qWl8Iu1sAq@(W>;8axQaD?(Y#7v#kM?&ie6XJ(OZh2uOkC{D5`auRR5}ZDZt6S zhM^S)>hZe5PQWY*z6 zpU$p#N7sOP0qVYE%i{`=A54@n5JU%4q8@NZceso?^tRyWN6B4y_+dMtqfI>!F{%!9 z-GEs+y%Gc*OWh6Ey*Bu6F_#t4S$`}~Z1|*1bB0%xHkhN;Tiiv*ZWvvYbZd~T$N}K* zwz|<4ytY5?|M=J~%bgaUx&Y_WC?}Je8XT?~um4~X=VE=qGQrX9_dE+~@wZ|0r+2w6Dc*(Y$JNIn)p@?YdznSwXbF zbgWI=fcs&6doUL-CCqTui-6J9jJZ0m9{tH-l!=P{JVW+jUl2bOedtXe0DA^5S^{aV1W1NG1&K*3L%=(yRLd8Z1=rXs7LgKFOvB;ybY#oC} zp^$tP-Ej5uVZwfM&9w-foOI_T_-o=tNLNj9*$ZcZDinvXFJx1+v0|C>WP%30qr=@@ zCebGPM-f!L<%LqgBK|_DI{MnbC6^y(yDDUQq>P?;7*? z2)adBTbxtSHp88b#lKvAzAm=FuBZ9P;KP+_ENp>+NiUU_$AzmS(AEI*NkC^&BXn*K zuXB9E+NbR^G1f}0DFF99Gc;+XmAkl4nAs4McI3XLrUWeTD0t0VD4lBXfz5}Hbk>LT zaZS;3K@~;b0A@DYSL#cJ-QxF(lb<%)QBmH%L|n#|MizKm@qu2kG`)$5=C+gMYM>5V zT{hq97nXcZ)V6E37B7A;-3A+mqQRB!{1eB(V%Am&n^j=-LMp1qPT21K!x3i|tYHJ0 zpMh4$r1$hdtBdiU5`N>)6W%1Bl z_4`LRjTXhyN+~Uz;yPQjID}MJHB-yjI{E>HMyRy@PCdQk#!!9eN(XOwsG|Mlv_la= z&!IG_=F|Kq=7uf!S(Zj9TMJ?JG=7$rFiw}Exjvep>$ttdk(8KF+!Ki+UPO%8_0_0~ z_d9C_uiMGJprwqin)G77VIf81*TkKD@`rb!M=ZMdHWN3JmtbKE`0LTqI2!5}5BY!! zJstD6xnTd2tddbZdmr*Jw-y0{^c??T6tsigJ5Stwvxu}UF5soz^{wPnmt_P6^97KeX^(NMgXLxjPpstYN z4*FZw7JjuYE22Zr&#$vPs^Hsw{WhJD=11oB&P8~%5HF(04sClWsA()cfLg|6d8z1R zRdafe z)0!TsQ?&F5mu}t+zM5L_{m_shVxYR*PCpXKG6+!tjYykbC~$caCM@kEnrEH97Us&j$L z*<~hUJ6k}ww+3X}A@MX>YYIZMk)jI^;5`5R>=FDp<6Jca=MR_fYgVUQ-0-fJuU_64 z`EMYo;G8R$VF=rQN9<>1=s;|_S7d6rP=>Om4F(~w35)v`N!^N`XQ3hiGx2NxMwjtu zV?-}oo~+BS2ON*>-Qh=8`yLu}TgdQh{*rp!0 zOtieLLz5nhFs^@XeQa#4H_%2j8j{NMS)N*lXhNcVp~xX!;_zxN>Oh8H4d$QOeCnGq z+`1Mcj03_=7MCRWtEv~&&{6x^q1hN7%Lm;0XwKK%uWm->zd>PIN zF7duZ#+H+Zvj8umqP_aG{+xXPE>_m%yz)8URgpG`(M{cJw;`Di`mn3ZdL&weW~Ixj z^P0G&?x3mChpsEA8sJoQl@s$W&P^h2rtK^Uh$!eWD6;UhuE}Plv^8>Uv`Eo>CvSg$ zB~SxSq9@UKFUCZNhS87&zYFajY~8p=y+7{%V0cC<6h>IA<&)gZ_8MEauqE`s(t7=t zVy81LqXlmHexNVwcGG=>@^RQ+8QA6cl3%cg4f(?GVsI`7*1LAeWK!Y931&0%*-#AH1s5Upkae>)Nndq1+hC^B)VEY!?qy^L z9ysz$Z@Yca&EuM`_fv6vtTyaxNn5*o@7y&9A%^{UGLT`Bc;UuHDR%B0J`8OTVw0mX`$eXXmEP_!Vq9hFs+ z?RuNtW9}5^j_4?fR%aQ~JBEDxTR4KdG;{g*x0z3(H|bLiY&y zct$yTBJYg2)3B>i&GmQ17EV52tsv^|cL0MDi%e&PX{T{r)qCmEQ@a+O!P>V$SNypV zWXEf__6xVVKg!HBu(V-vv=~A@*J{E+8Ofxyn6?sdMye>$m#@#M%~tNPNP?{ENo0EE zMcHvtq?X_e?b-}P@sMpSf3|OX-(bbd$+7q0D<}O&F@geyRu)KR7@ZfhPsXHE3wKA@ zkC{G;G>j^j%4<-+lWoIqs`YUw?Sw0;z`PZ}Q^r9g&p)`ltU`W&o!n@GR!fDrk>BBUm zCHHYpvle?yw%ZHqYLG>?^}B1RS_3oMjd}Yon`FuxvJ8_ACEmAP!lo%m%v2~*3A)9? zi&=77-s|=Q+A3nY!Wr!2IJ({yS_Yu@qA^~{3?0AxU$CI2O7H<8A^XT4Ckm>Qz8O1) zxs=fF4A~MM+_k%VCC;lnv0Pz#&UbZdMu;S86<}kB8pFvvhtGP}xw0nmmu_?zaz;!y zAtg_xdIAe>LN&$S=kt>;TZ1px2?g(|>}mY6uh)(WciZEi6W8g|{ShM!$N;HvjZibK*IRu`X~Rxg*EpxWEgGCOaSLrB}n*^CX0w&&EyOD*@01I&&| zEu7aaoSP$J`N7PKAn{yv&Ck5u@n2GMj0hEJZr5B+B@)5~z>fhpMn_MJD3xw{dAbh+ z#&oHPg4wJFqhzWWr?dx=Q_h+tJ8#lmUBQCqi#-Zkp9@~C9A6tRWhC!+PJLI^Ac`f5 z=|k|RY~dLTy2p(nlzf!1=<#a#{xQX_!^*qI56QaTJA^Uo?;t>YWf7vMM(l-ktF)-; z%g5Lf9PDr?yy*U#vbOR?BvIH6*Ccj1Ir}X3nS>oWD0nkOX73BHeh50xPy%SRo=`hWka?2{n#Fst$kXdKRdrxm}(hgRlC4VgZZrN({xJP>3 zvrf2+&}zRR6dMp&C8~x<3ppZL-;Cj^IjR#Vl`BiW5Z*&zq1(@v>(2jE zpZIc;`s&9(;N+xEQ{H%7bz(-}TH2#l+jSx&YQt%#Ovfi^WZ!jVSPs#u$bD(NYJef(JPdi_E7p0n?Y^HwhRe5BxO+)3|Dwlbj<>NAsmvUbfP zs&&(}lW544;=G$CX*m~G@fpI$@mhDkYQo5_%9Fc^r!jOU8`6m9@StvvU^IJ;X@433p|!Q)50b9ugY?Qy+^ zHQR60n_>@6v;Wwx(ur!V!++Sa3$evs$X?QnDTTDapfY?_aVP07&$rb@WF>$ZAcC_& zjk=WF-Lmf9&>XS&uqo*vvyqMT?KuHOl?UKW=RZ`H6hyu^DDLqlFQy~1Y-$xC2Fs}h zN-a^ayz15=hUPwKSaEwbHe+m1i9 ziJl3ON(GQKxxauJyt5nn1a4nF8S`dql__@#Nkj>w(DO;8+Q>8Pet#CzR0NW})3i0) z19BbmNPY(d(TC~CzTnRKEAUHYe{KO2C1Q-|IWLa108!qhI!tzUywp=pK@TrfJ1985 zQ;i+KX`fgY&3_EaM}rG5j{r=+ZL2O0?bF3-jx-r$ISYwypRBpaZs_T;Ew#QjUt8>0 zb|Uu-SLKmzp=trOIyBkUJ}hxVMRdcXiZmj-@>~<6(*_`sA;b9ZJa$4Klo#{Nk>M2I<>6OQB#V zuB4GFic;yPg-R{P<>>$mL1%FDbsH{^jU72MZC*zglt(H4iD0uL_3j!?XVwGI;;tv4 zv!vu-&NZA^wwtHhYgrN5ZeKENGneoheX52s2LJTD)aXume9~sA!f59Tkq7OR$T4~& z+Rl}FIFxEPp;nBG+j%9vL?9#_EcXh|6P)(y1-4`(-9!0$yi>$l+Lf4MiW(fx4OAD{$NPG09D#nxwH~CU^CI4|T>pY%!k=O>vXU>-fPGIMxn6jc~wxkXHCg zi?#GCuk)U&Z`r59Q!hA{A&g)&8>yrJtEV%;*rir3ojO_uK3Nf$tXgO`2V5-fMMs(A zT#D0e9r71Eh#^l%kC~3u2qp2saHZwcHG^jDn<(zyG4<>8@-!F}n>H~*V91)jAl)9h z^PL24Ybc1X3dKCbE6<`aMtm)hV@u5pI2gFCyX#GLf*FSb6%=t(KPWNHQIQsV;9=qrJze2#5$=z47xKv z-vLm*kvto-l?VwRp~amXvPoglqC#_>TVeFf@C63f4Yk$bT_jq}qI$E2L)mv+EShOl zYYwq9uR>wgVggt&r+RUN&yAvH3yX~+F0%vP>U%}#^zu_})=U0U?SFmtgwWFkN3-qS~%29Kch*3nlo*PjURM1ho@ovF#mFbF% zHN!}Jgvv;XxxMqlgr;2UY}kBY=7#$g5zXd_MZW5COMVb?@sZFlfU@v-81^IQdQ9;@r zmym9}!AqVjFg}i?4wxan`#`AE&FK3n5$6Mx_)#BQ>Q}QALnm?aBMlBUHRTR|X14$d zF`@_5Lfxn9sA=N4zS^Ka$eshNY4NN-Cc@J|5@HWK%!wOY|HBQN8A;u!e zfvT+YBtLZM8Q%pbZIBr`omYM`Aa?HUYFs@3Y&eu{`_jH%mY5?whq^ab!ef2+9e8UY zzV8amFG3ph%Mg*{vq<3PH?Bkx3Y}lRGP)8&MWWP8W1$i1OU4X$wXKYa7n!l6UVVu3 zSZ&&+U-)nC(Spq0lNb9#?z}pkB<3&=1GP?3q|y!|-b^ShzcCUZSEWXB99E0oWq(Iu zH_U_QVL1OcP32kq(u7w6Z~)c*&B8)+wTA5KaN8YN9s9O4s0}-CBZR?+#KK46^lJ0X z>ESV5QpUf{=j=-Bmt;2GD^5gEqv8Z(n6UO*icjR8QED#6)pKX^ z%t^R8*yg0cY<}c7#QGVXDo19kbeV;n$`Uh_WK>4M$wmu#bnt7y<-ZL4!9KDge6)_V zHPpnGsi(s+qOIAFS|eGU$Y5Z!$975c%?3 z&zOh%K>gS7^d4Q<=}6PRo+Q@akT*=`4AMd@I^)4WL8YG2cd3uV#shwF5z`TORxca6 zrkd|+PQB#3D?h>g4*UxkVQ6y!Y*g|@H?wuy>l`-p)j&|k!wEEwWjnYZ*F*aTSW_g6EWMMEyH|xGQA@p<&DS} z>^mJGNfWz{D!6DhN`BaOnTtR&7GZV`<*{Yon4{3Y0sO=C_|3umn~KR7*os6C2zby90c;m!d@jLx!k9K;Za3K` zu|!TV{80fjZKM_AopM6!QNRBKDl_4qPVwKGSP%DFWUlOGlGZ+FDP1$};dICSMiSymQQ-UPaX_*qXE%742VRWE$ zFvCx@DG4h1X??{Pq47F6K~X;6j5ZFyl6=pHy|J^UCSb-O6p}B1NLlp_VFko0P5LLm z^H28ae{4XiC7fI$tngRB+j2VXROc7v*bcUado-2jPI`Xa*k=xSv095jo=SGCj&1Sarke}L_G15AFN*&1HtD3c*FP@1=RBEPqCH8+neCuq&{~9k6Zp7T<#uUxHDdW^f=~e)=#QXBc;_ z--Kthaiik%0UcLtGNd)fo|Oo6bb4YwH-eUhGWruRh#U*riC@*C98GB#aROG%)vgmv zQY)!;j^ssT_u$S)7u$A`3B<(}WbSrjS1gXYyWOWKKd)xRIy4@CI?t*qPf`VRhRF=A z#b*A4@c7NH`h`D$)P}&#kl6 z@5IG~n92ryxZ!=js_?kiufz*=lX;yf@ZYtDz-8%NPIooOP?GI*#|B!tSf#-(zIdRM zu@2yFCWU=l=&GgxZWBmvxO&V)nGCfv6L4qc|49#eFNfQ^WQ3dH9ef_D2w%UaF**c- zKSA~1%x@Rz>v#B{g8liAOt@rE;EX&LZ#ex|^zcoJg>Wok$;aXbuQ<&6443^QNjcdr zVIRB18<|HKet9|Bw)%u=gR7ym+KsWe#1>m1a(I~39Jp{;Ufiei0{6^|eUDqIN((}} zL~83kqRtOKzz&br`4C#EowAx`Cj@h{qsImCj$Q>An`XQ}=iq4lN{^P>G7_b2;T{dW z-60U(_Se_fPR1JZe)2(lwPb69c@~3h?fwR0T@)_U`1MKQuk}-u+b49EQ7{792aKB*T~*)+zR87d@XX4!Cy1 z>Q}!52$}@6*AFwk+t*JBhJfR+F@gN^n_`<@+*_>36!hd`%8wyyBJE%n4UyQ^12o4^ z0l82Gthz<yR{rE%b0hT#&g6Kj1^gzMX)IE@?7J_8hBM%3Fuhm#8UvVKB_*VFqVM>EDzn-Y zMgw7NCEJ?3(U=6`rM=m9hF`4-N!kWsCf`40?f*KHXAe$AY=!te00dA)BJ1={&~=5k zx3@oTZMxFe?b69rUI9x3kTB^Qw%16=vS2vN%SYzM{CY^-@L2_)VDc3R*nXB`xZb!X zZdi$WhwR_!liz-^rw9&zL)N(iAeOXPM&x!r!)_#Z(SE2zJ*J#p2723&BE$w%w3@3R zN_Yyxw?*9O@6QiG;U4tkDfLPB%zq6(BW2LsM0K{d(wm_-P4umDSh%qO43LdQ|G8C)#DP)F=zPDh>21i=6x1Ke8gMn)PZ zkQ@u)keRjTl3CMr*tfk>CTxf5<%VuZY~A(TIMBxm#7-Wy&=iG&KJuCjU`ph?TZp=2 zz7pwWfw8Op5WzMgj}jmVHxrZ-g$bbPp|r6FqQ$wd7{d8%HET^=D6?bQSMcMaUJ7(8 z@5tk|WpF!gFK1^%{=dEdi|eiY3|ABflBtO?0%_!v{4@nm^#_<4J1D)~Ltq|BB#(|!N5i6PBu|yoX^6q+~egV zl-QjT?1N^&?Y$raCI!Lbp^J>hMn`1R_NoGeroKZ*c^I^+i$EsQqEhrf)GyBq43}vf zfZu02AXTVOhOqZzUVnmq-$da|qaAj-`xXJwjBen@SDc_D2T>7tjcGu~<1n$ivZ^3O z0Y7G;kdmp`uY_P3dv^s5a6BLxKC|M5+0h}wrZ)oul%$oPV*KiEJz9MN;V6Qp(kc-q z3P~_i#S13opTz5bsg7~5uk(ALo_=^W0!GWDG^=i?xG8h@>*Sjf^#^_iv(qCg=9c+& zc2!_D2p<_p*L>yA(el$~2mjNu<L>LFK<@)VpJ%Gk2qT2v8;e=;yQCw&)#-@xKf)&jTjUCJq2^%uL)TwL!r8EFmVww{Sdv zH8w7R!$=RK|HA{{g3+yWw{$K55eew8f&f=Hd_-X*%#T2~@P#Hi29C(+zJO=AevJst zaRQwAd@&n`!%KpXY=gF___qKga%g?u6;4(OYnvL{jNtA+IRF2%9e-F79&Jn>V_X29 z!VggCwEfp;pVMsv$rhc%{j2dHAr>*tCk2=cG)*9ChWO>lAgwk$k-^%LOsBFuQzqkE zT9d(I$bzt+9VLj-IE(H9_wsClEWoAj-%dQN=2FLILs+*Z7%^^`GW1B zTmJv}107K66tYi;_@g0sCXiDh1n9X~sMfFr(|9`uzcmOiMNEbakNYTJ!diZ*`X8qB zAH%u=1*L91&k+4kEj<>kl?q$T$21pH?~RkVAAQk3U0nX#n{1_zY_0tOn7J|p0S*HH zNTU6xsQn)Ka-#aSJ;PfpRo)Q&+w(uZhVSdc0FY?S0{{2R`uC_cDfIdI(7@IAoZqPC z|2|KAY~R&HJ3|v*SkhE-B7n#oEvv%g{tdx(wWDN@ua6gcBy5pg>iZVj_3O>Ok>_dZ zEl^~(Jgi?%?zQ6jl9xNj5E49E5#@7=0olGaAtCmxGER^){>?4=dlrAJ{kb>$YANW+ zpJSs8?~Ukb8aXn+l~6xG^uZKrF{=OHw*B|0(Gyg=-27dBHCf&rUf3-g8x69+Gr64F zzRYxx{8s?`U%OgB2h)pmA{>blS$iTL?wrgBXm?pJd*hYYU2xM)fBO{c^e6MIV5gt|B`90ahOV90uDZ&(vO| zm-Sw$tCjZU+*Z|%L58&8oy-u#o#o1^{9<-*C&v@d^Xqobr1|_;)6wnN<@f}L6ibr2 z>I?DZiW^JMQP+Ke6x#a89rv<>xmzpkQP+byX2Y|&yG#7}%a~uW9MyuFOH=NZ_SHqq zv=GhiDf6h;C7#y(Guvg5JN`?$8!9P*>If}J21FOKopATMYbmO!`X)Q7`h`2uLDE9S z@WJTT7YnJJi^Zjc9A?uf`y)yE`lT6<(c$c2YF)<%!?d0$u)EdX*SpKbx%z$f>WHRl zV=LY|Qf-=B*K^Ml`N&bVXZnok>)AVdtFw92vguLR?2KMl$MR2e{G&ZP9%b7(ap8lM z)2}l;P4*Hj=E1$#?j+hn@u30|)8yNu7h<~e^_GOEGGk^pn_iZD&(MksNdl?S;hbSg zdB{`55ZIk$5nZ$8K-$tuX-cr-`4_YImq|_WhUZOXLxyKv@io)c!|e(F}pWYz3(}nF|%F0wBr%mvz2gH9WhAgSvhRwmGa>k zL~n0BZgwT%j+Zj5GjHffz$>KD@VbR4N)>W`w&S4rx}JqM%6fi_cglVAQ&)Vb*Xy~u zgA{=|{<7&yuXDxI8L9&b-JYeIVXLR?vpM%_ne)-h4wB7TO?t-7?vJ$f*1e|6`=0K^ zo?jcCEH4-0YaqQg%9f=2obE!GbMfKUAeqsdtr;Pt2#p}4h z_kf6L?vnL?aI1fFg#J`oA3)z=^t76+iHrV4jKf-8#D#GI>lcH2wf`!4-MBE{0r($E zG!cLN>+Eze72sQ4JkQ=(|C`qIwF`V!iQSWXQ*8|Yrl=x5z^MS)be0<uHf^ lBKz1~)PE}dA4~UrLO;JI>=1CT+5|j*q{QXKibeGN{vSPEB?f(Do11b252?k>UI-Q6L$h2ZWEK^q!};O_430UDP~=iYC=o4j{^ z!LSZ%b)R##ls{FqJ5otO@&f`M0t5ua2WcrW6$prTt>FJ1xcA^YzzaMO1O&p6m8hta zw5TYFlCy)km8}^Bgj8g5D(n|kE$qNcAEu5es6>S$d2d*nd|0If!XlBMK9wyg z;S%)J<&g%PLBP@=#K9!gkzm_~7(-TJm?|j`_5_!eoxMw8Zg@Vw037-qw*BVgxzBRB z^l<3BfyhH&B2}iWf)-9;mL$O48;wwuGTjP*MSUuRf`Mq@K}TaFB}K|(6?oGV1m$&> ztu<#v++KG5)>J;YCMST%gZr-9g06r)GN|k~juz;04W!7;?2AWEsm&Hp6;d3^ilm85T^!hdgdKbMIrJ*d(|N61 zFb3Bu#Kb0LpSmY8e0Y!t>uhcx>WebF{0VIq>E$y7oG9`82uS2^v?WNczzaEKhvlER zF#fV)qy53`{>UMb8>~bj6nkGL&6ieJR-u@kEK1{kwsj7-!A--naiZaEeh|2kx{YBF z#|Xp*5m=#G*h;`cD#gI&@#KopFJZGrb#|Xp|F0X|Ku}-bsY?q$4reb6ZkEkT?$S*KY7Z#>?3W^NWM%N z@)IsEe0E5U@cNWM88Ke)hDfdvbV+x`4`f@Y)$ST*4CJuF?J!5YtPh7hFu%-OkZOWa zdd7e8JmC4_r1UUtqd}9HhQ=L{X++TNgolzvO3{)^Xpo6Z(Wr#6liEp9IpZgOs!dS* zNbvQmkzo}xQJSF~($|pTfvN%9-tQ*XEaPd2X{%}eW6THmDN*wS+Q#d3^tSw*AKEZ= zA{hD?3>6KTj4zF0>xdn>2?#BsTzX)3(H)Oluv+9>I$9`o`D*aF0`Yrxukbu&+o=Qz zCI=3;5U<*4Rs4u5fRu%+Q#0-HHs+{W2XdS^hN6K zIPYNZKpNv;y?09BmQbNg|HdypUF15Wt%6&g=$Z&h0L95s;wP*R-3&uH3%17ihWe(j zDZYs*=YLUpp_ay^F=N{&Db99|zmAhB&QS6zi<~1kF}EhX<-cXQErgQq(GDu^R{v6{ zls{GFD7)Q6syzKAvAji!MX^rpDsAUOzov{B1qOu>Me~exF+y>YOot5F2)h~IzT-aq zzWm7Ti01d)$}M#{H7Kx}3$w^mj5F`mohnKy=;vMMjpzF+ z^eXzSX|3a|>#RrTXy+6vhmYXaLnjI>W&l(1Gd@ST7RO`86FcK8+?7rX)mnuo+9!f1 z{I{gHl(%gsxf~zyAn|bVR@t@LiL8v-8Q2eP80XhYy_9c~Qz}xzu_Y^|PRkbj?7pmu z@TvHOxi{Upoud)zWs?vlPS|JP@YcE>0|kM{Kt9*WBjn?0P&)|Pn-4T`(qUM}k`^N; zfx8Q3^2I<$=!-#xLHTB}kh!5Xs>zRuyy30HPs3C5%=3=nM&a8(5_6_?3zH>2NZiLp z4%7_z?&=L>4-`_CP&!fK%W2EyWL9L>%iYM~%MoWNkGGH4k5`Ocr0tIBjkAs2XKXeG zGGx&|U}Ir((HqHH$Oi4}k6tVL^FnsP-=x6+CpRJdbN4hYdr*BjephqtzhiRLcUyktHNb9B z!iK_P@VxRA<)`=%_tg4aeQk3u`4aLH{n7@d24xI2@{R}=54r?~6B-$o2c{a%8fD;p z_->1r^uBWJsu#I+pG`Id*OK4p^6wI>VSLCjxAP8;f z1%wMlF~<(YJ(vmF`~Q52dQ>DkC)Jd2mzXZVmYkRLi@1y3Kz}6}pqId#MXUUniK&Cb zhj&P4#Hj;}0?l$>>5j{{``Dvg zi~%V)Y4@`TV+a#bami0~i#2Bk{krO{c-q+7aTCywuC)3nj+#Y`y1L1BHZso!g~v%00aw_0Ge9Wb9low}EdWSiU8;RS0VIURS;hjZDka`FWj zfMb>Fnp#C)RpkblzNl{N`hGKdsqvt}em=d?;52!pf3czS?0d&?vAAr|{`)3AnE07C zgf_EMu0p2LX})z{5#=Y*(aZ2{DG+ZwV<)2)HVoFRDX|IXMEB(6r0EpE-u+?bYrd#- zxINLG(AtXS{Fh}h2UIH~yd2cE~noWgubzPMH*8-9CV-%0qD$O7{+FRvR%#4hoL zjHwkr);&|nOv%+qgQ@@?Pnq9p{Z>u0Iui*Km|3_&nI7&%dUJ0lx+|?gas7lS6N9;3 zE=F%*HPQJvOa=(;uANECUU&6}`>L92wOQ>a-c9=%H%$kp3X6&_C!o_v#>1Ked`2#9 z2jIHxY0j+QLCSr#3*gnk0N4j~IlpLcTNhvv@avH7s28-~yzxoD-&mXM5V|Az{prqV znygr|IKGKk^VR%KCuvN}9k|)``zfi63gtcbJEnltmp8K?TQs*;$7~%IZjDgTFzKH&2c)zqatNGOqxc8&>Un4;xp0gHk_-c2Ts5 z2PC2et$nLr_nyjcT-FXPOk}&Zy1x5y{9d_Z0Il|2Rb4ru>5S#r!l0^cId6!<}L zKtim@Lr5W(c%MiIm2|$NgnyyRIccNn#|=DjhbXv#gcBWHKe7z2C_sTgE0cJJSnBy) z^BYsTBIH$#-WhQv<9l3umuMS#I}e0`&*0#o_P}7*LSFv{Y~E|18k5i`nQ(}*#)c0r z$fvT@qp-h8e?z?Xp;k%YlkP)6KxSL1eR2IFFUM=*V8>`=>R@cf=xOH&#=H;^{GPnv zk9KCRMkJngw)QT(o&u!*^#(8a^Pk&Hq$L0KimQzP=@)q=5>W?dGZGF)c1C7WK?D*K z5`Je>b6yoOiT^Vk{7rz=($&?Gmx;;4!-LU-jnTo`f{BHPhlh!om5G&=0sIDoi*?2RBy%Qqn&Q{olX;-lv(T)&Hzy@A7}h z0u#ve=Lr)FBQw+gof|xq|Ib}sB`Z%e+b?2Pc4qc2;57t!IN13A>;3=r#)ce9l#~R(*bU^f$SHx?9R+)|0wh?$hG3u8})5 zEEEaEe_k-c-Fgs*fvOOYsQ>E{hakn_f`SW#`1ca-K@A*YNRy4kfc#&B0*Cqq{?{5L zO3ctC&WHypJ7U5R(Eo9fI6I;I=L!&Tm`IQjYr(DGxzYajwjy-b-u-_NA__qYFl3}q zfd0=Fgu!Io{|61=umArc;}`Z=`j!|%u&|~k4k5p1g15K#Tqyv+W!_a=8!sUtF=yfF znfBr@6ef}npBo$)l=PRRVc}ZV?OFY0WMs;!s$yhhW#>zQzzk~}oAQzp3A@7kQpH?_ z+uK{@??{xNyNRG`nE8Cq7!DEsCCzRYD5CgqZEbDKx0lC8!yc&HbS?)XX+&lMIMWaaF?&vGoXT2qc%R#8#Vhs+m~!l)-Rn!->>A)BJ) z<>f^yjRp%nLkf|YiOnds0N)4z%%0YE2~t`YH)#y?_Xho~Ny4+skJtNi zOG{}oDnB8ELc!{evGX}kfdmzf`g5E6xwiLJKaMnzsPCWAf!WYS(KmI2M6!bfE-}{U zx85v@HQBz={n%pmb-Kq$6RHDqQF&NKZT9QDcmxDv-3Z_Qu@vDaXj)oY%l;@VnO{-A z`qMT*xY#xb5o^XB*G>~Uq30Fql}E>=xf;9HyJ8_+{}{1pa$wA%!0nvs@pn~)psjJ* z$CptgQm)@M>E{$FS53el$-{*|D!!jb7@__x07@vvR9SiLVnqFz-6nWj$n>BghP>$X ziSi-uMn!>J%-3^=096yaPqwr9;Vpl2yH!{ix^`^trSrZcUV-nN{oAe2HrOr!Ll;5v znVi!m@d6Txf{)|_OW4azgU7-Dm&d}NFcMhW=`?GKP<*%EHCj#=hzP1@>7YZQwn{@_ ziTvvB4n%JvwdZo!(1j}vb@@xNQ6Yj_ps^Ws%YN2GY>bSIv|OPorTuY3H^7R9l{OEi z*KL#lCB1LOKCA@)um%$Y^0<>;FJ0)aE?(Ki#f2r?TRE3b%pOwzjcda*gvj^TXYB^_ z4`5@0;upGNq=Dw@+1S)@tmy_kI0v zfVPGBk1G~e*do023`cLH%63&rOrl$M1Vh}-VCe{zrlwUX z3*Ic@sxG9aoV`2OXc6)N$?c;!h9YLr5>+7rQq`>`D?(Y{11ZXH86&0N5WnS#2Sx@q>aH}f>G&oU^e<@8u zE%Zo>tP4z2-I1Ny)#`XD+C-%4m3IdyAH^?%v1JRYqM~9Xk~JT77+!df(&GE=M^=;T z!gxU$k99YkTM)=p;P(-d87Z|@^|{Nq(vC(6Uf|y>fq?>3`SYdbez0LU}M(C$B9Ru_i6*kaLyk&?yZz5i+~g=5c@RN;%AAii@H5fB6!_tUx(abu7VdV!dAq_K24+k2l8^l{E!mFC2q|?!zMq=Cvf_ z@YGa7hMEkJQdaiDlqa3NVsIWEt=Y0JyXrL1_w!$1f)YIeTOX~xX?xxJx*{@vneQ8i zTQOpToPxT3+@oc^q~L89iLbC4D!}%P_L|xX$$*@ok6~&B)e|KZUD;m=)p^OIhkqA8eQpB1Am_R`FVMnw;}cv za15hQs(Pr>Zi=!89#fv2pO4GT#XSg+&j{AF#Bs6#eTU<0c_anP)8 zTh6JfC@J|`(|#?(yZ>GFI>RU*lZcdSR8wVOW5fHj8uSxG(UjwmWHMrHH$!y&q7}1f zrs^Pe>>ofzq65v(F5;F?$nWk!5pzmp<>ODf*|!EMUjj%ZQk2_IpF$Z3`)!&UCHAu3n6I>74AP- zk5$vd{s)fjm+BTb;xPA+u|)K;;--V+CqmJ4?12FtD+b`5o|uO{{FEbcrn>&|TGrI0 z-n3C;(6!;dYW}{M&bibl=p-X%xM&Qn2j#E5=6!@8;?_Iv<)>&&e&&iZh3Tm`8&#{k zXtbKG|3=I@4Hi4ECsmaWAg-qC&HJ0y_iXoiBqf~aReK^2dwp)#?N;XOiBJeJ-R+TY^AWlFOI`0(dqR)|1nFWv-*ylzQ6ArAds0zleUbu@bTm|j z@Iw5>e&o9grET363@>KES}jf05OfX)8KIl$ z0Fy58_!ZwiZ@yA<)s|;rEzgFwsWmkrx5D_{_Pc-PBT4u!41YU2H)OvgmbmJZAW&NgJ@BttWDp8!T2WFjFYO*+X_9*-gkF-`upQFB=jPl8!I^ zO@;E?i7QhP<090BQV?!Z(v}GGKa&=T3j-Mz!vWWOYMGB#tF1=iSXfvxd;~6IELO=V ziK=AaAd6QTT1VuyhX#B+$Rs2T;M=p#)3|57$k0vyK@SK0m%j%Cg&z{a+AgJG3#wi% zeHr=CG?8QJ@P7#A403vJ!oHcvmM&~(D62mJna z+VvI=g{1D792^ z82!L_k%oD--V9OCZC-tD-7WwS`dJ_ED9{H6#%tN?Zv+EYlAxDQTiY;#nIflUy+Ora z!F9AFFq4Z!k$K1i0{5h(KRGAqM*Q)9i=B5ICzqFs=xncBjElbdL`TdDM>0YzD*wQA z2)I3nAZ8{u5cYgHU|BzSJpeIyEXQ}M zBkM_z4Sg?;w{R6 zYazdJ$rHuLsn$P?yYUahA)p?m@>;$CK-Lyg(Q*dNr zut*oXORKA6J0JR)zOA2bxdX9PU~2;q|8qD$G~S#yFw;)JNK5j*ROppPKAU%5qbbU7)HdjwE zFfh2T+5wd9?5gcJ5r*q*R%hPzty3F3cX~2x z&ID5NN`e%?qcB>9Uba!J4kxmkbv@Dv?T9D8ePtYJ-U|JE3LpQeb_ErXlX&+|xVeg7MqJRCYqFa-FIMYF zYU;URg^7F`UF4HvbR#n+)E%WZ0(+)B2>7w;lak%i^Zb6dbM`J^w04De`3jdvvcAyc z+Co4GBC1wT_Kf9_{JS9Z6MTl^^;eF@>e?L6JGtUR6wcW=|0-c6M;rnwXebgx#Goig z{Bfj?pE6{&%Q>s(CHM~Qi5gX3jFvS7@u(3JS65bKQgxl--8?*2onw)Ko6;RMTFpzr z|3x-6G!&_&5dR^=lkljyb;S`~sA?|{x0vB?r4O%ei=RNhCi*N*JPJiyyKQ-)GiaZV zAIg1>32&=kj4Lt^u1g2_+RB@GC>(kco+=*=EI zHkds5NjH zbvt%tC_=s`)v@i7a)zqd*~iZJm}|=4k&ml1G|9UjUzhb6i6I2_Q!veq2RtSXT2y9jKWq^94;u^jcV50o+sEPr8_b9 z`MAEHX_khqnJ*Kq3Wq#M{rPbE96!E5bHxI4?{R-dnj=iV_~e(qP86th(l1W%CVg_r zn9d*uvvFv>#fePM|8XA^N&C{8ZO>YXEjO&ZWh2=1Mna-LQ+_2Z9f#K7u+}D$PwKbF zBOY(Sw9Si+rQcY>4TS{qqX@~*!l{c@kiygUDOG~d-f*h%p*)XS)r*H_RY_8&`<{Hd z^3)o|ud$$3*L7eL^T0-r>|OyXNB9Cb`|WdP1XtPY+s--v1Sm6|N8>z0@tP_Ww`p;l z>5Yzs&A=f%jWz+QU)2Yrsizs5``@GPSFk3hq~-7E&%bL@#rN`x7~Tf)xH13`jDqof zu0}j=n|FUp$hKhNAVX)7{-OjN=)b)@|9Wjg`-QVvm!jifK+AA&{=-oA~Dj?OA(h0`Et?7baH3KdZ0c=ldX zBsMvUZ#}_>Trl*pvjj#hLL;=>ehM5}#EvnM&|oLZGsu3xsbIjxy>YQFEff;-X$zU- zA|M4sm*tO$-jsR|N5`=%e46BG6L?d3T5};Tayysj(QNjmotnFb1nw{WF5WFUpC~mh ztn!lB3R}Pi?)2X)tty%2B=ZYJ>4?0_906$zTe~fCyeR#4@i%|iQV}Cz77Zmg<##@> zU#|29bos#CwlQCHW2e0*EA#xo{Nt1wtV;`5Ib$94Z-=2>D(QpXFqviSt1D2Tp~^nc z*#X+h3|`(u5USUgCC){!BY{im!cm3lf&pvlbulDF8e8t8;>lW`=$!2wT*qUKFJES* z?{h#nW9~VEyhTHS-9bIpPm}Y+MdKZ+tWvS$!*FV0_p>omK+|azgsuzV>Cs-2q5_S* zpd>AKBHbu-cEH=?-0G^$Bha<=K((#S^QlJXeM$kOT02d!2>U7=*aiuT8@Jw`_QDBp zT0HpKgoO;|6?L?Zp57VFLK!$aW4-<&Yf@A09dC0K|12DO5y0=lsO>u2zH({HE$q?t zj8;L1tH5SvK0WMe_Mcbv|xBW1L zWvr~B*SGsFMR0YnXy1mj3=A_<&bN$4Smi>%JA40eX`B|!#pB%+mKKy+->GTFk!wfa zs}8-!lXD|HP-e7F$DV4Xfa`tOZKJbv`bC%>8frq#D6#+b?#IH+ou(9=VU(P^!74ai zP^Z*Y0j4s0xsA}x!9J;F7!1NSpr-cD0I1-+RBM6$!lnrU!GxWey{!X&wKOOz?9i=(2&y9b)AFPm{# zFOtO7g>)LmaiJ_E;`L-n%GuA8@kR^#ZP04-o2;Ec3V9N4z!lKMtSJ=b(REl@q@B+={b( zMn&?$u|W0g$ch#y4N}bq2BWpIQrz`~z%m$=Dl9_bIU7y2n%O1!-3MbLE3isq3q(IM^So1~ zvvM5C^;N}NnVu<)>&(Tym)8aFSGFybGt-CwyoC_tG);kK74NisK`z2PR_K2@U4fTh zeJQomKPuyR*Q4oIgMuQVm97-_f(nPJ0!O&6I9hTRtKC(jUc)gmqu@W(X<4m5jw2oe zN|}t!M}50{b8>{(t~NCso-zZ%Ly@km_SG0;%y-DulaDU(v7?5O z+oOYQ<=Q6-%aqz`qti%=DfAf0zYkM2MO>{}OLBJTT~-tZMIB*JGihY$@s7ygX35yZ z#;6v{^j-X^%kxiovT1mde`_XvMgu9QdYNFbhZuJH-aSfb_+%ZRR#(CyVx0>=XY}>7={si1u*MG zSa2`O&_&m;XAKr1?=c>JWdR8Ge?6yul`=Pvb)Pq5d>XsLn%>}k5AJE~>8~&O8L#~^ zhELO*?^_1|_}qa9OwLn{un?keK#+f;hkE0zkC19y|40PoIzWIxdX0{qv7R7K)NF5 z?VH&?xd=FRt5A^KpP=Z647ok^tMPU)(aP|f2r#R3#6@WGgSXXTCc0fS%$u&M;u>?5 zZk2zV67?xbNjh~uC8hUhJp-_w?9lbe8hQ97!d}9Xcd-$cSDO^;|I30=I3TXDEKO zG&8J|!(jb>D4&S(1$9!Ftx`}a3>^D#QYkp2BYyg`fVxHaM7{QVzL~@9AwO^x-fEW8 zraIIa!?hKAsRxBq4vzbk>?;`m@V3)qI6ieY=?aH`7^}T-rVoE7@Yy?wDv-@()FL^7 z>(ZLEfi1|O8J^o~()?MMb@&pD^V7*?c|Ld>6vZH*sgiGj1Tu|T5O_0=@GE0I3mU{6 z_S;6=B%|9dJ6Bn6-1Svuu$8~Md<~oxGA{GXZnf{XpFe))TzqU+9cRZ1#IQ-lfGGTXlSYUcQBNoB%0f=$28cPkcCmP zAF&dFiHkoj2=Pb*NaV;~rkjiIBwKDZU%ryAqFr3kGxQptMl4gf4ofG`DRC$t%P7Xn zUY-`!^ejalcfJkU^SWrIYaftj--xWOksA&QWM*2VXqQ{J?=m^5$R>JM4WId4EuD(K zsL;zD5~?ed5@<*uyMd$#-y5$;bPxM1G>c$Ie46HK2&rrpjPqB|dV-I-_|sl!0nGpO z=5#|$!e?_3yGT+Llm-_H>cuJtIl`aIHUEfZ7@qqNsa!k(KZjxhlkV-zDMsvRbNMtd zOLT&X1*Rptyn1{YblG%1Ph6jbvz|IX4poX;OBV?FMO-;o_810TA6 zj4K}2bbk{!nY#8IjPv1)SInjLTQHCte#G}t7-I1@fP>+tf?IN%RIeKu}#V(jG1d%-ff-|(rWQ22bU9PX1yfiIPX2ifNTQ|YP%T%0-kWVq;O zqiA(KJ2JqXB+KK*8L*F?tL}g@OB0@w7}M49w4KuerO6~J+2zJkyV{ElO_?NIPBrl{ zkR2gx1IMacL~RuMti^%>ryv3;;-Vb+f&wL7@g)rbVcGz-wLD>jdE#Wg(&|#*Ms?q# z6(t`PQIGo&e(CCuwLYGP5>TT5*zL@=tZRugrS8eGKSfzTR!QP$NS&b1zkDkWN4}$+ z{GDL+rG{E>Ai|&pdg{5rv6f*130mwv;>`-lZtUaNBc^GiKMmvoPD(l>{l-1Phpmv5 z2k7$ez}8_R#sDx#9nZB1`xYFCnm`c@#uDqH+2oDhvv7XVI*tbG+3lwXd^*0adu!mc zpYK*l5;VbUkk&HdARt0nVW7UMDz3J0aNP`3h==bN4vjx1{>10BC3*bflzjoie}?C9 zSK+mf6BaT(P)6IOal`>1}0WNie)?6mFpjL+cru#y< z?o&w2d01#S=-)}YlNcrj!i_s*t5*w3sQ%vAFP(g;Pik&_AG2W{u>XzqsXt&rRX+Xh znO=l*s5hml3caW4`Kqde+|$P7@y#!1g(e9#PlmG(AIYvuW{!4gEbJ@a&u{)6N|tZ;Db zMp-W`6DYsX#jzrES%v_7#Aw>Pk&|@HdOh?&7Ztamv^z-qoCDOqy$qQ@SJjpLq zC1YzGD`dsdF*!}^Vh_|J59Auk0A&N7&+y>ZT)Ro_mC=PSqYK*4xQ|IGNvc~5qD#KA z<{nD9E{o&ni6ti|dwpi@D2<`dnGyQ^sE9{2(SF$?ml>zndH}br~(=0gM zIXBwWIdjFCi$kr|$~!ik3V4;Uan7>*c)U);Qp1Ex6B;5+A4GJaLEx~K?Mr;fS)%!> zcJ1M%AH1+Ri<3I7H9BgH2t^ETNPLIq1}DwR2jIXHf!r(Htq)ZYUBy^#t)9E=BN16$ zeE&UhDa9^7lhcm$(e$K|^076YQW8i&9vH<1%Y+aG4FwP9ib8?i%D~^?%&VZ!IV?A9 zUIQExKP1psP^ERLmtmu0eGw)(gyWunCf$fExEJSV{RIno2p*+9jBzM{R*M^ z^|S&VW1alA_3a5naSY&dcg|2?GP2N&1BE*=Q2oexhoc%QW~=tH6;`q^TD=1^8*$=p(jaIz_&YtRy_L}uI2^!HI<7k1CX_@J9@*v^w?k!x7(UeM{0{AeFfQB4 zU|}+Lk%O0FHv(KG6+ZF{%7lQ93JFxtHg(%5vQ?hoNqh#)DkhCpWtHPQbAXSrWLr5G zjeZ6f_FR4yRhS9?Uhe-)JEnSex>Q*o-R=W=z1up{VdL2h^AX>DQJx=7l|KoEzY=Y5) zgh`?N?cMac7IpVhXcIH_W$hF29ReQDNSf{j+yfRyodWxKpLWAfuYSNlqDD}FRj*EN z>m5{>Tz7?jeZ^vZ4`->Ey^jxHwLzEQ?hUdEJh+3%st_OADhYw*aG{6s9S-^%+Q+T^ zkc|xoM(5JSp|Ozz45|Kx=Sw|*;A!idXU~WMw4;uJt>!^!Bq|&fNgiC@J&ZjxDm5ci zL8=&+*@;+fr2VK_sw(Myxqj-Vron!wQpsS+6v-f5 z3FkS&eVLcnaLb$}cahj@Zf>6W`T?I+aMMUr;IW)`7bKOI34NWvle|E)o_>DnFVSPQ zmfAQyxI=XeYJAeT=UR=*y@p}VBy?<)0lV?*CCy{}#V}fD-QZ(?MUoI5Of$P-OC(Bg z&|+MX{v&gd_86}zm5df*7vPh64?S!*;YmcAvNfy{t@NlvsZm_Z)iy|}uzpTErI(q6 zl~P}Y23p=XTDt@!%`@-^x`cPyglsQ}d-^J75G>E?`RYCVY!6q#r#d3V>$z9Z z%k8e16R5@92?UzfX=niwF5~sN{Z@O~>7TYUv>^_<>m;!gwA|41vJXkct2CKEZi)xZ zOln$T$aXaQe0O(;J_ch6?6y7@nCG)db#|Yq@XnVu#&0=968EeC5)Y)%vV3cPlsbTU zbnXe=y6XhrXjwh`b;@uW>NAPb9yIH@->1{1XV3Ffu#0YetW37Lj8_RW31U-JXToIy2Ydv^x-^=sU%c{9wWPN0Zv1ojZ205-Fi% zboqNqo-_NE;mHDGu43NYFG`cbwbm@Vj!bB58Vx{B1vf0wl{fRVxbe3Sz+8gU=ck2_ zgDthIeGB?f4%by9tVUVsIveQEd>xT6SGBphEpO)%&7X2D0gcO&x!fgLcwc_#KSyMW zU;Jcgsn@uOUVV`v8GUz;s3UpQ+ty~OX%Q&Hv2{q60!o%cG@sgJUy%=9$YQ4R#arVa&yA#aNu8nsUgyA9`K8-Ms6*7N#7g!f_gx1)_yd(B+Qz!p4|xbPo}x%f9^XH<6_9FSZlqb`P&-ra2A zXm*xnn6`*C&iWX9eCU5ETH(xy}_yO z^KD~DS+VqaxGu5!!eQ-XJM!fxa+V+Tg0rkOzsK6k(p3wjM&Z+KWU7L;*=AQ&mY|Pu z|CjGfS=we93PcG3oz{V-{J&i?O)Shh_lYAHR|!WU_(+t8+|m`V%4A4T+KB9k_7a$5>RI`6_6foF@^t{<3)vF%i&BfG%eR(CX1LNhaXjfgdF zO;S|2DZ1KrbSm~%z=AptmA4)h6TNYfc-|DP{_AJ`O$4Of&SfXErAp;dmZ_-d+TY4fCbe4}VR9A!7M#Qsrj zJye7-cfYXV%R@%14bepj%I1a_tga4WUo(0RPSQ)AQ_e$#XJ!=Lld+>3&)>Jw>tHB@7zQCwKlMT66T-pv*V_pEW7 zJy)%Q^HT55^e7WHck|}4ogOAOC_X-@M!;x$0pI?V%Jo&tlBEZ9ZKlsi{()XR#l^RD z!Kc1M{IZQAtRo-d8kQ!S^`uQfL&j#NU2H?}iI5;CFiv5afbt+lH&J#E)g zUkc;dXfS4eqJIIeIgz66<^$&CMCrQW(EGacM5TjBo@BdM9s4`B`;hDtf zTn*YKa-TQS*ay{k==V>AMcto-&s^SFE*R5n?LOi&$BnK9K$Kw=wmdNR zqSm2WpF!_O|7w({sj zbrV{TBRJikfBi9@)!lhPVrR!j9RFNbNIS>dRQ@G3{rjw&q?7DLNGj)4Y`|sVW;-); z{%9k;&UGxCjpt*&%r|Va|26{+AA^_OakSfx+5~sbQT2(up)@lEGzN|IIF!^AUXHqf63irUv69_AcNt-D_5gV=~-6wKAKS|*r&z7vosp95E z*y_8#cXursRr?(#uY|ML)^$!uZaXknD1@DNNwg>59q(veG3bJjeWo+)g>a3`#E^+Y z&Fjm{Oei)tO%k`Bl0@pXXVqZz9Y(-<+*veO49`y*(JU-+;0VM9t3n>%_V!<;KEFUxdIuoNb^cWqy5Ijvq$%Wt|tN4M-1RTDB4t5i?w zY<5i2(o2!Rgyqm!R(}&Ewwhw1M~!zg{R&2&lf-bdO5L*Ag~@wXyx%HtawOOeh!nA6 zZ-)1;XfO(dT0fMjBgsoofAE&BW-3zG>@mbaI^!9_vTobw!w&v z9B%o;4biRZ6~%fJ+y(!*B*#$uxJ6d`v=|C}PDJ0O*IWKF*zi_{6M-i)) zW{o3-J(}Lw;uD9dVG;LKyFq*b1g6Dz1SCiy&m(?euN@fcPlCy3>r=SJNk@pZo_4)$aQ5PH}0?R8|FAf)GyF(^~Tp&Rf4H?S6kf1af6wP>zp}*GhAc-~NP<0Di`jWGLA^qQB%$iQ$ma;ke_awD+*2LWMZK7BoF~;%r^RRGRW6lfhM; z5jLi4EqKgI`sQlu8O*ESnKaV&TfT`RsLp;|MZ?Mbuq51yWnlN{?MVZLiwOUoLKhq! z&Hd3!*kl&<& zAb`&f`pJ&YSnp5IV&7;$Tc!fy?o!yNS1E4FX1T(Ax0N&YHx&`X0jef>Ar&I&3>}M? z*D8D{l1sWOl0Fan^JSy*s=t}w(9-Hu z(~c+-m(-5g%gr1-bbhX}-p2Zbad2saA8lZD`{7roYfy^ca92U7&Lm#NQOjej>p{Ia zulI2J+>brim9`VkmES9Rb80Jv(1|}|u|=jWDhDIuN}nYMxrii7S-y&2Mhmp;K@(|n ziEX~ROfGrq;D$4p=$Nf*<6iQ1R|EJ~Oa^zN;8G%sitt%6waAc= z1-~t2yCu@X&R+!nKKllT=@@?-eY$5Wy{~^a)rT_cu9o_lB4#!S#H%+XZ}h%Meg&TC zT};33IF6p}Uqqe3IvNgnx$fi|l3Q;zCvWy-U*BqVXbD%Ur7j*a;pwImt2WVR8egE3 zsy9Z`U;_fVOTdc05?v?yZpDffIdOuM_VlrS{rZdna3@G^mCB8`1R0-1ktZyaiZ>lm zW%ZKB6Jk1K9|+U0%j8Y#QdN+*S8vFj1x%LVZA8|yGX7qbLbEqKz}E8U!foc7KA z-SpbtPWscochKpF&Y(+AUQEkQy^=b3{BPUp?@?oT|JYbvDYMZTkM;d%QLFnK(7PI?M-4usT4_cPnd?8q0KP-zwfzc>W8mCUAV zo4-nbZaka9++%`M=~WA^uL^ zS-XgCYFtjO6*VlD`K5$EK;e<`@sNIxht|}!(3*-FbWYE9`fmHbX?`HJiTF%2h3BLZ zke_n&zOaV>p{}Fo$NSHuSBB=XA+9Tf{9REMqyAkR`&M$ezOQYiZW-Yh&LjNI?DaR$ zcK=Cqf9JdD$nx#<)frFFx%DqwD;!dTfP(}?Uy080Qf566MBf#?$hFdMd)QU);N^vB zrw9~c#hXY(+08MYDAR>nXMd1NkNLb3xXL~)htc<&j-nA4zo8m1U(1-^R8hE}!?>ybktqvkudjmc z+xHC33=YNEgGX)?K<|spu1}EbuNV6l(0BKJn4TS4##JJ}3<~mhLMn?)f67D{ORot2 z?!GcSpFXwY3VL_zdb(~V_r$2$$}f<0(VSVCkqQKyARs!ciW?>}aaQzQCix{wGifck z(wv>C8-mEq6y2nzEA)ytT143mJCP`pZpwX?OK8c-m(!N^LHd7BZl>K{Tr!w{ZDy3ulCF!(RF9WF51r+U(y+m^?f}}^syda4>ummKAbs$ z+n(w-4@lrE-IVYD+!S@{W6>3b}2{nEWsT5uCN$&$O9g@;4*a`|-nM#Ir`f9vW*DG-)p1kn2;vkS7< zUr)bmKZRRw-%EZsS5mx^fO5&chpA>Kc6hwIyrFt_a2dUC(|m5#{X1PebrsF@b){+r z@jxIe1Vm?LDsrvpJG)O#M*3vkwYIiWe}DQ9PkKRz3FC2f7WuN(D_-L|ntHcK@!P=5 z2$+rQlk>}$ZjZXKvg?{e+lxLn<})x7rkW$pSDhCB^y)r(yR~1UEYT@wn84*@(WEloLf$)TM_gyCLPP|viXrJG zl*KNONjkvef4}$mYxLHEUYhfsuTfXY0veU+oFmTc`N7OjqQ~>sZON9ip5PK4r($n{ zu_8Q>Nu$zn6(ufu=&}ZS*CDdbGF++z9k^r2B6&?UI!bgD&@GM*tF$G;D&>u1r!m2=Wbg}9SU0KG5LzW^`sgi@DmzmRS?c&?gAig*IH z)ST3?@)#{++hwcOxV)3tv3;4aEFLkQ002M$NkldOEfB zkJ2+++PO=x2v!c@0*a_y&`?2lerg3h_W5_wqn|&K?m7QxTGCWaA$ijv;#8f8CS6qv zuJY23$GR!&ExHmnl7u&$R67su{m>|dROgy{S6w#GQImf#bQz~@g*ZA`6jU&IqkJ$^+aoz7!%;nE}U zNZm^64m0ayH@%tJ;UQW-bRKDXUdvrL-jOnnH?W{8xtv>2bZOXC)s(Va#p+; z@XtX4=zWpeMbW=%PjoM%3%6fF{~SD=Uj%X2{IK+PFcYg%Z?QkmOim?LT)FZ0RV~FA z=BH9lBNeV3i@$_RJY{FRz8fzY+mU=YKgn0}mvV^H%QYSsdmxZ~0;01-Z)NJN=)6qx zG)p%r-Icd)-D*~rl>A0`p<M#p8Bj3pU{e7(VG&;Heg$V@y$^zBJLlz`PMvkl6&E->Qo3|R1 zP-O%#`-!CY#r@C6|Gq|-NP1uV;q%4S`$GTif2eZ>eR=N%)H=eVG@NMcIkyM#7YlD4 z8u9abeP!B%?VvwMAAQ%H2?AHQIjyFQK6Lmj`pJ`Tlb4%*Rr%!)f0VT4t=Q(jDonN5 za$<=hEw!pEGw&;>;z~?*60Xu|fh9a^>(0)8dTDzrEjVUAd1oF&!NI50*xg8UWkP>- zrJK}`RiFcZBp;{qaG=;(H7V=h{@~nNYGNV#_cw-VUr$ixC!!j@zgk$(9zNU0>)@8s zNsF)+Zl)LJfVYvle07{$zw^_z#CI_dMR>bxK}^E8eEd>a_11_9O3j0d)a5Ou1DEPj6WWECGA{1Z@KC+rCoMeRw&3lmI6G1)o{p1Zw@unJsl^~Z`+Th zfSX@3^Lo^#j@Jfj9WLkc{3lg=N9c^24W`lH2?E(9AbP8uG84I0be^5(I4L66T1zgv zD%*JjWXo2eR=iSKis*|LuF1Gc8ga&S$?QlH&d$`i%Nvw`_t2uQJ}WcV$0 zloP=!Ga@gV%3YRuUq;%BK-HHMlILx)p{(e(Dv^b`5>%*a~Xr8NB5M zhP3`nt@hB&IuCI}A)EyQBkocfb#XUG`2u9>xTi(Gi(8taT)&&Ec)4H}+$i@78R3cK z;PQh2dS4{JP8(Q!UbXv^)aIAoP1?*7v8mkT<`=YQ*StvAH$Oy&mLG_X66GU;*UR?2 zt{@BHQF>SPX7#zM>2LJyJs+k=dynEFLXw|)9UPUK*P-`U(pPtVihj4?b{5n7qQY?q z0@)>?hK6QXeOS?XcAjO{MeZn1l(BpF?u^f21TDE4vzyF>g`KPt^G}?C8SFfJDE&Mb24$1WESRD)W|H6kq~X8S=-e)phT)V4}KWd#H&0P>-(CB zRcY9q61b7B%VIl5;Ia+X$}0&}_F_kylB2DENTqjk_ecG?TS_6}vNi7Oe(VjG0|Z3K zF61${@`1CLKzV4Gm)_!8SLF*}$;r3I0mo+b-z^8M!=%jw(EB1WQ0Y?qy?q~~O(Qe; z#+KQRqnyk_&M${%`a0D$5fY zT7i|-aFEN@OxN%G5dF`bd#IkfLc@W;WD&5Uw?yZO-t+nR1@0uetUs~r+OOjisQuTjJ%W34|l8ilPAnvn-x@fRUzeC|yo{B(OF8KoOBad#<+U(Vov z|H>Zv=n>6SQ?3bNDVx~u<5u54uG>wea&hEAmi@(!>V_=){7;EmNx=S^z!hJKDe*X5 z_m^XiV2m$uO#UXkIyrabzFaF0tS_|%21Qo8%OKkH$-D!F0N0YaW$8+*Zgq(|!!0gd|w4`q% zy;{Ds7*8MP><|I;zK8|8X}F1g+Ij}R1Lo(*;K;-X(t^tZ_x&}m(k-)pO)aGz6T@vf z65)LJ++WcZyZ(b7@8ubtgDi9>wCHk8%0n1#<#L`@`=;$e+oscinIa${dP{Vdk232~ zAbPLpMDG6mnZFsc@>Zb;?#H}1#X_riqlIdsi(nMO`o1x}61E2AC9=?PsAQt?*fcLr zq=`s*XRQfP9}C@AcX!dpezArQonB2I&h)JVJ=EtPr4kuy7ZIT%M73_pl1_Om8``o! znvm7=ltx*JBf?huZxFKLrEH23O&H6$NqliK7Fc(>pMD&@9gi6uV*Ob1cGAA}62d~U z5cp{KU+Hg6XHsW~$JNT01r7v2z*Yi*u!rtxJCU{rd6LFpf2?hfm)^y#r~f_s0mlTc zo~a0E$){_3IXyqHDAJ;Wg3{KcC6QOi&-NZlYx)<`j*$i$43<)bXN2am zcs-$NGrha!?WEm|B_GM}Gdund9groAqQCQjVfs0j_mb(WXkJNM(lQ|e2slANbXO%E z%*eDAy_ZpjCW*2xa;+%)QJ2hw2L}SVML-vsvNh3hriInh7z2%dsoIhB#<)se^7FAw zI;Dodsz6P2dboV$KDXAbSp2mJ%7E4~8xf@(CgM{QuabeDN2H~f!!?T%XMA6a$C1TF zY)6iifw6rp#@Ju+j~2UTeq#x+0|Es|;KqIbMZ3#e=-K*rYs>xw&BhEC;ECguKp+bQ z?rwcI4S9LOCx2f|Za!W@@8ZU%=)~$xF=0jzSt97ZjuYsX1Mj6R{wAJBnHLd?^j4Be z%*`{Ad)W7olKpf=(?96^hUd8FQoNdvSPXAc`Tnr=!#qh()c2jo3=jFHkd*s+Zq0=Q zfyp4CbXWXaIAM{j=)Hu7(+JG^x&T&`z4Q%-1A$y6Ai6PCCvl_WM;{w)=>k}`#*f6& z!(>0q;xfoHEX$HTAs&+(3O}stU>N zwW?qufVGdb;L53nIGy%SGM10#ul7}lc8(&1#V-=d5y#6cWtT4O#&a_IsmKof;cVeR zAZG|vg$C)@+rC7fI`|;fy108-IoEe3yoM()V?r{lfFGdEKk_BwUKtV&2Ld1vLtrHA z<*vW);^ha-T5;WUh<7i2ZN?KZ>5LxRN2bz8wtSH;-E}d&IXr{>svaHXIycBwAAfio z^fJIZS@C&7s0~(g+v@X0k#U;~MwlrIR@NN8-dwBO);r7@tH#)}@t}T-l0q^F|3e5u5DP zi{;3^@{srvSK`U!8|*}ox>)$?(L~^?Zpx7`5z}H#eI%)T_*kv8%jvj-vuey0K`b9- zQ8u#24+3RAEg#J%{$Kt4#LYri#IEUwAAs3E=){*KOXrPjK)^`?PxUOOgRUm7luVWk;>o7IJpJ!f!fV^c zbF!}Pe{8*!9v?V{$MCRFW>K5aNjS%o_>xZ2$8(bJm#6Mb`so0RX;UJHiXgXAx`N)c9I$=R0&#J6h6|rgTEu{%N z{yRb8jrpoX$}Xpu*4~Tmd!F`o_mhW}wAd19E4{PyeMul?QTa$XCsx)}7E(qnOiL-@ zM5T2zX*Vq*udiH-D@F`X$zOgz2=up-&)-fBRc<~X7nebcBsSncpil|;xVz&=yB??0 zd)LtJl4jcPn@T;ND*mn{croPi&{Y1ez<~e=#1eR@^GL1oi4Jmksl{`EKGpa_bjaB8 zfzdkp%Fa*GEB+-!qp@9`$0C~Tj1JH%v_z%9Z^4~v+^<=*Pc=SI-{1EE+8yFn-{_@{ zxWaq5>qt7YZoOGj_g($rEn_0%Srxght;q-U$17}*O1YBHdc$+P z;=msS#t7)5bj%}#9kVpLpFa?$fsrtEduCF_q32NTqLnngX^|4RaZN|MDo(8`Bl+0n zWWuT-SF-MilnsYO>_&vFWFlfVB06QsB2D~?x3v6fVpxl$l}Nf!Hy?f$g_obn9*G{> zS!9on&`{eJ>fZP`^}qI8YV@{KMTrRB@jNxF_zMDsN1#5~L-j*Fw0x-W&JAY-0@)<+ zuf9XLLXqB1#yW>9C~p~kY|2aIOVEmY>%o<@dgO@o1+IRAER0vXj-Xo)tfU{b{89Iv zu$BC!95;2G8_7p6CvUmjYkDVltmjv2Vmh-R@?pJ@E^)@Q9Cd52jM`vvO=79HoQ% z2dHO=#{lW7QYDJ~;kr;-SVd4qOv{00RO-tyPc2+bsMg>}kVJ_jS3YtqV|WKfw8=1( zuw{WOsST!7S>)Ko;#Kz-+j`e#u_|I$IejbfgIl<~{8pS>pd>Hlct@2>d6baX+ep>T zhw^6`jh^rYI{3_u)ce}6h*v=(AJ3v?#GsqN76d>51V8`;bOJkgOzfTjPdF9b#aM>s z@HpBJ*1x7ljoH4%V{dOga0dIwSwe;DFXA3aT9+!W;70k4RCGRKb##z!J$MG4KXpyq zb#J8{H?^I^>A7604vZ9s?d=IP(9V%Ynp2A28WAekWRZaAFHbl#k!wZw*>Q?lZOQHJ z?ajE%0e+JJ2LicBU|g6bE?qoPCPG()VEYhvRGjxAns>%EarBvx#b45DLR7-F{FRW^ zl(GsB^L|CCmxudlO{bEJ{8LVnseJi}GZbGD$tn-spM6>TYA%vY9dLK7aQ|Ht9({ug zDqWV1fl?f);Weqqh>F5dufWRgO-%wp@)AA)FE8(-x+zE17~Ivl+%-%euYHad zl^&o?BTe-C&ZB8C#678Ex*P{6;HxIF_v6{WGtE!RF~!wIoo;@M80 z@N}Ah75!yJ_t|k?SrxfGJv|whIY=cLr$s^#aEgGjB{o?e#+F>;zNBj%uB6gqucVfD zT|)bM{q*})+vw2^2Y5W}5YImBqEa4{Dy^3#ykNa3P$hIlsp^7KiBpk_{AM}QBrAeb z!nHVh_hIc=30w(dCmWW|TD*v#9xgGISZ06ipLocB`6psp+mkFMsrvA~61#dFJ{C9O z5rG9Px%uHC?#nB&&JQJ{8#OUJ%u6v;{UoGdslhwBKE#-Su*F+3ENbmnmuxeH3$sFK&WjpzQ_y__pYnMY zJbp21`7kN}PJd&(V!|H;93@~ye_7FecAOMMt{oI%qi6|;s1w1Oij%myGp0K@SVCpT zf1Rcu_gQ*vZ!g{W)K>cUo^CbSQ#H4wjfU@W)mQM+DH9AEbHqLfI7gu0T|w(Am(ydlE9v># zqiL6S1`W$gn}qjv=H>CRNNftW(~$$O(|fz0qLcexq=rCe<_2v{DdP6E(gyl#uttk2szZHf9fm|bC6u7dV zNN^d$^>keWTsa>4Nfx;0(`)%$z%aD@Sf+~5 zlaIvVf3k+HRGLb_Dj$ifMbbpA7G3toZAyHJr&-}36{e+%*yli1o%2?SVMBba^;gnr zxpI&kjJXNV2?qbM2xF1ChL4n0ZMn}gw`KD~!+xT!JIFKjI;uPJ0&3f{hH66F)H=K4 zHn0Z*&J);C(n2>iT|$3q{2=vJ)@#G?)gavE2UHAQIkkY1vy@0O8MnH;6Pw9 z2q^t!`plNRG*)z9a_h-sWVI#NO5bcNZxWJYKnxJbjDTKu8U<`TOL|;ATxL=3t6EC4 zkH3Uk2g3CIzi*=bJtI`AkAanXSR|uTl`I^^fHI=}+GrKG__IY7S465NKBan;xsD}{ z3YIPJXaZG5AB!vHkvQtFilf;ywg9VO{-X%W^Njf` zp<#tYpj#95{RM?MJTHOycv_9;-x$_*(ec2po%9yuk$v@ z;!=(^fvcrgfe}9yC~4SJrQ;nHU-D3KRO~TL% zuUbSG&AXA>ywa^QyKaCd-uZFEa{5c{JpSR}FJVN?#w~?>Q8~`D6*KAk(~h7{5BJW1 z0|AE#RJi2Dkg>jrWXKg(Zy^41dyOUid|&hTJG!Fa@#XEIDYT|9y_eP;EE2xF$g$Kz>5AVDv{gYAOFjp>>^o#oXj@DK_F8C zQXlDclD>^+%NVX&alOqnae%SM@?>A>Z2x-|qNUB_VfZ{!7IidaQg_P9Th5ScDV;foZ;8llp<{J$`|@ z$Ip{I>GfRH$cB%li{eVa-Vhl6hNw46+?(i&bSsEykC{c09v{i#ork|ORR^`&}-)WoF3(H<$a zakp|L&zQOp6*(w=S{%(^{3Me2DS@kOs6;BACW^JV+I}Scm|Za-cD0Y>r{$yh>i%*x zv3fT1U_VI^DUCWG5w?+!-g>L#xI7fAoTSB!)vO$cc`d@>b?UhK(D%@QKPE>Gg98D3 z3AFp_>35AECMx3=$V7b(?aem1wZS3!{nT@5d+F@taczn*#FO^iSGSOYRlG)Mx?L&w z$HP_Tquh_mu zNetFg*_}|FR1zRgQ4`qbZK4+|SMUp#9P2j7za7D{3i@O1`?7X@dOaodWZ6u9-^Aa| z48BNVUi16ql1AFcOE1BJfRh9kmmT2cx43~NdQ2-X)6>S?j^7%Z5jXqKPhZ9L4Bz8n zvq$BSY6-rz<4n4I&*wf&F7m|#f0b{o46dUT%PFVgCyL|X%8(w zs7J*X1hPuNivF^q`|LPLvu~~)c1>+qQS@P%bOsIta*Tjcxavhy8cjclY$cxf%T|W3 z^@eMxcJ>O|(=|XlItSHqL29BVrSU}MY4J4$sU2(kn#j|a3ep9t61WioC{?T`KBX;G z8C3T4ePvB~YXVnVWu z>ru8Pt#nrwF)RCq?#ilTwLD;O$>b$~#F2fm64=Yj3hkhpsmdU;GQMTMxZ#4~6a4W9-m}TNP-Dr6kZ7!+i z-<`O>8ktx|8W5O3U{*;7&FA%Ji6?8D;G{*BdlEd}6aRa2bk#QcSncyfB^48rjvYwF z8|0T>0T$7+Rh9Ty==ct&|5V*`w4!3ixL?%XKYAAv`MA|seH{$n37*Zl$=ju!LsS|Z zf7wwV>-yjP?6QvSI#Hoz2l{!~qjR{;i zP=1-*977|cDi?K(KOkT?0sbaY zyJrgV^JZ>3p5?j2%dJ38IFm1ThnpY9MKq}2s|+*sFjIG_`Z{N50m(ohB?70{a<^kO z(V4NH;2WF8>4WV@^F3&ClSeFH*ZdI8bMKC%Pbs^Jk$BmlCEjgx-K;-P^p86FK;3Kf z?ZyY_UDexYS}707k)?!W=}hkCd`#tzxZRwi%-|3NY$sqve_7FecAQ97MQ+H#I3_EQ z?EnQEAYeuynV>aGBNHW6%sNs9Z93RTqudH3cGOr|u5Lwaijq?=g_ZD>Lk{JAUEnIY zEAdzZvg}mxMc9tZR4u(k5rM00idj{c^D%!HmB8f)vem>j?}!sWi7Sa^qduDDF(J&J zs=Qj11dj;(9Ko$NwN+eE&z+`?J09J^h3a6dF8(Jcz()Av5&PQzoywFC_>cVKS~T)s_Sv!GjO?jHIZ~ojMH7+8|JA+hXVm;2*^y|EhBp= zES-_0g(asPe>Xf{nmfEFrc`tM+~Yyk-OkkUk5&zj2W*rvjRvRxmKnU#+hqgc(Ezms z`uV#r-)%S$aE`!H+!DH?bThY#au<84cZ`mELELoUOd2&EcdJEQS-XLLG4C!qu7Z0H z`Phb=C#zCsqHG!M>iaCD?{7bzcB}Eax@Y`tg?oe~zZ+WqNcYVB1>HaAHhOQ}`uGVD z0s;;bfXGb|ur)<*p`uQ)e24}D=@KwL>=~ccWM4jdxV{zpBFL(m4x>Syd}UX+HXe7p zg;WwsERmf2Pg-#KpB!slk7c4MJ{C>KTa}NBp<=5r@slK)OcY_rHpGuTL#$x6q>-&e zRR6WDQQ(fn;~=$AkY;2oPbp8bZ{;Wp>M7icd(jDpQhf!_q#ER7PG2JAOP#<}Lki3Kv$Rkb& zkCMP6nC?&vHU?}=v9WRQy|1@7Z&Po#>3!eaJJQkBz0#Fd(n?p~*muvIX=mnl&e6vIPEYVQ5V45O>+Q6| z5*?#{BpXk*6-NYu1o-}bY{?(o#~{=aK`*=;DSNbcg?(-Jg+tx*&d#lS#{T=TZ`$V< z{n%E-(5oA-!LI>-4=`Vs;yKEByLo9d4fYnNSK0sBc}ZT1qo1z8Hb$>*eAwnhF~vtl z1P&R2(OP=NGj?#guXwtp`iwv4rCuQr?qCYb!HhB@Fw+R+bYV_pW^>eyJ5y~9$aWD8-|s3R{r9MIFx^`XV#^`^yr3v`9Dt>-U-~S z7^ai6xghSJ+_hX_MspFfX?vlaP0O7jz-VtI=N^X%c}c45~Jt8h~Wh9y64hY&>W zE0FH|H0B=4h`?7ptmLp}1&7RL_QM;F{=cOUsr z_KTJOW*=+5&R$t_znxR{s9jL~kj442wvb75+xJ?|vp=>SS;$vzA~3B99E|=t7~MA! zP^MXJJrPAx8X_=t1iXk1UU9VE#Bkjr>@Od;-R-^T%}r%{L#ZlVVz5x$x<;jQ%=O?> z%;p3tj?T_=2BBQdxw*J-8CYnF-Z1?^fr~g^s4{N$|7_a1Q+EkXI?gI%_*2vKXA5;hB)DE&3S10XcEgsvfb{}5Cu*GlhTnkrr8@<2 z?w9F8PwrM%zSx}APVBoA{UZXCK%f>Yg1>FwwYH!GBM7ETZ!Z7X#H04PUH@+J0&{ZX zcy~VA^00-X(b2z3P2u2@Q*03^g+MKa z0e^DQZ&01Ep2=_eW^8kBv;E`tH`&{2Y$JD2`r%1 z)tj_#^iZ#vS8rc@-6{6ZZ#d27VCx|3dkh_~-$4T-g?zGn6u2xq?YSd+YbowsuP)pM zjwRM9TV7 zX^WzFrXm`K(Byx)YvSkyGOtP5$sa#H(?pmq+!@BX!Q#WaOyDGf0yb2~?FeiW^vYwF z*(JxWu*2pxWZTreSlP1eTbOpc8xaxMiB~UXnOE9*vD}r1`R7Eg6T{xlun@iJT{vR( z*Sh%-;;_nyz$6p+tGz$4o=BB_bJ2Tkf7N_^Xu$`Y6n;}>C~jjFR+;LuOLzX%zPSAh zqh9%6_dkGl)a;tZHI}H1VF4|?JGs9b1CjY|qL-EL=(?W$_QhTI*(nLkp~tI9uOWu7 ztN-Qu4GEY#fw<)m<;Fyh{bkEj_E&9O8C^yMrj|fsw8uU=|0a8&bER#{;N8W1*+GK` zI^AnOZhI*{1V`-Ci+^crDqkG*F2PnG?zJnI{=_cb^bvfQ<%_|W#2cI^yX~s|=h|!M zJZxvyJ?}kq6af*KBmxq-lLS`DiU0{X?G`}6DlZhnf)y}5XlSyXN#W?kscUpP8+@~s zBSkIe(z?-3bVGtnb3pDw*g0(nH^@Ku<-$OQ(%R9NKm#>oFIhPkD;zJfW0y49JS+qi z33Ct!0=ORzd1i+iS*`N#GNY$?0mTO{a& zERPheya2*_aqH}KqaWSTAa`yoAxq068Yf)pHqH6H8La!!h^?3qr=pY=H=@Xhz&HuS z@H~EU=YQJKJ>x zth#^b%EyJ$sYPS{%Dwm5@qPR4$MtLMv5IC(aUnR)DR2gVQ4(oelI*lsbZoWvwmfG? zCR^RBIZWUpd=ieKI&7!nzk20TDR{u&ubSQ-JH2g(y{q*(yQFKI`$$$WtQ8-cD7 znmf;L?D}x7x{G92XLVs9;wV_Ny(&3@3lA@RvpuLeNsC~NGbnKVUbi`co2#t*k&zUJ zL8s8QdC5^r?V~R{(oTlRoifvpio53l2;84rf8P_}<7Y+WM5`0l6t64{8yLY~&drHi zx>MjXo)@@0NBZuZy-^go;02~h_mKdnG9oa^1h{YRt6KkPr*=MK&r}{}4^%w<07nsow=gzIeU5c4v5?)do0#u zyRbrR0)H=>Q+>8R(Pqc=9k3%4EmrB?%fY{G`PW&6#`~+bJmH2O=lk)T`Q_iRTFet( z-q&d-LR=r7XvIQPqYLsv>B&t5CX&EAF?V)za<2W$?pLFFK|K?EVOcLFyX@Y~I(z@t z_t{%J?zWH3|D7$Vz=zrr%|9&pjosF9glLi$`>EpP$U&3ARKvG448seNqG?@LTk z!9+j=#zR0NcRbV-M+9;Nyujrt>&DY%`7E15#p30&I!k8X_5 z9|RrkY)Df6IiZ{j$9cXB(980-7awD9Ib{`m83040t=B@C1BiginnKj2LZ=;CZ$L1A^BHT)KII%kcbhXc>BM*|Y0< zfZ3ZnxV3`kk3cdaFeL=$r}o+W&V6=9_k;NK61TMbpc8yACMp}~ImH8Bfzb^KJCNrH1Sy95BY_IczvsNgQp|A>!e85kMRrCB9ATdE?nZN>d6eMt7J(@t z5W(V6|G4;iYe`kxw_09_ss;N==bLn&?akEK*I&HA?(11=|F-yQJEeAGeyD=yOJe)& zb4#zacW(YG_;Y1*)?Yb;_bq|Nr@r6vQoEq>X*;HBoA=RC1Vmth2}tBlFi<5oy9iKN zd7;ar7h2ve=2aPe_oGLH9)t1r9vXpCu4 zv^Kc+bBqxcTm+^G0Seu(uDBYx!S+G>F|;_%52ksQh^y1W)}D-8bF}omqFEPR*zknC zrSWe2S=(8twgx}Oy5ggbd%AatUA6Zd`@)i+Tg?c=mNWSD)S9lbzDxvvV=`71NmwoB z{>q4e2#iiZB6oB~3LyeT2?T|e({Z_w-cEnoeK<~mOLe0+6{fK&=6X)DLKa~t+E9r( zsYrc?hy(vQKMGyA;K!<%LA=0aLzSx~FK?=`e|_W0+2P3)v%R-q=3QSb2i)j@20`|U97>%Nx^SZ)XAcuI&;Q)Y$xfuQmz5C_k4M)ark&~V zoZ{8H=gys5PSm=%Uf@#H!tO*aDtA8z5z#DMkAE;cyQc#?sSM;8ZZaYu0wN#+HvD!15WbMGm+*k4`oBiqu~WWVb=Ww;ncDizUwyR7jJTV07& zlgD7@M7r$*^KP~~I@j6GbR+65e4q^)tTKMp-m~r1jSt%e^-nn;)~HD=dbO!$o3~|(fb?5;&J^}9Zq5kqb^%nxzA3h+G1zcZ?KcAH#-p?hCl0M84(bH zECGpJJqaRk5CojQ%hOg~&@x%4)pAGgo@l4wG`9d0S39O~&8~OMeoIJ2=s;FfUcfR9 zCn0&n39B%=d4HxwSFUjU_pdxQCvbbMzv~+4!9Tzkf-_W&BQly*(k>0g%NoYc7Gkg{ zaAU7BFGQj0#41Iq%S5&!b$*PSb*K16D*@NQ(RDlXoPPY}(s5yOZp?-AqnP#LHW$a8 zL)^NaTlU^kH1lgX?Ksfz7+Hva!j|aRV^sr-=+IL}1g4Nc2J_C7cx(N$S?tpA4^`lw zFrV`h3@5jykgi*)6>+18her2=824ccY3BYWOh}sfi7@~C+cH5}&QD(Fvy(syLx5jQ zG}ygetL>Wor`pXBgY9ALS`dlZ8>(&@lgQnI1*Y!nIt*1%b{f%8qG3BMzRUi{!rO*A zmw0x1-3EJS(;b-m`$|`z`uaB;J!Q#AjeTL~YixbxZdU`}+VtrWE6gmyMkm3(1AptL7 zsTCBg|^ChqJ@+U2JnhOK*+Apm@PewP!t@OLxrTvO8pceN><+5U89 zz>+)9rOOK;Eq6heH@f?C`en}tdvEE7pBK0;EY6unx(~$7g>z}<#4RgiAKuNqWyQ`f z-*o5DWDd{b^>FZp_Sh=?6SCd|TWl^msbxf9N(r=MJD%NGEqzO!MfO)>K04;Oj*x+H zGHmG!vAXbzk%vC^Bb@E3w$OGobb0K;6aehym1#snd|9W3mSW07Q=vxr2p9KWQM^}C zykD_|MWT4WC~`;2w2wE2Ba`FbM(*>SNk%clpaNnY%?%8>lo5f0A@FR^Li=soad!2A zGwks`{Qc)V_zd2KbQhLv2-&Vk!R6*~1HhErsq%ud|PCeY-u`v&1&1mmwdlA8|b_1c$=;z`0}YMdiq* zG~VIdqE>DAh<#n>8FpRAOYGQ+jdpqSU3PK99c`$0V~5uJ*_tRWzgJ8N#W3OX4C zavIYm%|@Nmb2#(j*ZX^S28>{9j;;ect-fx#&8w-f&Apvigvv=pRB2Aqx<+SK;8Gsu z1TEq+9aL{F6w_jrm&X3LbrmuD_=QK(2^HrCXu{vYLXkN5iZkVGoyjBT{$}H6|MitA z{8-1jhA)LFuYeyaUe~MZ&b>&@4NvyHxAgNu)rT86XB_%7_qlWn4o~LLWK`Zx+*0VW z_m)Q-g2ta$taYxvd!NI$NWKigfU=9gBoN@E{CKlP?pS2~&o)@Rk1M8^^8Cdub;91l zBA3rJlIY)AVP0SmmXyPu0lb=Qdy z*-s8^vUfD!Zf|S4%eX(Vj0ns|0)s8!*;sm&Sp*J}K(JnPx-OTVx6_~YV7R6lEM&3s zNt=7z8e4%mw9oHp$G)8KS5+dtekV#@;>b@{j8b?z@rrXN!VxYj$=SF@j$9mu z&HcQHb@2kC*17vIUdS>>48wHL5_U)WPswnV=7y`|AsJP(@%Atl9i`I6tbIKBU#jxG(l$jW= z8LjQJa7DsW?X~DM%g&{rvJB`#Gn&AIT`TQ#*jx6Njw3N=6>EX>s|m%RtGL`hx$^Z} zcc{j;VvcPoBKMzmz8Y&;;Nf&aIe-Xak@eX>FS|D2IDYG!njWwlT930Ix1NK%=WQv( zWU)7|GsDW0buR5+L?#n%(}fWf4|T7wC%PBe@7s^IPcOdCj<4QYS~3bH0%b&ipNM5d zKm;a%5Z(_} z&Y-(D4Zn+zS(+_D21A^Z52Lci6Gj=W^nH5-QMaX@rX&^o~z6t0Yn z^MSdy{CezrV}s$CxXUejk||!9^W4#e=UiJh%IVH96tx@ihF5sr$}*kcXtaRxRc-n34t%q^Pcma z_xaAu?+^IRJF_PfxwG$k>ssqt*IoGsDvHvPijH_Jv@w7 ztvWaBO?|fyu#oHl2~bBPboVV+lnfKb!OqJB(~Od?JhiXoU2&D@Vqr)UY%Trv z(+a3SSrHdXJS4t|8_X~l(Cf?4LJO8A_O?e>OwO^I(j6}0(LJy6Gj3CVpJ86fTU|1e zz9=n<7a+U-Nt4S_AJc$av!f~_Rl2o#xQM!qtVE#uqR>s!{U`|6u+W+eB)c}%Q04S> z=pFF4w8W6e+Q%1Z$SIe}2`rt6S%Ti8EG~KfUP`JE9N}QL9-hxvK^an2jhFb|RxFMg z{))5C?Pa=J5wiS#5W&Ew(If0s&e|L1Ww&;BGj`sYw|Qe_L%#&bWZhmQ8=)b&W_9=Q zQSpYkGo8i06Pn&4Dy3jbn#S0+aGVwa-`Vdh0W5AM$9gu%s~GO6oZ=DIG%xNe|ARhz zKRV_w?}B;1tj6H0Q8m%MLJP(^NjQv!XBZztF2umI;O`yCJK6)bKs2X4;uxLKxuqEh zHa0rhR~vavP{UQ*tWd(!gJ|VhlRs{V*&nOfG=O!lprK!8y5IV;%k|)@IM!<-0VpCN z4SPhqmI^yrcwenntgIH0*MMwSrS!>r{}4(Z7LP!1$ciWY=(E4ExTqt=ee?B)_n$x- zv@epU(E0T|Kdg$G-zyVh;z_|hSr~lU0I^k=&k#poBi{@RySY{`+wyQQ3i%Z%{CTPF zmX-~TpL>xutsNl$B7#uui{hhAhNmw;YQznKAA5pFq5bh2Jeu*%T%GS^J|{y01e9M1 zb&bwyzp#h}c{YI9cr`SB^KwEK2eaRsQ#8Hfq`6C{j1_YjKPvAU79>sDZ{#NG_VeIH z(mLL_L~3+V@HdS#4KIUxtkP%GVUpAyw^#MGI>hb-DNsVCZ;^7rNBTy@_H&H5N;L9# zyjSd%!x@)*UE5C#nvJdSk`xVFx^tO~BP8#KN35u>7V2~&R`dH4zwW1ynGT{GTov2+ zbe6!X6>OH5pp z(p8<~8P?