From a15f99d74b84d38a810eae9140c5547fd4b933fb Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 24 Nov 2020 13:40:14 -0800 Subject: [PATCH 01/20] Consul 1.9 GA Banner (#9272) --- website/data/alert-banner.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/data/alert-banner.js b/website/data/alert-banner.js index 3c00d9b88b..82ae853440 100644 --- a/website/data/alert-banner.js +++ b/website/data/alert-banner.js @@ -3,8 +3,8 @@ export const ALERT_BANNER_ACTIVE = true // https://github.com/hashicorp/web-components/tree/master/packages/alert-banner export default { tag: 'Announcing', - url: 'https://www.hashicorp.com/blog/announcing-hashicorp-consul-1-9', - text: 'HashiCorp Consul 1.9 now available in beta.', + url: 'https://www.hashicorp.com/blog/announcing-general-availability-of-hashicorp-consul-1-9', + text: 'HashiCorp Consul 1.9 is now Generally Available (GA) .', linkText: 'Learn more', // Set the `expirationDate prop with a datetime string (e.g. `2020-01-31T12:00:00-07:00`) // if you'd like the component to stop showing at or after a certain date From cd0a294084ea0b0e5faeaa4e8b1fcfcf46ce3e5b Mon Sep 17 00:00:00 2001 From: David Yu Date: Wed, 25 Nov 2020 16:33:21 -0800 Subject: [PATCH 02/20] Bump supported chart to 0.27.0 for Consul 1.9 (#9279) * Bump supported chart to 0.27.0 for Consul 1.9 --- website/pages/docs/k8s/upgrade/compatibility.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/pages/docs/k8s/upgrade/compatibility.mdx b/website/pages/docs/k8s/upgrade/compatibility.mdx index 3302df36aa..ebf57f30d9 100644 --- a/website/pages/docs/k8s/upgrade/compatibility.mdx +++ b/website/pages/docs/k8s/upgrade/compatibility.mdx @@ -15,7 +15,7 @@ the Helm chart which will ensure a compatible version of the Consul Kubernetes b | Consul Version | Compatible Consul Helm Versions | | -------------- | ------------------------------- | -| 1.9.x | 0.26.0 | +| 1.9.x | 0.27.0 | | 1.8.x | 0.22.0 - 0.26.0 | | 1.7.x | 0.17.0 - 0.21.0 | | 1.6.x | 0.10.0 - 0.16.2 | From dfe2be40eabd9a329865a02130cfddf915c3dcdb Mon Sep 17 00:00:00 2001 From: Hans Hasselberg Date: Fri, 27 Nov 2020 20:49:43 +0100 Subject: [PATCH 03/20] fix serf_wan documentation (#9289) WAN config is different than LAN config, source of truth is https://github.com/hashicorp/memberlist/blob/f72d2042a81632f45a86ad548580c1bd8890dbf9/config.go#L315-L326 and now the docs are correct. --- agent/config/runtime.go | 10 +++++----- website/pages/docs/agent/options.mdx | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/agent/config/runtime.go b/agent/config/runtime.go index 4acc823faa..6b8777db26 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -1226,7 +1226,7 @@ type RuntimeConfig struct { // the cluster more quickly at the expense of increased bandwidth. This // configuration only applies to WAN gossip communications // - // The default is: 200ms + // The default is: 500ms // // hcl: gossip_wan { gossip_interval = duration} GossipWANGossipInterval time.Duration @@ -1236,7 +1236,7 @@ type RuntimeConfig struct { // propagate across the cluster more quickly at the expense of increased // bandwidth. This configuration only applies to WAN gossip communications // - // The default is: 3 + // The default is: 4 // // hcl: gossip_wan { gossip_nodes = int } GossipWANGossipNodes int @@ -1246,7 +1246,7 @@ type RuntimeConfig struct { // failed nodes more quickly at the expense of increased bandwidth usage. // This configuration only applies to WAN gossip communications // - // The default is: 1s + // The default is: 5s // // hcl: gossip_wan { probe_interval = duration } GossipWANProbeInterval time.Duration @@ -1256,7 +1256,7 @@ type RuntimeConfig struct { // of RTT (round-trip time) on your network. This configuration // only applies to the WAN gossip communications // - // The default is: 500ms + // The default is: 3s // // hcl: gossip_wan { probe_timeout = duration } GossipWANProbeTimeout time.Duration @@ -1275,7 +1275,7 @@ type RuntimeConfig struct { // it dead, giving that suspect node more time to refute if it is indeed // still alive. // - // The default is: 4 + // The default is: 6 // // hcl: gossip_wan { suspicion_mult = int } GossipWANSuspicionMult int diff --git a/website/pages/docs/agent/options.mdx b/website/pages/docs/agent/options.mdx index 9b0461daf1..786935c324 100644 --- a/website/pages/docs/agent/options.mdx +++ b/website/pages/docs/agent/options.mdx @@ -1558,22 +1558,22 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `gossip_nodes` - The number of random nodes to send gossip messages to per gossip_interval. Increasing this number causes the gossip messages to propagate across the cluster more quickly at the expense of increased - bandwidth. The default is 3. + bandwidth. The default is 4. - `gossip_interval` - The interval between sending messages that need to be gossiped that haven't been able to piggyback on probing messages. If this is set to zero, non-piggyback gossip is disabled. By lowering this value (more frequent) gossip messages are propagated across the cluster - more quickly at the expense of increased bandwidth. The default is 200ms. + more quickly at the expense of increased bandwidth. The default is 500ms. - `probe_interval` - The interval between random node probes. Setting this lower (more frequent) will cause the cluster to detect failed nodes more quickly at the expense of increased bandwidth usage. The default - is 1s. + is 5s. - `probe_timeout` - The timeout to wait for an ack from a probed node before assuming it is unhealthy. This should be at least the - 99-percentile of RTT (round-trip time) on your network. The default is 500ms + 99-percentile of RTT (round-trip time) on your network. The default is 3s and is a conservative value suitable for almost all realistic deployments. - `retransmit_mult` - The multiplier for the number @@ -1588,7 +1588,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." the timeout to scale properly with expected propagation delay with a larger cluster size. The higher the multiplier, the longer an inaccessible node is considered part of the cluster before declaring it dead, giving that suspect node more time - to refute if it is indeed still alive. The default is 4. + to refute if it is indeed still alive. The default is 6. - `key_file` This provides a the file path to a PEM-encoded private key. The key is used with the certificate to verify the agent's authenticity. From 15bc280564855d078bbcf492a99e76fdec97973e Mon Sep 17 00:00:00 2001 From: Rob Taylor Date: Mon, 30 Nov 2020 15:54:59 +0000 Subject: [PATCH 04/20] Fix typo in explanation of connect command (#9295) Change `Connect Connect` to `Consul Connect, which is consistent with the command output as shown on this page. --- website/pages/commands/connect/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/pages/commands/connect/index.mdx b/website/pages/commands/connect/index.mdx index 31fb952ea3..72465ca526 100644 --- a/website/pages/commands/connect/index.mdx +++ b/website/pages/commands/connect/index.mdx @@ -8,7 +8,7 @@ sidebar_title: connect Command: `consul connect` -The `connect` command is used to interact with Connect +The `connect` command is used to interact with Consul [Connect](/docs/connect/intentions) subsystems. It exposes commands for running the built-in mTLS proxy and viewing/updating the Certificate Authority (CA) configuration. This command is available in Consul 1.2 and later. From f3052972f46bee5ec19ad12afd4a4dcbba6ea1e4 Mon Sep 17 00:00:00 2001 From: Nitya Dhanushkodi Date: Wed, 18 Nov 2020 15:40:39 -0800 Subject: [PATCH 05/20] Add docs for envoyExtraArgs (#9206) --- website/pages/docs/k8s/connect/index.mdx | 8 ++++++++ website/pages/docs/k8s/helm.mdx | 2 ++ 2 files changed, 10 insertions(+) diff --git a/website/pages/docs/k8s/connect/index.mdx b/website/pages/docs/k8s/connect/index.mdx index 174550d380..c826e0c73d 100644 --- a/website/pages/docs/k8s/connect/index.mdx +++ b/website/pages/docs/k8s/connect/index.mdx @@ -256,6 +256,14 @@ Annotations can be used to configure the injection behavior. [defaultProtocol](/docs/k8s/helm#v-connectinject-centralconfig-defaultprotocol) option. Specific annotations will always override the default value. +- `consul.hashicorp.com/envoy-extra-args` - A space-separated list of [arguments](https://www.envoyproxy.io/docs/envoy/latest/operations/cli) + to be passed to the injected envoy binary. + + ```yaml + annotations: + consul.hashicorp.com/envoy-extra-args: "--log-level debug --disable-hot-restart" + ``` + - `consul.hashicorp.com/service-tags` - A comma separated list of tags that will be applied to the Consul service and its sidecar. diff --git a/website/pages/docs/k8s/helm.mdx b/website/pages/docs/k8s/helm.mdx index 659046a71f..38bf3e47de 100644 --- a/website/pages/docs/k8s/helm.mdx +++ b/website/pages/docs/k8s/helm.mdx @@ -753,6 +753,8 @@ and consider if they're appropriate for your deployment. - `reconcilePeriod` ((#v-connectinject-healthchecks-reconcileperiod)) (`string: "1m"`) - If `healthChecks.enabled` is set to true, reconcilePeriod defines how often a full state reconcile is done after the initial reconcile at startup is completed. + - `envoyExtraArgs` (((#v-connectinject-envoyextraargs))) (`string: ""`) - Pass [arguments](https://www.envoyproxy.io/docs/envoy/latest/operations/cli) to the injected envoy sidecar, e.g `"--log-level debug --disable-hot-restart"` + - `imageConsul` ((#v-connectinject-imageconsul)) (`string: global.image`) - The name of the Docker image (including any tag) for Consul. This is used for proxy service registration, Envoy configuration, etc. From 0db4c696026f3e1648df395e61b34724c02e306a Mon Sep 17 00:00:00 2001 From: Max G Date: Thu, 3 Dec 2020 23:01:28 -0500 Subject: [PATCH 06/20] docs: reword lack of additional required files --- website/pages/docs/install/index.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/pages/docs/install/index.mdx b/website/pages/docs/install/index.mdx index 2c6a61315c..9b3d0c6411 100644 --- a/website/pages/docs/install/index.mdx +++ b/website/pages/docs/install/index.mdx @@ -30,8 +30,8 @@ package for your system. Consul is currently packaged as a zip file. We do not have any near term plans to provide system packages. Once the zip is downloaded, unzip it into any directory. The `consul` binary -inside is all that is necessary to run Consul (or `consul.exe` for Windows). Any -additional files, if any, aren't required to run Consul. +inside is all that is necessary to run Consul (or `consul.exe` for Windows). +No additional files are required to run Consul. Copy the binary to anywhere on your system. If you intend to access it from the command-line, make sure to place it somewhere on your `PATH`. From 1121dae11813faa1748260fca28e608f8cc6830d Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Mon, 23 Nov 2020 15:17:58 -0800 Subject: [PATCH 07/20] docs: Fix broken URLs in Helm docs - Fix anchors for client.extraEnvironmentVars and server.extraEnvironmentVars. - Change extraEnvironmentVars data type to `map`. - Fix external link to kubernetes.io under connectInject.namespaceSelector. --- website/pages/docs/k8s/helm.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/pages/docs/k8s/helm.mdx b/website/pages/docs/k8s/helm.mdx index 38bf3e47de..d5eca53f80 100644 --- a/website/pages/docs/k8s/helm.mdx +++ b/website/pages/docs/k8s/helm.mdx @@ -380,7 +380,7 @@ and consider if they're appropriate for your deployment. "annotation-key": "annotation-value" ``` - - `extraEnvironmentVars` ((#v-server-extra-environment-vars (`string: "{}"`) - extraEnvironmentVars + - `extraEnvironmentVars` ((#v-server-extra-environment-vars)) (`map`) - extraEnvironmentVars is a list of extra environment variables to set within the stateful set. These could be used to include proxy settings required for cloud auto-join feature, in case kubernetes cluster is behind egress http proxies. Additionally, @@ -533,7 +533,7 @@ and consider if they're appropriate for your deployment. "sample/annotation2": "bar" ``` - - `extraEnvironmentVars` ((#v-client-extra-environment-vars (`string: "{}"`) - extraEnvironmentVars + - `extraEnvironmentVars` ((#v-client-extra-environment-vars)) (`map`) - extraEnvironmentVars is a list of extra environment variables to set with the pod. These could be used to include proxy settings required for cloud auto-join feature, in case kubernetes cluster is behind egress http proxies. Additionally, it @@ -758,8 +758,8 @@ and consider if they're appropriate for your deployment. - `imageConsul` ((#v-connectinject-imageconsul)) (`string: global.image`) - The name of the Docker image (including any tag) for Consul. This is used for proxy service registration, Envoy configuration, etc. - - `namespaceSelector` ((#v-connectinject-namespaceselector)) (`string: ""`) - A [selector](https:// - kubernetes.io/docs/concepts/overview/working-with-objects/labels/) + - `namespaceSelector` ((#v-connectinject-namespaceselector)) (`string: ""`) - A + [selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) for restricting injection to only matching namespaces. By default all namespaces except `kube-system` and `kube-public` will have injection enabled. From 22885a314408eb649d618e65dc07c622e3185390 Mon Sep 17 00:00:00 2001 From: Sabeen Syed Date: Tue, 8 Dec 2020 18:03:39 -0600 Subject: [PATCH 08/20] Update the NIA integration program diagram (#9349) --- .../public/img/nia-integration-program.png | Bin 24913 -> 171673 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/website/public/img/nia-integration-program.png b/website/public/img/nia-integration-program.png index 52ea697fe822c5b8ebad9d31f6d30e55095ffa78..4d6060f49ce3741ecb5108c1d40d7f4c27511afb 100644 GIT binary patch literal 171673 zcmeFZc|6qb_c#7(RSA_))>aZx$&6jvl&ysWW?rt>^}4Qep68tBIp-Qaca&u5_Ob4R zAc*eP&1?4{=o(O=XV?D!xB&fK3IzR?3c$o)tNsJ5}{(4&= zgugKeg8oKk0EE9J;V(%5F!)OnHiYn(B>Yb$3BOp^ky~d0HdIOZ@t6GrA^c_kKnQ;g z`+uroQ|x%-_5X%3zbp|qRXWkdC=wC()Mn!NGoK@;144S&Y0b=nC@&O?zbiT_t)R^Y2>Il^_4E zSRH@-?_$$|&;Ke}UEb6Aufo@{oo4^4S^ZtkAMN~=&L3I)#m*mDc>J}jKf?IycmBxY zuUGyfi@!1Jk1YOAM)c=JywqM+rgoE!7)tO_4#}nTJ(fjWTs+i0-ybTA^!@mNeR^tQ z;u72ZjaZy1EZpCTefq|m=3UeUx6UJaG461F>ZfFW#RN=TGe1f(hn7wVx+5HlwVpkL z>*`YEoV*oDZEwkKQIEur{KZQ!rK+GywU1zXp!O4%-K(cN)o04t+!H`!XPc z%PrZMuxv-dCO6UzdJ$V~ap_ibk~RcQm57*ga(-Uaymh!`0=6-7=KPaQhScsMfuNTS z${{wol%98oe#!WJ?EDf`JkDQrJng+;tA5y6?k#(dr$g%UmZi{C%Wsg-W#8X{sZvCgwJ zFf3~NC{k55CAqZ*d%lKHp0zIyZ*jjgSpAm=)=u48cq{8nFSHXnE1;M#aBEpptfXVH z@KiOf4Eq!_Y6z@7aERk1w(-rqACOq~8?T z)P=3(<_jt&OiM?k_s)PVDHYo~{0R6MJ_)oICV>dx86E!8Msmr*Bbl$~4$FE++SQs+ zaaLgT`+?a&;+}%#!dy9xiPGazjo@a6FBX>yRr|m)0-Uu4>8K)>+7hva$*hZG6Bodo z7{kb=E6^{!BGo?jDl9z1`K}64pZb6)n%^sY2t%OP+Ydq2A5aT20sK+(cbR1#mwDQ!_PUn{m>nQwH*;dRPtYz*SrZb3u}`XSg;kKKs*?u zFB0w|CRs}~BpJ?9vjW|et?3Fr*nY*INiK16e0R$E#eT>l4%qb%E`yHL)hmuv=wz1s z-tDyzZM5rR)~ePQ5%bdJdB>c)a6QOFc!)H+=G}ZLG6W%jq}oj0yUkR`!$gzE6o))r zRbqa)s9nJPG*vOboPhQW+ktMufK#Tsp@Ogh zo&1&0%4EdtWl#R%^SV@l6c?a&ZoKm_Svm+?%-D|#bkVZ<;`P&ZUXfE{C__k{fHxWZDv; z*13jIF1d2Ni1|L?qNcuY=>7g|JI|U-l%PM?#^^+;t*O=6Tu9-DIUj5L3rKj|h9lsP zddm#9D(pw^2I9~PL&7(PjXPALw|2+(X>@L4RkKm}u8MQV_>DIVQNY$(QEeqRVs+*Y z4^4M$jEByCJ;zOb_pX{ay_IKN|sx9?8D;yzJ%&E-X18>c-sm} zU@SEltw$2Knr)0{HWqQ&a0`xS=0=+}s&69}if+(A2Y?4-yY7|0<|1*Qi<&rf$tpoxVq|Kv36F37SdHeF;yD0$oRoI*16@9Xy-@;CI;Zkq2T2EWb*`?GKKN{dRKE1di2JJct`Ce*Eiop13mL1; z9i;q^VK$v$y|SJlAP0ZK!s5M`mm57P;$E)TbQM*Ldp4mJeI=NrRD5f@<^?AAkk59KN3G$rI=o0^>|rpt|Bj z`Yrsf-+fzZ(|OKwJCqo&WQ2LFZ8UrmMU|n7_m-@she%cu8a*&L>-?z>p)-(&u`z6H zCCy-{3BW8wyB)rE0*@Lg-(`HlL`=(=fCImuktb@ zlF4Hap>0s&%Qe+Q*Hflj%r|u z+qbslezW-r*nGgpW*qzkCYlU8V*0(spQ+KVst+?)Y*0GiaYP z_9g&vrf|Ol9H{!>J42QQ>Y=Ij-xG-wNiIVNSpA*uvVrM@D+yCIw!touR3%?NKXr`? zjF|H_9ejHpLQrDr;9a!Ullo1ZBwyaNlFND{hpH6Iw*fEj?3{v$;%*4FJG3E&KhN^| zAbWw=7;-GN+I}m0@rUdV$O2P0 zOe;?L@*@P9hHMHByq^j#DJYz63)}Qp9*SEb7u0i0?xhs+?%B8{@eCJ`2jwMUGdkT- zvlkF>Zz)#lB?vMP-cm&i>y~!^adm4L^nWs$_`jt*nE3osqCx(#aa)@c3U z5hOQ~Y~z%t)XrX2{CisXmWKh;HUUauJB#mdIcW6;q$3uWcriBsPoliELjTwcY_w{$ zN^KZBy*|&|5UST&sMNkXQ1JvXCCbY}@*m2`tVI_#CWi8#tbK&+o!>Etjiy1g?L~=C zwrXckC05|R(XT{0-k!VrH1U2UG@JuBN4UMvmcF5hB6@tfa zIwPQneLe#{fS9^Sj@x{1duzx75LB}+o6u8arAHk+^k=bm&aI@KGQdR`vLJh1>xhQc z!e6P;|Cj0?(8gG`KJfu-v$#a64$feNRap{AjUQO{Zp=1A{Kst9Bkjg(J}!NdUJ65t zHiV8p2TEQ1_}%};#?Z2JGjFJL27FZc2{LG<;`^m}Y{L|6m1a^q5PPZVs+TBLz+N8&AaAV~luog*7V$|nC|Q_K$Yvu6TOr^mH~kW!-z z--135Zr?(O{hvK&?s7X-Rl-NaGpv1CobL4#5E*3vEQBPuvO02SON$5pflqG$PJR?q zOKncaYE34opl$NArVcfhmvL-miU26BAh)a4f&12&uW0bk2Cqv+3)Z+RZmpp0A1hF# z!f42mNGBmJc6ie(*(?6BVoiK25l_i+XWDD2!YDBL2f(E)(JNy^jcNSF&E_B{)S)Wr zGW3rjav=N=6|=XLv_&()WL;xCwS&~80etd!{f~uJnn%C^Sg_+!Y1Bx6je- z@duc%hVAUv&ABMw-iM%Pvwc*P0`E;r26XJ#D7HsS@p)t{u4Gr0ZLj^aX>*TLHrs40 zZL;<}$Wv2ND9g6b5x%Og99MVs)Y<#>pJ4lfd8H@Rxf3E13i#WWcm>`VA}3YjPlT+! z>j_pxv9#TI{n@fV^}6fhhhMkO0@R56MEc5f2Aq@MerEi}t;cuznXbXjT_rXBO%U~? z=H21`--eaV4vGxBlZO}A;fCxV8WvZ#K_25@hZ#3k4u1UD8~zGzZ+lvboK?JQ%T0fk zJ^cIk$Cnpz9c|9aky$oi6p7&M9 zwXweg9)v8;Z7bgNkoMWs2`RgIYBxPb9;})k9h2L$398B1E@!IEWtQ8XmSA9kVua@B zCJLu99r@0o&d)cV=3&<-#YBACMT?=#Ot&&E=eDrll5++&3Fonu#*;bG8!9d|FZT*(CJ?eu6w9 zp1OT0aY%Xh3N?%tX}D=>sXs(gTibr_+p}Xh`>XvSQI&Ppt08QsqPGk{?3RRjsmZ46 ztznWsidX3KOwt!qR=_gV-}X|tP4ZS`dj(fxFFd8Q|B(Fx_p;L=dt5|8Z2ovUuHf^g z;X!42TaKpe?J-n?`|GnhQT5=bR%C!7EmPx=zTsQP`OI^H@X$przsjP8p74U4e3M?Y zkM&#P>hjyP;<5l{17hJ~I481W zz0H$?)apD0T`qpJ=_cBFpP3$C#I9TPh3jjCb)=>89 zbzA2qVqCv(`be9Cd!I;aDTRwX!~r$Wnwu6zRVbExo~g0PQumD4TavmgzU7cc)WOgk zq;}0|p4wQ9_<0<9$*8T$e4IRiOYcPsl_nGi_1bRk&I88134k9@_Nf`=Ol#GYI`V#J zQuXG>p}R|0au#iR-EX&*tsy(5VuoW@2&xsnd;{&+4+1v_Mc+_-Z>8W45znwSU0$ zS)o?y9jzi?7ZEvjhKRwCP(rj=AC{3{RDBB+lt71;DI9%j7m z$0gTmu95GFy{wt@g=e(3s-Q)g{elnG(@5dwQT8wP?}TCu_sLjFvGMKv;v#V7uqR2& z)}yd*O=?I@}NI$*BN)o_@(<{T`ot`ECQcGYtom?WYMCgudr39fh=`&hEdy&MO$}s$<3%qIwAMd zP$5y#7w(-G*qbSiV+vec;J+4G++QL|en8!i;%~XZW?AHu@T-+xD%Kh|)zOa41K2Ee zeoLe2bZ@C1+v&;UlwySkD8ffH?6NLA7Q|O?kRqP!E_A!A0+sTvsUAKRFf9jM#x-hN z%tLG|H03?*SFoGPC3aY==?^&`BH**9@=xHj6&Dy4MJbn8i)0@Z7)IahCMP~)> zL^`3i&L{%@G_9IeTm;d-n6X5Xz-C{G?Cwbfg(&dSrP(r-$0jm)=NCIkbtsndlQjTT zJ;=LgQPurL()sp4CY8vN;|6yi=!2Xi-qey?Iih-ZnAUZ_M^mjGWCEUvkbVuFZ=@$V zENMl>pU0*HxV%z>wzLFGmPyZ4`QShtE7T8`6}Vj%Qi*z))t*i>H7;d=L>sAnFMuHC z4A!Qwdr^)sHiOx|Q1)CF&bwk~aADWrvA>_k;>^WfGz?m#wjh^}19kNS4rgr9fxKU2!oXg~V6+qZ?VR zZmnWL$6=i^?F2RfWB=1yi??3dPL2lfJdiMjVy-{a(woXwLfBOI`H;m!s*m6{qS4@ zJ|^DrPDf1A-AfwQJ^Mo86(;h&5~l|D6GpTZ=kG|G(OFlSxSl-A*1gnNI>lxuEJg!m zt_^a>KXO~pdCm9yI-&yAbq2@Y)m*Y-KRqrrLwNmR8^n=z_(@bapMsHGo2g+NT|c%D zFlE6*RvS5*2ghZKN<8TA*1+Iz=$Vl8y#SfHPsA%whNx{Z#GQp->l$#ik_rySIL z;Q9A~h0Aw$6t6H$-|p^VxhMw3e*Hfq>icGz*I$#Yn)+3G2?taHBb61x#0oDu3gX5Ks(Z%_JJeY9CCo= z*u40fTR7T03}!lZrg-N8Bo0_{dz7{_d4`;RyO-(WWk`4B%(P-ysMwd88R9^-!P?V_@o8z7rGrRN_vV-wlSZpX z(l8;-^G*@)W=D~wqnuz#?F;yNo%hl!ea7+E(1oedldQ;q$_+>GVU55UY7B(AGt9-! zD(`hTB3WWE{5raDpVm@X*96;kn=2U42IUo)`?5!YpfwWsV74!TPn z(@w?Ppb=f#4t%&oqJwn~W#gEQjhmXtq@S0ZH7D2Dq+Z<3kJG|6EcnAg*zH>LUgVjY zqCI*N`Vq1(i39{Jf=UxmLKl)p(@oHYr{3Ij`TWizV0tv&{>H|mVt z*r#mwg(;)sP)oeAGkW!H;_Oo)LiWtfkt|_szcBV$CkJ6xu;$|TA+tjV88VV4jN)eF zib8pkE(&Q&iZZdp2cM)r^rksijETu?Oc5D*)tBX77>4|$Z=Uw}!<|s)tvmZ?gL1;G z)vQ?VRTi4I2jPuV{M}r%(M2)`dh#X`Z!l~#olQ(E@#o6VUzRoaq9~=3RXuyC&$-QI zp~*`v>wQGsx)pk6Vdz*;hCTR;d*Bsgwn2D)I98ypGCXPbbjWcKf`04^Tg-?j6R`cJ z0y-S$n343OMl0V?o(clQ2|+8Kh8M36LXUUEsStz1CJOmTwaqf62gr=l#(oag-?L2k zk&FXaKZel4clGO566@o%Uw*oj5UGGSqxy(|Q#f{~o8_Dps7ll}k2GOo?O>f?5MROp z%V>WIimwHHV~!Q0*sh>{b)3wO!8~tVd_&(9fxy@3RoqWUpU1wWcv#{NBOZfT17T zbqWU}FIQ!U=`zpsV0v9D*^~vTleMECTS?1Hcmx%cKGVPRAjQ!o`*k{9u`j$W%Dk%z zb^1S-EdzqT*kNQk?iiR%i^eOdFo~-q7_ncaqP+ZEKbC_FNq@1Bw7!Oz738`4VlQMG z=cPh4T_{N*Rd>W8ZV7YUWk%xg1ibHaqC%bywK;K_mMRjBf6o0`WvX1ocu?!LU}}^K z+L2HvE{J3ItIT#^Oa|Kje2?7OeJ{Ci&ZInhoQ8nkt(``0+(y91Jtw9xdcg&Eg}Ibm z+yIY9$Oik38F&d-vps{;Dv?1Sg&x0An0>HpG`*|POV|3E3Sd9E*Z?265ki9Pq5^1( zG8tuuEvDl$>UJ_=&K*XY7v%@|!9&TaT4D9;;|`WC7efSFQ>ZCSyFS$opCI6q=_^qw z@R#r%kfuNo8b(Yp;1`1zFXw2Z9V_c!!iU|L%@>e}y+^sB%%i?xE(@zF3s=tWX~^(} z!+SJ&zM&rasOzmhAhQfq`i(jTZ>%2D+~5!%N_T@7fYitCpbMQm!TvM7LY`s$Do`fH zhmdZDSHPBF+IRL_g&Jiuw)qkZ)k`MQ9ju#6Y#*aVzq8OHwd>c7PrMJ$P@|@SnZg@f zZRA)#h);LLE&^44PVv$uUaQ>o#=+W5jdB^vOxia}s&iJOO)B(Nszk9(^&}DS_q>HV zR!3-nge$*>E^T;jD9?9;MnzsnYoJAaDW-X-_6z}je{@|Y{7mm=3I9SHhGI@A*ao1~tiDnGa^xD(1#f7IVu$Hy2cIQ4bc+;od@aa~D~jM+JC?Ydfv!KA{eVdorc!mJtrtL9*8;dk6%) zI=|`>Ovrl6wevw~YSemF<^}5Vd|&KU-$IUQv4eH&Zs>9f|1K1Z58QhS$jas>IoPLL zy5uOpWz0QGsnEy*)tgxF2H?ghvonF1_bkkmtj5SpJ$B@gwvkX>ra6cNYh_Os0z1FV zcIFe_NJop zJ^-T4yJLx^;^z|4dg(`gcJEc|IFVTRB|W)ec6VHcXOpB2llM=XySX3q-psS|yR>Aw z28(gr;OHv&H1cGxNoIkx&cRdxLqpZP)JuY0_m0LtkwCIVhIrA%0Kxoxcj+?{_Oe zH_j1_Z;z9z&HtHUX6WoPDhAIxj1+L5P_U)bb5(_;;4T$A#}t&aG-O4`1Ogkup`z^d`?@({i0u~6E57EN7jxtx|{SzX`Z0n zkaz*-4cV%DNj4Y5*bz&;4pt|E<^264B^_qUW^#JxLw=B{mMhYa{Q$IuVg?|Nag<4a z?IwEkuy1f<_s~Ekh*xbaNHQ+P*}UYqr9EQ){5D;h+S^!`bnI>>7B-4q%ICpw5x`_h zSU=&5r;1OuYUdPegpP@uNh-!Ra})jFgxscClC{7b@v1{ZnhlvaW$^^zFt zmvHa=j1#!-?$4CqVOxiB7q)gY)^qQ;?ho8?bU$|7AI>8939y3EA7@Yh5J!~@jBJo?WY^1ZZv-b=7{d64cVh%A6Lu_!s41}=X zVzicneU4!wJ|9Htm;nMqx)Zx=2}6}gAhGu(YvbO z;4X1T@-j3cLP{!J{i)@7*9YFlgF~kZ6Y%|&Hs^yz$#s$-dO)Z%@C)~s8J^cRSDKFU z29apxlV0g_gB(?R^}05xG;T65mr%jjp)>_JKRddaGk)Do2#Af8fRc}ty@_TG!y~X)`Y?5Mjc^qzJgS9I~-Hb^3N7VZ*TBH+1bx8Oe{Y}e6+uNjtM1fwK!3j{7;<&_lnOD}$% zu@T4??zk_EV)2MHpfsG}>H z{WcUtf?Ck9+p6jY92XbHwr#&mb7pr3?Wn#0f^=02UFZ_%U=8XAw3S~|h8d$*Z}!*Y zzVF)xy{rWMY;`DXb!fDkCaGT`UL+_D&fCc4w_DLwm$fy~O4Aai8KIrt7aV8tJ-yh8 z5k5Uyy7q0V3)yMga1IB9VtT-S0K6_qtggQIa)g)n>(^(go9gPW_mu}qxQu*RU=UrL z7bZ)7!f=|>Zg~XY4vVh)0yi~&$#tRp7$TAW0fhnOpT|Xzy40LXSH%fY+ATYFdQ9?v zXTHdC&!o1Xm3&isJgXlBN2XjgbYZqDFK!hdr(XL0wHr8;_HIS@tb5YoNA=nYG+{0) z4N6avhG|FZy5xJOic<2&^VsZN=R&4>3zEk1l5K?|pc*J2cdvn7TCfRi`|Vpjr!+Zj zpbFDMK0f^A%QipT=A%^LT%w59*6%P7cdO}Cckt@qMAKc$wKiTHy8_m5eW68iy)QpS zmImrly%5x(9j@bk4X8*8xcf9pT_(n2O748nxOjT3XDzGC-u<&+X_evZ)^*~)w9Lh*wdr=ZI``!15|3i%3&${mF2W11u1FEATrci5*J^cEfheG>Cx zy~WZlJNJnNipc4}IaaYBBO~q2x21{w)uBzJpBER4M1T`YP+H4eRG%*Q=9I7+%=+@> zDU8?DB1Ze{Q#z_EQdW5(O$qtq%pH3v97Q<3!L7iClVZ%UmvE!f#W6ZAj3k8u*g%b3xQ-22q1=;UzrZ6-^pbn0b)CBD6>eiQ+QHC8H(n4asTpUVOD`ON5t!!sG78 z*qTb~)8mVi*UB(Sv1g@O>BTk4omwC>>`obGVYZ&?Dw)ocR%rkaY%NaVDBfxU&Ud+#|{zr9_-yPng~EN0kR4yc?J7IU(jAJ58aVo^?N^m-Z? z5RiK-Q9M$Kfokq^(>>0EBM$>P-9Gh%SO#3QTK;T{dSXqrkXK`anSjPv_ne@V4Zh*) zwR!6dR8bVYA{HI2VbNjC1D>0^}`8WqEE?2&Ho?=q)2-RiOL$5&_9U9*{07 ztrd~yZ@xgaqEjHQ(p8|w5A%XG{8Wx;z?L`*x0=!e%8|64fKLkm2t=!IArS0>rtb^B zlgsb8b0w-4s1E7vK*W^x&WBNh{~<`XcrU=8c<3+!^BN$um% zsoUfm4X*Y!?t}5?#8{vodM~`A-R+i0~+- zIHbK_A}~TKlKpl-K&08)_BK#kf`ZL)4rG0lQ_1i^eiaDT40KSZW{Ix#WMJj%l78%vGblJq zQHZk+RVOdHX_Sc>i0^1?!=c5eZ$3&PwZ~;6=B4xf#S&*{UZ+gt&NpSg4tFJ}zZQIi zD|qiXpx+PT z>F{ig?2YD&dtx~;?aKeoDx6I?~j(#9^O^< z;rMzSC{A1+20YCS5U_-szygn5!gRupP#NDwie%zuCL@pOjqe z$r_&u`KAqd*a0FO<+L1@5aq-jX?}Nk?$?(cfXlt0=VWK^?(IKpPW$df9=okl+`ZUX zBUz(D^d1Y>OmVOlV)BE-HKIUGqO52z zqpq&RN{YA;H!19@NjPp?vQB=Su7U3k2JTQBK3UpFc6O4o9gbI}flP&}4Q9cDBv-p> z&z*4wArTl5J%>aA2aAzTJ}{}cM55Y5KY6kIW5W?j3AZDb>U|h{MM3&7w={rwBJ|dg z-{QI5!!D=wKX3<}2?SHN(>I<99VnztY8p~oYfw;omv21#I_S>Ug|945aj=S6jQqGtVcJMnysdh* zXu`cDz-@SLN3k9i1xRfF*i1+DcAt;+b=%7;Bh4>{nWn^j`rx~Mh7zf+^5a^#!P1{P zSVx}7*8`^1zTIoIZnYv;-Qmgx+3^R3MG!FEg&WrjODKC<$U1B)keUD(^P{uOptT`E zK^M0H4t;5*mT<)hXJ8h23>ED5_9-9 z(RX;YC;qyujGS9qdTuH-sj!g) z)*r`pYwaN5#Wn~`7U)rDC_SS%Ye288rJYj7^QT@dP9$?4hCX{%>RPAYAu6Xm0lY;8 z7>t1eY)n& zAU!+tfo4dp&47|?S^OeoxSbADD0P^P>+2iNKQV}YZy_}sCn!Z;QiHkDO>&DXa0g|z zKgCK4o1UOnaD5%Dt$+Jp@dpdD3R9h0mHRgsmn8@f;kD6@NYGSOlRN>c-Gxboak|!u zOLpKERFXQSs{_&`$hZz;X}N%?@)HX4>NT4j3_O;vKjFVp7gc-$^kO-lTxePSsoe0X zc~p@L0WxXX04eS!v?T~1vVjtIbKf8O9Uo4JcH$PjkX4xAu)MyCiQ;f0k2E%Ez%KNm zk-fM_;r^l7*dL{baFkYtSe;yZp2C5Yl3N+s*XK)2au?(7o9!v25lAFz-;9=NX=}Ou z!X~Tr#JKRDaASn4gN^syDwx0%Gh*H$HQp|+cSv50V>VhwIrecjzKBTxxyP8&6`TmD z8PUex-vy=0SAN9u)kL2?B)D=?2cuZ7P4I;gGGSPD)XT@p9udMH$wXeP`NpJ@d+WJ>TzqtJ%>Z9Ry$1QD z`dYS=)mZ@rK3Vo_7{wIjyN&UYoLRxBt)g50I^6*t1MNQl1xd^J5 zT7ULpa(Qh!*Oks|?5f3uq=)5?L>@oNzM4*GwN?3v`zC~@v^wr4Xqv2CZ)r%?%BGZn zm~7##{a)Qy(4uG7^LIeM#KPPM`Ui6`@5#gYemNbwgvB5%<`BVG4ZWHh;?~cHsY!86 zi;V`K7nmxN5h*n9xKN2MUbZcDDSAP{%8wefOBPDhnx!3izB8|`fX11w!xHJLx0HK- zg*^=3-rd#ZJSdNFA<(!>Uz{C?mE~kK#a#osee;G3v*d}921s03STNTg9<^Dn@R??3 zccM&y9m}bSZ z2C#)!rhbltV+0=K31aP9gaHLgqC00pDdf*bgQK#Vf{S`%oxK>bwFV?h)6wQ0sqEo& zCAaC|u+X4G^-!j(|EmbmxtU?E_0Bf9J*k(HWAUud3VyqRkg}U#^Yq+7er6g8xaY&F z(hIQVS>^RAgyh_hX|sMukSz}&R+fMK*a7N9u()z^iGQd$Cx>`3@9?v8O=kLfJ@=A+ zjy%>}#jIBPv9RUcio1uJCn7y}(=0B6fO_>boqs?8xJG)T5dJW9IW;n3!wy2ztslyR zGZ|I&Ds2Z^jSO>qC24#4wa<8k+=ZppGP>V(3+q#K zGi6QYXtw>1s`T}lY?I2@u!G($=H}$~%%cLB?XNhmObY8TBJX-W@hLr@u4!lR<&E0t z!N@kjj8)&1y6^@aBel_ILX>>bWubhkp__3$Phc1H<6h-x-P~w~m- zleDNc)HEnvv@^$Xy3Nrh+|Iv#EW$3&pDefIauv#DDpdYzszO;Sf7IPzb{%@rcgUoD zZ(v$Qrwl#>Iz&!iS$?JFs;zBslf~p*wvMNR@?;7_;8bR{t;$%&3QOrdMYNr}p?;$N z-r``qjG<@zjYb2kEuR+dKvui%NW54IL1n6lgzG9ocJ{<@f}ndlYH0zGk0{aUYI+89dn1q-%lFO+6TT}*tm z=_CW)P^t+ZKPrNHxx}Xxva{X#%F5Mm+o81k@3HvwdYFje9YR&-PfTr`TPT~T-I{l( zw)AuGUB}5ZikB<^L2Q*3sSR2gW)kHo?$?;v9fM2LXTO4)r>JwJ_6Gt!n6?mQ=LeYI zImW?#IT;brD=pUsPd;RIJM^H%O?#ykrztc!&{!NkEtDNJFYW21sQe&yyp_#-dD69b zDsOflWV(YQB4t3Zm5`lHPBaXh4s$anL2&NxK{A$?H%J5ejpu${4Gc8uHGOY4JBFjK#=cOHAmd$7uh%z?OJx;1YT= z!_8X}r>`!3h|!JF=;q4=E6br67kN_W`60S+*6TsSZD|&cSFh3Y*eFM`-EXt45`=!d zI);dlj!t&zSNJ*bz!+(n;&@MC&dj2*xSz?aU(YOD6n3yNes$Yrri8P_Oa7sBygHm- zNuxRBtHxIv*aR`Bl3jjn_CEaDF3}oOw5PGV5UqHk-#?w&$gjmMX0uz*52|RrR}Bz( z`48otS|20*>eK>f%3{32_rcV(uch5zGrhbf0JoZ0W)LiPOC;Vbet|+s!%SbKaN&=* zsl<9iFvmaPjoQh-5~Xoev!P>r!na7sgmA^2TN7l5C7@mfy9JupL4s(B6|0NtB#GRy z``nNFbA^P3giuRo6|iw+g8v*iC(`lEoe^~Wf$KlY>huf5Ayd^%(hS#nV~#tqr_Tt( z*WRs4&*f$S4rr88q88xXpEYbFMF^1~)Jb2=u1C-P`gNI2>2RtKwJmuQ?TGyosX*nb zEbn#UYx;e(^2wB>+&0DqP? zYS3jTRR>17%wj+xdB!b20fa1`=vBd!(xk>Wg05Mh7C#`&P4z(R;BJ+(xvdXTS~HG4 z9Zw!_+id0AK=(oCVmGL1`I@SL<5D0Yh*`r%NBgFII!GzCmoGnAcgTrDZ7T=>C%bGb zK{A`jL8%hyP5QAkQ#zSo1F3D@?KDB_4H;Hk3c+q|>I=U2T`^0(rH}TSXco^AYxt65 z{V`wVG*%^zzw;$qF7a_nJ`0X}kBW>OYGaj83>zHEc;;e>H=0&ln`!eJedT@>icthr zE_aKOrxaI9uyS&C#!w7Na&`bj<;LFLX%2IDKqadJTnFa92U335_3k;5Qpy&YD^tEL zof99snrjeO$Y4FqG8~s7aO~VQl~#V!r#=GANGn3CWO< z-zreCb`&P;ohyiz)S$Um%Uu>&g4j;)3YYQ(jmXXA2 zb(#;}Kkn}6G*+2ooq=d?{{eaU%W(&JbFF;^jKN8)q_KB6^;0<4`j}d{mS^ZfV_Vze zk{TvkWACtynCt3NKE3p^m%+ut!mI3}u1?nC&lNYm4{_P(9}72}TC2IYEc0bb}q1U;rmp$40?n^-yU zhIAOIW4)2-z>*8iy-@6+3<|rtP@`}`GiVnR5ODyfl6Vz3EhFWQ?|BWx7E-N2!;R`Y!)J0bG__+v~z;)li_o8hkoihfd6vC1M zSO)!s1aE&LlO~U8wvSqGgU(sb4$9MbbG9#8VP#9_t|#H?^WJXcW#$&|{Afj@B}n(y z9_`q%!e$pNXLiP)K{L5)4rIVT?mp8Ujn9e^>npMn(s0o;>UdE(Xd$8MsHuHGWhZ~X z%n*lZaFusN*1tODo1E~VTVEI1b_lev0rB3svXG)=1`y9sS7 zZ}>i*fHt#vzzlnbt3T%A&KS##+}-{rN`f$HcVyxF_Z!mLW=)h+bEvs9{bwq*^cLhg zcpPoHzTaCRN+r6Q%XzxBt}>#RMfrnIw}_^9EalQ&nam5jr&Dg# z>bUeZU^d0;5q(Ne_iC0N$ee1E#IB?h!X5lr733@K>&O1Ho8JGso4y~(RcAnp)EVn^ zS2J*gAU)s(m*R=i42LYpZ5$Iow%u;21gb#+tg|`g4an8Tw$!TiBP)^Q29+Crm8h#Pn)3i~8*rg! zyLD5*naHWmiLqN1s5X}ZN*TgorN1R?X(h-9d{;n&6S^GtbHZesOf(U0zv`OBR-f)XQr=K<{-PB=DS>QkVG(0D{i}@pVo~K&bE{dr>uEIQPYl?^1b0;?o3rs1 z`}6CR=v}~RHA?8@+|l{((|DN9y9~;akKczBSvdEP>itRNle7)8obFb9Beqg<#LZ0J zU^0Im1R_md+hQwIm-!-IPQl`{yzYnP(U0U+P|1^oS^1B?H1!q9CVR$nvNh208g~+2 zWn1pLZ+1xUVbUl#jkr{kV;!=-M-`JA72!+UTyv1d=lke`NMB#raS-a7Dru!Y?$+gF z^6btnj2UA=%yZSKt|wWvM5c~!L(bpMdNa!!l2iZxBU^7)mC!j7y+0m59t;j5^AlU+ zOnTkZEX>kvTJ93}b>%rY9zvA!eKzB`Ym{bP|8o4}yiIPWQG4r%R0_sV_BNtYr8Vl~ zYB9Idz@8QQK0J_?a<$FyL8F*3!cN| z@km)U3ub)~LB0-}7DdCyL@y9#rq{oK=&4+sG9B`592V+yliPk-T&8%l5$yBdIML6d z1pFi$vVLu%wfZc@K= z?x_vQg!J)*SUEc6u{DYBrAwunPNTOPjkRY{hVXC*YM+AaJ~{aIRCEYFC(AzyR%fMl zA8E3tHZ?n!8(NP)*GmVXj#HTtXw~JuDGhKL^-GX-a{Fw?S#D=Yum84P>l+mmWEQV;$e#-mz>ZMXJ8Nnz3HH z-kt0_b`%tv=?yOpv@^O#$!T=z53_Qxb^UUG4MA;)1N=Rgm{oYR)Xcg41l`Ci?|QYF z-$@0g{bwG3wO)O{@znDa(}O=<>NHx696falpZQ)jE_%s1-^sR9K02~>I#Vu^J~qHi z%X;qfbKyN9(xh{=sx-8>3v@dFH$Hne)P6C}!8+50z=lw;;=k@8&%!I;HNX_;zxQnZ zwcMmmPDD|?|2fbz;S^WazN#J_j6J)+?~-Ff$MoPvN5Qko7=j$?8oz4lQF+CUB&YUL5la7>A-J0XKj7?gcuyIg4>-r1 zj_>BR?p9tCbSqz2J8rF&w%YpoziZ2ku;nbxj9oSU5LRvshr64$@6RAxB?r7VL386i z?ruJ08Qh*Y@%>q>5=)EY+H6fmK}{-Y!qzTWK;$ZnrZUC?Fz*cj_x^kyiWX7>V@b3a?Fal95dBm+FL zh|AKOD$K(C3sS}z&|RDX)JA&#CxVWio*y=f6zD={n&)6%e?AGnRJJ@1YBbd?HxLL! zIm{mCm|zl{`+(%g0F}YG0jJ^zj3Lu*=n3e7P96cL9Y|l^PU&`ZHsOEo7NoUPGSK`>AeT}j-aF(z$$2n`oM7- z%|~&|FB8STspiof?5h2mH&pyE7e0DFFR|1gHoOu6Jp{z01ugj^X%o$IZfAYqfYRTM3U8_*^4F(75 zI1!F^^|M@G#zI?ylr8lhi1r^lD5||tKmF)Bl`!q~b3ep(cYk(Jj$%(S0&^<}K2pU; zR!1!-wBK~3tJN6pGi+lxZWd1Go!SS=L-gTc699m=989_S1c1kb8Wzo#;qf&oZjXlE z3P+dJr@v$?@a6jSj8ACZcn4$`1$v4+>wUS&xe}-K?@7ZDAx3ij@`zOoWctcH826c9%W4@et0oBdRl<7rY7sUm>0Q3p0+rKK4pB~C zK^H0yfYQIF0_Bu2>=ihP74P|C+<1H01AwGwR}Rpw9Yn~3B-0!8ntHmFC{6iNc7s!) zkjH83jL6&TOOwacw0fWK9CtEPRWo7keb#1opdwUJq2kX=BA3p;wri%ceiw0EU~(H;C5!s62EBY?47WpI}YmJ@C+A8GI4kRJNX zOC|o`Q0QY8O3nvCSU+!XO>hKV8!ft6Lwfyeo38dg>%uFfCX0Torj;=PAMf0Cfq*}T z;78jg>F7aa0T(2#%<;q1f~%$csw-z}w`FMArcN>i{?Ot{+2s|YrlHr)H~4-8e?L@# zY46yw(UbIskw#&Gi&-IRB~d4hva8kfjLm0hVoB8+>s;HQc~CzEg*H;w{0nK8P!lPq z!3)iG56mpK4TD2+fNd`=RZW|yCjE(AyrCAk!A?#4jJj8r5UR?OG;sy)+cX13?8ZQ*6{yb7kGAAqE8)|Ms%G5UN>2=gf|w?nY_M(3Tx@jM zz3}U>{O;E*j`;bQUe6Gscc=oLDg{l`z%IVe-q8C5VY(%FlSHCUr)W{Y1T&Dnd(7+DSkvF7D})8Yj_{seCTxmhT}u@5|q) zmNSI@mUu<`Y2yAq^2BS;bQK9nb$-q3Y%uFn+i$u%Q|D|cl194Qmppv6Wq6Xfayc+N zca83N>SgSN7SnwL(Ew2C_o;>_yAh-)^M#z4WtGT!jm*^*p6TUc;?JS@snE7pu_;^Z2hBUL@?EVhFD^RK zV+u@kipQ3eF5Pn*&M)vEcXoGot2SO_w2S~r#bKqZ-FOWRjpsUAPvSfV z&}+lM;1KPcG2mg`fwm59NfTznzr>yM+;#d@Q~)lFR>9YLm|qHCrQpzcY;I4VY>@Fw z)%veQ4;2 zp(e>v?UyAz_Bar8M_+=-gzaYAFTo`|#}NxxiH-QMfOf0IptZo7hUM+7)DB;Ie*$5= zD4b9}{=wb(4a~Z? zs#3GXP8Ac+kls(83j8Bm=-5xOxc)L%6a4~Y0(7qs;097#7f2olYh|Nf^8s9fsyhDZ zeTGJR9y*FPisn`S=2Ng%L7A@tnMkAWTF zlchAZWke_R$i$fiI8}}I`%i#V^;qEXWwGxrsHBYOU!=f(0gm$#tu8ZIeg>>z+s|xn z&ij~f5^r1h>2dt?{zulOVW$NugE}*wlh;h}9hdT;1LP|=J^jLM-ISM|I6A&D%y1^* z#dBW>QOEc3V?zT;fEi+hc5Mt>QbG>b=$`PE78NC5?(_rlu~h?qS$s18{zi1;RZVPc zZ2m9E`5{Rv<^Mtn#euOaG|0Kd%Amhb*~H`V*WynjsKJ%vQpjXbMcN8t;mmdNgq0Ei zHUh4h?MW~VIJKG$wYpiM=N<*}GVsWz)xQw}w%_Q6=Hj}&QJBU{ezl41GvIhIh`yl< zdjM-0vai~5yPCK>gGG-md-Y*FZ$15b6)C-}fp#IO4$d({!5z9);iWWT_~svsKVG4UXV|{&TOx z$Fsj6Fl`LLC@%GG;qM1qtDES>tPE05hZy3F9BGIJ1+R^MGc7wU)jg+!;a`9c{rR6;+f44yH)XV)afK3R$|nD%r1=^ke#0U)>^ z9TA`Cv0S4EfNn)4B`DfY(>nG;KkDRH~C zLln6n4VtnIg4bBjx^I-XdS5iYU8|q~p z^$~?F1T&0CB60drZal+IjLsW6%7pSgaVpsq7N!?V&RL=Vmt&ClNoZU_o@Pd2_%4)L z(}h#vta`^qtDU&F13jEe{duM5&pr*h#tU)D;Mljq558cx?ZuK!xyq0nl@!`HWLa2V z#>4dMS=U%sBnbLC^%9v}$*2XrJCxlClFSsoZo^+bWfaJIO?m8g;IDfAP?CJj^Cw(e zz^(nT*+P{)XO_h8OD10-nQWukD;~uj9wGK$!XIW8HzC_qsF`TDSax$2O*$o&d=eTm zaehkG5t*9F=;Bl@VYAl&A^AqLeX*d$k$*GA-zg(jV%RhbGrFhj%4lywzZ+Z2ZR|>` z@hiqr4feY*c56ynD;#51zq7-GkW#s;jNrk7eN_ssV5Up(zRAhRymq?V*8M8!zjBGY z(msRiS%eQMbJ2Y>Wu+6I3oI=b)vUh^g{sbBR64a=9IZgB!$F5x%PN2-?8%pxGNR|$ z-Zb-kPWy{(*u-oVI>p15eZTm0bNk_o5adCBV;O!Vn_jic_5^1tQ!l}PynJgod+ zt;NTd##_9(WF_z4VOf$vM8n%glNl|yT!V6dAPU^+7<1GoHy~qy4+8e92uT8p!Huqm zYoar7Q%Ep+v_dZdJ~s3p{?!^#zfiL#?X(j0v1ar&&|zIT+TgLU*d`b6mbveUTn&bl zaj5 z@0W$n*NHp~br1-LjIAL2w|2@vK!={LslKPTwr4)pD=hEW{E}@A9y83O@Rb}b18Wu# z9{hp;2p49tg-y-T2# zp=1!4pKr=QVPj(;p<^szu!