From 99d96f7d781ad886e4c876506c394b60b9ff24e1 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Sun, 12 Oct 2025 19:34:42 -0400 Subject: [PATCH 1/1] Foo DNM Signed-off-by: David Galloway --- .ansible-lint | 25 + .github/workflows/tests.yml | 38 + .gitignore | 3 + README.rst | 148 +++ ansible.cfg | 12 + ansible_managed.yml | 12 + callback_plugins/failure_log.py | 76 ++ cephlab.yml | 42 + cobbler.yml | 64 + common.yml | 6 + container-host.yml | 15 + dhcp-server.yml | 5 + downstream_setup.yml | 7 + firmware.yml | 12 + fog-server.yml | 10 + gateway.yml | 6 + grafana_agent.yml | 6 + long_running_cluster.yml | 12 + maas.yml | 6 + nameserver.yml | 6 + nsupdate_web.yml | 6 + ntp-server.yml | 5 + packages.yml | 4 + paddles.yml | 6 + pcp.yml | 6 + public_facing.yml | 5 + pulpito.yml | 5 + roles/ansible-managed/tasks/main.yml | 62 + roles/ansible-managed/templates/cephlab_sudo | 5 + roles/cobbler/defaults/main.yml | 86 ++ roles/cobbler/meta/main.yml | 3 + roles/cobbler/tasks/apt_systems.yml | 12 + roles/cobbler/tasks/distro_prep.yml | 18 + roles/cobbler/tasks/fetch_cm_repos.yml | 26 + roles/cobbler/tasks/ipmi_secrets.yml | 12 + roles/cobbler/tasks/main.yml | 93 ++ roles/cobbler/tasks/pip.yml | 5 + roles/cobbler/tasks/redhat/rhel_6.yml | 5 + roles/cobbler/tasks/redhat/rhel_7.yml | 21 + roles/cobbler/tasks/restart.yml | 17 + roles/cobbler/tasks/settings.yml | 32 + roles/cobbler/tasks/setup-redhat.yml | 8 + roles/cobbler/tasks/upload_templates.yml | 86 ++ roles/cobbler/tasks/yum_systems.yml | 20 + roles/cobbler/templates/httpd/index.html | 8 + .../kickstarts/cephlab_opensuse_leap.xml | 131 ++ .../templates/kickstarts/cephlab_rhel.ks | 98 ++ .../templates/kickstarts/cephlab_rhel_sdc.ks | 112 ++ .../templates/kickstarts/cephlab_rhel_sdi.ks | 112 ++ .../templates/kickstarts/cephlab_rhel_sdm.ks | 112 ++ .../kickstarts/cephlab_ubuntu.preseed | 146 +++ .../kickstarts/cephlab_ubuntu_sdi.preseed | 145 +++ .../kickstarts/cephlab_ubuntu_sdm.preseed | 145 +++ .../templates/scripts/cephlab_preseed_late | 17 + .../templates/snippets/cephlab_hostname | 3 + .../templates/snippets/cephlab_packages_rhel | 56 + .../cephlab_post_install_kernel_options | 18 + .../templates/snippets/cephlab_rc_local | 174 +++ .../templates/snippets/cephlab_rhel_disks | 29 + .../templates/snippets/cephlab_rhel_rhsm | 18 + roles/cobbler/templates/snippets/cephlab_user | 35 + .../triggers/install/post/cephlab_ansible.sh | 61 + roles/cobbler/templates/utils/console.sh | 5 + roles/cobbler/templates/utils/reboot.sh | 4 + roles/cobbler/templates/utils/reimage.sh | 9 + roles/cobbler/vars/apt_systems.yml | 11 + roles/cobbler/vars/dnf_systems.yml | 36 + roles/cobbler/vars/yum_systems.yml | 13 + roles/cobbler_profile/defaults/main.yml | 198 +++ .../cobbler_profile/tasks/download_image.yml | 28 + roles/cobbler_profile/tasks/download_iso.yml | 12 + roles/cobbler_profile/tasks/import_distro.yml | 71 ++ .../tasks/import_distro_image.yml | 39 + .../tasks/import_distro_iso.yml | 64 + .../tasks/import_stream_profile.yml | 26 + roles/cobbler_profile/tasks/main.yml | 4 + .../tasks/update_kernel_options.yml | 15 + .../tasks/update_kernel_options_post.yml | 9 + .../tasks/update_kickstart.yml | 15 + roles/cobbler_systems/defaults/main.yml | 5 + roles/cobbler_systems/tasks/main.yml | 10 + .../tasks/populate_systems.yml | 33 + roles/common/README.rst | 120 ++ roles/common/defaults/main.yml | 42 + roles/common/files/libexec/diskusage.pl | 123 ++ roles/common/files/libexec/raid.pl | 313 +++++ roles/common/files/libexec/smart.sh | 433 +++++++ roles/common/files/nagios/check_mem.sh | 52 + roles/common/files/nagios/nrpe.te | 27 + roles/common/files/sbin/cli64 | Bin 0 -> 1952038 bytes roles/common/files/sbin/megacli | Bin 0 -> 2716736 bytes roles/common/files/sbin/nvme | Bin 0 -> 580432 bytes roles/common/handlers/main.yml | 7 + roles/common/meta/main.yml | 5 + roles/common/tasks/apt_systems.yml | 40 + roles/common/tasks/disk_monitoring.yml | 41 + roles/common/tasks/epel.yml | 21 + roles/common/tasks/kerberos.yml | 44 + roles/common/tasks/main.yml | 67 ++ roles/common/tasks/nagios.yml | 111 ++ roles/common/tasks/nrpe-selinux.yml | 41 + roles/common/tasks/rhel-entitlements.yml | 200 ++++ roles/common/tasks/secondary_nic.yml | 88 ++ roles/common/tasks/yum_systems.yml | 77 ++ roles/common/tasks/zypper_systems.yml | 34 + roles/common/templates/krb5.conf | 4 + roles/common/templates/nagios/90-nagios | 2 + roles/common/templates/nagios/nrpe.cfg | 31 + roles/common/templates/yum_repo.j2 | 8 + roles/common/vars/apt_systems.yml | 9 + roles/common/vars/centos_8.yml | 4 + roles/common/vars/centos_9.yml | 4 + roles/common/vars/dnf_systems.yml | 1 + roles/common/vars/empty.yml | 1 + roles/common/vars/fedora_31.yml | 4 + roles/common/vars/redhat_6.yml | 7 + roles/common/vars/redhat_7.yml | 6 + roles/common/vars/redhat_8.yml | 9 + roles/common/vars/redhat_9.yml | 9 + roles/common/vars/yum_systems.yml | 11 + roles/common/vars/zypper_systems.yml | 9 + roles/container-host/README.rst | 31 + roles/container-host/meta/main.yml | 3 + .../container-host/tasks/container_mirror.yml | 60 + roles/container-host/tasks/main.yml | 44 + .../tasks/pipx_install_reg_conf_ctl.yml | 74 ++ roles/container-host/vars/apt_systems.yml | 5 + roles/container-host/vars/centos_7.yml | 6 + roles/container-host/vars/centos_9.yml | 5 + roles/container-host/vars/empty.yml | 1 + roles/container-host/vars/main.yml | 4 + roles/container-host/vars/ubuntu_18.yml | 7 + roles/container-host/vars/ubuntu_24.yml | 6 + roles/container-host/vars/yum_systems.yml | 4 + roles/dhcp-server/README.rst | 109 ++ roles/dhcp-server/tasks/main.yml | 65 + roles/dhcp-server/templates/dhcpd.conf.j2 | 9 + .../templates/dhcpd.subnet.conf.j2 | 78 ++ roles/downstream-setup/defaults/main.yml | 39 + roles/downstream-setup/tasks/cleanup.yml | 33 + .../tasks/disable_yum_repos.yml | 10 + .../tasks/enable_yum_repos.yml | 10 + roles/downstream-setup/tasks/main.yml | 19 + .../tasks/remove_yum_repos.yml | 6 + roles/downstream-setup/tasks/setup.yml | 28 + roles/downstream-setup/tasks/yum_repos.yml | 7 + roles/firmware/README.rst | 129 ++ roles/firmware/defaults/main.yml | 11 + roles/firmware/tasks/areca/areca-update.yml | 27 + roles/firmware/tasks/areca/main.yml | 34 + roles/firmware/tasks/main.yml | 34 + roles/firmware/tasks/mira/bios-update.yml | 75 ++ roles/firmware/tasks/mira/bios.yml | 14 + roles/firmware/tasks/mira/bmc-update.yml | 30 + roles/firmware/tasks/mira/bmc.yml | 27 + roles/firmware/tasks/smithi/bmc-update.yml | 31 + roles/firmware/tasks/smithi/bmc.yml | 27 + roles/firmware/tasks/smithi/nvme.yml | 29 + roles/fog-server/README.rst | 48 + roles/fog-server/defaults/main.yml | 4 + roles/fog-server/tasks/install.yml | 12 + roles/fog-server/tasks/main.yml | 48 + roles/fog-server/tasks/update.yml | 13 + roles/fog-server/templates/temp_settings.j2 | 99 ++ roles/gateway/README.rst | 164 +++ roles/gateway/defaults/main.yml | 26 + roles/gateway/files/openvpn.logrotate | 9 + roles/gateway/files/openvpn.rsyslog | 5 + roles/gateway/handlers/main.yml | 30 + roles/gateway/meta/main.yml | 3 + roles/gateway/tasks/fail2ban.yml | 41 + roles/gateway/tasks/firewall.yml | 60 + roles/gateway/tasks/logging.yml | 20 + roles/gateway/tasks/main.yml | 57 + roles/gateway/tasks/network.yml | 43 + roles/gateway/tasks/packages.yml | 9 + roles/gateway/tasks/users.yml | 21 + roles/gateway/templates/auth-openvpn | 93 ++ roles/gateway/templates/f2b.jail.local.j2 | 8 + roles/gateway/templates/f2b.service.j2 | 9 + roles/gateway/templates/ifcfg.j2 | 27 + roles/gateway/templates/resolvconf.j2 | 7 + roles/gateway/templates/users.j2 | 6 + roles/gateway/vars/packages.yml | 17 + roles/grafana_agent/defaults/main.yml | 16 + .../files/grafana/customuseradd.te | 12 + roles/grafana_agent/handlers/main.yml | 6 + roles/grafana_agent/meta/main.yml | 3 + roles/grafana_agent/tasks/main.yml | 88 ++ roles/grafana_agent/tasks/useradd-selinux.yml | 38 + .../templates/grafana-agent.yaml.j2 | 33 + .../long_running_cluster/tasks/logrotate.yml | 19 + roles/long_running_cluster/tasks/main.yml | 14 + roles/long_running_cluster/tasks/nagios.yml | 36 + .../templates/ceph-common.logrotate | 12 + roles/maas/README.md | 156 +++ roles/maas/defaults/main.yml | 36 + roles/maas/handlers/main.yml | 11 + roles/maas/meta/main.yml | 3 + roles/maas/tasks/_auth_header.yml | 18 + roles/maas/tasks/add_users.yml | 53 + roles/maas/tasks/api_auth_pretasks.yml | 23 + roles/maas/tasks/config_dhcpd_subnet.yml | 173 +++ roles/maas/tasks/config_dns.yml | 85 ++ roles/maas/tasks/config_maas.yml | 78 ++ roles/maas/tasks/config_ntp.yml | 10 + roles/maas/tasks/initialize_region_rack.yml | 46 + .../maas/tasks/initialize_secondary_rack.yml | 36 + roles/maas/tasks/install_maasdb.yml | 33 + roles/maas/tasks/machines.yml | 148 +++ roles/maas/tasks/machines.yml.cli | 1064 +++++++++++++++++ .../maas/tasks/machines/_apply_one_iface.yml | 445 +++++++ roles/maas/tasks/machines/_apply_subnet.yml | 174 +++ roles/maas/tasks/machines/_build_indexes.yml | 106 ++ .../tasks/machines/_create_vlan_on_parent.yml | 43 + roles/maas/tasks/machines/_ensure_bond.yml | 570 +++++++++ .../tasks/machines/_ensure_boot_iface.yml | 102 ++ .../machines/_fetch_subnets_for_vlan.yml | 21 + .../machines/_fetch_vlans_for_fabric.yml | 30 + roles/maas/tasks/machines/_mark_broken.yml | 48 + roles/maas/tasks/machines/_plan_sets.yml | 53 + roles/maas/tasks/machines/_read_machines.yml | 27 + .../tasks/machines/_refresh_iface_facts.yml | 108 ++ .../tasks/machines/_set_parent_native.yml | 17 + roles/maas/tasks/machines/cleanup.yml | 56 + roles/maas/tasks/machines/create.yml | 36 + roles/maas/tasks/machines/delete.yml | 6 + roles/maas/tasks/machines/set_ipmi_creds.yml | 79 ++ roles/maas/tasks/machines/update.yml | 187 +++ roles/maas/tasks/main.yml | 123 ++ roles/maas/tasks/networking.yml | 432 +++++++ roles/maas/tasks/networking/domain_create.yml | 22 + roles/maas/tasks/networking/fabric_create.yml | 19 + .../tasks/networking/fabric_vlans_read.yml | 20 + roles/maas/tasks/networking/space_create.yml | 19 + roles/maas/tasks/networking/subnet_apply.yml | 355 ++++++ .../tasks/networking/subnet_range_create.yml | 225 ++++ .../tasks/networking/vlan_build_index.yml | 22 + roles/maas/tasks/networking/vlan_create.yml | 32 + roles/maas/tasks/networking/vlan_update.yml | 95 ++ roles/maas/tasks/networking_subnet.yml | 133 +++ roles/maas/templates/arm_uefi.j2 | 27 + roles/maas/templates/dhcpd.classes.snippet.j2 | 8 + roles/maas/templates/dhcpd.global.snippet.j2 | 5 + roles/maas/templates/dhcpd.hosts.snippet.j2 | 16 + roles/maas/templates/dhcpd.pools.snippet.j2 | 23 + roles/nameserver/README.rst | 260 ++++ roles/nameserver/defaults/main.yml | 27 + roles/nameserver/handlers/main.yml | 12 + roles/nameserver/meta/main.yml | 3 + roles/nameserver/tasks/config.yml | 39 + roles/nameserver/tasks/firewall.yml | 13 + roles/nameserver/tasks/main.yml | 80 ++ roles/nameserver/tasks/packages.yml | 24 + roles/nameserver/tasks/records.yml | 126 ++ roles/nameserver/templates/forward.j2 | 36 + roles/nameserver/templates/named.conf.j2 | 101 ++ roles/nameserver/templates/reverse.j2 | 30 + roles/nameserver/vars/empty.yml | 7 + roles/nameserver/vars/packages_redhat.yml | 19 + roles/nameserver/vars/packages_suse.yml | 21 + roles/nsupdate_web/README.rst | 15 + roles/nsupdate_web/defaults/main.yml | 15 + roles/nsupdate_web/tasks/main.yml | 113 ++ .../templates/nsupdate-web.service | 12 + .../nsupdate_web_nginx_opensuse_leap_15 | 7 + .../templates/nsupdate_web_nginx_ubuntu_16 | 8 + roles/nsupdate_web/vars/opensuse_leap_15.yml | 9 + roles/nsupdate_web/vars/opensuse_leap_42.yml | 8 + roles/nsupdate_web/vars/ubuntu_16.yml | 10 + roles/ntp-server/README.rst | 25 + roles/ntp-server/tasks/main.yml | 119 ++ roles/ntp-server/templates/chrony.conf.j2 | 16 + roles/ntp-server/templates/ntp.conf.j2 | 37 + roles/packages/README.rst | 34 + roles/packages/defaults/main.yml | 8 + roles/packages/tasks/cleanup.yml | 6 + roles/packages/tasks/main.yml | 14 + roles/packages/tasks/packages.yml | 17 + roles/packages/tasks/setup.yml | 4 + roles/paddles/README.rst | 50 + roles/paddles/defaults/main.yml | 17 + roles/paddles/meta/main.yml | 4 + roles/paddles/tasks/apt_systems.yml | 24 + roles/paddles/tasks/main.yml | 77 ++ roles/paddles/tasks/nginx.yml | 30 + roles/paddles/tasks/setup_db.yml | 63 + roles/paddles/tasks/setup_docker.yml | 88 ++ roles/paddles/tasks/setup_paddles.yml | 58 + .../paddles/tasks/setup_postgres_exporter.yml | 42 + roles/paddles/tasks/setup_service.yml | 35 + roles/paddles/tasks/setup_user.yml | 14 + roles/paddles/tasks/yum_systems.yml | 4 + roles/paddles/tasks/zypper_systems.yml | 55 + roles/paddles/templates/nginx.conf | 15 + roles/paddles/templates/prod.py | 64 + roles/paddles/templates/supervisor.conf | 11 + roles/paddles/vars/apt_systems.yml | 27 + roles/paddles/vars/yum_systems.yml | 1 + roles/paddles/vars/zypper_systems.yml | 24 + roles/pcp/README.rst | 71 ++ roles/pcp/defaults/main.yml | 25 + roles/pcp/files/1h1m.json | 367 ++++++ roles/pcp/files/index.js | 229 ++++ roles/pcp/tasks/apt_update.yml | 6 + roles/pcp/tasks/collector.yml | 46 + roles/pcp/tasks/main.yml | 39 + roles/pcp/tasks/manager.yml | 115 ++ roles/pcp/tasks/permissons.yml | 9 + roles/pcp/tasks/repo.yml | 43 + roles/pcp/tasks/web.yml | 54 + roles/pcp/templates/target-discovery | 7 + roles/pcp/templates/target-host | 4 + roles/pcp/vars/apt_systems.yml | 11 + roles/pcp/vars/dnf_systems.yml | 11 + roles/pcp/vars/yum_systems.yml | 12 + roles/public_facing/README.rst | 99 ++ roles/public_facing/defaults/main.yml | 37 + roles/public_facing/handlers/main.yml | 18 + .../public_facing/tasks/download.ceph.com.yml | 71 ++ roles/public_facing/tasks/fail2ban.yml | 77 ++ .../public_facing/tasks/letsencrypt_nginx.yml | 68 ++ roles/public_facing/tasks/main.yml | 37 + .../tasks/status.sepia.ceph.com.yml | 21 + roles/public_facing/tasks/ufw.yml | 57 + roles/public_facing/tasks/www.ceph.com.yml | 12 + .../templates/download.ceph.com/logrotate.j2 | 22 + .../download.ceph.com/make_timestamp.j2 | 3 + roles/public_facing/templates/f2b.filter.j2 | 10 + .../public_facing/templates/f2b.jail.local.j2 | 13 + roles/public_facing/templates/f2b.service.j2 | 23 + roles/public_facing/templates/f2b_ufw.conf.j2 | 13 + .../status.sepia.ceph.com/lab-pings.j2 | 23 + .../nagios-eventhandler-cachet.config.j2 | 6 + .../status.sepia.ceph.com/openvpn.j2 | 23 + roles/pulpito/README.rst | 30 + roles/pulpito/defaults/main.yml | 3 + roles/pulpito/tasks/apt_systems.yml | 10 + roles/pulpito/tasks/main.yml | 70 ++ roles/pulpito/tasks/setup_pulpito.yml | 71 ++ roles/pulpito/tasks/yum_systems.yml | 8 + roles/pulpito/tasks/zypper_systems.yml | 9 + roles/pulpito/vars/apt_systems.yml | 11 + roles/pulpito/vars/yum_systems.yml | 10 + roles/pulpito/vars/zypper_systems.yml | 10 + roles/rook/README.rst | 116 ++ roles/rook/meta/main.yml | 3 + roles/rook/tasks/main.yml | 18 + roles/rook/tasks/rook-jenkins-update.yml | 34 + roles/rook/tasks/rook-os-update.yml | 54 + roles/rook/tasks/rook-recovery.yml | 58 + roles/rook/vars/main.yml | 14 + roles/secrets/defaults/main.yml | 2 + .../README.rst | 73 ++ .../defaults/main.yml | 23 + .../handlers/main.yml | 9 + .../tasks/http.yml | 17 + .../tasks/linux_installation.yml | 25 + .../tasks/main.yml | 89 ++ .../tasks/service_owner.yml | 90 ++ .../tasks/signalfx_main.yml | 26 + .../tasks/systemd.yml | 9 + .../tasks/ubuntu_installation.yml | 32 + .../tasks/yum_installation.yml | 22 + .../templates/http.yaml.j2 | 42 + .../templates/systemd.yaml.j2 | 20 + .../vars/main.yml | 22 + roles/testnode/README.rst | 389 ++++++ roles/testnode/defaults/main.yml | 81 ++ roles/testnode/handlers/main.yml | 37 + roles/testnode/meta/main.yml | 3 + roles/testnode/tasks/apt/packages.yml | 46 + roles/testnode/tasks/apt/repos.yml | 62 + roles/testnode/tasks/apt_systems.yml | 88 ++ roles/testnode/tasks/cachefilesd.yaml | 21 + roles/testnode/tasks/check-for-nvme.yml | 41 + roles/testnode/tasks/cloud-init.yml | 8 + roles/testnode/tasks/configure_lvm.yml | 88 ++ roles/testnode/tasks/cpan.yml | 53 + roles/testnode/tasks/drive_partitioning.yml | 33 + roles/testnode/tasks/filesystems.yml | 14 + roles/testnode/tasks/imitate_ubuntu.yml | 22 + roles/testnode/tasks/lvm.yml | 13 + roles/testnode/tasks/main.yml | 159 +++ roles/testnode/tasks/nfs.yml | 18 + roles/testnode/tasks/ntp.yml | 56 + roles/testnode/tasks/pip.yml | 61 + roles/testnode/tasks/redhat/rhel_6.yml | 5 + roles/testnode/tasks/redhat/rhel_7.yml | 4 + roles/testnode/tasks/resolvconf.yml | 61 + roles/testnode/tasks/set_hostname.yml | 10 + roles/testnode/tasks/setup-centos.yml | 6 + roles/testnode/tasks/setup-debian.yml | 33 + roles/testnode/tasks/setup-fedora.yml | 10 + roles/testnode/tasks/setup-opensuse.yml | 0 roles/testnode/tasks/setup-redhat.yml | 8 + .../tasks/setup-ubuntu-non-aarch64.yml | 37 + roles/testnode/tasks/setup-ubuntu.yml | 9 + roles/testnode/tasks/ssh.yml | 31 + roles/testnode/tasks/static_ip.yml | 8 + roles/testnode/tasks/user.yml | 37 + roles/testnode/tasks/var_lib.yml | 31 + roles/testnode/tasks/vars.yml | 21 + roles/testnode/tasks/yum/abrt.yml | 25 + roles/testnode/tasks/yum/firewall.yml | 18 + roles/testnode/tasks/yum/gpg_keys.yml | 18 + roles/testnode/tasks/yum/packages.yml | 70 ++ roles/testnode/tasks/yum/repos.yml | 62 + roles/testnode/tasks/yum_systems.yml | 107 ++ roles/testnode/tasks/zap_disks.yml | 84 ++ roles/testnode/tasks/zypper/packages.yml | 36 + roles/testnode/tasks/zypper_systems.yml | 53 + roles/testnode/templates/apt/ceph.pref | 4 + .../templates/apt/sources.list.jessie | 4 + .../templates/apt/sources.list.precise | 62 + .../templates/apt/sources.list.trusty | 63 + .../templates/apt/sources.list.wheezy | 4 + roles/testnode/templates/cachefilesd.j2 | 9 + roles/testnode/templates/chrony.conf | 6 + roles/testnode/templates/cpan_config.pm | 67 ++ roles/testnode/templates/cron/kernel-clean | 26 + roles/testnode/templates/exports | 14 + roles/testnode/templates/fuse.conf | 9 + roles/testnode/templates/grub | 4 + .../templates/grub.d/02_force_timeout | 4 + roles/testnode/templates/limits.conf | 20 + roles/testnode/templates/modules | 10 + roles/testnode/templates/ntp.conf | 77 ++ roles/testnode/templates/pip.conf | 2 + roles/testnode/templates/remote.conf | 2 + roles/testnode/templates/security_limits.conf | 2 + roles/testnode/templates/ssh/ssh_config | 17 + .../templates/ssh/sshd_config_centos_6 | 34 + .../templates/ssh/sshd_config_centos_7 | 38 + .../templates/ssh/sshd_config_centos_8 | 38 + .../templates/ssh/sshd_config_centos_9 | 38 + .../templates/ssh/sshd_config_debian_7 | 90 ++ .../templates/ssh/sshd_config_debian_8 | 91 ++ .../templates/ssh/sshd_config_fedora_22 | 31 + .../ssh/sshd_config_opensuse_leap_15 | 123 ++ .../ssh/sshd_config_opensuse_leap_42 | 9 + .../ssh/sshd_config_opensuse_leap_NA | 91 ++ .../templates/ssh/sshd_config_redhat_6 | 33 + .../templates/ssh/sshd_config_redhat_7 | 38 + .../templates/ssh/sshd_config_redhat_8 | 38 + .../templates/ssh/sshd_config_redhat_9 | 38 + .../templates/ssh/sshd_config_ubuntu_12 | 90 ++ .../templates/ssh/sshd_config_ubuntu_14 | 91 ++ .../templates/ssh/sshd_config_ubuntu_15 | 91 ++ .../templates/ssh/sshd_config_ubuntu_16 | 91 ++ .../templates/ssh/sshd_config_ubuntu_18 | 91 ++ .../templates/ssh/sshd_config_ubuntu_20 | 91 ++ .../templates/ssh/sshd_config_ubuntu_22 | 91 ++ roles/testnode/templates/sudoers | 47 + roles/testnode/templates/wgetrc | 3 + roles/testnode/templates/yum_repo.j2 | 8 + roles/testnode/vars/apt_systems.yml | 35 + roles/testnode/vars/centos_6.yml | 120 ++ roles/testnode/vars/centos_7.yml | 109 ++ roles/testnode/vars/centos_8.yml | 74 ++ roles/testnode/vars/centos_8_stream.yml | 66 + roles/testnode/vars/centos_9.yml | 74 ++ roles/testnode/vars/debian_7.yml | 98 ++ roles/testnode/vars/debian_8.yml | 97 ++ roles/testnode/vars/dnf_systems.yml | 1 + roles/testnode/vars/empty.yml | 12 + roles/testnode/vars/fedora_22.yml | 74 ++ roles/testnode/vars/opensuse_leap_15.0.yml | 76 ++ roles/testnode/vars/opensuse_leap_15.1.yml | 86 ++ roles/testnode/vars/opensuse_leap_15.2.yml | 76 ++ roles/testnode/vars/redhat_6.yml | 109 ++ roles/testnode/vars/redhat_7.6.yml | 86 ++ roles/testnode/vars/redhat_7.8.yml | 88 ++ roles/testnode/vars/redhat_7.yml | 90 ++ roles/testnode/vars/redhat_8.yml | 74 ++ roles/testnode/vars/redhat_9.yml | 63 + roles/testnode/vars/ubuntu.yml | 94 ++ roles/testnode/vars/ubuntu_12.04.yml | 25 + roles/testnode/vars/ubuntu_14.yml | 26 + roles/testnode/vars/ubuntu_15.yml | 26 + roles/testnode/vars/ubuntu_16.yml | 37 + roles/testnode/vars/ubuntu_18.yml | 27 + roles/testnode/vars/ubuntu_20.yml | 27 + roles/testnode/vars/ubuntu_22.yml | 29 + roles/testnode/vars/yum_systems.yml | 51 + roles/testnode/vars/zypper_systems.yml | 49 + roles/teuthology/README.rst | 22 + roles/teuthology/defaults/main.yml | 17 + roles/teuthology/meta/main.yml | 3 + roles/teuthology/tasks/apt_systems.yml | 14 + roles/teuthology/tasks/main.yml | 60 + roles/teuthology/tasks/setup_log_access.yml | 31 + roles/teuthology/tasks/setup_users.yml | 105 ++ roles/teuthology/tasks/yum_systems.yml | 3 + roles/teuthology/tasks/zypper_systems.yml | 13 + roles/teuthology/templates/nginx.conf | 22 + .../templates/teuthology-worker.init | 166 +++ roles/teuthology/templates/teuthology.yaml | 16 + roles/teuthology/templates/update-crontab.sh | 49 + roles/teuthology/vars/apt_systems.yml | 25 + roles/teuthology/vars/yum_systems.yml | 1 + .../vars/zypper_opensuse_leap_15.0.yml | 22 + .../vars/zypper_opensuse_leap_15.1.yml | 26 + .../vars/zypper_opensuse_leap_15.2.yml | 21 + .../vars/zypper_opensuse_leap_15.3.yml | 21 + .../vars/zypper_opensuse_leap_42.3.yml | 22 + roles/users/README.rst | 123 ++ roles/users/defaults/main.yml | 37 + roles/users/tasks/create_users.yml | 39 + roles/users/tasks/filter_users.yml | 48 + roles/users/tasks/main.yml | 60 + roles/users/tasks/revoke_users.yml | 16 + roles/users/tasks/update_keys.yml | 36 + roles/vmhost/README.rst | 56 + roles/vmhost/files/interfaces | 12 + roles/vmhost/files/libvirt-net-front.xml | 5 + roles/vmhost/tasks/libvirt.yml | 131 ++ roles/vmhost/tasks/main.yml | 8 + roles/vmhost/tasks/networking.yml | 17 + roles/vmhost/tasks/packages.yml | 9 + roles/vmhost/vars/main.yml | 5 + rook.yml | 5 + set_python_path.yml | 18 + signalfx.yml | 10 + testnodes.yml | 8 + teuthology.yml | 7 + tools/checkcerts.py | 123 ++ tools/cobbler-access.sh | 37 + tools/convert-to-centos-stream.yml | 50 + tools/dot.vmlist.conf | 38 + tools/downstream-jenkins-sync-jobs.yml | 51 + tools/generate-fog-csv.yml | 10 + tools/incerta-nic.yml | 116 ++ tools/jenkins-builder-disk.yml | 91 ++ tools/openvpn/maketar.sh | 6 + tools/openvpn/sepia/ca.crt | 20 + tools/openvpn/sepia/client.conf | 18 + tools/openvpn/sepia/new-client | 82 ++ tools/openvpn/sepia/tlsauth | 21 + tools/prep-fog-capture.yml | 146 +++ tools/roles/generate-fog-csv/tasks/main.yml | 5 + tools/roles/generate-fog-csv/templates/csv.j2 | 5 + tools/set-bmc-static.yml | 213 ++++ tools/set-next-server-local.sh | 34 + tools/set-next-server.sh | 75 ++ tools/switch-secrets.sh | 17 + tools/update-nvme-firmware.yml | 20 + tools/vmlist.py | 230 ++++ users.yml | 5 + vmhost.yml | 5 + 550 files changed, 26258 insertions(+) create mode 100644 .ansible-lint create mode 100644 .github/workflows/tests.yml create mode 100644 .gitignore create mode 100644 README.rst create mode 100644 ansible.cfg create mode 100644 ansible_managed.yml create mode 100644 callback_plugins/failure_log.py create mode 100644 cephlab.yml create mode 100644 cobbler.yml create mode 100644 common.yml create mode 100644 container-host.yml create mode 100644 dhcp-server.yml create mode 100644 downstream_setup.yml create mode 100644 firmware.yml create mode 100644 fog-server.yml create mode 100644 gateway.yml create mode 100644 grafana_agent.yml create mode 100644 long_running_cluster.yml create mode 100644 maas.yml create mode 100644 nameserver.yml create mode 100644 nsupdate_web.yml create mode 100644 ntp-server.yml create mode 100644 packages.yml create mode 100644 paddles.yml create mode 100644 pcp.yml create mode 100644 public_facing.yml create mode 100644 pulpito.yml create mode 100644 roles/ansible-managed/tasks/main.yml create mode 100644 roles/ansible-managed/templates/cephlab_sudo create mode 100644 roles/cobbler/defaults/main.yml create mode 100644 roles/cobbler/meta/main.yml create mode 100644 roles/cobbler/tasks/apt_systems.yml create mode 100644 roles/cobbler/tasks/distro_prep.yml create mode 100644 roles/cobbler/tasks/fetch_cm_repos.yml create mode 100644 roles/cobbler/tasks/ipmi_secrets.yml create mode 100644 roles/cobbler/tasks/main.yml create mode 100644 roles/cobbler/tasks/pip.yml create mode 100644 roles/cobbler/tasks/redhat/rhel_6.yml create mode 100644 roles/cobbler/tasks/redhat/rhel_7.yml create mode 100644 roles/cobbler/tasks/restart.yml create mode 100644 roles/cobbler/tasks/settings.yml create mode 100644 roles/cobbler/tasks/setup-redhat.yml create mode 100644 roles/cobbler/tasks/upload_templates.yml create mode 100644 roles/cobbler/tasks/yum_systems.yml create mode 100644 roles/cobbler/templates/httpd/index.html create mode 100644 roles/cobbler/templates/kickstarts/cephlab_opensuse_leap.xml create mode 100644 roles/cobbler/templates/kickstarts/cephlab_rhel.ks create mode 100644 roles/cobbler/templates/kickstarts/cephlab_rhel_sdc.ks create mode 100644 roles/cobbler/templates/kickstarts/cephlab_rhel_sdi.ks create mode 100644 roles/cobbler/templates/kickstarts/cephlab_rhel_sdm.ks create mode 100644 roles/cobbler/templates/kickstarts/cephlab_ubuntu.preseed create mode 100644 roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdi.preseed create mode 100644 roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdm.preseed create mode 100644 roles/cobbler/templates/scripts/cephlab_preseed_late create mode 100644 roles/cobbler/templates/snippets/cephlab_hostname create mode 100644 roles/cobbler/templates/snippets/cephlab_packages_rhel create mode 100644 roles/cobbler/templates/snippets/cephlab_post_install_kernel_options create mode 100644 roles/cobbler/templates/snippets/cephlab_rc_local create mode 100644 roles/cobbler/templates/snippets/cephlab_rhel_disks create mode 100644 roles/cobbler/templates/snippets/cephlab_rhel_rhsm create mode 100644 roles/cobbler/templates/snippets/cephlab_user create mode 100644 roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh create mode 100644 roles/cobbler/templates/utils/console.sh create mode 100644 roles/cobbler/templates/utils/reboot.sh create mode 100644 roles/cobbler/templates/utils/reimage.sh create mode 100644 roles/cobbler/vars/apt_systems.yml create mode 100644 roles/cobbler/vars/dnf_systems.yml create mode 100644 roles/cobbler/vars/yum_systems.yml create mode 100644 roles/cobbler_profile/defaults/main.yml create mode 100644 roles/cobbler_profile/tasks/download_image.yml create mode 100644 roles/cobbler_profile/tasks/download_iso.yml create mode 100644 roles/cobbler_profile/tasks/import_distro.yml create mode 100644 roles/cobbler_profile/tasks/import_distro_image.yml create mode 100644 roles/cobbler_profile/tasks/import_distro_iso.yml create mode 100644 roles/cobbler_profile/tasks/import_stream_profile.yml create mode 100644 roles/cobbler_profile/tasks/main.yml create mode 100644 roles/cobbler_profile/tasks/update_kernel_options.yml create mode 100644 roles/cobbler_profile/tasks/update_kernel_options_post.yml create mode 100644 roles/cobbler_profile/tasks/update_kickstart.yml create mode 100644 roles/cobbler_systems/defaults/main.yml create mode 100644 roles/cobbler_systems/tasks/main.yml create mode 100644 roles/cobbler_systems/tasks/populate_systems.yml create mode 100644 roles/common/README.rst create mode 100644 roles/common/defaults/main.yml create mode 100644 roles/common/files/libexec/diskusage.pl create mode 100755 roles/common/files/libexec/raid.pl create mode 100755 roles/common/files/libexec/smart.sh create mode 100644 roles/common/files/nagios/check_mem.sh create mode 100644 roles/common/files/nagios/nrpe.te create mode 100644 roles/common/files/sbin/cli64 create mode 100755 roles/common/files/sbin/megacli create mode 100755 roles/common/files/sbin/nvme create mode 100644 roles/common/handlers/main.yml create mode 100644 roles/common/meta/main.yml create mode 100644 roles/common/tasks/apt_systems.yml create mode 100644 roles/common/tasks/disk_monitoring.yml create mode 100644 roles/common/tasks/epel.yml create mode 100644 roles/common/tasks/kerberos.yml create mode 100644 roles/common/tasks/main.yml create mode 100644 roles/common/tasks/nagios.yml create mode 100644 roles/common/tasks/nrpe-selinux.yml create mode 100644 roles/common/tasks/rhel-entitlements.yml create mode 100644 roles/common/tasks/secondary_nic.yml create mode 100644 roles/common/tasks/yum_systems.yml create mode 100644 roles/common/tasks/zypper_systems.yml create mode 100644 roles/common/templates/krb5.conf create mode 100644 roles/common/templates/nagios/90-nagios create mode 100644 roles/common/templates/nagios/nrpe.cfg create mode 100644 roles/common/templates/yum_repo.j2 create mode 100644 roles/common/vars/apt_systems.yml create mode 100644 roles/common/vars/centos_8.yml create mode 100644 roles/common/vars/centos_9.yml create mode 120000 roles/common/vars/dnf_systems.yml create mode 100644 roles/common/vars/empty.yml create mode 100644 roles/common/vars/fedora_31.yml create mode 100644 roles/common/vars/redhat_6.yml create mode 100644 roles/common/vars/redhat_7.yml create mode 100644 roles/common/vars/redhat_8.yml create mode 100644 roles/common/vars/redhat_9.yml create mode 100644 roles/common/vars/yum_systems.yml create mode 100644 roles/common/vars/zypper_systems.yml create mode 100644 roles/container-host/README.rst create mode 100644 roles/container-host/meta/main.yml create mode 100644 roles/container-host/tasks/container_mirror.yml create mode 100644 roles/container-host/tasks/main.yml create mode 100644 roles/container-host/tasks/pipx_install_reg_conf_ctl.yml create mode 100644 roles/container-host/vars/apt_systems.yml create mode 100644 roles/container-host/vars/centos_7.yml create mode 100644 roles/container-host/vars/centos_9.yml create mode 100644 roles/container-host/vars/empty.yml create mode 100644 roles/container-host/vars/main.yml create mode 100644 roles/container-host/vars/ubuntu_18.yml create mode 100644 roles/container-host/vars/ubuntu_24.yml create mode 100644 roles/container-host/vars/yum_systems.yml create mode 100644 roles/dhcp-server/README.rst create mode 100644 roles/dhcp-server/tasks/main.yml create mode 100644 roles/dhcp-server/templates/dhcpd.conf.j2 create mode 100644 roles/dhcp-server/templates/dhcpd.subnet.conf.j2 create mode 100644 roles/downstream-setup/defaults/main.yml create mode 100644 roles/downstream-setup/tasks/cleanup.yml create mode 100644 roles/downstream-setup/tasks/disable_yum_repos.yml create mode 100644 roles/downstream-setup/tasks/enable_yum_repos.yml create mode 100644 roles/downstream-setup/tasks/main.yml create mode 100644 roles/downstream-setup/tasks/remove_yum_repos.yml create mode 100644 roles/downstream-setup/tasks/setup.yml create mode 100644 roles/downstream-setup/tasks/yum_repos.yml create mode 100644 roles/firmware/README.rst create mode 100644 roles/firmware/defaults/main.yml create mode 100644 roles/firmware/tasks/areca/areca-update.yml create mode 100644 roles/firmware/tasks/areca/main.yml create mode 100644 roles/firmware/tasks/main.yml create mode 100644 roles/firmware/tasks/mira/bios-update.yml create mode 100644 roles/firmware/tasks/mira/bios.yml create mode 100644 roles/firmware/tasks/mira/bmc-update.yml create mode 100644 roles/firmware/tasks/mira/bmc.yml create mode 100644 roles/firmware/tasks/smithi/bmc-update.yml create mode 100644 roles/firmware/tasks/smithi/bmc.yml create mode 100644 roles/firmware/tasks/smithi/nvme.yml create mode 100644 roles/fog-server/README.rst create mode 100644 roles/fog-server/defaults/main.yml create mode 100644 roles/fog-server/tasks/install.yml create mode 100644 roles/fog-server/tasks/main.yml create mode 100644 roles/fog-server/tasks/update.yml create mode 100644 roles/fog-server/templates/temp_settings.j2 create mode 100644 roles/gateway/README.rst create mode 100644 roles/gateway/defaults/main.yml create mode 100644 roles/gateway/files/openvpn.logrotate create mode 100644 roles/gateway/files/openvpn.rsyslog create mode 100644 roles/gateway/handlers/main.yml create mode 100644 roles/gateway/meta/main.yml create mode 100644 roles/gateway/tasks/fail2ban.yml create mode 100644 roles/gateway/tasks/firewall.yml create mode 100644 roles/gateway/tasks/logging.yml create mode 100644 roles/gateway/tasks/main.yml create mode 100644 roles/gateway/tasks/network.yml create mode 100644 roles/gateway/tasks/packages.yml create mode 100644 roles/gateway/tasks/users.yml create mode 100644 roles/gateway/templates/auth-openvpn create mode 100644 roles/gateway/templates/f2b.jail.local.j2 create mode 100644 roles/gateway/templates/f2b.service.j2 create mode 100644 roles/gateway/templates/ifcfg.j2 create mode 100644 roles/gateway/templates/resolvconf.j2 create mode 100644 roles/gateway/templates/users.j2 create mode 100644 roles/gateway/vars/packages.yml create mode 100644 roles/grafana_agent/defaults/main.yml create mode 100644 roles/grafana_agent/files/grafana/customuseradd.te create mode 100644 roles/grafana_agent/handlers/main.yml create mode 100644 roles/grafana_agent/meta/main.yml create mode 100644 roles/grafana_agent/tasks/main.yml create mode 100644 roles/grafana_agent/tasks/useradd-selinux.yml create mode 100644 roles/grafana_agent/templates/grafana-agent.yaml.j2 create mode 100644 roles/long_running_cluster/tasks/logrotate.yml create mode 100644 