*{Eid6{Tu*y9F?J1rC7a$K6ih`jfwt`!B@$UC0&ZCmHbTJmM-7+}ArP9z z!_71(w0RfyJ9W(AFjp|1GtyKBjvk_Mth69mJKlh(s=lD6wuM@=YyHCMVHOQC1V+LUe&1h=4!)E;T!z}WzCie>a!&|BAuTTKhY6v z$PLH7T_=1A=)^*$S*d4==hO(H_K+Qj^8uWxE@+sF>J=R@#B7l9BTs2cN+n{smS*mi zdb5vnYMR8E2GhX1LS+_%IW2@U=fhMcBbl-Sn)4jeT5HF`aGzKcPFQM08$7ii17<&V zwe&(=_yfmeeLJO*nD2kb0~{lG?ueKrH9JGuz1E5ACltRY`^(Sxa*pODdm~m6N;Q;AF$4F_ zEHA=-Az-lYcOO0v@;G{$(9*GIHzmOj(OEjORU^ z>U<^(uDwdpwNo@7RMeXPsjpA|_%34DA%=aUGS$^>q32V;2)ABD$a8L6cU)60Ogj0R z*X~rwBMB}RuP2!cr16}RdHm?q!tQPibZHR#N9E(3w9i%ELQnHBcYsD=yqnt_&yX3E z-c~M7o{BA$5m7XH_0Ev__f(k*?j9JQ>piru>=H3x>=fQkQX}?PrVHTK0|sfa*7F(6 z0;U#BDxAk6x+!gQB(^1~j`84*hGAAXu0Df9srEKF#qTBJ`%a3&)9(x-vIyZ{r1sNF zO(*KDFO{1z;-fIpF_%}HmdY1>p3>;>D>cbN-)E3uqF2@D=JwrNtVhGsTn(!yINItN z0!G?afp)_4N7DF3X_AB=d4-SXppf&U+Bd(rp839>ZEtpt^|hG-oyF)x_Vo`5)4B&L!(@=p{b#7O$VI;2bWM~ zv&2AL&4txeLZHFgbVhF6xWcL@zTRvGovI+dzZn(j%PN<)x+tiZjsENX@kU3N`_|{d z%&`iQeoc+zic_h=?)MVHl;vWao8AGG$+3qdi5r4A3GjX}GJeYXPB2zwRJ^of^5vpo zqiqjIJ%i#vdXc3T`HN&nG%~1vcDMa*f|JzofdAumv97|pjwhnMqKoow>7RHx#_{ot zTXK8|1H-=Nk)4a;oi-sX2L6P+xU)BU+^>5rrH7~QXMzR&JP($wZ|~9JW>|pv3U7U0 zuRE!fW`k|l#V)RLw5}L@x#~{lt$YPC(}amK30M3oA;7@>@P%5XYG&o#?&FKn>hV;n z9^-DHb^F9oPp)S4ltWAIzJ+j(#i4|u9ivyRc*n)An+nRAHPK>d>VF_a;!k!KBAoz$ z6NwpJ!l&$yD-RcZ`gZ!c#SK275C8n;>-|`^{K9QcO=;B#W32 zq0w2wP@9+(;G#-@K=giSeNK?;O`9QZAhoVGakCGWkMS-e-0_N6jj2@j%#bL3zy|8; za&M(sb_Y*>${Bikf7dw#*FtM+TsCwM>#ElyyS?idyjoIW#POtg=}N_fP0QZVdLaw% z>l05Q2%sG823?|D0~)>~D}uX9WSjx9PkV6Q1sZn$8>FjhYoC@NRrdrlCOa<Q*A;Ib^?oz0So1x{n(}P4sUe^&;29s*m7N1*$`aJF-MUQooi4?t;yqV6s9o02 z!6ld4;V|2X03>77jdjviyxF3%m%|RT0R^v~(9H2>{NX{8vs>`#+j`!Iuir_Kzjzd& zyA)GtSeF%HnL8-_tP4K1a|m12xa-}C&bx8~7O&jfU&$1eoZN383_U&}>u-I1pW9}8 zr2j-Q!Me-u`CC8<$AXM9lVaey+&C(MUo4c10{DHhFXAM){P8#{B+r<`Gk5YA%$jJ$ z#>1E6#d@lW*~$=wfI~>z;^ja{aiw~lh}i_hH#(y=cj$hjw5}XC1C?h0K5Y@%dHu7o zoRriJrIM;X%2d3+mBx_!Y{;cXj^%cj-snnx=4QYq%p|b2)4wBKN?O-GkSGfuf7Vw) z*kCYuHsW0#x^TI6mfqGt)JW8v?wv*{w9SjhM6raNc;oeC_X3|H#MbADboZehSZYCM zI{+gZM|9Ol8P#u+SdNPicLs+s3>*=zp9V}#tZd+FaBYv3Eq*)fZI++C2Yp&$KFw{f zRJQ)auD1Rlt6}Fm#JVsuf#)GDm&V(lRT{~}SxyFdTSLm=`-~m6#RP|mRcTzueoZiJ z4(YR=%>kb31K61RVs!-4RLLW?zX*>B`e1Z@c4z}^@H?S&;H@vISaCY;U+LzhSB^pF zXKJ82E*|DLM-QKndm1(e^yqN1GGkE zD3P|0gI;;<%%95cO?nLWp#hj5GEc6QNp{S8dx)Q(RKbmGelIXR7yqPYUpEZmlS3HH{IQ!3wzTW_b3 zzgQRTvfX$%`bp*a@=5<>fudXQDdh9v_QE=mPE zzTcmF%pJxB6!aJhg24`cl zDX&cX_l6E`asGdj+}axH*xB9tIY-&Hq(t8oh!fW-SpHJaxoQlBA*_v<8ws!BzxIo( zlqmpb*M1|TI%vK~6@(OGs$LlKvy3k!uG5O?uwKdN&Bm0Mw!4YSpDd{G94ff39ynPi zVmCsHOiOd!cXL2l;73ts3u!oriF7rL#$?_wbj41dAN&SGu?`3mU3jaS+}v72RYYLi zk;7(UxRO;rHwAN(IWL22*a_CYLt)aJdT|GY*uYABJ5N$E@$(+fZ;!>Kj~`#HHc*=u zF0>o{THo)=wldzLLo;Q_*4Q8mU}?l8dZqkvvf1lT*rco9M>_-k-dnt7%PSwmbKxWV z2M3_ojh3+aoCso56_sz6$!#&AMYk+pIG|aG%@Oqaq9-MT+Q#wyEw2ifh@c1vYqnHp zG-Ul?NW?P#)8n+uk$$XRa|*GHwW%gPn$2Ab0tXLXHrWV+`*$KuopA~V5#qo*&&e^w zDVc5r(s819YkOoW(z~58f!OUhR?OlwdSP)|Mnzy@l9=&t8Slu`5b zDBVi3ww3?Y#x^`HCIMO#>E~d%AgWu7Q;~jNq(6K68%g24-~30uE3Rk;*j+E@FZiI5 zN1ON}z?q&lURTjw)jY)+tuzT4w;kxpfAAX6kHF~ThTYXS*Rt5;Br?HP9z23L1QAc% zE=C@v%inpowQWYZ&d()P*Jp~!H~mVinaikXPw^nqe}y}@EcV^dYJIbpZ3iUeJz@$YfxcA?iMaP0HciIw)5ft`wfl1l;j`C*7Zcs?^r*bH za3GRo6J%ZVs&wOw5g@qbQO$tgDSkceX)<*^w+-vf8{J7hf{GoAAXb#P;(a*!_p)z!(PLOQ`dnAI<& zY=hbw_g5P8bttQp8bVl=cI>mTtX)=@cD+bJo1!Di_$N}2 zj;)Zf(iKNlp(8+}_bNc56Znx;=tV$^EXvN^f$(j6P`n^3`*I;U3P`z>gkv6*n-es< z{t~UfX=j5i__q&}P+jThdO=6*j;3AfYYQI#!rykBzqScer}1{>8#2Hipu%8#FR55mT{wrm)H!7yv3nn?!3{Afp>-zRDHq}iHG6K0irl`O+1d96s>E1U;u{MC zITCu@b-&bgsCh*qV>fjd*7s<{yg|#X35Aot#N^tmzc8QBL7}a>*Y} zi9q~(-BI7>?n=GUrekr_hD*arh~(u>^!2AvGr#FS&*cHhks`GcR(YC9t1%~q-%Q-s z^oQ%R&hugpsr-eCc&<6vMm0hR8yd~L>n`1m>K1BKX*M@>EaHD?=_3@w_#<;P#i!ym zo8!u&felFlA}PCK9=DDQyok^YVEt!b7Zq1x((WLhGrJ;zj`}N;md4Xh!lfI1A`^dv zA+rJ#C<`sv9u?#%|92;KPhHh2*N75cqzT934=dfSLDDy3#-T8fJ^t&&o-D2+flAZk zbueAEp~ltkKB>?(?Bt1v7<%q5bhR0Ue|f(v1CqJE2JJq<9ei0?X<%E7rR%G{tO2hD zwU4dVe2z6V$9FTOjEfM`EBZKr@z&kY@od|zA1oeA^p1-Bv;EZ@k`$?D)w@2wEebq`C<2}m3IHVdXKBFRq zM}iGjYIM(G`*Mi>c5K+tN`6>YNA{N-vf$(;05pup7gZ(D$zQM8nYNjodF$7%gc@*ldCLJon20a{KYaF%7*S zxL-p?9cvKXfPN1f_&t5RV{ji2yI|@JT%tU{s5+vPj&3c4rlKd1iw#V>Mo$vhiJKQ% zEuLC^|L%jT+6HyXvkf;)D!dm*fBKmRhL(pRCBT#Y3)0c1w6cqnv%d25uq*j zRa$)kA9=#Gc$i8~fG*b4=6NDRj>BI|0sqB&Au<-AG>(h4~Zvarm-xQv&M% z9h0)c;Iyb!M6fBDq5J8e6_Mwu%F36JXqlRTTYbhb3ihA6Uxz0;%xQ0{LX%|gpLrR1 z;<;xEi@&9C?%-zCe5;%ibAFW~A+t9f#P_)}N`XS<*>|pl0&!`!&kQfC6e!G?eO z%`0X*pEIGUetHx*&ujyEQx$loX5gK^Fr0-iOn4?Tp3Az#|GJV*1&H`@IcS`zER&(~ zYrl507#qJ0*4N&w_oDIDY?#+;0ek^1MNIJA;yGL$7azPd45_aIw(EPZF@S%hCJ~2s zRaUw)Nx@Z1t@ISOURUK$aN(t!2s8kUPaO>m&Zj9xtZ^<6?ClTB`1%Cmh|MztJ{rD& zm;$Z52)03yHzU}vka|L8nv2_JArS%^K>AP+Dk?BY%Q1gzv!q`8sYc0BZL5k}7MDHb7flOXPe$_dp*KkP$kE&*z$s> zpHw1-7dbS3ahd#)jQ?>My&Zqw1n{;epHR;(9VJgRj1i=YlD%InQHYO}YCm;|`q1NY zOk#D9aK6dIF7Zcsg;2!;HvqEua@^$lI%O~|^m%+U_lnKA3E6>R=U3yRGt|*4&*VuL z;~qCTm<0kJQDWyicNDM)(DSHi+YM%e!jE35^le{indYa+Cr+)5!T4HY9YbCwYm6&Ps%a*ehFNDQ`#jdFl z1NP2C%KPZc6QOwoA`c&BB%w$*sPe6|ov4?DRBg0kk=A)v1{+&1@Nm2r7QE8kR*if5 z+t=eB5Q3@KuT3FrWT*wl_P*g`D@!W5Y7vSRlX}&XA zE5Xpi0wXV@vV!ZJlBltjGZ+!NgIp1tzM`>}|E51_#LU+ehkxr8nu7Vku8d*p zLG#myYlv#2b~hc{%Z}Uf0ban2&fqu9de-;?#sILqWABf$41qi}Uz(V|@Ym4v_pPKb z^U_-?AIo#TzPD}^EjK0~E&M55BJ1ju#ON}VUIx&NKIX7eHlB~+7O2H`@oYL#%gJ1B zRxZrYIG5})OX|a4RGHHwxmS14vrA8J|NM9*9@QRLvetKFe?rN52>vP8E0n|XJ$*xzLqUYI z6&BIUYKbo4`Q<9SGuQYEjUWewi5C2VXo6Pe_C<@1*)MCniKNXJ6QGRA;7V7~dV=bs z^uR>4q{y$6(Xu#FxLhho-Wo=6s%49?4X>-hlkj^(Y;#UBT~wYLRF=NDa@)Ft zrJwoNI;4Ca6*pyUf#DZOUoBl?Y*lUi`mZb}3;9|vok;^u3CRp1dCKAs6ctCD5S@tU zypE@SB10@}%e7-hr!~J3VF`vQ=2>n@7PK5dSKGpzLYIS;aK9v_orXB$8?ABUXIS{;~GLARiI++O!L6wW|U8Wse<+Y0m}>giLMoWMAj?LT#+Y4iQ4 zquBW+{n_`@!@0}0mWvVOJ0j5K$_@%;*}kL28`$7B57X^ADV0P^vPXBos@-A=LL*gl z*aPLVjU5;Y*zps!{pI^Dh z71@Wy8AG#yq6=uxpENNne#y_d z7z@|pvVg?jUpuut6&OhT)!I-akd&K{p_&<7Ehvx^ z?=cgre#XxvF|p|*rxMQHrd`F7ZY<$e6Viggt@?Q^^h3E1P&RMQdPL&`r^2&WMAKUD z4w~9!;PGWic@!p8B3n`l9dEvaVU@#eQhG?NP<6ndQN^ufRw5m{)JMMW!D-d9OY%r# z5AIzCe7-@zw2@y5a3^a!+qkK{`HJ3DFqHg+mh_Cp?6wmB$Zx#GHLo6x?mBf7U&iG{ zJOGoW1ap)bEqLJTXc0Yg4ZY(YX632Y$2~8BTczJDv)&`N3_{MoT+nl8%p+KdXowoi zb0XwsU`&H9_l`$*R#)AL8wrNapfq{+WTX4G4B2~nZ1UX7oa?cN?~&E{`U_l(=tP*+46Ol4FK~j{Y*M`XRjL9zrj&lg)iq z1{=K?cE!ImN;>WDB$&IV1FsxJroSHh4Syj^AS=@fx}_xc4EaUH%BjhM@svZSVmzAu zEt3N>&YZ~s^yu3uDZAN~pT2vFallAm0m82^52FB=Cr`bwIU5EB)byEJ;a}rFds^{o z0PEG{uL#{&B&kaX|=L;(Z$S6oTU6pX+kG4QkwUidJ9fV3A&}H zJ*&*}1{U?x92lr5Z#h>iVIO2x0-<6P1~{e_%L{n{zLt{OdJLzN}8N)KtEXO4a~O1^xh|jIBN`7TJ(f@tq+sa;j-6gM^GG$nCiQ zQ1*mGlgS;FiF;)-(PeIxk{KwMB^3>_$}Td;w?EotwT{q5F|_cHjt19<2;P+zN4{44P-q(D%zm zS*IbOCqiml^U^c*1?IQ}p5xdO{ zO>l0i1Jme}_B@>-MytTx6$9v?$E%y0ua<`{ha(+jgcDJJ`8mIz;tjAS%mdbCtM@G} z5PaZY=^#-MRk^nX`}YQlMoS0-{VFx*vrrnKE_Be5-*c`QVUcnC;jyM>I7kBQP|tz?fG2dtUg~g% zCv6cd6A+n)sM;mjNR(<>-uQCe4Z+WmBUG3L2mJ;3M#dqSo){xGm_{>o9pF%tnlfOB z--o$XdOR(=TgaflyYwBZOZhElP+dwT z;sEW8L%D!33D$%uVm25v1N(t%)r`892);CZmIgDu8BSW6IZ)lidLFYZ_SPHO(-YCv znob8h!FsFqq`oV#f9Z7&b@WXwiHwp}mt3*q#eKvxVWH-(axp07Tdt7i$}rDt1b0h? zx2V|0MxN8;8usMUHK(q6ye|H$J%JC1bgKsBUgd)&Q*UO~y&O&lCur@dOq2F~MbHyZ zB0hmy8tlyTZ_FL^815&#zRAzyg=exrCaCbHqF7r<^_0vMwQ>uR0MLajyOyDc_lZ_S zhPwb6r$dKnC%p^;#xNS4_#b8x4G|3=itM|El`2OcDqn@B7nmv#N)wpfYIX~ zq(*a#_x;t2mZJ4=NlmgOurubYVHvUm-h2SoyFYRL;~~Tj7zsbCUS<~;B;pgUw3>Id zFEpCNRroZN6&q==rg~6Mq_5qqmAdK56>90$YOdM(hY7VmT#k<1N7U@cCLhyneZF+_ zA9crWPC6r~l)Id>Y0o$fyzxhLnrO;8Aw8I`H43wLGeu=^m6QUEwBot6*C zs*>ak9}W=p`YwS(A!_rNqcn4Y2hL!`Y+ z&?MUqlU4ouEVr+7ZVI8{S`05`dPlk|vjR(xOI+hV# zUsAY2qV5z^KdSZu^NkU@wCk`WVrqmJuV;ZPA}8~Yj3=&B!LJyJt=H*p%xAYz9x_*` zFy{EGDeEq;Wux9b&GgZ@86CGcHygPlH}t`aZ>zk=Lfo&^*xQDHFMgw$OPUkMfRo^@ zXl-qjJP)q&oxsLR`!RP)fA_DY4PfEi+C*p+P88O3!ZAZedpldx`daYujWzg|oHlEUQpv zW%PpoGF;^9gRcKQ!hSrkBlx71h>hNqcmQt{3~Qo3cYNE_mjtQv=~np4u!;1g3^?7u zrnQ>**4Xwa@RmItU@0n!Vs2u?fcNSu%wCyY|q5e&}YbpxX2v%5q4e< zkyVYxhZHR)NU6ToZ80o#$#XA`sv<&{gDR`#cTxVXJp(jkG%cjo&GD2yZE{ZQtNGFZ zuiojIia(u}uJvgxSBV3Ak%Yw!i+y`z$ob6kkk#q0-Syu|!G-l5pmLo{eO;mMR#m`F zX|p9ATGnNuso0U++a-iR+r&~;?d*wtXtxL82Yew?B{rt#cV)%OiWznNp*1y+8~Vn> z@~!1Eu=m?54~PEt#;j$xKd?de?^*+LGg7@?Z#UQ|XzDh*{EHQuL~2y~xx#j)Lv{3Opq6(jqwfSmPF# za&FDSbnk3px_nqM_4zTE@St_L?#M!z-yVgnBCzV!p;uXzkj`16#7)u#`~DHEFQ$uI zEaR?nrET)BeJXfZso}7miZfmpXWXngt8$e!Guc)Yl3XFyf2fu-wOms=W^x!RkSZ1a z{BS=)$JKt=>$X3U`@zAumZAPYTFRe-Lad|)0zE3Pi>Cfu-(22_5krn1+SYXJ&<^oi za7(w}H$QHDh)89Vt{!oy*@Wilt~wa%-b?9HWwqwirFY!sph!W8D*HI|>*?!M5)BPz zt@xYjX7TrAx$RVW`yJNh8-%aLXD^}(+wJ&K(TwD67G59p|>}mF~vt zMXqfRmwlK*THHYKm&kcN%Kj6x(QxPRsAIrHY!zxU@R0Qza)_6@Ply+vjlJ}2b}bjJ z1;%H*bJrB3&rqTd7{o$wCm3b+(WHldZa<^AmMI_Uz;eP-Rg~o=Y5Qs#uj~P=v~g>; zspwM%Go9d;%wF+?9BYTi$YEbP&n@knUq_v3|KdSh&ey@G@{Tf2ncorJ=znei?Hc;D znK$|?w|{~!;=-7;M*1lbOA&xY74@Q$*NY-EHIw&Vh;26)O0jH5(!jeUMjhkNDWdSJ zNFdqyFYvTFJbvuB(soI)4u|BsosuybeEOkZtP4DlKL7EB)~@JsUAI{Er8DMb9kZ-b z*V_8W#g&B%CgFAqU5SSw$E_Mx)bM;l4G*jJM6T^G`95#%hEZ(xf_2ypeX^enWG{uU zt9c$ANgd>rn_L9eqpTL(i_%_Mu;tKqUs@4gap-t3?`0*WvUb7u4j2f>NUb4yU-4hbKv`g~P&1s+c>QB zo)CIm-_e(O+&7>XV>Rr5(|E1JY>}nw#o_h-DrWz5lcw%?^*iQH zk(z$X&nA?7gfOnrNuzK%YTAuKNKVLdlDq54q~Og9E3c01 zPHG_h`UhT#i;Kg`1i%yb;mhtoj^T5gI#R%&7DDnv=wZYBQ55WWR7*$)7@z7%Qej_j zWiCphCS#lQ?3Z(M!;|P0Wa7cHZM<2_8yXd&UwsT}ky!2i}wjxECM0TX1z$3Y$aCb4P5flqgPGU2o0OEgpv zzoVz}#LnQIw)S-~#Kp#;z3X;nV2+&Aa)?ZZSj%}Gigi_J8KnB1gcoHdyYyth=eEVU zk8E{|JzKs1wBe&&Rb`qp@O$19|y=bS_;i%5q%?u6P}mtq5() zhA*?oig|NtDH0!lbmv%9Hhag_eztk-cyR^4R*7xk9sO4)FzZx*2SQ!KCla2z; zC8kD%c!HZV+#0qyUZLY`I$rKDzrL$340XArcg#)`Fy%;y6}WGE z3Nl^LzgGSDrxnB4L%B(T|M6%J%)c5$@6J&Zw#*0HLxpp}QPL1G+tN7JvUwqB^^P}` zdd$7K&BQc^NDR%K{fklE8h_?K(S0#vmCkjImgo%zV!Zm;G%b7OBelUJ%!T*9I~5x- z>&euHbz|)f2b69eb4PRruQKeE_(3fK5BZQOR|eJv`tD?ZRP=NpKg2v~q7B2v?6~rk zZT;pe(%}Gi;lS$eXvgmw(B<-QSbj2w8&AYuvNs&VL`VGQy;3j93rK!9Qhbf?0Be12 zqFXlY(DmPL+#!lpo1eN{@fk^jNht8erKF%+6c5fhZl~O|j)mzx49qYkjV)}ObYf$* zNIG;~=iMMG+fz;2MgS9S8OCQ5k#iF`loul%VhxwZT#EHwlsH4leYi72N+Y2(v2j;U zk<^}Ll7S7$!ZW9S_gc*MVuid?Sjy6OYfYO_$RQ2+K~BvOlX4L3yQ1e5uPm&=(Ki3` zsJvR4Y1Rsz>pda*(H-Yug;a6`y{O`=ZEo%L5b4nF%Xv~6iWk2Fo_&2y7}6Q7Efg(| zUa6$nWBCQm{TkwFwJOB)N`u4a0idN4 z=BZ!T<*2Ac5w0d;%9c$m=fr^nY7Xut+yc^GbVRC&A!J+Wiy7g9aF1hNJD%Eknj?b% zA$e_qpyl(fi_4gZ-W>9yt?(MN|A?Znsm98is zrDN!9`gTXTxl~?BWZe_P7OKE@b!Dq}TF5=EdVO;C3?=LpdPKbo38bdv%S!F*(m2~G zOsuE?;t>U2R-z6z!t?jfbk{_(v?5UQp;Pt3cv~t8pZ|rz>%z5>Z;!hNBtJ#w$qIxU zOh}816B&z$Eku5lvNQ4HLW|LR|6M%Sxlq4p%LdAb*cvpJJwa{<5W)a%#_d3W7w-(z zn!`d14=+JdaMBw(90`kHJ_F^AWLjy8-OecA;s4BA1UzfZqdMFKL*+;O?6`!(oXxm| z>iuup4SZ(6mdMO`)4aDx$%)y_<$c7E+bzU&+lmTZ3^6Ha4q?WMPyyo8w26krINa|- zkWJ!V?*3GNs1J~LRm$l;;sA^47(x!k|AE_r@3d~tZho>TeDe|edet`{5*%rUa(&{d z<7^I?R=GhvYLc!Dq6JchVg@YZCUVgooTk%+DPiKnb`s^0lr%LZ8h!)g6+I;G>D-ER zy2^WJecz1ozbP1DihI97usE2`|N1ldTu%e-QzMg*i)0Nd_oa7;M9is7+c{BpdZe>OS4pk?a;+5<&e!}{82+Vtp`{bq$@3io^?y!-@ zYa_S@Yi`DnJmvv)RZd53H?ahtx8~Ao$^>zPqC~TnQ*TD9HgH$kvy;!^Yg1tI0qnAD zO33-d{tj-*AD>Og9nWgkE=s;)2d5|q7|w?`e-O)CYib}B=EV=bQ@e@rbHBcCKaN?@ z0qXGSekjZ*NRaq8L6ar%=BI2SqK-+a&KquYZ9|@-YHL_|TzVpM>wL*>cSCbl6?i4y{smGwdx{%=@Xz#D+djmK_S^F5z+d(Z z|9-SrL}U_(g<=VVHu;!UDFR|w5YAvov}dWg83_sx@#kt6syUgObLI<%Cw#hE(K*uQ z7Ome*fON3-1@670NGRm)=A-OGTcYF~*w^D&V{fnL`kfdK#QN&yV*T~zJC%hKb|&7~ zQXfO_b6qnm88JK;8C$Vz2Qc(VXtNlX z(g^4)ehqfqLq^*VfRo(x?eO8$A$_ZHq(>8nUiJeXt^%4#dG@?+HkZ#3y}7GPjJUBl zwKDz5OA;8s&uUBg4Xs0&K%mfG?a$5&T5i?dEx9el*j-DFtz11e11`O`O3F{kJa&`f zWDDZxD`Qy`JEn1S(vHg8-i|~~jbjT+9iJjqsHr~m(F8vtP1&H*!&RYqI*Yk7@aDMw zI1^b?P1M}Jc=ffs3IG#^I2>wOdh?CV2MIQQiaHoGVrzvm=>wck(hn7#1W=(|ob8`C zETyEFo2e^V)Gd)2tM_G5s+=$4 zeUo}?A8QUuR%$JNaac1V7A0Fk;eh0U4lCE0dNhT@*Jl9eW$PfLFmOU?262;jH6aer zx$&|QtBuKjxpq+I?+wj>kGsa&03cs-SoA)jH{x?PVBKz*TH3__`4JXP6$VJ`@E^Z4 z7Yt<8I?GfTr8(+;`$nG)+SDFgp9hSo`(08dKp6V7&+n+{1zR_kZPdkLu2xA|PvU!~ zS-biKo43Z^nfrXa`A-lid@tJhYk4h-sA)8k_rX?1@a5tvSJ285x0lVP7Ed$Jw7op5 zjvdFa)0ayN;U>4pIgIxo1ATwLGA~E`%jo3qhw@vAkJRZK&_CADeiT%1CHk`B zVZ0l=qCap-$o$%FAT^hDwdy6M=pE0Z&Rz`@#AZMMMk87&8P>^+P9s=3DTZ8YTEcKA zQZ&8XQOl`FhkJVu-PxN)3+45=ORWjTV>^*`Ic`NLciR-iXLCGt5U^+!lLlPXa zV=#D|zr&IM>t5smS@sn_kd?c12{xua<0t=$@0F(BMe5OfbO`%wHc+NF=U|i|k%alQ^FnhiJ5C{t#D0!S4x2 zo{<9J&=`+SMXMD-@8@Md6v+ZYuej<_R$evIdUqI0UKI0~|cs0N?L$zL0mC*1ne zImHGoU3WC&d2Pg*T0+*+;is*{PTjxziT$IXT5E8xopRib?m^GZ`BcnL;{@XZ=f$(G zoeqM5FEeV}x~zY~vD~FM#k`Rbme3#Dly)lWh+c+bwc#I~<(XbBe_>q?BkS<5hs)LM zn_t<9c4z%}dcn~2VBG>!_|HP}4{H-Gnv0e+UVnDRCn^zdGof-@iSIxEeShvS))j4! z8K$PeVjm{*6Xv0cV%w^uQLr&ldx^232H3&1N~|Q@#7&#bTXguRXn@&kJN-Y6t_*B; zx|VJB(Bw^Yn5cKs;_F3oJnDdiog>MLqbF`hxt~Kh37gNN7#$DG)%V&&K{U$^R{e<* z^=qQ5Dg1 zr+0QAC<^=Dy9pONaiIfC%6cormTccteOH&RsIz}52YkF0w4B0qS) z1bafFr$}2`Y)9JfSdE-eamD&TIM*My@Ur9brO}E#w6GNl5?c#{t5iY*MDF5aqEEmAJzO_B{L=JIn7SA(5H{&V{O_ZJj@y~Ofw4%`22)n9M2?Jz%XC61M;N&MsMzb|BPzQp<8kNOiA zH9FNzzgWZmiv{*?mq?dq{(E2i>wQ2qDxQh%+lDVsU;M8h;|AyW{@H@R8l?Odg+Pz& zXcW`_Kg~mZeA(pn?0-M%aL6}l2hg${vGiXoy?+*Z&58dE#(z(s{|v@|R>uEbAOBey z|Gg|w8`J;y%E(imANlWC0RP#t{%3>zkNo&I@%LW>@&D(-oPZH2m zj?E2~{6txug6S`95gTOHVB@qZ!@sSo$A6i|l0&uH^ycgHG?CE5+P!&_lI6w;`Z7o; zuWmD(=p`z?kL2Ra_7~)OLirr;b)OqGO8xeHx2n0fEe3X?me7FC{Q&4?W6(!4!hh3ulDE+pZ+hPHf`@sx zQNTw->(OrI^hH^UE$moi?3Rb=FXHXLYc57{kHCX=Y&B!-s$zd>L%RleY*-y~uC3c< zWj{rtqNx6HHLd(NZ1t+KQX0saC;h*!X2IHBtM9mEz*?qL`}$9z*Mp_}f5`gEu(+0G z?LY_;f(HxkA-KB+2u_gT?(RNFa0u=WAwhz>5AIGNxO>RJ3_idh->~;N_wIeaU&F)d z)vLOzyX38^?%#FCB_kjnC1A`r1=KmTK{P0=j&kiRbCL{it{TXDQ9VHa3STum;M)-Qr&pQ*;x*DnVC;9Ma%W(;8w6frBVfY zaN>W98vbT@OycL|c{3#5*kFZSk-!zt;AsK7n{%f|4ZS|&BBjAMXueWar z#D9orANfDz8y_M4Y9be^x50f+?Ul6}88s{u$jpf|@)qM?J1*lA-Yl;*{)rbIUZbu5 zrWtMxi<85RcwtIG{C}*_zx|Jl)~8|-aEJP&^goy5Uw@y$eT995pQZm_cirQ3U-!J> zZ)Nie#CtXA&3=dK>Brydc|`YAJ&di*LRS!4>q&pv}(ro{FFn4BIOkNM9nn(l!L6=D?#Z}2Ac4x|2I_m7hzs!?+t7%G+LsBKnt-HPRQ zn-1z~RW~17b*&0&Rx}2ntunT1QK7E2u}rPZtOUjzURXISIdnB<Txz z4F2h07z^TlOrLTGGI3F=M1!yUK6kJA+}>RMY8SITjv%875(F% zXlVYmZtGLw{ITyiN6`Vlz*;|4ll}E;DJ{M0fl^)lB809R&<&8-flTximtOySdhp-} z2T%65^J1Lo&v|z5eFHo^T0um*=~~O&e$H*}=FIMr@+8R!pwJ?4Qi^|eU`KwwKm>au zW(0#Bd2KZ2A6o@J!0T&xG5N6_f_pv>zokS=nT?T|+4Z(m&d5x5`*ZRT=mp6V^e6); z=g%@!^URi%c^+SDd0al&Rd#5G^uI5Vp8lS?_QLSFA^MjNUM3P8vJUF6sBaO!eE$2V zTV7gR4lLhsR!_z^zpJ(#)NOA!bEYHN-AXWGmt17q_(obB=OfZDVXz1{kWgBBZ`#Xs>A=(lqUXlPTGu_dvns1w9U@|FL`Sb~n=BjE#R+bZeEP(DME z7kKWE`-V8pm^*22S!Av!NRzuuoc?9>#Jrp50L47;+D+&Ff~J!nyM96J3Pz2-YtgY zh5yU0&(sM5i1MynLy8LHREVvVjh|2qQ_5&i3R^m)gYkCU7PA89Xr?tag09DCB z9@+O?l{LTea<#_7^Y79_sd1tJgLxY(ET5c!)CS#lRE0RZ+5RV2(E(jT&EUzGJs82m zbDb9{+@jEyT_`lm#CJu3&vSh!l>swb<>3GbCFif_@w9O1ZCMT^F=V~aYgp;vaNhAuOqHmuehXY-s~x) zE9%I^&}EtMRXD=%3LAaX#vQ$z<6z*|*2*PlMFrrZJ&B8xJL=a>V|p2x*Sa|KI}h(f z_2{WEk%h5V*g7K~rGNCN-oB8!{lthu$49qbNL2P>+mJ`=L;Lwm1K{3lBXv$igxLxl zKr#$IE?ep#{p@RqBO4@6XUOU3^IObss`K_#EMaSqr}KbY^=SnL?ZtGjaz^aM1miJCVuYR#Ve^q0Ql z!#v@HzfDxGkzUipq2rpzFA8soGLuH36lGWgWNqPmM%D{k-LDnydspSxWv_gt*0jX8n={h-nNPqpZ0h$#+8qm%`TR zB1A7nUeL50{qgoG$_ep2>>hgjC^J@0%P-2R*LCB=D7@jCnaB*8b*KE*c>K~xZ6uLT z^n4MBh)w<`WmzlVYdF2#CF#e!j4hm|zoRPyNyJ?yE+QplO+K7t~Tf4Ba$oBA~VkC!vj| z>kgE$h7yBznKjgzeoUXH?|;l!#QRv;-&mNwc9Yab7-%^kuKUe=g|77tOJxF>Olzqy zrU^qugj(-(JB*F5n8}@XuFJQ>-C>I&k`a5J&S>o~u^btBMucdnLP~!bYDjmhtA1%d6_-uMQB)pUpe)ecnyt z_mLxt*K=yKlUdKx+L9j3%75%{HjL|AGh_qOdFi|4UN|kYn&CfexyTY7#M4k!)( zUm8iLGA%hG!`up=V~(_W8Cs0@ zs$cR|m#E91u9f;9OEU@qzI?iVxnjBo3b^$TrFxU>1{K}RR>8yn9}Ojr(?a?rO(GKV z^3{=6$*G1$-<32-4@u5_Fw9O8B}CgP+UuNCdq2?F8st5m;TTtKoTTu1*|BXUqt>^F zTB3lf$j!+Yg_JSXTgB=!gS^Gfr0NL&iYhCcAy;c-SHxp!r_G8YpP=Vhis-AG*BX|U zc{!^dLzEHQyzBYwT^dyOzCK8GCrdM_;o7%& z*rt`4s=L%t&6prZIj-Y8gcAud!C?urMC)cPx3s)Nu}h6mKhLVIpo7GJS12ihs20pL zc>fG&zR+<}*kG)5o`WWQ$J?`&LLp~LF=+&_8`Pbi!HZCgr0o(s<{#Wbxaoi1MeVQW zxeQ;viM`Y|J#Ydu_MAR5{Ca8a?Evsx37BAUy>;j^SKQ?)6GqQmcsvm+B6V@P@4u=h zIdxF!*txe{YcuK`E5hKbNc&E49h$N;Fjou-c)|7#IfvSw1~V9N4X;Nui^&~z|M0&9 z)Z~V9PU~XNNH>Int(+ZXUcUy?W=}bOm+s}?^R;2!yV+i9Rlhpn2RB?F<30DR8gCmj zzSZ5Wze;ydpnMx(30V(li+96;dV=`6jFVOi*K#9@M}{__8+G3biY?DisvnwuT62bC zh8?rg_EehQ>4wTvha0}K*FDdLDuBqGCSD>y2HMsZjITOxK#$ZG2g-PebS=m)?!W)9 z#9I=FiwfS4zXV?g;fISKtY@1a8t_S z5<@uv&@rdk`G*sd;;E~}_9DC@GYBlB-=sL3rzbkt4GMfeC@*h8Bl$bWNF2j)a`V~k zNo)#Ix|!(1l~Eez1xGfgp&D}CqukP2V_-P)jrKfGORN8yn(tX;ifOK!$%ppcEemAG z0>5FXl(CGct}0!hM=X2nI-(O;k8A#+q>maajf%<-3y3@9K@r3YNb2S+K;4>s7uQKY zP-&$U19q;nr|tSEQ)X*kW0QN)8*J=+8Lrc1KCHX3Y41?T+3uems*n|eEgX=3y1d=V z2wY^n5iw|KqM?uDQo0|ixiBv*)4bhMp<2tj;Z_>|qk#?8VPxhRJz)e+hd+48d%F{* zv8vX;HhINnAF;K_{O#a|iS_H`-KnkB)n z8W7OIa9V#siKNL47T)(T5o410{TthXs6UpYUrBL~c%7}B!e7>Q3u%H0kG&-D5bNPx zqVQU0kiJE|)4Hfnyqx))`~ZzIEQ$omG#PCdvq3`QhDqbqOTmh@l4;!U7L59@eV(n1t(pY0;^_i2q4`5E$TE{_CWlIilhz%` zNTrRzKJ#2_?QO~W4b#;}*P8M0`^u2LmuQvvUV$MkkDs0xc1Q!4bB9Ln$%3eBC{Y_i zzW$6#>ZVGk!#YBR-e~54SnEYf6$zu8z1A#=9rcrO2&>G=CGN#rhl1IKLV9M#3IQkpH~#AzpRvzy7DFI&k2d!))KU4_tUO#H8n5HX zK8`xCw|~cYhxnyiO~M$F-iy!+k}FAM|EQjczjB`GSejdkfOD!`Y%fxoY3mZ-=_rf_ zQ~HwWxlKmV{bp57@4jx8S3+pG)|Z2F(7nOqjpb;x0o>E5Lr|{p3_OGwrwP~dPk>Lg zb~;`QRN!AM z6N8j)x{|FHp%OeX#xoC?ZkDt@uA}nP83aiL+jYU3DiuL&LSFJ$cRTs$)e=pi3S3pU z?P4ydte}a8K;A%vZ)iu7F@G?;N3cT&y=vw08@_7!Bb#~Z^el3iFI#oCaF`7$!O8w#JheuV9cd)tQVnmxjd(&CI|ILpGKU6I_eCGYjqDDhFw- zU0T`Yzv(ofjDb5QW`kQDe3r|YJned&&`wNdllyvn!>(MThnSBf z`H6+v`Es+rD>trlP80G}{Y5idi@guhr}+|^mQeeA9X@C?Rizf1@7&_T;BELy2SvD; zdi-m_C`Rd(8wdh!nes$4r`&#)!8DbWS z6ZHc7CnsNzZkxM!_qQteNT45iVI>}LN4Vy=|IX{r7g21KUEvG^*I(7bi&evZG8V6_!+$l234F+3^lFLuebKzh?| zpXs>b>yUh8$2V_$WxvGoyah^qA~eJDrSHm1qBMCTT z+3?M65}y|`cKBKEQ}XJ&6P|QYH_L|~tz%(cptIzNqW#8nT8c5!9L^DC=N!eAvr4wn zpp9E2PRyyU%wfTb`=+=7V8)WKb|BWayjO4O>~xvOAV_FOeAc}Q8>wk~k;L-mMJ|O8 zY{*Q0tP-kRTTC=i-#~HMN{8anmYd!>g)z_jk_=dcI|#{(V~=Yxz{~X<&t~5z)5^5t z)YLVR49Vok7h_2EuGNlBw=)4YT*NJ1QBiD6kQv>@03S92jJ`Sl;!TG`K(R2Z^o!~> z+V4CbC!7Z6!b(Guf;@Q&tBsD*#+}&HPG^2pmB-8mNbDT7xXwNo4K_^vD-m-0*yCa7 zCRxAp?lSxpe~@h2v=UEhSTavja*IGiA%&3+4Mu?<1}6)M0{T_7HwKuh&V?E)W`2hj zk*-JF(`UIPM1ZBM2G$}k0n&_$CKwXkL_gM?I*ung@%C^+vEN8sf1T{$Q$UcVCi|@s z{Q71)h-u^5>=gob^kliy=%~N(${}Lwo>$)#4z5T>yyW+FG)PS} z#GpLSM`Losn_*aSeGir{nQVt{In&I#sftG3x>pcLC^y$!LXn7mLMmL@S%CLz+NnpI zF~E#x<7ciGgQPRnU96TODpmhC^2HVeIC}?YoLzqcuRf*=LEae2mO(q(Li{}95gzC(DPZ%tq+f?C z0+dJ0aZ90_g`Mgu84q&1Sz)wX8(=4w{3pvjWSXyQZ|!jC71sU)5tly#w}d){ipku^ zMGpzyZE}9(DNsE=KuJ4(tz_XYZDpO>-~GfR6VhkDvTz0mxN4kHf3%+UnpCr};UKL# zP1qUvct&0LlD9|6A?AwuFo+!?FyMQ1+w;D~Y8Cl@0 z{Lx@?^}b1twr`(C2B^g=nVgEjB|kqPNSt-}yZSDTt!Lm+Zl(kFM&RN>B?GM$+G%0X z;QHePO^3TQ$%d5Q|GDQZcm;o9RN@L_dw~ykL_R-3y0onxJhZ{RbK1@)CmRQMhFlQ~ z-Nz#~eL*oa+^_rGJ05;+;Mp>F-0yHyDt*~xwiA>@>_pS`Pdf)u%uasRrns5gxS|8B z^Lkfv8ea8a-N(UEoJq5o4-|JbY(1B0`SE7!=RoLe+zq%n8#GQ!uThZ(RN*d6ga?_A#53cWf_3yFXSv24WPSNaE`W+Lq0 z%Wk=7ORB-sZ^}=Rv&aKJl-Y*9sm_#V&S6qjYztSN+AO<7EvUm0>sEl~suMQk@5Bda zxf;LwEfWUgRw@sow=XWRCYqgA(T3iXJATeIjoLW;WixF`;BJ)jOT}`ZHj+H7)ItZW zme8w%!%;MHWQyO(tn--cRFdO7OL`Lz!?gbTDpmyDO{H2b;Jc!Yx@2CyBc zkyE2P?Lm)r^qQ(!C*Kc)8z{E)dIde_(Ml7y^Wp z#zJps7Fz_+6hdfgWcBTsLc3Yc@Np3`hUu*-dcTiSWHpq!PET-@0R;-}S06`mS%#X! z)l%c$k>@k2ji;6)Ra5sEisKPEb|zEx0a+DLM0DE&E1HVvuIdjbYX)G<7giz3X`hhN zNZ?Lx`U?KssX1AYHb06}Kp-J#ot(=KXq}dgHDStYK`M2OsK~H_oy@(qa%|s}InhQ0 zY9IsgFHr9nXz}-02alYEkw7>>^}vH!GWEXR8j65k-xXD>;v}JIJ0Le;%%xXI__^zD zr4=LTL6P>@XeXAIl`{5$-S|aK?(?Y*!>tbS%5hceYfDLI2Y=ePVeCeRd*`NM4jL58 zY?az70{RQ)(dIyliuo(zL2}F1!GnBm@&pzMGnB<<&WhOF%IO%lLI3tle*mI?_R%== z&t|;YKe{x-#re(^mD9tMp_|LM$hF|Q%VNF}+YFWVu>11f+Y3_fKY85>aT>iI4Zm(V zyGQ{02QKKc4~nR)W9r@;;KyUJH2wf5g6P*dP8?96Q6T@mTMLEN6NNN9HQ&4;A1nyx z7XV7>I$~WQkCu&+j`dZ|qoukkyvTuaq=n}(|IspfeB zZ&ZQ!Z#s|S-V<~a!898Ynz_g&>&E^|SRRMit>0M3uiajc=COB*Y8@bCfu7+$q`I@% zbgsNY-t7U&cZb1TIhojR1byY`i0#7EKQ#=`z6S=X4@+z7H11zFy8PV<(cLd@hv<|Fch2OW!NJh|r8C#P*gpjK>o82VyI1n*Hd zC-|+bDc#19wWJ*=gSdFMcKwrouk2oei=9xtqz>L6j&B}Xm%p6M0QQ2EFkk{1$y1uk zo5Q7B1Nm~O^K@6fSuA;bF}VN)P?kDcbvw(>1ebP~y!XbqCIMd0p7xuW7@ucmqA1a! zOQYT4l{1KSz&Ccu9ldrNp9%GVj$HSXHIt(J^q`h2O{YuW3OK|uMjBLPN6|XY7K7>Z z4l$>DuUFl&N$i)fIrXoGxYSRhL_qz?3$EbitDJ=94cBVm102{6fx|l-sTS7R21a*! zi~=6q$*e42fH~cUz%%5HC`tyV*pp}3QM(d)hW^)|-rL@d7DfLArEe6!7%a&mS$6Zw zti`2GAqcVIXVZO_FuM6dfN<&=+t1Aoo*<8a<7rw;=}l`e^E?q8N+}y$UWk#r@_q-$ z$0w4LmbRYJAC-nmx$w@QB>!F-e%A1-bl26toWEtmyYnjT;Ig8G0E8irLU34hJo`zw6vMnFD?aY6tQipcC zY>cfQym6}{%LV%%fw>sY>W>)~VoQ?T*__o{cJ@{!AENu{ak8fI~qv~(p=;bj2>VuxnZV&oJ;a6&yXSaZZ37X5*$oLYaH*YZ8v)Jr%_U(D5WQ5v9V|R^`AtMdK6;2u`BLpy2QtG3! z4V_To-=7p9a^vfC3ZPAgKI?Mg!nsOa->xrm$&;gKh*dAS$-2J8y=VjX&SW6XV+AC=_w|9Gjc2qJ*B{mxYRTSzHReKjX{OcSS$PLw2b7^;K_5YN>8~| z61Hl^B_lyiJ@??tmYCcTxpF=4iQlR|^mg@Ym)FPbUD503r9gGSd1Z?k zLTbNXCxx)jP;sjKF+VxZkVs^|^>TPbxqDO!9!eesf}<^eaibrFER1nx$o%9wz#djX z0ls3(pl!ss@LUx_p;v|@hiX~9dhA1_UX^GQ?v*FOCi^xS$)cSiY%;@iU2=BMg%^t5 zR{LDe4Jm_8nKoqNN45C`)J=}YajYlM+l1)nrkc)@?K+1f3e)SIm0I$#&$rWN14;7QQ#gornZHbKj0)?Cdl)&ywi}MwDzEf?tF*vRcHLj zQ>5mjTkB1`QQ}K$nC=#%N2I09Ig6kAt8YU33vU_7@0{oLszpyEb(69$kqLkFYFfKB z-&7RrOVtt(OWzsUOEO zCJ!eSm!~<^aelA6q{gIa62+ziW_tZ?ZHXZbbYUoZz9##-KMmqoPOk5Gn$0bOrCI!0 z=7nK$6LxIyOZ3J*(sh7%sa{VcGGZf{sg`y_op?FKN;Cw=LK{HRJGDCVdEdNe%K9Mo z%MaK1(+v%%{UKb<@Q` zQ`EhR?cd-!EgC&2lOtk)2l;q{Q=IZ8*BTeJOXYWNv*qKt+KUe~VT8*?Z4hzI4&SA1Fj2ctVhi4>{kUw0d;3ReP!Xpkg?Z*@9hWyho&JK1!m<19W)8vM8 z3G`P?9E=ZgK{r!Tfyg0yUdx)Q+>lm(VZXko;Cg(iqe#p5a;ht!w{w4z(>~6qL-E}0 zW4}9Y_Fh@X&NYGL{%EFVv6#*V*22by4gwHH-X z&(8DLf7!BM9UYrLh;W3{V6 z49spW3v)@6CP_xE8aDcFE6*LO^68Tuctmc@1a3AX)bNc64%f8wv%S#}j-#NrDaIlm z#KPumY141H)nmFf*4PT=Oi*%Wx;Z{IiTofiJb_k>M~i(qNRhw7{#t}FaS$Rpb;E%@ zTy+enThPwRy4|AaRgrmTTlmW4`yK70B&d$I6*x5JH$Q|M;^)Vw#=>{nXDw*ca8fWU z1g($UyQXGBjL?vGEeZLyuL@5e;DhhXHS6CG-y}aTuW4Yqavobh4j%s~m+%aHc$9sH zxBV`o?A^%3>w)nzH#N!g?N6fpsd(x1gcORy84y6a`LtgRg{m-p%z zGxne9Vmv3R%7mH*D7@N%(Vrzbec!uwd}Y4GVaCz9Qt;YkG~&+^A^u;%YR>n@@SC|g z?Nr>D5YfZMUl+(!gsN3`)DgR9<0DP>nP=L46VUNMXQ*?((+IfWVaU|ghaxQq1mzl5 z6p=gXf|Ro^1E6tC7DV(T0sdxUy#BDUq{*$H6+$(r@2sWuEyZdVtR}u=-Q*f3G<0I< zsjXA+I9sME6=;_3U#6F=k~GCW*!250`FIG4ApMZO40!ZWj6VpgoR}>)k8>?*Tle#H z#t?&~@6q3bny)cOVs4%dJEaZjpO-y)WkAJ^zI0xDe*8OBD+>=~YB`0ahCEYxlZ=~N zK*OYG*gX5*7+5irK@4E1ZgR)VQB-XiEGI}NW!q}FsjD2|xkL_ey_$rTC{{RR({7PS zxW_V9DCLAW7(#oc-;;-@A5JKnFP zJrtpSJf@zrea+BLI(qjX#hR3}(yq5RzBS6CslSc^ymO^KatD{>1Gp%V^C&2aocARn z)QMHx*gb?}@HJE;kH{@v0}?ptX1O2XBa-X=ASPDCqGyK1tgHc#TZrQfzlM7tnbgHM z@J&id^EaNHk}JX}&CXNlzhz}9l1EWWG)9pS4!}eo6X8s`h1s$d-}Bt)Q;O)NHL4pS~67yq0#wnd~rkHS^w_#rv)|zr?%Mv ztE#iho;wfHdERxonR@@PN0n|32`XtSrgD)8#3%ggnq)`t}c*jTr3Ol55F@irK#&VJkQ#qrct z^?fuIlmuJUt{@WZ?US10Gb>cA$jSmOT!wgo+jEY#v z*w6~3o;%sj782&Ra2<2Qdm%mJLC0<7_SS6rHAUd&^J0GpS+5+y>>uO0c9_wl{7cs2 zs}`X(RyA1dR>5OJ<+Us)EA5K5>^H#HV7pot3*K`ebd-_q03L+ z77Oe~-+b|{6NH|xtl-|hiQ|ik`2}cNJxg!Bc8KpQ6U1Q~$=F-(W zq3@lnvy!x*5`lgPdCpk%h?8;i@QD7J9M>{K;_3^OP`$?;icmJ)VkRKi;X3a`^aM|I z$op|TC6dc;d6Lav#&c5$o1FZ@j@m=FE&X%-^;-64E4%e`#-UdVDUHq_t+w}z!3LvT z4dzSN-<>i*#|y|Td~Kda*>%9Yzmf|n$>1VLos!!@SGiq}wzq4jkko~EgBn1;VlrvE z`S(jJUV3AAKRSe7quV$Ip1O;Fz=G)x*SN z3dY8bSHTq>wj4!Y>!xWtHb;iQZQ#LyF;P(kbQi19>7mx9?G#hyM^`OMI3Zf zm%sS1*Yk5yGsDvG@=z>IrXP>>w>5MOT$m`8k|Rt_ve^&%({&TLIsV5*|3X1|Gbd&w zmlS&~{2>2=UT7%fq!)l`Sl|$tgSW_G!z~a#=(Ljlp!^aC!dJQJJ5xKKnt#JpD$uZD zemOq|NZdagBERE_qSCA$U8QzDUDm5r4p>Q%@iy>gvHnzhK=DAjf6k^1l2%}qC5OzG zKTbU+HEIiuL2B>^N7nE1A9)>AdTLko1#Z{lWl7oKx3`!u_0F&J0pqLgU}DMdGNz2c z(%1_HPO!6$F@g#OFMu^`FPGWD!GnzJsX=yJOh{-kE*@a@d}Rp2+(nTN@T^r{KOb5@ zw<9vn;^?Ce*(eybiOJlMYnp((<>@Bi^Lotm1UK=acY)shmB=~%I_N|Z-Bv)_xRh!W zYS#8^uqFkz(t6;lgMJ_`Kt5~U1?p`;XIHmmUbsn7hrkbe^=O^`O*fAUfLX?eXy@x; zRWggI_9t494sDeQMiIQ0C$&RwU1!504=KH$2s^O;lKXl^@NQ6=K`%m_TW3lVbpj77 z;36<1s(G%#7iI#>-&mmokw13c#1N(qQwmSVrE9%$Q^!RU+-5v#`@C3EseCu)PIN*F z+K&!bpPnyHP7?~0c*)iv$1_gWVG8?zsP1#dX7S9fx7|kWvmJL(K%G0=Pww?Um0S@=c@ub)u()h=(F8}H3ANNNZAE6BwQ`;_mMy}D{{$0KE3GR zgwn`xPDFjb3B%1HBE(&xUZp6qic>)A40#QRb$}n-$ITVDRWyNy+iEjB{pZpZ@r?|w zIv~(HdhhabShHe>0yffI2!N3ji)V7!eh#6^pvKC8NWB=}Rxl_?1m3?3{a%^-c-6JH zS$%J`57=|)^B>P>!XpBByL-R1VHN_&H+8pd30IiDwJ3>Kc+Nc;!?t#@i&gXjbjrpM zLm05_(DgRE3p&Sb22OJr;qamoUfC@3NFG{UH{Jf4-eM^1Gh`3@iS{9c#p^y;r}@D2p_LrVWNr{i*B=#*cwi1cn4GFtq23)CPJ zOL0{Lkz>6V|CA>zTm%50o)@;q2-T0EI2;luEHnwNZ;S4A#e>}ML?{v|=^^$DroYo$ ziIQ!h{mZ#SS5wtSO_Q^5=$vetwQQUMk+uS!xVcgny{yQOaQ>ykP}s_d*XR6X(a;FI z!nxXPIt490t#LeWYt98YAs6&7`zF`}@>`}>nij>fw9j|&SDN_N{Dlp5k+%&umCrVY zpapIVbAxhuM##860Tne40h(f$kr(zIlCrC83}g$dra7iRy}I`XSFg9Hq_0nh-3Jw& zpbTGGw74v=ynTPbg&Hy3(cv>2Zs@L)p|qL*wCG~UJHzoYjgF#LORG*F2_W)_h@0^dQF}-D5m+|*`_7Pn4gB4fpouyUz z$H#kc#E`Ed=~ zH>%ALfpY_;PtBD>c?Sx>iRs9$tEfl#z0pTE8Y|}~df1Hb(v+ruw@s9<-8ig)x!a%m zIDc_1!+$x6C9l7;s5ktVPN;_`tAUxjXTK?+BUF8_!N6$^z@!321)mXAJfmAf;5L@ZO@E#IK3pd;nxkb*^xqKRuIaKC}DL5NuY%+S| zx}$%8!}B9tcIwdbHFj)$KzU@maLi_@k?1CLbm7!k-$IQ&|=g#0(RzU?yY1x3TKES{3CynhZm5%#+ zPE8$=oj+|S%p^g?cb5Ep@BRQ2QXdAkqBmbxps=pGYsuW3zO6}yc4_hUJ->B#p+4M2 z59NvX)0^BB;3hllcSX$l;1p!zy2T9Nqr}e>#XL6Ji=MMdJY^Zdt#typ-BBM_IA8x8 zhp4ZgC;T#*n~g;TFw@*sZ6dPmhX&h8#SLw)={-RkQ(cy@{UhOezy8NyKnsyQlV;K{eq zCZ1eh`}Mbxp6J}}$J5#arxhPZun`b5Ew*^Je3vjQ4vnBE&4s9%ysrTh#j`m=P85cQ zjoqcH8)><-jJ`|4ecpzuc)C~-w&nT0iy0j4EA9F(c-fkBr`PlR&)Y+H1L!5|Z%IQb zzFme@@_iDy67Fk&mk?yV%XShp%ct1P$oE&&>{|{gUTG5DK+Kc!T90nO8eM{?#_wp? zS3E&1U&MLgmPfV{cVm@wtoUm~>R19C(DxSQYGn9gidp4s@eP4F8$#W-D$Frtk;3re z9s7|C;v~7uvuI!gG<2s1uXOd$h*bN)Q+8IZdK*H(p1oJoPfky~O?V?5)uZj<_sS!2id z*Ky!F|8lmn2p%f_oXdcRD?*{L-IyA|&AkwrK6gA^ixrjo)Vzvuk z^kgolVF0?&6pbhNGy4O52lOmV9%)_qL%FRvQej^46s^ga647=ck$FCqT+6!ftN2kW zZ-*jcS8l!y?;-MV`i%Y9_ufHL6W2gAaJ8iOJWIF-Qe&WBlsSwb$TMNN&ZPeZcu3GV z%h&SL{@KGmH2e}a0>3ULy45MbOg?eY$_EX|K)4lVAu5b>5c7(7YP6Qr4=PUj!6aN* ze>UM7+yjF8DPV$|)r1$KSsUaHy%_Q^XeR4}rVs)D{*APZl^IJ7CV=6HtXpU6Q~GnQe;4N0wAG_FWL`DlCW<1!WhJc^$d( zE&MBIUd1I}I(mB;qy$6Q8D=ddMK;KC#$ee~#fJ$?8fJ#${t9ze`R<})fMx>|QPC1Y zVH?C+yLN2kO1lEzV36=<3!J<0^yzJjolvpYCZ>jjNdM``3N1sdVsB241IgNJA zBKG1yujqBwFVhU(ncWmiXEzpoEQ@g+lRDlSTX^L{!!-S@n}}uQKkE>l1Z@Tuyz*-j zWpsJ)o6Kh_%InNd^jv8X(&L=JY^A@fVmQ5U$N3x1^xQSm?HOqEpBerCp-9{C30^Q< zQ2+3cbnO4W-2DY!!U6u$c_-)%|KQ(meEc)g_207q{`0RVD4*~N%3rw5>H10A_mOh? z?5?qtrAQiH^X5iOP3wSlQTTtUI(ho;wOtJ@fIZmTJEb@J7*`fQ)L$;n-o`U);qyYU zY4yYmY1EbO|9<2z{gUzI*IGqvd|~l7flOE)wW7AxUnN2+v`GoZx_vObS>9ePGpBXh zi2c?2f9E~uMoRoW>IB2`*pJF9J+OrR(vF(XUBXjY)@wuS)HFRvYEWY~9r^r-o_>fir*|UB+Z09ZPZd{rJ{#LQQ#rjuK z2Rf{bL2@4KKMhnk^DAf5>W6sQqBFTK;$bPfwaLcuxo-3eMVqjJd<3# zGUZ_DsE*Xh5AXuRpn=fONvi|yJZaiSvc;2Y_q?sn_s42Jo6^{8G-~dh4!AeErtft* z*Y?Ijqk2t=%bZfyF;)rzQy!d#`fcX7)nxyvQq0gpDlX~qNaPorIjE63`H<%oX8@z0 z@EA8)YMa^RE1AjR`^|rl?9mp#rfV`=%xH4U&zOB2ojf$Fl^n<2obl36wnDvjO2Er! zO$$!eix2R18f+9?w1JRRem+fo_Wdsv`gfgVG%A9a>z@Rki)5H1^>CHSyO8%&weLNZ zM962XL9WZrxhng7+1v+9FG?`#Ayfr6s8x)1kBgldg4aWHgk8eQq6ym7{P&ksEeQE{ z>t}z(^v}P*r@<#ok3=1b01GjUWkSvKh;shp!SKzBI~ioVm2(;IuMJZd+D+@4MeB{J zQ$IwGC{P-M)pNcN+O3PL% z>>Q%>-uZeppKBgQF;7`ZcD{IJ#S9+cfm0YkK$63XD@jM(U)3S-LW^$NI$N~Lfo^hG zf-qrJ_P3tKtdGeII`jL@g)`(UKzq*24FQX`#G?=pP|njzUaLfXG9^p@SDM>_OG&1C zek}|~zeFtHjee3R9Xwj!eYUc*s%v5MBp+=I`5q19`_K}T^aJfRt!*by5?+g&>D}K3 zFgl1hFgFek4bi=n)H6_}>Iex5-<^q?^R~HpDJ>UK`4{HGDMcyAJTcq?-&6```i03$ zaxck(50;xR`42J#bkdV~dAbDlL?EJ;A98ohbHQeOHl7F4d2&nkMmfS&o$RrkbXa)z zvdpuL0SB_q42?O%Wr690@T1DgndP2lZDeeJ0^(~1Rq6p919>v)c!HTMVW_LFfgVdUq(i=H zxlLNK;A>2*3K4hshYx#TP<5(S9I15c!G8X3@DF4&RWzxSC~0iWDA;0L>=u{lU8t-xNAf>tuQ~O4|}`lb%Dx{eIMeDS;42^<}fm%T<`(C@hUV)7^@&h()nKY$8lce zn9XwsT@IUi?GQWADek8gO; zT89NMvWO%$_&QkXY$uK9(jzH5nWmL8ek;)gUIyHzVr7v}+jzHGPT!z`dF2+4LTiN` ziZ7LR&+CT$Jr#pCQXtYPCQH|E+oqkzwLfc&39de6+c)$!FIw zsRxxAy>h`IjnL%DPKut(iXM-H#>+pRI#k`Qjic}^X*uu=(6O^)Qf!W~uhWX#rIpHg zKT*HW;1hmBML?F2UIYmKxNSqmLv z(IPcXeP(?AhxMtvBtGSQjyG#MUW!bAX-Q)N8e>%Lq~Dn+l~{*vvTySH_#ve2R}LbR z0-w|3V(8DaW7P*sL`@+%D)Wb;p2?P8hP#<56ITNxJGRj_DU3cDzdx8}DxV4sZ7^w# zO*$sMWqA2#!y^3I!TdV~Ja`C4;k@nUO7NEu^H!Q+RE1iyh0*6U)opLXDkK!-T`;IB zkx#-*FC*Uxl_`S%rQ3#v+95>h zW%M|6@5gDKD*xDh{K)QPH+)o3#KwarT10PnKLNpO*#wV}--7}=-M~=V4F5XwMG;Kj z5LPBe-W%8OIltl9STNI*jl__x7cU#@tI2|Dsz-XRb_+ zwhVZsK@6IHv(Y8;y)xbLiCX_ot6{tL`TeROoN{iB_JsH;14@`mE3VKPVb`;;MIVG- z6Z6%qztt75SEkolR=2%C1xkck7H&73WN4bLJ`65|0tHq=$ zkO6{_YxOe+N%Lge6CQi>0?*FwleV14(YNDPB|%Ch^2rkai{z=xI5{;>+vOI(OZMV14d~>}iVnZh%3mpo(=11UKo5xGDN=6F&$xIgGquz#o&ot-0OtCdh#`8D zqVKF#e#r&{yyz}r{cuV!#zUOfDz&3ZEYge|?L6eiXUvc| z9KS&@vrHUHdSF#N0q1g&)Y7L+Ns!Z?LP79NCTiUNq-Kz!z=u{_mo~rH7VW1^lA#gp zx?xY|yJ2`A?}T*S4*OU%OhSBULhg3TK?fJ&VDdyJnqr3Y2+(=qAgj(a$(0%z{crJX z+Y>4%>S++@mc+XJU4(IMO+f|R#R3lIKFeW$So;0)<6Tyc8$7Yl=irOBnfo>>Mr0_e zC^^bc$=mRH*)zzMy%JMRUkjcG-(PrYK@>^nt$r;dNKBK+_l=Tgb{+{r$CQBYkDB_> zXn6ck@cpW31UbjAKbU(?9kp`joqJSE4Sv~TpJBtpiwKXTGBWq(n%yiZ1LlVkht#Ak!dxDmSt!w$a5b*nd=k)qM~GqRAKUJi1flUAF|Q&+wAh<0M4tX;Jj`5^{X{ztddK$N1Ui9%7M z4-G>txK8j-=?&U+&zs5+@o&RMjZn5ddcj?ENChEgQYz~+1rlhU3vUOnp`BPJ9v*2> zTrbB{%zH^g$*EDHYbxQtP*(k|MQhDnT^1{0QY2F10RcQZMG+x1YqrO1XX~QGNj>Cf zp1}sBHAZSE?$rG(ZPTLZQNCXJx7GBOhKzn*@7y^g+LGnv6vJUoein@fX-6`|^NcyOuyEk#D7 zq)-VbkP=eTRHfWd#=yFskuGlgS%5e>>kbKF#4_PPg`wPOTQ?dZ0A<$Ox!WU0)$m=H zI7@xg98L0z zQ?B?@8eIXRSCIOD;5-cmA}mIMDyWvM$uY#64yL>P$u`M*$D2~K9xue6b%$+P&%z^^ zP3E?fPXy=lB zY&P>eujkrr$zCxkCP<{?v`vx9_5Pw*-!S}Z84sPv!bByQKyZz|nWWZ)8F#(aB-7`n zntE6BMr*0Vs68DLfsK=4$UW+>t^G|XhFjtXR7gQi`6CNv`{gpj*^0=SDv{^}nlv!|cCIDe z5(%#2DELiF5dal75aMj{y(k_8{)_w(eWg(F2$E+iJIP*&+lU+`#5z3L9WBYb9E7T~ zsz`sk&`6+f#40Ex!7?1ug~tI*Horc5!pr-1f{&kx&rGWbj)gZP-8*_{Q4JT}eb-Ng zH!{;r$TY9}RTdqRd}5KTf@M&(s%;Raeu$65x+i5#&G$2dh8}BRh_FXnI}Gq6B}m!e z@Z3$>4sNWHrx905Xln)cY#LKI4eO?f};Bz;=bo- zRrgu-KzDl~ppO$)Ti42>yst%v(#tHj&wJUhCW|iL6=ZXr{V2wPaLyhp+50|am4wKi z9)s@eoypJU&v<}?AF=K-KmArHw{7s9pG?rZ@|g&LhtpD&^PUh{oH9QY1ex+XR6+E# zSrg1c3DY^2i@zl)N?JrlGuy$`XF1{z7x|7?Odw(>7oXy@V~Xo>!6ECS@}sU!DJG?R zYj88~Dz7cS^vfq<2d;8$(+H+)WtOZdw=`yzVDHTbxFtjdrky|MOEoeUQSwKJM=X6Q zS5B54^3J=jgK?uu1|BkgC%(uT5A|bQ5S2r47X!nQNCc5nCbc>fb(C4`2n$>-$*4&` zm3w}=16(zebiS&7lP_Qh9ES@>NGHU_O&*y+6Eo{2S*AC+!Eo?pdV}6Vk^66D0BD0w zDtS|~bXlqmRqh#5q+HHqx7^GhKFTJm@L7kpRtc({mn`u(0fsBmwx+)26~l4u;pQ`P zv~@@9b=m#2zfJjw3o><&l#$s&K{aKIE5#~Bn}{VL^ZL<~92I?Yt@(&ta)o6g1H{iM zeNtP#8ww8DEO|b^T+|WyA8O`N%@-6hvTKK1bO&2n3sFhB_p;KR&A;yj23Vu^UgIRh z8M8uoQu7wwjxqtpnN)$q5Nj)LV$PXNm0gLdNL0`}QzQD-o&{OqVRK=}r0En|yUTh> z5{i0)9`8E4dhY9X^NXB~2FzV$6_s3rW3x_gL0K2aFqVpGt;rPr*OfvHlLQ`XyQVpV z2FvDcd^!*#48544%-u$dq>bY6QSxi-0-O*%I#GU(?aWcQaIolDuoU%K0tsWR;xjaL zW9;e02>>?YcEOL<){oS@P^2q~J*iP9Bz2edN?yT%m#FnP-6ihmj{lgJKA3v%3=I(6 zbUnuH!$ROKNu~c>-3QB?0Jia*_$9KTjTHTvD2awpkrLz%MIeeehQvVGynIgGnaSt| z)GYKIhb>&NPi3b}&&q|2s-Z%PZF||!X$e`GZt%&->FLw%0nfopo%c^%Y!-+ta_5RM zp4yRX5fI?HZU)jy^)!CP%=MLRO3*j;B%P`~&_~{*-XX>2MUN(YLO$K z4{QRnox#AzRlpnO9k1Tv7$rC%{zoui1l|I01osnIv76Z~D@@drlQyZA0lV8;Na0`O zZr!DC>F1f^x_8>kF)jq@95bk?DZv=3rjLusn}*vE_^?j|!#UapDc!afizX#b zGbg{KQ4zydcO1S5LPh3%^p0kR{K9>E+hu>ZN$HwJj0g zY%-Ck7ToGlIW6y9yg$MwVHf#*=PAgktq8CAhfLVT@-Ii1)WyGYfAlJb3B!l4FCRHA zPYy%4_CA%C{!Hk6%idr$3S6}|vwhLk!G%uK4CQ$f(lONf>I2*1kP6_91 zjB$8E%pUjq*g9z!^IJ;ay=_VV*IFEth#sUYYtPBf#$1sOFdr9$4DXInVXjv%EAIlRbBkUBR_67ip*YGB2B~Ov;T@ z$fxLak}C@Nus6}~XSpwIEibH527~QvvdSlTebHx4rQeAIby?!n6zK&R?7wg=i@4#N zo@Q{MS^m;ohMZZK+sHutx;D#DX*7Q3%cXA*Ff!FDC5^Q6_{l<9T?BJaKNfXQ$YZv> zM>Q5`^7TswNijvbFF>KLy1IK#!gvV@kwFX*Ga!wMpQ1Mn2R#Q-^W8dB+{ML5e%pc? z;^tdp!fjZ>didX74B%RaU-rwR{aZ`H7b3A%|JUJ-9!ClhtHgsh9edWt@>zN@r~F|; za2}+E5IjZEh|3HlcN}8wxb)qKIl02(Scwh5GCOeuge=GH64Do5poFrUb3E~RH z^#C~>ndNA(>Wqk5Ufb|6etg$wYD(k>Yqs?Kz;Oog zm~}$5#lJ{!yO=vTSkenV!rQNx$Si@%&JV9q?zzC9R~=(h&cjcd$d_piku}4ULPXUj z4rxsXZA6T`P(9@WN%z-U2|C;|avj13F4=QPrqH0Mq!s9Bsn)~fy7il3AH9?&g{5yc zwyZS4!nL|@WUE4mt1RvpaEkJ5y;kEG=^WNl;L}%+T5%Du@~M|p{UqFlhUT+2{`Ud= z>(BC;gQ!;BWsUuw`=sEE!qOz41Q?JJVx<)@jZe4r^Go*BEh29=hd#r)Chj8j@?aQP zR@%1J-2vlDrSl4k_RypR8^y0tMFIOJuVTH$0#-4WpKQnTZP!^QwRPm|&OEKqWb-i3 z3B?6szW=6J2$XdHA2%KnAl8+@s}nTZa><8Ed=CD|4^{EtmPSOL<0kAyGQH-?(ZXdArRV$-IS=;@^$AP}Lj-Nr#?nCmYW2>b z5k3lxP{yc+yn7uL&J{`afqsZVKDk%GXDPo1?W36wt->jT<$9FpoQJLknfN8sTTxEvF?i3k0Ld{w~^mYh0RL|Y8AgJkH+CKhc`8=5ftX+^sYoK97hoX zDND}|k2olrh>9oYF`D;!BxnP}zgcUqvN0Q$b^ZD>Av+q1bi>Fuj}6QaddyegTv>Gx znsU~tNq*|uAGzYtDJ+x z4rO%le*KnzAgR5>6k2RW5o+xCT>S>r))=T=Yx2T8j=)3nx_gm$8GtSP$xQ6SVf5zO z!mwrd%?5&Ej{M4_r*v-UFii_~>~90b)Qj>nU!ZFF@W~1rGY!Q# z#UDs%d2XVFUs#2N-3 z(vAl*g=y?)Anaw}3b5m1L( zQcq;F*(&u>R}Pv2H4&1D+S=_wX}i!SA-0D zdwMMdgJk=Gg?TOf!5+0&yt1N=ma9f87CgEEU#t zJMtZQEADVyNJf>AK0*A7NJ&=i%K!#Q1Q}F%#QAvUI2A#6BB*JUAngcE*l6NA0+h*V z$278dE>g2|)tVz)DlUG*`L&9Q5;v~Lf>?RG$}xHsP$DF_T5|U{u+=UV_M&;EY{OI= z$0(fF`37{%~K62W!&0sft~I&L<} zc@~zU&hA3Bth7DU+~md>&0K6{gJR41`CAa4>O-glQzS=dvMrx)HOKPX_2Ln_AN#{h z?N3?I9J~Ppvmxx_ayK8cf_0HOaxji?%$tmJ<;o?k!9L^ zg|73M6x)X-+Xs`E)q^s{Ww@fcetgtie{}FKgPIwi0CmW^=@fypOz22d1kC);%Oc#N zcu9x~3SXlV1YB4#A#dbSCgpY)=H+Yf`j_eHZkJbu5N6HW)Z&L#lkj87>A!67Mh?I$ zGeuYt6uOU;^~@LR{0AJh$Ty|%7>rz`b&H`E(D+rE1t}7Dl;rC6)GXvQWU5g0<3{uT zgx-`cKAH>+t3Ld4m+`o0y{a1&;{NsN>*FwNm(9 zk@y`v=m4Smx}jz497|g7*F0T5>fKnF5Eay8KaNw~BtgGGWug4Nu`*@uRK>g?r^7i~ zo(Sana+cZwtShH2+vd_@ZB9;(k%qq~V=Zgj5J{@LfpBb%>P^M-W#h521xRy8-#x%G zOegUe?1==_|5p$lB72|;#?EfhfOD9G zAueH)3dsUBWonbk-}UQA)HH(u>|fU6 zZrzql#ntgv`W!0E^c3?MTmcX}9|--?`UnADIsO?U8a%LJJ-Z4g_=|%DfGG8u0$D$y z*QhVAXo+PkH*?Y;!K`o2_hru)sk#W**j5NyYsNV;UvK@5eE!C%Mr7QcenPYL$+{D# zq8#)pm7&zRAX?E3 zfne-q>`X+lDVgzxjDgY-!!nQ)P*P}6+^cl#wiA+ISNdha?Q7o(^f$0tqBE?7|KTuUJ%5n_g|pD_Z| z=R=T0aci*_&~)!8Q^*6OI2Nf0slGZRI9nHpn5hlFQCTUxxy~d7yT$1>%V$9Mf3Il$ zaEF^8MZ8P7JVIqCw7#0UO#;y)4D!DCPU_vqo?)D_^o>&#`IzW&bB8vh@f`%eDa$9! zPm&Y_I7vPQkA$L&WF9gDea1e0=siXqyaKUqpPXAzJ1mr+q|}`$W@+-Z{#WAP2FQnR zDtZxYZ`sF>bBb)n;Ih*D#NgIwp`Q%&tA!0GkL;ut9F&R2@x#>am0vpPBC8mM1pHpH z>UpEUvHF4N9-DdxiPmvtf+lc{9`gDq75O(u?9~G7ea8W(zrN9tH`N$C1m%-$o0#bD ziol!F)cksdr`Szx!!()jhE-S3rgd4o3v9`+xPrP=A_jYnp6}9 zl4OyZE%JyxsL}`-Tm3Yck0nJUm9T3ua!3y61gi}=t);$SKb|y+_rK#?jZ3JnK_RL0 z=Ihx9Veh!hmYwCvx4qbwIffoxh_k-LJy+Y`SJ$`d7T^oKg@`wRN?chVNQI@>C4C!i^yYv z>#UJ{0NGR6%lvl z5@ZRGDux*^NgGi?FvKW(hI^mk>|4>P1~o{D&fMTQ&wy9v9bm}Albc+0&2Qh+ZS~x&XOhHG zh!P+pzVOLdTM?*k?J?H<>JT0LdYd(7E7Ba|E<`dttJEEQZCMA;X47{2b){ztWewq^y~%z}%W-H&sETEvQ{DHhJDC;0|>9?`V@3AZ=(lQkDU zm0ML2Ou#tbpqtV!WU2~kW&fc#*p=}(S!32%2Omnt#WnkRg3*I~hAlFtC#LNg_1AG! z31`nukR%X|J{5c#QN1Gd67vEWiTx(A-Ag0JW|D9^G)(>F-VW~6hwr+F0524B>hP10 zUr^07S4TR#xtW-Zqg!&YQ=Bb~jY0-tU1Jtq?mu%5`Y`8ira(7g)Gm8ldSsvuT$1%= zfFu`%*o@}gFBe4Hglg&Zo)mBh&n>~y&%Cjo==_#m`{dIW`Y;@p>i;4#kQKrMOuGh1 zVF3apFMtZRRj`OXtKsH10f)mBikM490$Wc)yg%4R$JXsQ)bJE1@^k)2-S}3Ev|DHQ zqL~?Gkdu3d!zJHdO8i4P>dmv~v;3UKnL?`_oTEitMD%Y^?_dkL4wjL7>27)>bmzjSOXLp0^Q;2Un^W2uiDVy=Iv4~@By5YUy^*?{g|_M z`i|s08DmerX3)j|JNOR~LoawTECu&^a?l<~aT2^<9Y?84pul4<{vgGVmWR3&?5rO9 zs)NBl!k6xA$SgzpS`hB9x=VfD$LS!>d4!EL2r)OM8zNqR{*6Yj6Dk<=Ef^3SMLvH9IDYvR z<9E}G=DC$i;dM)Wcmj75nd7Uz?dzavDxdYm^-JvT>RmXTEz^msd&cv*Nr~RM?h_%) zu-~JN-`a;O1AY69Rp?HrWpD|w&Pj(|j3FbBoHX&vhL%R7=((IFCYH3Y{>%L~k`mZl zeGeFYN-=bYRTfB6@LlZasd<(jLYLOgE^Q+^j-7S<@tS z3IBNiCDATH*>N{KsD*v==i2}T`ynIl%o;S}qhQEV^Gi=WA;KY>n^rgKaL6bbkF&p2 zj1?+_++v>usHST#{cQT@cXsM|1m{Q-#Wub>Se9#9kCJW0f+)qY*$8j%?gSkj#JN^9 z*y=qzy)Xn;M~6q1F4z9Q-W2x}@86ltk+$y}tZGBtI^=#-`Xdq*9F>q>Wp2&wt+Tw| zWVt_`PW*iSh=^$)zA&vK?9Q~G3?&jXC?F^-$U97UO#A#*0oUvAV9j~Iy&OUHI~tXm zBQ2dx;*4fALJZf)kOyT%{`=Dm*t%UfWWhkP17jBB6*}+>+&)R?G+L{F)s=NDoSX|8 znaMP32=lK579TTN&UWm?U0!60c9h&UW#WCJ)B$H&`ya^Fk&cmF);HXuv{!7X3<=V0 zV0w34yl~J1B5$pQ6qRcG+?KHut*HS2magxcEslUM}u4iz8T0H2$$%h7u$R zAFuY!Vb0@i<#pHdU@goOqfsiUml%$OSf0eaEb3A`w z4GcOymuBmCT1n$^CfU=uS&)ZL``JqyZ{Ap&J7yDiH759`0$0(Y9#nK0H|FLHKi%jq z-FB1KH_-_kvbi?a_4qffHeKdpfI$?;|v14?d4UzB;wfC3i}|&+JaXp5QT> z7G>K$%%~^pOx<+pLVeN!vJQG0h~bhsP-2F!0j16lfm$|fnxz#fNeOVmI$~KQxUr1`2X;Y_V>Yzd2aZKoDwFtVJ&oI-?XBmb^lBS7~`2^5I_`Aef zSpOwq$R!E;IPpa{BcEe*Q@R}?=Feo>Y0@fiH#>DZ=%#p>`$@D}mspf!2YTxZ?bulu zD{08vASE8$h-Mko&KMhk05v<(_BwTQGsOYAba3i8MJJ*p)we3U_AHNs3mN)O&7cD% zT=~bE034|wvQFcnQ~xr}HdJXe_F6~j+~@=?h=VM00`7QoQ;V}d4%bkkX(5Bhz`P&5SiF^L}N?x--B(uo8iJ<=;3A?KsJkk!ypXuO@MCIN;Xg^m2YQf<| zGVvjgV*hdkyC65oQQRqT4D+68DgB{ZVjACH_!wlO#{soHVIz3iYN9rUfXOh9C(+hH z(An~lwHI-qO)?~)BfluoazEDCcx>S(MY}3HwhdF2M#uH;Vn5#WX2(Pa8(hf=4Ga)V z2dQN6dNK}it?mOtP|R8#+50y31E&49V`RjfwY0#4^8O;H}G35aX>x{XmbL zPb%)^2P8z+2yi0w$kg#w)vQ9#F*s6pU+#bh48Z`Ph*w)+zF18@u?M26!-eu9?|ODmO)9+z81sUIZMR zs`-%<6t@KHdZuS5WeSh*hKt3wFg4|W)f$5))3%PD#>U~s_-w|*Y zezAH`sUh=Oz47+^C_qPf)q#=Y!cM#B+dmb_kt33k2bcvoqoO-}oMfTcN;3WFzF(1? zviW#Jyt=89UDdy5CFNItIwI5xe@RWf4q_u26gYe;f)fSXNefV~w?AV%TJy<9;IspJ z_>q1VBNi5iEPzbfm?o1rqb@`^F^BhBrex>*CLcFWKrQ2=aN<^GmPK-&mKFp2BfFx2 zEc=dRfjEHT?r2Og{UxU0c$aP}D4Edtj17))u>4=iyz5%BYkcW4PXUc9W+{PVp*l1$ zBz96Q1Glny*(}Awo^F0xkn~EVP1&?4@;&maev&!SqDS$9?RUdJE#Jl;81O=<9u`f| zPHel$7X^b$L>!Virm9s_teqQIgWotvF`1;Je{anl6LDAZ#)k9dJSW52JXuEHkO+ox z^qc1freFJ_{amtBgpR_mvU_mD4R`)r63~C})#xCFFY=rI2kgUQ`gj@__0u`!%utf# zMPF0IoUjst);ZfOCqg6DlFCrwxleI)okIzh92oqjq>4`aqQClHOTZz!$-F)M6tTw0 z*oaKBI?`{~@zOZMD79dwYM~g36Q~@H6q?I%3T71>;;ZvYts|o{e&~T)y6ihBwD>t_ zp=NnK=32?qO?reQnr&HFd`Kc+EJYY3$8cuh_&uxTz44pPAN3gU9Y^WUbh3A(o#K+} z_FTCWCmVrWr_8jHX_1EJnJHO3B!5coWb6#WcLM^PgD|_jepT049j*G+-foc}Haf&m zG}(#x3zT-g#1aONca=BV-NQq=3;t`HmI(czI$e3{*ywNrSx~By zUKGd3eB0%t~5S|g&e6ni5kyuNK#*V$7(@C-?a_5_c^w7 z(ujQ(_%cl)wefuL)$7)B>ETvG*rX6ao5sMK_R#D={3dW= zNHi!~Uer3dBk?alZA+8;yTU0M{F0T3m3Ga3nQGD_7k30p2^qR1x)hk6HQkaaHFZt8;w84 z^YEkhmC+ypt7kO8d`zAFr|+z&ho}%d7U+sl68fQ=Eb37$|QX*Jv%`ZE?G@FWN ztsU@y8I8Q#<51*R(iXx!Nulp)RcgVD@2aL2gYNkvE&4B9#PxJsj`s9394cZ)ShBUU zC~s>v%$OF?5O%>;8Un9>FBz7Ss{bj--NJy+tpz4vQFoz=s&=_fYR-FaMPS|u$}$8J zQCX37y!px5wIK2mFn8gE9JMpRhX)EAFZVE@hC0|})Q6N%zvvY-^3Ow~^NlJ&8SK6g;f$*j`17WR!