=of}VKWWXoM${qtx> zSLjvs&b?xTt-vUFq71Nm&P~5tR#p4G&0Sq%OEKho4d{$hKaN?1T4KW<{4;tjf#w@X z*A8%I24c6~&FEf=*oZOOQ7b@0UxIPLwovrXSU=rqAjRDfHSC0fq3}t=y$7?+4D_%= z6=7%JptrA)g4ng<4a=X&?=}CxxAj1wg8snU7gkogn^#We{NXhPUS70d+|pma1vP(* z9e)JYwk`TO-2P%3+%_DCnN!iS7|oVTRHK>e zl5(sc*%0wn7NPcYxzu%PuC5HFx;LFK2du4%FaS|D-TU_0>Z31u_Y)Ws#?kQzVCH9c zAh1z7l*Ja|Evd(DWq4%VujCbqCMH(SoXd#jv!m6!%ZES|A-K?lcdiW&fJ4rAM`J*E zB^6i2*9?aRgDXtqqh)2)f>X0)f)DHb7e)t527t$sz-u6bIM;Z2QG?@rpQjpveNQPA z(OS9@U6k*{`S7>|?L*A!oyTl;hr4x40~dP>%D{^f$sV;i7?V1yd5`VSSI(~r3^|9v$;D?JCwqEKNOF~LfwEXeYGob{IWyx*>sK61ulj zK9(y^wYxdWUX5D0yI1Xu9#MxeLHmTSwWOS#i<{Uv2=Mq`JRWqnZvY5XvZkAQ*z$ZLH@P$*&HvK<<#saWB5rDX%F>mW<@>HX9wUh=*? zl`Y?q3ALs?QFZ#E9H}{J1ZMH{J7MCf6G=PGD^);-@N1(Dp*6&C6B4ZF2PRE zmoceD|9V+KUag^L24;CKrlubPo%rfi2^F&(Xq?&vkoRCU{D)~sFE43E-u-c$gI-Cf z(itO1VTa01;T~S8t-YvU<;Bp-LTp?S*F@ZNaE4AvUG~@rL*ee*F;=RD=QltMB5cCW z?^W1|o&}S@2}B#l4v^^FJFs^b?0vd7*ueB+qqwgD2-j@rLufiRp0G=D`ke`!f2nx# zlThI(P+f9A@f+keQzV+Y8SOsA^c|yJMp%<9BSK$+aqUM0^MK+!qG06=qhMQnh;#Z1 z#b~TAzuulpfALZ2uM8QZuP0bxp~-#Pd4HvnEL7{qryBpZi2WdtFf3D+n97~40L#pG@mqC5&%_{T{j2dm7B?os7=K3`hpW_tzIgA-+z#MgcHuHz0b#IlvPz_9r0N37R5&J z5wtQOVZ}AJso9B!9UNDKI%5{NtWZ2TjNRGOe@=u+*$KtZVF2UyMb)Brm}(yEGCc>G zu3W|Dkhr&lJjP=?kOaQo_-8pf?Yte-pxvV#fOt==0=m2XKrW04SQPN-#aEGD)q?mu- zZ1EH01>0fzNLR)kE)ivTHC*hI*cuJ9YnL!ft_QTdg47~y9mo=7 z+(8`bC6=XG2@q=HMA`jz8KIC$(pIGw1izJ(#m$chuAjY}j}f`^w4=s=1*{Q~!s$~s zITC8+-cGfchu91nVkddmIK+k1k8OviQx)w=c~LBMlBK^QmpBsJ6|H97-Wl|y%M_~= z%nJzp8^Fe}aB#(3YZzYWms9>_DIh78&{4bcbE^FM&Ti^`nlA-%j`&Bj*p&}j5%&Cl zdcsF+Ui-C}xCT4#hds^LVXS5ro; z5DkE(F9{tT#w+<8o!FdxDI+2J1n@pUe`=_$eU@KN<+B_$m=-D0+Zvqs?;Q1BG9UnO z#e%?&ux^86$SWc~nHOMyw@si{%SNTpEf7p%mMd=DLKID;HRYq6#Z%{PXop9EY& zFzNIlWg8_ueL2f!y{Z^%u7{Xw?O1CkC2XP&N__wY=2VRW^;~}&L5nBcJ@Z4-C%x*a zc-u5tRFyZIi-T!rFMysO42x*M8GEC;lt!I!05DN~+w%AT>tAQA^bMrBN$@Y3IA|-I zJ(0g+LalB;K&@t6_W`q$;SJ_|087V~kNG8Vo%jZ+r{XRSalWw@+`h2r)SPwdt0rX+ zN6J)X&z|#NJAv%xom$}~i9Me|73>0XLsZPk?DpjRZt?jJ(#T{E0GjgA8lgpWl=Pt> zxQAo;tm(SNaLdJ@-fg)9+2#yH_1c+$(zO4(v|@T^)0aZ@`bCRHLV^qxWEmSt?Cy05 zJV5AwL=V6H^IiQ|H2HDHiT{R{PJ3B1;fSZ5&?tbrQl46b0ufDK);p-`H&Fa&F+G@a zW`Z=_0ToK#zr#SZ=)f>UZxeU)N4^_Qpy7jcKV>k34@Rg-k?2(#@I@zDHhGB@(|nhu zZ^7FQ(Kz%P^#}8pbQFkwTMsF}X@Q3StgD&nOd7DHP>?Q@^ z(hCa+>QDCuTKNyhvR3R(8AgPv_t=qEJNkv;g>=p)IGgD(m)OF zvws0*+uVb9Ld^jc255E9e+NBCGFwKNyM`t`#Jrx@kU1BNDy%8vZkUe&(Kj1Vb13G3 zShaujBr8dLKkr`f7PsI$r=C1|Y4v!ANC=ZGWk=NSpy_8_oTx)-wt!7$w&K|4=j=bp zozQo)0Ag{d22A?{j&MG)se$gpiD0RLAj))ak@F5l6N|&<$habakcEQf<>jbDRYUO! z__WI$oDdP&_2O|ybiaY;Sg1()D8Kg`o+W{{R;n6sqszb%A@w8fCdGg5QouNPfU@v< zw2V;K7e|LG9AL>>3LwZDb*B0TTC?i|EIS<=10&4h`?>GAS2(-|?odG&L?+xg>rCVj z7)Vrl*l)gXOfdd?CET_jf;m+7N=@f$fo8Z+?31#WW(krsE3It8#g+6|4i3k0ex_UV za~_(`E8pt3XUS-S6 zgcrDl)$~8oN&2<&?zQghs-m5e#+-8g#VTUOy_AhY7|xvr;E-E4pht>0FM)ueTW0DmKo zLj3de*`$iV+VhD5g0X%X=>2dDeBD&W282cPVV-ocIVku1nV)*gj_+RG8lLw&a)qj9 z92Nm2cQ(g{UX+Q(K!qI-zrlbI2V(;Nd~N(eJl`UfdyscY!lKTOB4O_^Dl=v$o{j1% zQuLQ40yw$LRuwu*Li;v5ZguAq-V4iXnYOj>;}<+Z+qkVIqDk_K^qI%6@^Ge1cMhf9 z9cl=9r}P9Ss+Zm@b$+^gGV4f|w%iq+))-!Vx0m)m!DOIH1&Cwg0o)zUzIuU9N`1sS zZBHNUgv#klA@$Z_%C@52&{mC7EA+I@P^kfm?j}Ya1z?9XK=v)*qbm)iniu7X9iK5+ z&YsJN>AY8dNl-MOuv8-F4V5=s?ZVWD&^WHHam|g~Q7NzpvIO5JOKBB76Y(Mj;H4^V z28*qPox&#)CIxImLc*J%tL~ju8_>cvaVn-d5cAw|u6`B55U{`542qEbC}uK^kOW--JWJ0 zXXQl#W9er%(Pu&@b2?xa5SdIIp3gFp&x zwgl7eC<_51L%Jr|_{c(`f17$6)3~wjsHIJLyMD&Dgi`1<-OFNF9fRRNuRx6UdTTh;Xe-e&LJ2$) zMoS*V2Dh04d481-0VRI{hGd|X?w)NPx%(JXPiHafBdsgUN~{83odh$RIzosVKQYiF zuKfKS3g!UGb>8*BwjP0ZpM}vtwh+tFT8cJED-ICd^&^>v^9}s486?C|FY$ zfj7HmiwlGT3sJ(N+c+y6534Smo_p-_*Nma`CQgJG?(Z1fEY|vjb5R+`^A=t$E72x8 zQ_vg-YE%VoR>Gvzbt#k!bG0iL>xK=iXA{Lpi#~4VQ0<9*j@r$F=N&Bi)CT#g1wm?%B!gr#? zQM;|dzG3+sAASDg4uXH%(QP87EU$X#88w)V3UEMyB4lmHQE-7*V4&C51m8vWS;tE- z8@mu?`+@}she?R_&7Ul5CU&q}^{dfyRe`9i?#^Y2YMu#&%4Ze_St_nPbAJ_14;|}A zb(yo?li$NbHV~G$<6e#2MekKKTHXjZb^q#biw7LoFC^I}ySS}8pSB~f4AAH54`TIS(uA{d!FGuer#Y{BZ?GK4L zW|D;%a~j#BLYEPq?A_!XY+A=nU7wYRphF&Mb6>SqZ?mgr*(eLwDs;$I@g6**QWN52 zXpLFO45c5v6YIHv0?q^mIl+}}K^L=7}ztB z#pSI-Cb?zy{~rQ|g6VfKNR&T2@(shzCT5>U4jv!WlQW8$?f~?QQw>#;_kT$k+%|HR z=nEiN*tlXAn%H-IMTB)ka>^gj#+j%ezHE~^ZvXsLl8|d=Jt6>M{VV5Y9;;RD=Uwq- z-+|eB2dOaHl%aR7JuMnJAFf#kopM#(C-pvX#cIw++G&i)tyvs>ZkDdPXwmMcT&khy z?T(3rsM}b_tT1hd4beOG3&FT@+_rwgA%%IY05D6v_-0(VW;pd6?&kAn>S!VG$jDBR zh;NS+c#%w>Kusd%7s2Dw`F+540cmu4--E?$IYKgBZEeVAK6`PA)8pWGdqb;Z%;Qyx zhS*aA#s_LjXUe^CLJg z1IFqN$y?ldi4cMuE*dZAN!D@@@v$a*rC~Wh->SDFF z)Dm2>9{KdIcJA;#lts=5nNpT4e02jZ?fi`2Rrib6(yHB5bFvR#Zy46_MMK0$D!o$t zZqB1_mRrrhiit10oINT=h1}v{FM&-slfu0$8^xQhcc^RBRly+^wnGsP3K= zazARP#Nn46C;R@|exyQmKs-JFolau1XR2k)jm+B$ScuzHw&zigTyVYd$#yXfmG2s^ zH}H^o-LU@aI#t7~tIZWruf<`s7_<=nE&Xu3&c7mpTz*6E`=r4KHAQoB3a90{iDR&B z=*sG+lMg75F63U>$6Iub)I$5Da-J9b4!^dSHiPfpZ&{e>>OT z8#Gv|iHv)~9bPNdB;_D%UEnv}ya$o zh4Sr*K&YxqSqoiLJ`dN!2bQ4MbM-TRS7Vesm>3oR(b4VyA3=CV3eXL=Scg@Fv=GGKRJl_C}C?u@H+9Av7=D zJ#Jcz7XIBuuF=9@v5|Z?MDCcW#w4?J>r~-p1<-!gH!CC1#GmN%i^ul%Qr}nS$11mR zz?!)$O;pIK5^XDy92?0%&En0n4y9aVr<~|E+}Ga{mSjwOI)OTbR3PD< z+I9LX1yRgBeuXd)dTGmMv&yubd+j#fysYuff}{(FND&sn#NJ z*KX70%evP2Zi_=Y_)x)+sN?uT`>c#K_U{w&uRzcODBBh>^Ad>$!?Cm`uQbL+yOkYZ zE-4r#;;O<|WLKVItoSG|G=Mqu z{cCpI|5d3H(x88KhfDh}jeyZi8O9ij)Qw8@e1bea7U0Lfk2r26?SSx&=x#<<9g8q? zhv1o$b4$lZpHROplH63EJs#bP;M&yJob`T(i1?zk|Ff#FY6YI{{iTH@ky$m{Uc#(^ zNoH0#E0LGB{2)j&Yx&!z$HX)OPjQ3hiDU9s8_Hs3f@ByIs!*TcCiB}0C$I-6+mP#g zD94;Mm3WHsmp%QF(6KIL_g&p&JXiHED;*#>Z+o%5c8~Jx8%^+a=DM~eU6BP#n^TVM z4q>g@lRkw(0BRwrk6W5`WURX#bP3`w=dqL$FzJZu;|DizTR&1HviSNQSZJoEE7+4U+Z!p)ZYPC z_RRe23`tBILO`Z^Kp3rQjn>+pn9UJmPQC)T!NI%gNt`i3RhyI5It} zGf}6#q0MxiF#xO!4n~FzeXq}mnTQMlus+Xc=d7J|-V(E{PWx^tKRxPlG%7W*3HDp_ zc0QU&aMR5ICS-&Q5k(ZGuy3E8mU+gx+6Z(lqjR(!_h=0`qnG*nn-k348iWzNy z(C1M6L9&ek(jzmOeoa`~0Y{3eq+@(cNhe z^80FR188Dl?~{fbn9_UQpFm(@#bd37#j6*4j(ot=mQg)wF{;O(nfdN-hCPsQ=kI?KADe$XvF z&9=6jJi#lny9v*(lM#)@l+ipl@ZjDypsXCf+>Ny_BtG>}^ z1r+a9lrL-2Z2?DQhMip}bXGcx3P4hw_SM6xy0?w5by8wdvvZY;2P5l-#ZjvEb!1Za z)#-vl%zurU^;n%|^%^IR9ny|j8%vpR8;b0hRwR~ODE#~oaK+kTFG?LQJInb zx4WX%W4NHYAy1YbJ97tf*pIVEGbtK)Hq(ip%)5rZ*lt>Ydy*%Ao7Q>ZWsmWnZp|(f z@7z5>{1~U4>UO`RS}&PIio9Z#DKZ>07oR z4iBn#0Ff~P6KKNW>3_PK8kKrBQ#`-z>0!^hRmj_7|AF*b|8O6%dwvR{Yd3kt-(cyw zo#KQFZu-i#q16V`S`|#DiK&|!*@+hJE%F%ONFi<6KLL45xlXhOcZ`oVs`wL|bhMe3 zdEC2dK>+(^_g0kL-eq`z*?F24%qLp#)2I(B?NrbIkY_V6F0}ojrPz1j8<>EU`fD!7 zkLd>ePz7g^X@Y8LiTyAOuAo72JH9h|1gfC$DxN*kP4FdHF>lKANf4-#bgz2YiVAJq zPx6!ekNRxSNq>1YkG)A~F2ynJQZgg%r8-{Z9bhu2FaH+#w2{EIXw!v-JD| zi>+$S$wa0Tgt!x`Z(6tXu%dUg;O!a$DubqeO}_+OH*NYwZ^WfC(VA`9=Olm{8+mb1 z=+@Eux@jY-)`?z@TNk`a?wTZLOuo6)I{*gtiAJ=L7?s{$Y7PtC#tAOfJ1}gdOxBIA zmlRL#X=1_R=J0}4z#7)cz??jUBH~zfYX!{(?(_7x@Fn1v>55IMi!VbQrT6%d#GciR zPe3UU#x>bJKxbcw514M*1lI@-$cTH&4jG3SuxUTpww>9;XV_SwZ#qEw6W{ zQ~I^vBIz@>wiU?J1=3^)Dr;pr2t}lVvVUz^?R1+dJ^H$Y$EEFy2+`#G0-yXLyX92B zbe3Khss>$5*L^PQprIszX~ z0Ia}xR*7s_0ppBxLD#bqiX^23g87)u+3^zzyUo+}s)`OY5|5l>mG_8x69^|6i)<1c zkwf|wn<@n(I6cAQ9~2myOVw&$#cHw4*&E+^<5j0(HLj)3eVZxk(&OaD&ajrJF=W1R?JchrHGF$i;ehp+`q;;_~@5*U(%e&6q?wy!ixd|)cQx%A%JJ^Xt*GV1M4 zGCb0s4PmS2QDiq}n(*u6OAXxc{jP1BDA-ig<=ZL#OKvLLB66p9`Em?h7^=?$rlHZ& zojUo%u01mRLuK)mNbmX7b}x-k7PJ6PAhvF37YM5SZvK9{+vt)xp@C61jWthKOFr>I zdEFr7N?I$&PGhyEx1#NG(I{UIvTc5(-pPeMDKH$X%UZ6Q?VywE2{mU^u(k%xFzeS< z#=hrcGJBR{ph=sc`N7&oAn8${cp;Gf$lnQ)6-EZ){V`w9Qus8a6k1BPoRrtB^Z?$S`tl zm5=JHPNc&h{~rHFe)@0{gN}?MP4i)6;{iS0ogy!lcRMWE{MEk>-H}z7Cn9f2Ez#!s za)^(4`Uag(apPb|S=?S#sQ$JBu_^QfeM(mv5EXC|AT`k>{`An>Pfpuk0;y-w3_kJy zWJmy&YAkF+tq5XTJz+@7hI{a#lcSyxu zy&~VOv%oHHlQ3Un+{B{7wZplKCN3%XdiNp9_fQq95y0uLCP$Zzu|JM=6mm`+hufHMHhAg6g>!z3vGT0d4m+ z*&a#0ekO=LTeKG3y4H`ICOUoDRNr$m-zrB1kK6-@Wm5^)5XURIE|sff6TLx8m^Af$ z33_ruVlD$MO1~J{Vn-bFDlK16mOX#R*}RMx;;s@=g*}#v>~~S8KMutW?^iwkj5J|z z7K=v*!tDj+94WsN98PL|{~`(P3&kP*yOKUF6dj)o`lKuLM^FM6QeBFyrMhMd*8vzY zztNHL#Wv7|pflfDwq#D@DDHfzxW2zz(qd`O^C`1fz)&*JGD7j91y*Zmof%zMQcLUe zbl;@3UjKlFsN;W?PKqa9!N&hivqytMKY;SoI$DwTw-qd3mS#Hd9)&I?{#QZ2`~j$- z*Yqw^*2!6br0%&9)Jhy@S(4m6_C&-mLrqCA zU5Edq`3WEMeuUJ7ZMDv^d^XjgVXgP+p3eZ$lDb2+$9xD7k~k3Q7rwN~{=2x|-!gD< z%-r(DMFW4QJtv?xShW=UI{50ZN|cl2_*JyUV-Y1Uc#eaQ;xzDB&))#Av5)^Oa1OWu z{a9$Pi{8&iEC6BLzo%~(?BgDwXYS@wtCr{u^i5eTGG@G#ln7WG_q@3b-0?fN^xsQeLzf|z6~6TWC);5f3{r|jF;f|K zeoujjmuAz3GV@b#D2bHHm3Uw0#mO^d#Bf&nCV7p^R=w0YZi?M;VR-wxgS|Fbs&ISZ`^HlnRdT?e;G_LXP3;N|3NtX0(O$pAoxBRz1dER^4*N^bN)6`> zTUN^iA6K2P?(&+3CLQsT2qsStx*=9(lQ;_=FNL|A;MTrRM4lb_EHVPX$3V<(;0=g| znuj}4GL*iH`-b`fG6L138_Bxt&-jRq!kG({z99JVxABs{ICxE5U9U9Pg!^!FVO(G- zF5Uw$y}hvv>9t$@$D06|uPZF4U38i}6aMX_Kzgb5q2{#b~<-tbrFT7wf#}=9p|FceX#sPzH zP=y)j?Qd8qXJtRyh_Z@DBrFo+dg60B~J)FliRSet%p5L^`yY1>Rz$M zeT)KeBoMk!2(}=0j~jihE(-lf^rm7I(&3~V`TmbmX>H1*rfW1zEbD6%Cu-95Ku&`6 z1hj4?3DW}4=f{CE;t?0(GWbue`0uH6kp1j)}1XC4W6B8#|ZwmoH^N7I_I4MY>nxmL`v zz-`vwY>OWDb;pGcaSro}e3XIe%e896pH|LiFga=LN*f!+XZBa_<5qKMnt!9FV%5DXVc z0hRm1ACVR#FgqZL3l62$b zO|!Wr>oTJK2gTTu<7qVldx>OYF$1 z=Jnh%rZv$6n4h^SuD_Hg;Pp6o6}^u^%t^0(FPrHpZ${53&#p(0#|lAav6+5hkGi@7 zIs(fVrYlPl@Ej^4;{qo=OEhMDENu_4fh?Zjv|lWNJBF(1*K`0BW^-8KE^y6L5o={z4QaugE-M-EQkU)zitM?d3_Q*NJQA#uJOO%$jRtPppFzHg{ zCK3)Xm8Bny>RmcQuIEanMYCn15h#Jm@@IlGGukeVQ}=%S@!jn3y|hH$EG<2Kju%gY zv0C}IfS5(8!1L37-4N=*{RjH4J^D=NfRpJo3oW89id&NK{Z5h9enN6v9b-<4nKV^u zOWtY)rhzyg9~8uJDuW-Hc6Uzw?ktigppC+iWI(*DFPLudoK=>t-ztEz=TDN{tk`OT zdmwUWPXf8QG=Y}Cp!amU+paQE7Gp7;ePquDFMs@Rrh;zvlXLY|Ir+EAgGL73l?6K5q z9em-e(H|v)xcqpQ^W+m4(z7A-;pXs>PwyGEIeauP8Pqke$}V<5csKQUlQ!z7xbYS0 zK)^#mR?3VmgRvSmM1gJ+^tZfkvvrH78rXus3oN5QP4}xHGyv~ysZIc5P9~^t^zC#w z>G$YIh4E>NEl-EYZOIli$Vi0Y7u8zxk8t zV$ONFj86el^4ao8erbxpfoxkz%4u)z+J()4aMjbpD_QPj=Qpw1byzVIWxcY~)@sMU z8*2&ead2-&ymIGXH?{bqlLl^4^U`$(2u(ni+rP{lAige6T0Sjxs(`V%mgKmVP`k3d z7nHlIt$k=Hw!;#(vYgfZr_H$)DAzb=_q%NJ-{TVo+{8zn<>Mwq5&R4<^gO)5kK@zu#s$5B&T$MkN&DCD zW^Gp|*Pwu!GnMQ8;QOg~Ed|R|TJFx_Fm-4_$2Ee)nm9TD84xMv%=HQOf+!7h zE6diI{#4Zh(F-}v4CxbAa;b0fbq9-ED=@a;0A=)}hpT^QO5R%%WT$HW-MdBS)MoYx zIMZ3mISU>GwG=;{I#mF+yc*>&4{elTD|p3FsPf9PBO|Rs{a2T*`?d-%wpc;l&!BtM zIP?K!0a{ku%Y7ZIZl(nHtOpfMB(oNhS?!hMMd~jDEW}D(={po;4$`6)`G=$hEB9*z zv*|u-D5-qSU0*yL5NFQc&Mo>S2K%GT+9|MdE_o}`ED*ulM=yDT4hR(hO8nmO8uFuIM zcgAc$=2|`_O01Pjl{VU)O3^vnL+x)fix2-eU42~d0-}_NQhGnkh2yF|#llbwY-~#h zpb+kGpWV*o`ZU+SuC$SK}SlBgstO_CQC%o*=VeN&nh?D7-EtMyThua z{Avx8T2mlIMK3W8CR<6X+4ec6|0w@3NEn4mQ4pnI+H61%U7vq#EpJO1c?SID#Y3Gq>w8dj^dsb883(zg#8 zqrpWFn0+F?=c?t9f2jD+d30vqi;XblWn*z6&! zJDkK%Gtk#h=>fmFnHqC&_6+t{lb?l?$uloF@4w1!z_mXvvf%noQGQhnliRC3n4hZ# zhw%MHgoQ#Y!!a8T9&TH6Z~|K#vlu6BIkJpp3Ht~`>OKdPWj7+=ZIsHISPEA;%NmqGoqJp8VbwxMAw7ey<1FAeuw~AjO{Ya{B7wFpCA) z;9eHz9W!ucY(L@K6{c>Vd^-ZI-dk}z>x+j9LvzBz?s{4;SdwAiti9FI3}!h{=(yQ- z%;N<>7Yl~tkj2(sROtO4B#Q*e@BHFux8A_k5nm$G$#PKWcDSGkfvGh)gn{*~yLzfbOB<~LJKX7TLyJVDhI%<#bCX%aj({1BEC^hWg{a!C1 zW(P!HA?OV2_A}r0Mo&AD07NFfy1gypBQXZ7bH2Tj{DBalu;jILMK`K)S{AM4TCxtJ zPV1gv`7syOmA3Rq$#^pnAF3Sj!Adb!RxVUlUgOd`R2|U{qEk#^4K6jr(-pp|#YI{4 zW237Cnvm3j{tL{St;N?fVO|59edt~M^7zj08(^h@p};VYE5ECQkU%Bx)nR9Wyx9Y? z=CK!^jjGCJ0?HbnLbm3s;%mKbLW1&a%N;+{wVV4xQ+D0i6?UID-GTjX#l)B}?A+zp z#%bMYSPL%S3!Y7{)F>`V@=DdR4{5~|dYQzG+4jj|sS~w(R4W# zridX#-tqmVKw~FqfekW|)m$Pko=F&9^kMa*%4~V`dp?A4F7^8=Y^L((h1$k5s(rkm z^Jf-5<7Dy$g>~A(O1S=gjhCS-X;%a3X*Xp8bb!UoOVVA8f2Y#+31O{&G4!V?!JoTi zz55yGGv?{XSR}#s|ED&9RwQxiui%S^72{kaY(6g#j+|^-scJ`emfW*faIhZNZpPKA z9qx1!f9s;ul+t3&Oexv$Mc0|;wG2`8bb$*{!%T~Sp5kHkv-QHOp>)fdti6WkafMR=@s7S>V&0yoPvWv|h-g3YEDqkBD_J8)T z#BJ(j?D`{e4CL#$ub;?7XnrhobQDt3G{2d zdCfue5>fIgw45fSN$oOK>lusQdx4}1n}ek`Jd1zi9}N|8xonsle=V>)F3Ked;TH)p zwXy3`&+;Rb$z8!Dm=fvH;uGd~UKyYfHQ6hl$~OtQVI{y^uvpkmf6J;_*=j_ndCOS? zf4NR>LfoksUH%`k-a4+y_;=gTQEp42HA?2na~W0HtGN z#Ap~GDKWZ6jFQnHjLzSUpYQkcJg?vL?_P_0_qk78*E#2U1MX|#@MS&iyiL8A?&pT) zNw|yXV{YybG59#_=S`{31Au?xXV*N_XuW$BeEwI)XQw}S5h7Z<2x_V?GArrb*GVeo zHmgx57X{O-Q?FErUg~VC@{Y^S1ZCe)a)Y_)J9(JEVpnHJijSvMg9DDvO4%;GAidzg zk<7KtK=<5bcL63dxz@SH0$I0!B+;L653f$7Rq}hw)J0qW5iOk*b^H0Q9Z{mNEwOsnxlUj` z-Wl#-Yom5;+KW@P!T(P}z#DpT3*fj9k`Iz4X(V36wU2c;Z=3durXxw-r3;=Om_Cf@ zQU_o7#AhRb+;Z4@pg*+(O+@PY2$)Rl@w#v^)FO&Q0^>nl zdnZ{~08`Sk*OjmTzzExFc0hK&dA!(fvf{a|V3}_cwM`yMS>c1)u5R+6DG5xD%J$~2 ztQOA>n|Ov~OMw;YcO}@6!{J=h={DL{_-%@bu_r5F^+#t4ylWJXf^j?7Nk}w!%_MppOsAb`Yq>~yLAYF+>I@2_ht zULsIkbTI@~TrmujV>dzKrHhfD8rlrXxL%nJ(?jB^Y6@`LJH7p_Tgb_0i%`f?p{F7f zg%F)5BQSVtB<^h>^e86$^V;#m`9?6n5E<0MxgtU*%aE$;T&0!C$Wh5_Q`s;W3#?~u zC~sGJxTj_a*Oi}24BH{Nr>DbUY%q=E41G!-XD6xC$*9QFbwaH^_TuQi@3sxVyza+O zmaqQ1(&%Z&XmnE{#_6Jq3@o(t*KKP2Goh25Ua_rcdv^mT$8607x{9FbFBm|bDlDhlO@I!)YesJ$j6N3 z!agNxJP>s3H}HNr#%0(1#<%s8iwVD!sGs4W$OPQL#0x!2`@5c(q7(|yc(8=(`y%b* z1b&Ct_U#xt`<8@kn;hBd=C}!A8nIRVBw?7aL z=YJd=lvuSBmY)avHTdKUCzq9AS46cz`dWCsD zF(dE$%Uxju!am_C#fB`bR=Q9wrwC7#91l`jr@d=5Ao1KH_vtErlhxlp@i^ezwe`JG zb4IhNSZ1=eqMU~zA0KsczVt9@neA$2P7ica`3JAovA+a?L>GlHp?hz*AKUt7!}Om$RLD>Bx8k;} zweWf~O#WMC0lVVz`2n$Q=)Z(|%4vB3;PXjOB}O&v0=&#z9G(H#=Y}SLeeUw0QEa7& zTF=D4m5D*+N9?C(&G3W191rw8x&D_YtU&;iuPRdthp&|ipUaD6For&J->tF~{5OA_ zx)IZq_$0Q~1KQesqfN-ItmZ!(#78udS%CM1y%cp{bdJaqK)+@^)sK5BCJ~SEstB#% z_LYD=KhhQ6HX>g@)wC6uybjok(H(X7;A1+=R)}?n#Xo!;_VpDE26b~Rd%Lt|5qR4J z_5_*fI_JuaW60zDUY>c7Rk}Wq=&LO!ylg|O^K|{4PKkl9nXfz@z;ZlD*XUJP*{~E9 zg=WiAxdhyFsNRS-(#~*Pj4csV`SBZb5;9?>pgJ7#4A`5oNVv{}?9DFrsv0Rt1Eg#? zfHm@OK#;7;ODppN7~G4NOWHL7DiOz+NIG4%m#I328^qC!X;HJNT1)m+3&!}{fH#vPCe_v<>Moi)ERVDm!pf=+% zh1Q59IqRxXw+3!2m}gPeHvd|{{u;(+X9g#1NDoN9@z?kk;OMhTso7Ou^f1(KRL>Gl z5O=#D_DK1t%~0JMEI<7#*ZJY=d;K~pYbj-U29XHPM@MX$Yimi>so^a>N741erF?R; z@2iF)ZhhWp@K!!sq~tkoF-esGM#zed*TUAYq)qvXVt0p*j*dzc|NdgJ!tN{{+ z5-dJ~I5>@j5A^eeDajj^#!Oh{S~I{93WZg8by`Rk#{CIz>W_D9{S1na1l~P2suA{2 zh*`sy7>&&tII-C4vnAA(dAso@N5w8bGpLKs#xPB5%s;cbG9cW^w{56Q08SP=&u6iL zF%j7ZjH!GVhN>p}pR9k*Fy5c8Dc||%^Qdhcgo9K4(VO-m`}O2v?d=R#{&!@=gaXpH zVZ%OToxs59Ir7cz2#@)+62IG+fu`wFSF5PEGfzMce3Z5AT-B^#l5Kre%ydpj!fv>CiS0gn zOv9VjQV~;jOkWH@R#YRqDwgwwsPDcB%}TRXFy)Cg=?!WgKQSw9L@#3pS@aE>$JCudq$nG{;5V_|W=c9q{?e+vnRk=X>f! zi;5K15(5M7SO*lrUEQ#y0NiWfp+`L`W&Rbb~;WTs5h6S&j-t90q42=2~WS&l)~YgnTd0+)ol5tsdFvWKVx@%t-jig)h{95g=9 zAB1n)67peUNipc0LJj_=!b#kx>KdGmIUy_C+trf!e zXr(tSoM&5hr>VcYQy5P_V7DBcx@jW1Ew~9cS|uS~9~=a%`q9F9BH%cF@+-SIcL6~M zm7*<7u1OzU(dWy5KXZG3rZ zSs}L``-AT9JQHsdwG7u&7;m}QMTh&>4)x&3g2xR@81?msd*ZTsgok@NJLb|1C8|M^ z(DL~w7o&Wx#hQPx=W|r-JL~?{_}HADF6TuZhHhHEnC8R~vfcM<2;S2U$l1oZi>Jlg z@1V_pO(l|o$H})V-2sKLLKkIo;8iOxD6w8b3b;|8SxiF{yA`ju34GmnP@Bw{z|k<) zLyP5Q=C$RKuM!x{nEvDcp^_pv6uhWgrDa7>X{+#;%7$w zI(j^g&wr&l4-dvHehzZKiWAb&&)YCrLz%Z4`ZxLPwO4*7z`TpS-ubnY;!IcE^Q)Zt zXs=9J690ab+64wb!Ej(nVMsf!3=54ftM;*EUL%ud{UR-uXVR0}Z2&D85x)Wc^4X^- zLj=qqsL3||&{ovkDLvHBk@i@AV)#$;+Tj!pFT+{wzP{Z(i?E>&Rio>1%0dExP0OgUsar5rRw#4QRuZw${kFgM) z!X36aVTastL(>-B@xR@oyc6#d`|p?ElUN+?87Ij*mI${P%ZBMuNvwW);&J90>TtnQ z=861MH+Z@SY>q7R*?A1qZBS!FSs08JsRp`CgaclD{lk)NJ!suxDL=Y zrNF@URba*?PVU01g$F2YYN7+{3@hVUo%PgSY1?MZ+I+GuZ+-WIO^!ACD|lpk_G4Oe zHDHtM@yQ{w*|;yxPm{Z%)9#fBZAw;^dFOexyY(j~Tz@xT(eftKYd?xGr5HaQpjkDw zUj#XhN|3|i2-x;>!t(g69cspf}Ohf%nl&3KA zQ)plUs0%h-d#scm1_UGF>qX^@#$%E+EBLx6=CTjs^$#CZQEe0A=QtfN{T#tF8Uy^#G3$F%W2 z>%H5+8)^MUqh|jS->jxW0G@uhOm~Zdq%n=(mk0)uZJmRpLD=_SoZo9@oxE75ym3O5&q?=!Qy%6Zwu>r~#;dT#{UQ=#pSB0eSNJ;|tD z=B$|LgFAw)5|hF`1zCg?c#ZYT`eRmHpUY=RvlRt7iIiTV^Xv*(a9E_&B=*t(VJ$*T zW+D4gOEf1TE86Q;m`xkd^>ca;rBwrED))+(uxJa6-5U4fL)GTae(`!Kb%l-7%IWmJ zTPQ6&&g)fh4EWN&ks0^x5`{~^z*-XaLc^3?ej4TbG5XLDFhy}x2mJPS2=6!hlu6_K z)GYm~&DT}kHOarW~y48@zGOkA`I{s#a`#h1jr9y-+KSIri|;~U!KC7;#>pQ zp96ZSO@x;BY)m3z3x_a;7sV}PycS9LC8HWLt z6F^l$c0>g`%*~YU`=c3F)GY(xp@J`<%2T2vQQTy4RAKhj*zT~l?A~2o^8g>2npC%X zKW7EWk2SXlr*%Nxl-D&FmQYq5;D-n*#)%*V5BWt`?%VyEnghe$-_)G?i_$R(vwWB^~>oaSGd4+1jlivcd)Vf52UV3g$ zBONUG$OchhXc$z9NFKcE=65RtHux8E(gujWy+2f03ih{s_PN-gNFrLC-NClVU>)h0 zMWt=l)0>~4T9|CDyH0N(ZR)UyYzP{vwx`na$@#|xm5$?NK3|M2ylB7QNyh|?@&ATv zo>~|+feW#dfLhkS0e=_La8hg)Fv_4uNnTcdF&je76};-#*J&^;4Tv0ju5`g4UB94< zNoXHZz3?DV!g!XEPPUs1SYU6rqbWrlpTb?IpaKr7Go&mTV3iN66T2Z&##UO$`^;R3M=n^`m|)6eKHjRr8^7oY*8m1twd0D$&7B&zsu9ZnS2 z>pfX!I?FxZZPz$Gmf11Jhz1E(pdVn|9{u@ZD3vt-j{c^Vm!Y%xE=R+bkNF8i=D4Hi zboj?oC6{P$<8TI1cg72=aRWH3;Bfj3-g^?6ThyS-7j%TGn^T-?Gwo2T%y_-n^}1+Y z_uLV+H<)y=rM^uEET0Vlg`~kPjnt!YK-;gt-NPkXgwn<11SWG<{5jQZuj(g$aO#f4DJm>Oq)9yI$tp!R+~PCASv^l z1x_Ux0Q!=~4euAE3Tjs`OB%-njRONiK+nMNomq^yzODoU9Jsy24wR;P5|rkck;6>E z6HcIVQR=fP0YnI|r2tyAcSVe)0B)&_FXZCkA>p_O0QeVpr`_Tg#>UpU#VE^bUc~iy z5NH!K=nf<)LPQ@WmgfnCF}&+NMfYnu&M>#ML#t$ZII`6$J_rj6oi-}IOQR8ZH_dJ- zEY9n5h!BteksZKyVTV)vOH|MeZxy)-bP_d;>?!r=sImU4~85=0yHS zm_tGVcJ0>**vX%udH$E_G$vrp3omoTetxij*32YYo+_wNGq?uw-wX@*Ys;)lgq&{B zH0;!>&-2~cpcN{?_}AWjy~lx+2m3Hv<82s z*lPF{s+4%Cj7v@~IsEYCn-{V?`hyG8QRle%Z4i@S1w$A=@GI$&qaI>NU@{w<3~?m+ zr>^tC^wrVJbDzc2O0+u=3!rj_e3b>s!+*NHbkV2bxv@IE1A{FE=m?ABh1nMX$DUY?W^Ynjce8Jvr*sV1`Ic*r%JOk3l(&??=a7)>1pnt2g%o@PKVJAdh9okTH|1~RO zRGHVYx^WtwgMI!_HdTj>YDenp;%JFNJrnlTSh~?Ysv7mY%2338O$$AlOL>n?(NnT8 zkK@Sc(l`dzRNG4Y@IMJ zwp#SW!)5%{P+I=QoC@Q~U!(Jdrq6A_ouDTFgWdgu&HRSdJk_o}Wzf>j2?J>Ss~5&? zjQvU!p>gyK+|z&Q^#>~kAbfJ_R?~YnfG#h5@H+@J?K9*KDEJY=Tpx-aqsO+vwAKw7 zNv#SsmpNk_tc=sPA31;_BOd+lCS*ZTsBZ6)Gs9ZO@-%v&GJ9j_VG7_S(tY~7SOTW=U=h}kjCF(U{p|lhq3U1|bE~HHxOkp{>`R!c~HlO(B z#)c1dVv2IVdwzCv1Ca&f|FF)#nYgGkcCsmK32l)%+deNb|D*c&7W{u_0kA*(6{tiM z*8nv*4ksWA)oJn*b%8c_#`eyjIcki^o|YJ#g-u1<2x|HC4&{DL_1L{plA5TZOeu@h zvT3hfbGQL7r1;b6S?>YMHM`VJbJ6#QT|M6>%=pmMrTxfHj&aAP+3E}DE+exI`1;Az`TYMZi?4E>Y!{N%`@JA=mi&zWDYv|(Z9Gk#! z&Ht(xSsZ;0vf~OLeHB_>D|?LiDY;EZxv0_Xm5;ft6#Dh90itOd!d}GlUVQBfWmv3d z+Fj6Uzk@RO9Zh9!KGKIv6N$1kAQeD{!FtRqWqKeTp=47Yu;H)hsoU^<3g z6{bt%e=O*~*1hKaU158JA1{CJvQu4rf}7z|`=|0PH1Fo| z$d!WblXH!M&KeNjP+dW>Wz%1f23TMt`EVomi3z@J1)D#HTu0s&#Kk5lUpgY@bOp;K zc)If%#a>1~XiUn=znPGAdw~HR^Jb4=3zJ-(wDS*IJ{(!bx}hrP7ifAhONKg5Bm3s0 z`lu?UXYwuJm`OFeⓈZVBe$#O}^UN7b ziCMu;+YNk9V)or>Nf3(2s-}W=By+|g$5Q48;MuM^i%CAB<`Hg^mF`X@V!3^ArhrC$ zOpztt*X6Rr#K#$PmR^KafTDM~y=CcuKGo3`U~imcmWzkSf3HG9Hro6&p3`#^FSQ|8 z3wvK;pD*In|NIMqRvuoIBHiM>N0E!==se?}K^-gl6wWIBB;VL4 zse$g(hyI7sZf_4T?WIR7;EX1g9Eu z6(_f?T$|sY;^m%dtQg-Fdzq9*7Or#lbydh6N{`)B!dz8xFubzs`;EZ__9;&@Lhult z$Noy}sVTo>S$EbpSx-!VMKHSkhiWp?cdb$+Sw64;6)$9V?5Z>!zCkUc*cPlanrD~0 zl#zoBe!BpjmR_u5z}TiZQUi-JBx=t&P92KMFZl`l+%7s?90u z@{73UY)TerN`L?A-VGgotsNRWSik8{BD13tdb5%^)1FbUY}A9TYb0FDUX4%E7PLVKYg2V`JJ^+0S;x>DgeLDd9I?!7R$)yc}4-CeE6?>Cck z`>0HwTJ;O=ORgOZ*O3Gz*!Cn5DU%?7POYR>07c_9Xz!+!$Ktp?;~P0|-`87IS>Kxw zNygG+9ygA*T8`Wri{537CR{JCOXEVx*TRIX-OnDS+whD|5$>XFN8LN=bW#znp2VU5 zaSR zlGnS+$&rf``6y@aCqn~9+Mh43pRmd-=I-z`I9to9=SC=g?Ja5ZPLg0QxJ1l$R-37I zVO1mGJ^5A`RxBTXa@>$A55X(x5h?n3HNKi3#XtC3d43zY4nEtS{s>( ziit=eQDblglClN!@}>+ulOb0NxN3>)3mLV+;UQ{b@`PSB-f z^c9e3t$0L2p3@M~nIk`-aof&)q3Bq>|4VXbTQUfY*8o)cL z6d8Vw^$IOxLl5xDvq-Gj?;wk6{lv{l+Q3kUPcI3o9s+(ftjx*{r^F&iB%TY+1zp@+ zOBL?gjkZ$V1&cjeKPX{ZlJdwcmLb)gZH?C7v(3m0ll!sG#UYOqWlr=NV!RiP46Qc3 z$0WUg4m>qYG{G3|&gYC=T;`Ey`;qGbhMmn#&E=?R`pZ|W7}FV1rhWl#{tWyboEYx# z$)0I_9#C=g93z{U3|S?*{dx=4NCy!YDdo%tQb(s4ARSNsy&|*q!Sw6SoD;nAIPIQ2 z!YQ}%-DAx9jpJ96LjF(FdG~*h$+cqU7W`+5Sb;DZVtsx_N=C_Wa~UVBZ!Ww+TD;wN zV|}qLaPWIB-XQRAwg}IDHB98RT7=Y@=#gpfG3Ro>B#E~VW5>Kf|y0(5D0=mGHU<-@tF{l}Kwzaibd@+%PC^fdQH9VJo z4=n1-qu!6U{oS)Z8OtB8Wonsr1n%G<`3_hl3#{uI(Nik;f?8LMq%jKAutEmr@m0|txW}D*6RigyHTv2S zZ6cyH$-8&(lM808D-*#aMuEY-D5QiZUu0^#7D`5{=HlFyZx1M$WKJZ`H};Lo-_Q1* z&2vw$(P6wYs~3K3+@gVp?FFn@Rr;<&C$df}@x!$?an8PYHg+>#ucC9G5Y_7T>!m4FDS zvS|VPq*Hqf{`fz(<3~eBN?$Ddn3=kAJg4u2r-MM1&YU}hrIf>^6fblj@Fi?vCu8(G zV8k=O+@d<34p6CXMa2zA$wx_!C5!Q8w(jHBpSxKJX*Jq=-uUFna(73(!V*^YYjuLz z{q^zw*jQv!!M2}YhGrlV^Wa^Yb5y8;J#32O_?`@`po$bz{fhggFaY5CJ{`;`my0G% zGxSQGf0{looVJHM9xq|_F>BkP(^p;GQ|nnEbFYro>7C>*W1Ek7NrhV)NVQ{NAE~jd zw5sX=H?eVj`DA$XTjiLfXgPI}SQ^u4U6UQ{9j7NI`6tb^k5(LvwjCnN0KyI7$$2Bbp3AV?BjHwOt`-@9QkFn5}D7>O0{tX$qjwMjcX25;kM# z>sz!_?G70R_YCkhzzoI1-D@db#(jDaiVU?I7+P;AbfTvUKj|a#>0&hbPiD}KRQ4^le(*C2FkYXn@kuHr|R(}S7}(CTv5AA-)vz7K~8&0Y8eKy6>yoKo*H*2B!} z_73iVeZ*Ab&Xr>~9xZOg4wfq>p+Y#KtT*Gndv%`d8%2GS4Jax3$vsiMqUg4ylUfHz zD=r1lR3zb%+wBPe1|hkW7w7M07fm^BP8Si35BZo_# z`-QYNX`Ua!{WDS-O_s3c4d}xtDMFZp1kK!fl@afsrr!E}^#qS0_^R9o@wT0Q2iR$} zi_y+6QR&~53_e%NCc2E@PgPO}k_ngic>;0vc>3ZPl$b{6%BhmFvik#3j%{LgXgapf zF^{%Le(tTlU$-`!jxACb3->w|d`8eohi|6`67;H`6j6Ci@U+F8l9ZWW z+MO2bRqWw-Y}tUywyiD``lI2-mi&0d&%;3Db@^!Wv(wUyER_TLDfbP>MIy%s0oA>2`SCyeOV}f!sz}mU z;L@5NvNdl?N^e(opfof6nyqSCYaX;J;L;P0!cW`q#19aY@2ss>2wap7LqsEVG zLC!|{j|+2W$|kgJ(3Ko5+D%_se<+LON6A$IsfDl5cdueX&if1y$M@ggn3|VRSk>f0 zuuxJgYTQ4#|L}aM-(SJ1(u)o5{8$)L}rdkF=O&wd^dL_pogYL;VP0>zfmA?_u+v_FAN4v9E8c=6fMg-vhPMO z?EY$Q?_%m=(+UB}=}MetcOajFuj;X?EcCvF@O_*>0A7v$<7Asz^S?n^aDwLeFxDh) z%4xBtp=KrJy!1Asbp2kq+yObTaA;AZw1bz0uo=E7IqVe=#THD^y}h~v&V2EoJUVh0 ztKcT`3EyoRj5p!S_a=6uJ(CK7WW?vSL|OY8Z&EJbxq?V>8d!#>$=)nVQL8++W|egu z{u6UsIXYpYR3JdIOgOV^c|9eZV2kAONRDzT$4druKwH#`>J5S&QAn`viL&Gk!znGB zpWry|y%DWshL1nFaT#YiL|S8NGI3tT=-mO)aFLE)5;uleX;KfCBAbVB9@N5^)5%@k6CV&)PB4zgtEh*BHJIcN>coELKe|;u{G@L@8 zJTIy~;+~gC`>gG_HU9I=D^|Da&KjA}xG}08vs`Qq^VXkNlr&y?X-{^LSOX0EK%VbM zdXyG3M|{lixM3K}bq2o(%)SFtCM0b17mr0BgYdV}hIg-%91zV8sH;{P)T*cI+z+67 z=vnrzP7hY8;zEMMx!#iQAQvw3bdymx?gPBxO{_*TiBmI_#4dZNe9b)d) zpoJt`aew0NlGI)Ky8kCmQ)mnQi_`iQ#Br%emawrefM@a9ynql;)4rQD;$c`X&2$i1 zHV6%=|3?;o*vm?XdnlK)wH)6j@kZ-LfQm4qJ<|dsJ5@q`aGb=O9!Z~s6gVK1LBf`5 z{ZL=(3qHjK-+DA!?&$p@UE&>z_O4g&64sk!@#w8?A#yuMJJ}8eLPLA{vo+f3D}i_d zTTh&Te*CG2ema{>rCV2Zs+t$Q#KbSMP`rFs1UAtx8+#sLUU=7;r7Z7TGYDT~s zLO-cTqnX171y!bY2@wA@`oGXRr<4%VKYD_CDn~{K2@QC_7mrd+NUJKm{_aj~4e;`w zI4NQd8~cw>Gg-J-h@Kn1x0&*ehZD2%zvwlPyli-sS!w9l;1@l(6{=5miHZ4w6_`g? zPTd{IgaXUTp`3WWdOxO=vIrnQ%9cKH%=O1qTS988�Fr#>UfzWmY9^?Ur{8Oed`T z(=x^`ON3x|c>~MO#NN-ms-?cn_wpZ|wt<{JHlRxu9T<%+m4e_MMw*1t-srsPM9#Oe zsusrB@hE9GeW+a_!@k>~-}?jW(nq@ zH#N6fQdNqP`zec$MHItcEy%96PM(|b_hrlQIg~fW5N(ej)Ig|=7CZc$fMN*{ccf=q zHJ739yHCP)=br~h0r(_(a5cyW*}3TIQ%LBvttcd@C;@t73zKbWo({9gVdu$uP(LM9 zMRMT%jw9E_z6td?$W%gLCUe2Q=6$71 zyMH=+KcZbY!DASHzTAVg*OF*6gPc`|kHX`2x2K(VFZ)NA+n+Q5p(PPa!6^BDrqS;S zsq3z2Eq1H(gJ~nzL#YqwV69Tmo^jYz$LI6wCWm<~BdtC?fiOGW+Iz_1u5aGNG;Z!% zMwya<0yYx1YyT`2_-E&6reEb6su0X=g6?%-Gae6`MXraF3w~rk;Vz&{H&7uRR`bD` zkZS?wH{zb*tHY5&!*MxJl5J2|5)9w;iezksYCE%YnpA!=H7a`f{l?_;V(8Cx`hO;4 zD}Xvns1~hvmluc&_1j74OPL-H><^2_Uj@RJ8dV=$RpB1|sujh5ZFLQk3YC{}zX-8Y z9+xmUeIUeY-P$4C9)M>;2|kOPLI7<7tgs}SVZ_XXO4%R20oEcyZFa!W_IU69qdgvO z$y%P>_x)=*&O#Gm1aI{zus3z*1@-O^-pH<9ea4#9mZG4l7ors1ZA<;9*Tii^4z#*> zVx5ttD)ii#r5rmjrx?Y1f3e6-s_;7TWa-AQ@V`SVSO*RdVZc%!^L8!Wmi`Pyj0h*3 zhV3^HN5=^cxgdBHUsa}^so_DA`XC&H#(AhJ^us4Au!EUcA7?pP@rjW4e#P7p0ARF0 zAFMfheu=F+&IsGvm=etS(X{eQd)Oxz&sAss^NgeiOO@D`U9)#X0mli6E8$nSXtbWb zB$<7lH$6=8lmq=NH*~F_r_LtqW9kl6tNajXly-RWa+6I+=pS=qX;<6HQ1odoenL;Z|8{HOK1I z@yj~zUS?l1z%Cz@uX+=&za<*`FO?fzjmJ;YEn)jE4EDjfZA}d7@!4Hjx1k3^dC41H z1O(9u={X3kD%1pc*TMvDF$DtbEs!*_WCVpE^at}nqvY&sJq-JQ=e&s;T?QL917Qn; zS*F~)1pfuFOCg9nN=DL1q11DaJ|8#;R^&-$!pDVzl_a}YHp9fNh2$(i_wl`6xd7~a>(f@#9Lh-gVQd}l%CdUOO>nf zDf>%I-6fDE&K9?)F*ZXn;=XhXTG*h`rJE%UR}U>)2`uhHpR_Aah8cKJ!X10omz*2op(z^t6>%&D3@4yU)}0Un`uh_=(L2LD97}D=JedzvDoU zrFiv;Z=tU_m-_pJC4KLxG5>o6gg?u%4+c{&)+5{vutrtj;BK`@lG3nmP0qrjl=l~r zV5_jy?l(5eEM290XL9WacYop`dh&%9`l-t2kM8Ch_PyH4j5{43EOe^cRK|pRgyv6xsCla{@2Fd`YN2) z7JGQ3jpT1#@SKt>L&?b-a*7TQ$)BKBkf4BhB76`9<2q5(#~h~pbPa=Jn&w1A=HEx2Hy5$N5X94{GAA%#~V5>Vc4egZ|EsaEr99>BLVWZMpv~}{N8N@{>I34upDlFoE z>fGN-Jxnw*R9Gz%})suv^qtZ(JdGdktwv#^Cpj$(&9SRU}X!n=|ot$S(M3~aACtKW{Y!g z_s)fy2?IL&y{~`^$}IsNK*H8Rl{|>tLDSy7scL>b;P+-uo~3BlGe#R3uDW$U;1S5A9AZDp5;9wxls*~mTfE!G zav(eaoS=GNaVz$+(g;%N;&!pc_TphaO6{onqXPc*bJus==gBssxpeh!PGcHfy58yW zKn0e}A3M~#`COwY&VTz}&X)Znw}Z#iejDLh#h>^@N(iZxRNm0vnGBF1NzAo>&%sMy zCow~_Q6$0W0jeU~8DTgAm2Pv0KYB1_jB+)?dJjKXh>S)j6L&smh81}4l(JD$O;^>y zJq;BO8GTJ7GZ0YBGry9L5ya1N%kz~}97WYA8tSp6&NgRfTTN;N%=?QA>BkclRE2B)#yW~J7AyK;W zAPVmxx$l|2S&y)adH5gXdQnzscoR?3Y~jKeocL><6occiTZ0)OP9xnI;kUl(kB);5 zzp%P7ZLu3ymL@;YsU}Y8Myn}2O{PKcb%NchQW0)p2U3-xKN-1YnW&2^5wQ#v> zqUuMn=dFY$-5&FT_c2BA8nZ(I%X|=L+_Sjf1>ax&7Uh-^tDjpUmmziHm(Dyl9lMF4 zb&R<92SLgweeb@7hL-boYvOk;R_*S; z)Oz(aID%gfy;bL|0I9fbdrTYZ0(9pFxNL>>bq9C!01`2`p_)uWEl82t>$U-Sno>*8 zlDD&BWp%)gb-}52AU*KT(JSM94@V;N>jh!mMZSroL2u)+p55lh=!6H4#AH4-o?9_T z6A<}r|KTaLQUiw%4z{u{@-!PzLXpH^-IuVS=}~1T|Mmus7BJ%fHFAV~HBWwpY|Reo z61Lv0&TBpH%~^a&L0fi`3Z{C0D79Zq@2lIzSEzF82YBcIt| zY)s12Qiz;;)R{X^`uo))nLgeahT8%;Ix0X!*$bwrOMxyh=Z{K?Ida+HQTPniy1lD~z z^72eV-lRnAK+<2tjh3Zejp^3bfj9QZb2P)iZ<&2mSAU8}zLi+D7o6*8_SYI#!P!XtU^EsAiARA+c|YmIs?`-&I+ z=KHXVqdnzEWWe015B3OMsp;M#S znDt&l{XT6p>P?jHUUShhN!MImyllg(vaj%{3*r*A_XC#l4rsuNEsoxB(-+flV;A#` zw5g}d>6D29xNpYctiMTd_mtl#x>0<*_H_iBKe&po|0~!?Jui4P9Vp0zxfpc*t#qeM zjG2}VWeo9JUKL-$9!u|*7&p{QWq=xXr`?C(4K=0!ozxF6IGrK7;Z?xb?A#InS>xE^5@9TA^IBY(! zPl_joVfG9RfHP=SB}biG$4i<*{%g*c-+y8kW<~H0C>CoGJ@j1^P)C)2_N*B;(Y5^X zoMkq7mD@M-lE+b*1c%-$Eoz++Yz9?Al)sJ5`Ar15$H$hmxKc&D;_j_F9!V|f{jt}n z%skr5;bX6!BXQT@byWtV)Pxvx%=0miw1Mz!yGlBB(86m z+NWXuigi!w?U!9%`ogr#^Sua|iO{mJ_?JydzBNvI*?MX2=|?;K6+v<*iB^0}2N^HC zCwjvsvE?tL72ND|6d-9nXM@>Ycwl0m@2XlgzB?-?WOxfz*B{*4rXS=ieAS$W*5K;ECaF@RW*EJl5 z66ZLLtHGY;{9ne*1|ftOf0+RPLc5(W}l*BeUA}%Lxt4N3_wf(!q0*Q zHax5?^@16oV9)eNnKUkxrW3y;1^;lpFQ?<5hN0TxY zbDA?zv0+yN_kU$a|Iw7vtkp9zREztiTf2jD5f))CPECtRIx|6zA+v8#rK#KF{3=oM z6CvEvHs{ueWiIRHU$U%6(~>KyK%;@=V&37?LweJDZzxAi5LrPxjt_f~!zMPPoVl~f zQhI31-gx6pa1|KLn9TZ!4XBuKXMT*IszfpnhHi|>RS{ZFtF`6-A6Z`=*W~}ci|9vG zKr9+TT3~>*NGaVY9iuxZAYCHT-HZ{^(lHtaqBM*i%@B~$-F=?<`F+nh-*f)swXtW< zo_E~$ecjh}y@N|Gs=ttE@XraeeS1LJ{U~~^eZo`-p98A5Tw}NLnSyWzDrwJ8T2x9= z0*Zrttl#P%VXtr=FFy^ ztkq*xR=+-Ns-+RdV6^bbV1@$;w%6198NFGkFe3M*a>r8g1q+15^y$d-QT+1ls=oB$ z&3C;T+AE7;2JUaw5Iy3(>*^gZk#NYsktb<7^V398Tp`+C#}-*whfPxAO4^*NoNBWw zh+Trk7+eigN5^@hh3P&Sq${dBc~4E~*?wgPL!v4-fl~V$&N~>(QAAXRFdHZMsH#su z8j@5->SZ?=`}*7KE2?zx>C{QfT2+)M9J@CsmiV5*`t+5Yx4bS~=vR@qa@3EyJPP(u z>H(RbS;ZS4&rV+&3SjyymGB}>u9AV)#}D4!zisyAV#BK)hsi&f0twpLIQ@ zg|h3@@f-=EqCNdx``Eg|4yl0pzUODAL|m-f!WpfKnC}HS>z(kBw8_nWh4LBuZ+N(K z3#r69Jyg`XPGh%zNOA>4KgGeJ2vsR%vJKeRHgNe-R-GCdV09$z4sFRW8Ts7rS(>^6 zs?lNLgGPdur(SQJ<_zPg+6?SYR%MUK3bJtwa7cdO(qJuHSAEE?R#;SMc45fc=RfR4 z`?a=Jah*dzTaFlP=&7;Act06%b|UrC2J@}^)Dih(P9~vwB1d)1Q^%I=B<35)h=Ux| z_Y#UcgQe-Z=zfEWa26~Ko5GOb#PMUf?#Wdpi@Y_z__cjeHv@7=RJ|oohKW!!5*0`n zImfURW+3&Z+yp;?RV>bRw63*&hf{R;n1`psB8SmJfH=LbP}vji^i11e*j6!t?`Bvn z@S4#6=3nqu%fO2Y_*O+cnuZ0y*g+s^LEi5**@Khq9M$#R z*k4=g38+GjJj0&(34D3fjJMCu_U#kzBXqey@=jV@gWKDgxkt&HK5KcL-q7NybFbp* z%QCj|bX7JP5|zD$4b+AcI-8zzV`c6Rv4U@i8RF4OH*5f?t*ThO(_1!G1*yFe$G_{R zHT9DLI_Lugw4^)99-v^Y^usH0fVnpMb;(xbBHuzWBM6RJwybkwv?{Mog zA(Y0BW$z-?qsp68qh?G}D`UM5qvh+8EV?3Tn7i-B`Y~+_YWX@cXSl&b6O9g3k)sx+ z?VH!oDdj2J*Qzk^P*fNvv6%`x4Husr)GH}}rSoSx22wdiT15bYvX+34sUUw^@vr6T zo2CZt>Y-|Go@4u@l`pKErK&{j6rE9h9HbL~bCyquMh_6MxLiu>*NL~9XOTt=r8~sp zmq^kbyNPQR^ozXueVO@+<*oUXuH`Y%D^r2`dIp7aemNS(jO@y zeD<37GS6U%(C<0Gkv_By5V7-ozxjA)&bEV+wy(Fb8(k_nwH`@oqoO#V5UQI`3fpL6 zQ22(jt8Y(3f#fR%XKe=N38@XAY!_UnO#RAke_86(Y8tzv%7$bdxnpXh8xQK#`{l|H z9E3aJzLpxjE?sSapc87JeoMh_J!>dnXX%>VFZ|wn$<8v)%zf9as+u}oXz&j915$MddFV1CQ%BIOG^|7;-b{n7me0;~C0a4tpEp+0NwzF>v!<>$fDjhILi8OmCe3ejLtQN(+#bB#W`MOGc#I*V`y z{g~dWv2d@cL~8wTg4MA*Ysg`qLB3Lpcit9n=v9|F?If&7X|AB`g)g}$kCn_wFqU!^ zKdA5KBbXb#L{{ff-|S#elyqm#7W64JOhlw}16kHVGw7*2^N;w-U56I(HT`L)EvH&K zE9iKs^~)V8SnXq2Qz&wic<1FXqkX_amQ+2`Xt9!C8Muqp@2}7KdBoBc9w`3g({h>0cO);E{2ywmVRXHxh^6=z{kz_P7 zJGRK(9PgM8+EVm*s7i8KV`++8)ob`x!k;8p{fUOPV&>8E`gO*7Gimx7uGo&wMp34s zS>wUFv5h+;qlUq4CWk*0rJQo?pUQ2a)N{iAtk*^F_5k+)WahV#qPX)-C>b)t6Dsq8AH^nzkoWqXn+Ah=iSjo9<>{EVPy#{6aN}-|Y$?C))7ZhOC^~qMe^Hqua>GtS$?98{TwG4&%E_=Gzb4-L1AKbjB>o3A8`(E zwC}T(ei@+^vuw$dk-XN;#5ZRh1I14q#e-wm!Au>QXRu9jl>B7*c@?YXKg8Cm8m7f) zUHbmOh)U-v=Vs*wu$zQma9(-aC*7uLA}b)qf9_!xbbpe`-H~EnU%$Vc?Du>6q?+CP zFWJ|YJz^GV3hWj>qvpwV?AO37``D+ovl~s&VVUY~7`X|=Oo%VgyAqxNC=l1a#o(Do zH$(Q_fcg>Vo+ZHhR8UZe?BPTlYBafSQItDA2bIBO2w9Xi+%tl?FvY2Y78y47JQW!MjAfuNGbabyNJ0Sb7;6@71i%sOIyLJ+E4%tC72R-Z3*c^eKgr{^Scsmcm`(T1b+Oh zfoEJ+5s;su;b`vzH|eLa=aIbSb%a9w3Ay)4LjLY9kN&1pI5T(`O^rT>n60t&{GqlC z-b0RTfy}*Cq>#ZS$RY-qGKvCf#0co1c}tdIe}+V0nck6`UxStoBdU(nt3y)UbKp!# z=Fr09TDhiPQzgE8ccMaSnLhPKXP~$0`?T2?%iJ=*-sCqMjJ4Ae5IZhE%j_J1u8e~Q z;3o6`aj{Vjmr>TgMmlruRi-ak?y?Xe(}hp%T2Gq z7{7xK*RrD)Vb24$qg7;?Y4CVr5H!|Nd_?cpPa)|j^d|XM?cEQuoj4RXJx{bdn6`OL z@c}m9=K*~;6^9|rC{U5#-kPO2*xGvI`#rDc!SK)5aJd<2$g!OwTN8}jXk;{GePd|}x2kg%0y}N%0|K?%} zI4Y^Bbz(ABhNgvv#tm1-jo^7&js+PFouD2r@kbU|rXrTU z_$u%&8i_HWw8Ku_o-dd4PhRv@1tWtPmei zR0;2ZVn4P8SmTgDJIw~3#vV=W>nqx<>9~2Y*S)E=0-cCY4j4#pkG?@0L5iXjmrS=@6d$c0lCHO)@;F!7kJv?(|depbS*@rKX8Nb>@pjeca+D zc)bm8w0vW7=Ok;cYEBq(;n&Zyb3V~W!{QVwvCqbP1T7vN(m?T$r_!M;qnBf;CJkQ? z8>MiG6VUzJ9FJrOfK~f>D;hyTUvqQMe%wmrIizX9CZm#idF{(yifnWzGGPg6`)sM% z9F+cV;E>3wF6#cH6~{4b{-FsgKPohkTi0;9K2u3{#u|+q^}cr;3cFQDYL!hjFS{*1 z({Cg`67;P81DwfE|I_pjNT{Y^m#S=|l6F?u#A^BjDoZa6x$4cpU#K3Lb%Nh>`dJtTX=$%k(1~>k;^P{y9J_5dnW^r4CLeAYx_1E~LSLxw&EF7lozI5_gi`3X8*RCl_zR@v0{b#5_R8wsf0!Og z$|C^3ck00{YcI>3TnF2KXLZ?voKuc2oKkv?jJUK9Csq!7SP)_OE>M3KQc!fc!7MxUtXG+z_gNwTYYpO~U)8a9A9%roC^q#4v(a^Ym^U>u*k$Hq@ zI5(!s7T7sm2v70Hww=~qV)i}?j{9sr1n`8KLNO~$@AUjKM1YGUd9SWtQMNz zPPIuonupx<8(tk53Rs@xC?Rw$l;YY7nY4N*3((cfSEWZ2MAUxVel%BN^jk@ySC<7M zSCDm*`&5Tohpj|7XI zzWD~MeVMd1uGY8XKv=+e8v?*69PI3T58LySqo6>$ld<5UUn3gtLjmnZ@aENiqz`VH z?uwZWfv&lI2zpj=yTh(Sx)x*b^>sfn$IVZAezq;K!*&`{SH^EYI)em96Sy*u+V?(O zDiA7iWBU<5WV~$>D^mlnD##mStV& z2rDBhW0+H?)<&ZKk;RdNBZ?7S(K8f{zgBwMNJhP78x|Pv#y9q|Mz0vD1%ztnI7Ahm62#5}94e z!={eeXXH=(BENf;SvqnrB=@*nAZ**g<8mRBcEPr_1;xF3P70L`=x4{wy^aKPyKV72 zgI@BcTsRT*k3|9E(C#D76Z}Y>C*>&yvDw!j)FJY@ip-WZ2a4^O>8K>}Q62NWU{DF> zd^oyf60Bd2Mm1LVGbVXAz80<&*R^f7krOIb@zPM@)HVDR)_iJA8yV5-7_)q_9=2^f zQ7+5b%a@gNKRaggTw}?3tV|&<&(bN}0R8wwGx&KZ)vran`*IfE6xA;;)OMqZlFhH$ zOrv6f#fQ^L+!&_S|CK-(U+%25z1d2vKF@kiz77D*){J@h{T-L{FRp9hli;L+6FP5g zU6G@qNL~`{Ko_ThnvXhdpqZ(S2sAfR1u5D-GZxe-eg5S8w?hk8H~$&IYJf0`^9ngR zh{+k-aMz%KoU?a$ABGcH)v^&HC`Zimfda!ec;2y3JM7QM*FTY|!Q$2$u|1qRk5L(l zRug@f*SsjUjwqUULqG#FMN@ZxUi?cdG2Yrw1qVLpeK|_9)%pf9p4ek>f{ks|oK)US zjd*tmrQlMNo@)BkMIgFV&40;mP`K@M@n+~M{^JQ}5Mmb?XQSQ^eL9l_6^`Juu!(=m z0f&XoXta}xP>y@N_GtqEpK+I)BP(~71ZK~HPJj4u>r$gY>o#F&)gR9T|6eB%-5lVT zeZG$^0cf9l9|5a-;x$2X!#Ctz-{q{I&YP{E7l(>uO_Y?4?k^kaD65T?qR$#|%RasS zrz@Z6F>I@-_>j61S~|_4#IoZtws;@CeaHNMkqyz{?h9(kf0#)AZuJZX1}X)b5h&2n z)}wbC|KS3#0lJheJxWbymx#ftRE5eZYd%WK_*xV&iF$1Ycsjyu`>B$w5K@srgtqu~ zx-wPq-UwNquWWMl{9b%FnolInon{QmWi|-a(?x1|U|mD-n#s=(M^o1q5t|x?1JpAO zHEvrRy)m77QvVXOXc;*mIO3Q}U0(?pdmbpwU(fj5EXNPr6*~Pf<9C)y+8V@f z2Z+Z+L=G+fr5aSf3PU#|0dTaxiTwy8cn7NuW5EOHUSyf*O_qFlP5U|SnL^jcmq~0> zx1U$44Z#Xxc=7~HcL4fqKJ-te+UX_v>1(=v?`S0#6l3|#k0w8aeLDW%NIch*E>rS* z@You!D~&Mza8Km=3#o5QG5Ru52uwuewBR`&bFeJ7m=gVm^HLgMH+Nt4dyAeXx54T= zQcitu)eL%$>6Yl~A*Mgo>UjY_D}v~PXqI$j9N}fiZ9rqg9m0OAP3hahCi`a{gjvBy zJ1)ByA`>n4&dvmRbU3L7&Y=x(=Og_Q-iuFZHwkHu(g_&VD7b5H|G2oFrlz%>7sYhR z7f&sc#I&D9&r`I21G1gZ@n+^RDyn1CuXM=UnKc)e*!E)8_F_90Vmkos0bVo}jj)r+ z?rKk4+tUCU6@rJE6x2c@05>la9GQI4BX4+QnwT)CJ3MB%@gtMCOlPRD6!C4TCiNi4 z$%Tm}{$0s=)8_i{ zK|z|YN5o)gshSuTTJnd3A^ZIH@uO-+|?X^I6FR_YhMxH3UodsLMoqj}y`VRRD_& z!F)O*iUhpE=$aarGsj0WBk6E;H(T)$9#v#lJGj}{U`$5tV)9RbReS_h-+7T182t`{ zKI!rE>zk;R`AbYVqPgiVHAGVn!J&?*IUxr^O>+INsr@_G@lLh)_IGf(nwNLu z-7zlqE1J{%RV!i4n$963v#cUntv8`Vxi}HT*bw`fR%e@tTBzoFiym<8A>8rf_T5zX z{=_9%lL{(h+;AMB$Xq9q8l@fx?*COuwhr54l%HCK4 z8jLxuy3{ZVlUDQiyA8(P6ieuPx{37yDm9_U;U*o<-J zr?YE!-Ejbcgq`Jt+Q`L0Xl~A z6yz9ei!K5wRD2I&I#+6~0gNga?%z1eF7@0{^VgkBf2AcRgL^};I+A}EI@B1u10HS8 z@mRcrEus96or`e>4mVqQbOIJOyW63ik>)`g$n?y~?s0KulpQUDzeh?;M`CA0f4@Gn z7)hq0QKWpN4IgQ2v4$s3l^_E8Le%Naw=A3pn!j|5w}kNv!