roles/long_running_cluster/tasks/main.yml create mode 100644 roles/long_running_cluster/tasks/nagios.yml create mode 100644 roles/long_running_cluster/templates/ceph-common.logrotate create mode 100644 roles/maas/README.md create mode 100644 roles/maas/defaults/main.yml create mode 100644 roles/maas/handlers/main.yml create mode 100644 roles/maas/meta/main.yml create mode 100644 roles/maas/tasks/_auth_header.yml create mode 100644 roles/maas/tasks/add_users.yml create mode 100644 roles/maas/tasks/api_auth_pretasks.yml create mode 100644 roles/maas/tasks/config_dhcpd_subnet.yml create mode 100644 roles/maas/tasks/config_dns.yml create mode 100644 roles/maas/tasks/config_maas.yml create mode 100644 roles/maas/tasks/config_ntp.yml create mode 100644 roles/maas/tasks/initialize_region_rack.yml create mode 100644 roles/maas/tasks/initialize_secondary_rack.yml create mode 100644 roles/maas/tasks/install_maasdb.yml create mode 100644 roles/maas/tasks/machines.yml create mode 100644 roles/maas/tasks/machines.yml.cli create mode 100644 roles/maas/tasks/machines/_apply_one_iface.yml create mode 100644 roles/maas/tasks/machines/_apply_subnet.yml create mode 100644 roles/maas/tasks/machines/_build_indexes.yml create mode 100644 roles/maas/tasks/machines/_create_vlan_on_parent.yml create mode 100644 roles/maas/tasks/machines/_ensure_bond.yml create mode 100644 roles/maas/tasks/machines/_ensure_boot_iface.yml create mode 100644 roles/maas/tasks/machines/_fetch_subnets_for_vlan.yml create mode 100644 roles/maas/tasks/machines/_fetch_vlans_for_fabric.yml create mode 100644 roles/maas/tasks/machines/_mark_broken.yml create mode 100644 roles/maas/tasks/machines/_plan_sets.yml create mode 100644 roles/maas/tasks/machines/_read_machines.yml create mode 100644 roles/maas/tasks/machines/_refresh_iface_facts.yml create mode 100644 roles/maas/tasks/machines/_set_parent_native.yml create mode 100644 roles/maas/tasks/machines/cleanup.yml create mode 100644 roles/maas/tasks/machines/create.yml create mode 100644 roles/maas/tasks/machines/delete.yml create mode 100644 roles/maas/tasks/machines/set_ipmi_creds.yml create mode 100644 roles/maas/tasks/machines/update.yml create mode 100644 roles/maas/tasks/main.yml create mode 100644 roles/maas/tasks/networking.yml create mode 100644 roles/maas/tasks/networking/domain_create.yml create mode 100644 roles/maas/tasks/networking/fabric_create.yml create mode 100644 roles/maas/tasks/networking/fabric_vlans_read.yml create mode 100644 roles/maas/tasks/networking/space_create.yml create mode 100644 roles/maas/tasks/networking/subnet_apply.yml create mode 100644 roles/maas/tasks/networking/subnet_range_create.yml create mode 100644 roles/maas/tasks/networking/vlan_build_index.yml create mode 100644 roles/maas/tasks/networking/vlan_create.yml create mode 100644 roles/maas/tasks/networking/vlan_update.yml create mode 100644 roles/maas/tasks/networking_subnet.yml create mode 100644 roles/maas/templates/arm_uefi.j2 create mode 100644 roles/maas/templates/dhcpd.classes.snippet.j2 create mode 100644 roles/maas/templates/dhcpd.global.snippet.j2 create mode 100644 roles/maas/templates/dhcpd.hosts.snippet.j2 create mode 100644 roles/maas/templates/dhcpd.pools.snippet.j2 create mode 100644 roles/nameserver/README.rst create mode 100644 roles/nameserver/defaults/main.yml create mode 100644 roles/nameserver/handlers/main.yml create mode 100644 roles/nameserver/meta/main.yml create mode 100644 roles/nameserver/tasks/config.yml create mode 100644 roles/nameserver/tasks/firewall.yml create mode 100644 roles/nameserver/tasks/main.yml create mode 100644 roles/nameserver/tasks/packages.yml create mode 100644 roles/nameserver/tasks/records.yml create mode 100644 roles/nameserver/templates/forward.j2 create mode 100644 roles/nameserver/templates/named.conf.j2 create mode 100644 roles/nameserver/templates/reverse.j2 create mode 100644 roles/nameserver/vars/empty.yml create mode 100644 roles/nameserver/vars/packages_redhat.yml create mode 100644 roles/nameserver/vars/packages_suse.yml create mode 100644 roles/nsupdate_web/README.rst create mode 100644 roles/nsupdate_web/defaults/main.yml create mode 100644 roles/nsupdate_web/tasks/main.yml create mode 100644 roles/nsupdate_web/templates/nsupdate-web.service create mode 100644 roles/nsupdate_web/templates/nsupdate_web_nginx_opensuse_leap_15 create mode 100644 roles/nsupdate_web/templates/nsupdate_web_nginx_ubuntu_16 create mode 100644 roles/nsupdate_web/vars/opensuse_leap_15.yml create mode 100644 roles/nsupdate_web/vars/opensuse_leap_42.yml create mode 100644 roles/nsupdate_web/vars/ubuntu_16.yml create mode 100644 roles/ntp-server/README.rst create mode 100644 roles/ntp-server/tasks/main.yml create mode 100644 roles/ntp-server/templates/chrony.conf.j2 create mode 100644 roles/ntp-server/templates/ntp.conf.j2 create mode 100644 roles/packages/README.rst create mode 100644 roles/packages/defaults/main.yml create mode 100644 roles/packages/tasks/cleanup.yml create mode 100644 roles/packages/tasks/main.yml create mode 100644 roles/packages/tasks/packages.yml create mode 100644 roles/packages/tasks/setup.yml create mode 100644 roles/paddles/README.rst create mode 100644 roles/paddles/defaults/main.yml create mode 100644 roles/paddles/meta/main.yml create mode 100644 roles/paddles/tasks/apt_systems.yml create mode 100644 roles/paddles/tasks/main.yml create mode 100644 roles/paddles/tasks/nginx.yml create mode 100644 roles/paddles/tasks/setup_db.yml create mode 100644 roles/paddles/tasks/setup_docker.yml create mode 100644 roles/paddles/tasks/setup_paddles.yml create mode 100644 roles/paddles/tasks/setup_postgres_exporter.yml create mode 100644 roles/paddles/tasks/setup_service.yml create mode 100644 roles/paddles/tasks/setup_user.yml create mode 100644 roles/paddles/tasks/yum_systems.yml create mode 100644 roles/paddles/tasks/zypper_systems.yml create mode 100644 roles/paddles/templates/nginx.conf create mode 100644 roles/paddles/templates/prod.py create mode 100644 roles/paddles/templates/supervisor.conf create mode 100644 roles/paddles/vars/apt_systems.yml create mode 100644 roles/paddles/vars/yum_systems.yml create mode 100644 roles/paddles/vars/zypper_systems.yml create mode 100644 roles/pcp/README.rst create mode 100644 roles/pcp/defaults/main.yml create mode 100644 roles/pcp/files/1h1m.json create mode 100644 roles/pcp/files/index.js create mode 100644 roles/pcp/tasks/apt_update.yml create mode 100644 roles/pcp/tasks/collector.yml create mode 100644 roles/pcp/tasks/main.yml create mode 100644 roles/pcp/tasks/manager.yml create mode 100644 roles/pcp/tasks/permissons.yml create mode 100644 roles/pcp/tasks/repo.yml create mode 100644 roles/pcp/tasks/web.yml create mode 100644 roles/pcp/templates/target-discovery create mode 100644 roles/pcp/templates/target-host create mode 100644 roles/pcp/vars/apt_systems.yml create mode 100644 roles/pcp/vars/dnf_systems.yml create mode 100644 roles/pcp/vars/yum_systems.yml create mode 100644 roles/public_facing/README.rst create mode 100644 roles/public_facing/defaults/main.yml create mode 100644 roles/public_facing/handlers/main.yml create mode 100644 roles/public_facing/tasks/download.ceph.com.yml create mode 100644 roles/public_facing/tasks/fail2ban.yml create mode 100644 roles/public_facing/tasks/letsencrypt_nginx.yml create mode 100644 roles/public_facing/tasks/main.yml create mode 100644 roles/public_facing/tasks/status.sepia.ceph.com.yml create mode 100644 roles/public_facing/tasks/ufw.yml create mode 100644 roles/public_facing/tasks/www.ceph.com.yml create mode 100644 roles/public_facing/templates/download.ceph.com/logrotate.j2 create mode 100644 roles/public_facing/templates/download.ceph.com/make_timestamp.j2 create mode 100644 roles/public_facing/templates/f2b.filter.j2 create mode 100644 roles/public_facing/templates/f2b.jail.local.j2 create mode 100644 roles/public_facing/templates/f2b.service.j2 create mode 100644 roles/public_facing/templates/f2b_ufw.conf.j2 create mode 100644 roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2 create mode 100644 roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2 create mode 100644 roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2 create mode 100644 roles/pulpito/README.rst create mode 100644 roles/pulpito/defaults/main.yml create mode 100644 roles/pulpito/tasks/apt_systems.yml create mode 100644 roles/pulpito/tasks/main.yml create mode 100644 roles/pulpito/tasks/setup_pulpito.yml create mode 100644 roles/pulpito/tasks/yum_systems.yml create mode 100644 roles/pulpito/tasks/zypper_systems.yml create mode 100644 roles/pulpito/vars/apt_systems.yml create mode 100644 roles/pulpito/vars/yum_systems.yml create mode 100644 roles/pulpito/vars/zypper_systems.yml create mode 100644 roles/rook/README.rst create mode 100644 roles/rook/meta/main.yml create mode 100644 roles/rook/tasks/main.yml create mode 100644 roles/rook/tasks/rook-jenkins-update.yml create mode 100644 roles/rook/tasks/rook-os-update.yml create mode 100644 roles/rook/tasks/rook-recovery.yml create mode 100644 roles/rook/vars/main.yml create mode 100644 roles/secrets/defaults/main.yml create mode 100644 roles/signalfx_splunk_agent_configuration/README.rst create mode 100644 roles/signalfx_splunk_agent_configuration/defaults/main.yml create mode 100644 roles/signalfx_splunk_agent_configuration/handlers/main.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/http.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/linux_installation.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/main.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/service_owner.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/signalfx_main.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/systemd.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/ubuntu_installation.yml create mode 100644 roles/signalfx_splunk_agent_configuration/tasks/yum_installation.yml create mode 100644 roles/signalfx_splunk_agent_configuration/templates/http.yaml.j2 create mode 100644 roles/signalfx_splunk_agent_configuration/templates/systemd.yaml.j2 create mode 100644 roles/signalfx_splunk_agent_configuration/vars/main.yml create mode 100644 roles/testnode/README.rst create mode 100644 roles/testnode/defaults/main.yml create mode 100644 roles/testnode/handlers/main.yml create mode 100644 roles/testnode/meta/main.yml create mode 100644 roles/testnode/tasks/apt/packages.yml create mode 100644 roles/testnode/tasks/apt/repos.yml create mode 100644 roles/testnode/tasks/apt_systems.yml create mode 100644 roles/testnode/tasks/cachefilesd.yaml create mode 100644 roles/testnode/tasks/check-for-nvme.yml create mode 100644 roles/testnode/tasks/cloud-init.yml create mode 100644 roles/testnode/tasks/configure_lvm.yml create mode 100644 roles/testnode/tasks/cpan.yml create mode 100644 roles/testnode/tasks/drive_partitioning.yml create mode 100644 roles/testnode/tasks/filesystems.yml create mode 100644 roles/testnode/tasks/imitate_ubuntu.yml create mode 100644 roles/testnode/tasks/lvm.yml create mode 100644 roles/testnode/tasks/main.yml create mode 100644 roles/testnode/tasks/nfs.yml create mode 100644 roles/testnode/tasks/ntp.yml create mode 100644 roles/testnode/tasks/pip.yml create mode 100644 roles/testnode/tasks/redhat/rhel_6.yml create mode 100644 roles/testnode/tasks/redhat/rhel_7.yml create mode 100644 roles/testnode/tasks/resolvconf.yml create mode 100644 roles/testnode/tasks/set_hostname.yml create mode 100644 roles/testnode/tasks/setup-centos.yml create mode 100644 roles/testnode/tasks/setup-debian.yml create mode 100644 roles/testnode/tasks/setup-fedora.yml create mode 100644 roles/testnode/tasks/setup-opensuse.yml create mode 100644 roles/testnode/tasks/setup-redhat.yml create mode 100644 roles/testnode/tasks/setup-ubuntu-non-aarch64.yml create mode 100644 roles/testnode/tasks/setup-ubuntu.yml create mode 100644 roles/testnode/tasks/ssh.yml create mode 100644 roles/testnode/tasks/static_ip.yml create mode 100644 roles/testnode/tasks/user.yml create mode 100644 roles/testnode/tasks/var_lib.yml create mode 100644 roles/testnode/tasks/vars.yml create mode 100644 roles/testnode/tasks/yum/abrt.yml create mode 100644 roles/testnode/tasks/yum/firewall.yml create mode 100644 roles/testnode/tasks/yum/gpg_keys.yml create mode 100644 roles/testnode/tasks/yum/packages.yml create mode 100644 roles/testnode/tasks/yum/repos.yml create mode 100644 roles/testnode/tasks/yum_systems.yml create mode 100644 roles/testnode/tasks/zap_disks.yml create mode 100644 roles/testnode/tasks/zypper/packages.yml create mode 100644 roles/testnode/tasks/zypper_systems.yml create mode 100644 roles/testnode/templates/apt/ceph.pref create mode 100644 roles/testnode/templates/apt/sources.list.jessie create mode 100644 roles/testnode/templates/apt/sources.list.precise create mode 100644 roles/testnode/templates/apt/sources.list.trusty create mode 100644 roles/testnode/templates/apt/sources.list.wheezy create mode 100644 roles/testnode/templates/cachefilesd.j2 create mode 100644 roles/testnode/templates/chrony.conf create mode 100644 roles/testnode/templates/cpan_config.pm create mode 100644 roles/testnode/templates/cron/kernel-clean create mode 100644 roles/testnode/templates/exports create mode 100644 roles/testnode/templates/fuse.conf create mode 100644 roles/testnode/templates/grub create mode 100644 roles/testnode/templates/grub.d/02_force_timeout create mode 100644 roles/testnode/templates/limits.conf create mode 100644 roles/testnode/templates/modules create mode 100644 roles/testnode/templates/ntp.conf create mode 100644 roles/testnode/templates/pip.conf create mode 100644 roles/testnode/templates/remote.conf create mode 100644 roles/testnode/templates/security_limits.conf create mode 100644 roles/testnode/templates/ssh/ssh_config create mode 100644 roles/testnode/templates/ssh/sshd_config_centos_6 create mode 100644 roles/testnode/templates/ssh/sshd_config_centos_7 create mode 100644 roles/testnode/templates/ssh/sshd_config_centos_8 create mode 100644 roles/testnode/templates/ssh/sshd_config_centos_9 create mode 100644 roles/testnode/templates/ssh/sshd_config_debian_7 create mode 100644 roles/testnode/templates/ssh/sshd_config_debian_8 create mode 100644 roles/testnode/templates/ssh/sshd_config_fedora_22 create mode 100644 roles/testnode/templates/ssh/sshd_config_opensuse_leap_15 create mode 100644 roles/testnode/templates/ssh/sshd_config_opensuse_leap_42 create mode 100644 roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA create mode 100644 roles/testnode/templates/ssh/sshd_config_redhat_6 create mode 100644 roles/testnode/templates/ssh/sshd_config_redhat_7 create mode 100644 roles/testnode/templates/ssh/sshd_config_redhat_8 create mode 100644 roles/testnode/templates/ssh/sshd_config_redhat_9 create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_12 create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_14 create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_15 create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_16 create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_18 create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_20 create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_22 create mode 100755 roles/testnode/templates/sudoers create mode 100644 roles/testnode/templates/wgetrc create mode 100644 roles/testnode/templates/yum_repo.j2 create mode 100644 roles/testnode/vars/apt_systems.yml create mode 100644 roles/testnode/vars/centos_6.yml create mode 100644 roles/testnode/vars/centos_7.yml create mode 100644 roles/testnode/vars/centos_8.yml create mode 100644 roles/testnode/vars/centos_8_stream.yml create mode 100644 roles/testnode/vars/centos_9.yml create mode 100644 roles/testnode/vars/debian_7.yml create mode 100644 roles/testnode/vars/debian_8.yml create mode 120000 roles/testnode/vars/dnf_systems.yml create mode 100644 roles/testnode/vars/empty.yml create mode 100644 roles/testnode/vars/fedora_22.yml create mode 100644 roles/testnode/vars/opensuse_leap_15.0.yml create mode 100644 roles/testnode/vars/opensuse_leap_15.1.yml create mode 100644 roles/testnode/vars/opensuse_leap_15.2.yml create mode 100644 roles/testnode/vars/redhat_6.yml create mode 100644 roles/testnode/vars/redhat_7.6.yml create mode 100644 roles/testnode/vars/redhat_7.8.yml create mode 100644 roles/testnode/vars/redhat_7.yml create mode 100644 roles/testnode/vars/redhat_8.yml create mode 100644 roles/testnode/vars/redhat_9.yml create mode 100644 roles/testnode/vars/ubuntu.yml create mode 100644 roles/testnode/vars/ubuntu_12.04.yml create mode 100644 roles/testnode/vars/ubuntu_14.yml create mode 100644 roles/testnode/vars/ubuntu_15.yml create mode 100644 roles/testnode/vars/ubuntu_16.yml create mode 100644 roles/testnode/vars/ubuntu_18.yml create mode 100644 roles/testnode/vars/ubuntu_20.yml create mode 100644 roles/testnode/vars/ubuntu_22.yml create mode 100644 roles/testnode/vars/yum_systems.yml create mode 100644 roles/testnode/vars/zypper_systems.yml create mode 100644 roles/teuthology/README.rst create mode 100644 roles/teuthology/defaults/main.yml create mode 100644 roles/teuthology/meta/main.yml create mode 100644 roles/teuthology/tasks/apt_systems.yml create mode 100644 roles/teuthology/tasks/main.yml create mode 100644 roles/teuthology/tasks/setup_log_access.yml create mode 100644 roles/teuthology/tasks/setup_users.yml create mode 100644 roles/teuthology/tasks/yum_systems.yml create mode 100644 roles/teuthology/tasks/zypper_systems.yml create mode 100644 roles/teuthology/templates/nginx.conf create mode 100644 roles/teuthology/templates/teuthology-worker.init create mode 100644 roles/teuthology/templates/teuthology.yaml create mode 100755 roles/teuthology/templates/update-crontab.sh create mode 100644 roles/teuthology/vars/apt_systems.yml create mode 100644 roles/teuthology/vars/yum_systems.yml create mode 100644 roles/teuthology/vars/zypper_opensuse_leap_15.0.yml create mode 100644 roles/teuthology/vars/zypper_opensuse_leap_15.1.yml create mode 100644 roles/teuthology/vars/zypper_opensuse_leap_15.2.yml create mode 100644 roles/teuthology/vars/zypper_opensuse_leap_15.3.yml create mode 100644 roles/teuthology/vars/zypper_opensuse_leap_42.3.yml create mode 100644 roles/users/README.rst create mode 100644 roles/users/defaults/main.yml create mode 100644 roles/users/tasks/create_users.yml create mode 100644 roles/users/tasks/filter_users.yml create mode 100644 roles/users/tasks/main.yml create mode 100644 roles/users/tasks/revoke_users.yml create mode 100644 roles/users/tasks/update_keys.yml create mode 100644 roles/vmhost/README.rst create mode 100644 roles/vmhost/files/interfaces create mode 100644 roles/vmhost/files/libvirt-net-front.xml create mode 100644 roles/vmhost/tasks/libvirt.yml create mode 100644 roles/vmhost/tasks/main.yml create mode 100644 roles/vmhost/tasks/networking.yml create mode 100644 roles/vmhost/tasks/packages.yml create mode 100644 roles/vmhost/vars/main.yml create mode 100644 rook.yml create mode 100644 set_python_path.yml create mode 100644 signalfx.yml create mode 100644 testnodes.yml create mode 100644 teuthology.yml create mode 100755 tools/checkcerts.py create mode 100755 tools/cobbler-access.sh create mode 100644 tools/convert-to-centos-stream.yml create mode 100644 tools/dot.vmlist.conf create mode 100644 tools/downstream-jenkins-sync-jobs.yml create mode 100644 tools/generate-fog-csv.yml create mode 100644 tools/incerta-nic.yml create mode 100644 tools/jenkins-builder-disk.yml create mode 100755 tools/openvpn/maketar.sh create mode 100644 tools/openvpn/sepia/ca.crt create mode 100644 tools/openvpn/sepia/client.conf create mode 100755 tools/openvpn/sepia/new-client create mode 100644 tools/openvpn/sepia/tlsauth create mode 100644 tools/prep-fog-capture.yml create mode 100644 tools/roles/generate-fog-csv/tasks/main.yml create mode 100644 tools/roles/generate-fog-csv/templates/csv.j2 create mode 100644 tools/set-bmc-static.yml create mode 100644 tools/set-next-server-local.sh create mode 100644 tools/set-next-server.sh create mode 100644 tools/switch-secrets.sh create mode 100644 tools/update-nvme-firmware.yml create mode 100755 tools/vmlist.py create mode 100644 users.yml create mode 100644 vmhost.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..578703e5 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,25 @@ +--- +skip_list: + - command-instead-of-module + - command-instead-of-shell + - deprecated-command-syntax + - deprecated-local-action + - empty-string-compare + - experimental + - fqcn[action-core] + - fqcn[action] + - git-latest + - jinja + - literal-compare + - load-failure + - meta-no-info + - name[casing] + - no-changed-when + - no-handler + - no-jinja-when + - no-relative-paths + - package-latest + - risky-file-permissions + - risky-shell-pipe + - role-name + - unnamed-task diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 00000000..e334a5ac --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,38 @@ +name: tests + +on: [push, pull_request] + +jobs: + syntax-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install ansible + run: | + sudo apt-get update + sudo apt-get purge ansible + sudo apt-get install python3-setuptools + pip3 install ansible --user + - name: ansible-playbook syntax check + run: | + export PATH=$PATH:$HOME/.local/bin + sed -i /^vault_password_file/d ansible.cfg + ansible-playbook -i localhost, cephlab.yml --syntax-check + ansible-lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install ansible-lint + run: | + sudo apt-get update + sudo apt-get purge ansible + sudo apt-get install python3-setuptools + # This pinned ansible version should match teuthology's + # requirements.txt. + # And we choose an ansible-lint version to be compatible with this + # Ansible version. + pip3 install ansible==2.10.7 ansible-lint[core]==5.4.0 --user + - name: Run ansible-lint + run: | + export PATH=$PATH:$HOME/.local/bin + ansible-lint -v roles/* diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..3a5b30d2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.swp +virtualenv +*.pyc diff --git a/README.rst b/README.rst new file mode 100644 index 00000000..41306933 --- /dev/null +++ b/README.rst @@ -0,0 +1,148 @@ +Overview +======== + +This project is meant to store ansible roles for managing the nodes in the ceph +testing labs. + +Inventory +========= + +As this repo only contains roles, it does not define the ansible inventory or +any associated group_vars or host_vars. However, it does depend on these +things existing in a separate repository or otherwise accesible by these roles +when they are used. Any vars a role needs should be added to its +``defaults/main.yml`` file to document what must be defined per node or group +in your inventory. + +This separation is important because we have multiple labs we manage with these +same roles and each lab has different configuration needs. We call these our +``secrets`` or ``*-secrets`` repos throughout the rest of the documention and +in the roles. + +Besides the inventory, ``secrets`` repos also may contain certain secret or +encrypted files that we can not include in ceph-cm-ansible for various reasons. + +The directory structure for one of our ``secrets`` repos is:: + + ├── ansible +    ├── inventory +    │   ├── group_vars +    │   │   ├── all.yml +    │   │   ├── cobbler.yml +    │   │   ├── testnodes.yml +    │   │   ├── teuthology.yml +    │   │   └── typica.yml +    │   └── sepia +    └── secrets +    └── entitlements.yml + +Refer to Step 2 below for instructions on how to setup a ``secrets`` repo for +use by ceph-cm-ansible. If set up this way, -i is not necessary for +ansible-playbook to find the repo. However, you can choose your own setup and +point to the ``secrets`` repo with -i if you prefer. + +**NOTE:** Some playbooks require specific groups to be defined in your +inventory. Please refer to ``hosts`` in the playbook you want to use to ensure +you've got the proper groups defined. + +Where should I put variables? +----------------------------- + +All variables should be defined in ``defaults/main.yml`` for the role they're +primarily used in. If the variable you're adding can be used in multiple roles +define it in ``defaults/main.yml`` for both roles. If the variable can contain +a reasonable default value that should work for all possible labs then define +that value in ``defaults/main.yml`` as well. If not, you should still default +the variable to something, but make the tasks that use the variable either fail +gracefully without that var or prompt the user to define it if it's mandatory. + +If the variable is something that might need to be defined with a value +specific to the lab in use, then it'll need to be added to your ``secrets`` +repo as well. Variables in ``group_vars/all.yml`` will apply to all nodes +unless a group_var file exists that is more specific for that node. For +example, if you define the var ``foo: bar`` in ``all.yml`` and the node you're +running ansible against exists in the ``testnodes`` group and there is a +``group_vars/testnodes.yml`` file defined with ``foo: baz`` included in it then +the role using the variable will use the value defined in ``testnodes.yml``. +The playbook you're using knows which group_var file to use because of the +``hosts`` value defined for it. + + +Setting up a local dev environment +================================== + +We assume that your SSH key is present and active for passwordless access to +the "ubuntu" shell user on the hosts that ansible will manage. + +Step 1: Install ansible +----------------------- + +You can use pip:: + + pip install ansible + +or use the OS package manager:: + + yum install ansible + +Step 2: Set up secrets repository +--------------------------------- + +Clone the secrets repository and symlink the ``hosts`` and ``secrets`` +directories into place:: + + cd $HOME/src/ + git clone git@github.com:ceph/ceph-sepia-secrets.git + + # If needed, get the path for ceph-octo-secrets from a downstream dev + + sudo mv /etc/ansible/hosts /etc/ansible/hosts.default + + sudo ln -s ~/src/ceph-sepia-secrets/ansible/inventory /etc/ansible/hosts + sudo ln -s ~/src/ceph-sepia-secrets/ansible/secrets /etc/ansible/secrets + +Step 3: Clone the main Ceph ansible repo +---------------------------------------- + +Clone the main Ceph ansible repository:: + + git clone git@github.com:ceph/ceph-cm-ansible.git + cd ceph-cm-ansible + +Step 4 (Optional) Modify ``hosts`` files +---------------------------------------- +If you have any new hosts on which you'd like to run ansible, or if you're +using separate testing VMs, edit the files in ``/etc/ansible/hosts`` to add +your new (or testing) hosts:: + + vi /etc/ansible/hosts/ + +If you don't need to test on any new hosts, you can skip this step and just use +``/etc/ansible/hosts`` as-is. + +Step 5: Run ``ansible-playbook`` +-------------------------------- + +You can now run ``ansible-playbook``:: + + vi myplaybook.yml + ansible-playbook myplaybook.yml -vv --check --diff + +This will print a lot of debugging output to your console. + +Adding a new host to ansible +============================ + +Ansible runs using the "cm" shell account. + +Let's say you've created a new VM host using downburst. At this point you +should have a new VM with the "ubuntu" UID present. The problem is that Ansible +uses the "cm" user. In order to get that UID set up: + +1. Add your host to the inventory. Look in your lab's ``secrets`` repository, + in the ``ansible/inventory/`` directory, and add your new node. + +2. Run the ``cephlab.yml`` playbook, limited to your new host "mynewhost":: + + ansible-playbook -vv --limit mynewhost cephlab.yml + diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 00000000..ccd0bbc0 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,12 @@ +[defaults] +ansible_managed = This file is managed by ansible, don't make changes here - they will be overwritten. +# this works when testing from my laptop, but will need to +# be changed when it lives in a production environment +vault_password_file = ~/.vault_pass.txt +timeout = 120 +callback_whitelist = profile_tasks +# default is 0.001, resulting in a storm of select(NULL, ..., 1ms) syscalls +internal_poll_interval = 0.01 + +[ssh_connection] +retries = 5 diff --git a/ansible_managed.yml b/ansible_managed.yml new file mode 100644 index 00000000..102cb73f --- /dev/null +++ b/ansible_managed.yml @@ -0,0 +1,12 @@ +--- +# a playbook to create the necessary users, groups and +# sudoer settings needed for ansible to manage a node. +- hosts: all + strategy: free +# this used to be set to ubuntu but the {{ cm_user }} is the only +# user that gets created during kickstart + vars: + ansible_ssh_user: "{{ cm_user }}" + roles: + - ansible-managed + become: true diff --git a/callback_plugins/failure_log.py b/callback_plugins/failure_log.py new file mode 100644 index 00000000..31632a2b --- /dev/null +++ b/callback_plugins/failure_log.py @@ -0,0 +1,76 @@ +""" +This callback plugin writes ansible failures to a log as yaml. This way you +can parse the file later and use the ansible failures for other reporting +or logging. + +A log will not be written unless the environment variable ANSIBLE_FAILURE_LOG +is present and contains a path to a file to write the log to. +""" +import yaml +import os +import logging + +import ansible +ANSIBLE_MAJOR = int(ansible.__version__.split('.')