From c9175874777603cdde5a750afbbb84ca5945405c Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Tue, 19 Apr 2022 08:01:06 +0000 Subject: [PATCH 01/26] update Install-Kubeadm-Calico/README.md. --- Install-Kubeadm-Calico/README.md | 210 +++++++++++++++++++++++++++++-- 1 file changed, 201 insertions(+), 9 deletions(-) diff --git a/Install-Kubeadm-Calico/README.md b/Install-Kubeadm-Calico/README.md index f1259e3..44cfa9b 100644 --- a/Install-Kubeadm-Calico/README.md +++ b/Install-Kubeadm-Calico/README.md @@ -1,17 +1,209 @@ -# 环境介绍 +# 1. 环境介绍和初始化配置 -- 操作系统: +**• 操作系统:Centos7.9** -- 容器运行时: +**• 容器运行时:Docker version 20.10.12(阿里云)** -- kubeadm版本: +**• kubeadm版本:v1.23.0** -- CNI : +**• CNI :Calico** -# 操作系统基础配置 + **1.1 服务器要求:** -...... +•建议最小硬件配置:2核CPU、2G内存、20G硬盘 (master节点可以4C4G) -# 容器运行时安装 +•服务器最好可以访问外网,会有从网上拉取镜像需求,如果服务器不能上网,需要提前下载对应镜像并导入节点 -...... + **1.2 服务器规划:** + + +k8s-master 192.168.31.71 + +k8s-node1 192.168.31.72 + +k8s-node2 192.168.31.73 + + + **1.3 操作系统初始化【所有节点】** +``` +# 关闭防火墙 +systemctl stop firewalld +systemctl disable firewalld + +# 关闭selinux +sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久 +setenforce 0 # 临时 +# 关闭swap +swapoff -a # 临时 +sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久 + +# 根据规划设置主机名 +hostnamectl set-hostname + +# 在master添加hosts +cat >> /etc/hosts << EOF +192.168.31.71 k8s-master +192.168.31.72 k8s-node1 +192.168.31.73 k8s-node2 +EOF + +# 将桥接的IPv4流量传递到iptables的链 +cat > /etc/sysctl.d/k8s.conf << EOF +net.bridge.bridge-nf-call-ip6tables = 1 +net.bridge.bridge-nf-call-iptables = 1 +EOF +sysctl --system # 生效 + +# 时间同步 +yum install ntpdate -y +ntpdate time.windows.com +``` + +# 2. 安装Docker/kubeadm/kubelet【所有节点】 + + **2.1 Docker安装** + +``` +#下载阿里云的repo文件 +wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo +yum -y install docker-ce +systemctl enable docker && systemctl start docker + +#配置镜像下载加速 +cat > /etc/docker/daemon.json << EOF +{ + "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"], + "exec-opts": ["native.cgroupdriver=systemd"] +} +EOF + +systemctl restart docker + +``` + **2.2 添加阿里云YUM软件源** + +``` +cat > /etc/yum.repos.d/kubernetes.repo << EOF +[kubernetes] +name=Kubernetes +baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=0 +repo_gpgcheck=0 +gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg +EOF +``` + **2.3 安装kubeadm,kubelet和kubectl** + + +由于版本更新频繁,这里指定版本号部署 +``` +yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0 +systemctl enable kubelet +``` + +# 3.部署Kubernetes Master + +在192.168.31.71(Master)执行 + +``` +kubeadm init \ + --apiserver-advertise-address=192.168.31.71 \ + --image-repository registry.aliyuncs.com/google_containers \ + --kubernetes-version v1.23.0 \ + --service-cidr=10.96.0.0/12 \ + --pod-network-cidr=10.244.0.0/16 \ + --ignore-preflight-errors=all +``` +参数解析: +``` +--apiserver-advertise-address 集群通告地址 + +--image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址 + +--kubernetes-version K8s版本,与上面安装的一致 + +--service-cidr 集群内部虚拟网络,Pod统一访问入口,网络中ip冲突的需修改 + +--pod-network-cidr Pod网络,与下面部署的CNI网络组件yaml中保持一致,网络中ip冲突的需修改 +``` + +初始化完成后,最后会输出一个join命令,先记住,下面用。 + +拷贝kubectl使用的连接k8s认证文件到默认路径: +``` +mkdir -p $HOME/.kube +sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config +sudo chown $(id -u):$(id -g) $HOME/.kube/config +``` +查看工作节点: +``` +kubectl get nodes +NAME STATUS ROLES AGE VERSION +localhost.localdomain NotReady control-plane,master 20s v1.23.0 +``` + +注:由于网络插件还没有部署,还没有准备就绪 NotReady,先继续 + +参考资料: + +https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file + +https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#initializing-your-control-plane-node + +# 4. 加入Kubernetes Node + +在192.168.31.72/73(Node)执行。 + +向集群添加新节点,执行在kubeadm init输出的kubeadm join命令: + + +``` +kubeadm join 192.168.31.71:6443 --token 7gqt13.kncw9hg5085iwclx \ +--discovery-token-ca-cert-hash sha256:66fbfcf18649a5841474c2dc4b9ff90c02fc05de0798ed690e1754437be35a01 +``` +默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,可以直接使用命令快捷生成: + +``` +kubeadm token create --print-join-command +``` +参考资料:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/ + +# 5. 部署容器网络(CNI) + +Calico是一个纯三层的数据中心网络方案,是目前Kubernetes主流的网络方案。 + +下载YAML: + +``` +wget https://docs.projectcalico.org/manifests/calico.yaml +``` +下载完后还需要修改里面定义Pod网络(CALICO_IPV4POOL_CIDR),与前面kubeadm init的 --pod-network-cidr指定的一样。 +修改完后文件后,部署: + + +``` +kubectl apply -f calico.yaml +kubectl get pods -n kube-system +``` +等Calico Pod都Running,节点也会准备就绪。 + + **注:以后所有yaml文件都只在Master节点执行。** + +安装目录:/etc/kubernetes/ + +组件配置文件目录:/etc/kubernetes/manifests/ + +参考资料:https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#pod-network + +# 6. 查看K8S集群状态 + +``` +kubectl get nodes + +NAME STATUS ROLES AGE VERSION +k8s-master Ready control-plane,master 47d v1.23.0 +k8s-node1 Ready 47d v1.23.0 +k8s-node2 Ready 47d v1.23.0 +``` +Ready状态为正常 \ No newline at end of file -- Gitee From 2d7afb8d75b6a81d92254d867a73fcc61c6a7b5b Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Tue, 19 Apr 2022 08:10:37 +0000 Subject: [PATCH 02/26] update Install-Kubeadm-Calico/README.md.1 --- Install-Kubeadm-Calico/calico.yaml | 3744 ++++++++++++++++++++++++++++ 1 file changed, 3744 insertions(+) create mode 100644 Install-Kubeadm-Calico/calico.yaml diff --git a/Install-Kubeadm-Calico/calico.yaml b/Install-Kubeadm-Calico/calico.yaml new file mode 100644 index 0000000..1e0fa34 --- /dev/null +++ b/Install-Kubeadm-Calico/calico.yaml @@ -0,0 +1,3744 @@ +--- +# Source: calico/templates/calico-config.yaml +# This ConfigMap is used to configure a self-hosted Calico installation. +kind: ConfigMap +apiVersion: v1 +metadata: + name: calico-config + namespace: kube-system +data: + # Typha is disabled. + typha_service_name: "none" + # Configure the backend to use. + calico_backend: "bird" + # Configure the MTU to use for workload interfaces and tunnels. + # - If Wireguard is enabled, set to your network MTU - 60 + # - Otherwise, if VXLAN or BPF mode is enabled, set to your network MTU - 50 + # - Otherwise, if IPIP is enabled, set to your network MTU - 20 + # - Otherwise, if not using any encapsulation, set to your network MTU. + veth_mtu: "1440" + + # The CNI network configuration to install on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "name": "k8s-pod-network", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "calico", + "log_level": "info", + "datastore_type": "kubernetes", + "nodename": "__KUBERNETES_NODE_NAME__", + "mtu": __CNI_MTU__, + "ipam": { + "type": "calico-ipam" + }, + "policy": { + "type": "k8s" + }, + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__" + } + }, + { + "type": "portmap", + "snat": true, + "capabilities": {"portMappings": true} + }, + { + "type": "bandwidth", + "capabilities": {"bandwidth": true} + } + ] + } + +--- +# Source: calico/templates/kdd-crds.yaml + + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: bgpconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BGPConfiguration + listKind: BGPConfigurationList + plural: bgpconfigurations + singular: bgpconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: BGPConfiguration contains the configuration for any BGP routing. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPConfigurationSpec contains the values of the BGP configuration. + properties: + asNumber: + description: 'ASNumber is the default AS number used by a node. [Default: + 64512]' + format: int32 + type: integer + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: INFO]' + type: string + nodeToNodeMeshEnabled: + description: 'NodeToNodeMeshEnabled sets whether full node to node + BGP mesh is enabled. [Default: true]' + type: boolean + serviceClusterIPs: + description: ServiceClusterIPs are the CIDR blocks from which service + cluster IPs are allocated. If specified, Calico will advertise these + blocks, as well as any cluster IPs within them. + items: + description: ServiceClusterIPBlock represents a single whitelisted + CIDR block for ClusterIPs. + properties: + cidr: + type: string + type: object + type: array + serviceExternalIPs: + description: ServiceExternalIPs are the CIDR blocks for Kubernetes + Service External IPs. Kubernetes Service ExternalIPs will only be + advertised if they are within one of these blocks. + items: + description: ServiceExternalIPBlock represents a single whitelisted + CIDR External IP block. + properties: + cidr: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: bgppeers.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BGPPeer + listKind: BGPPeerList + plural: bgppeers + singular: bgppeer + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec contains the specification for a BGPPeer resource. + properties: + asNumber: + description: The AS Number of the peer. + format: int32 + type: integer + node: + description: The node name identifying the Calico node instance that + is peering with this peer. If this is not set, this represents a + global peer, i.e. a peer that peers with every node in the deployment. + type: string + nodeSelector: + description: Selector for the nodes that should have this peering. When + this is set, the Node field must be empty. + type: string + peerIP: + description: The IP address of the peer. + type: string + peerSelector: + description: Selector for the remote nodes to peer with. When this + is set, the PeerIP and ASNumber fields must be empty. For each + peering between the local node and selected remote nodes, we configure + an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, + and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The + remote AS number comes from the remote node’s NodeBGPSpec.ASNumber, + or the global default if that is not set. + type: string + required: + - asNumber + - peerIP + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: blockaffinities.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BlockAffinity + listKind: BlockAffinityList + plural: blockaffinities + singular: blockaffinity + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BlockAffinitySpec contains the specification for a BlockAffinity + resource. + properties: + cidr: + type: string + deleted: + description: Deleted indicates that this block affinity is being deleted. + This field is a string for compatibility with older releases that + mistakenly treat this field as a string. + type: string + node: + type: string + state: + type: string + required: + - cidr + - deleted + - node + - state + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterinformations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: ClusterInformation + listKind: ClusterInformationList + plural: clusterinformations + singular: clusterinformation + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterInformation contains the cluster specific information. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterInformationSpec contains the values of describing + the cluster. + properties: + calicoVersion: + description: CalicoVersion is the version of Calico that the cluster + is running + type: string + clusterGUID: + description: ClusterGUID is the GUID of the cluster + type: string + clusterType: + description: ClusterType describes the type of the cluster + type: string + datastoreReady: + description: DatastoreReady is used during significant datastore migrations + to signal to components such as Felix that it should wait before + accessing the datastore. + type: boolean + variant: + description: Variant declares which variant of Calico should be active. + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: felixconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: FelixConfiguration + listKind: FelixConfigurationList + plural: felixconfigurations + singular: felixconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Felix Configuration contains the configuration for Felix. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FelixConfigurationSpec contains the values of the Felix configuration. + properties: + bpfConnectTimeLoadBalancingEnabled: + description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, + controls whether Felix installs the connection-time load balancer. The + connect-time load balancer is required for the host to be able to + reach Kubernetes services and it improves the performance of pod-to-service + connections. The only reason to disable it is for debugging purposes. [Default: + true]' + type: boolean + bpfDataIfacePattern: + description: 'BPFDataIfacePattern is a regular expression that controls + which interfaces Felix should attach BPF programs to in order to + catch traffic to/from the network. This needs to match the interfaces + that Calico workload traffic flows over as well as any interfaces + that handle incoming traffic to nodeports and services from outside + the cluster. It should not match the workload interfaces (usually + named cali...). [Default: ^(en.*|eth.*|tunl0$)]' + type: string + bpfDisableUnprivileged: + description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled + sysctl to disable unprivileged use of BPF. This ensures that unprivileged + users cannot access Calico''s BPF maps and cannot insert their own + BPF programs to interfere with Calico''s. [Default: true]' + type: boolean + bpfEnabled: + description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. + [Default: false]' + type: boolean + bpfExternalServiceMode: + description: 'BPFExternalServiceMode in BPF mode, controls how connections + from outside the cluster to services (node ports and cluster IPs) + are forwarded to remote workloads. If set to "Tunnel" then both + request and response traffic is tunneled to the remote node. If + set to "DSR", the request traffic is tunneled but the response traffic + is sent directly from the remote node. In "DSR" mode, the remote + node appears to use the IP of the ingress node; this requires a + permissive L2 network. [Default: Tunnel]' + type: string + bpfKubeProxyEndpointSlicesEnabled: + description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls + whether Felix's embedded kube-proxy accepts EndpointSlices or not. + type: boolean + bpfKubeProxyIptablesCleanupEnabled: + description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF + mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s + iptables chains. Should only be enabled if kube-proxy is not running. [Default: + true]' + type: boolean + bpfKubeProxyMinSyncPeriod: + description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the + minimum time between updates to the dataplane for Felix''s embedded + kube-proxy. Lower values give reduced set-up latency. Higher values + reduce Felix CPU usage by batching up more work. [Default: 1s]' + type: string + bpfLogLevel: + description: 'BPFLogLevel controls the log level of the BPF programs + when in BPF dataplane mode. One of "Off", "Info", or "Debug". The + logs are emitted to the BPF trace pipe, accessible with the command + `tc exec bpf debug`. [Default: Off].' + type: string + chainInsertMode: + description: 'ChainInsertMode controls whether Felix hooks the kernel’s + top-level iptables chains by inserting a rule at the top of the + chain or by appending a rule at the bottom. insert is the safe default + since it prevents Calico’s rules from being bypassed. If you switch + to append mode, be sure that the other rules in the chains signal + acceptance by falling through to the Calico rules, otherwise the + Calico policy will be bypassed. [Default: insert]' + type: string + dataplaneDriver: + type: string + debugDisableLogDropping: + type: boolean + debugMemoryProfilePath: + type: string + debugSimulateCalcGraphHangAfter: + type: string + debugSimulateDataplaneHangAfter: + type: string + defaultEndpointToHostAction: + description: 'DefaultEndpointToHostAction controls what happens to + traffic that goes from a workload endpoint to the host itself (after + the traffic hits the endpoint egress policy). By default Calico + blocks traffic from workload endpoints to the host itself with an + iptables “DROP” action. If you want to allow some or all traffic + from endpoint to host, set this parameter to RETURN or ACCEPT. Use + RETURN if you have your own rules in the iptables “INPUT” chain; + Calico will insert its rules at the top of that chain, then “RETURN” + packets to the “INPUT” chain once it has completed processing workload + endpoint egress policy. Use ACCEPT to unconditionally accept packets + from workloads after processing workload endpoint egress policy. + [Default: Drop]' + type: string + deviceRouteProtocol: + description: This defines the route protocol added to programmed device + routes, by default this will be RTPROT_BOOT when left blank. + type: integer + deviceRouteSourceAddress: + description: This is the source address to use on programmed device + routes. By default the source address is left blank, leaving the + kernel to choose the source address used. + type: string + disableConntrackInvalidCheck: + type: boolean + endpointReportingDelay: + type: string + endpointReportingEnabled: + type: boolean + externalNodesList: + description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes + which may source tunnel traffic and have the tunneled traffic be + accepted at calico nodes. + items: + type: string + type: array + failsafeInboundHostPorts: + description: 'FailsafeInboundHostPorts is a comma-delimited list of + UDP/TCP ports that Felix will allow incoming traffic to host endpoints + on irrespective of the security policy. This is useful to avoid + accidentally cutting off a host with incorrect configuration. Each + port should be specified as tcp: or udp:. + For back-compatibility, if the protocol is not specified, it defaults + to “tcp”. To disable all inbound host ports, use the value none. + The default value allows ssh access and DHCP. [Default: tcp:22, + udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]' + items: + description: ProtoPort is combination of protocol and port, both + must be specified. + properties: + port: + type: integer + protocol: + type: string + required: + - port + - protocol + type: object + type: array + failsafeOutboundHostPorts: + description: 'FailsafeOutboundHostPorts is a comma-delimited list + of UDP/TCP ports that Felix will allow outgoing traffic from host + endpoints to irrespective of the security policy. This is useful + to avoid accidentally cutting off a host with incorrect configuration. + Each port should be specified as tcp: or udp:. + For back-compatibility, if the protocol is not specified, it defaults + to “tcp”. To disable all outbound host ports, use the value none. + The default value opens etcd’s standard ports to ensure that Felix + does not get cut off from etcd as well as allowing DHCP and DNS. + [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667, + udp:53, udp:67]' + items: + description: ProtoPort is combination of protocol and port, both + must be specified. + properties: + port: + type: integer + protocol: + type: string + required: + - port + - protocol + type: object + type: array + genericXDPEnabled: + description: 'GenericXDPEnabled enables Generic XDP so network cards + that don''t support XDP offload or driver modes can use XDP. This + is not recommended since it doesn''t provide better performance + than iptables. [Default: false]' + type: boolean + healthEnabled: + type: boolean + healthHost: + type: string + healthPort: + type: integer + interfaceExclude: + description: 'InterfaceExclude is a comma-separated list of interfaces + that Felix should exclude when monitoring for host endpoints. The + default value ensures that Felix ignores Kubernetes'' IPVS dummy + interface, which is used internally by kube-proxy. If you want to + exclude multiple interface names using a single value, the list + supports regular expressions. For regular expressions you must wrap + the value with ''/''. For example having values ''/^kube/,veth1'' + will exclude all interfaces that begin with ''kube'' and also the + interface ''veth1''. [Default: kube-ipvs0]' + type: string + interfacePrefix: + description: 'InterfacePrefix is the interface name prefix that identifies + workload endpoints and so distinguishes them from host endpoint + interfaces. Note: in environments other than bare metal, the orchestrators + configure this appropriately. For example our Kubernetes and Docker + integrations set the ‘cali’ value, and our OpenStack integration + sets the ‘tap’ value. [Default: cali]' + type: string + ipipEnabled: + type: boolean + ipipMTU: + description: 'IPIPMTU is the MTU to set on the tunnel device. See + Configuring MTU [Default: 1440]' + type: integer + ipsetsRefreshInterval: + description: 'IpsetsRefreshInterval is the period at which Felix re-checks + all iptables state to ensure that no other process has accidentally + broken Calico’s rules. Set to 0 to disable iptables refresh. [Default: + 90s]' + type: string + iptablesBackend: + description: IptablesBackend specifies which backend of iptables will + be used. The default is legacy. + type: string + iptablesFilterAllowAction: + type: string + iptablesLockFilePath: + description: 'IptablesLockFilePath is the location of the iptables + lock file. You may need to change this if the lock file is not in + its standard location (for example if you have mapped it into Felix’s + container at a different path). [Default: /run/xtables.lock]' + type: string + iptablesLockProbeInterval: + description: 'IptablesLockProbeInterval is the time that Felix will + wait between attempts to acquire the iptables lock if it is not + available. Lower values make Felix more responsive when the lock + is contended, but use more CPU. [Default: 50ms]' + type: string + iptablesLockTimeout: + description: 'IptablesLockTimeout is the time that Felix will wait + for the iptables lock, or 0, to disable. To use this feature, Felix + must share the iptables lock file with all other processes that + also take the lock. When running Felix inside a container, this + requires the /run directory of the host to be mounted into the calico/node + or calico/felix container. [Default: 0s disabled]' + type: string + iptablesMangleAllowAction: + type: string + iptablesMarkMask: + description: 'IptablesMarkMask is the mask that Felix selects its + IPTables Mark bits from. Should be a 32 bit hexadecimal number with + at least 8 bits set, none of which clash with any other mark bits + in use on the system. [Default: 0xff000000]' + format: int32 + type: integer + iptablesNATOutgoingInterfaceFilter: + type: string + iptablesPostWriteCheckInterval: + description: 'IptablesPostWriteCheckInterval is the period after Felix + has done a write to the dataplane that it schedules an extra read + back in order to check the write was not clobbered by another process. + This should only occur if another application on the system doesn’t + respect the iptables lock. [Default: 1s]' + type: string + iptablesRefreshInterval: + description: 'IptablesRefreshInterval is the period at which Felix + re-checks the IP sets in the dataplane to ensure that no other process + has accidentally broken Calico’s rules. Set to 0 to disable IP sets + refresh. Note: the default for this value is lower than the other + refresh intervals as a workaround for a Linux kernel bug that was + fixed in kernel version 4.11. If you are using v4.11 or greater + you may want to set this to, a higher value to reduce Felix CPU + usage. [Default: 10s]' + type: string + ipv6Support: + type: boolean + kubeNodePortRanges: + description: 'KubeNodePortRanges holds list of port ranges used for + service node ports. Only used if felix detects kube-proxy running + in ipvs mode. Felix uses these ranges to separate host and workload + traffic. [Default: 30000:32767].' + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + logFilePath: + description: 'LogFilePath is the full path to the Felix log. Set to + none to disable file logging. [Default: /var/log/calico/felix.log]' + type: string + logPrefix: + description: 'LogPrefix is the log prefix that Felix uses when rendering + LOG rules. [Default: calico-packet]' + type: string + logSeverityFile: + description: 'LogSeverityFile is the log severity above which logs + are sent to the log file. [Default: Info]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: Info]' + type: string + logSeveritySys: + description: 'LogSeveritySys is the log severity above which logs + are sent to the syslog. Set to None for no logging to syslog. [Default: + Info]' + type: string + maxIpsetSize: + type: integer + metadataAddr: + description: 'MetadataAddr is the IP address or domain name of the + server that can answer VM queries for cloud-init metadata. In OpenStack, + this corresponds to the machine running nova-api (or in Ubuntu, + nova-api-metadata). A value of none (case insensitive) means that + Felix should not set up any NAT rule for the metadata path. [Default: + 127.0.0.1]' + type: string + metadataPort: + description: 'MetadataPort is the port of the metadata server. This, + combined with global.MetadataAddr (if not ‘None’), is used to set + up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. + In most cases this should not need to be changed [Default: 8775].' + type: integer + natOutgoingAddress: + description: NATOutgoingAddress specifies an address to use when performing + source NAT for traffic in a natOutgoing pool that is leaving the + network. By default the address used is an address on the interface + the traffic is leaving on (ie it uses the iptables MASQUERADE target) + type: string + natPortRange: + anyOf: + - type: integer + - type: string + description: NATPortRange specifies the range of ports that is used + for port mapping when doing outgoing NAT. When unset the default + behavior of the network stack is used. + pattern: ^.* + x-kubernetes-int-or-string: true + netlinkTimeout: + type: string + openstackRegion: + description: 'OpenstackRegion is the name of the region that a particular + Felix belongs to. In a multi-region Calico/OpenStack deployment, + this must be configured somehow for each Felix (here in the datamodel, + or in felix.cfg or the environment on each compute node), and must + match the [calico] openstack_region value configured in neutron.conf + on each node. [Default: Empty]' + type: string + policySyncPathPrefix: + description: 'PolicySyncPathPrefix is used to by Felix to communicate + policy changes to external services, like Application layer policy. + [Default: Empty]' + type: string + prometheusGoMetricsEnabled: + description: 'PrometheusGoMetricsEnabled disables Go runtime metrics + collection, which the Prometheus client does by default, when set + to false. This reduces the number of metrics reported, reducing + Prometheus load. [Default: true]' + type: boolean + prometheusMetricsEnabled: + description: 'PrometheusMetricsEnabled enables the Prometheus metrics + server in Felix if set to true. [Default: false]' + type: boolean + prometheusMetricsHost: + description: 'PrometheusMetricsHost is the host that the Prometheus + metrics server should bind to. [Default: empty]' + type: string + prometheusMetricsPort: + description: 'PrometheusMetricsPort is the TCP port that the Prometheus + metrics server should bind to. [Default: 9091]' + type: integer + prometheusProcessMetricsEnabled: + description: 'PrometheusProcessMetricsEnabled disables process metrics + collection, which the Prometheus client does by default, when set + to false. This reduces the number of metrics reported, reducing + Prometheus load. [Default: true]' + type: boolean + removeExternalRoutes: + description: Whether or not to remove device routes that have not + been programmed by Felix. Disabling this will allow external applications + to also add device routes. This is enabled by default which means + we will remove externally added routes. + type: boolean + reportingInterval: + description: 'ReportingInterval is the interval at which Felix reports + its status into the datastore or 0 to disable. Must be non-zero + in OpenStack deployments. [Default: 30s]' + type: string + reportingTTL: + description: 'ReportingTTL is the time-to-live setting for process-wide + status reports. [Default: 90s]' + type: string + routeRefreshInterval: + description: 'RouterefreshInterval is the period at which Felix re-checks + the routes in the dataplane to ensure that no other process has + accidentally broken Calico’s rules. Set to 0 to disable route refresh. + [Default: 90s]' + type: string + routeSource: + description: 'RouteSource configures where Felix gets its routing + information. - WorkloadIPs: use workload endpoints to construct + routes. - CalicoIPAM: the default - use IPAM data to construct routes.' + type: string + routeTableRange: + description: Calico programs additional Linux route tables for various + purposes. RouteTableRange specifies the indices of the route tables + that Calico should use. + properties: + max: + type: integer + min: + type: integer + required: + - max + - min + type: object + sidecarAccelerationEnabled: + description: 'SidecarAccelerationEnabled enables experimental sidecar + acceleration [Default: false]' + type: boolean + usageReportingEnabled: + description: 'UsageReportingEnabled reports anonymous Calico version + number and cluster size to projectcalico.org. Logs warnings returned + by the usage server. For example, if a significant security vulnerability + has been discovered in the version of Calico being used. [Default: + true]' + type: boolean + usageReportingInitialDelay: + description: 'UsageReportingInitialDelay controls the minimum delay + before Felix makes a report. [Default: 300s]' + type: string + usageReportingInterval: + description: 'UsageReportingInterval controls the interval at which + Felix makes reports. [Default: 86400s]' + type: string + useInternalDataplaneDriver: + type: boolean + vxlanEnabled: + type: boolean + vxlanMTU: + description: 'VXLANMTU is the MTU to set on the tunnel device. See + Configuring MTU [Default: 1440]' + type: integer + vxlanPort: + type: integer + vxlanVNI: + type: integer + wireguardEnabled: + description: 'WireguardEnabled controls whether Wireguard is enabled. + [Default: false]' + type: boolean + wireguardInterfaceName: + description: 'WireguardInterfaceName specifies the name to use for + the Wireguard interface. [Default: wg.calico]' + type: string + wireguardListeningPort: + description: 'WireguardListeningPort controls the listening port used + by Wireguard. [Default: 51820]' + type: integer + wireguardMTU: + description: 'WireguardMTU controls the MTU on the Wireguard interface. + See Configuring MTU [Default: 1420]' + type: integer + wireguardRoutingRulePriority: + description: 'WireguardRoutingRulePriority controls the priority value + to use for the Wireguard routing rule. [Default: 99]' + type: integer + xdpEnabled: + description: 'XDPEnabled enables XDP acceleration for suitable untracked + incoming deny rules. [Default: true]' + type: boolean + xdpRefreshInterval: + description: 'XDPRefreshInterval is the period at which Felix re-checks + all XDP state to ensure that no other process has accidentally broken + Calico''s BPF maps or attached programs. Set to 0 to disable XDP + refresh. [Default: 90s]' + type: string + required: + - bpfLogLevel + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: globalnetworkpolicies.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: GlobalNetworkPolicy + listKind: GlobalNetworkPolicyList + plural: globalnetworkpolicies + singular: globalnetworkpolicy + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applyOnForward: + description: ApplyOnForward indicates to apply the rules in this policy + on forward traffic. + type: boolean + doNotTrack: + description: DoNotTrack indicates whether packets matched by the rules + in this policy should go through the data plane's connection tracking, + such as Linux conntrack. If True, the rules in this policy are + applied before any data plane connection tracking, and packets allowed + by this policy are marked as not to be tracked. + type: boolean + egress: + description: The ordered set of egress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + ingress: + description: The ordered set of ingress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + namespaceSelector: + description: NamespaceSelector is an optional field for an expression + used to select a pod based on namespaces. + type: string + order: + description: Order is an optional field that specifies the order in + which the policy is applied. Policies with higher "order" are applied + after those with lower order. If the order is omitted, it may be + considered to be "infinite" - i.e. the policy will be applied last. Policies + with identical order will be applied in alphanumerical order based + on the Policy "Name". + type: number + preDNAT: + description: PreDNAT indicates to apply the rules in this policy before + any DNAT. + type: boolean + selector: + description: "The selector is an expression used to pick pick out + the endpoints that the policy should be applied to. \n Selector + expressions follow this syntax: \n \tlabel == \"string_literal\" + \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" + \ -> not equal; also matches if label is not present \tlabel in + { \"a\", \"b\", \"c\", ... } -> true if the value of label X is + one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", + ... } -> true if the value of label X is not one of \"a\", \"b\", + \"c\" \thas(label_name) -> True if that label is present \t! expr + -> negation of expr \texpr && expr -> Short-circuit and \texpr + || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + or the empty selector -> matches all endpoints. \n Label names are + allowed to contain alphanumerics, -, _ and /. String literals are + more permissive but they do not support escape characters. \n Examples + (with made-up labels): \n \ttype == \"webserver\" && deployment + == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != + \"dev\" \t! has(label_name)" + type: string + serviceAccountSelector: + description: ServiceAccountSelector is an optional field for an expression + used to select a pod based on service accounts. + type: string + types: + description: "Types indicates whether this policy applies to ingress, + or to egress, or to both. When not explicitly specified (and so + the value on creation is empty or nil), Calico defaults Types according + to what Ingress and Egress rules are present in the policy. The + default is: \n - [ PolicyTypeIngress ], if there are no Egress rules + (including the case where there are also no Ingress rules) \n + - [ PolicyTypeEgress ], if there are Egress rules but no Ingress + rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are + both Ingress and Egress rules. \n When the policy is read back again, + Types will always be one of these values, never empty or nil." + items: + description: PolicyType enumerates the possible values of the PolicySpec + Types field. + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: globalnetworksets.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: GlobalNetworkSet + listKind: GlobalNetworkSetList + plural: globalnetworksets + singular: globalnetworkset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs + that share labels to allow rules to refer to them via selectors. The labels + of GlobalNetworkSet are not namespaced. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GlobalNetworkSetSpec contains the specification for a NetworkSet + resource. + properties: + nets: + description: The list of IP networks that belong to this set. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: hostendpoints.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: HostEndpoint + listKind: HostEndpointList + plural: hostendpoints + singular: hostendpoint + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostEndpointSpec contains the specification for a HostEndpoint + resource. + properties: + expectedIPs: + description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. + If \"InterfaceName\" is not present, Calico will look for an interface + matching any of the IPs in the list and apply policy to that. Note: + \tWhen using the selector match criteria in an ingress or egress + security Policy \tor Profile, Calico converts the selector into + a set of IP addresses. For host \tendpoints, the ExpectedIPs field + is used for that purpose. (If only the interface \tname is specified, + Calico does not learn the IPs of the interface for use in match + \tcriteria.)" + items: + type: string + type: array + interfaceName: + description: "Either \"*\", or the name of a specific Linux interface + to apply policy to; or empty. \"*\" indicates that this HostEndpoint + governs all traffic to, from or through the default network namespace + of the host named by the \"Node\" field; entering and leaving that + namespace via any interface, including those from/to non-host-networked + local workloads. \n If InterfaceName is not \"*\", this HostEndpoint + only governs traffic that enters or leaves the host through the + specific interface named by InterfaceName, or - when InterfaceName + is empty - through the specific interface that has one of the IPs + in ExpectedIPs. Therefore, when InterfaceName is empty, at least + one expected IP must be specified. Only external interfaces (such + as “eth0”) are supported here; it isn't possible for a HostEndpoint + to protect traffic through a specific local workload interface. + \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; + initially just pre-DNAT policy. Please check Calico documentation + for the latest position." + type: string + node: + description: The node name identifying the Calico node instance. + type: string + ports: + description: Ports contains the endpoint's named ports, which may + be referenced in security policy rules. + items: + properties: + name: + type: string + port: + type: integer + protocol: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + required: + - name + - port + - protocol + type: object + type: array + profiles: + description: A list of identifiers of security Profile objects that + apply to this endpoint. Each profile is applied in the order that + they appear in this list. Profile rules are applied after the selector-based + security policy. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ipamblocks.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMBlock + listKind: IPAMBlockList + plural: ipamblocks + singular: ipamblock + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMBlockSpec contains the specification for an IPAMBlock + resource. + properties: + affinity: + type: string + allocations: + items: + type: integer + # TODO: This nullable is manually added in. We should update controller-gen + # to handle []*int properly itself. + nullable: true + type: array + attributes: + items: + properties: + handle_id: + type: string + secondary: + additionalProperties: + type: string + type: object + type: object + type: array + cidr: + type: string + deleted: + type: boolean + strictAffinity: + type: boolean + unallocated: + items: + type: integer + type: array + required: + - allocations + - attributes + - cidr + - deleted + - strictAffinity + - unallocated + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ipamconfigs.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMConfig + listKind: IPAMConfigList + plural: ipamconfigs + singular: ipamconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMConfigSpec contains the specification for an IPAMConfig + resource. + properties: + autoAllocateBlocks: + type: boolean + strictAffinity: + type: boolean + required: + - autoAllocateBlocks + - strictAffinity + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ipamhandles.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMHandle + listKind: IPAMHandleList + plural: ipamhandles + singular: ipamhandle + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMHandleSpec contains the specification for an IPAMHandle + resource. + properties: + block: + additionalProperties: + type: integer + type: object + handleID: + type: string + required: + - block + - handleID + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ippools.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPPool + listKind: IPPoolList + plural: ippools + singular: ippool + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPPoolSpec contains the specification for an IPPool resource. + properties: + blockSize: + description: The block size to use for IP address assignments from + this pool. Defaults to 26 for IPv4 and 112 for IPv6. + type: integer + cidr: + description: The pool CIDR. + type: string + disabled: + description: When disabled is true, Calico IPAM will not assign addresses + from this pool. + type: boolean + ipip: + description: 'Deprecated: this field is only used for APIv1 backwards + compatibility. Setting this field is not allowed, this field is + for internal use only.' + properties: + enabled: + description: When enabled is true, ipip tunneling will be used + to deliver packets to destinations within this pool. + type: boolean + mode: + description: The IPIP mode. This can be one of "always" or "cross-subnet". A + mode of "always" will also use IPIP tunneling for routing to + destination IP addresses within this pool. A mode of "cross-subnet" + will only use IPIP tunneling when the destination node is on + a different subnet to the originating node. The default value + (if not specified) is "always". + type: string + type: object + ipipMode: + description: Contains configuration for IPIP tunneling for this pool. + If not specified, then this is defaulted to "Never" (i.e. IPIP tunelling + is disabled). + type: string + nat-outgoing: + description: 'Deprecated: this field is only used for APIv1 backwards + compatibility. Setting this field is not allowed, this field is + for internal use only.' + type: boolean + natOutgoing: + description: When nat-outgoing is true, packets sent from Calico networked + containers in this pool to destinations outside of this pool will + be masqueraded. + type: boolean + nodeSelector: + description: Allows IPPool to allocate for a specific node by label + selector. + type: string + vxlanMode: + description: Contains configuration for VXLAN tunneling for this pool. + If not specified, then this is defaulted to "Never" (i.e. VXLAN + tunelling is disabled). + type: string + required: + - cidr + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: kubecontrollersconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: KubeControllersConfiguration + listKind: KubeControllersConfigurationList + plural: kubecontrollersconfigurations + singular: kubecontrollersconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeControllersConfigurationSpec contains the values of the + Kubernetes controllers configuration. + properties: + controllers: + description: Controllers enables and configures individual Kubernetes + controllers + properties: + namespace: + description: Namespace enables and configures the namespace controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + node: + description: Node enables and configures the node controller. + Enabled by default, set to nil to disable. + properties: + hostEndpoint: + description: HostEndpoint controls syncing nodes to host endpoints. + Disabled by default, set to nil to disable. + properties: + autoCreate: + description: 'AutoCreate enables automatic creation of + host endpoints for every node. [Default: Disabled]' + type: string + type: object + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + syncLabels: + description: 'SyncLabels controls whether to copy Kubernetes + node labels to Calico nodes. [Default: Enabled]' + type: string + type: object + policy: + description: Policy enables and configures the policy controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + serviceAccount: + description: ServiceAccount enables and configures the service + account controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + workloadEndpoint: + description: WorkloadEndpoint enables and configures the workload + endpoint controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + type: object + etcdV3CompactionPeriod: + description: 'EtcdV3CompactionPeriod is the period between etcdv3 + compaction requests. Set to 0 to disable. [Default: 10m]' + type: string + healthChecks: + description: 'HealthChecks enables or disables support for health + checks [Default: Enabled]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: Info]' + type: string + required: + - controllers + type: object + status: + description: KubeControllersConfigurationStatus represents the status + of the configuration. It's useful for admins to be able to see the actual + config that was applied, which can be modified by environment variables + on the kube-controllers process. + properties: + environmentVars: + additionalProperties: + type: string + description: EnvironmentVars contains the environment variables on + the kube-controllers that influenced the RunningConfig. + type: object + runningConfig: + description: RunningConfig contains the effective config that is running + in the kube-controllers pod, after merging the API resource with + any environment variables. + properties: + controllers: + description: Controllers enables and configures individual Kubernetes + controllers + properties: + namespace: + description: Namespace enables and configures the namespace + controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + node: + description: Node enables and configures the node controller. + Enabled by default, set to nil to disable. + properties: + hostEndpoint: + description: HostEndpoint controls syncing nodes to host + endpoints. Disabled by default, set to nil to disable. + properties: + autoCreate: + description: 'AutoCreate enables automatic creation + of host endpoints for every node. [Default: Disabled]' + type: string + type: object + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + syncLabels: + description: 'SyncLabels controls whether to copy Kubernetes + node labels to Calico nodes. [Default: Enabled]' + type: string + type: object + policy: + description: Policy enables and configures the policy controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + serviceAccount: + description: ServiceAccount enables and configures the service + account controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + workloadEndpoint: + description: WorkloadEndpoint enables and configures the workload + endpoint controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + type: object + etcdV3CompactionPeriod: + description: 'EtcdV3CompactionPeriod is the period between etcdv3 + compaction requests. Set to 0 to disable. [Default: 10m]' + type: string + healthChecks: + description: 'HealthChecks enables or disables support for health + checks [Default: Enabled]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which + logs are sent to the stdout. [Default: Info]' + type: string + required: + - controllers + type: object + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: networkpolicies.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: NetworkPolicy + listKind: NetworkPolicyList + plural: networkpolicies + singular: networkpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + egress: + description: The ordered set of egress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + ingress: + description: The ordered set of ingress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + order: + description: Order is an optional field that specifies the order in + which the policy is applied. Policies with higher "order" are applied + after those with lower order. If the order is omitted, it may be + considered to be "infinite" - i.e. the policy will be applied last. Policies + with identical order will be applied in alphanumerical order based + on the Policy "Name". + type: number + selector: + description: "The selector is an expression used to pick pick out + the endpoints that the policy should be applied to. \n Selector + expressions follow this syntax: \n \tlabel == \"string_literal\" + \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" + \ -> not equal; also matches if label is not present \tlabel in + { \"a\", \"b\", \"c\", ... } -> true if the value of label X is + one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", + ... } -> true if the value of label X is not one of \"a\", \"b\", + \"c\" \thas(label_name) -> True if that label is present \t! expr + -> negation of expr \texpr && expr -> Short-circuit and \texpr + || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + or the empty selector -> matches all endpoints. \n Label names are + allowed to contain alphanumerics, -, _ and /. String literals are + more permissive but they do not support escape characters. \n Examples + (with made-up labels): \n \ttype == \"webserver\" && deployment + == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != + \"dev\" \t! has(label_name)" + type: string + serviceAccountSelector: + description: ServiceAccountSelector is an optional field for an expression + used to select a pod based on service accounts. + type: string + types: + description: "Types indicates whether this policy applies to ingress, + or to egress, or to both. When not explicitly specified (and so + the value on creation is empty or nil), Calico defaults Types according + to what Ingress and Egress are present in the policy. The default + is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including + the case where there are also no Ingress rules) \n - [ PolicyTypeEgress + ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, + PolicyTypeEgress ], if there are both Ingress and Egress rules. + \n When the policy is read back again, Types will always be one + of these values, never empty or nil." + items: + description: PolicyType enumerates the possible values of the PolicySpec + Types field. + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: networksets.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: NetworkSet + listKind: NetworkSetList + plural: networksets + singular: networkset + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkSetSpec contains the specification for a NetworkSet + resource. + properties: + nets: + description: The list of IP networks that belong to this set. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +--- +# Source: calico/templates/calico-kube-controllers-rbac.yaml + +# Include a clusterrole for the kube-controllers component, +# and bind it to the calico-kube-controllers serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-kube-controllers +rules: + # Nodes are watched to monitor for deletions. + - apiGroups: [""] + resources: + - nodes + verbs: + - watch + - list + - get + # Pods are queried to check for existence. + - apiGroups: [""] + resources: + - pods + verbs: + - get + # IPAM resources are manipulated when nodes are deleted. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + verbs: + - list + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + # kube-controllers manages hostendpoints. + - apiGroups: ["crd.projectcalico.org"] + resources: + - hostendpoints + verbs: + - get + - list + - create + - update + - delete + # Needs access to update clusterinformations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - clusterinformations + verbs: + - get + - create + - update + # KubeControllersConfiguration is where it gets its config + - apiGroups: ["crd.projectcalico.org"] + resources: + - kubecontrollersconfigurations + verbs: + # read its own config + - get + # create a default if none exists + - create + # update status + - update + # watch for changes + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-kube-controllers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-kube-controllers +subjects: +- kind: ServiceAccount + name: calico-kube-controllers + namespace: kube-system +--- + +--- +# Source: calico/templates/calico-node-rbac.yaml +# Include a clusterrole for the calico-node DaemonSet, +# and bind it to the calico-node serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-node +rules: + # The CNI plugin needs to get pods, nodes, and namespaces. + - apiGroups: [""] + resources: + - pods + - nodes + - namespaces + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + - services + verbs: + # Used to discover service IPs for advertisement. + - watch + - list + # Used to discover Typhas. + - get + # Pod CIDR auto-detection on kubeadm needs access to config maps. + - apiGroups: [""] + resources: + - configmaps + verbs: + - get + - apiGroups: [""] + resources: + - nodes/status + verbs: + # Needed for clearing NodeNetworkUnavailable flag. + - patch + # Calico stores some configuration information in node annotations. + - update + # Watch for changes to Kubernetes NetworkPolicies. + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + # Used by Calico for policy information. + - apiGroups: [""] + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch + # The CNI plugin patches pods/status. + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + # Calico monitors various CRDs for config. + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch + # Calico must create and update some CRDs on startup. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + - felixconfigurations + - clusterinformations + verbs: + - create + - update + # Calico stores some configuration information on the node. + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch + # These permissions are only required for upgrade from v2.6, and can + # be removed after upgrade or on fresh installations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - bgpconfigurations + - bgppeers + verbs: + - create + - update + # These permissions are required for Calico CNI to perform IPAM allocations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - ipamconfigs + verbs: + - get + # Block affinities must also be watchable by confd for route aggregation. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + verbs: + - watch + # The Calico IPAM migration needs to get daemonsets. These permissions can be + # removed if not upgrading from an installation using host-local IPAM. + - apiGroups: ["apps"] + resources: + - daemonsets + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: +- kind: ServiceAccount + name: calico-node + namespace: kube-system + +--- +# Source: calico/templates/calico-node.yaml +# This manifest installs the calico-node container, as well +# as the CNI plugins and network config on +# each master and worker node in a Kubernetes cluster. +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: calico-node + namespace: kube-system + labels: + k8s-app: calico-node +spec: + selector: + matchLabels: + k8s-app: calico-node + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: calico-node + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + tolerations: + # Make sure calico-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + serviceAccountName: calico-node + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 0 + priorityClassName: system-node-critical + initContainers: + # This container performs upgrade from host-local IPAM to calico-ipam. + # It can be deleted if this is a fresh installation, or if you have already + # upgraded to use calico-ipam. + - name: upgrade-ipam + image: calico/cni:v3.15.1 + command: ["/opt/cni/bin/calico-ipam", "-upgrade"] + env: + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CALICO_NETWORKING_BACKEND + valueFrom: + configMapKeyRef: + name: calico-config + key: calico_backend + volumeMounts: + - mountPath: /var/lib/cni/networks + name: host-local-net-dir + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + securityContext: + privileged: true + # This container installs the CNI binaries + # and CNI network config file on each node. + - name: install-cni + image: calico/cni:v3.15.1 + command: ["/install-cni.sh"] + env: + # Name of the CNI config file to create. + - name: CNI_CONF_NAME + value: "10-calico.conflist" + # The CNI network config to install on each node. + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + name: calico-config + key: cni_network_config + # Set the hostname based on the k8s node name. + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # CNI MTU Config variable + - name: CNI_MTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Prevents the container from sleeping forever. + - name: SLEEP + value: "false" + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + securityContext: + privileged: true + # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes + # to communicate with Felix over the Policy Sync API. + - name: flexvol-driver + image: calico/pod2daemon-flexvol:v3.15.1 + volumeMounts: + - name: flexvol-driver-host + mountPath: /host/driver + securityContext: + privileged: true + containers: + # Runs calico-node container on each Kubernetes node. This + # container programs network policy and routes on each + # host. + - name: calico-node + image: calico/node:v3.15.1 + env: + # Use Kubernetes API as the backing datastore. + - name: DATASTORE_TYPE + value: "kubernetes" + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: "true" + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Choose the backend to use. + - name: CALICO_NETWORKING_BACKEND + valueFrom: + configMapKeyRef: + name: calico-config + key: calico_backend + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: "k8s,bgp" + # Auto-detect the BGP IP address. + - name: IP + value: "autodetect" + # Enable IPIP + - name: CALICO_IPV4POOL_IPIP + value: "Always" + # Enable or Disable VXLAN on the default IP pool. + - name: CALICO_IPV4POOL_VXLAN + value: "Never" + # Set MTU for tunnel device used if ipip is enabled + - name: FELIX_IPINIPMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Set MTU for the VXLAN tunnel device. + - name: FELIX_VXLANMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Set MTU for the Wireguard tunnel device. + - name: FELIX_WIREGUARDMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # The default IPv4 pool to create on startup if none exists. Pod IPs will be + # chosen from this range. Changing this value after installation will have + # no effect. This should fall within `--cluster-cidr`. + - name: CALICO_IPV4POOL_CIDR + value: "10.244.0.0/16" + # Disable file logging so `kubectl logs` works. + - name: CALICO_DISABLE_FILE_LOGGING + value: "true" + # Set Felix endpoint to host default action to ACCEPT. + - name: FELIX_DEFAULTENDPOINTTOHOSTACTION + value: "ACCEPT" + # Disable IPv6 on Kubernetes. + - name: FELIX_IPV6SUPPORT + value: "false" + # Set Felix logging to "info" + - name: FELIX_LOGSEVERITYSCREEN + value: "info" + - name: FELIX_HEALTHENABLED + value: "true" + securityContext: + privileged: true + resources: + requests: + cpu: 250m + livenessProbe: + exec: + command: + - /bin/calico-node + - -felix-live + - -bird-live + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/calico-node + - -felix-ready + - -bird-ready + periodSeconds: 10 + volumeMounts: + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico + name: var-lib-calico + readOnly: false + - name: policysync + mountPath: /var/run/nodeagent + volumes: + # Used by calico-node. + - name: lib-modules + hostPath: + path: /lib/modules + - name: var-run-calico + hostPath: + path: /var/run/calico + - name: var-lib-calico + hostPath: + path: /var/lib/calico + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d + # Mount in the directory for host-local IPAM allocations. This is + # used when upgrading from host-local to calico-ipam, and can be removed + # if not using the upgrade-ipam init container. + - name: host-local-net-dir + hostPath: + path: /var/lib/cni/networks + # Used to create per-pod Unix Domain Sockets + - name: policysync + hostPath: + type: DirectoryOrCreate + path: /var/run/nodeagent + # Used to install Flex Volume Driver + - name: flexvol-driver-host + hostPath: + type: DirectoryOrCreate + path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-node + namespace: kube-system + +--- +# Source: calico/templates/calico-kube-controllers.yaml +# See https://github.com/projectcalico/kube-controllers +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers +spec: + # The controllers can only have a single active instance. + replicas: 1 + selector: + matchLabels: + k8s-app: calico-kube-controllers + strategy: + type: Recreate + template: + metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers + spec: + nodeSelector: + kubernetes.io/os: linux + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: calico-kube-controllers + priorityClassName: system-cluster-critical + containers: + - name: calico-kube-controllers + image: calico/kube-controllers:v3.15.1 + env: + # Choose which controllers to run. + - name: ENABLED_CONTROLLERS + value: node + - name: DATASTORE_TYPE + value: kubernetes + readinessProbe: + exec: + command: + - /usr/bin/check-status + - -r + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-kube-controllers + namespace: kube-system + +--- +# Source: calico/templates/calico-etcd-secrets.yaml + +--- +# Source: calico/templates/calico-typha.yaml + +--- +# Source: calico/templates/configure-canal.yaml + + -- Gitee From 82ad298d3734e61fc30d65fdb8cdc7f53ad0b98d Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:50:17 +0000 Subject: [PATCH 03/26] =?UTF-8?q?add=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Calico\347\275\221\347\273\234\346\217\222\344\273\266" | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 "Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266" diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266" new file mode 100644 index 0000000..e69de29 -- Gitee From 12bd1baea46349585eac5f6d60786198d0b2b471 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:50:56 +0000 Subject: [PATCH 04/26] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20In?= =?UTF-8?q?stall-Kubeadm-Calico/Calico=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Calico\347\275\221\347\273\234\346\217\222\344\273\266" | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 "Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266" diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266" deleted file mode 100644 index e69de29..0000000 -- Gitee From b49f0241e63b850b97674b4c1073fff8f77df20c Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:51:31 +0000 Subject: [PATCH 05/26] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20Calico=E7=BD=91?= =?UTF-8?q?=E7=BB=9C=E6=8F=92=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 "Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" new file mode 100644 index 0000000..e69de29 -- Gitee From cd47d711bd68477f293a4b41651932a6feeece3d Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:51:58 +0000 Subject: [PATCH 06/26] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20In?= =?UTF-8?q?stall-Kubeadm-Calico/calico.yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Install-Kubeadm-Calico/calico.yaml | 3744 ---------------------------- 1 file changed, 3744 deletions(-) delete mode 100644 Install-Kubeadm-Calico/calico.yaml diff --git a/Install-Kubeadm-Calico/calico.yaml b/Install-Kubeadm-Calico/calico.yaml deleted file mode 100644 index 1e0fa34..0000000 --- a/Install-Kubeadm-Calico/calico.yaml +++ /dev/null @@ -1,3744 +0,0 @@ ---- -# Source: calico/templates/calico-config.yaml -# This ConfigMap is used to configure a self-hosted Calico installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system -data: - # Typha is disabled. - typha_service_name: "none" - # Configure the backend to use. - calico_backend: "bird" - # Configure the MTU to use for workload interfaces and tunnels. - # - If Wireguard is enabled, set to your network MTU - 60 - # - Otherwise, if VXLAN or BPF mode is enabled, set to your network MTU - 50 - # - Otherwise, if IPIP is enabled, set to your network MTU - 20 - # - Otherwise, if not using any encapsulation, set to your network MTU. - veth_mtu: "1440" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, - "ipam": { - "type": "calico-ipam" - }, - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - }, - { - "type": "bandwidth", - "capabilities": {"bandwidth": true} - } - ] - } - ---- -# Source: calico/templates/kdd-crds.yaml - - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: bgpconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPConfiguration - listKind: BGPConfigurationList - plural: bgpconfigurations - singular: bgpconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: BGPConfiguration contains the configuration for any BGP routing. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPConfigurationSpec contains the values of the BGP configuration. - properties: - asNumber: - description: 'ASNumber is the default AS number used by a node. [Default: - 64512]' - format: int32 - type: integer - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: INFO]' - type: string - nodeToNodeMeshEnabled: - description: 'NodeToNodeMeshEnabled sets whether full node to node - BGP mesh is enabled. [Default: true]' - type: boolean - serviceClusterIPs: - description: ServiceClusterIPs are the CIDR blocks from which service - cluster IPs are allocated. If specified, Calico will advertise these - blocks, as well as any cluster IPs within them. - items: - description: ServiceClusterIPBlock represents a single whitelisted - CIDR block for ClusterIPs. - properties: - cidr: - type: string - type: object - type: array - serviceExternalIPs: - description: ServiceExternalIPs are the CIDR blocks for Kubernetes - Service External IPs. Kubernetes Service ExternalIPs will only be - advertised if they are within one of these blocks. - items: - description: ServiceExternalIPBlock represents a single whitelisted - CIDR External IP block. - properties: - cidr: - type: string - type: object - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: bgppeers.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPPeer - listKind: BGPPeerList - plural: bgppeers - singular: bgppeer - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPPeerSpec contains the specification for a BGPPeer resource. - properties: - asNumber: - description: The AS Number of the peer. - format: int32 - type: integer - node: - description: The node name identifying the Calico node instance that - is peering with this peer. If this is not set, this represents a - global peer, i.e. a peer that peers with every node in the deployment. - type: string - nodeSelector: - description: Selector for the nodes that should have this peering. When - this is set, the Node field must be empty. - type: string - peerIP: - description: The IP address of the peer. - type: string - peerSelector: - description: Selector for the remote nodes to peer with. When this - is set, the PeerIP and ASNumber fields must be empty. For each - peering between the local node and selected remote nodes, we configure - an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, - and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The - remote AS number comes from the remote node’s NodeBGPSpec.ASNumber, - or the global default if that is not set. - type: string - required: - - asNumber - - peerIP - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: blockaffinities.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BlockAffinity - listKind: BlockAffinityList - plural: blockaffinities - singular: blockaffinity - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BlockAffinitySpec contains the specification for a BlockAffinity - resource. - properties: - cidr: - type: string - deleted: - description: Deleted indicates that this block affinity is being deleted. - This field is a string for compatibility with older releases that - mistakenly treat this field as a string. - type: string - node: - type: string - state: - type: string - required: - - cidr - - deleted - - node - - state - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: clusterinformations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: ClusterInformation - listKind: ClusterInformationList - plural: clusterinformations - singular: clusterinformation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterInformation contains the cluster specific information. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterInformationSpec contains the values of describing - the cluster. - properties: - calicoVersion: - description: CalicoVersion is the version of Calico that the cluster - is running - type: string - clusterGUID: - description: ClusterGUID is the GUID of the cluster - type: string - clusterType: - description: ClusterType describes the type of the cluster - type: string - datastoreReady: - description: DatastoreReady is used during significant datastore migrations - to signal to components such as Felix that it should wait before - accessing the datastore. - type: boolean - variant: - description: Variant declares which variant of Calico should be active. - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: felixconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: FelixConfiguration - listKind: FelixConfigurationList - plural: felixconfigurations - singular: felixconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Felix Configuration contains the configuration for Felix. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FelixConfigurationSpec contains the values of the Felix configuration. - properties: - bpfConnectTimeLoadBalancingEnabled: - description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, - controls whether Felix installs the connection-time load balancer. The - connect-time load balancer is required for the host to be able to - reach Kubernetes services and it improves the performance of pod-to-service - connections. The only reason to disable it is for debugging purposes. [Default: - true]' - type: boolean - bpfDataIfacePattern: - description: 'BPFDataIfacePattern is a regular expression that controls - which interfaces Felix should attach BPF programs to in order to - catch traffic to/from the network. This needs to match the interfaces - that Calico workload traffic flows over as well as any interfaces - that handle incoming traffic to nodeports and services from outside - the cluster. It should not match the workload interfaces (usually - named cali...). [Default: ^(en.*|eth.*|tunl0$)]' - type: string - bpfDisableUnprivileged: - description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled - sysctl to disable unprivileged use of BPF. This ensures that unprivileged - users cannot access Calico''s BPF maps and cannot insert their own - BPF programs to interfere with Calico''s. [Default: true]' - type: boolean - bpfEnabled: - description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. - [Default: false]' - type: boolean - bpfExternalServiceMode: - description: 'BPFExternalServiceMode in BPF mode, controls how connections - from outside the cluster to services (node ports and cluster IPs) - are forwarded to remote workloads. If set to "Tunnel" then both - request and response traffic is tunneled to the remote node. If - set to "DSR", the request traffic is tunneled but the response traffic - is sent directly from the remote node. In "DSR" mode, the remote - node appears to use the IP of the ingress node; this requires a - permissive L2 network. [Default: Tunnel]' - type: string - bpfKubeProxyEndpointSlicesEnabled: - description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls - whether Felix's embedded kube-proxy accepts EndpointSlices or not. - type: boolean - bpfKubeProxyIptablesCleanupEnabled: - description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF - mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s - iptables chains. Should only be enabled if kube-proxy is not running. [Default: - true]' - type: boolean - bpfKubeProxyMinSyncPeriod: - description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the - minimum time between updates to the dataplane for Felix''s embedded - kube-proxy. Lower values give reduced set-up latency. Higher values - reduce Felix CPU usage by batching up more work. [Default: 1s]' - type: string - bpfLogLevel: - description: 'BPFLogLevel controls the log level of the BPF programs - when in BPF dataplane mode. One of "Off", "Info", or "Debug". The - logs are emitted to the BPF trace pipe, accessible with the command - `tc exec bpf debug`. [Default: Off].' - type: string - chainInsertMode: - description: 'ChainInsertMode controls whether Felix hooks the kernel’s - top-level iptables chains by inserting a rule at the top of the - chain or by appending a rule at the bottom. insert is the safe default - since it prevents Calico’s rules from being bypassed. If you switch - to append mode, be sure that the other rules in the chains signal - acceptance by falling through to the Calico rules, otherwise the - Calico policy will be bypassed. [Default: insert]' - type: string - dataplaneDriver: - type: string - debugDisableLogDropping: - type: boolean - debugMemoryProfilePath: - type: string - debugSimulateCalcGraphHangAfter: - type: string - debugSimulateDataplaneHangAfter: - type: string - defaultEndpointToHostAction: - description: 'DefaultEndpointToHostAction controls what happens to - traffic that goes from a workload endpoint to the host itself (after - the traffic hits the endpoint egress policy). By default Calico - blocks traffic from workload endpoints to the host itself with an - iptables “DROP” action. If you want to allow some or all traffic - from endpoint to host, set this parameter to RETURN or ACCEPT. Use - RETURN if you have your own rules in the iptables “INPUT” chain; - Calico will insert its rules at the top of that chain, then “RETURN” - packets to the “INPUT” chain once it has completed processing workload - endpoint egress policy. Use ACCEPT to unconditionally accept packets - from workloads after processing workload endpoint egress policy. - [Default: Drop]' - type: string - deviceRouteProtocol: - description: This defines the route protocol added to programmed device - routes, by default this will be RTPROT_BOOT when left blank. - type: integer - deviceRouteSourceAddress: - description: This is the source address to use on programmed device - routes. By default the source address is left blank, leaving the - kernel to choose the source address used. - type: string - disableConntrackInvalidCheck: - type: boolean - endpointReportingDelay: - type: string - endpointReportingEnabled: - type: boolean - externalNodesList: - description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes - which may source tunnel traffic and have the tunneled traffic be - accepted at calico nodes. - items: - type: string - type: array - failsafeInboundHostPorts: - description: 'FailsafeInboundHostPorts is a comma-delimited list of - UDP/TCP ports that Felix will allow incoming traffic to host endpoints - on irrespective of the security policy. This is useful to avoid - accidentally cutting off a host with incorrect configuration. Each - port should be specified as tcp: or udp:. - For back-compatibility, if the protocol is not specified, it defaults - to “tcp”. To disable all inbound host ports, use the value none. - The default value allows ssh access and DHCP. [Default: tcp:22, - udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]' - items: - description: ProtoPort is combination of protocol and port, both - must be specified. - properties: - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - failsafeOutboundHostPorts: - description: 'FailsafeOutboundHostPorts is a comma-delimited list - of UDP/TCP ports that Felix will allow outgoing traffic from host - endpoints to irrespective of the security policy. This is useful - to avoid accidentally cutting off a host with incorrect configuration. - Each port should be specified as tcp: or udp:. - For back-compatibility, if the protocol is not specified, it defaults - to “tcp”. To disable all outbound host ports, use the value none. - The default value opens etcd’s standard ports to ensure that Felix - does not get cut off from etcd as well as allowing DHCP and DNS. - [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667, - udp:53, udp:67]' - items: - description: ProtoPort is combination of protocol and port, both - must be specified. - properties: - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - genericXDPEnabled: - description: 'GenericXDPEnabled enables Generic XDP so network cards - that don''t support XDP offload or driver modes can use XDP. This - is not recommended since it doesn''t provide better performance - than iptables. [Default: false]' - type: boolean - healthEnabled: - type: boolean - healthHost: - type: string - healthPort: - type: integer - interfaceExclude: - description: 'InterfaceExclude is a comma-separated list of interfaces - that Felix should exclude when monitoring for host endpoints. The - default value ensures that Felix ignores Kubernetes'' IPVS dummy - interface, which is used internally by kube-proxy. If you want to - exclude multiple interface names using a single value, the list - supports regular expressions. For regular expressions you must wrap - the value with ''/''. For example having values ''/^kube/,veth1'' - will exclude all interfaces that begin with ''kube'' and also the - interface ''veth1''. [Default: kube-ipvs0]' - type: string - interfacePrefix: - description: 'InterfacePrefix is the interface name prefix that identifies - workload endpoints and so distinguishes them from host endpoint - interfaces. Note: in environments other than bare metal, the orchestrators - configure this appropriately. For example our Kubernetes and Docker - integrations set the ‘cali’ value, and our OpenStack integration - sets the ‘tap’ value. [Default: cali]' - type: string - ipipEnabled: - type: boolean - ipipMTU: - description: 'IPIPMTU is the MTU to set on the tunnel device. See - Configuring MTU [Default: 1440]' - type: integer - ipsetsRefreshInterval: - description: 'IpsetsRefreshInterval is the period at which Felix re-checks - all iptables state to ensure that no other process has accidentally - broken Calico’s rules. Set to 0 to disable iptables refresh. [Default: - 90s]' - type: string - iptablesBackend: - description: IptablesBackend specifies which backend of iptables will - be used. The default is legacy. - type: string - iptablesFilterAllowAction: - type: string - iptablesLockFilePath: - description: 'IptablesLockFilePath is the location of the iptables - lock file. You may need to change this if the lock file is not in - its standard location (for example if you have mapped it into Felix’s - container at a different path). [Default: /run/xtables.lock]' - type: string - iptablesLockProbeInterval: - description: 'IptablesLockProbeInterval is the time that Felix will - wait between attempts to acquire the iptables lock if it is not - available. Lower values make Felix more responsive when the lock - is contended, but use more CPU. [Default: 50ms]' - type: string - iptablesLockTimeout: - description: 'IptablesLockTimeout is the time that Felix will wait - for the iptables lock, or 0, to disable. To use this feature, Felix - must share the iptables lock file with all other processes that - also take the lock. When running Felix inside a container, this - requires the /run directory of the host to be mounted into the calico/node - or calico/felix container. [Default: 0s disabled]' - type: string - iptablesMangleAllowAction: - type: string - iptablesMarkMask: - description: 'IptablesMarkMask is the mask that Felix selects its - IPTables Mark bits from. Should be a 32 bit hexadecimal number with - at least 8 bits set, none of which clash with any other mark bits - in use on the system. [Default: 0xff000000]' - format: int32 - type: integer - iptablesNATOutgoingInterfaceFilter: - type: string - iptablesPostWriteCheckInterval: - description: 'IptablesPostWriteCheckInterval is the period after Felix - has done a write to the dataplane that it schedules an extra read - back in order to check the write was not clobbered by another process. - This should only occur if another application on the system doesn’t - respect the iptables lock. [Default: 1s]' - type: string - iptablesRefreshInterval: - description: 'IptablesRefreshInterval is the period at which Felix - re-checks the IP sets in the dataplane to ensure that no other process - has accidentally broken Calico’s rules. Set to 0 to disable IP sets - refresh. Note: the default for this value is lower than the other - refresh intervals as a workaround for a Linux kernel bug that was - fixed in kernel version 4.11. If you are using v4.11 or greater - you may want to set this to, a higher value to reduce Felix CPU - usage. [Default: 10s]' - type: string - ipv6Support: - type: boolean - kubeNodePortRanges: - description: 'KubeNodePortRanges holds list of port ranges used for - service node ports. Only used if felix detects kube-proxy running - in ipvs mode. Felix uses these ranges to separate host and workload - traffic. [Default: 30000:32767].' - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - logFilePath: - description: 'LogFilePath is the full path to the Felix log. Set to - none to disable file logging. [Default: /var/log/calico/felix.log]' - type: string - logPrefix: - description: 'LogPrefix is the log prefix that Felix uses when rendering - LOG rules. [Default: calico-packet]' - type: string - logSeverityFile: - description: 'LogSeverityFile is the log severity above which logs - are sent to the log file. [Default: Info]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - type: string - logSeveritySys: - description: 'LogSeveritySys is the log severity above which logs - are sent to the syslog. Set to None for no logging to syslog. [Default: - Info]' - type: string - maxIpsetSize: - type: integer - metadataAddr: - description: 'MetadataAddr is the IP address or domain name of the - server that can answer VM queries for cloud-init metadata. In OpenStack, - this corresponds to the machine running nova-api (or in Ubuntu, - nova-api-metadata). A value of none (case insensitive) means that - Felix should not set up any NAT rule for the metadata path. [Default: - 127.0.0.1]' - type: string - metadataPort: - description: 'MetadataPort is the port of the metadata server. This, - combined with global.MetadataAddr (if not ‘None’), is used to set - up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. - In most cases this should not need to be changed [Default: 8775].' - type: integer - natOutgoingAddress: - description: NATOutgoingAddress specifies an address to use when performing - source NAT for traffic in a natOutgoing pool that is leaving the - network. By default the address used is an address on the interface - the traffic is leaving on (ie it uses the iptables MASQUERADE target) - type: string - natPortRange: - anyOf: - - type: integer - - type: string - description: NATPortRange specifies the range of ports that is used - for port mapping when doing outgoing NAT. When unset the default - behavior of the network stack is used. - pattern: ^.* - x-kubernetes-int-or-string: true - netlinkTimeout: - type: string - openstackRegion: - description: 'OpenstackRegion is the name of the region that a particular - Felix belongs to. In a multi-region Calico/OpenStack deployment, - this must be configured somehow for each Felix (here in the datamodel, - or in felix.cfg or the environment on each compute node), and must - match the [calico] openstack_region value configured in neutron.conf - on each node. [Default: Empty]' - type: string - policySyncPathPrefix: - description: 'PolicySyncPathPrefix is used to by Felix to communicate - policy changes to external services, like Application layer policy. - [Default: Empty]' - type: string - prometheusGoMetricsEnabled: - description: 'PrometheusGoMetricsEnabled disables Go runtime metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled enables the Prometheus metrics - server in Felix if set to true. [Default: false]' - type: boolean - prometheusMetricsHost: - description: 'PrometheusMetricsHost is the host that the Prometheus - metrics server should bind to. [Default: empty]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. [Default: 9091]' - type: integer - prometheusProcessMetricsEnabled: - description: 'PrometheusProcessMetricsEnabled disables process metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - removeExternalRoutes: - description: Whether or not to remove device routes that have not - been programmed by Felix. Disabling this will allow external applications - to also add device routes. This is enabled by default which means - we will remove externally added routes. - type: boolean - reportingInterval: - description: 'ReportingInterval is the interval at which Felix reports - its status into the datastore or 0 to disable. Must be non-zero - in OpenStack deployments. [Default: 30s]' - type: string - reportingTTL: - description: 'ReportingTTL is the time-to-live setting for process-wide - status reports. [Default: 90s]' - type: string - routeRefreshInterval: - description: 'RouterefreshInterval is the period at which Felix re-checks - the routes in the dataplane to ensure that no other process has - accidentally broken Calico’s rules. Set to 0 to disable route refresh. - [Default: 90s]' - type: string - routeSource: - description: 'RouteSource configures where Felix gets its routing - information. - WorkloadIPs: use workload endpoints to construct - routes. - CalicoIPAM: the default - use IPAM data to construct routes.' - type: string - routeTableRange: - description: Calico programs additional Linux route tables for various - purposes. RouteTableRange specifies the indices of the route tables - that Calico should use. - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - sidecarAccelerationEnabled: - description: 'SidecarAccelerationEnabled enables experimental sidecar - acceleration [Default: false]' - type: boolean - usageReportingEnabled: - description: 'UsageReportingEnabled reports anonymous Calico version - number and cluster size to projectcalico.org. Logs warnings returned - by the usage server. For example, if a significant security vulnerability - has been discovered in the version of Calico being used. [Default: - true]' - type: boolean - usageReportingInitialDelay: - description: 'UsageReportingInitialDelay controls the minimum delay - before Felix makes a report. [Default: 300s]' - type: string - usageReportingInterval: - description: 'UsageReportingInterval controls the interval at which - Felix makes reports. [Default: 86400s]' - type: string - useInternalDataplaneDriver: - type: boolean - vxlanEnabled: - type: boolean - vxlanMTU: - description: 'VXLANMTU is the MTU to set on the tunnel device. See - Configuring MTU [Default: 1440]' - type: integer - vxlanPort: - type: integer - vxlanVNI: - type: integer - wireguardEnabled: - description: 'WireguardEnabled controls whether Wireguard is enabled. - [Default: false]' - type: boolean - wireguardInterfaceName: - description: 'WireguardInterfaceName specifies the name to use for - the Wireguard interface. [Default: wg.calico]' - type: string - wireguardListeningPort: - description: 'WireguardListeningPort controls the listening port used - by Wireguard. [Default: 51820]' - type: integer - wireguardMTU: - description: 'WireguardMTU controls the MTU on the Wireguard interface. - See Configuring MTU [Default: 1420]' - type: integer - wireguardRoutingRulePriority: - description: 'WireguardRoutingRulePriority controls the priority value - to use for the Wireguard routing rule. [Default: 99]' - type: integer - xdpEnabled: - description: 'XDPEnabled enables XDP acceleration for suitable untracked - incoming deny rules. [Default: true]' - type: boolean - xdpRefreshInterval: - description: 'XDPRefreshInterval is the period at which Felix re-checks - all XDP state to ensure that no other process has accidentally broken - Calico''s BPF maps or attached programs. Set to 0 to disable XDP - refresh. [Default: 90s]' - type: string - required: - - bpfLogLevel - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: globalnetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkPolicy - listKind: GlobalNetworkPolicyList - plural: globalnetworkpolicies - singular: globalnetworkpolicy - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - applyOnForward: - description: ApplyOnForward indicates to apply the rules in this policy - on forward traffic. - type: boolean - doNotTrack: - description: DoNotTrack indicates whether packets matched by the rules - in this policy should go through the data plane's connection tracking, - such as Linux conntrack. If True, the rules in this policy are - applied before any data plane connection tracking, and packets allowed - by this policy are marked as not to be tracked. - type: boolean - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with ”Not”. All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with ”Not”. All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - required: - - action - type: object - type: array - namespaceSelector: - description: NamespaceSelector is an optional field for an expression - used to select a pod based on namespaces. - type: string - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - preDNAT: - description: PreDNAT indicates to apply the rules in this policy before - any DNAT. - type: boolean - selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress rules are present in the policy. The - default is: \n - [ PolicyTypeIngress ], if there are no Egress rules - (including the case where there are also no Ingress rules) \n - - [ PolicyTypeEgress ], if there are Egress rules but no Ingress - rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are - both Ingress and Egress rules. \n When the policy is read back again, - Types will always be one of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: globalnetworksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkSet - listKind: GlobalNetworkSetList - plural: globalnetworksets - singular: globalnetworkset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs - that share labels to allow rules to refer to them via selectors. The labels - of GlobalNetworkSet are not namespaced. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GlobalNetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: hostendpoints.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: HostEndpoint - listKind: HostEndpointList - plural: hostendpoints - singular: hostendpoint - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostEndpointSpec contains the specification for a HostEndpoint - resource. - properties: - expectedIPs: - description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. - If \"InterfaceName\" is not present, Calico will look for an interface - matching any of the IPs in the list and apply policy to that. Note: - \tWhen using the selector match criteria in an ingress or egress - security Policy \tor Profile, Calico converts the selector into - a set of IP addresses. For host \tendpoints, the ExpectedIPs field - is used for that purpose. (If only the interface \tname is specified, - Calico does not learn the IPs of the interface for use in match - \tcriteria.)" - items: - type: string - type: array - interfaceName: - description: "Either \"*\", or the name of a specific Linux interface - to apply policy to; or empty. \"*\" indicates that this HostEndpoint - governs all traffic to, from or through the default network namespace - of the host named by the \"Node\" field; entering and leaving that - namespace via any interface, including those from/to non-host-networked - local workloads. \n If InterfaceName is not \"*\", this HostEndpoint - only governs traffic that enters or leaves the host through the - specific interface named by InterfaceName, or - when InterfaceName - is empty - through the specific interface that has one of the IPs - in ExpectedIPs. Therefore, when InterfaceName is empty, at least - one expected IP must be specified. Only external interfaces (such - as “eth0”) are supported here; it isn't possible for a HostEndpoint - to protect traffic through a specific local workload interface. - \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; - initially just pre-DNAT policy. Please check Calico documentation - for the latest position." - type: string - node: - description: The node name identifying the Calico node instance. - type: string - ports: - description: Ports contains the endpoint's named ports, which may - be referenced in security policy rules. - items: - properties: - name: - type: string - port: - type: integer - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - required: - - name - - port - - protocol - type: object - type: array - profiles: - description: A list of identifiers of security Profile objects that - apply to this endpoint. Each profile is applied in the order that - they appear in this list. Profile rules are applied after the selector-based - security policy. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: ipamblocks.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMBlock - listKind: IPAMBlockList - plural: ipamblocks - singular: ipamblock - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMBlockSpec contains the specification for an IPAMBlock - resource. - properties: - affinity: - type: string - allocations: - items: - type: integer - # TODO: This nullable is manually added in. We should update controller-gen - # to handle []*int properly itself. - nullable: true - type: array - attributes: - items: - properties: - handle_id: - type: string - secondary: - additionalProperties: - type: string - type: object - type: object - type: array - cidr: - type: string - deleted: - type: boolean - strictAffinity: - type: boolean - unallocated: - items: - type: integer - type: array - required: - - allocations - - attributes - - cidr - - deleted - - strictAffinity - - unallocated - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: ipamconfigs.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMConfig - listKind: IPAMConfigList - plural: ipamconfigs - singular: ipamconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMConfigSpec contains the specification for an IPAMConfig - resource. - properties: - autoAllocateBlocks: - type: boolean - strictAffinity: - type: boolean - required: - - autoAllocateBlocks - - strictAffinity - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: ipamhandles.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMHandle - listKind: IPAMHandleList - plural: ipamhandles - singular: ipamhandle - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMHandleSpec contains the specification for an IPAMHandle - resource. - properties: - block: - additionalProperties: - type: integer - type: object - handleID: - type: string - required: - - block - - handleID - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: ippools.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPPool - listKind: IPPoolList - plural: ippools - singular: ippool - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPPoolSpec contains the specification for an IPPool resource. - properties: - blockSize: - description: The block size to use for IP address assignments from - this pool. Defaults to 26 for IPv4 and 112 for IPv6. - type: integer - cidr: - description: The pool CIDR. - type: string - disabled: - description: When disabled is true, Calico IPAM will not assign addresses - from this pool. - type: boolean - ipip: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - properties: - enabled: - description: When enabled is true, ipip tunneling will be used - to deliver packets to destinations within this pool. - type: boolean - mode: - description: The IPIP mode. This can be one of "always" or "cross-subnet". A - mode of "always" will also use IPIP tunneling for routing to - destination IP addresses within this pool. A mode of "cross-subnet" - will only use IPIP tunneling when the destination node is on - a different subnet to the originating node. The default value - (if not specified) is "always". - type: string - type: object - ipipMode: - description: Contains configuration for IPIP tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. IPIP tunelling - is disabled). - type: string - nat-outgoing: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - type: boolean - natOutgoing: - description: When nat-outgoing is true, packets sent from Calico networked - containers in this pool to destinations outside of this pool will - be masqueraded. - type: boolean - nodeSelector: - description: Allows IPPool to allocate for a specific node by label - selector. - type: string - vxlanMode: - description: Contains configuration for VXLAN tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. VXLAN - tunelling is disabled). - type: string - required: - - cidr - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: kubecontrollersconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: KubeControllersConfiguration - listKind: KubeControllersConfigurationList - plural: kubecontrollersconfigurations - singular: kubecontrollersconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubeControllersConfigurationSpec contains the values of the - Kubernetes controllers configuration. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host endpoints. - Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation of - host endpoints for every node. [Default: Disabled]' - type: string - type: object - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - type: object - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - type: string - required: - - controllers - type: object - status: - description: KubeControllersConfigurationStatus represents the status - of the configuration. It's useful for admins to be able to see the actual - config that was applied, which can be modified by environment variables - on the kube-controllers process. - properties: - environmentVars: - additionalProperties: - type: string - description: EnvironmentVars contains the environment variables on - the kube-controllers that influenced the RunningConfig. - type: object - runningConfig: - description: RunningConfig contains the effective config that is running - in the kube-controllers pod, after merging the API resource with - any environment variables. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace - controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host - endpoints. Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation - of host endpoints for every node. [Default: Disabled]' - type: string - type: object - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - type: object - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which - logs are sent to the stdout. [Default: Info]' - type: string - required: - - controllers - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: networkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkPolicy - listKind: NetworkPolicyList - plural: networkpolicies - singular: networkpolicy - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with ”Not”. All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with ”Not”. All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and Selector are defined on the same rule, then only workload - endpoints that are matched by both selectors will be selected - by the rule. \n For NetworkPolicy, an empty NamespaceSelector - implies that the Selector is limited to selecting only - workload endpoints in the same namespace as the NetworkPolicy. - \n For NetworkPolicy, `global()` NamespaceSelector implies - that the Selector is limited to selecting only GlobalNetworkSet - or HostEndpoint. \n For GlobalNetworkPolicy, an empty - NamespaceSelector implies the Selector applies to workload - endpoints across all namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label “my_label”. \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label “my_label”. - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - type: object - required: - - action - type: object - type: array - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress are present in the policy. The default - is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including - the case where there are also no Ingress rules) \n - [ PolicyTypeEgress - ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, - PolicyTypeEgress ], if there are both Ingress and Egress rules. - \n When the policy is read back again, Types will always be one - of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: networksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkSet - listKind: NetworkSetList - plural: networksets - singular: networkset - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- ---- -# Source: calico/templates/calico-kube-controllers-rbac.yaml - -# Include a clusterrole for the kube-controllers component, -# and bind it to the calico-kube-controllers serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - # Pods are queried to check for existence. - - apiGroups: [""] - resources: - - pods - verbs: - - get - # IPAM resources are manipulated when nodes are deleted. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - list - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - # kube-controllers manages hostendpoints. - - apiGroups: ["crd.projectcalico.org"] - resources: - - hostendpoints - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - create - - update - # KubeControllersConfiguration is where it gets its config - - apiGroups: ["crd.projectcalico.org"] - resources: - - kubecontrollersconfigurations - verbs: - # read its own config - - get - # create a default if none exists - - create - # update status - - update - # watch for changes - - watch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-kube-controllers -subjects: -- kind: ServiceAccount - name: calico-kube-controllers - namespace: kube-system ---- - ---- -# Source: calico/templates/calico-node-rbac.yaml -# Include a clusterrole for the calico-node DaemonSet, -# and bind it to the calico-node serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-node -rules: - # The CNI plugin needs to get pods, nodes, and namespaces. - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - - apiGroups: [""] - resources: - - endpoints - - services - verbs: - # Used to discover service IPs for advertisement. - - watch - - list - # Used to discover Typhas. - - get - # Pod CIDR auto-detection on kubeadm needs access to config maps. - - apiGroups: [""] - resources: - - configmaps - verbs: - - get - - apiGroups: [""] - resources: - - nodes/status - verbs: - # Needed for clearing NodeNetworkUnavailable flag. - - patch - # Calico stores some configuration information in node annotations. - - update - # Watch for changes to Kubernetes NetworkPolicies. - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list - # Used by Calico for policy information. - - apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch - # The CNI plugin patches pods/status. - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - # Calico monitors various CRDs for config. - - apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - networksets - - clusterinformations - - hostendpoints - - blockaffinities - verbs: - - get - - list - - watch - # Calico must create and update some CRDs on startup. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update - # Calico stores some configuration information on the node. - - apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch - # These permissions are only required for upgrade from v2.6, and can - # be removed after upgrade or on fresh installations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update - # These permissions are required for Calico CNI to perform IPAM allocations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipamconfigs - verbs: - - get - # Block affinities must also be watchable by confd for route aggregation. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - verbs: - - watch - # The Calico IPAM migration needs to get daemonsets. These permissions can be - # removed if not upgrading from an installation using host-local IPAM. - - apiGroups: ["apps"] - resources: - - daemonsets - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: calico-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system - ---- -# Source: calico/templates/calico-node.yaml -# This manifest installs the calico-node container, as well -# as the CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Make sure calico-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 0 - priorityClassName: system-node-critical - initContainers: - # This container performs upgrade from host-local IPAM to calico-ipam. - # It can be deleted if this is a fresh installation, or if you have already - # upgraded to use calico-ipam. - - name: upgrade-ipam - image: calico/cni:v3.15.1 - command: ["/opt/cni/bin/calico-ipam", "-upgrade"] - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - volumeMounts: - - mountPath: /var/lib/cni/networks - name: host-local-net-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - securityContext: - privileged: true - # This container installs the CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: calico/cni:v3.15.1 - command: ["/install-cni.sh"] - env: - # Name of the CNI config file to create. - - name: CNI_CONF_NAME - value: "10-calico.conflist" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # CNI MTU Config variable - - name: CNI_MTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Prevents the container from sleeping forever. - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - securityContext: - privileged: true - # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes - # to communicate with Felix over the Policy Sync API. - - name: flexvol-driver - image: calico/pod2daemon-flexvol:v3.15.1 - volumeMounts: - - name: flexvol-driver-host - mountPath: /host/driver - securityContext: - privileged: true - containers: - # Runs calico-node container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: calico/node:v3.15.1 - env: - # Use Kubernetes API as the backing datastore. - - name: DATASTORE_TYPE - value: "kubernetes" - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Choose the backend to use. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "k8s,bgp" - # Auto-detect the BGP IP address. - - name: IP - value: "autodetect" - # Enable IPIP - - name: CALICO_IPV4POOL_IPIP - value: "Always" - # Enable or Disable VXLAN on the default IP pool. - - name: CALICO_IPV4POOL_VXLAN - value: "Never" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Set MTU for the VXLAN tunnel device. - - name: FELIX_VXLANMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Set MTU for the Wireguard tunnel device. - - name: FELIX_WIREGUARDMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - - name: CALICO_IPV4POOL_CIDR - value: "10.244.0.0/16" - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - # Set Felix logging to "info" - - name: FELIX_LOGSEVERITYSCREEN - value: "info" - - name: FELIX_HEALTHENABLED - value: "true" - securityContext: - privileged: true - resources: - requests: - cpu: 250m - livenessProbe: - exec: - command: - - /bin/calico-node - - -felix-live - - -bird-live - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/calico-node - - -felix-ready - - -bird-ready - periodSeconds: 10 - volumeMounts: - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - - name: policysync - mountPath: /var/run/nodeagent - volumes: - # Used by calico-node. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Mount in the directory for host-local IPAM allocations. This is - # used when upgrading from host-local to calico-ipam, and can be removed - # if not using the upgrade-ipam init container. - - name: host-local-net-dir - hostPath: - path: /var/lib/cni/networks - # Used to create per-pod Unix Domain Sockets - - name: policysync - hostPath: - type: DirectoryOrCreate - path: /var/run/nodeagent - # Used to install Flex Volume Driver - - name: flexvol-driver-host - hostPath: - type: DirectoryOrCreate - path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - ---- -# Source: calico/templates/calico-kube-controllers.yaml -# See https://github.com/projectcalico/kube-controllers -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - # The controllers can only have a single active instance. - replicas: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers - strategy: - type: Recreate - template: - metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - spec: - nodeSelector: - kubernetes.io/os: linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: calico-kube-controllers - priorityClassName: system-cluster-critical - containers: - - name: calico-kube-controllers - image: calico/kube-controllers:v3.15.1 - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: node - - name: DATASTORE_TYPE - value: kubernetes - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-kube-controllers - namespace: kube-system - ---- -# Source: calico/templates/calico-etcd-secrets.yaml - ---- -# Source: calico/templates/calico-typha.yaml - ---- -# Source: calico/templates/configure-canal.yaml - - -- Gitee From 5e288e9a12130cb836c964668453bb6e257dcbce Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:53:23 +0000 Subject: [PATCH 07/26] =?UTF-8?q?add=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../calico.yaml" | 3744 +++++++++++++++++ 1 file changed, 3744 insertions(+) create mode 100644 "Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/calico.yaml" diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/calico.yaml" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/calico.yaml" new file mode 100644 index 0000000..1e0fa34 --- /dev/null +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/calico.yaml" @@ -0,0 +1,3744 @@ +--- +# Source: calico/templates/calico-config.yaml +# This ConfigMap is used to configure a self-hosted Calico installation. +kind: ConfigMap +apiVersion: v1 +metadata: + name: calico-config + namespace: kube-system +data: + # Typha is disabled. + typha_service_name: "none" + # Configure the backend to use. + calico_backend: "bird" + # Configure the MTU to use for workload interfaces and tunnels. + # - If Wireguard is enabled, set to your network MTU - 60 + # - Otherwise, if VXLAN or BPF mode is enabled, set to your network MTU - 50 + # - Otherwise, if IPIP is enabled, set to your network MTU - 20 + # - Otherwise, if not using any encapsulation, set to your network MTU. + veth_mtu: "1440" + + # The CNI network configuration to install on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "name": "k8s-pod-network", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "calico", + "log_level": "info", + "datastore_type": "kubernetes", + "nodename": "__KUBERNETES_NODE_NAME__", + "mtu": __CNI_MTU__, + "ipam": { + "type": "calico-ipam" + }, + "policy": { + "type": "k8s" + }, + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__" + } + }, + { + "type": "portmap", + "snat": true, + "capabilities": {"portMappings": true} + }, + { + "type": "bandwidth", + "capabilities": {"bandwidth": true} + } + ] + } + +--- +# Source: calico/templates/kdd-crds.yaml + + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: bgpconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BGPConfiguration + listKind: BGPConfigurationList + plural: bgpconfigurations + singular: bgpconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: BGPConfiguration contains the configuration for any BGP routing. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPConfigurationSpec contains the values of the BGP configuration. + properties: + asNumber: + description: 'ASNumber is the default AS number used by a node. [Default: + 64512]' + format: int32 + type: integer + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: INFO]' + type: string + nodeToNodeMeshEnabled: + description: 'NodeToNodeMeshEnabled sets whether full node to node + BGP mesh is enabled. [Default: true]' + type: boolean + serviceClusterIPs: + description: ServiceClusterIPs are the CIDR blocks from which service + cluster IPs are allocated. If specified, Calico will advertise these + blocks, as well as any cluster IPs within them. + items: + description: ServiceClusterIPBlock represents a single whitelisted + CIDR block for ClusterIPs. + properties: + cidr: + type: string + type: object + type: array + serviceExternalIPs: + description: ServiceExternalIPs are the CIDR blocks for Kubernetes + Service External IPs. Kubernetes Service ExternalIPs will only be + advertised if they are within one of these blocks. + items: + description: ServiceExternalIPBlock represents a single whitelisted + CIDR External IP block. + properties: + cidr: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: bgppeers.