+A##8l8rVwi*carkInk zXeFJA#>B%# z*FjE`i~h1nl6GZT%;WpeX*sY3CSP;bjnkIYBwJyPTruY#`J!7tmQY)F3_R=P5UOWH zQxqBlZAr1}RldVnMTV$g2LTX6zZ2)AE2hT&%EriOrKo!I>h~^7*AVc)ah7@krd2v1 zz%)zfG%*@$-IFc85Hy?PI zEhYmYXsXFvo>GATd!Ts?ysRhVMDPwKKt|s`v+4=2>aE_(H;x)&Iq5T6u-^eFP;Tgv z*&m3Z&@mXLAGVkEnWx|X_DP`n>AIHT8-q;6pQ5+BUsuvp7cI4J@TL|2Ztv}1nErg6 zw1$Gs81Iw=gz#QXs>CxZONyE|hnPD6 zcc_gS4=2S*b>p;W`E=6BhFc+vyY)4(&eOyqP+n)6L4>?kL)0I=^^(VkZ02uu`*LR4 zaj17y{LfUSg)Fkq$cMvo9aGBpD(Ky)m8+)Ai|m>Eu7tx!9*ipRu-Z3mn_Fnv$(U(W zAg9A|C~33l7ezg;aeDai5TM6NguGS8BMz%K9&rd z{B*bPDv@5{F#Ndh#P=w@^|~B)gFWA%gXsKA#NIM{G4sN+3BM!5mJKbxbA1=wxD3&! zGLh1c*HF=4h^WbisC{V`YuL)a`OIWLvZ#VO1 zul&x=V-~{z26(=zJBX$LI#H*!3onKplJy>J@_4X#xD0l zgPj~6HB$}KS!)MKJRo>kkcw8H?31_QocoR-N{;s8%!vo=7H|e${qn8NZiN7(pj%(hJ>#M1HUT}Gu-pOATwsK#T z#&_l-_ZiT5X?i~bC@Y#rmlc7HW+vJ1}d`w=tEma~ie0uo1<&OEXOr6fOm$`2AHC1&|7ft7BX z)A4-rpLpNSuUSwmwbzK*Zr)qDC~8(N`6^}wpLcZ)MMm)|R|>XkJX8dyAKHSDv!QrK zjc)<=-jBn$H1L++Mfda^(Q)fZJqy1=;YbJ)I+*rP0}9BjI{4Z#AzvxVaQ}n}SC_xc zkAB?4p^-BIqN%I z4oxPBcp(!=QQ`t?K#m*{D^OH1bt9OtzZsYQ_=U8h)*!$VHoVd!TQib za0YhMW|>+CeEf5g^Rca^2BkK8gW*+!-EI%!6H&d6jL-L zbshi}*Od3Qt&CnqB~eh`?>urS4-I(1kY z%vdyUw8i(G`iTP%CjQp2NPEgUGIN`WzjZ6Q{H!h02!Hk&LXd0~sdWF_Unc!b!gG}w zmT5L5c}=d3J{)2tNHHn_sqOVgrx{EE@#JwemcszV4@0ie?*ajp#v6Y_$!O@Cr~nCN zPaz9|+8+bJ(9Df;80|AviX39LBmTAl0VqLs7E_5ookp-IJ(|+?k&)u*!Ni$o@fV*U z9ya>Z4OH>LQHl>0ynvLy*Gns*fa=NwUa{RsV5~9!{p6=mdaK%XvpkpfxgjEzg|1S1exvwxPcVK^zrD)vMfoQJp*e2&_wof`6qib;fbflr;N?xm~^I!c~^^r_z0;(Yw^UQ z^>Q6hq}v>08np*-P zL2gG$p_1%+IwS=2Lj?~`OMw-}!XVi4C3;S-*rWWoXuyiR>*pVhVsu zd3cf~Z_pxdN;d!A!7qE8Tuy)1eDCYSyY${1*co%rxNCHf8gv4ec~qe4H8R5c>Y^D7mDhCUmPa?Dcn{0`LeiGI z7gO64x*p-&J&Ea@ttsS;z_)+? zPhx=gM&%wGukiom1u`%t^Z(8ZN;}Ez1k!G#cW>m~#Xj9I%qm9wiUq1X`t+x3J zf9D)oeU;ftFWfh>zuzQw+Co`=lOsafV#EW(QVJs2E>7l2NA~APcc^n7mWegk8E_wB zycZZhe&8^3%zv4L(6gbw<}T{eAhoCeC#uSQvH}IWc(^^hTi+Yz-mOTH$9P;FMhxrm zb7zMd$Wd)sBI08(4Xh7-3IbYJ54-Cw4m&+6oEdTeuKC;}Q~K~6?;$g@*63udv5E6K zKXVZYEN7o2vXSb8!j$rR&u*Pf!w*W9yp;|0QXQCe2kww~<5^f{EF58zT_{Tq_!EHR zl>+$T_yvv6OIJ6;QfQ~%i5@?q^(h}rWVD8*r)znfHB^ndGSTZAOi(VB&l$*D*sr`4 z`eHQr>0qtyrQVaZ$d!Tti>^cZTszl`14a+4<435e)2;|}A);vZUjPb&^XmS0&y4qL z)TUW~`*)WVIS*Em-eGbmtUeE?!WvNghyjLdmCGD5G=MjfC{XC{)7+xW1!PvcP((pm z2LV>rZUpRwTK(0lNK%83ZPAFuxS*c`ckI{sO#IoCTffAYmz0S*?G8UAtnxTNQ}H@K zTY<=anE6Zds6ctIo{(V6_fxXZ;o=Zq#zV{pfO`jA)DCn(M0Jm42bFB_M*4PUNf#lD zjVYb1Fh||l&m=1fdjs)by5<@=bIP@4RV4FOPrU|f%59QV5-{BF96!gn%HPDYge7LP zS56(iN^$z0N0ra!wt^Q2%0xZzCCr1Vc}=s z$7zC18qod^4niAZntN#qT-r%)<{DK)?5m1)U32O;J0lo_gc4uwuhNnqq{zddW{UF{1RsqqOh+10CR@d9<0_-k_eQ)(W9U5b>$FE z=-iZMPn|C@hd_jgGQgcIvcS)N`jZTZ`PbX??3WXiGY|b}`JFWY?*TQ%+=wQPQ53%QgUfF3+9e6K( znlbOH;Q6(5P}=22Qk|Ep(`<~`4Y{VSyMe=3*mbr85SoDR$C=4cha@fbYPHZ-XPrBk z{u(!Zd$_i~^>YSLOzih6%#*3R)TOK5+_m*^UYMRwP`y4%uL~vxj9o57t4@Bd!0&Gs zCOx0+Kv8$il}>^j)L2~Mz+C!6<$Y+>EerPElQQKsLgM?}l@_)XB|IB#eTLyqV z34-s#Z!~M2T_+yF;NY6cG)s`lJ6jWHu7Zeock^#|D|vf|nZQ-o{w;}gIy4v^GfAF& zF`IIN(%q`u%OBZ{_Z7BK4^p|}mfu2ag4JnVBwZaO65$_21=NJrSe2N}8d^acewk*E zVH&RQReNUZ7WOG?WJMFvG7qc8h5oS zM}0Os#3Mqt?#>5GvW^VG~#pOCsj!pO)&#@|VzkJGRNJgMp`Y;Sq8 z-gEo*(K5?9I#pJlEtVd^aG-BpQX~lb!#b`ZC1N?2F`$*t4goS-L2%Fx0+n+1rBk!hdji! zv+OAz$MNU>h+)ta?9Y0~VM^*^EU_6#xJR=I&;gAbWs@;{`~{}2+*)QM^_Vo;`y!(d zo?E20ode6~0^)t(vZi#=kHB?t?AXd~+6n8fO~XI`f_43zDfc?C)x(QzxsJYB9dFVj z>wtB&xLtLs7&z#R8>k}AZtu+9OkT}oT>+o{acq3!e<40y<#n>{cs3MNFwrFTlOA04 zacgoU{L*EfHKj;R?jVENYpKl6*-e}z@&5Ug)K!uLr$87|{zIh>CI8Y}Bk?kZFhP-S z>X&&Mz{?rD4f6W;P(|K5rDLqd?l++o07!_31*+nEeqS?R7Z+T#d@d9kzX2#wQMSNU>O#c)9UAz?ELs5j^sCjC$ZtRQrzV2d*|=*cj=IBwfeAu z`f)tn!QAdd3uAC(cQGl{r1aGrlbr(3E3=0dWgzxat)~soCy+s7_e_LrGs@>(IrOr* zBL!i+82ED0_Y&>%G+I_-g+jwcik&A#Q@1LEJD_tpyiK50x&jI&n@2)_J=7wI#;0S( z{Ll`b2j5NLU44P*O?fUIPo9T#*wKV3L3}N`&aiq z57^^*xhoUm^hs^TU=8}#Ca&6n^|d~1&jf=C4#SHoMC9Y4@Z><>aK!h+ATqUT$wBcj z)r>Q6hH9bWSB$bh>lLAbhHT;+vvciQ`H|#DJ@ITxg15++u?RgAA>cN%${Xy(p)4MO-Krk(6f4h!TfZUv3+6vpgyra_hB?Q7OR~a;H}_+2&s|Itv1yj zuGQuN6!qs#KX!-9jJZV9-_Jm+<>e9hChktC4_v?#f2A1_jlNvl@v)v?eGH6<3gUl) zg2i>Ar4*cJj%}DxR&Eq^R^{ODjepG!U*?foJg4MI$&S5a)QHu2+@_M2_66#^u!< zwfem^55vfs@MzeCmVpl3`!vqKKZ5Zo2xg)&>ZZz^AwSJ?D{0w=-RXdOO2(qO+ zQ9L=;sLjT6J1yKFJWFT3&fzfhi~6~elR1(5X7(csqZJ_Ma&|O*vPkP?vtuDtrdq;P2jtG_z_d0@dQtb%>)ckSs7Yn0Jxw>)|NYmoL7 z*C?N22MPCIHVn?BDCju3JNSEX9wpiEQ;q{ z%Y5xVpZ}Ad+^t>unGHEP=~5oym^clnk(B3B@}pwZV7h6RzcgxLWgv-^yBhfdn}bZW zfv*@x*`%Rh1z}5;#Ei~IS^8^RhE+I=G9&>bw_ZK$|E-1#=+=J8L=m-~NTL%7pTZ6# zbv^`kg6|p+fYo)qC7qy+`AfBSaiq8jFufleZP>efjavQ;hEJPYtX!TQ>Wy8=k20`3ZZ3kX^q;qG_vq} zZsjw~?>qX33}0YJvzD@>xmO%>{)IbU*5|CdTMsitJ@YHC9E}N23gZZA7$09{FV)r} z=JpeB0C6Vogs&%Lp!8dw*&S5(|M|aa@o~r7*Cfw9bi{U;zH9GGFl+?xyxz~}K{m4L zh(SUwF_O**xZk0m;t8-{DvDH1TsIsa3qT~Cti?`|p9h})d_br|G5$LS_jdi$w@v@y z0`v}BsF5FYKhYzI?`JJ?iI?6{|NVM~XYk{tM#M;SC+1VXGA2xsLWbX>g(3~u zc8-J84y;srf)A z$+${U{L^tV?^N^aR93CUbTv+4_Lk40-c?+%Ne=yzL@*SLdzwsGnd4OG|7ZnlLF3;7 zCfa{w_f{X*(3-#Vz82V)V!>$J4FR@aUMn=C4Y@wN{k#KXYjC=x z@${R3P}9HCGMpK}Oc%K<0kPQUUq`Nh&xP;s1Ec*r7j>(O3fltwCQx_B(^)pWt^sW) zvW%4l;mkl)?H;BO?@s7}kCJz<#dcWv4dvT0wUpm1_J=m5MGD4M+@8TmMXOeRlD=ZB zwV!}ao!K9?)!IDCj{!dZ)t$HBzU6c=ywkiQ?wwseIxcvP zGdg3e^S;Bi>T<8MB@d-WtO?@>=vHfrRIT~?rDR>VvJC`jqo+%Y0=_RtOF<^3hl@Lz z=^A)9t+ZMRM))K>*}+c;<6anaQejUbo0QP>+his8ky1v5e!SI{ zuKwPU_YZW=M=pXtRI;Iz?5*qoMDGFC(FY*Ne%^cGK(e1A=CdVxy8oY&i+qF{K7~~3 z4cGWnMK?j7*`?Exa8Pz|5I<}!dK2##7r^dD?o(6`5_U^vsZfL zk0JP!@kn!3Iuk}TD`3abDcVY=P7rT*$dnF!G6_^!IkL}TtY2S4;u`4UJ9+XTimOmx z*!_MNGtuOY`Frfn4cnLk>VZ_km(PHU;>>(`U+Hl$MONt%-rbHliDcjpNIG;KFzyC2 znSE{H8nTfBuCSRjf|Sq3lCQp(S43C*I?1O zD^R1BiVYLqJQnxHE#hf=LjHGy|jq2Xp`O~=7+@uK{k#q>=C@;^*_Z^~$mTH~l|25u7lxNvv7_K@bV4k|TBAnGLg0>M< zNmOCwYVp>OhhA!Ci%Emnb~&5EkYYzaY3giCIG!OYU}oT9x8Gre)@1)IdOE#97Uu|WTf!k~#t zXOr^aXx&8+G8~(Hbl~tMj8ROo%E0B*AK)yHPqD5{Z&pxZKMt{L*J#gsNeEu;k)dCU zYx$pC!G3fz=5FvaviDK^u-=N~*h!NVGtCdBFka6B+^(q%kD#S;lZ5{R!o05HIzaty zp1n6p{;dhW%#XghA28>U_=-hkjR;fM$hZlRz|O;ddp5aOAiu;sVxCaB zS=`YFnjtO5J5r64!o5$u`M-W61?a^n7z7-GY|txVs7#<& z{r1w5t|~6xwx?}C6`xPtjsxB;pUH6$-|+H28~cWbseu8vVhVGWR$W8GL#V7ZkIDRW z0`1WBMGbM8X`nsVvxKkd6w@7Xgpl?KhTH@mKA-xVqYkb>9ux{o$jnC z0Hgpo^4(gwc>k3GWTHWXsrIbEp8q5NAZy;|W^r)@O1^SL-xY@vh3`H4l+Z12nrZYv zEY2*?%*j*1lt|ASXsj6ak&ch6l(YvJJKI>|pP?^*AxQmq12kw;~c6&-a0&taKJI)uxKm7!_q>tpAbj{!{Cz zCmet&)~%jxy*~5g0FhT~O;nwCjP|jWI+;RHbUKCa&R+Af4NtoTOS_^&ER1OqpoUXFWK*5&r?NA)f`GFl;I7e{%kbC z#gCgDP@b<38xb&x^e|Zd&bzbhMz9H1u|CpVQv)}(s**fV@>Pr%$u+t;_!hsVcv}b- zfQ%|4z~2Op$3XI6ZCiijR-_+dS}(8X0ed#Ty#j+%vDKAn?0Eg_AZq6pkq21q1EfZe zfFsOvPT%qV(Lswh*r-fq=!1|Ye0tpkdh}m|X!$RZs~1XODR8+?Z{yQ#=Q-_vxy9=m zf#-G7E4sW4Diw?zQ5h0c__(#;Ic7D(G_2$0BxtZU!S0x}RFvA_x}haDp<(AMF$0FZ zlc_w@ns>X~j*))B4`D|<|JV2E1r}V{97Bt6k|#$IDVN&Y`Sa#F`v!6pQz%O>3w$EN z*x`M2-7G$@b?g(dfd9iF?>w$-yHWf8mE=O-r193X(c*J6Fp4x!KlW#8Xfac9!<&~@ z;mEs1+)CZoje(e-)gmo2O||a`wtc*hgEJdG>-BAST=1D3xw2Ye=_zuBzNNvFW1h zf_n>B2(GZgV8)B2;Veap65=spVJ4nNiKby3yZ|!wg@42$4lnO`!i8o4 zCG%rpAOfdwt5%ZVd4xPRi7T44uZ_|d6xb;dS=PJRi`o!#l$go7`CZ;zM*^F1A3F}^ zr@4i2zsbB>$Oqj2ijM6=&gndwc7WV!$2A1GK-+t^nZsmLV(1v!%oxO5NIy)4J?9J9 zEjOC=mqzx?9&N1D^XF@OHkVYT7c*+!ywUL~;rbNHrw-w_b+T`m-mcCPxPaR_1&`}j zy_9}x268Hi;|LO>0v(hNlTblV!lYKP@!Ov%V)Y8awN^oHxm{u}j7v)g(Oi8L1` zcG7+U3Hp0N=;R~pUsJ7RYG|r02;ohDtt8e(0OtX9RVa(HfAiG*i$6$0=@*b%Ej>yP zXRG`*AU~*Rc_H0RNrK#eJf$>w*%R%(DU{4$dXV-NiEqsD(_-i@1C}pe^Jh8P&;ahR zX3HFfQ@W;JtWgc6a@8!YNo~q;dQV;XLjqGAf8w#6q`>BMC(S{!$3cMgJFTZy6Wm*L@G8f+z?G2nZ6=-7Sp*($d{9 z)X+J!0@B?KCEXxHNVntw(v5W2(EY#o-tpYO_YWUl@L{gGCeAr~uf5jV=R`B8cL#j= zz@kdo@zIVcKB_CMSd(L6N_^}ybgCpX(q0o!6StB914)y8=>BkcQ?|sog%El|HOQn< zH`=j*peR8@c1-Cg&Gk<#PU-;twls3m;(pOTI9!vgjmyKiZTtPRcE+J{1Qw+Efa#3G zPOS#=fuoySJ(%?qVQ$fnx@0T?R*^UPazk4Un0zYwfu`NZ(P|w7zEib_7)NR3iLu4W?ArIzzo-h$T5v#|y*tasR?Ot%{=LmXftN4B z5gW%${ma2-gv_TZSZ9>a#qMG>KRQR?7^&!-a-~tpRlAI;iH;~diXw*6Y*Cqvi#n6~ zxp*QjMm<_dgn>-!DO^itv$63Q)&yYraVJTBJh_Q9z^qD0p+k68K6RApn&yJB9J8KS z`%5a}xM*OTqlsX@X;loLGUAaV_7x-z%&0DH7i8!?K^DoeNjsW_ozShRbO}PIhhO2@ z@YTqM{S+M%ymR1XkMN8*a4uzm@ zFV`Ml(P^(pIcjhVn$Zc^kUSd~IA96`vYj`4v8bu{MW~G=PBs zf}48CpUn9;cBHJL)5L42EQl&wJbfB;C~P+zujq8=SKBD&0Qb-ST>12;iBHWTJNbiH zjOOuWW1~b<#p7<>pN^)3hX=x}7%=PozMxGe)ewc#v1U%1$Zfx81@`I!%lQtdA5aVR;K+cp}3q1NVHl9lp2Cuzvfh|{&kQgK5r_Kdoyo!wA$&(8f z%kvE{8aX1W^zjNxPgqo({0tOY&;neCl#DV}VQ{xhcK@!L96N2Ee~2Kde9_a_n`8zW z(+n*9nC6u3<%7n>jylgz29HlbAN=u4^c>{t-@7<(h&%(`pHLU{r7UUg##y|e#K>+>_L@+!`Ewe_mp z%?HYHV&N1XQ&PG+FL~Edw#~`ora;JHRvtr-S)l}$D}tqJ=O^IqV}MK^F(X=4U0q!* z8ML0`^ImwZjs~ar$fug;vcx|=k0;@wiPNjrE8V0J;4?)t^i`SWwF|${#^YE=z0h z3yGYzSHyGhd|Z45foVJ`wSHXB=qs}|)?_!!t(Ml-jvs`tSHv2klYf*ph(2Cqt_Pe^ z>b=@x?;Ey-0$lvJt$E-X1lB6n3w;+390y%d+m8UPJ;rGHkHi@(oEKCW?W;}Nce|1d zfGbRa5GrqU0%41&yqZsMb@ABj%uG|5eg#7Afjs6Fo*?m8+2>R7LN{gAYReXmy4p2w zbtE{gLe_RxG$`6kBa zc=)tyH;e7Hl(3oyS6|h*S`Juo8InlM(koODtbE{wNV;AUxJH7S>Ri;)cybFbj(55t~#MGOlT;F1M`A%n0<1UU4lfTtAWq^Y?RnEeb@bHmUx;nF8i@cNPIP0Es?XPH9vZpuj zlk=u3UNX|Ye*E@I(PC%Swd-QdQ8&cAN3Ec@PTqT2UKW{T%9<$~;{eu;R_|=YBYz-_oAZaE_JF?Q-Nq=QX7%N*a(?8|{B9 z3-K7DBYUCGU9b!B`rhl!lj+5i*C-G`Vy^em-LyWBc}B_1YbO!CveWlL`{8StGe8|8 zAqmXK)XjL2LPo2epA^0y#=Q-%b?7K4-L%z%5jIEH8-7eB50yV0HD-$DRP>#fms{1( z5g;j%b&|*qH<4M=9AUqkL=U!I+BvV$#M%a=UBk{~xxDcOu6#k{+(zIm_oaqcly_YZ zFN`>oF^HWMfaBGr^nI?@U3Mp$a&}7AY4#)3vu5O|ztiJ`Bt*3+XN~)n%XI@2<|g!I z6CH6S9k^*>#OA%BFXT9Ps|+W!7HVJ1lgBTa^&`Ns`IT{aBwEnyFV-4mb4;6SPt$b$ z^qL4f48W?Oz(1im-5{80xh>Kp+T(gIY2Q+`eI8`~IA5leZJf?bXgD^$GJ#nJWFitf zK+-|FMM=Pk#ai{Js#^yM_2~nyrq&zkIsCZtd3?I^Hc7=vVX@%_ht}@&?mT#~S?9?& zSOTVlsppzWdmrGbLzjOolt@v@YG7}?=!bbQB7Uj|ftB|!xvb2k&JvZ)#s8_KOVKwe z>@pOlb$QSroNMrfNBJ7*uWm@~N?GH3yYj_JC&^yu+{8NgC_&?TiX05^b|WFSPkT2Q zY{Gao{F(?6pn`S&@%_bWE)A;wU#=-ov=8}99$&kAp)>E#3m@+WrZZ}7e2?3);e_0= zVMe(K^x*?6LfZ#KY-a6Mj1;MU-q66GOKpZ?MmRV!}>CTud685$=>&2H+s;>G_&Cl5@r*CPB<3du;>v2fUB{k_?%TEXE zbL-K5m{v_stCDQ~E_vG_$^6r@Jy@(}3U87CqH)6(c>UCnx$VhkBtJY+;wT#5^Vx5K z@a-j~x5znu3AAJJE-8uae9@yE1XiYyC{7i6^9MZR)g2#8sWq5%KA)(RXlw__F)x^Ppi(Boxjd?@y5TW-1j}WlE-k91&ia;v4e?PgX8a*ZAJtIxBZt*B? zQR0c%2o-zB0xo6wPo??ni-8Q)NVqP^NzwQPRuU+2`GPwxSMpl!u6InrZY~UsCkW+`d~z2$i#+f_ z`c1`iUNVd#bz!Cs<7j8))^ax(OXh_*cNV4+y;_oEZ~ zf~w4Gbm$WH_+F4Si4cXQs~U%En0P8QC#d=5tT82`Oa_TK-$~3Ds=hZ!$i)NN9Ae`- z_bpVUoMk%IaHhrKCnD93k+X>Z2eah$tC+HIuPJMHd4W>C?t)`Vr-fLljET(!_Y`KI zErZ5i-mAhL=D-WJVc|Ql+xE9^y07SzROl_UR^|-ma}1hM zjlNPEWSf}H+ZI^oAKDlkBXh$Y`!%(t(6ckD8$)MOBsr+jysJ#fldqG1w_MvPg#1;VeKH_#`{8w| za>pTpD3EO@f9kGrYAt@t#rN$e9{LXYD(!-<;^+>2pUC82WfxePjaC&er$KHbs6(J2 zqe6~OGm2SCmxJ`|tVd2etz6M8HtYS5YSP&@8s(d8xhL|NniE_q70AV$wrhWt$M`}_ z;$}a*%U9_h+=imGDL=6RJpU+sp2uOv%N-lH6k*~q*6Og#YOda@O8&D>8gO|4VSHsh zxahX1QoRnl5T(rRS#$Dk@O$(86=QMJr1ja7x$f$GRa2UY%`(?=+!;;5qLFU4;#sW_ zm2n{&7Hh|Kb!8x2V0QkKUhpZpO{sbQ z-_>t@$V+uH?|Ze^wK0BZOsNh8{!P)sj|`AVj6G~loDEOe9UAo=GpomyH#djVUlIKd)ThQ3in~gf_EYt_~Ng*vM0V({{~KJ&-IlP^&ds zo^r%h#;SbzcSIhkt%?(J#|AmM)D3`d-vw*bs2Vw0_K<@&LMydgmGOC|)&~|{2zWSY z2nKK!+){_x&dlofV1LzK{W`TWEB@$G)zli7CJh=Z4Ewg@o^_p;wG)Xlw4;&Symjvp z?rK}0)+$)y_7)&>0Wg8xkCT>Li-({F)w8r3?F>)IqzgVVq;S7hEO^b6ln-~2cM+3s z)#|R)P^*Oypicz(^>vyfJl`t zEmBbNh;#P$%i*#?t!Z|rq7+8HT*B<>Qx@jmPx((ydltI54!9e}el|3f9qL6SSJYaJ z5*s;@q!gRokhH&y1?m|jBn5Zy1kapiQzfKUjuI^FwwWX~{mL}khBzO1)DYz}$n$x0 zxu4;+ggEsd`rM_WUc)mEm4yuD7;{z{X5R#3v^>condk$J<}Y0w+uFG1VyYEyyx)!<-dJ$C(&&#;dgl50uEG9GHZ{jX6^)>@AL;|1s#u?!pi zWo*DsU7hbmWTlA6>m<}c{wvr<2xJs9^V5fB5B-h}=UTjD!}vEiW?HI)VX@r-;j%j4 zl*bw>XX05j)=M&bML+0G&%e&@+0mPjn;(4UT|TRTy}YPM-ThJW=XJPD7%hl0x2ATY zKzdKkR)GLEM!}esMp}9G)`b~2izb5{b63fBE7M&kA?zy9Qt;a&H>#z_vEbNy%7l6g9DefIdc9Ie1ps0;FRhK{HJ$OH(kY+bFLN5 z=+O!?Ga^2>=kpkd!&=18K{hC;Gf*9_uY2(R^m=o<4IPI#CEy;0V=wDgUQ#=g^X@mi zgo+&hiSnKjSlpiwg*J;{-L`|?%}hi+bS&-Cfqimuc*aN@hu;9b{Z+=X9UO_X~4}zpGA%p?*9E?0}s+hQD!Kf3e=6>4iVtm z4)|i-XLGC_lEq|}_^u|LGiFOx8Jw1Hp)e37L6}CrZk6#OZ#!#nLeLTxNn7Ae6C_bc z{SN!x>4aK^B4)8LmW!$f{~&t`!xL}kwV4rT{0S74-059v(3(vn#7%@b@>PK;N` zfur9_l@DmZJc)5{j5uqiP0^sc4T-SkzC2Mh@<8(bx;!m9&eB3Fb7k_q9HClxSvrYj z`J&{$+&rBRD;;lCLYwT|YpoG8&c{glJ@=NQgIL=-p~fzT@WZ17QObfI!z*$}(7L2F zeVb?}w?r-WJ_suQSP-?wMgOBw4!|cD1h#)fMDr5Zk=wcULC3=352OK)!v}h14Ryyu z0A+79FYjA`_|mt*TZ5Nkr9UzqBciDk>*LnZAJCyoc4*LHe_%NdM?hXe+nIvhZr(}( zmkcO!=*#>pq>*K})8chy7MT=C)0Tr4vY^pO$>Y!UDJvM#w3|%Q-yCM&zmskMK7-@-!wSEH8k~4z;%d;Eod~Xv=4Y&T zG^x(4!rnLfLOjd`=R?{=t_J!x@<6xd73n#Z^|8ER(%CPdoYviVTIXNTpecfI6Bnn3 z%KG9tt!c1Kd|osP{`b-kZ-T~7-u=j+rd%l0F3g)kFspFb6sH4UWcKuau~4l*(a4Vm zY632Hmx=GxzMT;f%NyiXBTD;n7?weUgG_&)fwcjam%-tDCwd|RLP7`f3@5e>Ce&~(H#Xl&S?c?ma&Cvg) zB|RXVyMgi>z%%{iX^Fd5J7HEi^R=>5|4@@(2%-DcsV-Lp_+m$0Z#p&z>4h7d^gBS= zt2V9r8!-7V%(%Afcnt4VbvHI+ULJl+>@_K?_14&`l zHuwqeEU6{%`wbE$F}8s%isxzPkp@v8OO=6vwF!Y0uvbgRhN{ghdQZVbfz{6tcX@JSI5K32nN*)W~wGkWp!?Yn|M-a%-LZ zUeejsNUP1?JBU6>tr5`~s5p6C5cZp6WbK6hs@DxODTV1Z{BGP41)j#hUz6dJ{FrO! zhJqR4k~uJ#QmTge$YD1-uf#TzUwK+uM#PY$bnGXkw-+n=;Sa3b#%MG`RKPCf#pan! zmFgAp2?X5OmSOmP#;)C<1U4=1tW$&7O8lpDdm=eXkcRACB?+EYCepa;%R~jQjXc|q z4Kk(xcolaqv~M?>*RvlghU;F1#3oW~5XrZB)yjJ7i0mi%u!0|Td0gU#7ZuX=WVM(m|a>T2ralL@k#4KD67&xJv6C4KJEH>e4peuUP=Z>9^CZaC%WsP39_M=(lvMoW?Zkkaw9DKV#vO(8=oj=-QH`v!{= zM`HvTlv4ht%Dn1-f<;~V2mDUnkzKBAd??aC5R6_I8nigUDIHEnOENIxh@Dk!K2@w%Pta#cDu*xz3O)eSR_D#rSgQgv$`C$TN- zbf(%f#D>HGRODn7rs!P@t-OM6v4}0o=>zEZWQik7vx64>YHk0*vvc`8Ye}a`gtovO zxNSj!Il`19aH5fZ`J4 z*M_#&&ik$aCR)V3E6z)=3g_Z2$3{ou4$@c$MD50G$W(ip=_PM&<8P{1_GVQr5olhZ zu3SH!npTji*iJObwP{^+vTJ@iO?}{O{U2#4Es=UpC^B5_H1EwAy?mN?-HA(4#P;+n z9D$qS^dfRIrumMpw*E35)Viu>^SI8=oYmF1FoJXZdLvhN_tV*3yVR+kRfmQ=H~URQ z9(vg6CYZ}(zlK-d=GpC6k&OE$M8EZ{u=Dz;bww-0*~{^2R3g|kO?0t|58{;i^9uF= z+fIH5ykobQ2oU1KWAWqGah_X}!34}EjdES>>A3FWHIk?vVBq|Hd}HpZLViI`T&R1i zOu2}f&#$3%SeUE^EtQpC1V`pIw=ciFzmdw_m2*TGM3(E;Be%aq;;3)BTC1Uqxto0U z$j^LzQM=@N__tm5H2Rxb*0H7g)o5T@S$l_vu?~Y^#Y{)>rGH+>`swE7*nK zqJpBLK0gU&9jie@C7Z80wzu0T+5d?_dGWk3;qzc~KTqDPqa%y}`hTm~K?rQF#S~KEIjG!4dJRLeD9ovQdhtCPD^M@nsl$Ibr7V!h^ z@|o}aee|DDJRolH+O@R2^;LgGO%#HL&b9jULqZY7=3BK;!fx$43!%wKePx_+LQm}n zGcg;MnD>(f0ZdaoktBVmQ-!(e~LIpsYW$;_oaj+IC*?7ecC zfCl2!#IU{p(~DYW(R_3(+>%(6 zm7m`5D(9zK4uoFCGWR~;E>Q>N0CV@m^3(#B(TU9J36~eQQ0f|(y&0^_pnC*1TEA^q zURJ(xa`ZUgfln>S1`20xe~*(4clm8jCX-`^vFa!J^j~BTuCQ6N>$TV5R$%F}Z$x*# znwD9 zZ2%t9J5(~c6(pke$0MQqyW^_;cXB&DvSUN>ZtvsNV)2#XnYLqv3t#3RmCmZ0b?30F z+eo}ehmdqxmB^5f1SeyHjA6ZobxJeJEdjHY7oEt*|p8fh)=tZU8DcR3=T ztq=D?{Z$-zUP`Xxi<16I2&U)^p)=VDy;x^t(?9F>`&H6pN?gbAIu5ms-_HOr3CZ@a zoq?5n2m|2!5Mn=aF#ZIopvHV$0K9ZDpB4Tg0A7TtH5X+n@sT5Z8&9?;#gPd!Nxj0I z`;A$_ICc5=JXR(+t$lqmhX#Om7V=_GT7ZwM4)4Stfqt4Ix|fqqH#Z<_HTL4W`{*&arZ zDQwO~1Q|NcKkwP?gJvY0%u-~Z2xT@&$IdrhJqKbh5wO}a*yCq-$sRJFijwb1&0Xvx zlsS*NvFoNg zEj{<%g4v@-B%U>Okg5Lyv60_kd(}U`<7%g!%7|k|taAPPTjX|~zM%|+bFSlRO6BXq znj{;FwybZWjr_aDK123^@sB6}&6+khKz;`Of_eRN2d2$6@5B1TV(lc38Th`d=K~tF z!iSsCdW$mb&(YM_w8IwE+<&g`_f&kBK(m(1qhnDMe^$5gdOD-=3not$ZP3uYn?7am()w_L;E<&1y})-Q-1KG;RB;CbCP*2HG#K z{vt3ps7zs{&h}Q^yfaS{y@@k&hr_QbSw&; zDdqw3P?0?^CRWtEIhC6$>HVNT^=XgyM%`e0`bRob!D(j*?Dwm6c047u6Xs*8^8uiJJ?DHsG4Xtg8=Yne?V$x%s@q0{y5i!o`zznSQNQ2WE$TD) zB5Cq>_;5A(Vj(sVHbUm}uOUv=0@F9&QL|;|oO28%j(mw|q#f<;%@>;y2F+T7V-T0S z_E9rR^rOwceuy2dI)S+lVX&1K>)`j^12s zT!uvtW9jMqP!3}i#2esGE0~Ro#^#^y4=W|e2kaf_2{H_pquen41Y)I38~8Y)cg^#ns>jWauHWvSeZ`@L;Pw9kt)OG^aXSofYd0} z8#WHl^Qgz?(dg!jV^Y&z*^6R$$4MyG%M@y%HeI@Flwu{0_JnBwCLXo_dS>I~^GO4J ze%U+5g_;G1iJ|&&t+&eNk{&B53NsZlyIn*1>-qRD%*U_H=6D1}vdXQ@@q^&hyiv#Q zE38p{oOOeq;o96kk$i2*s;5N*MQnLSGIMz3siYmfyaW~9CcncIdEZf+Q`p@P$_~5W z@;ne=`Iw-Su&%+WqIm_<1*h^3&2nvsCz{Ay%QBis`s+~c2Pg0IACtuf+0d*PV-U3l(MQh4M-*5*y6Vdf)gjlMdnQ+6+nNs4D`vuD-&gI(1~ov$k^Q-mqu{ z{`A)JOc5kVnh7b<<%u>{bV^nGr}px&IVLPg_5r=ObJfoHxNsovA|Q#oiB1bLKMDh4(_WZez4edW>E$xS!px+@R7G;R zp`@?|n!6B~Dyfa8a+qJ7l6=CKcI(y(&9@$6#jHiUu{_ej38w|emU&0UsV)mDjB0%8 zhcd2t4Xw!{D+`+|-D?%4GaCi*I2?z@@b3qILNRm+KGJ%El!(EuKx0SDoKVT%Iz%bl zclyfeN%tF*oqJ<`i8x=X0Jzl`gD;JprJm<<5Gi!1mWQgT6;)=9Ca+3FSXG)fBW1vw z=|W56)18JwO*Ok-W1Q{c<;*>=oVY{=rV-T7$oQMyPpJi6dUG{0a>~?>E%UDZUJYo+ zKLgHv{$?*=Yhg=yEb@$xRysCr3?}9qiH%hDluiflK(d7V+dsoz`|ij*=h)tMsFc96 z*l0C`^3*(n<;@X89E0irVHBH;8bJv_x=@A9$Rs8O!b}rAv|J5L9|$92aWmdu4rYqn zjEihDfQNKwX^@=Vc635K@U;%=Hh$jHTl*)Prwz@%PQ))kmmpjj)2JwvuLLuNtW4N% zl0~S>{ue7vu4~nQq9+`AAZJ^J(*J{(m}#1s#~HdZ*|Lz?@M6kM9FCx88t)+ z07_a|;1|}JRiK$mv_rp5DZ7(D**wjaNIQ6X`@}GBrooeTHZ;nhS*4V#zvLqV4F{t4 zeI0>fH0?0SY~5SpZhEz2(}J&EK|gcr;L<+%$x1!GB=;(kGcFa^O09ytDk0|31Eaz+ z2(RFh%g1!5tlgiWuJxSMqpMBE!E4->#6*ykHstR$D>f{5Vh8>-V~BAd$X*MBb3ppC zf$|A|*xolW@c$kpNGSglp|lmX8e*4Y=2WW7@APj~e6Gic%%9XXen$0sefTFp7AMTt zZshVV5bT*rgIurL8WUX*Eo^J*J*GLPiQubZH$AHW6wXLzDl2*tQ}5eWXNF4X{EK{1 zTlLvYl-oog@m-Bd9oZ9fhzT}0eFzJO?=V&DuY4W;>a8$95(xJ_k!szIv9osV{FCGQ zE?v?>_tA&37UeuNz314z%SH~1y>aavE)((Y_{u?QtSy_+u9X<+7W24ORvSb6MrGO9 zuh$GxQILM9xAqw$D1LRY9)UkThQ*J@@}ju%!|$0(b76uv=`kE_?1?lsL-;ve?y=@o zxJ}~{im~Ggy`wLLq_2J`jufMearME*n~Hj0=jlu69Ke3tXkY8p@%g9Bg@;5R;+HGw8uP-P0I-t?gMOXxuPPQwCN9p2CTHNJN$ zF@|M%}z^b1Xn<#KK&VG9qhUtPDfUiI9*R)=LA8Es%+uV&EWg6!mc~X zfJq#Zo>zgNGR;qHxRm;L4_x1Ij7wp%26^f`-VZMVd?cM-g&T;Y5U!Vm0xcOf?2)Hldo!9>Gm`!@<|c7iIMY>tke z9wqJ@-Ta7qXfl3=ZkvCn`@RQPX_(p?qA|0R9NnOA2U6JO>ht?S;ys$WZx~rN2Tu=! znATL#p~ERN0C600KnN8H42N%itbPVajYxh89o930*9Qhy8onxs@GlH|?ErP3ZRW&fq z#$SuS8(n<4za|pIH(Fn8xzy z@w#aKk~br<`JbxP)8!}?_jc+evW3Db>oX#(IzSR_#K=r5*S8bQF)k(FLJ&J)0wtb> z=}tv3w%j2Z(Y%7$dNaI|@f1XhOdvBNJm9{;`r(f)^<3?bgw5)2P0@T8m6kv?TO!$s z_F@f=MzRJ^4}_Bq2EZLJ$n6r*9!*Pt(sa)Wq`!HQqJb zxo7!42-`ev29o@aNp)2;KPCC&;-1}z_3Dsj_bDe}ZW==nKSIw)uA_3vAmmFP%Sd}h z2xsTj6!08T+55hSD^_x_Fe``x?24`|N4!o@sN?WcFeAFl6F^Xp{)|fObG_x$HRF7p zx_O0$`N~DJH}CO!bF*?_i$56j*AhzlW$#SR-iQ01J4rYUq31aKyjJaMOpk!QforAK zQ_+89l!d^U1c&g3ByNqUC3xP`ehl@{y8c-f5fWuJ6QW+}fWsg5lDO54uk0mK zB2r;8P=-i3-k9oC&-wei!)|xF^r4X zMu+C#GdLG6u0P`tXC7cU7EZ)|dF}6Gf0Lz_Q2+gq70QEj|Ldzrg#Az))iLYRA*H9^ z*VjX@8DpNaZx3VVg#IVrSVsR(zG>9eRmi1m3Xhdj71OIXptu>f;M#37*Y_v~EPr<* zNA0_Z#gd{2!nmnJ(-Y~}>e-|+i8o~sCg1+qtPn4>?wzPUi=Pc&;(;Rl>_5he?*cbU zpKAgp(TD%Fbfak|uX+cbpZdNSyadTCVT3)?4hwm4`cPC%O(Z}~@H!85N0jJcr?mMw zo&#~zEY*#1a(y}(u(&-6zj?BEEx_{*B&sn;|8y>89lr>Z+cRlN4d zv>xv7_ABZIggkIcvD51AMNv<5``eIzW86Bx!1vCVJ)_H+Ym)6BGvspfG*141&MtW* zpBDeW@WS;C$SXL;k_&;pxAjZ+Ys2@>bD;qB7}fN!Y?r=n$;uILz5=v$YsPo!ayPMEh^3JQcRzu#!KR|igQNAm0bt4>*` z0Nblx_l%)SME&z}UFt!-RGm3b?Pa)f#)NeePz()E6BkO)nyy-I=@E7%QH7r{btt`H zks#domM%Rh#_}?3tJ&~lb+*Ke<(vK(hBWpI8RpIsL)Dn(pUjK$7v2_{nQ8KrNKE{i z8AwP>1S_UYL%(Gi!3yx8w7_+0;pWN|pz{SJVm8MDF30L%XOw8_pDZCcTcLdhB0}c{wSxXlZMgB zh40Zdr5JyNp)#k-ZU#w`9iaL`fV{#r6!65?B~X9+%lUj?G)f$#S7E#GX5-||Fp3$!Vql@G*MuBk}+Yz3n{NO z@{RE1rM*Ai^tm}!6q=cIr2+d~q^-ZuuRjOW(mtVFabc1Yp1(e?o46fo4u2F*JjBRTwf>OOrJg7*D;#iuuMQn6$pG)&lWS$v9X7y zXkcXV2_fA$l>H)c0LF_7S=`uZ5S)`M^coNktr>ucT8Hf6PV%Gv#|uC-MmdKgwn?>~ ziGc2?^%Pn0XPV0_i0z=XHTeBP1GIMbdhe#ejt#HT#Da4MTrW#l^=uaLu)5-cl@TY< z4MI>49JaE3lkd{<;rA&d7wu4@hKKJ(zci*0cOs}M^!F@va=PRWxH#RWJ6<4kmOtqO z`p2EU^=2LN(m@|tLXk}tn9a#nga9Q+P>_vt?>mobnV`vT!&EkbIE zTBpS?pzAao7yR5|r5>~fjLf*Mr}ti&a`)G7-SrMWY%4*m<)c|w410X`qVw+L-rR6+$s-ex?txm;h`Py0DT@rs9{@h#`a z;oRxZoW*7JayCtX*;nt-a#a!<-2R)L-k?qa%cl~sL0?aOIjH|#9N|f7i6i9OUD=w( zdxtuwv~;z8Ohj1Xu!!FI1YZ^afu-0BYyFs|q0hIa9PQjbP{RbTm65DtJ#|*#zwweH)h5dIvWi6Jn=`oO8sS!cXdAqb4|2t zT5De}--Bhb7rV^)WIy$pVZ=Y=jc)Lm!|TtoB4?!*S^;nhk#HJ}7hn7r!5tf-tXb%> zvRX{XVqc(*@n#54V7ne{EOA*$lOE-Gmlo@Ebe*KZja=7S#eN&BP2<9CTWtBYeqj5& zz5bVJ0|Tx~4(K&btM-t4oY5a1>P)jI3mCJa*>p{N1ns`-{dtf96YVP}KtrNK6GBrM zNMI!3x64rLAiMnNxIKzO=KHhvakpx zIs3oTbByhoh(6-!0sx-d0HkgXkU0QWIr5~!T&#p1)irK;c=i%j$=$~E>RDsoNxLf% zCR?)jbkhnUbm=VP%6<&(+yggu_TMZ!Fk)Pa_7@ zd)npppL4S9={Tdx(5vApy@Z~G!yB$?7_;tqXanMn>SgM6x6=aObeqTV5>!PhlQ4&+ zlr$=PGXL(y&(J13%yJ!)9=|}8{IZ~Noh34MYi0?-cr_8ZvN?Maaft}IteJZlV%(!iEl1n~k|v{}Jztdq~h zf(Aame8SBt%j0kd+AN%{Tpl#CHcET~B%$fx?8-lx3kxK}@5AMDl>&+uzc*<~#_@`r zTs`_BF8`iM_4ANFcHb#KMQosS@Hf(?C)W=h5MtI<=+;-i&GgD>^7nbTzd6{3m~W+z zX5Jh&_6P|(Y;XcZJ{2Hx*PozEC{=$3FovvqSJ1^F#^IcqTCczwe1O?*@j7(C)6SP| zzWdKtXh)S0#=9gm0zn;3e&0&fUjg^OR8S5M_bDhdX}9mQBIs9-v^6Ysn(CiEYOMmy z!#`{<^4Bep53RbqY9xT%F^1USGmU&u^5ePOqgirU9|Zy-duJ&9>)Vt%kucq{jkE>N zVZCYj4BXN~XufCMHVwdENcpba9eVL%&vQ4k<*##D0g}&UCH{y4)etlLVyx)4X5(YgJtB0|Vsf}-Uh3DgYXbYDyD{Q0hWELXZxk#&{ zK~HY9`n(_k*kkJ1yAT|ZQqKUS4_b1e=E5BN<@33BEE{is5Ou`|hBWEwSHmIB)X@T^ zFB*S1J>Ny0qyZ|fPmb>RrNNc_ca(DGPR6lsJ3vCO$}vB_%B8V#8@D8aJs4*EwU)ce zWtlwEPfn9ReHS=HIfBYYR}ok1{1aVGqE&+-eNYnYfEwW>%-J6;Xcpv3HF82*GK($k zMj1P(dcBO+r;<1V(3A$f(DDMo?*%vREp(>C}*K{@~)K&X$ar zER#z5&hy!(7vKEi(wtr!;T%W32w;?micfk~fnhj{t2SfJk<~$mwE0-;vhaUt5 zfnQ;Mp+J$N0)G)y)F9yU^+PA3_buF_M2Vp4tb0|d-Aj?!&;H4$Qs0#%2+-UUq{$-J zl~_9Hx_3~h#R6uosz2j9Icu2?p9M?=c@R>k(0ywVJ_$6>ysmi&WLsG~KD@oh()Trw zcKsZWuG@W?c*iU_q=RpD5oV(5^?_wcX56Ho!@ogJ{XYK8?z8ZM(OHjawWc0j|Le>a z4+)!ZX6aO+8lBAjS9m38h5yoB_a9zsLUeOXMIVCN!tFror4vuex<4Ubn~F03*C;=F zsX>5*Gc>c{W*{sm*x+r?M-;I}0jT_TzHaS`_&srTONSUibLi)^WSIbE3Q*KzW1LsZ z0$UeBonxv9CGfNAzr1K34_l{HsQP~#1nrj*xVSf!Gku){3_ZJWR2^4Kf zGe}H_Bdxq;p!Ne(W|}MpuRXBc7CdT7ev|?HW0&?J``o|z$6D>C!6;HwWhe2n9qxZi zw9MsFH#!1#jX_xUS)IRQL@=;0F|n|s)><;B#ztyY-SuICYR9OufwH^9%@^}7_V$}c zTbeoy#F%w%Zb5vKJ(*y}vB)bru+i*&SDm`$6fvX55OMEGz)a)*YGsrdmOww4p;K3q z0{*)Dl}edjYKuz7D)@g}DThLF$(Zj zib=vGQ4_F@j?OO^N1*v@3&5~#^x%VYxdZ#bI0K0R?>T~O#AU#qsW=$G`fj zy-uey!K&Hau_}zdFI5)ZtT&MO5^yx(#yAmPZMG-6*j;N>{(5LScgFO#Lu)(!8bnwjq6#3#lS*s&0Az*-HO=to-G|x5kwwJ=Xen4eeBLUZm{naQ6 z6JBgvrevk+mY-8?Yina`t0xZ;wHXrODFcZix!sorpfh0Y$r{|L`mqNWNa{VSG!RZQ z<0$vvhP?II{{nr$^g!>_x8HTgxZ$P*v4Hj2U~hO>({yOve2!>++)+4qo(bH^%AURk z2D$Rpe2a^xnlLIUf+}T8W3$-w04%5d3j7-S+RA7)^MfXQqnI3w85&5d)j`=4g&%?M ztDzO7MGc`_eW9gPi1|^ziY&}E&rq0yjic`)qr`ql{nVrL(G4JM!|> zE{WX3f`8pG%uUGrPM$w{igDQMof^bDHdZ!O7X|6fb$9gg=_qBAOnqI1Y((z`(<}MY z8$N06iDwO_^w!7DM62x!CR8T2Y$|i{Wc1NVa>gF^;z zBJ|5T{EDO(8nP12JFL1G4pfmxrcVsZ|0Yo);fq$|9SXZ2pTZy6CW-9w6VXL41;j@C z1iB8eNrHqR5|ZLaq>Yyf!zrXdXAZ}=Bh&YGwg@D|2EX=u^Nf1{fUW*iSsZlxVUt0S zO!1UWq;f+tk zwvp34Y8cQ&Z{ zeS{s5(Mm^)TB0<03%P zPy-zcDCNY5*-ND>vtZ^O)LbAhl@}x$@%XEq>IxI}f6JIfe=x$Xk=KFb8@#`N6u0{J zo^Rvhc35gaF4)iz2G*NdCIE;^_?-X z{8I+)C85n~fTGrLdOwKMgWL%tnCs&k=we>C=Hs0B1x^0lEa~<^J&6*nsRa9E0$)Cr zGOeNwp-1ckXyES+dzbBuo^kRVVg@PtUi)5_yD>}r-f+U>fiAm!Qhjeh+_@OYjBktr z_+5B{-|>=a7YreS8Obje5^*cK}J{N)k(7JoG0EY*6+cjYio)FZ#DECI{9OPD@4f@yFaWrj@ zv9-Y0^5!x@U^NHkn4isZ`QFpX|L$N0x{9vjkILFjP`gD61Un?zmluNJ&ww_1K?~Qn zGf)AY$MJX%^w#&No`YH_%4w{1GHGoa!7XI|f6={;EW zgLGPT5?QV4i@C#of?{)zbQ~}~Odw)Gv{*zn&xM{pQTa$JK`2aD(95zkZd4f3t1ejbb^z=k zkM&cQtgW|W2TtES6zs4l55V-EIwpYt>>IIoZ&}j3-jfh~Tl@R#e3{r|u>h;M zPg=?Y>|#dx(Nz%KwBS3u+9^6vp1UWM=`*7x89&cBH?_h$J7xZ@JVN#b5z;uBoVV{p zn9C7&p0=2aI@!zi%a^|JFf7u)>$f@B)nw||8@P?0zZD1Furn;3@ zrO#qKA0uS{<^O2W>HIA+*WWMB4}Y=M&b}{v2)yBUO|z@RL_m{&!lu`1I|D?0G3H{g z^ajkI(f#7d%zpjF?lk>%;&|CH+G~vmbxXA~2ZdYPT)Vzs)-j zg`L{R33jn=0fs@5P3$CB5Y+R`RPTa8gS#k+yU%h)1-sLnBZa!fdPbgs;^S_l-v$9M z%y}JcUWKf00W@VS=wH5+iQRB%HSqeCBJ?SPDP#9`u@TpYoydbGQ;|o>{MV&gIQI0r zSE5GfeuS8WQlj+7^Ongd=F*1Uq}j5r$gXFNP%MhfG|McGf;1}L>)kacsXd?*W6#?D z>2WEg!}lnz)B56Kbhkz7N@3ZH&jd7f$8j#zQ067iJ2Mq1+&02 z>qfF2_J%(6rPm9R?kTaaJyjM-_`I}Z9*@$^^N9baCpUe5=Z8Rx)XVP|Zw=eP2&a+N zk0Zv9ui7h;6lO?_#S*J^9eHp@;r9v+1HM(vEw7#*x;q~q_aC}v7LZ1DyRDpNC!$y+ z7d#MJl?6X&C*Q{5Wr#}#9)53S*oZeC8M)T&R;1-o?QOuzJe22pvg7je_Lj8H9o;XP z_*sXCzfa3i6Z54U;mqfu$tM5*`^*Ib+sf%pLizW8{KU9q-IE%?A8!g<$lWQiM)wZy zKRWfIH^%10_cE1cbLjo%gwF^3xWyh`m*7pH{QeG8MnqoI|Ar*XP3gQZ;(F*AcIy-; zMNUMGdcJ#Rs^sR(h z&a{SCVKzuH0-HT`u`%)_L3H}Njg;*v;Xv&-H8ueHIO;aIqH?;q>UNK8e4q8w(Qlik zun&Y_d2XdnkZX1xm+ncKOurek9b#`Hsb+WIPfD`9=WO=J@GQqUU0FTP#w;>@KwOp1 zUKQJGY*i*fOVunSj`@bO35DA0D?n*TfWM!>d{EJE@KpWODIq z?o2hAo2U956T_f(2v_z9Qv)9s1v#$jS&yf#n|;P1E$AM*psJkn>mfp?ZTnEP1AQK~eCh88GMlhq(ezO~QUR?%mQNxrhuY_}Xa@~M+)H$I~ zFz`AZU;-nf^Hj0QU(^`*3)gKK$Rs}B@$U9YKi-Z2Q+lm#GuNN!U}#9Zmj3*VVHQ8l z*gEN+!E&11f+Ykpi|@>bjl=Ys%pHnaya=)xF7We&XWMG*#qTlL-HwhU@jlC!*I918 z*dzTSs4CyT{7H38w?c&&wwH-gK^he)+}nrOCGV82pVHbKy|RAO@I)Qh1kEQ=?hK2o z5|*2?di)F2z-qHAPq3F))mPD(;v)Qc!^GzfV4O?4tJvX!iDATV9}!1O5a-3*`Xz1& zRfgJICz;f^zN1$ER>JFovwSRL!<+l9s5)w^x+n%ymehIA3+Lf-LFq&GaP2@gH4b&K zF8ATtT7D*<8Moxdq+uB&k>;_WpnnTGTqE>{$)gZ1L%iYuaAzrVysu&JPzwsf}kRvpbS_Kmt-FYXkQ8nc8oZg25hr>n}>dZWZ{7^Yy-YI+NEU z8b)m(`@Xu;Ec-10|9}QljlK4? z_OXE1sNUu0V)3v23KPT2jz#G<_zvexautSGBuRTa3Ca26M7`mi6}j&%D-3VJY*r-3 zAN`orh~=u-^_68zx&K5OYd1oGixm)y-v}b6TwbI=#AA6An8szbErZ^uwVP@$+|YKh zJe#HZVMn+|ppg%(?lV6&m$-17EW;f~}L9Cgz+n zWaIfI%P`#GuVIZLOzI9)LB-Q2D%YRLq7;uT9yxJZTa1cU{LRwOCFKXf#G7EhYRB z#J)70o@l(m%feyC*Yo^R+$|iQNW{!>a@_+OLj;tf{rH7%BK!>YEF9uO2E$E zN*`Fy0UVkSPegG14S$a=^w%#c=e>F6nxFIN_?RY~C7A%OU`!uw71N z2SpOel#(`?A4!{$Wt^H(@blDtuBEGCSO0d<)cLYJOIFsI*4kpQLSe%;MyOIvSchEL z&9Z+M$={#|KJ>&BniruFx^p7V7Cb5uE& zuxD$1d2$u>n+dwHI-DSW;c)<(s`r7jKH)`K(E%5&WnHz)((|ah!Q!%Atzw|^1(jF- zwR0l)%}KNMh7yft&^NKi3j>^xefj=%E(p5$)XDbol6E}z;7T1Fne%Yg?T*DbFKFo& z=?@|h`#oJHnv-G z?fLE!qJXw&jPeMzpr=V%O^G=z6~dO6kfugYF0#X}RXV5~36wTmC*INgy=>GG60j52 z^7r4f0R93~!IQTI0f_fZYVzx2r8Fp2pDekfg986qms%7wl(jX~cthu@xBGFo-(NMb z5wJq0B_^5~`R+v%xmHo(Y7|?7si+&FsvqS~?GV*o&h3>dSNyV&vE!unhxh4U-|aS4 z{kG+_(&SYRMKR_FhUDT$kS>f~ieJqT8RWWqaW`=rHPmo3?BW{PzsP}7eB1-QQW%S< z*c_ks>CP(ja?7B5B1jXXA!p~+gI%S>>pQT)Izn}2c?|gx6-=vwCgqJB(zlmA)7Cw! zrYC*>4zyN^!*S(qZ!dG)+Z(k3a|+}M!;gODyL1>pum5XzM?cEL*DC;JzWWB7ch~Cc zbN;&jM^mqz-(8c33p~7dmiQ=!9{5}o_2R$32^{_gHyq@)i|J2;15kn`)rS?dB1dn< z_v;%@?W)=GfzaczlMzw3r85)LaL_$=8y)7r7XDQxMA!`x$$>DhMV8vkK-ncNMS0^1w?Tiv~NBX6ctO6;n|{BQq$@`f|a zNxLfhdG}=Ab4RzPwZm44%%l{$>ukbyy~nlzk^0o@k9~s(Y_8)q_2Pr}$oUg?%zbK% z$@wQ`1tuO9RbkVRR7@5zoEBL&_jmN640=>+YT&8t8@)P0xf?BjM+;x29%6l*8Wq3v zX$g`C@3?(r3C-W4Bh!F2CQq0quWR~fMO=9X6+YmcF9S^SfeU~OPKzsC;upDo#}VtI zS-HSjRq@r`T1Pn%0Sb85m(`^m;!-65#2c06NWZ&J`1qbhrJ_`&5>t+el`n#29G0=6 zzg1+kHOIeYVgtDB@3yFHYC&q36~6yB^{uK@1^&hh0|?ndh)w3O1T&`?XQCrjCG#fi zLA2T65b7S4%Bs1QR)~NQ%>8qv5GoV(LqzF(uYuxPDQupUs?=`pT!_!k+N`@&Z*ZS$0awYk>WBENI~a+ zR35!cfXvj_0b+V&1g-NgsF~@ni;|M_YHmMg<6ysgP{$loCKv2$E&*sUJQtRMsj{0U z*+kM;S$wT<7tj4dtMTBSQGg3Pi^sb}@Do%q4gCc%r(oIt)lw#BNn(>Yn%{r#>J?f* zgurCh7nfo{vb6aLSIP9PvmnO~N7P{x=}7KafZv z@d89CpUnTkKfAz&b8+uK19jotK$qS5WMNA0na57?MPY*2U!PH~no|RFU%Wf*E*}^) zIL`zhH{6t%d^Z6c5?Htr2FrLu-+eZM!9(IskB%aqx|v!*zN2>grm3UMtCwl^AW3hy z01#~O(4^wGxs@t$?a`j$}B0< zQC_7T9%(IpR_e_Aph(7O0uWrjAQxVJTDu&8RO)e7_fLn9^G|NW2)FfPL%a8usc#1P z1eAXgEkQ65{gg+^ZP-GThjbPnQx!c$(X^F0O{|_Y0XyHVAATPvRA_aCO#%m4BeH_1 z+b$Y;w4!$PW=lWK7f%r}mU@(#PYI5p} z&R7Z-LerAbj4+&wn}Tc?6u||Fny}Au{HQw#02X7gdb{tf*pt8O(B8t}it(?S@mMR3 zu+yg~`fyKO-s8t+w)_hs8c?%uPrJEkMg`|T+*8xE_R9p--S*H))>=S4j74f)$OB4J zZ)DgwTpGnEA~R*@*KZ-?_*<@k6kc6o^rlo_ClPHqBZP6{%cvWydbr15P=MSSPulS- z9T;L_9H1^)Z`seAc8}eV>aowF9PItpS!nf>LQ>V%Wx%%?dvZFA-fk@<^v9d$7}>ncHG6Mq2<2wImrOul8b!=!PXMw z05|P`_^Dj29w2v_>Oq6#Tf1ocm0Xx`Z$@K^1M0k{e5_)k0PN9wCj9kM%V5C&U6H{a z_16RgPmchp5NTa`AyF%)MY9xe`mcmlrjzMTd8s`uZwm}?BXHnYoFa&At#)KcsydToEDCi@<$L*qp< ze!up*5gHigBYQkyIVoylXAfaAAds`dlR%)m*BZ-hMqS<90M2pBe|w-i-QY+6s@|B8 z&qhb(E-xa$6>(F}DuIB6vz&@Qfok=Ih>TJrJLdVSacz863^K_!DsFPnS!@P2@-#Iw%_847p#<-|3eC{OYzpi|C*^Is2|cu! zJimKZ;$%M8w17e~Yzu_C9vg|@s+@OVYm>&SGL?Nk;I@MjB{^PSKq=4z4OeOW3~YK> z0vMNCKZw6i14dd~#i3t^Sjl)n{L`oyC?4R{Uvz+rJpq2IquO!)$5NUXM)X10b&b%K zXY?4>yZM>b{b+zZZ@m@c9Tk8Y)@xgp{J^vJBPh~@t(KFm)`%Ahpk>FQ&a_WN)BZTy`LCsNM z`f(vpg#bA(0)vBFljHlzno^f{DS}==cypmeu8L@;n8A|7r{gD2Z?qgb@REB#t0)kW zxJcaVmbdiwIpS|R@nKm0&U~mN6WKld(gidocLY$|K<@5f|29<&N?uy60h#)0QiRz3 z{@1e`JLYh~+mZN1qgS0_ff(!)Jzt>x0GV>PG?OaCIsFo@veAgfR^(w_o3I*o>f7G? z++o{cE>)%!cDedntPoB!xFq%{8R3tW~hpA1&1+gph zQVaFicEF5*uCy>X%Y;)BVYYCh2~Px$hYiZS8|JrI>6-y?9ozC_1>!q7@!(Ot%RqbS z_aAYuQWRP&*~6t9pWY*Xq$ssl6C^Uz?@HD#X7@uoB&R;6e8=0SKw<5sA{N!a6 zlV!|PQ4?i7i}||9gHn#X9j7vXBVb|~gjF0PZa*4t$Dipb)4Xyypl4r#OgeZX_Ua4% zUIwc5fk+@8kcSTJwlwQI@jDWo-=py<+&?!jRbHl}p?&~slN~P&hR15=m*J+=ryP5y zzvbL%3mwnb@Os!L5fYfy?S44o^hdP2wN~^p6uh6!{ouRZDh}w6^K1olu4EoI;%*8) zQO611fbG=`8w9IKRm0lJx}wupZ{gBjTPb_DMl6zL>tG7py5j1_Df%tqQpz+1mej6% z+RTgdY53Z-=2a+q#c-vuiw|U2ZRnWD8Qs;bPs3=-RCL(mm#xnwrwXjugeyFfII-L<`9|>9vLvtXkBDQ$Ncw17Da|DavU!&= z=V-EkYS@`<*q%>6yji=%3)CK7;?4)c%XeRN!1nClHDARqCPGdxH@`C;?6zz{oom0CTNd=bHz`UD7~CRq72#2BQ@R zrV6ZGbr92b_xbbl9!!&G1AvYlZPnk%+r??n$Tue~_bJj@vKymI75{K}Yhn>4!#LC- z1N~r`B?AsX#QVP}(@Y?s*?A@*r?dS;bMgq-?E~SJD69YYyF0l*w9SK$t3=mG?K~o7NO{U znqfNhNkWMgKy|JGQ=YGZ)dqtjE(X*WR5hRr9hdeNgJiwrpbQcBGGv^b0Oj8% zcBfU8QqKma&jIoZkQRN`0ZUNA^a#v1*AD{h3WzaarXd{&GEabEtOe)Kbs})gE*Aus zIR6&NbMLo1p4>UP-G=BDZO||o`L$wMd}OIOI#nUqERzq{Qknbpkfy6x7TY|;;PYOE zmnK=CWxdp0GpcNCc`!(#^T#f&PMUO{-5#2^KInzbTt zyp(ByNza94{OKjApu@2Vug~#Ipz+4~pzLliaH;JL9DW`*$k767_M8%$8Gwg^c}s2Z z_Twl4IunWPKu3DJ_W5QWZZ-D4pR~_5zCBruOiGZ?U#&Oxh>CjccQk^?;%lG@|NfbD zJ1p~CVD6Kw_;j;1^Hyqw@5@{tRhq_!VxxYBx{qeZ*WIuI@d7fwhoajXKZZ-q6Mj7|z2Gj1>Dd2UK3b4sN*IO) z;I^94%PqYYKZ)MwG8+1nx5xuCETs#6jV^-a&jd&3pIc-s6rKQ@;{Xlx&_`3;?2Lv?Ey}-w zaH_94l{oL0(wq627O=)nt>AcS>2w=Xmp-12r3`H*MpbW8xwx)l~bCxQSRtffRpSuAkP6-fk`UR^cTtK2$|hKkM0T z;T@xO@rZ7!oF@YU=*xdBpNn!k&a(G)jZ*=)*Pe~IOmLa3IuQ&h1tsX4H6KI@psVgoa+=4dT5_bH83zrW74mKrrN{=$08B2M9W#=jqQ90v`lZlWmc#w_$&J#^GEosXCj8 zEvFkOJ#0u`;Br3<<`d^sUyZFV_1yjwDyf?(V}5O%RCI+qwLgw+*rk^gTy9@D zyHY|2Ywn_wD(wuW{BSOHB=#Z2`F28tzd7TZc}qFIj84;;nZCme zByT)!TU{@!6}w(G(DXsarffx%N&Odhw&>S<74}}>J{P4ipA4A*l$$8~y4b=7H}qD_ z9haunCr!7B<<*=L-ms#cW+_a!=KXyBneDoZp08>=i!Yk^mQ`%TgUOG1u+ua)>Q#wY~;#h4ETBi*R54Uc29Al)gCr>rk?`j-GekJ89L6SzHGGCB#_Td_+5HVse8 zn*Ob;E5xSgeczP&3}E^$YiI4>$M*p6jCB0+8g>(?X2fNs$eR+Y2Q8*gGSK-YH?1cE zsG|F$D@wzgRt-2NV=L5hJLCfU(Iv46(k9yn`)woH2NqI+&yIMiye#6ez(*~(cSm%W zKOLRv0rPW@^Q7Bv?quQ1?Y25f*%J)wALZ8iIMiV3SMvqcBbIAJ*73{j_WT!dwJDa@ z^nEOW9U7WD={@dpEUd-B@LTX<%&1{++}~X;{q!lZdqG0!ef#Q&#b#(HMz>Bz zU-ZF+0hhx00+W-#<$S@j8z*Y?nx+t`eJm3&ApK?^Tg}TMtx%P>T}a=XfgeHvK@RIq z9uxo`y}R@PNA%mHuc3^N)S-(R_*F9CyA#vXcC;x#5$Ib^_~NNjRhnwN`FQ<_hMZg$ zJc-@thEs6JSBWIq=Iqlkd-)DfmCE-Y46~LkT?0&eAG_OF*Pf zXwvarw+4Rgq`FhhCIKKYf-Ly|FEVCp2 zc~CZGSBSB@)B>Zvp-!f)oRe`hJ>yLgcza9|vg2A36@kF~bdW_Ph%g%L@v`{pwJU9z zpG_ASDHm_Qpf`Nl-g%9B(#h6rPBNA~hAhF}^q$+s<@%FS0Dfci)pmPHTkqO# zUfMX9yM1D2dT#tc_=L4iCHexjAJchaI8X;p!eBb>!cN>DuPEf!EZM|{&WIbE9nVGU z1}NY6+2g=X2p{__If?zz0n&tP{4F(SYC&ygzKG_$cjG4YOeYoM_T9~4=?Cfw)NVXF zWm)P77;lwK0Lf}p6$IwRV=#*nN56Crr@FS7Z#|v4sFXMBfYypwiWgjxHe0*uGM$gghM8d~sMLG5d5wVokP@}+65?tf+a>h*Tm0$53D$OD=qyGYzEVQ)-sa`p1T}lUDHktEwMpx=t z#Gh|qa!64wa69@pFhm5iZm^^$2l{wD7slM5UOy{o>Zr*iu%TP;B95!AY4u-xqiiLZ z`JUTvxa>y(wnC{XpHM!2bn#(@RzmWnEqLY*>3eS z3g@o)s0P_VGP`pn1qWR7C)Sr>`)TFX_#9`oCwH!`CUTrFPb2u|Qt}T3C-J(9Dbo|m z(*py&3Rc6wmzjjWId_zVF0Fm%9>wy)rp2o2$l-wTCduO?r4^PO@v!i!mVUN8ikFUk zUgt7Ah~m0vUke#jz}MJxlNe|*GJCeX{+7#l+*J^5aGtq2KoYHr_Jf;VwbdUxCL3oaY}u66{mB+%9bs@(60q+UO}_m+rLHmCF^kw#F22a&2k7lKX*S}abjc#DEa@TZfNjmZ<2*Dmu$N8Fu6l{fiEXFQ#X*uR7!T6KtEgVJ5orrpy# zakjNtc1pd1BhD3(G+65;;(4<*6jgBTSW`W2^y-8bUHEZbXE&;~>ML3(uv%l6s=b!| zl(L`Y?A(Sv>MkvBDGKBob=bx5xm;$MatMskRi)z6ps>*r*E7y*LyL7ijsEEJL$pN zSOZVc$0s{IJYhNZ7&c#V+kq+9M(l)JtD5PvWI|Y$BwXtjF=A(qRYSzuf6{GyI}xFr zSX8hh(xWTJj_^T_D;xaqEs<%e9@{Pb0=4V#P(D`$Q(~ybh)-3ie}@nFM;hWZ-hG#3 zk%_JF`&0&Xe=aT90VB~F1#vpSg970_@muN|&# zzXI~YCRwD}5B%x%*^H|bE-5GVtlvz0KS%yzGvs z1Bad$Yi>+Zow{EEeM|-9J$SaU6?Ts>Q<(r+GwQT_)L@wiP~UJe`Dvun&u0QwyrT?o zRp(_lNZMb~D7ln)bQ7_z$SD%A zj`uYKH+zMqIFb{!DjIp6A_I1A&izWdHtO_a(x$L0>zsb4 zoJOBfFy^0E59(GVf1(Qq(Tg@@ zvkMuFC@1Czv#Tl(Bzeo6CEetwYQB#?F;fvSeYvJ9qF-Y^>VN1|?yrENIL8)ZibuRV<+ZNwHTKlVM# z2UDd0mYS%xzqroqs(A5Uy~3K-Hr%hPB|HWl6OakED&Py+_OS3Xm$lXhHosTOpbi5! zJv2x_?O2C-lq39zDj~Tf$sMRle%l9c>XXh?32$lBDImwmgX&LffGLAh!>gc=)5_xi z>&RGc_nx?@6M*_+%~!E}H;#Yos2gb$v-H;S>wu4{vU?l~*cmEEeqwiCy3e6t>G|~q zFX!s7#&NJf?83+FDC@ITSd9n&dvS3|twKsSDk`f);W1rxI}b~biWjvUiN2v?3fN59_&p9Pftb0&foONA zXX8uOawkh0e$2X}0F|3l8!TV7s~jq@gyzi0of5Gf5RqORHwV?q#a^?Zi!j8+f1~VY z_3JG>FI?aCF`I&L{`){puMKMu zi1zE-P%zg++w&|(xW~S5+@%qVf;L4S)H}Kj{K}TWHV1<*j$r)>21`UhQL!G(qzd30 z`$@_J$5yn5GQ8t1!L(`Eh;IuC^Rx%x)caq z6?xi@oGReDsn+Nr4dpnK1k)7H&-Q-ukIL~p)jZVH2d z1o#m%(t#8}u7hwsu=PC;^y9^`c{=f42BTWz!?x*JodfPL!7g`%#|9}r4Z?-za$z)C z@r!T0j518-U73jG_14I=z((CIzLqFTVI}3pWJlgankphqtl8>?H{t zx^XgT7mMNGrMaiWuNMQD9b7jiJ!ap!oPdZv+wy!