[0]) + +if ANSIBLE_MAJOR >= 2: + from ansible.plugins.callback import CallbackBase as callback_base +else: + callback_base = object + +# Add a default representer so that we don't crash upon encountering +# instances of AnsibleUnicode or AnsibleUnsafeText +def default_representer(dumper, data): + return dumper.represent_scalar('tag:yaml.org,2002:str', str(data)) + +yaml.SafeDumper.add_representer(None, default_representer) + +log = logging.getLogger(__name__) +# We only want to log if this env var is populated with +# a file path of where the log should live. +fail_log = os.environ.get('ANSIBLE_FAILURE_LOG') +if fail_log: + handler = logging.FileHandler(filename=fail_log) + log.addHandler(handler) + + +def log_failure(host, result): + """ + If the environment variable ANSIBLE_FAILURE_LOG is present + a log of all failures in the playbook will be persisted to + the file path given in ANSIBLE_FAILURE_LOG. + """ + if fail_log: + failure = {"{0}".format(host): dict()} + failure[host] = result + try: + log.error(yaml.safe_dump(failure)) + except Exception: + log.exception("Failure object was: %s", str(failure)) + + +class CallbackModule(callback_base): + """ + This Ansible callback plugin writes task failures to a yaml file. + """ + CALLBACK_VERSION = 2.0 + CALLBACK_TYPE = 'notification' + CALLBACK_NAME = 'failure_log' + + def runner_on_failed(self, host, result, ignore_errors=False): + """ + A hook that will be called on every task failure. + """ + if ignore_errors: + return + try: + log_failure(host, result) + except: + import traceback + traceback.print_exc() + + def runner_on_unreachable(self, host, result): + """ + A hook that will be called on every task that is unreachable. + """ + log_failure(host, result) diff --git a/cephlab.yml b/cephlab.yml new file mode 100644 index 00000000..ecd58308 --- /dev/null +++ b/cephlab.yml @@ -0,0 +1,42 @@ +--- +# ensure the node is setup to be managed by ansible +# eventually, most of the things here will be done by +# cobbler / downburst / cloud-init. +- import_playbook: ansible_managed.yml + +# if this node is in the teuthology group, configure it +- import_playbook: teuthology.yml + +- hosts: testnodes + tasks: + - set_fact: + ran_from_cephlab_playbook: true + +# if this node is in the testnode group, configure it +- import_playbook: testnodes.yml + +# a number of different groups get docker/podman installed and configured +- import_playbook: container-host.yml + +# if this node is in the pcp group, configure it +#- import_playbook: pcp.yml + +# if this node is in the cobbler group, configure it +- import_playbook: cobbler.yml + +# if this node is in the paddles group, configure it +- import_playbook: paddles.yml + +# if this node is in the pulpito group, configure it +- import_playbook: pulpito.yml + +# Touch a file to indicate we are done. This is something chef did; +# teuthology.task.internal.vm_setup() expects it. +- hosts: testnodes + become: true + tasks: + - name: Touch /ceph-qa-ready + file: + path: /ceph-qa-ready + state: touch + when: ran_from_cephlab_playbook|bool diff --git a/cobbler.yml b/cobbler.yml new file mode 100644 index 00000000..f0b2709d --- /dev/null +++ b/cobbler.yml @@ -0,0 +1,64 @@ +--- +- hosts: cobbler + roles: + - common + - cobbler + - { role: cobbler_profile, distro_name: inktank-rescue, tags: ['inktank-rescue'] } + - { role: cobbler_profile, distro_name: dban-2.3.0-autonuke, tags: ['dban-autonuke'] } + - { role: cobbler_profile, distro_name: RHEL-6.6-Server-x86_64, tags: ['rhel6.6'] } + - { role: cobbler_profile, distro_name: RHEL-6.7-Server-x86_64, tags: ['rhel6.7'] } + - { role: cobbler_profile, distro_name: RHEL-6.8-Server-x86_64, tags: ['rhel6.8'] } + - { role: cobbler_profile, distro_name: RHEL-7.0-Server-x86_64, tags: ['rhel7.0'] } + - { role: cobbler_profile, distro_name: RHEL-7.1-Server-x86_64, tags: ['rhel7.1'] } + - { role: cobbler_profile, distro_name: RHEL-7.2-Server-x86_64, tags: ['rhel7.2'] } + - { role: cobbler_profile, distro_name: RHEL-7.3-Server-x86_64, tags: ['rhel7.3'] } + - { role: cobbler_profile, distro_name: RHEL-7.4-Server-x86_64, tags: ['rhel7.4'] } + - { role: cobbler_profile, distro_name: RHEL-7.5-Server-x86_64, tags: ['rhel7.5'] } + - { role: cobbler_profile, distro_name: RHEL-7.6-Server-x86_64, tags: ['rhel7.6'] } + - { role: cobbler_profile, distro_name: RHEL-7.7-Server-x86_64, tags: ['rhel7.7'] } + - { role: cobbler_profile, distro_name: RHEL-7.8-Server-x86_64, tags: ['rhel7.8'] } + - { role: cobbler_profile, distro_name: RHEL-7.9-Server-x86_64, tags: ['rhel7.9'] } + - { role: cobbler_profile, distro_name: RHEL-8.0-Server-x86_64, tags: ['rhel8.0'] } + - { role: cobbler_profile, distro_name: RHEL-8.1-Server-x86_64, tags: ['rhel8.1'] } + - { role: cobbler_profile, distro_name: RHEL-8.2-Server-x86_64, tags: ['rhel8.2'] } + - { role: cobbler_profile, distro_name: RHEL-8.3-Server-x86_64, tags: ['rhel8.3'] } + - { role: cobbler_profile, distro_name: RHEL-8.4-Server-x86_64, tags: ['rhel8.4'] } + - { role: cobbler_profile, distro_name: RHEL-8.5-Server-x86_64, tags: ['rhel8.5'] } + - { role: cobbler_profile, distro_name: RHEL-8.6-Server-x86_64, tags: ['rhel8.6'] } + - { role: cobbler_profile, distro_name: RHEL-9.0-Server-x86_64, tags: ['rhel9.0'] } + - { role: cobbler_profile, distro_name: RHEL-9.3-Server-x86_64, tags: ['rhel9.3'] } + - { role: cobbler_profile, distro_name: Fedora-22-Server-x86_64, tags: ['fedora22'] } + - { role: cobbler_profile, distro_name: Fedora-31-Server-x86_64, tags: ['fedora31'] } + - { role: cobbler_profile, distro_name: CentOS-6.7-x86_64, tags: ['centos6.7'] } + - { role: cobbler_profile, distro_name: CentOS-7.0-x86_64, tags: ['centos7.0'] } + - { role: cobbler_profile, distro_name: CentOS-7.1-x86_64, tags: ['centos7.1'] } + - { role: cobbler_profile, distro_name: CentOS-7.2-x86_64, tags: ['centos7.2'] } + - { role: cobbler_profile, distro_name: CentOS-7.3-x86_64, tags: ['centos7.3'] } + - { role: cobbler_profile, distro_name: CentOS-7.4-x86_64, tags: ['centos7.4'] } + - { role: cobbler_profile, distro_name: CentOS-7.5-x86_64, tags: ['centos7.5'] } + - { role: cobbler_profile, distro_name: CentOS-7.6-x86_64, tags: ['centos7.6'] } + - { role: cobbler_profile, distro_name: CentOS-7.7-x86_64, tags: ['centos7.7'] } + - { role: cobbler_profile, distro_name: CentOS-7.8-arm, tags: ['centos7.8-arm'] } + - { role: cobbler_profile, distro_name: CentOS-7.9-x86_64, tags: ['centos7.9'] } + - { role: cobbler_profile, distro_name: CentOS-8.0-x86_64, tags: ['centos8.0'] } + - { role: cobbler_profile, distro_name: CentOS-8.1-x86_64, tags: ['centos8.1'] } + - { role: cobbler_profile, distro_name: CentOS-8.1-aarch64, tags: ['centos8.1-aarch64'] } + - { role: cobbler_profile, distro_name: CentOS-8.2-x86_64, tags: ['centos8.2'] } + - { role: cobbler_profile, distro_name: CentOS-8.3-x86_64, tags: ['centos8.3'] } + - { role: cobbler_profile, distro_name: CentOS-8.4-x86_64, tags: ['centos8.4'] } + - { role: cobbler_profile, distro_name: CentOS-8.5-x86_64, tags: ['centos8.5'] } + - { role: cobbler_profile, distro_name: CentOS-8.stream-x86_64, tags: ['centos8.stream'] } + - { role: cobbler_profile, distro_name: CentOS-9.stream-x86_64, tags: ['centos9.stream'] } + - { role: cobbler_profile, distro_name: Rocky-9.5-x86_64, tags: ['rocky9.5'] } + - { role: cobbler_profile, distro_name: Ubuntu-12.04-server-x86_64, tags: ['ubuntu-precise'] } + - { role: cobbler_profile, distro_name: Ubuntu-14.04-server-x86_64, tags: ['ubuntu-trusty'] } + - { role: cobbler_profile, distro_name: Ubuntu-15.04-server-x86_64, tags: ['ubuntu-vivid'] } + - { role: cobbler_profile, distro_name: Ubuntu-16.04-server-x86_64, tags: ['ubuntu-xenial'] } + - { role: cobbler_profile, distro_name: Ubuntu-18.04-server-x86_64, tags: ['ubuntu-bionic'] } + - { role: cobbler_profile, distro_name: Ubuntu-20.04-server-x86_64, tags: ['ubuntu-focal'] } + - { role: cobbler_profile, distro_name: openSUSE-15.0-x86_64, tags: ['opensuse-15.0'] } + - { role: cobbler_profile, distro_name: openSUSE-15.1-x86_64, tags: ['opensuse-15.1'] } + - { role: cobbler_profile, distro_name: openSUSE-15.2-x86_64, tags: ['opensuse-15.2'] } + - { role: cobbler_profile, distro_name: VMware-ESXi-7.0-x86_64, tags: ['esxi-7.0'] } + - cobbler_systems + become: true diff --git a/common.yml b/common.yml new file mode 100644 index 00000000..da112beb --- /dev/null +++ b/common.yml @@ -0,0 +1,6 @@ +--- +- hosts: all + strategy: free + roles: + - common + become: true diff --git a/container-host.yml b/container-host.yml new file mode 100644 index 00000000..addabf54 --- /dev/null +++ b/container-host.yml @@ -0,0 +1,15 @@ +--- +- hosts: + - testnodes + - senta + - vossi + - jenkins_builders + - folio + roles: + - secrets + - container-host + tags: + - container + - container-mirror + strategy: free + become: true diff --git a/dhcp-server.yml b/dhcp-server.yml new file mode 100644 index 00000000..3240ff7c --- /dev/null +++ b/dhcp-server.yml @@ -0,0 +1,5 @@ +--- +- hosts: dhcp_server + roles: + - dhcp-server + become: true diff --git a/downstream_setup.yml b/downstream_setup.yml new file mode 100644 index 00000000..eadd347c --- /dev/null +++ b/downstream_setup.yml @@ -0,0 +1,7 @@ +--- +# A playbook used to setup a node for downstream +# RHCeph testing. +- hosts: testnodes + roles: + - downstream-setup + become: true diff --git a/firmware.yml b/firmware.yml new file mode 100644 index 00000000..a1e91246 --- /dev/null +++ b/firmware.yml @@ -0,0 +1,12 @@ +--- +# "any_errors_fatal: true" makes sure the run stops if any problems happen. +# This gives you the ability to flash backed up firmwares or diagnose +# problems without the playbook cleaning up after itself or causing more damage. + +- hosts: all + any_errors_fatal: true + strategy: free + roles: + - secrets + - firmware + become: true diff --git a/fog-server.yml b/fog-server.yml new file mode 100644 index 00000000..9479c23c --- /dev/null +++ b/fog-server.yml @@ -0,0 +1,10 @@ +--- +- hosts: fog_server + roles: + - fog-server + become: true + vars_prompt: + - name: "fog_force" + prompt: "\nWARNING: It is not safe to run this role on a running FOG server that\nhas or may have scheduled tasks.\nDo you want to forcefully install/update/restart FOG? (yes|no)" + default: "no" + private: no diff --git a/gateway.yml b/gateway.yml new file mode 100644 index 00000000..f9162c7d --- /dev/null +++ b/gateway.yml @@ -0,0 +1,6 @@ +--- +- hosts: gateway + roles: + - common + - gateway + become: true diff --git a/grafana_agent.yml b/grafana_agent.yml new file mode 100644 index 00000000..0ccbaeed --- /dev/null +++ b/grafana_agent.yml @@ -0,0 +1,6 @@ +--- +- hosts: all + strategy: free + roles: + - grafana_agent + become: true diff --git a/long_running_cluster.yml b/long_running_cluster.yml new file mode 100644 index 00000000..f9eabf7e --- /dev/null +++ b/long_running_cluster.yml @@ -0,0 +1,12 @@ +--- +- hosts: long_running_cluster + tasks: + - name: Pull in vars from common role + include_vars: "roles/common/vars/{{ ansible_pkg_mgr }}_systems.yml" + +- hosts: long_running_cluster + become: true + roles: + - long_running_cluster + handlers: + - import_tasks: roles/common/handlers/main.yml diff --git a/maas.yml b/maas.yml new file mode 100644 index 00000000..7cbb992e --- /dev/null +++ b/maas.yml @@ -0,0 +1,6 @@ +--- +- hosts: maas + roles: + - secrets + - maas + become: true diff --git a/nameserver.yml b/nameserver.yml new file mode 100644 index 00000000..677810ac --- /dev/null +++ b/nameserver.yml @@ -0,0 +1,6 @@ +--- +- hosts: nameserver + roles: + - common + - nameserver + become: true diff --git a/nsupdate_web.yml b/nsupdate_web.yml new file mode 100644 index 00000000..81852bd7 --- /dev/null +++ b/nsupdate_web.yml @@ -0,0 +1,6 @@ +--- +- hosts: nsupdate_web + roles: + - common + - nsupdate_web + become: true diff --git a/ntp-server.yml b/ntp-server.yml new file mode 100644 index 00000000..fc93e5de --- /dev/null +++ b/ntp-server.yml @@ -0,0 +1,5 @@ +--- +- hosts: ntp_server + roles: + - ntp-server + become: true diff --git a/packages.yml b/packages.yml new file mode 100644 index 00000000..d19956ec --- /dev/null +++ b/packages.yml @@ -0,0 +1,4 @@ +--- +- hosts: all + roles: + - packages diff --git a/paddles.yml b/paddles.yml new file mode 100644 index 00000000..b4e8b243 --- /dev/null +++ b/paddles.yml @@ -0,0 +1,6 @@ +--- +- hosts: paddles + roles: + - common + - paddles + become: true diff --git a/pcp.yml b/pcp.yml new file mode 100644 index 00000000..91058afd --- /dev/null +++ b/pcp.yml @@ -0,0 +1,6 @@ +--- +- hosts: pcp + strategy: free + roles: + - pcp + become: true diff --git a/public_facing.yml b/public_facing.yml new file mode 100644 index 00000000..bf80e38c --- /dev/null +++ b/public_facing.yml @@ -0,0 +1,5 @@ +--- +- hosts: public_facing + roles: + - public_facing + become: true diff --git a/pulpito.yml b/pulpito.yml new file mode 100644 index 00000000..ecd1c3bf --- /dev/null +++ b/pulpito.yml @@ -0,0 +1,5 @@ +--- +- hosts: pulpito + roles: + - common + - pulpito diff --git a/roles/ansible-managed/tasks/main.yml b/roles/ansible-managed/tasks/main.yml new file mode 100644 index 00000000..b2507e47 --- /dev/null +++ b/roles/ansible-managed/tasks/main.yml @@ -0,0 +1,62 @@ +--- +- name: Create the sudo group. + group: + name: sudo + state: present + tags: + - user + +- name: Create the ansible user. + user: + name: "{{ cm_user }}" + groups: sudo + shell: /bin/bash + uid: "{{ cm_user_uid }}" + update_password: on_create + when: cm_user is defined and cm_user_uid is defined + register: user_created + failed_when: > + user_created.rc is defined and + user_created.rc != 0 and + ('user cm is currently used' not in user_created.msg | default('')) + tags: + - user + +- name: Delete the ansible users password. + command: "passwd -d {{ cm_user }}" + when: user_created is defined and user_created is changed + tags: + - user + +- name: Ensure includedir is present in sudoers. + lineinfile: + dest: /etc/sudoers + line: "#includedir /etc/sudoers.d" + state: present + validate: visudo -cf %s + tags: + - sudoers + - user + +- name: Create the cephlab_sudo sudoers.d file. + template: + src: cephlab_sudo + dest: /etc/sudoers.d/cephlab_sudo + owner: root + group: root + mode: 0440 + validate: visudo -cf %s + tags: + - sudoers + - user + +- name: Add authorized keys for the ansible user. + authorized_key: + user: "{{ cm_user }}" + key: "{{ cm_user_ssh_keys|join('\n') }}" + exclusive: True + when: cm_user_ssh_keys is defined and + cm_user is defined + become: true + tags: + - pubkeys diff --git a/roles/ansible-managed/templates/cephlab_sudo b/roles/ansible-managed/templates/cephlab_sudo new file mode 100644 index 00000000..6febac3c --- /dev/null +++ b/roles/ansible-managed/templates/cephlab_sudo @@ -0,0 +1,5 @@ +# {{ ansible_managed }} +%sudo ALL=(ALL) NOPASSWD: ALL +# For ansible pipelining +Defaults !requiretty +Defaults visiblepw diff --git a/roles/cobbler/defaults/main.yml b/roles/cobbler/defaults/main.yml new file mode 100644 index 00000000..17092771 --- /dev/null +++ b/roles/cobbler/defaults/main.yml @@ -0,0 +1,86 @@ +--- +# These defaults are present to allow certain tasks to no-op if a secrets repo +# hasn't been defined. If you want to override these, do so in the secrets repo +# itself. We override these in $repo/ansible/inventory/group_vars/cobbler.yml +secrets_repo: + name: UNDEFINED + url: null + +# Where to download ISOs +iso_dir: /var/lib/cobbler/isos +# Mount point to use for ISOs during import +iso_mount: /mnt/iso +# Where to put kernel/initrd files for image-based ISOs +other_image_dir: /var/lib/cobbler/other_boot_images + +users_digest_lines: + # default password is 'cobbler' - change it in a secrets repo! + - "cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3" + +settings: + - name: yum_post_install_mirror + value: 0 + - name: signature_url + value: http://cobbler.github.io/signatures/2.6.x/latest.json + - name: server + value: "{{ ip }}" + - name: next_server + value: "{{ ip }}" + - name: pxe_just_once + value: 1 + +kickstarts: + - cephlab_rhel.ks + - cephlab_rhel_sdc.ks + - cephlab_ubuntu.preseed + - cephlab_opensuse_leap.xml + +snippets: + - cephlab_user + - cephlab_hostname + - cephlab_packages_rhel + - cephlab_rc_local + - cephlab_rhel_disks + - cephlab_post_install_kernel_options + - cephlab_rhel_rhsm + +scripts: + - cephlab_preseed_late + +triggers: + - install/post/cephlab_ansible.sh + +utils: + - console.sh + - reboot.sh + - reimage.sh + +cm_user_ssh_keys: [] + +cm_user: '' +cm_user_uid: '' + +# A list of lines to add to resolv.conf and resolv.conf.d/base +# An example: +# resolvconf: +# - "nameserver x.x.x.x" +# - "search an.example.com" +resolvconf: [] + +power_type: ipmilan +# power_user and power_pass defaults will need to be overridden in a secrets +# repo to be useful +power_user: poweruser +power_pass: powerpass + +pip_packages: + - pip + - ansible + +cobbler_settings_file: /etc/cobbler/settings + +kopts_flag: "--kopts" + +autoinstall_flag: "--kickstart" + +ks_dir: /var/lib/cobbler/kickstarts diff --git a/roles/cobbler/meta/main.yml b/roles/cobbler/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/cobbler/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/cobbler/tasks/apt_systems.yml b/roles/cobbler/tasks/apt_systems.yml new file mode 100644 index 00000000..037e32de --- /dev/null +++ b/roles/cobbler/tasks/apt_systems.yml @@ -0,0 +1,12 @@ +--- +- name: Install cobbler + apt: + name: "{{ cobbler_package }}" + state: latest + register: install_cobbler + +- name: Install extra cobbler packages + apt: + name: "{{ cobbler_extra_packages|list }}" + state: latest + when: cobbler_extra_packages|length > 0 diff --git a/roles/cobbler/tasks/distro_prep.yml b/roles/cobbler/tasks/distro_prep.yml new file mode 100644 index 00000000..d52c8f26 --- /dev/null +++ b/roles/cobbler/tasks/distro_prep.yml @@ -0,0 +1,18 @@ +--- +- name: Update distro signatures + command: cobbler signature update + +- name: Create ISO directory + file: + path: "{{ iso_dir }}" + state: directory + +- name: Create ISO mountpoint + file: + path: "{{ iso_mount }}" + state: directory + +- name: Create directory for other boot images + file: + path: "{{ other_image_dir }}" + state: directory diff --git a/roles/cobbler/tasks/fetch_cm_repos.yml b/roles/cobbler/tasks/fetch_cm_repos.yml new file mode 100644 index 00000000..44e87222 --- /dev/null +++ b/roles/cobbler/tasks/fetch_cm_repos.yml @@ -0,0 +1,26 @@ +--- +- name: Checkout ceph-cm-ansible + git: + repo: https://github.com/ceph/ceph-cm-ansible.git + dest: /root/ceph-cm-ansible + accept_hostkey: true + +- name: Checkout secrets repo + git: + repo: "{{ secrets_repo.url }}" + dest: /root/{{ secrets_repo.name }} + accept_hostkey: true + +- name: Symlink /etc/ansible/hosts + file: + src: /root/{{ secrets_repo.name }}/ansible/inventory/ + dest: /etc/ansible/hosts + state: link + force: yes + +- name: Symlink /etc/ansible/secrets + file: + src: /root/{{ secrets_repo.name }}/ansible/secrets/ + dest: /etc/ansible/secrets + state: link + force: yes diff --git a/roles/cobbler/tasks/ipmi_secrets.yml b/roles/cobbler/tasks/ipmi_secrets.yml new file mode 100644 index 00000000..3c04eed5 --- /dev/null +++ b/roles/cobbler/tasks/ipmi_secrets.yml @@ -0,0 +1,12 @@ +--- +- name: Set path to IPMI credentials + set_fact: + ipmi_creds_path: "{{ secrets_path }}/ipmi.yml" + when: ipmi_creds_path is undefined + +- name: Include IPMI credentials + include_vars: "{{ item }}" + with_first_found: + - "{{ ipmi_creds_path }}" + - empty.yml + no_log: true diff --git a/roles/cobbler/tasks/main.yml b/roles/cobbler/tasks/main.yml new file mode 100644 index 00000000..64f36fb0 --- /dev/null +++ b/roles/cobbler/tasks/main.yml @@ -0,0 +1,93 @@ +--- +- import_tasks: ipmi_secrets.yml + tags: + - always + +- name: Include cobbler keys. + include_vars: "{{ secrets_path | mandatory }}/cobbler_keys.yml" + no_log: true + tags: + - vars + +- name: Create /root/.ssh + file: + path: /root/.ssh + mode: '700' + state: directory + +- name: Write cobbler keys + copy: + content: "{{ item.data }}" + dest: "{{ item.path }}" + mode: '600' + with_items: "{{ cobbler_keys[ansible_hostname] }}" + no_log: true + +- name: Include package type specific vars. + include_vars: "{{ ansible_pkg_mgr }}_systems.yml" + tags: + - always + +- import_tasks: yum_systems.yml + when: ansible_os_family == "RedHat" + +- import_tasks: apt_systems.yml + when: ansible_pkg_mgr == "apt" + +- import_tasks: pip.yml + tags: + - pip + +- name: Start cobbler + service: + name: "{{ cobbler_service }}" + state: started + enabled: yes + +- name: Enable tftpd + lineinfile: + dest: /etc/xinetd.d/tftp + regexp: disable + line: " disable = no" + when: ansible_pkg_mgr == "yum" + register: tftp_enabled + tags: + - tftp + +- name: Reload xinetd + service: + name: xinetd + state: reloaded + enabled: yes + when: tftp_enabled is defined and tftp_enabled is changed + tags: + - tftp + +- name: Start httpd + service: + name: "{{ httpd_service }}" + state: started + enabled: yes + +- name: Update settings + import_tasks: settings.yml + tags: + - settings + +- import_tasks: fetch_cm_repos.yml + tags: + - cm_repos + +- import_tasks: upload_templates.yml + tags: + - templates + +- import_tasks: distro_prep.yml + tags: + - distros + - distro_prep + +- import_tasks: restart.yml + +- name: Run cobbler check + command: cobbler check diff --git a/roles/cobbler/tasks/pip.yml b/roles/cobbler/tasks/pip.yml new file mode 100644 index 00000000..19b77f02 --- /dev/null +++ b/roles/cobbler/tasks/pip.yml @@ -0,0 +1,5 @@ +--- +- name: Install pip packages + pip: + name: "{{ pip_packages|list }}" + state: latest diff --git a/roles/cobbler/tasks/redhat/rhel_6.yml b/roles/cobbler/tasks/redhat/rhel_6.yml new file mode 100644 index 00000000..a1820bd4 --- /dev/null +++ b/roles/cobbler/tasks/redhat/rhel_6.yml @@ -0,0 +1,5 @@ +--- +- name: Stop iptables + service: + name: iptables + state: stopped diff --git a/roles/cobbler/tasks/redhat/rhel_7.yml b/roles/cobbler/tasks/redhat/rhel_7.yml new file mode 100644 index 00000000..283beb3c --- /dev/null +++ b/roles/cobbler/tasks/redhat/rhel_7.yml @@ -0,0 +1,21 @@ +--- +- name: Check if firewalld is enabled + command: systemctl status firewalld + register: firewalld + ignore_errors: true + no_log: true + tags: + - firewall + +- name: Enable http and https using firewalld + firewalld: + service: "{{ item }}" + state: enabled + permanent: yes + immediate: yes + with_items: + - http + - https + when: "'running' in firewalld.stdout" + tags: + - firewall diff --git a/roles/cobbler/tasks/restart.yml b/roles/cobbler/tasks/restart.yml new file mode 100644 index 00000000..a0acb6ff --- /dev/null +++ b/roles/cobbler/tasks/restart.yml @@ -0,0 +1,17 @@ +--- +- name: Get cobbler port + shell: cobbler setting report | grep xmlrpc_port | awk '{ FS=":"; print $3 }' + register: cobbler_port_cmd + +- name: Set cobbler port var + set_fact: + cobbler_port: "{{ cobbler_port_cmd.stdout.strip() }}" + +- name: Restart cobbler + service: + name: "{{ cobbler_service }}" + state: restarted + changed_when: false + +- name: Wait for cobbler to start + wait_for: port={{ cobbler_port|int }} diff --git a/roles/cobbler/tasks/settings.yml b/roles/cobbler/tasks/settings.yml new file mode 100644 index 00000000..971e55f2 --- /dev/null +++ b/roles/cobbler/tasks/settings.yml @@ -0,0 +1,32 @@ +--- +- name: Write users.digest + copy: + content: "{% for line in users_digest_lines %}{{ line + '\n' }}{% endfor %}" + dest: /etc/cobbler/users.digest + owner: root + group: root + mode: 0600 + register: users_digest + +- name: Enable dynamic settings modification + lineinfile: + dest: "{{ cobbler_settings_file }}" + regexp: ^allow_dynamic_settings + # Escape the colon below so the line will parse + line: "allow_dynamic_settings{{':'}} 1" + register: dynamic_settings + +- name: Set server value + lineinfile: + dest: "{{ cobbler_settings_file }}" + # Escape the colons below so the lines will parse + regexp: "^server{{':'}}" + line: "server{{':'}} {% for setting in settings %}{% if setting.name == 'server' %}{{ setting.value }}{% endif %}{% endfor %}" + register: server_value + +- import_tasks: restart.yml + when: users_digest is changed or dynamic_settings is changed or server_value is changed + +- name: Update settings + command: cobbler setting edit --name={{ item.name }} --value={{ item.value }} + with_items: "{{ settings }}" diff --git a/roles/cobbler/tasks/setup-redhat.yml b/roles/cobbler/tasks/setup-redhat.yml new file mode 100644 index 00000000..e853612c --- /dev/null +++ b/roles/cobbler/tasks/setup-redhat.yml @@ -0,0 +1,8 @@ +--- +- name: Include rhel 7.x specific tasks. + import_tasks: redhat/rhel_7.yml + when: ansible_distribution_major_version == "7" + +- name: Include rhel 6.x specific tasks. + import_tasks: redhat/rhel_6.yml + when: ansible_distribution_major_version == "6" diff --git a/roles/cobbler/tasks/upload_templates.yml b/roles/cobbler/tasks/upload_templates.yml new file mode 100644 index 00000000..dc503a88 --- /dev/null +++ b/roles/cobbler/tasks/upload_templates.yml @@ -0,0 +1,86 @@ +--- +# We need to include our RHSM entitlements from the secrets repo to subscribe +# RHEL systems during post-install. +- name: Include RHSM entitlement credentials + include_vars: "{{ item }}" + with_first_found: + - "{{ secrets_path }}/entitlements.yml" + - roles/common/vars/empty.yml + no_log: true + tags: + - always + +- name: Upload index.html template + template: + src: "httpd/index.html" + dest: "/var/www/html/" + owner: root + group: root + mode: 0644 + tags: + - httpd + +- name: Upload kickstarts and preseeds. + template: + src: "kickstarts/{{ item }}" + dest: "{{ ks_dir }}/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: "{{ kickstarts }}" + tags: + - kickstarts + +- name: Upload snippets + template: + src: "snippets/{{ item }}" + dest: "/var/lib/cobbler/snippets/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: "{{ snippets }}" + tags: + - snippets + +- name: Upload scripts. + template: + src: "scripts/{{ item }}" + dest: "/var/lib/cobbler/scripts/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: "{{ scripts }}" + tags: + - scripts + +- name: Upload triggers. + template: + src: "triggers/{{ item }}" + dest: "/var/lib/cobbler/triggers/{{ item }}" + owner: root + group: root + mode: 0744 + with_items: "{{ triggers }}" + tags: + - triggers + +- name: Create /root/bin + file: + path: /root/bin + state: directory + owner: root + group: root + mode: 0755 + tags: + - utils + +- name: Upload utilities for convenience. + template: + src: "utils/{{ item }}" + dest: "/root/bin/{{ item }}" + owner: root + group: root + mode: 0755 + with_items: "{{ utils }}" + tags: + - utils diff --git a/roles/cobbler/tasks/yum_systems.yml b/roles/cobbler/tasks/yum_systems.yml new file mode 100644 index 00000000..01a6d0cb --- /dev/null +++ b/roles/cobbler/tasks/yum_systems.yml @@ -0,0 +1,20 @@ +--- +- name: Enable Cobbler 3 Stream on RHEL8 + command: "dnf module enable cobbler:3" + when: ansible_distribution_major_version|int >= 8 + +- name: Install cobbler + yum: + name: "{{ cobbler_package }}" + state: latest + register: install_cobbler + +- name: Install extra cobbler packages + yum: + name: "{{ cobbler_extra_packages|list }}" + state: latest + when: cobbler_extra_packages|length > 0 + +# configure red hat specific things +- import_tasks: setup-redhat.yml + when: ansible_distribution in ('RedHat', 'CentOS') diff --git a/roles/cobbler/templates/httpd/index.html b/roles/cobbler/templates/httpd/index.html new file mode 100644 index 00000000..2ae1a975 --- /dev/null +++ b/roles/cobbler/templates/httpd/index.html @@ -0,0 +1,8 @@ + + + + Cobbler! + + diff --git a/roles/cobbler/templates/kickstarts/cephlab_opensuse_leap.xml b/roles/cobbler/templates/kickstarts/cephlab_opensuse_leap.xml new file mode 100644 index 00000000..a7e4147b --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_opensuse_leap.xml @@ -0,0 +1,131 @@ + + + + + false + + + + false + true + + + + + python + python-xml + sudo + gptfdisk + vim + curl + iputils + ethtool + bind-utils + wget + + + + + /dev/sda + all + + + true + true + / + ext4 + 100% + + + + + $SNIPPET('addons.xml') + $SNIPPET('kdump.xml') + + english + + + en_US + + + + $SNIPPET('networking.xml') + + 3 + + + multi-user + + + sshd + rc-local + + + + + + true + root + 0 + /root + + + + + + + + + /bin/bash + 0 + $default_password_crypted + root + + + + ## we have to include the pre-scripts tag to get kickstart_start included + + #set global $wrappedscript = 'kickstart_start' + $SNIPPET('suse_scriptwrapper.xml') + ## SuSE has an annoying habit on ppc64 of changing the system + ## boot order after installation. This makes it non-trivial to + ## automatically re-install future OS. + #set global $wrappedscript = 'save_boot_device' + $SNIPPET('suse_scriptwrapper.xml') + + + #set global $wrappedscript = 'cephlab_user' + $SNIPPET('suse_scriptwrapper.xml') + + + ## + ## This plugin wrapper provides the flexibility to call pure shell + ## snippets which can be used directly on autoinst file and with + ## wrapper on SuSE. + ## + ## To use it + ## - exchange name_of_pure_shell_snippet with the name of this shell snippet + ## - and remove the '##' in front of the line with suse_scriptwrapper.xml + ## + #set global $wrappedscript = 'name_of_pure_shell_snippet' + ## $SNIPPET('suse_scriptwrapper.xml') + + ## SuSE has an annoying habit on ppc64 of changing the system + ## boot order after installation. This makes it non-trivial to + ## automatically re-install future OS. + #set global $wrappedscript = 'restore_boot_device' + $SNIPPET('suse_scriptwrapper.xml') + + #set global $wrappedscript = 'cephlab_rc_local' + $SNIPPET('suse_scriptwrapper.xml') + + #set global $wrappedscript = 'cephlab_user' + $SNIPPET('suse_scriptwrapper.xml') + + ## we have to include the init-scripts tag to get kickstart_done included + + #set global $wrappedscript = 'kickstart_done' + $SNIPPET('suse_scriptwrapper.xml') + + + diff --git a/roles/cobbler/templates/kickstarts/cephlab_rhel.ks b/roles/cobbler/templates/kickstarts/cephlab_rhel.ks new file mode 100644 index 00000000..359dfcbe --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_rhel.ks @@ -0,0 +1,98 @@ +## {{ ansible_managed }} +# kickstart template for Fedora 8 and later. +# (includes %end blocks) +# do not use with earlier distros +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if $distro == 'RHEL' or $distro == 'CentOS' +#set distro_ver_major = $distro_ver.split(".")[0] +#set distro_ver_minor = $distro_ver.split(".")[1] +#end if + +#platform=x86, AMD64, or Intel EM64T +# System authorization information +#if int($distro_ver_major) < 9 +auth --useshadow --enablemd5 +#else +authselect select minimal +#end if +$SNIPPET('cephlab_rhel_disks') +# Use text mode install +text +# Firewall configuration +firewall --enabled +# Run the Setup Agent on first boot +firstboot --disable +# System keyboard +keyboard us +# System language +lang en_US +# Use network installation +url --url=$tree +# If any cobbler repo definitions were referenced in the kickstart profile, include them here. +$yum_repo_stanza +# Network information +network --bootproto=dhcp --device=$mac_address_eth0 --onboot=on +# Reboot after installation +reboot + +#Root password +rootpw --iscrypted $default_password_crypted +# SELinux configuration +selinux --enforcing +# Do not configure the X Window System +skipx +# System timezone +timezone Etc/UTC --utc +#if int($distro_ver_major) < 9 +# Install OS instead of upgrade +install +#end if + +%pre +$SNIPPET('log_ks_pre') +$SNIPPET('kickstart_start') +# Enable installation monitoring +$SNIPPET('pre_anamon') +%end + +%packages +@core +$SNIPPET('cephlab_packages_rhel') +$SNIPPET('func_install_if_enabled') +%end + +%post --nochroot +$SNIPPET('log_ks_post_nochroot') +%end + +%post +$SNIPPET('log_ks_post') +# Start yum configuration +$yum_config_stanza +# End yum configuration +$SNIPPET('post_install_kernel_options') +$SNIPPET('func_register_if_enabled') +$SNIPPET('download_config_files') +$SNIPPET('koan_environment') +$SNIPPET('cobbler_register') +# Enable post-install boot notification +$SNIPPET('post_anamon') +# Start final steps +$SNIPPET('cephlab_hostname') +$SNIPPET('cephlab_user') +#set distro = $getVar('distro','').split("-")[0] +#if $distro == 'RHEL' +$SNIPPET('cephlab_rhel_rhsm') +#end if +#if distro_ver_minor == 'stream' +# We want the latest packages because it's Stream +yum -y update +#else +# Update to latest kernel before rebooting +yum -y update kernel +#end if +$SNIPPET('cephlab_rc_local') +$SNIPPET('kickstart_done') +# End final steps +%end diff --git a/roles/cobbler/templates/kickstarts/cephlab_rhel_sdc.ks b/roles/cobbler/templates/kickstarts/cephlab_rhel_sdc.ks new file mode 100644 index 00000000..725df30b --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_rhel_sdc.ks @@ -0,0 +1,112 @@ +## {{ ansible_managed }} +## This kickstart for use with systems where /dev/sdc is the root drive (e.g., cali) +# kickstart template for Fedora 8 and later. +# (includes %end blocks) +# do not use with earlier distros +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if $distro == 'RHEL' or $distro == 'CentOS' +#set distro_ver_major = $distro_ver.split(".")[0] +#set distro_ver_minor = $distro_ver.split(".")[1] +#end if + +#platform=x86, AMD64, or Intel EM64T +# System authorization information +#if int($distro_ver_major) < 9 +auth --useshadow --enablemd5 +#else +authselect select minimal +#end if +#set os_version = $getVar('os_version','') +# Partition clearing information +clearpart --all --initlabel +# Use all of /dev/sdc for the root partition (20G minimum) +part / --fstype="ext4" --ondisk=sdc --size=20000 --grow +# Clear the Master Boot Record +zerombr +# System bootloader configuration +#if $os_version == 'rhel7' + #set bootloader_args = "--location=mbr --boot-drive=sdc" +#else + #set bootloader_args = "--location=mbr --driveorder=sdc" +#end if +bootloader $bootloader_args +# Use text mode install +text +# Firewall configuration +firewall --enabled +# Run the Setup Agent on first boot +firstboot --disable +# System keyboard +keyboard us +# System language +lang en_US +# Use network installation +url --url=$tree +# If any cobbler repo definitions were referenced in the kickstart profile, include them here. +$yum_repo_stanza +# Network information +network --bootproto=dhcp --device=$mac_address_eth0 --onboot=on +# Reboot after installation +reboot + +#Root password +rootpw --iscrypted $default_password_crypted +# SELinux configuration +selinux --enforcing +# Do not configure the X Window System +skipx +# System timezone +timezone Etc/UTC --utc +#if int($distro_ver_major) < 9 +# Install OS instead of upgrade +install +#end if + +%pre +$SNIPPET('log_ks_pre') +$SNIPPET('kickstart_start') +# Enable installation monitoring +$SNIPPET('pre_anamon') +%end + +%packages +@core +$SNIPPET('cephlab_packages_rhel') +$SNIPPET('func_install_if_enabled') +%end + +%post --nochroot +$SNIPPET('log_ks_post_nochroot') +%end + +%post +$SNIPPET('log_ks_post') +# Start yum configuration +$yum_config_stanza +# End yum configuration +$SNIPPET('post_install_kernel_options') +$SNIPPET('func_register_if_enabled') +$SNIPPET('download_config_files') +$SNIPPET('koan_environment') +$SNIPPET('cobbler_register') +# Enable post-install boot notification +$SNIPPET('post_anamon') +# Start final steps +$SNIPPET('cephlab_hostname') +$SNIPPET('cephlab_user') +#set distro = $getVar('distro','').split("-")[0] +#if $distro == 'RHEL' +$SNIPPET('cephlab_rhel_rhsm') +#end if +#if distro_ver_minor == 'stream' +# We want the latest packages because it's Stream +yum -y update +#else +# Update to latest kernel before rebooting +yum -y update kernel +#end if +$SNIPPET('cephlab_rc_local') +$SNIPPET('kickstart_done') +# End final steps +%end diff --git a/roles/cobbler/templates/kickstarts/cephlab_rhel_sdi.ks b/roles/cobbler/templates/kickstarts/cephlab_rhel_sdi.ks new file mode 100644 index 00000000..0eca2556 --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_rhel_sdi.ks @@ -0,0 +1,112 @@ +## {{ ansible_managed }} +## This kickstart for use with systems where /dev/sdi is the root drive (e.g., callypso) +# kickstart template for Fedora 8 and later. +# (includes %end blocks) +# do not use with earlier distros +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if $distro == 'RHEL' or $distro == 'CentOS' +#set distro_ver_major = $distro_ver.split(".")[0] +#set distro_ver_minor = $distro_ver.split(".")