}!f2Ds12|a~<9&m93F^ zNbYKvZRkYfHT}d%=U{y>Ol@y~N1SzM_36R|q_L}s1A*p*9oA}$8HfiVVWEbXduwJ_ z>SHXpaAsGqcYMLy5hioLF>-1C(O(CmgMIh zwN3@SI7QGxXCtNS_~YS$eW`S&R51Ku1nU+9#a0+9un~mv_|+m)*Bd@$4>m8xiUCSq zY5GTMju!;u9jrM5ejU1XIZA++X{8jQed~ zUyPxFOUJCoXV=4annr^_E+)OLWOo$-@3T%|fKI(W zzka~iRexTD*dBOWhpaxku|ulhop5G3zBzvwod&8^;)~#=9SSpBgB}FCyhBUUs)mX=XAp7%Z0*$*ZP z=w|Q0k7t!KNHoNuF!sutl{p~P7FG%dwbyl!L}`@buiKPb=SzWaDKKo3U8UI;Ib^nA zWn{nt*<8#&Jrm!VNBJ7@c%ZhowDm%W+M@N?TH%M>c92d&o0Zuu@ap*l>qpQ5dhy0bt%8SUF0+lD3p4JU7r;g_FyC@YpzY-?7gTL_ z%3I!^p#SEV5Og?`evY&+zR8p*K=e3VuX^PpAk8dVIf){K^u+^79q9%JXo~d;Wn%ml z>kctD#GvW-odIew@j!NG%-+a?#~E!yOG;S0meIYC3B0@(m^&&v0-b!2yUG@)KA_?{ zUkYT8o)jegDmMU~FOglUP_mkeeEbbPFl=dr5el1qrLYKnX2Wfb`z5)q1qgYa~X4EPmn+DNGw5l<|V|ixh9{uX?i_-qv#Jb(<&hC zjBQMsG~mgVW;d8`h#giEsMcjiFRGt`^hj`Ae|m#%2%4OP)V+I(&KNaDSW73p$**NT*p*R$Q8=pH2K?MYnz37au#z%y)iaS<>^-} z(!KrGziLiod0(rbkaWU82U?KhAnkVcB<7ODT$q%yrGVTX!(^lDecBO2tf4R$JBsX4 z5N(9g5TRawX40452q<$ZC_MhyGO_%OGo|FYz0b+q1!IF{V$ECT*5d>jk-gko$Vg zo~OcB-EV1_ny(`}%G`V7t4WmUBOk(%!jotq*YF#;!ZSwD;H_u58)+1?66^Dzvzy49L3&}WC&-{0OgA#yB_^2sp- zHAGM8S0Ac7O2mzlG5*L#NjA>aXr);%3`)aml{?tZ1d&(omdu~a- zBSHoR;NeWX=<^son!oV@`8%N@?i7^6{x)I8y-7pZbxCWW9vXw9UTc%X_xcISuJpmJ zYD&%o!3);v-EGGcp}VA5dm6e8&4g7)Pi$UJ*p26vhO6gXCmHTI-xgcaO)`#XBmsM| zgE-^KDlSo_u#A2^(9B3;Q~;n3GSCWqfng_>f*u9w^>^zOa)|7wildcv%uh{oNxF;g zX?sNP+(5*O9;=PEBA{)%EY}` zZ$XKxka|zt6JpPx8e0=8P77ur5-AC3qu3|e;Zp&K)WL@3AA70Qp)?mE4ImeeeK*GR zN_$7jkOx5-GXzWiG`Mk%TB+=SA*O@l;?>}PrR3m~SfWdjuDG(dRc@QePAU2!mAaoT zTpuuc@DmP-_x+d=l`B$$&f#_Bj~lHpHZv7q`XRyMehn2 z(}8n+61yjx5&?yFH)SK*(sqe}!Huj|r}A>$HsUiupp{X`3vlwiqy5GCU1N{t&d1p3 zy?0~a+Zov^>-!Xx*XW=>7lwl;BjXaZ6lfNfte^5jlham&32JmP?vVqe8BM1#BvhFIOIo~r{#_Nh#k%+{WESz}x_bA37Tw;5we z2%}mDgh90IHCq`1#FU>)=qK=PenD06*q3f+buWPFG) zcgOdIg-u-0x1!keBDk#txDW>#Di%LG6%#}Xr=m1*yFoey4XknfRy?m&i1(}c1&P*{ zz4II0>3};J^Q}4%an?bM>76myQU5Jd~v(*}v5$}ku;Vr@j$EBO8`tH|ee)U63Im715X|8wc zTST&g1LyH?f;$btQ`GCQ1J?xdKlVqq_Jj1lOOW%~ z-N2vikVTaTw3@#JH*G`f8sL;;aX-c|!^0By+nnnGH5>Z*&;V{nIzkb??f5KjtvI8< z@|V(U2Q=4ITfCN|u(C>pi?WpWCRx?L}R^u#mD5+Ut|B`evW8v zHOtiwDFt6%)pL}Z4VJF!$-qv#flov#9^TK^nm_(PJ)!gvkM7W$_9|W_aJ7;$^xFwS zV58_I4O9Q|a~-GH)LPZ778TH@?v{ZVAvk`$kU2SP)q@zw>p$}8xg!orjZO;T8t3oc znvzaeY;h;2<`U>j(1U@)HN%7HeF3dK17OHn^6~imF4wtcg_&Y8jupl-;4yc9S-V(1 zzkj{ptR^T}M!#39`Tt!2Y8kX8=t^Qj&V+uwLsw`JwnA}$mPZwCc&==?7Ac&cu$gp? zhG4>K%c_9C`XE?62!MjXspz&14Zz=y0Qe`|$(p2+==zO*(s64c57d0e!;mbp^GK#_ zT-_PpHKyWdac}fER~x-}A~W-f56RbFqa0CzZxSKN${z20fgUYewSz0n&lg!%IUz+U zd7k3@#?W~HFKyj@k2Y+gM#6^f@Y<#tTKWN&L&-N40_k;MqO?GN0~(_LD^?EyaOcO? z9RkqbDDpgx=`GOqVcL8ucuR@*bO3~ooE7EfTC|qXEhcti^s3!~b)a=_A!|>K@6(nU zND~GW@T{cx{~$6-ARsW02T|kaq zl=7@bQxcR~>s{us>o}J4Bx*_r!MGE{CXa1q5{-@YAcZDDAhM-)bqlY~{o<>eTl=+2 z9FNXB>9>7<&3w6(f>-)E%JHgA}oKCO4hZtjlcYA1F_@}#LCEahoC0hM0RywY* zQS7RP=w>hak&IfEPixuiBCma@q#Zxhq=jKo03qt2z&QS?DX{gW5EJQj=&X{#xYX&m z1(t-}t~~cKa1V&1eE{TDNwf1rwsRd4St;q+t?>0vs@bGiG&}{$vf*ueZdHalko3g1L z?dUH(-a-*STPgI7yXqWnY3U4UovbE1g|}wSPP_F^2%K~6j`2++1by7{UU)=*q^Mo>G=>ZM7b`5??{GUo6^BAIPQA-qBkk*HsziuV*D;jaI)by!k#bZVL{imw^xp7BC=WHFU3X zQNmCXie@)fzM}R|Fq78j@4=_Tk_-5J8+SXCS`cz+la-yraUJ_0$zTXPR+i5~JHD-R zRk}-TXV{@+d@SL6b;%jN0YAb61!S=Dfde#iB<+d{i!TH9Eiyy_x^D;nGO)EwWkBOHS!KevO@~xA47SGI%PzV^f}ubOqX7d{tYRSWS(Gg} zxa?TPa**VD?N}@mVlzmYAay5+(xq~8{Z{=2c7Nnl@?+1XRs~Yxiyag8wmfofBc*q4)pw@% zDXeUv<08m*Wa`bQK$WIYSUxVNUU+dFT|H_jxmDJ!OQN}$QJkw zN9EcP!gy@F&OCGZ%Z&!Cqv@L&QtL)lvG9$A5ke8FyvOO1U|+{-kY zp%}49z#P6ed>P3lR;Pn?sZ}ZckJKlx9gt!jb0?en^&?Y73xo>kB&9KILGL-o)DiTU znt5==zDCi{?w01RkYggMHB};D^WM%S1vAN1!yCz{S~y}g^JH3esEpMO7Eq!kAWWQm zd^2W*rjNB#8yYu`Tskz>X?d1vxb0%&ghCva=}R0jQmRJpysA8LCHaEU=9?@^l@`WcRTZI4RUX?n9K2o8 zqpM?ZdC8JaE*$(PJhT0yG>>(;Z_}18;h6YaoR4;5nWS5|nUVNBG3gRV&c6QePp8B( za+@FDmYj*aBd@lIm4g&>3@bs6F~V9P9{L`DA26*3)shJ^mUBjfy^2AALxUR#Mk*q1 zSRU;*A^y#+>lTc2D@YEgHC+nMbHGnS;6r@S@imSw7mO>2BzjGWWz@5kI)4m^wQWcL z%6zXX!9PVFx@v~tjh0re_xAzY<_vzLer!?gkaVj|cm~@7HG*mJX$=?KDyiV_B`rqLyjL&nMqncV#i_B% zYsOwX%_G76E!if&AB-`Y`=X{cex?CXGM;bh?cym&^=W_L$uk9EQ9JL{$*dB)pJ~;x zk0LrcICXpdWekj_^g6P5SOnvqt5JqT0Nsw+sK_A15~iiAz+N}wY0^>C_UTKqkUwat zpL?6MRQ(NRH^0}qjW)h##xm*~J#Sp&b2dA{KXG)&Fs~XnJ1y=Hnt>CBcStlmO?NgT zD*3M^9S(VTThkh9Fghz59yy`04YH>X$JpXD4{*lW*5|*l%2`d?(y!^)_xU6$Y;!05 zj?B`NS6n`t`$?!2zwA)M-#Yu-W}k1vifcdf0bvK8&Sq|WtDV>^HbCx~+r2Ix)xi>R zPqm0{kl}rfda8Jr!FNYz4UF1=gB8yGB_TJDS&zk$JOK?x7k)68-AYMO`4K~%w8-A0 z1UHW5bK8R!y;8@w;eLF2&)yXV#I1#-oF6?ieVFu-Z%Lz#jXAW^sM~PzIPQk1?y*hr z-iWOmI31-E_*zU*;PtrhBJJ(lDG4k3dn`<)GKQb+b?hS7QgqC$qdJOvJR`Ld>7l?s zMawzUt!*%9oHyti_YBOCb0!frpq}ouuez^Km?`1Kr@M}3vf%0W*;u_VVy;~6y<3H! zdo^ZvJ`3QKAIuo1k@1lpVscB6<)}R{on6{J5Bd+nOy)WqEWvnNLk4mRBsP3cwzeJK zb?F$7S?%~oXX+&()Y9d;`$f(PpsAau35S^>$E#ab=s|^! z|K1Xi&H}lIc_qS3)K9cTH%Mk@GJ`|W9I&(UkjlEAFZv{1Eipo7jK&@|knJ;B#v0T*VC!x@@=pVRt%0>&CZOjV)q=U4(-gN%aJeEo`4MQ<=VsoS z&NbS=)m1LK8=KpBtwB8nFTA;X$AT-xDvglT(~dl^N#n~Odu=SaWVw!{1dP)sYM8Tu z=*Hz=!++-urn+Pac$XC7!C;T)GH|9lMhm7(Tqo-tWAA`9ot|L>=-hTU6EuOQgh{W`G_qt~% zu*kQ?@}@_$P?;T8UxMv1 z^Y*Mj1-$SaOHmT!Z*8iCUc14?{srb%TK#b@+wCqv_x{-}RgPQqj0P(XgJ^;|zDJo! zdhX0!Ax8S&Uc(g-C=j=!*S1C3U5FDyIxFO~jaS4wK5N~HY_%P^-Sd6s%aL5I*+ZfN9CsJ6l;AaabKTi7=utg8gW|~0u5WbZ<+kiVK$|Y0j=MK zH6~P3gBrH=%Hx}FX*Eta>mO(0pC8p7N>31(%`9*|RIoMz*Cg}O!OJiGU~Tv`E%Pr_ zkTFlA2R?56f*6J8SO`Mk9dM(=>_aS_z0kVfgn3px{BVv7`ee#c$4r23jET?LAXGCz z^Z`nt0L}95)3(c^6zrV$1zc?RGc3Mag?gxZe|p(+g4l$GujNJxX{dx`>L~@qV4>g; zI}ZU#L~#pr@dFSz)Tdi?MO;xgH_&$Q zg!oz16WJMRDAB4)*iRP;3{&2Ha*C+2a1<*`;56j=tM?ANL6HJ zesrANQ1t+H&LchoZfF*lK<}n6+AiZx&@36-t7RySvlpB?lXXp&uj+OtQ>TI#9>e!4 zKV%qKDk!wuT+XOZLp)~ZWj0}-ew4l(fVLqc@1T*YG~EaZks~Q zIk?kEQzOo;Rx_BG-nvs=jlr#X*=DtG-!hMl>HbybNjApcTq>Isu}Z|Ol}`OPr1c(c z1#XoztWe>&W+pdVe{L zO!$CfSLg@`5tSNU9782wEkZg%M~E2lTk{8n@DGl{(uX_uhK3WqdL70BzsVxtUGWQw zI5wVWdQeq$z-H!It{y{tJQ|B289M;D3 z3eH_?KQ^3081H;CFp3B~igtd`bPlT_+Ls*E*yD2OsY}cBDX0WjY_hu!NpC2Nclc2l=cHcPV;V47z-vEKdEz;NOmudTEx}?L9%hj0{(K1$ z22~2Yp+5eY$^q%A=J=~#S}Jm7v>RiWWO@>IG959YhOA&P#fBygA4}Y4BW91_S*^F3*1#X*kQYT`A{2l$;3}y92~qj zSCFBw?~p6fZ)8P zA0JG>+@;1;QHKzD=f{)1E04vn3mfJ{J!@)SQKN{Q-J}iwW!RFKgS8dkS?8TWc0s>! z$)uhs^R$SQl+5w0ECY!h1z3yJ4wJ9HD=A9c^PputMEJzZvI3jMd>le7GoVlD?A&?oZa?hjztQWL;|!$rF?}igK<)(l7!~3^I&0@1Bc8`GqWikR4lu~5 zR#134S$Gr|Z2KBPy2@viAj$WM4$a(>$k)e4qvQ+Bn=fAozm6sQwLp7O%TGF>WADH_EHA!kge5nW)%y_;ghu63p-%trwf3413s#{UE)3ePRR(H4G7qoj(H{=|{$pDL* zgLeLy*ZuK-45j#8D3T1W))^u!w`4?-xyrh8R37eKceFMilyEiV}Np2&5s?pVcNd3Z*Nl&PX;<>U~lhi zLrYaJexl~6N-(YhQxM9aq^8`C$@*wdO=aCe67Kx?`|q(=f?xC8DcuHG3S$?owt|&D z$XxUibUXMLHTESD0GCvq?D}_=kWQJQwQ%-rnY^5oIa-?>w==$#is@22ig-53fW;c%L>!KTlk@aCGgG1W_y6(INL+f%KV^(=C{1v`fhf((X1aMz{&r~5r zG_+6%ai8xA@3LI|E>;QY$IHitVsSgaB~Bh@`~}neiSx?(^(t_zyyYWI;DUzparTz- zY?07*otIPEr|0%PIvCV9l`&jYj8tv`JgFq9H{UgP9qN`ptP37*HkbzDL>LREJXB{Y zx9)sf`bKj;n#}OiyWVwfEdO>XsK<0pi=<}s!RLBZ3v)^mvQ#GePsW;Or6#;@{d(NI@Y~6b%#UPkQzXnk_S+#n!?khxdI}aj)SLDBWaa!#Z&NYd>p+O?;(C((8-{ zGp0H$${m&Egp>0iW(=0FV?hPR^p~cdEpCo%yLa#C+S+Xv5bxKd2tvNF`gQyQ_ZFNt}8%i7{V_bB;cSzvK{jx@& zBM?xEY*!4lv$zrKfyrwZw&YCPO?eUIy3%eodE&sxWAT}?@6F!(xz$8$S!>6hAr$i} zt(xwggF#zw>(#)|C3?FXF3XG;*@{$xoh+C-@)2$ zd%#ZOj9aK^V_jribl|7t-;(&p#LGql)liCJt*39%2mUyI>o-^NUS-V7ISHSq@l}c| z*I=0#XSDfL+9>DmkUzjyeRh!utgUNik8)$Xf^jh8rdnwl6E;ywtZ67~gyXCOE;V)8 zHPkq^nny+HdovJQwU>)T(PY{(f!fsyB$1dL+igUOVvNSA+WjnppC1!Y7PqK;&v;Eg zUbZ&Sw@)`Bu!s2Radn_Atr!9#^!l)eJ-)7~uS~BHC9r~xoL3f*N`dmqQgIBk{Z=y^3+oBF% zhr`5=El!cl1>m#jjT-fVsWPoxz8rNl-_dv;0y)~^q&)sOXBkrOIq29^aF57Z@ zNM-H8mxV@-fO);IsCJLFE)Akd5yz}(i>=%3CRz!WIk1dqyNQf|0v%S!LbR6@=*{9X ztd+z1E(pSOvWC?g`=oZYF^Y56bpqZCD>mtNH9cjvhrPu^98OM9mD%M@!u6B|3t0@k z_PQ&!wHxz!^Ebn4haGWoSqMb>?Pz_vH-LfBNrXNcyD;oP?XKx)*c*cSO_~4zo4gi1 zHPDW#-zPFN2fI()nN-O}`CDfX=Gq~iFKez&@bt1DBW-R-at@JCYiDw+YVT>5wnT%a z_p@y|teW{-eFR#4ltc9_GTid(X2u_Bv)@S@eSs`<$|&hV^^8HKeCelRd+ZHd<{_zN zy?j*W{XGb5;rq;^OzmX>yx+}bJrtkIz@z^C%EpTpm>=+{)YPvAXQCR~s;GJ1#WKXv zw3xy|BM9Zv5sM}Z8!D1I=e6;Zm`X|JbP0A@9hZ>?ZS=apKK&eTYE4qqZJNOVCk)$t zHO^yZDM$agFq8OTLKqaW7j>(}M%OWUeX(OMgtzLvAl;j24=-#J1?^xLFuDwT>5RPV zvIIUJqWw_SBfLEnx;|agWwCNMPDj4etroz*l#^SlXR;F7uVX_NQcW^^2tX>F{c+WN z{i_siH=)YLxza%(dYACsmSPVJ6WDakq2D1))_LH&7%SGmBA5@LAl~0T>Um+Z#c;vY zZc0_mCc-^0_ednY-A!peiphAq;tXu7h>b6VyM*-DF)qx zERBAGPkDK#!DwTjDDj80-v@8+cZwveT3G^0k5x0e*tronMe8DV*x0-{14gvsX}yiI zDu!EgzUDASn`PM}(?P&GVf&unnM6q*ZU!m1z;C4MbHr9FZ4Gdg90Txx2lYe!dw2tB z1VU1YZ@bkP?RsbFV$V@1rC9v{Tl0&i4xd%VxXN?Sr_Byg!JcwL_qGQgV_Gw(uS$#t zyPB{~!SBZT{R-Zu@w{@{!scV%(hH6TI;f8?3!mO9_UP&|P20bBwl6_(%q5q}t~%>x z!JW*b7zhukw%!KKCx#yDJxz>I(1fNWKemy)AJ%sueVWFml11PrWAN%_bGP@*ZDcZ5H3S8VspmCRNUa#)a>1s5^ikudJ_$A5Pu! zTRf8qsq*Rfhbu)bFpw9GhVnkb1Z^xGQ=m8e<`QqG_$q`QVK=4-AN?R){pN)E0^_mg znt2xepr_l|>t~63z%NLqPtT>TXM7hE@Q14XhKz4v?CjC(5w6Y))C9IhPJl|Uit}T6S>n_$O>)r}z@TiYa^MQ9trf+~+%R`i5G#)empHYQxz;l6I(n}*5MH^UrRHMw zx7SSOc)v_!Ffke!2B)Xna*X2i^r7+)Nc5S+6povv%l9O0=3|eUY&a0ABTrkCv zob&8OX!4Z=9+_`>z%vbN>A+G1)lwkV%pclfJf{>PC!z0He`XW~RFl`iY2lFNI{@~$ z5t@6uLtUv=A8cLKu*WA$_*RvhA;-+7l|%I0`^vfywn9qy-iuS73$Mlc=*Z&7P$&0p zxRaxlz6`AQk9TqDL=0svFv8-(Y^g2Qwx(Z-fh=MjC49$#_U@c5ZvX?N^AG8C=`XS_ z&f>;qAo*AR@b0WdHgM#ggu3fb?J0klpZUg{*vnRjb~O_S@eK>{rn92Xb;CNwKp(0( zT?%TbJ6yDFUoB3K%~mSA^Pf9;@fJd4O=(5XVyx%^I2kJLfOki1G}Jl0w2deF*h zKw~~vUgcP61h4tiP37MW7M+>KI-H{KTkv+K zJ4fcn(uy%0hwfwhT*a^z`9A(|vq%)6!ysr)(A^oYZZ(n_I4lJFU8CR$SNba7cLcq=}kHQ1kjdZ4`15on52iJ^jeNvqA)?8mrr}-CY;DML^({QM(rD z&aZKVT2Uz*HGIcI%8FPQs2paKr6SiKb|WW*e*)0alF@6GqKL=(cyXN>8T?&1lP%f4 zA4aogfP6k=?h2sjETlig;yBtY*~on3Yq@QD7Oz^R%TDx%f*C&5Gf2+fd)<`(UHJHh z&@f;mlO~=Nas&N6X56OM>%IPjJ2yf4ek62@M+RxEVKm3iamsxL>z^ov{@>uI4Be%Z z&_4mv*=~@Hx~}C1ayz*|G~#44X-2hEhLXdg5ehJ4)O^$Ai&b}@Fy|<;jUF@s7gHye zwBBhg`fw1>&Y7!%7f5R^l$SATCXW6hvLfl)+R+w_|v2(sBt32QR!r-dHeb6eG&VRSVDF(Q6CURrD6(LX=pjuPwss zLt2pZNpG7k;$af9ax*SdtC)5Bc?x~8W=wK1{OvQLU!1voym248ZD?@%RC3If1XJ9) z989CVa<&(}-Rs#>v-v}0exJ-yq1&?zkH5(?*hp1m4coGP8gD_iLLm~ckuPLAz7CVz zF1&sh=gz(9kxhN-20=A2RgCar=Sv8=x*Q@D4EeX0qBmcqf!DaN&sBv^EF%9cB&=Yc7q`C$;@5Zc03OOnH~mia&vyM!INX& zv?ykIKnl<4@(x2z0cy8{QCAC(Bj>7?bRCmV&3Z?mwU;j1a%cU5!BnI%(N8R;4tm|| zp@~GKrRh|{3fS#W7s$rbZ+f090AP2OP|9iBRy;u>Bkx*nYhTu!1={iw0sFhL)*iLn z-L?Vwd4h|rW+L$IC)NWtkurnsGJnQBsUtXEM4W4%48yl(qkEyT*o$h6o;FOScrxdG z3eg)$$6Fm42)rmZoLDHSoO5SF&be*U-7o6C)5uy@OfzMS5a^QQ=f1s@ zPFc1N`=i?VIeIwLJ#Si#A!oYtx|2N4)d)s39R^E$t-vMU$gAkul+KFC9R^yF;I6fo z8KZ!Mkf%+RbnmiD$m!wH3F!NBLd+!gRE$-Y@$ns%I}vhUzV=D|&GGie zanH%29v!Fi5m(JIvHy~t;g9tv5cziZ8wsIltA6WS*0O4m#}+OwQ_}IzpQW|H4aByh zF3PdkHm7S~3b7@+80H7s`O^pYySUe7K^W(3Al+)!+V%LI_gsShOT>Mhq;bZ>C@a+U4l!2r{SJ49c9nd9%7VSm77B` z&L4|itgXDgLx78D=$XBKjNz%mTKWsVMNzfc?~BbiFhe)U&e?mo)`sebv`ut73?q+8!6Y=4$3l~|9J+2Hli2sk3r>DUl+OHRPDNP@`dsmr@wT8CSA6dEK zE6^HzhZF7ksry`io4iDqKz;cYa*XYPkaUd)FH)=8)zP_MV`aOX=J-y+Cx~+MIoK;y zOXkPaDOz2&_E*aI5K0)I`(^Q#+R|POJkRVg$)9j}mD*q~KBEUCpoeE4oU`~otvKV+ z`R{o2GpkX9T$Jd~k-Mfo!^(+CRJ4UuP;8KDZS&&$$I{7-G;E#_B&UZhg-*uDenPQ` zDOQZ~L1VP0`vVOlD0{=mTTh3o8Nv_l7Zx{W)D<9LRsHLlJed6V13U zj<93vdH0RYy2ju*m$$_aJ8I!peigWXor<4!{b=_?93g(_YvWn*Bolq;;0-gx;W6^E zZRQQbxM=~)0)aw#AfMW~Ah<+pRYW*Y=HXkP(_L2T9A`vwweto|BfFK8L6qyNwaq1O zo=}yofefrb&^r-JptNbz*Ir;d){@@hVI@yla$|02m(@9-F!uw)#CC_iuw=|FXuye! zBryM}D84r{7B@RD>|>+pR)`ziN|7#^p$BEa0)3n5vMPRup{V&&R||TQW+PO!H?%V5 z{0)egGFB@@Ru2TXr5Y0taH^^TR>WQ<1UCINha~Y*#5%9Ss1Ly+Bi-x#byR3oS=2lV z8KtIUmJ3A$gR6c#R@h4KL&fq<3y^m61ry~J1&lG&{=h(uvf^6gLyw(su~?TB-u+r!RXvX10eV|4AZE>96JsN702$N9E(*U?1Cv;Q$sR3u3_ z4n9&>33GcDjm}|Aoc&9tck2=cw^MkGpkZ!h2hm$GJYTRQooCZkAhloghW^Sd^K4uJ z+G`6QjCz0rY8(s>U@{C2Oco$&=_r&CjaVly#tACNPIzi~j|qIHQ8r46>Cr;rc5?EW z(l)nUsb8|XZl9{ZtAiRIWU;^quhc$t!Ekg9OMKE=03o5SmdSPt&DuI`h%{CVI(YcB zrii*{l!P93==b8G>C~cezBut~a*Hx_1)47to=OX5`Y)0aIP<$fXTGm8-;RBoPTBm^ zg^GNm;MjwB=f&SCC?~w4O0=jEw*J9#2!tAyxr#KBfk1j_hSW``{n|aj zD3o(;jDmU7FXa2dS=)u7ORe&Zkii^RH>ER43dN0P7h=lwbir^V5wPkahmPCSf9a$_c+F<>Dcd_~LZhi~`~Pn8B^ zLU@vWgYcO!9o_z|VmN7JC_FkJVGAITcs{xG9OA=KB{n5zEvf_X;+ zyh~il0XFB?ROH%FJ*)_DarSkT6-N|S485seZG!h@E;_LoOV|)IP3&zD`xJ2F5 z9Et3zKYc=8Dwgpt#j9}oOd0@Fo-+FYSgrOCBENMiLJ28dfxw_TkiC974ULDL5(P|o zkMZ_i;jdx#r|fT*JZQ-y-nD(Zs@uu#bI4eFWHTijpt`^?x~UJfLB%3G9bhC2$ep51 zn>Bk0#rnHaJWg6YP~b^;Tj(@E@y>gQD$cufQnUh$=}TaDOxP(X@wjh9@f2ZVnxYW~4sTvZaZ_-i?W8Aeu;;Cb~^^;FCPzN(!y zu5yk+@mjmQXjy-0!19XCVu@3Twg1a_(=Qm8qM|gm(a{oi3ZU?Zr9KLktFMo0Z7ad- ziJM0_V;r?>sN(<&(pXUz{&5R@?siKew+%g8FB39709mn1!U8n+H=S)wMe>GW)$L2E znhSY44tkCHk1OM=^39{J7XYJ-?Stz)3677^7bK&^MAycAOfDCEuexuWutq+4#g2U)0%(rlQReHwS7 zF}&0SgDrT+f3YYvkj;>JqgmzyM>D`}eMlIf{4peil^L53g~Iv zj-}e_IEh9rNo;hq#I*o;?#bhmDa@CFKD-Ig9$d-^GuXP$GB2EuIEGE1ysm((pGvfz z%yLRY>^w`uh%5LB7YC~BN_l2=D@xYqee5AuWuW50+aYTqe7@6VSmC-56X7=I-BeNb zP8U0FFIn5mUjfoX&09$e9N5k>B$|&Xcd@>&2GXRwT!z>dbnX<=Mj zgbP=Fj8+Tt19M0(ksdS8$?$4}%`Ag+sb$rPlgmtWIqBRGiAL z+t|7maB=29lyo|J?S~`22zIBL6#bVT@1bQ9O&BHfu4(uJXTF#_dz)#l=Rt)t>|q+*mq|XbsL*aY^lTvdP>_}iSgKVQ zi|KvNn*efE7t>STF~yQN4dp)fW!2_uJd5`#&n`7QFkhwQFx@6#5Z!Ovia$DhLE**` zQ0f-eg6xN+|S$AxJyvWvH(k0zrr|?GLklcPG+6k_j5URU*|IHKQ%kuTzJ`z zLu{4a{jS^q9mw6<>CAt3XpmzbGBe1|20FtniVWP*7mddc2b)DIfYVJ>FPTc7DEJ-~ z)h}YyE$*-wY;}I_9xKIDTS+5VD)`3EfjtDD=j~Mo)DS%HbZ0u0DX~o3cmBTW(@*5i zV1i5>P@`+GK+L!?_6>SG@mhq;;XGv5^SH;y8g?bM2kYM4G6K2#(bmamcB=mIY0G16 zBwAeI$3QirD+N?m;W2#gb6stlQF`~4C}=$k+M+5U3yiV+$J^qgaR^Q%%w1VXkw@T{ zNppy8PrXNj8(kR4t{FD=SwcBTox;_`C<__M%hsqi%T&*d`_$D!&Z2$WzsJ9RKUQnk>p0he6DwqB z%a%mI0FdyArHu6ygU-xJSLcK7A0_eDd<3FHjg81!4lQo#MR10sbC0@ntSA<(=NK;t z5r0?smd;M%=AfC*(Y+jEJ~@6J(C5aKhSa{KG&;ratL3K}O+^jesvPK6?(r*fzOU+( z4{bBZ4g3)iWFM9sKOus;`Mp|Zs7e#Bg0(rE0C_|Ws%c(lT=Uh--jOW|@GX^|Tk8(~ z)bi=5esfm@+VUk2=6bYeAO7?CD3@uG@p>i;rqm%ki>zLI7))-=$T$6Zf=7`v_%Z&C z#b{&S=PVe>Q0x8TaVZ(ty;QLW#*F>%c$tVJa8P89r{BWGCZzNAdIH98-&&VN7p*gJ zm9tLYxMVm$wtQBUEvkIph5=?A72I^7MI#>K(Uj@ph?WZ)MqMp0YhMgI0Y5zW(ZQy1%=Z@od=bvw1Akpc7qAUkR90ohno$7BCTi3 zh%KEwc>dHh*7e~NINC<9YpNNEq_0J-pLB-3mKZkqJuR5ht1E1fxFVqzD$DjqQ2OSt zc!BFH_Q(6sen~CC`m5|$ZAC+Saqck;J;7>XN+DPQ9=6+7Y+M|Q9J}~HS`UM-Dho&? z;abcm&KReY*VDH<9ki>L_5@lJl_iM9x5j?{vb!D7P0CL-7`&^oaFjLAC3tr5f0rQ( zM2*|?vMvcC&8fL^Wskn*!cuJ03m$M_(+=*U#?sSAM_&3F`?d5omSf^+p zgu;bs94RuSRiqWKfa|(y3O9N$)X2!}2wq}T;uL0(&m>m?RggDO!ycQo*c?WNGF9Pc z*RCUX+Yo*N546aeZS!N>H(yDRW*i~<_xB3B`hb%v=Wo6YyUeaY)~l*^1lBKd7aMf% zW$N+cK8)u{x-hLd_1p>xv^>?U$1KdW=P$pcp81dp+>NRK zR$J~DByI~H6{KLHwj6RUG+-WqTTc{yjn!S_O z3Ok8|I25}g{_^pdzF>xIu)<&)3lEb9J&48!Tu8B$OD-`m^w8b0_W{m2R}3f9yHF=V zH3-Ndc?uxERJaQ&V>6@)lb;&qm?U@S=$! zbBBJ8@y4s?73@+9`}=+WaedTEjmMmVpAB@ew& z!vJ`?>51Ar1Fg#ywMZ5jUkk&G$7Wbr$}0v0hQARf7EeU` zl(n9fbbUO5xf99king^<&0@{%T<3Xkrz`B7su(B|Syg2p`Z1z@ewDjVbC2Hj&f0-x zqq$rz?rdMH?lQQ!xoPa`C5xDcYHVLgiw?4PeR)811&W)SU#|wx$ydH z7}Clot$qpf4viDp&W_X#AQ9rb`%&AGReiNetw$EoaykQ;&-ec`HT0^i6z@&yWo+J$9GCGkYDMmG1xVu zuOU|g37RAdb6us4Yg04UX)dugM=k$bSs{q)RqR%62O9?7QH65K3B9e8o}-6{d7U?C zeTb4(xhd{GpMu!ulx549oci;~f|;{fq;|`^#+qmK8|J4-D8E;p^Zikh0POzR)=8w5 z*$_0-h~a~P)+38}80jdXBpZ)g!-+y4#E&uW8;Ugs)c(`?EP3zu7iOFUdc-Ef`cH$U zM*5m+lg?79U8ib@Sh!#KpA;xV6ePN_6xzPe6?*P)3X0obw@TYX#O;iT5G<8JJu&@n zObit@T(^iy?~y#>eg9JnAbdEl(H0kadwosdVJ%XI)ss|j(YQ(EuHe#^%#dPKD|=!K z^g2!%>)%t4Juebn5}VEGI0?Slv8oyNz{IRL=_n^`<`EL0y(~GlUz`*G;GK5(!$O~^ z!vvtf5f9rsIdQke)(MVeg+SW}FbO6-i>z>e(sVme9mvN&IkzJ756{m4pFX958U6af zlcQSzqy5k>&UQFnE=7|;vQ_7vmC-6T!4*lo z7zixxp&+g&1G|*;&Ob!Yj~! zXW918xFAC`r;Rd2;P$pv9>lw@uk3;#{vKO*r!y zM|l|MIEoqYK180XX1&tqO*uH?W1_Tpk)a8gg^37yI&g!Qk2a9e=g+4UnVGW>Oo3c~ z#)+;991heMg=cLrHG13?8R0>IH~-ihlp!u0?}ZD#u|{=fayIwj_QHR-ya{GA+}LkR zmLCz9tJXp;5h8fOwD=hJ=eMhU$?_|5oc}_Ud}&5*&+1}jbDKhFx&TH-`C3q8R;On5 zPn?|#M#5YADg@z-ci=V~t$2fha~FJ=_m=GR)nS~I98?p~ zkP|9%$It08s*YU~kGQws)^9XoIgXo_lw}K(+A}8}*Mex`_KSp9dd=w{*4Xpp-PvPP z2|s3Bgxa&ZT6?wp>>~2NiMBDrwzo(lCMx8B=v(VH$oCKYwn20n4%=})@>Ig4L=liR zpr2S3xM<75bVLftB(okAiPSmER>x%n^p^#C%)p4rw47A%McH^WiLy9kQOk z@=9)_HEjqBGO!6n-J2Z6uYYCcJvBz?lLmWOWyIYF+$S1@69v+Q-ZT`R0qiv?()K7+ zu17gNoY+*Q#U{@JN$FmJrdu!v-zrKR3lXra7@_Z(d9DB%qg?9R8)biRaH(#f5h53` zFve!>KPb5X4{b`A+p^vD%LJYg_pEad+B z9`tTpBM9j{=+|qUuftX@*2%o#=(-?rA;?N`6F$IqK58ceHfxNuG`SR~ooRA?$XMWE zBiCXl#4PRXb|@_FO(`A!!d^Dtn!2^TD$jZfgW)DsrD~OezQWok&s*`uMIp{ur~Dne zy-w5B*;}`1+G)nU4zMLHq^Tn2;%eX-^fDDDJgugFq3?sVm=>@a{b(?`;kK>|@e8}v z^t#it56@oNhM;3^nLnsgX;Kia*|lJIyI z(Lxb2Co&nu^Ni~_;;z2kPtRclT~T_B>1QPH2_iRzq*Ui;Cosl%D;Eqnu%$O+4;S)N z52)=KaLk)N;9@y>0c|$(%(oZd%0&&HfFb#b?nkjF|Aog zRgT@G9HpYWQoNO3uXNVt^lI}1$hN4I$d<7`4lJ(yX@nWOJY)XLt!QtiVX{;HoEr!s zEknQ3FhB)sxz5n#qrlDA7U)$Zy^=M>_U!gL*e2Pv{n#5KrTPy$@JQx_%gzpN0UBn# zHQ5$^{wj(Xa4QE!XaO#Gc9^Q4S@SWvVht8gohU+<`z!t^XM2eQ)Mw|USDSs-(Z+wa zIbD{YDn1hP)?fyGfcS~qLI2Ef<$)SgGzj@27Auz}f7bO{m|XS#x@`VX)_mv<8poCC zF*0iPfab3EeBt{d$8co&Nn5p{i$XrAuq04NNb^ygSZ^N> zQ;tLecl(z@9Vo9^G|BLyQ-K6<9iyu6`hNJ1Q_mMflo2 z6juGoP#^={#gU>hV3u;lP@D9}D$GN!^9^ZrY_3kW!MK&oyc8Ha70eEJy@+zbryKes zn3rG~bm^G@+S5-Z7mg4^fh{#8ZTl0SaxqbhCa=i8%BMA&_>L)ljpQp+GT-ygud;QlHxqR)w~_sS zdFWa-0^7cyI&to_oDCTgzno|1;0hp@MK5}#6knnNIbNSJp6*H| zOB=UC#TS=?_+XZ0e&iiVInlT->T*7H-NHUlB+#ZFHAK}SO*V`ZU|h9Qj2Q1$KhG*> zB4#vkgVb2_VaQhC0^HpOW=^?ru)yar>gE!jz9R~7&R+3f7k)LK{{VlQ)_Uo)$5YOJ ztoocxA2x$zk59Tp$N&NbQuMz|FJ zP7pEUGw17QM1(_2o?12gp2)Jr?UKxk(tg&kKRgQGtqJ~!s~}eNl1+A@#WpCDJctJ! zsU2g?g2%LAI0VhBc6S{a=>2tXKvb|_K{4&;G5b%yC!Ca+^)6e;l}6KBvlxKYqsY_( zkAlOD;s9Rt6bB)7!qIKl;~6W$^0jfUxM&BSE+ddjFTq;@M|q!Y`CPw~H_W(1JJJ)- ztLqzq%u5R2MsxGoaUwK}=5MEtmY{lPu4LCw~^IszU(}@*rtGV$7sQ*x~3# zMQqz#D`FitWSe8BFC?!A#4IAj0w*cblmClhLn>*cWGoo_c`4S^S9w7vL(P}ntw#`< zRfgQm&}o4FV5eGB=u8u0v5kQcl9UcNM<4P4BXNbtX6oFFki&oHXD|CPu8;5uceLzXUZ z!IXx<|0F+U_e1Co;0p|~#sA4w3bLnyWc&Z=0_9FIX;()%=au~(G#w{6s=_*h8bSbB($9J^I6mzBiwi+(f5)#_98Tk}i~}d= z#6_)UwLwXhzlmVdWD9V}=hdD<2!onl+=}4C8LRF)Z~DL8u~ivDLfj>wfKX+x|6$3g zLAZr^Tmr`i684sfTHP~bDhmIHb{!Fh19rrIwa{a)&K~Z)-Vi@pN>Wz zqUy1TEGYc9eIT4Hqt<~(wSpu_UcP*&fee!ayT9bl_Gd_?_!G_T7?E2rD*utOJ~4+R z52+Wqz#GbA>C{IE)qln^kN58@X$Upj;};MjG(^{*rYE!#FxAIoXv&K6Pv&W$%Mf(P zhZL2>z}Dhgr#|a4F@9OtT<1qZwb@!5ww+uZxYKPzhM}UT*>$tv*-aI`*ET?I~O8F6=XosF*XEziUS;r z{~z|=f+?|F)O z{E7m-R(LK2bcVexDcd)VfY;%MIVoScHj5qgxu!P6punNz`Rbg3>|2yAatO{v6J?nlhVRzZg+WL z763g-VFY$k2fyH33SxJgrQh~IA0(F#d^X0i5rsODr3wF&1vqUf{UW&;$`<=y$T~y{ z(#(=MehYZ3`#fU@&svj-Yc0?mtw!mqrhB|chx|VOZYkySW*+zmj%hG(Q>fb|TxhtZ zo3b26R`G`-h<|hiKg|;z1yAu){2w!vfB$X*?bWo@=W~VDr2bynf8YPcf&Ke$|9K<~sx>W!#jO5U(F(wF zeTOP;ly`JgO8=|UMKV4@ElSw!PRT!v{2zla0RO9CPtZR%=U*Pc?+;m^{jPN%Nm~Bz z(053o`kuR>Jod}~5{2g73k@#Wwz7YBzWry=f5;#bff5Xl6(0@d+rK{{|M{zrx7YpR z&m8_S9e?i78HAdNjLy%W|1ZV(zj`ebBYrEtKji%9ZjS~fnCOeDWYPbnSRXoeg7a~W z|2uS)Uv}sJG3z&P{vWgcUPb>uSXrctf~HEJx4*R~xAM7t-86F>Ig4{#Un2u^eJ~MD zsz%PaFdcqw3HRIV|F!s_?ft#4TnI)t4^L(b4x6~l`5T;{R(Lwd}1;+1~mQ z(tq%N$Q}o(Ll%|NSQ{DuyG)Qyk83dY+t}!Tz5x2wx0qi^k~|Erk_;OIf4zWqDEWu= zm%T~V;0l(M5*M1^4#GcPVfX7<)@(4Zj_>cMgMV0ibNs?$lF+B&Nco?$dV>r9n*kb`d}pn zz93_({T2fxqBJh*5zN%f}H%R_}hIv8#JS}^OuSR+s1FDT13~^G}$7`4uk*GGzM+b=< zaI5`~onjID=3#bKV#pOE(8wH9@}&>m87lfVph|#u`^PUPWBHhl#QJc7F%s{`8IQ_H zq~}2H<9A|bjux2)?-xU`Vd544A$H#38G&a@&#VBa&FEftx~vTF|1hfFjx^TmYnhI6SraOO-|p5N+U>J0w z6AxS@&M^~H9|Y$yP10qleq=~_&(t?_zncbJJ{;qtdL^%qxuF2UBKysmYEiEC_xN&*z_ z$b~V0>D{PFp@QavCY!0(VnVIT2Y?$Q%r50Y)_FA+jOCQw2Hy)oXDryc5KISHWrR9+ zyO&3!83@!WMu#)Rnig%4u5(9xpHr(Y5@XkY2^1HUE>NnX@-%JSmoG9ozUlDwQ?-4_ z{xYLKJzogzK7EX=c!6eaZ1xfott{|CrJSw-j~TYZmEOpcB#CYwss73MzJ*MsIwBm) z98h5rl7f_%RIu>}#rBWPeho(`u;LZ_x=p4kA$tByO<@?-dmYWBEi|{s3zSf~I2Wph zPHtsSduAW~-1|a>9c7lHuP^1Q#lo~#R+D~~3ZaHYbN;@?eBROE^VO(k$0N@0K`SwH z(-7qW7vCM!PyWZ!Fp7b$^SPYDa%{h6q5~0v)$E*2Q*4NM1(j9989SLDe^5(@RX{nUO>nj)e_(Dkk350mA9DE1 zKb+)jxI^GdZYLXF;;ZJ+f7<^#--^0Aj#yunob9(*`3_L_dgfhD5zffsY>eBpqrO)) z5Nq12Gv}-^V@1a&d61`@z`FD$$KbzVN1**bLPz!m17kjziGCS3jEPtt=kmR+{(y6G z6M)2%;qaiR;jwsJZPA@Bu-Bzgc(%)JM{=ngxvn&`e8_MZwd}Yq=-RS;ZLhV_^78l5 z3V%;ch6{ATq!?2rSO~3rFtYL@Vb0)hdaEB;!Q(RensOY~T*EwlV_a|qxBlq?96#?} z?BaHH-#x{*;<+8nw-4qs7+Y)`e0M~(sQhjapn%%UWG76c z^$*vo$@e-H@H6x>X@z=)FM|fw%okHKsc!v4IGn$ySfqSF)#5gx$+R|Ogk7YSsW51> z&vvRk<=5(;v!a&-ACpb9Pd5L-TPQKEkx=#$(_P4pFpXt;FdA7s!Knum0AbT= z4m_Tz$34BQs@I2OU`U%^fc17>m!H2%PpXb8m?(7BCfndEuU&5O!1uYpJ-g0FTY7q7 zRG2cesmW+P_bB2n~9|#KRG9*Ep?)5wDMElut()Y zd^Ker=|lO7YK6JAn1Zc_zkN&Gm{_HV-lP1~!mr=|J{b7{fv zR?dmhp_G`LTQ^XQqRA$zZ|o}faHhikwg7gKT72-|7AF=OiqKd6)FQxee#usaQmhw{A$2&; zqqkFiwZleQrt&whp&qFGFV#adR;m&|9(~j z(rK9H37(ZVYBMfzVmP8Q(c`nv^(HZic=RIUIbMRHAI7jJ@SXm5bny#*|L*mC_%qSg zCyvNUtIzXvY;~H>Y|Irr(39w#u)jrpnZxIc3U3N;`gjz8?AugTPtSlF?{8RP=-uN` z(UZ`li{nHP;H``64M46gX)HJy$q5gQT&6ZlEQFruElw8<0+OX{>@yR?9 zXhX?&C_9U35wVL+&j@^PEAc&CIy^G!su7~xVLK3+!=E3M-1f>AX zKQANLx3(h%)*AU3&RArP$3iBK!DOFqM$r+^UP{8pHGbwoI7Ah}-okZ{!9FOlHtlb8 zbb2O6F?j`_A0j|HDgF)ipBE6(-kq-CQnfx1RzwPp7b!|(LL#$4 zf#Zqfu4m9A1WB_AzrexmAyMSkz&HuW=$ID7iI+K&fB8M?`w3c7U`;*u&}yOM2NjkW z8?Gl(o znAu_3#hVd*NqO<%5sLhgF7e;NkwzlOZ@iqCe*LY1CvbwZxRa$l15<=h)`bc~$m7|u zS*;PbBPkz&yxd@@j|zx-jH1}~`5-)Jm584%$u#%8iQ{f3PyRM;(i^fs#~`M8z!SSU zV~oCn#&u^fmrB64Img2BHY^CoJb}bDd>G<`di%j{tR5h4&=K#gV!FweDty zag?OASoAjtQ(4VZp;|~Ai($+7Y2aFnpX(}{R!pASTGxf4QrrTg$6mlt34#Ss>Fkme ztYpz(PJQEWb=^e)~eJ6oysmp z!Zj&QR^#!`<{QVP3A~(dD5CM>Od2By{>$rO#FNW%P8`d_uQ1nw)p7ogpDSsHSuwO1 zP7Be`C_o@CtYVWgiWcX#uPqjwpyNig`TL)VltDf?PRx?XBY|R|BxLEz0c*;_&&59E zk0X}m5tQ9SjSp)xYWxewPq4v7lACFwj6?M2kGo3V068PmBiDw51h4-00RE^w*?u!i zer!+bzora2adJ?>a}|o{bMf4+4FfThi5!U+=P|9sx{uyMk1`a5-&I409ns~dJka?bTL%@jp_u_x_RbhM;y~) zSU;v&-CvG?m-thPItMw2!r>y_`PJR=;rA)~*Q)Cx0f zJro_9LDU+>0A9$F-@o61xEb8)&a!?w$6VDjs$%BSX<4yq+Y{;Rf&s9pl2m}{4>HW6 zoVYj|*Xz=B!kX!)E6Lv%NZBh*>7^o{llJHvD}5ioXjn2==2nmd*E$>g~!@D z&3E*BYojmPO3+wdB$>|b)|}+O45^&yZwb+{d1nnza}_TIp9*Wky|8;>p1I0I?NEMd z*AuC@S$tTv8HTJQX(^hyS+VzAHbS;`VT|Y>vm64o1RkeFu;YnK-ZYg$U2oAn!FX(B zoI-g#Q89pIn#ffrTRjWw+mNM55Bc}P( zC3a;DihX}*le>qp9&%Y6eJ7I7w73zgJRBE2DZ&B6NPH7^>$d|iXodyG=W_4GXk?5V z$)2)H()SN3KPHTm3B9=*7=e%J?iCL+$_Jk)Q6mFsv>89HUOFUeu&%uPuO7lUQGmIW zo8aT(KzVsbS^@^mFu3+QNRUU%J5@w*%A+=wxfKZ4NmHvfV@^h@-hi#=ONq{@p6;ktTatf;LPfOVjDA z0}j=t%6&x7bMJ;TO?%%EYbcO5rIswi1&Apaz5Q79xH$PK6i^zE|G5XC$F-5|*3%y; zfk2ZQ(Jg{aHbNa}8xw(X^Y#3?vh-`p=8kKx(O^uBRdn^+3AXWo`fx@V|T13O)+c_G4Ra8v{MJff|sOUF%j4dC^$Rs=>Dfge@#m)}d zK3XhhG9t6Rv1I3^<9*kl^f0$p#FW(H6ht?m7P#(68rviwSv;hmH*ECbm}o}kQ$7j{ zhAWjAb>h{&`TA%y9c__Wnm9uf&+^#^A}?%^m_|}StXSX-qgA=t`k*7xq>$gh{zBcG z!)RVZPUj9~qvk|KE6&~X>Iw>TF|Bzh}t*II2d(+8OsKSuddlYpq15x`nIQi!w|5t3RHCvT%jgExRIm4 z40CN%8MA3ERpzaW2$hYd1THRWY0@v7)5pA{A;0(#YV4Yhs~^s)RHO(3aJivQ-Dm;(NBg-&#)C7W}i1W^u>C8*JTK(cgJLHsBSnZKKtUkp;}! z^wRK*wQ?G+(7e`ARwQ$Y^RH|$p^*g8GX+fWQftZXIFzFYADR|aUwL3vilodL`pQL} z!xI7yKCj-6_F9EjB>M;LbDX~qL0*Ndm%5yFpE()0)}7j(wqxcRYv!q4$Ah)i&lT1+ z=?Ufz>m44M9ldHEZx*K7`pY*SOPuQK4e_)E?yb&IRUvJ|Od{G8NMF8}4udIm$g6o_ zpYj$juH0DrgTUMrSGvrij3)xUOmiC=-YMZ%bI9d-=`9l`UO6M4J-MVG zk$&>{{CESm+cGF?@$91L`ZYAC)R%Rx6WKC&1GSKfmV}<+VnR(N+t)o;%+~xoHEUX3 z`uid4>xsX-Y|`0ZUMv{vI_mZ@*uSJEQ@*h#HPRXi?qWq0Me3!N$Y?k{I+l)5c5IQ2 zk&BxY{!{^M=M+SkUSEwmgkiMQRVrD4)73mGU|?u&jgXOymIn4IffJQz%ghB_5*~bJ zF8ogTba;muG%MxITV`g0>Sn7MEf4Hr_NXAP5Ucog`G{l1u zVC@fCVZ(H_%hvm6W4p_}n$-B}^U8`5*>Q!qZTcPOOz<_|7i;h-;oS@mX+DV;l>$&u zr+3~gvyC8~Jmwv5Zq|^51Vp=;?W4gjmJ50Yl;4w?xRvqjWXxv+`sRv|R0A%y-hhwc2N<;Q z*`tTNLr6r_-e!qIHj7!C!QKcIy>E_hc~xptrs^$Bire}qy3T2N_q$H3zx+HW2r&c{ z)~L`D!#FLPE*>^TI;mg}P}4}1Bonpsy9a-JrHLhN6ptQ9zI}*V%nCk!54J~{8FT4= z4>RK_TYSzwWY~5u%mM_ZTtO-0!KlB|zcsyvaWRwPg1U_ufww<@eIdFr z?LMzTPOqine8TLi@All-Ln4ER*81W0o$UcsEqP0RBWIT{14fJiQmGZsd~h;LCJ6&= z1zRR5HY_ju^$QmaBh@&C zBqK*unP(XKwZjsG+J^Yx)%+Yr4pNbxsO01tdNyAVH#%0+=OsBt9I#2SASM{m%XThf zsnWC%%xu@S3~f%9Fo%V9DSH$JUPLnJhlY+TTeyQ*w9dR@!YpPUwX*j}0M65^j zlIT!~NFQ0D)#-Go|HlHCOZ0<)kV2KaS+6)}{g4S>^lYEFEw)c&>_V^*1@n~^Bwm;3 zOekv@_p6}nt&IDzaPspFKKejAB2Y6iLdP9B?2(+?P^znEe(tBi zl5EVdzC9Wh?7>&Yh(&10_mjH27=@YOa*`P=eJyGxN{!}c-(l*iJ_L3+YA-mk$M@r$ zFlCPh0{c9XZMPEU+jrTYs?cD@22l=~K>028DX*N!rLU2TR|&wZ8fQ<)+#1w|udSwK z{Y&Gs@M73z#aD84(-})25rigqHfoylK0nr;z`5M6aBB_L@9(M05%q2Q%CS~*0UAi% zLgGv$1RF@TFg+ZfC^j>5pDHevOdS_dBMVh$^3>-xg=I}^_K_)DT`d-kOKSH6;QMs8 zZ5oJW%(jNtIZF098f^Pb^8o3WhEk}_i5#!-a?AKuUh4yONJGlwN(PrH$4c(X?oGQJ zlx1KX-4b@bG+3{k+B(+-@jWae&my%4ML{i9yC)2G#N>uB%%K=5JWO4IK5OY~vDs65 z1D;1TpPz9H(p^8bhtAF08y5+%Ge70VoEl{iPISS8j9VXwgziicl(lpKraQ+mrn_MS zc_1w1p~5PK20g9bd|753P4so0o#RWdxkh zbK3-*xhkNj8QYnsOyu;PCbt(8FmwAmJh)?O4|s-mnr z^PB+Yvc;Vxz$xzZqmH91*d#~K+8Se_i`m9m!Q~Ly@+4pW9L+AeGiO9 ztxFCRVB5!qxnT5N+x$FL?_ntuMQ2U+!j8lbRVUD)QUNU^VQef8wU(1_EH)IO!Ad&X zL6Kh2?DmmiCT`E*oO1#jx>^y@Fdh|quyl}l0o=fKDsrvbi z8|B6;d+tgI7#SVqU!ckuNEoKW z)6Hx(V^&}ii$PCPgXM8^ifCCVaV@-h*i~O_3vZnDRID01uTlx3KD3=_{FEP5>f$(q za%koOq@Fy3gIEu}9@3STCZRUI;9an7E9MU0;Zq3TO9P&JICkAtW8cmF|XaP-!OIuYx-F~+ppe>C8Y;8)E#=IU5 zlCS3{OrmYU=rpubsQCeTKdO%-Yd+)fAohL2E>hxF(%FOHpySr1a#GObynYJdmZCG+ z09#^qK!{5Zr7d_9=VIjgl#Fe8&iU#bw^gY?X4Y;)9xa}y3_rrRuw z-fE7@SGIciSqZ?0RZuNs-qZtyxzZYb@1BG4*Q!5Jfm)qM*G&$~K-f;QSBwN0jOnBz zE{YNW!P&EwFV1?$#Bp!4Cnz?D)2j?ZkaP#V@Z;YGUIfPr#Ui;H*tF8wM9Zi#Q}A;k zuI5A1i;qPcGMred=his6VeFi(^@2?}?0p}6=*H45XlpL8HSDLYIlLga&$X6Km5B2& zlKeczS$xYuP;;L;H1`nB1m3)=J+Aeh4DG6vRS(Y~hskltpME=`D{jBiC&$UwB54@k z`Yt>v!}sus-=&kMRQkHhUK$HQXtlC7^uDhVM46avS#EFo$nIiM%tRD;wQH3(32CeA z_{>MquLT}%jk9w}r}45N*I?|o*_M$*&OD^f57n!0zR&K-p~xldzSW)js#Y-R2G?8H zG|Uwha*2TNx@x6E@l|P?rL3}lCcrGz7z=~15Pp8RH<#$^)C*Sd_7U4z$hvU}FOhVoeNi!2=-0iRI@>;`^1(GeCKal@vwa!@f{) zO`3Cy>!%I|m$Yq=rYCi2XRbUc%q_WHKA>8NYwk@Cs0c1=;H4t*J@n-6@df?#T73WRW;^(z?UxFa$X~)^MhlmIO<;mpQ zI;Y=a zUOQyd0~353R0-E6jKm(e@FS#B;Z3qV3>)&8C!=NYhy%=09Dv#u^iKvxkin5YJrF3p zc1{Sm4-1*(;ZXiH93$d-7>-x4MQLm(c6u`^P3ZC^-NM&xB3hX zO|Ccw4-kj^wX>*TT$S*~de?;EE1~b_D;*wa05f(Das1rfAIF`ITJ(%>D)`B!WyD!7 zk9zfnfFmzH25ysOHT6!pc{m7Il`+P1%QN&R?Ix(TG_X98e|TGwu=x$gpsaRbMvYq% zkZi_WN9e1hYBS_$@xV=tXI>)ByHpK=1=d&3uuh;;&h7!c>IlOE>Qu50-h}{=YRd&5k&-M2bQe`qp_anG5H?@M9BE=E(|R6QINUGqVqjh=?L*^q;KpsJmUd3b z&nPVsmyPyH%b#OCAG%MZ!aXe2#`5}pfq2{&(oLD|S!(I#BwBG#U>HPK1ebYJ(l6Ez z;-PGy9iIXMUp3&REt3!V;*U~egrj854+t;WV|$*lJ=f|pGvq&1C!MYt)tOZ#S|$c} z5z?_0)TkEk?{W~9*f`W-m*wl9U9Ok>qUbYm_+2f2M48>j&7Xa-`xxjJkC!%k8?ggE z&yQ2>3l7IXnyaB*yh;-*fA`S4T3KYWHm7j$XbIjZ^H-bx@ozY>dy)%pdvy_QA2T?B zZ5S?Aia`tOZ%yC4`~aKlMVy)j;)q>_ZvGga+u=W1-eziiNxXM7$H6nAu|^sKY{vD# zRnBy9X+k`wLI^fRORqf6?I7qoILlfS^pZz!zF<+H&v#yNHxTgl&F={xkDyqTv356X zZn3&JytYB<)o1JdI%m|An^8H-WRsY0Zu{<)bkk2*nbl00aoW7F`l!EH)GYpud?w_> zTpR$FX=Om>;8lC4*c z>e@!+Ne{X%gxT3{&^za8F%=vyIlHuD=`oC-6@E&t-zqp#r0cr?1(eOp#HyxEb)eAW z=o_YlII10>^^Jw zFLeS?>X6XpM8OD@!W@n^k-&lJrRd0-8xpkiw!`As1f`Y6uTWy+!SdQWo16Y;H)k-k zCAKSf-K9?igp8x z;g6KYs^V(;@YigoerQG2jbFs7C)9~a2kf?fUEbN@q94{?ci=&?140fGzIu%92oU;b z6YO&|^Qk+E|2A7_J5aOr;^7r!=l*4J|MaX5>Ot^hMYNWG0DJ}5$a79_BR@-z3$vX&r$7l7fWwD7Ut(*8~gHx zR#EmsTdTJy=0GS*>`q&}92IpUfk`ugT5)X>jY&sHUmOw=FatB>Q&N zhx``a_A%&A=G`sa#muVQ7r}tLgd^2gJoTvIveBV8)(v*LtzVMg_2;E2m21OA90;$+ zZ2DeO*>=mRITxADFQ3KK@)Jp9AEn2d`@J1oRwTP7UEnD0o>%08B^z8OjH6wQB2u$> z0U9TMc;Iu+i2NzZZLa&Saf}!(P(Rr%Q(KsNQ%pfv1dT)IA7dPZ4x09SWz=%Ruw?1kK zhP{y`IB$(DpK`ZnWFrwm<(_rfnwDy@fq~BOm_4n`O=3ea@OhFXvAD@qRhkT zdG(-{XMb;$4f1&qZp)_YYl71qsvGl?1xj|Q67Q^q)2qt4T^_)1dQ+8gVm0=WH_s1x zF0kr+5pn6_TfRc#=_+us(7O{_>9>rLzOs(N_>LG6-PIUY<#&2EAJMY5ITbnx-D>)I z#)CN#sMip<{%UDgVe8VNX40@>pAO<^*jMHjUq2BF1=ao~F)*P}bM#G1-YZF#ynDkQ z9-uL@74^+}B_DmhiTKhyT~%x6%SwRIJue%XsAWLEROwvq%j7TF7Cro?0fYYSUGvs=FJ zE`IEU-zw?kG&4$;92O;-E~(D-XZu8rRt z(#;c6;sLI8*G_8^e6$+X&zg%;%HhInTvxa%@N!3;RNT26Y{F?pC}Rf2x_#Y8svWQ^ z<|{u~oh4SJqGejL<#+ntl|Y?5yq^?z>=wFvd8yMsv2Ypx@MH4WWXJ=V`>xjsa5KAi zea*csnVJ&xYG%VKiWAbjU17<}VfkmD`9uxsg7CSS!gzg6h-+dPj*j%ck?gSIT{{UL?3`bj`)j9gO2Ub_8A=^LWY|-CHGTrUHn`Q0)?#?H2+N-z! z(J=xs#=`hIHnWh8g1iBPY!>w)o@T71s?^_&u({hxS}I0$SWL#@LkoeZr>rVh@Ub6pC?ZY!>E=z000*tr${FXLj~2JWQK+QhX6W|IX(N5^MF!n~VpMtetj~pw3Dua(MYt@&lS1C^DtCakvc6oM zSnxBoG3Z6E+Yxa(<#oF+WUz?5;aRRTVM)g{P(A@Q913`8`y-TYP<`^sCu!~szy_L3 zP7F7dmh@{z5?m;M$xcAL29M6?0g((H+tA1*zng!7vC$@$1Bj37)mAZ5>W{OtHB=0$ zNwhRKzj}_^w@qHmw7;I*aXMy^9CTHykdR2fY57B*Sh8k;>k01`l9jL^D_%nih||2> ze{n`0t)5iUrIhLRw5B3+y(^Gs5FY8<6lzMSID|U1ve5r)pl7A@N`1} zd_1QEYjK>w?qc{_KRv5})i^)cyPBN9d6_ml4gZ6zVii;q#%g{$fOV|eD*u7IF5qoj z?GZCHl}=#P6lRfpdnea5R0)TagtID_TjEdT0>4=HmP%tGT>XHBC!tr#iX&J8Vj` zr%Cd{M{CUeb{a`Pn3<)p%{t#A?c?BtUsjvi zt~|2V!(r8&)w$fBm4}x}w6PJF$l_nVa=md z9~K1r&F?`M_RgLbw&Z4$o`r_a(svdnWm0-NKG#fpkL3a%u*krWRer4B*3D{;P8=c3rajZ4dZ|$@mc@i9*wj?@_@m-Np$bCPmtddT%i7Q%d7GK*$y+NnJf7Ddg(sdS9vOY5N zRbj;r3L(bzDlr)#eJ|C``S|e>UpUc>SA%)-unhPhvZVPGXTr7-Rp=`ZX4A@&4=BiK z97dy1*HQ7B65i==6v-c4?$x$T@}D2CXl=HllqB1&VNQ7h@`hA=x?8rDj-dTSn|piG z4oIws@4YqHm*%V))0NG4v`!ee{n)(R=m{DO?KVP6izyv9wUtj$s6X-u#la=RRk0L( zZcAn!Gv}5NTx)04cg-Vy@n{i(EPX&b*%*%LVWV%9Y<-y4!#D&cXcKIz$a46$ZeD>9 z#3)!T5KbrPQ{)0smJ}_y^)La^)cwk0Lz7Yr(4sZS+sL7Dn8pSJ)bRUy4$->u5%7j0{m^4a-KTfIXFYi)lb*osFi)Qvt|v56t<3%xb}|ubJPm-(>IPzuVAAVSWc%MYLVq z>F%A}pP1w19^5!vw&lUDmo#UZb=Y=Y_|)oswd$u0FJWdt4#I9VLl81PSB$EzFbO52C=3S$Nt zYCw8*>Ri++>F68>ixD&MBa&JetD8;4taQFO1F=2%QKs$f@fHbT?V?tE7#lyA`MSyW zMd|ux9{M(?nO?*3U8Yy0=o}!q1l4Lzl>&)S6sOvJtnE()kWY+2OeMnTtsN*;Is*xI ze&8+q8~D?F5Kdr@PSxOXO=P1o8ts-LZk)66EuD& z`65j=$|doym(PTf%TiJ)=CFwu#OvM5ga^`{$g(Ip_u80-q7wHib?gji&32N5b}Lk? zAo!!YjMfgGB-zqGYtSYE@?tZJQt(Za9iz<{dHF5p&N^fn0399P8wR}ig)-p)`!^U^ zE$%0&42TN>&rNMJ^QoU27GVpFY&{>_HF62MoigS{PpWID-zo5`wKN+6ibn1l9e0v! zHzOy9A7czb%_CshV`i-*!gH}Y-orwLAlu{mVv(71*CCeqZ-4SeXztKB!}mBDG8KBM zu$5D!zU%+GBPdGu4AfzI=B7-Ak^DxyHRi*@6f~B1ku2i*&RR2ct=wO+d=#T|9Z%3X zZ6A#`VSE)H7eV@c3>rU3=9oNEbRY6co!OK=yld+5Rwv)lK`Xw_7`0RZ&MASvV|>CP zBXk9gR$`azKM|&x$KasK#&y}CxHVbXv}$@&st#E<_q{y6{1EC@g!zd$J&@=I_PI>u z1vKyf)#BO(183>J^$hgPt=phK8`CNhET&^NrD_3a6OO*a)pP%RcT!8dSN<^2g5ux) z@LtF`hN$-ZI(6_^C^pip7`j;$`g*R^SR8aYEGOMKu&TaS8!mV}(A1~NFoO#5MR!~T ztsjCTK5;;VF-v1i{Hol{)+Yl7iR#n;^1(aAzO4>+IE{E%_O_5xE{k*)tiJ7IzVhNW z%q?wmKr;hk%6oG^-IPwyz-iCr!rAgNy;;9(+g#{Gx4iFrUUBvYbn_`I)kwJYF@ex! zSx~hqK<3F-69+GNL&fZ!Z(WwrQ9Y`Y1X-`S(Su%>;lRKm<&-5|jfop~^jBV(h>96H z9-*Znv8?y%Khb_x^3q&!iR3w@l9E_GNbt>G_;!`cs&rh46zsda2#=#^luu% zfI#Kxymr~!IG8ZwPRA`(rAhRu*iks~tmj}Q z8m1YZ^X1r_&gQK(JQ?gAA!S0N8?-4{Jtax}?&2EGg$a=EQc#iRsh;rmmYa!z9bw_K z!G}k4#UM=>IdlJ@b{TI{zL#lW_SH+|@la(*3BqbODjh?lv5K2Y%wkYG|a*%oSig{d%MDmm%3=~>|ufn)7!xg$o#RVwf7 zGeMiTNcNwPg>4uK_v5#Dxp+R8;@TGdm_8Q2)dMr0K?C5*7K1V=%}G*V#2%lTZ0{{| zwxT9iUP+jJ>ZzTgRa|;`xQ5OSkal*hIs}$7iwh+SGTbWmJ%I18T5g{N0R&03#HO5i z?}2L5$%P{a4^?ni{Q_T7I&uAZV$8k$#${KU?}lPv54fAf0r_Ym%|`d^#_tU$vEJwX zAt<-VW4vh3P7iy=9Um{iz|{?E7Sb0{gYLv(k0^Od@eU%4}QK1D5YvE<6aX zIF9tk9SH9B?0K|eQVA4y$EOg|M?Jv#Vx6*=Vc+&6=qBx2s@A(+My4HZQvE7eYGBq1yx5pmJB|b@Pw);f2m0KlY1rSdFI zG?=jgSAbL<7AA}0#6!%PX=mCj#DV4qz3w?4d-D)m<)Hu{qMKuKw2h6=w>+Ww>QS1X4=H0@UTCQtKHjWQ2-2%0X5&T= zU_Sgr%s#Ck@i8lmVtMPuJ7?qc@JgNru5Q17Iiz;F8B_nazt+c2$P4ZVs232O0~?@0Y{y20QQ`3qM<@(0{q)z_2uOvW?-NRWW+))O+0M%ndv$|zaL}WIkm)u4C zM`&Q;{a7-&i_F{S<&0r61N()xUKIBzr=CLq2&>dde z2%@j~L`d!t>3v5%Oflb`ec;M(F7Z3(_n!t3Zy9J+QF&R}@`&u^J|5cl7fcie&{ES% zIPKXXv@6Ii=rgV80HLCH$Vd=^geOjBuVTfOvOhrEr9{&^=L`Pa}%Y zQcQj}U5`B9`$LSk`cd5m)dN}Ac`#!rHj;!t8)~ZO_{|4xY2j{VP# zq9Db1VW|uv7z+G}5&onMp!af0fha&w05@02x0kQw)Ro>2MXfro1?v?Sm=Q57d|h0@B+BD26VWdK-PVjI46XFZa?W!seT76e+|a_8wFJ8 ztP@zQsi*eyJ(##gsn07u)#WlOi*Dlrvs(~#yNoX*SYeN-zYmMWV-2=d7}fPsO2vW( ziM&5-x%E;GAbRNI3u3kJL*^Ux8sO)Wk)rMgm%fal^n9E_mWv#U>Mv4|$c`euz6@t- zfJxh0b37|IJDMtv3f)h{Uausf;E(z3kpC)!{C%458oMFrOWM$W9Da;(<1z@?5 zKv;Za7Al|s4~ZU}zMXsi*P#9k?FRdKu;y|jF`*0+3`Nw|O;4p6Cm)+;<;r*qVb-~k zvl44X>^zf!^dl06)X2OB!=};Fm+xJeO`=0xii$amdrNG7_yF6&z=VyVDzy5!BA#5 z;QM#|{Wn;j5NO8ETFa^}rNj)19X_q4DNjqbeH}GidP(JJ-*Pwv?T@)UZpaf-jF9rb zzPcTtwe9^j+v`#+Y|ki(F7sd>Vcu~ZkCza3*Z5*>gI~1_JP{mKa+{^bd3I_P`(a*3 ztj>_Y>cIm6_9#Mhsib1Rq@sf4PbTND`-vem3D)ZFz)|}N<`e5Yqod@iF5Ve^?A|gq zR=+xyH$6`w{`3MrgJ$?4mhWXF;wO$O$1Ev(_6?N*H`OvX63G{M0LQ~h3YzTupDfN6 z$0D?uACnZqwx>~Z#cwW<&6fGTPY58{$#)hI!C4aay729-ELnX{shi8Vf&UkOBEQi> z8Kg+JuoDAI`WetRPqCaO@^k(KyN;n-HyYGTgiB-mwdCk#*fpYTG#g)ccr3&7u!$hp z@Z;VATZmb&4TZeqPHRPwt@wyK~tU(u~j6+p`Ud4=K(i)c^jO^MJ>v$A_Yq(pN~L5Sz6G!7gPBMrTsqb;03 z)?O%hkSMaJ-G`YPXfc;9HHS)ZrO}=;C9=;|rphgJg>tY}Y!1!;u^j@3>k|#(}*P4A4t* zEu>^xjX{CphGH37zeto2WyE7#UEMU}+t9R40ke$^><2~ECH&kQ&S*`repr+lSATKeCO8{H}7s$c+qXYqD zaFCT=M|Q}+{V`0G2}+b=JX`bX-5QPPHW6EQSU;S&edcOhREi(Aqa6C@{_5{Q%_GZ~ zRblofPT-0b*wL#QXHc83EPxjOq(joF1h1YHMTngXycp2{Nd#ZAEr4gMbo&c8#K(*@N99Q>2pq#(Lm>qMrn)-^rLSX+q@K>fVuFl1Z6Z?F$p za=N;(hJ{bCnrizdK|)Gt`Isi5$4v&$t4(MP*e*isqY;e8hQ4O~kDejX|6Hlegg9_| zzzHRcfw{gBIpn7+F3dDXEmST>fy*BX?2+WlD!E@yJ;;Jo>+j>ON;@uoR8|@~TeF!a4Bc%%T#hL2L2WQIXT(&}HQNtEw7km!6Dy0bkpJ{?g8%2I zuP+bWDPs)}wgbGip3c=(cRIR>kuaZP?&Mf1;h?c|9Gu5PVo8Y^3Koj~eERBtGXSyf zOPINZ`C%LO<(q+riktfl?Q;LqN7cD&@T_oeVTL+1)?Oq%Tkgq;859u2rIW;mOBlY< z%D4*;O0?5x<@UN-K<@P)=Kp5`1l=(4^GcHP%FOmN@k1Q0R)+`sL*?nz%c}CoTa1Ty zSkQ9AOwrIYn=eM7%}U$>*=VAz`agyQt|W%MTik=1>fclP&-eb_q)e~`4pLA6-0tW9 zp?=YP@4(~_K0AE4_YDy>Dkf# zkHi@)>GA$#`}W6n3_LF+zP}9kNZ+3F|47cj5`Q4V*6aW1M~uMtuNIsCr=Y*W@BdTK z|34nY=lX6uP|?nxPf07(@w82l!TmgTubwMZmhy|HQcJ+9`PxxL@E^X z^Nj-h_HFx_;c`<&+S$sQ;7GUur;8q!M=%&N&cDxfI_7d5GaJTz#%xk(y<4UwBQ+f{?XwgQSWNtHS^~xiKE4bNZGbhaH|*AW#$&Hvt%cyFUb4H~L<|utxc8H$ zRsey^yYLRLl~Bxh%jmhMrU|h`knzWYNnu!yxfZ1^u!Dfh+UnYmGC?i z+^U73ZApWU3JcL{v_HTDlI6YATfXBeIpYSe&P|;Hghwqu3#YLv!WCTRid7Vj$9C|S z=J(zi?A-r_AAXIfQ~6~t<>ixO_1)kCJT}{6?Yz{SzsDSVmZXrQQJL4;f5GElAVM%u zSIfhATE|H9{V$vtaI$2E)AlbT9Qo2*F=hMVk0CJ;|DU+)2$gCm(MxCgKX^3pXF%^& zVVq*%AIn{Xg=76g?Y@E#FP|$WXP7{LwX1F}P8!}hiQsC*;jRh&iP&2K-F?KydBPcS zDr@JXV65|cK53?J)DdI}U3mM0u7bb6KEszs@|2Nz+~==jQI`#jxX;mcRMJfj#D7dD z+SdZ|N$MPnT-QoC=Cn+8Ai_?#KS3;sXLX$|_D}PC2g3wrGv%tNv+^c)D@Lsue=q@Xq*)R1om{Zm-IuJOu=hGPcV$c5tJgyG z*xLS|#grgO8P)(gip4w&}pxyGisrc&@nop273z>b)-d>W$kS@AVZgHdtQ=m!apdFF9_Mx z-Tub(*&0O^#>(|DalkPWNROM5-QXN1u&M3HS=3jv&_YlO^Ii1u>@u5 zDG8AjNxAS!<7AS`Fb3M(FZiRtapnf`r*%!i#&gNz`ao!B`$o%i))ZyjL0aM0+va}sN^ z2k{Sk-Lilb=;J=jpCCRGssv!j5-RSsPDY8QB16Z>9mC6etZW5;uCfqJYd~u90qCZ9 zwl^!p>I;xS5e`+R2GNoW1rO1kmhRU9;EWWqY~4oyqQkz z8aYY7EGR7;o3C7s{DYdlr~OgWOU(H!R2=bFLy?4 z3oUhSmx42YStw#x#t6V998i606RHI#qLYw{yYCByiRN00+hrzP3)OP3D%vjVzqUM0 ziIG&o#-Kv2kq+Jg!pAo6J3Tw!tkV~$zpkX^{m}h$(UX12UnHG$O*DeT){2Y2QBYGm zT6AXeIiCh_ecOV@Sp?ByE}nl5MUb^jU-bc>jWWXsn1GFDMYCCS-O~Cm!^)oO+YkGEkR{&I8Qfe*nu~36fIa}7=BPlTtX}U*BD#R zlX~r;VoJ?@R;+gGa02ae&>t4iF48@vYyEH#df{*zKaSvVJKd>{PYc=(%|%3O?lL9W zBJ#^0!b56O9nHTuWX6lpRUp44ki1#PPY_4zD+z)hB%*Ga7(dcGQet;d2%uilBF280 zuU9`iG0U@b6%9h11S-)Y`Y4jI;^2`k;^UHXD+m}lCdEZ$%`fwgG-2b%dKH{vAO8N+ zC#EtXxu$h9k9cgxN(6kufBEhvTl&)lja4eB5#Y)Su>paB(T^ zQBhDA0FxI`YSs4N@!8kpp9?lAqV3}dw&}jU!T???+;;Nl zRd?FPM_vdY9AM;~Y^M2VPfh0vtw)j2v1K)@03uO=E%((@T>t5ey|)Tu&G$5-oCJSHJUUw-5;6ywAZgAQ!-2s|qz;yQL99x#7NgZCw$d{}9 zJ`;WDhMjgXjDskUfSVzEh!lATs(xB z6!x2UoB;|1-_Cq~EG|Qe+XSpA4~_BAWiSHbUIW zi3~QntQ2?~x%V$~)O);8Oo~Hx%RS5sGL`+;dLGQ(h>u}=X*_HX8*=+uvJ+ffc|eHEbIWbA3?v5|OUsc-**df!@pl1gn!;=p8R1 zd2_dIE;I`8wewx6(HNt-{qGvb|I`HcOeGcnXwd0h|0$y?y zsMKwtsiRB|YR&hiF~njZz_;_29;wlOY-%!t2H%`;QWqh6<}Blp6$u0&`K33|*KWtn z0f`wNx5(hX#rYK(i-$a03j^n;yYZdFxY11%($lwa zTajJiu$G?@m&&yMlPlyoS5NW?Nka2?Qw+nmkeW<5lfY5_T4QWq+<*3 zw;|tm$1DCjp;S$l-70yX)b>}Pcuap7bSl=Dl95RS$4VU9~yz;RrS)83^cP4 zNqlCB(kdMZgbhQTE7YFd)+5tq$_#g}9VmEa_KK?wyQ2SzxVC}5(hq4`TmmdzI&UO?LhrsfN` zUr$Lero)q-bwRJ(eo*KIO=-dfD2bdE7njtBn_^{&>oQZw%}gZFlMSDjwNFw@=@k2{ z*Dc{D=~1!(38r{1rI2PouzE#PUn;~fuYA(Ow2b!$QjRJMw@3J3*0;t$v+*@^L27c*`}pE3$N)AB zmW#trATl{^bjq@gGa@uMmhjN*041f0&uz9N&CHpnRdm&L+FY$k^=58~n?+H{VLWQYA(*5S`}V%le)p#kjZmrbnB+SN@gqgT z;SZAi=<9ZwHn^J82*0cp^qy0`0a3ydtwrjI7TS%K73QUr&5GW;1N{Lsg zuwx#I^ctjjrF~#O>0~E6#kF4uF>Ia@|q%Bp~^1SS#oVyz+*6=6-HS_XqHAyadZA*T8 zWi@!YGm$?PL z5aOw{7?A80|*4}Mrm0{Y}4DI)X6#lF8;bK^jxCI~+#=ywyLdqoAt_vSY?nmuO zhSVb^lLfCXrST0}fXvaYwi}h7+vkzHuq!!{@ zqvI$jI#h}mOU9OqtvedK>XY&aF`I_tRf-?`qzEsht%`Ok0Q`Zm?1e*Axn0NU(peG& zdoDX0!`f*6NeBQCvCWw^4{e8!MD#ma4>us!uDjCK%NL20saO`cYwlarU(d`Dzpsm= zb(!Mf8EqCpdzQmE=Nq>%oq9{mtnWABR4=AOUOethNNnaj9JOj3=RM~9G4yFn@*jsY zg|BNr8O&S?#W8y#UfIxeGR_w~O&AJq6{vWHN6RVkcZbK^$&IJa`&o=!&-A2P*tTec9r#`(6ZiR|Ji{rM9f+YbCIGr4zzDy}mXAAg~l0 zL6IvyB9gWf>X_kKUw8RCCSzLg+$uFu7C`7{LD9=R#3dWpN4A#kjK+OLP9=9$Ou^m!}6|dU(Ne^o6!~zRII&J+nvY~E8`;~j6(9FrzLVf$k zcF5%iMHHdDx87aTH}{8wM^n;^>2t<7!^O+%nZsnRVVwPEZVlM!);9yyi@1f|>E|O! zB4B8UY@+oibcrOpz^fN?P4K;OzMNpPuAO7{pV`iX1nz$)%SJRi<&jE) z2#`v}re(`y{FISGDh`eD*?Eb3(*E>(;S8ZVxVTWmk*PSb^40ae zZ7Hy-sQ~oSNEyk@kgb;nn8!R5O=+UnK<8b=1)CaREzyqIZl;FDtETKs(|j`txa@gZ z2RnyWwTlO2>4z4q!q4%zt?G&OjmXL$ZjG81(w%9sz!I-MLvy)A<+hl8a`M*f6sNDO z+3*1aEjVK?*Rd~7OCo!xvnp!gEfgHSrqkgru9ggUoqVv1Cc8nY<~Tg=Etaji^VMK( zlh%L8;-#rVnz5%=C4i#I+ca#jbxm1}&k2YeBQm~{m;o*%*xx71#q}F#+&U92Twb`5 zsf#?Adu znzIzg9aAvJ!fQj*X?AzG<$X8Mb3d4PxMIlu+ueyKm%MO0VU!@*3HL{b8w1OE&YSB! zN0mG0Y?(k4^iR9~)1kG9>dA*%j&gP#KqsuDEPKfHZ@v3f%-rq%%q6_`IkkvbtpN_b zJmSg0Lb_rWz9X}xs;V^i`J~P{<*;h+jt#DiE<9b6_U~#DM(7vN+S+-YC(=0K1y~z3 zFWyYQ4bD93nvx6((B)s;(K*6@^NOP1s1x}tua!!+VR!qEwe zkIryI;={ji4W(|**%PeIw6p;)FZ*`-78RV>+v^VQzo=UgPk&Dp>gdm1miFXop*1|9 zV=QycseLS7SoJy`VS7G7FMn^jvGykSJcucFvqQq^Soh%pl;btAsR33?1ax@JFQC-e zihY_5>JmhcN>}0Zn~cTRI%~L?&cQ<#O~K`A)~`ON?&B{u1^#r26ki!T@8Rc(8&D8e zQiXRDYzqlrEk);(A!Q8Sv>&Vb7fxShxF$wmgtQHtp%dLx^3 z!A1R`krl)l;l&?q25t0*h4&T4Ud{GiV=Jb*PFHwjlFkN8O`OD*n+A8JV>dn~jS}wj zujR(K78|+uy7$z~utq>~t1eMiy3-M07^; zZ!wMh)1-NWqKz_e@+UU%KIxu0csvr3{-MH+PEkasQ&M0x+ljenuC!^6%G^l~_?$ai z7F`UDxDL%4B~c!0JIAsR43LNqo%vkbV!_;2rQF>5HS5GlL*xDUXM|1$gOE?