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BGPPeer + listKind: BGPPeerList + plural: bgppeers + singular: bgppeer + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec contains the specification for a BGPPeer resource. + properties: + asNumber: + description: The AS Number of the peer. + format: int32 + type: integer + node: + description: The node name identifying the Calico node instance that + is peering with this peer. If this is not set, this represents a + global peer, i.e. a peer that peers with every node in the deployment. + type: string + nodeSelector: + description: Selector for the nodes that should have this peering. When + this is set, the Node field must be empty. + type: string + peerIP: + description: The IP address of the peer. + type: string + peerSelector: + description: Selector for the remote nodes to peer with. When this + is set, the PeerIP and ASNumber fields must be empty. For each + peering between the local node and selected remote nodes, we configure + an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, + and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The + remote AS number comes from the remote node’s NodeBGPSpec.ASNumber, + or the global default if that is not set. + type: string + required: + - asNumber + - peerIP + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: blockaffinities.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BlockAffinity + listKind: BlockAffinityList + plural: blockaffinities + singular: blockaffinity + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BlockAffinitySpec contains the specification for a BlockAffinity + resource. + properties: + cidr: + type: string + deleted: + description: Deleted indicates that this block affinity is being deleted. + This field is a string for compatibility with older releases that + mistakenly treat this field as a string. + type: string + node: + type: string + state: + type: string + required: + - cidr + - deleted + - node + - state + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterinformations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: ClusterInformation + listKind: ClusterInformationList + plural: clusterinformations + singular: clusterinformation + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterInformation contains the cluster specific information. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterInformationSpec contains the values of describing + the cluster. + properties: + calicoVersion: + description: CalicoVersion is the version of Calico that the cluster + is running + type: string + clusterGUID: + description: ClusterGUID is the GUID of the cluster + type: string + clusterType: + description: ClusterType describes the type of the cluster + type: string + datastoreReady: + description: DatastoreReady is used during significant datastore migrations + to signal to components such as Felix that it should wait before + accessing the datastore. + type: boolean + variant: + description: Variant declares which variant of Calico should be active. + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: felixconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: FelixConfiguration + listKind: FelixConfigurationList + plural: felixconfigurations + singular: felixconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Felix Configuration contains the configuration for Felix. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FelixConfigurationSpec contains the values of the Felix configuration. + properties: + bpfConnectTimeLoadBalancingEnabled: + description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, + controls whether Felix installs the connection-time load balancer. The + connect-time load balancer is required for the host to be able to + reach Kubernetes services and it improves the performance of pod-to-service + connections. The only reason to disable it is for debugging purposes. [Default: + true]' + type: boolean + bpfDataIfacePattern: + description: 'BPFDataIfacePattern is a regular expression that controls + which interfaces Felix should attach BPF programs to in order to + catch traffic to/from the network. This needs to match the interfaces + that Calico workload traffic flows over as well as any interfaces + that handle incoming traffic to nodeports and services from outside + the cluster. It should not match the workload interfaces (usually + named cali...). [Default: ^(en.*|eth.*|tunl0$)]' + type: string + bpfDisableUnprivileged: + description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled + sysctl to disable unprivileged use of BPF. This ensures that unprivileged + users cannot access Calico''s BPF maps and cannot insert their own + BPF programs to interfere with Calico''s. [Default: true]' + type: boolean + bpfEnabled: + description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. + [Default: false]' + type: boolean + bpfExternalServiceMode: + description: 'BPFExternalServiceMode in BPF mode, controls how connections + from outside the cluster to services (node ports and cluster IPs) + are forwarded to remote workloads. If set to "Tunnel" then both + request and response traffic is tunneled to the remote node. If + set to "DSR", the request traffic is tunneled but the response traffic + is sent directly from the remote node. In "DSR" mode, the remote + node appears to use the IP of the ingress node; this requires a + permissive L2 network. [Default: Tunnel]' + type: string + bpfKubeProxyEndpointSlicesEnabled: + description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls + whether Felix's embedded kube-proxy accepts EndpointSlices or not. + type: boolean + bpfKubeProxyIptablesCleanupEnabled: + description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF + mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s + iptables chains. Should only be enabled if kube-proxy is not running. [Default: + true]' + type: boolean + bpfKubeProxyMinSyncPeriod: + description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the + minimum time between updates to the dataplane for Felix''s embedded + kube-proxy. Lower values give reduced set-up latency. Higher values + reduce Felix CPU usage by batching up more work. [Default: 1s]' + type: string + bpfLogLevel: + description: 'BPFLogLevel controls the log level of the BPF programs + when in BPF dataplane mode. One of "Off", "Info", or "Debug". The + logs are emitted to the BPF trace pipe, accessible with the command + `tc exec bpf debug`. [Default: Off].' + type: string + chainInsertMode: + description: 'ChainInsertMode controls whether Felix hooks the kernel’s + top-level iptables chains by inserting a rule at the top of the + chain or by appending a rule at the bottom. insert is the safe default + since it prevents Calico’s rules from being bypassed. If you switch + to append mode, be sure that the other rules in the chains signal + acceptance by falling through to the Calico rules, otherwise the + Calico policy will be bypassed. [Default: insert]' + type: string + dataplaneDriver: + type: string + debugDisableLogDropping: + type: boolean + debugMemoryProfilePath: + type: string + debugSimulateCalcGraphHangAfter: + type: string + debugSimulateDataplaneHangAfter: + type: string + defaultEndpointToHostAction: + description: 'DefaultEndpointToHostAction controls what happens to + traffic that goes from a workload endpoint to the host itself (after + the traffic hits the endpoint egress policy). By default Calico + blocks traffic from workload endpoints to the host itself with an + iptables “DROP” action. If you want to allow some or all traffic + from endpoint to host, set this parameter to RETURN or ACCEPT. Use + RETURN if you have your own rules in the iptables “INPUT” chain; + Calico will insert its rules at the top of that chain, then “RETURN” + packets to the “INPUT” chain once it has completed processing workload + endpoint egress policy. Use ACCEPT to unconditionally accept packets + from workloads after processing workload endpoint egress policy. + [Default: Drop]' + type: string + deviceRouteProtocol: + description: This defines the route protocol added to programmed device + routes, by default this will be RTPROT_BOOT when left blank. + type: integer + deviceRouteSourceAddress: + description: This is the source address to use on programmed device + routes. By default the source address is left blank, leaving the + kernel to choose the source address used. + type: string + disableConntrackInvalidCheck: + type: boolean + endpointReportingDelay: + type: string + endpointReportingEnabled: + type: boolean + externalNodesList: + description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes + which may source tunnel traffic and have the tunneled traffic be + accepted at calico nodes. + items: + type: string + type: array + failsafeInboundHostPorts: + description: 'FailsafeInboundHostPorts is a comma-delimited list of + UDP/TCP ports that Felix will allow incoming traffic to host endpoints + on irrespective of the security policy. This is useful to avoid + accidentally cutting off a host with incorrect configuration. Each + port should be specified as tcp: or udp:. + For back-compatibility, if the protocol is not specified, it defaults + to “tcp”. To disable all inbound host ports, use the value none. + The default value allows ssh access and DHCP. [Default: tcp:22, + udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]' + items: + description: ProtoPort is combination of protocol and port, both + must be specified. + properties: + port: + type: integer + protocol: + type: string + required: + - port + - protocol + type: object + type: array + failsafeOutboundHostPorts: + description: 'FailsafeOutboundHostPorts is a comma-delimited list + of UDP/TCP ports that Felix will allow outgoing traffic from host + endpoints to irrespective of the security policy. This is useful + to avoid accidentally cutting off a host with incorrect configuration. + Each port should be specified as tcp: or udp:. + For back-compatibility, if the protocol is not specified, it defaults + to “tcp”. To disable all outbound host ports, use the value none. + The default value opens etcd’s standard ports to ensure that Felix + does not get cut off from etcd as well as allowing DHCP and DNS. + [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667, + udp:53, udp:67]' + items: + description: ProtoPort is combination of protocol and port, both + must be specified. + properties: + port: + type: integer + protocol: + type: string + required: + - port + - protocol + type: object + type: array + genericXDPEnabled: + description: 'GenericXDPEnabled enables Generic XDP so network cards + that don''t support XDP offload or driver modes can use XDP. This + is not recommended since it doesn''t provide better performance + than iptables. [Default: false]' + type: boolean + healthEnabled: + type: boolean + healthHost: + type: string + healthPort: + type: integer + interfaceExclude: + description: 'InterfaceExclude is a comma-separated list of interfaces + that Felix should exclude when monitoring for host endpoints. The + default value ensures that Felix ignores Kubernetes'' IPVS dummy + interface, which is used internally by kube-proxy. If you want to + exclude multiple interface names using a single value, the list + supports regular expressions. For regular expressions you must wrap + the value with ''/''. For example having values ''/^kube/,veth1'' + will exclude all interfaces that begin with ''kube'' and also the + interface ''veth1''. [Default: kube-ipvs0]' + type: string + interfacePrefix: + description: 'InterfacePrefix is the interface name prefix that identifies + workload endpoints and so distinguishes them from host endpoint + interfaces. Note: in environments other than bare metal, the orchestrators + configure this appropriately. For example our Kubernetes and Docker + integrations set the ‘cali’ value, and our OpenStack integration + sets the ‘tap’ value. [Default: cali]' + type: string + ipipEnabled: + type: boolean + ipipMTU: + description: 'IPIPMTU is the MTU to set on the tunnel device. See + Configuring MTU [Default: 1440]' + type: integer + ipsetsRefreshInterval: + description: 'IpsetsRefreshInterval is the period at which Felix re-checks + all iptables state to ensure that no other process has accidentally + broken Calico’s rules. Set to 0 to disable iptables refresh. [Default: + 90s]' + type: string + iptablesBackend: + description: IptablesBackend specifies which backend of iptables will + be used. The default is legacy. + type: string + iptablesFilterAllowAction: + type: string + iptablesLockFilePath: + description: 'IptablesLockFilePath is the location of the iptables + lock file. You may need to change this if the lock file is not in + its standard location (for example if you have mapped it into Felix’s + container at a different path). [Default: /run/xtables.lock]' + type: string + iptablesLockProbeInterval: + description: 'IptablesLockProbeInterval is the time that Felix will + wait between attempts to acquire the iptables lock if it is not + available. Lower values make Felix more responsive when the lock + is contended, but use more CPU. [Default: 50ms]' + type: string + iptablesLockTimeout: + description: 'IptablesLockTimeout is the time that Felix will wait + for the iptables lock, or 0, to disable. To use this feature, Felix + must share the iptables lock file with all other processes that + also take the lock. When running Felix inside a container, this + requires the /run directory of the host to be mounted into the calico/node + or calico/felix container. [Default: 0s disabled]' + type: string + iptablesMangleAllowAction: + type: string + iptablesMarkMask: + description: 'IptablesMarkMask is the mask that Felix selects its + IPTables Mark bits from. Should be a 32 bit hexadecimal number with + at least 8 bits set, none of which clash with any other mark bits + in use on the system. [Default: 0xff000000]' + format: int32 + type: integer + iptablesNATOutgoingInterfaceFilter: + type: string + iptablesPostWriteCheckInterval: + description: 'IptablesPostWriteCheckInterval is the period after Felix + has done a write to the dataplane that it schedules an extra read + back in order to check the write was not clobbered by another process. + This should only occur if another application on the system doesn’t + respect the iptables lock. [Default: 1s]' + type: string + iptablesRefreshInterval: + description: 'IptablesRefreshInterval is the period at which Felix + re-checks the IP sets in the dataplane to ensure that no other process + has accidentally broken Calico’s rules. Set to 0 to disable IP sets + refresh. Note: the default for this value is lower than the other + refresh intervals as a workaround for a Linux kernel bug that was + fixed in kernel version 4.11. If you are using v4.11 or greater + you may want to set this to, a higher value to reduce Felix CPU + usage. [Default: 10s]' + type: string + ipv6Support: + type: boolean + kubeNodePortRanges: + description: 'KubeNodePortRanges holds list of port ranges used for + service node ports. Only used if felix detects kube-proxy running + in ipvs mode. Felix uses these ranges to separate host and workload + traffic. [Default: 30000:32767].' + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + logFilePath: + description: 'LogFilePath is the full path to the Felix log. Set to + none to disable file logging. [Default: /var/log/calico/felix.log]' + type: string + logPrefix: + description: 'LogPrefix is the log prefix that Felix uses when rendering + LOG rules. [Default: calico-packet]' + type: string + logSeverityFile: + description: 'LogSeverityFile is the log severity above which logs + are sent to the log file. [Default: Info]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: Info]' + type: string + logSeveritySys: + description: 'LogSeveritySys is the log severity above which logs + are sent to the syslog. Set to None for no logging to syslog. [Default: + Info]' + type: string + maxIpsetSize: + type: integer + metadataAddr: + description: 'MetadataAddr is the IP address or domain name of the + server that can answer VM queries for cloud-init metadata. In OpenStack, + this corresponds to the machine running nova-api (or in Ubuntu, + nova-api-metadata). A value of none (case insensitive) means that + Felix should not set up any NAT rule for the metadata path. [Default: + 127.0.0.1]' + type: string + metadataPort: + description: 'MetadataPort is the port of the metadata server. This, + combined with global.MetadataAddr (if not ‘None’), is used to set + up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. + In most cases this should not need to be changed [Default: 8775].' + type: integer + natOutgoingAddress: + description: NATOutgoingAddress specifies an address to use when performing + source NAT for traffic in a natOutgoing pool that is leaving the + network. By default the address used is an address on the interface + the traffic is leaving on (ie it uses the iptables MASQUERADE target) + type: string + natPortRange: + anyOf: + - type: integer + - type: string + description: NATPortRange specifies the range of ports that is used + for port mapping when doing outgoing NAT. When unset the default + behavior of the network stack is used. + pattern: ^.* + x-kubernetes-int-or-string: true + netlinkTimeout: + type: string + openstackRegion: + description: 'OpenstackRegion is the name of the region that a particular + Felix belongs to. In a multi-region Calico/OpenStack deployment, + this must be configured somehow for each Felix (here in the datamodel, + or in felix.cfg or the environment on each compute node), and must + match the [calico] openstack_region value configured in neutron.conf + on each node. [Default: Empty]' + type: string + policySyncPathPrefix: + description: 'PolicySyncPathPrefix is used to by Felix to communicate + policy changes to external services, like Application layer policy. + [Default: Empty]' + type: string + prometheusGoMetricsEnabled: + description: 'PrometheusGoMetricsEnabled disables Go runtime metrics + collection, which the Prometheus client does by default, when set + to false. This reduces the number of metrics reported, reducing + Prometheus load. [Default: true]' + type: boolean + prometheusMetricsEnabled: + description: 'PrometheusMetricsEnabled enables the Prometheus metrics + server in Felix if set to true. [Default: false]' + type: boolean + prometheusMetricsHost: + description: 'PrometheusMetricsHost is the host that the Prometheus + metrics server should bind to. [Default: empty]' + type: string + prometheusMetricsPort: + description: 'PrometheusMetricsPort is the TCP port that the Prometheus + metrics server should bind to. [Default: 9091]' + type: integer + prometheusProcessMetricsEnabled: + description: 'PrometheusProcessMetricsEnabled disables process metrics + collection, which the Prometheus client does by default, when set + to false. This reduces the number of metrics reported, reducing + Prometheus load. [Default: true]' + type: boolean + removeExternalRoutes: + description: Whether or not to remove device routes that have not + been programmed by Felix. Disabling this will allow external applications + to also add device routes. This is enabled by default which means + we will remove externally added routes. + type: boolean + reportingInterval: + description: 'ReportingInterval is the interval at which Felix reports + its status into the datastore or 0 to disable. Must be non-zero + in OpenStack deployments. [Default: 30s]' + type: string + reportingTTL: + description: 'ReportingTTL is the time-to-live setting for process-wide + status reports. [Default: 90s]' + type: string + routeRefreshInterval: + description: 'RouterefreshInterval is the period at which Felix re-checks + the routes in the dataplane to ensure that no other process has + accidentally broken Calico’s rules. Set to 0 to disable route refresh. + [Default: 90s]' + type: string + routeSource: + description: 'RouteSource configures where Felix gets its routing + information. - WorkloadIPs: use workload endpoints to construct + routes. - CalicoIPAM: the default - use IPAM data to construct routes.' + type: string + routeTableRange: + description: Calico programs additional Linux route tables for various + purposes. RouteTableRange specifies the indices of the route tables + that Calico should use. + properties: + max: + type: integer + min: + type: integer + required: + - max + - min + type: object + sidecarAccelerationEnabled: + description: 'SidecarAccelerationEnabled enables experimental sidecar + acceleration [Default: false]' + type: boolean + usageReportingEnabled: + description: 'UsageReportingEnabled reports anonymous Calico version + number and cluster size to projectcalico.org. Logs warnings returned + by the usage server. For example, if a significant security vulnerability + has been discovered in the version of Calico being used. [Default: + true]' + type: boolean + usageReportingInitialDelay: + description: 'UsageReportingInitialDelay controls the minimum delay + before Felix makes a report. [Default: 300s]' + type: string + usageReportingInterval: + description: 'UsageReportingInterval controls the interval at which + Felix makes reports. [Default: 86400s]' + type: string + useInternalDataplaneDriver: + type: boolean + vxlanEnabled: + type: boolean + vxlanMTU: + description: 'VXLANMTU is the MTU to set on the tunnel device. See + Configuring MTU [Default: 1440]' + type: integer + vxlanPort: + type: integer + vxlanVNI: + type: integer + wireguardEnabled: + description: 'WireguardEnabled controls whether Wireguard is enabled. + [Default: false]' + type: boolean + wireguardInterfaceName: + description: 'WireguardInterfaceName specifies the name to use for + the Wireguard interface. [Default: wg.calico]' + type: string + wireguardListeningPort: + description: 'WireguardListeningPort controls the listening port used + by Wireguard. [Default: 51820]' + type: integer + wireguardMTU: + description: 'WireguardMTU controls the MTU on the Wireguard interface. + See Configuring MTU [Default: 1420]' + type: integer + wireguardRoutingRulePriority: + description: 'WireguardRoutingRulePriority controls the priority value + to use for the Wireguard routing rule. [Default: 99]' + type: integer + xdpEnabled: + description: 'XDPEnabled enables XDP acceleration for suitable untracked + incoming deny rules. [Default: true]' + type: boolean + xdpRefreshInterval: + description: 'XDPRefreshInterval is the period at which Felix re-checks + all XDP state to ensure that no other process has accidentally broken + Calico''s BPF maps or attached programs. Set to 0 to disable XDP + refresh. [Default: 90s]' + type: string + required: + - bpfLogLevel + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: globalnetworkpolicies.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: GlobalNetworkPolicy + listKind: GlobalNetworkPolicyList + plural: globalnetworkpolicies + singular: globalnetworkpolicy + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applyOnForward: + description: ApplyOnForward indicates to apply the rules in this policy + on forward traffic. + type: boolean + doNotTrack: + description: DoNotTrack indicates whether packets matched by the rules + in this policy should go through the data plane's connection tracking, + such as Linux conntrack. If True, the rules in this policy are + applied before any data plane connection tracking, and packets allowed + by this policy are marked as not to be tracked. + type: boolean + egress: + description: The ordered set of egress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + ingress: + description: The ordered set of ingress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + namespaceSelector: + description: NamespaceSelector is an optional field for an expression + used to select a pod based on namespaces. + type: string + order: + description: Order is an optional field that specifies the order in + which the policy is applied. Policies with higher "order" are applied + after those with lower order. If the order is omitted, it may be + considered to be "infinite" - i.e. the policy will be applied last. Policies + with identical order will be applied in alphanumerical order based + on the Policy "Name". + type: number + preDNAT: + description: PreDNAT indicates to apply the rules in this policy before + any DNAT. + type: boolean + selector: + description: "The selector is an expression used to pick pick out + the endpoints that the policy should be applied to. \n Selector + expressions follow this syntax: \n \tlabel == \"string_literal\" + \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" + \ -> not equal; also matches if label is not present \tlabel in + { \"a\", \"b\", \"c\", ... } -> true if the value of label X is + one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", + ... } -> true if the value of label X is not one of \"a\", \"b\", + \"c\" \thas(label_name) -> True if that label is present \t! expr + -> negation of expr \texpr && expr -> Short-circuit and \texpr + || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + or the empty selector -> matches all endpoints. \n Label names are + allowed to contain alphanumerics, -, _ and /. String literals are + more permissive but they do not support escape characters. \n Examples + (with made-up labels): \n \ttype == \"webserver\" && deployment + == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != + \"dev\" \t! has(label_name)" + type: string + serviceAccountSelector: + description: ServiceAccountSelector is an optional field for an expression + used to select a pod based on service accounts. + type: string + types: + description: "Types indicates whether this policy applies to ingress, + or to egress, or to both. When not explicitly specified (and so + the value on creation is empty or nil), Calico defaults Types according + to what Ingress and Egress rules are present in the policy. The + default is: \n - [ PolicyTypeIngress ], if there are no Egress rules + (including the case where there are also no Ingress rules) \n + - [ PolicyTypeEgress ], if there are Egress rules but no Ingress + rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are + both Ingress and Egress rules. \n When the policy is read back again, + Types will always be one of these values, never empty or nil." + items: + description: PolicyType enumerates the possible values of the PolicySpec + Types field. + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: globalnetworksets.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: GlobalNetworkSet + listKind: GlobalNetworkSetList + plural: globalnetworksets + singular: globalnetworkset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs + that share labels to allow rules to refer to them via selectors. The labels + of GlobalNetworkSet are not namespaced. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GlobalNetworkSetSpec contains the specification for a NetworkSet + resource. + properties: + nets: + description: The list of IP networks that belong to this set. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: hostendpoints.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: HostEndpoint + listKind: HostEndpointList + plural: hostendpoints + singular: hostendpoint + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostEndpointSpec contains the specification for a HostEndpoint + resource. + properties: + expectedIPs: + description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. + If \"InterfaceName\" is not present, Calico will look for an interface + matching any of the IPs in the list and apply policy to that. Note: + \tWhen using the selector match criteria in an ingress or egress + security Policy \tor Profile, Calico converts the selector into + a set of IP addresses. For host \tendpoints, the ExpectedIPs field + is used for that purpose. (If only the interface \tname is specified, + Calico does not learn the IPs of the interface for use in match + \tcriteria.)" + items: + type: string + type: array + interfaceName: + description: "Either \"*\", or the name of a specific Linux interface + to apply policy to; or empty. \"*\" indicates that this HostEndpoint + governs all traffic to, from or through the default network namespace + of the host named by the \"Node\" field; entering and leaving that + namespace via any interface, including those from/to non-host-networked + local workloads. \n If InterfaceName is not \"*\", this HostEndpoint + only governs traffic that enters or leaves the host through the + specific interface named by InterfaceName, or - when InterfaceName + is empty - through the specific interface that has one of the IPs + in ExpectedIPs. Therefore, when InterfaceName is empty, at least + one expected IP must be specified. Only external interfaces (such + as “eth0”) are supported here; it isn't possible for a HostEndpoint + to protect traffic through a specific local workload interface. + \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; + initially just pre-DNAT policy. Please check Calico documentation + for the latest position." + type: string + node: + description: The node name identifying the Calico node instance. + type: string + ports: + description: Ports contains the endpoint's named ports, which may + be referenced in security policy rules. + items: + properties: + name: + type: string + port: + type: integer + protocol: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + required: + - name + - port + - protocol + type: object + type: array + profiles: + description: A list of identifiers of security Profile objects that + apply to this endpoint. Each profile is applied in the order that + they appear in this list. Profile rules are applied after the selector-based + security policy. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ipamblocks.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMBlock + listKind: IPAMBlockList + plural: ipamblocks + singular: ipamblock + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMBlockSpec contains the specification for an IPAMBlock + resource. + properties: + affinity: + type: string + allocations: + items: + type: integer + # TODO: This nullable is manually added in. We should update controller-gen + # to handle []*int properly itself. + nullable: true + type: array + attributes: + items: + properties: + handle_id: + type: string + secondary: + additionalProperties: + type: string + type: object + type: object + type: array + cidr: + type: string + deleted: + type: boolean + strictAffinity: + type: boolean + unallocated: + items: + type: integer + type: array + required: + - allocations + - attributes + - cidr + - deleted + - strictAffinity + - unallocated + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ipamconfigs.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMConfig + listKind: IPAMConfigList + plural: ipamconfigs + singular: ipamconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMConfigSpec contains the specification for an IPAMConfig + resource. + properties: + autoAllocateBlocks: + type: boolean + strictAffinity: + type: boolean + required: + - autoAllocateBlocks + - strictAffinity + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ipamhandles.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMHandle + listKind: IPAMHandleList + plural: ipamhandles + singular: ipamhandle + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMHandleSpec contains the specification for an IPAMHandle + resource. + properties: + block: + additionalProperties: + type: integer + type: object + handleID: + type: string + required: + - block + - handleID + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: ippools.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPPool + listKind: IPPoolList + plural: ippools + singular: ippool + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPPoolSpec contains the specification for an IPPool resource. + properties: + blockSize: + description: The block size to use for IP address assignments from + this pool. Defaults to 26 for IPv4 and 112 for IPv6. + type: integer + cidr: + description: The pool CIDR. + type: string + disabled: + description: When disabled is true, Calico IPAM will not assign addresses + from this pool. + type: boolean + ipip: + description: 'Deprecated: this field is only used for APIv1 backwards + compatibility. Setting this field is not allowed, this field is + for internal use only.' + properties: + enabled: + description: When enabled is true, ipip tunneling will be used + to deliver packets to destinations within this pool. + type: boolean + mode: + description: The IPIP mode. This can be one of "always" or "cross-subnet". A + mode of "always" will also use IPIP tunneling for routing to + destination IP addresses within this pool. A mode of "cross-subnet" + will only use IPIP tunneling when the destination node is on + a different subnet to the originating node. The default value + (if not specified) is "always". + type: string + type: object + ipipMode: + description: Contains configuration for IPIP tunneling for this pool. + If not specified, then this is defaulted to "Never" (i.e. IPIP tunelling + is disabled). + type: string + nat-outgoing: + description: 'Deprecated: this field is only used for APIv1 backwards + compatibility. Setting this field is not allowed, this field is + for internal use only.' + type: boolean + natOutgoing: + description: When nat-outgoing is true, packets sent from Calico networked + containers in this pool to destinations outside of this pool will + be masqueraded. + type: boolean + nodeSelector: + description: Allows IPPool to allocate for a specific node by label + selector. + type: string + vxlanMode: + description: Contains configuration for VXLAN tunneling for this pool. + If not specified, then this is defaulted to "Never" (i.e. VXLAN + tunelling is disabled). + type: string + required: + - cidr + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: kubecontrollersconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: KubeControllersConfiguration + listKind: KubeControllersConfigurationList + plural: kubecontrollersconfigurations + singular: kubecontrollersconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeControllersConfigurationSpec contains the values of the + Kubernetes controllers configuration. + properties: + controllers: + description: Controllers enables and configures individual Kubernetes + controllers + properties: + namespace: + description: Namespace enables and configures the namespace controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + node: + description: Node enables and configures the node controller. + Enabled by default, set to nil to disable. + properties: + hostEndpoint: + description: HostEndpoint controls syncing nodes to host endpoints. + Disabled by default, set to nil to disable. + properties: + autoCreate: + description: 'AutoCreate enables automatic creation of + host endpoints for every node. [Default: Disabled]' + type: string + type: object + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + syncLabels: + description: 'SyncLabels controls whether to copy Kubernetes + node labels to Calico nodes. [Default: Enabled]' + type: string + type: object + policy: + description: Policy enables and configures the policy controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + serviceAccount: + description: ServiceAccount enables and configures the service + account controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + workloadEndpoint: + description: WorkloadEndpoint enables and configures the workload + endpoint controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + type: object + etcdV3CompactionPeriod: + description: 'EtcdV3CompactionPeriod is the period between etcdv3 + compaction requests. Set to 0 to disable. [Default: 10m]' + type: string + healthChecks: + description: 'HealthChecks enables or disables support for health + checks [Default: Enabled]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: Info]' + type: string + required: + - controllers + type: object + status: + description: KubeControllersConfigurationStatus represents the status + of the configuration. It's useful for admins to be able to see the actual + config that was applied, which can be modified by environment variables + on the kube-controllers process. + properties: + environmentVars: + additionalProperties: + type: string + description: EnvironmentVars contains the environment variables on + the kube-controllers that influenced the RunningConfig. + type: object + runningConfig: + description: RunningConfig contains the effective config that is running + in the kube-controllers pod, after merging the API resource with + any environment variables. + properties: + controllers: + description: Controllers enables and configures individual Kubernetes + controllers + properties: + namespace: + description: Namespace enables and configures the namespace + controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + node: + description: Node enables and configures the node controller. + Enabled by default, set to nil to disable. + properties: + hostEndpoint: + description: HostEndpoint controls syncing nodes to host + endpoints. Disabled by default, set to nil to disable. + properties: + autoCreate: + description: 'AutoCreate enables automatic creation + of host endpoints for every node. [Default: Disabled]' + type: string + type: object + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + syncLabels: + description: 'SyncLabels controls whether to copy Kubernetes + node labels to Calico nodes. [Default: Enabled]' + type: string + type: object + policy: + description: Policy enables and configures the policy controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + serviceAccount: + description: ServiceAccount enables and configures the service + account controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + workloadEndpoint: + description: WorkloadEndpoint enables and configures the workload + endpoint controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + type: object + etcdV3CompactionPeriod: + description: 'EtcdV3CompactionPeriod is the period between etcdv3 + compaction requests. Set to 0 to disable. [Default: 10m]' + type: string + healthChecks: + description: 'HealthChecks enables or disables support for health + checks [Default: Enabled]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which + logs are sent to the stdout. [Default: Info]' + type: string + required: + - controllers + type: object + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: networkpolicies.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: NetworkPolicy + listKind: NetworkPolicyList + plural: networkpolicies + singular: networkpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + egress: + description: The ordered set of egress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + ingress: + description: The ordered set of ingress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with ”Not”. All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel’s iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and Selector are defined on the same rule, then only workload + endpoints that are matched by both selectors will be selected + by the rule. \n For NetworkPolicy, an empty NamespaceSelector + implies that the Selector is limited to selecting only + workload endpoints in the same namespace as the NetworkPolicy. + \n For NetworkPolicy, `global()` NamespaceSelector implies + that the Selector is limited to selecting only GlobalNetworkSet + or HostEndpoint. \n For GlobalNetworkPolicy, an empty + NamespaceSelector implies the Selector applies to workload + endpoints across all namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label “my_label”. \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label “my_label”. + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + type: object + required: + - action + type: object + type: array + order: + description: Order is an optional field that specifies the order in + which the policy is applied. Policies with higher "order" are applied + after those with lower order. If the order is omitted, it may be + considered to be "infinite" - i.e. the policy will be applied last. Policies + with identical order will be applied in alphanumerical order based + on the Policy "Name". + type: number + selector: + description: "The selector is an expression used to pick pick out + the endpoints that the policy should be applied to. \n Selector + expressions follow this syntax: \n \tlabel == \"string_literal\" + \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" + \ -> not equal; also matches if label is not present \tlabel in + { \"a\", \"b\", \"c\", ... } -> true if the value of label X is + one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", + ... } -> true if the value of label X is not one of \"a\", \"b\", + \"c\" \thas(label_name) -> True if that label is present \t! expr + -> negation of expr \texpr && expr -> Short-circuit and \texpr + || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + or the empty selector -> matches all endpoints. \n Label names are + allowed to contain alphanumerics, -, _ and /. String literals are + more permissive but they do not support escape characters. \n Examples + (with made-up labels): \n \ttype == \"webserver\" && deployment + == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != + \"dev\" \t! has(label_name)" + type: string + serviceAccountSelector: + description: ServiceAccountSelector is an optional field for an expression + used to select a pod based on service accounts. + type: string + types: + description: "Types indicates whether this policy applies to ingress, + or to egress, or to both. When not explicitly specified (and so + the value on creation is empty or nil), Calico defaults Types according + to what Ingress and Egress are present in the policy. The default + is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including + the case where there are also no Ingress rules) \n - [ PolicyTypeEgress + ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, + PolicyTypeEgress ], if there are both Ingress and Egress rules. + \n When the policy is read back again, Types will always be one + of these values, never empty or nil." + items: + description: PolicyType enumerates the possible values of the PolicySpec + Types field. + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: networksets.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: NetworkSet + listKind: NetworkSetList + plural: networksets + singular: networkset + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkSetSpec contains the specification for a NetworkSet + resource. + properties: + nets: + description: The list of IP networks that belong to this set. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +--- +# Source: calico/templates/calico-kube-controllers-rbac.yaml + +# Include a clusterrole for the kube-controllers component, +# and bind it to the calico-kube-controllers serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-kube-controllers +rules: + # Nodes are watched to monitor for deletions. + - apiGroups: [""] + resources: + - nodes + verbs: + - watch + - list + - get + # Pods are queried to check for existence. + - apiGroups: [""] + resources: + - pods + verbs: + - get + # IPAM resources are manipulated when nodes are deleted. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + verbs: + - list + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + # kube-controllers manages hostendpoints. + - apiGroups: ["crd.projectcalico.org"] + resources: + - hostendpoints + verbs: + - get + - list + - create + - update + - delete + # Needs access to update clusterinformations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - clusterinformations + verbs: + - get + - create + - update + # KubeControllersConfiguration is where it gets its config + - apiGroups: ["crd.projectcalico.org"] + resources: + - kubecontrollersconfigurations + verbs: + # read its own config + - get + # create a default if none exists + - create + # update status + - update + # watch for changes + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-kube-controllers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-kube-controllers +subjects: +- kind: ServiceAccount + name: calico-kube-controllers + namespace: kube-system +--- + +--- +# Source: calico/templates/calico-node-rbac.yaml +# Include a clusterrole for the calico-node DaemonSet, +# and bind it to the calico-node serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-node +rules: + # The CNI plugin needs to get pods, nodes, and namespaces. + - apiGroups: [""] + resources: + - pods + - nodes + - namespaces + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + - services + verbs: + # Used to discover service IPs for advertisement. + - watch + - list + # Used to discover Typhas. + - get + # Pod CIDR auto-detection on kubeadm needs access to config maps. + - apiGroups: [""] + resources: + - configmaps + verbs: + - get + - apiGroups: [""] + resources: + - nodes/status + verbs: + # Needed for clearing NodeNetworkUnavailable flag. + - patch + # Calico stores some configuration information in node annotations. + - update + # Watch for changes to Kubernetes NetworkPolicies. + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + # Used by Calico for policy information. + - apiGroups: [""] + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch + # The CNI plugin patches pods/status. + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + # Calico monitors various CRDs for config. + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch + # Calico must create and update some CRDs on startup. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + - felixconfigurations + - clusterinformations + verbs: + - create + - update + # Calico stores some configuration information on the node. + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch + # These permissions are only required for upgrade from v2.6, and can + # be removed after upgrade or on fresh installations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - bgpconfigurations + - bgppeers + verbs: + - create + - update + # These permissions are required for Calico CNI to perform IPAM allocations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - ipamconfigs + verbs: + - get + # Block affinities must also be watchable by confd for route aggregation. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + verbs: + - watch + # The Calico IPAM migration needs to get daemonsets. These permissions can be + # removed if not upgrading from an installation using host-local IPAM. + - apiGroups: ["apps"] + resources: + - daemonsets + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: +- kind: ServiceAccount + name: calico-node + namespace: kube-system + +--- +# Source: calico/templates/calico-node.yaml +# This manifest installs the calico-node container, as well +# as the CNI plugins and network config on +# each master and worker node in a Kubernetes cluster. +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: calico-node + namespace: kube-system + labels: + k8s-app: calico-node +spec: + selector: + matchLabels: + k8s-app: calico-node + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: calico-node + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + tolerations: + # Make sure calico-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + serviceAccountName: calico-node + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 0 + priorityClassName: system-node-critical + initContainers: + # This container performs upgrade from host-local IPAM to calico-ipam. + # It can be deleted if this is a fresh installation, or if you have already + # upgraded to use calico-ipam. + - name: upgrade-ipam + image: calico/cni:v3.15.1 + command: ["/opt/cni/bin/calico-ipam", "-upgrade"] + env: + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CALICO_NETWORKING_BACKEND + valueFrom: + configMapKeyRef: + name: calico-config + key: calico_backend + volumeMounts: + - mountPath: /var/lib/cni/networks + name: host-local-net-dir + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + securityContext: + privileged: true + # This container installs the CNI binaries + # and CNI network config file on each node. + - name: install-cni + image: calico/cni:v3.15.1 + command: ["/install-cni.sh"] + env: + # Name of the CNI config file to create. + - name: CNI_CONF_NAME + value: "10-calico.conflist" + # The CNI network config to install on each node. + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + name: calico-config + key: cni_network_config + # Set the hostname based on the k8s node name. + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # CNI MTU Config variable + - name: CNI_MTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Prevents the container from sleeping forever. + - name: SLEEP + value: "false" + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + securityContext: + privileged: true + # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes + # to communicate with Felix over the Policy Sync API. + - name: flexvol-driver + image: calico/pod2daemon-flexvol:v3.15.1 + volumeMounts: + - name: flexvol-driver-host + mountPath: /host/driver + securityContext: + privileged: true + containers: + # Runs calico-node container on each Kubernetes node. This + # container programs network policy and routes on each + # host. + - name: calico-node + image: calico/node:v3.15.1 + env: + # Use Kubernetes API as the backing datastore. + - name: DATASTORE_TYPE + value: "kubernetes" + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: "true" + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Choose the backend to use. + - name: CALICO_NETWORKING_BACKEND + valueFrom: + configMapKeyRef: + name: calico-config + key: calico_backend + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: "k8s,bgp" + # Auto-detect the BGP IP address. + - name: IP + value: "autodetect" + # Enable IPIP + - name: CALICO_IPV4POOL_IPIP + value: "Always" + # Enable or Disable VXLAN on the default IP pool. + - name: CALICO_IPV4POOL_VXLAN + value: "Never" + # Set MTU for tunnel device used if ipip is enabled + - name: FELIX_IPINIPMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Set MTU for the VXLAN tunnel device. + - name: FELIX_VXLANMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Set MTU for the Wireguard tunnel device. + - name: FELIX_WIREGUARDMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # The default IPv4 pool to create on startup if none exists. Pod IPs will be + # chosen from this range. Changing this value after installation will have + # no effect. This should fall within `--cluster-cidr`. + - name: CALICO_IPV4POOL_CIDR + value: "10.244.0.0/16" + # Disable file logging so `kubectl logs` works. + - name: CALICO_DISABLE_FILE_LOGGING + value: "true" + # Set Felix endpoint to host default action to ACCEPT. + - name: FELIX_DEFAULTENDPOINTTOHOSTACTION + value: "ACCEPT" + # Disable IPv6 on Kubernetes. + - name: FELIX_IPV6SUPPORT + value: "false" + # Set Felix logging to "info" + - name: FELIX_LOGSEVERITYSCREEN + value: "info" + - name: FELIX_HEALTHENABLED + value: "true" + securityContext: + privileged: true + resources: + requests: + cpu: 250m + livenessProbe: + exec: + command: + - /bin/calico-node + - -felix-live + - -bird-live + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/calico-node + - -felix-ready + - -bird-ready + periodSeconds: 10 + volumeMounts: + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico + name: var-lib-calico + readOnly: false + - name: policysync + mountPath: /var/run/nodeagent + volumes: + # Used by calico-node. + - name: lib-modules + hostPath: + path: /lib/modules + - name: var-run-calico + hostPath: + path: /var/run/calico + - name: var-lib-calico + hostPath: + path: /var/lib/calico + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d + # Mount in the directory for host-local IPAM allocations. This is + # used when upgrading from host-local to calico-ipam, and can be removed + # if not using the upgrade-ipam init container. + - name: host-local-net-dir + hostPath: + path: /var/lib/cni/networks + # Used to create per-pod Unix Domain Sockets + - name: policysync + hostPath: + type: DirectoryOrCreate + path: /var/run/nodeagent + # Used to install Flex Volume Driver + - name: flexvol-driver-host + hostPath: + type: DirectoryOrCreate + path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-node + namespace: kube-system + +--- +# Source: calico/templates/calico-kube-controllers.yaml +# See https://github.com/projectcalico/kube-controllers +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers +spec: + # The controllers can only have a single active instance. + replicas: 1 + selector: + matchLabels: + k8s-app: calico-kube-controllers + strategy: + type: Recreate + template: + metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers + spec: + nodeSelector: + kubernetes.io/os: linux + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: calico-kube-controllers + priorityClassName: system-cluster-critical + containers: + - name: calico-kube-controllers + image: calico/kube-controllers:v3.15.1 + env: + # Choose which controllers to run. + - name: ENABLED_CONTROLLERS + value: node + - name: DATASTORE_TYPE + value: kubernetes + readinessProbe: + exec: + command: + - /usr/bin/check-status + - -r + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-kube-controllers + namespace: kube-system + +--- +# Source: calico/templates/calico-etcd-secrets.yaml + +--- +# Source: calico/templates/calico-typha.yaml + +--- +# Source: calico/templates/configure-canal.yaml + + -- Gitee From 14917b68409eb1fb1c2bc6bc5b79ecc82d651ac1 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:53:38 +0000 Subject: [PATCH 08/26] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20In?= =?UTF-8?q?stall-Kubeadm-Calico/Calico=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6?= =?UTF-8?q?/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 "Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/.keep" deleted file mode 100644 index e69de29..0000000 -- Gitee From 0927f589f4958a187112551f68b73c1110e4822e Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:54:30 +0000 Subject: [PATCH 09/26] =?UTF-8?q?add=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 "Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" new file mode 100644 index 0000000..e69de29 -- Gitee From b34ea54296baf522536ba766e34d93917b52849f Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 20 Apr 2022 10:58:01 +0000 Subject: [PATCH 10/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 5 +++++ 1 file changed, 5 insertions(+) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index e69de29..3e4f10b 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -0,0 +1,5 @@ +# 1. Calico-介绍、原理与使用 + + **1.1 什么是Calico** + +Calico 是一套开源的网络和网络安全方案,用于容器、虚拟机、宿主机之前的网络连接,可以用在kubernetes、OpenShift、DockerEE、OpenStrack等PaaS或IaaS平台上。 \ No newline at end of file -- Gitee From 784cd5801eabf17a12e1446a6b5c31f424fd1c8a Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Mon, 25 Apr 2022 04:05:53 +0000 Subject: [PATCH 11/26] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20picture?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Install-Kubeadm-Calico/picture/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 Install-Kubeadm-Calico/picture/.keep diff --git a/Install-Kubeadm-Calico/picture/.keep b/Install-Kubeadm-Calico/picture/.keep new file mode 100644 index 0000000..e69de29 -- Gitee From 18fbf686932691175475cc81d7855d537937754f Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Tue, 26 Apr 2022 04:11:14 +0000 Subject: [PATCH 12/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 135 +++++++++++++++++- Install-Kubeadm-Calico/picture/2.png | Bin 0 -> 59079 bytes Install-Kubeadm-Calico/picture/3.png | Bin 0 -> 64554 bytes ...45\233\276\347\211\207_20220425120825.png" | Bin 0 -> 162241 bytes 4 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 Install-Kubeadm-Calico/picture/2.png create mode 100644 Install-Kubeadm-Calico/picture/3.png create mode 100644 "Install-Kubeadm-Calico/picture/\345\276\256\344\277\241\345\233\276\347\211\207_20220425120825.png" diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 3e4f10b..ec842b3 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -2,4 +2,137 @@ **1.1 什么是Calico** -Calico 是一套开源的网络和网络安全方案,用于容器、虚拟机、宿主机之前的网络连接,可以用在kubernetes、OpenShift、DockerEE、OpenStrack等PaaS或IaaS平台上。 \ No newline at end of file +Calico 是一套开源的网络和网络安全方案,用于容器、虚拟机、宿主机之前的网络连接,可以用在kubernetes、OpenShift、DockerEE、OpenStrack等PaaS或IaaS平台上。 + + **1.2 Calico 组件概述** + +![输入图片说明](../picture/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20220425120825.png) + +Felix:calico的核心组件,运行在每个节点上。主要的功能有接口管理、路由规则、ACL规则和状态报告 + + **接口管理:** Felix为内核编写一些接口信息,以便让内核能正确的处理主机endpoint的流量。特别是主机之间的ARP请求和处理ip转发。 +路由规则:Felix负责主机之间路由信息写到linux内核的FIB(Forwarding Information Base)转发信息库,保证数据包可以在主机之间相互转发。 + + **ACL规则:** Felix负责将ACL策略写入到linux内核中,保证主机endpoint的为有效流量不能绕过calico的安全措施。 +状态报告:Felix负责提供关于网络健康状况的数据。特别是,它报告配置主机时出现的错误和问题。这些数据被写入etcd,使其对网络的其他组件和操作人员可见。 + + **Etcd:** 保证数据一致性的数据库,存储集群中节点的所有路由信息。为保证数据的可靠和容错建议至少三个以上etcd节点。 +Orchestrator plugin:协调器插件负责允许kubernetes或OpenStack等原生云平台方便管理Calico,可以通过各自的API来配置Calico网络实现无缝集成。如kubernetes的cni网络插件。 + + **Bird:** BGP客户端,Calico在每个节点上的都会部署一个BGP客户端,它的作用是将Felix的路由信息读入内核,并通过BGP协议在集群中分发。当Felix将路由插入到Linux内核FIB中时,BGP客户端将获取这些路由并将它们分发到部署中的其他节点。这可以确保在部署时有效地路由流量。 + + **BGP Router Reflector:** 大型网络仅仅使用 BGP client 形成 mesh 全网互联的方案就会导致规模限制,所有节点需要 N^2 个连接,为了解决这个规模问题,可以采用 BGP 的 Router Reflector 的方法,使所有 BGP Client 仅与特定 RR 节点互联并做路由同步,从而大大减少连接数。 + + **Calicoctl:** calico 命令行管理工具。 + +# 2. Calico 网络模式 + + **BGP 边界网关协议(Border Gateway Protocol, BGP):** 是互联网上一个核心的去中心化自治路由协议。BGP不使用传统的内部网关协议(IGP)的指标。 + + **Route Reflector 模式(RR)(路由反射):** Calico 维护的网络在默认是(Node-to-Node Mesh)全互联模式,Calico集群中的节点之间都会相互建立连接,用于路由交换。但是随着集群规模的扩大,mesh模式将形成一个巨大服务网格,连接数成倍增加。这时就需要使用 Route Reflector(路由器反射)模式解决这个问题。 + + **IPIP模式:** 把 IP 层封装到 IP 层的一个 tunnel。作用其实基本上就相当于一个基于IP层的网桥!一般来说,普通的网桥是基于mac层的,根本不需 IP,而这个 ipip 则是通过两端的路由做一个 tunnel,把两个本来不通的网络通过点对点连接起来。 + + **2.1 BGP 概述** + +BGP(border gateway protocol)是外部路由协议(边界网关路由协议),用来在AS之间传递路由信息是一种增强的距离矢量路由协议(应用场景),基本功能是在自治系统间自动交换无环路的路由信息,通过交换带有自治系统号序列属性的路径可达信息,来构造自治系统的拓扑图,从而消除路由环路并实施用户配置的路由策略。 + +(边界网关协议(BGP),提供自治系统之间无环路的路由信息交换(无环路保证主要通过其AS-PATH实现),BGP是基于策略的路由协议,其策略通过丰富的路径属性(attributes)进行控制。BGP工作在应用层,在传输层采用可靠的TCP作为传输协议(BGP传输路由的邻居关系建立在可靠的TCP会话的基础之上)。在路径传输方式上,BGP类似于距离矢量路由协议。而BGP路由的好坏不是基于距离(多数路由协议选路都是基于带宽的),它的选路基于丰富的路径属性,而这些属性在路由传输时携带,所以我们可以把BGP称为路径矢量路由协议。如果把自治系统浓缩成一个路由器来看待,BGP作为路径矢量路由协议这一特征便不难理解了。除此以外,BGP又具备很多链路状态(LS)路由协议的特征,比如触发式的增量更新机制,宣告路由时携带掩码等。) + + +``` +实际上,Calico 项目提供的 BGP 网络解决方案,与 Flannel 的 host-gw 模式几乎一样。也就是说,Calico也是基于路由表实现容器数据包转发,但不同于Flannel使用flanneld进程来维护路由信息的做法,而Calico项目使用BGP协议来自动维护整个集群的路由信息。 +``` + +![输入图片说明](../picture/2.png) + + **BGP两种模式** + + **全互联模式(node-to-node mesh)** + +全互联模式 每一个BGP Speaker都需要和其他BGP Speaker建立BGP连接,这样BGP连接总数就是N^2,如果数量过大会消耗大量连接。如果集群数量超过100台官方不建议使用此种模式。 + + **路由反射模式Router Reflection(RR)** + +RR模式 中会指定一个或多个BGP Speaker为RouterReflection,它与网络中其他Speaker建立连接,每个Speaker只要与Router Reflection建立BGP就可以获得全网的路由信息。在calico中可以通过Global Peer实现RR模式。 + + **2.2 Route Reflector 模式(RR)(路由反射)概述** + + +``` +设置方法请参考官方链接 https://docs.projectcalico.org/master/networking/bgp +``` + +Calico 维护的网络在默认是 (Node-to-Node Mesh)全互联模式,Calico集群中的节点之间都会相互建立连接,用于路由交换。但是随着集群规模的扩大,mesh模式将形成一个巨大服务网格,连接数成倍增加。这时就需要使用 Route Reflector(路由器反射)模式解决这个问题。确定一个或多个Calico节点充当路由反射器,让其他节点从这个RR节点获取路由信息。 + +在BGP中可以通过calicoctl node status看到启动是 node-to-node mesh 网格的形式,这种形式是一个全互联的模式,默认的BGP在k8s的每个节点担任了一个BGP的一个喇叭,一直吆喝着扩散到其他节点,随着集群节点的数量的增加,那么上百台节点就要构建上百台链接,就是全互联的方式,都要来回建立连接来保证网络的互通性,那么增加一个节点就要成倍的增加这种链接保证网络的互通性,这样的话就会使用大量的网络消耗,所以这时就需要使用Route reflector,也就是找几个大的节点,让他们去这个大的节点建立连接,也叫RR,也就是公司的员工没有微信群的时候,找每个人沟通都很麻烦,那么建个群,里面的人都能收到,所以要找节点或着多个节点充当路由反射器,建议至少是2到3个,一个做备用,一个在维护的时候不影响其他的使用。 + + **2.3 IPIP 模式概述** + +![输入图片说明](../picture/3.png) + + **IPIP** +是linux内核的驱动程序,可以对数据包进行隧道,上图可以看到两个不同的网络 vlan1 和 vlan2。基于现有的以太网将原始包中的原始IP进行一次封装,通过tunl0解包,这个tunl0类似于ipip模块,和Flannel vxlan的veth很类似。 + +# 3. Calico 优势 与 劣势 + + **优势** + +没有封包和解包过程,完全基于两端宿主机的路由表进行转发。 + +可以配合使用 Network Policy 做 pod 和 pod 之前的访问控制 + + **劣势** + +要求宿主机处于同一个2层网络下,也就是连在一台交换机上。 + +路由的数目与容器数目相同,非常容易超过路由器、三层交换、甚至node的处理能力,从而限制了整个网络的扩张。(可以使用大规模方式解决)。 + +每个node上会设置大量(海量)的iptables规则、路由,运维、排障难度大。原理决定了它不可能支持VPC,容器只能从calico设置的网段中获取ip。 + +# 4. Calico 管理工具 + + **calicoctl 工具安装** + +``` +# 下载工具:https://github.com/projectcalico/calicoctl/releases + +wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v3.13.3/calicoctl + +chmod +x /usr/local/bin/calicoctl +# 查看集群节点状态 + +calicoctl node status +``` +如果使用 calicoctl get node,需要指定 calicoctl 配置,默认使用 /etc/calico/calicoctl.cfg + + +``` +# 设置 calicoctl 配置文件 +vim /etc/calico/calicoctl.cfg + +apiVersion: projectcalico.org/v3 +kind: CalicoAPIConfig +metadata: +spec: + datastoreType: "etcdv3" + etcdEndpoints: https://10.10.0.174:2379 + etcdKeyFile: /opt/kubernetes/ssl/server-key.pem + etcdCertFile: /opt/kubernetes/ssl/server.pem + etcdCACertFile: /opt/kubernetes/ssl/ca.pem + +# 查看 calico 节点 +calicoctl get nodes + +# 查看 IPAM的IP地址池 +calicoctl get ippool -o wide + +# 查看bgp网络配置情况 +calicoctl get bgpconfig + +# 查看ASN号,一个编号就是一个自治系统 +calicoctl get nodes --output=wide + +# 查看 bgp peer +calicoctl get bgppeer +``` diff --git a/Install-Kubeadm-Calico/picture/2.png b/Install-Kubeadm-Calico/picture/2.png new file mode 100644 index 0000000000000000000000000000000000000000..a51c47491599f94af7e1a7d99f318ff6e5b50ec0 GIT binary patch literal 59079 zcmeFZWn7fq*EWoTAgT1wN-8;YgVNn0k^@MGFw~GLEdvNhmxOePbV-9qcQ-P0r__5Q zUf19Id7t;w^Y-ul05bz8n_cTz$2!*9J6J_Y8XJQY0|^NUTUJIw4G9Suj)Zh)<~}O$ z6Rp6L3E<@pR83k8si>EH4fud!{#@}n5>iPx<^|*)@EQHJj1CkD3D4=~>&~nhl^YV$ zik_^*a}76x&H8(ugyyxyUdI#Xo`_AF^Q6nWUiv4sh9?y=X)H%XPqp;qN*1@bw^3r} z{fy8*_@UefK5W}Pznb$Bjgk}xJu+3Kw>G;hHr%1=d0A>UQGoC+lD@{g|Jd)L*v&Vx zC-6V-#B9>Qc)x!pcE7~GS?13ptwb0!|2(Yw-w*%)b2i$Bnom~;Xr{k;k@4D18-YP^ zoA5+l`^BrvbGM6A2dk%&H@jicR)_^&>$)Q~l%=Rz<7D}fStqi|2>g{hPpj~Ku6p+3 zaISjpXM&sE5>&ZY1}@SmMSay3)7I>d8IhFK4KzDJYCBcYmMI(cdUL#FSnd6Xf>&cj z`XC`Uuz<_v_umgB3pk4v8`OU>Zo|;4cBCu+NbTJ?)LiBGQ_k~fM7zpm>*YF&-@`~R zED8YvPP6V$V7#%Q@Niz?sSN3Gvzv~G1_j;sJm0E}5KrHUlKl*1K$2BGzP7zjLD z887Hsl=}%+OvVMeG0Nh!GfQ!>(vt!Hg>|#b`B3~Ls<8bd9^x^ofG#nCH)7=Pnq{T~ z0Bb-ed;-7vZ5BAsA+&blK#P7D1X9;x|2BPNK4SMUGJI~{1c|GFf~QnK=#SIx`VTbR zylH*>1m0>3n9v86x6P}DH@39+kU(mYhd@e9Cg&OCkPUcq-{C$6jRP6b8(NJ|;9tc5 zS9hy4KJWq6;>Fp)i+XqN#ib=&3X0ID>RCpEnX*^`#m4)~opB;w0z}L&-u&!}U7Bz5 zb=#ePzRuP}bu+xv=OA@8wb$#zPYYg_V_*`qN@!>h96V}?O&cp;xnJK~j+0+4R_xR8 zdu;7C%L5tGe6amY*;8y%9*JrU!re|pD$TXW&SU$l3*f&|8@|2!nn9{Qe8MS{_fis;u}|8LCiD{Q9{G8bcsv~Jdg4KqXQ1DoMD_(Dry zM&|PViRdMYe^-nYdynthj|ZqN4{*Qx0-v8Z^@+B`(#d_&-kGg>z3^^LVprhzUg?%{ zl6iMrM(|XfG!*TyV_cC8*ZJ`NN)mr4%)E~S^zD5$Ua3-Q^KyOd0Blm@W3eupWWxns zO8|CDH5Bph9CS735H81anlEnTX{w4b4zdJFKXUAF=@#-PfX1Vdh`_7O`yTyTMpu}w z$KPrX7hhW+QO&Z^85(k1Y7ZSY3~)`m*;yt$9LBBpJvFni7`bx7(Wfem2DWrx{91h+ zBMf`@(^1rSp;9Ks+GEf6JkH_t;ma^kSh(mlx%0*-xA@=%5@0EzvHq%o3rE{CWNmUE zpM|>EvRjTR(azL{nBvN=JP$CWIomU#ooNWnJwHi*zGHBjE`wWUGckBr;X(1+O3Y~V zYn+-8{=l4e-~=_me9=Y9H^->1uVmBas_RG$3yO5zVx887?B0ztE!C7oz{W z`IsL^vzq&D=Tts$wr{6*&HGZKb?dQzn{{c#ucHl`>+_wAl#8lO41CmFRI>IoeF8V3N1 zCUJ-AdXyym72jzi(MANPvV8+^? zz-BZAQc`?q{t+MMf!~8>u`y`&FbLXhXg&S*&|^g0gCJdziVJ*JJ)~#n6J89&2KDb3 zn6&1nl#*34Y<0`1L~-z4H{Dj^4%zL7=+!&>mo}W%-r1?Crh05M1G~wat=JL`=hN6U z|Ehp3>7uiGGBS&8BYTl*y? z3isaJIjw-2J0*)y$Wvws37bU_fK7Ppo-JKn_J49^)n)I;di1!o7D4!+Js4UBWxVhoi%mKF3Cd%9Sb z_jpjUjFkUwG$}8~HU0FrGfxgh;i8>)XBMo+D%sZBTqJxdVf9DNwDFI2Y@3g5Eg0_V zHE6R%q0mUcheR5_eY>;gU@=@=47>hi-y-4#eyw`fm`%@Z#nT((cDG?&%G7zFsh{kK z2L?ybH(0h<%-zFG>Ga*>wR>cI#u0_Kfwuo<`8i=pH8q}PUv>m-Gw)^p^TTl6Af62A z&nr#d^sW*?n=F8HUn@ySCDN;gE2-0G$PLk3^k?%f+RwO2jmKmPH6{&Zck?syIX(U*)Xv2nIqKj7xWh$;EkD7K&26{AGZ7H@`hq*sx|DWnN?1h0O2Sg}NYrv7LE%HEs`ImU0#@L!fCV4 z^PJ5&^*#q|`ps|r+=kaiM`T`|tUl3&z#F`0gm#86=Y)6a4iL*QhL?Rz9PwA|2ffMM zcVCvnpiyYnu50^nuvPfaRqPGA)MM!#81#eNP8e+aI0C;PaLYqv8)HH;fOWjRv5qNn zDO>CLQ;ESO18PdO{NAOINHyTInvWR>TMb*|wN?T5`dG-d+9o1rgj zkJoGm7{cP)#kb;z0*1AJk_E;eJ%in_)YMk+EXGb-5|RiJ^YH&0T4EHQJXK ztw(&hwCI@#u$ABY6Bi?cmJ>Jov3zX$L0N8)fXlMw-9(?C9H`84;KJmRST+$wX14bd zvNpbS3&&ycCuRQXx<<9@Nv)ZZagV-c6=tsiUb<_Yy(NaNW!cLEo>@%?{{^}vKdiTw z|Ju8ApIj8NN#Ybo5R5}TNN?G&cwunEg#ll3s8lBdiWTw<5;-vG`OvMCtt2EYva)y& znz$0`)+zh;;xxS#f8_Awn;8RM>II zi^V-PK;>;(hM4{XWVhtK9{;%cwDtQ3x#Tdefv=*k>sC-GNQO*5g_XfvdLh36@Y8mj zRpMHo>cCnUHW0Ptq9}#blibZeb3I;DmwGmYk%5uGlVw$$iD7jp8^P5nOF}4hP$%db z#~-*<*?I7uV3Hym!T_I);=5jd6_p>ztbgH@5WLbc5oxXos_jdNhro_r{>MYd5lU&s zXuvsW;J@7T6`tW2rg)5YE{%eRS_1oFlLStoU$vA*D7(sa>1$UAa>mckj9#<-wCpj_=(O*Z*w3rQh9eF>qmtvFM zBW8Knn*QXTAN%%-bJPj77Ax zniwSi0U-DRLZ}GTB*#g(^B@Uag`EJD2H@-|m6Hx0ai<4~Xm?R=~AU_?t zVYcl(Le!(kN>S@T6Tm7jr5@3?ZaZbPnS~7)=J2vok4M5a*8?k&;kt3B-Djm=lEUUo zy6pRec2*;Tsx5@=e=Q9LTz(ktpl;zEFg|_FNvjEMpv+IzJPcl%12 zj(=F0Jjj_3POm~CM*6S?pgyFJhrCjptTB?SiZK^aws{M~vz6o9khn_Lk{X_IBr{zX z*ZaZdU#T)U^Lp@}=0He2@WTm5&2^5TzS$a~a~ z;pOZO>rBP3Z1_?$q!PN&j4(==dtEuoxkS`1a%%J(5Ch*Z(RzF~{PyjE0eVrZ2`WAV zs90sZs##|6%KK+_=v)O>l<}~|xV5)7yxyCfp<#@=jJ|z8`8s{iFbJOEo=rPP#B-Ee ziTJ>mn_NXN9?q57SY}z#%3iszz8h1ampfPk$#R<1$8q98y z;$E}Z$i^ugQ1mY+c36MwMNhJh;+^bcfv3KHuzJ1mg=hwa?_tDLWxRoct!?OZ3B>`M zAy3GiOkt_Yx&F-0h!IK|Tb+@g-8~0II+uqRq-=QY7P$9>4QS|lDBrs@=TvSiImv{x z`p+`(jMlk^_Nr&6>kea;n!3+Vdt?5Eq2=(guLfP7`Y0?P(6|^Z?D{XtY3bS&^!ukd zyt{}v@6tOWTuQ-7tO-0j&DG}npC}ui?dwgFXG6)H>0T$Vr}1+stt-`Zn9N`0&`5*b zTLgwTCRz@)dWF2Zu>?m5yN+NC-3jG1{)rW2`0i&M_pkY#*67zJDDE{BsN4Y}VzFda z{q7jt8qpzYS*#@oWU5(yhq^qM_%(!9lg&J+v75UWJma;L`Z|Ue|tGzV{!Q z0`W8(q>gxORr0+&@P*BK#0~+HUXL?lKy#VSyB3bVNf+&cV=@nOj_XyEZ4}rn|GB$h z*3cfQnZFoPESL6jV|4W)iRH@x?zN3QQmCYNHkzVR_?U-mc9so%QhM z%#|{@cb#M(U}|PLEqPE-l72_-3B+pJC1mPe(nNBGkoT~-Cxv|(5ZbfcGk&698bD%} z$N$A8TgmKt5r+7dh)HsvlYwI&}j=*2cn z(3QuSga+pH?)xXoVwyKxfg989-qf`TOkE?nzI{NveCB@CuP~cx*IoQBr{gF|n9RA> znRBP!Eb!Rufn0Ln+8Ci4_kSp=6w9h+Cf8mr?LD#UZC;;m@kzxkd?suLT<4E?D7d~) z7kAQuxg<>ndz0yPaz9w^YsA}d8@F;IhF7U7A3|v(vb?ZK-;S|c3{Vd_#*3(0t->@1 zxk@%Ju<8|GX{WkQUR`DpYI<-ADkdCGALQlq@_CNSWK$NWk&#>D4bOHSc2rVuw$uJ- zQ-i3nj}Q&dsx_i+Q#~H5sKCkg3H?tz&~Hgt(`PqH{wa;$=F>8*evigMBYCdTgP;%( z_lB_7=s~GC1H%EDJuC^<%;>srR@7E9h0TZFBKItDWoP+NOd{ph`_>3lvARWl8&kR- ztqvFHGc+v5@l`yp6Cjo8vp%njtmO{exP&Stb98K^M9RAEBy5Q|eN>rT;&!t7zUsV@ za?GVPQ~5wR-8|vkN#MtLD47DK;yLLh(LYcK-?e zvrX1o0)s@nv6d=ro;MdJzBrD9f%5@K|04%{^R}SYb=zX3-cy2Pa&i)9?#?|2h@Mo#l!mA6wi9qVwucJs2Y>fU14N_6+%nda zX!3oKF3x-R5p|`lcrgsBQm<&OFj>!;V;YYO8Gf9vh=wguE#Tbm_RMFPz%mp3&HE21 zo%&-e0kM?lOaX~hp`rQyd{s|kKev^DRhcyt|9TursL9DVyfxpCU1xtW?r4MEa|AXz)zB8{G}W*tOUtmNm{}yI?t` z<0iacshF?5!Bq>odkk3{kXjcHl`Wq7t zFdRqEz?d3FK3A!=CYIQqwp+ntjp%b7?TlLG^|=}%=jD5ft|}cS1pRgv%W8aB zdZRNaRTk0reY3$anUskU5^@=mI!qGoI&_(&XmJzydtQ^lR+xxZeZgJD{1{L@gkrJC zuw}Z`ykGP&j%ET^lQy^2C)1I{;U+><|LT8x zM>LP%0$5J_v%)epK2)VjUdi^WgQb-^ciP(CC~+V|(PVw` zBbwQA==-b{DSZhBn&zC49>s|U;_{!>Qbqc$*tVYD3xjE7l!tXOZPQY7@-cI2umh|&Jm8~cE)T9k^NBIx83gkF3z5T@~h_9pRQf5La& zeimz~u4tcrRR~it8STVh#V7NXq7E%pPW>pvhe<(A!wxwg9o9o{ovV2}%YLBJpdGG_ zVbZ*%3#xYz&a1Tbg>*%+U+;g;MnLKW{@zs>OZ~6pRcp)?%Sbp;y^M|FZVI#Yg5|Nh z=zyjaYNyJnU~T;g0p5MVnWTwg-(0~$A5lThKHcquwK*3z-~|G>LDRi|EFcGbtj{-R z!!TmGZyJRbNXK9@c_%pw@{>b9P7#RygGCO;F|~Fw!@kGEF5;Fub65E+)0e*>D~ETk ziU2!A%Y#`rloTR$w7P*|<~;fu5CDG5zkbc9zxFhK4R%8meBkkw?B+xXSfoK`v22Mj z(#gf#DTotcgblk*+?wWa=b0iZPGel?Mi2Y1aX{2cT<(;#{|eaAjnK?~(M%foYm>bF zu*1Sz17ag+2FDe&CD1=!X3yH5v$q@T^O!w@MlzXajC{uhRd`Me9ayk^UU^PoY{dXi zP%d}StgKoW()8ozLB%Z6fl?1qcDOnJ8zZ%kg#-AlbWBAbT;LMhYqpT+kjMjRuCO)h zl`3uW#eE#?&=lQehGSCt*jMsVV1ic${r33VZwH7(O||@TyCX5kFr>ItDXH=MNdADs zKCOn$xJoaDc|ddCCr3V|_J6UFgBp%mY{}0%g9hMSQqG5iC zys7*tdpD@?N9HJ|!YtNr3mRck1q52$cH)!uH3xyR!{n3MmYdk^iRKm=mTt_2(|5R1 z_n6j*aWo^f>ulW$NFSmUm^->P(8HW!!T=w7K*g0vgVswHw5XXER~;p9Q1T3^5Hy6b5h-B2WGGMYE8Hf`D}kCIh=yC zLS9&P0~%2QMx{_WnhJjERbjn9Ck_QiN4KyC5hkmlcg<0NzI~d=P8}4HlEVAYJ%z8D zXrd*qBcA6T5| zcmTNY+vK>!PgsY&@G@|y+RMDoK~1e!mn+cW%LwQ2SG9dp`TtOwQyox)-6$4p|7XjT zeZ9Zy{)&ky$NqA!?=yY$%V4|%a@$Aj7Td=`45RzyCFPhw;$GJAb$ zLcn5(!$KYKSZUqECAIRV-@m!#UM={W`X?k(turFD3~f#hk|jaxEU^1+g4@KRebM7Y zrN~ad?qJsAdosg={hvJ@-%Xc0qlkCBPwy}e7YB}G65EK{7ypy~TJ(W<5^puwq83Dm zeTc{nA`=R2Uj36)Pa~0~hSTM1NzS^?KEIUX#uYTeqlp^Ga~EG`Qb97*EH(=`oAjDB z_$RXkETEevAZY*)3S|7*xd2bOv&{CUiKTWbW(N*$%VZUQ3a7ly)8C}h_VPY~-GQJU zNX?sAp!yF~10T`;WHAZaH^Uk7l@q_zvJt#%US$Db9!T@2kr?1fMWK!P*->WxmuEvW zO2>@%`qyMYT!as_Q@#k(*ZThbSGet$oLY|@b~Tu(*t?FeRPJMBxc)8$xJdwZ&yMqY zk(eEUg4brKKYU%R+F~a?iJ@$+2o3>PNxC}O_oHS^9<_ya%DR>5Wj3z3G5puIrFv{t zBauzcmA=%AK6H&CZ=Gak2MyOHE;m(xrXWZ-l7+2HvCB%?z&I#=7d+fVKr)d)GNZFj8EXR z0D1!D6QBg#_swnsW}G;^dj6P^50EQgNq{slc*Atxl-Qo9CoYTj`2O0dn>BguIhw%S z2gnjTe`*H&npX`9DDXo%lTjgUyQ|qP%AC~jO5&}y;a+iYm5zB*T)mX(0fCE>QY)Wq zQi3TJt1xYc&fNsU=a9pjkdKF;y&tYZ&`u|AZj|tS>{m&Nvb{$%c>SVX7rmA}T~iru zJ4S52V%wMz%}@fn5R)id4Xe6}aEtRCKQ2+a=RY9$uZ$@`^;XhmPSJdUwa-vDT)hL^S7jwc+Qe8=hUT~_P27u=4yKW~gH z)nm>Ge|tWNx#SvNPI=%q@|6689>0<)yTd%eGcxU;S7;#*9(}z;qWKg{Y~%5ZTnG2R zOp1z(SS@7(=F-%O^vwQ+X|k?xR`3FQ>$9EjtjpHzw6?4}ICo;4`o;U1`gI&JKM*i|tmLOj`SLSMg zhDj8H(T}RfmR0^5M2j;-&lwMxGYN@&${d55ubr=wt#~;@GoQ*ofJjv?L96OLJyYu8HO6(QR?FCOtVx z*?rX)ah9(&A;S@TmWCliz#hfJC?Uv8^PCNVf% zX-^ld` zg+((N%SR7*^7Js-slx%0`7mTwFDi*-%7Z+BdnZ5;y|zS%8sp$6d2Kc;%pEH*Qvm<3 zzNtW_!2+oIR=gd1@%g*YBI9Npn(k-NzfdfD3w0PEGyl(=5Vg1YW+kM3My%L1wh(HC z$x{Ijt|<3ptbkbEmtOpbQO+-QuB%gfchQwNa|bhhX&Ba&brfWvTNK+Q%48Oeu>`oh zPa?mWamVv2(#n?aX(`%)HSO4Ow80bJf;czW`L7SK!&r*ata+v@6wq~G@ojKcqWcZTl^cGTDBzZo$e$?Q`^_mN#EO_KgB`*@_c!> zH`3Q^WJjMmyoK(X`?7{ds&XSR3OZ`CG=9cLD3#oDYB8Z&K!$HZnGdD#;Iau!>!~%K z`0^x)I9}mg;43xY1OD}*18Fb3NGqd`AA9!`U|9|H$mp9Qny7>4df4h7t5sVK>m7cS z;4RQp#%=$}C*r|UA<=HKbm}j~cvR&9K+9a&s~|GIdnZIxV3tb8Os1bD?grTUFA%%k znr0*i<_6M4DEkmfB*v^lA1AC-*2Xf8*>%<#l2?gI0C1nap3B?XwFBk{lI4` z;Lf}LMs@2KDMSdbo-~mb&2Ef^Q!QM*X{V`TLW15`p{{*BplYCs7Oq*S0N+*4g7r8fK`zyzK*O2$k9@HVJGOU^4NRTVmr+MMVw7~%3%qV0{Xl24wGEWF7pI(_miG16!Ju>ZiEb;;_J9h! zo5E4KkBt6up=6JZ+ZD)V82>KAuF*2YF3_w_yBTp$Tc2SrJDz{?+^tBK%$&hp? zq8BJQc~8CoaJ1j$fCc)sM7C4q;w2ofRLWmr0!2C4mrF!Ouhpmnm~}SSo)~<_*kA4n zES8VynD)j8#lwq^UM_4+SMND2G~Wc$TjpEwFY3mz#J9Lzac(q+!8uRg_tA`yh;mgaWTy}#fbc`C$dXBgHO-2>4g2JPO;!F+0+-Ol-JC;iE z=svK`2@`yeL~RU`^%SrJL`S0iw_u-(B`WwManX)x z*#5k4pJ?S}fiS+Kz7PGLWbopt-c^ytXAEj;YK8oDptSby+QXYN;emmH(+VXDrU!Co zpMLtq5Lf&Rl3rY*mh4{rFl~>J>JVW0;l%$5mm5*EX!wmf2t$RwrA@@6cc&UOgh5M_8W>mMoTX@Dv^V**gACW>t7L7 zJ=HEsim&7{?Qd5(g$y*yUccqh>%IE6^+W%NK3hbNxBZiC}_{l zLE&xX=?&Bct9~(h4o%)TN&zy7v|Vhs^e%CLh)yx)SBrrAVUEs)$@pS9CGJ|@LxQFC!m!FN*>Hd&`2v# zmNALe5!7g^04*tszusGH6X%)r*byFz%dYO<1~`4sfM&iHcPb(Pn+%v0Hvg69^}R># z4c?bEZ0Fa*pk%+*@-`r$1vzDgt~8-ylV;9}$*la(9snMc zy)AQY1`6FBNPovWH0Y?nE8cIzjr;HN6j8P^?`r9RYixNSdtJ7FP6%?y4T5&I`8{Hq%n}nI|!)yZ9b0M3>%Et-)bap z0jQzRO=U&byfw>kH9G^U|syf_n2RMSx~h?s+@CEt(FQeg~a%HkjJ_r`N} z+($>(zctOTer7!hkA1E#ax~JJ)7`_&OgRKb?ZWC{2MLf;0G;G7on&)>V+latuoSoF z8o~kOS{zaqmArD@Uz)jlPmBX&dF;FWRe7x_ftcYG0`Teph%5|#md{NEqf7qzCn$vN zu9$Tp$8$W$qe&1`jzv`EjQ?mijyto$8ig+j0XicdPfgcfZ6^<4z1rT_Cyy3$Xl#2^ zMN@yFN2&Y)2l-Fn8^&%Ah)%ydbr+~9H1XASsbrZWAqkPy4^RUM-=30?jd=!8oWFDf z6;LwfKl%qvC*Biy?_VSjAMo@4#!$36Voz?!HiLsOgqH{_&JVwIY@z9EMioH==0k*^6uqnK!9|nW&@O zr)QR1_!!0F`J7M}0~K11pN2R%52PS^v-h6$!rVqlZQd(1uEq7Z)$M0)ImBaQWZcvz z1Hc$SpT-P#jS7#Oc4ah+>U7n{KUoY~ZU;n_#f2aE72%z||I+1Ri4!B*5N`;Ip!Fd^2V9YLn+wmg9Dfnr{j3wK83 z6G6g%1QDr7IyXts5Y>Uv8T<6dsbYq0PRE?Ppeget*&=E4BCh)P?$b2fc@@*lH;UNMsFT+6oDCK?%){L2n}p-Hp3W{l_^RaI;)P zo|y*Tc_D07#BX+tJq!Oj{f`}bod(m}5#NG^`zqitv%vZkx zf_5~fu!U#C7z&$0D98!UZ9x@Y-C{gI5Yvc{TVn#ukN0)(ib$wmle*%&GJGit$5QWU z&rPqUbY52pa>OBdDEij9=unFrmwV{_MGcyez$`ZL2C1#5aKC05Js^9P;3f+inrl!* zagaka#Z7qmX_OVf&a5TxGq{jH2`33h>kMSC-vHBu2r@9ln^3X}zHfc5{&2{=Ku3c0 zlHV8ouciDd2Xg*;)fAtv&}C-M@0v&&+F$=%S0T35g~5`_PR@q30m)?QNOCG6bfD&? z*I~}okM8FhX$ov`myp@%k4wivDD*fXV$F@6K`~G^Djxg?KdXWl5TTkchFe{9>;K7KX4jLogV!x5QXyDe;y=`8d$>Isl?ATcd zW8Oq4pkyHLlMmJ6w8_C(WGF(HBmfl)`S-C6*_aR9&2FUGE4EyP2`qV|ZQq{C?^>Ld z;%_SV%)Gf&kDXT;#z;!4L`S20>ry<0S6UO^+7{PCf+wYa-yA-zmGv5^cze-;C0qXp zT?@bL*l0WHqs2?@B{YRraokp@qmX~ZlRxSsEt5aHWae&b9X36&)>8viIuW+_>z|n* z8i^uqkJQ|JCUBX_C_{0|6XMS0y!PnaN9=v;sht>IiW6FLLNnwgxN66&=_(bu(-4CJ zlhzJ`uMJaZ(j{HHw}eSMB)NbzN8Ea^Y)Cg3_LilB;28V(Ul{UO-p}DD`X-Ui#$1(e zJX;zR8!!^Lqo>xzZQt-!7E7t!cn!UmVS<&g?!8q_U~s~LMTc4S@w`8I6n`KmIyFC+ ztvDgtYTG3eemLa8%*r+%5a>wmAA#}@p6NV=cOVKnG&<#verUHe<#txlRc{u_q^}fq z2%xcB-E&b=Xbk4xc&)paJb6rku@t-QGf_dln4`Y@9TLsE;fn#*Q!f7^FSsPRT;;{-W#3x!j zj`W?I$%bOmJ*SgNCuO>u(_-lYR0a1e5yerq=OzcvpLWC1O(y$$u6V-?g8&)X#IAUN zkB^02XVpy4zr9fMFc~NAprH=i#Co+u(7YPOTL`F%K ztwT_h$&`jx5*e(OmWu3LaZ4w#Xl%90S@UFzeih71n;9(L!)?+=UrJlm%ss&EfRwJN z23PN2b4olKgNH>R1pP4`uYj(k=|oTF=wxxM2h}NAh$4w6x^f!JL9mqn@$<~MQnG5& z61z@!NC_JcA`hKX{8+W1X0uY$1gd1iWt^zI8*pqBM562|;^#5X2$_*W;w%YXyZQmo zLL;28D%!L#GA}=km6Bryt5k=QT|IJ(r&X3ZdC;~BUD1^0-Qci;~dJ$4I&Pj)U5=(WtEz+YCd7>ptIoM`d7BSQbGuqMf|wKht5J}t(3;MInhB>LL)dcZyutB zo)J)V$diw-7{G2Ic|%G zUdC}`wyjYv?_aeN+-hIw4Rzz{eh|J&%Rw)Tscz|P?1^hPYgmhRWh9Dmix}bbS@O78=Z0{ zK$z!>-#>uYi8Kz*;nHX6pS!EMokn&6JV>YyF7$Vf$*_#J@9|3Y+GQuz$_u6e5^j=? z*)!HSHx_>@?)@GPRyF{q|D^pQqnmTmu;a6hc}%93+s3&ZBGzQHG`Jflev>m4xZEg8c5=Z4NS$`G5Fz z8d!k%FM7mfKRZpZtC%<16db1rS7=|h!<7Pc#jwaj4w3%2DS)c${pB9}zrK>cQ9i2Y zdP803o;CuB*{&$!8@lh0LHGnt`R0#p{SW-SJ)FuO9W@K z?)FUW*dZJ*Qs;K8|1HA+C*c39i1q(HjS2|Y{lC8IQUe8>+-`PRu!NLUy3^Vquq*HX z*C6a-V>l z&~M24d&9g%MoSPHPZJLu*1g{eoSwS5{sIzm%xLhdi@(`^*6puZ@W5JV6@AGx0}CHUbR!5U#J{;T!iWc4|&`ePMjJ(NMFryA+Yhy zv=-|y=oIJS9zPIKfHUqq9HV%FkG?67%1T+W9Pxqp_9~D?+q*2;lUD9W1g~XK?6)M0 zywM_Bel+H=WfEPd&;{0Cp*Wo@e;Vq0gClx(vf)lym!;%66%vIHhSS-DPaQjS4(}y! zB3t?y{A}_qdJQl8qDfF+vG`PtgR@{Zx71Fpx@~wQJAQ4zqPg@5$ca(y}*U=N0U& z1Kpd6$qxbq8VG#K7k1deB-(dY_oUAyj`RA7MnvrIv^a|_Woxl5 zZpfHC5|C>i?&v5hU6Hd2&%h|`C0p1{`T|to-SoxGf>nd0mND9a!X*!i$Dno3{jx_y zx}K4X`1n_TG$ze^q-1Z#N^@%BJPVv(&oayTzp!KQ)en(+Wf*t)J2s=L?6Ao>DlcqJCXg8fu*babCYV-c6bjp zmGK77pJ_+bSMaAQYms2vs*d3=! zT{Owp#i=C$1Cd|;5L(nYTpntD#PQukGo;eQm-&h7)ON+3hg@D3tmGf&UZQJ47p`74 zw%Ql8*}d!ZXZ#}I>ZrkP6d|)ZOKTnWnUz4=^Y#i4S&Q^@1_MF5U^DiIbK>C|fU@3N9tywpM?`tI3f^{6`?$?+K zzG>AJLw#?X?!Ar2E*R-jwgnRJns0*H{v_puxt_0o=q-fO4shN5)nI~s*1fqqlpQg- z&%Y{ebmX?de-}z~!XUp`fa-MZE2R9eK9+tNHW@O0e34&XoYBiZApFJYIXS(Y;VsY~ zvL|3V*FKr)wRFL>Hih%Zpbq6*h(U)>-rm`HnV+=&MYTuqm*?aVXr%v#;d6u-Iz`sx zl5%5Q@tZc}H~5KfJ$U0Vy)bS)zeSqtasmOzM)sYE=(l!FSfR4S38u~wNjdE?jrRgN zR-xciVkc{U+(Wv+_^s&?r&RhP5D0Vuv}s(~tINxU+G`)S_%m@x}|OMiHax1voZ*F`4B2IW|S zk&Qu>zKA|!mz?2g3nm!gJKrMWu?S}UBy%E>xOe1Mr}&IQuQDjgIC6!xO_F= zv6N}vy3{s;FjzlX?^;n@eHg!W@TO@;kk^pb>+n~pj0tqU+fLrV@Yp>F2<>mOGQa#7 zA~Bt#2U$uBq9p|d_+qatWmq@Q(2TTb=G*TvU4Og3btd>l0i!&;5SJs2_miB{H3hhk z=rzX|cSdO1*sV!*ig58ySKloNMWGfcReqx6SM)+aKXNc_Bv<(Y!|7=Fv#(lUo50N1 z1X9K?P+eqg$(Wu+L4}Xrx2Us<%tbsK?cO~)F*@t-!rv0yAHfsxvv4bqvK3z|Ef3XQLIaC zLO*7FZSHc1<~?$VeFK8Z^@i!KLi7D}#e_LA7FKGdN|AssuK80iZBljV1yq6vxo;bNyNrUN-dJ-iJc5f)hFI*EIFIUMx2OwEB zW9hxBo&$AF(vg{ma7sZf_BhlJ4&A4(aZa?gfa_-Hmj! zND1lg?huep>6VfPS#+*_dEd|Te($%B{V#{ey5>4(T<09)H?m$WsKSN$GWHcpiZqyV zcFEw$i_IRrA}WUUNqhB}1|z!wvsj4UV8EaidU~Z|vl{KE7$huD*_0g=bbmT^E*HUl z#GVId#4PT26^vsTN%wCddt;NR=exXVnS_-|Y5YC@NsDz3l!MjNeB<_RS0Z~hV9)cY z^Sf&)^--2Y5^_?NVLG|S`xEoW%lDXIWS{5tm72Rh`b>B$JSX6Uuzy4y14fM>XWvQV zBpySE_&a(u+Yhd=m@s4&^0RbNfa7fXqCRFWwUUu3x$sIaPZ zYWR50D~sz0HoR4|Ano5PNN$`@BTyRqa9)qt7e}i|tPeyKFf^(9bqS zXII2VY%HxTc8oSxY>(dh|7Q=8+d` z$27#H8@|fBlziI_UzusUSza!jBbcLxH(KZ8s~y(Oo3gwMT1e1qNUZyEa39B(gd{;{ z3ZgOfMwB1LOax)iQkyBjR;bkGx}7eH@4r2oRz=r*S|iZH)>`UVKc-(54gfW z!e$qo<=947ryN{qb!=-D{K#q@r z>(K*ZS^Do(T=ItZ6Fp7+?e0$kkX>hOo^tvw3D4;lJ)vYUvtux_dmaI|QB;fkKxqtX z?Eo?kQgLJoJDN2bxa)yY4Xdd>VLTID3YHkmmHHLY8p9=Xn#dei%g^Pb+sm=NjcmJq z&nAz%7;!V|j5NqaKOOBewIUrOPOt|7DI@6N>X6=`TS(*)qNw>O3}4%uBv**W zNNmAjcT`?__Fp(%h z)szM9Bb0`c2Fa`Pwxl#UGs|;mOrG^0@S9pH?7O__=_zLm0|EdOHu6P_z3E|rtS;*< zS8zN)gkyi6hH*{Dk7Q%g7VGxCpKkc1da~N0dNx5yj3Hx}r9Y2y05y2rROFX6h}=c( zy)Gyt(?%~%H%Wq6E+d#O(M_d6?WKXwBm#b8CDG&VFBwm9d}TIse;c;)V@jXzs2FXm+nmp^0_Q!; zbkU9|%3wie4|T4JPd_Mt$1f--Q16z2!)7(W{cv;oJ%6>O?&QMU-~wd9nmTgsWTk*) znJp9q;7Q0m&elH9m16KZY%t$iqD>;0Bh}_|PCujkee`hDkBeJRbUMZUy5hNAhV5=i zqq^~;OZ%_*`jGodF9jce*J<0#WAJ_d-3Q+i=w$+97TK)K@@ORd9>~$-(&v-vu8{^1t1N$!Kj=j*l-Q|5!4W)M`Iw`U9#P5dbNhp%2y#w zG9D{Qv!?)afWv(7SF}W^TBq~Jfz8e!i~G}Mc{HlKzs_|k?WzGlHX5ps!uS_p@8f$-KRRC67X(Z{P>eM@*wK{qTaLw|CE*&1|>pNU8|t z)-lgWOPmHr6ylRu-E`LjASj3jd&O^Ri`Y9hKCOLb`tPHrS#8%`KJ@-EZ>eJZy80NMpztA*x^nuX_+z zW1tVplf4d?9w(uEAFAHs<9XY4t9F#>z>hs2n%?Qd_i_;*kgHo~rrYjXwgwjFr;X{C z#@GAmFVdKWpG~xc@fCOwFuX?)mj>yv!qTz;k7U1M-x3>Jt!M7=4S^R({GFl}h?u$W zz;(y!5sG{TrD8uaZ&ML@WDVPcZHGSH@2ozHl2i5&Lq|M@Py@&gE)CiiG<-zgkKJ-< zlIGm_dOsxyIh&~D-iwL`Y?x9`)7SgR9EGQN0mlsKYRvQPbavW>#J(gKzHi7}*!#%9 zHhTnropF!_Yozq4L#TUkv)+ThJS;7wu3`APZ<6vD{tFSN5~vXkpm`4GvWLm@Q^aH- zH-(=B8VY=oMs=-jH)=cA2J}1cBV8x#nd`ggS`E{+`uHJsHWTpcH6L_-cDXF;3tg;P zmKij^(T7&-60NuI^o&9kSxGM$9OXC0sxEu&j11Mc^Pjr>Yj=-wbUFE}Duw)$cv|iz zagOnY&&zmvD{FQi?)i?h+-vB#fEO(t~&xtzdxq zZKl59a7Nnxjm+~QFubKM1SN~FP^%lmI6vYd75D)-6!EvA97=tNpyW-eYWY2{Yfp?O zQ3ZmWiMDCrpSL+m5SXgwryz56+$n1#?WC&rhLUJ7%%_Cyd0;d34E0~6{`#Siou7?h zY;r%IB;~8>&{!;P0!;o&OtVP z5wP6zZ5#kUSiJgozVTnX*xVJZqcH%$f$x!bM72(Gf4`E?Th+h?_%@<@aKNLXb|W(7 zOgm-F!vppALnMdq+DI~Zu)GtE+FvJ_v1J}}**SyXA(;bu!M;)h#q3SAaT~x|f)Hfn zl{2Fj#M!3yS13uf6~!)?j!Y$jyZp@*p3`N7IyN)5j3UV>%>0oI_ zb#%q3<$H^-uI6t8eOMP*8S^1#XhE4C41t;>?jSOJbafbD6|IkpOt5j>G5rM*X^WG} z?GWH+jO&x*4E(!gaDcLa627v4-e|~^(bn_Sz|_|Apf3(arH6@Gs53PFtdd#$9U#Bg z6tcE?*I|yw4PUH-9+cQ;6h9L{=g-j6a(9L=d@CfdPtTCssHWfpy!C}TE#(BEzykAi zQA+w#k7l6^ZrUPkXr>XRr`|zrHmOEn+>->7w^zVA&?;7~1H(cMzn?k_UB>A2Aq3%vE(Q$O%3yJ4 zfZl;?oIMyy=}Nl#C^jXk+pnsR7B?#^N-TF>yldq_HR=V(9 z=685eJ3~xT^ednI-S;MM$5S7s(94EwGcB&sS?xasd}{nJz2EuE^b{xxz@BKg;y~q`@X}<# z8;mmu-%^y2WkXZEXoX@&r?DhmXgA%_8{^&UjnOGkwd)|CeEKE*5vY?~`U~tSbM%N-uMe4BhL1%4>5MCKIy3+UTJ| zV0cqoZiWHbDkH755 z(5{jsoD<~w%c~*Lf;KqR-Uee(R4IRkpDhMRuglh^m{^=C;0nJLBn=PoVtiNDD2-2) zkPda)r~b8~Zt4%m;91m*f5j&Nki6dG75zCUhl`Vwc~}H5BWUBF58u|SZ0sM?%Gt@2 zQ04Uh%l`WNK582r z-gne`BNcvY8OCgK^&2zq^H6|DDR0i?rJBd?rOJn^Ow&B+)F z-K4ciG|*e^$|Ghd7+$$bSLuaH3=d3v+)`^0NrX&mHl4=Wb^`z>K{>d6dnMa*x}$J}60_TBy2l3eTZ!9ybzLeM8> zh&c=U&{w+o2v~&@z~HtYRe*t%SOsubW?o}eajrL4s^T$fbWv{($&oJ8c^!rc8T&9a zc_`mf&vhYoQN}Pvlz5Et&@Q&1GH5xi3C$jP%?*M&hE{(3iI>i8{^Sn}tt17PM{iVu z+s6WXUhhanEJp9*Sit^gU_-Fq96u@swQcIN*vxGPek7?(Ev?chy-E(w zEyAXB-=D3;lF7aks>u?X5@%47iPGF_2(Y!J)CJ9=Sc6CmlrUqd&&N^w5v4)Im)*W^A@|gc z;LSj4gV(wjZWGn%1eklGj6@M_gNkCT|dq)2#_#Vsv&oJ6Gd?i ztAaJZB~B?cgG4B&5{0B7LDf#VZE8nKY*vX(v1?@}o@Gh|jviVec-TGuiEKjCTXv zoB!??LKHEJ(u9pERzF^u?%-GSPQSL0A}ym=1hwboU~_v1czB_dxe&rDYGi#_)Ss3y zx75O56j%UAE?O)&f_~p{P74?4>y!SoHzchV@y_-Y|4Cb{5_Te?vARy10_At6(NO*z zlFH&CSh_AI(We@b#yk@e*ff;4_!^m>s-dg+L()K1OK#Rh1!><6D`=_tCVomy&Ux+` zt3^(u$4%gRz-n4s8|N@~Hn3C>EGK2^R-OMf(~2sdYIkJ~gAFH43ANuzAAj}9L7tgx z>{boham< z;BbZm!0O1zV;_=1vO)!LVX32~R!B0nF53G_g(GxojCmHr{P$Pn*g<`7u1=O`eQ%R! z<(I!90$X%=)aMDXPZ8Hw*1x8d&v5(L>bd($pY3B&Tj5ndbg0+IHkJBb+S#f$PJ-;VmlYL zw-T414RvfZV^Lj{<5h~5s3GhoN7(Mb$Z|J09}a$9Q2TlHnYEL7Z+BtYIhOksrAUfk zEK+$KW&KF#7f7VkRN`7ybnnO4e4%wohH1!!s3krOq$(j_!%I;}hW7MDYSkbrk>?Aw zo{8+mIsNG=|8u1ND(%1>7yXAgK>@Nw)7$Mu8BHdSsX@?yA(PGBr5v(7tWc3KODe}A z7Q?QRYO+g!k!cKeEea-G9bT!~pY}C9q7&N>@cE~num|bj7k`a3u1w)RFh;dw)Y$Ke zYGA%d$m{#yjeT+zxmIWUb%w&Aw&!OP+?G5tO)9Ev=*`+e`aVUAyaJ)8EBLqOa8X?qY~+ryosp z;BQbvxmE?B@x%RX$icx;ynhi9u~4L#79(`@NBX^l5k8jvro<*(9l+Ck`xh*B@&mbf z=p!}o8Z0<>1*FW-idy}!0-|8#6cjkYOGS!!bLCpd!0!*z<@g2z|82f(JZV|HuP{(S zI~j@ujUPt)8#Yt09`Rr*Xi8$zd_Ud-WPf9PS-F4RsOG!SY{T7C>8(I^5rH}q)y5JQ z<>ePmY`4jd$*Fh@fmI4lCnLz(m>THk45Rp-L?jbk)rMlnT7JKY8@39to=K9`?0YS< zYxuFQJ6p`Zu?d;Vz11L6=fR6of)lCnci6h9=YV8L7jj8zBbl4dWKK}VCH@Fn-U~c+ zUPUa+WI3Zh-`gyj)Df#*?bh~F#^cX2)VELC?7hHV7@~4Nh9kr`? z)yXijm#(QzJM7nfq`fi(Pb7}CQ;;q1$=}@P0oRTDB3J^d9d>s8kZ6YSDW!K@#q3s4 zP)K(Fv$YL`vJF)x0M0dS^b0|Txu0eHA^9%o12)0XyGAK5`{% zg;y14-=?qkwJI5pfs?VB!AO#Qu|#qS0ZCGh*X}880-sb0o; z-mljN47`~?oomQ~7c1R3jQ-G~?>ECJO5x6uRv;5jrU=z|-QN_Q$8~wB_|qK+GEk;u zzqDYp(gb}$rmi;)BI?Lx2friNiS)QAWJmQvUZN5mwFwWp$0_*;|06s*1uNK^PDD*Sk7N+k#Kt#yMrLu0#W>;-JcR8evif(ZOw zib#Jl%OqKPDz3svG`@5HEKPwk8aH)z!|2>p$oK8{wM2XDjP1CTre%nkltDl?7bCnr z7xIGSiUqwc#w)iN0TqVESqmycJ>4$Ns^jBasvY ziyrVuTTCVru>v^Hd*R8*TRKag&U@m`C{=;Hi`qXcT7RQoMts~0Y)@By*M*KHi?ev; z0H}6MM87~FkS5n}_l?UY9k5cMVo}Z59wa1S$>7`re;D*V817)RN0gBJbD;CyD1p4M z$%YHir5(S0STJx9ey--Bk6}Z|K`Sx;?Gs|MbE1Mjpbij)5|wcuED z$&=fe|DZ7yiIrH*wArRmz;pClJzjKsa=h6yzrcf2QXA2nsm$lFFGL^j_@d%Ge|2iN zY0M-0M%Rd>DH|bgW07j&;$f*;6lUeAA_dLuDEx-mnmb^m9T(8n|EJ$T7wR zT|zQ^S4tsNE1b&^C&=*qyMt^?gBU!(W+D(1WZpm-j6LW>w7+$RjxitxKA}8U)P|B6 zYe;EV-2LS~pL3ohffnW!F%T2f57`@=Dc54c2IiG5#^7IcrkHP*oY}|Sl*Q7T_br_p z5*i{N8Jq+F-Jjh#?Zyu$`F7^xil)+f4;m~MCO~Oc-o+AFc)Z$#K-$KIoZbOYNWLLI zy}Iq$A%9lLlitPlU8m-VE#4qtbtR{yd=1=RNo;oe&D4SnS5L0z^BhX`8;Y?iiUN0H08^ZBqMa0Pk;LwF8)n_P%Q};5GVAJ4=iq zv+y-OO*>Nq5OJd`nbBx<4P0hhW-qS3cIB2TYl@WPR@?URTISksB)hqrOA3PL5BcL@MEnCU+%98ud!|?vMcEXc>`<|g# zhKWCSVH3e_1QZn^Gid*F9LSb-kcxAi$qcOu(zWr%Z2#W4x zD8oN?B8;YCI65k6XMi3Af5RGlPxSlO0y##o7ht?k{+C6YU8SGjLWhO)qyfFGgyDDlZSuFYI4D#?i&;B#Kzc-Q90jLr43fEoN9X zg*3&k1VkQBxaKN!(6H!Kq@EwH8>I2mguQIN;g5m1nkT@LUCxqG-~{zA4zJa0vM!~6 z&EtG(?V8O&^3f(B`d0J>pQhYD7FROd>}i1ozr%{^NC8fA(*Vv34aMhH21resk!2)a zdE|H6NA;a8rxC%0VbWJ;?qm=G` zy7HOdY2;fzd+^kHjOn;pN zm^*SXy@1^mx9KxGljsq4G;E!irhrY+2p)?!7R!D*jagd&g(J24D2kESlkk0j*V6{Q zsfriFBeAC_D#A`zwxXl?=Q8fLKXhW}J+S5q3ir!;BCrg|Zqjod8fl0_hNU)0Yy6*h zsE={=xukK!ed({MNbJl}6qOGj-Wz5w;l~4hXQ0RSPq$N14%vJWimZgCw*ol1ax~-6 zSewmSsQW&4<>b^XQP9=uGcNkLu6ZBTJ+um6(lC@0zvyC)2PkMHkKQjZET{?6;kDL9 zlZRg1JhZiP&?}?u%v#)k$TbnUU#l4TghA2QsQ*SB9D38(^;s^CRnwgIAzIFYw;E8k zCA8zsMdNnO>;VE>!j7R&+|}QbH7+61`vnJoYF2d$gULBdGTEoBV5EF0QZn~%3)?q$ z&RYpdf`wyL@w)UF7RwAP9;HZk2<72wq7d?ZOLT6=&>Eu+OK5hRGn`2j;Z$^j4Av#B zS5HltW7-w0Z*xYV(T+!Ir?8ims~)QGVJ`~)e9-k5w=Vlaq@4uD0LdhMoC(Gv6)AwL zq0Clr^Rm32BjP%|4RCMlEVe!h$1p~E$BYKC#ufCFS7?@*d2@!N5QPm4NHwUbxFZy> zigEeQD*)kYc;^8S#FaRrXwX<%-sAY!J0L;HS1(U!&|x)7;FGF>a45tBINV*ulhnI% z0NCGv-%nrg=psG+&8a{5a9lUzdsQlwp&Frtk`9W0c?%j%W{@GanJWc(2WtJ+8swym z_f`TWnsnIgYUN29i#{Astv+%R#}ehaeC;vynSk0seMW4B{;p29V#cd@pC(Q-XnU@& zVFML4Wb9HoKmOL~)l8JKBcFduwXWmo)`Ev@ZkjR&r*Zb#%UMWoz^3yFifLNCJ8loP zhh`Y_0ZUlN`?T#9HLrlfQI7`7&*v?H!=u1$?6-L>MIPC%&rOcfcuF7Ie)?Lb1#l7y zUVYFpYch}&E0JGo$M$8N8#?wfPVV8BJ?eXphpO0R8Q1hD-acpk8Ewi>o53g`UNKP_ zpymP?Ixx)NOFrPf+CKs)r{7_^hGfi~3Dv(^0AbHuVSv9)b?{k3>1&*&QqeAcQa!Xv zLimAbN9JS&DN6|-o-`}uX4LSeWo=2H_k5AR=pv?9f%g>*Km*O3LT+@bQpC=(;#`TS z5$c?Vpk1k%5eDQVJx|P%{kTjoI$ow2knn)KD4eubnB^>-Et*KnK~z^1m>h3 z7uy~wB_|pE>7M7TZ>a|g9G5vg6*s=1(#?O9$u7D37NLaUH37uRh+mED0DZV$btdzr zaR9VgYHo(gGX6*7zRtzm#=vMS5pX`~`rRC|$~WUZCzo8RA+Y+*JU>GAJbxx~lM$S@}DcSbeu5mnHmc z+ZK<73hp~q$+@YusgZW*ij+uJ>^5{~cyDtX3Nq$Eg={!@fmuxLN`&F}q%9E7dsF;l zS7HRiyFkGdSkVOP3m?-6RyHFO%pQbHTBhu=1l;v8 z28fM(xdUt$G_~!3PCmeu!E}tdVxCKQWmZ6zkslUmNmPVtW?%WZYarUy8reRO4t&={ zSqSLz%O>|uSa7oAC@0vKYwzsOJ6rL&mJIqlSZ|-YFXg zf0d0li|d>e&;X@-+%SW8n+A>B?<7FX8r78;6F`oZuIKeA*FGA8IYDB6qK$Uu>Te_d z@Gw8`0=2^$3BW<0qG?2-#iZOGUR-V6;kYI7j#LOgmXJrn%Ztp!_aanpn7)cTtcu-Q zAeSj@s`}bU0JN)^Z}G?f5m$mt7xY`o)2pT>3 z&=Wv(8UG`*?k&ETZ_?u*5f#-Jg~L?qac-Q2bJ6bi=stYfUz*Pg#8`6G{4w%EYyW9A zkISM~rNzX3uucR-ph#?Iucim=)dRQMhgZ=WMdQRn5jbNU&g+D8hbuq8Y+mOpNp}FG z|1+O`W#Tx7jdq@G_DXS!#=g{%7Za~_ges8cNfzZB3T7|ftMi3tylw|q+1J!r&C(7G z4rZ|Mt~A+%JM8-WOmS!e^)5cLcgx}XykIU-e~cvP-jE%A>*a4Gu7TGO=|GFuC?_k! zdlp{?OPsj*=c^m!oYLm=(Mi3AwtQRCivSlEZ~&>2G;nmvPY&Sy_{4>=lv($99*7ZI zb%>O?_iRmNO^#=ujU1D7yLgBZ7ryP+`_no0UwZosPQwHtY%GeA#s5vS0r1gF2q^H2E`S9f)MY(5$bBbRida#)dIx7S3B(ne{LC=w3fVoxGp5 zc554xzfjJ>@0QQDy$GKBo#<$bH2B%Rm2gSmwPhu+65dJ1fr_jMc}l=1=8B z`C=K@Ww=;DT|;wRYtYtx8^u2;Z*Oz!Fojfrsu-KPxl>ELsQ>{poJ@~sM9gzE_L7F@VJb{lp<45Mkq)4>(&=VK#yWKr z(J|p-!7l$+Vn9794>j{EEe-`>BuUu~lY{I1D}!Qp<+Akq)>;iA@VCB>Y4*FA{?Oq$ z%?V$P#t=33Ui(+%I;Akdcc7h0UK0=`wM}*@;PuHRC~W>l>~)tnOgtYw-}wYaSCk8NY1gD5(n}e< zno9eMfC1|Cxvf6*`}wV8zCtJS-hmN^fuUxzAS=7C6vN}0@L^yey)9y8tW+I{W{uJB z7_=R(83JJQVL*uF*T?b^C&^S+@uvwQUDwBE0hRd0M@ByDkl&JTGxJIm$%@I3hC!}b z{1=B_@N_f;%X6SI5=uJLne0_nzIzWQV;%h2e3Vx!2EITl`0Qn??J_6V8b4P^BfARD zvL2U||673fRV{P`bil}{e<$Pm6X3}lV`Mk{vtS7rxHEXS@h338>`{T zHG)0rKb*kBb-W_95h3r=>gRy(rA_k|cj4`3VfTW_cs8|Yr^P{;QDNf)sr{7~8Xh0b z)=by?GByYgq71$psTrLYOY~|qLex_^^I+7gX2sJV3(rkh(jjTC;3)tK%M^1swWs+m z`8>c4uOi68E`W(|l_V|kzXu&e0g!DmQS}QO!><=*2_#G`2-I@BVGWN7uGSu{)<{ai z!DM5WQBylIVL6-apUU#sqOKl4k5@#I#y4S-FGf_h^}BriT;x3c9KWy$_|B;fF=Uj% zVD!h4M7D^x>5eL}wY6Ks&L8(I>J3UYx7rBujY?qxCj1<*6Md@*3R zXkiaC0N^)PGv`J%u%|)e@BSXk5rAIjONvWtyM++z+*D9F0f|$Ri0hlU>eBMI+7bkd zw?6x}{eQa~lAvfWwNxOR+fCfx<%Pme^X>qQMs0Gahbm(R+mwxp*jb* z-Z*4PBy}2xJiygQU%#x6*OmAgBV8lWdv&%w|EVH+`#>b0vBW#;#cmtw>yh;mFa~A4 zh4RVsLe?wK?P70c)J28;LGwIrJJ73|eXaj?N-&-KmJT1mn)y;ld+@%837QLNujm&0 zPgoX>kS5u&2E+MkevNKB@$2u0*DRN3@HU2Ofiqd-W?!!LX>yPOHH0KqQMWNlLvHK@ z2SG%1>_%@HV6h31M_L~r1z2Gs5&&r&_caC}_3`Lu0BHudz5RPN4eXBnt9*`j&qBmc zH?p47j1k0^zuyWbAg`kX34@_QPb5;Toj-R`vJQ-}ZzsuylJM+wt{HtmiG zwM>Nkj71aoM%sRmUzDceEQyP3QfIrqEmI>7x80pB70%=K71hhJ&(QFhe%h6VM>)U|G5s} zUY0$7WZ|JCLkV<^UC(h@t1?3UVqaop?WmoWs9)>!vw&PFrD~_RAJK@37T+;YZfImG z`6bo>2JF8hmJQ$_?D-jD0Jh!uwj)3~U+?*1vzlh6)8Di0Z<8p}!MQo%sEAJz6+ICU zDfy-6`@f@;*t zikQ`|;*QNV?!e+NVt4^(N3PP`Z%P=I{t+y2a)Eu=hb z4{3<5nz5WTYl}edDWjR-$8H^8wR)qcU*MqAxeY4%RC=#n{nVfvfm6b%o73u_vIk3D z%9eeI@^nU}a>4+#ZHjUT1=Uxn^x#s_6O!3NN6$!vVlr?!vgbSR4@mY5$*@DNkC6aU z50QFqcYmBFl-rBQma((W3^%)RcH*Wto?0sp5c+3|&0w*4cd$Kd%EnD&Kv9-t>6& zngkarsreK}gnwM=HcGdF4~HYzl& z5A1;S$s&!OXclqAoa3+I<4ral<|aB zwrKi;9m<|$38*Z4h21hR8! zDX@<{&jN8upTmh{Z!No}wf^@g0NTKjP&9kvANMGcOEb)(tUM3mH@_v~0dY_tm79Om z7mRDi(_c5^Qzn|hKnQI+FIYCsEiJ44!x2cM<>y1jSzGCCyr<5t@{!$fI1GtPw=VvE z6oSld(~*?FQ608d$wYtwSCb)9#WV;kj zC-nWAq+y^h{H4nRDJ3F4rry`1LbJ$dq_*sbYerg&Xmj zQoWZrE9{Hi8to|c+Vc;8J3)v>9j-CEZD%rXpsWy`VXz9$P}gOkkqdCAD7{j6R($(O z3jeVaW?&Ay(;VS@)_`j?_XE!jWALix@&DUhG5eMb-q>lG*tG4Xtb=Y=>fWpDeC%7& zLvkb$EbsFq$Ix9k?~pr#9mh?a=?aKrs|zbY#ZjMkxq%ATYM=E`gjzWh-5Vg?p#$i< zyWfL#T}vX31gP8(u+@?8tk^P)f`=i00@;fjpGe~tMuW1~M}Liv>K3lGfBUQcrok9A zri}ScEiWn~hF>CwDUy-=0D@C>2fDZvl4<~mIk{3FN0CgpF@-pcD^G&7&HVj_@1=4w zvmWNih=#ibRvh9EJ;vbpZ*fuCT+S{R1wf50Kq~4R_#O|q&Tds%T0BuUv`>$1n}!84 zw@c`(_j{{Vq@5_8G7j@lkZ=Y;z#r$0y1K8T@wYnuET3IO`nCOI*kDM$#-@#FWFAss zH4TUAk%Qz$^BLM&v+hyM!yS$A?u$31TblLyg~F?_dvS?Sy4b++z|Id)Iy)GtyXAJq z^FobYo-^GHe-S5Yq@89krq^KoKP2-s)WFfi=h5|=kpzhCjimVl>p&xVP`!eDSN!z& z7Jc)HMmWY9+I*pHqb^}nF{D0J?*T6SsamLZ>p2HPBLzffL!P$~0pghKz^VzPU#?wz zf9N}Kdk~#Kb8oyVtW<2PAIwh(W^vPQ?RhJX;X+v_gr%yh7Mxj@{f4#(8Dkh{xM)U> z9TxvOL;&?f?35^!_(z4NOy6myoF$uis`Sq;AN)2;o(=C~7R^fCnce&oz&?lU3Adk`wTdqU=+8{x2cO|S-vW*e7yfYLoexs>ZgG|g|FOl;ScEtwN31nF^=3zF z+$SFmINlo+)zx4(J2jc!EPgc@C3JWJQi-+Hc8-DW-se2*1)Qopgc+KkY^)%wJxJBza(ddAXjmvYr@*PZ%+o2CSQG$zVNFC+=Zv_m%d$sV+ic zv={xchPLUpCgB)tx!!*l4Ma8h#<-{)J}2`o42Lo1AyYL$A(6M5UkWJC@vmI!)xKWX z3?`^taiqK&4NBEHSM~h}fG*bwh$=haumM7QCu0GYw&`rKva{;VuL!{71Y4y(zfO$fEG45`O1b|y5HLA`S5RCxs`=do4RKLcxY|icp;w0B zX<--K`G&A+R@(Wz)y>R zl{xepONw%~=S(M5vaeJzYE#e$dv(a|$L~R}3HGERyL!+IpcW`-E;Y8xf?c(Fer?n4 z%hKKR4lS4@u6#|9Nken-=&<>(W#wwco~}-wQK=|;FbU2%{TLPeKKum;bEOn?`P`0nEq~$ayHkTGeahW* zI0<0eBDSM(Mfp=i?_c0hJjlI6I&GgP$Mt;CR-h(gNwncLx;&~-@y--=oB!s^6KWW1 zpkw1CT3zv^!4j7_g8erUGpYBVx#f>69!H$B-7MI4W~VoYI~jYwD);u2-?S;o0@V(9 zDA}EUQYQljGQcd=$H!ujYaCDdd98*mz{HlEj7`k%_zFlpkOshW>h-QxzS^zqNd6FxjmHDYFxZQ&lAL@X zpM#!CV*}7fjOU1w0f4W*0$Fk9TQX|E$C-~p2X9`LXZ0MwB5+|6v;dtyifwrmzUOJo zYwYSgH>T9v5rw~*fVIzQ8Py1H^|uwhQ92Fhx!(N#J;ULb{Ux)#m|Yq&{v9j3jC0^f zs8&$v+uk_1n*zJZvlOI-&m*Bt-D9CtjTet>fD4 z@{WCRg0peW#j{HxDfxNXX3Z{Pn&HwzPTx7Kv<^0v7sV&yN2{}6#1+nK3E@2>DukUDi@l%#?;Xd#(=vWyM21% z8=>gnk<7XIP@zbx+f4`;OSzR-@@wM6+ae2GOI-KP&?S0i~zfS0OydXW1!9#!=qF@Hx?6F&p<1_2k5BP2@ z$C~$*er6j#MCpaNQ^uJn+}~5MGp?TxpL1xNt;mYy%cZcsc7}%evQP3bGN9QT{ur5e z(%mc&)Yf_snB<#&JI6d8dMf>HFeR;BI(+ZPn!KNuRjb>wwb*(R zbsM{}bDo@wEuCqtFRwfBmDux*MSf}W51DtnG`%cUX?1sHBVG5fe-j~IbCFb0wN>V_ zM;QNZ*2cHpa3|X4b@<-nd{-9L6v8y>MI2~Oh&-k+*#Nno%iF6#Tm0xRn zltmTcKw)Kj{9rvY_FmPS@vFQSC{Zw1BKkEKH>Z;zem2U}Wciw%zGq(0#^Z&2N4dxk0omVDRRkpmg=_hzfhMAsS=W`)pkr9Z~y4s8ff4bo`66DjUiAgSWkjZe=y(UjVLgF}>-)Copn@r3f@>LBO#Hq+Fr+*42lga=iHL8C)Wecg z)CmW`nqV;f`Rk!&W$<^xt8Er#7i62h-7Io^#>~vRIb4Zky*DxOr?`@YSaL@xttV4V-J4~;P z8Z3Xzg;#ZlGsQZae)wUi`!r!vCy0t6j7A<(qBhiBCUtXUB9IF^) zmBdzC4`Fj^wNz<<<{C{pQoqH0m5S0(Y+@0T?9&_irMGcKk2ejfetf z>9ZH>EOM!bMJ?r{%W36OevoKwimmC0_D9|9Ik{diuXTXG16d7!vrT{?A`dTD=r_Gr zpDu?{<;t&7wYBar;`}macl($LzO5X7>K#y6AeO1R?0h#7x;XW!V(`^7sY=%vt2+7{b0brq9zD$&%U^mHoU{t z6*p#%e`xptC-ZX#f2aM()**!M5!0RxLErX|-6E%byVag_^Ix>YF^D*WqB(Ds0lezf zHMV{1qaT*ZO8cBUmt7k$64bfu{d&8mLRIYBT&G@RcV|Xyd;a=|B!LP6wRdPgyI-?8 zd}!T7MN^|^bdlZ*EedpTAZ`o%7sv)%8DGg}g{dT1LMB9Cw}Qk#B$2Rwygf>^=?#YR z?tK_DMG2O?vuptUhp0T4SLX{_9&M>ERuAX1L0KU0*Smb?TKbw!%D!!tuZZ|M&mCFI8*0~O`JAz7u{ zvi+O~fadN6-&d6Nt}~YKg&hvZ_Kj-0=9!}$+)=(=mu&XY$ngpb^VM1%Pm`IJS6=@Y zFSQam7RnPpoJ3sf#|^_=XD3U?n2Pabe|zu;1$4`^<cPSkfS}@0>JEQ7fyCNr-@4b@(NAQIGAql5|5{CIM{EU3r%TT zpdwRAg)Ef%tBoX$F~c90zkoG!A+q;v_UpeibUg*9>X`C&uPO?y7^>b4^W|Zfhy(}k_9Wev^~re=ZI;ErzqmUO5R5(%ny{ukR8h~v9|>xEIO?j~ z$b^NF7-j|IQ5OuENKFlHuN~iarW{v zLXjPDH2@=r+!gacuj*9zW24XUR6WnQd~FivFN~7k8yY!|5yI~6$U`)>eZDU7OzF7K zZu00`LzImcDZ&KzMM#&7FN%ZTl%|X#SyK!Eh>yW~uXVhQp6X}d-BRbH-0L)CQwpOo z2xvm+;;zxQ;~rkC{@%XdM=vqR@A~@h`}i|lI~>nbRN)v1J;*T~7wH+Cs@dv$U!>Ge z&nA^-C=psYj_muPupK7jh!Z1da~f|6r54&d@iAo)k3OJYMtBU3c3U5@jRaR+I7tR< zcCHI_EwZ#h&QP%I>D*8hk8=BIPGSCv6{#{u=YB&j>%!v~b7rYGK>?B#>-DVSV$hZtzwn%#Y)^fY+j3o)t8_Z?m6|qHB zwECw}#MLg;nWODr$TM#7D9?K;XQL;stjNVm%``)dFtGO5R+p#4*$(;x_11cqOg6th zzC0B5zAPCA<$qoZ-y zVY}eAf5CjYh;tS>iUNssIq`}bRfVm#y!Ca1(@85P31;P)KZZ~CQ?DmLsw?;GaGLxs z`gcD#aEhR3*^IXR!Wi8z`*cS#OL7-AYFzTlVzsWdjIq@ysr=UM9+?dNI86)M-?$p&t^AaoV8x&9$ zW3}_6Oyje3@lw6v!Hkw$on8FXhMb9n=I8Pb8SF`E1@W(&TE}#|wG;I2-zKPS*NIzb z!!1CaI^1Hr3Dl@V`ThU#f#l?F_pAIisaydY13Ly2<*HFu2xPhUB!l;X6na}-aWrw9 zx>i3Sbl@yULT5Oz4tf>xp~+<2l>L@ZWVa#)(51u~DxWw`Bri!mNiR&DAn#Gxa`;f% zb;X>w$yi=4>Q#KCfOxkP*0J@VbvimYv6}7G_U~(Q(1d+uNP!lxoz8L>W|{keORjMS zX)lGzWBY?;Vjb4yhf?b0SE6cWj+_B7pDTJ=oIUa6;kI7a<4gc{E^GF~+ft4`p9yCN zL%Et1btV3f>r%V#Ce!izbmq1Q4pO<0aK4uGKzQnA?e>iRVo(WTr%t#&L9w*woB9r> z@@Wf)o^GuNX-*Lbsc&JiH?$`7}k@9@O*C{~0-%=> z%y|bSKjnAGtU}B}F@TKk{Eq=|;tchSewY-`MX{5tRbjEPlLMYx^OACQ#Z+7J)F!ASv0TE-C8Gz1I4eT!rg`Pw!<4bx zXl1+evdq!YxgkYe`NPL;%;8`>Jx>x=gr|4sMO%<0{tG)QuaG&dv$2**Yaa30zm5)x zj2vgV$>HS}4tmICaLdoh;so&xZ}o=qQG$f0oSL;KsN{!;DaT;mZI%g<F(~O;1!c zf~~IL`G)eU!l~p0bwvk*$dsU{nO_Y|x&2z|b0x4SUEz=#;U?*_4|PLusDBTdw__s^ z^>h`gqRmr_`cajkiyf_}JBn^6=7uPgwk@#rrew-r`7ib@L?y7T9f~s8=Qk0-%gMlasq< zgs$zbn{&t#cNREH%%aU9N@>MH7tg#|8kjWC#9~^sDJBOX?9e>jiFSQMj<{JP#_h$gKFQeI6!kR}qEkQ+Zzb4#-HL6YZ59=j! z`Hppah3|H*;3Q7?74*^JV8@PTCt?)!Z+A7GaaBk}rG{+Q(x}R1FeqkK=sZp@aHyek z75`Lnkjm~hkdgr4zicVfo zGTCiZwZA#qS|GcqMOL=#T)m4ihis{4kdD$@eU&TxprQ+Y)7a}+z$NLcS}=fPwG)0O zA*$s9$gWW?4R%_$+Uk^fiLWxz@v|D_hs^;2Au-Us5g;p&P_V+C#C&Vmv#}VrRquA2 zk0(^*KwCELK1NRWFM=;|k9@^aOeMLQKI5lpN# z-6|M)2#04p60@~6L)NQg-*jXF%!J}g+Ix4CE6?W+WfmH{mUD_(4$T1ayA;r zX^d_kO(B|+d6nLZ{`-1E8-Y=XwmJ|Xr?zu3V!0f`3kwt0GSp~t2r7Eu-;TQzwqWoi z1I{(rt>9*q0cY~(@eeKywm5DezSi&-Lt;k{f-gd@sY#UNVmI9U-tLP zhsG{O=Biz}Azs8(56*{k4kjJ+0szE|=FI3b&K-=Y_eFYw)?>tnpr`iEq?@4+?6ghF z-L(}u_Qt2u+FbRJKMqM5?9yOz>gpRrWWm7Qtj@SdB0Ell!a1$$ zqu6tE2T~7=|A18MW%B*xjz8%Pui+#VzytQ6dyja<(0*b)>KZ}c#=kAW7+2?hNAv@r z<$T*}Lt!Gw{5@wVD&_WOv=X%tnd6*ctcu$1_nTXP!@RzM(JAP$P8(RtgMD3m-N`EA zAegOX&rsq#3XnMBZI%1v&CaK42ZK{ReV5-Wq?h}3k@Ck%be3vp1h8z7w0u&|8Vk}= zl7%n1I`7T^gp+5O>ib|6t=P{6!XhM#%>f>2jH|=lthrk%973w_&0g!@ySy*}o$ne_ z3bfxpU+y_7j7Z8T{_VI1 zTzdIJj+2JE**O4+l4fWFGfq_eUnFuNID5E%j0+hlx$CiUY4P9RiiNnDI3?a`;?u-K(PoxwS-ET-`|NVMDKZL*GsX?gf0Wh2KY$mw zAh=QbxP0!QLbbB+)^B&Y|I2f1ADf>~6+@$f@I2;Pk_7&$@axk{jP6hzF@Vkd6yRi? zlnZqQ@OGZ-f>-tK7c}7{0^z=IQB6I}+;Xz4K9G@FACH8Oo}B|Usjh!^74|-gHvgq8 z4K8|~@OU1Hf9|A{g@Nx~cT&Ip;VSo|9*A?mm_8C@$)8pM7@o~%5 z@~A1LzpSklY8h2Qu}La?Xj?+o;PP10HkYBc(|yvwDfFG3YVjN znJ(YNg1EsS_P;Lj__;aZ`DaWlH)FIEjX6bl|LyJEGr$MXyO93BJxx>wVZO1^W{Des zd!aut0{Yix6S-mLYdK5+JNw@a*qy7&Gk;H~U0+VkimPh&@X7Jlwops%$TO{LFk0Ea z1Qj$H|Y$jC}bt#kZ09IG;e_@v+EamY~Jgio0ceGidkVGpYI1g_(j@pyyMoZ{$fZ9b ze{L&fj(d95;smZXN>Le`dHlj)4URXD_va%D4Gty~{e>AlAnWLk@dWq4qK3I@<^ zo1=+MHUL}ZJc+FUHcc*Yb@yaiHkCWEU$dOHSP}ODxC91-CSxAPu}l^=iVYLQpLKp& z1M*fn|U_E$L1CdP0rP7@o+i}{+1N!5UM5yv!Ww-iOnS>oc2l-mnzz6YKjC{SVN zgT;p_ONnk^9vY+T?xi1S6=Y0CVpT ze5zyq1dH+?<+JK|c>+y9B7*?AP2Q*;Q}%eTLVS01YAc5JkIeAR=m$U8%)cmfqaWSR zzo4U^0qrQ@_7(ldq~`f6V1OxkQv*4@?yvKbQHv(cZ8Kz{Gj9?!3?{qn{&>m6`OFlZ z3%!b%u>9F6{_1aB-x4?hj2cLYL3eLJfgrQd_Dv?_SV8OSNh6lV-LUY|v6MU|R?x@2 zjcPPioDf99EG|_Kx(mo_CbPDB?|~-D2TNX$66~IWA~3c5S*CJ6ire$r?wm7r^iLTD0Ok2Vb^+Lpy;>Y2 zD3}>>-b^@uo3};BF?3twL5+Z&l@{#Yye(%PGX<;07th|i*Z6|_m6!+R>xh52P5-kV z;BeV|e$!Y3bBdkMeCKs5UJKHfGs|7y;R-qTQXl|aNJ8+Fdpg2Ok)OgyNrZ~Qxr z&NCHd=DR7>l`1ledzAh^EtN1vSV$_iA~#ss1C4DACLpwM(L8fvdL|(O*D?K)*kT}` zvZviX2@W8Qj89XtMdei;DattKapD(W{fF*a;NPW=#dz(M(M zv%@~N7+sVRfDiod=ObiH2Um+JoEHysO?J;a33RtJ&yV6^VVM}qi;V+EQTm~jw%9`0 zY?U)LJ^zlmkQ~;S^+cVotTeOmLt&O(iUsG?e_50aCVmniIr_J8Lkt*5FMyTmKi`jq zuyOuhhc5VxEBpWPk66&UW%mJcKOl`tz!HP-Rga(aeN4xV%>7@F|LghM@)$q|^$-f^ z#z!Mdx!BSpHp4EsfVY{NH5R6pAsj277!8g)rr80KPRq@1Lwn9NL@wz>WPgO~T*kWJ z1MyOtrX*Ta&2Ah#VCFao>R6l6=G6=?Me50XA{Qz_oZmi z6m|deE8Fa4Vc;p(@jMZV@?JYgn;|8kWvZy{ar-G>WqO}hmNnXURF=N+c4u^kF2D*0 zKxPNt;1V2|K*S^(wc3+?qEGwCqYIvoY?9FE^3hdHnDs>!8uA*ss1I zc=xpJ$S;xRk?uI$GV*Qs_&%HlM-(~BVQ5_&H)5J}!0yVYH6dZsZ*Xt@mMkQbD#XG0 zEbKletpG|Q9JjIkz&Fb3gmq?F)1j;o1AxIRG?)g{jR-v@5Se+cS~g=eycFAfnm^y! zi=Y8M+&|TmXgiz;JKpmxuLGL#5te8veBO3=nnVRtL^t8C~I`^ z3;OgXp`flzgZVe$9~5GWBKsZL;HV@z$cV|tI<0Y`9~&k~6fi~1@!7!rY=~MK4^oP! z8rR&5^=&-dqNRZ|eV->&X5v&u6fn2;HoJZ+4vO3N@V&iTJ6si+jrXp849cXEoX9s& zF4dTgPN45>V5fao*NEK17YH@jJbf*mKUgFn3_M?6O#V{O|fU zu2~$&O26*~wW?!vQl}Utgc#cz=KYGcL~b(y;Me*u>VdOxTt6`dxHX zlynk!W?}*Z4-YTDpn$nYs=t2~3k_UWJJ{YryU<~(#&OT!idMTVn(z&8MSi-GYT zAdtX2{AHsX6q+MdKSIU^8Rv(Mn0*HhS&9hcg|6ndERD{Yz)y1?LVbMS%G}~e)z#O} z?nYsejMSBOcS^?NyH#Anm8B>3@0+GfDo?}UPm_6xHv-$N3v8nRKK6E=Tsr%YXA(^? zi2yMWH47&uFb%v{;H|8xssKhIo%W}Z)4gt~-LHtGxU~4@m*y^z~qN%(&4{sH+-aNi{@^YrZG`@wD zr?o(mq;t0+>4+IAdc)Vhw}+CMT~G8KOLB5@E|~9Wi%B+jb_irlAHJVn?v6p4Be?rr zi;9Y5ge@RW1tra<#A=vZ{l5YfZpKF65b?QV>NGkDrt^Q3_F0~-SC~CGJY)vai3y8d zBT`aQAVbeJ_sOOr-DjSdyDB9E3K!FrpvTCf)mdJ|zn}6~F_j=?nxAKt)!P7(;`}y~@}LdieVI0>s|uLmbR52kO$v?1z~FkuyE2N~-v{0x(fKO4V+B zpwQ-k@84f2HLO-NH}lfzwJyGC6$8vjgF|_R&2+KG?qosqSR#PI_^pSj^4@e#j_CaI zlHD|f8w5mPS!k1}Nfh{!79>wQTon}+xq=Q?M@zZQwn!5>US1bdYAd-5qfCkm`9)T} zi`C{BEG(?@4w4}99jawG-H`nh*wxadZzp3(_6e0v#D?pJZ8GuP-!h!IGW~&Go8=zp zyyMSYxl~x@&4x1y5%=WeTUT2KQ{1^K@eQfeO>rWrCp?@oUyyA4)4As|hc%r_3~eA_ z;KYPkA+M4@NNjZJLIa>-P%vdAp9zRpL_}oUxz^KRmO_j4hC}4LXlNUKq(0&SF!dUS z%f=2?ZG?x1Hx)+_X{a#Bb~Ccfr^pT4c#qi&s9EB&Y*NR>&al2(4C7;~BYKkc?;pvR zF5MG8h~+1r--eal<}rxy{gRxa0KUrh_#}roiM$UI4^M(nHWuRsbf5@j{LK- zHohMDz#NlpY_e(4xA8{sr4I6VNMHf(g7$6A_m=Ng*TxV^f@3;}S?rwS_8_wf&j>&^ zurym|n@+t?uajwR>}JDeT*>^ivFqH7i2&kMLYl7Hh>T3OvBu0k3Ht`-Ls2DMI1IBZ zt1G%6{|h7&SS3X`8OFn(OjwX9$1+)xfY{&P!7n;Gpwgz ziJzZebfs;CNs$%;frOnJc_okYk1IDG7#QE*YXM921vWS8lh4}EK44pav`@F=v6{Z; zjxdp2?oZ;H2+iaCvD$f#pX2(Fv zW(M4SUcnc&Ad$iJz?kEdJQp|H=2VLiji4-`&X)oS6FNgU89qat=po|5B1YZN1(}6f z!=vGg-C9fH$8BEtp+k>V1vM?CpgEZMYVms4dV^YAO$*kc4-*8errI{bT95>eRg%_H7XyBZx6J<8^78|hKi)4FiL5(P z*xC$9qrQqF_J^pT@ji86+o+v_Hi1xw(J>xOV9OWqju6NM7mxE}lp~L7vAPdXXCzq5 zt=J$GL}1gRH-{D*h!C=W7UnV^C#Tb{Aw1Gx-i=)SzCx51&a-HJTKq&PE#cxXrNH|` zX=4>*_sbxqR>a&u&rM8N*dZ!2xS3s*nA1BtH%>T=lh7Q%-iCf=S%#i?oqA2cDcQ|Q z6+K4-Zb>X)x|thp0x6BwD#56EF`{2wnG6+U)y!6Y*)9rI`QKE@ER}#&CNdBhe;G{o zH5mA^HqKeg%@+XQbKARhSv?xwITnAI zn!;+(WS+3KUvv$+^YjkVOHDS(simcrl@a|>4hnEsgJI8!D-H zTswg1CrCkj_J@Q|CbNYZE_FUg=YZJ=kv0rFj7YET9U$${o(u-*=pWYfOrOSb`!aE> zVx!gvb-MvN^XuH=$mt0oqQa{ zXE|&Jc1Oc>;>0c+j)1`}rNxxD6@c)`QVT;Ss~JfO>45#5lpSE=ZG=xCI$Tx8ujHG( zC|#Y-`-XAo*w@454^7F@<`lO$p($eBCf@ioJf zCd9!_9+Iz(&R~qI@oOSx>|F~`L3TZ?nHe->OG)ls2HCh7VBKOeql9I=x6^&?G2A*r z7j?`E28ALAhE&$Xo#W4W^h|4AGAK?aU`LEK+q+VQB{92wP|f*Lgr=Sp^4LQ(I_L;0 zU0EXLsE-iZ50aUU!+(*!`|i&}V;QqcSRm>HPe9~Od8K~GU0*-!5c|35(pv-?WCkrm z>dJ$#=Ro?A2iQLN0jtZ)3j1oHRBuWOvW!(`u$!J`stJpsZKz(y#6>uPrzTY%y;?7 z26O%yqvs~Tlf*ebtQ=H_e3KCn*;2;ala${3>2UkOAdC831V2wItB;z{idW^Y({CWx z?qyPZp*}hR=O9ZQ7+L-{0?@-KDiCkrkB(*0BoP!f6I=Za(lnW|7z1O^1GkNGlG-3m zh&vU(bUJ+@C>(Q`&2l=n8uU8Dv8%PNT1Uk@Kc66tfBjQtr(0paD!e_&T`*j#wfMEI|Ik01qrG zETb<&V`I+(Qy$^fNZ!j#ary7Fw{x@lV^)Eym^6-^R)|yeLB-=Qb~jrH8Qn(Ob%?W0e^$|ZwK>DJ z&N9E|F?twm4I{+=3`n_o0NzKDxJ>D>-0QJ+MNW9N)Edq2ZX>R#+N%MM{H_Ov!p_g$ zcwpoTShxIZGbFArKeq%fLT<$zMZ@$p?tD4yQ8DCxiKjSmD-2bX$@d zh7zc{KJ*L5wcQ!FlxLPiZVtJNfI!Tkb;WB_HTG9=;j2q@0k*g-vjobWKT3DA$r7BO zVRf2q*1*F^T8wuSY&`E$>4zSdk|0EO$F9H|syg%XN4f6o_w{2+r_@7X4GG1mX zWN~G^8^s*EmX}sPQ6i+qwwgMat;j-?O@la67h)WWlTHcu3i1QF1*ILuK>KwP}B5QAcR23LCN_)bl?LiFKfV)g1T82q{% zc&H3}KFQeCK0~)CuC6Og)rh+OH+^ZdX~Zu*1W=2Ysyl*Mb}U$IlH^b#wwh6)ebufH zR^~OeE#nt|sKMu+l%v zdxBJ54+Lkzlup-gAI%!7IIIpD*Gj)VoZ8RgOY>FYL{Bq9qo!!Vabu(7ehOlo^MR&e zZd;y`+kxf|e-PM$c3AWll_KYRoeHKVRV`3G9&z)5`(n_(jY;!;_ksrP$?yq*{0xxy zBp1Ha9_fTJ{-jsh0IczLblExo2^+pf(&y6kej_0FZK)j0&!mbc0crse0m3rWFEC+b zlWcK01yf%^rq%G zVDs->(sA~RZ%Wc+YJXMw&o`prFO81MM~j6pY2^S6k++BTw4*Q1b%CIPN)5%5Z31e- zqV{0?nwo&UfYA!Hxlh-o5nd%2ttmugM9A9)MAa+78v~4OAkk20xO+#Mpe>2*W;_mr zc@Z_84%dJG?g5LvYQ=Xbm%ZM@<0EgaCDXiXnXu@EL<+ZBDCE&g6cvvICp4qg?hSHA zsa-arb39_J1^|X&#P~i!Nvwoe!h#x^MaBderD`4eNWfik6FSL~)E!AC=H;=70BW9O z&6V(#_U*rG_xLo?%XQOinl|8Ju@%jvlXMpFdt80*UPPp!5-?YfWON(dTtUdM^|JKG zolZGC@Nc-iCtjR6BNDgC6UJq%+qOpRL;=--;_8xfFY)=X5%UxVy`86RcUiR!4(4W(8a#FeVg0HsSge|<*<>95HosCR zGKwBV6ahN-%{lWtMc+j)l=}NAKlchOaw>?4&STPI0iuF@uYlHQTyWy>{ zH#qkIYycFEkdK~}YuF>qu5(}U`O(Hm-j^{BBlunQeXg1@0`6er2{|1R98xO-(H6Er zgvJmTb8wA{cmYjUN2j{9xJ!4QLDA`ttIxBXs36f(ZxOLZlBIByk3S;i69a)N9cNjK zHSpD@&tGlweLY=42Wh916YU#EGeN5=(uVTlJ~RGTBK!!Phn-(aU7FI;PM!T2f_8jv zgr^@KVGN0B_dQ5zYSf<#cmASfx7zfw)2c~O$oD9aRUZoE`tui0>{fi#8)+e_y0zPsVQ8G{aLR`6YmXqX0rNs(3V2xc(7kveFN4wH(8L=^QZdGIn~C z1Y&dj5n|oxsDC{8NaB+2%fJ4gcH#0&645QG<^^$rt z)^|v^MDA9DC=I*?KHxsRTFa4keopM3(H#tgVv_CtX!9%SN?ne&3!Qke==zJ%#+krJ z?DdY(C;ID$)X#qMHLklNEw!`JHmfU-0br*ZtZtX?!^QjFo5Jx7IB8Mm+=TVL#7J7b6H3ERklKk9AssFc$u zx~+f`?=esyR(M1#f7PCmoAX7Mbl(Zykfw5t&eX0op+~UiGDD|}yBVL8i0iRV(<=QJ) zXJ%3fU_Fbf+zW;%M?l&TvNIz+3*QAwMOB=Aet#<^vhe_@+R_(8Oq^wx+*A^?W^@|xWaas;;iYdE`OzRU2eOy;`;yH; zYM?1a)h~z51`avH@N4ncrjLbXDWD;-5jjmr-3z|T;@E(1OLUzyfja_f%W)`t_P+Pq z4*NrVVjCr7QcMgTFFhPO-|5CNY*)d}Z7#N47}=WE%A)BLN?&BPTbj@d{8+9}`|C4VYzCG&pc zXOVbqfs3{E5rOt2VWYb)4OPvK`Fl&dGifZ@$(Rp~9}q1o@5d+=?U*vy~={GIW5SrbMM}lgH)FFG;kUKdv|8r;gCR^d^8;Td8U5J z6>1BsNq9dWQ^&DT1G!Ly<%njPHP!pNxXXh~6k!9IK6uBv^}Xe%=|Hyaa1u+ZNfQbe zkXY>ez!w#{NtFLW+{WAzF|{-DzATsUH1-CLMkY{cS)o{x&#zTM>!e)SuvB0chy9Ys z?jfzrE>BpF_h^!&&6y~CriBvd7vx;iEE5l~KA@>b{UBuirLto&sCb;B)~738(hJy` zlJ>K3%5cav*W1ViJbPu)@d8gytS&>vV*%{3G_QB50d0*dq4`) zHP**ux1Zn$0?GJPJ`*GgT1CR}9AJAL{lje73|D6t)EsjALCy9-X5!|JbEx)`ji|7c zoWE=*O`Q-le$+jft~Us8*ahy(&l2v2?q?%?TU^4ny&DlNJE_4XX+u3{xnF$`jUw2q zTAaMu0F1u%v$-k4v{~tZ!6H02Vj^22;9I}?RikXTjF1qq;wA^(&>ml^;IJZeZ-<({ zuxf^`MfjYLQW(-hp@+~#V>LR-tM0QDvT{bSzqbUrad^FqqU(3(Ntx{5 zZIx|hRoljM6kmCY7olM4KXD}#w?43IoshEb!)M4~)L#|$I~yKIkQ!tql`qh znU4m{V@(L4=M4b{7lBx$wSzd5%I`~V$qi{7)|8?`Qel`)8G928h|6VW1JlN|Mk$?O zmf=z&dQj!W5RZfFhaEwH{|xs?eY#0MpVl#RT+F{N*JLw$O z01J@y8Zjv1AyP>&)4t7>a__ED$&LS{b%-TWp?^%uQ9e@0AS&$^o~ZThQ-Ai*9I5Hl z&RE~@?z=hy@32Mv{-l-bq0TDZjnnLX`TKtJ7sPh>K?_R(9Z(~XRd#XX(+TLFRG)#L ztCFxKtIkk+{Uu%hNq6`?Rh74)wh8gLY$^zHC^e#-EXqJ14LFy*=jf*Y>-BcBt(_o+8r^FU8yd@y?`4aJi`%2&H~&wZf$+lR?D?C zR;4UXvZR`;MsC4w#f5iE0zU)Xm<)KeNm1iY>qN2nH_z)bV*J1r@vS5Kh{$@mPWr{g zBthMc<0d}Q4Grcb+c(4AA2SBV*eu9kr9^BEGcmA(619`Ry;(RnT2*!;^rA3VY~c0T zP`T-i;kDDHyvjF*0b1Wr{B$49I%jvgRD`*rzMrQ+`YTs;qFx1NzOfn#h3*yW4@&U( zRrC;z3AlXZ7AfrsBurf8z(Dl~gIKF_k!Cc+V4=E$J15X}FA2i{kF#F(Sao_eisdTc zj>sKUk&?FOgFM%fOLs;u3xfU>mYOIE9UQ%G4ET7+_UtLXKHIB)3Li(Z25&r^)-}n( z;Jh<5dMHCV`P6|)EjR6pji{6{QkS=n?^^NO5E4SgP-NQ4hJ8<@0(D*Wy-^p*+Maek zk$`s2E*4?C%->sS!$Jat2ePBCd)I!uvKqs4i&;bS{T|fGV~0`=DO(UQ-s!k>(m6$H z>wy1EWxvtdz4ZFmr_vbC14d|7W%blmr5R)WG#H|ZlR z;X)W{wu5URt|UPLox?FJ!5vEZ+$mn^!VQ;Axn*GT0Z)=ll`Tf}oHk7YeU9OrBu!eK z6vZDGz#hsHb!DJ*ua5YkJ+$F~iEt@L9{@cLJB1Zf73;z%b8vYnOqm z+fUxJg!qAafOd#Q?lXZ57~^t1Aks%xN;}4t|4q zvZHQ)3ET3z{~}3qA@;-BYF=rWTW5=4c7<4eSmx$^Z41N5PD|~D-Gm4MVtK*F2o0~5 zmJ{3${VXy$32qa_h+7ujn)aY8C+c-thgH24Br#@70@*i4vW+;f6vXX2XAiElfI~;n z2&n6N*ZP}p&ND*Sg}~J@Waxk`o^ni;A*i9^m;6+bxNzZ1;ZRkL$thDKe5AL=boXE{yFP?u2f)d zee|6YYbU{%z9cOF;ktd#r5s{!B*Ie4g7ZjGFst`2)Z`#mS^zvJQJP?HB|zDA(EhVG zY!|H&UGEKjXOmaeNujb$`np9agYcd^?Ui#;(Im@>Z4ZCF4AK@v@#bMD!~VKz1he^= zgFx>M!{<7(0p|CfL;+&9{?^5ORv0Mls?tT)NjRn^w+6Awg>^dtMs3RF<}3|SM(P@{ zhB@oW4uzweSDT46F{ve@TMZNW+*(HNU(BK!3OH#Ygp>pQOs|JP5RHcA<3A}Nxc({s z-?1Dcw*u*3iwwHoxG|U|;9eIq*-=rYlfotyO2XcFDfhBMMYQYHRUA|@@X(L+QVdlo zw|^)OY`WD9os@V4MDTR7+tl$cEHF`d^0^af1fvLsp4zu--#?rn-7HIYo(Do#an4%I z7*P zsVKO-&`?^}W&Zs)^V(y~)va`AmDj{+l5+V9ysqC!m$nyH1@^ZrcB6XS8F>54gw)j_ z3JC`F#C0Dw^JVq;qd@0GA9e2!ZwMSZ%N1x&wGa(gsj%FyqI-tC5;}5z2T={M^VF8wMAP zlbYL~UmcSnhq5gmr^mVvOltGR-sTSCL+S!#z)dFGc&$eBVEdw`yg2*2aJM4Vd%A1w zGsm?rT_Yjs1OfsmW4UhqF(d3M{6-9$T_dTq0S+qb-=maW2OJM*Mgn|!$#@VAw-SS) z0gG_OBPeX4(x+~kw7FI?NfCa+>I|lK%cs8EHw5ISjPBsBW0bJy;~wMt^kb)H+LiceAn(!W zb?_vvc$wN|7rq+DrSWn$*?V%6z`HfuNa_9bd zE3>IUWw>4AL*uv` zYFAQBe2UJ#FqpM)0?+%kR`4+0&k}>>oVq}LBhAKN=`bdm7&e${O<+11c;0w82vtP1 zBpY%QooCsVuTrIS%hzK=fx8S5(eRv3EDA_sES^$|cJ&}+K@&VUELL<4`&Z0{()B;c zWhBoEgjmJES7gFS960p-rPOSWPzTHYA<6i~1=)kyJPftKn%t~$M#qa z+pYG!PMk728kDcL(r$zM1n5lr#Ew{z)70!U=UO|ms5*GHYz!~2=Lj*Cw%(`X2-NY- z8O$;S*!m{$dDS|0?aD~<2BDpLoH`%KI&HV+8D1{KYXz$b#U*^%lx<5aKTUl_P-cI2 zKilsJdc&?wD4E7rw9}l(Ynig+v7Z)hR#Ap%^L5vU2jvg*$nO>g-_!34OuU=?=xu)p zL&cgYlfK;9Kh3%Fy29&*s)sTf)f)BMzm=AA=187B#&+z7F|EgE@fZpn0qpEF9|BPM zDy0BYmJkP-P6S4exZ-8<%l8_P2Q%^hZuOXu0xE2!ND9gyd;%}KsqN^4d|Q+=IV4QH z8*uBn3W$Mgi{!AjjP4<0mIO6u$Npu|BE>#{O`g~WP1tOMRbz0?uQ7xl=WNa8gAEzj z-ik8zdcQ$()5oj6uL9M^<-lL7%XRq!?5Zlm0h#DI`<<+r&C1K6!}%na!RF5eof|_l?3_FOMBKgDL@%HesJ~rr zjkeJ!3@%E={k7zVRvur@!H95op0)OV?R&zkFAOu3uA%o^mVKsA=1VT}fN3phEC?wr zCJ{#u?k~Xx~4G0)P1G6AJcclnPr4GSs%E)I2yYTKljX9n_;xz zJq68wZwsz)7XdFKip6c#cZkvRA{kV44r(A%^7xgFrV?QdppbL-c>&T?zq{Zr#uh6aiinc=Govg z(u^yLx(t=)X1F{vQ1fQov@?3ez^W{AW*B_pS2PH4BA6be|qt>HW%npo9*pFE$ zG=P5Cl^Z7aGY-L}sb;GSE<(j;oXy@F8^8CPi5JC~JT2znF<&tVVo>gsa0`v8&m?0U*n4SAgcwI-D8#(nDCVNM z=V-K&aEBO~d&F?u=V6Nn+(+OSVl;m#;bAc&kGKxQuOvJwhW2p@PcVq#`L%>6#o#_A z#^q@V&o~dlvl5<@@Vxy0yqKBi<$W)RL3%+9&5M%8iymX}8_%)$&7tuUCg3HnNq9-} z`CG~FZzb=)^_?zZYJHeuj=kh9f#=CJyd>AaQ1||E5*Nc5yeQZ3qDOrY1J1xSP1zGOazxorN1}@KE+99 zSgD(sO=mF#j)k$OG8pNFl&r$<)clZ4mn!=J^NGT*!gUd!8J!rzr^d_QmjK9pYXZFFv*yA{+`E*U z&T}p!_ZehQU{byD<9tWXW#ztyC*?UR6Z6L*w`|Zjd%kY2siG)~qFhSUFe-|o{LJ96 zK=yjFhls-mIVX?3Ml=uwwdH2+VO`H>5mKr+2QObt2j|~qBT7t2n3&R#(sW}?Xi&Vx zs2mc*!Xcm>{^?Q}XNG-pxF@$*;84%K672J$usbgjyYeEiBR3q|bHcDyOzUPbKpVuk zt~(KAdcN3ux-`QN3p0E%PfYA=F-tSW$WG^wPccvvQd}`M$pxblonb3sl>9wL0$&?1 zCTn7f8z#wlQ^ojBOZ71Cn<4L?C1G}&7v@TQjCX;Ah3URnBt~qhgk_Q@(_Wdy5P&t3 zm$g|zCSP12W~1bBQ+5b8=NvJczw;XG#JKH|>*4}Q4h2Web@TdpFL+NlWR?pk`IV#~ zuryWfTbeO*+;%0ZoO4055m%XGOr4nzD#nhD0Nj%0gnR}$r%RD9pGTn>JkI^(XT{;3 z9OkLRI~7Gyl%E4?7!^fPl>Zp6Hp-sVGw17iQ%|3(TSb(;s@(2@i_BOng>scp4vj42 zLOS(}>C~32;zcJgBNLuV+<6i@2P{fGZFOyj#jQ4~c{luL&iMnzE+ zMNt$*Q52;~)G#WFq9}@@D2k#eO`?WTQ5sNQUXHA+EM#V8;{5sZ^{*<5q9}@@D9W{o z8b;+O4Hwd=t*u32VIhi&icno$U4Ntw9sFKQ z4~6NTI&}&qB_$>=YBm)`QIww})YQt#N~39tq9{ZSqwm^+QzK_qK{Oh~T9}x^ZX`k&^DtK|+v{?hfhhZV8n}N*Yu;1ZnB+7lJ?Ook z@Bi@raJ|5sIcM#?@_E+UCqz+R0vqEo#+^HNu%#qLmG9g^3cGXX-a|AL@E3;m3k~qU zyY|Ww!goshpKO3%?wbh73EjC<9))?Sj|_fCw~>U}-?@Y5fcWq3tTDOEojVsTQldht zF1p)Ss4oAQq^)7Pn;4ropZI5NZC9^(R5nyD@XqybXEqtbw;Rhso)gL1Q6v+}K2OG? zGhyRF#T9)>5&H@ck4lQ-J_E%=spWKJG^zLBQ7B&t<1Jio-u$BFR<5SWE8Hv`yII?6 zhSV3;7d8}ad3h;ZilR~aKNJT4L@O&2p#S|j-lszH@89#V;>8djBd#&}0KxnFGb55w z%Gk#X11~mw4!=3^@bJ)HEb&>*)YHbq!~|Zrpy~>;vnyq= zx*V=XEU&H>!XJ^6TGmF9x!fozDcS8#^Hk$}bH6zr*Q2GR{BDyqRPK4FoQ_3@7w+1}PKOy0w<_ZCEWJWjtXoXq-+ch>3E+6Z0A-|4^V&*0s3)|r4| zcMg}OU0!-P{#0Lu`;H6R%)d&3?aY7o+w>&f`HXrpS78+P(%D1zPG_e%*#7~ ztu)S9+ForwUKkt_qSWGf1@|}Sc=}Xk<&Gzbp3fFi3q3#Toy$xX-NyXgTydbPUD{eY zTk=sDYAu~Y#!I7G&y8bje%YfPBxN@2-vFyAnhP5g_=uEM?nU12{>?T0g{^Q#(jeFpc;sAO=EdD+6OT;s zsiX(fu)SHwy@`b;8d_S!vRq)Nv$n87LHDL`wG{hKeqB~pKgrzc;@TbCz~DSo0j0&Nw4?3wf#={ znqZjX*?NbkO-s%XqP=ZrRFCSY_s+ZYyIRgog2unYbyMcTGrf-s0^TY!*X*fAH4g8@A?J=8D|t<_yF}`8#s0P<{}5SH{d8gR>T*NDn`2rc zinaMvc=D@dk=Of_loT`X>1VdBDv)6g7AY>C&f$H8(4Q~1I;$D{;~wzFL7vzRRJ>$*PpbCdoj#~DPx;G1ilb|x9K z#lNG>*SEu;8?>Pz{H?j>_ixQ=Rsr5d=YMulu!!COm-e_i9_M&BL?fl3pmBlZVNFR% ziSK2F<{@x8Yg2N!(K#5_=z0hQf6yqRWrsJj>>p5Lo3jT?OQ5`DeUvP+&G&FOH#h zYy6+m?q9zYTX$q6iquOCSNl?E177^2twikS9s+lN7AhX`xBwn``5BY&fN+*qfc|nU z;$&E)g)rM9d(G;S9RD4|Bch!p(o;`ta)HKWfl&DSL(Ou7fS0Vd*6!IIOG~awmOX@( z^?C5*P zw5}6u-?xj_E3)yB2TU)IJg0NQ;7+IVrgF<2xBLynG7GYcWjZ`lal{z|jg!hgI z(tigrR|J#bT1g6CpXN$GK>Npu(xA5Xq00loXaBr(gf`kP1s3Zz)fbTSWSMS9mpA=vOiG##P^3>{yWa9a?@It69Eb1MzN3Qf&b8>xxP*gHHT`6dI*4Iw{!>WWi%d=s zQI25PbL^23@JJE?!(qfe%DMjfAhg-EbaBs3=x&ZSNGf)rqIVT-B+M!MdlBlW6we7H zO1z#;WYH-Eq3-JF8$2)+ZMxB6z6a7vW>vG~Dk89>7Ssn%;Isa!t?j+8m1N z%eLqP-(ql3JF25Rg2}aPP$`KdC$j2UA(HB`?QZ_e2(8{t(=o_B%5x-MNzo2h^+GFH zr4ylEtmkl)!O_>sKwf;AgtJ-7LWVaR%nmOEbTQF?fz|r__;~G(RIBmfgMizSY3oiC z67rLDUcBlDW-j|p#Fk~Ky9u=>o8ypOmD<_h!@;MI6u%W~lw}q!3uixoKje>Yv0?q? zt#E3kbP);M!AacbV!hUONwvuTftN!5uWztEPz=0^6rpADx;bUObNM`4A>u15>FLjf z%z|F3U0R0Ag==4XPDCUcaDkbk4`Vjhezn!}>zdcqugW4Led(Y$m3<&KFmo!nD^@E( z47A9=JMUapv%7(8vfSc>g!&i}T4DKl9iDoq2Yv&?rWZp#7qkai5BxFfh~Q4SU`1Kj zb^*Gs_iakDlOFXq@>lNzHzUSoXS7G9$Q~@>7wbMx zd@e)g0$8wXqf87985qC84XU!7v4}ZDxzOfQ#VC?K^q~wspPc1YEC}HsY12l9k>W!h z+T6Od^+bgcNMLh8`~M}d-0(a^0*e>icU??<4p!^IUAx-!+EHn>)zR;;aJ{m1D|g!e zGHi>~XIx0(S$roVg_cFYNb3kzSl(a7v?_l0y|e@pP~0rqcL=;Zy_)BW_$tva9zej< zZZp?rQmj#kd+|k#V4wO24ki~>t<-%~)FQ+8{{E?K_pR(|ySKVA=23!E2@xd*CMjXm ztn}SI@9D;9kNw6$FSmJDi=ecGWf)PB8#!0+ zvRZK)xy`9~!jENA+A8N<@2Z-d*T?g&-S7R@8@P*)d;)i5{aaLMp2Ki2mYOtHr*VJx z^P;;>S}Xzq!2Hj8(cg2mu~h?#?K%a|!HzPEHtgf3CeKivWqrp7S`#JWt~Mvt)#^(7f+9-fH^_-pj$BQmnm#OL1+7&PbNO2SU`fv^_XV-nv}rDwyG z9)U;l#f!laH;CT!>;7@%IBGrH*xhYq(MA9j#lF)q{^q;&r5qaN@=`XW9tVL$RmppD zZh&tMs)i$T^Drbl6fS&VH0b$?faIAe0<}h)y@DQ*f9<0BcCSs_Kl$&+A2fav>UmH$ zxgF<#QN@yzoMWbK)v=o ztiEleai_Dlv~Zb z+!!f{3n%4G3?Kpep=!B4F9KD9L`7xg$1h)^6Re*L|IznE*T6s$z*b;!rbaaVC}9WQ z*Jo?m@mavio+54+EW^OSp!k*x0iLC#qz(Y?8{lj!xFr#4i4n@IyiHgD{J!uW}(i35o+zNMvB-2fXhpM5dQPAN4Bf0D^uUK9V4(bZ{WMlFKp)D zL!cF+RMgZf0MTbk{0#VW@ku`g!7KKO)_@lPI2d<@}57z_}P-3B1Q5^a;1 zKbLh=;jw8wqL)jhNqcS?%j>-Bl1a&hFrBtJMFJ#3pxX7pT;&=oowI{p*3mg*glV3V zG#KJ`vvYH6l8j;t*&yO6Py|Mz`_4XQo@m%kDJ2^f+DhLTja zfMiq*1z=n80A|SBh@hcs7AJ~fHT-V&Y}lTvQOM+THJI2Q%7fenOgg7tDp6eXF=c`b zoKp1CN=Y1$sap->-|Y)w1(!#s-ua_5_Wo61 z>xBWh-f8Gyfs57*VQqv63zK_aK~(#jD(qDF@Zeyi{q0GT%&n4osP>Wn+ljATIl!dR zDX#-7Bt6QFe?ERU*W48Tm@5>l5nYoZ%qNVwLQ`8CQdd`Zusy+fT$A$O)jpI&4?6&V zrTKi6_wR!dR|jJ<@bEyDRaE}73SJ}j=g-y6Mhj_0f*yQ?;31xl5cBrx6^_(r@2Hqx ze~o`cFYiLeg?hWl-?U*s;W5DcW&BXE4Ug6b&3p`m|L)SQTe0*gprIRX$F>9drRSqe z5)Fvq)ojKlChj0If6UL9#K6E<9xc+yl(^Lw@XPjZ2tT46ZDWCo+O_?Lk#Ji{%F9PC zudN}zvI1PwZv7V}kNqlECs4vYf+8c^i<2D=r)|v?ZtKkH24{uYM%N|RKuzGwAd-jZ zR7g&vYP|P}Mt?6gGX|bV2XgLo8dS`1T&3fz^|pDZBY^cPGl<2KD&WY7otc z5QV=&(_X3_v;CQiwSK~9S`E>nHzjWS(_@UsaOFgP|*WyyiBL&OWjQ0k){s8bh zJ<*gRwG1toA0X;jUKh2f{(*r#-+Yih0^1n^Y{{9gYc%c$9}cq8{RgDHh2~xxLmvwv z!5rDI!REKNwtm!W@hY5-k~Z!SGy@K_2sq-8*(XbnmLBU?Cl^9iXLB0yzY`8V1GcFfv7fg8(oynPj-qhxKF2K zry*grj1awM?P{8@JF_};mRNCJY1}lsHF~rQ6P!|Ay>Hp>v7DHWJ8hRm(O#ab5m$1E zYB_Gwl)SD{f4ldqx-CNSUokF0wj1TY1HU)@$j15`|2;THt~;9F!uhXK%lKo(Rgno8 zZwc0K(Kzv{Tc_|M-Szzw4p?;?5d?dI72O|!G>ct}^eUvCWmR*4Bhw*jbi_gaCgcdg=_D9VK%l2Tu#j&u1WJd-J|8l`E{m^p&ykrz(pH#dRTIc~;p`i7FU9gL{9 zrlI-auCu#usTaVcVv`s8Zk6~;`iuEEOSNpc8s~LAlwd!tv(|GOJcX@Zf{n2pq2k0wdM0*p`$Ae8!TCKWx>YznCMTL zZo5$PZdm-K)3&MGLSRMLn_6Cmumn^YtUNP#XsJ#^&*jQX~)z^!2^h-PINSGmZP{JCCFFm^I=>Ro!Nf0xf^g!B}-|^I! zx2EtQB0ivET>^-JVia@#IpBa}L9r?g3VX&d6h#7JtR4fS_fHnd%tk%qPXqtGa{ny@ z1QHL@eL}SD%_|MnMGG4_4^TgwEx7g=K>ytA1xZg1dBMAimOxCok&=9Vy}>q$t^xh^lXje!MEO~;6I{%DM1Be}8s{H)_*obV$x5XQ>*C}kn@-wDqc%GG z?uU1C^e$yBm&2-HEe6$Fw^Dq}%qYO~j8*WrJkD~^sYzYMn{k!|?r2o{5q`UzuQ)8TUX)S zbG5pf;AFzFYIYUD!_>Ro#F*mY%&ZFA+;H8mvQ31!JNK9w!tnj}&y#VVl>OWfJrM@h z#3e>RDQp`>{?6A$_>+WnV%bzpoRmI^;lsE3&)quggsy8(4D+L0jn$_1Ns~v`<$kK9fA51&J$nH{u(^vDJACvCvGYjX(r?P; zHpa2zL0Tg#ty~B3b45kPP-%ro4r@GvhuZ$FbC>f>LvOy(_X^s>((&ik2^K#m%CG$R zUI;iO;N^29e3(4;_ozBItPjVAX4{FwW2irNCJ$<{M8uas;WT2sp64fBX(TL}<91`R z)ue{MF1TzXqlXeYBP9uUt~pFkEOtB;lKAv0GS+IdH)|l4M7QrEfLi9I!Km z`NiQG^@Xks)yohjSSy7TS^FJgwm7NLS!%L2HO}5tb)l&Vy!e3b3pYmro$jY7aRED% z)iTOeTPFo4uMM14FTThTfKF{0-jDLPoqSQLNJfKaF*!5y8lOM+MxPyioEu?G9l=iG z;jMA+UUY}1KE^FIV;IjA_-MvW&2^WA!#h)UqDtw6?}k5{Lh*vg6aKX?I5c)fAuFFI zY#G^gJ0E?z-rhvo%peAfQv1U2u^FXN<#yEZ{H-9HD6B$GHGsp667Z<%pZRH&9Q|c3E zy&`J)npM_iSn2E{GF|jNG_$WT{)X8egR_x;prZ033Mtu`1d=x!!+96^F&tbRmq<`q z2vfYPZ8-;rOGq)Fn`rl7VuQ1xY?mEzlSfLMp!>N{yMAa7DURX!>QAODD#0DruB2na zeyL6$BtzFpAt{&ZW>lO^zhogQ?-4sWZ)U=zM6u;jBDo`R=GRO*LD&hnVT1sAMK&A~ z?$j!!8NHTw>b9lK>B{PT@X?FHC-|!DKusZCAdar*1CRa4R@sYm^$OD2@oNp_RHCxP ztnreBFJXkLFp}k!>)}s@(r=bsVB=VMi1O+W##jt_M4#t+xN4^Fb!kZ#FXnt7Z|M5c zBgFGklD5~iVNu!;w>o}`3;Os`g|M+z$O#R1)GKlEElv!36?^*S{!WMnSAG7mC?N$kRCK;J1Q~gg z@3XjQ{`k`}BiuDq;+aE;Mm0lXV!J1+Ue_e&XVrVy{I1H~xzZg`WK5JgRo+=<$B?Uf zA3Tr6Iz+uG!g$HAa+oBP%89d*E(Dwze8S^w zi!`L#j*FOXTw3T3Oz;jqtl3I3-nZ-WJu7TiN)lU6qYb%82$$Dxk@p&lRMH|CXo0(-DZEFRj!-~&v*eE;N0P!&=UzY%{?9AV(3A6>DY`D%+C zZ=9`U@7bITLCh;^Yh8_ycN0EHv^sLp48KP0D-!wGjax6O!|zq+q?PI_l{iPs&_L1N z{{9%op)TX`P>M#H=B+hUv_dP>NzzzUqM+PATJUm5hT!=9h(2$Zg=}z)QQEo~-jCtC~yPQ4D)ncl@II9wSH&f69}^FhbU4P`Q|Kpxl}(+@BRH8Vk(; z-&!opCI5O#S&)#(tLI~jCxpIVIQGwsd`$eW0OSx9=9K(F?J8L7xQMWp<7IN+R2Ycyo`$A5Qn|lK`|3|`LAwR=yqjv^+ZwV-^Db@VdEGGPa*5cx%dD{#4*};hH96s zAgeykLH^}VE}0YCfJFZF{$pf1-Ph^03UsDrQTtI{Dla-@nQ{7O%jNi^(5)Jca1-KQ zJU^JHvea8H~X|u4BhV;KU9MLK@29LBG%Td>)gS)<71gV<;HI;@d+JWY|&u8306v^WS{p#gG`n zT6(EEw%*F>gBvHQYwE=~Nmlpk3)eMi`H+ebC6d2np!V~d8(=!$Oep5FTSkKVzcN5W zF{Y9z6|xc)C@h97);?5puxyuIdr>;*ga($w9@YDROfjJ;UaThv_YduAK>5?4HMKcf&$Bl3V;z5D3u1ZJo&>>JBVLjfBf5|K)9QW17mlg!RE+<#GD@#YI( z?7+#k1%7@tY4tPBh~D2N_>KEFgT0An-3;pdQRQK|)jvq-CWVAY1Ns^IV#U%?1#oEA zETPa%_G4(1OR2z9uI9t<7XwTWfpsH{{4E05+bv6?V_@V!9>0QK>JYFOkkIk8E*sCf z+O%hjFhvQSdsP3X%zAa*QKtKmiHOqYw{z>+p_yKIyM&iWrbshMxna3eu_e>ZeR}!= zmcp(mx6%^{tOwKwjCsU|1oO5}oFh+2gt=8! z@4L6C{~ryvO)>yL&%`*7DDdm)nPSDT<|Sl4G%p9#gp18SOJomMY5R>KOA`55jbBNB zF6H&t{Ecq&@gjQAp;A?nxM*;isUOPOaW)gqxI6q=<`B$pygc4&nfoM!bj+9InI#}C zEJLn>!)b)uO==L9s>c^N@Mb(t&uBh;qryhdciZcH3bhPh5|rf#p4|tAHSP%5ku}^y zgftX_E8SEF=yrq$m}D|z7;Ts*ZBL1(TvlQ?ISQ>|q?)jYKY|>+*{^Y;^z~G0zrv<8 zR-P?$C!kh)1bK6t4GODe8l*3PVW+~&{59!iIg8z&N3 zOtI}TlV@+Pq?TWKsQ)J0;-(rmkTuyD$3#?3SVn{1fXyN*dto-hfS@eSrvL%Eiw>;K z|GhuE(JNJ#z(xAtt4Pzn|Cp=@eiTRp07t6HwSV_wm(c%8g@0-nW3mbB*PECYbg^= zt@At9utMAF^sg9X;~!m|CgGhO(}qa}l+kRSFjwbw9*7id5}{AJL%rD4vplfuxK96Ieg z#^=D^ZZYS!D>^^tb#%kom^@c0LMkw&mZ;V93n|koI3?dzZ4Fy(M68re0h?7~QRm(}qvMl=i zox#VUh9S_`<%*mHJ3;x8L$iWr<{Eh)6Qq9l5P<685OA4@Q8=t$rLN%t4Pb}@fo$21 z?#(FtB=cRs2DPgXU-16>!=*(-|HPu}k;>0KI_onWwpVTwZmcRlDeCu!#JCoS5AN7K zKA=d9KpQrEP-5N1*u^}YLp3^QK9HWMp26D-zdA2GMk^m!H|jMUs(17y{#Je@x?#_V zSm+@dj6E#BIJ~?0^B6`)&czFs4*aj1Ln~LdpWPxG95ybNW*f5&aq1q|J>vNXzukpd zbS+D@0dbe3OjTnzUvTIsypBUP0e|nw?9Fs-240B{eY2Jt66Jrnl8RuZ>~&44 z$Jt5}=x1a@UJ9};t$%u|v1}rj=oU!=7kbn9A=N`%MqHBa;j3W1vi&8socCXZ<{wUx zPiurtQ7^o~B9E2c7~kTw%_+oHlQA(3sXnTEvuPQA6Fh=3@i9w;!q(t}fELl9UC0vE zh7em!ywYKqw?b6-2;N#ePUMX9kSNsqy4a2E5nf;D1eI+I|Cs1rz~{;(~Q_tNI) z-*92&TF*77V~_sJtq{Slz@Y4CYe%6wBm4hhKVJDlz=$nit&8@<)a6r!`|gh4CtQI8 zQu{k-K7j7=ewyE0}qfIGK)nTffpVYKrlTzYpl2gi6|n0 zG6`wh@-{)w!ex$vFVX1L7=QC|xj{R|+4)wP+TEZEO@bbS(R+2q-a^ei{8JSb(gzf6 z52DDQQ4*H$*@@DX>e0)nDAR~NO(wClpZ`fR5tsIK%HB@8U%!kF!)4mkJ<#@lvdLP9 zLBk#zD>%wPi(Sia)O-NXL2Fs>80UulI9@brFqanaUJC-`Bnb)aCD0TOgMF%Z<3*nV z0j7kWJLrTp_pf{=17s-zp7mfBZL*?ZmNATr6%ak$p;aOWpECt}Oc*3w4&DS^UyUvq zcWD_JvY+fz69YV%`qctz_n`8tWx|Uc+uR-E4sg4_1m++z7eBv_d?sH3BL5it#2iT# zCb*DIWdOBD@8(h`?Q)ksb3w^yn`O4>On>z9qCu@D zVQYYWDkOEd0vh)h<1BT@(VOY8h0oLgc>fc#Ytc>)BgT8RV^_5fgWb~JA1j?l^6idTATG*kXQ9=@o_sQA(|F8>&h6c$bF&J+0@?i+G)lW- z+uGo+ig7J+Ni0oes-t;0Q}eL=@Ym$a-<4#Ndfx2RGnJ7PI_K+h2Ox92dz%cIY*AR` zvVArgsr3AB8ocF{i?xVAx7VatULmQxNSNjYE%an4nQ+V<_A#5TOV^?0DeI3ZU*(3?OGb#IOGSc|2`te7C*i4Uy_< z(GmesXUte1e~2MR;+5pPEwRcukf2 zT|P5Uv}m-0t|%;j?@Ajt+U~)J9lqHbW5V&8tu22Xr3Zz!J)a_9?((lTH=OuBg6CtT z`UD_2bWF^+On&zs#E797yJ7kJ{HVF_>YORdV&C3E3yMF7D7f=#3(TA5+LFoA0=^k+x zYcQv!SMl}9GbD&u36~S7^j%wvM&+#kN zcXOYk9EkZeJBl?~%m*^nb!6H1$hvJ8104(TmFArFu4UAgUdlclv95O$OZ-e4zn=}d zx{F>?EKJH%9}?_#`$;!#dvcBuxmQ+FGT7r{r-nnbK|+b3_x4E-l1TYJ9K0b}{yy9E z@$iFCVUE4pxoyJM38e-I7L^G(_)1xn_&W0Jj8EKV{B`O-TxaG<&8Cx1(H7(@TKcI= z%WC_1KBW$uvac{20|i9T;0iu-s`wOpIHF~8c6N4fw4qXM%-ir`64Pif3b;H$bo*Ju z(sB@PtD19Kx4u5dQ#$dn41p3nnhv>b&ok}OQ2E&^B_{zl&5E+v2EXVA+KQ7tMy_UD zq*M0jxeFqqGNl4X0>-dWM1M%gS2SW1aR0Qtysv2${%v$<$IqbxTR}F&tpm*LccvRz ztrlHlafx20lJIJHJ0=$a?wL(TqA9J%I$3I=j`weFvAB+EP+Rwoq29YeoR_AiTm<1jMBQFi)hWkxmP^ zc-m(a;fT7U7bL)Hw#`5-Ht{ zjfn}U;Of&km=JmA!^H+Dot6i4C6rZF+t@F_tk`Wt5HkXJ-+sgAAFjyUOm$5WkEv|G zO)I~UJHK@BxpK2NHil%Lx{QxD2Ms*tiY4!ijJeBc+*LbTgk`kv$vsXe{Q?2k%mB+! zZ8n|=_yif99U{pd&_80WByW8IT8a{S@h$2lTEM7i|LP{c7-GQO26k>GD293zGS}so zjPH1K@G+I)x-bvN)dtWg2gAiFOgIK4eJGLa5t@~Qk_2%Wn6%pmV(*4a(nbnZBsNW5 z6$dJlh9C&&g%?O_#%lmrj2n>rqGwusF&mt=O*kTk*7#LGyG#dPOq3`Fj z33~z8uR5;e$!D;kn2@FwDWWUlB@!t-E4-EE+)HjOHIteGjqQx)9{f?uPcLzt!Tl0XGD=i<+rf=f7wbzMX!$XrypE`D7Q_*zJ_h|EZhfC2uqdjd~NA&8DetDTPWT&aWREU2_S_OjPM-yL_BGDrf5W z!7~sNetG`;>H>~9;&)pl{E_|N4mB8S8_W#?Lnc|3*>1S&6~T@vW9cs$!%lYM&KjKA z3vs_Qc2{g{;>vu%^^9`w8?Sexg$c45FV(=AvUS(M5krQs{>Y!)R$V>R5+iN_ z;f1IItzBE=NOtAk{}pmwVrLQP4$$eFgO3hmM{y(8zh7;R6f$RxmJH+zkDMQ=yt`Dx zB!21Lys)-?0yaA{Y0?@4-%3bGsPMD6x_TmlRZ#rE2pY~gIaCAGtDtM)gf;9{#yt5o zVSt3oK$W_ANL0V8(KS|6@y#hu1JD0z7Cf-5fcI%N@2HPAM`B{3fS_UgAn1eovl8IiSw&}YsDdrUvRe`x>B+41ba2sG~Jlf{tCd?8+QHD#Ck zQQoREom(TNt@*<9l|?#bnN?T&5)%NF0NGc8>NnUy8Tm$meg=y1g*;vR$bH1 zi(Cx$oX%Gz6vuTABm&cW_D=3#HsApoH64aKI5=r^Ak;_A$EOX>Br$@MOA8kHC?ofw z7UK;y&(4c|E~lMq(FG^g?g8t{24hb|7ZIV{!Bk9gDL31Gpg(UG z3h^4PE$|=EEY(4S6RQO?B8kgf4KRkucgRCUef=HSlp zJ2{ymSC&?