[1] +#end if + +#platform=x86, AMD64, or Intel EM64T +# System authorization information +#if int($distro_ver_major) < 9 +auth --useshadow --enablemd5 +#else +authselect select minimal +#end if +#set os_version = $getVar('os_version','') +# Partition clearing information +clearpart --all --initlabel +# Use all of /dev/sdi for the root partition (20G minimum) +part / --fstype="ext4" --ondisk=sdi --size=20000 --grow +# Clear the Master Boot Record +zerombr +# System bootloader configuration +#if $os_version == 'rhel7' + #set bootloader_args = "--location=mbr --boot-drive=sdi" +#else + #set bootloader_args = "--location=mbr --driveorder=sdi" +#end if +bootloader $bootloader_args +# Use text mode install +text +# Firewall configuration +firewall --enabled +# Run the Setup Agent on first boot +firstboot --disable +# System keyboard +keyboard us +# System language +lang en_US +# Use network installation +url --url=$tree +# If any cobbler repo definitions were referenced in the kickstart profile, include them here. +$yum_repo_stanza +# Network information +network --bootproto=dhcp --device=$mac_address_eth0 --onboot=on +# Reboot after installation +reboot + +#Root password +rootpw --iscrypted $default_password_crypted +# SELinux configuration +selinux --enforcing +# Do not configure the X Window System +skipx +# System timezone +timezone Etc/UTC --utc +#if int($distro_ver_major) < 9 +# Install OS instead of upgrade +install +#end if + +%pre +$SNIPPET('log_ks_pre') +$SNIPPET('kickstart_start') +# Enable installation monitoring +$SNIPPET('pre_anamon') +%end + +%packages +@core +$SNIPPET('cephlab_packages_rhel') +$SNIPPET('func_install_if_enabled') +%end + +%post --nochroot +$SNIPPET('log_ks_post_nochroot') +%end + +%post +$SNIPPET('log_ks_post') +# Start yum configuration +$yum_config_stanza +# End yum configuration +$SNIPPET('post_install_kernel_options') +$SNIPPET('func_register_if_enabled') +$SNIPPET('download_config_files') +$SNIPPET('koan_environment') +$SNIPPET('cobbler_register') +# Enable post-install boot notification +$SNIPPET('post_anamon') +# Start final steps +$SNIPPET('cephlab_hostname') +$SNIPPET('cephlab_user') +#set distro = $getVar('distro','').split("-")[0] +#if $distro == 'RHEL' +$SNIPPET('cephlab_rhel_rhsm') +#end if +#if distro_ver_minor == 'stream' +# We want the latest packages because it's Stream +yum -y update +#else +# Update to latest kernel before rebooting +yum -y update kernel +#end if +$SNIPPET('cephlab_rc_local') +$SNIPPET('kickstart_done') +# End final steps +%end diff --git a/roles/cobbler/templates/kickstarts/cephlab_rhel_sdm.ks b/roles/cobbler/templates/kickstarts/cephlab_rhel_sdm.ks new file mode 100644 index 00000000..f5f8e98b --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_rhel_sdm.ks @@ -0,0 +1,112 @@ +## {{ ansible_managed }} +## This kickstart for use with systems where /dev/sdm is the root drive (e.g., mero) +# kickstart template for Fedora 8 and later. +# (includes %end blocks) +# do not use with earlier distros +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if $distro == 'RHEL' or $distro == 'CentOS' +#set distro_ver_major = $distro_ver.split(".")[0] +#set distro_ver_minor = $distro_ver.split(".")[1] +#end if + +#platform=x86, AMD64, or Intel EM64T +# System authorization information +#if int($distro_ver_major) < 9 +auth --useshadow --enablemd5 +#else +authselect select minimal +#end if +#set os_version = $getVar('os_version','') +# Partition clearing information +clearpart --all --initlabel +# Use all of /dev/sdm for the root partition (20G minimum) +part / --fstype="ext4" --ondisk=sdm --size=20000 --grow +# Clear the Master Boot Record +zerombr +# System bootloader configuration +#if $os_version == 'rhel7' + #set bootloader_args = "--location=mbr --boot-drive=sdm" +#else + #set bootloader_args = "--location=mbr --driveorder=sdm" +#end if +bootloader $bootloader_args +# Use text mode install +text +# Firewall configuration +firewall --enabled +# Run the Setup Agent on first boot +firstboot --disable +# System keyboard +keyboard us +# System language +lang en_US +# Use network installation +url --url=$tree +# If any cobbler repo definitions were referenced in the kickstart profile, include them here. +$yum_repo_stanza +# Network information +network --bootproto=dhcp --device=$mac_address_eth0 --onboot=on +# Reboot after installation +reboot + +#Root password +rootpw --iscrypted $default_password_crypted +# SELinux configuration +selinux --enforcing +# Do not configure the X Window System +skipx +# System timezone +timezone Etc/UTC --utc +#if int($distro_ver_major) < 9 +# Install OS instead of upgrade +install +#end if + +%pre +$SNIPPET('log_ks_pre') +$SNIPPET('kickstart_start') +# Enable installation monitoring +$SNIPPET('pre_anamon') +%end + +%packages +@core +$SNIPPET('cephlab_packages_rhel') +$SNIPPET('func_install_if_enabled') +%end + +%post --nochroot +$SNIPPET('log_ks_post_nochroot') +%end + +%post +$SNIPPET('log_ks_post') +# Start yum configuration +$yum_config_stanza +# End yum configuration +$SNIPPET('post_install_kernel_options') +$SNIPPET('func_register_if_enabled') +$SNIPPET('download_config_files') +$SNIPPET('koan_environment') +$SNIPPET('cobbler_register') +# Enable post-install boot notification +$SNIPPET('post_anamon') +# Start final steps +$SNIPPET('cephlab_hostname') +$SNIPPET('cephlab_user') +#set distro = $getVar('distro','').split("-")[0] +#if $distro == 'RHEL' +$SNIPPET('cephlab_rhel_rhsm') +#end if +#if distro_ver_minor == 'stream' +# We want the latest packages because it's Stream +yum -y update +#else +# Update to latest kernel before rebooting +yum -y update kernel +#end if +$SNIPPET('cephlab_rc_local') +$SNIPPET('kickstart_done') +# End final steps +%end diff --git a/roles/cobbler/templates/kickstarts/cephlab_ubuntu.preseed b/roles/cobbler/templates/kickstarts/cephlab_ubuntu.preseed new file mode 100644 index 00000000..7b95dc78 --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_ubuntu.preseed @@ -0,0 +1,146 @@ +## {{ ansible_managed }} + +# Fetch the os_version from the distro using this profile. +#set os_version = $getVar('os_version','') + +# Fetch Ubuntu version (e.g., 14.04) +#set distro_ver = $getVar('distro','').split("-")[1] + +# Fetch Ubuntu major version (e.g., 14) +#set distro_ver_major = $distro_ver.split(".")[0] + +### Apt setup +# You can choose to install non-free and contrib software. +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true + +# Preseeding only locale sets language, country and locale. +d-i debian-installer/locale string en_US + +# Keyboard selection. +# Disable automatic (interactive) keymap detection. +d-i console-setup/ask_detect boolean false + +# If you select ftp, the mirror/country string does not need to be set. +#d-i mirror/protocol string ftp +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/suite string $os_version + +#Removes the prompt about missing modules: +# Continue without installing a kernel? +#d-i base-installer/kernel/skip-install boolean true +# Continue the install without loading kernel modules? +#d-i anna/no_kernel_modules boolean true + +# Stop Ubuntu from installing random kernel choice +#d-i base-installer/kernel/image select none + +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true +# +# # You may set this to any valid setting for $TZ; see the contents of +# # /usr/share/zoneinfo/ for valid values. +d-i time/zone string Etc/UTC + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +d-i clock-setup/ntp-server string pool.ntp.org + +# This makes partman automatically partition without confirmation. +#d-i partman/confirm_write_new_label boolean true +#d-i partman/choose_partition select finish +#d-i partman/confirm boolean true +#d-i partman/choose_partition select finish +d-i partman-basicfilesystems/no_swap boolean false +d-i partman-basicfilesystems/no_swap seen true +d-i partman-auto/disk string /dev/sda +d-i partman-auto/method string regular +#d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto/confirm_nooverwrite boolean true +d-i partman-auto/choose_partition select finish + + +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/default_filesystem string ext4 +d-i partman-auto/expert_recipe string \ + root :: \ + 500 10000 1000000000 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . +#\ +# 64 512 1% linux-swap \ +# method{ swap } format{ } \ +# . +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition \ + select Finish partitioning and write changes to disk +d-i partman/confirm boolean true + +d-i grub-pc/install_devices multiselect /dev/sda + +#User account. +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i passwd/user-fullname string {{ cm_user }} +d-i passwd/username string {{ cm_user }} +d-i passwd/user-password-crypted password $default_password_crypted +d-i passwd/user-uid string {{ cm_user_uid }} +d-i user-setup/allow-password-weak boolean false +d-i user-setup/encrypt-home boolean false + +# Individual additional packages to install +#if $os_version == 'precise' +d-i pkgsel/include string wget ntpdate bash sudo openssh-server +#else if int($distro_ver_major) == 16 +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware ntpdate bash devmem2 fbset sudo openssh-server udev-discover gawk gdisk ethtool curl +#else if int($distro_ver_major) == 18 +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware ntpdate bash devmem2 fbset sudo openssh-server gawk gdisk ethtool net-tools ifupdown python ntp curl +#else if int($distro_ver_major) >= 20 +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware ntpdate bash devmem2 fbset sudo openssh-server gawk gdisk ethtool net-tools ifupdown ntp curl gpg +#else +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware linux-firmware-nonfree ntpdate bash devmem2 fbset sudo openssh-server udev-discover gawk gdisk ethtool curl +#end if + +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select safe-upgrade + +# Policy for applying updates. May be "none" (no automatic updates), +# "unattended-upgrades" (install security updates automatically), or +# "landscape" (manage system with Landscape). +d-i pkgsel/update-policy select none + +# Set GRUB bootdev to '/dev/sda' if Xenial or later +#if int($distro_ver_major) >= 16 +d-i grub-installer/bootdev string /dev/sda +#end if + +# During installations from serial console, the regular virtual consoles +# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next +# line to prevent this. +d-i finish-install/keep-consoles boolean true + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. + +# cephlab_preseed_late lives in /var/lib/cobbler/scripts +# It is passed to the cobbler xmlrpc generate_scripts function where it's rendered. +# This means that snippets or other templating features can be used. +d-i preseed/late_command string \ +in-target wget http://$http_server/cblr/svc/op/script/system/$system_name/?script=cephlab_preseed_late -O /tmp/postinst.sh; \ +in-target /bin/chmod 755 /tmp/postinst.sh; \ +in-target /tmp/postinst.sh; diff --git a/roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdi.preseed b/roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdi.preseed new file mode 100644 index 00000000..96f26544 --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdi.preseed @@ -0,0 +1,145 @@ +## {{ ansible_managed }} +## This preseed only for systems where /dev/sdi is the root drive (e.g., callypso) + +# Fetch the os_version from the distro using this profile. +#set os_version = $getVar('os_version','') + +# Fetch Ubuntu version (e.g., 14.04) +#set distro_ver = $getVar('distro','').split("-")[1] + +# Fetch Ubuntu major version (e.g., 14) +#set distro_ver_major = $distro_ver.split(".")[0] + +### Apt setup +# You can choose to install non-free and contrib software. +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true + +# Preseeding only locale sets language, country and locale. +d-i debian-installer/locale string en_US + +# Keyboard selection. +# Disable automatic (interactive) keymap detection. +d-i console-setup/ask_detect boolean false + +# If you select ftp, the mirror/country string does not need to be set. +#d-i mirror/protocol string ftp +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/suite string $os_version + +#Removes the prompt about missing modules: +# Continue without installing a kernel? +#d-i base-installer/kernel/skip-install boolean true +# Continue the install without loading kernel modules? +#d-i anna/no_kernel_modules boolean true + +# Stop Ubuntu from installing random kernel choice +#d-i base-installer/kernel/image select none + +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true +# +# # You may set this to any valid setting for $TZ; see the contents of +# # /usr/share/zoneinfo/ for valid values. +d-i time/zone string Etc/UTC + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +d-i clock-setup/ntp-server string pool.ntp.org + +# This makes partman automatically partition without confirmation. +#d-i partman/confirm_write_new_label boolean true +#d-i partman/choose_partition select finish +#d-i partman/confirm boolean true +#d-i partman/choose_partition select finish +d-i partman-basicfilesystems/no_swap boolean false +d-i partman-basicfilesystems/no_swap seen true +d-i partman-auto/disk string /dev/sdi +d-i partman-auto/method string regular +#d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto/confirm_nooverwrite boolean true +d-i partman-auto/choose_partition select finish + + +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/default_filesystem string ext4 +d-i partman-auto/expert_recipe string \ + root :: \ + 500 10000 1000000000 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . +#\ +# 64 512 1% linux-swap \ +# method{ swap } format{ } \ +# . +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition \ + select Finish partitioning and write changes to disk +d-i partman/confirm boolean true + +d-i grub-pc/install_devices multiselect /dev/sdi + +#User account. +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i passwd/user-fullname string {{ cm_user }} +d-i passwd/username string {{ cm_user }} +d-i passwd/user-password-crypted password $default_password_crypted +d-i passwd/user-uid string {{ cm_user_uid }} +d-i user-setup/allow-password-weak boolean false +d-i user-setup/encrypt-home boolean false + +# Individual additional packages to install +#if $os_version == 'precise' +d-i pkgsel/include string wget ntpdate bash sudo openssh-server +#else if int($distro_ver_major) == 16 +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware ntpdate bash devmem2 fbset sudo openssh-server udev-discover gawk gdisk ethtool curl +#else if int($distro_ver_major) == 18 +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware ntpdate bash devmem2 fbset sudo openssh-server gawk gdisk ethtool net-tools ifupdown python ntp curl +#else +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware linux-firmware-nonfree ntpdate bash devmem2 fbset sudo openssh-server udev-discover gawk gdisk ethtool curl +#end if + +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select safe-upgrade + +# Policy for applying updates. May be "none" (no automatic updates), +# "unattended-upgrades" (install security updates automatically), or +# "landscape" (manage system with Landscape). +d-i pkgsel/update-policy select none + +# Set GRUB bootdev to '/dev/sdi' if Xenial or later +#if int($distro_ver_major) >= 16 +d-i grub-installer/bootdev string /dev/sdi +#end if + +# During installations from serial console, the regular virtual consoles +# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next +# line to prevent this. +d-i finish-install/keep-consoles boolean true + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. + +# cephlab_preseed_late lives in /var/lib/cobbler/scripts +# It is passed to the cobbler xmlrpc generate_scripts function where it's rendered. +# This means that snippets or other templating features can be used. +d-i preseed/late_command string \ +in-target wget http://$http_server/cblr/svc/op/script/system/$system_name/?script=cephlab_preseed_late -O /tmp/postinst.sh; \ +in-target /bin/chmod 755 /tmp/postinst.sh; \ +in-target /tmp/postinst.sh; diff --git a/roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdm.preseed b/roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdm.preseed new file mode 100644 index 00000000..7e4f3117 --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_ubuntu_sdm.preseed @@ -0,0 +1,145 @@ +## {{ ansible_managed }} +## This preseed only for systems where /dev/sdm is the root drive (e.g., mero) + +# Fetch the os_version from the distro using this profile. +#set os_version = $getVar('os_version','') + +# Fetch Ubuntu version (e.g., 14.04) +#set distro_ver = $getVar('distro','').split("-")[1] + +# Fetch Ubuntu major version (e.g., 14) +#set distro_ver_major = $distro_ver.split(".")[0] + +### Apt setup +# You can choose to install non-free and contrib software. +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true + +# Preseeding only locale sets language, country and locale. +d-i debian-installer/locale string en_US + +# Keyboard selection. +# Disable automatic (interactive) keymap detection. +d-i console-setup/ask_detect boolean false + +# If you select ftp, the mirror/country string does not need to be set. +#d-i mirror/protocol string ftp +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/suite string $os_version + +#Removes the prompt about missing modules: +# Continue without installing a kernel? +#d-i base-installer/kernel/skip-install boolean true +# Continue the install without loading kernel modules? +#d-i anna/no_kernel_modules boolean true + +# Stop Ubuntu from installing random kernel choice +#d-i base-installer/kernel/image select none + +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true +# +# # You may set this to any valid setting for $TZ; see the contents of +# # /usr/share/zoneinfo/ for valid values. +d-i time/zone string Etc/UTC + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +d-i clock-setup/ntp-server string pool.ntp.org + +# This makes partman automatically partition without confirmation. +#d-i partman/confirm_write_new_label boolean true +#d-i partman/choose_partition select finish +#d-i partman/confirm boolean true +#d-i partman/choose_partition select finish +d-i partman-basicfilesystems/no_swap boolean false +d-i partman-basicfilesystems/no_swap seen true +d-i partman-auto/disk string /dev/sdm +d-i partman-auto/method string regular +#d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto/confirm_nooverwrite boolean true +d-i partman-auto/choose_partition select finish + + +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/default_filesystem string ext4 +d-i partman-auto/expert_recipe string \ + root :: \ + 500 10000 1000000000 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . +#\ +# 64 512 1% linux-swap \ +# method{ swap } format{ } \ +# . +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition \ + select Finish partitioning and write changes to disk +d-i partman/confirm boolean true + +d-i grub-pc/install_devices multiselect /dev/sdm + +#User account. +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i passwd/user-fullname string {{ cm_user }} +d-i passwd/username string {{ cm_user }} +d-i passwd/user-password-crypted password $default_password_crypted +d-i passwd/user-uid string {{ cm_user_uid }} +d-i user-setup/allow-password-weak boolean false +d-i user-setup/encrypt-home boolean false + +# Individual additional packages to install +#if $os_version == 'precise' +d-i pkgsel/include string wget ntpdate bash sudo openssh-server +#else if int($distro_ver_major) == 16 +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware ntpdate bash devmem2 fbset sudo openssh-server udev-discover gawk gdisk ethtool curl +#else if int($distro_ver_major) == 18 +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware ntpdate bash devmem2 fbset sudo openssh-server gawk gdisk ethtool net-tools ifupdown python ntp curl +#else +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware linux-firmware-nonfree ntpdate bash devmem2 fbset sudo openssh-server udev-discover gawk gdisk ethtool curl +#end if + +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select safe-upgrade + +# Policy for applying updates. May be "none" (no automatic updates), +# "unattended-upgrades" (install security updates automatically), or +# "landscape" (manage system with Landscape). +d-i pkgsel/update-policy select none + +# Set GRUB bootdev to '/dev/sdm' if Xenial or later +#if int($distro_ver_major) >= 16 +d-i grub-installer/bootdev string /dev/sdm +#end if + +# During installations from serial console, the regular virtual consoles +# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next +# line to prevent this. +d-i finish-install/keep-consoles boolean true + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. + +# cephlab_preseed_late lives in /var/lib/cobbler/scripts +# It is passed to the cobbler xmlrpc generate_scripts function where it's rendered. +# This means that snippets or other templating features can be used. +d-i preseed/late_command string \ +in-target wget http://$http_server/cblr/svc/op/script/system/$system_name/?script=cephlab_preseed_late -O /tmp/postinst.sh; \ +in-target /bin/chmod 755 /tmp/postinst.sh; \ +in-target /tmp/postinst.sh; diff --git a/roles/cobbler/templates/scripts/cephlab_preseed_late b/roles/cobbler/templates/scripts/cephlab_preseed_late new file mode 100644 index 00000000..c385655d --- /dev/null +++ b/roles/cobbler/templates/scripts/cephlab_preseed_late @@ -0,0 +1,17 @@ +## {{ ansible_managed }} +# Start preseed_late_default +# This script runs in the chroot /target by default +# set kernel options as defined by the system, profile or distro +# in the Kernel Options (Post Install) field which populates the var kernel_options_post +$SNIPPET('cephlab_post_install_kernel_options') +$SNIPPET('post_run_deb') +$SNIPPET('download_config_files') +# custom +$SNIPPET('cephlab_hostname') +$SNIPPET('cephlab_user') +$SNIPPET('cephlab_rc_local') +# end custom +$SNIPPET('kickstart_done') +# Exit with status 0 +true +# End preseed_late_default diff --git a/roles/cobbler/templates/snippets/cephlab_hostname b/roles/cobbler/templates/snippets/cephlab_hostname new file mode 100644 index 00000000..e24211d5 --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_hostname @@ -0,0 +1,3 @@ +## {{ ansible_managed }} +hostname $system_name +echo $system_name > /etc/hostname diff --git a/roles/cobbler/templates/snippets/cephlab_packages_rhel b/roles/cobbler/templates/snippets/cephlab_packages_rhel new file mode 100644 index 00000000..e83fabf4 --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_packages_rhel @@ -0,0 +1,56 @@ +## {{ ansible_managed }} +## @base group no longer exists in >=Fedora-22 +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if $distro == 'Fedora' and int($distro_ver) >= 22 and int($distro_ver) < 31 +@^infrastructure-server-environment +#else if $distro == 'Fedora' and int($distro_ver) >= 31 +## We can't figure out what the new server group name is in F31 but we do need python3 so... +python3 +#else +@base +#end if +#if $distro == 'RHEL' or $distro == 'CentOS' +#set distro_ver_major = $distro_ver.split(".")[0] +#set distro_ver_minor = $distro_ver.split(".")[1] +## These packages are available in all RHEL/CentOS versions but not Fedora +perl +#if int($distro_ver_major) >= 9 +#if $distro == 'RHEL' +# Needed in RHEL9 but not CentOS9 +NetworkManager-initscripts-updown +dbus-tools +dbus-daemon +#end if +#if $distro == 'CentOS' +# CentOS 9 Stream only packages +centos-gpg-keys +-subscription-manager +python3-pip +#end if +#end if +## These packages are not available in CentOS 9 Stream +#if int($distro_ver_major) < 9 +redhat-lsb-core +#end if +#if int($distro_ver_major) < 8 +## These packages should be installed on RHEL/CentOS 7 +libselinux-python +libsemanage-python +policycoreutils-python +ntp +#if int($distro_ver_major) == 7 and int($distro_ver_minor) >= 5 +## These packages are only available in RHEL7.5 and later +python-jwt +#end if +#else +## These packages should be installed on RHEL/CentOS 8 +python3 +#end if +#end if +## These packages should be installed on all distros and versions +ethtool +wget +smartmontools +selinux-policy-targeted +gdisk diff --git a/roles/cobbler/templates/snippets/cephlab_post_install_kernel_options b/roles/cobbler/templates/snippets/cephlab_post_install_kernel_options new file mode 100644 index 00000000..338b856a --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_post_install_kernel_options @@ -0,0 +1,18 @@ +## {{ ansible_managed }} +# Start post install kernel options update +cat > /etc/default/grub <<-EOF + # {{ ansible_managed }} + GRUB_DEFAULT=0 + GRUB_TIMEOUT=5 + GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` + GRUB_CMDLINE_LINUX_DEFAULT="" + GRUB_TERMINAL="console" + GRUB_SERIAL_COMMAND="console --unit=1 --speed=115200 --stop=1" +#if $getVar('kernel_options_post','') != '' + GRUB_CMDLINE_LINUX="$kernel_options_post" +#else + GRUB_CMDLINE_LINUX="console=tty0" +#end if + EOF +update-grub +# End post install kernel options update diff --git a/roles/cobbler/templates/snippets/cephlab_rc_local b/roles/cobbler/templates/snippets/cephlab_rc_local new file mode 100644 index 00000000..6705c5cb --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_rc_local @@ -0,0 +1,174 @@ +## {{ ansible_managed }} +#set lockfile = '/.cephlab_rc_local' +# Set proper location for firstboot ansible post-install trigger +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if ($distro == 'RHEL') or ($distro == 'CentOS') +#set distro_ver = $distro_ver.split(".")[0] +#end if +#if ($distro == 'Fedora' and int($distro_ver) >= 22) or ($distro == 'RHEL' and int($distro_ver) >= 8) +#set script = '/etc/rc.d/rc.local' +#else if $distro == 'CentOS' and int($distro_ver) >= 9 +#set script = '/etc/rc.d/rc.local' +systemctl enable rc-local.service +#else if $distro == 'openSUSE' +#set script = '/etc/init.d/boot.local' +#else +#set script = '/etc/rc.local' +#end if + +cat > $script <<\EOF +#!/bin/bash +# Redirect rc.local output to our console so it's in teuthology console logs +exec 2> /dev/ttyS1 +exec 1>&2 +set -ex + +# This function will print the date to console in a clean way. +# In other words, it'll just print the date without it looking like this: +# + date -u +%FT%T.%N +# + cut -c1-23 +# 2020-05-15T14:15:33.087 +TheTimeIs () +{ + { set +x; } 2>/dev/null + date -u +%FT%T.%N | cut -c1-23 + { set -x; } 2>/dev/null +} + +{% if rclocal_nameserver is defined %} +if [ ! -f /.cephlab_net_configured ]; then +#if $distro == 'openSUSE' + udevadm trigger + sleep 5 +#end if +#raw + nics=$(ls -1 /sys/class/net | grep -v lo) + + for nic in $nics; do + TheTimeIs + # Bring the NIC up so we can detect if a link is present + ifconfig $nic up || ip link set $nic up + # Sleep for a bit to let the NIC come up + sleep 5 + if ethtool $nic | grep -q "Link detected: yes"; then + if command -v zypper &>/dev/null; then + echo -e "DEVICE=$nic\nBOOTPROTO=dhcp\nSTARTMODE=auto" > /etc/sysconfig/network/ifcfg-$nic + elif command -v apt-get &>/dev/null; then + echo -e "auto lo\niface lo inet loopback\n\nauto $nic\niface $nic inet dhcp" > /etc/network/interfaces + else + echo -e "DEVICE=$nic\nBOOTPROTO=dhcp\nONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-$nic + fi + # Don't bail if NIC fails to go down or come up + { set +e; } 2>/dev/null + TheTimeIs + # Bounce the NIC so it gets a DHCP address + ifdown $nic + ifup $nic + attempts=0 + # Try for 5 seconds to ping our Cobbler host +#end raw + while ! ping -I $nic -nq -c1 $http_server && [ $attempts -lt 5 ]; do +#raw + sleep 1 + attempts=$[$attempts+1] + done + if [ $attempts == 5 ]; then + # If we can't ping our Cobbler host, remove the DHCP config for this NIC. + # It must either be on a non-routable network or has no reachable DHCP server. + ifdown $nic + rm -f /etc/sysconfig/network-scripts/ifcfg-$nic + sed -i "/$nic/d" /etc/network/interfaces + # Go back to bailing if anything fails bringing the next NIC up + set -e + else + # We found our routable NIC! + # Write our lockfile so this only gets run on firstboot + TheTimeIs + touch /.cephlab_net_configured + # Break out of the loop once we've found our routable NIC + break + fi + else + # Take the NIC back down if it's not connected + ifconfig $nic down || ip link set $nic down + fi + done +fi + +# Don't error out if the `ip` command returns rc 1 +set +e + +attempts=0 +myips="" +until [ "$myips" != "" ] || [ $attempts -ge 10 ]; do + myips=$(ip -4 addr | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v '127.0.0.1\|127.0.1.1') + attempts=$[$attempts+1] + sleep 1 +done + +set -e + +if [ -n "$myips" ]; then + for ip in $myips; do + if timeout 1s ping -I $ip -nq -c1 {{ rclocal_nameserver }} 2>&1 >/dev/null; then + newhostname=$(dig +short -x $ip @{{ rclocal_nameserver }} | sed 's/\.com.*/\.com/g') + if [ -n "$newhostname" ]; then + hostname $newhostname + newdomain=$(hostname -d) + shorthostname=$(hostname -s) + echo $shorthostname > /etc/hostname + if grep -q $newdomain /etc/hosts; then + # Replace + sed -i "s/.*$newdomain.*/$ip $newhostname $shorthostname/g" /etc/hosts + else + # Or add to top of file + sed -i '1i'$ip' '$newhostname' '$shorthostname'\' /etc/hosts + fi + fi + # Quit after first IP that can ping our nameserver + # in the extremely unlikely event the testnode has two IPs + break + fi + done +fi +#end raw + +{% endif %} + +# Regenerate SSH host keys on boot if needed +if command -v zypper &> /dev/null; then + if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then + ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa + systemctl restart sshd + fi +elif command -v apt-get &>/dev/null; then + if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then + dpkg-reconfigure openssh-server + fi +fi + +# Only run once. +if [ -e $lockfile ]; then + exit 0 +fi + +# Wait until we get 10 ping responses from Cobbler host +# before calling post-install trigger +until ping -nq -c10 $http_server +do + echo "Waiting for network" + sleep 3 +done +# Output message to console indicating Ansible is being run +set +x +echo -e "==================================\nInstructing Cobbler to run Ansible\n Waiting for completion\n==================================" > /dev/console +TheTimeIs +set -x +# Run the post-install trigger a second time +curl --max-time 1800 --silent "http://$http_server:$http_port/cblr/svc/op/trig/mode/post/system/$system_name" -o /dev/null || true +TheTimeIs +touch $lockfile +EOF + +chmod +x $script diff --git a/roles/cobbler/templates/snippets/cephlab_rhel_disks b/roles/cobbler/templates/snippets/cephlab_rhel_disks new file mode 100644 index 00000000..0c9425a4 --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_rhel_disks @@ -0,0 +1,29 @@ +## {{ ansible_managed }} +#set os_version = $getVar('os_version','') +# #set hostname = $getVar('name','') +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if $distro == 'RHEL' or $distro == 'CentOS' +#set distro_ver_major = $distro_ver.split(".")[0] +#set distro_ver_minor = $distro_ver.split(".")[1] +#end if +# Partition clearing information +clearpart --all --initlabel +# Use all of /dev/sda for the root partition (20G minimum) +part / --fstype="ext4" --ondisk=sda --size=20000 --grow +# Clear the Master Boot Record +zerombr +# System bootloader configuration +#if $os_version == 'rhel7' + #set bootloader_args = "--location=mbr --boot-drive=sda" +#else if int($distro_ver_major) >= 8 and 'braggi' not in $hostname + #set bootloader_args = "--location=mbr --boot-drive=sda" +ignoredisk --only-use=sda +# On CentOS9 on braggi, the smaller "root" drive is sdb during kickstart and sda after booting into the OS. +#else if int($distro_ver_major) == 9 and 'braggi' in $hostname + #set bootloader_args = "--location=mbr --driveorder=sdb,sda" +ignoredisk --only-use=sda +#else + #set bootloader_args = "--location=mbr --driveorder=sda" +#end if +bootloader $bootloader_args diff --git a/roles/cobbler/templates/snippets/cephlab_rhel_rhsm b/roles/cobbler/templates/snippets/cephlab_rhel_rhsm new file mode 100644 index 00000000..82dac18d --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_rhel_rhsm @@ -0,0 +1,18 @@ +## {{ ansible_managed }} +{% if use_satellite %} +## Install our satellite server's CA RPM if use_satellite is true +wget -O /tmp/satellite-ca.rpm {{ satellite_cert_rpm }} +rpm -U /tmp/satellite-ca.rpm +{% endif %} +## Subscribe (These vars will be empty and this snippet won't get run if the vars aren't set like in Sepia) +subscription-manager register --activationkey={{ subscription_manager_activationkey }} --org={{ subscription_manager_org }} +## Disable all repos +subscription-manager repos --disable '*' +## Enable repos +#if $os_version == 'rhel6' +subscription-manager repos --enable=rhel-6-server-rpms --enable=rhel-6-server-optional-rpms --enable=rhel-6-server-extras-rpms --enable=rhel-scalefs-for-rhel-6-server-rpms +#else if $os_version == 'rhel7' +subscription-manager repos --enable=rhel-7-server-rpms --enable=rhel-7-server-optional-rpms --enable=rhel-7-server-extras-rpms +#else if $os_version == 'rhel8' +subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms --enable=rhel-8-for-x86_64-appstream-rpms +#end if diff --git a/roles/cobbler/templates/snippets/cephlab_user b/roles/cobbler/templates/snippets/cephlab_user new file mode 100644 index 00000000..4b03b89a --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_user @@ -0,0 +1,35 @@ +## {{ ansible_managed }} +#set $user = '{{ cm_user }}' +#set $home = '/home/' + $user +#set $auth_keys = $home + '/.ssh/authorized_keys' +groupadd sudo +#set distro = $getVar('distro','').split("-")[0] +#set distro_ver = $getVar('distro','').split("-")[1] +#if $distro == 'openSUSE' +useradd -U -u {{ cm_user_uid }} -G sudo $user +#else +useradd -u {{ cm_user_uid }} -G sudo $user +#end if +passwd -d $user + +cat >> /etc/sudoers.d/cephlab_sudo << EOF +%sudo ALL=(ALL) NOPASSWD: ALL +# For ansible pipelining +Defaults !requiretty +Defaults visiblepw +EOF + +chmod 0440 /etc/sudoers.d/cephlab_sudo + +install -d -m0755 --owner=$user --group=$user /home/$user/.ssh + +cat >> $auth_keys << EOF +{% for key in cm_user_ssh_keys %} +{{ key }} +{% endfor %} +EOF + +chown $user.$user $auth_keys +chmod 644 $auth_keys +chown -Rf $user:$user /home/$user +curl "http://$http_server:$http_port/cblr/svc/op/nopxe/system/$system_name" -o /dev/null diff --git a/roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh b/roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh new file mode 100644 index 00000000..f60e1232 --- /dev/null +++ b/roles/cobbler/templates/triggers/install/post/cephlab_ansible.sh @@ -0,0 +1,61 @@ +#!