#di{gGHMvcS_2cBi1o>A zGp>h4^^OZpZ}Iqz+1qngPGC9VNLrV|WtUqQJZ|wf39OK@2{Gz|lx`t!$D_HY` z?K3obXN&Ih!@{gnp^s_C@sSdZk#te-W}DG1PVRZ;TT;{=Q+F*78`atyob*>fl&;kl zBN=OXn9ZVyOFmIV*Ga~2*6pHAC)`-XfogCzM(kAjMy#E|m2Zy{Rg!V4%bklar}@jf zjDu)|9`-;N4MwU{EvDi07%xnNVNv|niO%PS3fZZ}%Vr#a%ySB)Shp}l(1v}D)u?gl zt!Gba<_)JU6Y%9e4&Uc>x`I(;D()1$iI2n7^@V=GQE4rKf3M$S%??`%Ra86hhG$xh zYE{ode)U1Rd{VouO@#;KkRBu5@*|5Z+WqGBE4y*NG_6;GkUPQjY`oui7YC)SEI-tK zm8#M(@amneN50#0e3yR3C2toUYkPZB=F;7Fz>*vN4I0XihWXr>FBbC?<{@j)nDO=@ zV@o$mnr(Uj8Io$aP+cZB$=l$%p!f5|pK1>db0k$YXa&ImlhW zh#$#y7GKi0#7ZU6>HO<1fS+==iSoEVkeNl?u+T)-$RL~t#-$_VDB9>uLz8cj`#2V{34##tDEDD6KL4vEW<|agx^aURv%0-K61E&S zEV_WU#jAY}B4`4}UWf1zOmUi})5D_`($g^Dw=wW~4Yk88N1mULEJ~1|s3#>^Rwcr? zpkb+ppFf@+f}zEQCxZk#OU!(Kcphk@g-fnJv|veUOXr@WmI*}0LkZvj?cOp_G{DKr zL?K!w)Tjd-jZ-6@!PEoM2%OkUXFl}CC(1@N((IHO2sy#8O+&2k)+ECVy6;IdmgWnb zEv9l#fn7@!HDk~8MoROa9AT(cx>V(+Nu3{_SPs4VqVCq7$~qYstk$8bk{FQMo>#RJ z8vM2Zv3T~?%NG9{be;j@iM^i!!XLiz;_TEPglXB;;?qF+MuP-RBbUuLx@?aIVJWVO zb#$L2mpEepg8O3XUj0R^#mr@uw)!J195s!qFVaqQKtOsV>foc-P~!oJi&36hlChSF zF;?W}@>wW`DfRJXVkmX9eGic5g3oijjWKIC;YAa+z_+?0P9A$MLNjYHZ@Y7Eh2 z?DmPK`7XP%8~(zDVv=ORK8#u?Ekt$NbXB)b z?qzP+=nfo|CeGz%*G7!iJxL13VL#y;2y>&mL#S5C47+KM?*NXJ;h7?4;|h!- ztqI53i^2|*%CKyXAvh9mY+mF!wFS>(qKjY8&h6&4Y+4+0)%WnWo7c&MSlRNYYMPv; z9dJmf9;eP~g0WwG7iV9j10G=9 zjLK&V#p+jqO_omb$GLbv%hm~npk#McI6<-g@rlUmF3ONaLM01tM371QSuP0iBmyp6 zal>2OK98Hl(CclsBD~{m)f6XMO*=%Kk5tm}qZlVSg>sCW1ffa+!HM{7!dmtiUL7%E zEmbx27|K~wJ?x>J0>(AH4dkcaiacd#YwtSo&ssa2&LSl8THUc3latm0pm`>4HiQ`@ z%?E&*_DYL7mY#L_+gTIP0?Zrilmbp0A3Y;QQchJm9UPuH;}uJMA|*DoQ}_{0Q0TQr zt#CbmX_t<=*0)$2h5C)1(LNi07=MPvPunu@b%M(Bdk2j}M!+%J?><_tKJ8|_I!A@^ zMi;FEgWZ^rl%%MW`D_bNpEDMulM`k@`8Jj=rH*%w@CN6k@se&jKxkoO5w>pN{mQe( zDbUhh$TBsf7BKN6r_DR*nXYASvG+K{cymsiGfh;@H?onCb_&#BZ3&tLIzqu$1Dxs` z%ZviBNL9b)@p7q&lgsoidHo6mqMqy>+e-=`kgD|u8Lnc+PT4l?+(Z* zwq7qCbklpEu?Uz;L%ZRId#g0NsAizDSTJmy5({y;dGyToI;%ymJ6EG1XPv8W=<0{XtlE^L=qiKJ zY|-wp2^24Kj!78f8`-q`%Eg6+)JhUfKR~9LtGLe9P?*CUGLsWUsqHUkw%8dHodlDy z{RyhHj$nV0j|=3_R| z5=)defb`T;SWDCbuQSs9GWsj8@y*9+^uaf0RJmVKIeS0XUJRde2q;7V6mz{LmM@z0 zR5qTbuFh9av?G+Y&Zy=qVJynj!C~JzgU8?JtSqCkrw>~ublNdl>UdzCpQ+hu*Yeb# z4e4y)cvjkuBz~uz>A64Za*XQMS9m-zDrSD8#$?8wxXGGFbW(3|<68&8Pmg%b zZKEnwheOlUF}yNXyPp>G3Mk@CreC3b`CehvrqxyMGS-QulZUjMZF7!m4Egs`jg!tk zMpc4A^EaR^h#kf5Dsb{CFYb<)abzI#0UKg1$lqeeTB2eRWCy7 zu)srTlfdIMr>NwG0WN1_!!-Jdrl{#Rf_EkqqWXysxy*Kc-VSYK$we5nyPh4}bg#J; z_yAFHzQ^1M(~w112}i}O)Hjl~ma+=7)f*v9Q72{&kK8jwiSr582riz|*ZOegUboh>fsQgbEN$Dl{GDG5e=>Pj}Q`GmF=U?pIJ^*v$NX z(LdoR6vySgk(HG^5mSH5kxy=1LK%1XNqkia4jjPY>(>ImVU?~^4j|NiRyA%1f>6qqJ zL?2Pqs;d42YlE&X*V4>UnGp}c^PK~c{>R11Rft(?`)|~r$Q!q15hjMWi`l*@-aX4 zgf?2A+2H#T%EaUrT!x%|MYIPuu*ueZYh+P3+kA(ki0X4_d~Nftjb!D=e)zpm{@fUC z&Han~%>JxQ zg1jj&recJa;Az-fg@5W}F1tS4w=Eeh4N)elb&2m(wFP`I3QU#c_Ca|Dp0D*1X)e|Y zO~~I`uk;wuq%TbNWbOgj9-5RovCZ*+!a=qtDJkS^5?Xy~AyfmI(|5SIz#neX6gVRs z6fE5~ARfKf`S}hS5(UYNl;bZ@b}?RMqQrP(DVC?eZX9)NTsB}=G}_phc!qm^VR#~Ej;(>L+Ku&W+Zmv~Pq?-`p=daEL@WBrVPAUv z%e2tb0fD)a=lV=rPlD(;xcpYzqvBxVTji()$R_#?@PUr`>O~!SCU)eTEt%?w7y(U- zWu&oI?WHLEN?`Wb4!Y62oWZ210xmT&q$3?=1P76*Y-Dq%_}dWfWc-Y!dKwI;RQ4A1 zEpK-)75g3dW_9~$30gUJ1i!)G!XGN|WKerIzH)TMbDz0e8`=xzU3(F;%I7Hzta4Km z+}U4A$Q3ZmE6+8TPm}k!X+%8K)n^D-DogG*EDoT%whKJQ?!RBro$UtJzn0)~3fSlb zEg&r?ZodaUL$tsUSu{F4<46Vsa*B3vJA<*;6P0eRqq&JbL*fuSN@qbE-;-{#yH}Xg zn#h@SDV1w4NEYT(WE?hJ?9A|4s>?3kHY!r`5~PrB3iGs+jJ@i@^Dzr&{n3b#iOFoa zdY$QNqt!GTSG`N+jMO?(OW_i!Mb611RPSl*&9Z#6vcO;Z8b5{8GD7AlcOs5wUcS9LC54i=S9?+FbGV@ zT?QT)PbJr@PM4hT#e_8qvO0*&xDR#p3)UA~DSKkTlG0k(PT=At}{Gk0ef?vv$${(9^X2|*e)}}OP0EjpqeVo8 z0^Z!|3U$v8;2M;b_Jw@#PlpKaFjW~+0!EbBEQblzSH^~(Cbqp-x#G73B6Il1|_p-r-zd4k5jQ7mBH+I|H-xOzDhe9W@gO%SV`G;&sUAeXi5s=y&G z1LscJIo=-gcfQFa4V0u0uqk{+@V;Z6J#;F0zr=H3gu64-4%pYfc_6u~U8r7sdIuRB z=!@oMB)r)FQ&s?kr3Nm2>PUu$8N5ez8c6K^IWt)X&-K_tP%s*A`4yFawZATnyS`oc>hnowLn{_Pi0fyeTtXbiT zE*IEyfC=Hk1;_TDD1K}tU*e2-Zq-;Snzl*fxb6PfCKQ6IML-sfPCMIg?t7Qf95Nj& z-1X0?-qK4aju67?^XUhoZQY>3!QOc0$fQiut*#2%>|JBGB~rGV>0v3G4@HnG%S-~R zY(MR_fzV#fE^25sljX*b#n3iz+AphkFTSJWRT6pq)EXEv;(5pWuUkVCA91QjhK!Z- zr@>d^QIYjjtt>TYyx1?^ez;?4BMwJeU|eob%VP#qP@AC7yHq@O_1E=6f4R}9b>nAO zD&w6M_mVz7X|0>OuC7vpcX|0%#EiD*7@NP&8o|Z;wTb(YWyZ%fvAJ>B+R@58oqW0F=U_DU~ z#0ppJ(giBiA=zZEz#Z;rd-Mq}Ip4LMmn2J13X;L7hJhqwdOxkKGFDnyH`A!I91ylP zGoz5o?m%|FR3lhrvulmob~8PgO=&151-LLn z6({{%1c@i+eUsHI2{7 zyYaSWan|JNu{sUY?D1ZC_50l4t)?N0g_hpA>FD6?)XYq;*9V;MQ(v9=e|}#^(^hZA zq*YebXziq`OWkD*GWeBm9!Pie;{}o=IT=+-NHtf=AiDX%Xl*)D*Lp9J_DC6jr)B2u z2W|KUj!e%1=p0w}%6#{HIY~I}O-?+#k^|}X+fFD)rzr;H8JV6DcjXZ~I5;qXbRz=p z&6aD83Wco`XL|HaLOj#upc7Xh&0!-IK7A8t2xmkP`?6#EaOl!eZ|_!!#q7pAIacZ2 z9+kPdx4*21p4LwG*ossy`52Ih2!i4 z**TGWV8JSde&M+MP4;r-M|tCX z0&=^s7|TERq0MXILbYV7!@ndPZ0q3f+?t1jGHS%vxrfjI?XWZIN=~9_xfsX1IWJc^ z$|H(eMgpawllWy0wmN0{9%Jz+Xe5c=MmE=Ld^kx3F7uz=&3w+t(UQI`K&?+uA2>KB zy#*VkbBvC&dmC6;!&!9Qk|D-&75d~vxVx$}S!uF3T?yufeZp7luoIgq%kW7PazM(^ zK}2ly>;4LnTO_0kj?NA;jKH#Dwg>y;nS#4MRM})p`5dhR82Lo$8OcI@_Dqz9wg_s3 z{(|HNJ~hqB%HR8CD^Fx0;Up9BS_eyX8)cbfmm#r2$XN^X4x`4aGMy`DSc>Bb>7m z(^jvNW_>rUedA0arKG|7ecZisnLKo7GwYJk0$a1#J-#Me#}|r07kQbMXQ!YV9PAUQ z_eDrZ+(t(5U8us9EDiB|ziY+V$p<|zdzqTGVPs z8d}RI;WMvM=%0DMzJit+RqQ_1O;=mUczZ#OhM4Npg5V6Gi=R^ z++7BxroFA!z67^tF2wOnu7@(0W1y$1*O{UJiV31k{Q2&vbN;pZ49}^nVbGx!5S>x_*<=fpAkj>#ycFteS*UXCMzgl{L8N!Z;=(1dfKp< zh11O{i=<4>CeZ9rX4``?w$QdR8+4>9{O3YdgB~UWzo{UxCHJA7P8y%m{8ZSN-jT~- zz-+NYl-Hr$+9&iM{(-Z<6s?9MY7Ln~#pN2x!#^nFZZWq5N{+7J3%0tdR%&ckigz;; z%Kb&V_z6TH%a16g?cmU3cRz0~3CEdC3UgnB;j9S|RTAkx+R+EpzL84f$wu4MkN`K!oz2Wv7`0H`mQN%XO5u}zM`4>c&Ae|e#?3#;YJ&Cj0+ntp`hi6yT zyPZfsTyL`mbRfAKD6`O&+z`SQ#djTmB{@Vp!9Hhs?Vl??5jkGEnfdm4u}^irq)0JG z$Zs`v`S@6x<0JRzs?S<|m7}b-Y+j6|JdV7zpW{=n-AqjE3SPy{B8Bk-J49@G23$r& z?EC5>h%8=wUS*LF=hL8OL#*a)iSc!6q6#&OF_Ta&^E+iKulU*zxMt>Z*u)qW`km8y zhBuFSj`DOqrr`lh^-}lv&r2klG(og?M7chV&Tx-#;I>!QeVRbQC26_8fXtq zmj!?hO2&2A8`NRSvvyT3CpXT$2IuEkZRy`GG6ekzwrnAC^Mqtmn5j4>EYo7*9Rh|L zP6jiI&Y}#2J-GPdg6+s9O&VrIXuRP2d~uFXM=~HrmD1-`#Le%&Yc$YG7jYWeBWAft$nQm{TdW-DS4MgIoHQnt)eBf z@9{j$hy$Yl{{?+aCg<1hAC#YWW2wC=xeCLXD}OP%mcuevbGB#`Nf@uSVwbPGhGg2^ zBq7DHx}{J%!SHmxW<~)b4<&|*y7o9udLHq{^jJ+DHdBhR!*lueXTBdE@xm5&8J%5f zeo>BER-RE8xBbTG9Bncm{K-E`-jR8@WA9YrE)w#_GG5EynmA~#h7+1S`Fg^%Z{a=z(Cjc3Els)?4X!l5<9Zehe- zp1*OOR_@~!{PDPdl;JqhL12+aobQ`@FShAT9p&*)5?`fk;8D6|DXsHtrbn2mM09t@ zW&eBkqb&c0wfL5ryrRPCb=}#Q<+(?gj{4imZrUxUSXA5F78MWq*&KCPV9!wC$)FFV zs)_UcBlJ3DO!{rnQN?oHTB7yJqx)SQ7tz;7P=S>8?N>@_0f3%&xHDlJaI%2O)IL#U zV6lP9v7%#v97EZ=)no0_SY;YoJi276=7yT{aAW<|wFQf0@RcppBv3mYzvU;-i(sJH zq9fHgxySN|tV@iLB0>jp4=Vzj@*+aZ^p9zhrx={9D7-ScsHBn;frjO6^YW1Tv)CV$ z%*o^T@NH(d2A+`*YHeS>__gj|!^$ix@~_LcLP@@(V28r?)|Ni!{M8v1EFa)SzeLD8 zme;lamJvg>C<`%3fF!|p7kBinj_gI+F&%Y$MVAFzwBGaCezrl}l@N>)14&9Bvo>C( zIhNX_&u=443}@{axf25`*Yau)dZxm*tOXOXo)FpE>z^w6zbODj8D9m3|pcMwpC&WmJWuKm(wDhQl8VG=rfkv8_wU1kvC zZkJJA=yrEgwL?Rnrb15UWDmCaP&EqFdo;y$FS-MQIK>t#&vQP*04!(n^UEdQwjzl} z43f;V7^EyVIODQJS6S4V!`S0}wTdG!?4GyUKGyrJFF9>)2PrxmvL24ip_;C=w4BQt z)km#c_qI5W1a>xKk4Q;<(!Cm3CCR!9?y6AeA8_?^BBAco&q4WnywtK zsyB-~h?4r}8Bem+-OFj`7#VWwtqUg9pZ3Rw7>^l#W@u|Lvm&)}tN#i0VL=nnPWy5+ zZI803rnU!3$)+uHjni>IzjB=<){E_}S&=zdJK@C@_k{)EI)48GD3k+I^>bP9YUHMU z=&|xDJMfle;*sWbvB5h6FC5WZyFZh{Xs$Qq?atcUa@i6m0E$9ldQUlsfWS$l(0_%?s5S*Z#+VT6U zKkRKT?XuxcdFhT9B;a7OFNHa1&%Lbbzt~QGw_4&9xUb-e?N&;`(QYXnl7=g4K3-Bk z4)*8$n1uiTHTRWoQN7#WfTMH>0!m9OrP7T$l;luDBhnxs-6c{YB_)k?4m~hKqja}) zGjvHK@Y|kqo%4nB`~wfyezAG6*Q|TRXVrc0{ZM7Ct^H!n&>7Mv9+SrJnkF-M;-D9y z-+gxNI#cp1(`g*iF7Z06wanlv@i(552usBsWv-$sT%qk2Wy)}8^xBJncU_#1G8VO# z41T!@nAskg2@{Tz;{|LkagEHzhpy9=l%@RSjBrcNeIeQ|&A<*fjw?_4J=!JT_aP1B zJlNQT2OCX285&#r#bgo{jDPh%&et3O4F!DEa}1mZ0>S2Z1`%ouX($YhBp;CXy=8Sjbct7w#GwK)Y;X4 zE6If$$%->BKH~^=sHn(`P9iOD)28>Zsz|lh{e$wHe@;(a@;TxKA4ahem@L!=}Ims7A{@>?LNQ%%SDDf;I!*$(ME%&)6Mf5_Ce*L-qR5(Ul! z%uiV~2siv;I=z@Qcc@hV;A1gqOjoT>$*2~(X~Cy2i@|GeKBx7x_zI(;Qx~Bq6^t4q z&}mM-Rai?}|L#pcu<(xvvId{qkTri01;cMHiQ!aRGvGT#eM$%P4!&L*HH7R}v?ELEL zEKPENuecvdYpUI4s_)Qe&8HfZlQt&xn*CTu&?}PJ8{?YHqC`?A80~9N*_j)~?&I~) zq2GtC{&x8xm$L5g2r}Kt4p?jSC?(H#o=PL09`1z27Is1}T+!XOom}e1mUXG-#kL*l zQ=6d{u_GykdA{pSMg4np5s+x-2V~i2YA>n{NIzz#tv4pxNwKA6+E`A#=o6$E()i%D z&<6=qvT2QUCt<0{y1q33X=Lql?Y!-FSj*7<`f99dBy7g$Fr|?z)1^L=?OVd|VgZ^{kTFgRm(&oA0fd=rTlyg3CXlqQyLZsHZZMjwyRcBfd8Qgu(=KF%+ zxehOd|5(Y8q$tmIA?6c~8C~(qV)>sad4dPs)MekrbO)N4?-?S#Sg9|((4KqL zVosai-`f1k-F&tcQ(Xzi`g-8nEM=xES=$xysgdvsHSZNRd9a&%f*6a~AQ8#~k1Na= zkoD6&v%?P7?}8pD+@o_>a7>Est;_h*ocBgf&SEe_GRI1hfeS-9AtyfhuEDGm%czUB zvM?8Cn}KM!>aix(=Xmlp&Lv+B?~4fNz5H{XZO6+=efJ9zjRHf8hx1xvW@8@f8N8xA zzuO4hZF6&w4z7WSM7_k~&$=P^E;|~{x$$QFIS%)N;?HVBP}pFJ=?^G9M`b5l9twC- zh3fb{sb>o;kdNg0gLyf<&kJn-Y)_Ii)H()}>AQXSGsCe35o!#wJxw7(>xJ zZ?cWsGDGfB+8CmXC-`4cfuMXD&L!TX_My=etqBO)jUH8<7oGyrr%mhLpu&^>#J zEz|UbEx`g@5@O>}9;V+ZoE4v&;!NRnx)7A(p_;dqZ3B&6KVbdl3G%+U5ocX-zqGfqoVyA2gUf8sZm>F9ub+A5e3N9<0)t>{CqB zlO^5#(;-$_R~XN74=J#xhKcHr^;LdB$(|pqSX+^l=%ZKkc`7X>O#yYCBh5i+;e&Cq zX@-6|*pJ)srvx7xhee$D&s9-)z@pNNy+TG_`0%TjZ%;Fsf~aQ^KGdTXJS}MaL_u%xC8c9Fo4Cn2Vg;-Kn#?Bq%o6GL z1;d4BZWjE&{)tC+&x!`!_ufSK_I&KWQo)Vo*kRK8A(q(h8dIx}D4UWx=`B1iu$nUI zty3piVBu`_&}UyQkeV7OfnJDk3`+-aXF5c{1QPopR|MPM`JeQ*c>B}$r*OAg&F6kP zHK>S6*Jd0)i*)L@U&=W@Pd{qyy_y~8Gu!9rX zH$8oRAJFOfSTd(v=Hnsfzu~!;*{prIY+gBv6Xn;004EIW+{g^*Y%Yuv3}0&Ld~3zf7&{0zE4Q)RIqMxMtJTr-pDOde!yCph zX~Jhd^hduzW_y{pNxR`-KZ7b_JVHi1KArD(qjTg%lH|o4`@l~dP;?n_Q%*A10ZRod z|7NO)KJ6v>E-#Do5IVs$(>o~c0I$C6@lVqn$%=FHAq?-H%`kI~_kXm@q@Vd^tY11V zJ6%%6um=&q`ZL3~Cmut-_;;Vqne8F?L;RCv2g>T6W@g{Hs?YR*t)i(O%*^)QM_dTh ze2ogRa(ooJnBOh9mxIj(N*GPOSTWrYf37Di?I!BRgUSOres!och8;QZRJRmfZAUff z5OW~H?z}nT>G;KPF_oYv_LF}CIjVIi!;nd7*Xm3pl$60 zr0X!%)ZK;)8~4=&GkKTXZuQrgGocFcN@E}6uh+&qC!KW8y}*NIj=h6Q`A(yw5d$di z$^5=NDb+KSoAqvH(6nFck?RKjn7>BH``z%`&!Y)?*b?eLoJ{xRZL^p+{ec2LsKEhA z_UO1@$46q9dZ6u*1@$j3Z%|7%-F;}Yre+P_<#vL_)YQ@{56#5LRHW=3YMSt^?mP2Z z+6m~f2?hzxUmwZUAAJw>T2!6$A?cjsuQxl2@0=g+G-oGvE%5gjk{wZ(Eql>(sV=2! znaFtmCw&X9pnVa@=5uwYt2^NbW9@L6nSO{Rrl5AoGAU`QJ%n>Gy@Cb5(5e_{lNUf7 zi;tgEy&fcpq6(5ZCxTID8j;G@mn+pEx2gOqnbvKEPD~v*---EXi(1k>4=G~jr(RBu zPhzm2B_A;#EX$T>S7@89=aLJFziPlt z$s`UDeJv^-#G2N4f`~m%&RjU>L{u{+R(Pf{#l}^m23!Jhu`$p3I_BsM9}jjJ(h;#? z_|z<&YpSP2y0dvwcD~t2ujm&`(kRhSiENM_&Ra6I&;D(e>XyS4#fF}zZNZ5jtzS7{ zzV~*{n7*`j$@;v6V=k9#{ECvJKsIx(eDk0y$m0orOK|rh!JjbF#K;&s@zY7Vu)Tk0>D#C|Ton)00`Aq&-TDoNuAMedmq!sjrxT)^FqfhN`ThsEvoMpbL;cE zi0zH7(q zVbjwgI~2B5%!k17A!2f54n-ZY9eNr+RLRerwG+Q8#rX$&2NFM|SkIlaJxx6KlkaFa zT51XYnf>5duoKCo%olj@!>isEH=ayg9lSpytG23gbA1o10xe(OkhDsIZw+fGXZgE~ zZg3h?sG!C&PSfvx@wC4guzap}&nk0wg1Lh@X$r@>9~D0 zheI8;f))i$`zA|Hotquz>Nd`m4_nugbIN#z<%{;8tLY~bT}4esC{P7GA2jJSUL`fA zlG0LFmrT3dGUKRHTf6{OAmXr?T^4$K`-jDk#nK5Dzhn-r&vAA8ND#=F40;$zN+QaPWKZZBq=!oAyDkL8xw@PC;&5=5 z!$;5`C<^$YT>iwEIq?@>p01)Q1OfF%9H;>@M{*;`~Z@C7Uh|tjg zbNLxRrW29@Xjc@p7gburireT7^NW6X{T{>U+N&||;FoCBb-@W^B}lO+SmXb@Q|iB>5{UL) zqaAz+c-^UR;I`GMR{D4G;#38W!eJ>8E%&h zJ!d=e_Z=$PGuuMkymFZfAu(+i{3HCTR;1Pl;Y~@kfWX(m1m*8EoW8}vi(?dUqC8r# zS(Kfes$%U_o?m3>U?*AU+dXgw`N91}E1j3dM;naG+7CRc$(6Ol=9U&mDjGl{S$bm= zha-*4!}|`RmW`=1-jrTL$4Ca(?Co2jh2nir0W4Ob=;R6JuQ}({alTI z?9V6qy-kt17M|%WXK+Y`@LA530wKlS*I4guJ;JUI_In+7rqfg;zbA>EOWv0PCtUbdN%V&=L@=1Icr#5D*Q30r@m09W1oX_5fnHJU+jjji%-&I%Qg z?RcfMC^-&!e#5k zPGatcTs{rni}P;2i3$KX`r&PqQMtNojN~((vuSaZL60HI(SPKjx^{PGyf3yPF%-3I zB~4i`=1eU=a8X~N&ngIDyvV#*x-QIi%g!Ar`q~dsxPrv2hR=<^9K+&ww9TO2wjFBc zxR$GbT}-m`@NLu0r5uwG)iWU5KZooPU&a=ZH5R&4Vx@Q~>3QH2eG z>tXi8PU&wgi5?ytsp<_oY%uUjeS-Ygw169VV~h+3@UCXrBW}~kHJC9xD;fpWcgr@J z&E}h)DV@evyMaId=78^hu?yZbV5E2}~N42Pm`YwUwMoi?&8_IFRaV%azxxc059J&84U zKJ}8~;TuorG8EkTug?KDej&1S39w?x>CX*imd_@7yqSGz?kU^x8~1i*pX7)L|GY39uQFjgU^_v zsf>)DO~+zsZ_-0`L7>3M-1doVLfKooo1&+Sl)>2MXbpKUwg{K(4~CV!%P0gJWPfHV z?kLXB|L)K)I(}fsdSv~W5MLA4j!nw5U2Ok~e*p78(DASJ$hc#4ez4{ck~;jNPNK&I z9Is`!kc3hBc5^i*$Jkg5bMe`RvAllffI5nxD^3HdaZJs)5wn7dyj+O#j(;_O?DonpRY=;LY*mzF>r zctc}Tptkbee_-mbE$Lz?Hs+Ac(4V&!goG1|##+W5(vNRD4=eD`fDhic8YeamRr_Ur zWvXu6oh|0hs0NOIAW*Fj(M;PA0H zIyJ2~n5g*4)ksLfc3|jOy=UD-3oGU=8YGFn&K%qJ>~{v)GIWX(K}p2av7h6J>7fKY zqfi3{Qc}{m2uMiz4|^<|?vzr^<}0O~!PMRg_OXwPw^aSC46B2;5*XBvGO9ay>A?cjue|lQK@H<$VflSfIF=H9NQSd&CK?Yq9+TQ zdPVPc!7V@L`|dVp&jHRVbcMTlE4dYz7ssNPTdOQH;=%mc<=HVEv3II0N1r}rWi9pW zv5(PEEUFu|7Y!*&&qRE>x?0vELWYQ7nN!}#u9^lx;Q6k<1cgVz@xfwcmS0Jrhbjd+ zT_MvM8T82gHcD$jo7OJHK2fKpI3%&U?B>-Q_p2zbA5MZ0OtkG=0V~dzeK*?51YruS znC8CTyP%My^0jQW>KGD)eUqZdK3E8-U9AP3NgKjqUW&p;V)NcC!$v9yb$#Eeg$SVm z+mZgk)+Rd;V@HfGgRt8@sAKTjePQ{-sI{z+x10eSq?nU)b0t!ER_5lVA|hNXDqfTO z%bAYdPE5#;1zH~F>!11aN-ISN^N<|jJP)^ReUdgdHn!#^tzi=*8>vQe zdU>E53i(&2h=DDCV4X>9;xW%WTtd#F4L+Im;6lvg&xcV62FB19Qw`|YAX?$9@9bMh zSuf~WzKGuP2Y?1021W+=7I6)+q?Y3Vn55>TAn?(0ymDX`ZBu`wF-7n}P+FiHl9+7? zOssDtL%_WzGu`$AyHM7Iwb^n>U(`sJx1s(#e-+S*ore*B0icPGiwJX7;hm5hQS-4jp zA#eSA08QbMTlCKrG+-clI}vaPsgawE;b+ipy%^-puzgG6hb^s}ektPu2DYRsZSAH*IlBHv1ECY8uA1CKXJVauCGu{~t0J3d(HmJZSM zjCD2-;~c`(0)^a$1TaiC1+U_oyhyK4x#rn5r)fQhC z7Zqh0Ty8+sH10(}7)pr{FO83P=alBo$Ex$PvzgXNtZZxbMja!~oJbXq@NVTv=tMGl z7@P-?yZy7PZ1`}3^2*AXo!VWof`Wqbs#&!{JbEZ97IVd-vB3UZn~hrSBZN^1Itk-tp4uS+XnjjG&4ZP#A7wauCu8C ze0$9P2h~Jx692za1}`r!!{g6a479o4WaBF|_=t3gka0(KxHyH7(( z`G4X651}Yfc`P4U4W;Yjca7UKk*r-Vb6)(9J7NSYi4c$v(TA@Jp(Sw92-w(N@+yR> z3MFb-eZGOJ719j5<)uX87@Q5-T#(;$JM&VcQJ~_^zIEpCE$&n(hF)=Z@QgG#aiAFyT zs_g4iM4qiCSpay({3gNxoWaFki&Bj*H2srOhIw0G5W_Q)pJhH z3M9vl_J*SZ?<{uOP2&Xae<`LbPjs*Q!GFF#))4aCZzUhD8rQe-m}9XIAVTm_T>^c+ zz#RmN=HSeeZzRV+QaqQ!(w=LPZbh@OPzg)tR-9|1!FW`644;NdPdt~wU*7#bwVgw0 zQ{&escJcn2S!4tmPbF4UX%BD8#{QUfV!ShOrfZfMc2s2e-X+tT{s$M)8NY}|;((^jsvqj7_3#OlBX0IQY{Ou1G9yn{JzSsfb25^+a54X>qr_>jm> zgNBR1!Y7guG}VcT35~*6XU{-@lQ)$eM1eBh=lw9>Ar+zLEI=9#vjDP<9|WZ98pto@ zw+KEn#Hz6fW(Jx9-^+ta@?yV*>x|98bP+1}FGz<2l@V{y==lR#TF#F)*N>-cbHl@b zF@_Rsonr}WRMwiQVB+cr3}J}3Sly_2{?<;fLApGzB-!7GdI_HvOi(&-N=iyPZWdP$ zePxn+H%mq_fF-fqb}DafX{qA1v$?VHZu+anB^GML+Ng}JqLw%h=YK+?geBdRgene5 z>-JmSNOtW?nXm~}{cueoJ9O{7`@z!!192m-BE+u*iuG#aq@<)42j~Z%nUwuXks((!fiUPfmvGPiEz~>h@msOyRtL`>Anqv1NKe>|^6jf**yFgC2!!Do$aYtCM@_}6stVrq^VtQ5|2Gytcwf1U8tq}!^bUg|H5IXOAC zW{dhTlq*(GsVi*5)|Z`DF8G&jXE$FHB?5;OTDv%bnfu65^*)vS%a`cI`t^y5LhD(s ze4%hWKsyw^A?>Ci$U4(r3iq>>_@zNz8A>mh>_*}Y4V3AlTEIZ_y_-7ECHb)bu}&l# zqUVs5S;?GL3lv@H>V+CnU`U{#KY%=U!hcNJHYzm!S>alrZ}!Jt56hzcIx(YoqDGLB z8XqZ^4!KE=C^!ZPWy;@eON6W_BX}g-FAMVW(sw;k!j4;I?HgWStg#u;j zXE148eXq{P8^3~$6l0En`3#-J51=`D^tFCabi?Dw`V9s&$~%+qN%{9Dz_f_~-2RkL|#IVtK%mnlU9x+!8vy zjwj64zX#D|0O($?w}@2us2(!EZQ4Aw`LrF+R(Cz~`9F+*(*zl}@j)%#L5&+r6_VpK z(>x6gAA4PH8st{=3E{fgUMf@l!He3Q_a7b}er+`lQ`h?z6cj`~q)Luo^I5HIO3s95 z?WvB(;nNW zcz>$#IXXJBe6R}0q}{GQHeLNi_f&TTIuv`(rQ2DTcJT2H!surAWpcf{R3}?>H0J)<&IQUS&cQyoa;`=x;&`3FI7|r|7n%u z`ViJ}8>b>*9-BWiUnr*O`&>G?1M_%`ahTrHR>En7S4<9)hft;AscRL=6IA}@&-a&v z|HQo}XAEN2r?1y@R__XeE63|Ja{TvNlb788GiNeU=z)r#6GprYt3HmE<=`?Tsj)hw7aJ}JeZO-#m%@MNvjcmMH!kfiAob9(l|{{F}E^q|Eh zw*31IT?aJYHL>4+l!)?le1u2L5$1pzH#RJhK=XEOL{&-h=W>idMy9`S2enDmVad<1 zv-RAxoCvXV*7f#}=r{G@E5VM%u375K37}aGQ#%Ii^~R?Trw+f;3QAy~pGxZvrET5I z7sI%>5@^2=`6i%owck!#@_8x%mt4{K0m-{9BE%EVZ>?Tu5k7wy>Q5I#d7jNrV>v(Z z#Cpba!@T@J#2sB-8C;$VxQ;-hKC*`82lG7utFb>Mdw6)Puf!YVpi(`;lasy8F{p6x z?%!}!Isy6Rs_b8Enx38(s0?OK{+lMqN;436O~9>_o;ph&9v?9o9M%fZy}H#| zmzAMoVUZ@SqPIcyBt(B=kci)=M~ku|?_?~Lo{nd_JBZ6wCjp>u7VDd@VQ4dVZ*&a4 zt$}nofjYi2SW$SJhxhJZo+Z%e$x&!km6Zd3k-Mbf{HgV9-J_4>sGBLcuMu`|X^Oay z7>7YaGJwsDPdPZ8-Wv>-{R9#b1w5B_xclCG^N)`%K#~)_%_4L&W&+K%o+SR=($eC* zylT4BVrj=bS60 zk<=I}mV2Z+7(|G&m89~jZlT#QO8$Zt7a*0bG-@XRlDsFv`gk`};wF6zo9ZN>B`S+c z&Z*`v4IJ!zxM{U5DPm~l-;q)pG&}1jCzJs&MMYL$o?4xo+deC$O!*%>2Z|wyA>xki zZU!yrCOHszs~9;upAnTN0pVu`44E^;D9?dTCz`}TQ&%7c21*PJ3_&N&xHtJ9p^uD< zlj7y&WrVdKL{4bCwIxoD2=yt_;Dce&5sEm+*5>BH$6FJx@$vCTe*KccB%l)b!=9me zaB^#)nyeskF!Z3`VCM0H=Qo#L2QDsL@=VodGS0DS? z1+2sW1vj_sr$P}F3Z)7Jb5b%g8elISxt)%#E>-Sq2JlhhR5Y;7VUIG#4Tt#mT(apq zXqsS~90|Nxig~5^e+it nRcwi6p`(s;ga2=Ts_7cj$)?F}GK5+k4fvClR0P9bz5V!qIThCu From 3d90bb345ae2ad4b83d1dac65264f3da0e5a1999 Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Thu, 27 Feb 2020 21:45:11 +0100 Subject: [PATCH 09/34] Update Python examples for v0.3 release Signed-off-by: Michael Gasch --- examples/python/esx-mtu-fixer/stack.yml | 7 ++-- examples/python/tagging/README.MD | 2 +- examples/python/tagging/handler/handler.py | 37 ++++++++++++++++++++-- examples/python/tagging/stack.yml | 4 +-- 4 files changed, 42 insertions(+), 8 deletions(-) diff --git a/examples/python/esx-mtu-fixer/stack.yml b/examples/python/esx-mtu-fixer/stack.yml index 49271c7f..5b579a48 100644 --- a/examples/python/esx-mtu-fixer/stack.yml +++ b/examples/python/esx-mtu-fixer/stack.yml @@ -1,15 +1,16 @@ version: 1.0 provider: name: openfaas - gateway: http://127.0.0.1:8080 + gateway: https://veba.yourdomain.com functions: esx-mtu-fixer: lang: python handler: ./esx-mtu-fixer - image: martindekov/esx-mtu-fixer:0.0.1 + image: vmware/veba-python-esx-mtu:latest annotations: - topic: vm.powered.on + topic: VmPoweredOnEvent environment: write_debug: true + read_debug: true secrets: - vc-credentials \ No newline at end of file diff --git a/examples/python/tagging/README.MD b/examples/python/tagging/README.MD index 55ff50b7..06ed0fda 100644 --- a/examples/python/tagging/README.MD +++ b/examples/python/tagging/README.MD @@ -72,7 +72,7 @@ functions: pytag-fn: lang: python3 handler: ./handler - image: embano1/pytag-fn:0.3 + image: vmware/veba-python-tagging:latest environment: write_debug: true read_debug: true diff --git a/examples/python/tagging/handler/handler.py b/examples/python/tagging/handler/handler.py index 15c42f31..5ffc38b7 100644 --- a/examples/python/tagging/handler/handler.py +++ b/examples/python/tagging/handler/handler.py @@ -13,12 +13,31 @@ ### Simple VAPI REST tagging implementation class FaaSResponse: + """FaaSResponse is a helper class to construct a properly formatted message returned by this function. + By default, OpenFaaS will marshal this response message as JSON. + """ def __init__(self, status, message): + """ + + Arguments: + + status {str} -- the response status code + message {str} -- the response message + """ self.status=status self.message=message class Tagger: + """Tagger is a vSphere REST API tagging client used to connect and tag objects in vCenter.""" + def __init__(self,conn): + """ + + Arguments: + + conn {Session} -- connection to vCenter REST API + """ + try: with open(VC_CONFIG, 'r') as vcconfigfile: vcconfig = toml.load(vcconfigfile) @@ -37,6 +56,11 @@ def __init__(self,conn): # vCenter connection handling def connect(self): + """performs a login to vCenter + + Returns: + FaaSResponse -- status code and message + """ try: resp = self.session.post('https://'+self.vc+VAPI_SESSION_PATH,auth=(self.username,self.password)) resp.raise_for_status() @@ -46,6 +70,15 @@ def connect(self): # VAPI REST tagging implementation def tag(self,obj): + """tags an object in vCenter + + Arguments: + + obj {dict} -- ManagedObjectReference + + Returns: + FaaSResponse -- status code and message + """ try: resp = self.session.post('https://'+self.vc+VAPI_TAG_PATH+self.tagurn+'?~action='+self.action,json=obj) resp.raise_for_status() @@ -57,7 +90,7 @@ def tag(self,obj): def handle(req): # Validate input try: - j = json.loads(req) + body = json.loads(req) except ValueError as err: res = FaaSResponse('400','invalid JSON {0}'.format(err)) print(json.dumps(vars(res))) @@ -67,7 +100,7 @@ def handle(req): # For debugging: validate the JSON blob we received - uncomment if needed # print(j) try: - ref = (j['managedObjectReference']) + ref = (body['data']['Vm']['Vm']) except KeyError as err: res = FaaSResponse('400','JSON does not contain ManagedObjectReference {0}'.format(err)) print(json.dumps(vars(res))) diff --git a/examples/python/tagging/stack.yml b/examples/python/tagging/stack.yml index 29b0160e..97a2c30f 100644 --- a/examples/python/tagging/stack.yml +++ b/examples/python/tagging/stack.yml @@ -5,11 +5,11 @@ functions: pytag-fn: lang: python3 handler: ./handler - image: embano1/pytag-fn:0.2 + image: vmware/veba-python-tagging:latest environment: write_debug: true read_debug: true secrets: - vcconfig annotations: - topic: vm.powered.on \ No newline at end of file + topic: VmPoweredOnEvent \ No newline at end of file From f8711282d76a7dd2a8e1d9e6faf1a7d189f970c6 Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 20 Feb 2020 12:38:56 -0800 Subject: [PATCH 10/34] Refactored Installation scripts, Pull Event Router Image + Remove vc-connector Signed-off-by: William Lam --- scripts/photon-cleanup.sh | 5 +++++ scripts/photon-containers.sh | 21 ++++++++++++++++++-- scripts/photon-openfaas.sh | 38 ------------------------------------ scripts/photon-settings.sh | 3 +++ 4 files changed, 27 insertions(+), 40 deletions(-) delete mode 100644 scripts/photon-openfaas.sh diff --git a/scripts/photon-cleanup.sh b/scripts/photon-cleanup.sh index 09470b3a..df9809c0 100644 --- a/scripts/photon-cleanup.sh +++ b/scripts/photon-cleanup.sh @@ -34,6 +34,11 @@ echo '> Setting random root password...' RANDOM_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;) echo "root:${RANDOM_PASSWORD}" | /usr/sbin/chpasswd +echo '> Disabling SSH ...' +systemctl disable sshd +systemctl stop sshd + +echo '> Clearing history ...' unset HISTFILE && history -c && rm -fr /root/.bash_history echo '> Done' diff --git a/scripts/photon-containers.sh b/scripts/photon-containers.sh index 2714a1aa..48b60793 100644 --- a/scripts/photon-containers.sh +++ b/scripts/photon-containers.sh @@ -23,7 +23,6 @@ embano1/tinywww:latest projectcontour/contour:v1.0.0-beta.1 openfaas/faas-netes:0.9.0 openfaas/gateway:0.17.4 -openfaas/vcenter-connector:0.4.0 openfaas/basic-auth-plugin:0.17.0 openfaas/queue-worker:0.8.0 openfaas/faas-idler:0.2.1 @@ -31,9 +30,27 @@ envoyproxy/envoy:v1.11.1 prom/prometheus:v2.11.0 prom/alertmanager:v0.18.0 nats-streaming:0.11.2 +vmware/veba-event-router:latest ) for i in ${CONTAINERS[@]}; do docker pull $i -done \ No newline at end of file +done + +mkdir -p /root/download && cd /root/download + +echo '> Downloading FaaS-Netes...' +git clone https://github.com/openfaas/faas-netes +cd faas-netes +git checkout 0.9.2 +sed -i 's/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g' yaml/*.yml +cd .. + +echo '> Downloading Contour...' +git clone https://github.com/projectcontour/contour.git +cd contour +git checkout v1.0.0-beta.1 +sed -i '/^---/i \ dnsPolicy: ClusterFirstWithHostNet\n hostNetwork: true' examples/contour/03-envoy.yaml +sed -i 's/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g' examples/contour/*.yaml +cd .. \ No newline at end of file diff --git a/scripts/photon-openfaas.sh b/scripts/photon-openfaas.sh deleted file mode 100644 index 5f9b9032..00000000 --- a/scripts/photon-openfaas.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -eux -# Copyright 2019 VMware, Inc. All rights reserved. -# SPDX-License-Identifier: BSD-2 - -mkdir -p /root/download && cd /root/download -echo '> Downloading FaaS-Netes...' -git clone https://github.com/openfaas/faas-netes -cd faas-netes -git checkout 0.9.2 -sed -i 's/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g' yaml/*.yml -cd .. - -echo '> Downloading OpenFaaS vCenter Connector...' -git clone https://github.com/openfaas-incubator/vcenter-connector -cd vcenter-connector -git checkout fefb5881ab2dfe05207f7f0b65c37ef5d1db34af -cd .. -mv vcenter-connector/yaml/kubernetes/connector-dep.yml vcenter-connector/yaml/kubernetes/connector-dep.yml.orig -cp vcenter-connector/yaml/kubernetes/connector-dep.yml.orig vcenter-connector/yaml/kubernetes/connector-dep.yml -sed -i '/image:.*/a \ imagePullPolicy: IfNotPresent' vcenter-connector/yaml/kubernetes/connector-dep.yml - -echo '> Downloading Contour...' -git clone https://github.com/projectcontour/contour.git -cd contour -git checkout v1.0.0-beta.1 -sed -i '/^---/i \ dnsPolicy: ClusterFirstWithHostNet\n hostNetwork: true' examples/contour/03-envoy.yaml -sed -i 's/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g' examples/contour/*.yaml -cd .. - -cat << EOF > /etc/issue -Welcome to the vCenter Event Broker Appliance - -Appliance Status: https://[hostname]/status -Install Logs: https://[hostname]/bootstrap -OpenFaaS UI: https://[hostname] - - -EOF diff --git a/scripts/photon-settings.sh b/scripts/photon-settings.sh index 44c2a2e2..93a48568 100644 --- a/scripts/photon-settings.sh +++ b/scripts/photon-settings.sh @@ -26,4 +26,7 @@ tdnf install -y \ tar \ kubernetes-kubeadm +echo '> Creating directory for setup scripts' +mkdir -p /root/setup + echo '> Done' From ec7977eed01f24a9f413254aae6c6c93aa5b7369 Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 20 Feb 2020 12:45:34 -0800 Subject: [PATCH 11/34] Updating VEBA Version in OVA build Signed-off-by: William Lam --- photon-version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/photon-version.json b/photon-version.json index 42758cab..a29c6476 100644 --- a/photon-version.json +++ b/photon-version.json @@ -1,5 +1,5 @@ { - "version": "0.2.0", + "version": "0.3.0", "description": "Photon Build for vCenter Event Broker Appliance", "vm_name": "vCenter_Event_Broker_Appliance", "iso_checksum": "93d0cde8da51f9208713d895b5b85b86980d2a72e710f55f0e65bc82c299dd9a7ebedc8f30d5f4d18c1a389c76a961e8a14b02416692204d31d77e1e4792f37d", From f37ee3c9d5371c437f96c3d755b3047c1cb4c83d Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 20 Feb 2020 12:47:39 -0800 Subject: [PATCH 12/34] Updated Packer build files to incoroprate refactored setup scripts, new OVF params, invalid Packer option + local test env Signed-off-by: William Lam --- photon-dev.json | 67 ++++++++++++++++++++++++++++++++++++------------- photon.json | 57 ++++++++++++++++++++++++++++++++--------- 2 files changed, 95 insertions(+), 29 deletions(-) diff --git a/photon-dev.json b/photon-dev.json index 80155667..e3720766 100644 --- a/photon-dev.json +++ b/photon-dev.json @@ -4,8 +4,8 @@ "ovftool_deploy_vcenter": "192.168.30.200", "ovftool_deploy_vcenter_username": "administrator@vsphere.local", "ovftool_deploy_vcenter_password": "VMware1!", - "ovftool_deploy_datacenter": "Datacenter", - "ovftool_deploy_cluster": "SuperMicro-Cluster", + "ovftool_deploy_datacenter": "Primp-Datacenter", + "ovftool_deploy_cluster": "Supermicro-Cluster", "ovftool_deploy_vm_name": "PACKER-TEST-vCenter_Event_Broker_Appliance", "ovftool_deploy_vm_hostname": "veba.primp-industries.com", "ovftool_deploy_vm_ip_address": "192.168.30.170", @@ -26,7 +26,8 @@ "ovftool_deploy_vm_vcenter_password": "VMware1!", "ovftool_deploy_vm_network": "VM Network", "ovftool_deploy_vm_datastore": "sm-vsanDatastore", - "ovftool_deploy_vm_pod_network_cidr": "10.100.0.0/20" + "ovftool_deploy_vm_pod_network_cidr": "10.100.0.0/20", + "ovftool_deploy_vm_event_processor_type": "OpenFaaS" }, "builders": [ { @@ -55,8 +56,6 @@ "ssh_username": "{{ user `guest_username` }}", "ssh_password": "{{ user `guest_password` }}", "ssh_port": 22, - "ssh_wait_timeout": "60m", - "format": "ovf", "shutdown_command": "/sbin/shutdown -h now", "shutdown_timeout": "1000s", @@ -87,13 +86,7 @@ "type": "shell", "pause_before": "20s", "scripts": [ - "scripts/photon-containers.sh" - ] - }, - { - "type": "shell", - "scripts": [ - "scripts/photon-openfaas.sh", + "scripts/photon-containers.sh", "scripts/photon-cleanup.sh" ] }, @@ -104,13 +97,53 @@ }, { "type": "file", - "source": "files/setup-banner.sh", - "destination": "/root/setup-banner.sh" + "source": "files/setup.sh", + "destination": "/root/setup/setup.sh" }, { "type": "file", - "source": "files/setup.sh", - "destination": "/root/setup.sh" + "source": "files/setup-01-os.sh", + "destination": "/root/setup/setup-01-os.sh" + }, + { + "type": "file", + "source": "files/setup-02-proxy.sh", + "destination": "/root/setup/setup-02-proxy.sh" + }, + { + "type": "file", + "source": "files/setup-03-network.sh", + "destination": "/root/setup/setup-03-network.sh" + }, + { + "type": "file", + "source": "files/setup-04-kubernetes.sh", + "destination": "/root/setup/setup-04-kubernetes.sh" + }, + { + "type": "file", + "source": "files/setup-05-event-processor.sh", + "destination": "/root/setup/setup-05-event-processor.sh" + }, + { + "type": "file", + "source": "files/setup-06-event-router.sh", + "destination": "/root/setup/setup-06-event-router.sh" + }, + { + "type": "file", + "source": "files/setup-07-tinywww.sh", + "destination": "/root/setup/setup-07-tinywww.sh" + }, + { + "type": "file", + "source": "files/setup-08-ingress.sh", + "destination": "/root/setup/setup-08-ingress.sh" + }, + { + "type": "file", + "source": "files/setup-09-banner.sh", + "destination": "/root/setup/setup-09-banner.sh" }, { "type": "file", @@ -140,7 +173,7 @@ { "type": "shell-local", "inline": [ - "ovftool --powerOn --name={{ user `ovftool_deploy_vm_name` }} --net:'VM Network={{ user `ovftool_deploy_vm_network` }}' --datastore={{ user `ovftool_deploy_vm_datastore` }} --prop:guestinfo.hostname={{ user `ovftool_deploy_vm_hostname` }} --prop:guestinfo.ipaddress={{ user `ovftool_deploy_vm_ip_address` }} --prop:guestinfo.netmask={{ user `ovftool_deploy_vm_prefix` }} --prop:guestinfo.gateway={{ user `ovftool_deploy_vm_gateway` }} --prop:guestinfo.dns={{ user `ovftool_deploy_vm_dns` }} --prop:guestinfo.domain={{ user `ovftool_deploy_vm_dns_domain` }} --prop:guestinfo.ntp={{ user `ovftool_deploy_vm_ntp` }} --prop:guestinfo.http_proxy={{ user `ovftool_deploy_vm_http_proxy` }} --prop:guestinfo.https_proxy={{ user `ovftool_deploy_vm_https_proxy` }} --prop:guestinfo.proxy_username={{ user `ovftool_deploy_vm_proxy_username` }} --prop:guestinfo.proxy_password={{ user `ovftool_deploy_vm_proxy_password` }} --prop:guestinfo.no_proxy={{ user `ovftool_deploy_vm_no_proxy` }} --prop:guestinfo.root_password={{ user `vm_ovftool_deploy_root_password` }} --prop:guestinfo.openfaas_password={{ user `ovftool_deploy_vm_openfaas_password` }} --prop:guestinfo.vcenter_server={{ user `ovftool_deploy_vm_vcenter_server` }} --prop:guestinfo.vcenter_username={{ user `ovftool_deploy_vm_vcenter_username` }} --prop:guestinfo.vcenter_password={{ user `ovftool_deploy_vm_vcenter_password` }} --prop:guestinfo.vcenter_disable_tls_verification=True --prop:guestinfo.pod_network_cidr={{ user `ovftool_deploy_vm_pod_network_cidr` }} --prop:guestinfo.debug=True output-vmware-iso/{{ user `vm_name` }}_{{user `version`}}.ova 'vi://{{ user `ovftool_deploy_vcenter_username` }}:{{ user `ovftool_deploy_vcenter_password` }}@{{ user `ovftool_deploy_vcenter` }}/{{ user `ovftool_deploy_datacenter` }}/host/{{ user `ovftool_deploy_cluster` }}/'" + "ovftool --powerOn --name={{ user `ovftool_deploy_vm_name` }} --net:'VM Network={{ user `ovftool_deploy_vm_network` }}' --datastore={{ user `ovftool_deploy_vm_datastore` }} --prop:guestinfo.hostname={{ user `ovftool_deploy_vm_hostname` }} --prop:guestinfo.ipaddress={{ user `ovftool_deploy_vm_ip_address` }} --prop:guestinfo.netmask={{ user `ovftool_deploy_vm_prefix` }} --prop:guestinfo.gateway={{ user `ovftool_deploy_vm_gateway` }} --prop:guestinfo.dns={{ user `ovftool_deploy_vm_dns` }} --prop:guestinfo.domain={{ user `ovftool_deploy_vm_dns_domain` }} --prop:guestinfo.ntp={{ user `ovftool_deploy_vm_ntp` }} --prop:guestinfo.http_proxy={{ user `ovftool_deploy_vm_http_proxy` }} --prop:guestinfo.https_proxy={{ user `ovftool_deploy_vm_https_proxy` }} --prop:guestinfo.proxy_username={{ user `ovftool_deploy_vm_proxy_username` }} --prop:guestinfo.proxy_password={{ user `ovftool_deploy_vm_proxy_password` }} --prop:guestinfo.no_proxy={{ user `ovftool_deploy_vm_no_proxy` }} --prop:guestinfo.root_password={{ user `vm_ovftool_deploy_root_password` }} --prop:guestinfo.event_processor_type={{ user `ovftool_deploy_vm_event_processor_type` }} --prop:guestinfo.openfaas_password={{ user `ovftool_deploy_vm_openfaas_password` }} --prop:guestinfo.vcenter_server={{ user `ovftool_deploy_vm_vcenter_server` }} --prop:guestinfo.vcenter_username={{ user `ovftool_deploy_vm_vcenter_username` }} --prop:guestinfo.vcenter_password={{ user `ovftool_deploy_vm_vcenter_password` }} --prop:guestinfo.vcenter_disable_tls_verification=True --prop:guestinfo.pod_network_cidr={{ user `ovftool_deploy_vm_pod_network_cidr` }} --prop:guestinfo.debug=True output-vmware-iso/{{ user `vm_name` }}_{{user `version`}}.ova 'vi://{{ user `ovftool_deploy_vcenter_username` }}:{{ user `ovftool_deploy_vcenter_password` }}@{{ user `ovftool_deploy_vcenter` }}/{{ user `ovftool_deploy_datacenter` }}/host/{{ user `ovftool_deploy_cluster` }}/'" ] }, { diff --git a/photon.json b/photon.json index e57b5044..fe86bf7a 100644 --- a/photon.json +++ b/photon.json @@ -32,7 +32,6 @@ "ssh_username": "{{ user `guest_username` }}", "ssh_password": "{{ user `guest_password` }}", "ssh_port": 22, - "ssh_wait_timeout": "60m", "format": "ovf", "shutdown_command": "/sbin/shutdown -h now", "shutdown_timeout": "1000s", @@ -62,13 +61,7 @@ "type": "shell", "pause_before": "20s", "scripts": [ - "scripts/photon-containers.sh" - ] - }, - { - "type": "shell", - "scripts": [ - "scripts/photon-openfaas.sh", + "scripts/photon-containers.sh", "scripts/photon-cleanup.sh" ] }, @@ -79,13 +72,53 @@ }, { "type": "file", - "source": "files/setup-banner.sh", - "destination": "/root/setup-banner.sh" + "source": "files/setup.sh", + "destination": "/root/setup/setup.sh" }, { "type": "file", - "source": "files/setup.sh", - "destination": "/root/setup.sh" + "source": "files/setup-01-os.sh", + "destination": "/root/setup/setup-01-os.sh" + }, + { + "type": "file", + "source": "files/setup-02-proxy.sh", + "destination": "/root/setup/setup-02-proxy.sh" + }, + { + "type": "file", + "source": "files/setup-03-network.sh", + "destination": "/root/setup/setup-03-network.sh" + }, + { + "type": "file", + "source": "files/setup-04-kubernetes.sh", + "destination": "/root/setup/setup-04-kubernetes.sh" + }, + { + "type": "file", + "source": "files/setup-05-event-processor.sh", + "destination": "/root/setup/setup-05-event-processor.sh" + }, + { + "type": "file", + "source": "files/setup-06-event-router.sh", + "destination": "/root/setup/setup-06-event-router.sh" + }, + { + "type": "file", + "source": "files/setup-07-tinywww.sh", + "destination": "/root/setup/setup-07-tinywww.sh" + }, + { + "type": "file", + "source": "files/setup-08-ingress.sh", + "destination": "/root/setup/setup-08-ingress.sh" + }, + { + "type": "file", + "source": "files/setup-09-banner.sh", + "destination": "/root/setup/setup-09-banner.sh" }, { "type": "file", From a47145b59a493ace05d31d9c3db0c843f46244db Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 20 Feb 2020 12:49:46 -0800 Subject: [PATCH 13/34] Reorganize OVF properties to incoroprate flexible Event Processors + Added support for Event Bridge Signed-off-by: William Lam --- manual/photon-dev.xml.template | 58 +++++++++++++++++++++++------- manual/photon.xml.template | 64 ++++++++++++++++++++++++++-------- 2 files changed, 95 insertions(+), 27 deletions(-) diff --git a/manual/photon-dev.xml.template b/manual/photon-dev.xml.template index bd9ab5bf..59813142 100644 --- a/manual/photon-dev.xml.template +++ b/manual/photon-dev.xml.template @@ -34,7 +34,7 @@ NTP Servers (space separated) - Proxy Settings (optional) + Proxy Settings (optional) Enter HTTP Proxy Server followed by the port and without typing "http://" before. Example: "proxy.provider.com:3128" @@ -55,16 +55,12 @@ No Proxy for e.g. your internal domain suffix. Comma separated (localhost, 127.0.0.1, domain.local) - Credentials + OS Credentials Password to login in as root. Please use a secure password - - - Password to login into OpenFaaS. Please use a secure password - - vSphere + vSphere IP Address or Hostname of vCenter Server @@ -81,14 +77,52 @@ Disable TLS Verification for vCenter Server (required for self-sign certificate) - zAdvanced - - - Customize POD CIDR Network (Default 10.99.0.0/20) + Event Processor Configuration + + + Choose either OpenFaaS (default) or AWS EventBridge and only fill in the configuration for the select event processor below + + OpenFaaS Configuration + + + Password to login into OpenFaaS. Please use a secure password + + + + Opaque string for applying advanced configurations for OpenFaaS Processor. For advanced use cases only, please see documentation for more details - zDebug + AWS EventBridge Configuration + + + A valid AWS Access Key to AWS EventBridge + + + + A valid AWS Access Secret to AWS EventBridge + + + + Name of the AWS Event Bus to use + + + + Region where Event Bus is running (e.g. us-west-2) + + + + ID of the Rule ARN created in AWS EventBridge + + + + Opaque string for applying advanced configurations for AWS EventBridge Processor. For advanced use cases only, please see documentation for more details + + zAdvanced Enable Debugging + + + Customize POD CIDR Network (Default 10.99.0.0/20) + diff --git a/manual/photon.xml.template b/manual/photon.xml.template index 655d45a4..8abc8aca 100644 --- a/manual/photon.xml.template +++ b/manual/photon.xml.template @@ -34,7 +34,7 @@ NTP Servers (space separated) - Proxy Settings (optional) + Proxy Settings (optional) Enter HTTP Proxy Server followed by the port and without typing "http://" before. Example: "proxy.provider.com:3128" @@ -55,25 +55,21 @@ No Proxy for e.g. your internal domain suffix. Comma separated (localhost, 127.0.0.1, domain.local) - Credentials + OS Credentials Password to login in as root. Please use a secure password - - - Password to login into OpenFaaS. Please use a secure password - - vSphere - + vSphere + IP Address or Hostname of vCenter Server - + Username to login to vCenter Server - + Password to login to vCenter Server @@ -81,14 +77,52 @@ Disable TLS Verification for vCenter Server (required for self-sign certificate) - zAdvanced - - - Customize POD CIDR Network (Default 10.99.0.0/20) + Event Processor Configuration + + + Choose either OpenFaaS (default) or AWS EventBridge and only fill in the configuration for the select event processor below + + OpenFaaS Configuration + + + Password to login into OpenFaaS. Please use a secure password + + + + Opaque string for applying advanced configurations for OpenFaaS Processor. For advanced use cases only, please see documentation for more details - zDebug + AWS EventBridge Configuration + + + A valid AWS Access Key to AWS EventBridge + + + + A valid AWS Access Secret to AWS EventBridge + + + + Name of the AWS Event Bus to use + + + + Region where Event Bus is running (e.g. us-west-2) + + + + ID of the Rule ARN created in AWS EventBridge + + + + Opaque string for applying advanced configurations for AWS EventBridge Processor. For advanced use cases only, please see documentation for more details + + zAdvanced Enable Debugging + + + Customize POD CIDR Network (Default 10.99.0.0/20) + From 0a7b24fde6d038930a43434f86c8501dcc97577d Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 20 Feb 2020 12:53:52 -0800 Subject: [PATCH 14/34] Run TinyWWW in VMware namespace Signed-off-by: William Lam --- files/tinywww-debug.yml | 4 ++-- files/tinywww.