#ug&lp0b~QVKfQ5EvJMCv!Q3 zpbh}7g0V2f5W#g6_d7U^^9`44jDyH5Y4`K#4ghW(1f04TF-xNTS2&`>2b=c6nbJQq zSD+aXqm=Ri@{+vB2>0#L;o+egp=#0Y$2I_8$iXxzH$_m(?n~+|dK9VYMn~mzk6s&I zZy?qgV%W)qorOhyMj^<29Ere#zCRH3T;j#VjeINCJ&F_CL8&ZLc)~*}=%sydaPZ=v zR`FZhygv6HA`r>TTvSa{_4Z^F!)X5~u&Kgy`Ps(R6%NN2dxeP>8euP)TEp6slv}}j zs0de_32))}x!}QxZcN_%&kARy+D7^AUu3hz`dboqt3n_v*((V|-knv?r({%0WcpB>mvn5rKX8v^Mni{g0;CC`c z0g2nKpCK{WkNga;e}&jN9Lu|wHkA%~86$&*{~cWdWr6qQ*Nb#fd7Z+Q>Hy_<2NBWU zB+v-jwNgmZ5z?=)S$4pesCsg02s3K6{E3CopcX-$Lm*=KyiBKoZmA=;{q)b3bZ6^yyZ+k{#RoT<=s*^9g^q^<1BpjYDy7i49vzJGFJllV`b zVOPKxPY&z7fePbGzB&?nQ9HO!LeQjBbbE3N<-t^GCGCa4ti2M(gJ}YubmlTVF7_up zawn{_G*Q)gp>La{dSi2ooVq%?!0ib&$c))14zw=Jo`*tnzGqm8CYTFepZ@Zi zfHjc5H{9p#a%KIo>g7nmXBt%N#H5STt`x_Hm4?+h=^X`gsSK^^k24x2suhjZJZjwr z!HI3$^19j;F#lN*TF)IT*CMF}d$}h{?rv^BSr`T0?>~Vxe4733@oMavPcN>^CPpO1 zsK2uq;WM{0s0f1QL_EO|_eQ`)LoL!Oqe+>ghLqX$i3mH@XXb=>qe1fBw|2J*`!k)4 zQ1}-WfHVlGr2{xgm9ngn}#ap2Y=~mFe^QbuC-r ze7|jl9SekuGpi{T0y z#uv)Q51vrxdS4b8&R^B)ij35TGVJ_@Rne@P_bq~5P}N9HOT#G)vB9Vk4c-q~*Rp3_ z{lYivD!qzx29*!!P$FPP;90~dS@^Jml$26j1C$F4^bStwgW2a$LDo*;x3q2@7$M1L z0zW=MVoEC2dkU%>Rt9(ND;!UlhzCouutr7MrQ>=k^)IUUoK=N82ja>FAH*_qii~&_ z(f7qc1ta3*RQzbIVMeZnI}HX$vQp@?#UX1KWY2?nwIcl?9eo&sv)eN`{hfWcwsAYb zXKZA|n2m{vse&kh2J7_GAZF+oA!ZIyJ{(oA_0H;G!Lev#u~XU6mS)PS(h4@YmSM|} zvuVGD=ld0snEm=CW#=*afKj%&;H#_s3z-NXf7MTr2<0E=-+5Aqfcw1t4C(0TkS@`x zW(do>-;+}bdaQiu%%8_$F{4XsT{*z#y=-e~?o0GcN@1!Qt)V#Z$~7^!>~QP`)|*W~ zN%>`-{{&j6qicS)-QN7P!u6a3`rIs#E>2>(rj~OP7Ec>5_Vj=4elQFAmLZI;JzJLR z^}DtaT00)T0>ehJ@)H;RP156=s8sAx83Jqbic_kE3dmytv1*Futa&<#&}z#Q=Gna1 zjTCJ3maH)3zv&26U1}UwgE;}R=`WO6v}@-PCnl=saxMzgbQJF*G#3UT>r>@1Q(VhD zu#6)ZIw?}8W&f}gg(twJ85(O{n2n$CxH5l5u93`bKs!n{=AIncxNI^jYNB|-_+XU# z)AQ)q_8oimN)j`!ziaq2+IP5EOlLu)P;T2}uru$hR?$0aD_rVNUugSSEkSG~wOPJ_ z9yL*{=op_}tX5zHyW=Gtb4dJj(-=#i!fhfo5EAl{js*t_lyyjK0iVovv>2dX`*UCb zetT@eBq*bz*6mWeuGY3C6}^$-_-m*};m|+5hLd1Bm{YnH~+{b}G zwh2xwl&C!HK(OaV!J%Pch+c#pIE(FQ3EmQ5+m~}UUMxt`0FN0amA z^jf>ZWWBR7EY?wm8d3!8hj4RdRyyXH;xPhwy+@y!UdM3mzvQjbPOiSH-FHp-2VtJo z5O6%FYkQ(H;o0i)ay~vmF#jzlJ~;htGFU=nNgCyZd}w+9due5hHL!0hGrQz3G|Ema zzbTTaVriXWM%BwG#wwmg&e{7G&X$Klu3v99VNsT@Ev&k{W+zPD)0w69b%~A5Vt;Ik z%9b3wwqfYA0(r`F%f}`nT<NijGakwkt8ZTcH+QO|59BJ z<@3O4#14zu)W_1`m>}EFYDIb1L?@&4F*14$GMVQ0v<}V*5Y@@wDf}xmD>ML&m}1&h zT}@mb*_wlghP+B_A902ms>_BmF+8`PO|Q_rD<&ppMx3L%sYQeFd4UZo#P6DkWi8iQGZcw5v{F53EL2nuPd!j5@OvZ*pDSa`9;ggsp3B33Cc#I&&i32pX#|#z@b*I%izjvFp=VQ zXgOIGGf?e*XBWAao@nOjG$05!B`A8Sdc44(sT%Ylr%o1lDGIp5?Ky%R@;bNU!lSX+ zt~G3up6!e&+6C9lg^0EiA?P#udr*QU`>YoX0*SY`CVS$4>@0;e-nJ>0+bep;lZy@7)x(f&_AqZ}zbduKOnO4ZQ0ic?8 zvj-H205&=Kt_L_6Tw%K;?s~eHZFGA+0tn@K@%3COJIW0V))@kdZ6Yp-kc~OK9`ZaN zo`Q9eon?{Q9Ih0wKKaRSWHi?B12`Cyl6`z9;D-^a3StbhkYo~|RRsMpNwC`r4madn zf-_6;3W8Vh;4sd8z`MLLo&!faBo7IgM-bYXCb5Y^i)Sf7Y}S1DBCpz*ND7Wo3t~d9 zf}*DiOkyBzWCor7qVE^Gfp}%bK=9j>9YmI}UG(=j9@QB7YWW)RqL(!#dz(r~&O9M_ z)eJZd6R)myl))kPNkXFA_jIO0^5Q$QlWX5FMm2WY^8|&PQ;D;j>$QWQNk56yg3led zq)J{o<~b&@1ZGuE84S+ehkkKSlAU_O$ln<( z`szNfC7jQE?~b&KdwV`(nt-{gLP12%LGfL^i4+Y$Y>gLpz$+$7pPA2St+sa{pdv>6 zzT)jN1>^535rmJ@kn&6st6cd+y0tg zrgMAB#CdZXnt-fC=dcy~5I{6=@J*EJ8^jB(GVWuV5$^n_J%1G&VzYdMh=llJA|9Zb4kDPN}B={sRwe3 zhiD87Swpbz@}%j=_ezth)-QtGoJe`I|G{X%=O|G}5HzR|QF4^8&49VYi6pAE)!pia znvue+=e|MII3txqiUEB$j|6BIR|y$%75qPDS=3#4TAhL4%~N_XP1TlY_wi$Cr~%b* zrFOy9J9>to|3H6CQ;k2r_3^=g{aj}Xatsa}F5-v6WCZN5diT_4C5CMYCE&(^>p#Gh z!J=@4#L`xKG++7ZFcUA^5+F>wtd@Eicw%MY?W)@91r@w_;MW=ayLcSqu|+4-=z(AC$M4hmBct)$?ZlQ4^*K6XUJmXOJ{|Nj2VblR1PML8fLZfk2pDt6hws!CbM z6d4-0W&FDi5&XCiVq{g2VUC7$i<}(ibgU>t6j1-SU5aU{8MN1#)LwxL{jw(gKSf14Il=$thp+ zF-)@?6f%&K&Z;0UaaS%l>kI!S2Lv{seQ8L{Iz@D8W^b%k}X`^NwMn>0b3B_Sk;8`>8Ro|dUS(|MmGnA3u?kPs^t}A%R&FVTjhKDy*)zrElUtEDMbTU}p zASsjp=pE4oy?ghr8`_=cU^o1;AdwHAR24d)Yr^{inzM?I{qsXWy1F*1{o46C-+F}% zw79Uee_wkVu^C;3t04j0GduG1_8!QOO)r<>k`%-f2=iOrSyZ;SPSl?)6iawa%9yr< zHBB~$P9VoqTZg@YSY20*BHuj%z(Rr(0m?g}g#vZ)FZN2XX} z17Uq3N+5@4(G(CW)c4lFS8c3{jhC0#qKVP^OD@hoYwNfJb!)`3bctcHI3i!H>wv6m z)?n{Li1hZ){!=G8hx*U10S3$)kV?~s?$1r?fZ+^A`I?d|lGjRYE|J*FkDAFwc&mX!+ zj<)|4J%0SggZx)9BGm!F9=MF%&#!SFRH~?V{$Cd{Yz=5x*;Acsf^kyusU(j7T0_8k z-GT6j3r5iQVR5pns|%BzU3TC&qK`I2;tDMH5Lj-1_B&wsS<@$^rAIMH)5PvFfd?hV z0QOqZHeWxEr&g=8fv)#=T>Q`d@$>t)Mft<9oPfhZ{S&L>RRy!`62u=ki4~xaG1A3z zD1@N_zDR{VaZD5uXTJ{r)dbBeC&9+at}a1;|KV_(aRS6+0?P>Q3Mrt#9tYXAgMO1f zgN7g6*5O^X`)sPfnc-K0CP(pit8zLzIziH<=lPM@q@%HeAZSJw{t=fU?B~Ec1ntLx z;SZEIojrnlZOIX3zS8s;jsN+DJWk3L*AeG4zm_ua(}8VyYH_6E{gaYI-xi%CezD50 z{3_9Z{19Viv4p)2VYbA5;(=3=*#rL{o2%Yng|~a)_#QQX8@`-btx=VU>-C zx$_SO!OJ6;%@hF4hp z^!-hJ0Ie;nW9DLBwn4&BT2*dzfJEXdf&xS627kKCb_{N~og7rVq~4Jcj$w{$mnfqG zG*17-`LNA5#3OF8GL!&AD~q3fM|t1?1`-Ob$Lpz-5D0p1p|fd`f-)0Lvk~Fp!$eDT z{jGb66m6&NgXjc@4_T(s8v$xF1Jp}jfm9dO zM56?>ycXFz470(V04m*>u2w`2U#HqD-X{@4C z!W;q?X|u}L`6|DtO)NiZ%AD_C_w9P_edu9m>HOfMs}B@pto(NQ0bEW1dsuRkCobUQ zrxf?V$hqiO!;u#ahqTQ(cnM#9De+6ld8lpVqVa7r+mf?+IzQOkwa?@F%kZ?XuA{0C zdo6&3i$KB}d`m_3X2@&9ajEd!kcpxz!=;AiuHj}{37j}np}fSIo++8x_CcJL4ahC;C8XKsfFR6-G;$XZwU|W3aYpgSm$ePP;QQA1 z1}*zIEUEmu_!-P)-gK_TiRpOxA~QDL+eAIBHmUaSC(m}lQs*vo9yN4n@LIDCEYq;n9ilLmmQa7`T7Sf^jY0N- zR|^XLs^rAOll>KEs0OWGEQ}c`=F$DebZ?%CTgu#0X-<9ID5?4Fn_L@GUd8B_kkVrrAtt6f_GOn&OQp4C#~N10SbUTG5Y1-(*qr7v zufu48j<-sWmaF7Zku&rhbt1;noN1w2g(w8Q6-m-ft+LU3I8<#CbeYv4=eF}U_nF(3 ziRnC_UU%MQ6%f;VyB$7~=;iPtOoz>>b1;2ERXmZJzT#CgwSK0i(%CGzmx&I()Bn6q z9!GR*Cg}KBU+f;OcR?GM?)BwmcTw}R`LQx~*R43r`&#=e%ZE=He@crlQP!M2?KyU6 zNr15Q)!E)3{!UAS2OOwr$FY6ZVxh-a?{mU1pbe z{00cq-Jx?3s*F`t1A{bjCh?Q-7*tKm^G&$plApde+c{PdJ6pnmU+i{cWq#YUB{kN} zO0Fp^Y0)Ssyo1zKK|(#~(TXs;*~4_s<|VG!>?86zbp~n-3GHYeV~^ZgJqGez!S|yA zoj`Ea%E?+Lx+s|ybsl)>@4q|CCcb@3$smD(nBS`?~2w5^G+tAwpB` zu@VLbMF(U_b}2C1bhPb-pAX0H8qkE0>8hM}EIlu7qq8<7$UIq}IsCmQW4OZdl$swW z7vr<_E_NNJLm1U>EU$hI5`HsWWS6buQ5(6%FPeCE%AJNGx+|OX%lx~HXKTyO2OX-S z5wfcjbm-vM)Kl;C9(`jmw|c?79JcKbcG7YFXAR%d#{%8vbbka2y<8hvswv-))$TEO zIrOmmTMWMIgoViHC(9b$R(_E*vNsy(n6`^oCFfhCnj`k9@jeyiR}WbO(}cd9t~;(~4wZFJr9aosNY&|^rkl%x1| z{)~v3W=F>P;*OigwB8$i8rgOq`RIn=tro-mPq(GYkkcEve^9L(Y_x)^ez%R_s8Q!^ zWj5QgIgpjWQ;Yh!FN*Y)V<(;~l6KaZ`SwPSN~mL(Ixz@8)A zEy+Pwe+U7%I8FqW;3z1Ia!i{OX(kFVU{aQ&8XU`VrLKoxv-PG~d|GAICFXPZ;K)2& zpP5~M#5(mUK(Bo6Yf9H8F8H=pm;Bt`nm*($B5An%Nv1UMDnmPK3b8>Cce}<;0pGi~ zWW07w#lw-Ib%*G9|vhRpH02*&beraoJs&n0_+O)K+5UdV?wfZ-t*Vq zGwY>-#DVpYJ#`=jZO_SmE`RU24b9VYD(M@yiL|ga#Wb9B{3(Z(?YlZ%BrSUcnCt?= zgM;d;V;EW&m=B>Wf+^74S2SN33o+BQTqrE(P%swtn7re7U_h(!_8Rxv%zB{P{O4;G zc~&xSgpGr5`uP3b2%UZmZu~}FJp7rmwMVU#+WRvS^ci~k371C7i|&km#ITn9Bu_{! z{dubFL!-pEi{%+l7$|S@yr}6A=8X#s7Q4HAd_s!5ZSH85Sph|^_!*HTFU1M#q3Z4& zT8zl!{FfGRyI{pokC=TzoxQ&DS`12goTrf)odj8cl~o=N3&Gv|+k@Qp55icChpIPE z_vjFIJ(`Q)za}t>?V1s78jd<*Lbj?p>oA#wL}a>(JM_K|m+; zX(M?J?;WrA&&>WgyqzPSxVm_|Xrn3UNQBD0^|0n+dnYgyGw5fq@Xyu9rDn73zmi;uZ{a9&)9+9g%Hh_B-ocgNiks_U|?49Z2;k z>2lW_oO1l`E%efgG4gAr+k^=FVf|wv6Gq2sT?OodDKZW(t#4|FB}u)RJQkc@B>KAG zXXw)lH_9LxMLH?6xCmQg-sYzdew3KOhCKfsw|_W=_mqrdRkZCDG!LVVH){rP;HvG&d>1w^|P2Y{c*rBy`$PMOIoO33h&#k%! zRF`kdsvE`U@?D=uEW6%y({1br;R;E}@qWy@LcV7aH%f>~c2kSZrqu zHSe&!4Ps+Fq>UI_*fJY|cvvczsW<85MJ8?6LWK=Aozq|5_$-{h7HU9IdhPWi<6rA6 zcVo^^x3q7Q;(uld&<=0*ZG5qR`>o&SM}tR!gvK?o_?2T0+R9VaBVNft-xk}(&$S8!1}oOdk>z>w3_ktoW$-j`*pG z_kH=nu9w-+T30@asc{I#mXGOUZh9~Mly#l}KS7;On*qzNU%3Mdn)roHwQjooPE!#C z0xKyP_YTJ(@x?9pf1i1ZFYCLIYyl=beyV)XXrm4>D;r_hlyQLJzki;Eng_c&N%t{v z1kajm@ax&d7ycG2o1hvqH2n^ie}-P&_eyY?e8de^AZdzAGf<34+4)3I4$I3&Z!mG) z3}3Hj8PmxDmneu0h-Dl!enOUxFnf8&{4@bq+Qf@GD*LPu_ zwx+C(JKZeR)c?BAZKx>r&C$~_D=ojQ5IRD*Aok0i+aABer6UOP^OYbnjx_ju`-qn83Eab|&e%&R=+6O={VFY--UU8er6M*V zr)Oyx%un`^!aHc1ixJ=60K8pzVAhD<<2U#UamM7qPoVQ$Kgu_(KWP2uBbn#|s;kV! zDdG}gRV5{z$W7Mq*8yDsP233H&9nOV!h(Be6WNagIl;TOxoY<>dXBuIf36?gjQ9aX zO#_ls>+IQNV5R$ZH~$}S@#}2>^K`cunq0>yM*iMFCIX}*KB_oG?+FlwFeD)!%w`}} z=R*zwQy%0H*nLpD3-b?rKMGEhV8>=O`T_jC>U^UU01Om-KBERGn7|7%Fp~VAn0q+@ z^xZ3ns0^*n#==s@Fx=bSy(ag60rW9pZCT6gS9~69GXeHyh`cc5I!?|tZ_bi^7`e*` zj5Ll7*+t0B0Brn22(?|KKQy;g*^;3cN%UW9+e0qv9fQrf4zdq_WBL2Fa?$1wwF?Rg za2fi45IR*yHK7R3fzbC~ECJY{8XexS`PdA70sn4>S?Ia4pT)+OolD$f4D6|;rF^Li z0VO{Ntx4c3wf=FuFoPR5cFwMSU1`^Ueg)vZsM7?gqF_01k$v=hnXn{ysY1)fnir%F z0OBFTLzrRAK)G41W~~XeQ{;Xf8=HJOM#f;AS7qtJx-eLo2%&|*hRB|upYO?ZjTjw} z-_{0%76tfqo)gKI4D2Ej;s&Wa&^q0-Zt>7i;(vE}zk!-sbaA>ayhe7%fxL>KvE7T? zU3Y^H)NZ##tebO4F$T;)3egsEDbBu9m3DoQ$;0z5a>*7OLrp_RXFq-d&aAR$u!4(i zo<&QB{Roh%j54H^NO{ukYN~Q3oA*>=N!9m&P%E4puoQ!*Dfa7nlmR`sP}WiQM!jkb z^Z_@seejMkU|@S!E=H+2eX3aF92`Rh$A5v9hJl#4Q5vXEQij3p5hy*3DoPz?qum~5 zSKyZ-!-}B%KQ`YcLEKXJHN~oU!gt>V+6MeB|8QR=y1-JGf%4C+?^@8WozQ>x8Ek!B z(`(;e4Sw$vE%}$FqFzETPdAwZS;_@OM+OiDh@~!Ml{hvi0#LK!!s_a3#CBJcMJOIQ zYj+v6r(1A~KOIQQ_Ef60JL5hX_CYX4GIunYhGL8|KAe?M#j#ij4!um&jSz_c?F zPUhcystN5pxOyS_XI#hspHn3cu}Nljr(}~kH*T&Jrn+( zbBISK^sypL8m_AR59ao}dkLfh^X?^B3Akm1%? z319FbmZ9FGIxF-M2sw`Cl&Wg!mDtz^Pi0im9Op*@Q~^5uLlPtVYL9Y_^5r6Z4VK63 zUl8X`U~Q4UknZ5*kVM$X$U}eti=_#H)7GFed}G-%oiY~MqW*lGfa>6I36HMXR8xw< zO%NeSHPcCUjGv9Ag`kJ*>*#Du+JIvxm>)VCO$P&Yv%X-V*|87}%4}3_=>1fg<}f0jw_Xg*H!6pQKJY=0p|i@%7~-c;P@OI928#BxhbCu6jwZ$Y3JqLV@UBB zuP(-67Vjckbzbo66tCZ@or@b_5#P_Z7%uAPI+Ee2bE9-+bLZ!Fo@b5$0zE-*RPMR1 z)S@C3FhapkIyPR1R|@Oc3@#q+~rU8;< zLHRTxMc&)$J&xA;4B&8xWX`?ri$2d- zJ_{CpmP>t1Lj6_fRCcwqJ z4Vr-vr%>Fb!ns67T{uKxH`5-^%nMuji=476q*-6!wmi-D{m9{jW0fA z%b3wUJm>G5O~>(kuKV2aM^K3!gSDwm2a|N9NGT``HNbL^7}?o@&|Bn6-QU;u4cGhm zzka3B$+`w1jrOmb8ls+)VuV7EhTqn2S88;xiGWDp$aUF(MwLD@p^FdM4?SpkaT&S0 zE}jEYh{0)ZuQt*k(irru8_DAYPUj?p_4o)+uSDE(MD?cpbg_fRa$a0@=(Jfqt+KZbEw=bYgDKpxwJLFHXTRFj`dxR~3*k zS`vW3u5n~dt^cK+|$K}Iwi=y3Ai68fOPVkO9 zSUqz=-Y*b+mt*pzpheA9NdB(yYjs?dxR=uQY+SE|?;iB~qik%lLpHCoaa#-sUP zr?C!RMcKOEFK0TepVw}kJSxPDDd+2vjqK=&m8#O4nK3i&F7Sf@ub#LN6nQVf+0dT5 z1G-q?cwK&Gh}?RZP95sZhNUizQ=Ja|Gj)a(t?G+;m~=a*o=b@*inQ+fOO|c#i_L8@ z%5xiN8S#EF=qAet%k+2ei^GLfbn_6+3rvc>!%X-UhFi;7tio>Ld1Cdij(*=cO}2ZL(9u)2{Q=q<3@O|Y zhP4 zI(XZU_;2ZKo1YJt(dsXM&AX~-Jk)J+*j+a9^{aN^IK_{D;#O2SdM}<+}$|~7^;+<>9++9O9qjFb<32CX8n&Jf2vbC zZ7%#qKciEuGm@xs9?X->@L`YVqcM_oiVUw^);3gVpJMq^B#X2>uOB^^rqV~A0?qq# z_56NXYTDm?bwXdi+C26tkIjsl_r`5>hF!kb+QhULjdXa$*HHqWZ=3biPJ?RWMWpZI zBMPOMbHpy%CU)MyXXXS%y6TR@N^1g*q~pWIoofWKqdSJjlkl~qdwM}yV(fbbI2|Ne z4*d|{p1|4z`gJIK;CO7HmG0!>zZpmquE=v+G=2J0gJz|_rF}!jRdMFNFF%dvKbNt4 z`#-Y^ESoCyB~d~aXBayIgDe)IRyWf~JyNDDushIDr)kFe%| z%YX=*ylHi9N1WUVchE)&LVtSK<$T)tJpRPfeUW>c{^~(?jNx4)WWbZmh zxf7l_pkr`@tY%Ld_2R{gbiptXu3vkr>lg90^@?0|2>LbX zZR=M~x7@NGftG*mqkB*^&PXI>E4Z@Le4zIZ-_+Tw_gP(aApOCenD>^W%}$RR@S1+y zy3=oFbwi-#FSoV&9RaP177 z^MHuXtDo z|A5WjafzfL!zk0qTjwu^=@$fX1X66BAN(wYDVaY$r|4-K!VqrNe=osU`2;Y-htk?u z4({?5RUDe2z_bUMG*Ul0%iqgT{p6+o`nHgkeJ;PJ(@|8(YQh5MFc34YI@q#q+pr;u z`iHWH1y1NpMC9_NXlc!Cg1EM_=hQ&j61C9nGv*$S5G8g|IA1_zURMX`^&~O*M@YoA zz4E%x$zQ9;p(cv0W?5vD>+l8JFWdnMMZJ*{BoL#W1sU-zHV}=#n1E zQjU4Ez!{DSe8yj@;Rb{pO6%0=%4&3(>Q-&X>B=cS9|_VYw^mcqdl4hvy|2Ct_*yy~>QwVB_b(j6rzh z2C+y+%d&i>Rbg-7F+n)2_SP&iPXO>3gEw@z9;Xm!D~RugP8VG22MMV6>a40^9Tbhk z@J0nhRZ%^c-=sR6ypvb$-ir>bU%561C+xy?ZbXs!Vf@}*ZDw)J?G4S?5$tLae;OfG zx0Dx7bTa8}($s&W1}&v)KKFHAlOzt~(On4IAt^BzCDY^(EyHYitvb|_fEY&6GDvIm zD7(FAM(+n%H=z?7 zCXX0Y#6eS>e%E!G8$isB(9@5`0HE{lCy|&6H8Zk@kPdwUn_V4^Q9EeK5y;>cUjX1u zH0ud!t9c>BJZasN$PR4%qP?#Xh+hx3US1>9|S`@Sr7-_;nW?hb%nwCZ~J_Utja4UiRVr z{PK6r&on!4UWsRwK3(zi{K!i6ZJS#3?V=*}3m5K3UAfW)tov5eIP^)zEbHA2UBB)+ zh%@m-86s%dP`!_nVe&KgD*z1bm5V3=fkW3%9tyj43ffBNlfr)#mOYmalBcp8yKh57 zP0bCHJ#5I*H6YuzIQ9&2G57-+;JzS5CKrLK+yMV5%{xW16|lF?Rg09BlRjwn#@b(f|cvbgshP~!>^<)#y^85Fnf3?^6=g-04 zK=8}^0eCe>O^&93_x!)edcoPSx9t?)=4TPVy+3FW?8E;+L&Yo`P>8?7)P>K;M3q0_ zQaD`JA7BKY3<%A@hcE0)pY;E1B?bV~wZhDxu>ycM7->8YD!_EamVvwwfyEJ9y#Ihx z0ZcE3KXZL*{BH+80GAzzaR@SPHnSa2IHUpB8+y7&_J@Fp72qy7@ClHR_{2n{XzYfW zq{E8`U|JYVger%^`gcb$NXTHGNZEzRjB|iyAietl#?J!3V-F4$)t;{bu$_x_c%YT~ zr^g;4Pa@p*Z!p359%MLA7NCB(e!xFaWTzUG;82I19Vs`HJ(!pU0s$HJy>4!JQh!?N z3t$GYpWlG8FxyM{){Ps7pu8KZvO9&aPT5DUfX)A3+|Tis zy!Tv8wm5mE=LpjUWNOPFfYZVWvEKND+w=1BI)HQT;7J(t>{7(I4rWe0#=#+t! z=I^d$bzq^Q##`0@S@01ng2#@TRm8cB{10Ri$RZ6bE&ZiJoNeu&_1+94%8Zxn%ya{W z;0^pyXh2sxL?;dCrgvC)p8wB221!UkH3jVz1gPcL&fC2{#mdws8|gT zFe?#+328Rc28@?ruVitC|9}x)xR&t$+AcXWL~rTe_g*i2xeRRFURnGH4}_Vtda_gw z(uv0Zsar9OPf9YLVu7>!E*9|q--`@*G{=)C09(pNlUEMxa^1hT+kXj6b`kR~TWCfv zh8}E$RKZ#C{Ee@_>9M`2niZcP{%Z#r?pE*n0R#HEf06Hhu~Jwrh|-o!5ZodEi#390 zhf}QVo(;|*xBg3(Aq|5t@CX@W4SV2^YGlHm`T>Kfgb(#U1edCcO4QfI5iNQw=u2YZ z^)T=5LSPovEmZ^;{(DvT_Zw;DAnYK{cmGJFM$;&unM>|QOLx^6GabsZi8ozw++u3+3zTqLDy9GsoH zZ=-Cu$zN0kSydJn3>`e%MU0VXkbzN_wO8K0eLD}Q1lxl@i;szxmKXS^G{_lyKxi`e z&n6*E6?yaOxrAd!e=s8!s36GGgn6g-o1foAPmHk(em*~TUlCfs z=C`mhtYBlo%?<+$V51Ov!GN$vMMA!y8m4)?$A#cKq*rNm!e#Vc?wc?E9Y6vY@by54 zz}U!hRd^)G0It}ITTAZ&k|+WqUsyJDecUNtZx9ZP5$T(C!~lh+i>P;I5z^!TxSoty zh%iO0ECDs@uflpmtN{XE>jpq9e%i> zv?>+mrKcd{vIiVs)?nV5_&PlJcG68~-Y9Ez0L72@_WJof4vl)DZ@;YDWL=fb>5|e2 zxiOg5^{pO8_nC>>(RHqLzL^AF*2q0WuSYEPX-wPOjwCIZS^06SO1Ue0@aW!; zAv33_BlQMuDu^+PS>c3KgO;263@KFldU^(KJStVy)iIwAa>|!yY+vfN30j5OXFc#L z44<-NoN8Wo0O*gqED(CYqzDz1t(%~91{EM%syPN00oXHnbQu4^VfZNQ&d^6VsHS|IY zxKus+DG$z-%Lo92oact0KfSmE%PnmNeCDQ=98H{sYShM7}(ca22o;m$Lm zT1!8a#R=V_8^}Z|c)~`L{BdJMU9=M?3H(>4D>#&Ogw0sE{g_rvf?AMfF5GR+&d%Dm zMv*RtL5x1OgHi1jtal%m^y|Czh+@su!NCi$>$(9{R!Im8vfI_-&!*q*ELH>CTHM0G z`La}%xcd7)oSU1=YJMUNuiiu`u1hb5i`nfp^RvgTdrE%*AWm7CdZVmURy}KX7^?lOo?h=!<+}h{HCv4dq0=5 zISbU3D+$p7X`>1UKL6ABgF6T#P)ow2P|!h+qI&!J z+cwj>Dxna+e)^Ags@`!>%E?()*`awzj)!_?!Q1EbC=@k|aAF1`GY}zygMFaA%TsVJmWTFg684}Mw=9Ms2yX3cuZ)ZZeNB5>bYy`h z!D195kqh)`mC2~)VVlUdd_K=Sb)A4ftTFNM{Kyy<9I4Ycowc$tp2u(%O zg5z6}xbI8(ZEThALr){^_`!&&SHdsYt9(;;ITgY_BE=8j4pQWAA%Dg>#^G*Y4)t{w z_{8+?z)qn$;!S3EQVwbUHc$J!a9`!<*+&s?|(W^4s^579h#6ln&V=qjRLhiz9Nv*og-J?{na z+$xV+GuG3?{E z`wO1RszTl7omD}_Li@kqowJrpoLu<*N}$z41L?RN(ZWx^ZDiPtsHtNsOr)Mtm{IAH zT{G3vb-p}i^W=o1qG}HphUwu`30-Gp+sHXZ{+?9TP&EV8D{yEixxtmEEP}=e5^V&J zRvQUGC~WJ`Q1w++)l-{Ai;AuzgIw>$4k-M}iCash6gOuWTr4=V7F}g&GEF*kwK1A4 zM&fES_CAlP3ZIbGsmdd&ZHFEz_A6Zx;y5LG{rECG%c4&U8G0v6&F2LyMR zNLwI9eWi&rY*Vo|+Ip|e50*g`eRa$eNhUCB)RSdMZG2+|(_FJL@44+tNZRa=Qc0%e zbA{D~J-2H&XQ*NqJ~#M)sJcYqC8#Md8gmyom3oRdWDRgn8(J)ShZb}q&oS<%6kuj| zaCgT^lyHhH2-+vI$?DNBBK{*ZyyY0xIqLY)Q-^r>i(LIqMMkj9EO_;eSIyCaHPR+m z@q?Tdk;zIcpFT4+)MQK>hlhT=DtiC>k}-g8%WaTz6ce@2+1fq@x|S~q%YhtPV2XeQ z?2l=x!)xK+KiqNsbcSx|&u=~2OF*C^M}Q+i0y~!X5CrbBMgWR31?k2AlCSJ$^b)+h z%6%DEqM`|lfely?g|R#uG=%Q$+fV4`;Os0$H&E>s?o4>5<<>3DFn_X1TePGr;$C#t zr9=pazfbh6Sh5EOwte)`U+^DDE5$%!$6M<ByWhGZo zh(25h^G{uWo-X%sgqmn0!hsOc@ta|w?HM7!m9AVDV_qidqzdZ@-+abN{^g_&WpB;3 zm#PM$$VI;=Y(A8>YE*8*jdZp>P7U0(GmjyNy;7w6<(z*tNOcQ9GoI1g+jb!g+umNL z8kW#-YmE7gdBI#u|04RA>yYu<9X{USmV}27j^Dpc@7Q?c`$wjJir$k5L^F`v1*r8h zerf|$9;ZV+jdV5=->}#1h(G3g#vZ}Ig!YLDZffE2FwSw0of7qXw=uLfGrIN-!yP@b z#rt`D=CI`Mm)#2nj7>`gUJKF+Sx#~LOhv!GZ(+XDd<3k!j z?35`V8)1y1owzV-9j7VobsT>Th{0lk1AX#Y1FR$yCvBUjRgYNZT9MTnY72Ec&R5&o zrj9*wRl>%wm}%E)6=bY>ae&xMpZTd1L)#hrQ*&o|2EAqPCjH?aU)RJ|5;PXhYKy;P zlv+mA$Jsyd=r6$RaQbVnn^KMwwrGATie2kk=NS5MM1Ty{51y0Ar5}Pbyr^uhNi?nH z_(K!<@zp|Kxn>nnxd8yzVh$?~kfSdrNMPW2Hk=BLc`#`Hv%KuQKv5Z8bErsWP2)xf zc6Cj|o%4gQ{NxvM?ta)fI1xT(y(Iusr@pJD+z&)-T@!beG z-%F>S(+7=rX~RyAjzJvUSZ2CLp^Ud?)7v+r z7+dG9msz+(hTe5HTUWvu3heb;R}Qq2XkdruVAwrzYM>42zVb&gD@jy$KI`>F#I{(a z|7!NE3BiaP9J8GG5ExDMK0;I4APs4i1ar$VbHv=TsQt3p2)FUY&e!df8De@)oiDFC z!P8WVksYfNRNyvzv$do&zVkWfhXN_@eE4XT*GwP5z~LyWwc}9s+Xa4mXyQ2iN+3K_ z++wjvJHv0h1G#W*E>=Q9!ZJ7Bb}_RP+rp&?CT5V=B$|Bxqwm)CiDz>P0y@dpFJh1% z>RdsP9m2?M<4LVlFuXR~d0n(xEpr%JsJZ(I3Sz2QU?MywEv=|sY`5)e-o>jK-6tpb z>*9}dTOIiN_JJ>L;EH4@SNJZE5spByUO>>N;#w% z{ZCpuAl1se8NOrs+rJHf7vUEArZi^e?Ky>yI~pu(*+MtGPa}^w5R4*ldTgYv43IH> zrt<(NYvWzH^%1y&M;^IYEH=$$6@lCcCkV+HI@5&o?fY|N0d#Gqbo9YqnjaoExPJWN zJ;X0g6*T3-T-!>{N0YV2#V!CK`hV8hx*E|8zF0R8d9me z%j2EQ(0rMG=giHZJbI*6sM{|nu~jPa{PWZ&#t}>%svggi;wI02ugls;Mz{oa1>YKC zKn)C589xg02Ew*fnqNIu-wE=O-fA)OO+Uz;YUp4P*rD2-5EpkS@Wh(Y)(F!e;H3k6|G-F6v*`CB%875$AYRWfC zRK)>$3uu`if~wGvHPH-@MrMYelC<@eXYw69d?G>WuU5Y(cp_bPxG{iR7%2FndV$8e z+l`N^X>C>FO9c+daDUW!uJor*pJKq)3sWjxoOJxc%*k)r#iO~APb^!)ERT9lm(zR( ze-6VTwbqclUwV4s^}-ai0^I^jEt$W9x1MOSGivNWZ!oYb`7ay5C?=amt@rsARNVRG zv)nPsV{ngMFcNpzuKA>GdmkksL5L`r_$-Ea`7{DTn2q-ZnrOGl#$ z|J_ZW37-=;?~X{clQ1inT9#1nh)pX&dgNErYhJITpTEhYAYD5+cYIEu*A?Liq}-OP z9eReFIJXEkHot!L9l5N>Quvl<00zLyD=L1UtoK>;t75lejQAP$^P92XBtGMrt`^JV z20J|EO+S7%gbn$9u=le_dlACUI2)&_J*Q{jJln)Y$-BW#{N|_999M}9hqv$=o%cOm z2hlLv0JeIHsijP`X~DX3SesMq23`u*Yc*@bE2VIi8Iz57&kh`HI3ctSyXQZNw~uYn zn7PC%Yxa;!MqN_fOr2(WD4O*IimJjUfQ^){HcH*rnNK;6hlY`Wyo-XAn3SM4IvGsl zKA_%)TA&!=Hf#!t57wsCb)9_JNap5Q({kpAw|?_vWtXisrHik7`YU3o8lLUA(uX53zR$z~x$#ZTRo__+@x z+c#2%IF`hKh$p$MtF1-j-0on@CxrBYbpwU9_*=x5&-_fWq3rdP>DQA_b{_P;nKugE zbj8abI<@MOtieBzl<}k%pD;@mr?-R4ea^(=9+Pz#BV|vp1GqfKEyit}-fy>WOVHjt z>W87a^_IO|@P{DVdiP`LC1zhQgsE*E=x94}N`b+QOc#$lRynbK>unQAY)Xp+DAt1Q z?TZjl5%`i}yXlkbTy34{V*~0t7c4%;4UlxSZAV;EGE10dC4~-5WJ)1chq!{XE`L*4 zoc3ZQHs+;bNJk0#*Nmemd37op#v+mlrLeQCu`I?U>^qh$jT|Vl3O6+=%(1b9T_mH( zE6nmDXOo6Rt&1)(sYBN}cze0R;+Kedvu1W#m#wsmuWx-2o5n%X007YEIgE)XZY>?O zXX>JjWtpi>7SuIS!FxSgo5afD_(-K1yHyZ(sGl}swDr9M!TMwH*DAXrAHE~!P(_54 z*FljZe)j~tssdHX$(Lb4S*MuazXAJFiITz2R*`57R2b`3l>9veg)|-&> zlh4_Zu&h}E5^Eq2=uo_Clk##v3IwQoxf#D4&KryTs!hl1>ajmR%#S!rH&mu^T-Ie_ zBU6gCh&9r)mSw4o6fG(F`mKN97*lh^kJvRl)V}xQ&}+|^RI*P*B>ubC>SHC(oV9Ku z)O{F{MQLuILLd({5)G%y!C1Q5OF{E^u7rc3#8aYLaR)v2Cu=lvw4X`4sQ(!x*2e7d zg(|aC;1k2*oU~jW!1ng&0c%E$t9DPy~BerW6im?tZ)phk(L#nH5hx5i%)#5pdizs9@R=D+98WkG( z6Ju9nIx7~~?b8ZVZVYY{PUMf0_m8rE#81IG;RUL3sN6b)-bs+Ww9~-pV}V@TE}}{& ztxnJ~`J_nBRAud%y_h> z|13DAsk9%T*OZ_x(@u%GlR{X?tEFA$_#C-*XLN=tgs^5sj;BZK9G^eF-FSeA*EDJ_ zf0m}6ev6X!!;Hinzwd_1^p!fxu#hwSxvzMBq04Uk*j|Vj3jJolSGy2>?SQ7cC&8NV zvSNTj)|q{?ac+&iluUEt@e(T6_ti7Y-u2z0Ouv;ZAHop89%8kb0Gc_&P$DYFxw9ce zFpbaJ$k&3VZtqd%9mR=kE29t z_80iw=Yf5Sp*15($@;cjxsQ}cBp|47?xsIc*UgGgJiq)_m|{C+xtTXsN>OoDOzLOp zBYdJh20qHU46v{~YbU=v87kybsP5U5wj0xoD|l~NQ;wvF>z?J30wXi-{%4u!*|3Dk z=w(dS52AX?7IOnNTMI5>)hdyP%88eYKD?bD6fS*_wuX5}-dE-E$i44P|D+Ejm8G_u z)E#8HxK%eiE~mH?q945VqAT5drb{QCGNpz4QK!RvtT4G{W3CA@R@9Vf?V7GR2sDm#8sZWu5Jg1QLG{F88 zPC=+;VvPzpQ#6GNN!LCNrAk>WCFkLGMLO<)VmIMwKQq@P58g$+<$58$=pU~KXX#V*-IzZ~iq88B2JKG9`Y&VA3X zNs4A-3#0lmP9=8qsZ)d!zC77*$zsQo?T!GdP?&JK5y4{IiSADrMsvlL2$tyINhD`I zs%?1@yS1=!fF=tf8E-NzR}zUYaa(N!+vVl#WL^@6X!U@|^PjUjnWslFDd_!BBPS}m zJ(M>WTyI-_ewWCO+&FJi>}L4__sytBsivd;8frUseBm$vR`gjQ_sWNkw%47?-(_ch zITM_`7nQYNF6n>)8)tg1^E}q>*!N(?8Bg?0!a%k0vkKvp?~@}Xdhx5{*gSnL(xkq^ zVF26#au|f>wgH=RA-8QGq4Y{pimGql(}xTGu>=Ink&OT!I?#9ZAAdSio3d~}nsDvql|^<-ibsWza^suiQH-6V7Xjb-F?jlcDJA(6)IBWiTvPc!fr)lc=4E2`wvq!ZQg$2@r2MA70DYDz#8U|_`HHP9aA zY_hnYzHsxz+v$TgEXV!JgD7HnybGi|NjsCMPQ;|`G>VxHXWoBO&G3D8N9N!%v#V|H z+f#gBUny?cH}S{ac%?PhREXJbI2p^={*;%IyMxOqpPr_pEs%Soz?QZ{HB9-SN|-X) z&1q$lU#Hx78Xnk&$K00gOp&1^m}Xo9BM4b$`o;iH8KR(9x8yGQTxFX5vL-L8LPuXN z!%+%UFD^>5+Wc|ZOMQX|^FR&~5D|`vS~iqONezw=Nr%U0UJ|#lVCN4yiBXw3l|*ps zOz&la%PJGV{Y%kiH?y}(a*cDBas}o~5!M!{TYUGDIQne6t|URl*a$_3I^>=-cXc!} z#OAqznN&&%HTAY_@#=S*wKLBqx_&u@dVVcg7Ki5ll3-N@*L>Y6XGFIJ3U>u08~1~UciUl8F% ziC?mK!;!H1F7*3X-3_NXuF3bh5(i~fJf5|9wWyuOzD^dM6OW-=BeO4uE-7%@(T<8b zKbSyQ;g;o26i7~A&}m)btkT17#+8srrlCS8j6KjAEqCP`Q;M}$2+4=}oC(QaY6T%Q zQ^xY9BUZ2an0V|2niWL7MTLF5EZB&7uD<2jP>hl=qMG13Wh1|DPQqfM^Gm0G2|-)@ zZG|77Baew%(MI?viYjw+(pQl*iiN0^FtwSexF`L%T1~JfkVqV;qAJmTAwyoY-HPXG zYBpZ?xe_MD>%^m{KWNh10wJs?!WE=$MI|};WANG?;++H)5*OvmCzo#QuwhBMPK8ta z`1G@pBUxxThiCPTjC1}oCPEZR44bRD7AK?BouD4p1EYclh4i%2Omaz~T&2gPm#0z` ziIwM5OYW^@x;1nrDZb_N2)}$x0Oi9*+%dvPu7<~M>B!X>aANop)Gr}|NB7M|ttm z_AB7rM@%Fpm(*u2OFgxQ*`@h5mT z@>Qwo@lG80$|2IJ(`h$7!F$2N{m!GhTY5B@EAPeIDYs{G#NJP34jTJ+TDSj1g+H>3 zCnviu^8Z-6%CIW8ZY$E=-3`*+-2&1n-O}CNNH<7Hs7QBrmmnbBAcAyA*IoO3_wPA8 z+x5;hSB*L57?=26VqXJMa^L^mp&BlXK$k2f$2N=ck34p%8j0|A{D;<{N_7KPUJ*ga z0{kMnlw?wSEz1Q>TmQi+bZg~5m-D5~mXbfgS9NMueLOLT$pSyY9kOId0%3SR7Qj3b68&d7sRtuYgHWg>W5PJ(Hr!OJ%|l6 zr*~s3NB`>!9ZE1}m9O84-F5POp*gHe80+t|zIgYLh#?7z*(pTmwwgE3zFPYED9PQc z&&4P$4SKA?-KRbo7<<92KMCOD&IR|4B3bPrwqr4=-dA6B|5%fyytq4meT*8Yb^Sfc z;&c9KXAP0E3o@{&6|d9ZN=6wdodk?QwO>-XMQfGNY!K7dT%%`uO0e&x<+5O2b20r7 zK%#n>(;#$a(SAPY(Y#ZU!ynnjzuBEzLAPe69f&cRVTc(fG3U!7^H?c?0zpj-1CLYSRf|O*OvXKB+?~?ug+3Ofl0*G+`IA{MCqU_!x|F5bfk{L>D6YqW5I^nPQ40^aV$xj5|(88N_Ts=faB7KvWViQmI^C z%QzXA=V~9W!rjp;h$+TmGwu2t@kYJJSonWC*7+HUL#p}d>4iDU0fpb)j41;fjw50u zhBPns3$OkLdWMk%e%b=FX8qsGPG;MQefDqt0&Lx7rrX5^+GJX{2)lBmaboI2MC(OH z{b#Jq|Nq@CRp!qz5jJhxFUDBBeEUacqQ&A>-i6b3V*1cSE=qN3nkB2trbrhY<*jmXPf2sW| zcbDlWJK9q&L___OY>m8Ol5_>oEh<2!)YuCpWJ0Wc4W?ufsC32=@w{zhR|n+2kcz^- zCxA&|0l#2C0#?79B3>ou=+QhKnUG*szAj67l)Q|5|77CTI=R z0{qMJ?qWA3FVFD19e(Q>z=i67qbrc?P<^0gljPN_p`ZI7WDRlt(%P3h8>c1j2ag|% z=f}I5GA$+uqf%ezU3cW!3qU)*^X#cY>#M4EYWL(ClfV6$fO_G?i z*2xfwfn6e}m@skR;8Av{Je7*k=Lf4|A@hgwu3SWF*O>ehWBtk3vWVO99dk>}y(m*z zfO}^E+26OIrt<~VM>su?bms&|zo5x`fZ`TpA@CutGNY03e}1MbsT0SOl9KuYFn0)3 z6gV+6v_?*33>pUp(AarOj|Q!<8$J8{PE@D&XsZ|%rHgQi4M5rfV5sHEYOAd<)^j%? zZH)aV_Gvd)2KdA!a9b>~5SkPak(UQ}iml-f)XO({$vCac3emfyXkA|OuCZDO_taZ9wzOIBuF_Q{hWk7W$@eJ zUEQ0*tjE()?A?MR!Z#XDbftP~Otw4Ex_Sebz!o7TGgHUa{`ZI9QVrbOMj!xy&-~w= z77((^kSsXfym_mzxYq7vIb9@UYdQ}kT<+6kgcGXRff#`{>;bUmE$`;YkW$g!CyF0v z2h8kr|5{R8yY`nwDLA%IZ-Tnr%787a_Z{2ASB0PX&e_~d|P2Xomy$$Z|<4qzHxqAns6gKro9k4XP*JpvWJGMk-h`1WWa@7O+pP+k)-80e9(RF;#LNXNHY4b$bDHcnjOZo`C@XKOlfdSs^?a4_ zJR@q~rlcpVgU5`bULCUlO6763TE9RIR!H1cx)%jj$e{lVeGA1T^bOrA7XSzcIbuu3 zz^Bs1OE@Y4if(%0h{#9;;6Oc!;|2NUGaG2!BLY#v_(Z%$#QWGm?9EshLO` zK$ZJ&b6Osg#h&*14#Nlg4&%^#=ZZt;)dkZVQ#HL5FKKR(9{&3FX-2>Y32rL2JL1 zZRO(9S%$G`pC%NvHv3zoX%yYX=8%KZWF(_8_d9=nRVF6nwI@L4D;Y}z#9D2s>!ib< zNYQ%z95E@)plzs)qSA9RO=aFIrF%(8cHW9SJvUQDvygaAx0dCNNHTtMJ77y0&fI^y z`JFA`_Vu0^1i%Fdk(ZG~z13@QGK zpR6&>epS{O)geEH+UjqSclU`GNT%sbtVmXoe5MKF?aY3B@kl0 z=@?q40f4lMc1GOe5q0>9MQbt&NX~Ns>tUR%X;O497izg84-6lK6zzX)x%Z$nXb8WvifK;fsuAl57)A61@)nFgHm`` zrf_w5v*?dn{{|G4l`Xv_Bn^OGJ3kS?yRiDR;vqFG4{8}N!g|Z|v({A3E$=x0y0Y@e z%QIHaWA6r%P8XvS8$`?)Jf8RKh)H$wN3SBJa87=P23M8Z;6kkLfXsqC-j#oJMjs}% zY$={>!{f2?DjVMg*$942{ceG*d-_W z2CF&FqFKM;9x4snwLMZJ`0LbTF}#3iOTv&mp4w*L&i;Mqr%A|V-zvfCg~00SAIfEj}ZeNLHQirNVrWbNDh<)8g-kL6;~GO9I6r99x)EqZZ;|dNl<9<0Sr>8Q zb=v&2jXsa^b)1vI6~IV6*c6z64R*2cHUz#W-(A(|&FC1)3ya85q3tW1fJlQ2w`?84 z8D9!!+XjSB_CpnkaX=Zy(3!$tUO#I9&RmckAqcRu%Xr{m9hG2$3D=Sy|NV|UrT~sI zP+LL|;|_$bHhGVFy4H77Lb4;#m5Q`x?;FYnWoCwcASqxsej~^XuO)`Gt2`9%Vy}fE zaA4zfu@h6Ce9@JSRJ7&?Zf+dV#&xA(>pc5fvxO>Ngrx0npMN}`U#NIpXS@)J82DD? z&`Ky~mLh2@HHG^};7R^wFi3?+gZNE` zd1@k?*4v_4zd5WlX|-Zply#$BP)e(x4ob;u_3$Lv5#U~ye%^b6s6!1*oBR}(#(+MZ z?i_3vLbj5U`N7bZS+v4v%jeh75m*L0r8IwKkJAi=x23N#nj&DVlYY9Kd zf7AbFJ|$zfp_E=iF)MWn8`J1CNic|A1&2UPOfnE2R|MN&I?lF1lADWTlBDLQFFEqd z5RHI=V3;QUzt!y-!slL4YKcoFfQgSNIp?Ev+bEn)Kr099c0Y_@;WJ z&NJ;6{(txO_7UGJX{*(DX)0KeO--&J^#OU(=ZAefwU|6ZgVi2 z&mOOs6arkOo&yfJ@2qPBz8uD22xMmNf=f1_#X)ZEwP6dV>m%33lZvrBy%(bi(!km_%_lCmWyetlSJc4AT(Sf$VUvf$_GZzj?- zLS^+`n&s8kcS9TDEy=`pi5B~V40qt1ei>X(u4AM(3}l=z7o=+fbVG98Vl=yH)9=ul zSw&}IFU2)sdfDU1I4SJN4PJIM&qL|DKZJBgk-C4Ja=(zFV)*YFL>MINI_Ujl!0Uq5@px7_7!5_I|z>Zw!b z+Hb-7WYX#Ud6|XQO})+n{HiCO@BMDpH{$HNI3N7Fy-0K6=e2(=JU;%(arzA;6E*7Zu>5Le@M^W! zQ)m@`-3!a-f~XZWSJVFK)%#w+tMW|sHI`er*5LZlR~cy?$ES&6Kp(ap|u zJ2U7^E^;PJ_qE>@LAM)E*za1Y(u3FM!h#2G)p;gnSO5>HWV^KvGn!90e>9g%l=Sm^9&)2~k$`Su7?m+m#o zfb5DNyr@vcQY?@6RUeyvdaWo`hI`q5{qRjfZ51GaYem>N1Kq90KWCt&>vPlJUtj9| zSK4DAcf!ekzn~nyd2wF@r_WO5ZzuSsR>&>A@U z8Sr9(F|F1Gv_ZG-0)e85$yQMDQ-?Vqx*v2Ff38kVOQR8cd92^M{sO&*T1%3Fwl0)$ zB#zuUeZ3xH2kxAW2TunxVOQz3ycRMALJ$oz+dJkC>)%qe^cu^fL3S7G8}P5 zcV$P`EmH9V^z_4s1jvOzs?W6(11{-&JsH4uNm2rOy?d)-o8d>CZDfgh`rFIrX`%k(caj=_&t>&cvV z_l~X4+x>&dh_y)3Lty{dEwAoUH*`@gr8s#FOM$a5=y6bjB(@7Xv?t!8>O60Wc{m3P zJlXU;ivv1}rJ~T@VyKP=za~MN(ly4bUII-u{Q>`aEK=|}_JC;q;2Nn6ioFgz;QtUT+O5%C5?1K;d0L{BkcSRfKZ&P za_AMbXob=d(a$*&u<&n4DYk%v7ssj!`lA&^4iNBRz;w{8fiN>?x(PL{_RG=4+b9x1 z8?H`4EF}GI(59~)e?ioc^haMUL_osxU5Yj=@W+nG=Q_l6bjTVyp~o;Ap?$OXs>^GY z&AD4*m*B(_^bj&)elQ~ko31UAeuGV6pgef|uzhEw9&qUJeb4+sg{$QGoc2No6j1W0 zCF%tCV7}4QHwA}M>&vNPNN+I-2|-MJkZr#7zuvdGlHB^%p$jNkfFxNa+07aYD&*?0 z{5S`3*XL+Bw=T>$RTM(rsPf20Tr@NT|7{=o?9*jM_>*TZfDy#_H{^`y_#1rNN7D`~ zSy@?y$*2bL;5V1+nEWc89>{x%p_ia%>DL1%h^p%5@Lo7bh;IBei8q%^5-F5_?^}23 zrI>cB4BJtfZ_xZbZ3;tb_AB3G&}*JZ%gO27F75cqQ4-@K`}Pvf_#WMI=(XB@nLtBJ zp}UkDd1s1^FM_@f}*Y z8I_X`Y2B-0Z=ZLbr#T;&-wEV-sVEP~B2ZeH$1)e0gmJ{$^vT^|{>uN{1l6cr>LC#V z&ttrP5goMSB5bT?BGgIu`m;%dKH)C}A~4uRxRnDQ%2(A9M3|5;Udutf6Z3i`f7r=Y zt+!}MB=he2=QsRv?u&aI+r!JRa_TnxoE~txxUt`<^Jf+F%M_{RwcqSUdukWo(<+ni zX)9a)c=|Vi3*&bcX<{29^0wr;l!Z45BjwvS(EITqEA2Jz!QcB?-VC=s9QyUQ>fHEU zit=7J@A&m!E~4$7bOu=lIYl4%JKeYH?D|QeGPUt+Ih{@=V5qzGa1ypwBbU6SJ6t&3 z#6#ZGl7THaESbi_o1BE<7~{aOTTNc_kP7am$OAJVb()@Rhmj)j{cJB!}$5rgG(-&1V&sts{J!pdDtoDZ8>-xkE} zcJ(JZiJ=+A<*SF{71a9<^P1Y}!1a(?^8Jh8*A-o2ZN8d+{Q6BkpnQ_m!6)^H=O>Sg zWrv)_om&A#Iq$T(_(-4&>P1<_3tFJeecs%!w*f>-Rym)d|E4nY1xrl!*>>U89r?qz z@wAr43#pg&ncCFzK;O;IVj-k1zE>eVO1=Ann%SqQE1!iDMe||$LTdR5QbRVfAfvd6 z-oU4U756-Q=x?-voL^UpDx$$BlKW<1E{L)Z-teMc?k`#9ExM|jxq-*YH zLeRdMqPc!Dr=$zqL*iRTg{SCm`k+M*eHV-o)k`(vTev0sL`;t@~x=Uc$vnODmlEQjDbrxg9 zi=HNZ=-?}U`qyLfA@`dot0Y^8nJ_jS7x8g1yiq$i$!&kO7~Kv&41ab-sTqQK1v!6^ zM%H1yj?kgXCvGCo%L&*MLc7o=p<$ggsR)jDz>+$}E{eTDJ?k`W;)N_Kq|Mu04}~c1 z&HL~(Fzbgev*L(~3F-O63!_1ANtl8f8=D^uZxQaIs*Dx$=$3Ehe|j6kRQYK-@7F&{ z%u`^rpfTOA|5Kn>?JXRqv%uW(J`?Ks4GkH{I(4A2FD!fsCh#J`i*EwEFmKimbhFAZ z4y7aplpenS63WyS&EVVpO=K-Im(>LOYM1-w&Bu=v0nBLnD-><_;lz;CK1HpI@r!u& zo3+*%a9@R_Kpg{__SfQ-jotE)AZ%g_lk5G#PaPQA1CC%(+pWnbBn*~Gl zXA$8;2Lo)Y?fW)lXA;-#uy&G!!m9M+kA!UDAs0zPN5x*~QcURjBXQuE=ZDkRQ+0-6 z7?JQ*y`A4Es1E*_k^kz|%-xIAsc=s@a~&U<3(L_m)QY~gm(D^{)vlAV$HGb5{2-iq z$&Haz)GPIpuo>9DlqEMXSdzY!oj2=#D&8-bfyS&u-pSIhS9|WxbLm(8x;fn(vwgrp zZTk8ZtE?6L>Y@+a&XwM~D#M~6Mk0p5MJUV8xV+hA{(dPj7v9vG=Um#NB$Fk`e`>MG zMs7vrA{8!3T)FJxz{$S(&>5X~3T3UgE5s=)Uf7`iF|m))2UHdspaf zKV_W|_)T|bui@&Zvh$Sqv={aiu2;HOv3Bfqdg);DCcZuzXDRYhfNAoSts8l0@`J;p zsH@4hs|VTXQ46GFpAB8FNn4_IzCdd|JhZgDV=lR3d8<&A{?8c{2$}G(SGbFrxY0U^ zZ2hNbSA*s2<26jParC%@NWWr?Fez=y$%4RucV{VUy6 z<12ZUh@c8~-05xAQ12>+CeP?HrvwH};f^W-Z@#UpjgO!&ypt^7T+^zP2#U5qAwyX; zRv`mIAFR|s5k)Tb)wfR=I_Zh93X}W0+=M|jq%r7E3;mSF8w5HSU>wWH#p+|khnt4E z!F-PkTfT>d-alQa@CKF&OA3*c-%2BeQW!8uGb8m0^kJ@#eH9GPur}EoUArx|{pHk1 z9xK}WK3P*M`2J5pQ#R!1!nvls%Mb}0X%}-y;})Lgw`JSa^si?>sKH}uWS2V>Kte=` zS<8Ts_lnp#GEWd!dM7M6zD0rOEU1AzN?|%G+4!4vEF?hTT)hnGw`KnJ@5B=Lp0szo zn)=WAnzOU80ubomrdZ0VVT8wqM$1U-(=-qc4e8sDUJNUWj+A3xd`0?UzF;6-H>w46_>+ktV z>dX`;rK}Og{S5vnQ(!l~kzYF{yp|*CJZVMAy_q<|x+BxfrHG4atiFLzM!|*}p>I$Y zk__|&`e_>PBRRJGoD;`2Eoa%q5oI&`bR7zq6|}*ioPE@1RO6rSl5eRV`QP(P> zwqXl!b(6QNBJ$^X6!*VVAbbr0LFZ3&*5q&Fgr}xL-(+ph2APFu9PSup9*E<5IA%#& zOo7m6DV=JI{g&9yB%M5DL9(f5!jz;+OY)q2IMZBl2$4ny|MOOweKQS0=wC>@Cb@pR z#h}yNHCN9iZEJrwti{`ZrZ!@wyBAelQ>ZSf4l9Ad3eE35LMXErY9oBmj$|bVxAUf4 z!u$3X$s1=-VIYPAfi4D&tmPGZjD)5P+8^5XosY$r&UriD9mFkAVixeWdS}w?kaTWi z{}>))KVL#N7?6MI3>IJ3658+~<@-(JjL45ef|wseDY9s&@L;!I_f~jfrnlC}3q^i= zS255@R)7BKMc+T?PsC~)C!zw#(w2cub`u3DToR-r4nbFPGLO6vNBDDj{SV0l&y>d)B78;gzyPGsgMqsYPf_{Jt%m$ z@#aEWh5~r;=-R0|sEBz|U{yfIj`t}o%Ajf?u&ONdy*s@zLg8A$Y*`9qe%@_{d!O#D zRL+{fJ9T7}XNX;0X&68nPDx;WvnFhav9tH0UtobD?7KK?R4V^frK2|MbhHRwC5|MB}>yhqudA*v?MD_8|_Uj~dI zl;|3GNwn9`?ZMdZgLe+0P8;txuyd~V?gSHe&V>{AE(JTts>ctFt7baX8kfCkHmas%VhQ?34t7V;-^SIUve0JVZQVc*<)hmr{Z!n>lM@3NGp1LCLaiyv$ zW~+H7H5t4N9xU!z6@#jGgtb~Pdf7D>om%iAN!;@hE?C&Q@-{RoxY>I0HpWcoa|-Y7 z_4t80Qpyq$V2VOFsK3K;m9zH4ivM|^AIj;zda&+Sv3%)Rri7>jMw>85>E7^7!6D{3 zsHIfm(9BTYZP|zE{XhI&Sdka()GFq*Uw_dP*QUX6L~db* z_Y6d3_Cw1G_{Its^kc%0AgHVH91^R;I;C#()8U7U=TA0irzt-JZ;1`(G^4W0ge$Z| z&$5HBS|p!jjXx}*2RY}5)=pLI*Ux8j}lW22MQQ!W#va<5>rSR9bHhsTUBC@HvY420xFiY!J?`keX zuyAIj!G4)VU{E}g5NZ73&5#^<-;>;4ar-Qd@JS~QGFBd@W=6ur(5H-I*h1u9)s6!! z3VMBX!Y|^h)9AW)R5klhChH&&$8Ep%=rD~ukNaBHe|X;3@jQnA>#1wz zl(_0-%2gBpa2G4QzGoyM?Gu&#C{mAcShpM-En0OWS*RW9&^E^l&tm>=V%C@ei;JH1 z4+c1RcyrK*MgSC&K-2IAmzuV=b|mOJ+zxtqAlI%k0Gy0>J=4>efF3abdWe#8bNyu{ ztoWOOIFk3v(@iZXBU@NlG<1}uCM5*}kp`QE0)7{&zW#m{WbF)UCMIOidJ`HE0o&2h z(Xh87siv=^69wA9>~^<1T`vJoE_J zjb*be2!>Eq_!a6!%pxcVtMH2xP)&hI72dKjUEQziPk%<_sr6b9;61}G@~OYr9eEUg zt(tl`3uJm$>F)kv-zjXcGjdUz8)_2%c#lLfArwQ2>37!hVDDZ}h{V;d=KXxjnKiuB zQ%8Zc~C(+9r^z83{F-rf59Y~T1u)La`nW+hU@)dqKs{gczjEL9^6!6Z^ zhshz(YjkX^&`w;z*6LoqADW8jT?ySf1MhomT-+~fmw&$%3;}Sm3~?9;v>)?KzP%s< zSoXrChpX#Mz7w)FU07%+ckRPe(6dH+=9VuYwamfnELqXQO0=|qoeu^(k~Fd8;I;h} zs>JC?fcJ=-Xq8KLXb@OGV>l|(nigKZd(s$!=vS>3Ebw*3!JAUSYr=*lEE-hFcBt_m z+v*oP{6bEjk)?&oyH5`j<4L`Ecb+mEqh&LgZa*8n%h2gk2@UNo$Bp;kH%f_sD-PQ zc3w^jebU`gGV>cK+FAu7Q(OJ$Vgn$Fj8RDVF+gk8?1}Z_az6zgl_F9=bjNi&hQx0zqe-i1=< z3$(rB<5%u0Hj3q-zDDSHo1&^}To@sb7&_X6QnKqKzU|WEA#nCI+%xknM8Jy}-|3j+ zGQX#pt?aP!rwr-K1xEp&r@x>5q@i!Cu4o3=^m{hGaW(@_RSM4VG`)A`Wf!$#^eDy= z_7ZIE(=GSTK|tFJ=|!{)g-JsMQ!TqvCOFrL;fSH8>+wSI_yxygcXzj@v2hTXRg^_| z$x2I8u(4GenoT>iRyR9uNggkQd>;mmF_`4!LB7XD63niDQVNR!rB4vF|3?G|zf#_8 zlw;zxn28N)3DZ)Rb1wu zhl)bX)8FS~j{I-MjDH~sF`T4OAb{2@TI_8MJ~_EguY*g zK4oG44D>iJXsh8T3D^xRyhdn?!BVY-BV{bp3CVi0TiZpVK`497N>GnMFo7grV>!$v zD~ow=$V{dvD5#~owPYD;ylS31YIlTenfDTOT%Poh=JH0Y#Wkzzp%|-xG`kyD}txu!AHE?Cio;K-f+n zdLRiO+CPsv8MJ=>BI4i`v?n3VulK)mEh#BQTPNIXB~iBA8IpAYB?0{~Ym7L1O+W*J zsQvu=I}7i&H#wJr+&~9ZXoM1}TS4dXr!#xx>YdZmYMyX|2^Dia0V;pi8oR#Ve6*-@ z(Pb08p)@+H)q-qmTJ(R=76=K5YS9y5)t2+)LY=2K=Wz(>p;mnEwegT&;3nFBwD2F6 zI(Q@V*D9-|NZn>8-u-{H`{1u!>mMuNZ$99#ez;v3i@&-&e6y*Q8$De+e+%Etw%s;B z9cJ=J7`H#oxg>a^x_Sm?HzGVN6J^1oebAE;D757$0GlOw+GdjLJ zod%f$(Wg)QBD0^%|96k?Eir)}gndHsFdadT$TpP_A;w84RmTA>r3<>XW)as}sA%{v z^)40&@f`XE<3m?pGL2@cdf_tb1HI%)4Hm{f-HmB0yJUe>fuc z8Sqj2aEP#^?Shf9V8?-brKJzWO*pyWhf&l}QBZ!#+6o{|z-2ESG1uAz7uA+_yl1o>VdFZYzKB;sbZ2jS5Q-1QcI>sdNs&DAwW07Xm`6j=~`G!#b)<2!fZ(U#6 z|JB@w;x?`}z#_G>Gnv%;u61N4y9LEITD-Fq(Jhdd>kOsIWKqggU+^x6R~fm$(r=!f( z&tw)y@$6s`RFxWYS@pp4swxV?Mnt#I#L%fjWN}WrfGGM#ykT}A!nEw5UE|qz!`Iak~&H4 zeG#IfMsVo(?5qZM>;%LpHIHr1&A7DUH4A zP0EjA4nR2Sn>8`xTQ^tNhV1Spvt$QWcqswmy9ur-8>-nFixL)lKOeLkH;ZgWW=1?c z^riv>*OY>SpteWwETaQA`_z7RtWlg56c=Dn(~h^SV2*%1NVOoWx(Lp_I!ZI@F*W7L zb7$F^sVNn^j+X0Cvox->%0VhA7wu}J%JdLFDVL0-LIIr8uXK2*H5#b^_c~sJ@_u6? z;^_G)cw-5r*U*vcOlyG58*h-Zw(S)z3$d&s70FiameTvmdo*c5=yrH7BZmDChfovU z=!^HX7>CcZ`rwqf<41pLxw|>sBkWvv;+~Jaiq$0DUPj6`J(4`rN$B>9tCBBgiPVtb zwi;O3I>%=E`QrmsmEbD*nuFY?1RF9+yePtZTC7>Sk8HPX1NFU)kp@K)rZ*SkY<6LJ zt3k=5P7Gtw63m>KlNu@_9==0K_0dX7{i@n%X%{b%ZcFP}CmY^CAlktynJTURqi|QH zE;q@zXDTNDD%ZJ^S@JR0_{0LLA9E9L(@Mv;34k_ypf*!uS6Ccje;}Imnabvp!w$i5 zH7Mx)iH{`uvGzJz21)Si{U0L9s?^OR3OVK0`PwT6+xN92vYDYth2=Qu2Go6+Y8tq) zN371jJ6a0$!Fd2cEER_7TcJ!w@Ob1tap4&bjwY`aU?7uwiSq zKw)xToJRn+Y*v2?quqtzT`^r>&YMSRM^&(Qn19fc&h~eYuzlT$XMS9AF7Zm~O#O;= z_K+=0cr}Xm%U6sjxBfG|-=f0%oiKdm8~t`@R}t9&P1$cp`g7h?Gm0!{pWbC`R(wy& z)7Z<6B*{9xNkO;5;+Wk_OF*)3pQy{-V49m;(kPPYzzDBKI4#97rl&B8K!hEOlV#7; z`nBK&3xF7zypU`QuMaVJ-;4PUiI3NnWY+?EbV(+1xTe=OQP-ka*7SDSuKL3vGe4&y z)QHTrLFUL6F-{WLIqIv_rRy*)q{gqJCUAy-YH8qrRc$?jrf%hcSOE|jrd}u~c*h>x zs#%w)aZLcWpoA5pnRt0(Y?oiCOo1Usl`_uVsIKx6>0a=&AA0Uc9`e0cp%o{GzD{_R z^7IS;E#fQ}BDd%ip%_`SS4r1=(jIZ=2}rxdD~nPVSWXZs<~ijngzAyLg9&VJAv5&n zDLX{prNluk&tjLT6(#@uZnRjeJQw~`8Y(8Y2IiTsyg7?_Od0 zQTJhk$f&@9#`xQry&)aZcpqnDR~0zaqoQScX-xYE)zlM;639e|@bK^!Tiw3lQMqmQ zKskh`=PEO+ySpZfS<_@gH6D-9#hWE4*z=Dq>oco=z7XIIohTaPAtg!vGQw?HyZGrX zEev)Vg>Z?W^ivVq)*Lp|^!OS{bNf`ET~~Pn&iR9@q_et5*+)%l1?l3StOsT8rdH-v z$ZeC$M8%CiTHzOO$u>Ln0+NumrY@OD-*!#zct6s47+D{8E-ve;%x7M`yPkWZ$U?E_ zdqaGPp_!jBN7zMx(*>{MtJgE(LNakAyM_62peJ5`n<(cIp=1uHu%T8qb_9Ym$3fPW z9>42o2{(=-c%8I11twE+0!G76X{rw_c!URiNqCXDGYljGwxirTI9>(@Qvqct$oD>- zfX$=IWo2EgYR`n{6M*zCA_jAx9NvWKipRTH&K=as7PJ~tuTZDnr}4Ze3e4OMd$3eOJ* zELuc>c*z1pFpFD>p8y0u8a|}row#wBc-zKd#lPnY zI9C|qH8|ymS|B3~cP!KJXx3&pE{eXgU#TXx1~NovBM3YbuRyCP8>W}O@ObS zXXvuvpxsdJw3@AobA5uG!BaoWJMrx6*ic@k*#)_r?6s5`8EZ2ELvF>nBa~br{y+U*0Z7yQ0l!=_&KGzb*%W4a1n86%Gq?jvm(4NMwGr1Hr{gqU#d6t ztJ?hNKF_q`C4ueAFHd0rDGx0umiU*S(XwjT$e4YF;$Sl);dVx=AC+1>aAA8|5}z#KI2{T+U) zEJ7w@JUAhzso#dP_}xE7c+W5l%y&T@9icz+>+&t6i`!DDZdm0}kbnEWxAyB$3~f5` zNg}WLU0#qVEX$#anCdU}(iyQnpO9`Ht%K%oHHBEoxJ$Q`LI}mhXj>iyxZVRkNP$jV zC{~`-=hjoL1Rk#VO_ul6@=sN`zjVfYr2$Cl1_9{|hE&B(B54mUUkOBjL7J{r#S%QlIb>GHIy0yCliKXA-85M~zWYm;i|M_%c=aYol5; zNAHi0hoHJV=wSI_V=Kzt9R@Ie1uuIA343>Y8b4?D;qUu{5>LnrXFrSo=Ed{5+SS+A zp!@qN`RF6%Ta+$;e?mvE>`*2Lxoz1f7w>gDfIJ`d9>ifIuqrNue|h8utJED0OrgXr z;gQ8%`d1T!B5WhgqI1e&#FkN83{Xu%xM|HUb{g^YFYqLJN2?%T#ww{N6`z42Cup6? zj_TpdnJH2nEQ6jGglRR=vQdH)W3WBal+Y%!lS`1Zg*TLuS4 zf*&0M-}EvV;HMdA1?TBOdDB}UgD*?iASaC5&>_)&)FsaE}NQ0Fcx5KAzeQcbz@zLT+{ zT3T9$H{o|)xJ(hX5kNQIr->g~iNGxAU-x??U_0-ef4QaDma|v7i46Mi@d%p<)Ti9Ml{3??;K>)P#j<*btqJeQ?kKuS?$wsPvsOc@yD{UlBl~jn zFZ&*DK~m^L#X@s6KR0HU-^O6JR!Mf5Zi(1F{yqJm@lEDWR)Y8*lrJ#{eEqEyM2abf z=SKUytAXyKj+QMJ&L2H3^{#GD&_-*RVDUIa# zY_ggLvt4u>r=`HXHcrmE6Xr*eK*lWA@c)f3Gk#3$S?u5$D-bub^4pu(;bn?gjDh4Zaq(KQIgLb`n6Ri|3~9N9PGhoUtj($U4OEdJmSugVNvV+Ss@FohgoVLR!X~5Gvf(qZ+^M*+EV3^@RsLm0XBYII3Z>4KEZ|U! z$8??6hp}@^!jZ!UL=7jhNb=EQ__bv3FjfzO);m7oAtYi>e+UjTaNv(qzJa2b2&UE9 z1p~}(pHrw^eAXw?Qf5*=%{?dEQ0RR0wMhDepfGq)0-5{py2>>>&Jk4NQcjx*{9XC* zXa#qMb1}e^o=Vw+MBx3XvzFeLP0=r{14(R#|b`4 z1y*O5(tU5k7#^RgVY{Kppl`KVQhGUZ2(dHxw&S}u>fPf3mw)~YXB>Ij`^nvjgz23P zq2|njI4IE};Nyd$EJZHYYG7Di`~H|c%NA;?%D?#Ks0S71Vbpin=YHkYE{#{J?&c#0 z)3CQrBUa2x?%~Qt{ANsUjd5j12Ar!};l+q*pAbn5(JKOew1~GQSsj=q%Zia2etS6P z4BL1=`OI+(Jzm-ON)$NHzYrFH*Ann{F;tRt?+35o0#<{ZmE z_STU*){@5yty=F8zBCfxx)J!fhH`I>pcNy?VpB3<@eAYDcu%zOw!# zNwcUan+D+8&Yi-^6or2SQOqKPY=rynD5f?zfuKGaT|N=!r}o;@8s5~W2stw9WT0Mj z+$HtU-MyJStes?NOCeFfyWa^lQiimz4TYSRd#AB68Rv5!Y-FCN)m5AebW;%2MC%A; zX+sqS9^uC}!}PGg;ultq^L`1Ez-B_IBx7T=jT8(2oRcsWs_QN2>M!2YKS+YqHg<_C zqk1P~vsX|$j=Ry^%s>O(6HEoNStG{3qh(GO^*cko9~RXH)sYgZCH{bL5y*%4IZ$y@?z7*|A@!uBCyxa9tJCl zAFIy&a=vsmQ|=P-r}<&wF_L9rwUQgd+4q>s;e(nw^90&eZ{D@}S?HdD|4B2Rd3tbe zzAp+dEXOjDw3T#*Qw0Trb~oBwtF^MDrpcw8bIE9#jMQDrR=q&;;oKklZ1?fc#pKE)frRH3E@S~!L znBWkWP~GbWp6HH9e`r7jXcL9Z20J1D1BP~f%yD)X0fEOW5ltYt0?tx3MA<60jz63D z`{3$GO9kII;Xy=pZX7nsq0L_^SZ`|iSHAR(xU9o>y!*G5W8uU&U*OIe@)kU2bm4!~ zL;1s_{_>-1y?Oq%*Tkx#n~iBOZ29 z9MkIr)s2k;Rq5n717qeAfU9ozu>nKvG)0>KkDST-Nc175^P8-VH|{zcy^c}$TL)nQ zXMQ<_Exj&Oj-pKnPEn4-A92u0*xpI&X;gX|LiXz!NywbhK?~J^8f0U_Y6i6yVt48; zVa){EP^h<`KTaENvo~8`dhSvUX+(Kt)Yez(Fqf5NiI(v|<`dDjSJmP6LlZE5Bx9%& zs(Nq0gEvXH8D9+~j*A3NC|<=%C59A(>ER8as^5W@Kl> zc>zRM)^J@50X-wfs&2a)BlP*GD^AZ2j^gfpzWc;LZc3tbev3a_zdlKZr+@3O=SPE| zyRrBJY^00PxAS}ATQ2wgS53v>IxFC|hp3HrY*&(7`aWe4;VEqu(2T}}2roKF+J*=ZnAQ<w3TB# z116=%CJ@x}o|lm*{=(E83}!6xP#2Xpa#*-kVQG!$!+QF|wgey#_(9R?iT@O(Z6o6g zG?F{|Up}+^m>)lFLRwrx*L}`4>b?&DI%8aJ^a?A$UCf9Ea}Y)YW$KT$a1A%=B<%EJ zI&QSg=*e3GvcB%H=1rM`UGHUcUNYDGP@!D9Eu_rv`s$y^PU_EY%#qKlHf&K4H{v4{ zSQqoKUstDC43vWcah+HhV9@MBm^K(~Boieg%1_YaGbZmbVwAH3vq}ccU!ps`#hj^) zE{sB>w7%WI%|UgkdjvbV^9@VM?d=$^$DVJ+I8D=^3Heus|A{7GQc`lC#@Z(tK?J)j z$?IP{)Nkq2B0Ve4TOH8VmYI{p6Ex z%J3mD02b?)HLrX?;2P3S4HG>9-uHY0Lc93tKF|N_>dOP6`oH(H%bsN4%N9b&ZV)OZ zveaN?A7oF+Hp;Fn$&xi&r5JnGEHN?mogwSk4UuIqli_=Z_wSF-Z~mTn-TOM{+;h(J zyqG;{%q<-rwaDt$Dbi&HRw|3nH{3`$}6p`u=$+sT%& zYsWoC-w`L{Ge$fQ?OaNHCjIvqwe;`G7Wp2xI^fMpmPioK}=u*ji;yT z{6DgHyhX|P{d*$JqkSpITM9})lP}j#G(XaSa~V#p;Dfj~N}uw%9XG~L;A>6&v(0Zz zlWrvCVcPLLS-GeWSSTS57je*M*KpdM%%`Ghy|Xu_teR;v7Nf_mYqB)2ZKfR0qAl*V z`WAOFo}HtDiVvs(#u(Y);#G*-m%(0tngFGEB!R(hCmMfxSx-)#tL{<`pwj8pzT?`j zNCNODN6Er2a{}&fTL+DR1fzM@Yza{z7SpD`=96e>9j^*rf>E}*=3$-Pd(R(H z3v@q&CCir*t!M-yZH+{|Zh74anV%5mm%p2%<8n(dwzA+tg3qgwVehI}Y8nsa1`Vg4 zqgjs>MRY@ECj5D1fP&*jyU~uX_z2&QC&5cxC0I+y`E(%~PS@_>t9btI{T!eKi5&O- z-80TpH#mmu>|L=)k17DFPbSY-b)IM@DsM8jVI2B0B&L;w<7{4^!sq5*lZ6P z`N;K(#Xfs(C7rz4DqPpiunj+x6FU8)9cmje*a3^F1OC1vy)VYK+jt+zxZ0GweJLFVqzpY zM9M)T>VAcLA!2ae9|DNnh945(~|D*#Y^kk2jn)A4wa zHZFnV(Nuk~?q__^bFTD7p?ecKJh2X4TkITeF{otzMwDMlYUBDtp<{Q`oF-ldJI{hX z>0|WY3y|P>+82NXl1O7^Be@&7%NYvBRz0hklmDeizqlS9>E~Q@kUn6X6WsrB_n(HQ zUgB3q2%r$74)p>~fkQpbY^c{48<3S9oRVf#3iwsdPCyNFR2*MztVvh15^f#GoY<3O zSs~g_DQik~yz$QMcNDAVr9c;R z>;1?!W+}5I_T@wCD*~dS#s$o-EzdpPDA9cBzglHk7TF|3AQcS?PR2?L~ z$g^WvqyXz=cwL3>^`xaMm0jvp1}z@Ljkzw zY5LQ*cm>pRukqD#%u-0E7wP5q5a}Cu>5lL}ZPG#~c=1a|>C9oLY89kqJg1Zcfs$== z3H^v*-YU;3=J+Q?{VnN>!EzV$0D>4%JZ5To#&EyN2U>D~fK8IcZ}y_5+EizC(BmsH?uiU`53 zE392x<#%_&bu!o_l10tn-Hj4Gd~;#~4OdkFjC0%T?%48O82KhmesX7Y>rg)VwPc4p zFO@x69VXB`&ij^n|=CstaK)<*B!;Ye3TIQ5yt(fk()Ch$%mq$VbmNPaFQ`-jS?x#o8Jg|b_#r}%bzC&ji zx&;D=%*UO+jms@09ys_f3#7!~1|+0$;TEk_-Sxz^oAe=m8L?D6A`9wKUUeg|@2tB4 zS5O8E4o!_Z~(9#jl>K{s5 zyJ>M$3H?Y=a$4}#5pyG^iq0bo9CMf~&GW6>Df>!z$G)eDJEl;3Ah-ei$!YrUjrmIL zIioPaZ`m$8H_X7N024R)1m_@Dz60tu2pMl*mQKbmx;mFyO8MqDa$SReJ8RA=G-@epYyL0!1Fn+{FB*aztkA4|_=T0QhM7;~ z-EkSgF-fpbak3} z8@}~f6Ef@{mB}3MWc@*HAp&0v2ltz^Il%pNNSM|yY;s;mI}H-2$CtPU^DQHjGQiW> zTVWQiy19ijPWvx1V?=_U*k~-l;P+L&L~wd11x3CwIwl?ngo>TD(rCd}e}R5h=X);! ziHY^RvUWe1b^M7yZ8PaQ#K6p=h+HS8(sriktvQ_On<+*2ZlY02)Jq}dt35ZFj50`D z7G83T$G*M~BX{*iSf}%ZH>JZS5@Fn#!|}HIZ@5xLlx=Jpd7$k)t)ou&u_#L4NrA6V zY%A<n?2Q>3*bWEh-WX1|UC&pllw#!qu)T5_JoJfVGjz&$1c*^>f1}`4a zDVaumHAv7#e-UuXLRCU5O8Oe;!N=6)xT`N}*4Vm#{5ngASV`RySC2#y?cE{QO4qmyD|nCh5e zNPvb0vD<3kBtllE@DXW&`<74%ni_qL#pB15h9Nd;uaqRKVgn;dX7%7gyr|lo`OPd% zIo;o6bImjoL2J{lD1QDT2jMFD-w$#EU?^+r#Kb*iTM3cdt}(3cMVLoLn53lwlt)?7 z>YLU5fT|N+LjJG(U5nP5o$dsg3=nWpK;?X99Zki)Z(k@!m#+zg%&E%Vkggoam$4Jf z^6|J3B|`Q(5F7VLoc2Y<6)1%SY#L|-DkO7A(7t-ysWr*pDb!b3SuH?BL=?MBrvi`4 zycuKQ`@LvDz3C}DM*uxw77GwAK(}Rlw%P0dZB|Y}KEH;a4Cm`IRQ~spb)=W3{b(Bf z3qr_+D2jkxHuo2NpME`l!u*ycO2;_>$HQ8LZ!E-MU1Z^I4{*gcXhdhNWx;V;Deiw) z&3fjpW$AT;M$I?x`N^VF7F3%lyQ?=4Bap$WXYamFuP8+U|KcZE;Uur0@{h}>#lTdJ zcWeU@z@ai5J!F-#cUp=|fPMO3%h1<)IDHk>y_c&-v!Wi8A=aTYlwK0W{G^tY_Jj@| zz;X20tmhJ0m|RNfj&8?vJC{-|;9Rny9yNrv0N?$^4{GBp!S*Vu=m zJ3r{1%(jEcgXX@kqR&3`HD6BiKIEv1^zHl)U8hb>Z2XbNi`#91+(0X2c2z4?I{v0N*_KX-+HMM|#sMot}7-Z?v=8 zJ9STg#=ezc*SD0oP9%ca2;+vPH_{D>v3?_gh|$Q=t69pQ``#>5He9vwx3Z7>akvnb zpHT9?&5^BaUxJ8DGM@Z^jMf^(+{NQR+2Tc$VxCl z5vbE}B({_@MQ)5C)Wij=fZ|}R+T3ELaAQ6S&@!cUHE}( zz-^IN3cki?q#9KZ=JGlgui_fe;E%N>2{0Zz)Ha~Nb3tIbNU&tp9I=4^wxoe*| zyFb%53s4Pe;hQN~(`-nSLLdfK#?jLl=r{*f+fCNFD+yIJX2e@v%Rdk3-}<+GC>Ba;+k7@H$_amcwdvMA zlbbNg>4O+Uz0hGl4`3SbsAkrk2l=rBsALi^OdSvA%+d!oqtfO>#zHMh4IX~Cg*wTMf8^jbC&if zfgmLFL@<^d5;zxgSLoB54qxB9MGfPPAQG-QDlJAb2PM6dnoEv=Fb)CVUtF0f%yHZg z;86gGMO$L^R0u-avb0Ay!-&}?{Qh}z(u%S<5>m)xG*{q>w>ssURwrC-`**0-$}YrS zI2UTH8;^J5p zk6{<|s`lmINIDGi{v$pk6??F-3ZnM(((f`6hzVe(mSwx|_-9%>4>m-Ibr;Qi#^M5! zEXB{{mv75>YsI(vO*%~+_;c6rO;gTE1?F2nU>r60GvpuY)vxxmRR$2k=TBMEDH0}I13TN|Eam7CL--}5DQ7M2)c7MVSX?q zpp6jH^iJ^;Rgo|Un*-0SJ>H+)Y$OBK8gBJ4j}t7U5Hx@~UpvVJAnM1%uouDdkBY5s zr}T;vi^vDI^PJ?pVB#%{5!XxPT8W$2ud*K576S)+DsY1~BYvu@CCXNc{N(81SQTAc znWf)6Hk#8T)BEmK9Ge}yzZ%Cg_tdW51P6YYirOi7YL0Vj4$vDza@Xh0ngiZGi=V9X zr}G63HpM|SdjHNuD$bJ=rz`=&iNis4JV?-pBL^*VU*pdbuhYkeug7)Et5MB3Dr>dN zU$2w6j#{bT@|~W1Fq5-v?O%5*u_{JFq^IY(N?Z`VP3Ec#)}{%FBXaa}qDTNJs?MJJ zR?d2If_`PMR%2(&PcRp`7bIr>H8BkqiWo&6Xjd>h$|refF3JgUt0+%(0)uERG}=Ef zAu4r+f@kwc5>!2i=aaysL6$@ra(_13aM@8U1M}P7>TFuIhx#npY84t=rp1{Uh#!@3 zGyZFpvN;XeZfiYsk3vK>%^&I*T%#X4bbx;xy-Y8eUoq3=xiUxPx?OxKe-Oa6=;I$e z8+EuC>>rXEwybnC>t+sEujR_3Nj;;>G8?d&8xjw)#s>#qVKC1|N7?z{F7EE*PYZS? xIy!Vm$HtsjYuI@2FVLN=TI~Rb@J)MWzrCQdZ{|8{H3NQcw literal 0 HcmV?d00001 diff --git "a/Install-Kubeadm-Calico/picture/\345\276\256\344\277\241\345\233\276\347\211\207_20220425120825.png" "b/Install-Kubeadm-Calico/picture/\345\276\256\344\277\241\345\233\276\347\211\207_20220425120825.png" new file mode 100644 index 0000000000000000000000000000000000000000..eec42fa41aeb460176e40379a77128b3d2746d38 GIT binary patch literal 162241 zcmeFZWmuGN_b#lGA}J`%fCvaE-6i%Fmw+L z@Q(WI=l|RLdEPJk^X52U7`WrQuWMavt@B*xn$NG*s zds(>H=)c%@_l}`o?z(EqOW!FOrrAQj!L*iAmAZ4MJn8|;3=94KzLUaR*E@F}y8ZsX zyJ!XQymRL^M^RQv+tYX_9m}5#HWh4g^n{a8(aFPuVDEpv2-_F#V|u9HV>nuB9ZCP5 zNf}~Eo@nMFWa6@wp1A#?utWrenDPrEmd0iH`{Uv%8TfzwPAu(9h9~(y|CGQB2K@U# zVnA>Q(Z5b2mi`nay&U@Qt8~d{9?1OrDl1v9FaCWX?xDsr)V~i5x_I_~dAlRE;EY?9 z`d5{6YpF-4gLA``|8v75hs=Xj)vSLEfm3=JmMZs;5gG?|L|63brVz@o` zyMHRk!WmN-WQS5%qb?CdWj2`}?i8iL9;=h4K%oIi}s%VfmKfU#do0Jol;EwmB2<7|y#eU;Ddc9i?N&Odba|`p z*7HbP-<^^k**_ge!(`jPLF<#QY&?_-ZJo9cMO?rut;ce1ar<;@BG=fAl=afLrFn`oEy8|5Ziu)dk>zoiq9#`TIyvaWs^a4+_Sfxyr}NA=^ooz-@8 zHN{=wlv-@s`Cp+%o`R(40k3t2pncR(XfQzg`46V=QghJQVo&})<8KXQMcO86w?_zN z0uY}V{aKM-t4;y`RyLIJT3+pqdM1$$S(|WsIr;$0WG>gtaHxoSkDh>C2R^G#W&M}u z!pf8JgrLxYx~&Ip$qRC-$&A!B*E@BD9(#Qqj}Vq8Yr>qx=O0yF?P}p|B)W8{d&o{8 zLc}S4jaAFwc>LRdzpgjR^kzF^Zaok6s0e8LcDlYr%=hG?`idc_Np$cSr!<;DCS-HT zml^b+38z2tMPUa~gHPsjW^^Fw4JAOk*%YD&lKFaz^*$z4H3%kQrK#5%U!4-B9|gE zv3Ai9AJ!#V<8_RDl?ptm^$M|RUwZ8>;d7><1mRHq8!9+{J9r7q<-BGR@P}s2i}vZ> zb=z8nsg=p69yXx|apNh_R?qIqJIK*C;g1L7buxfHgOU=oAzWdV!?=MccRhQ=y!dT; zvjuQV-0h>-^>K1|l8`d|d!4x|ErLPZd}KU`p4WNm$xz^xSFIqkX)j}gH;|S~$p!Mg zc)H#TazjTQ@oCj{dj~5*HGW!O5R%}5nJf1dK0T);PM9r&d*5)-6>Hi0;8%Mje6l#4 zxt-i_r1j=fxj&v&<{yvn4E0RU<2Gh>JKre`sZ^>?X3USa52{Tt+56_0zY( z&)^zoxYT=7rirm7;2B=BWSeB(xEBah%Iqi5AwG&az>wNL-1pneH{2|kEZ=t;A}w)^ ziv&$p;tT+8ZyLpFrljbc#NvwFVjT4{l?Z^X&Bd!7(GOx28PD+VI22>k6&YWSZ*IWYg&P}Jh zW{w69dKn|}(nER|TP{{qv%S+P zo8rGmhJSSwW%=TbDx08P9-Xw`?GW|@hJepr!>p(a<~r!##9@UHZU3{PWMGwb+Hu`v zlO&*6&RtHL}Cf5_EpV>3>;`s+W(!Dp+(0?n&R<%-xD`qUdZpX^(d{?k_CX z3~Sjo%14369Yp20{F8eE^4#t{K_#8c4@sJedp0E5|9X2gIx~su#dT~34p={P8%@8z zkTkk5ICzZkT;fl`v7OBv;X?R|1SL9P$lIb){ce!cz@irogs(NQJ`P+^KA6a|4$`{d zrjrzOT$)7Qfd%=Mr2_amp3slhCs}S^2=L`(S@B1X+f6s*eyLT+YktZ0z$Qz-0&s{IAP+a3K{; zxL^iuc2Tu@q0efB6B(0Bd!@86wEzstZ#U2DyDXL*XvT?h1Np4dy`TQpdOPLGRw%F+ z-M*Upom}y{Mm$?1baAX@ge#fLHZx7k$5`I&<4a6qC0M`wOEGZSO|htl9ikBPS1QRvjc42C?Tk6bsnC?^5)Ao)6RZKC8&?sW)tGq9-|3@RJE_%S z0l}F0fsoDY_tJ^V;kUNz&E?}8l9I;OiwjZbM(-j|_X2TBE+n=dXh$bd*VG?51OYI0 zhczl1=wF`=2D7`(e7awWVnJQ}n0$a(rg2!PR^NDG#O?|yiV;pUdxq>tptgaQ5qT00 z88>M{MvQ9SY;c;ei{nHks06bkjvn%-^iLuL(_w2W^8~I<;~Sg_Dz9kfq%P`Rc5~@C z8J-?+jR*$=mN2K|{^sHHzmw$$PnThQ@fvSioem4aQ+VW+raxpZfPR_X<;3UPT*msi zbg;82Zue1OO*LmJ`)>RDuIw4AMl5FwsN+6Ymq9@O>#7gtlspcX>==94vKLb3Hxu>8 zY*ZFiRF{-^I@$p%XA3@b;$kYs%bzhx3Z>?ZV@rL-`wXkT&}H?pA4RgR45kSkhuMk- zB0-2@@#JRDYWKj7_gYq>uES1EuZmV*4W?1o?$^~+=AD*|UZbx3j^-Tw6yRV+eiPy1 zhz*yuF3M?d1NYsycT@G_FojZy4W!Jv*S*>b7%f=Tpg)s)a_Z9LJj=$~iu zrrYt6blb^ZV>i(q!8mHNfzhQqih-T%m~8pRk+@?`@Lw9X-r6;&CiVUahh;Lbv3LRG z?y>4%=8)+5w!j9o&5KjFHX%*e??(gpJjd#Ico<=#Rmv(`GnYs}D=7nB^iXKrU=Y7* ziRJ)DRqwrk9E=xL8a6tIp$#!0-0SSw|LL*y>Ag^2AL5ioVDEa1bW!HvYUaPgu$lUv z;YKYaCvrl^Y>B9fZ(85}(3HT)GV(rnRQs~J!tw1A2`N7T?+3Dw?VhqZt}Y|z>|J6I zeVu7`?iCT8uq>{%KK<8@5fWU<1bUQESD@~FN#>D(X-D8jJA=^6qyX6KJTT*_C!%UQ zH%paaaVVd)5~$$31M?T7mr&a`Th)2SvlU;mAl*Pn!6aU^x-0NLT-$a`V_e{>U%#k; zKQj$>NXpnRndQAc>H5A5XKK69{IIf2_E2} zU7=mrtRO2cxVQS1TWfv9n(z?zwIj-s_>3O)(y4H!DJ)VB4ZWk=y2X6Rz`mr0>VHAC zb0|8!eL)-q&>qcrO8{4_B)5^#Z}u$;5ulp(A)<>5jiOm(J&2a7P1|ieADA6#G=x6J zMiF%4s)IsQC-gYroW{;ru07yiBtdmN!OO|3WO!V@g0eWzYxB-If&g(*1Jfn8=L|(S z8raCU4OVgPAfAQk(e$m+axEUe8IcGA^CPRVHs|7{h5@F_mj~|`>sx6=fy2P(#2sZX z8d}83Lup`5pb@E|T17!F?yH;Ya~2-^8y;58`WWC1ja1~aYM|JjgwuqG2|*fsYU|MA zIzp_YvCs<+rW&M%-HQT*PRDj)Z0m%qD-bQpG6SG(z7%2};h`}kpm2s(bgDk(D@`Mv z_Vkk@MdV_d@_Z>p!_qvFm7n*`ZijkbN(%NnE;NXiE$BeQ_ zlbZ?(GTw?}8-X@c_);c_YxM~>Z3|BEcZ6_bg3uOAs1tCWK7O zQULiPGm+0Kjves>xG+tGKZtzW;t=*lh}fQs&%69X#QNyxac?!^3o1D7LZ#D!PE&bq zeVX*oKpY~YY5SGI;Mi^v6Jq^}3(M}p4<3zi)|_=Uphvx{qle=~yEO2wxJ>2QG^Rpe z5Wl}Kr%~hEvGvkl`ZzLGt28p7cwzPp-Vv@n7wzKML>z9Uya;0HdpQ5i0oIa%UuOos zuW&ymJpJZR{PBX%-iOc`PXbE4m;22z7aKLjSFF^EoRctFZO|Kk#V(kC5pbP}7_ahD z2DXqS-(gD(c!4q%$J8yE{1%4ygqYB2KF_cISAV7G-tk~L{T*)1hY_|}9nv1tJe3hh zYNWX5Nw)XTmpdKhx*vY3-FP0I1f#GXTea$zF2xE=RR`65-1_cH&c~TMCSh~-ZWkQd z2HX7hCd-CpcN^QWILB774-Hu?CVO_bSzR|!rQUnjRmbG((*wHKV$5p~21r`-z;jUV zR!R~ac#iha#uRAzf?5mJQ!fMkL0c|&%+Y`kZ_>D0-1fpQWh)9SF-&OzraPC`i-DCU zqA%^eH?O;}Ss4NzK!sl}!vxz;v;Puf9>2lOqUMFvIt{leb~tq9gKyTrSS){PRfRR% z$=!C4DBqEzL4>c{l?d>x$-DcxUW>7O>qi!)#BaEKO?s~~$ZLFX(9o`MSJFiqPdk5~ z3{;@J`^IQ}F)*|N>K8dp18ATS9!_Q~8CshOGa8r=kjGmYopAZ`n9EZqUC4DWVXo+VZ$fcY)qGTekx+_FUL;yVYy-02tswcl!2M*J`-$vUkg%JCyY z@h^hf`^{-!#U6|Ue?99n=kNH@8}i=eVDr1~#bpzfHlb?p?Q#~Z!gZfvOW3o>+m1d` zdC>*vM&U`(WT9dXSbQeZ5%22L*+>kAUSC5t9$bagk~A1s@ADe6SD%5dg5NrBqjFLR zkFWwT55fL`BK)VmZI#%tl_d}kS$5cJ=q6?iOfm#W!X>N~!{$wA z%ZDiHP=7h*U+)ozkpe&%zPt#~Oi;ee5Mm*yBr}7;i@8MI)?}ogfT-9CS5M-+ret; zFK^91tmY>)a%r*&c#3kPyt54BCKIMw+N>aTqDcUGM)GYd0g_8 z@`27+oyg`9Q#Sr(JIKU=p3b0hzba4lJbA8R`KLdV&VA<0s16js;JMh9BVHt#IBYIlq4{*Xb_4 zKDFC;bh4G9S*l8eXc8`=ZTP+noh!4i#U7YKn6B5uzLqx-86wm`^6zz}J>B{D$4tzz zuCM%l69@m@MiOB}L4ds1fjt*nu90R<*ALi2@^Ph40_2It0(8}LI})k~h~>1mB|Ovc z(OC!@eSA0a7@b6ba3v|EcF-{X7lrEnEo$a9w^z_Xpj-H_GT<~g-BA)7BN7Xnp~DV? zC;@2T-t0CX5TLjZzm`7{S!37LEiLsUK=LAky!2t5GSdZ%oy?oa8UXb$Z%BFROjD)z zmIb?pYUtIzh-sBE(N5(n$lYyPto<~r^vmAhFkN6{Crtf2oKP%hbm0M1d~+(8elEwh zdi08Ln%1ZbT<`QY6ch>}lC9rKtlpDQfQoq)WPwPe?-3n`{|6|q@>n|zykI}WzCyfY zBF>UEt13xTJz}jE#R~^79|qb+ojR+U=FX9q=uY;~u8mD1Tu#>BF0{z(n`xrq z)pWK0xz0cd#@Y^2S+l~5x0$@+QDN?RRwNsI1fha^2-pzL`)@wu1i=4RoJ-~FJIujg zJu|iwZ~)Mheac>k6Tr94K$f4hYFC%)Hn^m<@!a|I1LH^Fn;U~OI*Gk6_XC?cuGY$` zUrbf*-|8d*AD7O4g@vuQ-6&1lEg!sg79~UxjF5ZgPm~>5V1D_aDzYsMHfax0eeBG^ zX;jaFW_y9qIQ?1s{xwo=AQvEHDg7!c+E&o9v7{X_oP6y&VZSgWqC2Ux)_$;k4iKC8 z`lIwA*lBV2+FP-I!p3rUDJJ7%0+oUWLZYo6)@#gV=sJ|)s$cNt!A$*r^r}$NE-y?LiODBMdyyXoh3k`QtU?#eTH& z_K}Q5&+P6!JO*7}v^)OGCfPgO?RF@avwfQbYPxL2CB<*43V1>tL zMu62eS99*|O$O>_?fY}Ray6wXe`|a($cOiLw$Z$>Etf+Yqo?eo{escRcgB5wH?%`d zUH?s?!b~Nt5Vz!9$JQ_OnY^3{i)`yH;S#4GT|Cpg9)nH27yGAO?|-rS0^}tJVmgGJ zYaec_y0v`1%jdeR)aUR5P447sK)ybgib7zSiL>F@f zUrm}^RH=v9-suroe!8P7dKxEsz9%~EO@coSLK9ooSW7>WjGLWP*~@sl?z-9XbdXS8 z5Z+Z-JNV4IU41AacY05+7C!1cTYMkU(V6449#Ua7pcW3 zW2UU=S^ayE$8PGgNA~%{dUnK-t9Msvc`O_0< z-z!~cVzT^DJ8I7`W;$zsK(RpB*$EH@z6lg3FI}8qXlTM&mXDgQ7?^hWU7$(ZlGvA? zaO{$OgdYtzx+3iR_y_^?JQ68x=<8;m2Kt!yVuUc&;>gN*6Z<6=EoMs<$4rakL@K4y z1p=S>d?F^+^CqG#rIR~b1?eV%=v%oy`D(#m#En&_AnN5?7*O=4M~)PG^ZGb+uPI^( zI@C{d)7LiAeO%UORc+?Wqt-aC#juI@$kUE*vT}QuSFP7F$1!?$#;-3942F<`Q>V%o z?bR|VAbGX1Vm5}`(^j#wgv_f0WLl~zsKFa06G z87YqRsChrBi@QH@?5?LWCS@>@vS5biW`NDeVDoOCQ~!$LyC11;y^$%l1{6nk+Rc{x zPrW0705(40`?o*vZGj=-Z2jwXD?KRdj=kB=WBwb zzHUfzP1IM@4PQkcj!&-2kCTABvZja*W0iv5=W}VpEsMID>a++ zNp&I2c479TsyKd(Ltjqk@)fkGjY5k;B!U2{4=UaZ>nnQ0Op z%QDF(W1Y@2(c7aQN#2w6t-YO%9fn$K``f3fV;*QTUnC}# zj~eHpab0+`u-=iwUIM%u2{XE=_gQk@(F*}CZ)s<{FdCH@wMOSc3%9p_1c87%qAOUO ztm^ct=xMA>pApR6vq?TxfyfxrV}|z-?{kohDN(~0KnDMRbBEgz)vmqBeM#29hQ5{| zn(+D_;1`ilGAT{vzR6VixKxw7jj$#(GiV!T_5C&`@}af^#!vvgdN{6R|seHjN}mjcvk_k*NsO-ih1pyUhBIJkGx_ zZ-)HcM0kpre1YKZg*2F(%(ENYK4+;{(Pi^u3nGi-Ba#%c=Y;z+{DSAqt$)gf6`h=q zX^cbze5m&E;y5vPdtSp2=06@_nqj?DP3WPu7>=EExou~hzO=$4VvXvE;#D;lbXZ6v zA+_E@3fz0p1yDI`ECODSm^7_eW88(G0O=&bnaJv?W|!TNL8At_$Hj)F3vG!d3(va? z`6p5IoD0~I?(3<<=qeuk%YOp4iUV_eX*^jx&%yZy*AdH$>w_O*3-R-Lvq^qu5cl(P z$FMzB<}$9G<*X&Qn`Rs$lZQI^Nq)D>jJi~~`F1rPIFGdAmQri?KX7g67Ta!gmJzwl zNJ|WYO>18?`s@dIN42GP*;&J~@1E2Zi@kj6#X!rhzWL1}@<+>1W5*80Li*?=;leht zIqtjOO;*>n?Fa)7=WcOHbZW7KppuzpqcPt%BYo;P)6hWVsbtBnVT8s5$k|_$8)?no z56o)-lI8*4-@oT2jt}73v{T<-lxI;Fz4!WxMfFdL@!RA7AH=!rGK^Mxp8F`aF}Y3x z%5}^QvJp)ky%QaoOf*04R&4#EHgEZUT*+IakAaPOQ6{DaSK#nuu~x!L!n6C%1LCyf zxJT;x0e8;=K~HXR^Nq5VWGF>JEs?{PiNe!vY8l5L541W+=4aeoE3>xrLO`aeXyh=E z|J^l5yLdyh-pq$q;1)Q2$A)Sd=Nmy+%7)P;&SsPOk`E!>Xo`(%gzZ1(6D=Py4zLN&yo=5Gbex#?*aRyv zD;3aCztDX98Y^qsY^;mys{I6bb=RsH)_TivUIa4p+jJ+VPivHt*cbQAUKlgoeEc3J ziA1Alnq#})vE=_OVRiwUiZ=sxuj4}A!tKwjcl(yEc$+>L#i_jlY z1pak}--XP-dZ~R9M&_mnw9U4=4Gdq8)d5Ym7CqA35WH_1&MEW!aDJAhbE^+5O)Xl^ zmes17)B@P;MTlaY#~rHCCpXSX|S%O^19e6G5b=icnO}BP!Mm_i&?>#^M zFNIk2xx&}`l8LlJZqoWd8aq->`dpQSyE1wGUzd3;4nC0&4R#*UfqImtjk9v(mz;Sl zFW=Pz;n4Z!^Ox@X;!nh{A|MV^6~@=Ffi^QV&6(R8KUIi-)h5tUKf)16BQwYnoFWJZzI?%2KxHhyAX&V51(R7VNigsNRTZS#u=J)fS_cnmO60?W)g2 z^~ZZ|%IRvnbS`@fg&l=Lg#>9EqN0Dq!4W{OINN_I0RHe-e?)0VbY2F_u%g?8L&vd- zW7Dm9*D8F9ZDLNY;8RK=MG<#u4%!AnpC1kQ31>zjicu}*7Q?873g_dIqhqMd5h913 zYJy_RxY1qNeNTiQA+QtOr$w#=p<^tv4{1r8V#i0g?@1UktD8JU2<}assHY2a`bmIt zw`9J~)ZXUXEmjyj=6K5v!cmJpOON5a-80XxLh#9kM5Zw->)OTdik|fyl3Ev|MDOt~ zHGp)_c0`{T)b1uQ4G8v@X^gvx%3pHsVI0$}#H}_753llViN60*wZ|hnY|`{@UD(uE z^1oR&6KdxtNMW0Aclo3&`Q~FpdfjUQhZ)8>54w2TGNaJ6kXEApQu5ONN^3u1EjNER z)kS=dy+z11PLyaZuT9f1VSi?4-rA3>rL^x&RBOvS^~!W(2LpuL&PHXCci%VK3vPsj*O7KeRB8?#TcG@)Z(m4w3R9=tNQ_z5^UjGOW>o{WWAai+u_#f0vMaex z(#u(5TS9<1V`|M_f>+qoKs@DuMc2=Ix^d6yp+t>U_`t~wyXDrG7Zt7}B=w%i5bst0 zt8+l#O(2WqP>2zabvqTMq)kjHpRskNB`W?EkIy32+j6VMoyxIBXG94QKho80{PGIk zEDyXLw5nb=rog&A3F0S#39UJ0H(M>%vpxFosb(1&4fkr{~${LWoX>@I#Tf@ z%g_fYUO9AP-Rq5xsYE}DL#6hpX97V@A`ul~fO%q(VWsK~5=Js$HF87B9$2WY zo(qEyCCLaOCS0pjlB>1F<4}lGG{*Sf6eE8;r<|B4=`s#N9If;5CQ74UxD1D6X8kI^ zH}c4HeK29!e4{`A@PWme(1?KVpxBnATSHHIfF6%Umx{3GMf}Fym7Xt?a~A&9zHP)X z5yqb3^Q2*fU2m`Om?PIa!nZaA>C6ux4zHJSt^y7MufHijnhFp)&b?}{VU`$4x_`Vr zynsV>a=F+X%H#g6+Lz+qTlMj4d|Li#bE-0pRq_vXgI+-d&d_NG5Ujr%QOmdAgSt2H zzsp|!K7aXTCwi+==UbQexM^s-<5xW4WuQQBw__^jov8*(w>$hEpX=42|bB zu`=>%y=ZY?rcD<66erwovaJ{QQp|P{Z)+YDfiK?_&#;;IjKsL7hc?ulW)O_o_k?G#+fF&eWq1JM1K*@< z=>0;vp6y`G*rpe%8n_R9>_%iSeN`;6Ul_NY1b;o*6uk*{waG>MsMsynL`41hKJeQ= zY7u`{%PZ<7#T~S2Yf!{b%!^G%ZX}xSnz_HX{8%T+KkrL zQ{rwH+4E@TEyvY564t_rE2Uey5FI#dziYGHL|?pKSfdX==svz5sH?G%yRbfwROZY< z+<%_;pJSz1{-qj}0Sb*&E{qIZXkZn;^_gE|;<4PoOBQimR~G255PmQ$B?v*J&LhrxY)=tT`w7Vroo;&ic+sDYZ>L7WF~$~7s%pD z3#l%3j)QEE9txTGN%$}iym5%j%-Z<=i8LByMr(c{KAhsd#s9`?#ALnBII$V;znKZz zq;F0y+AAb)eVH*rRTK9>EOoM!pB~DcByj9zg(Et;1^$sFQWs`1NN z)_p;&4=h&`7luK%89g(};vNa%l#=R~M9^_f1GX%~dgZ zl3KeLW5Qt=E9$XtOT)nE`|_gwP^|ha_(wB`Nec%$JVhtFzR|n#7FKN?q?t!wPs)BiGc@QtbHS4 zt7($QP8Swr)V%E0zD+E=2Z%TW&D3Az+sz^0>6h}`UN2m!^=82$%_fVjJFzzK3=ydyqZ6jnPjU8=hbb93eqaHeW-k;?af zxjZvEY1!O%M+K~PoB)j&! zGx_)(u+~3HkAIRpG`M;F%OonJJZ?j&^sbg6w=cZ}<~$Tu7VxRu8F81O1~npiiw>Y3 zmX|xgDHI$bbas4p^-*eKrUsE;EeU(Q2`ODfhoGtEvf~PkmN^Gnk3?^W!x#_evkDBd|lH_}K!N{ATfH0H_PF0LtC}#zo2+5eS19!4D;pD+0hpy5EabVBY}{>&YlsSin2 z@5NR0t7#dE=c1x(Xyp_e)v|JA;M`;72)(Td`!u&L3FC&dB>Dv(wfMbe7NwEJxNO~} zzOlw7vMpZIloMJmoy)i5;K1Ag|8`!BQR1H}lzbCrG9g2;44u|}qsx_+n+iW^C>?4w zTrImc>!;kH{OK%==>m8HJ#j;R?Q&7Tq$^+bxfHh{i82#di`g4vxg_7WNE+_B{@U>( za|(P{y789?3bX5C^F2vixM>QIBUdToMytpbBee+r-KX^P*pP^ak?8_VF|TAbTL!{C z)^hyb#yTA#Kr5$&aA(Z6oLe57Zy;1PAdKl?+U{S;u|4(vGbPf!h_C;vqiIci1+a{> zC_#;uk?z#9D;)B?$ZtDn-AG(jlAjAD;F%!bH9dMZ)>Y9n zymYocGJQNZD01_5IxyM1HW!Ub>SsoBEIHF%4RJ!(dktR6MM4XvqyBmkW1N3@ky|`T zYQg<@L#zVDtuMRUZqM{9UX_)<%hBH^d!o9$qMGeiZ#CAW1F%_e@Sn(Ekivub-E_No2sdF_<_v$w8qDsvAiY%crx7KX;X7b|-->twb15?TwwY4~+Y(KX!P z?IBHs|DZ%}9)krOAZf@#K80a$Z3!tp^_D0@M5_G8@ zNhiu=j?Twcm=Fdw6XiLfOOc?p7kcVP27akxrT`?K@P?$xQkd0l?aLn_Q^G~ejB;u} z5U>7%v(mtS&>1g-G6rYZ6^evd*W%PA64WKG4JB?-%1D%-N#CuhiSG*&FtXSeIazx& ziQYlFOF{9Dt=AeY1SI;>LHLXeEkx`Ltwb!6A(79`I$lAXmdzD@9&j^BXV*Ps(wF}H zP&`I90xJ8iN6l=PvAXL^s{RU-0_P#AWo*!AUd0uQ87BJ%-?64wf|R@tAu6fmuXEK* zo}tH@0Bx36%3?OkQ8=89Wj4}ylyS6H%0bF9lt9Wd+>7oD%Dguc5XfTDmGrja-Q;6L z(#_Orlh1iTIGw1xfWzX8^LX|M!}m-QImmPm^uomV zu-Nx--Q#F-nqeK`*aC5Ext40V=7{$te^O?O*4Qb13}rb1Rd zYL=yxRQ5xg9*sIEE z|33b>Z{tOyW$%F^dOHc*jMwDRNchgrj_gle5{La_IGLE#87#9y%BeE??6JkZ(6ubp z-@C`p-!oE1;>dxX9x)?7A8#}w#XTfg{C;qJIAOros9Mju^hYdo6e+d3KtXku%k7wp zPMW41e=<{6CdN^e$2QZW+K%CsBQ2gBDBr^f-%O~a`!ZY}azOed8!e9fMY>i0(>w@@ zHYwjOy@wK-G@mJiOJu_zs*496kw1Sy4sOmzin?unB4d4{7MnBpG&n2~;!U96-`37( z+1(F38bF$?PZiHqI4<2y=Cux}+W#qYw86=6|6xu7ZVahXlrhF>QuJ_l7-T&UA6ev9 zp$PT0%r*)&=CK`qH&Y4spKtO~M(2`j1~q%Jidq{=5C@s!Yq!L2OxsF_u|UgJv`|km zXwMu2TQz!cWh7(&#U7c6qVpu40*JDbc+qv*uPSg9_# zj`zIM4=Nox1^S|Mirl+3f568_*0nxKWcV#_ADwnX2!Fr}OJ&~ca)#!OL>(F7ev&YI zx^`~1eg&X0mLT^1wZ2O1`%UrZ!H>yG7Q-ODhYaZX{6*&b_|H4?JYEN3OdZk z+s}C@4NTEm^n?pqryph9ys=`k= zCR$-v&n6O_@!7k1kRR*fN~eP;G5OfP)$jULH(AK}n?+yjtBw!?b^z!k=45+P8B)JQ z`r9n;FE(i{TmS5neD5G|c|r=G`90^01n=ui>YSu1tVc>Bkd@XW4GoHBGq%AQrv^-* z4W5T+!sX=&@}%-sJnDFr4Ag>R3mO>5F_u^g!95l0A(G92H2KnBeihYyejmVH^F`v| z=rb9Ai)`d}_%$hGxolLzM8(rsdJU?+^xC9BlQLO4aq#oskfzAE(%41+_+7Uu)8WHh z21iei{uYHroXt*$#z0B)~Wlpygd2yun-1W>QmJw~DJa!)up7}LhOc? zwp=Q`gGIhjO%+JUK#x7x_0{ig?xkPpcxYvotxny0PD=Fqqmq|dv=ON9T6z62fZy{B z&{=ZVClVR9H$~4Xt%fu?zkYia){pM4(>`f$$jx*N3am!d;C-Zlg{NyuAWwMF_G+E$ z17R%V6$7<|Y_1-iIAgj`l^96|K>#wZ;$IKzq0N`C*A>$Z;escjv7(gy?2yT&3KJb< zo>VJnkSd*}1?Si|mQ=W`e?YE7j$JMX-)>2o*74cR%hlM;WVWZ48aHyp}s?NteU8>8YqY>Ny5Be)XB7J-K885dZU2 z?;?xDoM=7g@%Q@oA6mxCDpo3vkqI-s+V+j*QANuHTB|Jw^_9fI*hHrp2N>o1Z2=hG z%?y|!56IPSjx%mIt9+41JYGi@!l28O2a7M=8PO)IZ~#Zo{BMgskW|KaV|PdS~IL zqn!VQSdN2tVaima2+949#lstCz2bRZf@W zgLF_dI`p=B6UjzU>0F*{Wzm@(e03qe#lMKK>^YdD_~T^B|CR;-9nI~La@Xjo%GN1- z6U(NggRUW%M3k@{wsU&4H43R=&zE#S)gBF^#VBWXo@2bCW%4xTeaf3#? zZ6}gG^H}XXrIa))2&a{NB^Q&x|U@JF|%uur_0gwMZkX6YS*J8 zoK|qA+|l++lS&$&5h0D(^AYHE4&t3CuGAF~P3#Ruh|-D$<;{t z?@wUYtaq_&-rJm-taCQ62VXaoIFh>&uX(k9#Hw&!l@suX>pny}rRskANu zI!m_i%&jG)AYfCPG;_lG zkj?>|Z|YSPidDASgF>v96Pur1*8BO9b6dc7P3pg#U3V@NX^pQ>l1kYZxt?6N%xJyyh?@G})-vTRtgO81MT&Pvu6D2^L2@SGI0ylnZM0>uFR7b(mz zTF!_r1^e)gMm`5Ef%bd;! zc#IV26jo(M^@ub{sB}^zWH8Yh-g@`z032MZ(}PW}t1b~VfuG2?6{ei#`JF#^gxmyV zTYNP?4sYC-M)VpHssngk$XAfE30wl|fY43S5y}A=Nt3X?3Z{cviBZP8E;WXjES8uw zFC~TPJ&cLCjlQ_Nl%+Y3z5du7_8hf^jaUI0c^i zrV|RMPv^g0kw>=E3>3EUm~YIZ8~IHLYz!|>WASPDG{-ClIk$Mp6T_##qoM2LmV)mlqWv z9O=eB;cNU3^Fq4MpZb@Wz=zZ0hEfFws%*xy<)i2{E3H%`2*_UO^C8h0c(Ltmy6@F) zEgRu_Z;TA&d}l_>9IM!*)mSZEgz0>LY1+ZF?mRlT594T~PL0zWeie1Bp~$1wHoWV?}@;6qC3zy+8bNj<6GR7>g1b-(+JBS7C*w7F5f3B913*1(dhlx}T~w@kJ&{4F71Pk*P`D zGa3;G(O=fVj-4@`YJj_6B1?=Ebq)f!9lLt3;vjSmCHW zp^Z+N-es)Q0i-gIW4jWoL3yTj{=D9An1|*I$3Qy^9px!#BWE6Kqa6t4G0R=8h1pcSdY z^V`IBU+MZx-bJAjp@-pvx+n(@PV?dNp?eI8BI(5SXKU=)`9DmIUZba9b-%dlGbvi6 z@0j@!>p=n6M76DM^Yq3@M(MY)a&y>8i>z@u=hbNi_3uz~59d#qR-j*AbgCBoaE&2L zfoTDi05!Pn{M0~yuD}bM@!SN=`w!m>(s~-wzZrm-fLVWJ$wSaJ&i83hZu6erT-8*I zr54bvkh~y`r(sfw(EBEj%~7e^(9Pqmyo>@toFF0!E-w_K)VjiZh*|MeOXCr^1-0D> z!4RhY0hf2%clrN#dh4jFp6`EH0V(N_?(TaD2?^;`8U&=fq#Hpxq@+ubkWd<=yGy#e zyYrGh!~6UDJpZ|tYq8EfXJ*gdubR#ahcIE{VWf_#HYRnOxVVP5$ zJ)s{7rG%8nSYsKrG^|tAWApmyK$8Ea#T=Qd@qMep>)Pj%QdD@_Zh^{_nL8#z zE8Kc8%{e7pKJ`M9PO*(y<&T;C?z~;?z2|8Kc{BsL(BnILg;Y8h;;JOEE-ShELAp%_ z7WCYJi}3gYI@LV35tmhEm#qViu_6y?Cat_YwbDtI@Pr~N%W;CTv$S_O48tYkfwElk z_Yy?K>wQ0R0=mMIG>p3Bi+f%U(_h|~55Y@7oIRYn9-tW_Q#S!Hcf&hJX4QN2`v}mstAif`U)`+`OgcSRg`TvJ__Rppl>>pn zpq;|sCb-JsfEvOhu7w88QayES6gaxE+)?(RT03kDVw&)-FkI;ua-rf_ z5QcZDx$|u_hc3wvBwRN^*iQ)^rvFDUKXxv)R`G(iCV z{XvL4kxeI$9P1?cEe+YC-3YRD4j~-oTG0<>G!E2={-EH~0_7Z&zo|TP_(->+gB4Q`ngUuZBzHzu>zkBWz!0ibN@UJCI1PG zXH=C={d2&a)2)!0Bdz$WW`u))y{}7NQ@01UojF`o#XgWD-O_jSlE8E?qHe6&nBwxP zFFhwd?@l!jCzf6ux_@k>QmQOHTW;N=*8|GvK*4C-p8>5{ygFKs)W%q97jl+N{^DhR zT8A?mW^Ka__K;`sdeL02-tPYdj~`z=M>a~{y$ym1@7)-G7wNonaDSATI{(V<4DhIY zBN8}E7f=2?k zTglytRSyR4U!M;yL!Op_c;J74sZj^_tI;okvrVKChILTxlF=VL?HFtOt?>C^j@m1a z6Y=%wi)V`a{SvLw4K(k$+3)KdH`PLkguQE7wJIcxb6c&E+MGu55trz%9uOx+l!AGY zBrl^YyDvm3%^UI+3qqOSCm-oDKXp-W zf~^#H4(1XLf=YD3aGD1B-YFk1+T=~@uc!eg@CH;yEbrL-AsVK!t+)uSul)-i@@mdE zhu6!dQ|Uir-}p-6dvltwQPrKP#~A(mC4cPGVY*+PIoW|!?gNf9hTl`465i{E$gSeI zm>$4pJr!ybr%RS&t^Ul(#k~?TJ-SzS+}L5Nv$A#CJyV};+Wr!e$tT{gUc_;Osu4fP zFDIXhCP^zF#W_~<&m!_4{I^vA+o)8TxPV&rT=pA%<`#ib0`?bsL6kU?sr3$rHFt*v zKA-du!qA7DC6Tc2x-Dz_Sl4{Me9_(KNZZ%a?vM9`dd5sdrwn49GgHkk<^TERTzIY$ z6Q9)Rw_~;nxQg?Ng$8^W9`qtPu)OO5#{3Aek$2merr&q2JqIihl3c=A5?!ls0*(@>_F%avj7ZSEY@hFt z67#o)UHnENs>}j{9=AWdl00wuf|+RsCg7$%)Y z8AJsl1KKdi@-=)O6M+ItW^(Uuk%y2e ztRSqyXj7oh{j_2WzwL(`kg*LUl}>wKA8>uF*kEL{tzFk#0{~*W{|z z(Z>oYn##tN7jWAxzDq3qz_8D269;50eNA4NMNSvd7`Dw0=dZySlgGztsBq z-_`brs!ti3ZlCMHOcwdu#d?=G0K~~p6>0J4O%mvPXAM)-L#chRJF~4Of60O)*t9!> z=yqZ4Mv_2AaQJE)E!gAe{P~&rnH+#Z5H$a*{HIz6k+08dEO)XTLZs-4Z(8opz8);M z=mQwx#}cA(Pt+tky#-(U?`M%R?t`tAJFNjo=L3msETA5!8zT8x*VxYI(J(yR?w9V# z8WMlILZm1LHEi@g`}HMuFW)~_K$q%ruTbqz zip_GJVuM*$!&IHVPeSFkk2=Tq!#CFhMRhE>y7{6iAU&ooT zc@4m1&rQb@7adndQ20Mz`QJM}W~YlB@4OCva65V}F=ozwwBu;D$-Aleg8Ls7txs}Oy{yKk9J$9 z>tU_U*GsRQ^i#JHf|t#jwSt+Vu*ro9-=UF<>_~;Rj-TXq@V7Q)@H?4({&adzFQ2I3 zD;{60njh6&pUP<(-c9QtvH%)qby`VY&Poo#E88Jer8oLub3ajTAX1R_g8{K#_W?TR zzb{9$7KB6T{HpcNyVUqB8WSIQLpl79ltRk`R(e7!0|?*jWKR|-(;Nl|fxpVoVT_cG zG3K9aWEAlOJKQ^2>X&7FeVXq%aq`Ty?bSc+Rr5(H*;MM5PWh8K$`Zw13W!aE_yr2S zK!t7Z)wW+cm7atH*v&?_x!z0}(c%|=Ns1Vn)9lVkaw*kca^Gtzfz85d$w@i%9@-aE zmkY=>t$sBNR{USpN-Vm~<#_CRnvNUA%(IS~i8da;_K-E}&Zc9i=}6?(Up1M|4Vs>v ztQt2VVv-A19NZL`@>K(Yp!W3O=%qCfoQ!1+K$vt2gEp$hdQ)2J6I^+u>!*ZKUlr5P z6@S(!m{Vcaux8q1=1G8)w36wz`AOH5AR-Of$xc01(|9CXQxuj>oWssxlyx+pF3r{Y z=-_*>79Do8esp6DCmd2e#06)*-nf3>v5va^#xlHd?3zu;$Df8z*lBnUy~lze)PN7u zUHCM8&7;f7Yo+x$zT4;~Hn|s}0~)#b$xH|2GSn}qWt5FeK9O~gDFmiXctt)eA{ce= zBz)+>?Gc>vUumxSFM*O)#=wp;1u@Q2u#Pu-1SZyj0kvPz3gEa1J@gAEYo1F}F2^E$ z)s9iGCpv;c^14Xk>#KJ`WbV&^k-C=4s1q4IJ%Ufjf>nI5?NKkN4}MU{&g|x{TZrT8 zzUe(otIjHbRyIQsuv_L|_t!zPhg88%z>)4Zy@=hM41lq%H8bAs6zIxU$Qb4C#0@$h z%BATynU0vE=2(iJ$R^bV<_@ca@<#Le#I7scE~+)i4S+k@L!er3z7{4ClYOr;*8&75W|EJPKF zQ}@(Z+z2fAUncGtGRN;2YG`FsIs`uHEMx`}o-Hn(Bdsaoq``1|1X{}JYy!8}hB32f z`meL73wjf2J@j_x|8?N{=!Mkv{QYd3p?t^hh%_+Tg{#X?bug46q!VQ5er_ls)QK04 zO%p6n*u7&C3JrwmG8&IW+U!pi*Ru&C{SEb$!JTdw)Tb9oZa?tgk$NI!S^lri5?d@J zBgQPg>E`xU$mt~{E`e!Bf8gnfB8zj`pV}=OCd5WQ6&m3i`2MCQS1v&=mR6S9VZB>@ zAQ_qy75qXO$xj~}7oja~6#u0z{|H||t?|{q{>!6eWB1RRrRcGITIBeQklb3=Q%8*X zl6FOe?XttGT489c#X@TGP_1yNB`yb*(Ji0Q=UB7JtYMxE#b1H|%oUdXnIViZinPQ9 z*kC0nopCiMGpt}H?su%ofU4FDiuJ`DIK?*Y*nB11KAqYU(@R?YZ?~~6j75Hrx<5XM zGim-T=C-`p@JkksHn(mO@31@$_5uCy^f>u9r9OZ_WiKxatiJBr-iO_hh3;`Du+hLx~|oqByJJDCs;Z-SAk#_KcS+Ic~jZt~W1U~08w>l&y@G&0rMy~lwyd}Oh1Hs;^LXIm7jVNt11$qTqZ z)!u!@I4W};*YW|rPqV5SRr~}?%*S!7wD3k;SRKt@TB#&FmdV_s4;k7kz)qU!`l2$5 zASd9bf~JyCIt0yoOs$Sqwm%(==dQBJ+`lm_?WCT4B@-#mm?m^kk*WI7cj--{_(Mi{ zU2brO>CbP?OdlG(+UVzxc_-&r$>&yR!=X)R4w)fNQOdAErAuT%-9J|9==T_QR0tVT zvq79_y8SCqwL%rT-O1lcgWun13I$WLXX&Ielwq!mnhe83RG;W>j{no*()_pC#PXmB z;xsQ7%K+g~uq5!t?P%giO*Q}hRu`W;prSoy&cd==nG}ZxW}h|0 zl0lt_O@Co6KP2WttGQaAI2pGfxhJ2Ijm~P#=<$^&wy}#uws|d*PCtx3mO`VV5RY+I z0X5O;sBDZa7purdp6O$Eg=1oZEuEynrh#p4fvIHwn<9&wYO5{-{B(`-@9Q<=gO1a$ zH??(kTeY<;YpSn;ELoUL4i*2-`L>PqDsnLyY@&eA`%Qo2O{NPPUsPik@m~2Vp%Z=~ z1Ann`clkQ$%14vRA=&DC9@^h7J{4QV^jc?Xe};7N`_g~Mf}wZ!2I#dLU7`kL>x)b` z@>zcto$INnm@`uq7F&N4_^b@(wj@9X$d@KPWOOg%`7EJt2^w2vkfiIVF3oI{1cag< ziy?fFzCkJ#cV@92%?|3uY>&Cv9s4+@^95NqJ1S1AV zf`GWvn@8?A5icKoL5#H7Xx;55_o#*8)pL(2{_0FOoVzfM{P#R z-ab=xez!CC=XZD6Tbj;@z@Tmv@HVVp)$Mb?-cBwd`}?v5k@z%~tW<3tnGm>9E^>+BPBdq$)klWiyMO|tYV zgZr9~t-h%%B{G!(cOxAEhaT(G^mEo=*bzLJfM)8J&gVeud9kA%yw02Pp#8^6cD*}t za^3Oq{-$1NOf;Q3;uE4F@|~lvU8_Cdm(EeZi1qoY2FXA=^qz;*1_YBc?-c}+3<^NF zF|Y`bpwtlNzu;JC72<9J7;>esR0=lYGgIXhQG|HVHFJFy` z2aFwzb0a7iw>I0kae2@jBRL&C;P}X#ya3^Y(RPL$y!xhj_dG@-M}9!sYoQf+WK#2K zag38RhooHx*DoJiAK4*jrSRr2?{Yy87Th+?5LP3<^3`w(mo#9SvndcyzO`<2U|fZ` zJ-@OP{v=f7&9u+RICeCfQ^ievp zO=%lBF=8d_WU5V5|GwKoYx0-+_^3I(Vg@U~`p4Lx!}h*%G|yy0y~xY#RO@OuxNhi0 zNt`18msBVG(f;8tm+cZhS##A1Y!3>z^U9gbEU0O%YU65)8V=t}~~_b7JXGlaaXB*}BylRteRG<>P=OGUi; zwXDg{pfoq_<_O;vrx7|G^FO0*t#QAdYW4iz_27nqJ(qh#v#qVD{SE_4}`W* z-^csgW)uSUbcrZZtpKGQ5=j3mR=efqrU)V~DG_E;5ucCa+&5o5+M5>^pBhE7rw0~I zTv55H-2QuSTdFpHZkw1D8~NkAMe^!Prsl?WCnN`A%9++lVXX?2IrRO8<7QP&Z^B0m zeCBwKGVB1PNH>J{&5oPlo_mDQ9^9Fl!VP28j(YmxD{q|T&X30bGpph#Dcsog!{2$q zoeTQi5V~L=f7kbYP=7(*N#HMyC8+SO%(Aft($(;?t>Dx!8xYN$E_-U1c=ey}s`LDm zhfdyi`uz3kGdK$@)G|wKVSdWq2VwM>RHArlW(sr+d~@>}-3nbpxk0;kof#BrZ{N{P z404^HlBgm>PJW4&DMWO`X?l7?$poAWoR1c?;H`~nooa`2?(iF3uOJzF&@5&56n6-8mtt0NwN>+_iaC8{WvmHF$|nI^beb0-M82Mn-raU|NNIn+`i2(I>A&J6x5r}X$7mCc2B%IQ)kFafl^DY1SX(c%eWbL~ zUuN}RGNA7_1@z4v`b&JB^fz9-tg2x=_*!?(51e9pL3JYk+Y_NRkWG}lQqFjet?#H@ z9pfDX__}>3M;#&9?#~S4Wg1CNqXK(amNMPlj7FY&69Ul89gpfY+1e~s$zm8T!$kn{ z(qzU}^!9Tz!Q_KYvP2|&1-*s*j8;x3;eg*SemW`khQI;-&Y#kqie0x}Eo3-~gtz4C zJLdaW;9x1#YpQ4IHGV7Fg_ckYYGL8^fbYLMeS8^vy`}03gE5F%X?$uw)m3Dpc%WZs z5c>x#*AeuWP^Xhg9H=wa`ZK8O)4wpV5ODR`p(gD0R)#`or41&1IMbT)YVLo17SC7p z_<079QCJ5bfb;wRV%_|S^A@0+=xE0R=gl47#%BCWZODY^$`*jl=k$izKM8yibzxup zXI!xYPL6`6ZLSVxFEc{&S%V8RdF?W~y90WP!)!yiPrVH?&6bajb!P5bA7BstFV7+{ zB>)WiGSLh%hBDBd0I*yLq9+wSSaZm!p$6ghZoxY%wmMZ7-%|5UOF2VHf666{t+pyd zMPGEaB+FrRVmpV4{X7!+cN3kfn5hTgu@e=^-uo+)410YfILyYU=g9Hssp}@_K}08( z3B#eAxFp4wL$-%FceFEV!Ki0Tbl;#mqKH~;_9rl-iO$ry9;Ry8jI4-tb*r(y+Z;>2 zu{{$D<%L`WNAmyq;!!>&JMO3-%Y|}-tUQD;shU#xBzDV@onoDuUz!j^;kN`(gv9Pv zq|ktnXy{4RyL7(t=HXL4Y0V0th8n1KSU2ek$1mX%m!Y_UY@ysaHV_^7BH@uTM4?lB z#ZsCt{oIN>=j|;vn7d-q%T(qhnPfRFSBh-OCn2ib}zGMlc=l*B~S=rA<+e0Bc`k2SB z5Z+4!ArHJWZNHCn!H&Q_8pHab&`4gHp&#sWGWl1eJ^C{V={mq@>0I_Ew28!jB9il& zA%Cc}%SC$L-HFWSc9iaU@ODDf6x~Bg5*eSm)<=8=1(!aeJ|L$(#GoIx7xFBQ@RRFA zfwFd+fc?rB4T%`xt91f;k&K}bt@koYoeOFIizD3-e}3J-)NycZ(gGPq-V@nD4Q4ki z;C-9?g|~E3htX!HOq)RT+IE5@^|dYY!|kQ29hEz;vDbts6B$G`Y`KHvPjK3X!>~vDH;2o zg`WSts=&q%yk`RkF3%@|lrHA+rU3ZPC)gJ^h<*_d$!FNNJSFY zvok|mML4X0lTZdJcqP&z_w9*aKIRqDw>~xdh$sG5y3crR%IwYLi8 zHtEH>L}dP0Tju$yqk~Yl=LGta;%9|PUpB=EP#o+N=aK97QC7T_5dDr$kxMC<@_DU; zRD#0UOWJch@7;K`NiT)4k*HwXjOKH~gmzAXCQx`C*jR%0w#84vZ1wTK9wK*a%1rSOGNV;wyH& z7}W@8qigf+9t-|^rMfRC=ZkL3yU0WZF+aTU7m`kmq^_ASd?_FXUmigKK(Y7vUtVJS zkw%!l^ji=bZrYi|d0`y_3y{Ns`?vZ#Mz>cq2w8u~USaDc?pW}uo$=9m85>onp9i@x zi1&`C;(O0sF=(fc&;!f~F|8eXJ}~v|FAqRRBj8DBbV4fRsb-9j-5`kQZ?V)^$3n@q zCwPM6KaI6#vy&KQ{tAkG3dI#>AEVhR;r$1ReV*4m89rirq@}(KR z+?yP~U44AGb0L{{z`E`g>c+~0F(M6HIR|u{++j78u|2-t2X;*)P_jLIL4XD=vVT$* zFrpM81?X^2bxl(tGZ8kyt)Y*7`OVopWI)7Bjpeffh5zv#py$Ig+R9O>w(QtMVVHH8-)gjAir z$=jRa*gglF2=#OmCAvB!=B3uT2%7c^;9*WNuFkq96b+7+#LS4c+TI}2Xp1)TJ8ea{ zrnDpRhKl{MnjE_&%`mh!fws0Cw8=@J?GH7BQh0u|17z1Nk*mf8 zYdF-^Sb@aOg9q zS+7+UWl0tWAq285{D2cftd`MYawsm9FnFhO@LD-ugu<-U96phrsDqr~_-X{LBo+=r z+rUT*V3IY7+;`uy`k7+}k~^=8QJU0}8IuPybrBGQNHFCuwL&|;BR{WNV+2xMQ1xh1 zt)B)wlxS5-HTi*#Cim`a_^SYAd-U^NV)2d_P%ov?FFM>(HLV1U+-i#~?*p;^8E1UQ z>|00j=Y?y^X@jF8LT88%YGw>gK6?ts7o|`oH%1M3i|+8^^vlXDydo*G@Qz*(b~6?M z@+EVp^#!;+1eLotyf?B0f0*ZH0*mH_kl(E) zn7vJp7V1(dkQEutV=zPco)8gstEb*&?*DBB!>4WiGB5_D34b8a6S8j$+6j<@Yjze# zKBK*VMsu%_&Zm5rv%Zfh=zSt-eh)jn&6a*9zA+#Y*~tsmwSh=M%rhHI%^lanIZ#Dl zfBWI6?1DX9!CfjyJ;B{5a9MfsN#F*r(w0Z<0j|!sm2O=p_=8a3^rUtFV*YBF5rGJe zB-#zTp(Z1nhkya&l9*tnZDnCL;54TNpJ+;yOTNu!% zMt?$DMWXn(f*mD5c@|_lif#+eq*UICQ_6yMcwL~kRO^L`&$ggeKKaRyG5@be;Y5?s z5ES8L zM^uVw$`JzujfpJCFM>cK!4^nSz%~iuDw1h3s6WozVx$z#!~U9>XnK-qymnI+?e6!j zB*=uTNdB0K;?Mj~0xrSPp1brmR5}nd3^o%wIB%yG-e_C!X);0Xw8`SK2&qx0Bt~rztsiZLa8M%HXHO#;dE`x#% z!Mx-^JMrTSgMsZJCMXt zdfAChBUO8L$Nc|qRBwaiq~Hfr|CU1z!b)b2l$M)#+DasVfFGJ`~-q%yy(XWcY& zIzJ8_^AB0o>r@+nH%~F-pm}si#D&>%@D6&?S{RmmE%mxzNmhDA{r*L>5=|{r>uG8* znty8c8`iCx{)h1Ow<+&ddukxpjDN2OA07&ib$>4fwnWY*bwCCi!cNySf)`_6^}{>c z2A#l1Q#(@)#4$wssC7Cn~JV)?|l;o|PN%#XtLAU_8k8{T=0ak$uIqr{*c*YRUOh~w!QKEK0W z)xm6o;@$CkphA#}BxMRf#E5_Xa3>%AX))J2X^5Lc=hR4YQa)ccu6wN5S`$E!ch=}M zj+f4JFVESyfJb3b^`B2OnUBaaKq(4SwkbMpXDdu6kBkoI|0J+~7w{Am);=j?|Ncf+ zalamebVOe&ijXRf{(bz5^X&nEE|~uFgLmA!Agc4e{3YlO+X>=CR8?a(gxU7focTbf zTc?G53>sVy$CT}{W}N4%Z9UU#DX4U;Htvbh_ z3$+g7$Knd3JO=8E!RtZL=CcEarNKBr2$tiS|w zuP`dPiQs~J?`ZNJO#79_xX1hq2?Gx;g|1$Y4BpeZeyOJL%XNV zi@}|wM3?kNSkC5#UV-*TKUC=~%*9sZ=D>-KS94Axz%ul6kHyDv``s!E4Yy*_0eds*ZRnNF2urV zYoP2~4zNDXa9WO;JUpwk`{y&;^6yJ#br1747&T}bt`A1th0PwDKi`p^vvn-Pknbzi zg^yfH0+@V^y(<6eZ3{$I>9yDqPQ9^T`O)lV)EPmyPX9hJWvbj=P->23c98$vWU0NY z!nuoCtKm}sV3jn7(uG)f?G{xyeBD-&nx2uGVo3hLd;z`(9Jz+E`HvjzJ!ncdy!Yg;X>xm$%wxycAZ8{i#`P=rE?!uHkhbTI5!dt zP-5ka+{3t&*@-j7i^7-cFZVa6zY^%;W2ow39~%wTmAYMu*<^y%_`7DfEdc4Vxue`D zJe-4gJXFgMh6nnt3B+oSg=juRR1r~vj}%UshI?0^upH{6=jUol0Xa4v#W(SR!p?r$UCF(a+wMvUu)H-li!c zI?u7HGvmMl9H^&F*eeDHI&{b~(oyJ)BY?hW?(mWc-d3JXl`~(^AgDVB~l{ z{!Ckb&ZT8JoNp}q)tEFI13M#06hmy$2)O(<3MM{SVWcy$<=G}4S-&4x5ppx#X-48S zIsTkvxU?d4Eja%vb^7nP3v$%f?u+&~_o6c4Iohh6@1i7S^*tSUTJT*DoVFvMH2-Up!+T3Nzt3lTY zo!IUV+}2YH>jgxHjI{yAKTdGDA=kKhN7t`P`c{E$$UO5=Wy13nF2j4;td78Mb}i^x zk=5Km%rf8Tg>t3-?SijPZ7JZmxd$SBgC{FMsf7{##08mm9up`Ec0CHD-DP zwQMoStV(Z|B#zQyatR)c>lf;g&qyt%Q%;1#VK!1Do1&nQ=FC-O0PW87Xy7WDNl(1~ z)ma3BKI1(C*8wIaa|LpN*Z!65Y^`PG#4jC9u@H0yst$=VW{f^M--n?w%Tp?%s{LxT z#eYgtq>tjkWbV1>e?&!=M-k^%7KgjY8;~V(MlF0&n7BwcL)4=_n1(TFLVRcZdN|ic zD73H87CcnvhURJNtg64sps4h^Wwpz}kg@;sFNC}hC4aY0YSzz(14};N+XsQBJ{(#5 zhC3r!E;2?=nNP@?xjiW$H95BQ+9wvwvB*mGTi8M6Pm203AfFCH*_@9NDcBaj*x02r zzf4r|z2Lm8BCXm_M4P>S8%%NgPKxxVBlWRlb9dw++WGO^@!Dfn{;qYf{;HP3zf{P1 zp(P_K@@i{~m7praECHWynDI?8Syg{*M~k(G|MCa()+iEY4D};^WflBil-O&ui7|#W za=jEj@gM7)c0=MoNK0Qw2&R_EITd)BxPt+~A(*NWXU-ctP|M}49FzWZ$#%&|I@t>R zsZTn^=Ew1VSY9V1Eo!o5_^8~(kyjXl#vbde(YJOj>}+PA;$m%)WZM;PXcamO{<{it zxuqpt*hxyr@4%ES0)c$X+XuPrdn6I%{g1mOA(_JbOMfmtkWBz6D~j2Hl6_vgzB7E5 z-1m$1vGlguC5JyUR zO`G+Tu?18KyGaL=d9%_)34YsB<&{t5blJEo`&RWAC~FihmaFwrHl8m`A}UGEQQfxWbm;cDmYpVA&?Uj^%5fw<@@cg+qnUnV ziav3`*u>j&-m#i<*+eOva{G0~8ivPJvN4z|d}qaN>u z!UGGHW>^Tj6(l>#7odlKR{b>~Yd`u zT8&NI*iU)++LKkfN5$D($6=Jcut<&_jwBb3q#*DsUQH+ru(EX&6<(5@5@V+~*yph0 z2y3%~C-VasrsSuE+ALG5ehF3fR3;Q{B^Zj>48^O9oOB?_lnBF-6bnM7J6-EaSg3Qf zG;K2QyN~5?WADpksM#1!3z5nhUHZNGH$fGLHk4zvSZbJe`7;No_TR{@hwGRzjuKGZ zxb~Cf5St-c{(gpQEicK2n2~b!ES|=@SYI3c#1G}jd|TOB`&WAh4pWTzCYTsy^4fbv{*iv zE@NiVnGGg$`aXJ-y&^x>NN#GR6$L=9DDrvPN8m9BR_Fr#hBq#Ixim2b63D=j{_DrV zEugAR?`s`m*%uXY_Wrd+#+k>2FZRg)JDi@FAB{JDWIMOu zCT8PHW|}57CGi&%iNAVzEkCr!<{a35Fk3MIoMU>(aJK#LpLpu?3@9c%Ifi#%v*%^% z#$bYcwsbT*NKMmd>v>!mdHV6Mxdl!q8SIw4aj0CWcPsXCSrVgtZB8->NZtwj*>cf# zRg2wbreF3U5S#mRO!;JaYxQTOcz*RxFPdKw&j$c0|NNX##XZjR)fsfEZ0Z8hDMZDj z!|8v{p}Tf=*e7ZQe9y5doUyGnPXXeCw`RW!DV1SP*Ee9v z>a8xGuTtLs9SL*u^T-7A_x5nQxIS+vCAexh7Muuo2hjCer8c17;7jH_wA&}m5ORBO zHCf1jozs)(-1ST5?!{fz0DK^U9f}Y{I%Nl|6M9&AlMUKM6#)(r%I`_w_occOkH^A~ zIrRDLRyo(ie|jU+jE=7d*v%X&c?@#F0@u9>raHhK?+1Km(g}0RIyonY@YdJup1PC( zR|XEdH^R+cnq97Pj?~#kA8v8cX%=N50a5W=MYPD{QKK8S+DxTS9tQtx>A%Vgl2JVkPP0&)Mpq7c*V z5?#E{$W(2w;&mB2PFxr?iax~lSf!&?5X)eFS|H(ijK3Dmr##9_1gp9owP!TPBE7SaVYaKn{-PU|}^ah29GuQiaQd1@WJsG~w zNl*feLXZX$&j3T7&eQd}Sx(ZI%TxK2`|q_hDaH8b%g>?0I~el@8`L*cHWD|hA;&+h z5|}G2$IX5Vd%XL!(8vU)muzrIUK{a#T8iDDE*KY%GGCF}^0J%`NQAyB@@5j+w_0_W8tiuWQQpy$;y8i=oyp10 zlSW3F`Vrv;vStfE7G`%oGUX!*qstUgDCR|yPhVspzAAd-o%PhQ0}C=c__pH}<7%`Z zG}z-TSK1C+|F!#lAO_jo=IQ!?o(NyH)ArCQjmk5qKc>yHUw}%Pj4}!tU835~YmEU8 z)kk;c%%wj>qxn)TmN-1F-i1J3>6*E6Nf(HKq@+Q0r3lE1NqA)4HgGE!=b#tJ^`fpV zS4QcWuF*Q*lHY+C(y2F(jX5oH+=>k=7YEVGVJQNjsH2}4Xzc^eUPk7F2eFRXZq{Mf zLC@DAC*gk1BMskci2Q5Lauz%6yFewaOtMn-r^T%~UJs&kJ?Qq1cm*a^cl6@HbSf;8 zUwW(2cBWRAS~86KbbPa_KdED{JoKzPUgXGhtl{-K+pPB*@y*^m)>xkHo5&oq#=01D zV<6U1v*$N=eem{(9J_S^KK z7R#A&+~~X}w_>R+aq8TT$tj*ubn77#d*PSrT)PZBw3pfnJ{_|W-44s(2z~+A_XBz?N*w)v zr&4CPS}Yg|gpc+1xD_`?8n_Q|+Z9`iHEAuU;9`Zv5$n9JOZMTZj*Z1+?BPtOL3N@7 zu3?n|B`S}L9qa)p2iUV@#-B_SGPTja34gwm&D|-_{ZOgLX+O=jZ~94{Ha!6qNL(#}V>@h<4D`e^s|^3E3J;6i4kfkXfR=0#`MSCf^QH_ky|C~V&nJ|@o?^uZwhnIXE>R^2!(k~=m)>W4sMd2zU`zI7 z_H8uGi?HVZTp9QkPqNx>S#&f63&%#ZE{O90WMbezjU>n}ziy_0 z=3-}39>6OMDi!L!MD@phXbYPb2)i;oUfoE|t3;y;|}*v zauLWlqd2_n&ZD$Sts%k9)x4c)+x<-{=8`$ZE6-!C;Io&abbsw?lX3>RbekvsT5F-h-XS;=!R&?2A;bO_H?~^&L)a90s{u59th# zVH`1kn&E*(hFEr80o&>1v*bn{#`{K^!M|S-k%;eeq@us|LXG5SF*;0on~|!6!^hXb z^;E+FcR%!7d_ZIsg*+hsoEbNP%}qX@QF#N1Q!)|rx?Dm=Dt!O>$O1V;AS%8bxJNu^ zpE|~PuFCSK$N5%?frZD}#;D7IC6zl<_NH;&gK+zD8TgOgm~LQRj!)&W-m9KL%04tE zIS^6*rS=qSz!tx%qE}`h%9i|m3ToLvvX$mCXs0-E%1f*dB>I!3$3>mDab8r??|Flv4OH6JY0sY=KAHRQ>@9B@DbKlocuG)05d&}_ZSZ~3x%U~Yec zE*|fe|MfrliGj_m-Z$U1~DY8hn!t9)Hj|-DhO#q^WZk2oa7Sc7tsjdBY zL&7DB?BOR}3b>}z)#Xn7?Z^AbGkVREk7t?x?xhFhRbPL@L~0D65b|W*WYJ70Q#O|E zC}+_t$ZQi#fa>wGP+<9R#uqV7{?;6CtYoDLL@-wh&RSGy(G$9vv#Md$Y5wS2Y2#I+ z1oMzy>6ZLy^w=JRBk&Qy_R9|(=m^np&!bBI$+@8cfe(;?kZEPGpt=|Uh`lL0cLT%dtqk0uGFdD0}=EYvC=)7jKG zZpsk}c~;F0rf^NpBet$HNQUFpW1!8qt0Lb)ud|-F08{HP=x0iH(YKC0HtX#7CWFb! z-BDz}2Ufer%M8U2HL5K}srg+Gk{^SAfWQoTU8Hu*sOK5tCx~J>Z$OKN!=Wdr>$*S1 zhJO3C^zT%2MlHg?XkA4&8gPLN1f$aAD?G zUX1cf4YPrn#5_P9$XQ!*v{mTMc`jIN?LO&vCvcQ(no-S@Y>Ifj83;pKkjC=C(&tuA zypL@%5|>R8i0l^Z;&kGOZ4GKyq%``Zg7?LI_$x4mtDASuhouc(?qY0r$}$; zJ26%2dJu@}|7EenIK`Y_`GI>$JnV&(?ffYtOJIP8iU~x){Z+FDzO)`=&IvDC#ysFg zr!LEct2=rmCQ8dlFW=cjM}Peg6&(nCBcG|*0`86hEnZtK{(!Tz2{Q4(L@|fXDjzvCi=pPHIKv8V=XD<4HN~_kA_UxZad#P+(?? zV-<;97%O>23y)d?`DsE37he8+{oO~shYK_tFBUN+sPCnSfnZJ9j>ab186;nopmT;w zU3p_Iw|*Q4K5&>kO!NlEUaw{0c}Fe-0A865SYNJLvG(l((P;>bK998nZ_yY_5iOD^ zbcv7&dvgnP>>oFA2Pl`3rU|FLCii%71Z?>F)SG?+jB1=YiSia9D_Qu+Z1XFSRtM~d zMH>}>d${~!{6%>|NNWA>Y&~QS+l7`BjF1!mXrB`cR{iEiV!@*Fzl#lSE<&A=5}trI zpT4CEB=wFF*By$FM!c7zAzfO5xrd%%2Y6EIPH;i7kciixtzqwl_96*CQgOhrLLXAO z|5lozwM0Hw-7>P8g3cR--!h#w8npQnB&Hn7o*+$6AdAR4;l+KE&X5V|LaI6haERgM zOqW38mfy>u%(nqd@{bzPTS{ zq1)XZY`0W>*amB!jns}@vMHVDFGHx>e&&2oC{h1W)6p$#8+Fb(B>4E+g4m^X?9t?# z=Q|w`bwVwJ`rb_R-bLCS^QX{arUB;(kkawK!ky`ybw%L^L&ZdLA$LodRRO{=YL(Ae z*#za zK1i<_+&|ImLFw%cf74LTku0{e7WT%(@@!)y^TS{!XpHR<+9dn+)N@`w%eu6gb&$_1 z__I+&^YznM`664DK;^(U50m%HU?bvd$SVHecm1zuqRr1o`woL*9QIDyE5sXr%k-0W zvN8C(x<;@zw2!OuEp2gPcVQzQ0mGGz2(}x$Yh&0pc8aM8!i0>TrK9O*AmALoqt^Fj zcoYhiX1y`(!zja-gmZ2(@1|@C1m)UCHN;f5`dseb9}H4;n0|2G>kR7$$Nc~hCh-_D zqyk)H`MDAqEfQLz>%YV;{6+kgC$l7%n%zj4Af?a=j%|nSVc_(U2BQ3nvU}KXV2{ER zwC(5|HP*Jiw;Lq{!#Sg|Pz7Bn|ArZ^fcWImu%`yTIQ}r2Q1F82cf7yk1|J7X{iST# zF(zsv-*Y=!);ILjAw-HJ_q<(wj-}*iVS6g*7`N7@kn}31Z(D+&rNtxxyRy-1zWsSQ+lR!P* z$W;BRqUTclDkK!W#cwR+WekZYL*71@8Gc1OSX@yyF-9ZvE}IEyj9l_7WvTl5u%MRz zZHCmh;$r~r6N7d8v>U=b6r_#mZ)y|+jCO$T_4bUGdiQHXy&7_G&NJ>!l3+?(n_$YR z-&FfKibNM-=TByO9Z-01`l(r{MQ)sd8Wsiscb(oauC5#!9V{vB-#|rU)%wx^3bYJQ)z^m!JnFL4LYO^+8a`@vc zDC}P&V*Ayj7HK$vy&V(CK$YAgLg^gAT>&NS+vQk7J|4e;?;nHQfU^}RDN>&Mt4L|E z44;G$Hc3KdqAS>7X#prfsd_+BcJ{-;z!q+eaEyFd=Q!Hi#1WnMoZkqe7Yp2O^9i1K zBD9tp^*9r?03|yqyXF}-_{`YFd2ME2nSOk=H@*;qVdFn&Q-C28||Lu(e4jS z*5rsAisHFRtAEBNe{B*A2DD`*harp^5fA z$vRaYs+A!|G$vV6q2{Xxs;}*1ksISLHh167*=$y-@_kSJEUkF_zjjYTblE(a*aMSw zy$WFKi>uyw1|it~u#3=!z&O*L!jNm~UB%*Wcekgb3#}9sYw(x@ssb=h^!)dTa(Pai z>;t~Zta%*|;IYADRHrLjG!_yjG+)u7bQAs+Cm}c_EM%SqD27e_QE%}>p9-mZ$h0VU zo&o~Q(lpN6lP)Y-9i@1xfEkMfi(d%F6p-gCR48&VszAqJ9#xB;9Gaebj-#!u;S7M% z&9SAZ+)LRgnb&JJbC|D|IU@c0VdEedyxG+)Kfr-6G5DR*qmX5AZQJ%~sU=nxDTLCb zgI9)-!Pl=dib%i3$n(!y#=0mMyPneVCK6k@j{QupJ1mWJnbXrakLF9wa2*KhRUI?= zOv-2L_#-NCI{d8;vSIh}Ir82b|H)I%0hTaoc{YQQSD3az!U!lr@{lq)T78_*8Xkvjb6DE4NROZPyTH`B*o!u+(uRW^4cso z4(6SSS`k3Y3p+Vc9!`efY&4e%(kHCFdjIqZ+}X>f9HEeM*Qb~4rqZ}u^OvmdWo{O_ z(MZ_cGE8fzs@$O2Km;@{(({(*?#r^Dqy9d53$!<#=h919lwvsRxOvEH3~T(-FFjTA zm&3}B!w-UDZBP=o*+BjrnAH7Q%97U}WrxqzXCc?O$>_l94m++9IdI4~NXR>=Qu z^=UNPYD5bsJfPz@z?5oo${0q6W1k|&;$3Z9j{*U@TLN9%wU zl3o9VKf8*4@O?k%lD zG3Dy_p2uE#=s#b()HG;|NoT*Ubk3Cf1IhMfDxLl1Bx2JR>Qy&%oO=>{moyE#1c(qV*geCu=-IU z2E*l^Tdf&gz}I~|_zFw4fh1>ok>s&dAaJEBUzH*e?eF|XvQ$cyW+a3{t267G;7sVh zI-bdG@eY%~D45{pG}i5yG{3rw7LW4vI8}W`Sc&c^xRHgbb*u_}YH~_1{|Nk6({X{a z@N{5jVO9>N=(z5u{4xfz)qzB@2`d`@vf&U5T9i&VtfnbT;br|bB)0B%3fM>F!(?uF z=UlQy{mw>7FSRs)?xrg(H7F^uz$fMT!#L8{eH2% zg-!WJ_;M5Jch=2y$0T3Y%yA9tW7WOT{#oqmcCdoZb%RI`H3TYSP;9JiC1};^EpM&c zFseooD|{<0s}n|v)g z1>QAhV?<_GYVlMx%_d{V`iHS048L1yl5zpreF;L-=(!-Izxo!AIvU%sAJs&Vv&Vjt zR(*hUbY{P`G?`lH~mQG0d~vEm}BSq?Qe(F^%OW#?~BTGP%gB%aacsQ~}9UuXZ>Ss$Ik zBw7|P#=z*o8Dc_Nazc?D37t^Hd?j{})kl6UYU>#z0;~8fiTjs1rN6y|ELS~bjt^xj z_7H*Sd1bbn2ux5k+jmMD=kP85V`9&l@AD1D>{l8MBT!PvJB%=)%M`>UqJ zbq@(C-FoGEr_rsNTY}r`ibAqik=YyxeJhgmbPd`J@t<47RLA>f)e%)HK&9A+Ce_`^ z1GAzmhf;i@9ut#A?-F^&i9&&-bBO-cnhfDt*VaIi3Q%D|Uqm3>8z1Tu@A|<6qZ6q@ zd~ZyN?$-3%28sSv!sBV-t!5Wo(f=!>h{SNLIaHCF%pZZC*~2^I`GWxeSTh{3{gU!K zlpwf40JM{Sp{tN0cJm^b8NIPZk;d@>X7030q!U%pbw>rZ(ntY$LP{*EDe+Iwh$09A ztB&D}+U4J|UYJaDRG!c)B##9s#`6=kV7yjJ%h~(3IOXD&L0>y7`HcSOKkeSp_G>-$O=i|szK@Q{x$kx7 zEGFsyS@Qa4D9=;XhOxyfh`f@|(zB!UI$XmOFyOjk>cKwg<);Sf#IEAkYE!`_wG;7e z(wO8}ZCk626ZTM1@>Uyo?#ib*i9syk_YTzIlHr|&o8?;X^Qq_j&KV30<3B1q4mK)Y8P5J5y~-ntt3N6dDp z0Tu6+v(mrn+cZ7~)luh)&#mlISCbxt1dPko6~VD2ii6#wZE*E2=@{03QSTF8PSy(! zuvjcPH)zG0F@W=5yYmhWn-ql#bPH1f+wCXx2$Vk7S9V#7AAQ1Wh<*(IvcP!OPOOPg zH8d82mc?hjs2#A`2Wu0*WC>S(rO!<#%n_7KluPuCtB3x#$d&|MV5MnY*d_MbpfNGx zJUDay0BOCepX2eG%n~K&avQnocs?^0MPy78eLU}h|G|i2pwoo)+Iq~2(UwF#qrG@wK)_18M8y7+#!;=i;oD^)UQ z7mdXl#s0%lQO*p}jAJPIvT*+r$=uL<<$k{1&#%W{oP{*{;#o`PXFTDKyC*77{+{BX zjMqM+<;}REZwS0KZ1h&{3XP*`w5fCFqgdYW{@cteCotAzDW=T~qH zk?3ClM{g^j5WA4oSx2>@cmFx`UwB76xL}pk1?lT^?eBGxZT`qdM{K*FE7A#dZWxSQ zpKzXWx8m?l2iuiQB;OvZ?jXNv#gOIO35A`0PWoiC9od(xP9z5g2~38>Z?%8@^gX?c zQ*ZP267Ypr0(SP>b;6Dx6lPVNE=uslh9%Mjl+$4+WF&cfL(SvoM20%U{+*>40h_SZ zFMA>%&p5p`j5OCG9D;lh^_i#UaDT(w=%`_RV04b%1~$^I(9qje(=9emwub3?yPf~xXnh* zYcu6Y{`y!%wa$l2#ZwR4-0^`NXaAp<0_1*i(%ERsNAK_-@Nqx>MmCVYq0sXZ#D{Ti zT3wCgPbU#)*}1d7S^ErHZa6Oa<+}Cn+U~bVt$5r+_6m9U&BY&6O~Lu_wKf5$^Mfg) zN6grnImto$;E!Hgo9}(EwtCr$t4&+JO^}a()r=g%NWpP6wNB0NfK3b%k=s?%a}pAl zH3ysPW`7X}9{V532OJ-(wXO1wgYsS}&>McHR1m%1F^#GE(trZw|H(k2A%D6xT#Jq& zt0a;0siD$`Df`&qi)zpS%6*?;p*r5!0BT(bA(9D=@7?(<3HDR_n~ol9M-}|VjxkoM zPyO+`YjJMFZYb7izEEFi%avIl`k<{G(4~<(9vNxoKDv;CMAkhVyZ@?$#gTn29?w?{ zVawMd;*+fQ@xmiApXi-R7J=CYd#ruQns z?(EaQTC(5{hut?l51`rdq|mv5)=R5`F@kH;tz~YdT2kVFpLR=d42i%5T5Un|Gg-_FO^f<859@tHH}f3ViH&}Iig z3&>`?1GW#3@rAqLjt$}8s1nEoedn|YY3_l-=t;-$b0MEY!Uz)Xx+&5&`6bttI`#j( zg|rjAd=5)T3x25Fps2;XRd$=5*Dj^YKC;1+ci7a)oy|w`B{K;0u4x?3S0@Bz@!}g{ zt52$)cfN)ygJB8@`H1^mrSZfgK9D4dL5;>u42x2<}*)9||*lj0BI><%uN)*9VIv)9Ap;V?<>*}d*i;n(N{LBkbaIlyu z1YIpfJ|Bi&f%&%9cqtI!Ij?pE5XOE3g3}gBSPz3BNL9H6?BO(ko!CGg?KuBdPiH)_ zpnnV9BIWP_*;eI6Mgp7%x8w3p(*(L5Gn9E0`+|`o4&j{S4 zH|}c@v^Gw&blSLaOxXNJDLFVx?Vs$(i6{S;N0(kX_aw2%+=g+C&?N z!ypzcSYI%i3+vmLTzUf%q1<<*#6K1`r|9)R3o-O+8_mb|bh+xLu zGty#`U%)@-44D3T`isSwb&P z^DV>rta(dtnzRYpneB*1Bf7{nuU{^C_l`fe=|#2Tb4!{ca?!H<`=tt_yOEQFIO7@{?e8_ZKcEd?V{x%EH}NpK zRQl9`hmg80z^kak1p>|@3>xpt=^~yd{yV2+>2(~vI?@HF0&L$Lj zOekcZyLb(xj|n$t3y~4d^m<)^Cal(zK#%0Rxk`$e&Z#deb1&0sz6e~t$?h29*BF90 zClPw8u>wR(+ug;7KaWhvjL^*v;7!Eoni3I{AWzZ;o}#q%P61uO-}ny!s`&j|hp=pc z8OBYQ=fSU8S8Q3bzJxWCM_wn<86Cd}3DQ7#UtEg}(RlhMMFnW&r5G@U_CWM&H zwa+6VL7y6M?9_$bbxWbpej?`V-=}3TJ+UP82OX}{FL2FFK{s_3ZqM%okGzq!XU?`; zAJb0l?`5w!_D6-WapuO(ac5DtUv85-RXb8*PzdX+8&GEvoIF)wLDYY^SUduniCj99 z?>&Nu-oG@{>D&UG6HC3(8K>?AYVHE z)Twv;d@n1OBIraxhNx^$gwR(>7i!>-IK>m=hh6hcyNvpjCkyA|e4=T_`@iK7%=oZa zYr}lZ4PRM@M1vIdX+~56&dBq3Y3mAcEx;3dk4Vsbhm56A(63gY*KV~t67_9#U71+? zzn9Oe)Xmm_D%Slglu~y7tu-&*=ZAG{yI}8pN#l`JE0lGIZ~;<&drfUi#OV7+K}(-X zgClf`8Ra;5j6;@|cn?_)3OPJB9SK-+WOF0~?%D+QHn^mEp%NnyXn!`&1OuxQ1_ZTd z&oEnDa4Z2`DAD=wufVMLlchc?iq3CnOFQwR;{J{lpp#dke?(O+;tN-G-ssPDN_Sj_ zI)U!^O0aMz)d(gDkNjlMdFMUuAnF=w(-|}aadXdzWBbvy>k9S_uy?+U=?y-OTyOO{ zEu=^lsCV}vINZxMaJxD&Bgb?AT7ME0iq0`7JDed>+69R@aPrkjM-!>7oBfbakUTmD zD!rYn5ELH&TTfOC$$KKbpBI^h%ON|6*Q#}*++yTUhJu-=!01xaD z>=ArnF&qxkWj$OP>9H%E$W?*Bn#$p>5On&->V(x~?R7fvwRaX<$=e(()Haa?YFwRc zYMlWpTovi?$+K&kv(%aH}l(Z#1oxITq@ z>veWxJi`c#G)=$r9BS-n?C}aVif}=#U<`M~@xTEjW<2{loSRB)6zhhUZ?uVOu{3Bi zsCW2Vyg6tnf~o(WHW)?|eixc79F0e*!nf(zxEHc-YH^FMG~KmHLwdh-U^l$tRh{x* z^8#-xGavwe&7z+b49}e+&MLTBxy#)4Fut)HcZW=R2YNy9+rgfNeSg1rd|vx8MB%X^ z==L0IC^D!dxfqtjg9@&D@|BR5DY+Qu=v{&-(_11bDW{IuJv@H9_c1?$LVxj-9=x&O z;7No^Jc|nhktx=f)I5clZ`%7XI_JUMjTb~Me(oHDg&|`FKfySN^|FMo_}UGj&U z;+O%}N+|{1*7uyjmo1v{?!Zf<)dOIMZ#$WbfEbD*BpX~8tZwOC7rUg9NCX`NL(r8g*1n!x&$mR z6?-NKDh%XllJ6@F$|!rOJUbDJ{O_(wzK}|iHyIjh@`XDB1!3}I#Wl+kZr@-Kz8Gwm zfYh{=D?}_!`y0Ex!}+_)N96BEQ(`|R$Loi<$5tb^*>qg-&_bcqD40(wI+5$x^}c&`&k?kxH%5#kWE;Z8^=LEssy(U1!a zeZ#~AmK56|MWQACE*TFLF$Dj%%_8w?r7#J%Prgt$K)|c(aCqn$=D~{7)BI9%v~5Me&GUgFL|y&zD>ze5EYY= zfp`ezcOPzmJ3vQ~m_xdhPI{$0Rod@L8blQ6YJ^iv^^uwtMMdJyJI#e3m}w4}kUNne zq4ps=_Thr@xHFDqaB-~yd0Yawp>WrR%SXOP)fWyL@}@y*S-d7%8Va1cP7&)vi)L#5 zhcuzN3)px*-bt9Mx?cy2#I20Vs9Po9<4H(~uqiN5(D_acsn8)w&1*geQ7xF-IUxVHpB62GfyH)rl3L6e6J z5I~0wg`h;Rxx7(%W06K9&o{!{^L8C|(;w4FhcNUsbkm&NsL&zsZS#jXgA>1oe&8~7 zD*N`_{EkJQ=&|043pgR&Br>_}QHO4ienAx*ac*;M&OMRp#}RB|Tt@D305Vx5jkh2* zHnZn#k_?hAUl;*K25)!WzMt#=a=Y%6#X)WC6Un4HZ$IvXVD8UnQ$r2$({0=m9rQweP^Hdmu z#Is{J;Of7axWR+?1N~r3RPdJ`A@}{UO%O3VkivSS2gZR7yswb(PeR$0fHmHyvr@Dt z38-(at}kw%^C~TmnPEy22O4RY>1j24L5WtcKxEuIg7wwTpmV3g{m?xVjKP>z=E`ij z8IcOkpowjFU+GicapeDoPo`-e{Vt$yOCdH=-8NXAuZP_s7nO6Lg^30_@R$vZl)}CY z;7m<8qqo_KxnLtLBBo?;%U6^eM8k^V z+E8Pr1VhMc6Rm=eS0|k`Z`e^{yW&s}qlIbPWmz~v&#BsK?3eVIJ%9<^RUbXt9ZBuk zvDuRuevN|XM^w>u&&Quh1(=F9aY?`>Qt8@*DSI+Iud@KlD5~5n+&HKuU-8AsF_Tma z>HgpbJA=syV2x~Jtp3f3dJm|6ys@|==&^(*I8F7rH)M4_hL8{&myJ262olx|&0SH0 z?DDDe_m_X+u0Zg!Cr7q!Li@z;YGLdm1{w-S$;oLZW93->AQt#Gw4Cm~M zE1{Dd>x3PE9J!fW_~tQqK8yJNVJNtg&92n;m?@2<7XgeDXai}tpt4i}pW!kmWoX9; zz~*SEyz*3)2o8Fkq&vDurP6=}27yVGQeg@9%qlyo2b~fhu_`6t0`PAd@LUKsH61*N zi|la?wODDh|B8!?q}RLnYCHdX5NPkt{S*x_Lny^K`03kjJ2RW_T9#&pFIIniW9Pu& zuXLyW&GNQR64bHkk5GrLr~I5u@B7hXwv@Z?kcC%$x^*20-4$vZqqy{L#x92lbE&HW<|mhepB@u zySAlLP&`?>eXJ08sRlZdfFi zaY8(cBM;@mVuI_cn`48hjV#|g{Yrvh16v#}QE6@z3n4m*o0A17-DE(j=?77e`hzVo ze?F}E-_h%>O>r4PFwfz~X3*Cf^G)jIA9Y3ST`KUwUfPpv3Z8gUgP7TDoZZuNxP(_+ zb=CBlGM<=(q`+rrU|Z2LM2N9L916j9JY6j$&T%-qbP#kUn!H!qG%AkBa>?VeB4VYcq=l%FeJBt z6Ug!F&4lbFM~hTvBmuK4T_u2U?J*d``oWWq1u5?CP~^>mNA;IH7M{@@)>2X6^*P7(GTZIksZEM0MJ#!HOe?k{X62E>*HZZrCgmFDWEJ<*K;6yp zF~7J1OUYAK{yUaH{uRkVT1B9({aHF^d4t?Khn!CIlnHCf^3VTV3B2d6uziMu!C zMZx(s`0lRnBw4L(&7x*voHoUyUTUt4 zX*6Ht;qcFnxX|w!QHtB^Xo*=~*P-Zqe_Tq?W0x*d=%(E5--K=$ai40BKF8?fu}PL0 z=n?#92Y)n}NS$>V=*>cu;{?L>iekxG_o&J~)F!@X{UBfZp0(A6m3*dJ#szeCnm+ZX zz0K>3W@S7{jt4GpffgdQ^5-x!iWeAneR33cQfoznY+#XMzx;}7_yT~12zr3D)kgOP z^LrMMrdvZnikJfE*_LGF7|hG%`aCB;wdu?oO3(+0Jo1dLs*y z08Bh4$+RaiC-ToC2%z(D6xO+Ki$%S;-#+?GXH&PYo;zqs>_xX~7!?#FuosF6`4#Vo zOM6_(M@=^u=!_of(LYSePj9lppl$(|Ed7Pv0C_baGsO)(PkN*1Pb_HLkP_qH+AQh{ z#G_B`2O#ZtuVkVKl3IB628vBpmahouTmKy=)?WnO?`Eb@q;Qdk%74#x9;i2_9ZVGq zPO9*)!I(5MHw;5#Uy+MsT#<{V7n6=9uVIO_Bbi3Vgb>iD1jidxGdc~JGu%HX&qLmt+pd~ zvI_AEYZe2{VCj8zKXq^J$y#NA69tWlt-&Z03&jOWG@4`E@B_W2nBSm^!D0hoL2o#5 z{DH%2`}o#`0+9mI;<1?3RI&oJ=X|I`Yd-Z(4(Z(ERdSQ0$xJF-f@%%u&D+M5M{T){ zyAYR(bSb5J*N;T~t{=(3Za%cPRM{|=ND|(kg%Ln_PP%^sQbkETPzK}qZ|=Fxhl-aV zmE}dI=n84KSK4r|?6f_v&0XGzB#x>n%2p*)I;8EBK6Y+1t5LUh`LiCY0`;#<-gZOh zsJoXhse_+ryidnQ9@eW%d{i`4oNuo*_=y0+GS@Dg`_IRpp^r4bN$j6T%-+@;8rze4jht(;IbrL~@m&SK$iW}dKr2c#sz1Dd|45`=Xvb&W`o!Rc)G+_b^ z=-w6jLa1V{`+QOUOfd3O)P3&~ z0xF(7%G1E+=4ST8$6sw7Ymfh_YiMphxbs^n=!(w_c#@D_a42wjrsUz~=61Qa`*X3v zz{@Loj%)udT@$ATdMqg0fR({-Q zd5#WE;Uf(_Xbpqje!=ZuR1g-!l3>+oW?g&j*a={GW(+h(b&(nMCK>{mT%}RJUSW!Mn2s2FMnL++pM{$zF?}quJC3+L zi#;|MZ!)Xpn$VXtpJ>{=3LLI?`&)mWrNUrW>xVsV zeE5#|hvU}1K!rze-{;&AN@i80-!`-MJ#MERId-#{>s$s6O}|U6)_JtDMmapUSzp+X zp+fVe<@(2r<4ZpAp6R%u9he`9C+j%jOwKEZes+>azoce-cE03@dz@G(TU-f+S!^c| z`N2^$l=Wid$4#kC&eAMJ{Gu?BZ>AOWG$sw+*sdVd-1{JO$wUT55k6F1g$BR$=kX^P zs5>w#CR`T>ei+qF-&EQJ%XB0Yxgg;2(bqx<0b>y&S^8_=YOA)`%M zS+s=hERpamSnOun+#epa-M-ONUiz|?^gi!OTDf_(K+E!KR*!UzM3;|KaKq_uB8^|J z^GSQ}#&p)AzqE#ES>dnKIs@*?%8<_Y8ngN5HJFxmQ~cFu)VgA|-x>*8XS2TQ#H)v; zpNnYfUodanpTYmt-wWqK-hKgE-9J8EGmAD)pR?ZT1aPH+Hb)1qmbp?JOhT|dCHkGl zEzi=A?zew`MydjJOv-^;>_>0{$&T1c&q*>62$F=?brff|r?6(f@IeGfZqj6(b~ zIapafAks(bC3-s0eAHL^oDYP8*jc77yTv6SXZ2E zPDm@N7&e7S%D=n8T2j1?WvN}?kUpVIi5&>VXV%|1)(g0C-&heMUmJY0g%}a8>!;Fa ztEKa(tDC*Dg|4X2E0^ zseoD2pv4Eiawcjk*QwYQm%(0!|yf?9k&)hWxs{WXy@dq}eOys87)(wazgsgRk#lO219Yzk#Cqln>A1Pn=+__1gOD#q1E? zod5gx&Rg#Ld}99+u`Oy1m7CluAt5;HOZVK$59hP4qyKquJ31#eLScpbN|KI;taZ+& zU1HIJ3Rvw?$VH#&-PRfeQ_Ua2ZM;gj$(MN68(yb&*k-;wxLnXCH`L(fNElVDn6|(X zDQA|ABl+>a&mPx5S^rTIC0MN7$I7`ZQOMq(l4Y!{JnZntqE}kuhC_Q(76q3p8RIyP zSPU0rxna|d>LN;AEIw`w(x z)GZIN&aMCd=S&n!pp?=|^(ym@VHqz41ANUXmfpGF+PYx9LKkq-DUvtjjio%eq~^b} z3v^FuHRoW(%N}U5l>V;_-5ONdV;*u2#{`I~Z(_A6yliU36Ob}D#nwOaQZ!@er&4sH zjIQf21r?ebQ602jF1R>ykaTy8^uG8YD~>8AoT9R`SeaaJNX}d-rOypc>yd0R_ROKJ zByD1Hl{<=wsWa4ha}A1B*1}(5KA|7EYQ((v;S7uJPj)fV8KqkBEC$v$r|lRiWok3+ zdcX-QPbU8kal(CuuOcpX`Eq>f%r4_qiC6T{4{Iumi(j6Xhne=sIsq^Je~ANT>=>i- zOWY$=)?3R3(yNKhM!? z?WJCmz%qS5b zA1?Vc`(oc9*T77l4;TRhd|+~8l<``+%G!a^pT~t7<2#;6b~5caWg;C-fnHWm3fR{q|GAA4tFuboCxSP9X-inD>EPinHa-uzmv+#?$1EczutJUbX8gJ-cdYCIMljyD1V z5&fnkAlkiSd|Yi!7SL2kKnO+`u-ExF+Ww8pdk5xVn`uK2AbFt&bbp-wP0;tmQBs0& z&MBd`gIf%kgU0|2^WgE-%FICzo@RO~>xV7+TUDdqyx;;DfPh@^dw%Okxk;m>;qmgxY{=lUy8gBPhcCD+2GvxIhh@=P^vcSYg=8N|qKm!H!I1R<%ZFB(ecr-S zz>Sus*HJp(Ns)8GlX`G)At~j8yGS9myg!@f-Z2wgWrFZpgDD9Qj!jV&;JKuA78aUH7UvfhVTW4HJch>i%J%6~o5E`Qw{?sIt<(IGXy4W_~d&z`r&ef;=Q6*%&7 z!){4f#73(mf{&YH$ghW_}?y(IHEVNKj*V3BGj zLQg!VyK-{sn6X*o?AiY9eCZ_Hrc{xwrre%C$0_2^#48P|`dZj2xg`{WmfUFxj)-Lj zcC#SU=u`mhTupyUaJiu{|VUIdNHx9tLHgdqih^GOT3{wFtp)lxlr8BBS4oA#c(o8;FIZA~lB zwir_Wmrx6khVy{yKXh4@5+^WJpCHCm4HjF_#jHhgPjc#UPQ{$og2Pp; zzg;D&whMgP2mSeK>`Qu01H|4k^Wls?Uc>3!+uu&L|Mde5#$%@4+;0mIX6p$Xc6UiT zl1kVE_hM((+iQcL&J577?Som!EkUtOKG>p%4PR#yC)#zphA>l^Mlcci+|~|l5WH67 z3XZ^eyLRX4aOy;ve&D?1)ua4fz3_`gj^(CE!NmEB?{lZ5f|P?FAFw+b@Eu%l)Fwye z7bgKz<$pJd#~Nd0=f0rpf^-3l5Ve1M$n0H%=zRqP?=; z6$V{QajdY2(Q#>l5x<&?TX^5=fDp4t?&$Vz9q}PCFf%r|Qppq~0Qk%cCgfD%89-Lp z(5W)%O`Mbd8`k;r8_4!tRunD*O;*L*JPzZoelI|FcpIpz!C)e)I{ zCOvd7EzXNrK*kH0Z|UCf25HR#f^fMF_*wU~pRV{cmlxLMG`M#vZ%$0ZU(mi39GYjP zL}uLGD4&on>^-dAI{Tc(dT)`z$6ZgGqG&=VpCHi^Jk{nmlMSg9xs+D57WLxol8X%$ z*81jsV3U>lSku*kt5UYa|Lco;|K*khpIQOqh1HadL7&*(fz;1b*U-GL@rB~L2gmuu z8^vJD>dt_5uX}F;T2DNX8Q|L9U+=N&77cjb!ky?;vOb0?s`WrsD}gCHYD_Yq5NP#1 zFZR<5K*?W)LjA%oPd0{WSt`291?W>i1jz23Tr8OcuZuw(86HFc>7(@O#zW6eFLF_M4Ag7fI7 z_Z1rgXoDM+4_2@ByvjGcgy1hkw6i1^br(0qf}}4Ed|t9Ka_0_5ml64$Jr6x>46Ea= zH`zICz9ybN)0k+hfvt1@KigJT|3KWa-;Um3)hxz{#lhws?N379B4?G%_8P{=KNN}D z8oGVM0XD5M5GO_qGL?^MijcB}JlK$kW@AmBg+v1lk9Y3|wPCAw2#?i7I8K+{Sq+qf zmhUg0-9j)3N{W2aZLIl1&T|Mb&7wRopX0rQmWR^o;`ulH0_GeP;g9N6>Q~^4qyQQR zae!F@pAZ^unLI^Q7oJF>9Z7_@s+c!#xz2!JL5R1vzF*;B2qy5{7v z(NDcBG8DAg=zab(IYBbDi9%`ASpST}lttM;mA3QK zYNk0Bk6*G^5XD-5^Ddm4xM@3k!arUEKv8jDU*odYaf5q2R(@OyY+%$^?6l>vb5g^~ zdJD(UgI7H>d2+znG8ZzVvUy zc7cXyeb5H0p9?K`*K=(jEt|sHKO>eqHoM#+&^pZc9$qSv5FR^rM(3%;;@t zIr1PhRrLzgTN>PsNd~L7%vi0rCuaVi zZwN6Nmd^z0l7=~YbY0jo)NWY7V~XF&2&7MV+hJD2af;*NkX0{^ zRqlFb=xflFcmskMXGQOyx{>|201ZxbjTg&r2Jjsfb^mtFd|qL-v!;fN3Eu{x+TKhvzk{ z#h2+;wWZjwz0H#pWUwqty~r3k-A;U(K|C0C><-dRqX46X+HRp{Wy22julZXz)Y}_< z+@=^1Pq;oRqRJ!ICy_ntqjrw|&|_MhYjF0=M0e=&*rwQJ3S868SLw3x+p;0q-feOy+6Y~EW@3o6Kj^LippH_qKM3k&Hd zWG7y-F#q<{+~-=@aNC+Mu7Swr{NESWnF$b8|LA?wlKxSM`Z5G!$YcSqfxKW!YIl1> zY!|K!w$0FYf!`=X!79O&e7EvQ&gS<@4vdD06r!NVy$0>3)_Gx?9EN-PYUrp{kiGo( zt6PpQycP)SS0&WuOxX6@51^EZc++!-LVsHTbZDWiC8jsXn)6^q2p8I7vb-*N+;6h; z{|R`727IWX_CGme=(d_sY2!WTXDN6f&OjH7fv~5>i9IeV_W#eK3Wjwncu) z|ETdv{E^1VIhwBAbh#4%^5^oys-~tiHyk71WeRl<4=W3Dkj;!8@E=Ie6SpT5GOA18 z+bmArQV7%(f#y1cRuj*f03yRq~+u;1w5G^Mlf|2w8qsH{9E;V zKrSVOxxdYd%RNd0B{&86n9*F4@h(rzfT>@Zd-#{2$7LDHx8)&r%S_uC61=yemXq!6%!w0AgeYVN7pcjnKVqw@w0aoX%e&)9G6y zRz11zfDKt9dll)1qESRm4RFe1ArD@+=VcNK_EqaLY9e#|Ps<)hJHh@*<;hlW4%ptb zGmtq6(Q(^{5U#zn=Ld0Gd^tkic#K-F)JM*|ueVOTkeyg+kMoOn97`Ug9)Ble4pOr@ zy#2(u^4zm?J{Wv^A4UJqQ(6in%g6e}?ai0h6+*2)%GZfV6dGn7VquvU@7z8NzxEaw z8tsJ5_E#pnQ=h1?(9>u8au5)Ty|SM1><7Z{wv>F9uTeD`kFyj9O3++QCBVM?#;khP z$n8yeanX71cLU)s*Gi{dySLm)Wla|*ji#5qW<=rvI_-Lp^@jCo5(>8-O;e~ zr!j=w!Cq)15h0n8XbqJu`w2S$8#->vyHWK}vBK;9Q_@+8mhu}gb)*Rwp0h-l{#cC1 zcphd z#`xG5(_ZQ?);PwUkEyC!SJ*^6M?kU-`UN*Vs!PmW^*a(28n_&EgYONR7oydOR0*rhf8!A;H zeoB2Yr8P4`(t7@^CH7K@^hO>N|5$162C=UVKSAy{&E2Co-k z%-8Q0E4^m_ARs3!D>4y(is%G}7NcC5k?f&;m=*9*+camvA>_mJneb=LlsUP&Y6JYUT%M4eD|&83qdmx1$tmxtU<>i+yh5QO?N?bSyb zA$3!_?}M_Vs}c=CHp(E0xRwdWQ}R}yS&3n$9$;-=1ruHDD=`>Mx9wQT+|XNg3{E&o zE}XF5j{?4KRd3NtW#Pk-hRF{FTO@)7lO5eG;4V@7Jo@q5 zD)+09D)K@Bf&6 zQ%Dp~qrm;v0w%>HiDnjpQW}thy*k@rb(C!S?gG7#)NG%~y+@0mbefF`E-Ri^Wnf=B znoK0=VsjptR|kQt?0!`y_vdPyd|)7+wAi%Z>#_vir77GtX?O4Dx2Yv##~RH$Y-+`j z)z5#@tmS>-l^>I2=f(+aUIYQXx0O)6X@%{$Rl~~VMj}k51_={Om zZ)?;ehe4|Be~^b1Pi|>qSE|mk_$@j=U@UDk(}K|QFa!`2j#qLz{~eFlz?L)isvf%{ zw%PN8M)7;4h<7f_T;8yAeHna?>sFisR3-jja}5~`5aLMw0xWid z#PdLVh^y=W>>M`B9#%+}sTLgM? zZ!b)&RyZNzzoxfD%{b&6+%yi~@kzw-b}thoCzXnnW=Wduq{_+;tW6V3S=?jM&jWoR z+JE{$0w1DXQ;ito=w|VxH&bfg-#ayVn1!k2aDs z?U&o0r*<@hc2@+a00vUBFE+N;`#EbQ0_{QpY>SXhbuPvJU?s*DZ)c~a;b}c5e3>jW z=ShvhZA4Z7RW^7?SM#f1U~Q`$

Jg;4AOA1ljmPI(Gb;7-^0^cB_6%x+Oyb_X?rl zDjEH>DKq`#R*6mUqyGnIc<@oKLNp5c{BK1r`r()fe$ zV2<@H`}jLX&API{gEX-?>1GWe@W5euLjcV3#3NFo`rb6a&yCDdlPjC><^=K|nSom` zTjKxYERZ_*IU1sajD{2rH~Rqt=WTPAflt3O4{xb_uq}y_bw|$sMz_8Vj#+mvR{ zjF>E8{aX@=jX^*)oGc>eSSo7b;%xHgmLLKZ=utE=Rw3*M3SI`IHah@qr9Z|RYPVG0x z&ajF0t$vM@HXrrf&y>Xr-aRRBCe-Py#& z)f{hAdwX^Cgsi6U+ULQ3+u~QS;NrTE%Lwp2%H}H7q||S@3)zSxi0ozVG{=28Aii+L z0e<<&KkNX2;-Tum9J~o-$%v%^V90o=@wb8DA9KU<(Gz^}ci+3n{9049BA;~I?*T#1p$4#)>?DE-sFAxS_>!~P)smEKN|4KU7#8ImjaR~1&$-+bC1Ky=S^m2 zX7+ntfk$ETR)`MenW1+EZrDUJ0@rDikEEUl{3<%4gS`8qW8B7aa~_85JnK(fouBrm z^I|qdnuWgvFuPr89eJ}F^uIQcrloCa94$PJJTfT8*&Qa?xg2yDYKT{=@kqhl)`I7M_HIcq`+X3+%&}#((WGbQ^^*DI01oVUZVqC;?#13zDXqN_D8MuvwZ{sMi%o9d+WYVy zf$!e>o>1$vi3J~k=VQHU5cP$r7Wv>0tkz%a2fZd9`*sJGIMpIo{W0YJun}O?e*F|? z(kc5HuGA2lQyp{ycIm24fcE3R;>EcJE~%M zyXr;wkC_h{1)$+S2dtdiO}@#|O4y4CJ6BC0J2E*%zi6^DpMjx!VAO8F$?XV`3UB=b zamp-isnI~c37}coN(I&F*+10@RO%Vz$-xX3d-t2klD7){4!XUDI=T)JGh}X*&64qG zA|7SE2SB68NaqJcNt8i4y(V5#A$KYZs8n{RXo9OGXxQJv$ei&Ip#mLJJUKn_i2 z{tO^i0GdCoadUGm7#n}*x$iof0c)QR-$RiwD)&q7bW4WwKaPHF7EctRLlnXBk|yzv zg5i2kVKz*R#n8EUlpVC>?<5esHsRO^);_1%;4g%$d@xFnAxns-QuY(S5HLI^pRi+5 zxX4j4pVLGVDF&34|L$Zu-{n9&0l*_sY0%E<3AL-jq<&D%Sh4d5FQ+khi>o8|!2ZM^ zm^m8(thQPiNhIU9lo#BpYM|@Ms$839!3uwmFWuXcgu8;uu2~50c{mK#lzTO3x%hjc zdtAikb0RPI$6grb3lLsBt-3fly-_{k`*U91p)5UOJQe#J7*mt_D1Mg@=oVTpZ2WC_ zy3X-uWIrZK4@-Rfi&%OO>d+Z)Ky}Ms?ln36}yw3Dddnp2e)WHe+n~WYq-9ny# zDWyd$0_$3-sb5x4=O*z3iSTD^=Y!Xvg5tplcYa!N=#f*0$D%dM`}u-gu_9-~S!CRp zV#&8V`rsxR_Ua|}^7RC#n22)WUT8Cd{Ld5yMhwH3IYQ&4z^pQGG*?1l*%aQ)v|Fwu zS?Gl;`ypDdvm+VUR6Lht$pI3HetzZO$}7PZjBa;y^HhLGO-J7 z0Otr_YL_5*i607VZY!)$b&R0@TMQz&-Q_ZHHXdYUKRYlyce|M>Ok&9i>_ z^x|!w^3PNQ{(BfmtrRj7D9(}~6q60;uaJ6%3^h^K z6@7ca{vYH3CDnrK&cCLn2KLLld0yO_QQ`)q*5ddv!6ncA88?Sufa zr~H>KAb||o?j-E|Y-bjEl&6Z(+EHj>;< znS|6`KREQLnB2}+A97C#?3b_p`uHS+QaW16bWBJEdb8XU+}fA!AIW&_M1z(p03md- zaX_zr-AC#{v$l3YkfePn;~>#b1>8@jMi|4aRxM=nq1I+^pifTb`-PX&qpZQzsUSMd z-Tm(FL6znIApMB4qi9o_2>^wl1W@s5^~TGr_FIBt~`gEWlQD`J%~Q$XJ%W#RNq9*li7yRMfqmPq3D7AbZ&CZHuLpk#E_Zfj~BM4q~S) zC&de}-hTZK=q!)_&}t(7^NM)>I;H+iu6sU|Ycme~8}+p&HSx+d*PVZ4wf_DYySayy zn0=#iEFxEQpq081vsa58L#(>_xPX?ahH|R zf^V6Q>_+3(21p3lt*k(WHpSB_$o}gn5=O`U4vF##4G7NA zsy0CiLL;GHfq{Tc2H7nEyup_fwDomzU}wRWB{H#J{x>>47*H$TT|T7+BdQqpMqSWn z2L-u|Zuaf|u(XOM^9lOz=Z)q0n!|uYe-6lElPh@Um^t^6N(|>}WK>{Z5~+1%Hb`u} z@=Vx9#HC>bB-%~t!x-ylI3?4h-D#gC3gK=eqDF{PcdRB?%nBODIWqa0rwd!8o{ne+ z4~hbCxPSh>uS7VyHp)Yc=*Tt1v8TIJomuIXIqbDq1wfQBD_NK@Kva|Kir@F9nmI*~f&0-}{0&r2 zza9oGj*fLMc(11ZH>)7>%d>-MlN`a}vbSIX*yMI5tyd0#T*A(=?XhEecStATbFN)Q zuqFXwo8$~)EGCVoB#zbi!pz6d&Vu?6&3`hanhhP*a+G!Izx@s}uUextOe^bC%N4e~ z%nr&bRSDNJNke-Ge68YNa)vOYN(x@D%9TIz8!4Hn}eKByoR)dalBKKI?&B5Hp&d-p-+q55Rsv!wBxnS z%^=VU_uG~mKY&*TifPUQ3fmpozl}H|;^>2{x0k(>Q#UX<>L#6ZM@98`evnwVw{b$5 znMEs|c_q1e3y6y!V1y8OAh}YzE}Tvgf&!A_lq7q7q@~KapZ6Zv8MJ0X)B^ge@#F6K zgzoC&k62gE5oTSWEx|o4(MnExwwyHJ4*>_NdL-(B?XBU(Jy25?KjPg3C>>INW0j+| zGYc<4Th?=xv-lm{l~`gyi!~WNneo1MvdJ)ON2)k^z35UThn)t$Go0^1y@=~+Jnp;) z%LR}Xg!B5%*BC)pT{M#Xtr&2bwIIx)?NHzCPygS0<@p@hEHLy)VA6T#y=SNgxkNN= z1SyVzkyO4JJF}hc(fUojS+4%_3q7(!*>JLtSvRn`8C*Jk@ygn=?=LFG{ z*MqN|^VXkc+2XTA@ld?xG3QNgloJ>R_DO zzd52zIcm80>3sei9Z(2p?S~Xe#b_|i>z{u1ix$nDREcOJw4ZqhDjNfd8~)^A^=`@1 zP6PZs{V?WRIj9TmkEIL_5!vi`@}Q7}uJ{}dJ{too|F*m9 zGiqCS|IIRepv{VBxAd5*gk`#e1uxVSpAnqK$`U9$Kt__t!U}@Nrt+eL7W|wUz?z;E zP@kaHn=uI9C*?CvoMBvtLG1#zI@ZtZGCzkzG{pIVHn~W136NFW`vU3aiWvTKY{n6G zu2L&S?h|8yG>!8GyXOG=y5UzySzqH|ll`X?zVNQqjLsI`8>TEV7Q8!(7QvubLf?9-@*4AhZ@adXtkyZ4A0dx0v5s-Su_1=iOCC?5dD0UtBSM*4x40T4SnFkWy? zya=wbW&49(sKfH+Yl!01us8hK>b~yZC*yCuC(_SXh2&v|o)OS4QZuUpGSvFa-z&hB zq|>U*8KUcH0vN;V>!;p*3G7Z`(Ej}#j#cOy*Ax=+S|nt{8UgTv5ETpV186Y+l)pBX}ZJ z2AHGC#+DN7M!$d6o=bfni(haTA*gt*jpzH%CjsubxzgiK{*vk4iJ~!EWZ;+@g&3<; zLj?blRJSYVsWp3VZDzuti2x|fy@-^}h$8;rc09q|C$lquyEFc+n<2Qy5|bF{v;Q!W zo2^kK{06ZtntwR{pqo9s8Nq6Q)KzH@c5@V(h`07R6@ep1!v`%@>VE#^mOVg!$lWH? zL&P!H)Jr%)=bsyx{pFu+@>BP5N3>4`GLhgx)=1m4k>P^!HqL$A+7B!%w2A?Mwxj2i zW7aD>cI#}VvBPH_Awex2UUa6|beZEUQGHJ4|OnML+wa-A#Q7HaXtprq$ zB%X8@!tS(a#u#R6SI~IdNbU`U5u2=wq%nBn+5`A;96Emx)4I z-tv7R0@_k>#F%=mx!TF)*gYJo2Uvdm@Ar~rbQ8+H<+=~d7YR_C+pG2FeS?G~W}UJZ zy;<&D3oT_?-@!`}yI&~so{>s8FC=NJuN_}k28;MB>D@pU8tnSeT z7dE3M%FzCmm{)A@PX(5;t=%l9)^tTCfLNu(@awrKano7>Y(d40Q-UiLWzJi|Z`5(K zLzsw}0#F84cd(@-v%94;FP?_+aW-%qZMQ(09<0muFbvim&3`QBM=SA1^*}=j75R5r zxRU%4+&@Z1_&ohPyc1vLD1EQ$^)$gfj51e|+^bTF0TP~E3qSV=20Nqz)=um&zJM_< zKdMX;`wt8rd-*QK7}-^rMC(5j2?5_55K-jVM9s)1XP*~PY9 zzX3$>zF7IwSg;qxgZr(%c+MGUKQ$u+VWDifnp|8V>Tc@qzrT zuZkd$lKgIJ0ptBXd!c4uu*`{)MT-g{TOvHk$OPes?jWcL9t^bD6`-jSr+Y5T1P;!V z%(G4wJj#@xliJevZMk^`4J)ZAW4o<8SZR+x&~W)9MWc`}VqdwzBlQjK%qoekHx9;( z`_7kp{9&T;4Y?jqFAS`*9fCb%&)3XD;TtnOA+LCKrYNBX7Kjk!rYmcFhdF2EY43+S zH@Bab<}*YI#}k$I>Ro|Pgo0Edffl$u)*Pj;_7FKq5!$3(k9{(!$gjKlioVd}r4a+yZJ&MnH=G3yO5h=Lz z^~$)&*b4Sj(d_|#NA&gCNQwcD3tiW!fZ5*@9)ijXdj6q#e-VLb(dzv`lLArrkmyXh z)G@bf?8JsBF(4KDI!sWv)$+5c^$&x!!sUXi+-msP1g+aJ#dh;$S?sXR{S(a2QMuUY zb<55EaVR8;L|_#-=jb`*1_cR;HTM#Q9INYr7aZ|_mTTcBj>lDF^{(MznZcBr<$nR} z>{~wSkLViR5B?b?P{wKfa`^U{;NpH75hdr@Df9#zheZ!&CrsnA?8vh)e{ve53H{$tNajRX(A2c^2sFH|Y9Hnq$qVJ@)IFdM7`Ju>T zU8f^@-zr7{n=E{J(9CB$t8tsvmWAGhC_Dq);(Ft?AsEyRDE;z@6;uPYgkSK~xeZcc zKdsJ2ul~-zd}~^*!R=JG+f1tJNXe@L`UA5dJV2u2sDYpV=U zIDy-d1lTG`w*3aULmIbD*b_042cyE@yxCk6Y1t~ly&K(^7v?0jPDDyFbL2dGOsAjEG74H$d{F-5UjDkjtA z3+ts$y-}HE)d1)Kf)oTmuVh;H&N#5^i^(Mraz_D)a}2$?y;C4pZGGk?-cVY5U@&!gAxGxZOrY;z3$`vbT!7hx+PR-^2Y<=ij2+HxWF&H?ya4g z2f;KYy-3h4$VXHFc1YV8*K4eT{;)Dr%UtVpUvoa2{I6?eKE#)%B_jzl#*n-V$^m;+ z_MnlN4?o$)9XDByc0d;;cAQn?y?RTd-{J|BF`3f<1@;JV-+BXGshnB4J=7_C;U#}q z`rq{ee@hOo3l8(?fvD1V zrM`e0Y`DHsk;&?@{Ig@^=ftnlB|(`m%H3ZZb`{{!%A@1}VFe|if`{NSr46--iv{HQ z^QA=R-5g=36l$)Ycr}Q$8=T@eaN90M00ED2+ZS*1*=j!ew>Q|}J$4`mZVZc{IvoTCDP{UXE^(U>^BmyJXv*3`gFHYs|; z#4TSk6d55nMVc>T!xKP=%qMBQwRM(L^yU)FGDF*sy50_Apyg3y&1nmK^5`_#bYX2jjyGnOrTN8Kh2Us0Osvx`}CI=u+p%BWnc1&+~#fRHeTke0G8&OrV z54+QOf+MSmdm3G2jvwyTR)W!cBiOw+3RQ#)uf2zQ6Sgq>v)8NiT7{{4!KV)(%J<=G zz4*pghpEzhv_?DQm_1GeA#(BV2FJ_q9E2l@G({8XrBn+P^>ALtk+_|Gj5$+@r$NG^ zb!ICM#|Cc~vP^GE&&8=|xh~%ZDM+Eh0`OVvUW5Auh_d18s$J7X@Ls! zwNK`3rb6%s^{?GRXk*0GKNuh%mql%mIi-O41Mv?T5WL~rW`i(3c@)+1iP1{UQE$2U zV|7s7|9_c!#PgoiIs?L3@xPM&F+Hry8w~H3dw!?8+Gt#oMMib?M#KM_tVKF4WexVY zL%xP-^}G&)4YgTp;?ryLv|!6D5Q=j)%;&Ve{GI+YsJZ!6swH7#!feEDV~&eauL*Xx z+AP@EPqIkFvn7OXU+_N+N5E2S^0#1&%@W1&1(DccPtnX@lzDh~PWX%8mg0doA`%c5 z-B8b{eg{*!;Ro>D?auuuooRHb2$4mFOiDaKp-WV9acv6=Q(6ra+Uz_)m?I{cfkt9! zI9Y_&(@YpdBJdHCxz)|>dyux2 zH6n+ZlwjU<*6M8Y64>wt8~45=n0Cgjv(09nw)$H?y#43N>h24UoD4+ zNRg&S;I?Y7A9jm4aAI|4lximFxo@E&;a(J3LG zut}Y{x3@m^)r+?72@Z5%XC1q7pPTg@eB*(Z(?B!v_z$qSmfeBAGu6imc?AUI91z+> zOy)N@T@Ihc+x_6w3KR(wnAP7W`DU4-CUM__>}Sd0{Z7-^j=+sY9LDqbbzwN9 z33LW*Fuze21_-Wd?$a0fO^1Cg#0|{;Gr?`}^(2FR5iOZy^GNE49(HWLxKLNvQ55S6 zB}KJ_HAr+r{-$#wlb)&*c{!z?uXHtrlO60AE8=kqO#mzAx#i}MLhaGvpvg%vEFQ>L zmFUd+U$BACOA#tmEum);E=vH#_ShKI$l7I!xgQDY)2oWLAl#mP_N(-VDCwFQ&DkGw z)AX`g2o#msQnwPxV^9dIp2 z;R1pCX5ioZH+{==fq>!Jv&VBe zNihvjb17ihdNeO~r>I#u*P7IHN!g47+E>6HIsk=lAWMjZUXz)=Gm-9?n7i1|Ac^a@WF+j}0ZPuANX4y1lc$?# zQxF=NUQi-KZ;oa~Ptp4yDfTMr$Ztx+6gQR) zX&IxRzg&^=b$eY+SsL)ldtqZp9e^*AH|G}3Fu0FkfVOjqj)r>~w7j7(j3s>(Khbj< zAhuCuj73{pwB~cpjB-MH>>Y!%DD1^={CA?p_0)t1jX1?WS7N^7Hxp@|Omq}TFkb~L z3x_3t{>d8C2VE_g<^nnp5*5{iqEJta&dF6PmLd2xPE1vauBG){}qL!TYHvHvh4)P>o|`c^L4QdH#`U z0f~*Vvbsd~WGHeRj;(K-1h;rF5h{NV<`Wn>j$8byPO3WJ!UD((H-C~u=zp}8#xDU0emSq$!6WF>(V5~6ip(U0Q$ny|M)pU7p1L}R z!M1)!G~WyXztiqhE^jn4F7ool-dT^ml0;pW$dcLT0DR-kq37(LeVvr#aWqb1V|lY< z75W^+LJg9BIF8$6t&dsQ?d_ahd!-n;u*gb}`B?sn6d1vwC&IdtrAcqWx(bC@#9No& zNer%JtRjFku9c4i5=iQPu8NUgAOED!+^>{`J=ZB8XlNVPngX^3D6%WGpNmvO zFe#CPP^}_wuUv>CA6`lu@9-`*3ot5t@%4+ACr)+07-*lJ#RM7al3>foX0FPxKhHzN zqR%dRB0|AwNB{Y-P!drACa~a0?Soky%->*inMeHV|h}Y zRmM#!zBTH-WowJ!`IIXpwhvT7kxBDxcEVnD?zZlYD zFN_o#?mz8`WSXhBhcq~UkIs{FeC6iAvp$rHhYCsP{QFD7bna5K0u6GV?k8;Zyzk0_ z`SKWY_8xF2kX5qw+pF>!04Yh9(?S<>wz@$4Mk92zPK=P3ucxCwzEE-$QE|B@uTPm_ z@@=r$((yAs9= zVEr=f-G~Ohs{e8wm6oU&3IR$Px{S?Z0YO=GQ}9!MFJD?*OjwCRx3V=i#ej&-kArtN z1$PxS+|zMFqSmZPDj9)+78S)7!)EM2xXWcEDYHMzfnA|T!g?uacFZX3Eok)_O=b1& z8ds~{4zWa&g}ln7&kwF9$98EG3%@VnA);Nq$IT0uG2zR~he0*I#vAYJy*V?)B#3xJ{R{5|ETYwvy2V)@}e z1UrXM!P&X}P}~q=E`E5(^qUVaez(cZiL}p>c${yOkN91m82k8hEBTNOF;NC2d{d0K1bDR#S=o@2L}$SUgU6Sf4S9V4r9 znI}h)Q_!nJch818Plbw>nE7RQGWfV^`@Mtxx{ znJC7tUuS#v_dU|OP4&n%A1@?!#@$S%i?yoq$khuHK$Dj_#-<-~d-Zdz6Cn(8{^nZV zapcvwXVHvL@pyVT#e>Y*nhrDB;E~tD&n>IG*P?Yhf^=c24-<}CYrXNV7rU&a!gJtB zaj$h;C-yk$ec`g|8LvW_dB{gPy%N#jH{Q0`$5?c@Vx4d3AoOmpH5nv%i0jLh_*5P_D z-A>nIFL8p|02h4DO5d+FaYmx(A}J?|L_^S9HjB*v-I>1{R90;?$M8jlfQxcDWw4?u zBS&mUs?ccDP}=7Dy-8CA@XYGy?uG-b$TR0?t`~6yxA{Ac-sh|Fg(~*j$A$^tRWW0Y zd!(lp;}zSXUWQ#S_JCI5f9ZP9nW~K-Uh908=&6C*RcrZ!s}e@)@6X33Yn9+rjvaqf z-7(&mzO*yuYSGoP!20s3{CPm>$;kk+?z{*|V-k9|pIjzelgSate1DHaEx#^)No)~I5!i@`qn0NrS!Z25R%8fwf^oBz?Nsk# zOA89J!RO6rf{onZm%+ho2Ip>Tk5c{-JY7p$g45Y-loM&N*a}7{-IR`Lek3{tSG9{$ zMA%bRuDWLq8C;iqW-$ObQ8F2|nz&9`C2jWdko-97erm#UNVMg(x5=F$@)P25ImFGc zpU-A0&vJe+O&po7A%3yjy}`f9UT)S1oT!L%&y3i@a=f_Kb2tu3jDe-RS1;K*9&w*_gt@Vc@LG2C!40 z0Fwx^2Em51t8uE(6-7xfktAtR%TJPPkZzv8*0{-`xr@oTE*OrPm5rfzp}T;Ut2kR- z^tO>3!u5%j%!q=94>gE4{(?`+vDJEahY$@ePD>ykzvs#(;u3W*?@fP3UnU=4Tz$7x*>)@@xh}ySXh5YAZhShxVvSrfWI2RX zh#nbtAS{hbKF95BVEa$=^B@$PNQ(*gaGtTC3+zhZD$46>z^t65#VFAWY;c43rvI!B zXa06Qw?oitnhBq-Kwn<#&F|r3Bj5^_u-C!~Ob-9pWOSU?UYezFw)EG#J^pX>tvZ!q zyby_iUbnXSTdDrD1?t1K8P{-zc2vF$zR^+E>`apz^1BMsaNzDEcO8ss z8(h8s$uZ1FrqgVB=CH09Eg6bU@n)UQ;V=vwXYw8>3wD-kyiLuu#MxP&+RfG)d``~SSMH$>2YX(p%9wsAX#r&Or%<&Hv|oEhkKTSWQWPXPeH!n5tHO(n@W!S zDX$w(5^>|VO9bHjNZ*6;@PDg5k!7I(-iVh?>Naa}MlXV~yc!xh)~O}Y;|2DPHy+^Q zSq+clV-Ndx;OZM5Z8K)rNd+`fI@8?lE0-(EQ@G1;-G3I-i+!6YR15$v`XR5nW(zxl zkRoC2jVY{dzEb#oRo+C7mONRG<$eB!Mj?b#`lhz{Z!EdZ8j>djEL2#3RlJjSB-A&XYXB6!Et13g3d2kwK7*#)AWf6%xk=?acv9Su#a2Ka(M4;VVDYp00Cz?K+ zShy%ydEaxIZyzb5s~;K7^REBL{g8*@UDEA}n+jA%ZGpl4VMacJjJhDERwPW7xS`u% z2>Aab8VsG!^koYCwErGY?zlOGRTJEv^3!_O?+L651y&EOslo1gljA%&1B3|yWN(~e zWW8T+VT7I(F3NjGVBV6+f9SqY6xi%@JYn7($Lp_-6fWDz%tt$U5S9kq#g*9auK<t)3=FQ{c5qEWY>lc+!$6HZjoXrC)a)Y;vSQfg2h2Bu;%oPe$>0d3Fxz;5>i8f zJc%e17>uhV!#itb{j!IF$056{`&{$ABosS`b(=*b;nEZdJpv%6gL5K?Lwia_*mR&t3~CLzlm%k6%lJdwYC z#_~x7B8P@xb`Gj?(iRff*@wQ+oUX4vKekIG9BksyX73J=&ES0w#vHD38p${+W(vga z=p!oiMFD>4WKT*-M27ZiN}}FSQZ5Q3K1ngbHLY^#w61ddm`NtmIKr)Tb~%`@Dl0+z zJMnp242;XYU@b_GkT{2Ym-R2Fxdv zdxfSrGUzEM22dhU!2azS7@oSpD&yG z>Xa4-)q=Bf7cw$KHqv033O}`_P_nF(n7sB{&QE2sg6A(0Mz<&yzWu zzg5;-JsS>dt`UsuC+uu%$$OCO1{qRL@|07$&Lx4TAqiq#eDFLwF=wlu@J9DPb$(LpCW?8=uB zFy)<|DD*J7zPr}*zx8gjok+RlI(UShF!!IW_>=UoIWI3R*f=z$^YE< zJ&al*$auGQk$|mQ=;qQYh}*_0M|pvrPK}+1-Bd2HOHMatl&d_$HiMTf@+_KJtj?HE zQc5wHE(Dhnd9~YFv}ZC@txon`ZIL=mzWY?~ZfoP(eiBlBiw{5ZVG32p2;ddBz5e8O zgfy4x!nUDlGveuUb|>r!HP8+3U7e}{GUHTwK|m?9v$KoI)!}nkZ%bh_wgb*+NEAa} zINQJ1G)aX-{OEmD@qyqQUxwH-qN-OfSM-1z_(%k}wjJMhw)lQKPfJVF|F5F0hXr^D z&|AE@$R^udhB#do&kOcKCBLtSCz!qcVnM2=ztfOS2iB!JgEmIL>v*A%E$YdVQ%QwM zvUht9XdL!Dj$>h5Kiu0up(}K}Kkkx8GBCs2Q-2qV@pSL9!D(|By4ig^n#WPOr(oKU zdM~^=odO0{xP;ALp4Xl*M~ftw%M*4I1V-MKX0#}RNC(`NxFrQ;E*<|4A{`Kpb$-_KEgP(e+ z=p0{nSe z93>jx!+^P+(f*7*7Nb3Y4APtjs=nHzH#!|L`?B(#^#`0_pL zLo69VC*HrI5=C@}8s)mM%^p1Md4Ur4t59)4?^>|j$?hrDq>T)keC-Jp#q3pwvi7}R z)^FksT4*!_%^SUJ>NrVkgdksSiOqc4%nvJ?ETMU;jH$P4bD75inmn)H2!2T^#0nddD>4<8NR)dzAK%&!moK1;L)ul(i9f{W z9NoOc`q}@+9axV(0*i(J51!~FiEzGgjsor((QlL*!)<&!RIp4Ja;V}CH09&sf zVOkV#h6Y!Bll|0P&!G{O4-8Th8t3QitDnyb_8!*zKV|S%;gr5p>e?R5R4aWaXEKx` z9yDy)7eflLszhD^Ktjh*3$7Dy4>m$?_NQC5b9aI_{xnxx3~Ri3zI(o%I|{xC(4KVP z-(H#O&(#b_+|yeBY9FeO1-wBNl!TTq?Vkpt+uQlbq6k_Ks;QS51uGY zHryQYHlHdfF&ni+2kv3o!Z^S*L`g7!uh~6~(_(plKY~%aItS1}DV`lHwd#Ld$kU9* z3SCdVpt+oRsipVi@Zsxg)Cf=*-NyD1!X;EdD`WeU3bXQFzM{DJTL07yP_h4Kf?LxB zta4YQ!VV@U8cvHjji}xrg4{?hyDwL<8C+I)fB*hnXZUVuzUNVfsg+}$N+SPoI8)4# zA@s(0X3+z0PuL?5*eokvZERXHrcDxJb_6HZ3!c*&qoQjri`fP}Pz zp!*F8kmF?=dDr5nS7@zIcl%@O3Vl%d$&`3et})RLy;qOiyZSTTpL(Jm5+BMv#&6S; zleLP}ckB2ow75X^Vl{ol*9ttvf&FcSKB7q3qzn=Kob_M!dK!n`DXRz{1Ir6-Kwb@6-DEdurvf zg$cz25XmPRg1LtiCDPKkN&{y9A60K1Rn@nDe}5E2kdkhY1_9|V>24(iK}u2@X^=d0 zOLs_!v~)ueH~j?>S$y?s}xcMBGO}K8_lj zQS#8^;1?Q9s3ZpY2DwEFDt7u88wc8Y*;Op-UuRTiw@99~iP*vUfM^~0826+3*4Pdy ze>n=d;4OhcZBZgwZ|!@vmV%(BhHPAA%!4 zKPSW1of@V3rHDe}sR0G3o4PNQl4D`*L*I>M=(&RalC=8+-dIq9+!Ok@6Uy>_RvCXr zw8gD)>qXZF6g{pHl)Vu|R6rx|2iuK>$Z5dc&A@LZU!>=BDMYAk*rVM%4Hv?!)s)Yy ze04U&*spPmOxNo0^wRzP&)5yUBRt@GasymkKuCzu? zTy&^6puScn{ArhEfAxF~RdnnvK1_(D*Kn|lmi!6v===R#3_v*N8RN$X!!g_BwF2jx zSVQ(gj)b`=Y1|_Ss{=ml`P=T1)N7~RX&%+gS%oiMTkh+Z%u4G)V0dCSmi3^?#geVT zK0S<(m4F`jQPPB6zqA=zXReTu=8pl?SH}4mUf43uf)|B)rBXt%8}^R5wc+eE((6|5 zo~`>ItTmJ|iS|YJG@+R$7Qsv|)1ax+UR)KUgoCZ#1(2D|m60&@m@Vc#6D} zhI}IgEfu>}IOcGfg3f+^ywtFfom`;e)5Z{i@+a#t{Mlw#KT07k6WN?v%TuyTaUM^D zhw|Xcf)13-?(R_YXqT*GG0v&WYWtMoeVuYU^WiwJ8(;rTFL;aV_VQOf1*g4Pe@fw6 zeX%Uh17J+!pcc#GPzNG2uq^8gn^0sK9F{+Y!$*M-wVW%=gkk2z78I#JB~& z3>38b-tN#sr;`osHh;fyp(@uLG4tdfgq&MeO7}KGAT{*mh}Rw8-pmG{EH(nYNrqIN7W10J}R~u3fQMb8@H1ywbAL#387PqkuEJ~ zbGz@p%Mxu|8a!eL!d9@Vk_oUi(RbE0`T2Yu=Mzo$5)NQT^~*Fqj!qufP_yt0P`S>S z&E-B9j|1Jerm+4pQZOOy-C1)2v+m(+Q54{V2?SD{>1xL%nBUbnuOxB3ccTHecdBMr z%a?SGo{G7X*c`U0y(eYM&KHC1z0r7&PB)=~l^_$zF5Vd!u}j&^KqeM2-mqsa>PL_f zZ4ljGNCIH}6tP)xS3O(LocouYT$}~{q4I@Vm{@PrtIBMS?2qT(oEZd2U3I4HHmuT~ zg30**|9K*%sMogfQd;W-B1UAMA&|EDfB&4V?uX|XPG0`Vle`A9{ zvo@@+k;kT>`$FvRj{&>}V86k>`K33IYS-_NE4Wrzb9=a!uFq4$t4uP;AX6Ij7&8o< zEQd79_7}7Z-S^7VL_MCqFgCJTlJQ2#78sV!c*w&0lK026kqy>hlRliO>f$6iG&TXdRh2sw6HqG?f&rR8wQ1@C%-|vg`>HMh0d+@J7uBaO+k) zep^{oT!-Ym8+8nrVcGWC6pAJ&}P4;v7LU#zxk)mwioROM!@ z)Jo&ZxAa_G@9S~ioyM;)k$gbF^ikpOE@J|VmM^T0ZtyacYde7p$NPIlG;ihrY^J%- zMe?q_ow#a@Q(6^LnkH%DgPeDzI_2fd-r~htym;D2;RfnHYVgEl6|1(SraA@@?*ov> zkiHKY8G#9=^a={YzKj#DGprF0${wcQIZ*u%tkGW;n*09e{NPNt#=8ec^heBAaOL|W z^O|e67Fp`?*mZIb&t^8lALbnCmeo@P7OW1brbW&PLJ6KjdRKw7pbYR>CNLb!3Ob`@1@}x ze@+S%E9=*_5}!G+;}L2zxXJ`ROb0$d?s`WP%$~6CeML&k)z%Z57+-u5aNjJ+PI8Y! zCvOCb=P{BL{Gir+hd~j~2*lr5$i`8V^+j#UK{j|KY_`)Zf%kK)5gjt+l}Wd~5qm9>Vy12>>lJ3O9O=n)3JdtL62V)imvWq26e zB7!|@s4Vo2$D)TcD;0J5zG-2ZU-5M}grdOVy+*!#hcrhVN2{HUv%g2af9`I)W0x8w z1%9F@-MG*=3+A%p(nn4oFJ89P+e~~{A-SiS-#eHi2$;bxr=%wO?1%^^sSC6#MwOIg z()g4~8(TEu$$sE{33+gHP3ySQ<`hmq^SLEDQRJuKuH*lq4S_i!xx}NRe0)uS);D#t zuMOYAy}RDL!6snBTJMbrR!!%@;I$fy1}qFOs-Ee~+i+YOi9zkpd%&?H|Cos{L(uWX zBI(}_z`vfP^#a8QMTHz0i}V-fZ)R%XKTpTeee?Xrb%BK?jIE& zi!Dckm1i-l?~$JFk8-k2LKX+M*4MkpggPuA>T2x8a<`M`eYoK%)u(%0YjyT=xCkSj z!PKa!-$NR3k}W)mP;hmOls-SlFzb(IT2}#hAvrGFiP|S zZGJxJoF<0@Q_QUZ!XS_((f%;tW`+QaMirg*<7tCbB#_YG)2Ex*{i6mbTnE9}3 zAQ{%0RqQ8QBNkbmqCg(StD;A10wHVEdr?j(b|OK@loD?ya#JlX>@{YgN$YN!crEt% z3yL6KpOW=o2?m~?-Vauc-Y{KET;FgncRF64=NA8hF{1-o>zR$P4Uw5ppB$(rceYaB?(5TK`E{^mdXur{FmM*GhQ zW4oe6lAhimKA7UJ`s^KZLWso|A_HD3u`k$#`{nawpx3KItWCp-TQ94ffkU({imZ&S}hPHt45tTPqf|zdXzD+MCq<|o_ z;GKNNc)m298KOFzl3T1mKK2t!LJxh=aqb=~T7;k${C8sikWgI6akeJAqqm#AG2Ttf zbXRXaN42jv?!GZMA&JLLXewpF-@&F>Xv2Dxvv}vy;xe&^}RF$(2k1SqJQ_4_C0CGKmz z1mv@yaqE6p=W_FKyz%v_zsBy_7gx}djgJ3k8nvba4;@280QY1(IF@9I^yQ;;NQOkN ztAQLt(R$HfVF(p4TBg!HnZRW6yEW?ckT^ zZ+tuIaB>eTN&K5_Du6-h(uy@F*Myy#{p?wR;E3d7tKa(_HbOO4&v8Cvhi89Pcn2#8 z)EECMm_oMIWNpSgN;&bQ&}UYmO84_biv#QQH~oKzA}wXsjBFA(+8=9sHT~$}pf<{) zS_7Vr0@>J4@U?D5qdX^5nM_h9zHV|X0+Aw;o-m9EO${hdz5IRP(In*Wm~To-86w!&8)uk?L&I+>7IS9 z57qV#k`)Fbgobmm-8tCiPM#y4S<8P(97wnBwtJ1*+M7^wqd{Rnj#lnTMgnEG`yyZT z-fHHm@!e5^*G|5%lnjClU|N&~j~;n=cw|Wi7kZOjyR#{YdwRSRr=g? zJ;Dtr_{~DJa_b154K|GwLPVVf4&T?;4{t=Lf1Is-tM+m*F`5^^aD2gzcIf!eq1VZw zcktdn{npxZ3r&yD5YFLvM5mkF@gK*JZ#B2>iDCUee(%3^PWmDR7DBN<`tu8s>cETW z3&&5#F931iGp>8f+hV-wyj{*;w_thUF`H_iy$#UX6;W}|(*Ta~|AWhucyL5xvW-3KUJdoG zB)qJ6+wNizlFOJR8nxYR`f~Uh5Pd8hDsIC}94fk}PNOUpXFkR9AOG0|%lA8)iNm+P zPHD!m(zCC}3xiupUAREmX-~Ll{mOQHzWb!Dqm2?e#@Tg4aO!jlS2bD@B_jE#nrLb~ zFdN%_OVm^Cdi=5?cLr01*}Z>h;(%-5cYQv`_%|=P`|+h$U9oI!?=jv8?elI3HhmC! zC|*RMc@~WvvG=|cQ#FegopN*@*uLnbg68inxfVnCbZQw4JcMjM=X`@n%qWqBL$TV$ zCwXRl()jbu&afx)*{@~ZuaNVV67|O&MY8I64`Uh8NKg)(ZutNlE!R*mom!h`EPnmv zWbq8R@nL>E$}!!alKaw9lGej#!CuI|+{(|_0PRm=_5pschd@^&2g8@7yg8s4$)0RD z;ERU;*%apbhYyBXthl!M`aO?K*oF%=t4<4jnX~#5r(c)_4+DqJCZT+LHfco69-(AM z5>}uq&!LGjuHME-0{Lr|E%{9EVs0?29i>@ZXi^aKyjG7=EDy;AF@HE z5`9V`fe6Pu^It^O?4SQ}jX|F5m>#~8K&S>xf{^mpUzP1Cb#46vt4({zsbbRPndyp2 z47_;s^9l>;3*@4h0*i%1qD(#`7&CjIP0JbZLUI~*-bZxaPmX~R>n!1Ki*vymL7IIZ z15(x{k_Nohe=}8FPYh@;*;#92^B1Q`zWEj=tVe9YY&|%J zi8J2NPWI`Qlb5iuiGI+Q74iDokXKWa)pJU!f;_)Mm!>A4Cu0t|A@q9#?-tjk^m*%2 zM>qH_om{c@bRW0B(UaQqF4pRFp+y>qJ&xS``Dw{O`jB*%DIXE0! z5LajLs|?rg#gN}bXy!`~vzrnGj+>_b@;~vTjgf3Uc%0H#2Gx@%9A7F1wM;vlU*=agg;fxr9}aWJvMhFu=8Rq zHnSelSgH))THB${E$~izJtAAPT9t9jXvAEjlk3W9_W@|M9{(TL#VeRoU}|-;F=UzY z`t{u+oxUSnyf}YNFE3_d4`?xL8S45GT98}=kXMujv-AJq5)pWwM~dDHn%1VORHr!E zj=?hR+s{Xpb*O?nS?4toN-6B=o(EjU8YSx4y{?esFnx(!bV)$HNTf9eQcx=COTzl5 zw=yt=JZvuv$r^(BK)Cr;_ZbI`3YB=bK4{zc=SJWbMWNARd$lTe&Q*p-0A*;k++6L1 zY(2mMR@b90Bz|Jt>Ca*8X}_&m`Umk52m22e$$rHhDB|Mz$tk{1Jeteg6ZVUrCCbbE zm+7zgP14n>ns9#cH?O6?wlHcnnn^_j>hNiJZw#hk*(5Q_(xuMRU2z#>qu?n-K2;A> zAd6wCU+Y9BjsvJ4I zu1}g&I<(|A?vX{F>&Yw$1ZtVO0=oseJc~13!LGpYB+-LbN!E6#blYJDPc)?>!O8(q zj^AX#CD<-4=dk|2BAb2CTp~4{rT~>l&Q<1;zvzZ6XIEx@3 zlEY8v9)|14IW-w@)l1f+FQ2l*N6b$8oDLh};(Ubwp*^yTgS6x>H>}B5Os|bomKkJ^ zm&V9CImz4X;pJT_Vd9hmB0dxwo?rFidZx<=!{3npb>_dHhXTDBU*p->6Jl|1LcFg+ zM846aTC!=+wdhEIfj5?%KT>6ZwLJYjzAOLO03OJGCYU+^khDCg6Si~-1XwAhya1e; z*8*SnQw5X_`2+M4KvVBn-p28iO{EedzuJoPLJ4LFH!#nJ#@T`y(Pyjis>8xzy>`fG zS?qP8`DuHf$LEJrt^u!2tgVqR5UOn;*>|XvSTNLdzacXJJ17C5(lCYJ?exMbD6kzd zzpH7DBi25OCjz^2W9A8jA4$2m0EZJ4|J1mN7}VhV8k}NI#f5ouOZGor*Q`?h{9GyC z*87QbW`kA?O`w3865^OsyMp#|@#~nSdH3&adMNkiAZE0%az}5Pc@VEM2#G z0N?;ElA!4}QeqEU*aP}Z(|=HXd(#jf3*ybK)s`c~_kmGhU+D>YgvkZama3ToYC-w9 z8IaJWhp)C_aO z(#|`!-@a_?`o#7ff0r)#d1$EZx2LP`12tBLmF^7nJal@y@%+r0u3Y^Q2v)j!kp??`e%T6rq(@R}&m`=pgDc#hHx5i=!T{UYS8w~Ebe_?*s{Hn`Jw%JeXnAIX-H#;46 z)AX-GD`^#9dZK|rz*X5VlMX#06?C9XdGR(>p(81d3)g zGWam=rJuVB5*E~NM$P!(rK@SF3Imt+k9~2b5%|n_YY=W)j+sCS+SLdD&*kp^b3U;c zW;O(TE=Z)mcAKf@`x!;%rXsxuoeVXmT_j?2+%HeT_kE-IhCYra(FRO4dv(I8(JNl= zO_$Nz%+vs6W#C5*(R?_;1Z&5%2iAN^2$|fGJKZA^JgYW@QAmbkUj_-O&wjB|#WA6M zf3_!VsF5__gsMNAk3(424iw&P*X$CCjIKuACt=sN>1Fu6oCeaE<|XuVEttq09FV<+bmJ=W88j_7UBX4i3-C;b@Jb5I7_V_ zoUxR`K>&Kc4l>Nzsgz>XChvA{&StxqMO&{=JBiExaq_FcB&b}KV3yE?L|LS zh}yaR8Y8=aWlg-32rSXKSU*4bDZilmdpzH3zQz5C?l33s`T+ z&mT(2ob4BFL*xEILNAI;mK7}N?-74iD_O`UIDAc}3T8;x6-Q!^c_KN|3J6|atK6hj z#b+yXWq--ZXW_3A++IkqwFdmR!49zKE@F&%2$i?Zs`@`%Ga^p@sHA^pQmUpDdl9Em zMIR{%hTwk=5KUDJ&itH9EXKK3SW47b%w|9=%9bpRw~j z+twF%7{`!Lun&=NHRegHgCuL&dV%(#Gw?REDi7Lny4}3X*YZL%ax4lb?`CP)TGTZY zoeyN>r3!0C#+|0=rm1)+X0BDGFL8P_YvpJNE2fA+b*&WO?8jWyiGf1LXxSatNKF_h zztl48lS8mfgyIzrNLxVW!*>aBfhXxxa2@&-YVx$(U2^@eot|2qx7wlElSALvYGn>@GEgaq_S2^-GvBYRw+vX3(0!~Z zB^?i}^Y)4q!Me3a-oAhTLc`@Ib<@4mU5X?n9 z@6pTe0Jphz#B2OVV5`xFBWY3XTH9XOjQ!@K?X>~X&pz5e*%rzp*S-0+R@ga$gS75j zSQ%pJ`sXB^=dj;hmxHOCb?6cVOsYRXGXRH77~t7Og0U;v;z=LwZRo?NyZF;nECPtFEnjXB{h)w)Z&X z{ReG&^;_Qz8;7IIte}&klSi^N(hKO4s7#9SFD2G%um@@Tef835a-pTAB-SMj2x9q(>0x&!`^M)=v)i4PQZ%JWdu`KhC&{Tnu&aX15mC zN77L*8^zSK;?o&6OykR@cL$PxDGqsj)E)9o`}54w*M6Uj+53(Ty9$1;7ubY^MIVAa+JI3MV;XJUCy!?Da#*LN$f zT|CbZ7aO6f2yQhLvB`>TB7Jbtynb{MO6K^r zYoCi|NI7T=^enmW4$9GJAiy~4#?74rR>dLLfzyR1=R)-UC5VlXMe@qGGkZ&KKwtn! zP=$SuCcpzV`7aL?)Yovjsn>uYtJvi_^m=>lB5`1&2IJJc%sff8(E7Gp@J<8XSSxw7 zsPui=H#;nhpCuD-joIu~5vwLKnaV4vSjj!w++*n%vqhrA^;F@Y%e`>(Q>R>!&GDRw zTUz7ePTn0PiE1-~^R@-f$wbk~oPA?4-9y8@cIFc;d8r%b={!gR z`|D(#HvKL7*nE1b8wD6R?TMAKo}DbNS)~k$bgq6;!C&%vd3U=i_IPE-@Hcnm+fzdS z+Y_HP1u=hzN~x>l2nHdiKgyxb@E^Xwm{@axMM?s3wpCr>Wa92h{0EP;Y;5LwGG&NI zd;b!?R?03J(DAMC|KJ;w4lN=k*2zrJsApQH*W# zA>JceZ*pfvhEQg8&8IvTipR>9fV3&Q&&MMHxaoBp=Dnbc44A~o@Cryt-+E0R`}Oj0 zt4As!7D7y~sox=1u1PzN@{dO)&b)8cpshm`iW~ths3mzlR^d?G+(Izaj(RylI}8@FLL!6G?~M%xDA9dqEa@n1!SHn^brpaKCL!FS zuXzCsWhjbL=Bn{Zb28W-%jf8i@IR)5L;ZCs2$t_HyUh={Y{-a(4Vy9c+U=$nOTQXsc zv-u$6(fP0{7oY>~R^9|p4;jVt`)R*o$)R$nbk?l3c!5PZ|1eYFhC}CTr=QPY>8X%g zWKX2(!(gwx_bPNDUsko=dN2;Aum8hMJjE*JT~7hQt?FHuqo1g?B31kAlYS~wg}^!+5xHFdZ`G*cCHKst@_1Ey=aD-QA9&sL%~${&34BL z>Xk#&C#l7%kqTb`ZJU3mJx6(5VTbUg;hQ1Y{5!~EQZDG51fG}4_^t3+M7Q!S^3pO) z{LcD_jRMf+yFRb1o{g`$Dm;Mv$q@HxK<6j4ivaFNl{S%?l!K+_(*Pi=HWrcyH@YqZ zDlJ3BOVGm0SOtK^h|3Ko^1#Qw3f6HncmE6LvIky7aY}Y5k`XBUoXk5al-CUNe!+s| zYT`BNKl!sg^4vTsN@*Y67|IGu%YIIaTMX$a?vW3z&hT$fOcdDkD7nTXCzn zOR~4z1^dqOSsFc#D5J?|9?g7Bl}=$V125nweeS{n)qH?)EZ~2!pA$r~MNDrPW|4M& zvD)8ZvMAi~;P0)D`=>Y0pXZ0KJS=(xbti;ubC0ai?F-cgt8zYiB1cKyPdiK)NlKaR zyd~tz4tiwikRefoM5gqz^59Hzj}DNHAW{em=TU4`h?Q0}+0cl<>?bvy@z#(|I%bo7 zW(N0&gkqsd-u4>e74F!uP=_caKfU>&(5ro88MAqPgYzA3o~wBgk>dn>Wl8yow==U_ z+z9*cwlhxvmxQ1zY(>PP%DCNv0%D@Qy=I@374oTTSq3=q*0FP6_kTm?z-6?j*EeXg zwx5A^)k&Pqx^MYw1lDWJ@BVxI!#?`mZWh`n|9n91l#L<4HM=8@T#BqdKmh&oKwQSy z^1Z_iISXTs$CRXgVXgTcU1)^lu!5lD#)|dDVOI3<4SBw5*QjDT-vj*KsL=V?2|VUl z6qilK;4thF^XWmH`D#--Kn?kXNuo=heXfSjwmtK;M_%DmSH3VWksJ=AktQF{Pu;%1 zCQA7|$zw(ct_${B)z6KR7UQ|oED(|zWWJ?Zo)J=?ulY5zhhd3H_)z<0n# z7`vG?r(975`qb$ZLeUg+zLugo#ldo<&BD0{MXh$C_J1>Utei~^)qkM~>G3Q$W*ND|8YxkOm^OVf1v9`k;ck@xl@X3Y?b z9-Z=yyWdUW)DtPffng8`Bs{&|`R-FKo;Q*U>w)L%kyc)M6SwkX=)|>XCE>c20yb=DSsXg-kpgmbcRVz zw0fAQzxM?UDEVb!suGQ=A3rG!!L>{s81WxNa}IdH)&XA=4<5;UUvYJ@%8N#3w;e$1uK9MP#JvJ|dq?tI{?M^#GlvprTu^x_a%o$S!ku~y zP#1r$us+nf!Nb&SUwxJAC`lN)=aKyB7+kyqeZq|B2(_LSX!ia%Mbb!mc{7ZqQIwse z$c7aVC49H%0BrULe?+k44!U?5(|qSF6*h!`ak>xGVsP0X`4zTb$cEL$N*>FbB}G^z zcoMb4*>eqyc!KR|p2#tH2jN`<$E%}e!*Jd(Wv!6SBm?K-UtAUnEpC5OsDikla$5ct zrIlAZ@cy4kDLT+&sBrs(>GCEBZSn3{oKliCMjbbAw{Mwjm6@*QeFOEr_Xw>2phy9p z!t=3-t(&u@QIJuy%TNWwu4P$1UUHXrG&BfZGH?`D;?r1ptF2Mzk0G>HQmV9n+_4-z zsu6;ETT<=hh|(eUD;mUY*Z=e}3VnBG*HzyOn*i1nwVO#66Lt!h_a`qWL!9w=y)8np zs8z#gPz6&!R+S_SlLYNJiz-3jt#&edI)(dgid1F;Ki9jLn5t>xM3}@_T^Td5YRf5x z{S|&HpNrAn9i1rW%`vCfBjRTX{TGAWLK-wKHNwJeqXE5ZHp zuNLgqd7coWWWa32%X{FeDqA{Nbq@QUFjr^g14kUI7xFd|3077O{89Ppe7oe5CDBYe z5XaFQcvDyHdd+9Q#D&ME8{J!xe#7Nr@whN}<|)S;UAfQYa+-PXhzqrLaTH3n(Wyj= z<}Od)z%xQ{DaenbKa|DzXt7w4PqXBbEE~S+uBYXwcK4SwS`{VAb*xIVyZO^4kM!|q zM;EoV4LG_`);cVd!t>|(6$dxRVCUWO6Y-$Y!C*tP6p(}oTkYr83<&S9t@MHfJl7co2o^y6Hu>8x4{Uv^&<1S|_$(i8d%Ww&O`sCV9nrfr}wlY_l)@WNqm_|n^x)N zp7T*Rs)CmgV8!(VdF~l0X~7o}AfwVUYF+KLChdihctvdsPKRW_N7~dfL12XbZ}zeD zx$)y)nC;--J(y)|U_g3q37Q4f6#a%@?kfB8ApT_39Bh*NHrL^pu%L@Cg>d2u3^g#9 zY{Gs8?g)MVKzCkA7J(gwW;V1c&gJ*YFnVYCsoyVMIWQyCY?YQs=1e4#J1LS0q_l|# zlJ3T6GNr*3BRJ4IC?+sG0HN_vNNXLJ*CeW9I(xonZ;?t8D%m8XTtC)OJgYg6#aPayU&9?dp7t!9V<~Z z+|`(pDLJc06DsID%ze*Xk0{Kk+93>zH^+1Gtp^-TS^iPS%&XzneAbKDXU0A_Z;7d7 zGt(Ex-MXJllks5Q({$Iavg6y0sPH22t%k81>lc3SClJS0Dp`6OEcLSXMX_jIWv$C4 zmsz~tsF>C~hdI@~L9xnPD4GEvRTA=;tiWnKI;DS%-EYYoFjgpL*EDj(q-rgO#_Oy! z0vus%6gG{eSb;nmXRY8eX7&!VtHTZY-WQ;=nv}Vef9mvREfFG zWbypBXX*gNTS!zC2#dFpzKH4~8o=iACFPgQ0c9pEYs_Bdd_d4u`0qGECh$UWxdaIO zLuv2Dg9F3*_29x>7?OaHpuJjiy73LCp2T)-Yir0n1C>@T>1CITuK;35QO5tw$p3t4 zE2-w7J>mRd=Ch}}`y*o`gTN9r8WZDK2-?wG{UAdSv;NgZ)>Oa8nYGMg+!hsENfmK3 z0x=sX2%Hyd9s*aVv5cFc&v31`Zj)gZ|@0X(C8oA{f&XdXVJg1tm0+5Lutt} z{xm1UsQD)2RekgidOlK5Wuh|lKO%3qpuSJmQnP8~EoV^yb~>XiZcZq;Sx1fQ6iG2# zaOe;K0WMT!Sk)=~C@g$}lHnb{QXHN7=WmsPVFywROsj!F!ip#RuAcQ9u60MWH+}pO z)UEZ5k}C8e5y+oB68=b1fH&>|RvZhF^Uk~5#Ss`pYG$XVw_bUWT=Zjw=Obqm@5^ec z(KDn5XD+CL9kDmfI+#UzlHYd(Usl0S?c9a;%>EY=29YkV$43Ng&pXB+W0Nyns0S>J zk8=e=ADe8RAuvdU!^%2Nr_|F|L4e6$h0)rVNLY161|U(M@^BrOu$d@vl2q9_C)Gf( zR^Hgrp=hr%#*7`eWB>5$i&;JC`f@aG_~!HD(^jjEkv6Za#hd{K12pLA+IQl(EVdD~ zGqJcTzHIukvA0@(*7N|u;!YElZqjc#kmoQ0dcP;`{eXq@O+ljMae6wW zY@|c^5wH~MpeuJnj}pzohI$51#gH*3adu@!4FI_^j~{dLJWx>#B39NwLG=vd)lZv0 zF?ZP{`?FoyA1K?HD_Vzul}*Jri`Rup(@iuG3{Cqnrkv3*d2F{m^fp!T^o=XS~K+)@mPF(gt2!BFvUZv z#vmm4`K~A|tUq84^u{ZjJyq;Y;n- zvsV|tluqia>?N7c6Wrer!5icE=^~`g;5D!)7b|~Gd^dPiSQ!@P{=b_Zj08mKLVi!@ z{elggcU?=Le8nEHYi(^c2i#cWJ-|Zm2!djmY<@G`BbDrYV%!5}UwOXGE^tLcnrl6r zflM|wc%M%EC0&hWG6Mb$9j_>a2I_L>WB1Lb+*J zQsWlQQhX;JqHH&E{{w=B(}25zJG&TtJ-9OgsvjBajBFffu(9{x`2O19_bT}x5@%|+ zMvL^HiFzB}o1kiE_==PFFsLHT2OhZ-M#!F9aY6nu2SPP`AP&SJ$lAg-fTYydIzGfr z9J#3!m;ZL}_xLWJr;7ug#3ai0xyb$3{BFgFe*KYE^pypCXd#qotwiQGk-v~DG4+T3 zCGLaqy4RLx4sZK<1zvO6ywnkEt;I(XorS-F@@?*X!E%TVpt0vWF$lFHNnNj!`Z+%0 zN|6evC<7yyDo%F@%Cp}c-`GaHUEU332z8i7t9IRTmb|&p6)*&q<@@(ai(j=k;`YXe zY(0xk?g?=5zFY|=2a}lmkX%CWEdHZo!k9r-GPIZXD52fx!?feLrZMRo#cDNp4*2gc zeFQM(dvJMK#aa90ID!*luQ}*2U;Tj6C`lQVmE`6Imm4+}Z9zfB&_s(n1%pNoC3k_G zG#v@^^z&SjsJq=D*F|R7@sJlnx+=NE@c5`F#`7Gi-HWr)ja%|@Aaj}J^)muGIjks3 zvLsrKS;E0oaUw8(4uRq!+Ja;^^kL|`-;zKI(&wZ&1nND6u zd12D&a8Jkyrx|$QRa-2rZZ3Kn2|xm0V(ep} zgsYX6_4@LLU`71v_w=Fk8ek4y12QdYofY)l7P@y0%Au)%NuTuJ+Y;h+bS|KQ6c{ZA z4kih5=1BOJo8SvP>G-jbaIn(eiggO?k||(D!B_FAN7r$+IoKXRu{~zq^QeGQ5r67( zf9|7~V!nu{UvR&5@~ZXpL(ld)cLLL`Yg1OT#&7aMni% z%x`Y6Jx`!Kuog?1!KYo^^*(RK1S`8b`x_u6sb&L-vf}NUjEQ z#tE8VM4Aq!ykO0O3B6nWrG*&1@pp>(5O}W#faTH9<dY?1G&k2^aQ$jMj1 z)&3zG_zMp$x%}ynq-e??4L@S3k5$gsx__M;k)bF*_;eA}29W!;?|(*uGmFxI?ke;B zcC*XbF*x^aH9SqdX2N;JAzA`y1itAQ?jMw9B^e}%jau9=T0b5ns*CmIfyGA`aEnyT zWg-Gb(7@Y+onrz-XfC1BI&2~R5yCA-W?6SIUeH@)Xk3tix5T4matFs3;+3+1dsjL{MPADe&cQpAdSNN^`U-}%Wva;x_Z+q7r{v< zzTr3p1Y=#+zEU>?ecS(jJK)(0S~K}zL{H$aPy#&ST=@0u@3jW#?~WTtvH?& zLYa(3J=8I@Y)264<)4yci+fzEQ>5#)FZ`R88IuX2w4w7l)iuYtTI{Ia2WdjmmZM**s8q}nX z3o(gioeaCg#F!@Gea~(`--M@;BhiN$W%D5unj<;D+mmy++R4eAc-(kkWR;sRchje` zSeX1%U&8O4GLA;F%N%xv_DJGHY)VyWx2J|A`IM~n9W`AIE zSa|`2^tfCiPmchU6Dy6-?&it$Wyz8HfjG$^OD0g(gBSnq?MUn%z!Uk+6; zgdQ(=h6(**d>f`(%Ij7MYSJ+Nv#c4B@y6MOJcIySF zq)a{%e{BY(PbDRrBZL<;F@FiI(&WcRg5dNyFB@mg7K0u*xrGPS_))ASCES9T6`I<$ z)1_K;t_UN176C<)!K_BIB*F=4vuYe=es{@J!9c5@$Q(F$qqD%Tbk5eI+X8McOH^T% zZC&@}ENBwEU`xAUJ2-{~{CiA%tO9Vt>rlm>dB~B^C(!?vw^H5AGE*)Y35d*QYTk&4 zt%aU-#w;`5pSo^q**}cf6a3&C{;`)^X2BnVPDK7_uf8$HZqpG=A+9kv}WH zuXMzC9B2RN=}+z#(vY}t3*jhoo5vZ}JzMgI9E%R<&)ujaPO{~PCy6ghoLca$e~d#J-=eol0`j~vVcrq&Br=fN+e+8k zvRNCb`p=PSt{b%XK+U!8|l@%g*4TIj}|{C zH;*+?w{zti9=a9>W6f7bykuJ0>$J+CHHyn6zc+ce<^)yy4@X42X*V6<=S-GS1)O9% z`*T{FM0ug{#kj<9KX+3z+`z>1A+7M==o(m^whFxehN)>ca9X}<$R`V-=PTveK7Vj9QFE-UIDX|fOhnoicL z%{v2E;sT)H6O-Ei)Aso69N;wRhEq7ANH~qR5ukWj661+vm2szhIp2;Z_$Gk2PUAms z9qyV!LYSyFM~r&%k1*n*l&awSzL7GqQ&kL-EN;*LKZ7Lc@eQYI|Y(McBR5c2WEe;M;<4!e~ z7yp4>(R^?Jg~>5vbFL2dP9|X^OpQh}&x@8)T>;$ZDT8Z$>T1KV<32{7@2#Heq+0@C zJWxg{rf`}%wZfdaafKbty)L%x>nn8DGsOUlE(rMl*EiSF!RbV>JbCQT_n4lJ7yD_^ zoc->#5L)9%@KiKvmlxcJOl6~q3Bdjg7YT^@)TMX57#v+dmuD|nVw7z=a}-OjP1BC??N9%V45|2! z9LT{6<1e24DIx#J`4IYt5V}u0rYvM_E><8@PMKydy`eo~?TvqzAkvY;GL!Q{_t&9~ z$LXLma0HSO8KC<^;lKbtPjf{Aw5Uq8xb0YU1KApMTv3+eY}M6!4rvQDGf3yUZx!EJ zmf@UXT;hOd{$GA%Zk~)Tjt|;HeSeoN+7Z9`7Zv{@ z2??dJi!3Jg15`^NtFbI8FiE$V)pO@OyBQxxa8J8-=O;jO#1*ch$r5TjEq4Zx_ubw9 zYnTGpLF@R>VeoN+WEio%(bQ&XN6!8t3!uPo4tk2{Hur_gHFVB+VHa>n7iUTc#*9n6A z{`jIEGqOftRkF^m3zSBSOmT0d^)2DQo=&qf`uVu{MLcj~MX;TM<{C%T$7*-9dwMS( zW05|qE9~&OP+xtl_A{3ux6lfjTPQQ29!^P5eBV~|dd{or&iDV;>41E#6ogO(&7l{f?L*sVuM|ygC$iH(YA1}d6 zhsuYT=5zQ(iAN_V9V3wxBclHIE&E)61nvLJs>L9;DDIjUz?SEbW>4+iZa}7~g;VV! z%CYVX*oqI$V|ZHV)z_0jU1PavDsKBj&98o=rwF{Caom&J+b1Ge%kCt_Z_e>F3g!=o zw5$g0u~wX?*!WF*b;W555gKakn*G(JkLg6=$asBG*U*#SqI=1rM#inZ;L7=KnV|Nq{JO zP8rFZwJWBwlK~7L*?Q3wD%S}98D|69Nm$q&Mf98dLUl#>W+I1oAv6qAo_tDR72hlk zG7K4cp@Ks}WTPU~>&_pWP4SbtD!~BSl$~vM3czxKG3QLkr{(6OYtKM=u@oRhB@A-V zYBRYf>_C0$E5Z+=(ALfqggw3dYeujB{+VC`P|xzv+?T3gzn1(XhASaw0$VoefN?ch z4Tf6B9zSIcq*!m67lh3VnN!To4=oVoOGD&)OS##<98)n#FNH+lL1_kIz5KBQtCiGc zPoW$blxD(o{~uRx85ZTcy??8;G)Ol?cS$!$hk$gKbl1?*AT5oANQu%QIW*FeDjh>N z!_Y9mbGyHL|NeVF?>RVT=Dx3WtvJ{DX_Hgy_kJI-%L`;;nS^=E5-GF}D*YZWN4EF5 z?nD@s(95r@b8}@C4VmPf`wBRwrsjx$4wJ@f)t}}(ec@^w0F1@3!KK4 zY87=QGgbm6yHw5)bEi~(>)61~Qq1N&CP?iXeMq;J_txcB@tNGC-5(zHpVIPy7uR&U z;?Mum6tXS7FTd%2i|&t0qX%GL=rn>@(@b76eP5$^eZcI1^-0{o@A&u97Rthtjc!17 z+v)INwq48Jgw2$HmtYx4^XY2gY`5VuuZ$+Oj&Ru11x=Nr?)U1)NxNkfLp#>{lT&e2 z=l1BZ#Tp6-)Q%FE(xZ~wP*elb(l7I&06>8)#vLC7uwG40Ig(K7E3&BWPYX_T#vHZ#UZj3n6l!Kg=^@J#RrTf{Oot z=COp=!_Ol!wBL&}GIUP7tD4>HDs2q;S(CBG51?o9w-&I8n_W?TDkZ?gfU(+1&hgbi z-)(F`Mjc#~y#4?O026YVlWnvxE5^N*NJQNsJ59eea>cx{cU)jSn%Yp5@kwEQ!s^MC z2+T070C5fA*}>K3bCM**t|t#jKJd6qgav9$fubqwFAl|IQ$!U_waf25&lw3@Xa!~1 zlUQbDpHtn18gnlw5mMf%R!8F7Bw;OhY38TFgf^_#iDRPuR(6S@BBgq$@XLxDTR^37 zSW)}Qr-NzGmtQUdA1HRH_+{w9HrzIi$}yit*CR-qX6@srDV9f_Ho69XVFkPhtd(6T zbSUYri7LIO&dK_JUVi|tFa#d8;(Cb_nM{D45tzVl_O{cQ?mpI&Lod5Ti#JK^f&4;Y zOc7F2fzPN%>9M!1PwbjS(rjm>>VJb$YEodk@xlE4*Yi9J0pz8`0a=wdCudn&Wi<{R zCxDMiO`{!jkn(GT+G$L~WDw$d%IRkN!U@<2c|kq=p~&*LY`_;%>vEqk z10W~PY+<00ALklA2gh4p z2e<#$`xCZQ^e2S-EYJnyArD|4cXoBwf;oJ|efiosBoa7EooKbs4fra*-M!x+b%7XU zsJIqL(tb&rurzaKaaX8Q;l-f1D{rj4Tfp4UVLF=5MyF zTmX)(W0|?Rm;K!w z2o{*B;!_q|pm~7&7Vt#VIon~O{u5K6yfioorT;Xw`=fsR&tc*gwEewm4&$(W)&($Y z1ae5g&c+rmeq~;PLMZg-AA3I6RxofA;oNB7vFGl5V>$TkTfD3|joDE;b;)i}&Y8C) zzDb&+qL%@+j%ZpATX$gJulj*JSO@_! zS3$tHY#yF%j`|~p{Q%J~Bk+>Y2c_?_%!cp`6oT*6$q@D8U9y=w#*)NEYfogv3N@)_nO*wtg$gc@*kvIBIDWO zY`EVM)W3Ou4mI2>FKP+b6eLSudcRHXtu-v^BkA7!P;HFY^shHS+Vs|< z=90ab57g)K;Jx~x z&0zKSJBeVP8&|Oef8LY2L37pa9bm78ws7jk_fiRox!Hyf#A*HXVlimgdnv+vqE8zr zB)Vi5(*7q$khR@FhJ38Veg{G|d#)q%wqJd_3M(%U+0)CdMJVPh_i#heV(7 z{~*>rFG#MMfgHY=Abn&uzsMxW%jK5=aMEVvsM~uSTYw{%>VJJFh2IKffrpIGe;+)_ zdXvMu{be zPd~5f6u&x+9SHXtXm9TGxCs%IPK2RreFo`gF!4owDdE+0oBaC|K2-N2kW18|zv1vRD*m~=f1*y>xKWn+kmEqZ zU*rDB(eQSS)&)rP|6dw&_)(jTGLZ4jqw;%#yaN8WK|-err}3Z0Rg|nc0r{2OLbxqH z(7^IU7}DeuA6|*C%&z@hxoXzW9seQBJb^k206a^e>9nsD`guhsfn+(OZk4HL^s)1k zgX04*2rVZ2t6=|YmbzeGAR9F+x*@a}8Fk>3VtMcvVU6AZ)$LTb?J~3F%{&)euLmUE zUtYSmja`y2a*|Qz5x$?(ahg;+H}f-FFm#?+FfyKoaB$E_U0xUkqv{5#r@x!YdzB?O z^OtR}fr)E%-HFD>pnf@XBny;0N3Z_(dsbozCwv3o3A>$$7Ib`*!MX+iuYz(T;y-v# z&tu#=QxG`1)MLq3gh-Sm4s(X#hrGfTANPzCjs{dG4-Gm!OpHMj!(y!G=`LbQWrSO* zT@OQ1>+n(3FgO?pJ&dR?q2++L*)vX71Vp@l$Hj`J9cO$ z5t?KYuc)GthRnYaQLZz}XTwrcdUx$ktvQ;#rioB1w=Z7%gD3QLX7U>G|NC;ObAzkO zX>UZ4iQBN`IH>%{*=v6YKh^eAST6EP@Mhv2ntqUEywcwc9e;T3w1&l?mPS;Ur~v{F z?yc&$XX&%E`(xgtsQoq=qa@I7@iz08h7??HvFV($t;5;nj>KnBG7dgF++nc+qc5*= zm`<09Oi+=MdvM09Q|TGW;k)6xTX?&9DA@`@~t^ilrupgCo6l!+C_uKNWaDkJ?EAQ`tgrRugSd?EoBd@gE z{Q+!~zxT!;Pk1dWpYOb5PAB|ZrOujY&Fo)%cziu|=h$Zb^p z>Qgk8*&h871h$xW;7&ZV(ha$fE&M(1`A^wet@)1wjNqi_qTiZFCXMxm>Z;n6Q(uF8 zr$s=vOGr+>g5HLS%PS^QU6TciaEk%<)uAtVxsc=;AN`<5_VW8Zq&cq5W_M zn+qYlA#+O)wk-@i%5UpdtlFm9T+r|QP4Z?&KZI5Br8DahcZ)cC=eWicbGa|^;RGpu zV9R3*+MoUSp4^`cs?h1JQn-hD$;K;d+ufgryzb`)W~9?GORU+E=2BD@H{EA=1hnTL zvp<54!CLxJRd32ut4s8nO}Vl0f{)nEN0)rM-tOe{B67#a7%zd}&eE?A>M@4o z!f(}WD$l7sT1+Iq7CHw%KE2_Vov=&3SC{8eAfU_}2I;h(d)eI}PSPq}9!c2xLPHTL zko#$Rhd(gV3Zw5|fn8;V2gKP#;~{C<+uhz|exd%iuurYv9#B!IqDO_dv)s+>NX?rB z%Mq>l;^f~%Ut%w;RZ|q(Gz2^mTyMf6qz9zFF^^7u%p9$&YICgJh`{A$@iFq7kp$iC z3VG&rq$haaBf2df<{G(fcVnfIb|hFbk{rI=J3tD-9;#jWos9wGF>rox$o2R9oLA1> z|N9o2(DJNEJ)Gh?{Hm%kc^o(2Qi_ng*h?xebp>BrWX8g_2=_(8v)}2b z1bm46V%4Vs?a8@%V`*pi@aS-(ne$qb?m?*0Wijw-v~A1Fc4hPF^xbBrcB_^D-dtU= z_}yUxeD(1`h_fU3-TXI9sqrPA(YGO)s&0WA9Z5L>4>hj~BaSMYL@&c$E`)wO-S^`| zT<-W%(-=!dT91h_kH+6Hx8BZcZhjUS6>!yzGP)>vy$APPQkK~KHN|f`ZSA&K$HtfA zr-^kn?A90r!rdj&#_5xNJQ1`r|LQ;Rz6H7USm=T{2mUK2x2BCJemkqn77n-DnTW^N}0=lW|9H zznL}1z8CaO-7giEJ5(GCCN-YF;H2Z6Xp`SzU-V`&jrQ6RfzEn7WN_z}7io$brcp05 zs0ZeOVo11{1{)9Qi;w+v&u-efA-?7OT4Tu2LFtcIgEXN-v#UX%=4IcHjjl6BDj6Jf zwkpJ_g!{T#tf0H0_^U_NrpmTgA;EqXLqhDEk0Aki4=0O6^ycDRk9V8+HvsZ#D><1u z{V@cQg19*~|C|y>1br6G&!;;yuT1FoaJ@@+qsbEbNOAin^=OoN^RaW34Qc$wvQGj& zjwv+K*Q}8eKfceR%a)n>;YYj@z)~yGER=-zVsZ~Pxh%ec@t!hJi4A1Bl7!^77F~+T zQZ_h$uWkx(50m9n&mzG+TAgPulA7~@5fwd{D)0HsdoL3Y|2Z_mn;?pv#rfQyZR@54 z1ktbdJw9wyGtv?tnQOr2cb@~y*2tl=;{rz1Hd}+^E=8TtMiR*^%pH!j1y0e5*ZN;< z41*1oSWt*DdUTw&zn;`b7I*vP<;aXI{?B3Atm?_ogs?v%cBHnxL^C@k&}@5{L)I)= z1Ap*4-#f*i9wQxVtc$BVa+@SqT;cW*#=2lhb?^A>iQ)~_c;>m)<$7hk~jR0l6 z6&ii8g*f9*S@@ou`qy1y>%DEMVT6(AWrd3^e5liN^t;^Ve0%v&JGTipjT^+cGr%tg zasGf*zfm0XruO=zJlS!HRuWnmOD0y)8~vUl6obkzNWk15Z|{udF<_u_XPjW59u7(u zDwHG`DOMEdqV>NR9K;>1p^;=+?egmidN|g;u{a_yyxVm4zurFObAwB_2CY?0cbI}I zjN5b5*^LzdVHF#vanlFDtYQQ(;oUl@>G}hghw*Y3dLQGZ`R?{km~Y-3MWylUJ$#~O z)R(-ePOl6~zeFjQY=2dbH#G=)A$_k=exNFM`CZ&8MWaLZS6omB2mQ8MkWFzOZ%Fko z7r*!KRZIZ>xFw(c)W-f(0lTA`edQPD=zhmZQuZsL{yOQ=*dN?V?Ouw}@QdBbt)sw# z;^6CVa$Dsajrlrfm(hP}ytlDIzl~2Bu7LYQumwhl@|K4SQ6hAD4OQ<6L!!?f1H@}zvmtt3f3HmXG>ebCT8M`Y6cd@NcGbVLQ_Yk^nJQs@DL|3g^la9jEIFmufcz42 zJoGyohMfHNyh_}#g(ej7xg3h{t%n~2ahG`d>u{a+Nw%Y>cZR2SskTUkesfZz*d9ac zZZD?IdOyZ~>30B-yWj4w&%u}T`sU>I=H($#15fz%g4;)5URUY#9f#@! zXd1Cxh!rrECSm=K85Bs#?BLeYgtHeeL1x-_&`js7P-RMxX59xAemcQ5hZtU z-j^-WtG8XvigTMcR1eJCK=G^?U$rR+S0M~UTzcgW{LIAQb>nl&)Y?LIo)jwvf*GaE}jD6N>>M?c2{ z=&)&mE{n=J^+Yz0uY+67ce^mJmi^2{Ha{ViDE0J}I1kfnf45?-&?&CZ`?U_8&za?OaGlbo?d>E$8j~*uC}d7O{*#*GS_}%&=R&c>!7*j4)vPxADc*65F_G&iSHM$t2ve0>!)rUxyHL zXbGl2>XyFA$R(#WzPl_!tol77U1VDo@v&3W+m<}W=WkJI44|S>27L*Dk+749>NVdz zvNUsOmwgzJl-SF|=ezBkwLQ-5!jy*oeWkwt&nu<*;(l7!X+)|~YeliEP-ugz6|tgk zyA~c}dpl}=q>VA}m%l+pU-xd|vP<9>3!YzD16HfU&A5|J*iFzn#G;nNo@H&fv_>_J z`u@8|_3EiNS-_}{D9`MM?}kh1qTJFJf3Jszov`Wk4W{5)^ftE5k&S!dy+Y9SRo5eD zm&+=bdGJLB+)-46`@UIH}(b&|iVH6TG0Fis10Zi4D2Q~6bY)3Pv zOO&lE{1B(w-`=WM7+ok;yau4y99nAciMbeTRkKpqGDejz9ErB(a&@<^t&=}6T{tR_ zGWnGB#a)zm9iUDZ2NQ~X_u}7Mu8Im6J(s+Z7uoqG=()1zvbBVFvqW`w>BwjoJsy>} z_{~~pZ>74<+gaCqK~T!fNI+7L{7)5~PqK(gQiay5q-rBAHhmUQsjLHsUP)~_tEo1d zE(iDTWSk?ZvL=A*shRsyOlG0Ug&nZ{OPkRUGaZ+_b0*_ivm%ptTRE2PpTFe0cm&@q zP9FYN)A`j*OzQr;7}04R^IYWdj$d^xE`36eSdY4iyQ{Z=cP5giU`lCqV`OkO^SG}} zX)D*K#Htj~VOT4QJVLy->hb$*m$Ik${r1J3i>$|j zHrKg`9e7O!|S^Jr|9d#-K+XK<^dPOsjg;17~HwgSCNkW}1dgP)T2`5DsB{>D>XkjnZ`f#_> zlZJm_WXqFG)TVYow)l`;mxa488fTcx%}#@KWHsdo7x%t-T;h(>Wkxlfjq~@uP*!Ie z$=+C;MLx0F>{g`7;QwSlW4YlM#R0dkEA-tK^dgSx$Y+6ibhrp5eyF0jW|6TonTx$O z;2Rfv$ZgB~?c10N(;d@5{V%;EMi)IviTb5m32LKGpyTO2k}lfsx!<#TOGlJv3U(Y3 zh5iSAhv!STf&R6La7HEXOaqdxfq|T^J)qpH?E!OOp)JNTpD(&~4gaY!-nu*K%BtzS zHIjTpcmZBm@j15-Qdl2rU{lAj>Sk;j*<@A#vJCy+GWsy5rI) zN6fE!$$LiK69}uLNVwvkbXE%jZXJl6|5TZCQwX}IH?M{muLPb*+yF1oW}2pC26yMR zZ0F53#SI{j*#a*2)YZ^cIzU_HcfyKSU=D4x<|E3)&0#}~;e59)J_c(fi8mF!`5IJm zsfGXi<^*xmb#79@X(*lduvcDK0thG#&44d!*VMcWjiIT2^w?*T*G)17{EY?dC#Bim zeEC#3YvPsYywIq8wvuWzSGVEk4}4TPmtM6B>~}SviC+% zWeNe=GAyXk#eJm!JNJ3q4&B231lF^@U>GMJ_M={zVrRAm;{xC zI)qOZFkV-VUlYO{{MB!k{Z@lLM_9|1090y8$o(xJAQqpmwTyUvdiiMBXrHP~bgOFbBL6s!asa2htd=2x0^80l3RF>-ey>T%Wz z{kO^dFX!!ki=D(V7rb7Fh7D4O18(>ErNBOh=u7m8!ZP)bBNA6jAmG2Wh~J;j% z@Vp)Bj|GYW0ycPKSMDdj>lN z$}98m9Ois}6QnEN`-9vasj1yFj?etI`trAC8`1`GbEb6oM5n%}qz z9W3EDz4j2+#ytONu?*+*m{_(6Jsz=BQ+iL8m z&}t<$84!qC^8$}s_m_d+fZYMG<^1dJywB_YOG|O@Jip#{R0U9+mD*2z)~>aXx%eZp z`zgX3<|@AS4(UOm?1B{Ii>pqDMaf3QY{U}M3Euh>B6dAB>w6xQ1Or}0n&3uCuQ6Wj z8Z!w11|FB^J+15sgy4}MB<7Vf3V?Qv8;D~WB<4X{<#p>m^+K`f6M<=~72&X**a0vS zFX|~CGzm`oSSQopHX(VZ1{iD>U%IcyG4FfVX#$Bsl*9(`@hhGc#sx9iyDvlJOCT70 zV70G3)AH1*6KYY_hTk#;4i^*$4fwqbV{{aO0*0^=L#EeBz{C)f1=PZfi#taP~as zdY4HeCK%Zdr>lS;MX5DXsZ|3gMH4zg6VJ(gs;Wm`e|aO~5cdsro3q4WbXuMow zrzVLN{1H!*1-K}G%eD^3pvOgW6XyrEG0JAVg_A4vaMm|Nha>TWnR6gVp$Gsl+X(0(G&P|%yo&v(D=S4}~7ybD3ErCFXPeAf@zNpWyZzX{D z6&ra5U@%nJ1*|{phxNC{67&WQx-7mB6ZeLF zzJ>MS+HMRa?uW@qzV6%{&i7kk1x|kPfLTMfYrn(6YFF2`e|dg93NlI`&~MmJmxSll zM_*Fmr=FnuqtOJ_W=b@@E>j~Tx~SE%Ulqv=4zlVS0NhIK;=|IpWofq(naM8Y+S&l_ zn_a$7=E7h9Kbyn3I!CGguN$qIoW^B>1L5d3T@P&m4ftor?I)cxL3E)*%ohS{f{I;2!w45)H91h>=iqm{2EP^b+ ze9ddd309+Z}NzsLC+rP9}qytTkHgnf;5Q#^`KZ}nAnQ? z5~dqLKjpJN{=_k4zHkM=u2V@v^2UaUV@OKLjPJ`U@!kmg+w(oPN@$pszl|D-fl+P7 zrd(Z%d`t)Kj+grRv<{OQmo!5X+A7ay$0$oH;XcUQKD;+W& zx@qYB1=|?iq{Q`F1X~#`wblR!o^(M&GVLVt#g6Ev$U3%6Cw?ei>X4oDuOV;QNS4^z z*dg?s=R@BUncn0`53N5b!3@JoZc^oHmDdN$&pFRl=RXgfGbq{lfrI~Qm?Tm~j|+7C zVx2^XppF?%h+F24AB(_wush->t38LUx=ul&1oi_m$G}@3O@40x{a>7a^?#W}dMA=^ znK};M@oHCk8?pi%*N2`Obln%gyPdW~^i}$}ZIq0VvqrX%1e^3zfuulzK(%TXXIiOh zR+K0W?w3H`63b8gy&`XZwVRCQ5JS$!+s_j*sD#MjfOnzY;!`&?|GuHcJPbmn-8u*( zR#&u_-`L2iF*t%^|I_q5n|@j23obL2g?xV5YA_;y(tQP4|kwrVEU9jVkc9eOmbR?w_90hRhr?! zfgVac4oV_A{dQf5U%212=sLri0!~kriv2K1<(GHqpv=6-$UQ7~3F4EuoU>-*Gg_)} z=Pt6Ly-xUr&&WDBO>2loU z2#~f~!pO&_UNH{(ki4WRrP5!*DWSEDkrcEZNA zY0sdd!r0z9dmGjK9=aoTl@uBY_dW|esfgzrE!F#?tI5@JY?fd4^}>jY{LE%1iY5m1 z-68^T)eDimz?I1tGZWBDs?t$xa+@HBF%kZ{iNypuL%Q6^sD)};JsWF4039Z#ws(qf zsrydS<1!qQXhAD-04)fXXbq;ht3ZGX7Od_^I@J%cfr#M zLbES8l)|qi-oS2U<%?>9r(Tg%EYs@YAE1Y&?DT}}2BH=IhIbdRigSnGMKoIX4NLaF zfV99=`>z48% ze9@NA4U?%Q8VlojMqltlDq!GV>z~sp9PVxf5pXWkro03LxU61&R$p7*+5fdp)OsTe zXY2Jc+Q7%!tOh07Sft>(ptGaquj58YD!GR2DWb#P|J_Em%V)mz?JFu0B3a6CR)95RRJWPR*M??s}iJH1nmX?kUiqwZmiku)ja$=HyyJephH;Hx?gj$mjD`6QN`TWz45 zE9Irvtt5#gZb<0Ug9z^xGoBby61&5QW+c^24lNSBZLBjBNR&+24mK$^=0x&h*-MVi znYvYu(gGW`VNT9f`h= zN_U^9l9Ij6M0=*4{NGJR3oXmUP%}lig2k)QY=L<;Wd+JN5Wmc|CF6AKLDQ&5Rr`pp zPFack-Men-uEb7)VD_?%zhnvPk9a&}bg_~+E>CGYQWu1sxap5Zkt3xVc#X_X9d@Qd zZC+0_GT(Ba7w$3ZP^-1}ZS;++3LJKpgppL7Z*guX95LUgJQ!V{F+J}Il%2NPs}q>_ zs7SIfQWl%A^mo3S8z+rCB?=n_C|2p`b|CeHI1R^HGf`~H8hSsC1J7}<|C>zsb0RD% zXFC+s3UN#SV7Qd3&Q|ZIS`caSVb30G8hw!tcL;YbrkD98y=H;44`2ywfX3XsYqWgL z;19wpjfVsvTE3}6C9&LQ1}(s-ilW~6K*-j_A+F%QA0}^2xKGC{wota4=^JaOpB`6T ztpwJL<1=#MR_7=@YocQz^Cy(OrCptW1X41)P@{xGpoCC-MH!3t>WS>LI#ZwDx(n~> za*=yBI7lhZD*Ywp>7V^P6&EL&=yx;W@OMr3HQ^K~Xto*aVl2#V7=^g#W%76ou{l}u zJXV=ZWAyBx3n~RQ2SWvn8_q-uP{W&%&@mxJ(9qsRtQC&BX%yGq76?5TTp>b;0zHsp zmOQVI>KxX4hIvvbcHAO|bb@~u$5#Z3a;ft~7L;9+v6p#Dx6b(V!CsnGYI|)4znC%( zP5M@ed9O50AtuMJ$!>u#;^qb7Wd5cCRh7`;)#1_ahVnO6t0vX{P=2cJl8rUMc6v~wSwB1 z*hG&18E;J_{K!Z+A{fO9En?Hey5uY(frQ>vY{(+FcZMP;(_ngx7b0AWD?<|#f*q_c zFK8w`?N+p^Y)&{`UJ^R$YxZg3B>{Fjx3A12_fGhPBNq38g(O+{ zs#iSBshp3aDkUgP=Hv5Yp=rDA(7|6)1H6##?H_{d8K+&F**4*JpCtE|O22ux*jJ93 z-T~8ajCYt)S{A5jv%M2zDRtvGWOwsAZkZ#BdU`daY~pttOh~?N_FgUyl@5(LF{+UP z@Th@&ksmS>WY0?Jj%lOuFlbIlMW4L6MHi4Cu#3|~J$$3m`iiIOkHH})=p|R{QzEj6 zP~@kgO5#G#2-pp2W9fj^mdHVZ6_!nk8^vzRetLMuZ}K5KI0f__g1M^axg?RLLxTdw z9WO=rC6+U&5KP#g&Y|b?iH?4a`WfYCYIbo8u{peN;@U$zVZD85bVK5yFy!K=ksKRw%~}5FGD)T4;hRR6WF^ZJ(-scvx!})Q<70G#*4Q$H zylKsru~~Dd`67A|=;IzcT{6@t9eqRk@QJ3gWjICIv+%w7+p`JnIxEJ%vLGr*$%cyg zzvG2D->Yk_`a-E3^yg9#7?A4KN07Kz^7Uf^h2E5c@uE`u`*Oj18u79{ z!l?)R#;h!s*k|bS+hjk3E2|oOQv`91LVFi}&_>*2jckK2kJk?I$TG>-Pg9nbJvo7q|s6`)5PW)g`AeD~wU_x};gzbDX5%W2w zr$PfnODzA4O5L}cic{IQL}X;^I+_S6eS;jftkprWq=X2rPO7sfu`Fdke!8-q(v`WYCS;vUCW}tZWYSk%=xiW*Xm~{C5Q)c|Eti-bfrkCa zC|+g|93EXL6jAxL+cO^=q-975rqD`2jTc`NCTDlX?m<3HDAgFo+~!EL^QPY8fu{Do z5rcT{X4lJC`fo{_e8$(Ob(2QV#lfd%jd7<}pj(-uEA{$uBaXZEqD5av3wJ)L zXeT(4&V=p|=9`3??ahB5H%>{l>bl&v_fZ7?uDMh^6iAK*xOXXaE;pY}B<)a8yO|^h z!c0mi?&`#M_zj4MQ61JoC0r5U3WN4ewLs`uBV}IezcTR3q*3`~n!pE}@J`H`d9tAf z6+#zWABnyC%h(>4&!{fUI^D3`9~60vO&GFcsxtj_3sMk0`#Xn6`^TGQ!0_GlGX*Y6 z($R8z^WP>9IqK61r)s&?w9Y*Mk+6BW=%#;SVw{ta^>%wpeKlPYy`+liC?zYU5qj=% z(|D31u;_u#mpAH@$!%UeyLo#qVt=w1I*ALt+0B}q$N@}>pIabzZ~O0^!Qk&7uv8ZS ze-e{B$;OMu8}WAkj+tXG${iji3*P7ANBGq~RSUg_8UJbL})68jpX)FJT-QL%pD~TsdXH5iu z5}nMPu=$FE;XZIwX*RB3Y43Si){ezjhDWM?o&qlbE#>$vUFu$Hz<3V%@<+VQZR}ja zMd`5S02aaz-M^d7{an+7?Gt6^{iU(#e0GR)y-dLu*i7kx2Gp+ozat`U-u12ms~IFx zoZ{Bn7%5lHJ(Nv{oJt(z4k|4wl_@3oT>k?zO6C1IeCL(NcKbaJ^DGu0A>PASDm-dr z*MH3O%dG7>Na zpziLRIYwEO9CDL%7Bo|%N4-JblU8p0wC4V{dq>MNHMkMQYPJp$C^eVvis^jjB6_0`+J8$D)QrI1mROYeiY^64 z&?0!uYP}bk1ucS2%mlbm=rl5-O1KkBw_F|P+DEHU42@V!d6~mOtL*8C4S#>vf>p?nzpEKF{b4O1 z`6FS!(u33-fkR31aOg{Wv6SEnCWN;Kl)31i92{fk`IY({IOUDwL zsr*A8^a6o&YWMy55;^T!XnkG;Bx1ATWePM=Q0HANXXKp#6^QN3Calpjlw3(v0OBCM z*%Os6qz{R*(BO3=2YZF3$XUAyT1_~0VI!J$gedrPt5C=wNxWpS=}Ag^-|gyl8a%hb zaxn7CkB~CDa_d+n1vyQ{>?Cdqv$kbk|7LeLwI{fm>D z7RhHCJA%4XW+9}k$cuW@C`B;aX|dywk;sbJ3VV+}xK12sAT$NlLFz&xs3<}-@F;P$ z)vxJl!uQZ6?XEA^&gu#gB__jOBhQkZkonhn>A`FFQGR$j zDAgS${9gB5FLLKlvPHZF24LPnrPKEn|ia>W&5O+Cwn0gGJ15kTmRV z8^V?x)JQ4(6)9wNYoF>-?kt$>@YLBd@QbxvafsT-v@KwgnVC})Oj1X! zrrY+7Q05v-hsN`P5$~`>s%iD>I22!X_B05s!x$&XRA^-kTd5f62K>|7 z!|&BRdV5rAJX?K>ww9doygM+0Hn0TEmOS~{dNW>Lmj9O)Ccg3<2Z?^yI>r%vcK4os z(2s4N;-HPMO3YynQY|a%wbuGtPsw zYtW=&FF2$H=M1rlbR+Xl&_p*UG(m_+1{0%yppgnr*z+^|j!&OV6K5OCOI@BMl4iY& zLG>DH_*Auw&Ake*7aw+ z7xCR$2=3G8ecyA|ehrTSOBB|FC!UT&f{q{rBpkLuErk;U+Nl-&8CAGRYZ_IEz_~@G zm3l6fbp6iL9Xbg8m(Ja$9wzsW7v3W-Y;T|h^2$9`v$Tkd2g%H!cMDneA`>BHe^VJF z*@h6LC(MCjk<=(QaEC`wD((9rCRTrV$}_->c@rv6X3ax8aBK`qpH6^GxbY?3Cn78D z&wJ2lc3-fR74klbCLS9@Mw_Ni6ek??fS`~?ij%0mr~k9Y8+L{LO$17y0wEXAM^_nR zBM|5Ja8?r9+Ytd%>$$DnfHk&H;Y;FDH_{=ne8?7QlHHz0K~6>uo`yRHBNe(t$pq?M z5Pc@2@pT;z>P%cL>lx6~c6w*2_mzh(cE`Gt&#TsOgeFiHkG`gFls*;~oYPC&d!;qr zg5E%n@rbF1MfZ;GTfyWzLPWCv272rqUjOzOAtn>jFIzT5-ZcB@#!iMCa9D&XTf=`l za3L7b&Xs`~y9CgYog-vHBMG7Wm)cCNED-TT9?b$9qf6a@7rBf7wQUk7kz@f)EX!En ztDzzptM5E|cGB0~qfx&LVXr@>(&CXnogp2oHMI^xOz}?!`vt$z@w@@ssnSvZvn8Xo74J*0E(o()4p7on_>7C6LBu|9Ha#j|!^iW6&Jth7U*5Wgapl@2b%= z5d`6%VlP@I31SnO*`Wt6MLc3mXsnP9f3!~!qF?SKRU^EK?2a{1^apLyaq)Fgh)K7| zPZphxd7gp8>*OU)KN##ioe&LwVwE-baf_~(ylG&B1YHI_Dz+|DFj6>@23cEGpHG^a z7Lm8zo7@MDC9Kr=dv2A=V12>iE*xr`_c~-i0e6W!(gQ@te}(W3V36IbDLe#nGD&FS zB#2lO8k{lk2u6j2BX}l-k|{Ek`uk#}9l&CE%LVUx)#$7Z2kwsBHM0;5E7&@tv^rl5 z`0&?LBfj8iG%fN{CST#~the@G7&xXK5Vj=Vd6`+W?rpD$;3-^l5a_ssw!+gC_mM=E0V(iE_JzrYiQ5m-Aee_&Mo z<@J8g2AwUIUX73el^`6i7q3Yrh(V96j{=pO@1s?WzTRYD{GPA3ktML9?cW{$oKubk?x>MOOK4Mltm>Mf=h#s$IZbMFI zCI#k)Vn@CkVslOBEs)KeNQHBg59^I$iPIo|yI0dQ1q(WO+@qQ&8}`*1@YfT(a4|5GGKN@8OvIM~9pVyRcY!s*QIGZ zC>~q-Z52-ebi{mALW+%Lm$oxMX~c_gcgO9_HNYfqt!+gAeLe-1l*Ckvl~8` z_T{IYTL$aT`M!U=P6OjLxTD20x>FC*A>+p+TbHZleBLo^A0K5p{?Yk&0qD+tQ}?sQ zy?0sfjvqAU;1rI1;uv2y{3}47j4-qp<4{ZowT`hLw20;$nv&^zh=S`z?9Uq*-kn63 z{^T3nihc5Ov98DK^HIZ*|I_Il$6j3jIJ7QIskn%L$E9RUsfuR}!@xU3DS~vN=!hXD zw)x9U!Y=@E?RgAbwSND;YIAyVlc0Nzf>M(|y7C_+xuXFpwHIo=vabeA@Nz_ig` z>xi3|D&c`3*s!0xpWf>9X+ex|fHSCoA)bk6`QuqOeNsxVkH|56lsl^rM@+3S-vMe; z=%s{-ndy$Rn9UZ_kFRJ`&W~RkBDyz}PAUbc5oYI7Dj5=3?5=P^P%&ze$`-9@<`P_l zB5B+lm@h#)Fo$&lbn5t{x_ZvLszS;T6WBG(rAeZuyP@O*tnZ8-v8ysfk_g0Rng2uq zpd9+W)|(6>|01Q$+QP3xI3au_P_f+hG4O9>G3ooi$O3l28%*AtRr~Q)_cbzwxQh~r z87;?)Fgw(lc8Ab1&BAI~ES;9Uc6VwduwE7lmiX!Vyj@}NIq7Y?8lxDXkI+@C4G{^) z=S4E~Nz0BzmsI1Y5U@`PNTMa+{rTRD)Px@;?uChEkA{p_`!_zBRh{Ip=%-v$ylCxYr$5eAho26d+bQ)9B$h{9WmJ z^n5-+y#n4RPj_}3;Ol;5p_gYFtaL1`$7n|_au{ZH($KAbZLVz%w^?09PVAhd%Iry} zt$lREZv-^>hMi)Hsy|a1@aPwzTkAg%#u%>1T!dmm=gglldr5vCd3w0PRrwI}x3@hg zJ`aPxC4a+vHtE0i#iI$EKm$M^^Hrj$SG`*;7)xIqL>%!&Uh{||Ws^5M<=x|n-i;)n zcqM=p&IT)g%AF0@M6g35jRW7FmRKz@+GXS*??7KUldjer05=)0l725Syz6wS3X>KK zIzz25-?wFma&X=+f%$V2LEH8%IVcKFOkl%O?P|+BhezzNU`>k(s7e2DBox6f!2k%lIP%%E3WDn=nDOw}Vtoe(>TRac;w#m5RgdqxF& z`fY~+leZrJ_cGzG0gOu552MGxt&MaL`&O0|DXW7kr5QN{tpM;X4}I7uP>~hX3Uo76 zfJJ$`?Ur8_vnxW>^az{#Y^+B;R{3^QD*=*q+^91+)1V?%Y!9FTKN3(+bf*Y^&Em*_ zkNR1I6)YfzzP)vr6S~eg&eNxcy6RV^M!53!lM?Iv}73-z~6>d}1 zy|#u9)&OnLw}V#7LJ;T-haaDk#>47uNQj}6ktuFt;~(z7mjDLV2O(07SxRT^%&#Rp z$)^>Yc^$X$k$3#qMe^Tv=vJY3|J(NmK+ai!U9JaW$*Tog-`mVwCVl#7hY3R)!zR{; z8J1{aF*^!HISAgzv5F z$ac8Se#b$=X-%nAWQ;nu*-1 z*Am-k%qGI&`nyLCo(FD+N1Bv>pkxg6Flzp@8S<{D#K2X4L`uB+=@9!Ilfx706(m9` z$SqcGB`;Be&>RhE04$%X7p}V8J9X&R%91OF8re7tR?o)`9m%c>s6sVGAQd(b}D0W#KBD)oO74&oLt<3H|uX{z1GAy15} z0pTXx>)m5i!9LMg%J7WEf7l*2i9cV2P|2XjZ}v?YUYeI#yb|(_aM+I_!!!sB$zgtn zS|jxU?#Oj9Dx(Dg-TNOo9R<#SbM(bs z?rJA?6IIT`Yh~S&eoL8!(<+2YX0PnZpU3cMSl=Or0-lHDc|;95k^SG4=epq$D(mKq zzK%rE%@s-4cjx+>675kq`qSt%yR5+tLtAayI#dL+1Uh|zC+VdAaQgEdxh0Q2?z`_k z>@@mpJd}&wb(ka?Yxhn&bY>wf*5$E7wY;cx1>RbBh8>5H0%-z|pc6;u@ruEvuFqw2?|6C7X10d`7+K{nnhiYIr7gN)_+%q%p~g`C z@oIyestCWzyf6>TTliIj#(JW|SmJi0e12`52k%GHZ;N@a>IbqiSrw~3>4mJ*2|l#{ z-e1o_EA0A81NXK3(!f2mVHCT&Q~Bw^`Y*jl0W?X_2<^00RX-8+cT%?yinva#U((gy zsIlpaKw6#5B~E|EItscj8b{-rTCv$QNOgF!o|X{Mz|f0|M>&=iYh`z$rc$ikI66#w zr}3D4cRQrxBc^u3bSM2bvhd(GjT^6|H0-*Gpywxd`jQ`kmQSGcv&hy2+5aZ=3IWcz z{!M|u)F!$Movr=pwE~CRhsob8vfHPl+ffV!w(byTiF4`xLgzxZW|;YP56DD~@I;N! zX||tBJbjg1YL-g#30KMBG(ZnVNTywv%hpGt z)cx8SkGx~;Rp1!j=Sq&%)D8+!ShY(eIm?J4=+s-x%M;2>%2sE{=55)9r2Dyd`4MUr zO@7}#Yah;_ovG$=|BzaMlwY&!pm__@$G;6Iz%6bgflku9vhW$=taGdzqa_fYN3UPq zX#BYTQGm*-h$b}Nx+N|@Q+iT=fSVF+h<|uzv&%Kgx6PDo(QTJGj_oRJ#Gi?wjgv{= z5#q*N=}8l73;!;hraliSOT4C9d!{dVp%nZJyY$5QK?q*Y%Ea?&e%t9?pqZ_t{Ux zGzYfNTxg6EZk7i$+mDjFkhnyG2<8nS9Vq`OzCGmfGev|e1I3JYSO>*$ofBIQ4ufpG zA8rzbs;PEn7!4^b#4sVV;R=pU z;`v!2QbMV3O$X*W_#V^1eBZYQe#iiU*Ni1&mzi2Os-JY%!~OI+HI%Hgiw9nmi{qeF zZ+EFBT%R|3SMB>7URJ2c7 zd+tcbt)YD)g8k19wU0OsXk6_mDYq|}zt*sQ`J!Cd~e zKrsf=Q;Xx!jWP;X<_WcI7g+*VS43T}=PO+$H8)cDf$W@^;q4jUDwKIwaAwU< zCvg;bz9WLmBv6qxl}+Jn#XYco>&7cqbNHzA~pOjTzo5ngj4j6X2_Un43rJ+MCgPNu{_s!86d=Ej-D7~Fy=%(0W*}1|I(H?%OF9H|H%;>l((qFz{arX$tB+;Ak zibS+3e9A&g5f$lqbk`3pNfgh$=*z_#f+_!|A~i`)6%f08gifOS;qVK-Gqck&@FD*x z%z&)INcjHnN&tw_t+!UfOxP&OGE)Nf)|Sf^4-%!;#c@tNQRm9B*6Eq8qRBpWY!e#| z>jXY`PYQkNXU;=Mp9G=bRZSiIlJ>*iTmtQ^KN#XaQJ3OSBgc%V@JCE7M!%X*&HgpqTweOXwF!fIpgNAOksuUr;6yuB$I}&airr zj|Q8?Ns$y0DlW8q!ZJJtcre+;FKW44j_gPUz+=D({01oIxcl31jsY$f(sleT)^2Ly zOhA{r+i1!-*WDu_(w%AmA*5#1JZk<~l(YHsOS((Bu?|?S^Qg%6B^hmw)-Xb0(Kg=A zF2B|YGCf^Uyz8@iR0@#k<0ms&pqP*Q2Tk#(h_OG!^g4~9EOBr~aa;Se0el`NTM|E( zIi72_k$6~z!V#GdAOA?W^1r=1U8@&t1^yfZGc3)n$tyOiDOW7onZxqwKHgmR60u*> z?azi|-%29HHHY{!dny;|_+AF&wemjkE8(RE)ply7D^NEOaLU7uI42*H^|vG&u>*X8es=@xZzXWtnp0=EP-?$^`LbCe%(cL0FndN3I~q5QyTsdm~dAM>6S;6jjJ*rCyT{%#OxX#8tnUBo^OoF~ZTje{)7N8Vh z^K~a!qqFpkTd)XE-NK{T?wCP0Uj6@`m(Ui9bMf&~n?l}U#fxERjsW_o%LWyBYWlky zvnaxE351c+uT?Iti^o-e1AUc$`@NW=XD6e{K3?%wV;2P{dU&vjBKqqS^$~NZ6 zx!cqI9BAgjgI`Dhbp`NOfMB;GAH89mo*609=I*p)#;2ae#?e%zh)0CK({=Ofnb4WB zi3Nf0fk@>SP%g;Szb>13O_wE3=%^V`Y#r4cZ_ z@QS`0UToizb#nY@jE99gwUQ8;ZdJhiTl4z z>*#cp(REys##vW(#Wi}Ko$w&`Z0?g7id6BB2&tIN77#_sLxvZ=}L>l<|5Zy zbQfFxjXCZu6c!@Rxp4`<^~sxct~gjRlR{ZNoZO%t6Yjyf6Rt}5Gmtv?U@_w)zMx#R z8aE-7Qp#gif^mC2=UVi3>zg(0FIEeZ1tFqS{9`o=O|4o{2H%V;vEv{6Mz}*n!1FqEync4T9$yj{F-kXR$wF zOwN~CvEtm+37c%urSf4LQs@cuhn$-w@mGY)e2-Nq=Rj(p|4!2RlNE(kC7p4`m9HC^F~xVqg8E%ZvZSn}MwT=Lel3V2Rk*I4M>hGa;H!2}{84hz+ZdjJ zveU@m0I+<%|E4kEQ=fL?p$Odi*lUEVI zZmbL3#@`25>;FG~JwX~QaRk_5XMp_o$Vm6e9r4e`hMx`Z&WZ1&uc!-DDLj{*okcnH z=+hL;%*nNRvCqz-c(u}92&WxgHOFIqKI`O_hWgfP98NIf6l=oaC3xB_JZwa=3U#mT z#7YIeB6jY)cIaHq^_Au-10GBFyOa0}hbPi(dM@UDHFTQ{Ao>rf=~d+tDfnu8DtPpZrCc;4h}333w4NSUMjUCmG?Z_R;#1S+9dqa zru?YX>V-C3{*kpl^$u2PAs|bgu&F>Q)^5;Df-