&Ws<#gEe;jmZLlQgDl#f4l_ooN zZ65+IK`=AD)Ok0DGT#qs2(9F|^9cz`9eisDD@!!w0nsA-L%__9Sc8IsJ|kLNbb0vY zVNj%=uK%`4LdWqK-@b(F&8;Z<=fZ-(m3GA2SSE$X8062l`TE}pjr3dqteidL=O0qx z#Ja04b7#t2oCy0DZRt_#p&*gJsqht;ccgT4b=_Y_h>w{b%$!aw9qb6L)yzcOsiMjc z6112IqQQNVNHA)ZWuUIPb0n z1&L?HX)68Er3*{j?9N09u;Qa}%^z9Kvb(mJhxaH}Yskl?CaPtUfONFJoHah{c+lsW z_Ojo(QQk8y=y@=ca^W$~&S!UkoMkg3^Pn&2R&p4i`cIol5Dey`we_6^PQe**%)h-t zFWlb1z5HP98-DQ2*8i4sMkMS1NJ5&9mKWL$MF8zh`ADwiIMtAE6`0k4@ zy3}-A6n&hxjGN(TKm46NgX&rv-X9EZX};$&y3}9+`puo@fn8zpYSuJB0`Lby zp?n(~ZS>O-S?w&e+*QFZaF5BZP5IH}ZNocXG`+6DD!ci-ps1iMNCRJ8z5p;Q4;#~Z zXq$+UqCHTuBl}X?8lWZ5K8mwX66!c+$Iqk$f=2rb~mbmxcu;#(GvE29&isZy? zuh_j$i+)PKB*ZNGBl>1%TndF~+G?plEs+jR9p z_ExBKLVoI4l5h~fy##@|sBP2ER4`Ha!vn&KW*hN(<9uf;XtuGP2|zflgiN6>zjByr zy^0yZPVi;jn15L}ayc&l!OBbn1rNKTP`&3mE0x2ZL=&Qm`r>04v0`m1PHdD81V`#r z+KcWD1;W&Du=JBtG5xLIf-cYuVXtn?4OS9<;r%Z0>&4bfwr&R;P3!kji#Jy%_JuQl zwhjg~!N*oRUGkjJ`H6Margp>YCoL7|x8zK+5m5rp_y=0hkK}(d6i$PGpe)ZqZXOgaJ9^$J>+9<2fGCZ4g}lcto9R zx4MIkS++H!!O3KaJH7K&Nzc3L(k7?|6GQvZ!y;Ck$=@A{S~s@Bsh5oKbJc=hJ5HKv z0t^WsTx94pGxNFz^05zYtW@348m+^2709-_vF-KKHF!bc%olqg(EjfbF0q-+C}3SD zN%YL#+`fbNbh>WJr(yT?DiD1!dNSzhf-BY1vzr3WG9+vC%Hx^m13^)8dDaggoGo#! zOgEQW?}z`S$C7*%5Sp4GgfmFwch=h7;D; z9GaPlPzBp$SNoCUzqbItcr`)a4l_8PvY@)je=)};dJ&|wq(O!s&l}@w25+|36&u%& z9+}xM_P4+aOZpjnr)fA&dw~3F$R{BYSR<+40$6!eeYggIzB=^U-dV-FtF8n`K1khXZ~=R$3N&IlWam)bUju2z+gi{8Dz4|QsYmVd7ZwFUKRaSh z&nZ~2x@^;n4|UrjsR3{s?#1jy4e>pKrk^DlXg?nlNh_%yyL%ZRgiV}Jnr>&v*n9&E zv!%4cxH6Wzi>Ww)#ggCID}9iIZxR0u6HwUO_89&c@hc$PFDWj=Pb_rTT>g4}vfc~- z;mMZ1Upf4GC1ssKdBAHSHvAdLu-tySW^YK9!CqzYTyeU<3#G4uaHh&-8q@7*G6fWO zufz1ZO)6{$unSzZQ`3I}I9})uimoFf9XR8;T3~X_4xGP|epf%96+vmAFkpRD1f=k3 zC+3eV*yZ300LEIlY^juq0|FCDx62R~VcqVf*r5W{9y8K#Vq87nawX;9)E9o1ehu`S z^Vd7BCCcFIu8bI@EqvTV_aC&;s2eKf#)YdCU?OgTLCxmGdte7WqZm$IU{>ZMimZ6A z0AQ>Ba{yp;+Aah>6NPLfpx<4~?M0rmSn~&Btc{Fn_0}RC1z!XLht1j$S+Z64Y2Fv~ zDQih4ElS{E_#315^LhFOBrY^mQx?m z<;Um>v6q>`E!C0LPTz8`OO=9~p9g5(I(t&95$uL*P?0!Zg4E zifjFhYB)S)7E_1*V?!N_^}mHDF;YNbL=W-ZAAZ^E+AI5yf&=bBifkIK zS)XEbRXc(G82>=UwXQ25xJvy_x*=1E%T2=6kuwKFiW;!u4PXRqWP!Zb2PxC)wmEe) zwItS%Gjpv$Qw-iPOwzmqlSGi@8seO}+>|XGsxw7#jj@ZvLfu>=E(#=Y=Lk$eZl!?n zh@OXML$?T*B^=q6M}4$ z0k<*HtX{YIG3SoB3u!ZVfusPX1*Z_mPyz2PyMqiiDhI_4yE|#Vk zUHV_IfdsTWAwTLu!0iCcKhLU|K>$4KR1VI@O%M<69m+!KF!hP)BHP&gZFAhJ&VJ)B zcYxjk@yocKO42Ld`!9Xxdec7b@8JUwT=KXxP$Ye}eeK6nftxfgKLHT}=0`w=`%Nfv zFx9T4qy(c~8Z|iXN%MUx5wv+Y$n|hjl}8V11|KgkelnKgCA8&@Ogl}g&s}mK(}S{3 zE~L~{yGB|70Ir(u8Qp3T?NjZSpP*Lk-o6qSGoBKPO?k(k{M%61K_{%p0dfQ2xZISD zUdkR8#EvL0g=MDVwru77%nHNE5O;C5Mzk*UF+;WV3D$5#=+0+^y?a(|kIYpNDTclk zmO#P}zDYxVnRN5|r{%cnjpl-10<|qAq@pcR{3v@K0P-N)5${*}Z2u$LB2E!StK2$F zAVXN@{Mv!uk`A2dC&jjTfsO;2DSx&ti4i2{X0nxhI?zXs&T5KnS$^X%PBP!CzP+cN7dT$I* z>F&op51L2S{Jm%gfJVSO?oYUdvNZ&fSYdsNR|FaRMv|Xi!TRU(b9t(^k|oCpL7Z#` z1^Y_bhD9r#z|rt@L5QtakcS|Yp+K9E5+f#3y{BW!8E z$HzZ131R_`qg!oQg4SHICb4az^Nn`2Yf+K;Ea6(wjNleq`pgjMW45cvKOyoJ{D|Sa ziA(HaJ*R8c)@e%Z-etD60oULd&#=aGsH~+iMhtD;arQh=ihyk6NzbkmQ2dWaPkw&% zYKZ$H3MhlQk4y5KXuu=pWDpH9H!`PmZk+Mr%JfmYGR`|v=X}uqoxX3!RKa;jhZ9QI9R737I;S`P{E$RD(dsGQW3ZyQo_2fD{SU21fZrH+ z&$ie9<+?cH>GifPZV;cf%Bg?9$nkvyAWNF#W@3^>C)^gYRQ<-A{I|?D)6_q>ADZF1 z2Us!dn93qu*f{JghoMlI)#31+{FN~Xz>YOy^%#KyZ*!dno2Vn5stI$YUy8Tmh9DGL zhzG|;*XOe~e~wrW7)BlD2#Kui$Ug+V&u}0&wV20Kl7OU=s+r43S@2~k+?Hf?U-Us% z`X@4oJ`=`vOZSBfP~?n>1sQbI8nXSTkO>#V6!g}3-sK!%1#Ta2_M358!PQ#n0sPjI zW&0yzx+VlC{(EbjqSDW0mW&{x`(s?EO})O`#0_UQ4f_VuH7;wQdO;!f2G~Tl$tdqw zik_fPu8bCeY<#!&2k4W0r!`hVA~W+G`+e2~wro|jM$#GgUim_IoC1}ePn9!LOWdO< zT?8`p;?H+H=XgMi04o6zgEVUU8XBibFk*98OyAOYDcfo(n!D}cnwE)z2$Ksk()r6^ z`pRVJK=C)*dq2_T8b>uy%xJ1)`!^6M93|EQWSUc_M)Re6{}eiD%bSZLO;M*Z$noi~ zZQJJA_5h5peT8?T#;5rNGs`NH`4c%!$0^QhZ3ork8Z1D*cEJ!2w1 ztEu@cxB%z?w&r1Fwy~+X7P7jk)OZy;;f_Eh;Etuay8lCi$=!Tu*keJ;WT!8T>8AWX;9ThV~JBlLF z-scF12lnTS6-)O4TKi1R*KSsRO=pqSq>#?-&cH#kd6qewMXNT$Wsxi(>uL(zZ~u6n zhLw9mOCdgHFJ>)zGcd@#b#EoEl?%$2T0UHGAJAUP)aWex!Cwh9&CS*lZ2chmey%pB z*~r7PX}iQiW$yYdCz-oN2BQBkl6rBnoz&RtS0Kw6Y;rMo+o zqbLX{4NEB9A>AMX5)0DZ-7HJT^33kCoZt7p??0aBpXZv|c+YbPOFxm|=c8s<;5;aWRyGqEzR?Km=&JZ~6t>64tJ?6&8X%5bfM)CmF z>}Bb=Z9Q@~JAAn|_h+2tuB1X!8{OuDW$)shbQ30SQA){q#B_lYr2~=-5nP^Rb8(Yx zJJsE+!$(tT%BiDbgjhy^iSHpmjxe@kf>3y?qxooZetsTs!-4G4hAeeGGeV~3PI)=% z&L(9!y2uXbQ!c1LDG5o<%#22MOOTbrBt>_pDzY#x-D>yl&$@ebwE}bscY0?6f8=O7 zt3OFo&wU>m-(bNmKVF4;7a4TM|NJRNh&L_o{HNRgE5sL}t5@kJOZ+-14{P@fYOdI{ zT=BW7#iSWyFJmFGs{ch!!jDXK^ifMi$p3+F2hYVPS#REpS91lc#K99@i3a$)`sWEYG9X2f&Lg#+b^B_Y^ZI7rvOv$;DSRhX4;Q~TIf9Ndch(L}00i@qSWV)vTD z_lelS$82&Gkg-n)+9m-q5OtuckX%(AkNOT!RbS7-le@2Boe6>-WgCu2o?u7RrAfqA zG{IKQ3w}Wau&iqI61EKi)L%$V&*Po&4vsoF-I~{;SC1G0MBA&&@7<~s$YzNJpG}T# zuXw}#CDe&CI?}F0jw3^TWgyEX>fNUeYQFBFH|HTso&f);*qNwl?N+}zDqZo#*th#E z++;f%xo6z+cZ{Cq;IDYPJb{@8jnI!D2;(&!>Rh*GIwS*!lVZvXUo${Vsg4v+ zSsKcxJgX8YM^%e{)J73S&_y*Y#QGXknrtfaRMkhrh3&1%O3WOMYfX zt0U@Lc@&0^-RA)seXm9u<2(p`H^02$^=6}>XjeZoV3c_3Y1|v}7xhBPT6IcUgPH!( z67n}0)02$D_Ue1X+RUxC@_ce>92}U-3XPc`Z}PqyF!^h}t@t50+nG2z<*ShrFi59| zk&{aQD2+&GUWNvMlQvqPYmnU?zST_h5aFsae5!f4mFYZBA&)YrjbZOjhwEeoTGxCCYPkMYpQQuhET%WUZWw;G*p-C!F{Pl^+&`?z*)a zhUUKGNAy~gF`}^li|Dsp`t4iEk(1ha1t^LL1Q9Rm{Pz3S0t_BnZQSBjvg>W$xglbu zt1{=GwqO+-5cWu z_CZdlm?F#fpc(DN1M{3NopwFyG*+9jbN++Y0i~yGHPeKL$~&Nb%H7YFMFY$iJMXOA zb-e-tqXb0P%WrK)`K#BRNWP8jJ^mo52-uF`uus8m@*j&H)%mPd2XIT|k6laHY-ItD zg?B+v+qc(0R)n2JfxvpQtc!)w0GoLSBL4h|yvw@>4#^LC)g;crUsG{y3(+++(Zd+h zN317Zzi6T)Dt)9w{8UWXSTvma-;tU>o+((G-QN=DNTQ3-@_olG@NHEu($uhs03X05NRHtQ67wN3?T_1vz8)8%}$p0qZ2cbKE79 zDiXmXm9~G8`feTV4ACO~7a-N4JF8_fQbgo0$o#5_H_&?nT%8<_nmZYX zZc$gD0Y~=E-urTl9H}V_@s`TJ)K=Q=)jo%2w~IUrcc|Uz2-&>p+gp&;8L_X(y+|@k6g0{p z!zQ~J$tINso&WNB<%bIg`o6@jhHy+u1kEi-HQ4pKd>y`D@xY$a?*+OE>@ZoqjDU8{C`znX znI4uXDYh-PnUk=sJWPV|waI-pSmGUF?v$QExGc~=dwL2|4N6iwe)zM-*HKI^wek!X zp?{1s1`MuSiW6t)dmDKaTdAq?l!<%6<@>(JNQFI;D_2^`sF%xl3F=5#JYHSNwpkgy zkSR~|OCj+re{qk6+Z_(b7eu$kdYDIq&0iOCQgph$t_uQN znOKrn-<#U36}Bzb<#r{thLnpMe1nEi-z^8nXO;R=g1VKACzb=ZMx4Gn#YCyfoP(S2 zy+`b7NbD1({w&D~nLL~fye;%F!c2gZwIg&ptVz@&sn;OXCT~L5LAI))Livsmr!bV^A|>IB*?G$y+lE#3`T3U&1^``e;Eu5=Y5dY0F_9kL*Dph#n%^UtWI@fQ zEa1-*K-RR9-kP$bXx&#b(5-<{kvxM7O9)`@BqO6OE@DqVSfb|gF9?>dYgs}>F@WrS#U>FQUGBev~5sATgOX>S44olkQjNcg;%KDFSnZD=%$8f3)khrv}P6D7U?9; z9cuT-?3(B0SzTJpkBB$@6gX1La2Ciw9}oIYR6&YhpSq*}5+4-$)%o)9LVaK`vw(!+ z=%lfO0Fy9%C(n)b_oNi{{l?k)vje+oG#UrYIP+?CwQbdVJY^nfp z>MK%7VLc1p@MgnD92b!K4w8yDET9%6Hc_Cw2FT*@cRBKc(<@~?z4Z8MVoF$)=jTQ6mF6@NdfSndDNOt8cZ!cqTEpLP!Kly}@>hyu=2)Q2S1 z7&ZRoD4pal9CB|fwaspd6y6_BaGl=vY7L1QB^E)YlR|Q2y7>mB0am36WDXUiZL^sf zD~Pq30>3ZE?@6uef~4y16VgvGc+rZ03@I3++JurMLGvRHx)Fe5Wu^5<^9MWTc?>8V z=A?n$iu=_bt6)>`qHB7Ov^PKbUmITg8kM4>xrj^T89+(-zk1hGvCH&g0MS>zblB20 zECF}9s+FNKLnoOwXh$g3t6nB%R$h{j4_>UDhIceMoxqfmZSl0FZT&@qVH83Sgn85Z zw}A4ISb0^nY&cUXXXhd?iO?fNWpZA8#l*tc#rQXF=OO^!>vulb^lS>4hLSZ}kO=sT z-uL)y61!WeX@m(0=()hHm%iuV!qbL1v*z~bjdeeVy-IR+1m8oy@<>RA< zOOp0kk-uty1zfib9P-U%Uy^&37>PfK$7=d3{JQg7a^gY}2z8 z^Rd`%wcd+BalPs#sGRjfZ@^t$dL)AXVHlr#qAMyl&P&&p6P?~n-C4vaILhhfqT|Gq z2YXSSQp=MbfSii_9Oss%Y`(vbK~p&u^_c;wXTD8YA85Az~8GZ5xQ& zO5KHDzKc;m`yL@+o_9llLPx)?wSkMbfv`SFxSpIU1?f6gV+X{=_%Fary_v|yk`xD(X`2oV}l?w^XOvbYU9}aw*GB(dkTr$QZu2$cefq%r*&D! zlP)fFyrsAxZEA8>e|bk?@VlA#sl#`RXW{QY7Qco-E`EO2I(ab)@u%<4m!lSS%3tX& zcel-qH=)r!S-VR@-_jZ{fUFoa&XFOpPa`+4{DpgZAJU>|ip^@7YqXb%)NwwR<+>@l zJNB?dJf|cBQKG{q%c#LWx^vzR$^cUf_-@DKu4v(IGU1t+r^)U##8oDI?yG6+!9E)K0mlhVB zKfKfZe(L;>qv(L0(ao&rici&9pkM;xgoM|*B?=&oO-v6yOC7L3iYam!XISXFF4mK> z;PODC&du>!`@KreCV!Wbh~Z2Fzi(5Up*`X2O<+G=)q!8gl{)xnWicuMy{Kj4VqdkF zC%iq;AgtiAJKGCrCX(D_uw|h_Yf+ z-20pzK+gM9_WNY&TZi)$Gk#^RgTPd%?lP8=v+Q4w3z=-+>-YuiZb8v317P!9l(2I% zYHB?e?T%U;bC;B2?Hii#V=HKYFINr|4V`wHM!Kh-iYu9>XZvo|GifSU_-kx`BwpCj z?c4b?4L+t^5cz9#alcUtSuMI_`iknxzn}l3vE4FNrk+rzJn6b;njxqE({d?{7?NW* z_z9*p9|O+XM0o7O&?_Fc`_W0V(VzrL-KA*&Yw)#c`ug3#dsBRdHH0l%-@hvhM7Fy1 z+BJ`>{wvolvL48kmsCdT_`??6QwT5)i&zb?hkVOlD%X>WOdf`W!pV9c=sSX;r0%@Ban9;pqL>xgQ)+MUT+BC`TJgQ*@1N>EP=g zfKUS=Dnne3m)Zwg0Q9$J2xtSqyg>TI`P#)taw+ z37)W#ANEshp}($9l}giFy0hP|O0yp6wU#;P9sA~x_Hq4}iNvHXRDrT$eNACsTm_bu zRxd)Vq;f}iGtN=dvdI>7PI>!CfErabnY$0JW!LX4QqZXI-3o#lOgr=WKa&d3_C1%7 zwB8g78z*;Bxh-cNq>)8#tI9EBzqeBUu3VKWMh*0!*4^VCver#{Ir7~(X#d$ZMN{N;Q7hm zCHjWWx4CtD&8+g~>5kB%R7?Mv)-w&MAP8AHPhwbA=Chr{j3TPhdwLV2M5tFdKB@S( zd+~%68vRbIzXN^vDka(Rs7u8!zHeQ6K3SaHP=@CESAO!#S?n;q$+L z83AO6%0h--3A{+33gch?E+#`z1dmI{cF5Gj6~5Pc%Ls`yT>v%FuG3Z9Lmo$0WVr&J zZcM<^HqJ~hCd5D8)=7Rb&UIIH)10UjcD`v=7!-vNscf&hXFKoYo7U?$P>EPE>p4WS zmYV1DEj(PN&Uzy__4Cwx6GzJKPv62S@7Xltl z9~gBu+AG#&oZwM}7B-zcc1M|OdF!ghh<17Z5DmW!$c<=+&G~1anLu>cfg%JYo0~}e zYZx1zl3uY!yZTBg{Hs0fbKBnS{daS3!wWgrm?w6aA2<0k(WPrNgcwyPZ{3e-_$+Kr z=kjHBhqWt^o@Q20mXWB9-%G5`7S>l43o4ucYHnK`@f;1(nB~K{`qZQC&3TP%R+4m8 zwDiQ)D796r48gv}&9cRY?0?u?4fPOb{I6pcVaW8lxy;7}dXAZmUye>J7WYm=wB-ay zEzsQ_?9sU;TcpI;{R=|eZO|JQBf8}gP8iev=&!~Eq5$_UV@Q3>tF#zSR~>ykdPHwI za#e0(`*c-$STsAa$&D!6y#S4i*@3$Rkg?)_g!eMX^Jq+6n-XP5;J{BA+S~W@zZ+J# z;oEfC8)1>%%Ek6$-=UIg=l6}~E(oO%Rt+fJ(}|P+=v1g37&2)TRpJS(<4;iVcE9g{ z*1tBSU||faKfKv`UxV7pZ;p9-BjCky7;Jl$oJky-Pm(L3WQ3WK2%2t5k`2_&*h}_z zsE?ns51xD%APBNFXW!p=ghM2vO@zkjz+Q4nx+9%{ZI2a|`JKsqZ-2E zwM8XF;_+~IJyp8kbnjj$yj10B_o2XOiKEx4gs)()OEpVGq0`&oKP+FKwPKj0M|n0g z2pK#01(QZzJ^H2_#Im9~z=$2TOPwhFkvf1r>#=9}_Yt_WsUs|1PxM`8JzPZGG6-bH zA*{fsiFJMPGL+{V{YO1|jb_W)9_j1@QM3o5c({kOX%MkI4~LJ| zSqs+43jN5cxK;vVt25%V%hOqnbj;&lwRc~Lm*ggXeEtYc0Ju6SuDR|USVzxcZ6P)C zBmE$_bdUZD-E^f?n5|hz!ds=oPB+tq(4PEipuMMr_Zf~lLsn8@Rox*2ri9z=>wYbD z9|+B|SiUkX7xUWv4>w8R2IgjD-qV2_l(VxB`wd*~MKE~GXUTHc~tRI#}1QGd;>z%3h0yCFPb-AZZAM1;Jv*StBCpVt?gDw)9 zIvQNnl;rZ%sVj>HI3$Hw7{YN&--L@Wl^CPxMBX;jKcGG;`Opu~ww2{P=Wn+KxYcvA zW(h$NQ_(+CW*Y@?$7*v>6xIT^{zL&FBAqY1AMS-Z1>jIfVj8O+*BhXb);sFt<*%oZyC5{bc8g2}oNI>kGs|8W`A?3(y1 zgc5)6{sdPb4FnSWia6FDy~Tyra+CFvyzejfg>dxca9xbHd!J!{9rPRSz0I1bQYwta4IMtKIbvgq|5uU|!t*I`tp4*QJH%aZt_q)Bha3ZJ z`S8t#pF%7<&+Dc(HzS6C3K;xW8u1jM%wUeHNr9ntERUeE0XjeXgewnyV3<-T?GFiLJFAsR zG>`ny>qHl4{jSmRcky@W>zdx2jS86ht@PAZ@Ql6VfL4 z;3$Q6)Fi7=TOHG`*WcB1QeA*O6|?q>9zpl2s-Oo4G%m!V{<95v-jh7{t0e0y1w#vW zZ#?u@&x{!66HZestwe8mA6D(nsSXf+_rwY`@@v22jDEcQLC5d@U*xGEr$Tghq}&B- z*C(HrJ9#1X?~-9g8?{nTtMCb?M9MItu7y}>fL{c4d^wt`^WJS6wFWcG`|Y5pGMX@J z`{SqN(}}04h%+f}Q`|Cn!PmBX_!wAx8lSggKth$tfHS>WHQA0`@L{DzF{V=Q*P&wW z>9y4qp+;X&^=~9YCM7q$&Cd$&R7UeTjXl5`O~e3in`z7a+9RMtFRl@ zyj(H|zbj!Y<`Pp_ANegee)0;R@28dB=O7nf{qbCzJGd-&TpcuWv_u!(N+vM|6-rQ~PcD3!6 zWx}!pxb0slN^7D5vU)DQ!EYR5H>^on(0971Mrr;L_)7^)Ny0B#p=q~;RDz?!Do&3r zP;@i(kyBzJyZ=s`D+m1HSB(L?R*v+Li-wzX;vfMuBTS0KUjkS{JrIxsvPa zHKd_scle#gC)@tJ2;hy}R*$vlnYIy1w68FS2U>CdoDqMt&5xmX!*h{Dr~GD(>ANqR zQeYj^i~>1siIo?OCM}L{)H`n9aMCZN1~YzdWXaUBPCQXEn+3}k%s#Z}&#-K+5#~eB zqe7q$?tRWp6PJ(;F=wOfQdrHncF2E%CeKr4H_O6m+?Hk(+}8bNe$$eFHBh8AgprthRa@9BL?7 zLk+T}A&U_enB0HPr|X#5oHz`@cT)ROAecI)D!W}9xen|cDt|6rXw~=teNEsC$envQeK-!UX&9|qiH8{C z+yU`IC)Xo+5@6-}DqC`xClIaYm7?TJxv}a)B%u^k_ed&bfdrM8Or;a(b6+<2?4hOY zQOEP&@MfGv_65<-#n%0_+6T;_kS_YHbEu6!L*Wa3>q4?;HXL7)ZK*lfO_!gGQ5TZ;(s_@iT%N)k)lZAli6EYXJHu=Bx7+S})N4tB zTvgw-c}JH2Sf0m{6HKd5jLAS{8$KR&8(2ZKLD# zZFThjOq-g|@@#}jET}hhAr=m2_fp||pH0#;NvqRv8dQ}c!g1}nF2l12`rvexB>>0j znbBjxX&L{!TG*9h9%0s)xr~u-DF?T9PJn6I`Jaf%G(%$96UzcnsC5biNGa~T`*~j~ z$opsHW(%G_>9H^9Z6A<2WXftQP8#SL_WaEW9DzvZw(d0{r3#wezjH^9JbM+{@ZJ&R zP!QDD#%fdIyiFE+A2W;q`5Zyx_7BZj?FLX*2Klb;MX>8zarrvLQ{mo-de00C)?5;4 z2=Zp|?!`LV%r|xah9`41g5{>naJ;0R35xr}N*hG+iRCH&he!F7vGyiu;D|8-vC>C1 z{Zv1SH9(;K_v4X9(ZMRXgHn^y8r>`Y#|gT@G2Adbh|U^XazGzijK2E_F~p#55cB%T z2i8?@JMU+YbgA0R0|e^5qm2r@hy+uU!h2eRsUe>nGi9t47NJBzK#zLH-;sD9)H;Vw z{2Y3L_oUi0QHBxyuwp<-<0AlWF{FJ2;=ZkA-?`>dcA(>c)P+Vp&6E4abX(9UQ^RyY z-)@oHb)1&T=#1x;NqSJ{Vcs+F=lSIQyjRBR`cd{iQupt@{jKc4_(IkXUkk8r}_Q4UC%ijK2%AX7L2^bDXLN!Pq^Pn9WgvK|Tg#!mABO zcYxZ*&{nAWe0?V`0~a5|-PxjeHV<$*aL(W?SIII%@(<_jkg~ zU&Z#r@rh1g8nMS24ASp1P#tBcy#~UCp&X@+AQ<@fJ&ohNMm~>D*J&11ND*Su!C`_j zsc3g<=J7CjikiV5EwNdZ0z~m0cJ=5vk@+pqTerTpjAuMY&|5<5KV35+rI7%p-T10S zmOy{fIqO8ML)ImiXVmlwR-{&{N8o-}%&Y-cTxPoyuT>?JxXzS8DemmVa!` zvX%R2<(Pp?23Zi6bObGKm@;6fd z23?UDW^n!dBh2qYAER!7)SLfTkSS$%X7^!@Ki3w6EB!HsCp-m+T;tL?S={)luf1HY zj2l_LKoWqSj_oJ-w%hD5aVJy4e(8)ZC>{z(AyA5jK8BErsxrS z6@Bc-#)+fF8-$m;ZUSM!kpIV{UTTM!w2D76OX`kq5~HkQuTar`R!u?IU$)sqj&1_b=c^#;mPS~jfB=K5dUQEpCV{X(J^=y|F7P;d<{Mm|9ALspwmP%?|u}dkEcjP&fr2 zUNSV!`WB)Fzlk|yB`!|^yrG!(!Rg`_C;rjhSFUg=_v9uCMxt*c!Ax|V9%?e{$8^Iu8b0H^4F-3YL4*mkLTZ*e=rx%tg6dykxiuAW9wutGxHXha5NBR?mTIVPD;k*cD4N7SzbQL}+1ktbM@osn5VM zNf4M$5V=jD%58=yhS=wV={B$4r-RV>c90}}GU$Qy4%TX&zc&%X5rBDtM5O-3eA~~M zb>RJdgO~Uz)j|)MH;@c{C55Km=*2Thpaud*+GlW1?*w^XNqIS?CQ$>53*KmpfTE?6 z%;+o5Li*BNIr%;~=H)@KP7Ke>cdU(jrT!vdFK?m%IDcr7j|g~to9Fw#fNC44EVlA5Wo^Ds7iz!!9lsLV@x?sEAgt!CF`ZPl(ft?}7Bee?GzI5F z@ZA<^H`Kj>#V&Q<0|n`O1-Br4{82LB#LD@KtV_U>KeChu0_S=CUR+t_DB*J+nepou zkHB{SPdi>YHag#*Ry|?Dze=?a*6_;*YWN?0;zG!+i-8>(x-0s?WA@C%BRXQAl7Gz~ zID#E~Ok{qr#k{QiNIL*FK`u_GYhT^ds0w$mqaAV81(C>=UleDK5<0(I9WMk#n+3b* zP=8i2Iqp^#zqmh<%9K|n`yA;FYP-)sOmAVb2H@ecH;*u9T1+&3m_VTIFb5Msl%p=$ zVo)>+I2L|hg)CdOmZdBB=6i6VbWfffw>W12;dA+7qTEf7{e%Y{ZwvCYOuPsn8*I2w)({jnu>)C61S?j-gj0k-I9@3Ry4ueOV!%UB(DmKl2D> z)V4@_6_8_Px@$(kmh>a8kCFP*OvA)>Y=#3*@#~uN&#^h@-besewfjaxdV#_3c9 z;TfAPzi2^4nDXZ#7idRS_^al?eK)?knjIJ65Wx=LRMKUuM&En|% z)J^I1CYk}KrcQw0y<$>m04WQ9uxAL8lW+BlkN2Y8cge*xU@fBcG+*XbTdA$IPo4A2 zBirH5%9o~%3^sf9M&nxh^(edA#WR?=97jv^7@^XEx${1X2;ysGPNWG7_(;n}Wg>Iw zw~B#@A0|CgO@vn-4Re}biEm%EXwA$3Tnm$>+z0AG+iu}T>u>lrbR+}#9E;zKPdF9p zzf+c3i8hAw-lCUCB*^sdY_4r*kEn49H1m%$EW9exo~!lfe`u$$PoEZccF$h}JurX9 z2=ygGfP;fmPuXR7y&0&ejKzBW98r~ZaD@h9tcFtHc!-Jfu+(=&7c6c=YtnUzp78mh z7OR2&@W!c@c*C2?@OVdrE9q>)8n(MF-Je)L4rtY->r}=HU%WA|#N3s1TDbU;ETD1;lu9w1GmbkXE8nMqSS|%ii2A4P?mw!RZ4{xW zRg%`t&(1WMG&rz|ymg_CHO&9>O6K#0Rf}rgzfHB?!0Q4(x=;pVNXO__h8UX0W=$(zLmdtehn)u8~0%RFr+T7Q|AEAr7< zTd-Hd+TIqvGKel_Ar4!WEBkk^hPuj+2Z{Ud7Ixx_LDdhAs$($rh1XtOnJ*?$#U$GI zzKTFAr!2iOwXhb=(Y4jLeg<8**_{L1_7=e0Y8!n1v~n(fzt;84XV|Qw%=UWQKI2p> z(391n549d@)n)TlereIu{R~^xEm!$axpIzC7Xz*0Xp1CX7XnsORe&OjF|RSQLOiBl zm5uY;0}>HA!TU;!D&_s;lh-gh8PJ0tu8Gg6G(>lSeA_V9b$aiYr>>U zJEfBWvzGqJR`es~0Ap#Fu$z$Qx&f*caFnx(u?L_8KE{=aq#-zyL$SVAkt>5EuABM7 zvfr%j)~iVs+?v1qE>Ot>^?yHg)j}py{vD0_BB~R#lH(=+UE%v|CokKU|7ASM>q#$N}NNrAr!m_q&X{Jz|ZG$hXyu!tJocAP{oc3GwI zbqR)o2p3CZ)mSecelA?^S2MW8&Z$#5Z`P?^HNAj38+pkFdq6e_7oU}Xry)A>*jlNC znK8W_%gN=i5*2?Ilxr*Ao3<^oz3%}}XHpmr@417;*1^GC3pI;ABNo(WCr|P~JKYPY(QE7HoOH-=@ zI2(XWWC1IA+#;!)+pA6Ws7H91cdDNiA^*o?WkIkBC3v|u=XxaOW=GFKh4;o4P^ta( znW`h@i%iIEKM9s~qSFv%zBfFV)8FJ!-SnE!=bClpmi^6S5%X{;?W5Iw%#~K)tI{tc z7H2?^52*Ug7oYa2^4*!{Df&a}N?I|k!;Q_hJnBc0>&e;vx0C;P>`P8tRK;$mqIWw& zB(8dlUibhsqhne~#l!~tYFLvR z`+a4T0i3jbSC7|TbMfe0pUJu1vlV;xja~;pQ*u>n@=Iv{0FL5dkK*I$cSIwO>HR^??Zn3PJK)q)_SsEFp-UBeM# z6f?I)*4YrNYS%+qp7NCljTNBS0HNA34lW>Hxy$Q<6f(tfxtdNka%6g!-W^^0V5cGAh98@1{G#@5b8L2zmOpwY z_qqtI>LR0@;WV~YPqF0VbtN^vId%AEq^*j&)@K&cZqH(FdhQJ!_94uF&2~v-6cDfbLWTou( zlcfF|4BUc>qn4!O5r%f9kdqt=Z(C|MmGfnY$WZ2rfv`?5up1O ziQ_?L1k1g=d_=wrZ9bVUQ%sy-0f@~v2!Vy;hc-_0GAuZ@t9)492*GsVYF*{b%$h5T%((pGhnBBlB zL}0RtFgL*)v8@tw(r+MLWB0e;-3S*;@5I|)LQ8`C%w1HLSH58vp= zQXW%k&~V#NCW{lrLXDTMoXR8wBb8>H zq5*$*yonzcf|Cf2DlhI-2|&%1J;IrA@BsRxgC~2S-1){dynOdL2Km8Kb;YsHfU zqp4!^1;~c`8HyEr8PM*@ar-Rm!t9^Zibt8cu9@ zeaP;Gf3eI2Ba4`v-MJjQx=;Avc28jy#8dH0MPetjeB61 zKINU0<JNate`ev zK5=6&5Z3Li(ie3l$PJTbIqStX4bIn@toy_oK+W-U+od+xQa= zFJkz2(3Nq=f~aifq*?Cd5~z20%K)hinw(N?QT23mFMCfUdEp z{f)^MN3?I&zuj`+XG((qk&y#yX`UE*y{@K+5Z+*adlU5BnTN9A#|sHW@jZU2Hd}5$ zX{ZXpoL-m7EExn|?W3ce-JVk?yt0L#PbU2snVq?u?jf^adrhDxQC^4r4K1BICr_Tp zPI>~63L$}5p|QZ)ncTyQ1~3d^cTK5X4i_v%M+DnOT95mNWYFQCYzi;rvI*?ctmIXW z$@>&%`F4a-WV|_+=${j%NFj;WDiY{u7=!roW_s-d)vWzTz_amBKRQ4J2>9(iZNSH6 z)%Q*YEM-%K)H<@__KyhTGNty7TkDo3n9TL7ow?ty`tcoJwsIce*|j_9zFM}{A$bG1 z&s<2W6^KnUFUHBo5yh%%H#6?njJW&#d$C9EB?o7;LQatMm#6ptHvi9z)v*4!9ui`8%Os}3FB+UogzD`yx3O<*bDgn{PcEEk001=*l(_MnBAkz4dc z{66=ZaU#JSiWl6@x&p_6%fNL>Y9oSFr$rz)xd+7&);K-rn|Q3O`fLk|`OVG)L;3Gx za#OWWv3*v*FFE##A77Pigf9aY&ark@@fi3Tq}%NLzqE8GrF-IY5IgM`aET3{^uBZC z{ZthWY%|&?_WbPTYT)OfuSr5dpax9U`Srkzs^IRTDeeuM@UwHLZ)7AAda-ls5S*pR zr>EjEQM`04JL1QLC3Q&Q37f{F;rdP z?B+5dIOX(a5ya{te`zk~We8g($R?>T;T{NokfVj94c*?t2>F_nP+) zCQ>zgEx`SLpUH*a{b0aOn&A(?Wkz;r>8sAbOK57jQ538jdMKKkS3r9t<5MmJEhNDOLw#rEWs1t(}j4aG9wiX1WM5_vV22 zTR(X}$v{&&akGhkE}ws<2HXqgA876Hq>9gzK5>@Gaz%#N$E(-zif4^@-=(aRe(GS- zzy_R3YdWwj+bNpAy_7nAJOZC%Iq>u_T!F?Ju4^Q4FG~+zzY4CSoFo1S{GWU!bEpF| z4zH*f=NbVYNzOOD2j^TWGaf5hNM&JFk$}$P%q@yDry(zs z`g`^FU0zq^;5=Auxs%pde11iXx((!)TX-~~ekGiOFc0k$M;kp$=`8{xbREYv&G?wS z`fO%To>3v;cx{RvA}VbV7HGI2Co+i(ON zT0__73(U9?n`X8}@8TdS4(U*SiXSxn;OL-VTxwB}zwE%w6|f}({B+WkazVz|hKAsV z5*mb`w#K*zrfx^316rN=4rpXv>KVv`Q9W42Qc|a;y~nB%OO`5bg|+b*03_TPd@d;T zg%9iS=MjK;5o7~hbZS~|^>$(h4`GhNx38i}S*U-o*&AdZLq>lU@||1w$Qe3$8sp>L z+x|j& zN$0_i+mj9t^l7uU5pM-0K$rhmSWrX9)n;(Fi z6)ig4bs91x9;#8{w9ne+dy7~ia9~l%TTb`bIn=JhYp>z}I3mKLUy}X8doaj-7g+>5 zq&kY9Y`8Pe=FKtOlZ6+rq0T5LluW$4ZC?jq|DlDArGtaX*?ut*xt-V}WE`oIG!FO5 z@j3a%Xq1x;rIOa6?brKiNw)#+h}Pagu_YI2DuOTVbqBDfV`tX08*d=Tp3Jnsz3v#g zjUN2iY%x6paZSWJuWhKeTfgt){J2X9oSDuk#rGp9A4Ar_u-t6!yodr1)xBw!@q$2f z4r|tc1DjN#Hv0_Jt6(UD0B@=SCU+8sOXgZp@|mk}pxl}$!G$Ij79M*$^Qg>09)c$? zvn{Gzt;W`IhFu6Cawp(1f0`u!*@m67XbB`U{s)1SG`>AFOYFLQL zKaO3zkeLSZ@+VrGca9i%QtZWOhsZ7J^*y!Wn!)`wp>xSCGh$IKxydnn;%@-VxVw=wBz1S;w9yrR*@o`cInQT51{l!Ik0PM z+uq^!=7UR_$HJJ4XL;riXzjjv^?`aY!(8BXOJ7^8Km&D~2XF=%|2oR7D)yVZoWPK% z^b~PJs(k{FQQ8v>TU&hE$*NzvGrzYv%eEDmVc*FGumXoOv8w6?Z?W$IIl@C3+UKU6 zzF`)nqDH%q=5lAgK{v4Q>Agkq>{5XP;A?@VB65b(xNqs>eV?4P`VRmVSlT8ay#{&k z<{~z4X@0ao7hyVP)pWtT#^Yg#6@!#3N&A|V6 zPS^p7<}E?13~}66R1BLx zcz3m<-R&rn`10P<;53jcuCp@^ao|2O9$U5{)@01CZyF zzSZsI&Usli&e*nSdi?CvudI3;9rlXj0yW3t+1c5&w8~*0!M1>g_}92k0npl~f;mzN z&=``)yEgVV9Bhxw?lzvL#Kodu=L2N%nB@dVnwy))EqCm>eliPC2dISd{g1)e9jA?{ zmu&eDQ*%pH@>O(B489TG9az&IT;6Iq-!f~%0FFt(k|+1U;cC?pe@Jx#C6RYp+Cpho z+5)JXHb(Exo_TpwBvfxVIqpHEho#@;SS}2RSpA~g?yybx=)h=@%(u?G$i{qECFp_~ z_tAk3KX>y_@N9x%5Rn-gTUJ1R?&4!l-QvXB$J~eX2w~Sj3r;wqvQ)+=&Jayf%v6Dp zY9IAD5{jybLFlipt`?Qo?hZfnnK(QYYW}JAXd?8A;ZP+UmbU0zHL9eb5IRk=8a%t} z`iRZv?ep|_)1tvm=ivoe`?BG;xy6H|!y>m0ptoKcoX^Yp3dJh#PZIQ_r0Sag0<%^u9dY9cX&DFlx=r0ue^Sa>pmf`qA%Z^D)|c+~*e#TrUzgG{ zN}`X4#kQSOf_$l4tqW}MKP6G?`iNNZN7K)x%&X)9bIvh@t5R&wUsJ5u=#VGTN0f}N zW)GHTpW<$ww$4@N=5b8EeaA`52_DN+b-Hmjqx4?JbX>nF>Acw^N+LTAhaFERB&XpD zgi6${hEO)@q9ySJ|4vY_&(3vENTa1>GScSqs4WvSsqfjIY3gS8Umgx+__jUv7Nw-Js|aN*MabGl%F-hHS|aC&q_05Zz~?pk%YF#V8{=8j)h!bg4(q&;v1LVR z3=Bg#l~)U0+t?hBPGqYS^P;H)i%R9#jhotNh2lP_Ta**C7md|82mFZvww}Hs`{;X# z5hQCj6Ewa70>8Qk{mC_ijCb>IOi6QxC;*i{1X!c1Oa1Bjy0Tiw54=2- zZ_~}*jgv^EH_=+hKkNDiNX-}7(y1@42i2pcJ4n=;T$IeG9XQlu6^|QH9y`NgJ9$g& z8EJ9xN+E?aRbPI3_6mHu#VD*x-D+WRxOL;V&8ti$;nkI%Nhix2DR9c=hF^2*>oRra zV}Al47YJOEDu#%#pEwBhjx!9zBu=}mt*=|pFhiQv>dA*fn$D4L*Iao)ZN!3`ABZt^ zpGYY(CpFq22jb%5s^omV#&2Z6b12gPI7!vi)(XWbD-?>pEY)Y4nwUm)m1kw;B|r8% zX!u-|LMFI8+~V&0J(KHRK+jK3UZ|mPX84((m6eP@cDAl8iJpVb&LSjOWv;NH$T_EJf-<&Y@gHh!1=>*if2{k3JS(zAX{9Jxk0Bhlyb zI{03ctTYZc5Y#ovlml&+s5MFu|hu|E6eUU_f1L_m?9#U|&WA z+Lii;Dl-Eb{P+et2k1{YO0qL@x>T$$eB%0&m1SsXNPBtuYuFv+2UX6|Hp)6k8izJq zpzs*s?4L?Qp}3{C~FX_(oR>#93#Gu`QeeP^l5Y)qJEEOl4LX`p7=L+9 z58dKPJ4W~wi%x5lf>@XzYKD&pCv@O-VigSCXBU*`Hj1Hy=g?Y(#FZYGDlerQMHg;_ z^iuGm%~N+DyUh$wkL4n7($jfAyOAs^<^#Y@MV8LhQlGhY`DbT^K^DP(p}TRNb+z@EilHji$kT3Rb7)#yrbRtSP^~=4Ox3LBJU-_H(C)L z4UId4p32(FV{dO8_IQ_74 zMWIzCg1EXW)rQ*~cU+0QuyHitCLdA9^Yg5<19+&=bdg!z%V&GuTO;*!oFT6rq>_MR zzUvS*E7nQIM`;ZS6B#}6G94alAx7B6_;WarO*q9Ei*d69F3Dr=wc1ee#P+p&LqkL0 zE9S6xf(e`PNUCk^d5|}TAEOGH;JZU!C#CSqG(qUY%EKRpRqn0x%9uZ}v&+5td6j{Q zGJoQR8~tUid&}MC#uT@vA)k>6hz!o~cIQjKrcKM_>g6x^j%g>yDF!+Z znH5) zN|-kERFnmpP&qWaoJ4nUZA0$ufj^>hS5X=qwymCWDB`)GcU5Nm&4LI=k4$ptaRv2U z&TD4Hec;2~et#{JVLxgknlhfD>H6q2TV0a=@ez0?Vbw{BL#}i+dl6PMFb$JV``jP+ z_*JPF>!vfnrQF;Ar&N!x5QE=1lS(|C!=&A)3Uwvx6hM=dHPI{57J&_nb7Qp#iWUZ@X_Nz-|$T zl$sZZGizns5u5&#L7poTiS63qXv}gE6fGwwx7z2^XWi3OyP1zfA_+^dLhb6Bn$p#r zh=>RRyfrxGw@ZG<8gcYC59H9&xS385zS%o|B0kLXccATENLSR*k@a9iQ}ZV(G>P#* z;knzT*@vBr`x@09Nh{US3>*_NU3U@q1IAOZ@@Je8E$wE{4Ibp$SdOH;fpY_xbzCNN znT!dKn}M$%pJ$ld>jfbHSjpIGjYsF;t49f=v4JOaXp=syUHI&G$;j zvyxn7cD`mvy!IDJ6iQ(d1=T=U%)Xb6xhOYk+#f*cL;OneEY-b|`KqkzcRK5F=X26PC&Pt)+#eJh&U*r>7DrU4ksMI!MyLZedW zd8a#-QUjLZx+f=BUm|Wh`!S~)Y;07nG7Jc1kkWKWD}=r4&tOj&*X+qtZCKYjGK&Mlw?u|eiqTsTf4Nj@rkQZ#;ubNL?{al z4TB$dSM3Rll^RdGWKIG%GeC}g!zNmbCu%Yr^xjy+x>QY`xt-o44#Foe4U>@fbRkVC8W-{|Fee_F4kg!5iGv8MH}HT4DOs%Ho=mVw z&dJI;S5>QWL@OIzS!Hb}ir&W7^UWISsuP4zaZYw z9b}mCbI0Etijn zp~831G{OQ`JUQt*RZdaW)m=#|*QB{v{2}R5V!JP?%UN&XP_3TGJ3`~HF2v9s6Ve-+ zminJ=QDV=d>2N&g%g-4pc+!I$xzXy>(I)EL03Qq!XT1j}D)aI~2ta(Mj|Fgx)nhNO zm6Q%l&m>900_B#iP@rb`1w;Z{Q1H_vApm(=US1|wrTwrQsgLITZ9}^$>fRbi*{4aM z5IPm2Npb5|cEC&Cmw(QZPD0JRX~L=Az5X6g<3k-Pu;ZhI2fmkLDsE6P`(rG@r;O-X zikFD`UjGch)Ws|i7VD|i5FAaejk9B zvW6B8O#4PCI{-4M!Jy0(bP{QokgUdgZk~nzT*` zGL=Kz_RX?=c0zvZ`Zp*f^)d8?X=Crr9J(S!I!KTX^b`@3xV%=gBE89Ds5)!OqqFV> z%U%F$T9o2(@jE4XJxWxlsJSk|wQ4YeOCAJO&1{VaOwsa6kXGGX&H5i^c`v~Fx+?sZ zqh@5yc~omYxZeMi4K1@Az(pSealyN|s4LP`=e2Cg#*|hzJX%xmY%Y_+kFuH-&cq+0 zfO^CXnGNTgl??)r^ouLl4O15H`#X=VxX;=*fnyqmh{qEKo}d95P96MSH3@N@KF z^}N0mTQ{FVeItjiGm`2W42-M#j`1P&czrzntSKHKd5@m7Jc4njg&YF!K13YatX~;P zb6zU{)Q}MbMJMS0wk(BtdvAgGuRd|QgG%KVkBIt#wb+7Kl5be;M*e_jQ@R!HwpN7&!*cReAmjs4*s{5>GbX|ml&(+>H%8s2nOWGkLw3{uz?6vc;H|1D0 zG-w2#>BMeami{68RHtlU`kUuhEUAI$R!wMb4C#~KvMQ+UZ7|jc(_s`{ueTD1H z+e=J74t>_*^)f!VRZ(BnGsMj>(UBycnp|5~IO` z{{sjw|Lb@b?ED$81UGH8J6MsmMj7{rCVfkbILo!PqqRe&baUDxQt8|;_7GQvn*B)3 z55XkI*^NWr97veo4uctu?RXM7BlVI`qaWY$MuQM+Cx#o`HsIZmd-50iO4 zcTPl%m^LP5K^asHt(_VIm}nzj^1eKz-mZl}$i91!}b!fAU4DopMo(*sXd&@ zmAlldYQW^LB3x$@M0gu0w#U@*mi2dtimpDhl}5x=O;3e!wk9?`McLO&A$0d_?GrtnX#0&q1k?87H2NwDn~S zmA!m?$dJm}Kweh1q61QAqIwk|NMn8M#gve-0pXsa*&nL8nVgW{w^{$utt&O{Hcg`? z+j%Xp5sDs(9<4f9#{x@yvGp;JFz$G@Zso;D@yKG|WpTNWbIr{hROCoI?MVk zx5eA~Env8hj))h8GJ6Cr+Jh%G!plsgtz$OTIb~;T|7weela`t;dytIu66*I%*Umoe zPnLW;@q#cuKEAk!8Km{e*10sH7=6Slh(Gw;Wm6YqQnP!qk!OxMrtrkOnr$LeTcU^Sfmj}OMS2dBJ!G@i5S zL^LI>tPfoApO=YnnjVr&B)fwE6skkU)?7@p}`YlX6>U+d-ftMT;>Yzeef+lDyp8_1x2U_mi@uvVeI~Z@@x+kkTfjJ?JztH5I;sPWG=6l zq6nj8k{b5p%GVIhY)+6|D%H40Nb$s==8M3zZ3in2Iz5m`B-mUJ5|KWi27VpM%M*0x078x*L>y`C2BT5Va*d< zTrm-(RHx{BK-9*m4arMkHk&I zM!(iF?$(ifuFom$M4FrBP35&0+>=o#lVV%MY%=b&?^My%v(MO(~(C(+?bd0DZPTwMbQqF-3<{$~?al_lL3pD|8a^6;G}V3mvk5K9(z)rrN^4J~prCqy{F6S8Ue4nXCS zyxTqHBG@ZEWVp85L+B37mF14L12@VyGEO!Wj}eoFg5v$C0S&|5Wa^hsZ%6g5~PN>1Q%;M@~d znOv)!Go!u$#U)@{ae<;;stja&4D+!J zMyf*OoA6QfdQi;Rn0RUBMS7-AQjs$mb9=m*(5avnfvu$`%=wljw&7mSg#?D=7hh) z_TUG9Q|=DlTn@n%aobB8lFIWiK73hFr3YvovCN}q)#qY#Vi(nQvk9wh?3h!1qt#~V zTWbc{MpRFLR3C}xhLkIGovZ*sD>)g6CnFN;eS9r)PYyj6)Czg`o-~NgJ!P}GWQ20w z47%b-10r-wI19~NRtJvg7?*!5{?T>{2(Nb3XF++)ZhMkRRXsOCE|`LcQ^x%On9Kvx zip-Giee5Dg_R6M`K*r&@ABg=yl3`GMqzHP;QA)f8Oiu>yX=qRx6|q6w0^Rr&JueRr z3yfYL3DNyBB_3Vh(cUe@=<7s4Zb0QPZZC-HYW+)N58g9M z_!q=x)8vP-c_exVoh04EZ;h!`sTD-Gm@D`Q1QOooUSJ}ghfuu!75j|^#JlnF^KLJF ziwo(mXRTeatLOEo=V}A){BS!q(3`l^Npl03b|g~H?`4akRQJR-&$YyoJgTDmI5&D zT3XClgKpj_3(?v_J^I4Js9& zqb0UCpZ|Wh|FNJ%uvo_^MY&z9whlVfXbS>9_7Qg25mC#d@F*^^En$> z-KK!RC6<7VF%jD_J8fs!_B?$}K7x|pb2~88-(Jevv<%e8rOSBAZ~|hYnT?T^O32EB z!Qq;RA#c-p(WeoOk-`T9N`LZ~o3|qIvYlq@(`y}gQi#!*-DnNa&V#4~`{_kIN2C}< z`t~64i2}p?t=g}kHgU3H%nSjOv<6m|B@N%<+h)S;X2oO~7FB^8Jde9`jrqAQOr0Nw zH%%EQOhYKkcHSkyN49 zrrbUqoC07w5Pn)l0jYEH=m2us_;}NOW}nQ~ZB4^~-6QEygRU(gvgfeP$PZXdO?y=G zpX{p4(IW$(W>y|9wg<|R0(XKPEZ|S`2CD+9Rq#$VaenxY);2w4Q93Q`si{$_FXSO- zUVnMc9%eFwcal=LfspCQ4`lQ`3A8eRWBICngW*4U#kHf~TQLEBe8mc)lw4uqH)6no z4=AFct8DU6vwix*3>J-Fu`FE$Sd=*0Vv8hXwP&&%;+8lp!qI$okRMYJt9C0d40q4V z0DC(6(=*l#?uPT;Ti=!X#nG2R_t#C{JnkdGWclb_IsX|*E;1cm(l;b#;-J4p+~-nn zZlmAcX%}MP2Pk^lMY?WO+}}15IENNPIQ{11g7l%7JBurziXC>T;GJ3EVsX0}Y1SsZ zWfb6{?3-er{HrM5#|+bRSXw*O7kMpaPH(L$$Y&2E0Zec`U6E-f)gsZ`!^4WU5tR7Y z@=Gf7jEszugnTaW2Y;4K9Y{Of(;4$6E<2B4^ldYYP;;w4!W%Voj_c1n74v1Fq~CAc ziruBOD@~TAcO6}(29^cL7`Nfh@p=lL3s>?y=2G=wiN8FM3^Vd3J}ojkKJKPc4XR=5 zD-4@cs*lH!peBK>@t$Mw%WMdF*H@l7_y&;KdNy($7259nsVB0xlJTS!&mDqgEH&@h zz<@e-gp&TQ2y8MVGP>EW(OUel=KLm;JoP9j?XT$=POUEik%P1B1wvKi7fKrnFc0AB z33meXgkrhmoNHb{=mFeZA(P#vBzYcBuWW6G41MnZz%mQe!{b|wu7ka1>^co|aX-nw z>;v0wTlAi*GY%psO@{K1AS61sQ9|8px0AV<0U)K596@SJ0^~5a;U+HjYp+%8NXIy3 z?zDMJf4KIMKNzeJeIdV=Q9v);WR{BSl&Y!9KrtrY-O=RM!&uX&G@~i}YKXkGH!>Z< zo70m{Qh-OrwI%65lmLfE>24$_7%O3n zsnCct)+a~m&5DC~ihWHjAk5+9+0xMK0y?oY(qixkF5lx#PYQoOJFpplpqT&A^E8sS zPHe7b_9(G8tAy*FExV7yrK6La+mBIGWOX&T>KwMADdSrTzmTDzk)JS#Ur*1Z^RfC+ zFk+*a71r7AfQR>SOAj`exdrF=Qtzt9E&YJ0sioyMEUX>WYKB?7m1IuP>vLOFzSxs& zBA{qc0UD8iclz1N^j(p2nORv|Gl9m;PNQx;*UwMYPLx%E<8J@^Y;HYe&j9^6ihN`f zo08>|BPJW(d6qz(8oo36?DYhw?I~OsGrSa=&V? zE%JmuO&XWQ%Tgymf0cAr1ZIMH)VNPKG+|5rq`S~i{#4SZJKhD|fr=)FkPB;Gjkn+t z^D?+;7jTE5#WSE-=4(e*ZZ74j?=9`v##!5tr7l0=(-ZRmp#0IXnXJwRA3U{U8`??R zJKlMR^#@?JFOP^8tm|Z*?YTy+?%1D5!5rm=dNDL1&}LRVtdEjM_z$zRlByBWj%FV7 zGS~qX0SyfRtw1x8H|Wpd#EbymX06JC?G%HkYceU=Uk}|$&>`cTod>Kc0=`sO<-M%T z6E;)zd!e5iJLqX{pJpyl0$I4J-||K^YX{7PirG%qXKV&6i$_RE13ef7ETWrAj-}`9 z2CFryb;Z5ITfA+OQr7MAF^~=H+VG^|{6`31)Ni0ccPwbi-_*^%r?s_`1Q2Iy7xoS4 zA>pxm`@)oa`k2)LU-i0AuPH^&5f-J&3pI->)e3r7NI+NkR0RLp5O6PIke2a&?6_lv zCkzIl!gec!2|DQ_5xD&PVKt-jf1VyB~i^bk`tRVojf$}!y?Dym#Aywag&P|k9o^JhKx7mQFFSl0rIvBKObs5Z zJj}zx0|sOLcF_`u+92SoTm*5nx_aT*8_*R7Pyc=tes@dCqB?#a_-qifu5q7|bR#9C zQUkl_SV3Q#=2VXX9abIqs9#p?!)wFWknls+pj_Uz1Y&7@Y@T}#FP^0}9F$Z6Rrn^+ z^Ig$r0eCpZ@??B7GRSe3xOUm$<58=M>@WOnU#<;lidq^>*~o1{N$1f;^?4#xkr#oU z@#g6+yHPJsGg9Fe12tTHO?$n_8OcFCt$CT*l@n{1DmQ|c6L$*ZptZ>WnE^!)-+(nB zs0RJ`7?zFHDCYQdVvkG*@NHHZYG`;?Pde)!v8XxkiJM)%X+^!-sZ#BpTUuRZrROYyMhlfI%>4%X6T3G~j}q@$dap&=o6!y?4=N9=?s%sO zs!%mg)315|DUxXj(>#tH#^#4{;e`gDHuREUD->Msz|P`tfn zBWc6kw{ykUT&ZRcPG%w9eSvt*Yij;toashR01!j2U5-VYuDiC+S4$icQpBpLoo4yn z15I$9ZI_cTQe_MxacT$U6Qmryi?4Cj{RULIqX~4|)GslFVwD`~`q(~R@6D*jd{=}Wk8f3J-YhV-pCtG5qhtCgWpug#qni^3+N#5eRV=xjjs{*9xTt5 z>lzOsuX0*XHij7L#D=AaU9qpfL{b03b_4p>6RvRl4$n6$y`b4S2VOVtu6GO~illo{ zN9?Y+M3!HARk|>|l;H)Mh9#%=gog0aKtQfZvdpN9ta9QmPA-J(ocj z%H=LCPhPj^Tjx?RB?t2J^OIzRcN~{HUrdGCI2Gt6B2t3#S33q-O|+F6Y`vw*N1ps1 zyD2+ODH91whf1}(!F$YZl6YYWfS8)5LJhj|$t_-6IRx_Vb3u9M(&jdoDjQ7iJN!y{ zo;K){1I;hPpcp?Q|40_Fom}zsJOWVsG;OlIVTheZEOu|i#P`AZ5B2zXuui>ahk+*F z5LRve5O`I(#hDl5slclOJ790US!a_eBeTq2PXfhkc>R0WkC=2?feun$!V3_a80wqh zDEa4^?L6^g*rcyDkFd zPDSL*%5E5cjY>np0yf~dtO3$95KG3#(=Z*`p9O4gBW9M@fYQJg@I<_81Q26QZ%o;h ziC;2q^ZX!`MW*nBynZcQBN?w%5+i&tR?L(l{LTh(rYozf zFarmx`_WY423n(^R#_sP&0-g1I>HWef137ts1pl>QK0_^7dhy}5;Hk-f6$3o0^gMV zL|9$Y&?GmNf7V?EB4(J^XRHB(grS1a4WED$*r>9gT?r&=Nw8)*bOe9?YEWAe9-_O&rf;q3&Fg){Y%VXOvwZwk%~ek!uGbj)*%d?U}9d&M5?nZocf@ z_N4GrmgO0A3#cMtES=4|hY{>@06p|sYp#3aUR5|7Xd!^-2%Xhn0{p3RgaP%&l*PTz zK==cw6kq+ewox1H9LnctmOq?ME%MNI7zeX9zFL1Qn@;ukvb|)9Y;H~39N_o>M-y&W zqfofn_CXcMNM6-5O%3PKx2d27Ao8m8!;S4`7tr|990XtMn;?ChS-p3TnESv}J;D9G zuIguPENEB(nLniI38;=HJpEeqb9OoRXdwBR@f3KDfCSyr9M1>{EobaWK5IZaA5VBH zhcMb8uVkEa8)NXRAlhy9G~ysP&*ZJ?*j;)J8fU|vJw3Ob5;g43u(aYjB@$Hueuc#( z)+Bb|i|=`}HsI*Vc8e27mR)M~C00vxwmd8J#f|FH$H(sFgA%f8ajSFY;PqUAz8?N< zHig^TT+4s{wR?SI8Q0J^3Ua!M zO}WVoUA}tX0J|-a7Yu`c<-c*0N=i;n7OI7!i$Gh6)8YpUL?7gMyKj>GwXlm=>svO5=VTFmFN~}q%f~7fZNwAV z_*D9Ak@X*94?Rv|Q`TOqO7@Q9a|ZZr5$IuqI76?S2YAy^i=RS{8S6JX%Mx^*uM>d`XcnX`dWVeI@YyyAY9 zr8wZZ-Ek+32hH9m0htNFS2ld?%vaDNvSCG^X{J}`11YhxU(8$%y z8_7BH$?V&N{00ux8X|51B$vMG)P(DC9#n}K{Ph3@JIM;6H3dB_0x9}GKkcAoa@oy~ z2dpM_MD16cqzs6KKpCtII|Alzx_Hv(*D-8VDwy=PBnj4|ESNE2Au~HHzTNCqJh3=E zV{~b0!dAFD|45ZpcRv+F^1>8~-Tr-yOh-U8+8n+XlEPe9w$5c|XNR=Ym~%)Aka{9= z0{e@k(GP;DxeQOiJIBB)V#R%J4z;QZB@HKOV^{~R z#Z823sOC(O12i9dzTMVP`^gW2hpWM%%1LAe%p|{x$!`5VM2atuTUK3Qhn?)C=K1Pu zDB4MFzKUWgk-m&(;t-JHqle7im#%o$_F2<9{!BPvEZIO^3>}zuL3U@b;p044Rz_jH z%f`BM_L5GLcB)xmoMfGj7iq_=Bol@&)@)E3TZ)O}1_b>uFlGQEz7sRHs+(jsJU@g{=smZL^{gJ9n zq1l6(4;4zB$+rZ9N8Dt1U2>N(d5#GPc=|9=w2n7x+gE6 z$_Fa!7yCBw?}+z2@u0cG_2b(BFRSS1W9&5Ki?*H9OR)p+ zHxe-ih#TY|9B^|juG2rsWu2g=T8CIT2DEg}y!a3IJ6U{)3GHTJxyhbRy&zXAMX$Bq zdh#2z{~g}FLqWZ>XW-2tg$G{(DOKtLr=(SOHb4Zqo0}E@C+IG-DUT+6m=1uIP;Bdp z2k$r9Z7WXPzw}^s2y*G=_!JqNE2?Cmgaw#RCmdcJ9pzq$r;v5)qyo@Z6=>a%j1XH+ zdLUWM=vwGOPXQ4bIpEADg>|mM&HAx@|AjYXqOS%5(FU(R%OY@!Z&g;nDPTFgwf)xO zvSUXmhB-mQ-Ws2PrtGbO1Gxx=#11Imlc&r{R#~GU7pTR#0`n{yP@Sy1)yT*4(-vu= zQYk@AMQ`Pv14Zj<)JVIZX)nsr_yUA{DrN z6Jy!g?xnh_PeoEeV}>eNYuW8)qHUfn*iT)cQ26-gcNxZ?`OBqH^cOTBvK{sJJ?rC# zh4gJwK{P1;4F}PHa5iDQya{+R)>?ePS{!sjlrPIzy~AEqLKo!(oLUgQIRlgm|IbOF zop)e5yu~CSW`3(>XmBV!iUz`@syP4=9A-?Xc}NMqC><>EQMNyvN?k>*?t9@yj0~gh z`OPzh74=J3<)O-omtZo{Ep0y~8bsJPRrA^E@Iamj_r?QW>WNL9Ns18F@0rJPY~6Xj zI;@&JOH{XFrfqSi`1a13V>Th09I)XnK4O)cSfa|EkT7B zyrc5&ft}l%Mf*!*juq>VPGIQnsew%~t9zba*2%{{tD5{`Ee@*5qY9ruiiwCjKH8Kc zAt8}r7|ve7^2_LIyw`f{%M5R!+1VHxh@n%Zf7*FXW0@wv-vRqvTwL7P*eI9%uy_(O z+cZ@VUIxh31S=nfvlCD3D8|fOUCYhmF8>btd6weaU-`Gc>n~Rr6^IBq+EAb`WXJio z1cK-y(%Asqx;%?hjmAnNO$G78$n-`%S=^|f;n;vJNZ`m(Eb;sA zdx?+lZ9S9Ww~XE1`J&F_7vxM`01-%+4A{Ad#9LdH8Vhcdo4*Lw;wMDA*p@HJH}ax3 zkAxpwc$~NCaQq1S_MYe4f98s&T|68dh}{jRLYiPT;-NcNxBsKsJ9Kyd&$^K0N)wWK zg+A+zz5jHJ`n$u@Fb(Jj1xH59A%OO1viDvaM0juesOsTAe=Ly$vWss)l7j5LS2xUT z1X}H0?C#m&*4)(81YR*%z=KA&;y&ixJ-fgsNxs_KBv1zb=g*(af)#X}FlpuI@4eg9 zMg81+f$u7=)(dnnw|r!HtCr#F>Z(cOr{JjqXmRVWY~9xeP{S*fqiHAXNvvEulT>%TUd9NjvX-=A*Xa zJiIR%yVp>)Y8Mj4o|>2_QZZ&J3i7ngDqMyqH+;?N!KdEFBr+)d58dS8f9`pD=K6nb zsL1m__D-e#Pdz4bZ>QaVmSf!8Lw4`VwY}p<_AWs72eWI6|J#-k<7SIJM5>1T{}Sbljg1=_A~gd9sX};@V{=j^JPD4 z?^@&kc-A)1!bUi6^e!SHxjJ@bhC+WILS0Dh^6s~TCHivExa>tU5^S~J*j`iZtK&l^ zz7?&aA!`Jm?0PNUQ#W>eOkED~u~(D@ys_~tfaKms%F5%KojIM2skBIllP4^%ef(kX zA~(H^8vA=!aQu5lLDXRVHY0Pl`sFxX$lk)G!zkjo)W!X9!3 z8T`S0pvOya`f9K&*oM#Aptl4g8RXu+^kt#zR~RKjgKk(wO)xW^Ml?S z6N);!+fpS=#_DQ*?wvd)s@J^Y1-;{2r2b&#ithoiH)k5|M~(n83Fr z;5V-lsWQPhW?yBhcIg}8Xq(w5!JUx$az6(Jr&bnZU0p+58z$mpLz*rZ?4Dx;_JaNX zmt4HRc`C#Rbig?drCZqA&i2E>y9q9ZkP#2dD@2vi{rn0Q5l}1_T4L4Vm z)pajd)R%S7y}8w0|9ig3wE!rWW)+u99Kn9;c2z)Tht}ZCrA?D?SOp=4wqDGzv*dGy{~kB0s22&f!!68pKF z`tipnOkAMRyv*-NBH3xV;V7-2=B&-k zA`IW{21YndjYTBgMBHf`T)9WLhuZCr;0`I0h4^bro?Gxi zv349MfAGivvO;<9_*oy@zx@-}PUmV85(m~m&lh0|ymsIMkEM4t5{zR&k6YICt;?Co z$R#Dm#IwDQaOf}>gQ8m}&CNTmPiGQZs@9sgysy89@)-%66@K46nB~7acU752DNGy1 z=`G0~+LBSrFc)NA5O{{JTQEPsn#{ zv5!apy2L&n-8IBM9^JLWJ|6wMF#b2d@s=$v92~=D%uI_x{Q>D|Zm;hR96MA0_hi+- zcZEO>+5X#ce)rma`@L-P_h)>3|5HX~`nkJ{{=b{NAO6o17HIx9*!}wv{__7km1BP> z5Xin&fP?J&3OJE$e+5Ax`*8)p=KW|3y5073(0*p#h7S991sLJ~9Y~lh5v-TjS>O^Qj_i+B{ifQq#I;(NrR-) z=S9E2|8=f&xESyAj=fLa@!a)UsH(CY@m-p`7#JAD@^4hBl z!E{oWlg20=q}v2;+|9J*&6Sie*n##P3>-`v4BXp~051tl+W%|6#(ai>{r7z=42%#< z44nTyqYPYce?9}R+h_h=u`@9L`!w)g2G;*RjSb1b{$Cqo`S!7Ut56}}LSX+!#|Z<2 zlKJ+9DX;$Y7Y2qDhWx9S5O>VoRDy;Foz*u*>s)V7eaJq`;>yluy}rkfnO<*fkNG$> zRHEkFdtUC)Y5tprS4#R%zLlwEhu(P^(P23INbTNi)}62{$CpymQ+;#!H_d#CGJJ04 zo{4*j`o5j(!*kFHs7sTJtx9U?o>eaO8-JYt&+l8Z;kT)svH!jMh%lhsq}$bM0tqEm z8uNTo%Zd^=CEU#0_N29ey+n>0?`S!OepB3j zjef{yz9S`uP4F4x_BSpLgB}^P{BG^36xP#w%2?|uPRa(t${{VSFK}q+u=3?jLku~T zHOkv4Ayw2TTnLbm09wm3s?r>C$l?|3LP>luyRPEUJeS4pYDmB zuE_jMGEIXaXU&X0XBgGDv9d~vK>5ai7+3x`2mz)DMA?Fu`*yXjK4GN9l-esO2Uj}K zq(o?Br1fJYwo~SS$nxb=Sf@icgZZBDDF+a(bVY23oHD3uYMQ&Ef-}mWZ&!;-MX5Zh zB;%#68wgUauD@R^gLS*@Qdoin!AdOit?^R9RpqE!`)p z9m%NOBm3v`?_t? zhwv}p|I0~I$^bbXvy8BA?*gMR7}jImg17=r>@iUnAMxyQlFB_E&iEOM(ki!hlMj84 z_2>0+5uqF5iv}}9E8_CR{qAAtYF$wgJLo_=^9%jkTwWHb5caNAl?h-op2$eiO8Qil(RZ{{c%6=I@Zo-?xP&0-AZ<%x%w>YEg62@2gq; zl8lMRVY%ag+Fzy9uz?Ci{A0ettPio!pC(=}VT^pOPcN)Fx1_D~lF^s1WT$>(47^0$ zOyRLs_~>@SIsyT`n&8Yo@f4H%jszxA(~QwCA4$B0`(q_nLQRid&iWJizTh>V*ceG* z{aHNh*_iTrjJ>4VbJxGwU&DnDl>+a_kF>mHwtHB>Zb=Wz+dLuoEOkuKk|^>ZoTlGD z?@+vOm)hAN1oJmz`4Fbtt2)2_1YS70+S={@cr+;w>u~pwN#X^e`9MAFXgo50tn{}|PnJVOSmh%OGl-T&uz6cc!s+^Ds0q_TLw`Y!fyH#fNM&DOd+oOY+? z#Y%|Y`S7sEQgvJS4b%BGmM~Q1wW1R8uhJ`jq)JH$DtvmoS2$5pSm7$)FVwY6c;@_n z>IGt+lob^fCBL77puSsUF?#=MJ++;y6AzZdm}$p*Ej{>9#CZeF3`R8Uy6AC6{bhs} z1FV$H!!O+6zhtDu;Sp5}?PR_F^zzu_O|d*n?D`^EGnKBX=_}4Vi)1Y~tu9Py>~2ib3;-Y_ho74 z>8emdZ37ET-oC@jEc_kaKMAoUun$I7UFwJebn3rjD7dWI|N8PC_J-2uG83LgVe>l$ zwj@|zBkWoQ8RQ&^ZC37yVd;unjTaoIiF>6*{NcD~5IkK}wl17Ha!Yn8EaoRtA;?