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/tinywww-debug.yml b/files/tinywww-debug.yml index 87179e25..f17562d4 100644 --- a/files/tinywww-debug.yml +++ b/files/tinywww-debug.yml @@ -4,7 +4,7 @@ metadata: labels: app: tinywww name: tinywww - namespace: openfaas + namespace: vmware spec: replicas: 1 selector: @@ -56,7 +56,7 @@ metadata: labels: app: tinywww name: tinywww - namespace: openfaas + namespace: vmware spec: ports: - port: 8100 diff --git a/files/tinywww.yml b/files/tinywww.yml index 8593b473..6b83b7bd 100644 --- a/files/tinywww.yml +++ b/files/tinywww.yml @@ -4,7 +4,7 @@ metadata: labels: app: tinywww name: tinywww - namespace: openfaas + namespace: vmware spec: replicas: 1 selector: @@ -56,7 +56,7 @@ metadata: labels: app: tinywww name: tinywww - namespace: openfaas + namespace: vmware spec: ports: - port: 8100 From 865c402cf59b28ee29c38a39b3001fc24ad3d47c Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 20 Feb 2020 12:56:11 -0800 Subject: [PATCH 15/34] Refactored setup.sh to just process OVF properties and introduce sub-setup scripts for configurations Signed-off-by: William Lam --- files/rc.local | 2 +- files/setup-01-os.sh | 10 + files/setup-02-proxy.sh | 50 +++++ files/setup-03-network.sh | 41 ++++ files/setup-04-kubernetes.sh | 44 ++++ files/setup-05-event-processor.sh | 100 +++++++++ files/setup-06-event-router.sh | 62 ++++++ files/setup-07-tinywww.sh | 13 ++ files/setup-08-ingress.sh | 106 ++++++++++ files/setup-09-banner.sh | 34 +++ files/setup-banner.sh | 11 - files/setup.sh | 333 ++++++------------------------ 12 files changed, 520 insertions(+), 286 deletions(-) create mode 100755 files/setup-01-os.sh create mode 100755 files/setup-02-proxy.sh create mode 100755 files/setup-03-network.sh create mode 100755 files/setup-04-kubernetes.sh create mode 100755 files/setup-05-event-processor.sh create mode 100755 files/setup-06-event-router.sh create mode 100755 files/setup-07-tinywww.sh create mode 100755 files/setup-08-ingress.sh create mode 100755 files/setup-09-banner.sh delete mode 100755 files/setup-banner.sh diff --git a/files/rc.local b/files/rc.local index f350c5e2..b9f9af94 100755 --- a/files/rc.local +++ b/files/rc.local @@ -5,5 +5,5 @@ if [ -e /root/ran_customization ]; then exit else - /root/setup.sh &> /var/log/bootstrap.log + /root/setup/setup.sh &> /var/log/bootstrap.log fi diff --git a/files/setup-01-os.sh b/files/setup-01-os.sh new file mode 100755 index 00000000..e72c3855 --- /dev/null +++ b/files/setup-01-os.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# OS Specific Settings where ordering does not matter + +set -euo pipefail + +echo -e "\e[92mConfiguring OS Root password ..." > /dev/console +echo "root:${ROOT_PASSWORD}" | /usr/sbin/chpasswd \ No newline at end of file diff --git a/files/setup-02-proxy.sh b/files/setup-02-proxy.sh new file mode 100755 index 00000000..7110b506 --- /dev/null +++ b/files/setup-02-proxy.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Setup Network Proxy for both OS and Docker + +set -euo pipefail + +if [ -n "${HTTP_PROXY}" ] || [ -n "${HTTPS_PROXY}" ]; then + PROXY_CONF=/etc/sysconfig/proxy + DOCKER_PROXY=/etc/systemd/system/docker.service.d + + echo -e "\e[92mConfiguring Proxy ..." > /dev/console + echo "PROXY_ENABLED=\"yes\"" > ${PROXY_CONF} + mkdir -p ${DOCKER_PROXY} + YES_CREDS=0 + if [ -n "${PROXY_USERNAME}" ] && [ -n "${PROXY_PASSWORD}" ]; then + YES_CREDS=1 + fi + + if [ ! -z "${NO_PROXY}" ]; then + echo "NO_PROXY=\"${NO_PROXY}\"" >> ${PROXY_CONF} + fi + + if [ ! -z "${HTTP_PROXY}" ]; then + if [ $YES_CREDS -eq 1 ]; then + HTTP_PROXY_URL="http://${PROXY_USERNAME}:${PROXY_PASSWORD}@${HTTP_PROXY}" + else + HTTP_PROXY_URL="http://${HTTP_PROXY}" + fi + echo "HTTP_PROXY=\"${HTTP_PROXY_URL}\"" >> ${PROXY_CONF} + cat > ${DOCKER_PROXY}/http-proxy.conf << __HTTP_DOCKER_PROXY__ +[Service] +Environment="HTTP_PROXY=${HTTP_PROXY_URL}" "NO_PROXY=${NO_PROXY}" +__HTTP_DOCKER_PROXY__ + fi + + if [ ! -z "${HTTPS_PROXY}" ]; then + if [ $YES_CREDS -eq 1 ]; then + HTTPS_PROXY_URL="https://${PROXY_USERNAME}:${PROXY_PASSWORD}@${HTTPS_PROXY}" + else + HTTPS_PROXY_URL="https://${HTTPS_PROXY}" + fi + echo "HTTPS_PROXY=\"${HTTPS_PROXY_URL}\"" >> ${PROXY_CONF} + cat > ${DOCKER_PROXY}/https-proxy.conf << __HTTPS_DOCKER_PROXY__ +[Service] +Environment="HTTPS_PROXY=${HTTPS_PROXY_URL}" "NO_PROXY=${NO_PROXY}" +__HTTPS_DOCKER_PROXY__ + fi +fi \ No newline at end of file diff --git a/files/setup-03-network.sh b/files/setup-03-network.sh new file mode 100755 index 00000000..3e3ee3be --- /dev/null +++ b/files/setup-03-network.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Setup Networking + +set -euo pipefail + +echo -e "\e[92mConfiguring Static IP Address ..." > /dev/console + +NETWORK_CONFIG_FILE=$(ls /etc/systemd/network | grep .network) +cat > /etc/systemd/network/${NETWORK_CONFIG_FILE} << __CUSTOMIZE_PHOTON__ +[Match] +Name=e* + +[Network] +Address=${IP_ADDRESS}/${NETMASK} +Gateway=${GATEWAY} +DNS=${DNS_SERVER} +Domain=${DNS_DOMAIN} +__CUSTOMIZE_PHOTON__ + +echo -e "\e[92mConfiguring NTP ..." > /dev/console +cat > /etc/systemd/timesyncd.conf << __CUSTOMIZE_PHOTON__ + +[Match] +Name=e* + +[Time] +NTP=${NTP_SERVER} +__CUSTOMIZE_PHOTON__ + +echo -e "\e[92mConfiguring hostname ..." > /dev/console +echo "${IP_ADDRESS} ${HOSTNAME}" >> /etc/hosts +hostnamectl set-hostname ${HOSTNAME} + +echo -e "\e[92mRestarting Network ..." > /dev/console +systemctl restart systemd-networkd + +echo -e "\e[92mRestarting Timesync ..." > /dev/console +systemctl restart systemd-timesyncd diff --git a/files/setup-04-kubernetes.sh b/files/setup-04-kubernetes.sh new file mode 100755 index 00000000..19d23591 --- /dev/null +++ b/files/setup-04-kubernetes.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Setup Docker and Kubernetes + +set -euo pipefail + +echo -e "\e[92mStarting Docker ..." > /dev/console +systemctl daemon-reload +systemctl start docker.service +systemctl enable docker.service + +echo -e "\e[92mDisabling/Stopping IP Tables ..." > /dev/console +systemctl stop iptables +systemctl disable iptables + +# Setup k8s +echo -e "\e[92mSetting up k8s ..." > /dev/console +HOME=/root +kubeadm init --ignore-preflight-errors SystemVerification --skip-token-print --config /root/kubeconfig.yml +mkdir -p $HOME/.kube +cp -i /etc/kubernetes/admin.conf $HOME/.kube/config +chown $(id -u):$(id -g) $HOME/.kube/config +echo -e "\e[92mDeloying kubeadm ..." > /dev/console + +# Customize the POD CIDR Network if provided or else default to 10.99.0.0/20 +if [ -z "${POD_NETWORK_CIDR}" ]; then + POD_NETWORK_CIDR="10.99.0.0/20" +fi + +sed -i "s#POD_NETWORK_CIDR#${POD_NETWORK_CIDR}#g" /root/weave.yaml + +kubectl --kubeconfig /root/.kube/config apply -f /root/weave.yaml +kubectl --kubeconfig /root/.kube/config taint nodes --all node-role.kubernetes.io/master- + +echo -e "\e[92mStarting k8s ..." > /dev/console +systemctl enable kubelet.service + +while [[ $(systemctl is-active kubelet.service) == "inactive" ]] +do + echo -e "\e[92mk8s service is still inactive, sleeping for 10secs" > /dev/console + sleep 10 +done \ No newline at end of file diff --git a/files/setup-05-event-processor.sh b/files/setup-05-event-processor.sh new file mode 100755 index 00000000..228f5cdc --- /dev/null +++ b/files/setup-05-event-processor.sh @@ -0,0 +1,100 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Setup Event Processor + +set -euo pipefail + +echo -e "\e[92mCreating VMware namespace ..." > /dev/console +kubectl --kubeconfig /root/.kube/config create namespace vmware + +kubectl --kubeconfig /root/.kube/config -n vmware create secret generic basic-auth \ + --from-literal=basic-auth-user=admin \ + --from-literal=basic-auth-password="${ROOT_PASSWORD}" + +# Setup Event Processor Configuration File +EVENT_ROUTER_CONFIG=/root/event-router-config.json + +if [ "${EVENT_PROCESSOR_TYPE}" == "AWS EventBridge" ]; then + echo -e "\e[92mSetting up AWS Event Bridge Processor ..." > /dev/console + cat > ${EVENT_ROUTER_CONFIG} << __AWS_EVENTBRIDGE_PROCESSOR__ +[{ + "type": "stream", + "provider": "vmware_vcenter", + "address": "https://${VCENTER_SERVER}/sdk", + "auth": { + "method": "user_password", + "secret": { + "username": "${VCENTER_USERNAME}", + "password": "${VCENTER_PASSWORD}" + } + }, + "options": { + "insecure": "${VCENTER_DISABLE_TLS}" + } +}, +{ + "type": "processor", + "provider": "aws_event_bridge", + "auth": { + "method": "access_key", + "secret": { + "aws_access_key_id": "${AWS_EVENTBRIDGE_ACCESS_KEY}", + "aws_secret_access_key": "${AWS_EVENTBRIDGE_ACCESS_SECRET}" + } + }, + "options": { + "aws_region": "${AWS_EVENTBRIDGE_REGION}", + "aws_eventbridge_event_bus": "${AWS_EVENTBRIDGE_EVENT_BUS}", + "aws_eventbridge_rule_arn": "${AWS_EVENTBRIDGE_RULE_ARN}" + } +} +] +__AWS_EVENTBRIDGE_PROCESSOR__ +else + # Setup OpenFaaS + echo -e "\e[92mSetting up OpenFaas Processor ..." > /dev/console + kubectl --kubeconfig /root/.kube/config create -f /root/download/faas-netes/namespaces.yml + + # Setup OpenFaaS Secret + kubectl --kubeconfig /root/.kube/config -n openfaas create secret generic basic-auth \ + --from-literal=basic-auth-user=admin \ + --from-literal=basic-auth-password="${ROOT_PASSWORD}" + + kubectl --kubeconfig /root/.kube/config create -f /root/download/faas-netes/yaml + + cat > ${EVENT_ROUTER_CONFIG} << __OPENFAAS_PROCESSOR__ +[{ + "type": "stream", + "provider": "vmware_vcenter", + "address": "https://${VCENTER_SERVER}/sdk", + "auth": { + "method": "user_password", + "secret": { + "username": "${VCENTER_USERNAME}", + "password": "${VCENTER_PASSWORD}" + } + }, + "options": { + "insecure": "${VCENTER_DISABLE_TLS}" + } +}, +{ + "type": "processor", + "provider": "openfaas", + "address": "http://gateway.openfaas:8080", + "auth": { + "method": "basic_auth", + "secret": { + "username": "admin", + "password": "${ROOT_PASSWORD}" + } + }, + "options": { + "async": "false" + } +} +] +__OPENFAAS_PROCESSOR__ +fi \ No newline at end of file diff --git a/files/setup-06-event-router.sh b/files/setup-06-event-router.sh new file mode 100755 index 00000000..743c0ea9 --- /dev/null +++ b/files/setup-06-event-router.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Setup VMware Event Router + +set -euo pipefail + +echo -e "\e[92mDeploying VMware Event Router ..." > /dev/console +kubectl --kubeconfig /root/.kube/config -n vmware create secret generic event-router-config --from-file=${EVENT_ROUTER_CONFIG} + +cat > /root/event-router-k8s.yaml << __EVENT_ROUTER_CONFIG +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: vmware-event-router + name: vmware-event-router +spec: + replicas: 1 + selector: + matchLabels: + app: vmware-event-router + template: + metadata: + labels: + app: vmware-event-router + spec: + containers: + - image: vmware/veba-event-router:latest + args: ["-config", "/etc/vmware-event-router/event-router-config.json", "-verbose"] + name: vmware-event-router + resources: + requests: + cpu: 200m + memory: 200Mi + volumeMounts: + - name: config + mountPath: /etc/vmware-event-router/ + readOnly: true + volumes: + - name: config + secret: + secretName: event-router-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: vmware-event-router + name: vmware-event-router +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: vmware-event-router + sessionAffinity: None +__EVENT_ROUTER_CONFIG + +kubectl --kubeconfig /root/.kube/config -n vmware create -f /root/event-router-k8s.yaml \ No newline at end of file diff --git a/files/setup-07-tinywww.sh b/files/setup-07-tinywww.sh new file mode 100755 index 00000000..bff3c0b9 --- /dev/null +++ b/files/setup-07-tinywww.sh @@ -0,0 +1,13 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Deploy TinyWWW Pod + +set -euo pipefail + +if [ ${VEBA_DEBUG} == "True" ]; then + kubectl --kubeconfig /root/.kube/config apply -f /root/tinywww-debug.yml +else + kubectl --kubeconfig /root/.kube/config apply -f /root/tinywww.yml +fi \ No newline at end of file diff --git a/files/setup-08-ingress.sh b/files/setup-08-ingress.sh new file mode 100755 index 00000000..55b25a91 --- /dev/null +++ b/files/setup-08-ingress.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Setup Contour / Ingress + +set -euo pipefail + +echo -e "\e[92mDeploying Contour ..." > /dev/console +kubectl --kubeconfig /root/.kube/config create -f /root/download/contour/examples/contour/ + +## Create SSL Certificate & Secret +KEY_FILE=/root/eventrouter.key +CERT_FILE=/root/eventrouter.crt +CN_NAME=$(hostname -f) +CERT_NAME=eventrouter-tls + +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${CN_NAME}/O=${CN_NAME}" + +kubectl --kubeconfig /root/.kube/config -n vmware create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE} + +# Deploy Ingress Route + +if [ "${EVENT_PROCESSOR_TYPE}" == "AWS EventBridge" ]; then + cat << EOF > /root/ingressroute-gateway.yaml +apiVersion: contour.heptio.com/v1beta1 +kind: IngressRoute +metadata: + labels: + app: vmware + name: event-router + namespace: vmware +spec: + virtualhost: + fqdn: ${HOSTNAME} + tls: + secretName: ${CERT_NAME} + minimumProtocolVersion: "1.2" + routes: + - match: /status + prefixRewrite: /status + services: + - name: tinywww + port: 8100 + - match: /bootstrap + prefixRewrite: /bootstrap + services: + - name: tinywww + port: 8100 + - match: /stats + prefixRewrite: /stats + services: + - name: vmware-event-router + port: 8080 +EOF +else + cat << EOF > /root/ingressroute-gateway.yaml +apiVersion: contour.heptio.com/v1beta1 +kind: IngressRoute +metadata: + labels: + app: vmware + name: event-router + namespace: vmware +spec: + virtualhost: + fqdn: ${HOSTNAME} + tls: + secretName: ${CERT_NAME} + minimumProtocolVersion: "1.2" + routes: + - match: /status + prefixRewrite: /status + services: + - name: tinywww + port: 8100 + - match: /bootstrap + prefixRewrite: /bootstrap + services: + - name: tinywww + port: 8100 + - match: /stats + prefixRewrite: /stats + services: + - name: vmware-event-router + port: 8080 + - match: / + delegate: + name: gateway + namespace: openfaas +--- +apiVersion: contour.heptio.com/v1beta1 +kind: IngressRoute +metadata: + name: gateway + namespace: openfaas +spec: + routes: + - match: / + services: + - name: gateway + port: 8080 +EOF +fi + +kubectl --kubeconfig /root/.kube/config create -f /root/ingressroute-gateway.yaml \ No newline at end of file diff --git a/files/setup-09-banner.sh b/files/setup-09-banner.sh new file mode 100755 index 00000000..e5e33b01 --- /dev/null +++ b/files/setup-09-banner.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright 2019 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Setup Login Banner + +set -euo pipefail + +echo -e "\e[92mCreating Login Banner ..." > /dev/console + +HOSTNAME=$(hostname -f) + +if [ "${EVENT_PROCESSOR_TYPE}" == "OpenFaaS" ]; then + cat << EOF > /etc/issue +Welcome to the vCenter Event Broker Appliance + +Appliance Status: https://${HOSTNAME}/status +Install Logs: https://${HOSTNAME}/bootstrap +Appliance Statistics: https://${HOSTNAME}/stats +OpenFaaS UI: https://${HOSTNAME} + +EOF +else + cat << EOF > /etc/issue +Welcome to the vCenter Event Broker Appliance + +Appliance Status: https://${HOSTNAME}/status +Install Logs: https://${HOSTNAME}/bootstrap +Appliance Statistics: https://${HOSTNAME}/stats + +EOF +fi + +/usr/sbin/agetty --reload \ No newline at end of file diff --git a/files/setup-banner.sh b/files/setup-banner.sh deleted file mode 100755 index 6eb4a172..00000000 --- a/files/setup-banner.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# Copyright 2019 VMware, Inc. All rights reserved. -# SPDX-License-Identifier: BSD-2 - -HOSTNAME_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.hostname") -HOSTNAME=$(echo "${HOSTNAME_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - -sed -i "s/\[IP\]/${HOSTNAME}/g" /etc/issue -PID=$(ps -ef | grep agetty | grep -v grep|awk '{print $2}') -kill -9 ${PID} -#systemctl restart getty@tty1 diff --git a/files/setup.sh b/files/setup.sh index e18a04a5..0532e9aa 100755 --- a/files/setup.sh +++ b/files/setup.sh @@ -2,298 +2,83 @@ # Copyright 2019 VMware, Inc. All rights reserved. # SPDX-License-Identifier: BSD-2 -# Bootstrap script to setup k8s, OpenFaaS & vCenter Connector - set -euo pipefail +# Extract all OVF Properties +VEBA_DEBUG=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.debug" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +HOSTNAME=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.hostname" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +IP_ADDRESS=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.ipaddress" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +NETMASK=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.netmask" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +GATEWAY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.gateway" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +DNS_SERVER=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.dns" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +DNS_DOMAIN=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.domain" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +NTP_SERVER=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.ntp" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +HTTP_PROXY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.http_proxy" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +HTTPS_PROXY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.https_proxy" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +PROXY_USERNAME=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.proxy_username" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +PROXY_PASSWORD=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.proxy_password" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +NO_PROXY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.no_proxy" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +ROOT_PASSWORD=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.root_password" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +VCENTER_SERVER=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_server" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +VCENTER_USERNAME=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_username" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +VCENTER_PASSWORD=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_password" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +VCENTER_DISABLE_TLS=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_disable_tls_verification" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}' | tr '[:upper:]' '[:lower:]') +EVENT_PROCESSOR_TYPE=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.event_processor_type" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +OPENFAAS_PASSWORD=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.openfaas_password" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +OPENFAAS_ADV_OPTION=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.openfaas_advanced_options" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +AWS_EVENTBRIDGE_ACCESS_KEY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_access_key" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +AWS_EVENTBRIDGE_ACCESS_SECRET=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_access_secret" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +AWS_EVENTBRIDGE_EVENT_BUS=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_event_bus" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +AWS_EVENTBRIDGE_REGION=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_region" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +AWS_EVENTBRIDGE_RULE_ARN=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_arn" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +AWS_EVENTBRIDGE_ADV_OPTION=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_arn" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +POD_NETWORK_CIDR=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.pod_network_cidr" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') + if [ -e /root/ran_customization ]; then exit else - NETWORK_CONFIG_FILE=$(ls /etc/systemd/network | grep .network) - - VEBA_DEBUG_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.debug") - VEBA_DEBUG=$(echo "${VEBA_DEBUG_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - VEBA_LOG_FILE=/var/log/bootstrap.log - if [ ${VEBA_DEBUG} == "True" ]; then - VEBA_LOG_FILE=/var/log/bootstrap-debug.log - set -x - exec 2> ${VEBA_LOG_FILE} - echo + VEBA_LOG_FILE=/var/log/bootstrap.log + if [ ${VEBA_DEBUG} == "True" ]; then + VEBA_LOG_FILE=/var/log/bootstrap-debug.log + set -x + exec 2>> ${VEBA_LOG_FILE} + echo echo "### WARNING -- DEBUG LOG CONTAINS ALL EXECUTED COMMANDS WHICH INCLUDES CREDENTIALS -- WARNING ###" echo "### WARNING -- PLEASE REMOVE CREDENTIALS BEFORE SHARING LOG -- WARNING ###" echo - fi - - HOSTNAME_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.hostname") - IP_ADDRESS_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.ipaddress") - NETMASK_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.netmask") - GATEWAY_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.gateway") - DNS_SERVER_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.dns") - DNS_DOMAIN_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.domain") - NTP_SERVER_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.ntp") - HTTP_PROXY_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.http_proxy") - HTTPS_PROXY_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.https_proxy") - PROXY_USERNAME_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.proxy_username") - PROXY_PASSWORD_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.proxy_password") - NO_PROXY_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.no_proxy") - ROOT_PASSWORD_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.root_password") - OPENFAAS_PASSWORD_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.openfaas_password") - VCENTER_SERVER_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_server") - VCENTER_USERNAME_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_username") - VCENTER_PASSWORD_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_password") - VCENTER_DISABLE_TLS_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.vcenter_disable_tls_verification") - POD_NETWORK_CIDR_PROPERTY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.pod_network_cidr") - - ######################### - ### Proxy Settings ### - ######################### - HTTP_PROXY=$(echo "${HTTP_PROXY_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - HTTPS_PROXY=$(echo "${HTTPS_PROXY_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - PROXY_USERNAME=$(echo "${PROXY_USERNAME_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - PROXY_PASSWORD=$(echo "${PROXY_PASSWORD_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - NO_PROXY=$(echo "${NO_PROXY_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - - if [ -n "${HTTP_PROXY}" ] || [ -n "${HTTPS_PROXY}" ]; then - PROXY_CONF=/etc/sysconfig/proxy - DOCKER_PROXY=/etc/systemd/system/docker.service.d - - echo -e "\e[92mConfiguring Proxy ..." > /dev/console - echo "PROXY_ENABLED=\"yes\"" > ${PROXY_CONF} - mkdir -p ${DOCKER_PROXY} - YES_CREDS=0 - if [ -n "${PROXY_USERNAME}" ] && [ -n "${PROXY_PASSWORD}" ]; then - YES_CREDS=1 - fi - - if [ ! -z "${NO_PROXY}" ]; then - echo "NO_PROXY=\"${NO_PROXY}\"" >> ${PROXY_CONF} - fi - - if [ ! -z "${HTTP_PROXY}" ]; then - if [ $YES_CREDS -eq 1 ]; then - HTTP_PROXY_URL="http://${PROXY_USERNAME}:${PROXY_PASSWORD}@${HTTP_PROXY}" - else - HTTP_PROXY_URL="http://${HTTP_PROXY}" - fi - echo "HTTP_PROXY=\"${HTTP_PROXY_URL}\"" >> ${PROXY_CONF} - cat > ${DOCKER_PROXY}/http-proxy.conf << __HTTP_DOCKER_PROXY__ -[Service] -Environment="HTTP_PROXY=${HTTP_PROXY_URL}" "NO_PROXY=${NO_PROXY}" -__HTTP_DOCKER_PROXY__ - fi - - if [ ! -z "${HTTPS_PROXY}" ]; then - if [ $YES_CREDS -eq 1 ]; then - HTTPS_PROXY_URL="https://${PROXY_USERNAME}:${PROXY_PASSWORD}@${HTTPS_PROXY}" - else - HTTPS_PROXY_URL="https://${HTTPS_PROXY}" - fi - echo "HTTPS_PROXY=\"${HTTPS_PROXY_URL}\"" >> ${PROXY_CONF} - cat > ${DOCKER_PROXY}/https-proxy.conf << __HTTPS_DOCKER_PROXY__ -[Service] -Environment="HTTPS_PROXY=${HTTPS_PROXY_URL}" "NO_PROXY=${NO_PROXY}" -__HTTPS_DOCKER_PROXY__ - fi - fi - - ################################## - ### No User Input, assume DHCP ### - ################################## - if [ -z "${HOSTNAME_PROPERTY}" ]; then - cat > /etc/systemd/network/${NETWORK_CONFIG_FILE} << __CUSTOMIZE_PHOTON__ -[Match] -Name=e* - -[Network] -DHCP=yes -IPv6AcceptRA=no -__CUSTOMIZE_PHOTON__ - ######################### - ### Static IP Address ### - ######################### - else - HOSTNAME=$(echo "${HOSTNAME_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - IP_ADDRESS=$(echo "${IP_ADDRESS_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - NETMASK=$(echo "${NETMASK_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - GATEWAY=$(echo "${GATEWAY_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - DNS_SERVER=$(echo "${DNS_SERVER_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - DNS_DOMAIN=$(echo "${DNS_DOMAIN_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - - echo -e "\e[92mConfiguring Static IP Address ..." > /dev/console - cat > /etc/systemd/network/${NETWORK_CONFIG_FILE} << __CUSTOMIZE_PHOTON__ -[Match] -Name=e* - -[Network] -Address=${IP_ADDRESS}/${NETMASK} -Gateway=${GATEWAY} -DNS=${DNS_SERVER} -Domain=${DNS_DOMAIN} -__CUSTOMIZE_PHOTON__ - ######################### - ### NTP Settings ### - ######################### - NTP_SERVER=$(echo "${NTP_SERVER_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - - echo -e "\e[92mConfiguring NTP ..." > /dev/console - cat > /etc/systemd/timesyncd.conf << __CUSTOMIZE_PHOTON__ - -[Match] -Name=e* - -[Time] -NTP=${NTP_SERVER} -__CUSTOMIZE_PHOTON__ - - echo -e "\e[92mConfiguring hostname ..." > /dev/console - hostnamectl set-hostname ${HOSTNAME} - echo "${IP_ADDRESS} ${HOSTNAME}" >> /etc/hosts - echo -e "\e[92mRestarting Network ..." > /dev/console - systemctl restart systemd-networkd - echo -e "\e[92mRestarting Timesync ..." > /dev/console - systemctl restart systemd-timesyncd - fi - - echo -e "\e[92mConfiguring root password ..." > /dev/console - ROOT_PASSWORD=$(echo "${ROOT_PASSWORD_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - echo "root:${ROOT_PASSWORD}" | /usr/sbin/chpasswd - - echo -e "\e[92mRetrieving vSphere & OpenFaaS Variables ..." > /dev/console - OPENFAAS_PASSWORD=$(echo "${OPENFAAS_PASSWORD_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - VCENTER_SERVER=$(echo "${VCENTER_SERVER_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - VCENTER_USERNAME=$(echo "${VCENTER_USERNAME_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - VCENTER_PASSWORD=$(echo "${VCENTER_PASSWORD_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - VCENTER_DISABLE_TLS=$(echo "${VCENTER_DISABLE_TLS_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - POD_NETWORK_CIDR=$(echo "${POD_NETWORK_CIDR_PROPERTY}" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') - - echo -e "\e[92mStarting Docker ..." > /dev/console - systemctl daemon-reload - systemctl start docker.service - systemctl enable docker.service - - echo -e "\e[92mDisabling/Stopping IP Tables ..." > /dev/console - systemctl stop iptables - systemctl disable iptables - - # Setup k8s - echo -e "\e[92mSetting up k8s ..." > /dev/console - HOME=/root - kubeadm init --ignore-preflight-errors SystemVerification --skip-token-print --config /root/kubeconfig.yml - mkdir -p $HOME/.kube - cp -i /etc/kubernetes/admin.conf $HOME/.kube/config - chown $(id -u):$(id -g) $HOME/.kube/config - echo -e "\e[92mDeloying kubeadm ..." > /dev/console - - # Customize the POD CIDR Network if provided or else default to 10.99.0.0/20 - if [ -z "${POD_NETWORK_CIDR}" ]; then - POD_NETWORK_CIDR="10.99.0.0/20" - fi - - sed -i "s#POD_NETWORK_CIDR#${POD_NETWORK_CIDR}#g" /root/weave.yaml - - kubectl --kubeconfig /root/.kube/config apply -f /root/weave.yaml - kubectl --kubeconfig /root/.kube/config taint nodes --all node-role.kubernetes.io/master- - echo -e "\e[92mStarting k8s ..." > /dev/console - systemctl enable kubelet.service - - while [[ $(systemctl is-active kubelet.service) == "inactive" ]] - do - echo -e "\e[92mk8s service is still inactive, sleeping for 10secs" > /dev/console - sleep 10 - done - - # Setup Contour - echo -e "\e[92mDeploying Contour ..." > /dev/console - kubectl --kubeconfig /root/.kube/config create -f /root/download/contour/examples/contour/ - - # Setup OpenFaaS - echo -e "\e[92mDeploying OpenFaas ..." > /dev/console - kubectl --kubeconfig /root/.kube/config create -f /root/download/faas-netes/namespaces.yml - - # Setup OpenFaaS Secret - kubectl --kubeconfig /root/.kube/config -n openfaas create secret generic basic-auth \ - --from-literal=basic-auth-user=admin \ - --from-literal=basic-auth-password="${OPENFAAS_PASSWORD}" - - kubectl --kubeconfig /root/.kube/config create -f /root/download/faas-netes/yaml - - ## Create SSL Certificate & Secret - KEY_FILE=/root/openfaas-gw.key - CERT_FILE=/root/openfaas-gw.crt - CN_NAME=$(hostname) - CERT_NAME=openfaas-gw-tls + fi - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${CN_NAME}/O=${CN_NAME}" + echo -e "\e[92mStarting Customization ..." > /dev/console - kubectl --kubeconfig /root/.kube/config -n openfaas create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE} + echo -e "\e[92mStarting OS Configuration ..." > /dev/console + . /root/setup/setup-01-os.sh - # Deploy Ingress Route Gateway - cat << EOF > /root/ingressroute-gateway.yaml -apiVersion: contour.heptio.com/v1beta1 -kind: IngressRoute -metadata: - labels: - app: openfaas - name: ingressroute-gateway - namespace: openfaas -spec: - virtualhost: - fqdn: ${HOSTNAME} - tls: - secretName: ${CERT_NAME} - minimumProtocolVersion: "1.2" - routes: - - match: /status - prefixRewrite: /status - services: - - name: tinywww - port: 8100 - - match: /bootstrap - prefixRewrite: /bootstrap - services: - - name: tinywww - port: 8100 - - match: / - services: - - name: gateway - port: 8080 -EOF + echo -e "\e[92mStarting Network Proxy Configuration ..." > /dev/console + . /root/setup/setup-02-proxy.sh - kubectl --kubeconfig /root/.kube/config create -f /root/ingressroute-gateway.yaml + echo -e "\e[92mStarting Network Configuration ..." > /dev/console + . /root/setup/setup-03-network.sh - # Setup OpenFaaS vCenter Connector - echo -e "\e[92mSetting up vCenter Connector ..." > /dev/console - sed -i "s/http:\/\/vcsim.openfaas:8989/${VCENTER_SERVER}/g" /root/download/vcenter-connector/yaml/kubernetes/connector-dep.yml + echo -e "\e[92mStarting Kubernetes Configuration ..." > /dev/console + . /root/setup/setup-04-kubernetes.sh - # Enable TLS verification for vCenter Server connection by default unless user specifies otherwise - if [ ${VCENTER_DISABLE_TLS} != "True" ] ;then - sed -i 's/"-insecure", //g' /root/download/vcenter-connector/yaml/kubernetes/connector-dep.yml - fi + echo -e "\e[92mStarting VMware Event Processor Configuration ..." > /dev/console + . /root/setup/setup-05-event-processor.sh - # Setup OpenFaaS vCenter Connector Secrets - kubectl --kubeconfig /root/.kube/config create secret generic vcenter-secrets \ - -n openfaas \ - --from-literal vcenter-username=${VCENTER_USERNAME} \ - --from-literal vcenter-password=${VCENTER_PASSWORD} + echo -e "\e[92mStarting VMware Event Router Configuration ..." > /dev/console + . /root/setup/setup-06-event-router.sh - echo -e "\e[92mDeploying vCenter Connector ..." > /dev/console - kubectl --kubeconfig /root/.kube/config -n openfaas create -f /root/download/vcenter-connector/yaml/kubernetes/connector-dep.yml + echo -e "\e[92mStarting TinyWWW Configuration ..." > /dev/console + . /root/setup/setup-07-tinywww.sh - # Deploy TinyWWW Pod - if [ ${VEBA_DEBUG} == "True" ]; then - kubectl --kubeconfig /root/.kube/config apply -f /root/tinywww-debug.yml - else - kubectl --kubeconfig /root/.kube/config apply -f /root/tinywww.yml - fi + echo -e "\e[92mStarting Ingress Router Configuration ..." > /dev/console + . /root/setup/setup-08-ingress.sh - # Ensure we don't run customization again - touch /root/ran_customization + echo -e "\e[92mStarting OS Banner Configuration ..."