-v=3RqV<(QL5V79kGF#ZDuhny zouo^xPr+vZ6Uc7zn$5xe?-3ob8vvux=I$nqM{L^kfocWP;`M1&?^14IP}AS3?*JEM z{wG6mmX>(4tEC?NN>uLq{`;%>fh36NC}d;`j^5X8P9+N^5i1!^#JDz@$xOfEufah1q77h4o1Jk*_^(? zu9K>`0FtDsK(dgEi6Fu5v;%sP^Z5fcKe44%Q!qB4+5Mky#r>j0!f&=8zs1e9xJQUO zu?>iKzGl5}RY19l07=2Kw3wVw?0EPhIXPRfG}AN8&vt_g2f@#I-OU<3X}Crr$rshP)3in|PX zL(z?O+NqD~upoOsx5fS#Jc?|8VN8G4ek3?QQg`+F3Bhyxpb2(5_eD@7|5W79?F1a{ zkK3ol=-_64{vvZ<)C-T3l|n5r^BB>KdO?LoI|FWH@kw_!IVYzg!eaTeB;Z;9`f#6% z1&fQb(&^WO=&>emN_aIls{~MN@z5`WUtztSwM%KQfjg=cg*wUW*z7vb$&dEpT%Or( zgN2jf&j3{5(3<#wDk+!z5Ur6J$L>BWq!o?Do1$|-l23Y2h{pI(Y^%R@~t{)55Mtn-f@S_o7K^cs>aW=a^rgh z;c10y(PiX7G6>wK2dVN>dbo^64_FO_4Cy{%4S`5I`wvjy6Ixl-rX|jR359pC5=9Yu%oNQI zrpyf5rkwH1r}-qEG^-RcvI6f{TXZ*9Kzf|;u;c_>%aMpAnmj>~cMKL;q|cWaPH6WW zdJ`jf@A(dk5ZZCzt5D+qAT4la?+c#BAB^I_yVYJ7p~{B7W>V|*aWY`5{!TbHB9g&E zTyO)>f+hr|f5v`uoOxt9+MZ67gP((48ZjnQv>07T%-_f9hPo0iMQzT+&3y(2C#z}U zhxkax7DA+J7R&P;X4}g5Cj1{!8)4{HeUXCQkq`HkFOHExs}^wUP`~~_w2%x~D}9Av zZ5|TV)=Ftx^i1>4@e=&AI(aVfQoP|%|FfMi1gSYm&dUnZAWFBpL$PknrIeNtWfdMv zS-#mb+pVkBhMS9WswP|+GlQzXEQdyWDZ+2EOMu2{^iL;L_fMzh zgmX-2Thr7sk4$_V>nC2=lw92-amGoOF}4eVgXhgl(^HkpYgFY6fU7X-;O?u5V)O)! z;GP&p@v<%KYC0vF)3iI^r3p!W$Jmu-oWF}E!CszUqzPYRXz)pCP8Juuz9m1kqyHf|eWe3}olU z8m9n<{`O>E`i0mqmf!LBqbsFtZCr@3RHZ08GEp~5!&Jkl?C>S3EJ?u3`k|^q*_@kj z?(2l|Yx6V1)d6A?Uwih6yc$4TxL!E)I;(t?2R5Qb!f6;Zj7cFVcEM~HG>I%rV-cB5U~Am9D%&=$&RmTQR= zwI5)wBw1%a5@`0Qk{B=Kl4pnZRSCe4=Yx7CIMP?YAJ{C&t#r}B-eHEx|BR@*w2hCK zA}a0%Smgn=t!+GOT*#}a-%9Ir5N%2u!lT}+TqoGUr$ccWfIqz1;TfJ1?yEc)r{dIH zhZDyYJ14!Js)$zXMX9oKUKx&Cwl3piK8=C`9TzCA|8mgKp|xyCXpPk9>@*>#6I|@c z%a>|V*R8VoYkDGj}Ra9c#ii}fHMxSm{!eB))2a_x0S&A>< z@?hXh{b!n_U7)j%GmpKZm}I+vwU{85oflFfh1>hJpiKQ23^35cZ$R#sQQ;mbci?O) zw>EFjW5eUsS~_9xiAWUR^lQwIqhh?S#duB41PTf!H(2=pLRMO1FR^dN>-M&)YH$Um zP4o|CBsU_yG#k97rRoeYbFP7|;FL}aPnSUQXe?YRq^7(QYqQ?aE5-{aL*pw;xI!30^@q1D#@j% zknY+-5vZ&}bMjkTmou64TxmU2cRa9w-ThjY;2z6u_=*Lgh%eSJ>54%@s99W!?@#2+ z!}Ylqk73}6&&1(xW4#MdwBK)%a!4zOxxRvk6uA!JQ1C!H?}_% zl02<_1sUr+t3Ob1nGY6{@SlbB2Xn7E` zzDZ6Fb9G-Cg&mQbV#ecPHgznm+de|BitF#p;L^V)2BDS*byEy`*gQ!nN zC3hrC$e4W0yxm{tuluoPg-I#*ZrhUIK5of)CUa%}hD%NI<#YU=D97=`nJNu!dX+n} zF?$&YQ#;?Cu3E*7v1eI~;bn@nwQwj$*q3N5ez4{lW7yp;eN<;u)>J<50sd@L+CzUh z(WdrK(*&HRe&RzN~Wrg`yKEI(W{w|3KKkD--?vf*V+1I1B zsYS|616!tFNca8o#VTIPt&0bpZHUU`QvPH#LVm~bA4}u zebd)hEKK!YH6W#5U`A@-w+=fK zE|HS)LHuadiuva6``A*8P~~S%xg!rr9tsGO@Z%DY$G?A9;f=X_3693~0DH!zM|lx^G) z2f7;f%w^t?S8<&U2)`hN2JdaBpNb{DI(2gm=iTh-ezHd!0#1xVjkTWk{?jSs|4zY! zA{WTuid%SX*&0C=Gm;IS*El0o(H)5dhx+&pzNhSXGlNYd1wb0&vqk73aIUnLNM#Cp z)W!_ait@vya`LUiqKZW4hWO@6IE{&onCITnO0speO$1M(O)iVRImY5g6eHnd1Z}RkvWdHZU+_JZ895m$LM`9u z(wF!+T*q+)bPkKsH%T@%r!DjdA3#Xpc!ObY69uOjNj4xj855O9^Q`d@cHKT^(y!MH znVaQHXu<)6avPbv+}0m85zgK&9{Kg8$?kY(!C<*LmWnq`D(+spoCdul6`r5230{w2 z+L*zSbQdNU0h?|*|7X*M&So-OCCzPS_m$Z~F4$U#11V0706n2f1$V>q-cimL%e5d2 zyS?qumbiUIzrm|QXFz;YTIF|KgVA;4%eEJ61lg0NbMkFRD^mK4#oj0$s(%3?zXFU^ z$-lUVG;frOPy<%=XoLixT6mP4s4s-noZlC&LAV+BVzAixx?EARf^}5NNQSg$MTlLr z2L4I&uKnb8vZ6?KPCg1cAFr&BP|6^jj-(|Si~I0mLU>fgCfhR@tK}tmHSp-;9u?zk z7^skQ1upH3f7OWZ#eG8XDkGSZ045Haa7fNg%^Zcmu#QevCBzD<~bw@oH>4^fM5Y3aFwq{pKfiZZroNr+bSeImL*sVi#wa5#CbZHjS_VoOv; z%gg^jrC-!TuvoLTMUJu*jrIP$>O;yhO1GoCGPjdYXAWX`7+q&l4>aV(Hr!W7K6*@f zk9J|iYeG2{8Pa5;e8b07vaFfszl1y|9qN|(p-@W+6JotR@Fzi}H?9Y5b8r*EA|py( zH*f@!s<56=@6q~hcfR68bZnO_s?rKa`_`z#;~MBoCW)bDuTF=Mr44MtER4hG zu2*6wVn5kHD;E3av-MPi`gd?xLa*teX>mAQ8uTOa{uS|UYvQ}~vUO1iyZc_p`n4Tt z3%-`yY?b3^)hRpiRiKKKGIR+~ZWE9!C1oTuC!mujSy^#th!;Ze+>$Kv-B1 zG1cVmuc{^U%2k%4`e|9N4Jo~2U*XEkOVgo2HU&*~cU-KYkZdHw*bw-iw<)VcMr1e~ z?pScQ2L@BO4UwnpsTt;(S7pg+8^b;)oYmw!Lk|&gL|OmRWsA9B(rfnhYqv<1=h~*n zKIb2|hs6DgJ*?Q*#2W2LeD~2bT#?W}b1nf%qIv@JHTD#YvXh^Xjyx@mk<~lb#0?Z% zqu3dGWxWjFW|k47cw0vV1!7hrhkEtXXR70SEVC_0)_*0_=QQx_oBY<40Pu%0ik?I% z^j3`8qINl)*FmCfjBGf=-p!;GD1excsUC4mlaJ;m+-eT#{s{&~so-RBqp=@gWHyl{E?or(6I`g_-DUuc$Y@w+NT0%i zZt1%Gm9{Vj3LtGIyH>gj|Wt)gDbbxEi68scyrb$Z)M2J|YhXiU{ETtf#}*;8WGfhxhff~3TA|X8QLz{zCr7KyDL>Q+s$8J-*xZaqA%HQ zD8Uk?dbdZ^stA3vOT=L@dS&u=aYrE5sr_!w zcZh^X;94RMoj9u2S5a1sUXqUEs%lR;eiy>b_pFyVQ_6Kp5-2Yb(!&n0{<)iM>YNI5 zUHZa!ETNo0z-^xouT+e#r;UL5E=^R_TI+>d*$C|35z4sWi3u**7)Y42l!E6zhDUFN zMcK4a=zTW+j{WSBS>!Kzn6AoA)8eUcw#5vdhez&tbs);3hwx z+@j+?D`85`q_Fo2Yl+)<#eF7H$Siz)s8e5Lnkhl8PWbm1ae&0cO_j3&cW>dba7_om z(s#1h7h0(Ko*@pxU|A5Sm-^CWW&RrvnX}+c;)CXST)WnO^E}3ZR06{75BDAozu5b_ zk{$^q(6$qiZ!-O&T|+GP)*qrjx=8Fc_WPRTQJDAio%;{`ns0@iCMr zu3HX#$Iai_?tAi2N}atClE!|9HrtaW5cbz5mtS`?sa!P(JkZ#H$uyr({8Yo@AN9I^ z&cjawlYK+MPp}ronN{?-(HtZ4_*zr*cS@4WaER~7;pz`9`umnIua#^o$h2HY# zu9fHXN%KzB{uWJHo0OFv(if%aF9QKth>a4VE#jlLR$U@F-P}VI? zdLolRugS>B$HH3}5>WD}e<6`U@f!WzqmL%#1ws^{mEiP{{!js&%HqiE)=CU=kpDTA z*77^Y;snsodpe^Si;_9By^~4;O(S#q@wXo`po3BDVfS7fv4bXi+*<8U19;AJm7XxK z@chgMY~iFRt#Y8g3?##uz3ycRWr$iwU{ox3#vQ*pkY39oDDeC>Pj7so$Ld>D&dD!) z2h2x5=VE8jy${A>XOVAE)v$gz^f3@F z&sWmUQF@_|XfBUrM~=l4NfSzB1OVFECg&MDdcZ__^}~A!3y?u^REu+79li0Pye4%v z#H;xV{RbY(!`Z~9fs8nM%CP4w%M?s`!0|T%e`}>vAQkl9gu~h3s|%nHK{C#n%G(kr zKd}nW-+G&#r@u0^GYQx`Q%{evhOv`%H%OZ{xV4aXQ30O3N96pvCnpX=nwTVo9FJVen=Z+0-yJH*lKs~w=z`H7(o zW?h1K5S=W4azEyZaq%UP4KtjW%NMkyU$*v)kqh8!9qJfcJp6qrC~n)AtW3_&uI%#g z!srqGhtq@P|1Kink$s^Ve-dzpj&!qOE%^qj=H;Da-&r*CgB-4E#Kp2;TDa!1+j#{c64T=XEDO#CT zQ~6-lIZkH^WoNNC#~LEt<^#s()fl;2`Z5bX>A-X^+-*c5MM+kSW-LQAN@F5yqJ>eV zVk5%-G}pO99?bR>RmK-PAr}0Nkutl1rw2*z-(}_X)Rf=3o98cL@K5vj;D%l}Tk4IA zvzv2lW;{u;&NnwEzKwpnL~Xe9h3zGnBd&hZ|Cl>G5^Y5NMK^(*RGwaMyUu%!JBi=u zC-07;E~)ygf?xchHj4m|4UN#szSi5np6Z3`AZZ%rdoec{w?rXq(Fzw$vRGN%jl1^? zLH((Y`Iej_laIV!LF1YC2bcG;ugnfN$o?xOnMDG1bxHDBGUp~+9W~k_>#3pN#2FxgK)# zWVhA~e@jc^?=a-&qRksLZh0FVKED%Sq?z{V){naRV|w%W%Z*-&wcUGL1x#Ob50q}! z3mCgEBpE$@&c;m2G)&f9u`8hceQWe99Di;K;KPLi@7YZculLScfM%s1z3{PDMX6hA z{Wik)qGZ)|wD{4FQvuoz+q|xerAC*_yT$2p>fLVzc{;vr-AGJnqz3}0kigmdk#+x( zW<=1zQtRZFBRXzb&<|Tj6~5skG!!{=clZEsD11PIS#LakkGk(S6aMGmYiZc!C@&kC zu)W=&Q{NssUZV!YUY3ZiZDZO(KQkb1-v5Wn0_&AP5v+O^PxI+zohZnCr;tZvoB5(t z%Vs|odOf|>{2=Ju`&39vu_KI>Z(9RNmWIfc~WhU|ubJ9N@`ejG0$1JJwqc z()sZ6a60I*OZ|qA!*Frf)te6=jKiT%3k!9huQ}7htp3tH5|>(Zqedexux@l4B{RF4 z<+Z4YeJ28UGrj`782TgEzLSv8XGoJLpG?+gone*X(M_q}&&%5jh>#OD3*}r5A_2D^ zN>5z!PBA=Bp4rVODa)F>oG-51O0dfB>0UT2dXOOd;5?=KA5h7o)Q>H?bU|+%gr5s7 zA*)SSE1{}<`ky&~xoS#Pjy%OH#SG7bUmiY}7w*=-d=`6~iO^InEPR zwd_|)al>+TVK^JCvq+2vGJom8`VTGm`N%z1cHaep@$wA+@sA(B>**#9>&V@$^;!Gm z2es`@T~Db$ragZ6HdoBriJUBh@P%5{5@ZQi_dS?uO zXs0&>W66TE51zWN|H#!)L_qEOgojpgONY2eL~!`{;|1O?H0US$9^LbseWx{33%H71 z)$VgP{Tb5T0AyPrp~*#c4sh;Y0M(Q5AR-`-te9mb&VHf#Ne>-HkXI;B+HIz(VrHf} z%-i6b!Dqvb2NYxC1z~*;{kP2_=e^J_smUIKMTiW zDnkm+3sOcIZQ`rELW2F(8aludqk_2f34FfP0Ny+#_BMi?J~r92xaO{q=}xG2;DL2o zBkI|g#+^?MKL62=il&6QP1UdWC#~*_yI$Zp-+pu7#6%T`NPo28E;GiVNIT=UXuyvb zUZ-3M<~zHXG3mnh``?LTj((cDZtNgp_wb)|2H`(D#3W=X5vt3wi>cNa0eGtV<_8H; zZ^1blUQjPJu;Lg9QN+7LAWL>pm@J3RzAE_0T&VuM=H8=2&xhpwm~8n0iD9G7Cp4}z zI`8=gLE7$O)j;-=)N4k@m7_edx9vgoM>TK1dQ?Cz#^#O<_e9apN!x{i<^u1-syAkJ zJN$jPPx8(*#mjK?=)M(P?R$T;6Yw~xMfK(CE5`u8!2$y)^b=^&{r3^Y;Z~BQ5Bh8c$WyG1Yv0> zKTpA2Nt^m0F2{Yu5!xMfLs%pF-tW2JjG#P^d9{VmdYJ@$&)@an zbN=7(tI~E9a>h&OW6;?8@jj!A9C&9#-lfS*Dpb`Ov%=dY$ZY5d-+#`~qi+|^o!5-y|0i}g0JNiA6k2?H@b!ZN zCqJ^PbfPf#qjE*4(soqEMnX9)dMmMLRc~%|6Ib-tOzMDz`jB@f}=Vp_|pa=&G=u&Yx6) z6}Z+^+A}`OqO=;e?Ys3sKonNwnZ#y^JZNWj)yTh-ly@N7ai{)-Y~kpH%*whR|AEw= ziPT=#VT|p~->ckVIRR|+R#X1_`Ce&5J75NE7mz(KW$_t8-$IvlH;KGe4lf5yw`X(bc_)+ z0PNq>jTT-1_%Z_Wj zk?2n059nq;_Q?FgR@Z=O)*GP1E+nVk7oU}Kmm;t|fvd2`VQ#T=+qrJ#%?@5GnW4@x zm40%Y_|t)soDoP)<{t5aV_d>zceklsFT{D>N!q&Q`9c~|-n8qG(#Ic&`V6-gqFR+8 z*#6{fT8WXodh9jc7h1_l!ySEn{fBvOXAqzSx$l9>c;d0Lf$TBhm+$=4h?5)l)6&x0 zwDuq2kU$!G*ihKpyL{jVQ3m4gI(^%!5|#p~xAgTmy}L)HDLx=0OT4(aINe&n=pk>_ zREn2;MwiRT0;v*i8Zd|crzU>GamH}Gi{IrDFAzuXT1MQqzjbE%5bj-?@uM(qo$%c9 zLB4xG$-Sz}^DTIp^MvqFt$`NiwY+x`vGaUimuk18hB*TNq&CL34Yt z^gxdFpRWM0<*cZ|u^eRrMnD0DZ2`wP2>@GhIamau004vgj}H_ev2i9qy%3rLvB%7? z(d;2i2?4AEo=q|}>0d#93p{llI-gI>S4<-=pBig zM%zFWX?!TsA~f0CHO3f)_% z=7u-R2mjJ^3v!cf(FK|q^T3zGD9%#p8rq>_9-k0;C{*|O1$^)j9GshPI<^mvnqAQ3 zb<4T0ycUMQ{OfZEc__Kh4sa6b0mZ5pG5u!|DaW7MfYX$BTGL1bO?l*#R@^V+i?)zn zD=MG;X}16-tu}-Ii2wjzX=ePM?bZU-_i zi=_h{!PvO-fHT+C0CNdOm#;SyfCusGiygpC0O2Y&1#RsUUJ{n7oRNhQkq7*_>+09s z!(p6P0W7xuLFH3}nw@Tb11u(4AEytG{j-4ysPQ4e3pl8ZKQ9j#Ka!<~?F9d)QvnD^ zXGAnG|Gjly@9~3p$H$6C?s0H04zhF-pbs&B>+e?V^#Mhq6~%6D;cz(c9l7_(=&O*y zC;f!YsX8qHsL8kb{*rGq7-PACRSz!O&}Spz%%28@IxNR~!@8A%WW-RmptDlUP=!vw zID2W)r>Rq1C=j#`ZPc_8Hi?kfLUikK47TIXB3`!V=#UGwUPe)?@Cty^gIyfkrAd1h z0Pv666;>Kg%23Md$1Fl;l)nYD_x6d1_z7u0qr@f@x zCJT_^@T?qi?3TEIvpit*`{4djb8%65^D`Nu?WfOu+bh>VbNCg2KN0?O{tEw|KN?+B z$4Lb6l=(>Bu>BMDj53Oq28gL1U!Hgk&Y^ruKrOsef>&ATJQ+4}R5-T+$j zsl&J;#TU5c&MEh-jv2L_Ceb7=`FEbG&O9~3#IE;1MdaoS+3=j+9RX zritc<0FnCea89tfW?lWrVH!~b3)-k0^%|!STb(TUcmEb%fJ@D&Ghye$7;OQlr$fNo zBlGlb;SAW1-pVgbU?B|I2>@&Be34rqEGb%31k{cVxSTek;IpCs-}%H{N{rNhr}~O6 z2?Qd0Rg(|*I2ffp@(lg;U-D$Qh3bFO*W_1<<-M03tk&}_;u@->z<=ubZr}KAnhaqn zS{e305G92j#%6iXEFK@gJ3c#sB5eoIp?bhZ6izs?HC-%A6q}T*!H!S_Q?{p6Fo9(@ zJ!)z0Zc$sNd=;Vtl(VduFZPJRhKs5)`q+y-L!SVfpJ5p&GH>kFSG0uC9f z|BH$J$cF^&Oc{gvK=hvF%aqDSjOfZob72HJG;6Cx_kzps+SW{el$`btrCv+#+wB6t zhQjSY%c&|!__4XsYwIVsRS3d!-^a;6EM(=pN|iech*}94iy^tFRHpVL9@aqRA&^DU z{qGtDP<$3)WFG~VHA{#cX5B16uW`ulOlQ2h2c9KIF6UE|%#fE!-EY?Lq600O?pv7DgJIym?0 zDsOH`&IW4@HWGti{1fM}$FKus*L{HFlE-42-P3#SC(msodljk|-#O+z+nQeeQ4Txz z4@5l!=k()iPBa8)^^bqcqloNaY}7P$*&uZTKe6n;d8paZuYmYxALj9_B@;R(-J>Ir z!3?@DK{IP5osQ4`t=n{yi2dRhveTMa;1jHoXZb1x9p-E@*YEKaZ)a|UJ+m1DM zmGKpo_S>=X12Co$&y+x4d#rVSshJCa-NMAp7i_`xK$hw0AjMqW59Ro6vV%^a*eA@w zWg8cg7uW!VJhtzNTMRmj|Mv_X+4g6A+>Dhd(@#bPDOCxAXI<_&x}@n5rbaT7>Qo_u z%7GxSHB|C_crJ3+&oPQbm_?DvmdT|7?%6L5b{W1rA}AB#C2+Usx(n?rIVU$5xiU%E zgULM8Un>HI$5?+0!CAqxR5Aq%EobEupP$fq^NP{nz_VDR0EDa?8xT;?{S!Aum|F{~ zS>aWJM-Hc5ipjRy=2miPnUZk)~S%Im-La zoCmM!!7qjWGX|*r^=~-r2xeg@s+Ua7#A}>zZF&~_&AEB2=E}dv)AUHwyBfVq|G&3W z8aIi`^GllYIT-Lcz?5cB^uIhbSgNDudGS$9@-DteWO6kW)D876J&vf3LjQao5Ug&T zS&)qJ@19Zs!?AOhOa*x=eyTv@hD3#h>X+rzQ;U7+-a1mVxS>KV;wf5W^tCHDA(A6*fblOvZtIF#gT;YfFDq z2<|N`wvc|pipb7Z;>UPxstmI-z0Ksst1r;4lk1at6mAV5vB3n>mF=*jPW`XSp;wD}xE`hD_-u?bO&;gI z5_&TiE2}dNJ9W-{8CBA{9hK6Cg+mCf$^e4DE4qJ|G!XmmHEy2LC)Y-XB^8zlr z<%7cbivG2Z0#CIE{#u5~_g5(@ZdkqYbp#V(hjY(d2zCO1M9<1yrYc`zsO{IHMT1f+ z)z|xa;Qc!9f6BhjB}v;1C!rI#`K0^peWXNzKkCK^$RKC~Flt5oF=!SFPD7&droj1UpgFvUjmBr-j#n6<@Ohtd!mT>L2OQ6>`ne84FB<+t-(F+tSl`g+V>^;v0$=-W~vPY4*74W-_JOX_c~A%&5AkjudWP4SmR|@RSUbFz4v>?{XXT9 z6(&n3K~<0RdfI2I&AV^l*A!MSS<{<06FAi2P`j!6(PCI_5j;frk3ovj{rNORJs}^+ zVhl%B&-~PWz}k=-`6GUYkik*CPHx3=E8=D@Ln66;+Eqi@#Yrp zf7&P%EOw{R7i_~dfqT;#y1f0oyRY*(wuH0bAR7O@qyH2*Pz>R15n`(!ZPR&JB(h4nA{+y2t?_k$qC&H6a3acem>%ztFNPS$5^|5%j{_cFD~b(>+98N{Bsid><<7#f`s7oZDhmD!J!Rk&t@Ls zvEtV}jx9vbr?WQSBAC;2;x*Bw#>`ft;{(XYVnZtDko#NwKNeZgpD>v-({fc(C~C56)R z*QLARb1tXaW2HygYh;aGNCGjffl&Ly2oc!GXmGmK7tSoy$i@V}02wp1g)v9q%Z}mi z#+#%@c5%2O3FfVq`WF(n`@t7#hU6fdDbV7UFBQx7w z=W^=xAzvmENmR*-2lN0~AX-NXSVkHUcW4EJ>KdVke3N!gHkSAP<{0e@b0lY~!r|qn zYNd;#KS5(f33d)0v0wJyYCB514YC%7j7%n?2A|DF)wh2vQ!$tpa~Re?KAj=9Mf$d; zePaX;EV4t#3T*ZjMh6jS^MsvC>t)G8{=dGLLPeB347#iTNkbv)2fBeq%=T*DCWl7x zg8;z=zHPWrZ69bsC%wL-n;mc!t{j{a0200negwM2Y9=Z2an%_sw$b0i)l zU8F2`$}S3^6#SK%VaPIwW$}hSP)I&NWXHJRIz$IdT=44kyyPMLq(7f&pw7zF2yTX| zs4JM_`t}4^_UEIj;p#+HuX5q!+b{A=MRhYm*=CriYmIEm@(+hFZ8f&^(HZT4V_$e| z6IugS(B_AMOyJ%~rK_#deKSwj&q_1>1!>nFf0uaNot~0FGM6WMW0({^b@;~oK(i!c zd|1WtWUjxf5g~8typv|wa?78vh{9m{REmRf&ksSC>IA?dnMFVeQ`X08I4uGVk`>~> zfh(x%4*!iJUc=Fc&~{rcl$v*pJ#U_j(hE?kX47(v8~O8H@;0+i2cB+xKCk8`FPZB< z;?n&S*^v>I8h-=~T>MCu`E!*C7J6uQf2 z;4Rf92X!xJ`KM^;!XYxCL0C~DGCIM!_38-UqrL7h#HdB8pfHq*xM90v`Az=-4?y#^wd=~V# zZk4gd>wxcZF;B>iJyb91SHY05+q*ycIYx`R7y6-m(T6LptX#5sKH}qsc!PGOO9_By z0%akI@7$p7wHbgGKdpM>LC3rXvwGn&gU?9GvCYBd-NlY%hzOjKfNKX2)vH)MG{C!y zKSDidSWjA$MKTz94wiw#5tH)qF7OPFodzsCL*z$UxCNcE=~KGd#?ge;R(DBsJ_*IYt99slf$w3YS}(;NLGb6_jW5#K^gvLOKl4JdnVuFadqKRQeRtQzmoH>JrD;T%YoL99cwrTp@iJ|3 z?y@B#o@okS| zMmTh`da9Oc@RFd-VE&6MllF-*m|U-)L53G+bmHO)$vCM>5@yjx_!P}fUrdCR!TR5F zgPA_F+NJje0r}&kmw$fDu_TGa{}AX7O@&)t#mF9_^lRvMre} zjg^D@Z%gU|M(ibEFDLHc&g<_qWtHp7(90_$H`~Q!nfG$YIOMe(7BRBTRj^ZcAHMDd0n0Jf}UEQAh7Na%JoaGC)&7) zvxESz@XUVRqedd%lqekXYTd{j2kX@OL$Tv7h@N2~w)<%;6U}{FxO*6qR~_N7(7;}rXxhUhG~vtA^oLyw?`J|)od z?L(+4jC+lL+)$9CWcK2cf4o zN}IS}7ZT0$+AH41>!E`yr_T#bcoLP=6G092o4EnhnL@+UV-3H=UohT1DusOD#!_v~DDz?4AfM)l(mY+m8&f-lbAg+mS6B@ttoV{Y6v=yu9TREd6g)9K)f3k-v=TITY-av{yJEA{6h&Yd?mo&zo z7ib%(s&MV@;GaMKYnfcGL0MBLa~<5xS;wq=qiYsfGK+7;TsQroCF-E{JzY)VM>{%e zT=q#PAQeubu+^5Zw%YabPFOQ+Q5E|AG=4p%1eL3;AHiqA zkI-M{nshQ$xINkb9tViuPDpMOULf_O-RzY?A8NO&uShtQoj(uv%6>8`cZ?bb#y-Ke7g+0M0f`aEZvs~}E>I-Mq*kZ%u)~151fdLU zkjsHUCLl%J(BGZabT(nkRFZ3vsSnW$bN3~_0csQVC!cJO-u5#7Ld&*80;N?0Ei>;5 z`S^Bcwyv0F`~qAYhogaU$fnO^`SmKo1YpH>>J1PD+$Vpu5lD^F`a&&E=QiE_#1o2k z$sPpt`|m;jrwuHFN(&xs*`H{g_Tk!<0MlL?z7AfI`wcmJ)#i3_v@YsTM~0s}&uzKF zKQp=4#0)t3MmC6LN}w&b%aM$5t61+=x80%jr~_pU&{@voeYI;G%5i1D8rVFHnr9p) z8sO_GoWlOslVR( z1016RCX5xNvjcC?=#j<)re-AW^KT9m%Gv!B?XWvwg+UPBzpD72qblB4P}og1KK!;w z)Y*7+BaaB?r=I+q2XX)#h|iyU(QgVY632s^*hEyU;4}}1q3To4cJtl$L5ao~IkabG zr{y&*`?o>?dAWf+wkiJQcqro4I?~^v;P9|Gv`A9Lh}}+KU`k~v<%LEInX_)uS88iI zh1(h z6$}ZA!5veH25Av*E5}+(b?&-N0XM4;;IVwty$eh#6*TBKrGNe9m?SAKsu-ZLieZew ziGFPQhrC3dc3g^7Qxo!sKg}!L&959V(vCmq`O`lUue9*AH^`#)E`tKIp$7xFmHt{3 zmz6{CIJaHj;{sXa;GSRqnPkyGd=jq_fbY!Cg`ea!h`b^v7uQ(JhHMTcUy&iE%JAYOFRvjv;&r;>AWdAHzv$E7%y4#96 zEsKTN`{Yh_w`tW`l=mf~mpJJlsR~Me;Kap68BW9Wra1TglfS4;;?pqF*c~Ks?g@&h zxAA~Kk}{={rd2A9P1li=q&V9y`K!BKPH?cO*eg`zUyUqJ)(N;)l zcS)~lk0hnRJTn_hHpYz}r9$COz=(%$uZi6p>Tbh0E3CgUTj?LCP*u&i6>Z`D^%V37 zZT}h=Hdr&ES^V5h!*5)>FBXLGkn}trgHWQqZQ^6r54+Y{;5} z_`Q7NZ@2u;GtnUx%x~%$9t#N*IkMIyPyD_=4w1PA*0E_EwQLg~8!A5K(-)Xoi-z3F z($$ODN382wqUA?l(kJdFDHycHXx|D?f|r43(wpfzMb7jfJ9`fFJ}^=A94WAr_*6oC z+Exugv>lMfzz?D4O4*m|+S6|UDr9< zwoQSqwC$AXMpC1MlR_%U23Wox_iW_y&tdM7A1CU1iTUI&)J*z=R6sVa$9 zZL*ht?xbZ^u_xV&jG(>2wmI7N`?{|FC3aNJ!=f%?*E*}()w~<&3s?Dnek(mjKjT+d zkp*gdZxf@fyW%oXxJL&?a-?ChM$or#gHkK@n)YKjP0vrR<^kk?I)Pwpx}ayI;UWU2 zFaCzu*}aZdJDeQ1+KWNx4ey)t-*1=GvypEsSsSIv8%<}shSxeH*PcaXu91ggNTNKBp!4VYp-@~?5dTqt5mSSjt$=4BIUI)l7u-0 z`q06z(HX$%h7T-yc)*VtA!4P|upcPKl3@ypN#pDFEhcpt?3N0MEBf6Z{9iupr2Cjr z8tgwrJ_F;Yjurs?#0rT%_&9sb;?Q9rzo?G~!7WK(mB2%R_VS-9;s5fH@W-abVaWy{7DNbIhXeh=%DsLJgZ@9j<^T%Cq9MP|9}7XEE`7kV94xCrBCg~T|F6( zrMxZ3em&c&e+p&DC>ralFIb2ov-X4eQS1LcCqLmIs*B*WqW}H-dv6|rXBUa~B%kC^abjI>R3&NHelg?iXWiGVqWGjM;_urL2qdUmy)<8M?{~}KM2C48{ z?e6>Z$fzj|=lOyiL6z~K6*@0!vvK%5;h^-A8)%{ww39#}br4Cdj2!IW7}trL2QV_> zJE#K!AfUsfCo`S`v<@8=&h`}-cg7?DX(tnM zgTD*CdUWdljD_Wo=tqUTs9EfHKH!I#KQni=twfNY0KV~4>%F?1pacOpe0~4z9)3bC zBL&PnLWHX;FgwDuAA~c^NTCO!i3jf1EyIZNkyEQCu#ar|ZtnHMEY+M_=KiiPy%;ca zZQX#6F=VJ0MNqqKiDuOo7@MU{)5Ro%|0Q9d%(>~s;KVPz_QyWN(3>h@Yn*qLW z!s95XF^ad1u$k+X6WQO=ixzP$MaYR2P$=u8J$vpzMEWEQk^gGiSw}}kdxA@1dUN;# z3H*MFAIe*}{bU9QKo>VoHijBN@_8;G=VoQqFWUGf@CynMCjnr|id+1vU_pWB5{VE_ z^#P}XMb!lXPU?ChNdm)pNd6BJ(PcLpqt#k(Vlg3XHRK)n3}hR8lp zgLY%sCh%WH?%xcJdLVUE?1n{uzKJ{xB#mcR02XsS;*gs;q~jEtj8feH6D+ z)Qd6?1zJE!q(Cg4)9O>!9?Z}8fr(GYYJN@CT6EMgF1uaoov5fT*t`grh)>A{x4))j zOX%x#OhM}>S61Dk@r(Z{y`SB&DeQO{CUAPQgTedAx8*k(}zz| z)33hTUV5DcerZCOjIzEnc4_CuDHMJ;vD2wIbr3L`9rI~_#a=3bAU!poKwnz$3g=Ay zQse3S4o{!D$n4boUKlOdPHR7D8RKn2PJ5%>_e=U?z69Rt)y1p;)|#4ONw@)uvKs}m z3(anGL|I&Or{2QQO_%Kzfh%0brqVn@kbAej&!2NW6T0O8=v6C!`q4FlGXt$34%hY{Isvq7l0-l5Y~|z{a<=|es#E=3 zz;?EHBA`=NwZh33ab2&Kt}!mx=zMK$7X9E<0LW3<9`Bfsi2!~baq!ZXu%j2 zWTQA~1s`NpBo2}zXGERYR`ngS>yIzr_B+2Fo6(i2slEUqi}Urw2RQ0jr%*BYrS=AL$SaMQ9M%hj5?#~Le4NrpBa7`@u3CD0aUcXtYM;^;p-%OlUJNF^=Q0Va<B&2fR=tAIP{tO1P{$UGduC2RGa^8obpcI#WXN@2sC z$t2b+m=or_6k`K~e4~G9I-Ntz_B$7^ViMx8a#q3PY|MF6U33zL19cHHu-tsACG+_n zggN}7|5b$#9}Wylc#|T&=lS#rEz&hCZRh#x>sz$X*yr_%>xr66iY!LOmrccO$N(} zHNtLY{F}x#L<7qY-xC>c>YgU`cu!0v3P-Co6s`X$nCya#P6@WCC3Pg;LL7fK5Ag}s zfe1|<7AX(*0LNDdWO`vCa>rV5(uT;;4F&0=U{O# z3Qb>DN2M5!$@dJ|t3;JVN)agW7HXr%+*(wq-cG2MQku;k`5@*2?Ah842Pqy1_C>nO z0=fDt7+|E7inIk@zP!oG)?988@ne!g;20#Y=9Wg$Kk7JEy{}f{5r8$VTkni_2vi@{ zQ8(kkTMb)O8H9>;6A_V&C(H~D67Nzuia*RZemg9fpP~^-;+x)ao5pzjuWyE(gabNp zg;91 zvMjYfo>x?(BOGQ6Q~$eTJtk5H8D!$FBE!4}&!xTuBK=%E(W}2ck4E_s=)UCdzLt5d z``UNu^>G3`tS84)xV|#%2v>jqE0urz4ArecpWNypD?~{F$KTXPOWr^ri)~D-IRFyxc=ha5?n{(lO!oAlD?_{F}ZA{8@?h3@+kGb~E zM8k$RtKH0`A&Q0Ybr1^q#ip(alx%ABJ|Y{IK)mJm4qK} zAS`q>Tzt<~J`jAVCI9wfpU#}A^MLf_fScC$uT&GhmT+mN*`K5m89X=cXxXKtlHwrl z+{6!=xC~TszNX`?&2K~)&GV0q8TEM*Eu44L!kdD>BuH?>Zo*J$m^TrXLI;md0% z%#zrK+Xq+OSF8h-HZ$_^jZgawA`J$}HmR>a4#OwAc2ymJeCme6L2LIN`d zHUCE~>Px^Y@!?&f?w8JE!9IQ=qlGU;9d134lq2TO{y=Pa8Xr!-jE!0%l%i5xk-#&9 zv&$5>=5(u+%Hb=ZGb?olHn4&0qfC_R$-CtUAk<9VAhbAQ4#Bir*{rNuBBMw+$Q?&; z7dTN|{&@Kj!wB)y>}d#9NFlJMBy$j_5dxM{>HFSVN;EVka8!^qME>h&<#mc2yd7P-`yb6jFt9SbLEvkL^H1K;KWsk+pm=dGXTVlT#yxRWtPC za(526Fi{nU(#QW^BOanm7f2Hbi^a#aV8E05o_KE`XswmL(rOdCJ*ZESupG%y&WNd7 z%&F!)_LTH>?2=fJuon%PO`1bW5M;YDK6ZpzDA0rH!~1(#>?ySf{K{G@o(quE-}kzI z?1_0%m%DBSEY+UP<}JV*@2iWwCE(vOP^U-073%zyu%7ciYf(-63;)7dbwXZHMyQOi4J$}-hF!_apB0Ra$wO`cJZ%GDm})|xLD+fN-w zkFn#aRh}Wy{7e>bJ&^iDtj<#-({#tsbLZXa0w~k!vxfq7$pT2y`Ab`a#8e|6=0G*2r{ z^rfo|7@D0kY-kTKik=F4^{iH8g>uYC^jfFIR;%qLPIV0$>>p5}e|Namvf0*%Mt+qM zG^n3%mp@h2t^S0W1+`b|SI<@}4Y*r*&FL@1H0LGyIIKIva^7$Balb$~}3mJ{ubAu&$em4{!Pa6ZT1AX9kgWT8~7MYKTMSHAv>cNAsM;bWVhNv`^OI}cmBgi!UY1EHpF(XgYbJt>em82Dr?#w2|LD~J&2e5!5 zJ=yQN^_L7Hd_BaF&Vsxc0o9HGD@54mOF2n8P3-P7qjf^dkn{eebK!v7hi`}r4Dq@p zoB^z$QOo1l16}%4In0*^Xc9yyZn*EeXu8ERJ+f6CL78PlvF zyha+)Xk4J{vpB%|z&NhU3pYEWK{bE`Y^Th5#()b05)&1pYriaW^fG?5SPz@T@7ODsyUl?8cMd3QxAD9%}j*wq+UZ*55$z)|#D9EO0le=pnic>AFWg)PVb^wQqwmSqHd z6oyj}Am95(j0=L3o^$gv3R)72`-DT~rb>8ws|1*7@nw#&WQjYtsG?!JGG~kztgl0~ z=nr12KQ?U!Z6$nE(6S?F>z6l6tGBUnQ9OoiVZYB~Iv#i)r%bZ$ayW~5qd_w-JTgF5 zt7vBad5Ks)QTimQ>&Wb5Bjk(b2_k4d@}~&^b>A)J>2|8i4})^~C_>@z=g(@1ZEeF` zNhW6KFQW++S9!AUCoGrtmJ|%?_8TPLNpV7 z0M=A-o3?52zcZGM-fFmWL>Jbyd--%r`f^WALS95mCd&$o1Fv`;OI8eXQrh<*CRx`v zt``p>LP`YNJ%R|~b-5qDu0IM#PyR!otu>zn6>9a?V+Q;?1#>Ibpr+E}6ftbM#H3ML zF0H+-bd`v^2ai5je5+)|w^hFIAq=#t#>r>puI@&#loZvpgcg@|!2+Ite&OM9@PYUL z1fDf^n{LRbsX3RpeE;Zzx@6?^t=oKHaxzpl;yqbW7w_kJ9h8zpdZX3S+ykOG5E2d1$0L~ex26yGt90KUdyKWcS>@idZ{S7|wk)0BX;HPB3FeFY zJDRrdTL=p}^XbR7$6uqAwobVg3L6zGrYp)pqQ!uVU_^EI88@wmCGvh3*%-tuw5Wca zd(vwBFVu{b5wq4x5r{Ug!q6cY#WhH9@kU3(-FJa!V8SQ|v}(UAjw2xLO+@Q2^whhO z&E~PY=ffCb01t_Ua>VvYA-p|9hu!fn^5tf?OCE0f+afkRm~d{f*4aDiIFD0fy{1)_-Iz zCSsz-{t*7_S_F>_O4Dt)RH@>^%DHUGoz{c>cIu8C1rn1^qwEd2pDLxU3;~ntua!n5 zwzis6^w16C9`f_M(z6levtH-^7XQOk=e5# zIJKzM#tzP%+K%!W8vlH5YAe*Kser>h!?RpsdqVnto2F-dyJ)UXHD>OGaMg38iPo-E z742}~^CdT>l6MrdezPVwHG$)lq?Q-S8yRHqv~ZC23%^P$i&}lXQGKcWN2Fb>k;jdZ zLRG);jLYvAHN*Gj#1s_tK4G^tZ)!t)gCU#xgiC$WAV$#U>8gyx9d#o2mAYtU3 zR~mRgh^}b=MXwZKk^1h}no6Z_6m{7Hz37KpKTu`==*viXx@I#*l4d_y0?1CZ4Nl2b zB~J?6J}T7x7>OP!hNigdY8Hlwul~AZG^Jd6VoQQBOBroT`^_y#17JB!1F+n+7U^O+ zc2vqgXa@>0L~13@gO5d-E8e87-<;cizWZZb-ivm0Vwaj{qQNZh$~KAiWUSqQIC>h0 z0KfArw3_UsjCnml9H;{}YC6k}81uJ6dyYnKrEEAUb{8M}%Y8qF`&4;g=<3QC00vunB>KC9?mCdUTDAC}-=^ z-Xsrcl z*^gP)%Y(a#<`DB?(;1pr!$pwfGLJ1!D=tExR~eRR_j=C$lLz97S1WkjHPXaNc}6;I zPX(p|UGY9m5{yMCpxD%v&NyY-6}W^c%N@`0PrQ>y*s(FE%l&i#i<>bl>jV|i58G^t zj^IB$C_V#^7djn$y*wAQJ5xQc)tQ`DpvofZu_lKt+M`(k3 zE+NV52+-d9FmKOqvm4$#(>>Z=z97J)kYxCgeTO{^=N}%c`vzRsIrxNUqPe;E-`aMp z;SM6OjUnOpY{(U66CjAGbZJB2wMB~O>;Hd*f&IeyZ8>b!?)1>$hc_P zxt72A92l~QwY}Po#Diq?Nbg^F-C+;E@8(JHE-Ow*E#Pr4x1t(`xrIC+jHB)Q6^rMf zwKPd_(O2rroeFgk9C~GR>-&!O&ph=_Dyt5Ddi}N-bJ8ACY3w6TsG9?Mn)%gyu3r|! zvceuEHQg(-o1X-0aU`fH6_VRlj~nhQ>tWyAgzuBAC&7CJl3{8S&P4$ zpN@GMmTrj9f{lnL$XhBbLI$he=*#W??SlYCh8ZZ?{>0TW)daS7Ex0sZW>QPluhi_5 zV!6fKeXz%*6p%?fE^1xe7p+)(UgD6l4$ug_M0gpPIYgQQsav2$ zR)m!u!lp6xV$izt!+onkOWP#l89(lg{TpK22iApm?=S=z8RUfj7}}K>qq{u`BCl>2 z-!Sc*kd<0?gpvg3LJ}XNxhJX1T^<%aiH|o-VCu-LySFj{MzM&q zSEL$!jWiNnDWlqKQ~s7)g9?Cg_I}%xeO3s)Uw8;hR=GS2cACZtR(j2Qdam^t6Z!H- zN~8y0om`(R@_nFIN>_)}%gt1|ybmrglZt8R<@9+B&Ws{qu|tre#o#^9HDat!=Dfdk zA=!3=(6I!SCsBQ7c{BTELg}Z@C*zuz;dg^_XdEyAF|Yt>90mf`*)@(GG?*>lIGseq zm%k*>u@DFHP0tsNv=Q_7G@Q>|pY3TbwVg$VS6Ts})eN%&CO@B({a(z47-q`B(x66F zBKYNPg{#{xVKMe#`L?jh_m4RgU2nXlwJQ0)4;#I3)iX`sx9k5nBVXup@`5X?>`l)0 zN4GgGwq;PuscD%Z@Z;~nNt!4X$!-PUT;uf~4f-2{Pd)t{Ksei-`@>pxlFy-;t?1*X z`jcXv>f?y3PCDkABsTt~H^WaMYcUKFK(8Z{^fXs!7#($|mqw;g<@$|hnI4Ru;x}($ zh3MH6hj52<>1ou)^c0UWgg|WnBI;NeY|hVB1EO(+Y{N#Jb5E%K6-UKoZ#5cOOMfSZYoO*RTrkluf6P!8B zx>v3Vq2rx@yQ_XdCw*3|d0?zanEp$1SY+&zQb}P`GtLABRsLJpZxBGZ9EL`5TaJs* z01{BA&!k;hUUwNuxqZa&Tsl!zz*%eoH@fDwb}?umKb*CB_{bwSzVK$D88PkQwR2-dJm|LFpw_AMv@;wL*k5sF+ zVbks`u#&!wy&A^kQyQ<7c1wTC!&twRB+Yp}A^#?l3nnYPXJh9X(H1UZa>H$7d%7dh zgonRS$!O30;jnlUk@5D1id$*L4-gz3LV;k?mc(yV|4@r|XyX6ncyqWjGB>w@4RFBw z&(5qt3EKc^H_5}iFwJ0y{sy?5I}>R}tnanCZw}ep)6VEz=!L$KU$A2Bl_XEqL@*I{ z8CCiAhuFlYjk(ewuI#}`ibABee#X{C*%PbXO>Lhl5MjVJ zgaX_6DWzZjaBd>e;f&~Ym-5@CHJxM}sv?{QkSQF~Vfwwmgc9`+&X^dxR7-vF?D>WM z$f^+98$!(S*ssHPC}l%``9JjTwF*rCR$LG!SXww&HsU6*NM;b%R6lH%NG>6$|HN#U zkaE3*`Fna=yQ7WQG||e>7i>v}c@VCdWi1vyjt}CjhZo5An`WybJ**dvdDE&?4p^bn zkj5Taii#t9>?J^Oi7}p?tjzhvTv_eONU1UTsr;IH1p>jOmd_sgA``I;1mh2_&u zHuVp$rGb!D`(UQV^dLRohSJ3wT5H?S82bfbT-Jb5p4Bdkr1r#< z^6wrgF+KSBu~ZGo>L9!Jk;9+-dOsWa{N?HFU)9#_!bMWso{B{(9XOIaqx0u1Dz}LG zS8qFQJnbgx<7Z!l5W@&W`=1P)e3-=4wVXsR<1gIf3iengjFe3 zxvThwqwpnLeGeDId-BsVl9F}yE3Om+@A1$o<#*GZnuA8Ail5y|4FEls@ zwM#9Q$@+y|WjjaRcPUktKJq^g?bVW4{oQ2iiWUF0s$UFDiXXG{%?FehN~Wo7sq^pI zSV-!W0RrfSJwkwpAHEt8lSY9Fh4Uoo3`U$g>SD*;_rCR?VPmDQ+95{%%<|wi|3h+L zI*LyYtETJ8uxK5ts~FCU;h7fx#W6)X*>vZ5fCyzRaSW{-EfWPV|Cr z*f)g8KSn|<7)>8gR(z7FNKYQuP(4CqUtQ=1B^petzbLGfZL{}sLT1Yk_IJ50_FXb? z{32NCh40FQLdI%H!W(G+`~3)IfutS+u*Ffj<+wH8RL?4 zo=IEDQ>atLPgQ37S$P;4=d{-LH0mH_czaE6u=_05O3dig7pd?N(HlYul*}|k|8(UY zceZc|9vDKH;f|)GXBe}#WM=7OKR>Fm;{@#&@a7%b>IY!Z>WNk{q39bH37LhT;=Yd- z=q8#@U9au@RIdK~#M%4|;OEE^0~aAX=L`Eb@yx^EOF{`oh9Zu;0hHGXJ3imN;k|NT zL@lv+g{>;nc>+c(@8-$Bt+VV%u{Ltt4p&k9m}520Gx*~Dw}307?*LHT^T`cj34&qRbz0iya3T}t(xWRhFIuAoRhX4C z=`wck38!|ox2aRi;@p1+1KPqRhpTf{dpcuRDP~jPE>>^Hfp2#N|2SU3>ep$EqxDqw zqa*|Qk6F=ZVK>8yeNPR(RhbKJB71Xra|b2#i=rau#7h;UbFG%2`)F=8PJ51*0eO%MxFOjz z(Jn7E(K?cSW!`?|i@~Q;b7U_mUFaBy=b}xt#a`eCLmM_@_2TpSvCtW&;uCkraT()+ zD)ebP>#d})8vx^y=T)AuQrEGa7 zT}1GzMax;&%E%8xZ6T%glqB{&T4fifWHp{6lLoQE&++(7Jya{qlL)4hPgl*U%7K6> z=JVCifKEllwOi%0;xrrasnJE`Lmq~T%2#sWW}Q+YX;#_OpoL)0dG}}d zcmxqIN6!3f6|RFY0axedR<$$aSAB-rnJ;EZnsjeVHC_m;29y9&+{;$SDlzw|6sxyrjvX4|xHv%z4h z<(;4Y+dFQb&1IWCd?-E)>zq2b%u3I)OOvBiUZomi3wqEp)|2FyEi-zliRc7KVV%sI zt&m$#cifu0D)d}Jk8^$*o45H|@%vPz(4F|UFra9m(TtU^nGHdqmZu9S(!5iN$9N(fA)`K0((0Ysm4xXE*nnJV<5gyo}lP@Jk6I zQqDre=U3T-=;GEp;O02Il(^th0{A8byLmeHNx2*$%QzJ(pd4$v zMXJ3c>0YyU-a^-dzli^{XgjJWV5C503B7VJ2r1t=&Rnnox7jwz9YdRh2o18_uchrTi7F@pIQ}&8 zVmcLQX#iDYG|6_+a@n1?QVkA)a&QHIG7pAkU>!;X8K(3wUVQW0vQrHcWQ~wUl{f<& z8yC$mvE$HNy}L8EeO3CyFDR*|8L`_OrUt&c&yZ_2ntt(1{%%(lOf(~6MH1q z)C3Z}+iV~OB}J#Y#bV3-yL8`5q*P{HmO&4`afHGhH)luW?MKhBZDZ@()S!Yj{#g=a z=>@gVuw%Yrw`dmK??=0Xtljw;csX>iL#b-o8Re5?=t~wWleE+r&M;tX7QZPt!FT70 z{&fL(npTF36;APVn(PTbdCMSN=kR3(uEG=&@EIb(HSofe1JN~C^g~XgAb#y7s$m*4 zv1}bpVU1tYZdZi9dURm`og@yFHoxA3Eyvk;d%GVW=!1WDr9t8_*OBM;X6!4K)qdMq z#Vt~&RV&!}esG8qM6^S98Bu%sVlXaI7E!_7^cvE)aVua6k|b-Gwjpu*nbxXVcE3Mf zkgj=R`o`v#@6jj|@B`ev29FSl>2O&S_#*7~=%^U;;3XL|0>}ykP4{JuDSwR1QgNc8 z+r)PvQy_@=aOIUn`&l=tTU*O1S~Dl4+*46_Ce0w$`cYnT|KU36<$5aTbWEY%-Tnbt ztv|UC^~8|wGx-`mE%hnX347&O*H&|0vfuBz=8-$%sCr%LxspHCWfwf{z3$o5-s);~dLep) z3dM{$U~QExd+>|OK5nje*;#&toAQX{nq$T!euzzi$Q2KG&allJeQ;5gXNMMimugde z4|^*tYc7O$6dy zxFQqgM7Q1dSE;uFD_Nr&oP~IYre$F(yfRSZ`kpMjke>&*;1nO5U7LB)5Chm2mCEo) z$hP-DaPx6!S(voFMHt!@$90_ftm{9mBJxFYN-ztZ^6z2yUFGz&420Kp!W#{69k}i9 zATRCAMDm{Fd;R?vBbr-%1T)6;m@xj*fJ5KMpf&hDPGBW+hvk&Rx>mbb=tpf^-n?y7P}d!&=*gZaTwrb@ZlyGR+zWzMDLZ5j#vuT{@Fe_4I&#Swm4Q7V?(kc7U#%q1<#<3+oXX>#Og4l-mvfSCKynT#AR2vV zpip!H3IAl$EX@ytWHYEQV(6XQ*d(MPmK2!Hy`lF$s9S?}5PWHkq{;Dg2ip^Y73^8k z@QPsj@j%pK%FsJcR+m}uFIdhUKa69Ys%h7PBVrP3EP1FTvJvACI*E%g2z%cBH-N2`r=(&dEiy{E|m3v`9yypEspABXP zU+q1764?Z*XV_;zRgiS zk(_Ff;H5NpoociwWF$*8qO6gfvDpA7EYopcA;m^Rfz+k(%3GKAoddyrFqMD^+;AVW zE&tv`y<|TgrC-Mkl(W0X>G*Py^);T!N!n0@ec0W|MsB)E+)eI)f9C z@Dd7NQWAuw>y;Xe!P!P&(%|}ZM+c^f7*sz$`54Q=`xWr9$lYHJs5&x~mt6VI2cY7^O!onA>iSFwbsF*kmop0-jv~@qYLFZa z3+Dx(76^e{J}$>S|0}KHi7lV}Ul<}2_uaTI^#D`*dl5^a?-Z6hW0)8)X2a!b&6ITg zFi!Nr=0tTKB|F`n7* z(CGwdYkSm_XpLh0)^!LmLQE$}@1U3>f16NbOGh|jHumOP6HAr^gx~1bc;R;Bn<%V{ zNPSpZ?N*OnI|$9BLiJ?sC}+Bug`Q_ul34)wbZ*)T1A)O%WVJwrNPm~ANBpAsejuSL zJ*h@+wDeg0!d-)l`a;ZE5^(5O=|8{oEI-a}2gu?%F!L?x6-NJpyNj1QDsJs31H{9J zw4iTnTC4|ybx!D~_L6q_PK@c=7m9;UMOUuKZfW8%pGzqGM3pQpHpCxLH!Or%s@j&2&o7meuxqGlxh&tl;ErVSts6u1Rmog$ju?zvp+$Ng4a+YV`koVE zxw;`UcySi-ThMMhGiJ_Gm*?EzlEDt+5}!oCRcwvA1<+%?xkXeRnUmHS$~gO-_4CQ{ znkDWu0MDKNvJ^?sM^tMNoGWv(Rz=%YDN7FWK86A_EVW>wVcto4ku;U81pPqt+6A{< zA-Brl94YN^dcTOEE{n`>F4Al6yqZTh3#;~WnBqq{m5Y_YO+Q;N3-Y+lTdvQoBl`c&Z*=@E#P=<@{Zf|7k8fn(IqXzszwYN z@#6c=^6q(6Hc3x;M{g z*laSL+z&QUi;``n>3Ele=AQ5_PCE`8*&7+c|Jt|P_!r|=)_Yij1hRr^M_UY>{|B2~X(-skuA)|WFp_GzKo69$;X z{NtaubX7PAf3zqI0I+nLV}ODVWzqR_1G|Tngs27^{<=SIfLC z4cTI(Dql<&GqRDRWJv8+3Z;zu+$r9@dvDp+xLDp@DUCA0B}Lt+W{C2S<)uX{WM9g4 z(7r{7_vyJe%AXpWS2@c1M~jJ}xDJm5b{*i>B!I17pMJ#i#?`_gvgB2BiLBr5JJ4_% z`=bGCi2bXvvTtsr)nLB{+m;L!Xipv0JAU_M`#|GJUEqDAId}72jDp$YW`;^T^4P*T zXN%^+5e3%lC8h}&J79Ji&3esdw!8H_l_S2$g?A>6j3EoVOV_#GLKy6*XI9${97e~a zWvY#{M)o;qKU4SiI{s);J0HmG{lwCm%W>C0`2T6|Eu*52y7pmZ>#hPK}{Px-BoPGAb z_H}tH+M^{S2KWP?Mf0do$DY6I*LhCE3vSDx6-h-dA8v1ms>@4sLJVX|0O`HXKBT$W zZ05G(V*0jeL=+O4Od-`v@C?P$4H|JjQba_+Dbk7AR>xKx%-5e1E)+FFV zA}Bg(8oGwp>cC2DOk8W8ZBMJW9M1g*UcaupqTf>zibLi^euR9d^3(l>+!fj}wVwh$ zVw!2~(7G3Lb|Bt%Be?N|64Dxs6(yQGviaus)#`lok{A0^&a)elK!DX2pQTBiH9c9_ z@BIau7TrsCxUfZtPi!V^5|(cOtDh(d19EJP4?`8^iynB^>%{bOd4sB0MX4bC*)1=jY8oV%P=cZIX0Y1`2GlKbWkCsCM!5KXd04l44hQ7GpO+i1 zcG;u&Bpd0TO@0LFxxBwhvr(enEg~l^E~fM__?d;tPH@Odg@5c7?MU!x40m%l;SK8t zBScW;TJil~__?WkFF(W=rEA}#gnVIZlsNS9*QvQUPB}jU4Es5*8f|!-t6W(P+vuG8 zG{-rD9`zQJ4b;Pz=HocxPy#%r)z*tbQkTFe`NzYL4VvF(D7y3v-l*Qq!7P&ga2S3& zEp*pdI(v|8x%tkog~hV<<<#;}(+HUr3eTncU*;&UvL=`9FaE%Vq2%h`9Q?&pM^H56GiRL{G8^#f7(WiLgd7sfAde>Vkqm zHE?3~1r^XqI!*LBIRWiP9nLh$?rE%QBD2nJzf{Qpjm#RHbN&HE zw*b=*-;qAsy5CaQa$yuC8R71S=-`92(mq4;dHK?~UIlX_X#YCPnDcY%r4^1hDK5E1{BGv{wz zIj6lJpV{0q{9R{Ak-$*Ckt1lE`+zTjMr6af^(EP(w!&F2ffYm8Fm2qXEg5zjHy%Uh zG9B=yZX^jiAbObdJ0ty3qdlIn7D0G3oQbu1ISfhW{K5wPBIV3+Z}p_XBMKW3Re%m8 z{%Vc|i{(=!N||2@Xfq6Jl`M9Y0Q$?Fz;O?m`g}#=h?kGvT?3Ul<%<(gI2T#lzRo|F zYhh}&z%kCW4YocBUr~89aE6PitU6mh-k8xu8+$toSJBUqWw;4(>`&p89 zmKWmw&E4yI)7Ovo<^^>6K-hf1UfK1;V<@tEW-o#qbs2<3?;P%v!k>{QX*FKBGSNfc zx*dAh$IcF+hLF*o+K^gMXH~ZqkU|V4=9kXBsLwqQ-As>^_7OXQm!Aw!NW$~mWnw?o zbX%(Wwffq^y$fH#eXpBPc$Q8A-P|avOK*6~Lssg>1o>QUKb)ig>?P5?&#~;j2Hzhs zE+dhzy__N8cu;Ld#0Di0EI4?4Cv4EZ>`+M1={<98^TM`#%T3D1yx3eWuQ9Z~o#}kY zbD6huV1Yl-Q60Q8WFC>H+IhE~3j`i2hX_FlhT|=8Xz)9f2O_y=?7s7L*W=8;B#;aT zX!q>f++8mqF;*_lkoWIIesoR>+za{k*r&G4I(--O2$F`bU4vhVuO>}Cym{R#5a`T{ zzc1l5uPvJy^yuhz&$PyaF&q;Yd2hG#s8?ZzLGBxBn_so(=Y$FSXCX6Gn`LX~V)sw? zZn&3M!Ij8OKkX6)@SUYVd! zZ21uUAOA5E|@jzQ5 zWmY5i2og&QEf(=|AZoH->>Xn#!!MhSIi&d>O}UzCy?xenHvd4je>5j8k@%mgOl+I)|u7Y&)R7A?fpBm(6u;K4!+SU#yyk(1>>~cFZ43|7j;T_ zhT3%v6aQ!i<4YGB876jx#p(oybgB5IgfC$1bEc^PF1Y1N5isxmOKbl6~*Q?ph-b>^ZL-F zS5Dpqvt@{ZhP}*F@3+T7R%6*S6RFUvkTwv9IX~pI8&0HCSe0l;AWy@HX`uJ2*wAF+ zij3Oba{5lZyT2$}Zd}xD4u-gjJ;Yc`q7nO^ZND#Xd*0{FM>89>(%r^e<1$k+g!iz} z)et`)x=8-aG7RE^D?v_c3ROEHd1Z-uH$m%w(rZgB0@qBt4&QD-@M%LiD`Hy$^VW83 z9`Kl0qz0t&N0%l*@YRJcu+61~!@_}1bAjRDjlYDwXsgsyhrz6;0!OgCsScuGhTwbh#Z1I$b>7GL9tr^q|(=0K|t9 zZ#qoewW*|wNt84c zTsZxZqX}q%1T(P>Z|hPgfRshyLn-%t;+Fn(-^9!{pmr$%ZnQN{(ZYex3JDE~E(F8I zk?n%Ow+F~<0S4;a;1fJ(-2WCp;_`GLG%lb0&JWAA4V0DRcNLUf=LlNvS?J0oY7X%v z0MS1_D8am-iu;%zl`;*^NG!Ah;-U_wh{y7<@kRX&Zi$1i>!ubtaghWp7Z_mS*`-|= zdgXFgX<8I4!F7+@MQJqsf1baq-5v3DAcz0mstzTDL3`a(wTe4%73n4_gF`A`}*hT)1_@10dVs?CZ}1Ys%jLGqmHK z&Mm7x0pjC<>vvCvA6P^zCw5w#kLm^{&9XOGCqq&Y?zShbh?mITnaYiOQ_5M&mWS^o zPbF34TV7i#HBS|YTY|I`i?N$z?*Qv$x8J$Qo*iz$^}qR@(~DDhg6rU}wYcXWD+6p- zy2H(zcDf+5_@XI+z^>7qjSVII^$!#Jpw)b7r}speQ3msNfZ}z4NRX5aHi_FIcg2%} zneJ!ITShM_Avb*{ww5TX2}hgiGz6o@LlbzD4T|Z9#%w;5^~|NQSxj7saEd-qkx3n&$2*2_2x0b|)QZ6S+ZqDi8i-O1Bm6LDGG z9NUwL{u-V!Boo0nWB=DrmGU6z`T9%DM~3<=cfkFP+sE zxLY||&#wdS<-$FQ?VbckF+#I;b{rUUgoJ}e+nqx^gF|N!AV^U+cLymxjHh$X%ZuY) z1m}-IB%W=2NYxd>c&t58AP^PS4dy`h?Z96CPCOml^B68pm@3XIb+s?}G0W;Hj1_AE zyMQvRT#I?oshv)_z)o3RYe6lNtd z-27hBw3a~(pbmexAwt#iybciFt@pEAG{GH;2{wF70jqe)n}C4Prv()(+51SW1r_A~Fo)zGD225T2HbT$b z`Y9Cw3o?Qx*&`TX!?71xmTkg+_`gjILM5C}+X;bHXsu1I&Ca4mo|ru1KW)iIeepXn z9%=XbpUDB7{z~~j9r8XM`(77?N;^ZRlLP|&v1=PCheb@KJmLdH>k{ZPbz28ZJtvs9 z#)xB&2%cydD6)VnI3_Wv@lc^;kpk4{g3n^{{Qhhd7)B6s0J&R91{qC`r@IAb;B-TV ztd55pIa|1Bg^K%70KM$`K-ZW)6@W=c?gYr2{W{#cuc@k(_BuXFC=e*xGQ)P8A7CSNWh28D$G&RVXao(Fe_FL>mV_EAH5?5Tk^_1wOa_wu>*? zo3G`hy~H%JeY-iRh`b6T_%Pi$p6^DyM`LnR@idt~kR=eji%}t|Be3^X0EH+3^@S%V z)7Z`VJ!5gfk$^?<=WlMkUMUbTsDJ!sA!t3AbBD8<3EcljgR%B{RT&(XE9p6e-o~|6 zldH@s1(9=Dp^#D3@kP$S?i^r^C_tx+hW7ZJSJ-9KYxW0`P@BxBLmKqo@h56~ug}Es zX(gh8R!xaC{07TMy#D)o4*cU%G->sLu6o4)PNh-1z*G^WHv2cDcY*$=CzRB2@nSNF z%g`s%tDA5d6MsLVo0F_w3y>qPad_%K0Qz21nEmko-oSOIZi#LyZim+z5PtiAEJsY4 zuntx-sf_b~X(RISBWA}5Cti!|^%u*j%~ z{KsWHkKSi)_FxE@fhtLCsZ5!)o_;w{&bEfi`y8YtsIJZhT&NCVT6@ev%ty8j?M=FV^g9E!1E;oe0Qg+gTQfMnNV-pf2S1{$gXLey0fS-X&GJWAD~^ zY#Q+1b!XI%y@g>#oGfrl|9{2}u~MdMS@u|+e|s(g;J-8)nDy1as%_ zcx=FOCJq~71ZD?B6?ja#>}tZk8~o{W827~;KJ@J}XVkKv8U1U7DFln!Ei}H55!6HM z!w_3y+8el&Z!NP%3ETpUm`ZT0OffB4jENjQsDAusl>a8nQH)44SWytY)|^J)QKVuA z@FO})R8tlrjj)wi$YaA~YlJR@mz+m~hLizspljUi*WJd)Z;1aluNz9yDN^efhnD)j zzJF+LA|u!9#a)u3x!Ia-Xe52uME4Jfb)%vR{)#*9zLzfYA`Uc^xD4u|1+5(e;Gi)g z_50Wi-lk~+lT*4$P+pWd9@}?$z*CTO>N-}b>1854P*Yo?z9AExlq8BUUjENR2x1d2 zf1nF|p{JKkxfF3&33>8e&l08eHD7I~O`zdbKsLU2w>|2|!2*URm=s0eOauu<210>e zx5F{U(h_oxj|Ued7e_l2@@3=zA&BcnKN|7NoYn|Jdx9O~SeQq%%NlLOm}F?ZL!d}? zVAs&S-JJ%~zSX0e7dy$z0A!AS*FcdWsChrn*~f|C`W;2eP%Lbw=3zX7%&wYG!$8?` zKXsIhl{C-eMMNwq0$iteP4fHOD)`^7-8^Jd=fnMJ=*e$=`r`Az!omQQ^r6&ZFpbZN z1z^?^Md7FTgTV3r1Q%GM)X+rgC>k_I{&zPb^RrAYF`~_+SO18@6+o(2`0SG|P#b=8 zp0iqhLh(vkP<`7OwZGUoZKQl$`BGSe`meR8S{N>avxq1uao@a5!S8 zwA5RF04fm-4s(unGoo{&N4ESkG4DInSQW4`Y7u)u(gSb|dM2hvKqOFbo6f}4a8;|T zOWgZHoAJDWJ@fPFSj2%z-CmAohxJ?dWt}ZmOZ?C zd?w<&1&ZQDjAo#4ZMW=Rmt!$yN@??BtQ0e@Cisq>DxXd;;#GiS9~=>h_oiYXE}P~a zO!6aI0({+-T9pE3dtTVRW55x8mHFo=)`bnb->qpR=_Om<&=u1rH!uzH1Q zYlC`l=+UrCwLX2fk$ECsjx)43G~M^~hV16(6L&dpro-buHCc7*<8mW;y-%^9dk&|V zUYkL6vCFdUHdQtk;8r8R!zhA2?!^&r}J}Z z_t<@$E8-B@fM>v>#ggB3wAWx@klAfQGwiniOVbXC+8d!YxCb1pPyDDWOeIegHZoJX z&>93uq=O{RR!pyF%~k}|%qoJ0s){>_j?V9{e~>GC$0?-?_3q@LIGV(>(!u!SlUlmV z0(uzPzK5~j^ey9pb>L~HH|~v_=;ziy@r10^_00;7j$D~s`k^3&VR0Ra2W47nv!BJQ z-J7c&2ACRDZS#*`hHvqXoi-8Mh4FwwsJJw-nmVf^`~P2)+$ z3)f%poZ)!2`U3%4`xVk^1Ib;1KrJ6dNyqJ+dEd2GjFeWhXC2D9X$yapK!#~B^cZ0Lqt@LroH1x z&!%00)uD`hW-jr0kSAuBKOuL`aW+@e#D6=?<=8GuH>FmO(h4Y$fZj1V&^SKXv|2cp z$xYpW9@?OxpH{}D-|)1Nv8TML&9rnP2ccg61(R2kRK>SD=5yz>=bx*8&rvz$ z%1d-Vk=|&~{#Nc}Xw>bioj|35NeOv>ABW@%8y9k4aQXaenD=w9%u!hpJ0GPV?A)|* zDt~_w_$^_HEY>?+d9k`zPJ6x`xGjhnU6`>a~-b0Z@2@}gS8P>b0j;t=a*f$AddH=R0-7cxpem)|&s8IDFUzaMSQW ze*^Ae;_cTC)Kl3WBA&zA@%jO{FUbyv_HbHY|E60u{#}?1dfqSY!|}?#{hPr1e$B+R ztS9mrRnK3;cw_heGXBgUZ>N=7&*Er=^>T-1 zd6byb*r)t&87QY3^#&U6szpDI@X13QfoMThznax8f_&iX#S-zRbg;JX_gF{DEObI) zdrcW;Nps2CPmsUxQ(XTcR+E9aoyP8(pjDoLF%tqQzIeg;KMX7`X{lAuVlO=65`023 zruN&9gLW=jsD;oL-M0ooQ-l`el{r|Q%*ydU0OW#*lr*A4?Hro^L^t41*$KtOj{<0y zt-&?m1X;+>o8%hfV-M@j^e9~1ult!+ox&}IJCGFsM-hnFp{YK_(?U?a*)P%iq>n+u zuJH(?_i75)qvCIF!-9iiY3eSJg4#olo8E-p&{YefdAi)H@x|>XR_8;-5$zT*FU(Qe z(6|`xsc^!+n8`JvAnzi;L&?*xq$98`boz~jU&K3(^82Lq(YD6e*iv(5nOTlCh8J8UE9G5cU~AJ$B3or{zJjQ`9l_9 z09}#C=9W4qRGeSeBt<5_|7}0i@>&?aLmB{?uf=+5?tQ!;m)D2$`k9$b80<~8fv1+;50Ux{KH}CR4g;2lVrbcCFDn==6V+WF?1jZfpT=A&vuJ?r@6ECNR-4aJFHTULfhO+BnZ?03QMjodU4}G2! zh0^9ReNOg4R@w4*R& z(?3U32|H{882}N|7o=R_ujtycej;zu)OMcQ9!l6r@=e7M?N*_c0b4+}X0e}C%u#By} ztF_g;IImstVEj9I#NNJJT(a}dpNeb%XdEB~+7xKre<*rvmuO8mF;pTeFe zB7Fsae$l4ZuF~%0)c)jq{@I}VQbqgIYi(IFZX4yMyAbupy>`7>jCxYIWmj18qhTJD zf|%~$2L^LV$>i7lxxa6~RpW02ca`gx9zb)pQRsIhcbcWZn!WjUh!c3k=LY`F1ja~S zv0#B_>Qcb)xzH2PIi9V%$mN-gNDEyEAFJUIw3+y7dJA{46Zg(l+-gxuw%t_YZcl7x zUKL(?P!TKiFz-^IIRErjgGgOOXwla5sPO)$3Inb4b7R-JO7B^w_eOOSuV?+{1kxRT z;CmJxCb010y-XvIsz{B@l?kf4pB7&j-=48~ymjxkYT)=i&7^D;k;&GVJqd&*u71x@zrQ%>s}76Rgk!$KGdl*y64s?GXH|{ zTc;YG;5~?CBcTjo<~*|a5cD8t3wUw}*y8lTRxqBsGHuXjOwcK&mUX6aXEFaRTu(nR zRBy7t)2dXT@i=No>xllL09E7Ydo;l^NR!hAz>*{Se2*W(T|{Hn#sn>20sFq^B{ppx zwETvu#^lz+eDYkvX|n?Nxk?|M!j3x798>4W0-@q48YBlYZ4+lmX zi{a1U4nWH8W}NrR-!L#A1Ns{fa1(PFVbVKeTRyaWM7I!da{-TzkC)Y&jPyR3on$Fo z5Xc*I0%KK7<8*$0q%Y#dO%pb`I)CS{? zB4RB^N&;+lxJennkTq1}D_jkE%}2<^-xS*^3OUW;BFK3v{jvx*Grcnx0k)4-u*xb^ z0`2(w#77&Q7lJck)gzVrEZ`u~7Lod;|Cmyo`u$!~l%REA@coC%^9C8?s4(!Q;b@qg zEXP20uf!uq0FzUj@}bm9x}Nu|eTBmm`#V#WIXu82SEVmq^BYeQm3XWsfp`SU0`Fha zkjX^nZP0SEwU7YZA+dn%WF#4HQvYvl$fpVLtsXe-%0+{EVrEn5>7QmFfhdR%kfhIk z{+=tvk##{!36c6r#(*T*1xSh)r7S9Mie<(AUchx#ccRrO_Q$vz?p2~?tebJa`Ed;#G>$p{#uUb2~m=tHTZ=MnOF)Eh^X z0woU1G=omA*hB(B;OSGjs5$NP1tYyEMX3p_yeW)3yoCAZbEO0V!wE-+pm^d-6NTM= zL{GFIPzr#4BA2chaMR0k%d09$W1D`)te8qN;g&IEaTT-@hG$Nzc~!=X+6J-2yM{Qx z9GYcRakcDr#e^|t-3GIoQYU?jW~c;mlbJVHYc)DjE%;v=a)MG2u$Rlkl7fAp1jZk5 z>0vdMipC7!ImbakQEg6+*Y41a4-$eoz^uL*2{A14&fUT0O8CWA|Ipbe$P#_r;hUiA zilqgcUiS5diSyOZPlNl*&BO^*!ZJJiV(QJ??i4*+Pgz_#)A^8%1};jeB!dk$1Q}-j zreDicY-ir@JPyzL5}iyV#t-PL@}&ZPk%~LfkbommQqhB2ov&Q3#A~n`4F$N& zT<3Zb`Ho=~B8m|tg0baZpEH(UK|EkcVzrtgiiPrah0IhXRN1%2-Ya3GJQm&EM-MxY}bX)B~&0#KYZ8>dm|_t$^Z!H4)42*Uv;8q z1}YHK3ln|!AALGs4Wa|c7=F#3;fbZt(IsBirkh3ODB=3YTPf_o8ABDzi&HAYS%1U% zJm-b~<}~AeAd*9z`yKU#^7ecMoW5@_ld6*G!;hIob{3EW`j0A9{fOxo8(|;5h^d#V zh~gSI5r9Leo4zn7JCgz?0Rz@g?cJs=T^?G*Wp(L{KO~08d=St^K!UEQsU$Ah=4yPy-?4HPbak*n#YsMsVn{KyrAAkbw(Hbh_Rry&^A%FN%kO;Q8EkQN z(U?tkh(~1HCh?rQwX5o6#33M4es93$sYuqc4TUfOW5>}up}T(_vNc4{tR|_&r(IJ&4}qqT6ae1`#@iTWt*Oy z!0Rsz8+*P9XBX$O#P-YmA{i5MDpERn8kXEEt8X>^Bo^TM%uz_hLg)LWocs~N!`m`#yJX#2R_yf+wBRVF9CciVEw z#7Qv{y=izLU^NmP9gR6V<_qX>MLl3A@$VT9Ky~s(eNHSoq2LnGcR=`07qV%UvBhfD zB%BR^L8iK>*r-(UU7J7fnMQ#VB7~8;R(ZoxuoE(9d2G8h({+wH8`LGMMPfpSLI+ZP z)|*d1K8Pe_s9x7kjO%@OAGF@|HGR@VfMdG^q!-x;^&iM_{FL9`d4iC=Mf?^Hphurt z3MCrv8Akr=&DL23-rl!$kQFaxRjz9Do}XGte+P$Z#XBjvEL~SdpE29I!;Vrg%JRfW zfZMxVAhB+EBytv1t|-FD_rH!G1xA2-OQ~v<37dW+JvIqv#O4e$;d9 zjeTwzy;|rv_+VW;YgzvqQY7X*7xHjzbGwHZ7J@-1bLPKcgI@QBGf3!R(XZI_iY^QY z*cR5t3>|&lr(Gz7f;iu{9)#fLG}4>iJfMJ>GvL#SS)i+W(sk)a;M2<*3_y8w@+qe6 z9@JMo>I`!=`_WpiCMvJK`b~Y=Z|z|l@4&!_NgXBw=e*qZj#}xPBnl62n2JYSURcjj zt?a}yH$}rc-bn5XGDck*{@8BKfB>O;gQw4cfr8!z&i6dxPAwzRvgn{f4e{V+cP@^; z>|?#^ybNk0Lj!y*_1)Ox6)RVxugJ{ z4XxW4n9P>UXZ{EB8Z}r^Y#H65H~l|YsB!L*pa#qwtO4OAKPtq!jR>uBmOa7w6JW| z(+E;*if!Qw)`_hT>ze&XV{nxGXERxPlEipf509o8dO(2FpQhII)uHxm7%;okf&5#( zgb%hZF@{}>TawCPPwYB?zEkx}T59xO--v^~FFpx!NeD=|b1DKs+|{QAwA}q-jCox+Mbd96Nq{R?}x;zm6#yAE|0-FKS-&edRk81Kc#-re8u7`m|J7l|EnnC&9{tsyH+^YL>;Yp? zG-~Q)3`{E;bN`J7kV>@pGv(mzejcQ3dZKGvE3+i6sov)A2^3c(M?iM<&s?=-;WN;_ zz|QaM!yArCFYEi&5Otakf=Y6i`aw;GYp@F?Z06Xn6r~Rj59i%~RH2+>ahaf7sYkRS z7yCiIT|xa5Li6r&UPvp3bA8kN9rsw+f49}xS!ihtR;;V$W`oz1-)QUGt6z^!*Cb|!iA=-P^Hsn1xUgTy zs{MVkQTB<*?xg>z&>#ML34VjiPx1MFt+!{rX|;6Ga`;IJLPrJJi`)?+6Wkmbw++z1 z@y;|do=xWq1rVEwo3Vsi+@Pi>z7T>YB0*!aeY23m$Rt7;Ot3UNAIbReaHq3h2P6sv zh7#sg>a|-ikK_-x?L(3pxED%;40P%@MGkFf*f3 zPR?j!kc%zzLp(qBC3!!ntN5B-PEPIvAR-7U)%e);IlWZCdc5RI>1$Gs;u%ocQ-a&_ zJN_p02OXaaZT5nJ&-^KDrwcmicL>j)$?jME&#;#2jD{)u^v?f=k3S3U4w#O_V!uD0 z>A3!)Ehx4~fAw$pp5E<0Q3=s=b9{}5H{@r&hTh7w07&>e7%P}EVbhQEe7g7c#x(6! zjp=RDsL+=#*Sepe!Hp8~L_E@R*Qg7>i`G$c=x(e9QUU1j>0y|^f7fpLZjkW{R0L!% zv=qcAo1fibR(l1eLD$^%|EB0{68)52lf>?!=kSZ<2h9$&1zd zFzc#hQMN5;&Qd?odhrKwrlI6;hDXr9Et~O}s}4gaI9{%a?R23E%H#d={sQXyus0)e z8bG@y&j1>j9d!ykOG87X#^KVx5)xK@{0Qu%hIlp*-%#kO;qwaan z3;9L%+`oCeox68hSEe!QiiMolMChvQlT{L|M@FS@e+6qH$vSNlQuf9_T)0N~ zNwmN(7TtGz<5pOwqxJxze_8_l+;YvYKfta1n#YuTnHS=BqtgTTQ8$7*Sb*j#$fg=! z3b-Bmr2S`F2+1-DoW@-po_}*JcI}%Nw4KVf7BaQ-|CYb*)?-`sB$r%>t&NU~-tj~K zGz!0U!|ke29uu;3E`i<(=R9}m9S<-V2s;8Of7sP*g<5Cg__YBneC=b*ptS_SRQ3V* zj~*Y#9yjVM@e5!EO+X|*&FnJ*lEXcMtR~&lK3)4EBwZr%XvKDSOQsS zY4>YwYfJsdx#P=gvC*AKPW@WWTjN6{2HvX!zFj6g5#} zA@tf#rCixVSnBTC4BJm~J%D-j{ueF{i8`Xf9HH$m9&N*R5NHqIpWVVr#Q^*+|T z;cT=GUTfo3Q#tO&^IYaaD0uWj7HrcM6{;I_HCR+{(s&!4S{p$jdD2jTD|I1xP;JEc zN&=k;_4s5w9Z&1=6)ItFWW$d$aOZ3}@`|NP9wilo6VwW-a=^p><7Q0Mximu5U6c?Z znJ*t?82hOpz$#jVfi2~Dz2n!%-A)_*x}8tvUDv!iL7zshZl~J0lYQhn2!I+-4;8X* zh`pm!A@_48xwDLSp@hhWmjrE=yB`ny#_soVt6PC^CFV5q$9Osi(23kT9N;PjabJ@V z?Ku(5I_>^{4Z}g;o7q$Fsgnc_@4i(Qw{;8KBMX-dUxv%04Q-R04;;BuQwgG^R0w2V z4ueTDx^pIX+$WpPsN<`%Hj>`y>r+Wn`w~6IAu5POi<8(uz~Yg+cuUy^f4k|`mHpYm zUf%(j$Ezhu$a3OZ>(yTy)ItD4aO1qqlr{-Ia%9*TwWP6}^^EbYRNUYWmAIvw-jG#`ymw1*}z1rQ@ zAk#D5XoTn1Nu%e$LF(JNRY-HWQ9Qj0mZQME;cg}v4(R&CQA=(`MhZlJxcvu6Y8{-!r89S?Q!F9)y^GnzV^E?!*c*T)$}+=W;0 z=jR78aNC}934+Z7iRk~b0rF8xra5Q&i;!|`!;Ly^B3mZdg%1_0J-~7OuNNOWgfBLC4v6$i=ia{_4S0(vH$ Date: Tue, 26 Apr 2022 04:13:25 +0000 Subject: [PATCH 13/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index ec842b3..e97892d 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -40,9 +40,9 @@ BGP(border gateway protocol)是外部路由协议(边界网关路由协议 (边界网关协议(BGP),提供自治系统之间无环路的路由信息交换(无环路保证主要通过其AS-PATH实现),BGP是基于策略的路由协议,其策略通过丰富的路径属性(attributes)进行控制。BGP工作在应用层,在传输层采用可靠的TCP作为传输协议(BGP传输路由的邻居关系建立在可靠的TCP会话的基础之上)。在路径传输方式上,BGP类似于距离矢量路由协议。而BGP路由的好坏不是基于距离(多数路由协议选路都是基于带宽的),它的选路基于丰富的路径属性,而这些属性在路由传输时携带,所以我们可以把BGP称为路径矢量路由协议。如果把自治系统浓缩成一个路由器来看待,BGP作为路径矢量路由协议这一特征便不难理解了。除此以外,BGP又具备很多链路状态(LS)路由协议的特征,比如触发式的增量更新机制,宣告路由时携带掩码等。) -``` -实际上,Calico 项目提供的 BGP 网络解决方案,与 Flannel 的 host-gw 模式几乎一样。也就是说,Calico也是基于路由表实现容器数据包转发,但不同于Flannel使用flanneld进程来维护路由信息的做法,而Calico项目使用BGP协议来自动维护整个集群的路由信息。 -``` + + **实际上,Calico 项目提供的 BGP 网络解决方案,与 Flannel 的 host-gw 模式几乎一样。也就是说,Calico也是基于路由表实现容器数据包转发,但不同于Flannel使用flanneld进程来维护路由信息的做法,而Calico项目使用BGP协议来自动维护整个集群的路由信息。** + ![输入图片说明](../picture/2.png) -- Gitee From 42d7931ce98d1ff3494b5d5241f6f258e68fc77b Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Tue, 26 Apr 2022 07:11:46 +0000 Subject: [PATCH 14/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index e97892d..2f59bd3 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -136,3 +136,42 @@ calicoctl get nodes --output=wide # 查看 bgp peer calicoctl get bgppeer ``` + +# 5.配置outgoing NAT + + **5.1 outgoing NAT介绍** + +配置 Calico 网络以对从 pod 到集群外部的连接执行出站 NAT。Calico 可以选择源 NAT 将 pod IP 转换为节点 IP。 + +Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特定 IP 地址范围的 Calico IP 池。 + + **5.2 outgoing NAT概念** + + **Calico IP 池和 NAT** + +当池中 IP 地址的 pod 发起到 Calico 的 IP 池外部 IP 地址的网络连接时,传出数据包将使用 SNAT(源网络)将其源 IP 地址从 pod IP 地址更改为节点 IP 地址地址翻译)。连接上的任何返回数据包都会在传递回 pod 之前自动反转此更改。 + + **启用 NAT:对于 IP 地址不可路由到集群之外的 Pod** + +启用 NAT 传出的一个常见用例是允许覆盖网络中的 pod 连接到覆盖网络之外的 IP 地址,或者允许具有私有 IP 地址的 pod 连接到集群/互联网之外的公共 IP 地址(受网络策略的限制)允许连接,当然)。启用 NAT 后,流量会从该池中的 Pod NAT 到所有其他 Calico IP 池之外的任何目的地。 + + **禁用 NAT:对于使用物理基础架构的本地部署** + +如果您选择使用与您的物理网络基础设施对等的 BGP来实施 Calico 网络,您可以使用自己的基础设施对从 Pod 到 Internet 的流量进行 NAT。在这种情况下,您应该禁用 CaliconatOutgoing选项。例如,如果您希望您的 pod 拥有公共互联网 IP,您应该: +将 Calico 配置为与您的物理网络基础设施对等 +为那些路由到禁用 NAT 的网络的 Pod 创建一个具有公共 IP 地址的 IP 池 ( nat-outgoing: false) +验证其他网络设备不会对 pod 流量进行 NAT + + **5.3 创建启用natOutgoing示例** + +创建一个启用了 natOutgoing 的 Calico IPPool。出站 NAT 在托管池中每个工作负载的节点上本地执行。 + +``` +apiVersion: projectcalico.org/v3 +kind: IPPool +metadata: + name: no-nat-10.0.0.0-8 +spec: + cidr: 10.0.0.0/8 + disabled: true +``` -- Gitee From 59c49ce5e8e9b6396aa4ffcd03774d8b99785888 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Tue, 26 Apr 2022 07:37:08 +0000 Subject: [PATCH 15/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 2f59bd3..091dd46 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -8,13 +8,15 @@ Calico 是一套开源的网络和网络安全方案,用于容器、虚拟机 ![输入图片说明](../picture/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20220425120825.png) -Felix:calico的核心组件,运行在每个节点上。主要的功能有接口管理、路由规则、ACL规则和状态报告 + **Felix:** calico的核心组件,运行在每个节点上。主要的功能有接口管理、路由规则、ACL规则和状态报告 - **接口管理:** Felix为内核编写一些接口信息,以便让内核能正确的处理主机endpoint的流量。特别是主机之间的ARP请求和处理ip转发。 -路由规则:Felix负责主机之间路由信息写到linux内核的FIB(Forwarding Information Base)转发信息库,保证数据包可以在主机之间相互转发。 +- 这里是列表文本接口管理: Felix为内核编写一些接口信息,以便让内核能正确的处理主机endpoint的流量。特别是主机之间的ARP请求和处理ip转发。 - **ACL规则:** Felix负责将ACL策略写入到linux内核中,保证主机endpoint的为有效流量不能绕过calico的安全措施。 -状态报告:Felix负责提供关于网络健康状况的数据。特别是,它报告配置主机时出现的错误和问题。这些数据被写入etcd,使其对网络的其他组件和操作人员可见。 +- 这里是列表文本路由规则:Felix负责主机之间路由信息写到linux内核的FIB(Forwarding Information Base)转发信息库,保证数据包可以在主机之间相互转发。 + +- 这里是列表文本ACL规则:Felix负责将ACL策略写入到linux内核中,保证主机endpoint的为有效流量不能绕过calico的安全措施。 + +- 这里是列表文本状态报告:Felix负责提供关于网络健康状况的数据。特别是,它报告配置主机时出现的错误和问题。这些数据被写入etcd,使其对网络的其他组件和操作人员可见。 **Etcd:** 保证数据一致性的数据库,存储集群中节点的所有路由信息。为保证数据的可靠和容错建议至少三个以上etcd节点。 Orchestrator plugin:协调器插件负责允许kubernetes或OpenStack等原生云平台方便管理Calico,可以通过各自的API来配置Calico网络实现无缝集成。如kubernetes的cni网络插件。 -- Gitee From 272da90fa9ef473dc147b3a791cbb900a3b2fd62 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Tue, 26 Apr 2022 07:38:45 +0000 Subject: [PATCH 16/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 091dd46..8d631c8 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -10,13 +10,13 @@ Calico 是一套开源的网络和网络安全方案,用于容器、虚拟机 **Felix:** calico的核心组件,运行在每个节点上。主要的功能有接口管理、路由规则、ACL规则和状态报告 -- 这里是列表文本接口管理: Felix为内核编写一些接口信息,以便让内核能正确的处理主机endpoint的流量。特别是主机之间的ARP请求和处理ip转发。 +- 接口管理: Felix为内核编写一些接口信息,以便让内核能正确的处理主机endpoint的流量。特别是主机之间的ARP请求和处理ip转发。 -- 这里是列表文本路由规则:Felix负责主机之间路由信息写到linux内核的FIB(Forwarding Information Base)转发信息库,保证数据包可以在主机之间相互转发。 +- 本路由规则:Felix负责主机之间路由信息写到linux内核的FIB(Forwarding Information Base)转发信息库,保证数据包可以在主机之间相互转发。 -- 这里是列表文本ACL规则:Felix负责将ACL策略写入到linux内核中,保证主机endpoint的为有效流量不能绕过calico的安全措施。 +- ACL规则:Felix负责将ACL策略写入到linux内核中,保证主机endpoint的为有效流量不能绕过calico的安全措施。 -- 这里是列表文本状态报告:Felix负责提供关于网络健康状况的数据。特别是,它报告配置主机时出现的错误和问题。这些数据被写入etcd,使其对网络的其他组件和操作人员可见。 +- 状态报告:Felix负责提供关于网络健康状况的数据。特别是,它报告配置主机时出现的错误和问题。这些数据被写入etcd,使其对网络的其他组件和操作人员可见。 **Etcd:** 保证数据一致性的数据库,存储集群中节点的所有路由信息。为保证数据的可靠和容错建议至少三个以上etcd节点。 Orchestrator plugin:协调器插件负责允许kubernetes或OpenStack等原生云平台方便管理Calico,可以通过各自的API来配置Calico网络实现无缝集成。如kubernetes的cni网络插件。 -- Gitee From 302997729cb6981aec3d89513976b7e9a27dcf4b Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Tue, 26 Apr 2022 08:18:41 +0000 Subject: [PATCH 17/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 8d631c8..ea8cf7f 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -159,8 +159,9 @@ Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特 **禁用 NAT:对于使用物理基础架构的本地部署** -如果您选择使用与您的物理网络基础设施对等的 BGP来实施 Calico 网络,您可以使用自己的基础设施对从 Pod 到 Internet 的流量进行 NAT。在这种情况下,您应该禁用 CaliconatOutgoing选项。例如,如果您希望您的 pod 拥有公共互联网 IP,您应该: -将 Calico 配置为与您的物理网络基础设施对等 +如果选择使用与物理网络基础设施对等的 BGP来实施 Calico 网络,可以使用自己的基础设施对从 Pod 到 Internet 的流量进行 NAT。在这种情况下,应该禁用 CaliconatOutgoing选项。 + +例如,如果希望 pod 拥有公共互联网 IP,应该将 Calico 配置为与您的物理网络基础设施对等 为那些路由到禁用 NAT 的网络的 Pod 创建一个具有公共 IP 地址的 IP 池 ( nat-outgoing: false) 验证其他网络设备不会对 pod 流量进行 NAT -- Gitee From 9fd7e5fe6543428ab9128fa4ca9f20a9610f03ac Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 08:42:36 +0000 Subject: [PATCH 18/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 87 ++++++++++++++---- Install-Kubeadm-Calico/picture/10.png | Bin 0 -> 9063 bytes Install-Kubeadm-Calico/picture/11.png | Bin 0 -> 27951 bytes Install-Kubeadm-Calico/picture/4.png | Bin 0 -> 19083 bytes Install-Kubeadm-Calico/picture/5.png | Bin 0 -> 4018 bytes Install-Kubeadm-Calico/picture/6.png | Bin 0 -> 6439 bytes Install-Kubeadm-Calico/picture/7.png | Bin 0 -> 269564 bytes Install-Kubeadm-Calico/picture/8.png | Bin 0 -> 4169 bytes Install-Kubeadm-Calico/picture/9.png | Bin 0 -> 28093 bytes 9 files changed, 68 insertions(+), 19 deletions(-) create mode 100644 Install-Kubeadm-Calico/picture/10.png create mode 100644 Install-Kubeadm-Calico/picture/11.png create mode 100644 Install-Kubeadm-Calico/picture/4.png create mode 100644 Install-Kubeadm-Calico/picture/5.png create mode 100644 Install-Kubeadm-Calico/picture/6.png create mode 100644 Install-Kubeadm-Calico/picture/7.png create mode 100644 Install-Kubeadm-Calico/picture/8.png create mode 100644 Install-Kubeadm-Calico/picture/9.png diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index ea8cf7f..305e049 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -1,10 +1,6 @@ # 1. Calico-介绍、原理与使用 - **1.1 什么是Calico** - -Calico 是一套开源的网络和网络安全方案,用于容器、虚拟机、宿主机之前的网络连接,可以用在kubernetes、OpenShift、DockerEE、OpenStrack等PaaS或IaaS平台上。 - - **1.2 Calico 组件概述** + **1.1 Calico 组件概述** ![输入图片说明](../picture/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20220425120825.png) @@ -27,7 +23,59 @@ Orchestrator plugin:协调器插件负责允许kubernetes或OpenStack等原生 **Calicoctl:** calico 命令行管理工具。 -# 2. Calico 网络模式 +# 2. calico 网络模型 + + **Calico :** 是一个纯三层的数据中心网络方案,而且无缝集成像 OpenStack 这种 Iaas 云架构,能够提供可控的 VM、容器、裸机之间的 IP 通信。 + +简单来说,Calico 在主机上创建了一堆的 veth pair,其中一端在主机上,另一端在容器的网络命名空间里,然后在容器和主机中分别设置几条路由,来完成网络的互联。 + + **举例说明:** +1)任意选择 k8s 集群中的一个节点作为实验节点,进入容器 A(busybox),查看其 IP 地址: +![输入图片说明](../picture/4.png) +这里容器获取的是 /32 位主机地址,表示将容器 A 作为一个单点的局域网。 + + +2)查看容器A的默认路由: + +![输入图片说明](../picture/5.png) + +路由表可以知道 169.254.1.1 是容器的默认网关,但却找不到任何一张网卡对应这个 IP 地址。 +当一个数据包的目的地址不是本机时,就会查询路由表,从路由表中查到网关后,它首先会通过 ARP 获得网关的 MAC 地址,然后在发出的网络数据包中将目标 MAC 改为网关的 MAC,而网关的 IP 地址不会出现在任何网络包头中。也就是说,没有人在乎这个 IP 地址究竟是什么,只要能找到对应的 MAC 地址,能响应 ARP 就行了 + + +3)通过 ip neigh 命令查看一下本地的 ARP 缓存: +![输入图片说明](../picture/6.png) + + MAC 地址是一个无用的 ee:ee:ee:ee:ee:ee,这个 MAC 地址应该是 Calico 硬塞进去的,而且还能响应 ARP。 + +4)实际上Calico 利用了网卡的代理 ARP 功能。代理 ARP 是 ARP 协议的一个变种,当 ARP 请求目标跨网段时,网关设备收到此 ARP 请求,会用自己的 MAC 地址返回给请求者。举例: +![输入图片说明](../picture/7.png) + +上面这张图中,电脑发送 ARP 请求服务器 8.8.8.8 的 MAC 地址,路由器(网关)收到这个请求时会进行判断,由于目标 8.8.8.8 不属于本网段(即跨网段),此时便返回自己的接口 MAC 地址给 PC,后续电脑访问服务器时,目标 MAC 直接封装为 MAC254 + +5)查看是否开启代理 ARP: + +![输入图片说明](../picture/8.png) + +6)查看宿主机calixxx网络设备和路由: + +![输入图片说明](../picture/10.png) + +![输入图片说明](../picture/11.png) + + +总结: + +Calico 通过一个巧妙的方法将 workload 的所有流量引导到一个特殊的网关 169.254.1.1,从而引流到主机的 calixxx 网络设备上,最终将二三层流量全部转换成三层流量来转发。 + +在主机上通过开启代理 ARP 功能来实现 ARP 应答,使得 ARP 广播被抑制在主机上,抑制了广播风暴,也不会有 ARP 表膨胀的问题。 + + + + + + +# 3. Calico 网络模式 **BGP 边界网关协议(Border Gateway Protocol, BGP):** 是互联网上一个核心的去中心化自治路由协议。BGP不使用传统的内部网关协议(IGP)的指标。 @@ -35,13 +83,10 @@ Orchestrator plugin:协调器插件负责允许kubernetes或OpenStack等原生 **IPIP模式:** 把 IP 层封装到 IP 层的一个 tunnel。作用其实基本上就相当于一个基于IP层的网桥!一般来说,普通的网桥是基于mac层的,根本不需 IP,而这个 ipip 则是通过两端的路由做一个 tunnel,把两个本来不通的网络通过点对点连接起来。 - **2.1 BGP 概述** + **3.1 BGP 概述** BGP(border gateway protocol)是外部路由协议(边界网关路由协议),用来在AS之间传递路由信息是一种增强的距离矢量路由协议(应用场景),基本功能是在自治系统间自动交换无环路的路由信息,通过交换带有自治系统号序列属性的路径可达信息,来构造自治系统的拓扑图,从而消除路由环路并实施用户配置的路由策略。 -(边界网关协议(BGP),提供自治系统之间无环路的路由信息交换(无环路保证主要通过其AS-PATH实现),BGP是基于策略的路由协议,其策略通过丰富的路径属性(attributes)进行控制。BGP工作在应用层,在传输层采用可靠的TCP作为传输协议(BGP传输路由的邻居关系建立在可靠的TCP会话的基础之上)。在路径传输方式上,BGP类似于距离矢量路由协议。而BGP路由的好坏不是基于距离(多数路由协议选路都是基于带宽的),它的选路基于丰富的路径属性,而这些属性在路由传输时携带,所以我们可以把BGP称为路径矢量路由协议。如果把自治系统浓缩成一个路由器来看待,BGP作为路径矢量路由协议这一特征便不难理解了。除此以外,BGP又具备很多链路状态(LS)路由协议的特征,比如触发式的增量更新机制,宣告路由时携带掩码等。) - - **实际上,Calico 项目提供的 BGP 网络解决方案,与 Flannel 的 host-gw 模式几乎一样。也就是说,Calico也是基于路由表实现容器数据包转发,但不同于Flannel使用flanneld进程来维护路由信息的做法,而Calico项目使用BGP协议来自动维护整个集群的路由信息。** @@ -58,7 +103,7 @@ BGP(border gateway protocol)是外部路由协议(边界网关路由协议 RR模式 中会指定一个或多个BGP Speaker为RouterReflection,它与网络中其他Speaker建立连接,每个Speaker只要与Router Reflection建立BGP就可以获得全网的路由信息。在calico中可以通过Global Peer实现RR模式。 - **2.2 Route Reflector 模式(RR)(路由反射)概述** + **3.2 Route Reflector 模式(RR)(路由反射)概述** ``` @@ -69,14 +114,18 @@ Calico 维护的网络在默认是 (Node-to-Node Mesh)全互联模式,Cali 在BGP中可以通过calicoctl node status看到启动是 node-to-node mesh 网格的形式,这种形式是一个全互联的模式,默认的BGP在k8s的每个节点担任了一个BGP的一个喇叭,一直吆喝着扩散到其他节点,随着集群节点的数量的增加,那么上百台节点就要构建上百台链接,就是全互联的方式,都要来回建立连接来保证网络的互通性,那么增加一个节点就要成倍的增加这种链接保证网络的互通性,这样的话就会使用大量的网络消耗,所以这时就需要使用Route reflector,也就是找几个大的节点,让他们去这个大的节点建立连接,也叫RR,也就是公司的员工没有微信群的时候,找每个人沟通都很麻烦,那么建个群,里面的人都能收到,所以要找节点或着多个节点充当路由反射器,建议至少是2到3个,一个做备用,一个在维护的时候不影响其他的使用。 - **2.3 IPIP 模式概述** + **3.3 IPIP 模式概述** ![输入图片说明](../picture/3.png) **IPIP** -是linux内核的驱动程序,可以对数据包进行隧道,上图可以看到两个不同的网络 vlan1 和 vlan2。基于现有的以太网将原始包中的原始IP进行一次封装,通过tunl0解包,这个tunl0类似于ipip模块,和Flannel vxlan的veth很类似。 +是linux内核的驱动程序,可以对数据包进行隧道,上图可以看到两个不同的网络 vlan1 和 vlan2。基于现有的以太网将原始包中的原始IP进行一次封装,通过tunl0解包,这个tunl0类似于网桥,两个宿主机通过tunl0进行通信,和Flannel vxlan的veth很类似。 + + **举例说明:** + + -# 3. Calico 优势 与 劣势 +# 4. Calico 优势 与 劣势 **优势** @@ -92,7 +141,7 @@ Calico 维护的网络在默认是 (Node-to-Node Mesh)全互联模式,Cali 每个node上会设置大量(海量)的iptables规则、路由,运维、排障难度大。原理决定了它不可能支持VPC,容器只能从calico设置的网段中获取ip。 -# 4. Calico 管理工具 +# 5. Calico 管理工具 **calicoctl 工具安装** @@ -139,15 +188,15 @@ calicoctl get nodes --output=wide calicoctl get bgppeer ``` -# 5.配置outgoing NAT +# 6.配置outgoing NAT - **5.1 outgoing NAT介绍** + **6.1 outgoing NAT介绍** 配置 Calico 网络以对从 pod 到集群外部的连接执行出站 NAT。Calico 可以选择源 NAT 将 pod IP 转换为节点 IP。 Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特定 IP 地址范围的 Calico IP 池。 - **5.2 outgoing NAT概念** + **6.2 outgoing NAT概念** **Calico IP 池和 NAT** @@ -165,7 +214,7 @@ Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特 为那些路由到禁用 NAT 的网络的 Pod 创建一个具有公共 IP 地址的 IP 池 ( nat-outgoing: false) 验证其他网络设备不会对 pod 流量进行 NAT - **5.3 创建启用natOutgoing示例** + **6.3 创建启用natOutgoing示例** 创建一个启用了 natOutgoing 的 Calico IPPool。出站 NAT 在托管池中每个工作负载的节点上本地执行。 diff --git a/Install-Kubeadm-Calico/picture/10.png b/Install-Kubeadm-Calico/picture/10.png new file mode 100644 index 0000000000000000000000000000000000000000..291090632f234616435a95f64ee1e386e6869024 GIT binary patch literal 9063 zcma)i2T)Vb*EWg@3WB17fDjcs2qH@8hzb!E_@O`P5Ty4=uL%eODkW4y2_Ooh0zm{4 zYNC|Tqzj>k5(p4_2#|z?FX;b2^UXW+&b&L5JG=MpJ?HE>&px|*Zr=Q(4?228>*=QIvDYUyclah1aPcAg*Pv=6^{ zVCv1qCFHaB+c)k22;ky6zoUC!>)!yYrK~p6Pq-SAZORL!hT1anXtC#Jmu$HKE+$<=0$u&`Cst{f4gj=0p zi)aXxuCa;pKAK?E*2s-2?Vn>PBJ-Gxwsmd_4 z81*frdTFK-^gK#{5btR}oT81lipX~~oE%kj(^$c`n>IazTp_4CB$}sU;*lq7k`v`@ zLOk&J-?4~dN)X0+T2&F7UfgPbC99S#aHFk z^rc6Zv8b~ZqUoDV5gC~MxpW9?c_Cyi;>FZi5GWQ7vwfe#>!R#FZs!6W-a)-fp2s&a zYt&=g0-{}KCxwR%;`ILcb{rU*3kO|7y-}H?uLxgd+*%xrZnbzC+@wRsa>9r z?URv;OnSn~6>`Zlx^KmcWH&*tNuMFHhm^LlzOSjMoNKkXXE|+tR{`+@;T{gCZu%qz zE48ISPkZe>fMA7b19==iQ-zsxQ%~YCp4m48Tj58p%7SKlfq1&^tDr1+)5pQnk5Pi< zT^~`SrDV2CJ(7CWmn)}f!IM7h$quHHFrFc>^g+3z`}D^FEN{M(uj3M}yqXSL2A`(~ zl*fqQh97;fbiX?__y^))jv}sbMy#CW>xs3L)i*v4p=+E2+U&|$ZBAwk3}_MITiq=N z&%niM1K1e)-0#9*P^5GyAgvIX64)0DBoJXU zqwwkEf12uNTz1sNTHer|$kd_N)BApu1zBMIkh|k*boVnkU`eQs1pyN^&ZVI8>o zbla+ShUHh+Qexyh<41ofcjQmRN77dPGfmLCT?AwKeQhUPl}#C;mj&;bgEOHuT4<<@ zJ(QTCoc4vgp#}aLCp%{n{-zEpUdxE4L@wqCz#zfUCBs{eT-An z2TP`!SZl>P)M@d$B``8b@TAI#Hg zh8#zXF1tXJ`Khz68112zNvw@NQ6;o)>>1T=0Cnf~xXhP0Quey7Wkb-wz_XM`nr77> zP(JKy>lEs_(bp$XJ%S&d`}d{@v?%yI+mu^SDgB2p8lb?fWtw`4Y9aP zHzz9X+0ZI2>9No9$7g;wX*b7b*^p3ZpZFycJ)-s@Uu#49ag*EePuyacX7LLZXgx5R zCk|t8gJ|`L3I7ez?QEUJVn||q%sgRIrPIyb*jg(r5Wd-A`-Ey9tSW0- z_jwBVG}PB(lyNQ9yclxGeLSRQu;9Q6TspMrAL5hHI@#ygKnC^7+DA*{$f7sXGh)qe zXu+7mua54PO`f;T0L;F!D`pWxJ8c?EpBEqwwSg&tnkN+kgl%l|(nrhxnId|glTzo0 zY9R#Q>kcz~E18iRSNMiLQ0|4^seV)OdvZm0xWY?R0_?-+#Wv$89BRy5BVd*Uiy2zq zZG|${WQ{|y?u`ufqrY`F-LA(R0dUa z->BTiGhIcCv1nxDASyTDwnGCxpLzuT+41dfK_=!)UCfuUVxwM_K77-J$f=A#x%bqD zEl>)xDTG8Y^XwG96PyF`ejRoV(#Fp3iqR_x7O~m!?}h9_(kG(rj57qw)ucNwV*+`7 zZD;S+R3($ggqwDkVSl~x@B@xtZm?f$K%U@C*MFtP$JhJ?TIt4(Y#(LO*yfJC${PlZt#Ku=8)KUUrvmzwCyY1BH^>^s4MLfsp8c#cEkCwre za?lrw!pLBmq~ri|5#5k=jo*R|9q8_Y9jvf>j*N?@(G>2$Kzt-y_4I;?N$6;lOd#lK zg7j6Z)D)Vs1*}hLyV6$#U8DnR4cwW;yP!nOX5vYY!ZW$W!X5AhC-BrA) zL{L|KRL+nrQ(a6ho+O10CeEVWx8%!xzp2P3`;`UcsXZcIXsFd*&}b!8FyCUa{cNmt z_Q^!5YvOe8a>2bq$amClmbm;7?m9v!X$L7a>GnAuyeGEbrW<+>eJ0GrpV<+F>1>ITP1}nEiN)Y|nT0+4#nE2aWLLSA=*O?AFx!onqzeQ)Cfn`NPkp z>~ND#a}IFKDBMd_r>UxbFCvZzUebs{?_os=5JQX| zL-sQS&dy%%1=tR6YfJWTon8r&?7-)b88kltkJu|$qtn7d>k12M%tA)#+ z)cd z6JDqPQ&P-RRHOOZumSb2s|_pCb&ZVj^@{^HNuQ4&CZ@bwMkav2pv*kcdA_r|!X> zUd7DxhxD!eDw>Sa?YNL%&88d1d5(nlzcT%5BLnaOuLjkpK!y4|w|ne7kr-~b5yAEk za;gH*mPHJ!gM!KHp7*4wJiT}H(tt{^Yz+4IEmC7h`GRe1jF$4HyGYv_ldW)zw;=}6 zvq~A=J=!SlFMidYy32$n1GIF14yD~mtz^JIVUkgK8*ir>uL+rJE!}f zS*x*qX+_0_Mw%q%Z6{V%7o^0X*wvoZ>eU-CVyJOKhsF=la*Opz7LRFy-jag(>sXDx z{KpM+`T9pkaTy&0n`Z3ycd(c4GL_x_eK^+Ti9C%ctu#t%0*|LI|g}0--|< zxF1*>d%W%nx!HXOowiK7*zW#ndx`L&h}uQ+5B`zI_Sv{dJJ&jt@inxVZm)=2PZRu2Po)@$AW}%CsWV@#O}bVOHR|BH zldtgP>B1PyZ9mW7GW)^Z4UuJsjB9gmxZ_a$(%+q5@`x&gq4$eivUs%lFiQ)WVz=d5bv9eiQDVit_wk0Qx_zBn>7(T_*XE5LcKD;p z%@mauCuX80_-4G$0rP`wDc)4%w)G~vpsEmWy0)4iEUBuML&Gf-ixdDrSQw%cHQlCaVlZF{M6L3_Go z`SG~Uw0rUzU-_+pCp#cN%rFuun4)&EGx{pt(gF9mC;aJpmRe`dEyC_#^~|ohe#QsdvY$3VKCxXw zfpnSXLfU)}xuabWKeLGaP}22%mzc&3!#-wHb8PX2}DaHMq$7+Xn z)ej%p4iJr0S*u<{+bpYqmuCHo?nxIMthqU;{=-;( z3k(W{u3AXGp*B<<7ohFmsTSqp+L3R>uT1pw6>)DG$y{Ob-4^iTvT6oOkery+!fao*QSQ?}>BtSFNdTXB-^Mh?L<`=E|w3;Kg~A%dCxOL5p4qQuSJ# z9L$fLdu}@dQG7DEuv<3;oO_Omq&t?~`NmKj8mV}fx|p>C`ovH0{sH86HCLILmsFMptd@n^V^;Fa15--)4F@Hi%dgX1Une5_co0KA`5pbn%xi z<_$5BpT=PVKc=uB!enkofiAttH}Y^y5L~=uZTuIZ zpU!YYNDVN)KIA(^mEI9wLH!ZsSODb7cbd_m^I97ps)^oyONPZ9t~n=o$s>clkWS%_ zsTfr^ZIFDRN9F)!iyDh|C@Bg z*u9VjZ`_;l<;9R061+svVM;uKxnQDEk|nq0suVk{Br2{>+{eWQ6E0m-HK}?pEvz&3 z;mTl56y_3K#M|Sz)b-aReBTGuzeWys!%b^ohH@=kxfQAagvQ`e>n#aC?vI|gdbjq5 zT&xQE4+Uigd8V5wH z{jcMQKQo1WM)o)NRg5ixO#;e4GpikP622P2Lgzr!B^7H2u=)2gXIq@C@m zGwozV%t z+){K=aw<88d2hqdkt|)hqI!b;kl$u`qs2QVq+^TRUHeXGLp|vP7gtz`w%d+SQuLO! ze7BX;W0@CuO^>$^9$aJhoNtoj?Wil=Env37(uubTnB$9?9oD|?c=**CE5Dz6w%A#O zhj<^4-kWaDyx#D0qVV;AvVf5~Pg1l0@8%Mt8IHG&7hTpEZo7wUr~12C@+bW6NyZkr zV9hEtZeZP2gfgE?ekI=qsdh%?Q#014&DeKOf&KWoxI#H#3LXr-+m|f!Z~giF$ly7E zMYrgv`KvxZ92doX*l+Z_o%x(w8m{Afam5{V%X$&npiNkp%(3fcH40d#?%}LAF%Hu& z{}93J=_O>GE>rt6eP?1-BNlHcpW_atxF`MF;(ag9NIzMSZ!cJB@Q`KKv~M-?Kya}c zz%5$aG=!3~HPAFv=4CbFGlPbF3Z;50aTtprrC7gjbU(QT&&LVbUb%DM?N#(ziGyq~ z&wp?Ii2q-c)&G}-_W$2!`!-S*!^DOD$!PDY>uvFV}x7|5Mo@%Sln%msS z65Tje4@9y|<~LHHPxUC|Vep=5tBxE>i1I%}Qp((2CX|J!zo@pr9IP7Q9bG20(_um+ z2PJS8s)3!+QBM;FUPXoW;&TTpiKx)I?nUpOfuG-l)`|vrq&l|>CHx8AzV3do!_)!X z$jqwRMnRgA$>dp{JuOzR26-iJ@hCH+w$6x57f}0mYTosGSA!QP+k4{Dh*t(Xo_E_a z9iVMM!JhHJku>Bo8F&V%^#&~<+~3~m0=@CU_r?u%+$(v=xlr#~hIQm0y5%}8rFb`b zQY#+(8a`gC(3KHaUaNf4huM%d3g1*cF!Ag~0u|`g7#sxi4Dvw4h}V!H0-RNeQzod# z#5K?0ewJn?9i5jr?|H&U<1#?Y33jWc#gWMJR1nYiIkzNu!|Xz))Rqgqennu7=i1Hu ztV94K0{IT$zI!)T2kT10!wyuHC5}*CXBy#YbF_Jqj4SJOn={4wtCbA5rZ9o%O_Gu8 zY<@}-3K?zZ&K#oKi?57SZmubNC3veC!$y<*H?>oyd*|9UrUIp>ZKi~0*VaGU6;7$y z1bmxfrVXlXs3k29Dba%km>gc=;=+XuZr?7~2uhGeL7sD$Ld4qi{u!O9gdY>Fi_`n< zSIl7vd^mKZ<&0$*Xlz~QF(n#)kJfXoX8!O^ck`vR=nlM7vT{=9MuS^axJ5#Trp?V< zgNq_2bImDZh7t$Ly`(hv^HCsQEUZb*H4GpnI{y@95S0N&-+Ot($X1g<>;ACWU;}Lx z6p0-jX#QEb!6Q7R_HRe=I58JFlc*$}77+a_iEQXB*XT^0o>MrmXEN+S>6+_lIV4s4 z`vp0QlY3rxh^u#k%wS=J(3rz}y&8jeS2Y)Yf zSW4UKo4JFgkYV3Q%H!=)$jS9MYpkg*tqE5g@Au32J?*1NOv*GvvVBBhNpg!NAH*q)qsRDK#HjZhDi$=!n!FF`Zs}Og{dN&87=)D%{5b@ zMau?Nlu{#SN#qJU!tsw1_Qj^xNVw^Tf$OqZ|6%dBe&C97->&VR;Xx;$PBUvR_m65_ z=!aPQ0ixq@)&}%SL4E@dIRu(wP1|LCzT5M0{hRV9~!kkw8bEZ;4=I;4`sQ zE53hvMcRH(`b3G8BJ8NNa3@MH^ae-#Q}jyVXPSg2*F40?2lgsXt1whorfFqZ)-Z+4SNw--|-Mabm>sy$Qk zwM*X#;o(+9+-$&z9Q(U%1t3>Wd$-7dzE7{5ypgp`cBs8Re6;z2ex{(5Bh!&~fmMo) zg;jk0@;@g@%)*MZrzm|5#hzz5bva(u5bUEqS_HW~jmwfM>S*Kv0(hxk94r`tx2PX` z$xw+l(+$sTsf}}6Ae&a|0~MupI#kJj&&*ZV*Kq(nlO6Pnn5j3B)Tp5p3y6np>2tPX z%`R5Xe`&~7@O2v7CG?hZY7iLtQ|gK{Pe1u$?g(`Eb{ z_2qW*UUY|V>UV!QbC(LXA(V+VOlNIq4>6mbkff|U1oV9XPM!t5THE^)&cy|7)H(J7aQO<3uO8y^cC(M}g&Q9|)aF@3L^%ddD~whi6gM>X zP7Y8JuQA;8s~hd=8aFvYTseN&Q=TPM5-d4%^6O&I+sYkpA!B;mV6X;3WgblpAvAQ?G{xdsX$o*UAmXF+~rN zvYwdCisV-42C;qcUIHm7-@shX4En_l6Dn4Jh(Mdk_Z$-KZ&#T5-YtmFbVK|d`>Gpf z>~F-w)(++4TQfTD1nSj!@~M#YKI|OKd)~nI2fiDt{CDfs8N!-M7IN21-~zNdsE1M( z%PeT1gg&ykMaVvd@P*wNx2yT< z09;pkrYZlIWu54+^gbX8(a-8zAFosz-cpm3E!;WXDnHIxA=#tS(i34P^- zGaQj)#uFg%_LuO)W{S2$KYo48vvgxQ&}dK4Tfnqld^=d;FX$c}7tf6tNeK9QRLk|_ z1n@xbAxNv1J|$zND`(6EtvC>&=Bwy|+MS6i*TY#k(29pm&-+~WwLhzLi~>by4w2pQFpDw{~!7;dLRG* literal 0 HcmV?d00001 diff --git a/Install-Kubeadm-Calico/picture/11.png b/Install-Kubeadm-Calico/picture/11.png new file mode 100644 index 0000000000000000000000000000000000000000..518351a1ee8732ef26f846fe0ddfa2e393444b66 GIT binary patch literal 27951 zcmbTe2UJttx;2aiQBh){sB}?5DG^jUL{vmYngtY)NCzpAA~hr^BGQ|H)F6mR?;R2Z z=_M4APJjTRg%%)$v@gN;yreiTrauJ86W#x9%@>Vil5{;!+T8b`Vc<* zMVVXO?`*>yw=HZEp$@J(M#wRFQD*YAEZdtnftsVav#~%$rHG>~;pFh}QECH{gV8z` z7Vdi4{VYfcd7FLAHRXNfCt21kf2grD*Cvk?hE8@k)j>eUPI)hDoLAYvY<#5xfH_{~ z)}6b|-^_(j82aZA7M3|v-n|ns);k*+Xa2K%4sfWYkIcH!TVaJ%rca5*Fp6f4ZDr*cbQYK+D+y#93e5E4GRm$P&3e}C+(Jp5{EwRrf!{% zo%JVj(Ti{+GjRUs#9+;CYXjxW)FKChR=+^m$WGD=<#n{xmZ_<$tgAZ5SGsqO&caXx zJ(UZfhF@Agduye>lx}1z3O_+oM2jSVY%FUDYIbq=w_j99u+^XV=OOKB3aX!6fX}FM zyekm;YB(O&#lEe%Jwo%MNk*$ng^4=xd1NRl=)olmq-P^uFs(m985?Qvd3 z^?E1?62q4huc~CxbCl%0RN4-0-@Lwn3-8(j4jT;r*w$cP7vxb>J4WZ9R&uxbDBT9_ zYd#-r#o;QEM(Maw&RSpOT&z_R48Ei~HL_Osf#-6ohOf0_<7GMNiy^4rAq zTNSn!_H8@17gySL#~zb6o`1yN<*k0rc9H)FD%me~6&#ON zOjF6kC2pr?cuQW51nzY$n73T-`Sr(61Kf#mnjRQfp#I~Ka{m{wns)pvFGWY=-YQoJnjsS|C3F1{*nf-)#&E)N^;ddH5Dx)LB)`x6uBebMl0#^ zDJ_DWlnTJG>6Z)9p`Xm{*r%VuE+K}oMK0T^T&R5uKekoQxx?#99SmEJ(Oyr*Z(<@^ zx+~U`qBso0i+PxxF!{Jq_Db;F_KC;md0tvZX2;}=daDa_xvRB|h1Kn(7o{aXY4w&* z%y<{+fB~+u?_R7lBdoLKDS$Mp9#kB3uY8@PYBSz2&c1-5@%~(v1Cb$Zmzu{Nl3EuPGyqb*Trat1mC){V#rVOi;dG^ zH6Jd>1uJmhcB}eAWoZZ>9YMCEskfl5!+yUdmMihX<+Ee^Zidy#3g`U3;?GJ<=pQOP%jjtR+%If72AX<~^nPFpZq8wG&+ZY$qmQ-EMjGoyL8` zaU*_7>o?c**(A^ZjE0txv!V;QJ-}XuaBloV)um@QFdixm-qsw3|I+9<{?hM)z{lL= zr@h}|MDC#;B0WQ0(EyW8C7~-a3QBhIxsrn6u=J-xtE07@dh;@X`}&PMKQk$VtqZG) z^On@(mno~=&ORLSU{$|~O7F3G7F~hr?o*UeC7a9Bre@<%O@|-Ws`+H{m8t_9PQM{- zcaVES73wf_*RnTPjH28k*(S2?=-lrdskt6<9*8(vP3u$#aj2F>u@$)?)zK|Tu{;H!DX)lBG`J`2F49OA!^1Hl3R(V zgfCro4EGM>CVJh8VbgBeB|;vVsCyA4Q#!bq#aMhH z2U#Ba{k_wFkJ$(Jc4c9?3K%{7*Pky1%8P`Rzi%xcu;~c+O4}(KFUTFcKkYE?GC|tj zw1cwOdqxDae0r(9R?m31Qr|h)KP&ofA_t%M+-S&!es(BaZSnE`k%vJbOFJ6vbouWzGQFscohfP{B*+EFB4Z;i!-5ph3&~OmIBi zCVu?p0+ZHWCDNZ_uJ(NnrjqrK?U=35M}}J<^cFgx%hIRJ%7Nfz7ZcK3S_{-u#+Ys_~7w} z+NI_zlURV8n%pZwA}CJDOX+$p@fzAd>uCsmm?%u2I@ZNYVj4Bg2&s+8K7;-L{w%<+UT3=wY>xtYWyD*wxZ0lJN zFbTI?TXFTA9ErL}ne?gcxF5%&;Jrk1CD@$69LO`)vIL; zsHvjv*RM+2aq=~pkN_>zx}xm@uzAL#jyToWG>hUDj~+*Pnp$2IV;l3vR>D*-(O+Y0 zh_1K*Y2*b=SB^E=-_#8JeYA}6^a_2mg{913MaS9AsxN#qeu7O~4)z1HTyx#~C@09L@$%?WM7nmz9O=#ku{R_!2no0{8P<67g+v)u z4?%5wcOI!^s1RnM5t(TQ?~ScH;qGQdQ*h1=gcP7?c1q2(=Ar2?z35_XLsvj?A73y@ zpWnHTzv*JgVZXboy^No^o$~`RUBlW*17s2^S|ArmuY;OZ}<#L&(?Z zT0&(6_NZFlEpYS^?E5Z_MUmFSi61M);#|pBBV}*)IsKAb?NH4CUs~AtMi0c?9ITu& zG9SM>qD!^&oZ@M5n4yZ|^i=0(H$hyu>#%vqn#e0ljs%4%+!kRhg{b0+jY3+c6tCWB zy2%U98#}zHfwcyZs$<>D!S8&=cVtL1K`~`0;bsNtM9nE5yrR`Yc$a9Co$M8Ga~1!l z9knxDNf1*nUl3HDx#MqI3S8dKMENXh`jj%C)O(8H#;q5Qr6LL|EJCP&A&>$=237=| z4<8-B^NH810w9uGpcs(WJFU9i!Fd04PlEX^YN769Lpa-U<@DoEl@D9tH3akcN6r`M z>|VOPtP}5dNt@((9iD}bG+uz)O?23_%+Bsq@de)tM=5u}U%~6HQ!B)#Ytmz|g`{|; zU$M`~(a^g?WM1>&04tyJ-00XX6BC3bYA9xKBj_l zRJ@PgVs^{{7T=3A^a!4NZeKQnWrBUyGeU)cA0I1K+$>+Ulsjn|If`$5Fm{0`oh2kC zMHaj4Fk`|?vW$8QX@Cfbebeq9J`r@^bnI~x$nVwdu2Cb@J^vQy+tz+O;~rjVlSyiX zvCl-A5vS0lAF$`99+F==_BkLsXJb?m2a1HaeeCcB*b;tk_?2Vp^Gk6igZa_vG-nIm zy_Wa!mAb*5I!Bb+bE0rN{!^RC)W2Jss(Ukp=Suv9cXueWkJa-XMf##t&n^o*Jb#T> zeID^(vM+Ar#I=&vQy@elM5eqpt~acsBWuptO(E-&)Ce@b zBS%kpv9X1s7Q70Xx#kVGIt9i?M)f!~eMtW9ZH_O8E za-Zb^lta}fV7!t-(M4O{rnzGi zzr={!QcX%V38=>>2qeiZx$XEe)MZ6RpUJH~POlKw;8QEdn{OtBwtrYr3vM33#dl9Q znanbub)(Oh^5`N>W>m&yo%{aTC0J{yv=0Jk_rE6fz|s7kJ6HAljxJe8EFRKsE0WsO zAKEcCQXWgd`cFR|xl^o_T`}K3?K9*PRT<%Z*MH2T@f_JQ$nnbpq%Mi{PSt7KJ+ggP z4E(E!n+p_l{!0!x#O_-E&0W$uzOEGI<$&ZV>OGqs7H~_v}2QA3m!%v z_>O7>2G3Oquaa$=X9quBw|KX6*c&OtSwG zZf=$r5+q2{A)1~~m$I0{sQ+pxxr_jdJhquq@E9a&9%spu{Yu2tM2FXWz5|n8^P=+w zDBid)uVl(#`<|k4ko8cjv*Pr(ixOi`&fL3TR0`{T3|-RI-L8O)1Yj1e`#iq0MA(|& zf}P~x@yABC!+(Hjw4nI|v+1(u;Y%_uHZVmU( zEl^xa(>NOa^lb*wn(9z4&n+nG!Z)J-#EaWc|6u<~7MA+Q--GO#DGZcrh)G*@_OVGa zJ|=@3m>kvP=pXtE=47y6#=iA?^mixi|3GX1PLXtIfZ6b3Y$K=3PG%{{cjfU^U=v6R zo>9l*D=J;#nB?iP^HF2_IOC$e0nv2xv>si4DECH?pMG}U-tmOtLtDE+# zh|d5AufjZ8T0ia{2XGozanOWLLT@=(K#V>`OOk{;1^XPMn`){+>2=0V4uLJNyuoeO z@-`}`_Q&rtV3wxb$7*Gd|}CU>d#79#i+^3CT=yWXjc=_x|LRL0nZCIbUeD!_apbUn{=x3FuS!hOeKUGkB`BM=`~~3ws%#Z z5JX1i=g1D4gdrUK8aRfKr^KVuOxt~i?*bRh-T4s$exynyGlh?O-e|ht(NHh*RZicc zn-Ks3@|bSPo7@1@r;K+SA?@jof#S7KnUFQRM;n zz^`p5xSC;BcstYv~H}o7O@fpSF1r`rh5@_Z)SmIJOTlf<( z{DXA02+YNvt`^KR@v_25r# zwmKhIk35SRWZx11Xxt-aihzBv8Vdn~gf+ zJ>az1)L8V}WQp<_q!bR5FjOG@<1X&&}ffeB{Gw*2P9YxTo5hCkWbt1I^?Y8#O zUqd#m`h2O=BeD0E3sh+a#5YC96YPnhvJ}^gJU zm;XtvRIwcJd;b!TwMHfRyutUZ1@4))xvNrCtNT~_(o!C+Yr#$iX~tW?={_P=DX{L} zT{wS&-S6MDyW;I$sG0RpQUlp(lE(%9-W~|HF!+v@&JomD?g-CG5bV7xYE*9h497bQ zy@amIUnvM4n4oN#P^>8LYB-oG2iTV)Sk&{nDQQ>1FlA0b)>HbkU@k-Xo5Ti33mJvv zc!tG_K#R5TZDEu;vmX{d96Ez0I(99zhe>T_f%bN`R0Cy{rkCT8wgl~~-$O@1KjWXx zumHAqk;XcpfZ(?kH%LRoi%oeOnw>xNyRV&bZ|M^h9_D4pHW19Mzvb1Lxg%(Dx%9Zu3XFJZ3M# zGC3uNTJSjgmoS^;>u`_->ixQBPr;Gj#~|c8+kc`w%j^A2*xFm_l^I9=S$sYBkZy0~ zKLpyBo~t-jE$8vDfS&?@;HS!y#9H9%l0cVwxXzR%p;1^lRe*8W&V{R?d*bT$@qAQP z^(|{cqV1S3sQj@yPW2lwDQpj+P(MC&jdg4XOXekY&cd8nHL?&T20g1$Bs352C|*(8 z5!xNq>V`^~=_XtR7%F^da9j@VWejq$R#I-V#t5{0wl2nnKs-r1@FKPwz`A$0J7d3& z=i3nd<3VR!<*J^{7!yN(@puq;m)^MekPh6}uYZwm3SEDjuZJ@I@ik^?5}^G<^w-^O z+H1wQVhc@^kX^Ga{Wh)J+aUt3IWgA?zj}CCS1Ul&u7NHAjwVBYcZ)cv8f{F3xS0ew zFHzYJNhAtBNKs+laUplPbkFF_^y~%8A}-YPc(G+_=Gs_=l(VT|P;U6BWXNUihlW*W zKi>lGF1wx_d8-;K82Tlq#MdwO)BxqPg4iZuST)?abhmTWC-U2-#a6q70`WgXNL6ij#PA3eP@_3pCye4GJJ?{&E@t^9-)Gq@=f0c3w=N@$%Cp9r7^&O3Q_?v)pc9T^56tYUk%P zg7jcnQaF&ABEsMENm|!glkREU4FWNchJ8&)@AjTBd6Dv)kXJX;|EeHbuv7Dz=A4FA zKu1R-$4Z}zqw;FzPD=kabJT?UI~@C%_-aIK$;=dJG1T=YO!u=s74M~Il=-r+UF*k- zTNgP`Xa{IXJPi5y?zxofc|(Q3Gv0K(=9)oqMTo|RUFDr_p0S5|=rT)lK8IIkdW%8V z&JFe(r!6!OQT9nk509pGL%ZiGmvGf?Fbj2C{ZzKIbGoHVvT^8TDCn2LtiAAuZoU1@yX->L>Jdvb!zyd?U<0W zraaW_TbVWIZ?QWHiP)G^RFgQ?ZYCDy&WU@(=<m}Zf9G-=_sPIKi; z4x8BvJH%+8tmJU_PvX$=T?FvNo20IiHQF|BW`_Taqup*zvS1!)lxW~^jnvsK0tgkH zLh4;@D=UTl9{Ca}QYWws;;>AyA(Sd%IQX}=H?Yny>0)Qt6GC_lx+NIy9sf8$ozc2U z&%)4sPLI3fmN$uge){EEb3Xnw!tn&)=Tc|FSDo!>_|E=@(?_$)#}ATb#JE{YozFX~ z>2tpqsp>P?u6wK+*)qGvHa?y2$@VZMNC6`walxJ1hneW!Q1PN`;YzNC8&*Q+B4)3{ zOqAe=Nl@ettqx$Y1F4|S$ytI&lm|wN3?1Li5=6?_NQ-_v=OF3g2Vb``Ld#m#OWp(1 z->yJrHs)U4yuxAbUDYeY8m;fRZ)Cr#BbjFGh5A9rRO_%&>rx1fEbNi0>DWuRBxh zzL(!4u7Lm??~OyN+RX0SH8Z2%#6iYOIQ%5zo&A95x8*}!_SHAkPhw05tX}Y(uAw&G zvN_~nTAAv*%;_qOv$GiV53Q-6;!?~~ zXJt6%z>HZ<~;5 zZYx;Gf7Pu+)5q{)m*&}r1r5h4E$m_;6N9Aju}AB7%@vfwj7;2v>a)RNu#^1cg>JyP zj!0a`muqcKhe^2!8ji+KRT=p_<>6ts>#v;wYY6T*Yw~eO@v|s!LSxx^ol#QruxXLp zaArc>t9t?02qN2hq?9thQ9qmG@uB>T8(C8xX`VI;c<0r>>Hlnq&%N4RB$yZEeYo}L z;eAy$ecTV3sQ?GuR(D;34->a(oX`&JhHT)+*|1*4=RbncE7wf%7fr5yuJl648sb zh&2L-HJe7uge9%yWD4(H^Ic@am(rMlnXL4-nh}nix>!%!$xX^Vw;5Gk!BW0bjbw5m z^C5W1GvU>@;vFcJvBom#u;+Hxa{U2m#IZg4X!Q0ETWEX9v_k)VBl9Sh|077B1^I5D zW`HzX_NfH6FR=SyF;aIqT**WM^q!5IIZzP?zpXo0fgz*FA6s$*9n^CFOwuaUUQ~8K z{u?UicQ2;Jr)FDjs4(7pn3h~w>MRpSZsOwmCx^7RuUMiaHy9Tc&0<%mPT2eqHgp`Y z@VNhY4^M*UPtKyBZg~~~#;d&jI%YNCVdC(V!{8j^uH!n?Xb}hLY$tvB!=e$1)jzoG zXueqXn3YR$jyIs=a*x1Ix*@rPT|6qYKNg*jW9dWr{>y5=Ai&RFY+`xFY~WT_gf8#! zDEBJ{U~}%Kt;;^{iCpPs`&zNu5pL9M>7ab!bx&Vfl7@6FKytf;&kT%6?Ku|c#qTwt3ZdHW<*3lL`cQYqImx0%hdObGJ z`jlsLsNf`JyjQE*Ifi zSdf;04Pn(dWs!iKI>{!9i&I=Bd32Jh>Rc6v5#Xq5qCr>1ZP-;{mqff^JinAw0RPy< zuVWq)I_oN#cqShaU>`kmLT;dZQh3Mjhw_(*>^+Xzz3+jz9IN}~Xx*Fg{5zN@wjY}e z^y~dK*?fBM$N)ZSg!r738#daGqnwjs6`^LQ#oBc=%a8oJgQ}bkY2LaX7g8lH3%}Zm zCpzd^t6F>cTin8rnjm_CtYeVKT(=WNbT|7tdb4M07wVd)mow6qn)|KGJDdo9PC@U+ zLmP&aJ`u!l88IeO2CdRsZqS~$1bGYnfH^Pajef@#`(;MEeKUW^9{Qhm#Or_%7-c&FNQc^y{u=e4%85?}WV&(8*BG<0uz(b{CW%6;c3Dh|%>?>}HW7hb)DkH(S0@-k`M) zw!eFQ!C<5V>E0}w?4;lZ$D0pag`IRks^g7rBlb-?) z=!aoX60~6S&y^`2l#8%Y2fADC=3__5go#K;j9YGO;>$M5m1*(Rp4?zG6lT zp;z{@pLX7=>YZgZRvM zZZVi@JRft-w!oUv4*cN_ikkQ!Mkbv3M0pxz4=E;QudrPGQB)+ud%a}g_dnQgaNs!Y zv_CkoywH#z;5pVK7%JYe{@dzJ8Y6ar3vxZS1Y0@#Ci8Ia?raZt?}qXN&zK4)IorbF z$l=$e1M`$jG$a1m&P0J9(Y`w236fiJsMTLxS1Ej(=2nW)ur6WecC=^beW?+}PlPkL zjB|Zcos^G0^5f1b&y*^wPGgNwf{eTJxV;DJ`@h*J2B~Pc7!)Q|u9q}{^=}?-ZPL9W zwwt(eFFzB}2tGGsKOQWc=GlE*kJLocLe`OA8f$pKPHm}EGj55S1_r#t#&*1&a4CiM zCP1+W(N8=c3Kl>E-{-b14%Dclix;p*wTlkBK5@e-+-^#}laiV3`IFL(ORwhgsDG)U zUmEB0%Z7rxI`dYF&gqy3WwDZ%192bi^9EEC-SpIBc1??BHy>OX3p{uYP-%|AcM61(CD1BnmfJyNfH z@jS5@x7l<`YT&^8*#IZd(Vter1xbPp2Z9-~+*fCRzem+rL4^ZmayRkSQ(d3`zu-QA z?IxkyqmP{VUxYxBdmxft;qv2R`ZN`+?;5K%LyUVB9X?Z)F+`)Yeqs z`dUNSw}2;aVCS6TH!ug~Z5DJ}Zihe?%r$AYJ=@lT?yl_4TO%(R;1dMKk(l1q?2bo0()j!bt8BamJBwu@Of~i z%7!QWWy`~pU9%;^IylPt$>uyl3R--&GKL?Y5!JRzwv6$F4?vY>#Hk(%2lnWBFwT_C zy-h+ch4>hXw)JKdBd!Q+S zEZ!d`CE3rH@{Df#u}BAd$-9FV1#Z0f^(*-4u@YA2b6A_lr>WEb!XTVpWkD> z)ssUzC|j2TFVuvy2nVTEHvVYxlmOT%4kQDq6AZDL;LMXAV||pRGdKRf8zX%@*d7VQd61vsOI?^ zi;WWA(Frh)h+&<&m(K`At06jySm$NhNK3XURAdese0ea#qi5=i;^%Pl!8TMDA8r?W zrtPfj)tv+)MvQ)MI|O`T+G~0}ZpWdb21U{uM!Ahe@?Y1`@6al=fUWJa{^9DHF8c!{ z7>z?5-pfKZ?mAvky*QM1r7VtD(uI+lO5QY@?A%qq5>m|?Jp;O7sFXIQ%B^t&ru<}? zbVpGDBX9UGFb~ozaPhZj5)zn_vzWOCeqw?(wHm9CrI*^UJ3a4C_4_@TMi24yY5+=* zXB~x6r>b;Hu_+aPG2)x;XK^vDQKTQECuc~0`uQj;roT3+#n2CuwcaeUq^e0|Zwy+v zy(n|`#6rFM4FSm!<(S!HiZ;;kErcu*N0qryQ!6)|&hKu)mY0c})n;U7j4tt9NS!4IuI5-W z2NiKIW(@4$50djvk|ouldG3doxSyUHfn?ux{x{-2AFAo^{|h{ud6~Y>VD1aiBYu3D zN;*AC&S@t;1y}NAO6}*r1q=$sE zzV~t3uohva$akGps7ZN=D9vXy-eU_DS9*bqiKfRWw^nCijnRTOnN-o6RDR}5dqx!X zttMLmMCzE5y&Go}z6_9b9IKmmg>`InkuRb2?p>L%k+5!Y>R8e~`E0ABS2As2eXZg! zTFUM#M3xy_SN1!()}7&IF$Wu~9#3fNjU-8b!M*L-{>d zqWEU#?sc0d{h{!F=##%Wq%@LN-2`o%nYopRq=Wf--fguy+ud6d_F+onHIYrB7)Vc- z-Sd6Iy4)ufvQpvMyr9acMA)_2W1ai=}K<`fLOYB!fK_R7jy69X`95(o!T~Gn=^<&m)%{juW|AovyH7InLvZW~rjs|Mo2wPyUPe+B5 z-SCh?(`&?HYMP$7s7n>t_=nyiZkcPd#)3v@YIdvX<|)e`8rpCo(thtWF|ht2gUHK( zZLm2haUv3Ic~zd5%|C0L-ZmuAI&g$nDJq~nGhwYNi#I=iKA6pq!QF$(mXMLVX*MwP zI!EN^E9{jWH$v#+~5R5^^n(@nmgB*szdMyS@ zz#H=b!^ebTKbU~lkWwU3-sY@lFU4czAEf;zBs#e1T&^&v3SmHcjsl zcXsi-v11Q^ob%BaL|RSZSGn55ONqRk-*lvwm)GAU{dVesfABHsE^L^ns-=ztnE0Bped=01tlajY9 zkXaod<^J3y{_i=$kc9&?eg!}5Z9<_Df77MK49$5sTce=uvSg4RUMUS(Mm53Nl%mUhblfQ1(26RoGHopQFC zNACxN`LcJcTwQ;Kjy6ZeoqmbC2w1f~2Ws$%j_eP;zibyl9D(YmcSf6p&A4tQeoVYf zm-vI_JpU&whcbqBqNvaL6iOq{i4@&?W%%1+XFjo2C`#GkW7vy}h4|WHwu@Jj*Y8^! zhmC{D&u;7~?&opUKY;B!+~4OcCrrZaf{or@1*%*E3BD$LPdk13#YFfrenIqP%W#Xc zKi$nG0INBGlGQP2!QX*uD8Ggs{4c8eY1ZW0s&f%RRYN9@r4Jdc`kSe9;XCjHBPVAm z@)9w1>xmI62(jiCxs%)$)K}jvn6R;O(D?CjAx=S%pl+$6ymezg?Pf9mgPag z>HKC?vXmXuK~DK9b;*q!$K~4I@T#hAqw+8LJ!o=G^231OdpF}e{#AnM%eH&7u8tWvOsYay(D*`hH`D8N>P9T;Dmb8$(ans`~Xp8K`b){Pw+79 zwxdpI7P>D(oS6LW3(&b5ujby@xmMD0>zv1yKr{nhL(q zCtAj)pzWTL>OONvcu2An@bz6Zw7V95UpQ;4!vd$fJOQImK^Ml-H;!y$GmUw_kx zJ?r}!`v|98F9LrfkG|wzw)J1i`)JfW&sNvfL$EJIhEaxGG;zz^3TA1-o-wG_G&(0b z{A-6*xQf~;VUfw7j2oDYrb{wHx zD=~xpRLwrKwNdcVC+S*x5|fBd_?8##{QiQ0H6_>Tm5`v4Ify9k>YOGE_E1xiUe!8UHT|yprCSEJJ~Z z9g(rP9q|tZ-bL_{w3yypRyS~D$8gRPKK5jO8_{ABANK&nI~O@Ik)%D5LwK%nS`I}! zvh+ht2C-y{O-R*~mER|2A3apl=2_6@zYnqa^VCfsMfXT^h3T37|VxFzC2% zt2i!Tt=^1rrpf5~>n6-1_EEV?+BZWk=fB{3HT%sb(Fv1JJuYiMXHpIqmHO}II6U*J zfxSJc(i^UGCT>bopw#)8fAVthl8=&Ey&k{E;?4uYJr&@A!LE)i^Ne<$Jec8iQYR+%+(MkS*{g+<0pQKy03-Dcw9?r{MAl1rJ#ndpTWUR;QXBDP8kB{T zvWsFT>)wNnIhsB!O8wQ|RnJ+{Yn^jcae~$oF8RFfA>gSPQyqj zzZ`7zS&CSLW6LJzg#I?MP{>&XoT~gQAfI;AhbRMy3i(G`8mzHu_NTgf+g7bb_ zB1Zb8Ke{Thd=K|4Zl!0qIRwJ~zLFibuy6*)uCu5U2h^t~QG^)su)V^WtZDK`zt}{< zvO1{A!bWKd1fS90rbD{;H3wF&`TtV>B9!~DV*CQ5cvqhP zE9OaPAXAL*%`gJ+%QdTpCN4{2BN;+G6W9Mkh<_c2bfEcuZd?9`4Bzl+sh3uaY4iNr zr?+B+0CH15d8W2oYd|6Uh>7r7Tl|)XQTsF)!Enw+1g|Z1=ys=v21GKlk>PbU zwr*_1bN-2?J?Ffnh?yCu9NIGwYFRphWQm3qH%o6d>6u*Z_0VuiIU01qJn}!Rb3QGn zhG~!ju=x#5GALsUTg*0Qp7g7`MX8+&=}1NMd{pe7d+q@ugmy>WD)uL4Qo5oppwjyy zgVnYYR?Q=ThSW{Z$un~$jZAHR=`@n7Z%*?xCYpLfjBqDW1X^oH*Bfhw$u>1MM3L0o zK6y5^Y084!+bH7?jumz0E%nR}4bWrQ?ACoI=>LVRZ`uF2;B24Uxo5T4IBw`0?xaXyU8wBYj2pvm? z6Um@DdIgFYO~$*!udTJf-RJ=*Y9bj#Aqi&4PV3O8Y2w5Y4Bd8uCQ3xPJD_$uKy4%0 zgS2hn3Vg7ZI}l4p&`P3o#D=fz%F};oOy`jDz)8hpBzry{-J4&D3-< zke&dS++>LT%8m#yg#?bFu12Ubje9a+_s$3D=&7xoz+G8v1jD%}IwNmo+)ffrpq)|! zt*cz&zc?zAxsfrT6UX)eYL$fnoy6>aj=21}a(?4UF{(U#lfP~FFZbRkqG0=zRqccq z$(R;83Z!=+s57)g6m4ni8&h9C2-^;)^-}4(jfnA8`d)coGljB4roW*y>A?LkFB$m| z6haG!Z`TaZF>@mpar$%xO&Zn4fW95%Yu>vwTc(-L;yj|VL3g1LFgwJZP{x$6dg29) z7;P0q87I?s1!>(>Ff{~qiLq;a&Ln*FU|dyk zjo%K4KD;`uQO9_(%9Ym~-@Ob1GYUhcI1Fi+Bt8b_LXJ9|pm)I6lxi8*_LXB{%X7z~ zXe6C6TD+79Wfe}(%-!4V!H^IPMvnuLj{upi^gRSWE6iW4{P$U8nKoKI#~xN!zw~47 zv%H7nsqFu`iCe0IF=JU!kT~iOr#^NbPtpP%RdwVsk-fbd%<#NDpD)5|z|X7Rm#+@2 zdk}YEZ4_^J0acKqu_F;M>rue6SLpp>==k(Mt@3PN%8<5ww$nqnLEgVHYb7V!SqmwK z=OX`rnpF1=7S{TduAUf z-z}ve*6u9nV(kjqV$M?~+!!>P$h`*XI54Ndv!^ORtwxSdF9t<=T%C7x&VLs4m!!VJ zl+^DM{03&vHPee;un+rvM?8CWl39yA$;qt6UIk>jT=wSt?Jr5w)o=fsY%f_mjCB_= ztJ`A9QeCGtCv2%>?a3W}>*YscPE(sFID7R^^`{CHYL zThsXrWsA!5=(0ezbPn2Sj}_-DRfR|Y^3BQN9WSxf?3z9a*<(TD#$-cEtiYBrW8 zi0-dK|K}1(+xstb+ukbLt9twOdj!by?#pY==I2k7jFZrmoe2mM#hAyYsYf}KMX~B@ zBwrkn!xscE5zQ;M&cs#S>4#riM9nhD_-l2QM7GDYOXYGy_wNf}?f;ma30v7WY8ZIssK*Myluznb@- zc+up`NL;Ck=-%x2n{icsvBs%utX;}qSaO)KEsHFaY12}RQ=SdD$t2~SRBnqtbfeil zwdF>5$BAa`?O5z3)CbKUlph}y_*@)@&uAnjJo{Ar$3VBKmX-yl;$Rzl$nA>kpRML= zhuBY=O*G)_{a2ghK;^jB0<~oG#t@XHT@m; zB`I?tJULF^OW|qn&rP9!V7Op;&K`!F^9vmR)9*7Na$5($iw?w-SR zZC3UFBCmgw&su;V5ZW2mJ$8SM`riuReizssZR6|aIl^o*E5DH|b+$SaHR_2p>^6hg z_jkI`kN=|4S_77>w|l;Ho_-N_Y+1#AY8f~4)yYVKQDew9tk(_FR}}=(@Rr*A+&q5` zMTmD#yX-(Mqt+X#MqmmwDVs;UHvr(99=C*>IJZUS3!n3k$z%A=1PKdN35l~eL>k)y z$rEQ0uFbPU)UxoWjXUT`r5E``*B7(aYHS0Pu2FC7HBP%(q^V#x zfv&D-`EJ!%aZ1G~jF9*UJRBAkS!aQHRmJ3d4D%T5vvv#XVB6&#cRQAmh%zG5i*CWv zjqQoKS3+T4UAk;%(Uw`TYu%!1iS|G>Ppok?JMt^iTp`Gcnv|5a^%5oGgENR@Qyi4 zx94UX70QlnttNTkX6MZ3G9VA?yIR+t4eC$gfDG{9pWd(n7%q1m{~lq*G}EQkf2$Q` z$rO~VAzoJO0qu2v>`GjD_}!J4R%2@dMMKh@w@)$5bbswv0B5gpKf&{&N7Y`umEcO6 zahaoP9&Jm4_1X~#&+=2vgR7Y@tc0B9s`hfunp~YuLR=l~*j3u^*^gf}evu2+i&3%Z zPLg&(Q5Om619EK!RlOk^F2sH1TE5ImD_^O8wmkciWA0^X7>WDpO)vdI%m)%z&*T?Q zpZQ~_)1*vEkgJs#8};X_JOlq6l<14RTYTt(&95R$C@GzGpM>z^^(y) zT=g+0b11)$@Sdwq{y~=PkXv1%9AeAzNH0p_Z;>oeQhzxB49NdD7u7RbIzRjN zuX{0H4ZDiAA7?9yk!eVLhkO z{?-`4kl6#wB@)k|SoQ$JbxQUlqg0OJs<$Kh8&ue4g&Zl%Z_kSh9c({;UPCPR9Me4D zqxn8oW^Ww4y2O^qwdG6`TJ*>P8b`Cwn@Y6l`_w3~PcgGpYi|PRewd4K2 z{^J(!PxuxAvBo%%g~euvkx&GVg5UxGLlBC-gdtyM&gPp;yv3GB$AfnHO_+PJ9H*}! zC~nFYth5&RhS8sVgqgOW;iqH+;aeq`F(90|-_2n9r6mmQ2V@++6|fL7OG3~WAOv2< zoA0}NA9?@ayv*LDcN-E9ipop5%lMXqN$&=Sy=nD51dtC2QZnb*+~*@txi2tWk+4(_ zQdZI+2;nbQvja8{vDBWVccJ0!j^~({Izw0;6JC;oQwK>}+i%~SQ5lta8wCZdYT z`~Zw_4dsR5X^a$6ZUyDa>yKl!N)SV*6)BrdeG&bS^hMEjt#TU)OAoW_)J8wLz>cOjtc8u?4DUszL9Cbs< z;5Tlamux1TJ|s0!VbbM7tyP7fHyl0b-^yU zkH9AzIfQ^!;D}!7V_sp%L|l$iDcpm8VHjZWRYj_RdnWjX6kjHRcE=?C%%( zHam7H{iLR=QgSI3;z(<$ZWiArX0dtiJ$AJhVoVvr^uQk(qVoII>hH6RueEq25uqKB z7s05{zC*Pz1hr_1Dc$^k#hrIhlimB~Q4~}ZR20x4SP)QwND-t)KtL=YSdbcu3QCjS zQV>MxO%ae1n(``LdP_tI9RkuJ)DS{%fj}zz!29lRzVB~mc4lXHX8AwEIZsZ`^Evl@ zUDq+ASdThu&%rPMG(SnKFxfdX=#kGY&<*(`HaIF!vE_sa#6ii9XiRbC*XEodm=!7J zbP$42(J>tt1ZWPFKHTk&_vyf6&i1*nx3!65H5~7 zq?%M7)<&!q5V^cdF2%>Isly%AC4SL{Ci%R6iq$M{%sX}#32$=bOu3EB*i*jdZI#0Iyziq=BeIV^HCo+P6i{`n0bj z3Q?Wl-kl$eYcX``@T4gI9g2+Yj1-%tqJzyXGr9GHSD308E9vK9+G9qu5UBq)Ai8l1 zje-6+_=lH|lA97b{^L5)LH^Qw)A?=1&F*=z&5^;uz;go=5O(6Xt5NFVuHIYqV>%t| z1ojqY@_@Nn7Onh*x@5&0pTH$)`XrfId|fOzVDgu;C}t!s8A4C0foH$6MB>Y)IWx~ zw#|U*RK$Zes4Q3s$6ygbL^1T;MtvH{C+Js z?pK6U3Xhi(gk12P#3w3Qi&fo&DH#kD_A9NeRG{j4b=5n6vfbbudR?!_>% ztcB9-=mcUw`+Z;;Re>76Qoj_vHfLv(0AwHTd=Vc`-*5U|CvmGi!|>55u5)^l+LtiN zgU7SBl4fVUy2#{)#&3~+UU)K#p!>n0L%qLhpKk!On5HG?l5?E=VuEx9iVxEY^hvpV`tW9k zu}tivS)HRm#Up)WFo2tJvGxvT(PIc#VtLQ=@d_wH$8O566)7{xj8V^jrts?&=-!x& z9n<^#bXX&f6W8u%W3eQ#(KZV(4X)LN>>OAza1gL^;2x~o10Y9ZNs=|$O-~7}l7rpv ztV|NC;8E80W97aj2=MS%j|^FE2u~JE8&S43(Dd5bA2*a-1l?8>fj7=Fevf!u-H~~Y z5omM-lo8;4Y&?Kk!<|2(MBrWZfo^A>EG_3kwuYiCtcfT^88&{Wv+&j{#+3ZAvrRi3 zSa9@L#wMcec_iq-w&}2tjAGbE4=vF>e{pc!)G?S4(VHGw(2vx%7XE_prDSzP(%$$W z@fv;;fhR_53}?cIaSb2IW6?%$QxQ(>j@9F460vzXh|I5R_ezXECH59@Vz*YI^9Ajg zzc6iq?jP=Ff50%@ZCvZGLmo#*k&`?ABE<~Ym)kpEs+=9a8b1_3J|A{ing0>03ZBCm zL2M=)_ktVWb&&7yj=!yCha}M#0Q)PlmNb3_bH}IPHZfjj8md7FvoZ^X6gT#-aI)2e z1HBmc;xvm>_<(3g_E$fJJoUQUTowK`SF!>!Fn@(l`_c}6V@_F+ob)YNGcPwJzMZBG zG0b*E#Rm-*1UBa#V`sMK8Mc9pCg;|Y5M2=_o&z^4>ior~#OFq5e4@|Be2tjml`T#h zl|38e2L2K}<8yOg?YYz<=(=?TeAK2(KVqSnk(cV;0&VV-E5ju+CgOTf!m@z9Us5r& zw7fm;xu)Vk??GEVBFeL)VBMW26|D=QyOqoj$ed-;seiVL>jzQcV-`%``9yM?EGo0~ z>W(|G6StiM>=ONw)UE?;Z+0b=r>)kYM#(_93CSNE3>2CCcRdmZTlFvQW1DE(GfMbh z_}j90dk-70zuWEGu=)R8J9z(p;=l()mcPmm;yBn*5zZ;a1CGd>Ky{**c4)?lwbqP> zh1HBiU5Oa!e z%&?RC^|KA1tp;q0amW#mpE6UcObr_`Q`wIvmpU-bWt15&OGfkctBVJE6jsVZlKg#D zA2#Nd*~BOH=_`(_a46Fn7<@y^17?V!3K?gEH!r(d$ak+8z@v<{LTLoeQRECs$|w;E9f^rFPW>!gPdexeB5Hs`B-6qDKz%vLjp#M zJOsMyC^~a17W$*(x==~KV{~gp3^=)SniKk0ze`f6&byIY63iF}3kkn-&N!*z)Zg@m z2%Tynaf0Zuw2{PLq@=pYS281pblygf8q>Nn8$L~e{loBuK9vES+b*p+`9L}`SQS4N zwqHj9Uz9?KjZ5z-*?h-uX=KzkA8NnObda0`O}N}t;E@@l)D^x+BVGrcTEJ+zPw|CL z_J6Kb4I8PcWxUK?2G6rL_Aj0DeuY1^(a-(@@2&cj|4ksv*E9M2VEvAjW-Lb}6H6{p9cKqJj12c2zzrbwsXT=qRS%pYb38$ZdSIqbO%pdnY zZ?2SZVb~=g!FE*5C>%t;!@5WLy!K$>9Pz4oMoXUNXKH%7svL2ZibspJR+jM~=e{~C zhuTa&?A=_W`aF)^xVCOwqT1MyCtNOh?jp>L8=kaHfe-C&2fHLgT~HnG+}3LKyL=Us z+le_j1k4iXElF{58?)6M`$oZKF_z0*eKBC#`S#L%PcFYrVxD- z@%n{!F$0$A36t9dzx=fxTRO+HZsSGGx>2W-KQzor%3KnVrt) z>RJix3H0L`dNQNxY?`$|fZ;c`7-%ipE5_mlXgR@5N`2f3mh@k*Gt0%1kBB)+M<$tT z6LWRv?lj^kVP>xvl~~Ee_KX{7oAF1$)bAp3&d-hxWyEZqrs4R{vjEdYl6F_YW%#~wwo3tur^!kAVM0>gxXI{FQ_CS*la?aVA zWYcbJ?1qzU*u#(P&%0mx)p3jmIhKNi18``IRf_KpbA{6E$* ze*9DJ`UlbO&^)@F9Ii3NBq@^$+7>AP9lndFvVT{c_2abR3udZ{7ffAvF%Z$XdJ| z#)5><~FJH_?H>IiVU}7RLVh@Gzd*mB7eN`N6&wwW7 zti)NKYYCA-fyVv`T3^43^C{g2YpXJq>=X{O^{$oPXnF-t)ZCi^}PM7)LhAL*x$ZjBv9p`IWey zVHf6vK|l7<$_lrBa6hbXxUMaw1tYk-*a_b0sBJY}1)$#o z97SriE+LMX=*^A=oPjP#E@Lz5YC2;>-}!b+oM}O{2)7{hi!~6L=F zt!kI*s-ohyvDwB0!cQ>oy~7m@KU857j1nWK9-NkFP?KYBEb1nihhD}y&IX>)k2JM> zVsV9_?HGs8FSb{n=Jut%BAIFpaBC3a?TQ<{g!(Gj#nB&jVryTpw3y~XS<26q02!>l zf~dk#vgW~|FC+(T)u_l1uU8yJ_?f0e8PhjH&!w$M*7J|boj22p1bx)PXxM~8AE8%M z%7tDNwr)uCT*^$r7DJi9e`O`^FUEQ>1n`r;e z=*g!(NsU}Kyb`-n3<2!1l9}Dmd2rYNmepn?{(rIBl`$sOgl9nCJ6gos4XuICA7K^# z5u8qctGgp<{HV|gXb>6&zN#?`6~mN=Az+Bz90{SHMPQ_ts4tw>vJvx@W?X@HHuYAb zcQ$$ce27}o_eS(}fkW;wpYM!#%%v2+>GFM1SE8g3)d}w5DYsZH0F!b~SBc|sR;$85 zuxQ%Y@n<#yXaE&OBsT98%}r~kr?m`7!od467UYAJ0_w|u>JIV=TQ z(&>;(X0Cy%#=xgOnx5b-4+cxTbm@|rnUQ%)nzOG{Ul4(Iq}q}lcHq_C>0=YdwUMYo z_FWQ|woHyTGnj^`PpWko8_r5~=|8AR&Vm(~)|id-YAB6DP5iOWX}*Y%0@bQF@NM-O z5uSmSCrLx|DsbuSnZ=_8p(B~wuPG`?w)7R{rZzj}a{08ehyFMA`P%{}yZgL`E^N(K z{3kC(^%h)&8TLy}8PbF2SaOJk?H5nSrTBMVC9Wu}7LC5sA2&O?e(wT)Ve|628icfG zv9JAR&h+#>Jt;k0)M(R(bF7cQ&EAK-U4fvp7rhqaZ=t(iRv~U;ZYzHyhhFYTWW;`y zr7az03esc#A{8n*9kDoB-i~uZ2qXBwr~gDQT+fSPPZpkcfh0dz^8Jw@oN9&7rP{8B zeNNxWh#X3AY(KhogNQomf!FrAD^9S-e#&Xd{^5f0sWm8ceE^hrflc%C;WPX)OVh`= z8hIgBGV?|k!C%}^pE@YnW;I%vtSx>J3vJN3jXlw{p5)dQBIR<3DXKgry4)1$$a2NL zBol^zN=M2|nlR5Q&hfT9^M8!hahrQ_j(r}v0^Tb91FpcAJtFPeN zz^q}L^t5y^lD^d^Kg*oDFkV7{N~w8L>3_zv$?k~=UkGpJpeY@+-dgcQOF;pM;r&p- zCtyIy?2t9bH-l~bIuPB~t0)KMA?e5h`JLW`DM%`2cw5h^D-I|8)*0&jIKg#4TOnJS zbXrQZK__y)8J(*6^BUiR&TP|9-^ru}u*6uOSejr4bn4lC;dwNdt1{qZjd&?y6xoIz z$W5{>Mf@~l$697Ob5~lo%H-fXJ6Wq1vkRmfw9E4wyea+QH8e zA3ER9C}n3WJOYd}IhtuLZbQr<8RwybYwFr1VZ2OZJ{<$f6VKa~suaP#3aWy`C)r0y zpA9g)uE%up#TvXHyM`zU6&*hbPcPLBE5&Tmf;{Q!_MH|@AZ%Xgs8W9YPp9xfKsKXv zd0jJHFzTcuKHN3PLXp?!7BD7~ptBAL`r+zM_)&s(J8t~4IJ|=vL0Bb*Y?E^P^#Kpm zM*-KfY=uB}McS8W7Z)K(bPm5N?k~;7mG`luEM{`nVX7kL` zd4*dhm~R86f|`2lY@dJ0bI9=;lIcP{8T|ZLJFI`+#iZ0#6ro(}7aZ?%(Tk?6j%eDDoULjCIlc72tdU^H zynkS)Ip`Y@APNov6@YE4fyL;tRQPM-+y)58V~(G~oL;*@*9xmc{#>GMzb3Do%6LGa z=0vQVIt#U@kO!mm^aGJbbLFxE12vK0GT`ezStflwIlAP8r>KIY?|gBrYSAL_kWvsIHC0Pi~rFa_E2R7MYarwHC+mAy%SXT_1I%HcP zMaiIL-<0t`FS3MsJ+$}^Kkc}@shhhu^47!&QnwQN53oa61FqSTcLA?sdoo0&+DlfO zgTvsqb$%ADl7&6di(4#+ltWq)uy z;QW@ttIZ~~?}+*8-RRxEo0=+6@0l10)Zni!sJs2Vo_}2& zuv-q={rh(a^}hnIoDZgoaij*U{u@NsJWn4*Z z087!F9@(Yd92a@Am=pamb+O=f4vG-lLd~*8SwcsO+B)XFDxr97^WkeMA>)=GBEu$i z*A?;Ps+lQ1K7MdDMbGM4Nr}&kW{f@?vB#4Lg?1WUb2q3!)lWcxPzm+gwU+saXW(Fm zt%VD8e{U6kokdyw0^{DbzW$KnO%cn#KzNaL-a7E{S}h2Ww(Mqdhw-j}ccF@UK8|<6 z^})(ldDXj2K{-$KtoJ!*>hqIJ38uje4Ul`LJc@xA=^shIG^AsG8FbA3lt=!gw-SA88C}wV@5c-PFZN3juNAk2v zJLMtlRQT36;4?8BQ@}sZUeG-cY(WkFExd{%5|GLxgSXDkiF_)#J^+ggDyTlO$*_zF zJddHfl!NseWzp5!`nEM=Z-IDg*q15B7i8&@MFCiMVkv5^Yx+u?9sblx4mmz*NlFa9 zxxAQ1r@sjs0`%!MN?ome&pj)SkqZOY+|EOTiv^Ub>$9z6uA-N|iWCWl3`bfaIVvh= z=}~Y67olnBc{Fq*Od8rtP~yv#ZQ9@<>m@i4((j$r zlWgVOh_kmfP^?|;Xw*cY4uHzdk*~wTV$yK|vtg&ArZKK~Ic`Z;_ruzgw)v7Ez|5O@ zMnSSnxa5tH){ELZd%@KicVmqH4z8AlG_W!x=^V3*?F_eRPu_70peOAa&O8>vyg^%L z64xHiK&7tHh-T8r72uZrU6TV9m(5^63`(tZQNGLu> zyv)!Tqp#76qkEtm*~!tmPlMufcs}B&re4mFW7pQJD9(=b>rlI6tHJ_VH62@I`4zu~ zeVA{(b~8E|sH7E@s7{P?Uz0LlWy!COhR-!G$2_&kT8?Vj z-MDKa!*bj{RCN<{f(+zy1kk#-hcwao#FV9YOQ-_+erLG#izVkfLQ&i0D;Oat3Yi)M zZN?E`MG*@(Ys+qbVy@CkXQ#9gXGZKPVSIr*&qrFg3BFw|kQ?8&qeunv=tu7E$EX3m zfnpKDG(Y#+?u<}&>C;iKrT9zlDdX}M)T51rN|eZ%b_?xs1MQi3)`pj<*lVKyKEUmg z6fI}`BM95(#eRZrb~1PJx0qzRF}+*IzUfPlIQ+K=Wq@29S{ZV|(LzE4ud(AJyi}*H z@1#RDsf>=AzMC|-^?FIF3kYyN2<;2=*%(-sHF`+ZZ_DQoS~=xYx)+M=Bj{(3jKv-D zLu%SdIlYp!Z$d;uO-95PRcp(Re^H6syw<%N2DU$NXS($BKvak06P9sdE_jz9RH2z; z57)zeGXr2S*x<00lF*Z7EbNe5CIyq6{l~X!+%~wIAzqZv*(N}oQ*)w?&@+0UT;n_n z`0DH4ZFof;j)xpzWGh<5a=lGReZK$4yVjAB+cBbJbH}POM#g{PY&IxD&l*2X@r|@$ zTgn9D?3RLEtMvrqQe6zj950*7C20hDnvF$TvKJ?;#GeQnI9Y`U;(pE4OvzUpEjIE> zF_Ab=0F4w~RWIa&dpODxWtiER|ElJ4(E~d**~`c$O?w}JH@Of(xUxR3IJIk*5Y}BU zaB_tCcp8T^dJU_jw2^>hZAK!vHw(5%ZwFxb;<(LD$M$-KiW}mUV|nDlv%<2%LZ2Uf z`k${6JORx#$4-k|_}^biN?J9#W=lQH2FI?4`W@A0U+li|aYNiqgMvy{c5~lN^u9lA zTCM1!BowzIis_EEBw5$nAwD%rdylHbQm|F#*EoBD5+C{9(U8IBBvIr0FCSd@qb>2e zd=lS0kVm`;KSq1u&ij~1s;j{M);z=&D4+kW;)F|ki`F}6vbf%^KHBCuLs+rs*IXl! z-*D7=xvQ}$-F&;m^>W^L7^N{v1N~x^e0Sb?QPv)*d3Kyk?);3rgqbB{<@4*K@4ZYw z2O>OFOx#_bNlPg;wFSwDiBv+H{uKO9aAxrdEK<#SVghvO@tdaM4p?L)jqCuIX+YO zsiTa{`=GBm&}3L*_+dbn}=< zc1KPNgEz#}+mB4G8!F<3*LNlXO+X7I_ZLv2%2rhs=7gNZ^0n5Ki>aR(ASyN*++PE+ zp6!p&MC^Z(>YI#c_eMN`Q_MN(i0+K7-A&bKZ&L-%$10gBo8kmzc3b+s`G~C_3MxZ* z03{O$yANZwDY`yc$N(u;V8YWZ<`a3NL2c+}Y4gI{rcEs+h=x>#sLQnhH>vzeJ#~I9qgiozhU_Y@xQ7ZZe{xN3EZ= z%`dHnGye>>jlu5}KWlG@2xg*;pQZ4Sz4yTLgLS;410{Orsl=&Fm!6Apbbs*iLSIQwNtr#_d79r8J=+u^$4X2}`k^xV zYSXXZt>iwU`_Gy%_D+WQfg8I;0&e)GbpQp~wl{z~ zt?p$o8&0zE{9iC>uiXw|Z13V5HZ%wT+B9vt@Ydh@v(?ev;I|vYI~7}dvNit|j*$c* zZT>``hf~>U^ixYK_1Q3Vf3e%+e|=<}#r9k63Ce2wF)S=auMD0+AGn#8qGShLlLBOe zZ)TI)i(Q}m>l2s;^)POp5tqVs&VYHii82r|GzbRFU#_DTZiU`#WX`-CWf+Y;o7|S; zs(r($;)z_#BE`fRl*f$n+mq$9Z9DzP{Z>N~|9QWaPvXDtw<`IM37^1t?(FQ71TC}( T>FUJq!nv-N-tBx1%Ygp@|FoDh literal 0 HcmV?d00001 diff --git a/Install-Kubeadm-Calico/picture/4.png b/Install-Kubeadm-Calico/picture/4.png new file mode 100644 index 0000000000000000000000000000000000000000..cc1ce780a23d85011c151f21681b2a43d3e485bd GIT binary patch literal 19083 zcmagFd03KN*FJ1nS$COrTUp`IsCieKIpAz%Y2{Q|nG=-elp;Bcf@YHqDwSi7m8m(B z6F4x~pp=TUqM)E6kfM?xD1!Q7_whXM`}=;!cYJ^7#kJYP+KaXKUh7=vetyN?TK=#7 zf62(m$X~j6{+f)8Y^L<{?B-3<|FHOL2k)W9olOJ%0%&s|iZBB<*&f5_I{;%X8 zR_gNJ$=d1wg__ULe_Cbk4e0w27x(a4ob1cZIh((F+&VV3=A1&Tn31@cgG1yg8 zZhRwbDmb?!YAQ5rfjUAL@$b;UVL1(XA-Pdv>|A?3z1!4k&Gxsy*4J%GoTJKr{Kc_RWK= zXU|=Ud;t{$CG)RFLcU+?5JkDI%&0bxI2FB~l=A?ouI`;CKbBy3UAXWz zuv*D{*RMSziG`ovV+$PQs^{>JBQEP+1FZEl%6Rs?yUHlL?w}hGfsr7*13Rs%V{Efb zI+CncfN!JQWY_uw9#O9dj0N)Xv3Y(oL%y>dCzPqdn(4^ge)hcMdxS1mu<-U~M1DQ2 z9DgUER7J_4H$ZP~UQIg`l^oUNa)h<&uFHvqI+Kn*jLJKF#HlRr^cE|{wI23(d>Eq_ zWQi&~j~y3Zd58G=6x9Mb#4vfq$6M=;+*+!#k8kl-TB~WEl(DD|D8eCstY3Q#JaDuF z0p!C5eb-)_6rVkZK1@_!`^Gd*TJe91*NSAOkE;J^^*KFb^V)k8$m7u3QzrWP^Ufes zFkuLFQ}MmmxNWqH61%JY zE8pg#(0NH5qKL|bn_WJeqMmnO7p>(CS~V*^mmBq)W$}f~@}Hl)ZwjGA8b6f?xISjN zkl%|lQRb{kNI5THxv=w~oxYZAAqmB`WF)_?ZffX3Hq{pC5IAlLk>iH+=YZaBL3pEO zuvu+Ll(`BY25pB9+=Q5i&{S<{HiGQ-FzUjA0KM+{REBKW@ZH(s6+9+4eLOQaM?psQ zvaMdg{b|`mAGbaW@BDp_B9*${W?kQhMNaSq-d|V^-CMrAtqI!9ys_TULTz@FI`qXk znMnJGgGYb3Q;+p$1)jEMyJ&TmKps#Sr*BgvPvzl8^s8y$DWa8EOa!zd*RUgkmypPc zirLL3YC;~}i;?#-Zwv}0|9*87ELS2l+njYt4>7dZ1mfrgB@bTqe>~N2jRallY|zBj@eGOk*JO2#Z_DRL7w1QasdLjpBt% zTVtc!@5RNwtswbam+hJ_bgW-@gE&m~Bv$mGNKY+O$k9~w-jexmSD+8}d+FI_(@j5Z z_f%PNuR&3eeNA%o)_Mf5@({pKoH{pPL#%$`zEJs0IDU002 zQiO;xQ1{SXWFHgl@x~J+@G

7pJeSxMZ_%8DZ&pj|RTXQ?Y3i)P+y?l^voHZf&Jz z4WDq(FrrszPNt-}ZbHzZ1$`BcI|0+zd5$NPzySTeo-^>{y*_N&2O2vRL%>1#lVD7o zf1M^;_RG&1*FmCVKvzJUzHQUzO`YaDt|vMJACOtP_tyCugim}Nn?6%2IP6&JWa3cplY!lka!_VI>%mA|4mTNU zdCLjiezTEE{tK2(A=X@9?*dp%;}DTxD@uw#AM)6GswZY!jl=PJ?-Vk7dVlp#C8`GK z?5-#5Y+WoAr{75Dqb#*G412`8^ zgDMduK1mDuARM<##39q;RcVBqM_Z>N^>GCod=tZ5-B` z^^ud!bKOJRqVIG7qmW%TMs zyKQREriYemGc(@}VpUgjYN)HOH`}2%Q8iz>8pwu9YS$U`p`qNylg&nX{q(I(_dE}( zk!4=@+FbQdFM=vl1%gFLznGBS+Gxp7cgo8rKLt?&WHLG zJ3Azj8P)v$J)6feyHVXS|230<-U9bI{UryIy!FR4^fG|){;!^zb&|+;;8qJkb?wf| zFEJNGCfjap4f_rk2$^s^bMQC+B=E}++@Lb5al<(Bg32!o29GQta3c;^KfXbz-jC4R-CpaBDg>Tk-AP z87kNl!m zaeROJjT*nkmZfzJ$rga!o#|R~>5%9i2MQGjQ+UFDD#TIv{nD$7xG0?X2eUrBkmDt+ z+cuDuXgvjD`uT~oy1vV0g>TGX9x0|+L1NdIP?2;AkzOw4_y!*N`Xo$ok@f{^?c=|E zthZK_fCKDAp@UvE!yAI=1AxFO@xXwr!5Mw2Ts7ps&c<=69yMyIL04;?gHb^-UHR2t z8v^8#dDvQ{pKFU>_4fI=Q5=7Sf_H##a(;N^YQn z(nYm`Czab7RYht`qW-t09UOXqOS1X4V>Jg$2{bxsiL}crYSwM9v*q&wcWQWF2P!+9 zRwH^G1-(a4GpR6*I4AaKh>Y1Ry2jIyr*I|%c~P$iZiTqLVT3U>$ebh+Ck%46BF~RG z=|^rWQB)i50sGOy{c5jb?f)Xrtl9G1_wR1(53`FeDK%LRbw4wBtyu|7>Rs&*W9r@b zv+aT4FDoobHvDov;WviZ{sJgVR;Y%#2R3+_q>8=+>@VThK`bPe9hi$P79Z>9BDj~! z{R(Zxn?Lz`7GSTW83I@KY7U+n&t``Owt)1tio>aXCA>5MQx+o2 zvhtUV1>_CAErVe3`7eGVlL3e;E2XH=UHiBNt66d(Qz+j~RmD5-M2ej7nXR0fY0flU z=J$P%@k0{z5SxZb(bmQ~=RwVA_P1k!o2g{Jo&D_g8UMMnE;lIYb{78t9qi1(P_g>H zmJe5wz`9+wf%BJ^f)8s`_R4yIQCrkKj8^J)Tu(tgk@=V{ek{M89Fdxi{kmokADp<; zqSS|f`$?h&S_~&Owjq?U?uUDe$Xln$rNyKa49fplz)Q>sL38m7H#-hEw(}8CiLH~#_Qd(qhEcsWywcSiK)WQz}1;cD5}wNE>A;y!^M3{aT~9iQd?`=U)y= z8%@vsMryL@TQsrX%GL(jBZ7|4_q>1xTT_jD*@CLjCGcFfqcTJ^dQw@>ByBvTICvc3y8V^ zj*;@Ppb$1PNX0iMY~^Twpuzq#Vvf8^Nlfx3sIATjla3F;^hIn(mI;6sCB(4IylSka2Va}<=FR#Ck=edPLvn$jB@aU70^VKG79>sdUT$jxC!_SuBb9h2I9>+Q zU<$#FS|8)Qyel{jP22oqqY05E-+-(2aUX10gl-$vc5!Y&jo_rIq-h|0SP z9R+5xDe>>%l)5XZYzI#7)JB=%Gg75EP<<)Ek|3|#$CB-jZnLdI=q9g_9b^R=gH6PG z4Jg#iJjq>PA1~8IzCAQqUVW7BxvsQ zb=5{So=t<$(XQ#8tI^?j56Sr8cSb+qs_H%;`8n?0Co*nXD0umR)|CFI2rO;S3~b*# z=XGbBi`idLpjuxRtWi3@h(qf5S39=71vqN#ZRoV>{SDL?MM7Q;Ovaa{nfB7`2CF_BoTW$)?u>TFalU+A z_%cE2Rm|d8`R0|gpBmsvQX82aSyRXJj71j%I$$60(80x$ptH_c%>uw)o%_iKXP!oD zT#b~g*gc%OfB6*{1&4xw;9$jEp;;!&3Lkg^p{lzla2w`qQw6tM56v+BI>~H$N@l~LRam@pIG@pHOBkTQ(?s+1;%Jm?W6sU1w+%!|9V_p=L#lfPsOxiBG@sftik-Hf?1a z8!P^Zx=m5BTSxnyewIq(9a9xlyw#OxQ?a~5Ri&x2`wGdbc%p5FrPxgR7BsYtVwW=` zrX?;<^FkRKJ7dqjPPj36LPcWY7GMzdr?1;b)jxPfo$;?V$kY&xTnwtdURPWmlbovN z3e&ja84fFcZx@Hvd_&}m0H4TBe=v*VI&&Kr-wgy_+0)~Fd=uWf`inEIxT*wsFH0fJUO`NIT@3v^ z7$W8aIY^@LjFd!+Uv7vlt~_ z_QJ}Hr?J)?+llTwzzVHQdyTd9GANva4gKc+a2CF9<^K$DQD`ciQE5DI5;RfCqOr`2YG7;+) z4%n1Zs+}+1wlXkh|p8ufr`Ft(MW|QM2wwXyg+RTtO?226iN}a z(duWcT@y~v~;WBo*>}}T4n$~ImYF!Y=ZFsK(V-&fnR>U*>M2(;An)a^mn&?%B4*Yd* z*}q}5f5Ejj?iXZYd~ZXLksGpq4z21A`cSR;36*?)@Lf^fp{Z4?5Hh`i;t6r~&v{Sy zy0kSUt%kcV&)6S{st^~(@$LE*EX`s-w`4EXV=i?Z^&9d1&+o3Sy&*(j>jz*nT#3rn z!Difc-F7O`QmFET8dWpgc<9Y%&C3SccRPdMi~`H83x|HZUFzlPl*K3%3l@1x3?EVO zF3+lfs;W8s54ulrjb^9NNs`+sOCDjZb*pv<>k2+DZ|Bg7hu!sCt(Q3+;E(4n+@N9 zTC{WheR5iSQd5j)6^qOS~)XqTavFf)p!H#li@3$E}OSO1+ zIN+E$@HZr>jg@hVNS!lQc3Wi{y=v_(S3%04eIXhFpv+$oTh6qK#1m^|n6nCMXuy9+)=}LToNp z3n2u(?MH&lJ21kb} z>Dv|lsPt~0_eOke*j!!EB#DY>@d8=6NoUCmTQfpw#^Bc+(#QGQslBp|zbRifSZLX8 zKVy0S-orfm`~S#cauu#Xu1q{Ey_EN`I51D^x4Z0QZ4PFtuW?`c&EMr)q^^-8SQ+^( zOmsP`y6b62)V|};o1*|$U#cKwZ8Y~5FAoc;)I3AFbUD0|*{ue@{^)0@=Oi!3uBn%H zB=fZ8DD>!Ax6M8Gszzs2=^P(@ijt-*nDGh`kw2SZd;!;pC!^penJh!$ml%h8`|Aqf zZ%Ia7X+;pQgL3s8SDI|GNlbX@jgx{Z1+haO;x=zsD;kEA&%DDsad zH7ngqehdG28l!>V&tuDfV{8z7^Y?#)6{X<~11>!s)cz-9^?&(TQserQ(vqAY@>!3J zv@|APHm`ffz2A_*`N52$z(uiQeN!27w2X}E1zWxCWX2>MH|S8X4LH%pj50T8J)M47 zsR93+F&2sol|_CNgoe+AFoG*KCB`!*qdHo;CftdqVh(u?buxwu^H9ViGfLalW3LYA zlt#QWJveyT4EQ_KOiOe1QmKcUC$8AWzz5_d37|!dAQw{jzeZ6icWih0Yt}eQHn@e@ zd-MGb{Cp~HmtinyfFAhqRMhH`DgMRASt*hx^UlV0ejNf|S(8=BEQ~PshH=L@fqKhU z%^SW4THblI&glNObzaKfUIFKi4-M{GCk(e_@-r(VM7GYgrkOm6)#MnX^mMe_-!U-- zRlQXnE=E4NdNG`*3!H#Msb@cJ5KwP7(cVLuWPpo$eNe1k!<_PItY zHT!5)Kk~8^H<9`D>^X~dNNx)G*E{^QmE-WcEr66Ms}A~)bnJ?u;uW_SIwyfP<8@F< zi8lABL1u5u(Z4vYnn}s5pq-CUVT#uQ1noU_<};>M*FDEtgu%ulqfTJvxTJ)gZ;-d3 zfdPO!luW=E$_;3t77Yib$BD6rhx^H@@gxt|B>;&e3GKP@!n$fE@+Ein6Yoi_lAgi)6}O9gPxhm|` zay230xhO57$v_k}9$8Y6d?B_p_F6Y7y)Vo3P{TYUEyT(MY6D_wTfPu|5?boU{ zRfwfHp3IfM6-$TZt^az{PD0dw>8RgV`)DN66Ds$^oF1GkTsOG?@pa13Hq(iy@)HMy zUS%`4434ho6V3*CE$Z;I-Ym&m{A7a_N<^8=eR!26()VFe*tDl}xURP}dvRdOz^j_r z%;%5u#GcjlWvLqN(GW?Gpt`Jf$Gauc*V!iBGB0w`=K;vu@}P_m)tNri^sk&TmqVm@ z2MnaflifRG@Sa%9zl1*z&l)$ZvsO}}vf&{NVsn6Z zE4*k7w$V1!1RdKOE7s9Hdv!123YP>R zdBdzSY+mab;HS6nqkjc9)hu7+7ZBS3q+mn<|01(F(GtA}_@%INQ#x}|C2dr1YSVREuo;exsxID{+7t6VZw717DcB@31c$$w z9k^lvE*UDEZ6OX(wVi!Yq4rH!Le=o(NUyx6)m~x-V4o z*U7w7R}U0rjpPR!%(jI4KPV%mcWof%0D@v1X@Q`$0|Ajtqv`xe zsPwmR?iWe>=#*gga5~0a4!81Dl%3;H>XdtmHN`=!WEQF|SRi|%7@gFxwM3-MJr9o# z`Y%;jz90Q#FTlf=u9{CuAKVxD5$LfHviY3bXhs@lgQm?srq$17D*Cv>-B$Qj6L7gH z!zMuQiRsHB#4trv)h?gkRg(O81elWmpTO$3D zYK|S7oF%pW>n7;~{+Dx13JnNMqqMwOKfFtnD-PrYvN+YrXSSk&N0IWxpfYkJGF)YT ziE5&~!0Me!)kuKxqrlqQ8tg_f>~3F6v2C6-t1NR=r`uWfoZXd)NAs6}`9eDvd}U+S z9g9=<(nhwKZVP&JHQ-8`Y3*&jWz6SF=P6*8c9zCI8y&-unj2u+pw-Vz6GGDXw+H8F zSuF*s$C&Yvo@8$@NhDl5B#pYc@L}^!1h6taElPuW`eT;M_o%$C>WauoxR*P8NxrH5}rG z{oIjG-Y@!!eL~h_`0(0SqZA2g)l1(7H;3plO)15u3Yn6@bTWY6S+hI_)#JlnFdWUa zt&ea#%E`#o&++}kqINE(kQ*b>+7EAtAcSZjtab6vvMcvUAWlUGzp9-fRx9MY{o z%8gCdvdnV7-Cp}5GUyFI8RJO*P4{fxrbbo6%}04&H0ARpyZwzyEoLmE5<ZQKMWx*Or2}M_K|4+sLizc$>iv90EZn3r;Jgnx2M+LXaog1DL z>-fap-l+Cq?w`dgyQDR-Dmrsv+X5uHgldx(231abe?4X24)cLDSvp~o+P1<9NJX7jB!d0a*gaTvCpJCRGpZlvS zIYQg^fnS>|?=rIWl0XG6b1xg28vZPs+O(y3#*3C!Xi19Jdosvks+<@ocil^8y&NzhCSGwQP$|E6PQF?lyII@ToROxXX!c z-UPc>FrQdkK+M{$sna~ECe7buEE*RE>hbLgGAzoWBX=ngxo=DhrW)VY$B0|WQ|l`A z8?g=Zb&J(1ZHPG0T9*ohZtNc%9X3jXm8L9IFc!SlxJ-)|rCE`T`fj)NZ5gvXCBXM9 zbR*O8!J)hRDa08os!wfet~+RCx=E6}hLN)m2k2o$IUv~oAxUmccPR3JF{yz&XkNN| zu|o@$#Cu3gQBut*M;w!9D8Uo|D|9ZpyN0>QXf=KQI%2am)d!Inp~oR!&29MwpQigZ z@LGVEL&Rd(f3;}pm%oq0KTFsJ-(EwSLPPm32+KPpEtKCP=fHl3H_jb)GN0d#vd$Gt zk?nR=_djdc#73RDCyz&mHYDVXip&9a-{cB-b4%~=1f9^cfuAe`z#ic+NYJ)0@O}E0 zd3pslty^>@Ao8mT*B^#~Pn9)GX7j*nCUry|pEfRD54nG96Gva`8S<=`p_UoCv0HEW zaM)LqoO03w9SWYda6-yBNzh!#?$bsnOqMA9a^+qJwf%zs8W?Ejc86xr5e#W~{rmOz z^TR(Ni{3c#PT-+Qt4PAo+8kxhSlNEJOW_(8|3OYvcxCtDHE?PuBy^v|70 zOW!{gukCQCe{K(7=Tyhh=%hY!%p(ulO(|hz;e9uE+L)XHZmZR(=$)>e8Wx)RXM0+- z26c2|<}=b}>hw@fy{wZ1t~3WAW8v06Jc1cM6Lv|mTRGg=D)7j8nMEFe$kGvwX??_?uSYaa!&&BuhCI=K#!ZI zD&Y^_)P76&`FHk5hSN`tB=>es%i$EKE#aB|p{}TrfWDSM6M_Lj{?y|J6Smc@ymZH3 z)@6<8n}G^b9!(jTV%v1qx1pLlcfXBKF6}gUDu6?E)npmjwO%6^r#FxH@%K=FwG^1r zm-s2n^rgy!iESszJwA!mDDu5r=%mg`YD^!>NryYbzX|1fOL9+S6B+(@wRH``tDz{s z%Kl!nB4hF)cXNarZ}XUoB%xs)_Joekm{w?d@6VCPPXjX+$oR4EFGDdTkJ~l4F|zD2 zaQcpkU)yT>qa`G?)m{z%5X*`Q#U(9T*M8vQsXg|v!)1NPNnXd#n5zQgZZ^_dvNQ47 z|M0`3uP7}=8?5Hl{1nc3^b8pEv+`9lEa3T~oBa1`Y`a*1KjD%QG?P!NtyS)Qx0gDA zEuSaL=16BEgxetfisvnT`NJ^2AXC1-;76?3=#-OTCzZpozwZA%(cdC)YC@6hhsdF4 z)zM_$+1a|CR7#sxzutIziCi?C(B2FbyEgMG-(PWRrnE#Vnq_W9R$$`iP z##^~{wNaQ!&vpH@DC*kJg+rI=jn;4{nsxd*;tvW@c4Xw;ZBNL=mT^v}wa5jMjafI3 zM{`)^At2Gb>5pyyo5UtHONI_QcS)qKa=f_qy=|Tubc~(cmfV+@n76NS83{~3=Ssre z^-JHU>$)1X>cGvyBlJ0jKNzPWAti&p_ZWpBJOy^e#z|AP7R@+`w<&2=8gRUl@|ve( znYrLGFc|JO-N+NBtLV^q_B?g4gPR;~5qfnVBT0VYf}g2NsIW*T>`lkgq&tU#hPrXv zM*VD4-jh>26c@Kx?qN2@wVn11=56UW9y$^GFq2HSW)8eOPq7!BN4tq)wn^l@%l-Y* zV@a4wSF1Uf>(EC($WDYIQYJD55kTCu5A8<1*;~Y1&*HSM&;PyIi2~KkYs*@|rJ;f! z3HWa|+6)=qXcFbFVUrb*ne(y+SsS#I(&Y|yZHRfS z^M;2TgYQE1x4=To_z1wh)hG98DKl*p7IMp~7S)MkU3il_ibdt>cU;1uho{!G+MV>W ziZBH`zVtf5=_V~$K|ZdGenO86IXRXc>J=}pKUv*x(T^bP|h9g7Mtnx{dKB74uU`b?7ATCOK@eP)GX+l(m+~H z=}n1GFNg7_T&aICv5YWN7r+?#SF!tJf>27Lx(B_@sv>fmV&p4$<&^t z!0R-%*d(BNUWCydf2Cv)pv^pWifA*ONVvhu7Jc46(sZcr#-N1N#dam9?1tVB+Fk(f zP`|C$s{fgke-f4J(1Ri$ixJoV!U7JY=^mMhUmhw;PIhi=URsf&4-wf&NiD_Dhg@At z!udZtqYrHriVpZ|`fHNSns@%owA-_Eu>ZKbLXA{&emEhU@<($*%eM|@P%n$|hM@%d z_~#9kliI2?g=gswrF-+r%mkIkI|bQrH*vin-Zb*1nRas{OR&Z03ju_92JJcs#Rd` zCp(abnheEw!TKjD6>47%D`+9+*J^{bMiv}>YG+=G()?XStCRW_`oiO2kRKGBXV3w| zRcKAZkMlHmK|MlGQ*bnm#~b#qNFXhyw&U*1D>~2?llO{(*Eo7S3~%o`KzD zM!lXzp@(af=np=iGrI_~y}A}w^8stDv|8$f7&G7feS>=LXToq>8%i1{y3y7mMF49O zJ(uOqUEw{5SNwbVi5}rVn^Jqd{b~lXinii0jT<>U= znOll^-#5!YpOskn%4dw+qCToAJ~C0wJv3NTMz7_4+*+7|u`Nw?LOWQzUh;!ZPujd~!;NDlCXFq{ zO9%U?Z(pK)5<{+Xuc1TnyG4pHlY7g@+IoaeCQvWfEFBFQ33-sn%GB!cqU;HSA6@v? z)4b~_1SX!ELI2F9{?ry`hX!)~6S04$1(;r2_(vhq@L)H1GqZW>7xc*CDUD!~@UD%Y zL)TKGo?WN5I@4~5Jp+1tPs(}>ytq&h6N(1>zRrU@9HZRYJh^hqxrjzl{)=>9rASnwbm&T|eoLksm@V*vjeD2JSrOXwTM!V^% z{T}<-phgtjU`W)}d6Gp9RsMHYQgkE;50O|+kw{w7dFfmog`Vrbpd9FyuSCc;fz5jb zIG|I68}z?7<=4$=!R{#~FI}3Q;#m{n*yF~VQO&5{u73ZeqcJWtG@;mKsQwh8r=cXVI<-P~wfYs* z&$3}pKS!%akZ-n!tE0wXoDe$om5{G=WC`J08T*Kb6Gn1l`Ud=b?5>;nXV9_j z92b2Lb8%MtD{xz@zH*CE;Y-ftAL(z9exE9O<4$KzgdHf)VbvWWa#|cJoLpinPU1Mj z(`y#4xDmItFm{=BL6!3yd5=QR&P`)40mI^7rs9TDQ8(d9!)6!?KE`}ndRmI++&AE88j%g$uHsZ}+3s$!*77=<U{YH z2qaNB0M1^R&%NH#xVD$t+U}ay%2)}TEIidtJE6^ae%E1ifWBGv4MEYV$=)nonYd4n$moA($%!t}APB0)+pr&@aX(HEzG?;@`JsbFLyD{sbBS zCFGD}S-PRY1&duGtMP1>zG-#hYT&XeX@2mY1Y?B!hn;;-Vl|MbPRnsu{e8vb(7lfU zgWtaSai?cF&ipUNk=t7KLE9ntme^w1_&M3k@8|W(kRCY;QuwUSUDRQm``=pJgv1`m zUW<2^Y|nS{79U54e$i3d7eke1d_kK51=Le9XOgA&V49LufU&4s-#p8k%mY#azb&q_ z`=47e(s1qnfII$!hm4b11kjNJ5vWZw_VaQ9!P;@<;W(;v@z7Kw{Gj1pb~J2QWWfHW zUcq>pTKf;(r1FuFJ!vV&;_H@ z1N28KoLA7dNF3cRI$qEtsN+LgYD)>*l_BOQr&6yJ1?Ek*Y4VpkvTJ zG}@vDk~5<5ulR?h;^#Nc@qvZ_L+y{ZPtrCZg_VR?PEn7qlyG+tu49)z`~gR6@`mf4s`#jAgJDm2bUm{nzEL%s8}QX|@6 zcTpN+`iwO!XxR5&ClG?a;bZ;@cotW6c}V8L8rLo&D{~ z`$wCRkGAkE5fy}R$1AK63K&{E_iMT;?VL(b%*0&x0Chim$zKrSWfkj*8`3^M?RK5q z>x=6Mr`a0Wj1*>ngo;&%64|ckiW2rGt|iCxFLH7%)-Z+#_w`$oeIG~r0Seuj<+!tt_8rH4o93V3h7ZNY>!1=l6V9AMoLmWLOD4zb=M&}xZQcy9 zNqX(F-DdtxE?M=x8o%SPNNIm@d>UT`~uU#5hsy}^s3Wc({MVG4Vl_B(ze?=*XhUb5BqMhWwpAj=!j#=X{ zqP5|*&q;^pY#Ofw*k!5u8vGNi3Wi<<)j&%BGp-B_fq^`YYx4Z+jgm5L0|V6iT$B4b zoS*FZZU9MA3j^3`sIg7Rt~r=E{i4$pBn=kY8PqLY4)RRNr%~Z9I4L3fpwwJgR$5L9 z0~1;A+Q9#zke&}YT+Lt|NBb4b5PfkD!@l-I)BT*1iszbw0WU#CSij!@rp&CP(O}dh zg@H}6IIZSFf&ttY%mloNIVzz$lsQthrxp=AyqEcD!65IZbSJnVT}t2N(vURYmL>S_ zV;h+-(Dlai>u}QP;MF_@=6?A@!+I(E`8%fm1}Vxe`UwUEz+n9F)S@qECZT%Oqy=tP z%Zk1hn;wPn>LXsbit?ZhH;~&)t!_Da!D@A&iKT}zsGFV7I*f1m@$Fn1 zYeBt4x@c0sw$Nc@eq4^rLk7r0zKdQ{yC=CNx*b0`fhv!M{R1;)D@#!?MW2v1Mbhw9 zmpK>(F}k!GFk;c!p&(C}bA?hA=HS(EH5c~PUqly>GGV3mV*zISdI;W`qaE296-ysx zugobBLYA3eN%Oe*4=Jhg_s;L%8yCm&mK@2e%K!^3XjO_La;L31ovY-<$%t6ZdbKJk z*$TcvC&*X~7+DpOV_pqEUMI7t9J>%5Ymc>9FY~+b`}g8$bw09`d$)zYBrQ-yFQ8X_ zB<0{G-EqXb&edWCo!UrJ z;Q~H(l|xtLCQGsWgE~Pau?zlmQee$02eo`=@xGM#MQiI^9bc#x=PhGW6#nhr%L1m2 z>s}!f=8t+tw*e`Hy_d_Ahn7fWjlHC(&-LRdH`zKYjq7+RkO9to>Bp3R&=agQI0|U`1dNS z4e*EVI`U9|V_i1%S2e14(|v!KQg2@PgMCXQTbF7?nSBfo&P&m>i(y_8HA`60Uj&77<*^(k{LOL{~r#o-9j; zlV)Ay22s^FLkE2aNI3hBHL~vSFH)lz^!=yyq3LR*D=2T?J}n8M#5wlSCTkCI<9#Wp z*zYVao$scamS)00mK^3iMF_h@2(#3GkLdojIJ5PuC2cP3K~~Mc3(Ajdh0Gp&P_IE| zGAdbj?dAyll+-N5!@h{$cVwSkK!n_tP08PKCP1ckqTKwl7q1BEwwpU&w$6rB9tS@B z!#^0tfabCvy%4&0pjFWDvCNM{KkQ~vhm458*S!*bM@XWWQt;W^6x)yXU(KP>A>i&gK2qv<=ED$cs?3tfCi z+@yNl-)h!h7jO}R(Sp{#+!}r3gy`+ zxH&{FO9=bMaN?5FB)$YD#;f_Q2u)O^ zmjxdSXZ90jH)#$Kx?+yKsN0^B0@yv%kjf@5_(QiXxO%4E&xvjsEh%n?2D z!HY1pDYk1xt~OUZEj<@`k9Eo_c5}>^Zw=Iw)L35n6!Y@Apg^z#lZPgLltNEvt@MQ! zK78%=bl0+B;HY6|}~E0A}-=7wYXGflolR2lRm3_m`8Jmt01AZbI-i z(>rlN^#?zfsaQ-52xs;ZaD0$TdaeAj4#2}8=T7fV@jEm6l!&)N&xPiJaDt$;&Um6A z0xYg+A=V?zQrnV~ev0W1u^aw7VF57npq<*Y8rl3Dm$SKx3y~}CC;@lrG1&z{sjctA zI}WuK`GUJt(s6MG{*RQeTQnjP=Nj+m9vEo!SJ}3M;%ea&Qi1cr^RU9zSr)*eGkPMX zkK!513Ji?JEJu8$s6z7whB?K<3Ue7_oQdVNyw#so?=AHNZg~_v%yZjx&ua6J zHw00mv+j?Vh@cq`VkgWee}Y5V^xiB{{z_pwsu!Q)?e>CztKny{G2r^w?KdKeNHJ5B znHqv$!qh2-6PO!U%nz`@=`T}%w90O5vn_c=Bbh5hL6wZG`EN<2eCcfz zRj^rSSk0fESd{T&E{F{~Yc)RBPscfJWlMq%UFA)E; z8_ovhCw|Fp->7zY-3#W!&qupl2f0}`vIWBj#oHSpW-hbt+b-=>e!KFKZbO#rx~lf; zIiO&N?Er+RKDcS13WUEY&K_ZSfYR~iM^*u(mWVC?Pb23V)Wj8rVMK{iM$lmtMI=_L ztrY<&1GGru1)*4DEVN(%Nkk(zAw&cWY_cGhn+hsQ0?4Js0Vxm^BG<6NQA`ygqkusm zArM1=2oW$s2uZq2tJ9zTxqr^i&e@&!ojuR<*;x<67V8qw5}s7dBe}eK6VO1;Ppq%q z)J)#mdmA)qt?sE7lae6!$s{MQ7jx`C=pvq0^r3UN@-R7sq-o2hdU`}XyW#;a z+$}&z)yB>0K7I5XTmnehW2lkS&$iqMJ>DPDYw~yJuDrLG(|Zylc|#u7Z~w+4IUgxS`PW^aJcc*eM+*+ zfPPLW61;|b!qGN{29l!w1V{bjT2Q(8HE+F={u)$Y8MgS`CwS^mJ*W9mnpe7yk0so8 zCX@_4^NHpw0|UyBNAFCR=)VDhjW8EITS9YzlZ=2gB<4A1IMc_m1-LPL{iuD`yeC{T zZm}-9fO0q91#NTlNWe#>|6N{`dJ`6Ia(LZKC0RG#2-?bVOYa&%;ajap(GB`CPS(j; zZBuSq313*E&#tkzn(tAdGt_5cO|nU#5x_7xLob9{#R{FS_WkXh%g4i`FHI{HvcX1$ ztXI!@?oJ#4=Pa~loNhXS-pWn_j4qc41MW)K&(M0*w);a;YD(>N)y}ci5a6wgOzfsD z6R+3JXTr`oQ9LA?g8r~91fOkJn4AARVhxj%IfNFomaGqtXKsNvT8;PF%gd}-aVtBI zd)Zc5KCvTiL(c`js8Gy^QKPOdL)JpIHM5)NHlF4JbI&Lwq zmE`BfVt8bljpDFxaaj~GhmyW|UOK_;Qr=12pxu<;I3aa>fZixC^zT~c=Sz+q^|)rn zsY^fs$HxtCu;Lq5gj#0wb9U@sZ^#WM<%dCmH#r@B)b|H!*Jfj2`cBZq8CYl7nQQEE z+JWW}i`FRT`f&lXi{<;K5?|&q$D$hWHmfA;J!V^(zf#(UP6zG$m^z1JGZFTFjd57k ziX+(Mf%7!neIKaY)b`Nk^Xqnl`@Q;)1JRN}E2d!Ysq98+oNJS=Gj`kUia`6t*=mO7 z0-(lkwh%KDErb{U91dQRY05@|sIiO?1PwzHn*ahN7jIi3h^qzB-wnIBlMxtU}_5})jc z_2g3w&|;=Lyu}NyA=?W8$tlBK>OtFK(J5 z+Sd_MlrY;Fu{E|9;p4>%ROp#>wi3}B&|XJ9(oI-gT)U6S8K8Z;QK_$U!9yXCgmHdf zW27shMXbtWYsu|F!eIL{ncxc`QZY)EzA9|gT!nG{Cip333Ph=Z$I`r%qPy$vk{nR+ zBM(!J89@bB$!U__RoEiQFQ(D%=+c4Gzl{8IF-E>3%t=Wr>Q$s0rLQvKJG&Z5p!tc# zedUm=b-H5qwsYw3Yl~Ele&XtOm#)g)ie1RvTCa9KLF51#6_EqJT=6Yt;T|e?;^`}y zTVZlVo3|4=t$p~&rKWXv`_4QXbccl95gdCT6!i2<&9tXzZ(LSl0=<@~4tOr0zDv~> z_d3Pk)Q*L*rF-y$P_gS->2MhV%Cm%Dfy8`wyIe$S;6}$F`oILjo#T1l2x@_XtrW5K zGEXsd4VG1={*hHg8JQOYM<~q2G5WzB5KKPJ^AR5cllOTn&Zw|li~nIG^7k)>67v7A tLVnY)>VT&pO{H-3-u&fZJJaJ9Y(2VKu)aA#Ot?p6(RjR(Y}{3`Yn z>@AhUVR4s_F?i4&MHBZ~J+~%zi zHhC~E^(ioT3k=(Mw2-+ZH?@YPfV=0an$cBzIh`CNtG^YE4{}GJs7-%xyH=`Jg0-+L z+^9ti4&4YS(n{@0X0BXfYKy1!KRvtMfTz4!N}M&e*$iB%wy_*whE}*>3L^tS4x>>S zbiMTG2YiF@IzTH)eIZq(w!OZ4Y?5?TyAz6G)BMuU{HQcABPci=DS<3AF8 zv3Vo7H!Rx2iC>tka=(ycZw)6;m~goLQrsbSo|CZF1MS zw1i$(UvQ%8eH|A!PPR-cO>b`Yuey27tA4$Adb>@$0mDXLx4IxO2=6izD2blO||Imo-J^@~DP8E&S7Au+?{MqE_#* zC+nyoM#)O`{f*6DJDmu^xAYdaoKc9K~ z_gm>N3K6vHosxHcPBnrSvF#dB&3$KVL(G>R92IAk%3(zV z4b;Ua@1ExopmaBFk#5gdk)8OH33;-JHg^SjqZm2FP`Y%*&r{;^(LIPG8myrjP-4*= z4@oPM&CQr>(POTk@uvLYI43?yIc!Z$-tXqndTK(gocg~WF(T(IGyRbq8 zi`4N4ed`NW(8RijY_nPW$rJ&zq^DowXCWUOtPdE+^T+;QbH&hGdYDR9WP0(*yFWw+A_m*u)m zY$B3oDn3O*j0HU9g1gmsY2P=S-L`gKLQ6K1)HKLl)w>v6^{ZBem;t#90VXV0wiV zwk<;jz-#ac14C7Edu7;l&HYZCY9af>=XEp7o+b>SvkvXcyMuZ`@{nw+?2ML+4jUWh ze?=^EjmjS@|5l-hPx(3`C{2H}nEr^r`sQXacVmU2gK-KB{Haw8P};8HbuXuV9O2qDDJ#(> z0TWfHqSM5pUucTXTatHcXtj+l8;#wt2Rmzp1WVBuboqu{Q~>dWb%(Klm_Ay8OkqPN z9l_2+t`p8kO8EF}eZ4RfQ%^;j8qVkpu;}pQ_TS;M>Vd3vc4(-0KEdX~2kya+G5k+h z-v*}4zN>X52eOvNw#2 z8i9-Kp&@*jlv++yf~BfJ!C?+++u+gHvT)PqH4=FnS8X?;8=W=j5+vnCi&0AQXP zw;7+a6}xbE?v!Cc`PgeQ&(5zu*R;5&5FEzTboY|!?c1%sJBVp_2$dPB%dGpE`34`W zj3G8XN1m-k|3T90ujN1RzZo3S3emF8fGFlXuRAjQ){4Ux#b+h-G7I!vLDI}RSn02) zpCr7K7F<`98ke!kPiMcde0BanTFiY#no*AIi0($WI#e#Ep-XF7y*oR5{%XeEL{(ha zz3ql0@gN5@uYa!I=rO!Pv%UPYZG?A{)eF`KXlrvcq?T(1s<)Bn%>;E$-54+ODHHEI zQ+p3|8>K`9^{g6u)Z4IfYm`HG2U`uq0-)v&GC9KCD!+YoZs z+(eTFQ44fA@%(cU`>KVS99uZQtC9WiJw@qJ=6UDe^uYu#ZaXNI{wWm(8ru?by3+uP8&L|4%XuR5+u9F>%JS0Pij(7r0PKm*5IIBHlG^D;8>4_R0E3#-|<~6;Mr{U zpeW952RUzLm!YhgERGUmhv46SnwYQxBTGmgk*C7XnM&&N{@J*8hYeX;%&~7)eyHeG>%sAo{^Z7 zBUcG>bu)CyMnY&c&fkvX%k-RUv5(u$c!vxk>dgPn1Ew}GRg4+Jqo0nNr^nI$%<9gu z6(8yQ-k$*k9X;D4Nc@FiaHvn>0kLh4T?kQ&QdyvD*XNK_I4H>B(sdOTf*Jo|Mvcrl zbljMYY$w+2OWc9|qvVnsy=Dd-!WDm5&gs96gF|i9%vA0%h!64P; zmFZ(8P4WA-pXYBq{X(=ZI%shRzw)1S8M+Q3Goc}C4A0+?ltR0Cn2ujYF0$MhPOoZU zanSMq1>>D;_FaeB^J^a}6*8lSbA z5Wa?kru|GxTZ1rimsy9L|BdEf4WTW957PV@$=G*<`u@SX&S9ME&p`04zh%#7SgJnZ zTZY%a?n9gaf7ITvSyGO}zm?Tc=28Vv{r&=`)JL$ZzvDmWvMPeHKI!FMg(1LvE<(S) zD+IWZP8ni#`nI^H=0D;QZ7xuY^Y83Rkboa`e%y<0Xq;c$93r{=2&2B;H0sD&JBQbQ zy@fzD^bME%fJ*yrI#`^~_~+W+nqa={-&d&1`xnAeBmRub{aHU`;e#u8GNEG4p3LS^3xGYW$y z>tJMQFqW~7WyUfK&y?@)dA_gL^Uw2~*XzFTbFS;0`?}8ky3TpM&vhqQSr~J${lf+T z060u;8d(DXOgfDEjZ@5wJ8N<3FynD7z}om4puA6biP1RWVQ|X;0H{h~r@5T`)5q_o zeE3z{3Aw+PtNY2#gs&@@X1C}ym32?w3gp7`tGf-=tLAJj zCEE0zIoo_rg4t{61v4|7I5X$7Q|jDLJ0CD{#~fR-lTy0u7!q~yl$R8tP7e&7w7FZn zYzxN0=(w4N7SJxEy_lo*5z>J;s z1xEW_)z`Q{m=PEKweFRpZcf5(uF)?4R2UiPa(2{VqL@-nvWOn3#Jg{#>9Mfi%K+|Z zlbeSUj<@n^Y#gc17^v|CUMdQvE=`MM$3eo0g1L(SrBgVET3TNA{D)=Mfy1<4gJU_E z&fTPzThy2dtg^8p>NGL6RRTK=&^^g9u=vlMmiceGN{LERzsWpX1rZ=QtfGf#TyABi zbhzMr3oUrcvy0`g*|xfP??k`YzzJ=Z1u(q27Jf&8ep{QUq|CWJRu_RbKrd;pCL#9E zJmiA#U-1atQ^Jq)aVG7joYsPF>hQCOj_w_K-*~DU_3}P(-H1paQ8XO)+jyP5bldEq zGc!@k`Jy%m++>t=3D|crh3jwsNcJf2(^f3$qQo;N;K+g(0o09X)sO5H(y;;`i(0)Y zB>cShN&{4MFsfKX@5q7zbM@eRP8ks{sQ_hB#6(Tp>zHelJmFU?qJuXKcbj3N|NCQc zt3~Xt7Z>4L!on%@vJFLaw0iOGZ*U8IkwU|QVm)g5n zMYxJQET0}ogKt^J?2LvEQUVW&j9x#{ul~)CZ;jVJa>MW5-m6bj@DSo?;5I7hT{+7Y zN_;qwI!5ZpuHV9dj$8#SexvU%9ny$F6dtzB|Zzd)*` z%lB$l9e_*!4r^=LdI9pagi~jWN4kE|!VZG-n+ydGGrPggts;VpKb;RZgH5di|-HW;xu-p_qAn0UOUwUUkz$k5haNki@`)&na=zj z(P%!`HL>bqEDkT8Q{WLiG8(zftO{lRe{Sp%q>&;;^kf7qFNZM0*G>>sa?w~#h&T6} z*J>jZ$%#w=1*TG*d`v|;po>Wr8dnMlYJNPHf{D8QbWKMy>)$SVrPI%5y2_7O-+4~_ z^QYb@e!_)3hZ|?pUr*w5)-L3OBn#Q7RfMvXX(x5l6~*!5I-$gf6OEflx4Sw27_FKi z`Jkv*UQbt?&zb{r6jw&UUI#)vI9vlC)bV|gzLstf{N9y?sWVu(ORL&$s_P)Ks<83K zdREba?0RvQ)@}b%`kvr)Te_H!F#VL<6F-@=F6|d%u1SFOL#_kX=(8BY%N{gyX~yGQ zKkEA*e0z5C5%tZZTjxPgP?AW=$Iz(lwXT8&z3c$_K%Z(S_%x(CraDT;EvS+e>tReP zd%A)PNMZuCWs@iJ4heb<1z_#rRb!!dhPof2GP|nC15B7rT~_%f>hbyV-VBs&==A3= zyy|S6I_K>DyB11iGfz^E~yeFO!m?R?XU{xd&{XAVFFdHR2A z-D%;FRYZl@>{N#tL|+oWtn)2Ox_z99YvpVnYlui?AyxJnQ^Vz#BO${Yw|Lf$tdTw| zUasr8MiAOf0HL2A(o)VmTiG;bS<+B~fp@^4o$&={Ylu!X4sp?sYb5f#u~;?BwkqTY z`JABzT;+T%+Q54U-TQROIY?MAyyW}$X5+Ej$Z-cV&GO|r2{kEy#5E+L;YRt>0oSb; zNM;}9`mykiuoqNGtYUD)D%r6}^H6fr5LhqS$r z)q^gJ;e3amWLH}zi4-O#WOgF5JX1_MCN!g&EaRTAh=OOHN3!z!o?n@p?fjq~OX)>i zN>dU?jk95Oqt#f)MIZMCZLlfqn(o6Kf2eI5FV@(8U=RP&XEyJ_WZqiM!Tb-IRaBjT zP|3txq4Tn9>I&|w#+&(cAxX-0q^iF#p~YbF<0GW0ElGsG>gVR&G8|9YzTy*{EvZn6 za-3>^?~brw{@fPsJ1_&04V%FK`Y{xLk=avWw8#SPO}*@kSXM&dlZr#8H@$O(^Q-Pc z;Nm`Ed5oBTkB&0Fzb&A^?Y0kc_vF2M90NW>+8XgA1{C=Jj0xqFIPH5ype|&N=*1sm zGz3cu959}kqG0MULJ6tt-ZizLF#N@KA}F1R?vqVKJ^~_OyEQHGqLwF}@>MCeDgC`E zE6(LPC`!oVc##0!8b3PvRlpl%DK%4)tO1ftUwB8vK#epLnh;I+5=W$D1byA(u}7Fr zoLf~RH`K&BXlre{;q4fD4q2-24yD1GAOo$aN+{_|{A_S*MtKK&KeLZnSgu*Ek5kUe zEhBl;hhD~Mg~*1}jO9TQ4tZ_RbV^UiYVh05mJ-!hc`Ur^bh1hF@W?7<9cj zuV0S%?ayQ3v^lsVL6TnVGZK!N>)NBGxM9MB6gVYNY6nkjT$w56ju2eox~`4ibkD$i zo1xtCOUF7>Br}L?b+A#5w#14XmP&d7`c2AZ_ojJ#tI&_?^vZGG)+XG)CM*?3rMG2` zRPXG_4&W^$<-!o?@a5Siw(@>9|Dc}-7+m~AS(SiZDB&QWtxGC04jU<#=G~E9MtE5iA1^+pV8oDL^LJt& zEh>KN*pOOD#(lDOqN{EdvI05L$S5Q0T&5fK)bpM9{L z5-Qy%Z@uFOAw3F(|0Bfm861Ka0kGqEKFGaS;` z*eliDAY8R)exzpS5qSK4%%DVOPI9Qrs8mq;&1!r=r*^KlAik#Z`P6U9)&PsOmjJeW zUeNXOzephmp1Sw-xCn>=Sa?p?ZT1Sn-i8nWef`SJCsHlwAreA&e2odLjEVXa*%y$> z1Bx7!drYkgJ_>UDw>z>c-m(PKFMsNR=i~&LLa$o~eW3R&8B<$6rr?NQH0IYe<$g{I zsLh;T;Dd_0_=1AoEoPR8*w z6<52BwfZjWxknZ9H=nbC9eZAtvtq661vz_y7gyNC-oOk!ym=Wb?ufeiuFDPAS!;MQBRllQm;cZ7>u>{tqUt3RO!z~i> z2eaB@BcdLiY$b2{v7{7P%Cj{zn{%KF%WQN56V2 zf2M2q8lEwP7 z{V8oyp@%iWG1&)P`K^XO?nxkF^A-Z01G6srRSH^S*< zOZ&X?1tDAihV6vOc?6#HPbppmO9lE*CtGd|r&BlX4HDbci;An9bhsq3S_l>lMjgM; z)@-$1_Qp6*y=bvsF^zG6s9EKv8ElYdT;Efbxw$58q)LK1pt6+uYiqE;OO)~brMHl& zbEAquT>aIRSx4yjp~&q1wz9uWaux7!d1NAhe$bk^adG*CTfu`jsCJiscH3(w){5Il zMgqr(ul*OYX+uiXf4ioX6cDPRg0YGJ3b7QssyBxF2mu%NPSg{j1G^VtyK`yVH&=SA zCQ{tJ>wVNYmM1<|JmrY6KhVkETyUSDP-7NUaPL}0b=Sv0ud}Rid`ai7aPOo3o|JuJsnBY{U4t^$hd90Z=RqT_qf3Fa9Cq{MfDrd0n-enT+S9{7> zlbk%|rrlm9iDi9|;WPR&rC8Z{ERwBOA=aw=(-o{~6v#9V%41@HOMPzhRyaaPcmycg zN`~ICQVY1#aWZR9E22h2-8T8G4SzYjUzHO8kR1gF9GK0G^%5p{T30eI42<+;?LVh0 zgosVV1WZ>^5pmCgucXYvO#1}90oBS9_9}%;mMj)CD)LL*f>|GupL`J*U~LT+mmz4I zLL4;XRS(7zPDoLCc1u1gt@BpQK2uI|dANytoHhWv5-`)jXY$!OJ<{f zITZtnl(JM=G142_Y=wbiqP%~N9TR>FIsfF$sPqs3wHN*U zj>1N4smZ0^(e=RI72et%`N^N+8mOrF=BpgN2THENI|17q_aFTsb$qx}6ZJ+q6g zVP*3ayOS!Mk5p$U=R;axOxMJ!vf1UtnKo_V1X0}I}>L2POg`Dnr2)RH>6BLo5eumM4 zc*C=3ndGk06r7?uCuLNe0ki?lxhFT9@Bc{NB35JYBlRD#O-3o5ovbqXUqoEJ<*yGZ zIS;Tif>nSvS~VDT?T3emS6~nX<{zQPEf*8P{j(-{UMEaGjB09c?TnSUP^o5HVRr@# zwcU@o`6f=uC3EhYe(J6}k8So>m?UJ2{XJQpxH&)BUtO_a1fD^$8CrBURr{RAg6sVG zn`ac~SN<;m6&?FXGiY^`eSz>3Ze6(jwju($?(qwxa9HS5&jEcL0i96|J6%ZY8o@eR zd{2;7fFaixgS5k+#iY;#^AA(K!}|L=qdF4NNMFy1tND***PDl1AFwl4ee4I5LykyJ zHNMjy+D1E};x9pb*b_aQg#sZh1J*CZkT;immht>m<|N^BFMR9t8-waiB(D!6^PN@& zHRBsjzM`{j)fX%_x5NYCBYv)h=RLYsfuwu?L!oay(=DO@;XN@zW>FRHAx!xbsF|!9 zkLy{ zIofWnry3f!tiD}8nKw8h-z}N7S%?~Ztu&fGf_<>4vfrtX=>$HeE=kzbUrBmvxC6NN zvEF&5xQ-<+Fs)bGnR(K#=SSJD)B8b~h~$}Dz6+WqydEK~LxiZ34#WRZ@^Ttf?6{o4}mH?0}W$gC}2b5fj( zjkpW(Njv7DJclYi4*ncte!@i4vxN`8-L0VYIyZ~%&+q<9p8=wpULXdD?x|sRF4szU z8u}pjXQO{>bcc6$fW`@eepokKg}P(of-mSOGT7b%^No|a9Ny%gObavo!^|9{ueD8; zc1GM@2w%}jGWwm=A;f=NhRkR3D`7{v82I(z8F`a>kFR)AH~vFIZh@u5&$S<%B$|I6 zXgRw+Q{DGU$_I|_{b-J>YH@B%_w>FFuIA-mmIT z6@0O2HtH*PiCTx)a1BR|saH?^H;ryXY%TBiCH)$=O$5WvepbK1IIlp?E9;42LGn(A zwy3CAmgSP97cj56kd77W<=ZQ!b)nV%DQRB43?5alZj?)^@TB`sFY41x zH*bAhW>w3kiNc{g&0wiyDf1l5YU8Z`32l}XVi4YJgmsC@62+BAA0gIT$c>2KDDSnM ze)cknjrx2jP3h*y!zy+QCrAE--_hnT&6#_Wp6Tn2z-g1A;t$$G?V3UqUVq=4`({ac ztS%Ev!y}t212-1MWF{U}-4v+Zi;1G0E-O~w)zzu~6jYz8jF)}@)W*H;5VXNmOe+11 z!iuNWC7;Y}p^x1Jd*7zL${X#HtPa)@&C99piMTapRL)Ut$B0A`7F0uzMp^6%?)4tJ zRGl&Zk~xj1nubdzbByH0s|W|a07mKq9h-ib2()XOK1R*S1fw|dxLq(P_V`KM!F)nnim%T~5S|jEtx- z^8Ei~f=k7zX=ehUBl0RRAj@9dbvW6i1){8%Z--yEvRbqk~NYY(FT7t4*a A!2kdN literal 0 HcmV?d00001 diff --git a/Install-Kubeadm-Calico/picture/7.png b/Install-Kubeadm-Calico/picture/7.png new file mode 100644 index 0000000000000000000000000000000000000000..2a4105199a65a058487b3ab362d621cefafa8f30 GIT binary patch literal 269564 zcmZ^~2T+qy(?1F#AksuoI!FyoLhl5S5^AVQ2azD4^d4I1y;teIiGT(K=^{1sDh8zY zUP5oV_}+Wxd++z3yEB>O$((2AoIQJXfBV}#ky;Qi@nf3DSXfxZD#{8vSXd7~VPQQm zdW3iXk7e<#@ckFIs}A@TR`oF5*8RgnYdH-$EUa(wgf|wr_s;}Q%7(63SWn&leX!@> zGkRfRVM;UfnMxmyu;eP1f??(VMnTEkt_$Y$I? zjUL(5+{{w~&B@8}|5E#&*=b|qcd82r*v4{2temNKawbHwW7sl+8 z@kYviui$qJQ+L3(XfIYB6=SV_TJQaOoo^XVkW&u0f7U|cKu6;$EW+#;ve>ecZhZaZ z-}VFT+;++c*cUCx|3AxzFAnF#;T?b9eH*oAFXoFkvy}zQasoUdVadnfrWoc6&2iNX z46L<~jin64mbk4>HJXQ~eXxA3r`N(U>c+c9Fb zZ*p%1xL=Mp?oV>Ye1o9G_ny%zuzph~p`d*P(2CRhAQod3$K3xLmXeXaD$YS^{YD=| zssQ84D)FA`(7RXmJJ}G==c@$nKSKW7hDW&HHbcRXZBP6s!;IOot(R28`H;EJ-<%w< z$5Fuq3T{t1uK5EI09|KZ=a=J4Z@0;h+teuyTkmU1cvG<>0-|EO zI2+`xLUAe-WR_&dg*!w~*<;Na>1~Z@1O92H<)=2i`hQIwQ)vSypzVD!Tr}^*WwAmb ziC=cVgxd`>YtMYbO|$gsQzt#~Kj7|;E`&tfw{+d=@MEdRQEV_fhWV+_m7~908YAA0 zli`z}BaQ#r;wvS0zWcrSf8}PR(5lzXczd6$>0!>wpRGvC_&D7%R%5^KP+Esic3Jkx zdnd+I=sZFgfRN8k%>jib!vhLM``8@=0Xt&T%#C zZvXj;6r+u!(3=BgZkNMdy@3~z-9GJQ5jT`SPFxR2%}WyuCr-x zM+nYiFa-%`wgx)XP*qa1_nHynG1G{gziopK05j}($TU7zMq7FDASYlj!;zsu z!*vY>^#5&q5I*f>;P&g9|A_+^jPl@ccQ-eqc)QFo33IDNXu~{N95bB)DJX3>ZZ_G} z+Zj2*YKnnb34>v!F6}s}r?#uQ{lr z{>*_t3+li>V>d+x(7cR*)>=2DPm=A06m5z20*v2}L5mc?`k5S(pC!}!8-s20HO!Oe z|M_7`kr}{Lr`f%BzTk9oN!Fm?FV2`a&Lgu^bT%2OUL+;4H7z#Af964(2WW^7Y(y4_ zx3Ny(O?#)38Wq&?@Q3ZcZ)_w!%x{_U?TLE7ZWyhPtJwjp5j-9Pot5X)o9YBKkBi+N zOuNqk-RkFmzLEN9bBgWv?07D%VI32M87+H87$RaWjCZ`zbxC*G#gFVc>*;AdN=!DG z(dp@PvXaJVt#S?9mSMo_Mk_zS(;2my)3)4suB4YM6T55Z-QaP8mVjNICWZyI_nT6p zPi4{YB**Q7_CgToB_kR*5Ni`(ExPe~(JF4d)gb9%)f~iilyQV{U2a_Qa!6uHzAkTP z*|zA$%fCb3EA4<_UrW}bNkUJ*>~xF42kR)?=_)6UcjKk+2{2(P01JW+dLUuboG`FO z;r;q|At7M)-7J*WKF#iyIH?K|1@$f5x5kf}t`U$LS6aI;=v%ArRsPF;+j$H;6Wl)X z&o}Fd->=~DnyUOb?_i29dG|Ry_B)sW$1bMIQa`U>FDHkq$hc+mxhB@$;gyTwFv~C{ zRbi$4?RdqVwzS`8bhNp$$VYz#zBx%z6yQ#Cx;vaVTUB*pO57mKN&PZc}V$)Zjkl;;w z31$#SmyQ)&7bv?(=N0`_H9WO^^FGTRNTu3%_!%oVGF&rl-gdQZrljfeia1Qxb347` zN5qT(#QqJ9jr`^C2g^^$1U3RpxqLBfER=rPV`cwyX*yA{+A^VxA0+d_ zb=MT<6KzXO5(#J%Uemv&Pi<;t=A-nMC%_kCid%I(S@f;Y8i$08PJOOvSg=^ll`@XK zY~)(Q$q3o$t3}=Ol zW6`KfeOAeXap;EGr`-c<_Ul^$xk2fmYI)JU z0?e%uX&fE>YrMT*mk)a?q=AMqC^JXMSq6|z@@5n&^Q^6gzkZ_)$<9M(`PtleR~K`# zoq;Ox`0-^+;xx>%dhT}_=@rFgn8=aY%H^MxWa(osL@y?1H_bSy)x)!-NXE76sY{57 z7SR1l@X29|+o;lNq_aSO)1>2}!-4bcKOXi07|p6#9bEk{yh@QPcf5+6=AU0ZYaD;3^yFOY=M0);dS%{~z^1Q9m0Xd@ zuF%92r}zfHj;WzH)s(_I`(d4Q8Fk8CM*ie8U%z7*ZRgWm%b0GnCuZalSlw0UB_*$_nt`Zv5@iuTGsN`<&%0TN z8aJw&9I6V-RHd-8;~U2loa1L<-W`iRVtG`ULGYz_nqZz}CT747j2z(aCzfx?ST}qi zRJVyW`s)(`K+8Hkmo}%>Of->AjNR#C(T(e}fH)i&Ycs0|b~??_@Vc_Cx7)iB5iGg0Idg@xu)-G8!`e<;CZjFO`*<{D zkKFfufx@X(?7V@Z_0IiB0nIQaL|$HkU6uPU>St1MHY~uAEdu=IzBTTFn$4{}O^@RR zM6k+_yKU&KLq+{h!5(qHvbsKkUXPp>9-ZcFQHc>mke!&L8}U5Zv$G*bK$fs*+Q86n zsUVzzYqs>Yn|{lUj1%{JnAnYZkqJ;Ah6Ppsb1*$`K^?N3N{{`%I zA1}CK(V1Mv?tZmt9bz>_d-voY+X&hd0+MOvs%`E>XOv7kO@RRp;*sVebU-@#{M z#ZKyE9ZYRbKuKo2X$;RIfz>OZ(BkM~-;MB$_iGt#zTH$oz685T8~R?>ooV>6;kZyK zc-ooS%a|h^^t#vQmC@jqEur_aJme{qe ze)0=s_*HRof0o_u4&aI*#6ol4=7`n>&bvtb`Ew~WM_EUF0`bLAYfnqDkf}6EPDKLL ztx1tyy|S3uqKrTTxz)>;U@7FBZqDy> zb5UUMhZlMk-2Fs)puZzMW}d_JXI=b8W!viq^3Af19lpm3o%q1Q&N=2dOyRdX z$#Y)O+fVYAF0W-C$CoqCcT{@q<7?vVHT_G`%tmc;`5NP#-u(k)R3!U9v9bl*^JVLw z)fCn}%m3RDle_VlxVsLwU7x5b?3d|%P9_I9mo@pg(774S=1~_}Gy9b%|MU$S^}zi( zQByefgxNBsPtfX`@93x4GQM9`vZ0`wU&U@kiA1YIvNQ zB6-`TQAcI0lItN*^Scj-wX_M7-zDD^d|GZl;0$~%Xg3+y;}~J0JG4@96Z@nPK5e?+ z?ZP#ZcPX1P8^Vtykx)jQDDNVJS**gGuCt+zzG{ex5mJ1@ycW!mGcwJP$1tzokA0ZJ zW{VtXv%#nt7r~aTHtMt{jEuW7M4*S&&%W9?g=>09kaY{$78pdmxoRyk7WzrJ=v#I` z>(&wMFSi#*`DD!D%zb-Lt$w*536Taemr<#W9yv}4%h#z-f7^1)Jb#NIg^OheRU|*+ zKUGW51&e*@B0c-D+=#Nw3`vR{5mrFKYv#mb ze{nxOWhF4u%9zTgB#P$^|^P9~?><`D^-Q zYo>*6`|U4eg86eO7^)9WhsWBDh_W}|rqR7DzB=M#pX==q zGC!e5Z$K-ndFIQ9>O#far)q{N*K?U%Wu{%Td?cK|eue8GKx>BfsZN5fmBHvfmLa>MC$9F8S>5lgq5XxLn#LRifp~lxZiP@1X7q}urMn< zHuXpE^rusN|Ks+oo3K|y@*(`s@tqonl45>KH{Q{@fJmxUg<(9!FeotAQiX7+#n~!8 z{-!?rY`o`9v%F!69R-@5-trYG2*OZTeCl|9*uQcsaXniuE z^1(u(`+yWf{&#g(5&j()`R4t#X_g|NjkY!=V{#JvRl3OwoVkMMW2KSjs@!bXMKSg< zBfU@}MxQS+nmzcpi^uVaL)oV{2RQ4Hb>?*XJXa?#LBLqp@=cn$bNmr8>5cbIe1y(= zu=cB2)HqkXROZCH+*LyRK1T@pO8|esAgQ84(xGC_)U>L{AsKQ%i`MT=n*Wj*XB>S1 zIllD(H6{D(y8$SUz(tN|UFY@dx@MdJO8mh&F_>8VwN>>QzfoGBc)Qp0F6lH4IsKac zj3y^U9_I7(-R;*+FCG+2Jgelc6LQ)G*~2yWIND>@w4uQ^8*n9aQ2_NT{8&t)er4ec zPxsp_LhcViM4WnCk!H2wHWWjB;=Z$f=g`{M09w<|beWtSyH@vK9U;m6^iCytffEX> znv+vO7*>Q72kM2x227_y?67Bodx3Y;7|u8kR#J?@B+aWaCaQe)Oxn^x%gNK8HX zl#qFy@2Ve?J%)s)NHgf*Wg{(TOO4I6jX4*rk7?;`Q2p$I`dOMNf?M0Q@aKih zt!$pI(&$rQO2{B>n*0?dabwMK!-6qrFd$~qxhv+=-=^jPgRXSzzWk-!