#Y zIv}9G%R7dcVT8PVCp`RiHnz4BX6MJ7PRnuuH0w+lv}c4iubN~|$y1P1<$eUGzva`9 zi0F`&N2x>n|7f;+f04n#0z5)EvU6cNGqfuai@snQNn4Yx(!W_;uC{_N|I z{N1wa78~or7kPY0bx6KPN030dcs~851UVp3&}98sk5(-MIg0{JZZO#sPM+01WK?}X$2?~ zi~B8ZLBZ{rG(@207OAsb3v2MM*rU&Z8ZN|i`P*s;?^U-lf47ni)m_;@d|;HP_lN*d ze?LNMg9|L3pCE>XEqQ&ZZ$YGQzW`t7h- z(!j7%BJT%og`5GiUzwP^WKp$|L43C$IvwX%(_DXEUfzAxZoF)ULDh#(zcJq`J3}%+ z*%e4A2Ht^bh#Bh{B$&x+0TcCGn?fDp6F0)Mg$5N@%I^ei1({i7(ip;G?eTXag0 zPw7@t@iR%@OiR`_GMWJ1v3s8q8y?Oqz0mj+D-mcSC>aV>xF4a!O$_s)(n=yKEYTK7 zMw!Y!^Q#l`b3WVtntJYe(<8?cC-~BGOYAKP9$KQj<3$M=w0)z?^)1)RwpBne-Xcnt}43Z9k0V9lz0B6 z)z}8^#-f^0?WGrWO7q@k<}6fHC9f;5=g6?G~@}U zIHbsT4&pK8iY)etSAgt!<_J#@=Oook73M{VLaus=k*BdP$i1;@tMyTC$nK~Bt^lUS zjMG>2093nSx&8g!<(|?z?v~(En#CpgDrQonx@TdiRV*5n9tD3?90eg0J^5$oB*d%} zq`h@%Jfykh^aF3GqVH}%lII%%{_6w|Y|qydt}m;YX9~pnHtJ=n?OSsC4#?LY2y6T~ z4LDMruPxa+Hjsgatl$@sFyR-4aqXs18H;2)jFD8s=ew?yB zO54K|Vnd)RjYIPf``2&-q~Sf`g6?{F@E+@|)81^*^h(FuNq{jXKP9v$wX|Kws?C*|TfLUcY;|=UWdBv7?SAth!&&Fmm(6q3PjHA`oy>ft z@vl&+m#9^Z3lEPozHeg{=}af&Nn4($Bgo$Z ztVKv)J^EB#i=TDzv=d39`l__)zJ#$VBy=2lH^qg8mOCGzZcPRjwC=uOtWtQPnObX9 zCg=<;SH)~_(1o-|s~6YJ2$@kGCyeurupB&~DqIE7eU`&&2Zm&V@^BVC-c^uJU_LVQ?KvygZQSKO1jwe5+m!W&3(n#-}zLWz>+ zn9ys;!T~p{2%nuVmMxskuP{I*7j!l(TgA+n(N*;Zt*$6KZ&G~_NjPs*;LSj~N_6~f zLy9T{KLAnG6|8ZfKhYgvYw?jr4t6&fSi{Xy;dE(xgodvMOfo)=|VC+VvoDKnD!`3e=P!G;=x1YPg3ee_SXO@lfBV`~5wX zxT;bfsIcWn%sUba{rB}a`{23t)rX5|Up}e(H2WbHAW*zssfezp+ce`yNwKm?3E`=a zz0L9Kfi72$4c=#l*Pj#z#-!zRArG@F4Vklpw8BIPhZRn+Wsg- z4H)F18op`6eGhzch4@9enDzm!-{8K(a&888-6nk{fsSFFlY(KrMyt1?stgxhSXrH~ zEE~v2@)q0L-ujpBD_Wta+rKQFN+(P_Gn=slTb^T+5 z7a*xBVmWari~79*ZjfeQ*$vo=&9yIf6<-dlOpWs1BI;}CAAawz0kcw*LVQGCc@;1$ zFcj8BiYvss9bXF-TW%{?A0*aH)OD{Ld0e~b=q^47R0;WP>DcAh-1jt)-dIa8?npi; z@z)4Kktbz$aNlqDqa*0Rcqf$&n-;H4$@4IWjKenF?v;ae6b78_g9e68p<&3@iSJaZ zwq{=12P;%wA`8## z!?HMza7|Azk(=+{_Sx-0_9c`(14Vz2?yI*DPlP0!U&)o!Ug0wDFMB+&0CP!s!ogfg z_c}Cywr3Ea`)J^79EjOy!gFO2PPNi2!a+#>Y^`xZ);26g>3k}rEUE5UFuGnn5fz6G z3xyXx3b9&hnxZf1J$aEdYU4wP+$Fo3Sd`<^Sfkfn&mh~`$b(mJtq|^O3GA1CwJ9h) zrbo)titilFe6@M>fdVrh6<5}PGyh@h;=>p;itsgMXLPSkxUl9nLvp_6)q*6XB2R*E z`hXYS^YA%0yhmrCbw~*?UgWBBXB#ZQwbQ0~4e0&4EB58`wkk;s$U*e9tCk;?dU$R}&c_T=I>_cC3D? zNBk!K4Li&D6Q@EF)g!Nb%rsU`%RXtJ471QCnk07?g4VDn9FFfz+-R*AYBq|l_i4se zoeLySgr(m=;i*TN_$MQX9jW6{#LhU?pjZ{N=+$djg-j@5?pO}`6BeNh1_>7x>22eM z1~;kiG}mar86@h?qw9p7zUPa=*%(vBEpscFYldE0no;cDn9d~9pd`)nxQHA1nCF;_ zT0*&YGhe1YJr+{WtPOXwdGw*V64kK)S z9d#jWAP@F9tC(r8)ldHT3gL&UHB|MJgMtMO}Vr#6pUE>UGVC z%{;HxX(#a46`@MBZmaO-Qpo*l`o7h}s3;60JTA1KIPPNL9KD>J9G1L@uy9TAP^eqJql z3lYV9%(ES859q%rH;A5SnsFh1>GrwUV>cUpHZApb2*by}0Hp1c_s8EEk_KcnwDIOxe*Dq8aA7_pzQ8lD=-QMedBe ztZv26jd(r^FSV&93AaH~)5pc3He$j#$8%n)H zGACa0F8k+Ar>020^H#S6@158EKm~4RTz$>BSuG+b7?|WMy?A?OplvxYsS$8Wdv7?U z=z9OfN#`6l48@f=UdGU5+^dIpX!5x=6lB(}HlJHUb2x4ao#6JaOn2cBLXr+8W+e$u zm}(4Y(!niB^Q7UHD)OhNNRo}h)3bR3K?YvJ+d(|YLU5pE(BOs9$Ea=`1zV> z^(7xQPFTgRY9sGrufBqH^#i0!m3rB((FO8@`P(9Lig{we;w?@y&x&##5WQPHQs=l9 z%7FVCVUTlPqnE#Tf)Yvpqa<_{4Gsie0 zrKN0RUVqoCT?a{Mp2MT<=!nd2`1YqrDWUxQ^5;9~%K2{Opi5#R3dg>)iuudcgWxe^ zJFpX;;@gtTU)wI%>RYTj_#SHZ^d{%aLq<;M8mY z%u6o6v%Kj{?u88CDC^Y%6bI8_(m2z}$)D3V^-7#i8Q}!SVP@bUXULtwh(=Jg+7_OO zMi30i^8gX_<-t6;1$h2g517UzeDchvc`CmltJ>SXWK^Lsjf$b{{A$^z$R=9R;Gi#m zqE61BdbA|7u-vtotY}XU9?u)LscgfRd_C7ipN%)K`==w^h!+Ng`xb~_(5 z-N03g`*yNCg67W*0rE&bOfXiGQNOigLIS&KPrSCPFC#HjWFy|o6wApLL;SyP2`lMhL4tkC~ zl;Nq)@+IoJ3c#juo$Tv^s>5N>ofJ9PA)x%7r2-E-rV#9X%_{GDMZwDDI2!v3L~4MO zp(0vDjWT^9Q=QSBlct;8;iv;@SE%>#lh8b=+pyN0ev*2<)_$XzezTR>AkwQIc|N$> z0@$pS`vXS}Aa>=f`>@{0EbQ_ugAfyZGw@xPS=7{*!lB+#nnz(A0(B~QRTPx+;jpux0K5f6mkR43&)Y=2;1S(53 zq))u6s;t3YgFh;#&c@rHY$}EZFFy_QwZ($>5LaKWfB&=;;CC0n#|)xeS4KlyKAG!x zT7o?ect$V-gwg6nuO`-<^XRBU2a4MuKhXUQp*B^_esv>uu-4c)AvY*f64{)C+*^p$O#Sbl>Uu9{)-Cs8SK9mUy#M3KaDthmg=HhWn1zQZlzn+~^KkT`;vi z)$5a0P}HB-FFyKaARk>|{4tB(G zmQBHg=LVv8{h}^*N7B5~$T4Ofn5YmEn;TUzr(bl+-R=N0znS%mYULXjd&B*W^H~9% z@Gte>+dA0&_s=vvvSMtf5V{-T25b6XK3S2`cYcgZIB~OFSsgtq48XSu(bwr|NPTsZ2n{>U@#>o`lC-Gd5z^)h#U8YQbTGNqIOs?9{L(|K?g{+?J$ z;z69AA4pKZEu-}8%XqLHzA}5H=#3pa-DT>mEV*-MrJ$MRC9I+X%Wm|lA~%HuT7((W zOT`S5Turu^QgERW@1O-SLBe>*1aDPWr7X&xb*4JkM%R^Ah!f^)x^j2;3ku>7J-%71 zWglUG`&%%lanzO(;4}OJUeNPH)OgK}MEjz!YlP(ur4rnTvp8JSh=4r{M1fytfQlQ- zR4C{ubcJj?x2Y1nV&5^1fHD|8u_=D9H>kOW^J12x_-4rDrLI1mGiO{h)w*1&lXQIQPh3`nku(ZYf)qFf zC?+BGs5qtOQwg!&xRSJt&f2MD)M^!Xed-Z3KOg6L^KZ{#1lIIOrVYdyUU<`@FY}eh z8v3lBIWU59QjW-G?L5-tGc*rGQR4_-J# z6cEuESC0X)ZIM=j+-Y4wq?P~r&@O&rV-X5UT;=<8l*>+w_}8x-Ak&{xwtfD~^ts3O zr-yt^RT@>Wxn*0Jt)1q#HF!REW50$XtaoA$h$XEl+%@wKA^R{Myh$i-?WJwg6VawN zIY3O>JVZcfw?4(}Wy0Ki)>U+A&yx=dYGrS%&MoGH)TyIvqh=C)2(Z;9XDmXZ_2zw1 zW9HK(_d`2YD=I361|@GUXSyP2r~0k2sZ+4iUEY<=H$#kn{UW#3^9{8%%#9aB=SPIj-mFzhQZD((WiI4~+n{Ak>XlNAPZ zBwOZ}L;SZO6!r9~o-x!_D=I2$x>@zxcnMSz#`3LRNo~fVq!~P)yR1b7>&=BtT#Gv~ z2R)y6@{u+NM~Z-Y>t0}~<@7&Zf&Z?{2~jM2a)K(G2#k0E@6mF4R$yNSXRDXVow?X@ z%ZgZ&_Qz$T4T^>HR`iHkh}q~pd%LAMndve-4zlukyS*RdrWW6)o|uk`%dLYzias_- znr*DtN<6M+{vbCGk8|lOat|e!>76;O%h?`rC#Za7zJx@7ex47i-Gck69R5I5h(Z*m zX$BD0ovhTn1fiz39bJ5(-aKWTlXwTz0SLMP~93< z$&JW;CHg`9wdYz#=>3BPk8dB|K6@1V_{$1?(S_;3-IF|VSnv2O1HiypPCNR3=omeY zH&qdnMD@SVzc1KAKGbikLoEN4Y4MkVtsd`w_nYY{4nW1p2X@;MxL?qIu@3HqZ@V)P z`>NB%D zJs=~Nz_ot-srbX>ua5gFIM*YXoYOSO+VT%jOhOM&y z+YCayz9)yJyDHZPQqjq5o#k>x?$bbAxPWOFPNZmg>brt9HajfzG-)cg2fMVMNYCVj z=3SrPxC%hjIirqgJmTO~i0g|GgzzxkdN<@!Z2Ulro61GO5Ubhz1I;#z&R3v0ix3z3l_5BL?DVG`AKDpSbFZeo<5bc<7%gnsbX=@_OtJ^e3q6RrLA1c3vHo$D^k`kiMYRMB(d zl(VT1jur*WWcw_@pwBogZPu{fEmb3dfcW7*+8ia@NTC7}CJ#_gccE=9y@C9Vn88C# zg`&=09}Ux!rW8K)hY^5AewfczULuVD`+N+sgB}O8O$G3y*LvmKLM z=N_qURL;EK>~J_UfC~?|UQwgx9zldz%c&>VpyIyg`R9>?D?8tH)i#Hx>8LwL?ebLg ziGGTk-O{Z5K1Pe5DYLHWSJTjr@!fikMiZ{?qTlQWdGa|cWMjqbS5nOvI7e0Svu(|1 zw335S>~?x%@QCWXkCP)yij_D#+=Pu5>Y1>glyz6~Zgf zM2T%RxLH*RW_1aFD+Q)%l=Ty81=$I?P+ZVSI?wQLOLl6ue>uM#ZYP~@dbXc6{A~Lt zR>*$-t1oVc;tNaV?}@O~%ow1J&+E8VL*}0kZK=X_G9_9d32SmnNrE<7F6js5&2LX1 z+XSjzXH4xcr%GyRYwQBH>lLc`VHoSAp^js;`tkI}3__xC|r0z_X;c`~lSa-FvqM5(RYRiiYU4 zabh=1a?NN1Q_pw6=g0aX!WuI*peO*NqskD17vc_FlAUPtn{O8}t_?l-1+i@2SaQe! zc@Xh;b;?d6xU_x?E&n{C<=vZkQdHVp9_|rc1d?{C%6%d=UvzgL&Q>JD?84%5HPN^= z=IwOs65DK2^!HP*snBV+*um63J6ks>qe{eXqFt6I2v zFNL(EqLa&~kAv}(=~Vxi$Z7e2vN- zFO>57E8hEZdWJRq^YO&j$5&)VeZ@p-^6~b6-`eD5fGKI6bpYZfLGkMkSahw(sC3qR z3D2(Op`7e2Ea9&PxTYP54fSrShU&`C&C9*5X}Aoqs(L$6DxC3NHT>&67R^>JgCfVa z&wILBoSlbjADr4Vj9cM~n*=^{I8)wp5Y1($%h8kYdIL?E!Ns=@^mLIvnr-)l=}+fW z6pB*UJjEFl7oU8z(q3~$Amr^Hc^}Kch>l7;^|*1$|QQyIp^sov&{+`t-cQMm{s@e&Z|2f3Eel(`sW*RFhM>)myt0wY|$V z_f+=XXxFoY`M9ch)T&EVXH5g(-TPGRN$73PEYECTTW~1`l}P5|S3-a|#MLrz^ol^* zrlT5(_GVHWlQGmIIT}x^WJ+nzyWVG)8G) z)3Tm_)VBp#3{-o$KEb7zEg@!SWk~rd8W)@+KFZY$9C+Ln2OL6?DCgT?#tNz<^Eg$Yao#dVykk^X|;c3#peMnYEllw#;mdrWyI75OK4}%|5-c zhwD|yVe`_NB30Hc{Hwsg$P-vqEPO_tgsAW4T@w0WFO05m=_BGaoB#Sg&A(`NvaPv!4+>)%$)*r|knn)@fn(3hl70W8xu%QS{ zx3B7@I&lW#KoLRu3k3+h!we+s;b7DlxIXtPD`Z9rhL$Z=g*mnvPzL?kx$x5rS2-&| z|2l>#*d3ncMaQwODV(XRlv8$QfG8FaDL?cQ4o4AjGOb$b5C`mSYzga$6`80w>+iuL|6~(5UAaj+KWV%_~$N*zFf6 z4K)@e2~z$(Aw-YvmA=`Xg*<_w>nWDRvOv3Yc6LN5pD2)3v8R!1(c)O=;oY3+junj! zBSSzjOHNeyJ8&c&yPD;{EZ)SnaQUo)>_dCH%kdmlV)qi~=lOk$+WM3=G&oC`nJkU9 z9)Ett*EGW=B=;_WC@xh|SQ`CAK$M?K^?dWYQqF+TvMcA3^NpE5T_d{NtnZuzl2CD} zpQwPeiK$n)*=~`#P!yVB!~nWGr3WS6DebMV(lCR=3SU8k6eb0bKaf#>{LpodRS=MiYcsjZT5Bw(FhSo$t-kUrzEtG@Fa0jp6oQ{=*` zSoL+%xH1An>Po&;%pn}`+qMskXJSl36vlOh4M(H+K@Q>c6h)`onZf-Hn(=NnCahi- zhu_IJ8PmK(@m_Cp&J=I=Fp?Ifc@~*C=0Gw;*Lotww)Y}XKt#OHavH@)$1z7I@3+yhOjg}&Jo|@-OI@gl)or;-_CRUyA z2=9ajLr)Ur${Tb{_#k%$sMfI{1A($%T-9+u-X{`eM=_$BX)b@|e$#+ivU)8Z-6qnz zsl+o-+?V4OCGJGawMKpUpI*M6?J)T+-4YEld*P=Ak=F3>bIwDrkB+>kjALI4$NyOX zt+}Qr^`bNfN;LWyj=KspPTG|e=@Fi_snLkYVJbG#nDDMf4#M9ef}9~mSnMfVFkh)Fd43K(bNPP8-+lOK}8Y<5D1m zGA%;#yjynZdA$$3Aq6yOMwNYzCftuV#J5up1|NS4gf_6PPNe~<+o)(=c9`R~Y9Uz> z13E{@a(#I(uB4`5O)nsd>zkGUyhy;AWKI*!CGwF=^X0cYj7z5RLVKIaKr*$gq|E!X zE;D>LyNumqsrkXnt@v}ZYE+4n1m`#49KX2J2>huIW@Ux<_!^8L4lA>66O=iTrM@|( zj|&G|A90^@T+%2$uW5TtO;FU&&#(`aG@;v{OzE@1dv=-p>Rmh<7hG5o@rCR6jJ7?R zkT1n2GQ4g?PexDoq@}-V)Oa`Qo;FG%>&#FR+#|!Y#e>4GYjEx$sp=N~kwTD;z*|bZ zjsFt#-*f{8keB_=4mpAY=TW*&7laBso!Pfu=%_W!aU}3jnly0XsLCxKwgBstuSUKd zb{jPcb=);@&qr$Pz2#LLIRW*sTy3{&Dd|0s+0`oq!bJfk9Vp0G8D=XGov>v}9&6rG z-$#^rgQ;wBK=V!BmiO}G7X>&Ro=4#DiNoz1V>5{EW*R_#c5fS~b||b#U%kVV z6r@GT=o(Rb+H74@rMyZSzj5d8(eGD|LnMHAkC%(_BZieEzM%T+%_^8*seY(bgL(b9 z!8C5`;z|R%UOR|WqI`>VsHmEBF#e}5{#oY8Nnc1w!eNGs`OojNw-qJqeRO3|MByMS zJyImq`QsMgo+CFV=TmkpnjP9*tKrwrtJgX^t&YO?IT~AMq8gS7Sd8K9sbkMbVuus@T$ zn({c=TR%%tJW>_|HZ2gTc~ytRY-Y$8`9x>)J1%Q=MsVK*dNuYC>AUti`DF9tkHTe5 za9M)L*iV9fM2J5vtXJdhWX`0FXAvsoM5BasgJ3grRi@Q!7wPIFTHunaFe#Wrsct#1 z_T~JZ-7f1kWS7+%I*=8QJZ%@y={shLL9G&Z>*WG=M1xIPjoApIVO1WsY?nfHT4mTG z(0*U{j5BUxApB5TyDK^;yp$`voqc;ws+@& zDR>Xbd9G8HyZk60L=oadXO#)+%=~gS@TaLd|OW_HeDGt=Oi7iGS%F&KU-6-J;jk}VTVH_ z57ZN~p6>x3TiNe)v8S1qZcE0zb*cg|#&KBn3n2JjElEkv?Zwe)>hVO_VMl6)z2Y1BhLIm}4W6s(8Vf|07ffR|X!V1-iUL4K z{jbLM8z#4rehFKN%mKtjE4I|RfiZWX)=6$1A46RCO>O?bSJ`;JOgA#zElna2CZ3j z*JlCrDhnAy{bL@z2##%`jD2CEN#9Q)7^H3*!3*n)2PeN5#pfz2JSRRKSOs?*)c&qN zIbcgit=buU>Cb#Vo-}b$AvnjOYfxYr+V|eR{EZ&<@#@t!tu^Dr%AeP%uSIK#C4dor zT|DCis%nCA^WQHh|99(c(o&so99_oYtRzbRLC6mwi6X!zf&49y#?t#&AT6k3g7Uuy z#C;aXnB5Bc*_S%!neHnj`{&9GeQ**OPWibmky5ahkaB%n1pf6$U^e&p`7{?|Hw^>c zBQBa&D};$2ofmUo{oj2^3oUl(POf$Q$~``kzLF?TwBvR?LNYzX^PPof`={I54M&xt zZ&a^=-P!j9sglI&l;B>KzR(88rDw7EJV;|?2&l6Cd5ra2Xfavi$R&4RB39{!uIVt6 z^e$&qK7IlqEG?<`EAmDV(vwD*wp@R2v+{bZYXZ^CRri9+Kky16^d?B0H)W zjJ$4<9j^?Z#kFn|qfPF!C<=2ZgsFX5CTr=3^k%lXLJzFWlx~qHQdq9H5L9s38SuoL zmKT@~1*`N9I?L|oe-2j8z9F1~%O#nj-yGk+^EG>-Jme+DU$}}C09V2K!Dd5#3s<>g zh>_x0@QQY)rmf|VojvmPYZ*~1HBPLAL>iEbQGJ27O9jK<*rA=rV==D9 zHbg-=P-6m5dBRECbn#g}F0Y>$L5t>jt8Ek3ZjIdxYB%0pJ!A6kh&HzXnK?-tdSJvi z1VGmBbyMmTQ{@>oom)p3{3b=%VOf7r(_Dff*8g71`v)dtPt(%HyKm$gn6h5`7O3OT~`NS{E`H$^SdW1zkR;nvNK+&YJ_8B=HujawEI{qWZ-WP zZ*C!sn|ryAz=knD{rW{FDBwU@SO@+!wZ>+;V#Kcb%GHEmrVEL!xL7r&Y>g{=M!zGg z8QkE~_35D~*6drsh}#tytN2GSFUMOCJET}o*f@|c5~*>X8B7rB`jV3i7d_AwyFqLg3-qC zErfk6PYGsXi%XgDjT(CmpI3E0tos{Ddw;uvlgMv*3`SoGAS0SgEE>Q);mm2X3Ri!8 z3ppacBM2ZETlW}Ik-)whheNd*e@pH5z$} zJlbPbBs{|VvfTf|x;{&h5dfI7CvE1?+X-Q?Zar7k#yz9K8}d#GXNi9Dh(o-MA&m?W zu>_|j#Vdrx8(uqX;2R4bncsdFz+bLtdkJub@OfwnfbINv2ebbT{Jn+%!-t=`L}}dZ zCjN!Fl58&aZvb+dDMG}J6I|H`67|xt2N6xTOL!vr;uVR?N`r(hmeiU*p zB#E4FWHZV&8w4iydSVC@?kf#M(cfWLyj>01E!-F@^$i8UJ8fVLlJRZ(96@74ANJL! z{ScRs>=QBm(e@$=SXvZ@=F#?#I+yL{?B=0BK4$PndO%{~i?cza|HxxcU_X7lcuEX= z4ag`HmV49|T|eaNA-k5*=PQ1^>4mm>{%T(7dxX%T7waia@$vD8scdKV`&Qoz6B2dl z2-p5$N?+Z6ufa!G&WT&eWyJIzcX^tEe8>A^?|r~&R##Wo(YwKvT7K`OubtC(awO3g z)aNy#qmuXD-DUK<7K7<`-NGFKOlSzu%dcaKTg`h98*4qyYwu-3t2-W&;Z9+zG_IC0 z-iivZs(1x^Z^edo&%R&gBI%N%rF~A?LX*#hP`cM%?Lag%DeNzH^3$E+%rLcg8c<-P z?eDdS3hu6EH&c5Ve6~GE7qp#qUnAshP`yt={6pab#(9MS0QKOfV%KOsw^^f4Z)HgUJlWVu|caD(>VfCb*n2j$P zLmeJlf!DCm-B-dIZ+p1a=M>FuwUQK@2&4+@uT1e^dfvcLjOn{nQutNpASeT`^-}D z@KzwCup|H!{2DfdQvUYF_g;(5gl|F#5Zyl2$n_T1JpA(`YDv3sOU{RLOc2wf!S0FU z4fnbEBb5C2#)SBD0`puHnk(qxtw8wWNZ+dNXY~;g095fKA12ZKP{{TF)83cAL;1e% z$H=}6vW3iygp_@!7{-vKq%2uOB>U2!vSch1gJH;?3dyT1gJ`ld7)*%D*q51j%a&0X z>v!~eAKyRWb9{dI9LIe;$ILI!9QS#j=XKrBeLdGX*2>}QG7__PpS#^-RKugS1{}>_ z>9t59&h5^PVmgN-aqI^{I-aG%nXfOs|8E@MVaP+MNXLgEb+@Mv*0 zuP9+z^sB+x(9kcgCyfv6+l8uQnpkGPo=M}@Lehz$-9qGPl!@_~P8-j+|F!jSJMPl7 z(9L_mSVb7NZOp4^N@%9y6I1H9+e6iyQH(cc)xgnh#W7sP=L(2q5ya{wKyIbA2Ef$?Uw>_VvJZQV?3C2JmWS!<{aElWPt4yN({?o_0I(q=1~tP z;J~1*_Yo^HGN?|}5vWb4VkZzw!#|7)bj6X(Zw)?Lcllj>j7kd``iP)SEyN>gs?>SuQo1KiFUoN$q*^scs z-(p2~^-gkG>RXuh<$*(vGp?b;G3kw!tW6o{k@-c{JT1iI);r2G?6caLPo!owdC4Tp zSX5P29W7g5zx3fe!u7(bZt2Lxm@nb{9+!rQyrG+*=r%XOK~U^(gWTGG6?%fh<5(C9 z!tlR(t>Y+>;y6`iUcec|a4`|u`Vmw=3W|<5-cXfD;=?J`+P~s0hNqlgAFExoeOdP8 zl)dL`UKRN|rqr(^Ipz7Os}j0a=Ts+;dv=)wsu|7`eFFSyf8nj;Af87!H6pTlnC>kw z>?OV@bZbw?x#u=N;@PX319Swm&#~{*X1xj@+B_z8^O!cK88@bNBD8-i7r=9~CgMJp z;R;(2tK+r{1BDZD?*Hx{nFInYVtBLMJ@o&z3%LqvhVA4I{SwDeX5&`!U-?NEV8ZxY zMK`X_x?b$I_%3iE(CVKa7L6u=#tDUuUiZf}FXMdquB~U^&F8#dORBkOvfGM_T%e>G zMA26pX8b3!`i}n9s9D=327}keHY|>3hSF!!Rye43MUsA@LS$+$&DYiKtQt0vb}l@< zC2cSK(GF?)pPLRk&h@@y+5Qru`v2I*kJU~K2?<5scyobcM*QI)Xl_mPiF!8o3E>Q} z)9LGeus%w1mD}yki0cLizq?5m`v2+%^wfx>ZpZ3Eo#BhWLF_EhiP^m;b@kTm+YedP zGjm_Q3cR22rttk&tty&#>XSc2mt=kUb{tMA4QK3yoV-yMd#wW zNMjKFJh>l#7llFlm@0;d=t*9AZ$eS7rV&xN=gS zr@%HXgc{VLp&h+V%3g72^)+Gm>#z-8+Me_*`=M%Z%t^*zG@J5f*`BrM{rla}nYpYG zaYrHUd-zPbhQ#adj4W8Oad=zkjJ)s3o^oE4LD<3on&M!$#G`}@i93?v%^Ug3{l`xNOo=RnUZkmw<+a`L;9t~nA;%HKL41b4 zpNL(uXk@-O#gqQ&dQ1}+PP`J@t+(olNUstcpv!nbV3mX1(?C(Q+vOUoTNi1LED^)- zX``B7kF437XA2y-O$!IY0(TolFM2Z`f{+qRaU?Z(BK z%$cKHUTJVT^QAu`jJf|xjnTekqj}#_YR>7K{nhzD=Mys^( z=6~%7QSVHDuIjK~^JiXI#wOU!MM-#YmMFkF#4z;oOVNi8Np2}mzX(VF<66!H0gX0! z10xD1uQzgH`h1hPmz_{MpOa_jD`S>PNt|J-m*j$d8o$DdI}OzM`;+%hOd8 zvffgT27=Cl~NX5_s&sOQQYc3!L-W03e0H~|DC&wjlkTe zKY7xbcHu-H%nX#uoO#hKH`~Yq?xsVP!X$zaNPXs=8H_Y&UZROBeQA3e%>A7u57Xr< zC`Ad^gt0!~Gop6TjfuB`(sn8aC&f}sbwu2c5ER1itzh3Y^L2yN3hf&JaO6l(@FcrE z_OhntCmhyNtzjZF^U;N`sn>|0gFD18z@X_8OL{s+3Z5&2-6d3>gQACo^|p;|j1EUp z)bE1Kx%G1KHpYbMlA^Qd$q!=(t)ulj^5!jaPLDL|=Lz}9+mT+NO|4 zC4mfXxB&y8RJK_?OgpgneGpm8NMVK8wrh`~Mzhf%RJfVAnP=e5`T_+5n{7ja-J+pC z64f&}`+`xv$Y`&;8y(;lja(w5vbXd4KyVDSHvKu?2~~$!LVM-WuHbpzxKoNIfci-~X!s1?&WmedlXvhrQxIZYwyf`u`I@=-Dsj?THW%1!q&h;itBmB17sMQD z?ey`a`_75MPDi{@zgImnYUzg?TK+6&?NBsu|J^HN>G_G$5$dIav#?>C63R#Uf*8rh zjGip?<=lL$(n6fsWry_nl}s?b0R8S0q*a?T2%U~62F$yFf(uon)NqY@WWUZe!H*-c zZQ%q_1Vqd6yjn1+14mGbbj_OK>3UQxAjR_>!W!y3ai6k87LgP-Bz#v))aO>oAznlD?x~r9 zkaW|wO5=y8)KyMpT9RFLHRorH3nG9Q3YEf6ri8lhCCIOBleJ=}ptaPnJN1Q9rp1zz z<~{dg0-Af^ywiDZD84Yf=N~HG~DlWkH9aqHXm{!c1$VQdbCpo(DV-n|OSNF=xFVL;%Qbb80JqV*q zh~iBk@=fmni=D^%3>U1}jptZci`msCTxRWH{wEHlJQN89m-%}H3VweObhz;Qk#uX- zGI)5w4~S2`2rW>kJyZ6^EvzE^0b%BOD& z#;%OEcW0&APP8Vor$a{Tw+AT4BDf)m;w`bp+v7gC(-`F)wo)mHuN3nhEg7*??rM&Y z6x$Y$Kv(GJJzy!L|7aS(92uf%q=^cYR%Hcw%BR34#XV#?Q8hKCE(|C|1Q`g!rSB;q zUpUSqfK5t$>S1}@ab89wq-*)!HjqOaj9~k0*^i)6avpFW)m{UQJSQQt@Jb@Q9Hvl` zxBE?8<6*v!d84Z2k%n(HTP}|ZD`&=UQ7`Sno?&Y)noWx1}1(glY1$Tv=&|)xN7J;zillVK9P>;y=13Eih5K z6dn{Bd{QB?@5-JtR0gi+Pl(zMEuHDw5&`1+E0;cQkxxfxl~O)#Bp5EZcFh*xv&5sj z1Jb{)lvEXxUyF>2Z$7*(5iAz!myq-DlTeR9=*VBULIqQ)+Qo@T@0bg#zW46KY z=9;WefX7&zDAE;QEo$i8({dtvNU(;}twhYg&Bb_f9fV+IAb*H0zs#G;)Y*ygzB>4F z#nDY)@bM{{=z&rgfi!0$A?lrrbP)^fkB6;o8SsoTsn8DD_XJ4MZ-Z?KACU^)!69wL zRx1cF_~8Bln>XCqd&J&5{SkU68#g$V5#y-N1D|j>SLWscx=&5#s^I1$e zw!pF`VgU-7^$FArSbX)Ibch%pwe&o8NhqGwBZx^*TO&VgD1G+0*vXc0;sKkGisLSQ%O8hC)xHjHP% zJ0Hk983O8CW1lERKDqJ8XPVp_Ku#&x4kPx3GTm%(#9CTP@m&r0oUarJx*V%*qw1+} z1*7HV1Fd|=CZ0UlL;Rna5&uDd5onxCNdKxT;jqZ#?l zy`UG`vh(lJNOdS0uH!l&?e|O$Wt49k~6d%0&f=SpOzjy`{k}26@rT61E(1= zO7O@@PL&SpZr+9$g1`E$2EW}Xqlh(9&dX{&EvN@)E23vi3@f3{pdv$m^W@3>bn&l8 ze8X%IsDH*Jc6?&f#ck04!FA7g+R5C=?Bx{x@2;l4ADJPoR)ydNSJ@+53)v>$@$9MS zywuW_GjH6-gbKTI&wDd~3@(N(yo5!)RYgWrk6o1B@Db|?-Z3Ut4R6>WJZolNLMPi3Qn77foz;C*UG)2`SvoHwI6%%Y!gL83eTz{6gA#?;Ediv)ic zX`l1t4<^#l3*WsXgLzIRns>Z(%K!R)k$Gi3rcSM^zxaKXq3Avs1H*MVMhTW&r|MF& zic??TVUeYX;it95Y$a3nDd5*VqhP#0vyL|)=`PWD_I3%wr{GAwzV*s_K*v@ZFgFI1 zPZWT!jIaEOegpXCS@rcfTZP(ds$GFR2M?yAy!q16SnrX1O`1hfaN7%O>&M0xJvUqa zbB~wSU`+!VoG9h|l#M=PRDJ%8xPdU0QU6?jE&< z$Sge5a{2lr(VX>5nGxyULsD?deoE7c^yEzL%yY(Q5Fq2poRXPD`T%IL_a)VdI0dAC zNe@(@_LN^b%ubFW2_#)Zbt)kBg93R>nH$RoAr{$^ELx=X&Is9(f$7Z|z+;59)X%Jz zY!IN(D0XUV3S~}BtoHh(N{8-VghiPVQqjL69+@60qCxdh^04r!09f!c7ZcqH!?ftM zG~A_<-hyrQZjAIh+-s=m3e~XJvRr=5TdHn^eu_DDJ}g0I%>{_Z`o-Ck)5BShIM^2h zpiRMFYd?^C!@Ji$nnx*IParpQP)m5mLR}}%Ft6Vo4Sd^@7KuNTTX=eNhGx1nQeWCo zvvhYndnQHNqGt@jXHxRJ*6RC}Hx}Q>*Yi^EjanX#rmyQQZFaluZT@cYZMi${l5}ux z1h?|tOQQePSP%RDHTZ^TX*=X~0e5(CuT=WEIXP6&!2T`LizAj7>07m-b)m8RvJzB#URC#DDW=M3TD@x~Hj;Ibg;ejM zJn(@59>ao$01wXcCLGD%rcEp9^~JZFX$5q#dITy#JvGtlI5ugN^e3}__RKj*5HnGT$ukDD34wNSpKF7_YMNPqKbAKL=SVu?-;HLt+o zmgGP;#XYR9hcIEqPO%4P)!=I)o6y0*4d-XIrC;pjRz1OQN+3!jAgxN4yQjyj+xvuN zu-T*ei&ihb_|qlV<%B>M38EV{Sxmgh2A20LKh1A>tsxzTzq#B?a!EP33dVOs@V;GF z#1K8VD~3{)uK6{J?Cn8Wp=VUP43Zcij8`vn9~LFIZI~$^+4%P0COw*XYDC@Yi;LzN zo9Au~V|1O=U6&Oz|DU2kHO;Jyh@_iG>B`j=X9PsJb>7`F%S}G0STK+3&v1dgn};dD zpd9qhx|>T!E>POv^StN!(fMmj9q>a-#Rb-vD?JKcHE84%fypfw$b;x#lvoUR6i(b&ihhQlr!w%VkAy<0d?!t zL`ns7!q(RMH$2UlgCFeL%~R($*-+%_pf$&p?Re2S*A-E3E;RAC&B_83D&l4H=^j2~ zRwL0GL1i@!a-WUjM+MOE;&8(%IJcc=)8PinYH(HTE?6o__0{* zR*EsxRSQ}wGl*W$N6r&$z4a}BQ zrKoO>y{4)h`CU-9G!H2JzI~~{t8UEkIk}QwDQ$!}o80ceY{Q$C@RRf5*ASgsZnB6T zHOubXBCi}b+or3*?mjKY@|n&^^Ym^oyod~`T%90}^p~{kr+W4)XvL#~> zTlnz8ZZW$&TQYS|$&%`2mTl39{^$F_OtZ6gW^r1fCL=$B8qe_FehWLSGW?{iKS)$G zNCkk6(d_<_va>>)fT7_kD3za035nf$XxgQ!@K~-S@&&vOo=0A4iJ&Q$@31h^p-6=S zBGS1|$N%1`POI$>IzqQHI9L$net!ME^WlQ5k;ej2RJ`9tV)6me2{`A+I~53W_vz$# zo-fO1)B;fH!>H7-)FOW~rv@bC6iNjR>@s#7>a9W3-sD_>%8Z0#qPy5;aw=R~NDnT4 z^Z@4R8-e}80$Xc41VU~kgAJs|e#9 z5(CzjRT{;$pO-%7~w*(gws*;4Xs z868miKEM0yWWg;$h~}$GEa Date: Wed, 9 Dec 2020 16:13:55 -0500 Subject: [PATCH 09/20] [Website] Update alert banner (#9361) * Update alert banner * Update expiration date for banner --- website/data/alert-banner.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/website/data/alert-banner.js b/website/data/alert-banner.js index 82ae853440..99686cef8c 100644 --- a/website/data/alert-banner.js +++ b/website/data/alert-banner.js @@ -2,11 +2,12 @@ export const ALERT_BANNER_ACTIVE = true // https://github.com/hashicorp/web-components/tree/master/packages/alert-banner export default { - tag: 'Announcing', - url: 'https://www.hashicorp.com/blog/announcing-general-availability-of-hashicorp-consul-1-9', - text: 'HashiCorp Consul 1.9 is now Generally Available (GA) .', - linkText: 'Learn more', + tag: 'Webinar', + url: + 'https://www.hashicorp.com/events/webinars/an-introduction-to-federation-on-hcs', + text: 'An Introduction to Federation on HCS', + linkText: 'Register Now', // Set the `expirationDate prop with a datetime string (e.g. `2020-01-31T12:00:00-07:00`) // if you'd like the component to stop showing at or after a certain date - expirationDate: null, + expirationDate: '2020-12-17T12:00:00-05:00', } From 4dae9b72243ca077e506becb04e78ff48b9dd628 Mon Sep 17 00:00:00 2001 From: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> Date: Wed, 9 Dec 2020 15:03:44 -0800 Subject: [PATCH 10/20] Filter API Docs (#9202) * reorganize for clarity and update for value syntax * fix quotes around value * Apply suggestions from code review Co-authored-by: Blake Covarrubias * Apply suggestions from code review Co-authored-by: Freddy Co-authored-by: Blake Covarrubias Co-authored-by: Freddy --- website/pages/api-docs/features/filtering.mdx | 130 +++++++++--------- 1 file changed, 67 insertions(+), 63 deletions(-) diff --git a/website/pages/api-docs/features/filtering.mdx b/website/pages/api-docs/features/filtering.mdx index 96344b7bf9..6b189b596a 100644 --- a/website/pages/api-docs/features/filtering.mdx +++ b/website/pages/api-docs/features/filtering.mdx @@ -9,23 +9,80 @@ description: |- # Filtering -A filter expression is used to refine a data query for some API listing endpoints as notated in the individual API documentation. -Filtering will be executed on the Consul server before data is returned, reducing the network load. To pass a -filter expression to Consul, with a data query, use the `filter` parameter. +Filter expressions refine data queries for some API listing endpoints, as notated in the individual API documentation. + +To create a filter expression, you will write one or more expressions. Each expression has a matching operators composed with selectors and values. ```shell -curl -G --data-urlencode 'filter=' +curl --get --data-urlencode 'filter=""' ``` -To create a filter expression, you will write one or more expressions using matching operators, selectors, and values. +Filtering is executed on the Consul server, before data is returned, reducing the network load. To pass a +filter expression to Consul, use the `filter` query parameter when sending requests to HTTP API endpoints that support it. -## Expression Syntax +## Creating Expressions -Expressions are written in plain text format. Boolean logic and parenthesization are +A single expression is a matching operator with a selector and value. They are written in plain text format, boolean logic and parenthesization are supported. In general whitespace is ignored, except within literal strings. -### Expressions +### Matching Operators + +All matching operators use a selector or value to choose what data should be +matched. Each endpoint that supports filtering accepts a potentially +different list of selectors and is detailed in the API documentation for +those endpoints. + +```text +// Equality & Inequality checks + == "" + != "" + +// Emptiness checks + is empty + is not empty + +// Contains checks or Substring Matching +"" in +"" not in + contains "" + not contains "" + +// Regular Expression Matching + matches "" + not matches "" +``` + +### Selectors + +Selectors are used by matching operators to create an expression. They are +defined by a `.` separated list of names. Each name must start with +a an ASCII letter and can contain ASCII letters, numbers, and underscores. When +part of the selector references a map value it may be expressed using the form +`[""]` instead of `.`. This allows the possibility +of using map keys that are not valid selectors in and of themselves. + +```text +// selects the foo key within the ServiceMeta mapping for the +// /catalog/service/:service endpoint +ServiceMeta.foo + +// Also selects the foo key for the same endpoint +ServiceMeta["foo"] +``` + +### Values + +Values are used by matching operators to create an expression. Values can be any valid selector, a number, or a string. It is best practice to quote values. + +Numbers can be base 10 integers or floating point numbers. + +When quoting strings, +they may either be enclosed in double quotes or backticks. When enclosed in +backticks they are treated as raw strings and escape sequences such as `\n` +will not be expanded. + +## Connecting Expressions There are several methods for connecting expressions, including @@ -61,59 +118,6 @@ example, the following two expressions would be equivalent. ( and (not )) or ``` -### Matching Operators - -Matching operators are used to create an expression. All matching operators use a selector or value to choose what data should be -matched. Each endpoint that supports filtering accepts a potentially -different list of selectors and is detailed in the API documentation for -those endpoints. - -```text -// Equality & Inequality checks - == - != - -// Emptiness checks - is empty - is not empty - -// Contains checks or Substring Matching - in - not in - contains - not contains - -// Regular Expression Matching - matches - not matches -``` - -### Selectors - -Selectors are used by matching operators to create an expression. They are -defined by a `.` separated list of names. Each name must start with -a an ASCII letter and can contain ASCII letters, numbers, and underscores. When -part of the selector references a map value it may be expressed using the form -`[""]` instead of `.`. This allows the possibility -of using map keys that are not valid selectors in and of themselves. - -```text -// selects the foo key within the ServiceMeta mapping for the -// /catalog/service/:service endpoint -ServiceMeta.foo - -// Also selects the foo key for the same endpoint -ServiceMeta["foo"] -``` - -### Values - -Values are used by matching operators to create an expression. Values can be any valid selector, a number, or a quoted string. For numbers any -base 10 integers and floating point numbers are possible. For quoted strings, -they may either be enclosed in double quotes or backticks. When enclosed in -backticks they are treated as raw strings and escape sequences such as `\n` -will not be expanded. - ## Filter Utilization Generally, only the main object is filtered. When filtering for @@ -195,7 +199,7 @@ curl -X GET localhost:8500/v1/agent/services **Command - Filtered** ```shell -curl -G localhost:8500/v1/agent/services --data-urlencode 'filter=Meta.env == qa' +curl --get localhost:8500/v1/agent/services --data-urlencode 'filter=Meta.env == "qa"' ``` **Response - Filtered** @@ -326,7 +330,7 @@ curl -X GET localhost:8500/v1/catalog/service/api-internal **Command - Filtered** ```shell -curl -G localhost:8500/v1/catalog/service/api-internal --data-urlencode 'filter=NodeMeta.os == linux' +curl --get localhost:8500/v1/catalog/service/api-internal --data-urlencode 'filter=NodeMeta.os == "linux"' ``` **Response - Filtered** From 8dbfc2b39ac6521973a29c64c1a304827b68d96a Mon Sep 17 00:00:00 2001 From: Maksym Date: Fri, 11 Dec 2020 14:23:05 +0200 Subject: [PATCH 11/20] fix 'agent/check/pass/my-check-id' curl example in documentation (#9372) --- website/pages/api-docs/agent/check.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/website/pages/api-docs/agent/check.mdx b/website/pages/api-docs/agent/check.mdx index af38eaf965..194df3d7aa 100644 --- a/website/pages/api-docs/agent/check.mdx +++ b/website/pages/api-docs/agent/check.mdx @@ -310,6 +310,7 @@ The table below shows this endpoint's support for ```shell-session $ curl \ + --request PUT \ http://127.0.0.1:8500/v1/agent/check/pass/my-check-id ``` From 4acc2714bcec665b7b2389d39ff587b22babd796 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" Date: Mon, 14 Dec 2020 09:57:02 -0600 Subject: [PATCH 12/20] docs: call out intentions upgrade issue for 1.9.0+ (#9386) --- website/pages/docs/upgrading/upgrade-specific.mdx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/website/pages/docs/upgrading/upgrade-specific.mdx b/website/pages/docs/upgrading/upgrade-specific.mdx index 487037c882..cb7926b8e3 100644 --- a/website/pages/docs/upgrading/upgrade-specific.mdx +++ b/website/pages/docs/upgrading/upgrade-specific.mdx @@ -31,6 +31,16 @@ configuration now defaults to `true`. ### Changes to Intentions +#### Namespaced Intentions + +The API endpoint to [list +intentions](/api-docs/connect/intentions#list-intentions) now accepts the same +`ns` query parameter (or `X-Consul-Namespace` header) used on other API +endpoints. By default this will now only list the intentions in a specific +namespace, rather than listing all intentions across all namespaces. To achieve +the same results as Consul versions prior to 1.9.0 request the wildcard +namespace with a query parameter of `?ns=*`. + #### Migration Upgrading to Consul 1.9.0 will trigger a one-time background migration of From 1f7ad3bcf52b8e33d4195eb25fadb3c66202c5dc Mon Sep 17 00:00:00 2001 From: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com> Date: Tue, 15 Dec 2020 14:07:53 -0500 Subject: [PATCH 13/20] Fixed mesh gateway config instructions (#9396) Added missing words to mesh gateway config instructions, and corrected punctuation a paragraph above. Please review for technical accuracy. --- .../pages/docs/connect/gateways/mesh-gateway/index.mdx | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/website/pages/docs/connect/gateways/mesh-gateway/index.mdx b/website/pages/docs/connect/gateways/mesh-gateway/index.mdx index 76ddb1ed76..31adb027da 100644 --- a/website/pages/docs/connect/gateways/mesh-gateway/index.mdx +++ b/website/pages/docs/connect/gateways/mesh-gateway/index.mdx @@ -79,14 +79,15 @@ your network, the proxy's connection to the gateway can happen in one of the fol Mesh gateways are defined similarly to other services registered with Consul, with two exceptions. The first is that the [service kind](/api/agent/service#kind) must be "mesh-gateway". Second, -the mesh gateway service definition may contain a `Proxy.Config` entry just like a +the mesh gateway service definition may contain a `Proxy.Config` entry, just like a Connect proxy service, to define opaque configuration parameters useful for the actual proxy software. For Envoy there are some supported [gateway options](/docs/connect/proxies/envoy#gateway-options) as well as [escape-hatch overrides](/docs/connect/proxies/envoy#escape-hatch-overrides). --> **Note:** If ACLs are enabled, a token granting `service:write` for the gateways service name -and `service:read` for all services in the datacenter. These permissions authorize the token to route -communications for other Connect services but does not allow decrypting any of their communications. +-> **Note:** If ACLs are enabled, a token granting `service:write` for the gateway's service name +and `service:read` for all services in the datacenter must be added to the gateway's service definition. +These permissions authorize the token to route communications for other Connect services but does not +allow decrypting any of their communications. ## Connect Proxy Configuration From abb3b443c97341e0a89602ea7f91b02a59de0c5d Mon Sep 17 00:00:00 2001 From: Tenpo <69812167+tenpo-open-source@users.noreply.github.com> Date: Tue, 15 Dec 2020 17:09:16 -0300 Subject: [PATCH 14/20] update example for tag_name (#9226) * update example for tag_name In the example for azure the "tag_name" field is wrong cause say "tag_key" and not "tag_name" * change tag_key by tag_name in the description of azure --- website/pages/docs/install/cloud-auto-join.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/pages/docs/install/cloud-auto-join.mdx b/website/pages/docs/install/cloud-auto-join.mdx index 4a2b24222f..acba52bee7 100644 --- a/website/pages/docs/install/cloud-auto-join.mdx +++ b/website/pages/docs/install/cloud-auto-join.mdx @@ -85,7 +85,7 @@ endpoint](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-d ### Microsoft Azure This returns the first private IP address of all servers in the given region -which have the given `tag_key` and `tag_value` applied to their virtual NIC in the tenant and subscription, or in +which have the given `tag_name` and `tag_value` applied to their virtual NIC in the tenant and subscription, or in the given `resource_group` of a `vm_scale_set` for Virtual Machine Scale Sets. ```shell-session @@ -95,7 +95,7 @@ $ consul agent -retry-join "provider=azure tag_key=... tag_value=... tenant_id=. ```json { "retry_join": [ - "provider=azure tag_key=... tag_value=... tenant_id=... client_id=... subscription_id=... secret_access_key=..." + "provider=azure tag_name=... tag_value=... tenant_id=... client_id=... subscription_id=... secret_access_key=..." ] } ``` From 0ae3fde1ce9a3921cb2b705d9830e14449059e63 Mon Sep 17 00:00:00 2001 From: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> Date: Tue, 15 Dec 2020 12:25:11 -0800 Subject: [PATCH 15/20] Rotate Learn tutorials (#9404) * update Learn tutorials on landing page * add Vault image --- website/pages/home/img/learn/Vault.svg | 1 + website/pages/home/index.jsx | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 11 deletions(-) create mode 100644 website/pages/home/img/learn/Vault.svg diff --git a/website/pages/home/img/learn/Vault.svg b/website/pages/home/img/learn/Vault.svg new file mode 100644 index 0000000000..bef9bb0470 --- /dev/null +++ b/website/pages/home/img/learn/Vault.