> /dev/console + . /root/setup/setup-09-banner.sh & - # Update /etc/issue with IP Address - echo -e "\e[92mUpdating the Login Banner ..." > /dev/console - /root/setup-banner.sh & + echo -e "\e[92mCustomization Completed ..." > /dev/console - # Disabling SSH - systemctl disable sshd - systemctl stop sshd + # Ensure we don't run customization again + touch /root/ran_customization fi \ No newline at end of file From c9be69e0f5e71cababe1c52e9a620b23d902a1a5 Mon Sep 17 00:00:00 2001 From: William Lam Date: Fri, 21 Feb 2020 10:22:34 -0800 Subject: [PATCH 16/34] Pull Event Router Image 1683830 + updated Event Router to include stats deployment Signed-off-by: William Lam --- files/setup-05-event-processor.sh | 142 +++++++++++++++++------------- scripts/photon-containers.sh | 2 +- 2 files changed, 84 insertions(+), 60 deletions(-) diff --git a/files/setup-05-event-processor.sh b/files/setup-05-event-processor.sh index 228f5cdc..86157053 100755 --- a/files/setup-05-event-processor.sh +++ b/files/setup-05-event-processor.sh @@ -20,36 +20,48 @@ if [ "${EVENT_PROCESSOR_TYPE}" == "AWS EventBridge" ]; then echo -e "\e[92mSetting up AWS Event Bridge Processor ..." > /dev/console cat > ${EVENT_ROUTER_CONFIG} << __AWS_EVENTBRIDGE_PROCESSOR__ [{ - "type": "stream", - "provider": "vmware_vcenter", - "address": "https://${VCENTER_SERVER}/sdk", - "auth": { - "method": "user_password", - "secret": { - "username": "${VCENTER_USERNAME}", - "password": "${VCENTER_PASSWORD}" - } - }, - "options": { - "insecure": "${VCENTER_DISABLE_TLS}" - } -}, -{ - "type": "processor", - "provider": "aws_event_bridge", - "auth": { - "method": "access_key", - "secret": { - "aws_access_key_id": "${AWS_EVENTBRIDGE_ACCESS_KEY}", - "aws_secret_access_key": "${AWS_EVENTBRIDGE_ACCESS_SECRET}" - } - }, - "options": { - "aws_region": "${AWS_EVENTBRIDGE_REGION}", - "aws_eventbridge_event_bus": "${AWS_EVENTBRIDGE_EVENT_BUS}", - "aws_eventbridge_rule_arn": "${AWS_EVENTBRIDGE_RULE_ARN}" - } -} + "type": "stream", + "provider": "vmware_vcenter", + "address": "https://${VCENTER_SERVER}/sdk", + "auth": { + "method": "user_password", + "secret": { + "username": "${VCENTER_USERNAME}", + "password": "${VCENTER_PASSWORD}" + } + }, + "options": { + "insecure": "${VCENTER_DISABLE_TLS}" + } + }, + { + "type": "processor", + "provider": "aws_event_bridge", + "auth": { + "method": "access_key", + "secret": { + "aws_access_key_id": "${AWS_EVENTBRIDGE_ACCESS_KEY}", + "aws_secret_access_key": "${AWS_EVENTBRIDGE_ACCESS_SECRET}" + } + }, + "options": { + "aws_region": "${AWS_EVENTBRIDGE_REGION}", + "aws_eventbridge_event_bus": "${AWS_EVENTBRIDGE_EVENT_BUS}", + "aws_eventbridge_rule_arn": "${AWS_EVENTBRIDGE_RULE_ARN}" + } + }, + { + "type": "metrics", + "provider": "internal", + "address": "0.0.0.0:8080", + "auth": { + "method": "basic_auth", + "secret": { + "username": "admin", + "password": "${ROOT_PASSWORD}" + } + } + } ] __AWS_EVENTBRIDGE_PROCESSOR__ else @@ -66,35 +78,47 @@ else cat > ${EVENT_ROUTER_CONFIG} << __OPENFAAS_PROCESSOR__ [{ - "type": "stream", - "provider": "vmware_vcenter", - "address": "https://${VCENTER_SERVER}/sdk", - "auth": { - "method": "user_password", - "secret": { - "username": "${VCENTER_USERNAME}", - "password": "${VCENTER_PASSWORD}" - } - }, - "options": { - "insecure": "${VCENTER_DISABLE_TLS}" - } -}, -{ - "type": "processor", - "provider": "openfaas", - "address": "http://gateway.openfaas:8080", - "auth": { - "method": "basic_auth", - "secret": { - "username": "admin", - "password": "${ROOT_PASSWORD}" - } - }, - "options": { - "async": "false" - } -} + "type": "stream", + "provider": "vmware_vcenter", + "address": "https://${VCENTER_SERVER}/sdk", + "auth": { + "method": "user_password", + "secret": { + "username": "${VCENTER_USERNAME}", + "password": "${VCENTER_PASSWORD}" + } + }, + "options": { + "insecure": "${VCENTER_DISABLE_TLS}" + } + }, + { + "type": "processor", + "provider": "openfaas", + "address": "http://gateway.openfaas:8080", + "auth": { + "method": "basic_auth", + "secret": { + "username": "admin", + "password": "${ROOT_PASSWORD}" + } + }, + "options": { + "async": "false" + } + }, + { + "type": "metrics", + "provider": "internal", + "address": "0.0.0.0:8080", + "auth": { + "method": "basic_auth", + "secret": { + "username": "admin", + "password": "${ROOT_PASSWORD}" + } + } + } ] __OPENFAAS_PROCESSOR__ fi \ No newline at end of file diff --git a/scripts/photon-containers.sh b/scripts/photon-containers.sh index 48b60793..0cf41748 100644 --- a/scripts/photon-containers.sh +++ b/scripts/photon-containers.sh @@ -30,7 +30,7 @@ envoyproxy/envoy:v1.11.1 prom/prometheus:v2.11.0 prom/alertmanager:v0.18.0 nats-streaming:0.11.2 -vmware/veba-event-router:latest +vmware/veba-event-router:1683830 ) for i in ${CONTAINERS[@]}; From 75e56d106f68f23a11f5003e6a69962297309b65 Mon Sep 17 00:00:00 2001 From: William Lam Date: Fri, 21 Feb 2020 13:23:11 -0800 Subject: [PATCH 17/34] Fix disabling SSH Signed-off-by: William Lam --- files/setup-01-os.sh | 3 +++ scripts/photon-cleanup.sh | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/files/setup-01-os.sh b/files/setup-01-os.sh index e72c3855..33a1547b 100755 --- a/files/setup-01-os.sh +++ b/files/setup-01-os.sh @@ -6,5 +6,8 @@ set -euo pipefail +systemctl disable sshd +systemctl stop sshd + echo -e "\e[92mConfiguring OS Root password ..." > /dev/console echo "root:${ROOT_PASSWORD}" | /usr/sbin/chpasswd \ No newline at end of file diff --git a/scripts/photon-cleanup.sh b/scripts/photon-cleanup.sh index df9809c0..e84da30c 100644 --- a/scripts/photon-cleanup.sh +++ b/scripts/photon-cleanup.sh @@ -34,10 +34,6 @@ echo '> Setting random root password...' RANDOM_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;) echo "root:${RANDOM_PASSWORD}" | /usr/sbin/chpasswd -echo '> Disabling SSH ...' -systemctl disable sshd -systemctl stop sshd - echo '> Clearing history ...' unset HISTFILE && history -c && rm -fr /root/.bash_history From 3a567532dbd798e9580f49522f4419fcf8d91bce Mon Sep 17 00:00:00 2001 From: William Lam Date: Sat, 22 Feb 2020 07:56:59 -0800 Subject: [PATCH 18/34] Updated functions to support v0.3 Signed-off-by: William Lam --- examples/README.md | 3 +- .../powercli/datastore-usage-email/README.md | 73 ++++++++++++++++++ .../datastore-usage-email/handler/script.ps1 | 54 +++++++++++++ .../stack.yml | 8 +- .../template/powercli/Dockerfile | 2 +- .../template/powercli/function/script.ps1 | 0 .../template/powercli/template.yml | 0 .../vc-datastore-config.json | 11 +++ examples/powercli/eventbridge/README.md | 59 --------------- .../eventbridge/eventbridge-secrets.json | 6 -- .../powercli/eventbridge/handler/script.ps1 | 32 -------- examples/powercli/hostmaint-alarms/README.md | 75 ++++++++++++++----- .../hostmaint-alarms/handler/script.ps1 | 8 +- examples/powercli/hostmaint-alarms/stack.yml | 14 ++-- ...vcconfig.json => vc-hostmaint-config.json} | 0 examples/powercli/hwchange-slack/README.md | 74 ++++++++++-------- .../hwchange-slack/handler/script.ps1 | 20 ++--- examples/powercli/hwchange-slack/stack.yml | 8 +- .../template/powercli/Dockerfile | 2 - .../{vcconfig.json => vc-slack-config.json} | 3 - examples/powercli/tagging/README.md | 47 ++++++++++-- examples/powercli/tagging/handler/script.ps1 | 10 +-- examples/powercli/tagging/stack.yml | 6 +- .../{vcconfig.json => vc-tag-config.json} | 0 examples/python/echo/README.md | 46 ++++++++++++ examples/python/echo/handler/echo.py | 10 +++ examples/python/echo/stack.yml | 14 ++++ 27 files changed, 383 insertions(+), 202 deletions(-) create mode 100644 examples/powercli/datastore-usage-email/README.md create mode 100644 examples/powercli/datastore-usage-email/handler/script.ps1 rename examples/powercli/{eventbridge => datastore-usage-email}/stack.yml (61%) rename examples/powercli/{eventbridge => datastore-usage-email}/template/powercli/Dockerfile (94%) rename examples/powercli/{eventbridge => datastore-usage-email}/template/powercli/function/script.ps1 (100%) rename examples/powercli/{eventbridge => datastore-usage-email}/template/powercli/template.yml (100%) create mode 100644 examples/powercli/datastore-usage-email/vc-datastore-config.json delete mode 100644 examples/powercli/eventbridge/README.md delete mode 100644 examples/powercli/eventbridge/eventbridge-secrets.json delete mode 100644 examples/powercli/eventbridge/handler/script.ps1 rename examples/powercli/hostmaint-alarms/{vcconfig.json => vc-hostmaint-config.json} (100%) rename examples/powercli/hwchange-slack/{vcconfig.json => vc-slack-config.json} (51%) rename examples/powercli/tagging/{vcconfig.json => vc-tag-config.json} (100%) create mode 100644 examples/python/echo/README.md create mode 100644 examples/python/echo/handler/echo.py create mode 100644 examples/python/echo/stack.yml diff --git a/examples/README.md b/examples/README.md index 898dd2d4..20fff5e8 100644 --- a/examples/README.md +++ b/examples/README.md @@ -10,4 +10,5 @@ This page lists ready to use functions curated by the vCenter Event Broker commu | Send VM Configuration Changes to Slack | | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples/powercli/hwchange-slack) | | Disable Alarms for Host Maintenance | | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples/powercli/hostmaint-alarms) | | ESX Maximum transmission unit fixer | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples/python/esx-mtu-fixer) | | -| AWS EventBridge | | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/development/examples/powercli/eventbridge) | \ No newline at end of file +| Datastore Usage Notification | | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples/powercli/datastore-usage-email) | +| Echo VEBA Event | [Link](https://github.com/vmware-samples/vcenter-event-broker-appliance/tree/master/examples/python/echo)| | \ No newline at end of file diff --git a/examples/powercli/datastore-usage-email/README.md b/examples/powercli/datastore-usage-email/README.md new file mode 100644 index 00000000..9b31ef38 --- /dev/null +++ b/examples/powercli/datastore-usage-email/README.md @@ -0,0 +1,73 @@ +# vSphere Datastore Usage Email Notification + +## Description + +This function demonstrates using PowerShell to send an email notification when warning/error threshold is reach for Datastore Usage Alarm in vSphere + +## Consume Function Instruction + +Step 1 - Update `stack.yml` and `vc-datastore-config.json` with your environment information + +Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance + +``` +VEBA_GATEWAY=https://veba.primp-industries.com +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify +``` + +Step 3 - Create function secret (only required once) + +``` +faas-cli secret create vc-datastore-config --from-file=vc-datastore-config.json --tls-no-verify +``` + +Step 4 - Deploy function to vCenter Event Broker Appliance + +``` +faas-cli deploy -f stack.yml --tls-no-verify +``` + +## Build Function Instruction + +Step 1 - Initialize function, only required during the first deployment + +``` +faas-cli template pull +``` + +Step 2 - Update `stack.yml` and `vc-datastore-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. + +Step 3 - Build the function container + +``` +faas-cli build -f stack.yml +``` + +Step 4 - Push the function container to Docker Registry (default but can be changed to internal registry) + +``` +faas-cli push -f stack.yml +``` + +Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance + +``` +VEBA_GATEWAY=https://veba.primp-industries.com +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify +``` + +Step 6 - Create function secret (only required once) + +``` +faas-cli secret create vc-datastore-config --from-file=vc-datastore-config.json --tls-no-verify +``` + +Step 7 - Deploy function to vCenter Event Broker Appliance + +``` +faas-cli deploy -f stack.yml --tls-no-verify +``` \ No newline at end of file diff --git a/examples/powercli/datastore-usage-email/handler/script.ps1 b/examples/powercli/datastore-usage-email/handler/script.ps1 new file mode 100644 index 00000000..f1695acc --- /dev/null +++ b/examples/powercli/datastore-usage-email/handler/script.ps1 @@ -0,0 +1,54 @@ +# Process function Secrets passed in +$VC_CONFIG_FILE = "/var/openfaas/secrets/vc-datastore-config" +$VC_CONFIG = (Get-Content -Raw -Path $VC_CONFIG_FILE | ConvertFrom-Json) +if($env:function_debug -eq "true") { + Write-host "DEBUG: `"$VC_CONFIG`"" +} + +# Process payload sent from vCenter Server Event +$json = $args | ConvertFrom-Json +if($env:function_debug -eq "true") { + Write-Host "DEBUG: json=`"$($json | Format-List | Out-String)`"" +} + +$alarmName = ($json.data.alarm.name -replace "\n"," ") +$datastoreName = $json.data.ds.name +$alarmStatus = $json.data.to +$vcenter = ($json.source -replace "/sdk","") +$datacenter = $json.data.datacenter.name + +if($env:function_debug -eq "true") { + Write-Host "DEBUG: alarmName: `"$alarmName`"" + Write-host "DEBUG: datastoreName: `"$datastoreName`"" + Write-Host "DEBUG: alarmStatus: `"$alarmStatus`"" + Write-Host "DEBUG: vcenter: `"$vcenter`"" +} + +if( ("$alarmName" -match "$($VC_CONFIG.VC_ALARM_NAME)") -and ([bool]($VC_CONFIG.DATASTORE_NAMES -match "$datastoreName")) -and ($alarmStatus -eq "yellow" -or $alarmStatus -eq "red") ) { + + # Warning Email Body + if($alarmStatus -eq "yellow") { + $subject = "⚠️ $($VC_CONFIG.EMAIL_SUBJECT) ⚠️ " + $threshold = "warning" + } elseif($alarmStatus -eq "red") { + $subject = "☢️ $($VC_CONFIG.EMAIL_SUBJECT) ☢️ " + $threshold = "error" + } + + $Body = @" + $alarmName $datastoreName has reached $threshold threshold + + Please login to your VMware Cloud on AWS environment and ensure that everything is operating as expected. + + vCenter Server: $vcenter + Datacenter: $datacenter + Datastore: $datastoreName + +"@ + + $password = ConvertTo-SecureString "$($VC_CONFIG.SMTP_PASSWORD)" -AsPlainText -Force + $credential = New-Object System.Management.Automation.PSCredential($($VC_CONFIG.SMTP_USERNAME), $password) + + Send-MailMessage -From $($VC_CONFIG.EMAIL_FROM) -to $($VC_CONFIG.EMAIL_TO) -Subject $Subject -Body $Body -SmtpServer $($VC_CONFIG.SMTP_SERVER) -port $($VC_CONFIG.SMTP_PORT) -UseSsl -Credential $credential -Encoding UTF32 +} + diff --git a/examples/powercli/eventbridge/stack.yml b/examples/powercli/datastore-usage-email/stack.yml similarity index 61% rename from examples/powercli/eventbridge/stack.yml rename to examples/powercli/datastore-usage-email/stack.yml index 9e382fa9..7596b250 100644 --- a/examples/powercli/eventbridge/stack.yml +++ b/examples/powercli/datastore-usage-email/stack.yml @@ -2,15 +2,15 @@ provider: name: openfaas gateway: https://veba.primp-industries.com functions: - powershell-eventbridge: + powershell-datastore-usage: lang: powercli handler: ./handler - image: lamw/powershell-eventbridge:latest + image: vmware/veba-powercli-datastore-notification:latest environment: write_debug: true read_debug: true function_debug: false secrets: - - eventbridge-secrets + - vc-datastore-config annotations: - topic: vm.removed + topic: AlarmStatusChangedEvent diff --git a/examples/powercli/eventbridge/template/powercli/Dockerfile b/examples/powercli/datastore-usage-email/template/powercli/Dockerfile similarity index 94% rename from examples/powercli/eventbridge/template/powercli/Dockerfile rename to examples/powercli/datastore-usage-email/template/powercli/Dockerfile index a6659433..040ccaf8 100644 --- a/examples/powercli/eventbridge/template/powercli/Dockerfile +++ b/examples/powercli/datastore-usage-email/template/powercli/Dockerfile @@ -1,4 +1,4 @@ -FROM lamw/powercli-eventbridge +FROM vmware/powerclicore:latest RUN mkdir -p /home/app USER root diff --git a/examples/powercli/eventbridge/template/powercli/function/script.ps1 b/examples/powercli/datastore-usage-email/template/powercli/function/script.ps1 similarity index 100% rename from examples/powercli/eventbridge/template/powercli/function/script.ps1 rename to examples/powercli/datastore-usage-email/template/powercli/function/script.ps1 diff --git a/examples/powercli/eventbridge/template/powercli/template.yml b/examples/powercli/datastore-usage-email/template/powercli/template.yml similarity index 100% rename from examples/powercli/eventbridge/template/powercli/template.yml rename to examples/powercli/datastore-usage-email/template/powercli/template.yml diff --git a/examples/powercli/datastore-usage-email/vc-datastore-config.json b/examples/powercli/datastore-usage-email/vc-datastore-config.json new file mode 100644 index 00000000..5044f263 --- /dev/null +++ b/examples/powercli/datastore-usage-email/vc-datastore-config.json @@ -0,0 +1,11 @@ +{ + "VC_ALARM_NAME" : "Datastore usage on disk", + "DATASTORE_NAMES" : ["e200-8d-local-datastore", "datastore1", "WorkloadDatastore"], + "SMTP_SERVER" : "smtp.gmail.com", + "SMTP_PORT" : "587", + "SMTP_USERNAME" : "email@primp-industries.com", + "SMTP_PASSWORD" : "FILE-ME-IN-PLEASE", + "EMAIL_SUBJECT" : "[VMC Datastore Notification Alarm]", + "EMAIL_TO": ["admins@primp-industries.com"], + "EMAIL_FROM" : "vmc-notification-do-not-reply@primp-industries.com" +} diff --git a/examples/powercli/eventbridge/README.md b/examples/powercli/eventbridge/README.md deleted file mode 100644 index 01a9d73a..00000000 --- a/examples/powercli/eventbridge/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# AWS EventBridge Function - -## Description - -This function demonstrates using PowerShell and the EventBridge cmdlets to forward a vCenter Server Event to AWS EventBridge - -## Prerequisites - -* Already created custom [EventBridge Bus](https://docs.aws.amazon.com/eventbridge/latest/userguide/create-event-bus.html) and [EventBridge Rule](https://docs.aws.amazon.com/eventbridge/latest/userguide/create-rule-partner-events.html) -* AWS Secret and Access Key with `AmazonEventBridgeFullAccess` policy - -## Instruction Consuming Function - -Step 1 - Initialize function, only required during the first deployment - -``` -faas-cli template pull -``` - -Step 2 - Update `stack.yml` and `eventbridge-secrets.json` with your environment information - -**Note:** If you are building your own function, you will need to update the `image:` property in the stack.yaml to point to your own Dockerhub account and Docker Image (e.g. `/`) - -Step 3 - Deploy function to vCenter Event Broker Appliance - -``` -VEBA_GATEWAY=https://veba.primp-industries.com -export OPENFAAS_URL=${VEBA_GATEWAY} # this is handy so you don't have to keep specifying OpenFaaS endpoint in command-line - -faas-cli login --username admin --password-stdin --tls-no-verify # login with your admin password -faas-cli secret create eventbridge-secrets --from-file=eventbridge-secrets.json --tls-no-verify # create secret, only required once -faas-cli deploy -f stack.yml --tls-no-verify -``` - -Step 4 - To remove the function and secret from vCenter Event Broker Appliance - -``` -VEBA_GATEWAY=https://veba.primp-industries.com -export OPENFAAS_URL=${VEBA_GATEWAY} # this is handy so you don't have to keep specifying OpenFaaS endpoint in command-line - -faas-cli remove -f stack.yml --tls-no-verify -faas-cli secret remove eventbridge-secrets --tls-no-verify -``` - -## Instruction Building Function - -Follow Step 1 from above and then any changes made to your function, you will need to run these additional two steps before proceeding to Step 2 from above. - -Step 1 - Build the function container - -``` -faas-cli build -f stack.yml -``` - -Step 2 - Push the function container to Docker Registry (default but can be changed to internal registry) - -``` -faas-cli push -f stack.yml -``` diff --git a/examples/powercli/eventbridge/eventbridge-secrets.json b/examples/powercli/eventbridge/eventbridge-secrets.json deleted file mode 100644 index 136031f7..00000000 --- a/examples/powercli/eventbridge/eventbridge-secrets.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "AWS_REGION" : "us-west-2", - "AWS_ACCESS_KEY" : "XXXXXXXXXX", - "AWS_SECRET_KEY" : "XXXXXXXXXX", - "AWS_EVENTBRIDGE_BUS" : "VMware-VMC" -} diff --git a/examples/powercli/eventbridge/handler/script.ps1 b/examples/powercli/eventbridge/handler/script.ps1 deleted file mode 100644 index 1611154e..00000000 --- a/examples/powercli/eventbridge/handler/script.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -# Process function Secrets passed in -$SECRETS_FILE = "/var/openfaas/secrets/eventbridge-secrets" -$SECRETS_CONFIG = (Get-Content -Raw -Path $SECRETS_FILE | ConvertFrom-Json) - -# Process payload sent from vCenter Server Event -$json = $args | ConvertFrom-Json -if($env:function_debug -eq "true") { - Write-Host "DEBUG: json=`"$($json | Format-List | Out-String)`"" -} - -Import-Module AWS.Tools.EventBridge - -$details = [pscustomobject] @{ - CreatedTime = $json.CreatedTime; - UserName = $json.UserName; - VMName = $json.objectName; -} - -$data = ($details | convertTo-Json).toString() - -$payload = New-Object Amazon.EventBridge.Model.PutEventsRequestEntry -$payload.EventBusName = $SECRETS_CONFIG.AWS_EVENTBRIDGE_BUS -$payload.Source = $json.source -$payload.Detail = $data -$payload.DetailType = $json.topic - -if($env:function_debug -eq "true") { - Write-Host "DEBUG: payload=`"$($payload | Format-List | Out-String)`"" -} - -Write-Host "Publishing custom event to EventBridge Bus ..." -Write-EVBEvent -Entry @($payload) -AccessKey $SECRETS_CONFIG.AWS_ACCESS_KEY -SecretKey $SECRETS_CONFIG.AWS_SECRET_KEY -Region $SECRETS_CONFIG.AWS_REGION diff --git a/examples/powercli/hostmaint-alarms/README.md b/examples/powercli/hostmaint-alarms/README.md index bb26128d..f049353a 100644 --- a/examples/powercli/hostmaint-alarms/README.md +++ b/examples/powercli/hostmaint-alarms/README.md @@ -5,29 +5,70 @@ This example will disable alarm actions on a host while it is in maintenance mode. It deploys two functions that use the same PowerCLI script. The first function subscribes to the `entered.maintenance.mode` event to run when a host is put into maintenance mode and disable alarms. The second function subscribes to the `exit.maintenance.mode` event to re-enable alarms when the host exits maintenance mode. There is an accompanying blog post with more details: [Automate Host Maintenance with the vCenter Event Broker Appliance ](https://doogleit.github.io/2019/11/automate-host-maintenance-with-the-vcenter-event-broker-appliance/) -## Deployment +## Consume Function Instruction -1. Update the vcconfig.json file with your vCenter information and create the secret. If you already have this secret created from one of the other PowerCLI examples you can skip this step. +Step 1 - Update `stack.yml` and `vc-hostmaint-config.json` with your environment information + +Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance -```json -{ - "VC" : "vcenter-hostname", - "VC_USERNAME" : "veba@vsphere.local", - "VC_PASSWORD" : "FillMeIn" -} ``` -```shell -faas-cli secret create vcconfig --from-file=vcconfig.json --tls-no-verify +VEBA_GATEWAY=https://veba.primp-industries.com +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify ``` -2. Update the gateway in the stack.yml file with your vCenter Event Broker Appliance address and deploy the functions. -```yaml -provider: - name: openfaas - gateway: https://veba.yourdomain.com -... +Step 3 - Create function secret (only required once) + +``` +faas-cli secret create vc-hostmaint-config --from-file=vc-hostmaint-config.json --tls-no-verify +``` + +Step 4 - Deploy function to vCenter Event Broker Appliance + ``` -```shell faas-cli deploy -f stack.yml --tls-no-verify ``` +## Build Function Instruction + +Step 1 - Initialize function, only required during the first deployment + +``` +faas-cli template pull +``` + +Step 2 - Update `stack.yml` and `vc-hostmaint-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. + +Step 3 - Build the function container + +``` +faas-cli build -f stack.yml +``` + +Step 4 - Push the function container to Docker Registry (default but can be changed to internal registry) + +``` +faas-cli push -f stack.yml +``` + +Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance + +``` +VEBA_GATEWAY=https://veba.primp-industries.com +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify +``` + +Step 6 - Create function secret (only required once) + +``` +faas-cli secret create vc-hostmaint-config --from-file=vc-hostmaint-config.json --tls-no-verify +``` + +Step 7 - Deploy function to vCenter Event Broker Appliance + +``` +faas-cli deploy -f stack.yml --tls-no-verify +``` \ No newline at end of file diff --git a/examples/powercli/hostmaint-alarms/handler/script.ps1 b/examples/powercli/hostmaint-alarms/handler/script.ps1 index 3195141e..85429511 100644 --- a/examples/powercli/hostmaint-alarms/handler/script.ps1 +++ b/examples/powercli/hostmaint-alarms/handler/script.ps1 @@ -1,5 +1,5 @@ # Process function Secrets passed in -$VC_CONFIG_FILE = "/var/openfaas/secrets/vcconfig" +$VC_CONFIG_FILE = "/var/openfaas/secrets/vc-hostmaint-config" $VC_CONFIG = (Get-Content -Raw -Path $VC_CONFIG_FILE | ConvertFrom-Json) if($env:function_debug -eq "true") { Write-host "DEBUG: `"$VC_CONFIG`"" @@ -8,11 +8,11 @@ if($env:function_debug -eq "true") { # Process payload sent from vCenter Server Event $json = $args | ConvertFrom-Json if($env:function_debug -eq "true") { - Write-Host "DEBUG: `"$json`"" + Write-Host "DEBUG: json=`"$($json | Format-List | Out-String)`"" } -$eventObjectName = $json.objectName -$managedObjectReference = $json.managedObjectReference +$eventObjectName = $json.data.host.name +$managedObjectReference = $json.data.host.type Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -DisplayDeprecationWarnings $false -ParticipateInCeip $false -Confirm:$false | Out-Null diff --git a/examples/powercli/hostmaint-alarms/stack.yml b/examples/powercli/hostmaint-alarms/stack.yml index aba537b3..84b8b263 100644 --- a/examples/powercli/hostmaint-alarms/stack.yml +++ b/examples/powercli/hostmaint-alarms/stack.yml @@ -1,29 +1,29 @@ version: 1.0 provider: name: openfaas - gateway: https://veba.yourdomain.com + gateway: https://veba.primp-industries.com functions: powercli-entermaint: lang: powercli handler: ./handler - image: doogleit/powercli-hostmaint:latest + image: vmware/veba-powercli-esx-maintenance:latest environment: write_debug: true read_debug: true function_debug: false secrets: - - vcconfig + - vc-hostmaint-config annotations: - topic: entered.maintenance.mode + topic: EnteredMaintenanceModeEvent powercli-exitmaint: lang: powercli handler: ./handler - image: doogleit/powercli-hostmaint:latest + image: vmware/veba-powercli-esx-maintenance:latest environment: write_debug: true read_debug: true function_debug: false secrets: - - vcconfig + - vc-hostmaint-config annotations: - topic: exit.maintenance.mode \ No newline at end of file + topic: ExitMaintenanceModeEvent \ No newline at end of file diff --git a/examples/powercli/hostmaint-alarms/vcconfig.json b/examples/powercli/hostmaint-alarms/vc-hostmaint-config.json similarity index 100% rename from examples/powercli/hostmaint-alarms/vcconfig.json rename to examples/powercli/hostmaint-alarms/vc-hostmaint-config.json diff --git a/examples/powercli/hwchange-slack/README.md b/examples/powercli/hwchange-slack/README.md index 2257f573..8fabc890 100644 --- a/examples/powercli/hwchange-slack/README.md +++ b/examples/powercli/hwchange-slack/README.md @@ -9,48 +9,46 @@ There is a blog post covering this example in detail: [Audit VM configuration ch The custom PowerShell template for OpenFaaS is using [PSSlack](https://github.com/RamblingCookieMonster/PSSlack) -## Instruction +## Consume Function Instruction Step 1 - Setup Slack Make sure to create a channel for the notifications and a [Slack webhook](https://my.slack.com/services/new/incoming-webhook/). -Step 2 - Update `stack.yml` and `vcconfig.json` with your enviornment information +Step 2 - Update `stack.yml` and `vc-slack-config.json` with your environment information -`stack.yml` **lines: gateway, image** +Step 3 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` -provider: - name: openfaas - gateway: https://veba.mynetwork.local -functions: - powercli-reconfigure: - lang: powercli - handler: ./handler - image: opvizorpa/powercli-slack:latest - environment: - write_debug: true - read_debug: true - function_debug: false - secrets: - - vcconfig - annotations: - topic: vm.reconfigured - ``` +VEBA_GATEWAY=https://veba.primp-industries.com +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify +``` -`vcconfig.json` +Step 4 - Create function secret (only required once) ``` -{ - "VC" : "my-vCenter", - "VC_USERNAME" : "user@vsphere.local", - "VC_PASSWORD" : "userpassword", - "SLACK_URL" : "https://my.slack.com/services/new/incoming-webhook/", - "SLACK_CHANNEL" : "vcevent" -} +faas-cli secret create vc-slack-config --from-file=vc-slack-config.json --tls-no-verify ``` +Step 5 - Deploy function to vCenter Event Broker Appliance + +``` +faas-cli deploy -f stack.yml --tls-no-verify +``` + +## Build Function Instruction + +Step 1 - Initialize function, only required during the first deployment + +``` +faas-cli template pull +``` + +Step 2 - Update `stack.yml` and `vc-slack-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. + Step 3 - Build the function container ``` @@ -63,13 +61,23 @@ Step 4 - Push the function container to Docker Registry (default but can be chan faas-cli push -f stack.yml ``` -Step 5 - Deploy function to vCenter Event Broker Appliance +Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com -export OPENFAAS_URL=${VEBA_GATEWAY} # this is handy so you don't have to keep specifying OpenFaaS endpoint in command-line +export OPENFAAS_URL=${VEBA_GATEWAY} -faas-cli login --username admin --password-stdin --tls-no-verify # login with your admin password -faas-cli secret create vcconfig --from-file=vcconfig.json --tls-no-verify # create secret, only required once -faas-cli deploy -f stack.yml --tls-no-verify +faas-cli login --username admin --password-stdin --tls-no-verify +``` + +Step 6 - Create function secret (only required once) +``` +faas-cli secret create vc-slack-config --from-file=vc-slack-config.json --tls-no-verify +``` + +Step 7 - Deploy function to vCenter Event Broker Appliance + +``` +faas-cli deploy -f stack.yml --tls-no-verify +``` \ No newline at end of file diff --git a/examples/powercli/hwchange-slack/handler/script.ps1 b/examples/powercli/hwchange-slack/handler/script.ps1 index 6ab0ac16..5bc2f607 100644 --- a/examples/powercli/hwchange-slack/handler/script.ps1 +++ b/examples/powercli/hwchange-slack/handler/script.ps1 @@ -1,5 +1,5 @@ # Process function Secrets passed in -$VC_CONFIG_FILE = "/var/openfaas/secrets/vcconfig" +$VC_CONFIG_FILE = "/var/openfaas/secrets/vc-slack-config" $VC_CONFIG = (Get-Content -Raw -Path $VC_CONFIG_FILE | ConvertFrom-Json) if($env:function_debug -eq "true") { Write-host "DEBUG: `"$VC_CONFIG`"" @@ -8,29 +8,22 @@ if($env:function_debug -eq "true") { # Process payload sent from vCenter Server Event $json = $args | ConvertFrom-Json if($env:function_debug -eq "true") { - Write-Host "DEBUG: `"$json`"" + Write-Host "DEBUG: json=`"$($json | Format-List | Out-String)`"" } -$eventObjectName = $json.objectName +$vmName = $json.data.vm.name # import and configure Slack Import-Module PSSlack | Out-Null - -Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -DisplayDeprecationWarnings $false -ParticipateInCeip $false -Confirm:$false | Out-Null - -# Connect to vCenter Server -Write-Host "Connecting to vCenter Server ..." -Connect-VIServer -Server $($VC_CONFIG.VC) -User $($VC_CONFIG.VC_USERNAME) -Password $($VC_CONFIG.VC_PASSWORD) - # Retrieve VM changes -$Message = (Get-VM $eventObjectName | Get-ViEvent -MaxSamples 1).FullFormattedMessage +$Message = $json.data.FullFormattedMessage # Bold format for titles [string]$Message = $Message -replace "Modified","*Modified*" -replace "Added","*Added*" -replace "Deleted","*Deleted*" # Send VM changes -Write-Host "Detected change to $eventObjectName ..." +Write-Host "Detected change to $vmName ..." New-SlackMessageAttachment -Color $([System.Drawing.Color]::red) ` -Title 'VM Change detected' ` @@ -40,6 +33,3 @@ New-SlackMessageAttachment -Color $([System.Drawing.Color]::red) ` -IconEmoji :fire: | Send-SlackMessage -Uri $($VC_CONFIG.SLACK_URL) - -Write-Host "Disconnecting from vCenter Server ..." -Disconnect-VIServer * -Confirm:$false diff --git a/examples/powercli/hwchange-slack/stack.yml b/examples/powercli/hwchange-slack/stack.yml index 65bc3572..d2015942 100644 --- a/examples/powercli/hwchange-slack/stack.yml +++ b/examples/powercli/hwchange-slack/stack.yml @@ -1,16 +1,16 @@ provider: name: openfaas - gateway: https://veba.mynetwork.local + gateway: https://veba.primp-industries.com functions: powercli-reconfigure: lang: powercli handler: ./handler - image: opvizorpa/powercli-slack:latest + image: vmware/veba-powercli-vm-config-change-slack:latest environment: write_debug: true read_debug: true function_debug: false secrets: - - vcconfig + - vc-slack-config annotations: - topic: vm.reconfigured + topic: VmReconfiguredEvent diff --git a/examples/powercli/hwchange-slack/template/powercli/Dockerfile b/examples/powercli/hwchange-slack/template/powercli/Dockerfile index 0b02d362..b2e504c4 100644 --- a/examples/powercli/hwchange-slack/template/powercli/Dockerfile +++ b/examples/powercli/hwchange-slack/template/powercli/Dockerfile @@ -18,8 +18,6 @@ USER root SHELL [ "pwsh", "-command" ] ENV fprocess="xargs pwsh ./function/script.ps1" COPY function function -# Set to true to see request in function logs -ENV write_debug="true" EXPOSE 8080 diff --git a/examples/powercli/hwchange-slack/vcconfig.json b/examples/powercli/hwchange-slack/vc-slack-config.json similarity index 51% rename from examples/powercli/hwchange-slack/vcconfig.json rename to examples/powercli/hwchange-slack/vc-slack-config.json index c3031e7a..effe7622 100644 --- a/examples/powercli/hwchange-slack/vcconfig.json +++ b/examples/powercli/hwchange-slack/vc-slack-config.json @@ -1,7 +1,4 @@ { - "VC" : "my-vCenter", - "VC_USERNAME" : "user@vsphere.local", - "VC_PASSWORD" : "userpassword", "SLACK_URL" : "https://my.slack.com/services/new/incoming-webhook/", "SLACK_CHANNEL" : "vcevent" } diff --git a/examples/powercli/tagging/README.md b/examples/powercli/tagging/README.md index c1681dca..ffcb3a49 100644 --- a/examples/powercli/tagging/README.md +++ b/examples/powercli/tagging/README.md @@ -4,7 +4,32 @@ This function demonstrates using PowerCLI to apply vSphere Tag to Virtual Machine when the VM Powered On Event is triggered -## Instruction +## Consume Function Instruction + +Step 1 - Update `stack.yml` and `vc-tag-config.json` with your environment information + +Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance + +``` +VEBA_GATEWAY=https://veba.primp-industries.com +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify +``` + +Step 3 - Create function secret (only required once) + +``` +faas-cli secret create vc-tag-config --from-file=vc-tag-config.json --tls-no-verify +``` + +Step 4 - Deploy function to vCenter Event Broker Appliance + +``` +faas-cli deploy -f stack.yml --tls-no-verify +``` + +## Build Function Instruction Step 1 - Initialize function, only required during the first deployment @@ -12,7 +37,7 @@ Step 1 - Initialize function, only required during the first deployment faas-cli template pull ``` -Step 2 - Update `stack.yml` and `vcconfig.json` with your environment information +Step 2 - Update `stack.yml` and `vc-tag-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. Step 3 - Build the function container @@ -26,13 +51,23 @@ Step 4 - Push the function container to Docker Registry (default but can be chan faas-cli push -f stack.yml ``` -Step 5 - Deploy function to vCenter Event Broker Appliance +Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com -export OPENFAAS_URL=${VEBA_GATEWAY} # this is handy so you don't have to keep specifying OpenFaaS endpoint in command-line +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify +``` -faas-cli login --username admin --password-stdin --tls-no-verify # login with your admin password -faas-cli secret create vcconfig --from-file=vcconfig.json --tls-no-verify # create secret, only required once +Step 6 - Create function secret (only required once) + +``` +faas-cli secret create vc-tag-config --from-file=vc-tag-config.json --tls-no-verify +``` + +Step 7 - Deploy function to vCenter Event Broker Appliance + +``` faas-cli deploy -f stack.yml --tls-no-verify ``` \ No newline at end of file diff --git a/examples/powercli/tagging/handler/script.ps1 