`-j0U6 zs=#nWz6$BLj5)&lR9+h4^ntUCqp`aqq+`aV9G9`M%DL@r0K;Z*y>G0G;6;~<$^;5q zgYD%B;hiuYb-XGeF%@N?0Zp%anK<_Z$#%KdbJ_M$N;-Fvn(%pG3)l=VHZjT?fB9Pv z_Ao`-`ImZcL^6b+^IV%c9FUXZOTMn$oA@mrdxpw!M3>Khj&s?P>WX?tEROI~mRoDg z$J<_uO`dwi}^A)4V`9-+1VG%I~Nwv!p?KQ0p6rt z;{}L_y_pYnnq-O-uXGy5deNq1?C7UF^3K;AQ6-`&qI9cjY-Fy9ZWP%5s5nSrwyEr6 z38MT_ibhD0pqPkV#mFi?Rx_c*HH2=}Tuy8d%?FVBI|<~K8{-#*IzrMdwwz%ztNZCU z&92fvEOVoo8>30lY?4>{_WtTwxw}<9z2kg&@*yPBaI+>$1ht()Y_N*Z-O>T_x0xW_ z%NEun0kzrIDk+SU!^X}e!0gbadnDB1$m&-)^k6|0<@S9jNB>uyA#%P=6R}sXR=@8} zWBHLy@+>4j@ho{iMmO0WQSVjM6lK>jjfnKJU5Uu|UylyX8E3h==ZoQnE{Dnr-!=3X zd@pyBa81kFYyf_Y?n+%QV*0I`F2=#YzVLB=8K~PC+brgm>%7g00d(esAl;G@QJZcV z>qy7rG~Z}6nUP4k`{$-E7!}Z~NQS$AL?DY?TPWbp(8W3f`JMyLve2>kC7;Z@TIV`R zBR}6Y{xcb@^-kNDbVwvJ79%U;`VmM8Yk}? zVv}0po-$r_14IPP+;kAww;Ma=ewl!Gzy^=o`}|n2b8XFN(0=Kp;N^$(O`0Oud5)vH z$3g422D0G?@j6M`@YCh{Q` z)7I%SLYyxf>t+PqKAZvQlzUR=T%}*r}mBNahp3mNW=@Z&nQPN+2lBf_tK}9yz$DPw%tK zG(Q6I$lLapz1VV0(x7G>X}7UHVXJ$XfKM0SL<;mZIb=jl-VA-0l8K-AbaB_QJ&m7y zYb@pE=74x98ny97GVL!iC9e{6-b?vJzWzU;`_Lx$Fadw)KV&{jFqlxe@pz4j!(B1b z9hcOq8XWb4Os;z@@tOCyQ2*sYFpO032{<67^Ho{3PgndM+WnJ1=LnBI6vcy;xN)Ch6Rt#1ezeCH%z$2brQqj7` zZ{x;pLUxHZ=cxkM)cJo4JGzmUo33#uK7cvVB#<`h8qqPTsi(@_)j~a`p5*<&3>P4u zoASh<6RDAd0I?@DuKLmK&Lc9oz|Oz6B@APAgGtC?Noka2e0VTk8QGtmDr6}{rGD}$ z@@x)>Dw*#8lh+;ultY7_Ic@)SJuoo#5k9TDSW-jSR8FgP5glvIurwJ+fLn<(7YR0& z-hQYLw5jHu^{#|&m^{BG)n=qsi|-jLx@yv!X3z9F$bL@poX&ig^!oyS7Z^zcT8{8y7-Lv>IeRqYhK8m`0uPD(rOs>+^6*@{{$ek@CxL5udqALG zfQ-3U+-5sEvVNs}aOA6Y(3MqZ>^s3D@RWni#jt0RMs|XoeJr;KRi3*h0v=sGPC0Rp zC6_7L;w@9n-Fj-Zv@S#2ha|uc7QUE(nWJG0@e^WVi}}!VnU<6;-`tmbuI65e!KG%XHs#M`t=#)-O03w<3XdldzJ*m>ieet-E&RnKiE)! z&3~Biz@q;_`1mb*-G>&28QdQ@jETFS_C9qiFXPR$yYb@eYt>oe{(>Y(NV#XcQY;n26*S6t|B-}Y|+Vk*K*R5Cw~t$e{ln|YFB>zc^eDO z8*jyDjPdWTkawF?h`XgOZ0P^{}9QW}S<#q>qcm_w$9Bjqpk=alBIH9*&9_ zvq_#O<;QAHp>2K56n>8E^CLl*ibswfqw;lQQ=*aaHQI)wpjT$k@h8mhp4)dJo&Urq zA4qngt(m0N%)fs`MDsp175^1+8^7PijRGCSZP@X+Lm^Lr5&o`iTK-$n9)3$di{~Up zq@Y`Ke|JwTVSle>Qg-u$ljj6Ag;X32MAo(7LtZaX4Q@;HTL6X(Lh8HjgpI$n_)$UZ5!5xWD{1%D-$+?2{Mgb6*Q2%(0hBn$qVsbX?(x z(t4_OTR%HWVbbrKmd2GU@3zJyT+V}IVK$>b(EjCL*$x)DPC%+T+VbX}A?J4q zIS$hiHhP>DXDHVl@skYQ)0%X8(9n`ORY`o$a=c4Hrw8wj(7tN3Y6%&8ygVdM5=3%jiYRpRGZlMZnS6l43v=;I zD&SzKsp0ny>*2u@z&k2Qk3Of_vA_~YV|KCn;gahp8|E9=k>3sDGg`T!M>;f`yZ&Z5 z60WJxof3h51*Bbd=?^-!tX{tA5xU;}(&UXWr^~ZDE8@3a%>IdV8$LzW`{TODK=&V5 z-O`CSvE{`Til3?J<~hgE=hgd!xRg};n_=(UZ42V6}jmO z*Pp@75m{y3^E#W@*5;*c&&~ZvMX?RHQl%OP>t>#7hyCBher7pz2(tC)?SG0lVH{y@ z9BDes+V#ah3NB*P3%&moR5lmAZz3v?xnV;=W&yNSJ8jto+QaZ?h809$!bDb%V5%F_ zw)9Sn-+QKJ*WWX3+8nBqWPwM$=!bmvWqpzmUwLHbcQ&-Cx>3=v+H&Fh)StCE!F zqM`J{rMEUzhJ+7~*Tf|z=%%%+`7=4p&)w%15(t}HA$5_}@A7k8vvsD<(mZhXr- zDs6c7vP&u?*!Jf}F0qJ;M`_OkvKMHp8?-P7oq8gO?(dSG*Ilsl?A6UZ?@2%ixJKJ1 z&tbhE92w89L-z338!}9zP*$y1BjS6|-CFA>YQAlSFpDdB{=AO#aG{Z$lMU#>goy}2 zFUdfKODiGXF~5xP`m;?W#`1t|UzAQg(`Vr<&MAQp&OgoI?}Z3e1o&``InZq>5LLCd zts7I{iOx;V2S>s#^Mfa=BURNFUP)eS!5)%dYw!=t?n*y%dzdX!7GM7R;>oMQDw^a= z>fc4^*MA7NSf?t)pGzFH$uOs|Lm+3vq^!*_Zxg`dk8Ky;KSh^ei+ea``$2)$ENb}h z>*hs5^mQXfueC9yz2G01F2~s#U2x0$toF1zE-K#?wuMS@ju>I=$`jI znnKpx`&h#eZfC4Djeg7djR)QS*@t1K$#WpVdEX#cUez-$&YF-+Qsa3z&P$pS=qu|t zyq7e@VY5*K?6Vs=_lVtsn*Tth9y6QlXOjm7-@HIQD?BIT%<3-3=0H)2o^M|Yvq)H`DR+-C9?}k6@>!9o3%~kzcS|@}`#W?H9Y6 z+(@bd$_H2pIYcBbTw?4%q+w~@m%6DKyWi3}MBvUxn;%Y}Ic}hE0K@!dd`f&?Z;VAz z=kfdBgW<_`8`Bj)Xg<%UVB6vw<^>GUOy+g#2(QM`ch&430SDnW(LYisLxFzh;;&sB zO~z2H<&+XfH%68_lsn(;xmOI+z&N8PNjWj0hK9$sA^&gc^Ih|kt2s8^K?2*l)v9S0 z?zs-uwiocCsdbI%nAY;e$PugMfsRZW5hG3%1#?jf?53ygeDuPh=5>xq7UrvL8lY9&M9hA|G-Fz9S;mSi`e@h4iwUtSwM9p6Cd1RXNcPlf6^1OrrOQuo)OQW}q0UZec=^p4f?9 z2Q8L>fdtd$$-XM4VqOnkf`=aj+?jdVAsl@h_x@&-90S|9%>tZ;a*VdmuQxWS4^2zV zjbKyz5KQLBORBDbRTHU#p+W+!dP)Bl-qVbUsF?CSu|Pe%y?JOSG~JvU!lSj_g?tE+ zF?T8A?@8Z%+@5XCRnsU+Y5+wu6Ec!wZ@7ulVb!livWIb2M(obZ7aS_Aa8Gnkz z^MTt>3#&%++tyH;W^qm6hiEks<+IQlg{)1@p2^^(?=rWXsJPh*X>SK_)7C!Tv35U^ z{+(ZuWg=_GHXr-6|CO=`8HUIy0&ri`+#B*^t*)8JES3bJIJn>qL+4kp*oN-~KV0Tf z)JymHh{!74$GQDfsX;rA`z42cQ{1oc<6mP3iD9uNu;h)?6z3r_HuKXpf#wpv=7Jsf zBB&Kx&7@$t1`F2OS&Fyzk4N!k{?tC7;fY8ji5TCj3+?$oLMPswoA>l=rWT~u1&?@7 z0*L4nY&IU=MWS~S<-@Ok92CRV; zo)P5?GNfAOJdE!Qv0eI&4T&g9(AOM?e#7Wr=e!4`X_in!*EJv6UK5aC0`Zgnw@8DA zRaWMT8FzdeQN-krv}?|Jl8qzwOiLc^ysNA=`p;!*N_gwspu`i~|1#kqolWGnqVen4XoT4#MiF{}EG(5rnG=CeZc z@@RhA^A#FDoETTstge9eY&KlQ{E`fB%kq4>B}HUG z2ZdCW3fq5u%lfU`kS#AsN z$pHg^{BTmKGXji&FI&KJNl(IOCMaRb=&LS6LD~|7S0YI~OCy5;R3u=2PQm zkDzu90*G<>pQl5kHHpDkhjsG}qf<3kg^)b`9Ebh2JGtRo8CN}rtfIqYOCSyr0c*>{eAMchMI)iJMb49opCPPiB@L)y|dI>&6pxy^G-aa;YLCO@FBkmjd|JY<)d_R%tKl>C6Q z6SRZ?r@mx2fj8!bzMd(zw#0b;>ZX5Q%A!}%%+g~k&6;Cn{uRMXQ-KG6#{zX&Sm_vw zif?v6*S9f=h#en|i&>$yzuYrC&p^!xC|FesmiaJo(G6RKF>_C5zi+qv*H<*nBJ=cYllESK<7&TQGkhp16uY<%|Hg-HHvnK|N@R7P`! zCCM7Yb5E2&SNHuj+GdVGd%B&yBD)w|k;Q$rl@?-+MmL&@bdZ+!HtR?^2&!@3qTw9l zYBSktLh9prvtozzOQSq{V`#%ax6+m#YsW=em$ZN;fcPA?h<#ebCJ`Q;a5~fiJ2Qhb zFBpYZZUV~q@tzaK5X8QWW!%7VKMCdW_#p_K*~g>bqYN4m<7D;@a*3jIB?6EoK364; zzdym20Rr`eg;F&W=y!h=881!;ua~8Qm9}Mj8t&mlDCOFvlG3rgXJsxA+^nqs(cMq- zxD%i(?+->>ljkjQ560j9e4eR{KR1dybnhaxn z%M|EBg`P|E_HVCFgJZcp73KpYNdO}Qd)r44u_3#;2i@vfqBVxJZsSWvCimH>$?uxR zxNlPVLb>r0rf+^F&NzTa$y%P9h}Z%lBMGs}y2toH{08E(XCw)KB3jj4e;GUTMY7Wg z59$Iw+WBtEBdgm5MN-&5BWE8WidJSMlUj{NQh22q`R`yBEAE005h7#0@i? zdwE=ZI<%%(TYBUWPhV5p-MmPRrdkobsvOt>++Ka$GIUMaM&9lYvjwhsrJM6)dT4u} za=SiL>%5v;C!zD=lIfuk7~Q+w@p)E3QfMa03aBH_39t&-e6p`FhKbwf_5A#e=+J*k zKIeo`+Xd4ibY)q;SuiBX0P*N67}uDLAKgbw(H2MJK|yqU_SA3V9*HZlR~(3AosPfR z!Yw+%l;_3PZjo-n{45d8`)VSld-)nX@bCuf8y1v@BwH3AwZB~ZvEVs>-iE-fl^SRJ zKT@Lmo|H&_mqW$PrSu@Bknd?!VTVD|gCIoWv+^IqehD>2Uso1wI1vRg*xA5no(wx< zP9a8&FJj>agc4Rj4njN@c&HTxljp=uqjD(tjEqqXAe%)Jrd*zXSWJUs#L26xNxItbd_ZnvWylTz;U6XuttI3lHhvNem2F+H~}O&93SLrUBr7 z1xGQup~EERThf3nPvim%=QsK#ZWRp2=H*T*=US<7CRNN;#LeGt-M0WL2&o0$r4xm_ zjwCa&gU%PR^k_iwgZ?i(HKRoee9@)n2`tO@E>yOJc$*(+m_yBm8~4LR<0K1f^+0$t zUepHDri?9$OYJB1&@9J9yZ(#&E(&`@Eez*ncVo-t9db!bQLnl|c;3!OI=h)p7ytZN zm_FKh%a?oORT(XLteg08Z|tXRlFOZK3QV(}2c-8?~ zJ`biJUM$l#kQ*w1Qsr6?OZ)N}m$D>fY>S3X-`ng2NWL(2&;#|P(W<6sg6NC(s5C4B z;uB3E3`Irz-=V@A@y?+Z+^`~|%`s=D(}}6+kS_r;*;IHj@ha(7V;z42>mLB|0qUjV zINt9tr92apq~#;T`aLgJK-oCCVLm@?>9Ac|zlqD73iQ7HF%gd9*WMmWJfbF3KNRnO zwDClUvt}U}Bc8X94{y}3UTYC2ZYgB&gbG)OvsiwS?Nap>C$jXbwNEm2GCZV3wdt(5VA_v#JP>sZKN|*BJ>s!Dv6EwnmK)44q zJmLWtAl*C9<-U>t{EQurI@ozHbM)i7{w^MdW z7(NyW$q+v}l%|WSW6QU0^9q!YYQ1`62=TpZUe`S$1;hjC2S$WvoRF{Y`)4K0@Ghm2 zb~fMK<`j;!%i=k@6C0i=Gc$q*%?k%aIpUAhXuYt}jhbxDU~eq7TxW+4Kw8i3RXXyw zfv#;tX33z5L-fW8tG z9Km;en&@4v+&2H!81b>@x9}DCe0}rB0C%@zjj??Jqn@a*8_XR>V7QbGir5(;69A49 zvd2I?-ppU*DeDw|D<$w$o0iz>I;x-b_|SYY98JEOeAC^im!tZx+88`4WfAlx8LHUb z7jTqE%%h*1XUDU)WBAQE|H5Tbc%CjUt+2lT19Bc+0HrkNUP~M*DLE|qS^zC-DXd$L z;mnG@O80n}0us4ZK<0Q{KfGQNP2S__c8+8#CQ@NKZTd?kw-r|&?l8~w+}p(YRb=X` zDolY^kz2fzL*JUm_54Ex;RsO>X=gWv(*mWDM%z!8(N40h2Ln_PZlD3D(pNTYL&*l zED=3t3d;f;kCJ2?NmPGR^6j~HzLKk3aGvfr6T#EAE+az4`7eyv95k?JajwBr`EPMVJZ#=*S(ZzM3Q@GY6uh@HP>{-@eC zJv1kJ&{$MG_?JfPGf8hA){@Ryt2Zm_FUg3hmyXecJ}HipR_eHdxSysiWRrk!mvz`-&M62<4HyHIWx_ zg7Ed$Svm3bftz@Id1a9fVaa{Cf2!T`VbWc=+JD*y@8uS&L z699Dd4G`n*c3w&n_8#X|Ye)fPy?cSasLp#hz}Qhu#9d`7e0LKRH{>?qiiTyFcNZ+g;dH?zLmEysPAhKUC8vjOSA$43}J2Dbsnvx$WQ; zeSs3+6q$UV+45m=SNw^``HWY*_sI@-gT4`xMrvy?OGB4opawhvmbi+3%C!1~W>S;q zsFQjaJ|&!gd6IwMD4Ra;K5j!X2$Rn1)WL={tFayxGy8B+t8+T`rXN@AY-(8h!@+d_UZC zhTQl=6j;K#xwxaw@4NRaFyx>-yY_h2*?0Iy>b{HiPVF=6c=-*<0xo`LB4dCP+)o^< zCAxplh5ESEAm|IOY228Kc?i*)Y{7n@_f6&uIHmWPn{{?=jg0N6f11@8Uh5PPnkaxQ4%Fn4eMCf6uNajxRAAx%>o&)$6A5o>RF#F&vkY?IaRVust=2Z;L_ zJDn&8kB$*05;(;*f3dsAGcf0rhR}=W0QKOw{qD*5*ZLDLkzISN%s3)7> zF@n}V5#s5E@K)$Eg`S|6Eyj)BbKF7j4F2+v<@0x+7Wy zPK(y#W)!HzaFL6%sfIKj=7|SIUZ(o_8pP4LJr4C;Eg8v^)lAdHw~gxLoHpNN%`0;> zalPv6H7UiEK-wYHmo3GNDVlW`Uf^muG0TjD3(aDH>)vx?)~wu|*_Mz`!f-ZBlSz!= znDS*E+rY!&;`SSjEm-a&xa4cgK);_qG$~@imvX=r$Lxd+g|bQ}H4P*2`Wf80!*vzt zm&A1cT@SEsx@3vWb+=c?vOTA3#Y~7G?&9iVCY&Y@LnCj}ybl^W3J3Vi4QHNv?Q6#$ zU;vtb&XhneTHBD_Mj#rzQ zbSPv@=p!V?-m~XX`-N%C>f1;@U+B%@UwAinQmd=XkYXlnWDwn``?hnYv(uRQTy`*T zR+9pPMF=iaeD^BMk5s-uEXykl;v;rnUP-n?mK5DGsC506g`f5O$R3@rVuZmZfuEQd z{AJPZCyc)N7|ANlJ#$atxpvVRaO?DZh8=(E!t6xB(Sog-x~j)XK~oJVv+PVW@A@gN zG^C~U%imrmLMyXJ56xG^zQo*!1`w4y6n21WtkE&BF?~UXMK(F9y#C{N>mun)2l!)= zpkUusL|E>BF8f7{Nm;!6l5DBiEr?_Js8eiyoKi}T02q}@@s#K_v+AF>$K2-W-y#z; zQb~ExpSzeUA2^>ZLCh@*moPmV}mXd+#r1Iyz7h9$vp26U!`NEtZ3gDA8WO-)jrM zQuI@yHH`B(-a@9Cv2Pna`7!Y`mYQgkFRA6WDLioE%{+ga_nfkK<;?BZD|#^NwUOU4 z;r4Z;>IAo?oNeR}aSC}^fe`+mI^m+N8dguY)}sUuAN+un^?|E~Cbg-x)9`m@}Lk>3yp~~7>S(1+m+|1Z} zOhlD@J%p|dBEA3cNYUlaiM+ADy^>q@+}~+_U+t(?%|SC6CwJd^u5U=DLGIFe`}>|! zetlfvd;T}?zPQasyhnup*eyhmX@*?QnT4izE!D;NrvLI}VK$ylm4QFN7^1HU#spm~ zxQxDh!9lulkQ5D=Jx#p_-@Ivn)RJ#ZH61m4F)Q#oZu4^=VkbzOOHKYHO16*fWCAnU zee)AuVxI<}v20OzIFSa_@Ys3=+b3g4u-GC~FCMYABvM!%egV3^$))Fc>8&!GjaFM& zyT;At&e_mhahJ*N93#1cxDuad!SL2fawFD{oewZYHJwY5B1N))v`Z_WUaVQvHYC22&^V;at(&FWvIU&D z0O=^4NmR|`>iB8|(y!sB+{1cwKzv&h>0(&S292wz>%OUA((Ubop;nr99*bWvO!@eQ zN$K_AP@A2)efxSCl<^v>@KuNL#-iF8khuNx+mGK8G}n0=XLF3~*PCTYRZTil@{8#W z(>YRw8m>6B3B7-R`4WwEc69lA2CpX}fE2ECjF>O5^CDz*%RN8H6brINtADbzO&f)?P~dUjXw!48O)K@p6y1l=>KpIJiSk zdG)JQZg%+5Cr2NXY`kQ}%M_iwKsosPDn~T1f7Yyr*0!mOif1aTRkzCrV@OADPwsc< z69&o0e-%Xj4fs;f?~3M!#DCf~Yi6?dzB_aZriWN#$hZN0ZYp>VS+Vb#^8 zxJp4nd36KXjX9Km=xG=?ZV&+ej|_v}T6%plKxNeM1sozhN?TcO_LD=Ct+raSpZ`kd zYAiOHr46VzTd zMGdFW1ko_QCGX@}PR7qMzfE>Ko3|s!09wQ^`j!5;UcBG`gDg8>FRZ-3R&JL^4P+Xk zjae?aHbjZ%e(T%KPz=lEE=STa+W(a(luF6iWedFui7%WVhWL z@_4c6T3WpGG_-^C9KD_NKYIzWWDZ9HQDb4$x6_3K3@6HfuF4?6wB|HD}WUt>#b*OH4aw$#lK%mY{C-RKb&hIs@ z2VFRd;5B^DW3hEF9P-8C7UjcF95dtr?eXD;AYeS=Oi?}}*!;_1$bfjxT=2kyqPaMj zgf8`0EJ+O~PV6(3<;&}m9F+1Kv=?5soq##IFyC*%uSaAW4p3x?4Wx0@w)(!6b|`RU z6$evxGKz+7oB)yw>RwtheB>`R=Sjx>`JuUX_VqbeHxAzu*(?i811R=^#%Y!;P}s$;2_2 zfib_%+R5&|EBc9cK;P|pzP;gXy0@{~q`9By!+qZsUn4#1Y_(PNGnUGR+cS}M%xv-vHpVD)n(1YV^uRWRf!r?2Fm(&k|%2u&?6V-zdJTF8F{` zi!lYgzMqulq@~qoztJ2^)LEIwuDnXJt$sd2`oRNpbS=-l)71X`-W~HAW41LWbVUAE zTOrv|nzLrkOEzo1o|}3Wm8a;a9~j%OYy((Wjzc0#f6~f%NXVR zuAaL%{dn;;=b=??(Zy7c>hk9l^|}lo8{wcYbNX}dVA5P6`6b%;5b08nqm!uLW=qCC z{GrS%=;N90&^h!AL!C+0xl~b6QPD#4gvqf^kQEgp2FjBw$YK1UECE-zxd%{C+^}OQ zQ>Qz6R$W?(;;*GtJ`~1x)9Lb{l*Hfa-pgN>Y^7DCj4q#S?4mO8g-KH6c*{I#ijKn6 zMUpKe<8+<%lf74l`=!?>n<0e>r4|DkMRS(w_`k0zt&Bpx$mR;2M;2f_VW_o@n|Qm< zb!Z+TT4nR55Ti}BN*O)-oL-M!qP^heTavx{6%h%v@=8+j?`b`Q#cB2%+|5F+%^BC8QOpt+v!YpMOg&!VZoWNTgJt*;%f6v@x zANvfnqC{h`iC)^9`wL|kBhdMwatB7m{vPC|JdA=1FAW2Xule~Gi_~76ILoOWHxs#| zG_H)RKR>0q#`0yKCXb#5f{u`-K?Z2PSB$=nZW+*$snIeT&lg=7SJZvYwaIpq!8mTL z3@0i3d&qb>^So#SynruPUmc$%4_QT-jxQ_WtXfU7_uCW2=bMvVE?)ofq}aT53=S)o zX$<5ZcUmqdgY++dReRwx&MTGe@<%uK;3fAt%U-K$$8ljCC1$ zEDfQJrC;#qqfRTlL-kJ-NmCkOc{U)L4@v~kU~lb!mH=ubBFJwe7fPMna}wj(Io5cy)P zG3G?OUke_0rU^oqkM)Q$Avy$yk?uRs!ZAg8rTyW&z_C=E8Mz*n5sp{orOh%TanRv3 z*kN0Zi5$U%{1f5nUy&1k*>Jf}v<>M0D3y&|($8%29?pd9F!8d5LG7Y1@;s_`&_?*+ zjt$X(gO}x*eiS{vTvK_e0|yh1nQ%&}F6h?1PWIkW{wAW|1I4*adK^wf)-A00{c~T7 zaYh^Gs(l~V+=CM>oH&sd{&K$PlF5#dd=Pa*`uTcJ+$ov4j=5EH$1%T4_R1ZTO&Jqo zgXb0zKtZbjow`=&qRr7ag6y(Y|{-xKVW%tr~0JZm+QuS(>I{! zwD>Y7&*M1MPxw=^rKQ8TJdaMc%38^Ouex})Fdshf;Bq#J=qZ&~WFn54pE%5X3=ff; z=LFEupz+pN3Ob6u?vIv|_<>Ki6<3UD6!qI@C)-BGrz_7{aq@CqapH|$ zlpD)0vJ$BC5dp)n2V*Rv6;PU!qMOc^^n zy+ZfY-Y{M;05SeL>=(zy8)3@2^7dq}cw@4Kr%LfYvfpMu813b)GzvD$@p9(e zFsNt)_u=vE`4LGoKpR{Z)Mp+29tE@YMtSp7rF%fYVMm@h53gpgeyt2387%d9*7G{iv7aa+C=@?Dd7?Vc|uRefK9JXKZZy$3MiTu;C!V!9*knN7|Rm z6}>nVMv1@szcbn0>YF>~#kgc%aQQ3sHuAVUaLwCS`W^!~z6@99nojk}kAE&6KO%!E z8-wm(p1ZPbC?nE0SqCZ?Cjpz{hl48D@iakn#riKvcH!kA6X4AA)i1gphIz;ZC_0AA zs$Y|#?@n!a3hg+K2YgOquQ>W1{`x*N(57?RPTFX9p@X>(2NO;J8H=<_JP1b$WsCng z0ucujQ6aBN<}X|d#Dx~DOPjN*8L?k<+-(l0>Q3O`~V z#+ev>&0NfU#upvm_V#4o`ChW0$dEnq7wVs%C41k8C6_BJjq0M`eMyeD7e|Zg>QdRr zb4#X6J%N}H1oA<lzE~P2Z6Uk&jsHb;DqrM`|9P#?}Gq!MN5wv#kbx#rw;PkH?9w;!eGNhzGNXtKqZOtz2|NgOgoDeLOd_=N@($812NK)-hP*i*oj zXDLrO3QjyJmXP5T@rV^Ej7mfF-^Ss`B#&yk<8I~E zHI!cz`a5UGenVSIIX?T8w$aT}yhDBjt;NBVodEDeyrlgYFaE|~=ToL6J6gtJF(O!= zaQNY(S^V<|1?62>Jm2f}$?g?hI5F58gyjk!{-o%ZqU~j?+y#O6ui!>olSYoBEsSm= zTSnVb%c+f*gmMp{vpACY4^KIk`|LmS-S5hfUKrzxI_NK=M*3~-wUb?>ve?6g{wfYD z-tw|X){){j8(d@5VTA7^Bbq&p3V&DzdG^K0c9rolPJO?SjH!EMbQQzoPwI=+Ru_+z zzb6}v@SP}+rItyy&N^+nI*=pL#4@5q773&5%QEUV-BS0Fb*Ehh6vh~Q=?cf|C>gDb z$$h`f9_|mwJ>~PE1bj~=$NM+d_4x)88 zh^Q!JnJ+$mNQV7*(eF-S<)z@Ac+b z2Kf|mQAUeL?nG`lF~jLlbSIpNET8N02%F87 z=L{L#*QhL(3}L|1AMgri4X^DJNY=q0teD@|}Ggg=usroZ;B zb|1m7v(A_7YJThN*L|WIebZ~5dz+$eHpIrk@(#^8zInd#5?S~AKZm2)orFryoYk## z8*QOE>)se6w3FvB4yGL?BRH5Cj}hTl=x4dC`Wf1xQ{^!Kf8*=PBgG26fc>v1lew3u zB+9-`vbM9HcRsHO^wk8-7rU}A+zH7pmRz2D$r`rtM!E-2nHP}(uM56$-sO8f{XlaX z5lqMw^V`QwFxTzReH`c1!+(x0+nti9n5+Dy z3+LUDjt#xpuZwxKJX3(vfQ)m@ZDqOs``#-adYz-apBbMXrRKaW;|G}_vJ3|f^>Obx z0DUO_#3p$4_ucD%&q5?Eem_(n$iM^uYg@mGP z>WCqQksiufzAweBqX%U>3>5aS*T)MV&<#SVMwuGn+yFgNOfmF{0N@kNS6>%OKbY}IvLk*jV`VCe8+%H{Ar2(Vu@L)TL3mov|4myc2Mt#67J83;r;Evh=$9Q4MU z!f8Poz9PiejFw90_n>>0NpdZ@uq`oLL`nhQDK<034j8k+CIZn{voo+6~z2GQ%7RJ$j?~(B+qwoRA@nttm^i8I5L=XYPk}v0v%H&9t1`faLZVo39M*Zb7 z_;-{1zw(tbyslLnb&ZYRaRPdT8Dpsnqldo7_zm8KBQoCb10oD?eqwlIP_bF~CYvN% zXtWH}mnM7N8FF}oey;Pc+}G?U!Lsd zdscJD&a_#}+1BC_^Bc17{h9N$;PVm&vF0wyQW|){oQ6{m$3U;<+)<;{U*ZWe(yw;E zO!ZtVeixdFHd%DhWN&)AWcG?Mo(qr-=sD`xWGgHYPL*(Gmin1DIdTpUiIC}Vr^DOc zHrbcS`o26GkN&mKJT9r1F~z)vBk176)b|>PI6oN6vA-AdKW(La_?O!a^xx-a{(GL_ zIc>&KwdE_4U7Q_%)Q9{});NLh;n2g0*%Qtdr3WmP+iUM|#vcE>WG9~-o1xFpvjZ80 zUgUh5=zahG>KpMJTAjw$+{RoQ4*Ph1wB4MKjQAK9VVn zeefgkqM|%^ky#wPMC{>&XKD2~)$RLb!B>`K;`E`d%uA}5If$sZ1NB^cI7fss-!iw) z5N7KC9MwtPrT_nWn)C`igP1>wa`SOWnb1MsiEr*?Vo4@*sQARV^L9gr*DqR?Zu6~^ z{pk$VBe~#yD`$QW6R0Z;DxxfFg(j&s)}2S5sbB^puCs!b<@{5oE8W z^Dd6a5tRJ3CxP<8JEP; z4S$o0^5{x4kqn_&`P)0EA7yid3RNzfw|+z;eEXYfb9PwJ=Iic=&16ybJ<33JVpy=B z)bD;D=`au;kP_|tFnPHVnZl>6$H;Iz?l`q8EA`Dcs$Pc_M!sl+b7{>Lk{v6fiAX1u zZopgJ4fu+j%5^6a?WEn%4K2FPk^vM-mfkG4O0rvJw0rp~2M5y!-Y*`jKZ!v2%$H># z-y4RQzwy`c#J?unaGl(zfU*mJo+hB9?O@_c~|Pd0{s`@YGRl~KuOxiP%FT=hk#+WHFh%T?F5d5Q8(Iqo=9*+h+f{PST5 zVZgst#<@pr={|K4%|rB@w^`+NFC?Y?hvG?gbdu($KPM6onN=G2Em^^M-2Z*qc%d8} z*`VCNh^98Psr1i}2^q#=bld&Ow%IZqj=gFJ#-K-hAXBP)v4wi4>v15)GV7LAuH z?+ZDNh{bHsLtlZ;-C%SYH4o_8Vwx}Bv%ktaI@#&xs9qVj|F|yM4}Yyb*I0m;IHQ;^ zoM$6={^MX;d&6YsYhEgHg5%K*XfHox)t!f)hj}EH$rOW~bQo?p5kL9ah>$6pCF4XN zqdI)t=XSb`7P$N~x5ho3NHJD$E_L{_Gxi;}oeERB&8 zaZ;R3$mN}EdM_FnPb^tvS(fkTM7t@w^b!C4JOiFkFYOgAeaNfwth8RTKdbK2#v5)_ zxf-Y8V8UP?BaCZ17J%AD-cjnGg}VD~>B-4nwrxZbT`svT``Ph=;+S9e_!k*H%7(E9 zoGu&%IG755=p$(7f81~N8|S$#u}pH5=5-x)jk#ds^))Uok9n3khjz@EootWSMno%1 zDRJcSg2f{Sm1pgjB>Ucvlija$#esLp)l=Mg7JQ1$`PnR+v5w<-{6MmoZXVG|-_M~-a;UU?O8<^KgD(JGf;Kln`){A7 zIrN<>8%KW{t-2RiyZKl~mZ#Ex(Bu2p;oRhlmJMW^c@REtsBwRg=JTs>k2#h4 zaW>teaq?@;&u`pAbG7=&$4RI7=P%fBJ|cVJq!0N3;b0mh7ta;crU`mB{qnc!FZCN^ zk(V=kQ7~i}c@COmxh^y^j}22+MMXtL1!$fyaX!Zrdqu?y2`Fm*ra9i+hBE+2aUu-8 zlk0u%U|N5*a8#gxqR^n2T`A*lmmQOhMad)|%APBf@#buuwUSMrr94t1$wOYglD5Rc zs>|z+BY9&ZQ|jX_WTzWh`+Y#h&D?m4PF|uJHj*Okh9Gr8rz@2~`yl#9IyXR*%15Ez ze3N8nvnPhyih+ewh%b#zoTxM?(<}v$a!dNLqW4Q*3Z<1dvlvOc?;gfX2X9!}_?L2} zFynkEZys?X6lEKOWSR^_KArxSwGs+^}3>ofU`I;1U85d5c+Sqb10rAis zOU_Fj`;x6CezBiMse{NVBEcpvlI+VeOzwCf_ouG&Hv51dBwJT`dV0bh?jyiBpg z?@>3ZW9uDcjL69KC=R8;Df3;`(c7ErrH!h4vW(gTzTNKAhb1dl-#FGc%fD6?_IqUzBl$*B?j#=aXEg0ob|4L2=e zQ^tp3>3nvh3)*6-h&wra`Htj-@>TY}?^l`1%TmeP#N$`JI{43q>3lt~743)X31Ngv)1sKQ0k%6(fjmDfuM?jm8Bb+eE zYI}TjcJ{h#5K%Fvqu1xLV>L$M3w(nYd{u9f#wYZ;lb$kj{+N>*W5LVpkPPs3wmz2y z>-kVp%rJslTVO%9y90nY+(AL-Vxc%U@9V+<{E$2u5fKk*tv6`g=^FDbdqd$2LpI_W+iAUB@j|LN zTw5|tpQ~(lh-rTB79FIcZ%NCMIqZm|)LzZgKEGvI#$n3KB%-E>{v|SRwB{vu6uBOP zgN%I*n@Zy@6q_eOL?jzDK-md4%4lkEZ zvXY*wqtxC~9%C2YYd+;A2+vf;bm$n!L%dvyx}Q7HW_ZA}<=4N{+$Fv-UVN+{9`uzZ zd+}fS;K_4LXGKLt#s3(ZCrqL-kycbxj07l31)&7Se<|@qLP$x&!Ni-#ugKUzDa5!y z3C1x0{&%IAO~AnAZCNO}D4D!%=Gyi$+GflN1qfga9VUf(iA7ZxX;JzF6n@@f6P3be zt6f3W{qaGKdbj=&~@-aj2F1I4y3vGua9&sy@o2UeQaWRl7|n-m#Ym8_BY#%Jwo2 zn+_%nVLng&ogc|SRb3dx(0tZe+1W5vc^2$BrakAu^h`on#SkeEYZTgI4@Bgss z!+>!kCf*RQuxzqF|0U{l9;-~gh=;R^<#TV9!8tAOEka%V-+3p=46>j3tC#S<-^6_|g>_zrXrZ zyWA7R^A%T+K|YY|4D~cH|*HjBEcgl=2XPha>Jx8S~4C zhd7ve-SIG>ekZB|z6ls;S$50#bqA07w4;m9$ZIahPDth!91)a5gb#+Q81}A8^Dm ze5U5eT{SN)q5fY)>A&`gNQdL=rkTlJn&~OyF`Q?`=~rkIz2ZM|LPTbX010_ge(`42 zC>i97Rw2jC8Et;WSf{`BzkojHsB&4B)|*EA^MW=my+*R%|Fu1a zXRG|Rh}KkDln-K0ug|UoLkJ1v|W8EdL}NO?CY9eS^C8ufY48ON_`Opxcth=zNqoX3#(giPIk5W z<=nr=eEs@8ldZIx${1DhWGEkV1ZDQ8u}*_8CsjR#7XR!%ba?-c)AfGU-yLnq^`{Qx zWULKzcYCB^e;MEY%!5{*o5~OWxF)`ag9#o54KZ&qH|Rfkz0T(b$QnGDB02s|b}%73 z=n4lP5xjS&l4xqlGW>(iMmZG~6%`eO&^$o_cxok}qN3u-z}Ue6K@4F^X<}n<6#r1xP=Z+g^X9!H>ITIbqk((}eNW1>lp_?; zP|Q$LQQ|^5YAK^q@RpY0{!6|(lk@YIZol^{jqZ5_Lj$}?W}{&g>DD#BuK&QD96CCE z040&VBGk^TTv9*xP_S28I@uro5XJy?6UlMojdQax zq4d{WHOk+LdO8^dUCMjp&%$sbO))A;9q`BV0vYS29FB7z?6%!rtuiny;E!nVx5;X= zFRc+hD8TFq6?f#!ZL!EQkv^<(AEV6 zd~Yke$Qeq%i~xstuJY+eXdW-#o%nn40|$j@f)6aIyz2U7+iXU(NTl;JXn!`YM#(rB zr{j-*EIAWTaq7WG3}E&?*>Oi1;4=8(FJ+!{Q7jQ-+0m-Y$yh!u94PRbje^86XLemF7s5a1NwBw;<8_CF?tm_|nugXz=UsfWzS6Ly;V(BaA zQU1?0Aso1|WUhO3vJ=#1H*%H#r{WutY{>s&8fzc>bh01G$or)XmlI^@pMI8%a`Eiq zE5_RuSI8K=R`f`|$xp=B?@vnhgC8dQ_=hF?dn9|sP7(RA+M3~9LnhmXDD#crbcT}y zIq>o3V>iAIM*8l~ei`sNEp5<|Wk{rhPbFPzY%d^iP_d-3d=eiSxa7PkHdb;KG^_rO zv8rEk%a;I|Z@Ss{X{?Qa5A_vS#)jvie#5(=VGDx-g`AhuG`3Vmr+iAUXRLIQ~aMc zEgXF~BER?z-6t}Sc96#B$pIPO6T}bd7O#;ccUTpbfzg4?^t`gX|c)J~f z2lThgh98loD5GsWvquk3NbzlavQKWkf*;N$98!@V+FNs< zI|7-nay?HAqz!q-LCrkDaz7%dN}n+|6*(#38uy7pyL*1J&wWLF(A+TwoM~zwEXd^mp4~x5IM1T|W?%82`6Z99a^1_}x!;c127b?FC}?ig znfYGIX}5*)DJQ4%YtIc_z62ahzdNq&U_yR=e3+hLKDO1*r43F$yg;4@msL?wQBl!C z^Mpyh`B15-sCfDah0~2c6cLmuAvXMOznw#&*r>h09r(fFcBYa07`-J zH_Ki|I4eH;WhvMg#7bWb|Nr}Jva#%|k(D3coKuDz^%O(fjRqMUOUO7s`sh%^QKI;= z&O2oox`PS&3*8*0@Zn%`gC&Ke)Re3Ojvzc(B?K<$1^M%Zersr+mtOrG3pCll$y z{oE!T2Jp2QA#VH&I1z{nnLR7n%{QrToOzT3y$%_6T^QYj@W+xw3{0OBWuOz{k3;L5 z2Shn;&}7;keMIHTc>Cuy$@cqTvhh;%F^Y&N2qUDSWCJgE!GH`Dr%5>XFhp{{Q9jGe zR42~K<@R=SJ>?}Idw#6AmS|Zy*=Ihdz8Bxi(l{_j<^Avw z(a^8DefcQu3R&86W6_!pYW=$ zyT|te`pyrOK0Bj`0GudeVlBzh*=I-jI5B?z`!LGf0RTT#Rv6$BP2u$EI+23mi0t;U zdiYV%Z7;)U}6?02G9 z_xKXuD3wd}gD(eFy@0Y@7KV|dFxDa>EfA4+Y-Akg4dYQ|xpT&^F<&uPDDMd6GGx2k zc6ddyE7ULa8P1yN>i;!YiZK+%nC1rhS@rbxu|H3*?u~b+5i&Sl{dDae6J6GjQy;JS z|2@-V+`|v%Bb-c5FL_lyV}SnV$R_Yy?-9SZQeRxGdG;aAJFk0@F1=KF)>D4^M`ieY>}@3i3?63vjO%_6 za4qJSLG!)JpCTH6#R~=TlJeQC|IKfYy4iHOq$iqZ&>RK*y3WgvWtNO(#IrOPmuD4Y zhUmqEz7ulFzGMj+d)ve zto$rpyYGQmPIrpN_RC%y&y~@lk*FCQoe|Y1Ko|YROA+xHT3a+%yl6mwGtct@k>jL; zF_$w|Sg!iBBhg{9(-yhTvW;VYaHMlZMMXu$5HwG+qB7`OMMcHa!w?5kR;)3uS_Z1F zp~SxPZ8D1Q48sD2oiEpX{QxP_N`t`#*nfjJr$#0U$n!QIgppS`O3^b`>Q@F;H@wI6xuy+7^vku3|AC#9A?ym zl7&+SM-t~smz@?wP>fEa-N2kQG1<5H8ky>JgI-`yp!L^Cw&B{zUb=&fFSX;SW0Kt^ zW0GhaHrgecfj5ceO*KaRTlb0bJ3D)9Oizy;`eT(lzip%yV+ydG0!PRUwexlvALm__ z?5pDQnle`Xt7RA((2GH*GK*o?(~X0v!yRPq$)Ar&$pxF+Zu`8Xrc7fqMI$iJ zxE!^k0m4AmGaN?_%Tk=Dx+i(*N@Fw@Cupu>~06CkACw_JV+MKgw3o zSpL%~(J$aW&1oO}qOwRJ6acYmwse^rTG$$b|IHZpKv-((hfA#ZZ%P+~C3U5@7#_@JL zCA+#fm?Q^}iQc!pJ-*_H1E$SOwPBRzojpX~yr5~O=-g;4^&yU^95qEccRrF=7&ks5 zvKU9qVaPxG=dmPsoXW-_%U7$|4BB57s7zimjMi8z;~@CU@?6>*eeKu0{{i|Mb8tL! zVi}dLkzX`0t`C=-m$5_?;s-w-?Te@@(duR47{dV=Wnw%t7i_s@vcH@gMa2*_Pf%7s^IAnk#nS`MBox(Rq-iY4 z*eS+eF0?8qY`FUG=yGH%}b4%I7zgRe-D-f5>S0q0c9NYF9b zf?^(YMHCHRJL(QYgKM-?Mj!^t8Y?7w#SSu_RR^ELr>(RZTza((zhjgAHdJqWDkpQ3SjuD+!pTu^3X687Z7a&2tzvl)4$v6(_#2Mi4qI{UWanHTP8`yoagGdo$sOky{}|6l z{3;xCvCLHcrZVX7FivsKjEa8bK8A+wBYS-+e?YQvjLK_$#ZbrVZ%lUR50dTmx@3z> zHrVKvuX5pdbozve3&&UDaKzD`t+%4C;Af1XaF8)yAUEy+hK2%{uRInD|0tj9ERhmj z&`Q+ZiYq1C;|3>%BuWLx5@q3>q2HHUUgbbDW!-fdI*Junf2B?#=LXK%4pr428XUrp9M;79RKxrd=GG=rvcP({4 zD1LnP+mc=JBKG}>=aV~QUEV_Ok;Bb4jeXDPN9dy;Xgj#{s*u;wO3xT+Ic1?;^u$*Q znU^>hkP%SM7X&)NB z`FshZXbh;`s)v4TPCLmYLLBIH|<{Zg4V{-bVdd3}!3`r)CUF61JsD)ftIjN|q zsCY^=Pk87KRbVPADxNM-*2BS66n~sVp}2-(E2V!_r~Txop{S$ubG%#%`-U5Y;_Q(~ zDhG#8aWG+YE+k{&!pqu`AmqLIu4J!fAE6<2gyV<$v!R`@FDj$lIhZn9iWSN_*OU*Z3PwppSD=KAwvA<=93{j3av6BjX5>1v(||YX z7+o0F7%(ML2}i_zYSVE?Cwuq1Vu{IX_fB@h-O+B+^PhI~i`Kq0)<(;yc)1M7+wKjX zl(qquMcsUJvLj_=?fu4NOXsincq9lA&Ajoao$wgLbc@Y8Z6_I@-#S=Et@!=L16jJ* z~4S75M-uYHq}?Yd{Olh0PaN%vnS5yMH^ozE9Fr($D3}CyZq>M-5OU&s4|ycjc=d6= z%PMFM zloNYyv8*}IIih*uxPCh<&-c_dTVv;7J$sOK=;ZVJAww#guO()lE+qc`?3ad6YNPk9=)?&IUsRUwjpsa} z{j@>oq#e4BEURtZX{s<@;J#=nvf_EkM_F;L%+Dj8n=AfDk>!`=$)EgUvO6D+y%cYq zmF!LXXwJy;5i-WJeXPq!m6M8!ii)R1^8^K8q)I?VMMYcjD9UdvJ98rh0#DVHsh&y()~_9w|`aU{V>R7upV{_Ph{#3Ze9u>ns<_#<*`Kagz0_2QHJ@QHNOWQ?=39>#xfm@wMHMf0ps_h zk4LPWs*JX>%MuqH4>?jm{lVToAO3{+lz9toyFc0bTP9m{>13~!VR-x>lP@V`IT8*Z z(iTS(%L5*e@k`VfUtOb}fT*&|{+Vpwy_0RTwfG=8YDc_;L5Xt|XUN#`$u{0x#`v$5 zkA7BO`kHd6=U$b+%E~xRlvnBD8%u^f0#4_B^4)k#vb9%Dw%!`a?xK$= zPxpY+Cg4P5Luq$fs9gBLf6Cl$+lY=MUCD!t5Y6%Dlap<>N%GBbaZYt;ys_U+tAD(G zfbpy}l7UUd%U>V&65HG(e-W1lhTempza*guG+a3wl1%Ivk(S4(!G z#y!zG*Il1%<>l3XoiWzEo^6u7_oHjrBI-BzN(2VWQ{9OT@4Ou53g#KfS*vW-)77PR zbhy)Vw_P-5#Pc$50QvchLpEL>KfOe{8a~R!nx_w^Dp=Uf04Y1_- z_a`P>U1NeJT`nUk!=u)GGk-uI)7NpYjne<4)V{H*pQui*iMJ|e+?YQ5q2_z~9!K2_ z$^7>YUo!S!QvUdQ98qwp11GWMjyA6)S}wRW=q&TyJn{c{J-2q)N_{5&k>4GBd~Hp0 z0A)m^U3`^}7bNarqCF1MHEDnPC@%ykr-S96y4H;&iE_D~`)MeAzV$phFEkKsi38Tp z+bGZJ5zoyP|C^xykriQC&9y{%{`e=!_I^uj{O!*a(jY_r+{G#TWaF`-qN1WAqj`b? zFmffJqTX((UUFg83o1L#_>44CiBupvUEIGD=v7rq`=3`uWC zHo7okFoZa=r0ceulKuRMWIM^w{?##24(Zrz_P_(guRdrDgM7kR-Jc&06Ur!jB|YFj z*8xTy8+hKWI&h-gagYArmu#*K*^-Wkf*DGKlZ3B8@o8w@WUefu7pELFl9u*;@N>z= z^0gkd9Y;Xnb>YuY*$4;S2$fUH^D%5Xpg2UcR8i-dwbg{N8u!v$->pt-D%Y7KA}9gPRB$WQR}8 zkJGg^WSFucH-U;3LB!$Fd*V0$*8Lh^(v~ zr!U+pr|i>H&To;d@cI7Ma!{3tamyY^uihovl<}gMnLq_+M#gc8eV{!*F4v`YEcc}P0fKv{+ zP}yA_qio}ssGK>XM`_MESH=xX^i&Q}VPht!AHS09^ow`46*TTK`uk)Uce>-FEA|d^ z+9;3t0>inSi;ubeqctb&_6o_j`nK?^I5eGQK$GwL_C=IXLIfl>K)M@YG)fF?HI8eZ)j;c5P^S7Oo}O-0FMoAd zo?Fl?=4x<%FDLs=MaQGjl!Wr#%~=;hweUi;IMhrb+Wlv`Q+Z(X_9F`2Wy%2D<)-&4 zD@xf(F>bGQj^oXEE?buk{%8a%K5+choY6C#$=^0DD~qqWW;v8~yPJI0JbV<#$+qlr z;}Szd)+P17LNKHIP+)Aj+1>+*zG7xD*Ek#OPG((L^jM}tU|SBG9;iuIdqNu zWZvQfk>#bM%=WujUfUjCH4g^O9m5e*_4fI{dn4l9*_OR5IRC3`F=M|T@_aivWX1mV44)|xxN@qXsKLD7 zK(SWwz#PpHGy556Df*T(gXD{=_%mM+u@%EdvO5JCdS|UII*`s&MuzwG{VrXvQ7#>s zho$Z4&yf3^5j;r>TW@*a^Q-htz0A8yR)n9jKJ9NgCJjlhzshoA3wesQmR8OsbesLV z46spemKWq~NvXimuV0G=&wSHo9`tR-J6J8e{9zYTeR~H4*SH4SX-YfG+;&m7{HdLs zuTDeZJRjY0M0w!c_i|jjC~W<;g9d%XGAFs(^bDm+?HDli>8v3}3D%HU;XkZ46L890 z`r{V^dQedj(~Q+`d?BGPmIHqwQa_~t)G7wD1WtL(vDWlEKOMg zUo>P3Kjslmk1QluNoU8(^;tc}*x+>K(()++YtLQKhM0i#wyu2T-w(nTU*`oZsqTs0 z=k`D0PiEp$K1A~Waa{up%CXV&L=Pl6H;7{%Eq2f!1X)lqocGmqilI;Eq%J;kK0Qjw zRd~y5vXFda(v!*OEQ=O}{Jp2ZYV;WJTkLmfxoKN3*bjOI26M=&NGvD`3_kBGWr^CJ z{uuInXTR0LuiNB%cp#ihN2`rAAn}QaCJc9#j^_H}j7ey9ywzj$eI1-O?gJ&h=4o;P zemmZr-wO{}&Cf(D9JE2HQLc#Ua#t`MFA$THNULg-UN0J)!#%+~v|qktZSZD5L z8x)_Uwui1kyH2xnQjROi2XBZY>eY2T?nrlX$%CdjJh+p2NvX6NV&f1ox8y#)h1J7- zuIe`;#Oy^^Hw^iA`i6;z_9neQ*o=mBgGwQo<}G2IdfoB8Pn54HAQ@N3U{1p#Nox+&a`?o8p zX}^nV#(HbljUK*3R5ll?+08H%UFvgr#=3?dj55yIm_Bf4r}9-i!@I2&v?E$}kF8o3 zmz^9w@4-|u7tXi}%2IMV&ToHMBgH$oPq{^rhkQ<#rk933XT?`y-gwfry}e2Cl8tvA ze(Ij`T^{VibyJSX^EOMv(*SgckPX;s+{AXjP3*cd?46aSR z`5RxLI0*ae&|r*oX9VyZ-EAan=Z1y#J}~mq|LFPa+*N{Ve7^(Bl_j*4fERKcZ_V}7 zTP&F{C^KW`HFWU=MRiLHU+EU|c$ke%E;Gy`!t$1I`_~wX;)Nj1##6s8CC|0j`Ct-N zg&WypMagGeX0-t2Kz#6 zf}*eML;Xi<6K3fSQ#-Hf&pw3MZFIw4_O1WSTT(~_v81!sk4vK4;I_#7l}VyLRhx(} z5*k=g!utrS-iM+JneZM*w2qtt#vbYrze`z288SjnE6J0_+HjerqABS{FxVmQL9W~| z8g&l4&x=$VF1@eCrK)aipyxsBzUv9j|G#+2`+j~Fxx^kTxa>1TE_);O; zt2>iep8JY3n|SwDKKZWc!vI2ChOnl#Kbw5_3C%Y|U2wjww!`OLi%%w8K+Kmt(1}^# z+OTK8Al1mCKDkOViG$D0h5W|RP1@1zwPoHUH1GW{1Lbqrbv=bHdDW*b_X``NxAxt9T@MyyXI)3hLDE?g$+c^Q*Oo++=n6lfOf zf7)iLMSgsI;iigW@mTll1x*tmW6#Kn0lB>!T zK5T?gCn$bLkZ(sCE=0fGwyEpjlBvvbpgIvuw7svZUH3a`)A@Ui%43S8@1+DWNCgH{ z`CZ#}cjK<=qt-n|U{8j{1$4x>+%k8+ra5rwgkBguUQ}Ia2qFEUc>wKU;!wuJ z@eW^K;46n9(+p)hfZPT(C9xa}pr!`Sj6iX-WO-a3D$aCS%9{7+2B=xH)rU)8IIl(Q zZS|aWHbxW1wNC#9<{qF-F`ulNu7-wg&Dg(hV~SdppIlu_iX1gGD-Ez!uIsWjWGM?k z-P=)qtLdxq^gP$L2^-QSA*?Cn++as#qSeBok!YjhKqNFN_ks^TQ<;)~D0j~YRtx2Y zu#`DPhVTLn9~V5C!rq>x7>^7|zD~=SU@M>l->OYw_7jIl4_%Q4QGNzyztDH;jwT6# z5*T+TGF-%f=Tjv(&Db6PtH380{JW_C@8IT%Qa=}l{bY~!8H;8Ww6^Qdu@dHtMwUyQb6ME{kP*#R%l|lzw%!_$hpX{q3Dtqza>G8Jm8yORFIKAS0_rv{Y=Je|8;=p~sp@dTJn9Zj^R6z`h zuZ%N(>@2*C;;C$6b({k_E?@q zTXXa@_b`isXn6clgy_@J?<;996p#Cr3?YKmw#fJZ72iDhF(tpWO9#H(`QXE$$*~DW zc9n&OWTlM90yQc~$KUk`oD&jY^U?iX)8={pa>{icibtECCCACfxm z`>bAPGWF>YPuyBU1PummT@E~Ex$gUN)wD_hPVM;H;mbr7lVa58b73)!)wr3Cq)?QF z{r;j=Fx7TY0rl2#J|akgef1vtW6JSOVvtEINw7_+VbPB--B)FYPm>7Kz7gxsEqm1I z;y3RgG-4Sy-CpCdH)LZMWc++be>P6yk1s02L8z=?M%D?j%{UHLfJRG)lIX_2>9gCI zqsXSsVZ`-yxixsV@~6#>7zv18ZP{&3tvq{Mr^f>E)HDrmyX27Cj+Bg2m+E`T0CfG( zaG+tMZ*ey{p9NvC*Je_jw zF45yKW<(~}L+FRe>dkv-^XpGgi0os$9dv{mkZzdIVmP(V`T?_h08%wAN-W~XSy$vc zfDRW!`Gi^hw;iN4zKu5M+WF0a^c$IL=SQeP_YfzYcHPh4P-;B-nuzWGw6uz>XrE}w zJo^am6&)_f=jBw{v#ec2szXf$OsQP(dXZ35T5b{TJNEKLqhV!8;;$Ojk#T*GI-o=l zxpn!JA{gFsc1S|OH6rDHimc0GxY5D2MGQ9z zlZR{=G=kpXT_A%jNoSOky2Ww1+W?66X}KBfvv8J!(aDnBx*lUTm-s5TfB!7#%1Rf> z%;XOvv6`1*Dj<-a_Pd`tgc|HyO5~JQq!@`7(y3cX+pLHE)*h!D@86Rr*$tSU&H6L4{6%L<{UmA?Kec3EDUx9`AN`85J zaD z?$PNAH9iY0J`W4JvnxQ8zyjO>Wv-XT2N<3|QOl{?{kU;>K;Hhh-Od1wnrJT!YE?%H z2FVvSl4U~MO98(X1@4+EANFzmIXHR3X8c;L_^4BAQee^xk0r5}=%H!M5ali?4sa^e zDUPmwu$0F0WZAu#HaREg{VHVTsbr}=p2ECD*tnqSg4G<%{L)@oZ7eD)dLBb&{1h#}(Z=z4>r+&-oV?9)eGyv`?bQ{Lzf09v?^e0_! z>^V(*3eJkRZX8_09ZJ3ro80*4G_ASkUQ{J=nSWYt{4#u6`;@uQ@isFn`_AFyA;L~D zSZ#i7IixLrLbEZX|EtdeAqEc zkjgV1`MhjI{5OeaW3 zNw=yregpSa#U-=yzUe;%6+okE<~10?r}iG~plr?kPoTuW$AmaK^y!P43R?~u<+7g zCfaQs?6bs!MJ?l2F2+LFu>mi9RE5>t`(2lv=bIf{$&+&Um*}|f9hHb-`&f0a^V&-xVNFSWu@#C32i-Xdy)8FOA}jWeF=Weq)DAPgWCf8>TKz%Nl@M9Hz0PoWBsVEBc z0>|dO)bn|+KAybRwV=`6BriTd>wfQ6Bb{bYnw~jSSAx2_yJf?}Gk)ANt-PC#Y+??C z$-?TK?u4+7Zarr5o_ZoJ%+Swt!})^%O^tknvh07KccAt1cia?b^F?_AsjWrwWu!oj zgLL0~{@L@X-zcZl34Vozm|5k+pm=D6R|29qIK2!}IuL2!J6n-7;N6n-`H8KOFJBE| zt`F`r1;WTBexP#=9wea{$edf@mY=-Q77yVi|*vA)=m?nyVsmNJX3FkiD z%?_tjWe!yK?~4iuN!VgOHtmgAXM;L$>=ekIshK2<+^%$84iZYgm_O00U1z71qt}8o z=e{s+G(31lJmhdpfkSe-eUz(RX2J+URG~tBZtFvq&|)*4|L)X}C3JHetqkxcRB8;$ zJbbtA7K3ifR4Aivwq|*ip@#Ha^Fa*U^l9|+3lcw`QafjuNv9Rmd?(wAu6%jn(2}(0 z#vma)rRJ;m@g?O(*8zJsF`+I>7)9VoUHlD`hIaCQO!j!Ta>&mDS<&D#9qs3{gh=%o zbf0z6q2X+&uWDqDGv^M=pz&s-Oi34OKZ7xBY|kayIi8>pIK zF4EUZ*w=BLFVdZZq%eVtM)rH`G2VFf?*cU<*%hHk8=q`rc@25(xS5{cixdIU?bEQ= zY`>z>f4*}uGymg^@4DNj9v1A)%XE40&6_liuK?lHVC^fVmQQGdnj6x^Q_@DbvR~;- z2IR}7=IE2P)h$T97^bWiR+;L!Gc!`6ElH_B*L8hHowWCz`Z~gtM?P<6MV;mI4%JLT ztZ=12i)!P(Ywg+hUj=xShLFNq%h^LTmvEW`>w9_kX}cGPXc9#x8(?6`&0_Q$xSSy7 zjlF?k2_bQ;ED9O&+(P=VCPb)F-*3+s}AA2gD`_f3H@g#6|(DQyw;2;e^?$HBw?_Nj-31-IH2RzrXu3sa^ze_7d{c z7`!xn%V|_#v;7l_!=}DQk&=g=Ho7MVZcJ_Rr>XOrwWHMA4}FUOEzgKNb6Q8w?lHOF z0#va(2k8bBRFw%|Fs~I{WVP%+SZ^z}B)g~Ff^tHr^7D!~S zB>;kfIeFDmo=NMxheDH`k%LK{({#t8jvq=WvLk=#FLDM1-fkGoAo$h2b5qcMKZ@)z zB?u$uSk`||O(BG!_R#@(=-MT~;Botq6Ay1u1<$H!x~3F`<*44c&(wG18!NOwSBi{2 z$3Y$aFL)edwA%|E=3(hFc+{z6;B=`l@z{(IT~n^KBQ4Hf$;*oW7Am!pRn|B6X_(6} zd-DOAs#=D!Qfm5tEoh~qA_XWvU#>L0GUh=7+XuF2@mry-V71}gJ&haHVyll^FhT5tQ_6YT!DE$=Dz*Jnn&v5j!SC6Y9FSzY2waon z_7P|O*r4ezu5Z(9fI`*x?#d`yxg2*U<%q%`+$fChS`9+eYwy~UZbV?6F0l|-OPs-*1%bDR>Po%%B6^T--W>KP*vO=oT{=>y<>wb^1hI!q*03{ z;qqQtd}QT&VaxeMNUbm2Z5h}!uPu;&*fu05FhZ-+qDR+qhjnNgP<*^N6MWO$5=FeY zk<`!K%qFbZd4@`K|5=qJSm#rM87mJGMtm+4@p1jOzk$17`MNuOqPiLzIF`I~z<2Wg zupwZ~CXf$&T#cpmXUOqwo6H`o*`p!4Ij7^k{MnOSQC)DMvmyCf3WLxY^YQ1%em<<4 zqK^q?3>qnQ&?iAk8TU zI|QYEWT1d{-Hfa1iG6tChVwN^=mK_hekWkc0Z$hW$do#z+j!sZk~$uX1S6Opj=IY3`)cv4?>CZcWdo+aqs&9wmjfX#a;1#Ar z1u>9W6=W(?8uAFyyr3%(Ybk`cRE!H^Axu`mVN_Df5rG?@`|@xYz#f9GOyERT)22CJ zTjKP1LCMOAGQ7NB>|~hYn%k;B=XY!nkgW2Hz@F4FbC*ID6ckHwro_Ty_T^e%IFQQU zN%STxQvF2}h4(u*MB6I`G&@z8zL)Et6u@H+&X#cmp{F(ZECk7FY*;v zYi+@xF|j!fz%k+`zA;vT%-1$;ypnyb!e@j)S}87pKRrZF2Nw{U+^+e01pA;mo<@$1)p$!wm8R_ybe#{GvIB5UuVQ#+4C zwEFxJGzrYbT^-B!Vk-0hwj2zgo!W$ffMr4zf*3%lTPjh=C=&zy&hJutdLleu-#TK* zIenl^^uvv>4Kh~h{!-(Lh)d|byCj7iWEmoCdVQia9tas^^}KI`nh83KTxH$Ze}(z- zsBB^QHdY~HyO1TdI$}i2Z=JBR2+w0x?_F^n*xE?bpI8W+@%et##iHr;#phL;0zsO5 zj;}c~6*}KFrT1`(=b8%D^I+L8tXVBrWVkb5%_JS7fFT2h#1pfK^1!{cklkteZ@zbv zOT~x|^@#S_jVUt?98vw)=uYUeoxqLmT?}#cZwsH~#&cixq<+E737Pg8K7veV(B^)6 zG`O+EIw3lHgd5HM@YGjq?kv7*1tvD@oEp=?oh=nWyVFn11)!&OTe3@Jh;c>}ju_UxZ(zZ8c7wtn7FYK5B*L{V^u5~t6-8WPkEwSoLGAN0jeLwk^5`b$V-&F!WxlAsTwzpCFqf_uiZU%kV!T)msK zc37;n`08UEH_eiJQ+A8Im@>S%{Z{YEQ|ek2NB~y9QtrtzOM1-IQ=YRg9IEQk5p zJ1!-wZYQpm^)u|wCa?J;kzviJzw~@wi6rt-;rQ|f~w zdCip!_Y;Ia^9V^)8^=s9Q%$Vco0G@>zj$8}@#D?4@7T&`nZ8?QM zH@C^iBpzJNC`auSJs^YcX=(VeQ?GgK~eQVu987C2DFu1~CUUowgN_Gieo zjAtfvsg!Grde3F{`^MQGA$TxcF~y;2nT(m$yI%KxPq}lEj?Cn|+kJRqX+%V@?*2oJ zZ6KO5;m;KLJnT}Mc84wnm40^Xy5})T59f$$;H)BZK9R1(pVzDPm=Zh?hbx;L;E?T* zk6vV0(vx`H1KNq$-rQFg9FNrEQn0IZOF=Pl@}=8m*Y9O*|E@{SaSK~M7Eg)}{Y_UJ zs^Dg$nvdHkjHyW|o_>3#lsQ}1DGTIo67nNDDlZ7_%yJrV-b~*y|Fo@fYS9;m1v5u# z&svjKt?Cz(m&&^Pt~#&s>!_XWiv9T_w}~GpXm%RV7dYbJJ8lHJ<3k|(-6NTyw@mVH zgi$g_w}g2feadiXTuBoA{xU%8Cp!ay^)%!MPyEncK0kR*De<@glh(hu$-JznKqdB{ zQM*-SBXwOXy4{PcGKnlX#i4$T#5%LvIsG;{w3*a%Wy1q`0!l!o^ z#xM>|0Y69bMb6z)@dZ}>-HZb@n)8=rTPqy#^-Z^w%w)$T;!qQrP}6;!yyHGB{_pTBUIuEKtar;wI7pSX9uMQBO2BA{Gf@(vQF_)G|#W8gA=ZK;`iC{?ff}c)GW(rL-ZEG-=N>ZKwW8IuJ(v zYRJ~ix;^K$(`1SF(_tsdxXRgiWi?R7qNAVYpS{f04e;An7K+bifeTmfEevkoOG5iIYR_)yPBrI=hF$^&PR@=Bjc^pxI3?+ zyU%R=g!}f&)CL2Ne8Z%NLsr9YtVfX+2JHYs!#B5KWar&I)`@U&k+$w%w0Q z-~KaY70Ec5kcmInw#x9MhI**)qtn?s~+~wkJ6Am9y_YE*uaOwRh%HpYNd|QXdR!wh& zC)oUrrVUc2EzK8wS}n10Tw{1jUZK1IU}bcqcw;N269%pN`zrACTa5m=2~Z1i{ub%F zNe5voJ+|}+Tfj()+}~4blzdh@`KW~-PhCLKLz*oS>C9+GT$ldgN4J~k3=l6yw4L&1 z-gMDtGP4>&f4Gswocza^DR4WE#`}+Y+f`Gr7JKp)7HKE0A>Rulx#2SI5xH;;dT1$; z=l4uU6LMx^^B!mBH@o1{NlFY~jQ%j)dko;{1rG88Uu_Ra zsLf|{<_`VrpwXPy@JO%JFWuzJDg-y*NB%m$j>^x|H4clR>h+oNpdP58L$#UwVy{^Z zkMX->0ItHyCMFM#Sw4`nAr)S#fXsjK#&nom;z#Y^cYcldo~Wmyp2>07S>^*^vsdf2m#EemZ3zwdN8V+vW4E1Akz6GXyWrJ@{~&+ML?+ z@XKd<(P_|v;u1;W18e%bVOs*$n`sBq7MJZ(m;rJ23nF6bp8iU$(@8ufenZ!5(9U3+ zN-}=@r17ZeH!#zoVjR}6p6h(?zKD~)(=AlO54B!EMdEgSdmN|6vdx%PwsHDQf9O+yMqtr{W9q~XKC zhoSDIg&Dn+#qMiVM6TO*4^~vn6ewv6vw2FG&%*Nu=o*r=A6_>*WNp`(eDDTky!{;O zJyRb_9-%nY+i@pFF{bDA3DCvarzS=Zs8wDC!VgoXLakBYoLvqo-41w9hl+GBO^cm* zsp(l9;T@YhkRe9FVP=B;{4^K z33_F7qm&s8FGfx1375tl+BmLkorBaWElOX_8#$uJ!5ce})8%h&f#k#LQ0qRtUKMvg z;%`QVD|Nu3j2Q*$-XiHlaH;ApJ@-|-J+0&XG*+EmGL?>H!k8a}(4DyAJO7ypN06am zX)hVqY~Uc)RE4yb<@0a*&E4LkkLg5brwPjNJyyZde=(=M19a*u^P|6>d_vRfx>dT* zwCOI($9+nv^?~?yS#f?CFSi2A45v-e;n1tyTn{A zA7l>jA&0$|jPgguGYm;Lq3WHb_`tNYfRieCx|fG zIx~?Br18_WI#PCxLsl*9!mCNj3rWMuu)R$e@=W3lEPg}xv`O9yUWz$ds*rPD6Ww=i zvZjJt59Nxq^%xjApiEy(FcQ~Kmw<;^tybl4F#0ICHY++`}94@#=u8!runLA?Q@amA#)Xdj}+mFfKf6?WrZb!sB`91!m~c zk?>1->m|lX4~Mjn5UV*XM^oR% z7`|Kh2!1$n8LW+b6<=A6Pq+e95c1wW=(p&>wwG?{v~Jm@;A=KE|JMr7RpLrdBtOGF z9b_{4YI>_&=Z2!S9yNYMG?Fo~Gud&ZGhP3g39TthPR0nM1LM~MSaoa`UBNwOdR0=Lheej;^AaLS9rHaFST1QxV5}R6ZeS1h@q%x!{pYOiF&eDM+ZGp9D{#OEIcD6p zct&)upyjmnE&=QjarB@#Vsd38S61WD6X=^c5z>FYx46EyP7e~cI%|n~#Ix8l3n_fzQmaQN}w;bX+X3@Q( zzko>RzT8ev%JFkTZk2LoWibJ8L8gz9&+U9_46~nu@}tyBTj2$24+ zkTFT59qt-wR}Z6B$BD+(yx%@fudTJwWA0;%A}y@Y7s4XQiXCqF9W&i;D+9I8+W`H7 zej>|V!6^N(Lc3>huk~)SY;#YG(>&~5s!#AF>^qAn{uZF&`NcKUB99cvSnF1>gPU(!1!Z>2<=T2wE z`7uG4U*IYR{nCW@cAkByGU4%{qhWRf3UKepowxLwG%8AH-%lBvU&yPSF02ew=AQ#_ z>;;iG{lo(0{|JQy_+DL}lLQ}hBL6!4^e7d*?XO8Cm{E0ksK7Q=5aivbkSqhqBk9r& z9N&~WDUNGZ!eNT0#@r~GHx;i<4~e5pgW2MHxhHCXXAiY5LbjBT{zd(&gdSNL5`Qof zK3kXdk)r#4`ymhzh5ty5l_vR5w|5>iD|q;roZf#a3hk#m`rFafSe4Ln{2yQ=pPqq- z&UH6YpxfeL1;l9mLd{R6Y3B3Bp5|$}5ohyqCp12t)Ae?L)N4uarb@(BJX8u_X~=K% z#e*bm6oXeEf^OV@c1Rd(=t#?B%$>FC^lmycoec$Kl>9d+Bns|WK8Sp4dnZVqUp-{h zwNi4~o=2a)NmryHYhNrizSyY(i3a$7`Z2N-&~G;#;gqAS>-B+jK>B{yH`S0ahI0g| z#yQZAu77^8g$L-T+Ob@*da3Za4Qj17ls;#^XdApb9hb+{cxzyb{YRddo&9Pii>pL% z$$|-6u0|71VfHc~I>s4t^T(*+dKPa_CVo-YJ(evwsjS%5?8QJ}E0iZVaC$GqC%Y=$ zUOVMD?VbQB3al0IU zo&divlb86>Pbt(zxog@@|Mea9YWESfEi|Rd|T!&TN;W!Wj+C6fj@m;X$u*vB7H$O@CtWv2aC6{?heEd`=9)0|8|)4#m8c zkCPGp=Pqpf-wF;<=rK>meYE;fNA{>ao;8a4gTL6L;_R3m?bAsk4q5EB%Y*!%E-H0ecsNt87c29)B?iLDI_}-dPXFC;t91$DR$c2 zrY1LImZz;<^x)}xfEAAgUNbt+kH=Yo8Vd`kn3g6wl?s`dHiH>pGd+Ov7d@$@8Tzi;p?6&aWXHRlt=tag6qUsE^ai+j~bGR zWi!?by<5T9SHb{?^fqTz;qQ~(o|8;&BW((|$@u8Z!8sk`gV9!i0E*cWXH)+3n`S(@ zkrUzm0jz?V3DQMQvW{7uZR2W!64?EMb^F@+Cljxj6HGLK&FHCNk=*my z+DOFmPR#`MM3kutph41eOuuc2u=wj;g2R}Q*XMW?noosj-N9zE<2y(=;8`2% zlirQjyAvacg_&V#Ck5c$tj?-G0Z$db;OOg32}7%PMLwh#J3pUm(7oaA%4@J_b9%9aMHO%tj>91c7iO4qxBs(Xtr~5{Fx8LCK^r9`td^x$xqX4QVt(Jy};+a?( z;L7=!PvyVKpB5LYWHbFUvkkm6BRxTs=)*o$kbdWT6SA$egOT?m7~!t!3B}MEDM^fG z(YJu>Jp5>A8Xgv9)y|o%1rm!O;=MWvt-I7~bW z`V5%pJDnakBFDJzme*TeNzmqf-B&`4#k)ten(H-aFajTe_*`gKYVXRF##(w92-)$5 z)Y8u`6Q;zvvH(ObO~(XEUoopGK;CXr_s+HG`Ul^PQKU4Fa?PJ32;6Q;LeNtseiS#D zd8tpJ+jDi!$BqHgB_IYjX~8!QHv-Zb_ujy0G7GnVr9br?W63O8Bf;P7f7u^x)Y+lU zPh<|tM!*VO>U$oG4opHH?C5JJ$M4AT>^Ph%8=$f_5}u+U$IjHcI?CuNp_XWEFs7d>LkJTcgR3&I;-z{nk;ZAI7yzZ z`|VA8@%|M*25rMV<#7bHhI$||Pt>@;X#+pa*{ERpr&b%=&+IxaUdUIf%cp(_IS6%+ z2+aIM!3Bg-EiA0nil#%zM6&OU7^Zw)H0^x7q`2}ZcV4bDG9|ToQNnFfUD?>$;|^cp z@4MMtBWwL17$?q!JsOh0O;nvz)PrFqA(12{%5b5ZBQAr$AAo_z7joDDgCZ=HToEt&6l&WKep{& zY0Ns_=Hk0Mn7&TCcm~)H*ISOW-~U>)rZ{iDKipHaOIy3iha-O9G7Q9LN{iW16360t zOhx+s2z0LcK3-l3aLV4UG>)DUIG`aG&%(0YEJ34VC;l3pSHlxfK9%l8C#`t|y4k`G z^W+K10{lTaH?Ul29K)u?v$vmM!6m;E>rL0P<^CIY9|DW)d21l{2b%82wdj3nQb$(Q zX`PnmB)0}!LaPEjkxa+%NLmj?IBC6^jvOGPs%zwTixfyZhYnweG3S^MC)MQ%o2914 zPw8E8=ebx+!w9Ry$zL0N`dXMmmvb4!Th!6G3~^A#ko0KBlQG7tBv=vprFvOGkT7oi zVruhBPH{{He8F2CC5uYS(Bv7akoe zt;X|4kiGdA>6Q1V8a6eP2E)x|b1!u&Pl?ajY6|n310K*u%D57dPLXAin0)y@GQWtt z+vk4oWxo)~wSyz{OTZ!Bqg;m+o5^=W>$%Tf0kv`jY-r5DOmqOaA9S!ic_1Ta`^1^Y z*N)PHVqCg*67RHB$*xB%|G38(g z*pv)}|TbbP<^dm@1jB7Smxp%_$tJ;Lik{HJa zfqc2JpeJjcNo{5*gJWxU$6hbx*?-)D`X3|HoMv5x15dn>u}TOJ;dp_)=YI;1^kq)% z<92w5$#ehL2RLcRm94nPJq4s@){-WH~`b(!t1noZGI4nskMIC|LN}%$+LwF-q*LG}r8zE*mc}?pPRfm`7Gn(7-xQV@9 zT{K_Nw7=<_Ak-Z-QXW-f=)&U3x!p(Pa>_&!EFKsAtp)8Kc0xA5@FnKsv#ZHmSt}t6 z9T>$%%I=e^S9c?InO;4bsD)i}lnc@G{=aB?KOFktrS)06 zXd7>hMZ=|TD0e^h|2g0N9&_MYYM+&g=-y4dC&Fejv)8cht%o@l8Db z4Su;AZ4KZ%$%jASlVUWpl1j$Karry+mAkAbX+a4igw7MM*)a#DT>inFHH(gzEb`K| zMmp{(-%@BHac^OpzIjak--Z_c!B<8`jGQWpKf+x;tZKc{+Q#8#x=?x;Tifw>kjlDc;OZLD_07f?7s7)vM9~K`@!;L-Hc)kU!jc(*O$T0fR%&h5%`?irCJOg}h_I+9}h` z05%tq(LWzLmpWGDs&`kfZ>@N0O7a%gOJUw^amjAep?7lt_#-X{bi^DahiRnaobsK3 z7J|XQ+2V?JDbkY5DGstYku7DVd(njz-SLKSl~#OC`hO3*%F!~KcILmsSpb=+4W)=n zm<1Xq`z`uaxpYQ~ZQ@e5=X{g*noGF-X({mWl8>^KAdy!koaUQWdGOIfHluRCuUD{p zA^!K+yN?jk%=iLp{{{`x5kInnV_05B>d<-?F!W@(2B zP@M-(pm_(D-az*6eTVMxO?Ksod^D5!$Ww9*p8*aq!2WT zM}Cs+lgA9!)m~MIHOuusH>7`(&H}5Cwz+vPLsq~4_xT`^Z!m`?jvpPr3+^HYC=TO(5e-5R-Fjk3+}3?bR|X8htitX|7vJnK28Y+KJpSt+Q!#X6k5-=)YW zd`Np}eB`lkoQ`~xclFF>LEe)_k9#6TGW}qg#Bb_~C62r6_W2z{@TT_ns$*kSz}7R@4SWjr*iw_ z>qeP3WBvdC+T&YzN=F?0-$N?@&DOX4NR0IXYPFU%?^ujJDbV|Cdriq5Mg;+CF?Spn zQIwGNIlgcF4&rs;A`f5G;){#z@Udco4VFxE6MDwqD&WrM1zGdh*qU{BuuY~glf~@T zg}i3Nz6NDPST${KI+?&Wpw_CygUt~cd^&6e4u83M2HEd@4n8U+qOx&p%4-Z{ma~^# zo8$=)ic7_PrFeTn;m*qbnI?btwF}F{IB!c~TIu}$H8uBX8wE(xhVx)@YLWx5 zzo1b(d!Hrx`~rQMDLC7{^``r~h=htqUUkV%E5M}vrq#Rx9qwL-M+z%k|#rHt|?-8XRpib#8x4?tg zTY7^#1iJt|YNcd8KEPODGQi6TGj`K`_*RFWn*kIohvT z<0F|)nnLPWW`93LieVt=^^e&9i!>3RktUb6nI*LmU^YQ_6)sRSluWy zq6Nxe&dAz+Ql$syfwM?7CX!tLVxTM25OIY{4>`6?>QhF!Am~B-g}EbBcsWG z`P0u{6J(RnFN+Pzx>E2A^g}YYQU1vT2?s%lm~(c#FYdG(h;j0g`+FZd&Y*+*`mp_d z{+hD>A&5uWQ*uFKUol-*zM#}(hd(ZUkz}DaS6zVEK?ZzAIlUpCl504_`9XbW72Y_j z5pu+Klw`kH=qxcKI4J|}#wp~3gNJZ-V>@J$#aQw4Ofs+N+0p*Hpl`dYY z5>ymb=HIQ=q56ZepUv(D39=PmZ8_!0OV+`EaK$n?8gNtmwYu+(8I9&N@$80fRi-*b zYjeuVa`<=cqGvBkpnKDJg3u+W|4_5%oy#qp%Wx|t&rHv3*7g`e=X8ZIIq;GjkA8WB zeBTdlIkemV-ss3Pup-|g-=c{?I9S3G^v8i1p7^|lpZT8mP7c%{!f|bJZ1rR= zocB#*)aZApI3NCqq*`|g*I;KEq|JW1>*L4A6A!1YNWtf{W|Ua<^rPW6?&YD4KK%{N zJNM&~pAK?*f0h{H4VN2ea?csm+|+BN@X5^460}J=TytZ;2#OriB;GJf+n59MqMyUWsT=yGBG+NyJDxjXjwFX9ITUIqIW{$Z zQ?;n6NOElam)2^X9-1Y$uAZPzr)4og`0}6V3C@T@{q&lJQ})UR9d`jkLTAmEf{T{saSN8TET-R&i|FQMeVNJb%{~{_XC4zJ#CDI6k(IDL*CB)W>r0_1y^FEU;mW{N<|#0)7ibHMGJ*G-<-{bU3)>9{rSO- zcV()Mwr_NUVsE=R+R1)<25}j>^%6$Y2B>eXe%+lu)9k!6;*%jw(P4dkQwqIezfh@v}KN3S!ARmBTwSd zt9cNz_gToifq28b)j~a%rkkBe>$`eJ+;g$WQmO<)XJ^>1oho!Z6Kqr=ggo1sotdD2d50^l@5>&Cm_R znNCsgK$9lyPQP&-_6eQ(`GMafYFyCp5{Elx><8%6Z6V4#bC1`MNkWa;9~;M^0u&G8 zRx5Uj!n|ia4t<#a)JLbE-39+OTziLYi1{`lMsU!R4S}#=MZpOt?T+#a95)mE1Gh7% z5^Nh)`wV4Yd?~NXy6AIIj{eK^_}3v9x$&s~qb}(0e~g}g@OWD_SbWQ-7+f4(0>Sa& zN2vS7BQJUZItZKwx>EvILwUj4vXhWNXfgQWbLgGMD*|d!wBSXY;`tI2oHi{RX+pD! zOHJpi*=gd)`JqZq;7HF_b%Vxa3t|_2*$_BE7TF$(zytg_KNwgj)x6@<|g;jYAAqu|4z01h5{V8`I=6T{6JN%y?HVZ3_)r20u zRTo$ik2)X3(a7G)*2Ih;;-p#A{&?5+Vk`ql$BKCA*Aw}o$rJspY*!O%og zxJ_*Nh5cIob5FVYk3yQjx;O@|H|Efi1NxXYl)Vzmu9g~a&z9za+uxGwnpnfUsGVDY zJqVMkZg#>r*4lsTdbEi^dJw&K9WW#cb49Ddx!PVJ?vt^CQQk+FT7*H4Z2r>18|LEDz&;}|IuK&87U%ViFGMKRQ z0f0k0x@Z{JGeXm0vepVNf%YPXL#bpulJ^&vC_)}v7T5>WbmgQPon4YO@~KWx#Ysr1 zmvL29Y4*gP7T{kGuuQH6v;! zrdan&3$FW~7f_L~&bp67W?KXhl}*gEyQ<3%fvp2mrbBLTUIZ2n3u>7G9xWn*u#ZuO zc4o(C9$!F;v(u5t2ms%G2g9v;!WGjJ0Ca4UMvDepr4T(JZW=&N=3g-(PKDtc;?$b2 zPw1Y}4$$X?TBZaOmw?`cj~8w$uwSHGE*L+Ft)IYhh;*RVzxBK8krw^p7WH!`2s=_x zymJf`@GT1vnaun7!J3Mho0iWZ({pLaa9~pRw1xSFhn#i;q(AV*%H=60b%!bW7=2a) z@w>K$Nt7P=dfC8?Zx}OVC9WM|*lkJ3glwgA%pdT9q;h!P-o@aB9YF!}W=1|ez2<8^ zw(!sN^yHe7pMmP1?c=@QME9|<6<;eVX<@;IH*12-;W<@jVr`}S&KnCY?fadT?bCju z78}1$UG((yE_5b!-24u^K4A>wTg*Zr1~#cSXdz|;t93}kOUBexenej!k<`YPE%m@@ zmkE!SlaQ8E-^`nGsmWZ6MpvJpO8fJTPd63nS#m_5ZV zQrr-Kdu@^*lX&|tN0Pr)DsO`2Errc5pnqv52ryyKPhyf|9{+e(c4rM`!@5}bL$b%l z1{IxOJS!rCa*2-X*MHp@gWZ3C+imG8|8$%8E&q+aTDE2ei0CyDn>F#59|Qb@-m4Tv zsjtS#HZ>fdbUO#E_`gsq{CEwMBZ^bDSso&(i9_?6+iWu@w3rM+>}Ovh)WFQM7K;$$ zt52{4UkSvpZya)(^*MN*5I%Hk4U2%R89N)6KRew@bg;zR)S(Dpre@*3PyIrM$@X!u zh-Df^nA@_5+XYX4e8g)IC4*@jIXm{VoMEBq=GC!GGfMP!DE&S(f>vj4I?8f*n(3Q7 zvn90r2Q@PdRQBV52@oqn9>@$rH+@qD>is=%f^Dl0OvpaThN<@CI-SM9p2?&OV*lQF z57Ps&E`QeayW+bvtT0*WZOX#z@*5N`&=in3(FwSU$gB-ia)x@Uy%KZDjtN&u7Nt$V*FZ{-X> zL#VuI4BAW*#2@^nqNyUkxNJEzoGnDHa@Paz%@l*F2)P4J?53)Is`sqT2`|l?}*2d zz4N{l80!BVUsWw{J>Gc&a z+}BSDR*gwU#t+CLYK4Z(gcil&b`8u3)q3Wp_47z@eC2MM!%3#?T>tqoMFA5&uGXR} zFyXQGlE84XRnE8g;nTF89a=^2O&Z8>RIZFOcvU!8sh1*`eI4nOEc!iu8k6SIa_JYZ ze}C#tlW%fp-!XkB4{6fQWzmjFVcJe=GoJo=5ZmKg`3MyHEkd1n+>bQAbtf3Yis1zU zOOughK<;bFFe~b?H=)IT7y<_Jbi9BTa2{Ne35~qpQ9mol*s=fwfxgmHt~+&tlfD&2 zG~=?Sd)-2uRh9NhC?t3he;naGkzw1W<(l0jKg4VOve!&U^47TT!6OHrIqA_OTv(ag zt=Mad^*^SjhzjO!I!q;o)=3TTrrMoFaHU{qbM>~!9#EIRS<`e|lgj!mzvNo_TkTpq zx>?((>YhkOZ~*Dx1WhmHG169v>aku4x6RL}OE4qiVbUTtU1Oe~mpJ054z=2UV65tg zgA#1HRT)n2f%;`fR+enpvLE-&NgMfZKGRe_p&S&Gi%)ap>`$EdD5l4d0=z%e_$#Bb z{wJ;eRUG-&*nBQH3Sbe^pIJOyQ-SY3mO#?&sN*<{Z0@P zP6ozYAh5N`U|`y>!(449<(aqjz_@!28>UINsc(t5{jLbC=&FLAHn9DLwK(w_R<-ue zFfNTXwR>9oQrRUy>a)T|&K z$}Re*>eEd@c5u)-352q*Om_Cw=;SjZPnoK~F?H%2w~>$>tY)W!5z@t_+!?dDFY%d| zyTQ#$MYQq1sZTwQ44a?tlxm}s&-(N|Ci)8hyA4HzY|xR6mPYF8G-n0GQTGT3yQ|N> zn~sTUA_*roia{@(sVEy8q~Nq^yd}wI=wr87pO1HVG&#r z+a|@CamcSgjJEa-=<)y(aBwq3v6G z2Tn6|r0cYL-Np=1T)o??SAo4wQ4lYrf_-93OFgdc&hq=qtJo`6r%gT!N3lXN$9va$4A%zWxoI@2gloq*8v@w%u*j8Z< z;P=>=P`G@UE2`1Ima%((t#B9g*1*cyvr@R_xQ-gHIuiijl55jH{M-XeLI% zH!BgzkU|^9@>6s@2ELI|;4-3mYQj1iHeT7JGi91q6#3s5EL@KO7)04`uqwW}i(v<5 zvrF+tDNOUE@v23bWL}p`MAZqKkKAsNQ`GQ%ObuQgqNAuKuOGC`+4%7xmbiGid|BU- zbouSw!4fm-0lT*aRvT}!u)B#SWydw&WKmorM=*oCgBEmIl;hi#%`6BBZYAjXJGhz{ zbDq5KO$)?W>?NWD#X5`jf!EE~bqOwj5TD9e3^HElY^n%;)HyCO7B_!_bAQV&kljc{ z0%DlW;@y(XF#R}G%@If5s*I%}OEZIEU1D8`Oz@(Pm3yYqzh>~}ap;{FhlcmRZ14|m z_WR9qXbG&)&pPm)E;=Sh&-|XqSsOpyBv;~Ibk5WD zdkzGzc63L+X$v2a5Y9wXMz2lE{=9hX&&SNI!aeVO0uh>fc6_zyC*Rh%yAQEe+K=To zj-_KY!HGEJHz(9THTGZl+B5x6Q}qwjsL6{vauaBJ^Y}$CFm+Xl)X=E-@Qs8)M_lnH zR-TWL^GM6>j76|`9hNxoEPHo+w-pJObnFv2zz-o)>Z*+w^0?BM5#f6k^(_~cwk|CM6jN^2Ga&l1SVP`VBB>)QAogdpvAt|vo`^72$2 zi;`iLVP-jzwLd<1Ix3OibUV2J*!r45r$*@JE#PmKn?KN~U4K?Un`^LH&O5>G0(zYJ zMVB#=@mk)4iBNUPlHy)rm+*Mdv88b21CyEE@u|WIw};Ic4Aazc7S#j+-*DK#&mZJ1 z%+V#Pm*Ml#j89Z!sp~x%uFo$FUOREhJ#Kt%hBUnxR(7I;qrb4Vt0S{*Brj4${$$yO zcByzfz6EQjNQ6U(}DFNWFcG#4^$n1w`2JO`f_1Lf5ukX~a7!K^oHVKHq2ewzITvyRf)NJ^N*5P2Uk<}*uq@qr>t~;5R z(>5V0p`r;2n}jrQS6jmFZz>Afosv^+nJc~RBGSruEHk?FhGP$xF@t7#DYQGE$+O7$ zf&VH?hEP}Sb_5os>Cw*e=qi0@vGNwF=NIvmxQ}8u0bctm?7Qwnuf|!IzOOZp;3}j9 zW>x~WK=`=(adN}INhr@KNV!=LI&${@ygItrAwHG5evE!td=OTw zU`M87yqD)QS*&c}TH<{<+V?N7(|^z{!Q882w#|RYAyup&YUC1ec6XLY+S#VW@LVX$ zRJu%gH;>F1OE-U5^!C)$Vjd0;jG*h=(_}HMH$r$u(JwpkZ)mL&&$l<@#f~C#R<*A& zhZDX{!G`^65w2RkjBL}{2Vk6FhKG zxOCN~F`vd}b>h(^uBtJ7o~G25YZ#NuwwE~Id0*1_y#*TLCPq#0F7NiMxaYDfd}{tV zr0Es2##tWv^Yr+}|LE1IMs7~}Ir{z%alXDMoVznMk*6DC6t$rD4pYB{8U9wmsNcCi zz6;@c`dtnD_$ovs2ZUiCp0(?>#UXbWC$5&2FxwC>zvl=PRIv^*8(;B57ZlwSr7jrG zxr1X`nhN%2t5WXaoh_}F!yCGr+f{^|yGzG?a$<{6Nb-CvsBLLqUA@h) zQk5sJc_!&)cVUv-Y%Fzp$};PT68GBLCb3RL8^dPl6wdd>n5%Z=OVaQEK}A}{nD24z z@V+7kN(6S&}VjY{LXC3qh9YJy%+l zuLj6$HEGu$a&{!mJ``+<< z%M&-Rw&i^22~L8%#JcsM#bYJk3h$F@W^|4hx4+ccL;dujJZZ1$g$$hR5OpCY%Ve>a zM*bU6RLy89N~0!g)ekiGk(#+p>-K{NCiiRQH9j_DM6gK9jHZGurBQ@GYfB596xbyZ zN3nQePzjtoRh10+-H(8{7Y?!;5bVz$95hcIEEwm)C6KwADj$#R+$GE$w9J!6MFezr7rWZk?r0u!3kZ(B^lQXw>z}BXGk7&FFfjbE zm-r^bx48hjY{>m68Q9ciaWie`{X{{N${s6NN3^wnV@(!aM_>OxdoA=f74B zdq6GN_Mf`xT^LX7-J`RUH#s^0k>t1ZNbhWqt23S@MbSQwR%412A6|cTSnh?B?|tq> zU&{r49kn_8s!U>nhdTnIjPa~vNi_i}T*dTR_TcAEGato_9*(cQ67wJWh%Ukz0okH) z*1^<1++T7%@T8X&mj@iIie6Xa7m;-U}WBk#vb++OX857}x)t4QB>bK%eaG z*F0;vq8#<_TL16+O_O(ESzDj4G_d5q_b>ka!n8-TH7Ge2b$wR-|GgE=GtqG`SoQ6H zKIY%Ac=7u4s_u`M5B`7eXdaoe;dZpnkiM$;ub%tAp4|ui_xhz`u5?$z<_rJNPo?gM zu8UFJRE_?X3jgn896v+R-^$6g^!>k9`Tsn2<9+_p()5KkS15b>OY477?SDfyMO2^! zVDmElJwns&PtgDV(7%6m-(Scf?tU-qWsiiTw4}x3uF4!x4q)S)0Z*UsGS{dTbPCr_+kdrM;^k z+KsH~Dk~iPm>5l_Om{z2b6&tw<5602ARwrdm)w<1G0q>bka)c_MrMmsJ z-$}m77IxXXQcGHH{KR2@{kCatt4!4eSG3qmiS7b5Ved7W?MzEE^2{eKru@`oiUB|K z?NxpMi*-#>x(^{!#Ut@3bQ$?!K?-ja<}mk=aq(bF1KsF41n7wJbNTJ>PULQa4k9fK znjcxj89Oh8W=DCgXF#_`K{L5OstwE_grWsD+^k)_nu1h$kwtTB=ay@mhr85(O-W*~ zU=a=2wM|t|&Li3h{cgrv--66ML9eX2v)G%C(qMOT$5)TliS*!ZO6_s0W!_rcz&<0! ziRLGA>r51_|E^Sav)Q1TMx@&y+i-08=H!^_3VQAkqnhTRXFXvL1rOo6 zwZ``B((O^2v5P*DFxXRXRS|s#^IbdXXYkE~Li3u*Q{YrtPI&qc zI>zsr-gIj!7(n%lkD>B;`>rd0I^kMb1JhQk-<(^sP72Vgfl`Ns+xK>3e;?XOW`VTS z-1I=KnK+FLh%Ww-sB%anJ3qF5QyjNCYp5M{9=gAYzj&J}_T`HhJF&&l*Hr9ux!MOg zQUoknZmdr+O}3KgSm@_oHTgD;{-cYOtzz27#d(^cPKWSq@vCQt#utCDh|z;Izhg=9 zzcHG?(Y=dX`5uKLU?P_x#x9ZN|3G458APO+=&sj#;ssL<*8aHwSmbKp+0N6ImZJb) zf-2S#LLU8Xp*}IR!gR!3lk*)M9cZK4$<1ki?~K#EkraJ&m?+a?Jd30bAo<9UW4a&d zL`~*1HJwWH=1Y%?g=||8@vnh^b86nF z?ghA`X&!T3aYSn1OIdKtQ>S0a(@h|4SORCgI>_se+SQV6cBMLXl1-dP!k~~b?3O4I z{s*l8^@A7$4`tAePmZe=7mVfnRNA+EyL?{aQ%MCWsjbxfiptm}kYK2z9UlWrX@o8`jT)A#GMBTT{ihIWF0&X1M zpIxvRm`_4NsMC;lhJc%y5Lt9ebrbP%MFzue{P$x-6$zt60L?cWd$tJc zRY7GYQLT`Y_w8kf+#f@?3R887YydS**sC*u@dCa^jG3R4L;pDAB)3iXQC;;B>AnY~ zFW@qZJM*{?nP%I_%OI(4l98H-BwZ;ZD;*Q!ZV0uy(?dwrxz%SN2Y~I?|~kwT_+&b!x?^*a(pw z=YEI#&9!X}Jm;Lz`6Vo&o?Dcvade$ZBD z+-G8QNl_{a(d}mrMS%>fnKBrk-#QeLDFJU!Laf41I5Uv-7R>3U@T@0UB(!LC*sG~Y z=QVt>e(VtW0bxQ;ihXJlj1P4Y!O!1PH4WGb?eA7bbypLiiN!INjAB(TytHMu9t5%3 zV{Y!hsH|nboG?@Kt*N4j&4J>|Z$k#;d2a#7v#5)yvyU##!(!@X4E0 zwFq#QXA3^m!wp8YuX-MOc^r|DgcB`v%&AQ-Hl}<L63G+CnUeJq+JpWR=uupji7OZd;l*&;Z( z`>)!^ecu0qS}t_RP}6>HRg~k%gvYf}IyzvSW4%eQMDjJ}=HwZ@uej&c#twRag9|_L}sH8N{`OhM{;0hp zWj*Q>lkM)+)&b*tA3uDA5X*HY~2eX zW|c*Yi4;}qZ7%D$ZKc*#049=+4~1_|&2F+2F8Cgqx2inTv8yEPGzQX$uc}*rT@pPF8*8CPw^~D(2mI zmGNeX55OweOc3L0ofC6yXZc;_a%DJPb$oqq?Ci+cJbL6xfks}s%m28aphOMrH?RS( zY%Uz!Ob3*e3p?nQz+-JgIkv%%_L`~2igmp>@ti-(Ew!m!cCL&HO9+bo?)%&sl)#&* zswD$Be}5O4$UKt*f2Yio;L%YgAVPHrTdQ5@4?RLtp4-&R=R@M4SUri8A6L~$2R{Wl z(aUdOcd0qx8a>kIi&~y{X?BPvmhr)Lr(+r%nBZtB4`qZrCJgo*z`C>L#@CR)7|h>3 zTzy2CoJiC%*UvYCI(vC>^De^-A4j{D7Ch2jQ%Z`TRrhi&W;F~`XvbacTa90%szUSY z(P#ecX20KN+MI|)3`-M`LxQ4?wK-*rGHLCr@8NNepPeagWT%_LT>*&29_b;gg`lsU zSfS2g^OL^@qPYw-o3n2qAkkay)t?se6?LU!WtlU3^1iYp9cKN^+%tip8jSIm!>*U= z*Mi@OhrS+tT78qOQdczNoi`-EBVyJdp*JHeK|CZtgM~@5xB2tL^@YpwMCaA#)lcP@ z)wfg$dyUR8W>P|VVmi7|l}@5xX}aZZYr}VUdi{pA>BB2oD_z~r-?j}AifGs#y35jt zoqNOf+_bFtkK6@RYUwl*%1_e=^woI@^55u zn%{fv0c<52P18eEnl+GNs#1gS-)}?B18h15YTtVCc;sfAdfgc1$k?9urz1eEn`gQ) zdUK-hsrj#-v{^K$<1_!muHe3V^j%{>B^#2jF4uWC;(62ZP}CkT#cM+Gx`r0F7(hv8 z=`Q<)n=3+!^y@qhS@(G4Mo2GRk*PLZ_rFS6psaZ(?4~2G5!WX#3qxbPcv_K1{Hyoqpnns7A)&nmy zk;zT*XnFG*Y87?XSqG+dO=_N2f+qxC(boswg=ojq`&GHP7KG_9eoe@e&PMM7Ho?_8 zfB`onLhOPy{YC+%T&YsGZD59X0o{F4k+~*cqiIB}X!)9Kn|z1^&NsaDaLg6DNHx+D z#uUGI5eB(XRXg9BfRNoNuV=<03##L3+_YfW1WI)~O7NcZP0u*_%53>xn(~#8R5X#> z%7VV$e_3kK3!09U;%wqQ_2*4SuI@_!E~}cGdGBbKcR8#$UW`Mu%5BtH3A}yeEnNY zvZVQu_euT3hWuMh;vv3}Gk-+KyU6UGX;-}B}Vh~Nu9-vGa-!ub{eF26-X!=rm?(rvPSz)2G| z+fJq73pHvm^ts}B*TDs%)r-{t(h({b#@A?SaJ`VxHXYD7KAl@KI-EJBC!C{wmTLzv zyQb2Xf43_Jm|^3LV`ZxdLJP*0o@i1o`lxLG&57swDN@wHdpqx|2fJwIr&j0vn0!=~ z$b74j%tmY1N)(d<1DYWX$t=e2z*Mb#Y%{`eG?V+O)4nD{J~Q5N;J>m(*Kh zG4mew<;HU@eu!{J2(daWcRLXPYws#eIN9)MVWl;iYCZi4ITu-P7QWwhHB7YTL|zTBZCRY7w+_E$7+Z;c#B!wO>ApIl zo7{f1Y)_`h@}MtY{>sXG*aK!Tb4Tr2KzCg}e(GJ}7h@wEYBBx98(B<&iwc6KiTxdl-6zBedv21jGJ8@(48czhYpq(wCa0{N!!+;IPIq7j zaHy3Bp+}%zx3>YG(tp#OE|gcjB%cjAin3+}tDk*&K&?wCnq^b69v`KXHouUKOqQRy z$t`coCL4eB&NAcmQ0mYhyRN?gU8>xPx+~8=vX2{#KaZ(KQI{pY3~wZP#%u5O{p2w& zCfWWA!GlE2vuuri4Cgv}LPGIpc95xh#LdEf9|V77X$mulJQhlV&nGq6OKTH z#C#{8^7E$k)(*8e@EN9pYNcTt%1WYEw2%DYH+~IJd&cEKiBykLOOF~e@QDrz# zRJz|c>c`A6y!tCO9ytY$7dy917M{n%ED$FY57{ceBtz%OH_v(QLWDv?K<wo7`%k6I<)#Tx}Szt{Jn!~L?J5M=Q zlf85FEIWDQZg}ZDe2CG-grgf5^3nU`bL1z?reU=fpgQW8l0E3voz>aB+`oRZX)1f$ z)u*e}C4J<}a_%p`(ty)l>$ZJr@1`|%%S>7$m=or&B`4^LAC8KbUsQL`e*M&aNp5Y# z8x^^g`Ak;U4fqLozA*x z_;~7ASRRSWKdJ#5kCe?m0dTYEQEtLk(^u(Uk{a83#q%gS7Vr)Zy!HADfC~QAR2}8{P21*&HKXTcfY7Mq1;Zx zW=LU!1XVEhuEEVdK!wPZ$co`!F~R%sKzl93BwT9n>~B+yZfBBkXg$R(&rZO1cYEQe z7Ia@8%_v2Ef_u-Ew{VO1ar z+oIS5=I>!n7(d;%B@dLJT{VM1vS2vs{@`Y?DE}4$!~D62QP~lH#`X89qZm}xddfn- zW|qC!dZH@x0(sZ9kAMYBhH>gcXQ;{JFaCK^T2)^8t~bZi=D!u#dlfw8!mkOVRRu%v z!g&O(+8kIkdmVUQwQjWC>CAlt$sKH4+Qxk5t|Fob-^XuNb#8Oybk|=KkVqJJBKgP^%J{X--WZ>Lg>N;i(~e%Y&GXRyr?Rto*b)0HS@R z^#Bdyb8=HZuO`;5QTMH!CN&^oRgD3siEOF!zm}+3Dqz<7HjEXU!t7G*I(Wke+G+_RX#*$^~#@vziP&mu)#*=xK9Skhi)fXsK6Gh>)% zujiFgGI!0RUfR?3k2_QEiSrz%DgWh$(wwoRQ7i+J=pH(bzL8+NoR8`6KUzwXfkEwVc2ShO6Er5jZM z*FpHXb*fO2s1c%wF#eW=?hYnHvZmk{74p(&Tb?P9_ul#+S|M$hZ$LsNvw@wxtBe{onw2$|9V>fyjtAo|1n|*(kPRT|M|b2ElM~S`8=$Y+$@AOmr_jsZTl9 z*=Icbj{FvcqBe#%Rw6uaobq zV`&m2OF#2rYm8jpMQA|>PK-9ns6dGt4xR;ng)7@HL0q}%)!QdI?Y4glrCcU&lM>>sv zr5!gJEk9?+GiS>XF7~3iT}=_v#(lY-2CfEP_|Iw8;qAUt9BMARmrgMPL+O8dJkO`_ zzuAlmHqe=iIFP!IN7IxVw?&b*ux8U5`)ZD4$LHOq+AD3RXweOu-Z2Nff$LH9;})i$ zG!FCp1&HPux{A#tkJTF4=)_UdO{sMhA^o0GcqzB9f*8StRrE4;)FpQB7CN`-V+8~2 zJ{Wiw-MB+2G`U5&NA}CR$5t;QGH}=QhAbZTz1lrlYb~?pl_R78{4`Pi`xc(t;FqPp zb+7XU_Ll`5dqu2rg(L!xkkc*A%Uf&u9V1@%NA61R$4{raiWJ@C=ntiMf6RPe$arS#sESWiy*|M6x5yChA*|C3>3Pp; z`P}&I%@z&A%)X!deyIM_$_7D%uDz;YtNLmRBoF)NlTb?&`R`o>_}B|f;z0l@xDJpB zk0%z(o0UY86SKwK!W#w~Vh3~=0aJXwan+`^lS%=lO;1*@dn804^vF^BJskeDZ-MWzbeApy=uz?T`cB^$1672OI0i*5>QDPN;pvsQmkra zLGTUiv<^_N_n-noxvxpj-g_Ay@q<&g66zOXZQ!pvk5BKZMrn=b?v#5nF<~>{Zt?Sui=y2EU zpCSW=AC!e&T2LMm4cV@r48J!TbG-@ppmSl*nd6;DgMWldZv?aSGrK5-S;y4+V;XVx zDj_>*A+4JjJ05{qCn&>Ko(kRoPxD!JRmMoD){8WmDUF&!7ZJ4PrV~L1i9L;C)X&;DntUP&IDEvtlMzhed(hBfzahTKT^Cx@k&C;H+!7>?iOzlnv#@${K+l3dbBIX3K4P zhNSG7(OS78H7P(*Pa=Lp}4&LsbM@R#C7Ak&=2?PqiIY2jQ&~!qcx`HpUat*Vl?U`cyoMP;U zis~iKwfS!TC7qyOAH<$0PK zbqWKi4XP1zM{~Z9BJn}KV1pd(-s$^d^+Pq}-VRiLw1_H#^z6$Dx#!w8#NIuBOp4e_ zOhn;|J|r*j2Me`T|M(RPrH=8M^RyUaKW?k$aE$NE9r@J#uUgl%0VUtW;!{@D9=AUE z`HNB`#8(hv)%gpuiOwJNyF4%7#~|M(WzOPl+Qb}Flz6jn#@bvZ0rX2iF-2!QGt{aA z`~D*OdnnQ=B=IDFFoMx7&>hI+IKqH|CGxrCU(l}`iN$Tv(%@mT`^A`Kt|MFxi~ABf zBegVxYh+LLqslXfTxoe%75m(g;+>l)`?~7mu?j*Kui@z2#E@|&4n<7h(Lhvqr*)!! zbfX%Hq<1QTJXSyJ(j1Mc=Yz)F#WuWthw!RD-X`5V%%7v0W5bTm60NJX1G+Tgj$U9_ zkI#O#OxJ7_%<+t1X?52!CQ-}aZNU~<`9QV3J?DSnRa(3+e@`3wyf%y2g|jGraNkWm znQUfwz+U8QkP4G6s4DTa7t%n=jCN$-I!NyLVj6=d+v1e{`>g%w?ePn=Ahi;Ra;0rt z>fK?dTg9q1Xip`v#~QM{guuIovmHGO47vX&jOXN*Nqhwld2D%?(eV1l5BZdNp-c?i zXk}lknc_Z|FaG+M|G|sG<}>dyLrY@rs`)Jb2U+mw)!we(?4K|Y5q(=0 zeP>2P@g+rh zDyHScKG=q45Rx`+m-mitNdC?=<4FaG z0^=d-A93!VHLPYq4yL`#gDwr$uo7b))|f@Mt#u32JMoU+jp`#KkPus(2K3B7<2f7M zVUrVCRCcuEaA@rEQ0K7MegZNd=a+~^2z5NtIplE&Gx*dRem;(}n*|uW)0fgM;j6ri zjyf^R)GGLCv!~A>sV7_d87`TE`qOQw7RxGFdKQ@e-pqcYw&}D$hG_nS#Pcoki_qWf z+wE4xK)entEU9JSopcpLhqV%V0?)65y?* z?AP9QS!?XC@A}5L@!d=an|~{JG>b>CvDzYV^vd>6cIP{|3MR_PgpZFhw>=#z&KRVu zy!G>T+FO#|>SVHqA>yE!*V8Z#r5KHOhsEFD?lu0H)@ST2T)>-Qq2c3EPEb$y~7LGkfi=b6PefIiih=)0|yZoKI z6Hc9fkvP2DuAEtNcc4@INT|=fdyd;!ak^R_+O0bKFtC9Q6sTcztE!Su()_?bQ2I2_ zW{<6FBe+TWr!0HRyYOkdCSZcQyZM@J!Q>Zy!tl#`YWIbx`73f{dW^iSVz?8%qq^y( zg(E@(B|$8m{*rLKP2%B^g&KQy9COm2lDu5gAI0+QWJA8$RhAEYO}X2AOu2#%iLYSj zBEnIgkhl6q++TG$8Ws4+H|Nf-NE{XD!8iK>|3UAZm+lkc_tH6Y%57{UBTi8FsZ~TO zVcxJ3VI}PQ=w;UU7F(RjS~BtF_Rzilbj{C&7%ke(8Y`8fZ9=o88|RrR5=HI=Z%gOI z^V08x_stlz`Q{%!Q=jMMpiO>V6yS%@({~furj{u+fGI-)sTA&X@ekPI)_gg}>*A|l zk3B9XWH5gHKoUehAVzHd19)aD0%bkG?Jz#AzeqiP}b+c;>zh#rT{bQEk zbN+;4W%hZxK+4WWj{x8MHFuB(E%^rR@IzY>z*_Wb6rq~E<;vueWd6EKc=;4aoG`S= zPO(ANvl^)NY;zr`LkHICoI`w_k|W1oon_b)VLqR>+;iuWpxfR0^=AfIY*^}7HI!l$ z{;88V!=ZX0i zQq#^8E$P$l;oyO_VLepMJ}R5_Vm$rg-yD~ zT4uW7V=U?YV4^Hk>kQ{2uF{2w4v}eUGu7?UJ~5zRYZSR+x{)cJ8F5k;{VUJ?=>GMU z;@I|G|IHg4R#Q{wtb;G0g;4>!+l#x6`lEJzwXsxEwF{mFsE^zx4OZy$L|Nd<^(g3E z`V%#r0L4N-fKf%gj-Z{AS%|)?@p%@no*hygI=6an4{N2;@!QyTnRXsi``1F?baI$H z9BK>hSN5C?-eB36kbQ+t!ew1BmfIV<9}mz1kL>8Ogz|>~wvkK@-C1jdu)&b)zW>p$ z6hb0M3jb?j8LADoin_};hfN$q{>*`?GJijK(#HmU-g%HUM%9w6cP3A^R(>BW8;YM# z0T1FwvjyP9dhfB{+a!WC(s~rm#3`UgMBD2})KbyagCyi1j z$n?I8M$_ql@~P!P6e@b)8cy-YDYEwmkEyd=7*5p zl^^K+@A}$v$~g|p7P>oy{Zt>Wn;GVmpp&9xyvF+{Tsy!CCUqrQ*Nhz0m9@qzGH|+d z2oEVhj_vsfBUOnev-FvC6Cf3td$iAB1OA;L>#gmru>#B!=iTfVeMTH?kcD+MM|u}} z3ADL?eWR1(|CY&NnWd63Ib~FoKV6$Se?;)wP0eGgyILZ9nQt6_uroe(RDkZ7m@alI z0wziIu9`wX!h{P;B!~u4H!^Ah(uWjRwPlkI5^<5vG!<9Wr~nGyv*iz~x23s$ZHIqf z41ElNOSHS60d1Sbw!#C|JYXw48m~(4e$uI^i?}JLGrnl`-$5NfhSqL}7E=zCw*@pW4 zzi?SoIUf&x+p#4139V@PC(#kFwt|@#jqsV-=rA;l0##)m2>>az1Y@bfwB? z7%^F}q>Xbo~s>oSVMkivd8-FM&;{x4Ct<3tfIo?O>D(+{W0Gde7>{X2?n>PW_@ zeFR6GTZ?63zla#6#2Gc;prf9nP9h0Hw(ldMXK&|p-oY7n%hM72$P%Ut^F2l{gc^pG zP6%WP7@B_A*nZ|_8-3h2KL+X=J5=%Xnly+Y2_zjPUpyjmji=fA9EH#Dz$GLSO@}Xe_D*NWO~*N@ zgtPFNk}l|bI(;1Eb&|HWcEb6`vs!tX#5V@et#DO>noau6!Y~V~1wk&?Ad4 zS@uMyfp%NCX&Lz*vJYrk;<<2yrD(L zdNjXuAIr^)VQMlB;E$|9;OUPnu{KWz$S;ux+MDxhlk?gg!isM>-F*9>Oy)C6imfPc3~&+z_fUrud)^*M=d ztO8!*oSKYzzT`vq32Sh)-*mNTqo~b!R;tshEZytx%ao1&$$9pG7J%i`B9vQN3^TxuCcR`g{n3su>PinATtZO%Vhc)^=Y!yf3hVx+o# zKK}yeYBlSiE^@Y(N58mu$Ti?!lJ&r_tEIbJBi`*v&7kbY$mcyl>liat?m1;`9V7Fs zH+HAbr8=~U$a{*}94Z30PXw!D>#obDz@5}x7Af(&3?sIIoz%yn4>BF4>EFo=I>oYO zG%5)i3jR%hCyuh}8;k+z`!2*#?TEHQI&g5r+EwXc&TF5*{Yq?5?Y2?Cwic_5po29%Y-y^MEBac(0yt!R&l!Jhh{m7kv43*yfQ4G1t^(9wIr%Lrb}+MJcQKe_KvB>5HvD$s0~ zN#C?vMB2%Cymh*9r1!Sk0m^&@%Uz3ab&nG-bIu>5&biy5ZaX-waB9o-eL4Su4v~RB z5A8vORqXK&zEA3uKAH@;{y3v6x{;k@g?1b)$^e56f_Yj>X5tA%%LYbN_$sP0BCm6op zdL(K%IMwSpl0%K+Sgo+d#FkYTU0=Q?V>9R0tHF_PzaAG@xgOP?R`Pmply<}XIGmy6 zf{FHhbR5Aut6P)A7LaWZyQ!MV@n*yBY=?xQ4`S5H4e<*#wm4S%4aDL4mN*}K>TTWYK z8+@DccLAMDk7XE^Y(?LiUi^7nKIZzkmv?XWv*qTUt6%5PgVogT%94sNX<%KZ$kgA3y17XOY#_HJd?lcj9+R(awRjG*7A_q4^_I8#}s^h3P=0Jab!OgYYnWx&5Pm%2Y4Q|`8=M=*_w<^@-Rld=*=5^H7~mn?)z*Itmh zoXM_ajSsZ+e)9(paNKO>32O^mR<{G^7sWL$slE&XR!o$3{|(ZF>`%Q;`>B(euag%KWIXGT*autO(h z=$+tB*WdjA@GV2QHjQ&_?dXy}`4ka_OYX05EOx4^2m>?s50WQ)FT#O54;jFG%tp|Q zDtc<#AJ5#fS?VX}&(v`jN)E0{-8Nz=sIOm?K!5m?UWZXsb17E%o2kzv3A6iK8xW-@ zME)83?r%##KFS9Tn#DJ9IJCCC6PYh6j1!3LtM$U8C^1((Ocnk_lIA{QIPXx+x)~w% z!Jzp%Mk`m?%)PyS79w4f_@!WbO#OYW7qZ2@6Q1RN*uz6egpP^(6_fPapIG_o1W6m7 ziszUh$1(p^?^hB$>d||$OJiGj4GQ@n(190LPn(JF0+JB_%G4FOdC+&llvsCBQ(4?$ z3ntqs=~CWfb`CBKsEDgpI~0;~h?oRSw4?i(nb#2FX`;uE<>l}e-D_p%fOKou+v zX(2NQY2kIZoV1q-Q5NY!6TXE+1B@#LH{Ts5|ISKt&Yx9c)gJBNMW!+gs3#{8u4;cI z=dNcnv}xDP9;#3Q#K}C#TCx1_$=~&SOi|eNj(_j>x_`;^6&u@L0{{8c%0M+vwEM+89+uKt9goOP$NGdg{__b12WLb4Cz@8dzdf9#JRtS)f3VRpax<#lHqU}C%6CTh&9lxa=@=nHZo&{@t zG+wM;M0+xkfKK!_X|L3#XwHLfnRs{pu8D!AF)2b;b>Y*hi{<7VygQ5|Ziwz_C4jb5 zXT9&QhloYzyaProjA1igDBN|xDTVQ_&svV$rRgv0ymVjX;qOqti)u*18^&bW3(6VY zpkR*E^)T`xhR?v$=5y++fN^ov+xyt9idT zKNO3d!fOBD!SR2)_|(S4Z1<;Ola!4tJSmZM^a{)RzhkN51@TIk91(H>c5HEpyofNZFk2IdR zg7r{cL+h53C637A(?XLW;*KP%c{UZ7AF0XafgiXvxy^ml>&&g}WjAA**GNJKBhSBn zysLRUNRCLg3rAFOh#oJ&fhgJuF1))BJO$%Mkj%7XuKbGvnfpyEo=Fhr;^DF$H}&!5 zuGGPAsv!oaF)inpxFtRSx{s6wz$psB*_GOlu$z+F=M_58Ac~ccig*ylSbb08S4CLe z*xYRU4AXuMHH;&#aRKFu>17Zlg|wrNonFl*y6{GyEm z#0G5(+2w_+CUA?^@0>iE`2g8UPu-{dVJ4uGfD>UulxKXU8pD@cyYdtRXn?~Oil{8{v1ud6C#vn@7d!WdSTej;{I!n znCu-!y(7R7f7Rv57a^4wpC}3R zeV9bdn*y95zRmSSw+<##>J19g7s5bUZmDQNq(d_Gj%{|=*{pRy@QeBESDMwZfN0Ke zW|Eceo|>KB>F_fi{ru|ATO;Wc9JK~b9bhcq3$PFWLetF9W4~XWey9y4tu+?pyNhi_ePWMul{bYhAdcuf{r?cG2)z zW7+vkgxHFo|4{)P-i3UV8e{;g*ER(DhggQD@PfG4i3((0Z;!eh4wA108X50fwdsYu zTyeLL+n-C_kNc>ahS0Hev2dNR44-2YZ7tfu-vU}#v?yfwEWyWqk-*s-?MR2huhyz;9+Th9tftii6NTLjP6_<;UM>7Erxt6=>wMto!SDa;d1^Lr<;}Lmz2M&=OrXYU`!fT($ z6NpTvg>~W3>`0I3a{f|xjRa+?969Bs$ZFbnNpwDz^MUR0pMuUwanCM@hOp(KhTRo^ zUB?Yk2r0|GUIt80y5ZJ{Z3!?p;j_H)H^uQzCFKXE-`r z=nCsGy~}`h$>4qVzsZ2Og_4P74cHQCLf=q*!%WU$M-<{t?z!nr2hjKG^L|Wo2j9GP zBY_s@QPBGuLEwU_CHJ{5*BxQ&4@KR$^LadhnsI~^4at%_BQ8l>MugWsX2MW&T^=rX zk}}bJYa&ZNWnj;in_#}Z(=3G4_S28QR$DQ1p)aem7<_Dg^Nr{n0jujn%Y&HtaNlBl z0SlINTiQ7Qs^6W$UbFU}@|D4z3qsA1#k@ha9JD5l$4Hj}ntX2b9t6u{CO36;=_u$Y zf$uH}ADJWu`_UR!Ru`Qb%+VPA`bos3(q6AmjqlJfuS55dVJq&>{^RcTMtKuJM#j_g zre>}H(W@U7!UxTZTASjVwDu^$7i_K-+bKba0Abe|QX#X~0eM6#3Ct9`-<*uIBXn!L zZ?tiDCWI!}FQ7}lnQoohb8do`LAH>_5@w1b>J?mXLTSZ*e(5*pfQSV8@%%t_%M4nJ zGtElIj^IHt&tKZvpQ?z9>d5@P^4v1I;0rp4JK28Ltw+J9xh-oOTZ{M1XPMUbZ3do| zH9eruOJ+X$nv~#xU{>|QPJrr-0>QDtcntb$HB-s1;WvIez0Lxau``k@QqY602RV`T zL}kx5W8~Y% z*4SGQ6?VzmW0{b6*8>@2@ez5_qVux)zv@D#ww@qc8B2U>%f$~DY64#;IP!}c!H^tz z=jFjbm6P?g0G`NQ)3GP_!Tj0k0Ojjd_uR(~IETLt4ocEBFEftLndy=`;n?M?C}-0O z@6ljyk2ZzR)Vg8(c1N_k>=ALYz!5bQ+KV-&&Cz29!7LF5elkGTK+%@psjR7Ibfimd z9fuY@raob?f9+Ghu(2%7^`Ejft4ng;_P58Zbo(33h}@^GF4a6NTs`C4Au~H|a~P%J zIMP9x)E>$#Y!*Kv?B{|({<3CXudF;I6V@VM4Z57b3IXK=tI5|)EI*OroTD4(=Ww(vskURGM&Cj@0l5k zBlPA|IPY2^rAm$%(Mn_QV`;=~oj2;OFvF;p_wA{k)ms+|9%x(pkw(+n*HbfTQpm1} zM5)(H7mB(gM*~k}M6x#h8OJw)4)T(~nof0CFBZlG8i>B+Ee2@7KcaEsO9~%Q^+CM= zO^ZO(?CMdz&Y~BrDM0`jD=ZxOds?U^}IQPe*>5J5xD*hd{;L+fbxg!x@;pK#+9(KZ&?^- z#|Fg^Fu!RUxCxc`uob4e^R#tTgSj^!cZqj9F+$wQd_OsGPb%o*7gnM5rO`QFMqTx% zZwbpG(PsGS_R4)l-U1Xxn4SA!vU{PnwZ9=t44=Y+?916-1Nh1t;jp~Nn@_>9cfZr_ zNYy!O^wF!goP~R=iecOtOL^t(&C+Dv4P+#x9mKc1zfvZt9-{o(2fP@b(A2)7={Wla zXPRhP^Q=s$^H{&GOJ+ebGrXZ6zLq%@fHS>i6w;!-`pXiN(>goPZ7n{|bZ+5(%X{&l zyFW6@QBBHHD%+BGC<;@#!V4gJr`kBgzu)S5h>+80+G5?KR#vv_=;!8mSg5@7;#_2L zAV`ydPm%-nFp_X{Pz~O&pnv5$M7|9B3^@T`1pk~rj3>iE{CwjNa=bG{N=yI{^4Poc zQ?4N}K*n=*`}Osy(E6bDm0lSRcHU!S=2Fxu983464Ag%*szONOH9@Nd?4*}LD}ffw z4|g}i9;k6x&;r;4Sxr63ReU!HZSXePA68!ZA?~+P1 z?4u#*0R#9FX)sT)UQa>m2XYX`7&!*PU6+hddc z4@C4QJee*_FXo#=irs{cIYH>jev)mk`4M!iJ9Q(bZN49ie3wQVE|m=<6SA!GA`Mouoqjt2s+hf6d;2*TUxb7+i4H zt1Bk*EV_;orD~48FH_%r(f2nlwkfotfmd~*OE`^5j~=z4|6Mxvk8_vF(m4VTT_qj= zyT<1r^FSX2f1kykyDih93AfbL|FHMA3qPcfZC1H8{4rUog51Z>{F-2mvtB82jziur znl2`fzunCUPq#=ciPQ)OUe?pyOfwDAl2Ac_v%K$|zgRDJycPB@sCID77r>#)w_PSf z&y8GhnL74dyN^NpOUa*vzRboSjM(~ey0Lvyf;1C18y5R{!4Y@W#@EHXdD%Xzb5B$_6de`=2O4t=|cH>y=C7^Grv%vA-A)n_Xm(EX@zbN7Dh zhVR{O`gD%RHXB{iK8k&KH5KP3?E0~GY?3+TleqBpx7DM79$5KoRz)=}C1SvFlKkntk-4AoV(e9(mk&~W-XaOQ9# z7?`7uRGxJnZxLB#9ZIPCRu@gmVNrekU8?@?<=-dk#&qM7SNU0ut%<|}DYkucLPg-i z7Ep1ePWMeZ0ia&8_5zfx{*BePUTQl7t#`)`yJBaf)*U>nb# z8gtWz+FbjyE-$5*Ss+r{g^S#>J*d3O3>V{`5g%*Y3ot(ht{-g%$UhiCf z^22|ApY`N$25@AUbh?U)1?$_HEDs8osy_c~AdzK$`nHsZS-1AxP$~slN6W1+|0KaR z)E3Ayu7BskV(HM6s>_qIdaDQXE3Ue#G;5j;Ui=5Y^ZZED*Ff&nA1}QsWv0&7|Bio( zQ8rVe9+&%sDJbj%ckm?%d%IptrGSB!`7}u+!*hKeSBpD!{ExaH-GYV1qLEoTc8nWN z>tGs{hljj(jeBaXKh86xzUueqNSHY^K2dj3(&`|N$S?LP65MLd@sTY10q51(i7gkJ zF}a4jed;w6us*)+<}&p_3g*iSr1rd%9hVsRO?H`*lCoUW5YineW*LfS!fSJy%7_L2 z0p;npqiP}p6>MZOhoAku%W8DYIGay~>#f9ocK_z}3hAcw<;;M2D-X|~+L*ia;{khB zU4*sQiZwY$I-3pTQV^KfluEq~-fBV}p&F0Ih<4=WeNSZ~|IuHWYIO&acD<*;&90kU zO?TXUGh^hL7oL-e-+=KZJ2W9O=-231I5}#Ltx;dpWzcNRwTKvHoTdzYy{&?BV;V#h zGpjdSas>^V-ZHzdlId#%;(VC+X)IJmgxCxbpyP0ujuXm0-QbCH;Glbm>TT(BI}3wc z*MzV^{26-2SNpC-%Bx&y6i96*(i5i)>Ec5Z7n@~j9B9tL9OO5_tPt~l?wwGkY_mIE zC4};mWigfG3{qa%BqRTL;6_Acjg4sMCiP+bDIHlDUT_Tn^ZCqniStvmJNm5;gJQ}* zO>a2gI`_*>GLqZX=w|Troa;ZK-0Mi3FFt)smYAuv-ZEL&+9mb`601tqFssGSB8Moa9@wAu@ku3E}4>hzhcf7PpomLd@m| z%T8l2t7MX$Z6tEuOFZ*F!QT#M2dw|%6e0qMm?oMi$Fz@ISjtma@Fw<9w&$O zQZ#6l#qD+n-Q^96Y7a;obYPG?u}!6otsPH~e0BXaYk(L?RMT!s;Ptoghx@ug#>Y>u zSD>fN_kj7$WK7{OMQc0yd!JL|+unl7AGQ;uOS&XA`Qc#vImNX69PcNLywwO%|Niy+ zEE3LaPg$VhpC4C?SIT2KbPmSKSvgORgI;87%`MX%hi!(?6E=%D-Rg9#* zDsqxk(*2MLnhu)a{c~j2<&s!Gq>$^&jWQybpdwDVd!uuB`ryeYP$|v7;D13BKg)I^ ze+c!U$hmKMWr*m8j90Xb{;M`(SW&k!J}LWuodpfe&t+wgosw#5v7wbh4X&Fq2nv?_ zMjx)|w;AHb?-sv-7ZduBV*4SqVN5L(HN~9b)LBBL&cjC|e#cP@z$t$3U0hfFpdA;l z@5>Dzo*(B=4?Mo`k_X||+=@y4G>UEvVimpdH|Fh3NAFXFz2_UTLw(h?r%HS7)oYxk z)8+5!dy^@u0gQo|SUnJtEn~Xzi+PK7c4^Hqmu3~s^O!~v!7#zctWGEF*VFFq+yX@O zR6oL1YuHe@Igt}GlX>9u^mBpO%M)>^f;XBuxsHU$FaL#b3Aj!rIp-B_)J+46Q}7HD zzH-4iIasdK=K6I+wMD3`&GWJ~#oC}70yPCSE6!fiiD5zfz zRdSR1epTE*B-^*Xh;iuwZ}Ty+h0p}8dnQe6-%?sit44RTIYKEAb!}swy`|Zc7AIkh z;r-e>wPeaWa5ZMx=6o>qgj@s5VGOR0eQ!m~2Bb#;*dU>AAXxoN2Ptlt^}eA#=fVU5 z%EKzlTcz(BTt_Kz+tMre=4aRwB4y40M{)5cnWiYLauX-iH9mwgdDX#EP zkBcm_A!NFar;_Il#n44z6yWq`12mt*Yxm02L-twhs?`Y#0wpzoZ*1MEOy`ASok?bf z?@0;EjI{}((0b$h!YnUBY?ctd=gZ&EnOJTB3PIWAKemnSqVe)VBVUEdC?WuiLjZif zQwC2q@I}w1Y&N9WQoaB5l?c@hr*hdd%FUpJEBYYd95a!y z&KJvs@`|XFU9!%cm16|-!=JQ+l{^pnx~^vq50db0i8milFdnA{%DjAc%gFsMf4@|^ zkOV+@8}z_jN|;Hf+fTG9$mICzF9(M7;}yfr=A%a6Z7;H0I*01MjP5Xav9O8Ui{po^~c)4^JPb9VPi`&!=0YAAAm-jt8^xx%Wxq zl|3Q()9hRg{L%H~-j8ZvjnO|c+xP34K5#1<(t5Caznqd1WGdWLvVt70<}_CY&pfUn zxQ)KsIo6z@nkWG*x$aG*qoP0!CevA`u7Y`sh^4E$f`%%4cuV)+=XFPG*H1Qbww~K| z9(P5^?Cvmg0SKl==F(+ui--|z5{AcVKiI+lLA~?tUd~s1N=Uh*ke&`g?Zd?d#|YImD&W#3{eY}*qZu5A;NjgYuW1>OU)%wRqfRjy0l>K ze|MDnL-^7c*Q`Z3#0W^F_Sn|n&#VUHdKOP3hROQ~ii{&dhb%!cvnobSy90yWZ=aG+ zF{+MbV)q&4!QZ(|AIWjyT_FZkMdhpNShryyoq3wv&3|f_|C%|aF9Ec9j+>RX)#=@}}?WtB^9-y>cv(Me{9GD-aFF_%PAypzS z3%Ao@GVPLG7}+(FHhaYu4Cg3ffIRXMhL;5AA#)O_8~2b@wHL*}6KG8J6{r zq4Tkh5o8(-GeLR>SwnX-Mp2_T9JYSM8o`iONVtMXW_uRBx_J0FBQxEnFRYB zh~p;B`X(QXLpqX$&n}9dWwWz|{U}Z1xu$jEl5!RG^j0z5`Nq4D>@!)_=#K^V#7OB| zQng}66H?;zmR+S-1-hun$97PXTo((`d$HWes-lZlCC|Lz64Csve09I{ ziC~e|511~5W@uMhWxm+mBnmyl6l3Jpb_ZAYdqu05A}#foqqP=3N~f}AzQQ+8dSmzg z+kjJHAFMpyGtRcm1YWOc;UDP|jMb07F?ce!=rmCkVBZdlkDk*Vi%*(B<22qZZ-i8u z3u8)t0IZ^_3*GGHop2fZ=0Ar%`PRX2Rs^&VKTg9z76jL%G=Jzq;5W!ked7_+rYHkPJGkboBC0* z?LE1q;0qL%{@$s-$u-JMRc2wJD!l2whg~jSeg~3$P|Pcpt81U7MewgrXxxp4X~E$* z1eIeii3!spr!=mmLR^Ed6m9?NMUM1G-<5r}o3#tP zJ?f!$h-pqRaikrOKtFzIHf(?K@aoleQlE+z4S|5p>e73*xLru6q`=O;yOeaFW!yb4 zhqV52-&xYb+S~;$xq`aW6+7~+?@MeUR7|#eXL7~#w`&Ccq=A6>{+G6`HYt2XLRKb> zbN))OktWC+ou;|=0BrUsAIul>MR^YY-h$!i50BS2t#9!?uvEH+&K`NsQMO^bQecWy zAN#4$N9WLiAYfm-urK^xFqWfN>|@T^9C;Q69QNuT^$l5%dgp}KS@Root&g>2Y_4}$ zjR;)~p8@;VHS$35y{CplUxPh~NB;vTe5Av!a9#-r0sadH-dKwjCrQ=)1(IX$dmZzl zUthnVZ7(h3`RS1lyQz81Z!6(aSI<9Uw%vS!_Emg5efBwx-~b1TJuucC5g)14V;3|r z^ppW#WNxfm(cb2fKye4UcNP#i%eyt;&TtkS9F#*#lj(+fL@b{l`3siD>2&itLknAJQEI5kpgkeO?H^srFoB9{ zBQyG^ysGqp>ke0adTq@nmVWA}jbZS;9mc3j?k36CGws?p6nakZ%T-GI>7h})W)qA^ zW+;IhXNDu4(h{p#Nu1=`c6-wZpAznWdhdeG#F*4T_ zqQY?3V$IvF)0u7cAAbkme9tYz>ZKmi5*l$xqYg4YiUeyyi5UTbikVDB9c@la3^|u5 zf$z)5F+22S9L*v7W&;D$7MlCgn}3YMd|i+~DATDKhf)M~EVNm9qu3`Jt<;1@$nZiC zIVsDWxMkB`F!a>QO(lu&gYwui4$|zpLa&up|AVWLKd_e;w-*EIxXf?U=2T!4yZdz~ zL}c1R$cLd#G&b3r4^}j6ZYY#O;=L1im;ld~Pp0*vNZu7Y7i*mnf z>x~E&Ux=&2CDpuiwWxW#uzn>*C(@0Yvd)v0neY7MgC_M_XOijEz~2V}D`ebsbmAAD zp;2G8q0dP&p#7>Qg*db&D?iyXIs#|jUajGc#sp&!CadCkZGbU_2BRzqli(cNrQ@a} ztwMr_&>rYAU-PW5N0J@Cu=y6PTIn#_Ryh~5dtp7SkrvxSZzDpSf+corv=2=YtH`Xu4yr~^04Hm109uabX$99_(*c~uF;4&7@YV|H{Wn4P*VZXi?0I#g z9tbyOUeUp%eeb!s$m6LiyBj7zENzQ=_JpJ{Z~cYQlh zl3IOlzDw-iy>7g(Z|WJH(51vP)~>lFgSQ1=a*=gRSoQ1V zm4=+{-ldp-bKYq>mf$Eh&wR&jqGQ>ndghV7aQ?Bgoqy_PqlgYyHO?qVS*gm2CO(TZ zB+E5Yw?aB_O%kCm{pR&m@+iko586T2!@>6F^RJlotp32k_?v3B-g~E-UDTt%1q-id zZ-Q|5TqcQ`gM|BKd>mewpkgWo_q7nyhdE@~{J~PXCYp5B?$z-Si|%{O@G^ zLg&4eZ0I(%_GPn3G2pfCmDls)7y09s?yq5o#WH_HBB2&M5_iZS+)ud~rOp~NdBnmx z&bNJpc&r@p#(lsDo3!#+Tp^Vy0i5q>aSy?Vch+Y~4ew;P_QFGQ|Hcn=N})V?hH^G?8xx~fU&B@!s$!-!8a35^gSZ)jl% zWbZ{$==i0%kLKlAH{93P*d9uvbUiG$&|z=Mb@%PG3tgZRqO; zq7;X{;j5_EFu&!$J>_M@1=7z{4VrnU167bJ(Ym?eH!8TMgaH^`gBfp{S~e9#S+P#N zisVyPEI*7V?z;nkXHbM*v>pdA7B#6D5zG~inPo74JFa(Gk$x?L!gfrU7xUjMqpvnt zSZ=Brqz`FiXsXEGM4XBQo52J^c;}Z%`_E4zq~uD^vyQZ}0f58uR>K~w>N>UaueC9c zwu84Dlg)jDz4>{9ggP`rPVeQNw)cO(zkW&@)8Bo^HV-7IV2)NzcSy*7y!kWL$LAa5 z1n+bAiOodOw7AsDEsE`TxkdMPgYWu55%ECXkKdH}3hMT0cX^Ma?Okkg8jhN2% z(fE|i*u4g05yKvperJc)1}2bhQ41BiKmq!?6XuK-Cft>KrNi8hTL?^=2`C%VdAs^e zY4f!*G}@w+`=#8T@^az`Hz`xUl++R-SbL6Vad)#a#PP-gqJWUQV$V_tFgeCsQ23`^ zQS@`#C|dzgfqxM~4yV+Q{yWMjDbH!fBM^F2qq}IuRYk2o>e_*=32ZXoa>h^$0FN2^ zOPxDiT#IkCqS_Mb#;7hpL2UD8od9KzE`AY6I$MtRQH$%hsO#dqDe(y=$T5ha$p57r zS`u@7IgtFL^i=e0!g$R=y29d<{?8lUQ3FhX`0$snw^hI-Kr5rDYq=2{Y*BG!~D>jUHsoQ=o+R4^ouPc`_3SbrUG0-5Y=^uKh4&LQ& zeKGZm&G#g~zpEtuiOCThmef}7@$^n3f;O@v$AeY~-@WQTgqb}S>1{mv`?Cpl&2=_D zW7Da3cNy4C@sRe+nL$HA{)@k-I}CG``ZZB0J3!jn(W~gd>IHFFA#2IcW1HH44=nq2 zTM*wg)KTBy!Tx64@A@+Mh9u^$-2-}M>;9f}=v4_hM%(>5orq(BQWku$578CO4HJ5% zt^p3@8TzBMW5I2{+|;zwh2GPl5TYo!`Ep~WV8!s_E>%0wZL@J#Q2R?{Qm(>- zHPcw6Z$HgG@@S2GD33ydR<^2Wi-dDq+XC>@(CRzE*n65MvU=>9znVv-3cb`D2!FQ7 ze6G;@zBwGjn)T$pVAWTakQm=Ads`ooJ3VK72iBf^?X(q6#?IDa3q5Zt6PRDLURv?i zr^#&~6J0lW|DDO<2_}!|)IC9s)sCQndH0AaA^n}Auqu7a7p61#eZB`IE-UeXt9!`( z=lM|VvLBVDjCD;rF0LjLPWGC{Q{&ajhY$eU-e-@^YjUX8;hz2*9$tFFlTf^$q$sHM zlQJCCIpp)J+#7A={C1Icb7{|Mpg1Rkv$54}M8UJU&(`c9(}tQP)m<;fcW8g`K8iFL zFi&k`cYkzYeHFu{Ez5WJcy2ZMK--qO zsmQ)%81TpniZfc0E?>^ z442{V?WhL1J!O?s=2tQABq<*I8Lfz!9jE#8aAZYWg&wolv`Af>vBf#N+q3l8DiY5|44vfST%`++~noXNhsc#gd3tKn)-vg6!RI1D3aE_;4Ve4m(ayF-5$PyP4R zm(#mshm;^y*l&Z*Cq*f7iA&Ehw4;&}Dj16g7l@CZ&pRMU=mORz;?Y(xM^G@GC4S=h zfX3o(cYQ9C@GSTy3zFf6} zmdH-Gm@9XDrUgnLH22F15cn5%{I8c%KG&u__#a&JBad%^Mh_hq+r~|IqSa5&mpu5~ z#sGOOR1i$k`aspV2|_JlSMneqqCuvB^ZVJ0j&I@oZY1G_`JysK9VYVLe=@9(7latZ z$25BS$)*gtcwD|iVRE_YSQ4j5)xDyqK8-qevYzJCktyPS@?2acXj?} z$W{Nv4D@NraroC5;fN$5m5Av#%4BQB;~~%~0&CwqPTboT@~^fhgnft2A&C!1-l@m= zw@hpyp*V%&if$HJJnl5+{v`P_HT4$3rP>!oFVG&JY-vHt7xJX`y4eYLY1LyT4fXRq z(*kI3-&lw-4B9LfcRuhl5&($lw!OQ+m z^C}N}hnY{dWq=F@R`jMwSvuKFXx^U$mvph0NZX}-c@gSEORH9vThXTOJmf)bmf?6% zK50So!F+c4$6YzXb!n|Z67e5p{Y!+I&a8Zuv|_`OoPa&zP}fZA?4ZIH zuG4Qaw_zUKHIx3i+AW0p-7Y)t4~P7VJ`1En(?G(hm177@cVn04Lt`Jf{l1P)K$UQ% zT0OE};{O3KLC?P0Am>G%EhF<~pwK7a(1@u=VLZ80$LoS2B)UtPqKQ6_lW0MWi|49u z7Dod7E3(>@Szo^n8Po9r$=J8l?-$mXL8M(wHK7cZRmyOh;1`Yrah{A; zTm9o49e0+@vOb&W@^x{@iwGw2R(fQkTXgO4Zt=4? zx=R05+c%HM1T=E=>jLkGe_fXB4R4TqDSwYpByY+pi@OWZ-fmxA8_LI7jAr?T2B*V$ znfpo$>Q7zln20<`MoU{z7wHfsq6UsGxzqtm`;>7o9&AxGs@$ylZcNIN1k2%Dbq?om5OYAEWp78Y?9` z_<&?*o}KKj2glf>PcLhaJiUNV;ePP(x$U}}7q?SRo#Y?pR$5kaB-vm`R^DlhdyK#B z=r8&#^_UjU2i^^yhVcOBQTu$F^y2S}I+rqV`n7oI?Vx9zKN;oTP>7C*p5tArXSk;H zj1BAr%7>ZKPyO909`X@^zSPG?EwrCU{m~B5jv-5obI?y2QO;1BD=I1~W)RIk3_veE zI960tyn^7RF6C)8wywQG%2if)F_7+jDA^uT@coOs6taHSkq}Vk`2vqpjdDgr2x}mq zK%v~l^f{D&DHJF#C=w_ly0@GZ{vUl`%G(`M!k=v@*D4pog^+R<&SWu6lx)^z>O?7Y z-w%j4vlHwUo zCZbuO<>uRy?ercgZWwl=wbZ9=Orp4oP8nXSuP$RyhKo%B?s$8#C+l~~H7 z+Ks7srA=74{M6sYPGjDdgLpP;funN!&68byedc`w7`K1DD0U%YD{r651#QS3J9Ej{ z2qUG`t55fddqj_M{f^gUPqmG;c!xap{pEL)V`x#1?~Dgs z0$n(>}UA@+PL{c)sqmX{HnX z@I`I6`dZ1(IYa%GF|09W!awASDOxxTxDKBI?ZT0TpD)!Ihw}t^^0Cy*$mO-_89elJ zwPOJe`_W@GmMj&0b3o_*jQ9KOJjsYY0N=~hv>4x*qQtZn)=jzpv7pVJt*Xnl8Uwa? zr`kk)#n*|Eymhc^qVnGNlQN=nMA0LXr^U$U%U^TZ}6oc^P&Z=&YNrKiOKFN+Eu8vJG@(D%M(SBwKcA853j47h^^W zd#{u^6qKx>p|lgVzyhqNoSJO%<6#iELLzX^bh96^8=DL#6tePVepvcn5{+?%x;EkW zF(@#e2wBH)ma;2a=aaH{;T2&>xxpgCYw{xt*rE$aag?IO*3@0%8`CMqO3~c&J*ori zCfc2IBbY`-5zDq_S5jL3@tQ`Vhchqz6pg2*8hJX+3QuDLli?46h@mI;F$PmFe zoud4{`vWPmqk3ZpG5G3riLbt~HUf&fcqgTLO|^+f&&Z(RdCGaqTWALxSoe)GBBq8TfVRE)j$}KjZ6>NM_Si|+l=su()hU0DosLE- zj}d8<+I)l?39G&#*;!Z0kkzx$1W)h2Tm57nDaf=11}|`fro%>zPPV^{O(IxGizD^i z^TK#;8K`bZF>MG1T z0_PVzVBz*FB-@3bExrm&;raSedZx%0_28)gEQ*T*fi-r*(IwgO{OO;$pDR6I==;4r zi2CaEbkGpS5%t7rBxGkC`7$lg>qH)auiQ*cD-OHN(~izQ)uqcFBw?_Xyk`)Ul>tw2 z>cx(3@!y?Sl$+_Hyxuh4qto8Cd$KEU%`%zW2i_qQH{6@-*C!@B;rL{KJtx^^SF3+N z6>U#{Drqss?$h;e{6umlBh1$mlKgg-h?o{11pa4W>@B`zvV9Lq_D}WI^RLkuBDr8U zPEYGRE{1z?vNHbB7sShKSaTf*6I=Sz<|W$Zfk%>kRI)c(V}Y0N)1lS2GS1m0?K59W z_TZB-MzO2mH;$0J%9zIZ4aZ}424s2}?^j($^eWG<%7ACF=k2x+8E+Z5PP2}szB+dY zliGZj>|kn*k2?SEcakkHqkeI{n-*V0{1ZRcTPrqEz!6Kk@S)-~@qfitR1UOwdE3xXE-(<7Pm1cJPEp6U9dy6670Wm+~!TLRW)+htmDeFby5y*n}?; zaX5tDRz2Vq@`-wmYWc$6OPo9oe{kuuAe?{wsLEB6Gav7~R+ zpChuCb(0qbX-M0|^gK5$sOw-pH}ZBzRXbnqm-Jp2>h5&})RU>EJ-$%=XFjDqn)${w zR{AMBX|lE>(|}ujy&&^3@`E4cyzpn{>Q_-wQIXO7Gk9>TsHm9r;Ke^m#>uBY8wwQ) z0zjev_3vd^NwHdBp_m%+@Y8eI!!jrjXfs@u|f{x32-S`L(~q&+4>>1^fsm%m9-6K`k_4A_(ZoNVQl z!Z^gq6?KF^7$Bg;NMwOjWTMbT1i(*!k!(H|ImeOd(>B>nh=qaqY8{Gk zCq{)&i%^2PSVF2`p+FaBd-liqpSb}-RT zn5y^<$xU(gA`=fhEIC>sKSTSrWH^qr^?K{eAi6y0B0}OjGX8PY!Ao}r2^j4xF3bYk zt^5TdtH6UY3O=^K@+|exGci>IV`7}j!s*i;J7?uOvfVlnNH`5fj#j%Znr!WLVw-rJ zpj|k&3a!vhA7IK4GUbkja89@*$>mJ#Ri;tUwmF?2)t<;W&cyzXXzRj*8Akr{UyP^% zcgCqKUz0~^=qp4c%s-dp=RmeYS6hl#rTx8Kg)`5WeC(EN&WRDRv-DE2HrU5C#{J}n z$u7NEawFNoxmo%%&XeDqqCTy*W&IfXv_~YAI^%H4PBz+aq71g9XuqezpkrJ*^=y^3 ze5Tuhk%mka2a~S(7!l)+*G<y0vNcyxf6zS)N5hu@SDQ67w|@NKU7lP#t3dKqDPfxa={ ze90zgY$3vwHQjg*(0>O<{gId2-p|Q@F#U0@!MoXtM%gWTg6`l85lJ9Bf#7FBBOQDT z$1YRbIL39)(?J>VH5^v7NjOa-!mXrl^DNVoWv`SI*OeFjD$@aN-5wbobmFX@TjTCY zl9~U@QA{|6S^w)m=|;Q@+HG8D;i&&5Z*M=qxze}l(L|e$wmiKQ$Pd7ef?UQ70{YyM zo#_m|2~8S3UGNTG!=Dy!2c<(_>hf{o2#raMN9CPD^wOo5Nya7L@OzqPL96~*wjG>< znX6w#MMXtM^G_K>o7XBTDrO}xJQtS2dz=h*Uzj*62rOjzp^r$xkdnXJTCwnN)2J@M z*eK`4Nx~QLD{e}5^wBX5jHz>Oe4|{sv4o=5?+$_SQZhDJE!i)BDg{M`zklf$rl|Z= zWcWgth-T9i% zmrSBICP*3Gey4CA5M5LpLk>NMv+2L8&(7}_{WzCcZ-Qt53`dng^b=p!M@e!0?3Y6^ zWA~%x6uGAx?EwvckrB1Rsw!X4GnI%bMjoNlQo=*&<-ALVIF7PaR#dw@J;L*Vx8$?S zt}=cwXv7PYbd+m$@H<*YFuUhCEdq;t<2>uvJzv|X#k<*oUK#ciZQnza-61|S4NMj+ z|Mro|#?Pa4tnJ{=I}E~D=oL^eS73cw1P+;Q8#OlBAI}s&vLgJ@)8TMpv11mK{@0ai zXSKoI4=3AmKRqi0kUTI%;rS#Pi@*F`I0%q+?+eQ7-rHpOV~9K5v7Q7pj1s@L-7?vO zl8^EX(JU*jDf)08czW6^`U5hFLx?GnfBZ|kzR1$WSB$g~V?y!wXOuVR#XulGoT8Us z6LcXJ;7t`C|yUu$>@4ORY`qSss*KfQpa!iubcAHHR=>{B0iBuJaz|&uKnTc zaQcuB4o0@i-$i5ArfVqAHzs@Edy;+Wuo&lVc`#&!w2X&$=>Nu>#8}emb1lAtE?aY* zWS3m6=OkOm8_}u9s1J=BofitubOvZ&+7hEy{a^X6CK?{qvpiScF9p1Nybm@2PpQv6 zdgfE2d#w8K2-O+-B7e$6W{}C~tInIkH=y*4qY+tCc1q0m{CT2XgRimJb#8Nkh}&L0 zN8T+N_ve^WEqPMjJmZn3TqjMD`vRV!ok){Een9hJ*^PHsoR{mf3-FQhRkqU^{VyCh z)Q^6{!rL76-|IYma6XeKXtW3U(hi+IZFV>Z6Ewgh`U_(z&X2esG{dKX=#$D5c_4bK zBaQWZ$qPrxhj&l*#G~!^FpG7ghb+5HlviXM8qjHiW+JRc`FRtCwpM)#O1)aLF}J(P5xB1aU3?lG;5uWlD#9Q7#%%;QfdTWQ6Z z*0!1q$shhkhN2Wv6e?f9JEz6)VtNwBA5*z5zEbtWK|{TjH_9AFh)0u%FH0!TZ+t)U zY4WZK93p@EtCZZ;#0Sxa^2+W{tOFGbpi_@f7K2Y6p-79*tE{ZN^VB`+17G*vM?96{ zN81z8f?~b>+ml^?YbexSrf~UH$=UAb+v#v#{pjaPtLqr}QCEzj z_!11wI2P91FxlROw1T6Be43 z>_YY9r<5P`KP-A!%j!n8d+Eb>+?ni6>`tik^jVxz)Fliu(TRf?+Tn}pv9x6JfX^p8 zSNYs@N36^9@KYPv_kXdNEwWhfj)3>Cj-uehye6^(B_5_hUb8<&$8`S zYLm&)*Z(Wt;=qGn_e*AuRR3Laaq&q!aYtFMTgzcUJ$2;Xgo)t@JpJs*%bip@KCSU~ z`?slID_uB+a&!bV5&5WVjDrh}>9LE?pUb28D4#XN&J*v~dV|`i$y<*6*Lm~_4DT2x zm@Y&*WcpXXk1@+5*mQhI`QCORIW7>9GYb?_Jkn`9mfwl&* zz&Pu-weybr+w`^SGzipnM%$0N@JyqwGX&Z!`dO3b!-KR%)`Cv1JMFZKM@q)V84K#& z^7CJ4oOpIQd-C~iJL%L;TT=bcKX5p$(RbQy#q&du)6IO{Dk>@}T4?^M14~84>;};| z>#QlIN(OEDA`S=*A3Z_$rFgM0GE+kycw`l0}lqo5LD6yh*p+!V{HmKZy(fI}ECtFbp6JPW1SG}2n!8#u}f2b?z{`#+E zpFcwP#JlnZ^ilC*%WcKSKIM;7N98aTW~9zPvUi8wJ9Ram4p$smy>L{-P<$vVS z(cbW<7`mLF`FGKPeA5n{vHFN+q@ z;|>j_IroZWU-)J?hA8LX>c`irzp{=RWnggO)WCr7X=2KY=)Q4dl5Hk>PCHv;f}VL$ za{93HBy!}RY8MtLA2~AG!ySOooayey*(BPzhy2YwG1-Z~o!k38({I5;k8AvyI=3Bl zRI)AJsx(X|f(H7kp7$O1#J8TV;M-8ynLfaKj3;B|oOT?eRY4LD}$z z2t@VoR(|w*(Z|?wT zFNNXqn_lQS#$Z ziE}7@9`~Xw+M9k+_`-GaXke!6R8dh;F%6o3%AnW0R#8zgD?!A>hHsYgF2%g1R7p|4 z{I*fnF_!va(v-M36T*(gvHu#NOsk=dQJ)*MmYxE_kSp3U&ay93d7O= z;$S=}O5AYwP*Ss^Dg_6}7fR7y9}PpL7+3J*G}Y_AJUymmgb6s<9=tc%w~i2?nO&exY7f>u`r;v~15sF_tJDK05o;y==x50`+9aY~=8%HR4nD1j zCh<9TC+n09b=x;o?}zeQUpNQ;aBA$t^}XZN7Wz+~x8At0t+IrSXJ~-O$fkI|isbw` z)^1XJ7dik2@9`%E&s`~(u|gXVdGn=jgsi|%rhk6p%gN@XP5KF6?P085Yr*Ie^;`bC8LywqxXOV@-vc!b>EWghMRRgJL;x9 z9&0guRB7(fxz|VKU3XQo`R1lSsDH3lQm^VH9YN za7>G1!EY~L*SkAeRK44JaKy>rE&M^Q7(d;p^St0A(+oRp>BVs>PV(K(kQ?fUEEL(J zO&EuX3VLK}M7r*@Z8%)rq02b#(NVEhk&i(x&s-132)k|(1vXaC5CsxWwBUE!Nx^uW z>7$-H(ocAH-ieYE@$2FXm$ADf3*hFP!kK!_t$lXkWn=AEzmCPS=hqlOSvb%mALUJi zO3Rr+S;5~jo;qKgUeZKV8}!8Wk`L$5C~)rJT+ea8q;W($^G=I0`dkjU-r2)FXrR2{ zfk(vX9(*f~x!_IVXCRz3+~>JQd7RHi4CY<%Gw2Xqx$f~l-}7{FY|#wg96B%j1D+09 zjs6o+OYM9D@JYv#SL+(jMfyTxlnc+IUAg8C^UQl6<8j>6-<20m^-VQaKFQdlKH=k{ zaQEb7YrIkUc{-KFbE4PtFLbm3Ez=_CDq}=;LOOjV4d+8Ze#2d#S-|5=d&xU^1uexH zmhY7|$@TON8=S{VuW@Km90UO(;>J>@nU59a2hF7YqUxUj6gg%e1EI;dCHsg)RHb zSN)dZ^>nhoUyy8P8TQnjFXlv`eEbtKK%Z#y;J$}rEhd~6ZeXdLC1tEnerk!9qpC!! zP-mVYEFb6E8`q8Xo}kMY+!e1qGDN_E;zo?F<0zaU!xg9B+uoe)eY?kE()UR*_UUE0 z9P<9*4`i5%*B_LDeCZ9ML)Vys!aW>KSL)jCyGU7-Y{X7rT{4)nfjYaOdZD0F=fe+8 z_S94DI>1->e*eEBZv z=@&#mU3E(s=ahNF^|6gQ={)L;_Z`MqE~iXonnPtVy~npU7nr(s!|h6g5k$M^^r5sP z&&aU)l=$@S_a?jjzMv1fK5>BZl%YM>!pXjSoa%^kEjw^7yENHat0g<+i^(35Y*Qb~ z`iJ;P)R^}N9p_#o*@kb6h5K(*eSGVE`hh^C;Vi7sTEBua>J0gMoT=9etK zLt_C8g44#-5&2-9BAm{?HkZal?{j*dan|$CW2A#LlqQ@U- zl6)u+AOE{42jCDPLaOjm`MZ2_RNXsc*UdhGI&t5PQ_&F4gGgKG1zsnf)w#cSbmTp< z%woxwTS~l|UvjNJ%^G$@=ixACA$A;_eX3Wq33-t>WfjLvE=wSP=ZS-RIGEb$TK7Dk zl8)yE{yW-zxCLZWM`V?;Al@@Pr+1D!Pvg%0P7)6jM>6@CU!0sQ80m1K4NW@> z0e#c(yUnYhC*NzN<$5@Wa)0&v$i8^Nef_6zGj1`)`@KQ@DIY}I@?QE`tE_VF_bMtX zDqa>C^vg?~FASW|rh&GiqQa+ZynhcFP%;)Vc2KG?qP{J|&vyWE1tVVkC`2d`#qe=u zAS)_-5ga3f>)?Z=kSQ-W6ootPiZ9o$nDBL8h7#M7$9gIN2a^;HDI;^sxW3>#(UG6W z@M5>HQ9URvdUj?2jjpsX)-cWx3LZ*cC^Q&iV|5;D2`sg^4BE$KJWHWOxg?^fIDJ~i zZ^r$PB|GYS$=)M_al`CgT?X|fepNVfR=1GdB>y|$E$tyR`Yw#Amo z4*R?e#XqauvPh}&DpU1}a|B$Xe2@KcI3eJ1F`6F{&Xhsz;VTaDL|EtrV{qb%g0Ri=Qfe(g))c=f4CIOTL)V?{k9 z{^GcT)*p)B3$ci^@+6|cqdtga$c7CD3o^dQBFS#LKbIjoaYFpySGuph6_FS`%Xxkd zC=VP-yS+czy$?s55&^gW!Rk9Q%6C%#zHV~l2alc?Z@ws5!C*fE-YUJJdCg8<$EZ%5Zz!3Ufsex?b%{O}viE2f7UM;JLXN!uI?YO_ zBZeGP?S7zkVNED+mqz{^;dPPAlTKUEMyQTNF~!t7`t8fm84CY>o3UO2?7y>jG0= zMyjked>yl1rxAzO!@^e?ACXTz>vhX=L!=+;HudUR9KNfpA|7pGI0-IrxKN2-J^d03+M(lv4e0RLwbekG)~N@wV}1 z$=#pBnD@u+hN^Wta;V=n$$ge$~whYB-%6;WfjM65&tvFUxyh5Na6Jfm5 zj?ve7$MAuM4;eqyyO?#$T;}QToM$KLY=1viR8&+{yckeQvSLz|g^G&V4i>H6Z+{s% z*%^Y-^Q4UCPamjz7#|pp7;&9M`QV(1x%A#&QLqGzMIv*STO!#%FAHOoyjZ{BR~~`H zS7j+>7}OYVO56IvoI##*$dLK#x!Ld%Q0{uc<3`6^LfpYvDgNVAIL`JB$-=lo$ z;f|DKyUR$Q(wL3~4TFqpp*U?YfZ^3`_eQ->`eU+h9hK}udnY^YL>Z;U(Wdlw-ytJY zMkHU_6AK>8I9++QWXJw0qG{k4Qv*vGD7CKG%J^n$bD})%d?4Asu1I#yUz7dmv}Au4 z&iadRUa~7?@UsOz(N;uXu?_v?CnHh<<+wyKQ6JWBaoPo(3#_Yk$yLd|^wnf*zcCz( zObw!4F)U;H22&4atr0m0w2hQ_7Eb=nFFSpD8uZf+tkHAlgUQzdD~=}GsPL{h)2Ji& zaq^U1tVru=;IFRv*J#cLGEH)G5K^Tv*&yhoYFKIMr?w)^|k zM_tx6hLv&K$GO;1t~!`1Dk>^oHPBB}N%6tEqM~AUfoO$KeLjpi3?7VAjM@+HmV7N0 zHwrrjq)-uUMC6eSV|H>Pswpd3MCHsmCfV`74nr0r5u+66$Om>$HjZ+9YD}zwfI;I6 zYSZ792Vc>diZxM2*4gKU0p?Bt;fFs>KCd4IZaDg<4;WS$zB*T#VNhlxoiC9xs-T6b zQNKJP48gJnNpW-)1Gok8t7Rl+Ph zA+RUlesPZ=>ySwn8#xQ^tNbnYNUj*;j5oURcqgyZT!wc}IS5r=Gi z_vmE5J3Sn6T!SZ5b$_evmEVAjDAoB_e+=1hxzaPY+>-3JyP^+3JI_GRW2(#FE>&IM ztLGL7+3o8daHGoQLv^B04RYLiJ-LoUiD^F?L)@vx)R%FRwQieNd}gZVt@lS8Ld(tf z#BO_^J|q@+-f-jO+szLszdnsU;e^4tRCq8GC^YI=#)EKz!DAdvu{AvrZHp}~+MW;E z3U8l#JlX9xieEP;yYZ%E*Rv+j4Z?NFZqW6~Q`+)YKp*9K&XHsOpD&)i^=&HO`Ng;j zkHo7YPcvJ;L1;RdIwjxKF^|6mDj#Pu4#8IBndGy_`OS15+OQF&(Rl8ap|PUk)d9u> zJ_N0?MzSNmo9wq5L-+n@viavAx={UwbT0SwE2f%8f2j_pii(PgR|y!9Tac3C3QxIN zQBg6=F=AA*FMTZx@bYz@X&dj^2B(nH&?i}7){Pw_7Ply97l( z7>YPr{v^YC0U2jFka}5b$qkiQbI{h2n+ zGlpU`%6Q|y=naE1&Wj<3fw#b%$u7Psc;JSlfRPA_gQDr+;k@vTBhQs|80MZ%#%M`< z$HU2Xe2;jcve;G5BL;NNE`4jRoa__(B|H7k$sT`lE#Il>Ng1^`oS4d1+J<}zJb%*Y zI7R7ixodvgcmHIIE~>U0t2zl|=1=xeHjYcZ?tYLR?2@gwrj+K1$;OEmwnz8q5b>pl zwN>CvHXeQ5keQ7XnOWrW$4Wjg{G0fh9Zc}|Hz()mh@;hJs^97|1a{sv*%uE_cIKJM z9=LmqJ@@=P_Jp2c@p__{;HNwA1b03OH{73WCp|YGQ`d+PqW&s#PW?ZST@%HpvYQ}_ zZeM;;vahPI6h{HkKz?L^PC7=~LSgo%S_72Ch`KWPQU2DF$ui= zbj{)QM0Rpy6LKUzbacm7<2W?O_9t6;`H1{u0s6OZpKKCxsj|kajfw0bLb6AFxJP;6 z#A3`qUtkTnL2@&_C_L0TbOabDaG>j`GI50CNSkM_WY^w0s?~?eG)#8ggHJd$i!-V4 zt&AC*!(YzfE!X+~pvHnPeKFaRi{v_}54sFV4xFc%uhY;yQ^;~N2<`js?AKW2jzZO+ zHS%I?Zmxq<*1~~Djps8DD=J<$;JvJ|r(6ATjNYM45gny5Dk3%2SIXFtWk1$bn#~cu z6%`c~6)%k9Tq+74=fftfsHm7FV5@1ibuJ5YyMgrYWLs^V9ZVQGIAMS*RWdG6vh<&? z`xB*refbN7kcaVv@r`ro3K{R~ZZ0KF2BI5F7%)0w$d8Z_#h1YTu5d5`4Ac4NO?EzO z7s+75FqDKzkpXE7$52D|4az?)-;mXT3Ov_LOL zCA0{vQ{zz~x;B1%vNhIBw##nGzWViKC!d<^(kqhPdWUGZFWJ2+_imMY_ zKbLH~9h1!~{xPM8yu7V+K5CAbD%YY#yuI?;WD``zD5V=M#dttG@^y0HLl;J*_(Hqm z5Wz8kgOU8mcXmPLp~%laDcL3e6#v9yc#4t#bJcm$gpi?#vzTva3}uWV6s)BJ)VkRLaY*PWDF0B0E8{AapD+KOmY%>e$m$8H_VJ%Qbaa58!19DM@$B`>9o#loYncKLa~^{T%T2^m|1zg(Rm3_|h< zKqm{->Ylfk%GEgwwtrr{Wn5#7EBy7bGG9YR=-*s}pM|GPRh%lBdvuEWtorWV8b^Nf z+n7o>T6}YdT$w6KnZ?nR`S!{ft>giy9}!IApZd8+(B(Ac<6hgD)JA*!EDok7$m5lu zv7+Ktg2wnnKkVu5%u%O;{>NB>?8p6(fBx5gP*G7)@hU;=`p^!+ZYw+$6&14{qedq? z;^;7_i_wHp^p^EyP@-VDK`EeU$@pT2B%%rCog>+L>m)n+2eG~gh8E9bXx%4cYM%p= z%`vx(C>iZUNdX)uOD`Kce66^$@{=)%;f>OUvtWg#l3j9<%9oK#K6gBlY>z#Y^{Y&u zdNYLf=|?fH;y;RFFE-M@(R884dW8b~(( zgjjQG>&^7sN0XiOn`9S@_FHd{=`=*hlt`E2j3D2~o=&#^fyow`AAV-T4#N`2uOh`-X@m^%9(Q6*7{?ky^R*lY;O4uP zkFJv+2E0cw2%Q-JOn=0X^r$6_%RF5t%fMj1&N`sP(@x7RlkAGi#Y43P{9{_%cYiLq zlF^UcbP`3QBMwjBu00>AyYo+ZuzMfVG}l=v*@YJ>5AlNagmApv^H8#{e>K_8J0|1*W(yuC`uyv1ETdHyljR!c@Em9$wP>5bd(SqRD>xd*zL@R`lL? zTe9sWA4GY;?OI+#c}iYw}kUO?vOsFalsp8nRW_35plv4 zvO~Wpnfq_ZUenR>$WzJws(P>YM$xHq#){rI>ij1^QyrVmM}c}jp**g?H`$lJ7IMlI zRru&pgoS2z6bXKwfgI7-d_AU|jyCf5eC~f-CoT6f*!|3Rf6{qGN9icp>rlV<^?{T} z7tXn?E6{Iyyx;2Fr>Q8-3_~<}1R2NXb;%QDiszKu+u7rFUu~6Sr(cll?nk42>D#ms zymEQcHKN6)JR_)&<9NRITFJ|AlO3QjY{S))EwiBdqvV7g(HKJ+bG$6-(2X3A@bckR zkLY3wVeEDVT`w2pLmQxHmG%(-y2MkaJ1dRzdN_#I!TG?m9FYdUvMg3qy!OEwWzi3P z44{uPo-s~oY+`)t^f7#*j@cPq`pK~QRa8_|RQwOn{7P27l)X|4RYgU`O9A8fsH4NM zEe0lzl{asQaiuib7{nMJGcvZpf7d&ceeLVXuD&k$0@6(b72J4pvTuDW*=G(BK9lSa z;owguJ4^;JhA!*g{NnfxYy{Cw7?m=xa4=Ek4L3v{IJ~a8J=vyj!$4(>Xgi2z3OVu$ zgoBAF2o%K;!blq-1O4dl$vDqz*kG7Xek|F3`-uCkE@^5COB) zBFT2#F4;F#_cPCvkvTP-6gbP^D@H$4t=Qr07sn*q;7u|#WpLtLXc>1p4?_@RnsURr z5Yq}V409TkU!}(=_x~&$E*fz*^g4|}_k^*m5!2sta&f%>ag{qh+BeqB0UCE*S!N8z zU}Oy%*4%1Dba15n*#I1GfGDJ^uMz(wlkgA+(-A+;#<{1}d!z8q=@+=?Mzf4*)eWBX zr_nZA*LU0@*~M3=UH%(R0&g3fI?pBFVa;Vv;NJaDCi~5wldZIB^2oAfS59`zWVN5} z6$jI~XC)h}d-IJ;c93NJuH5ECw0%zh*+J3Q`@&%9z+n=LM-#c?&c$rRu-+BUq{p5L z2NCtW?6zcUuGMz#5KY6gAs-m_;*sAQVWTC#pFK4Bx>{58EcCmBY)Z1{ zLHQkYaI&k!Q>N4TT4VHK@q@bK969BTWZUkf{w^7zOfTDIzB`;^86A1bUyJ|n9S5aD z_qe8K%LgQHuad4MPrbU9^Wi@5bJBOW988`M)8f2e&<|t%rxJNH<3P?O+kVu4^6|Xr z3p#qaIAd@Ic6rn#PVtZI8`BKG`Q2n+KTG;7(FW4k>5$aur~&#M{daAeCu1o=*0lWiLvkkGGITK><=ekvoP zWjbwqZ?aWah$ybp&I@NjiDoK*f9yQR&NLI$20c<(eUW77^98m0JhGrf@98A77dm^$116O&ul8g~QS|Cb< zh>CK3HiGg*-@5B3yY>dPhhzx)ah`lx20q4myf4%)&IA6djon#BT}BA~!6$b%jdLgF zD7D#^n&rM;*?Y?;W0O9<}#- z-j?jf>%uw28e~5>CfVHLJy9sZUmQ$9Cr%OQcLxLXDevySWJ@od?BXjUYU;Mfl6~@v z$tJ3uSl`2^Xy`e2@Oa(Hk9rZ&Gs?Hm-eT)y=iiv@Eo`-PJMiN$!>@0P)`~ z`Hghsk@GCF>r=GG$2IDjyQOm?vHo^O)M$GDR6#+Lo_j!*W>pDSM(yW~w2)d?r7?6FGoGPWakqZYX1K}Xex zh{?`0Lg?`Np){_#R_u}mAE1>wUii;st1KyF59JYBGrcXPlK<}fiXEq1@zgz{Yrv>c z$yQt`*#QS7yYY^2OgJBkvrWfa?n(BseUptJ6Xm#KOWs09S5Hh~@x1wRN?91c;st5S znCaV0P5_)2(AsoKG+7;TB zCJdj*qY31A^yp-3ZIJ9eA4<0Uj-qSrWQ&ZGY%i1SJKs-s=l!BD%Xbshhbdl1{V=A3 z#yU$vrnMZA14ru|evcNY3l5u{-rFN0lOuX5=msqwl)M`bqiDlMTD4;-bGSOU@+tRc z2;`l|l%e^0U2qaXTa*tyu^V2IuhJJu8_qN8is2dQa$e9^cu5~EG`GrX*Ei}s_}(iE z=x&0#G(lac6LpJvwP<-U3|m%3#cL1rzj)Wuhok>D`)e5sA|jLip?=it)1~fpuf{_<)RRqMY10gh4cz_UVBeYz~|#%EQN)tUT%*8c-Owepj+viT_d9aB4NvDP5gE|4$ ziXk#*gwo)s8SeQm8Q8^P7Cf9e{?9Zrf4A5!_)~W3y65R+`y2#sai+n0983c`k9E47 zX2JR5`3PRO-1Y*Fypd|x6_!u7>#oVZbXc+<{yfm-|dj^vA_ z^vhq0f0E}`l%Cp>sh>CBF4@<0|_d_&e@@mwjHZs_5u7gZJrM_@#dxmXzYGxY!j#DU%F*e z<~Tyz`&%Z*o{UI>)7*~t_ymy7f<;7AS29i%+>}Swd>Io~TbsQ2$cxda35N+2TilN3 za*gYs%)j$LsxE<15q8XumSM6M3fDvM??iETBwy+4jOxAb>Rcm&I=2brsP^OKaEbs?zekT+b9n571~ZoTfpnCJXOu2y;aC! zm|>Q{*A|X(LPx7pAyoM2V>I;0Uj?UWZ_G%VcjmT;>F1H!Y?&y{5lw;&gA&*K^AG-~ z&6{d~gkOxQMWRc2RU8;?xn=wPlc=O0t3|G^_ug+RdX=H@wYakz0m$aGyy5cjJ7TvZ!g2^)sg2SpX zFo5hu&6ZA49=$D{&TPWNzi#OnU%!~teiGYmJBkc@GWb*!Oa;IhPZ#{14T_PEd?0P3 z+CC~?+HnyJ0a^uipFdV(60SRahj6;V(V9yDPMI`M~0o zCt%Y`{?sbhEBLN=5hN&i!P8 z;yquc{q;nrVS1QR45|7Nk25YZzEQX44@;e{c@_(J#LG4f;P|ISb8k);Nq=$Pciq-B zaro^1aNA5aAvK9zkncXW=#gMa!j3$>n)Jxs5JA+tzw(&sKwQdXrHQ0l7kdwZHlT_- zqsXTnP3;eGWjbw~Q!*q0idM5%W_U!DLKY~{tiLz+t)}~@{IyMr!*8jhlZw4B9`iO) zfw*!a`|_C)O(mcQXz}ib(L{^0^6$QtpM9h@crgtI9ZiewTjS2$qTEbg+S;Byb!OyQI-(mktvSI=wLe#@~NJN%gwbBb+Z zzx}=amEm~T`d`PC&-ogS+fiVr>r2d7;#|jNWowf}BE=5P$d7Ww?6mDEYidR>V%XZH z2@g+-z(JOBsTU?RT}lcv=bp8u$gj!S49sLzvL3_6BX$mw875q#stw+quf{hAW21H?q(5Xb+|x2m3hXmVNw9xJ0Tw9(n&c8A9B1`R6S-ey>Tb5h{dY*FjmQaXW& z&tTQfo`5MIHe55gJl($@#7@DL`d-id)q}!qTdHKm-KsKvsOBql(tiwS9F^OITO;Nr z=AB5kZ(iY)|84);;VS5LC22N6QTrkV);$u6$vLahAq~VmrlXAj06BWJ^=3S|L5ztX zPq!^^j5Ji)WZEC+h!0cA8O<8mykWv0lV^jaqy8cvNw^4*`@1tn;P{%Yiay*K7PXaN zgLQ+Na`eZe91i!T(=i>~J_z9R9eTe!VpZeu#rn=xKMq7-h}aGqVX6u7ju2LaAD@hz z{z71)EQ5papU(erQ4hm}RUSmXrLpRL{sUtGDt9Hl|GXMMqj`xWuo)Ve;Ei=p$BP#k zPt4ue%4eI;a3(x`k>UKi(m|G8V_1)7_T09RL?^PUAx=QNz9grn^y%*H*Tbtk>!w9U zVk{rQCxAPaQg4e-8{cVeG{SCpRoN2a#1A;0(;lt2odg5@1VQmXq^Jy?Gp&t zsZO_cvNf@em*QjRII(Xh=NPc+d(_!*?&IR@AbimQN1ta-+0OLIiW*JUMq4X?_#LXK z&asyik_B=^={w@x65#g139bVz^548&RSCT!63yi9sBdhP&ZDU{R2`wQzlO8OO2XMD zt~ve3rFpz~k7g^O$mCI@n zq!MB(D0OZaeWGoQzKKjzI6car%j7*RlI_@&Vv+#Pv&Gv<&};k)myJX{&lVM)FQw~C z(T4~a1}X_l2yzT7Q>lDmgi9~v*A|YtN;79yNX=|%{uLzf!?s9~Z}T-|J$T@`B|2o# zmdH9t=gi`px>+KqERzuyuwK!R2`{6|Y87llOY zhO7_1sKvS^+3x(*kcpSvJDnH!<15u zg~?{Fkl09b?%(zM_DUomeFq18%&@l@ayE02Ao?$;|%oJ+t?$ zWflp+!}RaCarT6_e_h^O=DGlk1BgmePjv~cD1J7+3k#-??BIFN*9)X`2~G*+=#9bd zYr;^|7qfs{B&2sDNJZtA5|gsy=e4Q+Jc6Q~e^dUq)<}(Tm>o|LO+_X#Onn1XN>CIS z9(T&u^yadmnnOzAV)49E{xQBa&FM+RQ%M|EoqicPfJ*^q?r|T3wzJaPsE66MN7iyz z&{aE{sJ#U6VKP8zFxvy3vO3Hs>hAgMw7xKq@9GgzYpHwlfJdI0y+O`Rl42o4EO}yo zg`v*~!~5%b;*|(~DZ6m_NH1?|td;YS7tG5~I$k(C){+Es&bw%;d81q~V@DlM8-BE# znoOz=coKiB_F{b36soGNxy=qs6|JnNxk|1&Zl|Fh;sq7u_6txoM}^eW5tkx@<>oUc zhrZ{LE&4@_azpGHDllA;vcAIt9kTbD5(d2gqSy0K#rQ{c3epl6)^z%G$e20t(aykR z!MZOQ z@C8M|92;4ChcyFkpHvmO%>Fy|AoX zg~lTnw`(fA7_BJoisIICG{O4+!RG!EreD%xFQ?!?2A!BwJFt@6KcLO=t_f2-#`IO@ z6yf@6^{VRu`;Xn-?XP!-2`Eq;F|d*S|k zQo2`8M8=LMS3|^V?0J=y&iLB9T0H}ydG^`Jy3iYH06Fms)_DG#Thnm6ckMZK_Tsv`+DKnAc9!NRrG&63U4Ew(z% zdmr{E-`C+T^Z$64xc6(daKmY>A8_T3mM8y|S9rcJC;cE^x|I6&Y_7UA2~!;yx9qut zZqSBcgT8loPp_?K@I+aUkd#Sq9ahAPKh(IWpUWz``;D5!N* zkj%V^N79Ebl`r`LL4x!e!2G$*li%Rqh{YBqw2b8VawDcR^8a4G*b}IC3>ui#XAtIe zs{%&zetig;=z+>MYSsoEB|p3|p(*eG6|A<6l+8Nu3DIcmZ-fqL##J7#vRVK~LOw3dKe~Yblyglg%ST<5JQ_XSN zPM_z93cxaz8ELkZ-0I8lTZ$fel3tU&+gz^wa^-7&-0%g^zcSc&#^4jj$x+zXvjZ^i zK3fZUI2(59UcKo%ai5oG&2;n2H|H;@G!kKb%k*88k$r~D2_{lPxG6r=4Nm}e&be#e z+Y+!^hC1B@snK~_tKy%lJj+oBE(@E6T?t!7@4lXt%}X3%z6Q{d=8vOBR=xdiuC1jI ztcFM~o4O~M093lGV87*jc@d1k>aGVs{I3hiq^A0cq;~YyG8^gP8!1c^To42!G!B&fDj77-+>2A|_=Nd}>dI z9ST~kmhv}1TEXu&{AP?{YH8Ty5!P@ch&g<}ZJRB2D;WaaOE>>iJia(eXe14+ ztT?d4$0e_SNuE&ciiMpkf?Fy|<~CzAl;IU7{gI~>zT~ljB0B`1{Put@w;BSEBe%px zUfvlwEgp`SB-{@!8+Ki5=Y;rz5jKDL+(*>pQT>Z58R0I8NGRDvA0 zgO1uUMDn^!&=Mp+`xcqNU+LLflxl{c%|)#of>dl_i+1;p^!~p>kiLz+96A%(p||!l zkrw~%cb`4O@D)|{-V^q|HzCD2tMnpN8|CGS%hjPANZmc+$&M9Rg*QqS9Sd=jaecS` zxvHd`y7>x{pY{q7M1xC#?h;rz8(|^*C?iXd-d&@Si{3OapYQnl`rglSKjvd;a+#R6 z(;HGs(lpZCbsDkF*$ED<%o+R(Sfzo7$@dJlsXig!LSVST8nllEN4cy=P7w??_4Ycw zPB&CuQEVz<$tzoSohk!7dPfyiDo`9B@Htw!J%`|PKiJD5W?hRShDL5@R%-CJ67ttB z1g0t18}-B#9%v#v4!n#V(B}|zOYlY$aSt6?q=vj`_*+s|d-2p#iv#bC#ey9l<)9QR z|GG8l>sHAbnr4_JBYscXRe7f55 znO{N%<>>-l?)lDPi1|JL>~GdN$=&Vh?f9mRvo4SB3&+-S2-T63uL>EmRwymTUXZZ& z-yJuu-YSn>z{VpOX~E1ZdNV9qXBMGmlUr>t+uxm69>*`552kbZA_CGTD^ZAfRiN;W zY>5er)4aQ+HWs2cE=FiMJ!lTR-tGY5@Y3=$6$BVHRR69$*J`nSAyAr7c50r6<|^v)^dbG4gou+=zvP|y5t#OFJa_l1pWaj*E739xr zn17Yr09k@=X!9qUSLysyqaE57&tnw1rBCRbn@rCTJuWW^N(lrmk#wJ-Wf8aZwkOYt z*JDDLe^X?ve;SkqYrmSDc|T@KGwtv}!p44jh1=N!L3)h3MoFZbc0-Sa#$W=Ld+OCv zhVC_23B@P%Qr9A@)pEwFghz4^Fl2>Z`8}2iR;drJl%bW=J)zi*>spidl-9mAru_;5 zZ;${4y$qdFzjduQ!AHDrzb^@sr28LuRkqoez6m;D8};tIB6WUdB3`a)GR&RcGPJ>y zvy_!{@areIjnU_H=HBur9(Oe*E4jkk7g|2*>);rW&Un-n{^633)O?5wpib!66<8L6 zr2XCYWr;MWj74!LcN_3+VcFD((j*9(DSR}sOY|oU-pq^0j`@b~j?Ht(_ z0wyFIXq}M?%&Iozf{k5#PT@SDDo8(cm}l@Ly%|^gI2!qUApYBw)FPNOhEy)NFY}3p zArE(76kk&uQieJM<>EEgAbV61pr3OQClo~LuztO+;TIedEYnBb>qD3WG5bOLe7Rag zB@I8s?ZHQ_WUe+j@;)J2*LeTRHGhZD?-4t-hnJwpMCagymUN#Lg!N}XR0n~DR3vBX zHIfYlI?3#*?v~Tsuimy^Ez^Dl4}vpvoDkm=vhdp=+~4TNi(Wglud;>^5gO!mG?B=z zTOYLqq6~pO+dZZKNr*@b4XI+fnl6)FTN;%B1@VkIg(3Z^^7q2O+;kNy9B-Za$OgU{ zu2X|vtc+p`F{C6;d;!#^J8(pZkNe+45Tox9G$haM6y*RiquqhW`{cGiK>+#NXu(kGNRf+Hr5@u4f>d}<4@7dk9v^$}fInX4}sc9)~( z9=pZyT(U$9Hj;?+i23~}8E2aQtA9Xk*ady&FfhXzmrK!Bp3D)R!h0l*p6e+-WmG2P z$JfaFI6&!MI~l1>A#Z|@f`>Fo<@^?2P9ULH7Hl1IV;qm_QbP45_y0*iLg>f!NfS>U zY^B(xIR4((tkEWBY$-^!nl-6 z@9lZuuJ(*JCFI-=uwS_yVvJS99is6jhz1_eDUlN>JSRsYJF2;n6UVR*hl6uRrOCIC zk+oDc4Mux+2&M>a6cI*H6nTKt*3Nq^<~!Ge)5r<3Z&D9M2#cnZosXv$VjXB02w1Tx z{UCX|6=7Or+ZEa*HZb}wmshw8YB>Tlw8RFeSHi95 zQ$_URmSWRPm!S`sKJc5j*rrhBS^i%Mc z5}B*^B`R+&4tKz3hBNbveL&_=u|-P~F6KOuT0`5Cy41cIdA9y`@`s^yOxRo8$*^By zecRTD4LsN!t^Be#%_Qjr8eJ}xm+32?GLOHW;oK*L*K^w35@^^<`r&W^-Q`gJZ*;9P zuxr{vE~{E(W7PcbRs7MuS>VhzTbMm=H)7P$%_2=X2!L{@x@R==Hl?4Fs;4=JAOfn} zCWI5H4F2fWgMOwl5`jPx(6SH{ibA~G`7%)Bf;4%6B7s6{@r*h+MAmA*W$Wyp%uun# zJ}H}H?bw<93b~=2^)lwd*N?RDRGT6)GYGIJD(WpL%nIE}uGANz%fi>nOKRB@;zm!X zg&yg3el^5Xv!e}&fQqWGO>fzs-K@=I!;Rptr>|7UpC?AC4aQHd(R=Ely)SqbGVDR z18WZQ+b$>*vuuA;%=JXVT&`rK@Pe6I;hU9cyOZs75!gDshiBu!4b@nDc3a*0dWF$V z@LEMvlgT;kA~*0{nM2sWIUxkq3+?gf?}j@#kY=o(P4BG8<;~Z6{xc9%Y}qKoKiW~| zU+)GFSGQI-Hny0k)1X8hpOO5Y6*NCm)8#d~DRf3*(Lw z)Ugawp&xj4`Zv7fPjaI)D>*2^flATRM$9ov$SRucubvwho@)CU1s3TC%h`%&gK^%` zAVXgnAECp_&?_#&U%Y=;yp>J>_+oCRYptYC>o1TmAk?HrA{SrwqrJF=OV)ZW$bB3) zf7AOsKY$%+*LA^>*SBrw0y%+bWygMsft?e=>+#oC;*gcW+%ok<0yn`}nsxKVBl=^y zG*rTT1L(EUPp-H~+vJsUqi3iKw$bzbLwNjWH!Xk444UYmCK)g-S~B`reF1ai96CAPaQ@ei&G7AAT_C4D|vhfE=3`5bl&CG>= zB5JA%-|KE89$VFBc3ESVRD+;+on&2`oAlwMr=p^wud2;DtkVoXB>Qb;0w&5d^H*m( z0+1$lQycT34NW9%9*DG@4A9x! z9yX=3r<=U}knPmizWMZIr!_`n_nNSG$FrEO{nzExGnFW?E_|cH8jraqTYrwa^;eB` zHh$R(qKWLQs0l@+-H8@8cbiW8?mE=~#gD?bai6|MQ?huJQW8IoyN&yMD}s>V!` z?&NU*Yb2si$0t8@u*$;59arS3*xFABrAMY8*-i?OQ1|>`vaoU}!JE~*F=TDDu?WiG zG_V=Oh5*yvy;9^5?tC58VJ~^Q) zX&eZ2Ad0_13`Au*3bmPi0ab)a(h3VN*X3t$O|JB&<477h@Ey@X-rUM+rZUf6;#ZFA z!29z(M^{#$D=yx`9~~*uKh1n3M8$to8sRx)y?!h*D6?mMA%?0cAovL>Yv1*TFO2^LYt*JU&n6&Kr7Cna`tx6eSX*HrDeMV4{g8QViFy>18@WbivC^c`7j0J!)V&;9m|X-Y$vjhkt7gj3tD408wJfz zdKNM$VURi#;tiEJGHT^{pCUm`-^%S|zZQb6vSjOM8_qP_D#$ML=&>b~6VeI&fR>ic zn>da0aG(#KZ^7aS7C53r)?AzEp%W@Jp)UIy7ZCEwu#c#^&eH`DW5@`UG^Cp5w^Z~C zxqjLO^c@pmgnuk({}4g8%N1KKvnsyJ5DXX)wUQP=`OUUoUzlI7oSEi-aO%dYH^Q&1 zmX6jKWkjMpKrc)NBdmUqzI52XJA)&#y|SyeAUlEGhM%Hyc+T?uU8|eN4~!n$Si}TZhOHDf zN;Xniy}xOpa(BO5ax-B&)WeJG_v|$VQJEwKQ1o}#UM=7TCmx+3U*Zi1lYj76dVVlH z0(}Ai(xMu`2vsRsiDl@o8b%1}iVlz{vkyNY$f>Al1v{gk?W4|g<7r;E-_Y6iZ4dtk zY7*`vib2IGFO+STJ%_|boQU;m*XK-6id=kEu079O8*UXMMrng_8KlYXQkxGWB=6mH za_I<08_Hv}p}oL&jQafflHwDyv{Lc|3+9Ae#r^WE)!E82aBrfwFvqT}GC^sqfa{db zh*0=hM6r^|_lw|ySgSeeyN#Asj+#xHYm!R89MSO|IEtsRIh?r+8GrO4eGy)~Lchp{ z)n(9pKtozr+kK|{9v|`=c`Wtk`XcidIPXhvA8@}6MMq)gQa6ES7ABxQBa)d8@&J*m zJ1_LygqT>|c51wfinLlV|41T6X2y+&;lIWYE}yGEs2v#&Ba!7~Q;EZ4oxD2P@TkFC z!xQ&E-yz-ls?MK0!r!Lh+;O3IjXHxV8hFtc4HDf4H!pg?WGn=a&jYggK}A`3ZU(N20E0?&-C5@+!sJ1y;^J>MiTqIi$?m- z7_06i2|!;FN)5e0y)R?mExGvt2!<|o)pgn8zcp&)X`-ZSD24h)coLXL&=F4_Kf zOdcrF=aPZ?>6bo?7W=FOiAO6m>llQ(bY81~fNSA`RymB-kI0r*^~{63ByJDtJlybg zQY^KO0}vhJ^$BXQ@?EtEj$Xl1$=%2&8kl2Oi5u|xGtTEHq|$|56azC*Bf&qvrRF~x z1I&Y#cm?BWx8WDFxuX-)5ufL?2jgO17_{+4QfUOw^U8X@vFoQa3UGyIg>Z-uvI4^vV&%|e-QB0DC zzMnZ&lq|4sjk$FCo1^n<{9B#7xyC~?>Sum<)nZ0zFNeTZ>Z~UY1R{YFJDh+EB6R1? zhUDA#g$+6fjnO~~<-+6aq-EZ*ntghOg2wk}5zB&C!Ay_?hMC@zKY<Ai>Qb+)$r<{Y%XzwrG-h(ia|jg z6_`bEU%5j@WNwRM)RA;fqEM!ehFYT7XQ-eg_HHDV>pQuBj#(V1APb&f+ZThRCpcq| z-ktxf@~Z8#1ReQJKzB4aY2}uoW#+(nOOJtd7U{}dW=8Uj*=EdNguP5}<9426(N)Qi zJHA++gG#yRHom{vAqPky))0n4j$FTM9=)Sz=!py2bT@|*EtPs8sppo`MDFs`fh|7=?J=kY8n64S{X>TARt*wp`j zU}pro9fR<2g1>N5gePh||5h@55R`+u$O673CPhXPmB<_^`N1bKRaIcR7H{#sU z*V~$c(c=4fppcvCeCs@n$^6aht=hBvNcB4dbH|!~_@pY+814i84A>CGgT^7mI3koe}(?Ri?c`lH_LVo zqTbpP`97lF9WBg8y$ay^w^5JzQa_SDCRM8c3vMdF(;&oQz>5CZsxIaW@!y??Tf<~> zrIDv5r`>>&p=8yo9wWsUu{i@|rDX`lbms+aV33kn?m@X!RS3k zS;BBh#@pZzS>Hi|?-Vk)ocL^LRIe9(*EEs=25xT1k>A2YwI|+_BipmAR6rOKnt|AKwOv6{k$|lXtnTyjsr?G{- zOLVd}EahOJ*}IPaOn@)=FBZN&u}fCkFNVq8OS>o+vrdl)KzJdjO@Usag-|=o%5O#l zC%ZNA@$v5KUjTYJ)ILWo+gsaeFnbIZ*_T#J>Z$*SMgBjm(aiMBzF42X@H@ScxBh;H zUHMCZ4&E{&_KHLtEUNqG$_sFz8;|KYGZRh)ihhNMpZR^Y7sGYbgx=LV?zM(0@(V^} zo};{GfQCM%fNIErwZ@AfBq!{w8ffTMV%E93+Z%Z+Bev@EEj5{VeC+M4eGSe$W=w0~ z_Xkja?@H}Bg%nGfw&4GSM-1~+@gwq)%Ekq?<&gV3=DqLDVF7Cq)IAz*yKWU_rn99= z=aW|kRlj=hS%|n@Yv@nMk_1)2c>!wU|F$dHIpd$(K50Y~Qm*I3u`X}-Ioxi7En4%s zSuKuQM_s+d$lg_keKaHTDm)sF)Yrd0{4uZ!YgS(BL|AmuH+ayuf++Zhvp;C|5 z3H)M}k55|fn$>=O7bv+WJ%%OpCL-fwU#4WHjS3*$eARjm2~vqW8<_;5-3!2GOLf1V zbw2OBjMz5mXAh}X$ReN9lgoRU#=_h4?tp60W%#UU{iz1C;O84JJk$~R>TtTAJ>1sI z^2+LL-(k$}Ka)m*d#|G7azXypl%BdAn!=bk=xQwr(^M=Qmn_D0!T(jFZh`8Z=n<4% zChy4SuL~q-r?iYO<2}ZDul@a2{mmriEq3oX&$%fwiV862(4jEZ*l0LB#=XFD6ul)M zvtL}gV0)zV^{#X8$6N`3*lZN27`S$NWo0#z?JQ*0Sa&r%HSt0#=>fjHNo--GMjId3 z)xJ>bNnbtN>MtGAM{~F*ofKT;IO{;^XeFrZkzzCTiAhaF!iwI>=ffn~SFkY|7g^0` zWrf>gES(gHbiHE$(RRYp1ve`8r0lPWYA_!olWduM^&HPzSh5z;nLZ2i(5&lwjE(z^Kb6-tscpbrD;@n{`t6Vr$*~Ku+NI% z89RK>iStY%4x*7bRJAyO*^IGy?Um{H6XK{<1t*>w47Cj zi^OO>=xabOMbAf*e;BRpu{ILqBeA1Vp?=9zTVr`x@U)83?H)b&`RC8#f>!=GTBQi_ z%I|F4VplOA5YC{jtP$v=SYW1~9zZ7G?UzxdXXf2;g*pL$$=6|3Y^ry^?B|;1rmP=z zKYyvrc>kfMfc8@UBty;UX>it;6P;qIwsZ-L`|w$9My55MSwM94rx>B(1nnHzB?Q-LV|PtCpnVTGS! zBxsX&&HM;+SX^i@l+cfR&UNV`9-VuJFb0PV`j00G6=A#{8+A>@mx+-m{kgnuCfrud z-m%q8w+{de8#-LQ>O{}Ue}%sG=Ji587kCHyfK z=LT#oT#F>6WyNLiOcE6ni*V(#apSVF@XEwj^n_09X~*DeUXfq^>LmtaTqurW)g=h} zqMBLOUi#mTqU6j4`Kd6PME-h@8#8 zeVl{Z^#m{lAHm!5a{`Z3!RClvo-UoQ4uK_d(Kwx-NIz)rca1Kat8-IewaYO-=ub1` zsvn3^P>UdP>m}D`_a6#R&O4R}jc&O9gHiyi+kOc!Y?M{Acczt>}xErd^ck$5t z<@w2sU(dJshr#3%7repv)~|2eU!|MBQ0z{+EvfV&E%Y3yzj;YPY}p=Oc?ko(i3iXR zim8x+MWd+Puia`&3>}xAV)IXZ+a`XLps9&saH#8^q1tHF>WqUX#dWs z!_(n=^3hU`Ct|G_x9|-{r3ctP8qvTO?zY)7%sJ2e1Ffj@yOG$HY6H)2xlXx&0CliU z>jb}?QL%imgviz&!usesceE`Dd`<0L%gnoO&2oR#)e|da==mBDD{yEH-9$+>go17K zylWTtKze4gP@`<%d?3NSnbWp){)(i;kpUpxWDhHwFU(J(|J>gDWBny`v#30i7pq z^Z~Vy5Rqn7CSjexP02rnc5UFlTe1lSg4Jn#dANO#AgS4jU+YdP=&PKUcB3v2M_DH?9S`BJmQ2E!HS7 zC6;{aYF3aFuhX}%VZ}~|OL8dJC5f<9Ch&x_%b1Y6#;a}Vdz-{0vc)`CCN*Q#j^=u8 z70nd*jJcRSau#UM@^92e?_(E2SpDZKPt`Bk4>&}RkYne6e!9x7|+M((UhFiB& zQ{m(FP^ro!iItyZU8_<~e4?XrxeWK&o;14U2h!8UeX1=gWZ;A6l#d<;2}joBEjgny z)!^$bkJ_$BASyFpWASzWTTq(mICS_Y&@f00uwSuheRq-L*j@l03*NQ<$(M`5&<>DG z*q(Enf|HUawZEvO7FnCLsTtrleeK|IVhw(W`6EIJd--7{X7dSzT$R@W(MR39a;||-73o0 zta9TRH&%oovf~1S{sW0f6a{wvrx1kiy}@4VQ!FORFzJd7WRY$A(HTOZFgbD(D8^5j zFa?y5W$#Pnoj&Fk4BDR#YK0^QeTadv!4%I#oG^5RCkH3VLE~R%VavYgz#KNEoPeVi z)ejg)(ZFozRm8X2W{RHTHUEn}b^^Y7t#8In&MnO;14Y{pC=>8h_sg@LTe<3gOgXz3 zsl%q(;^&*D7Sz6*6AsIcFtSQW1N??r0 znNE$8nJ%3whK?`A4V_z541>G?`_%~RGmM^Sjs`S*n(Y!{T&0%-pM~-%HzKBDg6y0B$6t(n#(V+OvIN_<9@K)>deMXdG``Qy}x@s z6)@B}nWxRzw^gvwE^~~$6A8IDzaNE;p?!?4815ZKPff0U;srZqHZbR&A^ z)Qk~uxOw7j%!Zx$7nD%B$;~jYsYT@N=B7AscT%xGS+XEPJuH!0zEGM09QsH_JtZ8* zQ^AdXUKzvj5-B!VzSI=66X!f;moC~GEtIA~|I47w%Z(|vFYPsb*p5mwRh5PNS{6Ws zgSe!JjM)y`Z3tm?Y~!S>qrYu`EGQ^qI^-{vX|D(H7~i*Edk9K1T!#K|keq*S1^DZX zfQv&g-8Wc336cZQe3-lYA2E<~Ctu@o%dI)+C}a-Wn<(M8ZV!O5;&dEgBAcLPzZGay z{oM5;v}r|xR$>5};l|i%RYQ-+|B2OT?^IOj?2Gn2QmH$fjV*komTC94Q9xOllJlm) z)3H@<38zt!fF*y+m0`Z&SFSmeddOiBxytqJNf<=j^W8g0GMWJu91eCt1>Js(25aI< zUGG={5Z3`W<5D0Tf3q{>l}+pDr0J1v2*TX$bX1-3o=*BAblVT0DZ39pDMKMPR`vs! z+}#H|wENo78~}auZTK)mqUF3AG=3X<@1*JDehLMFfZb5HK?#Y0`(;&zUHEF4<;brf zq*raC?W|0WV_jtvwXxK^r8w zj(WjDY;x9Dq|bNMbm@3P@koOFf%Aw50GFU=#sIrm>~HI%zfXK_hPgHb#$J>WRHkP{ zLdFM|R@Z4>%9+1cD@aPlSHefzcjIWk>SwG{N0O)Q>jkK8rg_Cj9oNsit@$pI0MsMx z>xR9nr_@r{!I#4G?n^F_Vp?4&Ya-HX{ykn8D;+B=I%{i9uZpn z@X$JMK9{#K32YOxW{t@SIQUfr4kLDRpDG9OxA#Ehj@(a=Lw>;f^>f=%rC|LP@6($$ z5Kiz8yyL#Vrb!k(1-1f-r|N3#+_r`I|f;zRyQJ(zoGjN|E}bkxVL~kU_R~(yBO&e24+j}#NIHEst!Xz8YV;j~9Eji~_Cgt;%)cuCGZo&kQgJ3(>rDmWH2efU1mj_h4lRL$2 zA)Pcne4bwC%x_g5)^X!yRLokD|Da)t^BI9?ig{++98>_kqy8tdy6hbtQ)G~fBGJHT zajSv2WOLLywfy;K9V|8MZ(oEkI2wr+=*);!*mXa{jH7lVzUF-^1QE)I&P zb4-GB!G94xr#(MGvb6NdiOHC}sAI@3(rW!HCZ)`%bdvQIHaU)$%IIWGz?55H=nk0d z($8}-&jfh-JtKu*Od6|uNO3V*z8B>OIork5r!ta$to2Md9$91S$ls3AzLP#1IcA~) z!=m{3m;zf;+R>Atr;BtRLq)L5q&6mR_cK$>APFz`NpnmXG676Z=9~}{y6Y0WVI6gt z>$s2jLzOKx@5=_*uiCJV|C3v>hggf@0UAEhiyNU#^Qb+T0;L&EK`mn?4XrHz1mg&V z#Nz;r!Isbox?vp<)bjNK$e<9@V-U@WrQVb~)CaCnQvG**_l;VIvn-<=+bcf>d2-Ed z8(SV&NL#2#_TS>VW!(8|kmap>NrL$gp6Ne=*#tHcTv_!9liPVsAm=27@!xzy#5WRG z1Va8J>>fNKwj?&i4BoRQmq4_iS@%=w6QcWFdEeE1agxzP?w(Gm3lQ-Y3;-(AgHJ>7 z6l3`s4e)UL&r;+wjGbH9`wBJ$$!0&}GG>s-R;^8KVB#jEf)A4PD%2i7i=4!M$y|P+ zHBVsL^*tjprci+XD#o&-x?)^5yE-L*jpwe22mA5WQPkX~eXdv05LxMawr96Pzs z+No7j)m8R5n(eHpC%;Kh0q-U77+IONyS*DZ!vmsSDXRw0e@Lu+O=U6!EsO=Nlcr44=Nc5yfM3qi`j=bQr%_mDE!JZbY zTg+R&I*S&j+TEN7Y!z}i_sn=TN0XRFkQ2Eh`2;6qJL{3hBA&hnjTiIOAe^8*c$hqB z`Id7W)9q=-Yrml>r~R}PTxRa-j(7~JYMn8kZUH68c4H!~Qu8*Lc}RD|P?c<;VE_Z* zXZ4!(HDxYuLmUJU+akD%Jh-zQ$;w;06WKvnn5u-WIQLaUSByhK=$Z%7d9$|xB=Nx= zpS|we`qIS4D4N2U)bEYUcG|%BfG%00YD+Z_^(M~m#X7RH*n!d~nHw#7Ya#)}sR!4? zPtYfs?8HHhBVX**+5#JYcZigJ0dmnju%ASdpk!r2>{5&Q?tKUCYGwl=FIU>On*W0i zP7k31S=a~U;a~l&9FOr|d5yf5<&WO_$K7Bio9vh&(YFXymYuRKH}F6rlK>`XqZXqd z*}|urfwJ*!ghmGTfqPYLM;LxD&G1yv-ssQ2)TBW(U~fj=H+NO`jA1iU^N&F|jKa%V zTIFWe4*?+^3()BN!XZ+e({ZdQ%}!7EejCtM4!d5d;-)AChh;kpNb}&)^y)^5yY$H; zg;*_%2>knuaf2`Ml=E9L)hnvLeK~30OBE_iF*W347q;JDQgp$Xz+a1%`+1B4CnTTi z4Utj&xa%lSbB+gn$moVT-dWBTD+jN^sd*#}?M(rY#ZlEcmwXw?K_X20k(7L%BF02^A1A}F&s?c%X-u)dV$(a z7->>7q6=fxzIwv9eDy|njjw*@1SuRXg*MxJupUQFiA4t?K)6Ma5F~RrdIhY1?)BBT01`g@?OAXO56^} zCuvHJL9eMLTZUI)_qS!>TSoWOd|QlzlLxMj0@BJ1Z%)G!>Gsn%P^XyjFOV}mW!j1| zNYvBTjCiDa2#SV@nsg;&5)?UIxZ?mo1g^r_?{D4EQ8bTtf&usKW6*eUiI&qJK##u? zwo(!oiJ)Lr@!F0Jiu-Jg0d=!K;A}O*duZKN*!fbt8Z5EpDy+^#jq}O&gWwTC_>uYI z&x1}DnsVlpSfacwROCvZK)1{OU0H--<^I+zoea^u$7bSKG|Y(peXj3CGrk2|*zqPz zOWIc1C`Fp^uXHcI0)f^8J-Hrhx19!xliL{kkF-^kcDnGUyPD5|ao!c+g5@P`I7X^{5F4?zs6=!HWpgb94RhJl$Fdrd7}`^P8ktNM8^ThaSatvKd&Io znDPbSn6A;#spWb%8QT>^a8DJb^kWd%wtBC9rJgC6WIUHdNP|d8 zI&^n8NP~2D@5S@(?>qMX0U|T3`&#F9)@`6esEBXYMMn1g6&Z8bN7Amol)N;EhpEHw zt2@A+&Gky|^3J+4(0CoJtcSgYLQiODHuZMaBdpTz?*H+24F_WIdi-OfDHA$eU#Nw8 z--I{&Ep?V!NKnv*PJMtal|9D)!qcX9cuW{^47VrEUwm{7gVZiMoLoUbNN2v6OGp<< z%a6CSS4ryqte+oE{obB&n%;X&I~AJZ(p}?}&rrq+YbciO7eve*iih68;HS%St0GUKOk36T?4ZLL^Dngv05QrOSI zsp(!Z6mW0k@%r#B)Wy7S?bTy;J@Iqn^|*RPqbR(&9;^2M2=bv0FaXc1npa2dH8ilOr6HOsQm^7(B;r$DG9x{QSh!IhucMG;QBAb}n63eN+D%t1r?j-@dWZdZ-v9uG3c^mv;+) zoILWnn@o=+Y*_R3PfKWj_`~F9rGcNADdh5sgt6?RgsazW$=X!6sRqp<%|uvb0(B`Z?5=Mu#*Awt}uL1N}{uW~q~ z%Hpnk!F7J)*t~AF;_0U7Y_sxi1zg+DZ=;@tKi>8XY^}TbIkOu#pj3uYe7)nOj%n=B zA1E$4$c4kAsgl{EVBS@el7)QIG}bG;^ZFfOg8Ad_&lV8&pRa6QzVvoSM8v2xFvu?=AO#opB2_p>MJs8?I-@kUS`_e6;HMS&Z zFp0QdaB;NtW*#V*Q(5+pPNPhxR-`YxfwFhR_-PAyp#l4GerhB*d@0rE_)7Y92Hi;v zW5(Hx*ql4=M@4@#TK|vVNyx?~Uw3GKRIek&(fk>>tSUixMo1IJ(uH*x%+i6FdZ;LK z`hf5I^U(3Ivw@|_mDOl}u9$6gtt2GycnQ;7bxjN|ISsCu)4+eN+l@QFj_s zmC~@o>w#jSC(8)Wpy>U1$J~K{BY>G{StzF#%&a!>cXDDY*Nj_bZlDqfElH5sO(*ut zuOLOYVJzVngT~|XdqF|rLa3#;f~HfmlleXkviq>I9&>AmlC$~6Y@3?EfwCu* z)A&59F?V5xGbR(EJHvTQn!?6{kEQ8qm0U<(`Y%xKu(lCdvKym9MiWE}Meb6v3LuS_ z4(#6E);2k9$bs_Bw=s}Gp721Am!dymrJ5g3f_U$KPu-5Tg>7GW4Xx)M?kW7+Jv1)T z1470549UJfLi*jc^MABnj2Bek+8a9}#8`Jo(sZHSxz7t0H5!a68jAZl$}H&H2P=v@ zOfS_dB`jK;5bV1^+Vxm8cr1r2t4ZE2OgmShv6hy9dZ-R3$B*7Oi*6_Xv=zR1zjsad zx@%S-_2pD3_8T8m7!qWOajIGyQkYt7>0OoOPcd4Y5sVgXY5y^Oe*9qW#+g{*xS+Gb z4U|r>{K}CJuzEq!2cl_%jGpb=)GpLe63gN^#dmc{{@KcoJi(P1<#LPVKc7&UmwT3- zri)#kY6htX2J65riMyh!&jM3m2?CC+jY_-`Rv5c{MpLx{`Yewtfq0YwHG5(hFH7?- zP-k?LrI}n?e_~C4Vu`WU5=l=+o#r88C^*d#0s9hhm{>`OLJY@e^iUwv--p~+F62S8v+Zb0AW@_|2|B316i@yEGzN6%zqMH;29{0F- zL{(rBd|ALU^r9;1>B|x%0`bXW$fd9&J3EfQfSp%!C5t`4-%zM;29PA&92YwQ89C4^ z;pgHwn*j2aqrE%ms6%f&#Pp&r=B%@soqA0Y4i`?V8wBJ=R_q7F;T0JBmuL%mF z=g(k_@5P2Yz%xbR>)gIPylfPnUM@4d(es_`ee>wxc-W|5`yfm+{bh6AJ9A1nb8Wp& z1xozjMRQBMWn7>OwQfoP%YxJIHe@g|R*joHpl9N|efe``7Zc^bE=N{rtz1<1@(~?S z$xKg`Dd?DS?g;FtG26_@=dRt`VN3tnjYCFfXI!RrP1bwjM9Ybi$0lWohxW1fUH4-u&~;5}oz1vRY0^MxT);}@$joXnLnoMN zfDe&?wMLq;WEwbw9enDE=D!wtlQf1alIgdJySp28YcVLgyH%a9 zw{G+vPLf7EUmZ)u(sgnC`BgP0b1a~VCot7~chb+wPjY)sY~#QT%!Km)_Y13;o9b=B z$Z_w8GNZ?2bNV||!7P_P?7G;9Hu_Pzje+m#9OHpE#^C(`hjSIA_Rhn$p|iKQfOpo$ zEtMTalwD|KnOAZFct0K7G>&#BUQ6P+8{lUDmZp6>-sEPQhY3H`Y6U2!SwA!P0m-h`_oUyXkR@= zKVmVQ?gDorLPUv|Q;mA~#0!8G1w=B4cR-&=TVEe7NJlN8!h#=7=3Udme@XWy8Xq-{swAe%fMf0*uln+~C9 z2M3IE=*V?n9uQz%z*lFdkeIsM-GK74srITHwI@SHlieDciX*g$17ecxIH?NKN8ZQ@d+R$P&H!fz)GLf?+>$3(q$K?$4?Vusu z6w0HM2VrkxkeHwVmf5gzzb=V4O*ROz&p3nDz2Ag#2#02v$qa)?bFnm!`|;ie2VbHg zHN+HAa$ZIK(6~Mw`uF^kpT~{~ja}pZdYYY%1PWCUl@_(nE&*>x?;yte>;5I^-Ejji z=0*NIpQh^zAkS^&@>k|hy8nEOBwh6`0wKstS?Q%HwX?i9rT3hqFwB^J z4gXi>IvM1js92L-UAAhbmZx_S5{{o)kT=1vq#)FASvwxAH@wOF1_B1)vqo9G=vxMh zlOCp}^2)z7yQVkP+& zR}JVY-qhEt&`uB8UTpMQ~ zBWPYiXM6Wf!5+dzLzB6;9^MW0=AYyfI?| z+V)MGxe1+;cJQ~l!!+A@y%OApAQp=(7sfZ+6mQS?;#Kh49f!!A_+KnRJOpb7YYvq( z(l<#FT}csAxd;t@8Hj=k?SV@Q!A@<8!_+8+US zRQM#B>9**xu@Xv#ZlJnOkm*uJ#A*J`y7~U%`p5jXgQrlmBE_%Lf>p?Y?3z-*tL|&g zMuyTlL((pQD?!jqqAF>0OM~-`G{@HomUEuDXIjV7%L5Qs^lz2n_004M|_ zWJRo~5#h|N^U`eHes7J<9y>pdRm5VZim9{0qKmf1*Qd81(H{hG#G+X6-Gy-?lq+a) zqQ<7A=^3{lc(t_?3bb|v(FpeXwZ-#P!^FZQ=$S`huUZ*!k|U1pik9OeR4`ElO**V{ z>q%CLE)jR&m7X&Q5B)d&j4T8E#bv2n=;u)HZ3~IP{c7Mx4^QHEcl_tabNVaRk5|{5 znPgq!G7?!;I>WH8g3YONk=;TVU!PUN?b#Knpl44qn^D`fed^Ttlr~GOczZthlUFf- zKY2!@w`8||h~G{N`IJkk0{#del0fxhSxnS?FDeJ1uWf*7b7ehrbdd7R!lq=5!%2^k z0P>AaIp^!nCxfpJV0! z3;w1V;2&nQS*3+YYqLJte1P=@Wqsq;xhQv2?y@5KqcbqQ_A}M~rQ9uRet6#fj43$; zog_6glghew!PUc?u*Mz8`umdq8~CG5RmRK5EWRn9{Q9xyVzkt07IfS!?2+V+cNT?_ zC>QSU?Y_@h(o_!a7$>Etqk8ib-SHD;THI;SlnHJcU&9S`V|Bi>i4OYorZcaObSUW+ z(}rts+jDqqrm*i0DKp&;^vrq7dhf#DfKF~m2)pVthBhIbGb@+Tnv(CKt5 zEO^=al8pGGU{h`yt=(K5IO+wwuA?r3OG_|CEG>WL z)#TSNEp6T3*(o39mbUiZodTC2BF$2)3;R%D4`G01H}^Ag-;nozBL>qA>3`F$ zYkiz>Ejqb_GanVPM?DNjO+$1_%Zf?UX^_ig^0RsZFaT&yX&9l+n&(6tR}OMR(70zr z)U+(}FkL}L72CMXK$;tFkyAIrcYz09lY=)VC;zzk9J)*UjQq#Xb=p$S7AX%)| z$<--6mSgyRD4^7w!ECaZ6S>!x_RaXPj=bGB;(l61tqSFNE1bxhi-TVle&wRZ@8$d7 zL$l>gzD(@7m6f6cGFJd^>%<6N%zQ#Du=)!;FL>JMRAQLBnZ7p`TZ9EB=c=kQ_l0=n zLqg{TG4{iPmqAzdo(B}-Awhhigm@r;-sAUhnu#3n%I&xlZ_|OnGYULA3LxNR#`0s7 zPdPBX=7X|dO#s{tuCBAvtV1`6xZV!<1F@p^6r_CrDm%@kvLf4Kmgz(NWP;Ff=)^g> zU3&adGh>L7;`eYJIFq}nGR8^2-4q_2*0hpAJBqn64~aY8d>r;ioyBf6hBM=ta94*kW>-+z$ho{aETrGKd7H|TP9ACA|$`@^u_ zuKx%`hwAIwRu@?EkK5$A9WFWom)rVrKt^V%dzG59*Fc4TOAvWNNcZShnRbi2|Nj>f zkrK>2NoHUXPL+r>Xr0o;nZ6;KZi;j>`PQXKj}X1v-`AM-iRZSiTM5Z>d84PpNsVzTb6@<3G4sTd!@tx4Akh-f(70t84&kt2o2E)mGR1l6Z1m z_44AVP3Mzdnr^lv-zbhTz{fp4+-@3ZS_;fu6WP{L1hraRnPqrT2hn8!yCpis|F&Fn z5{vw}8>2h3beAbsgigTr6SBXH@;OzHNj5mj6X$@R8jpIOT|A(V-L{qt?*h#Cjv#*6 z8%~o!3xXxyJ-M75($eD^f4QmAIEJ}yOv)^281CA7*=Tq@PMByi!yyQMhnF0rkR^2$ zZM*|J`2?2St0RyV4^fgF<=%ze6eqVUGvLq@j;4Epiyvjp8c3P%9RV2ZCoqFj6l8c> z9`SGILe@b%H33Lb9Nx?B06VOM>_o!Tk#_`7e{jUW#k?IE%;THhF^j{WWl+ zG3j|92S*VJGkZsW3XCN`1HW%C;2&^*v?xy3g0Q^2(8HAx0jK#V4M)bW@us-23731V zY+q}R`WGog4j_Y*k@bqjg3_l5Ki@aiHpfL(-33BFO?&=XA@yha+4hEUN?y8kO*Q2D zrgCXXugmu5v26E%RTKLb8wfZ?Nyp9on~3d0kkukPo+J(kO9{rmT>}?uV%%F$s}@Y9 z%Yl!SxN-Tm3B%VriaeH_Y|I-$80L8gD18);H;rJ+IyoCx><8N|5iIy93%-?3Ud2IB zz8=s7>hRi9krYf$YZ~26CrWr}#kal#LWFAoxorm9+FHJ)^D4Md>0kX-srm?ZTqzJ( zEWuRNYU=j6-bgZlstGEr84+D=wR8t(=b(e9+}jfhMw86{d#!u2PNgcb;`8W5_WIMd zK%~tjTbI4%Y-D(X4;Jb})g)m-00Vs-&JfHqW5JMB%oOqwgKFDUf4(BTUxz4$M2PS7 z_*bp|*fe}^IZ;TimJYInzmM8b)QzoEZFPC56@1I^)x$+w?tgbp%0R5XOWLszT2!wm zP4>1dPEK<9rl~0k87Z!^qqft2|M#|tj61F3f*H1z{VkLnzbL)i;IaC(vhz;nKeU~` zn76}}ELjYfpc~<>6se1GPtHeKE$P1fEbtZKz2L9CT=Y_(k*?0WImSzxQ-kF){qCV` zO)M}u$hJ}U`Z+&y^^(k+HC9#_xjb4h-vojzL8xvSd5z@o*P%OM?i|nu9$(kazzO@m z;BI$BE+|o~o6HaD4Ukgn56JuF9{ek@yHMdf3TM$z?HPn#iPi3C~ETr8#m8|E*T0eX>|C=BZRvyw?-X8bO*_ZH zp=l2gDf5_GpI-R~1%f65HQ(!gy^vV4+!75s8Gu$;VT4uq^8J%V3!nLmYCL*)#J^&y z;>OMmXQP=A!G&QUwYr)e@4i1aG9=rN{??VZ%Q!3LW+AV#ldS*oX`KrN@w(qyS-rFc z8b9*+|3)yB(()`gtC+KW$p68r@^>RikF=|HxnG=~)j+v zK!lmb=|mYg>Y_8??2Af3VdU`SCjLER7#S=hH|sIBKXu|1yKBAW!#uya^^oWi;3TSV ziBuB*^XJ`R#50`y)lH3&C8DSKVal&*YIM|I`nZbM{LLuleZJw1RrNOP%fB|Ehu`Hp zV@6{xE;~}BS*!6U_m@kd$51s5gW!?juyd{g_mYK7Qw7m#912U*|YFCsYvsE%4c)DRXXCf+q)58Ac4%M^(gl$|X- zKDf<-1hM$PtnOR_al*%V5uGSV#g@Os#&RGAU={vIJn{P9im(~pS`coxbw3M6MQ-Y& zFIKHGAFIlrmw^q!LJ%68n9(SeB@>DhET=h~BT* zRq&iF?Z1~rWJZkpmBT_OnU8lgb{_F_cDjgnWTimqQz>|`$oLfGBa`w7;+8B=gWKf( zd>W&~oNLhH2Inqfw@A-(|A`sF+QWu_Qxf)7aKM_m)ckFVe9Q_Xwds5WH&!7{!|4#e z=C9GBmNOvM^$hVJLWj`>*?12TiLAdBNR#Y>3S5dUPU3AM9}^G0pUG1#dws*#MbiR2=vcM)Mnc3h_HS z-v#Qm59IaBUs3+Ul_{pFMU?5O6%`p7dc!5tNzCK+x@a)iXOG)Y`@o;@#WG@5854>G z!Fm3*MRhId!58}=-2i`_%u*#`A{GN{W}nEeflY1#^CvqM&I{fAhZ%RB(dGf1Qv{fL z!8QE2AzpgOrWN0HXPR9j0nBN{GqKdk@-}koJnvHEG&H*z3>z~9exSg4y&x)bEjPEL zlQkm3%GT0;_3EF?9NIgE>ZvYgI#&KjGkZ${2PFqH0%FwD{;z#X2*$-B9U4t<0P6=8= zWUKt*{IuYFNR%?iN0%#zs4rOS903^Z!IC1TKw&Hw2?I+pc4O(;jYzwNCyX*oI;viE z4d#KFbX9WiGLFU^CZi)f9Ip4f1bdYY)#ygV#soH~yiZe;s2N(`T=Xnx+$AvrS&T6h zjR@D&mmj3d{#z$%(g>E(->-ig$v*c-Ku2109HEbhc+F&cP1&?xGatgT3BFSYB+&nG z8Qj{gvN^04M>@sz_=BI9V|bJ*XuB>luxE@)r|h$Vo+sJUqsR}cw#tL!6I4Q%z=enB z$*I3tg}V6K^5r$s;7g0@iq@LP8G&*h4$;fqX}j;-5U1boh&lXzz9l7gAOYY5#{j6B ztY94z@p=_)$|>H$%b~HT>$Z@9_KO6Kcl-kxSnsnwLlkxg92l|8$57#$rA_devbrtr zb_yOk-H$i>dB4tp1(_KHi_y0`^AcXT{0dai^#MrcMVw6iu;|=(+2JhTP9I$?ExOJF z`}2%BWGp%)dH*eJSf>MObGSp;obczDUA28i8ovX3~Nb)IFs)p+- z*1Gz@_^_Mxxm;+E%2icOcEHwFqzV-XbAa}VTu~^Fd52f&FJXmYLKnSH2kl8qpoK)4 zpG)miC0jBp#Cc;JQt|CRor*N74JMtzBCq40j@|RLVAfbB1sg+41U;{PE=|L5Dw$Xo zF>n9DMiAK)7Zh7FDdNt^z#5dD5Yt?O%2tI3azaW+Vu~ z+BdW$!V2=e-_`3ruwOj*Ny4m#t~!&|IZ`;9^A$gsHjkTEFf{wZ-SF0>2nQc0u<+`M zfG`MA9(?;T5cW+fDmH-$q?am(@co_td;wdAxObp*??tP1NdP5UpQ?AFLov}H#*oOdMTo%hO^?+-!2S0 z7dS_{|4T6gq~_XyQ)+9GQCix;TnXh^VKI5hPbA69G^BuZk+O3Mu!>Q>fV;UA96h{Grm>mV^+{vu^EVoGZ+K56D7UMC2vK)UM!XM-4r{ zxOl4WD7T@{wMxMs%`6?P9AKBV<>_Dj*otV_UBsWOuus$YGDhfT>u=2)v(c`ktPAHj z3EWqe>IE10{NC+oJnJh17ofBYK!KB4l$p;;Yg%foinTcG&%1uLm_u64CB*|WS$aKn zW{<(;(UdsEMaOGvxEZ+Wp~V+s9|l}0wM)KU=6SgUg?xiQ#-buz5{cWdNW8ObBdyY0 zdrB20s1qYjajIBzbbJ)>vHx~ZwI?5}hq*Isxel zNffHGw!%vlT^kmmjdcAa8%cNuWZ>=D$?E`+NSBu(iTAucI!h1uuEch8fb&A08>sJ3 z4MwbEKO~c9iSSundcINo$;wZIH)1WRTa9>QOg&DiLqjlE=6hbudP;oXTdh|IcK=B> zS(3o6eBFOP_5{FhsY_t3r^TjU^x|<2Hg_ZnpB2KgT%28>Q?1Pok<{1YT8tTT z;w58jIBIj;$_njEcUvTY1s9+G5z{ff7LVXtFxA28I)BT&s&I-L>{P*+|0D$E80btg zlr^x=m0L#%m_{27G;j z6C}T0t({`&?QEU=I+mjcLeN~ivSLnTR`4{5>&zEYFmPF|Fc9=Oh=zn8jxkce26@VA z%ygHP|#3_1G|6=(YGfLyj2t(Lx#PQz4eifm$ z8GDUm?Ek9cbw9~G@pQQVX>$1D)sA(>fU(CuCd|Y+9yExFWD$2;tE`m`84G|mg2Kh zETjF5l~Do!CuX4psj*JD=3m6yAR6WEI7g*!>0_onT+}vi zAoM$;nM`--X>A)YHj}vhW$Va0-tnlj>wIeObmp9)hS9D~xEl0hCgZ0S4cJzoYvp%k zYC^9?N|+Mu`4ZodIVuX@pN$xat)=M@6<(t^Vm%!DJ@)J~#W;`8`#Uz~%MTj?lcCCv zg|jI0pY`v5w=4tHr;DDAG{n2S=>DExg8g&64kja-JRr%yw9R+)qChH^)Di4i!J=pm zsiVr_`aUz|22Tn^2+O-|;8nsON6|9xMufi>2Mr&f;z_h4JnWMNR0V7$JGNa z^c02?!NxG8??_f&t9 z_kP21GmgB?Ri5!BO^jN)pSf%KV}Zz|SBH-g`3Eh*?c=A<_(rROJXW8?tH-}|Mha&Q zuAm0e*9AJi@L*ASl#!(c$N91&_av`2O;#hpBfx^Haoex=pj`9Uv7dFNojT3>byw7? ztU%x(yW}g~k!yR%zmn|}0QOPVuCO*IU_j-HV#iF55jg45FP;clGj{<_6q*-l33K}s zAr(U!Wqd|Dn2C2}G4AD&sI9FcE0(9@b@5X(5`rNOA+N>H^?HyB2^C z{T2MEx2;F{g|ZBAzc@yAJpA6XoMm>6SP@%Z)wj80c`|((_#2TzlYrd8&Hn4`OGUJO zEvVO7e^Mm!c_v)hwNr^yj;F}RyaEnISy`$UmI05#N@jUuH<_yiwcKd0W)t!#{7 z3RKmnjGAMp*6jnE3B%=IC&k4RviSnpRq%FWz)z91w`T48=n7P4%&HZw$F-2Me6~iiC#Dne$s^@dttV!1s{tey}e zTYS_~Q~Vv)8*5?E#FLd$q?P> zT&S*CF)@i10;k{TxfGd?YND29QAFJsuS@#9|I)he;>Rd{e+%zOIy@=_rD$Ns* z)6EYqVTx;p*5AMd5t|iRO`6kPk=xcOCljXOX)BMhYvDO|2L78WJR}j+es~0e|u7X*jVy08UWC);}_4)+U*RhG`(FlcVv+Q^6-K>$W-pJ^C)_&T#f?2EHYj z{!$N-bK1GH7YHaKjUN@P-C5+pmnRJioXX*+iQCWzKNw0#1mk=X*0obS6PUYCW2Ssc zbf6Nj=l)*(p2eI_VgYO^D?;Ypu-tj#wJVE^)?-gSG4BTqtVmn;RCK{bdda8hizEjY zgF~m=Tvrq#w=M#+AXW>~mhZ7MWZp-j0$n-X&uR|9VMjBV=rWw=WgbL`D7+sx(&)AW zw@DIBhCAh9Y1FvWPouPy%2#P~s^Dn|`tKqRNf14Xki-uq3q06weta+u6YShIOOs2e z5I^&cGg!s{af~E0njH00i*D(E< zqdYT`@%P6tmEpLINSTjbF}K|wobu45Qxf|YI2z4(*^?Cm!Qw(81H%lLegIIU<~7)#u$6#DbnxP#|WsQs=GU={k=d#c8!$ zUMEu>Ib48i@70Bk<9^DV$&}_8Ww>TpMPBOW*0sHbXVEmdrGpOJ;1ey+=m(F+ zzy2mPBz{00(juPm@_aWqprL&I1HMzR&BCOO-lp}zh^*TCmu$>aZD3m{k|1Jzetf!c zuu*w`kgoS}=SEg2>Cf`CBH7{C_WXw(_2#~DZCt=S?28o@fDYAmK7et8O@Ho;4ItzU zOpF0Ze$`p8aMEge1C?Wd{K*5_*=U%)(Gq~rE+`wz15US$K1!r(ocC7(Zi1KMG(yjC zk~GMKyzA~(F#M1fI(Q{J-_Roi;mO@rR^0tj3NJDco$uq#u^Xz^bg#^&`>BxK}G*?k=){#>L*O$`Ie~FY=z1h)oZ$jI{mA4Wc5A z)_!uZk1pyjna35?NGI6?(rNP|JQfZtslqjK`ve}(d>Oa-8o?z8K7Pu!$5G%!85Mqg zY@%!`I<(YED0_GG9@`V2*t@3{;z9}z)Bic{Q_`GvpT&tSn3oNsFaS3Z!BR2KV3GBu zKzD<*X#7?x*njpb<0(53aI!C=P5NHZK>fJ}_Os?B|0Y)$tpm9NV~u$m&pgH;{3D0? z$PY|r!Nfke)qdf}YsFd1;u5ipyiFUHEQz&rfMquTiXE!22vAeoBJ}~{OR%kPQTcO| zUB<{QhXKnDpOt>!3d5i<7XWcKn8LYie(k=0I`?m^Cj(xRXc!LuB`} zmhq0%3mwbhV4r{?Go0Hcq*d;AVP@NgGcOEn{-Qxs! zo6n!V8>QgWw+g&+2J!p~;7UTIpd(x{51XV#c(Dh%3l%QAG*B)WuYunWkblD?_Nn1) zK3saoOsDL8L;{e$j*FyyD>ULXwVTM}YHUB*2O;s)mS+5#P9u~mZXE(o;_3Wdrq0j* zG8ZAzt;e90h7Tc?Tb^b*Y{96D9Qu#U60ZVs*m#-otNG!^qnN6Z<=43K))U8p)X&z5 zjNHv(`=-PPzkp8A4+bUfiy2)??tA^_J^2wfiA9bJOJL{Ej}v2d(2PJADzx@{eZw&I zFCJ7KnTtG$Pn#7!qt393z+$o|w%_o@olV~=^G$-yBa~G*lrv`4Q@caBdaLjZZ#d2t z?~-C`#D?iS@Ir>>_yC}vR`g<DWy; z#-H3gjfa1KuSO#hV>iPtcrOrc?HZ0HD|13dM^#@c(d9(sM{WdD=U9oXB$pM;4X8#} zn^KCbBr@xbSF$OTrAJwS?GTxOF2*ZY_F(>r{k}=O3E*>o_U!RY`h%!yK{rv?M9^mK z)x%FRbE@|Xdbp(;GYtHa?Uqow?S~0P3SU7f2R*ChWJAJ9VO^H4lJ27B5DO-g?)Z{4F90m$8Rprd3>8$(3S;S(B6j$IpBY%beg1oIsze*V zeG8%}^lF8R^kJf6uxe&qT~1nFBG@Qvk7uMRG0Q+XOnlAYnXT#b!ST4(^CJ^z*^#Gj zbeVh1R9mBdxi$=)Jwv5#XB}GggAY)AVs3nGiJb;=BxkeIbo1(GvbEZtu93T*QC~Aj zwQHKGI0d>BuPcXy7C(m|Y)zNxVa8gd$Zz-pwhV1e&bHyWYXxDWrg=`y6$nyC5A3G+ zYZ0UJ$N`DHpWI#HZb!D?AL=|MYuorN@~ctEtr4a<{y;&2xZ_SyK_BQdB(o-Ogs)R% zgwqamKTTV@lXL|<;tZm> z@Cn@FdZ7H6Bz#tTMW${sOK>TnT?8RrzAO;FrxQ>qsWzB%`YHg~j9W8j>#Kgl&nDkg>8F;L+d89F>5Gkfv9q975$Zz;t=QxB z9&e_{U0T&p4F9ssfP!-|6+IUVL|3ps{9E7!%_d4}?qi#^TV-2KzwMd!jY#HyV7Di= z3RMeldunQ|%3W4YIISoKBpiF2o4oHPb_zOB#}=E`Fp3`0l4KA?rEdg$axlE$LS3Q2 zf7*Yn-`!j6nMbgQ22)>#;b90IiQv11!gG9OOUMIQNRb<8F`9r0J3S8M6oe^wiqs}> z?pxfb2v2GAk&fA?!!@Go9*!5pdf)Ezc!*{Olmq=}bQRKP>FMo|PB1;C<0S6^SSP2n zKKAM|-seeR_VcP5gA`i&5=V(KoNvh=y`a%G&6o7nOWvpQyh&~fi^p#b* zSU7`42$ww)S2qQdYs)v>{y*W^ws1yRDC4Pij(rOvngu=GF39YAvOxsC^ux{fcm(Zd z;+-T}37g;Dz^e@tkDSf&CdtHDM|30D*Q*Ae2t*MfDtodzmcL|OS!-VsjsbRhQI{Ds z?p1Wj7RDVeXm|^pKHtDqE^v2X37IF%pgQ^FduYFCosD3PUGm<;wN7Cy=izRpTrbSv zi6A4L?#M96nB_#3EsbnQ@=jHg#@X!Mdl!R&JtKVrzsEcL^I-ZmM5L2nNuUhe$RDd8 z)f2pq92NQAa^wq+wbAVw6XP2~2@Rrtm!48ZP?uW}kH1azP*EZ|ZV!9K&RlaXlTf4l zU)K`H;;~^C)55g!)r4NGVr`^>zgcEkU;{%7-{3VI8W0GLnJzwZF28I6e)N$TosZp`b) zw89s0hOht1RuUA}{#_c@Q0901VWn3XDA5u<6?qD;V@;oG{NM1Vg zZJ1=dtT|O1s;=r5R(RoA!LZ}b8Hr4~klTvKr5`Mv&xcIrvf7>*jc9d$-JEZJ&f<>g z&uY_ZW2Xi2P5t)83p^cGP1nOs|FGbh!tDtv*VIkar2NP;qgyPWC+pD>@tas?8bnaX zg<+sMHon?)dr*93qw!i8-LK=5*39;?Gygx5k)u>@p?AlkKiw6;m5ueB8Z^3(`FC-m zbtUED8Ykz4u&Cp2bE>Gc-%Y3}2E!>v9?L13hrE;`^)U9ev;XC^bhTOqs`^99J!8>~ zEJwyT!ZMpKk%ygOy10o{3B+2PqpyP_(3nED_(WGQh`#oG{U&lrkq<5SEqD2hz6%@u zdhB|%n`~p%dY1pW#3S-u=1o%Y=cG`@J0!(`__9`S>3_0pdP~iqc9~p@%|}RY3r@Ic z>U9h}XYjZo6qXU8UG+=!OeB7jl+~TP}`Vkq# z%K)!vBk6#qJ*_&^kJINupET!;A@X8Y)Hpg33d8Mkh5Y+fkOAQQ_4sSD$?!eIpjXbN zN@sjYWjL$h;bvF#gWM9{)Hz}P^G4T2rXW>8x4Fr0`@r?}9$L#ZWKqR*BUd#==I)Cb zh4~q4fzFJg0Rx{^1f&*IMo7qx6A#R)avRpa%dP{_5LF!S)8cZ<$Y#Rk^Sg1v3^JXW zi`$9MLH&1{`MV~}Xe!Pnvjv;bspUq51GcS;^%e*Ewr`h54j;5RDxTX+=9VP+-_N~{ zT9a1vEOU{LB-P4_6RtgjR=@B@YMc6wPCOkV>!+uy?sqc%bo|0lnVh0ZuiD#2(~qD-Z!8t+tq=C_`8##Pahe=ak(<%P=`LDj8f(oEcNJU#Dl zj^QBA5&591yy>`nqPj0_4ybD;pRh!J{PU&kU}L3c!mQhjS_tu%qWE)F@4}r1-c`7p ztKNOg@P$9dt7zpsd6f&NHo)B?{eu*nt^FjVEh?wi4s-D9X=CDWgD|x1N;rr<%jfA$h9(EZB&2q+*bXd*ASkg zmfHY`H)K`E#k2?52i3JDv!hDNP+S1|3uR#p(;7cA@IcJl<#T~6h0y8XZV4sIaFUJ| zlF~;>TEh!gdV18RaLf+@&^F!$LCh*zcQX5BxZl7*+xw(id~>BY=L{|Q(X(8sgGY&$ zV5g-{k*czsYuG)l(h(8fm;{-ViX`m%vf5wZDlPiX5cSPipU)a0X2zNCwhJDKFA`#y zBf?8`)C4Xqs!stwtngRyE)qp$u1f%t%3u}3YBtfl$w$1gu2ASq=`-W|VFg>~88eEw z)Vz<#y~Q_9uBfb2pVP{rDzsLzkYbb{R{5~@kI-EbUp1+0xg%iws^_tg_L$g`#~~)b zkZ=5o=H=>`4A${T8`?2$x6^mEZ*{)(Ho1QonRC`wc*G}EZ~gs0?7rG#Sj7^9JLD3J zj5q;6Re{#-`1U8tunslmHcTk=k6z8A-;GXElyp1;(A-H*AIJvL9WKlkx zJo|vr5z~&&&xp53;PibesH*FOam&N#&*v4^01zjD9iO3UFXsjBA&G0!ZB~hN-@)ve zoF&7AYpyR{k?`erFIfhj59WyIW_PL?TsDmp$^tfU*NkMZ?JXhhP3|G*f5y!)1Be6S z%z}*0-zP)Q*go-4=64kx7xc3<-BE@)GW!HEE;1&65??MA2wTfmV%d=t!oY{6C;aVg2c+{CC9 zo=JMpTZPmtdt7Uv&EN{$nE60%lSTP#;_y>X_BP?SJ!5#L49kll5RMTDV-9;A^{PWd zQuTv{htvFiZ7}kSU~#S6kr$zE>BwA^FM~yWLL!-cn);zjL>F&f>eUn2V>?9H8hYPT zp#e54`^kPwq3diy8BJtUrSy>n9$AmhqDX8Svoshkr}{g4#qAhD3n}FT`B!_is*l-X zlIohz**nZ(h-2`@TUxMM?}YsG7C=E_TcZVA)8|*&|2Th>fC8xHLdh$c%y7dSPmXzDscvP9GKAj|6If8Cdq-}j zdJR|RTBwHUt<)l9h?j)?9BSr@v4D;;vKm`SG{>mYwYwCe(O9&_nSh~5Cju#t-@_5b#H3X=~q%I zA7Uq~aK@AKwUcJJcHSaoHShz5sW+5Z>p|(uh`Wf55Co(IL`k}r-FbRtIUDjjS)(rA zy-8kOUPOAe5r|Ewi@;Tm{oA5TMi!oH*}@dg8!l(8pqsWsg|Wl!Gp)Bx&8%rw|Bpqy zmN=}jU#StFys+=0YXX*nmuT*z$2NKI7c}fF>gyEm$K0|Qe`RR5A06Z!=Nf393@E|< zDDP4?4np}rL_ZgX@l=LljyR;BsA?`mbeG~SxV}qnKB7!(bFAciwax#zR%oqUT5(tmuLa4ifMUD0SjkT~6d`74GWIgwF1I}v4Tzplub=bAyDZRB>*AzS!f1z*ryS!yK! zLD@9XjFKH!Z+LlCQTCBd4yKD*;E-!@mi*fXmfjV|Jbt=ebD-GTTo-F&jZ@;d^`&yR zv_6FSch!k#vXnr<23Ad??fdxf^2$3Q0S=Q=s@sV6<~qG;%^f~N4*1t4#M_86kt$la z6pj=lr%~gM5mS>@i*njnd6z)2c^*W3@_0rtNyQXvaqJ4(B|>J^unhYb>nRB(GgWFV z{^YK{b|@gjEFbk;d@8fQuJgKKF4)ZN#98<^x$V%oSX;k>LH0fJ=dKCy zXnURE#DhI}h=0D2~$zXBw6ev`(8*Xzm3$R*8p)O&Yun6hA&&vL|3y)^^qJAh) zsLbS6B-3btIfRA(%YDSH#-^t9eS|r_Ad9RP+Iyx3_k}2)GUZ=5H?6PXqhw@OapGxJXW!@F$|p^@3=v`!rzxUomrn9*pLQ z{{#omLD39MY!%+}^J*Ac!;qGIU9|bW3-4 z2?G*C2q+~fjiicnNev*4lp`T60s=FXAWBMi_ixYnzSs5s0q64Y%*=l7z3#O>i@cA1 zY{#l9@pCL(6BXy*@2{57-z(vHA^noU^K3~B9p(>#d#y{3UOWn>^rSAGIkJ=eHMzE1 zFnf^)C2okv?WpT0S`Y)nY2vr%SHCYUR9qbkk%#L-qAYAkDvPfMm`>ntAD8bmx~KP?R4yG<=m! z{ntOl-BF>GPvq8&!qYJ~C8AZy3OO%lGDVkvI48b6xj&T<&&rE;hOB~?mR=$=Ic19+ zI^r*2X1v~OzSPxg>F;++=etdxap5++|7c8XUFPi2_2DXkTWKZjxohlw3qkmkk`d!E zeSJ>JE*I8VaY#;Toy?l3yeT!;0zhXwI`4lIr)ljDftuWBMADRU>b!BIhP@pQ^b-Wrkg zMBP=43xgm!F4qEW_o%pM;X1k)b_AO--;fdzJVKE4`tOXxN?r?(&R{~Hc2h1n^9JyZ zdLzSQ!hVyg9S0l->y_4oaqp&XxBR|Yw==Onedat)wnfmrwFjyp3K{kG@x{AM zvQwHob^d2%@RRM*XIgR;fCmoaRZiFG;Y`$B8a<6*<-H&&L^dq01q`XS3WMC?whq`= zV2>r-!K#SPV=FPTD)jQ;Q-iLVhXT*a!P10yv#4U`r;0v~{U>^eGp0#V<5UUQc4h-mxe!2e%u=mE3<*Mo-VFweg7}F%Twu zB^K5fTh0sRtp1ZnuUL4xFjIB<9@yHR_tOXRB-Hhs(F|!Q8v6A8{&pJGW zF7;`B>DvCI52AiSn2tbvr$)FV1QCzqC52MRhnuIz386|(<4!5$%|>KcVfp0Lp#k*P z%z7+*2MaOYB`|EZRSrCVM2=NU=|>7NZQ?bd0!IV!u0G2+8D9rIU&EIMx9yS%zZcfp*A?|3zHap{h4hF3bt z+cIYsX8o{|R5}No$RPLL^cgGbsZIW`#E4vER&ey#wa$dDDK;Wru#7L23f@?HOuF|I-W@&G~`Y}k6I(cs#b27#iA)i;?qPK_qH6hL(#R5mE4i(bSbg}I^SU@@3XTcY~*_=HH!BegH z%j@I9IN(Egt+&H6-&o6m**uiG8u#*z5No39>850d%#yVJzT-cxNbNjLi__7$*L)a8 zEhvRRJc<>7w-u0&op5bsnw%=_S^NO4Cr zqUue$xu{2$3s+b2n78!y6`z=nacZ0H2dxKCZE5bZYUVL0dFI*3dJ49jtI&9mTfAaM zGSVY2aA#xu4|~XT@9rnp4v{9_)7!7eJ&e$ zVNQ#8DZBEdO?X36}i3e%68NY%!{1(2V6+k58lvUlNvb5?4`e}({XMgLq@mV8Zq@~G3 zvgh<2zZ?@^Ln!+}ELKL1NidQzd|>jb6XM+Xn*nA2@m7W*c&{#!VOS|OM&n}K2TJ~Bb=RCjogv*9#N__C>^;5 zIU|yv$}K1UJ4bUYhshm1-v z=YXv|2_XFux2T_~c^$u*RlV3$c+>0CV}$fZ>w}XYKlqW@*7Y_h*wIp1MDACweVlPP z{q$L&q~i;;0VnvUzp8)pt8|0Q`$5IsH)(X)vZV;^P0zbqj#6`1NlV_@k7;%tT>tbQ zSsi`1jh+~XWo3p{yRF>;LV2QruDxXV^M_f``8bu^29yr|!nlARD^{+f&bp}Q+`4I~ z^qCO!!KLwbCFj|lyJYqaJ`uwJpG@6y^V}P)*yU)&bW4w2jAt_`5Q{h`}Is=Wd9<> z?&Wk|P9Sp9^Le%Ez02qAQ+2b5Bnpv|;wd$5`Zk;4)$Gwa-EQpqY6lHhx)Wc61)tCh znl!oy28Q4=+?RCTF!&&y{qooYa!ajEoV?Hwr|ZP{Q#+TNf6-%93yKil>SGxcYiNUp zQU+^IyWI4Ou*ZV6z51ZrHoTIrXGwj~d6_rJpQUi; z&prn(HWaCmcpSF4o*evItD6$v5ha-=VQehsWb`a+X4h&rCfxpqp^S-8XY~skw$eT8 zBmU=P#QXazu^PNo(%8WWE4|n!vGURi8Na}Svn#_i!AG8wHp{`#d^s&UzdFOPB2X-TPOf zxMx8e-);^9AGe5x%g&wt1bmXw2X6)_oS~hnu?-5@vYQ_}R(tY}%a1K-RGe`1(UCd=tbu-+MEE;+8 zkmkWwp8m(FDjG*+Bz@yRm9UF^Z_$I@uJ`X5>*0G)%gTgUunlJ*U9A8cUqQ~3_Vf|& zBf~XT!xac?qN@eGWD{yF6wLdiID}l`Ok>E@k4r8{!m*OYf_58Rzn~}FeWxu4pSV}h z%aS=R$S7jEi^C_N!^hnFjN)2xdTY?XeQ4A_j?r%aYV+u(IFa)vlM0vVU7De!rEP%C zk!4JB%g*p6$Me^JZ;whBWZM3?MkGRspAr`PTET*`Z&H&#DHG zU(4cc9=kRF%bO&V-==B5QEw#Nc*9ATc%ipcSZ{V*KM0brm)kzplc^$cE=PcGRTSR{ z-~~9HiOUCw%=MPY_B+hNrqeRUL%K7bE_7RLO-^35FVVkRekWiSN}YD9_Lo(b2dVJE z8vt9H|jy(1igS`Yvli5cHiK?Qh;!_N{$;JnT(AN*u64)Dn zt>y=sB+=&wop;GHWSL|fEwL}q`>4iU0$b6Yny9NjWtcJ$x7uL1>ALyRgH zmP@(R-jUz#1|;ITC#WhrkSxRu;F5&Zt`xIicaZnF8q~$6;Yr^kSPndu@r${7Pi0!y z=v^)Wwmsbm842pDgE$DI$2bp#Ub%=VhbU^BBD6vou7qtgy2+AM>%&UFxqgm0RYgM(8m&0P{B7?ft2GTFLj*G*OQT&_%M{D6>vOfl4A$9 zmwiG7Vm>p$<#I@^tM;@xqCR@+nS3O6j|)14*;V<(h?+idt8Pz3QkI|0?{`O`=B_)? zGpwD;SMT>fi=v(6ydt1J^7?ZT>-8?9I*m^tp}%f5FEILVVzs}~+w%<-u{OIfHfu2F z!#80W_19H|_K@u`S$iIopZHwy4J{_MLME>I#9(f08Yn4{`jq#hg;B&{)*?hy#6V=9pGesh+IT+`t;`WC{4(54hg zi&X}>?-1wnK{IYG#iY@)E`3QX%YZ+^bcnq7(V9~zC&}O@lmMcpWc3lDD@0{bfaeY` z@dVNO`xlfecb)0)8j;?Nl;u!`Wtm>Bt{GS>6})weHr$aoX*Jo59_eR z|9=Mk{HPw_a^;iDYQr&mS#dP}L`ZO$)+f7$FP1If8m1iO#Yn<_BrcPL7EyUC?2E=HYLgKxVWeo!ci_2 z%}-O!N++Qg%-kO<6VrRnl2GVN*?)l!aVo7FSs`1HSLGsW`$0;@6l^+{{9b&>&-;Be zx}NALyh?egAYB+#b}^PEoJmIrD=O2itd&fMGrqJ9HvEd6J(!wr_&Y>17JfAoX*!nq z!g)Q)xnQAG`G_9ID$o{kW&9Q@u!HtdBxLpo?ST~X>f9s}&%(lal$GyTvwI$`!Fbyj zeZ|8>qG3abxouGJ26eIIGQth?wy}R=iUTcWRP22A0-re=dL>;;-0%Xrm00h023BJC z=b9xqa*ZteB%3Y)KLr=-u%dgX%s$sE)1Y+fqh{aE$FG!KjYNw!(v%IW$LkXRKoZCb zm~IB%-@iw4j$5=4?*(8U4cOD^0C2|^WYt?sUiTRrF< z2jX;b)V!FGnETEe+Pxq``W)1c$cW))HApM86!&5+NtA@A-#mw9fv&rNvbK+@qu@w2 z-EVir4$owODXX2Gxb+sp^esCt;Mvcq`|j$iA`HF?gL?JR;3T|JkVBW>7esg@-4e~GzBGc)%@v^RY#^&2Hpa6CninCBk zU%(vVMWAhsx%gntdGM#0#9LA2!Fb$5bSmD~YSsVpl;G==+o@&qif#VZ z;1q1dA_X5J!`%>ns7AHmCEIDE0v6^4y#!T0p16-TTEqx!@5^`39bJ^EaNBT z6G}RTtE~d-ki7wCgI7oKBuT6b=aNdjtKd6@ht-OVa?cMwxi1tu1jq*kd++kHeYl)I z&h}nA%xjHB3q$y%E&PBeIF(M&puj%Z=F&Z_O`oxHt<5{f1 z3)9UxHFB6K5qQ1rL`mfd(oM3)aR6>Sb)g7rRqw0f(}F_7z|Jpaug6@T)TpN?2*qe? zcf-;4{|45CwgG>Qjap^NFnk5+Zc^HpTY~Z#$-Z3w?!W%7_~*5KcD2g~{5nek)}{vM z%W1YMEtA*Wcv@NaiUCgM|Ba`R6#(QA73wCF%vyF8GUIioB)n_@8HlIE)?I6MVYNz* z#S}!=%vqpen}@7NsH(FOY3B?s1MlzA`#<>;c-!WgSYBJasj*S2X@SuSj1T{jP&i9- z9`x}+Z7mR0UU^667&3ldGRmk7gCh@4^v^q{y$DyB(mF`LOsm*e-o0C}pEiYZady+X zx2g6KZw|iTWwuAh0IC4i2^|3>1>g0*9ih)t%ElSzt-!EyFf6v;GG4MTutUROwszCG zPg`+Xm{Hvn-a;ju?WHSxJ9ac0Kp-{y2L>oy-}**3oB*JulW3tMkvdr-4T#Klg6LEeot_0Ukf@fJ&i{82WVIdJ_mI)WwWO{V!dVK9`NL;<~g0N?Wfmsws9z-!^2QBTe z>wS`(2F%pZMkolD&bC!nQj^ls97ySf$Bvv&)ZLtR+{y&4IoF^=XB;m4nRn!^Yu{yl zI|5Olf6OhCjoDn1b%`xKBxDVarn4pI>ian<5or?gOTa|_`CziV+&)N`?e*9m`04@Q zf1meVl}uPnyiTGJ#eMkAqa1^Wx`Bq$9)dCeaSrl;C88rG2b~{=V)?||e1|#CA7m%kgG|IAGUu=I=}} z_~+!-FMn3P4;tf}!EdArJ?mze(M~XxdUEA`*mhK}$zE#@oxL4f@dNwE>b1fOQS~X< z7mb^~yI5RWoZ^YulS%;U`V_LHxElp8=Vf~8wgggxbX@Anei!SdG0)?A?UC*vs>R9F z$XSUtcoLr6vlPGS-#S4*GID3N0-xz+ge5Va3uisZ&3#&0z6K;xW2e zusM;3!Uy*BEgzL##0B=sUi|?SA^XLX$7=&|A=F2oLiP?vn=RWtbwjjH9 zyd-{-7r1kO?gt15cMA~u1>~+DZ#H^6ssT#=cQ+K8ipjX5J{%cEPv6U%RS`? zQMr6OBc2A}d{(uI<%IgP1MfR;P#VhSwA6m2gr)>3^qSlnZlZjRQ(QSV0N7T-K*5G1 zv@G~53~wtydt=X@VNO|GuAf9~^-dzVpD8B820{T{>i(+~xZ)gO#3}gs$}}}jIRJ2o z&PlcDy04h73DNQ8r<~@O)heH^eH)1lm##lqr<|hp5(1UZhIW?sNp>TBA2sq;dVpwt zCPf_BEoVqNGCNjEZA}!r*;&e4WG2Lz7>XlH*X;((3VK~p+YPdIkUnw{64g?*Jwpj* z#AQa}X+fY}p9FOXUv7*{8RI;4_z~C_XZyqe$IRNLyyO|$V_yYD+sFl?M*t~`%hV>g z5xl|4&MEI%2@)#z-v}o>FD17w&%Z?}v^pxmqI)DSy?~9AYROd$D-;~wCn&2;HZIj< znG-XTzb$=e_EMeU%~7db)KF%EC@)EI2QclT*vp5V2K=A62zgB#Hm2ZSc$fF4k)%zE zuGhg@9Y|E%^#uRQw-jQhN@`;<`p<#n#<}Y2#eLoa1<9tX;uIY`p_X-@>$4)?T-Tp8 zc>x>cqwhK0m3#IjU%R_9O2bf_&$7=lGSy2jCtdB&zq2Gq64O#YM1oZB+9$>kf2nu) ziVb#0yB&X3lnmZ+;%ZIMr~RC5AbDtH8`p1yr^ULc+u2n4bqCQ&PeHe0Z}HB~uPE_~ z^8+`hE+1fuQ+PGpQ>OVYTD5%+Ni+S;BPf%(``!2+1o_oN-{jZ6n-(Z_{iF%Ax-d%01y?DRWSzHE3E)feOMkD;^4UTx)v;(}% zamKC7Rl2GU8ac5y1nD30UbgOi>FJ*3(R#KRUk@Ufpr82KM*S(sm&IuHi(-LJRWDAFd>NC}$Vrnh`+^h7aKikVg5u_k^%Acv*xYTu zH(a}`+#2cgBN-iZf-J?}r{pj_C@@gIQUBG=S-|sL))Q^AWeQgI1Ip2|b%K1&$W|G& zLE?Xh>>GZS{y2{Ku-dSK}5A;q%pp&q3iit@I3 zXGaTY@p5H!dQ8~0G+-m0kw7c*xH+cW8cspRn+Sney5kNG)TIW{ZqHz2afp$E^RG*^xAU-ArzZI&^1+8U#0K*54%DWkT^!1C7I}lZg-MW7-v)XftTZg zA&sK$-JBWA#xK)sYz7~Vukg4lN&4#T2_zbwTxx{#n&3l3i+jSiSy-@ZdF`ljQxEE;)@oAJE$e|rats7zy(Bl*KrfLcry%2 zRj6VFUVv0zrS;~Bh)z~lVm7Ir7JJCD z@5!&r6??xAbF)9=96|4oat+h*(l51Bs%XLBLf<>Jq=@1bVyw~-08^x}NkFZ{FoZxH zgSg}5dS7y^e-WmgqbCxdf4#RLe@NyN6bqpFbP5o{{24yACH}(8`2JeL1lFz=9jo|% zfjnQH(lV1VNZ^+CQ;fVT+y}rz{@QPtP=)(#egSfCZtFXqKD00{=?{mSgRyum`~$8M z%(Vzt!EiFQ`bYXwxb?Sx^?7vZbTm<{-%QHCExVgObb2{hhTG(Hwzts92Td8rxv0|9 z(Q&6g4^Ly6h~8*#Qrgbzt7#(Tn6j4x{56$Yrvx}?fQm*V!xGRx1A9>BQq3X0gw%@s z<(d)3d(Axho_lA?z5Pc!zz@i4Nut#{qeAjBDuSHy;(>2vuiu(G|0~wwVNpAUIhqg{ zMqcMc)Ed1N=U;VtZHlAsV3i2!#v;APa!jCZL< zz0r@eK}Qm7RKX?hJXUgY0gYK;xNmXkASFY2a)zeHGMiA#Z3f{o%IRlUzEXAlS>UNf z-QGeJGe(WpJmwN)QI z@j^te$waERJ!7Ydefv-4>H?Ms4ArplUOK{D@;FP)22s5ai5BerZ_5EO?jg5eg+@~N zK%QB-l=V)w+eolWRF!yGec=lDE|_vYpokf+IEP&ttsME=m-f_t5%jb7j? z3)#jx$yCQ&gKIr~jbeQsB#KY7WXE{71p9ovy&`l&)zxG;!V~sKX)q5kH5hv`=}}Mj zAcDjD5vB5+&|q`cx@W0NVu=Vwlc3M%%Z*5c$vVr! zCf!dq#nlt^#!Lb(`x z4p0c)y(TIMdG^&uvohT&UGas;y)edMeDM5+r+m_YkP20n-f-5}#8&KOO{|a^mBwAe zQ4L9t)AA;q^1_9MDV3D*&@0zap4nmo99@T8`xoqtzTp^}lg3jKpc-cm^n47O6#vm? zPW8($U4QrVbZw{DPnSK>=T8kAo?hcbga4<)&ABVVW7(wp*dVdfg^;@^s_ITrDADaO zU#tD$cEUukiBr_ty%;V*;f0*kVj2#i6NDv6{3Bs=e4?aqR^WCEuo9MFpo;&E^GS1) zWkW6IqE747Rn}-IndGCIVn8sWdR>UXK92KP7_La-l0lfr-!)|u+V&gpogQCZE_8~s zJZb~7`~f-^RL2I1e^Z0|-(48x3{w3BeG($0E)DUUDa;~Al_}~Na}y`Cp&f4@KED4r zP3(_93&EB}0vg=B1{rTU#LlW2@-FXt=jXhTXQEYkh+z*DpK@oPVo@9JM_K8$I(aF5 z5!2OkI`L-0`srRb@hZhbZOT^5J}Kb=ki<2 zND$Ctv`EnN8QB<)2)>s0eHGzPsnmdKT5W-t5;q5(ftPg4%PmWpbTjIwJNmYte5K=nwE4+ZxbRHpO|Vac`yE+UH(`M{DX|_PxKr_Dx70otEm8 zabVm5Onr%QUJ~TQzl9^|0KS|Z;%7@O54%gsWOSO%+W|UIevdh^m^iz7ih8#Z+##Q! zg|h-G44gC#Ogkc*hY%wQ(l_QyB>52h2*(PGT3y0=M=-AdMjvm%g0PIsnK}w6g*11~f9}~SCDWL% zJs*11pYS4b%>JmQi7ipiTJ>1~h^Z^gG%$BdCaE+1STsPktofb-OyTNO`XBy9hcp8a zi?s(sf_x6|&l(m!?6CXUB<1^;)D^iyV$CUoHNFSGPIcOE#|ESrq<$@$>TFPxWaNx9 z3q+a!Ypqf$vnyvdeCR=*A#U36k~2ZEpJ#ZQ&5cePyum3_Xljca$-3WE}mlH_jA z7Ow24v2-OPy!;^7mTtLs4@CtaH&DL z_fbB(BCaM|6IE?*_;ayo+@r6wRJg)#|E3I5nsljT)j$rXc@xba4@xnriLIwd-f$_w z6A&)!a~rwn@|RmepT|}?2?tm6UoPLhDy}B=dc)_fo%eLVC2Q-9QD8!}KRsS&>}Po} z&SYllIT-bbgt!b(`fwJLW$0_CUytTeevLZ20fErL()%zM;z0KsMi4&i&LomQ6QicAO*MuO`i_3?!_04|FHl269ZQT_oKt2}-~%3}l~ z-vLoQ*kD_EL#DViCOd0n^1ZfUPv_rj`*Za8T*L10-xJ#=rXaAMGGBaX<=Hvf7GE>q z)mms)OT2lL%xcq3Rik!@I~*v?H|dn^E-C>)$qE%^+JH$MKKVIdXR*$m(92blqUrq8 zEeIs5gV>cKI(Q2RD!%vUZjqkKvGIbMIx@%Oty0junsd3GUx3=+Fs4jNxPZC@%Eyr^ zc}CE=G{Mj9ZFxRi<^3|%qLgc5&&NSpmXm zz|Z&RYCz;{M4;#&kf7KB&ojymu?}al0W%&U=23$g$XR!(#scFVd+cdXE}l^WS($ai zm%NjoQUvyr!1wzF_)|_d=MatQLk@Z$5AXUVKAn)Wu>tX(l6+~7C} zFq}|X@dlH*kjrgF?sC8cW|GT)KVz-tUI-_a(-xZ@VpH{#cH>#?YI^*sQcG1DF zL@%C)-WLOR?-^Hm0b!yZkqw$Lkvoc+ehiF$bUlOsK-V}Waq^(L<30-}* zUedN*-XG2JhmZA@#-m35%4RnY=T`$Qr40gHGl%2Vr8nY}r2ZTu#Prf;X!YwAV1X(4 zNd+*i4Hatq`od1R#cp>4%9}I+)%a%$>c-o`*-NDH0IxgaXDqjuUbES#mMo?_H) zXRh1$q@yD@H=s-@^~>>|4O2#EO!;v?j#oKXWV}u1Xa8VnTus5}9dmt0>nL_yHpLhs zLSI^%B>Yse+x`dbK;j#{h62kWaeukH#~VAyuo&{C-(8p{mo*%wf$HVaAn+e-8^wcM zWe_S1#*jIB&`9_1>|we}U|*uo!LnkV z1KEPH(GO+#5Suoicl=l2NeCY{iP6^GrYe(TpnMv7?ehxo4!aY)z&RL@QR@T*?!o>s z&22}QUHGHi^*Th}j2*aZ(A^%qvO64Xd5UWbp;O4h7($~aL5e6w3y+eE#T@PfuIkYm z@s8AKpdn^VME+SUuT7RRqXoUl#ScttIy=)h)E$*C2_N_W)~Wv5Js`GZ@354rn_JoT zMXs99H?!inAH$mWMOfUVcIJ2Ch4WI{twV5f@B)NlNXCaS;=3&kj|)>%K{Q&2uVo(7 z9LSUr-wYad5!E;AC*ve`aqCcPly-no5N7o{AU+O#brtxj7O-vKm+%hoMy=2#xN)xP zPBVsbXd0gX>A<~KUR#>k#JLmSoaY|LA;E+0OCSG8wwxx*5}(a=>QJ|CgU;k}x6dJb zT3W9Y`(R&aJ$Zm4I6JycW$6c)S>Hj)6Aikrq9pY82I}k5=$=K?=>Dy}up`g!#n{py z2fhbHC40$6DfzyZiqmUM32UtX=o8^*XIrk#j&>t*x2-%t-DP6Y=r2W2ZUMGSB<~hQ zyY$F2&JHxi#BjK(2vZYqMkHxKxoz7Sc3`p79Bq}srjrRGer0KnUO6f z7d_efLqS&Of;=xNNSUR(gr58uXE8{8DQ^J)O){G0c@C_kB}&RPiIm>?d7q2sb6_*x zmQ!IG6j-4`6%WqM1Fo&U;%R}nVp3(}qy+`K95eu}v?zYZk`Cg)4L1}4Jiq1@duSRW0MNJ(-8c@q9s`S_Yq3P!GAjy@@ z2nXn^Aqt11!fOq8D-AE3fT88LeZ7wx2VtObWQOn-^C8DwfX9m%as`7#6(nClNDx7> z1v2*M1TtCXW}V=TTdiKHB#f^W)R|<>^63*vx^rS=%W`r0>M6VA`MBxhzC-NU!~Jv} z-@mByYa@jX=>$~d_R&6*0HgrmuDWC79 zckdH#Xb{mN3(-OB5v_73=iJmE@{vK&S{($WHD~8H;L5#n{?gl6@+#|jGDMKs$|=B| zI=S!H7+PItXZ}3V86u?Dyt#fDHCvC|3vZkhpxO$I)u*ZiF{pF_# zg64#^t!`{D$8|_h{o|&z@9U52`{tL+)5L*k=u;Ls9@s_cIlNl|>Lic>3?8%iT5lh2 zk?PgXX^lQf7r2i7Smp2i#xS%CeJiO4XZt|q=bu^q6+-gURvE4PfU4{ysc6Bw z#%5h5Q!(B7f*R<6{*|m(sQA+*Evej`eN(q6G39y|w$L@pOKu ziLeN(b8iHA@m|dNOszzD`NV39xBCl4_iJ!heF()~C!j!2@V@eg%XmO(d;uLbY1cvp zlxI7Y^yWyPsa*vmwg~&?q{Ps_Kz@Ex^Jl_fDY?k*fd!{)E3THj)u)lg=d+kCGtOx< zlB(RSpr7J%E5N}luwW8N)f5^C5`SYFAN{lrKED(|nl`;S*`{$U=gwo72@OoiBi4`I zR|oPH7MN$8>W##tWZy-Z`y8PE3mx{eqVSX$}o-{xy_2{$SSfu|7X#>(&MI2%2t z;|!OF7pI1UT7^Ndf+p*;E__iyL4daeu6pLmr{TbeQ)egX3Z4a@dKQ0R;S=)hr#`&c zPV9-*76BJ4HO*cJ>rTH26!I28W9p6{AHl)Kr`BADR`_Tmb38v;)f#<&<%>pn=MC{r zdVOrKD0P}O=4f}*eO8K0@A4#f3lW*K`G^9kW3GzI2acl1nl;Xx(zVi?b=f(-i_Lan zt&MwD_aZU?6{+t(FpFTZaIW%r{-(o&c;EyI4)@-C1wN;&PEi3@+9f^*`#s~{9n>c9PkC<*1ld&20rnCF!L3{$|0~5ZkSC;D-=+SgFk~8h$Z=zKy7DGU+4mvX2r?VL;F1!zk6O6padSn-=qGWt9~^+qUg!n>!F~Z5kUWQ0?z* z`wOZr4-;E$+WzJ@+H%ELIMhbbr4xgC%ZDPm-{enY5pSJ@+EpT4KVYx= zzCh9GTNMWW_5^?IO0lXKLtblJbZf4Emb9^8_1jf4224ZaH5Da9U0cNsjJG@x)OMH5iHU)9FAEnOdP*l_bggBiM}wSMTI@1v-kn%KH;6MZ?kH%YehugH0C@O>EsJMq?!-G$JkB$Uyj~iar4_-q3bCMkOkNQzX6Yr4a_#_ z6hlD8E_}<5s>coEbX`%1D)>?3WK;9ibm9jWx5T+iPD<0_Gah)uIO8|DexuyBT<8{zhibf>sN|SD<@l1>Jz*Z2sZk8y4|h$m*NPMsL?8 zakflIKCW8Jk#rWDH4^U>Ff87dq*-vq8U-ZA{keCn3siUk=IQ9?osL50iX>t6zvMD= z3J^^yE^WEHE89VS9mSU38Fw*fZK!Riabx2IODAZH}k`1Agw)Ju#dDkeWl=IocQ{I){8w!ejL(U^Mw*ImP8Lbr<$D z{Q~U}g30inK~1k7Q)Ya+ZvRv{``Jd-t+3H>bHh6lz@tE$W6{J}s6|VT2DVnwraq6E zD{DCG95#g37=Oh=?