/bin/bash +## {{ ansible_managed }} +set -ex + +# Cobbler on CentOS 7 in May 2023 needed a later python than the default 3.6 +# check for SCL 3.8 and enable if so. scl enable starts a child shell; the undocumented +# scl_source sets the environment variables (PATH, LD_LIBRARY_PATH, MANPATH, PKG_CONFIG_PATH, +# and XDG_DATA_DIRS) in the current shell. + +if scl -l | grep -s rh-python38 >/dev/null 2>&1 ; then source scl_source enable rh-python38; fi + +name=$2 +profile=$(cobbler system dumpvars --name $2 | grep profile_name | cut -d ':' -f2) +export USER=root +export HOME=/root +ANSIBLE_CM_PATH=/root/ceph-cm-ansible +SECRETS_REPO_NAME={{ secrets_repo.name }} + +# Bail if the ssh port isn't open, as will be the case when this is run +# while the installer is still running. When this is triggered by +# /etc/rc.local after a reboot, the port will be open and we'll continue +nmap -sT -oG - -p 22 $name | grep 22/open + +mkdir -p /var/log/ansible + +if [ $SECRETS_REPO_NAME != 'UNDEFINED' ] +then + ANSIBLE_SECRETS_PATH=/root/$SECRETS_REPO_NAME + pushd $ANSIBLE_SECRETS_PATH + flock --close ./.lock git pull + popd +fi +pushd $ANSIBLE_CM_PATH +flock --close ./.lock git pull +export ANSIBLE_SSH_PIPELINING=1 +export ANSIBLE_HOST_KEY_CHECKING=False + +# Set up Stream repos +# We have to do it this way because +# 1) Stream ISOs don't work with Cobbler https://bugs.centos.org/view.php?id=18188 +# 2) Since we use a non-stream profile then convert it to stream, we can't run any package related tasks +# until the stream repo files are in place. e.g., The zap ansible tag has some package tasks that fail +# unless we get the repos in place first. +if [[ $profile == *"8.stream"* ]] +then + ansible-playbook tools/convert-to-centos-stream.yml -v --limit $name* 2>&1 >> /var/log/ansible/$name.log +fi + +# Tell ansible to create users, populate authorized_keys, and zap non-root disks +ansible-playbook testnodes.yml -v --limit $name* --tags user,pubkeys,zap 2>&1 > /var/log/ansible/$name.log +# Now run the rest of the playbook. If it fails, at least we have access. +# Background it so that the request doesn't block for this part and end up +# causing the client to retry, thus spawning this trigger multiple times + +# Skip the rest of the testnodes playbook if stock profile requested +if [[ $profile == *"-stock" ]] +then + exit 0 +fi +ansible-playbook cephlab.yml -v --limit $name* --skip-tags user,pubkeys,zap 2>&1 >> /var/log/ansible/$name.log & +popd diff --git a/roles/cobbler/templates/utils/console.sh b/roles/cobbler/templates/utils/console.sh new file mode 100644 index 00000000..bbd07cfb --- /dev/null +++ b/roles/cobbler/templates/utils/console.sh @@ -0,0 +1,5 @@ +#!/bin/bash +## {{ ansible_managed }} +set -ex +name=$1 +ipmitool -H $name.{{ ipmi_domain }} -I lanplus -U {{ power_user }} -P {{ power_pass }} sol activate diff --git a/roles/cobbler/templates/utils/reboot.sh b/roles/cobbler/templates/utils/reboot.sh new file mode 100644 index 00000000..3251590b --- /dev/null +++ b/roles/cobbler/templates/utils/reboot.sh @@ -0,0 +1,4 @@ +#!/bin/bash +## {{ ansible_managed }} +name=$1 +cobbler system reboot --name $name diff --git a/roles/cobbler/templates/utils/reimage.sh b/roles/cobbler/templates/utils/reimage.sh new file mode 100644 index 00000000..4aee52da --- /dev/null +++ b/roles/cobbler/templates/utils/reimage.sh @@ -0,0 +1,9 @@ +#!/bin/bash +## {{ ansible_managed }} +set -ex +name=$1 +profile=$2 +echo "Reimaging $name with profile $profile" +# First turn netboot off so that cobbler removes any stale PXE data +cobbler system edit --name=$name netboot off +cobbler system edit --name=$name --profile $profile --netboot on && cobbler system reboot --name $name diff --git a/roles/cobbler/vars/apt_systems.yml b/roles/cobbler/vars/apt_systems.yml new file mode 100644 index 00000000..9d05c83f --- /dev/null +++ b/roles/cobbler/vars/apt_systems.yml @@ -0,0 +1,11 @@ +--- +cobbler_package: cobbler +cobbler_service: cobbler +httpd_service: apache2 +cobbler_extra_packages: + - git + - syslinux + - python-pykickstart + - fence-agents + - nmap + - python-pip diff --git a/roles/cobbler/vars/dnf_systems.yml b/roles/cobbler/vars/dnf_systems.yml new file mode 100644 index 00000000..44be516c --- /dev/null +++ b/roles/cobbler/vars/dnf_systems.yml @@ -0,0 +1,36 @@ +--- +# cobbler-web pulls in cobbler +cobbler_package: cobbler-web +cobbler_service: cobblerd +httpd_service: httpd +cobbler_extra_packages: + - git + - syslinux + - pykickstart + - fence-agents-all + - nmap + - ansible + +pip_packages: [] + +settings: + - name: yum_post_install_mirror + value: 0 + - name: signature_url + value: https://raw.githubusercontent.com/cobbler/cobbler/master/config/cobbler/distro_signatures.json + - name: server + value: "{{ ip }}" + - name: next_server + value: "{{ ip }}" + - name: pxe_just_once + value: 1 + +cobbler_settings_file: /etc/cobbler/settings.yaml + +kopts_flag: "--kernel-options" + +autoinstall_flag: "--autoinstall" + +autoinstall_meta_flag: "--autoinstall-meta" + +ks_dir: /var/lib/cobbler/templates diff --git a/roles/cobbler/vars/yum_systems.yml b/roles/cobbler/vars/yum_systems.yml new file mode 100644 index 00000000..7bbd6c2c --- /dev/null +++ b/roles/cobbler/vars/yum_systems.yml @@ -0,0 +1,13 @@ +--- +# cobbler-web pulls in cobbler +cobbler_package: cobbler-web +cobbler_service: cobblerd +httpd_service: httpd +cobbler_extra_packages: + - git + - syslinux + - pykickstart + - fence-agents-all + - nmap + - python-pip + - python2-crypto diff --git a/roles/cobbler_profile/defaults/main.yml b/roles/cobbler_profile/defaults/main.yml new file mode 100644 index 00000000..02c14b8f --- /dev/null +++ b/roles/cobbler_profile/defaults/main.yml @@ -0,0 +1,198 @@ +--- +distros: + # Distros with empty iso values will be skipped. These dicts will be + # updated with same-named items in an 'extra_distros' var, which can be + # set in the secrets repo. + "inktank-rescue": + iso: "" + kernel_options: "nokeymap" + "dban-2.3.0-autonuke": + iso: "" + "RHEL-6.6-Server-x86_64": + iso: "" + "RHEL-6.7-Server-x86_64": + iso: "" + "RHEL-6.8-Server-x86_64": + iso: "" + "RHEL-7.0-Server-x86_64": + iso: "" + "RHEL-7.1-Server-x86_64": + iso: "" + "RHEL-7.2-Server-x86_64": + iso: "" + "RHEL-7.3-Server-x86_64": + iso: "" + "RHEL-7.4-Server-x86_64": + iso: "" + "RHEL-7.5-Server-x86_64": + iso: "" + "RHEL-7.6-Server-x86_64": + iso: "" + "RHEL-7.7-Server-x86_64": + iso: "" + "RHEL-7.8-Server-x86_64": + iso: "" + "RHEL-7.9-Server-x86_64": + iso: "" + "RHEL-8.0-Server-x86_64": + iso: "" + "RHEL-8.1-Server-x86_64": + iso: "" + "RHEL-8.2-Server-x86_64": + iso: "" + "RHEL-8.3-Server-x86_64": + iso: "" + "RHEL-8.4-Server-x86_64": + iso: "" + "RHEL-8.5-Server-x86_64": + iso: "" + "RHEL-8.6-Server-x86_64": + iso: "" + "RHEL-9.0-Server-x86_64": + iso: "" + "RHEL-9.3-Server-x86_64": + iso: "" + "CentOS-8.stream-x86_64": + iso: "" + "CentOS-9.stream-x86_64": + iso: http://mirror.lanet.network/centos-stream/9-stream/BaseOS/x86_64/iso/CentOS-Stream-9-latest-x86_64-dvd1.iso + sha256: 774db59bf99570cfd0703c7e2751c37702bc961fdd32c59e52828ca739f86121 + kickstart: cephlab_rhel.ks + kernel_options: "inst.stage2=http://@@http_server@@/cblr/links/{{ distro_name }}/ inst.ks=http://@@http_server@@/cblr/svc/op/ks/system/@@name@@" + "Fedora-22-Server-x86_64": + iso: http://ftp.linux.ncsu.edu/mirror/ftp.redhat.com/pub/fedora/linux/releases/22/Server/x86_64/iso/Fedora-Server-DVD-x86_64-22.iso + sha256: b2acfa7c7c6b5d2f51d3337600c2e52eeaa1a1084991181c28ca30343e52e0df + kickstart: cephlab_rhel.ks + "Fedora-31-Server-x86_64": + iso: https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Server/x86_64/iso/Fedora-Server-dvd-x86_64-31-1.9.iso + sha256: 225ebc160e40bb43c5de28bad9680e3a78a9db40c9e3f4f42f3ee3f10f95dbeb + kickstart: cephlab_rhel.ks + "CentOS-6.7-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/6.7/isos/x86_64/CentOS-6.7-x86_64-bin-DVD1.iso + sha256: c0c1a05d3d74fb093c6232003da4b22b0680f59d3b2fa2cb7da736bc40b3f2c5 + kickstart: cephlab_rhel.ks + "CentOS-7.0-x86_64": + iso: http://archive.kernel.org/centos-vault/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-DVD.iso + sha256: ee505335bcd4943ffc7e6e6e55e5aaa8da09710b6ceecda82a5619342f1d24d9 + kickstart: cephlab_rhel.ks + "CentOS-7.1-x86_64": + iso: http://archive.kernel.org/centos-vault/7.1.1503/isos/x86_64/CentOS-7-x86_64-DVD-1503-01.iso + sha256: 85bcf62462fb678adc0cec159bf8b39ab5515404bc3828c432f743a1b0b30157 + kickstart: cephlab_rhel.ks + "CentOS-7.2-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/7.2.1511/isos/x86_64/CentOS-7-x86_64-DVD-1511.iso + sha256: 907e5755f824c5848b9c8efbb484f3cd945e93faa024bad6ba875226f9683b16 + kickstart: cephlab_rhel.ks + "CentOS-7.3-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/7.3.1611/isos/x86_64/CentOS-7-x86_64-DVD-1611.iso + sha256: c455ee948e872ad2194bdddd39045b83634e8613249182b88f549bb2319d97eb + kickstart: cephlab_rhel.ks + "CentOS-7.4-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/7.4.1708/isos/x86_64/CentOS-7-x86_64-DVD-1708.iso + sha256: ec7500d4b006702af6af023b1f8f1b890b6c7ee54400bb98cef968b883cd6546 + kickstart: cephlab_rhel.ks + "CentOS-7.5-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/7.5.1804/isos/x86_64/CentOS-7-x86_64-DVD-1804.iso + sha256: 506e4e06abf778c3435b4e5745df13e79ebfc86565d7ea1e128067ef6b5a6345 + kickstart: cephlab_rhel.ks + "CentOS-7.6-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/7.6.1810/isos/x86_64/CentOS-7-x86_64-DVD-1810.iso + sha256: 6d44331cc4f6c506c7bbe9feb8468fad6c51a88ca1393ca6b8b486ea04bec3c1 + kickstart: cephlab_rhel.ks + "CentOS-7.7-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/7.7.1908/isos/x86_64/CentOS-7-x86_64-DVD-1908.iso + sha256: 9bba3da2876cb9fcf6c28fb636bcbd01832fe6d84cd7445fa58e44e569b3b4fe + kickstart: cephlab_rhel.ks + "CentOS-7.8-arm": + iso: http://centos.mirror.garr.it/centos-altarch/7.8.2003/isos/aarch64/CentOS-7-aarch64-Everything-2003.iso + sha256: 386e85a0d49d457252fcdbfa23d2082fc3f132f8405622831b07fd27a6071c7e + kickstart: cephlab_rhel.ks + arch: arm + "CentOS-7.9-x86_64": + iso: http://mirror.linux.duke.edu/pub/centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-DVD-2009.iso + sha256: e33d7b1ea7a9e2f38c8f693215dd85254c3a4fe446f93f563279715b68d07987 + kickstart: cephlab_rhel.ks + "CentOS-8.0-x86_64": + iso: http://mirror.linux.duke.edu/pub/centos/8.0.1905/isos/x86_64/CentOS-8-x86_64-1905-dvd1.iso + sha256: ea17ef71e0df3f6bf1d4bf1fc25bec1a76d1f211c115d39618fe688be34503e8 + kickstart: cephlab_rhel.ks + "CentOS-8.1-x86_64": + iso: http://mirror.linux.duke.edu/pub/centos/8.1.1911/isos/x86_64/CentOS-8.1.1911-x86_64-dvd1.iso + sha256: 3ee3f4ea1538e026fff763e2b284a6f20b259d91d1ad5688f5783a67d279423b + kickstart: cephlab_rhel.ks + "CentOS-8.1-aarch64": + iso: http://mirror.linux.duke.edu/pub/centos/8/isos/aarch64/CentOS-8.1.1911-aarch64-dvd1.iso + sha256: 357f34e86a28c86aaf1661462ef41ec4cf5f58c120f46e66e1985a9f71c246e3 + kickstart: cephlab_rhel.ks + arch: aarch64 + "CentOS-8.2-x86_64": + iso: http://ftp.linux.ncsu.edu/pub/CentOS/8.2.2004/isos/x86_64/CentOS-8.2.2004-x86_64-dvd1.iso + sha256: c87a2d81d67bbaeaf646aea5bedd70990078ec252fc52f5a7d65ff609871e255 + kickstart: cephlab_rhel.ks + "CentOS-8.3-x86_64": + iso: http://mirror.linux.duke.edu/pub/centos/8.3.2011/isos/x86_64/CentOS-8.3.2011-x86_64-dvd1.iso + sha256: aaf9d4b3071c16dbbda01dfe06085e5d0fdac76df323e3bbe87cce4318052247 + kickstart: cephlab_rhel.ks + "CentOS-8.4-x86_64": + iso: http://packages.oit.ncsu.edu/centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-dvd1.iso + sha256: 0394ecfa994db75efc1413207d2e5ac67af4f6685b3b896e2837c682221fd6b2 + kickstart: cephlab_rhel.ks + "CentOS-8.5-x86_64": + iso: https://mirror.cs.pitt.edu/centos-vault/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso + sha256: 3b795863001461d4f670b0dedd02d25296b6d64683faceb8f2b60c53ac5ebb3e + kickstart: cephlab_rhel.ks + "Rocky-9.5-x86_64": + iso: https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.5-x86_64-dvd.iso + sha256: ba60c3653640b5747610ddfb4d09520529bef2d1d83c1feb86b0c84dff31e04e + kickstart: cephlab_rhel.ks + "Ubuntu-12.04-server-x86_64": + iso: "http://releases.ubuntu.com/12.04/ubuntu-12.04.5-server-amd64.iso" + sha256: af224223de99e2a730b67d7785b657f549be0d63221188e105445f75fb8305c9 + kickstart: cephlab_ubuntu.preseed + kernel_options: "netcfg/choose_interface=auto console=tty0 console=ttyS1,115200" + kernel_options_post: "pci=realloc=off console=tty0 console=ttyS1,115200" + "Ubuntu-14.04-server-x86_64": + iso: "http://releases.ubuntu.com/14.04/ubuntu-14.04.3-server-amd64.iso" + sha256: a3b345908a826e262f4ea1afeb357fd09ec0558cf34e6c9112cead4bb55ccdfb + kickstart: cephlab_ubuntu.preseed + kernel_options: "netcfg/choose_interface=auto console=tty0 console=ttyS1,115200" + kernel_options_post: "pci=realloc=off console=tty0 console=ttyS1,115200" + "Ubuntu-15.04-server-x86_64": + iso: "http://releases.ubuntu.com/15.04/ubuntu-15.04-server-amd64.iso" + sha256: 6501c8545374665823384bbb6235f865108f56d8a30bbf69dd18df73c14ccb84 + kickstart: cephlab_ubuntu.preseed + kernel_options: "netcfg/choose_interface=auto console=tty0 console=ttyS1,115200" + kernel_options_post: "pci=realloc=off console=tty0 console=ttyS1,115200" + "Ubuntu-16.04-server-x86_64": + iso: "http://releases.ubuntu.com/16.04/ubuntu-16.04.6-server-amd64.iso" + sha256: 16afb1375372c57471ea5e29803a89a5a6bd1f6aabea2e5e34ac1ab7eb9786ac + kickstart: cephlab_ubuntu.preseed + kernel_options: "netcfg/choose_interface=auto console=tty0 console=ttyS1,115200" + kernel_options_post: "pci=realloc=off console=tty0 console=ttyS1,115200" + "Ubuntu-18.04-server-x86_64": + iso: "http://cdimage.ubuntu.com/releases/18.04/release/ubuntu-18.04-server-amd64.iso" + sha256: a7f5c7b0cdd0e9560d78f1e47660e066353bb8a79eb78d1fc3f4ea62a07e6cbc + kickstart: cephlab_ubuntu.preseed + kernel_options: "netcfg/choose_interface=auto console=tty0 console=ttyS1,115200 GRUB_DISABLE_OS_PROBER=true" + kernel_options_post: "pci=realloc=off console=tty0 console=ttyS1,115200" + "Ubuntu-20.04-server-x86_64": + iso: "http://cdimage.ubuntu.com/ubuntu-legacy-server/releases/20.04/release/ubuntu-20.04.1-legacy-server-amd64.iso" + sha256: f11bda2f2caed8f420802b59f382c25160b114ccc665dbac9c5046e7fceaced2 + kickstart: cephlab_ubuntu.preseed + kernel_options: "netcfg/choose_interface=auto console=tty0 console=ttyS1,115200 GRUB_DISABLE_OS_PROBER=true" + kernel_options_post: "pci=realloc=off console=tty0 console=ttyS1,115200" + "openSUSE-15.0-x86_64": + iso: "https://download.opensuse.org/distribution/leap/15.0/iso/openSUSE-Leap-15.0-DVD-x86_64.iso" + sha256: c477428c7830ca76762d2f78603e13067c33952b936ff100189523e1fabe5a77 + kickstart: cephlab_opensuse_leap.xml + kernel_options: "install=http://@@http_server@@/cblr/links/{{ distro_name }}/" + "openSUSE-15.1-x86_64": + iso: "https://download.opensuse.org/distribution/leap/15.1/iso/openSUSE-Leap-15.1-DVD-x86_64.iso" + sha256: c6d3ed19fe5cc25c4667bf0b46cc86aebcfbca3b0073aed0a288834600cb8b97 + kickstart: cephlab_opensuse_leap.xml + kernel_options: "install=http://@@http_server@@/cblr/links/{{ distro_name }}/" + "openSUSE-15.2-x86_64": + iso: "https://download.opensuse.org/distribution/leap/15.2/iso/openSUSE-Leap-15.2-DVD-x86_64-Current.iso" + sha256: 8bc7d3e1ad515c86a285098b98a4def14e43d19e7a393cf66e980b849d2a1ddf + kickstart: cephlab_opensuse_leap.xml + kernel_options: "install=http://@@http_server@@/cblr/links/{{ distro_name }}/" diff --git a/roles/cobbler_profile/tasks/download_image.yml b/roles/cobbler_profile/tasks/download_image.yml new file mode 100644 index 00000000..b3582088 --- /dev/null +++ b/roles/cobbler_profile/tasks/download_image.yml @@ -0,0 +1,28 @@ +--- +- name: Check to see if the kernel exists + stat: path={{ kernel_path }} get_checksum=no + register: kernel_stat + +- name: Check to see if the initrd exists + stat: path={{ initrd_path }} get_checksum=no + register: initrd_stat + +- name: Download kernel + get_url: + url={{ distro.kernel }} + dest={{ kernel_path }} + checksum=sha256:{{ distro.kernel_sha256 }} + when: profile is defined and profile.stdout == '' + register: download_kernel + +- name: Download initrd + get_url: + url={{ distro.initrd }} + dest={{ initrd_path }} + checksum=sha256:{{ distro.initrd_sha256 }} + when: profile is defined and profile.stdout == '' + register: download_initrd + +- name: Set files_exist if the required files are in place + set_fact: + files_exist: "{{ ( kernel_stat.stat.exists or download_kernel is changed) and ( initrd_stat.stat.exists or download_initrd is changed ) }}" diff --git a/roles/cobbler_profile/tasks/download_iso.yml b/roles/cobbler_profile/tasks/download_iso.yml new file mode 100644 index 00000000..0bc5d714 --- /dev/null +++ b/roles/cobbler_profile/tasks/download_iso.yml @@ -0,0 +1,12 @@ +--- +- name: Check to see if the ISO exists + stat: path={{ iso_path }} get_checksum=no + register: iso_stat + +- name: Download ISO + get_url: + url={{ distro.iso }} + dest={{ iso_path }} + checksum=sha256:{{ distro.sha256 }} + when: profile is defined and profile.stdout == '' + register: download diff --git a/roles/cobbler_profile/tasks/import_distro.yml b/roles/cobbler_profile/tasks/import_distro.yml new file mode 100644 index 00000000..d8eade6b --- /dev/null +++ b/roles/cobbler_profile/tasks/import_distro.yml @@ -0,0 +1,71 @@ +--- +# This profile will do all the work necessary to create a new distro/profile +# pair in Cobbler. + +# Since this profile will be used several times in the same playbook, +# mention the distro name each time. +- name: Distro name + debug: var=distro_name + +- name: Load extra_distros from secrets + set_fact: + distros: "{{ distros|combine(extra_distros, recursive=True) }}" + +- name: Find distro settings + set_fact: + distro: "{{ distros[distro_name] }}" + +- name: Fail if an iso is provided in combination with either a kernel or initrd + fail: msg="Cannot specify both 'iso' and 'kernel' or 'initrd'. distro '{{ distro_name }}'" + when: distro.iso != '' and (distro.kernel is defined or distro.initrd is defined) + +- name: Set profile_type to iso + set_fact: + profile_type: 'iso' + when: distro.iso is defined and distro.iso != '' + +- name: Set profile_type to image + set_fact: + profile_type: 'image' + when: (distro.kernel is defined and distro.kernel != '') and (distro.initrd is defined and distro.initrd != '') + +- name: Determine if distro profile exists + command: cobbler profile find --name {{ distro_name }} + # Skip if the profile_type is empty; this allows us to mention distros with + # ISOs that are internal, but leave the URL out. + when: profile_type|default('') != '' + register: profile + ignore_errors: true + changed_when: false + +- import_tasks: import_distro_iso.yml + when: profile_type|default('') == 'iso' and '"stream" not in distro_name' + +- import_tasks: import_distro_image.yml + when: profile_type|default('') == 'image' + +- import_tasks: import_stream_profile.yml + when: '"8.stream" in distro_name' + +# If either the profile already existed or we successfully imported the +# distro, we might want to update other options in the profile. i.e. kickstarts +- name: Set profile_found + set_fact: + profile_found: + ((profile is defined and profile.stdout == distro_name) or + (imported is defined and imported.rc == 0)) + +- import_tasks: update_kickstart.yml + when: distro.kickstart is defined and + distro.kickstart != '' and + profile_found + +- import_tasks: update_kernel_options.yml + when: distro.kernel_options is defined and + distro.kernel_options != '' and + profile_found + +- import_tasks: update_kernel_options_post.yml + when: distro.kernel_options_post is defined and + distro.kernel_options_post != '' and + profile_found diff --git a/roles/cobbler_profile/tasks/import_distro_image.yml b/roles/cobbler_profile/tasks/import_distro_image.yml new file mode 100644 index 00000000..d5227ff5 --- /dev/null +++ b/roles/cobbler_profile/tasks/import_distro_image.yml @@ -0,0 +1,39 @@ +--- +- name: Set image scratch directory + set_fact: + image_path: "{{ other_image_dir }}/{{ distro_name }}" + +- name: Set kernel name + set_fact: + kernel_name: "{{ distro.kernel.split('/')[-1] }}" + +- name: Set kernel path + set_fact: + kernel_path: "{{ other_image_dir }}/{{ kernel_name }}" + +- name: Set initrd name + set_fact: + initrd_name: "{{ distro.initrd.split('/')[-1] }}" + +- name: Set initrd path + set_fact: + initrd_path: "{{ other_image_dir }}/{{ initrd_name }}" + +- import_tasks: download_image.yml + when: distro.kernel != '' + +- name: Set arch + set_fact: + arch: "{{ distro.arch|default('x86_64') }}" + when: download_kernel is defined and download_kernel is success + +- name: Add the distro to cobbler + command: cobbler distro add --kernel {{ kernel_path }} --initrd {{ initrd_path }} --name {{ distro_name }} + when: download is changed or (files_exist and + profile is defined and profile.stdout == '') + register: imported + +- name: Add the profile to cobbler + command: cobbler profile add --name {{ distro_name }} --distro {{ distro_name }} + when: imported is defined and imported.stdout == '' + register: imported diff --git a/roles/cobbler_profile/tasks/import_distro_iso.yml b/roles/cobbler_profile/tasks/import_distro_iso.yml new file mode 100644 index 00000000..2e1d6ac4 --- /dev/null +++ b/roles/cobbler_profile/tasks/import_distro_iso.yml @@ -0,0 +1,64 @@ +--- +- name: Set ISO name + set_fact: + iso_name: "{{ distro.iso.split('/')[-1] }}" + +- name: Set ISO path + set_fact: + iso_path: "{{ iso_dir }}/{{ iso_name }}" + +- import_tasks: download_iso.yml + when: distro.iso != '' + +# we do this so that if the playbook fails +# after mounting and we need to run it again +# then we'll remount and complete the rest +# of the tasks like it's the first run +- name: Clear the mount point. + mount: + name: "{{ iso_mount }}" + src: "{{ iso_path }}" + fstype: "iso9660" + state: unmounted + +- name: Mount ISO + mount: + name: "{{ iso_mount }}" + src: "{{ iso_path }}" + opts: "loop" + fstype: "iso9660" + state: mounted + when: download is changed or (iso_stat.stat is defined and iso_stat.stat.exists and + profile is defined and profile.stdout == '') + register: mount + +- name: Set arch + set_fact: + arch: "{{ distro.arch|default('x86_64') }}" + when: mount is defined and mount is changed + +- name: Import the distro (also creates the profile) + command: cobbler import --path={{ iso_mount }} --name={{ distro_name }} --arch={{ arch }} + register: imported + when: mount is defined and mount is changed + +# In the next two step we need to +# rename the distro and profile only when the arch is arm +# because cobbler is adding the arm word twice to the name instead of once +- name: Rename the distro if the arch is arm + command: cobbler distro rename --name={{ distro_name }}-arm --newname={{ distro_name }} + when: mount is defined and mount is changed and + arch == "arm" + +- name: Rename the profile if the arch is arm + command: cobbler profile rename --name={{ distro_name }}-arm --newname={{ distro_name }} + when: mount is defined and mount is changed and + arch == "arm" + +- name: Unmount ISO + mount: + name: "{{ iso_mount }}" + src: "{{ iso_path }}" + fstype: "iso9660" + state: unmounted + when: mount is defined and mount is changed diff --git a/roles/cobbler_profile/tasks/import_stream_profile.yml b/roles/cobbler_profile/tasks/import_stream_profile.yml new file mode 100644 index 00000000..42204974 --- /dev/null +++ b/roles/cobbler_profile/tasks/import_stream_profile.yml @@ -0,0 +1,26 @@ +--- +- name: "Extract distro name and major version from {{ distro_name }}" + set_fact: + distro_and_version: "{{ distro_name.split('.')[0] }}" + +- name: "Extract distro name from {{ distro_name }}" + set_fact: + stream_distro_name: "{{ distro_name.split('-')[0] }}" + +- name: "Extract the major version number from {{ distro_and_version }}" + set_fact: + stream_distro_version: "{{ distro_and_version.split('-')[1] }}" + +- name: "Get the latest non-Stream profile that matches this {{ stream_distro_name }} Stream distro version (e.g., CentOS-8.3-x86_64)" + shell: "cobbler profile list | grep {{ distro_and_version }} | grep -v 'stream\\|arm\\|aarch\\|stock' | sort -V | tail -n 1 | xargs" + register: latest_non_stream_profile + +# See commit message for why we do it this way +- name: "Add {{ distro_name }} to Cobbler as a sub-profile of {{ latest_non_stream_profile.stdout }}" + command: "cobbler profile add --name {{ distro_name }} --parent {{ latest_non_stream_profile.stdout }} --clobber" + register: imported + when: latest_non_stream_profile.stdout_lines|length != 0 + +# Try importing as an ISO instead if we can't create a sub-profile +- import_tasks: import_distro_iso.yml + when: latest_non_stream_profile.stdout_lines|length == 0 diff --git a/roles/cobbler_profile/tasks/main.yml b/roles/cobbler_profile/tasks/main.yml new file mode 100644 index 00000000..def403e0 --- /dev/null +++ b/roles/cobbler_profile/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- import_tasks: import_distro.yml + tags: + - distros diff --git a/roles/cobbler_profile/tasks/update_kernel_options.yml b/roles/cobbler_profile/tasks/update_kernel_options.yml new file mode 100644 index 00000000..9cdb1c03 --- /dev/null +++ b/roles/cobbler_profile/tasks/update_kernel_options.yml @@ -0,0 +1,15 @@ +--- +# This returns additional kernel_options not explicitly set in the profile by us. +# These values come from the distro import, I believe. Here's some example output from the vivid profile: +# ksdevice=bootif lang= biosdevname=0 text netcfg/choose_interface=auto console=tty0 console=ttyS1,115200 +# The 'ksdevice=bootif lang=' was not added by the profile and persists even when resetting the kernel_options +# in the next task. This means that setting kernel_options will never be idempotent. +- name: Check to see if kernel_options needs updating + shell: "cobbler profile dumpvars --name={{ distro_name }} | grep '^kernel_options :' | cut -d : -f 2" + changed_when: false + register: kernel_options + +# This task is not idempotent because of the reason mentioned above. +- name: "Set the profile's kernel_options" + command: cobbler profile edit --name={{ distro_name }} "{{ kopts_flag }}"='{{ distro.kernel_options }}' + when: kernel_options.stdout.strip() != distro.kernel_options diff --git a/roles/cobbler_profile/tasks/update_kernel_options_post.yml b/roles/cobbler_profile/tasks/update_kernel_options_post.yml new file mode 100644 index 00000000..c7d593c5 --- /dev/null +++ b/roles/cobbler_profile/tasks/update_kernel_options_post.yml @@ -0,0 +1,9 @@ +--- +- name: Get current value for kernel_options_post + shell: "cobbler profile dumpvars --name={{ distro_name }} | grep '^kernel_options_post :' | cut -d : -f 2" + changed_when: false + register: kernel_options_post + +- name: "Set the profile's kernel_options_post if needed." + command: cobbler profile edit --name={{ distro_name }} "{{ kopts_flag }}"-post='{{ distro.kernel_options_post }}' + when: kernel_options_post.stdout.strip() != distro.kernel_options_post diff --git a/roles/cobbler_profile/tasks/update_kickstart.yml b/roles/cobbler_profile/tasks/update_kickstart.yml new file mode 100644 index 00000000..6f364f55 --- /dev/null +++ b/roles/cobbler_profile/tasks/update_kickstart.yml @@ -0,0 +1,15 @@ +--- +- name: Set kickstart path + set_fact: + kickstart_path: "{{ ks_dir }}/{{ distro.kickstart }}" + +- name: Check to see if the kickstart needs updating + shell: cobbler profile dumpvars --name={{ distro_name }} | grep '^kickstart :' | awk '{ print $3 }' + when: kickstart_path is defined + changed_when: false + register: kickstart + +- name: "Set the profile's kickstart" + command: cobbler profile edit --name={{ distro_name }} "{{ autoinstall_flag }}"={{ kickstart_path }} + when: kickstart is defined and + kickstart.stdout != kickstart_path diff --git a/roles/cobbler_systems/defaults/main.yml b/roles/cobbler_systems/defaults/main.yml new file mode 100644 index 00000000..39b83753 --- /dev/null +++ b/roles/cobbler_systems/defaults/main.yml @@ -0,0 +1,5 @@ +--- +interface: eth0 +kernel_options: '' +kernel_options_post: '' +default_profile: "RHEL-8.6-Server-x86_64" diff --git a/roles/cobbler_systems/tasks/main.yml b/roles/cobbler_systems/tasks/main.yml new file mode 100644 index 00000000..59f2c609 --- /dev/null +++ b/roles/cobbler_systems/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- import_tasks: populate_systems.yml + tags: + - systems + +- name: Run cobbler sync + command: cobbler sync + no_log: true + tags: + - systems diff --git a/roles/cobbler_systems/tasks/populate_systems.yml b/roles/cobbler_systems/tasks/populate_systems.yml new file mode 100644 index 00000000..c9ab934b --- /dev/null +++ b/roles/cobbler_systems/tasks/populate_systems.yml @@ -0,0 +1,33 @@ +--- +- name: Get list of cobbler systems + command: cobbler system list + register: cmd_cobbler_systems + no_log: true + +- name: Set cobbler_systems_current + set_fact: + cobbler_systems_current: "[{% for host in cmd_cobbler_systems.stdout.strip().split() %}'{{ host }}.{{ lab_domain }}, {% endfor %}]" + +- name: set cobbler_systems_add + set_fact: + cobbler_systems_add: + "{{ groups.cobbler_managed | difference(cobbler_systems_current) }}" + +- name: Add missing systems to cobbler + command: cobbler system add --name={{ item.split('.')[0] }} --profile={{ default_profile }} --mac={{ hostvars[item].mac }} --ip-address={{ hostvars[item].ip }} --interface={{ hostvars[item].interface|default(interface) }} --hostname={{ item.split('.')[0] }}.{{ lab_domain }} "{{ kopts_flag }}"="{{ hostvars[item].kernel_options|default(kernel_options) }}" "{{ autoinstall_meta_flag|default('--ksmeta') }}"="{{ hostvars[item].kickstart_metadata|default(kickstart_metadata) }}" --power-type={{ hostvars[item].power_type|default(power_type) }} --power-address={{ item.split('.')[0] }}.{{ ipmi_domain }} --power-user={{ hostvars[item].power_user|default(power_user) }} --power-pass={{ hostvars[item].power_pass|default(power_pass) }} --netboot-enabled false + with_items: "{{ cobbler_systems_add }}" + when: + - hostvars[item].mac is defined + - hostvars[item].ip is defined + +- name: set cobbler_systems_update + set_fact: + cobbler_systems_update: + "{{ groups.cobbler_managed | intersect(cobbler_systems_current) }}" + +- name: Update existing systems in cobbler + command: cobbler system edit --name={{ item.split('.')[0] }} --mac={{ hostvars[item].mac }} --ip-address={{ hostvars[item].ip }} --interface={{ hostvars[item].interface|default(interface) }} --hostname={{ item.split('.')[0] }}.{{ lab_domain }} "{{ kopts_flag }}"="{{ hostvars[item].kernel_options|default(kernel_options) }}" "{{ kopts_flag }}"-post="{{ hostvars[item].kernel_options_post|default(kernel_options_post) }}" "{{ autoinstall_meta_flag|default('--ksmeta') }}"="{{ hostvars[item].kickstart_metadata|default(kickstart_metadata) }}" --power-type={{ hostvars[item].power_type|default(power_type) }} --power-address={{ item.split('.')[0] }}.