b/examples/powercli/tagging/handler/script.ps1 index 56b1381e..d91036b2 100644 --- a/examples/powercli/tagging/handler/script.ps1 +++ b/examples/powercli/tagging/handler/script.ps1 @@ -1,5 +1,5 @@ # Process function Secrets passed in -$VC_CONFIG_FILE = "/var/openfaas/secrets/vcconfig" +$VC_CONFIG_FILE = "/var/openfaas/secrets/vc-tag-config" $VC_CONFIG = (Get-Content -Raw -Path $VC_CONFIG_FILE | ConvertFrom-Json) if($env:function_debug -eq "true") { Write-host "DEBUG: `"$VC_CONFIG`"" @@ -8,10 +8,10 @@ if($env:function_debug -eq "true") { # Process payload sent from vCenter Server Event $json = $args | ConvertFrom-Json if($env:function_debug -eq "true") { - Write-Host "DEBUG: `"$json`"" + Write-Host "DEBUG: json=`"$($json | Format-List | Out-String)`"" } -$eventObjectName = $json.objectName +$vmName = $json.data.vm.name Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -DisplayDeprecationWarnings $false -ParticipateInCeip $false -Confirm:$false | Out-Null @@ -20,8 +20,8 @@ Write-Host "Connecting to vCenter Server ..." Connect-VIServer -Server $($VC_CONFIG.VC) -User $($VC_CONFIG.VC_USERNAME) -Password $($VC_CONFIG.VC_PASSWORD) # Retrieve VM and apply vSphere Tag -Write-Host "Applying vSphere Tag `"$($VC_CONFIG.TAG_NAME)`" to $eventObjectName ..." -Get-VM $eventObjectName | New-TagAssignment -Tag (Get-Tag -Name $($VC_CONFIG.TAG_NAME)) -Confirm:$false +Write-Host "Applying vSphere Tag `"$($VC_CONFIG.TAG_NAME)`" to $vmName ..." +Get-VM $vmName | New-TagAssignment -Tag (Get-Tag -Name $($VC_CONFIG.TAG_NAME)) -Confirm:$false Write-Host "Disconnecting from vCenter Server ..." Disconnect-VIServer * -Confirm:$false diff --git a/examples/powercli/tagging/stack.yml b/examples/powercli/tagging/stack.yml index 10225ccb..c09116fb 100644 --- a/examples/powercli/tagging/stack.yml +++ b/examples/powercli/tagging/stack.yml @@ -5,12 +5,12 @@ functions: powercli-tag: lang: powercli handler: ./handler - image: lamw/powercli-tag:latest + image: vmware/veba-powercli-tagging:latest environment: write_debug: true read_debug: true function_debug: false secrets: - - vcconfig + - vc-tag-config annotations: - topic: drs.vm.powered.on + topic: DrsVmPoweredOnEvent diff --git a/examples/powercli/tagging/vcconfig.json b/examples/powercli/tagging/vc-tag-config.json similarity index 100% rename from examples/powercli/tagging/vcconfig.json rename to examples/powercli/tagging/vc-tag-config.json diff --git a/examples/python/echo/README.md b/examples/python/echo/README.md new file mode 100644 index 00000000..9eca4c24 --- /dev/null +++ b/examples/python/echo/README.md @@ -0,0 +1,46 @@ +# vCenter Event Broker Appliance Echo Event Function + +## Description + +This function helps users understand the structure and data of a given vCenter Event which will be useful when creating brand new Functions. + +Step 1 - Edit `stack.yml` and update the topic with the specific vCenter Server Event(s) from [vCenter Event Mapping](https://github.com/lamw/vcenter-event-mapping) document + +Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance + +``` +VEBA_GATEWAY=https://veba.primp-industries.com +export OPENFAAS_URL=${VEBA_GATEWAY} + +faas-cli login --username admin --password-stdin --tls-no-verify +``` + +Step 3 - Deploy function to vCenter Event Broker Appliance + +``` +faas-cli deploy -f stack.yml --tls-no-verify +``` + +Step 4 - Tail the logs of the veba-echo function + +``` +faas-cli logs veba-echo --tls-no-verify +``` + +Step 5 - Trigger the vCenter Event such as powering off the VM for the VmPoweredOffEvent and you should see output like the following in the console: + +``` +2020-02-23T22:29:28Z 2020/02/23 22:29:28 Forking fprocess. +2020-02-23T22:29:28Z 2020/02/23 22:29:28 Query +2020-02-23T22:29:28Z 2020/02/23 22:29:28 Path / +2020-02-23T22:29:28Z {"id":"6be1aa78-4e34-4697-87bd-fd189934804d","source":"https://vcenter.sddc-a-b-c-d.vmwarevmc.com/sdk","specversion":"1.0","type":"com.vmware.event.router/event","subject":"VmPoweredOffEvent","time":"2020-02-23T22:29:28.911840208Z","data":{"Key":303794,"ChainId":303792,"CreatedTime":"2020-02-23T22:29:28.226884Z","UserName":"VMC.LOCAL\\cloudadmin","Datacenter":{"Name":"SDDC-Datacenter","Datacenter":{"Type":"Datacenter","Value":"datacenter-3"}},"ComputeResource":{"Name":"Cluster-1","ComputeResource":{"Type":"ClusterComputeResource","Value":"domain-c8"}},"Host":{"Name":"10.20.32.4","Host":{"Type":"HostSystem","Value":"host-11"}},"Vm":{"Name":"Test","Vm":{"Type":"VirtualMachine","Value":"vm-1081"}},"Ds":null,"Net":null,"Dvs":null,"FullFormattedMessage":"Test on 10.20.32.4 in SDDC-Datacenter is powered off","ChangeTag":"","Template":false},"datacontenttype":"application/json"} +2020-02-23T22:29:28Z 2020/02/23 22:29:28 Duration: 0.061631 seconds +``` + +For readability, you can copy the JSON: + +``` +{"id":"6be1aa78-4e34-4697-87bd-fd189934804d","source":"https://vcenter.sddc-a-b-c-d.vmwarevmc.com/sdk","specversion":"1.0","type":"com.vmware.event.router/event","subject":"VmPoweredOffEvent","time":"2020-02-23T22:29:28.911840208Z","data":{"Key":303794,"ChainId":303792,"CreatedTime":"2020-02-23T22:29:28.226884Z","UserName":"VMC.LOCAL\\cloudadmin","Datacenter":{"Name":"SDDC-Datacenter","Datacenter":{"Type":"Datacenter","Value":"datacenter-3"}},"ComputeResource":{"Name":"Cluster-1","ComputeResource":{"Type":"ClusterComputeResource","Value":"domain-c8"}},"Host":{"Name":"10.20.32.4","Host":{"Type":"HostSystem","Value":"host-11"}},"Vm":{"Name":"Test","Vm":{"Type":"VirtualMachine","Value":"vm-1081"}},"Ds":null,"Net":null,"Dvs":null,"FullFormattedMessage":"Test on 10.20.32.4 in SDDC-Datacenter is powered off","ChangeTag":"","Template":false},"datacontenttype":"application/json"} +``` + +and format that using a JSON Linter website such as [https://jsonlint.com/](https://jsonlint.com/) \ No newline at end of file diff --git a/examples/python/echo/handler/echo.py b/examples/python/echo/handler/echo.py new file mode 100644 index 00000000..4b07937b --- /dev/null +++ b/examples/python/echo/handler/echo.py @@ -0,0 +1,10 @@ +# Original function contribution by Michael Gasch https://github.com/embano1/of-echo/ +def handle(req): + """handle a request to the function + Args: + req (str): request body + """ + + print(req) + + return "ok" diff --git a/examples/python/echo/stack.yml b/examples/python/echo/stack.yml new file mode 100644 index 00000000..aebd42a1 --- /dev/null +++ b/examples/python/echo/stack.yml @@ -0,0 +1,14 @@ +version: 1.0 +provider: + name: openfaas + gateway: http://127.0.0.1:8080 +functions: + veba-echo: + lang: python + handler: ./handler + image: vmware/veba-python-echo:latest + environment: + write_debug: true + read_debug: true + annotations: + topic: "VmPoweredOnEvent,VmPoweredOffEvent" From 6e597d7f21e68f4c182256bd281b7c0a27a57b28 Mon Sep 17 00:00:00 2001 From: William Lam Date: Sat, 22 Feb 2020 18:42:06 -0800 Subject: [PATCH 19/34] Added drop-down menu for Network CIDR selection + clear OVF properties for security Signed-off-by: William Lam Fix AWS EventBridge Adv Option variable Signed-off-by: William Lam --- files/setup.sh | 7 +++++-- manual/photon-dev.xml.template | 6 +++--- manual/photon.xml.template | 6 +++--- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/files/setup.sh b/files/setup.sh index 0532e9aa..d40fc014 100755 --- a/files/setup.sh +++ b/files/setup.sh @@ -8,7 +8,7 @@ set -euo pipefail VEBA_DEBUG=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.debug" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') HOSTNAME=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.hostname" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') IP_ADDRESS=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.ipaddress" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') -NETMASK=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.netmask" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +NETMASK=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.netmask" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}' | awk -F ' ' '{print $1}') GATEWAY=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.gateway" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') DNS_SERVER=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.dns" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') DNS_DOMAIN=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.domain" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') @@ -31,7 +31,7 @@ AWS_EVENTBRIDGE_ACCESS_SECRET=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | gre AWS_EVENTBRIDGE_EVENT_BUS=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_event_bus" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') AWS_EVENTBRIDGE_REGION=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_region" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') AWS_EVENTBRIDGE_RULE_ARN=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_arn" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') -AWS_EVENTBRIDGE_ADV_OPTION=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_arn" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') +AWS_EVENTBRIDGE_ADV_OPTION=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.aws_eb_advanced_options" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') POD_NETWORK_CIDR=$(vmtoolsd --cmd "info-get guestinfo.ovfEnv" | grep "guestinfo.pod_network_cidr" | awk -F 'oe:value="' '{print $2}' | awk -F '"' '{print $1}') if [ -e /root/ran_customization ]; then @@ -79,6 +79,9 @@ else echo -e "\e[92mCustomization Completed ..." > /dev/console + # Clear guestinfo.ovfEnv + vmtoolsd --cmd "info-set guestinfo.ovfEnv NULL" + # Ensure we don't run customization again touch /root/ran_customization fi \ No newline at end of file diff --git a/manual/photon-dev.xml.template b/manual/photon-dev.xml.template index 59813142..dd0dfd2c 100644 --- a/manual/photon-dev.xml.template +++ b/manual/photon-dev.xml.template @@ -14,9 +14,9 @@ IP Address of the system - - - CIDR notation (e.g. 24 for 255.255.255.0, 28 for 255.255.255.240) + + + Network CIDR Prefix diff --git a/manual/photon.xml.template b/manual/photon.xml.template index 8abc8aca..d7c87132 100644 --- a/manual/photon.xml.template +++ b/manual/photon.xml.template @@ -14,9 +14,9 @@ IP Address of the system - - - CIDR notation (e.g. 24 for 255.255.255.0, 28 for 255.255.255.240) + + + Network Prefix From ac6ddbe381cf20c9f3ce1bb620ee85ff82846ae6 Mon Sep 17 00:00:00 2001 From: William Lam Date: Sun, 23 Feb 2020 08:10:26 -0800 Subject: [PATCH 20/34] Test automation script samples to deploy VEBA using either OpenFaaS or EventBridge Processor Signed-off-by: William Lam --- test/deploy_veba_eventbridge_processor.sh | 70 +++++++++++++++++++++++ test/deploy_veba_openfaas_processor.sh | 62 ++++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100755 test/deploy_veba_eventbridge_processor.sh create mode 100755 test/deploy_veba_openfaas_processor.sh diff --git a/test/deploy_veba_eventbridge_processor.sh b/test/deploy_veba_eventbridge_processor.sh new file mode 100755 index 00000000..35de79b3 --- /dev/null +++ b/test/deploy_veba_eventbridge_processor.sh @@ -0,0 +1,70 @@ +#!/bin/bash +# Copyright 2020 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Sample Shell Script to test deployment of VEBA w/AWS EventBridge Processor + +OVFTOOL_BIN_PATH="/Applications/VMware OVF Tool/ovftool" +VEBA_OVA="../output-vmware-iso/vCenter_Event_Broker_Appliance_0.3.0.ova" + +# vCenter +DEPLOYMENT_TARGET_ADDRESS="192.168.30.200" +DEPLOYMENT_TARGET_USERNAME="administrator@vsphere.local" +DEPLOYMENT_TARGET_PASSWORD="VMware1!" +DEPLOYMENT_TARGET_DATACENTER="Primp-Datacenter" +DEPLOYMNET_TARGET_CLUSTER="Supermicro-Cluster" + +VEBA_NAME="VEBA-TEST-AWS-EVENTBRIDGE-PROCESSOR" +VEBA_IP="192.168.30.170" +VEBA_HOSTNAME="veba.primp-industries.com" +VEBA_PREFIX="24 (255.255.255.0)" +VEBA_GW="192.168.30.1" +VEBA_DNS="192.168.30.1" +VEBA_DNS_DOMAIN="primp-industries.com" +VEBA_NTP="pool.ntp.org" +VEBA_OS_PASSWORD="VMware1!" +VEBA_NETWORK="VM Network" +VEBA_DATASTORE="sm-vsanDatastore" +VEBA_DEBUG="True" +VEBA_VCENTER_SERVER="192.168.30.200" +VEBA_VCENTER_USER="administrator@vsphere.local" +VEBA_VCENTER_PASS="VMware1!" +VEBA_VCENTER_DISABLE_TLS="True" +VEBA_AWS_EVENTBRIDGE_ACCESS_KEY="FILL_ME_IN_PLEASE" +VEBA_AWS_EVENTBRIDGE_ACCESS_SECRET="FILL_ME_IN_PLEASE" +VEBA_AWS_EVENTBRIDGE_EVENT_BUS="FILL_ME_IN_PLEASE" +VEBA_AWS_EVENTBRIDGE_REGION="us-west-2" +VEBA_AWS_EVENTBRIDGE_RULE_ARN="FILL_ME_IN_PLEASE" + +### DO NOT EDIT BEYOND HERE ### + +"${OVFTOOL_BIN_PATH}" \ + --powerOn \ + --noSSLVerify \ + --sourceType=OVA \ + --allowExtraConfig \ + --diskMode=thin \ + --name="${VEBA_NAME}" \ + --net:"VM Network"="${VEBA_NETWORK}" \ + --datastore="${VEBA_DATASTORE}" \ + --prop:guestinfo.ipaddress=${VEBA_IP} \ + --prop:guestinfo.hostname=${VEBA_HOSTNAME} \ + --prop:guestinfo.netmask="${VEBA_PREFIX}" \ + --prop:guestinfo.gateway=${VEBA_GW} \ + --prop:guestinfo.dns=${VEBA_DNS} \ + --prop:guestinfo.domain=${VEBA_DNS_DOMAIN} \ + --prop:guestinfo.ntp=${VEBA_NTP} \ + --prop:guestinfo.root_password=${VEBA_OS_PASSWORD} \ + --prop:guestinfo.vcenter_server=${VEBA_VCENTER_SERVER} \ + --prop:guestinfo.vcenter_username=${VEBA_VCENTER_USER} \ + --prop:guestinfo.vcenter_password=${VEBA_VCENTER_PASS} \ + --prop:guestinfo.vcenter_disable_tls_verification=${VEBA_VCENTER_DISABLE_TLS} \ + --prop:guestinfo.event_processor_type="AWS EventBridge" \ + --prop:guestinfo.aws_eb_access_key=${VEBA_AWS_EVENTBRIDGE_ACCESS_KEY} \ + --prop:guestinfo.aws_eb_access_secret=${VEBA_AWS_EVENTBRIDGE_ACCESS_SECRET} \ + --prop:guestinfo.aws_eb_event_bus=${VEBA_AWS_EVENTBRIDGE_EVENT_BUS} \ + --prop:guestinfo.aws_eb_region=${VEBA_AWS_EVENTBRIDGE_REGION} \ + --prop:guestinfo.aws_eb_arn=${VEBA_AWS_EVENTBRIDGE_RULE_ARN} \ + --prop:guestinfo.debug=${VEBA_DEBUG} \ + "${VEBA_OVA}" \ + "vi://${DEPLOYMENT_TARGET_USERNAME}:${DEPLOYMENT_TARGET_PASSWORD}@${DEPLOYMENT_TARGET_ADDRESS}/${DEPLOYMENT_TARGET_DATACENTER}/host/${DEPLOYMNET_TARGET_CLUSTER}" diff --git a/test/deploy_veba_openfaas_processor.sh b/test/deploy_veba_openfaas_processor.sh new file mode 100755 index 00000000..a9d5bc64 --- /dev/null +++ b/test/deploy_veba_openfaas_processor.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# Copyright 2020 VMware, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +# Sample Shell Script to test deployment of VEBA w/OpenFaaS Processor + +OVFTOOL_BIN_PATH="/Applications/VMware OVF Tool/ovftool" +VEBA_OVA="../output-vmware-iso/vCenter_Event_Broker_Appliance_0.3.0.ova" + +# vCenter +DEPLOYMENT_TARGET_ADDRESS="192.168.30.200" +DEPLOYMENT_TARGET_USERNAME="administrator@vsphere.local" +DEPLOYMENT_TARGET_PASSWORD="VMware1!" +DEPLOYMENT_TARGET_DATACENTER="Primp-Datacenter" +DEPLOYMNET_TARGET_CLUSTER="Supermicro-Cluster" + +VEBA_NAME="VEBA-TEST-OPENFAAS-PROCESSOR" +VEBA_IP="192.168.30.170" +VEBA_HOSTNAME="veba.primp-industries.com" +VEBA_PREFIX="24 (255.255.255.0)" +VEBA_GW="192.168.30.1" +VEBA_DNS="192.168.30.1" +VEBA_DNS_DOMAIN="primp-industries.com" +VEBA_NTP="pool.ntp.org" +VEBA_OS_PASSWORD="VMware1!" +VEBA_NETWORK="VM Network" +VEBA_DATASTORE="sm-vsanDatastore" +VEBA_DEBUG="True" +VEBA_VCENTER_SERVER="192.168.30.200" +VEBA_VCENTER_USER="administrator@vsphere.local" +VEBA_VCENTER_PASS="VMware1!" +VEBA_VCENTER_DISABLE_TLS="True" +VEBA_OPENFAAS_PASS="VMware1!" + +### DO NOT EDIT BEYOND HERE ### + +"${OVFTOOL_BIN_PATH}" \ + --powerOn \ + --noSSLVerify \ + --sourceType=OVA \ + --allowExtraConfig \ + --diskMode=thin \ + --name="${VEBA_NAME}" \ + --net:"VM Network"="${VEBA_NETWORK}" \ + --datastore="${VEBA_DATASTORE}" \ + --prop:guestinfo.ipaddress=${VEBA_IP} \ + --prop:guestinfo.hostname=${VEBA_HOSTNAME} \ + --prop:guestinfo.netmask="${VEBA_PREFIX}" \ + --prop:guestinfo.gateway=${VEBA_GW} \ + --prop:guestinfo.dns=${VEBA_DNS} \ + --prop:guestinfo.domain=${VEBA_DNS_DOMAIN} \ + --prop:guestinfo.ntp=${VEBA_NTP} \ + --prop:guestinfo.root_password=${VEBA_OS_PASSWORD} \ + --prop:guestinfo.vcenter_server=${VEBA_VCENTER_SERVER} \ + --prop:guestinfo.vcenter_username=${VEBA_VCENTER_USER} \ + --prop:guestinfo.vcenter_password=${VEBA_VCENTER_PASS} \ + --prop:guestinfo.vcenter_disable_tls_verification=${VEBA_VCENTER_DISABLE_TLS} \ + --prop:guestinfo.event_processor_type="OpenFaaS" \ + --prop:guestinfo.openfaas_password=${VEBA_OPENFAAS_PASS} \ + --prop:guestinfo.debug=${VEBA_DEBUG} \ + "${VEBA_OVA}" \ + "vi://${DEPLOYMENT_TARGET_USERNAME}:${DEPLOYMENT_TARGET_PASSWORD}@${DEPLOYMENT_TARGET_ADDRESS}/${DEPLOYMENT_TARGET_DATACENTER}/host/${DEPLOYMNET_TARGET_CLUSTER}" From 84eb278dbe951eea15265b58dbcd993659a8163a Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 2 Mar 2020 16:27:22 +0100 Subject: [PATCH 21/34] Add branch information to Python examples Signed-off-by: Michael Gasch --- examples/python/esx-mtu-fixer/README.md | 12 +++++++++++- examples/python/tagging/README.MD | 1 + 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/examples/python/esx-mtu-fixer/README.md b/examples/python/esx-mtu-fixer/README.md index 7cf2843a..22e84100 100644 --- a/examples/python/esx-mtu-fixer/README.md +++ b/examples/python/esx-mtu-fixer/README.md @@ -2,9 +2,19 @@ This is a remediation function which will be triggered when a VM is powered on. It will make sure that the Maximum Transmission Unit (MTU) of the VM Kernel Adapter on all ESX hosts is at least `1500`. You can find out more about why `1500` is an optimal value in the [wikipedia page](https://en.wikipedia.org/wiki/Maximum_transmission_unit). +## Get the example function + +Clone this repository which contains the example functions. + +```bash +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/python/esx-mtu-fixer +git checkout master +``` + ## Set up -The function needs credentials and endpoint of the vCenter with which the function will interact. You can see how to create a secret containing those credentials in your kubernetes cluster in the [create_secret](./create_secret.sh) script. Your `kubectl` must be configured to communicate with your remote cluster first. +The function needs credentials and endpoint of the vCenter with which the function will interact. You can see how to create a secret containing those credentials in your Kubernetes cluster in the [create_secret](./create_secret.sh) script. Your `kubectl` must be configured to communicate with your remote cluster first. ## Deploy the function diff --git a/examples/python/tagging/README.MD b/examples/python/tagging/README.MD index 06ed0fda..41af15be 100644 --- a/examples/python/tagging/README.MD +++ b/examples/python/tagging/README.MD @@ -5,6 +5,7 @@ Clone this repository which contains the example functions. ```bash git clone https://github.com/vmware-samples/vcenter-event-broker-appliance cd vcenter-event-broker-appliance/examples/python/tagging +git checkout master ``` ### Categories and tags From 0e193eec678cbe36da9426b6d71fcebe6992d83f Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 2 Mar 2020 16:28:43 +0100 Subject: [PATCH 22/34] Stricter linting on VMware Event Router - Use stricter linting during Docker build/release - For local testing linting and clean Git dir is not enforced though Signed-off-by: Michael Gasch --- vmware-event-router/Dockerfile | 5 +++++ vmware-event-router/Makefile | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/vmware-event-router/Dockerfile b/vmware-event-router/Dockerfile index 9247d351..f5be9a32 100644 --- a/vmware-event-router/Dockerfile +++ b/vmware-event-router/Dockerfile @@ -5,12 +5,17 @@ ARG COMMIT WORKDIR /build +# install linter into ./bin/ +RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.23.7 + COPY go.mod . COPY go.sum . RUN go mod download COPY cmd cmd COPY internal internal + +RUN ./bin/golangci-lint run ./... RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix nocgo -ldflags="-X main.version=${VERSION} -X main.commit=${COMMIT}" -o vmware-event-router cmd/main.go # debian:stable-slim diff --git a/vmware-event-router/Makefile b/vmware-event-router/Makefile index cde4b409..7526bd8f 100644 --- a/vmware-event-router/Makefile +++ b/vmware-event-router/Makefile @@ -31,9 +31,9 @@ tidy: $(info Make: syncing and cleaning up Go dependencies.) go mod tidy -v +# intended for local dev use (won't check for unclean git) binary: test tidy $(info Make: Building binary "$(DIST_FOLDER)/$(BINARY)".) - $(if $(GIT_NOT_CLEAN_CHECK), $(error "Dirty Git repository.")) CGO_ENABLED=0 go build -a -installsuffix nocgo -ldflags="-X main.version=${VERSION} -X main.commit=${COMMIT}" -o $(DIST_FOLDER)/$(BINARY) cmd/main.go build: test tidy From dd3ca14dea8b8093ac6682b74dc6cf14934b41c8 Mon Sep 17 00:00:00 2001 From: William Lam Date: Sat, 29 Feb 2020 06:07:28 -0800 Subject: [PATCH 23/34] Updated Getting Started User Guide Signed-off-by: William Lam Updated Getting Started Build Docs to point to correct VEBA Github Repo Signed-off-by: William Lam Fixed Getting Started Guide feedback Signed-off-by: William Lam Fixing photo-dev.json to incoroprate new CIDR notation Signed-off-by: William Lam Updating Samples to pull from master branch Signed-off-by: William Lam Adding note to VMware Event Router docs Signed-off-by: William Lam Incoroprate Feedback from Micahel on example functions Signed-off-by: William Lam --- .../powercli/datastore-usage-email/README.md | 38 ++++++++++++----- examples/powercli/hostmaint-alarms/README.md | 38 ++++++++++++----- examples/powercli/hwchange-slack/README.md | 40 ++++++++++++------ examples/powercli/tagging/README.md | 38 ++++++++++++----- examples/python/echo/README.md | 20 ++++++--- examples/python/echo/stack.yml | 2 +- getting-started-build.md | 2 +- getting-started.md | 42 +++++++++++++++---- photon-dev.json | 2 +- 9 files changed, 160 insertions(+), 62 deletions(-) diff --git a/examples/powercli/datastore-usage-email/README.md b/examples/powercli/datastore-usage-email/README.md index 9b31ef38..d120dc43 100644 --- a/examples/powercli/datastore-usage-email/README.md +++ b/examples/powercli/datastore-usage-email/README.md @@ -6,9 +6,17 @@ This function demonstrates using PowerShell to send an email notification when w ## Consume Function Instruction -Step 1 - Update `stack.yml` and `vc-datastore-config.json` with your environment information +Step 1 - Clone repo -Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/datastore-usage-email +git checkout master +``` + +Step 2 - Update `stack.yml` and `vc-datastore-config.json` with your environment information + +Step 3 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -17,13 +25,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 3 - Create function secret (only required once) +Step 4 - Create function secret (only required once) ``` faas-cli secret create vc-datastore-config --from-file=vc-datastore-config.json --tls-no-verify ``` -Step 4 - Deploy function to vCenter Event Broker Appliance +Step 5 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify @@ -31,27 +39,35 @@ faas-cli deploy -f stack.yml --tls-no-verify ## Build Function Instruction -Step 1 - Initialize function, only required during the first deployment +Step 1 - Clone repo + +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/datastore-usage-email +git checkout master +``` + +Step 2 - Initialize function, only required during the first deployment ``` faas-cli template pull ``` -Step 2 - Update `stack.yml` and `vc-datastore-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. +Step 3 - Update `stack.yml` and `vc-datastore-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. -Step 3 - Build the function container +Step 4 - Build the function container ``` faas-cli build -f stack.yml ``` -Step 4 - Push the function container to Docker Registry (default but can be changed to internal registry) +Step 5 - Push the function container to Docker Registry (default but can be changed to internal registry) ``` faas-cli push -f stack.yml ``` -Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +Step 6 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -60,13 +76,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 6 - Create function secret (only required once) +Step 7 - Create function secret (only required once) ``` faas-cli secret create vc-datastore-config --from-file=vc-datastore-config.json --tls-no-verify ``` -Step 7 - Deploy function to vCenter Event Broker Appliance +Step 8 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify diff --git a/examples/powercli/hostmaint-alarms/README.md b/examples/powercli/hostmaint-alarms/README.md index f049353a..d5df8abb 100644 --- a/examples/powercli/hostmaint-alarms/README.md +++ b/examples/powercli/hostmaint-alarms/README.md @@ -7,9 +7,17 @@ This example will disable alarm actions on a host while it is in maintenance mod ## Consume Function Instruction -Step 1 - Update `stack.yml` and `vc-hostmaint-config.json` with your environment information +Step 1 - Clone repo -Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/hostmaint-alarms +git checkout master +``` + +Step 2 - Update `stack.yml` and `vc-hostmaint-config.json` with your environment information + +Step 3 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -18,13 +26,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 3 - Create function secret (only required once) +Step 4 - Create function secret (only required once) ``` faas-cli secret create vc-hostmaint-config --from-file=vc-hostmaint-config.json --tls-no-verify ``` -Step 4 - Deploy function to vCenter Event Broker Appliance +Step 5 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify @@ -32,27 +40,35 @@ faas-cli deploy -f stack.yml --tls-no-verify ## Build Function Instruction -Step 1 - Initialize function, only required during the first deployment +Step 1 - Clone repo + +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/hostmaint-alarms +git checkout master +``` + +Step 2 - Initialize function, only required during the first deployment ``` faas-cli template pull ``` -Step 2 - Update `stack.yml` and `vc-hostmaint-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. +Step 3 - Update `stack.yml` and `vc-hostmaint-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. -Step 3 - Build the function container +Step 4 - Build the function container ``` faas-cli build -f stack.yml ``` -Step 4 - Push the function container to Docker Registry (default but can be changed to internal registry) +Step 5 - Push the function container to Docker Registry (default but can be changed to internal registry) ``` faas-cli push -f stack.yml ``` -Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +Step 6 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -61,13 +77,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 6 - Create function secret (only required once) +Step 7 - Create function secret (only required once) ``` faas-cli secret create vc-hostmaint-config --from-file=vc-hostmaint-config.json --tls-no-verify ``` -Step 7 - Deploy function to vCenter Event Broker Appliance +Step 8 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify diff --git a/examples/powercli/hwchange-slack/README.md b/examples/powercli/hwchange-slack/README.md index 8fabc890..88401942 100644 --- a/examples/powercli/hwchange-slack/README.md +++ b/examples/powercli/hwchange-slack/README.md @@ -11,14 +11,22 @@ The custom PowerShell template for OpenFaaS is using [PSSlack](https://github.co ## Consume Function Instruction -Step 1 - Setup Slack +Step 1 - Clone repo + +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/hwchange-slack +git checkout master +``` + +Step 2 - Setup Slack Make sure to create a channel for the notifications and a [Slack webhook](https://my.slack.com/services/new/incoming-webhook/). -Step 2 - Update `stack.yml` and `vc-slack-config.json` with your environment information +Step 3 - Update `stack.yml` and `vc-slack-config.json` with your environment information -Step 3 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +Step 4 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -27,13 +35,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 4 - Create function secret (only required once) +Step 5 - Create function secret (only required once) ``` faas-cli secret create vc-slack-config --from-file=vc-slack-config.json --tls-no-verify ``` -Step 5 - Deploy function to vCenter Event Broker Appliance +Step 6 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify @@ -41,27 +49,35 @@ faas-cli deploy -f stack.yml --tls-no-verify ## Build Function Instruction -Step 1 - Initialize function, only required during the first deployment +Step 1 - Clone repo + +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/hwchange-slack +git checkout master +``` + +Step 2 - Initialize function, only required during the first deployment ``` faas-cli template pull ``` -Step 2 - Update `stack.yml` and `vc-slack-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. +Step 3 - Update `stack.yml` and `vc-slack-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. -Step 3 - Build the function container +Step 4 - Build the function container ``` faas-cli build -f stack.yml ``` -Step 4 - Push the function container to Docker Registry (default but can be changed to internal registry) +Step 5 - Push the function container to Docker Registry (default but can be changed to internal registry) ``` faas-cli push -f stack.yml ``` -Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +Step 6 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -70,13 +86,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 6 - Create function secret (only required once) +Step 7 - Create function secret (only required once) ``` faas-cli secret create vc-slack-config --from-file=vc-slack-config.json --tls-no-verify ``` -Step 7 - Deploy function to vCenter Event Broker Appliance +Step 8 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify diff --git a/examples/powercli/tagging/README.md b/examples/powercli/tagging/README.md index ffcb3a49..d856c024 100644 --- a/examples/powercli/tagging/README.md +++ b/examples/powercli/tagging/README.md @@ -6,9 +6,17 @@ This function demonstrates using PowerCLI to apply vSphere Tag to Virtual Machin ## Consume Function Instruction -Step 1 - Update `stack.yml` and `vc-tag-config.json` with your environment information +Step 1 - Clone repo -Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/tagging +git checkout master +``` + +Step 2 - Update `stack.yml` and `vc-tag-config.json` with your environment information + +Step 3 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -17,13 +25,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 3 - Create function secret (only required once) +Step 4 - Create function secret (only required once) ``` faas-cli secret create vc-tag-config --from-file=vc-tag-config.json --tls-no-verify ``` -Step 4 - Deploy function to vCenter Event Broker Appliance +Step 5 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify @@ -31,27 +39,35 @@ faas-cli deploy -f stack.yml --tls-no-verify ## Build Function Instruction -Step 1 - Initialize function, only required during the first deployment +Step 1 - Clone repo + +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/powercli/tagging +git checkout master +``` + +Step 2 - Initialize function, only required during the first deployment ``` faas-cli template pull ``` -Step 2 - Update `stack.yml` and `vc-tag-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. +Step 3 - Update `stack.yml` and `vc-tag-config.json` with your environment information. Please ensure you replace the name of the container image with your own account. -Step 3 - Build the function container +Step 4 - Build the function container ``` faas-cli build -f stack.yml ``` -Step 4 - Push the function container to Docker Registry (default but can be changed to internal registry) +Step 5 - Push the function container to Docker Registry (default but can be changed to internal registry) ``` faas-cli push -f stack.yml ``` -Step 5 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +Step 6 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -60,13 +76,13 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 6 - Create function secret (only required once) +Step 7 - Create function secret (only required once) ``` faas-cli secret create vc-tag-config --from-file=vc-tag-config.json --tls-no-verify ``` -Step 7 - Deploy function to vCenter Event Broker Appliance +Step 8 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify diff --git a/examples/python/echo/README.md b/examples/python/echo/README.md index 9eca4c24..31de1f92 100644 --- a/examples/python/echo/README.md +++ b/examples/python/echo/README.md @@ -2,11 +2,19 @@ ## Description -This function helps users understand the structure and data of a given vCenter Event which will be useful when creating brand new Functions. +This function helps users understand the structure and data of a given vCenter Event which will be useful when creating brand new Functions. -Step 1 - Edit `stack.yml` and update the topic with the specific vCenter Server Event(s) from [vCenter Event Mapping](https://github.com/lamw/vcenter-event-mapping) document +Step 1 - Clone repo -Step 2 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance +``` +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance +cd vcenter-event-broker-appliance/examples/python/echo +git checkout master +``` + +Step 2 - Edit `stack.yml` and update the topic with the specific vCenter Server Event(s) from [vCenter Event Mapping](https://github.com/lamw/vcenter-event-mapping) document + +Step 3 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` VEBA_GATEWAY=https://veba.primp-industries.com @@ -15,19 +23,19 @@ export OPENFAAS_URL=${VEBA_GATEWAY} faas-cli login --username admin --password-stdin --tls-no-verify ``` -Step 3 - Deploy function to vCenter Event Broker Appliance +Step 4 - Deploy function to vCenter Event Broker Appliance ``` faas-cli deploy -f stack.yml --tls-no-verify ``` -Step 4 - Tail the logs of the veba-echo function +Step 5 - Tail the logs of the veba-echo function ``` faas-cli logs veba-echo --tls-no-verify ``` -Step 5 - Trigger the vCenter Event such as powering off the VM for the VmPoweredOffEvent and you should see output like the following in the console: +Step 6 - Trigger the vCenter Event such as powering off the VM for the VmPoweredOffEvent and you should see output like the following in the console: ``` 2020-02-23T22:29:28Z 2020/02/23 22:29:28 Forking fprocess. diff --git a/examples/python/echo/stack.yml b/examples/python/echo/stack.yml index aebd42a1..f5f2358c 100644 --- a/examples/python/echo/stack.yml +++ b/examples/python/echo/stack.yml @@ -1,7 +1,7 @@ version: 1.0 provider: name: openfaas - gateway: http://127.0.0.1:8080 + gateway: http://veba.primp-industries.com functions: veba-echo: lang: python diff --git a/getting-started-build.md b/getting-started-build.md index 3dc3dd2c..dd615bf1 100644 --- a/getting-started-build.md +++ b/getting-started-build.md @@ -13,7 +13,7 @@ Step 1 - Clone the vCenter Event Broker Appliance Git repository ``` -git clone https://github.com/lamw/vcenter-event-broker-appliance.git +git clone https://github.com/vmware-samples/vcenter-event-broker-appliance.git ``` Step 2 - Edit the `photon-builder.json` file to configure the vSphere endpoint for building the vCenter Event Broker Appliance diff --git a/getting-started.md b/getting-started.md index edb3d28a..562f6c0c 100644 --- a/getting-started.md +++ b/getting-started.md @@ -12,41 +12,67 @@ **Step 2** - Deploy the vCenter Event Broker Appliance OVA to your vCenter Server using the vSphere HTML5 Client. As part of the deployment you will be prompted to provide the following input: -*Networking* +*Networking* (**Required**) * Hostname - The FQDN of the vCenter Event Broker Appliance. If you do not have DNS in your environment, make sure