-l^dp8;n=N_4b%Y7>3M{vPY)yHGI(%Dqrs+4JJc+Acf_Y#-}g z+U4Jg=)nyk!XFKhYmj}$Ry zVMECma4iI?>fkByw>!%%WVt+#Ynq#xtfrI>anb-H{xcf+_yVjA20`a3 zT0yD=3#!<+HES7aFh4Qcb8SRbb&It(h1au9w0|yR;R7)Xx{GA(1PdehA9s=id~BDGu?I6xnG`{6MR>lCjSe6OA^UAaYo|wwngMg@(E^jS7ri`WUu9 zoN$gO;}ip0f7W)lgTG34mo0{cD9MSZ6!bO9Mrtd=tF^Wcx)Sv2NaUd`cv=kxaTK|Z z)0Fu1sW)H-d0K0q$-6XH!mZ>Vp>^aa4-~44*HkrF$R_WI#Dooewl%0FgppVt4ki}6}L)8(m$yzWQtr@VUP-5kJ zU-!%Vcb@ofROQ=6^se&v-XHj`?@QA!J6`L}t~6yvXV)QZGyJ9LHIo;DVLk^0b2yG} zEc_V&g{kN#i8BjNMS<%JJ1Dw>TLFO=8r=d0J7XZf%#A*P0oNkbjotR2c%K2dsi${U zzA&}+Nd=vFf=qe;kzUNbCze`!TXodYKv%(D+rv~wdZ?fDxoEfMXcYAr=Rf=sv|8FA zSCR+TP0j_D_}5rC1i03}JlE6h;cpzH#k;%`_(bTd1lB|^(UlyG94q^09s6>9{7A4@ z2@ZKG1FukEeN2(TRy-3^{wQSMr9B`0A^ImTNzs2*5jKScDKlqF;JzzI{P8fIx^%yN zzREm)6!wp_yw6G9%Sgs}}V3CT=-F+spMm|K|f)*}b0fK+Toey!EL4r?VC8-CPh-fGCf9X44 z7ouqnCN+Eg!L+b@bp^{pP#cM}lc&B`P)R9GC&rQq@^5!LzkElj2i_%Hd$MBqTCv@D zHl^2>w0BuMw5MWSny$SX^VXN?*md;;)emvzV&urLEhFd^ud;TFFOjv%M=kZhdkC(M zty|I818jk|QkUPq`3EJ^I}$s{Y_aIt&VdtfNnK1p#qn)IzG@u_5y6J`DW>DOJ_c@v z;LeoPt;NRXrXnjN?_1Zfb~8QQ>kQ0`rDVCEOGf<{^PLe6!2dPCO&L(xhw|B*THTQO zO&OZ_C)q?}qPmlx=IVW2#vQK#O0@<|YCKNx)P0SVl6XnVjrRCh`05yDV;Le^CmnZ1 zeTh0txM#kmjkOlIF%)0^==x+c7HZ&pc4S7;3VzBn1a2W5tAY_$qM7(1e|A_nd=3XO z@WstrI#TiyWq~&M5$%{(>3{oN?@3lGW*U@385&#dp~ZR)hVzxK2LPu1C?QG^w97;< zSr{_vE=~CKjene_xVLHnos86yJ)ui`NzfwyPun^;&y$5V(RSmmEcHHOMYga)1O?7F!V9o*FeBP z<{F+@y0v=!{hoA#g@wBW`>kI^3eC;Jvu>Z9@d>BP6wvV?Aod-eOiN^-RnJu(746-zM1wC zc0IA6$O6dhnf-*cV&#WgLY{OD8Vb@s@TkvC`E(oq{_L<@m+i9r4C~HNd1CZ~i>$Q+ zu{?LO2@^9%ASYT}bW={7O@zV!w{?{BW<{~+w7*5e;)tp;yLO|_%`U^sf$v^A?F>uH zNba1Y-0t0)e-V+Xr(izfDyD%j3#q7Vj;5)Wzb;}XLMeBEmc9a!v9o7cs{jk9k6v!X z*;`7@(m>5WsrB5ch&4mA(_<}_d1#sc>y=$AN>0m@2{fVYuh+!YHWH@th)Pozxv`i& zVdR@Q!*i|*O}9U#4&B}&wsvveA4OaOL)v(>-(<=gjf5ioZWQiq| z?nYwij{ofQd*5$-Sa$EZXXeUtol_OBtrFAQm2US=@Vj4CT+=&}Tc)T%5I3e57f@o1 z^-bNlRwa1|x*p%@GD#_}4_IfjH^<__BKJ`PG5;tjsp}J5gp}?)x_MVfXqF(5`->S-tV#%*RlkUrUX(0yxhE;YhD3sGS^r#kwSh*9 zAqig-9$zS+=?y9-?wnN`(_;GUNV}Kbbs@olRw%3nB4mgoj|}~p?A_B6x$-1`aRA*w zm`p&j!8nmebwr|T07s(cE|ms6zd#kSa$j=(d)#gqP^F^{MfW!x3yI=Mujp9u$p9j%Cv87Dakt=Jp;C1OmLL( znHy>eglN{E?rp9g7J^KtFsWee*0nCFSkQ!lpnKB`f z1%W+*BQ;P0Amg)ACP)o94vZ2-fLXV@<7n6Wgow@~D`u*82&OFBP9@jtLHU69D0Brd= z*b1zy9$}c1siW6lklO6{husrO3&Y>0*f&%s#ba0^PpGLz#AV288}vtB5RHAXTQMb_ zzyw3lN>OqG_X`z|!E$inV(;Ics|qdm^Gtlf1+tpl`oRtQ-3O7pl;wJB{ShYYdlu`M zBvuK&t7uGvWg`T{>lk%D^|zgXofi=8gYD=u4FQ7CbR-^sVo7;kjsPWy9T0G1Mn@%a z&Jhx|=rY}NG|s-2i>JQpl53 zoxFhGgt&>>9;UT*93L@=NYXmHr#6GgH}R z)p7V~I?`ZEVmMzj_w?Qd#YYbjK>AqQvxQt4$<_vabnX@uV8%R^`2wx}>ijt7tN__e zn)J;Ymg@?oQ5!ILT>Yx^3e*>v*vjkP68I80)M=@+3f42QvRA*mKHFsiV#=wAlEibP zn2suz+kq<{LQ$I0M4%UOp&gS83jUUup1et4*uniLkhY1r#uaEk^g zxDJ;yuYw=9E|O069AZjxnXRLFbI5>=R9Yb_7@cd2&eZ=fGtjuY-V!LB(H6hdf2kCu-09K_ zeslX5t)H*hH+WSfPkJilvc*u-bjVK6MUH(vgBgYS^f)31jFHpA}avKoZK^(a6A!(>0$3*x5Opfqy3W}4?&ktE>#bw9byUMC^ zaW1@8kfbyd*P6b6VGhUXofhC62}m1$ZKW`G7!P4-(8j+3w!v*=&m!R}+x=uiN@s1b zbo~kS({%8CiU5w-hf2$N246Bkj33herXA<@5>#p_;Mo>hAt(QhI=GfjZWGP=t5OzE zgdS5tSVe4M3%Em8L7s|d3mXI(Z)I4BGDXqa52Y=Wy5)>W15364efSWv{AYCgn|!>m zgGgAnoPW-rcT%vr$GtCI02$P_M2>x~Nk74h;}S zo5NeK?hwN0X6{5b^U8AzYjtS}a>`7hW zHqI94&Uw?(n#E|ojF~;lt726KPNbdEIR7ISL++n%zK69OP+J|JgkyKx^wzQ3{rzvc zq;#bX56;%j18+2WA#Cdz#rWVzbA-VZ8mOy3(mJXDr&j&f*5ThQh{$Qw&n;|F`p{!* ze?MpK74J$r^OKZr58B7ykU%Z|(C6^JJ5yELQ2@u>=lMb>K?YAIwZ_rwv{D)r3mQ;r z;ROjIZTt7mQ&`}=Cg@dW(O~!(l6xxpe&)AyA-Mxm6l!Pdv@UkOptcI$u4cCwRmVG_ z9^aV5XNPmx90wL#OSe+KTSz538fOnP{<-Blr;B3WgZQ6(!(@J=1sE2Qv9OqRuYN|M zv0Yy)9ud8I{R@lLRJIB!g!Z)z>MI|vg0QeZDkBemu=$g{y(FgRVS83WBA!wmZ5Jas zAGajkX0tQMm<*hi@4gHOr4@(x`kgKmwZ$IuU>KaF8=jG6&@xf==c)PjXdCiQNVxe{Oov7qh)x@c9Ny!ge?CRAbJlMw*FEkqzJ&MPc) zH@pKP>Sa)n!*d;8DWQFWU|Lw}k{`y{{rj}SqGpYQicCksaL2M!ABlk+EN!YFle+Kc z+%;w1{pDA!kIIH2Qrp2Uzd*y7XEcp(<$bv%&MkcDU^>-&AZ#PK6l*UaoZgF$4Ze| z0Y-QYhO+DK9T(+>z436FD_>_|QsG|gAfJolC$HwVdp|y zXPOsNvh(K!X`1LebSLwkv=;YTNzH9{@bE|ZkYEBd9)0qa2tsvowZ-#>MqF-ol{`r! z$*Tc1!QyCdzg5@1o|48!9Y*DJ(}^wJUCcrp^ipuWOz=dvX+;1L`UV}%Rg~X(ZC*;H z|GwRExs$&VSeE$Jj#?mV$7L_qx=_be>@8?CrUD8KV@E*b+YHvd0YD+3f$#H%8kAJM z*AwJ%44-~Ps8$287FRPUt*ry7SMBQv3He#8DhqjrCwbu8|n>_t% zJO;87R`$Kd#e6$=KQUl^hO6S zGyf~(@rIl2tI}-Yrodh{V>7YR4S}?p;0-X*+@`{|Ch~ds@@UO+SYRrdqjCN%nAzY0 z`cty&*d~`DhVEmpj{&lLju_c<4aa(PDy?M3#Y@+F$uAkU<*6Q#*3;DtDVawgoGRL{ zKk(W3AGqZufxvtm$AmN=PvTU)8Q{Ipzik~}i?-h^z-N6YREx|$*^S7C2gsn99`I77shk z?J~wj;QdzMkU6FrU5o-H^%B0&&^u3+3zYaP3EzUAiPW7tecAm=aW6TEuEKc94~y!K z1X+9~OS&6J^P|566dG=L(RgQfU7gh3j+!gjm}w8&AlnEE=iAIezr}wuN)nqXLj90#FO22L z{*$JSX1}F@B&I>%#gkkl2O;omZo3Xh@@}6hq$T*vB>p~2sV+TY$7V7!#X?QRNtR>S zRzEqBrX|2+N8;9pJ!^K9@H`##_^fg5*I_i3T(~5mKWSuOIo{Ahme$<~RzXY$rNEpX zWgQ4!2_8``*4fw{7MxQ?=t$VB+a6!9IMWScQ(20S6g`hLmpMKx9EvWyY8SVH4MgNO z$7dH;R#qN4I`SX4c(<2NZ1v=s075cBEyp9W^y!)gCW`bAtjg{MrVR=uSTtmNwB6!& z0d$&16Td261S6gim@G`e{aBBbFFPN`i(O4rsuu(m9Iq~XTw!Yps#hNpj|MH&7{%w! zrFp=D7?XtnaRRvp`5OcdX0Bn$Q=JW$!%&FglQ8$6%PzNZNpR~ocYgW2rg^yR-vFrW zR3I&&`JcQ5P)W1*F9Gs8x}f6rt*SYxTmi!n+V6blw2G>FAP?*a-Ugzd?V> zV#gCefcm^apRU#qUwHYE_s!grqvoZmk=L-XI@9j8Bou?hkFOK#3^vwKSC z;T4#0ZQnEO$cYG92Sa2Bt5@V%5+u&ij%wozGmH|~IG#IWpE-$M+CP6o9QbET;KUva zVTch&sq@Vvl+O--MU@2BhXqqMW)oxnDI9OvB`T-V!`SZcq!aJ(mBIBek*DbUK6!;W zTC|0b$0!ryn0fkLUl(rnYU4S=a&TEua5=KAhtkc&%2hJ?6~MqROEVasx9U#>9gows&d#zwpp$G?+kh#&GePi+ynmx znRfcV{~3Azn>|IU7^AZ;sI=4_rsPD0`WGJG&6RqkprMP zz5qwa>!ta^+jJOJvzaGK)GCJ*W;!>WWuIb)fPD4{G|&tl0Ye*ZIrQNq*5o#5kmaaTY$f7Q(3(16M}-L z;{wENsi)_xg+ErG^iQPh+_n2{PC4qb_6%;7caxyzHoQ9FgBFiiQsR3S5>Ts>4xcaj zI%Qd1#5(!O1^`M3D1smhxXpm~6Z@T@KW49q887;edFS6h@-KO5V(&W7$dKrKnHX&0 zZ;o4p=rj142Hp|z=VoNA$2y%Gy*|zQE2_e6D=W61St9#gG`R zu2`vNpl>GBc5+Yrwd3kH`be5WR|#}R$W+$}KJ|DKX1YbYHC&dr+1WY2Xq?vIbMO!(T>qzF zt5?c(0lF;tNA425A6>#PwxV^$w#=cQQ!pmvC>Xrg2k7~ZOy6d}6POYqcZc*I#lJa< zkzSXaY>*{~&XljFPO;1IIL-^}1zc@7oIkQ2otT*5#fQyVnQqX|jyMv7o) zs~oM+^~|Bimq@UXvovjaD4@q^=Toqb{3_QHe1*f9y_n{{2rCN42tc|eQ&NXq|E)}Y zswylq^00E{3VLF*j(-EHnn#8*_;4xhf4L1Xq)q#jA|myT6`P94N;2#wy!NMfwxzrTfMGdNd9YDh4`F*J>eHN zr!{+aIbmzmR)Zcr6BYPeEpj)fENLFbCSQ~E7cQcxP3z&6=j$M7?+ht4V}8$#RC#)C zLD5uJ^EMHK2F6Q+UMzN?dK`hmy~+%AmkmoKasT*Huv?rG{~KrrXaNce>#J^(cG|#) znyGbI~Tk>v(A0Y^KVy(r6DIC?ZBt^XuYlxq`-V)dubS3*eXq=+dT8glRxN5sKGPO<6=*PFlFF@d^V6HA2F0r|cP2 zpJU*djmi5kgC152n2ocNAg&asPh$EPpt@RQ<#O$tP&R}a8|~PsorLi)n;E{R`rLvw z^y7_<*MfMOs6bhan7ea9+p}dQnOwU_H9h9M|B|XjQ|_^CDLZbKHYXjQr36unxD&6Qx$KIpjcC`PI+0EkSk13{`p0DK-PUJefid-9%tp6SUOD$6kN+Ql_a zbxthacA4+hC|uS>r6@x}bk<`^FB!BrSu&Zul%Il2`^gdQidDm$X+jBVQ2BY53Zr3OA{Gp|{9 zRnqJ&uJ7>^V|IGosMznxSin8W^#dm?4G7rqQv`2XpgifzAMgBQue?f2eb@t6N?r+Y z-j86Ov=armGKaCl@k3yQ(a8v&)9KPeC_oa8lKf`363Xu|H=7wlp100c!sKmry?IiARI*Ii~bV!yB@PylsIT%j@^9J+H+2-_v2w=y ziRZc`Yl!Y1qMsx81%u3TE{pv|%Q`v1gBs$U2ry%~rEiQjWfv!^@HVi$ssh%A z=wZX!#@r$U{gQua`m@oY;>1t<2#`d_{q`ZI7Ym*UJ?^h&rz~B;7lcy*=ZDAXI!zRD znR&x(@qp$)7PRJse(H?2OPfX!Xs#m%Kfwx%5{+PxE5kI$*48?#!;jaF85d?h{hjUq zF^yNI6D@ud0^URwYII$VuH7QlNKc}>2g6kl(e7`0E%xF!iCOnq>mE0!*blOgb=cF9 zFF^P)9-}0=5X>hGf>q1g%OhMQDb%~y(Z{WTG;P)uU@)^>U(eMRT>#Mcdzg*q>h;V7 zaAjsVQ!v&mT$CiTjMMuyCZ>!(Y3ui&6!0Vz^L}PeX-~CFys0r(5IU6e&_`ZI0#)SD zdGD9QwTL zKPBq`=$8oWepm6l1hAL99{>KJ#~{y#0%( zlT+f)hlXtByd)COwyQY$N?#P)^Z>y+e@ZkI$Z<+#GC(HwhF!C-Utr$?AYD!wNXJkn z&9K--n-U|Rz;!yVwPbfzm;FG8a>i}7UXcb9RStQ(W2TU3akS!ifm-o`#&1;%kw4g9 zvBsL`{=<2LL(SzZ8$0o|goDd>W^kx!LC1?RWlA-v3Bg+t%T*;e0g`D+1i0Ixmq^E6 zxxi5nT_o1rS~zBV@7YB!SHKuF6kb);ctU|!!6OYwWo&r?hhe^daOY?U-h52z6W|w} zkv}soDmm;Cf5n-Bq^Qf;jh8}gFwAgKp0+CQ_*;g3`0q*>f4}~~;lZYBU5+&ou(*)3 zUa7;B!J%L^qUyRPmAF^O2E$M*O(!9kpNY5zP{~w~{brfML)!Crd=Mi|#2tDrm=O1- zRe+wwD7;uazva1x9~o-cjnE-1`trcPK8Ed9?^+iXw)40hh)o`f4 zS6w62PUF$F#yEiuH0<%yq1~v`G13%8N%dpoTqBSwTD^P!#2H6XHEkYq{mPf@q}57a zFq8t+Kp@$mtn9j9KQ&utFP_s5M)$IKJ~tWTO@YlF?IPZ^_nj|7#b&=ZLO62dM=M=8 z%3kcYG;-6O>EAA>vc2*6De+50W9nP}XBdq0D_LhX8@mpE1}sb@tyc!Bu+}kU6gI6~ z)6aEeTI(U%W-QSn75D?FLfX>ZfoHM!I)Nstp$Mi-;8@7{FO;B$kG*kD zE6@dCF&3gIKmuZF(UmH~ERjeK3F_*B(07xfO_j=ymD;|;qg3{W*|ICP+Kp@uw!cm4!T9aD8&Szzp;=NT&Jp1AM^gW zdST04V>w{k-bvThP3*)rFX8)I5;XXh&#ZJTs&Zler~5#`=8`l;=+R0F$P8AD%lW9gv& zpkH4rD%72wtv(}T^#Yc~34%i;sPs<=GByVB**%bhpXO#A&J-AIN5Zhnyku@?(=D(; zL#D&nw$_smb<~bvw1D7s&uXFXeHq)_`ElD-{JY-vwjkjwpJA;pHi>UUxMv%W|M$)p z8bc{S(Blg7-prDxw&|Svkj_}?AUl8-t&e;<8N(Yp)!!rRn~o@}K1cdxOPl!u5n^L$ z31*1)kaKK`I^fjtu@%RTu@#T<)P$>#|Ljz%MqJ4VE^_o@yw{Bp)d5d5H~x+PO2ByFg7C6Okr@U0tYx-_r}%nqD-*vgI|Y&&V||m zXb1NRIUiC?HQv{egfjI9!x9d_w+4FH!dY- zJNC2(spkjuQV$-9Gki596AV6W=RVhzg@0&C(+Q@PiaOD}I^81yaqIXqEFt@*_eV*2 zw-%iTE>u)AoeQja$D-UqP(e0{&UEyU3&MS)02DmpcK^Fw6Q_OnQjlAn2Q7D^bl{Za z&pIkeb+y7|CiiK9njF|Go>?dV)`|;K9b$her(&wn7cugn0FJA27~&LoGiPP!dc9Ex zvMu&%W+z(m=v-1zHt9kQ31_1?HHlH-3=7)pN^X1VyLUD3jo45OK*F~Q8Ie2a4=X($ z%~`)8q0f+DTPu-Ls~P{1Y4rt1*)jRBmW_;=q|CExTi|mT8! zhL`5Rza=a(%@X4}VUDTs`9{$wZ< zJ6r3o+q=A_6nPzA1_*jea#1mq7K+*6jPX6qBJm*ny&c`||DhiAFEe0aF=f5hM1j{= zHBqlN(Qj*>zR<@FvRB?@GgkJj>1)u+Ht>)sEKf-@6d6Ky^pq3CK*+HnwsaN8aoz?N zHki(1j=rwvvzEMpirzh!T^s2Dhy#uR>A~Za3bXYrKI;aK2BkT`OZvmDC|(c`RgRR^ z_)D7b=>5{m#X-B%m7RAHxSZLkh5+k;+X7puv$;OqIj(=W(hoiGy4}2yrmgx_04XSx zx5h`6dq(iWaN36S%XUAr1M`a%-qoWB>1_~qM?X5%LbJ22vkMfYODfR(kfR`ZI7aX9 zmZ+SSx_-)+c=~~Kg7KKYr5IxTB9jQE!x+Fs?2&YYI0Yy&gl~N|hcaB}92y4zOS6+E z<9yXR`cv542|i9(V{9YIz9*PbhprDKmHW5lSi>?n04G@xDXi*9e9xz)0U+jgl7F1cX(#MdG>?5DpNRw(|Ws+Eu zr*fR3nRx2XxHGyHy3)0dB~waDa9=FcHjw;jyz|!zmYla2>7qc{pbO}@2o|e8($N-& zcSI#N2Nws;#z)F1lBtTW3hJ98j$!hBN5a)amXkle z`1R6MPJl26l5)Ztv$u?iNuF|+po-*iLOjl!-NP!dGq1iv3VP&Az|J5OywLq6##Uf& zh9|1k`CXwT!n2;v`4G}!f*-L;29g(SX2QExNjz@ezlnRzPKl-d3e*|t>zDXUI|pwj zFKR=ow^tN{^QLsoaht)ZGVtNJ8Y^?Yl$l0gmjIA`D~K2Q1byGw=Xp60Rz-}n8yFzt zC{aFTQcVV+eIIH4Y&5`X3Lyna^74q)sK0o^_<_};uE-;V%W`cnbm^3x41CY!J!ben&_~YiHNo@PHluI`{=;d znib8KRBf-DYXOH^P!}EmcsWN?`6kdG8X>-rTn<9{F}Wwj%?p6tda-^`h$4QqRWg)% zDnLztX$1z~!Wd7v$SoFug!Qi&rcz*{@^X`V{J@z?6-~ka!%&(H{)kzOr%ACe*g*4z zCt0lFCdN!!=j@-BbRC%@pN`dZymZUo8t(k<4mjM%sZQLpbBKrIIe}Gw5_=pGM-wAK zK>D~7NQjO(8sn`gPjBxl*6gY(1o)UG4pu0-j&|)Ge{)eL?eZrF74`B?5JX^wyRcBC zr{B-AcxX{;o3IVgE4ZHcE1ZkdQlw9}`*2U1B3BSBi?{)Rqo8=AI{m!q`sG-B06k!| zidr#(`=t2+_mu{uvHhj};t*oQyaBgfgMqd}oFX>XL6M{rO6dW|@qzcUjx9Tk2BSAO zOAqaSw`(+wPRkBE5fYGYZ7_8pM?HKs-sdN)vnSk&GytPsT1)m$fo-A1n}k4wh5FB& zK)dL+8zs01&8xx+CF%Tm(o&sCgSGK!`HGVS^FWVU`E!`En(GeDWMX;aZ%C(?TuT4f zkPFL>O=X(<>3&J8x~LxSM}3YXqj$hy{zbXw^%my%EJ=;Yp1|z1y*@SuZrURu?!U9i zGmR{T6%1q@_K9$l^mRQgQ6@IdCjNoXb~b+glZ%rqRHgFagmU$pBU~W7@==Qfp1uO(>Y_6M!HO1-&CX6u!Q`ZtKHzbG|*v zdq@UTOYe+pC+rZlp?afxppj+nJu_%*g_YA-o2HdI6LYLb78r1NnY^;WAE*<*c68hF z_k>rRK$jeeW?MaTvGjB)Rivsb!jVr@Wn0DduA>$rq;<6Irhpe1e;n)>Tj*-?^VXO( z^M>Bvt98F239wnT$W$uo_cEg9J=|^;wPvyS&d~lM!HsUN4n=3YcA)OEVlDHg z|IiW8JD6l&ozh2DZfn0Fu*!Zd8TTUStus(NooSJ(kZ$7D$ffbwe$MyBOB6%1C2EcK z070pS=oNUw2*62WZW`|;S48M>2MK=6ue+MTKM=t**O9_eNizv(z6Cw3MylLSkTy76 zi81#NvJYPP=HArzU+|yEiWH5U9QtL#C1Tv%biHXX+1qStgHb3b-;p~-(4pCJIY2%p zVt_Kb?1seQ_AgMcuJFs(Tq9_-42VXzr0M+j^GJ^+hnwz(Hc@984xI?5AO? z^Wyf}cj?BME|!hZw4cheZYwu;_W{s+H{@!TI6~z+jaB6_G|SF}v<5Z*Vp{t%i4y|qE3XrA)0{FOTQD=J;a%YLN>X`W z4DgJvV@O>F+XL}G(HfE}!K`qNgqhuV&nnfAF^$8JkKumldHgHtDcMXf+0cCyi)1AM+ zxf~~FA!@c}t-UTPd6xW{_W*H`K09}GS(-s&PBP^|bgrcf|L*aD1{U)06;<(YzRtROK38SV7(;>nb3=0)r@@R zniP|&`p)HnMq=ciz@ciKItcGdnIO5|EC@nJW?hnf?e0-YLJS8<>EtBlWh= zC^)uA4mgT^p!pf29%^R#A;LHBWq;t=PZNRdRvOjFe7dq;p^tmIyHg`1nJ0+g1@-?& zmlo0)e8?CfK1?A#H4Crqx3F1l-k}$(1-yXMZy_uAa$I}Ta=$gDj%3DU;Ae*uMy?vA z7NZ^Wi$S#1(N9}`JIMsS1o{h+xZJwQ=y=_a>s}AnHM1f>q^0s=eKC@MPL9ldH_@s4W?(8U_EFQ&qrV~Q1jR1tZ)o)8| zDFIQ!qXy_(Z@}|2?A4pm8^rU*?Du;OQwY^z@$r%zIEo`*&e_eN(USah_A5O=<02=;!hiL$Bo19vNZ(+fbU@{C(P4Whuo>;N@>+5HP?9 z`EMl`kUJlR-o)FuTXcXYcZli=E~4JRmAYo=aKqS)c#51Z=WUd$B)2?NlreC5(zzU3 zuWRp5jEWZ{&-x|?uHZTznZz2PQ2evX<@6@;^!j}~7UX$N4G6d*B-HWL8DqHYq_~pN z#7X&Z)kW=LY-@>qE6OJQ69ZkGNi4A%+#40Swl6n`Uf+8!6iDM4_iAuHJ=+indo$?X0>&{HSNRuxdA>F;manp7W}dKI*|-_XlTCH> z0H#Q;rR&MYb*HI&6$E$WY@LXc9bQKO2%(1_{o-^3vxP-Qp@=ycS3tdy=^4CbluK0> z|Gss6X9*Gqs4z5)0ryU0S?iiV+;=GmK1de@ynx0_j^iH16@XQ_7rC@%Ro3@+~) zUx?0;;cpa`@!4oaN}CQKYp#oaqw~;l&t3>>15IoSu4(h@Eysolj7QWFr((g9X4^JS+vN%1GHeK&bMzygot|e3St*5bO-mkC4+WafwGXHx$f^j=MHpo1g z5!MWfV-4#_=wUCP`N%!bsaR7v9yGZhPY!KoEPQ0JUZ@_Fq$)Zvo^p#+Rs&^iSWILi ztq7{Br8H(85hEtSXBqSqb~4cYBCn&9#@@PDa~@apLV(K)fVcUu27dgkV1@fkwUSS4 z3PU)$2AJ~fsTCzdhJ-8%JjQQ)FK3p9VP(N*AmUnV|Fk*#n*zqvu}Ox`h@)ZYpLGO+ zxIZ!P?kSMKh-JHB;N6+leX98y8OF-}P!E)EQ3dEVRqRLTG~oWXg9@Se&!lVTo{hQ@ zUoAR^(qBmEt0ZU|I-4b?=zN83HI*NeD@*@8bng{bUJA$ak~;6PMahl!VsGD3apJun z|Eww!`=LFspxs3B;&Rxwne*h_u7rzv3NF#1z1&REImr9yf?=3dW3!rh*%GB<@P;?L zDZr%o>@wio`Xr=3d}_HMX61_$HYtu-XO|~Fs_{qDQfcp=c-yguWt1KYRg3LQf;UX; zaoR_N?!y-Zr77zW&!}eUU zmF#(?XC~4LAm0!)C!|ZTcfwceM2R>{<3`P=b^ch?g{Ii8LG1U8{7dRt*kOPVNRh~0 zM2b~&SP}J_EyDJjC6Ddp4Iip(e8GML^)CT!XOl^4{{J+Oft=ka@$@2)LSTnzf!<|9 z8cbpWQ;&acs@e6BYMMHG;SMV5E1BCqR2vid{t%HV9jSG+8AqgN&^Pl#$`YnC!S!GRQVUHHMMrP7+heAL9WI zr#AXHXjL;QG5d6YKF7g4CU@?|lFAhhT0Vi0_z zH-RwFe{M!1WOaJRvG$E1C>&;Ji7F5n|X$VphM|cvR zW?1_;MOet;-AH8lT^rI-^%X%oUqL_}XqKPFvmj4od3c4;N4B#G6u!~ceOeE zhgC8kk{IZ7b@(2~GX~Gi>*gp&_+gFa;R_h1Z%=4%UYr*TJom--1uQqPEnm69o)(80ac*7e2 zb@?LZqwLRuIUJlS_K-z7l-$DtdYGEp@p7obqF+#-QX9FBcjVZ4LHGnwjIxvO++0j5 z&h}D@3)!{l1raW7%-N zFs!LvP3kSxc+?QDxA9={R&~BOp!8G1YiF~pr>*>V4%99 z*ACi9)0ub#B?v4lh`Jtr1Dv)SMT%u3nVQlquf$g8a<_PTQ*qmjf@=6DAM3>Z1|`?s zh1~%YM}=eP{uMQO38AuRec+S|**=U3WOX{G+}+OW7ijUE*Jp-uOxR2~mf7M2J}G@D zDszWc$A0Xv7W=xfzJ{ne?8u63b9yuW*%W_#E;NO1&{Gl=S&Nw%esczfq7BG#P;y5m zF3LfNsgDy8UJl%Fj7-{oW|Hce5Sf5@l^+giC$ra?fM z#%+Y~gqEGThr{ZX#mn>VBq#%58C%M&J;EDMY78tSJH~2SA!BPwUGa429HqOXjH>!xjW$+Wv|sa!@in>-2d{3SucFvNBOEMC?ahd4b8>|}E< zBAplR9qeUkSTR;OeQ63nq4s|YmH9~X4RMZ?OF8i`d5sl~gJBV4N{Eny6xr+Q2E{UzNEopv?`&dG^WxqC+%r&PgQtZd5whf~r`@>E|?$ zf?8!nHF^@^xlfy>=)1?b_@Kq~?U4*lSIc%SX_z|aP}D0@7uGdGGs*qfohQ`&t1KMq zqYrxA4OSCdhNGd5Qx>7PLLa<(FIPf3^0MN2=O;wsm&uq3jY~8-Zq<}SV|v_%ezFD+QfN(lSGN7{G)9p z#tVTG8b4_r#X_7Zz+Tia#vDUBiY9KB6XC)cyFnRtCE>UFMHbJtY*%MIdb7r$YX|M9 zU=V0QMv^7ZQ%u<=<>h&AlC3E* z+?_AyC>L}07C~zGuL=<32^6=b9YHt_n=F$)X?u%#s47Ak0-LY&8QUWR2d8S5a09^iaOYr+BL}!cU4btalI6OshU^jpHT1 zJ~2gZAWq^n+V9BuA^y=$Hw}v#lSZ#AOmFgxY`6Ls=yS`VZ%<%WXyrKwzQ{lhexdqM z*$tI6iLmu49-QP4Fd|C!`8Rp9w_u^}6H5U5?ZUF`mOQn=N1~iVbE#qMcIk$yGt#s| z_bUyq&x&l>v{d`%9LQyv&#j|OMyw9~<`y3!88g;xmlaKZj;^bVz5eUL^J}@m$|5f| z^6?|KvZ@dk*877+RUD`~{Hh2o0DkMej68F7Xd6ShM~DGG6SUWk5?90D$_;Nr6zY-s z@_gZ~Q^l)esfglC%E}T&b7$;J%f;d4x$BF~!`i6_fNSNWqwuiRQiFAfr&$V0;iIOa z)6S96*hE^<^#|i69W7o}&?i~ZH}6X+oX;z**>!wSjx@%}H%Yro<>N<-r~lZH&1?C2 z47miCQk5^8It79TQ?vPtgh6RaErYGNB|+^@b^W`-!z;xV=Xb|fmw*SLsH1Dd6O|0- zk@BJ(fk^Gb6XLf9yTqC>wnNsNxeu?854=95Zmi+{vtu(mH5Yw5Az>^p4uS@r3* z=*x6c`YY`HT*H&MiVgpHGKm9=?>pL9o2Whp88@}?H?aMX#Y#B}A?KI4fD4|eLXBh5 zi6a~|eX>P|JCh~SMFkuM!YjVgQ03&fu6|+?4D;JUG7XTwny=Kr+A}w;eTi<&Cr{;{94lTc_GDMFiu#Gc2_NgA`wun0)u#>G&vrelv;L|Pap^u6EORTj#$syN592%`J?$76-rQf~(~z)!8!R3ZXA#1>oPurLl-&+@ zSiz8uz@gDWS-VOH4YZR~PV7c3vDohd)K7%2y=5e2`wN!#=r7`A6UD^@2KFBmz;vgg z)NIQs*>Udq0PC>xBY%H{)CgC=QS@f7t`Dz^u*6A^Ek@AdlRVoNL`%)vUi8jocEWF8 z6hm}i*W|(HYO3S@?{C<)W`fjm(4x!jrceiuIq?q3vt(=z^VWM;#oD_avQUYM0rA|4 z4(+RC=AO(o{{9Q!Nwrm@TYuqz(?S|D|Hw+eZCM)fI>Ed`TqNgdEOh6%ytYDXoM_e80zxT=rdVZ9mruD8v~K5 zeH-6+wccFkrKKjj}!P85t)@+-k0O?PeIum3m$(EIDDfeY{X7i|0) zY}!XP`c}x7S3VaYBPE@E|z`T>59T-WRuR~_XCiILop(3aB@+EO_D0fL`VNEJab z&*!QNbZpHvC|tZCqvKMda8UW^g$b;7hI!q?&I4cFFa2ZZ%Gt(pCd*@L*p*AhBz%Bm z)YyIuF0aQm8-(KYD8?>#QDbxW&^kG`kr#^s8&nZ9{KfE~UCdEwZW)n< z%{WUuafP>%l%s0uzP%zyCfyxqo|It7>5i@7(gO1%F_NQYeK|>gr2m1eK|DF(4$5LW%axbMAgTxih0-1>j%F7a;yR z1|v)U74E9K2u%M>;KLootIk39x*u6Rd1)>pVlH+>Qargb1y24yh~`?tTSI(|I-RbUT3LUAYUxn z%B<`StA6ZLX6DVoD8zdPS~^8hPgIvaEZRa&!n~<0=b3W-x{06O%}%vj_2mHGieXfn zuuUs+NvUN1oUSjf&Y^r*!6%fJG+W2ybdNP(R5WjrXPs}#F5h4BC|EM?fljXJ5 zrI?Q%Gnp6Rm6+=??*FlL-tlbx|Jz6Gtx99-$KHF#ZmHT;o7k&X?Zn=ywTjw;T3trb zQk&SjqSW4EkJz*K@%`QZ_|HR}oO9l=gX4jpQmT_qJzOEW$6 z%OS3=7-Z=-Pplo*nQ@`cRa5(j|wh_oW2bo z4Xks+i3m>rn2~=H3Z5g=a+nqE&I$BNq43Jr^@0VGFHkLD?q@Ujbis#_Xd_3OWS8|r ztBcbEq3ad^2ZZOC5LrI%*h-$+)^tp+ek?`A?+c{daCw%#O6sLVC{1QDRa zm4tByKXG@FMy|nAXupbXW#fmBX)z-xTzf!Y9qXe>l#bl+UZR8a?d%*wR+$irvZ1SqA@lTU;WmstJh4No+ldVzs|3?4aB+IWJqM>R&V0_MV zc8ur}9;u$v&R|3AN=O4by#BBP%#Nwv5R0?QJT1%rYnUS0w0|&_txf~gJ2a~@_+Q&> z*G*vlVmY5G68Et^wlq1{7s4;T&~#i2lXxqC>o$Tl?Ds{*wV~8-X|I(f=5uxak*1XFZM$mrPKu^exM`<)9|aion8jcrfb&zFPyRq%cGNCDnlC2) zY3SD&XOgEPe1$M!!=@w34enz=Ns4?h-HuBPO4H6ns($wvt?}Z~@ZA0|Qps+0Ym};9 zFl~wm-p;Q%8_)=J3(PB9p2Li8s`d90St;e;ZR>gwHIKnY zDF%aqYP^W@j)n-~_y{6q)%<3Kylh(Z6r*6C_v^ErY#@TSa268M#81Gin)jkF43Pif zPkhz_J%{3j1p=n}uj$b8<_u~BiotWCJeYq}n#2Wdw^2#Ew|qYO!6`M-Ts9M__Oq+VUsh z3CSYhrFTD>MW$DJo?zIM<$XTgTz)a`Guv@7$(IIy6c!%N<>VKH6`(D~slw-yuo)>> ztRRgg8XWE$&dhxtWnAC-)y@^}Q8Bzf3$xg;3_N1MUtK|jBa zd*NMQl>aI6*p>Xa_PExOd1Kux-63cO!%Bu|N^b*}VrC)G1Pdzg3!vdLiDMBV22@%{ zMPj04;q$o7wccaPRe({}JU9);ag@VST>@YkmnHusfg+c1JMpZfPEr<0sBjQsnBm~H z`}sCu+o*$JJedO)#UT2wW}5z?D)j;COCAU4D&(*HNP=dI?OSeQ?zbiK1%)=ky}W{N zT{sGd@&O+a*rTt918csdjasL`ShnKagWa|f7q#sFSD@eOE^SRl1Jkv}9<-aDsH?`c zOcm!Y^_3XuT%(p>6I7ZTK#ej0oZ>&5LFIJ4ffl2J0C^T)E-qw6@m=;6CSxvG`6B-CiN%c`~xrj$EuKRK5Bv0?{t z+9R_P>xb(XU`%Ms9C8ZU!mN(iWKqYgiB-LX7)wf5Vh zTy(Aqu3IMZ0w4a%+mODluilMMZ*mqn0N4!{8udM^*wFV<=!?c)PaQx}3B?j@GVI&& zREgVGyOuI7ww$zje2gwS^h^vq4UCv*& z9HEBk{MwyUU%0!|DpCZdJ>Q@Rf}>~XgYsW9)5$fAO_ObE=FW{ZT8h^lEsEz+=2KFwPe{s_E+u?zeWA$c}V!8g*PMQk}CFJ&!jmA@_2HO(|i+kSR#kW?M@cWNc9;fSaj3#dqR5 zZSK}WQdnM$t>52#M@$>lBdaxr<)8nxY}j%2!KKKD40JZR-0OGh4NhNe%aO;jU=e|- zM>t0R%4$hI3z7n-X)~~%PQG|BJ5Ai8H&y+&jym%z!7HsWcK*1 zQPyOFCLmad1UuuLD->udZndDWkPov8KCiU{%Q(|P0uBmL3R;P$pLwR}kHnbuv=W!* zvm*5s?6~gv+iptvjL@X|CWZ#s=>57bBaUTl{jz51oIv3a+n{O&XHIRB@p}&!eg`D=Ta2Xaav{gQuonOhtwWNAG;lwzyn_`pe-Jw5 z%w>nhUjmZ2>I?$WDF|9G0v#$zWpS+!@?}$4Yr6^A$wH3zOEeo5ocU82x zaUvEAq&Zn2z>=1>x{DheHqY?R=QN<0d27nOX^W`O1l+e_i}*5!1H1(?g_pIw2L=>? zDrMG9xN|Y>Ckzk~jGM5|t$GWyMm$a_mI>P*yqE)#n!!lLo^>rzy0_1mMK2e1`MTqC zVTocz@q;@diZko?#~ISm zugy*+C^U1LP#iVZ21u%^Woar;g#Y^mmys7?LQ{Jx;)XR4svD>1Nwd-Q?%akxe<~n8 ziYGeoXLpe67yg<2jVWAm?Z!Vt$E?&0!zO#kJ_^sH3pz9;$037nXA*uI$<{Zt`o9AWc?Jl4R2z z(rrS^ES#mIm|-L$peW?=hDFA(gr9w!;mZBuvBqU$x8~K(BmcEil4*ftYmMZZ zYs0?M(FUVaZ;~H8+;~wNrI(Em>!Lc>RMN&0I&D{u+a+u{^V)&q`+ohbZYWIX?-nRBb~C2w%N5b`x7%TEMf? ziw*jFvxLt_o9*8?(m@v*A-wO^;x?MQCtl z8E66}A9Y<0J~@7j>#3F)Z=RtkJDMzskZcLlH{vrNovY1Q&T*}r{={N1eJfKa04_WV za8~pAmEM1%u9hg%tQG#B&!nkScB(-c-(s$Cn@|BLodR4{0fhf&)zOb zC8*L2Gh?Ogr5p*XxUf{Lbh2Q6oY^qsEolWWsd1L(gD~{W;U3nnZH%H&pB0L~XDifz zrM#95^RfjK%HN?_-WmU175#Rkb^JP~TmFi$Cm4eR5HsTzul?YobfY|wY;ae5@zl;V zDS27rvctRIJ>@I@9pqsRIGN z*!dln=J1~uJW1L( znLy84$Lf2@NacVYujE1x=<%9auK)HXG+Zn*6$np$Z-4bqh3RMTh8K49yBL-HH?TXC z9J-DoQEa~uzWj}!`d3TLwO6TuMs)rj=0-hS-6~Ay_e(EbW z;I*g|v;AWvaFZL5`l>gV=xMt6TO&ANBUmOZtpbs1jV%g(&c-&quGNm{ZlB;hkdf_= z(scx(O13m67o|~z{yDkj5uac36QXW3&4vX<$0p!RV^$W^rtgv?aL0dDTXhbe?udQ^ zmc+&BBei)8t1ZzFmi$gcTP(&!INISLr}3I~pX@Sz0@fkL+aVOEbr3vUn*4%$y+L?L z;$8X5=O?CJ=XL4Vr9vV7YDu|+n47r5I~5)vQ1D)AfW_5bB=Eq1YvA0vvFDz?W}FYG86(*k z66#pI_f8r=PJ=4Ro;yK?9J+dZU>b@{1MO_Y^adpihrvhKW>M$FzR{o=oC@E-dvbq^ za#|t4O7_1Jd!+qmXCo*X^ml70@p7#<8}iFP2R(Jy450=D^%@B*h^k`9;aSH{KT0m~ z+*ODKM8VuSV$KNu1b$t}KVIETGbMk zHUu18#0-73hBIJIEdDM}46G6)iC$l72Y1&13%Nnh-XHa)^-sSB>8>6u@akBb6gDq| zy4B4dEO)(&(c9Y8!M!k>Q)2zNvlv2v4v5~% z`=bFf$K!QY-A?f5?pLEaWc>aEpAGWQX?zO?r6oHzskEO`0n(^{)YI+a z@G|239Tzk0w5eAEC!MS33|Uur<_uevn~hQPzR=B0gR6w5f9I{|E!Yb}GNX5{7w<^o z9AJDfNWn*A46)ja5LMz8Z~ujEx{lcxSH)+^=%ijDlsA3_sn#0M@nQK>_DD|M&n0nfwFQhYBGttI>E%@vR!MEG16rQjhg|&XsUP$9dL|ru(#n1Sr+9w&X0GaJ`<`iX_yT+HvvbC8Z^-+=hi)_B z5uZNV(S+1HJowTP7kl(6*kd{TH6rbw(v>75R^pS5xJvH^1+0+ep%b1J8SQS^h*CYu zntX)Aop*}GHGp$a~&oWf?1(MX}k?fMkn$dSmnT##(SYc&cZPW3-GED5r1d-g$jVh$z4m%Pv zAN;r>9-L*>a9LV?9hh7XM!ej;iK|2(Y_cYm+k|kGr5;xfUuD<363rlIX<)fgqOJ7> ziv+P`|9@Ui<*R^eDhuiAB}!-6ZCv%Zad2|qpCj+2Iuzk&^6H{;Z1DbQRGE$Y+jh|5 z4bNp504s7!9~R?M0qvvLgdft9>K}xTHn~5n|IpF5gZwe|XU9sx{6R!Y#JGv4tCaZ0 z+EiMz?I3&Roos&^#U2kAu%wLvO#i3^Ctf~SFg`8u8N?Uya1=SaV!f)cXtc4+?@Pbvldl=Z9`Zo z)=s;W8827f+CGx`w^hVA@g`m~4&VzeI4oTIHp+M9Dcq<_@9bPAa(iwe6l(p_>Ae$- zazSQ2B9qMb(*zlq-5LZ!o9dvY^Ej~)#pl(uOycyRIEhg|KZqwo+|x+q{j7eF#<5u69#giqE~J{UcUwq@-bJVI9SOl?8bHOgfm`Smo= z8ZFoRUDR;xpH*+p3Kp$orwwAic2(lh70e+-!{;C9d^VP`PJ7y@uK4(MK@$2 zi<4|BFZY<_zV8bjyGy1wscC=4$FvY1L(Q~rTC^xv6|no_^*MQxAv4ZMq_4?M0sJgm zEi}hxb%r9^Xai5o8{o@HnVXm@Op#Nl7PTA1|B&KN4urKddvHMJc6JVBGi@{<97zdY2?aQu=g^Hr$7c9eszDYEP{bye9BdKe72{)AOZ3GG2?<5C91 zg+AK&Wv@yC&s$P&j+59?KMoY7SGqck4J4G-^)=olnOCV?HsFF__DMLYT2d5+%wJN+I}b$9 zfwGG=4rAWn1^ERJvpGZvo?VVDwcuOq2C$cC7Xcmm4MMDkWs=SQ3--Il3|Cjmsaf)3 z6d>$DtI05uYB#;Z$nAzG zk6WFOj_6;M0W5*Iyp3cPu`FvGRE0Zq(+o7la?INNci(*HuY`S5OaD`%i9I4R2_2(N zMD?{bvT!!CF343(T1ED#?u5`Kr0Uena-x15X1SCNGs3z>_Y&r}mb6R!=m~CGFG&Tu z?6&WvvlTzOtYb6DxEEJz@mc*!gWHvvz?-i@@yNvwCwJry)1(PttBQqrFCeVTG#|Vs zgp9~U`yC1=VSYv3$WXI{qodgcm1D);yj5yBGc& zn=qlY0^@VhA;DJjZ4fJpJ5e*KhJ3A8T%K0gA;=zg*9f;ae&D9Mj*@{?i#y5fskz<5 zukHy%6!U}ZmqVFpLoYade%fvfv45>Bb$LmY$m0#zMO8RXq##)dKW!)h8$<4Y#ylk8 z)St7D`+xjn)$P9NWQ7dgRvk|9SJf1<%)@H_|tBNE0l`niHr^D^9!+e z1y!{P&zeI6#Z9oKLdTf_)?gnGX!p=xFasF#e3qXPL?A86B9DMrhO zDA>rId_Ms+t_4gZ!0gi&!qhn^v?nTrz8+ru-pe#A+KL?HKPc)LGYO(tcgiTZE3#WA zdup!7Wj)IMm3I~yQChWRo{V`V1Mv`Z>wGxNaSL?H)(&CKv42G$*p2@_ zke`WuF&Sx{82@kK)T-7j6Ss**x=gpg zhTDhlKNc`yx@z>>Bypo{7gI81dwNMwa4L|-m#A55_&ZOY4e+14+>jHBY?+|}?q)0< zy-FMLOAmX|C`xl}V|-5IhYxdG{_CfiV$Y66uN-TrB@c%%+dVi!yIZRi_0|1+xRiwm z$3{B;B>9PV3k>s4VnpW(WQ3NM5I^Vz+itv%$8E;2JsDa0{n&_|5*T)2QCOpbuhU2M zF{ElwsP>mB1T91d2GwY|*`WRf7+Q?=yrS^~vyR0_ptOU|)%M!B?m@bWGWmNmVb<>< zb!VO^h+yf zoo6lU0dPGwqTc#v;{PWmx>b8NQR=pwsjXwSb|-3~x}@;#47_;JWv&b=WDHh{-w1xwdt?4~k;18DMDr#@<`1_T+oG*JqL5|Pp2d+vWlsR zjUXyY+M;^S5FZt(*KO|9!X9>`nMzlirj?UZ^0mA`txi&S%P%dWAA8tgN>u7l>8niP za(I+Lem3!I0LPPK(~~I3Twij`tj6e1(QS<#W}TkxLcm}Bb}X=yi0kje*w%s9QL`c0 zTm+-SucWQoxw{4Z-Efs5RV)trJvR@j2!ip84P}_3f=vuk{F1@k_cT8I-Slm*8(_J4 z7S&iBEzNT5ebXxQ?VGL`EGgvm;h?KoA+{K%geMje%>s*QEmPcpY?mwgcpj} z)1wIoLHUFJsze>IKh3jwz3T}P#CDINmg$<=Fcmh}LaddDo&W*$3g9sBWJLk~cxUOU zvBN;~^6_KHCYB{Z{*OikUHEP_liH3%saQstIm#%w9UgZS9xQKy&$;AV$f(DS%!@rr zn3tIDLIdm+kwD~f9W5I{uw7^ret5^L=2z0s&|9Wxa%8|3o@Q{HKm9-<&R|frKYuVK z{VVtu3rTXVB>&M(2t?lcDu+c!tmp^7_uhfDVoKapR8YdXPTQ^gO}_M}v`hnq0)uZZ z?`#sc)|;ts#siMdeAj<-tN(*2PF}C(vOXF+yIZKEUPdH|GnOa|7V?K>;=#|`9{{QX z7H>jqP2SfP1%_XA+6)nNB0L8^xx3&|!yE4df>EXtrzfYt zLldUUE4gsS)v7HLQ`MSpUakcn=5_>rY>5Q-G=(7_M=jLeN_~F+SI4B>LdD( z*IQX&iwzN~WH<3ReDY<7|Aw+gM`Y(t4CYzwrD|VdN1GroV>mlDsT}$ZYBLY6^-#v6w(f zHS6j7awjKf`?4>Qsv?MC__7|S=RCC%4h4VqXg*RCs}my(58ys|`+0)jA`$zoDHCa( z9oRdETsX(tq#RLNxw0f53P3l_fC|2dWtH?`CeIPdD(Il3Yx=5dHoSJnl@TgMzD=wc z^Qc|XG>tgf2BHC1$E**nY%~|M9PV!fHxfH^G-P$xV zWO_UMD2UkvMK^!)v^oEoTn9#0?lEt?0W0Wn_z%OO_Gl7uCotHKmk6NkKlT@PpsQjfcZL-Z=jkA2EcybjhT!i6epXXiIYT04V&8b57dRqtAPF}D z%`bTWeu&+2DY)q3+Wp1S#dG{PpT*;$vPn;$O8ycXNvGF46Sg7AEYSvgp8-#H*?9=RJDjZj+Zj>=ydz>W+}=G-&pz5YH4jr(Yh zR4dh?EA>+QYVp@xbG&q`Nj$ia^i4#$x_(8Qz0HgjpLk~5C#*ytdTecOf{b6ihtUz` zaNW8hIWw?)jF+=at>Y>&5N4)JA#7yxiA{dpK#F|io8cyN*LpoUKMhb69S#3eX8~s`J?jk| zS$1`Kt%Su|;^j zQyfYu#1*F^8EDS*j^y>vS*s=81J)t?{HWER=Vx?+$>@69|z6f4$-=j;0OCnUQ_Gk)K#X z2H3(`4#DXplTFqGjLk9c4OlGwLf0bQ=r;V;toO*b)$^fm!t|`#9Q8fYLD6pHqq)ez zHKmJIz?$l&?{=|c3f#_xIyXm9!fUPX*W;P3_U{I-e3kHxo%seV^g40_Yc6CA{$AoU zRxB*;=*5C2)oqQ9F+7WO4$)_}_N_0!0LwW}FbXVf+grE+xmiHMr2Yw9_#^`;04O7- z((AcU9>GNoA$`wP4mf*>DF3b3^Yefio_=&&&RUl)mub*EW0Em7q&SKx#&s<3mHz8N z3TLRJHRiel8zDZH0vMxfmARH4jrI79$doGwJeS24SkIAI{A+Kcyh-Hyhk$#I+iGL4 z?)Tsl=^J!hFB@ZPw-%)&q%in`*r|%-VA+N=DW!)3qwHxb7q-$$sf**VkSBt_9I_2< zO$-=QtdhE-i8>!f5y)4ia$ZX)u|zG_$T5S|Cs3IJk3D=s2Ag3$_zW72Ve9Xb(O7_4Gtb+Shibhi!BwN&tPS*#6!zoR z<92)HCKtN_-FoqK_4WXz@b6{n;J?0^CnxYtoB<6RYkF(vSn^SAtD;|oxnQQ7@T8`( zgu=c3Go9jm9VwDDENt4+$RBAYSRb@m!SnX{|CQBzmk`|%{m#kqF4A^W`Po@rmwLEA zbmesEFi@t=rjc>MxWtcn<=_u7htLXr6s@_iST`Anp+^AIv*~*-ACTL-fA8UYPUWI! zpCr5esRw6@5ef|cfQ^F9Tg$0nvXqU$A(F1{CADik+Di%Kpa9ZYY9`aSgo`E2c$C3z zPL3k9Tp(S?yf*6s2nBs*T}(lH>)80XCbF#-y?hC8n4&o}hZUUzMdPvh0*6jjK0(QM zVtkh-hIf7eKmDeaR>)_$eyvz(Fn?gD;8VD5gGt)ht0=sbu|$da1$t0$0x6Enq#)`# zEZO#ld=O33o9ub{Y=!PJa(>&rC_0_C92Yt@k4dOE{p1(MI7M{x4Q6om#0JB~LOzPZ zRFR68{%$?`*68?13ZF_?P$uj+0OJjeJfKF1$>T2R9&xvoHcIW2n`ZtMkiY-EBvEo| z!f~5C@!v_gqWgjQWGNlgAFeCIY=p=~G9sj$u&Or9ZCRt83RP=B$e49!8#m(hdtQK4hPmENN)oz$-z)YQ^ zA5Z0!ywl0u$;Vd0pZ7MR2R;~{zxTy8;Uz$Z4l8CHwNuucWa$7S;-;veCJB*Z^6rbb zXFuKtNabBzUv7#3aY7}$`6n1rFsw<)(<({Q1^r>35P zs9gFTCs^q4rO!r-iE6wu>q466np){bL*Afk*#03}XoCR|p8i@!JT-MHt~%vCg#HPN zp-Vh5HFio3V9H)Y^rmSUO&_>)mxgs;q!VzwAt=Cdw7@{b-4_Tu2Te}GX{|4M(+KEe zbRsL;dx&+A($DEPoJhHcvchR)_S_9)kp*&Ootqe77MADQQDYXnf?^ z)NX&*f60c|hQw^0UA+pqYpv+iIUvSf)PsKjw5MNU#hN1I-gLNlZ!u$1ORmtcq#;xL zG;Nc5Dl_C7|6}GGi!q9?5HBH=L3`}*Exw%mQqzV1Ar__8$zT_EjKUOejqSaDOv%6GcilJ;zfw#-zTtkiVQCz zrKZD=CmkNnHX4sKEsKI<_b~wOvxk&V$MsQqlFWRu8|m@Tgmw7~N4xYLh!^Z~%!yPA zW_WKRKT%mfYAzWDo0xnhLV|C$0KaEn2Mi7$-n9`n%>Hq2E0s;>_AZyb`Jf{}~FkjW+$4yC^;i@H=& zHr@ZIqEX&Ly8Q&qR;Tr27LZe{6-JTQytjan_i*`tIQG3G&$|s2*2_?}oL*Y_YnS{( ze;uGN4owbPyQ`M%-2$*Y(WgX0&;-qOaj`>{)3sl{NB+wRP7hFo@PGHXp>(nltq#@q zE;{IQX4?DeiI+YG|({tyaw06STB#&J3KC{5tKb=12V zbglB+o2%pgoBs;Xyg^i0W}v-}cLWMJieB^K$b*m^das5a)#EI?B)X;PZOC@artz_l zZd?&jvH`w^$v)`d96CDHV*&1xo6E)=(0KU)#icg81yd?klp?yxrY7 zhyy4KGi)N-ZSlK^&jZ!Qu%?bcmgC_zy_V;e`ma|)H;dxT7ztlyZ^RIOpcd0bqwAa3 z1v08wM!2~>0hp_2$R2dUa~f)o0z_n#2<|D-rB59Bqj*!z#g(ipDo3T)a5M*R94w!ckO=wcuh9^a;%tUfG9_p>3>z2cRIm}K zao>XzrD&sf6ftkGCr@J@zd-biBA7FSF?)OoCc-4`eE~dcfq`vS51m6Ps&eBpr`Q;p zqkgtP+4$`{!tdtX+g&5_RZZr+eAQ`%-Rfl$v>Z)5VmOK{aUx0?bg11d$qPdis(RP- z=$(m)TcN<6=Y7|H2)gf zkVbewx6C6N99oZ`oAYWiZ@Ao=(kTLuR)BMuq^0($_?3ic{>L)$X6SFP4CTKLQ|$ll zbW^ia?J*~izN|!b*x1P@{x`sloALc#^XPX4$%%4BcYb#?V@uBw~c>po0Xb38b92m@8AvZ#Ej*!pr3vSV6A?m zMBu76_$GoX0f<)j36F3|y7N*RGwquo5_qk0s?zl(82Z4lOdv%lPK>PW-+7zokIPP- z*P3O^Z~^|DouMC7?_#hc7Bi331W)Aa+8oy@$1=e2)Bd#B(J@R-rK(6u#w<~EQ(}YH zD-TL&=O9plvEh+LQE`)M{y4ikglrEx`$O9*sOmrFX6QcU%l8O`X{alko_$ow_B3Uo zIKGC<9}BA=*FKG@x!E{7ss+Wg7hH?!nj?Tv1Sg*yBRIVIlE)C(wKu4`#L{J5wPdEC zO#XY!khQs}Avr7F?F7altA;A0Gmq1nciVI)A= zj#%Vfu-!{r%Mv7oVsN{lbBTb9gN78QFhc4!2GI%f|77FTB=&FXAa7Q(Z z$266Fm>uXM+7H92KR*y)!&ei{LCf16F5dtY$Y~WXovfVE<0$GnN9*eUtb|Aa%xTU7 z-XjZZl8B%i$CbMmdK*zkZ<$^%9L7rhr7Z;p!vB4PdSrXB<8Y+H&)pQ0QvVteQAjq% zJSOtw*c;v3_?=!wp!2?%%zEj#v(K~m-qLz2$&h>e#;*#Y&eK>rnG`2l2WrH+ZEv3_ z)uY#fDL=~BQ7ISO8(lNI#o>At7yx2p`bo0{D z?E>lpa79Ifl`#OW5y>>>LaH@Wz))k+H1QCg_NXj^!xSFFo_WjDPpX00O=q9=0JU&= zoLLVsKr5kQBx)fBNldmzjEbp7+~5wE@{@Re^uLx(!R0n=;oopFtRhFQq_C zg);eyd|ST9$2D`JH!)+31)^s1$LLTf7-m-WwIFvDK$KElcH-)A@Tyq=V4vrZ^NN`DK zYUtRSLV!n~`ox@6BY!+rIX+b9Ux0Wz@yNm`6Cw^3cNawABd*9m+MMnk`z5K+jT)_4 zG4@4=By~S#2|gtB4|qpL+SHk^OO)<$9!rpFMRR;sRh$v-;@aBN@;>rR)9P&(mjSjR z+#xn&RIOvNy{|Hu#D?Q2Qk+Jdg#DD9e}DX_PLev>neoSB^r<1*k^gNlvic#oXDq4Y z5hd-nsq9T$HPO7k7jz(UxtWHJxGgUaYg=Ome*_Pz?WNv6kVWl${Hz;{4T`!|W=-bm>l@>wWseGmhPj5L5`9C5L-d4RBunOoa^ zy1u?5?*|wNMx_qk;~vy=+OxW`Dq-zwA8wAnrjecdTjJG{T$^SQG(2lI3&l$_BP)H# z(MzSpM+t^2Nmou9_%`YpzjpVHpnBa*&xfpyXifS^6`}y}&|;Yq{MnEWp2gn3K&ZvM zBtF@btD6GO?D5RC?Eb;NZCBWhTXc=zB|ZGV9fzt<9pZw3D65p5l5dU=*q_`FV3{|)4TY0v8X@@2yt z#%J9Z;RP7aP)sq)?K9?(UHxpxrOa$RPO&}_#!r_=@e>kAm3GJH`6(+f@2D>7*4o1J z7KC17W3M)UW}Z`cZrbnmRV=2`GEf|v+^Q&-Xkvj&=1M}Uz5jcO&_N9NzpcjzbH*N@ zlJB8T!pa6EA3h-M|07P~tcE;%_`mQNaE35_Vp7JG<||T8UM6)~JT1xm6PJYe`ptpv>niRuMN*~3A@c?-|ju0L9M-ThX2h7n9CB@UQnjz7_ ztcdtx@#fd}Y{AU^{a1;Ir-TVA3~tpC7Qsi|j)z{a^$04j{Pta%|W2 z2r?}~{15dw2L?psOzxI%kH!~1FVZTr`)L}RS0#+!4Uc$tA>Z}ml8&1MEkP~mvm$=)^_Rzi`m2dG#+Wh@DeDWXCI~ZzhICP>XZ5oIk_q#A1GS``p%u zlCDJs_UUoBcr&e0o_`_*}R+=4)<8B&_%8XyFzC_-5X(UA1`% z%Fok#cq7Iy&zf}%@=pvA)9oeR-!mO-LYaWOfdr3G|_X&1$05Pl@E`s|j`h zhO}UC)kPmW3U5d5cJbeBfwmK0qB4iH*`MJ9)4W+^a3hoT^Eql=$m4tTyue1tHoAjOO|sVS~s7me%(uz=L>#UcuS(j}`6{UpVIegC}NZx7()fnHNV$+5d( zqA1*my2o@K8WL;a>TNB@tg~0MKclgKGg^kpeOI4`07i+lZgw&W9-mzp(PC>>(qG_gOU7MfwX$&MI__Th5YYyY-8q0N{thh%@Id>c{)TJ06rEubw{< z?SuPBM|*%!NLEa>pb-)h;y}lN3DVl|E;<78M|>dZT3BSLAC0M7=n=gcVe58qA%( zPSyT79$Go-W=FBp*5#!9x(s>&SXY4T2mEyZ`YAHbW46KN>`Kv@3kO%xz&t45aMgF* zNCnrSm&zln3v0D*)+#@bB_L6cfXkTq27|8x8mMl6rt0!{`Oe)lC>Mh1V{`o00b9KQ zkOUk+fLgc376FO8ynM}w>`os==pkr!*&V=6J3g`f!W_qt-W(cTi((`RwPWAe+shv` zC!*jC8!aU#ByhCuJWR7hh+s|AuGeWeNN>N0uyr#A7F{}`+BCyX53T-%rWzXAV=pc6 zYrTa3n3eoFQR)D!sc5v z5C!^lSsU!x(j5J?RpX&wLnd38EaR=UDM!8l2Pv5?X6&a03>+>x^F`w5y!H6;R4R78TH=UOjSEK9<-wH~k zPS>dTR?LD!<>p^_j+*BM{JD%JtlyCo$Nv+*iLT{%QH?o4 zO|HTy^K+ep+M&!$Go{KT1AYff_=O5a}c$4(;ZhqaE*zmvpXVj$Zu=8xPPhDEVKw=xde7#@NmQkFByJ`pfzqvS%G+Go+MacRr2yS6oiG zcK~ys8ks?c>fPvV@|*?8(y1x%C^h4zOKIcs3$H|AZvYkGCkOzJ_o2(WR}Yy2EI{)z z^M{3QQo=UeyaiMnJw@Zs){cmdPeSE|U^Ar;K7{}Fv|eG3h;Vl@ee~Ip%}72F>hp&k zZJBDH%A2e8L2k1Upyj|f=^{#0SN*(^Fzrj=TTMX?|Jd!340lrvKk`s&sAgE2v0 zDTZpyimS5aW@KB|`8lg_$yn?3=i8G`lC+_1&3o?s=eNmu-|Cc*A`hKZ>&}MX;zt8% zQNZQlE1WJ&El-(MI)wyXPJKvPb>H_E7yY3!I_*P*d@#sUr>UOHkkv;G*FF}3hJR!B zHV3SR{XjkfxAMyj+=k_tW57ZFAAq23rpuHLe!QnC_^WI3$t#_vPgqf_b8e)(Rk^Dl z@Jl!9I0h~dqc4bP==A`rWtP@vdxMyozH!G#ZP}OMU@6}I-z*xUaK}`cFTSCt6ZTN@ zc$sTLE{REdoN4ZuxN*@z4w*|54d$HGwaK{pR0*rfW$sT2NgV#k4CU)O)qpiC)>>tH zF1b?4#BdR~Fse$pp<<0I3}@5RYQnMYre+Y6Khn#Un59oOi*;?+Y-)MLL6+~>^3 zsKPjk2q+aPPM2N1sE($cSMbG`r}aoA|U*{^c}Ja60Vp_w;`+Nsmn!mB&O z1%zaou6}92%AP)2N5RIP)#O9V4*tBotyMGkTw_E=u0JnZ0|DQlso4mmSEtbz6aFsw zj+g}|=jVDuCfVi6)Bn&=>tCQ>s(|EFuy_@@4|0DTqP`Wfj;(BJ2sc%7X#|D`sSVbHE21x=>El3o93;5dglMKPL-^^aEf(ZLDZtm z%cp_mQ0h2kM^Y{NB#T%AgP>%DA=D>|dilfDFS3_`7K1>p8!l9IAXiveKm!sLAepa4oxuv{H}c^0m{=tvL;z6Wb)MYVOupFr|OyEhLTM`n;Z zOcqK7c;y2?NgqZCq^hv{xSrrV6DR|RAYjDUc+g48(8DgFC zU>KA#RW;FOg!hd9YIdpOkE-&pU;MqN^7`6By~me*-W1FlZDFBxd<+&}zJWOoc?!Y< zuOwCU%;gicu-cb6DXPh)rAW!xl%bcBErSBQ03s>#hPMV&+42@X@p@!Q&0=mBY<{k4 zmi>7Hl;MI9-fMG#7L(up>%Y1vN7tv1=?t?O(ciind|(t8m8CuO8N4B(*F@zbEx7zM z&Y}J8$n>x-pCkLUY}S84qaj%vYPn}%Va+0#d`&K1y(aqw)~t!7sE|EM9eL%(&&B{4 z&ycxU<7@l4`QWnh7nNI*(AJho)v*cvc^gYYzAFTG-kCE~7gg=>5>rFv!no@eIgqAj zcCnH3t{T|6nQdToIm`b?R*zBY`bp@w?=~qAE4+JomN^0*dhQ;JKq2rgcRL`@KmPGu zSWCPKDq|OUd}bVf3?1D_#HGjg)RW3#?6~_^N`hG_DA64<=;z_%r)h7a$1l`pw&A+T zBUNVl^v~*$_*JQ0)$S-Kd0h?T=S2m7p|26ut4vv{(I%FGj+JVKG8l-WF3qbX zT~>6)5geM8n*v7{kMIK1=HR$W#@x#xF9xVr4<~6^EKHs&d7E0N}CV8`@RJ=;`#V?)I?z$&D0& zv&EhwEBVwt=4MsumbAJO*3W9ZOCLujr&op9(v$j6+0@PGI(nu@^RcV-ISls(@ zPvpoy8{uo9KoSbqst(%%$nbwdpL&NqBq9ip(E23T?$y{IpwcCAd^Mw;{9T_~-RH|V z>Sey)y7>97K<_7AbqV3Xgow7Y6!2N8z-6F0y!kfWdR4a?o|dAOH-b#|PB{pKuqt8Z z2c7QWz6?<_<19@M5bl0u0OZN`b0?x7uCo^9;I?ZOxVRwJ)kA})_2AiFmu;wHeKD1{ zy~0#>9Bzuzm?PtZPE{d50}hD$8(hO|;pcIy&mp=@&^|lW3G+r5xH1QOYMId8FGCfX zn^`cA*DCV2E#KnDG7;`Ss2yM=MmoQ=9{&P?n(=UpQ=z$N6+du_{(JS$6V*NPB#^xL zQ;a_$nPM%yabmrSvK?I7EFH}Z5a_G8uDvhud7he*f_fCOJB;HjuCiSvwy)VZze=eq|`pJ zb>@1IhdZEQ`owu+o7ZH53*tCMPMr-Q;0MkCd4ecqBnu@Q^?oBkHSU5N&~AGG?q%tk z_g4Sg1iVO}Y8Ui1FP&60Vo9P|SYBCJloXWI7P?a7HSsKmiIL!4i1)K)-RC|1V;EMO z;5?~DJ$fRd>e0auprHenuiC!=Ybalb{8sfz#J0)c}Nx5&Zd5Uvv_Jy1G& z0pobLKhWPp6(1kCyQ-oT!$Owx0!5-2;`A-=m>(OTv98y zsP_6vAy3wZOb4~I!ql)c4WO*QRDDVK|FfmV6{WVMqoe^neOJj|5%j|9pJBv5Tfu16 zYP%6vQ0o7L+UMt&Y#sWg@YpE%bi~5-t@A5~5|oX3?%``H>x(Eo)azD;?e4314Bj)u zk*7=*mPESvvTwav6ZDR+D^TbmpoaXhi2{sk`NZUc4}10?8NAV%^=H1BQjNeVP4e@v%Z-{HqEocO^xh4<=*HL5xtbp!K+ z|5sAbTd!&;B`pudPp--45A+3>Ru+3KMz=Hq`n@Xq4WdYAyTR@^#FcWt==M4LA6+I_>TQM&Rvvjx74c zZD8L(m%;rPQFFPia_jYSN%(=hb<;|;TQPht&;7tm4(E9XTQCm*5fHx*u0Pckgve8D zgJO@(uCTepoUl*A(>1ZO(mcqg=AEGY5zW`!8te%%S(By9rm0Cq0>9?yRVuEHU!Q#_ zxSBImNit=ZB?Y8Tf%L4(@`ZInvTE0DIV&g)b6B30Ip*;9)Z`aC`1ySGiw(E_3lN~J<(!;(Pi zwqrRs`@y&M_7XoR<#s6!)=8i%mO_8_#}md_P~RdQAn|-9QzGH3y}8|-aV$48TU8oPjo~3>fBk0JDVwVD!lLuOYbx_)dxCb#whIAHy8b?}ZZ# zc-Z+{i!4d-=R)Rn(}mw#w*q>4QQym|y)e*B^WDE1!IgR}46!cWYTle%9A8we#_v{Z zz!!Zrs;&hLpBB~6yk9Pnu`s08F9GTl8pR&pRr?b*;DP%;z*fBuQbBr^-cJ$o z%Oo=Y0k5JW{-#TtH}mm$<$z`5t9lG#ztIgka)S_CvrLFi%>C17IX4ii$_CX1~H##ps@= zq*;IEjs>N>d4jsi-Bnmj>T$f4=J5N;WexoZXusm+;Ct^?mO%c(KE>Tj8T(wDm|~Pp zjVH+W6rxpKYHg)sbmbrUHoBngAX$~Iq`RZCjSuYj zPEPhzGZ@$NC}Fk4?u`u{mKFiNu;zV0&syJMi92O-XH|D|vr38~PY?LG6nv)r2~Z7c z1%X!LNC@k(_uZd}wy@$7z^95*HJxx;a8<8A<16{LkX$${Q|h&{z|2lJRlLg%_*iOLQrEV|bVXt!dteVEca60`|g+Jj^ASd!q{!PD#mgEuyEdMRBJod}^ zl@}Q!&{&m1t<;hNxgWz6j}~s`xahc0xeX}fj%rXX4efYEqsk`v1tN+#-#c=L6P^< z<1*E*Dk`|iJ2Rke5=5M1s8mjaorb%}plKT9msa=HheiJtiQ(ikQ;$dg+M-WV3=}bg z)zvML?w@1mWsaA@rnZmpyyNL&lpDhCrB)%j&gD%<^8DeCJzfEGE6&D^R{eg-Gh==K zZx5F_yB*b5y00&R3O&^O&w$AzV%-T`y6p~()

c}?+NJkoOVp)`|2a=#^1VTf8L_4>P8 z;NF;@dJx2N1sQlU#@Km%D0VlbdyX$+Y3BM5OOGHN1ZHRq5#KY-v(fzwK>IRA9A8#n z(&K(vF0{DX#7RZ!?^gQ~Zf=rcJwDjNa9HgLf9!8k}n~J{pf^DCA7-;ft%T<{USr0E=IP@);93 z|5GL05t3Jg@WyJDg@DWYBOOvQEof=@{+~4GXbXKOz}^mc{(c^; zoCuz&ZtECU*m=RJG*q#JkJbpQ;Vm2QVyuWb@=;_8j#6k@Kiu#KrIlsZt2N;G0y`Oq z=><+W^#Jde=bu~Rcy_e(8>^blw1aV&@0kJr9sOpT{Jo+5IQ)MGx$;Es<@Q6KfxN2S z3!6rW3ZzyNV$?wIg%ETpSQ4rzmQCvpS8bw`RJyMcKPui6;&m7C#gs0iXY%{mHs$1N z{h+nl^6#(K{eh1HtXZE%g>yg3zIY2yb=F)=j)9hS9Dd*?>kZMm3b3o%ddEe?xHtM4 zZ1u=(mLGYfYeEx|`J=yYy;6t$wF$7A=lWf!*|vjjelP9{R=bEGy8I6h$pH! z3^}vD5F81fF{`WzvV|LC`lQ;WQ$A5pKrrly_b6b>Sx;iz9ZImF#S?JnX76>nq=L*f zDxI%F;zCDpfLtNz4Qg=h8n?;k1VP4RJ1VwTy$zeD#d@a}0C+VS1)5pnMfcbfE#Sz5 ztyx1~)>!^oOjSv7FARN7Ya_B2lsLUYJIKj@(6{*?*9u6{ioviBqW>+suoME3$&m^5 zVwD2=ay%}a5-H~zL%6JIe!u)$$M5gAP*{NTTR26FEKU-i~>)ml961zYd-a<|Oa!`yKkBr#|dOH%B^0<6SFQ@KS(3<@=$AERV|21 zihYNnFAYPjimw?+$VdULfjj%vUOE!8XPY6>x9#uV%#~3{RJ%eb38VYFq8*+d{qm%? zUA`@Qx{%fJ6T+7Z_SpMtNLA8Oq*g$YAROBO9A!V;v|Ky~eP4Ka9pKes{?9?lQJr0v zx83xNLwvgkOx067`bFTo*nR_8yU@<+QHqEpayimLhNJ=Qply3ncHHrC!65w^a4LxC z$i*uZ*M9NkH)rruV=bRCOQ|Q9(N-oF^|)fgU)lk7mOu72RfO zdGgEOLd9KAU-d^9DpxiON5{p{1kFq&{*>a$eSxX=_(Y4R^sJx}2m6~O|1dpe$;1W- zxg`m~>r0Qw^3>mN%Z**(=&KD*n7>ihX~atVWMn$#mB#@q04}Rnt#7Nijs={VtpxT4 zshHJinx%KyUG3)m0_DCdq<)=QkV|6UWHxW!k z=2#XhWaL<V7uRr#DRP z54uq2ws7j?5h0X~0{RshJxFzsaz(%iI8K>7t8YXgHYu8~FYHtUMQ?0t%ITu2BI!{j z#`CpVN?SMfcW2Sx~3H>)bJ_CCJo+x?uh;$|JLPwW32`N*fioEps z!FTZfFTQ8ksUs*w;^eB9mZ)I6u{_oY#^b=SGW%PosX|C~RUg|>E4pKPXli)XPY(63 z0La^-lm^#w?qvzU_@kT+$OiKGL6urd7B6U$q+={-X01M(N=Q7KC8x1gg41b5oUN6} z&U?P>4txwsFxWvJJ;`p_WFaGE&5cqE5;G2#S{($2(4gU;gpK8GY&B1=ebr*elZHg0 z*o`)Ds-AktJB@rvj0*PrcVJ8;)rRCg6x%ezu{G8*r?v`T$3$R)o8kcs3piJsVHrs_ zZNZI0XhG|q{?bR6gF>RwuQD%N=Fy^~x$e(pwmf5c=K?}*26(Koli-bDSq2VA`ql|o z6{Z025m9LJgl}+yb-D1t+Y_6|+^J*dYKir*Nw#Vt{uI*NnB%5JG9^&zx2-RB(_a&F z`&KOFwx`_0IO;u5T$by}csDR|&G8%og%3w)9hlz)v-~{&+wU+C3A`_(xi=KF`k+_g zv(|)s49TEhZ@C%Bq%`8I8+3t&RqlfVvWU8UK&9*R&S-!j*OqtNHyp^5M*T;Bn*=0; zSN`R%2dJ^a%oDNA=0u#i@?)DkZ}@_jl?eDkVJV_N0QrctI~4`3+7>Xp=#$j(81{OK zZ-X~Sja3Bd5i$n;=JD3uYsXnz9`vFE{-Zl! z(~}mO36!f}ZOcifiiCut7O2uC{QTvWeiIG~l=o!oYJiM@ zhR2AA2xxxr2lKW5a@*oo{YM;sC=9pYlUtRvVhy53S->m}-VUD{5cY78J4x}c3=^g> z;gLqwX_3QOxG%B~3mBD81D@$#S zyp>}*GY!yit2wIkRsXv<_Jst5}Ck$5~Gr ztWB*7KS1@Ki(ZTHXW}x8re>THr`g@!4tmKEv+z5{zCf$&^i=_vbMkD?!j5b zxg9h~r}ks}^FCObx;m`b9z@np{fhdr!TB%pnK_}Qig~(=(Uv(Ebs7`LT3&((AF@|K z+uEEE<^W=2*W>d>Iz*>F1ySDvO8)4_*1=iizi))tCsO#Rjp}Flklk&7I(H3tf+rvE zC;N#Tp9Z!nx%e%vOW3|#2=vpGlrZlEo_+iVuv3W_))7H>8aI}4N-u3|SM^{^FRkTj zU&XZn@Hw_`d^?^2o?4E_IZ=`3B?89*BD6->synQ2alOh=TcQlG9o~KaJH5d| z3G^duXNr#+9QD6NIWXY6RknMVo6hZk5-EWv{Oj5)0EPMxW5l4u;X@(+e9|k;PCfCr zbKtm?5V_fdXw}+ZJ0v}vHg91vxm>UB2uWlQ zzZ$l-k`wlK89Z?Xc(Iqy#Dc{yi@*r!Im`|{ZCdD)x5u4@wxJ40hY$ZNq{r~ZA2d?X zX^s%?y)4+#60cBRZ8?ll*$)(8NKV;~{`HAbkxtAHJqDJQ;YZG+(yZ5Xg`Q1pB-HVj z*4$oga8nc&sH`Hq214R@Thv6X|M*<)OXu}X)R%P?Rq{_G zJ3rM=tE!x$M3Eb<323)^4wxS7@KN`y9p|hIXHZ=T+?P2O{o#yLe0x#FtfHm4@Jk>t z!P(p6y=L06AdGl;9+phPE8D8_!=$i@8za@;;_vayke&)ymnrS*^=?%60>@d7%69C@;=VXi+%QODLB1Nij+v$MsK+N4aq$2eal3*Q?2dnxz1`cDcWhZ zs>J)W&~Un56E|IvSr|b?@(yl1wgyz_Azr=>j8r4&au|+%J<~^e&@JbM+#KH2FAQgL zu?E(Q5x+)1cHOD`_=FJxb1kIQz&Bi!#*3SQ}5O0OTUxoN%M7#V_MlkjzY zI5pg^fQ~tWs!B35oS9>T=Hb8jRy*CBEXg6RxU3k%&D606h;?x@5;t)!WE*D5tO9Ym zR@J*tUlILLd_jbqNYoIkSzu#FIG;M5xb+9ov$v^^)uZO9xC?*>FoF2*TAf<1PcX)P zPQGfeW#t(CdIv9voYEjAQ_(=X1dv)R$?}*@^89pE-_w2VMZZfR0M;Bfo+~Wpek#=N zqWnm?uO7Mo-afiZ@*5Wrb;5&cj>7SEBl^$zcxpJRjRASrYdkY_nMF`e(S4Qwo(v23&YB{wUaE75;ADtO{V`{!A<=2P8N7X zCxT5X;m_2R^oZ@r+LfXIh%hQLpcQqOrKcWW9Vlr|r1@-rp$T^~gjv+YZ+6=Hf4 zGCB((h|>|lyX6i7;uJXdC;$ENU~!}D?BD`{C)5NS>gvEo0z6tD7mrOl%dFR*XK`H9 zsh$wG8XHNh7)zIFVC4}0EdF|(qW^b-rnD$e^P5%GprIiZv+8OA9%?2^`nkmhYiKFn z3E;xq#jJiqGY8*-HjjUBEGG)GeP8^&ToKkfp5|XpkK658tbG+CT}jnZhumec9(e9+5>@yxO0=B!kH+BR^fIOK{{*{C*>fJ2M>E}#7_;`(g0t+3@!2GHRa7#|K6T7*5p z5QTx6SJtY->?kz{IH??(`976Ij)W)^ZqME?U*Qw;KoogS(dY(kyzj7K)L2iLOe*=H|KO3;>%90vg19vD^~@@RSScbeKi#1#gGs|fZQ z`}?N$^bznih#~!*tSl7Vf6wPSx^0Ik%od$>=3eiA0sPj&1OiEmIgkA)2Vkjv;>%&t_$d*w_FoFkJ^Y(uN?%tDl56Au%rpBMW|REk5q`UqUK)w~sCdbIUw zS0``el{Q_9J%f^6xpZ0PCk-=d-i))#ZAgwQu#w1odPDDBlyk3Jl*VAJW>}6C<^=goa}JB$?yZP!>b*|h$-*oLjAEQA2X8w2i^q@Kc$T?hhE9wr z-?)|@0Nn)(#7GC&jVicZ3u^n&ZAl3^bHW!|h`F1tFMWrwW5K03*SrjznE_u+B&rnr z{UyXR5b8Jlvo*H-FwauPwzUt*rM}-G{Pe~^ zrJ{djjs~YOcTbiv6sRg}$?4HM^6)IJnKJ$ZK#hIBQdyRy6pI_v)aEA_euVQ*S9I=; zylLIS6J&NJ5`eS)cpR=!L3Z#NmqhE*7(ny$2zWB!=r#YPz#VWsD!wg|AvG%~*v2qe z{6@)0mMFmBNuDkvURXCl+revMq8ETf7~TsI-aUa_Td(vjQZlr%>ni3s@C!DNK#*7y#-ONB2zxbR%vwM@hy+NqOBk>Zb z^|dP^bla%&cH5>V~o(R#5|m`(%e-`3>M zl>5z;?CrvI+ZN17CNCdMUCqqdvz7ar%1Z<-6}$BMtHYeEanuVQuf!AIG>eipK3Fjf zaBA6ZCC^KoD*ukFNU%NhDKLCmix$z_XWPcGYB?n&x2?8VeoKn)cDLGW`2cu|(AyLAkC0pFbP7UaO4{7;D#64Y%!Ln=&@?{cLq5^ewiOB|h*!g*nZQtz(}w=F>6jB2 zEnUbUR;A*?PK38{P{!L4@X>w~q>P$aN^McE-{hC2G>GPMyT3w1GDu7*X!jtdIFX!? z6jzAhA1j&1t-Rug}FlI*TrG*5SdQ28QQT(-Z^h2@%l+CDpq?!hZXG1c^* z!@5yHD1G?scE3dh;wdRXwBJI%NL9dAvts~yEVb<2Mvak(>c@55qgmHks~GQ*;fOV_Z`|!g|=#=6JV%e7sDMOICmymK0f|0y!RB^>+%iA$T`)zv&aH z+(l%>WF7DZfKJY8w*y48?A$1^)dGHcxuzeVU+phcN4ykPNZ)!8(ck1%=e@pF5Jf-H zd)zu*(Y9RTwl0%h@=ekWQK?7Oeu-vV-(qP~m+DJv4ST=Q)4cHW#XJ>iTb;=UaqhBes<$|E z;#*{(itfi5*y$Nu@f+xTG_51N^U4h>3pAnz$u zX;QyyDxM<~VG=P_TcW)_Kl!C*R4o7bRJBPZ_h1%PYzs2dj{m^{x8PiRq*D#9gtDbq zWJHxnF_vHIS56+EzFpAE`E;q{C7Z9jf{!px7y5s1U%vM}maq{gFj`>E^FLD9b>&SH z=0QH{9uU!|udvBILx-I`DBd}vZ&QF@F^zagM97Up)1*|BQgfvA9Q@baxOrwJpq?{q zlm=v6Zbp=~au!VQdL}GbC|%eVq(-1@f^;B;yg%JX*tF{gr2|5eYi3>gk8lZQ0GtRaLHI)HSzC(`(!(n8?|0C1^NheR5)}9RI8#y( z49%U(!nsjj+Dc*8(c^WN?xuDUHB@`LpqC}5tQmw26#ky@X68X64iksUR#sqe&vi6z z2a{mQQ_vMJ5X&RuH1v!ChnzPH6cz$n!R9J5UJCHU#HY_hC6KU<^%e`G3{0RHQcuz` zYt9Ga2Fi;Sv*}=&Iq7Z(Wt+yE5#ol3UWt6za{C0yT6XVn>kbwqW%c?t5?WU%U3y(U z=ZrH12QhmNb>MM8m!nY*EiL-cDj9Oxb`{UH|$XQ z>8i21CwWGijLw!;;>~18(V;A_wbP&^(4sm9x{)Um$1wHPl_BEH@t;P@75oZPc|X=R zUGmIgP^+UIA8gxeKaLf8q>~Z2^mtx2+%KGy^*eJn+Hg0W>f^%X?Da{G+3haMt;t($ zmHOl(ozS`)UwG% z3+S8Z-iD1(|4M*8>~?TA7zvtaw4B(Rfj7*}`E>FHi(b732F0|hFPjg3eqOU{nXs_$Goe*F; z(f(z^9xPcTK@MJUD4$}d@Uue{l$<>Y9pIj|coF0zAU}W0Q)t`BV5N!5km9jS*ya~u zQ(T>yKdcz{9rv%yL!k|CUW1Y!`=YX~g$_>`1+pXRpP3jF;f03+LXRO+7x-bcAMVU3 z=T2ImjHg2EBCJ(2O?f7c#A5siyN>O8NZyd7(iB81+}n`Y;e=f^!vj}$!TLAPkccxb z_i`WYb_m{Jsq*3VF*sm9gRbcLe<=edCrrEt6;qO$t&3JEVY46UAj!yIeg|Yhi}qt`R|}G z>S$gL^jB2ziiOPbos}y4U>xecJJI^D_M9vdvKrAn*UpFUi7c;~deba~jmGj0HG}8X zk^c8=h-jXAFe5kb7FiAspW(J;-Zs1zrJwlRP#5s=<^g5sMU3UE$pF&T`k2E{*E(ZL z=aWJtQ@guW3+LcwZblg9xyl1sZe+iceZ&2Hj^CO-xY^g0w!XB;o}B^`Op$AXFChHTU}e9IUx&D;S33a5rj%k2e`rTPjo#(tiG@r4MQW#w z<*0Ci>|FbNkz?C-`WwAj+v~cfn&DB4Xtij2tA_=tFnc(XC&2=@CdDMQuP7ux0jAdyWoh=-}pum0B1y>M*W9Zy$o zc7Cp;-Ycl&Ic+ZK78VtDZ~b@(sPj@nN8_v)PvW8D5R^0;u%HguuZ%XLPB76YwBcG0 zMiDA1#<5apmry3ue4Un=WYDNMG%~B5{@PnU-p2LqtD9M^uxjm^16hjCcEVaO=j@Fz zfbjpieNB&vc+(;NvthZ7w$*&q*9ukmX1o-oyxJIq+Ab6N9gIJP3H5_LYCzdrjGnXH zF$wd>%rBPT*dV}dEe2PEXz<9;D{Repf^xPBb_);_H2v7g7Za}LANfA+rQly3*jkg| ziFd}6vyS9(Um6-41|w#^QG0#4#g?H*-g{@tO!*j7x*yExsn$m>rDCVShKESDU-Z*B zs6xD;jB^}$!})>Xv@DVB(T&Bu5+U;1Gcrv7q$R?(U$`?sWSz&4=s30B*tOaDn(o^O zUZ{{rP*=s%a8!9fl_SI0k{(l=^rnv<_ug5NOYJWArLnQ{R(xJR;ZFQhQis>U_1%sij&sn{%_Ok=dDr4r9p@} z!>a%sq9@V)eG{Yi|3)yO3va!$d{_`q+{m{31tpK^=iZDlt*|mb!B+<*TF2Br;-+{a z$zWP!AIuky<*JA8+~cGmJOK&D+CT&rzIc?N&DtZ0Uu^yV(vHpvwUgisl{J2VZ zadYJR)2H}+B@NK73JSWL(W|et-+7aiC>o6)azfGGq zM|JgwWn+Viul}*Mx+Aa=4+sH5Sq`(n;RY67?_D6!x8Ijfjaf5p-{X|pb=JhPUjJ$(m>B<*eT4J^ zla7mzWSEOUF5PCQm&O7cFyrT|x_!Yr^MG1>D*5aLb@jrxA;ZHInX5zo_{V2qV209A zvFSvg8}bVbAL$GTw@BaAVU|l;+c%4x5Q~wV3oH0-f1R7_Jc6(xaF0?*^|X3`c8A z2+@qF#LVO!GkyHweM5ZD$d@dfiv@beP>#VzxLo&?oDH;5hiJ4Ym`k}F_-wh^waT^` z4}Gb7@i0d!y$%i|P$e@XY~G7Qry0jf6}#MBXzLnk*%ajh(@uFaM2uU~(X#0=1C>S? zaVLE#yZB`anD#~liK%>r-QGLS6h;KhxeuSLo^?tB4zU2ezvc0 zg~w+PD|!8hX>~-X;!w^{xJZhV`X(@3OgFRaHnhs@F@2Wgq+w+*SGh@uVqy$1;zh(H z6vk@P>BC0X)4><#%JBdg;8Do9r`=i}qf4S#{m`Knb~Xkc53n`01!ek?3*8 zj^0TMe-ZP^q?@bDkF&kG)=7-)ne_#pRAtqf@lwg!n@9-{0NpZcyCpZ|aK8xpI?aqf z;c~_~>rrZgSxA~2_F*I;V@MDsMUCOBF<3xInjlfZPj-JVWqC%t(m(tCoc#yh4A&>v zA}a_kz#F3`md9PWDDIXY5`e_U&-XA6a;ZIib zs|%DA3N+||HYK2$mtzIdd<;*_-ZK9+Wu!@>ma=N^NyvPz|IQM(-cZ^OpQ_(ts*XNl z$CjK_)s1bf2EhVHRAe>RuXSBxrCE`yBWq`CzTPudDjdAVKPY&WjzfG4IXOlT)ya?PJ{SzA z`WysUM!uMSWbE+rhOzjq%aZW*^ed|yE>frKiYj7~<*3uNQz|mKy}G*jtJv4r--0k} z$^!=6efa)_hr7Bm==uxy9>y;KPF+JW>&lzD|l(KPowU5k()_!&ZD z=TfOW^49hZRKP{cKI0a}v^RkY<|k4*I-a+qc-nc+SW?w}HU2de8%?}v*nvqZ9$*F* zjqL1fnywSZSIg^Fs@5gaIP>O4MHr$-{i#nlo;8mg8uz@aE#ua+%gDN5m!wkH47@UC zFiPJzxx^Y-w%AofS1O44~&T~T%Pke3J zpy8#s)~>32tGSdzA|i1^(wYgfiAI?ZRLOyjk+)A5pCA%T*HR*-yuR4^pI*vwzM5$$ zd<|o%J!TqiN!dVSY@UI+>8Lf{P76t(KY>HqYW1^pnSy4*t&hUhxlt0)5FcpND$< zGrNB`q4cmRk+$VEY)bYv-e#)DNIfc2$2AD`ydO}AyB1&`Lp_@DVFtKw38K1@%#<`F zHF$&JWA~y7DJ?*+sKUd$>{j^8^tc z3s`WvYYy~a<_6RAnkxHF!L~#%qH8B-riK)=loz#cAbocbXk(H1{`&WCu$vTQWM?U; zuq@DE$v^m5UiX3Ts01i}LSi<+;+U@Rj7#OEI4MDbzm%B&kgoXD`C_#0v7E9L8pZyliVXS#v0P=AZpS8~)ZJ99&%Fmk3X)w=DbT0hR^mvaPkdN%C!;ryEK z8tm!ZbG+x&^@=`o5=h4SZ8rtNH^H=^6w2-W;3vr6#W$Uq3}y|H9MZReaP6AiA<@!H zGKfSH`F&8-jp(1dEJd8{b}k{8P_3Mx#e#=&kqJF>3GzVt*HYG2t%)uB=>ZRMkQ^)~ zaG$OTnDV(C+)7wm?i0$cGqVFY*VkX`A`4(%9zbQV=f*!mD&gvK`3gP~q(|ty7t2SP z{N7z9otFBX@x*=+E{RaJS!L5|x(_ulbn{;A2tFB>gTA z78PeFHqdHfE{3;Rc+w?zx~d{0pE8O1KmJ^te4_g@xf9a($`CPs{W zDLHctu@`0f5=P-B>2{`keA%a{>yT@*ZOzm*>b3THGBVIP?G@9HP}=p|6@z0G;BikM zMwV9S>{)JktkN6WdJi$`M6+7xroi)Q;)Ni#a|xQd7G0({Zr6{r6c4$q9oQq=z2p#D zaFTVK#Fy!)E@4V=7!|8aARKk7{1PDLPElFBUkxSSW5^HWX!8uA!wKG>A;p&x4{)YG z=!j%*yjUKz8fEyq>USx3my^%?-Q{{-v)fYQ+>o2OvNq{x>+rtINRK2H(M@Koh;EO+UBf z%%dqNW-bvw>HtEMct3;0h=NZ}yB5(+rUePa3J3bYmI%POD8)Nj1Mh#ZBrx_VIRC30 zf1Q1QVB2@^g9o6rM>(X%a4zK0=}m$)#rcVeGl zBr61s6}MwG%hrd|EiVxS<~Rg?U~_voZ=>|%=2Z9NUdOd-52fzKAIpFs-|;s@HsbU) z+mhR!G-kiMR)5D@=M&mW>e5YK$$qoG_|0ZvF$MLRSv6{+68`)2N3! zd)YZJ%#tsHGLV-_?PzbYC@#$sa!dhl#KN}$kL)8g=nLYcRC)#bhbVdV$*Okc1i@# z+;|hFJ{PPU^U1$&E!n~y;x;{t+!EKnfXC*2$6uv3zXax$@mRO;xS`&}i0j>Ym8HvJ zaAcb#GB&|X`ljZTYERL#=8h$2Jo!^>GV)^^v}%gS^Uh_mcANi{seN1EMNZ&O^W}a* z`EddH$DHrVHLNG^r_tW1?P=S2$9Z{9KV>q-dQ=>_{4{4+&q$P}-s4TcBE)S@5{Vzn z?J|A}u{4us7L;!lfQ;!$bu|dOSDjvsILvzIr>5Dh8hf7Zyd+sluI1&s=pGnqk8c0^ zA9ghxY-mRwqm5wbyHD>zSiZu*_n4oh924QFae|G4z{YSBOF?>yYO_2ub8mqAqLSRUpg=mvrPT63|QHnSm< zY0bWtIX!&+V0(_a#8-srMZ+{(z;pYypJ)8PAT9u1CN0k9cYpOK$feoT-QdrOueh(4 zo23+bsbMa%FQ@F{408t1$uTckj>PjYy0XJFIou<1AwF|TcNG=od<#|<+ja8vE#;86 z=_VzIIaYmzjl10B-a3uLTbbRu?L3Z`51a+sFQKUwl*tk}h0of%%*b@I^lz)X^;B*z zFu{t@@G~w*KM0{OA)#&4YRJt43MoA%Ja3m)H9w?z+s@6f`{**5+~A7$2hs`U&?~z({DCyxX5C^gGl%B8534l%43&Zl>UHB*O=+l^m+uEWdgHm_u0Ka)wE zN%B)Y4B22e)TMqwRps}zYJuNc_TU?L05KQjGZg?{1>-HDW2a} zt?DP?2LvF6n-2nC*mTb$p4zUl3kp+xHC`umY#5h%R~K;#Pme?Rr(_OuCVI zTz0k}HP~6o;GAZC2Xw|ngFPPu)rjLq1C+8;#t(np6_RPuk?yriF1fp9ZCm!2DNd~U z=Kdc5tUy!0-qnbd=EFj^z50CLy)-Qhw#wr>s;q4FiX;!+uVKpAoXLIWByHCo%}2`z zX8a;wKbK`LDEyshSIvhx<}h-Mgr7M@6`-m4H}Rui=m0Q{o0i#db^gTyv`!m|Mu#{JIS+? z@;7Bs>ieF|)7E&_F!oqJnm3*?cFkF#aS)O>T2*OCyw++- z_SrYdCr(tl_0=S|-IC*bn#YyqeBk|+&_}uS7eJl)J#%gEGBn`#k8#?R5HH{8U>@ak zdc*XvygONk4Fa6}S*10V;N7Qvvhs==mwahE(pnkWLkpURC+T<3N-}kN7KZVN zq)jmT;Z-_wS{CY=p5TTZXw3zeC>>=vEE#m_km-frQmzQSf2K*lQJ+7(0p*?of-|QRmG{Kd$-T1w9>hHT|-U6zKX}sNE zo7W0~R#V40+IAS}o>e-D*VTi{LmyV$`*@Pu?@e;vk2aIF^&MEZgEgkMQDuv1!2FJB z>tFsd$;(uku|;o{4%+Wg+rqpKxUSke^GZM)@LMUd5N!|$1m;3E^kh1dX{n=K<=|>T zZsmdPcze?~>7&|r>uIdgi3xh{GMUlk+f29MnWW2UbAGwcdO6vsmD4oJCG7y3OB&Lv zEZmMvoDCuj<{+~nOO8?6vFa?SgLugLUHS~(jNA#jI#edsaHh#Ic$__o zp(kF}OQSDVKc!ms``c2 zHSdH6pVT_p01f&8{B9w6f#!$NidhM?72g29ysF9_Kfk!&cm!X1>}ln>7bf||rAeOA z`ZL(YGvZ9u`zx+cxqTC@r?z`de-FGrdD&nOb%n0;JqMH@2rM>~H*}tb>*#@{3`*Es zfOZC!jWaM1l!j5Nymg!M!nzVaIA0YHRag*sQ3UZeI9&<-sw-y()lbax2=BUUB>C?n zIX+C_QB@pI{&JFSw^c!Xr6jwl5Ps>ORM1vN0TFh?3C!fq`;%<)awWVr*Ib#T*0HXP z&XpIG2~)5tWX9@%*?|||4`>6F31A9}<&zaUKp0cCaDDy#wW zF@5TzaX7=M*Hk9-GgT09^`#vch55?Ya~t`t7LIHf%gVU5r!qv0R7?$F_baAJ&{ni5 zYt5W{uC|vdh2%^7-J|Wjw<^&HE>;Hx2AamyM=RsSqtV8dz(V_s(!BT5Z^&+V_IptL z`m!W1-&o^U0@cElnZE&b)_c-hxvI#HP4eke`hQPg>J(MRw$?P1W#2025m=nazgs&u zzCXWfJ?lN+7hx7JM~px81q>MoXY~L7K9uB*`(=Tc-+_Ps#&5y$=UXeSYF8mx748G} zN^)zV&_Aueiw}QTf1{OmC0-%q$5bll(&tW6dh}=(`T%7=p?&LpM`i)s3{226%5_-T zLj&4~HST(~Tz0(c(04R18ojq|thFxLh`^|7UYr{mJYjT_yHybPDWrHZeegp`#*Wi` zNuzC-*AC%(X!}_nN!D3Y+e2vw?FW6qrT>5bFUhA)PO{!wNj6$H$#z>NdG8TP9(*GA zLE7w+-y~UX`3Y5hs=8O#?M#K#`$Yxv?9q0(=_dW1C=GQQaOv-oY>aUR8o+nb_cA)| zX-&CUn7ZiqulH!V*@N;`J0|(-KeK^|DTEIz{k=%vA5T0(joG_AM9d_sFRl8GlK{81=@Kc-|(YahV~Vw ztL@4Qc}IRDHUh5iosIe#Y}uVXZN0C6Mf*Jhfu$BzpUXUfzJ>86dne)94d3diVf4>* z8D0mt?o!&Dy@;xv&9px^!c`ie=uep-^dl#X9_OOpK$$m`fKwRe>Ak8Y(u$gn?!a50O@e-)GW7DxC0R!0z)jXu`lI`gPhC1UR#`VBDEC_hd{M}S0hu0`rV~I@|*cF<3AWKYAdJiTmSUZop z@eFVK2ku@@w$gWHz}{qZty8VNNAu>lkPUeYD>nxMgM{*?pAZECF9;*P5YG&lRwlx| z8qWGbtb>!})jP1@UKV;Gm?$6^n?CbdCHkto7!#_iQfaRHSs7Yk*}Ogu3X3rTC9sT) zPgX&D+KhG0(86N7Zr$(GYt9JOf4X8-V|G?Q2rdNK1!%%b5TztIe3NYWLD>L|V!U<_W!@+Z zTF=a&NsF>a+tZGk-UJ3^KKdO{aM)er%x~q98aK$9f~@UE`?8qt&n`-NB;4lM=X&HV za#g9cc6kZl{W_SYn1!XaR!?&Czv@;Weh+-d(^PO-QGXBitr&?}h%#vt*7UOW_iwE4 zvF!3mzWv?YhP*F|+mtEm%Ze%-SzFokAw35cANbz(%^5AkfZ@+nC}TRCUU#U%kD$$H z>RRil(tdLmzWAmXDzCgY$xhoQ+uGemB0W!j2YSwZl>V*XTZQME_M^RaOY-mAa~@_S znVIB=KS;9fT1l3hkOk8fRDnPE;3Rk4xvI=i+QskH`_L4nNw@tg$rc;sdgc7J4`JlB zci?{EXv)F>da&H6BwzY$r#$rJ>*c#Y>W~eTj^M%4*^V+pJo*UJ7HVc>!0^p(aZXdg z#7Qc2ze&@n(g1DDw1#iP6asBq+Envm3LOimx`F8r*QnB={TpS&7xBl40xi4!{@i8= z_rLswhL7qpFEanuMrRyW&qV|B?Ny#|$K9FM@vXrnmn7L}LycqflDH^%nMPSVnR2l( z-;Q*73L(nYSCqy-slO}Q2ObDeA}+fk$z~gCdH&8?k5%<|hc~Cws>dHn^5(sh9QXbt zCw?KxF1zb*f3>_j(ir{DY`bmSTI+9l)iqTSc{r!#J+JtCl2>YffEU~1zWfH1wyvk~ zcHUa)Ez{;S%=u$KAN1dB35^p71YR1TGur1ejbkunl+uYVr8{|T9)M>MUf0NNtSLBF z`!?(Hu+AUTYx6)RJC(v`syu<^iQHN6J_~~$WghDCX&w-+20*L+Z@iXgRXVPrh2vCi z-COy?!;h{d&nw+RZi9v~u=3pGP357TLS#>5J`CSEf7XhE zhxFIQJuvQ{ zz<<4dtQ|E)pKrf;_FS?7QP7d=WYgQV3^On_>Kh0Q3zRo>o`vf`fu#-nPEb;q8kdb6 zS#eQ7p#u<59 zfD>8=3-LCGS-1kie3&YNFcULUX!)$uw9Il{(yf9x!uTi^%zISX0PHMQbGK40x1r!P z-t)yFGj6~4{sc2^H%7gTmig(E`xQA9t$+Sa8Hbi>9v3irQv}-V9oSU@qZv#G#q9Bk z%Dh)rW`%*NN|S{R%4L*A(~<}8&%A6sqd<<;^Xqm^^3Zcx$pNP5DQHjD{5bA?8duxH zzCk<8v_rp59!VSUeP1k0(bjrVUj@?~KmS!#xMt*bpbn2cp5*95_4lCh?Hlktn)6uz z@LOcciMb2=Z$Poqs!4vMLXb0VnD!%&ZYo{8FTYjdw#Y9qgy6daGn7_>uRY_ph>*s& z?N+qeCIE-OH_3mV%HPx!YQ>L!s>=7WSt!mzHEA`1>rncenQdr@bMLbS_Es*BQ~dV8Lt{NWQ+8DkAE zc%c5iD4TX*kb$YYcvl$>QY@?A;@juu=hX9=XS3%3YsDqyU+o%~wzYMfp!L)nXxM%S zX#8h1ot86mX5JBSylrBj{Ym4%|90Lf$#vK2bEUs0e+GW2^tsBT@f`-^8w3J@Mqka| zkr?aQ$xZvW_BmUBXR9P{P`U5WBa<9)l+uTzlf3&qNe)!`Xe;fz?0Va+w4fs`r}UUb zxRn++`Yd^3z^THjew_{Fcn_&8s^KPMHPSerWXf}|)&-d!nYGvW+44$1-lg@pPi0T& zJ9OUYm-3f~?o!!a=?yd$-hn6j{VMB!RAt;{#$;oedE4;5)Pr)Wffwh+E?>56s~13z z%JzR$U4r_+i+!5>{s$^Q)@OKAA>*47UCZ0-Wl65RLF=kC*!2Z=lKZC8$u(52&K^v8 z2iQjYP*)9KX!%#cyRvx=GYV{jAKIf{GjF7=mH%A)Gi_U?$F!mGrY0Tdl8ch;^6EUT zu8mD8RQ`9K#q?`4F!AkuEvBaO1A)ba@6x{LPEvgM zV@ZxaKFOAc zFI%5ad@L`x-B3;|2E^#qDW4n2)cTNBX^hOQySg$mO+Q)N4}rk(oGKzex=`C&^ELNfjSsWR-b>kdn1us?Q8619``d$W zu4j8suCrpD4Ub&ALR&LWi7oXvarKS)d%;ZcK)K?o{9Ea2{1&SGN;KLMP!4sd+S$Sh zV~PvYfb=&=e4y>IwleW@5y)9u=AW(@BXwpAyP5wW7=N({I zQMU2fz1y?dR8r_A^xi=Pk>0x~3J7AONiQmjfC8dY#R7r~D1u1u(tGc{cS0&j=%DjG zzxSQF_iPgV0F{tr{&@E8IcNGg^Sou+#v6zDu#{z-MdoBmY4VK%z8ik6&nD1!xOc~W zzHGN$>6xLRZ>~#9?c8(eyPMnjs6*cvoJ4+{o@n1{{yweF#Kl>h`WyEu&+ALmQdquy z!qvGdg{59Bi9PdAURD%tW(eN-c!;ZtD|k-(`sqU62EwKiU8( zvo^yh!{R3gAZ3y=i-XDb2~r$*{%=x-2g?Y;2~OPMgT=ez*yqL7v=<}BPdyvr+H2?Z z)D}47==ZwL@5jr^J-Vo^PgGiOrg!n0>bl2nx=$P#kIZ1>TfFuH1D)(YMQc;yLMB9a33(*Ovhd?~C>8^Ijc1hquLRz3vMZH}`L5 zT_SVcX)$76KZNDkS6q(d!4*!ZJXi8}o2^3p-uJ~d5>eL*b+k3j~Svv#IZ;HRD3$gc@=)8 zywAvH*x{=_y9xPh&Lu-59|!F;WjUq}!X_wh8%R;RHq*wj!La{lg&5WlgX?3MK-VNd5 zD3}_uFq2?{Ky?p+WNVBWm1$~=U0o7B`-{*ej37uzeXIoMPo)HR^;dYsbAyVslx8Ag zoHH0u6Rb?mV!^9PNxj2z>JD8_=#LP97?II`LHjW@WFNI406&E+AU zB17e}3q!o`ZV6WzD-Q`5Tq?n%Her*+x`WAPgCTS}&G==HmHqTS-be-r%M3~PF)0tL zuJ7eUP_f>gljl0s{x)NQIwr%0cTO4W8%9z`3*&;+g`1y}!csLhdgOn;6WXSa4Ay-Q zbcH0h|AaR~JX&??YkR%un@USLOd-kOI<=#h0|SsUpb$0g+4tB?UiuEKe66NrEWNDq zoKSHv$-u%GYsSHp)3v%3Ogr$M2=*O$Uw}`Tv1E=E`=<4N^?h%!k$?BROO!F*>n-XJ zOG&Y8VMJI;cN30U`#ya60ckY86~6Cgb1vc7Wl8O}JBE1g3>f5 z+ITZpq+6}L9d5tE}#65f`UEdt_K2RvEr0 z!)DSO?kGa3edvV{H{XKvyJJfeO0nWmR+X84$9rMsX>(Iw+whe=g7T>A#g~LQa2AD? z@;hj_3?lXSS7iibClq}4Q}y>Q`g?xo26yTJ%H{lm@dOl>dS_IxbDIb@QmkjZi<-TA zrOR`b`}6Di=Gav^@YA2G9Fj4)opA=?UJC9t%`_iQ3u2J$OA z@G!2jfz@|Nb6oy2A@07r+M>e$7o4wlQW@N-L*60oe}H&V?}K;8X0N+{SLrZvt>@Iy zoR#|JeP_%i8FJHI9tS-1NQf&f@A)@1b=!Bj$2V2~O5VRaHN>HMN4Al#0B7UqthcL` ziTX18!DmbOd(r)Zf`X3@`gpVJD##`Fqg-v35YG`0j7v_2e+334M~lP0EnSaUytcHK zK586^g9s;5>c2|cb##7H-X9Y1*l_9SKbGFj{ziE~1t-%JuZ6ge_-KA+w~9Ae8F1{0 zA-<`yWm!2|VOCp7oC2>>mb#ARoQjNtN9tv@@_sbHK@4O(A=yHnln*`Ntn)&gcZ9+u zJs3M;p#J~brXfBlPOP>k11V>mt?;u+56FC1Z#Q&Z=XYd*>6VrJ|2^Pw(n)Qv`qi3{ z3Cs}d(LI;tJ>q?4s6F#cDpS%evJPVMIPo={PWz7&?tV1HQ~%&I+vb= z)J7OQ^UUsofih%a{K}{h=ag|!H!zwd)D&l)*;KaV6hXKUcD#f=dussFpk6rFz>_ix zSN*)VtqB?1cSB{@b(hLIukt?qEQQUZB9uYtTzRdGAC^%lPs)t&$EfFIDL=9`8EN(U zDqOGnr}n6ap*`5J(v5oVQ8(Iko_TzKk-TOeJo#*h>#V7FM!98pH#MUup@^`w2&Wy_ zIc+baeK!Jm)Mw36PNoN^{d#aP@!oJSt-rCp54~gBi#%CAva1ZeW{hUb*V8VTmf$_| z{p){wAAAGsFW@|3_w;`INGbc#PxU_EN&Q)1dD}_M1d+09dvFn!bgUn`QVXn4S~}?) zB8=WYzwB|r;Q?o#6XMHbLVW&J-<#>4yWP?IPI8cB(EpA;Mt!GS=~^GxH>k8ws(1g^ z{Biu7E5~t)!z`<(UJmgOr}+tA?62W7PxPHi@x>tlH~6d>+CaR+bJ9$0;hVs!KUdnu zPJXk#!8fmXN*Bla8Y_qR(u-b3_>FS@UU{=jl=y7mOkUY>H(;coRiwj z8K&|mZ3AUeJe)A?#*a;L4)y8h)Kg# zZ3?}m0n~QZCjO2xk2(({6R2lu7ps5zt-|6dUH$J49vonBf}W||U*1v1(i@GkP*!FG z__AO@<-uuZ-K|b1qB5k z9f@n&)XzHf|4QQPt8bK?V2M=XC7k^A4gLlCY~~B}x9gF0iHoCI(3 zTY3H=02eK>sINYNPv8o4wwFeRxc&CxlKv{cxD2_+49QKTU$IYW)@dicDLr51v#ly9 zPpUHyK4F>W6$lzPE{2nehv6yMBURy4o7pkef(fVvWH1S&vuYpo~pmtvfS4yPjgU4|OdT2Z|7G6dUT)Qkv5g>h)e@Dcg8 zn8%;datRBCXM`2y8VrT0KM&~IK+;6$??3P_pYKJQoeF-kX-Fn{n_l{e*2eK3UjNg3dqARPpItKzfYPP^VktIB}W zAUg>rhnJ1AVgTt|ta-j}i22doU*E-zwcO^+w)lK@#!+wTpzsBs0@S}NX4r5NjVq(vkR4)Zs}lG%;dk^!zT@J0Q5w0`K{4rzEF<$D!c1=1AQ-w8(+dm;=U z7UGD-LY!X;_CgB@^M`og{td;BJo&x-z7Q8@^X!}#-;%&mCHAd2_$TgM%1R*)@CP0b zar3S8-BHdO{03LB?2ipw6Q`I{1jh>BHNeT5IEV6D+rW!m>LVO)FC&8bC~q7X2kxtW z&J4lS$KF&QKlD&3pg2+#7iTZ+K!3ye@VU>4OHpzama>i}{Lg%3+WMEmnIkr}71uao z%z>-;{fCBl>R+9Us3!*z+;Dq{C;nbME3U=akvZy~2SZ#$?Mgc{z~JwkI`U4ue0~p^ zlKQm$!pZurKTlz+&^_u^6W8WhM7(>Rae~?b2TNg>;bZM0yd#5d_dOLabAZZZd}Y8e z^Z0y&y}qA%7=i10S@q7~-PBGk`k!yZzDEn=111~D_+j6>%<0$YTV^BqyhM#}gOm9# z6)#TEHv`WzYJIQTZre@N-g?LWjeEP`d>o?qe>~m8^B%{jp1bVk?}&E{2X6aSeS@kq z&jEXtY_OT~RDOIne1FI|9CM9taZ30=h+y?9C@A~q1<<1B-ldp;@fH+pvC?ufvLq~WyHNIro{&&bIn6M^*pcCYv2pPC zRW=Dh%9o81gbYjiP&zPPxkfnQKzm<8=dWk^hz(P5L$k`L@*sqF*;!#_TwwfVVTO_Q zfrQhj2_f#fPs-m$t}&GOKS5>Z#1gN!8(#JuSbHR-x;O3-K3!Y7A@)@{_Lrfa-xrvu zcewMedS8S~`C$wpBw1c(4kEQ1GnIJv^_dAKv~{iUrd;XT%cb9R4<(2VhS?nV2q_Yi zRCn5vd|4v5;QanQxdKLf{x6tT;GNmKtb9w}m-Id8e}4H+HrX=7m-OAxhj^FtVU`BX zqQ1?NF~ZunL|@W%P6Jr_ylcL3me8ed&Xrz0=UdhH5|mamTp%pGXo!!$;L1Mvk?&ab znQyX80cE>YJdpct+CPn%M4V)|%@;y^Q2qT4^*#C>efJr~ZD-b#%E>0st>PP$buSyh zx!WNQ>#K4lC%k>5sl3!rVOWmWlDU^zdn#*RDXnLnqkgXT$$jj_mqOfeJMULboR(} zm06Z~GgX{xcRv*3QcH`Um8Lsvyl!4^_#f`!fBjlthF>f94Lr+n5>kB}JomQBdphx) z_j>Z_dJig7ZkJIqp0?dq>lj`p#%h~HQ7ysaoFd}9Ve&M%=}ey&MJ`D7mD9ddFI z->l8jrTv8U*LM!2o#1a~BMf2&Q%a9;45lnRw=db`n;|?KcR#H*+)zdb?~M(=*|V@F z8M&$qzuVOZY_CFvee&7vIE;4V9 zrCsM<8{%T@H6(o~bI_E|kR&&H<^TT!S;1+=IIPLb_BK*kSvkPLJ?+hYf*tx7v#7S) z#`%dd686PWA%14%WS8jbRPG$5PSm#mtAtWmz1+ZlYCD4F~7 zV}0ug+7l-o+(`MrT@Qyi$6%$QylYjR*V-%Tm-;`;sj21vVL)8cvTMntmR8Ap@$!<3 zh4}o7E*}AU3^Sh3xj4juvQ=!rxsQIu_1H1XEEVEUj}*5{KIa3I(BYZs#`p6Zwg*x9 z>v=vW_}j0$ExK$>QdnE=Bv#OSgF1_DGRH`@>?^d~ihCKxXRWO4RLfdnCS zej#*(O9jm}96XSECif&HMasnG$ke+kCqaPco(*wX885cEx60MljL{}VnYHeUhk-$U zET5Ze_7IOgF2vC)55k&hvkyv;FFCJ-r@~C(TmreAR%Zk{3OUXeK>ZtG8v=!LBSbNh zYUcP_XN?eFo#^>yL3sWp3NJxv@l`&AF-F*F9IKxc55m)a4@$Uj^fV`;9e#u_=c(_h zq4qfJ2NIZ;zl^h{PCF``B^i@&#wFtdLB?jrc?vc{_ivXeo{U~Mj#OTLDN`y}s~H{C zBi9Kd-Jkh4fdQsx^=rcFmv&Pc)NkHdLp<|LR|KdNyUpz2G_=$7&2rL=IZXueKK1t@&No~7#>`ozIDEgvXFnwU!b2#)OD!Q| z;qP8n9K$#a=9gh_j`3jyE9EamBe=}Ue zIXJvLTrN+qGNgNTC%wY+E^#oKgH-Ww3>~QUq`d)#&LvmtyH?xU%pjn5iPI5h>2fQE z_>edszRbqNz4wN=^a={6wgkw;U3XSLNOA?9JN|gJwRn%2Tkzk?EBP`;>QA0yCaD|; zDGW|3^0X25ZoQKpp|jV!skc9MX49wgP=Dtactp?sgK|=q z9&y;;)E4OT)s+Eo9V-*~&3tS31Wv?TeXS7tiffUvrcc7#=%FTeoc|nLC!IIzm>&VW z7n>QIdcNDU)PzfAF8Y7yUrItx!o z|CT#ukL^;haW>e|*9zOjQP*~&LW&P;ovTf_db6lHsgix8xnIf3LNZ|iQ zyLjKp&;6Quu+*Z-PPh8fRxU^oD3l$r(X7o7z^K94Q67v6-ExD-tTgsoe8R$loP{BW^C8_JDH z#Vwd-;JfizBB{USZ$kew+KE$RZuQ^u)DLjf@D1_Zzb++f(Iwom+HT(<&Q+z6zZ<3D z)7^c!lN-nM%l`V-SZ3zmifx#RGR)E=#b>%>B{9dWUHPVe-85L8U7>YH~Q$hws9jdfu+o-;K%1+n0Aho8)^11qB}#=z8-@ z*LvzT*GaMyp1ynkV}57^TO=S?;EZnd(XVU~;>Z^~9DK~|^`n2~4k+)Va3V;3Rh&~t z%J-uH2h*mTi!0I$dInW~bDEdQme49)wq74+Z!h%57PhjawsnM znPG+<^z`%o4H5T&=R#b6OND{c$*-Vb+M{|wC;xaIylsus4^R6&Cf{) z%FxN=4gs$mBSA#5u>eG?F2a!$GP*#!Ppg5KsT31c(G|79cN=3UQllq)6ka zz&Vl$T5+3oO*z?btjVsFgBIbVpET%bCn>9Vhn_j+LLVI)w#eP!5kGD#M$Om{x-@?fWMJ^F;VAHw+F zM?zd(hKxJ9Fd{J0Rd33pvSAFH5w2^mH-eHd2uC38f zats1a()-@No~FNh+L*nn*n>&eya$9O-wfr*=@LF8y=QO#1~5MTl&oemu%3Fw+nY9^ zJug)o3>xU=t~*K#rYU&8_Kx{(@_Xi2?~?t?aOkiU=q2@c-evB?x8K_pyJevBeX?Jd zEe|D)%D3SgcDiH2^MSi~_iT3Uim*94*kE4aab$m99CrJy`eu@&gucS*hbVy@G+@pT z#iKv8DecAya7w2|>7-L#hRhP;iN9=o_l#ODK06LE@>BodJFjw<(lAGrzI)Q6@7YLj zhIq-HqAD}jipTR|`ksG#sv86JY3uKAN%1~j%CZ1ysoEmpOuymYlD2}x*l?f*pWmK9TAe&d)(il)lu*C zd~xTTa}fughrinO{lGuYN$lmc-&o_lJ;`}u? zP}%fs4srfzC;Kz%H%bQ70QCp*9Ujh17r5zt22F ze36zt6NkfczM-%hyRWJ8b;9i`iw|IQs%#AKx)X`=We1a&HOZ9^Q%*~-0ZWT`Hn75y zX1!yzsBJm~I89?*uXO6M>g94H)Z#rNX61!Yj1DK3NbtE?2_lWC7z>dLajuYX&4 z=~*@Zf`Vy?>II$W<8}0cnF~&u?l>_*HBuCTLWnXVnEv^05{QuB^P@wYbv7qYpKhw} zjCfhd-F>y#LCUXgjPbp24M-<} zvhaQKF4`4$jK0OJ%rP_L52uINufM|T`y)TzPxbpQ_~b#Kab+$czf-+K95^gr{qd1* zpz}?ek*;s(fbZ-5Nx`&l!@gZcBGs4jw_$0}FLBJcu?+a`h{OA5lW%t}wc2vCImHRT zlhOVzM!CKh@UHsm<$n)xu6dLm-<}x(IC48wzCP*~?e>itzsXp~Y0#l>Z_6)83Fjzf zzI);6M?;)L_dAW_x>Zhb7LFQbyreQWi$mvKoMpdVaX^R4nd@TC2kMb#ns86RiL&Yn zA>MRbqfeXCDMMuQEmS5wZ?aRzeC8k5gJucwm=nAmGe3-*5aONpgm}M<1om#Kp8%@* z-zmPpS;jKNR&&Ux{H8RAI8e&^f&2Le;q?4I^+Blwj zYR~p&+Oj3~QCqU?kzY86_tb>b&SZugQoP4(VEK0gPg5?>gLjN`?OVHq_=02*?Lv8Q zww!dT(ibn~bV$ElZPQP6SzC(!q2k-$E6kC{hPc==N=NCDS6)s_+xwnye&VHlTguP) z&t`UEu(Vm(nY}tfhT`21`V1m#)AvHW?9vby7(u-hCvzJA^KB{(zGaM)0g@eTH2+3r zM!{Ld62F-y-ko3tNZy_;ddJeSLpp^)7z+BZW~u?Da$+ zz&U0ohH`>j;?>-?@Myh_sT<(`f`WpN4D_h2*6)ZT$9kVcwlM4SybFBkv=4G3kD6kK zIQC2GzfU~tvJOtA?_Ya!hzrk^oj7oh_fO|i;*yts;b`^Wsg>j3ff-aBMv$G-%#!)@ zIU)8H-@s>sxCDcV`)J?a4r6qw+oW@U*BC0{+{(t85ZH zdDhRm5}=Pf?rGS5OUmoQ3zfDE9i|lDai5oiG#-08#4m0sFAlxjF8ZC)*vkSLL$oIjRDKsqpk`rDo-aum>FJ~Jw2|784Qn}ioAzIN zSsAns`^+OwxcdHqA+bH@r)f-tjV)7g<7a>>K2}KnY9S zV)6MN0ROXZkMG@M-)ib>bw?$?ii4AO$8WoW%D0-o*D>QlTx*@)eT?wz!PKfeaEj26 z&9K+~Zhd!O+ffF;jC=Z-@s;}E-h2B9rqA3{*>J2j%P?r+uz(hOw&vz3?JFlP}j1 zhwra`6XIgJzszDGt|>+Rw%eS);g|E(f7!Fgoetv6)Xs3=k}`}Kk;V97B$hHTqRNrW z*5`!FZctg~@OHPd5Lf^EX54NF!3ETx)AwW9nVrk%LwF~=O;K;#I z#0i(k2`hgqoa6u3k>8W*fxN&;Hl%-uzd1?mqqNAM_I{5t?Cj3DHgoV$H;fS+mA=na zi!GN^`IOdY^*-)=z`uW-l(r2zSx<*=uNj_8e3?@EiRy%T9MNp%0N4 zTnImX^u7ugFhl0~7nHAfg}fhpLi(EcWQcUoy`_sjBi)SC<=}hU2wb}OU(O0~F4du~ zQ*%S+XpMOj+*kXf|{Er^pYGvF@y6`BqFMMcROC1FMXKh4p0w*RW@ z(#TLNM?#h@=BzW&hW}4H63^tB^M1p@0zZNOj(?Q`0nT|Qcw1Z3p?2S^U-y)*NR zfh%VCx@|&vq}L`VRflvGoM>;RL1^ONetU>3EUB<5--3cq0jd|dGga>u6#NT7n)+p# ziH&~RJ{B#puM}5=CHr?keiJ2lI1btNd$70|2>Q+}KK~;GQ+jrfZ!q0U;UUchq~Kq7 zy$e|c2SWFOM?zd`okm4y0|Fa*) zd~=2P_~R}NvJp7u^~K^~8O|sjroby4qcMvqT}HS~I0~$B-&V#*jp@^RK2-I(c)Z4sjm|USTLeHdmV=yp)C; z6#kA7mP;(w6|cLg$BuR#DWQ1Pox|hs+12i;U8p1F&xVK_zq&7=@No1y$718$%ZAWJ zS1CW0rQW^*OBy-m{qUn(?OkE8Qbq*vV-NLkKpeMAdKh=4_0=6zR`OP!#liIHKtoC9o6$YK3wwvnrjUJcD_6q!cI-V0f0kk0 z%}g|XgSJeQen=X8PZl3u(syD1gU062cFldl!cF>4h_~qCZluE(^i_Z&%~AihUl?)J z$LypzeXDQ+BcU8102t+Ee}tRGF_YNmETw}Yeu=*M;j`*{Q-1VwE4PjC^6hqtbK2uz zeV0G}kt@M$2!6*?Ar4gkv3%*9QZntBXB%-g%BBhmf9;-g{M`{$hLlkiXJi zb;S@Le$><9-Oz8>UQfI<*2_ZQ8!e7nT4}=3*7n3tX;7w`>JIl3h7*+7O9Zr3-RYdHr!r6$42@@A3~{qBDL(I0d0Kr0 zW&~_2ZWyC*;{~{fcfh8w-}-8|Ig2_%kMfhEPq`^Wi{u2xgZ^hZ9W&Qj^bTt>T>AA$ z_UT(-b}8J+?7Q6FH(VCt=fv{^6yA7Ozo5T3ejf4rAjwhtj;)=V;sT3=c!A+Vs;TyKJBGoCsm(1yz*Iiz-%#!bj>w+f1Fn68w=>&TqRowIlzG)q;vj-E;EWQ zTkt7D^@7gy(aES_CIsY%@PP1i&1@kA8^qjyfG?+jI8o3ak`cq{1~&4a2(u1TSP?wc zdkCT4PA4{M{>F|{^ko=8rU(g+{{D-Ms=*Q{kZM0E^vuq|Im0O&M;#yHgU`6J19=k% zA^pS)A#VTm5QohpV{o{jINgIo?2)0$QZ5WKGd7yMK0Z^1|CwQZLM~-oxN%`YjX73sl zHTqQU8{_odTy~RqM$c?kiSn3L+_CAlA?_+Aaffe&xShCZi!X-wrLXE6m7%~sIC;dB z<+#iqyhRH5XJzo?_~wXe91-w|fpo=%@W8x7LcAc&bmZF~sXEWIApN8%wzM)clN0s) z+h#*g43gD9?|XXSV9J|@P7r^rxU!zBEi4cH+VW$S9|zZl8_G~nUw{`WCo`4i#z{@v zg^u{8uZSy0Djhu=r}A&OnbJ}`pHbSPGSJq|*48+yp5XXog*Dz+IX<&uh!);y`)BoZhq(U_m8bH{iZ|~7JiTRHRPWopts>os;7ChLhjgPf45fgy zlyrADD&37rNq2X5cf-&*Ffa@-1M{En{d+#oemyVey7sx(I?lDMro45O8i$W~4+&gk zuP6wZE?9H4C3AUvVr%N=6X}e6LW||w)R!>Lb=lhzLCgduFDa-^OiV4D!7*`RLSJ@x zkz!SikE;TqcHX#f4vSoShugxCc2P^Cnqv-MYL2p2nwwoBu#ftEDQ7(gblBbJ(7t20 z?zJVD2#Bzc3S4S>{JDuv(4Yg|G|C|b!3Yx!W<52P>zf8$nAPyPwQt{`N;4Aa zzdsD6 z)%lte_srzDT(>T$6*V&DKdaR9cR!BD^C<<-aOsIm~gxw;#i>Cp0z{^~^pxY2T1W-#^}D?~DZ#f0E@W0Mq@(JA^SUG$ct zoUDKa`impGx7!8@qYKg3L!+T;d0wmW!lHiykbP*>4mB3Lc<c~PMY(?!&WQVR&q8~9R`tsD&TdGKPurpu`>|mDMSYXi zeAn70@hx86O-6$1JqxBqp~~5H^T;45z;gK&O^d4E9_cyTS)+Uu*L#Bl=+Y+ERdpWY zQ)4?0j>PMKM$^s`60EPsKL+vBNhV}a97&YMz7ugWiHZ|v>!Gg=+XLP;MA!Aa>r_eZ zM^7b-WmOQLV4wES!pVHS{Be>p{9$PBQ}>A1yA2(AxDk*DMd4jjh(>ztLocLE_$4TQ ztOSh`6wSOlXuH6>0*%Qc`ZDOK>Cut@jB$n{yoP}?>#|D7pS(mwFD%sorezK!-=g2+ zQBZ@fx{P?K-M&Z3n&a_i4GMa==MSBxgq2j5kgJhp8#$ICTG;1}vrrMNJbkqSfQr&U8o)K2YP*j2$uG4EN|S%Lv{{`R z1JTKGzR!X7HEJs%`DD+*rN#kB!Z9y{FF4`C>B;0nm03MTT&_L!Vb{Shs!H#r zx~al|$HiyJSoF?g3I`l#joAHt3U0IVwp1{gKZQ_Gy!|8B-;e5xw-^ajjUnsZu>D%5sti(_GN7L^C z#YW_r1vhE?9|<+{bYmSQQ*=Uw~tA4(?ZWCKpSiruOtA>v*l;DWs6%Pxg4jZ>&qFZ0Qtpi8D zQPh{Jl@RtB_AxN4NvKjLc}ax2th*UUU5_hu8exFq2?(0R^k*nl3P${&W6rgnMtB{* znrupr>40A}%cB}gbT>ivv;8LY)a&;t=d$fkqlT`{E8MEcyC!9sY+qfESjN~thPL(s zUfe@=bPf!C5rsQCKW#TP;e7ghQ=p2bU-4V7d`qjV$OkE)V^iN9y&$}Wd}ZeN(BCmS z#(e#lG+J-Mna|R(UHexKoieJQ9wdGpmyjD=e2boS2&-#^g4z;Ss^xm=aIU7;6 zWBubF*S$K>m6F*h=xDaVcS!|d|DSq2JrptVKEQ7o-ePb3+xQuc0dq@)D>5$7`7q!B zxA(8-gvc{thECom?aZT{MIFP)qP$ju4biQ*7hVmj?cd-CZGzJg2yI$g51wTY=*W_c z3C*2Db>m`>XuXAjiiV2ERSu-Llu#yeEg!k`8JQ*a{ih+QS~kwjkk6G%%yYK_G?n77 z#~;dcU!Zm8l->MrY3A3$J$bY4fLL7PUKqNDHcna`p)U;F92&?=iQUbcGcm{btns$F zZ-HC$vDBvQe>yzfUDI74a!krzPIt{Xr;A6gTgIO}=x471nz!Lznj)izi%R$LhkN_) zS<(gm86mP_wba$oUrgLaUTUQa)r{doO@@4FV7A0f$*uzA8{b@6A4oz}8-H-};k?~S zk85rY-rf!jqYwGvrw)=euoY)r0=BxM$$a8o4@hIX6{1`=JAMw}!!p+@O(Jpl=^ozh zEB!GxXk1AsBnsIBZBoXL*BE0DJ$qvoNPfGuOJwHdoj^)Q1Ervo}FAzCRH-+mv_dMVW0~!Q{8{{&ik; zpvh3`3jSOOBu%wGA7?TJ7PQt5d&VbpYPA{P2fQKPbTM>ZESto>A$%DB1*+ayh+Afh z1}8XrYe2()ak}UJdyAPIBZPQyVG$~^mG}E83XKx|?%yi}T#(a3FYP3#c3e<$ijpqC zzlkW&Ns1%D1KYn3XDCr9whyK{@JjLoo?|gd1oj$+f94$XwJD?WP#4!S?z#HPC(li} zVEOYz%{VEf)T1Ce*}k0AP>ua`jSyaN-zLBIABAVmr8_YB?}&#ZC!mO<+?w5F<$gGL?)c zuCBV1L5#u$bBk4-ztzw+_SVvDnS%Nb{O5@AGZ3sui;y$Z&T-ja zAOCb1X3r8cW4#_8=Am=wXzZL$;fhIF;66d9b|pa1X=00{Byax{&Jf<5_^qZt!)Yyb^xWCxp)8{P#%69m!S+j_o6K#>xrX2uwwVv4g6nZYe^b6+6VMyLg4j&Ta zoxo*LP@V_R#{H0O(;1fpQf8?Uc9Nh%)gj=MEg9&KhT~O_Ri5Y@dp`agZ6C_*%qZj7 z(rDAfNcGw776yY!j7HW;Q~aSuOOUb9Fgbe0@=d?J)Juy+T{^17(96gOUb^Gi|teU5py^$=gOmkeTGVDV$R>iSUXKT7$=2S!+ZqSYVL0q1lE>Ghj5E^Eis46xD*vX=dy8;gBm=& z^tBu;W$jDEoECKh1({O_U)%)+jh6WMT`Bhv;QsFH&gM8y6Jsi!G+sA&OlW1=eggqS zJL$9u4=#Nb>|dj~^ayEM{{7Y>%Oa|=3DZ8IlQ6I<2o{|mwI6t)TY&Gpc>XRF^tll2 zP$RbKbDmk;m#;sSDIQ!%R*kH;x0l45V-E46x#9DxJo{FNUP0#gAqc1e)BN||3dX#6 zpzP;mPdZ(|%ia~_Fl`6l-Xu#$C@yruu)^``=c(+v6_^ON&e1;y^h8T)d|5xS#As~o zx%X;|5tFtW;gWmrZ;rScefk=dp%i#mM(E}TU!!wikud(c^_cjp#ViiI2G6-JUiiEu zkst5KvQY>B56ZzDrlQ0f|G1^c8`N<+EjqE2u!rGK8T)TEi9UeoQT}nB@SF4`l%>Pt zFu(uLvs{RU%Z=4jsB za7v_Ns~`bYz`WoV-got9FWe3Vl7emedgz`GNDmF~(tK#G0{pb29t(|qHmtcIPUhZb z_PDU6wc)X$-(>p~V(k4?o`hEn4d{H+w`;&#<)$&hHPIS95v5hp1b!jste6c#663Ci z+Og-ON#41PXH6UL^qicdJU1^wd+<#5xRa5EGjx@~RMIUjE8405)1o(be7D$G?v6~l zh+y;d?QdZ`7f$2NvY$r%-hCVf$cIo3U`v1V0S zi79gdINxCVf=~A4;(vc%FL$Y|_lYVi-_6?R{e`vT@?+LO4MVMXwL#W|iPT=%_nlL! zE?qwu!QDURka8uc`QjvpC=Wmb`asglj=S!Li#_lhrwp>x`z)moSj$WIX`{lZU`am0 zi{qAJns`mraCs5EvST+8{qPmvL3r$BTW&Z$y=o{Xjr>ONX$CMN4fM?R2?3@@NZ&-KUT+u@xXgKs)wmivBby~8HlG8yI) zt0Entk`>!w@EmN1$n^z3U*d*O{|>NGv)ecn&b~=Z9z>gGj#L6njMYYSskB^ZP~gou z7Q+Dh7VFbxY9YBZ0^%SX%f@ckJ=1-iPI*N=%eS4vrT-+4=hR9?V<~U_`%L?cHSl~2N~d7J0#brE;W0HJoB z(LT7BO09D&y6joL=gMF3N{$N>mw*$sU!+qlO>kw9byIXPNwj3h)sM@ml>MhO^LgNb z#1wcc_F8s0TDDv3WR9IR2%fk1{$dLztmbN0$bbRdGxrgeAKpl{2;d+!E08 zl+jb$I8{jsG87avf7d?n1sxcbl>YfACw}qs)JWu&if8(7U(mDbmEp;&O9{V|y5N_P znaA=zU%ef$S{h*~;Z(xfxoUR#hzUK~Kg5?)sGw;mP3+3`iWljgUg)td0W1@s*z6-N6 z=7!+eKBGT|>I$&2SoZiI`xnlDig9#QY|#R4GQN6;j{4=*j=Z{HC6B`8?HU&5OI!1( zXXYO96akjH4RE_R0{$C*r{;(s>cr-6!~?}-N5vy(!s3DwOa?S~)1n)R`((3$I0DRH zt4%?@nx*7lhiiUwcU8)>Z^K*hG?t&ggHbOwz&>Xhl6bwdot4$SwzVL&A))n9N*P^{ z$`8QO=hZXBEzQ`dl%0mLL>!4#dmN=t29JX3@QQLO|>7S0A|sa=F+ZZ(aTe# zcS4VTf?`Ahj-9*8d_LL^x8^-gmi5DO*@cw+Wq8>_JW?1p)zWm6`K__)ZR7OgtmA*- zXUKl`cmda269q=IR8O?KtrNM-7+-;(eU5dTNgZbD_DRvC##iG2^_EF%q~{;84B-e@ ztz$l$aMN`lI5`8u?rcmj1%EB|OL$7nXWM-$6^@P&AOTDCCMII-(n7eMO-)`H5=BJg zZ&`CUW*jL5K6`M0;(xIsJh(eZ9)aOMFr{Z$so{Z(pB;V}V{Tdz=r1-_-%1X_8{$s7 zdd)iRd%-MW0!T@TOi=OflUfqWUMY(NxYrF&=V=+#_9xO+wxb$Mlt(r$*yt{5%S1ol zZVL8qcw%3%>Hi}{O&Tv;Pkob3gSE&lRz@wnr;YCjGN4C%H7HXxi%N3Yk^!vww$RM4X@9i8nRLLUu&{{8s^K1o3*frtkc*W2C3S6@Ap z7K13Npgxk9_yqQ&s}AQQDt#;c9BdV|eaF}Dhki;ZTMAqm7^ec>=P;!f7V_Hx@&hK) zrH+|Y4eP3=X`Ok0!c64Op_LQg729{u6Pt^SaycJ;e8&G4whMJWustSL`Y{av_2+ z;%;2ab)YymPka-p>)F0@ON3-XgQOcrG@p8kvHPZu=YviDb>;*=M10RuODWNZUX-~t zJ%r%V1C;EzWP=jA$(w2@vmjS?XKQrSKINx#M-3btK@PUw`LMCUTX*5{`G~d$hCFkyGWLMe43Io;$03g_y~Ty z2X?Fj%#3I*n0ZbCEgn$rmCbuQeK*QfcvW@S-n`+X>P0X7QowyD%`rs8ImS+o32}BfE9ociN{n1QeVZ?&PB#Qr*k?Wp2m@S0K&X>j41}zZ=#NXa% zu^ds6D7e$HrmH6>ZoKw6Yckw&AxrI!P88|U335i`Nm3&*06_PhAG&z7m|;nqkKs4O za&HVR84@v$Ptpo$x*l_0hDJ*kHOHpaUh)Ab%d;9EWz}CS`~F+}Ha2p*q5R_0PVHqI zG?j?(AvdfL&vZ42xDXQzi!lbwxL{HZ63XB*%2=qk5O-TfmBzqJRiam6HMZnRSdHs) zUkF!2UC^GU6sEY9zOKztcS#>{4D8z==zwI8bOaSZzMq3LASRCLhc^CKchWvooOr9iT z_!Gs}*luz?R(+aswn^u$M9wu?)zOm^ULn}}xkg(0Hzipj0wtLHr8Sl83F&d;Ko`#K zz&T9yfEC%l;*Cvi%L)wLCAOms&cR+k8OzRAQsLCGF^fg@lHt%muol3GFfZo&`e$!T z`+`R6*H)Jtbqps@#i_L!8daz?9Bk$YA#FK@tQ@C7yB@i$UMnZtvl!r1_9i4s!)N_Mo6svzLw>9yDCvOQ&f0mB0|s{%TM8uz>(D z4OVhjD)`u-Z{NpWz}ZkI?5(N0>*5QJfhmgC;&F@C0cHlCnYd97kxlj!EUcwcK@6sB zZ1Pxdu`~iEP=fvATG<%ES{&M8-sm6OZa7cC=LbWdsk4P}J_>ma{WJ*C*JNgjVw97y zPwyui#6N-?sjtO%+&ZJ!A^JM7%-+xJnjC7BNA(IM3yi!ArHK%Nl{-wQyZ&&Dbd2G@ zH}0Ak&70`S3+UZqgkYGNYXNG;NvhjF16PMT+1TV!+eXYUvU+-rl0NJf74~l}8EtNx z+!$nIuhhhY54D^en>T^6VN-t3>UXN;)9iSL@DMK~qsERos+5U-P8--SnbvBeG0VgVWAXp;fCe9>aNW` zTA`+)CgbiNZGXqOUrmDR+U^=_eH{`Cv*n(%g(7ry@t+g5Y(l9YB_nTQUj>5sa)!$6 zoM2ulQv}4`Z2bwlGJXdsL~%l2p>LAiygOMtY}dw!@0Bueaf-xC$%#n*OIo?}>h8|- z!$@MC*ZV`h@=c{07Do|IMBl69e1k`CGV;mdXggWaJm&D}XV#~G?`&Na5(s3pWJY!s zHHJ)oH#4yeqe&1~ZV89Ck z`YH0~&3nCcxt^Q7SB<_hVvkdGE1Tq4J704RrB||A?HLZc!KITVEKCIjx?*f}&@)`? z6&l#hS#}-6p2c)JuW5X62r2=?(xNw-qrpD!;EAOF!c8{5hLSj+Yp6j8U@*r7U^1BV z?>*!uQ`-klW{<4>{fXev?t2Whzps(XIHP*c6|HKxWZqw^QPJVL8tN$nS0}V|un6_E zIezU2+4jH8xeO@hf*w8c$f6A;vNfHXR$oAWG>~n1j!-@GJAHR?{V#0Qecfd?EM2N0QO$i3043l=5V57~4) zf7b(D^*5t2Asgf0T{vkFX}gfe6XaR+khN^bIGyyH-mke80uV%Eci zf3fB!Q%aBAPz+22s$$<`x#r|tR$21uoOXW`^ox%r$(8UJC+v?sYD3v!`Lxmyyei*( z>aD-_FOWj=a|^bEMppfFC%bI0u`}mxv^H|-L)|1haD#6sRyfUFb+tr|Gs%hjvtZyw^Kh?rtO~$2lCP$;-UvKM9)8OUCv4g) z+_~BR;%p*YrA7T>(mh+IZi340o`)}^)DLr8(9*1tjRS*zBADTRsKj;{)79gVzCUen zoJ#cJJwbbs7v4j8ec0XprxgAD5L>4xKP#>gK)AF2s&}rKZee$=@S2$Deh!tI6GNy- zmLFaJ1}efp*%-%}E@g!f3nHc}_smO+azfDukDN=WGCAhOOT> zbBSBt-_hK_wOzW=yde1DdOj9~F&xs=O0NKBF8mET@)hz>r;gm`Xc(<4Ti3rsWf0@M zbkq|r(B!7VG66HfLgD$R`9KF_(951UQ;rYU@PTWS9y9GtM+(7TBz%HKt zu3S+T>gv3c=ET_~v7>w;p)|k!7Z8Pgo0HS7R#aXJs}%GFI=(iFv-5LPnfS9k{P7?1 zQ)Okd8N*4YZ}cFo->24S6H3>5T-=xBVG}jmqJFZyAD#6XOxB}Dop~(HRp_E>xkIM; zNGGktX!(hTaU5y!M^ARx3HlwER7w1dFfUeIA*bQ%j?b*6FFOtBmuBRyp_0lAWO_pV zdKj&)C6#+gm4I&EFm3Q-C;18Uq{YCC0W{ONXB3a6FQ=K5vhG3#m;?D1Zvt&X56FrX z=Q_tNyPH$4%;jSG@Y%6h`0g}Cw8B>-J*JWMkz6s?w;2#BAhy2Izgqw0OC+&^WXfyl zO*>|{8O~CAdzGviiTYRE%os{)KaII#o=YAX>LC}Z9)#PaB~PYB%|oXar-Ay}yee6B%i`OWxujx|sVuHwXQ_FfAZ-+v9rGRjRyLgM= zYZP7~8vWJm*TWkEI^W#BJ@79dbEm{2z{})Fur{n*<*8$FcSYQ?o_h@Y-`1X6jI1-a zH`Ro5VQsCIfzewzQ6Zfx!(GxIKo1N&r9SBV)ei}$lekV4`ee{YyaMiGa{y3*!qdW= zFEDJ1%kA_tO6^4e$z6a~2L_-=)^cIh;aA07kvrsv4l%bR#%td>!M`B;!Owe-{CDcD zwR|j-3&hw}!-swx(ciSnXPo@*+_Wr+lL5m6|51uHLEhuT$=bzFwuO)N^ph}SnF6N> zW>t@MH;pQpykZ=a`C0S#ck8fR{NSAKhK~~4TDvm4W%EY29mSqS2qEpi61d7&=_>=8 zQE$D8Cp&EihJ;g2q_TLquP-PbDlN7z4UN6az+9j)i@U@I+X--0W)P{ryJlubf z^>hDw+N?LUi)3@eb54!+|ZDd%mi=5YRay79>s-@v?yOiUA_tY-ByK*CRm_Kf^bc#k*t&oVHmFmgQ;#@JH*ctOIU2=fO zo6bU*+i;K2?GI&uwK1h#L59%Us=}15lLW8S{cK|?*I1EW(UjeX)R9_xkjzR_hJI@Hg;2;H=9xMtc;8b*fT`wibk6y;_7)2Q+ zEcD6}DtH^A`di_OJE=~uO`B?^+4~7i>7$~j{f~2Sf8d2BB{kEfDZ=a?n^^DO;9*;8 zLw@n7$IOX3P+5lUBQ^Fq0adB!t|&1e2LK<(4qvz zz)}ulph!3NaS*|t2up5CTgZWA&`vJBA+^!U)nBpp?V(h*;d+^a?Tg17Z60RB7@#(H zB5!yviF~*G7Ks!!AJTlSg$v6Ig$=TZt35Z=r}`Y2jL{~C#TH#@?Z`)DZz-ecg;N9= zH?>AytDeAB9+$29?vP@|k}JI0oywg+&`Ae;{G)t+9@+yxfrU<|#%;tTXlS#murnD> zu0)5!ksq1rh{C)It>Xin=XvY;fe9abTt5N*3TpXNvl1omh12H8R(g>)pFFu&a^I97 z+=<9^Y4WL_Z8?=ziK7X*+?3rNoK09X+^F*|Fd67?XjsCJGG?d6tBzdUxDsBvzbLdSEp97tU#*E-Ds^!c*;L(b;= z^+^H)TNAu*uzuBja&HVp*YMJtIiTP$l}T(WTFvru z)~HoSUHx(-D4}dWG#nxg*YVXV9-~_z?pG`HT+bQ#@NAn%hhf6W4K~0Zni{R z46gG~j?9^kEgxq6HJ*RgO2(u&dtShv;#6qHCt&+qP+B8)jXvdPT(nn_>YNy~H@5A= zAJn2_?cZI4BIn;0IHt0~X5N2SyY?=HNm_wT)Q(1?K;D;ffwgD>&JPJRXR25p9!X?&6 zhnT5IuaSlKO{4mTrC-q1Jl(9HrhK5R#dpCp3odlmnP_z(h|cS#=Ef2}4+Z2CD%d<$ zb6o=*dAF7%YhYGEYZUoGDAMBIC~ zR(AQbj-tjenCn|k*%^Cx)q7S)>7IId=nD%Q-tf}j+g&)MURbLmB(vodjPaIaAA6-E zU#`{tdr!(81|cCzc8M0j6PNS0|0r6V^fCiDg#N~wM2+Q0SmpKlShYkD2%p8#C2BrT zM_RYH;8Hj{w}odt2s{xM)Zg8I1gREEBcc_`CnCa%K_@4;`i#v?N^p{c4tj}QK`uY> zddYAhX4Pk<%>5ru27(>?Zz~!*7k*u>8ByEJCQDf#K2ZnPtApem5p$M~xF5)r(2*Rh z&b%~#R9yQ)&xu+t`_7EG;dRbcEX0~wOSx)0Np?4D*LSWBlr>Qe)4`A26-2pBC;30q zaug)m2D*6iyu-}Mha!@1Z;1$nRYosGH93=d)wX>0j)};P4Ynk`3-2~*w#hmPlclEm zr1PwkDdeA9K&~hcR$*&5-U?&tN152YrEB|3Pot{|NY=F$rLUSn zr}ymhb)dC*`l|?w{L7+b7XS{LuiqEOAx&5UZyZ{G@9b?VH36L(9R%=Ue(CgYy)!jy z$NC|QR&Iw@xTq!stA%ayM%uMKUN|y?|tafR) z2#x?66i$gkU|FlvqY1rByZoam()S3e)4+@UOOsl#yUo8&$H2&AY81j6J=xp}Bod!DAI=W;EAS0fx`W%Npp*so~1~0X;zQPA2h8Ruy2lD724wdg?e| zHX=;O1~J=_O)JFEhzJqQa|yJ%J_#qsx&j6gIM23S1oi0k&pKENa!6DO8CXBCt5V)f zq6@uSG~7xHpxYWBxrswT8ctE6a9-NP?3+PWl+YU9<`nPPtPuqi%Ni|i&YngGpVhbQa;Df~7ow%{@M-a4RLX3stC@dFnTlt9e0@7>>*r1D!*wo0 z73dVdS{i4rMo@J(OzejA$#`W2GBC><+)u^7O5c^C6y#an{OlOGO;E;u>I$!U2byS- zZ9h37($P~C`EaZ&TI!cd&RY@Jpw+1Jog89*d}mV@e&@RHx;G_j;4wmk`H#b6Biujl z;MeZfTe7Jxr(hv-vba-7Z*ZkO-`DeiRL07*Md@6?9(FU(A60Qh+$=W25q^y_IP>0W zbA9BEI6;LNA(?1pb!;|{F1Ox$zw~ zX5yvPtw9*QZ3w&7Q^C?#^93o)vN_^h)#c&V=Ki}oj*(M2eAiq;R;diN-p19PPapg-f8lOPjV#h%K(T4WU4A zp*;(|*o!>%FWIlz{iVDo?KihAx5wz)4WKaj++%8se~qfpfXcSC9D%NLyYYiRs{eqD_$JwU9ZVAYhvE#y@1{qXDi#LXZM#^~(2(QMMhS zG@v7vy+EUY*@1i_>S~dV5)E9-Ve?#{BhB-kp%V0FT9lpLNHg!V8%>}zYRDw~zHIXT ze(^eAbyY>cvD!JxY}47FTz=Ix|M4#1)~D7bG1rUqiJt10qc@gMEc>p6FCM|G!-|It zqApkmihAEj>vDbZ0gf9>Ozq9szlCJ&x9=nc^}Rbuyf z;#UXhjQwzvQCPa4l^=_(uLqUt7#TzFrl3#B$*dwjmwFI?_6&*|wC05JmOGFGkc?;fDUy5fAiP-19K7d2>E&|sRj{_YW~ z_s$MmFN@6PMY0!ft@&PhZ_c%XHDKrM`gbS-BHsOBcrZj%d%Yy&`6s;|& z#id+w^cJpoCCBqLXDpj7%69wk#p&N)JU-s&cMg;Tg2}l{aL9c8=&t*3;J5KM`rgyw zazLK&u0Q^yDSrl}%$PXvC;zeI6MM0iBihDw<8WOWVihh0Dm366lcg0u(Wp?avK0ry zSVaew+wKZv_fbvu0U>&f<-!@YwaWf}p>|#|)ho`rRaq(MlZ@zGbgKXlU!@3VPWT! z_z{_8UA{-gw~9T*G%HU-4cg{Bq)h_qMX*xyX*qW4iCxA{t+pIQ5a}55EVHH!3wkY% z?YH9-_J|L@{<&3g$4p6MhX!sJi!&Y_o7K1E@8D=>TjmSS&`dKT1|jI%DgR8g;5)d9 z3tr_o$D4TbM$LSSgt0ehN5Ldp720<%3U`?(B9`-8>40a`SOkgH_B7dT@t%#Ce+T3b z7$PO@nX0Esa!yKI@Q#unxoxAaIp2V??Wi|7?<)~bax2uH^;x}b<3#0ldokG_8~u$N zwBUkJn6*%hNR>kw^Zu|{)%*S-B-z%u}QRrt088j#EjvJq-wR6tdi!aUm zz2ABVUj{2=*$#ZVawMvur(nl#{<9;OndFD&fTbtWv3(5mHteX{YNfqeA?4)OOxKpj zHG^8B8n=8@W%}ggUW)F>!$eY;FgSZ_^sj_Kl#G4Rq1gn;q{hO~KRsLoOn6MI!jXR} zYHRXqi@fx>g5U&-gAh9Q+#mdwosd-Og9aX4T+l_Xa|?GlCwPYeSZ+DQ z8v6m)pIh`ryJTza{-6hM{XN+n>^qoaqm1I{HZbH#FdT^UwwQS~GFFJGpGPxxhfK~* zxWX!b!jP`s;$y#tE~yi#{KH>if+I&-m>DDkr*!M{>wq|)KUi(wj;H>axiB2H<_3JA zfm<%X&X97{E7-f%R!^hnX;hQK`0;qyLVQb%D55D2eo_au$`!De@_j}rm)j`mn9S!I zEt=V`V#Im)PP{5|e>IK!+F_&T<9&zfiM5rJ{c$t#-ZpaH5~I0fR*fv~aQ&J;XR0)o zE{MIfUMp6|v%k-@KsxtHY^fqa4pjzNxu^f>J^7Vy@a40NIVS>`@99&E}t)sTW*e{ysuHbV%4)WP_jw&<$^QY ziV9WMeQ5qM>i+KF>z^to`=%2J)f%BEa4_*8tg~o!e_Z0|*5$ zi3ZiKCi1U|YWX?xMZL~7zT$QEUlD*;*W%??vjTsuv9B0w`8MGi&Z1|}v0~On_t39~ zJYJSh(z-T0g7-hkRlf@fWiD@@SDs4P@p#AQJZoK{YU4X<2l=B4WBGNmcdP+3a6AN$ zP^omfJjLo^ul{#TB)I+5e{Z}YHkIjq_bu$` zb}ix#p)8@41fy<6L=efdS90T6Q9Meo+P`~X0$5tF;Ou3_2#gKMiHL280CY@E-_sh% z1#IHp;FA+*oiq3Up)TRXDsSb@yXGb$r;9LIXpn|6;7za=HV66ttEIKmxf6J)IZ2-~ z6GJkqc%D9%a$Oqfiq3#b=NK6Mel+3b`>XetLeKg}sC1FF7h32$5=wW-cP@_=kd_1ncrQWFJRDKOiKbx*QyN{q~kiTl)9cx4)0Xl;Rj8jOXI{`O6n-Njl7Qb*rfcRc|9)Tq*TQU(9u zzguCG_hmH?HqEy2U)bn}byhmPd1}yzl>&ic*MMn%1VYGGmluXuCi2|k>i_%&n*Tta z)4|ADN9!+wqN?qM+?{R>T>YbD8N0?uO!>WKFvfP461R`9>J{8AKZu?&JZ|7YR(-8}7} z#;_`ruw0Y9kzr2~EXth6A<3}2FRSYmrUD+CQIZmxFEVB*2dw3V7Q>&(428d-KONV+ zWaM~=Rh{<9#ou#m$JtbrrAbG{J7$%K$W{#oQUCb*5 zv&q7|4@TLP^!7U-ojZ|Vptw-L13~PXgug7}WJyMBFP=znrC(k-OE1x64t#%LxO2@L zj8MHA&$Bv|4n;fi4f{jmquZ7@HjA4AcY5BHB4m`edFkh^wyd3-Em!H9qf@)fn9>6} z^aw%QCdoFr=&x>^aIX%?TiZ(Uw8fnTQraujrMy)mj@#X*!%rEx%kWJW6b{qO=-|ZB zsgg8(yMJRlK$k~~sjF9nGc~uRy89@UT(r*vaA}3|1|bN7x2C||_q=HdZmw|6#S{3Q zC#_$h0ZLTB!Zve8{pLn10O5i%%q00L@AAL~$isyD_JVBVwyGOI46HDQH4b$EfG>|+ zg^E^AOiK1;+pnFCzoe%9cD@Wd?r@CoIu)mTf@TvIh^iLApL8O;N-wB9w4>G>$w44oO#Of%6^1!-Eu-NpvXS6c_8p08h_kW9 zjC<1Pd_Ue-HvP<%Un&9_NuW!8RaszC9Oy@(CKs#c~IxfAv9TEIA-FN~0j|Tl?hO&L6ZP0=vZ6+Y35o zOu*u>j}tG^>80G6Us?Y!@LpteJEDjPI?s555r?o!Q!-oPp_AU?Rf=zH?oWN3bnQmQ zJjraVJDH7O_Wsg%OZiq952LzQLkHJ*gjqPXGA=(BnNh9)c=Zu`6$>8kwo&=fwAkIEBdEiFGud(j-_1`-N zdnn|a&6oXra6QrSPhEBRS&t*3kq%;77993mmC9i|qZlV3eHy9>qkkEmnL*=|MwaSG zK;Ifi>JVoUP%f#-B?ar1%5N;~s^N%%}RP!PIN=uD-fKGDjEJ=cA1(rSb1#^qs zT_f{MwI5aMvHv#S14^;CHs`-DP2)Ng3;UdXP#I)}`O5SMmpZ3y*-cd zY4cy3fO8pfJ0>*i8LslYc!&SPKXyN)VN&JLIka0x=@`5Q!I27TMSI^t>Asd=J}s81 zx4c7%-FQs7HG-%wE+UXr>Rdvj@aHhg2MI*(4ebTbDaOU5DSNhw!6Y7~c-5xheTnY_ zO|fU2n-(fg%rb*W$4Iz;KMfb<`{;wJcRl%42PbVi2vw1nU&u0~ZFhzu5v( zA3Md&x=|x$;_+|?d;T^@60l!3^`Lri!|Csnp#REP>@HTPnc}-O)#dVckl$(u2&YZ= zeGSiDW=l>z)}cwzsGHLb&c(Il)IVJ17v2uFb1+Mp!2{{HWum6{6Z;bghb6`0oy>Zz zPQBcgSXrOV)WzJeigyFY&<<2GwWtczQo0BEl8BMu-Ea-(_tkY1%4x3t&_LQh_eF7& zv>%!Mi9mXRxHZLGFJsL5@wsMe_)pD8{iAsTjTl{NIC4oG#u03LZp=engopWuZ$kBg zOrrLj3{G|S|N0q4kS^hsW?Oaw-v(JxS7|WgDOi%keRRHoBG!xced4Sg>>HX8qz&A|V0J zx5fAP=Ybl!PASr=qtT9KMqla^TWh)HF{v}`-#`0rsO;7jXoXX77odtT7(|G>aOJ<1 z*t)(nqTz~UJ4c38m0n#VJq#z}P7R8)EfYEj#)Zvs0Tk^+>IXZ)t^AC z(ju#qf83587dzcj-f)6Rtr_O$reHqdo_k`HF^xB3ESUG^M*-p-l{=?$!hB4Q%!JBc z!!QeS<`jpIza-@OYtQfMjB#quUMv)mrPdaKB@JOdz*~aHfdBr6FCYHyDY^31&B>n4 zy#{^z74CIpN+$uUz1a%9i)IRP#U3IdV5U?OO4Cgpi~98I_c1FofN@B`ilECw-&RNRfKfSgo@n%j#y(Y zK-X**8Rnxmrk8#1!cfey_u%vObA|xmz4L$5cKXQ#YV5+M-B3#?i1}UnhclmWVxp#@ zg_X0;E2?R8@lB6(daNHGN?D>re2f^GMKwtLe@{AR5WS3vmMzAYjFeeU@#ZqVe#SKX ztNE@w)?!Bm!oi+?sZ&gvyGCMzu1e$(uFfVY=&fz|vW^dbotqQ)LJt3do2i_Ni-@XG z1nR{Xf)p?Esr$Vh_(E<#&&PDr(~_Gf=5ud@qi53$9oUg3DH^JzEwCI6qTv00AeJ_kHUwu6n~XtjO%}Ag#Dtb<9ym& zW>9ylW^dI0Hc@BMyxW?&n$21pkxcgcz5MQ{bJ?lV$6WV(GQ!V>i^_K|i=IO{bJW>z zwTAwZ{^cYmtr72Ochg97UtfBlsX8GTt zide$CzH0XJ^ndO$xB8?)d;FyTQ~OV^!QJmZj}0T+FGg-RM@GY^ZF+R?>!1?CzO3}Z z)!WDWG&O)4jtq`AJ6pF7HZ|4FMo&9cThC_nzH3!T-G(%{`7*%aBi_Pa%pxXB#u+@I zu*4Dl|4n+}79PaMR@cu7FHL%YF&7eXvG({`wkf0!4+t5DQun! zR~uL`&ma8$tEUN4eTb2N@?d)EefzJX-q@e}wxrOcw{kwq)grU*;dxNKc{0?E^R>(J z@IZWnU{F!^{|wWs;6MBy^2r+<-T2>TDoiZ)A}oP6@o3(jm>T<5FPwjXyP%6B+e`P~ zL-poDQVFDGpXigrSPj#*=|8*yD1ekGahs5fodh|_8#XX+r9RA;s?@n+B<=q^67jm} z>lWe-b@LSmT$QD|lwE?XPXXxv<8#w zrx;=Uv6y7CSuwg?>JMRAwFIi@pRr4;9{*nGf5#Yk#YzE|+FN^apR>5!2`g|8&E%-+ zcPqj$=Wx2)eWf1~sRQ;M;7+L*ka<4rO5jIhB%Sp-hrL*45ldBZkDNhU8O8Q4`o~)x ze<;4X{lLipZD+k<%i{j|f9{{q_9S`?udWhbQENd0zbZ6+nAfE?zvrdr@~l^lOSML@DEn}Zw2)Y0RKwMdO`ci zjJTdq?tx{(A1k>{!Q0xh;m?WvbyS_~p?obI82#-_cX z@U4`M>&+dXmosp)Rq~ds%E0#ygeQ%!hu^`9g_Wjg13CRxq+D)pz~Y!NY^#V>7oaxx>C!Le00E%02-OYG}#_;hivwai4v$?LI9-G8?_hS%xHckv9|)=g3O zj9*N)^ws(M6NZWfP?)w+Dr-O=4(tyk&nxdgQ?L|@^zTnimHg==<$0z3TQoQK!@Zf) z78{!6zzt0J#WwrZfzIev8CrfFUL=(0-!0_paUf$3t_e<_2{`yK8{y zBsYV|)u}vx>Z!yl&wo$AJRBy(dA=N0WcCA{ANqMJHXxBka)|SOUB2`^!>}V|%&Z8_ z#KqVnt&EACwVtDBFYHAb>ekNs%m8O+?799=G*kmsg~qFcS^&Z2KjW~MnXANLdd;7s z(g0s%LviJ?;zMs|pGKBWhzNvHB2z1Izup;t)e)k@5BafdWx85Z3JJMMcQa+8a%c3E z*t|_0dG$Wu-Ez6!D%n0E+s(#4Hs{s(LzJL*Z5|5~--6kv%TGU^v|x|^IY?z5NC*nA z(Dx(&#+`~19OaXcIsdjfY;lRpPio-g86kUd3XR_@W1!^P=AmzD?#jgfC9J8rX>29^ znvO~Fj+$z~5ztssW<7xXiy2@bBsFx?Sc2}8UNGeuzrfG3-3lJE-^yqw!{mbLDXqA5 zsP;ndM+d$E+#&-hk?naGLcIL6so~$RCTD}s+Ixd43qJUuxh3u#pSt4Rqzm=UPQuj) zIxu!}zemf`%*$ijiOXH4a`{{IP&0g6n_2XV(ql#B`9NqdwP0OH6LZ4eFL|tZ&vz8< z4=r^_H|!7ls@0o2-lr4re20);+C2}zLWI9}=YJy%60Fv4Ma!hE6w(|Vl|+0{p&2*< z9tHfm;J+WOi>fEF->p*3v9gy~9b?T)-Vb0sPkVX;UXF=O^kcD`B=nLt_Ot0M4SUtQd z8Z1dlpUPA^PWL`PeNISVMFDuQ;N=PZ&&SR=yG}%X$?u%uB+BKqrF>!y$B%osen1> zi1?=U-_YOs(r=*`VGzH@+(q0uMI2DFx?<|Y)~WdL@~iGEa4F~TwC0Dt=Vp#xt7{ZO zr3)|KTPY^onm7cVWMK4Y-OtJ`O085DJ!mA)pKIyQ{HmV-soGVOy`Qy6{S`%0r8`=C zw$8AEJWj(FnKAZP$Z(FeZp5DdcSyO2#X49TQ1eMJ^FdhgzadG$8cPAC%Bh|G2;+an zP!L!o&Gv6&{ud#uF>n9>m5RL~_gI*E>fqb5Mo%A?S^73}Uo+iSciaj)@>A~Ck5Qrl zj`-H5dDXZd-K*~2XhOje~?gi!N`a-&AuS-Pb-d5FA%bwqA#ZYecdoreqRFkn8t+R z33WYj9x{uy){et2sLj%3Z-Un1@iIvNPH;6K4xKEj$ zxDajXt8vxYV13FX3Z#|IwTKkWXTfKVSHo5W<{1delo~U0dkL^wVXcYH?jj{>tEH?{ zbO9d?RAcI{?ZIyBeq2M&zd0Az^Qkk4Cvx0p!9jUH-<}7ErKNIAD6X|l7yJ{`3&fB) z(nwAQs`48I9xH)xMceF9FD2FljeawSXp5wsCXVv^onSIL%`Y*ZVv(~V@`TexJBG31 z?0iE@?(Ox*1G7(S72OIscB#-0`y*YX-?##0l9!rI*(<_IIsZEWIdm*~1fMIZ+~71? zQ8sUW5_c|qrSb<+0QQ`0dKb4>9oW-lH|ZJNe4{7ChG{GvA8QtcRw2{mTI%KsK{MYT zGRxy6ZBPHDMzsP=KEdb6m>9BIn*rT;EV=hvVrGtH)5ZojD7^MI9Tgm9@rNY2<}qdf z4A~8K(8PAbj4UoQe0HXJA)-PU_Ex2&+9fq-Qjs>haf6oPgS*LEf_nbg?{+-6vB)G3 z5TYm8xLz5MyoY!FY7`zOa}S5AH~l?+XgdXBd=&~LJ~&Fh%~UZx+WAD-7k@!J%|Y_B zU-%kvWUWYXB-*QI3QYqKGGN(~I;Kc&MnKSv6kWg;e6cq#4>vE5;%*{j+H=n>k)NCw)CfJXiLLxID(bd< zyX;tDU@ek?k6p^a``iJjSCFA(7D>_b?(&UW>wl*Tn8i~09c@<|-)x0I4zkHwPAAA> zF>hcdi!4ZcquFbF`xqV{dfmVO2^G*Tx_c{`yI0tt^^5#tmsaQk2hslLh>ok!sZLka zli8rsaJm|Vy+lP({?VGarp!cufi6*D`CO_jHj_>OMoKkngfRA6l@+e)w_RXTQ2y3& zs1@_?%<+Tff45g3&L=F@e^IZcgx=2N-PF8Jd$_Js$XWSTHES>|1l8b-Z%O~^xArD~ z2z@~^;(KUJYoQ29{&NaR`5odnfA5Swr(^;|$RtrY_{9*J;u}DvOkN%|Oo=i)4z3&h z4E948gBe{sVBJ|%s3L!SbgXqq-Chj%ECt*pDC$mN_WgM$3pFWvrdZzRJcw*D5}bt= z4QXrp?g+WW3p@UpJt~8~AT#k0Ln>qN(C8EyrVSIVAW;Tfgdtb2`q2rb{k%r?;(hydx*dmX;l z*8lSvecpQ3{Fi`Nqw3vJ_)(WOLMR0_%Z_z9!CebZziOa(fdPNt|3Ps(3MfSkY9+b^DVq?UW$aD5awtQIdebd3!?{#!fw_RZvPKX^=o9 z75eDo48_L6AsC$H<_0V4O>OTzCOwQLTU4)%O*J?Py+a)8!T@v(g9*d*Bfb_vWQM(g zV3t$gHz;zKmUnmUyGueq1)3Txefq82U%qR`Z&5o{Uk25i_o2x+XqszmsY8D&Lj6Vd_q_yq!sL>i}Id@p56!>h5=0gis3>J2X>|kfj zIm7k#vMEJ6ONMU?D~@}hA)R%OrK6>s;aYUHxfELF8XF1eh(hj)t4AAz;#J7j!nf>nbi)Q;-m}n zGf@*Aj(cpjCw(>qWP>9gi%&}Q01IIu%1zv)J3TDsuBdF@1|3-Lf(b`VlAw%k-%U&Md{+YX%*;mx@-lgET zLBS3+I&xo&mnU)LX2TexhDk6swtVh+*H-iefJy9;1IPHWA(eZx1#iX#mZQlKo&v~9 z3q#+X3?P;N2)mt?-_>lG7gT6S5@lX)?B6x~JaX_)!z-UiID^!{Ga&W9*PwXZ5_IquGJ`go}CSqlN!c%_zdz4R#atF1^8&2~4I#ra!|S zQD$jhf&ngEQhFJ3tL4MRXz4je9sh7;(FQWJ7>0ZKh_^{=PPDwNFJa8-QtQuRf9o+Q zKjQPk#LfbGBzBtZM+(U$SoVfw;^Afe9tmoX&?@>|s@~DZvpoh|6tA&ttTw6O)$l+j8rGycqw0~rA^0pkecC<5+|;#2L0Xb+kugNm&&qbQ zR*dP1pfNfrNQSh)L4-=L-FN@Roz8J*)|vAE7_}>oyjwq+o6JKYx_d^A?TA| z-1gn`bH9)ZOp4ZPo>@Vmn<@}qE*WuvlaQHGVpl1Sx`A5L`9aP!8-Q)&3l50fi^($5)V z-a@dFx%%;!Nj87;Ipy*x9OG%9+u@iV_RBHZ+R2Ho5p);jwp&nfQRFaiw7m_WIg7(C z5<281(MU4&OJ5ipVT;)GxyH<81^}h2kjU6xQ{KZa5DNNKV+J(pz5#M7k5DhGyJzno zpe82e49%;_!ib4P`lE=aeJ$QA9q{p4SBZc3BHgo(WxFXcOKrMygLNd~F2B>kJ^INp z7xSA_rpeuzf6J)+nFBT*Bsu2jDbLx;hqAB6i|>ITCBlWjD3u8BUZy<73~;!8vk;STOZvWRPBTv-HF(?mwp`7#L6BnCDlPFE!O#NWlIddEyV(+LozF$twKPP(e0&Q;G4%wYxLGbUkad@Q zxsWwl!a5~hJQ))GeR@qnfG1BBNY(ui=YE3q%>h&(czf$_2%ek-zTQ>VzIE<1`ZqaA z*R&rYDL2LoQDnKJL_&!~QOfXFJQUjiIWRNs826mnBS>#N2hozy0ZV z=cdM}=p$#+jz^tc>I}Vm8l={j+BM&aHW`O}$4qbY#RFKYt%cN{w?Cp9U@trm>8rj) zTxa(87Esw-MoNt@n&Ap`I`8K`B`5p;lUNUxEapSvda#K$ya>K z&}>tFC64u~Co8ypNNM`lJI-989^DMh+=O`ntytB z*mBSP5QHlR3LwWuEN6fITW0rxq@+19u1Tgx9__kkII%?H!0g^5*5diz)1$6X9Yvm` z=ZbI$ARB6S34koyAvl6__?Hp(+>JcgL6mb@{(d!em-z(hv#p9(EPr&@g1{XT`i^aY zz7!u4H|up}OmG2$=og#afZe6uOj1RMH!b+|jKwa1#o1r%Pc-dl{ki5^p39uUI*tM0 zS2px}lo+&tU71o^&x&L@UEs+)v5zBM1!UfVVvChzE7O%Lu4Y51bCkB>B$93cyuVGA z!oQMO-V7qT)iL~u0mvI_l>x6j459GcdbXI*Mb~KK>8HHr_@%_}W=ucB_E2@i(o85y zRLQPsU~U)8q{Ur{lXOk6)wc&0G1hsalV>UT(rn3g6?SKBWnDaaFe!ul$Dlp>47RT` zfZ3D)zwF2yii7Td|L_&u8$yb|O0Xugm4ebnOCLQarM|a~Jv6gB?s98^@mOvyQThrh~%HZkbjYY;ZJ;DwUI9y`3A2PXLwh|K9 znj|!QRUP(q&wc{4e35Fpkw!>ONsCkoL`FZgA`pn^faVk9CWQQQlq`!H=8_tf)hzeM zp;4pt3pNWbYM=w-SaPAMO6&1+`irRd8$aRkUkR^0ptYlYVZ5+l$!bUeTMcUq`IUEq zugzB*GW4kds%&f!zT~eG3!#l-r>as^(>^D!nojH5q{hsau!e{-kB_QvQBe)>XAiX! zf5Es8T~RLm9;(C<>&)k=*_md<4Ti`@@Wl|riDRWX*1SCrY}Us$5EXywCe$}lKHSYS z1$!U`z@^XRvkivcC(&dN88AKAnt?MHsqV71jsBW%p+sGTmwriLdwptP9Wphq>`!gI zOttZhaYYysam`*um4RNvOV=>7NjcY_D$-<6eh1D zll-hb9AdBU_m{%!#6JbSccc>L@yC^sv18@3K>S0CTVKvuaZ#gV9_qt@XIl6Wk$@G} zu>IA9#5ZB@S_oO#0Gh2^ zpMfem#}KPvCJ9};AOz|_+22%$o6^STXrP@UzieP!^VbQy;9qb|L*jJtX%x3v#xT}n zz$)9???=55J1M)Mkc^%+$Fl^{}H;1=g9kVz}QI@_5eO=8*#3w zRVVhC2^XK>cAgaQ&D1(k$?M$|mVD+?gaM(25M45N^JGKyKFtsp-3^kAK?gwY=IU8L zlcVnU#!hF5#d^l1I=+`mpNnq$w8hm3o1CE&^omSzTfbe zr}oy(31mVxH1;?bRoknilV(DHK*GLo?Qx5_l|tS|kWP|PI8gLlErE0~6^w-# zzZQc>9?P{fgpFAazkqJ?$@|=Fk(v1XQFnd+Rx;>@Uy6cF>zyv4NgH?%l_vsHF-Uo1 z1|7IiWowV993^7iKYg^}qusEvvl74Zz6a#BC?$Peogk>GHmcolh!}EN%ep9^u%w31 zusrL{RMcSwoCJlyc(S=EsV}zUeo^fvKwzFqkBf zh`Gsd$cui|inSxbJltEEvCj6Tt`);Qx@nL7^RER4x-?X(wS~sdLdqwBhI1Mz?FZ>d zR(veD62(1NYohk-ebaUiQx}{klB35B!#!QG^rmD#yc-cD7i zkeiMd8N6=iunxPJDyHZ%m%r%*_)V7h_()-v!>a~4vv#8`{q)2f-ld~~FD^VDnRt<- zaz@VjebYZGPU70eO+wj)IO7w-FATmoy%9gHD&+I@xc2nbPS+(VqdCV>dV%ox5IM23 z&@DITWy1mbVZy`zF1gP{gMU8g?v2cPM!x^BC|rB{wtb&6RC;@8lbM^aZgr-M2n3?g zo2Nj1~O;ApGYSkw=9_Z-20K4y_!p9Vublwkeb2X?P+`9CZGh=gcMi>2(L%J!qUaow2Y{JP=z2WQe`v`%SaCSC&@U32vOq99s z&+m}2fzA@hx*I1_lP>c;*2ZOmr%1xc%PP7-H#30NMS2g;Z$6`ej-6^bIVztzh+cp`}IaX}UX>TtRz<02%Iz>3O( zMA`SNcm0rsKCSQhjk*l^CUekr$iD9%j&g(!b4>-5mZWUBN%Mu&clQ9`FYUbHNO5)TV_9yuV`;8&O-yYVHYN-S|wGpWX zS~j%ghlvM-tLL`r-*lMjNZI~Y0H>10+bj`J0Tt`r-(WwCqSof4u-q%<;sxpmJ@;`( zQd&h6fAK(HNmz=&_%~}*Q_bTrR(7ML5s+S$o(+tU_i4vEK^e_j>WLN1rYuJgW!OIa zlwp)v@^svFF#w$9^UfMx=muuAWa8^sakmbIO!^3(P^Hv-s$FB}khWCIzTqC3^22RX zr2B&0@HqHctMi*(ec_>9?a^!S!nI?r?TxXg0W5Ne4mB(b2)S9q%3yq?(tnASoYw(l z$w1u~^)Fk-Jp?Dra5mIE^w=@qPZ~B$Uw#d&jZ00G#L9^Kxn{;z$^+UlBtH1&TgX{o5>KuWp=;wYJf2J-g1ug9$S~4euHF?4n2C;&PEJ3mr-H zH6r|$t>5Q=tV~FV8d`Rq0yX;qu_oJg622Wmse1sx7KG^M+Jaw{#7Z(#4ZvgzFBw(W z+2i?NESa@lymPl&Fg?^6%~0JWi?uWbC5X2~A;rSNrW7abH*+NU2_sBUg)$->eE1)U zM6ASr`JnzP`iwKRNh-I~9&0shqzNGlvfLDP zbx$r?9Q+Pi*pR2Xu8f5#2^h_;QyDcd5uy6~b8fqd=xFmtB<9xC=$A1wuII9+C_ zvJuJ+7`<&z1+fPS3AOsF+tbXOmTD7wKFDLXgwlF-gL~&0ogEEfLBC&_?Yc0nXwPeV zPR2t|m*k6LK68OoBO|>_cxf$#>j+mk^NPeBpP&B2)@@C+sXamYn%-;c^uNr=;z7}u zoVx{U>b59mloK5mno}HbEO-m{CBIFd@1rEzCxIUL%K4a;jOzW?khaoq5)nj(9VCIp zIFXvbmA7yew~X`~63~wS%6$*(kacA9RGujK{aWWItsyB8gvEkF!Bxi=$`G2orH!1x z^uNxUyWT`Wzj;`XPt|xFnxVcndxhpIONQCcKD`|{6#=P^5{IiuqiV3v&wZApS0CIc z`t@Y^H0d4~%&u(K&wspjb&KgK~X)(n-Cm_1tT@B5vAjbUt z&6zL;UWP2U{)0|k!6&s}#dyuJ)?QgFxOYRXogyKu+FFKEWhumm%|uDoz|olL2hCb8 zFS{duE?(W&BFdJy7N)Hka6s^}<*yKV`1|%UAZ3{!{pckuc^~=Z&`iwmH_ymL>4R$q zifn5m5XwnK84qmxZX6SD%3O+gywOF;%!9`ryql+|%&#(KnG>ZI5GQ1O|E@r>E@zaY zAt@%9&eMEpc?xVKq!2HgY!;Y4^2j7G5Ibt*A}=NB$?YeYzqFph9-q9S5)KvfI-ZK? zwi4yw6TjDsqw=sTA%vAtuSy?I%Pvdxd4LwX#m8SY49mCU#bDlsV8YF!mK301MB2wO~0)FF;Iw#v0y;2mJpqn z^4R-T<5L!2y^v0WUCC_8lN}P)gYI>mP;(^R@7+>KB=``YHuLPBToG#%K5$}N_CwJm zzqeS^zpYy~l}od7OO!}0X%-2b|IlBzREj;ZA?C#-ANU+npd#+xlO4kJ#UKZiq3}HS)M{ zG)mkEkQCD3bQ5qz1eFojXnKfjJK|&l07mBlxl95pZCtkH@m59=!7&P$>3u_;;A0hW~cF zD2GSVE#3S$i1fFnDQJ`&6}w;hC6-lL&Gt6LR7ljf%QGyKvjLL>j`8WR#2?Jb=oIb` zAF>TEZLerdOIUfwErUo};66n-+ik3cy@5kwVz9ARTg3RxFkt%TkA}_wxk)-e}neT+_^5QUFb-GnE zgJ$wXKI_rF(Z%a|gd-8k?%x+V@XbCEn%LJoCQ79!NPmesN_X4Q09oDCrj13ct!C9Y zx9stK79>c^aB)u1GqA$Dd5mDrICce!HR0P22{g670BEMD6QQUZ79#%iDfm~{X_>_G zyV*5fjT95L_KpX^!JbARhY@olff~+Wi6^B^#;|kAJ!Y^ui$<(O4Oa~dmbxUR9EZ&B zzrHe1`M}qKckmYFCwd^&Cxk5-_N35-dj1ny9<+})p}zHC|#MNiS5WJGFvf|O45k4wI>l}g^gui z8SNc63zr{ZHa{34G5T(QC_3Gesuhj*ri;hLkj+lCta47pwba=1Uvfq9U7amd>0v&c-(A<*&a+=WSgRb_xW z_1Q9KfRHf+O{$ztp=V}9XR1Jn6G{(_dR83*M$<1Q563Tu%EQu>^o)4SI$hr57r`BP zgF3aFA({O4;w<0oe|Himlsr3pPqPp3PUlG|tdd($%sl{J{oPEGU)FKYuvA9V_r*tg zc<3bex%!u4iiESf->d~oZBKfV=Q$Wg75L4E^L)02Na_YXGw!|0z7i(M4~qTTs#eLP z@m!&WmzfGTq3`@xQW(IPqJtA^wG8@pT;bn>@^m9AuY{N1$rTK**~#u@p}YeOpW?2e=rAY_kn*r8Fgf z76wV|VuvxSK_BJ6pKF?Q*O7@qP;acdy@NiAT`6eu^nxV%$WSPJ_tkb0I!To78oF@~ z@yMTUC~tG0UZ0hHSSQ%>oKT&`~x6cA9aj7hh<$Z zvk}*V2i1smE(@Wd)`uWf%Fg+_Hc&EWI}%rV;4@gtJ7`1e4gq1oQ<`BjXtRq_t<rok z2hWs}Pqih^h3U+^97u#-O#_;!TmV`u)EY>0iF%sCIok0i-6+f5)RD1m<6{gcK6NK^ z{9M!c2m2GETLu$t-%a4!tYiZ5&#GXvVDQl`Qz+z03f~-`>%lHhZ7}4eLUI|QwHp}@ zc2{A6d0&WMnwap%FHyNwy-(#1c=Cj_0*TD=v0#pv(_R8LW+YLK4x=CWnaFXro{T!? z*zg6p*}GE!Sag-c|8-JDu!q`sLD9z1B`r6iN=bt5i>~f|Ud61l0{SOUlVm<%yMg6B zH8ciG?Tcv_IO9RAy+{S{0;!sZWeln($LSJZUFTlJy%dpI_;LQ#UugI5c6+mElgDdl&Ch!ILy*~P?->8Rw_x7d zm#}LlYLpF%*0~F>EE*r$&yyLsgyr5^NlGD90Ja?}q zmCUbV?Hd+H>olpXtr_-6tXHwA`F*arEl&QL<395VB?09u=+VSUj%t*p-|>HOdCyzQ z$io0u3^aSDS(x?jRK45AxT9?<>2Sgw{voY3>S7+IScZ`s9?c(wCoDSh_BYBXz|kyc zvK0O~D&$$R9e-*L6J7~*>w7>4(>6jOi*twJCq@t|t$s-eT+%WOV zn9`P^+Bf=gPWKrgLr1dKK3A4f8AF+-ho;4SfkM0avyD+=7&O4}>{&)t`}LWa&1BF~ z6?W>Lwf0w6{E+RmS321aAF!-C+?*e4k%GsFcs($-L(npOUoH@REfE^;%cl z*>D2NXJTdDTfT849FV`)v^#E?`7&ML6=SSU|72&l+u-j_#LPaI$s>1WYxc0cFs0@m zNV3G0X;g0mCfgo>H9yti)7XA-YAoBPisu}`@7=3dCd=xlpgUD~*4#bM|Ds%oFnnZf zhKht0(8YbgJb9n_vPGt2C4DJgqv80BY$II-P3A^%$iw4H6_$pN%u`1-qFoQUO1|Gb zYbA5TJGRbB$o{Q>;bNft(*9^tIhF5OKy>yuqNu*Y8&-X11|FmRg0)9@?{B}=o$Teh zm>9Pz6e=ZHKC{lGMA>pO_l1gmQIcSu7zwV)d($wWOJV!7o=d@=Do^<2NB?rS5<43k z{bf|buQd`@xb1gs4gT98hv_86tB@;f5LV#1^VR(rLQ&A?b;+yIN#D=X8P%hr6>@ij z65##H6r#`w`3K#-B3iI%Q(>+S2-||Lp%tE)p}wDLuPCm_ZCsi{)&WX|qb!aXJ75~p z@^w_EiVbP0drCfMh%-9xY{IdO64>eH5$ge2E&KEscInEnMqeA( z?gYDG9(&K5M;l7p0a%WR3+LW79h_=2LN)LVRRP)B69y<-5YaC5?P8(uq^757)NVuM z_E~a)^1MPU$~nwKCeaxXC<@9BWWhvdx~LGk7$Z`k6r#FXX=sk0Y+rgx#b zb<2ys;?na7@FFtCvr~kMz+%KxQZ)lWo^m6qhA9KSJf=DsJ5mvhXKcGDWMSN zycXzyOl5}Jbw)q_DsE#4_O|ymyGc?&0G`F18>+$DM9uOI$h|uVTzcjyRVJXZETnDM zt8aAvN9pKcY5(Sg0uy5obDQ!!(oQ6 z+_F24GuEuu{WaW`@I}64*IfTCcUY*MbK)OLv|kk{Zl^u)qb9M}xx({Oqha2tEDrG)GvfW~IQOLF zVDj`EA(tu--A9gQJ`VE-hUYAYV!EzF*on1KLcw&o%zA)QO;PtYX0nMpaVO4NZqA1? zDFdP#!+Y!Y`m0vfXPKd`op)veC;WIawfPd>6#`0hq;o<@#o$zNOyV?);m4vrB0=mBdH?`0SY4x+yY za{h~u-z|P_C&JPXeBD!zVz7<60!A;E)yK~hd3_XQd<<@W-6l61=2+{))L&1pOMfx( z^L_`D-_Y>ns2y$NuX%AaIoGTphfosS3aTeHphctmUuMh_kX>d{F8#v($f#D!u?IZ(DpRSlRJ)r%J_ z4={413RJEEkBNa)GMVSK9kYi<#j7v%454{s4*qpHVNaPH=L|huVUgSfCIa#bH@S5n zUdJnwe3#%uOi!)cT)?#O;X66XYu4$Kte7dO9&0X3&zI8XKrLvk3>Jx$+2yLb>jKB< ziHjLQfYON^JS9!ju?Dh#xDu4<6{X#O^!ETU_^5?Azk~!wT9q$Eg3_cR>-D@5qK2+G zKf&LSArhSD$2CT~giLoBrz^<7rx9Blh-U@jv?+hRuP2ibKsmq00sUehfR1=92l4 zOuD%Y7W+UTzHta31A=9<9tz8?t!>=0zm>U+b|DKK@H=|06lqCoJ1o8(O{MLYk;~4zlyMMURa&mf_ufbj>0OS#8+jw#c?^54>-G1ry zspDl38V^_&rDIVK0?y2xUyDAl$#=QAp!wYWEb3FgCIwPO;K-^^e)(G<9rg+CMx0Bm zpE-fWO0a;HLLio}{G6`|#|DIR)Bk>MTbd0-3)8zHXQ+8A;DU$BUDLxy|FSkp%fpO0 zV1b}_o?sGzZvIPw&wWH7IGbY>QLNZ^oyEP}lGV2O@P5AJ070f0hLAYa?RAR?)u+UL ziB3I2p7qcmpgJ~ZHfXi2fB;UZ9jHye3*|DxH7sVu(2GnXqpC-{A&b2>rc!=Y> zkkrU1B#zw3B0*r28+TqKm&Nf%k4x@q6iQ?NZb1gQzjnvsdmqmn(=Nr zzFTmEu`YLQ9<9l??*oGDQ@9D#IB`U;N5326*-i955c0Il$-kz33zGF)k&@;NZ3{kZ zl*8F*BqXO%OrrNmv?eh7#B6Nm3Ra&|kiKt8=BV{cb@edU!UJU?uf$cRmq*L7>x1L7gd^v|>)h_u+K^xf(5elHMK!NMw5X_kd(gTJ+A3gl~P$Zzo7QaT!p# zw=Fwnu%MNU4M@~x$D|>jeOmW%?cMYoTc|ENz~jfOh+EMXmKE8#0Bk&IZ{H6vndDz1 zMJ_fxs8aioWhIP7;}>N>F4w^*Nv}((ls)vt;N7a(T8~EpwRX|o)spV#ra?6eD(rtfV(g@J;L7YTbKX!PR@6w4IL0lW z+tqYEa**@6!C(97q+MosW=OKF;=N{_)_+jXhvc&-|KMN!6a5$`nUUND8I|jkoNa%QpHxl>qO6UOp0O#xO>#3rGf~ri!+yZ4XH=z_>6D5_U{_s zRAl#NyOcCh9AU%&oOU1`i9Mo?jzNU~i}S`iw8?t)uHk*hxlHP;ay zcMp2wtm(JzyR4=thSe=;fd^XvM`7b{POnA(45oLRkU-adCL-zttCSem-_%4i&x<@H zg3Oe>cbQ%VIb}A^_d#M$wv(i3P={j3f`(YoJrQkb7d*fFg*(S62N#!W!uQg<6~(JP zYw;<&e8P{|C<-SPzoZmlj+x~fZ}-Xg>YpNo28q!6z4c9J#L(O~<1s(Dyz^=zGdRMw zI$mJZ_vQgOQ1**u4kmz6%=g5Cg-o>^{MA;SOy(7gS%>aaVag&P@~}oGTztdjHhE%BX@i;pv#B7{7_GykwSa|9F$v;_BZ1AL(TW-xYMk{_MaU$dFm zIy9lG!}yESf7Bl}+>x{>rmH42ulAAA=o;8e*9V){7${`n`Yv2co%i$;KUY{lFs*cP zD9~0uRg*M6jsNvg#a4?>AbB4AhlqXj-Y$9TKry^|=;M!L6{*shmo2#crbvzN#QghN zDfg@DGN0;&1BpXskON&vQ?sP-DYkrk+pcDtv6ARQk#t=2!&5@5**V7qCif`tR|aL# zIcii%rAoc7f77{a%XwcRSy`hva+1x{=jtFgHtZsVxKjqjyrT`Nd8b3YCORnz&ho5j z@AY^h>2rpx6jW%YMdiN-^1dNC$^GwSLoFqulfQyZ53qfMK`hPELCP3<_q2dfij7Pm zWF>~xSc?Is?x`^-I{O6K9MKmm#9X;BohjkaOW^}|E4pb-~xJQBa9w)~7FCMytP^ZBC@m6K+xb(GmljD?xI>EZe zgTrTVZhIZ^D*8Q9eWxID2k(v7xb{qC=k20c=d%?SsJ|^4iOIJn8XElOK`bqsCYd#{ zLyX=R0fcE|f*1=`iUNj1`HgX`Tlt$dQZMJHpdfBAuZNv2Y)4tf&irq}R=A(sMk^z_ z#YGwCRi$5e?l!4E5jxdezENYSq8U#~Xah^(wTY45k+tTQD^2*~b__pyZY5s0Uw~52 z^7-w!i_Q^^$Z|l>b=7v6 zP0aTb3Ij+Qr~sMx0i7miPp35JSq&zf&tFBk3!06cF1{zo&-u5I)y72``o7&-CA?fF z^iAXo>gVpQ*<((`1=$@$-2lv0=}l4wtZ|7~Ky4|S^+BeejoWBYt}>?bne9Q-|7+?i zquT72wp*Y`p?C`vcPPavPH?wUin|vlxTk1vDehLRxH}YgQrrmy30Bmu!M5Nv`=Uxn(fwt4?nOPHO|?(UxW z^0Cd~n%>CFHRsH{mztD|X%#+FOkZ`@EC8`eBDmj{ONeG<_}8onu;|5fD7=(VN35xzbRTZ5NR-)2I%M}2{kb&n zOv;%a{gM4N=L>Ku2)pVEuoyaGjk1Vg_8%x?a#z^+k=avfxHGV@u?og&P&XCgG9`qG z?85W>!4s7p-KfpOfAYqSD7fjaF5Yw|#$73&VtKvjxmn)U_$M$O!2l$`*KZuSMR0vT zDE65Qo1i$77KaOQ5p@S-Zt*_11HO4a-M%h{r#&B8xLdteBvX;Se~Ohj>>X3yEalzQ zR0(U-bVggFXWM|jrHoBJ5)j{`raW_h{QwEKE+S>5$T)Ei>k?t^D@2fW3lC#0zmr&B z#AFX{o=vu9DCZwnVR(Dijm2;K0&G|<^*$@!FaNG7qgQjD2UzesyZI zpImi%u^_^N#Cte!CsT_tyXln76Huza39x&q+)a!<3BE z(Ty91esKMijkT%fOKd8SwV7)T2q7rDVF3|u=L&cxQ&lOFxb zNEx1;!)!6MQ)g;SM{U%~OZ=l@k<`J{@;y4hCaB@1d>!M^F)uUbIlG*W%MIep@bZEL z>Xbx)PZClglsZ$Tw#5fUFr`{s(mlS6O2B_^$eOwCqZJVWz#?cM+?lE#t9Y;>t%vt2 zg4z&)S$JjJd%uX2swfpjYog>IAA?Nx=>2%N96_7H$>d7OmA{`8gPNn(I+;~Wf`wAv zIGC6%{H1+(E^=Rri#X_w8#3o4fV<$`{bBlJvEb%Cn6ZQuq+~dpI z;cPei!?#Op1JB-0A+N6#m8#+v<~RBJ3!fj z$=BVDQVndolgZt;IBO|sp?%u60HgNz-^2w&Hup9;tV*E*Tz{NGV>P_2AwX}fEj16z z(oCEcB3Oi?P}3rX%HE?8lpzRtP1(NBPbDa5IYnE|zQ;#yMMXq=Z9z5@>-fr9PIu{J z%H~hN7NUj@0**0MoxnN!EOZ&E?%#ehc%$2ntQz~yBbzy9Q}CPz8OJIU4~9s20R}b` zV24)mkGsG{3Oy7&#_y+24=2Eg__Xjgb4Nli5pROw-H^+h7WG%Rztx9=wE81Og?Rgp zDR%0TJ+YthcX)?Ol^d~7Ayd&h3U;Uch5Qf42@}_E_DWqKM__VS#W~Klq+Z5U@uj?H zowvX3W{;mfTR+TRdwV}gH*`zQ(x09n!=5xm3r;?`M87oUpL6}XH*;bsZS)rxJ~1cS z$AYNqnUVQb2k=?1{qgGIbiYhu#f@)xq>v7cZgYVs-d$EDAtsAQA-za4i0=8t^>Bt! zvJ{a)qw$XP9is>Kf7B#*%nZGildAVc0R79l+$ivVy*V#R`vnq)C5Ai-YtQ|#mHF@L z9DE5mB>aHBf$(L2X~^`K*U72X0W8n7E2)LmqikD>h7k!U)U+#XL%t#pIZr!1D=776 zPxqgwD|5NrSYmbHark+z75Yf8yV*gkK`!4_8Qra79jELEB1nY!|KJ9CGhmUB!7k@p z))~oVfNaUt2H&J2$A6fX=8!5#;OGAg>9(UiWcX&V@WsFD_+Yogo-?>PdGhB?hW#(z z_qCqE(F*}G=?k>vn5W%1 zTr}sv)Sh~UTSJRW+?;q*`^Ow7jHq@1!{&E-Y^E;gVsFy%;kSU4H3=_&Md3?S;hA?( zZve2d}$q&`CEs7|)aq-Mzq|_*5vaoii7juj=(KEyBCjyoa3|s3S z?o#)fVMrWZQXd+0SN$qvSbTk*ww)Mzw!X^CV(8v}`~6k>GMkDAT0->10SR|1G0MVz z8FgpOY2gK{^2QKt|KDG<+rLJUY>hk<7qJdEk}PBY&F0H}j^qmsdsY$X7vRqsK&4!D ziaiJ{>e>?=MfH4mz2_7R2be%V3zHp+KGaku^fHcyYlyOR22h5?u$?}~_9^atPS2$D zW=DQG=56Y9dFVnhhrmxB83o4Y_r>cZIlm5_=pNoIm?C8* z`gq55E-_CWmRZ?W{B6CL8xFsx6YBI43p*d9Fa=qPmp<7?Bv|eC)VV!16#D)wtrys0 zfXlXRa}3On*9>1JPW^*wr@XmQ^G_@6cHF~y^=c7)tPZH;H1vD<9xeJ&8P_SQkFq@n zDM4t9kqms8WStjoq}3S9;kvj ze=&&y1urw>-EX9?D?~b!1@^2PGzzultaHZ_uQMYhGhNvDh8RGMh}%2%)PAt9^88|H z*)!U8aPu;s1X&8%{Gk`Gw?x=r4gv+~!T?57akxw|>HX>XtnjG+Smz+Mdo4opqL_lc zzqzZYu{9r3Dh7%27*uf&!{rrn;=n%JweN(m``{~odD24AjV^KVI;Ac!i${jsTqHyb zFIMeBtVYl$U5sL0?6&cX@K27D^YRxG8B+C$Mx1L;DGKZ!{}k6vvvnp}55V})%WV^T zpY!JQ*RrJWdK@lM{6^q;)HXq5l|GCulV^*wy^Ws2=i=ij1;5u%g zUVp(mhDRjx?gEIsCKfiZ` zc$zr7P9b8uPcZZYAtE;#T&lO%cwI1Du56Sc^bGM}mz-`5m6zMuqGr&pm&g*CS&Qm6 zLV8!4aJ^IB)7#k&-&Pm$pYd_mkt0+9Zcjg)`G^&Erqq_-gR!S60bl5(E%yTu?#gSb zU?recJqa~U_nM<;7~GIrJVnOncQ3*>Uu;E`y{-*z#KOtQ{%GR+H<~N#o%pFE7qT6s zdV-AVvq1)Q+lG_SB%-8`Km%T1pg%-)${Xvv}p=tvR4>NGqzl$2k&0 z9sK)3B&pqA*IaJSj?ln*ryiYATx3w9hiqgXCcpb0f~&IfqlZ(Wu{mn)(AadKyVNR} z|DZgWo$M>e=64bXw|?Hsx0Y-`vL|;v@C^!MU#aSHc^(2Qa2bgU&z3d$rBLxC8*bzi zjqBJY`6#`?SPJ=r;F^-ltZmKST)|BxU#Q~l>$t)>tv!%v-|RMyiD$IXu2xFvNH-+j zd@YPkKILs;9;RjR7PhKzpGbhX2N!2P{3%QFGpz3G`gJisJ8>Ug!O!*B&-`Ts5gq;; zl{Vcf8+497R8j&Ov10#YAU zCt&3!t>D&fQz!OXzA8+U`Tl@X3FLZ12x99`T;kb@FW~q?Dg!er zNnG()tz5VpdN-uV4pB=Uo65qg$(C1VpWDBtJSbbRv2mv&PUd#MiN>(+E{_YL;Z@_* zwAscaD@G8^nzC3S*>~|rmwc!9KD(tqaC8PyimWgOpLJK*ZaEG-V6g|g0%$xNM~U69Iw`Vrxd3pbV7lLF zh%)jiQ9YA@)~pati4+~h%~vurIQMB$yd=!Q)XLeE=Zee(Tz~99jQgeoG5g_vq&yk6 za~TREX-AFX0^?3a8@5W8OtN?4%zZ`5-KuV4|A3@)-g4iA2!EUv{H&H#JRMJmvXd(Q~%6@VD z3Z%s-*eOq}tiaRT`#!h1lQ-Q0{W7ueUs#SCME3b_L|0F;+K_w zH5Vv=lUI5yCwHliDog^9jR<>GgkQ2OjTXVJznA=$E2{Dt|T#K zAFco`i?4^BIavKqN2xu(Uyc#(A2Eu9(x>8o#F6Wxo5{2??yoJvgPYgVsVA6wFJ5D~ zlPLz9{5%M^GEa1GtL6@{34BL8`0UYr`1q`7gnhc_iu5+(C8GlQnOPE=i9XR#Fe3mp z^UopoYww?N9~(Z05gFurevz3Fbo9)0JTj+B116Cv6-AW@D_F(t3wj^os#BFL=Z%zg zC8qDUA%Kv0>(hTT#xbTV93P}EpV5wRF5g_rhO1r)$@!U<+~xQ15Hz+J{BFs8qCrO9 zPSyz+^EKt(zvROKHZ(kj-Sb{@x+pNSb?J1E7oT&ql^U!QQrzv|9fWwU+G8%%Hk?mT zlBLAO_i!1LDeP>iSZjkc$gTwM#;nYZSEjXFImG?k=R25K{8j|$3MN>I$@%pOLob|` zKBMwFH9QCs8h)GnWZ}jb``p9QH%!|vfa5`RSz<8Dn+Wk#&P+V#>6D)!V+m@)0A}4! zDbajaXF{OTlK}&gzd-cLvCDGPgab%^WGaSMm9J8jyH@>3SKfOlJr6~)?nxN#c zv(YlP2<~}A0`$0qu!P`6zn0uPKyr0thk69A=iKH6*Jt_`HNH;mh%_Gpn?D8w0Rhy=a^U(pyMP0c zfAXWk%X7sL;MzBcj0=K1dDK8wM_U{20;?-8^I(J2;06>{>>^qE5-kJ8jRYsk71oym zYp1sR*JzlC9t2^mY2)^UJx=u<0Bw{$hX=N9C-zNm$fp1-{iCv_! z*T5g0Z#9T8%o@4OJHsww&w@gJG8d(=$O#ft(GXIq?#|=uM9pjqvDPnKfV%uC@z0id zcBt|5vnX~6gaq3Sun&k_&eSOt^?Wt{$}gQPY-KlJcsT&J#GxlBzniB;R2~kuL^9}YXnXaf zVWg7WEyDcB?;0M<9Yn(YI1>xc(p#xfLVy}7t@;XLJxa&x;~(iL=|Y!VBMf1EXQm4FbM^~q3GRkce!z|m$r z+?QWx2Jll{WYMYNiGZ}03c=cW&p0&Bq(4a$gGp?T1WIbCNZ25s;9Q?b!HVorpA30S9Y z_C(Yq1Dy+b^i?ZGi*VnE*R8v3Hur@LeJ?CL7kQHC1qR0q|As?A2o?&-cw~PkEWstf zedx^+$~^OAzhR-Q~*vaOfJwnx=wVZ~3(eO3M%7Q|E(6PYX`Zw%h8#_Qy?8@+z< zf^1!0O8lz`@AB7Y?z(S=dq2m%%W5$=nv<&(RDrnrj#MaxLyj%uJNcS=Cc5Op6j|A` zyvK1x84aBKll)|!^D%?@Gqy}qrh=cNk?YF2uvN~audNwH%L8;2!>`46Y+3m9SBlQK z?!%lqRq=y}gL49}%TkwIp7_y~3 zBI<+f4@4Y;J!jp#L&cdSD|7~sWSuF!f-zlCK6UYmX#eJP9d~oNIV8i7O$NJtSeqPF z-1T2aN?nxWFUlrm**s^xl3V=1#!eln)_l4{4aii9HRXx85YX8hDv-?dlMC}>E=FOn zozyZw;3vL_rA}q`y1Yj#P;nCk<)n7^P~ zD77bMh%j^evgqptaO*pj@{%7V=ki(~ee07=508GV609@1-co#jD6n^rFLX8}6Hpu^ z{%5GShqU?FH%zi5rQ2lVQcoT_lCqBadX%o+aMpG8wvWlHv$#HvvmR|iyinO^daj)^ zsw-V!@{55>HZ!XcSBWk1cHzox>pzL&$lg>jKLe&Zh~*B0C>SQLEE*@e2k?es-vNEB z!t~@SqpW1&F3NyCijLssad!Z1R(%|!9a(2CBGO#xhL-r|s^;rG(TF5hY1LHI36d;= z2QQ+qpVw!GjEUb)U*$8lWnB*_@wnNDrQ+waL~ax)lgZ_a6-_%wPsn<8{qnW59Ad${gmh&=RP08_jTa-KqDUbheVLB&**`xuSr{# z?d5PN__%XJHlVJ(SLO@d7{@@ej&NTM!HQ1sG!y3R{6J`PA3mF~!SCBnQV}j5oye!N zZ-wmCV|(xU^>8mBu{z^d+!EEtpg6);mMZk(B72Xxs>1Yr{>XG;vyRK-ySuj55CnHw zihiL}@T-XH69VLMudhZ9-BlPySUiu8eqF1UoQD_DxU#?6y;$1?Kq!{V9rs6Zp8beq z6(`fMuEaB^Sxv4|1|QZ%fRe0)@2 z!T4g+`9R;_`$yxS_ya297IhMa5hHgr*C9}7&R*~&qTR)xX+Le%`M4sg)SYxz`3y{~ zpVKvcBl~*qRQPgxC;44>R?|nbx(>!O3b7)rf;hzuBak!k@i-cfQ2npkq4wkwRAXHtpf}oZTJ{SQb`sqSw{g6f!SS#c9h$3+#l? zFTyvsD+h|n>>Q3vepxu9sTUp&1ig-p?|c5BYU`5Gz$}x@Dqsiu3UHieShE@#w35^~ z807{bI3hXB0>xiliI`fNfwLAc;APNA_S*AdoKN46`!!mjlO!;ij8M;21M0O0^Ds2B zE70F8pK>cLjlt_m6G|;#8h`uDb4r#y1fXk(M7#Ina5jD)L^ZewQl6Q;(NX zRL8e1Tu77+6voHE5C5*V7S@ML7fPHz_3i!gl$WX%mkWGitb<#zwpbni}7pD>gWm9 z;IahSh&f#tU7eXepMDN~4~~B@sj+t`=X1E=d8&C!Gac7&7MXQ4aF+neqLpEN#N%6N zf*zsTH;~qF{370~0ex!?xVo@~FkM~o5#6U$5iQr!6X`#6&zVv_4i(}ljQQT-`1{gm z*KpiiQ=Z_=z&&*|s$U}yqD7{39j%xm*k}8xr$mqTa6B`N+{_{XX>-;xbtE!fF+t9a z^S7OCk$)GGA@42fTLomlok9QJQh30ri(Vj7?LkXf5kxys`*jsG5K)xpd*}Vlf|05= zvjEBJwPhFZvpsGqg>Ul$3m<$p>5i(V-H9<_uki_6>0ao25aeRs;p^jl%*70UaRMIwu;yL3(0sON@sHUzf)7~?SGP*DktO*7 z^S!PO`i@LA8SPoNkG|1OX8NLrf)XXLM>lwmMwVIPnBckzni46g zN#3F}FOoF|8jsZdLBg%DA)4cGst!2B+Vd9ZBuqjtl`&N{?ECUjrJm)U3SfMPS*rq2 zIWsH1XZm)#2@s+Kik_cPiI~Yi1`zy!Yy~ZTukE5rN)Ymd2 zv++*u6nEr%R~sMx}wpV7|4^Fx5QdVlP&9_{%`@b=^r z_5^#hlqW^gwjf+`w0#jMvLi;7FBqd}*~fl_hiH=+o3G?%{zX0O@UU3mi1Y!+yY~7V zi#Sx@4E5x;#1Ar=tS@@)EtR=|i$z>oY*&g!6WSy~c6-{S7sW(oUm*6p?^#*?n{NGU zUbZz*?*btdDaMv~nd)17Jo#}kO4h5ISRaFI#<~07Lux9YE~F&epXMX&m$Q0sVK{gi zpi5@Heg9aTR^P#cwzadijV;;~oN?~?qy^6XoK77(_!D8tPT7K#m((Y`nm)}sp^j{J z-Ixh|GxvKZ5`$8o(5V*+mJ(hELq7g3(2L$9Ww6M zV{OYFJ{!iWEz^b`?R(qu@L8zsS}`ssm8|`qtZ98}ed1d$ooTdF2J)4Xoa-3xeV=TY z%xGjn46+L4z%Gwh-NP>QdoA+WY->IMg%pKkX|eLOEu05kKuQ5P_7p2vP-U{!2GF}O zQI**m+<%zF!#rx zx2IB1-c|Rao)k~-GF_^kMf2O`dcD>l&NmseR}HQEe$;(jg`IE%BLwc~m~uC0w+rvA z;JNoX0;<%eOx7^jQi$}>`Pv#U z5Vv`^OfOjVYI`x%k})5rD9c|3<^D}qBHqJI^vxs|1E6-)Pibz+4uW@^ygRK6C3-X= zNcGJ2tvo!hQ;lsmFw(i7&_xANE-k-%%AS$D7Xgtm&SyjqKP7irDB^rFkZr8E9Nn_N zt&8&4rPd^TOz>5EXGmbW9bjT?v$S&%DRTFR&KZsNb|}V_l>OY5SVlW3|BV{*GJy!$Q^C7rWkbg~|+klm4hHpX>>$^G@mkr>$P6=(@Q#)Oat{P5$sfKOb($ep%@j zgNPh$cQ!86r*tzUq}t^#jWho8nAvQMr>8 zUGKJ=1oN}QUlvt7_&pt}_xqpEnZjv)^}CT+QU~Kogi*c<%GRFpuk+bUgTHG#N}0a) z*<*jF2RVCvG`a!DHvNt)nmj}yI$}4^hU&Pzt`8Q0+>?N(MkXU5W06HV zQ>u-EXC}OTtyOhOODk$<7`i-%mm`ze2CP8BLQRV=#0t6+p6)mFajEG5bG>Ko%kL#& zmeQqpD-l-uH<#?JwsErUxq2Z+r2k6vh|DYRaZTtUtzD@vgY0%#kP(TXKrE`3yGlg1 z19t#-YyxPtUaJ`KxH8*sczS;1+x~MQDPu+c2EzmJAYf*q%N``G=0K2yn<~+qzp^jo z*~-A72KfMajfUUEWdO}bc=Pd|4pJ|((%GB7 zkHtb|PzVOYA}-rS{gjVn+MmJwmMfHx_v|}tMYg7_g@zY#xTXS=qVd1!P(tGy!u(BK zYGmQgq(HH6-s_;qj`bGil3-8R0AFw-mwm5uYt0kJ0So7>g~o6e6Rt~~J;tS=~z*S@2aEya#&IA6L2=r6hmjU6s^f5PvH~D3&#bzv^xyFq5 zIZ)Bn$1N7#w{4e=rpGryrjXTCg zsgtJKVBFE*C;9u|heiaZ7Tvp}+-yu&Cr1Z%Rd1I!Ir%S!y)BYpW51v^~Zs}Kdeo}QSro6)~2la1?^JIwCWb75k3a+1Cpqc$D zFAGdg*|xW_=zA1@tr)+C5ikrX4xP>hhuEusO&4Z2nZ4Al0K0B>zZc!1Nvip5k)n$J z&+G^rP%(W{3qQwAkuV+^C+T5#p-he@bFMkqEbe=yMiIXsCVkU85q4fmm?r#2QLtL7 zR~KGCyB8^A=&R*BvBW^#SDOc-36MueiH+nVygvpTI^rC&UZqtLwjHoXbnI*NPYAGv zWHj_%nxyvf*Xq5WRC>7bIsAe0QLb5x&Kk8LYp_jo`l}im5Tm9jC)*aDqj4ym^0saL zB1$E~C-_5M1;1CXnAw94GV^(Th#Tk8A;sWTO$(;lYcXn5>Blfd4PzUN_+;THr7*dc z@un1LWMf3dc(1?-{KS^F@z>>nvadwy`!;p_%Rg%+I5!z$SD&^b;bdOR66NW&lP?08 zk1_wXFvU3x9LjR>*8FltA3b))43v9Q^pwUEp6G(A##Q@7FS#DBFT%2*+Ql=EYK*)k z=+LzKv&&%Z&qv)En2Lh5s5?6qG}zFZL~h!(X+wHDpWR zo^gd@dr6$=l5TsbFXS8i_Br-);<3>~Vi#%@Esk;GS_t)tR$taXz}{f)tI#-#!|hIL z^Ak&i?(2SL^uir}xV8azk#sTFDboI<3e?#u?_}BB=F=%dRp)%gD_NK9|MIUuBc*?5 zI1_Jms#l%bIccI5d0{7_5-ae z6}r{WC*@?CV%`O=B16u(2}*EAXm8*X278O4E48UjS`cwU=%3i}bxjk-;=K6KZw&c9 zVf--d;)IazNW^ml#An}ql+*!~?%eD}^ zEiDyF8Y@hKH!-A(zWHSE&ilMOQk#HXMDGeM)kz#E-jIHlxzBK_GAMY^m1O}7?z{YJ zp~Dhhb?Tij-uW+ou@1Pfe?jna7}CplAxu_AnPI_Wvtubzd9yEnR zv){$r9&R@o?9z;sDh9Y!vZsgF>Io$Hk_k9sW4K+7>`r~w zB1l4Xyowy}&FsiqgwzD%GNSpmbjF4{4m9-dr9%fF^=V9qk@Fr@L^&V2vX3)i_?>py zvhS(;oPUDyafGM?8KQVhECO=)@n?^Eg&4mxw zJ{W3Q5>&Q-JgevBX{~=?EpeP`46%n9vgrLQ7MWxxT`F5apC~JDfpKtw@8OPNj+qkb zj2zO2550|S-|iCd(}J~=FI2NjB=JmNslg-py6Fnsmi$m~^P`DFHay-BEJOW>fs?OmEE6ITha-td{5GG8S)6Wk+BxL{3ZI&W~! z2up-PdU)0^uSOiVfgl`> ziud1*6!>NL-qt@xb?#v}%Gi-con54pV^Sd=%_zno&WCg~I7j!`W4j1K^iNmApD-xn zFhzYswBx@bhnbig6j)m|aAQmE%HT_mz!vQpn&ezq_LW-ERY zl24qw=)8vh=sM`4kwv{g_Or?>_wUb@_LR2`YIc}#uVzFs-U+ z#OK?vL&|oBHeF@z#OpV5@v`h#4uBBhqHqPjWF@A)hyo0Df?i!{yrohe$$a{g6rPyA z&}7@dBhP-vZZ4aV<4keULCSJvp=Sb;im0Ou#;j`x*WIP+l%(x*4?K12xS>PDhjwbR zlYwpfHdua5-cK>X;{P-s8K4Wz$wZ(RO8u!mUcD+4U6`_1+I&<&Y^N5dgU}!0|61$+ zH2iq@ssDZKQ2Thjk7-G7=V5EeKAy{KDk zQt5ww6mI<z@nt>mCHjq5Va3 zQRQU(wY}IBUSpQn$Bp*@*I0x44J6WN+-U6t=2*g|zQSez*=@XBQIt~zQ?WGse{0YHLM(r;uLUW(}l(M{f-8pzgwh;KcejJ-( z+4>&azCm)3q7E7Cu?+Hi_HiHdacC;5Y8lb2xI&WA_;!Ybn<^MT%p$J+9(w@u!@K`> zwwRZ-GTI`XS@sdrL5|{#N!F|4L4;6nF z=^DH`T(*JUUCsZE5rSHwMBW)FBe>Ez&F=B19s18|@t_^smnS-vUwuMo$1dIt)A>6%U_qIv}0* z$I#lpZIrcXEe7t!{>9`m#)YiBK0HN3_B9w%-1ZHNw9DRhO*(Vm(#@J$$Q!LJBOebu zx~xIB0d0Si`Jm?P(1$N=JN;UVMJ#L$$|;V7|D88c8U3rk=&J{U>b()gzqKr9H~F?z z)j1tU{a39ShGrfsZf$;lNuQ0E-9^5k?YIv_H7$At7n1XGca3XLXOIAg=lYSIIOj8BMIqJ{i_5$}tATX)X5^PStpv#D+r zn_|%x9CH+HizW;m+xY8#LoE0Qd)dQNkt_{=5Q~5Jf(Gsxz#Lpid9e$H?kDloglEA& zS3G!{7mssPOvL_oD6ko-%dDs48IM0+xN(-T4h?CvN^meSn~D{?`sSch{$RZNX$1zQpucJiTQ*dAPw= zI&7vGVRwPn&Y~=GOJ2{N|9?cmH>Y4`N3@-$rKc8FV3bSOT0KQkKe=%7q|!Znkt&8~ g#Wo#p+pg&u8Khbtq}gDn_5$&dmsXLglrRqbfBfq4A^-pY literal 0 HcmV?d00001 diff --git a/Install-Kubeadm-Calico/picture/8.png b/Install-Kubeadm-Calico/picture/8.png new file mode 100644 index 0000000000000000000000000000000000000000..72c138672d44299cfbfe07ff1f8a530f765177f2 GIT binary patch literal 4169 zcma)9c{mhW|0h?n&MlRtF{897TS|>(>?BDjMYf5uM6ym7d3C$*`~LoWf8Xah=X}54^L+Q`Ip_I2b-Z9BE2S(YA|fJd zd)Dfrh=`ch7O%Hs`__)$PwCh?L?bTRScsJO0_V1b-~7$(%|%2iG142};#;z0=-I0g zA|ksYe=gApKX8=~Eb%?|5BgEGVl+=sGaxjxrp6k6SeWg@` zAhOruvldkqImOhmPXsI$yFeqvZMpnO$B*daesLnj+tGV}u^)!N_HX;eW-0^S{<*(Y zXo%C~EPR{iHRO_zDGa1x`YdHeqMTmCWSO7R+3W&t`zou+L1)`w7VsU@*V?MaT`Klh z*fQ?OGnyqCG3PdX!Pn&OnLdR9+aA2?gs{R^Hg7TPwf$dGk?!CxAGxlz>ssBNsU@ZE zxaqwZb~mKJEk_7ELqqUexYZ_g!KGLShQ0dwLBBpaayf@(XNsqd{S{_nidnDOF?}e4 z|Fxze^E|&<7tpHwh0{_s&Sb2q=kk~aIi@Uwio>MVu}SJ!w;)1Tyk!2YnWn6JcLZ-$ znE3MU9Ap-{jc^Z=?E3s9?~EPGaY{1xa51)S1UU+QlZ!Qje%TvS^gRtysHSHqwAEx; zUcUQ<$-Ms&{($*bb}%-o2oRNv;+LY|&o1|Jd%3=Df~W|-`D@BdK3!f1e4>+DTppY!ZdWx+XM`@zQATAk=~3R(&b$U=!)f>DbeHjobs$bGV&twOZ7ljbJthLAumIU;lpJi_v%+e$TGb@7yJoSz<-^e( z(JCaSk|)lilvc*tu^~0#>SLZ9xU-Xnj}R`}&&0*mNv1kHIHVyx{jBy7n*AqXZ(~d6 z(wE}JcI-5~@*T>u16~A00*4QCDm;PQ&6W49n1ydXmG&mLsW;8CpyXIGGc5lp_|c_R zqa=sYlXRbVqw*vdhJyHdDTIyG%jJFMz$+O*#~y&iB?z#J*Rl(4D9rPCK#P}4k6*pB z@mc2z_>~zVY=2MbQp)4zz9YyYPjotej~?t`m^xW35$o_yM=i&bms=s+@lGFX!`hG} z=&=hGId@+3{^ZyV*H3&11GC|79LuqEcO40bK8bShi;Bl4r;_#&)gnIC;ursb4)>|` zg+3eR=2=3(4ug6ahqc6{qcoLzn%T6N&?5o6+qOP??a;0V+AcHR0~Kb#ieVBJE8QgL zQs1_b8e-3=+a-ufTB)9g>@;z#RJD0OFlxP$-E`wOA(@7Pop#j>U$inQD^aJ{tW_Ns z?KrEawAOifwlnPEI%}-+w`j!hZ6&drlh0C=D3ofYc$qV44_RzKtsYyp=U6Fhc%^f) z!b!99YYn%-P$GH3+Vgd+J~J7Ha|E-I=qPl9BD{B09WhjRHDh$q2cf@yy7goFDm&^~ zVl5rraD$?99sJ51)qiNwXoW{kGXJKb93K{YP9WtL9i?7#3l)WkB_f9SSE*htuCo#$ zh8&5gSAaLnN*JvK3c5IE9K%24lRbzy&b3Z3V6~%y3B7`%4XUmj;`gq0R``!g-F3Q# z&(tVW-dADzAw4mpYv$QAeyRIm>4GCF39b1-vr8do%6KPy2y%mJJXIvF`BQwm8pkf+ z{X|9wFtT0`5RVeq5)Qy=?E$$G0li);9-)rO_}gBXxIV@({Y!G#y_?W8JU4ds4sf39 zbIbVX%=6+0Q;o#Qi7i!a>r=$ZfOEmd#Tt>vSXRtbLC^kLR-CWv; z(V$H^#qwPrAtdW*PS6o}58lcmUphh?lg2+KpmY%C78tqG=gSsZ%Q36`PZbek!Gf|5 zx^5TcEzK&blK22Pa^QqphfRE6K@j86WZuoaR}yrozdb%(uhTn}b6yZ9KwiwY#e}b@ zoGRFa_Chz)e+Wgh${em_oJG21?Uw(e$7O!kq$DLMJk4#A!MFvkO@ZA4`UGh{Mtc4* zl+es3IgLB^Uf;d$TpgQd4BBN#a2ziO^bTZEDeLE`x%Q^TIcOVGS|qBb2Zp&kOLuiA zwa#SVQBOb53}lnJlhxt)5x5VGSG_#yJHmT%8c^>AiwKr+nc7)drt^}GTM!cstaZmS zfL`ha2yv~0&(8B=&InE;pI6s1PLF0dM@H5|0YxZ!Rf;y-*u_{OT>l8BjN}bUVAO#G zQB4PEwo8(U;s)zCzDwF4Q2Eq_vp%K(3U1~%G?|f3fbJoJB#+LL^Aaen z?rdHB!y7vWbqed9ROzJfT>UrpWHngRAp4vt9D&Ta1k_SadpoC~HsYg1D)C5Hy4YgaxS%$e3Vm*z_E!J+i1zDOHJ-8S+S2uP>v?)Ih~ ze?Qj-Iu{Mz;MlvMnScnPZX{VJ4fjsy9dRx0Fz!vYNg-=zFlaQadw{r<3w@}o zS5^`XzOlOxo{uOo?XzgIxT@6p6wxRMqy|xf0*6PY=b^Z*H^%giu#@9-%fVFP#M|n8 zBg#hs63KTZ(ZzYa4;0)rJDju*sHM0~f`~)p>kZP8pQFOv;rm7w(a@tMJ|c4wG#&X{k?2-1Hm`tY7z9LCet+eyG<17hQJS%DWA&j)5Bl=` zaUC^qreYweff6P&iNB^YIA`-Ji;_Hn^fZM8RF{m@4_;CZqC#Ex#6MxNx5`l7roUV8 zcCKVPyQHAWE{527lGXs(XSNFJhODM2Bq}`Cb#zy5=J3e#ko4Nzbq8pigrLjdqUkz( zvw05;E_BRbu=?k0WQ-kWVV)sGWJ|>U)VWYbz@)dQCW9-=_~#q(vfBDas-Gm;S32x= zL5uHHa0xbkOz)ltcj>QPQ&mO*evj`5ATsy(a%IUMVS?WA(;AdhltaZ{4=L$2bS-p5qmfZyi2s6aFv>6#p$4tkOPQ& zKIU?=XXDIWGC#_j#M}EskIkKw{rEJd?IMDLtH2(Fd-2YphqztFEoWJ`JP|LbQrcdcK5Z*ZQtz=jkY z`NSQV7h}w`3Z=bD5(IKXX!DwfR9NU(zE{WqIUI;7bYP>r+fDlOmd%vq*E!1+U!{4r zbs=`5o6I9~-q#ps_eS4dKxf{`wc(=%=17$|^_e%LI-q&NH@2Fy@N0B4AQB%ggA7!G zU=R+I^Uxm*yAb13JTrBFso=@rMhl4aP+ zQX^KnQ8-@{Ku~4tx{=_nGXv_dQk48Ru|3k^hWp-Oz7EkP0;9}Rz+`z59cD*ju)Ukd zv@ChCu$vBa;qqQAd$v?B3vyw8l&jsfQ=%sFIl`GZ?Wwj`exn(PmniXM&jwDr{sX?6JniMi;mI>pU0Lt@EByHtoJ5f_+Mk z!{X+OUlk{?sQ@jSMHE9PH%g7EXUfo6`5;5cx-ZrOS#C*Wqxp(c!>%s2d8Pw1K(O>$eJ#13zf257=|9?#N zf1>@z{=Do~0e{oIH!b-;!QU1gKUHYi9W3~Q$Wi+VuQI3juymC=jGD|Bjz2JCgrsQyITC;88*X zhQJ5l#>hVa?~ct78)u)d*)%Bpw7PbBWBWPHjz17531eVywYrI^aKHNTT6RjX9++{5 z;A?PoB@&)kg91_c(`c1W7dArmJuaHfOJKg~tne}m-vnD;6G-F#H;{`DDfwEIr! z;?RsO8%3tp^jAOfipE|p)cBBJ)H1y_nZ`yjU5aFbDYKE{{NFn04nVi>W?`C`Y|A+A z4uS@2N~|B*S#imo+%qk4-_kC=6rh!VVTBUh1AS|~t~UPnu#fMfsJPvx&d;~?yjYLh z{62hr{5Ed})!Ahcy~#uuf!GuuQ>e3qJSq5Db_kd{4|(X}(ltaf4-OX=TP8LNdj;Yk zs#+}ij705%o~k{FVH{MOOe89rNR@oQtBAeg-%fO^K9XEP){**H?A3pdbP~Ld*S?b@ x_LgTJF#p)HW@!Hg2z~;*yZYa)xU?Ly4shM~vet^u9sb!HTk8u} zk=_G@-a-o@;ZJbybN9XXod5ei#$b@eVy*SObv|=GbMZmzi7M5l>z4ok0M$da2RZ-% znHd0ZhVjCA;%^!o0>g z;dKy=ij_?G8pf0G*Eh> zWLR3qy2HsfYWt==(#Wd1@JSKIbp4uR_2lD}&4}>;7+%Q3AsqHF{S4_6A2&an-8!s7 z6XQ=1`*1fd~<@NQMu=$)N&^e}{s!z4XDyX$!M zkORIN($l9;_PJEjhdD!0^5PBzcczn__1nS2^~;W+idEFrG2!8^y}bgt{yXrhswAav z_Y-a4npp4lioD#xCyQgrr5x1B8$(TuZ`oTwRKp~8iGBA7J1)MPMAB(H(eRA~U z>d}!;Ba9#)x7|%4$`i9zYo|}`!zCGc+KQC3qf4~(!^15WX3*Dfk$fWXarks)i#Tu% zIQn*D@7O>f%#bO<6vXr_Q23_{hCKVXZE2JH$LzH-&v$aD!*67X9w$QK=qk|0sKi@G zofAE$A7!2@EUo?nS?Qa}%jub}D_GJ$S+p*$c^4+WH{WTzX@)eI;bz>GAaXZQlx8U%1%L36(l)$JD3nDlT<1 z$%38%rh#Yi0{wC&Wdy-7sS_%F@oB63o=)FnruT>S#!o}p+Kvok*LFyiqtBrfMsQ*R zOl7Uq7OtY^L>K}UTD}9^yqk+NQw{3MLS;gg;bzmaBM@#wgN@I3(wf+L*D9GuGcs?* zP<=F2r$j%4h06`J{B+orXFzB#E9~FDK3s1+b}!%by!VA-jUz~FHO5vpr;2P;fB$sB zKxK(z^3mpxG_owZ+XLrW0FaR3|KE9=3Wibf`5^?qoqafrcAyzWmWp~QXvl`Xylf=Nu>-!zgY3wREteQ7LWXqgjb=cx zmpxH6RZaei9+EP_2arv9?x4V67mQH3NBU@0&A~HAnZ6c%L1ze%`vf>0qM9hPW+9 z$w+-}{Dc>^zQeE*MtV=CU@4DbrO5GYs-X)a7`r?lzD(!cGiw?>=Q`!o`gNErQ}&MZ z5V8lg!{3_>Vb}lDy*_LueK(~e>qWpua8C5P$zzVJKTG;6aT#T_hNZuUH~Bw?-VuT) z(jWHM*@n-_lb{6vcn}$u9#9JvKz6Q8$#pXOWY7H934o8%Kac+OGoU-r=G2!wx7)YhohLUu?0p59j%eBUGnfN;o7Nh#506)XeunIYZBJTkGBC}< zCL|PFdiA*6Bw(`kfVdUQDl^BS!0|BmMMK-bnB?D^b7>I0vA4&Hqj^Q9ofl!;@=>?L z3UAOL0ELDpx4sW)4ovfOez-e_b4CUY53Klu9jE(S&j5ZbM~2;MVVq{1ymU;-+L{&u z7fzO`+J#;-#zozKIu5d`?eukT?WQ>&|JD;?6LWL0r-)-Kq}WzFrLEYtlPz-XOz$eg zxJ{J&Lihyr#Z|lp=3*0?HfuW;-7q{eIgI>$_0hG(R}s4S zl;Rp>k9-mk_!7miwXr(=20t}9^&9%JzJ5;(I`VwXn%e10{^86cehL7f$Ja)TG7T@* zE~w$^AUaXWa>A#(om{kY4XXO$(5n5$0BjBdB3Cb*?iv~XUX?+awqY?K^#14BP7&=F zeH4kG-1^wZZ$N2f_d9NVha5Kc17st>xolx;`sF-Lf3T6WJDL>cDhuuJ2cSF^q#uf*W@rUL00V@@o-YYchED78EOV!g9Tg&M;q94m!ErUp_u+7DH* zcETGFg$L6wMIXff-Q#&f$L)leu zb~3t+Gc*U)XnA*Xv|jCyQ^w{KYB4^ug%|e_G8C_X z1D}T97}cKV8wVFP(XTakcY?ga#kbe@hT&ZqYmiW3_N#cY)hrb^U`JPRB;@z&kuhyU z>HD`9eR{^frr+24;*Q3A-2=;ju8Mk*d&F+DBCotNOqs6Cas&Xj#Ku%=euN||zsX?~ zhGncGn^7&>$#lbk@vrZ(xNZwC?`Pbw{ixldJzWOGeS{@up^^zaL1acsuRn#k{Io)q z7cP*SFjYoXrvIYwD2(qr(MlOOL?9a?8Um!gF8ZVo_c(b^9Ylt)>=f9^Pr*52-9<0p9?t6!-5-JdonCaB4#q8nuYwqp-K!AFD2O+^MXG<)<$@ zpi!&L=x2TVbjT~A`{b7Jqw!|MpekubYJRqxVcd08VsF!?ASc|XJ$RTBTb!(@0H4^f zxH)lH>&?sM{aZ>l?4EBin0pz^&4Byu+tTjVLgmdq)FnFRK1yafggEFM;}SZL%Yvwk z5Z+0Bor_FY#YpT+MGN2yyS&(!tIAmK$14?E7sm&TLe3P#e>q`LfU@aGT}n;Q{R#O{ z0qVA-^@f`|Z%2ObNpjICox-f%-DJG~4E!3ucN8#u-UE^t0x|ojce`hsvcU>$kNSel z2R<^&J{^IT^DwU4jAFI!F-wfgRj=m*oZjRx^zYZtTig_UU+ZmkF*%pzE<<!UR=)ySDiISL}o4T^K>eR1mdCnvU-d6 zBb*HvJZFS0cMETuNpW_?SJy?OOL^$JzeCFLF3`o^10F@%2n1}|Wm#Hk1sGTvbr6#F z4cO+}i48Fsn$k9om2Cl@3p^mtWd#6a!)koNU!fTy#=Y*In^O1e+)8N~ewI+FKRU`P z_VT&dX=9TO=1!F4t#Zg^Vwbyh#d#OC>;AiWd>zu*BdC51wLxqz?WCzn3k&fib&Q&S zkFHX~muPzf+w*#}ZrXH458@^V(*?y!hbC)R`U^37<| zzm{m!OFD`f76O_{CX?bPZ53wl+b8BRP!ZlKePtM%j!O~m5%-u@x+i=e^vg*< z>SXfJLT%yEOC;m^#PKFww=>KMALjjK9TNOR_UMS}cyKAdmDWGr7ROZo<#S1f7iS2n z9iw5fDOu>4hGO)aMQDvb9Jx)}Qqb~Z&6z!dk6=#f$S_{Uks|j*s#}xF%X2`d@vl@h zNRJ$u7+Z__E-vAn+DVFwlnC>uTVWCv#o#YX3|aeegNeX7 zo{{|m{c6KbMh9(%kXs5OeZPUf#0UBa@3XeuZ1Uz)y1&@Qk1sDHSSE;T!6_8 zmfsZJ3K{DmGlAEF8M>U5rw*b*)eHHoyR+`)#dr9AFSLS0$27Z%(!B6v8=8{U89zYbk9`Q(d1d&;?T=$lqT@vx1EDV45q??9`oL` zn44ghj~E@ZLe4@_Qb$-(O7%o@;HyLm-`qc)_H?Z(r87-Ug9Bc2+V~V&9(7@>-|v;` z((Y+Z$JYmV)Gj5%M60t5a_)Rxn{}?D>jBIyn7!)?)1NUt(-377b)@`cTS!G=G<|%+ z4f(rgxA>Q$Z%)|5T}r2|J8FA*PFzRan;kl1v

@W}njUCoo7siX?82P&T}qpjL-W zFoP&1&C?Dr#w}Kco{v8`63FofEUZ{<_HEICh$!T7*CHBpP zxM~1^>5C+u`eWdS?`7iAVRK{{@kiQuY9cQO{E&E0%7M1T>^aGZhX|4Xlm=ZOo+W+F zK>xvobtNvq4cXaWCMto%PtMh7E=LFwqK*aD$pNw-s$Ed6N@J=iqY|Xcru=GNXL8cA zMKbIJlj(Ptu9q7MN37a9q4sI~n>V@`?2R{Cyk)dn14QyU4hS0&>tmJUjFHbPHobCL zdlno-C>C@;rohkBw=wBL_Lbv%T6R{rfl)7So9C{z7Pd9+-zyHDJwV#(9qpC>N%VYj zbR}lw@69h$i0Y<{H;yw5P8P>>>FL#to`oS2YV9&2doB?=en)`W=|uftKm7xr7Wm({ zcTfLSVFfX$Q#IK6nRLH%k~;+I0)OO{d&BTr#P5AXbfG<`%r(|lVuO4la_oNi+O(Fg zcP)pp3Fiq?>a8R*Fz=5i2=sL`22G(4#=9cgj*R&w$Y>8{O3lgZYe4z+&Ktp~;;|`4 zBJ2Ls{eij?S$?;W54su7t!2OQBMZjgnuc|ta69h0ZMc7O zBrP60PJd^2Wo!5|X1Xie|p7awPGlh>+DJ#^88>4^p<{v57d zYn+4k?`fYe!x)Ge>WqGJX$^sUjS3$`bM>)ocZpt7Pha!BX<CatKM5M7C_fIuMAH%PpoA6X*q)(Aa=cyX^5ot8tL5R6QVqgl`yZtGAv zHuZrZR<|S1&|E+qeY9&I1x@aR>@rKheEJM!JXoJ#=zN`hBx=q7?4eH%oKiHMdihnw8WvM<7F_B zUm>v@zx>>>sK}%xtw@PX|2SvA3hNJn#=Pe@DN+T^%@7_QP! z+!GJ2CCKlydbJdK4B<}6HHXsV561IrJijIt9S6aJV(!)NGnuG1-(I>`gRH3XN~>32 z3hi3%7~={MB4CEyQwnsd>oy;*oE;j~{AF6vOTQ=ax=`{-y*ty;SY9dzhJvP>;M%>Y zL7asoobwt49?70IC_cmPLV$uUV2fNy@QMq?N3Bn0s36K_i@Fg#W5GU@P7|BaR_7Q? zOD}_;qNiyL60}0^_i>v4d=u#LQv8llgW8i%916OUGRQLTE%Nx)NrD=XYg=>p#Ky$ph_ZT8f->6g9xsm7nMbT+u`CPQ_|S{LQ!?ordo?B>0P^v)(V z0bV7e5iD@sCVD3Y%>uOu*y~`eG&A^#_s!}wSo2WVV!-y>p&`P1!Pb|^`E4q!BFKN8fbyl4;uQGtTO#RBC@j}h9vVom5Aijw8w(#S6o7dUi;o8H- z>Td(RzVw=D)7!qa#_P$RgnDfx-K6_4;mcDQ;RAG4LjLsssaBAa-tg>Aa2y@?T91T&tuu}Z}f@6@_7Ecy|%t`lmzAi(hk4Gfu>s*1D! zxSfEZOj9E9btokfM}EXG!E1LO^`FUxSN$RJF+_0k$>BU+oHzfAu-l80Ac^S@J^>_| zNmzFIZvpc1=)c9K|ESRdis}xWO1Z1;a6jD-0(UO4XF(?ztE`(vW{^2sCD_+h6BA@L zw^1be52h>Wv+;{>*{i4yD?(zE{H#io?MA+Cj%UmbhFMd7uSeocYxgBgkjn<6Fm3Kw zRJE+|mpgoWclSk)j6_dHGtFv^c$%qta!p3r^#8 zU6w{uZ>8?Rd$u^1N}ORAP7(SCT1h-NvAJ8{>Sy#l_g{45~99m*#)#9jxBK~`C zts(w!&ELr%_OtO3|8N6)QJtoVLD@lIU-ieZih1Qcp*N7&39-JkKC*yp$4hZ^`kNXO zXmPd0mU-XIm_LtwJe3#Kt^VAu{^W;`IYz0qw1qU;(`ZH$mTce8ipG`jQce$QumaX{ zjs`0wkI(#IG(E*LhUYrf%t3y44%h69$GBiMpzFk4@(hJ2S0+}(>C+Or6vn=wwwKsf z`vnrHVW&c~T;+3)LX>#xSK?--nWfA}nseiG5pUDq3)(38E(hmo&5H)aKD7(4;54*@ z`941#zFT6{n5uUlccPPrcc2~~y^{xV(L(dTVA*RO@6ioy>` z3~$;|D`$b1_Oz^FmC3eiC7SYmWPycF(nk90{)j|@z!)0mAeCLb)|dL$fch@o}GAo$b> z8I)8Zz^XA<`aT{n?KaL>(^<;O5_{IR*!}3u)SZhU;eh*B7~L*TaP55T!p6OBSl(5K z8_0AVwBjXFdpc#`Wb7pR#m5|atRH*(oxEto8F4K76irS%hPETJJow8^%O}otpjF=- z?EIz>BLcCpgU?SUQdZ|r8gw9X7L#0bwjk*8`oen+I^v`!SEJ0JhjCFdoXus87!2pM z#6Qv*O@`|-naa9Y&F|%XK#Tyx_{ToD7fDSw?q}>xtJ&R4{~Ym<%{q(RONeKubdb8Z zo(BhcSKHY=p4#fo(>2h9y}EFz-fg3HPXpIy{i19b8!=` zAG)f)@b1fe9~)fF{5c8|Ot6S#h@`yK^<)-}Vp*SAu!^=L7{uwr)mmc5qWapfNyZxH z7}G3pWO5sNN_K^_Ye4785_$o1@ZiL{SmLm#hR!>`UDq5D)RM}1s51wYi?_np$+~ft z;@=(oCN0$;!|!c0cJEDZ*-~J0?_%>+-ED!_F9dhRyQiA{R!}BFss07#6!4hb^=h`+ zDr}|t;3{qI1fV7%m|XkKfum!(2k0C%T`06T{wMvHKJ+hKJYCB9zGExAewiD7pbeet zF+Ynbd*BLKI;@UkUOao-E&9ZQ%TYBhr!W1c%>4cvbaujRjDL7Ud=8D7bzOok&&cV7 zK3^izHwhj1va&fx4>xF}=kN~`V~AQgyR4?5TK8nd(q?kasBdRF$R3$}5hkMS_HliB zP)X<2JGnsRpr=pdLtE@rODaPhcHY*6q-@93lOL%ZN+0?i1k&BLD--XKSY18daLH{A zF=dw7H}G`}Zu$leh843NEq6yq#&Pw;8=-ks8|F)`*b^O;v4XM5+fMI_Kl?_@G{AK< z(yCbw%!)%{*3`3pvbJaz^T6gQvve!t;1ANQi5wXb?FU(GgY0y}k)tCdXxStmWs=L! z{wkqoP=tLv*jJBx$$O>sr{Z&~J6lb$WkuK9_IB@%s7D7|UK~YKp^u)zL|`b07l>&% zn*QxPvA0t`;-3$u5k>SBw4ju}C}U=Q{SBi>GIls<&he`&<{Gct8A9H-Z^&Aj^tEa) zE?dE}8lN7q=0Dgnjp_*|!H&a}=HaNqs6t<{TjGiHA-bSR#1>508f$;FGuS(CWE(hS z+*S9~-W_&J#*rh4#_WBSDjQCVD0l(fNw^IFKq$OVYk)uE|L{lGKWGi*B!RV0CE4kw zKSOq^q}Q?ifoqNn|IcV0%CUqticw*p)ssel}vs zGYby&wstqyAc*)D+rLoSw@V__dhgJ*t2j4s(caw7d60pudl2KosGwhr@HVdRtGqSXtSb!HfWS}>VIG3`D(aXhx5tlh3UTcoB$ONiA-DvBivr_%vo6hw1}nXvMcJQ{;!QEk>-Qdvj~`d@ess$Y=Z9 zMrKW5YabxPtY3r?7*a$)p0ZxD#QV+=3)>&MEtWvBb~M_CI57>bg-eQh2>~YIQdSQa z7Og0M{oWs-;KWu1?p8CUk2-vxwqduCAQ(g(Ulqf6dgt=xs}`A#ff)xjCl{9F?7VZ6 z8eju&kooOJHD==5w{! ziU93*a`K%h%7Sm896g&=*0L-|U9EU6k%0GozJ#v$cUoEI0cl9HJ_bGQ#dq%SMsgft z>doP8g@mhRU%}6gb!3u%V&$~h09b-z)`Z1i_=lE_a&#ZUqq>kPdx$#=kcB>238y3u% zCaqPq_%Fkl@~MaS-1{`U!~g6J5c1K4R}#~8MeV^iFk@9kI#)t?C7#&Opw^Y4{Icyg zG>NQ~{;Dxh_bI(Ak(Fw;n{wUaGf`XP*>0+8Mk;H^niTP~&nviB0?P;R=%Zg1LnqE$ zd?>3l?7_9^?}B`i0-oMukosVV`f(+n4zkGg+>&IwOZx&3m0sP1D@KUF5@2w%aUPtj)v-p{%D#5S9vTn6)1iU^b~~ z1(YzG`*b_jz^Cj=(jKLre5y=A8IluiqO2X340ob6onU3SwRQCS*9{=3_ls*I(5AaG z$UAT8uFgSzg(*Dj=)Bqr$edj;2Bn{Rpd)qFEiu&_`I|4g=Qks+x>vxm-?$?ht1v#h zuuKAU3-(hc0U#pRDAb%H;Nm`2!Uze`o0s`xJ8)@P!qO>tic7z)TA!(qWv3w8V>pI2ORO1F11g?P4}SJTI?UV>N^Bu z_(7^j)_9pt;pXRZaioVM?hzC3O6+@xOe-X#6>`7vZGC3m2=v47L(c%q z?mx^}P5P7>TS6vY_}JskVLC0JX^b?Ky@~4fXXl)4PYNQOmnbF)XngMZZ~!DuAv$l* zl`74VC^$=EB}G<^Iz~PPPJ!7ygm&cOp;vBn>wqLMquMR0TQYo%Ek-mE`%n z39IH1DY&04F|HqPIa#hvc1hTNBM2LBORyVmi;SrKd|}%sbz@fsI!z**#V!~(Gxg1E z*uYh@e6WTCvpG&;kLmC>qH?7N`;GTi`8LxPRB=S|nh;I{_Sh}zF04dCd*lL`!pj}5 zCW3nDl|Lc<3i>&Yiv;jn3!J3#cOBcV0x9hR zfUlpb$K$@IMxia=Q}uX?2p+_9J~Z!6)#Lw${-lcl|D%ZhpIG{je(z5^dJ8q{GzDR5 z?2@=B#EZskPp!Kry_iyY8-|^BY=bP*b>jUFIf;_}MPp(Keeqr+VbOrz_+b6VB1?0b z8|^r*7F6*Tesez=5xYL^p~2tc7w}_e7#*+F*XFivi0KK-0E{K!GI(jq<|sET2xD2aI? z2Kx0644$%Jq9!-jwg?t_-SE^DM3p1_c8*d2d^ib_0C5`t9xYgK2KUUACf-Q&t3a~p zZ6c-YIb*oO0zvL&B?aD+5h{TkLj43!$4jZw2)U#lj`W+rePOb^^z8!K; zung?SHbAIJfNct^9yqK^0Ao||7ELgLm{qqPL=-<0gO4_PF#g*TaIT@Huf=|kQ73c%7S)33{_bltgte2wN z3j8Jq#Wo-8U~n=JkQMsbV{sZx50AS|&O=5^vx$BlfjA+1Ot5yjevlJWs#R>MbvV{= z6oJuw14;r?DNbgiT-Qg|ZPzmwsvPKxXNgdn$!0zkvx9Y?g$Ot;X&vqNgIpg*0rA;oc%k5q;*4W?MAG> zAVSBhn(G>c5K+(03h4b#tW1A1c;P^}cC-9uYjrX2x9y*^KNoZd9Zt^ck`;m<3-0WY z*}ma9zP2m<-2VCHxmh@h!P_FF=dI*!C@yX>ozA+UyMxa;@+fI9T~w3iFyNPw1sWp| zg?k{q;UJ?{tyq}iU|dYhk;>SN)8rx-j?|k;TPNZQN%O)!VWYcM)TBqa9x?EYKmOqU zLnCKNTp)Q2o%NZxK1@0j%#dSxMB)_o`^hN6oDFl?m{U^B-$B*&*WPZ`#Ot_DnwKD84_m7ZXx6)&ROZ_%=VG~5 z-z5PZSAbC}!&YgHSJ{SYnivCjlMAC#A9$aU^vu_ z&%wZG6-I8d#i#Uy0S#)cswE4c#=-icpe5Gron2qSFp0`1B#9AnnJ6*ZA*^-x+_r;} zLbJgU4Jy||fDgI!t{kx;Ah(7GdPZtSYcm&+w6ievYsWVbxh+3{+x3Hx&>jEHvJ)l~ zIIgN~O0>DHa9P-~S#w{sF0A+V$WNS7F!L~dPBTOwp+7w@A^T9-n6+c1c=}SEuHbXL zj&q2ugX~)VKxqdbN*+g@=tlMY9&aS8wWhr3O1Gex^8fjHEnXjxO2q(G7d7@+l*dj!R%?`W__H-&I zPo93jHd$L3aJIp2zU!@iMuQdui&XB`5~Q0X^Pe~1W$d|H;yucda97zHf6P(hUVgb* zd=M$JgEv<`<~nh)M@BvLwo2QaH)}Ht+83o@reCjG$E4P2lr?lDG=3Cfpo*RJ=>C-% z^%JMh7$J%nax14gZ%&}X-&ofaFStE2l^B8AQ%>xm*x7A$YEAO69!8G3zeuXf!>2$6 zys7o?3xk04VxCXBBluN+QHUyaavdp=vcws61(L1VU8XtEh>8k%bL)`^{`hjmdICixHRCVu$$IROB9=RPgEw&YE+$Dgfz`U{|-f704 zlckH>ooIVb9>0J~F63LgSG)W^>6^Ymhp-sp>;f{2CNnc!DYnk#=e)Kh37YVr_ z&v8Tz`N~-@A`%;fN+S9__!MBA$w~2S^BAkfsSkB6z8Y;Ii!B4q|IpqutZagL4K6>X zd$S+2MXDrgAima3+rcy{05R=d@^lpqmU~>b3}Xai1@ABQ)1Q329nXA?D4Z<{_b1%l z#W=pF-|t@d(;it+n%v*gzyr&>yXh&FP1pab4Sy7f1cZ*lJ^`ra6@A>0~nq=9sc|BS2JXNi5(4f|}0v~Am~wVYO?zfAe# ztJ6vdaIpo}*F4PCS1e<<0z%%3?2iaYi020}vX<*59Lzx(OpfyK8sh>T122*L{aUsY zDjs(lqOnn@Kb72z=?iBOMCEG+hfW``(L*FB_fv7Hwn=3G%)!LDJpBP(Y)wqi2Cu--K99A=j=Q zn*>)$7Gzh84TctvHp=`ZyB{^dv(i@;kydjo%PYLh5&}sWhh*rY^97jy((vL$u46Ca*R*H9PI zLO=lisPAO@t`|fK_d=fD&hX(4$-9%rr*@1?JgXsiO5zKTu1)TG5*~U8zPqJ-`2+qI zf@%1$lJDElm^%AAx4%^Q(8(1g#%R&-#Y8x0yK5raPZ!1L&x>GYV>3rpIAkp_wR${M z!byd5d_pj{EjQoV6>s&jmJ6X>dv1gndR%9Om1-hm7F5poaJ-#W`YFln zOOzo=QUlaf6Aru|X`T$3ir)lHw=SR6Akp`C_y3~rZ^i@HM0jc3T?~iDIvDNDXC=`$98H1DIvLF}zJ^jhz=%Q$TYfj?`y|FQ#HPD_^?2I%;e+6& z>i+&N>H?~&xbw{G+C-(@>=kfQP9DmY6LIrN3WqV`$cH<;vPpp2o{6{|wj7AE(}%{0 z>38(@%3u;{&m_)&A^DdVx{d+_J_YYD>_1w+;ONR4-9EL|72J`-gu*9NQPsi3i(5Nr zWOGx4RD0h(Y*>cMM@`)fhEU~wb~dzz3Yc^T4gZD}B$P;$MPOk4Q?whRG7z^Ll?q8Y zI{1%{0mf1>`!An&N3>G|H91-x@wZJ$OA~zIl)vX(dUz3cUc+Yo*P0tvBkY3@-Yvy=E z5%WUH&4^WrTeWLq%hl5CEeq66bH`gd6TY4M*QWG3NYe<+LVWT#^k*g8e9pjpCHrjo z)a(3H^8Qux7oUpbS^R~hvqRYI_0Lh`%V8{(R|=46=~=LhjF8-~nnW%B_5s$rQrm>vZdtw z7vT9Lk_Blhj-9R}ZX}lq z|IXZt=5YM;nN*YFmH14s4JBUm+Vn=<$50mAUDGwx1|oR#?geyqXHSyH$G-B)_ibJd za+Jj)CEn(8;dpTlor^nVzaxSJZ`k!8>z10p-pPGq+S@4%@=mz>IfW!(AugDi9+t&r zP8r(zE=Xvr9@tqE**XpTU%0JtX6O#7HAV5a=>LLkU1gJh()A~Q=(<%FY%Wvt?o5+pghMXR7R$ud48LJAbVff#0!4V z;<^s`1skX=!OKKETyPhT2;tLsgb%F`g~fNmD|kokhOsiA6En>^T3qn=UmN;G5cLb* zOY&2U!z~ppKAF-?zqc0_quh->3zB13TONG`>fp1~b`mAeJ*arg&13EYpN_qaQSvo8 zm99e+#gk0>+27f`9-6#7Ae2yO_p`id?)W@wNXs$6wfbnASQ$`sVnPGSP6_&2yR9%dzHi==k1BCCJkQ!n9oZE9MgV1idm#Jt57+Pmk|^ZAdha6KIHWE3SHb(`%>SS9UbTtRBG>J2su3endHjpbp5 zlpe{*dLEu`n&^M9_R-6=0b}jc-|hr_6j(Dn!$|F`G0PX5{8{Lh-Z)U`RXlFev3RDYO<=d!p zY&)0kMMTJ;;?u%kBYLw4X4uT%J*_l5@<}~OWFL7EmaMIv$6wd8F^}SM_MmTpqfcP% zK%?yAx(=GTjDLvp0slsvze@hpN4RQnJHYh6@pXnoB47W3Uwo_ahp&seu2gaDTThrl zm?P%(;LC3Y3;AKW6*m9H)frZzYrEKQ-DMsoG4(Hc_S{da+1G%$)D&XxVG#@1%s$No zicILecLxkw$kC6@dSmGcL&hQH*|N7SPy`Xs4;=n? zS^by91NBSY3}flX63%+Pw{U{9j@mFk?sQuE6G9wVaQgH#R76pv>~p7pjvNQ@*w&nyji0ndAN+|HQJjNZU*s2(e{c3L zbSLUlc4@m|+B-BxRxhd=U0d1xOYDVFC7u(qh=sSO=-%?b(VZ6U*|~uK=^JW)fgiDb zVcQ(XusnjH-NbR*-N4g%aJE}gzl1!4Qo4geFRp%QGJaV#IZ}FM&C3- zgzm+leFf7!-rzGKP22gA?NL=7YsZHlCeB-@Jwj!C6xeM~EE^{3GQF|U7S6PwCsKhIin>_c>*K_io3U7Kv*DTrZQ&LWf^q*bxKph=66WpbeoOw6c zCEx#DeZQUvLCam3nOnZHJaW+22j!cF%d+=7s8@eDeBRkbG0pC)Ekk7d%{b4x5 zJ3>vhd;doU)Os&w!S_b`!<7TgUzI+?mX~e_m&h)x6|RRIh0pI|bV!ASmadKgiV`tn zNc|~R-Xe+_wb(C@e@{0F5WWNp$em}gX37&PPNX$JnWc@pE$0elR#nZLg==e+1RBT~n#})df*EaX2v#~dR6PLC_=$i@A^f0^E z2rL|TZ-tw+@gRwhyXC@5I>=Bds}(jT>iJFp&$J7i{<7<6f~hBjp4W zx7I&7-k-mcK299`AMt)Rm(z!I29xuIoR7IztTv<*u3b7;BH49`>O8{gQGhDkiT$)Z zuQ>SM75se+QNiDXxI^LkQFWi0^?Yz)8rLfiSVavcxTi`todYDg0PPQ6S{jiP9`BIYYw=4Fex8rIG#cQ zPu4gO6Yet+LZyvwA%SYJTBn+Y8I5!w(TNADTKKS#_ z?T^bRYn5=qA&5|qL<#G4uJ)YFZW5%QeLuUke7t+O2}h%w%np%+2FNT$oKH4Rexb14 zWt_v1B}&%*`9_HP9>9XYHA8DXorl`q*v7XWd$~PH=U_X{a^(Dx$2g?+;HUlRkE{TW zZp{s039Q*6_+)+hpJs$-86MNrHi*|6UIyrYx&;aOpRyfg<6D~OxU*r+#wtklMUcTq zo66PW{BMu7OMattU<@s`X%WC6dh$<$jKf`MpJvN`#KUSb5BUgzRCM0LOBL95;keuf z596Mj13m8*!7UdtpDBr24OHx;3kbJ()8mZI#7Fx?lg<3ZE^lkXqBP%wli(*UU#u=t z1Z`MY1%KPpNFg~CXeE(nS~A5!K1KzwV~+9i$jOUG#pEv@{10E@B;{5kgO|I&ziJqT zLp^%0C&G)fT0Je}aKc^J9#1{QPqedj_*a0IWx+zK1AFR_v{KB4CPeVHVTRL;#hrhD zr^%hEbOf&J2!KlZxAl%+Rua)=SJ4o$8XF;dN`dNLD*UT8LQR@cvWZ=pOpxJ$#&pAL1o?4};;NH1821(m9CM zpIWU3N$tkD=}p@~J7fmu@DI`0H&TI(Q+=|a1$m3zJWN`*0MUB5UlDJ^HX<-xvVzS)BgUe6;Gsj4I&FpOJzs70c!ts%P?ixHO> z1oL6@b%XsKxxw6DWJs?6gpI(yBQ4`FM*RF56LEKNhY;noAH{R>afAvMKIBEsE0=;w zsxF}t{eGRu{D+iD&2<_G@`&{+J~vO7g}<8c1TvZ79NpDbn*g0J~9)0qK{ ziagTi*Xu1-9s(D55iNBRZc|T*JSQu6!K%^Nb!E)Ul|HdRLo^g(t zDy28Nl_cytKReP-*847$*Ww+OVv^=W5v4>yM>H|~ZrP`8!_BSpO0~g>GKltR!dCH< zlmQr?U|pyHTXv_>?903A_?rH^yoiSK3(6iPDeVx`zzCB=^idm!bJKTBk}X_WuF{ba zCH7BKSn;u^R5=n zdz-IAZYcNtQef0A=6tkn{G_1vfcO%41Ft|*}#=oWRn^jSb@d z!PxP5boGKaJt2G(wP;=lB7cW8mug(5-JP&gCMpj=fdZhS!!R7Skn3nO1YhJeCTK0!TGsDAq-PD}?dXEj2>V)K* zQX!6ic@_C69Pg9L8`Q-%CYJ$+j-*caPrKYy$wdCZAr^#w?-}0tglJauS0$PiKQ^gQ z>-va?&U+p)uPJYnQ26^eSv$oEh?x$k9v%6+N8hnzKA~^w zVd|wZhjFxwN1~N~yhs3_f#7xiT1?6ZqCk?I5oui}wq9 zhNkx*BDSD;%#U|sczv0Ky_sh{TroZB%A1j|8jEp?bCVkAHHqGd;&~H@-L*5ztIA)CJ@VITjHb?XiNV;{sHlt8SKB#5|7eo z{=W7n&a?HS%C`j{5G@XKSDVWy2~*SfVj~=77$GI_}>;;@IaUvn1y5@e|gVozH&E!`Oxe>>2mH;;^QKjH><31}mhjs@q|>KM`V zO~g0q$hEBtwpy0p(3%d=l|>L%)_C2|Nk$NG-$CUq-2YjM0O?# z;f=H*GG&RvXehgxN|wl$BE(dZ$}(l&r)*;%`_7cHGqz!v{d-2A>+`ujzw7$^=D%}Y zXJ+nmpL6c>ykGb8`8WvQOoJO%YoJ2B#7cRFRPuz(C*K3X2wrrY#${+tnMO7FYrS@M zHmV<2f|nIPr+g|N-Hnto1HFBA>E#k@BiQ@9C;i2ZhW|;kyr`J#To0C| zH_vLm4QFQ9e^P?0d7oR<2S8&ALb}Kj$O;O#( zXL5~yr#hcJuk#v{q&Lo`5oDr8j4%%uzGALi=_5DnQfoUb)A%{C9vZ{XQ8zh*&LKqtqmqopOyG1C= zX^4z#FZ2<_*MVsW4Fz`8OA}c;HztO87zDmFojO3Vt*05Q!t|X=+Sh~yTtt8|;$gm4 zVh)CQQPn9____0k@e2)s_fBrH1Y(1VTg_+Wj#8THQox(P;vKVSm&oJwX-_wce|d5C z9A{Pa)&z*-pZCc zAmOm?S8bN68y2OBx9Iy4OR>_Gig!+D41A{^K8vslE1|*}8XDvi*c&_6hLw~JmrEwv z%k*KZ9wf5Myi`**SWr_uFyn-@f|D?+&1A5)*-N-12WRl={$S;*I2`%Y~oeD2CK zt77oe^JQnBe?F96Y`ZuII6|#$X2N|Dm*;8E%d*1~uB&8=I|OC5b(2NOCkD%d8C7+G zm9>N+y(LDk>8OP=b zv4bsO9u0vNhN2FYxJlRhu_uNwDY;$2^60(m==*yB_FBY;m5-EF-1wZA7$pzz$C|QNe3-v~Eoc(l z+x?ceUivYo#LCTteRk`NwI1Y?aJ6|7YuZMs<0}IM|gud(@5zGYh*&i&w3RQ#1 zBsLKQ^bx;xeAw>-kJYiB57?;#MDEGt zohC08xCBjHtU57eV+gC9JmT}{j?Y$g`}CP!>&3Y*er{1AKBe$@O~-Jpx~r_yykVEA z3nR%IO~X;GG{)c*m(Pt_96S?Ye<%hQb1uB8`uJg-W4|C0TNMz<2GS5*C)R%ciZrbsm zur_kRarhadEL=X~q?~IOPx_9)vgD5a1XPqAan@&b?L@SPoRr4AOG5Haf@9z=^cUyL z5UgtUI4lr+P6(AE(jOaTueC8Z{%G~MhC=?-MchxHYj1IOdCs5s*FFNj`q1z94@Y0HA3ax_sUSC>`~5z zK<)w5gm34BJbluXS|fc6Ux51FwLysK(3yqJ+u&pb70`ibH+AYZDQDF^ya;lV&2iv2wN z9OcEy@e{ZT#5hb1`42qdN@iD$y4m{g|Fg}uJ^uX#U}vDjL}GuHkc)*djJ3s>c~Iud zBkaN_kX;mGO^ZU*O6R~v{M2?VghoUqvkMpyedf$6JrwfNp1FVq4c(bQrEtVrxlSxlt^$>iRvB=Gxc6=_B=l8_U zpf)WE>FmYAaw8d7jA{EbuHDL8$IkY@>Tc@pv$Meb$(5}Vmh!Q)Ap_}O-X#?-)-TOEqVif=f>_1>qz<#<_y^3 z?~(qtr{i|~`9h(+5T=7f+wR^!lPR{dXUU$J4W*!`2Yv>8^xCmTkn<8S>dE!aXd>}8 ziY|(LfPTYF#zOaxvj(J6h$~dj0A-q#9<$A)>fCi_t;OGoMMtkcUP7pouIJgr1FsGSaqeUon;-jBrBGR$GPHTf2h~ z=JA$mK)4W%3 znwCtpA4Lhp)v89l;$t~{)yAv^fnDcQw&dFm=Edl_8IdO&yaUaPBwlr@W- z{Dq5H4M!rphOTOKZ$$*HmWeSohP*O}s~)i0Gq8($sd0pRvmf4^uS+O%bbR^J>v;D4 zx0IBIQTUTY_Xz{rm*UjRObc?#y5-XCjvK4)!IHfl2YC&^l}EcN<8|^aX=OC!;SgR5 z$tA?GczfkhSZL_+H!_Tv(0kqoRaKX;-fC2L_{f&`)Y!Hg9=Fd88CF7`MQ?}d5=2#2 zBcka=IxKVc1E&BR>n~O&T)LOzw|!z9uRpw1vuv~cwnB3(`q`B;uf;u%;?8_x;_s^Z zXxM)p-*cI9=Dy(;IwSlhF(L2t6v0`1(r;ps|L&`<&%Z$=f3?HH%lWl4OU{f8<}3UP z#YAjcCd1J}e4D_1DHeIK*vum6#`vd~gIu(98QA9vg}Eqz3)Kahb+E$Xile8#-*F6n z=Yf2X>!;Ns9P}QL%G9tc!Bz8UNY6v>Wl7(ln>_HYK$*Qk{0;7 zp$l4=kRH#HsZoGA+cAXTV>A!qQ9uknqYRQrd_7oN6ofAdYw77-8=0it)%FJ7+jWo^ zA)u_2$Uk$g%AkwJPQ#k|Wkn9+E>ePOc<$3ONW~FLXq+R`1%G_2-5#DjGfP50-;Q-2 z2Ug_BoH_u%&PM=PkP{U}7>a}IIRDn0{w1+Mz~Hp7uc8+@{`uh#eAmd1w)nC$g5UUz zT4CelueaP@Ncou?S{+&wQ^T24m6|ulg-Be+4^aK!jhKr2ceawTaTz?ll#@AQ_@B62 z&Q^S&4-Eu!hQzev^677(SAeF6p}PHdh0LR{Gq`JFqs;o_jntcH=#VJ5Jb<3=UJIpO zre)96bo>K!d6iOg9O=BvK-E5uKt;C4w&LAQJ0ghh$Cbme)|NKcAH8)d38p?ygh^bj zRLQJ>S5zDpf8Fl{ALn7fgC$57Ixhnbp4~$*eclGerfl|5R9KSQ!KHMhR&~LY_=#%xwoR+*fo2D+-SiOpQ5e!!r zYt76-nU?Ko=6>@^a9-5L>%eh*z$tL4txnb_NUCi?oFDh4dJN=ji!jk7%{dzv`^+8N z`9lGH2~Hr5wcAh?H{0iDV_R_baFS2zmm$CYb?*;;YSi<NQKK_sqN6%kHCk#3r%q-S+!E}c`q`pj|M3gOEVY;m$ zY+jDN)GT-6F`H+8#dC|#Dr${rZ`w%s8v#(g*JLYtX zD$GdgWuWi4UfzcJ(emM&t=gHEV=Co+ebzd7#VY?xG6-G`i%|E&ak?j(1Gb?>J&o7+Rio<7WA97YZCXTvGF1?)Zzea5~gjv}4o3h)Ox0zF%r z*A@;N*9N|gZ~>d}PgG~{AIPidR$I$3Rn()#;x5CI5M@_14B)Y0(=eomgRu6BMp@b_ zUx0(7H3fGn&Vk|}lkHh{I!JwefAE&Zwa1}(HRp7!@MMHMHDR)ba1Wcb*?#bj2wEId z86RXhF1@s2eyp5Y{?MtgO!izi&;fk^R$IXrGz&S({XZdA$f|sG7 z`g~^sFgUF42W&NC1zcsY&Hd*@YpPfT00I!BJC}($2l^>pe4_KVWTD)wDjK9ODnyE!uSqSBTHk zs2vERItz4;h&c(D7w`P*r!xsTC7HLxulVf$na=T3_o9Z}bwS&QS6WVrO31n|+WvtA zd5VSF}OpUd+}jb&_hl9wudG-vzt1jFe^_<-E*Y2E^8^hEyTRfeKA^J;2r z4{0T|X6!B`sKf2c(P3soNE-r+Sf3X6{k$}>BRi~`X)ANTYdW<`q6eqC={Fyhoz*Z^ z!5e5ceh!jBsimdWUNX}uG%Pg{IE(m#trgE0-MW4ja;Bl;KFRuz=xHMsw`8&E*xS=n zd2NuBQx$O=>e4UKKtx0i71PX^-7@*rc76}X_X9<$AJQuB{z|s;#eCOW7gWkY$kL~D zwp+)%koCq{TNc4co1+!{kDI}fXHzB`YpvFM58!=@PI;02m%HzQlf5*|c0Iw#(gWxu zg25lY2y-^ODs)gano-U4g@PEb+S9paye$Y0L69!9pv7hhO4GSs9Nl4gZrxMB4Qb>g zrg_RQA%cjo`x*=GtcV=Vx<3k6_FrxW$546_GUQmV5lJ7{P(!ilE-^bXB#1Rim9xu^pVf5#9?4%L@$ zE41s!btkxPacU2tpwoHQ*H5z>8*R`SCOYl^8vRDR_i~{`YAE`aX8QvMK!rLQu8a^g z6TYE?xe_(-ss^)JP9y|orJyB;(4lcF;KfeKmQ4nKP|*0*5Kr3k+TQcNm%slSxf|+? zF|Kq{)DL8sfAY^y$+++bf{5>-CRHl8LHJ))+$i#*e_GGHw77I4D%j=7S9Z4o*ZXt9 za;UmnzN3V4-j>TB&5xDbz8@i-(rs;ZZSlKh9U$oIBIofD46paa()E6UhRVEe{tU5|(VKx9^%Jt^Ns{ z#m~s;FQj(;dEG8pSewufPNF=E??Xe!=V{^_uPS;NyX}k~Y~fvwlYZuN6@L}z`ExM9 zR-C;ig^BFl?KTWoB0RPOhnI~G%_K(_3Peb~7;?A!isyha(w&BUg|zuO0*?Xb`W##q z1G%akf7dYij85LBA73*+<27KX=W-ZE`R^gNR>OysHy<570(#NEGBeEx3FG9^(EN%( z=$WX9qrg>)>A)P~J;?%$=Umhy_E5ii_)G!Wxy8BY?Ss(72Y(w(y;`=^eBNV7fd3NS z3A0X5Y*MB>9D@Gqf>cRBtFr`tjjCs1dUvc&u9vz(4l-IcukQrBLB#*6SbQA%gMGdM ze`TbgChTpd@d=gqsVR?{dg*Q-cXin4b;d-_)C9G{7hN|`oYVCj(kO`1U;Q| z5GuTH8Z`*MI?W^n+mQY_423g!4`VyewOxxnTc>uVOw{$q38-dc%@La7@c5Ei(M3#V zPsM5X8kFhMj=3%e2l$EC8BC_a7m@Iaogbh;$M=E5mLH10=l6k4i{6WcY|K?&!6l8@ z4?yQl?}QJ7w<>107RDwW$PQW|!MKxoC@8_zOv;1>7firxIXfb3Q}dk*hI~%E|Na(RO#q+&jqUy~L-VA7UIM=!_w274Xv|WI{^kHF zhZv;6Rud*+7lHq{Qp}<3nmr=KMpBNU8gVdzd!*sz+uxr_Fk~ofLO0+P<`R#;4r!20 zE>3o-zCEVvKj5!bY0m&0%p=_vA#qTJ5Mlq83Wcm?l#%|bmkJDVxTwf;^<`v}Wx8z) zoyOT1I$F57)J`dRc9ff`D#UDf>UE@F9GXA5e~Yu7T(MFl-$>ZoHSC_{R2)rEDiCyE zGCRvV;31chdDj2rg15k*^A3$zZmbI5V@@Yc@eW^3r$PWjXBmG5VkDspeU~3!9@-1w zyOr(y4arqa8oFj*T2;!8Osb4G2jV2LlHmRQ^{T?<^A>;%u}GSIqsOY-=kE3Tc1lN+ z=2YKukOq#7FOL;nj6>V|9C9sdD%)DuippJ8Yfoyny(Ql@lzitH5Jlk4M|n`>PuhnV zoa}sN({7g{G+f&VLdVG+Eig52J|7ihh@9Y+kvX&2DeW~%1xXcT7{KaKYzB$rtS;_V zC`Id2P?Zh}h3(U96ZTur{EuiE_#wF!8EFViBafEeL>)_r&AZo5S*0P(B}oUJW*PZIS$wsL)$n($F<%k{cr$dO?k?G+`Yi_Zjp;!Lm$i+|&RsiJN2$X$)W z34wZCR_L!TXOCqvs)+mBPFd>r=LoF_x{-|2?`J;}A)6D8L5aw$HN+seE%b1Lr``9m z&uY>HnjMxR#cFLtKnHp6*{I0e6B}%sUZ+ zSK{{91k-m$h`Pq}KM~&(H#G3Lv6|Hap3U^Dr_!WeAYgSQJsku5Pa$B|uLiG7F7o&o z@xqYXu}NWl*|W3Wv}MftPZkQEw7H0>K>LJF37zYr+YizKNVr!t>kB`m|dVMlKf1tnQ?02foMKp zk%HO^co<=F=hCHQN4M^XW$QiuH;0^kV9saZ#0g)zo9J=cLL!v!?GsCDlYKT*Geqx; zaKX(r6Q>@c&+j=^-;e-x7hgDtI3xYpp#)Hcd$n@~jdR@XYBCFYL|SKiPDrMfHH=+2 zLtWXBW!<`%64I-e+3xP`6fs;}H$Wa*Pcy>f6ZMA#m#J4gP|Y{Jn3otOCw<74%Ejg#L66~|qdZGMVFACo7Mi?~ zai;EqQU}qiS}^syC(mz8@P`6gXWI`2XY!v zg8J~VdX0^5tw&!u9ofu6!0O|Ve9LMn{Yx%~NypOlj+WcKm+s({j>}VoC7qp}b~XY# zt6BjsJ!y6M&5+XieyFWEN7QlTqfcTp_QdTIIli(5_*imt!asFx-K3Z$pJg>*esT=o zN3u#qp2D<{j5P}llPn%Y*VQ5(>)mpNgIFSswnWj>2UzQ6?F6MxjL~K<_sMBBnQI+uCQ7O04?(lkW%v zcabg}oshxXQTMCSdUE-;i*KctSYBte=?{*_TcBk1z9f2*_b$TRbqcVxyTHgQ+LZIu zyuyX!6j^0EW}!ZO+`l(ggzNFRw4wDDjT1huf4mi$({=ydqf}`^K!|<2$xF$p@wo8) ztrY{ahfj!xWdLl~zjX820axaay}J3e6#Dz+hkNmfB)RU!@*&j8uDE})f^U!GqqUq? z^4{ti>z$`)Zp2DMOM)=i?tJlT`reOvrAHaj>&xlXktO@ZS8w>(6;&G6!LDH0o$)KdAnLUKGp31C$?;35Y3;#7R2f2lJ(@?P z&$gfPm81YnU&To|gVz*!L@sJXTH7kL-Km)NH=BWaCTm*>9rwRB|Bvri1dLAA7P|B* z#s88v%voTwSloEsi#MF1T57NEXDkeM{gYkV;jP$SZ;W*Oa0K(RvGzf9@&uClSQdE-~fLlGk# zQ;y1GIqa@bfld?l9be6T<^zzltw+-t^Jy^D09AJ{) zyJdnyaxwma)#Xn{M-}u`-F$hYx0&4&4P0qHL-{-nVJ2rGu1ki~=SeLTCET?ltNxa! z#))yi!`DI0F-E*Qq2DYI0oGwU+x)J4Li`t2nz2`i19ZT7%{-B9YOmwo#nN6m6mI+P zoq%_*Jb8As=E$@ZP@($kyx&!+f6HDGn~=rY-EEE%wxT_-fb0+XYj5{pbMl0GSzosQ zzJ;gzqDJtP5sOpp;3xW#N2mwPu$@;p`4Injb5{1`Uw``r(8zocDcn3%nmTW`+IelA z*w;+T9rj#SFCq$(A%qhF^B4Rp^$JI>t)Q~haBVmK^KS|}3+pVdFXItS`};V7*S2tQ Om>FALD!h2-+5Z9OZbDQ5 literal 0 HcmV?d00001 -- Gitee From 15005b143920183545a0b46ad7e4cb4f94729f3d Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 11:36:01 +0000 Subject: [PATCH 19/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 305e049..38446ff 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -1,6 +1,5 @@ -# 1. Calico-介绍、原理与使用 +# 1. Calico组件概述 - **1.1 Calico 组件概述** ![输入图片说明](../picture/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20220425120825.png) @@ -8,7 +7,7 @@ - 接口管理: Felix为内核编写一些接口信息,以便让内核能正确的处理主机endpoint的流量。特别是主机之间的ARP请求和处理ip转发。 -- 本路由规则:Felix负责主机之间路由信息写到linux内核的FIB(Forwarding Information Base)转发信息库,保证数据包可以在主机之间相互转发。 +- 路由规则:Felix负责主机之间路由信息写到linux内核的FIB(Forwarding Information Base)转发信息库,保证数据包可以在主机之间相互转发。 - ACL规则:Felix负责将ACL策略写入到linux内核中,保证主机endpoint的为有效流量不能绕过calico的安全措施。 -- Gitee From 7a3b7636799739c09f38ac772d0bf9e026dbf071 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 11:59:42 +0000 Subject: [PATCH 20/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 38446ff..8779ba4 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -76,11 +76,14 @@ Calico 通过一个巧妙的方法将 workload 的所有流量引导到一个特 # 3. Calico 网络模式 - **BGP 边界网关协议(Border Gateway Protocol, BGP):** 是互联网上一个核心的去中心化自治路由协议。BGP不使用传统的内部网关协议(IGP)的指标。 + **1)BGP 边界网关协议(Border Gateway Protocol, BGP):** + + **2)Route Reflector 模式(RR)(路由反射):** + + **3)IPIP模式:** + - **Route Reflector 模式(RR)(路由反射):** Calico 维护的网络在默认是(Node-to-Node Mesh)全互联模式,Calico集群中的节点之间都会相互建立连接,用于路由交换。但是随着集群规模的扩大,mesh模式将形成一个巨大服务网格,连接数成倍增加。这时就需要使用 Route Reflector(路由器反射)模式解决这个问题。 - **IPIP模式:** 把 IP 层封装到 IP 层的一个 tunnel。作用其实基本上就相当于一个基于IP层的网桥!一般来说,普通的网桥是基于mac层的,根本不需 IP,而这个 ipip 则是通过两端的路由做一个 tunnel,把两个本来不通的网络通过点对点连接起来。 **3.1 BGP 概述** -- Gitee From e9a4b0b913f04ea89936dedbe93d4c48eca10557 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 12:19:19 +0000 Subject: [PATCH 21/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 8779ba4..18f2272 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -168,11 +168,9 @@ apiVersion: projectcalico.org/v3 kind: CalicoAPIConfig metadata: spec: - datastoreType: "etcdv3" - etcdEndpoints: https://10.10.0.174:2379 - etcdKeyFile: /opt/kubernetes/ssl/server-key.pem - etcdCertFile: /opt/kubernetes/ssl/server.pem - etcdCACertFile: /opt/kubernetes/ssl/ca.pem + datastoreType: "kubernetes" + kubeconfig: "/root/.kube/config" + # 查看 calico 节点 calicoctl get nodes -- Gitee From 43a6e957bb95ba80fd857ed8ec2b7b4e40ee1077 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 13:47:14 +0000 Subject: [PATCH 22/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 5 +++++ Install-Kubeadm-Calico/picture/12.png | Bin 0 -> 10078 bytes Install-Kubeadm-Calico/picture/13.png | Bin 0 -> 18159 bytes 3 files changed, 5 insertions(+) create mode 100644 Install-Kubeadm-Calico/picture/12.png create mode 100644 Install-Kubeadm-Calico/picture/13.png diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 18f2272..687a544 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -227,3 +227,8 @@ spec: cidr: 10.0.0.0/8 disabled: true ``` + +![输入图片说明](../picture/12.png) + + +![输入图片说明](../picture/13.png) \ No newline at end of file diff --git a/Install-Kubeadm-Calico/picture/12.png b/Install-Kubeadm-Calico/picture/12.png new file mode 100644 index 0000000000000000000000000000000000000000..48099efc8aec3eb3b18b78dcd39ddd35b1985d0f GIT binary patch literal 10078 zcmaKRdpy(s+y6QeIh0f7u%sLct5hT-Q>n;SQbI%03X}6`Hk2hDtWuV9DyNv`H0Mnt zJ|cX`Cc_*PGv^K4@O$g?z3=;XKOW!v`^WY^zh2ktIy|rEb-iK{HkMKndn7<0kkp0q zXRd%i8}Y#TFY&Fw{|Cm}HsG+q|B59HRM4t24qR+TnO`yofeHzdBG)az^){dLH~c}M zodN5=4gGh(As~?E{Dm{-S3{88zNe*mpY}W&?2G5xKdZ5Snwf80RB@09-e7S@pNe{h zN-5oDenx}+k80@c<$USDImQlTtxSlp-R@I}U~gAe{%cb)&Rn1h<_^&|r z*0OHJU`J;V+eWv<)I_(mKj>BxvGLRNjbAb?j^V;51-z?)A1JG60Gz&KgYL=|-E3|~I%)rEd$Wm-WR)wPJGJ~h(1 zSu_{5ipyy4U+QKa;jEb(np5H0C1r^>lz5@S8Mn*v&h}y;+PV~?z1LDzZn`u(2g6Uz zEW*5;;NZhV9o@AREv;UC`6T1Upfsk7^D=008$L?LO!4?KJ`gm+sfXo_?^QJQwqA25 zuaed?X)WK~`#gW~=-=J*c)fEM`92Ao&D@dP+n+-zlEtcmJcZ49C6k@M z2-~{A^K1%@xvBd$|5Qy2)@dP;{1J(*;&~I2+-OpeHpMd5=eGOyWg7dX#II`h=JBk| z45-{0dtWM4U`A|+3J+s$+DTETuXXTqI^e#SAvq{zz@KC|V_ zv@~OC`>iAL0^Hlh7|xVt_2-C!zH%9F>xF1#Yw1dF-v{y)O^sXRY1A-3rbQQr_mZ0g|{O@GXor_ooF@+n!0u1?~%q*ZH(@0oIz)z_phlIWDA4U7F4j0zFUjOA*W0FKR=A{_-#qtaexB#>r2oC`4uHd>_`-Jt=714NIg zWhqQDJIpeD#8Jo7X9gf7|9gIN&EJFbyw;@YXO0|}7tD%Va4x4kbM^oga4WS8J-=DX~E${YR)S&E>hE%( zdY^Eubd-jN{QaVn&T5Dx=#zfE5B2BxSS8SY;WMAQs5_sIrf<>|-Y?4FYul;En0tu{C^tz%zJ>cRwA%dT*KXFR3sX^-b1eY2;dHZ=N{?pv2he z@DrhxK>?}}?-aBsjIgw6XM`E%`yzCE?9^T=_(vwsnzPw`a848~@qx#5uWU6vDPh>+ z-C?+_;x@{xTisQcZ)tR6kw5K~B2^}ngHt1VX&pbozn(IS*~2GZe?=)pH82U;Tojvs zG53V%L{H<_DT6^md{SBR^*%K{(W+b7SE`wnFv_uirfs@ECM5g}iiIBI>*>5W8xF1T z#$pz*`ZB58~Atl0RuB2GS{)Bpg3CO3Igpel&ytV zxoU53RpcBJyQK;$H~gT=8kTZe%5&CW8-3t{HsvRn@TN4((Iu9opXn zq!T##WUCP|?bv3JnU!w%QxBJsJH;V%!)RCvM)MfQa#ND!_NnPqebaaq5H7)fNiDM} z{({0LSqWO-p;e<185@xJV?5y=vM4*Up77+9bQVtxK(snb)ny2FdDeFBc0rFd*a3pv zDgiOfjS%9zIBwFy!{2XUmOsooFfE$Y!qfSXU1rz|p5(H$lr6rTj+xrEqBL$+DS^E# zaNv7_qK4dS8QfF3C%PySobh6FAqUqYQFIvL+4d>IbYmByyU_VKpB#ue=IPz`Ja}xi zh!hs_V>q;EY6_EdFQ-g+RggI2<{->hNf+~FZK$mg$9wE_pIR&3WN#ZT+k2tZ;v7*%;@wW=AK_M|~jN zDQ=b}`bdSp&Wvs0`Jd6w=eK$8qGj>=o}8++imGG2WNGU$;is36X6qo&HGkx$l43+3-j+n*M4}LfvEgBc`+02@ zLmZluJU6JGUgB7GKhXJNw_p_1&O&~pI(MH?6*6yt9fZMX%xhlhb++>e&xiYl0hhp? zqO}CDUrY!`jSjjzZQc}#*(u3&<_~`HACu`Bz0hE@&(9|p?&WL$m&{a6^LMRhDS2)a z=wG@oR?pt5Sp6AR!iN`JPir~18;WD{9|oKPrzz76#@tv;u+;@H#sJ`d~1HwrKuAo z@%YYe+^ZcEubCeLokqeME5Yt=Jnu42ylDBh<2HO3m*p_+V@hd*7_NqIo(jpDnOl8D z#yHaY{Oqc_!1?>Xxk-b{;uT*@_e{O30-M~dnRIb5{q1>4%w>&8jkn37JZChKPFzs9 zsySE8d!bbp;56b}#7%hcl)be^4wDmH)zwHwV{J!+0Mm6+<&D5B2LIsj{+fvM+Fs7= zRjx19`M>R!IjZW05{}C+R;6Is2I)GWrQM-}M?wXg3TvbuK?ej6DQ1rkd2E~!8yK#! z#AHxn_3k?6b2QZg2h4Ez-1KWM5ehx0E{t2je+BI`cPw>2kX8^QQ<^=z5B_OvIM_6_ zY`o7~YM5C<%`FDRA%8+K&OW#NtXkwe9A@gWdF5GYX>dO4=a|Mwqlx$RTP%I7=^kbo z22(z(&%J(=TS2MkPE;6wp-!``m@DBXJEwLQCB&RBmAVGC84SiR+o*%~f28}oDi)it zQ$04kX<>(l$70nf>7}Fh-uJNMqq81z-O8Q($;DoCcN0JUm}|j~g*!f3wHq?vT&^Lr zk}X{8f{J?@$W&^sLluc-NY?5vYx^5sYBX{1=W166vUyD7<#U4kRSQ2ysd&tco4Qx=Y?hV+$K887 zUr2#MwiJHekTG*=hs11b$I7dfO`!hMx?ZQXMKKlvWgC+5>cXRKLX#ZeQmI~dz^N^!-{w5HpOiLbTpR-hDfS(G|%WT9}eAY5+)&K46 zS#uqr9H2-XOg-Z>RNiAeq?CbCfC1IgZ!P(Y8L;&6EAAℑAu*O?1jt4Xx7b>^rzg zm8^p?)ho}EN=XyguZZ8mtKz-o_3uzAbEm-n?%rgxlPdDNdbbG9dh4|JN1&OJeAaN61H{qUEUpOyaGr5LU_len z^ut$|PQQmG?mC?krv2<;!qo^Q*Kg>ANN9FUerki^Z)dlfPM(yS1=Hcar8ZF9twh7X z2d_m`ESkuAbRphG6Ghh7PmcVR@mrw><~q?sCU|l3?3PuS^bPC>}=cmS{#3 z7>W{}8!AXhjsUq!>0c_C%0P%ogI~8=v>vh;%udw_57Zv92DB5hDdVuD0&jW>3YM@! zFTK+&T~RkXcHuZ9zRueeN#X@X18KM&uKgN@mo&a5e)(K9eP#P-*^0nueUWU2ug(wF z7S7A(yMZiyURyWiUJ)uk&JS#T(aU9A9Pi*~Mm4K|XUJ4<)Y)~t4(SOc@m3#_c-8q- zm0ue`AeH~%9Fo9uAIQJ0cV`a$RK8_pSOFCGr}6enJI4rjF#W|DGhKkEf|guv4O+