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/website/pages/home/index.jsx b/website/pages/home/index.jsx index 1e77b060bb..5976878b58 100644 --- a/website/pages/home/index.jsx +++ b/website/pages/home/index.jsx @@ -82,20 +82,20 @@ export default function HomePage() { brand="consul" items={[ { - title: 'Deploy Consul Service Mesh on Kubernetes', - category: 'Step-by-Step Tutorial', - time: '10 mins', - link: - 'https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy', - image: require('./img/learn/getting-started.svg?url'), - }, - { - title: 'Observe Layer 7 Traffic', + title: 'Try Consul Service Mesh on kind', category: 'Step-by-Step Tutorial', time: '15 mins', link: - 'https://learn.hashicorp.com/tutorials/consul/service-mesh-features', - image: require('./img/learn/kubernetes.svg?url'), + 'https://learn.hashicorp.com/tutorials/consul/kubernetes-kind', + image: require('./img/learn/getting-started.svg?url'), + }, + { + title: 'Secure Consul with Vault', + category: 'Step-by-Step Tutorials', + time: '45 mins', + link: + 'https://learn.hashicorp.com/collections/consul/vault-secure', + image: require('./img/learn/Vault.svg?url'), }, ]} /> From 7ec50a704367c480dd3d80c0107f9adb313e9bbb Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Tue, 15 Dec 2020 17:11:41 -0500 Subject: [PATCH 16/20] Merge pull request #9262 from hashicorp/dnephin/docs-deprecate-old-filters docs: deprecate some old filter parameters --- .changelog/9262.txt | 6 ++++++ website/pages/api-docs/catalog.mdx | 12 +++++++++--- website/pages/api-docs/health.mdx | 16 ++++++++++++---- 3 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 .changelog/9262.txt diff --git a/.changelog/9262.txt b/.changelog/9262.txt new file mode 100644 index 0000000000..fc93251d57 --- /dev/null +++ b/.changelog/9262.txt @@ -0,0 +1,6 @@ +```release-note:deprecation +api: the `tag`, `node-meta`, and `passing` query parameters for various health and catalog +endpoints are now deprecated. The `filter` query parameter should be used as a replacement +for all of the deprecated fields. The deprecated query parameters will be removed in a future +version of Consul. +``` diff --git a/website/pages/api-docs/catalog.mdx b/website/pages/api-docs/catalog.mdx index 942bdd5144..d2728f9ef0 100644 --- a/website/pages/api-docs/catalog.mdx +++ b/website/pages/api-docs/catalog.mdx @@ -309,7 +309,9 @@ The table below shows this endpoint's support for `?near=_agent` will use the agent's node for the sort. This is specified as part of the URL as a query parameter. -- `node-meta` `(string: "")` - Specifies a desired node metadata key/value pair +- `node-meta` `(string: "")` **Deprecated** - Use `filter` with the `Meta` selector instead. + This parameter will be removed in a future version of Consul. + Specifies a desired node metadata key/value pair of the form `key:value`. This parameter can be specified multiple times, and will filter the results to nodes with the specified key/value pairs. This is specified as part of the URL as a query parameter. @@ -454,7 +456,9 @@ The table below shows this endpoint's support for the datacenter of the agent being queried. This is specified as part of the URL as a query parameter. -- `tag` `(string: "")` - Specifies the tag to filter on. This is specified as part of +- `tag` `(string: "")` **Deprecated** - Use `filter` with the `ServiceTags` selector instead. + This parameter will be removed in a future version of Consul. + Specifies the tag to filter on. This is specified as part of the URL as a query parameter. Can be used multiple times for additional filtering, returning only the results that include all of the tag values provided. @@ -463,7 +467,9 @@ The table below shows this endpoint's support for `?near=_agent` will use the agent's node for the sort. This is specified as part of the URL as a query parameter. -- `node-meta` `(string: "")` - Specifies a desired node metadata key/value pair +- `node-meta` `(string: "")` **Deprecated** - Use `filter` with the `NodeMeta` selector instead. + This parameter will be removed in a future version of Consul. + Specifies a desired node metadata key/value pair of the form `key:value`. This parameter can be specified multiple times, and will filter the results to nodes with the specified key/value pairs. This is specified as part of the URL as a query parameter. diff --git a/website/pages/api-docs/health.mdx b/website/pages/api-docs/health.mdx index 0f3ac434ff..7038d94278 100644 --- a/website/pages/api-docs/health.mdx +++ b/website/pages/api-docs/health.mdx @@ -142,7 +142,9 @@ The table below shows this endpoint's support for `?near=_agent` will use the agent's node for the sort. This is specified as part of the URL as a query parameter. -- `node-meta` `(string: "")` - Specifies a desired node metadata key/value pair +- `node-meta` `(string: "")` **Deprecated** - Use `filter` with the `Node.Meta` selector instead. + This parameter will be removed in a future version of Consul. + Specifies a desired node metadata key/value pair of the form `key:value`. This parameter can be specified multiple times, and will filter the results to nodes with the specified key/value pairs. This is specified as part of the URL as a query parameter. @@ -232,17 +234,23 @@ The table below shows this endpoint's support for `?near=_agent` will use the agent's node for the sort. This is specified as part of the URL as a query parameter. -- `tag` `(string: "")` - Specifies the tag to filter the list. This is +- `tag` `(string: "")` **Deprecated** - Use `filter` with the `Service.Tags` selector instead. + This parameter will be removed in a future version of Consul. + Specifies the tag to filter the list. This is specified as part of the URL as a query parameter. Can be used multiple times for additional filtering, returning only the results that include all of the tag values provided. -- `node-meta` `(string: "")` - Specifies a desired node metadata key/value pair +- `node-meta` `(string: "")` **Deprecated** - Use `filter` with the `Node.Meta` selector instead. + This parameter will be removed in a future version of Consul. + Specifies a desired node metadata key/value pair of the form `key:value`. This parameter can be specified multiple times, and will filter the results to nodes with the specified key/value pairs. This is specified as part of the URL as a query parameter. -- `passing` `(bool: false)` - Specifies that the server should return only nodes +- `passing` `(bool: false)` **Deprecated** - Use `filter` with the `Checks.Status` selector instead. + This parameter will be removed in a future version of Consul. + Specifies that the server should return only nodes with all checks in the `passing` state. This can be used to avoid additional filtering on the client side. From b6266d83b511f43180d35d48e8570101b0b4c21e Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" Date: Tue, 15 Dec 2020 16:25:31 -0600 Subject: [PATCH 17/20] update comment to correctly reflect type of data in the oidc auth method config (#9364) --- website/pages/docs/security/acl/auth-methods/oidc.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/pages/docs/security/acl/auth-methods/oidc.mdx b/website/pages/docs/security/acl/auth-methods/oidc.mdx index 7ac39d3a15..36022e2e61 100644 --- a/website/pages/docs/security/acl/auth-methods/oidc.mdx +++ b/website/pages/docs/security/acl/auth-methods/oidc.mdx @@ -52,7 +52,7 @@ parameters are required to properly configure an auth method of type - `OIDCClientSecret` `(string: )` - The OAuth Client Secret configured with your OIDC provider. -- `AllowedRedirectURIs` `(array)` - Comma-separated list of allowed +- `AllowedRedirectURIs` `(array)` - A list of allowed values for `redirect_uri`. Must be non-empty. - `ClaimMappings` `(map[string]string)` - Mappings of claims (key) that @@ -69,7 +69,7 @@ parameters are required to properly configure an auth method of type When mapped, the values in each list can be any of a number, string, or boolean and will all be stringified when returned. -- `OIDCScopes` `(array)` - Comma-separated list of OIDC scopes. +- `OIDCScopes` `(array)` - A list of OIDC scopes. - `JWTSupportedAlgs` `(array)` - JWTSupportedAlgs is a list of supported signing algorithms. Defaults to `RS256`. ([Available From 35ef621a716a626550167c87821ff9af481445d2 Mon Sep 17 00:00:00 2001 From: Kim Ngo Date: Wed, 16 Dec 2020 14:47:15 -0600 Subject: [PATCH 18/20] nia/docs 0.1.0-techpreview2 (#9405) Co-authored-by: Lorna Song --- website/_redirects | 2 + website/data/docs-navigation.js | 4 +- website/pages/docs/nia/api.mdx | 219 ++++++++++++ website/pages/docs/nia/cli.mdx | 16 + website/pages/docs/nia/configuration.mdx | 322 ++++++++++++++++++ .../docs/nia/installation/configuration.mdx | 264 -------------- .../pages/docs/nia/installation/configure.mdx | 100 ++++++ .../pages/docs/nia/installation/install.mdx | 8 +- .../docs/nia/installation/requirements.mdx | 8 +- website/pages/docs/nia/installation/run.mdx | 18 +- website/pages/docs/nia/network-drivers.mdx | 6 +- website/pages/docs/nia/tasks.mdx | 74 +++- 12 files changed, 757 insertions(+), 284 deletions(-) create mode 100644 website/pages/docs/nia/api.mdx create mode 100644 website/pages/docs/nia/configuration.mdx delete mode 100644 website/pages/docs/nia/installation/configuration.mdx create mode 100644 website/pages/docs/nia/installation/configure.mdx diff --git a/website/_redirects b/website/_redirects index 2f1457ea0d..023d34b9da 100644 --- a/website/_redirects +++ b/website/_redirects @@ -394,6 +394,8 @@ /docs/platform/k8s/uninstalling /docs/k8s/operations/upgrading 301! /docs/platform/k8s/* /docs/k8s/:splat 301! +/docs/nia/installation/configuration /docs/nia/configuration 301! + /docs/partnerships/index.html /docs/partnerships 301! /docs/enterprise/backups/index.html /docs/enterprise/backups 301! /docs/enterprise/upgrades/index.html /docs/enterprise/upgrades 301! diff --git a/website/data/docs-navigation.js b/website/data/docs-navigation.js index c9ccdc10e4..45fce1bd10 100644 --- a/website/data/docs-navigation.js +++ b/website/data/docs-navigation.js @@ -189,10 +189,12 @@ export default [ { category: 'installation', name: 'Get Started', - content: ['install', 'requirements', 'configuration', 'run'], + content: ['install', 'requirements', 'configure', 'run'], }, 'architecture', + 'api', 'cli', + 'configuration', 'tasks', 'network-drivers', ], diff --git a/website/pages/docs/nia/api.mdx b/website/pages/docs/nia/api.mdx new file mode 100644 index 0000000000..12f04e56c0 --- /dev/null +++ b/website/pages/docs/nia/api.mdx @@ -0,0 +1,219 @@ +--- +layout: docs +page_title: Consul-Terraform-Sync API +sidebar_title: API +description: >- + How to use the Consul-Terraform-Sync API +--- + +# Consul-Terraform-Sync API + +When running in [daemon mode](/docs/nia/cli#daemon-mode), Consul-Terraform-Sync serves an HTTP API interface. + +### Port + +The API is served at the default port `8558` or a different port if set with [`port` configuration](/docs/nia/configuration#port) + +### Version Prefix + +All API routes are prefixed with `/v1/`. This documentation is for v1 of the API, which is the only version currently. + +Example: `localhost:8558/v1/status` + +### Error + +Successful API requests will receive a 2XX success status code. For other unsuccessful status codes, when possible, more details will be provided in a response body. The response will be a JSON map with an "error" key. + +Example: Status 400 Bad Request +```json +{ + "error": "example error message: unsupported status parameter value" +} +``` + +## Status + +The `/status` endpoints share status-related information for tasks. This information is available for understanding the status of individual tasks and across tasks. + +The health status value is determined by aggregating the success or failure of the event of a task detecting changes in Consul services and then updating network infrastructure. Currently, only the 5 most recent events are stored in Consul-Terraform-Sync. For more information on the hierarchy of status information and how it is collected, see [Status Information](/docs/nia/tasks#status-information). + +### Overall Status + +This endpoint currently returns the overall status information for all tasks. + +| Method | Path | Produces | +| ------ | ------------------- | ------------------ | +| `GET` | `/status` | `application/json` | + +#### Request Parameters +Currently no request parameters are offered for the overall status API. + +#### Response Fields + +* `task_summary` - Summary of the count of tasks for each health status. See [Task Status API](/docs/nia/api#task-status) to learn more about how health status is determined. + * `successful` - (int) The number of tasks that have a 'successful' health status + * `errored` - (int) The number of tasks that have a 'errored' health status + * `critical` - (int) The number of tasks that have a 'critical' health status + + +#### Example + +Request: +```shell-session +$ curl localhost:8558/v1/status +``` + +Response: +```json +{ + "task_summary": { + "successful": 28, + "errored": 5, + "critical": 1 + } +} +``` + +### Task Status + +This endpoint returns the individual task status information for a single specified task or for all tasks. + +Task health status value is determined by the success or failure of all stored [event data](/docs/nia/tasks#event) on the process of updating network infrastructure for a task. Currently only the 5 most recent events are stored per task. + - Successful: The most recent stored event is successful. + - Errored: The most recent stored event is not successful but all previous stored events are successful. + - Critical: The most recent stored event is not successful and one or more previous stored events are also not successful. + - Unknown: No event data is stored for the task. + +| Method | Path | Produces | +| ------ | ------------------- | ------------------ | +| `GET` | `/status/tasks/:task` | `application/json` | + +#### Request Parameters + +* `task` - (string) Option to specify the name of the task to return in the response. If not specified, all tasks are returned in the response. +* `include` - (string) Only accepts the value "events". Use to include stored event information in response. +* `status` - (string) Only accepts health status values "successful", "errored", "critical", or "unknown". Use to filter response by tasks that have the specified health status value. Recommend setting this parameter when requesting all tasks i.e. no `task` parameter is set. + +#### Response Fields + +The response is a JSON map of task name to a status information structure with the following fields. + +* `task_name` - (string) Name that task is configured with in Consul-Terraform-Sync. +* `status` - (string) Values are "successful", "errored", "critical", or "unknown". This is determined by the success or failure of all stored events on the network infrastructure update process for the task, as described earlier. +* `services` - (list[string]) List of the services configured for the task. +* `providers` - (list[string]) List of the providers configured for the task. +* `events_url` - (string) Relative URL to retrieve the event data stored for the task. +* `events` - [(list[Event])](/docs/nia/api#event) - List of stored events that inform the task's status. See section below for information on event data. This field is only included in the response upon request by setting the `?include=events` parameter. The relative URL for the request to include events can be retrieved from the `events_url` field. + +##### Event + +Event represents the process of updating network infrastructure of a task. The data is captured in a JSON structure. For more details on the scope of an event, see [Event](/docs/nia/tasks#event). + +* `id` - (string) UUID to uniquely identify the event. +* `success` - (bool) Indication of whether the event was successful or not. +* `start_time` - (time) Time when the event started. +* `end_time` - (time) Time when the event ended. +* `task_name` - (string) Name that task is configured with in Consul-Terraform-Sync. +* `error` Information when the event fails. Null when successful. + * `message` - (string) Error message that is returned on failure. +* `config` + * `services` - (list[string]) List of the services configured for the task. + * `source` - (string) Source configured for the task. + * `providers` - (list[string]) List of the providers configured for the task. + +#### Example: All Task Statuses + +Request: +```shell-session +$ curl localhost:8558/v1/status/tasks +``` + +Response: +```json +{ + "task_a": { + "task_name": "task_a", + "status": "successful", + "providers": [ + "local" + ], + "services": [ + "api" + ], + "events_url": "/v1/status/tasks/task_a?include=events" + }, + "task_b": { + "task_name": "task_b", + "status": "errored", + "providers": [ + "null" + ], + "services": [ + "web" + ], + "events_url": "/v1/status/tasks/task_b?include=events" + } +} +``` + +#### Example: Individual Task Status with Events + +Request: +```shell-session +$ curl localhost:8558/v1/status/tasks/task_b?include=events +``` + +Response: +```json +{ + "task_b": { + "task_name": "task_b", + "status": "errored", + "providers": [ + "null" + ], + "services": [ + "web", + ], + "events_url": "/v1/status/tasks/task_b?include=events", + "events": [ + { + "id": "44137ba2-8fc9-6cbe-0e0e-e9305ee4f7f9", + "success": false, + "start_time": "2020-11-24T12:06:51.858292-05:00", + "end_time": "2020-11-24T12:06:52.770165-05:00", + "task_name": "task_b", + "error": { + "message": "example error: terraform-apply error" + }, + "config": { + "providers": [ + "null" + ], + "services": [ + "web", + ], + "source": "../modules/test_task" + } + }, + { + "id": "ef202675-502f-431f-b133-ed64d15b0e0e", + "success": true, + "start_time": "2020-11-24T12:04:18.651231-05:00", + "end_time": "2020-11-24T12:04:20.900115-05:00", + "task_name": "task_b", + "error": null, + "config": { + "providers": [ + "null" + ], + "services": [ + "web", + ], + "source": "../modules/test_task" + } + } + ] + } +} +``` diff --git a/website/pages/docs/nia/cli.mdx b/website/pages/docs/nia/cli.mdx index c23a1faa17..32edfc667c 100644 --- a/website/pages/docs/nia/cli.mdx +++ b/website/pages/docs/nia/cli.mdx @@ -30,6 +30,22 @@ Behavior: This is the default mode in which Consul-Terraform-Sync passes through Usage: Intended to be run as a long running process after running once-mode successfully for given configuration and tasks. +### Inspect Mode + +Flag: `-inspect` + +Behavior: Consul-Terraform-Sync will display the proposed state changes for all tasks once and exit. No changes are applied in this mode. On encountering an error before completing, Consul-Terraform-Sync will exit with a non-zero status. + +Usage: Intended to be run before daemon-mode in order to confirm configuration is accurate and tasks would update network infrastructure as expected. + +----- + +Flag: `-inspect-task [task-name]` + +Behavior: This has similar behavior as `-inspect` mode for the selected task. The flag can be specified multiple times to inspect multiple tasks. No changes are applied in this mode. + +Usage: Useful to debug one or more tasks to confirm configuration is accurate and the selected tasks would update network infrastructure as expected. + ### Once Mode Flag: `-once` diff --git a/website/pages/docs/nia/configuration.mdx b/website/pages/docs/nia/configuration.mdx new file mode 100644 index 0000000000..ee11a930dc --- /dev/null +++ b/website/pages/docs/nia/configuration.mdx @@ -0,0 +1,322 @@ +--- +layout: docs +page_title: Consul-Terraform-Sync Configuration +sidebar_title: Configuration +description: >- + Consul-Terraform-Sync requires a Terraform Provider, a Terraform Module and a running Consul Cluster outside of the consul-terraform-sync daemon. +--- + +# Configuration Options for Consul-Terraform-Sync + +The Consul-Terraform-Sync daemon is configured using configuration files and supports [HashiCorp Configuration Language](https://github.com/hashicorp/hcl) (HCL) and JSON file formats. + +## Global Config Options + +Top level options are reserved for configuring Consul-Terraform-Sync. + +```hcl +log_level = "INFO" +port = 8558 +syslog {} +buffer_period { + enabled = true + min = "5s" + max = "20s" +} +``` + +* `buffer_period` - Configures the default buffer period for all [tasks](#task) to dampen the affects of flapping services to downstream network devices. It defines the minimum and maximum amount of time to wait for the cluster to reach a consistent state and accumulate changes before triggering task executions. The default is enabled to reduce the number of times downstream infrastructure is updated within a short period of time. This is useful to enable in systems that have a lot of flapping. + * `enabled` - (bool: true) Enable or disable buffer periods globally. Specifying `min` will also enable it. + * `min` - (string: "5s") The minimum period of time to wait after changes are detected before triggering related tasks. + * `max` - (string: "20s") The maximum period of time to wait after changes are detected before triggering related tasks. If `min` is set, the default period for `max` is 4 times the value of `min`. +* `log_level` - (string: "WARN") The log level to use for Consul-Terraform-Sync logging. +* `port` - (int: 8558) The port for Consul-Terraform-Sync to use to serve API requests. +* `syslog` - Specifies the syslog server for logging. + * `enabled` - (bool) Enable syslog logging. Specifying other option also enables syslog logging. + * `facility` - (string) Name of the syslog facility to log to. + * `name` - (string: "consul-terraform-sync") Name to use for the daemon process when logging to syslog. + +## Consul + +The `consul` block is used to configure Consul-Terraform-Sync connection with a Consul agent to perform queries to the Consul Catalog and Consul KV pertaining to task execution. + +To read more on suggestions for configuring the Consul agent, see [run an agent](/docs/nia/installation/requirements#run-an-agent). + +```hcl +consul { + address = "consul.example.com" + auth {} + tls {} + token = null + transport {} +} +``` + +* `address` - (string: "localhost:8500") Address is the address of the Consul agent. It may be an IP or FQDN. +* `auth` - Auth is the HTTP basic authentication for communicating with Consul. + * `enabled` - (bool) + * `username` - (string) + * `password` - (string) +* `tls` - Configure TLS to use a secure client connection with Consul. This option is required for Consul-Terraform-Sync when connecting to a [Consul agent with TLS verification enabled for HTTPS connections](/docs/agent/options#verify_incoming). + * `enabled` - (bool) Enable TLS. Specifying any option for TLS will also enable it. + * `verify` - (bool: true) Enables TLS peer verification. The default is enabled, which will check the global CA chain to make sure the given certificates are valid. If you are using a self-signed certificate that you have not added to the CA chain, you may want to disable SSL verification. However, please understand this is a potential security vulnerability. + * `key` - (string) The client key file to use for talking to Consul over TLS. The key also be provided through the `CONSUL_CLIENT_KEY` environment variable. + * `ca_cert` - (string) The CA file to use for talking to Consul over TLS. Can also be provided though the `CONSUL_CACERT` environment variable. + * `ca_path` - (string) The path to a directory of CA certs to use for talking to Consul over TLS. Can also be provided through the `CONSUL_CAPATH` environment variable. + * `cert` - (string) The client cert file to use for talking to Consul over TLS. Can also be provided through the `CONSUL_CLIENT_CERT` environment variable. + * `server_name` - (string) The server name to use as the SNI host when connecting via TLS. Can also be provided through the `CONSUL_TLS_SERVER_NAME` environment variable. +* `token` - (string) The ACL token to use for client communication with the local Consul agent. The token can also be provided through the `CONSUL_TOKEN` or `CONSUL_HTTP_TOKEN` environment variables. +* `transport` - Transport configures the low-level network connection details. + * `dial_keep_alive` - (string: "30s") The amount of time for keep-alives. + * `dial_timeout` - (string: "30s") The amount of time to wait to establish a connection. + * `disable_keep_alives` - (bool) Determines if keep-alives should be used. Disabling this significantly decreases performance. + * `idle_conn_timeout` - (string: "90s") The timeout for idle connections. + * `max_idle_conns` - (int: 100) The maximum number of total idle connections. + * `max_idle_conns_per_host` - (int: 1) The maximum number of idle connections per remote host. + * `tls_handshake_timeout` - (string: "10s") amount of time to wait to complete the TLS handshake. + +## Service + +A `service` block is an optional block to explicitly define configuration of services that Consul-Terraform-Sync monitors. A `service` block is only necessary for services that have non-default values e.g. custom datacenter. Services that do not have a `service` block configured will assume default values. To configure multiple services, specify multiple `service` blocks. For services to be included in task automation, the service must be included in the `task.services` field of a [`task` block](#task). If a `service` block is configured, the service can be referred in `task.services` by service name or ID. If a `service` block is not configured, it can only be referred to by service name. + +```hcl +service { + name = "web" + datacenter = "dc1" + description = "all instances of the service web in datacenter dc1" +} +``` + +* `datacenter` - (string) The datacenter the service is deployed in. +* `description` - (string) The human readable text to describe the service. +* `id` - (string) ID identifies the service for Consul-Terraform-Sync. This is used to explicitly identify the service config for a task to use. If no ID is provided, the service is identified by the service name within a [task definition](#task). +* `name` - (string: required) The Consul logical name of the service (required). +* `namespace` - (string: "default") The namespace of the service. If not provided, the namespace will be inferred from the Consul-Terraform-Sync ACL token, or default to the `default` namespace. +* `tag` - (string) Tag is used to filter nodes based on the tag for the service. + +## Task + +A `task` block configures which task to run in automation for the selected services. The list of services can include services explicitly defined by a `service` block or implicitly declared by the service name. The `task` block may be specified multiple times to configure multiple tasks. + +```hcl +task { + name = "taskA" + description = "" + providers = [] + services = ["web", "api"] + source = "org/example/module" + version = "1.0.0" + variable_files = [] +} +``` + +* `description` - (string) The human readable text to describe the service. +* `name` - (string: required) Name is the unique name of the task (required). A task name must start with a letter or underscore and may contain only letters, digits, underscores, and dashes. +* `providers` - (list[string]) Providers is the list of provider names the task is dependent on. This is used to map [Terraform provider configuration](#terraform-provider) to the task. +* `services` - (list[string]: required) Services is the list of logical service names or service IDs the task executes on. Consul-Terraform-Sync monitors the Consul Catalog for changes to these services and triggers the task to run. Any service value not explicitly defined by a `service` block with a matching ID is assumed to be a logical service name in the default namespace. +* `source` - (string: required) Source is the location the driver uses to fetch task dependencies. The source format is dependent on the driver. For the [Terraform driver](#terraform-driver), the source is the module path (local or remote). Read more on [Terraform module source here](https://www.terraform.io/docs/modules/sources.html). +* `variable_files` - (list[string]) A list of paths to files containing variables for the task. For the [Terraform driver](#terraform-driver), these are used as Terraform [variable defintion (`.tfvars`) files](https://www.terraform.io/docs/configuration/variables.html#variable-definitions-tfvars-files) and consists of only variable name assignments. The variable assignments must match the corresponding variable declarations available by the Terraform module for the task. Consul-Terraform-Sync will generate the intermediate variable declarations to pass as arguments from the auto-generated root module to the task's module. Variables are loaded in the same order as they appear in the order of the files. Duplicate variables are overwritten with the later value. *Note: unless specified by the module, configure arguments for Terraform providers using [`terraform_provider` blocks](#terraform-provider).