the hostname provide is resolvable from your desktop which may require you to manually add a hosts entry. Proper DNS resolution is recommended * IP Address - The IP Address of the vCenter Event Broker Appliance - * Netmask Prefix - CIDR Notation (e.g. 24 = 255.255.255.0) + * Network Prefix - Network CIDR Selection (e.g. 24 = 255.255.255.0) * Gateway - The Network Gateway address - * DNS - DNS Server(s) that will be able to resolve to external sites such as Github for initial configuration. If you have multiple DNS Servers, input needs to be space separated. + * DNS - DNS Server(s) that will be able to resolve to external sites such as Github for initial configuration. If you have multiple DNS Servers, input needs to be **space separated**. * DNS Domain - The DNS domain of your network + * NTP Server - NTP Server(s) for proper time synchronization. If you have multiple DNS Servers, input needs to be **space separated**. -*Credentials* +*Proxy Settings (Optional)* + * HTTP Proxy Server - HTTP Proxy Server followed by the port and without typing http:// before (e.g. proxy.provider.com:3128) + * HTTPS Proxy - HTTPS Proxy Server followed by the port and without typing https:// before (e.g. proxy.provider.com:3128) + * Proxy Username - Optional Username for Proxy Server + * Proxy Password - Optional Password for Proxy Server + * No Proxy - Exclude internal domain suffix. Comma separated (localhost, 127.0.0.1, domain.local) +*OS Credentials* (**Required**) * Root Password - This is the OS root password for the vCenter Event Broker Appliance - * OpenFaaS Password - This is the Admin password for OpenFaaS UI -*vSphere* +*vSphere* (**Required**) * vCenter Server - This FQDN or IP Address of your vCenter Server that you wish to associate this vCenter Event Broker Appliance to for Event subscription * vCenter Username - The username to login to vCenter Server, as mentioned earlier, readOnly account is sufficient * vCenter Password - The password to the vCenter Username * Disable vCenter Server TLS Verification - If you have a self-signed SSL Certificate, you will need to check this box -*zDebug* +*Event Processor Configuration* (**Required**) + * Event Processor - Choose either OpenFaaS (default) or AWS EventBridge and only fill in the configuration for the selected event processor +*OpenFaaS Configuration* (**Required if selected as Event Processor**) + * Password - Password to login into OpenFaaS using "admin" account. Please use a secure password + * Advanced Settings - N/A, future use + +*AWS EventBridge Configuration* (**Required if selected as Event Processor**) + * Access Key - A valid AWS Access Key to AWS EventBridge + * Access Secret - A valid AWS Access Secret to AWS EventBridge + * Event Bus Name - Name of the AWS Event Bus to use. If left blank, this defaults to "default" Bus name. + * Region - Region where Event Bus is running (e.g. us-west-2) + * Rule ARN - ID of the Rule ARN created in AWS EventBridge + * Advanced Settings - N/A, future use + +For more information on using the OpenFaaS and AWS EventBridge Processor, please take a look at the [VMware Event Router documentation](./vmware-event-router/README.MD) + +*zAdvanced (Optional)* * Debugging - When enabled, this will output a more verbose log file that can be used to troubleshoot failed deployments + * POD CIDR Network - Customize POD CIDR Network (Default 10.99.0.0/20) **Step 3** - Power On the vCenter Event Broker Appliance after successful deployment. Depending on your external network connectivity, it can take a few minutes while the system is being setup. You can open the VM Console to view the progress. Once everything is completed, you should see an updated login banner for the various endpoints: ``` Appliance Status: https://[hostname]/status Install Logs: https://[hostname]/bootstrap +Appliance Statistics: https://[hostname]/stats OpenFaaS UI: https://[hostname] ``` +If you are using the AWS EventBridge Processor, the OpenFaaS UI endpoint will not be available which is expected and is not shown in the login banner. + **Note**: If you enable Debugging, the install logs endpoint will automatically contain the more verbose log entries. -**Step 4** - You can verify that everything was deployed correctly by opening a web browser to the OpenFaaS UI available on https://[hostname]/ and logging in with the Admin credentials (user:admin) you had specified as part of the OVA deployment. +**Step 4** - You can verify that everything was deployed correctly by opening a web browser and accessing one of the endpoints along with the associated admin password you had specified as part of the OVA deployment. At this point, you have successfully deployed the vCenter Event Broker Appliance and you are ready to start deploying your functions! Check the [examples](./examples/README.md) to quickly get started. diff --git a/photon-dev.json b/photon-dev.json index e3720766..0da785ef 100644 --- a/photon-dev.json +++ b/photon-dev.json @@ -9,7 +9,7 @@ "ovftool_deploy_vm_name": "PACKER-TEST-vCenter_Event_Broker_Appliance", "ovftool_deploy_vm_hostname": "veba.primp-industries.com", "ovftool_deploy_vm_ip_address": "192.168.30.170", - "ovftool_deploy_vm_prefix": "24", + "ovftool_deploy_vm_prefix": "24 (255.255.255.0)", "ovftool_deploy_vm_gateway": "192.168.30.1", "ovftool_deploy_vm_dns": "192.168.30.1", "ovftool_deploy_vm_dns_domain": "primp-industries.com", From 75414dab59b0804aa653fe3dd145646379c1ab10 Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 2 Mar 2020 21:17:52 +0100 Subject: [PATCH 24/34] Fix linter errors Fixes linter errors regression introduced in #58 Tested via: ```bash make [...] Step 24/24 : ENTRYPOINT ["./vmware-event-router"] ---> Using cache ---> 5c4aa02006a4 Successfully built 5c4aa02006a4 Successfully tagged vmware/veba-event-router:e54fee2 ``` Tested the new build successfully against OpenFaaS and AWS EventBridge with a VmPoweredOffEvent. Signed-off-by: Michael Gasch --- vmware-event-router/cmd/main.go | 31 ++++++++++++------- .../internal/metrics/server.go | 15 ++++++--- .../internal/processor/aws_event_bridge.go | 18 ++++++----- .../internal/processor/openfaas.go | 11 +++---- .../internal/stream/vcenter.go | 4 ++- 5 files changed, 48 insertions(+), 31 deletions(-) diff --git a/vmware-event-router/cmd/main.go b/vmware-event-router/cmd/main.go index c5d2cd5b..5d788a5f 100644 --- a/vmware-event-router/cmd/main.go +++ b/vmware-event-router/cmd/main.go @@ -52,6 +52,19 @@ func main() { ctx, cancel := context.WithCancel(context.Background()) defer cancel() + // signal handler + go func() { + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, syscall.SIGTERM, os.Interrupt) + + sig := <-sigCh + logger.Printf("got signal: %v, cleaning up...", sig) + + cancel() + // give goroutines some grace time to clean up + time.Sleep(3 * time.Second) + }() + f, err := os.Open(configPath) if err != nil { logger.Fatalf("could not open configuration file: %v", err) @@ -130,24 +143,18 @@ func main() { logger.Fatal("no configuration for metrics server found") } - // handle OS signals gracefully - sigCh := make(chan os.Signal, 1) - signal.Notify(sigCh, syscall.SIGTERM, os.Interrupt) - go func() { - sig := <-sigCh - logger.Printf("got signal: %v, cleaning up...", sig) - cancel() - // give goroutines some grace time to clean up - time.Sleep(3 * time.Second) - }() - eg, egCtx := errgroup.WithContext(ctx) + + // metrics server eg.Go(func() error { return metricsServer.Run(egCtx, bindAddr) }) + // event stream eg.Go(func() error { - defer streamer.Shutdown(egCtx) + defer func() { + _ = streamer.Shutdown(egCtx) + }() return streamer.Stream(egCtx, proc) }) diff --git a/vmware-event-router/internal/metrics/server.go b/vmware-event-router/internal/metrics/server.go index 88c43991..cdbe7391 100644 --- a/vmware-event-router/internal/metrics/server.go +++ b/vmware-event-router/internal/metrics/server.go @@ -52,7 +52,7 @@ func NewServer(cfg connection.Config) (*Server, error) { mux := http.NewServeMux() switch basicAuth { case true: - mux.Handle(endpoint, withBasicAuth(expvar.Handler(), username, password)) + mux.Handle(endpoint, withBasicAuth(logger, expvar.Handler(), username, password)) default: mux.Handle(endpoint, expvar.Handler()) } @@ -102,7 +102,7 @@ func (s *Server) Run(ctx context.Context, bindAddr string) error { // withBasicAuth enforces basic auth as a middleware for the given username and // password -func withBasicAuth(next http.Handler, u string, p string) http.HandlerFunc { +func withBasicAuth(logger *log.Logger, next http.Handler, u string, p string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, password, ok := r.BasicAuth() @@ -110,7 +110,10 @@ func withBasicAuth(next http.Handler, u string, p string) http.HandlerFunc { if !ok || !(p == password && u == user) { w.WriteHeader(http.StatusUnauthorized) - w.Write([]byte("invalid credentials")) + _, err := w.Write([]byte("invalid credentials")) + if err != nil { + logger.Printf("could not write http response: %v", err) + } return } @@ -128,14 +131,16 @@ func (s *Server) publish(ctx context.Context) { expvar.Publish("system.allLoad", expvar.Func(allLoadAvg)) programName.Set(os.Args[0]) + ticker := time.NewTicker(time.Second) + defer ticker.Stop() + for { select { case <-ctx.Done(): return - case <-time.Tick(time.Second): + case <-ticker.C: numberOfSecondsRunning.Add(1) lastLoad.Set(loadAvg(0)) - // eventRouterStats.Set("EventStats", &stats) } } } diff --git a/vmware-event-router/internal/processor/aws_event_bridge.go b/vmware-event-router/internal/processor/aws_event_bridge.go index 16f0fa5b..e23361e8 100644 --- a/vmware-event-router/internal/processor/aws_event_bridge.go +++ b/vmware-event-router/internal/processor/aws_event_bridge.go @@ -113,6 +113,7 @@ func NewAWSEventBridgeProcessor(ctx context.Context, cfg connection.Config, sour return nil, errors.Wrap(err, "could not list event bridge rules") } + arnLoop: for _, rule := range rules.Rules { switch { case *rule.Arn == ruleARN: @@ -134,7 +135,7 @@ func NewAWSEventBridgeProcessor(ctx context.Context, cfg connection.Config, sour eventBridge.patternMap[s] = *rule.EventBusName } found = true - break + break arnLoop default: continue @@ -142,7 +143,7 @@ func NewAWSEventBridgeProcessor(ctx context.Context, cfg connection.Config, sour } switch { - case found == true: // return early + case found: // return early break case rules.NextToken != nil: // try next batch of rules, if any nextToken = rules.NextToken @@ -170,7 +171,6 @@ func NewAWSEventBridgeProcessor(ctx context.Context, cfg connection.Config, sour // throttling/batching // https://docs.aws.amazon.com/eventbridge/latest/userguide/cloudwatch-limits-eventbridge.html#putevents-limits func (awsEventBridge *awsEventBridgeProcessor) Process(moref types.ManagedObjectReference, baseEvent []types.BaseEvent) error { - input, err := awsEventBridge.createPutEventsInput(baseEvent) if err != nil { awsEventBridge.Printf("could not create PutEventsInput for event(s): %v", err) @@ -219,7 +219,7 @@ func (awsEventBridge *awsEventBridgeProcessor) createPutEventsInput(baseEvent [] cloudEvent := events.NewCloudEvent(event, eventInfo, awsEventBridge.source) jsonBytes, err := json.Marshal(cloudEvent) if err != nil { - return eventbridge.PutEventsInput{}, errors.Wrapf(err, "could not marshal cloud event for vSphere event %s from source %s", event.GetEvent().Key, awsEventBridge.source) + return eventbridge.PutEventsInput{}, errors.Wrapf(err, "could not marshal cloud event for vSphere event %d from source %s", event.GetEvent().Key, awsEventBridge.source) } jsonString := string(jsonBytes) @@ -273,6 +273,7 @@ func (awsEventBridge *awsEventBridgeProcessor) syncRules(ctx context.Context, ev return errors.Wrap(err, "could not list event bridge rules") } + arnLoop: for _, rule := range rules.Rules { switch { case *rule.Arn == ruleARN: @@ -298,7 +299,7 @@ func (awsEventBridge *awsEventBridgeProcessor) syncRules(ctx context.Context, ev awsEventBridge.mu.Unlock() found = true - break + break arnLoop default: continue @@ -306,7 +307,7 @@ func (awsEventBridge *awsEventBridgeProcessor) syncRules(ctx context.Context, ev } switch { - case found == true: // return early + case found: // return early break case rules.NextToken != nil: // try next batch of rules, if any nextToken = rules.NextToken @@ -319,11 +320,14 @@ func (awsEventBridge *awsEventBridgeProcessor) syncRules(ctx context.Context, ev } func (awsEventBridge *awsEventBridgeProcessor) PushMetrics(ctx context.Context, ms *metrics.Server) { + ticker := time.NewTicker(metrics.PushInterval) + defer ticker.Stop() + for { select { case <-ctx.Done(): return - case <-time.Tick(metrics.PushInterval): + case <-ticker.C: awsEventBridge.mu.RLock() ms.Receive(awsEventBridge.stats) awsEventBridge.mu.RUnlock() diff --git a/vmware-event-router/internal/processor/openfaas.go b/vmware-event-router/internal/processor/openfaas.go index 7488f810..02f68923 100644 --- a/vmware-event-router/internal/processor/openfaas.go +++ b/vmware-event-router/internal/processor/openfaas.go @@ -3,7 +3,6 @@ package processor import ( "context" "encoding/json" - "fmt" "log" "os" "sync" @@ -93,7 +92,7 @@ func NewOpenFaaSProcessor(ctx context.Context, cfg connection.Config, source str // Response prints status information for each function invokation func (openfaas *openfaasProcessor) Response(res sdk.InvokerResponse) { - // update stats + // update stats // TODO: currently we only support metrics when in sync invokation mode // because we don't have a callback for async invocations openfaas.lock.Lock() @@ -109,8 +108,6 @@ func (openfaas *openfaasProcessor) Response(res sdk.InvokerResponse) { // Process implements the stream processor interface func (openfaas *openfaasProcessor) Process(moref types.ManagedObjectReference, baseEvent []types.BaseEvent) error { - fmt.Printf("of topics: %v", openfaas.controller.Topics()) - for idx := range baseEvent { // process slice in reverse order to maintain Event.Key ordering event := baseEvent[len(baseEvent)-1-idx] @@ -148,17 +145,19 @@ func handleEvent(event types.BaseEvent, source string) (string, []byte, error) { cloudEvent := events.NewCloudEvent(event, eventInfo, source) message, err := json.Marshal(cloudEvent) if err != nil { - return "", nil, errors.Wrapf(err, "could not marshal cloud event for vSphere event %s from source %s", event.GetEvent().Key, source) + return "", nil, errors.Wrapf(err, "could not marshal cloud event for vSphere event %d from source %s", event.GetEvent().Key, source) } return eventInfo.Name, message, nil } func (openfaas *openfaasProcessor) PushMetrics(ctx context.Context, ms *metrics.Server) { + ticker := time.NewTicker(metrics.PushInterval) + defer ticker.Stop() for { select { case <-ctx.Done(): return - case <-time.Tick(metrics.PushInterval): + case <-ticker.C: openfaas.lock.RLock() ms.Receive(openfaas.stats) openfaas.lock.RUnlock() diff --git a/vmware-event-router/internal/stream/vcenter.go b/vmware-event-router/internal/stream/vcenter.go index 05805e06..6312d535 100644 --- a/vmware-event-router/internal/stream/vcenter.go +++ b/vmware-event-router/internal/stream/vcenter.go @@ -104,11 +104,13 @@ func (vcenter *vCenterStream) Source() string { } func (vcenter *vCenterStream) PushMetrics(ctx context.Context, ms *metrics.Server) { + ticker := time.NewTicker(metrics.PushInterval) + defer ticker.Stop() for { select { case <-ctx.Done(): return - case <-time.Tick(metrics.PushInterval): + case <-ticker.C: vcenter.lock.RLock() eventsSec := math.Round((float64(*vcenter.stats.EventsTotal)/time.Since(vcenter.stats.Started).Seconds())*100) / 100 // 0.2f syntax vcenter.stats.EventsSec = &eventsSec From 8c2327d3aae667d4b82b441651d36b3ce549b0be Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Wed, 4 Mar 2020 11:01:07 +0100 Subject: [PATCH 25/34] Colorized log output Signed-off-by: Michael Gasch --- vmware-event-router/cmd/main.go | 3 +- vmware-event-router/internal/color/color.go | 28 +++++++++++++++++++ .../internal/metrics/server.go | 3 +- .../internal/processor/aws_event_bridge.go | 3 +- .../internal/processor/openfaas.go | 3 +- 5 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 vmware-event-router/internal/color/color.go diff --git a/vmware-event-router/cmd/main.go b/vmware-event-router/cmd/main.go index 5d788a5f..29ab575a 100644 --- a/vmware-event-router/cmd/main.go +++ b/vmware-event-router/cmd/main.go @@ -10,6 +10,7 @@ import ( "syscall" "time" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/color" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/processor" @@ -33,7 +34,7 @@ var banner = ` func main() { fmt.Println(banner) - var logger = log.New(os.Stdout, "[VMware Event Router] ", log.LstdFlags) + var logger = log.New(os.Stdout, color.Green("[VMware Event Router] "), log.LstdFlags) var configPath string var verbose bool diff --git a/vmware-event-router/internal/color/color.go b/vmware-event-router/internal/color/color.go new file mode 100644 index 00000000..3f618bbe --- /dev/null +++ b/vmware-event-router/internal/color/color.go @@ -0,0 +1,28 @@ +package color + +import "fmt" + +var ( + Info = Teal + Warn = Yellow + Fata = Red +) + +var ( + Black = Color("\033[1;30m%s\033[0m") + Red = Color("\033[1;31m%s\033[0m") + Green = Color("\033[1;32m%s\033[0m") + Yellow = Color("\033[1;33m%s\033[0m") + Purple = Color("\033[1;34m%s\033[0m") + Magenta = Color("\033[1;35m%s\033[0m") + Teal = Color("\033[1;36m%s\033[0m") + White = Color("\033[1;37m%s\033[0m") +) + +func Color(colorString string) func(...interface{}) string { + sprint := func(args ...interface{}) string { + return fmt.Sprintf(colorString, + fmt.Sprint(args...)) + } + return sprint +} diff --git a/vmware-event-router/internal/metrics/server.go b/vmware-event-router/internal/metrics/server.go index cdbe7391..fa619efd 100644 --- a/vmware-event-router/internal/metrics/server.go +++ b/vmware-event-router/internal/metrics/server.go @@ -10,6 +10,7 @@ import ( "time" "github.com/pkg/errors" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/color" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" ) @@ -48,7 +49,7 @@ func NewServer(cfg connection.Config) (*Server, error) { return nil, errors.Errorf("unsupported authentication method for metrics server: %q", cfg.Auth.Method) } - logger := log.New(os.Stdout, "[Metrics Server] ", log.LstdFlags) + logger := log.New(os.Stdout, color.Teal("[Metrics Server] "), log.LstdFlags) mux := http.NewServeMux() switch basicAuth { case true: diff --git a/vmware-event-router/internal/processor/aws_event_bridge.go b/vmware-event-router/internal/processor/aws_event_bridge.go index e23361e8..0ccea60e 100644 --- a/vmware-event-router/internal/processor/aws_event_bridge.go +++ b/vmware-event-router/internal/processor/aws_event_bridge.go @@ -13,6 +13,7 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/eventbridge" "github.com/pkg/errors" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/color" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/events" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" @@ -50,7 +51,7 @@ type eventPattern struct { // NewAWSEventBridgeProcessor returns an AWS EventBridge processor for the given // stream source. func NewAWSEventBridgeProcessor(ctx context.Context, cfg connection.Config, source string, verbose bool, ms *metrics.Server) (Processor, error) { - logger := log.New(os.Stdout, "[AWS EventBridge] ", log.LstdFlags) + logger := log.New(os.Stdout, color.Yellow("[AWS EventBridge] "), log.LstdFlags) eventBridge := awsEventBridgeProcessor{ source: source, verbose: verbose, diff --git a/vmware-event-router/internal/processor/openfaas.go b/vmware-event-router/internal/processor/openfaas.go index 02f68923..9fc078a2 100644 --- a/vmware-event-router/internal/processor/openfaas.go +++ b/vmware-event-router/internal/processor/openfaas.go @@ -11,6 +11,7 @@ import ( sdk "github.com/openfaas-incubator/connector-sdk/types" "github.com/openfaas/faas-provider/auth" "github.com/pkg/errors" + "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/color" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/connection" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/events" "github.com/vmware-samples/vcenter-event-broker-appliance/vmware-event-router/internal/metrics" @@ -43,7 +44,7 @@ type openfaasProcessor struct { // source. Asynchronous function invokation can be configured for // high-throughput (non-blocking) requirements. func NewOpenFaaSProcessor(ctx context.Context, cfg connection.Config, source string, verbose bool, ms *metrics.Server) (Processor, error) { - logger := log.New(os.Stdout, "[OpenFaaS] ", log.LstdFlags) + logger := log.New(os.Stdout, color.Purple("[OpenFaaS] "), log.LstdFlags) openfaas := openfaasProcessor{ source: source, verbose: verbose, From 81587c7f2021d3ec7f09ff94d8edd2787dd4b481 Mon Sep 17 00:00:00 2001 From: William Lam Date: Wed, 4 Mar 2020 12:44:26 -0800 Subject: [PATCH 26/34] Ensuring eth0 interface is shown first in vSphere UI Signed-off-by: William Lam --- scripts/photon-settings.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/photon-settings.sh b/scripts/photon-settings.sh index 93a48568..e961f85b 100644 --- a/scripts/photon-settings.sh +++ b/scripts/photon-settings.sh @@ -29,4 +29,14 @@ tdnf install -y \ echo '> Creating directory for setup scripts' mkdir -p /root/setup +echo '> Creating tools.conf to prioritize eth0 interface...' +cat /etc/vmware-tools/tools.conf << EOF +[guestinfo] +primary-nics=eth0 +low-priority-nics=weave,docker0 + +[guestinfo] +exclude-nics=veth*,vxlan*,datapath +EOF + echo '> Done' From dd1330e18ac10edeb5fec5480432b95b58091b8a Mon Sep 17 00:00:00 2001 From: William Lam Date: Tue, 3 Mar 2020 21:41:39 -0800 Subject: [PATCH 27/34] Fixed MoRef procesisng for v0.3 Signed-off-by: William Lam Consolidated stack.yaml and function to process both Enter/Exit Maint Mode Signed-off-by: William Lam Fixing README Signed-off-by: William Lam --- examples/powercli/hostmaint-alarms/README.md | 3 +-- .../hostmaint-alarms/handler/script.ps1 | 17 ++++++++++++----- examples/powercli/hostmaint-alarms/stack.yml | 14 +------------- 3 files changed, 14 insertions(+), 20 deletions(-) diff --git a/examples/powercli/hostmaint-alarms/README.md b/examples/powercli/hostmaint-alarms/README.md index d5df8abb..2e7eb4e7 100644 --- a/examples/powercli/hostmaint-alarms/README.md +++ b/examples/powercli/hostmaint-alarms/README.md @@ -2,8 +2,7 @@ ## Description -This example will disable alarm actions on a host while it is in maintenance mode. It deploys two functions that use the same PowerCLI script. The first function subscribes to the `entered.maintenance.mode` event to run when a host is put into maintenance mode and disable alarms. The second function subscribes to the `exit.maintenance.mode` event to re-enable alarms when the host exits maintenance mode. There is an accompanying blog post with more details: [Automate Host Maintenance with the vCenter Event Broker Appliance -](https://doogleit.github.io/2019/11/automate-host-maintenance-with-the-vcenter-event-broker-appliance/) +This example will disable alarm actions on a host when it has entered maintenance mode and will re-enable alarm actions on a host after it has exited maintenance mode. There is an accompanying blog post with more details: [Automate Host Maintenance with the vCenter Event Broker Appliance](https://doogleit.github.io/2019/11/automate-host-maintenance-with-the-vcenter-event-broker-appliance/) ## Consume Function Instruction diff --git a/examples/powercli/hostmaint-alarms/handler/script.ps1 b/examples/powercli/hostmaint-alarms/handler/script.ps1 index 85429511..9c8080e9 100644 --- a/examples/powercli/hostmaint-alarms/handler/script.ps1 +++ b/examples/powercli/hostmaint-alarms/handler/script.ps1 @@ -12,7 +12,6 @@ if($env:function_debug -eq "true") { } $eventObjectName = $json.data.host.name -$managedObjectReference = $json.data.host.type Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -DisplayDeprecationWarnings $false -ParticipateInCeip $false -Confirm:$false | Out-Null @@ -20,17 +19,25 @@ Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -DisplayDeprecationW Write-Host "Connecting to vCenter Server ..." Connect-VIServer -Server $($VC_CONFIG.VC) -User $($VC_CONFIG.VC_USERNAME) -Password $($VC_CONFIG.VC_PASSWORD) +# Construct MoRef from Type/Value +$moRef = New-Object VMware.Vim.ManagedObjectReference +$moRef.Type = $json.data.host.host.type +$moRef.Value = $json.data.host.host.Value +$hostMoRef = Get-View $moRef + # Get the vCenter AlarmManager $alarmManager = Get-View AlarmManager -if ($json.topic -eq "entered.maintenance.mode") { + +if ($json.subject -eq "EnteredMaintenanceModeEvent") { # Disable alarm actions on the host Write-Host "Disabling alarm actions on host: $eventObjectName" - $alarmManager.EnableAlarmActions($managedObjectReference, $false) + $alarmManager.EnableAlarmActions($hostMoRef.MoRef, $false) } -else { + +if ($json.subject -eq "ExitMaintenanceModeEvent") { # Enable alarm actions on the host Write-Host "Enabling alarm actions on host: $eventObjectName" - $alarmManager.EnableAlarmActions($managedObjectReference, $true) + $alarmManager.EnableAlarmActions($hostMoRef.MoRef, $true) } Write-Host "Disconnecting from vCenter Server ..." diff --git a/examples/powercli/hostmaint-alarms/stack.yml b/examples/powercli/hostmaint-alarms/stack.yml index 84b8b263..f4d13699 100644 --- a/examples/powercli/hostmaint-alarms/stack.yml +++ b/examples/powercli/hostmaint-alarms/stack.yml @@ -14,16 +14,4 @@ functions: secrets: - vc-hostmaint-config annotations: - topic: EnteredMaintenanceModeEvent - powercli-exitmaint: - lang: powercli - handler: ./handler - image: vmware/veba-powercli-esx-maintenance:latest - environment: - write_debug: true - read_debug: true - function_debug: false - secrets: - - vc-hostmaint-config - annotations: - topic: ExitMaintenanceModeEvent \ No newline at end of file + topic: EnteredMaintenanceModeEvent, ExitMaintenanceModeEvent \ No newline at end of file From f0199703e957f61d64d49f7ee15cca31eef76e70 Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 5 Mar 2020 06:18:03 -0800 Subject: [PATCH 28/34] Bump version to v0.3.0 for release Signed-off-by: William Lam --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 1474d00f..268b0334 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.2.0 +v0.3.0 From 1c97a8b38067fc77424a3e4ffbbef81f1bcf4d70 Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 5 Mar 2020 07:05:36 -0800 Subject: [PATCH 29/34] Fixing syntax issue w/creating tools.conf Signed-off-by: William Lam --- scripts/photon-settings.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/photon-settings.sh b/scripts/photon-settings.sh index e961f85b..2663a604 100644 --- a/scripts/photon-settings.sh +++ b/scripts/photon-settings.sh @@ -30,7 +30,7 @@ echo '> Creating directory for setup scripts' mkdir -p /root/setup echo '> Creating tools.conf to prioritize eth0 interface...' -cat /etc/vmware-tools/tools.conf << EOF +cat > /etc/vmware-tools/tools.conf << EOF [guestinfo] primary-nics=eth0 low-priority-nics=weave,docker0 From 993eea3e8ee16a017cbdcb4042bc7e5387f717d9 Mon Sep 17 00:00:00 2001 From: William Lam Date: Thu, 5 Mar 2020 07:26:45 -0800 Subject: [PATCH 30/34] Fixing FQDN in /etc/issue Signed-off-by: William Lam --- files/setup-09-banner.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/files/setup-09-banner.sh b/files/setup-09-banner.sh index e5e33b01..2c5e6bc6 100755 --- a/files/setup-09-banner.sh +++ b/files/setup-09-banner.sh @@ -8,8 +8,6 @@ set -euo pipefail echo -e "\e[92mCreating Login Banner ..." > /dev/console -HOSTNAME=$(hostname -f) - if [ "${EVENT_PROCESSOR_TYPE}" == "OpenFaaS" ]; then cat << EOF > /etc/issue Welcome to the vCenter Event Broker Appliance From d083a4585d148a99fab85611efab9095137f8fab Mon Sep 17 00:00:00 2001 From: Patrick Kremer Date: Sat, 7 Mar 2020 11:12:34 -0600 Subject: [PATCH 31/34] Added unauthenticated SMTP and green status emails (#72) * Allows SMTP_PASSWORD and SMTP_USERNAME to be blank in the JSON config - if both are blank, unauthenticated SMTP on port 25 will be sent. Added green alarm status for notification when alarm returns to normal. Adjusted the email body language to match the alarm status. Signed-off-by: Patrick Kremer * Minor formatting changes as requested in PR Signed-off-by: Patrick Kremer * Minor indentation tweaks Signed-off-by: Patrick Kremer --- .../powercli/datastore-usage-email/README.md | 2 ++ .../datastore-usage-email/handler/script.ps1 | 30 +++++++++++-------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/examples/powercli/datastore-usage-email/README.md b/examples/powercli/datastore-usage-email/README.md index d120dc43..518465b7 100644 --- a/examples/powercli/datastore-usage-email/README.md +++ b/examples/powercli/datastore-usage-email/README.md @@ -16,6 +16,8 @@ git checkout master Step 2 - Update `stack.yml` and `vc-datastore-config.json` with your environment information +Note: leave SMTP_USERNAME and SMTP_PASSWORD blank if you do not want to use authenticated SMTP + Step 3 - Login to the OpenFaaS gateway on vCenter Event Broker Appliance ``` diff --git a/examples/powercli/datastore-usage-email/handler/script.ps1 b/examples/powercli/datastore-usage-email/handler/script.ps1 index f1695acc..fba27669 100644 --- a/examples/powercli/datastore-usage-email/handler/script.ps1 +++ b/examples/powercli/datastore-usage-email/handler/script.ps1 @@ -24,7 +24,7 @@ if($env:function_debug -eq "true") { Write-Host "DEBUG: vcenter: `"$vcenter`"" } -if( ("$alarmName" -match "$($VC_CONFIG.VC_ALARM_NAME)") -and ([bool]($VC_CONFIG.DATASTORE_NAMES -match "$datastoreName")) -and ($alarmStatus -eq "yellow" -or $alarmStatus -eq "red") ) { +if( ("$alarmName" -match "$($VC_CONFIG.VC_ALARM_NAME)") -and ([bool]($VC_CONFIG.DATASTORE_NAMES -match "$datastoreName")) -and ($alarmStatus -eq "yellow" -or $alarmStatus -eq "red" -or $alarmStatus -eq "green") ) { # Warning Email Body if($alarmStatus -eq "yellow") { @@ -33,22 +33,28 @@ if( ("$alarmName" -match "$($VC_CONFIG.VC_ALARM_NAME)") -and ([bool]($VC_CONFIG. } elseif($alarmStatus -eq "red") { $subject = "☢️ $($VC_CONFIG.EMAIL_SUBJECT) ☢️ " $threshold = "error" + } elseif($alarmStatus -eq "green") { + $subject = "$($VC_CONFIG.EMAIL_SUBJECT)" + $threshold = "normal" } - $Body = @" - $alarmName $datastoreName has reached $threshold threshold - - Please login to your VMware Cloud on AWS environment and ensure that everything is operating as expected. + $Body = "$alarmName $datastoreName has reached $threshold threshold.`r`n" + + if ( $threshold -ne "normal" ) { + $Body = $Body + "Please log in to your VMware Cloud on AWS environment and ensure that everything is operating as expected.`r`n" + } + $Body = $Body + @" vCenter Server: $vcenter Datacenter: $datacenter - Datastore: $datastoreName - + Datastore: $datastoreName "@ - - $password = ConvertTo-SecureString "$($VC_CONFIG.SMTP_PASSWORD)" -AsPlainText -Force - $credential = New-Object System.Management.Automation.PSCredential($($VC_CONFIG.SMTP_USERNAME), $password) - - Send-MailMessage -From $($VC_CONFIG.EMAIL_FROM) -to $($VC_CONFIG.EMAIL_TO) -Subject $Subject -Body $Body -SmtpServer $($VC_CONFIG.SMTP_SERVER) -port $($VC_CONFIG.SMTP_PORT) -UseSsl -Credential $credential -Encoding UTF32 + if ($VC_CONFIG.SMTP_PASSWORD.length -gt 0 -and $VC_CONFIG.SMTP_USERNAME.length -gt 0) { + $password = ConvertTo-SecureString "$($VC_CONFIG.SMTP_PASSWORD)" -AsPlainText -Force + $credential = New-Object System.Management.Automation.PSCredential($($VC_CONFIG.SMTP_USERNAME), $password) + Send-MailMessage -From $($VC_CONFIG.EMAIL_FROM) -to $($VC_CONFIG.EMAIL_TO) -Subject $Subject -Body $Body -SmtpServer $($VC_CONFIG.SMTP_SERVER) -port $($VC_CONFIG.SMTP_PORT) -UseSsl -Credential $credential -Encoding UTF32 + } else { + Send-MailMessage -From $($VC_CONFIG.EMAIL_FROM) -to $($VC_CONFIG.EMAIL_TO) -Subject $Subject -Body $Body -SmtpServer $($VC_CONFIG.SMTP_SERVER) -port $($VC_CONFIG.SMTP_PORT) -Encoding UTF32 + } } From 61f98e2ed595fb4c79589ccd308023ef8c24556a Mon Sep 17 00:00:00 2001 From: William Lam Date: Sun, 8 Mar 2020 07:06:45 -0700 Subject: [PATCH 32/34] Fixed OpenFaaS admin password Signed-off-by: William Lam Missed one more place for OF password Signed-off-by: William Lam --- files/setup-05-event-processor.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/setup-05-event-processor.sh b/files/setup-05-event-processor.sh index 86157053..a0f70628 100755 --- a/files/setup-05-event-processor.sh +++ b/files/setup-05-event-processor.sh @@ -72,7 +72,7 @@ else # Setup OpenFaaS Secret kubectl --kubeconfig /root/.kube/config -n openfaas create secret generic basic-auth \ --from-literal=basic-auth-user=admin \ - --from-literal=basic-auth-password="${ROOT_PASSWORD}" + --from-literal=basic-auth-password="${OPENFAAS_PASSWORD}" kubectl --kubeconfig /root/.kube/config create -f /root/download/faas-netes/yaml @@ -100,7 +100,7 @@ else "method": "basic_auth", "secret": { "username": "admin", - "password": "${ROOT_PASSWORD}" + "password": "${OPENFAAS_PASSWORD}" } }, "options": { From d5dc652e530b05fe941b0a176420bba14792bf99 Mon Sep 17 00:00:00 2001 From: William Lam Date: Sun, 8 Mar 2020 08:22:53 -0700 Subject: [PATCH 33/34] Ensure we pull latest vmware-event-router image Signed-off-by: William Lam --- scripts/photon-containers.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/photon-containers.sh b/scripts/photon-containers.sh index 0cf41748..f252e6d4 100644 --- a/scripts/photon-containers.sh +++ b/scripts/photon-containers.sh @@ -30,7 +30,7 @@ envoyproxy/envoy:v1.11.1 prom/prometheus:v2.11.0 prom/alertmanager:v0.18.0 nats-streaming:0.11.2 -vmware/veba-event-router:1683830 +vmware/veba-event-router:latest ) for i in ${CONTAINERS[@]}; @@ -53,4 +53,4 @@ cd contour git checkout v1.0.0-beta.1 sed -i '/^---/i \ dnsPolicy: ClusterFirstWithHostNet\n hostNetwork: true' examples/contour/03-envoy.yaml sed -i 's/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g' examples/contour/*.yaml -cd .. \ No newline at end of file +cd .. From 976adc54dd72bace7a5af1a471d03b85cc705578 Mon Sep 17 00:00:00 2001 From: Michael Gasch Date: Mon, 9 Mar 2020 08:53:29 +0100 Subject: [PATCH 34/34] Clarify resync period of AWS EventBridge Processor Closes: #68 --- vmware-event-router/README.MD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vmware-event-router/README.MD b/vmware-event-router/README.MD index 87859ab5..265de1ec 100644 --- a/vmware-event-router/README.MD +++ b/vmware-event-router/README.MD @@ -171,7 +171,7 @@ The VMware Event Router uses the `"subject"` field in the event payload to store } ``` -`"subject"` can contain one or more event categories. Wildcards (`"*"`) are not supported. The VMware Event Router periodically synchronizes the its internal pattern map against AWS EventBridge. +`"subject"` can contain one or more event categories. Wildcards (`"*"`) are not supported. If one wants to modify the event pattern match rule **after** deploying the VMware Event Router, its internal rules cache is periodically synchronized with AWS EventBridge at a fixed interval of 5 minutes. > **Note:** A list of event names (categories) and how to retrieve them can be found [here](https://github.com/lamw/vcenter-event-mapping/blob/master/vsphere-6.7-update-3.md). @@ -381,4 +381,4 @@ The following example for a `VmPoweredOnEvent` shows the event structure and pay } ``` -> **Note:** If you use the AWS EventBridge stream `processor` the event is wrapped and accessible under `""detail": {}"` as a JSON-formatted string. \ No newline at end of file +> **Note:** If you use the AWS EventBridge stream `processor` the event is wrapped and accessible under `""detail": {}"` as a JSON-formatted string.