a#+RPrq!X*tOMPI_NX*qqG%%^H)Nl7{rcJLG3PT+5+oa+$&F^jBV$z z;}8I~p`LScX_K#vl-p9RgS+$+!u-Xn&Lg6@!Z?@XWaGOE3CVB9I`~6#W5VFQ>;6sN zp>)+^P|fGtVA~^#XNFb!z1|kTE2fiO3Cc0_FpPPh`X3!!^feFGZlS+qf-6NF*3Jma zwgjeys}s4jrbP5}70^w1X8F5Q@)CpjBPIcFSWnwPaRtG!=nd>K0?FOYrX ztf^n2SSebZi)%lSo;bgfho@IV?_XV;WA-!xvJYGudZ4{@6*j0Ac6DV~sUp4x-JJAD z>+6a~d4MEQ&rD~jKHlH*6i(h?tg|!1POfB=VqyUzo$NchF^f9Hl7U-tp z$lI5i_x!MXZ*brBuOc+*sYIgYvjZ7<RfOI`9 zyg2RMpLk5LH)>z7r$i7USaWa3hW$oqXsoU+G9pRIUy-xq-OKN0EFU?GMt_RKVjYQ% zMFK%`dsbN6Y9*<-RSVT_ox1KhW#SCOauY|VsgG?v%f0`nB{_=%%A_#s>m#V@p2gFsRW5t_Tfk|5w9S;*Zq6hp z+G%A+Mmz88qn{thfBW6st9-4Evn>o72b z2}MUZS3axmcfGBh4+%y#GXB`*v{|9g-jmg@TLZ=oLX)@I>8L(=Mfr#*7pwHUTcplO z90<+|toXp$BEBwiIv}!&$4A8PW`1+a<>jx493(Ll)qhSWrhKVo^mo{Xe}G3(dVkCw zFo=M#mo{r0?flsK)c{YnbChXacV@!=^~Xtk#BbUdQ(0o=XmtD4`rvg_qhs-#ng$QZ z;9V1CwBsetP$n;Gzs6znIf<IzNg8vrDXE!mEX6`+>&UwnABAllm^e(si-; z@@Id-@s<7K=JoXr9Qyxm{i_7|zX9prIp5OK{UmU6C3JN~IOat_r#@6Z3O2l#M&uQ4 z;W0v=u;zI2{ENIhb`X#I+lb0Z;Jn;o(>t?)K(;vcO5$dBN7Q}eZ`q+z4^kxYl}K5| z?5|sCfu{XhrP-{VoWyszFl15hflp)W>j!P!A(8zxC6}c*Zk;w}G03-n08&abfA(;w zD-5;17|_G>cvG+Ob_$dc7^*w}+KK+%BGr)Wioj6SfTu_s-D7MWC%e5RY|cF0z;9Gm zDSg(T_dW=A0lIF*+Eb75M^-+_DNV*%ef!V`TF-~;C0C0(+h73&a-5IJ$-Aq*!o$_W4zR#6`7q`CnUg( zOX{~=H~o=PX2*YkhZ(K_92(4p0?R#IPcIV+5Juyco7CW8C)0MPGUU=!G@zqr%M`i} zK~H8~_FQ|dgT3{9Av!StYF(ox$d2fv_E>7}87f~W?@7aWv>G>#UN4*O9Nq}3ZGMb* z9`}c3;2srA!Vk*-9@zV6>!QQLKolpMw~>z=Q0uHCJ8)yDl*9Q zWyBS2-F!^#qolAJTd9>~o_(TkVRJK0Zj3Tbg-$LdRrW>kmVIMyqRB_9Q={pHf7BO? zx44*`BuEO zD>K{bx@Yf0&$Y$SrAHm=(eifG?lDy?eL=}Hv<*- zgnzbz5ep*r;GB|IHe5hR;WOL!yq-pna4v7RI;&*i^mi%$VieS$f{lrj1lo&Qiqi5n z-#R!&hcXa2f+YT62tIJF<;Gpa0{QXq^tskC+Ot3|FXqF8TWdXy%c5r}i_cFMyxB>T zTsz8*k&jc|z8n7dZq%y2d{5H}Y#S;D7JEbHUiCRK7)jCNldDI-V`Xqw7>naz<11<) ztk0>bC>`j&(*#2hB_&4}&!r)j%Gf%uf12LrRc&-_3`^m)IrSIdHO;0n!>&XeTJa}# z4NuRfq8p>QJa4jt_T;((`Y-CLSYN8eJ=m@ZTUq%;6Y^%Y9?_QzCpqtyzz2Ri-;3di z1Q$^~WV|duwv1g*o?n2u`Nnl9ulmTq8 zkUAcZm=u_<9RqYU^QNAzd=hp=W%c4H6YHRD&3pCa=P_@v2nU~h;;UzPa8l>H*O6!zivxdmUVp?DdS4Pt*#hOFY_PFxVB19fO47x zk_)830Qx^_c33M4ij$+sNO}5EhfD8};*!p$x@gW-O4953- z5fK*eM=2-aO@@8RkMT!-iwMLyOkjskAjkQPB%dQN7Pi;p=G{< zh3lS)5#vhhDcgRqBV4-bD3e*R_%WJy9L1+J-Vp?s^s&rNnZ|vt5%g#P+-0V*o=(h- zF;d<<6nS99_;~nABEQFC&{-s~XQuudEi4Gl3A>@az44$&RdEE+3D8`Fm1je9(}5g@ zucv2(`y4Ecnh70SnD6zA-dz!b3-18E|5WuJ*%#Ph|x z@RWZ-^PNV!*Hg)0%-##IhL0OFq_r;Jz2dI9{bNQ(P=n5Pg;~$p10(%DmmLd!C8(B+ zv*qym!Hl``>YMjjRNPL9E==BVZx5|xHJ;d4BUrkJ6Y3poS>Bt|pSOv8vYA!f7sr!g z4Fg*b57}GY^h+5HZIy}= zncO?XM)zAF(7}3oR9M{;{ZjyBvd^6nKV&+PJFs_4&SCp*=4kTu?B=erud`(VJ04nb z{2m7Kn;$cV6=`@+%+}Df+T>0Ai$n=Z5 zHkNV=^*!eFx2pHq_`pr|ZrI?!rxmtIZEJv|#7;zj6q)%U;whh^QB9ZIXW^{$AcpVq3Oe& zLNS0pSnJl?F1UZ^6>cU*Jtg|GhyL6KT443XEy4V_>8hr-W4I6SX)wS(J^yWk;$QW^ zYV3US6{53p-t0Bq`7n`o-AT1Kh72~TDk~yZMKthn(G(wH1Z3BN%zC=ntX;<8*HE+2 zeA;&W+&mEyHVZ`OIx4Q!v(t7Qs_@sY{yg=E&W9Tm&cJ0Q+}B$hGh1&BhWxtIB)F1U zN@{j%r4uA|3R>?SzQX;=#&+}moA z*l`Ru>sd4W-kn7XTp#-UtwF>bVR!hhDp`rV!Qm7%ODyk-naxI9_hmo!JYUc_O0aM> zH^D{q1l{ZPCJh62d9+hf>>&IXiWUx)!efj&xZc0K7)Rl^?AuXqPskNrp>iG8!s_6j z7-oZeepve_g7dpQ0tX5UzYdh=WY<5QLw%Vxkw5sWDx@+_a`!ovU0%w@AM4pSp0cRz zv;@R1-l2thznDXd=AO#5)6I#s6G5J;Ku_fGTYDqK$q*+q+qdmzNFVbd@%^M`QkQaY z*5M$uQ-d*wgI_I;rX$9JfZh-Us74QnnHVlB(cz0fi*#SSrsHYR<1BsN@cxvmbOIN% zaul^zzCln7QPJw>SZbX2^s^5A%_4=)d=`L@1g0A2@QHv z$2wMav*FSNI?uy-JKkeCPwK+8o-_|jqG38Ww^Zq_ggS|P>0pjmpY2AL!$W0(z;(E6Sf9F+T zyg=>ztC;~!wCZWm2qca7Z6ddJWMX{A2k0$c3D_IxZhInDY^C#ypRwddJ?@rI>K{v? zhR6%Doq?GKiCqSG(y&*#>8HXQ47cU5pUYttm2Hn;U9>K*rys4$QXe@kI@or5l7cCh zY)NQ(#L^GmIsm`5#Kg0yhGT#Fs<$iQ!{*IzK4@#K{GsH%#qJ8#fX08Md}SPQ4UZr z(t#zJ<6{Kz4ER|@i-_u!of8QXQex=+yqS#8*kz5k1}`hqy-%q``GbPyW|7%ceo)uo?gWsiQ(D#Rnvu~)fn1V zvu~KjlkE-!13a)p41mKci}Pwu-&`|!Es3OHsC8x<)Qu@Gk;mmh7Cp30pteh>jBEx? zMiT$u>KM6zl+d61m`-yxbsL%3GD<=2@w+mCZQ7k%(_0c;O(WHuK5)2%qD8*{U#j3m z!>*U1o*jLIJ3oBbSe~En&%ALKXf-DRHZ^H_`sM4Tp0J~Fn_NgpA(;?()4wXdYq4<= zz9sQp+ThTtZ-+>kjg zr>o(oCu!_~zoNB2h1^DhfIwgvz#BB=JxGgfRuidx*@tUr=`}oSgk@>wv_i;_%TE@$ zo_8UyN$@?#99YequZud*E?N1&&+Fav<`~h`}DXL@a<*0Si@{6caisB1B3+6r?M?M|ushpmZWd5orntDkXqGsEH!I z3J3uL1PBlygx*uQ3BU85^PO|=S@(a}x><{qmwD&iGqY#!=h=Htw2`3>+iAYjOiWB{ zAlmb46<)H9K?Nsdul$=annJ?a>&{ zJDc%5-r)Mc<2;pLoD!UOAMl)FAHH|~rS|Cyv8+DVS<9+eDXhk)@;En@5OoSadb`wq zIQQ<fO(ar-9RL9R#*roU(mU=9nXvNdk@z! zBy@V#hT|OsFbe_7Vk+_Tt`0v?sG5m= z2i3sB+)mida!~T;ikBYf2o!*=6nc`;t@Sxn`k0wCc*^=VxQ;ujw#S3^6(KPhUW9eE z;;h>}TvrSJ1gL;Z5N4Hqf?s2!18>a|2S`5F4jD8|=h6mPv?nz*rd+3`QxI>mF-^2R z9l*=zd;o*c(lHNZbZv8r-t~0*GhjO#KMxUqWiKwf_WD)|Yho|hVX(PL_0w8qvN>f* zqnjE7p3m;lD5F#d?M>HgPZM!R0!EIc3o|+~y6v&~HR<=J9ApEM{&xh87$9YMiDo3( zF9+@WwMJQ0+r%q>KEvYlU@S{4n-g1RP_-Igo|F}E>2q%o^|JxHFHOXz*SoQ&lqa{2IA1`mN3rPU7-T4OWeL)Ni5<7k)`~^cV51!IET& zVUf=moJ$7Z!=2mGr=hPj9b>lgN@K0LDalEy#Vm|rwcb4()?2^Y98U>962@q5ii#4c zTzzoamX>;ypJ%kSQ_ZjHMJ(XPCrEnPS|!w7j%r>f+?s3n+x;SAba_$nf{%Q7I4b=g z1gPw7%m`&$iaoce(N$=_8BORn8_`({{O+vZ)?H(V-ex%yT9RA_{otPBQztUmtdwbJ zjH|W2U!SROCx|`Kijfqhco*aL*K%@q?*hWgFCiQ?d3(b%fc=BxaM{HWoSEmMc9(V4 z7|%(Aat+@WO5LN@v%m2J_+Idwj>D6zik43TxcPm;PnqViej;&}=&kZ&AVfn2m9;WU zYgE?4Fw^CIex$4~_x@ST>nDcleH-l%{l-ck)?#5G`0{U_WIN0jFXG}>hUg9~H0y&> z?{-_ZusK%Ts@E zi>GY<_?n9(0;}F^Y%|%eq36n_an$?9eb0n=a$snE#jv~v%Q)rK*C9>#5->I(3?JYn zr25giWwWvZulV#9P6dy5&mQ;@>p-_p^gVGE5c05nD&*+Zf~>AtmI~7nkJMxsH)6V z@4w>Ip;&H_Z6N0ZbrOfhKn|Sjg?cFLXE(Z_()vlr9U0|zA#ARM8(;LfZocrB5>LKs zvhl%ny!HpeBSpN)CU@(Xk3#Pai}D_ljo=6wq-U7Uk60U=?%z69^vTU)1r5};vPB(3 z@Si7|?!m7sFI{Zdaxf%=o_PA^yqlSeo(_py7ma>*4*z&7ROi9RFl}e4KADmcsf5sN ztOhDT&KO1fMN<+T_SGOxOd(Ss6$;>=IlN{?f-vLq3Uq|w8NOOdyjpWe%{k3(YkKwEKu^}qx zR!=PZ$2@dXo$1|=;(uti-Nd0CAn$6_MXa&?n_Z$X9Rcx~9%n@x?+9pLi~;fk(; z0=At!3FnVGWptWZ8MXju#k_mUF?36igt*p&>dOkxu%~@LPjOnfXwluM!+Y{t8%C0M z4RM=8*1N0SpJa6%cFbH|LmRfZCzm{26-=E_dbfX~&UHw0>FS8KkXeFP#=VODk3`jU z-kQ<1#Ia8F<5Eo$D0j+K3dll69kK zvlLo5ZkeNPY31!L8!?kHk=E-WEn-al0cJe;c!hSCZ7k1CWnY6ePf3Fq;Su41Dny8P z1{aV^6=2eJ`gO9Eu(&t@{B5GNv;r>Q3LgHR-SUgD!CY1^J7oeH95~fGIoP@*Rmxgnqy|00xJA9G zrMFQ%DMRB(cyZXtOH53Y0!rgDCbXOFyN?Pek_L=6H=>45(LWISd(5{8zn1qn}N*v2h#?eBp-pY#&YXP<7{bfvt4#O{6h%{NaR>8vuDmC5fwd718O{;TdcDi5i?0b|^FsRT5 zRmgZ@od%e_;yW;ph@s3elh-HVq<+;`+9GOyIC54Iu`O06~#K=NLEw zb*d^|U>Wiy%lo&;L5k+))-UbNDF7&=Ynrf;(sX*MwQYZW+C4D_{D)!MnI<?exE0e8+2+PTRA9?8;SxkY&e z0y^^wHZYgurVLm##@7mhnPK4+D1+F)dXh}^1MOSGq<_OIb-l-zcPj!CK9q4$qiKUJ zowYcPr9Vndo8(K! zi6jL3g&C--4pEyCSBiV1@m@`x*Ce3o94&(m&lK*I-;OK(3t^cUn)N?{zoor2kX_eV z|F=W?JL)`7V(|rv@pc(sZjEWEpyy_*pvvJo{mea_X$`J6;*oW~bwYdgWDD3nb=q2z z+m-7{$>kX6J18ftAmj}U>pR=HeCc%F^TE0lY%$OEmb8oG{&guqs(UYcD%lbcu7thn zAqX|7&)WxlBG`71wsZnq{~pSIne08GYZj=9`bvb_Rz}y#0EV02^W!gzWfZJpbLUo! zE-lL!4ACAhz3qaZ?o_+(*S~L%^gmPsCc&uTd1H~S2UCd;Wck93FUE2dkKHMp?27Ha z(ULdp4{dSRRxjACd^LIkRG~u?ZXdlj6~bj%k1Y^QI-((#$R>p`<+OioJr-mY3bLrD z8wXETS_>wIhLKAe&JizHcR#l(0B=Q*TFXR z!|bRW$uHCX5B$-PCCDP8Rmpu`X5a0`SwBvw=#2farOZ=@fhTvXw5N`025yw?t&O@5 z&h_1cEq!6wJ0>QzLsz*Nstsuf>Huzy>f?$m+TB(&x*_l7L6#v6yXnGdw5slouI6b8HEpB5+>Xa`Rm0a8r(k1$7ZSM; zxp?=HkqdS|<9zpGI@_s1->D7BluO$6YV7Tp3(hzfux5`O?9r+4ADgFV5IEsA)CatI z%&R9q#t9IWZGGDp?{QAk_wMy_85_PQ_2w4Sc>Zu7u1(hK;d#1@A=(Hs+ZoHt$Cl2$ ziGc_icN{lNEd|MS%4*k;9aPDxoGO@h&XxAEn5;FH=N01@X$!mheJNDHJ%b)AlQ8W4 z93+1ES&yH96MF7iXG+e7vvbjB4<;IopG)3==dP zF;U`8lFrQ}SA8H~#Fql$%d0v%wuiC?sr+}(dCPcSC~nsE!k*IMzb|o>^>Li;*!@OO z<$AwOyy3OfZpJkEJnWX#N@pSv)W{*G*8I;dc0Y8K(^;Atuqh4)CB@cp;b?GTsWF4& zGcg^pyT%lzcyde_lqFgYejhD=c=egz|A}inY)XIA(el{5G+X)YHh3an?N@!MRHT`C zfs5ZN#HVILMr?1lv)mY$iYIL{{PVtO=|TY4tW6v^np;|DfUz!*$NqiK~yHA79@-qhQ%Tk!icu#73`v{L(N64Xg*XcerR?PO}RY|VsfqDtMWc)OPt1qW7sG$K{ zoEm-PnPXc)>B6+FYU7rLgZqdM>f4+sgCsM&mJRE8<;EVsnlx8s-l}<}O2aXn(PjNv zyIewZGQunIBH+eQtCrl2Oe*faI{u9wO@bK7$;EaS37U4`(yRkx?2GD;2tD8|1FgGV za!eMU;;84^kKcISkw70@a|k_IG8h5G@&# z-27MG_)tx;?2g+NBVOrIV_eyhpYd1+tk9WAyZz?pz66!9< z!t*w_^m)vZhn!wTEDT&!kImvLB#KnVjzT)+%p-431Xg+zTM2Vofi~C4v83_p(`V+f zcO3~zgphr=S@w{S2xSvNGwg!bd$xo}UEg?1V*w=^ zuS2MHS(_1+K)kKD#=IV0nCVT{bhQ+lVGwuYfN1xn!lm3@)jpJMdV|AT)Q?*5m5cZmC6{Cm|!A^$qvc?y?Nw;ovI+ylDg`+@ql zda5PtCpJla$PMcL(2!)jpk#W460RiF9V)@QGxf27w8Nv?yToZ}fv&_O{@mQ0BA;np z9z3+;iVW7belclvv4FHC43wR$@Nulm*d*J_ecrU!-+IOpP;dH2!N5W!(;ZYZyo}OX zX+>TZuI|3-B;}g0tqb&izug$VNDnvE$K~EzU_>0sa3t_n1$eg$Hx2}d3%O_i8wjY= zQP0wQLvi92kNFP$+G>{CNgg8dM~4KG>P#+t{XrLh&WD9hecFO^F4ERg_`ub*SXKnD zVf6z^6?7o98J2xnOBaGj(oS2C2s12l5EtFBzYE)nnFvWrhse0ha@qAuh){!%GzjJr z6>KC$t6g(y7m*q$w{k%cDo5dc8yChyv|F9*DMTlx#l()K3Q+k)xqQs)nU8O%cPj!$ zCXp|4z6z#?#v_DaH%GnSmFiviTKSJ$*VXT!mnr8{j{+Lt-a;iK*l>8c?~~Nw@=eOn z!0#5@E5Ah^kfue$Vd0xPKmSZT^3U&|3UEYSb!hQdUJc+cZl`& z8WoPN^$@Z}eAsGzJ!73GBzx}5!b#1luLT=K0elg}D9>XRdrPXa@s5F?;?4K;-`oS-kt8kpp+C+x-B7Et!#!X-zwY_R1*8w{x*x zVSP^2;BQN^{qcoSHaIR7)mHbd&B2Z@E?cL3o1Qvor|Fz;Ni7NfeP&pj-)wO=)`jHZ zQhZXOPe|Rif?5?A4mPV#R#G^vDxK13%^igDGF1Y3_to?)Q6e; z>a%Zo^=+AFwGjp}=HZ~#aj~}}xGPs04D*A)36C~6v!Be7N>;(G&PmuMq@0`2+{bCG z>Bl(HZr6U#GJDn6GitIaI<1)UAFZ~biE;;AFz&m&vhbV>13iY`R)!^2H8&bZWr#t2 zWKXA?U@lmbUC}+8$8L05->c^cdl7DRoNs@zZ#X#3m*C;?1!YllT<6K@l*W zr-E)0|E_V*4+mGRoOVT}p~lK4L_xifhF!@e#DuWilDsBkSeF?-E?ro*s}3%-9r@w8 z=xF>)bpYpLQ@qR`DB5hUEFjo_0s~<*eM@h8=QgiqW=LyezsBN9i^ia4_nV`u%w=b6 ze@S{IMTl`v_~cHtr36A6jB>7#{g4){9*>Gg zG6DljmZ$9!eHte66P5Bvu^)MH*Kxr`pqx)p@&7KA{(z1y5b7*eWb_~*)=_B8g%ie;;F zwPSs^Q2$<2P!&CwWWb)r-4{p}ZQlcobZe`^1BSGbyyvGYwo^=oDQ$C`?Fl1U$@7Kp zLODH>>SgP^JeI1b4yVSbz{ACZ>4V*DqiFOCgCyB0?alF7iFcX)!Na1_UoI7zE*qb* ziZn>V*g;^sHA=gKhw+r>avg6rJmrsr4hB?$b1!SWE)SocabTY-lnhw%w)Cq74=bd} z)lh)9uiKtf$u#pZ%f)`zjJFc!a-$lSzoRlPgp7l@@`7iKwf)%W< zx^v7a$_=JwY_1L1yXQL5|C$->=VvT%w#$zd0s@yd4=dBBm zWH-0@Y|&93<=-yXr+zYVPR?_{Vm)oHo!!3XB~#S8z}u(w12yK1-rp~`hG%%AZ(`J1 z=WE?r2&JGyb%kqrSlMeT_au3GmWRXGvp8n#d>V4ZoyNr`!u44nT**)It!VjPsn?j0 zE^I8ybpiE!#B{P%t^lHJF-lGs#?G*xh{3xFEe4I;KwZdsFt0N%={-iy)67WQNp_FF?Vftf^TO98R!m^{>Eq2@mN)&nfHomMq#*N7k);|?f8`5PT>Pb={$8_Oq`)+v29P{jK_Cp0GqzM5PKcd4?y z&$~uMB%s}^qw@5L25YAPUXwfGh9y%Rqn^jL4O)%--lYpmqTdnRXW37j&M{qb!D}z) z0+w%|@Ed_EZO1Ivc_lURtdPwlfg7CIt?b9c|GD~oi+%7FZzvgK)3>oT-*PC#PbEh! z{YC?MHL>naOO5`SL9uSY(=E?!|1!WYYq2s>^D5}*F;!4gGg8cDcFAA=^V@{JhLV8$ zF(-YqLNoI|=>Rl}$MkbQDa@1DS*RC75PcoT$x3lW;sXVLe~&nZTRTgApZ;)W=uM%o zJYnk6YT`BA?*8iC!Tc&vRbBuESl(75GAl^TT1Tfqb!| zIMi5Q+FAu$y-!=?<9puxvp9xP@vB1-U^v=A>!krZ zlglLPp5Myc8(U4(Hqnitr_YR_CLJie_a0AM@N$F=U#-5V;^MQ`jd>&3%{`<*hz2|BuAa48R+bw z!nasF{_dFkgsil4p&N=33`gw`aY`A zpbMWWH!N3K`0b9W)cY{!ClsDDkGvP;i2k-0Q3Gh>LPI0|>5!G)A#*cG|5ib;$&8ql;)0_0<}drjCS5kDh2 zvlpvFcKqkRhUsQ#@a>@vEfe@KcRfb;it?x^#e)P}?HWU*@5jx|e^1H>|Hv6WC6^&) z+co@unv>6bOh#}?lwbw2hk7n34CQF{p+|#)IX`{~NOyNqTZU*(kdCjmH)l4?d8BrZ z3b~=pYgHnuLHpmipZpuwH}~KU8Qz=8mg1Q6SI7d+_i5vi)uO}R;F`=IYp%0LEDpZo ze|9X-1EsIw3(JQ~=CqLBDr6lz@~77tgGw@;`)7DYQq|MYe^1SW3U(I?|CO454bi>( zn?ux>-D;7yb*cyKe~!gV1@#A_@#YDK-JZKbQYcHgOxsbg8>VM z$(~rQmU3Z=J>GqEq-oXr(#cq#CjjUZ@&n0BK?G=5sAX>%c_IP7TKVhD(ovyJu9 zA9@P%zgDyNCo{E!W)})9IdXKribccFgRk{1)+JF7{{vuJDR}fR^*!f|0nBCg z3}c*^OVe>Fbdqoz#qxmNL$b>N*3c1LxF&5&trw#)#`+|X5z}aoXBk(KQ_G|T`!v=V zDl+KOk)@=L;eRFS9lC3LreWIz6<%y)%{_^N^7J=$8Rj`wNWExeGS0=@^A( zO*Hpd^UD6HdwMtHE}+z^t~9y=^kBF-zO^zn546*^I~pLkV<~Hsa?G;gJidy1U^%Gb z9mdl#(F_?I(F0)~tl#__3n1-Q&;$lB{RxE;%uwRyW*c+@6L`D0mC2Hlztw6#%O0?1 znOA9O0f<9r^MuwrJ3t+X&w2vTp7299F)YAHLHlT}TTm++vNmT~zR+{{5Rt-vaen7| zQ~f9oVLIjiPN)2#%XG>wQe8ZQE(JL!(}yzNWIoDD{?>}A+K^A+`+^Hu%W0y$(fM8g zZ4}!(izb)AF38%H2n-lvluu9}J2r&=#n(8rLEgWZ{xKRELQj*|LmE(tUjs2HMsED? zZ!55qrygBB6Srpa+3^jme1lxQl0+Z>FaU{}ioU9&1VB8Oz8(;n>+YfG@Ys|0taZk`TLr1SJ zb)aSAIenjb)(Ap|G{{<#JJnmkvS?RcLEFfAv)F-Oi@t2=R}am(7sCq$EXnPi3;1&k zWew0_gx0LI`}p_E&gz`pKCJj|B(V3?I$+lgxfcf zo~BNQZ&HywaTgzGzZ5E2AxE`uCF#pn#f0n%0sTYr+V>dI`hW#g^AX5hx6x(I+sYGJima%<)@XbF9>na z@|Zv~sner&txieqSGt$A`5L?Z>n&31 z#qx?c(=}(RFYF&ZE1~PzplCbm#xg#VdPVfpPj1wL6JFB9Bg3?>Dd7{;)JXlv?#hZ2*}`Oei-6P^k$==g>HdVca6Ae?LY0%0?8zK}v^{Hwn*yiz3& zEX*n2oAPl*L8m>E810zUc<5kdazh-bzp~#QT{*ebj9A;tV9bay?6soe~`*Fm4}uouiw-#5#9_O>O-*b=)eVOCuyj zrD&zE7@503NuORuJ7&1z@6W=S>(nm1%dA{O7E-zPOi_R^81{y&^o%>xxdIPeQTxO^ z)8wfSQl|)i$sD7i{x%o=v%M?Q{l{)f!t3ChnFK(nLg0piYx0Z-n()lm z`RtvZiJjLOZbA_4x>c?fh_82EMprx+B3R~9SqMZ3o8zUVF9w4m-hI6=1TB4I@H^ANAz+NNAJR8KNje#OwVL> z9mGaVyN&icI6O%_vdd%P4bxx+4w=e}jq9@&x<8z;!xiS8P3UHbAHcpRQxRLVsCKUT zuSzs7SCdKwiqg`uP3;FtWZzYp*s)U;iNzE^0t+S~!ON31%4F6?Cspi!Esyjfk^d(zDsY5a>`=N0mu9_J=2 zcN@O%JIGP1v0U^lj+SLvcksr&IEhr=05JVbon0Y3?Rwo)R^8ny0DT&h_6gHr8lz;Z z8zz~>O&Upu?3y{q z8wdGXZTqyaX@@hhwb}JkV;+s%)EfJ$?&Sd$sWej{nRo zLl3Y^DZOPWA2pXhq%xI?Icll!QqlP7s|K6vCaIPBBiS{~R$X>8qW*HfeqR;2CM?1P z0h8u1S4G)FaejLVl7Gc9YoRNw$_@CH+w_Ue6Q&e~C+CG87|bTo&QSfek`(HHQ`O?U zWj>WpSG~O%Bp`X*Y{cxOv14srf&bFgxFNc( zlCP30zhX^^=RgTzY?G|w{Oj%W+@YGr7!K>|ZxOGZ(kg;sD0uagFF@}FtLI?nP6On- zF186jJ$?D4gYPQO9U04B3lGdQad?!pI*9dj+MWl89tcvKppC0G=I)S}%9Q_Q~7!>9_gKuERXa zI+N!|%=uxq4rnfatQ+;h%>6bDlc2$fk)g!_(pqVV!}{ao`rZc4>q<;r`GSF(povrn zlaQ9&$%hq5%C3eM9mG>U+Z>m$07WjP6YI4oD(dZq56ix&#YX=Px_QY(H!cs7A>*2M z<)|b{4EOK!v0f9Zh4(x>&CY#Y8~c6!^!_#wq`09)3suLRR;KXt{K-`_T|-9&^`?|q zSH)xZ%Cy5fWn`Z_ID1k^ZfMVd?+D48F!4DN`nESS0u+hmrWZL~wdsf!0^>gR=*MECPbr z+yWL_a3$N=0L1rfUqb!g#S=`H68sVE^QeN*2J2XUUC(I(yr_x`XLsd~ObAo1=o9&ASD zweaZ;IsWVmgsD2c{PxE<@2mOAWdK(;xfjn``FzT30iemrCjQwJiqZ((z!wH>xR3K- zHb{Pk1bb^Q(Jrmvo<_M5GU~06eezv9IKvx77agdgJg+s-YBhtQa`oL*wRn8aW4Wg3 zDyec)(rsLTTz;ld(%58}Y6a}%<_Fhqq>G-fM*@5{Qi0rDbUTq78%n$W=ApNv(Vl&* zHHy7BlkMNExn-EVyez$}+V(e$Nl0hJD2*<0OElIhs6XAn-lvz<4h4GfTAN;IpI+pE zUi4yry~I7vzhR#i`4sh~wPdebE!n+W@AH%Ax#c_1E1KIw>B8TGYua3sL!#FXT`5_8 z$BwN7#$!~6;^7NXvY8JT1ggnfKDK*mS*04|UtWM9U2F5`NuP6Xs(A@>-0r)!kz6+J zSi2t-l>$xJN8aVL@9pVBUx%F;o;7z_^5|nMzGVrn8^d0^10>aZbo;K~e6Dl(f2$ch zL?ZOJ|2;(V{|-iCGGs7VAkK<$Ji)4UAt22|6L%~hYo1b?1E37sjm$O*vyV;k|`?wYA9z1p0f32P*3W||Go7K4Br)nz-L~X~{>u#3}2xzci z6oKR~=)!2&xY|PVpvD@q0QJ6@nh8mMm)#RwHwqaNjLpc@8<-8-sSi8RhoIM}XTJbv zgnF;`6aPFtwP7A*pPj2V|C>MPblqHL7Y=iW2)}}UU0Gj`E2w7s0PKxs{uDVZ?gRUL zi7QJWX8TG?EM7DUm zvih6I$mi||;lA$Aui8*P_F6En{)&osx-AEaXeb-L+bAP7@MZm5VGXk*Zi`b8 zbFMjBAN6w>Tuv(Z(dnJs^x=q;dC?5Nje<8sCgFY;TW)=^w;}l0qkwKz z4#nVz5J6Y`Qus{&kN2o{B&d9J;X{|^sTIoc4el&cpsz%)gvIciq zVP3}A-@@HRTF+eVPzt&}C^tkf90y|0$6oiea-FSRDqb0)EfO5XDNeD@+=#QuXV5;E z04_acX_KLr5r%rVomb9H+$*=9Md_?4fG_Xj5UrWjh?e{ITEC5lyEX^VwtO#(JBY=e z4OKsq6$mh!DK7lLZYRBd@gpW(pkp_Aw7fcsbZzZYt9iQ47qy~=qN&l~luL!(w(tPK z_@-YkhR21Ni^rnQRX~sYtSk3Q;i!C;3mToB&hgh;94orMOKi%cN9NP2CArI;g!mIZ z9n7%`?!B9qUioDPg6>LzhHXOx&)IPG&3ynK@@lM0b?nb~dewsk&699<9LRr)<&GEn zS%VjStcvupw$LhAOnM>PAIkJ9wDjNLy7o7q47eoRx@6_n zbYGqtb+jF==8HuO()G3&?I!hZlOnqLd70e2y8WOe`4O&w_IMNn?euw%Da)R;Z+42T zKHIF!leDa_^SPHsm2Z0&zy_VQ*Ij1G7e{8#jSBGzX4kFU`g3!51lx*Lh8LFYZg}=> z_m2t16GDfKR{wem_VrxTai^&$Zn!9(O=w2ZPKnR@?I3kg2~0m*jRAkTA?TnKmRoF3 z<%nZN)6;&^Ht`ZR$obrwQc|swDDdYkJq@AIn4z8*ir=K!U3FYKTl?>qqAcLf?IJFa z{N6m37PkF_^Y-7DbokAFuVL&VP@zk*z3W(xRlFC1`^QRQd#*>SKkjzVw#fSF?PNdC zd0brKUzyMFPxidBeWoO`<7F#_1Ton;6J_7-B_xwn_T$obv^5yEx-<6guU+DJK_tHB zg3hPAHttuoHrjG(Wc>(zszvU-Q&(uEF0+l7yl}XyUEt?*R`?ZX)C2}y2MVSQDeqVV zWs0U7^Q|tWLp}0pO9QuxVL8II=U)14e14F#Y|9wDxev=|`iz2WTv@)^BU@?TrBn1e z?!lwe5C~L<%wKER3%QdqMEL8TYbh4mo~s7KKrw{9&htrbyjQ~c%IwncJ=^Y^Rm28q zo(zFGS_sjW*X;I0CVEWoBcM`KW1)vPyAIK-qJdXyaM%b}q^ayI6jO~O#&37dq_}!06{Lzu6t-izXSnrvvz#)94`GyqqHM$quS}1<_N%=nt^z{n-Z1H#nx>?`(ZxYo&Fzo(h=aWYBUzRH zGCj;sH6nMB&~9i!tH?dVFYM)}f`P%|kP{Yh-!te%)mUsWMOHN%S<8#UnVZ>=DG#VNpu<0CnBw`FNHX4&K| zoAwb7Xf34P@a_YuGkQ-IiQcE;YN*3h>vbaXz-xcM5O+|F%`Q&hZLIWw!K4Hb?E9oF zOfoT!t`8^o$@n?{V~XMARFpoX`#YVlzX+8nDeQ0)2AW#dP_l@E zmADz?jNrQw=Nq)zorOeNo_8b9FGS#6CTr$iVV2G-Z~yZFJFRi1G9G@W(<06AN00TG zCr!@t8{{}~ttvk)Whpan8-Hme^B|l#w!K(=*`ZncEA&SPw-zoHYLIUm)ld8w&R*l_ z5${m)ry%^dBCuL~;H~=w?mfQnxLE0)k(-t)?dO1l@6NeN0jH#aW6&+0zk#y|)mgd+ z65pEw(`HDpgN}3b(#n&oixd~y&cRK}P+<7|xP{PpMDkOTD_7t(;%*ysj+Nzjnbn!d zo8bF7=|rPa>;AcH!?!C9zCr=g7gthQH%!i6L{}e?=Euy0`#ng4LawhVL!PB*@JFNn z1U8=(^n`s3KIZv;Obdm9_vYFNe$LjBtu0Z1N2SV15r$q2Q7R*}xTQ84mvp$_y(=2d;#JOSlP7J?C+$IU$ZtEoHa zRcpDHDW0YRUEL)HT&|@jHJ=R&2cM*k_rk;^6%R172a|G|Z&*qdG-+Q}9LwAf-p@?_ zPJ^8qqAj!HvKg5vBRWKX{tG1{EUkFZiKC#zPp-OA3WcE9rls{k{<6q0YA^%37v2irw{W3)!*M~!Z!n!= z>lLH$!F-uj7-xYhC~lgu7uBB2N-9>adCavq;Mh55P&I~)25Ot{+N~i2dkM<&H*kj0 zV?fdN4>E);{`mXq8Dr|c)w(aW>*7i)(HoxS>$8@3tM+%!)~Q_&z!y3c{0O5wJ_cjm zRsvT+OL<<&9zhGRtPEKEQjHSTe2vgL1mH-ys)-YGfF}Vl5==plnpz0`)?NB9?PE18 z!@PgLJh^@|UAQCYZ0l0Is+USe1i!!jsR4t;fna4|)k0q{Qkl2AgpRQ}YQ76v61;U? zN>Z^SBfq?Khwp^DANkRsiGE?!F;2vJ2GEyZ@^K7leQS;ri#QXmdbTqpYd=^aGxTzp zoCPdy*PxO)XIPi{d7zF*n9Q|UUZ7OaW!oR1q(4yvi}mHvWd2I1-R=9Uvq!?;4u!F{ zhBW_BOHgGWDNTH93*@|Q$^N06D&glc41v^@g4QoaRMSs6+xp^+J<#&IBqjQ#J{PLo zBoKK*e7YIOYA(s7@uB=_&F4ILBzDF+%<8})iA_>yc1bLMr%id}Mf!Qh;}JhV55Sv$ zfo^5HLV0qyist5tbmmH;mvjJNr=Se-JDhQDBBq0{aP4?7@>@y~)y!VAAiKy6dbFj@ z87=Xr8WtvD+#8D#8!zI-e?jPMsX6~%qp7LGF0oOz*CMtai|#~1`};LW$V>D>?v}af zkA>~Z1}MvYvt=;<$yU2S*y9SHr#)M2it41+&HWc==q|vUB1| zJkB!%1%NuHL*l{HWFG@gylQ&WukOG|(7tK;l@T!JXsXBXF}ZgG&(PLBRoiBovbi-j zB-d1DO%Qvms>vbX-CC>d+)g5&g^mp0-(P@FNk)ZyygC%`DuEi({_)`4H|eJMIztcs za=l)mFO-5;xCAX{Pk_e9IB2dXp=vUBP`Uf&Sot=hd0z_0#2fwUXjz@+5sR7&LN4TE z&jY`BoC2mik}E~^wP|AlYSI#4M{1uIY$JLk>9&WCPK=y61q}B_#TyCOS^>Mt9wo}Q zVZoy>>xEKz5AvICSnIrpS@MsgLGpjH0cDHDW_2U8+5phfE^BC}q3O=wo_4vIutlvxzajecmnl8(rbW5T zz5#si_rI%hmI-1wVq}}QG4m8chn;p#yo_0W2LR2*C)jZ`b|8|ABmOv>+|%<9dz!_% z5qz_kpfMB@*NgXqn$tWHB4VG_tG3LnJMUZ2#s_5(<)Ct#9rbUSsoVaz@(gXyjmRXi zcGs)0Ug#fW^J7+mlYDN#!XDmb5{WlL1~(P|=rI#%48d9a7Wn1-o;av}@hPlL4ZZDh ziGE&T z``IPI=|dLxlwP6x(+KbvB5t={nr`(nK<-Ce+mSQtZt248UV_O&0RfYYFb4 z@tm%1opW3E;nv(k<9(ri>lZs_Gy0U2PM_P1WKazUMJ}evadG~}t6!>XI%9|aO~oKd zyTTzNLi-nzV=i8~fZ^OPUaOhOK}ORnt3GBZPW0?H<>f!JS{lZEMSownTSw5|E3-TU-~cnGM765{O! zJMP*_qo@E%U-XsZO07rLqylo!wku&aIl5;BCq18{@6Y-9dw%nnci)bjok52HT_{VhZD=i}QTNsyUnbOqI@69Z*_8A{|%moyNZ(?_e zDZ4{B%?VfQP{BH~{XI!;fQsZ=(sb*`l8a2MPgB@B*=EC7SVA6WG|_V%D>nCdLnktQ z65oZPo;YR?Ih^5?ViG{PCEw-mm3i@z(ELdJq5V}O=LR|6q{^0V8%`|jJj4!AD(;wc%3#8=RqdW(H($T7(ho9E z7cbbkCT6>}W@g;yE0fa6!{2wU#g&+qPXY@SwldMz=NY(&t6_qB;@kxHcGln+)5=Ui zq5s%~W>Z+8a7jWVjmGodmw3yaW^u<#4#=#LR{l9qi&^QcZ6)Z)ijIP7D07rGJ>_W3 z$$$BKJSS6-Z^sF`mS5%kczI(#dzGDWE}#FItz@z1%Uu-^O+|ny?7ZVq`uV#HrwxM4 z7`M`IHb`NkXC&{6D^6Ko2{;590QwQ*=P&MXOkA`(JjL*YgMRdihqf9S{CQ6{eACnT z?Bw9?E1_^YHi6$+qRnsXXzmCY|8uUDevXFe24$fa<~(t^jDkc{p@*$EY$-Nebq8zQ zXvzP`rXB(r7}*!seY*Q#BM@5Vnth|p)|M&g<`ReS!4x+tlw4?QK0UOa4O Date: Wed, 27 Apr 2022 16:07:59 +0000 Subject: [PATCH 23/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 31 ++++++++++-------- Install-Kubeadm-Calico/picture/14.png | Bin 0 -> 13450 bytes Install-Kubeadm-Calico/picture/15.png | Bin 0 -> 53650 bytes Install-Kubeadm-Calico/picture/16.png | Bin 0 -> 19658 bytes Install-Kubeadm-Calico/picture/17.png | Bin 0 -> 91324 bytes Install-Kubeadm-Calico/picture/18.png | Bin 0 -> 16035 bytes Install-Kubeadm-Calico/picture/19.png | Bin 0 -> 5748 bytes Install-Kubeadm-Calico/picture/20.png | Bin 0 -> 12932 bytes Install-Kubeadm-Calico/picture/21.png | Bin 0 -> 7531 bytes 9 files changed, 17 insertions(+), 14 deletions(-) create mode 100644 Install-Kubeadm-Calico/picture/14.png create mode 100644 Install-Kubeadm-Calico/picture/15.png create mode 100644 Install-Kubeadm-Calico/picture/16.png create mode 100644 Install-Kubeadm-Calico/picture/17.png create mode 100644 Install-Kubeadm-Calico/picture/18.png create mode 100644 Install-Kubeadm-Calico/picture/19.png create mode 100644 Install-Kubeadm-Calico/picture/20.png create mode 100644 Install-Kubeadm-Calico/picture/21.png diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 687a544..d2bc4a5 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -124,6 +124,9 @@ Calico 维护的网络在默认是 (Node-to-Node Mesh)全互联模式,Cali 是linux内核的驱动程序,可以对数据包进行隧道,上图可以看到两个不同的网络 vlan1 和 vlan2。基于现有的以太网将原始包中的原始IP进行一次封装,通过tunl0解包,这个tunl0类似于网桥,两个宿主机通过tunl0进行通信,和Flannel vxlan的veth很类似。 **举例说明:** +![输入图片说明](../picture/14.png) +![输入图片说明](../picture/15.png) +node1节点上的pod ping node2节点上的pod,通过抓包可以看到,podip进行了一次封装 @@ -196,7 +199,7 @@ calicoctl get bgppeer Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特定 IP 地址范围的 Calico IP 池。 - **6.2 outgoing NAT概念** + **6.2 outgoing NAT概念(IPIP模式)** **Calico IP 池和 NAT** @@ -214,21 +217,21 @@ Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特 为那些路由到禁用 NAT 的网络的 Pod 创建一个具有公共 IP 地址的 IP 池 ( nat-outgoing: false) 验证其他网络设备不会对 pod 流量进行 NAT - **6.3 创建启用natOutgoing示例** + **6.3 启用natOutgoing示例** -创建一个启用了 natOutgoing 的 Calico IPPool。出站 NAT 在托管池中每个工作负载的节点上本地执行。 +查看一个启用了 natOutgoing 的 Calico IPPool。 -``` -apiVersion: projectcalico.org/v3 -kind: IPPool -metadata: - name: no-nat-10.0.0.0-8 -spec: - cidr: 10.0.0.0/8 - disabled: true -``` +![输入图片说明](../picture/16.png) + +抓包从pod访问百度,可以看到是以节点ip地址去访问百度 +![输入图片说明](../picture/18.png) +![输入图片说明](../picture/17.png) + +**6.3 关闭natOutgoing示例** + +配置关闭nat,从pod无法访问百度,证明没有做nat -![输入图片说明](../picture/12.png) +![输入图片说明](../picture/20.png) +![输入图片说明](../picture/19.png) -![输入图片说明](../picture/13.png) \ No newline at end of file diff --git a/Install-Kubeadm-Calico/picture/14.png b/Install-Kubeadm-Calico/picture/14.png new file mode 100644 index 0000000000000000000000000000000000000000..e529448b6293651d2714ef3a4fd28d1bdf0bfd13 GIT binary patch literal 13450 zcmb7r1yqy$|282Fg0zH`bc50@5|T$*PIVs*7uNeJl(F)%Pl)YX(`?<}UP2w4j0M@1U?w`~=tvPB|83c*7?uK{k zH8`~#p7A!t)>?3m{Kz|@*{ZHh$F*ze4zqeg#F;*+QvEi8BhySg$#&?QZHn!D>hc(# z#a6>mA@b0$WV@oY5ret8eBgU5B81KZ$2u**i_$D2}_$Fdqy2AhW2`>u=<-z2pHB=Hp8H~IB-&2L;G#Y6CJ z=m9#+xH*bBIuBJ_x&9b>Q?xM#k>BmO?3F+qGu=oc zEEOW;ue^?C!QVVWrLK0XZnAFNvaXsL+^+ibJGHJQDnt7&Kv6fxb=TYhmrvGOJT5%(&D=(RrgFZ=0CGr36;F*?7We^++jKl9R?>|ozcGsU%w5-#JD1<3PtdS zU}9WjhLYQ#q1@Fp!{t$9@9=Nda>>wNBR|ePz{j|dzD9LkrvjV1Z?1R1=e@C^!#z|N zi=k`a#-HSc7up++NPLz^G9~mO>C%q5PXe>P&I%*Ux;xJ1J3GKu_`*+<1ml`+--p~R zPPbcZB*zXz$SQye;Q{r3DZlRXDHLigyliDRCR8=3UwrWG2-B;EH}|vELqaMJQTl8D z^LBBZtCov8K+RdLJf6Xdz;97{IbYr*cP;(m8Qm+Ihiw&A?5R3k$O>EAIKyiB z-0G#7W7y_Z=*_X<#q7;>kiAFQs{2iB=+ToaQ|{ra&KvRTQ^A|q8&kq-raVySC4A}q znctP_1x*|EYjebL1Ni3g_fAwhCBb#{Y-i*JXbAG@MxMzGRu{tF zzAn1ZmicPJ2?H#Dg?u&NJb@HDr1T_@$%F8ca!fUt{+jeZb5D~Lz8lZh`*eL;B+N0Y zaqV?nnc^ydm>Kzf%!M=RuOYlW6kyRo2A)R-MiVe2FUFVQOE1ZE6S3>P4rV|gnSYuP znIw92>B1RC{P9YO1S8qqMkFbY-ZxU$-9=)Eef_Dg%M;4eRW{JS7u^WHx(f?1`1j{z zN&}zPg#Y`!z?}rZ-}Cs_kIeAtApcA(`h#Y&(>{qjvhTv{npo`4Z&n_?l!J?fZb-E( zm01uJGpjIg5x>wVtmR*9g$oMA>te1;V8qp$zO26bbB!kj00*Q3`-tVb; zlS$SJA}A<{al*0LrALRAxho~Yyr8u*%bpJ&<@MM;>TzsP^4_ak;!-{B%C>n#S158I z(m@2|_|rzu$)!_agFGz%IPL?vp?Dn8IVKxpqAHZF8P}a094{N2)cX(Y&v3tP0%(4j zC+{l_?dTUOGe?bh*mGA{(3^h;4)%s30YI+J zz~*a<^sAO8Z1E%4ADDPPj-fsMe7w(N{&<}hy#p|Yp9%+eyir$>%?xw5*|+cXj^G>S zeISO>2Rg-lR1>6aCzVM?&J$|koAubkR^yHNJ}2K?s`_fNQd>+&(ga&G-I%LpuA3yy zgvq;e3 zn{iW~;g{b#Q~WcZP_`1vy!XtvF?bsuekUoGqF;TtSXok=^(nGBX>{N3rA!SQMKVge zm^l_A0oYhOrt5VIPV28nX-lay;Kh<7zyNYQ9-y{lZh+Lf1fXDU%tiN^B{e*R?wbg~ zRD;Y>_2uE?ST%hzPQdQNZ%N>;StBG>|2_ru=<3ic6FQ#++SDM$e z3T+3N6wjw?Z=hkJg`H2Ek-ULj&Q65(<*y2mW-c~VfmDC-?5jba>(d8YZaLAY7RUTh z{-eBUv7p`AyFIbW&cDx%FZWvaw$8@-m8JR@^n5bsWUGGraef2~1OF?4i>i;%xW)sz z*Y2plJ@K2SsOlw1b8B+F>gR}f3RzTSD7=Y7EYWEW;x@EtZn%->KwB9q#ch4UQf!_7=D|tDjq369i?;0RQ`h*NDobg)%8LMZl!mm^qC8WIO5lT~EA2YRGggrG(H=oer}H6R z8OXelONXl~<;ZOC=!tPDHi2#b_r(V!v;3XBJ4AmHk?o01{Lbp?HPj(emTf$CjfXr1 zfqLd7QcC;v(|teUc-{vbmi)8_hn4SWB!&<7v7=AlEiX;~2)6G9eVJ0THL0e4&=&kH zfMX)lM(eW`A47sldc~I)1EK|E)eX_rX4D+IrtX}UZx0AU4F;gYeS_dl(IX>&xRo6_ zxJamh;&ke5E5gU*S?0;MKF^}+BC?5P;wqI^H{^1E_U>^|_VuPe(j?XE0-NccNN0A5 zWuHu9rW89jae2Xl! zns{Ru;1QBQ*qVNnO_R$tb}uwUC9L^|FH+$5huwZ9C4QP}Vv4b6T?RiMHKl`)O$^N7 z!;vj`_RaO%~bOc9%`wK(nN0zz2WzMPMRCXDg=VbZlPx(J>}?1AEvJ=hEgK6i%M* zy9Wmqx;G*J0%C0L`8X`jB)yVpt12mX3OC)mx;nsS}*UWLWy9x~@w zXgnjpDC{emMT|hJKe6Hf!-7dJ)sYbw{e+w$I=~@;TFQ%q;@mmenY$=J)_A-&G7}q zeckyJ+)8aL`^C}BjwGUQUvgM^#6L*Dz_q2bJq)}X7DBQ8S zdPs_5M_no3!JdS}d>^0g!#SLfsAisDeu`_}!xpN+*QfTQ#?zFMjyh4t8{@#Z0Xmc? z-^Ef@dQHKOMs~?971Fa7@xkw%)(qVA@L)2KF6vnkpz6?lh2oVp2Rn8m0Ab0h#I~}f zA&s(JcO+=az`*(YYiMI>taCfhY-SSAbjh=f#TYkWm>K~#OUIw>J$ zvOUa4aHXLDA!Nlrtr$Yu3){){m8;vTvecL~Am(J|Jwh+QLg3AkvIVI^B#6m+n`lf8 zrQmxwS!^2OH);7NC%WZqFETDHeO>T|6ePv!wM0#owC%kRHRDi{Y^8q;dACS#eogvK zNPC^Kv+Sospfvazs#Jw zFLb^3O;0VhD*Msu%o8o3WE#V`Q(lC5OXRZ%YVm}IfSEjtSY@hheh+=t9XCA^eb)2s zFO|TpnSSdg9^lOEn-<@t!_>hSGU05s-z3{e^aMNkkMqXG>bLW4ZWwhatMDpNz;4^GLKmH%U zb)T^FiE~P;Wn^S+aJ18geL6mG5Y}{&w2+e87(N%2%D7XpxkOb2jbG5HWB*)bLEDK) z#(1?N>mMYsaEyj`tGnpUOkuKu-^{O6-1sSC15sS}ArG@8R2cd_ zY+>}ADh$$GKwM zg5)e)LVS+L&zc)8JE0rKKuRTUJjEJqhNyPdD`)sL8)A9LMXQO~LxJicv~W|xbl`>j z%bDlxhZ<*LRntsnQODD8?&IQR_seW(eIVQgW=RB`iP)>iupVp7$XQg+4PtO;B$G}Q%+1g9_JhP-a(12&%V{|QK33i`g`chuj@zbE z3|tpy1mu@5O1B%4;^s%fGBC^BD!ooL=s+x87K26KsRU^ZiK~62Y?T76Kh%9ivp>{f zbllOR0xuhUI`F+@7tH-pu5d&mX!iW;+V^px0GVkBP4L?F>fLQ4hX?g3HYiK*aT`!l zYUS5NCp9v71lfc*6FWi7+&^iC0?s7+YD^$f6`qyv&OiG81YAlMBGa8ISwy~GR9f#+ zqBGS|=ynL?@*ocUlQTV;RNgr;H`qt1X&a{uUnqB|HQ;1?Vsc&2JSuh%`}ddX1#)yK zChHD6Z843ww|$=@%<&Yr(FTcBT)mva_(EmzF;3|6kvA1bEtQ;3Y_lCAyAN>$0BVmz zS*GDa#{j`cGcn%PLTH4o(7Z?PU$<5R5wcP;3YterL)^^GaU3ooMau)BWK+BzTm1ZYXE}v0? z<-q1vdq_}@>Z#nAv}n<`=wc=Zc7}VsqG@jCFUH(6`9xRoN=VyoPH}VB8qHKIX}S(o z2R7kbxSEeOiMWfJ4`XWUSuOlw&M-ccd`M1~|B(TiKLhq#xp8$DlP#E>{Na5}TKWAb zAE+;K!dSv1m6{kmmc_kyx7Tf9k7+)E!gHj4k8aMUh;G^l{oRwU+n&ty$D&wDRApHC zO;Y(J#kC;2Ek8l~w#|W8N&-)BP8Z=ar8fa90g?u}^D8H`Gr<~6TEH1CRmeph9PoO` z6WX?0S=^~LZQkoXmyzk7d@?J5LF2-7if*lTqj4E$`esTD*6%Na;Z_*P6jUj`T79G) z#`R@hw}z^v2@LkYN6?zay$nB$U=m}s6SAGTj#1F>=z4L_DxI1-r_o0tXf>%GXL+cK z7y7ebNaAU3jDBbTF(50b5SJBc%S5AUZ z)g10(xuEN*K1k@e4CA7@jNF%BiRSnxe*Pztpv_(oYnPBUe_LV)?WkTz!buK@ccMtn zvNptYBR@H)6l?*TSvhkbm1-ja!Ka-bpK1)lNr6iD!jmU#o*l!Yy;*<2d^=!@Hq9OQD3|KNkR>|aDEut#7?3NI ztlb-psijkJd-LnZ(ivuN&$pqReSyH1LKL7{kvyk53Q=&h^GWYWm{NNhnjs-*(fMQu z-6#VlSq3O`BynU5z&D$eeOY}cJKoYQCugVeJV1Z!xUF_P4c&}sPnzQjHe@hi3uJN> zGDi(*VX4CRz|gb^{(B;Ock3oLmsU)D$^lW<7=a+e;%mG*g!Cyj#I=z7mU!>8e4=uL#iCU&3@GNn=VQwizs zpc6XPUGw*8lKXBlU;VuxX_uRPr$J{YB(HO3^U=*>T)X?*)CXA}vwu-{11R5b+LzjU z4>|LiaE#Ze@)5J5{Xxq9!kp`M@)GWiLS#_W$|vF&p>}pW4(f`#U;SqFSg0bR2rhiZ zbB$+TwS>_~%poS1ByAH6-SIX(vN{$6#O8!)JP7Z~N1@}b#+z)5W8p_F+oHIJolk!D zxBvPgwNqr)_ji#}Og&J$YH0?LEv9NN>)-l;mBL`DI0_$`!D)n@2R5iV#+9;Zu_2O*p z^VU$CQDH4F5jKV<-?uj0-qx1Hr1*CLF^sNTM#m($x{2DDi;>M_(hfF>x9rdi6`~C+ zwq%q#55>-cX8XvDp80;v8*W5SL9tNrwPT`*t_-v06}P)dI|Prp*_ZV{*a#m%=!ll^ z{)3$&PcZ-As@eY+@cJzL-zbjgxk%sN(%Rddf}-%eBDg0$6>}nXag_zxhJD`M^Dtd} z<7j?$FkANsH68d(akMh2c+8xMtRVU;by zwHXF}t39)oBBNX+XPh3k5p^+;m#GHKPFS|~^=>L6U7kN&VM*+q~<8!UVDPjK2w z0#D&l7ME|nS^U7vDvju%LG92lA6+^Je*!R~QEE_hUz1==WUbjcflJ%4;oHjWEbNvd zonnXdx7C4OL9uZAL)Unfd`)}*8`@qIf38KYDy?D;+60d2=z`X@cqFH#^?f^_`;8gw z`$4&|-0sV-q7-eYz@GDPm_}6-TCGDbY8JbRAHj=mMDJ&FJ5>y{n4U;Ipq`=4Jf9cq zn7_p9BXSQNSNfwDHjv;MuT<=rj86w)Qu$Z+F;zP_$vcI{OGAxXv(DdtuC9y!J>b*J zn6OS&1#)R?+g%~@9SO>tz5e{HYL`TFXi+?8DdGAw-VFhi>{x9=&*Z@J`(5RSxA0Im zcJ4BmOXTFlTsxBR{ViJ5eydvi@Gaz_?)o-DQWi+pB7Aa{!zTh*mxyJY?|97xP0Kme zk;?E1+-;usOJq<$m>EyVO{s5SOiW~rzG8$mI+T0hnq(FyDYv>1qK( z=z&Q4xNBz%a!CbVTaCk5K{8pxh?5x67G(K|T!(`UcqO3@-YmnxmYb}>o-{# zAbxPb5A1``DxAdT7JA6bvvmbW$mBmT!$#O*;RV89?XeBHOP>q|#OP`m8?QY@Nzqlg zHFY@dla7WbUIQ_|@23YA0W$j}Ohs7}ZN{D&s=|aJ9Yf7_!CISqj4cv~Qe7Q_X0GWz ziQb-d>x8sm(#K9`A}NA`Hf3tXIj0u+Sw82CED-RPF zUT&WlafhPo_bm6)Lj=G6Mw3GEazjzg~U~idiZc2;Xu+yOe4~AoG zdM`}(F}3oSw}YIVoBI|co(WIp?GW{So`lMly>C1VoD>R?Iu&=V<6ZBaR^S=sbzkTW z!(;VRYjurHy0#0g*VM$#IPVmgq*7O#oZw~LDipp9G9X3U{+&~rQDhmY`~A5kMsQGc zb7pFM2m+Q+YuXKXtwVXG9!O+tvs&wD3a`!bflP8kb6s91J+K4Q`NG>7L!63>BF*A5 zvH>MbU#^}qmC}^6b_MUR${5SMiuV>-qgJuVlLp_Fz`)q2lf$qpiW+3hDUx2bUUQG-1scD+29g+_1CY5?b+fv zD2m&qU{$w6%LD!OBUl6t=z51&Fd#TG?v0bM)a{6=C$j7tNPT+987`=+ruzjOBC`Kz zqHm3>co28poJ_3T`^SZ-_?fxVjlvdlGGXm7evLo_H?~ zi{H5+>3Up$f<#V@-Nltplk)}Ro4K|erC{I6ILuofZF>!Qw97Us!r`=s68pkpOz`8L zRc_NPp>iWx?5F+Lo2$P4652FM4cH>fNLMfzd`D?*{*JCg5^Q26QYp#g?b!+dHhSXi zcj1PY_(9Gx&6FSNrK>lp#BY6HZZ~?=Slmq7xAnarjiG+?xPY_H$M( zbD?g6NWVClHfmzPhhD!rdjt$ri;3Rk@tWpf{}n9A2;S~IasK$756yAadh#nrDBtZS z*ypS#k^2lE(13oP_^cln5`_m6pIZ@|(o@2HbLLvQ403NuAA5cA{0=Ry=43?u!Rn8g zey1KLrneaBpD1!6tynFERdQzdr~5^rXDxKgiM|LfYvaY~Nwkz)x8C~l8^KO^_ZhEV zo0gA#uec^(YGZwAFi*-JBoY6zPRwGp$>Kg*C?cZZ(iEvr6o41%h%dRGg{BD5X}|Mm z#CCYhyZmZ*RJhjYfJoXSRmY_bjG~?#R(Sjz)h@q1DA`Ii-B^Yiq6)2|+JC6j;suekDo-Vq6f3t$FV^Kc6^#T->0GJsqKluxomi01Ss8s-xKD{}5Qg-14 zD5GTVAs^DdhqH1~d?N)h5XeNAT%Q6|i z?4>VHFVCfcGi*`UFKYy_8vvl<$iHVVN}qX1NmS+WNoDLw^#>&Ho+ovy`EE|k5AXN{ z+1}TWwtwqo5@T<3v%JasjTOUv27ms`3#00>BB6P48dd46^zpJ2N6s6Ef`%rZ{%I}P z5Z+=7BFWr6gAl+ga< zp*(dnI9LRAJWB=taODV2&Q{UdWcd0a7e(+?YGr_vfr4r~#wD|ZaB!~;82b5eX|!W? z-{{8k%QTTbt&-Lez+w7_8si{*OQKa!B2iYw_`uGt>J0d@z7FcDF{!2@HN=;uBEu zS*iH7>@=<3F|ofUu-oTr88TGf^X$OI8U#F(`+mpP*X7DW8eT8Y#aC&Fh*;o8rR?dHO-T>^TlyW*vI2W&iFMOJMjy0 zHb1P>k4Y}iy~2A5&!7~krbP<~pPg3byuj{3kd;8&a3>ym6N zoy+9TX>Th}GnT{LY5aC5e7SzDIo2MLi zwkWEE!|s5>EwAX9k$5ln>^Co-bSL>x%=x=Bfb3{tC`=&rh{tvj8m;@`zM=oh>619& ztLfcx)5|BPSgoH!0d3zWp&C(R5+lgzJ)K5dRlA)P;aTNi)xg+`5~m@zjXON3%H2kB z8u=NJ|A^q!L5}e9T)NgMtZ`SSZsJlaM254|ye^KVLQB%}4cWFUi3~bRetp#GbUEh^ zl|9G%B-o@?V=mA)SH3&pdU~E8n*CE?aL$W6&orc>e_j@iAf%OOoaMUPTuq%(AudY! zS<8|f9|B-1T1V`kbI3gb@AG2+ScGZO2vS7(rpWl%5~n>=gwmp{kZLoCvOb(e+1{wM2(fzN<0dEpnFW`ddlQG|cT}bx7S?ALIUg7^C=0k~p zIs97+K;QnH;Q!4?*=@4I2w!~e4j?8IpYMWQPJl?W4^O5Az1)FqLME`yARp^0U*w+vsouozr4UWE<)7+#SVvha^l zDKBGQ<4g1Jp%bj7`a<1FiB_^%%U6~x&{;S*$h0wkoEU!VBXRfmkff_6M5k3sqVCsw z|5T@=M`RGWa@{-;yY|v1crGAUsC%)BGngs8Xsp^Pzvbgot@q}{F6TdLhCs%JtZgKd_?PbLa=hNr}G zz?V)>U+Wq&-h4GWZTT36S}oym2*RE`+V_86^JxuaLx8T{0N-c7RmQnBPuvU2C4Cy5 z(=qhd+E)Cc+zM9TeE6;ZVw6XTU6Fw^oE){KQg-3?+;;stfL!_;a9(#*PhWonqpoPWD9uFAX;ltW3Hi??cBskMR71ihV?(r$9fnRI-#h zy4R8(1NT8G+XJ~Hs=u6Ye(mF>6f6_lz=0E$M%4DU7k&F!54Crlm}b8(r3B&8K5$%3 z=99w7A><)2t%{oX!gzL{`sWVoTq*$Vsga*-kB`##h=9PO_&!^pw$F<0JLNj8J1Nj} zXYAPIx=Zcl(~K73%__)!>Qa7Rw&MyrR%sSH(DI zNNNWHao>lhGi1^)|7~_=tad;Di zS|ZkWpPHJ~rEO!e(?bV?v6 z)N^(5+kRZ1U4!0vRp#_#GZw47~@$p-oPE>mo&{v9^Y+Lf9QotoJm#T9kR(L1I#Tl`e zc*P+aFN`HlLb+)^1x28uRNDc*yb_6fu@Rxt?wBsb!PKrhz|>l|V5!Y3uLP18MmVOu z`wE$)uv-W>`vr|&wqv+L$7B93dr3=>QiEvOmb=lE^5g$TDT%}3de||%b0aVfBi+Zx zYoo~v5NiA^478tXoUnFu^l5Ng*=}=QTqCF#vja`sd!syRJ)SmPPgqPfWIZ|8s#+=d zK*y9%de!v9)ozK(FET^jhd1N2*}UmG$8_q_Q<^n{mO3YwFpl0pE>@)XY0ELjT)8=h zeDZ?8gT+o7r6`2iUONRDPg}*8p1ay8r0X=;J@=dl7Cj#Bn*XbW6eDnNkK)={TQuMvL8o4Lf7Q-V{=)fT z?t!tzf&>GO!MwuKYgT*f)~=lUFTYGLUZAn zVo>}@|7Dwy{~$Fd@s7cm!uV!82E)qA{eGCzfUm+=)6TuiOY8iXOj3Iz2I;(wzp7$9 zp!2K#&pTaw{PGluj7Y?dMjZ-%xAUNFw`;v_Tk$@<*)jGg4IPn!A_8CO1_qhTUNuYU z_D)vPDx4=v8wZTpdyhV$`Q{*+Z*tXZ>;c5O0K1=(OLpkTOs(1wVX~Rlk20)8{O%dD zmp6LOfU3+TWAJYQ%RQCa`@0~LJ|a>J7jZdTU9`${pLn6M#8 znVvT^On2Y@%P)h65HWosX>Q2v-Y8vo2on0(Fkf_GGe6SW)kw$dWqL8Fs+zSmV|lA0 zRf$D54`~Q{vZ3+fU$V*QTfZXof0E4$u6>JfiI%oBxn&RNQ2$GbAYkOhc$3TH$TE(- z_;2Fs_F-AY*DFju@abJceQ@QOpTSkTVUt&0e&{}fXb?_kwT%m+uJ4k);h~=!lT={n zOX5l8mb72RG6K1m13^ZYef{Ted`sjzTT zIkRKXgZ<0&%6DH*D(sKlq*f<$B!=#fu%R5c1as;yf*Hq<))Igwm_n9^W@~ot=kG$= z>xqmebAPM0;zFz({iUVcC(`HDCWVJ?$>dIZ3tE=bMn!H?B(4*7xHVln7KP@O3FYqg z-T%-`B%{A)+oX+jd-I1>GUd7c-$~`jS;6(Q)~p|HG_7dsGoy{om=JwJ3u20+Hw>K! ztkC6O>vyOi$`ghz7p){Enr*wN?bFF%zl>Pu>irV_%JqgW^d5QRx*V(~fgoCLNNxd1 zL-#ydU_*wUJ3UnE8of>rDCpKPz7j1_6{-HV$#aSs+Ph!vz1YwA9x?Ywr;TvR{1Phs z%$wCTZ2k-QrhW%5+9BK3Rgz|PGGw>ScK#!82Nk%ZPw;_`t^W$(cuJ&HPZmI_!RSKw66-()%<-%~pD@R@f}#sAt_f#l7Q;bV>tc zx8ubKpd6RQEamdsx0(eEQqbP3t)md>4AyMV>$6DV;PPEu%U2uPxBQ0RS-``%`#QMC zb4Opg(+x=TP+!m(ac?*(4MC(>-$~||n0Cr$kydEB@a&K(BuQH&JcG)){e(q7eRx+k zmt*BbC~JU&;b3ps*{fKnCay0|^z$dQDEc6WNzRJtV|^UL5jRNmM{Qc#DftjOr>FWw z%#*k(Y)W34sCLk(NWBbfdsGpttW$&=OfEIb@a8Pj& z_8d7&p5Q*GnJTx?7WPGUz4OFoI^c{d{%J#B@3ALbDGdrhD5X7O$VpxFb4KQ955Z>= z{r_Q=vJFGuuX9$)T9DB7e&oF>1P<$N!ck}F zk7cXMr5+SwpH60ezK(RtBi1RPxb-c2VmL|W{)N`1(Jz~8kSTXBN&iFr9*=i)t$Er? z=X{}R$)aYl#6+0`Hh3qdRex06`x+AdZ8_00MsLRm?Gpdg`87mO_>*bev|Jc7HlQ5NR z7+9d6fBx!275`HY9Z0hcYb+uE!+~#|X1P=JkiRT)q68nCtiB1TrH-|ZFd?K`H2*28 fCUqa*Ua3-zs2WnVbk@-vDXLV2s+uKft4d9&D%u)S)fy^> zAYx9{kg6fZgcyP#h?qji{HEtV=f3arzR$DX`}zOZyVtVVSs{D>?CaY5`dpvy_3FlT z3+b(Uwn|7yNME{m{+5KqCX$52x|f?biC>v7#A=AYt@FKQVJcD3t~@Q?+2Ce!%|t>1 zgOuVsZ4~csd34d%S3+X@lV4x!h93X|B_uizUpjAcC(w~80R4bBC-p@LG<}m>FKL9S z9e&Xyqkmq(%USNXv8O&$M}BjCbEt0rHN(hDT}_9!tBspKK*vv?QyXYDN&0a{e_Q6~ z4DU_K*TS@>HpmU&er?shE>Mw0ua`!_bUa9B2u3NvZ-$5 z0y}K&*YvNe0+cLX6riCXKFWV>IrWWu{`;Yce5i8RZk^qD3j5=90?>IcBQN__42FQTveSot&&zT1@o| zt)8==$8UEUuYh8{w4(CxIHI8L>ZO{jS}l?vp{xBv_V({p@p4q7hDN){>Fl@~>vv`& z`5L5`3x58gg=vKx3)vqATwfo`9wLQ08&oYZ6FmGC6Z`HIT743R2@+H!Bb3T)FlDUP zd`JcKl<2b0Nyw~%9b~dYK~lD@L)d9$pHvne8%%rKxBls2TATs|i07~E0N=q&E1kv! zZVm4RbWJrH88zgd5SPK=vnfD69Rye(Y^~n|hN<1a)<5G!F$)@`E3$|Xrx;fG?n`ik z!<0*2U_wpRK+y}Kddj=otgLSy3NF>H?YP^^w7vI~mwq%o$aVnUPPNl7(ok->@-9sE za25SRTV<1od;LdvD_yJo7T}68Y7bH~4BNhYz;CwYys5oy1iYF!|DHF&T|ie~R`Fxq zU~Fr6r;?Z8T1}`lNa}_Ou&kj!YOpzzs@}8e$%rZuXt;$TmJD?Zfvd}ffT}bw$v@rJ z?*t`7Q)JIGQ2zq{s41hGuqbeWP)AWA6kQL(bl$A5#E4P(KqKYWahJ|sy&IHIj<$WI zu%}I9ZqVd?-bqW1PUq&25x6Y&U0tfQLEj|ATaWi~vJ=x76d{m#bU>zZK&Ob(D6dIa zGIK6~Tbtu0!omz^&PC}!Quko`gW!(ekI(4e%nwqJ1{C_Rdv%6M@FaL43RcrFARngT z_(GFFq0e8oOsl$NG@Gw9y7$4s7FZ!;Z2qH}`(g6)8^G;xq(UhFr>|SGpf4O=r;+D{ zHQdfshm0jw6BD_1zBzG~#-SpuxMi(X;{?h(X7XObRN}TPT~&_OjT*>EEl0zOG$S>5 z*#u(wt`~8MH5@!9_)Jg1;_Llpx7p5p^-1QnQQEcN63nRT-`7l~?Pir%B3HiI`F=?a zy)SCwJRJA$=-?kB<|f?Gdr7Lt#f=pnZ(;0X=f5 za(f@wW&Hi=38GF2m)OWDShRbX&>hv?L4OTfC*jp<#z&xY!$Bu!ecu6-+S9q7jA(lof5Wt5GW+UlE08l%5ozVnbshxz-&F6NupEBw~k1!-h$vXV+sn zQ6j2Qq;G0b6I0aBLCUn5p0k6(T zZg^`L@$LBxQje$>vF17zQ^{B5Q!~utL3SoNx%-`mj>h}7F&eB2%XHJt{OUhuK4_toW8KO)P5$pK ze=l2|PlUw3KWXm8Z~)u{)>$rvA}N|F)X(c1Lpr^s4g%%zml{^X*K7qxm=U+CUW$e% zE_)-US>q+UAc*y}>t>4frs;0)0k;KJ+xVpxn1FB7UmL(tsM{fPa(cM$3O+TjPz2Nt zmHBC~g)Pz*%`^;7w-;13B5_Rf+Y$F}=N0TvGB!=IWkj3+mI_ThcQI~;I6%@vxMSa< zR5g86E8xD%uX&CgyyPcC1C*Q;t?MxH?RcHUQ<~vg>cXYdf!Grsy^F znEY(;fFgrPyw+7nmdWRs&oIlRC)&x{y3Z`nm0pvh_h)(G9&Q1rejc3K4_~Jq>Kq$Z z8#rx(y<+jJBYnG@o7fQ0f1GWq>iQzcphi9_5Lh@@pkKBZE#)?OPPFdE?abY+`o2HL2&Qb{11~n zC+UvKn<-SUwC0m-){x|h*FQS_+D@6HciF)#CyfW-U0fS)(b^Oj67sCh==q&6TKVO{ za$Pb}r2;R>&EpIWQooh6HdolG)PDdZ2-Lf{j!u9UUc39ih-C97DU2qj4J4?#hrNVC zv1y*dx)rrdw#%g^Tt_Sl_*%**oM*{Nkg5$z1#8xeOf8+d3!= ziVO3rP4XYrhGyRORCbioX(zYk;)v~%US?W>uXnxz2XEln(Y~o_3Z^(z1x;Z|tQFkm z{TJ{nq4Csf3%|=e<=ES=I_O+4e#LS$z{SPN@w?pjjIi;rwMN|CWC!E(BDV;|{%2QI z*QdvqhX9uS+$?L-j4Usl0(#gmBFQ@5$-UW>cNR0{qaa(LfE8|cLc1+sUu%%P=iM;X+5ADbPnqB+-7)z+V$Su39|y=={@s=#LiwH}ys zJ^;|9Tvclaci_34BPM`{0)O@`e*7qm{8if80X1!S`xBI{+qV)DAhKh6L+KBDvAT6u z&jBE+H1LBU+X*9>F&ORtIqCae$bZea?4`*lkGD# zne$hAKi0F;O+sRoepG{Wng3h4Jk)3X-ktssgI&y)g2gM33Rayw1b5{@B`RnZ)AR7u z0dH}QjoQNsU${jux9c8o2I#e*kv`It7cvL8bA8iP=geuKIAd zF>#SO*}j{*x%R8_g05`1gCV4r4QntgRo+miTGP(#98hWNR&QD_4N-|72oH>2IT~}c zS5gFbG>a_{%qLz*v0!%Ov0G15!#@thSqV=>LM}@l61@!6n!WvCfEeG7vGYw|538j( z?iCqM7JjD$M3$&mAQ*7&*iuEg?(%9jY!1UF1LuM+R@$)Y@diZv9utBoAVgI&a3D#S zdUHUbko5yKfuauJKY${cGDMe<7>uM>+q6WX?O!Kt%=&(7B%c|zX!YIn&~bR} ze3N;0*_k_fIa?Ej)z>E6{0(gA5M1bj=xq-Vpd^Cvo;?bgpE19vY7t%(nrz7cE zAak1Qt=hCKa7Tut@7@SQkDKt^>A3Eh^1}sTkJL=BAJO^A!;GrYE!xOD#nX)&XLEWh zcGe8l8G<(Zef$!J+?ZFuDK{ZvjTtL;`PTB^9XuHMXs}=;JFB~sQ??)gg*Q_hzUMio-vCt;^7SDSdn=^V`id3>4Eo!xY`$l6uQGl?^NY^e< zC)G6eS1pEbG|K)G5Nb@2QIjh0lw^dq`ENlno3vDa8XAc2&}B=^iMI3Fj?Rc7u;JwR zHA_SL*)Ao`UgHG%YM1v4u};%*KC%%o|IR`V96h0#MmhtH4I!P~jN7j)le0n~xW3mT z6YC9zlkFU5X?8J}a-7=|?W#HrL0g~$oIPVlk;#zQOVmV{Lk)IcEpx6ttXY~@)pvLZ zh`hwbI+KlnfqQj70I-;AHUdb@`+j!x8ax?(9JAI}N^_0&S@m6$DrP&Ho?EatHm?Cy z`9}(v>37GtMexf;n^)8d_YFDlnyI*%!|`|qBK@P=fth^`*53J%m9IGRgoi!HQ9Pz% zWeQ@wqopf)1Eeb4F(i6J)$F9=cd`!Q2u}_|Z!7;{@{|ZeWA{q}L7AtuCnsTdVHqD#ZpartAuz z+2nd_`1G>DgXB|=59kBaT+nn2Q7^)9`%1#trNe)`kk7#wJlmSmoGWejmk&@5&$j?d6WP7tY(?i z=Q1o&FZ9sIxgF2FTWjBLhV`-c7spM6mgq{(;^YYM_B~zNRFF)C;-chWJzV4QnUai3 zlDBZU(IOAOL0_ni7Wl|Ufl{P--N@wgtZHwHdhFz%om=j34h6K3*# zitBq=6#Pc`TXFsjGk9t6s*}RNYRhi_ML`+^ct(7v?N`0>wvPR zA9`_YV1l!4QfJJ~C0&90o>08j+UFLDk>mX)G58^3?a#sYQ{Nnbd9$RA+m0tcWj-tL z_hp8DqoaoG$Y<&Omc}{jJ0c^>%gjU}kHh->C8v>h)#H{7g|G)Rj0xyRHeMT9PFyF^ z@z+4z@dM@AEJ%ZN3?H9AvjV;~Z`-LTU#1?;)lrrU|MVj&UIAp19@aSyq+ z?{9CIl>=`0**=xz`&gGh zAmUCSHxozdc1I-x12}CAr3jZ5uRy_VP8(1S8YvYFU6NPBuBj^i!T=jfjK`TcvY{Nq0fIv zu?(Xsll*smUdx+F9>}s@|QTS0xwtrmh zPft8Im^TP$eR~TTuGjQIGs*vgaX^pK=+F_h+K|X-?6z)8m5{=d5mloM(x}er1La;l z@NJ~(>wsnYSdS3a8BKz-4IN(%>gMlZ4CHC`+FAF&&g&NR%vn)ct*1RP&QSXMkkRg< zE4Va+zy<7NqQ=RT-4zAcPyX?`v_4|9iz~6?|*w4M;O~ZB*JO%KP{fcayDsPq=j4qQp7J z7x^jMs*DLu&C^9;PjTL5TXel*s^}Q538`&zmHfx~?pJFv`8U3K>tKF@6py z5#@7AMH8-yd5ZOj+LExN1!uWew!p}tnXKE%NLh|UIALT;TrX5 zWbpzzLMAab>U@OC<+l~@bwM?(i+Z!MjjK_$CV|)Nls-LN{PYp&y<(3-gv3AYhCTQJ zQSVap(SXD$|I|C9v~~P_K}jpyJQMvFRUiU2_HXbFqZgsdp|tTr6>GTaeTkR9CZDNvE}Dbz2jdQSto^_ z{ZAEFVCE|c)R8kzDUwMn0sG$DwV)(6`&c)odV&999EjD<|$*npS5T> zW5rux>`=ks!u-G*J%a`mt-6f(S<8;IiEgIaoa3)W@2v1ah~Y<)pVaSnYL&%L*{X)+ z{>HNMRE=6YKAoRpXio{oPr|=WNhF5$-}Y7@<0!$_zYs?TC@-$La?;N&PtsnAm~r-g z$ITK~=paRVAk?L*_3)+v-l_~*3{eM36~>?7&r$d773oSY+SA0d1^U-jz8K>^1C!qJ zI}X%p_T9&3mjbpz@*n_Vh+F2cu#4X8rcM%WYD#;lRWKeDHyP21za%Q4p7+2opWGeO zY$RTK9}T*mOi3J&c9e`gq(Sl%-CnEGr!ADHj5w||^ z1RvjN-M@0PUl9#E{sy|$~PUOZsDpxRY!0Tt`PM<*(*~*RsO!9stCBDPdq*GW^t>vf;@T(%PXV32G zHD{B!Gn9>0nj!%X0T<{ir@t`%1cW&-Wv!M2pKi>99cPl19Y4F^l>|0Xcho47d5;ai z>#b`%7U?td_X?Cq5>Qnvhe>+>dv_?--&W?8GKhTKrNJ(PnLw(rCmZI0&@_z~0fk*< z;aPNO2d&WyxZ{>|9POA7jdH%3Y1{!m;oT~bjxmtE;?PEvRq~lnn3kVCxa#%`ba)Kp zMBhjWGtNV^BV$@!4q2rva~{s~uC2xlUpATGDqs zxMz7|3qD2TQ3jK1%kQt{*!#JFto!lh}`OQT?L&-C*|#JbsV3 z-ciYkMa}WLSyuSiHC%F+G5mLXNBb?XJxf$1ruh`POXd;ekD|X+)SK+I{dHsCE`W7x z1{WMey)^WobWfNqU-J(vp8VvULU@~;1g0t(f!RF+;e$3%6@=F+;|D*-siivyGOW=; z{Tuawp8kt^j9UMTdL-p!dRrH`PSAC$YzVQQk}n-kgCW7gn~WT1+1ePcRUo)6+}(Gy z{~Q8at+lFm8u`9->=@;0f{f$Qam5 z+NeaB?V88`e#Pq=2)G=4Gf(Y=!8~e}Q)CWxumumHj7s@4E-neK1#hI$KD~36-*$?h z7&RkB(O6MFf5Cj&TY_&MV6R+ami9vMTQUF=z^k zR5~dtK&NC==ZUe#)E%^go{t)g(Qu_@Z(xur9q1j?f1$;f$x5}Wt;^qwy#J(1xh+%Q z2ayi1oBz)HDCemG*Oy_VVLpzJ7SWuhRXNxRm{Y{r;M&=TlXsm0n7-?1>t3C(6kn>s zms($fX;dO4M^2$|rNW(+qjI1({rzOswkHFZ)J5_QI$zc&AXd251Y+K@J*T2ggXDA2 z6l{Hzo;4k$v>b?`XigUHhfph}XMBWu8u*H3@Khfa#jYSwz@l>czUfm2K(w%zkjU&x zwyZ^VO`fgOZ4>$$1=F>Z+BEe^{;Ebq;*$4u6kh6g#>C)?8Hzl`Wn3g*T&4Ps$+>$ zO@s2@oa2teS!q%!k3KrRkHCRIpD&an!WIU5CPOY)pQhLdbjPXjf%3KGYnT?}`yrs* zxR8^g{^Q0Q#^bMcYnTFxYfgFih&FRKs%#xF34gsK3R(l)gKcjNpIn8VAoHcpk_7R? zUf0gK8^HQN*qOzO3KRbi1IMr+Yo};6dwPuKhMa>OE#*z@QG{m<#fDQ{r6r z+XTLP>&+g5UCa8Lnvjqyu$3e1lJm$&259J@bXU^`QG{^X~ATCS9kMLahgn0UT7#tVf8k*DNCb$?vrCE7h}H{HFWlLr+DG`y)AS%(;}3+0#=McdS+))e_)U(Su=sn{U2U(5Qiu80;7J25NB)C5 z@n6$+;dh;;tTeIq+g(-g&ke;qjH%iin?}q$OdZ+u+G0srrvFQ8=3F@*2e*C*YYux6 z1w3Gow20^Q^GsXvVGcZaX<3nTTXI}=F*@Mbh3j6FSOq6c`1A10r>I@V^5tsBrO0!VST$l&u&})z#~k&|7(a6Zuyccs@!pd_v0UN z(&)wFq7qa|IN8qzzdxcR&;h0H6PySNE#+Q$O#{|bz=U!Gk^Ev$gi*odWW@XL8gJlD zS}}~Moy1$xax_O)#6#8iAmNJmxuOPSnVzE6_oby>Weu(l-(1;d2W$vZwn6BP^~Kut zd^=mbwp&CZu!B*8-4y$2urWmfVq3Z-5%j-^u>8?-;q=9Pgx`|>7)IkA#c0H(;eIX z9J&X}c}NxqRM_P4U*f(()}-0=Gj}F$?C`o)zHOUE9spUwQsXD~#%fr2)oXKBD=H>7 zPTDf&L8O&{@m%&n35mmhQG*53KiJ3mGyh;8JFZ*$-hi_k*PXl1%jTvZ9{wR~K%5fK z+_96pwe?*E(#b{*EzO2Qzgq2vf1cV_#JLne+0eY+K#OQz_3-z7iQS92GKJ-5Bs%s1 zM>^xlE&Z(y2pHILP3kKvs1~+G;@g(LpunGK;+yKC+21HdpW6S{TaOF zR6w7F;aN=#aotl~*q`w0OsqwPjlIkk#6qX0qp%CF4%G8SuE(62LVnb&Yo6 zZnZX2$sU^9^9naelI0-qm5EXHUhG50#Fa;;Mw8C@6i3Qa`kuwx@;}~8)v2?LV z9#s@yh-J=Le&fRnTIymi`3{Cw$2>_`B_l3)C9EFBCg?_!{G}QVhez}>-sm&%`_AY& z^7mPFfqfJ3vEbE+e+V9r2U1^?x0fuJOe*#4L$a59KoS4%+>Y%PP&*wG&f4WGwjhTW z>FJO=l+Vt7u;(woL%Qn8KtWU6 zzq&P zW^JGRNNAo5x>-`Nh_Bu8cpob$rlg1PhM3(%Yq^*2+vIPtYM+shHUkdRS6c;-VS!eT zU*al*a{M+sx5o80|2Gr_k6cEp`x0eePHJt0z-6z4Os#rp3M838 zkf-A?(TbAsI*2`5u2AwfkK}=Izh(zPfpW9nUS#lV=e9lB=AQoPsN|E;!PoCVhJTI` zAgO{0NOiv8xWEy}V_d0*YE6w@SbK~XK6qd)k>0Ms!$=99gRF);f(|TOlN!{6Q0gn#$r~zuur;BJ^0dnw>=0IKK+`0y zQ+;33=YX1mD3Ge0OLgF5gAjARXNzbmZ!mp=UbE7`yF}E3AR-uj`-%te(ll06uxV~b zkY)}my^SYpZ-mJkSQt4QZQ~g)!6rBHZcFikt=|lon6XlnOVX4vEpmX3cK^B85x~-E zn!ceT3zO|vkQiw)Y!DGX*!A^3x04@(j$RsYeX@Mm84k7ylqZ=*{4~EX_F7!3zj zg5LD7p6hUH`)^?JoU9um`nfSYQq2uJVT)%|fma zbt6D_(j@A%d1{Lt!Lt3z8PhgNbI}=*h7NQwBnR5!))KU?X8pk~CzBqUT}U^|B?VM<0~Ij81zYbSn^rn^nYc@^M>j|1V;oU$it;0t(s$^4 z`E|md2!!KOASgZCBZrs0*z0CGh@6*uyZTvhBPQ&8VX>|f&mLiALnxXdYayrCFsm4U zLF={z=b8^Q)RQmeuk885?yyK@5=c<${IHuD>)p#23ksgm4zsI1pB4}t!6pBs$rl?HMAq6I5iqzX8*+!dLmvE^kvS1K z8;$+>TbX9*z@~4A-F@ySI^^s}b!#;}9mpG9-ObJx-~iT&-hx|iocmtnMnhjxG>(7D zyS_+QQ~E|f7t5Mn+)wk(oQ0^g2+)KNSdivdkXI7fFOCu5dYbz2+zKIu9&d)OQt|O< zVt@*1bg^8J!GB!6-8qMSfjs*E%7DLu7Nb(KBX!fULy31+HzvS|mZ`p@yd7g-_QK_kd8T=%m$tpdf`H<(za#5Bn6kdr ztd}FUI!-g@;?LxlO!hs$K_Iq@ukpw&&61?@N6hEm$s!>QA1KfdHIaeMKGxzbp~-h` ziYSDxg2e1&bx1~)`mO6^Squ5Uln!DqwN9tIXp?xT*yfFEzyEGB58Lwi;`mhMgWYPR zt@*WweNj;0Ll_!|2z?^J)_faLHThcS<8aW+A%#JY8>Frm^zyytyzdPLy>Q5nb8162 z3sorOe!^012}O5if6wGcVpp;Y*5dwsRc#FAGtn}HitKopoRwyP8Mjg_QB`BH%nHfs>ptClgy^z6}CTfcT3p~9DkQs3(&GcHK4$V&O1#1Th-_n*Iq4e z#KiziBI5kjrWSWP)69eNwf=!K_9189vi0|5Z_gmE46XT2D*&6C&|+8Yg=YO5SyNRV z#+#OiDbegUm$nO3UF16A#lad`Ze>aKaC>_8{`UYKv|j_`1FmJ}HndgEZ*ZXijS_N9 z^OJs!#3!rs*Dn@*b-JC2xN~*hTT88E`pf`)!nd%cb!CY(#p<2ZJwxxsedl>-oCix0 zH~mAJ=`egytfCyUwD_s*^ca7mAPY7Qfqc1?gvt_9%fMmmY4hIzZqsZ|H7ws ze)(-$Rm(i_@!H=e%eK`{&>w@EnXW2&T|ZfoS#&LrMdy@x#r!jim@-UjNMT-q#qR9R z!yzbgQ^32i-z7$bhI}x(d2Qn(`@Ukcv<*QfKbv`sg9tGAxF^>pciO0U%8uH}tU2th z0N0o-gbD4YeBjR2FQi}fMU?xnD`%a5QoObeX#}SZ9V#@UPwTzO{K%u#u-w&X!dj|fMsTNX!S!;pXJlDCP&?XxF2dJWM|s8a**xF>PFA6Uxb zg0g?((6tb|NVR6Epk{&nYImUn+}1&f%j-5?wc#-UtA+fe9%1`O?rXYwdzF^qvJQDi;V*a5B&zi{PNs)*fe7(!8apqGxs<%Z0sjB}{t%Z~#rv~nw^-Z|J27SNa=N{f-*&ZwZ206F)`{fhAv4)IjYM*EumcTsI|$$h9g%Mf(RVsKS@U|FB5za!ON zj4tX^gsY8X$bi<&NE?&^tyE{uU8RsK<8|?j@(qS%pV`hJUx8sY4VF96Xk3sVvZ=3V z@^b#rsKCm7pq;$!7tVlOYu!_LZexF%bKLHxS-F(m&~M5zgx~n>nL6s z|HK#JqrV-UBFDrl0!o(D0D5c`(n*<|N`IDqrbrA>3a`vvaiX3+XPKS{4NJ54nPDc? zcrSFm{Uw90TdlIWqHDhK(zDafp`b1FTg_^@s)>vE#<10Vc>u4REttY=SO-aCBmh|JxO%|;lAoie!bKa@->3h5ITkoCi>uK5w-+ zL8{JYx7sS@$68~u4a~&Yt*U`gd;hL8BK=~Kx*hK}!#X=p&(5mX;@SxbWpwmQ%%WjtS2j5=*4C;UH zZ*152_)Fh7H}Ow>!(n4bq~w34Z^$?dUk#&(+6~9VL5FjH4Tl3C{sl73%fuifmStgZ z$G8O^uqb7y#dTew`LG+Gv6Bsnt-mlvZhkWESu_?mVX~?(A+hJr?8dj2Ou@lEn8u@0 zGv^7`nx%%(hzaK?TPgygj5bYSqTEB$14qZcwQF-%Ik|#~WzK7Wck}vranR*-xy|}t zK;fz0H$cZ^gx@N!C1*)g(zs9gn7#^Nx#(e*AQU_-!*4oUt>K{jEmN&f{Q3Mq3)LXh zdWny9|F`f-=$eo>ulYA(af4nzFG_3q6}I`;HuFCgLH?3ouG4sh#x-Jqp{YULO7v>O zp+pNynT2o-vARP&dYIDb(K;KemQBv)nd?Y8JO=lu}4 zq+`x?OIuAhA8!My(-7iGpBQuhb!>;1jwnD{_KnIKbC;KBsDH{E9LouM$4H#QU9-id zRt3oDtymk_nKPS_Hmp2N*`YnG{p_?d$MkQY+15t8Ex#C+WVwyKLe5X`>j$BR9A|mm z`8_kAs%pq9U%up8K6iy%J)n#-G{<#=P$d8O0*(wtv|FqH;3^dpiv~7a=0d!T^M&t5 z^o|yMv1&(6prezkM8YrwC zHeQv~KDc5N=z``rKeQhAwWyIBj*VHH+owS?y$bZ3t@*Az_p;DFf;^bwbB7vw%_#WX za3?Cdn-oYAJ|NQio0;)WYsO!i?)ZVGm2oy^<6J79n0}#NUR|8Qs8BGjXwz1@%&W9@ z0j}AxE-Spd_L3bERO>fhxYJt3RhA$|X2Yolj%WdYiDp@_k!#l=4x}8zD2lN+pv$H< zm8@qv?S$l9iM9pM_~_QMFa~jIE(h*l9D!#gN-S~#+UodXDNN|6U~(v zSs_wsxVGyR@J^ZAP1~1_c%5(IE4JyqlNA@Euqw;&gX*f=)asn1hjs^pITz%_fba|F zUpV{-l^48girHy)2!U52g=&?R6a?(a$WJP%2}DtSrB9F}+`xB&z@86#Ko-I z1P~rq7UKPD?RhCiNb9C;nlr{fYr*PrO*(Uj(=-D@;z#C(+}xaslItn$v`Kvvks=+& zp;D-}Ti}5sE06z_H(;ob6W-L-6Ji9p&_2j?h90fOJY^`|hu*|NABEz7ekxK`T=q8i*QMl?-HOGU_u^`7x~d`z!K znc)Y(s_#nGsf7!&2gGrdmEND*6|BLbek;usV%PjiNudJ53;sChXlOsl7-5a(bal_& zFq#D+K;q^ieIMJvs9ZCc+D2){9_-27P@=l^zhW1C|6mvYQa6kzhuwlz+Qmr`BUj)C zrCnv1xD-N5?GPM(Fk-gvyP{@#nE>6l1f-n6K{!F)M)87bC+7Sk6@&9e1-g&%zZg#= z3Rj`aHdO@Ym_(;#s%nAJIyhzP7B^84q?Q?^tk!O+h6{VCE35y&V2huN`%p@eHQTpv zmUyTTP$2780&DMezJT@Zi@rD?43hM8LDMLP4Sv+8Cp0a8;Nlgx>UzXVN-RYE!7nOr zn)9pCk%Wno ziJF!7-V7Pw3qA`)vwUS&`}s8MD|WbdvrfjB`sXHXru|%o$3Gg+x@x9qoyvF)MRe*3<4hu4c)Y8}puRB$nmBhkMn3B>K1$9%f zxb@EH`P?pt&eqH+(P+Vc=o#JbNOY3eixGQQ=GbU`WP2=+#s%%RL7w}xo?Y)HFbg>zO&M$zi&8Ni%^RA!{qw;NdN{Rt{n#$kM^*;d2MOy=nX4sFQ z$6)6}!ORNHAGDbutCnYx5Z^3sYxK&;La!;`Qf@#rz&koNOJ<)}er1#mcQaJ1RmfvtQjTDqMD-b2I7VLn1^OI; z%{3iWco&MXL_wp8-yY=NMp4AQC(i8p;4D_Y-oJ_)itHD?zsY<93mSkvKLq`aEPYE( zN?iF7T=`MtPM>Pny8brA_vDv40rD^SiY+M`1&yS6%ww?2P7Y zGO9j#uESzE8<{6icxZ4E2>Q$o5K7NLvgl;IRGrz^O{GC5|3Zx8HQr`ekgSObsvbepPiES2sx{76 zb=mi_$*vMl3FD)hBze9w26Oxk^TIU^{zM2Y1+oO24+{CH*F!QzN$2q4}J4$D#m-cZF85lOpI4r$eD&=#Br#Qvg!y4mF9*i~L zDsaT~Nb85}o8)Rx5+19C?D46uDu#3EQdo-nhk4U?tTLH~_2`$^Vud%gYVeIQS9>~f z>g3`j-xRR`WB#da|A#^yBkwR(O@H2d8<=`^;iPG4#e(NYyxs6Sp3(=xRXd+u(5y}r zKrPT-&vSJ4%bHsKsyKqe^kHEU@7?kr1gqSxN{ju)JHNJfo{v;_0!%{faL8W7v82Hd zmGG$*Q(kC>D_y|SuP75wzLKn0-DFSTxqW@^6DjkB*)R7@Iz>rIJSEfqNS>HmJ1VPR z01qB%wQ+}VV_JznKdRh8&-V=EvW(h<#Am9Kb?M)=Mb}~LLH`gigyrw4-xd0F3YJiM zO|#;dUzYN=hgwF-igQk1>u8T1v~vZN;tpD6t;d~(m@=Q{fisKtLTVT=u){-c;yyhi?A z8y*RI1Ig0VKxqmT&a(eKe$v`5n}=vIo;kZbk${6fWEmy-_*Sbr3wzo9*%_RJ1WJ1* zy`mRiiTCuO(&vAx57rM5bkKDwg=f2Tx&*7KeP6`_fy)8w%br2+Z#CogrTsqt4-4Zc zF-RN*q||D1-rH|Z-k9;+ue&r86ZvjZuQ)@wH0<)kITwq}G+k=f>Kz8@l<2+WRcf3$d2r+A}7UTb4Sz zvn*`uzQa2Qf)S@Z(xRo>=6QAn9EB$yoHw6v2Ia#iUJQCnkGRx*g&2FmZ)B1ow~abZ z_H41m|K$37`73SGm!K$slvEia6;ZiE7pfYt2ZBVe@g;jowY=tcPx%%P5TgvOpsCxg zTrOB%#_i?m*HOUp<&e0$O{&>3>Oohdpz>6KBZ`~kt??Bvf2ZAm@ekg=8*e2t1dw{}Mq}WbY`8;B+p1;G~&it^}iYtUh z9{bb1Sh1)9-3G41-E3P))b&X;t0tAhV`ksq3Uc&{!RHtCn|i&BHCn1G z;Htxm!k#5(0NEKDaV&o@x`z^55TKp`y%M35z7$w7`RJd-VlI2-8$M*bC<}J-*fco` zwCd2T#t5}wiRI2Md5Bo81l|u(b?b>dCZ`-D3jH7Z7e~el6#l7SAZL#DSUwxJlk@9_ zgh2;)Vu|iRh;-@%^(j_$xhMAD0x11|1W+<-9L)uGmCF+ZM>@&yxc_w)IyWz#Qr=}~ zzI5SJTC&ng*?R7Ipzf^ELH0U{^w&HP`k+$g^Ur&;r9NdAZ(crrMhWgCmM>bliga98 zpG|w2StqJ%m{Jf@s}2(n0D@bPC7K6K0cCrRG2S8Z(d*o*U?(DHq2+xS4Srx_?YW=*B~&$^>&f(Ep6NKs z`?Gz^7Aj>J*5i-lkqqC1*9&LIGJC<#l|{Qr!m~|799(3!@vM)I9uR$AFr)9O>~as3 z8*ATpeenXu>+|N7fGmU&DfouBbyL(}LG=DPC~xdn0>x^^y#q?(?rW!g<5tNLym~%u zBKg3oLeU@VBf&92wo}%-)ytSaspcUTk+1%cFq~D#H2+)}qCEp%eh?6ucCF*mnRCmM z?Mro82!9C3Vu3~bDDCxXVq{IL+yq`8#&OHp<)2Q#6I-9Pd|cOVkFX8%YGnP2Gfe)q z=tT8t?E3yH2lQQdy?w6^e-qDF`Iv9c7Th6+&5;P^vU_S8V6+hJ^+f-%QhGC<*mgqm zB+(8rUtEA!v&3qylXxfl_x#CU4o3IA|JcE}XZ#lfQ5unTXVsVS1P?+uq9NKgncUPk zOTWOz#&u6+IO~vc)sF2CCbdIp}${YeL3VUA?IuxU`(5j0w<>sqtn zy}_)SYFct1UEG6~zC=z{zOrqg?iW z4EOS*M=F>}Yp`nVEl^6CW9^2+Juc#qsH3Nt`pnk}G{xDIFMniDENjQ>*))xC|BZME%j^H`RSXlh-M1w!MxJ$KWS~(n;RN>d1$%N>+vUmA@*7(7NimaKW}h{@Ilr34>GaN zVlUFu)Bop+c4O|Yebh09B9O@2dLFgW=(;~K`h#DrXeI5n)O(^!>KEgrP-7ic@Fqx_ zc3H_}uDQE9qXW6hG4jQWLnevVxtU(79xBfjOI-Yl|4U-AD#zfe?Tdj7iuA#A9_JQT zugyHKbCiJ?5Yd(LwCaDXpiw8QS>)KB`HxjJGGWx4xP*Da?UFArLy4z6UtBcyi%paB zSMS%@3qxf^9C%4vW@Sd{Ju*QTsE%}vSQN&!(RO2+o(&l8Oc}9FaY0Vuegr=yErer1 z>wV$xWZ090-e0!GSA%n^etR1~=v7S#I?1o3=8&or8+Lt!5pYz_}!gdiWDbI z5(fIU$K1pj6YvE4_^*t~uw`(qEziJ#AQL}PuqU8`DxM38SUQuDrsNcwvFU_=TyR71 zz5I%a@;a|D9=^oa@c#f63u)cNnqpu|HT(zDFgMM$rZli5&YsBXJd@+>pfK1sXPcE- ziadF*g|*{5|S)NzR8|B`GSQkkdj^hPC7{Y`e;-5=)YD zOcG_z=4>nHau{J_4vRU@oMzZ&^L^=XU0v7v{r-L5pZE8D`~JRv)(y>Kd%Ygd$K!ry z`b9zwA*qbN5j31qv0k=Mj0PL8xm=J%4j!Gq;H%X}O-1N|vqjE2#of%i(BJL*0wX&$ z6J*;vZqv&$ZxUO=?gSlZ=mN$h`-48L!%SnATGQ^4VPI?T#NE;L_q;EY!!&c3Fz5bh z#X|b%X7(63L)m29=bBk|(jhZwh?Lhv-mjDJ?5YW3eoKx+Cb42EgyMt?KX2=oKK1}5 zBH1Z=poIO^J)GwC^%cxr*=lrg7tjM5-sqj5&awB9kgHD zv#>4od{W9zk}8(t)9j*ynnGe7z-qOxY;s?7tWSK>OpC^BHAnAsvWMpg7xRp$%f@*W z0?{lS%G~J|{NA9F7d3n;u*#lZUrq4};^mEo>uJhu%%-`|JSbLSJwLAG__9^E%8;iU zFAG#Gq&`AEBu5|1@hDD=2HwC*KIf~D4jYwRx{ge#j-inguenG|mb7kQRou#){_Vkc zU`D3=`IfIMla6Nwnks{vVpSUC!iH7qHs>TQt#0dxNC6SbS4@+YJdu4PtelsE<37r1 z1FerUc80_s-a|^-c9~px-h<^1rDpGa}g) zb(WR;J2}lujQskOaqUu9GWV{Y*X6N2IH`N38g3k4BeFLJmt>rh)9 zpod(a>4!t@vE)N0i5sW@lKan(d- z#I>1CR0O%CdEUk{IPFaN`U{I^yJu5&S*tB5Ol0Zi9siS$u`R=gBxSdS6zZ1){5=1q zPBGj;Ck_gGkGsT0^sEbaw08OuQCKCv{Rx~ilXF@-N%l%?BO^$}p7pkl8XbJQX7`Jh zGz~((PK;B0E=jpbE;@}K@A}Y2p@@^*j4bB8V&xC;=h|81#r45~KfT%50FNz&d*-C* z-a?CgWjNe{k8Qn$(+N`t@8_2M`VZLz;V;?57et1iubtMh#hs>Ju4RYRz~JHX#|^2- zep{+%t841ox$01z236G^VepioUUjQ?mnR}1Nl4&XO$`LAv^<2*-!Ztjr;|BS0lTxi zV{G~5O_*-;WUik~?%mx&^wEpmS4%~VFfAK~;&u!Qd)@Fuq`7!%-c6Pb(Bnu@h-28& z_VcfyQ6Ras^KJ zL$qP^-}Ekec6W};?(E>&H8*Cs!BV;k%-)j1q3tvV}R;;F+4o6Wb(A0~CO3=3iGGJES=ftMR1i{|xSP9PrIR(6l-o>Dj;z$~#6`?&P5 z_*mU8fp}qzE6~9g=tfGOEHUjK|9Q@(uqm-r$BYo2xc*C(O%h=*6WNj22ANAOz#$L9h`9A72xa!{QCpTW47K;`hivM)y13}L57w(guMekSMSW@EHZz;LOphhr; zot3vJJv3!9O)XEsmj)^4i12tfQUb9&7A8>Uu`+38cBYjH>oIl^`i{SF*`?V)m+M-Z zG~gaPMi{o~MJ(u*aIBZ&l%~1g`x5cUCgKQtEZ_esKUD?pwMK3!7Nv~phA9y(D;-AI z*0;AU9X@3z^9TGQYsY1(wcEO!plHqZgPhmwNRNZC>*1CR&i;sNN}|K(0Myg<`*Eiv zf$2z2;c_d*i;Onb(`4*fFz*e?=^UEe3N&wprhdiPK7m-3(~5Mwmgo0YW<(a!&Q0=M zw%}9K^ zJdts5N~lv+Vg;(3S%ZGsv#;K4p06rzc+c>IeWnOO6vWHxz9t;_Nt5)7s{Ysg{=qk@Wrvi9zP?wl#Qbld>3R1B<891 z+!99aRC(_l*RK_3Sm~bfff+dA)*^N=f0-uDJUB#n*9g(c23T^Ms52D(?H(zXEa|>S zH?>}nQu0PYKei?6o`oDH*}uU_wsgd{6({A&tz{3SXA2J6*G^#5IU$rMB!$)K=$hEY zJI`K06ny)=_hGP1=@tx7tHkov>zh5eMnMEq@Kc*056WCYT`5<4Wy9q_6}exRm1NTf zavXGP`M$)%aHI`5T_%JRO@8E+!yBHlW5qO5Szy^N%gmJZRk%Hqug4Ppk~ZX;n<(zH z=~Y^w*zN6h)oeJjWF@^&zLN}(Oyc1(}EOZ2nAwtCTknfD^jz0$A1R@qt~nafMh->kI_{%;f} zg8yGBO#H`b!ngS04_fE<0ONb0@q5QIKg&!7xciT2Dyc5CV=~6Tl`G>}DG|ixm8k;& z$aA44q4h)0Y)pzh9+dn(SZ#+2xGD&R9J`4f5XoH?+x8>2GoE?}^tQv2)O5M8x7E*P zNmhDoQu95Dxv%%Jj&ketaxeyHW-PnSd#f#JU5Ri(@h$&{kPAEr$~Rps(Av;hr|Qva zU9@3iisLhE@n(M4#FwIZ2S~mL&La zXv9g(W>m~j`df%sf~~#!!J*5~!&QlcVULWD?ypdkm>+*wnvza!(-Bm7%iBTN!LZad zhPW0(kX6WOv1=xi`Lp!^)8SK2<5*OHe5K^Bxuo25zt*n*Z_0&!<-i)abCV&<0rQ4E zb~HM>Dw7)RGr6T)X%Tpn9d%p=P8>-WzGMzU5UAtC`oj8^%40<_LmyM827%Jay9D4y zTfOA;lz7;M;fT6DLCGuPC+)8+*7Z`n7&gFy#|%ruBeBjlFi|IkMk*Y z&x|{0{9kw+(ymAU&7K6vsR*yYJ?PfapZsfgRri4fZdy52zx=#(H8EX33V63{Dao?~ zx91>zuQO(_Pf)01*Lv8|&r{;+eFdo{YfpqO^TO(mS1ME7J<2NaBd>wRoU8tk@gBt+ z3BTCMep>NJJd$(c{ggzB-#VFsRc3yzYhps>`yPr<-Hbrjav_IymT*S3C@L<ct=BV~n6sHqc#D{+@f{-j)(AhV-A-D+8b zTnzjbrfliCV>r_{`J!2m*!xqVo>6K&6S zE0oOpEpi4qH#K_4?3FYx>V{X{TgV~%ywj-H$!V#H_ZEMpZNqF#gvqP!@VLkXu7b1X ze+NM)_MaFC@q`S}?!r7ln}zS$4L|YQ*SVplc%9;y+i+W{lM@kiyXkI^niqM!-u2Z3 z#!G0}N>nPqwP+|qF*%H}NdxHcC9zKuMp07D-ddo)U@gi?yW0La)*_;Ejo7(z$h;}; z$u&nDsbY8P{-WD9TUe!|P>#1pArv&poYqejzsyLDAvsKxy@b?koP0kJJICJWAX#QE z*?UrgJW)z9`nY=Z+DY^#R18ULHD{l4J*>m``B2 zh5G!Gg_34Ii;}I7wsx(MXFJs;8*e@yj^vL&VP06c#ET|5u=`UHXKUQiKtA@RBH@}R z*7I7wh}?wpnp!!AN7WJmz}e8HlEPOF)rqBV*9sDiVxBTpPZlkQn5Xr9QdoZ!BrbrU zb*CI{E|6PJ*v@7%=G~^pl3N}RkP05{V5+GZ=r5J@RH?z1@NRn)MB=0GRJRa7O-HVs9c&{$gFI?wcKGF1vmK& z3w87>4#>mJNxe1PD6MWss?XLhY|$)k3Ubb?LeIP_7q4&hOrpzA9#}q8916#)YQ*rd zw0K&l`J}fg$K?z#>aYSv9q;#N>8JB9*w{I6XQ{f9ti?D3GXuN)Ma?7A#~#A>5xtLr zAM(!)^m}YUTX~@B0A^=ONQX8Ko&jDgZoid_mSMKt{`jS~?ZuiA2M-8Io|C?d!T#8k z0PbWMAA>qPFQZ4fO_PS1p4o|B?EupPs7lx_Ka*%|N?s8urgXHPX`dDlfW4#HW9!yC zvI~mr8b8&wQ@q$^Hhmj4OndHb1(|zB`e5{;4aj5EN-}}xjH)#olll<+%oT?H$CV9a22|grN7lBPTIM> zIG>j=YzamBFz)sP!;UXWgsI=SJg1|fi!WRzBlZQ>*&kmctRL9+xq;Qc^UWz6G5h&% zxX!h0hrK3t9nh0!_GYW?dd+rc6i98;F3-7Ke-C$}_dvFHNe;pa;3_z5n$Z|5c=441 z&`S*Y5!=}hU^_=5%LqU!;dDQX&2EnXUZFaqIPe=AvM{iehO=0WiNgMY zCHdMaPw~L_{7{)eW)~{F9`F1iTT%S#l#hKD2&ZFF;yqDFL(O$^qFJo+v-j!ph@M!2 zw(5S#z$2zp0s@u4V&M7Wp!-2`wjco~L)yR@Q6EJ{4md8tiF)nEdlnpdprF#u?rIm? z=aX&@q%TlZZa9Hg%u3KNeD#E=iaZ=VrFf9E^pBi^J)y+!^h;i;~vK#*GQ)XvOA6Q*T|78oj7#AO=o;!ga)6 z0&T`r`o{|6(vzUu#dnC%U*8BXz9%tS@~K0^;&SE6`ku194bt%%dCKvZ(HT9fXJ!qe zHB(7iko>igN0+Q2O7gzjU_^v$#gt(&Id-zt$?)J>S`pkbWC(P8jsdxbT(3f!_!8y? z!0^nIz6eY`x=GwLbGp6#brh9+tA+5wvMFwj*~#*f`x9ir4BlPkm@s)KEcJXN=Mo8{ zpq>=fS`s?5`YyS49FovKf~Z|S%TT85%h~sV8@`g%^&%1;Nc=4&rXOWBobOHxv9Y+7 zoO9UFW$LA8}i z2QE-ORLzYO2-!17&sSVr6>qF+{p@g=WLX6+^7tz^nW)Qr5gYm)T>sq<14?&Ae7%41hIM)5LRaGp zoJy~6=HPC>;T(P6(DwIAMJ+Na_B!D*;)ZA3b}F>{E73v@7(+87(oZ-(A{*^{si+LV z{f8ryPnG|s`^2aKiW1J6E@&meLC(FDjW5T|Zos6;6v&wrUP{!k@Ne(0C#oD9O4sFE zVfojK=#gU^lwJ!1d{1;F9JH2b*wAFWenRXe4nA`Ds5cqK4FtxdB+y97iy^TOQ2@*n zwTN%K1zig{vX!s^6HY!?k)C7{9V7YL|HEXsl$wFn16#}HIscXAITkPYZy^UuX}NyN z^nRN$(NUkQ@=u`_j7LWRsD)I4iy*X8acXMJW6(#Ml-oF{C_^4INp$S_3*eIp+iHgF zrn!5eY@(gBrkXTPnG-DMb-G6|_j1BL|H8C5H099?BIZTRlvo%Cdlizz;4(raYNS^2 zzEeI}8poGyb3A+wuG^#Vs^zXLf(+WFh241{h{-@6^-XRE z4%8Sb8E&^eawL@l@5RL+%K!3MzK%jXm$)s9^Q#pNa#9xB(kYX(4!%_fxVbxzq7AcMf1iZJF)l3)}&0@t82~YoLAd8GR z+10ZsuTdExXLvIaeHe^Bny6B0lQsKg5W+BWX2pK~tmE90i`NTEFW2y_3fg==v%wx4 zTiLxPJqfOG#IjX-nw+;?(3ErX#=lgW4fBPdqxH-tY}!ahdBBhsbt;}V$|P=SAX3ez z9z9gzhb4T-k>^xxQsQc3;a+KAe(@YV;S^L?a4pps>UnWU#gJW^B=ph#0swnXDBL`QWqhK1Z8Sdq>m;b4T7_Wk5 zOxiG7kdmfVfM!5G1CzL_K{ShluOU6Egz}rbW zAt|PTQeXQO42oMgiQj56;RcW_jIW}S?Rq^g(vMevwUhW~qJRDb8sc3u8%TVTuo0^3 zX?Vl1_iDGe?G2R1c?q)rm4a^dMTo;ev2LF}WelbZHM*?-TURSo?-(%I&AFqUa~2+; z2;Mt7={Ir#_+QTyJVe66-D|Inu@RdKGsjNiMza-BmGwQ=WPdxLa9o92WNm}l{Zj6~ z6)y!%At>nkOz&sqm3V~+eu`CGs>+EV1dFC7*$bcGoz}7?6wfITlN=UZK%5N~*z&IV z)8o0=`_}UY)|1edRGmrAEU!W9Q$rv3th-Aw&~Hn#KB0I9SYzz0(A!h*KR4{V_;9)B z>1w-mnSK*7kbZwDCK*QJi<0vVua;%iJFM|Li3onnW@7s8y}ypwE|tphalC2$m5N-y zedfl{3Ms_-B&_fDWZbjaq{3K2Az7>}=>V<}Yu(tfCnuXmVg?-(eJerUpjjOFbmDrm zlQ0U!)wW~a^40I&N)i2vulQVNTYmq-gK5r)zA~2NJE!L97g~vpsqmT; ziqbcaEwsFu1bbLtCRm>=ff%pI{3Z*ojb`3?X=+_z;0||v&=HL283NQK#*?B`ZELXm z9dkhP;T~lv{{`r&1l9)5{MBV8c(j#@&Z4@R)MBL+rI~DEklj+9-5S5s$NWUDTA(}Q zEW%cP_@-(226GIQaSk2j>B~5Q9H=_bDVn8!`%}4szV!mM`-SiCItJ7iPo zxIM$6eKFlYEwj$F6OrN9s0o!RImmd~%)E*8A_ph#D*H*`rm)PUb9Q&5u;e?R<32{Z zMYv+Sn!G#UF5QAXVw)h z+cn$*)AO%+k|TgLBT=TQN&Ii^in`m_0rK3}>_Zjl1^60HoIP!@Np+a8e2r*fuRF84 z?==Xlg7RU<0mx2HX%pSSNT`i&f2t~JpP9lY^-CwQy88-p5J}yWU8H*NOfQMsogSAZ zOBS0osNKrU`|lU|RkxImZvQjrNS-n0x-x|W-^4q}JV)6bWalrR+k;oBB~BXO06(Fq zuPiBB|78kN-MwvIuW9AkBz3sIW#gP%-Kce9j>*aytt3lHKaLA5pBHIAOd4pBrPA3l3LlPQ^GVUlWoF za0vZ^>$F9@-L_JSuh=uPFhJP$1FiFO{0$qyB1GqCiJjZgv&=4vtM=Yow;c)}ZiR+g zQDe%8#VJJwq+YN=IiKQqhIIn&}sO2v7gm5f(feREH5IOYu#fEdKpOYi7~u>5S}vA)@`j=7F&0>c?B?JJb;x% zxylTsYx439r0(5 z_`#B!iVVRff1Htd668P?jZb`vsZrar}#u&kd!M-Wm}L+dXnS0qki6K0AzEfx$d-qW6|?diG&wumbdW#F3jiv zx)*mvHZCy?mPEUWkL{p}n}}8#kdITyoVrt-GEWCwl;n*O#K{h(#M%?=_b3ekI1d_+ zd}&{lt=8Edd^Ykje~Y+i>WgX6Zm4eLEPr?lnG&0)9?0m=%u zN!Tm7@UQZW5cNY#b5U=;i%04g#a$`r2j~hBD z=l71QR$g#7q8=f{CKpG4bf$rhA?0o@ZmV}!na)0U@kCvY63;O@o>xvIZ&QiXFxWV$ zh%YSeWl^^h&sE&6pD^)MTinFCG%t9&F-?3VE_PZgJ4zCNdh^T;+SF&$Pl8+i!$!s= zRsO$#u5c|z>(VQ5Ps4qUd80m=w6Q*Iv4$U~Ae5EAG%*aZ3aS7L4#WPf5CV|`fGCH_ z?T-Z00?vN)hU${*BQw(K;#0t1uoY`jMrx*RNS%dZ0m)Z;uIhaq86)SRh-C`bqH6I! zb;6~?HfWBQ*fs7BmuIP}z4g^EmGifFyGVaXy;ga6fk*wvAx%ga<5Qk!| z{JvWpUFjlYv;ul|mf8w9NF)h+8OfWAiEq|87R#TqfM&+2|9LaR%LNQcNB+A1pUpzl zdQn@cGoLW~#AOqFD?L=FQKIPMqyf`Sn@~*+K;l9c%_sC1n%K*d%-#s4qK4I9B|yP! zt`%?ZydRH93*ht>bop6k-tf0Tz8!ma%qT?Il2^oc3nu}%p>9%T&*iP+ z@2?8lJ!(#C$hpRIT$jd^0z$d#wWfY6+1(mCExsbWsGjtP9my*<`|Jn`u&t|wzhX}E zUX@z7P`6~b+V%T>>SpVeGq<&-KQ^||KTJbM2+i0j87#sX+;*4E>q$Cfb1@~vTZ_(z zB9@g`*~$$MF|jW-c6jT_fKfqJ(`UX?IUi9-2GrT-zn7bB!mDyE_AEH{Ml|X?WwubH z@~EezxZ2Ru#2`QIVdq-en_}Fu#=+*WNm~Lt5G0$;-!{BV1f)8u)4uKKk@{eh&0bx+KiC#W6Qs!J0%!jO-AdVL3icTzdA|W{+W{`@SizJ zc8;ol9)h|2lQ30{=$J)Z5tid@gAu2FI+-ee{_Af4xPo1JyXKv+N0mZLN zsd4Ac-DaDbhaH72MYy6B)vqmKfB!;3`%*9plVS=7 z4}i;pRP=&{-2SRnmE9Y}$90N&ncOo9QjJz82>ufb$@he5JK{+MZsgG{U~&y$&k={m zu1&+=i8rjQWXyYCzu6G+Hq{^TWeIW$Yak^RVvJ>X#f5uCBDQkR+o_m+R`vz(n;~mC z5mJS;5;x@v|2Z?lr8_bAqWH4UdrQ=II$h;4YJFA2t)pSaHui20V>+ZXODw~*Q2g`S zpsbWBzWsF!*P>|XQ~TDjjhvNyKoGGyf5p=}RTm84Xrhfj>M0^bOG5P?tM<6Qe`M@d z3!L-3Dwo3v?&?C3coyzs<5|s%S-D@Os`}ys5>UJiWhcAO92VjyFOO&97Fx@8J9FN+ z%JUI z#iae&(a>lP>KnnFmkG*7qzgCiUYtplW?$=f)AgA$7pbzi$JqCP?+6FV=HMHmZQzp)pOr z5@`xe>>Zyo-mAX?V8SUmV*23M^$|sL!U;_dtKst^YjZXr(r8YbfTP1uQkl}mxg`~2 zq1n0L$eaIX`jL=!UVH)OmPS8g^WFX~Yu1laIaF3E;+~MWE0n|#nx9V&!ki|bY+{q zvO9k0Xym5mWh8IE1j$x}!&!CK)+yMpAkKifvC#u@an*4^RnD(2UPYfF+Ep{aB9Dv# zBu*>S%I^_|-3fh@BYzW-bY(v^K7n?Pta`juW&wd-?cD|c1I788JXo1@pv!X6Fwfjc zl3t3aoa$waSpz_2rH6AvH-L?*(rQ}&t%|29OQh{RM9Hr~Mkmc(ehtT&K_%GYmx(NX z^|FP?wpoMD(Z|0|wUqP3=ZBxn#O)#l9I@3LF7pE%9sVTeYR9rKX$CpGu*YD`9sYu% zJ!Q1U{}e1%CBZ#qNQs5NwxnhxkIp$n<|kMF;+f?sAmI2!sM5w%xYDAQtTHoy7iN2K zTM+l-sN73siP%WzyNJX@Lt0p4K`Oc89iq)VWbBsMd;!XfW+GVBIY zrs%^KQaED_aX=GS@*Zv$~-B5c!8O#h1s%{4Md|9 zv-`wTNl#YtGQcX|m=@nF8@xR?9e(X|mP1c?sO;E0IePH~$GB$fMzZcN{eyyE>KLk=U3o-!c989_3Nc!wa|GLfx`C@x~5T6h=R*B$=C z0my;jSUGnuSQ?$Eu#%1e6sxUPVqX-ijsK`vm9`;QOO$1MBTw>v0)Hqz(yCd1?Nf@6 zy?3IH3DWBfTJaD&zuN?eH2y6CNvxI^Y46DM5PFs??MjCHTtUg8l6R+$Rm%BtF)Y7- zsDXPW?M?77#!(R&qETTRw2vqRMJ@Zf0tMKzU3A1$7=`q4LL2}IsE*bbVeVh`N@5qo z(t2GOH9U`m;Ol+>i0U(3nN;m;&0VW&9FA~-rrKxoh(P( zvNy}`2w4RBy9S1`;!8gpb^~u)p%{KLDhK*h)j7Lu@eI8$8=Bk&7#l#<6)k0o*S||J zh$C4>GO6u!dCiCZ`nc*oZ#=y>n4>5o(6gvFv)z!MuTRCTl2cVcQt-a zeOBQ&tkTU2efg@S$}TSvpKPSkHxzOJ6eow7 z79Qm3z%h4e?lGM+j)EpkLK?U_Z}v%}6j=J#Vhpe@tci<2OJjNN74q28sVPkMwhsLfKr5sWQUZ*i!Kv2J4Q6;|jZX#%$ za>CB;;MD@dRIe2-qmDDK1(cqk5v4id?&P;A+ukxZ)+6N>N~I#ax2vP?B`DEfHmNlUGQa#3XeFv3rJSrzT{d``t0Z(h&zKme-%@#aDhH{&Wit6( zxG(xvg(AA2tNMHTh3&fgy84#KO>cU^Y7D~1_PUse`)NB5>i zsMn01bF7>c#sU1M1tx5(r zistZ{g|%;S{W+_EWMn=~*YPbaEHYy@S))}{BSLH)VsA%LL|eE=?nB!?@LkmL@M_-+ za>F6cb~Bh$+1~I}HWJdLzIyk(5(MCI3Xv;9AKCqFUh+ENg;VDC0u*aT^1s*4n1O8d zBwWiLQ5CE3bi*|bh~`8}nq?HV{1|EsXp8^@6DW&#&qB~w!sVm8aG7H#V_-Tkkcw01 z=I>FCq*lsw3o>&ibHQRR1D9rd`I&8GEY0A$)AFFdlhM=qtRWwE8 zt=WB5W$C9{7@(KYB&+KonQ^URz~8aWx%`0RZkqCGmoet}2f!RP9IY2_=zEBnsXM(! z?z{|nLcRNciFUDAwdX%-WgNV1Ip!{zmPtKyMtTSBvSdXQEcz)P0Cwh+f&t*Go~C6t zu~;S92}FgZM{VrCmMuG^CyFIV!aYo8 zDG#2~O9M#I6v%nv@DrA%{o)pt1I*iN;7IoOdC1pvqj!2Kfibe`hcVQ81*98YgFAt* zqBAU{r!ya*o$#EVJJXb#wz8p%tw;Uw0elZDB)&5=zx~C(+>U(zgg<%~|JyX<+Xwss z!_bPHApp?KU<@!zRM4wXr=s{ZO&C0s6Zr+aR`Xl8a zWgHWG({GYSQ1B%Xw!AK#y5}v(^DQ0?2K*x4_+r|}CvjEHpK^6EzlG>gI;vVF<{M3- zVITEc8%-sEf`N&_PKG75&gSDv87J_IX|)qNDe2Yj<(rTaJh#t{Otz&cfY|8cUYb-N~y9l_A>W@Pa_c zPV9GJrwmPzl|RgUGq-%yhMt(8q;95u!tQc7s**VKoIApq#a5a~`!Fxix70q9&WdrZ zY$(@#+JWTZnEjM5W1KXu!XFKd1oj)o0Sz;?Weu1AD@+=?Wugm~3$LK4?dee&1Hk^i66zkm!x9CodUG)Y}T09b5 zXePeuvd?UM3~ma@PcH4Tp#itJ#+j6_-??+EwWYmuli2+-0BYEZwD}dI^Dm?$NT0|O z957CzyFpauitAoPfCiiL7ugk`EXTYo!~*GIS^8^hl<7bR5L!t3gl?HQFsr;-gz}_W zC+k*BH7G9#`(F0R8i{U$T;85LjLhjI#~b=|{y9eJtoHz{*r#$sY#tA=$`AV@P67eP z2gcN{xk4b~$h{T#CE}PlpilkkT5Y^#9a-^Zh=N+(SXI7c?G*H8%cxbRtQUC2yg_DWLK9|Vk`yuTALRKt~)*^IG1%M@nNM6a5= zLD@EsV^@Lspd=HRrQA4frD08v^FzFcffnnUeo14VfVvX5-LVD%k0bR@wcmm^Sfj&(HfQ?`IomjRUFfV%(u2s#ymj^wc?#3>ajjNPRM32~kp-+*ab`!kBmOLGfT=n57z)iK|E>3V4-N0)Hdu~~QL^9Y3_h~`X}uN;nQSw*PGJ9> z7EpP+Kn7LxS8u17)>SxmGwU*8@WbMOo2}B>{9!`Wy@Knuy*JNA|a#dTpeP zPnf**0{me{<-zW_VE90&yBpL%swrW20G>i~R|I=Bx80(ja|&LIZAWzVEMP=1SLcMu?(cHingm`Mp8hQlt zD62~q%U10nSXUAP7Oj(9HgHY6BT#T+`dsq;a0${H&JgoKZPd-FzJBmRxL#yv=oozDkAql)&um;Xhh`n%iS=>Z{R zKcEbDBU(l`V|J5thJ0FjU0H85Mx%AS{H;l5t3jz&O=p=7o4f}|clV4<%0TdvEf-7k~)&=8@~agPaF z$VGY8kOv~uW!38w0mH~}Y4IDrPi1b5?We&K3#yC8M9sHb@i|)Lbg%H2(C8 zWKr}I6#c8?{`=LU&wn4KCd;pmTb=wHIzFg$)1Ll!e|bQaYTu^F-yh3=bg8SSM@6#d zMry)|%G6E7&rv~3BO^31+2m?XYS7}~{9GLMK2atXusa5W6Qg9&2mnjDm~$cbx3PpK zH?maHrHD-E*sO&Q<34FZ!vJltH)t`kb9x3uv?i#IsutKMo`i@aTMm09O_942X_@a@XpmArH0B?JXGOGU934WU6SfH zGE@DuhSi;4+<}NMh4m~eW?IkQ_I>_J#Yc%2qE%|`5O{t18BAq1?ws;s7GVQngd7E0 z&6<^|7-l~sZ%4nmWHFqdH=5;HkvDvL+D$1Zn;|}5Y!WHrll|N@8`(iIJFk(`d43)T z*s6>OIGkHy>J*_EJiMF$tZ6w8s#AW**1eoFz6J_l#km6yJzEasJG4_ncnzmfokKm& zaT|is(xauYPLU4aD7VO0y9(9R%Zh|P;D!WwBJ3-rC$%l)OK8}D4Fa={w;iz3l(YIf z2UF%smCLCip{2!elaw2THxi(Q$!c;t)&3z<|4N*Mp}g>_c0xj$TBlQ$ih28 zri5c;=LSkny;>d5bMj(Hz=mkxss9Cd>i6YdASd79j`V87y3g|hK2xz`6%T#c zvvUn`m|Qv{Kq9^&^hqK9+%<9so*dwi;C*J&uM@Tk455#LH@Kw`@wZj?mCW>LM%E6K z(7d*O%6Y@4ge-?x13EpSMb=`4O^h0YIe-(WiLDjvaKwm)_91ZmoMxVEF2(f<_+rB| z*$pgzFG`(Wj{bDuWPR8%FX^Pp0MDxa4$|JcFGEW@*@-CE^WG#c*ePk9!0$TV zDkOVd!n3;SsjcFqwlUHv+u!1rPPB^=$*73BBg(J0B2{7eii_|&pFq!UshWVPN;mg& zeHP;Mv%G%!rF*oOe4a)8JqLw#^^Rd{;VyNDobjEXF@;~Yz{4W5K1W>BRY0KAv-|B6 z^$UxQe!)c}#XmS7Av!Rsk^_#YqUG)SP7{M$0_HtiXeJ5Cz9Jet1vuf#tTDPzh>Jb8 zvh}t^5>%`+D{`I}*p;Q=bY8(i`lAc$0WK%qn~~o%in*QG=Jz(O<6J?-RmrR*rmxJ0 z8LMIT$q>Z8ln9zFJr?Hx-1M8E6o>QYJAIU7$udjMGMA5Z!`>hDA|#2h2LafOokv<7 z^4ApR&NrjFimZ=`W4?U>X`G8q*)NO-Yr;^m%dEw-6iJ$^YXMKucTR{1*!4Kl$YT4zJ(s2WNROeVpr)$1-M4(?J}Te*Yl%a?5yqE`sjXHF{TQ_Nf6D-%ZM ztUnm4ZRDLrZJ%YR>83oEEnY6{Mx?ugRxe++zA9;}C^tk(b{&PIrE` zbISRSH&Tg^R2uYDagQk>)BpuPr)f6YVkC%5c@gY-+z(kKo*Bir>U&A(PA^a$uXQi6 z)m>GjK73+Ou&sd-Y29sF7^9I>EN7ZuAA78xRrr*s9%A#TekWs_^ND#=ksi0L{Z{j@ z6}OBI-nREl>kM{~Y-!aGf&WYpDrYJ&%u2$m93BmXbWpl0@AlBXEEmaLQd+;)?E_pz3h zZ)C%K(f8*3v`Drb#v9JL-#pN#P!dCCi)AU^@k_~J4%Jd7cC7mF=4VNv{>e|{77=9z z8^<86hL|%{jTAH8WLLWpc$@CD4E6O8p;JZkRXP8GYIbjG)O_*m>kQi^il#29j1I2Zqj0jfJE1`ZdYS7)je@RQnGqEC9KZOtqZ4#-Z3 zUuJgi$&QTett)BLuy6`)qY>`S5Vu&9R*s}LWb09b`W7osCMIe0mgT<`jb%^dBkF9# znti9`9%lC*FNrypQ5D6hAo+@4T_t%svchX#bX?I3MA9Kwuch@I1l(!8Apz>A)yVEo zm<1G~ntL2TfmSY@?8?Mn%7oUbVUA~1bmDZg$9Ac6S&_XYH(7>*f z5h)dXW`NW}WP*G>(&TAx$xHEs`N9X%?zcOE`PcOhpZurF_+;$(&qkE<#Ye6p8R9Yh zYP<+rPj~@v$bKf`mIonHa-oU4$@?_ugdKX!A_4Xwz5gxugm+p7jeEoME$CxQsElBC zwfv{Pa09k(&MH=nx<3N91)ZZj{b;G&>h0nOXOvq+QL9a_k?sM{ z4)`K`*z;L&7TfuFQG!XQQ69t#>UkDg0a(1%=U2AeYMa7HptX&iKfZvRilg4;8|94R zZFVJ@LRRXuwL)~9aS=-ZNg6lPzWnnshR1_3g9^n=05^co@bXBZGc#+4z4{+htOlwq zFu}=iK$GWTG+CY$I*mS;a$G+c;_}N>eaqx-0f8dz5fzeRsDFvgeyp%z_UD;o_6DQL zrVh?}n+zO$KA||$XqER;Vqv>DY<1d^;ENvn)OT>>B;%#oP@je@juSiU5{r6b5a*!+ z({LvikF|^KD>LXl)upyPlJ>va`|@z8`u}g;En3lr!b~N(OBqsjrczWwrR+>mlzoz& z86{0+nG&gN2}!nu8T%9l*`~r+27|%a#xi4!*`Gt*clY;uKiBimb6w9r&+lAwUCf!! z`JB)CKCjQ~eBQ733j@#eBBl~aVcfp|@cAWHUum=EknnUM-}}44>9RURKZ~GY{mZ}%`p|wt*S|w(9bjABkc*8}mG&sdk2Kl^@h~jQR*fS#5AEg= z&V>(_mVL5u0WFUajpwMHPB@G`;H@<|(h-z7(MiN^^vw$xE1bMbDfh!NL(G15qU?bA zx%!D>wr(e=lzD|`Ui=K62Dlqzxu{S zw~4}w_2t)milA}4^?n0Y{+U|n?su86hdo{=3)0!wU!n8_r#9zl<5O9*py}8tZ1F*| zMw@(^2DEO`xx#(9FZH`SE^Dl5npaYN)rz0Nj;>1Iv}b^hDI1;=?dG~BW*7b6rnP|RJc=!7IVw{tocQC)019XCZ8@S5}oe5Z3eXxqp3MpYmQy{6bAcd4~_vuZR*CLR%6 zSl@6f6@2yDD^Rd+r}~k*3h}Tx|1|SO_E6~KSpv}_ z3kq!tNJ&hnFD)3k3L+e3bIWO=$S;=8xSIkCs76epz8gOD{H@?)ra|A`BGh61fDd`_ z<-GSbW0^y=5?-dwBdh`;pAuRW zmA+tE@~qHPwy5ZobOlLZU9AQ1*%nsyA2CYxIp3sMDVQT9IHWzsrJ%qfNAi@rSck}# zDlyu3(xn33bmruf=2tJo?+YRjqowJKBxLp8MXAZ!nJU0Q5|!$Qo+eAZcN_LGmThc# z?{@rd65gNiBmqdp|EG05<~1HSY=(uDcJ36%aQIQR(27`ZS( zr4=nqO?L+r^s;&ubGmOz`5W`>xc=Ps{mOl%u1Wjv)~CKQ#C@`Fs+@FHZ1ERXOIrE{ zvy-MiJ_`)}!R&GJupFjdEg)5!Bx^1Xq&&NX>>mFP$(+CrX1S(ZXcc$kMd(UR$6;hj znx9xXaVFZ(HDVSO)7jBeWH*Az6ghMt%6v-qKGXow&6gZ-tGnmhx6`;Ut5oxL$rdMT z?y)!AH@O;{R6!YtwsAFr{XQEZa{2G@$O8nON#bjxttc&v`7ha zS86D~@DjQAxUG_+augeiKE5aYyMDKO+Rk8$zP=o8Nh@}SDo<8= z(AU%eOgzBDOlTDeYuRVKico#wCV)nE!;?y1&g`Yx+f+<&4ZNrc_TCZ6%xp zLh?L^iw^rl1eIK#yw#lUDct?2#4&RYo-aK5PI$P}EQ$fQ0^!x&dbselXUJlzM5r6So?#$fF@yz4noW6ChckpUB>y4XMR;SDlHU|(WIb; zsav?QWOoC%%F}JdsjdkjQO64~7>5Fzq&3C20RlU-35f@EAk^^cg<+|sd9Gq}3fsOP6yO$pn# z$*b8Rem-!gNv`a6qVGBpkq-d(B9gK(G=1Id=|%h+(^{_uQsVs5=ykz$qMAX~`FYhE zDIK}V-n@^*<6(Pi?nzEvuQw;*yIev5;->DUGI7aalZXgNnK(E)cujJjdw|!8C6gvh zbZtZ!N9OhH2Bxd{;w=OFidAFf>r`SYDsP$`4sfVget|qU-CZ3yS0xGT0553tbGI(x- zuU-FY`f?VFK#q`;ye)#Y2=g6_vOHG9N&KiBiqLI}nw3IhhaW^9 z7oPdJn8_i>d9LZPX`-42-myaSBr~xm-cTUBAnZ%v~F|) zqR>a2SuV8&TfUaQMn-Dty+qgX=S#in=@;(sS3jRVs(?-W2zuoWznKjUyb#rW`f<+L zt*}5YV`?Ou>q1PI^S4DyKH|#t!;$UG^(*xrh|iBaPLkRojL7j*!Q*Wry$6Z9`-?G& zrl}hvptS+M6G14JB z>20*)$EEnff0W~-AbTPAk-+Mrn0oo2;%oPDAw$L$In^)+U)u&- zcW?f5q6cC|?kX5cRF*uYoXI#s|ImzJYSK=oL=LiMHa#pSw@}Vs@qMK`V^C26-h5~1BTg112A6tc>0bS_4+Oswr&(Q1T&7)kL0+ie|4g8iZq4p`p(>& z+OY4G;%ME3JDX=wV&E(M7opfGgV!yYQp~$rXdmqiUCoNV0NQbx7Cswpn@PJdK*F zmk7=NM#J85$UL&z6_iO>fS(DrCmXML*LRfPieSDEP`QNlXOntRg2nZFSc+@? zHI-+Z>>*tTTCUHjT*DX+$zpxz&M?&Un&_Qt*Up- z&SUg-$tq}j*^yMOe%{H?Z&`0C^tJtZW+`kIX7y^8f_|G$ix=2S>l9C#)+LoCc|Wv^ zU6)#<`a{#|EAwpjlF7&K+666`wL|uLh_UDjY{_7egH5?DQ|1$Se?{@w#f!TvzreIJ ze7<=UfZvqVZy|KShY8=wt2Bh8jJVv^n5I$##HM33eXl;|D{c>qM8_ht-U@ddDqjQ5 z^Vu<$>y((D zs*)#6A_Wk6XAFTn?ek2m0MAO-x00@mcgX z7g#xFiqOLg*&LLZxj-t=Fg;SI&+@b8xUuheB!cUTt*Db^Na#iA`j|!csf6#UGc$9I zdn?B+O||3lCm7X zbq@PP#(0*Dt|}a#(AW8>p*X|Z+`#`(G`D%B>j(FUhZMe$19hrQYJ}Pu1y}Re$i0R& z<tXZF8cJ)uN4~b$O@)?LjBgD;vr_o zSU%boNjUXrJKQvAb99VbsF|Dpt?JvnbA(n#vWHYK5;X>+yqo%N7^+_vI>m@j%r#o6 z>s)@4cOg;#+B4kxc-UAAZvJ)$U?gMI#Ntk+n#kqSh7*Ps6S@#<_z)<17 zs~_|KPJS5P5^!sHz#q9wqPh~oz%8;`w|TkQ-Ky?ojjHq(Kum4NF}{>yN5%2O;QgKa z1BBYwmiPIeT#V|OJ_Txb11w4s8e9_)ToZc3F1F0{5Br=CD3=mA(`A5FSM^Y`0+C!| z=PqZBE@q>uQ8bql;i>+%Q1_rnL0|>*R=ThEj8jQS{*)8LRw-sw;5Oeb-DPEVGkBpc zPh{%Z9IvUhD}Bo_f^e%3JGK%IT*Ujqc4gwQls-Q)insP)2>U#44<1qy4>1u-N3=I= zDIO!4Eq&@<`orB*s=AaYW%AOhf}efp>tl2YnA@HL?S5c`L8LMb-JEiyRE*2BbxsS|4ut6Vta>{k|(fHqGo zz|#|B)6a&^Sk{#4B!_!FoO~+Z-4ZJ#>bl0bIU%jNuoK39K1CSYa|=14*FE>v-8ro>50ef>Qi=yLeF_jmha|S)LGmPzTFq3OW1|IF)O^p z3z&NN+1ok(usW zJ@pKz_`Q88ZUPVPk=~D5)O_7fc;liJNhgO_65)upT%%{f`9_=S_zz0OXJxaYKMnbD zcPY2Ig_k&$)t{r+i<-8EYlcxjgJaai!V5lvR_X4}HJY=r>H@GkaD-jzh%CVgaon5) zGT#L;K^GUa2#4u9Fu@_+<48JPM%W{48MPFCH&YfqTap!-`GQa5=c(FX$ z!P`rj!gs1KtkHvIOZ~{11PG1+;crSHb1IP7?$fw!b^*1`5`sToS^+C2;C^ZcAw4?(uvFTPw8Gk4A3WHu&tZ(0xA=a93SE z6pL_H++=c@onQ`mTxv&Tv%Zqoq?;>tpjgSEPynRSOk2U_O?N+*q1SpwjFT#Wd z!+UFHH2hXTx&!F8kP8%2faAmPCO=aG3aFw$S{NH9g%U;1!MG@8oRG}+f+46dp3ksw zc4f8jSqW&OX($k&j*k_{Bs7CLgxSRg9M?>U{;!OLJY>1fv87;PBQ%6f7cR`g5VS<0 z#BzxTkFa%+3q}=sbb3*T*h(El00}XgBh6Cqsz2=uSvbpoo*-;M@`6`>^lBDT34$hH zuS$N=Qykw6c>wcsl8c0~u2ooZCm{z=>u}y|q;L`@0b98wKuQ3^Ekg1VTsJinF6;cd zM}RmcvINOC7W?TmzU}V~9$`CvE#r3l$Em@2b|P|uj)I1ihCJdq0snfPqd7$T4&d&x zeJ8YlT$99p?bsC&d3vV-$ecl+K#3~=J#y=@{5)~50_B3$-t zclXQb{wfTbZ}Om1*2I>*_xW>7sbL1kbQ1>r7;B1Zc8Ns999gG(KjuF9A?1t>+Ldvf zkZ!2o5OtU5z<>8<+&{pMJZn!}OLrpIH>Fb>;>~&RqknHUIdPr}IQ&FDK8V`mulq5v zsWNaWvV@;zs~e_GHYE(9YmtSLVsiM^b-ij5=OE!`=;XoFkR+J!xo~MTRhW3L0_BpE zjsww2yV0)E-J_>9M?h`c(-D>znCF^uyk9~Uor`_H>Z9R@eSOBtv-eJHt>=61ht3o# zOY?zujetxv@LSW;t64PZci6&=3sqJmu?saP&+TV#dK2(1;}U3pgld<1&E7Pf2lUig zE*V=gj=coNB0(M*1}EozC?R@1b_E$I7e3=X3o9=xo&U&hW_F4Ir+p4M)z1a1!dbyC`;`i*On?$(MWz9#x~K%R`;fP^rJUjySIy;rGQRuAAtdC5U;`S$UjS%gc@HXR7D6x_iDZcvs+O-TvCh2sxSNa=rjTb8*fv zRv0SknU^9lWkHjS5)xrIOK+O04iWv3E6So*T59vJcaaDTZ=OP9we>d-*RQL(oNLyi z^2w4&L~itD>NV`u)Fq!3+i+>#dxDcJIqOS(KV1Ekf+(YxcolVsFS!O63$|<&_d(db z8bzxOIsTmP0IhFYYSk)Xb+b}*-#1j@dk3}6`u!&;r zeJ9-zk2+rh#r~A6R?cKJ>W^neef_b>pa7zy9mMoD)<@`hneMMnnOk+tHz2I<`mcvO zE}#yYni;mthM~Xmd5&CHu?LZHs^ppPOcL*7u*Ku%tE^q+5pbel_wh7ms_Jfbdo~$< zNK1NnFQ8?l=lP1HFw(FGodQ0%oew|odrmg3hUI#okVn624oPJD{&}Olz^N~T9~Ewd zyx6^a_Q}oa67?Q@WR@y0Jb1cms?34XzLzpdp7xC!8`vsZzr>JMez>iJ?blrZfso>~ zTbu7G-`^ssGgGh5sojyK*slF;QQPw{H9Q#A@PNr zEg^WG-|3@qb8$%_UUsu;A(&)?nu#Obd(q!0E^|buEyj$Tx)%r z%vo+-da1^~URMXP1^JHs=}K26`eqdL73WJyet173G|;+%SygG7mSikF6}P(M z8mhz40{L?Im_keKw(W-H;>GyLRwX@Dhn$BShi&yIx4R+LQ;o*YFU##DRTP{}{3}0fmy{F^5D|=I1hf-%ItD zh>=@3)(u;ZQLmrYJKL<Vtg;eSkXx`~%f!HxCYR`ZdP(~?B zWzBFJ5EWjRU5Mg6omgl{|A!$52;C|rb@$#{rXinX zOt~5<_(yZJHl{X~?Z+4IhHT;2@l-lrJlI-c_t>e+u{oFA6vZ32F4!;UcKlm;^)v7Y z3S995+%E`__{RWm!&$8s8E?2VxN$E3DOd!(<@Xq?0iy0EwPfIKtO_{SC?00?mlKwV z$l2w-HFe}Fjw~P#Y#X%S3l&LO``fTa{PNcNKc6~NWyQtueiYdK##A2Gi*?h_e(fUN z^VT7k-|Es7Qf18<&{}-p`mVWImRR-@{;htSt zuDJ}sG(CDj7Pz_TKdN6w!S`w;5cB~^1@P51MK1RP`(nNHDL|_X76!!oN}PE3s|kR% zDzwiHW%Mj|o!XTeS~UAjOzN`M%#S|{X>b|V9DuyY_SL+A!fd}wqaJfZMF184FMKra z(>*=KUS_f{>&O7RVc|cz;+>VP`8uj%7yPUnJ>*Axw?einXS+;f<>$CKWKgx&iU~j6 zpJgdei3S$0=+2gTh}FS{<!Pa>A$VmAq3M&=Irfxh!gTAFSD3j8c0lF@>*vK2G=QM-Ex`&{ou zcpP2AQ1`?p(bJyOB_7#1_D~AI^X?KoHFNEJm6fp=K8g`dyWB6B^XSGGGhmi~6aq4mKMYK0c~-ZP#l8P9b)@O2u#=; zRH>wH@2k@NB}~7%6GyGPmv0$B{IKejXTXT&_$Z*E+Lpj@{Q7W49-4IpOeR_sXor}A zZh8dut|*gq%4Qj6s1Dl^rM0yn1mGph@;n5Nvs$B$9>~%RxostYhj{qw1(8D`lHx!7 zMZ-n`!Lk;L_L$uLuTuK=TTK|93!TbtHjMFcGd*47iOvFk%LUCV{rG!xJ=05(w5D21 zxzK7qt~I3^#qS#%JrU1Tu}fi{&w@?|aRWgyxHUZ*mJh6~nf`t+eGU#eo*8eRBo_^z zC^6o~a$rUCOUsqjTpQv1{EYd^*gERLD2XaF9d9^&L1F3U_x`cvt^#MueALw`aQwW(bp0rG}ow1Itlq7jH?c-j`ggNO&O zZ>(U~`l&q=9~$bfSA~bx=>tuzC3d%BJn(i=BvSZ3hB~3~GQs&SIFNrQ_1(CtRy#|6 zT=2~o!%nZ+KJwiVlwd?Trnq2PnFV-5k@}SohyO8D{41^6#r^h;8OIrjPGllN6EtXn zR$6Fh&#&H4;#Dt zZ=ZhJ+c+t1p7icPpp|3IBUW^7_%!!?3Q>$BAFXa76vN*;gFDf#dS$eL)Mxo| zsk=|7zC`K%n2as~-I}!={uHKbQ+fvE5r>$HX`d`DH!Ferb^%9l)vc`kN?AEJjJ z8m$>wvK>oA``iK+XKccBV2@egtqS?^?B1R_-_2jd5T4dJ3#1k07`u;Pz_Nr~Lc(?T z3S8&6aa|W(vH{XxV4n>HlSsH$*zB1!m}rCR)PGK8{qSO%$&;metG_)B8G$Md4{JN< z$E0Fqk*!SmQ=kom%VVRL>bM8mv1&m0_#|pqoF5LN1D}g-m!zTWh1H<%Gp(KU)Yi!9k8TuJ*gml&OQ%W3jp>=Q4gido25C%;tO{S zrz=0j*y{`?OCdLn+BFqcjJaW8g1{q?;Q7#r>a)X>jREsd{ZNAyDLh~;ZEp0j=X+#- zjmw5WGCoO(U4e-w?O?HYe_0Jy}Sv@g&l25w*V z%BeYJUK@;zv@`7U_BU+L#Szy-o)VNXytW{xYY18@C{jzY|)a%N{2 z8*wZshvN7jgcOv|p7}ONhY291;o)SqlrV{_=(UpJz(d>;6#`ts20I7_!EDIPN(M`_ zPZC{!-EoD|5>m9QIT=Hg1 zu$P*f0f-hBd@AX;6V{2r7y#qh>2v2+oRu~ZQZ|gKh67l!X1FRaMt7g-Z=b0F8GyUg zNcBMGJ)7^*u(nmRJDa^@aT$Picpf4EG7C(Idx@ar`w{o0K2310DpoaxqW9ZA0i{Bl z0n}IMvLBPRXfqJkU=0_svIAm*+NEj=ZNU{l$Lw=y)VclyFly62Wugthj8!GS<+q_D zsqaPqHpxIvl^W&{V&C4%V2u48O?|F2`9SE4OQ76_=67ci6L<0atFgimvamYu3@(~e z%4gi#&MoFgTvQhw(rXT>7`t9vl$8f-N{TGW0l^S27K)bUI6WGP1Gd2ic3Sj6S@#5? z(ARz|ZC^1Xsx3YGZs7rhzN%RHFyR|Hh6jP-b!W$C|AO)>jXm26tiyTU+OnPrs7}F& z3dE|NVpS25Z|sp13U$4hj?Vm4cwYvs@l0<@xrhG)_B*HZ91|Amdz%ISvKY)NH$ksi zw`MJY-t&XXIgG(_u`m%!W@O2Y={Mv)%{iaK zy3|YneYs7~B4&ONeorZ2cn13b;WY&pZFE$;z!_WtJzVg{An5T{agM)~%r6MES?UkT zIIXx_L2)QS5&wEokv()uZM&%kl3g@j)Z#SJ-l_*^iXG=_v{+W$ur9=GSFKM~c^C*X zOcE~^TqduvAFDs9B+%w;;#_qqv&Ai{{Tg?`pMcO67HEurFEB7nPq?SbxA1zq*J4E2 z*7lp9<85?UUAOW!Wn4nq6?T^y;NohfBt84SvFKzlGK8;$-+7vTb> zWw2z@JH=4hHnzt;Zu)&I^PV#CFeg*C`lEMfLz#1esZMebUxs6o+RU*f;UhmJCHIF{ zlUxdCuV4oPi|3`>9wJO1|Gb;Mgyh{R>hJXlK(ki`HsP$4KFTh@3MaZ$^V5%uE1g6W z(?Vb797{`Ys90dHQ?(q652dV@n8!&D?CvH=zKs1H!{#HB=ce#74QTN6L zsmq(P>Q2fF#2P~DtA=;{u29Nr9f#Z!$hsC(_i}|S_#80;)!ut4atr$eu=fMf6^wzp z`(dVBLY-@XEwzwKG0~l+A~s)1Yb$n84$(Hx-|cqZm5(DvbkrP#e|zn3gdB3D@1^|r z9q{42rZbl{KX-|fRzHUjTPW*ZGgP+UJ;*6XDBHr`_Qyd+=N&`z6nlSar9PC#2jqJ=E-0 z8M$PHJOetXilk`%b_)%ozFU5r4cgV5c{OKwsTDW=+bD{JnFF0X_-s9L%K^T^6<+hf zcG#2OhEU`)uxo8~z@No9t9D`RU&QBfwLF)fhvG(T;qfuRV$c7ssmP$ke^^2hk-ue6 z{z|lZ7{B}ep7sCw1Or7mDY53iKbwK)?Z48lzb_4}f&P_NVvQ<5M*KVL^^OwC#D8Zk zQMbn~ckjQGKRQ`zW$?dA9`0TE@PAYAb^lZFe|OOTwD|uFmH(cf|DR0GjDrcyLhzjv XXZcsI6{jqly>n+wPv@VycK?3?ptws8 literal 0 HcmV?d00001 diff --git a/Install-Kubeadm-Calico/picture/16.png b/Install-Kubeadm-Calico/picture/16.png new file mode 100644 index 0000000000000000000000000000000000000000..2de779eedecc52258053a6a0f34168d76b96d36f GIT binary patch literal 19658 zcmbTddpy(c|35yb#9pBkC9Jc`DV->X74=d&5IM7v%3)^C=WUcjQdBA;B%yNH#5U(i zv2tk2*|0Q+n3-W4X7hb|z2Cim-#^};-|zPM{dMttKCjc`dR&kD{c%{5)m8INvMRD5 z5NOlI3+JpsAn_6qNbKgu4ZxG}$KJs}BNk+BZVD>7$#*cfL7#r6ek+4VI6-!?o`v z=O~IlckI&MziHd?t=E$;JQm*R5Ay*Ni(L{m#NObL&XCuSop(Ms? zKgWHTf{N0D7ZKRT9#uoPZNeJpI`dRZ=Ff1blz^3WLlndKraCrsQJ5$QeuhYmXGDq@zsst;rSxp-ljXs|2n;xPuI(aa`#06-Zc5Kr{=l&ji025(CwC4O zwSPkX_rfgryaC4&ai)F#Zz1G<%ClojkK!LRu8f+D8K8FntLVafa$%>vV<-hL&_@~b5jAjz zTUZi?xN6ieJzzsc;cjk9aXfgUEX~=$mwsTUsj2JKXE(tp?JpWzwq$}!!q+!P=jLlx zoX$fYlg3<~m{KCtu6^l53(uAh-(IU+P|aw#%}Ns3N7Wf6-`?zi`K~8)6tPyKj2^f= zXMFPu%1);F_bJ!3x3WWLr9H%Lmh-(Shy3I!ueq0XlFpn6N1IOgjox!X;l&-*AI ze2q_4*oNUsdCb+B8=JH5`3^Uvc{((@gv&Ar8coO%Qd%L4e^dGA(wJvkG~6^dN?@No z+1yY+XPYEMn36RqZO6t1k>dheTL*{xm$TYTpCtqs_BtEsP78^`%j%zUXki5yrhrrj z$z)%;6_r;P;S!<7C|wX3WOj8X2B#1sIUL97;z(7sR)MxGp+}fk>gmPDtr*NDu=EQ? zM1&=D4jvXUzg%objHk`@S5~LQ?u|cUUD06@CdF+aFoHzD^2H~ zjZ$Cx1?&MP*tEC)oyWNT8^e!r`VGX9LZa0hjc7XMV7L}C0U59OX{*U;&G;UF@g&S$ zeT`h9>N3mmZH>1 zZp#rFn)*Z!@ZS-zeKo>~5UraXKf7jfL)Ul@``$zBAE$7h6Ive6F7U$jrvriwKF})# zjB4&4GoG`Rp{0}bN)et$64j-pz7vT$Rwiiv$dz1Uv?vDkN|?aWc=F5k?R?Tc<3kAM z`1ri(C`Re3cv&jP;CY%u|8uC`XAKqa_5#IRhlc3%RxWC9_Hl&9uLecej8p?F)cC;a zJAr-fWGQ6-G6tchYr!-0;25x;v40yTwuLE%CD)hQ!zG`Wmr-6Zi;ZTV&vRZf2T^tu zQ#)U?VRB%7B~loE_sHzTs+?n$A;q1jL8BG`8k91l&k}|E)qm-1wEfoxHurA8HUv(t zRBHEOSi&ss!$w&nbHS!A*!mkmeAgGPNs&7E5vQnx6_3U5@|zkogtg~`p3QsPUZeN(34f+fv& zfKYdXNufEp1}SppysS{H5eYVSNun=S^lm9My-%=k?!&|0P?kyiw1PwIq!-zJQ0!(D zqh(y6UqgghxgLC;X6n7URa9@N7Y9e!}4V)_m^!L^sC(Q&dr8+`stJcCrGfci>ymvNtI!itDMv#*)v~-V0M1#P*0aS zRgLl6DyI#NO`8wFdNGaJt42O#?-0IaTW*-=TGI8?Io1M>K)=|`O)4i}m~c%}VXdVi zq$$hE=qrLLHM&Wyhc47wG?v4Q;>vT*yiqiRX&g=_DK~t|d_aFbaGIH96YdaeK~M6_ zDn25|PrTS>@JlfQwdS)>H%Ez?n&j!NHn%?%Fb5V-+-Hoxc!O5cTG%qO<_sl{iYBd4)5=h;(7Qr0a8jb}lr z$Wu>*MUdmGkGvO{Ia51l;oJa)2ZJb!VPV%ifL#xhUN8(HypSJ za~$u~7IuJ@MXkWjR5W~)?_SXPYP+f&R=MP;@oM=Q!+t`7`TR#+jD*$EI!u z*;=bxy_skCt{#0X`XK%DI+5N^4|+_3nCqbR$vc96iCUtq(32iJsB?ZFQyN#eWwp2` zAcOtobM;z~;x~|id-Qh_b006?%ld(9sG~nSCeE}6Q#O*v#EUeP#2W=)u@P#EY80HA zoABuOqN6;;)8%q8$2Nn-K%kfkh5z2j)BFmx)>d7kTMb|o`r!$iwTzGStJ;OjnjR^d zAduWaad91KGrm2hS zyAL%zzNWUKXURtlCANk1jfeuu1_QRYZEDT0sonY1e8Cf1=)%16tk@i*C2!2H^CUa2 zEElKt1;APNwn7JcX6eb^T{Fd1IraC6BBOT4k2-HF2ZMC_oFgS7ZE#CV^xJMMgR-Z> zu37mLAyJqH!_@SM50w0DYHPoce`f)1Fr@d4tkLw6IHE}toE-`S#e|KnebTCFGp)?& z&p&_C>8-PUxf5iHMJ_(9ZG^d2nb+1=LBEnl+Nsn@n|Elb5-IKCvEok`oNqWS2eF!7 z_|QRD6{pnPOILEFQ#Z#F2FPdhuY^vNvF4q+y_%3ohir3Y#S7m@k;hrjC@`7lKgu_APrb|fsVN4UJ4?h?op07M zZ6lk_eO1nAZMxB|eDjm8iS>5bkg<~%v`xtjOji1(noU<;ZS-M0T05h~hG&qE#cRzbbH^whE&CE9H`<1)xn9-@>S&SZSA>?`F zLLj$YH11!GL8=alzH(c^tb_TJ?EZj9?8y#~1$&!ZS_AL7W&*K6&CJx`K!T(laxG;x z^~nfN-553&WLC_cLI_W0dJLE0d8;2}K?Zr@*Dfk|%{SS=f|*e8uV!zuRebZ?eW=>4 z5017`IDVYLr^1FkIC(jT@8rH6G^a$w-m}+>i!UOAyp*okQ#OFTIbAwKXAxrC zGUjT0_iDwMX3rZ`F6`-}wKP0?*i%bSk$x1Z;3e5RA?oR+bx-m*tU`9`m$15~$ffXs zRM$Qf*|p1WA(eD={FF4P?(rN1bJoFf1~WR4{hJ9c_6gW%f1xfqFAV9WJkl%f)VXm7 zA>a!bWuiN8R2_OL@9@msk!H5ApM5RXmSX+Jgfz%gS=d*Px!~55O2T5h zQ;QpTgOp?=IXVnBq8C<{3*%JLf^bn|#!?^yF~QnUY4Feu1*NC>#_hKQWRpL2T0QdB zolrhsaS(~sM&{mNh$3sl#0U@#9n!x0gFZs8e~9XCfBVVvusP;}y}Z)tdcl={)YymR z!^gcNJ!oz>uY_2H$vAwn?4~{~t4I3oK6jCw>X5Ne>6(P7T@+cRkfN|l%Q|ZIuB>I^ zXQ9f{>F?!`!8QskH}%1qQw%}A>NezZXwENo;ewhSXlc9q<`?ZU#;!)h#-5toN#gde zZ_Wp!uPFUKsk84h&2@IX%DMkI`0c<*AiSgVx%*n=(&K>RZ0F@)jqm$WDSo0sMh9Wt z9H5Ok4R3PLgWv7?`qki>JeO?3!-A_K(U+MCb6LcPMF(JE2<#I2nqgTti@+;RCwO9$ z`ms-OzKCrt*G8myBMnm`Tn8BR^WnYt1l214P|pEWy}M+t&YD-l3K($q4wZNA!Z&D$ zYkoTj)j4GX0=a%Rz1z5w^R1jd4M#V69;3WkGx0vi0Gv^y3tGoFmawNn1lq!~LcvJU zb$NQ@yjt(?@SnABKrxhi@xXYEj{mJW<*$1Vc=!L{n zur~laQl)$676yB$(h|kCLYO9f-P2!k$ZV`hXzoQ8T;4S-dcPJ(c0slAEp4&E+Y+xV zEZlOw=G^DwbzogO(ONsjgRBqM4PCzXfXQkQcQYM7ZXPm&wlRxgk(+Abh6{$WipJ$} zL{{_0e|B(LOA?s(o9X|)G1}CVRyERC^nekv`e}Dz@mz)cPe|eBG>F;DUsd9uXvG_& z-cOZpF3UK64EX>xq?%sEhj;f$+mWaisS=pia|dsVGeN1U`aI5$F0>sqKpr%A?#8II zSHi$B!$Yh-Y-7pWsC}I@$~8+8Q~05Q7f5cH&H#b##k2D&@fANkK;q2Ws21I_)uVrb zboVHQ*1Dkh-l5>SWAw=>mF({Spszm5@O?h`Q@d^wNqCU^%~2uSp@ZP++3 zk>R38&TLI&zF+y)+nim5QlYT(F1W z7!8A)4`C{chsnxag#-2h#!=gl!ibEDJFZsVgvm-e8301MUlQQaZ;ou8{(^i;+^Iwnp43eb-kEu3b9c+`wOEG{@)4}NN%qR> zQu$vpC5#D6{SlXqCk1EnhRGcshZxi8pDv=JPVpn%>A|XSf{B+P%oqEVOXxF!jRh?6 zEEs8~Q-^(zK~KI}aW~A7S^LEUfvAL>d(CNtk-+o&Ov-UhcdTKcVR4Pb_q^9x8(s*T zx@w1oH;9u=E$+nl^b29zXrOS=pi-E|e5O2j?Qbf*oUw~e&7w@;3Qb6876CY_-LbYb za=suRpaJHo%F9EY(@`r<lVg&KvMzCeX_tG`3 zd&)&Z(``!mPwH6KM_RQYl-dAPD|qCwTiy$({p5*QTXh?RC`C=Wqp@c8t_xb^GaXcn z(yg??V$WUO;=uf8Mh#Wn%;jY03l2An9f8}HAO^DBtrU7t_uwzv2RDo(#5%Py%ThKe z{rF`+QdUBUk-Z%5O5Ch;Chuy5>R`lUCenl6+A=+iqDWjY-gsOb5wzyRL{0|@mO{Ju z=3|C1cjM@~8A=%wPC#YMuT=!*RY*0J?JzhT2%)BIwOqg6h!)jL`T%>mC@yd`74bh&q zxB>_fIwBHYgO>e=Iz>cKhN>}<%?v+k{p@4@R?tsSIlhgEPdwi=Y(df9;C@yH{J>qQ z2yftv8y-xaQW}1XEH8s^?RZ@&BvhjB15O-kM5-I}vTEqbL7!r7->05{xJK7(<%o|s zD%{xN_u{O6^Xj{ntYQLi5er9-DjkD-$Mg$(q7|C{z%qevuGJnfSoWFV8i_qfq18iI zqtjE0%Xrbwzc8Dkvw!!?v&KDeRPz?BcH^M5ONIOaLrYFr*Rq`EI^^^pg2fE)Ir>5| zvL@U&wm1YzMe04dnEZPsQ>zo{0%5Rp_<=*(zL`?pzNl*4ZLc;w)_C=cK_60# zM&Dc?%i>Hp0jz=DkP{BKrkb$4iV-s@x>uqy`R2Fvq1Fy*1(Z91b*_R>?Bv0K0zVu9 zUSDD?xb#_+AAQTY_(;mU37*fp!p9PtF@K+*a)b_0;$uk_y= z_uRR2uTr4*BPNU$t0DQOi%)Z7iueFnrfmTWqDhU1wVAl%a8O=M_mSy%X#PsEOdxT%VAklXSaAK8srIx8S3P`!$u{xZq`R>v zun*o4bDljUg-e7W>kD+&iNecFhkgxtBN1IE?(6Qi(c6N-gay`gPFZCFPHTGtE91;$ zPE#<)y{FeWz^!BQk~2zwnRHv?fdk;=dTh+{2+X{mh_QR zc;mY|_=%L^{jW}pbV?)ZH~zD}EQfy2`u8>7@wuKGdIM?sQ{o8CI_9)DCCUx2v?aBbekCE3<;tfdU@WReRR&XSga zY{Noy?#x=|+(}E402z4ps@&a)6HKaW_EcmN22*dzq)INZFiC>|DY#AZ2Ke8VX)T>X zSGsu{Z{e_HZ)lX|G<{E{@i6We6&Sx^f4S9HX*&qMX`A`ZFTHbw)v&khw##p8S005| zUu{FYDSq0anW3z>0Xg@;tXzA6=3th0C<_gD8E8(lrST8qeP{~_+<%?D!o7HlQQ2a7 z_{F7m%C~|eAtc054$eIMqo~&@U@fcBoh?t@b=Bd62#JBX&dE( zsZyp<@u4tc8u)A_VfZ+nNK2lUn_3r!%4gF8iP#Y3p*x~8+c75eAMCiA`B1kjOmA9S z8-(@$d}6yXWk2_fgP(4F;OUx?+n3jX&YioI4&TZvQE@P9q+u7~fm#X)>{!28tA^J* zR{8)|z`JuzNL#xMH3z<>$2h!w8vo&MH&=-l@5sXO)#l+9@7BB7qiZ$f;GJ)^k0j7; zxX#*7J$Guz?sXOKW=Z9*koK&T&yBzmM;fPFkzUT?Z{+>jjIV`_c2o})zAby~QvN{V z6#`N70#qm2tflaN_S4|^9Q_h3c>SWsocZ6g&wsPl&u)Z7`IjFD1VA3D;Y7KDtj<`x zMpO^lcGq9%_ZB%V+sLyoV+o!)^c?IEZf9}S{6I7~mA6TUUyN>YS{x%nCQe04`aAKJ zph#p+9J&OF^Q?8M5xJHvhhC}I?e{~}4YNtfsIE0%GK$}e+{kuTW3ATvtf_QF$XH(0 z`ZD=9*F=2o_Gi)^87+@7%}*;@r9P5cV+%`)IICLfXx7J_NV(Ht(2%j(EKu0Cu;<4kZ7W1)I)Y48sh z@h^7R;l#^Z)Sn|6n!sTCVaNei;i-KD)U+M3;2gD;S>JA zl(A@K0%tTb7%KlQ2mup^;|w(9>rz24pF1pB55|9z(O5tW+nTdqjqzGFx?e^KMQ>(W zLo|eg8Dmnr*|}?By{Ww}-pW=zs{2QSpxE~(wOFsmxa~ph_1{wJJyk{Y%z%18`R;9jPZ^zqi2z@zOf%aqyA0x!27o@H6z z^rtQfL_W5+LEb&Df;%}r{Z^Pfz8VsHJBKM?IWi2A{0WB!up9&88WF7vNzUoddF7-# zNP*R?ssGM>2PspSz1yKkD$Y>m>RHR&E`u})ZcPO_@iPWj&sS1nfB!VHpSZQnGMIML*F=)ki;c!Sy8S%9pgg zwD>?w#~rI`K#gIDE!#1$5tMYx_aTVJwZFDWQ}Q+)>WDP{sHf9Mt%&x8de^o_L>S;# z<}0cB62&&GVxGalNZ*{c*b_7GW>tx$<2OdZ&n$zFV#N_sy|<&rBWFK1KtI+fqE20C zZq=CT4P~Bv-y{8x8qp>`zUsTV210mWg1w#g@a@P|>&gi5nw)PtZhHP5xjDegto4(7 z3y{q#T+MkOHCVTOutE9mKuzg~=^lz)^K#U5>{+DDZXTIWAqYN`&?C4P0|Vcj~+fTmzCzcXL8>z=y%M=m(j?-eW0q>|W8m z`k(Jp4_x2J_)C_pjJ&X8>un`tp`uqRE8DX@xoFmAJehoXdBg?Ad@E!OE)IoD4CuM{!vM{(W38v6}n|1q+JG!pqdDqg&`3Rl0>(ySD(-J zIuS1$#U`c|4-o4f`Hr3WeO}`i8g6QQ>PXM0p}q}vEF)Uz^Ha&w*VlZi^{A|WmWRr( zf!@Fj-H%Y;qpCYljwd~&u~Lsv2Qa;)yuYXASILe6klt0#a�A_R<+YI9-*Sh|E+( zkMBd|?x`SnpVJU11X?_q>jFLtmzzHOz9EJvNJm!eaBz)?%IP4c3knlXCkTtjZ`L^q zTa8Hn-2EEeYI%gsZlfvXhw9}g$84X5}bs`R*j>&gm4-}C4XXnk8H{8W@X*j=swAhiMbe`qwUqTFI(p^RD2VK*B60W@^x(7Dtd$2@U- zBE#To01#0!xUu`H+c~cQ%SX$WivQHT(UQ8bRwc*ScMwBb{in8F#(^Olm|_F zxu?(DmmbioaxFWsuU%)!U;&*|W^yEsc-w{|jLz}<9(KCmh!-p^da|pI=j7y%(|Pq^ z3HH0Wa$K-|C1RUI@oQ`of1|!PoVnnM6zr9A@4-86I_&;URxaL{P9bDBVYrN{k=G21 z3@HD^{pj2TH=)k(bd(1ib?gAX6}x@g zgu5o24QF}YqOA^K+mKbKQ>C8y?3Df*bdxoC?2u&(Nj@hKE=2Sx2%g0fP5@girqE*} zH32H+rdmE1KPH9W>Nm5kCBiWyDAc`U@QFBLZ-(Q%`RDvf;!g3V$D(I&#qLRJ?_=8A zgpRz}6RXzvcRi>L#^b9=LAgBvwEJy7vD{(`=Y8bn{|p&_O;$h8S2%sf+D}hPcq1384w#=)ZPIhl+O zoPyt|%_@VWa6?mF#wRtEVaweE5a&j~1cJYU^G)yxnvS96)amOIi2elpoKifJTX)-1 zP9qQN9D!Z42)ZtCG{TNY>b$9Qchl~uIAZSp0309}Mbe#+wDr(`_kn3bsoG$Y3yulNWBwD#3hJy#JD2crnv7p z(CVCFSXIrz#11dNH2*Z2*aIuY3+9BoIe9|OFl?PeO(%E#q*78ivngb0X6aK3;B+8? z^)H{-ab6sc*OPPTjn2J{_XpC9y`>!rUwjP#^4u&HX5~gWJ^SfBJJ%?kLuD?IdXm|~ z8gA*<>ko#7r!VE5YB2YzhFvi@Y4Jpe9JC)!58lkfZB^Z$D%D%g_^rx5Hv7rv(7M_I z&cn}7l}&=$&J>1C3mDW0#CuKt0vy8_{R2wkkc38AP~%QTaI8F#lm|lpN&jNcXK$WP9SNDAPfB(u8VtJZgMB`$BV3_+6BNF{R z3uj?0=yxV{Slu?O0F%nd>lz8f3QX%NtPlQ3*#Dcm!MMl7pX|_1qWyrK!uv3rWyzK6 zJ|p0Q=fpT4$7Ynxl0Q*07lO$L?BzPdjh0i-DOWfK$H(&mhkLTF&}yYdx}8b41~fe` zM$O-Wm^>eLt)AXa=~<*EBy^I;ryYJgFYZ&v(F@ZfOwWftfmP(X~fm3*%8C z%F;Ncq~6M0?&E}KTirHs1XXkd;HgW9FApgy3qm6gH&=}Mghv*2p9`=1(%druLTFpS zmbav8r5ZKOaWV-n^WX*jEPGUQ+Ld*vB`&O?XLFH{&CXO9SLc8)5E=)eDc7mt+GJOV4^L>=4)wQ-SwEp!0pNSXiS_+txM(SBaSo|tj1_UYs)S&V0 zD-Aq$``D*JCDm4zap-wex4{afmV0s93>8%xu<>)mRW+FsNJM;3I?W_q3-`S@nfC4J zq$((;3y|O|wMRouQF9iL6;xdmT9xOG6uydmt>*!$N9lXBoZF)Z&RuYGo$l|vWp-}sx8q?l3Y6M;cfYBut+G*r zHV@1UsgIr9dRX$}#V*wLwy_+aZRs2!lh~LAtoh95M@qLhf18D$&cbh#h9YF#5#h&X z;Fm6uoSaZeTcS3wO4yT)ZaLB+9c%%+TjFalc~REqB=6FCctYVf@O2|Xkv$u zqaJ(0C6-?7>c|%wZFSfrc=q5Xeem=T&R?L$ssDE?0T_t?p4tN}2#PX%upv~DSHBk* z;W?>_T2a`bzGG!}O#0MM8*e(fjw)t!Su5JGXj4i0%va0XQ8tY7j52tkU&C*B(cA2& ztLKWI8jbkwF1IZ7X*Vy&GN~HPinXeI$+zbGSoF)1f!hoj=j3Fx(Nr&#v$+7MAN9vp zUY~S4CPzqFMoi0>7*j6w9OIdbMB4SxOm0(Gj|ET6ufHxhvPEETV@Vj6n6v>w%(PaO za?~A!L5wudQNek__9IP*5>q$hnx$DvZ9JHN&~E1)l^|=ptUZlMu0tfRJ&lF!?PO?mvjwEOJ^aLl5sSr3rSK%Ug?5FuHvSD;-|*X3*oCPsgA z9*1iG_MUWf#wAV|-0Nv^$DAC1U;iNN_q92OJ&(y9M1H0S%j$C&&E(Yfp%#w;^i88+ ztQQ>+pg5f#OgDCiy=ENj215!UG>D+@Y3lxBJ9cBZ^JLd2ig8SuBETd}s#(f)*O3AK z+^1n5)w8QQ@>f~e*uv|bC?hHj zOXJK=T6d8<8ysW8z!p=oZbONyp7lglZN$lBo*(&dpR<;ysMC=?nGxT*Tdw`&p)kH- z-{9B0iu_kgJqCz_uNzp;5abX2eX$fa8EQLe^CEgk zB7E;ZXRjaj;nWs~HjTF4JM;Jxm)~goGIE=-d~^TR2U(5Pxky$xBNABD$@%JTt}dHW zSox}NrG`VhU-^j=8gB*jdN}*aULF4aI?g!7jB?gPwT(ku)UY?4MJ)8Gm`CImQet`G z-&OaXpztY?%_qUup$%!vUA@W6Km~8$mIpcMf%P7Oy}WQp4YAlLw`}}UZS`P){Le9f zFF&#L^V5UubZEov$Pa#P*($tfpq9Sp?YSQTUXhLXG&YUrJNzWq&tC59Sa@oUqF; zDm%U}{9-O+SOi+yBz1b`u7f4nwP(3|V^Gv$mGnB=0rvy%zvYP%5JN+2*oM81>Xo@1 zv4mE+V9?o;Ws#^({jUy-){c0WbA**r2h2}4&Ualb7Chs3?TOn22tKg2O&o`(S)Vbyx z;-B+9Eu1aQ0#t*gd;NX;QlLervFDotl+r1}YwEfLekkpW(7k#Y0nvXJDMH)(dd$^T zMc(H?Swh;|qCvk1XicQMx&`eAgb%uUNh|tL*d4;z*6dCe1vxt1^|-MHR_{diAfnAJ zF;@(#FKSH5xw|`&5R_kJTCdv1j->F`wO`e9=KH5Pei~tXWkMc|`9_CJooC%*xK5mL zd3h=MQYsSmt6G+!op8sg)25?>II`DbLG_&^dlkKvkD^heCvjicHnk6z3>*Y|x{>O- zx7DAY>=5Xk)x4JHPO5wn};~0Z^}F8hEaxho#lTIZdtb(a+bPXj$JEJn>tV z5q)p;8KWaBXld-U?KGu~HzP+Ag4=^aFJ)EwUB?-W1eb*Xjue+j$5O$?MCDL7nMUj+b36nn*Y^9p-!IwnaPH(&fV1qiYOwx&F0uxQ zpCd1AJSldZHmm(k`Jc?r2#{l)40JB@|E51B>!l#hj3%ESJ=!pznb4ol_4%hn1qEcQ zx88ZR>FEMG(~nQ%K0#}dfslX5eX}tJ7hoB4*FHC4lm(pV)$A?<7pL)<7qCNI?vv0P zj>hZBh4m;9#A6NAmiUc@5YNZG+_IigYLF?P3#eri5;Thj*@Z;1XKUC$kEP1-)Q~_D z-svu59OK$_bJbqB8?PcgyTuKTtsZ&Kruf-kXZ0yWgC3e{h5`H%v~=)>J8A#rgflg9 zS9Yo}YB%`WTNC*19c&!Hy;P*Ttc_$`VgY=gUOQyMs4z5d;T;i_V5+!I>@NgeC ztnaHd_28=nj_8PMa}9?PrE4!RpqB#Cs2B~UhR!0%-d2NlCR8tDpt#sRFFLHJpGwzA z2nFWe3K&P^S=4g)04&@2x`{=feA3R@y=tP<88hfVob$jXn z*+eF6bC|959;x$Pg*zyAMMtrDxEqENOYEJAG1D!aH%Kv1%z8lIYU{}5erKo!AA(D^ zA9srFS*sh)ktbBh*j#fPLSN4Y$|=Z|$}9MX9yynn8lE=Yc+WH}VTLZuO-j7oBy3PK zO!&2GdvJ~p{wDSq?7rpq52j6)nA zkVpxCM@b#SO-jtEw9fE+m$apiq1`s^4uaeJt2_$YfgPq3{;fBv^#G#@e2Lptu_|xDY~%wb`}n}_7E(%gxDUgtI9&`a@6yK z?I?y!YzRG7mks3a!j%CrK9jK5YghZL#5+nDdm_&Alz~zlyGDtaFH=&M;%&By@!c4= zpLN72Zo6Hngg_Z6_zL@{Q^!CVzQ&&*^?BO1_X5k}#<5DE>WLcifZ=%Gy~nXdcQJKc z&t%tkEOta*=h-g1O(nZ`5otEkg~Plz?3hem^Ul#k4&VokvrAiCb_NPQ#M0f7aXrmj zYWTGGQW3!ZN`d`t70=GAzjQ`byx`GR)2BQgF-OCWT1kfjsE);~fm^QRIMG?QZ@jUl z(40@h31wsC7ZWFpMV44zz5ut{qT!DsUFLx@Il@7hu}JZcbf z<7uvfZRpqu(4c6Hgw3quv&aRJ|C*tntdyc$y0$opwJp(aqDl8AqkWmYo4EPC78M%j zI=Uo;eA;zmG2aT47sZ^7cF6jg#|%OWaWZ$qN!PAGE~aAPv2nFF_RgU6vNCk-aRe0w zm&cRqEC3U01=M{l)#o-R_fpfbm$ z6)RnPlF;=CIC{;czgY4bvi^NJ1O3K$+2Q*v30a2v>XLc>gP;e7^x0sl3F zf#7w>d(D!w+DjQR9ujUVmqks_pi)t{<_9<;OZdnz9vM*zb{2CT zLWw-5LZLf>NY;@IKw2Kjz3VoIbvRqbN|0)Wespho>!-_--J0rpco+TmxA0~-t>H`6;OD6Sj*2P3ufDN$ARP0{;+-`-gM4TN$2 zI-n#M5dD4rtR6UtkZM(Ie+iv|-`y=$G*4NpZc zCVp4Bru=RMy>~qDd811Fu7!%c*dF+m%MzLNk(Kg@L-%}`-VfB-A9=^^?Mr(x6;Nla z`%&5=YnF-K004{Ik#hfg9?5p9T5odOTJ!RUa#U|ZWE>^xj^bC4lgMfw!%Bzxn3(hJ zH%A>|DGb0I!_U%|#&ELhhOHhxj_TF2M=hU&Nh%r;3`|=_w&pzrm(1otH&TW!^Vwcd-{wOa_%4gShPmGd|%YliGYX72ZpXuE<9J>)f@R8u_22 zApa<^WU|tnF=s^jA9efqS}NM||Fg^Id*>00#(MNA^(<5f)M{<4u)oNpSqAw>t#Wrb zeCm42i}giMUt5r|Iz0(4p>>tNcduN@u#T4g&sWu6$k-E`3Jc~LSCt*m3doeljVr7_ zXB!>tmVID>d@Z9Al0+?RhsCaTHcqcFBoL)=$zIetw5)IQ*V1bOdeKGBydgyD@^ZZI#eKVLO% zxL%PH6?f`5a+zJMB;l=x_X~27U7SU1qh;v!WxYrbuB&(_+eVuV&aDqb{$G zvql5{Y-F!e>AY>r!MML;_qs^EEQ=5>O{P|or0l|MdlGb=Z`0bv9k*t@7t(ram+(HV zPa0N`G^_dzr#4z-bc8#OazP7RIy(#J5Rsp zOE-h2{L!7I%*M<$EwJ$m3T+|JbCX}8NL#Y6vP|_GPgvZW+&bRCrqLdNOCpwn&^ndQ zG9|lR?u!}9G&fO=`_jW{)-iGm%00zgu-ShEebH^(9VhL}#v?FQhfh?~jrVDt#J=~+ zE0Ml+9!p3H%}UZzZ~N`M<5RVrh4m|^bZOrT1V`k%=WY8Ger^)WS*GTFIsc}I&hv;K%@>?-vzTBsmH$vcLTU(8 zykV%_8{FNmK4;6;hU!!Q63`X@nAc))1nWM7!Lq&M^do^-Z&%;h7g%4kV6S7$UPB6;peXeV6rBOgN12&?bZeCjb0UJZ8D;%;{UC%D88&b~xSi)8pS@&@cuQHaf zx#YFzD|(Pm=}{EFajojkz(QvIaW|9;HV!8Rl(dEqt87II2jc9UiQkx*oR>!qxI+?f zVoRED-zyCM)=b&`?|TfK#kA>F6_G5x)CDWL5Vg{%g1zj@qL<|Wi5lW;AhYO@d}!~z zMyDO9ZuX+5yG}=F*n)3dU#SOJc=;~lqWRxSrcPHd&&(f{!WfS&_BdUB3!D1iW@fKAK zS25181lyiHEBhNI)+3BQD)blF$d=@(nGHcF92{nuDuc%+yq7;|zSBwB`^O;7zTO}A zDe-}yJZ=~4V@vv<=ezK~5G>r#uM>aHc4Nts#pv{5>=|z4AN7~Ci%#OER?UQA$Ju4S z5P$UQ|Chn3hp`R_8Y|}hZH@wn=P!lWEDtMY%BCu_=327`u%>S4@zv4oe=vs+E)lgX z@FEu4$gKRcNPqOt?}Zy;nR@MX!Jk74CpAuEa$FxS@|U8=ZZArfQI25QiGK`8|7*f< z<62~P@6IM#>O?^*LAQ^F&UAehFfl&Cp>?bYZM&Xu&x#dDOOK5Q)}!D4@at=9xPQd* z_Uet8Z{!b0vXB$*gM7X2&Ezee`qXKWc2hs3`snZ}?DrndIN1!|hYR-NJG)I=P6ZHh zJ)i!;5FoOB8qpMGkRM3f> z7FMMoX5HEQ$5NIzW+r3@&J6~I@ZI03N1Og!UTHj>s@?v{Zg%C`+jOqRBN}mWp@c=B zh>r~!;ZFumflGQgN)tN{{gHK|c=1sM9sADbKc6bzxpZQw?lAuOT`LtUXYQE)!9?9l zhH}WYoFWtK$57kj?4n~nbsnZmMSnCYJk)K|EvEV4#btqXZ?NiMPhDH@TX{ z`M$RI|C)^PLHjbS&v~=V*~4*`iau}rl@rzZLCYV-mP1*kgeGL(XRCr?zvC15hc{KJ zRhMFJo6Y$;AV}={gZ#hv*ylPShOTP2scMKYsrdSc~$TRf&!KZ`jNYGVaZ|nu^T=7t=Ea=Dshb8T9^&@k)%DU$Jc;zfT z{Pw>Msi`xm<4GL7!E!1>$Oh z5K%)VK?AAnzSKksb&*dkz#d%O>_BcgCSH8_!C_Nv5a`jp zczRQLYx@+XK@c>N)2Ae;PUWucYrVj#HXCTx#Xi)S{cyX=*1!?IJSMdCSl(FU=uj zbAhIq#irt|g=XcYt;}Z2rJ^$d#S4()h0=1(3#Ca3%NrubH*^g}MUj2n+0NNdJNpN| z-_LozpU?Asp4an!fBIiGKK#m%fkF?n-u5{0vNp{Naz+9jX#~-=13KSxJb;*;2l99FCCs!u>Z(g9bR>g#YTN6H3w-b8hRGl9A_o|4qIKfJ^GL6h<= zHMnhbHO72Ke}iznn^T!0Tu+F6rt|<}=0myJ&U^IB(yQ(DJ0bdJe6WFPC#J zRYwSN-uuoZEm~DWXL1u{XbP~y#n}=HxswEZkj!~ejW$ywM%h3$b61wj0ZC~cEZG&r zbTX^SI8?f$vTb5ozRftb*|+XO&HA{;wp9g?m=8HHaAv=Jt~q=XKlD#Hp04wThbHY9 z?ucq1m;!OAjoQvnnj#MuwX)NQBuZOto8RtUg7`*v6sQwK;w?Ay&bkI#~xvKHrTI|NdLPA>7jizXFDgLGOCXgoHx3asG>ur`;H2| z#HIIbn?7p^(wHJr5}1uIQavPFMHUz}X-* z>@ZtD%}yhioBCnzNeh{OQOy5u99*$p4Y^&9;jx3~^_Bq1oW<;2IX1qDhT9y``Pq*u z@p-|NTL30VexZQhlJAyj`Gb{n;cg)JzkDV8r#C)-_a*&i5z2FG1r7gF*CWB)RsNx% zsmzLf#E$ZPclIw^2r%z6l&uueTCuw3JWc!P;Mn3BcDEFjHAU|9o#EkY3>d{wAJyLq zhP84v=pRJFZ?z*nJR23XctOn7mNxJ$)J3FPy2!luLHpq(9*)ilrT$UzBLRNhgj0ApSx0 zc-)fb&46~pt&fPN)QOg|->~tf@{>${YzAr=W}$Bm8j{G)7=vR@$xbnGxp_xVnC9K0 z*Qn+>y?TM8pAcLuBMn%mtSb*1q@O!AlyKOHks)?HvD|R&z|Ri2Oh5d*Bwr-b$HZu9 z4Fn@$L+!hqj1s&@{LUevw!~o;xN2bazdz={KHZpDYUr(stuQ7%hc=_$&gpI8Doh?s zI;1TZN-JR874Fh-AGNxYM8uOd=C#+KlyO3x?MD}EYHa)SXQ67oTzj~^#+u8V{fXpa zf1}`1`@0-hrMhaH@|yPw30Q?JqsMzH$M;ejKD`I`EX3^&))h(v#GqA&Q_G5x!tsm^#h$(pF`s<$DhcJquMf<@1DJ$k7`ym4BG zS+Q`JK;aN*0u1g#z8e3f(}0~~Vk@j491uGS8^vbXsTDDjc`Zk|Q%^|4)H5>sB=^2) zP4NVq#LC1FgXeAjP#Y4mM|UemEkb{RF=9y3c2UwEIZ`KXS3(6Ft0;P!sx2jXj#T2R z5N=ZUFPV}tJO%vGVIx-}lHpFdDUZ<;I=LJ7znt!_sC)Vzm}*f}xcXP383hhJ@LUMUu<7!%) z$bQ3ZlbK!t70t`;XECo4M~ggMSheY{h)ozqDs)B%!KEy+T1EdV zvhY%=ik1O9KVZC!*`<4brKWs~*K4P=7wv);-YC(UFp(A8xA0VV5BILEUKq62l$<^{ z{<>k|M!pVqZ?AHiAImu9LR$9IPD=RCIpNc`;2gXB=fL6LGSiEmWUco05+skU+KdIK O80PPD+`HBb|LvbSe6wx< literal 0 HcmV?d00001 diff --git a/Install-Kubeadm-Calico/picture/17.png b/Install-Kubeadm-Calico/picture/17.png new file mode 100644 index 0000000000000000000000000000000000000000..35ad75a80fa933fb887c8ad82ff4a0c82f0226a4 GIT binary patch literal 91324 zcmc$`2UJsAyZ4LR?PlA+vK0gb6~zLAsFY9=6#*NfqJXqe1e6v5DItW|01*Kd0jUvC zK@lRoCnA#2qf$amfDi%%2&DJi=-!_DzTdg$-t*n>yW?gIM#h?~G1po%bIm!Q-}C>^ zgi9B#H?C7zCnqPj@$8w?SLEd6)#T)U8~^hUS;_XD+x28$t3t0>pOP!8fbE!gG0G#T zpt4@x3uO+L{4S#t2ESB{kYylX=IvWa##K$GDZ-AmJ~`m(0a@#tMOGc z7%pj)o8Ph(G_jGtUPH|Th~loYU^CH?j-lfC=;BQK+NDo+EKw5B_zHKG+{EVP7Jb94 zF4F6x**&HFp@Ud)gj6yo={%Eq$FW4DdS3{%`6IjHwqs#$D!t`q`(NCkH`#P@DN zjsh@$Ij;OoM!*G|{qUGw1q%@Gx8SubY>AF_5}MbXX#UCPK(f}fL9FMvnV~>*&a*gg zQK+2U75lcy`eD;5F0K^g*9;svJbb*8GNUA9-@asjG_UYvG6 zRMX-2H`r=Um!7Yt=evwU++e7fkCB7Xl?3r$R;(>~&@*5iyV1VQVJ_}V@gH4`t{+yN z$630WQ4!zcU6aO@E`VQ zJ5Yj2(okVdkq8Gg4oVF@1Fk%Q7b)%<2)hAq3sXRp9O^-&JNI`rEJZ|JUij9hrC6-wemwxaNnw%wDw?8HggW-$dz)t(!xVK8Rwv@)h~3} zPKgWbNzq|2E$k(q(Hrzay}IfR7-fqjObOdKd1q(BA1yQIE;cE76A=z9!Ee4kgQM2B zy)kbv;Q7!zL()PRDE4IYhp?6?Ma0{@){#Jv18&Wr8DJ8wGncQYFe1jZ@}3-9vt3u% z1II3YKObKPT4ke0?0U%Y3~NK(Xtd#!oL2_!?FwFX4ezk9%J4n>nlzhMgii#gIwc48 zUrthh?nivQd%Yj-+LfQ!42j_&iK4)4-%M`!BF1?EEu2t+V0R}(?DU&mi2&f)Scuup z(RPlq$gezN%tFnVntyCTnM&g$K(kzB3f*+zA-o!sbM`vV)_ zFY6js2?V(%|^(G~)0RczC zt`=Aj!}LxO?^@e2ZAzDZ2RZujr_PtZ)gz=+YhWG=Q6D{dH|iwj!h0T3WK^c2_Lu4x zPChdf=Zof&9BdA@tqB&@`}A85Cece$xnwHzpM4en%3K#R=C5h!=YRf77{NR!s(cE= z+R>*TH~ztCYu+`{6&C_*u-~R0X?>+Svlz6I3Mj#!jk!JKkeO{dljubYx1-XoM;N|Q zqg8*7dE8`_=S|WKR;2Q-E9XE|-m42(VE}8QV<5mdK9?4ClTdm%MyV#43^j8#b&U{f zP0)r%aHr}sHv4f5D32ry9p7edDz+;1D1*#u7YA0nb`yPg$K~Yiw!KhHmc~neytuW} zX=#N-+87;aW)$F7xg$Gcam_*T*iF{h%&VktMrG8DH0?eN-uE}S-$2BaWQG2De}^5oXi?)j_ZB?(8Z)j~TH zj6yJ1#mAp$i_xHnHJ_t1r5}I;$)(#D!X$f?v?5ad(gqnh$)%WAxduHX}cDx0V4#cGP4Q))%ZT?!2|)H%8Z1pRKN zRpndqXr=1l2>+x{g1K(j0|TiulL-ynvAY%)(m!oFkh0;d8^mS1h1LVMpT%`e%DPra zZw1WYO;g#NrEA1);OGnQmQkwLve=S$O;!CZf+v zK@)-&Wr;*fIAG}%wZO%gcmQ|D>>phnFwfa0k~MDiY!Y}FWm3+vTWWpUoLbX#nR`Xn zm$xV)bx0TFeM+O6u;(f~!e4ste0v%++#+$fi6h;As_1_soOOu|n0_1WlD^;1->n_r zS;>)zXzSnfM(l+u6?DUZ7vsk^=04^GKg%P*v097zPqh8dL0$V28-hHgM>Z`7EG{zj zd6EK}t!HKFN|WmPvsA1(6n#A2x+>d*^i=KGEq>Yoy7o{+a~{rSdM?VI{j~_?6f^iI z?Yj8s74E4rXO1ZK63NbmfhC5-s3Fl~qVny?#Pc+~HI` zT>Z)w_BL)%yQ9CEL9<%sheD+{V7(S~A3Hbp1AURWhf`9*6JDPsgl_z1M0Z#GcuR1r zPl{zYfjnG~#n7{u6}+dk*=r%tO1Rp~65rYVBUrQI1oWKRRKSNA%J7lyXH(j0Xm`4B z>I*nOg5Gd1^5Yw9rL3pM2HR*G#Zu)J(GG~xuBnd8ru`qrQ>R@Y!A!qB#;iG38?kGc zfG7JlWnFP2unNljH&c&#GdXrK`WsqYW zVVOHMxD^n8Bz~~62&oq4@+rmW8XiqN-drr1+|^%N4;{vkSl!(4LUH?NWm{sX-CG(>@(DT;wCbzLsK|F3Ve7yYRN9R_M z0}Lkd;Jc?NS{PZ1HujTqUdm^gcQu5=T-ss$hG3*Kk zIAyPM$+WjDZ5twW#36xAov*Lym8~&PRNCZ*DOgwq2I(m#{2AsSq#nTtwV*H7bE$;# z0nAt=ovB5_snT7A~8;F29YwEy73~r0g!l%@1Bikas(b z4P3D6KUhZAU_37Bt&2%5GBUiS8-dZkTchu~;gbyjYTo5E{;tQK#4?pva% zJ^R6#K9s^$uBtBGOng(e_VH!D(N*k)8dUbPvVjdnIr9d!J0Tfg$F)kGw|9Rm2Cm8O|RxkkxQ(d%V82 z8q+G0)44l4>S+WK+!a9(Dk+*-lM8EV9{Pd5`G%;*B9(?KRGy-;XYhng1Xs~Ml(zw5 ztpGiBo?Io~*9R6QwYmV;S|HxKjRh}`<@frAKoQ9sy(9-jWl966(@>^wD_)5+oUe4y z!R$PKvw<#b%HesVWq;RM>;af|L|ik6%E=8MKPSx2#!&}azI-EP!?wLE_3!ZDsJ7+^ zT~hW&><)!AS-$aRmcgN%3C>VWM|QT5LT z%lN*v=I&4KHNkEeqxMCKtFGAng&BFdO=C@x5+#9=9yO@&ctYXoR67HA6tgJV6#XeN zvl0;tZ7ToTbp{QX!on|ZZZv(4xgo58V*zqH(d-84L$+AtHP`u`JX64^}B)xCkr&`?ykg6-)7NGrzFnU|RNAJTN%_xK=e- z^ie}L6kMJ7C+0n&#BQ|`-enNKnD3Bpm?S@he^pyDk3wk<#aGC2_wE$Sz0Q85s8z6aMWZ22IYof=v4Be0|Y`A=jl_s4Qf=rTaQ zfSBJLYA)UypeP8;pp6M1tUKW;EixqGNJM=g@iLxnyJ$r84aqQ32BlBxJ!o?M5g|o9 zR80OE&dXUmT+I|MGohG!mnB9W_D@>d!crh%v+eTMavD>suP!tgWM_sQ>E1TK1Cwdg zD;)T@XZgDdIl2Fg3x4N`T4ypb_5wq=u(VcCgnk4*v^0ZCt4%=_V52% za@XTmoBb;N&)4}EEFoIVK!L<88bJfwY|X@_fDmFzEh3Y9L$Xqf!iZSZ_|B^NWhw?P z?yKV(21F$`HJTl=kTAF?japw_;h|5@W)nd%MlvQrGQg<4yh8dkvo=h6J^D08wk|yS z&%NEPow^1z){QSm2<9?S7)k379Pt2GHIsrF<&vHZY>&SE;gh`eOFRvJ=90KcPaS~FTI@MEO$XkU!F z!l!ds`1*dch=VCVX@rvJ*f6#55l}pc=B_<@8cmkJ2RxOxlMZE?M6)fvRL*2KFBKgr z$XM>SAnJMh!AuI0*I($-I|Viq=Df{Te7`YtmYG5DO|iApYD0bC-gSC1VJ9a?ii1d7 zRw8dwwte+Fxq-}VO>+F8h;ZI-@W@GDOdx;}3T^z9GU|4$Dl#mkC~jBhGo!WkUYk^( zk{cM&6-`rhVF=QkWx2IpV52LSv;h#LgB91`Afysl_GIuI3*u`6fYD-rCAU|g@}yV$ z%?=9Eaulsrrff32a*jf}YvucIQAQ&%#REo-0r=CZ*K1r*bbTt;oul)pIBdaBJ;BSD za@U<%F$heat<+eqWjCWKwP5Ld)?!9o!!WfrTO*LE!z7l8 z(L8=o;{Y07&pQ!1D{vK|`02t+{DdR>PwqB?H$t-%wC76wNt7y{bcNYtd3iPhy ztD28d42ILyrk{hWduOIbETUG+-L1_R$oM9YEETfBq6}%z+z2)L_LDWChX<|l!`6Ga z-CW$$tnr++Gx|-OmA{!6IkPo<@wHFF6@sG=crL4^f8mRjh_y#jFc`LJ8gmOA<-K;5pyC>+ph2#cdC_>+L3{ zJE4b;53(pDjInUNC$5U8Hh|X?FutH87a%(upIc8ko!gML5=FB~1{LWS1(zcL=DzKb z<{GEPSEmiRgs=DD?MliSMoZP3RjaG_O*PQejhY=-z=9{nwNM8vXroO3^U)k!s2Vrj5mb1rn`GZQsyW zwoPP~NjuhVkVhC{2PQK6OvrpUwy&#Ouq*v~UoR!b=MuA|irR?0s!T@95C#YBvFzZAN1Z$$=$^48~HyD5&Fy1FaL3YHBE{6nCCzG9bu ze3Qq**n?_D?Csr#N~3I6X!A42kJQo2l+xr;H@D;}E@y2&d;d^ig|su+>&Q5=M=9fz z7Fke~3sW z`(Fv@Zziw)B;SW`Z`4Is4F#|>TARHCK6)=TrkS6J%`=P8PdN>~IU~0lsWSxFmqCsE z7_L@C30Cq*aqBH9b#5%`$i{jbZoZ?D*Z5SEtWsab6u%T6Te#5$yN1Y&&QJ_Op2z6Q zz{G-&3`~f8D+}4^+x`9`=0SUtnN*QwF3KS}Q`z7741*Z?9-iW*BZa-qbLeckS(v<@ zx1u!<(42j}xHTb6d@AB(oH$AV;N~k7h~Gygc==FZJ;-K$LARy&CaMJM{R$7h8jWE@ zPmch58&+l>n=G=m+aiJvX8%ve0Px%0pyOJ}iqTkkT+_#q*g?PfE8j?2_dlEk z7;NyjC^dSvKHSb@b7IWkwCkQFLUw4Xt81-3>HZ;<3{dp55HVW|XW#hMc1Rj`wb``n zMO@SatqnClEV*_Z%2oQ73T%6;wsih*GFHTodn&yu60?N^HQXJr)TzLtw^V%-2KF@U zt|iN|OTOQ%HaW4pM#QIrgFv_kNygTU+)Wu&ixj?u4WI1^ZH4Z|?~q}NB#Tm2PMwZk zzX;N^o?7kwP`x9yP>bZZet*U}MijY1`RI-Xq2UXI535PC87x42UF-%I(a3ZXEwGuk z@q=2@=dsR2Ysc7J9Az`IO^U#w&dUvm3-NknA0^I_l z4$1LM=m56;fMI7qz%deXQKW%gq|Ju;z-kV5okC)Y`$gwcYvWzw8ZJBsTY`tM2lW|G z&19<#{0&+32bPc|$hLTF$#i1#I=4cPZ6jd|`FC|?5jUhKT_5LkMyPPKAA9VHs@dN1 zGd3UiziDJ=ExHNnEAaEtrf>%5_`cv2i=-jpB|@URtevxOVr{T@5Xp{$xdcR7O%oav z=SvIzjr%4IJi_VO#6&*EVAL_^R=^$dO1I|9!!Q{~kWY=YMpx@hO(t*KI=8FfT8e|| zK2`5{%i$J#_0%D*iBn$VOY5ViQ7`yiTGMxBtU}4(-)%PZh3}%6Pf$9SOFzTVJ)Ox# zYhmrq7Zt!=UQ;8G<-=TKX9Pw3F+*ESs$8M4Z>YY2{*5R)2LC}6tkq%Y-2k8Gp8C&F z`#Xi}IIgJCU|zI&Nz`nggEoe>C1ki@zfgjGUs)(l`F%$S>FEsnQb5)4P+e^~z3nXt zS#45WmVL9$`|~K(;B7zrS;%4Ax361cFwaF!3|U$y()S`}k|&kWTOr004G`Z*t>=&T zMbJMtb^r(U(A7$wilr-0{1uMx&?=u8g|QV59*S2Q;P>8S%#*{lXtS0p?1GWNGO1uX zICMI%<}u@Ky&ev8P8U*>vO1K#L6b$zcnpe|2BrDr7>N%hYjdVuHQGq{QQrdY_d3dpAf?xyDDG5!%)}N&r;zWy;2w%K~_ec^j(LFoIR7 zS`Vj%3)nQ=QAD|Q7;pgG&lgbYGzQ%S)9^gFvoN|Q&s;oRO#UsV>0K0X>z&KbA3nPDftN{0PKT=;BN zJ=4>1OToe?46PXmT|HlyR+TcT#e^5ny%`NEkQ#~)6$UjXNCJ)&9?a8%^fPbmT)DJu z>HN4gzG|UlM)uObU$SLs12j%YaWZbUWf%Acy6%SD8ChMnMbTrdK{e36KW&uFyYR8u z7ZsW}7-A~J7k&`+gED*p*e9@C(yJW{j~?Xg&;)(SiR@0D9M+C^U3_5ek2p+nrGw2P z)sj+1Mz*|%TOu<{F{fWfWLmGZ5#BE9HKw3IIFd0dig+k)oMA9e9;vs;#ZNONInkS# z)_E2U^*yN|ge6flyv&S+htFDeZo_{M-8;R`w^a6wYtAkyJn!i?d%+^KQ#_=LL-Q8A zkJ||^v*~LPy@YYri_-jgS?GNx<;N&{XyJ`37YE=H60~EsUK)lkzs96X)P!#VBBCpi&61jfX~S+>>QFYQLsghdg$v*5seB(Hr&6 zc~JM+0VT9`B%#RZWgkRd$%$%VC0(kh9d*!SBUUwUEORX8=W@)`89rXRvylCz;yl1> zYogtTQs5Tg-VLMmk0vj~2W=!R!Wk)p(W-%n>zApi1lKc&RZ~{`j1Il1VKU;i=pAVP zfQQs2A5vPfLEdZXClB0id>uDS4RHYyn5P zeE`|6&5?yMM>Kw^4eneq-G%6s$8|y!>R?HjV5VQZi2I#nx9}U}iFC7+UB{JIp&NDh zEMJV0sQ1s0ddV~uxRrt*A#iv6F9NYT5(D7nC_4YmF;e4g#fP_NH_qy*hlkwV7|21G ztiVN-ouIExg?SjoYSI%7NJbV9xYdzll#%~Sr{MnRwtJq&V<6pVu2YKbe;nLiyR>4d zDD|1w>)yut1hM}_{VcEYGRc*szFHzW+Z6I6sAvA72fz5jhE^H&_}7ne+^@U*r}W5% zU-;#p0(a$Kjqy*xrz8J;j6r;ikZ`&PGHnB!rbs3h^2s zQ0%73E<>TAq#x;BX5_m^OZj9v2Yz$;i(;gO9voTO9hGe_Pya_h z@%=|_ZCud=Pl&3W!W@?a*jsE;!ND(-JR8A9V7dd7&Qc(Ms$=(-H64#@&1#Jv@X;Z} z=IePQ%mo>g#p*u!Bhz}}eWO(QJ)IJJEq>Z#3c>*D4e*;j>T`oeYEySV_LsF{r$t)> zG=RlVI}M5cupq3vk}|?j-^}=9Orti>bmi(3(7y;MK3@Cp3MkMJbAR+OEoM`^St;dr zQqgPfj@p#v5Li&7b-x@KdrTI*k12X=Y<7&wtL7vUp4tjN(!OuAu16{JQAWDpF?rb> zyAn-SOzupy)WODMN>f#QQ7_dMTUZ(O2)LL{9X(cSHJdUbvfrJew?Hqm^Ct6>tKu#OXLPQ42RCB^Nwq4+DIWhK9)CIS(7GTr?<(oizxb7XIhij@!45+s zLe#gA32#{?!A-oO9VM_G|0<;5{I3ZqTDW=Dx-aPLl8d(HC;MT<{l<9by{6_s;%DM0 z?LGN7e`1(WD_6g{N(f6jn&*~uJu2qbwDA@u*xE&FR;K)!kYUGC;pRrbyW_s2C(j`& zGqHnikqz8qCmcb2Ns%Y^(jgTRjr_CVdNtm*tP-rf>L+)Jyn|{ zr#gUsFYRIXQQJ^w5Bn+(HXqx`xF~U7Raq=-NViaekwgo%*_dC{VhGM{F(5v%*!Y85 zkm(_Lv?P)NSI02v25du2^^ob(?&M15r5DUk17;N{a6M+8(iC2fDb5IlR2v_i(GHBz zM1~gTb>TuHZ{%urBRz>=X23Cw4~6_24n7jTEOK%+;$|@GDx>$w81pGs#tCP{At%xP zW=hmy6qk}(Gv3eFrIw%X7yA_*Mw#m#@guQZ81(SuCp2e3`>yWnjy-wn_hJw?q(xZ% zP2fj(d8&5QcDK1kEkbNq@-<(o<9mKn33bTJQHDqqX05vMd1`(-+aA@tV3Hm| zP7nLn$X+e_>K|>ZozGKRbIef7+bb-fF4uR>6-^(5q{%$NDf75$32{>{Zl+zhRaH3< z?Pdz!p5AOf7KguiVB;9n^j%LSF?-HI=_8??4kqAsxW)-TC?;gZ7)Y~o;&t2TV?&P1 zWUq_kv}Y0HiBF9tzV%1jm6*0DrW4&)-VAB#{1Q^Q{}56Tm-Hr1Ktu*ikJ!5OD_z}9 z(OvIw$iA0-buS}q@jH%YF(ZPz5rc4F#KxWd3a@aKBv{}VtH8j7x}^r3jh?+I1L!r< z`Z4>O|L4lb;K#Hmd{)CjF7wQL!>#P1Ni$zIphHnXcqlX!7abfh9yA|qPV0U9!mHVS z$o3f*dsUcMPX4@WDIcKg+1ogecC97&nu9T>@7;tf1b|AcE68w9(FT&r9ykLXhp=Rr%>_!U)SiQ9CTan=hn{hP0-GaO_N_Npw`#`==*F{$k-6?0PIK;!chTNr1e_Z9rZHr>qbRyEC9b4Pew9=YF zzx0mRo56@fxZlt5O*V0E(oyK3McLvpFI)5eQfsKvytRuaAq=e%iipb%aDBwkBAIm; zm1zs-&dJm&-|6QsM(Z?GoWZM_46|;r0V}SMof^{U@0W4W&t<(iit;jH*5P@R(c2Lt z&4rU=CCB318hmjMy*x%dAY6Sb%rA#aSq+N0*68~6JPUVTU^nx~>mq<-wM2bSf}!VV z6)}3<4jth5^5!Z+525ao?F-}i4#X9g^p}F) zlCoT~E;u(3odpc)XPH^GZ+@<}b#ay9V|a-qBHrxycFfM0YZi}Fpka`c{}<8;B;tp1 z!su`11n@sAC+1u1f&U*0CsH<_x=?-RTfKchYTsyP@dLY{i-ZbuOPE_)ZPFosHu9Vm~#ae)9R~+!y140W8Ms-t+P^d?L^qSsEnDX$Yd0a zpX6~#A3j0W4Bu2EoN7=St;n49H%#eQ71iNN0cSzB2j=JYy((O}P5~xiDnR}_J{EkV^Y1n!UY{&kK*H(NU?UEP@rTgzOF1`Mma+ts2b5D}dg%`4i%Yx~n< zI^oI{5#Q5|=G{6~mmQ~0KBQ#p19cj69liDqA2E%tP&iwFTyU3aSCJtn+v5#nD57{p zEyPaNs9UQIP^^T{|4B6=ANyaZCicwfOb(Cy(xZIwaVA5JwmJL1kTmwVLj6Zm#2qBx@WyK>xBx|gCHY4^TX3;R$b1*p zf&JSOT^q~( zLnE>2-!u}=@&O7Zm_hHA>EfNIE&^UX`JaOW#-Fh5n>Xn3VGDBKl9c1b86Gf&JaXdVRh^Z|QopOJP_T#Zfp2!mkvK zG}Nfolfe6sdXj)43#O6>!a*q03-gqD6EBY_>|M~B9NSdtkd)zMg3@tA%42y-tgXDjnWrSEk@P|A9!9@uCpw5u^j9sRr(VdPWA_qBl zt`WC~>|EKjSTZ-BuDP)CA;M1Y-Hciu<_29ye(?zn_6PbxgXHQ$wIA&?IKME~t{UC=qq_vu^+N%NMvQTl*O-qc5jh&cR*DE*lgwn1Nzfz()*54%}Y)`!Z_ zbaUGp>?wRWtNmWLJDT(r23r#I!#>=^Y_ARr1Qg&eI+2nJJ#7m}>o`D43>hdV7cC3Z z>NX|%UXJc#TdWK`o{ePM`!5sz*p2aB(0?`)0#^QBS!y-rr~9P!6;T}cT0c`l;Xm;w zy%~PTKc8%BIA&wh`;^dwQV;FD^j$pf>t^_VeF zG4I3TF)QE`z|>2l&y@~>FPv4m)tGd888_GX3T5YiV26&tzhc~Obore?2W5f47A_Gh z8BOT}qJ6W%$9hS9oQw;I6(faE{@xAZ%&1^ob!fZ^vV$T97(U?_E;qVe#cZMUAUA?+ zhp0)%GnBfnl${A-%@nX)fQY7;=Z8nIV^kfPfWnyGA^%+6nKe&2G31XZ9oh`M+9s~% zR1CW^gv>nWkONUbtZgW2Pj%Q~K)1yEg_T+dUvIJ}L%*#^CJWc(rE93AY_zN_KhqXw zajUae-pfW|WAI7)kEP9xv;bHwS1s$9JPI)UF?-A3@yyPOzU)1M^ZBMl&_%|B*f=no z$Gm_Uxw(MP>gu;iQCokwdF+fo!RF*d0KB69e@m0SXc*cUIKZ* zK~l$tiupQ#Zb*NrE~Lq4Vld&R>Tvq@V1;+v0kCcYi2vz*W2o+#oUpptcGEuzgNFmJ zlpLE|&F|f3Zg@%TJ^31QP00h*D%AEgX5tpnWYf~;7IZ9#oi7|1 z<2`*U^bAbegU|qU`|?AzZ5O@T>Y8rW-c_NpgUwg8HD}vgBJR6=ZrW!0rMc(*`nPII z^Ya&-8q?R06w~5@FXpLzOsp*@%G@{A)EcuvPEKPDX7X>7fs8=h{tCSGlR&Hr z;K{jbY>1Z;2-=?~feObbpS^C4SS;)~20an|K|_nQ+o36SoS3i~)qp zR03wd{R+Ef4B~6dPX?jskvFG_F2L;h}KNWK9W&_yDNuO3q#25X~5^ zOU?81cJu80EB60h(}oH0%tWZdk!Fi;1`_u4?o7Qg8vnC@yU4wPm19S`fM>VVvjM{afFD+ zl)(pK2Gn*&10fW2*&otMKTw9zrSzhRsxT2+tdRu)?6*8+4kvf#!kg$;h)g(CTb6Dc|cJfp9SGGXq=9~%m`of$JfIjW{if8 zniu@RJDPVHx907Pc1utn9v;Pi<#a3_h=87Lm@-NkwVLJAZJQRKEx?b2hge^2e=PlCUr?I0YCa`op1;%^dXQyM;OkJ5X zgFIVc@k}&0L^p?>N-tAU#~azhn%Q2R!c#jUWW-)CK@Iap>o?B#D{TbFQ^|=Ouub?!0vT<)U7w*zXfs zUPsz^y2r>VX5Y8n^yvrob#dFR@l0QX-fNgFRjPtjQ%8u)i2>#|*onjjy<0Wlsd*nH zDJZ6@r?MN?$PrFa8yD>nh6+kev`ZHF&uL+BU%}3jOE#em^+qkJ~NN+vIwP36uukjUKZ|!?4Tdcp?=`TPRqx` z)9UNJfE}{DUDRN%%|Tq0&GK1o;LHg3NqwHBrg~^M)M31q#u0p=(ju$}{E-qp>ezaEF*;O=3y3s}26M~`v@D8*stl8JbG((tqvIq4&&sLbsw`FHP7o}L1e7LrN+9` zXuw4}3WvHPA~2Y14y~jwQKfCcX@;6&Su(lGY-x|o9tN!r^XDFi_SJQ3{X`TY zH~s}tKvDC0sd{LOeioyXMf;qP(iXIR4%&(^G}Pws zFhW(w(bo3^^@O2O*U!GBB?;1!v>=R*3&>zhp?|BIU-0o6ypamON*;j_$5b!EvBcMr zqwnURPm-JTzp1-#hJRzMGQgLTJwF^qNcb6}_?1t)d!I$`|3cxP@IoWt8d1!#+v**m z*tqKOaCdL_lrF}p9_e7yZ8vAD*=J?|KSpWI?T~kSWq>+ycWMh7@{h?QWZ0L6pXbh# z!5Rpu8-(Txai>gFm645TFGtyFV?;)D0j8L_v0Xn!xn#hgpZ79=^kkFQVb?ol+t~gc z;acn(+*nSTH|#N|=@3Nq+8{7DCopPfPtdbC^Y1QMJt_yv)7swlh zVC@`rZJU8X?#%k8hB7p!`r9M!_U+=Co@azlw`{Jvz|N6b4KAFFu9%?0A?}%{Udvxm z_unA>W4!y)30&Orhiwtd2j+wO>3DYZNXp;Z2~sbwZ<_B)ZoMD25G*}hpkC9IE^R6tO!O~~TI@q; zgV}qA1M~e-ifP@1*HH5pLs?EBGt(D@>W23}R20x3Dhj`tHyyCF0CaMb^O9@-vuThF zW}cA+iO-Zqc$Jsy{PY@3`Ozvdg|j=iKZ^g;!1G=W^%9}E0dpkCU#lB?HNe;&%aR7U za5G9`%AOB%znBMZqu7LkIofG1!~hNXnfV=7%jEXLDf~dRiPf>*?3iu1Z7@bz$`su< zAB;En(iAKM83f*lYH#% zV%$6`?7FO@#^1A3SVtyateS$fEIc!Ly5Nl3YVAXVP!4z*P@Ck@O)YxoFnClEFKlQg zIVN1Q7BYTOwgh#Y(c={N76}qfz!)`d>&SUz6LSHkHCxdCEm5NuE0WR?Lq}eSUIje_#Mst`Y7C>k6&iW_CsI zM^B0|s>ej$;(8o@8>aK!@p~u#$Umue-N^q+yvR>x;7}V9#9L3{o;{%A&C%cWYid9} zsHLl*b-gR;nse7(96D8HP(!)g$GBdHcfHlk-vwGz5dsKr*0#)3ZPx_oYh~AmyEdBZ zPTz|jufvxjR)m?Mc?)|xuh5PyiU&xVez1l^ko5;qgEDS053iB@CS=lvR+%?%K{wUp z-M>hSp?RRLIqw%d->N+y9hm(`S&whm=0`t~MQ?TB$M<3>4>gtP+fCi?(&(#;oUKh182?5uz&>!kF zKbQfyB z$}PFYurfyuZdSZDiSCE9E_9*iyCPG-*SPxy11y2Z*T+Vd_>qQF#Mvr&mwoCgGRw!v zhhpuYmJb--jVep|g)6ru4iL?*Y{J!qo?{h_frIK7f6|MXM}U==`&%m=6pBXVV+SQp z=tg41)S0x1<3O1$w3xFE?o%V#;z9IQZ&Lzi*I*WaXo(tv{FMeRQ4a4S6sP!86~ch2 zUBXbt$!-m(!rY9Ztwgl#r_W<62dddaX^VfM{amfN{(yM~UIT@^aZE5SB5r`|JRBqQ z+E;~*-G7Z!cptuXaWjXMJOF&C=pVchPc{6~+`jS*)i`(1*<#?H3iX*f;_^HGwW0G% ztF1`K&wWqbioqH9MGXVEQuRtNnY+J?c^D+qQ6xVc9aGCrPOCUe%fe56-6T^|^f`4M z{xnKl#2z(xq4j`vi2PVTB-G1DErTr$8f%rsL3+3muc(D=>^aW7Ys5)Lsg$)%wX-g`DZWG#TFbQa|rt|KtKwxaPc(d5BIGD@3!@wM%uJb65Wmr+UF|#Je{1 zV~H;}G*5xa1O5gth6d$pr%eAH6B*!4Oer=|p$x6d$g zJ9eAtQd&q$CB^-K+i`|MP#6y=%l4;n zt7MxeaI!hvcpgutrTEvI*sw*0Ff6*MVl7ub>7kRp0%gz~J?k-kK^$9uU!7<3C(niV z>NixftDeT{l@*zk;>Sq(KN5`fzl0gT_{9HKVDYQc|Ik{^SVJ24m$%W5nal(-zgE*q7W+FiMAb#3=BeCXC6B2uqyd9ShUg@tk@e6 ztjd2SGJT`aJ2e~?bIKgCoh91_!@cDnRY;_^8|48xq+KAp3|~M4EeMa|jbB~xm+%_l z8Y*ThtBFrBf8z@cwf?%fL{xQn^dsWiffm!{zswPZipf7~Tahh3B@$XGPjBOidjl02O)@>DgKbFoM5ISeh zI;=~_^iQWzil248d{&B3g5B-8qz08_jPj=vBg%u+RpGMWR#ih=2#h0#-`D1eal4xFoe;gwb2Uz!6~#o-rTt#18%P?=2{vEh4^MjK_>;ieT-KFTCo5 zVm~!KVEAYBZ>|2}?b?)$kw*@L61a&@aOS{brm{t5U}|#;dSdXX$a8~%q->CE9DZQG z%J13QfEBkFP^s%T+WMT#>oU(ynmAn&^9~Ok`LPGb2K${kev$olZ=}xGY4=yumt6I} z3RWh?HoHFzB&*6c<>+bL%0Y^1^~y%Y%~m^XQCJ;w%<)um>FY(kA3ywUndfRy+Bxe4iP$Cm$~4OaU}Xo zI{CNvd8nb)0au0ZB}N2Wq!LD}TCK5dCC#Z{1~C-3A4zOL`2+5hb9?YHjr>tV{89Si z2t9E;Lc@jJW8A-7X0g#+qD!qO@?1ml|IR8DEq_=)H2+KM$9#RXPQ3LX;Iru9jMxBg z$n=+GPj8PE1EK#FOXL&({b!!rLz6}zaQ4e{N%jKGKj18`jsU zCJWyv+nXZp|6uPu!WBv`}@ys(J_jRAw zd3|?NFcv=BG{-csO%zmVy{Nm#0o*`=mg~E!-8(Iw)o}QKgm;L4@diK3C*zzO7+(h| z90;8J<-*_ES8MJJI!|SyD@ndLleNp-6Esw=@HJYCpb=KW_VGE5S<=alEw|%K!*mcCgurq(EcSP?=-}AlR z@&6n+F*LB^d33417Cm2z6q3WW&I+nVy~BZ+;EpOeW5GQg`_}xLW`=z{TG=^5OBDK-1bjrd^0W+l~+R9}tb6S=P!>4lmlBH(!x> zxgu!}Xce*U`5vloOWnt57bu9CLNGppD_(k_q8bdP>CCa)uG4Em!JKzcMd@>qh~Pg2 z6Fax0t?xIcR7kN&J}{a1N1}-d!J&~Wp}GY@$v&3LqfHfuk|lht@$(+;NB9@gaSvLA zUa9M&uF{Y(+|Gxqx?jimMGaIb#oJ@~=?Rz4fY}>_fUn88g3+GIc5iRZPPqS)Iy209 zvbuw6yM!%@E#SB@Hklks>-DiywPGPD8}QFhqA!~OafF6wGN=F~ib^iPjX(s#%#?y;ehYl#FC(UCi<_?gqB9Zp~+jz zCC%3|%Jm#hV4>IXb@#G4yvL!9&>_P&a|4uHZGF;(h|$z?;91wKx9;3(U!nS`qGPT| zsy@+TurLY#jAxSx4%|gI7A(lR9-8@eq$~@f?{AvRFxI@Gg$&FI;5NGeklraI#5Ox6!K)Fh_ZjyO032BbJekz zm-#PJvt6oc(M4^;q~m_$DC-96C_H{( z(R@Q8Ui%2Hq%e4kAu2Trme_EQ0&)fV*-bA1lbBlP1u%)w6d+ZQ^`Yfm|I$61?WwVf^*3Omg)83+{M#SE#Ook!l{5{v79f4d1kwja zzOpkBi$)pD!?a`kjE=AEOB+PicMHCDdQeu0yz%O#wO>DZrEPzMM7 zIu5?iyy{Xeljdi8Y;L4d6dOOi9LDl@#Mqt^2QE)jUB^?5croNX{ZeuCQ#U|4!n=w` zT8_!RVCr6Gg_h1V>qcD8O>H|k^t6<8nZ!D|rv}y8O`-*+b2|6-_s#bk&6CJOU_Qw~ zApb?N!8}G144&CObd~Xw3E)5kcvkfuG@_;oZV1ZDT^qB}3asr=r@6 zd%aqI0uFtMS3pyv<*O&>XH=k&D*pTHX!TS+{!DTO7W0Mv^d0&jnrnCj#Wf$eNx((h zZQhBVhru_y(~#gOy3L}UFD#d$alvE?R6UV=9~oLtef3tn}YjeASD3`ari1OR8)RZzl+-YP8GRr}z8% zk3?K(Gl=%SBji9iM;Kc4JVu-%G{fB>IBaA5s@97){q{rj zJmG=9e-9rKcTi5;tjSc;19t2=h1ij|1X$BXoi;r+1$hnNHO-2l$FgKA;&GaM6w7_^ z%YDI#ME(GGY@I4Pif0j*Szaivy*7B20FJ77RE~bEu>B2cS!%i7^Oy`WPV2S#vznxF zMU`N*jO-}7);-TmiYur;`z%5~qW{0;lgKco z-yR(L?vptE@ApY0_VajQ3<|H1Owx2NBq+SLMTnIw9J+z86&2nyCnY*Rb;9;VUEI?~ zYr1ojUJX|^v%P?0Mx|oXU=0?LK5c#3iD2%Pz-&Ejf^WaH!h0D9go`TQiHNdd`HSy% zhN|<0BZF>wH2H+XE0UgT*^ZSFT?-$NUa_byOM>~Nyf1XY>f5|W-=_n8j9zBJbxK}b z^Jae4_0hFY#hu-)k)^)vs**DYI%kWJ3y5G<6YCa$K8Ydnd{auyaI5cR6*uw)7d{B) zetbR^Z5KGqJhuLTR~qI~D=I>p4&$dPTwYkZvKh13N;xv~p>Vm6uz8@LN{W6XmKT+b zKdwDGzuN5lt6OSV`EysteKXITo|j-?%vkRHYNeS+AI(CaM%4y+xQ=$8DpQOFJtJCn z+p_h659w`K`0S%7)}oJxNFzp;lmY|rlfnfw*^4!wNuLQ40t*)FhQih0_DJsFLk9R-P@!m`-EM>gv*jBM5yv=8mCch#@H$K(;=KQchFFU8 zm!5K16dMW{hz7WmtS@rk1cy7SbA`Ev*u$x(mOjfr;AE#z>OCr{vvpB>C-IjK2whc# z;Xp~svFsl)8}$={UQJ4ai>XJpuE;hp=g*c+oh9}FaQ+98-%S;wWo(N%fP;V$@~{TC z&d*KsJdMpbubi~5*2EC6Ho=dr>_b3_YQph_D|)`r?|KRH8S)08mtcKR{Vrbop_fP) zJ5~eeB@AKiD?izM9RoOq{dCnx8gLyCtIZi5OCNIY#7;{1$ON8i1pf-D`RmUJ*~LCW zvza0V+GaA`!wL?EJ|qZ@&p&&{eRc=vBfBz34Ohp#dsdv@!5g34rz1&$e`P7YpYne{ zbu{pb;d|%+^{_QZ%5Cn95OAy_Ibg zs=BpENN=vIu<5aw9G$xH4-*9#4(4zI-#xI|V>;+-BUD%t(P;?l@8>izpT`q zn!WfAknrXIkcLRFHyxi`e=#gv>ijhRX&MfvaN!Wpi!>zlU1wUoCCPwt``a?GVCxur zi~?xqj^+2?su)dZ)aHiwX)nabh8&&}rb5BPgE*<(PV)DYeFi2Ll~6APHz@{AzeGXJ zkf~{rSUb{Nyvuy#;L6_Bg5-*`_|2H4+7h>m^cKt2o@zMV0rT}BV(yvT9N8OAN=-=i zLr%$X08s;QlS-;TZCyJDL=DrCG|B_T0vJD$w+`1XF)ZDs^->&1fVNdhC8%&5cM_~g z(w-PFQ#d+Mn_mX7i3{wE#Q>x`M9x^@6N#rK;H}{Xw57&YikVNlhom3LS3EqI++Te= zCC?wnQ3~?(M;PvMF2ieWlMkl|L^mRbXB~HLJPA-~#82*=U>LIA9Q~kg2}12nwoc~p zy>@|@7C;N385+y9;Kmm$iq3o;5Hdp{b}r>?1AW`}Ku30ab5mv!J@>h4bW?BmcU5rHa@Yagg8^ddcUAQJo{ccG~^e zyiMKA0*&qMTtVrSdSRn8MZ9t{M}{6{L%3}dgJ$Igb~jTREJx(46a1W41~puT`j8C* z1uzfJf2fNXb18OQ=z94Bao8&jAPz(V5vB59L>z3~|9yx9uGx}$MO?@vmC}cw4meVW z$J`(fv!tf=)gx33M%UCC$_Da%u8^SA2@>XMie$U$jb9=Dh6s?DEMGbm$g38AmqNWpD$u{XOGqqfIGps zK+O>-eG({jboedzm|&u_JQ3Cg zt4WW3Z_k_Tolld*$g4nXU#fg)P-;W(gX3ZAcZ#AoD1d!rz57l{A9!0^`Lc>=yj{H* zX;R(~&q!o@410fj=7nXNivE)A&u?IYyP#`c)~?&q%8L>uPhQcNM}h^8;6C}J5-}s` zHlh||c^j>hHC~+?KmXUE1|L&g?(E&sJUQ)BdZJ~av>K&6YJUNS%F*bH$GzS8`{367a zv`+_NvOqXL4ZOm>N1MJ{BDy9=!2> zPFSu;0eSUl;INy^J5<=DeT4Pj;BvC zL?^xhIVP+1fWy*dlz6gDbTaZYU@7qbaJxw}UwX(!?HjqUANdElps8rkOStptCmLYX z=mhqLYx4FBHe0117}_M7XZv4wugg? z3A*6^EixD!`W_hszUq)Wfw_M3+^JQvCd7VN&c3h7Qzgjf`V{Kw3+x=bx=V%ECr&$r z;r1tiF>2l}YBMwP0yq|sKiqM4VlFQjSmWm3Rl8;K%>3q_j!Wp)w#)>LTTNJQJ0DK4 za)Vok<=!`5c;4kREpwKJqW&s29y?kz61EdPD3FVHDwpCPI3MT>{LjC>8N)YfSwSQJ zMCZCe>Iqn|5+Tim(sX`zJX~+D@v`o5Y=-n8Co1pgkCAUMnCI3ARUrv-OMt2}tQ;u- zljH8|XDke!X?qT{SGiuF?RRRRG}qQ-HO&9$>;B77%a{BUNyaEHtQ?n`%7mJ!?jilC zA)7BRf*KZ|EnO1ZJk%!imhCf&tmt{SeA77Ug0Xi8^h+y0BXf<;2nYvkKS*(3l!lKw;qpn8drElDusk$B1Ei0PVjr$QC2o?=T5;k-Q)6`nR zarL?s3)SBB8 ztnHOiq8z$^r?qm)H5Fs;dw_aveRDs*O4i^W#bNT8-FWam^t*M(c9iI;b<#8R^%yxE zeXg2xb4Rp|`Pkx0+>(F;QJ*BHBJ2VrX98ET6V*4z4#)h|946EF*{&YTM={5@l*Glg z789(_td3j~`us#{u&r!6Kj5BZU$I13mgrBt!LQHzmm=rAnd`!*{pT&`R0Y<@bl#naI?+e}sck+cjc22as zsvkOo9DEl+y2KK^P@Gzl7eLO!oKS2e=~4no{X6f0S3m0%cPi8Du(Ve4`!pYO+a6{s zT{cOgBsZ^J&E$Yo_YR2e=*$h$!`rP3X*N28s2phX2v?a3WuU@ubf-8MVe^9SSnf=Z z;zY*Tk@)K9G{-@ccDhQS(P;Xti5DnrZ9%f@uUJA-CHz*Y*$opn9A3Jfl2+FNF>hT2 zu-d#j$m^p~t}`#TOBG(jD`vy?5sbaw6H@vi_DBJ}GVa|4%rcl?9b)B`$G?F};HCUE zE$|#HM#q`?KK;QXG&~a$YwH9LAe4;hdqMe4GD!+%BTof{Y1PST?`3WY=6VXvt?Jp8W5}B9hZ@9@D`zn z6G#sYM;x6^1D&RSE!OX)#wXZUu(S>ZL4ei)*7t>Lql6+~TES-1(E@dk_-sbDRf~)+ zsnwAPlRd}KvZ&|k@9t zlI}>X=XqYP)rBCe2eAuU;H}CW4DHw) zUl0|IURIk@S){;onb}O{F%T%6cj?c6h@i)8ON_mMkMgR?rd)<`ghrK5v}Ay(oFT%d z@D+RDfuBLVpxh66wk&=E2HTGu`7`_Q{j~q(=fA}f{soid|9)bi;_n&4m?DBz-LRGv zqX!~gyab<=G;^jCex1Gz~_n8#xpY?Gax6&E-c2nuIbIQlGeDPP8p&jyKX|1=nuI|{uO zAhxN)_RP?EmpWTjgp%BIy3c{)s^3CSwRqD4aC}Pe(O{UX2H3*e=!kbik26Ho;5oI3 zQnAkeGQ2iZWrJ}^vm6r!wvs;wi1SYo529P_+CKH8e+*%W{TRZ?lmi)4;CnDr>V{(? zfWn`Srx@xf^WdX>b!6LJs%TAtDgrKX5i<_Y@cJF0zc!aV**6?)PMaKv{w|+Xj(k=j z(T584@oy*KH6yiKQ`rvBZyh?9-a<~c=}1z!C9L4h^JQkqE@|&%Ipdo=crItU>x6V@k16Y zl>>bjdUrLbMQR+dSqN#DZ@r~myL&W!=|!MS6tA!nlic-6!}^T-hagAV)mreHwH$af z?TOTjLD@n2EQgzTqhzxIp6H|!WgF_1sa8}KbAWg`kvh&(hx(A1NT%$w9CV)}#&4wL zw97$9_1}zc73BMIOe_7(ZpFT*p_k#^}D^ zWOKBadFiVX+lrPjz+wONoO?Vepb32&1S+dDG!}AiC%$fNb*#~kdMojm@bdY4Au9J-S zE6~gPpTwp){V)1}abB}`h{@?pUs8o@n%&rN**I?v5mecn?3w%3DwHpPVb$SXx5Cd| zEBjvMSG4(pAayTh5OTT&^2JGL5QiKAlfA5K2Ee_o=LjM6Z1wPW##8|7q(jGelhl?OHI*rI-$3bs&_A+H zI&wF<85jJ9JsWt2b=IHH9>I#d9lG9|9zsg#n>nE>zmV6~E=X!B_F>I4X{4E1LCo33JHl!ZaJiA`zVpdUU51G0Trse7!i;K*wIXFa^nF)Jl2 z_w|fzD8ZZY4zM|J<)!82W8X1}U2f&rAyij?>z?#qcRav80NN5Eqb{jW3;H!f>G}NV*2*E~8Bee~YL8~EBL6JlJ6RpGc(J9*^hn$T*br-h^ z=IivugvC=ENpJE#sxZ#By`A$1vV&|laQ#;H%*@LA;)>XlYcQ7!g{pL@TUN_(tlXDk z|4>=EOzu9e)5iUt^?tnL<}TF(kjT7k-z37C?JV@cZWY?8DfBf^zRl#d*lS}7cV?D= zY{7lud$s_$&%hPF`mu7@_I+y9uT>mmk;3N$#qsDW)keK?2~9|>yU?