{{ ipmi_domain }} --power-user={{ hostvars[item].power_user|default(power_user) }} --power-pass={{ hostvars[item].power_pass|default(power_pass) }} + with_items: "{{ cobbler_systems_update }}" + when: + - hostvars[item].mac is defined + - hostvars[item].ip is defined diff --git a/roles/common/README.rst b/roles/common/README.rst new file mode 100644 index 00000000..4646df1f --- /dev/null +++ b/roles/common/README.rst @@ -0,0 +1,120 @@ +Common +====== + +The common role consists of tasks we want run on all hosts in the Ansible +inventory (i.e., not just testnodes). This includes things like setting the +timezone and enabling repos. + +Usage ++++++ + +The common role is run on every host in the Ansible inventory and is typically +called by another role's playbook. Calling it manually to run a +specific task (such as setting the timezone) can be done like so:: + + ansible-playbook common.yml --limit="host.example.com" --tags="timezone" + +**WARNING:** If the common role is run without a valid tag, the full role will run. See ``roles/common/tasks`` for what this includes. + +Variables ++++++++++ + +``timezone`` is the desired timezone for all hosts in the Ansible inventory. +Defined in ``roles/common/defaults/main.yml``. Values in the TZ column here_ can be used +in place of the default value. + +``subscription_manager_activationkey`` and ``subscription_manager_org`` are used +to register systems with Red Hat's Subscription Manager tool. Blank defaults +are set in ``roles/common/defaults/main.yml`` and should be overridden in the +secrets repo. + +``rhsm_repos`` is a list of Red Hat repos that a system should subscribe to. We +have them defined in ``roles/common/vars/redhat_{6,7}.yml``. + +``use_satellite`` is a boolean that sets whether a local Red Hat Satellite server is available and should be used instead of Red Hat's CDN. If ``use_satellite`` is set to true, you must also define ``subscription_manager_activationkey``, ``subscription_manager_org``, and ``satellite_cert_rpm`` in your secrets repo. ``set_rhsm_release: true`` will add ``--release=X.Y`` to the ``subscription-manager register`` command; This prevents a RHEL7.6 install from being upgraded to RHEL7.7, for example.:: + + # Red Hat Satellite vars + use_satellite: true + satellite_cert_rpm: "http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm" + subscription_manager_org: "Your Org" + subscription_manager_activationkey: "abc123" + set_rhsm_release: false + +``epel_mirror_baseurl`` is self explanatory and defined in +``roles/common/defaults/main.yml``. Can be overwritten in secrets if you run +your own local epel mirror. + +``epel_repos`` is a dictionary used to create epel repo files. Defined in ``roles/common/defaults/main.yml``. + +``enable_epel`` is a boolean that sets whether epel repos should be enabled. +Defined in ``roles/common/defaults/main.yml``. + +``yum_timeout`` is an integer used to set the yum timeout. Defined in +``roles/common/defaults/main.yml``. + +``nagios_allowed_hosts`` should be a comma-separated list of hosts allowed to query NRPE. Override in the secrets repo. + +The following variables are used to configure NRPE_ (Nagios Remote Plugin +Executor) on hosts in ``/etc/nagios/nrpe.cfg``. The system defaults differ between distros (``nrpe`` in +RHEL vs ``nagios-nrpe-server`` in Ubuntu). Setting these allows us to make +tasks OS-agnostic. They variables are mostly self-explanatory and defined in +``roles/common/vars/{yum,apt}_systems.yml``:: + + ## Ubuntu variables are used in this example + + # Used to install the package and start/stop the service + nrpe_service_name: nagios-nrpe-server + + # NRPE service runs as this user/group + nrpe_user: nagios + nrpe_group: nagios + + # Where nagios plugins can be found + nagios_plugins_directory: /usr/lib/nagios/plugins + + # List of packages needed for NRPE use + nrpe_packages: + - nagios-nrpe-server + - nagios-plugins-basic + +Definining ``secondary_nic_mac`` as a hostvar will configure the corresponding NIC to use DHCP. This +assumes you've configured a static IP definition on your DHCP server and the NIC is cabled. +The tasks will automatically set the MTU to 9000 if the NIC is 10Gb or 25Gb. Override in ``groups_vars/group.yml`` as ``secondary_nic_mtu=1500`` +This taskset only supports one secondary NIC.:: + + secondary_nic_mac: 'DE:AD:BE:EF:00:11' + +Tags +++++ + +timezone + Sets the timezone + +monitoring-scripts + Installs smartmontools (if necessary) and uploads custom monitoring scripts. + See ``roles/common/tasks/disk_monitoring.yml``. + +entitlements + Registers a Red Hat host then subscribes and enables repos. See + ``roles/common/tasks/rhel-entitlements.yml``. + +kerberos + Configures kerberos. See ``roles/common/tasks/kerberos.yml``. + +nagios + Installs and configures nrpe service (including firewalld and SELinux if + applicable). ``monitoring-scripts`` is also always run with this tag since + NRPE isn't very useful without them. + +secondary-nic + Configure secondary NIC if ``secondary_nic_mac`` is defined. + +To Do ++++++ + +- Rewrite ``roles/common/tasks/rhel-entitlements.yml`` to use Ansible's + redhat_subscription_module_. + +.. _here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +.. _NRPE: https://github.com/NagiosEnterprises/nrpe +.. _redhat_subscription_module: https://docs.ansible.com/ansible/redhat_subscription_module.html diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml new file mode 100644 index 00000000..c29513ed --- /dev/null +++ b/roles/common/defaults/main.yml @@ -0,0 +1,42 @@ +--- +timezone: "Etc/UTC" + +# Red Hat Subscription Manager credentials +subscription_manager_activationkey: "" +subscription_manager_org: "" + +# Repos to enable in Red Hat Subscription Manager +rhsm_repos: [] + +# Defines whether to use a Red Hat Satellite server +use_satellite: false + +kerberos_realm: EXAMPLE.COM + +epel_mirror_baseurl: "http://dl.fedoraproject.org/pub/epel" +epel_repos: + epel: + name: "Extra Packages for Enterprise Linux" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-{{ ansible_distribution_major_version }}&arch=$basearch&infra=$infra&content=$contentdir" + # ternary requires ansible >= 1.9 + enabled: "{{ enable_epel | ternary(1, 0) }}" + gpgcheck: 0 + epel-testing: + name: "Extra Packages for Enterprise Linux - Testing" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=testing-epel{{ ansible_distribution_major_version }}&arch=$basearch&infra=$infra&content=$contentdir" + enabled: 0 + gpgcheck: 0 + +enable_epel: true +yum_timeout: 300 + +# Override in secrets repo +nagios_allowed_hosts: "127.0.0.1" + +# Override in roles/common/vars/os_version.yml +nrpe_selinux_packages: + - libsemanage-python + - policycoreutils-python + +# Is this a containerized node? +containerized_node: false diff --git a/roles/common/files/libexec/diskusage.pl b/roles/common/files/libexec/diskusage.pl new file mode 100644 index 00000000..d4d21abc --- /dev/null +++ b/roles/common/files/libexec/diskusage.pl @@ -0,0 +1,123 @@ +#!/usr/bin/perl + +# {{ ansible_managed }} + +#****************************************************************************************** +# +# NRPE DISK USAGE PLUGIN +# +# Program: Disk Usage plugin written to be used with Netsaint and NRPE +# License: GPL +# Copyright (c) 2000 Jeremy Hanmer (jeremy@newdream.net) +# +# Last Modified: 10/23/00 +# +# Information: Basically, I wrote this because I had to deal with large numbers of +# machines with a wide range of disk configurations, and with dynamically mounted +# partitions. The basic check_disk plugin relied on a static configuration file which +# doesn't lend itself to being used in a heterogeneous environnment (especially when +# you can't guarantee that the devices listed in the configuration file will be mounted). +# +# Bugs: Currently, this plugin only works on EXT2 partitions (although it's easy to change). +# +# Command Line: diskusage.pl +# +# Tested Systems: Mandrake 7.1/Intel, Debian 2.2/Intel, Debian 2.1/Intel +# +# License Information: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +#******************************************************************************************* + + +use strict; + +my $wrn = shift @ARGV; +my $crt = shift @ARGV; +my $output; +my $count; +my %type; +my $result = 0; +my $warn = 0; +my $crit = 0; +my @parts; +my $hostname = `hostname`; +chomp $hostname; +@parts = `mount | grep -vi fuse\|/snap`; + +#if ( $hostname eq 'zartan' ) { +# @parts = `mount`; +#} +#else { +# @parts = `mount -t ext2,reiserfs`; +#} +for (@parts) { + my ($dev,$on,$mount,$tp,$type,$options) = split(/\s+/,$_); + next if ($type eq 'nfs' && !($hostname eq 'zartan')); + next if ($type eq 'proc' || $type eq 'devpts'); + my @df= `df -k $mount`; + my @df_inode = `df -i $mount`; +# print "$dev $mount $type\n"; + shift @df; + shift @df_inode; + for(@df) { + my ($dev1,$blocks,$used,$free,$pc,$mount) = split(/\s+/,$_); + my ($percent,$blah) = split(/\%/,$pc); + if ( ($percent >= $wrn ) && (!($percent >= $crt) || ($mount =~ m/\/mnt\//)) ) { + $output .= "$mount is at $pc "; + $warn = 1; + } + if ( ($percent >= $crt ) && !($mount =~ m/\/mnt\//) ){ + $output = "" unless $crit eq '1'; + $output .= "$mount is at $pc "; + $crit = 1; + } + } + for(@df_inode) { + my ($dev1,$inodes,$used,$free,$pc,$mount) = split(/\s+/,$_); + my ($percent,$blah) = split(/\%/,$pc); + if ( ($percent >= $wrn ) && (!($percent >= $crt) ) ) { + $output .= "$mount is at $pc inode usage "; + $warn = 1; + } + if ( ($percent >= $crt ) && !($mount =~ m/\/mnt\//) ){ + $output = "" unless $crit eq '1'; + $output .= "$mount is at $pc inode usage "; + $crit = 1; + } + } + } + + +#if ( ($warn eq '1') && !($crit eq '1') ) { +# print "$output\n"; +# $result = 1; +# } +if ( $crit eq '1' ) { + print "$output\n"; + $result = 2; +} + +else { + print "Disks are OK now\n"; +} + + +#if ( !( $crit eq '1' ) && !( $warn eq '1' ) ) { +# print "Disks are ok now\n"; +#} +#print "$result\n"; +exit $result; diff --git a/roles/common/files/libexec/raid.pl b/roles/common/files/libexec/raid.pl new file mode 100755 index 00000000..f65eedd1 --- /dev/null +++ b/roles/common/files/libexec/raid.pl @@ -0,0 +1,313 @@ +#!/usr/bin/perl + +# {{ ansible_managed }} + +use strict; + +my $warn; +my $crit; +my $out; + +my @out; +my $devices; +my $pci; +my $scsi; +my $derp; + +$pci = `/usr/bin/lspci | /bin/grep -i raid | /bin/grep -v PATA | /usr/bin/head -2`; +$scsi = `/usr/bin/lspci | /bin/grep -i scsi | /bin/grep -v PATA | /usr/bin/head -1`; + +# software raid! +if (-e "/proc/mdstat") { + # check software raid! +# open(R,"/tmp/mdstat"); + open(R,"/proc/mdstat"); + while () { + if (/^(md\d+) : (\w+)/) { + my $dev = $1; + my $status = $2; + my $rest = ; + $devices++; + + my ($disks,$states) = $rest =~ /(\[.*\]) (\[.*\])/; + my $mout .= "$dev is $status $disks $states" if $states =~ /_/; + + # recovery? + my $next = ; # possibly recovery? + if ($next =~ / recovery = /) { + my ($progress,$per) = $next =~ /(\[.*\])\s+recovery =\s+(\S+%)/; + $mout .= " recovery $per"; + my $next = ; + if (my ($finish,$speed) = $next =~ /finish=(.*)min speed=(.*)\/sec/) { + $mout .= " finish $finish min"; + } + $warn = 1; + } elsif ($next =~ / resync = /) { + my ($progress,$per) = $next =~ /(\[.*\])\s+resync =\s+(\S+%)/; + $mout .= " resync $per"; + if (my ($finish,$speed) = $next =~ /finish=(.*)min speed=(.*)\/sec/) { + $mout .= " finish $finish min"; + } + $warn = 1; + } elsif ($states =~ /_/) { # not all U + $crit = 1; + } + + push( @out, $mout ) if $mout; + } + } +} + + +# mylex raid! +if ($pci =~ /Mylex/i) { +#if (1) { + my $s = `cat /proc/rd/status`; + chomp($s); + unless ($s =~ /OK/) { + my @myinfo; + for my $ctl (`ls -d /proc/rd/c*`) { +# for my $ctl ('/proc/rd/c0') { + chomp $ctl; + my %bad; + my ($c) = $ctl =~ /\/(c\d)$/; + open(S,"$ctl/current_status") || print "can't open $ctl/current_status\n";; +# open(S,"/tmp/mylex.bad"); + my $lastdevice; + while () { + # disk status + if (/^ (\d:\d) Vendor/) { + $lastdevice = $1; + } + if (/ Disk Status: (\S+),/) { + if ($1 ne 'Online') { + push( @myinfo, "$c disk $lastdevice $1"); + } + } + + # logical drives + if (/ (\/dev\/rd\/\S+): (\S+), (\w+),/) { + my $dev = $1; + my $type = $2; + my $status = $3; + $devices++; + $bad{$dev} = 1; + if ($status ne 'Online') { + push( @myinfo, "$dev ($type) $status"); + } + } + + # rebuild? + if (/ Rebuild in Progress: .* \((\S+)\) (\d+%) completed/) { + push( @myinfo, "$1 rebuild $2 complete" ); + delete $bad{$1}; + } + } + if (keys %bad) { + $crit = 1; # at least 1 is failed and !recovering + } else { + $warn = 1; # all are recovering + } + } + + push( @out, "Mylex $s: " . join(', ',@myinfo)) if @myinfo; + } +} + + +# icp vortex raid! +if ( $pci =~ /intel/i) { + opendir(D,"/proc/scsi/gdth"); + my @dev = readdir(D); + closedir D; + my @vortex; + for my $dev (@dev) { + next if $dev =~ /^\./; + my $read = `cat /proc/scsi/gdth/$dev`; + # my $read = `cat /tmp/asdf9.warn`; + my $cur; # Logical | Physical | Host | Array + my @myinfo; +# print "dev $dev\n"; + for $_ (split(/\n/,$read)) { + chomp; + if (/^\w/) { + # new section + ($cur) = /^(\w+)/; +# print "cur = $cur\n"; + next; + } + if ($cur eq 'Logical') { + my ($num,$status) = /Number:\s+(\d+)\s+Status:\s+(\w+)/; + next unless $status; + if ($status ne 'ok') { + $warn = 1; + #push( @myinfo, "Logical #$num $status" ); + unshift( @myinfo, "Logical #$num $status" ); + } + } + if ($cur eq 'Array') { + my ($num,$status) = /Number:\s+(\d+)\s+Status:\s+(\w+)/; + next unless $status; + if ($status ne 'ready') { + $warn = 1; + #push( @myinfo, "Array #$num $status" ); + unshift( @myinfo, "Array #$num $status" ); + } + } + if ($cur eq 'Host') { + if (/Number/) { + $devices++; + } + } + if ($cur eq 'Controller') { + # push( @myinfo, $_ ); + unshift( @myinfo, $_ ); + } + } + + if (@myinfo) { + # push( @vortex, "dev $dev: " . join(', ', @myinfo) ); + # unshift( @vortex, "dev $dev: " . join(', ', @myinfo) ); + push( @vortex, "dev $dev: " . join(', ', $myinfo[0], $myinfo[1], $myinfo[2], $myinfo[3], $myinfo[4] ) ); + # $warn = 1; + } + } + + if (@vortex) { + # push( @out, 'Vortex: ' . join('. ', @vortex) ); + push( @out, 'Vortex: ' . join('. ', @vortex) ); + } +} +# SAS megaraid +if ( $pci =~ /LSI\ Logic/i) { + my $read = `/usr/bin/sudo /usr/sbin/megacli -LDInfo -lall -a0`; + for $_ (split(/\n/,$read)) { + chomp; + # The line we care about is State: Optimal, if we don't have that, we've problems + if ($_ =~/^State\s*\:\s*(.*)/m) { + $devices++; + #/^State\?:\s?(\w+)/; + my $state = $1; + next unless $state; + if ($state ne 'Optimal') { + my $rebuild = `/usr/bin/sudo /usr/sbin/megacli -PDList -a0 | /bin/grep -i firmware`; + if ( $rebuild =~ /Rebuild/i) { + my $enclosure = `/usr/bin/sudo /usr/sbin/megacli -PDList -a0 | /bin/grep -B15 Rebuild | /bin/grep -e Enclosure -e Slot | /usr/bin/cut -d':' -f2 | /usr/bin/awk '{printf \$1\":\"}' | /usr/bin/awk -F ":" '{printf \$1":"\$2}'`; + #my $rebuildstatus = `/usr/bin/sudo /usr/sbin/megacli -PDRbld -ShowProg -PhysDrv\[$enclosure\] -a0 | /bin/grep -i rebuild`; + my $rebuildstatus = `/usr/bin/sudo /usr/sbin/megacli -PDRbld -ShowProg -PhysDrv\[$enclosure\] -a0 | /bin/egrep -i \'\(rebuild\|not found\)\'`; + if ($rebuildstatus =~ /not found/m) { + # check by device id instead of enclosure id if we get a not found error above + $enclosure = `/usr/bin/sudo /usr/sbin/megacli -PDList -a0 | /bin/grep -B15 Rebuild | /bin/grep -e Enclosure -e Slot | /bin/grep -v position | /usr/bin/cut -d':' -f2 | /usr/bin/awk '{printf \$1\":\"}' | /usr/bin/awk -F ":" '{printf \$1":"\$2}'`; + $rebuildstatus = `/usr/bin/sudo /usr/sbin/megacli -PDRbld -ShowProg -PhysDrv\[$enclosure\] -a0 | /bin/grep -i rebuild`; + } + for $_ ($rebuildstatus) { + $crit = 1; + push(@out,$_); + } + } else { + $crit = 1; + my $virtual=`/usr/bin/sudo /usr/sbin/megacli -LDInfo -lall -a0 | grep -i failed -B6 | grep -i virtual | cut -d'(' -f1`; + push(@out, $virtual, $_); + } + } + } + # Should to catch the syntax or permissions errors this thing spits out + if (/ERROR/i) { + $crit = 1; + push(@out, $_); + foreach my $k (@out) + { + print $_; + } + } + } +} + +# e3ware +if ( $pci =~ /3ware/i) { + open(CLI,"/usr/bin/sudo /usr/sbin/tw_cli show|"); + #my $read = `/usr/sbin/megacli -LDInfo -l0 -a0`; + + $devices++; + my @controllers; + while () { + if ( $_ =~ /^c[0-9]/ ) { + my ($c) = split(/\s+/,$_); + push(@controllers,$c); + } + } + close(CLI); + + foreach my $cont (@controllers) { + open(CLI,"/usr/bin/sudo /usr/sbin/tw_cli /$cont show|"); + while () { + if ( $_ =~ /^u[0-9]+/ ) { + my @info = split(/\s+/,$_); + if ( $info[2] ne 'OK' ) { + if ( $info[2] =~ /REBUILDING/i) { + my $rebuildstatus = `/usr/bin/sudo /usr/sbin/tw_cli /$cont/$info[0] show | /bin/grep REBUILD | /bin/grep -v RAID-10`; + for $_ ($rebuildstatus) { + $crit = 1; + push(@out,$_); + } + } else { + $crit = 1; + push(@out,$_); + } + } + } + if ( $_ =~ /^p[0-9]+/ ) { + my @info = split(/\s+/,$_); + if ( $info[1] ne 'OK' ) { + $crit = 1; + push(@out,$_); + } + } + } + } +} + +#Areca + +if ( $pci =~ /areca/i) { + open(CLI,"sudo /usr/sbin/cli64 vsf info|"); + while () { + if ( $_ =~ /^\ \ [0-9]+/ ) { + $devices++; + my @info = split(/\s+/,$_); + if ( $_ !~ /Normal/i) { + $crit = 1; + push(@out,$_); + } + } + } + } + +if ( $scsi =~ /LSI Logic/i) { + open(CLI,"sudo /usr/sbin/mpt-status | /usr/bin/head -1 |"); + $devices++; + while () { + if ( $_ =~ /^ioc/ ) { + my @info = split(/\s+/,$_); + if ( $info[10] ne 'OPTIMAL,' ) { + $crit = 1; + push(@out,$_); + } + } + } + } + +# show results +my $result = 0; +$result = 1 if $warn; +$result = 2 if $crit; +# print "warn = $warn crit = $crit\n"; +print $derp; +my $out = "No raid devices found $pci"; +$out = "All $devices raid devices happy as clams" if $devices; +if (@out) { + $out = join('; ', @out); +} + +print "$out\n"; +exit $result; diff --git a/roles/common/files/libexec/smart.sh b/roles/common/files/libexec/smart.sh new file mode 100755 index 00000000..09a32751 --- /dev/null +++ b/roles/common/files/libexec/smart.sh @@ -0,0 +1,433 @@ +#!/bin/bash +# Description: Bash script to check drive health using pending, uncorrectable, +# and reallocated sector count +# +# Nagios return codes: 0 = OK; 1 = WARNING; 2 = CRITICAL; 3 = UNKNOWN +# +# See https://en.wikipedia.org/wiki/S.M.A.R.T.#ATA_S.M.A.R.T._attributes + +### Define global variables ### +# total number of drives (or RAID slots) discovered +numdrives=0 +# Number of failed, failing, and/or missing drives +failingdrives=0 +# Fallback message for UNKNOWN return code output +unknownmsg="Unknown error" +# Return code for nagios (Default to SUCCESS) +rc=0 +# Location of nvme-cli executable +nvmecli="/usr/sbin/nvme" +# Array of messages indicating drive health. Output after nagios status. +declare -a messages + +### Functions ### +main () +{ + preflight + + if [ "$raid" = true ] + then + areca_smart + areca_failed + elif [ "$raid" = false ] + then + normal_smart + else + echo "ERROR - Could not determine if RAID present" + exit 3 + fi + + if [ "$nvme" = true ] + then + nvme_smart + fi + + ## Return UNKNOWN if no drives found + if [ "$numdrives" -eq "0" ] + then + unknownmsg="No drives found!" + rc=3 + fi + + ## Return code and service status for nagios + if [ "$rc" = 0 ] + then + echo "OK - All $numdrives drives healthy" + elif [ "$rc" = 1 ] + then + echo "WARNING - $failingdrives of $numdrives drives sick" + elif [ "$rc" = 2 ] + then + echo "CRITICAL - $failingdrives of $numdrives drives need replacing" + elif [ "$rc" = 3 ] + then + echo "UNKNOWN - $unknownmsg" + else + echo "ERROR - Got no return code" + fi + + ## Iterate through array of messages + # Nagios reads and displays the first line of output on the Services page. + # All individual messages about failed/failing disk statistics can be viewed + # on the individual system's SMART detail page in nagios. + readarray -t sorted < <(for msg in "${messages[@]}"; do echo "$msg"; done | sort) + for msg in "${sorted[@]}"; do + echo "$msg" + done + + exit $rc +} + +# Pre-flight checks +preflight () +{ + # Set raid var then check for cli64 command and bail if missing + if lspci | grep -qi areca + then + raid=true + else + raid=false + fi + + if [ "$raid" = true ] && ! [ -x "$(command -v cli64)" ] + then + echo "ERROR - cli64 command not found or is not executable" + exit 3 + fi + + # Check for smartmontools and bail if missing + if ! [ -x "$(command -v smartctl)" ] + then + echo "ERROR - smartctl is not installed or is not executable" + echo "yum/apt-get install smartmontools" + exit 3 + fi + + # Check for nvme devices and nvme-cli executable + if cat /proc/partitions | grep -q nvme + then + nvme=true + if ! [ -x "$nvmecli" ] + then + echo "ERROR - NVMe Device detected but no nvme-cli executable" + exit 3 + fi + fi +} + +# Gather smart data for drives behind Areca RAID controller +areca_smart () +{ + # Store output of cli64 to reduce repeated executions + cli64out=$(sudo cli64 disk info | grep -E "Slot#[[:digit:]]") + # Loop through all disks not marked as 'N.A.' or 'Failed' + for slot in $(echo "$cli64out" | grep -v 'N.A.\|Failed' \ + | grep -o "Slot#[[:digit:]]" | cut -c6-) + do + let "numdrives+=1" + failed=false + # Determine if disk is JBOD or part of hardware RAID + if echo "$cli64out" | grep -E "Slot#$slot" | grep -q 'JBOD' + then + jbod=true + else + jbod=false + fi + output=$(sudo cli64 disk smart drv=$slot \ + | grep -E "^ "5"|^"197"|^"198"" | awk '{ print $(NF-1) }' | tr '\n' ' ') + outputcount=$(echo $output | wc -w) + # Only continue if we received 3 SMART data points + if [ "$outputcount" = "3" ] + then + # Only do slot to drive letter matching once per bad JBOD + if [[ $output != "0 0 0 " ]] && [ "$jbod" = true ] + then + dl=$(areca_bay_to_letter $slot) + elif [ "$jbod" = false ] + then + dl="(RAID)" + fi + read reallocated pending uncorrect <<< $output + if [ "$reallocated" != "0" ] + then + messages+=("Drive $slot $dl has $reallocated reallocated sectors") + failed=true + # A small number of reallocated sectors is OK + # Don't set rc to WARN if we were already CRIT from previous drive + if [ "$reallocated" -le 5 ] && [ "$rc" != 2 ] + then + rc=1 # Warn if <= 5 + else + rc=2 # Crit if >5 + fi + fi + if [ "$pending" != "0" ] + then + messages+=("Drive $slot $dl has $pending pending sectors") + failed=true + rc=2 + fi + if [ "$uncorrect" != "0" ] + then + messages+=("Drive $slot $dl has $uncorrect uncorrect sectors") + failed=true + rc=2 + fi + else + messages+=("Drive $slot returned $outputcount of 3 expected attributes") + unknownmsg="SMART data could not be read for one or more drives" + rc=3 + fi + # Make sure drives with multiple types of bad sectors only get counted once + if [ "$failed" = true ] + then + let "failingdrives+=1" + fi + done +} + +# Correlate Areca drive bay to drive letter +areca_bay_to_letter () +{ + # Get S/N according to RAID controller given argument $1 (slot #) + areca_serial=$(sudo cli64 disk info drv=$1 | grep 'Serial Number' \ + | awk '{ print $NF }') + # Loop through and get S/N according to smartctl given drive name + for dl in $(cat /proc/partitions | grep -w 'sd[a-z]\|sd[a-z]\{2\}' \ + | awk '{ print $NF }') + do + smart_serial=$(sudo smartctl -a /dev/$dl | grep "Serial number" \ + | awk '{ print $NF }') + # If cli64 and smartctl find a S/N match, return drive letter + if [ "$areca_serial" = "$smart_serial" ] + then + echo "($dl)" + fi + done +} + +# Tally missing and failed drives connected to Areca RAID +areca_failed () +{ + # Store output of cli64 to reduce repeated executions + cli64out=$(sudo cli64 disk info | grep -E "Slot#[[:digit:]]") + # Missing (N.A.) drives + for drive in $(echo "$cli64out" | grep -E "Slot#[[:digit:]]" \ + | grep "N.A." | awk '{ print $1 }') + do + messages+=("Drive $drive is missing") + let "failingdrives+=1" + rc=2 + done + # Hard failed drives + for drive in $(echo "$cli64out" | grep -E "Slot#[[:digit:]]" \ + | grep 'Failed' | awk '{ print $1 }') + do + messages+=("Drive $drive failed") + let "failingdrives+=1" + rc=2 + done +} + +# Standard SATA/SAS drive smartctl check +normal_smart () +{ + # The grep regex will include drives named sdaa, for example + for l in $(cat /proc/partitions | grep -w 'sd[a-z]\|sd[a-z]\{2\}' \ + | awk '{ print $NF }') + do + let "numdrives+=1" + failed=false + # The general consensus online is that some SMART attributes are less + # worrisome when it comes to SSDs (e.g., Reallocated_Sector_Ct) + if sudo smartctl -i /dev/$l | grep -q 'Solid State Device'; then + is_ssd=true + else + is_ssd=false + fi + output=$(sudo smartctl -f hex -A /dev/$l | grep '^0') + # This block is mainly for the SAS drives in the reesi since they + # don't report regular SMART attributes + if [ $? != 0 ]; then + if output=$(sudo smartctl -l error /dev/$l | grep '^read:\|^write:'); then + uncorrect_read=$(echo "$output" | grep '^read:' | awk '{print $NF}') + uncorrect_write=$(echo "$output" | grep '^write:' | awk '{print $NF}') + if [ "$uncorrect_read" != "0" ]; then + messages+=("Drive $l reports $uncorrect_read uncorrected read errors") + failed=true + rc=2 + fi + if [ "$uncorrect_write" != "0" ]; then + messages+=("Drive $l reports $uncorrect_write uncorrected write errors") + failed=true + rc=2 + fi + # The SSDs in the bruuni just straight up say failed with no additional detail + elif sudo smartctl -a /dev/$l | grep -q "FAILED!"; then + messages+=("Drive $l ($(get_serial $l)) has completely failed") + failed=true + rc=2 + else + messages+=("No SMART data found for drive $l") + failed=true + rc=3 + fi + fi + # 0x05 (5) Reallocated_Sector_Ct + if echo "$output" | grep -q '^0x05'; then + reallocated=$(echo "$output" | grep '^0x05' | awk '{print $NF}') + if [ "$reallocated" != "0" ] && [ $is_ssd = false ]; then + messages+=("Drive $l ($(get_serial $l)) has $reallocated reallocated sectors") + failed=true + # A small number of reallocated sectors is OK + # Don't set rc to WARN if we were already CRIT from previous drive + if [ $reallocated -le 5 ] && [ "$rc" -lt 2 ] + then + rc=1 # Warn if <= 5 + else + rc=2 # Crit if >5 + fi + fi + fi + # 0xbb (187) Reported_Uncorrect + if echo "$output" | grep -q '^0xbb'; then + uncorrect=$(echo "$output" | grep '^0xbb' | awk '{print $NF}') + if [ "$uncorrect" != "0" ]; then + messages+=("Drive $l ($(get_serial $l)) had $uncorrect reported uncorrect sectors") + failed=true + rc=2 + fi + fi + # 0xc4 (196) Reallocated_Event_Count + if echo "$output" | grep -q '^0xc4'; then + reallocatedevents=$(echo "$output" | grep '^0xc4' | awk '{print $NF}') + if [ "$reallocatedevents" != "0" ]; then + messages+=("Drive $l ($(get_serial $l)) has $reallocatedevents reallocated events") + failed=true + rc=2 + fi + fi + # 0xc5 (197) Current_Pending_Sector + if echo "$output" | grep -q '^0xc5'; then + pending=$(echo "$output" | grep '^0xc5' | awk '{print $NF}') + if [ "$pending" != "0" ]; then + messages+=("Drive $l ($(get_serial $l)) has $pending pending sectors") + failed=true + rc=2 + fi + fi + # 0xc6 (198) Offline_Uncorrectable + if echo "$output" | grep -q '^0xc6'; then + uncorrect=$(echo "$output" | grep '^0xc6' | awk '{print $NF}') + if [ "$uncorrect" != "0" ]; then + messages+=("Drive $l ($(get_serial $l)) has $uncorrect uncorrect sectors") + failed=true + rc=2 + fi + fi + # 0xe9 (233) Media_Wearout_Indicator + if echo -e "$output" | grep -q '^0xe9'; then + wearout=$(echo "$output" | grep '^0xe9' | awk '{print $NF}') + if [ "$wearout" == "1" ]; then + messages+=("Drive $l ($(get_serial $l)) has exhausted its Media_Wearout_Indicator") + failed=true + # Don't set rc to WARN if we were already CRIT from previous drive + if [ "$rc" != 2 ] + then + rc=1 + else + rc=2 + fi + fi + fi + # Make sure drives with multiple types of bad sectors only get counted once + if [ "$failed" = true ] + then + let "failingdrives+=1" + fi + done +} + +nvme_smart () +{ + # Loop through NVMe devices + for nvmedisk in $(sudo $nvmecli list | grep nvme | awk '{ print $1 }') + do + # Include NVMe devices in overall drive count + let "numdrives+=1" + failed=false + # Clear output variable from any previous disk checks + output="" + output=$(sudo $nvmecli smart-log $nvmedisk | \ + grep -E "^"critical_warning"|^"percentage_used"|^"media_errors"|^"num_err_log_entries"" \ + | awk '{ print $NF }' | sed 's/%//' | tr '\n' ' ') + outputcount=$(echo $output | wc -w) + # Only continue if we received 4 SMART data points + if [ "$outputcount" = "4" ] + then + read critical_warning percentage_used media_errors num_err_log_entries <<< $output + # Check for critical warnings + if [ "$critical_warning" != "0" ] + then + messages+=("$nvmedrive indicates there is a critical warning") + failed=true + rc=1 + fi + # Alert if >= 90% of manufacturer predicted life consumed + if [ "$percentage_used" -ge 90 ] && [ "$percentage_used" -lt 100 ] + then + messages+=("$nvmedisk has estimated $(expr 100 - $percentage_used)% life remaining") + failed=true + rc=1 # Warn if >= 90 and < 100 + elif [ "$percentage_used" -ge 100 ] + then + messages+=("$nvmedisk has consumed $percentage_used% of its estimated life") + failed=true + rc=2 # Crit if > 100 + fi + # Check for media errors + if [ "$media_errors" != "0" ] + then + messages+=("$nvmedisk indicates there are $media_errors media errors") + failed=true + rc=2 + fi + # Check for error log entries +# This doesn't appear to be a useful or reliable method of measuring NVMe health. +# I've done a bunch of research and haven't been able to find much of anything +# about this metric. On top of that, all our new reesi NVMe indicate errors but +# there's nothing in the error-logs so I'm commenting this for now. +# if [ "$num_err_log_entries" != "0" ] +# then +# messages+=("$nvmedisk indicates there are $num_err_log_entries error log entries") +# failed=true +# rc=2 +# fi + elif [ "$outputcount" != "4" ] + then + messages+=("$nvmedisk returned $outputcount of 4 expected attributes") + unknownmsg="SMART data could not be read for one or more drives" + rc=3 + else + messages+=("Error processing data for $nvmedisk") + rc=3 + fi + # Make sure NVMe devices with more than one type of error only get counted once + if [ "$failed" = true ] + then + let "failingdrives+=1" + fi + done +} + +get_serial() { + serial=$(sudo smartctl -i /dev/$1 | grep "Serial Number:" | awk '{ print $3 }') + if [ "$serial" == "" ]; then + echo "S/N unknown" + else + echo $serial + fi +} + +## Call main() function +main diff --git a/roles/common/files/nagios/check_mem.sh b/roles/common/files/nagios/check_mem.sh new file mode 100644 index 00000000..5a0c1030 --- /dev/null +++ b/roles/common/files/nagios/check_mem.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# Source: https://github.com/whereisaaron/linux-check-mem-nagios-plugin + +if [ "$1" = "-w" ] && [ "$2" -gt "0" ] && [ "$3" = "-c" ] && [ "$4" -gt "0" ]; then + + freem=`free -m | grep Mem` + freem_bits=(${freem// / }) + + memTotal_m=${freem_bits[1]} + memFree_m=${freem_bits[3]} + memBuffer_m=${freem_bits[5]} + memCache_m=${freem_bits[6]} + + memUsed_m=$(($memTotal_m-$memFree_m-$memBuffer_m-$memCache_m)) + memUsedPrc=$((($memUsed_m*100)/$memTotal_m)) + + warn=$(((($memTotal_m*100)-($memTotal_m*(100-$2)))/100)) + crit=$(((($memTotal_m*100)-($memTotal_m*(100-$4)))/100)) + + memTotal_b=$(($memTotal_m*1024*1024)) + memFree_b=$(($memFree_m*1024*1024)) + memUsed_b=$(($memUsed_m*1024*1024)) + memBuffer_b=$(($memBuffer_m*1024*1024)) + memCache_b=$(($memCache_m*1024*1024)) + + minmax="0;$memTotal_b"; + data="TOTAL=$memTotal_b;;;$minmax USED=$memUsed_b;$warn;$crit;$minmax CACHE=$memCache_b;;;$minmax BUFFER=$memBuffer_b;;;$minmax" + + if [ "$memUsedPrc" -ge "$4" ]; then + echo "MEMORY CRITICAL - Total: $memTotal_m MB - Used: $memUsed_m MB - $memUsedPrc% used!|$data" + $(exit 2) + elif [ "$memUsedPrc" -ge "$2" ]; then + echo "MEMORY WARNING - Total: $memTotal_m MB - Used: $memUsed_m MB - $memUsedPrc% used!|$data" + $(exit 1) + else + echo "MEMORY OK - Total: $memTotal_m MB - Used: $memUsed_m MB - $memUsedPrc% used|$data" + $(exit 0) + fi + +else + echo "check_mem v1.3" + echo "" + echo "Usage:" + echo "check_mem.sh -w -c " + echo "" + echo "warnlevel and critlevel is percentage value without %" + echo "" + echo "v1.1 Copyright (C) 2012 Lukasz Gogolin (lukasz.gogolin@gmail.com)" + echo "v1.2 Modified 2014 by Aaron Roydhouse (aaron@roydhouse.com)" + echo "v1.3 Modified 2015 by Aaron Roydhouse (aaron@roydhouse.com)" + exit +fi diff --git a/roles/common/files/nagios/nrpe.te b/roles/common/files/nagios/nrpe.te new file mode 100644 index 00000000..5c2bef44 --- /dev/null +++ b/roles/common/files/nagios/nrpe.te @@ -0,0 +1,27 @@ +module nrpe 1.0; + +require { + type fsadm_exec_t; + type tmp_t; + type fixed_disk_device_t; + type nrpe_t; + type hwdata_t; + class capability { dac_read_search sys_admin sys_rawio dac_override }; + class blk_file { read getattr open ioctl }; + class unix_dgram_socket sendto; + class dir { write remove_name search add_name }; + class file { execute read create execute_no_trans write getattr unlink +open }; +} + +#============= nrpe_t ============== + +allow nrpe_t fixed_disk_device_t:blk_file { read getattr open ioctl }; +allow nrpe_t fsadm_exec_t:file { read execute open getattr execute_no_trans }; +allow nrpe_t hwdata_t:dir search; +allow nrpe_t hwdata_t:file { read getattr open }; +allow nrpe_t self:capability { dac_read_search sys_admin dac_override sys_rawio }; +allow nrpe_t self:unix_dgram_socket sendto; +allow nrpe_t tmp_t:dir { write remove_name add_name }; +allow nrpe_t tmp_t:file unlink; +allow nrpe_t tmp_t:file { write create open }; diff --git a/roles/common/files/sbin/cli64 b/roles/common/files/sbin/cli64 new file mode 100644 index 0000000000000000000000000000000000000000..7ef82de60da6ddf23d651e596c6256fd0a0321f8 GIT binary patch literal 1952038 zcmdqK4R}<=^*_D|2?oS&RJ8F8qoPLZOMGcXMGchIi-JXKENxLygra_{RI`fKVCb@% z?R7O`qgb`ZmnyYyX(fj!Q9V7AAZRdA~7D~GF?5UP$X!b`AZRL_sgkS#6 zw3BDrbUIH3<6*gr-BLt@_g}S<_~$nXSa({_1rtJ{=*-rx zf`uXD=vMx&85m(CXKqI!E0AfN{LJ;^j99wBNEAPY`1Y~u1@j704~Yx8C2GeP2u`zpa( zBhl9L`S$IJmW}u|%s3`0WeM|4~)vaP_S`X!rc)P3ibD8QxGlyaVZ#^!`&B%-~E>P?C1 zJw|6_fNhA?ZYqeD8fK)|C`cP1G!qAVkXl$X8owjLak5zQ6Om>kR@)p}xZC?i_{d1} z`{CUqt=U76*KBOC470j9wz@Wyl_R=`{9}R+kJZL`vC8GKU~Vtx4X>_>?%yjv5F*a!Q;vL??E}XW~i4 zl$}Y~Q{tq;2VdraALD_qumzR`c!n7T_FN<>NE940r4GB*RrR%f&QObBWEpe7&2GwR zLASA{x6o{;I$$BjYozbwwbAkb0K=@C0tj?LZ}uxBVFxhrbo2oXie6Fy&i6W;kM)(4 zj;i{oWz$kuYZXK<2(PT|vn~YjQu_Y{lx#NC?Kc#8O8_wxc>*(-Jgwc>BQCY2)Oe}T z%!MJV=aV92*jg{GwBAf8BqPx>LmrKWJd#y>B;&Is*14LKPdoX5_U+~RnU#8^drY4)&KWS{^O$S#Y18jEa2 zXlpop$4zK-EYgoye?j<;?;xgSXMVFozO4Z@V8hCLGg?9it zbpV}R2dK`-V+79p3O^l@5AfH`(X2d;d2^qRaTW+ejMVJAjha z&46ey64muaVtO5bB6Y^e_%ovoK&Us&>2)7G9=>;NcxgJZp<+#2Q1wDFJ}>z4c>4W^`*J`j{Dc%pNHi z?;Jsi=vI(nfk&a5veYtN(#k6e(a0@Q+b#&ORc2(1&9l@h4fuoa6^2r29lZ=uRf7j+ zI$`F|b*MaD!@%(JQsF__mnfn64$7{GN)rRA_uy@w2fUIi9lVzj9Twh`#Oqz);N3r5 zylaV99&_;KAd21`z=(Sd9W`-8&F-mzTblBH9zU#)iPT3ODB3Yqb1Ew^pfG0`ZeOs)_8{_>g8Qw zG@R0CVk1}pPq)knL9 z%-U^MHS_}vFs%b;LxXoEqU)f+TOE8e0#l*xW$B#gL8_E! zrC>srj-HDs%omtMX=9mTp18hwELOQ?yEv2`qw+T@E9d3#N~q7sOUj1YfMw>SL|5XI z)C>*(`D`h#N5TJ9!M~#5|Dxd=H2ez+ev^X#yMljJ!T(LecWd~c5q?$VweYI`RB4Gr zWxY!M2U885daX)*gQ;~ob(X5}U#iA`sv5Vb8sF44wrcpJ6nx(lun29>D#(8;^b8P? zXsJ@(0?3p^(fCP;4dlyviBA(9sR3Qm=1Y96e;H9q&VEoGs@KiP3N1gCkRK}%-2(aP z!4SgQ7QHM2D!pt;4-+|AkL|VqVh?hBt zPR&)IxhE0b2%5X>nq##aLpA%Qj8RTkeFAoNM%JOYP^J=IB?x(Mu8?DOF3nvw!l|?e zLfxx{x@J!{{7sBs;oG{*Ta@vIx{ez!2BVvF^h!k0NpENw@7)(N-lOx+R{7|BdkoBG zerU8q@{uYZGGgb?V19+pAFc8?>-;qHXXyNYUnKSS>ilx7xKays{&OlHqG*?&-UsQNj5Lo+-gd(+u@oUag*Ws*FhecT~JVl^t&YC09yPd>MjQt6&p?*Q(%h z1g}@YW(03i!BzwpsbCtxAE{s$g14$*H-bM_!5#$fP{CdVm#UzJ;5{nXkKj)kOo|_? z7tdxaZ!G)SZ*+>2lup z$aUw)-PrB%N)Tx`Xaa(EgUa313OBVBXnQEMG6eTg!Eyx0t6&8IR297-=Qx#WA$Xb! z_9J+P3JxGRNd-ed`??C2Ab6&oii&NnmmoM*rIsRiz6$mO)+U|yh+T0r%KfeaXhm?g z3Z@a9tAbq!Ua5lJ2!3A$dk|b;r=qay>{JBnRInGpgbFqzc()3+BKW8ZrV+Gh2%)ei zRcZ->D^#!)!ITP?A=ssY^pju@!p{3ka!YD-HCMV9s?KS0g&{lCZ>zh+`8uRsU3Fr?L=pg`Q&<0(x zeg-0`SX=4?FA_rSPv)_-sFen#{VCp+R52P};v(fwEu*b-|^Gq!wuCW(EBt z1szNnGc|rML?pFL<1YYyPHPII$D-1kREh92OOW_<1CF4bRhdfb0*+M#EOfycbisQG zZfWq40>4p#vvmw=>Zp!VrKJwrUaB5M-H0e$;PD^2_zY@%u0B!|H2zZH1Nvqcnn4ZS zk4S2^hQ3@u#}xF*Kx7cmSSes?J+ux2g2ixAZ0@#O5a()O#rkIQvtE}`uF9xYWsrLe zvPQ){_`E7p%^Li@3xvQ$3Y_dI5{iP2gkRc7csMJA&NvBk>=XnY zI|adO)oiyMLB~!((6LhxT%-UvIXHF-f{vYnpkt>X=-4R;E>&n2f{vYnpx7y$5!-x< zEK{>;q)8bOk>zS?jWjDuBGTFcUeL7bl4qO-i9JJckH|JMC}Xx|LF>l0EEXVWTNVou zd`^{AXImH?W_C%On_p7Ya&ETmnKA@zd!`&gyDHiewmrjvZr4h?!>*MQWY=mSD76h| zi63X@rMtk@tZzuo)Ienl=&yERSmxV>u@h2t8m@naRQeYi4h{etjx0_s*Kl2c^U(SS zL}~RGK;1wU1+Ix9zi2OZiMNCnm8H6MQTLtC^`+SV*~9hnb)hrA*ShQ8M=^qBO|el1 zjJ-$I`(+s~GcAsn3-F8aV&Ksk>1TaVP|U&<`vzk5k&nQmkLn{Ir$T!=9Q^DXzQ*)1 zda%xY4Nuh@)$wA7jg&Wn;^JHXgJ-`mrMd>!T4c_SQ#sDz{~pnNP>(eoC+Z zfRRiRI%i*Ugi#y{qu^vwfstHLocJ^~QB&|;P{3UnXx7U=76o%^WZ;(NgDRNw{ty-5 zT#8-62vjg#SMce%x`NBz9aKT)cVL`q#FF@B?