* + ```hcl + address_group = "consul-services" + tags = [ + "consul-terraform-sync", + "terraform" + ] + ``` +* `version` - (string) The version of the provided source the task will use. For the [Terraform driver](#terraform-driver), this is the module version. The latest version will be used as the default if omitted. +* `buffer_period` - Configures the buffer period for the task to dampen the affects of flapping services to downstream network devices. It defines the minimum and maximum amount of time to wait for the cluster to reach a consistent state and accumulate changes before triggering task execution. The default is inherited from the top level [`buffer_period` block](#global-config-options). If configured, these values will take precedence over the global buffer period. This is useful to enable for a task that is dependent on services that have a lot of flapping. + * `enabled` - (bool) Enable or disable buffer periods for this task. Specifying `min` will also enable it. + * `min` - (string: "5s") The minimum period of time to wait after changes are detected before triggering related tasks. + * `max` - (string: "20s") The maximum period of time to wait after changes are detected before triggering related tasks. If `min` is set, the default period for `max` is 4 times the value of `min`. + +## Terraform Driver + +The `driver` block configures the subprocess for Consul-Terraform-Sync to propagate infrastructure change. The Terraform driver is a required configuration for Consul-Terraform-Sync to relay provider discovery and installation information to Terraform, specifically the `required_providers` stanza. Other driver options do not need to be explicitly configured and has reasonable default values. + +```hcl +driver "terraform" { + log = false + persist_log = false + path = "" + working_dir = "" + + backend "consul" { + scheme = "https" + } + + required_providers { + myprovider = { + source = "namespace/myprovider" + version = "1.3.0" + } + } +} +``` + +* `backend` - (obj) The backend stores [Terraform state files](https://www.terraform.io/docs/state/index.html) for each task. This option is similar to the [Terraform backend configuration](https://www.terraform.io/docs/configuration/backend.html). Consul-Terraform-Sync supports Terraform backends used as a state store and currently does not support enhanced backends. If omitted, Consul-Terraform-Sync will generate default values and use configuration from the [`consul` block](#consul) to configure [Consul as the backend](https://www.terraform.io/docs/backends/types/consul.html). The Consul KV path is the base path to store state files for tasks. The full path of each state file will have the task identifer appended to the end of the path, e.g. `consul-terraform-sync/terraform-env:task-name`. + * Supported backend options: [azurerm](https://www.terraform.io/docs/backends/types/azurerm.html), [consul](https://www.terraform.io/docs/backends/types/consul.html), [cos](https://www.terraform.io/docs/backends/types/cos.html), [gcs](https://www.terraform.io/docs/backends/types/gcs.html), [kubernetes](https://www.terraform.io/docs/backends/types/kubernetes.html), [local](https://www.terraform.io/docs/backends/types/local.html), [manta](https://www.terraform.io/docs/backends/types/manta.html), [pg](https://www.terraform.io/docs/backends/types/pg.html) (Terraform v0.14+), [s3](https://www.terraform.io/docs/backends/types/s3.html) + * Visit the Terraform documentation links above for the specific backend configuration options. +* `log` - (bool) Enable all Terraform output (stderr and stdout) to be included in the Consul-Terraform-Sync log. This is useful for debugging and development purposes. It may be difficult to work with log aggregators that expect uniform log format. +* `path` - (string) The file path to install Terraform or discover an existing Terraform binary. If omitted, Terraform will be installed in the same directory as the Consul-Terraform-Sync daemon. To resolve an incompatible Terraform version or to change versions will require removing the existing binary or change to a different path. +* `persist_log` - (bool) Enable trace logging for each Terraform client to disk per task. This is equivalent to setting `TF_LOG_PATH=/terraform.log`. Trace log level results in verbose logging and may be useful for debugging and development purposes. We do not recommend enabling this for production. There is no log rotation and may quickly result in large files. +* `required_providers` - (obj: required) Declare each Terraform provider used across all tasks. This is similar to the [Terraform `terraform.required_providers`](https://www.terraform.io/docs/configuration/provider-requirements.html#requiring-providers) field to specify the source and version for each provider. Consul-Terraform-Sync will process these requirements when preparing each task that uses the provider. +* `version` - (string) The Terraform version to install and run in automation for task execution. If omittied, the driver will install the latest official release of Terraform. To change versions, remove the existing binary or change the path to install the desired version. Verify that the desired Terraform version is compatible across all Terraform modules used for Consul-Terraform-Sync automation. +* `working_dir` - (string: "sync-tasks") The base working directory to manage Terraform configurations all tasks. The full path of each working directory will have the task identifier appended to the end of the path, e.g. `./sync-tasks/task-name`. + +## Terraform Provider + +A `terraform_provider` block configures the options to interface with network infrastructure. Define a block for each provider required by the set of Terraform modules across all tasks. This block resembles [provider blocks for Terraform configuration](https://www.terraform.io/docs/configuration/providers.html). To find details on how to configure a provider, refer to the corresponding documentation for the Terraform provider. The main directory of publicly available providers are hosted on the [Terraform Registry](https://registry.terraform.io/browse/providers). + +The below configuration captures the general design of defining a provider using the [Vault Terraform provider](https://registry.terraform.io/providers/hashicorp/vault/latest/docs) as an example. + +```hcl +driver "terraform" { + required_providers { + vault = { + source = "hashicorp/vault" + version = "2.13.0" + } + } +} + +terraform_provider "vault" { + address = "vault.example.com" +} + +task { + source = "some/source" + providers = ["vault"] + services = ["web", "api"] +} +``` + +### Securely Configure Terraform Providers + +The `terraform_provider` block supports dynamically loading arguments from other sources. This can be used to securely configure your Terraform provider from the shell environment, Consul KV, or Vault. Using the template syntax below, you can avoid including sensitive values or credentials in plain text within configuration files for Consul-Terraform-Sync. + +Template syntax is only supported within the `terraform_provider` block. + +-> **Note**: The dynamic values will be included in the [`terraform.tfvars`](/docs/nia/network-drivers#terraform-tfvars) file for each Terraform workspace that references the provider. To exclude dynamic values from rendering to local files in plain text, check out this section on how to configure [provider environment variables](#provider-environment-variables) using dynamic configuration. + +#### Env + +`env` reads the given environment variable accessible to Consul-Terraform-Sync. + +```hcl +terraform_provider "example" { + address = "{{ env \"EXAMPLE_HOSTNAME\" }}" +} +``` + +#### Consul + +`key` queries the key's value in the KV store of the Consul server configured in the required [`consul` block](#consul). + +```hcl +terraform_provider "example" { + value = "{{ key \"path/example/key\" }}" +} +``` + +#### Vault + +`with secret` queries the [Vault KV secrets engine](https://www.vaultproject.io/api-docs/secret/kv). Vault is an optional source that will require operators to configure the Vault client. Access the secret using template dot notation `Data.data.`. + +```hcl +vault { + address = "vault.example.com" +} + +terraform_provider "example" { + token = "{{ with secret \"secret/my/path\" }}{{ .Data.data.foo }}{{ end }}" +} +``` + +##### Vault Configuration + +* `address` - (string) The URI of the Vault server. This can also be set via the `VAULT_ADDR` environment variable. +* `enabled` - (bool) Enabled controls whether the Vault integration is active. +* `namespace` - (string) Namespace is the Vault namespace to use for reading secrets. This can also be set via the `VAULT_NAMESPACE` environment variable. +* `renew_token` - (bool) Renews the Vault token. This can also be set via the `VAULT_RENEW_TOKEN` environment variable. +* `tls` - [(tls block)](#tls) TLS indicates the client should use a secure connection while talking to Vault. Supports the environment variables: + * `VAULT_CACERT` + * `VAULT_CAPATH` + * `VAULT_CLIENT_CERT` + * `VAULT_CLIENT_KEY` + * `VAULT_SKIP_VERIFY` + * `VAULT_TLS_SERVER_NAME` +* `token` - (string) Token is the Vault token to communicate with for requests. It may be a wrapped token or a real token. This can also be set via the `VAULT_TOKEN` environment variable, or via the `VaultAgentTokenFile`. +* `vault_agent_token_file` - (string) The path of the file that contains a Vault Agent token. If this is specified, Consul-Terraform-Sync will not try to renew the Vault token. +* `transport` - [(transport block)](#transport) Transport configures the low-level network connection details. +* `unwrap_token` - (bool) Unwraps the provided Vault token as a wrapped token. + +~> Note: Vault credentials are not accessible by tasks and the associated Terraform configurations, including automated Terraform modules. If the task requires Vault, you will need to seprately configure the Vault provider and explicitly include it in the `task.providers` list. + +### Provider Environment Variables + +Terraform providers may support shell environment variables as values for some of their arguments. When available, we recommend using environment variables as a way to keep credentials out of plain-text configuration files. Refer to the official provider docs hosted on the [Terraform Registry](https://registry.terraform.io/browse/providers) to find supported environment variables for a provider. By default, Consul-Terraform-Sync enables all Terraform workspaces for each task to inherit from its environment. + +The `task_env` block is a meta-argument available for the `terraform_provider` block that can be used to rename or scope the available environment to a selected set of variables. + +```hcl +terraform_provider "foo" { + // Direct assignment of provider arguments are rendered in plain-text in the + // generated terraform.tfvars file for the corresponding Terraform workspaces. + // token = "" + + // Instead of configuring the token argument directly for the provider, + // use the provider's supported environment variable for the token argument. + // For example, + // $ export FOO_TOKEN = "" + + // Alternatively, the task_env block allows you to rename the shell + // environment to the expected name by the provider. + task_env { + "FOO_TOKEN" = "{{ env \"CTS_FOO_TOKEN\" }}" + } +} +``` + +### Multiple Provider Configurations + +Consul-Terraform-Sync supports the [Terraform feature to define multiple configurations](https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-configurations) for the same provider by utilizing the `alias` meta-argument. Define multiple provider blocks with the same provider name and set the `alias` to a unique value across a given provider. Select which provider configuration to use for a task by specifying the configuration with the provider name and alias (`.`) within the list of providers in the [`task.provider`](#task) parameter. A task can use multiple providers, but only one provider instance of a provider is allowed per task. + +The example Consul-Terraform-Sync configuration below defines two similar tasks executing the same module with different instances of the Vault provider. + +```hcl +terraform_provider "vault" { + alias = "a" + address = "vault.example.com" + namespace = "team-a" + task_env { + "VAULT_TOKEN" = "{{ env \"CTS_VAULT_TOKEN_A\" }}" + } +} + +terraform_provider "vault" { + alias = "b" + address = "vault.internal.com" + namespace = "team-b" + task_env { + "VAULT_TOKEN" = "{{ env \"CTS_VAULT_TOKEN_B\" }}" + } +} + +terraform_provider "dns" { + // ... +} + +task { + name = "task-a" + source = "org/module" + providers = ["vault.a", "dns"] + // ... +} + +task { + name = "task-b" + source = "org/module" + providers = ["vault.b", "dns"] + // ... +} +``` diff --git a/website/pages/docs/nia/installation/configuration.mdx b/website/pages/docs/nia/installation/configuration.mdx deleted file mode 100644 index 6f686b1601..0000000000 --- a/website/pages/docs/nia/installation/configuration.mdx +++ /dev/null @@ -1,264 +0,0 @@ ---- -layout: docs -page_title: Configure Consul-Terraform-Sync -sidebar_title: Configuration -description: >- - Consul-Terraform-Sync requires a Terraform Provider, a Terraform Module and a running Consul Cluster outside of the consul-terraform-sync daemon. ---- - -# Configuration Options for Consul-Terraform-Sync - -The Consul-Terraform-Sync daemon is configured using configuration files and supports [HashiCorp Configuration Language](https://github.com/hashicorp/hcl) (HCL) and JSON file formats. - -## Example - -An example HCL configuration is shown below to automate a task to execute a Terraform module for 2 services. - -```hcl -log_level = "info" - -consul { - address = "consul.example.com" -} - -buffer_period { - min = "5s" - max = "20s" -} - -task { - name = "website-x" - description = "automate services for website-x" - source = "namespace/example/module" - version = "1.0.0" - providers = ["myprovider"] - services = ["web", "api"] - buffer_period { - min = "10s" - } -} - -driver "terraform" { - required_providers { - myprovider = { - source = "namespace/myprovider" - version = "1.3.0" - } - } -} - -provider "myprovider" { - address = "myprovider.example.com" -} -``` - -## Global Config Options - -Top level options are reserved for configuring Consul-Terraform-Sync. - -```hcl -log_level = "INFO" -syslog {} -buffer_period { - enabled = true - min = "5s" - max = "20s" -} -``` - -* `log_level` - `(string: "WARN")` The log level to use for Consul-Terraform-Sync logging. -* `syslog` - Specifies the syslog server for logging. - * `enabled` - `(bool: false)` Enable syslog logging. Specifying other option also enables syslog logging. - * `facility` - `(string: )` Name of the syslog facility to log to. - * `name` - `(string: "consul-terraform-sync")` Name to use for the daemon process when logging to syslog. -* `buffer_period` - Configures the default buffer period for all [tasks](#task) to dampen the affects of flapping services to downstream network devices. It defines the minimum and maximum amount of time to wait for the cluster to reach a consistent state and accumulate changes before triggering task executions. The default is enabled to reduce the number of times downstream infrastructure is updated within a short period of time. This is useful to enable in systems that have a lot of flapping. - * `enabled` - `(bool: true)` Enable or disable buffer periods globally. Specifying `min` will also enable it. - * `min` - `(string: 5s)` The minimum period of time to wait after changes are detected before triggering related tasks. - * `max` - `(string: 20s)` The maximum period of time to wait after changes are detected before triggering related tasks. If `min` is set, the default period for `max` is 4 times the value of `min`. - -## Consul - -The `consul` block is used to configure Consul-Terraform-Sync connection with a Consul agent to perform queries to the Consul Catalog and Consul KV pertaining to task execution. - -```hcl -consul { - address = "consul.example.com" - auth {} - tls {} - token = null - transport {} -} -``` - -* `address` - `(string: "localhost:8500")` Address is the address of the Consul agent. It may be an IP or FQDN. -* `auth` - Auth is the HTTP basic authentication for communicating with Consul. - * `enabled` - `(bool: false)` - * `username` - `(string: )` - * `password` - `(string: )` -* `tls` - Configure TLS to use a secure client connection with Consul. This requires Consul to be configured to serve HTTPS. - * `enabled` - `(bool: false)` Enable TLS. Specifying any option for TLS will also enable it. - * `verify` - `(bool: true)` Enables TLS peer verification. The default is enabled, which will check the global CA chain to make sure the given certificates are valid. If you are using a self-signed certificate that you have not added to the CA chain, you may want to disable SSL verification. However, please understand this is a potential security vulnerability. - * `key` - `(string: )` The client key file to use for talking to Consul over TLS. The key also be provided through the `CONSUL_CLIENT_KEY` environment variable. - * `ca_cert` - `(string: )` The CA file to use for talking to Consul over TLS. Can also be provided though the `CONSUL_CACERT` environment variable. - * `ca_path` - `(string: )` The path to a directory of CA certs to use for talking to Consul over TLS. Can also be provided through the `CONSUL_CAPATH` environment variable. - * `cert` - `(string: )` The client cert file to use for talking to Consul over TLS. Can also be provided through the `CONSUL_CLIENT_CERT` environment variable. - * `server_name` - `(string: )` The server name to use as the SNI host when connecting via TLS. Can also be provided through the `CONSUL_TLS_SERVER_NAME` environment variable. -* `token` - `(string: )` The ACL token to use for client communication with the local Consul agent. The token can also be provided through the `CONSUL_TOKEN` or `CONSUL_HTTP_TOKEN` environment variables. -* `transport` - Transport configures the low-level network connection details. - * `dial_keep_alive` - `(string: "30s")` The amount of time for keep-alives. - * `dial_timeout` - `(string: "30s")` The amount of time to wait to establish a connection. - * `disable_keep_alives` - `(bool: false)` Determines if keep-alives should be used. Disabling this significantly decreases performance. - * `idle_conn_timeout` - `(string: "90s")` The timeout for idle connections. - * `max_idle_conns` - `(int: 100)` The maximum number of total idle connections. - * `max_idle_conns_per_host` - `(int: 1)` The maximum number of idle connections per remote host. - * `tls_handshake_timeout` - `(string: "10s")` amount of time to wait to complete the TLS handshake. - -## Service - -A `service` block is an optional block to explicitly define configuration of services that Consul-Terraform-Sync monitors. A `service` block is only necessary for services that have non-default values e.g. custom datacenter. Services that do not have a `service` block configured will assume default values. To configure multiple services, specify multiple `service` blocks. For services to be included in task automation, the service must be included in the `task.services` field of a [`task` block](#task). If a `service` block is configured, the service can be referred in `task.services` by service name or ID. If a `service` block is not configured, it can only be referred to by service name. - -```hcl -service { - name = "web" - datacenter = "dc1" - description = "all instances of the service web in datacenter dc1" -} -``` - -* `datacenter` - `(string: )` The datacenter the service is deployed in. -* `description` - `(string: )` The human readable text to describe the service. -* `id` - `(string: )` ID identifies the service for Consul-Terraform-Sync. This is used to explicitly identify the service config for a task to use. If no ID is provided, the service is identified by the service name within a [task definition](#task). -* `name` - `(string: )` The Consul logical name of the service (required). -* `namespace` - `(string: "default")` The namespace of the service. If not provided, the namespace will be inferred from the Consul-Terraform-Sync ACL token, or default to the `default` namespace. -* `tag` - `(string: )` Tag is used to filter nodes based on the tag for the service. - -## Task - -A `task` block configures which task to run in automation for the selected services. The list of services can include services explicitly defined by a `service` block or implicitly declared by the service name. The `task` block may be specified multiple times to configure multiple tasks. - -```hcl -task { - name = "taskA" - description = "" - providers = [] - services = ["web", "api"] - source = "org/example/module" - version = "1.0.0" - variable_files = [] -} -``` - -* `description` - `(string: )` The human readable text to describe the service. -* `name` - `(string: )` Name is the unique name of the task (required). A task name must start with a letter or underscore and may contain only letters, digits, underscores, and dashes. -* `providers` - `(list(string): [])` Providers is the list of provider names the task is dependent on. This is used to map [provider configuration](#provider) to the task. -* `services` - `(list(string): [])` Services is the list of logical service names or service IDs the task executes on. Consul-Terraform-Sync monitors the Consul Catalog for changes to these services and triggers the task to run. Any service value not explicitly defined by a `service` block with a matching ID is assumed to be a logical service name in the default namespace. -* `source` - `(string: )` Source is the location the driver uses to fetch task dependencies. The source format is dependent on the driver. For the [Terraform driver](#terraform-driver), the source is the module path (local or remote). Read more on [Terraform module source here](https://www.terraform.io/docs/modules/sources.html). -* `variable_files` - `(list(string): [])` A list of paths to files containing variables for the task. For the [Terraform driver](#terraform-driver), these are used as Terraform [variable defintion (`.tfvars`) files](https://www.terraform.io/docs/configuration/variables.html#variable-definitions-tfvars-files) and consists of only variable name assignments. The variable assignments must match the corresponding variable declarations available by the Terraform module for the task. Consul-Terraform-Sync will generate the intermediate variable declarations to pass as arguments from the auto-generated root module to the task's module. Variables are loaded in the same order as they appear in the order of the files. Duplicate variables are overwritten with the later value. *Note: unless specified by the module, configure arguments for providers using [provider blocks](#provider).* - ```hcl - address_group = "consul-services" - tags = [ - "consul-terraform-sync", - "terraform" - ] - ``` -* `version` - `(string: )` The version of the provided source the task will use. For the [Terraform driver](#terraform-driver), this is the module version. The latest version will be used as the default if omitted. -* `buffer_period` - Configures the buffer period for the task to dampen the affects of flapping services to downstream network devices. It defines the minimum and maximum amount of time to wait for the cluster to reach a consistent state and accumulate changes before triggering task execution. The default is inherited from the top level [`buffer_period` block](#global-config-options). If configured, these values will take precedence over the global buffer period. This is useful to enable for a task that is dependent on services that have a lot of flapping. - * `enabled` - `(bool: false)` Enable or disable buffer periods for this task. Specifying `min` will also enable it. - * `min` - `(string: 5s)` The minimum period of time to wait after changes are detected before triggering related tasks. - * `max` - `(string: 20s)` The maximum period of time to wait after changes are detected before triggering related tasks. If `min` is set, the default period for `max` is 4 times the value of `min`. - -## Terraform Driver - -The `driver` block configures the subprocess for Consul-Terraform-Sync to propagate infrastructure change. The Terraform driver does not need to be explicitly configured and has reasonable default values. - -```hcl -driver "terraform" { - log = false - persist_log = false - path = "" - working_dir = "" - - backend "consul" { - scheme = "https" - } - - required_providers { - myprovider = { - source = "namespace/myprovider" - version = "1.3.0" - } - } -} -``` - -* `backend` - `(obj: optional)` The backend stores [Terraform state files](https://www.terraform.io/docs/state/index.html) for each task. This option is similar to the [Terraform backend configuration](https://www.terraform.io/docs/backends/types/consul.html). Consul backend is the only supported backend at this time. If omitted, Consul-Terraform-Sync will generate default values and use configuration from the [`consul` block](#consul). The Consul KV path is the base path to store state files for tasks. The full path of each state file will have the task identifer appended to the end of the path, e.g. `consul-terraform-sync/terraform-env:task-name`. -* `log` - `(bool: false)` Enable all Terraform output (stderr and stdout) to be included in the Consul-Terraform-Sync log. This is useful for debugging and development purposes. It may be difficult to work with log aggregators that expect uniform log format. -* `path` - `(string: optional)` The file path to install Terraform or discover an existing Terraform binary. If omitted, Terraform will be installed in the same directory as the Consul-Terraform-Sync daemon. -* `persist_log` - `(bool: false)` Enable trace logging for each Terraform client to disk per task. This is equivalent to setting `TF_LOG_PATH=/terraform.log`. Trace log level results in verbose logging and may be useful for debugging and development purposes. We do not recommend enabling this for production. There is no log rotation and may quickly result in large files. -* `required_providers` - `(obj)` Declare each Terraform provider used across all tasks. This is similar to the [Terraform `terraform.required_providers`](https://www.terraform.io/docs/configuration/provider-requirements.html#requiring-providers) field to specify the source and version for each provider. Consul-Terraform-Sync will process these requirements when preparing each task that uses the provider. -* `working_dir` - `(string: "sync-tasks")` The base working directory to manage Terraform configurations all tasks. The full path of each working directory will have the task identifier appended to the end of the path, e.g. `./sync-tasks/task-name`. - -## Provider - -A `provider` block configures the options to interface with network infrastructure. Define a block for each provider required by the set of Terraform modules across all tasks. This block resembles [provider blocks for Terraform configuration](https://www.terraform.io/docs/configuration/providers.html). To find details on how to configure a provider, refer to the corresponding documentation for the Terraform provider. The main directory of publicly available providers are hosted on the [Terraform Registry](https://registry.terraform.io/browse/providers). - -The below configuration captures the general design of defining a provider using the [Vault Terraform provider](https://registry.terraform.io/providers/hashicorp/vault/latest/docs) as an example. - -```hcl -driver "terraform" { - required_providers { - vault = { - source = "hashicorp/vault" - version = "2.13.0" - } - } -} - -provider "vault" { - address = "vault.example.com" -} - -task { - source = "some/source" - providers = ["vault"] - services = ["web", "api"] -} -``` - -### Multiple Provider Configurations - -Consul-Terraform-Sync supports the [Terraform feature to define multiple configurations](https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-configurations) for the same provider by utilizing the `alias` meta-argument. Define multiple provider blocks with the same provider name and set the `alias` to a unique value across a given provider. Select which provider configuration to use for a task by specifying the configuration with the provider name and alias (`.