^DE{=Ks4e+Sv zs3%21hpfzA&v2%?Y?N-KtQXcrMI%6Sxj=6Mc&Y2W+BDb1u5Lf=eN+q5q7Sl6f$Ntl zFXob0!KwhoxRBpAAXx+eHRgqKJquYr%DkZhZN!mB@Z{6pAEj~xpdwW7K4N3#g(#R+ zKQS>7()PpfFiT25;EApnLn zdZPyuNek?IE_&+wLI#nG200ff+MB-f4Ct})*uzuq2w((e-`_I}F5j4ifPcU&gqr{F zG7HsV8)mNMMFsXwN9yD--o0Q^|7=@_Y=6w>L7@UkI8`q4t0HS2i-(qyG)I z2cKQVQyCE|3(`R&{ zllY+A%|EawF&`%dX{;mmOs=&i58|%?)`w+k&W2Hd6qfqUEZJa*-cR}{2nVttLR|B3v8KlF{z|AzcQXe_W7 zE}^N=Uc9NCEqsu&QiyHt@rzQF_=0hdX|;iB^`(by)jl?0pXuKTF6^qV_R5D7(r4BU zU9Bvl%=06jwcGdmx7ycLt`-Vc4zVsCF@Tap)Awkx>@J;$h0o+-GdvHUEAnKT|5TCu z@> zp>KxT6+#8y#Kol|t%6*@8dR$ni>q3?>h|^g>4NdVBc5wRXNZAd=uaEJ1Wfv1-UaTx zN;*w22HFuuPEq>ahf&XG2f^yjX#|oZVK?Nv|G{ocx-b~RPVxq((#RVkvzF-c4t^f( zomrcsqMa(tJh|{@QGV;$LeUErbmRfCX z5&f3gZUM}9Z{qo{rOlSJM|9bM2e)3p;%3P`*FZ)LCtG9K!CR~A4Vn-g6=!xO5B9U3 zcWJhXlW_R1rp2~WUB)DXbc=`ND-s_n>de)a7Z&y2#Q*JaLCuOh464$n+} z{;9^4K$#usej;Pvr=3-hXA4N=hClo%w-6}hK1gKc7CZPsdIRi@U&pejijNTTyFDbk z>uY=;Y+V=HD@*{7`G;DvSOxoe9}ih-US99Zyjp$MIVSq|;3D-$aKZoUk~Q8Pfx=`c zhc+xbOtA9+@&}+bu^xu5qrQsP!TF2U)X7CNilE5qjTZsTtF=ad{Yl?klx)|(#TRE# z73&X*Jb=>0jwj6YW|%NS1T@y;##+>v1r{}``Mxh|{Pkx5iyBLeqE!f5>c*zrM_^Io z18Y&^$|rUn)}lsQuob(#bV*@Il{$P01=CK7MStXij`}X*G8bt#uq7 zIFeSikheoSQ*v{Cw36K(<&081|Hk@J`+=;Vb=WKq457phvM|N4#ifx zscStuX7{%gqaMvC2VWrKzik6V8b;}#86Z@r2C5Dt)_U%axB1D94m^Ea^l?a%uH(a|5ybPXKWSy=P<*MXzM&cmjEcs=}EBythEo!T&!6QwK=+G z*(|t5Yt`xI*?QRN{>#NdLcqog;MV?2&lg}zM%7;FXz|n3(R1Ot)fx`9SZFOqQDF+W z{>+uR5e^*D+;bqh<6=2Aew(0f6JYS!MML?NHmcswX7KjM;bpAo1 zAh0+k3L1uA7!jCK_K@LSB$zBA0~C-}3zGA8!xrLE5wvT=qn~C*JiKlTxD)jLB&T$a z$Vao4M~{V}?gA;p{OlCZKIX}11cmc=?13nwzzhB@$^g6sEHUNXV#0>i_SEN10b$3q z#E;($5axgeeb!dG1CoDY&P*`gwzU^?K^w(gR&GYAj8AL)rv`{4;oxG4d}k!}y-K*0 zWoO&IBNnxxWFE61)LG|`3ZZL&wAXJNKsiucZ2Gjw>M)&;C$cwefiuhSMMY!6H8z}D zaiPVBxaOYjhZ2~vy@JhErHgA%UIfOBJJY7_qLY>+aYa5w=RboLCl^Wf{wLf7tX5|N zV1PA@WiHkh6Sn+IDdQI>sf;F_u!=Ww7A}0y(%;uKKC;#{`Zl?Y0|*0g%KLFQ?{r4s zEZn^q3XuwtPnoTA3L4D>+R^!(;}uot5H2V7PW)JVSoxeiR4;g6f(>F2bytBBa$>;|GxYRc z4p!vTqDUuXlG}F5))7B3R*(T%x+C-i)!FuwI>@ZZ z`#RKif zRovIH_p}M{uerGO8N>YhZK5=w;|&xor25OBP1Z^Ep$>VX+XYOL@t2;7;fNBrvsfGV zsp_|5uNAtnRfS7xKMW9~ZD+*lYcErAM3dn$`vu+biqxbu%S zjwIYA|Mphv+8!+1Wl0$XM5IW@rdg=p{#Wkn`^T!E8}SmDAKnMnBuY_EwC?knmGKRQ z&jTjVdC5bcxy1q@qUfY)N#5c$Z*GKRE5DEAy0mgyfB>29EtXFC&$x+pwxB+}&su|D z^?dinVNOu$qF%E6C2dhccAM{iQ#dLdKh-pp#JeFdWd=oTl7nx~D8t|73^@wix5gX#A2W|G^v6Bhi`Nm{pnP#1SEEo3s`YIu_-D(y7U zg|7J6)ca0AU%X(bf{l<)#f>rEIa~OxI?5b64jJ%vi15j&#uEJmcw<=SMFSLbI87>#Xp}Gp0n-L0n_`6E*Q);}%-fuRh1ex<6bJ3P3 zNm+m9DAqkEZ>-E@z|3=w%;=)S@!={Eoc0Q}q!T&AcW10JNae%vA(YqhsPZifQi*-e zd0^aS_2~ZT11{#h#bOXm<-IovnZTqcCot&=4xMRg%une96W;rK^>VT02pnv#OLb@( ze>5oKb9Au6S~RMyf4t>Jvr`9z8wLpizX(hR>#q=s+69>lT5jXjsX%G>o32tHxY|br zDlCPT#e*O-gSf`w=xS{6=^Tarbj(^%189sq=>NTeq3fj}@5`Ym2B&M5NupxYf&&yP z03z*c6MU&;zWR`-gkd=d=+5`4>5k>yB_-Bf26ix2tQLW9kGBqc(V{`rxW9PzjM)!{2ysz1wJ9}B>;)TF^6M)b4gMlL6O4mGro@DTHj7l0o zT_V=ob|MB3ul9LMD@{tqPPUT+tK9~E6ABg9=1Nngu3uwmEia<^at#kmh--J3R2IIF z3%UD1>Q1|dm)UYjNL_#Bs*Bx}*Fu0vxU$?cZLd4mWxW@-=RMiB=RLP3sM0gagI9r8 zhAq&_STm9PH|QT+TbKp8RSYdLWd15&wF=?b(1*^aREA|u9|IqzDDi60Ty$`}Os6y% z8M{w~V;9-WjoFD8v22~Z7NDq%XgAgq@Y#5J%@vtl`+2E^@_bNfT`$#AuAugLkCM=i z9ZTH80=zd3yIhVh+&jk8Wf*k#;#mntm%Jy^)A>9&5A1-2x|N(ryR+P5^~TJWeVEiW zaY6NM*rFtOA-;rp7LXZf2H>oADLT;nM#0&il@_ob?(?94Y&)<_I%VC+2ayRT_rFbJ zo-|*{o;9MAwRY77qPJPy%^fVnq};L}(8ZaWRE_Wf>OO{SBdIl_6DBkqPU`^-sSK zXOMmjXPl(|bWG1ECM_utzCt=fcVn8ph7IK@S=^ZmCU6z6a~Af?-O?qS}%lF_rwZhU_{u_J`M*r7*4_XV(8*yilD6OQD!~?sb*Jo`-hXB_Dvf3AJ zsn56;2KOCA2!2|1N>7t%NQtA4&9aruV;=Dd+e6|l_qv*{N0z(2MTd{P2lw4zo{jKc zC0$AZVvB*!7@79B?cO3A9bv%2@|VD6{_k^{R=wPF3qf_z1Jt{)1ddQ7rQV*^*66PS z`~pFGJDx7FE$6JTrZYV1j0>0jg=^sK^W;^j{}i@(2KgVu7H1m&f7s&h>lyz9wvZ}c zkAfMbrQMXYUvW`U%~(?9*x&?I{C_i=@mEvj7pcD+&EOW^zuyT)Zu)9&3(`dQ%ufmW zho=EKh4%JO`!Sl4i8@G0vCZI)e5JA!G90mhCD*nEYaFoK0Wpk-7dbcLt=o_c`!cRIIJ)#+n6vO!U+8MfI_O zbib%Pdb>06hpRHZxiGyP`M7wgQe%wj9dR#ulbR)@aIdqoDFjF=s2Zk)g!~Y$I`*(y z{{q@;?iz`gaFeLOXY?!0H?+H9?6ZI<1;q)7AMmqJFW0Fl3q5+PJ2|ABo|J4l`7~q( z3`Q^&EVo2tM@+)YP)lQ9OzbZ3g}vggdF~ojbF2V*TXTyTI?JA!24!5*0QgAsHA$qm zOD&O_wsOyKI+nGWu_FJTDLFK^Tp=5a;HK$nr=9z*e#o92RqEgA|I4=aVT>@HH!Lj` za$)!sR2W`gV7K0M*ok3Pfbm=~(7U)x*2HU~?lft$CKJaiFI_SQdL%{{XEJZ5lS)}# z4aj}6kF!-#hfy!}bh{9t%rJUidW|1q=<iSJD+czZfy z#NX&V!}m65`z`p1HSfTqo;9spBlvnv=J}z1MIBE)Z}Z6YJ=bZk0pj9Gn@>hmO&9dM z%#AH%#5B8LfNbstgl$m&GJU9hD?dIx?D>JTL+-zt0RP?J!Hu?(2|3uO;8^qalo&sy z$;ASW<)ibc!l}-tF*#NG;`6vM{`(4+m<1p68IGyy1WBqn_A;Q!^hhQv)MXP z&bhSP7u^RG=kNA}dLo;GOG-4K)pe)q777yt@;W-COh{}d*kaz|G)|~sXJi6KMWL-4 z=~4eOJ70u!d60M{7U(U)SlET%li;y)%a{;)fNe6LIP#3ksBlw~pZom|Tm8yN4NAi+ z)|*u$WwJ$lL;xOhdBPMJnDV5DDD(!smSX8AOYpke_Q}j_aQjwD$^o!Jp5(xx_z6EZ zmvieYQfG)`1ri_dxwLF!zemF7>INrtinT2Y#j&o`h5@p{r{&Kc@YiU1^I9`lTG%+u z`Ak_`TWdv1z_)AyLIvcMSqcbV48wlZkAmw|Tf7bVCa1In^+x?6r_5H_Q)5O-=^F^X4sYZ1SjLwk_(le|5mF~l0taFDx^@nv`?c_fSsyvkEg2an_x zC#h8}jU5evD%sOuiCE5HMLjFI^A^BECbGXvbA8mIozx`_jCU^Z-yNjJ2BKCcyg$Hf zRK279IlP?|)9kp5-VU2AtKxUcwn6x%*N)2yp;ZD;-gpwN+f24cU|oScWBzC5{lxRr zT8f%2+-JQ0-v(arDU zCR_bl)hB}zpkY6eJjip%I z18*XGaH)k`a+%ZY?^JgGvSqkJ#o3O3V2yd|NXk6M5w``{1X>Q+dpp=J#xoG{^?MGuize ztw^gBPgw{lD-XCG2RJKl1I|hY3~*L{T4Z%R^vEI_KPnz|Lk9gltgM~cGKF>+hUg-T+Wg5}X-NdkmB4(-uagO(6DB0QhA5(3CLU!Rc0*%Hj1orG zu_Cuf9q=hYsieB9s;}h@CyBzfn7s5boC#CH(wrW$-y%_RU=}ixR|4!oRHx}ATUF@1 zl8rVVFMI~e>gOQm=d}6ZmuQD}>`3DTsEhgFiwB`K9xrv(!3QA6Ww3f8FFg3EH%5Hm zb@^WQ_{Or-%k0Jn`h;?j799w+EqAR}?xBE=y-fY4ad0%asd%_-jikKgKIiFM8%%qw z(E(IClB?l6w}!1_8tV*~%v|MtUybsk--CVb%;k)P9)pUyLb8^c0)B};A#~mpmB>|? zvgu?S8F#mF!QhNiSPT5*117RF3cd4~aQ`!|gJgfMsxv@_@dU^)R!dg%>r}Tk)ZdZ> zuZ{(uCZ$F9{8?Lh6}kuCl62D=x0YF$d__^mznt>p2^SCc`;SEizxKwbDT9+5MOZG5 zD^ZE1jB79a%Hi$+OOfi_XCfpgdrT{Gu5BX-g_`F6R_n z?1goC)v&(w>xn~S#yu4tRVzw2t>l!}lnk5)d>crvR+IRTKKAoloO9Hma1})c@Nm=T zO*}1&MTr}yHvhL%IB6Mo>hvIVMNx2mF z^-TA2u2y68s>|W&D=TjVp4A(rtc$HJS;_6?PU!V72Zle-1H+%$%P{P*p@%=x4Bi|8 zFAmFP zQBLQ!%e{ZO9C0KM_+@u>xn4@jf1A5dD>y0>TQ)s-bm6M=$UE=dwvQsFnD-3JU&$V5 zmbV*q+&~xtiT1=`7G_Jaxu23lGjcKIR3)VmBi~#y#gO70SA4Tx>dOM@#0?mIe$$UK ztU1->|FJm^c9z!H@OXXKd)%2jj)32CWOySKvkyL6tX5>vsA>X*ZradpM{{e)U1o6h z;!_gXlT=!_6Ab8ff-y!WEx)PVXZMzz05BKq*<~tLaTURq+RB=Ar+|v7T~KAhXs^yY zh0qzvL8VqTCHzL(L&?}eRh~b(A%=^-zygqb8`YivV0;68FWpcA zyHvG{B9z3tW5?KTki5j}>ArJoB0K9!&gc;QE>@Q{t2}S6#P|9XWUI;Vxk;(~62)&x z^)h5=PvK?(&o=&VbDwOs|6uO(-?qEaT(u-L*UsbUe$Q>T%)-x& zG-aA-Hy)P69k8l}MCoR3>Rr$pv`|o5C_`s2loITQ#z!_h$Gmm8E@LtB&PztG%L`A2 z4$efxtT`5{7U}t*QqO>ZUn2I0cRrdxt^`zV;c|O%}A)4I;sek2?gDd4hPRtdakA2`UYKGTwVIcT*&?h%*Ath!Es-|6Nt|gJ9>ooCFAvZ zpRL~rbQ-2R&Ir@)`8> z6gl0DIXq@L!52Tqt^++t{u1`w#Lt|bYCrxUiF+OojG1P4de0%Is}HR0pDvi}s;n?0 zH@?8DGe@sFCNXZkLi72 zr%t1>oN=Hq!rExqW(;1%4yloW{deO)?+>HS4BgjMd6$_YULjqE!A&NhoA}DoO^5-y ziAbSFr9o;PWHNLV+BcrlOV*z#0M14`Dgnw7KskWFe%;nqvd4~ntpaot2cYhxpMKaT zAltTy+1f1lIG~#t0(28(x$nA(KsLaD`bYVsq24EO7p->u@#(GM+hWbf#;Y+EiVS?v z?g!i}Ke3FJ0C}+qkQahe+vLSx{^{*M1@O23<;l+<|C-;~j9Q*8#$r5Dl?k*7g`4ZN zNtkF=1aqnakx0F}xl#d0EZ1g2TT17bX8`p?PbF2>CE#gojq+KI%~dK=xWZn7e)hxj z*{7<3a!d7x$7PU$2{%pZr+;HMm#l|@*mr#4{4sJ`%Y$64_f$B@1ZF;9OtLTqo@g(y zBU=W+7)5Q}%P;>DWV;h2-vE>E)X!b%;|(1@i@coO*BAYT3qt3IdoW5_Kh0_#s2U@- z$i|lOKPP*itIQ}G#=8k5gB($cUppt4T?*cg@I59VVhyaRMfWlt0?w((liK6uDsXZR z20V4AeJv96(RW6b4=GOQylLF>rNAwnCX!c$J_F8)$W1X|2eiDsdNnEhJ({N;xm!VE z9qtaSG4#&1^7|FDr+CtZF&%)wGW`_&9;$}c0n|q{<09yXav@7Mg{0DSBL*ZsR+eD3 z_rW&`;KT!W!(f;o8c01&kO(0u!pLyKc73F0fZRigJKrxTN=789Y|yL!h%{u7zfqo% zVQ++USJY%2x!{|tF_lD)e&~ZBem3l7zM(HCZg(qzR-(x!PXa8P6(fwZ&P!vG^sel6V7`E48qs5#z z-+OP_R?kAQwNjHWtZ+Zk%Io^Eg|~GtfqX|4>BxE*71Z!vX48-Oh_;Hizkl&IttC+b{>f2B9Sw(AiipYWWB#s zYj8D4r`|c1cL*+X<+HZ8QnRs`h z0;e|L#gm4bHZ!fu>-r`>B_K;jBViq!qU_Bp7%fYhKW!-8rq4#s>hzb`Afv3U z_jQ4Pu1aGQ@$H{b9XyM(htx@?mohJZvsoUhDI71GD#Pq7#H_>!H(C?Co5+y@rLzhu z$*T|JypaQ0d^J{HmiQFnH7^x^e`u*sZ>SSDhYpq+o>gT0COX;De!=r$mdXOW$zOs2 zwyH?u?pTf6Ln}2^{Wic+5U8Q1e4un!fJfTm6Oz2|6~L$82^>ud=n{H{o*54UUjN$Y z{EG!uyLg%t*ZV6Wg6ZXcz zEiOo+5!XPjVh&(>EHH(W&nsW<54u-777&ZaI<`4lE`arbiBM}S`wdl|s`l+liRnMA zl-NZB@55^6h~m1#J6UN4=(9yLlw(GL06#{nw*lL^EhXr$0vCa4KK6z!#nuO4-Qm$y z6kP#Q(s>gRp##&KCMhzS&~=h;ixem8*k{$zegrkuT?A7Ud%?528)5J9f%<(AU7m= zIAfVF*vkXO#|k%UJgcJW+|I2Hlh?d8v`QY99C?ZJ@A}Qw9m?qzMApnEhyI3VW*(NbMTb$1VAqeAa6XK+>rP?RzpE!&n z(f#m7&^h^k!Bv5O*z1|{5@YpW1u-iBH4x)DX~@p)vl&Kd)9*x^^QXWrp**e#DWGhk z!8-p1rcejvz793k_j^CHL8k?Fz$=1gxxdYDL>$s)&2VJ80m2HB8p{|DL$AUn8$fpi z<$(|0B5oz_6rX~{0$E{T1$+t`=yC2!yLrL-3(nx^3*g{e&%~Subw6C@BV^0uL3MO* ztNZ^}b;7+rKb0>>o_I^J?r^v;;I(0Ann|7<7P3UlK0)q|*_z^<3!bKhoFZ98QgHWRqt-pHI{b4s(oG?`j#GDwmY z>3B8u6cL(USSv}b3AVKXTAQx=svI*D!RhQuK6(~7at9}E6+ph$mPd4oK)iYdu)GtAF&UE25oNEjrG@zeQ2q7w8FUeOH~lWs_Ld_ znur@S{LgHKq>S^Nb62DWQDU@`f~vJL^)@~)aItnRc>bM9RAR0(d2!B#PN<|5d5{IJ zc=t7bIxUqzi)d%azbELi7C3Mfe?>7gt&E^WLjhHKnu4P$SOCQU3{rsqk}up1oAL3s znx1Yd>3Hg_(?Onh1TC|2=-dotqaAJ?=jW^#dCE2wx_op_Hl5*Z}}Bh;fpHV)7;cH~Zd*d2qz&kp z`}J~m(~m)HVyEt;I#M+9Qez_DYw!~cyvpYO4|VSy)>NXX>pSC&%&34Jkfve>iKz4v zE7&L&1SyGtfKmkvHAM#nloA!`B?2na5|IueQ7I8AQCjE`0tpa8gg`Omw)uhBVblS$okgzz3+MehjD=H*rL{cEDIuc;)i}C!Q?{lf6{NfgZ$6* z8@gwq9xY`O{YLt_5>p@fGEyk}6*|L5|7Er$3cUhhHk6rJoFboz7})ayuy4o@z#A(o zirEb>!EvR60>HpA7JjdS?Af_^HlDYCp8sCOD`PFGN@CzRxDrr@cCH>e?WY{Pd&}E5 zl}R6Bvya0Z*^iDJ;ZM^vjL$#To$Rf2*FB55kCW^2LAOI~DLy}&jhx%X0dr36E(BLR zAdj_j{k|A3Occ;akIfn|hO?<>|G9soHsscN?=Az4Kg$^N&wff9O1ajN9p~7jrln%9 zf3zqX;Ir!1YZt+lGkukOLhHkOQZ+J_%1#jWN!{t+K6CfV;(@)9wc0y{-OT#Oy#jmv zkG8G)?7JY}uhH#n4s#z;xx6X|Gx&jJUjej$!HN86<9tq@qyz^diC%Nt_ppx$Q;XR} z#m`7H$3J=Jakhtb3aWkd-Ex5Axd+_VwO~x^ryVUrS$v~g6o^U@)}#;OiQX){kI)5p z#&*cbxdUf0UXt=qK~gH-Ca=||Dri?*t2=o)~mW4;=IJ@*W{S0cUP=i_xJ z`K58euU7M3Oy{`UajiLa-#i@FzAEfqX!d5`hnZ!t`}of{Wh>7bt@RUT-YCh&F2@-x zjNK-wOZ_#vKOGR*j0 zIG{%vRI9Dp!D@}EfYiVkI?%X;tK8UoN@EM{fP>>Wj$nV9dt+RGim2Ry_)WEYWNYid zf$39mIq*Sq%igW|GM(^sf2Cg70Mv^VCc3aAit}O07GN)7miri|cj8~}iY?OCHs)M? z9??2#yG~Zx@2<68h3N+$`7xNU?V&#N_K=vay#uF)TskV+g@7B8dR6OCD_c%u@I2Oj%}tiwkYr(Up%~|i zY1gdD2zNBD!EkOTlX&aLPqYTCaSYj+`@!1q3Guq{4Wd#1)qePV_0qk0k%7;|$B$ro z<%bIu)%cmzyJ@;P-q-Ez>h+&zw)MK~^VOmMAr5TsW2c-59W`$FG^sXx6xGvqYOTA$ zZO;WCc08(--hV^b{Llb!h8`EJS*N?d>Oxj&MiTf)h$Yw2Ma@Xpi@I?+#}M?is{mrf zXML11E`Y_kTL)hs#sUBs`0k^nX6Vc!V;L6fXmZIcQVHRDCF80UZCryrlJhy@KJ^B3 zl7H>kcK}9+l4;c{K*B*OaoSqYtM~aKNAYuzsicrB`fD+RI<>M!Qp`|#8+pQ7c=Yf< z*c^m8V2OJFZs*&(#VfzMf0Yz79Drg*w+) zl`&z|B?bjgJ6J9~9bSVxS{W@K$x@SQ`sB8>XDyWkU9igL#BoI?ok+DM@j5frhBZ8W z;0g6Zmbn6;XHxjXqa0*BcG1@upl5nBRiJb0d|ry*I~Nq|zKjsW7sgp*3?Xd>V>dAAY#MVb%1{5hGx zPoG{6GdyGY>qHg>NkL!sg-T4K6OwL%+z)i7;9^fe%yFXjPlka3@>@v=2dLU+8FLx3 zVQZX$#S3Gorj2O;{G6;X_#EyH{!NBSRCvoYb?<>WXWfz#k;kcC>e=bTHX~MVA1-P=TsU=CVd}MMY+X zzgJzZObE4Ei$mpMT&WS7I^S&^gV(ubi`OJJ4o``VoSH?rz=vX1834FNn~|fJ_~ULG+$BQ5K#YfawrSS@Uv-w)gE}?->T z`e$CmttsU9vT(Pbs0c=gB9&(s`o_AFUoetPV*~VuO7+0Ui9Z3Ph)ti^CrSz}Ta0_W@w&d| zvq}C#3Ar%p;#5T%@kfBsgW$c>9*U`3 zEeSAaZ2wGVEH(H`+2g;&7bhg~1?R&*i!WkBHC3C3AH(7fq8^5zT1#3NQxni@lz2D$ z-*Et&=K!>g2BZl9=6DT|VR(!3Zp>ij5}9TAp(M*bfDT`iPSU)d2?w#l)T| zE6#tm#jEOd^bO9KK@V;sRFCjXkG$1Z*fBMiQpxpK)MwrIOoVpPud=nd#b19D_IZx- za7Q@ zR0Ef)ziUH_USoDhe3rGvlg~c6`(c2YII<_`SQiSDp~;{t7Km3d zUc;y-{@YSUHUJ&Dyq-2t9^wdTmQgtj2j;5~MG0c_%ErynlUJU0kRyvtX>T@ zNJ#E|MZ5fz{|CG`*}^zIE%}+vi-~gHo}P&lGm3`L+_T}j&A3Go3#8&yl;KYfD)*fm zOkLvp$84l`-ZpAhxpt`n_XX9#d>g#TT}U{&%S14To_|DDSoxZ*Ci`{j!cz0 z#H{>M6YYCI$8ieZ*fl(KNT&yk`zgWr=>1H1{48{rYWG3^7iV^{m5Kv`fc=Or_xpYX zs5Rs4YjT^?81$%R!lq#TUkICW+4v@1Sxz4FBeMD;aH!{mPd2JXV>Q}25f(ZKJA?(C z0wIyWnA@FNnCn2%2%_({Ly)j+4|R+RG>B)@TB>bGOL4!X^u5`0rFXS`eew`C7b6=6 ze~GZ^gg*l~7=GBkARgvfe+FG8+oG#Bb(x0Y09QjxX`2{fIIyckIePQrp2nC-iV6$H z(H1N+?kO>j<6VOdDh|#A?lo0Ozt8qjs&>uzi;=1)+Q&j%!aU?n(;jvHHtIPB9Q)^d z=Muj&vLW$1b%ga^nmwlC_K!C(RY5m4L-%{$XM=a=)6 zp_Q)pCRv$b^{l625*74nrOQnJu#NWf1^E`5Oe$U!vQp(#Y3!JKKBC+2vs5B@X|b8b z2!6euq1Rv=IIab@L;(g-b8Xe`sK9~D!Pnhf*|H7)YjuY-?V6rn;$XqPF_<}MvU<&o zWaTkrq8iQyRf~5PDy4VB7TuHsY6wr5j+vIFX$I6gN*t?24XNhRZr>uyx1O))wc(ZP99=DW9=?B$-r@T<{WpvX;zYI+9_ zYToTLvP0AyH*PDKNqpRRR*U;6_?H!T+=1bPbipl>r~P9~uAlZ0q!jX+ z0=H&K!_pt>L2v9_n_@6$rDNTASiej3d!WF|E_N`V`6~MUDN+|b_zjdVjMkZj$XhU} zRKfw{KqmO}4Rv0W}>*h#5*7VcDZi#*$V?DDkw zPXNX~aPh!zK;6a7Oji4UVexqOZ?JeklPXmUkT}6dTI25e8|u0PwhW_>Av-7Nh2b4| z%L-gR3g+{`S9^H<6-k=er5z{c9xLAp+j5+q|D3o4z16R7TWTgzZ&g22t5 zgy+msE;fv8>WJJSaeE9Y0C~pf{q8V*GEUe~(fuj8{(V2(R5^DC*Q2iL_CDvWoC5=LTHi-ab(C8Pq^WWwpWqJm;euzGFi)AkV&g`qY zI9IU!&4PRr?ZoJ;n^5nd4f&I0skuZdYFjQyaIae?V%%Aa9jS+A1+lA-6?zugPp!jg}VIO^i!;r|q+Ar|fiBpc09c`{3 z=`4=cf;f8;)PSqgslbI-W0nN-E-A#G90MqZSju1~(U7)bDaxw(2;&izXwh85B}tsI zv5S|v(+mkBioJxPflU(6hn@|K*?+F%9Hw^7J;}aA;`yK^xWqaDo)3%!;SlVnf7S%5 zV)HvY^youQeV62tB18p{eLP(Gz&1E`gs1~36g+i*&xpNR)@1T5&fcmquthHQH=>r+ z+`8K~j83>NFSmbUm&V%0(JPoM|RN1=h(V@KldCT2q|ka{S6rYI}^Qlq_C5*qCC-&8aB?@}H|g2rO^ zMpJY(dV~c;)y{v5@&mdNM1D}5d0OaC$_<9Wl)SHvyLM5As~CM1D+vau)=!<(XZlTf_!%|`y+gIvjbwH2V{ zaY=mI<}NF%lI)a5l{I+3qJpTG4EtEDf##Ek1p9>=`o^tkPR4rXg_Yo53)Ryo7x$P9 zmW@=tFq)Y;<)d_n+gIU^dSJ)FKa-3{)Z$Kty@h#jYi*PPHUm)00AS|jQ&Wn?)wsF zj8D7C!E!ETc5q(Y5Kj8M@T%xQR-esW%7E!G<5YR!s!`@kK1aJACWmVByxI!=gMeFT z*Yid-&B>u?2a_z{f5PO+1^qcRaj8oNuO>22&8uG+TI~JGxrf-@ZnAc1@>?sm1dTmu;*$F|Uovcm29`mNcKd{FWW!`&}(p*aHhMZ4R{3Q*;8+dZ!GY23x zg>B9&@@#VA>gVi4xG|+10bR|rtqg^SSRjk5hy9*>xg_^wAH_x5*cGdLJU2z&H4Nm{G z>^muZvcAwJnWVU;HfA(U&7WvpKOHv;>Lqw#{A5N}Lu;qOP6+UlZS|YUN_|cL<}; zyxW)V2R9UZ6Sw%u+@We`f+b&}rE0OE) zbE37J6Ru9E?ySclu?VzWT?_H&RNoUNX+}WG@%|m*K6pM$*fp?V^?LDRoU5O7FH`t>E^GE+7>>Ty;(qtJ?fE>DUnVZ+($#QMYbos2(?A>u&$Jq|@`z??c7( zOp(kI;1m6F0=`W3>}@F|I$^EM_^o)qA>7|S`$zcje>TAQ@m>C58S!lZql9Bjz|tX@ zkMv`IUYwzkp(s8JN;ghHEwY#(u!x^^sK{WE?+aZzGF>a3HnfASiT?PAxF}+hSSihf z)wgyEM$pvQu!D_3t)5aZJFQ=b94F3bm}CQyP4I~y50-C30f7FIIkhy`0RqMmkq9VV zLF&%UR#j95o2XE5VBw1`fLuMODl@lnd2>?n(ev?5*t{Ar&yZvq;3COalOr&sNK{nq zX3C4VbopO{)EfyG>SCG zg2``uPsk|(WY11KcT?Ey*&nrxxzVJs`eh}^tshCoC5=0bY@S3g3Rm~9aGOH+Je%KC zQkG|^?Oz=1)|z49lkOOo1+%VAm5+UzwRG#lD-jR zKILFleHA-dT<><@cBZ>vtVTD^03)!+uNQcD$*zbND-qOOm%a8ZK8D0A=4Noq#|4gk=D zROqxk1Jlk}u>!vaeyeoaY>JKrwz`cke%33iI; zXOF)UchiU;^|6I#gj;(1>L|}znB2JUdBbnc2$jfuIBpX_8+aF`do^y&t5AZo z?2QY&U9H@64ueyi{#JB(NMeXD1qoe*R}4;)8?){PDSM2EO#7=$6oq?QT=m-8#Fbz4 zC=MDpq2$h>?`7OAsJa0q`lGs^ke@@vGL>D(@6?`s<~5H4yQbk~7=cfFzK48|*gS+bmB0GFhK^wEwxq8%yh zWv%E5KchJnRf?|vr))+k`l)PZx@W_vdOz=b0VA-)b&__KJHD&XdV;o_q7dfr<%Vn+ zR4a4Mk`1MZ5nck{l}Wt3o=K|ahJyNYx_tLW@yD=!CON>*(+c3NF%V-QVoz<;UKJpt z)yHYE135K2IAaaxvfo@A@AUp{Yi#}5K~v1hR&n`(fWdp1HO8cHg$6kbeDWY16(_t( z@xT2{l2at*FMibkoFJp*`Gu)09W-Eo&zHU377$M=Vt8BH z0=k9AXT$3V9|s1sFr%PJxG}TsyruFA!PmY>8-Ybg=1WraUWgSVb)M z&|b}jW6lgxe_7IoY^pG|^jb^CKN{RG#y3@pr`T1o``O~3H#@ukqiXRVpcj8wf#Ld% z6HNdu?58b5PU6^cMaGHE;V_5SWM@i4(w4L$v43SnjC6SmqT-Fzt55L~T)_C6R;6vD z@xL18j?PYn_^WQ*JH|ZPlas{pV0KU6oPFt+V*bluBtvubL!~K}2?x`~YYls6A%OT0 z3J=Pg7)zL-+y@eiK}lk<Wo~E9I@ayoR8k5I z7q_JR`=K&d%fdIC%TLemb_C9PxeMoo*r)s+zzy`3hOZ+?skosb*`oZ=2QF@13J2ow z{Op!fgC4j7diY`v98QM-Mmd}Y*;Ohfq1}d(+7MOawi(XBH#KhsXKC4_?kN7Xy=@kMja0A1J=-KfDi|vmb<6D z(U{{$pIwGCSdl?N(VWOp;I+Z_OE@jU`sgLKM-RPgw8lNYXaEux{Au4;G=rPd#IV6o zmkr$<*|6?a&W@nhN9qhgt#-@|Eqq*Kpy1%*BtBy?YHyi)G}lq^Z0k*nFA=yf!#p0-B}_&Meb|{`}C~l$rK)8xAK(s?freEQ=v$nLK*^HGH){^ z8&=i6WUL5tL$ciMreyn8c zgDhB)>G3MYdak>!gBqt+mq5%DE5h7boODxjjGBE?z-i_;Y*9WNG2ca^b-#&1YDUOG zAIPnGz5;6{o2jN6lZQmieWWpE9jDQexohfVzl{tbEz;E!$(`CnKTRl6d2+48@H^^a zXQPX{)GOF$;7J)#`7!}l#|fAEG_$RISvUH~_v2632KpZW)rwM?NxReBBFY1`lKBe% zr^TrOLo1;}U*uj;8I((l23`SX;F`z%6+VDf4ynPB3%ks?1oR2N*+ySj4ux>%qrx<} zIp3=l8@rGPnjTY|ao~PJrlWtS-%sE+(v(my?Dme%t}0lg1RcV~jQjQ*{FQZa4q#pA z34ldBuD~rF$_iMq;wT`SdoXfz$Cg7mzu_8s_g%lZ(*1(>qzs^82yOJylWzUwpu4(u z`WHvo7NF*G@CY@HCQO?q29{jCnQR7kiWuCz5b&tBZ4*^@bbdBMQmq&a>E|$1pcC@; z{TRB<%6YHj__5QWTPO*$jgQtIG%ZxH&|HJ;eofhGlUY>g5a-A~`TLVI{f6cR*!1;X3ATC0Rw)fd|3B5$Wa)C%-WoYOwc!;<0 zuNmEAaA9h2h(+tz<5Ex%Je^D_ zhM+P%seJ}!z`<+Xb6e#mTGI$+xI-{BrMH@LsOm|k3>jKtog(|Qq>a*Fu+R66un@6{ zOK?w@`ojUB!>m~GXgHj9++)j|?9Hp~yFbatHavD)>He7RrR_dhdAjc$89D1rXs?=% z$e|oX)m@~pMpuoSznVD7h0^Sb6qxe`R|A=n1_k4f*HY{;w^aNEaxSd?gmondrfS^r zhHX3>@C|8E@+Z>5=7S<&BrT{r7mdk z6771AZ#H@eBItOddJ%AuzPK@q!nvX~m595bN@-J`gzrw`F-F6a!Lv&3t=^f7eDzs6 zIRdk1>hNQ((}ImJ_H@``+JT~u4_CKy`%UJK2u&?Svbf{N7hZ3n9ONNS z0@4t(Kcyl3ZS6GBer@9FuqMRYah&Oy(2w0oqK}nVI-t&h8o&=bd3g)6a|5KqIrc#6 z=My=0+cuS6wgs-f7SMFcCH;v5y@jieI|iM^mAMrsf9^QJV>&gQ)icq;kb=*D=)qhtXH|jzht% zZ(Gwo>%2K|U_|MnC1a}isjgzcF%)p7&uiIkJe%o!WB&22XJ9V|U>8-c)&@${O<+5Y zH-Hm4m0<}9+AjJvN-<&Jl~rF`Gw{1~j}TkDK2xz6H)a#45$zczg7(TOeHa<+%c(-| z>D9fJ402}Xn_$5>?ckTj2EPSd8A9iHyLYAhsvXxht7)?N2gjnX>dvGM>@smRZMO1( zzjXbBGOYUv&%%A4HtEzTn%O@qOgvRy3%d8W#st^t&>b^_6%-SHAZb|O3Wg`k{2Q!? zNCfKL8MGbenJIh+t_L{vfFJrH+8BQxXeD|o8<#+Q#|Cl+dUJttIrSXMvUm+%OKi4C zp$(~?#Z$*a-G`b8)NngT#9H{RMLkIA-zp0S@9@&X$^6%2%9)0g4)7W7AFAu7vx&ju zAC4U=?Opo4jyEG`@>DVeA5F`7Ez9?a!hI7ZH>E~f^ABudCdq3&w(hHeTv|4_ zx+?BaDlH?z-xIqb6Kl#4t^##Pr3?};?4P_kON2ZX6_wI%RrU`2ji;!>M9g(J6%v*OmYh}Ly~I#-ct7(8RgIinibUrIY+f*zk(v)mPtrgFnw z_CG5#^;HhoUs!yQ(GYkb9e8D%HTZQ&AYhU|>ZQ%V~O5~xjNS{n`y5+F(v!)W7Yc-WoRV5MI19=iHw zeM`Hi-_#*a(7VIhhNB6ytBjHpG4;YzxZ9jAR*L+I6z}+2G~rA4p+)Dl+G1=sO)qfo zo~^&6sq4=`o`x(rerB#oPr2%=`Yu6~C`RUyL;Bz)6p_*smFh*8qBY(6r!6tY{&6Eb z9^Ojl9=w#K+l0ZZb3z&kdc!y zI)1k;b!6DIm*hZlp6#2g?$)b0)0}o0*Q=rE>urJ<$bAhgS~g8x+t37f$k@j9c79i|AvFI#;Zo$gCghnXOK@_eJO(TBbdf5{xOB$-3V^?#N*m>MUc$G(0rFiQqE z;ED8JH)QKa(ywvCQq~uKS+&nJh~ekXKMTzE?gPO?x%hJFf@Ns)yd8wyyvG~RTR674 zB)t-LSxBgx*FG!(JgTvVO2XstEylTs=fPSGf`6iuvEfdVb|?H`s;(D?HTn>O?b++h zm{=LlBpHzMO9EQDoa?#*rcM>Q*FmIitI_=|WlE;i9lowS*PR95%CnLml(P}LIrfCtr*h+JY15(PD9+$(*frJ+=N1bH zPE6;CTgpPZ!;UMNyeDwC@4EX9XL8Fl<=f-6Oj{uQC0oREM&(hpl#8n zc1~J+4S$hj2j9oN{Ac)ZOWs5QOJac7Sa0Er;O5s)rWO4VeA64GL$%?C2}ML0JuB#-B0~3SAL-Yd|sc>ugER z5yWsx;l3fr#W;sBCoM{o7W4=g*gex8+2g8)nZBlZc`(zf`r?-f2R1)(4tHr z&8s(zsalVC6|$`)ZVjPkq1(Bmq0Q4ldHR4$xQMgWs(0n(@h07UOV+ba(rPxTmuK77 z8wN3eJi_Hi9#KmaRF{RN;zNAmeyf%xJHAr&i*=yzku4&Hz&Eh%AJgERgP3aURId6M zQsoR0q(4(U{t*Cij$iM{?PAmi(O~dJ&KWah&KaN^#7uD6oee!RJCy7}ty^T`Bek@t z5Z>eh_3^fNwXiw#;i|<|7cdM_Y?GEOaH(lb8r;VAq;9@M&X9B`%v7NtXvbn@$qb1{ zbW*iDGx(d|m#pfHqRfQ(Qr3 zaQY4%_u-AcY6{9%Rd|9Qs?>-$zlz!Qef^Q{%JVoI;@A;gJ$)QrzOVU@3Nq=7Fd7T~ zU0o^{rcAs_8o=U4Lz5UA0d$M*Hj>dMVydd@R=+{G?*%9qF0k8fYCZU}R=!Gq+C9b7 zwZqK$BrpXrm?-J!<*MDDe38enc-r&Ovm0?TR+iWn`u76GrK)wRpCg7+_ceODSPU3b ze_rvngdd@*B>K5_OIYqty$=h6h}T}PA9u*b-NkLgDt2?AD_WM~CtbH- zWGZMfv_DM1=cFYkiqb;cCb%2}v3PM|FYT+C>pkITmwswM?_-MBH)sp7Z87&h*C)c5 zx<+?`qn!9|F=#h%>9R)TRcV8*e46m=3L!L08MWrPN#Wz(&nIFTkJ4uSu4cX}3fT@; z{|_otzMk?Soqt3WrKE${!teEz2cl~_UwZrc87^N%rzn_uH+x!$?v^KQv0=0Dn=uV(y5Mr3Cwwu~l4M!0%YGe470L(&Czw&?`qoqOwtfZ{^ z?oPpQ7w`*xnO}j>DZF4$8N&IJ4Z@MH`^YsIuP4(io&3IwZ-DkF{xDU5x!lUGl0K~w z<+EN#;l?i!-7{m4A5)5&Ms?-N8h!SBDAx6!gikaaz))+%SATJwJK|ZDDZ7>rRYsu* zR1*^6JIA6$I_R}j&k<4S1j>ekIcrNnR&5q}L}{3`gonQt$H=iW{sOYdQv&>^&H0f@ zPH~%{AAeGCXm~(8&K`n=+fwYxF2}k9&(k%u)GI!#$+F06QBt?GuNvulL`GkdQK_hV zx3Xx#{$N0u)Dwir2-*0f>mz|>>iA;N?|5?7sO1?5Lb+44NWrN#FE*%j@db-O2bQSB ztLtl?TCidABBO2M zziRPWsLJC-5Ru^szEvi`u3e6wUrg~vVf_*+9mv2MFi?!mWcTM zJ0v28y_83v2hhtji^PxN#CMTO&lG9{piyg`1D<>De`$v?}b0I9jb!t?MiPvpv3Zll{+aKvL(8gFa)EZlcUp z&xp4-kbW3N&d<8vl^8|bFge+RW9;E& zrVlQ($KyATVheMQ_&{==VQU_BC#JoP^=BQIITLa3K=g|=1&}nTX}IClGdd^^0N!1D zF>Es_zH(2`Vf@W^z(we&?Tv{sQ@ffiW`o>2S_V_>WSc z>fL`0xd285?55KM{T)2}Q&ZEY#ZOqxTm{B9?Ej8ZWTlVyU_0=BJ>KLI8>ktt?1FBw z5ZJ@ka}DrBAn!m8OdBFYX``w|e4QgTO%hA0(vge`DklH-mE_+FTi-F1&WA=a+UDmh3u;@X?uDVO zemXt1G&&|+P@KsE)*uL!2k|C2zNVA9P`nnUFv|KnC1ZIKvK^R&Y|LKt4F@J6aHa}% z@+%rJl$g{@;SB<7(_32viuBd6r_>fjhUo8~{XM(*=i`m<|6s+xH}3d%xz6nx;d zvyQ)}?U_>~kEj7L?H%2F-wn23ui!sQk;bg%fU3sqJO$OmbItTyk=(sF6C@O;754#i zSV=L4Gkg@B)o24%LKfh+q+GE9{{cW0edpfIbV$Bh&~O^+*4l~d43@7+{} z=Gb~#Z+#T&c#NSCzUgx=wU1|VEaF3uQ8HU?w09;`7guKk{>{jf(91+_sPeJX*NF*2 zJ5yP$ttt&!2A+$^1o(sSW zIsVp{^{dCKDtpbZF~1hYmBlsPil2VgwkNLUIj$*;ziEr;h3NrppF~hWXeN_5bncJt zz0FA6MNaGiS%;edL?;9OX*K23$asjju(4|L|H*cRk|-YpYW&8yV5yC*4477D&vciZ z_y^-6umn*q+pDtbN*vxs>3-RM#K5S53$RLIIkD9n1BRC-tLNdj5^?pMr2Wn!TMC5j z8dfThzQ4v#VeZkyt)0I0#%m`49#FNUcgXwMgNl2+da2kp!qa1Awo{Rd6V5o!07|XQ zQ91@Xl|_|FkO|0-txu3k(9NaqDUbChPQ8x&qyNJ`&^C&5<9l95B?flDOlr0AEH+G` z#qbvNKa?)6m{dmmm!*pXP_M0?0)OuipBlMFtdwH}?mm-RqALHgLb9^9lLeKGMfv=7JZJi56%2#+(&U*Ck0ZR|8c`h)+may{P zM@k)5^Hg^L_(LCE5Z2FRW|uSc5C z+9<_7+s)wIo`YV}4nulgAe7nKjC`8Ox|+M@zae{FWPc}a_mLnkhUWKQUc4ReC+ejJ zC|VDBhDc3+6OUMp5|07r<=?#{e^|-=qk_@xWVut&$hT^^rYtvA(gT}$(co4=Ois*J)i2S~r1-9ngP6pX?m3pFz?RyeJ+UI{nz_ z!L^xrg0Wp;J+|h<anZ%)-!Yzb;d+4DVOEkL6Xi=wdF zqM+Kl3E>^panwQ=ABv5CSTpAV(Akot9nOVUC{{F=HwY;~Qzihs$gegJ)AA1(ARnT9 ze2K1)QaXGA*6yBL!oqd9qUGfhEj6E4dAMAED&OMVAuCp#hS$l)A+sE!v7Dc4HXCw~9`fzAnX7i>R9l>ZuB4h~;Pl(# zT|76$Hr_}HOpFU!v0QF0XQYsSvs*+n;K{ z|4MZR%=83u#lL*ub$`5%Us$T(p|ZNY!Z4pIG;7cG1uI-$TNNe$e5DV}ap&mnoi~0f ztv7w`*MZlF`E=vwz{_3&=|Ly8^4WWzMn`@<_FT5z{`t*-E%j*x{V#*2x<_J-sw{_U zT!Q0Es6oDmGOS%Lx8`4Pxg2|;gl-p5#OJ?FD#7S`b}wAY@o2RsULvdQ`1Vng^JVY% zzy2#XsO|v6d94!@6a5{$6yB&Zr!FYhH#5_uzL+oW&+X8qiXI`@kPiGbbvSqqu}H7! zkWJy4*gHf%PiI?FGs(3%SS_qgMN@7y1n~?*?EjrX?$}91V*00LIHC%M7#Sd#j%*3z zJ*|L%R9zvdvvm_Sz7g7!HFu&ukUoqWHip5a2Ie`u9;*7ulP8A^%zq_8k^Eg^n;Hk& zj80t1)wSv)=ue8C}d=#Z*6B#wz=b{)amG$;u; zJY#ajCoai&x9X@JY&Xs|d~ zFpona1QWTK5q0k^v1o8`693>5jz0JR8rar^eDI;A)wxEzq;Eu}w~AHmqs5yEMqM#E zhkWLmr|Sb;LmaEpBYU4SE^$JK^vLS7PTdHJ z4kpZ#XfEL2DL7FV`^$ac|C?DFTvyt1F4W{DCEjYv-pxJEZW+WwK?rCMi#hv5S}6>Hs9~LaIbgL%lXO| z{bgnLWz&1kpvnh)-y0QT)I85HW?nH9qM}Ya=C6(eHh}?9uf;ALvaDvj@`e$zw{o(X zCDl5Yl-Q6IweagL9grWkn|Q09NO$L)`;yQ!2NEtV3>wG50mkRoK9Ilv(gSFDnivz4 z0xNbg#$_@R_@|jBVak=(4v{L`B#-5|Z%-ufXjWX6@(ryOtP3G>ShRsf`!hyFH^zWQ z6<=8#+GYvg_}U+mN#N7x%x8t?sx|!?UOl^0D6KlY-E*)2jd&*S6Or%kQK24#dxS(1 zL|Eu0J_|(LgM{9|SuSy0$f<=Q4hcc5R*E^DpnaEIWCXq=kfZWE><^An8DZuR*5+nSg-Cxe*I8WMS=w(x-pnxT;Olsm6i;_(VdC33$*D~1 z`49+3j8|9bXs@z10O<-U-XQDX7Uehxkc&(vF*W3O-BE_{H02Z#(_(NHuR^kSP_5Z0 zu!72i4%KaP!-DG>Zd=N{9>8b}R5l*9*+BjL<5}VTEKAuBkNDC(1oOHkurOt4I z?HAa<1`hq+zlQ^l=j8Z^x>`8NT_L~Y4&c=J`h`u}90v#)#<|$x1H)kT3DJH}=>crN z0!JyszKoqMT_5LPs4^OZ;&L`Hats3zSA;4g-9d5sn2}d5AHETIu#csRrAeL-8CpR-g?gWqF_8oq^1>SGb%Y2y@%(+A zcF?hA!swGFuk%Y|`HJk1a<7Z(_4D~Z2e<0^E6|ZTOVQ$|gwqLqt*YT6iI`SgxPu~t z!bRpax4^K2Q}}w9!D>ScAmgdjvYqUXLK^$rWJ-HRDiYwyo_b z6J)t6>L%d?R~0w^oK*Oe5_v=iGdC3-796!+Ho2p0ZVp*Xo{|o+ zM~G?!**2G5Q6WE?gjv;O7F>k5^JiYNe9-D?$V|-uN`>~ElPkR01$@T8P5KO@EHu;p zO^Ag?ydxMfN#VdX4AG~~ix;qD{^ZQ~rO&w;%qk<4*~@{Yu^uMc-rNIi7N}w}02@zN zW_;S!>{nLAsO4-x`?*2lssWr1+rt63g?<0>+=L_6hCLTx(A2kBR#r2J;oB(y+D7jT zUwa&GPY3m5z^hQD)~jiC3A`s5=`PVZLdkrup4=63MOrJBi@!&PEg=*v`z)xui!~iu zEWC=Bn>R6q*C@6`16b~O{#qJgr!HEgLmR-g2A#f9axk${g>i;q9RG3tQmv!rObH)W z-U63)rN0mak9I@dSlVtSs54j4_Pevl-jpcgJbTpe{5ezv7)0sj;-50|+0C0t&(C!j z;R+dbZOxM~YT#hJmccFl;TS)VR9TEm;TAMrc+5}gDWfED>`dJ3p`&))$9imZ z+Yp|xC&3QDypgb%&e+9$0V4f#4B^$GU6_fo4x1LH!|^Hs9y z97T##FisRoJtW0q?rJ6Q`%{ygP=kSW!R_QZp(S^H`I&Az2b2iro46R%(^uGL`G)Qu zpjF$}>7(1ix!!-%kOSL9zg0chS3LeCqry3YaGegyU|vis>-XMeD8AUvQ45f{qKbAB zy{K|Cx1Ix?>F|pdLDLH+iseg!G`yL<@+UAYu;+o0_cO`7kOAJ%{N@sUvNf~H8&bWg zzX-xRK#6T;j`|X4KO)`r}PkJZL_eWxGkQ`m^}r)&H(v(dJ>kh zgL{3E5NDzd(TlOcgi_I8wsGmPaE6@1XTLGx#$V1L7I7R>u4BtL(BG7bK9RCONhX%0 zE2vD$3)ex}tHvq_4`Hc`v91FSXAW*F_Qjq^V#!v^WNf7C5!>4D=>xA0hm>vlLx)n6 z=E<#CR3s$wtf+7L`%i2qcOn*N!{!ErW|r|iJ%c})mE3&J#M|zr9>E| zAi{6zjNgX`@FyBefJ;9c}`CD*=y~+*Iw(h)?T~IK76Z~9bjkE zLfTgE;@hW*`8?yl_&qIINN#q5Jv z)rqFjP%Mnho4`;s3(G~CJgRK1vba(zFH8$Lq3(PL*RrOo6P7-Pva4*87I<`-6m{pacvUg^z%HzX~^{fY#Qc)ghF(D1eryWrmQ(KWdgFEqD zorT^gEUUw4g6Is-Wk<5eeq|zS6@f+g8Q~am%&AN>1LT{fC2eOxLe1U zKwuBCx~7Nq9(L;iS>U`~NJ5y{AzS08xu4*<$RM-%r$aCrVW8$jgH(VRO2`pHSgaY< zA|36VEVMEfA0_0mh}sZ9Q6R_Jiv;vUXOoN&pITLcbbl~I@rYo>$Q*_``3%u5?75vR zGfqi6nKV~%gA+pW4DfFExziO`dVTR%#uW3+n8Uv|ZL;4pv=-2;a!Zc#Nzl})rX1*5 zeaMUaPcnFk#iiI(K^PQrHJ%oWCynbfg)KNbUc<4 zsm-DNx$q>AF+pPuw(7H)nJ;BQaH0y;#F8qVkT;TA_}iauV?Fq>2^VOsDK=h^%8T2i zV2mbjRy&ynQH?%eJwVZZ1T4!W16I|n>ag%Tf+(5hf(zUyH#71^hfF41G-f%)NLkD| znG?dK>fS49-0^mTYZy&m6p2L)EmnqtGQ2aTi}T7$T#nLUx`Km%;0y_YWAYjSA|fPG zSQ`itXyiP{y}~~bWw)!->SP z*xW@zk8R*oM_tHpA-KwnajlIDh{8U;K5p_JEOon*SJe!(w0_rU_qg3;&eEYWD?01uPWpO!iJKLY+P@y5v>>1r@wK8H1t7=pgY|DC9Q|lXegViv# zoj@)s!WZ)W@=4Z>O%!`ZfxvB1p`R}n?9M^2*Vsj&M}@V%L;T^A*SIuZqQJ*Ve`eTF z#bQ9G7Nauzc6@AF zmy1!gjiOx-+FsdjR|Y23R68FVqT3WrP*2b^(U~ONL{d)DqxsZu71f3=+P8qn8{*sE zgvEsLk=GYmLN(VE?(Du^jSUCD4x&8}kCLG|q=bBFec~A1KDZ68S0BW0X)#gOC2OZ~ zfnyFAE|8IcCCs3A$rAcoV{6*j3oxjr9ckaBArKX9-zUM#;(i0vD~BO3JM9u5N6A^4 z)RM0zrtvLoQ5W>i^-GXb`B3<(ppN2fYai`R>NUWr4eBhP8}yTGlQ?ftp+v>C1dAM` zFS~l1TXL3_=ipg&Sc_)up3!ufjyF@ zJvTcSFSf=V7dpI8e6d*hy;zatkUx{k=8TmJDy0u+P-crsg^f^!u;-RYcn;qxMIr9O zF2)fwT-D;nT!*X zs0%jaoS30q`I+yS?(p7`mxaZ~vE(8RFn8X3f@BL6H}{5jlrGPj++WY4;_(b;N3IeRbr zH`MsqEg%z-{2U-L_=9KTsmE#)ZU=Ve#%-H4$O0c%W8T9V3FeRWmI*Y1S*@$|9!}I8 z(srbh==;5D(12v}E-KjFWsYiU2UNB2R%1EuMaLKuA{e?}pHx{NES)so|{mJt^ z`qNKvy|r$NL)%KfnVDSv#atSs5Px^vT9YQ2)&O8&q8=!QpPpRR9CE`ceKOxHuv=f> z3j9!GzIl_v^nQ?BLpZhqf$q}5{!ch=z2pBsHwfk9OV3ky#iga~&Y6TXub<|2@Cfah z=?;VnJW7=br!WZQ=8()~(cnyx82z$+FJhYzeY~etOxAotg@3B`5~giyO7R#ofZ*nK zGc~14X}eZQIYTJF!ndNSzg?~hu9YZbmpfD~I#~2GJmYR^zK|n6D0U8kXSRKS&$&2f zt^mer)x1yLTt#$%9D+(wPJ8#35Cn3(v!IOM3`QG|xmT;k6o()(WkKQeO@O-7mlWF!F9h|Cb=x| z?}7{9DQyARD4|B3iYvvZ6bnX3=CYk_?GgPGAJ6tD(;rXUZIqrL6C}MzcBd`()dk@$^t0LVmIO6y7fm%Q%6PHHJ_j!B9c zGkH442L;Qe#64yF;6l9JUf6UJsLLS}*c-|mN}qJGNn)GG6P%Hp64k8W^p0rCjtp#| zNP#SpCi2u%wT3k#g@TkKyw-u_+$6s!_kkExt45L1*jg1>^?BaRCk!qi>_WUR1s&op z=q4{sC5jBFAKk;2Iul2us0w?;PVFBKE!)5-WYgF}`AD;9-eCMWrzAFG)~YdvM)mTh zjBVNm|7Yyj8vBa*)Jxs{Ld89EfjyNgmcBBK(X7w!w9A8WaSviDGMt-OZOlas3h^Ej z?Kwb7&?X_(-KmuVs~M^NRC4R>1i0?~Mh^M*P1xZ+dYpajR8ZGVRX^xzHZq3Ed)gOE zNxdl}$R(-$U3MO#mEqI`Aga8D#YBq2Tm~(c7sN~iQ1}_w{Nz&6erBdNYvIkl-X8l0 zM)=ZqYu1GSe&VMiXL*Bl2GfT*^m(*Fv`f2UDeX?T9r@ZxPG4>JrRw}x5Lpc>hndY{ zM&+f_M6uce!Ya+sq#dF{3mbNbhu}`fMq*Cvh!J7MTf)Y?>eWG(2&we=s)%^UFMl#V zJQ4^n(il@$Ly2yj*F~Jv;=88=^RzWl@SER&U*tiZ1{o$?I6)+7ikg~Mn3Fh0cV_x- zk)ZQtI5%xpcfjQOtQfi>-8%5AnV3vo$NIclUa$$p&_JWgmv;y(!Dp03hR>V%OVdIN zk4VkgekjMG#tThzwNz~czp~nALT}>hv%TP+5z~pYQHkGJj$8oGCBt*u5kJatU`6(H-2`$ zh^OAu-f9__y0kk<*>mZ*0^c)l1>lC;Qy-D4SRC28Zeyq6 zm#!Ddjy83D@P1`D^Urg1zD1s~G&Qy&bB6veI#VMD^NN>2JOUQcI`)(|f(!&Z*a)Lq zmq(fg8*2xZ)h75J31QJnrcg@Hr^PCFCD|ClsMgIS?!enx+5pnGhF9bAiF?DmJ_c_% zq*Y((vRiQOea|DJW4(*95G`D^c2o`B?M+TP9=klxjSsG!8GMCC+?}f17=yB*YaBjG zFDTG6slgbKD`iX_(N)mf4J0(-DgtXuf=50iiBdNb@IhHIl5h)}F9ob_IX~tlYdikD z6*9Y&vntq7{f7)dl)c-<@~`O&1~Ur=FP8*idkDl?-h{}ri8gJZj+nHX=!7<1e+y4} z_##a_9bv0|#ec&)Wy(F(5;q+eg$>2zhowSV_SqOhmtvQBV^M(PiicDu*|d-J6`x=W zh{+|)is@s%l67ykh>%~$MZvRiNoO2<0>K0LCn7|&3sVriGcfa$(0WQMDy3xxPHC<; zSsCUPywyZioF;x6J`Fn_cjhll-FB-hGnrGP%-Tb1&y=DIydq_Z;dzsH6=Bz`u3<~cAVatC;z8=1Xh zrZZ5pMGKJhK>Gph+)@gEo0c31(JXsT@4g8x!S^bk6w;W<0fa^V8F-2&>F^0gXK%*+ zv=I(mB>0&Ve3(0<>}i8Ka~}%I&=}ubj75TmEK(&JPxE;F%G7FA4U0b8Dj6+2VAaAm zQj(eIG*6Z+V{j?$?8)~6P<)>(y&?!?gy3Q&zW!ysCrFjko?W=8}O9 z<^DV>h%~uKHiUoM$o=N=iSmskVT5##Z=oIb1FYe0PXfbOoNY*b?opzZYVvnU%8!Ay zQf<4K$!WIynSQaI=u#kMHF*jflKGDjU@5uB^mSmJ6wJSkFt~oXOuuTUdxet zg7P3`i8B{%yrruY5;AeHOekb0n9*1`!~pIgqlc*gym#9Z=@49f_kui_(^t)ymsH2F zT7et{Va>1CdiKCX>^On5d9(Sje+K9pt@n?zn;pIzn{hB^B5=6I7GQtL;L*`>5 zj{6;a9+hR^47%Q2-g=VxI;`XyVQf8dMpz_eHG9T1xX6;iC=D*eE!LITz-gzG`P&fh zV?t>~B4!P36jj|6SU@toWKH5br-xL^Q$8vj8!1gPo3Aqi?V+};Bgcnv$q=SVgAJF{9AyOWT|5vIMdLB(v+ZMoRs##H2GGqL}n{r@JdQK5rV@F^)h{C1M`<;%%80|fLU%9dX8SuC< zA9%d*?DAia&zjo(470>U6w=Ndf9JAU3tckA6qLMlj#@I4`4F(ctbfN{`ODH-&F8<| zwgfD-fm>=?PQ!0|bGi00%X4`zH5C|}SAD_$xdbE)`u0bCLUO{&;!bWKJD%@cVtM52?A_j}%uC`;4c!?+eKaC<_WQL6_l zFhbgKa`ekT#xC`dYw(qgwJH}pIw<)YFx}C^K}L!LO!(FEuC3lbUY!q7v9& zdD(Sc>DvMJ;z^E8Kd^^`9*o=3?7^eW?HZ@doBRa8pplfv$=1o(8F_t;$I(*KW}Fwh z-$dPFmh%;&v?qCC(Vw}VJZNz>PVoB`cwO^IuIkdPhC8YC-mM#lWdsv!xIPB<~v`l9m40$x3RU=;AKa=DF4~*7GwdVza+` zC^61Q7mE>y)g^<_Wg$kh;D%XnlN7YfEzW7+6pIX9EZ(q2vW|DFH@E%FU2tVqQMs!P z*h^J(b7E1U6>yjf;=Dy9hhA4Q;6d#a7Vy`f=t}Qj=n7TYG38))>S_Buj*Rsx#|lDD zfnhc0hA2XrM_A@Fp~oG#1KK^DYHUh|7Qn+@!ywDEynm|NL>|+kA|b30OSeBKY;-TC zRWYG{QO|?cYXWN(!^}Udl9P;Nfm_ALJ}6WAQ`HB>9(j-`Lu{0X5@u(DShTA>E^>k< zIej=2U{IEZ6~^>Z5zkQtc~A@@4gHo_1!M74CHRqWrsm!%FKVd9e~tf_nUDP9)qIGS z-+pfizdR4^*EhNz#{Y;WYYMA$uw#8sW;`l-mmOUmP45|=kMxzT3#YyrB0Iw=voV>= z`vD`0B97!b0cL;LvxG$NxXi zg(Ks5|JB1gS;Re_LtMW$>)o*srGl+JN9G8!i_%WaUwhhH?3+t|%R93vCI+-#WyXC} zTu#Dp#OL<<#`aK=3rfSLo-rq@GAFK5Q57t=xDTLgN#_s4Zhr@vv(BYIZ0Cg*`x0p< z=IQ0`X`V6tzo3i0)PYQCgPG6^!n_CqpPH-LrY$ZFbo5RD_3(!YPZ_QDE+10wG$d{) zXEl`zU%x^d+@LRd^y4hI2=^akK4nO4HPlAq{CQMt3Eo0jw%<&M2EmpEcVYL+kyH!T zmw(C8mg}*=p#{+il8wtBHx>bSvQP&*tSr)?)qL%4C9ZgAf}!mdYXiyL;!`N6hVz;V__6b@?wBG76`)*LvYwp|{gal3)nGuL^`# zkN!Asdm@3lUdlp-z@tVg`2D|>zp#Hloxns+NgfAOfcxY5?QdDH>F%uw`mCSuem~h? z44Tpwuo#IU*OQ`CMTzjCl7pO)LVArnaI=hzo|D-xeWDS7SVA(4(kqf2BQ?$Es;eXc zx3RkcsBw5x+dB#jF>} zTC|beTOSOQ4)b$4@00~JMT<2sJ*NcrCz6(bybJbDiA>+@lEGIjEs{?LWtb5xu<{T5 z+qJ4!;erp%NxwVak2&*+CeQb-J?yXfef`NG`EA&KIT3~K6&!|>-+Rw2w(XNwxT~Cq zW%Hvg&m^W5s0~?l0%FCE7}f*16WNT(n{M5Yi);5JdRzcQyb6R7zIn;Zku1R_>Iujm zdt~Xqmz2k64M2{;w8!naVGo*JI+2)`$|`PQSjw|Cu(= z=WKU-t}XARb|a;YGK8wFDF~YpO&E$hS4%@N5$o`(QxHs?U@BdinL-HcPBgEpDH^?m zl^!U02)JWOo)tIvkNr0nd`&NZuyN!{hrLB-O;#MB<1;%FO{9yyr40juqAr_AjZ-s8}e91*1fPP*%f8sg4F}=mmHPa+P~j;TjMZj0JUhZ9f;2F(<7X_M{erz5r^UQX_b#b0GX!Q94@ zs;)qL%mhg(t#_6dadTdv^#v{a1-3TQe|6oRCCgIZ)(&nz0Zr4Q4CBSHcV5n~R`;WfB(!rkShG0Q-q%Pz95rF|^5;BNyJM}-1w zh3lcdg=1%$Hx+QzfLGLZ^dl`i%{#U^y0t!-`i7M3T~&kGBEmk|Mn`^t8<%?9b6s*^ zDUBNE{r!MXP1?h<@k?1L!lm|9c@NBYoxu{EH2aNZgo zf-$34N4DLxzc^-9pOEPiPwhzy3H1GIm6;M<1}zEdnr#h}a%>t~gET6MlUCDLwZm%U*P;stO|_q9|z`P9{y zaD1{R_6TrZ15ly})bVC>r%cWKsDb-5>9OCR>Dt8fzIMptF{lVRD^s2+Wsu~}uY~TV zw#d_;w+1^9TE~YC+)8Q1(-F7b6B1I}IB?U_>MiR6WxfqYEK^A5*6gsELELli+pacV z#WJtvEY|hpQ=`ZWm?TVooDVLul{U3~R`piAbEL`7KbK=fnx0Gz33-nG%%RKudoAts zv%i&90E#d>@m=X-Ht=9!4o5J(#9X`+Hafb8L<8K%}(XKJ{_CV8kwjm z(mz6HnUyX$O%tWL(%0a#e*9HB|8!MS*U}}?)k}hgQ%}?E+ho`7p*EHK#aEB<`jHUY z!q?AtWt4XGY~k1tbEPKBpp&{6-kgdr79Ef(dab!S+~$8&eAJ`@klA)+X=n{+Sce=QPZ_ykp3y)UEJnm2Lc%?;w#hZT)X z2Gc?;*M2}vT(bX)?yh@N2m7gsonPvK4tCytbn74~IDT{(XxB(o$obwa9UU=a)_qap z{G6H1MM8RV)%d+QsizLMr(H0;ZS}9IX9-$f{A~7-Xp242=C8BY(m!ZKF>)#88T1Kz zCMPkWwqfnq{AR2!Ap4%oTbs)J&X|A6CE;1!*?0a{KNRR<7gd}= zc!6Ir+dQD1g%nSoi8tG_nBCca79?nQZ4CLrz`UW;J6b#SY# z`8e#7{4Bxzjz_ljj5q8F=?ZL7i);*py$`Izyvc}@hm;?!i`^~>6!C%M^6);6I5@?v|x@W))whvpJ(_wP28*aOl%NJ zdu8Wp8`y0a?z=H^}oVS!xF#BH2tj?QAz)CP>LUnk!ha2 zQDtnL`tg-YuX66m(}&}!x$R^AzgU-A<@^B?rJWVn^4lts{p*YA_uDTI`@CH5<=(Dg zukMgaJ*$H?`2izEot|yh`|>)gVp%&9Fu{MXX~QM%*bQyI!58WnX6mfH**#e7IuG-d z8`RHw9i?OzO)Q3%=5Ty&#Q7Lii-65~A6Q4tzggccf*i!`XpvYPETQ!z6w9qsdan-C zI@#?Z?|V@2i;RZ>Ws?4BdzUuf5V=SSiX~qC&i~6!(TCu!;FV@`qiGv@Vt}M$0I@sw z*>T%`42@IAtdoL2T)*Rl2_XD8bd9$3osm_UvMFNTi4PbcAWxRQAypMPU^@{I!Axx`_?4csg962rGm8JoD2qqmtGi(f%;SjiFD9*(#|sJfL_)B1NpNw_4L@B zMdu$wf0#Hj9v)UmrlACbFIm%xK%6N`KVKGQSMFMix)Lu4%GHDfes!JTyGr#PQ(#26 zANj5=A!PrlOC1?4MItvb(I?>X@w`lj7!QE=CT<=Qiki~m2KI~vM z)B2n6f>Kdu2RkKD}@$CWW6palI7%4JIu8Hk4zUV7m4 z)zD;N^fIc`VK}&VHUGx%Lohv%ukKfy#iX$;HEnF|#OQ~$eK{hLkX@239_m%x%}z>T ztakl?){-dKm^P8e2p^IQ&$(=@dXWa#qB;c~sQsUEf>N(t2Ylb1zt>zD$%rFIo1#ww zdDRYPUU1~h0TRGq>PNTt!bkA{ZtV$8z2E=rW6PtGOSMV}gjO6SO2`%W%SAGwYQhTn-+nie1U{TNWGOxO5@ETikDl$PKyp|3Lac{`r1)VYOKs% ztpoA%vrTr#CwSPiYWv;=-a$2LFhH4dO1LP6wXMz=s{LBG)hE}S2mfDP(Vq~Zo(wOq zii!$A+@qe%E-nlpGP>Pmt|U(87ameMw<941`6QQMs#8q_w6`A52ub#p~CoyeTKU_I#{yp4h0}$mBwSMg#SKT18<*3sS zp~s&|E(ZVO`)`5HNE&xisYval?LxY54n0V7;{* zJrr{)sD$!2IBV`nqr8?K!LMRN0;jFUWW_VN1Leq! zEmD>{SvQ(CQREM)+ThThz)jSwC-}o1=c1~JGn=hO99bl3arKi)u9bleeV~k6T92nl~ zV|K|xeSviPK+4ubb920Sr`q>h;p%f+F6@~HM==KeI9WJxki=QcD!Pw%ygX8LW$?!?iR z&i?r4t%VCT6GpX$tvTGt*;UJ%JYva+vO_-iyU6HSlt%3D9ZJOX*x%e>-%iq08HsDK zf!8XfWF$2dq;Z&0w%c7l$hUi!dZ@9e#rO`J|?*c#+$oGfe(1=V53P_ekOj`)1k?RgK;d}?4< z!fCYFM|jb--X~Jyt{Z=v<^e$n9w7jm)Qxh^7DBNhj0l&y(zel0C!sp1eGFWD|12mb zH%q%VneVJ_9{Mc~s7u|U&o?h+TsdDXxQQ(qOSK$^|hu7jgJ2u zrfQ5WxhosAtv#1-*pAl>$;8zkmexrX76xzD#n2yO5Oo{QtmnUv)B7RdP;bxgPF!Zf ze+8;2Gp(<-33d&7Ha&f_t*bPRh{RCXHBS{I1&W{+tUQcBiR)r)B%U*`j7L8jae&so zeNDSoATdUdUc4DchX~H%z_k;h6m8OkAK=F1R@9G?>LLYc5y4*XnB$WNS7?Ggt1CBI zp$BylSO%QRhlls^Uh9H&q~L&_wOKiA!(t&P&LHR5Iq>`kIbQ6W2unVj0=x9o7V}{2 z5~xgrAO$*d+f;}GZn3j+>6oS|LFBniIj>5Mt>I@SnEz@YVl4gH5q=&|ryxL6nzo_V zp9=(ymz%g;+1LCEOAF3d#2qvZ9B@J6Jbd1!?<(-3{Tvf37Uq<8x!@o=KX+ zU=^2K5oup0R0f@Ie%$t~g%s=&*!HT!U8J4Y?C*0Ad{91meW0&rAb|}h!>J0*ul9ED zvk(aT_J=sczt}U%F{FnQUcsd@^Z>txR8FsG-BMr5a_Dva! zFlzcFk=PXSva~s*0m5)_1L4@n9_fh7^6IRb3J5qzVXpMe$6Iqia4oRA!Nf0i_E*De zQo|t*_>2_%m7pV+Br2*a;&d8bD*_vtAxxQbRy<;F?$G0@V^eIkh3w#hyg2AtXv0{! zBt$m2Z0{mDXL;#Pv0&f9_SeViX#kmT2bLEXK?u`|By~Dh-e^VQ+hHt4UJi1P?Sirf z2QE9|WVMKx7To!Tcuui3yz6#}U=rC~9MVRM>1sHa`lJmDF2?f(gJ_0)Q!RwUQoK1$ zCs$(D^W&W1e7h#1RaF?J)77yOgs{m<`cgoWqSDi5y7KHjuY+(|NLa?8ePEHGkANVp zNRp;2d?f=oJ9^C;<7dIn6F^Wu#Q1FN>^ET6bobZ~M(}~@GhDRl*rhS#7EN{ggW(Y_ zv>hr*8abBL@s_Qf7H_=IfVL9mx}s7oz>GlAx@5Zj=xFW?y_q?eHL*@>US>#lGvPJV zY1HhC!HkBMnLN>Pz!k-5pUg_1qBiD|Woke8;O;Rfr!_myB*7b9w=SP_DrhHO!kA8u z!CYmFw*RVVpHy!%S2D|}T799*HuqFo1nMheUPF!ca4vbK*`t;+WKec9cKOFdO0WsA z94=giowf#-?!>ymDEVP=Ezqll1jLpVYKLisik!^hA!I1q=MRZ7lfNrpxp{{!I45W}eCSvUC}mSygd<0B)xkl;*Wg633^0 z#?vMTp}8jtCWuMr;#N$R@sq&sj!$J`=oj*GjE#TYCgA4f}S z)6wY;&g;{(iOTJ~bRfmK6G6ZSz|iGyR_pjvb0$7kmY$vlJcO}tI<%ymH(g5?DZD?! zl}mOmh-cQB>G8J(gYAVA&ITY_X}c3aE=^>VwK`haMKb%8bsP92+zqSMjVGnw+6#j1 zn7g(2pFl)L5`8V5g>R3yD{A+)-0yChQKUjP~3Rju03Q?Z~T;L zZ!X}{uH*pri){ID%aIG<%=$!o-)EOUjp_E>gE81Bm4=j}XYhlTTLrWt`Wugj6fzXyGz^;Z8Ak?PulwNko zOn&SUQ->*@(433&I$gWv;l-TG!u>fISBz~_m4(_vH}P=OG_hse&Lz~J81%_yzh55Qh0!ARat?{aMu}og#>=zSRYnRgjJUs_bX5w~kOYH+kj1G5 zXapBXWARr}ygwapK3$`OT`xLoFdlaLy*vbn)tI+j+ZK4!m%FDxSZN(xCz+X1EQr-( zY8B!8=K(IMbAO{~ZU=!fzC?y9_dZP=LGKrC(8ZEw=$XW|#pFU(#tHL*+>wl+0nM%v z)xxOX+qOrkvG6)zbuM%^NfIDJi#3~n4dfi2Mc7+i`y)k!3}$u#$$S1P^S?;H^Rh!b zYaEx~dc#gn^8xr(G8ID5K|Q(xGym4J^rE2-jJ~C$_8ueXALjb66IG7rU<*N%vqGAx zU=?&};HBbg!XG0;I=t_7566&;!iAZC5f1D#!fjnkw@xUkJ!Rcp|1l3vMokLOthsRw zx8r_?_r3B%~r)LkUj`J{-x?DoM>QdxKv|^TO+BcH$fokPxDJkS)rq z*1PnV3mM?2%SAm9B|K+MOUJYNm;cf+oSI}WrB6pczLon0fY{xBU)*SVul#^)QX7`Y z7qSa+e5b5%lc_6=BYaVwJ)C8N>&ZB`wkk}A50X3YYh1sU*=?svKs3>UaAm9>X`a41 zk1-eI%ef(V_lH>6El;~YnwsQ4OZ5BK$=V$xPDFijKadaMuYzhcwJXiHT4SzzOc6$} zkI%D0>gk;7WJ#aw^LeWu(b}lL@F7VkxvT3l6UD~Tr`l@LLOhBovA+Tslcx*QC=lqA6f?qJoFuNQT4J{xY;DxbV#-p2e|droVR_H;0wnwPy(byruIA~1 zqWJgp4fYad$TP~bL&P)704jUy0E8n7AsgrEO`pGQhl4HKGSP%)@vPr|nF01W^*g)% zH{mL_NdJiu2ZB%1#PGhmonG`H@j-Q*~9Jp5VOma|bhh zVOAK7-|8VZU}|@dNqTBJ*`i4QK+0d^9r!jmpo6V@Ss%RB3}Sz`yynky7a@ecur7Ox zYY#}8p}D=##wR7LMLm^4j%|zPS1mQ^S;FwLeRSxPL&VT(s|pA-sLGY81U6XnkvZr) zAw=lLb0eBNyjM$I6$XLIVOuCi*c3)7>Gb*AJjlqs0(&riK<`cYwX20;P<+!DzH!fX zzO&H9CLet;FnU)f$1RskB`h3_qr>L8T~3JIJUMAmKj)NL=iAPv`|=p(OZHY3BZ}$O z)5`Ac+S;?Px+=J{%d#xF@KMuozq&D|Cr$NTn>fKHYh2rNV#o(rSz(LY<>FZ-#x4H7pPBFumD^srL4$cNSV z_nz(*SlVH)J&YLm4Fr9$u(7rl47Q{=W$JDu0+y^~pYb=_2YHuq=kvHg+L-fB70_%~*?9ko`@QySFHNvQ9Kp@-(Z-$p zTVLah0e^d%pjwkbAnerS7iZ`G=e_eM{7x8Q{#LG&ER4Ib6$9Xl+>6q6*PgQQ;CnpW^g8J$U3lXh;KTe+613!?H`e-~ zK;w_;H-WXL!(-315HD!|SBmI)yhfd@>eo+(v*7-zrnU=JZ+RynbVa{G zGT?{^Xt$a|UY7*t8S~n2u`re+NVlO&rp`O*}8~18VQG3{8*IpMNhN%#4i_3jXji`OV9U`Oz6Y7-K=A-l zIegpLgHYGO$)TlmkXuhck(s=q+m3MUB#Rl3qTDoMYzbpzI$j);bDRjJ1PW_U=Zjj+ zlA;HcW#7GJLxpq{>9nCRYPAE;Us}Q1LXXmq{sYFD23+ibztHsZuC>_ zcK!v@intz=9A3M0P!Y3RHTvNM?Lu+>$%)clx=Bb~7n34^q@ zHed=pN3tgZi3^4qM}+OI<9_H4>mj5QmhhdsJveKg*uT!g`;JgPv>3hnxy(YeE`jR1Wv9Dzo7}l6aL$b_=IDWl!C-f~ z9tcLm2FQUNAX8L)qY;iT_!OdHJT|7cy5R%{M18uh*da56sD$OgKLYl~`kvmEk?F73 z5xKVg?b3hwPiO*MX?r*4$B~=In8o_pD3WNy9t-7HdK=8ewB3tKy7<(z4yL5L#| zhjW;>IP(hTcv~#^X-bjs9$@Dz#M{&kD~i4JbTJj={8`StpZoAN-2~XVu>xAv|NgCx ze(w%`t5L?xz)fub5ti%<7>(t;$W$KF@ufEo=R_ZusDG%)+DgZQBT5T<=V(ipB1Q$n(^K6|a0pBVB=wV)uOJ>#vV;Glwl9xs^4i+9 z_HtAZha*!Zg3_uWlW37JAEk(jGKkEO2&l+BM8Zrc3RIC$wTK83Q2`Z63_~CUNC6>L zhA0R@5(pR|LI?o@fg~ik8?f#9?svc6{pZ|&A@BR{cfWhDwf0)i^Q;djg3M>W+Nbna z*E5O5`U2gfTZ$_#H@{v;co|N*^okhJ?~NfR^Z!YQLCTNe42j8aq%dN{+SpRPT_UH? zW?g5s6Vs@i$^AMT(oeXaAG;+cDZR+>r(Gg>L?)%ozzURFPxKj0#_ENh`^OQbKS~1% zRJz(}ta}-~+_cx!a?F@_0c$c5ui3Vh??v(jCniZqmX`0(iku?(TWT!uylW_+7OHs@RMt7lw8rd()f+h#>ggW8yMKMvH4@Sd%9Hl<6d*=@+*{kByc3 z-EJJSm#a-ukKudaeaGi29+4kkhP4pfEz=)-*E+y#`Vx1}Xf3_IVML(uWJIk`TKG&Lx0u{`(DVO#`P68x*xi|A7k19zL<09obY~&*QW&M!_0P3paG#aD?pun zs4PXA7BEpVIB52Zqv?IhS{)a3p0OAmcri4ir__AnPRK*gpAXIO<_BlpOC4?nhNPDQ z()$xHtGwhUc=Oz&qR44Qg!vC#d&vrLtM)Z>9)W|4H`b5$v)^b#k%wy4Z)NkjXVRZM zd!1`_+T9nFhl}$Pa?)5+E^+DcmV^M2Q!cdR)A`zVL>Nz@i8ydDIQA z=t6ZBe1I_;Yg7)Cqx7HfIUOX!GxO6vaY4cZe0ZcZ?LH6`#0|&7noxFo)>8EwQt9U- zr!R!7%3r-l{(K|_n`jp1JTiFbH)ACT1$oSDz%8=#c3|22nIvg6PH~$qw5dt2=%=li z)9n{bQP)AK2Xm=0dfQP+2YNNH2oi+bbf8GUC@eDLWSzAs)@e9qnAD~PKMn~Zi zY4yl%@Xq%6(<1Hl#7k;o@km_t@-wfQn{}f>4cvn|>pvX{aEi3>ncPD8Rwg>PHlz)8 zyVgy{260^VdI~7j@#Oy{EAsz@XRhDwzoapvrv3|J^U2S`^?8Vc%A;LkeGeyEHWrEn zYgS{=`L8+3I4Gue1gb(l6K^$y;D%3H%A?_qVCy3m=dX^p9;W5h+*NXd!w>M<7HYPu4H*+K(KRo~#limY2j>jCY6T{Hfkm0~^}%PdViG(W%K?VhPF zf1!i==2&L(OwyBR25MhNi-+hM>&!iWkLP9w(qDRPD7b*lXc@)&yWu`>p`3N*)gyHk(7W1% zx*FFRoNT^{RJn|%ydpYwsQ;A17YvH@&$U;GvyeyMTuft?Z0?URQL4L}7SOc(5!O&Z zKLowM1UJ|i9>n7ZdlSnxsJ0DS@?+oZLgz^`0}|f`->JQ)v#|b_7V=rR@W7`db#4oT5?Zo`4_K;xo<0qID`7Xe4(KS{kGQ!-{NebjubSNq6L9gO9A&xM z*C?=0)O2R&EC|39>5wx396G*AC(~p zUZ(#*vJ%9`x(uZpHi+}?V%`U`0_4xei!jN$U5JB&*W@Umm2GQ%3G!a!OG`^-jlU3v z+y(;O)wl}r`C)XiI>w$~i^3w!WsCPNosqbL~xv zo+?IFtO|Yf`g|uH+5YFM-4K5KKeT7o_u&6j4w&2de-r`yF|@ogfJc;6EiZOdvDPA!>x)m# zBCje!SfD0CBc|uHqNOb{$cRdABctqSdtpQ^0 zMgOtqnjtidN8I$W85qaPq)GKy1#Htfe{1_)1-igAfIZzu)-_(`XkHlOYdLj;k`nUF7t1>VZ$S z5~P)os8GBd&s?Hn08z-*ZHe9s_1#sVYHO=Dfz zhhrL`Ux;~ZHXp-+v?Xt)R3+@G{>3r5Kc(qKV|((t)om!-qzx^7t2A?Wqig@*F?XPH zB*;UZF#NzEkH8er1z?E>?4I}`zW!)_)>O=U|H}@Dhw|tU%DRCX>9!ankJdT4jNGJ; z$^TOPpc*&gQAM6*14EH4O9Rnrdpv!*_tnS)dGP~P2u|;CsYt-dN&`UacK-uwuk?H3 zsyDTCzHeb`a>sBmw|4t(fx9aM%*<=Su4uFh+@)(j_%RTUrHudKdyLF)GZSRt{ip$Jw~!kN+7hS9}~?y}*IcMT15(3dy> z>$#k_(s0AdVNkk*qPF_h%eR3a2ALLPIlGg9JPc!ZaqMlsnFP>OMT~nS<1%#-7u+~q zncTqSCagvLk%F5F=yCOG9wI<6xUp4nA-!?tAJSiih1$@jlGj!Sl+S~6wbO<}glnC; z1bd9Yj9qUm1NMjHlW18d;4e+3w3n=(ZJZpN=eig!KVMu9In=B5k(hI@U|b#@vHw+e zSzgE4Od`tc94y$0OdegVi1DoP)w@U?{6+2$2?y3}#4Excw5!KNaf#Be39y_q%~8Ke zy`$38+$XkRlbp4O;D1zFD{}>5fXLC}7)6(FwIbZ|%!_}xWQ6J^MN7>l@8t&BMFWP# z(a9(Uim;M=nIvTGu{No;?4G-f8uDf(1!irIqU$Pb6>8ZQQs)+n;p^}(o*s6*0;om% z#*ognu(Q(d57f@b7j?Qbq?NFKN{!dQ&MeiKwJ)q}_FPDOiee?`T_TW60aa7->ou5& zAWr^)9&Yg1SeXxm=I_(4!`jU1d`#|IVQ|iL;AK{z1WBAbusC*d zJ~9B65+Q8xjXr7$Fw()D^zKCfUYYEgo6C-~Nm!gfI!M?VO`W29iMJ{er1Ch-Qoc0) zSeXspXvnj4NLn*(^imgUWgW|P2p7ciC_?x#Yo+7%w%2zTYi7lm%_R2l{Pvt}r>R1( zaA`aoCT}ptsS$Q;g6IiVA@ZTx6>J8lq{i7Qg)aB(ap_^t7|Z7~@KLC0wZO329L{eI zsiLv!2V>&O+2j6_xEs`P-|f-3@d;D&;ZTgBmpHG0ZOQN1B0fX4UR`vlwZ$V3goqsq zDh07UdEBuGGsD{QaFgLw2XQ6m9|%9Vsh=#!XjBySYUoGaqV4TCzO~Aam6)4i`tCDL zC_lhcy&FH7Gx|Q$-#kjQZKF+kXA?#0!1g<=KRY&2nt;kObH%9(`(2z0h!9o{@x^YtBb2HpO;g#68e~~p+s%{$ zEYG*cq~OAlX|2ydL!6K$MJwd z1}HK1`)X$roI;p&{W*5i9j4rl@K51EiWLLG^Y;?g86p&KCykfwUM<$4Lv3!Wj|1emNEK3MhV{jq$F0X zhb^_GBT&X;Y@MGK<5^L}LxM|UYhBY2qIHu>!wKu)TiQbPfjNFapcfnWIb-?R`wz_D zaTGxr% z+y1K^pLP|KCmU`E4{=eX-<3m^9};kzDkR>#*p~z3Is!txMIyWkct``ah|;0*N9>ij z4qWUzi7v(t0VcSr-*9bFgKUFEIqBw}2sJ~3J^d}yLnA!eQ4CaNS4Ps@nc<^vF)vmW zrwpI0cv=iiBMt*lg3JcX*J z19-Kx#mqxRyN5~(b1%y3VRLSzu)A5r4x|K<+fI&4Cc;X4h}t?40JU1iB?t`3%)9;4 zm>%j!*!HQ9-5oyMxw=zqTuKq2<%?OWk@hVnGaIhWOV$!Haq8e)UA=taJ@aspN>c{) za>NBVfg^)pP8F=07(Y@)*HoKU^OIjxV0@=n#y3PK4P~ z<2C64O4u}_vg;Mp>7mTyU%uS|PdisCvIB^|J+8)awCcy%@-VGC}LYve0T-iwN;XPA!cr^q4% ztBV^ET!YGGw-m)sj(xS0Zb}e4o1NiBLUv{g4M4*poA&-QJeaaz^1wd*-Yq06duqtI zAk9-#JQj|nsi*}{7o~#x%syJ!J%eiASircIk!iS_=)Ku@kOo#G~lx@gX4)D*M%v9y5jA1S-&{ zYMD%OWcRsR&u+f~xSvGd5q$`>hdF{CClF)2OsQGMD2EB3h=**yCIHazHbe+nYoXul zF~Dfsxx7qJ&`({@EYCIppuIWB27*k+>NZYY0y#p4k(}N0;&m_Da8S-}1f8D78YIVV z$_WNYWTHPueX0K=f_+FHJoIJWu zqjDr}L9`sl;r5mr>}dCAJ!yFmmzl=;2(V&nKaK-zH(irXCi|q2qPsx{gc(n16pD8Q zVhJg2Dkgcz=$x5PfBXF0Uv-3KUc($y+?NBPM@rrz3;@Z`5HL=L>Gl9f@wM*cPkP1*U^fMwT=0VEv zJFz_lF%qAzQI#G4Rx|HrsidzcZxXprh_D=(KDhSgnjkA?)2!uw={xz&{Q8b~(%3}G zfC2pCgW5+N$IGPNjjhWk^>$3_O^{O30P5+7 zlYaUtIiN0tJlK{uBZ11YCQSMk4L8%V%5m=kI+X7amfVdE8(Tt3YD^$F|EThlL|G6y z)7aSCJuAk`3?7X$q?lJ56{PK9k8|ut8>71AgNER^FbJJiPFxYK`InKS&XGPuzam4A zXC~bNqZg5ZR)L=!nl`^?VC#p9U*B1{yrd`#{n<}v+FHNb*BV`cw3*wlQtrR+fH=R7 zTw(JY53WWTAYVd@1E34Vm5y`9D9K6+e#Y-4j$&VuLm(&k*YCVJ z2}O;_`?93hu)SORtuS76I2Rg>bANF^Wi3RXHPV5$t4~OJkAK=~^6qH*jpwD%*9}JS zdS^`2@cWtJH233S#e2!Vg*5!pMb>izr>*J5hPrL-!{chWu5)XCWHEVZg|=vTie^`_ zHj>yRbA1-{%l*JXE> z*H_a%h7;jLB3G~qs*a(b{wBrBq}F75!U3}j7LIB;ti;>$0eAxw@x~{ zwqJYI$Bk`M=l&t}CsjXM$(FvKXt0jq7VUAHz4aM@kHqErV;6FsRt~)$a@u^0?4Pvf~30 zG@cZZ4`eQ6xnE=p_p8q{JM+ofkHBLY#7ea#_3fqn9P=?<3rJBNQdG~$rpLePjD19d0nSkQVekH%m-DEKm4=8_ z_50nQASH?fL9Lp5ILs`Y^@YG&!uKQ7L)D|0y)&-3-seoKSgUOr@dIWf=KXDpA_9k4n)_Qk)F$VT*U(vNVz?f<7C% zgG0^(&y6?%dCz|Ci}$)#dPSO6fuyPz!X2|*^CXTY+mj1t4B=xBBWT$=8XbOtZy{89 zQ}<3(m@MsDG8c|&?w9sRFHh_bR=2ZoD{!QRl?R!Gx{w^G87CN@kGd#xh|#`!6sH0B zZ<;A1ck390R4TyZr55~~J^i&%tDP`6NSjwy{qlw()X;cqEx$CsT@T% zK{kCPokNXX6K#?KxX!#Ezsx`;*)EZk^)f|{pKUePeoLK62FwGO!zd97O7zp$(!v~& zy+uI`1?%ha3J-{E-pZD-P*Bvp1ktnGzx+F<<}`PCKTR#5Y-sG zgfdt+qArQ6Hxj!aG%2CV=#u>HBZ~|33)d1>>1)JiNb?bwNohh~@xVZdcpYkq85Ao+ zhJKSi262Kimb><>?QA|k41WcFtd;bms zURXB(D%U4ugotPgl!cy@(wuyL*wSt_8vBP3R)q%T;h!2{R%Tzne_eP&=U+S|diBkshXSc#48&f?gIV3#%=EJqKhPN|!SFvSQ!n6sdmBEYO)LRm zga(>lctWRcWwb75&KYbEyCPX=;drOlzh>6pf9qT1>8U7I@y;#S_Oun&6lJQ55SOin zr=om{kwrLD4NS&*EcSb=5EQ;z;O9*5#mnou*KNl2sX$1CG8|jM@YBY(9Q*T!JqdRt zK3PqXyC_F={#W;3zFe*JsUDd9O;v-QD@0D(Px*q4vMrwS2nKUP3A7BlMX7%Bhnwzg z9a`oJBX*u|MvFlF%deV2?r6v)7zJ}`C zCe?V~i!X;}kp1$0M6JHplBu~p@>83(z68$}9!-oGZ}?7}@)OhFoFzThFCMhu?V>q! zZQE|4q51I7iH}cBW4(D6XQXnb|JFql18ByHUbp7C^LibDl-_{1bqRQn=t;!YSkkW^ z>(4~TK7DKf9(jx)@8_rQ)6+$-{N2n*sa61y-Hw)hp8Mlk5-}w+z@!0bdY?mS81A>w z@QvImF89#gq?rQ%$!p2|kx>h`X1uC`qs_j9D$V!hsxIUAt(fX-Uy?rpN>3}&^Wz7l zf-_)E-{#(k3RC@ONUeGK!@Q7o^_;dV>OkwbtZ|3R#J*aC%y^5+I@cMvFs_pp!3h6Q z*277xz~unXbOV)#+Y0y{Nuk)A$7ggtI@m{*`_XHpU9`5g z6=*K|)q=1Tf4e^?qR+yepf0GHyT-yAB}M=BWp}AU;Esm*pX~@cR1{FXw92*&4iy-QQt`Z!%zq%GGTci@=I%mg85_U7#LQ|^ zK5!N9Q2KT;rhKp4C-U%TpO=r=xyJP$$c&~+MDG!FcYi~nVi>NXZ-OC7=4OC zz=v=zh$G#;l3jloOS&)d5k>Vq9E9*LmTkeaBR$(?8uW2^yiczS1^G^f-Lsx2v!k)S9A5D?Hd`>jUH+RRQQA5vbPyW$G+%~?bl;i%_w)JSnyBw0=+V;o3k|&q+?kf@0!)No3 za2!RyoiBF!z^g(T2AR7*dTZf#Y-n0VqRW;!{isDsU^;fmt7 zP?D`ML}Nr}ef{$x?5@Yp2&c}6TOWkq z*ivd+fuCgbUdnI!P2mt_F+w}^>{4z4Srql-7i&$-^h2eMfkyyHfgD9j(F>p;*r zvHD%PNasTO_X@#6>88=f1szf~6?FSDwNe)kF4K~)fbh~FHz()$Tnyde{qpd&^vv`y6L+g+K?CQ#JbR*1)-)6rt=-apMAix~-#hjRL!rky>0`J>x~0RwcX>ePJO zX#UK}b4<7KSc!$@aXIQ0uPgg_( zy43~Vc>$W?M}po)QB|CehD-%d#@$Of3o)mD_m=_qMgiU7-|B^r@P6@VUQt#EYXA7g zHmmR<@_b4U72+MKm#s@MC*0#PouKqX@AZJMI|Rjcd1lWqPxKSA5G2xe`_?2q3M@P% z#o{wYm0t0R0%e}Ft;{Xk->P<~D4fw7UYI!=cLR?LjGErIJHm{2ozs6A)X-KfP--Us zBH)TCosMYPZn9jfdn)Vm?_P6Sj9Hv^Xkmr&Hz(ACM)#sG_pogf14gyrznZ;7u}xIN z#wJRT5LY+(Gd8FU-_qns*$TiF#KU-qAQE3)(h!ameu?R;lV+^@Awz4y>!Q0$(THE; z!@?jo1tmzAkYtOc%7n%m0(}eOwX1fgZ-D^-yBD%O&EFEE{J@>hQmbeI z$7YuVlLpfQcmrT@`0k)L34#c1_(wl{iVg45>pv5yZHD&L>B*)~)OuDEqc3KJm7{$_ zNWL$T5VSoKX0{2vREgUc!WrND*9QX@`kVE@C^%WU>z^6f#UEM2V>eSlQpVm?y42R7OP!TPNpfGw1Fl0-aMU@VZX= zw~{juvLh)&NGl5wGR`OUk6^fSd_G1355!6S%iXYY6a#CCy39*(vIY!-vGSI@9Oyun zv|4w4z7d-n{$z`(nxIHqN1TK?I*TDW} z6<7tnR6tvUR$h}dpdtc}$0@gP)t)~}CAC28q%5>aV)cn&2AT?4qNJ-Wgn)K*^z|sc z2_S{GMC5Mk5^Ln}$d)<$0-l5QrQvcwR`bWEEYB=-6?BbK98g=^jbqU6M5SPwOp}*d7ZwrfCWg@s zyg4X#1ghD(oteB#ArLgu0TN6?3q^jcIA+cWyXoKA4D$g0-HTE%5aBkys|a1g`kc0P L_z8RBV%q-(5R1d(1NO0NnkohZFWs?=79rfd=$Hs%wGsk|PuG0ow{C&1j{R48Sct~8I!s6P}(&l#7 zarh||g#$=&TiFNBQ{Mn0hhd7#hk9;6I{W5!R3d3_GSVxpV!t~2KrNW@14>;tb6tejhZ-|fI{w>Lw1;-?a=}NFYI6NWdiA{ zU+_`tjKQ1h6bNSw6b0OcB4c87|HBW^_RpT6UWIjcKaA@*`&$K2v^Kl$(aU77B?0 zHC{z7w09^%$OjFIW&ySPx`$~P7C5x2AHlbK)IsCyn;+CYmCr*i-j>qW?1eVoa0-k| zU{MAw7(A`Z14gdSe*IB0DnRo-iR=iMf|@%mm{v>D4|~fD;4xS1EEcC?omV_gJ%Exw z75f1n7C~&c4fVmeYs)J}lJC(w#hKr&_4X87M{X&x@j=VpZ3pxxHRUKHP%6pW%d;f% zmL{r`pKm4v!vu%EY(? zD(GZv_v4HmVfDrFP36`F0janD!u!Jw@&F=g{50@vnQARKV|Ioe9-J>A$Ho6e%8Sj6 z<&R}KtpR&jadA(dNgYPxyz5Ilb!|hdNxB42pP$}0hL^zV`{eyyPgL2?iqe$D1P}#w zKD-;b)8mw6v3yO@Xm}YjJZnbw>s|L2hS*LVP3-A&AKxdQDiJNg!C&1NXQ0?kcGqaW zyT#m@t_#Tv2=9-VL_W1CsfdWGwJVr3%utMqsJ9$OyoRKnMQXHoUd_knUeP2zk}l8i zJlOU)pN+bh6I3x~yDJAX&oNUoUN@88kIn*_{Q7ofn!n8wgW(aIYkXh)c}v>_lf;fL zbNC7}I(aD~J%DMx;l<}H?C4-k$8yzPg60`YJM6GRPmcs+o!317RI*)`>|c9)2vlUe zTJFq_6+Iz1o=ReVu`RR=q236m$_y(A$3PXwbB<*>j|xAG+@h(pGV|!%@jW%f zmwHYXA5{7N$L3Lig@>5rj0?@uCXS%vu7h$vcPnw+vSB?SVI7Ht$7DHK;-GiEFf-?w zS@CtuES%(I^=tOnz6u_bywZ4!u@BPQ*D@cGv@N^8>N(k5V=;*7a_kF1J@S-Kweo+a zQ0;b2+NS=3;B=$FCnasrhfmlMjP03rxsx@gTkAQmi$iSjgBlJJh2&k(yV*9FRrYwZ z0GTa)YTLu}@b>j(qcIB?!Se_19;3r#Mo0vZb7%ERU~HgR8$`19*TAr>CuFf7AeQ306D{xbePl5A2sIbJWmyY3CZC$&*x8h{6TVD^V9}>Z1S* zrT)~f!xw}J`F-|c_rEmm4Y%-T)sN769WouxDbyK{(yeeE{g)C5bl` z@6l(D8uxA;gaoh@VPpn8Tbq-8WBVgKT;ov3Qv;9Qd|_C5MoKd9=l)EsW*wz*9ei4e zQ{t%d005k7p3{fRsfCn7@+2Hv@yZ=SnP^5~SAhiU`FX-2A)r3KLmG=5b8+5@u zP~L4bYr|8F@95f1+YA(pHzTUn0|hC(AbH<4)U>Z z;qxryV{2?4ak-0v($7e~K@~Eo&wsEzmWXj_X-ob@y-P6E=L_2p^ z%M_1#FIsh$91butjgjb&MMaFKpRA?dPxH34jP}}(-~%p?bo`z^P0kmg(kE;jtZIWq^ z<+XhfQ24tTbzd_loN3UWpLNbn$^9{Z?{uv_QPDi5C^v`ABR<(+!LV{%&O&G9=ezCU zviQ(HS&W=EK72`NOBiXEjv)Dd)D*VSbVEO0jCgn`ESc4lR5;;r#>>)qll_D|&RRk} z@SN>l(GzArAX{a$wdLBP9J&5bEW@1)<8)Zo#eF;`x@8LaeBt-=QqT19sukj}_cF^h z79k0ZyPo#frSIq9kcL>^FH$x=_H}k;0T801A~&plc$Rf##n#g> z)8t zxdF4Uv~ghR@@G2}b?y0eOb0!sJO2B0lKH1|2yC8(eXp5kTwW9tGw znzx7QI}I!Eas*oaxZ#%+5D!k*50#e5oOYRfPlondzd>}>^;uBYxgvvx*Fg9BwoL7L z0rzrnP>(JIZd}U;=c#5KfBQc*E z!(l*<-=h+TwQMt*ib3qugtPPS@n!>1ac8jDR|IcdGyNa zi73eSDt#_oKGCNBaKAck`!zRx(D3&T>XXKcnxdyO6|cL!-o^*S@ME~<-gJ)mQskAM zXIZFJ&X0ZfE%445n!wD0@tKKFC*MR87)S5E?~%_Z*>e$xZmg>j#cFx>^@?mgm(LQC zknLiG(`o5uwN=~40e2!Es@glk7uf_fLyIVEDLa@>#ce`CjJFk(MQUKFPB^Q$AiuII(!LeaZ?klFTG%j*Qeu=~M(zaQek;VGSr);U*t0s9}pixz| z9)W!PfLx!{BpN70ni722V^uvhfex6+E+RAxHE273C#c24(MH}b;yTd<_iA&@!`|O3 z_pB>`H8y)QK=hom#&?(cwmf*cAk>olLZGI_b0>q8eJm%}M0!8ZT)yqN%cc%Pt5cnM zfZi*Y;W0xuH&d$zKUrV?DD9k!rHvUMj~D7Avu`3#tltkR{676y|u>z%4!Kl zv%waZ>5wH(<`9eht}cwFU^XOz5IyXCz2|w0wwqI@Vj|U{&aq()gAW{omW_-H#q44RqTDjHQ zEzGzjN6s^W?sK$n?IlEmUMI0K-oENL$r53~lG1s&Xl{+Vnm_!3aTaSnVKcNjXS&&E z`P`3=|KictV1|g5fz$%c#pg7LOV%Y-Q{FyLHOddtf)4#fil>m2-e>!^I*X#)wQ^t; zyUhgNNjpMjw*z~Xh1>*8-vg3^u(q3=)#iX|XQLSLkYy$6n&6zPV&~*>+(UUW0z^V` z*6F!QjbGYv#vGd#3Wt9Xu=%>TeUp%iD z90N3c$PPe{;mk%^yf(M*_Jp&3RV_7_L88lT!*E=oaa5c8%tZ&Ns1>@aYFHsGksC zmhqaiE}AK_kZL+e_(E}soH6KQZ7^5s6Chw0Bio$GO6V}`X3~ScCArrOND?^@dJLcx zn!?9_pYQ7qn`fvHgUZM?Wag#$xw!Q!TA$TDwg^f;>Z6qE=59N#7OmM-RBKeV-VwYY zAqASvE)oA#y0MlTjakJ;BOhOhP99b6I(T5OJ#Wjr-f)f?=kjjqh0p0iDrB}nf?Os3 z0^b%b&wg*aY_>3v!dJ(DyLrfRYp&a*uDfZ^tp8)?vbhrD%%;p_%lxt81|j$Ej`I?AnRdAsO1-=ND?PE4emy}Cyf~@Wn!UZAWO#ebFNXPesCBFF znKA!Czp<{nqEOW8z@WE?^JW~UX=-n-P#xtvTm15~b_Z7zDFpvm=*~S1Dl45Jkn?p|E(L904ZTnCclHZg>gL|? z^fA58{=%Zfj}ms$Y#Wtk%2$wP6byF)#uV_X?%^zmudm0X*s8VOcea`_{j@E$J9e6d zyoZ}D2>L)uc)ORP)_JKdekWlkJ?Bs-K)<$TvTgWh?3=GYnB>j2D|($d`>gRHFdk3~ zGKOameNj-m;ypp*cU%2av=MJmuV~Oyh(b!G zQGPvKmSk7jejuk1bVw`ZGTc9Ro-;{Xk}5{YQ8!6}mxkNU2P%e$zM3X~Lu{P@G?{(j zI5}N+76nl!oR*kL`jR&eYJy**E(}iD6)Yc~ASB{gv;iz8pKR14fK#K}cr)hkZXtC`6S2jS??$`Pc7xlvyO#-r* zs2f2^eAvNi&;VRceCtD5l^XdoABEl0hJNb9UR&$DPvPV>0VxLQwezKEE`&Vwpc6&M z3L(ROJ=mU{wg=9r0t_$uAz=x8mdqhV{Mej|==Qs*$ZHo7<3?ciCn8!7RHIV@Ic-6= z)>&2qJwfwM@|nKkB81j=3oed5(D^_*fbVtHK@*;HnfD>NEhY+XR7?;aDJILdjI4x- zzBIk3th5P73HxU*MW|G(2Ts(9-mrgL_5etzAI3BF&uCOmRrzF@-8tJr(#M+M?tS5ZhJ+N!0xL8%rQXcZfL9J(mn@Z!`$H6*kx5= zpBT>F;)yfc1{MAmIT3u6@DHl!^?Tz0F=zXTC?VlVWUo|$=>yXgBUUhrVzd?EJLu=R zcG1cRlvTUMqq$u|L`{c&@qTC8NcDlk%yp<3Li1_+718Fc$@CAr^L(f~-(sfL={|V_ z>V*u%xh@6Eo^%y_rhP0e1Vxg35}?{~&*<%Et5|wH;ZjZJa6NTtsJDI~5IpU(K1+%) zNTh$P^+}<58IqvM;mqD=|?(bSRU;!b=5d<5)YUe**jJ& zYm)N(^VzNicOK?;hmqx#>(`}DF$C~?Zzf}VI8e5Mz7$ZyLF0%%+U|IJquCsd)WO1+ z$51XCPEK*_B#AzE%T7&kzkvm4h0gf?tMj00Gzb%u?#=Q-KO}f#EqLCM*iiPbU$M@1px4(@bG3SEn}AIzl9ue=a&A2kZ(u`bXfGtTB+Xwy_efq0 z%?M*R_?ob)E){+LY>V=_)iIxeF$$%v(73VogT*AbzX~@U1i$-8Q~!7 zBd$L-=)fFt;k266rjap80dli4!wKXY#-Kng^MxP_c_ZpxgH%k5BA>-obS<66R@j#J%l52E5<#+qd-_ zS9qp|waF5~rgk%ZGs*7VL5>gqyg3zuR3U>Mmh!ybqdgaRs)rC>v%xQ~U$D>C1}Zt{trsK8QG` z2(m5mkPoc1Mxx&7c&qxHudrYvSxPo$&!b~O7RmbZn+c?#fQb^M^5D8m!CU~XIPqug zC%qFJTpF5%T5kkiEUU;lsYuS+p!sIL0}O@QnFQuvpA|u+`)9uw6~DF)KT3 zx-!ynE^h9))rI)=k$m-+U=;%XlqlqF|~^U&W@YSEV9GoYo(>n%^J-aHl(y}9E@%@ zgr<-+%nb^T?OnWkG5YODY`yLLTdm6-rveRbgqXR#Rq!83!m%5W1UJo(RV|cG&e{_t zZ|l2m+LFhvmm_3ut%zvRs@7QDV>?BDOhUGlN8cNXi|P_|sW-7|7k?X5na^;UMPe6* zy3$X0)FxQ4w%Xz^RDBSUfwC7HZ~Zo((V>$eaWIwO<2F4~87-IbA=4$vk8HOS^3*K- z^t9nw9K2*-NZAcho}V1HQD<`aP>zqIv2&Ong$ne* z*BgrwkVgv^i>eOG`Z(dw&O}K?L~|wOsNmNNME`?fTwDEo8ZO`RH^mx7(aB{5-oYjZ zw1Un>ZZbYisMxDNO{`5ngn34{F=vfeSvNVB-@UTD<%6yM(E zHJrQ>*5zW`4I4ehp6U0RR>H66U(yshpw6Q`UM1?F!?eitx^cZGQp;C&LsovAe{mi48nz=|mckOWsR%mV0vw zT6QPk!J1^)qv)+IqPrRb=6YBzupXbhdY3r0W;8jnvH$dF>}j&o(>YLhw6q_IjWbYb zVCHs=5r_PC7;-)kXypOy_B-(c(MoAQ6Lc=JBLw=&PF2r`5PtK_=7Q`#FaFaD>vs~Q z@neMKXubC2{!YJU@k)3$X7X~-lH|-8U3zQHYIffCXQEagL5?W2jqH~)I(F}4t1HZ; zw?b`El#lvR{cnw0j)VrHZ$=qJ(t~YihgFg27iQ5RYIE>aw$AcuK>g?pGAc&A4;|CJ z_c7hQF*RP$ zZ_F$|TNVXw&?J>b(UiXciKoRRo$%M(;k@IYn3t27UCiKJGjrjkZYUKL+Sx(6x_E20y1bE$GP@ zC=Ap8#VA=}JP1jKS#DJA72nLII4BiS@;-|){5M3w|3VaV?3v*}+g|5!uYh0_gHmsX z^v1zHq$L;>JE6e8^rmWUd{(484)Ee~?u$x(G=@zP0@15~$)tP8=nR$9x*bF8m&)xP zGsJ?{lZ3APW|J~%!FR?FU~e!DAJW*%9LX{XGHag%QJJ7lHDKwykf-JNQcidTskNRj zl-;`iTzI_O5`avqf28{ zIMH+rn4qOmF>!+TTa1izk137Vi!nl4*W@+_d(AwR)H>IGr3jc~I zz+JQK7DwPU_#bRUw*(=~Le3d8a_GCD!0t$k0flxy0sfv@%^XUPRVg9kz_|~h?Y9?C zC$iGsD|f!BKskJ84OULq&F$!Zj3qcJctr;$Ko7nYS@zPA=AIyv>(?j$fD|uQO>&B5 zv`rtcmzGuP#J~@(+S-$53w{_bUV~AH4L14xqIsb6ttjXOT6UY zOiEAOX-ZvZ?@xur%xwqHmgF?h)@N{nvkW6AZnt?5cOK9ff91Z|n`oh=U52KUAe-P z7m(JD2pu+DrA2`C*2o71M}o%l2>sms)9ySL%B)iQOm-u&fdxbVMkqx}W~6KM+icPw zAIm;M+7}ybCv`9ZeUevaZteG8)9;PU5(DET+J_I8=M9z{AC>%k7`Rc*usqymd~%vQ zTv=H1^1iQ*Ti%b?Jk5cL&TgMoN_eg+F7|b6_e3N?NyKfVp>Bv@U-{`(a&Wa?E-S3t!BTFL;Z*VcWz9_3D;0T!S&lYaRpdKNcZYKy&-h!_ zek+ukU9vFqeOT?olbGvP+aV@LxTN@~o-NLOHq*dh$`ArwQ=HRW+X{UA8m|TsQuaSg z0QKbH3L_u66}X*&lUwVVPKaCM1E%)g=Ar4FXKOkT19<ijEMDfiW6NPVLCIO z^inn6szPG@@;zP?%{)DRs}%JB9<+?0e+JKkf(E@RZjQMocq0aEZh zk2$Ltm|n3^vO2O=e_`-Ye}P$JGhgOyIf(>cF-T*M@NHf3=YO(Q*@j@@^itS=aoU+X zjuUfbPUx#(!IICAzdea}v9#HTgG!kX9&h|%oguM5Wk_<0mp<)&)oZ2C+j~mT$U{(R zekWw^I|&fTCh*MM`X1V9FHG{~1K79sPh968U6$g#8ACtIFx^@sX|hfl*+cp|w}8u- z>_cv;aa{%{lrl1;@P(K0u;=oJxRI7qEFv)?>7wP%J-gwZ;!DLg<0kAGWSpnquw zmIeF1_Az7_56BJ*dDOTKjyk%x@e9LO*HwkLg;u3gg!yH5vT{V;r;~$0?yWU=AQ)#S zdOK&vcBD@Z5v0&(jAD_Eb|OY)kn5X8W|?mX{Y53xb*>CFZpDMI%f))J~2bBx>X&yPumdm$clWuU8gaoTr~MP^JYY-_!nyUGY1C$Xr(!o@FkF z+pDvuu*dwqasor?4$oD1PJ3TpxO9Iu8fCSruP&hF&N=ov-Xy?@v`qF0?IRA4&b9n%^v-SEW+|z773{76!}FuWnB|`PJZMv)w*3fN{gByU{5Xy9pm_Xx1TpW{-SkroLB6Emlwfkw`G@b+HF^_7xm6r z;A4J1te^@y>hd|Wp_qi?)GMhB8ALRu=a`=v#jtDNj+x4|Qe>q^7{u?*X6&ZBe2}WR z3_)j0@(U4C-Z$&%!D(57nkDT~MxiaGPsLnLz zd7=3iHBLp$lIW`ythL<=Y+klkTh@_JpM?x&3Q6DnKGjX~jU!62bJ7yaDySP;$NNo_ z7Pk&g-c$ZMDbEhOcxp6-$B<`|s*ju)kBK1=e=ZVE13+5mK3q{z7qdAbdur;^6MNXXQ|0fT6^hmREvdW%X2u1_Zw;w{ zddu!(T%I|*WJ&I#@jej;8|VtQx|9Mz6(;s`=OP9ad$A*Tmp|@=j!5(GLdb@14sQ0= zwek-HhRD1njuUrB^Kaj(yWnKX!p^NpsnBhF!0$}@1ZjV$*O@42@+1maCqC?~ZOsSn^DNE^S zxAqX4>*cx1XMEY*bC7qFVbA=@vL@8d(#f)(gq=d5K0#17i>g$Ixx~whZP}yFB?+_2 z>*w%du;%2svP4nuZeT$Ao|Rnqk&wem^Hw(c!yPG5BbhWZ8p?&v$nbo_JJ}f|6obUe z!^TS!b$z}aZRU~9>heBBS~T1FdAVPJ=N72i6Ze>6rczcR3%+8)0=AnHhBV!-;N;Mr zr0$$zVUH6o8a54wZ|T5d<9Ok3;Ir9`OM89-i-xdw4mfXTukf5i*_4iiDtnk~tBq3` zh+AAIk@kkFrl9|@UF4tS@o3oD>UK0~P+%#bb3I^909nF~PS5D;yfxVY=GExK?G0V1 zTi6%0PLN;CVf%OZz+jEi(+8>e!N0UV<6EIrV;A#J0c228@U?n>XE$R4-#gm9`O{}LhV zRs%7Q)h6JHdH6`8-Oh>d6!H_yW9n9w;qFCUDfyS;=+t2Ech9s9N`V8?J_0Y)HGvr; z!+F2TR)b~>r<=StrrvLC@7)0adzQn1zLH)*+WQA?!P3KEmZ^#23cnDRkg2LQHyrHnRI zsYG(-GiSf_9(;Z7Bp{IaSF|VaC`=$Gatr{{AZ0WJ%R=Co*N zOa<LfpVc}kO5#-oxaIWZhA+ssx&J{ec*a{ZzS270Mzs&ogR3ne^y5(4?uXehig z-s^v%sqW5ifn%B~aD;Q6ls%=dRjIA{S)*R{U73-sL7Bs4TA@O=KAVP*PxHq$eg!=O zM6wJ$238X1FKBl0w%qM&z98_kbBCL?{goDO#w^4!@F&eX#;P|pvLsR-?s?4+iYt=9i4&TsgqZYx2Y*PLlGe`zQ4^n5?^~v2-g3cT7~W@p85fd&enpJo z{oSv{ZL{+qPbff@&eX+k?dNuM*U2k${0SJuBfwCt{0lH5U1kw!dwwKS2gRYrjf45z z2?UhJ@Ih+wU&02S<(IIbtgD@4&9extMoTZ*M1dYfM-P5xa0*%=gjYb%uDenA~@x#?oo1}{V(q&xx!Nxa=0(M|7p4svY5tcjR8mAzpnI02?AL z@8eR#0~Jm?3m~)5_DWrn((Y^5V}&%c;);_~l2VyPDSNxih);E362aLu*1IFp#o0ui zyP5Y(TkoJlI6=mUpJ3YfU5v8gZ4i-^FsSAkF5?GMHfOIlv#zY`|^s&e=g@q*C6 zb-G`UhR>cuyBm}%1sk#UKX{|kQx<%tV>tPA{z37(&!bj#z9w%J}V7tq89 z3(6Qi8wvON{>Dk-m}wJV@sar=2eH&TU?9=2*1JWCaDBhcf4R1NN2k2l_~cD$g@3L2 z>{#9#4b3_wHxu=sK&XJ~KtNdY4LAn=Fm<9`%x+;p2mTcC?wDNNmTKUgnktNqTC?wWC2E7mM^*X7%fzv&;|`5SJp z{*E8km7Ihg&8Q5-?IZKhXryikv_(>kpt3OpVYiw4jUrM?$eb-qJbw@h72ko!-7y%yx7z;O(oT~=%MkJpJ*cK!jT!%z@6+L&KC;P zMiQ(7oT6yPNw$WQ0%GH#I~4Oc@D7SmLY~?G(4=uJ8w3-=!kk(kvgxkDWl?|)_dQC@ zdxuP-{JEO6mHEqNu@_JGp+&=|cGyLXYY8gkP8aop9NK5dNsq~mbE|wN)w?QT1&&l- z&jEH>yL|OYI-aB105t%K(|i_e%_+C^YI0O`kI^WSm13A_dRs*6F}a8^)=to2=y}1W zUPV^x^O}6hyh)qVc&)d@sEq?$z2}O>e)rrYClxvAsWXC?BMC!k=9$cu=G+w%pat45 zHxRnnqrA{EES@Nx$scuSKl`iB%E?OiZgNZT@2sX$SMjc9jzG;VAu<5)z8TbW^y^Vd z^gGkEuo4+z%LHoZ^;g2Z@$AlYm$DHaw?>VAyg2tO-wQe!u;KllC=(Qd+PBmLG(CU$ z4`1egNrU{2Q|goFRhdBQ#M|!(qV&fBfdY%FcX)kiOy~|5SO6QLEu2fp(^_D@o__9| zBP`p?seuE_37}-gscT2Mka^G_8Dv$L8*V>X!Lp_+rw%n!SMi4J)Mv99=Uu7`KQj}nYg9b$3oIV-gD69qVQ3b}MXWE=%2mYa0_ zj4B7z1E`^pleu&lP62nOm@1VxV3)Tu^ul4ne&gBN|15lDd;BNi8DYvQmjFpZQHRyU7{Jx>&n`#_I zC4Po;H|ypds_~*+xZ5R3HD2@>C@-?72I|Lr2N&EKBAlV2;%umXk;6~y&mSdB^?_~F z|GaP4?QborhgOzxU!%ni=_mE{d*lA-O~h?}IWr^&m}ER+k}vGRQoPA|fZi{h5XOb} zKfW8CQ}E)=(&qcP(Q-2BKj|M&^LTm&$51+xYxZCv%6eFw(CYM7AsBaKL|MwG9oCKA zEimqT{aRPxaCj!~pW26;%X=!2L|9iYd;45^3P1Nhfy9#hBaYHR&4naCt__Y-@-H0% zogHm&@5b=>-AnJ<$%;$EW3SJn{r9^Fk}AuB~xF_?wn)pO=brC7svrMo9z z+vqF%_K+#Ze3#?227+x*KCm4@#Bikxpu& zRiu;8{VFsb{XTYFHgi)m|nDSZ|axU<)-9@QI{@#}^L z{Z@U_|3&@qhB=;4I#NGmYvv=^{-^$7{QY0_56!J3JkhMC;tBt%V`YTunG@Ws`$EDH z4iuBAewAo_qipT&a^_tsQcd1eik)X|iS-I~GdDlqUBbPuSNLyyQm#}T1m|6nb$fLb z4JjBlqkbQMCPSKM$a;=0#Lw)lx3jk1>FJPgWr1Jb z3t!%klT&|6Q#C=2s?LFAUH;skATa0E6`Xnm$MKJoi@;YWC$uC0tXKCJxOu_WZIv{xgnPE9qHs>GvKC zcLxp}*x3E$#3;*Xai~A*>Skn=b;N6CopWobS^7hps)OK#hCEMw&%S4hz56#5iGV#k zIUjK%WFSqrr!dm~U(z6+=UZ<7OB&?q+Ib@1Q`b^ERk9py;#Ip>tge z?>;g+Q&xpzcIy=!f5fx~HjSHG+X1gs4^g%A(2FWUXsk|o{u6edA25cMn5`%an&}4v zF*xS9>^#i*2gAO%oHpThb266E6W!u);hS%E-nFl9m26$F+%E8Bny4bDW{f-?qx?ZW zt~tq|{va_E8fWpAP(7niH~GgE#bSJ6+ZlF!rT1Lx+ue=m{}Bgyw<au8oxbMh&OHcD zJ6?YU$+w(NVVOb|uk-)tdmh*}dM)xn$BJLAdR&WfhlJUc=2S10ZcM>Es0oW7wntW>&!HSb^oRI38-5Vmr{_HHrUS3-M9l2Xe2E3;z~FLM7ReL|VznoO-EnyChO;bUUtVpX%fRxuFUC z?L@IM)Zuj%+so>YVv4%g+a;;7zL=Mad$0wggJXa@VW?E9-2w>YS^2_jGnF7tMT?`~ z;rJ`^arlEA1OUAIryX;_YwG=fjeH>IGJirR!hUNb0EG5vw>D*2=}$!Qwdl07JOJ%d zBP2&h)3SjSVSw_P?%40wmPzF)Nrxjrf5t;LKF9aeZ=u%i{eJhw$Sjm{NH-P@ZxFfU R|L~|$Q&mr;enbEO literal 0 HcmV?d00001 diff --git a/Install-Kubeadm-Calico/picture/19.png b/Install-Kubeadm-Calico/picture/19.png new file mode 100644 index 0000000000000000000000000000000000000000..932c841b738af96db366bbec4a7bb9923589bdd4 GIT binary patch literal 5748 zcmZ`-3p|tU`=3ra(_0QjP8G>v=ncI>$ssuuVj&w7IWJ_I!$`>~me7*1q!MB+r?j!& za>zMnjUmItW*8frZU5=_|Nq|q;q!k!pXa%r`}#chb>G+ZT-W!yt~=$bz16o#R7AwW9j(j&6YCZDfx%>&Ka1IMe0ik`B2*?(YSW5q2pb>X+)r zHZV#oq+>{9_L2fV@GPZ!XyhwmM0v=jv-PvJbn^L#gz_wLUw3Bbo$KTjR$7uV(ync^ z0Qa)yl3W)E;wuomJ$lyBGV;5ayx6Lto;T%@vMG{&+`qZo7t^vnfk_WN4N0^%v@+7p zVU7EaY0OhjLk7AJyqW3yVoLbFCaVJfncUGOz8fESID?g)NCnN#YII}9WM2m0{Ast5 zUHduEyBVC*yD-hl||fbH?<1ljmw7m;ylBG$bd z16riP?SNqv|9Q{YEqR($!-WLz`@?*DNkWTd$hKNDbaaH6=b42u!d-}m5PUHnCXVOj zE5XG?elhXwKk57bO>I*sQ{q>ieieKo;nj`hlOv~=dx_jd#mnCgwj+(2#haL6i*gbH zYb%Nqi(8d{a>6F_lp#v*t?0HB}tH=WJl}2`I0jZm8qs9?Y`u%1VBaDgTha+B&m#Kd|#9SJ{tC{?Ukpqb^b^VN1PBEWtS^+TTgt za#miQA2(Lk_bjRO4`HqM{}%F2hVZke%6{+gmB%wMo{$k`T717Z*is>*j+);2EeT%O zAdNaMVU11BW(@%M57w4R=|J5Bi&u|jtFK;3@dy`K%!QAR-dC8}@gh4IDhUlEfS-ib z9>kJ-E;=y3n+9XHQv)5qv6bsr7fwRJiK@kvq~nM|5+@S<;_9@saa@g=D)}|Us)qWG zfy$DTaYe9qf2XbmDabz6ewzw^z=dKFqe^7GX%3QJInlry8Ggx z0v6xNzi6d6?^u$Lkln?z?Vjk8mEoh zwBlfigIDJuCk;5tjg9+1-i&u0Sun3s-aD$JZWGOz$OuJ2$GEZ8Sf7UaJ_odF80@V; zKNLF1wxU#Yo|I6~Y!lWIFIRN5=3oPChgznk{9>+htYm`0161(p1&Yvt*r?Z}n2W0t zbmA0?VtO37^Chd;K~jasGSb+J%!trDk_WpmO=vKkm>}BIYgAL&6Ri86p7lS3XO7*( zszom99?+_=EwLdZa&X3OW}wN;7(Ih6cjSt$Vw+NRqNPqBfSyeWRvPqZe5DF+zYxq1 zWujkgjcq0&F*IIqHt@2UX4EwnJiBkAhcXcth?F53WkBT(r|yx31*jX+?X?&rJ+05y>7IOA{xfo(`h<$2EjL6s*hpw zX2^lp_4KvKF$L{Bljp=`F z{-p}9D&v#sr>YV6&N8op9aXHfN15LtbuTK<(Z&ZWUgQG5ydAF!b){r@g4U${t0G&6 ztNd69ZD!J5*5wh!+jmW@=`$)0fik~N+&0k-ioN4=*+aqs%Ag*9f*xT5ab*co(87*7 z>o;#JHQ-iDBTPu#OTQuaTiHP1o9BHayAU>NNUefzWx*X*e50=Wm>)>F=?h<;Y>yZt z$-+>oUGDIH-j;{qsTV|{KxPa~<+LR&Z2Zv{vHBqN*}xJe&Ykceq`|MJ*~i)FxEdMm z@$^xrMB#G~SrGq~#e>$$zxtxDUJW-hxRRX*ZjqI9o?tz&U_dc_UL$xH;m=Y;Uz&|Vz zi=Lng*pD1gjWI2%i*!mGcbiRFHzH{`C+wY_$&0k9KJubXAYHh!A?~`fNEbB75_~DOr3vN>; z8||aQeBEsY-{H~Vw^ML}`eQjePL3c;I;XZmrQVye4Hoe3Ttl4cQM?^ArUKVm0LvL& z-#X(IbI8YtzNI*bX%VQHHEQSgL+JJ8qdNOX1iPVQCDtJGl_0mZxJEeB+_k_O^0&%| zPV6Y05`U+;<<}G@)je&s(-s->g0_eDF0S4%I)>8Iyb$-y{!4-$1Z<&J?15|NM$oVm_+A>&Ci=`V%Y{?59eJ`gMlB9Vv53`$kB2IWF)b;P8qx%B( zRDUvk-Z7P6bC5`qE0R+b=6xNVreey{b+ME&t#--fAe*8_!Dic;u2+XN}kjH zh!ya`bmF5ZttxiZ@+9V!)c_{@8+QUUeNe*@*cT1gl!kE%`OKLFEsRQo~oLtto6?o7A!Fx#u#og z&I|rQjs=vx6t1qumu9oxSjoFuo+t|(i;PW9CG*YvJ`ye`&K$rAl6U}YY z&Fy)mo|;V6mov&Y&7bWl)UwumHRdYTCxg|UK{vsrM|1%f3&HXp47_WWLv9 zH4WprGh6N)q($XfBEGAw5Y}I0)lAG?c}hmrm=|?eD{jZikVA7+g8@{}+Pg-0@U~c5q8NW%# z;r_;u1Dhtg-k3eSZ%Y97WM`<#l(OV<88N)7$4A}L1( zj7BmVAsP>D>(~v~G-PdbtH}0A`dz$9y%EKy#B;$UfB&Jpq7)mi`Bqh1f17wg=A$W9?u}lLi`MQp*n3|c@18~_W zJbLbB2^cJClTtp+NOfL2f1q1R*CpoL^-J*A)C-caq$qGgv;4iVraL zrg}TVs!CS!iiW^m(F!hl71Gt}S)-|dcbq%l?% zZh9qVtBAYd`X>l(nirXBB!M{*&Dsu_kYJs{^Xir0+Z)@}SkZ{m#27I^JZc->Jz-c%5{TUkrYIteHo@y&=^p|fehXDd1sysl&+wdkMZU*F+Xw*!QsMEi4mREr|@$4 zTe@mV8v5DR@?{EQvR#jmd*iM}!9%@+d2dX=#+0;t-!pluKn7Kyb7--YwE(jk&39F7}&CzroE)wMO{nOg`*A+UE2dl@5_z5ch0S1y|HPgc#FAnCti~Ra|sZli)^oQH>+L?a+Qowzz$bdADbz^0Y*Gh>Hy;TX(Oao z!x$3GkRdRl!v73a5Bji{+JMjapKT#2HT7;nms;BUy;&6Wt|>eKR($ zI7XZZ8cD1F6B;LAFQf@BANR6Z+1p=RL==jUP%{A)+;?QtOq1K$lXYKbY8Vz4~YMIG%4#J%q<iwi4wl z#|AJx08$K#A zBj+rkDVObR^t*n`=rq9-{Fs!!X{61z%ILj|^c?6vGd-Z3mE9W>LlPzj3oTHoNI8iM-X5J1~Z4xjP4(uA^#IcZQ>B;|`|&p&J_f_=70 zi1FP7I+C)H6yW6dZ*^=_Jk+j6ruHVp&=T`S8M*4;OZYY}us{(qwrpvWgjV~O$kq_D4Q3Q7dQc>lEtRy4of*q4l$ypi zvJErF$Y5fOi7_)6Gv1@;_xyhU>;1p)^|~&ObMABQ^?QFm%QWsW?#tDLWvAa==Q=wc5-813wAb&Ye? zkq{$H80FKxLahu92d)hmQV2);jtbP+*v7zyPNHM+lw&LB$ajvHr!t+KDOZVoh6|dG zCn(?V80bfL=UGEngVaK#%dWn? zR_d}e|Dp=K2={nb-r*fr2qyLvd-o}EGxTz+n;F62rU zG2*m|qceZ%nJEnQ<)zT4(hel2y&d8RJrrEje`1eeX}9Q)XY70gT5IIF1lB z%%gf{L!1LBggMWN2B)G{pkgh(BiXr11GNs+>-MlJqIS{)1sRKh*1!VYD>$i0Zs8tw z7@rsQ5_jyqMmBDQHeIG>!THQR|4cFP*<Hxyb6BgJK2@UG>y2|jrm@Ls$29mHo4$M`~Z zIaMj-+^kVv95979IsN>u;7m<;{@e0}Ny8@L2XAZ_7edSp55D+TwGvV|Gng2^#_fK@ zC57qStyze6JFDrCHu$31WeWJN&fH6AAbScw?Pmh0@((ABimq8Xp9jx*dbMA3KVf ztshTQF>RJSZsl=8HwGOWHzG8xrsi@Y9G5X(DbQ;J_n>J(eG(#M5HXXJ-TerHEziQ= z7-I7)`oj{}Mi?c_O;-_09r=v?zm&r~9oIfX-dFTpEUTY0^+8+yaxJrnviodFAP;eVRMgL`Fw6;B-~x7&c#=+a&lR=5#?vBUuXjkU znJ=ro5=c9`8+8M$kY$VEO86lNY>C0jaMYG(XwQ6CDYa~#Yb1_(yPwI<{6%W(_3 zyPXGzu`}idSs^_4c=Rtn)?;#vg#GJnNPnvB$m+wB{i@9@Z&ikVUJ{=D8c7bjgcE+^ zSd*=ojG7n}1{&w7?*Osja4OLblibi)&(L-P1Woy}Oy1ARuPUF4t>?_eSkAbWmBFVQ z&h}y2;^Z?`UPKA}Z}b)gI6yo_lkU0v`mp(IugKABmP5-q*5>bn8Rfyc946ji@v!u9 z&-`%r@PaF-gjY}Bw=JI=4LT~t6{w~%U5y?hSlv2z7o9E}yCBO=()`%tE422=XWum{PtuxaG#NNf892|V)yOzDujPs@TO=zqBm6u$5tQ+NU`B|s|G{FBT)cq#ofNtY; z*q-ybn4Is&ox@dycE3VZfmlYu>f@q6?>r>%FhK9@99i-%8Md^k_L{RL5ufB!O^Pwa ziF~~P(nEgW3nlE$UJd_?EaaIQR!kN+H~EAe5o;2_B$n2o-#1q57Q`|jD|8+#vGD%! zj3_D^=9q}4oQn21ZXH+nEivpWu^3TQ;z^i^(ujihHDnpmoybK?v0EAVD57QFpf|#b z5`HKXK+WEpw`?rDKn)o#zc{KFyF@&p=C`R&s-zGt(CT>8SoQZxoARmsNDfi)eSE+z zc8tjh?`=HSa86==P~#dJ;yw35=uZ@V#OXBp>RtA6#v<*lu4V_fOZ@PhU%jk21PG!4 zLRftH4H(XQW%OYLdc@A(zBw*k5WzWb4b2juW{HoWSpDeAoG4h^*jqo9z@U|Y_uhH! z+OeaJ4)rNotSlzVnv)2tzUq*MoqApVp!ov@B^UF#38pdkXbg#gt}6X<6$Aa&OiTT&)~ymV zC-7NSOLpAoQ*XS#e~|Apmw2i!KRfsO(8wh|Jdr-=J)M`8a>9yq3wx0TF-(g&?gU21 zPrL92;#$R0yr+-Th#yCePuPormXf%s3>Ko&_;MZok*spVsfwrtf?qa#WFjtS8w^&A z$7DK;#x%V$hxhfCK{cg^JM)`$pCmdQ0RTH*(>2bsOh;K)#}bs}oUL?KG+go6?W1QN z`Axns=jiJF_@t%hH0r$G^3Y~{d!%VRY>DVg*G2+&=PCWg_7hF!HakbOcx_gdiX3lh zdiBLJG}(%m$$sbHjb_H2-I(`5mR3=OzB^c9VUL!t!;eeX#dvK39~yj57ZvMcd0td2 zikVfjWeU#`?GuQUAfmoT>QAbaUYcJ8Y3tMUMUwlgZ> zsyksI@pMggrv5ael`|5l`jKGAnm=Qec_phklNud`4WeuBuQ&s0QR$HJO;QxCFS+x2 z+BE2Xj$iaW)y}j4zOB8DMZE7(awg}NT6nW7+9f9b-oW6aiE5%cUlo7e{0TkF8R=O{ z(QtZxs`lo=J~!&1C;!bz*v*0*_jp&=*icJ4bAB4hxL2?3QbRRPySud*evHAKs;mmD z21H@uhUlpD{E*%u2x1eW0OfYG9$b$tA&VwejBBHUZq&XoUGQZ zSQIa@3Rd^{BMx0J7$k5eu%Tv)^p;XZlHli8FpD9l`SThJ zDY~{QF!>nSY(6?#v5LQ1V8t}wYOeJ?cs73Da}O^*J~o&0kzH085Ts`AH|O9%Xcsc3 z&J>j`gpB<%;r7!q-0&o72c`-jp^A@(ypNnWz_~h_lX7lO`XR#OEnqc{ zVzsw@YiB37aw%tWZZpZm!AHS~1KoBf<9nU@$zWaaO@g~c(Xi8p_wFBH4Ts%SeMfb6 zry?3P#XajAuZ1D6RjPGfv(Osbd?Q#(uki*}GJ4QlCNc5*NMU1!hAjg-;;!Vht=-6yB{@!`s<|)F{Rhh5X6#_=Ok3O1r(rtqPgbqW;wwedVGBUIn&Is6tPH=UV_b0>x7={h*IxB9*M zSXPJ?W3PVqn@r)%9?LR7c6l!wzEXWqMJex|cY7Jt7d2AvMiT*{G^;P(nN`Dd=ll%f zh)=aCJ2r5Vu-7UFrI;wK?h8)iTncofE_YAlfCWKU>dZ;> zy6vd0URRX1{CXSI06Qnhw@;qlPo|buAJ>CGu~n#+f~V)PqBI9BPR={4>QKjv!qcS9 z+?APaqE*kXC?u28+^q~AU0Hd$!TPfy>PFmRTLneKi?8NLf$DXE1F>eVKPr{tP~nsi zddZlkwbN|;_1Q8Vz3>dBDTCo+66Dc?PKqm|@q}_tsMkc?ehu$BT3{thIFCT0`$$Bz zv^;1`Z9-z+FVNw92R=k_?d_u0xT6=h?Pte$#vY!oVq|X(n55_#adImReAb;1iYut< zvurAEF3iqph%4gnxNu!HUl_#D-+wo^q&RPHU0y~!z-&9SZp@@d9joJi*+_;<>NE+S z5sJwg9fbUi*4H-Op0&Ktq14V%AXVS^?N8u`_#DSWo~Rr1t5G_NBuMkJ9dGh3M26X9 z)fdNbO-#7dZAYCyW4d{O;bA(OV)uF@4lksIs`B-5$3QJI3LBZY`F!dKQdf1Fw`ec_ zWc92N;<$0zk0#b#Z{O$jQ?cL;XVpfMWb!{5B|dYhP7FxAN!2~W7xWk;BwTrvqYojW)}+E>Xr zg`?zW1%Z;3_G};jIzas(nMC;6CjREh5(qT<%;jO;_ECE@znK8)89Nx(Y>5ADOQ56w zQULwdYCDOlTKce2cij{~nN-VH?uA+tb@qD@WkH}MqVB&@XdRUP2atl`l@QbwV(Dj- zWe(h!duedNx?UyJ((tF`^DuOn6)9E(B)`$gQN1lBEMW*`7xA~`)@iAYaaLkr(vVH9 z6DnHoctaWn`S7>L_|eK!^GEd47}~5(n)Vc)t9zp6a!(`*vT!56 z-Rv(BP?8ZKvkEui;*LZm915T|9$Q1eyvyP)B(G@3by^fbNk6U_+^Y1m-C2{;rmU+m zF^sV{0%b&%hLfNvMl^17_BQsa-AGYnlyUH^U7#=d=H|}@9%XjDbHW-m7(U;(xl0&C zH$9TrMN;HdMx#d_-L!AkA}-4>C85I&N6>RM6{k4K%ah_VdEl7$c_FHvvlv`ZIu2@{We?M7%7!hvayxcV;zjpXV!)C|u3XG})2t zU0(+ECEZ>tUs!1|%_K^iGEkKwPnbME?iVB5WBw%u)daNQQ+I7`n1Po%66P=) zf~iz0@xGS&s``7~^t~SN?wdG>E&U9disA}?(aC_|Ko|@VOA$p|xUE5)*W;LNi~ai2 zA?9H>h&IgzpZG|2R8d_x8(6?t=sNx1@$E#E#;;Auu%gw?ehJ3mvflti3?3U7O&f9= zJ4#P{5&b?M$gBMAn*42}=$Zs&Ri z;|uptcV8`KNt8souFIrnRn6H%x#}U_u{i1076sLFv`&VW|1@_z#>t3=^hb0n_(>bTzB(=AJJ^^``|W))hITF) zGb$XI8kP=eS&T$41|N!~!6btCs$U_ExZV9a;zk7u5h@Es(GSkB;e}+5BzRY z2$jZ+92Im_oKa%D0H1sdNA=_Tx|Y*<>%q5dYjcs>-E`y!a3B zAY;dB?~00Y(4fx%ZE1fDb=BI1E49C+wpJd?gJ~yX_L}S+;D|!Qi8=wxn&u zsE{=-rdu&%UKI3OvhAc}F5JA@nPt_Dd-?0BMDLlu<=ld06>C+PqXj(UXkj zW~&f+6PFbdP5`*0k?dEhpCJ0BY$pgblI*hNHBzcT?l=@}93j4Imupa3@yEv?G0<%# zK(Z-o>7BusMR9Z7t2cu{4Y~iHdi!s<8EagxLP2N8?7-1disKWB209OlI~{_c`sq=C z^IoM1;Iyf-3|8lA!sYSMUxOgsdWfh-J4UlUH_r_)Hb#>N9!t+}xG1D`dM_Z#_ z8q}MOi-D4C6lFACzxaN;&v0aHTlThoN_MAgUQp3Nn)v~O+SL4|5I{}_rln?G+Bma; zds{R+*EuH3SU+};I4DV1cYF7j*kKBXGP-ojqNGxHdHzVF&w;`G=)7xfcBsMQ3ubSA zDr6nF{W$qT-&7rw3T<|R3_o0snZ*GX_` zAXXT((lBV3vaMs+a9i&6t)SrSn2gpbg_c}Vcn{%dcJ9r!-CtKfe9M2tJdbaO!oKs3 zJDs<0AU7#pZ~kZ*M7n~uL}U%*9QW-(+5zn~< zR$a&vnGif;E7AKt5ge5}_Tk&(*kvkV2PNzIK9`$e`62sgj6AWvQEr5A`7>tP#k<}z zkRNjk_LNgk^fFj5IT>F%Z!3-89eUJT<+7lmutf_x&IR0rT6r0PS;@3*;+EvJh~Kni z71LLtQXb@8(HeIaLt`|)&!!%)7#%=|gu*o6dti+=gV!b?le-uP0tnRVsK+e&0GRE3 zrI?K2k}9*>_TkeJFdLqYZCE_ALTP!ZXNJ#hyspw!T~Q2QL|qaAfh<2IUf(qHtRu&0 z()GkHaka^$PePZck~;id+LF7qdNnOw6n|=$;r~UAV&7Gp~g|p9p)ph=_T>dHn*rs5pEPyZlnlElnPv2k%j@R4+Va zd2MIlbz$}`6O5r(mp3M~lXL6u>E5;V7%}qwy{CU))+sZC2z1nJ$Z#WsN1h+6RTnqP z&Rqw0_W?SW%M1k~Fl!0l{*zOq(Of~j-u#X-rNlWpX(|N*IqovpE1{^V?BXy}GCHT_ zz4`2cYd-SS9kL6%2*?uICb!lr)_Ypu8K*WkEyO*c-mYLRsQj;%yW5o}byavunE z+lK$y@cko^duxqXH8!;Q?3PrzFMYw+r^+%0Y)~rGkd64-q`B*e2!7?$IqqD)(D@}K zSvOufjXym6wtTQs90>26@)^|kR0G{8unADQU(hSs07ispN}mqh_v}ROp#lz%Oc!)3>UF2FSef0C*bcb=dx}z zdB#-U_q_N~7P^{|S8is-dDMj8Mzv!0#A zrf;E%L8LyE<&oy)C!$fq(fWIFmnD^y+QSs%1oqo(=@d()RvzqcVsy1;NL-D*@ zJQ&yu2zy0&nQaq3Dug*#u6x+7^q4&F%xm^Spuk3R`~Jspluq_G^EU~eH2^3i?fG-% z9epT_(?R(?+PQNRRU^$G4lMu0U4Iwhm`G;K(N&)LTgVb@mRe1Af%)_x=^LGPfkUXu(Qr5p3U@-5g^xlB)s~893}+4aBF* z|FX$9-P_;nRmLnF0N$ERwg|<5(xS%~m;74i=zKrzRd`s05;Nm*%B?wxpU`^)mb%l$ zh*31)jRWmjY)IA8Tk-qaPPcPsd9BkM&~NpWllzA1i#I(#qLG4IP#&?le6o5p<@Paa z6qq=Gc8FN0P7wX+smn(B)+q3=o;%p2cEQQl>RokZQEmn@Hqsny;hYC}B_L3k_1?~8 z%5S7x%Ot2_bsG1w$HU+aHe^L1Ho(?;BvX1yKpA-O`2A3mV*z}EU0RM*2`j+OHUbVk zMs2-whSI4)RVrfsIR_rz4exPqLP#fFg%zwuBfxERtDu@1Eic=(r<{*8wAZt?)9zu` zH2_*A@pf(f<`a{i2Odz|_UQ%O&zd95xf}6YUy8wdW#<%ugUZ4UM~9@qXmR}dyYA8C ziwy}cYl0;(ybDh4;9`4#dny=vS}CTTdZk9bqMG#rE$=GAJ_g=)2#TrWYzN+r0Lv+NvSjP*eUQhd%nSe` zCKU^v`G!>mh|y3KDQ;iCyB2MzYX@-O?;|OnKbx_IYQlPR$xdy{$8+bL;Iq)(#gmqL zhqox6lXgEU{bR7Uj_3Ge@KH2pQcH2Ya^L^e1O`g~C;9!4NBpnipLPqzFQ100O9SU) z5^1S1mrx-B+faL_If~W#EuL+kn|A@c69nq9K7f*0C*L5D8bTtEQMTO2Iqt|^vmb*3 zeyIO~HL764COi$(eQYzHMl;vXlCH>$J4aIa_Gp-kKr@bo&X^9 zh2DlJi`%LJY!uMNYW>^z^BXE?y0S*f-lAbVmW$QX7fH}f(w`4G%$fFK(E+4r*{M=pkj@ze0b94Gps98lC^i;&1qLcN5yjX`0J&iHD-T~O8yd&vpMBfe{Z z{fR;Uf(w}%eS|H*%}HMoK8lZxvvakTjX6Z`?>kose22J;VJY78`vv{1mj~L4E!C$k ztqf1}I53DU{me4~oWJ)0XvD|8Cl9_9p;Fa6p()OsE7EOlp{N|Za+x@kaQTVk8m4^O zH(Mi5%MYJ4W2vXclqlm6*3|_F6uRsG@^AiI0BHgb{lD)Z#;t-T8kjNIU@TKvsLciRlL01j`by4otd)ZXEatK&Ml6E>uM4&u~A|J}liv{YS^ zj&e0hwT-ph#9c1Y&ue&&GfK1J4lSS(RQQljHd=b+fP`%T*}IIxgcHo zL?nv00%TT$zcVXNUdB;N3b*2?4b6IM?3zZFzsK5*sjVr7CI3nHS(@96&TYQO!=HEC zE=Fk;AH;M@5nbIg{LZWx9&#rL%onu8Cs%h4Ax3w4Tpo9#?0%2SY5lND0D5o@LSsXLelA(Vc=aHb0&;ewpMp`w{|cPJW1&; z51Vsx8Z5vTz}Xn{VQPcfpOL+?KF~&avJP?}Szpb$%s*WWl>c8~_WwZPe;3nPn`j9y zD%fR?#rGHqh2JK=r7*fS;yR9b=Ro>QZjsYDwcPWZvsc3UMztxS!3Da`0WWRl!`FLZ zaAE%@+a&wb_v;gs%d}cI;M2?Vv<`pys;kx4VCfi4Kxhv}NtYLZ?ad!WmlQN`J zzkE%s2}hqRPB?wowXr)-tNNT(_^{3)8^*vN1P6s(*#8$$txg5|nCDc7iC>;CGbbak zpjUjH3t4a0QmeWrF~I*wTKd}Pxu?*3mmCfviXW#y@}n=iTKs7RROHg&kG-X#kjd$- zsttc+aob4=%#HOn#wvh+|L$6h_Bwq6u7Mi#sxMx*cY<;`mEEuvngJaq zcw;ctA%~R%om)*awG{S+VV+~xD6EY*;M=u}n%h4nu=TJ<)>y>}M+q<)&@O)TGH=Zg z%IaXH;jRD!QIN@>HA`7zBcaa=9*cl>V%G*L({a}TJ-uhU)9~p@gY@F}aMo^75Es|B z7O+ZT3H;}m0Loz0_W2`hF@#DjOjsM&wJKO+c=KCVZK&Ugx5Qd(7I9W95kd_ZjX0w1 zGkus%6|6Xq&jXNo>tX7(H7?FO)S+pOfrQ4cDA@=Ke^;{oWBR_=>>-E%*1HmRnKRW8 zwDxQU5U8@%RqetWdq}Uq0LGE>MZ2RCYL0BmH{*L7^m+=)fzQ?uRLp1@!M{C~+X(*5$(0 z1AOFF00-75fdJ`E{OIWP+N~$#p1aDbV?GG^I}>|PaN1{Udk1?wS-_YaN4j1(S;yJw zpw61-4r-O<7Nqg@%@LG?7i|EJ*P;n@wK`|+P*z`5V$7&Gf!}fSr2LEieLCvNiAo9O z@r4IdV+Q)h4CA^7#JSCgQxwOD9@shUUmR993wdq7)rCznrxa+S+(UCGe^-2cFF-^-Ocbg29`$%pIN z+~o8D_>9H0y7bu)!j@!~^69zu8%gM}5al9mS6fjZ_Rt6X`K7JbRSF(3_4Cf>X3K*u zGHP-0RTf=k`<+6t!?=SAd7b*{%fLUY(Ml1dH26&XvQ@scScvwF%SNfnuc9g zTdC@DYnj6aXhtRu4BC-HP2y2#W)!%ro_fxyC+(lMMswz#?5g0ZE>}Npn{AKJ&b`Px zG3Ieq8p4M`oPS{5USHly0_!|2hhzwWIV|D^^R0VF!uXbI_D#PJuV;eW4_#aaV7-PS zZ|$@$?8+1GDdrJdiVnHjT59)F`m26mO$@r;?olG4V`_kfH6t+`o*VMPt}v*+#&Vss zhSWNze*lCb&Y?-?@h!k?lzKWpkM1)2^+ zQ^1wui^U&7ytZ(~KQq4Hp$XLU;6KG8ujFv{AkgM5GM`MQMNepC=KsB{;k^<`ma4`g ze?n&btqds9Bvkaz41Bd!0cMr)koW>bnm>6~OD|UBpTI+(uh|XV7=F^nt|kKD(Fx}N6aW!PY`LSV zt8|rgg6fs2?J0Wfue`XX6~C6|ZsKIl7QF!cA=Kx_su}Z zaoIoExwgyv*XG2(qS`vjR;FAjR=Sx2gyY+{tQT+u7)i7~nFD`5ABx>`C7958!zm1F zl?45#WwrB89*1_^`=WiZ`<}Pr9S5VpQE~RWPRWesw{JMoHXEw!PrS53ptoMghyPM% ze@5gO(ISoTCpOd&JNijrK28r{N}-WO^@0ut^(FkkgsJzPie!_lNk4zJFw&Gyb{Tkg zO=SS1pJ({$)W5TlpLRSQrF;iqbo>*I>O&7&*dq9JbA*XpNaLzD8?ws)37)3AlCc8; z4o({ru&I`HfKzycc8y+ITY2K&6MqVyeq=`#%g@`hr+_T=qtpmxqpdeN7M)*EH-k^R zt9sF$6b@K+j+2(BEf^;R_;i1R+I&EGsn&os$Qnu8{|Q0fc_-iDh#h_JRyjGjOp`iJ zT~-h-{8lr4Kd&`Caj-&cKv#Dz+k`r|-~PnOVxz1wOB`yfaGflz@2;p~zf#qfXQT5} z}U$1E{2maPSWcT5NR(sr~FXwpok=zU<*jXLMsh!9Wm=O_?&kHM|gdUk{$mlXT zX;voO`P{c?09Y^BGe2!+ZG>7I_tsi;)($S;AUZP-cOgC_&Xv4l1X4wfe6q4J@ZaOC z^z&DFy3%r|>ABC3f!upn$qo^YTlD0T@`_m*S#~1j(>H1;oT5GTZ%e|Oja)1t#kq!0 z9xq#RJ8Mgr#ftZq2v6avu2THC&Z$-kQadpr!n=lA_j3tc$sZie(&q2*9|Qd}B$H|N zJ&7OL7mCoZ7Cl;n^dAu0rc2r5R;*)As^!VWg8#G6$-V}9WUrf7QK}5h^#}Mr|NVfc z1Wzq}B3|ip%q8`iVZIb<$3MA3@WYs#GiSx;%2ca^TKL1p-p^^1$e#_%%vFGrTweF0 z)|rcyU_Q_8wXXn)6^d1>|GplymQ(Zyxfp<*2dKv~z+3cy$3a8#GM|K9Sr}5moize= zQP+!~_6S`kvh-V+n!V_O+Qv_7hb?g`r@V!J7B}72mW{F7vnoL#pHm0mD`eQD!HXO) zsz6gaR|FJ+UE}cDXaG(Db)sV*aK<36*dze~OYzz$3F=vPO!z1YN_yt9Are7HhS8l|IF?TBEp>?ds=GS}n!138#h$Fh0-2y^D@H)Mbv{ zG=LFKuRgN!U^L9H{bU{Bdz@K;rk{o!9BnUNUFw)rUY3Kk5VnbddTb9YZpF9nF%0uF zaY)5|p^(actd*;lQAeXNn}U}4)MY_=sPczlVnugTF>ar$o*QZHEgj&p0L!$vCU4c9 z^MRIZ8vn+6P4LW-7^L3!YLt?4$b3rOU?io=^*k9=`SQ T*|+X~f^5$?oUSWL*SYno0lzsB{#i1r$LERj|;BG(oC>bVx){Hd3W`M35pSf+U2N z&?BHUkrtXnR0yF2l0ZVj8+Z4K%9JTkNi z1ONmc|9TymdjJXr0L}oQ`q%D+I#OnNF>kQ~PreqWefC!#?5R^vzxYR<_AzP&_=uF< z5=t)zJe0z~I&6 z2LXWmXtBcpfchad5qsaEIQx99uo?LF;>_ew5d}0DDDU^Usfl+JG(^~BGN}HU2Kgwuod2-3!1Xu=)vRmqFqFHPIxNsZ1Cl}T}$DC=d8}STDJ~O4_U9x zvze{klhT}L^ntXIU4i0(t;-6Tmc5L9|2)Pnj8)05EAPOy&5=Ng&_xo*Fm>p$EnO~h zXYcn&el?NEo!@-065Zf8aESclt#9tD<>0%!uupZhe75Hp!Oi*~vTW$@VOMoMioyJz zBCB>Gmw&$PrVY`AcQ$rKcceU(m7|7hhgf%H^+e1HLA|=OUD8eWGQaADy*Eo67Ns3B+Jq z4g1I~%b4ip7$I4Y{SF7Ai;RqsJ)Em^N}nyeYTR~kBX>*<|6R64y|^3c=cwHeH`3Z; zeZ~=>8a}Ykff}T3k;e(rmCt=Ld`UYc|_5iY7g^U#%43@l;=R?XPR2b6fa{& z;6sHgNY?$vfY(iatX!T?hT6RYl)FBs*XA>dwn~!}xZo{*ftQKD4|!>?_%({De-?2> zL9h*-|I_RRJTyEjOl0h$inP+=ATjk4Un6H9M8;`f^a(t;CJ^oTpwy zcwQW&^oF-Tmrf&uvEirADBY-k5>!E;{LH4K2CSdqeC#}?Nw4cDjn@(s?q6 zT@}FdIWps~B^sP~hb1MR<#vk6#pP99!q8xh(}l0b|3cQF+4li0+Ym`bXUdV7Pfs|e z^_^`{p~MxLxY=#RVuzVCxlg`e@fgVlzhaXIS~7a7;tyYAy5l!5HllO~jkRq1*_SmP z6K2$eAL`ELG=CG54oNhi-|e=qMVPQ~gM|AYRdeev>6`Yp==twEA><@L}B?LkG7rJqRmy`ZJY+$Z5gUxwXzRXqCs0GJQj4eOpw?vn#E&CSz|m zH>vk#*(auD*xM}HvtUeG{1}scc^YKbK)gV(*|nYW^=e{#`mJopTE2vVF8y@q#ZFUX z_r>a6x*f%o;b-yuzs7#4t5YUz=*|t9LqV#InS!IZ(nwlv1H?38QU9X3wyo}fDpY>9 z(Ee;XZNA4oC+ziI-$jpl->3GyMofOib9A<$EQd?E#P`C<(Uk=Q6Bbzyy*p8ERE7wb zd82gn21$-2I^E=p$SBiv1$`n3B;{-$jM#z;cCqW`)cKFGymi*9NIkZ`0z|xBlMOYe zf~oS7IXd*%O8Xuf3_iQGU2mLc#|oMK5vlT12_UB?vMrRDKXUjY!Ct@S$;u@Bvq7!(QJA_SW)J;{eFy%6{pOji?;ON;{o?>#YCUyXWpNmgRdsL zIKOdz>06)4GEKcR-goke(yOB}SdR~|Q}ftREJ`wxnD&{hUJO#t+&_vOw$={po)THG ztL&IxGza}CFRRLvICv`snD}8zBGqfbtMVEkI|ZmF?Jhbi>W=>XiQoT}H-P}aqobZ1 zKH*$RlfjQB;{_1`dsV_Yy~N9<^7spj*n>~HDmxkhzVhIwi)BuAz$~Wm>pHJ1U+V=D(+beXXAhM_!kT#aRg$Fsudk zL(_KKvJ!^?hc{ft7Un$^MC8Gf2av;!5d@I_-peCb`Fi65oo57h3|Fw+PACcYE3>iK6G-BaY59yw<>?3L373zM<_S# zcbKI5g!$`2^3`Mk_f4L?&u=`XeO+Y0Dwbh4??M}e5nX5Cn>d#>6soSkmmYATR& z1&-llx^`3xUm$bNh#NnKy3SEGoQHjb zCKwy>Q?_AKW|yQhR_K6yq}cC>jyHn6CNgj7-C{CkQFY?x-**q%n0t6N+L@=Kt$VW~ zcJTCBCFt~01p6JvTxp`Pol(!&@zMIDpWPbjvlq^EX{p6+{y1A_EamDmKh7Sh$Kb4z zg`<2$&=7>*Oz%6?fM~HA;_!hTji6gX3A=K6@{T5#`(wuoKeABB$D>uUS98AE_BY${ z`gR}`{$#d!n3viK$q(#2Q$?f!m!rfI=P{)F*}zY%S7RW2A!l-$oEFY3O74yW>#_g# zcIC8E=BDuwm_Y3sio9f057=u}9WJaG!#C$HZ6kYBMdMU`J4R)`(1U|YkTxpP2Jlm= zbr;;G+3%9#9etNs0>p`FHYUo6tfU;H?}0_sED5peqM}-Mf1LI2y{MO$oYlOJ2_{g? zXn!a*D>e{Lw?osT$Mye|%?<1PYw0adDP%;W40@CEI==r1c+9C__@-cB*Zs{E+V!I0 z0sj%g`7xqxwHv6~;iIJ&gBZH!%~n8@(QB~Jb?HBoYtXn3^@r>8(){&|5N^PLtp4wc zxkdI&J`29_iBu~z$LM!I)}B=rGw@V0&3vcNH`~?qbt=+J)ihjnS$^GN#du0)tJD|m zo$p=V=etWwXz}viQ5%{@P8Hl^=th~Xh_Q1^iG0v+&7{{#VD=_i$@;PvBhP8igsnhZ zL9fkM=C2Q267Pdozzw8bElj6#-hXM_u3_vN_GSN|dFsv948_&qs~9&=uaEnq-{P#Z znqda=X{TA1uqg&7^yK1%i&=rXDQjV^_k0^Y*((+hYO7o@+4b#lk<5!oOIso82-_nQ zYF2JKxE1k2--&-Z+jn9(zj;+9}f#f4D2rEi5Rw9jYcOW&7t5VwqhOryS zeo`vwP`lIEE3V3gFcaA0`^Qe;eKe1fXqp0~P{2mqzfW4&nJ`|#+NzQMuZQ>4^!hg2 z(V75G(!b@+KQes+09g2aOacIC7d>~a>CpO%c$@jKA-*+P=aiYdR*xF(0f6V}3sVA; z(#R82BA5Ch;=5=0J}%9>7E03>;uJ~=1^h2`75pHc5;E${l1r&{n}If7B-ipi zqZIuQg+Ps^(Es<#EjzV*XqXYiR9DUwqd2oI@CvO!Q*!csHaR6N>A;mTS5gMfA;o_@XXEL1%cnsU)3_QjDF zostp9Nt*t`8E@pRheTBG4R*$5>j7y)F0yx)Pq%Dd^>|oBxl4`JM)+a$JSZuC!c6&|#uZ!HW`1B2)d%Vj#w)qo+#rMvn=6eJoKJ<)A zyJ$cRsGP1g6&5v2Lx#pG-T?y}KI#w9cI%Qw{?000uj zhflem?94$*E5`d9TbEja_00V7`PbLZf}w?a#z*6LlF<1sZMrGw{EB`u54Q}KE&m@1 z;QtmO72MLCo38$?nDLfaXh|^1fLlLjh(*S8TqGSCo>JRu^aFq=$t6eUpXzfBM2e{G z2!XkyTj=^0z42s>u-9(J82(IzfPvwu{!m9gH)>pTe~iVc{_=CJ*n%7Zd$V>JFJ=mjXNh*!W6qSLV+ZrUiEj3S{^opKFzDZxGKz zpI)5yEd(Z#jr-R|bpU`318Vz+vxt!MT784>N|6Q?WO$x{T+x%0 z$mh#CdU7lA!Cpl-x#89xcl$pckNhvu5j{oq;Ae9WcyQTbhks4|6HwXF=wE0S;wn4N z^u(c?WyfG?zvb$zF|V7?rjbFrF{WAN9mWpHyU|r^PF0O-f(zx0bUvekB5~L>NwSj6 zwA0ZZXVgsL3L%84mvtT=#BcBd+9xbyv|jLTH-zf=`WF`n?@N8fn#2e0ehU}Q6LzeW zYc(IdgFO=Ih-KrK*ec&sW2}EjN4$nZh4#+~NKPnTM?`g|f+dJUxK)ioXk@3TB%qz| zc8peknlLi1=dM=FZCwb9xUKa4M*&rw}=e#ZR=zHI_v|=oE}Rsk-Nv zEa^gzuNlH7?c%GnT(&lN!}}Dz8#vfXT~hi+iIoCNpuk#?aZasI5%^(zg7Re^?OsivR{S-&cg7Zy935UQnS7YmH^kJ*6i;r76+0p9kT<4?~d?`u_6qDu3+TJBK?AZwCcirE9kh0F(0P7Tx!>w5Jr7W1CL#H`m-S)M=x72nf zERmu*Xl$c|xwsz&`Nz43fpdz&2PX^Md|7u-)@&+JA!v~CC1=H-A>I$y)X`Gs514xd zDxM%{D4eqQ?Q28kJ8N;7cV6v(37P+X1ot2Rz;SxjxY&`u`+JQwL~;U?pk;1DYzaY_5eO2L@FxMFyxz zU+xL^Te?kz2uN~?EFc})w0luCIWM^PhN0AU=v->4G~{-=>`l7?+Al$PlI3v?s%-z7 z8alV$_=6ID9#{BQP}IMzyswYE#FfH1{o_op*tOdNCu=|RFXv`lB=UH^h5a)Dj3h>?W8)F;TQD2hT62AKTa zy1APbt-8Z5Mo&j$%kL(!e!=JVI%@y<5SN#QVwWViaR7js9~b+3WT^6^$A9Ih_KE+@ z`kf!+y1p*N2yU;+$_`xy4LRHc$#iWZ(WwcT`uu?3{3yP}+S+P+@*i_I#_6VtO9fqM zt*9*a#u5fI1cAR<^$T;~@-Wc#RvaQiv}GR5)h>s=2+_d9(k3x%ndHi^!a0CPK((C= z9a;W>A(MEX>$G>%`jH9|_lW6$^eCYD){yWm2JmDUs(UqolJ^1g8C)7pw|fsF3J7L} zKEpsiN}rU}s3>%DUyb_|VEos{PvNPxo$S%1HdB^q@2DjI!6#=cI#Amd?y>sr(SPu| zvGXs1%!Q0X?p=$>oK|F0q)%+3wRbC)DU&Rn+c8YKVXQN?Oh*};_h`k(4nMC4NhbQh z4OO^YYb_9qj9EsJzjoarJxxu2s7MtKxqSaT8MN?LQF&P}v-O9Hg5}-Wy46BHe;>tR z$}@<3`t!>bybPmL0_af`SZ}tw;mRLgjO!(>pqumf(9@~F1MU1{3xm!FEy18KR`N(X z>{A-{rvj`;9#+sGSWMgshGEuG*D8fRnH$AwLhqjx`sv@Kc%4=2TfK*krF@y-bhEYA zla+C}RXON%HSLS_;*!1xnPXkFQOWw$2y^B}+an1ztQ@(saHZ|0IbiYWogO!fN^-M3 zN0nc!AX+5BO1o-<>a1ZDJL7ftX-PWX{s*<#;Wi6q^fZ$a$2=;mu$~K4*biovMeOx% zT1Q+yH}B^ku{GiMujP`*(Ibu%XyKyZsPKcEgm@#r=uCq;!%OzNzEUU2r)7+Vy7VhD zDx^1?lA1w8!L+e}8x=P5AZfiC*Lz6k;nrB78vJ@2XX-Ry}+Vn1adv;lz27BO0RGQl?TX+7-@Hv?u+y*euV%{qR8 zAen%UI#!T_tr^qHQN(Jygow-j2KKq5l$mL5VMZUZ_Z|0|Z}`-rrKkvnF`939Tv8mE zsu?-{r)eL1g)QT(#mzYjK+lciWd?3sy?uxMKt``B(M%cqMx@*ky@$esjviF{(ge_y zlqPedFyH@S6{7CaS{ynG&RRYzy9cjIOQhPC->O}W7ik!hj-9Gg^$$t8CvNJr9_KQJ zH$Z%WRoNs}DzHqung6&taW!Vyo10|pxI4iM15*-!c43SEuMNV2WH`e`W6e=vU^cep z3MxLt+>EyF+u7W?749QmH~WYk{md>R)LG7Y_C1~9nd~>J0@-?;UWmE_iOhc z$ZbjRk8)QQ@JK`rtNZ!7<-l)ugHxk-?hiJ2v)e}>)-m`FQ8MfVipdH(Dv-?2;?(6F zf#S+Js?!_WsPAzE&CSg}lprVXt$0)jbZ);CfZELpQlnVg`t=2_qJ$%WC)_KXsGjZ) zg)*nQ*6to1`B>Zf&$@B~!tPnEU=*yD5ou9?i3mX&*v7^8FpTWJf0KizG`kx=N8Xy% znZUfoeIZFfKguD8JA-c+3KSF5+YPCLOhG1IhF>*_7XTnw#I!Wep`SSjq#Q>MEAub& z1{tf4c*fz{BVs6I9~9Y6R}qm7gsjl*70CjUWGpuaaJgDS*DIGj7>)Bd1_j!;@gc^4 z1h-Z2R_X?R6^!RzqIediK7K4H=@munbu%Xm6yJOOno&|4(WQO}umSgcbdz%AUDoQh zU@;Ppk&(y5N2+A>?D!9$&h(S#hINdk($R9X&fpLkl8aF+w?>>MhwH91*O0hXPcfH2 z)4Uw|MZF^-Umx4MW_{~!p0#LV4+57ki35ckFu&NZQN>xtw2Y?ZVwKlk0yXXijM|1S zd7-8FJ<;ZNSknn$B7Vh2S8H)kHm@>5;16ShWwQ+Rpl z@Adny!skEkQ`+UK_b29f0qUt@hc}Lq_tA`lfTYr+2Uv45@$143SLHV^k}4#K`xxJ>_JB4&@V a2jYzNKoT3`?{c>r0H}ePey!g9r~e0Mz|JH9 literal 0 HcmV?d00001 -- Gitee From 9745c5c361230daa9d95675c77a7e662b4b481bb Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 16:08:30 +0000 Subject: [PATCH 24/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index d2bc4a5..c25921e 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -217,7 +217,7 @@ Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特 为那些路由到禁用 NAT 的网络的 Pod 创建一个具有公共 IP 地址的 IP 池 ( nat-outgoing: false) 验证其他网络设备不会对 pod 流量进行 NAT - **6.3 启用natOutgoing示例** + **6.4 启用natOutgoing示例** 查看一个启用了 natOutgoing 的 Calico IPPool。 -- Gitee From 2daaef705ff9dbe783f488885af7598255cd06c8 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 16:10:21 +0000 Subject: [PATCH 25/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index c25921e..672c0de 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -217,7 +217,7 @@ Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特 为那些路由到禁用 NAT 的网络的 Pod 创建一个具有公共 IP 地址的 IP 池 ( nat-outgoing: false) 验证其他网络设备不会对 pod 流量进行 NAT - **6.4 启用natOutgoing示例** + **6.3 启用natOutgoing示例** 查看一个启用了 natOutgoing 的 Calico IPPool。 @@ -227,7 +227,7 @@ Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特 ![输入图片说明](../picture/18.png) ![输入图片说明](../picture/17.png) -**6.3 关闭natOutgoing示例** +**6.4 关闭natOutgoing示例** 配置关闭nat,从pod无法访问百度,证明没有做nat -- Gitee From 9b7f17c02f3ee7fca149a063e9ef961439118014 Mon Sep 17 00:00:00 2001 From: JunjieLi <10806001+junjieli77@user.noreply.gitee.com> Date: Wed, 27 Apr 2022 16:28:24 +0000 Subject: [PATCH 26/26] =?UTF-8?q?update=20Install-Kubeadm-Calico/Calico?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E6=8F=92=E4=BB=B6/README.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md" | 5 ++++- Install-Kubeadm-Calico/picture/22.png | Bin 0 -> 64768 bytes 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 Install-Kubeadm-Calico/picture/22.png diff --git "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" index 672c0de..3962459 100644 --- "a/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" +++ "b/Install-Kubeadm-Calico/Calico\347\275\221\347\273\234\346\217\222\344\273\266/README.md" @@ -229,9 +229,12 @@ Calico NAT它可以启用、禁用和应用于具有公共 IP、私有 IP 或特 **6.4 关闭natOutgoing示例** -配置关闭nat,从pod无法访问百度,证明没有做nat +配置关闭nat,从pod无法访问百度 ![输入图片说明](../picture/20.png) ![输入图片说明](../picture/19.png) +抓包从podip访问百度没有进行nat转换为nodeip,所以网络不通 + +![输入图片说明](../picture/22.png) \ No newline at end of file diff --git a/Install-Kubeadm-Calico/picture/22.png b/Install-Kubeadm-Calico/picture/22.png new file mode 100644 index 0000000000000000000000000000000000000000..8803a5e18ac5a588503dc9f6504fabac1ceac43d GIT binary patch literal 64768 zcmeFYcUV(P+wYItf{K8hDr`hWr9><=A=#pWii)V44iS+~2t_(cEGQyP1SwJ?BBGln zCA0uh5F#~7Nq_(W0*Md;gg|=2iCg!6_Vd0^JHPY(uIv19a$S>atyyJe?lo)H+@Ja0 zu~#meOK(=(EFmEweg52;s}d3$uo4nKnQq)5&dI*2Al{K!6Li(wRHC#;c}Bdm&g0aj zQxX#8Nm2rr_2T_a{^#t1BqX-q{+8B^xvPdrNC=*tKXdAOnDd+v(`j;^McRZXeO^5i zPER}t^{m`tcyB2t@5zhefxTO&6ONti-?Eb!<&Rqv1AUwkW^5U8BU_!sxA>&Au| zun^$YY|*i}rv}R8e_s3qvs9G{O%%2uxKQPp6X(rkuxXa`_nQA{^>z0o3X?E`88ToM zvpQ!h8i_R6En9ZAm(NfiwM1NA%}PICR>=NG4ga(LvB=qpK`25*#wM-Stg^AIY{aTX z?b3v(!O>y<{BJ_apq;8r%fGsXEs!=b2;xYtj+4QnPJ}{YZ6a+b##K-)|4)qmd)YJ( z6J@^K>LfTyAjGV)K_VtXgqz5qWjHgkT>s&-`lHIfmxtkpuFjLoM6+ch6T8J-_0QjX zk6R|nYyaF8Z*b=P4ZijGKYuk7apJO8xsre8h&SHv;Y?z&A%nrk#0EW$H@&Rl@m=AoOk~s%aM9-@Nt_s zeUT5XR2BX7{bma?F|L*m)7O7qEBfh(Ou#yEI^H%q7lZkJ_&vI1VlZXGZO!r>j70ot zb{l+?JH1ClRdfWMXx#LZ5Vq6)W?t!W)u-XkK0aZ`Z`CH=SJ8xnHV`%?Z(BUw-US0E7f!e*)MEsiX z_hlFGvRt`x)=goF*CGvjdB;YQ@SXcRPuxNG?J)Of{aoalG9r=R&=PTb+F%w%()`Q| zc!fYQ%*?PtosjQO{Eknv*ks{toj-Am`vqs0c0@_OnA$V>b)fvb-yN$*`Q@xgI(u^! zTzLizX-NJOfQcLZ(Wd9eWwEbTDOv>XJ#W`3w^LP>w?U1C&yqXNyN$!%aN~kSuj>4q z;t+WFZ(xlchYf@&Qs;tN4rv5lH~2DK^MzBkU+;dNDJN4cW`t*IySV+S}0; z-w*XqzL_p;WEU)Rq?&}1fcAX9@2K(VE1Y^ zqI{~;1Eda++B+-^Gg*a3fcI*zU3kz6zS_%8rBqX!mV++P$C?AdriZ2c51dq=nvc}#48 zG7Cf^$O1Q#`CrU`x*M#;%oI7InM&j6g$e<+;b=1)rlNsRqW1lAvvMsyKecZg+fv=9vRC0x5K3rtb zt4N0Zg$NKp!^xt|f-oL*BQ{^)498ge2 zt$kT3o3JSN{j{)91Ler04O(|p7Uk{)JW>~@d|hV-|MIkXcaY%Q)Jgms z+arU`-2#w$At_jYLwRzeIC;jShh!1oyUv}^n3i&lmd>BPu0gDkk1_a3oD|7^tQPS1 z%g0A2{O8&iDEW zMH&evu&R}W_NXDaLTqS~$3xhzpZ9YnLqVI^r9FxscP&!^g~bm3E`o@6Jl1`7{KRnm zuC^<&7A!-F8-G-%cIQH%L3P6o!9Y4GO2Cp`f*k`GC_4}Z^Xw&<=VEiq0U7N0r7%o7 z&Kk53Cz(zIwOg>fXuBO#{omY8v#ub$U9^!^%LfeASL^yomq@!6C%wP$F}_K_Jxr$!B9@IWmTE~gk!c~jda z?_}bz$hS?={H$RVciMLHQ?>@REz30|J8PC!unptEX>?H*ayQpo5xm@-A1}QHoB?$R zTytpjdc@mnM{$MFM<*`F1@56$FZxb>8fk2uuw9(7;E#F8w{$Ls(-y~8X5v{ju9z>a z#jt1;!Xtq^t6Uz3Fk`*78LGnB&}Cx}VEUxK2Ls!M;@1B=MriqgBz|)DSc;hZ#g`w;3Fzw%0NAKs_ZZ zD}88SBDWEuY`(NB{somdD!h3K(bdVjn33O=^b%AEROf!~Z-DC;2YC0yY|fi29wAc& z&wM;H5oMeC$@yWbwU@^fW}q_*OYnT8A%COKYL5~YW#}oV59(#F*bEQVjIx4!43n7X zP5e)uF--=(^vdE?=1=Sv{`jwWfqnMF+9RA}d}WC@A0{#$taLVHXG|ybj&Cp<^;9|Y z1~;;BH(dcf(cR`!0@l(;@Q=EPWYyQ z$#ZWkqYkAK>RwL0zal#4>>Lox;kkCvAoJ9VxbAR6%VEoKmE)M|>MVX|(+E6j|LG84 zmt{FiBHY@Sp-N99{)!g;9Pe>k)ur3ACEWLsXUwC4g_3DwYB%(9Enw<}&ESw?x;fcK z<(ftjMv85JF-(6iwR5gX$(2&nYjlmnd|w~Y!TXY^4{4~7t-_vk2SJqajA1YCU95p~ z3y`qrBZ=iuw^;ACT5FZD*#Qo?hul*F0JRLK^z3U zqVNoqefAC!)cLclmtKj`8F~%*b=in+)ap76=qqmfRi(4aZ?npeh+>6z;kQA0JqzuO z*X#vbG>XCc@`#ioYzkFown^_t8J_52^KRZ^6ue^r2x(M&WK(hEsr{T9Oixo@T%rML zx@B{ow#Amm4BjWm46eMZ)bSGnO^wz~q~1TidY=7Ebi(&aBsU_eA+Ic9P#(@u8V-gz z()YF^W{yopZDbxOIU%x(11k~-a(6+lv8b8Xsa>8RrH-IpxH|7tFTg~widcQS^A6@UNH%}o3f z$PlR*8}8~tC%xyXr3Mj>6646v1j7c-mBM&oWfI}NB4V=_(TUs*ySl)f56=g;@}>+R z{M#Mz@*D2pHpRF~vo?V(x?I-S>I)gv`&n`UR`S1;;CdGz9~fX?JuRUoW=n9thR(RU zQZp{5-f(k}j-PY36Af@q{9e$?TN4^b)Xrd3nH~xj$}_G(!W${9tNjLn@)Y(|*foCW zyHQ>ky%U&-Gq*>4MXyJ zCEtABQTQ;*_Vg#ay?NRFg*y!;r^rKiVM)BlL0JXfo9Q?9XjEi1qb+bKTi$m8sq`s1 zFJS~9j`%3r#N0=0HW>SwbsmNf>4wi9(c$VtLQXA|a zw%K-i4?H&z^sC@-ch;IwGig)Ok`XiP6N0r-xGn06sR|S*!w-Y7B0mp+TEb2y(-M{w z^~fy z5I#cGcF%)%?@nBF^8{0Wfzc|pJhz4CGkzxe)AbZxoF98cY@>#LP}GMp++NPG)kQXi zyH@>Vj*^^^3JIa|rV07cvw~b@XeD{%=$KwL$E0ro-Ihnu%sBn2q&M51S)?f!<;G!AeOeyHAAh#^QK|dhH2|dkhoK9IkfQNIYWc$ zB2I!Pvvz*#oHOg}d{$XuGO}2B@Muo#pe4oIUE?p~d16kdSApt^d3Yy|t}j zn!MFgJ4=yj-nuNH96MT`)Z|$AI+XwkDX&(F)r<2CDp_F~eihxULBtly?Rl$uPuKvOWs za*y}a`qt7V;eidrtfd(vj92FSFWi!Wy6wEYUL+Q^5*FI%+EBf6@TjKha()6apg9aO zEx@@MdlO7_LZUOa>v9z&M!p#x=l|8s)N!!jV=-)^ztmw9&S3{Er2*)JS%JTa^R~S` zRj&F5YF;-urT{(WbyqfI`~1+HW1b!cU#p8H9DGbtWnr?7o$U!hQFV2$51p3{DtZ=T z8LS&2*|Ze}g+!7e9I9v@Y;rF=I^#{lD@fCoKzKoSN||~OYI^_n_@~&nCseJEG^M_y zT&ijWX<+Sp^08S1J@uo$A?3W7=80g$(wd*9FHe8#yE$VVdo@@i|cwi1w z3R23dGfn~-+}(Rwl7N1&HDzF=a(vh?ooV%&A-|QLDHnB<9y**$w6<&bz>hPfww$sW`K_xljNoW$pZ?@JbT6cIBzw{)zg=U?R zHE_9pREFp|%geJGwiJ)Oz;9!3-$A~#ndrZkpDF~bYKgqsboNDwU@+`CdXjh=7XZjNWDBqZ4r4-_+fmNTOg z1-Q<^3e*9pJ|0=);v33HkJ2vU#?`PN0rnKq0hz*PXdnvjz3l`1rBi>PHffL=E{!Uk z5FHAVUoxKvZL}43d@bZwe$k2H54p%)D-C;=vld@F7YpvIby$a&R&;6V}1V zgY_$^!6ydY@I03UeXoX>ISFKXIkEsjVT9~uANyd0;Wo62++o$j`=KpDN2eOoJ*e`1 z7h_!{IH~>y_y{w&1b!!aork}%E%e@c&k}P*Om)9k{EN5h1eFV6uwCO?Awxj(T zDad6%2Ft_-zrn>m&_#R$t% zp_;5{%M0L1%9zn_y&22gb=xXa)~iv6>XzlPp!pm_7j_a{S1x&e*-=P|I%qZZn{*21 zmhdU8jekM+VY3ZZh^;AGP~GQno@=fpcMjsC3avfxVm`lRB!hZ&Z@&w%s1w#jBysOl zjsoS*u=E^#Up20)MmhAHcSF{yQ2e$GmERoz?+#%FRWHI!MlgFH9z$FwEOyV=BWx+G zQ@VwlN<=GZLHn2vKEyktWt6rUg%l^F;jrW!6MSuPIxSZJ*aIiug;VZ>tpuWdO)96G zh^#B!kk#b~(qbGKw&UmCkcTD-wZt8(jd*_qw}mX2$CjsV(tQ?RgVll2tg9}$YDs;- zn$2yHK+4H{TU8PN>Ysq;&Rhf_U+>`UYZzeyvZvCaqOnST#5xer+3&-#SO5Y7m*Do5V^g2NJj5Rmwi#NE1B!g*_ z@)CQ)LtiC(7O+DME0NhJGj! z&_Zw~X|Dl)8uZI8K9yBUhT6m@X%2IF{qPjdWq*T^wK_F_E&RRO)T(M5&AA=|$O_#E zc<87KSZRJFW(a#G*A{=G;YY{)=a@l_Fd2!4pZ;k4@3oc~*Za5VK}^?^5Q6;7Y5$A$ zGT*QI{=Yb19OJqwBCSU5=$y#7z2~pTzLAmdgyKi8-`W`0zn5HCOKeM0CV~k^3e-BO8ELqMQnu<_8Q~=PXfn?3hMB{=<=n7aS{~KXJ1EXl?qW zlXx9R?jDA>BraNZH7<(OB_)H!>#fe?{(>?%0zh0zK%X4gkIvZ_l2t9!e0EdJh4ev- z{>f#8kfSPcSJxTRUlVn~K)Hy46OFkhgLm_?mo3iOZaiMEZ|nez!PK4;;(5ud^a9BU zG}jgdaHR)|9++Ki8^LHa9SIBFPW+0{)Ii3SUn&Y8vo011Zec=gg+q5vBra0fE#mQv zo1+X(918IJtt{P4kUPPC7_dy${AxC;afo>})e@%0v!bZd9H9iEMaI)`AnbH;fPE^> zw&sC{x;bTDTLyd25B_Kh;b1 z^}KppyBPhNgt zxln0z;c5EQh{3H?2(}wiWSJIN+Eog0Ip*;dS%ZrMM>k|cfUD=<)ifNDL?1vD?eD=Q zKNvBFZn8$ee~a4Qe~|F5uG@)&fi} zM0zQe?C=fJO$(1BCuO;`Qz+a$FJ`IYR#uRbIB%o7dpJzA?#V=VEKxyN*-yB10#4-% zKN~U8Y$ipB9fp6AHD!WjB<_VwHJjNWhP*|lHt;gb2% z(&M5Qf~u=CGzjDo;n&j{-V5(wzTl!zqa$F}G>fdMP~j?-j|m%QRo;wS^{g2w9bS=i zG0qpyJ>ZHxuBXqOJW~vZYEuo3FpRpdB)YP~aC+dAJ7xMxaVxOSS&in#ly`01FHt}9 zZ)&KAD1;GqFns*IN$lqw(~rvX`j@q`oVQ4_xMsP ztp*`y8F?#bulX=Ld>fd2~j%_gOgFD;PDLwv~e{B0NwK5W5& zlAv_KJIFhGVdZSwq=m}@%F!X$VS!sQ|KRC3NyOu%3mm>|E3A&PRjYD~J*DfcTBj{E zOdEP8#f7r7kF+tOo=`wDO}&_h(%t}zq$K@i)HbCSfcI&1X;P8XD-Hl=mM!Zt_6pSo z@?luGqK7MALOMjoDYMxMbdS^FmxrNeK<9V`RLb$hXuXfR`*0-?TRuTIafVY(g#VhR z6q}^}DL`#2@3WTNR$6d1w2U}!*G;g*dJ}+rS?Y+SdI*E5JIRzJoa(DD;KV)4h}n%7 zNf(Q$V5oLwqk;3G%kktBMBE^VA0}NKeoYO6_GzH6jQGmsjoKoW3n9qMncG?<7FEPX zK7ElxmyWi?!vG#EsZ-i6s=qky+}&(i$vPp*P7HAPSs<5{0E6KJk4~o_7~P;{s?__s zS!Z;rM1s!X+mYFQ3Sn_W3Yrt-vA zuZmiK?1{6%x_d}HjAwly9G+I^Byi6>rjKcFEGR~H9>?lj=Sl2}nCyQd>$B0&VqaI21-YOL;# ze6XGH_N>621C;0g)~`0fE9P{lzywW+((U>b*Mx7_(>O*7AFlMyViBvxSD1YQJJ0Al zE-QIk>BL4@C#{RzsR)HJ9MXtMEkNfip~}S`K;x$svj}V!fsD-pLQ!#ZAd~^U^1%W& zmbO8{SXu^Kzp=gIxkTsG=mE>msA$MOzm0pJT{`RNsC*Vf&ZulH9Nc2px#{Dj0DQGW z*HMQuSV=tf@+YPHl0zH3YIHZUbaH3TX6mCsnC1mZLDeY}@wXz>>_6lhB!NQ`vPJGz zJE0PQ3li{hm)m9{pm`dvn~h6xrQ)d_z)o)}5GYq7{7vk5N%5<@dheSs z?f~D=#I(?NEs&uY`=cbdpsQ%~gq$5Sx>oXu)iLa4`j3n-8 z^UBt<7y|D#tE{&tXf73 z75P>=n%Q2d;){k7S`XyMu{}(436ivjR~8HMv$|3{8tjBa_I}a5KuKZMg*V5N9yp;@ z1Y8p<@+X%J@hAfc$tGZZ@-^VNrAVfMB5h08&rzAFl;a#PX58znLId-m^u7TCY-pq~ zgB0K!;QcA)L`8W2BFqa{h+7k0_gSMgG$ek?qop!%b(toG8u3(IFqLPfC7m`#`Fdxo z?&@P^;XZu?@&c!yU;P~;`RyCldfAP_Q$r8Cvtb`H`g5V%#K^2`lp@eyHoyT8;)y!w{s;u z_g?KdVFydM`DPtUTPK(M@+laH6r<@2_`ppry4x1sazZG>l=?8@1*yQrvlF>Ss@C32 z_Z6xQAC`o)-n6m{=S2t-_vl}e)MW&bdnTS+qpP^Er*ZD^UL?&A;Pwqhv~lcm5aH4v7ZwqTkBVa7IXb==sTA zkE=~p``4e_2VU1aspk7B3RzvxM21d3rIt)9$FwcpS??LcHVh|g3^!IEs^~hOAJ4vP z6enxnNuNbdvUA||S0Drx^SvCV!wamHM{f2W=-sygq8HYr3k3-HT<~MgrMFz+KD2?% z^cDlNMZ-fez(ru+r{EqyRoyUk$yhYL?yaF%Yu30oAVaWL}OV78tvoCUn*=4&Sk9%bW!c9I= z&yj-4h+N-%%v|g_p%1qdUG_0KxWSy9kFVZD6DYzCAk|lyN2`5H+KCA(RERv$Nw6Q> z=`EV1n@n0@z4#XHn8hr|5|sU!cSuh;lw+qpE8O{XiBBz}L;0b=isJ;Z#vJ8&iF~U% z{Xwc9>#Mj&rym<6jydi`cG6@Cp{`Ov>Z~Aq!}{WYu@u>hA--RH($|p)BGgUtpb;lE z*l4i8?fw8sk>Q>I{`VL}^7J1VBuq-|RE(#1ooibIxtrjYCG{@0E&YCQ@{^S6ekf#3 zYR6;xYpE1XbvrBtYbh&cTK6tepHaDuL K zV4~gRMg;tr(d5^#Tw@hzAGx8hY5jfDLNd9AxS%mK9oBSD=P*-^9@7y%L>b~gra&WC zmsV_HJM5P~zBN?6u(Qs)WeQ-2xrJmjU5(FM90*ut&}n?hcI&I6ZJq0{5{I!$rJLT6 zt~LMQAbg#DY+WdVy0#~T@3?h{=wF`9>c!*z3^ks?CL=P?y0@?!tPysDL%5-4_KN@N zWBDF|l~ap8nkI6|BuchsAE@FH9D0(wpe2yCA(-b%st3CGXB?EyiY}j@O%c>RE3B?) zt5wd{Pdd>fO|r2vhyxk4tT!T+o<*Y^4FBb zqdl0PpMul4k+^x+h(@1}s0YARMiyZ0aZG8as4Q(4Qov{tFe^*XO+P z8x_F@XJS?mtWLz8Pb?hS2}^pEd58FiiGE~^Z1@3Y#;*z(F;F0UWty#u z*~rfA29Sh2vOY*)*Wf{s#qc@Z=@|HIMz%CYG>TPy5V=TEUP>n+qS$|s5I8%*9eZQF<%Bb|wx`6B4x@eaS&`;$`&d0*kr*-T^#n5(z%~ z$l{xiyj=!sKZQV>bAOt|ywI4A&@%$TFo=-p@pRX>z!Fd^XX(LSt=o!c8^gmPDYp*l z6LpXYx8|2I&s=k4m4xsn6nORJ4Y8;LyRfGYvO(~hg1P+S8lKCzti^(Ow?=e)8l0Fp@0+KIf%mZYQ3cAhOG5)Qd)y-QwQ0{s8Jti~)E;L_AZ5fzVB>il=E)FLZ^R6e{!0txWBr5y zOxNmZLu!9Z+wvd<5Py>Eurpu>8f*|ht%LdmOo0Fq+vrN=JuwOD@Z6^N#oSbsqbiSb zVA$n?1K!{$Wk=ZVzf*RI)ekdps1i0gYQ6ebZb&G`wojE=0o*}3$jtwWdy6{rv3kt8F_*WEbw+44v+uJpS>)2jn-4-h!807e>K0 z;U6jZ)TxWB%AL;c?s4U=qa6Ep97Hy$p%Gu%&#z_mO?nVV3^8&|PrM0v4^1wYaLo!r zg~2|YqlI^ilg7%@xH7Pf(^Dhc+cJ+lUt7b{Wal`sAaX*f5IeqgoO)hU;JnIIaOpwA zBdMUL={Amgnnd!;9PYUZ=u4H#v37sOU0Mw|0+n?-lkQcW0RU>yf2+Yyb zAp@nLjbw#Ub6aMgzlze{VYQnpkzzciwaSE-q8hh;qach(!BN$6jBe?e8`vX(na}-& z)p{Av**1^LSS)Q#YDDbW348r0>25GDb>+<-%y5{Ss%KJY7kt>Dn2hRMTALKm@NlI8 zr(+Uc@w6|{bk2(*EkU@~qAPu3=t1<*;3v*UKgZ8V|Bd^!kK&O`Yo-IO!2d-u*hkGy^Vn<5Xp zKSdr^|8pXb_@A-nreE)ek%p?ECVtiFUmQdR)@arc!hj0&*E6tq9Lr$jqa@9l^&2Xsylikz3neL5B8lF-CZVL z_D^4k_W$yWqwN8|p4PK2YFfvAKxEuXweV(Y!X?{fLTh&dAhjmVVLk_vZu!fI{G8qz zDU%SDUzp5qh(pB!9~iS$2q!LbnxM*1!gh1s;NbN}l@p1|54k3WWBsB%zBNGSlRggf z9_?7%3V$r%c1h>w*yU!mZ)%UTeg8XZk1ycc|3ffj!tr0gki)flhxGzr1G5{MO&Y2M z6%eaBVQ-13yG4;Ic5T9CQF|YC z{t{Ech@qMd`?Y?Vi2A88zs<@t_`3kXPXVgrAjq9zJCUz2cXg>vS$m0xlYwVaO%(zz z4XOf)0epH|<^j&7a#l=c68cugOf4@y2zNv}B@g4BD||mqN9ow}e`SKw< zwL%>;vB5Dn*cE_4Qj|%8;1->9H=wH}scfuGz%jV^F2*=isu9wlY?@un`BXshIDBBiR+NNh>{^qSO+oKRBWcum9TS=Fy zPdKwhEK4QaX(`{}muLIb_s02`1Fh=&&IJb?xu)}zI%oYp%aObUR2jp=cHx4%@T#Su1BhNovgF?lxzd!!G;OCblC(vMIh8w+5!R~hB-eSW8N9vaN{Xe{ph zL+zBchq}TT{u)cF6pR@sUTC^!7Y#`1&E5clloI`NCzaj6muBBo6@ zB@KKw%WD~nRm;}yWvz3}?0_X70lI<4U5B3B*Aiwu9w>#e%BCZg>P=u>{dCvrn*Yya zgb|mRaq)DZvYoA7$Jrb4?`%s~T3e4T6otU@@P+=Cw#uxybX0bmFWON_Ec-a6f(m-@ z92uu%OGY+Qh(7>$)B>2|U}XfPUvk`1wq+sD@YFvhqmM%xOaVc@AIW>yItaAL`f)>cj-z2g^vVrVd zKqa}w2(#%mtnW+MW>@Q6X3)>AcFh*7;OC7&;~ptt!OV zyze(aTq%MU^nySvqXA_nCjWd$fO3a|fBbmRRT~%6N8|)c`!cB(@K5W_hlFHNr-X{d&{!!5Z&XfUlIQD;(j%2N2gA~^*1c5L38mU!7&-jN4ge? zwAag;u*=sdxH9#&OFqSIwt%fsYWrD;o+iJ)Vi90k$M15G=gDnRI*+)9J>A|Kqkb`v zTgzX{4G+>alJr%P-v(x{RH2emS>g!p(|DNch{iu6BR?PLy_rlOexvYc<&c!koOv)a zV`6u1F+yZ-9rKP8wk7Uey}z5(LzLs?7M;*DEA0<1pVSu~#uMn&>9&inolA#6YuXpc z1|jt8&L2_3^tk+l?}X$*INSs4U^-x9L>!$b5b0t!bvL!7I&!!Kzl(m<$LZmQ38^>r zz!;M=6X{8`2?Y>xIEpT`=%OEy)~-%04b{x^)vUHbbO@)*tqXA-z#UQAbW2-upI{0( zz`Ug-bhA7&3+@aZ70!w`SMW_{L><_!A=_H<{C-gMw1IBCvw+I6`lD+8^YK zemD|v(B>mg6W6Ny2;Tbzge?x2vL!cYs47>uUVhi<7wZDwP)SmLQf`Pjg;lU#~2sk8b`T!5+mG0|$AZ-BR5u5)q9TB$^AYkgjz=4PD;0kyw1@hlbbG4O7GHH-1k=cieqQCC8^&VJK9)s6Kd*al&atO1c8bm|tgrPXZM!odMO zoqe4ZOLLiTd$LE#R_Ny90TRnW2`xg+n+8ntU}@4^DL=-|PjzR|^Ut$jsG<2$460gs zQ0VO!WqWW5(xC$#8h#?Up3U!L1v4q#t_jSDx?IkQYn-4Nn|}^Sc+|E350Lzi0FpoA zQGU>jf2#KQxA^1734hb2q)#S+qL_>#fcP_WwwCP+=gt#UG298GPcQ-z8I3*G(zN->_9zA#86Ek~BZ2r{qXTmdf2#Hf9A*dOe~6?+ z4;#t<9^oP;7d!r>FAbd&gG;81HefiDK?HqbcQ=gt`$Cv#QYSm_gOqHRf%1L*2_{CX zy6qA;st!d?8H5arAPtY;%1%Xk-Rs?!p}M{3+0wy zi6>T<$M7EjSP%@^zwI+GW$@<;@WCaZ+ti94%|bVkaNJV=*2`7<88)*-$dg;|Q@7a! zzHo$xTwg?zo6hC@wB?poz^xooJA;z3hx(cq;q`Gr0S=YNW(O<$b}n51=N=0y;L3xq z=9!4%phhP)z~uskyDVMa=4DmtI=VYIK{*p$W1uVrgn5zpTU^5wfY3c-XkgA4QOKNr zeFiG&9c!UDz%gTf!D?H3VIbfA(Fz5(G03<=v_&n!s@cBh7~8+t1=GUxx%1z3A$}1C z)%zR4&7H>#%O6}aTdMhKva`CX0bOnJVxlfl+Ps*ZEuH&xs^FE1UQUc2V$aG@n@>(5 zT9<$*QD!ig*SkYXOQw0B_4TijyJy*d7wUrgJ=6u)SvbJSnP*oAD7V`jxt9wKWyb+} z{!fJ=9LFmB%AG7#nnl3S>O~s+EALqJ4^@c9oW&)U=8+y~%F*0$c$jKKhsw*{g=#um zL|xx7T0mz@`TpeATeie4ol3ijX3Yejk%O1vc0cd+b@WKWIU)lZ@Zt4JxJ9t$uOKkB zj&b&b{rtvWx$1U?du1i7bs}2#e(X@d@sndcUy%h(e!nqJk`~O{th#NEoEs%Tf>4}R zS2#RuijK-H7{j8FyFo-s54Umg!F9CEiMaspZvDfJG-#MY{nP(M5Teoav7P2<6?o$y zVjrNa)+kD-OIgul2fe0J8nQL$g~qba!4AZ3p&Qr_)bv#CWc3kVTp7@VW zgxK14tUl=-rEtPn?@ZO{kF#uiV6K;lV9eP}w=g{S9(&1}WVG6T;;v0s)`^}Z%G&UY zIr4Ok-fWUyps0Hut?S+d;9XQvT}xX&M6)^xM=?5ppH&tzgjE5ySf9daNfmOKG%XzI z6tQ&6{IXQJzBcKn_ZD@+)u1ko8(tGDvDN27XmTqNO9Yzs&{K32VneT~x>L$-%9C^OBDu2@v71TQc+gn5m5?Rb@o3}hfKur z0wLjkjnvM1xeNCYd>R?N1U+k>J-p=d;B(sk4Xt6Ysp@5_t-FoR6lOH2Ssu$g^?dae z|H7)G-kU}(6X4iqf|>6Y%o}NXJ+L$+c@nd%5CDu0Pr)m$7PkTt=-#-;)rZ897{3L% zS0SaR4ZSeigg?)u=VtX8Y#-i=ePUcw?Lr4*4PKLpe*9nU{PqFOp15kNExV|K6ni0-VW+n0&6};mWkt8R=#Z_}`j{5HEUA0t{-ptnw^X_Ro0TE{1k-=PLM}v$ zE>tJgHsNQ_Es{Iv=!DJ$jTwibQdOe0xxlbyK;bLA_IG7_S@2lIT)J2faKKtMJavfQ z_%DIT*IA@XL(UJK$c~#P;eQQ-*+Gz&2vbx}jE!A6RsDW$yHEXuB{DXeU;RpPyT3Ei zrP6A@STfT3^4&Jb4O&p0!E`_Eq@Htdu3yg~kiZa7HSUR}Owbt@5=_Nq`eCTd`xflk53eCS(fe8Y|Z;R}rE16JI+udNJ ze!C6w2iN-yjS;J-mJIlo;70CUYZx;r`2EywN`-FrG ztvFQottK&aQp&5s>8=*-m_7b68S3h);NvA3rne%v`9m6l`&4Mch)g48VZSu$oCZyF zzB*p`!7>YceAKwru%juvv}wMR0&Eo|y2f2Q4J=OX&VRUI5ebCJeCm7vJk(U_x(}q3 z`;1=*2EUm$>kE@>&Zvn}o_yJST^fiEY#UD+ha><)#?!gp+MP z6{L=0L2r_tA9fQN^^6H(Q_jnsG`$#`A=n~OD)G(67dAm0jF%$4mt@<^p)Q-^GM?Ni zio2*Eelmd3MI)2~Ql1EC3cpr*fcVt zdm0d-Y)55(42wK+vS)=CzXiLXjL}aZf3Dvm{1Nsd@wc#-0@**qUjF|Ohy261mzZGq zi7JsTziw;Wp|k(IYzyrMWrs&`-!+1I z?2(7X(&BGr-MoBRJACie)eThiy+4hbP8Ww0`IQ#yDURx|c`sf>%&;h4YCZ(DO+CAR zA1v7F&G_)P+-v$5V}?8A?!F7#xZ)#hmn$=2@#?Ys7kZYV?$1|sY=6YSv`UuzEe56r zlo;|ZFG6bBV7AMrlB|8?M2~95lGpF*kSc(3;&YN^MI8A`&mGrw$dtgZYZs0sI8p_s zSw%1%99j1Ai${GQR{YdH-a5h7s;wqYN6CC5N(&vC$XwZJf!DtHf;8HcXn+}1Vwq2d zOwd#ZQ{<@x_t0=<-G#ysIr?@cVoC5h%EQo;T-)gJBB|XEq#5Xd3b_Z^R6aRtPboA- zB{hFryvhv-GmW*Fj3InDqFGJ;vNGRJ+q5Y386ipFYjt_JZdAX40U?3-xwngO@= zEPUa-K|z|0FlNYh>ZjF)cx?xtr4UzPxKdk)9HO02@f;HtnZ)T07#2Mp0tgP+_>}D4 zHm5OsR-3St0Lvv@p()NIkH)AWcESm917-2>=O88e(GlD_?exK*2TziMn!`e2GJ2NO zLH7PE_VW_=Zin~Z)(WITPFf!swrpmj5G8{K)iOZ09GMWWq4$bVJm*=P=J1fgm5rkN-dIq>0!f~ z^IoZ0U)cv%H9KajD>*PL_odf6jb+?K?RLSiHL|wZ;7ErYLFHIAwYl#0V0GVgceeGPe8|+-I?9l{m;I;?{&Q&@dLyF zhjX6abKg(;$We}hpI+cQ@lMm~t)|cL3g=*}$EuuK5xy%az)AAWmES>>gKvrh5g&|l zYG{`)a<=o;XVh$d^3+^KHh{Vzp$+KB2@TC|j6yv%zh{F7P}zuedjpi?%)SQ>pO-ey?OL0*6CXvVcvl*`|2eD8j#|z+M zU`ws;1%S})dpWu#zv;(?8C!^Zzjj(Tfd2u<$3tr zwuVUVny(+x#BCc{%s-Ya<{#BAs$W%x+@y;6$=xH_K;sR$oAfuD4-&;eDJg?dQ?#W& z*$c{w^vb|9`TZw8=wM5Bv}!8Wc%@Oxav#ci&WMHDm!^P60>=K>IoAn5IYr7oHj-5m+VH|QeCs#eN2~chFBEq4X8tMx7eo7n zi?Ircl|j3F7{+9Mc(nORdK~rj$R_)?8|z%;=G0GmMfWMnGqY}Wz_N#9Xp&?9*tYoTOG-%1W&t$19S`<{)co-E1y)9 zMh?=d;r=}5Ii&hX^khBLr+hm=^S$0s(@>*}Y=99$p0H=$W`VTs&D>)4#Xsaf;qM>Q zn2X63L_S6Cfnsl259tGjb2d;P5HrJTlvz-vypopUZ3+Ap)j-#1rXK;0-(TbtbI&%Y zE;d7)zBNPor`9g%j+iE3C%xa|%Pvn09Gn~C!OE$zQT~Yd{n9T3gL$3aN^$^H- zzp)MD-lOIEY*|0Q%9b8xq;e*nfK}DiVD#%;gZBG<VJU3H_|E>$hwQIY zdvSx?NfNDrZU^Ai>O+_FL)|hf-xtP)fdc0J_hi72N=ZvmZs&%Bs7U0?aSM8mG~;)> zB3?wGE5bfcMy%X1-B5RUiBiMJJk}nPjT1lbL^uX#>pIwhj#?ag=`{4h?&sY*AOXI2 z)M)!n4QEv0sdgJ}UPH_D$+CZ~2P%guXI42YNH!XOEpw*`CF(y?uzFNQPr zbOFubKabA0l!SvKW_8;EQH3(R^Yq!+bM(MW@XunfwE;o>9TT1YWQ-U1-irBY3W-=m zyZ2}1AVRU!BQgy*P#h2njw?3!TgCAtXVX+Rb;zaX-x_Y<= zd=HbMQlBmS7;-2WxLN5d->%oNNvQuNB)MAaCr~7Rnf+g53<0jUe`E|f$I$qg5UHCH z*ciGAmZ>yd%63!VP&0|Pmubb#&AlWMypS66v-KAMn5_P;P}q!^V;oQkI%EFOgyIJ{s1B*b$PlKz z$`Sv0_51<0$9kYZ5)p*U&Jq+zP>q!D1(ML%J9Q+Aqp|xk$Hd>Qkw{noH;KO!oCFGj zlP$j+oap?y;G_;r%+s}9tTYJsv=5kx<$Zsq-_ifMEu&W>qmEvnpB2z9PJovr7$9?| z$KGoW^pH&9_Q=4t?0Qm2ak?g~@}1#;Y$w>I1u(goQHPk#$kE7;Y@UXd&$P9~bId?hU9cc5#v^Z-G8O9MthndiQ$r`CGR(|aX2+ffjUj0$JGSxV0PI0sB>Qio617r(+$ zv8kk3QuIBnQ*1>b@B^=*cMa44C!;hI!02JAw0>68n(TG7SL>HzWagQxc5)-I#WMd82(=gM4b5aj5 z!ickhj-+EqbsdEn6Jp8f+K5-<`-7C>Y|V;uwXdq!XOwk`?EA*UNnq2AZw&{77xgrBf2W4JjAD- zk>td96VwY}t73&_`cCStR)dObyeg|Ivv7UdIe!DCa|NR{uIy9yF*hE6b>L_;SC+SKs=>K^ER_dyGJNq-ppNvx;8qPua;conj4;P zefKm*Q+-i=lghK>?oIPzs=wy2fqPZODF!001h^5&L`gArOgVT5N-*#Nkh$Iu)Qgdz zL4XlbEeTBs$xknV47$5Uzz`+QNSX$1rR~YR43z$;;n&Ev(QQojCodztY4<;qp1_vA zA9T|k*mT9|@PX)5mrwWmj>Gy-Tl#s3hTqO=^tg*mr&^p!DtVoDV_!(t8J3ZstabbF zLUO`667PUsOilv2;0^)0uW{NEAm`}rWxD8LmI8--sc0qe({;xJq41c`&ZfK>;Qnuh zCqBqRM)|Ya<=L>a>% zlZTBM(!lfI&rc%QJN%FpncUpvNbG0k_O``0TI^B6i153!8QEuYZLN!NC1!Kd?!qTp zp(w>veY5jv{cPfnqUtu=CXuW-5II+*kydG9mY#2DG>4N$&ERKvy z&A%AFW_t6;iziO(DhS!>wb%L?lbG@c(6vNn<&dcXv>qGby=|0n4+1JC?3_LsH{b2Y zY;ajme5OWR>IC`nL9%#SOlX=Kp?tsiaV`SJp+ra6GyBiAvMynstWR^l7UB8N;TrHS zaE<2U02y@fONB?f6z#Q$5B5kzJvXTi3HGx+$@fq}dySkHQwNfhC1y3|)W#b+UY6XSo#tAo55U*!6Z8$G%m*mS%H6L> zekKUvRYaOB362NS!rJ>@+t!^Q(6_+X{xiBp2)u7Xc}vN`QD_MQG5=Hhi5jRK;m~zU zj&HfzQZK0VK$Q+=Q=$kp!Ftrbo8PcHZe*J9Qx3kzPIkm0ExpU*)Lu@-l#-8qHF|v- zKPM{}3$V7#9{yJ4ICfG&2;7^(D_6mb-qSjHbt)4dCmTbvpspH5s%b#bi7gJ!_7f1C zndsTKoPvueMtvsfndlIJ)^r-%GMeTqymv1sN5GGZ9^#>%x}xea1XuH3tGwI+Qposp z8@UM@=~ARy&8t&t7(+@K#cVkD0YGk=@HPh2164U20-Y;dm$*Uj^Yx1!(3_Ax@qHVc zjh+t%L4?5V+;9+E{wZ;0xJ0HjG7@9_)wtKlj4C{7IuSJM2F}QQpfGIZh|Dxb6cZVpH{iIkLS$vU6g<=K*M1m4#7#oxUipEpd*V|u;7L>#6>J4pOMMkL1Hy}TABaE^3K z`vEU_F*_kHd#CZ8=lTD$lYc!sG2~F!^2709`h!iMO=x4aSNpHaA?`}?dz+d;PKEUz zwu#LTI^gZF?VHH-l@JE>7|MO+K;in3qZA} z&>Ey+O^p_ckt~w@HK1H`4iEw*Wi$)2lXI{zWHg&}kV5sE_ej2+U_#sA6ereyu+^of zz4{>`AiO;Lb2DbTn5-0n>0!0@6f>K*jlfCBq;PYArmA5(DfkS9brJ0{dtSxI0%Y#i)`rxS*V2}sfl7r%@3eqH|E@!###06}Rc+BK(0ly2x%++k z=U8)HSycc8xHl*#*CP_kGR;VI;1};5HbnO#J|FaRd`V0u)^Z|{0|IJQ8!m;ZYG=Qn zah)Q3;Ha_YST*b^7d*YzqJhq}?t-=7_5Kn*-^y<|p#^q>7Kz$8WCB&84dSa%S5Pb6 z*1P&?;^baG?eo_#Dk-w1w`G?`Yv|;v?_8P)ZS^*s+udI4Jf9RhX@YJ6zFn!;b<)74 z+hI%6`q4kJKlWif)wP{qYfee1K7A@}m`fkI&o>`pzS>S?@sO9LS^`(z`Gn|FHw}mB z3@}0syKR`}LkKI*weeh+(Kwng>_9&Abh%7QYhY4SAwL9@s9+8%hAFb7=Qh-QAjscW zwLP%fb;NX3yKtDge@=WjXF6TXP!G{t8}rwjMfy;oB|f3k!BTl`TGO&swbjUxcn0N} zD0*N$P$Wrn-__})+!KHQm#}1g8Us)kk7!b=6gYoVgz-{BD0bx&7I%IO7_ zOf4}BqKKbVr#UC$v91!)B{v>xhx8SWc6<@Pzv4|q*-XpHGZOO^{6o+JkR$^TdNy-> z(z-f)Iae#jJ|Jn@Xg_+$qmH=ki~z*p?Afzs9E?+~CsP;JTKw}SE*0iT`}n6zBrAR? zk=*?2N+flfk~cE2iK3j@JrC)|hI`@Ro(^1-7~0BI9%ta1rUuk)TH7qtnIj{TfwAqj zK!VxfF;6oWL?f2Jh(;2AB^nt|d4TIu>%Iv2k`?~ZHO&Owj5A583$tCK3AnZnMirG1 zOg2P0MLejc_|wTz>TcIjX(KXBEZ(K-;ss8)@St35;HLAOV6BBzgrilc9@rKpCMt+U z#=vKFfOJrAlH(#v=aje?SsMj@vA55i^ndGDtpd~-VmpX;Mp{WujxM#lee78R@b-%| z&#hnm&_-^-Hgc%oU$KqM3ExlDx%?&RNz(O^*3tGV$yx_byR2fA>raLu>K>L1-bT*u zx+rI1x^EJE*OWO`jq@gHn5;TDBQFmTvpinGSQ(o(9X&1CqaCLJ;_qv}3f=uk(Tg)$ z!kAcJ%K;k^%Rp^TQkGnzu3>2t3VUdVc%ZVbl3_^pPVO8co{W zMF|f!1Bw9ehrATA6a?-oPg8q-$@?{ekmTGB*X_x265_4Zw<@)!kGdp}Tb(#v9DpIa5z*t~LQ4+$Bgl+}R?pV-+jioqA;@yd z?*JJaQab%g$Hvkg-2hK-c>GcHaS?6gM@E%iSEJASVbFj>ys~90qQgFrmwbM_@O&?O zCirqIenZgFlo%y?Z!{&{8hWA|xN|a`Gu>~zeHUjei-K5vgR@e5F)+#Z-S90ik*FM7 zIj?mEBRl@Ex3*qdb@BxXICe6*k6)cjx5^|}yKx)F1DZ8O(rF(}!tT}>bqxGvi3$DR zN=(ccrm~aSUrb;+e$*4=QK!2yE8Y8MCYYHCFc%vS0e2H;$uPx&W3A@~3O|4Kk73ik zM<&PrrO3qLaGL9<>z|?q4URRGg^=W}-gN0BYB=^Tcp{43dm-uCd|b^7Kf~+ORF{m4 zdt;@;VQMwL*w?vr@%fz@{5{A_PP%jE>K1R&3iw*dWIW(`;c#pCsuBxMlK0U*3Ots5 z=DGStH6r%1I4Lo1DQOL4cmK!L-HzJ{4eVfbQ;t;v2^4o|W6B+7mtNS1>!apwF8Eru z)C0Wa9AN;e3#wr^ACoXrqlv6I-zOTZ8EaILw;bskDbVF z@c3Be9zZ?>it0jM?899jSpnN*SJ{$ZXA*oJ6f8iRbm?D%By#)Sxt<_4F%CHJx%aO6 zHApZYwq?>e`AVyATNi;{$i?1Br;(RtwSLZ!GrRH4qyD+Biu2nVxj!GSqr1Ca)E@NK zc9u;7N7f&{2K6gq&k8QpCP~AzHeatkq`@kZBYd3JRWk`;@B@6TT3fn8AE>q9ymo z_!G>LAX2td%EZo$7FRge;H~FslVo-A0d~CfAGt|tZ%s*}HyoBkJ zC~srBZv*I?R{(tj#^xjl=$oJBo&_m4B#+lIxOq$?CC^80|}WSlOb_saC)!4VTO1C0t}uQji{8g# zK9%@GJxMyHzsQ+2j5x}|7o*tzX(d96fG90aRQ{e-zU>4i4VFU=5*K4jtc6JfNoq+6 z>VdO-KPcPkr~Gt8QO~oR1(712_6bIJPlvi>?*BVIiOT;;Pa-Bqe8i|}s}kaY8s24LK3a4EOgab{`_GO+0KZO2WpvJRW)#7Da;LId0p!B)16gRB5RPtp(QN%%`_ zO1*xQfSkGxz5tt;NS)A#ZYc>NCLmcXgQa{BV~SH)1x+vyxp5$){Z^*(`-Atxny+xcQHul zgL&eX%m8+N@nqMIqUY|2qEF$HHvHvZHh{j4Rs%11QQG?J%;i7dHTm`xeleiDPoAZV z0$VRbwPR4^#!=l^SP5r}1V_&1`jYEF$eHn2FpBp{SxXYhD~yD$o%vj^)h8fzM#t;2 zGMBwv0ppJD?vatQj~D~+o91(^MgV>zZLxsgpga7xE#Nn%3$BBOul#Lb<_qT^4$OR( zcdOVAL%4rweQIJyyT+7X+?UZcR6I4$9j9hWx_zL{?o zEJO4$o=jEkU6W9r7?{i+?DX{nPEF1siVyV8tRrgNPlCb@YYah-$6#Ir4hc6#s?3`) z{0m268PRpDK}oxa<`-6^0!1B3EfpWQyQWy+TvN%+wyLixf!zm-d=Lkdcq47_8_G@s zN2xh|c3mItTE7|0X6nu5QD@HWW33tIN6l%hx&zMHc8ZLc0L|7cBYeE}rSt_G3H}!w z38v>&sJ*2MN4`j>S;Of`pG%sF{;_BLN^;uCxJO0Fm!;LS3Xi_;B+3+aR7t{IEi@u$ z-VecTS+QJ~$5%}VfzmU>4WW8G0!;oTSjoxrsv;${cSiKpT+5{9ZHAi;>@G`Nt9yV% z$S*+xkV@B>3tjV3=A{+7w9!%VfVcnG@`+WvKJ#@fXb^GNo%RMo)1&!FZ6|F>8*dR0 zZJ_NQhDEj~3yLRI(!VX92s%c0zV}XsuC%=~SEcNJ;j#tj+nfx_u9i#>Tz+{BTQ4F_ zkLPac&%HFILFJ-*sHS$8)#oidG_xO&Sb_FuJ(&pI3cpG zKeDfXt7&K^w5q6k0NF6v8HZuL?VjfLr*KDcD2~THM$fNu&~EsBCehXiRCY+QRxIPBUPtu|;IRPn28kw+2=#*#Lb=F17`il6MSSZyAW`L&0E)@c<26L(h)Chvipv|E5YfY7w z4<6O~2{2g-zf@o_9Al`J@F!ZHtk_P=nmK~8=dfO~=;_4Wr`EHxLLTHE(bIZkvd2TD znv_I*FHxf(0=cgBw$*hc!KEnMN`3b#Du=Pkr3AD-jaNPtTqDu4&Cwj<_BBniewx7k1xdyiKr_lDh42U^%gP+(Z zhkT}XIml5BtzhAh=vn1G_M-gk-5}zjEJg{6RHZEH1OYrw)t<#}quhf>w0-Pe>rZd2 z#5M;?e{}iu)1+diYNWoC)pVtwxhwQf?9*(fh%b=<4p5YBuLsGQ9d|}d`B|wn4BelS zvgi}<)dRixl#9!Mu4oX?OKmT`2+Q-j7;5Y3wfnrbqa?QLHWq1n5<4i5jM)>oi+1d) zq_7h~G>atPYn8ln~=jD30Vtg z^IgGTojvyn|6Pt#~-RQv+rq3pMBXT#{marKjSRp%7;&Hu5rD zp#f8m%LePYitx;bJkqAaq_&Za)6@rJQ+S=A#OD1cwS7E%izmG;=!xo)84=5wey?*! zV_V-@twBHz{BuBOYUL7x9=AIAx`ZPac6CMb=X6{X&4|;l6{lQZLzI zK7d2X(JzE_HSooM(&kxc6F3NRBU-@eY(s7x(%AuA@ISF0 ze~(RS$YS4P6X0)}SdY<*ML_4LML_4qe;v>fl}xm@ji1JedxYj<+^pY|u9~jfE6dcWv%!C^ZQVD4!M% zFEk5%r@U2Ntkt8u4|#x^sfVca?3j{*xsE$OhbOBD;A7Kze_d(NQtIhyd zl!xE^t=d2QtwtHY_*bg=U<=aj#?JNgJJ;)1YI9 zKu()fZ-mZ|GmK>A4rrvnON2!-F)^UH>;w~Qyj+h+Md~#DtG z>KgB(M%YZ!7032dkL%F_QwcY&#XRuiqNxP>*|f!*93i+;OSLmhr?I8J!p0G-)vvf# zgIG|2v`fSdV+-0dx@NTMXNgkAOR2f{9AjCE7V+c2b!;tb_Ri*?dvCZETdq+yuh$jM z81dG^E}!t$hf=sH41F!sb|L#W{RauCDXtZ>`HQdR?A+>Uxhi&kyS0pA9p_Eg(ZUKY zRtI{3W-ij9={mOUi+v82e6RCjdi-Z2y|i})PuOoxk0fOY$~%ry2^;L6NKsA>n$E?& ziaS6olc?mIdHVe{U2D<(2&Q|FmqvH1i=#aQB`-!LDYX52EcmK+Pfe5~Nd)tem(-E0 zi2Efv>Z_A^ed7akV5#j2G$IFOPj7k1*|tpz{!ym*}E!Ims_Sp|--?6yZacmpxX=m`;_?Gpzi`qmL=sfBG7)kyqi0#>M%UC&UQ)?ntg?Dvx# zWeoXm8+sifZ+l|h^7n5#SwLiE{ZQ^2TaG}ab)4TS@#s?HDW{DVQN+0W$w()!6At|= zRre%KjlH&ZqMuxtw&{K-gHjkaHGeOO?ALH!djX0^w7Wb3Fdb`T%T*uS>r$njU&3T- zxd(SuQ71LWtW(w@iH2yJD-aH1=)kn+Yd}u|+xuh4#whUClF-4wvy+(p13QWEdnJtl zLi8H1*Dk{k{tnRDwgBjK%tZSBI|A1$YYUI@RB^VQnaBD2*kNC0Is%_oZH&?Q5tOVd zywOfr4$Fjy@=G3ROiVjwFiLl+Qqr43478nSCct5iU`I%X>KpKY6Jr}k<7qxo+41TT z&^}3q7vINSyYH}Lwk@n{$>%`V`PgsPQA9P^Z09S?p=Ke(CYv0#ICR2D2{qP^(7g=; zfnz?$RA91j;$JfRgvNVptYAA#+XxL@o0vI&KMk8)=uK0%_+Q5k&!akwS};Z2x7_s( z`I$ZNYcP7H5}*Zjo?OnDp%2ggj8dh~SzSYBt`B_xv_86mjD8bztp13UWvT&fR`KGR zsadkK^?<`nJ9vKSPAW9OM;avy8MbmqW&()L)9;9m!p(s4Z+=n%q5}pH9i$5w0U$b8 z1&B^>$TvhsdjfdDno=CD6&yH5hkrM}E`}I?tXTaPa{O?NeEWxAh?{R8|B`}y`}mKc zAGbaH*>VjKfXr|rVS))8%ovh49t#`+cB`^Nf$80WS{T&JxFG~KKT3}*)AjWfVFQUu zNq~;(aO#phrQ$@+@pr39W_0bZcPA#Jr#9`s4-36WLw-#lB;jmAl+X7*0=^;n-=U}d zm4$$U6g&q=Vu3HpyYqd#hR7)n1Z^++nspZ_0d4jblFF_!g-I2t4Mes1bO7AXf~17} zD@h5EW^I{)NEz`B&;X+INaZ2o_BtV(Bu82ML6gSr_XE8tV^RLgEKsrDA8T4lvij{m z)K~y0HJV(J%j>^|+W7brC6DzzCvk;dorQ^}RIJunX#~KzJ|0C{fVurmiOu%$fDoEw zRUP_sIui>5hnyWNsUx#QF4DP}50$uI_V6m<$=Fp>DikLPMe2ZG$K zdhO-}5}B<)`KU5)vvpe5a2(YZYohh@44|G1Sds>s99jzN=^kGL{zPH@ku?BSl=`U;!m^~(4O289pz~x;aGN6q_ZQl)5p6VZ#@Zaa~QEy zLXi&jo!zqivk)1uF86oJz5Aw8IU0sS0K=^oB0D%;_ z>mPSH6~QVld2SZCCvYh&Ly??56KFp3;@DR>3c;=Aq<;xJX9-E$(2-N|Tp}~F^9f(7 zcDN>(iw`&@LHC6mV_|Q=24Ur^@-fdzB+0psu!tV0aMtUllaP8EQX2OjpYqFb&Qd$r#5`5V_Vt-u4KOI2_`jg8^{= zK>%iLPEPD7&4^_KiW1MyOr2>DgONzUwHSWe=<8;iRd>V7ZdZ!T^=8A?;esnrXF48; zC#=XvZEN+w-o(t+E+45K?Rdg5pIPrj&<{f@eMaq7r7yR+^-q^={+nHsQH!7dxM~7h zN{cMewTd|*y%A;_Ff8l=TsBU-IW)vkw-#dqfHUDaiF8&WJ91Iw3SU&Ya>9Da*Gfdp zxQFC`fTVfGF}$4X82J&Kp$P^8Nn226JyLWRBhjYMU$&TD&m5{ zHisi6J9!}vA0{AiT&P1M&$x$n);S^e^YHrbxZT1%rZr}!KB!wO9_ZV zX>OI5{U8ImaXtBZcskB()etKmV9va32EewrFat(ZxdA~SwebY!J{xQN+Ve!teG6dFuvi3*%=_6Jf3Z9Lw3l(nc!^qCf-n$n7QI5%#3kPhj!6 zm$MD%hg@ghi=$X1BJqjjNxJnK`|b(%u#_h!0bRD8Ka#aArp*wRVfAfbHsVO^(L6%y zcTG&iL3|nO`o1HvwYcVq@J|}p&FW873K{7vH@Bbv5FI1fIfJ8;O(Fl^7pDD2Yr3W6lcc+Z(@Fu8oDu!G*{(J_4=nnpfmwqCiYUeuk{s6HQ_Kf4{a&pf?S;}=taLr6Z4`VihtT-@}0wZmG@J~%RSCV ztafgB` z7?vd~NwDo(zk6u*slpEqht7bG!M+dtR)49r_dNak3%^zG0JH44!u+rqBx1JUAWL$I z&Q=kUUQ?9V5lj#(K(A@aOdNYKpZ`S&b}BD>e?DX>bbz<4$uV@j*S?KJU0A?)4r}*B1Nlv!jtEY9vpu7 z8;gmLIUN@Kr?!1J0V_%W*==8Y-j<1!L-33+L^Ffd>Uz(@F%PS@y5Sk^rW$CnFTy4u zd~xd6CbG7T!dG*kxB0W9fht3?!*VAp3%b?z%&U&{#hn#D!05#@&T4=|;MqiTY`XUc zsvFdlQhVCaWuMSFJBcNy`UM)3!F!jF*Y2)CY}<3V%A-E`!iywmVa3>MxxV}~D}(K^ zxFr_Dr=#B}zN*yBSvht~&_J5qQdAA&hMY_+Xyer1Dat-35Sft0<`rs(aIrEVH^}a^ z<*IZS|G1e?_)9+&CQ@Y6k4FUxlheOanDh#-&@?s?>_r@Tn5u5fe>7z@9rLwpCrH01 zmCmPADKnyv(qD3Ap9lk8%t#HZ&8LYeK?G%T@{!l&)7HoSVgx6xg5P4_)@DE|X>Q7B z5xwUnd$e=DJ{A_K2KrR{xMU}W`Qj^wJ_hq2pTe~o$;10b$X4V#C$D5!Ca;h17UQvQ z*)IBX?Iq!&9#GZ$tU?g!?5>LQD%~=Llj)d7^@!|!D?pOjl1t*qBPh?sRodsG?3G3p zlbfy{Of)GoQlIZNL<$Xz=@w=hex=jpH|s>rZfc!g#(S)@1JW7JROnl)O^Kla3KKA( zFqvL082|ls5#+|%fH!lGFtEqO#I$KOuHuMOk;H)8x`YViXD%{M8q^QJVue+xAN!#& z`E|VVO<~fHnSNmkC`@9~Ym0^VCJUt+suuRp$&KpSR2M-nZHS77W0fhze)2g|M))yCi^QvsM!HJU{#$T z4|f}D=T3BGLXoU;Y-PX|{@21tS|FR5g8tC{l?j9;XWp%bH|#(Gx)YyB#}LHUpX6tI zeV{@!pCz0ES3}MuB;?o#=6ydd%=`L$YOP(E_XWNoV&6cc_sPDP^6dVjw9FFj03DBd zFc#}q+SArC;6ucW>E98TQFqr|1z!ffCEGeX6t0i23f#mwWeNT^YNPe5Q5(}GnBMMC z`wz70GxIpTvsJRFrQ@)VQ67fsN>BLv%xd#z2RR6=cpg%6Bx}E~LfJq{N>{Kx>&6{0 zau-yo&T#d@str~Yu$UAhFSK3x>=4~DU+2EU#Qr)mM)GfleFefHbhOX%-oFIHsnm+5 zd0}(L%KaHh6qrF^$?7gK!5zP+D9OXpG5Zq_QLy}v5u8^ijm`8_Sm4Xkv1{<-RQal` zK_$4{eV#H#``)9z2yZh|Ja;7Q-JXn@bCyR%`b?3i)$XzTllVy=KVl;}PEgZiM9`b0>c>V26At*?H`hR|P*5?y zDgV^^9#WGlAZVmlY1__kAL(!mUEpxY|A51ptjFMPQq@&UY^bz*SyLn%*D$*~PWU@T z?y9b@gCe{ltwrzwhr2)Q2b`{ez{IZVo6}VwFu^VSKmT>3>(O(+F}i*r{3)aBe`ewr zj`S=;>{%@|`>s7Qxv=XkvFHjio&EW0_XEA!mD>ffY>nys4&=fze{|no>Im3=H~>C+x#zPB%xaaq~rw|iD8OVXcJ(L+0LK% z{896jZ9XwS&QSp5cxwSbPP0stU(_hPB%3ALJhzK|VfFVa$q`t9Rjo4^ZF+Av-M4;P zbs88wT<)Z!@Y2O60x$h{vp1eSZpJ4k{8jSgGl_GfwuYkKOO}m&=k&b8;WFglM{b~?K*D*jP$210S1B2jBvJEcu@H45$Su!p z4dCAgaui{u>;9{vl8{2Nf8;6g!|f&(mWUxfx+6}xbZUVDs8>rGp=iIWh#G;a(cLwk zR*&LJIUnF`7^vtX^5&lyUcVPf z{H-2s(Qr6BVY~*m482b(pAWRi)$U5(4pZ76C7l!Ojeox)V0iBORgFrO?tByB<>Awh zPmeTdgA7mebbgdbwyLW{20VhI^SUO8tgtF^K;fzW ze^^z*F~U#%tE!U8oDT29ark47mZc?y2MY&e;hEhf2r1Rj>8En}3ksEcPU9f{B<*n%^3!}9S=_@4HaFhh-&7_w1dt^wPO8e1L@sKk zuo!ujbF&NZm2|Y0R{y3_;zT$S{`aMly~L+s$5rHt$5$qGVfjc)p>PM)MuvBrSYwgN z#Ea;2a8nT6s*^RB&%_FM?N4HzNgQDGR-JDHkf-%goX4Y%q+yjI)S~p2&hGzP<*R)e zpoRH1c{8l}%jAv9kI5U6e=vD-)y6S@lM)w_;_ko zYdZD$C<7Q=#Q)wLu-SePie4a}@Rp-Q4}8i?_L0hM9FSkoL;Fc#^dQ8tz;5+t=qh@}n+D40SDfTsXtpg?20 zHqT9Ldoy>K5m*7VO1wCJgq}xlFiz7ZhbB{%(AL_I#og1rBj;dVqo3b=8Yt5t0*2i` zFu%rR?Y|TJwel=)r}W=+ODqCbN$7{C_wX+MOuaYKg7rZ8rL_#^=8#vwj5wQHXAeNx zj#E1A2B^E6AI?!GtbJer>+c&`Wti@=xs|OpXACjqGaQ`TEu!#}OfppoS2$}_@}z}Z zNe!sLpqr;Lb;uqKf`wCl*d=J={_BJ%@L^U_hy}%MK3Z!XJLzkoO&Zc+vYFd{6_do9 zM8>sW7!2QITH$C(cjwzg|0H4k2=||iL-$? z=!ydJ*XKj}d#W@s|J43ErSgmY^&ElGV|J`y=kcbA<0^!deIm#m=d$Du+oS6GcQSYG z*gawwC|o9y?(OzcI4a4R+Tlv}O+MHkJiPfMeRT-?=h_+vG>5?LPkwpE^$}Ei?Kgvo zcKEzk<;FPjHb6Kdu)ls_8s3#6b_ss+%b6-|K(S=kG4LC;tosGJzl{I|I@OVsLp&E8nJ z^gX+iuR&VO0p=dSvW^&oZ@t<)Cs%Zt1xEH^F7dl_IsPl45F3?J)w^I@7w|{eht0j^ z#qUb=GO|45*~KbTQxmR5S5Qj?3&FqYcO2TCk9iCBV_#rP)(94Yn@Xy}ZGW>6e5GoN z(8RTo6xjh(Jqm>|9k8XHz*^wqYY}tLI_&D8<|ko4L^qHXq+XY=$b=1I?5hVWPf1eZUKL)0}1# zx__-)`4)xz`&E%|pWx4jFMrJ-Fgm-+=kw>dB$k5W&yG+c-dzSlsy(g& znghhs;Be1F$DLa}(0%Y(sX3}>2%~VW8K{=bc(n`}%?&h`gaxmJA8qGu0rtfr^W$XU zoGGyJsmeZh6G!$-z6y4;KK$rg-hLS z?oGS_AA#0z?c_lP!ULU}CW5pUmJ$<;I`8fmInP zFDM~SHCUEszDlCn0k6?Jp(JXy~xm-Y(ylM|V0``2eS%op;*MUQvE7Y5Xg3qOyiu zFd#IEl@tg~PS&1BZTsq|1yq+M=+$wd165S6Ccc$oqJ~W26uU?nPHesZoI&m4^$L&M z+q62CNjV_5@U*73eF%LuFjZ(90qk|1U*q7|F9T&{TIttv11_{hN>y^+drdSPLm8nk zGm^Zzc3^4Fr(1J>eIxH#Kt^Euh_nAy(5sQ%bBy#M)0EGgHdletq^dE`GWKdF#4>N% z=VA@}4yOn4b#Fj~MO?@`rPNf4GJLuB6SalJmFR!@||_X_2CO zU+}PJ;+zpBP|A=+6if(@>Mu+Pv)7@rXWu|@)>5TLr|H$el1vo+cf7BmPckp9Y6=fJ z^tE|F{FrG2nXG~jr|t6`7|kywj&Zl>E=u&;{3C^e1;bzF|`>H=0xH5~NcJo1gk6dh};FI+)Ax?!?pkC2D zzg@hNmlY&Cg}bvwm!et{nvmtz!u{n~dC3vRk(^{#TGuRaUMx*AzK?X6YJS6V%J&Rm zrh1r^wY228XEkSl<5@U-A_T`4=trXK2;#3P*}DUnsa)I-{!N%dC&fbG`QgLRe9aL+^+vkO6kf6pkVxsZ{`58SZu?~K-|Ysv8Nx&fyPeK!mDCy`pe3qDWJJ?)F8yF z^C&GPP}gfd1}>Ke9Mc1<(!hZ_%!2QHPu5rHx|IC+ztftCsKH95^jsege0m16CVWZlbyCjrDVEk3z8xMbv}ZNR zdn?i1L53oIyQ{XO8o`=6FcFoHS`C0s&=P-17QOu5hX(C~)V0%F5j*O_3&HsmHMk!U zO??S+vP2*{$h?gQiSxLDByoX=^j#}$C8g@tlnzTVhW(=f@rQdk6&sc>`D#%hO5*oG z=dfK%V^$8b@v?Gz)s7q9?+;uCNtmr8TXMSYwwBP8;QPWWT-~iS#L9L)QoKTaA;pnF zHBj@Tg(-QJ0Xc~7^)0Z10s4}y^Udma*#bdnP!q&)*64NaAUQPUL>DMvkqu1N**Zh;Z!(o2yH=3N$neKrv+t*j0IT6O%JOy-s!M$3yMV*Idk7|dM)M~( zi`8CvG1HH$w6i?IDj5?`ekZ{|kTZRrY@Sm9hXA<>ERE%U^V$4e$#b>>@2>GED3@0` zl=2U^bUsaOQr9yM1H*4)aW=mftpxcx_sjf?I@pcVwgGwnjt^E~H^H;`1$z=iM#?AV zB3SCfrb!D|6oDnFg;6^&Bh69-=%;lo8LF*($Ow zak|AKgX?E{%9pQth9yo7lr!TBnkYx(EAb0WlnI6_>J83m=G;d06YyIyhVgz^y%&VA z%bO2g5a2rTL)*{(uTBbw;b6G~6B40axZDm0c&I&6%@gT_j0V8-Z1xdpc&x{LTtPn9 z@ksSjEjyV=&)kmVc&e@BHiVzE$O+B|dOgWeP!8PgFke-bDm$a9qS^fv{)l17t$}KP zo)Id^xW(JLB(6bMl$0i!zg)85>5@0J4%B$i|N~hb0Pqk{C-9OEFrV#Tw)Hv4+7NeCH8loq| z{~5M36@FuOr^ReP-QTy0oT3g3nBU~7Z45*!NzASj|MhI82f4})(G(Zsaa4-bXcY~m zXu}nL<%Qi9fM4_73tP$l())iZqX2zyWY3vnkDlaP8TamdB6l^gyAxYoaIE?`6}-$` zw``eNbgJT`!Lq(AyrQB`tA|5j`?9&1FXI~Yz+oU%Dd54A$CEE7FQh8|+~mg5+m$AT zy=xj$WYK6wB7Iz4w;_PC=MHV`AstU0+uh#pTXK8e+sb6(J)SY>O@_)N0taSd_WFv{^p=;I;p(~BAKqRtA`%eLM_Waw7 z9}SIsp~yhd{m>IC?0Qp6h$IoHx}>t ze$BOi{xlf_o2t$}wYV$+26mYBtHpchONhvSof@*}4PNv$EC6cvJ}~KDr_#AMtIfZ{ zIDmRy4e`*T+Kg9ii%(>e(;CX)+)jt1wH4mYdB6L!{uTQ=<{<3!J z@3a3CI#lB(cxpNv|23L9U333`5m3enf^q_Azf?Iry>_yd3?VF_kLAHN)2-DeJiHo= z-#1&(AFk79l}RNmIs!K_(Mk>_)9_lE84($%`nM3L7fqo-tVv$o=IN2Xc14>Fgrphn zV^K|{I8`I-5DE`lKYb*+KoiwDFk8~6^vm9%NY@=QHZdR6@Y|Dnrh`WXsO~kKMjZde zVIehz&Wiq*cBK2?tfrmfqUJb$a9Bz>Tg0TC0LOpNyn5262&3h@Z7i2j)kmx?FLAQp zTb$60phgrJ>?qxsBvL(t*k9NF*y)@W6Dz)EPEbj#^s@dnVkofK>j$RsGEit;=<532 zZ!-?J-KRS1vcVKA%s~I{ohu)rTIS_T%ZBN>z3KON^pt4ci}qc|vUE9zp}Ziik$+}> z#R(4&+&8mrfq1n(YqQ>=$*Zl+F}IYVY+LYM(A7Gh%z4{=!RMoes8iP|uEipsz{tBy z%OK`4Hs-AX!A$oDOOwn+&bCoaSiq?8>9wazc?aqUM#Dq94`@mS#-t9=ya9)o!DsK; z5*qn#<=sWgKmzc2tYSsye+59gSdf0Tn$|tnsY(c9Rjs*O7qJm|-}8jdy++;P7^q^5 z1#j(KU&83v99Z%wSC;&*Ni*pU&YMg@YHwxfg14H)i`XF}Y(_PTH1I3rM81wq{Wg5- zX_cKS_^?e=eSxzkaL;UAw(|g!YOq!5ak#Us)}9|aF-g_tSdS8i%^oQ!odYU>AjTTi za5xNmT{{iu@NdnwwHQPQtYo8l&;|3154t?bTRb_b_sb;1u|_k_^(~J1NqF^?S8dGm zcFI00;hIyJs0+vI@j(6~L=_B&pXpa6YHBI(PFJG9vHzMPVCtX55>~y4X#Z)%sZI>q zH>s*mPhg%ld7U|6K{9@MPjhCIeq_}-mwg@Z`ZbB3oZoR-C+P?|->t$D_i7{iAl3}0 zVhzqFb`SgG5q(w@`U5EI40FxDe9%+?phvaKv>m&L=~=y~bEkBU|Ke2ohS+NJ9UDcK ztU-+naki}PDFS@N!_@=2@LFp8?6C|r{O{yGPHNN>B0~fYC+(wDu~Cl!gEP^Z;S3lR zQAVVxLQA+k9;iL$8VzkKmy2EAeS&Tn5ukWm+tv%6;dtppjVm0F>shk)D;a7E|C68m z+{c&{{t{`wb%CC7eoI0U*gn%3M7>Hp6&N&bC{JNx$7os*)2w_)ZS2>&F=RDk&OV#IRnUTkcEZIzcpL3?O}VzD6#%cl zKyS-C-vhRXtuVWm0*jy6y3_afW3vXJV_LI_s#iBaZx5-S{z~_^TXbJPyXxG7ODPXE zB%qN13$0>wm3(O}AiR7X(hg!Ge&JhGTq3+(d<@M)jn^ z^q?KlxL8R7KMW}BEH*196jvvXj_084*Ke``a}$2H``)R)Zfo>X)p9kIaP*}^P+wU? zxxmU~Uqbs)+U`?>5gGaY^ESf0QBI`=_NsiKansxOC11OTBR>(5BXKCje1-A^9lmF1Lb( z!13fF<2!!y9J@t_WU;b@@INVX{6~LycAB;oXEV54FXH8g}e9u2+ePrGS!BXtFx5L9l&K3Hm>)b%CPr-OpaqT(Oj8MeClIDQY201 z&s)?`(s{KiZ(>B+&z@>vJqf0s6Ws5wTOx1|tkI11ga_ztB?nd_ z(=$W{Qeo)B&SEZJPf1VlpCwJshD0Q20Giv)=37SnX~<8AF;=|T4UeCI_6I`iTVfU; z$*Lwj#zemfLi6zW_VqaxLpsda)e!t)BNVK{iF-@m1S9yl&0mzU`3>T!c6gvL=H0O% zAD5Q7S&-ZvhH($Ig^k&oInPY1*91+m&3 zNO#m;QMiz?U`tKCYI4^a@be4z^mZ5%%_kl|KEu=E_gar%HjbETqZc*oF~3ovtLKw1 zF&%$mdAtv?8q+GimtO*(&C}a>NcVBx{RVb~*Vd6D@FzuCe`(WbQBJb%-drO^gjDOn zO;kHRY9l@^eCTEIPG)lLeE(6D3qXZ znr`u*lF-4V^o~L>N%1Q}18b4&DSvchopp8NEaz45lx_`Hadb)qL0v=uUf9+45!7UU z-Q!8#_fAcX3&%oX_jUW4T_K^33rjEq^KKS(w%(%~MvZ`VGx7MDz_j4Y5((Y;g}62B z_taSv>U9Ve3X@T^Erct2NZk-blY!Q|zz@z782XF>`%mh}FRfM&v#4F^%|pX>4ju+SAq!X>K^~L=_yKT5Fv!jW-*Si0ZsLK*^cQk&MViaP^0k_(s z|28&B6u6TRns-c5*v-si>tml*hRLB|gD@%dZqr~VBJ%Mq^MSS*$H&yueRde^E z%3DraE$T3S{FI2r4%jaNA!UyHL0&*R)pg2q&$n$*B&V>g5;e;y^#VKp(8%_OiHWM? zjV?Ugd;0cSy6Zn|3St>(fPA>v2JA6i4bd(xh}c|t6WRnipN4@Mq?sZ{DbMmClf@fD&+%b_|2h5!X%0A?Co=;$z&%J6| zaq2!jtN>Z^pL9=}f&^@qPKee+#>GQ*ntJKLb@V&!v32UUcNhZt%^39^5xNeIs4MY@ ziX0d>cv-%itv-!kATAU}4>a+w2Du_Gq3%9DU2d~Z7IfsvX0+L#m8P4uzOM@jKpG&b zH9Ds9ZOW^r6(WHCamDU-;7~s{LWg@_{BOAyX(>p8q8?F2DR@49!W;Iw*YdP-IS9nn zgAEl|iDz3x2S7q1(ARnR+xVZZ$E0}=>zNHTT;u)xb(Bzc69!H(6YV0#n3R_gWF*4a z*yjHP2TV$RGO6?J|K#e^lx=_~&r*2JjHCS8US9iOScq(joBF%p<5)$96FqF)>%Wfo z0K$ubUwREMzzzg+|e`F|WedV)n1pnURB& zoxcj9nWmwX&JZ|$-N(Cc?SyId_=N{yVa-GEWeYS*<3DjXgXk}Xr2zwlv_qkTC+R%% z@@pk=r6VnD-l6boTK%?!uP5;PbOsFUanIyJ{`Ji2KPd3Z2K_DS^g|J=e;VQHpX_~e z_yq8-N3^u{imBDBi47Ornbm6!|9UGb`7X)S?vp!}$oq7t9<8t@5*(gi>YMT&A|85~ zTl~ny*Dx|4cC4_2om*|@k0_pJ6?ae8Rz}gJgw7tX0PwbPdrCEHoNRZ|G=nEFuh!Tn z$=CU}Xk^E1FTAU((|oVzcaSnL4=*jEqTKXHA^3cmWP}z6wVC32 zRjp{#mdz`?9b@^meDC>wpsa?Uto!lNz0uciqTa5}wLJ_tmPw03N~G>(&sbW-&AWDz zTR329gJT6){i|WEpcnlXBkTabq=iV2z;*9};8d#!^V~r_KAkm1n=MVxT-Af^YyC@! z>Z=LxTL(Lgv#u#i{3j?!4(nt5h-=HS+_|^jpB4!9S>97A$fM0Aw=19#Ds%%a&Ryua zPy`gAW-}vfX7b(4fSOdjFL71Jn!{S7Lxa`k8cWI*22iw8a*xD%2~0?t3y|H#zH|!b zm-6Iw(vDn$dKQ?)et!TiIO_`kR;GeIz7m9dPegVwVwL(V3@BlTuat;iNVEZpZl-{o zYeqzX0XAk%jlp*}}r+mmF8{-=*;q zr7UQ_S5I3C^#U;(PDtrm2o%Vw&&*~gCbGNV5-8BJGeO&6VC)U;RG;hEi(Gaim$$c}$1Pjil*{WJ9;xYRI5_!T6zoz7 z1vk{sO6F#>@aNuV5M9#A#L)qK%BUYR;pQyR-OgarMWwwHIh3p=a7Cvy<qO%T}^fJXz*eCjl=NEow?z#EDjaoR{W7C@bmb9a$T+$w|~^K&yrQ5 z)N}=%1pQ+81M$wkIOQAyyPp#dGhkne7>JNJ!k(V_2<&`q+yvHc(5;7%egImRS2Y$Q zoYK25kWzP)-w+Ddboy#$t83F?0En+Tc&pmrZe240!;XNhPeU>q_-=T_bKO=|@v_e4 zwIj-|%N)q$CfWX36f^;k`)G&zh)9jzA&U-u)>D=C)1aL`3kPo@kbV_&+-3d;QLb7a zlTgNU-mE(pj{wgYAJl?ai}dyqKU(9O#SpQx?y7USDME1Nra(XSTA@bsBU8Hbaww-D z`1?yj=f3f!{}RSE`mA4b^wt;?krRRrrei+{wV640P^&6Io#VI%S?(3xN$>^_$POi$f2TOvXN~ZX-Sz2HrBA z&5M=LRyQ6zuH}*m6+LoUHv;=Yd%7z^a}xf2bY5GcI?KEGQKs2fU{>@3n>(ngf0DB~ z(G&3wTl86B+NlYiCgDsuA3wo$1EmzO|E#7l68hA@n;t&XyN6J{!amAhN5Bk5 z9!1E z{>?uaJrj)}q;-0TcW^A-81{o6tm@5m{16{>?>P}{Ed7I{8>Xu$zOk&{ygqB6SoIB#-tjwKUjaIKC5?kIu$j^cN^Gt z;)x(QFCzJeuK*!~VI^m+!Pv$6IUnZT9zlr+{FY9vCx|^A!Wa+EyRu>vU*&HD-rn#vL@>~Wc)pO|UWGZfETQ~>$JMfi-_|4v4%3txi z^qPZ1AByY_6Rrk*MY}Dqk;tMZ345Kz4@_T+Svt2EXn=fnv5xBvo|%WO?P~C z=f;`KD|EX1Mhe}vQr@n)T`s4B?Q;YRXXt!gp8j_S>e-)Uerfuk$Vj4!1yYE)a{h!iI8q)AR&2pyU@|OW z`r7>w9g#zCBXyu8sS zd^VGz8dxh0KZtxJ)g0{lyuGr!(uV8KVht)9RO}5=4!d&DMKUhFoq32IEG|oL4 zOW|G7tM*~yhT9lx<(cZ`4d!gFgt9ASbS+zB`|1t*Ztkm8^rp|vs9tk3VKTp<;cZxD z_DJ0xR!DqNj28gqj;vN~=)RPy!kFK+%q_{MA!D*~#kaCIXr>`@^nGMG>~tgD zyz*_?vXUOkXEAxu+rAO!e}NZujWF7qf;eS(Ca*|PY41y- z%F)M`84LX%*3xvqmVs2Q<}K3dlCH!<&h2zyFj`FzQ=yZE;Vb`?+s;VOrzB))_wY7C z;=nm1MpV{aN*Ur0lJHdbNAEbX;7c5khvbzrmCQ!ke(UW;U2AwfYl`>~lDce6u)%Q#m_pJHlV6kAb{b!-=c9F0LEEK{l6a4)`dyJB(UQc271-Q-I zUM^h174tF&!nvKI&GPV*1Y7&cws7IYKA}kDTmZ9Z*V?Yw+g4i4^B{vtWV`d(_XeUx z!`lYvv+cXtj(mIwYHb@T~~3d`RCl^bL0)bWo=MO)wTVJYLu z>&q4UOBesD<87B(Wl2$9gz^=41C~3Mz(Fz+6+U(%6o*D}3hvfQa+b3OC)-I6K+v*A zsiFh|dC4-=JgNxr`i>FuId*o6Mee7~D0GaYGg>9E{ryXlN z0ZC|xv}canPC~0n*hB%-?Lq7oZr_nMIm4P?BXGGuQJUP{Vvq19x zB^*o55fcw$O+Vnvr<&~Z9YoO;VL_IpqT;k%7Dsi_tc=bTVdNn_;+~0CDz`8a7c;q2 zs-lQhX$=;!1@$L@W#x%NLxezyQwe*F5CNk}`Sp+Oy=VCQcwb1sF@r;^YO5R2w=ZG5 zq{pOPL24V_2OsmavrL!r{7WH*7o>!=c2+)THc^K#4RC#gHW$!tnWmeL^<74 zb-WZ`q>5M-+I%VGR`(g5=e0A`zN3j!VFR+e0PGQ*>NCP|e=a5#O=&k49A7E1_ca69 zegTXSMc;SiF+*v;?_+wQp&or*HkGGTq%qq``!xA+68acZm&lHJJXH2RuptBI6=>2N zUeG{~V3dwc|1Q4n)OPWh5p-q@$FgA&zb=oz?_P=DY<+m8{x%^|K0L?5$97Sm@uZ%z zf%x2zW4Ouy33jpho@8=ke;d?Y>f!AVG<*j=W^*W(&d5gyDn6JIVEKL%uYUM^%_^vV zX^N1-`e?m~hm6=oFzI_gtdLcDLHpDg;3fO56iW85*>CwOCH|v)muCg6%{$}ZsKz6u z`kqtgkLM|Rw29P25fsA1K=U{+@H!8Qp84(Yj_qVX1q8c;Q(eXHkPpRiPrMraQnRI< zmkqg4C#mXl81=D&-@9Ubm}|CRPV8rw{DRoKBDi`PYxSOx&mm9mGS+WKS+MVx{B?P8 zHtf5u7bn3&jr_qU#u=TwaT#ldC0~9%=eJ0Qzi#}0^{LNz8Ot7QA{OgMMhd#%__yrt zC)w524djsF>OM_~7liaP;i5B$g%^V;O())zfXGDEMA7ESv_lj_37bxwbSy8RyJ{qx zfgQ+L(k1qg8QSKo>NyfJ+Oo-F6X`mmzPG(t&dR3qdMbj=w;0x*ZhcX;edxslNas-8b^WmW=BY?$1n1V zC%#psLT*sf-V!?u4OTzb*xKz_XqwFmz3n$qHmZKH) zV^^6b{>VE2gIN^9-fl;lO}_ijSgK{GC0WGI%~WbX+rH_jWh`rAxwKk3dCL-V1$y+h zf1BnbD32qm(i|m@*SMM4KPoV}LCq80fdhU2uxgLQM8nm*K218aM zXtjNIk7^f>`ds7)J5|M0X_-iPz3t))tX8qA;mMJ`SoOfG3{@D7x<0W~)Xk1#kw&P_ z%9^~Va^(pzrWw5#PCbOJ{fmFAma!)JW7D~DepwFPb?K1?R&Tu_Yw7xlGrk$?87f9kSJ$+-6PZ5DI-B&8XlU>h6%d&{rNNBm4C8oQVy&5f|Z7 zhvAQcE4DN|x#0ApcazYfk^)0h>uZ7~qn5=fu?A?nYUar^Jo$+2NlgmRT*o&OMICH70iK7a-B4#o8FQfXAxIbl_`W6BT70E z*N3zz0bZz`)XuU+5sk>paPJIG_JA;ZZNokOu2Or_$>g^yLD?RCKTcr* z3jaJG?+~kBCVaW-@CD7Cd_4I_5;^I5qC_faXjviPXM zP+4U>!8C9M zt67L?%z)LBCFpl*9%A|fzX+lo;X4dip|7etsbGEGV5B|~u9K+OEtmm*FNhA4Z6I8M z;S~EpM5Zih@7}!^wo`0$VyJqcnhzqt3F)6pTcLD!u#pztLl|)?ng?I9WJyOVPe)b6 zeXg`6cX@{dY>e0R8w!ayiH;ftTz`-$Ge+Y^2^zL~{^#6!Q4kd-6YIK_!Qu^-!7w!g zsJ!FlMM?tFaqr%KhQP8C4^xYn;V|5Uq+Z-aP?9BvTW4t8_KMNl4%cm{cVIwu(kcI6 z=bYuTb=?EzVN5#fBuG{O3_93GuP-oQ&U z9x>L5f!h{uSN{~}axUQQKOoGBm^r~#yo?!?O_@L$0QHCX_{^7~6JTUE;BvdW`PvBw zZTY%R{oisY?LPC*D;7EW6!u+k3ywU)rd=E^loTCh+r{fP9=n8&s$(-Eok8d$W1xvu z_j}ueitO5Zu)d5&RT$gOT{RvBFK;uKlZo1aMvYwT{?d!(%WL>xj3~7LvG$vtRMJ9zBe~?{!nXW)!Hy>&mv>)*q>#HyM8JXX97d-*inH+9o{l zR5(5KbNq$vBRq4?x68p*c)rfF165b%w&XJ1-|LCQRLl+K{&g*RLi&5v{~^~r?R2je4;k}6=yX` zWpT*c2yDN@wBk)b!Z)D4*v2}6Z_PaIC#P@-xF_cKkH74` z_+k2fs4>L9J7eKTW%A&aPNPLx;tI`iOAaP+q2 zS7ZGPym_`a5zpmZlgK||^cH_%4M_tlcjA}@`b9iivuHXkElN3m@Vz>(h439;Vj&yvE%uRN?YYtU911f)Q2$K z8rpID3v4}MKA|ih^T~VJh7rdU-0RA`plh+_Qek3mP5G-GgNk(=j^FYh>R1^f(jH-< zPh}37Un!%m43uB_z$lnP5|@LcD2;|&EWMotb|{M>Q`OtRCoVj@X|bj&8(B8117!caC8m0>P`>c~!>G)JW;7)+&zyK=AE6&^)f{ zQ(^c!jt8Sa8nvmoeC!eb`o_=IuU$#K?NgBhi!0Tc2c*aFn|HlOK(>-HtEwZ)h1&C( zUhM}Qi+u6Y@CUKB0?vM}@qEqzT9RN8gb{rR<#7h6!7w(yo_=# z@QKJ^ZJ&obk34|4^&cY#F-6$U5g-04W^WAV$zLT$FQ9%W3yXRNzUCTdQF>q}VQcXg z{p$MO#^G(+Wb~4Z0M5OIt1rS?6I;D)q(#wh0vQh4CvL6@tSddM2w z@kC-riVV?Yj6}zkr1XbhwkKTuh(L}dDrB{mUj7nHd8|u}_nY7XUQj4*dFwZ)(pXO@ z=gEzMQk&&U1NMB`8F|ke(-U6|j;5aGa{Fvr{_k(^Va}by&!Kdl#Pjc}5=^q3iL&gI zh-8A|#D(%(w2$i6hK+J_A;G+4Vqyockaw)yOSm*eJc(b_VYX4)xvo?^Xgxn)_HpY# zu`9ONrQNzXpYAToMwf+-7&00yIs@ZT(NL0aU~Fqy*cf*oGv*901-rTA96#dkdEwZo zeU{Jt^rPfIOz)iW`_m@#0a^Ub43Ls2r@xJG5@5S3)>ZDGvHXvnfZVHR>3?n3=lw?i zQ@(LVn8N_oe(lkVT{iQj3=r^7rW60qXxdGu$D>{`%Wb;4?Z9c14weILtjODds|YzN zCqpKArp*y^EdS0L0ifRRNl)tbZ?f-JPJ2HDa?E{S?1_;XDf3CK*8>%+T6oVYi1BRl zMy$OvNTKb4^tK!ab44eAVc6KdeEzh^!ezwYwGuAxD!=h|S~g`=*5fVE<_ZhXFt;pw zI!^+S0~bn?T~&|z9lvlb1xhjnJ%$4*B(a*e1^g$fO!}lQp9~!v=0`b0OjuYWigTD2 z<&$cb#IppPQMTva90T_&x35fin!Vr3f#wf)=kZTID$Vb@Zeot0Ll^)-xbdr1uC)gG||LPX^iT^s`~S`#fagP zwIA&JD|@C%sqsXu#J{x-YEL$<

aM?_*CdOq@6+U>0@5l3HH-*Q8E$3Prh>%ePWR zJLAC8i4DW0ldeYxl3RH7JMFC#q-b6ISu8F|%1sg5qY3eb&*L-8qg|kcT_gZ`?8om{>L6v`=-{)2P6y74HI7N zC_-gOc4aMdGxoXC?E_w1BT8kp3zo+{ulV(gspZtrraUWNZTH$9@wRK2`6O~qrL7yK zpBAA1bSG&`0@TpBQ;4%aOX#un``|Bt26h*T6o4hX9(xi>qdpONAAS1v*W#5f7F*kb zXa^|->VPPnCnlH%t*^Qko*P4`RM!P&zO;D?*`AZ8RYwz zZ+~q-Kjfl+JSuYbcXj7!OPX@dinkv6CP53az99&gHQ_hX@2fMC9m{|uSk%Qe>Xi}EVrGGDT|5YOc-d~VPK@Oe`{A}`S6vI!aimzxC7`w#zV zz?xj67`-=*X1>2HEuz9E)xBr<^E~&pP5=L(bNI>! z31zWJrmAD|n3%2$$A2@YeX4G2xJqT7=^O~k`~}tFOHhG%fVp zXfi~d$~+UeVeQ(rLiHzzCILu#;Ob^S8z8~@eB72lG}=niO!poWk7rPfK(b1m2f`kw zGlH)J?kQF`@@&y13Um}Z_NboMhkXKD{{;{*836{YN;yM3pgTpEs-L!@ z>)0lhibQ{7{Vk;YyBztLgox5Mt0#~UD1NmrM9h-LBI~Wx6PEUrINMmH$H5xffb|if zd{WihGHrVd{L|ml38d}aVR1;FRz?T$lx=i~fvpX`kf{nLptvA|LR%i}Is%|)0beI#bIgy?0Fc5xQ zG4^nOaH>lQ%aR=)i)4l1`u1PqtOU|W8XQJeb=kk5*4~puT`F&Zb~NS`IAwa(WlGwQ z=EF`$t7BDXIogGusN0i<$*pn)Nobt$6+b4+d;xx_y2YgHRGzwlmuK)ctEzoU-Bg*~ zhCXC}69v|1gUX!s-Yb5?M1OjupQ&+k+cgLS0lt8ZWvL#3Lbee|azMBkK6c zGx@xebGF1e3-R=}(jL+q0?Y0$6p_4fG-oSYVG0x@=U*L|5kTdAF%KqV-!jB9lCB z`}<1qZXrg3z011N9sQzM7vTvdQ_GVg$tV?2u=#S7;w^w~#~0U(+VB*OV^!^s0TvEC z#@$z*i?*KfhU`J;w&8MNON@BMAZg4G#zT-6e@pG=fZXrHhBdJDg^f0~mh7T9eI!%S zS*_F73CILNDYTX$&<+-NJ`8>3WhxA(_Rw295vRL`FXFtKQLCKHsjY6C-v#!n&H_dA zSKiS)!w$R3dp=^9FEjz=p2UXU_OsrrRij1h2*cX%iW^ zxw<_}q-d8lB5iVD2Co|9Mq?5*^gc}STHfYzR?^pMH(B<>a@KbP(6_Q>UkEt842Jmw z+y?o{h)2S+0vdjPXiLhEk=t_45Pb0h2MyUB92bvD6B@AUo|a~Yh#5>te=+w=%)as+ zy2;|iaERcJH=)iiFl{>-v&S)W4YUwsA>$Rvqi>Uooq@X4-^T^lsv6pxV~bS`o{G_Z zowhq)a?js@RRWS%>owo5RwAGDaUd#VEf8lNvcly&n1l$6ONRH>yCj_ z7OY_l{WETc9_lco)<5U%D}Rm0$Q~|VNu{4UxoUE)>a2f{O+ivzoMq`Oyb;S;X&Ez0 zbSwz0FWypnm^hJo{+RtW6eL;TSqd{4v-Aly;rG+>3c_&}SEk|6rl+N*2>A&)(myq$ zFGW!5NK|@eKeeLN{={Ii(C-D?o?4U7mbWU8_HAt2TpVYZ^F$T41*>An?AyBteBl5) zXL6!XXo&2ws$9eF&i=>d6+$6Ypip|-{{h4zJ7yrtd=Pgt`l$N_m|?uN=y#%2RckmT zzxUR*_n_nN=*{!vTJ7BFrAp0B1IHWJSeB^J#vW-dJN(c?$>c+ts@w$02wv*%S|Dy( zZ)dQQdrR6W?#R}7GGG?JyZ|-+P(hCHL`m(RixjRsvuLm!uQy+U?&v@7I>0%Y!pvLx zkBFj?$H70Lh3}Yk&oyg(mGfPO3_boKe=TZtEOIT%J|96UCLI6DmQS7rOxdJap%#To z$k9gjewlONe^1b|f4n8|y}x^J$l