|{u|BN4A)8)9vIgck0}?R!bW?s&Ws zY1yN|GlAhQeO*;}^?z{SMj1wWMNKVQMzp0+9(>$GB~|H0!h_ zeCI^;kIk^m7EgQTVOXBF9SPBiJFIL^UD?P~jb_}M>4l-pUAe`5&f-oUc5z8v+_fk! zi%n}KFC=Zag`hhh(#3oQ#n|#P_cNCTql5)A2s4YtQ6nQmgxV0HF2U%6cfl2Fs$K5P z+G2ecurPdX#};C7<`m)oActoM{GA3DugVYF0XHb3%}%TcvFX^ni?e7WIitid3ylQM zrA#g{5|c`>4VQK@;WkSY%J!ZO9ZQ#)p+un>-4^S>D8a&5imFaeO{7!5)y+R@TF`(U z)HWHiZriSMhitIGmqSh=@O(G|&oBjk0-hr90wV&?P#%FNGzI>ZJ|*xf{$C6HY3JzP z&Li-y3i_`#M9fy%JJ@zQHN~&b6GtK@4QL|+eN=toJC*H!ucrOwY9c$hh zojOnF%$1xiI_H0M&N-4pV^rbXrgM%%4ra+h5RTn65kf#cf_x=}h&+La+1QVe+0ut! z!<3UOspYzmzO$e|lGA&khotGr858`??|@}N_jc+}8mCp^q+J{%7pI#z>C_gDvqa%E zxj5)1uQKe2G!v&O^&gEh12~=y`bknmb%RqxEIpq+oha;xEF)?|YOlQ<_U{E)@McfN zn~4bi70s7jk@zbT!cI~AFA~D;k{lhxWT5toDs?e0oayV-6r&h=I8_QgMC(jM$dq60 z_wCOktF}y9i|;B3B_dX=jdC1XG%j_%uJ0yvX=i*a(mB0nHel9C$wdDy^g(LAhWi=` zaZgelj;M9@LxrKl+V+P5lzLi2jzL!YpP2Snoi-2w_GTT;Fxsc1uOb?&wL;OOQ}61; z^@JJF(UpiQI>F%WnIlMN)!q*Cml1e@jwT2k=_B7V%Q4u@NFNlQ49{iZl~X29n^+Kz z?}=vSW=yxIXRyPFb(UB+W3>qPFs5w&xkJ6S-!sm)(B`heINxH;rZ$OeNeDwTOJvq} zFfp8=Bx?KH_wA|*;dpPd8h>gCc;u=FFvO@TG0dX%b)`It7B2%mAQh*16Y=q+O(`F< z?s>HE)JUJq2NlS83@nhL$jEX;46}tn&g9d~B+Hr9`YWWHjVveiv}W0bQ($UwRglY) zX%maW@k;_S{Jg5LUb<6w1p{1M=tiP*^?Z=0c7-4A*^LbwP)xL0G2pPm&L~#L*~lf7 z(n9@6J?i0ah^k5RcRZ-V-sfZUP7CcB-4hl|cV}qQ`CmV}v#RL06DljS$EeKm!I{Tb zW_QnlpEUbDPGo&N zK1?Ass|<8%_|6DD9IjM91tPIrmP$%%?knapLRwzu}96wCU=&t zgdZ8+7z=iEqGbzyG0XPgVVfN`g%GKJ$-_BFASjVK_Z5g#GAS8m3z5t=mazJDu-N+P zkzi?m0j8<_JlgK|uTzU`1QbLkl${86vT90YaU~6I4pE^7i%yo@PB;qT0MDi^hF*cJ zCZq(M5(j|R!8_5CC4bpbOS+E;YROs%!xw7_B|*1j6^8r&K}%L|+)+zL>XvwCpn*x= zmSpY)ndlbwr(sTL?`3CxbBhQdjufgh{_Hmgz#_o$E`W6GeyM&WtG$V3zVfrD4B6*c z0BJtm34zJSrv*xOyFh88WgY2FG`8a53T?L}dWH7BmxV!+VYU$3Y$K`?+J7GIbhVd3 zf2|^eeg!DDEwe9vjbXUSl5MP|{eUlnKYP4M28NeBN#@!a2Q%Z7%_@V7Y>YCY%Q+Sr zZvwvX5Qje77}1AA`EEpPp!|lD2H`C8;xOXFNyM9xBr_BP7x%f?5K|>9TwC_C!DdY(2@_lnjjykBKKX;5T07u;yze$_Bj1 z10XiwF)o1EfLy+-1d5T-#!q9f5W@Rl%E zI6a@xO5BKFSczSDxGdxu4X&2EK(<=iT=y(l$dhTEtIq_fD)l0!!tiAoT(C6ju_j5$ z78XRyRSr7SA+gPR5i%m3ybf3y3!KdewP?Lje(v=q*uTL2?yHbN<1s^ zoPg&9b8=N;QdM}>8 zw%C8X+c}|>Y$Lw1WzU2w0p~Kl1v^#}#g08rB~Ero&^Bx<@U#ufh_*+Qc)>|FIT~%E zX?w!x3~I#Y&OD8n!$urqH=^EYL@YfPUAOHI$0I>1|KLf7S~16Cf0ZVD*GZHnT&)t% zbO_K*X!bUNkwHyheaW0=cm$;@M^LJpMW94fC?rpQ%_AgcoTB2c&}S?8WyfKagI}(4 z@Nng~dyxD-)gh8foE%A&q+|CGFb_k ztVAKbZXsXu7XoRgn;msXyS!rCzg~J=GO$oXJ{D^DRbo4FUnRD6s>hoGdYhO^U>mW# zhvwRg3oj;0Z`Vm;4Fy)}(7nAJAX;D<$?0vdq){-`Vo3znj(e2warwxfPl2u7$2aPF z^Nu>9S46fOEBir>_@g8SG@{Ad2u5-mfiB5u1eSUL6KP3naaGb%4d`f-mey@2*wRWt zG2{GorL~f{@FzjO;7=04Y~*22u(@Ai=wpB=g*s-P^s!{XgM@r|knpP(<1@>GCf&1- zlbH%oGRd3-h0Mx?@K#N@Bqdu|vZi~AL-$6c!tTMZOE(U9knS!dVwB;Rql^z*{yD>H zx-WQ!bPw7Z9`r6uGAUyR;){|XzW7y5tNn6N)2;#YI^!z9^E^rWsS$?Z&{VQAYx;4T6QP8Tjo!)WoKH}v}SlM z!#Hqwu3upivA`H`-(reZ!Sk7?bDQ=GV!_g5d@MK}a;q!qkB1V!1z$jlw1|BWx{7bziMyjz3)eIM@Wknd&9TSt+6?eCia22l-g zJ*8)fp1Nlmy zD7GQ}f%cABzzX>_biQ<9fH$x~tuB{?j6}<0WN4z1jdE?7W=ZrK0&lfR4@!pFLTIy% zs7jNbut!i29{Lsb;O&4C;XYRNpcJ8dunxJJF^u>a6C0>N4=&d|_%gOLJSFlRIvB+T z!nV~2hg!+H#2Q@1@qzJ6NQ=L&h2FXt$*oH|&X2Rei^GTyClPNzk~nf1sBq{>HZ~&) zvTR2#GsTfho^t|;rDv;oL=uwGW<5WShmcCgk#DAO&z&Eu$U@BP*d4>Xj$ia#4<6Vj zB8#D65D7)crMflCny}jdHwDtA6BgiCffYn&Li-V$8w}fM5WSD(H`Wwop7iZZe^t_> zSocV6rm7mc1IX4HYf-;c0185xuv>vo)0O$@u!L1{o{#{WJokDm`lHfxLRSmPgEfL* zC1}rug9PpA3SS#<_mr&#tqWynL1V<*k!rD6x@f;tNtv@2{+_Q;wH5}N*a1x(L28o> zNoMsnYEXpOi?T&_F$7hug_$qh*{NQ96nUcAa>^59-P3Z93cUK}gwd3y22w67OO zyA}9)@q9lWZ+bZG>&4bT?5G!uz7*7pA7M+u)5hC8Wq;9LoS=L0VPBzHzAHkhRbvnX zK&C(@0(*81N>ntuyV7S}e1$ZyxQzA&Au%fd=a_-O{qurJATQB+5RFd@gE< zr*AAv-JrAIKGe-V)^J|(T_`fgi&HRVBsvTeXO>^Gt&(@qEmRs2&zWWa8@mAn$_DWW z4}tD+n5#S#Tp$E4EMdh1g*a60f=%&&9jyti5L1$biv8pv)9{n&ydMl-ihid#AD!Rb z%@G+d0ncE8>@dvtS|6kI%YapH1c?j^)S>&U0ng`6Kvn($^X9UrS+wPPdLKpcCPCYo6`~)3- zIIo3jX8Kl~@9E)m={fmu##BLg<8W#>(;DBFa964rsb); zt+``VP-{MdU-k>N290rB(}$k@KWxogzt7v6bcxd%@A9R>*P6^K&`PsPgl$6mZJZop zSmx*RhW|d#>;;_W4t@k2D_O$nH6dzC9vr2(aySy{b1v_5PDm~8VbY_*+jxfu*{B5w? zqYA$Otp$O!Ug06aN2^~GPWFJgw07^9)=2@hF7C_cVNN9J+q36I+uVq?F)g$R*MKrm z{q1hAeEwUcdfbrB(iWOY$_=TV)^cws zw^s(N1?X527gn0N02L~SB-ggen}XLyuS%b36pMqSU@Ziu$?t<6%8@ zccr^f=)FPc4c=LCsXanb%S{w%zP6u-@<=yfWy(zy!E#*dq!_a>mNyW?em-mgao#A$ zRjhwdYJfAbhtu~_Ni``>ABTxmjrgsx0l&mAt9wk` z4TPn^A0SpC>tRec_7dUw{X{`JtI*ulfjU>aK4t_W-(fE?q5#DeIe6 z=qbb;A!sL6p9U9g1O5y4nNiQYtS*1X9|Lt*`%*(hZna)RAH@t4{V1 zutT1fdH`KYt-L%PI~+=tf4z1~f$x~}&#?<)b1zd5aT;W%j0|kb)h=4rw+I^H6OOYy zU~WUYSdU^khp|UE&Vev_SZ=>pTty{=a}jW~<6H!N@i-TOhkb3RJ?-PRZ>0IR4mz>H z(HZA%7KcjadU8xrnVW z`)$K^GsUbr=}HJLkI-bl;bauc2x2eSTJE`ttm~ih=Cef#KkT7qFHpmM(n$~|842BH zq&pAa#Gl;}*)DJLNB8qMv|q$tgEOjML_Oqc^h}W1qy5-N!Yu$n-pff8C-z>F7~S7+ zCpjzjOOCXSC?%AM*=6BQU6+BExs_$-qI+Q9DDR$hPsgWD_jqxR@!-(tsgGcg*f;fc zi!X<-^&?I3Sp3DuKoV5vcy8&)ouh4@e2%M&HDBBt^j7We@?|VKAb>A>z`-zxFaN2s=NA>hLnPAGV693fNl^DK%ihT&M|Q?gn&-hq=LPLyBx5UoUa% z&*YJ})o>0B;_J^P(a+aCf8p{qP~P6h{)RK*50fiNc=DtNCzmI^d3f?9I(jE~ za*|tRKAtSaihGcp)JmeCC)vk`;K_4vhv(6%ae2-o_q%#{e^kr&gXBzNj?Nm zCjTmcCr3-7pC|V}G6YXA}h6NoyXSoC(?537)(RSNjk=Ip&uE zJlRJQ{XDtt;URc3&#f$gC(mJVJ(wrQdvJ1j(vXKI$3wPuf+s2XuZQ5tzE1}5q*xOD zJh`rE2%enpRu;gMmG1`eWSj>lmnZdkcrp&MwG%w~<;Wpv)cik%U@nq#=0X%tF68$_0-#-LT-htEFY2V;A;Q9X!;>l_cPVU&5 zorfo@!TX)y$ysid`FQfkqX9fgN}``9pWQbEPhN$4JU>rP&jj)0aSu)|PiE%f$>Zqg zFU%9ywm-qGG9ORwcqD))H%g+PCvPnqf+rnt{O0G$k#MOGwojINaB_J9|1{hvgM9@{ z(a}4>lLOr<^YP@ShXZ&rR}%d^dHLQUc=CI=y7Tj7Z+sA9Fi#eFaB_J9mp~v-7NMhe zf+xGWRp#T#yrux2oF|EXo}}&>f+s)w&yILf_^%+ITb*mnThmbnIlv)=u!`ML6Aukdq@H4B*LL zlIZ72?Cv3Wa+zCM08ctL2l3<>4^A#mn)C4F7|7O6@Z^v1oDad1y&nkRNr5E#d2-Ft zA$W4GTUh{4e*Z=gPxkfTk!4&IvjDL`|qfb|2Ld619yin;AuruASh@ zU2vB>T*l;Nbly%Rin5AJfC%zQkVc2@vTPLf1FPkufWPnNiq1kx9Xz^yERCma6~ z#FL30oLrvtb9$)GcYY52$;M#vGo+%tp+1(KI=(ROsm^)e5bd&srhS)DlV;^-Gq=Rp!Y zhg_X=MKgR~J>Cj*(A>|5eF&`8tX-!Lt6uxE!_ECt-_YjhtMGbvMpl4tq0HX|TMm3@ zTBL{}?{IL=myR{3Xf@0qeXS+ZpLqAAyWm@lnTm-K8VAb*0-#);3H^yw`rOE_2ny zF(K!ZEY%IEHH$iV5}9{b}`C$8_^ou9we`B$lYd`;T^l2vc2 zY+vWl;kn54H1G^W`J&Tp5JL>mJZDzr9SRK45YDT*7cU_+8Ku3Rrs2O=Ak>)1zn!^R+s&6743o{t#5mg1Mx+Y zp65Q0V}A%unTWjS>J0mZ54lUjec?l0x%nk(9Kp>zqwsvU%-kLirl&^I^U(9q zO+I?A@|P?6>_k;A-Wt*E6qUCB;QHhu)FM^iL4mj0e1?pHk^wM$22;_e**-xT5bUEtqNWSM+rVr*)Y^bne|TVrxs(-8->&@R1C4{mx}L z7E3~B`0?dh(SwJ9zX-=AiC^l+pU(O>$7C|tVf{aSSm7(1P&2BU_>T+&f8|38UyL1> z(emc#WeWdLyN3eXU(zP{*>8G!NhXp*hk^WOyjGbzv0MWWh-YFEIUaO_55+I=tu6H) zWl~)%ix*e9BvkXu&#xU~esNxW^4@5R7mIK+jqgU=aQp$-l=yVgo5)ljR@y8fy!Q}) zLqagig#gj}5$OGACnfq5pNKgHt57MuxhISXr7qSwa2C9*sX85OTL_< zRK3n=_2x8FVp7dI^L}6EW6bQ)nTvdxuP`$-&LQ$rU*^A=S)nth_%in=17_&V!+n|5 zGG;dE%(vmJ)Xi_co|#=bvm2SIejQzdD6Doh+0}8fD?8Ak{pXUm3@4-c z9kMjKi!+|wNX7^!I=m^(V5&+ZEdWyHEXc5@FJ~bwr!S`>$WgT{LeQC(sKdr!wyM>lEE-viXojxL>dkK`>=tXe=;_3ONw zSmPe$4(G1&)yQ6VYZL)-Ypjw|Z})V7TO&QJX5@ju8cSH?0lLOd;CR$^G*DV}tXTxh zt?>nbnvsUU8hhykDTbH@|*IGI-Ti z3(LT@Klrt8B7DYiA9&w&y&oL`YX(qYK`7J2&NkyD1_nAmwL=ryO}Pgt(5!Akqa@&c zUI&LuAi6LnnZM%bKAF2zW;gS1S+!)}MOIpCs@-HMzs&2q+9? zIuS(3)%+_5;fc2W0c|8&O64Idn)+lBBb|}usDR(SZnmGI)@a#U7 zPZOU`O+R40q932cp!Z-hJh6kb@TK1E~YC0qf!`*-epFBUalQ3NKN8PYS9E=22<{vZ@d= zx2CrwSyVVL5qSq))6d4j^eDz7JI+`$x4(o7G_!iScu)$9DWs$Da`yMdX%)J06Y}7J zYUBE|J+1r7{E9fBq%9)GQgx9?oCHUJ$SL7f)$b@uDE&Pssuj^5BQa$>?*dl~`N%Wk99bvGrqhliLzFiDT&d2KqVHb8{xF-u{y4y`dCM% zWiJH#diy~cp4JC^il+l^uC5{uJp8Zi!Swc-yp;@(Unt7Yn1AMR{(P+4bsL16<1n($ zjI7fwSb!F^CZa3Qg5?l>DiXu>yTK_~!iv!8bguR2T3bn-&| zC)Vm51=)uoT_7M_DBs|89b;$!K{jUzom2gZMGkN2)pd~vL_2H*b><(r)hfgeDbq3n^s9xz5w zFhmLMv#KD3Z%X_mjeBi0_?`xx&(KQ);p<6kMYr>sMcqf-!JvTdns_g^k2feKstgA%o z;(PkkD9DN3i`NR*N?`EKex7wGOXGo+5EMNzJ_ky);bAd6ds`3uHw8430O*m&c7T65Q61*r7C2-y%`-@{w?HY;lT3bUcVfXpBve}b?G-0E zGT+W}Q`DkX47?Z?KhHeC!_P-0GMJx7AMs!Fvv7{h&r|0F@^k-#9oBjHd5~r@_}Tll zLHw+ek)4S4V&Z_oC4<#0p7RtKvJAtu7sGX8d31NPcm|UAZQJ6r5Xf#ai_h@F@bfTf z3Se=CO2+M6BWimwA@;N{&0c_!%O&uFWZTn-Jh1k2=0c2CLR{Wbw?8G z2$j>b%L|M-Upm)>MY^==>GG+blh?PhvE-bMAbr{8HgprHc3Sf=Nh#zwXzh3Jj zVuZd^2Dg+Oi4B6xFX5<`Xp)+}1v8=x<|lgc7K#N0VByuVzuV&gCN(8cNH&lum-o?g z2o!4;e&m#U^vk;V*uVj|jOvKLh^&I_E-HZ8L=qr@@t0!x;RB8W z91sP_PaJCn#yeuXaVSW}TdClz7mf#?8SfN$N(5BefatGZDgDVviS>sA3qq~b7o5)s zVm*p3a%a$;qQck#6^D7LIDu42R!cDC)CsCsng<* zTO?17^iyZy@**o1*;+swW^l0~0~?ojVG7?K9n%@P9g?~|!+i_f5mkU&k*?E9GWi@A zueVc{GOr52V+GOCWCGV3*)T|2=1l&HNUz;C6O*g29W)OTk+iL0Gk-yGRIC1V>If*^ zG}bm~a<6sSZ=ELhYF!&&2s)isw=t62@E_9V#AnaZ@Vw=t3$c$tJrG~uEsqghUUCL6 zBJxx{-wVo!2IbA2C$GgNQJfv}HHr)m%PKrp+vj2Wt>CQ9^jkI4%bs}PG8P1!w2?p74&Qo)PG5Sh!R7tL?sjlNkjI)9l-(s6+#r(l$z1UV(%1U zSnRO+0!#wWZLewR{L~e&C&QBRdXhO3u+3p z_%tC3ime4ddXfux-&L1&{vzUR%KQhF24t_oXk_;5!Py_pQrIcUj&zy!_us3##6dE7 z8n%2d0EvS#ri*WjHtGr3=R!jV0EIu=_@#VcI%(gxs|ss$s3swd6U>EJjPRrG==VHj zR*dtz zeC|VzP(fo2fD@p;jT@}(Pg3|lKN8L#Hc-wYEcv!{T3nEYvh~V-@kq7y^MfxXc%=r9dBDFxaGoad&_0LY-_qb0c)+hD zcpJbeAJ)bL=~g@K*AJf*vdYp}FYbbw0gf4T+Ez8nXu-C^)q_r3_#qwLHTXrJ&Bp^C zSoW3eu!8UBrE$`81hn45VV*?fc_SIGLtA(uGmq=5Mc(%>6fZcxjpNU_z|O!Pra$9U z$%xb;HQ=*2u{Kf_sySH&3Zgiv6DNh*1DBmE8o11pE>5_YB|XYd$CGMj^ffZ#4!~Wk zyUzx5imh9}jaJ8Jvoie4WWg$&_Nz0@7S?788LOjY@z!6^RS`XKaCR-T|03BnuuCro zqS&Pj&@SbZE2B?Q1F+Nn!hb~UgMR7k2%x_d*OTClo-b#j2tEHY;+q6x10${9vxPG9F|gYbCYCpC|AvW3T=X&%pW+QR_b!zbEv75qH$^r8|xPK`VdgUTgrqDxrj zGkC87lG`9hW~6oP51>s{;&#KPwb55=pdyE;>8$7X*vH2?zCuxR&W)gnuchQe^Xn$@|w?a)I&a#(5%$8Q8-Hk*xDM~Tu# zv3GGZdy<-V_0a^L^>Za`#|f}U>CumvjEhRv!e@Aej}f2nokoQozU?*q!v2E1poRFs ze2>E|UIkhZj&u9bPDOs=MN1xdKzZtuQ%;}qAYk1ARPy^`zRQvIuUNPsE z-FeE-UkR-tuY5l^Qsldrg|H4RRqSl*+K)wPQB+KbMGU5+Gfb+CQzM(gcbuxwC25F%x(4e&tBR)Zh!Sg=eqlH32v?v2t3EUuc^iGj< zm*uJ>%i4Ab(zqbXeKkTA22R4O}V+QTx39vlcE)98@`L9^g<@IXY90g5J{6iuEG!vMg< z;4NQFmFpkzm@2{uhXGp4^rI9lT#V!h*U0OS#1ujLtt}TRgJmBl;bkN!n`Ju?g*XOC z9G{q8=790=2IEzQ7R3U^sosB53vA?F(b0o#_KE58ae-sHNQcVgo*m~IX$Sv-k`n?4 zDLI*q)W~2j;{N7~iSqVCE_(+-2z&n|5M=L27D*2!18f1GWbZzx$lj}AyOC<$w`Kcw zEMObc%>RV!R}vsiI1x?2DmHVQKi!O4RvcNF_dV-6wRpnr4){a=5_WWjEBp+~M(c{z z-1Xa-koIOQsCtKj58tFnVvk3ipgno5+Lqe`ij$1Pz*UMfdvFY=7QEy&Vg@}GdwLI% z`1p54*-EDf@i*AHvdQP=`;!>T9=^{4Ef`M)b+xbJeEOqkYF+K$5xS3!PELP5pfmoh zI)gTOPIgXD?1BbJPcXoq;1jY`Wk#M?_TuxHDDW8$*Ipdsrw;Qs`1ZWgysjWoP^7)y zaUyodx(CG=no0HoLK#C}{kGU0V>*ks-=_vTcEoG|v4F;EfY$-Qf3U9ItG;ho$w>h( zOMxYwktPFED4xsDQ_tpasi%xRTV*&dZr`3al674gs6uRW3HV3rx? z1?!vWSF`siI*bw0$Q046A3Q*j?1hJ5dvs6xfCX`;tZ$-=vrRHichPYY1}qo1jHoil zwLan`ZfALu+Al>btnAlzlLP%I;nX;_Tln@1h0!)>v+O+DTC)9Zj{WXfZTIKVu;={? zqlJ@2ccP7h+Z2&^eesp>HCgtzNepfZkNi9Y)gwc&=1ZKYTy@)7{KSltXdQvpT1!6T zs*k5ybJ{zta2b~5jeBuf6gHU>*v{{zk#e{sZ>MAiKw_6q^yCzZK4Io0gg*K#`vp6Y*kN zY8AFc6;->V&`3QQHS6T(9jlRyzfK`?15-;rY>>#fRLh#1mfCg6N?f z9ibHYW9_kuo2k{kX0%TsCZUAj>&arv+LL-0e0E5MhfD9OF77L%>cuND@GoHE6)!_$ z2_BBFgq$#u_QQM{{Rlt;m;_yi2X&nVr$6X`bJv3Mz%|HF9ykNg$utZWo`8{Osr@YD zGj)aTt^v6GQ}sHUVbp!?;#EZL3gk3AU85Wy#YPgRoN(&v=x0$Q4^heMV!4^m=}f$4 zmYew}J5#+Xlbidzo7*)Q_s?!FZkNx+eZkG`8Jzo~or?ojgEPBzCYF}9&53E_%Mvx? zOQ-N`$`l;CiX=8f5)H5b#I?}MezK5^Jngij^S7!6I0>l{-w2I`^@T#vI- zoX0se(igt-BFLVn_x8u$21okkPjM2oVE9qu^tpn?eN|{J1h5B1Qb=!3-YwJ-{}*WL>yT{3-bIW{A~s6~&j4CI%>)Z@a}UJDKIbXf$z(5} zCUGRGu`XIo2+y8iR^xcmKxz+7RbwG^mUBRUVQD*6q;>Vr$X&c$!%vPlA0BaZi&yK~ z`UQHdhkm`oQLMG+`7%T931#7YCd#@*G>9BOee!owwxh)t_sxLjL63D2q-7m`VXL>| zfv%!Xa;m^L#w4$E^&Uu8tZJRaSx~&x?u))#VP+8DY-3@orAK4;2K8w6H|)_BfMP|N z2Gyf5#Ju>@qhHtf`=#6-{iP3I-VI?Zq=ROIkJ3Rn>xK?OH*qm6+4xu-prnK3RoLk6 zFd&%JUJ5#__b@M`M-xIAzHo;Odv|4VA15a8ikoPO7Vi9lS2OXjO##PKpOo!6|LWxS zDz0bbG&3>GHlnN3%yaK?xU*mCcr6)!{x!LC0iej8?AZ`M*2~t#(i3C@$`(6GPBwBE zP)-@k!ACZVDXLNXOQRrBEYFl*R|2X~0mm#_iZP2{w2GV>)GD<(fx!X^kX(5)f{ zMlpU>tL|)cTQya;>SMehiBSwF-740rT2<+7l_Vz{S*O2MOi`^m^L}TXAPM6HzfP-S zedV-HWQOM~S-kPilejFJp1N4mausL+z<^;^mC=_cp;C04_4ZFOXU*4ulU+cR+NlQV zvw(4H3m%o0*<6lxrmodR{rvM?L#f4xTKAXHl7SA5rB$H-v}#Z&M!r)nPSoEbePh+J zZ?@nUeba-7-8Tl#mq;R3$beLxa?t6t2-}E*X`T7}ZeK_stOa$2juj$;&unEr4M1&r z>dyTxjTpNiSTv2v7W@JW?%cPCBj_zCzRcqsDK_xk1io1T``#i>qr(84z1e|$kdWsG zK%NgpNJ#F{2?382vLXl)8##o;B2Gd6hLE368>|$!$sV03#YS|nG@WN%xW6;=Y+?IA z3kqx5ieIqZ!oxnzWbdllK0fC$+3A%;QW*bpguObC?OP%2`&NIj@IOIFyTL8u3 zkog98Ps}z}i=GRu#Ip9XW7%Jx^=Ae<9kTu;R^|X;z%Buc>LY(T2iAKT6U^4+Q+@z-E1zTdRv1W5IjW2#$tf0#{Iz3fvuo9R7@Pg(8jsmz} z1CJ8mP5FSao-P>Bz@r5itDm02D0XamKqzS1g!5cDEQb@+(00NFTB>!*QZ=i$$hNJ` zo@5iGN3YGp@j|r9F>|p6^hYoqE4!{|)U)|d>e>1tpSFVDu}KT48K_|h!xvDcu*9kC zT_4p$r@&=f-HWr`0|zG7tjQdZEE*l_-Q|d`LU89aPu+Q!H zD;%SHD&!AFH{Mq03Wl@$8k>GL9PIC)^6YM=pOxh)Q#=UJw)UsFfO%@ROPuZkVnW|R ziRZe2klY|ZyTotUfMT`>!Pz9zLQ=fJ0Fg;`I7WQ-lU?($+#X{#%P|u2G~CZ}zzvJ# zqle3K0_LgN&vF6|i{%6y7R%9=JaB%N1CA``FdPoc7Y<;&coc`b#I-eQDJBPx%1EPQ z4cwv987jxW9o+^am%-pVn8*_tQnEVEtQC#LMH)->F47j@FctjvqM!ms9L@#FyHN2S zs`*4qHy@qxEkGA3_|7A-hv!jv zw=`jv!)(|2m}iDGWp>3vl~cOALs2zZCitE@puo6L1`9i`0$`VV@h{@H^e*w>-=JIG`LGZFV&H?} z@$`-3QVkmD5kJt$tOTcpP${g4UOcS*52qE;2VYZ&UhF>WQEae5e6Yksc4ikA8z-c) zA{c@TQ&|yx%8KZ-uJPgU(jdSDSrG-6adiJA5fo)XKyeKPsH}&rLjyu5z$U@UtzRsM ze)bF&cw#x==qQFyTv|@cp#jsLtO6~NnOK7p@OU}MW{oTW`^bxX(MOsWSVo}ndc`+e z$w@2H5-lt63prVi$1vms#s_J$&jO*>>0u|X*~WsD)Lc;?BsCizVy{02D0ECHvzZ;L zHj_N~kD>pqBY+QA=Ak$$GO^(Laj9Qup-B46uqBVDLOf-3u#A7+=9IBc%J`EmW2(Q5 z?~o3&jm&^xrSY(y8J{CqXG0c+nWR30^Aiv(LMp*x2%7*og0;5~heHl9`2?#JJpv7+ z1#2ikEm%VV4k=jfdw`A?w6jW_pkRJ|@v|$=} zoLzz^R`+L@;)%Dp&Mw0fEAO+*@vOiTD@Fs$__N`KFeczR0naKttMD}NH1M2(=L|e& z;yDw~*?7*zb3UH)@mzrC0{9aa8i~mZ@qXeH6ANp;BF_;uhsd)CUs$#D0JGr1aCvY#QFcBY!%}Q zx+*Ox55RxpayUC1FK!+hDku$|7DDp@S+60l^+Wn(YCeGT%GCG8;RfF*yTU6|^qJIC z-6YzU{f7$cC-{ZJs^=paZ<3hzyld@O=s1it4Y|5b3a;70lFT+1tK5r^-{MM{yS=+? z8F{b-P-sRdBS*UI>h3K-a~3;nyDnPY5!s9)Wl@oxirD~{ALv3cp-2ke81yE- zVP1rV2i^-zM!V!?V=MW~(RiQSnDb1%+;`cBviph`{SMlK{UI)K@vlQ|;7xTjoXMPr zw(w2nMsfXZNeJgm`Gv*I4s|W&N(x3oPKWRK{<1F3yU}plce?kN)nU^l@BL-7PNs*h z21;4qE+xm2r$~C9`@)_$2J@kNf7yZD{j^VCprNreR5}vW*?RXFyxNxW++X$^$55Z3B zbbqaZcVsPGje*BIzWn%~6901?62OWP{Ad)vdTedUpgYF)n5Xc&MFZ$wC^#JW?Zd$T zS*^lv@Z*mr{-R;vuee#^&+y~#Mf}r;f&bhO?e_ce#}WT?9EKRG{S&YwL;iJRbb6%W zFlqlV@Wc<2iUK(^M6h zQk#{iBE?u4_9x<0>zNVa{1#lb9Rx!Pg$XnaPug=-Sp8V}$s)Gjdi^IfaUA?--~i^P zHs%|#{bFexm_XyOZH`L|?8M~4GP$P1n)NsormPliVtHH_*4iE}`I1r)Edn3lu&8Zr zKb~Fr)QO@P_K=iQnewot5bjf)z4|m%Gs!MPHDiXi8BsC*r48XFM?zBhV*lR0cJOSy zuK*aHE*}~jpd;FWC^wCGn6Ux9?J{HKjtePgA<&k&h1~8df-+^vN&*c_U=quzctfW#Q+;OD*;Eh;eq)Ns*(OVHEi@<4wuMWFu%=pH~nlWNt_uP3F(UJvwo1?`sol7?^EWi!g|03uuIYH^YD60^vh;+E6#wVMpigHnhg9b+z1}X z@G86~Ct!zYu>AnWcT~fx;uJ*Cc4}nnEkARr!s{b;0l!DT&O2>;D7t&9N@KrvJ1Y5l z4$S9-nX6&`K$ru4Fzlh223Q6Fn*<7vO~S1<35#pDt%tDG9EiY+4D5}-+YIc6KnTJZ zj`ySM(13%b0p0Bnq3G0ab@>xeK61y~xt;#peUa<5b~>mmNGsb6+%3d-@O0L{C;P=l zn#7xI)4Z{+hxLgJb(y+798vQ&Say>hcIr6_sB{@iAKFygJ@ao(_F}gfj&76@vkKWc zYcpIkIb|K8Ih(Jb34;n^DP0-*a-CA<2}QI?2ebCM;Vv4>1|zhnAc3t z&H^z`p>m1qY(H|KbvsSoQSsjn{-pGW98A#Wvt!`Mtra-kr0g3DiUO+^{KCHJ!2>(Q zXdQa|cM%4B!XTAzZ z*f;&`-@unak=eYX%mq8jtlUwieJe?jQRrbonXrI1jN%FprmfrFjg_)Gt$(;!ZaZp# zS&cO-4kEw_WWnkL)6Y*=tlmRfXLaHW(%))=r9TKG04Zk+!(uH7W7Tq}ZFdID)lI zcB>hIt$n*1b%`6cEZG@2=7|%YML6NvJq71G_c_v0P2GRrHIzL^l>@KyWKvOLj9SA| z5iC_f6nhI|WgriagN!u;2VsS;if%ti7ZyWd#*WSNcqNo*9?<|-!9MP(#5Y1@V{QB$ z8NTgqj0KD(k>aBDb*OH8FW3QKp3KD#40bbcav`?16q|S=UA{x9vD)X07ac~rz=+OJ z_0?Bhjs4YYZnzrTtR<1_=U$Dg^v2YLGDo2rPqEx2JaK*bUJKErHlkYVcEz7w9&r%4d5jKMR$kB_kG%#P2SP#^QIk@Er?*hR|N&JFjK|&b2D;;S<^y z?2}3kolZuijpmG!&iM1-=%1f|{&`bEA8*DP5o-j56JA@xoIap#_btBpgDcfp*UjJF z0P|mNGBQ5S7;8QqZ6qKL183llA>)WOjL3x!*m$@iUHTpovSg#>56n7wP+3~gvaif`cA|>0JK~ej; zx}J*^Ib((+7I4;i$+2Z}Z&xNOM?og9^+O5K&R9|?O$vpSSpO*zNh%yp{YqWth-J5@ z{$>=GdEb^Q?|{r-f32#&VmS3L^Ovj|6Z*2J{U|IOwOKw)ZLr^>LyV!cLG~a|nf7Qb zbF2NsESV!Y* z9gb-{js2!makF9aX`H|EOs^*b0(Wclgya&c9&6ktSOIuDM#a0WFClK$rma~^xadv~ z%UXlHc&xQnP0g0YK5Oj=k*hCmt-U9`rVT4`V(v0N*jjt{5T85DZ>`vJ$lGH% z2HS5HzGLkL8f-uOi2j{zK6lo?&}i%0VIXfEr;xqhf_WN!lItwZvG(X;<`x7_v|tMY zzubbr17;q%4^^GUL(T=t6I%lUXtwqCe?PP001yku)&(Bey1=h`;XFGJ z;@4jQ8TQ^@{Tenjuyp|_lA2jUotSLlaTf?POS0a;kpCFd#esao@les3&Y^tkfF3bZ z(-6{hC>mA;v5lEir64Jxy^s7~y9EXV?=0XY72zc>D|zc?MX)c->0JgSTRcqGN&ga1 z*j{n+RIMHsD0h@3xNf{_9SlLtM!8~gX+Zw zLkWO!f*Ws2MREJ;)AVEEmSWDHCO61csHz0xfR{Da9L+Q4%gE*tV3eYnA1jM)oun46 zj~vL&&!=&>QYiW*IyrE|Ry2IarD(pSot&!piep7~EW!e}!WQk+Or8FdTBMgE9m@i_ zzD5Ef7;+U+S}C!#but$^6arClUDn?)N1C-yTepEhP>t9P0!y(QgkQaL+)rsrv{hgh zPqd7ub(m-@!^3^2vIn(l{z6Ar3Xpe%Ee^{F)61ziOT#qw?Rws{;l#dMAKBo>X4OYt z>WI7y8K5t>R^7F1-P?dy}(5YS3&*-i!rPw~j7Cv@<>yHOcUT#}#EI zg*dZ?Eil{I95q6x&IuZ!r}~RHPl|9vk|kMZyz3dEYJ!f>R<^hG!;LaRVKQS{;Rq!y zRB3eHpr7+a0o|~a*u!lbbZNkc1a{v|UvGa1#X6>C0B_7(@htG{o2f@`|^bxzFk?{wVFMp2Gh&Ef;5mVPo1DgP31xeeK>Wt zPB;(=C>FYux4mhV`pRn}^V)8_{$h4ew@EgS2)W&I7^8$Ge6E7=O~=ZJva{%XMBE~JL?rrr3dE;;`DzxFAvVb*Ob{F zexAZ<&kEu^ogZgAzN|}}E)Px{aq9Eq+$q;e;%k#0oG#*AkRRu)#j2j!9-NnmQ=T7Z z`z;Db?Lw-7@G5co_RhVT2nNZOHUhWUl z_|2kU)L^6Z01v8cLA*9rSRr~*mb0#!>%s0trcahzN`6jcUBAkY@WV5K@JA2A8ASMD zeuVldK=`o-VJZ>M&W~`?0wAb!LW-ns5@DbG2=8AFgbGg$Gl^jBnYYou{yq>s7WSzc zW)opmeuVkB$0O6>L6}d3Tk|6vaupD8{z;414~S5mAK~>YfN;47;fF*RpC92qycnH1 z!Go}b2p?d54=W_7r!V*(5DGmAcMxH1euRQB5H?`mbcV<>BHWc9;q|#dfN7x-9wNeQ zg~0FL(4+31WADSEr0lg$@xLVW@%f=Uw*q>K1N{`Ci*^8wyDEJLhQ4zRjf!nx0E`pf z#3GlP*gI(p?f}&|Df9yjzLv-E%acNQz#xR3g$Iwz=yi&{u(l7YcSN?s^+lvYToIH8 zU23_TxtbRAPmsCZ}(N1OHN6NUC zo-yG51m~dJ`$_SUI#~GAhP^ z9G9A+8@Ry_d#KPBPvdnj_A3uKsyE$F+CB!ib95lRxkIw?m7~b^`uJKxnsLgi%mezm zj*V_x`I6EM$TS*>Pi|o~5uAs;LM%XR<|avkyg0N8E~Zd)QC%%gxa`ZWO2ZG{pPH?k zP=P+mUX1(#Z+?@`FJb=a$S?HfTRPtY3$o*oe@nE?Eq}tXj>L2!->ltay^3;l$Kvb& zn(VA37WXZ{SwxOmd_xOk7QY;`cno*UI)f1?7>xK;gK@<-g9hXNS4js03f&dTgkf!f z@Ob(buM~WIr4Q)eG7k%Z6kXt2iS;?6JHVET=psAQ3JmhY85)#fq`UnZD8s{&(C_+b zJ6C9nlX>nw)VZ#V?_gX6OZ8`0_}c!C(pG6+1?!XQOSg$sBON!;FdH)dA|AYfhScm> zq|xPhMOx)KBF&%tHtD6h4FNBhDtvBz~2>L8mlm+8)7t zN>ii~;i7o9N_QApf^WCo-UwB;g?0r(p~~>9P9{p8C3_#SqHGI}F&xMirr_R3X3{Ne zQQOwGscmc9tm))LU|Uo&O#TL$0anz}7Tb0L;Uok(qUZ4DD3;7@G-!<%dhs5yB>sL z+$_>C2WN#403T`Piy8orIRK#pQ99%Y1F-|YP)VCH(22)~eArh#ILuQEzx@&R(yD}| zd*WFkFb>G864?&cxyoBQWrzhdSguM90=r6)S0S0(DbNp)4~8uhFX_cLq3l6iog`;h zS@SWE4F2{5;W&@}G?=PR-NqqFZrwi7J%O+qn(J86Z?^T};JR7(&}chEIilbkHXwZHzoq<_WhGp>#73` zb}o}O*tv`c>d$CTjN&#@*D603vme-f%y5)0IhpyZldFV)dO|2e;K?&xL!f_=W18$? z!WRnt^&|vR+JJ}kXg#G=?ZZKbv)vjXCBgYr%r*I$Funr~5>iS4Oq(ew-L7hCyY&Ga zL0R)B0QCxhf)W>iOk!ZW1zHSl$-^Nn*uD*dw&t9HRHcuclThX!c%v5bzOI#pOLBVE->MFL<$7Y zTX)I7rq$gfRJU6d2LJ**>#pt&H2}8!J9W1*=YOW|P(Axg^}s;n+{7TB&Noy`@)?kQ zmz(sg-Kwq@<=dmGKK2R^hn%Wb=lS7;FJ+@!=ovA?MVkyORPoRrH0B?8uJ302e~AB& z@c%LXt*pjC691p%!u3`yTBcqxD}eM+(=F=JfeLZFdYr!vtDLJ)kb!S*ANA7P@X06s zie+Ah1O!YjC-bw(4HoINCqA2Sv<7zK(&4XWNQ6BOtHWw)vf zkr0e-QlRx8Bcc--57aQ2lms0Z3vKX7Q18nOZeFc?3gHIyMYy2|bFC1-!_)04M@v2LN&2xi2^gb6cZnvBj)X&W0;F=fNV^q7I^O$f3oXGLH$FkozPM@8U6 zyup{m8#dEKZj?7{povh0Rq*=RNU6Lf@fMP|Par0kee#OQc(f$zHvuuRdSMh9XpxBH zJ04m3B@C zgnpOhqu<4zF9U^pbw%Mr%=e1187O@7hYS?1RDpvMOEiVUO$y^s7Dl0B0zwLtLSYgV z$`L4@s{f1!-%M3}f_$v42z&w+>&SForM8+>OJi@!R_WFrP_`+XiT2RnQE$41U{)2X zz_o|U)%Ya`7O^%AztFQ4c-W2wjCQ4Gw?Vglh5e6T z$NL^?KssLLntWOYM(D-BXd(a%?lhz6&j!G)3P7n%0%TH~wQ06<0AmxVBGLutY85KI zBJdqe{B$d7vKm^06~9jOXqPFVN8eIt!5#wtp&a|h3Cn7kipoRdwQmy1fYDgs{tGbYKs zbtvlUnPS0wG>$8RFO|PU+I zk_e-WqQAzSthEDEDE+nUTdf@=P?S-P3iRqPze%iYg2AF};t`PR1cch5L$m{~E6+sX z`CU;c`s?A7gu<(!cU%hhP{b5Dfs);i9YXeg9{qLQ`CfLW{>w=JcS%q3z7_Jm#adxX za0OPLDCrlsjwd82w@!&L6%@r?DJWGb6WT>V$=u^`2!(F3SXqZwq-=hkpHYor(EwgA6SP;>Cm2Ayr*twp1QK_}BK_TB@1^k~_e)(`ivJ%rv2V#l(z7^`>j@}||N znlBlayKeiKG7zch)VaNjh;TjWFh^UC!E8xWq!i(z=r|^TKG0t3N_t}gq;#Ecw5#jf zX`3(4Gf=!p6fr3{bX_G-SPPa?*U4hDQXJHP+cubCQVvv5t6^6TMZ>Uu_6_URzu<1^ zeJ0eRVWpFB3>ucBZrur&8%z?81qt@$G^r!e5e2VA(*gem-V4&AFL^?GAtdI5C`5C3 zNEL4K=8b+xx(`^53$b~)mE7YIs!Lt!pgf%j;#Dk~sbtk;3#U?GQE{>b+OH70YFE^t zLVG<{DCvx1f#hAm#jk;0!=*h52NPU|flYU)5O89p$zZx3LCH6eY^Ax!;7BdDKP6i#o<4=lfL`c0amX zbYX6*`?ka&CzrTz1`jAe!!O6fiap7OFAEOY@UcRU#3$dO-xRMW;i};e-)c1c8j~Cu zXdUg*JuV41nIy~yVw?4B_$yQ^s<8&+dNyhJI%HRb=!U;S8vY8Yi$c@|g>i-3@TWT{ zF|Le6RVTw!Jy-)EA!m=?5uy@MSxkQ(d1F~Pwato{pp*Q{YV3^E zL3=LwlR=Xxfga~fC7{cCpny{elxQVz62^i&q7;& zSBSrir_DOq>a(gQL2&A*7q+9F@WXpnl{(O~U@p$j-co=xFj0b6HcM{M{%qqi-m!h_ zVv*B1zqd7GB@2pcFe#J}lDuiC3^^t9ehf@I?J>rEeao0s%$GG-)rytd1Jy%aW&G_k zD4)$RE^7THBt$n^(V-=h#Ugo7ZC&sXTb25b)ic;y_^jyA8tX*F#iX@Ehf-&Hb!fG6 z-e};%HlnWr+XxT4540C0YmF+l5sVk4Fo(A1jHeiuG8_y`elN-_!|`MrH?peBUbB`m z<9O&b;o$kGTM7NEggQr)kq{U?_*Hsz7pysQEDl$X{(!M^Pu8=Q?qi9_XFROCFxdiY z0=p(cDhTMjhvp;_AQ~O;Waq z4qQVqOSXy}t#Q=gz~7-#3NW<*0&MjLzo}d|>!Bv5hsCAT(C?66w4QWGGeWcy)uGQw zC`}e}!?hx`p2T1fcX`_e67^(1I|Ob8x9X;50*d;I2{>AweNL*8|`F1JVC`3)I%W2U9Qi*8~ z=r(M-Zp+SU$!dr;COUNFEQ#FgjU0NE1rRG+Yqc>;M>{B!mCYx%Xc`}c zvv4&XO;!o6=fgVW&$hZvw}+HG%fQDWMmzeTJ%y0mZM^@ z?G4dMaY`|+ptbE^EkoPV)l4Vl)gxU}Ty2|ck}?^j*sQa)?K;PGdm@H9fwm=mnY8V4 zjDLIhxtAyk4Lt+UqHT4^Ma1X$sycL>ghIzLn@rkP43A1%Nf^>f=?SN*uuBiE&N>cNL)PgqmhzM=^R#BY>_+&*9#6bTDS_X=fgVn z3EL_C1fDR)m2*sQAXcU_MVi+;JXTFod0tJ~iBNmEk6)I+}r z^@Oc7p8X9!5IRsowbF2N6W?&!Ft??;O5-9k2ac!*ov~Fl2EPTKwxKjG9_Lgha!CGK zG@M6i{AP1!rIAKTl}CTMO5=4Hb)Lc=1jJn^jnM6=W-1Nf&7?FUCZ<+XX&eV=Q)wJR ze4UhrUqabbk7xQoTq4~D}p>q<8@SBPn1TFDaouf20V^}I@-#aGJ&FUl?Fy@ zAxw*Ca(J3`E<{Z04$yE$v{fk%YBcM)_tGTfcnFnh?ns-&ERRcWNsqW^|^vU+y`3uo)f3Z2nz$SAe9sJ#!vUbXi-I_Xe*y&epKURjVv%bSD z6k4gxNu~5X3ic2wjP`-WDs%ZGx_;zPmlRjQUT>0;5CyxIHEvsFYn?8Cz-7$lv>f+glgcG9K*E$Loc~ZfOeUbbsi^60pSZoScHr68` z&#M$oopbIxX%f;3{<{+LHBiR5!Cc|GAPrY11)HnT`Jcb^a}QWyMlh&XNUYCld0Ug< zkNA*bdD-V#A*eo`Z5tYgR(#}UZwh1O35{M&)+8-((+W(_;wQqY7J=FYI`tE4{XCW`jU^YGD zc8tq;6yY66mQnMc|EhS#Z(4`m!W6a+{`;@_0Udm_gm$Ha!-HJK=Nh>oGwXb2ZR+6O zzt`feB1$*X_93|Mo^i-bI=J>AmlRhAe{!tBg|e=7aOJJ2)^2og zjfv@KQwN^|Xj2Cl6Q5(`Y8`x-g#IMW*Ode4fbEj!K zSe(1$vtAvn&BVbFv95LS>+8}aeZFd%qbo}l=V1fp9Yg_Zsezw@-ggCL^qpQ`bzAxWQE8J|7O2W@yllM1yX&m8NLWk2-14k2(z-EWVlSvdN#O z$zMOxLxrtDAD!d1pN|#$8Ta3zpqk!{8uWE|b7}T-zk6*B`Yb)Yt~6*hjBBn@!R~O( z!{C?mFnE|73iaA!>E)rR)>~JHs5CV)tQTv)Vo5 zf#t$*j0Z}lzY!H(&rH?q%aiMr*25Sl3Zs^u0FRfHoxf_xnL!!pWV+hCAO-AEu zDIRnhMc6ps%H7Dp7`EAIqvmHvZ3sHujO%A(_4Oo3+#Swz7sS9l_y({7{eZ!=fzJXSDX3MeQsDY{~ zTHgVhaCtc?!{z1th;PO(#x=+fOx%lhmemE=&fl(gU2d1?&X*lF;PNOo&m#z_@!HO=B#MQ5=)s7-(Z>KuTjXadnG&n^S;O z6VP!-(OM{i7zkjA!u5Rk=Irrh(0`Z&ed+HXsX$oj=Kz&7Zvdi-Z{bZ@!9Fca*?@}% zaHq#4{P&MDHShPB|5#u>B8$ZAXYVwVna`lZ^Xma^gQ?3F@zGR+sdmh03b<(qLxbZri$(?)o zjK<<#zT~^2qnwmDD18AI8Z2bJI{E%Q+Q113@DP>3hf^7RXJu64DU~5KL@N?`782AT6Ae(`s>XK{^ zr-z1lyhcVsrvX0*<-;MA?5R=p^=m#RDGL-hD<{Hl2Gv;9FYK_ zJoRI+D^ydaT*ZY>XIwuWwUCeV-ovOlEka0Ni1b4`rJpeUY9zn$^3o}d#r=HTqwN7Y zgbg7h*f~?K09a`H4AeHj_BO#dP(wCiNsEh3N%3Tq9&F^pVI$wk#wBP#VhQ@l~bopAs4T_wz0UcFEv_&u+8tQ zQ>V50)Bqjh9>VXGAIj%A+I8^rpb5Kh%qA?i*tR+KY1Cpe^hLv zu&lT*EWONrnLR+gZcHu*-L*;t(I zOO3HVN2$-F6eUL)ces#;T@$Vg~yJ>`)+ocqX?7Bl69aGxUfy_u0w!@02K8E zwJcwv<5fO*OWYT?nP)3KHC4Vk;Pr|Lu}6FFR&1{8U8 z7C9-sV3Y3`V}Ci0ho0kL7Qx<*jeOZRSWY=-hiSd}1lQfOr}p_5yhahmg^h_Q zwH}cAtUn%%-q2}r#fSKO1&|iz6sk=;s8h|7ROp(bkx4)WnUrT@8B+kM&pMka;-SjK z>l*0fOsGo_>`Za)%MF7-aWql~+^hk+ua|H5WDHJxsPTS;(H~@0llWc-y~&{TQj`vN zvpQDnIEPi|q3RO-k9BxZ1?bcPM&kCwVLJLI7dfhZBo0y7HHeE9KvXf(q;|1C&cp|Z zWq9I34Sc)-e6$VRj70nOvw``sJ3au+*TfAPc>94Y=`!|KiHHvU2%*VUV0z~gcgNfo z;Px_?-<>ef(+Sj~Dq5MEMdQom2cP4M)zkJ1H(?FY#L8d{hf(n6Psg6f9dZV4kch@7 zA&ny)<8f>^K7+A1ap2f|oSI+5Qi#A5q7=H7#H6jbyX%U_qI6NYb3VFkT|J?zn(?sD z!mtNW^`7Pqin2b^gXy_Y+`Y-V1(kq%D;SQ1$<_G9%_RH`O+nk-LeAqWCSmGI>%qIY z&bE6Y?CmC^n}G-;MRF*So9GHN5gnIcOv-|~Y(qZQhR5j%d2ZXg67yR)cp@q^CIJs? zoGE!S1M$zrrn4=)@@X%W8L=pA2OkK8N6ZywEE#ub`UwgK#EM_qNjB(hIk8MX-`A-s|aEVBBA1{|F-R}+ zU8lZU)nfx6Sn>;CijsSpMWm3TbP2;y+vuyqR!6bA zvsKO_hcGTy!noLqv5`+$9F3D<$pb)m___^Q;ppFrpA9D-m}1al=t ztC`}`_Fz_PaQI|Nk%xnSkS(iLi3s0PM?jE;npmjK8iht54R{E79JLb*ERKp$B#$Q{ zf&}|coZ2ichL{nR3gC7x>=UYDRw@LunAdsOb{EvVGLAbDf3?6O(l-eQQ7C zGOtE_VkUlxj$dZRKZZ|eP>O$YGH_#Xm&0RZcZS8%&5U-#q4%?z6}!+G;_R;mij0xO z!%-x`xi(0GN#1m!43i(!Y8y&_&3eP45{!YhQ>d{k9$vrlP9I(>mXP8?%&=!+Q3JoG!98!Za+Sqw&gAZnz)yM$^`$~=`f?*s3jxGMwFoeG8 z>cwFQ6N72%6G6D=oku6+7=49=Y!Xh*s?e%|_?20-?tVD!hr)~}Z%KOI|AqJT z@s`@ukt_(*u5waXzs{T7j-WqSarQ?nP@P^WJk@?KaZ=8b6FFt+74Y<7RipytQ%0`#OGIWt3Fs}q9 z8HRkD{V$Yb&<@wA!n#mbalNmV+dpPt++ctgC_6NwtGoi&Ux~bC+%PNDR9tZ5luLcd zcSxnfmNd%X;Ue|*xMmK*U4X<-t0JMIi^+GF%ctEq1!D_vZm}5J=2R|Iz~i**;g?gV z&Oo83U$4f_5U!*tEj%?LD10s;bdiQO2c9(WX=Bb9&vqApGuX?Q>aWu~&bHG5`4{|_ ztHEr|g4*zQ(jQ@p%k9AC^umU-4$a=1_e9@PFv>9qufeA)ZO*}LJTQxS!{HR=joMJk z`@=s`c|&!?iYKG(PeYT%XWbz_))z`hM`|Vl&qfB~ZSdoKe6XI0Ef!ZWRg749k)~tA zH5|-b#x#j(I&>}M09Fb61}gmYTOr~DvT&RZFDkCqAb$i%YEN88!r&Gid>ev+pIRZ| zJKib%3<-skTcm?7R0*jR6O(o5sSJ&YBNYVU^oaOOR5At1j`4as1GKS3gNEBh!9jgq zl4#eVU+p2-5IQMQc!ERBdn!~jGc+`Amg(SQfS%l-~wA=m?i+ly}$}q3vBO z4zsAJYnZ59C%W2Abc37ddM2vXiN?B#X1R%OWTG~m=m0m-Y&X$OOjK~9Q_POtRpCL? zuiZqqFj28i^ro9=F1ET3NX*nxb%;vR!lWDm$vhXyTq0SbQ{Ksx+`2C*UnrjD$3@Yt zI{F4Dj~9xsVT{YRiFQmdHgjeof3!pS$!_qRM6nJ&R0r3VqXrUlbj+@9Oa)_VbOR>%C88$(Ma z;XB#M=K?pTfia_W%t>xcGh=4zn1kJz7RD^mF@4;aR>rjHn9n(HBf6xvjWGjHaVU7p zjj8i7!x7JN z@ddUcyWw)Z&0Z2t#VWa(7aJb;#E&~v2CU~K_l5%gCtr*GwkRA;PYYORJ@AaIsdnj{5Z58&ILR`B$vJmua<_(45@zhkL_FEHUhB>cv|?4177mMHiZ zR;|l-xjy589>Dj)bpuj<6aF(Pe-Gg2yla==gx@CR?*aVRZ`tKH;lG#i*Y3Rhb+6my zhwymHpFM{4-vjvaSMBnf@O=n>nS$^3Le0w>1>U$&b58;v*aP5a8x*kjLd|P;rP7n> zemRs#4(gHy=#J~wz_>&^ZpMm|=(08VMLVwJNBlYb+A7l-t;3U@5Z4y4%i*)ZezH5! z9&?L|#UO+8(q<13HwJ3JTgk!oZ=D4KU^=r_iv#2hivun~H(@*B90ji+iQ#%a9A}m9 zbXF_z6lYb^h_lMKE}T`SrnB1b9p$X5Z{@7|BuqK0+un8^R}1gy&T5-YH4K@PIN#%6 zN+VM{*X76t^zz}*%XiXSji=BnX@p+BbwMvvlio{&o`SggR`iy5XdLHxAC-aL7F3#4 zR%2jmmOWmtt~iN1myLQ>B0RqclT~Hg{PRvgF`Gexns*x|7vAHjELD@${^!RP6vKAI zu$&~qS>fml#BWZWoCz{)6?lLb6qG}HGQ+#$i!J@=OJG=UG3ZEM+M9!S9mqzV%ZW1* zx7q=HFs_b4dADLtLB(LK-hbCX`tC}~P+zCO?Gi9MC{}!46n$u*!5+&`;n0%~O=fJ| zZHzuK&~VdU8NvY;#uR{y{anekW8PogAV)wNFhJjj8Nqr&hLJgBEEZYd;Rp%eWqKM< z5fVuwLc+H$gk*_8733YaUJ14ORzh;PgejpO?0Me<@99Dfhb__qT;e-oO^Nay|8yT$ z$Zbbe*;DrMNC_E=>-l7euPz@kv~gOt2A|}7ghxEG_lFk%_q?8HR~|^UcGzz*kddvF zHKj(|Uj7B;K-3vQ{!OTmG_2uWiS!~O(Qd%rF zq0agpU{fu0qt7G$Tj7pY2^?US2UsZ{KeuWdnr8_xpD5r z6q6GJ+x>UlN4pA4=EGPZH27W_f~^y-6`zdU!o11WzhDB`Szfl)Cre}q*W@!tDw6-D z7*5bwv9p>;rA%8{ki@=r)WQ~792Dv+Z(RPtVt63;;;9x@+Jb^iHChg8>1nFSl0 zJ-N@n08@4#BvhIBxfaLaIrQM15<)$-Cr;Oq1rmvsx)>$`1`e6MgQHn=*Gmrv0y3;cdY-&g8z53nPc;~Se43g zwa$?TI2qZYC#kZL%M+9T-DdrYWc|-XkXgf5f|r4;bq|Yk%uym^Hn;sW>dE?1FVa{X ziC^S66c5`hYz({rX=6AKsdFd$KLCGm9WufxHAz2b&*BrF!mKQTV*;V(_)kp1C$w)) zKWd1hG#@eHU*Cm}BeThZe_285f!1f;Y9?EPWR9I06Ph6p#elLtznv3?wc)Z_nYpaB zZbIc_Y%nS`CT{>>EW(t~88~Z~Z?V8r>a5*bHIZ6tjU~*)+GrKal{}F!fv40dxoNZS z_JL)!U|y^^HyWt36UO7joN=~3+<@t{sx}H1u4<0<4aS0a{30LE0z6?m1qb2@_c&OH zXCadj1xco@2joxf(-c zxf)*zN=KwFm@i@F$i4JL_0I96(orgHap?i6k&ThLKhB<84oQTY$E(#B2-uoC@>k z2#lO@67e8tg;=BzY0=?vEf^}J5DApf-;TLF509UP35HocBsv)no`!s^Jac$DGQRV8 zIx?QUfMmQzGS)Ux_X5_@*|U!!stS#&;YS#m)Io{Ib=Xq~^AxR>2EWjb6R?od!Ik5`eHpVd@XaJX z7_MG?mzek}fX^-^mPqnAY7ya_km6KUsiL}9=%PfkrfHywW1I&^ZV20C$@0)JhqPR9 z`CARU;RmBU`KmlHk#IQ><=K}y!A4*QWTmh~2pDsm6xk_kDq$@;0XdXG!sfCck~Ll4 z^XohA;`DZ0A`E3K2O5sstOSf!k^`;}Cd@~h5eeg(A%2(#6RrS&wAye(UX!m7e=t$h zBVRrG@ewXtA;%Z4V1F%#L1Hdk1ERUxG-Li>PBEOY*lY-Uk3&QF*@ueGZ;2zlAs~Tj z2y@|=c%r>Ln*tq+W7UhpLx6EDwol5}*0r zD9c6&GL%G($s0KVy|2_^X`fi2MyVg9yWdPF=b3N%fIKYig`-=cnUJX3Oe9B?*Xu;p z6#*!%s(IiZWVrwjbpyl1a(q&~sT&w3QnOLV;Rc4&a1#SQF`+}v$8D4I5TShfQQ(YK z73*{l!>ivJ<@_27z!5~QIDz6@3EujwqIef_Ea#Zt`o5Hn_b^bL)H&v#-Y)~lM>~OX zN_eXZ^qymWx=F$;Awl60kVgfC=WN_22Zi4z_E)EtcIO>kP$=h^ztfh1!ZR~bc&tOA zdk@2-kb93{zroR6yQD&4j;1gy6o#|Xhvo3yLO$Zz%BM6K3_nyt4k}GKc!&+oZ!3l) zGW0yPT1a;_={lZt#UiX~cWpMLU|&ND*yMje2-X65?60p;39c>mIXW8K5>Gxxvb|Vg z(&WPvb>#{eC&LVIG42n$Zuim|F>J7UfOyMlqxE8=-2=QJD31L7&tqX*z`&MJeh|A6?ctlYU=~iY!pUI3cb8zs zNYfVoU8jSj*s`k-607HxE!OV^FVACC1aPEqb?|VySAkaeRud{Yx;Lnq12<~GW_Qnf zFVA~6-kkv(3=vfog5`A1_?+q=k@rbcfp3-{yPyvg7@avBcP;BC8{(sF?wDBKm}a7fA=6B9qK{fbT1kHaXPI%q>avCSh1XGmhwXJV1)if& zHwBjP;mCFk4$W4<)#|ZOJu3M?Ls03`#;+R#>(RW+mRf%tg+%etQZ%%gpxHX<1b!pp zVTq_OLg4lne+E>7XX_J9vRsJ)jggTorvLf8hrn*!A%qXCsW=u7X5ADy*?yba6d5b8 zjS*ZA&W)rK@W^Y7oP|ejW8{~3>}Zs+Ej-RvU+3VF)fhQfJ+KXtDJSv^r%-?=S-kU! zFa3<=)|Y?9oJ*MiG$ap(B@VlQMMLu^FLB-wewP;o(EK;IxlY&_L!AC~kcpzL4^b%Y z>^L6p;f{R&Jq>c7;V57czF5g^M!ru9kaT38OhxD1_nwpKZnh*AA29|JSOXnJ>)4ZC ztmFPz>Ed{b*XsOkHuF1?`QbDt6b*xm>riy|fvja-sk0t3gQ9{T+%d!^%`;_Gk$kLh zY+=sk%Ft{Zht_Mb!rH*U8sHW8EmtkJ&c$Nu@$n%T5cHy22JUe0Z#x80M=y0G7f~ZJ&2qJf4pv~S$&AJvFa1d=kN=$a@GzmD$3CKxdFE6ab z(IJ0%*?M28oh}z9hHLWwa;s4@{gEkD!-N{@iEr0X!HifnI~ySLHFNhjK{mpEwa?H> zJ|GO-+yzg9SmqOqM+%`{F^tKzo|p;tS?^T!gFQ#pE2Hks*sx0JOdZB;pw+PjP88J7 zO}nRsK{bVu9NKgi;4yTD9k}zF@Oi2FgD0hhcCGb`fbnq-#qWH;N7dB=b&1_*9f0f(0@U^t)LkMDX&usx>}GF z#1(+4pz90;T?d_8M?iU!L+q5OvKdkXZ5&|HlriXOJ7P4x^|mwwc!)U1pN=8V@uy>m zr+ID8urCZwq{LRfze04AZA5yIi={b7A&1*ptu6_uPQN*4UAuww4}!GX8O5Kl&}{8u znI5c>E>uVtreB^j&qO*#kS?qcy=gbRpjuOkD|8OjuO)^0b>?8}sIXk5Q|PRkgGr+d z(51JDc_$HuE)qxT`+t(3{sj?8FVIOU?MO{S4U00QBgGHXk>X4XdlM|>?cR}U6-TPI zKw4TW&w+OVVFTGTYe$N9ou_KVk@^?*o`}v2^%n(^L)8!lNpdYMUuYlk$|Ho23i9h1_>0~`f(MARV-RL z>}8U`<2DVDQUM9UFK1t^<-zc0CU-@icneRVqe4Grl6OER^70+>+BA8yKQ%ZcR=KxC zZ(&FPLk=MC+%CymHLnZqWt|4|VAo9K%@wq1+?%cf2PN_WrwoEt%(Qt7k$Y((ddWLh zlgExOGxrVxd5wXMh>T0k8-jiqNxTLtox#Cd9MnY&eD_YXf{$fjqY509DApt%W0DA4 zSCc4s?iLVE9FqhkEQ0G6Hv-qmy~ju~9@~m|iQ0R%OOrY@b}5cASBEF51a}`v3n98% zZo|o=m8=|!zINW!p&a;k@HyS*y7a|C$L;z z5nXoPjYxzwZg{w-3WI~N6xQ+~Qh;8nL0^X>A=-woWg^E<#k0-+w)o_VgM1j2>%bGz8=B< zVuU{mOPZw+OPVjHCB6426yT9e0L00Qltqg=TE;TR1XP*PH~ho3P+c>6ebRv6SHU-! z@L~~1(aw~GYg)t&=y=zf>BS=6flUsbE#j-q{GNcF2YKR6BZfu1RV?DIbk-P$nUcwP zSg*|DOo`{T&haUlsyMBa97tXQY_R~(bH+3Y0q~)wN!F=pl6BU81Sne}gdnD?dhT_vei*f1OKSaGHs&#We4Wi|#(5Q^c0x(AavmL-}|Lso^ut5XvY66xx zfO(~AUqTqB#buKbN+hCP??D=_S z>}uO)ZJ<4$d@-XvKi&kn3n19R2`-5_ZrLlxXpV0ebKH)CrA>3(2#eyzMJ!_smY3~tLbxL1EhqiD;WE3Qe z1~;EHxP6GX4Q>WO|FkND`{Oz_BBB6HgS*u*xLboV&&_Rf_$Lo&a9c!$X9J#9XqPL@ zb}82O)qj`H2>XRsC~JF#ZEfReTHAkxXnI8PM-2M{s3PznFvG0(Y8WxKcU72=hAW_~ z;<|KGd%B77DZyA*5vT#i=S+-ZXaDtYLMt#nr!YR3ZfEapV!TK&K35TVNNWxbFVn*2 zljb#_u&w_&TWsr@oowrKXN$EV5k?uswtnz6p=e$ZdV!$Yt{#et)OIyLOuKrUWV|z@ zdYc&4+mungO^j-g3n-{3n^J92*P8qii#mo*jkdBHK)?j@I1m!9=Wjvj8TJcpWrm2Y z%$NMqp{a2ythn@u`4U+U0#n}rF5zysNsG6+17lR6B)xe{wy z#`8WfWM{RQrHW;S>G@%(3vP>LeB`Ub?aOJpXv_HFh&G%gP%PuP3iMjW+cy~`oFXJB zJOXl&fY5My*ymKILE9N!(I#eb)hiij>y?SNFBS;FgA%S;JlUk}5oLF}#aSsJr0tQ+ zv^`zg1>eLb{}5;ZQ?cW8+_}XPTN76wnsD5)*rMr2EIpRoEe#N zDhBa|ioV$nDPqXJ8WuJcIe}utE>nT~c?{wq27Re(ob-YuBI(IE=C2AWh-SDET-r7X za?kOzyh$t`$HOLmuT@52x^_Z2(stkVF~YQ&%rI`o&ySf?BCdPAY9S;%ASM6%zQKMIheBz-8J_dnDCQe zHCUg_XL&T;8R7q6DR@rqd&(_)7M|z<{2iw%cn;`!;APLkH9df@vDf^!pmsd)SCan2 zdH`QrY?t4JpDyKxmyPmwyXL+elaf5I<6KYXvf<(B9ss|;Try92*W7=Dap|3{x##6H z@R(Xd0AIEazwnrv@vuF_t`1Q_3OV`W2*)CfF|WuPhEupXdWu6-_~{;^f-fARf?ws7 zyz{c_B)I3Jj5QHG2t@Eu)6Tp&z)WHR0iY8k@morot~!h>P9clZ76uStixA&aAKCWlrMM(rg8oNhfP6zCgyNoV@XUTs=1UBwFbYC zs5(5t_59#!yap{b6EP9l6nPHes1KZ%f?uq6$Djj;i#yPH5HKcyN@gB=$(5PogAP}B zGtpqJC>n4*DS$Y%;9=b{h2pS1T((`7*=@J{QiAO`h6~ZM=K$;ImGejdd?@E}yK)}4 zTN^j9$PPda$VD3EJQAQ2|6x_gnmNxTL#T|-qX21FGs_ANF9OHJdF+Ty>{vMg#YzCZ zJxX;O26Ukiq%iEWf*fbWLA`+v|H^i|lso=`vc<}_TgQ8e#IZ>r%)Rrw4m-Kg)Tey} zHM8t0{Gwte;h_gdTA8c9iUQT?4 z3H>U>+IvrVjn!XKtTja3xt#beE*Wv|H(v-d(u8{(EfFQ{3eLEk*jsCV+t;i$bvZGb z0HoRT+5re$KdN*o0n}ZjI8#Co#QmNC6W2wn zM5LP(fH9`#6uJaD3qmkpbk^)aiD|kS9)MXBPZdN+B*h~OWx)_nG*SunKx+!w)S7cp zNpgtP8f4>tp&7-)!Z5dBOfP3h$p!6SqKU%5R~rw#^0{Uq-nmy{DTM05kP}td;7+j zm!{5jCo8%1dMhRCCjkVmSQx& zDYAm$z?sCcSoj=;Ecl1sn6Kz|$OG8-_*J&rcQ0m=$16-^Hv$<@2$cp3>A8m2xhUKY zeXxn*2%^AYg25W7Ae}N<|!Uk z)k52Gk)kjtR1}M}BS2R4pTx-uEI?VJo7OXEH=fF0-4_I@)h@qO8S=dOyCwl48t8b3 zhE|MBqmOW_rTtn+>Ar`#)dHKwsgCP`6M{?`P}g0o_%CJCNav##8+(LHB;&Q^u4K42 zO`b{YowDegd4J=Dh2g^%^uQON`QT#MCebc zUwbn7m5nc6#Uh*Hp==#ko^sZVx4p!+JDIYhRVasYt=T z!OTQb)V`3ZX?*gUk;!+M*UFel8#7taH8UNIFZhxy=i#IdB3V@mRq}m^RXgZdss(a$bqr8a9P`q&=HHi`jS9g>7p6qpb^zyt+_z7F$stu6Al6X%jYMAthHutg2WT$wC1@1~w&J4d7rk zg0dM@H6EYQss?lm;d=hck>&EjJz#v1Jz#v{k>$UhFJa}-@ulagcdFk~Z0cYV%*UiA zvAETZ3nDql0H^DEKeM<;$BoTS9q#?iN$v0b%uVg;{mgT=m)aIa^KPD{hzpj%T4ril zgDMutt$u`{OWhJK+u|!d9=}lAbU1$VN)N?vuhIi!p)Cpj8P2fGY|N5)GgNp^_8i8uNo`Em?^VU2O%)e49sz*n%J=OOqs*q z!cx;KYZq`9OEQJ|BrR2TVHIhH&G%yag)^!Q zkr`FKQ$N;ZEmywt_aMoSQV|)*o20a)4>(b=wt3`5eKEROV5;U@qSoU z;$#=1@AT-`yqTzCI@w~#dX;RP@EC(3fOy$!Ql|^5vwt!w!2!pDhxlUq#u^&;r&9bJ zYch2()|J(Q&v4h}VT(j?A9My$2}+G}J(`{YuZxN-Z%WuMfg6jV>F5&LW9s80)Q4tutN0ox>IFmWHjDRr#RKD3|PeB&!&F$`}WaCQ) zn)iVWeK0A2QCfnBH4fLKV8(=Jv$L<^Vu5W~goWtjQfWHvYV3yqm?Tgx)i&i) zZL|Jh0L)bY%AX>DX)vorSlmA~6x}ARv zVfJtdTl6`iLRoT7lDP}-m?IE(3yX^AZq)#fxK$l=x3+6{i-Y?r98Ex2yJF$uTUK0aa{bd-^QFC0HBop(C$I zst%(Y?P`{QlyG!o8|!QjNQ_cYD(`PBGytP58BtOY0w3$h`1S98V;4g;(dRvWGvzN(HF~Yr&@qzQlxolkmUq z0epE%!55hD8wh_+58#Jvw#$#kL3Iyl48}&S+)Vi0djNmyhj#f*_)n$$mrMD(ofi*I z7x>Qe;#EBW-t&D0?41{X4~?b!dGTmjM=%*oOA4$ z62qUtytUxBohH1cFc>Yv3cXO9t!j|OQhT@x`G}QSJ6f`McoX~_T$q72asVeQLwmak zAtdPu# zV7GHlOAk_nx44k6n2_Xu8h)t})(Y}@%ahu{;*DRHA)as%Pqr1}u-x7dZeh&dhhA6c=ASahpfj6B(rFNt`8;6 zHtA8&6c6Da3j-Q}0*T$4^Q0`!2hZH3RXVAbCuXDaI5!yHG7tjP4kExGU~ZM`s9`z+~{m@2zoCKyDC!@ zhdN=IInt6ft=4>|Q$DfdI`EZ z7;eh9{sKvLIGi3w4PwVpUqHP;UqDv~;GYpGx`LlWt-s5>HeiR9p7pxL=>_kkN zx0cs7m^r;J0_w?$Cs9aF>+Kk;rkk896PIAEb^A0#-&JA!wg`FAqekF88Q7Nka{5LVeJC=TJ8g z3PTfaUQcI$vbD28<;T$YCgiLhLUQY+N$K$!Anm@#$dgB^n2HVGkkiCZtjGgAGX6!VpUftz$=?xBO=O|4{3It7JEtwAS(T zXI^<`-VlDsIm4aSF`e(yD$Lfg>MOf-e1h>zfy&f6ivFs*ajD5LZpShCvm@7Ae$_IH zPCu8Ogi|NhpE|XSS2968Z|2n*>h4TXf7uz-r7n~n$5>wQq=2=<5~>@=k=PuLA~snA z)@GA*yo)z)S$BbUTtLp@rP!tT_e60JKNw{o{Q9PXKI-UeTW7ReALig{Np}on=XqDZ zmX`M(UFY3FbI-~9Oy=#8+IDNYnK$&hT{CIi`gJEAas(h<+b}a!ppzE(Hai1UT7ACV zsa3wz1E@zjwa9oTs5Ci!7dKOx8sLH+K=H0EFCROs0}ZGmX<-~KicZ8>)gHYct1?6*~5aX+U)+Vm7V0U_2?r3^{Tab6jpvRu_wW>7VXU#xitoMUhc;BaJ3%Y*%(nU5HsSDXZodbsB~#S(bN? zBO}ri2ej5p(nHiWhxRW``F)N&yuwzLfVadGW>;vh9DK7h)%gMt#zy-L6Ea zP5AoKzbJc(>EQQ&OuzprNuJT~k4}JOxDcXs-P$lXm`QfkfSi)uh(~tq-X~3VhaRhC zS10(Nl->4E-1^##cSm+x<-N=LdO7)@sjseOcknU)aoOFBLOHVADg{)syH?)22rEcZW09GHNF5VyV>n1K&=p*2-I8LeWl}+LoFuzDq2d#k zVm@CWW2z>3$n1-<5kp}jXcj^3wMYMw%!(Y=)3cSjw`xCd6E#XARf-4rF79Z;`dT!U zqCrheHCVs>Na#oa&t#S$7HV+n<4A*!gmtrkE3~I;wCk-0J>eG+9Y@nuvKjK(1gCdB zJM{JJv*Kmztq}s^hzCRiHEn-Ev<$1ojX|ju)_(0oqqx78IdFDNfpaiYZH0L@EdtVO zgZ$BnL5vuCq~Vc}T6bE|$XCqz(e9z*)z_sm43PNM2|C+?)LKoIY5lxCIx3 zZaKw&=RinrEU*El;iU9=8`o+9yU$SSqO*Q3I6&)XF*2;XzWTTH^Af3!`e~vMmPw<+ z_GxKb5eZcKS-sl&85{CYayweoE*5y$pA;_j3jG{^kFw=Wh^bdQmZB-Gfa|X}IKkB7 zVGD=-dbIEHm|ijCslAs#tKlEJN%oQWiIva>kSNujCVT@JyKQ~7ks`br?1pZ>K&3JPNGsDn>;#K4&Q{7;fr>I_Yx1<` zpRSEBmU3xrY_C+%+V~f?G&tJ$*zJxshB7XsS8bncB0?B$2*Ocbz5qn2Gj`8BoVN>h z;M>Q0PqvAhQ{6aj?0DP}zYU#0bd>~M*;p}t>;zu$sP0=-vsczpkmD0^K*NJD5kpY> zGS`uYC|3||&wz;6?+K!zR-Pc*ZX;r_wHt!Og0i9|K~f(p4r;Ge@e$n*_4Z1%VC+bG zn>8mPL#^x7z;uVz48e75ST*1*hgGoSdKyu#7w4%N;F#aUMQzX@?N;^v{b1(Wexc6S z`t}o_Z@Fg>FC7zeXoBD@_YB!}ohEHS=Z;oSExLIo1fM(5WaHE0UnqXN)rdrVK^Zvw zX0<$uCul9&SxHLp&q*&kz4oHLhI)qYvDfR;aCfKtsZNE z=k!=*3VAJPtF=~B-(ra}^l-cI=cI&nvmWuLn~HQcYjgZ}?uzz9w@n#hp79`O78BBAS-*w! zU>U2P<;=|eeu~^B09j&P{je0>kmgR@@9QP(Z{K#o{eACC=f24IqLgq)aeou<%Sn^( zpUnLiaQ?8%{gV`a#r^7sI&pu36xZf{0f=|xJB|B?c+*)O|MT2;9FSrZ*t-1_4_6jG zr)AQLgFn*PwC zn7R!W;>xVsmr_94$982Zo;icH!6j;hFif=-iO_@)ZXM>~1Bt0A* zi+#GboN10udb(SV9wMx>Icj|kj*9qhv^pQpK_c56iQJG;B0m&~ zblhQTVUI+1=HDY9dHC1z7q3Jr{xxGOP&fR$TNq{Y@BD3!M2=Tz75{$6l@Y4L)&|2* z=HFDzmSo`H9^U-_x%EH6KllU6l9aI^4&H=15~Sby*$>*n#aK~YW$wAoxNfwJC&|t8 z-~J%dp|1LGOhwx2uJB)9V+X%i%ZX@|7xgF0p$xSGg+)hH6n;ZFy9HXHQ zuq-Qd==`z{o=t-@MhYg)@mUA%ljB<+#MrKw)rmWjV|>=9_xEu)y^?8Fbu5JelIAHW z6dU)>aXgXvTPn%wXxWlzXfbBAs!