`) within the list of providers in the [`task.provider`](#task) parameter. A task can use multiple providers, but only one provider instance of a provider is allowed per task. - -The example Consul-Terraform-Sync configuration below defines two similar tasks executing the same module with different instances of the Vault provider. - -```hcl -provider "vault" { - alias = "a" - address = "vault.example.com" - namespace = "team-a" -} - -provider "vault" { - alias = "b" - address = "vault.internal.com" - namespace = "team-b" -} - -provider "dns" { - // ... -} - -task { - name = "task-a" - source = "org/module" - providers = ["vault.a", "dns"] - // ... -} - -task { - name = "task-b" - source = "org/module" - providers = ["vault.b", "dns"] - // ... -} -``` diff --git a/website/pages/docs/nia/installation/configure.mdx b/website/pages/docs/nia/installation/configure.mdx new file mode 100644 index 0000000000..7621469ac3 --- /dev/null +++ b/website/pages/docs/nia/installation/configure.mdx @@ -0,0 +1,100 @@ +--- +layout: docs +page_title: Configure Consul-Terraform-Sync +sidebar_title: Configure +description: >- + A high level guide to configure Consul-Terraform-Sync. +--- + +# Configure Consul-Terraform-Sync + +The page will cover the main components for configuring your Network Infrastructure Automation with Consul at a high level. For the full list of configuration options, visit the [Consul-Terraform-Sync Configuration page](/docs/nia/configuration). + +## Tasks + +A task captures a network automation process by defining which network resources to update for a set of services as those services change over time. Configure Consul-Terraform-Sync with one or more tasks that contain a list of Consul services, a Terraform module, and various Terraform providers. + +Within the [`task` block](/docs/nia/configuration#task), the list of services for a task represents the service layer that drives network automation. The `source` is the discovery location of the Terraform module that defines the network automation process for the task. + +Review the Terraform module to be used for network automation and identify the Terraform providers required by the module. If the module depends on a set of providers, include the list of provider names in the `providers` field to associate the corresponding provider configuration with the task. These providers will need to be configured later in a separate block. + +```hcl +task { + name = "website-x" + description = "automate services for website-x" + source = "namespace/example/module" + version = "1.0.0" + providers = ["myprovider"] + services = ["web", "api"] +} +``` + +## Terraform Providers + +Configuring Terraform providers within Consul-Terraform-Sync requires 2 config components. The first component is required within the [`driver.terraform` block](/docs/nia/configuration#terraform-driver). All providers configured for Consul-Terraform-Sync must be listed within the `required_providers` stanza to satisfy a [Terraform v0.13+ requirement](https://www.terraform.io/docs/configuration/provider-requirements.html#requiring-providers) for Terraform to discover and install them. The providers listed are later organized by Consul-Terraform-Sync to be included in the appropriate Terraform configuration files for each task. + +```hcl +driver "terraform" { + required_providers { + myprovider = { + source = "namespace/myprovider" + version = "1.3.0" + } + } +} +``` + +The second component for configuring a provider is the [`terraform_provider` block](/docs/nia/configuration#terraform-provider). This block resembles [provider blocks for Terraform configuration](https://www.terraform.io/docs/configuration/providers.html) and has the same responsibility for understanding API interactions and exposing resources for a specific infrastructure platform. + +Terraform modules configured for task automation may require configuring the referenced providers. For example, configuring the host address and authentication to interface with your network infrastructure. Refer to the Terraform provider documentation hosted on the [Terraform Registry](https://registry.terraform.io/browse/providers) to find available options. The `terraform_provider` block is loaded by Consul-Terraform-Sync during runtime and processed to be included in [autogenerated Terraform configuration files](/docs/nia/network-drivers#provider) used for task automation. Omitting the `terraform_provider` block for a provider will defer to the Terraform behavior assuming an empty default configuration. + +```hcl +terraform_provider "myprovider" { + address = "myprovider.example.com" +} +``` + +## Summary + +Piecing it all together, the configuration file for Consul-Terraform-Sync will have several HCL blocks in addition to other options for configuring the Consul-Terraform-Sync daemon: `task`, `driver.terraform`, and `terraform_provider` blocks. + +An example HCL configuration file is shown below to automate one task to execute a Terraform module for 2 services. + +```hcl +log_level = "info" + +syslog { + enabled = true +} + +consul { + address = "consul.example.com" +} + +task { + name = "website-x" + description = "automate services for website-x" + source = "namespace/example/module" + version = "1.0.0" + providers = ["myprovider"] + services = ["web", "api"] + buffer_period { + min = "10s" + } +} + +driver "terraform" { + log = true + + required_providers { + myprovider = { + source = "namespace/myprovider" + version = "1.3.0" + } + } +} + +terraform_provider "myprovider" { + address = "myprovider.example.com" +} +``` diff --git a/website/pages/docs/nia/installation/install.mdx b/website/pages/docs/nia/installation/install.mdx index b980f5cc06..6b1377b33b 100644 --- a/website/pages/docs/nia/installation/install.mdx +++ b/website/pages/docs/nia/installation/install.mdx @@ -40,7 +40,7 @@ Usage of consul-terraform-sync: ## Connect your Consul Cluster -Consul-Terraform-Sync connects with your Consul cluster in order to monitor the Consul catalog for service changes. These service changes lead to downstream updates to your network devices. You can configure your Consul cluster in Consul-Terraform-Sync with the [Consul block](/docs/nia/installation/configuration#consul). Below is an example: +Consul-Terraform-Sync connects with your Consul cluster in order to monitor the Consul catalog for service changes. These service changes lead to downstream updates to your network devices. You can configure your Consul cluster in Consul-Terraform-Sync with the [Consul block](/docs/nia/configuration#consul). Below is an example: ```hcl consul { @@ -53,10 +53,10 @@ consul { Consul-Terraform-Sync interacts with your network device through a network driver. For the Terraform network driver, Consul-Terraform-Sync uses Terraform providers to make changes to your network infrastructure resources. You can reference existing provider docs on the Terraform Registry to configure each provider or create a new Terraform provider. -Once you have identified a Terraform provider for all of your network devices, you can configure them in Consul-Terraform-Sync with a [provider block](/docs/nia/installation/configuration#provider) for each network device. Below is an example: +Once you have identified a Terraform provider for all of your network devices, you can configure them in Consul-Terraform-Sync with a [`terraform_provider` block](/docs/nia/configuration#terraform-provider) for each network device. Below is an example: ```hcl -provider "fake-firewall" { +terraform_provider "fake-firewall" { address = "10.10.10.10" username = "admin" password = "password123" @@ -67,4 +67,4 @@ This provider is then used by task(s) to execute a Terraform module that will up ### Multiple Instances per Provider -You might have multiple instances of the same type of network device; for example, multiple instances of a firewall or load balancer. You can configure each instance with its own provider block and distinguish it by the `alias` meta-argument. See [multiple provider configurations](/docs/nia/installation/configuration#multiple-provider-configurations) for more details and an example of the configuration. +You might have multiple instances of the same type of network device; for example, multiple instances of a firewall or load balancer. You can configure each instance with its own provider block and distinguish it by the `alias` meta-argument. See [multiple provider configurations](/docs/nia/configuration#multiple-provider-configurations) for more details and an example of the configuration. diff --git a/website/pages/docs/nia/installation/requirements.mdx b/website/pages/docs/nia/installation/requirements.mdx index f5e1fed13f..9a4a1843d2 100644 --- a/website/pages/docs/nia/installation/requirements.mdx +++ b/website/pages/docs/nia/installation/requirements.mdx @@ -24,6 +24,8 @@ To install a local Consul agent, refer to the [Getting Started: Install Consul T The Consul agent must be running in order to dynamically update network devices. To run the local Consul agent, you can run Consul in development mode which can be started with `consul agent -dev` for simplicity. For more details on running Consul agent, refer to the [Getting Started: Run the Consul Agent Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-agent?in=consul/getting-started). +When running a Consul agent with Consul-Terraform-Sync in production, we suggest to keep a few considerations in mind. Consul-Terraform-Sync uses [blocking queries](/api/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between Consul-Terraform-Sync and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits. Configure [`limits.http_max_conns_per_client`](/docs/agent/options#http_max_conns_per_client) for the agent to a reasonable value proportional to the number of services monitored by Consul-Terraform-Sync. + ### Register Services Consul-Terraform-Sync monitors Consul catalog for service changes which lead to downstream changes to your network devices. Without services, your Consul-Terraform-Sync daemon will be operational but idle. You can register services with your Consul agent either by loading a service definition or by HTTP API request. @@ -41,7 +43,7 @@ $ echo '{ $ curl --request PUT --data @payload.json http://localhost:8500/v1/agent/service/register ``` -The above example registers a service named "web" with your Consul agent. This represents a non-existent web service running at 10.10.10.10:8000. Your web service is now available for Consul-Terraform-Sync to consume. In Consul-Terraform-Sync, you can optionally configure the web service with a [service block](/docs/nia/installation/configuration#service) if it has any non-default values. You can also have Consul-Terraform-Sync monitor the web service to execute a task and update network device(s) by configuring "web" in [`task.services`](/docs/nia/installation/configuration#services) of a task block. +The above example registers a service named "web" with your Consul agent. This represents a non-existent web service running at 10.10.10.10:8000. Your web service is now available for Consul-Terraform-Sync to consume. In Consul-Terraform-Sync, you can optionally configure the web service with a [service block](/docs/nia/configuration#service) if it has any non-default values. You can also have Consul-Terraform-Sync monitor the web service to execute a task and update network device(s) by configuring "web" in [`task.services`](/docs/nia/configuration#services) of a task block. For more details on registering a service by HTTP API request, refer to the [register service API docs](https://www.consul.io/api-docs/agent/service#register-service). @@ -69,7 +71,7 @@ If there is no existing Terraform provider, a new Terraform provider can be [cre Working with a Terraform provider, you can write an integration task for Consul-Terraform-Sync by creating a Terraform module that is compatible with the Terraform driver. --> **Note:** [Release 0.1.0-techpreview1](https://github.com/hashicorp/consul-terraform-sync/releases/tag/v0.1.0-techpreview1) is compatible with Terraform modules with syntax supported by [Terraform version 0.13](https://github.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md). +-> **Note:** [Release 0.1.0-techpreview2](https://github.com/hashicorp/consul-terraform-sync/releases/tag/v0.1.0-techpreview2) is compatible with Terraform modules with syntax supported by Terraform version [0.13](https://github.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md) - [0.14](https://github.com/hashicorp/terraform/blob/v0.14/CHANGELOG.md). ### Using Terraform Modules @@ -162,7 +164,7 @@ Network infrastructure differs vastly across teams and organizations, and the au 3. Include descriptions to capture what the variables are and how they are used, and specify [custom validation rules for variables](https://www.terraform.io/docs/configuration/variables.html#custom-validation-rules) to provide context to users the expected format and conditions for the variables. 4. Set reasonable default values for variables that are optional, and omit default values for variables that are required module arguments. -Terraform is an explicit configuration language and requires variables to be declared, typed, and passed explicitly through as module arguments. Consul-Terraform-Sync abstracts this by creating intermediate variables at the root level from values intended for the module. These values are configured by practitioners within the [`task` block](/docs/nia/installation/configuration#variable_files). Value assignments are parsed to interpolate the corresponding variable declaration and are written to the appropriate Terraform files. A few assumptions are made for the intermediate variables: the variables users provide Consul-Terraform-Sync are declared and supported by the module, matching name and type. +Terraform is an explicit configuration language and requires variables to be declared, typed, and passed explicitly through as module arguments. Consul-Terraform-Sync abstracts this by creating intermediate variables at the root level from values intended for the module. These values are configured by practitioners within the [`task` block](/docs/nia/configuration#variable_files). Value assignments are parsed to interpolate the corresponding variable declaration and are written to the appropriate Terraform files. A few assumptions are made for the intermediate variables: the variables users provide Consul-Terraform-Sync are declared and supported by the module, matching name and type. #### Module Guidelines diff --git a/website/pages/docs/nia/installation/run.mdx b/website/pages/docs/nia/installation/run.mdx index e6b217b07d..3974ffbe84 100644 --- a/website/pages/docs/nia/installation/run.mdx +++ b/website/pages/docs/nia/installation/run.mdx @@ -10,14 +10,20 @@ description: >- 1. Move the `consul-terraform-sync` binary to a location available on your `PATH`. -``` -$ mv ~/Downloads/consul-terraform-sync /usr/local/bin/consul-terraform-sync -``` + ```shell-session + $ mv ~/Downloads/consul-terraform-sync /usr/local/bin/consul-terraform-sync + ``` 2. Create the config.hcl file, all the options are available [here](/docs/nia/installation/configuration). 3. Run consul-terraform-sync. -``` -./consul-terraform-sync -config-file -``` + ```shell-session + $ consul-terraform-sync -config-file + ``` + +4. Check status of tasks. Replace port number if configured in Step 2. See additional API endpoints [here](/docs/nia/api) + + ```shell-session + $ curl localhost:8558/status/tasks + ``` diff --git a/website/pages/docs/nia/network-drivers.mdx b/website/pages/docs/nia/network-drivers.mdx index 7d9de4a756..fc2942e4c5 100644 --- a/website/pages/docs/nia/network-drivers.mdx +++ b/website/pages/docs/nia/network-drivers.mdx @@ -26,7 +26,7 @@ Within the Consul-Terraform-Sync configuration for a task, practitioners can sel The root module is simple in structure and proxies Consul service information, configuration, and other variables to the Terraform module for the task. The content of the files that make up the root module are sourced from Consul-Terraform-Sync configuration, information for task's module to use as the automation playbook, and the Consul catalog for discovering service information. -Autogenerated root modules for tasks are stored in local subdirectories of the Terraform working directory. By default, the working directory `sync-tasks` is created in the current directory. To configure where Terraform configuration files are stored, set [`working_dir`](/docs/nia/installation/configuration#working_dir) for the Terraform driver to the desired path. +Autogenerated root modules for tasks are stored in local subdirectories of the Terraform working directory. By default, the working directory `sync-tasks` is created in the current directory. To configure where Terraform configuration files are stored, set [`working_dir`](/docs/nia/configuration#working_dir) for the Terraform driver to the desired path. A working directory with one task named "my-task" would have the folder structure below. @@ -42,10 +42,10 @@ sync-tasks/ The following files of the root module are generated for each task. An [example of a root module created by Consul-Terraform-Sync](https://github.com/hashicorp/consul-terraform-sync/tree/master/examples) can be found in the project repository. * `main.tf` - The main file contains the terraform block, provider blocks, and a module block calling the module configured for the task. * `terraform` block - The corresponding provider source and versions for the task from the configuration files are placed into this block for the root module. The Terraform backend from the configuration is also templated here. - * `provider` blocks - The provider blocks generated in the root module resemble the provider blocks in the configuration. They have identical arguments present and are set from the intermediate variable created per provider. + * `provider` blocks - The provider blocks generated in the root module resemble the `terraform_provider` blocks in the configuration. They have identical arguments present and are set from the intermediate variable created per provider. * `module` block - The module block is where the task's module is called as a [child module](https://www.terraform.io/docs/configuration/modules.html#calling-a-child-module). The child module contains the core logic for automation. Required and optional input variables are passed as arguments to the module. * `variables.tf` - This file contains 2 types of variable declarations. The required `services` input variable which determines module compatibility with Consul-Terraform Sync (read more on [compatible Terraform modules](/docs/nia/installation/requirements#how-to-create-a-compatible-terraform-module) for more details) and various intermediate variables used to dynamically configure providers. These intermediate provider variables are interpolated from the provider blocks and arguments configured in the Consul-Terraform-Sync configuration. -* `variables.module.tf` - This file is conditionally created if there are [variables configured for the task](/docs/nia/installation/configuration#variable_files) and contains the interpolated variable declarations that match the variables from configuration. These are then used to proxy the configured variables to the module through explicit assignment in the module block. +* `variables.module.tf` - This file is conditionally created if there are [variables configured for the task](/docs/nia/configuration#variable_files) and contains the interpolated variable declarations that match the variables from configuration. These are then used to proxy the configured variables to the module through explicit assignment in the module block. * `terraform.tfvars` - The variable definitions file is where the services input variable is assigned values from the Consul catalog. It is periodically updated to reflect the current state of the configured set of services for the task. * `terraform.tfvars.tmpl` - The template file is used by Consul-Terraform-Sync to template service information from the Consul catalog by using the HashiCorp configuration and templating library ([hashicorp/hcat](https://github.com/hashicorp/hcat)). diff --git a/website/pages/docs/nia/tasks.mdx b/website/pages/docs/nia/tasks.mdx index 8036c19f0f..17a1adb49e 100644 --- a/website/pages/docs/nia/tasks.mdx +++ b/website/pages/docs/nia/tasks.mdx @@ -23,9 +23,9 @@ task { } ``` -In the example task above, the "fake-firewall" and "null" providers, listed in the `providers` field, are used. These providers themselves should be configured in their own separate [provider blocks](/docs/nia/installation/configuration#provider). These providers are used in the Terraform module "example/firewall-policy/module", configured in the `source` field, to create, update, and destroy resources. This module may do something like use the providers to create and destroy firewall policy objects based on IP addresses. The IP addresses come from the "web" and "image" service instances configured in the `services` field. This service-level information is retrieved by Consul-Terraform-Sync which watches Consul catalog for changes. +In the example task above, the "fake-firewall" and "null" providers, listed in the `providers` field, are used. These providers themselves should be configured in their own separate [`terraform_provider` blocks](/docs/nia/configuration#terraform-provider). These providers are used in the Terraform module "example/firewall-policy/module", configured in the `source` field, to create, update, and destroy resources. This module may do something like use the providers to create and destroy firewall policy objects based on IP addresses. The IP addresses come from the "web" and "image" service instances configured in the `services` field. This service-level information is retrieved by Consul-Terraform-Sync which watches Consul catalog for changes. -See [task configuration](/docs/nia/installation/configuration#task) for more details on how to configure a task. +See [task configuration](/docs/nia/configuration#task) for more details on how to configure a task. ## Task Execution @@ -54,4 +54,72 @@ Consul-Terraform-Sync automatically generates any files needed to execute the ne Consul-Terraform-Sync will attempt to execute each task once upon startup to synchronize infrastructure with the current state of Consul. The daemon will stop and exit if any error occurs while preparing the automation environment or executing a task for the first time. This helps ensure all tasks have proper configuration and are executable before the daemon transitions into running tasks in full automation as service changes are discovered over time. After all tasks have successfully executed once, task failures during automation will be logged and retried or attempted again after a subsequent change. -Tasks are executed near-real time when service changes are detected. For services or environments that are prone to flapping, it may be useful to configure a [buffer period](/docs/nia/installation/configuration#buffer_period-1) for a task to accumulate changes before it is executed. The buffer period would reduce the number of consecutive network calls to infrastructure by batching changes for a task over a short duration of time. +Tasks are executed near-real time when service changes are detected. For services or environments that are prone to flapping, it may be useful to configure a [buffer period](/docs/nia/configuration#buffer_period-1) for a task to accumulate changes before it is executed. The buffer period would reduce the number of consecutive network calls to infrastructure by batching changes for a task over a short duration of time. + +## Status Information + +Status-related information is collected and offered via [status API](/docs/nia/api#status) to provide visibility into what and how the tasks are running. Information is offered in three-levels (lowest to highest): + - Event data + - Task status + - Overall status + +These three levels form a hierarchy where each level of data informs the one higher. The lowest-level, event data, is collected each time a task runs to update network infrastructure. This event data is then aggregated to inform individual task statuses. The count distribution of all the task statuses inform the overall status's task summary. + +### Event + +Each time a task's services has an update, Consul-Terraform-Sync takes a series of steps in order to update network infrastructure. This process starts with updating the task's templates to fetch new service data from Consul and ends with any post-actions after modifying network infrastructure. An event is a data structure that captures information on this process of updating network infrastructure. It stores information to help understand if the update to network infrastructure was successful or not, and it stores any errors that occurred. + +Sample event: +```json +{ + "id": "ef202675-502f-431f-b133-ed64d15b0e0e", + "success": false, + "start_time": "2020-11-24T12:05:18.651231-05:00", + "end_time": "2020-11-24T12:05:20.900115-05:00", + "task_name": "task_b", + "error": { + "message": "example error: error while doing terraform-apply" + }, + ... +} +``` + +For complete information on the event structure, see [events in our API documentation](/docs/nia/api#event). Event information can be retrieved by using the [`include=events` parameter](/docs/nia/api#include) with the [task status API](/docs/nia/api#task-status). + +### Task Status + +Each time a task runs to update network infrastructure, event data is stored for that run. 5 most recent events are stored for each task, and these stored events are used to determine task status. For example, if the most recent stored event is not successful but the others are, then the task's health status is "errored". + +Sample task status: +```json +{ + "task_name": "task_b", + "status": "errored", + "providers": [ + "null" + ], + "services": [ + "web", + ], + "events_url": "/v1/status/tasks/task_b?include=events", +} +``` + +Task status information can be retrieved with [task status API](/docs/nia/api#task-status). The API documentation includes details on what health statuses are available and how it is calculated based on events' success/failure information. + +### Overall Status + +Overall status returns a summary of the health statuses across all tasks. The summary is the count of tasks in each health status category. + +Sample overall status: +```json +{ + "task_summary": { + "successful": 28, + "errored": 5, + "critical": 1 + } +} +``` + +Overall status information can be retrieved with [overall status API](/docs/nia/api#overall-status). The API documentation includes details on what health statuses are available and how it is calculated based on task statuses' health status information. From f2bfbdb36ed791613be98abbf8924db478804898 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Thu, 17 Dec 2020 16:11:36 -0800 Subject: [PATCH 19/20] docs: Remove beta tag for 1.8 and 1.9 features Remove beta tag for 1.8 and 1.9 features which are now GA. --- website/pages/api-docs/acl/index.mdx | 4 ++-- website/pages/api-docs/connect/intentions.mdx | 6 +++--- website/pages/docs/agent/config-entries/index.mdx | 2 +- .../pages/docs/agent/config-entries/service-intentions.mdx | 6 +++--- website/pages/docs/k8s/crds/index.mdx | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/website/pages/api-docs/acl/index.mdx b/website/pages/api-docs/acl/index.mdx index d133ff7c24..97d86699c3 100644 --- a/website/pages/api-docs/acl/index.mdx +++ b/website/pages/api-docs/acl/index.mdx @@ -390,7 +390,7 @@ $ curl \ {' '} - This is an enterprise only endpoint. This feature is currently in beta.{' '} + This is an enterprise only endpoint. This endpoint was added in Consul 1.8.0 and is used to obtain an authorization @@ -469,7 +469,7 @@ $ curl \ {' '} - This is an enterprise only endpoint. This feature is currently in beta.{' '} + This is an enterprise only endpoint. This endpoint was added in Consul 1.8.0 and is used to exchange an OIDC diff --git a/website/pages/api-docs/connect/intentions.mdx b/website/pages/api-docs/connect/intentions.mdx index 4eaf727e4b..e3781a9bb8 100644 --- a/website/pages/api-docs/connect/intentions.mdx +++ b/website/pages/api-docs/connect/intentions.mdx @@ -17,7 +17,7 @@ migrated to the [`service-intentions`](/docs/agent/config-entries/service-intentions) config entry kind. -## Upsert Intention by Name ((#upsert-intention-by-name)) Beta +## Upsert Intention by Name ((#upsert-intention-by-name)) -> **1.9.0+:** This API is available in Consul versions 1.9.0 and later. @@ -289,7 +289,7 @@ $ curl \ http://127.0.0.1:8500/v1/connect/intentions/e9ebc19f-d481-42b1-4871-4d298d3acd5c ``` -## Read Specific Intention by Name ((##read-specific-intention-by-name)) Beta +## Read Specific Intention by Name ((##read-specific-intention-by-name)) This endpoint reads a specific intention by its unique source and destination. @@ -511,7 +511,7 @@ the following selectors and filter operations being supported: | `SourceName` | Equal, Not Equal, In, Not In, Matches, Not Matches | | `SourceType` | Equal, Not Equal, In, Not In, Matches, Not Matches | -## Delete Intention by Name ((#delete-intention-by-name)) Beta +## Delete Intention by Name ((#delete-intention-by-name)) -> **1.9.0+:** This API is available in Consul versions 1.9.0 and later. diff --git a/website/pages/docs/agent/config-entries/index.mdx b/website/pages/docs/agent/config-entries/index.mdx index cd5e3c7da9..ee5cc6abc0 100644 --- a/website/pages/docs/agent/config-entries/index.mdx +++ b/website/pages/docs/agent/config-entries/index.mdx @@ -34,7 +34,7 @@ The supported `Kind` names for configuration entries are: - [`service-defaults`](/docs/agent/config-entries/service-defaults) - configures defaults for all the instances of a given service -- [`service-intentions`](/docs/agent/config-entries/service-intentions) Beta - defines +- [`service-intentions`](/docs/agent/config-entries/service-intentions) - defines the [intentions](/docs/connect/intentions) for a destination service - [`service-resolver`](/docs/agent/config-entries/service-resolver) - matches diff --git a/website/pages/docs/agent/config-entries/service-intentions.mdx b/website/pages/docs/agent/config-entries/service-intentions.mdx index f254a6004a..5540e35f52 100644 --- a/website/pages/docs/agent/config-entries/service-intentions.mdx +++ b/website/pages/docs/agent/config-entries/service-intentions.mdx @@ -1,14 +1,14 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Service Intentions (beta)' -sidebar_title: service-intentions Beta +page_title: 'Configuration Entry Kind: Service Intentions' +sidebar_title: service-intentions description: >- The service-intentions config entry kind controls Connect traffic authorization for both networking layer 4 (e.g. TCP) and networking layer 7 (e.g. HTTP). --- -# Service Intentions ((#service-intentions)) Beta +# Service Intentions ((#service-intentions)) -> **1.9.0+:** This config entry is available in Consul versions 1.9.0 and newer. diff --git a/website/pages/docs/k8s/crds/index.mdx b/website/pages/docs/k8s/crds/index.mdx index 301a6747cd..997b91fb07 100644 --- a/website/pages/docs/k8s/crds/index.mdx +++ b/website/pages/docs/k8s/crds/index.mdx @@ -55,7 +55,7 @@ and enable the controller that acts on them: ```yaml global: name: consul - image: 'consul:1.9.0-beta1' # consul >= 1.8.4 must be used + image: 'consul:1.9.0' # consul >= 1.8.4 must be used imageK8S: 'hashicorp/consul-k8s:0.20.0' controller: @@ -68,7 +68,7 @@ connectInject: Note that: 1. `controller.enabled: true` installs the CRDs and enables the controller. -1. `global.image` must be a Consul version `>= 1.8.4`, e.g. `consul:1.8.4` or `consul:1.9.0-beta1`. +1. `global.image` must be a Consul version `>= 1.8.4`, e.g. `consul:1.8.4` or `consul:1.9.0`. 1. `global.imageK8S` must be `>= 0.20.0` 1. Configuration entries are used to configure Consul service mesh so it's also expected that `connectInject` will be enabled. @@ -259,7 +259,7 @@ Notes: 1. See [service-defaults](/docs/agent/config-entries/service-defaults) for full documentation on this config entry. -### ServiceIntentions (Beta) +### ServiceIntentions A [service-intentions](/docs/agent/config-entries/service-intentions) entry configures traffic authorization for a destination service. From f8c4832f0202a42a2a6be95d57201a830ace60b9 Mon Sep 17 00:00:00 2001 From: David Yu Date: Mon, 21 Dec 2020 13:24:33 -0800 Subject: [PATCH 20/20] Update with 0.28 (#9450) --- website/pages/docs/k8s/upgrade/compatibility.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/pages/docs/k8s/upgrade/compatibility.mdx b/website/pages/docs/k8s/upgrade/compatibility.mdx index ebf57f30d9..291bba56a5 100644 --- a/website/pages/docs/k8s/upgrade/compatibility.mdx +++ b/website/pages/docs/k8s/upgrade/compatibility.mdx @@ -15,7 +15,7 @@ the Helm chart which will ensure a compatible version of the Consul Kubernetes b | Consul Version | Compatible Consul Helm Versions | | -------------- | ------------------------------- | -| 1.9.x | 0.27.0 | +| 1.9.x | 0.27.0 - 0.28.0 | | 1.8.x | 0.22.0 - 0.26.0 | | 1.7.x | 0.17.0 - 0.21.0 | | 1.6.x | 0.10.0 - 0.16.2 |