@8e`tWQ+4C#W^fdiq6P{pb*S43s+#;sqQO_~1yL9iV&YwmuD zl2@FKgg->7NbjH+C*PC=i?c#pzT9>t(xm)gL$%W#%8;X!jpH#!IoM&!{Rql|y@~>J zCAifR%xb{>QZme%6KGK7ZL{9G-YGBI!74HhgDZ3JaEe^dj|`>W&VvP{)Z66-`;2+8 z@czinz<`lK4+FNMkTwIRYX)qua2bFzd}yp^ro1>`Ei61I7@M%9>r@zj&V^f^-*pNO z$KfUcrlNFIrUrMHmKPqzaPeh$RY5GY7(4Q53U>`q5X{0|Rj=-tScyY*crsbwj#%Ih zw>1>15seO%lp=27XybCc!DB5)udh7T+52)#L)9coi$owaZz!Zg4o1Vy)|t3~u-UC+ zUL7r!oEyw5Av(;D+^_<;G6jiOaDXNM! zRqyZPQZ>e*D%?IYOyuh^k|NeoG_;vZIqZ6H%A1Fzwl=~xK>IAu>jd7}eP^$Ru;Cp*4qTxY zQ6U=aSO?6hh3@jTGUWT!?dH1N642cm4XxuU4}B_dJ6Qrf*+(9tJ-|xp8;r9;vO>)` zID2_H+M~4_Pkj z?`8+@y~KN;#*4GDHY>cFab_X$HVNJ);%ySV_iMbHFv{oPJso(%W$Ut`J8N}u~AC-SaNV!;``TR;Q+bo3cz+w%Q)UIzu4 zx>92UYj`^8VaT(UqLLXaQ7Ejbq1~s1=-Vk{Wm~LQP)X2Q=p%6NL>H1SN{Q~;y!{ex zHC!BKHLR2B-2|MdUa%|F8Y|npT&j1)wYJzmDqOH39aS0h1&|#+FZEpJ+g^yF5Fz$6FwacsrdK!^zz)D@abn)XX4YH9l-{4ey9c-C!F&xViHvw4ep zwutKom&<;(*-uNJaeGxx({c!#ZIo{Eivi`fDLFexbaXQt40W`S5{xe^1`%3Q^YoeR z))^2xmLReXzEE;;HX&RLTFcuQJc?d{_cg$$06g&pN+M>QwdfXn=D+HE-ic5D3%F1I zh4#cK9XdyaE@0?n9eM>rpAX!DQ(zJmI&{1Wtzc-a4n0dq)eLg zV*@@gXU*3{yN2>9sQYXvA2_3-_+dlwH8Jotrwp%RB?#!cpA;19(C1X>eGHwZLmyC~ z_cF9nhgKj|^cmYJwmFgHd}Q(rQV7ZXSdI^n%-2M-2A$x77CWE?UQmA6pnOfVYtY>t zP^CrfdYniadauQyGPi66W z(wxpT`JXsxM(H$I0%~hs$}fCX{L)v&!?y9E2^nSOV>~K|t9>PbSD9Az<(zbciPAKv z1jR*qsX>+R01dju>J3Fg3qFzysN{uIfdyL}>h29ep*H0XnTwDyFBb8)?l}Cucq)FD zkH^o-iTFuO!jFiUH4PAnO8t2uK5bt&$&>CqzA{&#QJN9d;F#xbP;KX+n$AI$X+daV z_9##1u?xi(<(SbVZTG)WJZ>t6lotGnRH%T{B%s<280UYX1q)hQR=%&xH1E~EI=PB% z@Wfv3#6Dj*cwmlA#UucDz?%S+Z(Z|)5yUl-&rHZjA$&*73LXV zwZ>PC@m1-5jf+j(J|?^x<5d%D;CW$T71oEMn802cjOGqGBl^Y}*e4nNA{hN{T=bs_ zOPBukSulXq^@_JbVz3rkjwL&o-IH7Imm?LW>rZH^TDoE)W3~^3ky^?_w7wdU(Pazq z3u&*w!yd8Kx02BJfe^7Xr|n_c&vtpnB7_%duVFk#=r*e(&m zOyYv5ibjx70VcGtb>Qskb(D)okvdWEsUzC)8x7H(i%)y@FL?#=Vth!o$nDEXS{UCJ9d=rg8_6t`@@cS9H%|= z)^5$n5?~v zmJZ1u2Z;|vTUK7K>-xUNzP{w|!7hM+4Af)z{Zr)q1>e+FRxkex4bjH%M=I#~;%r`X z9Bvz|QWR$+Ngk4niLM?K-lRgGFV1SPaGNRuv5cBXi*p(*TJ|T7E@f z6JN15!2kRN{7>A3q?GTK^E3x9d|9+)mq;%p(hjJAog=k5gaTw*TljzgCq1*A|ETRbkx4~N52d*ZHVJkE$VB${-7131u& zx%F__hI#%w7h?N@r>FU5278)T>y-auPt&StOA5;S92-{XVHC)_!N}KukFhSoKeY)IpEk#^y17)P<$Cd z*x6XJLB+S9+AQn z0jh}&tp9nsbOTVjptnfHGA?cwsU0QjRHQ5v3De)CG^xgA+U54>FR?lrdM+BNBR|6R zeE8<<@nz6|m;~Y8=14QbQa?w&lI9JJU{>)hyeTW#r-dmSruv6Af9aou|Ne2N=JnR! zeWWgNR^OL3Bh4ykdz_@73a_{X7JIOet~T#Vr8}a z?;5>>0xad>QSdCxipbU^7b$g)^FMNag)#8aBDE2isAzQo=cmC3v%P6pSi3>HMT zVG%gz5a{c-pcDyU5WkootMSoo?z>Q`BzN@8RRaHtCgFIOgss>+WRvh4r_M%z84eX+ zeL*U=gvNB6n_uUaw|qUaNw|6aZ5pJYl|mcXVPjnpA=aKE1oJj%%I5)_Ls|$6&Q@6i zD*`A$V27Gd?w|Nnr#%;GQ|G9-Y}iu$6W{5$;~00Wip!O_-k&?Id_TtRtK#wz=T8jK zaXYSt25`p;+VN=%%r-2gaReqoy8wG>V1si#`kh?-=+PU?0c9&hDxmL0jo1nZw>qMF z^^C<#&!P&udi072EaL17DNPh<>MjT3F?DC+`^5|Jv-~RjC|7Z&PID4V;JOSWgcec9 z$sbWmou}27*k(@$R7Fdg=eKh$1=~+e#c}SN({G%LJI#LQRNM(z(ci%XfJF<%3@ru- z>LqG$s4#wU(-c%0^%pJ(>#A(uUV!l&7)~H7_AJoDE*tGoE*PRaSobPr) z>J{aPPn`+nC#X^Ca08TXK5l@=5`hLh!VTp?TuV-Pt{CaHH}Q=GYlIk4#N%N7()U^% z4y?e!wiOk?Irph>Jqg_5UvNSn6ehwCb&hv@0Ok@&HJ6q23Jz-t=0sSc|3lr`z*$*U z`~M6uGQ8v&5tWh@6%~9%^92QKAdVglic$CGBX~9bDM{KjpnL5jvLMQN@z;_bgNsy;9 zRg%f1l!8o|+2xi6964ixtbgtkgo#-4Kn8` zwdTA_{W;J1FJnF|FTKdZt}yp|aWfA-@_hV?PQF{HDbdi<5Yqe^*A_5>WAO%EV?Bii z#_u?mCsIdugjrv?Mt$BWB)0U0p-;I`VX0+GZ@^6-bfM~smW5&HeF|0atm0-4kEd2Z zDz3U3%%73CTaVqxH=TGO66(MTVp?7Pnja{=9_HE_p}jx=dmu_>jWqzAmsSQ)+xK~m zCFyUM6q1$WbE#>0dJ5z;(oZTD>K^dPrc|Xn_g%o*vh`M$AMcB3zAWzY1X9`{gWm2{ zMQY1h?b-SY0g-J~sV#LOn&)4wp}KW|05lvAr-^s^?rFFk1KLn=DsD&O8!Ar0-Q}k_ zIUjryRi)=nE>GVYYAetTv@8rO@4Yev>jGJ>e`k2!4+P%%zZd$Xc@QM%9{arKEU1ke zlv~z@<*cO~#_zla4dT?35@y|izQwsWQ$m9TUxeolH~#J0(xoDX(K+6AJ}8-rWE$m0 zxJ~4dJlvy_$KRupv!(p`0FB2*vmaYSiNR)3Z?ph;`~u``sR#@B>lLo)e*Go>7Fl03 zw>-hdnsP4*bN{F?ceqm(V=4-vmnYa^!`ZSX%)YoVyIm+~dt@a04XNB78JKAfY_{659QPN;rYIKL-iraS5|!I1#j!mHjG3w0I=5$;$i9Z;!$=NdDg&^10U9Nxjb4`inlE=>_XG=27bve0!vzH+xIB`mxQQL6FU=P9v zz9PH4V@UI{d14 zHh+&YS~i9SJxrP&<0TpbenPEkJ{tA{k8wK5g(%l*U(PG;E78?dNwFW!hAM`RM>I{W??R@{ti% z-4U|t&P>%d1nidXu#JECm>RXiS|jT@z%rTZZII%4T(#JYn`*#9P;*rcl{Twl@72GL z0gWBV%KIng##de{nuL@B(U(_3p+Mv}eFFJSZpm*Id`*6{G$y~vHHiGC)ME4B+~IT< z&hOa$S1ioQZ_98Gkl%c1^nX)?W#Sqk63I3R!OaJ}7?APb{=-zAdD;HHylk)SyC!v0 zb9tD)iS)U7J|W~c#RynJ!h(RS`Uj}$dG5T;4IO_E+e=q~3A@x|2(NaOY<0 zjaY(Rq7jo(NJeMS3)8>3Fx{I>zcM%d=$!OlS|$lxIzQ%(U#K-<2S?0zu#o3*@i!Wa zul}o!pYO0!)mR^zEI zNf`gH$*5Hi*y`Fz!rAOJ4NoVMN~L&7NCBHK6u0dFfQj4|B=yI&Z`5kLH)xsQWIR^Lt6RaiB3Pd?at7A6(m`BZzVIDKz z1oH@a1*ECJC?7UD8 zJ1_dJ@8)+-x^+%EyB*h}basb*QhG-xI0}(X_2SdCIhF$4w7K<}F|jraAI=P~OzABf z8PofY>a0sWhu06)db}?6ybDmFkz_CALtU~x1hl1I;`eK9sh9b%C*kTg;}EuY!usb> zKdmH9@>;f>^QkfmP|7m~Z{f&k*COGo5)uw3-(+x35ef#X2HQcDf^9X8qb@iu( z;0by1`PoA=sj7HON0_xm^p9Q3Ba~=%EvgnxIlrN%eA>WsK0%Y+af3eZh`;I;MR($0 zoX(p*8`kjLJ)_NF@bgxKfBI+E0^KsYV%K!pnWUS_7?kP85xU4AUEjxkC`bJ?D(IMm7ZIg4^YIq8nx!LPc1_XdCrfoOO}k1?IV|l-C(~L|)+1-TX-)nQ%YS^{ ze~tWy$)DfQTx1Gc0@ehIV_$nM?VcG>gPJ>9LrWJd#LvVObJ;DG;H5`~zmS8A3~5xD`$cd=Ue(q(ehK zx@AgO)+gsN+>)Vp0bWe2T3ga#&}{ zuD9j6FlN`>f_nc8Zw3-O7NSIK_KAB7y&r*fBZ+3+Kjvkvm5XgxO(4c5ZtqT&o}USq z;|-RT@1;!LQMZ3|`X^}0Z-~+9Z}NVlQ!Re|c&H=jZm1)mf>ZK@a;noZiUvd*0nLau zg4Cx+Xa?eFotwG5^TOI+UBd-8(Cn{1JU4S4{;kP5nd^7Vs{M6I`jW}hpqwdC&Lq^1 z6GT0b5XMP!(&H!3N^hQ*?niG2!Efxy={q{GrsWqgOp;>0ZgxV*E+e6?}vEASz zusy>Q6Ht(+6J7>W4i5{uUCax$-f&s91sU5niIX^X{M=u}6%u`IF`oXj{YIYD?mafP zFBX#!Gt3VhPGIOkJC-t#gV-?y2>LL^SnR#<9}8-1Cpt*@jxc;5#g~Wa4-CTlRU3EV zVLBd=Egw+mK`yYc#BmnbuegH=49gmyNlX|}7DqP~SXdVC>=M|oEKZkAs2i4CeUV56Ka zJ1e~1ofYn|v%>2c;gVcj5#e@fgJ#{f#6$dlShH`p<%xFpu>YdF*_n}GQ6TB`>`(-j zw}?69Ld@aU&8=Hb55$}!BIjXGxJUzFE2#ua&pKOvXRY9ZB1}?xaaz8JAB3arnF|Yw z__XQv8aQ=Ymv{&j>qB5rZD&=ihM-BLq8KCHVebAs5wArtkxs0ytzI9ix}`1g7>kG0 zlVpLdaOf|+1@BXM7vbmKy+xRn`qsR;BlLcJ>j?L>vTB)mU=`XeJu>U*KK}&BKdpyXY%O{x-)Fh;MlOEW&@8!?_xu}mYO6Q$AiYDY8r!o#2{C4*gyv)VkU2}FTjG2x7q_&=;w%3K@}Yw+ zB@PSJ#h3}*$O8?|YlSZHS9{IsC-3T?T7HfMV}V>bj)Yyw5+&q2HPM}W(6^%SMZ{n= zEa+Yt6keC2nkzU4UD;O4JqFQ9qS%Wjmoy@I!8`NYrH(bPWKS`1eUw)kyI zZ)Ubw@Gw7@KZMCbKp4ykaD+a|5r`49($CGZEuZ@jpx8O4w(@R~%c z%o(*ZUs|B#h@~N%t)y;G*pSba<3Q6K%W=@!9Q5PHSY^5UjG~`6dRMH2nnWJ>FulLp^B^Ip5o{!2{B=DP`rCKLIKlgF!D=xxofC8{OKo;y~ z8~-09@jB;yh%xjqhD~dRwI#kcye;wl(QSzzjA={UQ`46Cx7*qhKdfy_{3z3&s8Of4 zCsw*oo%`J3KC9g48}75(eeRB#%-d80Xpvd$#4clN3Kd(+bB1v)qF3^I0l$0YkH+uT z!SB?}Oq1H|_}!x?=b6<5VK1DU5VN|9RL1Yjbl>sINd8Aj?tLwi|Bqq*|DIEj|Ldh1 z*jWRt00iTgzdkV!LY`mVS6IY+ieUG%wy*4_BU<{xivGDU)d^Nns@1m@%`e1W{sS1u zSdYW16z|nNl&4orK-YV>Kzc?pYIo1$;678Yl$pdj7EVXB9Q{f#oDVOob-j`T8>^+& z@eOlI*VH8*CX-1d>)H~J*YtcH@?jKhWBk`iOfK?c=Iz*w|~=zW}uzn45V7z4D^)E zKsz-9bXdLc(KfE`uaj3&fpKIHa$wg_s z6^)VU=^NHJ7U5={%#R|oPUTX#vQ2GFUElkc$kbJ-JEA-?(_wxJ#7;LC_4#uV{^~wA z7yW*%mFmH)xE4=yk;hy_LcUWuV*MaVTfO&vXS5ooQZ>O>zT4+~qR&6kkUV{AR`pTf zpU(*o?F18~z~)5Fe)aA7_lA8NPu;`lr*FSPM=_D7mf-EVlAnOsGjmckGZI}lB3(M_ zS3o-TNz&`cc$af#EWj>dz^*Kq=?u8d@eNfE$2U|zq{(jE99EWdGxatY+-$eqpY1r0 zF)Q7he#H*=pkSSw{-gI5u7M2Zo5NV@w=52+5rf@J_B5 zW>%d3p4UKF<1{|)i8X?!J#mlwNLhz(o%=MnkAdt<=dWk-=x=V*C97&&myB2zu)&3o zh&`vQ>e7V-7tUYjShPXr-M&Hd^xdjEcX}pq_W*5vusd#rX?Og(qtxcR?WUKz<>(u^ zjHd#E+89Sx+pPgGzw4A4W`}C%`8Gd5yhhA}DK*cye@LRBj0}2AF>bSr?=W?N!y@Y- zG8*ef*-Y|jj7VA3ydOP2d^+C)Up^XpNzP_0plrXxfVjeXF=}19=V3L=5NGpIQQWl}IPJ;d4%sJ60vaDv zv@$S61(!99*j5$64xg&Z@8X#us*rE(c7~`*7^cwt)C#S+eUFmF1L_l9!{a)KjgPCX zDGt=rjo&Ey5U^!u=yZ-QFjbAO>`{xH%Idh8C6%RSh3*Gn<5o4>+;;lv1_IBXY7nb>_&Zk%`nL5k+8B%Rsk%hRCm#uOSsQob3!^fHq6By zv+qu`wB1W=EO)bx&1YS4#advecaogm8DcZl#D`oHYyWIbbm)oJts~@_lv-fN$G=F^ za)*R9L{sKFvR;E2FE3wx^&;!dHTm`QG@G%TycJqc@8nnK{rI3)p=>GVdM&VhQ+~?7 z?l(Y(Sgr`p#_{ngS#0?`bMA_mXQqoiadF3XqV0m=+9nkrTlQJhcgW6-swHD#ZaF*r z$Y3oQ-KG5OS&Vxt1d8FBR}>&_Ure>*VR`p1I>haZ?e&&KtIeGtO>rThuRLgg>TZ!a z(X{MFQ(zu16@%b~4dqS}2KuIA=sCY*0D2a1*RPMBcxpH;@sY6WM zVZzUHzOV?>j{N9d`6BXHqkXHe2;H8rW0c$LV8t5f2B{D+ZMGRi&i+CYhWSH@Pt9V|6EOo?kd)@se4l`yKrow?c;zU*^V zccR3-T=7MfxR|w@5*P6;s>HqfTW_GmWqsRhi>*Y9Hs!!14G-FX^k1y~wbff$QauNN zEU4OuM>(P8SvyXrws5-gmry~x#34dw=`g-!RoH3AvoT=z@E27UC$p>6nGB+2Jh_E8 z&POp){gk>8lKc2ZF$8r#v2Hl*i{HmOL16dt0c?oJ`YWmJz5Av9o0aakpAuu~=hJQ8 z5j(sQkrfJl&0peE;6NQhf|VvcvJ5(rD>=0cY43M zV>FA-t#o8dS6KFZ8l0)#>Rkh=A;)n^4Y=YO5q<*>S9mX~&+Xe1FEfZ3&dRbd+k}W!#FBir z+%+J{4Uv}^A}^zG@w|_i%G_CloWbnR<^by)uZ9D6^vp|+u3ly*SAv0T1FF4Q=}yx_ z*a5q}ngre_R7sh?oz?sxwkS3ez7cM=oSMgtmWBgxbIgQdxXDDa-B}DbyEr1~NIHs} zOY+%rA1i{JvtAL^IozBS;-+;e>s*H$(J;6{hY{jNDoVr2iIC>of|LI^ElMXR<+ByV$$@#fttvt%ONNA#;SgbeoM4IP=5J4#1S_3HH$iKM;WCC~@tjz~&$Pr{~dJ7!a;9=g35VF3$35`}twhmL3AB@CM! z!^W>f!X*;5nIlGOdKRqbYx++BWxmo9cjkzy$t)A$MlFYhEvjP^CDNjGN`7Br%_5z$ z83BGU+mSxB8>>(NBNaBgq4gh06aH?3wd6}KoOOgA(UQ#=g=x~|*e zq6@3B52#NYEdrYY;=RMU-l5>)xjR7*&0%+x=$?_#Lv534DOtwmTG+lbrmACJYgn9Kmo{Er(2E|&~jD%-Jcq+p4{_#Z>v5{rB z-Xf4r$NOM%nDr1DyGYaJy}PSKkENJ47y~<%6+{gqir4=LtnTzmvSsd=52qkyPSEQe zStH4K>lELj{_V%Wdky?Z^Y$MDuii2M19LCvhk?WYI4A~UM1>gGmjMHyQrF}=47{7e zegC5vm}%g@B@Dc>bN~h}I=>$V-uZ_?G4R^&BN+I{SNdb%@MQxqkYp4LqfwdM|!T9zs8+P<9d~ zFi1KusjlwWr>AKdL~e|UhFLA!icaOc>>c3B(ekC!`*&B)%icIwPN&N0QaN2=IRp38 zdK$STOpiuy!~m85wCha#zmKF!0R!0T}Rjt0%<3Gj#KNaL-5hHmjL=+cOKcYf;)VWp5yAey4JDtYto4@9THsS}j)^moK{Z`~?cp^PuKxP4(_0Z#o!JZ}-a9r5M0g z@AeX?b#kLy5Qk&lIk-)!oY>1#O1D1HGFqX>Sm+*96MNv{)ofF4M+Z~ReCV)Hn;p#+ zz3!zHB!0~(=_U{P2#KFxN&I|5b;}+n@yx>@u2B(4`TTBrUI-mK%8;nLF{@?w_F~w| zBW^@{lr18m|MlmHNl56bi3vWxfxE|-%oX7z^I!uP41z4$@E2T*%-{P>*B=}uVh^wq#OdYV zZyhBh@kEgSI!{fxVSKHObQ|xH-EO*GhTBDrBB4be|GnT}$udpKN z9|7&ZaD?POnFQ0hv7Rmb&=(E(wc5xVu3h#s9cQB8CIN%|tR$~vfb?os1{rjemBlI{ zy=C*06Y&0we5TGTA0<23p9kJD^Zvql^)3chmwnm!BmH5F!8lruJ+UgC2eK!_n*@PZ zg8ZJT-s4?4$;c~hP085r5U?o92nYh4)|gK#8IWL9+#ieQ9}o!7@s?>J5<5U58Tz5! zo@qHGlHn6!hP%kXn9EcR1)*N;O5xH7yXv$&&V*4!-IR|rw4=z%QtebBR6FcE#fn9A zHH$r$JYD%Od^3-D-oaO?r}ZrSKJVcxaU%mKGfT?ccRCC0ecthI2HWS&4-=GIe0qKv z++mgRhl;xDy*1T)PrYd@zvtYH!R4#=$k3}&M7DGEqGBy|ACOjxDsh3CK5+DlLf>*W{i9vHsV4`C4y*brmQPtB`XB<&70)rR@t`M5;aMm0o5bVVPIGsDKc zxs$ZO(j?)*S+{-ayX=$gIJQ0Y0O?d;?xQqKnHcrNypQz__b)UlWRpoEkDo9q z;F{1qX{ruaJM653K)?{f3JV$%6r8cp2u;0hEz!yQVlBC}pe65(wgfpT<{dJiCGP@L zYJ+u5df4kX#Fx3=z8?81vdMn7!+K=i)c!s4X4-Mpkov=hmra_lLt5I6E!L2$3Oa;i zy&-9Nf0{OmyU`9xtu^eskDHo(BHOPf1uGEOrfn)SZAS!q)&ILIN|X4^Wf-Yv^%}iv(Zf>Pe4gB>K3d^;eC3w*w4j=%<5UeYg9CS3 ze!6J7%o-r8h(-Wp`jXS~NQQEyZ|gQwN|;-&Hs`nZM8YeliSmPLC*ruqR- z_gYXXN3Zo)crrEj9z;4!C9M?iqktPTNl41dHJS3vJa3~wdaQdC{5!EGT`p@qOZ*H~ z>VA*!!al1u{Zgqc{4{hI>C5jnRm>_>F{>=}aA`EscrqMQzhY?_)7af;V-^Rud>~=_ z5}w{H0($;e^=cn_Bz#=w_l->>knU6?B#`bjT!p7C_g9;-Dx7;Cz7`$EM!epyt8vB7 z#`Q~FMYS18VvPlOtI0M5ZN~gC!>7nF1Z~EpVTQ9T!<*J-+syXk3we^4GP`76 zyEpePTH|@%hcyH+l-bLMg984`jo@zcV2KFxtops*)_!Gi!?&j>9Moji}$}nu{q=MAxc@Tvg{#Nq614?!@RM6TZ4ToRGk}JfpwOVMt>0&~y<$vCv zmPaxCf4$|R%ITn~3*_6n2h?6_KC)kUY{;?DmeATY)S6 z9N7iC@ppUc;P{r}M;}xQZ8a_Ad{a}I*pm!A;ienHpIRVGpYecn{L9h7r370|B_uyl65Q&jCr zGIIZ8a%wy3$@}J}w|MQ6o>a`r4}`@eGldy!aqBRakI+t3wu=A2`rimK0w=Rz6%Y!k z-m#yw;v8n#ShEMyT-4Eq1%O{5#8~QQKtj)lhvyr3hoG?rKIA1GWUi>TBK z_ON$xzjT_g2UcK>%;$a$O!X`_@^CdTx1LPYfe9m#)I2p@6L*~i4ZqtUs;?o4R*r62 zC_!%Bs$nr`$S{(vuJg16cQQjAw>&|O5+NwyoJ8M^cl>8m8w}6! z#2W87Bc?@c z7N0u*d-18se~wSBSi$r*jY8W~j8W56WXu)HrF5?wd2a|?g@esLdD!GV>IQ?&#TaaI z4h6O*#!6mBE@yR|W*@J5Z%NhhE2^On@Onhc1nsq)3bTvswJf7b@705cy4PYw?7B1D zYgw_YTc{ms(dSkvVkQq$Gf`EE&a@3#VCGCT=96(gqQeQ+6w zU8CKdM$S4mnVt`iIInIe#O%LHk!e)X-ai`A=U8VGznFOM)vLK;#qa(=cP87wq2ob2 z+Tg)9wnOricXFk}gT**J;2atrEKm4Uh0gQ2y@b7A8xvyUO`#=^538bS8Xs@b7qkgs z&snrw6>1@#WPyh(wN3^ zsUJ;6Fq2v_h(jAA{bS&*z)LTr43G?lhON`3oXi+xc1?z>pRK{^0P^6rZQI&YGjZWy zd)oq&FF$E|Q{DCW0GG+j+|m``RltLLZr6k-)v1$?jBZy{?-cpQKM0JgiIBWh00uLl zc=}Zq?nA?lw@$__;|4@kq6-aH>kc^_QxiLLN4Jz84}mPbaV%C2t=Q7F=C$t|kv#V0 zFnik>bG8gg-X9QVb<%>qaMRP}cZ?A$b`hv$eXv4QcHyKDQM8jLBZW&87Tk9WFyKdm7qZx_y z@jE0DqMe?R*m&z0!jKhcV~$N}eW^#X0xp*Lx*LhBycr7cLLU?E8t>d>hsS9*^ur^U z{sB4-fFBliRz(yel>D1e!{$bxlz#ySkQOdeA&P|z%{@h?Ozcu|<%O|>v8-Twy@Rl3 zB@v|CU+arDuZnvV&9KKWLZc%nj-gScxY^v%|NR zvf8-Ml*XIO$-;dRrK50hdE?H|8gC6Yj%=dbGsZq^$J%GzJM7bNpncY}14)vNCG1#p z70)m}$xP|yrgG}^m*AzpbUqP(rgQ_IbfPA{p|k;4U1BB4e`E;~DV+B>XEsy%eM?wR z!n-Zux7re|SF|NIqodn$bz9#B_?C%{?$)#}03}NV95nXY(*nvnPJ8^4$&aK@XR4aRCNwOXV5X1R(n+a&4Q zyX@0rvF;4LqvcIaC*~bB+7~yc3#i%oTGU(H-BRd%xWL;nE$Tg%0++jhc9YcwADob2 z9JtQ#U2UoJY%FH)>2Tmgfaj}Rzflg(5F2myB!RsWFOaPF_|Wd$z&Dt!VlwjNzs;m zWXk4rN4&X}gB~9XO3luv)ZiWFLnv~sm7H4RN?si)*}@}sfb`~Hl`Xe_6R;;>y5Q4%#R$T*7rlO3)f=WgBA-?;z3KJdQCjb9 zzO`Vzw=2bZFB==`de4ej_N6zy-n;m+0ZXa;dT-I$!BXl_?<=h6SnoYm8Laox|KRjb zuzVYPnyvThpa8G)W5IfF5lQ?$57(jodhY`#8mkHxrLVu<`;UbKfXuJ=HlGy$d4l)X z^9;!MhCuGzTNZ0EsLlLe_bH9L9VUhBPmdzrKv=ksY#G>E zYOO~d{#p-Lu+~$>k+q)I5cV7}8#sbDx_TsFUuPT7J@4IjMO*4>J|%6bYxrEvkmaVD z)>6#cYPpC%^&tXln)JIMe)~AB2{%|+GBe`WtLf)`YF54i6DTr*slk6DiKmbh?Qh?(Y+DFgeR=4MV=Tg; zVc7<7E~4)io+nE*%xp{ijFtM&duyuqOwtJ5bCgEto})EF_q?l$CyYw}{kLaI8W^wO zDmFL`ijg+F*ZV#(thz*F&rhkCWJgv_@gp1;c+vMADJX316i9b+DEsg&Vhs`xwSQlM7Gvu@@pLe#tpIV4XSLS0UoT4$7D9K z3g>)Fy^!Clp0#lzqR8Y|+^M6374fEzYtHY`)oId6OeCHDdTs*_2E`KGjE`ePN%XY6 zIx4MMx7O~iYkjTR2VB*r)9!AIVfIKOET}mjf{2N8i%F|IOf=SBf>FqDKhZD{Lejcn zR3pWLz0xF5G6qm6MRYp~pKcX5s($~Taj4dyaTG4G!1qGoD1if?D4b7lSrq(o~#i_q6X@CKX?LS;}0_r)#0q2 zsONLn`RFTci_L-rK;M=Ff}nhdZ)m1t*BW$ZVkl?n(6 zZs?&x;0!mv$xP|@{$1KfMo6agU!8Mxru1%Hn69Db{3b5cocF*JvN-D!KSWgd5#Z5Z zKZS}*SGY{vGgP|F5}-T|A5xGa%yGCwtE}twCPI7c)K6Y_lU|HF^~Sb}13s0>8YrA2 zBXU#neHX`?=kw#VQ>UC|Ix9ul9WE|(;mN+v%9>(oM7f+^#DCEy>$QlVfk6xEbTPy5)SQ$_hEa56rim*!=f-ix z9~GwWjHZ_-n!atN)g>0G`ezQ0r#8_4g(Y-EOOPil!A|vIJeO?}#NL9>j)`&l<>sQ) z)Num`(hJCDK_S_^{GL47%mxTYHb=4YGgYTBZWa{|_ilF*9bGr!TAJtPB>iqNE!RnT zU#+h(_xsFy4HbtU>nlWDDHMXvS>?IWm)Bf104XE6H`KIAk9Lege6?PvQ~SP^Ev;Lq z^MRS?Q`??usH3Y4Q;Wb%8e?2L4O|iqHHe1jWMikk25wcNzXt9kj>03zA3{` zK}@7fX;oXSi03~Q(Z!WJZL32KH|DZtIJW>(PrhbeV}nHzsA#4o@9<-yG%<;Cz3|c( zyCj{CMjB~PHs6Mnm*GJ zUf?mKrDu=LO>C){9glhIFJ?W+O}bbN{(@eQ|7$B^*2++}>2VM8DOl|QqZ2YzdPKm&^k*)s(~M597Ow^SMpAe>UhZKVvyW;_8O6h zWmpmrB#FCsDua@Ts<}qJ7g#A#j`wp=)MNKp8=rauWo`hDlu>XrNHw%lqA+QrU)M_M zG`rl}w^h=3EVNY`hsj8v2IIjv)WX1M$#_ek*hHU%0@rxYM}HC473V&?w%(7%RYRe5I}^1F3JMQN(IW)RnQ{VD3e`IOI9! zqqpr3x0|ZeL*RC!hs^Eny3V*A3dW*y4h;SE<{Z)7e$6@R7zjv{anU(vVbXTh5HOrg zr$4zU+y2ftF?SQSW^OdR<$T%`-8SdD`GRBJ8oTq}5;U3&;rHkc@C;CUpjZysO2D4&86S zQMG-!3teb!-vJiJh})Mt6Z0!lN)s7kWTIvSSz~I$WvAQJqMy)x1p`@1w3MpN*l#Fx z6r%yp(SUCe7<9I#t4QB7T@A7CFTEz(_cj>RfMllhj%E8p1Xn0^*yN} z0J}vMX5A^OLcpFUXCAN*2Y}^{e*?h&e8m93{<#QX!}|kvO(9_2bURk6?0tZ)e+|*~ zi2|s8sYE3378F8dqEjN0GXzlu zPf<#y6h1$4#ZAB|?LP|HMvKkZV?Pw9m}13omEX?VzTtXBfQvOm946)WdS5>-kJmye z|0*tO=LR^_{*>mv88tuttMj=vWOYsP5!4NUq9sq?OiBfzrq(MDMiDK$X^Xe>R3nRS zKfKt7t2#fBLKKcoyTFnR9CPg-D|J1wu zB&tClt~+(&soerBy8xy+ZyQI4QFm8wpR295EIW-nRyzsDMmZ+n;3A?qlgn|m%29@6 zYcf4z@`dR~F4R?V&n46U-Fzg#@|vw1^QRpVCE!{$UN`FQsp7daAKp~Az-~`<@$o67 z6K6mn7K^G~i85Km6zkH7Z1&aml~;{Nv{u*B#p}a|BEqY0_Qdb}y||C?YgT97-kQlE zLl`x`=dHp|*S{L-!jOHc`>=D}&m))L1nIHl;;% z;omF|w5ekmIv`I9bS)rR&VHr~i9*-OcMq^H{SZ;1HudMH^w(~89yOR&c<7MrjSmi4 z=N|`!tdXb?vI&9=WW~U^yXO6@w*j(iUI((X28ZnMC}hh{?ho1BlL~QGpn?AEADAhp z%^tEYcLnK9_56Y1N0~lg8ZTAQG&6yV%H>I zqQMrS&$jIvd-?Fzqc(H`^OgJ?go<=q1mf^1-^BcYq1 zzYt_QRax~VTG++d1=XUSeR*7>nPjGP(~{`Qt{W(fe`v2wJCr(WB|$3DmEBm1 zbj$m4Tw31SMTH0{L29k+x+5#QRu=zucB}XG4P4MI(#f6v`G3DSXX=DB(~5*C1p&@A zI3>as*tZDxZm}=4L>Bw^pQV-DHlz@@l0&(=i?sUd83)T`F}Koe5S|vzrpD7Mi6`?i zhCQi(BP~M(Y%dGk`LGfA_WZ)WD{OJlkL?xHNEGY2CsOVKRp-B6xyyJ*=#9#J5x{d7 zJ3yUs0)?idBWiq^Scp!a+$oXpJuY0I+@Zz8&Co`uK?vqIPu=B?y34=}S}9Q%(z2uO zKqH|*pQ@#i@V!IVNNoME2v-y(!ZnSAnK@=kM}IC#w;B;4-OAICZg*U7bgP2;(XFh_ z9NkXB<>=PeNcgD-Y9#hg^I*jcSve(a7FAA-I%9z5VJ{8UU+$DZ^DvREDhdddQ%>^` z)iNkgCZ*qSo}Q1qtXD-?M|j@zah6TGKzcjZpWliBZKo0I4;T@_+J(1Q=!)&w34gkE zifML(H)JI6Kz+`EeT-r;)?7vI`6ztSrHB@yV=C&edZ!EG{ zh^G#8WppJowwp=?Qhfo!DAmm%v*1Xy>euDrgQu8iDaO1`iV2qD9Ys>Ot=tv5;I^iq z{sD`KVIR^Wg8O`G+eXkr%;nmX-sQ6t=seA6!F+YgqLI#YC(&i6Ms-?Wb~8MSZBCix zpm6L26|vkQS|VxdIezC7o0qJg;FJFN%&$LuNp%S8k3&ZcF6BS_JLs(V`r~1uLMi|B zqx-Kv<{wfhOTQV&ZXG^2Wb+4y?93=+tB>k01O)**Xx*x-2H%!$Tc?nfVZx)|Mj_dV3gJ=0eNP*;4fZmyXlOwgx?C zOQqf%AZI?L8tUpchQf8dTo0jP-mNzW@b18ecLy_F?u#yCzHnvS8DtFZ`BlpKE@d7# zrSyW7o~y!B%Hu3$IlsMXn$lqc1OD`sg-gd%7+s8nkZ%pLzNpap;&ZgYF-CEqzyct8fS8@fDum1olfzozt2M~Oe%8z#4e=%@&c7bi*2 z?VdA`aURT2+>!%dUpszG{-WQ$Tj5~n<*Es!Z=9kz-(I5vr;s?f`CP#8&X@rsfkjZ^ z9%Bn&YmWfrWM7zX8u{2?sFIcnt;tAJreN#f`n2aNGMZ?HnxVM^u51&jcmG)FflAz# zdYJeYZt6yhVaDKMg3)R|QnZ?F!m$!sH6MJP zYQAqN2UG)X7F3fP6KM_DGIGu>&e!qmIRly!Cc}z(Kn0ANf(pJ;v;qwr^$Pj0$T1M?6}4#^A_fztv&i*76vcJ!qPwM)R`C zqNbfEVs!52-wQ!^oJjyTEBS%mt?~zVuDU#@9WN?bdU(dRI**O@B7emyv`5*NdOwAh z)8t$~9yd9IxGKV1WK8Hxd`ycpqULmo^O*Tye)cY&C)Q~$w^SJR?(3;Or z@7J21vqmO9|hMOw{Ks##TG!6yI?@;P7Ipx&aeq=w1*iE&BHH)iXc2= zE}uiL*tLq?2*yKQpN)qa`_wPxgTeo6HJk`=mh{=C=V*Im1MS#^x~0+bLC@%#z1z;V zw#n_f?veLc8Y|RK)9iv&L2^Z#q)b-ZO5j}tS{Z7cta)jd3b}s-xNrWWh~RyM27CaN zSCYZHX};}}@yb%RNf{$N{KW$zTrZmC-DH8Fp_ei~wS7k}i^j?T&R%Uw3B>fO@q&;C z(G0i;HGRv#kw8OQk-9-Itqw;v4v+-WP1`CveRz0QspU&s6Iw<$yNV}G5 zoP-6AwN^H&5bxctz*RzE6iq!UP}}=HKot1?NP))}6j-iPtl35t;%&3>3cr z%cOSIJTZcs6Bls)$#pJ@Nadm_yrh^fA!DHfc-BH7V#W}Yg6_@7xk!Qe6*s2kc69%z zX-4;!)KAl76r2<7SSooE*AGR7o&a_`x$zk+fuTRZoqd z-ezfJ*?+vBWvq5(P~~w;koGjIkaeoNS;}@5S;|(;AOQkX+rgVeKP|@p-oXspUi$La z&Wu6iAvoNlnl62oz@oxkaN`8;aO{$*jn#OcR^wi51XvD)vdSa;xK3NCOOD~N5O?<) zF}(0&H8J1I+>#?c*a6>3X3qTSCyZRX!J_w*)76`2-V+JxJ4L;T9LxwL$^GXy&yH|Mg z7)Uy)%Mk0`uURK3m#5)0d;9tduK&(9Dy0v)_aaQCc)8QP=MFCr&}-=1UT+71V2-!T zDTVi{`2~wb?EYtrE{ScLHWwN()N6fHVAJ1TGg)-YpJLi;rWE+}5>F79Y_FMC=$#(% zw%1JZeL-(Vcb6Iw#{cg?F>qff5(3|pwUiAkt@CUNlV7>8YDrgd_gJ4$AR`u>@a$Ob zU?I_e^e+}maPq4U@r+ZHCFrb{KN+v0P?1&O6^j*Q6olFLa+G3aZ&XIX%SzBy=?pQxuVAw;g2Ctx? zR4a0rMA^h%rvdC{Iq&mBr}1k`>m9)BeOl97-rOhXYxN}S;NcwoYo+069Q(|%SC`TxcI6Hd<8qJx#u7O_V?+S` zd($%-sV?H&M9wr~6lHtxrW(uZz--+se2N=VzB}*Rr?$D1y>jZjuRmrsUc?v*#!s+j z&eOmmhvM!{O_MIYM~tsG&z*VuX3 zw{ErXKvCzsS;+NHg0)ATPkRCtuQlZq0ZP1@q6*?0=Iyh+=Eu5^>ckZ7jbLsq4s$mv zMp4#&Ab0?nVSuB|5N;pZnF}f_gg$C2F~;JMo^Q(=Bm7|>_~7QG0OS8F&{th6P({X| ze&&y>#2)0eAzD(E(Ccf%-=+oz=gW$p>Z-Yn)!UWtDbTfj@L@!N6Ym?UuFZ;=czUR7 zV>QMo)M^Z7i>z70C$wj@siObEtdx?-bZ5j@f(_3*vC{{LjKQ|=5eBuHqK)BqTxDsGj%-n@ zz{zND;?u3;)s*25KrYz{3NTyWO{&wo<^qG%&y%UQwuD(rI_Xxsd%!PNkmy|!m+sol zK^>N`w4!cWSbugt=gh2TJp#8!9v>arj%P4q(-r@!4tNXtDyCmF2F8-psapx{*&x`% zOi#E>Oea42dn)tsLR4u|!lO`y%nYg)G_aUajd?sB2$}kYUq)tl-?o`0mE-NpH9hv_ zK=on71>N*2)fVlhADc$Rnq;+KMeTDl%qV&~J%Aw_>8@Eiq2l_B>u`I=#ZwY1Lv#(X zyMAFSe%Hln>Y#lwBGMOczSBU-LqS))sID?er;m3D<9CQsig#VcI?&Aq7c&WVr+Gp# zy`WQuZ-H?v>@QQZ9t^ma+_c+!Dkq!8!O8o!_MNXHPva zViy9V9&a7Syu(IWyMOUUVlN1a<&NUPaS0tZPsi_L5;mtlA!{Q}b-Ky8gmJZZ`9sC$ zHpvPFbFodXm{EYqNC|HzJc7nOPVGwvD|W4+O`vbBzoeq(wQl)9&obB&4O${feG%Kp z)@0tQoOF&OF3~4j)xc6{tzBzsM_`eU?@^{6seU%DIiEF8Z~!&2+VBAet5=75R=W#9 zmFcpEM4e?wFQ}0OT*E^@HLR0Yk)aN1swuLNj<38;5OzoFG1X^KRnt;<&%oN;ji=5= z#4@|rLa5e^N0R5bPsXV!f~SSDGAt#28%LArKW*8nC~7hryk5Shn(8N``R+>x71r?3s5Sd+{yo!}l^ed=dr zb{j-uRa$FcQe_f%1Q6|-q*3HU&Kvu>OK==6idT`0uZhP-qSl)SGJ2)1r94*%u z5A)B!kal10eBgw_YqYn*J#@Bw3cRDLj`Cw4QEZK!l7VHjQ$g8=KxQCm*I+I?0~y@i zY8c2?JU%Y#5@?iq3Kq`zA`54Hk%cq4q6=qvBMWEJ1`Fo^0rvDD#JodCDtgkuruxi^ z1;x>sQP0HC!+_AmB(^t8+NI_D9<{g-V#HbT&oq2cUrRqlA5=y3q_~!sURB}OmZ_1e zwr}Ke-F^j-@@gv-xYg_49jLHe{?Z2d|u|^0?S1puM+crt% ziI8mHGM@4mbsqK`WJa@?k^#7~y2)a*Hv*byk($bzu;+l7d)SK(S|!~C1h%<*RPx$B zZ|@7yIN{q>Z#`kKQG$c*iIb&DaTz=PRFv>+!gVa{yn3spcFRK4s;!w} zY2@zNBkE?Mqpfaju9$-&cFcLY$wk^O6`CY-&pa#C&Q27zc=t)_4FfsJW!|Ls<{n89 zFS#&`f}pG4v2WkYowfxMUnxVAfI+3(z3)6P^lI&0-4zR3B8Yp`a=(P;^99)KeWR3= z$*md-`ddMYr-Wf)HuH3mf>A%O+onHMbj?Df_rsWN%RwmGHy&r5Q({YLFF7^Qn|qK_ z3^R~%=~^{6Q|1>eg0^>+6)y>Jy9TCn5YnQOaB4p zg!d40-|T&xF?Z(Pw}iQuUJbMVuVC(UmfM5S++jq8n0xQu{+Rp3?tz$FESVGW2kE5x zF>mW1d4wce^%$N8@3ViBhtN)iO3oC=%9>4Jw-aREbuV&I!15}OCQ+B!;F{TDgV*?~ zW$a*h$=aklx7iAQo`M-c;$O=aY64^je`ZRZ?EUFkF*nV-Yv3Hd7Bt6o^Z0p4-F8&8 zHposKCXYS2-r!aJ`8C$|>EWS1(!2G+%;gAOwBi|$%KE*e-rzk#D41HsC|>1_e|04M ztlvxO6(9xrV5~QQ)An4W5f-+oXt*Wtm+-G?+!uV^HY8RwKJnxCm+0; zU|*igC6l@;#YvIDjK)L@3S<|F0#(uqj~O;!$vk0%@BP~|Oct1(7$DwZhq#>&SC47e z_b&f&(IT!5i@2tsi0$KPfncU#6w~2m?~8f1why~crf*Ms%IU^#`_y;YC)>$~Cj~p~ zlWpabNldCsJ%GcR-U?>@4_IAIN)E^iUFrIG4_<00vmm=3q^gEtTj$;U$r59P{cvS@z7Q$-If&YUbfN=k zF{Q?v8`Z^-e_f_tw-;QP-aO03n^_OiGNtmKy4qSMH@cctu9%&kwQMPYMOtS0p0k=< z%f6sNg$aR`(X>RLOns+)=B*04O~Kx^HP%u~lGf@nSYeus!s^nOM)!3Vsn<%lB~tGz zkSx9DSxu4!HS98?%Nhmwqwd#8#Oc%>{X*;&UiY?RHrs0@7+1hTB2%x#`|4GQJMd9! z_a?^TsibPmHccYh`vJE`wrFAKH9lkLT1EQin8DN}w|CxR!>!!lb`59V)gc&IC?He4 z#*`i2Iky(=Wh)_L9pSLtV1^^X;qNtWtbXlwfH2CR=73mjW!w9ebcuZ4YiPE8x6Os9 zPrREne$uHm#23M|Ws67ZK0|e9EIHF$1Hd=Zypj~ zxlEzirgEX|o=;J0wkam}>gxm*scT71p&RjRbd9QaA+3b8x)482hlPmwdS7s9Izgw3 zBcj9m&4=>Ezc`m(XPQlQ(L_zO&h+ve^ossegdv@9#ik8!(BR6Tt@L60BAH2*X;OGH zJ+c;aO24Q~Y(`?o^82A&cAhHAtcq4r)j`27Xy&l0_sA`IfbWF%U1bG%vZc#9XQab}!DV?8hC8rzFH*4x7lBE6|e zC`kS=K~kXF#byjgi<3Q}3t*s)U<;C3?Csi?*vFVE&O2xfGcvAFgO)0zX~r~AR5i&H zYPOh|O^lh4F5hH%Tw8+rKmS>%`WS#J7YZ{*!a>}{#QA(4{gsdN`3#mK8H`rW&_Hq% zgJm#cdPngZEbckRW{}}a$TDkVTmx#K@!)lBxFDka(j_7*h<8ZpSrao|%NihW5ahK@ z`f#&9?U&2@ri%96yLK}0+Y@Unug@0BndFPK!&t_iNWTUu(Z-RW9)z%O^RzlHzOpa~QyNF2!x*h>OHH+9(J`_=xwb>M)1z45k{rIE(;A|!)?gFIuLBF1 zE)r=qSJhS9Hj;te;MM;p^TqI*>Swr}W2pvTwt9_s(RZ224OM47Zm4Rd%GOxbp^Uiq z(M_C31k>uUo|BZvUV4vSOc#HrVXoCRo7`$PZN<9ZH5<#o+RfOGEFeI4;j@!c+s3u; zRQ}iRiKztd@H+fmd zyPc3=`7~T3XDP)#+WCGT2@(KuCr}$}T+J=^Q8Ol@QHAZh;3j>%ckU7sBrZl=t%)IE z9n*nW?gjvb`V404`jP6+*8wC~5fGPqMc&V9EH9GPxF!W%1<)Lf6-HF9R)hX{$t&e1 zneN^Ok@Rv*@M04C9!2Y1TfHL|Pv1scaqW$-Jb*PAu7AiVbRAM=tmk?VLC9+s0#A?i zuuM_NtNAn+x{y~aWW3VoJ{Z#USqOV7v7TdH$jcUTh(Zn~#HYKSk+>bLK28+4T;=`i z-69utc$5I|JhTV_A~zX1xp6lS(%TH_xh~Gmmvf=;V*8_QDmbAKfyV<&GmdXIF4rsVOJzS-YK25~72)Fa!-ss-@7cUFFgYR!hQ zV%eO)dCBr~0_QC4cG+y5J1Pj9XJO2wv7CmiS&=ojrW5OQ6Ms$hUt^V5vfW(!>;XiU zn`S#~*K+0rwbG$`f>ATuO98rrs*c1lR^=ZGjA!LRK>fasQ3u`l)Lt<`8fyffyg%Dy z)ZYo`+bEICK2phV^uD0w4d-?#Ax3zEi{_)~2Ja&-+Q}s1o0gl8qFcT9xad~p&Lq~Q zZO+cPnR~@n2|&I)gg8_&ni@Ez#L0HOQ_IJ<3h8G6luhZNgoeO@w98HOnS;3t(!!5y zOFcn!S<+7i3vQ3ix*>6Gd&P)Zmt1$PHdxzI&yoaVv6O15OXcw4QL*t2eRDJQf+3l$ z@3xPtF1w_poeP!JkfgS2xm0P^{aRsMnC`s)9RQL{Kc9Y$Yn8lrza&9y4@MKgzUEtN z+fT>sf7>t(`yXlBEHKi)ZS(W}rqg9gQNNAfq4(Z{tbg{m_t2!N+h9v?SHE4i$J(an z600UB6kH4~0j+kS7nbBwVrUDuxK7x`V4IppI5P>G}uw?Kh~= zzY-YJ-CQZTY}2;#4BwX*i5iFtB^r4OC7QnSn^+iZB-~WDvIJzbcDBbR@dpQRpECCu z>ptb~Gv0kBxX(m=xHpwwE~VVfrIc|MB#Ewoov?MB{M_f~wpWb({HHFPWJ$6~gzyt7zrCW=gvrI;1k;7r_3i<0LIfNNzalZ?3;LM9;!f}rP4pG z*n|{LfpufmKMH3G+{{N)pe5^1vu+CfElJ4mJNJ?A05G5oe$!jwhd~jp^@1qUdSs9y zlb~AvE-od(sK2&)7h>BJ)+#m-k#B#=53DmgeGn2wTWQ+S$VDa7%LYlch;4Vuu?VliB%YR3W2O9>*r7%n=Nf zs+kn#@=_5RIJx_mlAb$_rJA428PzITXjJR>ip-h-*oi?fFsNl~6oV???}Yut zpl(wPF*pap3M^!gz&%t9R-$!{;u`B!hix@zi$nHC5$$8$FLz?Z&+AHUysp$rbYaGP zw*PNCse?r+8@uV$I$GDm1`inRqv^4pDYy%$Y+A&uxxUkux`l*PiAC`)EQ-sl6f+v_ z`5i@J7a3oEi0zn)sHHamUs!wQ4keIhU>zQ{R(IhA)efDwIf5~exHWSI#7*q}68GMc z9Jk*4_{m)WA;%qZH1PEdu<^M^VUO@3Bm);(>O zdf1xdDC}O`ShNk`dRkxDfa=S0y~;27&2}75wCJPAI9_CQPw9tG^1n zMZ+s5^7Hz%E2w4#=M2(w%f;gqmWeqYC%1T9AG2J5^=KEL2LZqn(k2%7{K^{V2>*86 zex4zNyw?%1dN&X9*&#^0{5E8ea|a->kE=SunPm?E9ooH8w5v2wr_DlPJDiZ8r_RoD zn!*+_vlj|^Jurs&a0wr7;h>d}XRG_z;=VnxRX%nql+tVl=HM{F^HZY?DJm(P!tJgF z0+M9vIo~BvPEF$nU|H){vYU0BH|w-2gV<%K3_!@iKZC(IG$@gyr21moQv#WJ+6x_( zoWt0fP6@W2hb0-I`oRrcPXNieDK+p$q~;L#A1e_cNc54S39p0gSYYEx*TZ2B%2b#5 z84tU%)J!z^gU7PSqTG!fRTGgH))mSN$TNYo^z73bIRl{O1}AXdMLIsVk0`Jxv=FR2 zhmX-Ra2ajJmTRfsJ`rQ7-Ib8ZBPeUR9fH`Dr+nKB4slg=u3wPxXI($Uq=@!itu6N* ztN~&^%Ny$Po*{a4#YH1r`BiRSC!oz$qOjj{yWw z(11e_XBsx4-H&;@(H{ipb4^K>4wFp;S+pxl4)wI{OcKU9kFM~Lgc{iiw%q{<7gLhh z;qN8oPDFE-(Qc~^mgMTp9k*G@zW>^`v_f0VAqnJ@ZZNdXHUSaRlzEv1Z5K!;fbp;U^tmG&R3J4ACpb+r6 z;!XCBc*?-uSy8NaU>bRh!`NQ0chy%;<=E6f;(G6f+74Pv}KCTk5UCV3L(!aOcqS6k;VuVNifXAJ!L+ zLW<4X*Y6!YaNb7!{g&tL(;pA#?W(JpsWpie%$ci7rSu3m{sE=|(aedRLTvWcm6fRE zuDjtDG;?JaS6*F-zHMyPjZAx*knHrmG0*g>0}j=`33o~-CB&K770NW+?Zku^YFXwp zr)w9%gqN%|ZF9J`gO9HXLLY{wziv9J2ST7zHnuQoo0QQcyH*?~+5I2p-UYtSs>=I6 zxwK77B>@Ulxs{s~hmk6bf)q_lj~um?2o%vlEf*^)Y6la*83L*4(Q`Z;?K`iTsWUiJ zFEi6|7_CkVrP7jAOrxTvTr^_U07ain`a*yzQ9AAa`&)ZImveHGla}iI^ZDdF&$FMs z*R%H8Yp=cb+H0?U0d?%yA{g~DHAd;Dx}ikhEz$UtAp=>4YD+RaPSP99-Xzs4f+B+@ z@kLaIbBzgSqPvovF=!lvE-|5)-SG!C@Q4&MZ^G(LKPNX2;h9T6Pg5V1K}+J)8?-L| zg__z9Gto2Mm^~rL*oxc~E}G?V$#u2xTfRRqyNo3QDcl{=YTF5;5W~`s@6BG#>to z<+96F8UerqetWD)e1L@B?1%UT#)rAo_GWKzPan~Rl7>w7qdX-_T3n1S!HGY1Vx*eJ z8INGI7lv#>Hp$~Yd<5Qs7XbQtlJUpM*^Mt$Xr86`6%Kaiw%IZKH%9O&stShloCFqr zszXX*sx#`RI!q|FK6txZACzfy|IecK*2Ii9T0~J7nP#j5f4EafpC?-`JqXJU&VO7d z;|z-Z2AT25tZ8%!y>w*%7PDL9O24P5ZDYGhL5wSYj3^CL<-ZP84S1qItt6mh=CCc27=n@km~H79Z@l=FG8E5 zF;8|op4127NwFq8c^#LWAsrn*S~PJ9r_cDPh(Xyy&&`<3UNF zdz_bi|V7uGl4yf_KBU?XkRj(ND#@W?&NU zVhvJH9Wv1ywu$W*#3ZHJvT)0_;Cm$-mBpuUDGfda_Y$86bCl(gS<2TfQ*C%clzpjb7!Q-Mt*6d^ ztW6>Gg;p>7_FV4f`uTel6jUXfr_4XA?XWnDRAon+f)OYh?N&J5L?S-FQDY9Cp6j{f zY_%{~)Ve7B`gl&XWH^7~vflKQAL&i+x)C3d%l&D};Y>d25vHzsnVl)xfG_@!jW#Qu zBLJWcgSqtMu!2TmJU^XoQy(fhO>HxHCj@fo-$<@hTB#f?Td5? zqvdk$E`Sdmjnr|UKCfjZA zu}JDn*L-mUzc9`^E`AGr804dKi*lIas!XQ1ew7eG4!gm5Ri1J_>i9g16WEdvYj7NX>BbTAy(!q@e@KE}nk z6jT-5ab{1xPw%rL1YyJ!@H8UD8N!ghA~8!}iQR}6J)^Ng>8zpd;G#8D%VrXLj2qEo zWLeOg{W+H!5XkrUjGmP5=^2_`tedS92AVo85F|_Tv+H=D#@1p&Mhiz0zfxS z;`%k*m;iVNObS`08#D$dw_yG2c(9l=yWX5ziq6B_s_y2g9qqfUTMw8lyHecZ{K9KmkHv$# zw)GYKrdn%aat&YnD>uGbQHHSApTvY6T)g=0rg7xLe z!K%hj?-Z;nCI{&D5!sz$Fj2-Yhn z2di2;o-bIBnWJu1o~TyG^91X&y~WSVxIQTjcK}20!vJC0!Pbxm zO@sa{&nU|TZ$QO((B#K$2!a0K3%@%omG4HEMh$Ks-594}7Gwsb%P^ltS-T5mewK{Vj`G7i9I_o6)_L z&vdU_$jfzXeZ=R00IBH?OCdmBx z|BxM%3I-530aMG85%%|J5op{J`>aHBZ4NVvJ=N9gr zIw^8u{C|JI`2V3CqY3eUu{`&L_)Ezy!M~vz{+|9b4w(Kk4v7A7?g{bt^jB_2f3}lO ziv9slF{O((RSbFdBm!&$U_m_6Y;;iq| zsX|VmcWS@tm=ST3UGvN4pKA()u~Wf*BkR16FgaTWs*SVwjk`jBu=QV! z!NqkfY|)!?HKB>Lp?`LqJcoPJ4Fp-bfnHi?QlJ*LEAuGb;CIqxWJf904Z?*$uCqlE z%MuHDZG~VD1e(Dw>~mUdNj9+;m~pmWTDInx-9vF6XZclmmQaSrSq9@Q&h(QU_~UFp zn;cG$#n61e9E0}H%d?EdX=jvWOlgnq^jvzAe^=~MyVxEOMYE>AWM&v?i!E$m#my5g zC!BSDVMAd-Q+{C+>u1J8)NqKt#vFe>-?i6*P}Nl@dlA%`1mm;ddG3FTFHTetXPX8W82M^ z7gd-o<0-pzjbe2rhQSCI>DL%zHrg9>dc7$W^`=sg=OkL%a!}ejwjttXdiw!%Q(v)) z!;z34GaUKExPMCax=7|T1RWcUeTq(ZT8~YEJ zLB?VG;Ynfprc!Kq`ooMgc>O_l6QOtKlQz)Mi$ddox2R1>&AOPH%O-{2xgI~-0%BG} zYT6j2Lc8c8#>&t^JxQyHt6}w5Pn44?#A?m~S!>@Rwm2;TOiuITtV&d~^1WTK1|E+Q zD}iO!Y);X_n9a#oX38Ekh!)*^_zIfN7I3G`2|EG@x?!V^d%>S;=?~|h^k8n$(fIhF zAjdXr3Z=IGxiGjQfx%985k$3Vfiivhwg(8jx5*K|2@Bf>8$niCnf6V=#ZQj0Jz0+7_XAQEwciaNjO|H|rQL-^*?yh% z(cYIZt`SSg$s^g-HWbnu;+}nA{P13?5X>@QRjrtBtzxNtk6`uvY8-wryy8>Uyp*Jg zbLkggkc7GQjbe?s9kf8Ic3>s9xb%et3osm}ww|kxUS=P4YZ;CSUGG@Ad!Cppza?OD z%c|y}&2dL55{}^vF?tt&jRAM3GLvQKUVcy=RLWEby|9K~s~5%Wh%%NefPePKxPBF~ zDiH??=;vt@B{b}B(L*v&03v_W9Nu9dnA7-n&GxnGZjcLI1}EI|f~Mh;tu~$+RCMcG z`3Wxhr3h~{uo@KXH{^>yIVD#8=zoI}Zxbcbzxe+ZCI0${{~MHeizsoy&X-7u17iOF z^Wec$vG^U4+V`b0PuEzd6<^nwRRrPojr=e5_`W%L{_$RS&8 zbwkv-m;*S^2kD~~RK_C7;t`X@;YzCX#^BM%^l>LX-2fDh&668}UTp|Ga<*Lt=5av) zRv(CJD-1+icUBpQKJwHd9*72hrpmje5H}EwtHbFmOw{qgU~iYiCv+_}EQE^=m6x;X zHT!9QB-M()@rzhzQI`8U+xu!;-=^Q2ISH+=ru7v={g98_y4L0V);F%wDwsRQy}0y6 z29I!w$_9_QybO-98tfgiVV<#uG}uBW7?7ll5T%@E&sOL63ht1SGJI^VW*0ooE+9Txq@NUi2XVI4aX-o6s;E@nZ9o>k?>xn)kGQH z4~pm-u}g@429Sa;{Zw@u9f#;(UPkn5Rpm|m za_+<_f#8B_naj7W!V~fqrr)JLQnc?vvfvSUkzImCcG;b_%gCF#bhfXmzj+3_g-V-l z(aMeK76k28|Id}EBzkKqiQ+yM(yQ`zmQ?4K6)N7^=x*v8Kdr@};afAsC95+9!>rV? zi47S|Y{+QhiYNSn*<4Y}7R=#VdE>^y=KO-@#(Nen!a;Nqyk1tOczVivBPx<^?%F8o+OB(d72ttHHo@ zH4dnrNJ6cNn}^=B%G&02YPrt#)i?|*CM}J)I#vSJ(2)|TholmS7wct+ zhp0d?BYV$URt#3h4s*q&B($&b&7x{-{WE@o^ByrF0$#ZouUw3mLQ+Pb(L?kZOn=~Y zl;M>quq;_X4^aV!*C2T1l6a92;bn_c7Ynbo4;x-4(^kRJ(X6eR<~fw!4*&7!m?6;_ zH{J)mH8*?rFAru&Oh`4R7^$tVQl)U<_!E1!94E3U{L#|KpRYIwd* zFh721VO}DbCmmXtXA0&IVyE9pc$CkdS*6{V2elNT+TFR*K);K zwVMm~A9vGH{_dokWn7WkG5l&v!rz`zo(L9^uc$QDtt~?2=^vIiY|{VnPlCtmg~#&$ zeLT(*9>09BB0bO#n;87_Th_4`T%Pn?@T9kg;%Y8Fte&?>G7A70%Hke(8BIZP1o<2u z(GOKR)jD(K76I6gvz89}yMuev6@M#@L+k3}Or*LD2X}g4f9dIg{qFR@A2Mfmrw0nC zsWEF!joBhpQ>{xfg{BL%h69&**f9y681JrO(JV99zB|n;RQ$)zv~A z_)o%t9~fjUci^{hf$7c7z3Fee0|#+|%cbwj6tnAvqfBwo-t9%HyH9&jqPPN~lk7<%zS|W2*gvV218q8Ld#4W#!cmhKWYr*Ai3n`Z`IYDri?8iwa}8!X z`xZfLX0n3Sr54Pr{BJcY*y@x@AKr#YHb2_CIN!rwnodvc269}G9=V;MZUNfbi8MKP zmn+ghAoiexbBqlD3-%lN3#?cxe7E$y4_r4sz^`^_>7lrRU+vJcOK~livW;47v{0g; zi{Dhr?b_0fylL*_#+c0_3$tsB=iqgp5mlmHTgqd+GX#UM+V6I4DdWobOnTQ=1mvsY zGPgRwzA1MX?%GlfpiHl@EoAi+@7!u!^$n8IDC6B*$^h$z+q1&mTVe9Had&TpIilTL zg4%!()lr`ArJ-bBYtpW-WIAw1ZC4oPSjx@e{jr6mgz$)qdcdRXy8=hHg|#PX{Uy~; zE0;S~sYZL?84HIrYBvKge7|ZYhF=>p{E_!!ek*RY7eyU|ZB1nvf@`okBipfWrCMD;{n&3ql6+iUYn?~Gg#+SjI9 zSxCCG@ph!g8XJ7y!l1jJL3dpS62x_Hh6Zkn)2zfd;j|@dT>&-}<6W~5uaE@|P=MpK zI6@|xNtJ%x#uui6{_80@ird$R@_Z(Nz@9P$j^=gne~p3M>hu+4mMKlxCNk4&Q(HB` z3zjD`p9yoFpT4s_s_TgeXLgfR( z=M9FB9fIC=39^#Tn9-mDq+FVH=`=e!K7p{YugLw!Zh)&Hpo6x6or^#$qoO ztDR#u=G>}R_bCVJq`;XLxr!U3%zsSb1*a0~bH$Boxdb2him-je7I$a>&fHe+p_P_1 zD-e?7Uk0L+<7ci{0Hmi=LyO2!$Qu6aG03V4JwcuAwby;;;53K;37_TLvP9=6ZC9Q+w()Ct^0^HU)g&He`(<_AEDO zx@lB;Q0+YQw@f!1?_T;$1`Ae!^BQI=n$AXRk82+)!Ihmrc$jzB<{)OAzo}aOy3+g& z)$-RT^H<9}C6T$geiGPEEh|tJ{b^+ds^Z^JQlMG|rYCbZOrioa$_iAiz+q(ts#aiT zNr7q=cv&*{%t=(>@Uj9`E6`Y0plSu0N(xk~z!7oo#(Q*>#zf3d43!MQkR1Cr-krf9 zGEw#;6R_{j=)C3$I@VFSh75sgXLY2XL7+S{?Pg}7>XU@<$iADYL8j29(ny$R6#RD_ zffvh}f=Sg}OARM9rJrUq(9)-wngZecZH;$)4ec_L!UdDX@yKCbtHd>$EC1QxY?Q5o`tAxb|o*$>|k8Ht^#k4iXlCVGIdi(_2Pt#DRiE0L_1^bQpq>@+YUbV(Vc7^vkf{y^N)UNP_e=&(A!DNSwnouLM zpNMUV&9(7uU3^g&|COkf zDg`i#nxY|YmFXI9ti8uI49R;uxXHFs9Z;)`3vihLo}L6a`BoVh=z9dT-?mzf*VK_+ zB5akaRe!I5{>_9yBRfS1bWBsfBun3`+@xh}kDT^pwYAv>H|Ice>m1?w?3ZE===dZl z`m0(^d1nTnw^JbwO$(nbfEOhJ9)cF0C!kM1HBo0i@D`SXZ19B%fkvjAu!XDA^R)uH zXhNWehd?F`RL;A>GvRJ0nRdp|G&0am8fZp9|6xL)1P^lpV$wj(FFQRU&{GZ=sBHik z2{$fPtp36S25P?a|2QGgYYrIbxuWTtlR%I4)-D%hUBh91wK``AdR(FQ7XtNSxRptj zW-qL34L7XjR)2~tV?<81(S_-XurT#4+VSx<6E#~TY7%pmfBs@DXZjd;+(acGr)E}e zUq||8EHM7%4J9vi-#YHWrNc>o+%pn3G}OT_eesUKhDJH?CT0xmc&R zwrO7%Pf@Md9Lfea{35}T*uk}`onEWO(Q(U3GzRA;%N-Z?yYyPwVXSN{8^#56ga8fO zjwjzhrGQXIDLV;3CkW7&#|Oj&W^#bcP3&Fc17gW)a)8Y5t!aEfggc!apcYka`_B`N zR7#^GN&yv?uFI_4=BDfT9CY>^n~dEr{>V)EJRma#yw5wg9p&c!>9vjbv?wO?+U0q7 z0@PH8_)0;XIw8c`1jO3v5HAtL z4L?iNc?^zq35a#oAzm(s*Gvd;N&@1P>JZHlwrN6$^$Cde)ghWY`PPAnYCSapacXsl zSE<%FObBsW0^+pl5Y09J6%#^iNI-0;4$(Fe^!;?AT2D_voL(K`g{t*U6GEJkfH|mVkIzb%@sp;zK`~sMa$R5NB40$bxMu=$H`V%MuV@RvqG*g81qQAs(K9 zczAV)<~YC8_C@*Oa7@2$Oh9a`4soe){LF+9n-UP4szZFYAf7iN#3K?AkEjmuU4r;) zx915p0xf<_t&dDVJhD1ObEx?Igb5C#8%Zhs_=P_wS$H?+$bruD2tUsSNNEhp-Ia!67UhZr?)?p^}pt z5})-aHIS0L0tQyW1V{lfbayX7Yau`{LZ^z|yWHWXcKSeo(ilBIouqHTc zhd8$nB(M!V`hjacFci}=QYx5k81FUUt+U;Q#jy5~;E4C}dA~MDM1omzyEjBkGkt_L z@vt5%cQ0#jJcvsg{$M&lCwX#CIp^)vm&01ItVMPvR=*%|ew|K++eCu#-(vW$!yol` za>tf#()YJc@7QvmZsd(0d zc##h(Ef0dh@ca%w%!F^yZ<`S22_l!Bx}&!7eDRf!*l=rMPtSnSj6&%rT-|DAsq?4* zJjtDEmrLsqiF+TL(3UC*Aco80n}(Io<={4Y%33igpYT2Q4n_O+QQHJqLU30Y+#(jJlWW zNzq}0p6C9IIftNGB(l|T3O5|x-ET>DVkKdivJdh&`~e!spXA7$a^%v_QO%cn+Th9$ zht+f+Vl5xoaSv;v(<9|)ODyG!4P2=DEH1gOCVtDSThhfkw^e0`f=;WX;5?8r1y|Ot4|H?XIb7q8-#o{t3dXRs0i_Rx|h~NGrPgCusSb;T!xn+^9hCJO8x= ze9r{Fly7zaNih$~OPf_bLAr%C_*)bus@G z%C_*)^*H|&%C_*)bwK|V%C_*)3FL#4Z5UcZ_WQ4E;~pXk5+9Y{xQCR;wvCc4EMU#fq zIUxCwpib8{F?Cb}rl|bJ)S2hxhjvc(reCjaV66Uk z?8AVS4FmMg&Tfe_5|ld@yZRhlpwb*Ws><4(AOMkzRUCd2BJBwGHTl71p zb+Ny>d6v6rXnnQ2X=?qm;q*$&rTVm9D7e~=pH$k-p?SI%$k za1+0E!!!7;A7(eq52hgZp)d$M$Q>NO-4D5gL%I7AcZd=0e$3rrbdE=}5Zk{r<7L1awct2(Py^X2o8sF8Y`)?=izmd5A5AK&Y&fW1`<9qv` zYdoTBHZ&lAR#!kz`M8~U6 z8aWj6PbxtTu1+*qF8$5;X$qlwPG;hv)?^Kh#YF`v$kdia?vgE}^>P8srMDSen}~kL z-!czA#>?|p|+5_})H4s*2uX)3w`r5z?H=`hR*nHN%!4)cC`z7Z__O)pc2=M(8q|y6zI}N@J-4g@)s(KZD!s11c7Eggbe#jT}@7{bW)N;DO2ijzC?OsMh z32mpm_V}kH$Lg&g6uQR_3gXyp;@A;mE0gGGv+$JN!m%)v-NLbOlik8tu#(-vvG9@I z!m%)s-NLcrAdeUv`&j%0$NoHif@62aPXPW!`~=7TGJb+%e-%H$v4imw9Q%0u6mjf} z;@B5Emb?hZic^eZUlhl_=;mPEUYK`_Mn&y-T~UJqBo<3>Y?&}WCFa=FJ7ZxkW^xA- zM;u#e#^UEFg8+d+P4A1&kVslzd(-=**a@?gPA9i%NO(NeeWV)W{)?NYDwl<*AzvT& zu|4uC!5Kc4D(^#jSv`q6xo9D3RG%EpQV$PKPmgw__o;{PyCA*iRtXTnFcV~p!A}+1 zMj?w*WvtZKhyIK=EIrk9BOGCCwfnWBLC<-%{1VtB@~b^?+5P!CwMB`jHwdOLwm@7TCg_6~C^hXZyF)hsS74c=m> zWyuJK?;YP>^wFpEDN zC9gFgE?NT$f|sRj4Jc3xbC!UkS2$hsp2K4~BiALeE_X(|a*;M7SP{2OnoVS3GB$bN zADKUTf7|8YRthO9h1mZ{3i_NA`t?o z@g6e;=C^I41@`Owk^!Hzobfi1{4)Uc`#x^%tw3jfWfD+{b}#GWGI07)>G;dk{(%~} zto;}8aX2_{mb`L%-hr+YEk*teW{NE}ZYd~#C|1y}zBCk1v3_|#croTA7x|w5s4enc z{zpLd?svqf`aaU^#`^&pDz=DT_9vao&l!u=ikae!Eq%|^_t_b0m*RRZGPHB?kuM^d z?&ZA~^!@M^9l1ge79=O=br%ZyySTR={931>xOc4mOGxuB7W5w~5%h-FWCT4hOwga_ z1U-vPss!gGsY(`a%&ID}FI<060An{UqsUYOCJ9uJ%$YmemCWAAA zE}h*|oo>EAHGGMBc}+KZc)ll7w?xY$lI=0-Cfk=H+qap_wX6ih8f!s}a{=(A1e1AM#2#2M>yHJ$05K+WpgHV6^mV`t;%SiAe9aN!Nj&}GeFpmpjQhK(-0NjAft!qPpi z8N?@RdKXPu3;lgkF~eruWU0$P$>E8bx2;X&X(-QA=ku^9T-4VmL+Xz-ey-K1pI+-p zzg7rY4NMOdp%Qd2^?%sd_rsNi9hYK3S@z z3W*^FH1b;NF|n3<+^Z{VsYhKOYN;)F1)1QH1QQbreya6WI7oMK?DKUznZ0f=3bG!e zQ06Z7dDG3AF=fPMQ5ii%WfcD0>BLifog&vQ`L&tiJf#=5bJ!hCzf-g2YK@GS`(%8% zykL!`r8Tt;2(eUU^T`DH%B1R74uLAY<1OkYJ1gkSKRdrnXIAUE31rlxIvnqc{`rln zHsh}-UOJp|4uun2dv!s9>EC=bH*WjxYnMx2^|#Q+(F3Jx364oAL2?bOySRbJZ>(ek zmzG%rgs6e_P}0Eqwk%4-!_=3;-6WccKPq)NR9LOaVue-pP6(q1O9z2js;mn)`{7J1 zj6#3Md5(4gFfb9GR&jNRVSR-62|vHO_gnnigIhD&b+Msg?pyK|(zmyF=eH;d;yo+MlKOhLMwrAVcKjpSU*pCrlGE`~vfW zba3le9SoecV(OtXCaBkTKB^vy;Q8Cy&bA7z4oTw}7%99-&Z{iHa58U`vgD1;hffsA zTW8-Nps@v?${fabM`~D=Iic~h89b*HlcwY(K2BVV`z_qsG7H+ zY!OI$1s9G#RAX;Xo0!yTH0kc`=?9bsy>iSE`oa)`h4$4!$0_@XVc7WjZWg*&hrqjW zzqaZP-6Z`&$C9+p$gFJ7Wzv_Wv`(S-rhi<)d(O$Ri04tF!baVnO4V^@#Vbt@7y!gT zR1nYb)X)h6%%Ma0`__4Z^1Js*IdIquPuOZzakZ3h&!jVqNe9DVRvg_@=pbfIs_`34 z?6Hmg%jr(*pn@fD`uUJIll?8<79bXrIHy57`# zb#Z338h?vf?P_K*r1o&G^dk&+p}B+{?8@uhR!=fW%M)D8s`6+ToCE!cd6Yk(sTuC% zOX*YglDV7ujRkWy08^EfSmejoa{g>*?=)(%F8H502v>da%yc)uHR%UB)4O2v?o{LF zPNQXPqSP~3cV>T`+MTKFQtZZU0UqU)U!54^zUs#~+JIFwB<|Lyp-u1^3@`cgeVy(1 zrP}5d(qHWirdkXez-aNakQJjvsFI=B@(15?`6g>?GuRC{gWW)I)oV=o7*L~D&`mCM zuLHdfcdll?Av+@D4`CmplN}|8gQIC!~s-IDf(_jDbJujiZ-r8*a)rJ*sIT@?v zm+MFl5wE|i%S0CCQ{h;M)vb|hdk=(!l4i({6dI{!kwSxD?Hp~qEeYXqkx_;tbx}7M zZ@$V5N3+HNmIf37)kcFU3~&dpk6eG1a4)e_UJJKt%f zJ17yA*!1!7H^dAmRL5D7NN^x+{ugd8HJTue=f0R3=#wfG+L~+Hu0fzOdFpn%E;_e3 zCOg;P+RM}uXX}&0C-Pfk_qD@Ea$h$*bGz}JT4MNvV;StG zD-NE)5QQOwEjd4CFttO$J{r!*R_?Ai<2-jwLrF8~>I`0fNUC$s>nm3$v;+8lFE(U+RlDW8#C6OnG}1GxkSy?h z+ie3fZG1GeTN6K)45`)=Lf)JeSub^lrb^o|9QE;9ct!&jiu>-Do8rzIH;>ZRN1WK) zby+17!;h3oSMN=o=nyg8R3kKTNQnN*mtx&?$*5bN9`Vc5>_qg-(}T)Kj9M-UjkweV zt>x+V*NJlMp4^>kJ5y#sXQ9+=EU+&-RW50Zkp6DIfLgZ3CD3hMyh4*9Z$_}amz89Q zZwHYJ!K)n6qJhSFMkJ-B1($)*Dttf!Hvw=Q2oEO72+~i48Lz4P{mA0Sta8m}?iIN8HD?pkG?0XD=8mDG1}+(2^QpLG{ENS3 zp7?J1jj*G&-De%6tN2tH-Hp+Hz6kA5*YZ6TJuxb?dg+S1Sp9F$5#6-yw%q07A5Jyi zHM-bDD73FNV}Zb>qpd%`^ufw=Aa_);+ta9x!h7e4bF^)jskf$s{i(LMc_I&E?`a>1 z{o=RoCrgmVbVGA?w(nsZ_5E|cG%Xc;?RB#4jABz7#gXvV@0pRUZ|Fs`gWd zH4#}eZfa)b^TvRbaYOR??ou#y20$h-3#QLJ|F4aIzpe3ayYoBd_T>8-w{|O9_u)ch zumll}!x18SsEmjP84y{=#meWq)^aOEbj_UaE(P-VjBjT6eg{>`u8X6qb& zf^TO`xnr6)j&e8VlN0chom?&>jwHI!j>fDq#Vj+~wbPdiV`t_&`_DoVgaZw*LnBT& z5ApKIdI;yTlA}x{aoj42j;6YcX{x7~rmK01XsU-Yn$DF`=T6d-G+pmpZ;YlNxL7n@ ze?;YjPEnYlY3V0($xrGb`lK_RuJ<&xQlTCIP1k$p7^8JDKK>L4iJ8fs()H+sbIi}r zjA^PGg-+5TO(&}f7@u|nAf~CFVwwuUh^BgoD(LvMNi@BWbff9l)#~EYQ@C+_deobZ zPuX&|gK&uDlaR~b&s?M-^U;qj-rhX(V;^|e9LHdhW>MN_6U^8zEMsQu<8ge#og6dc zm*>WW6WWz^i$Kt$wZY@Y@Z%uwOQqV)$V#|F1+nS;h!4)6BHQ9l5{xugD8rb+^|y;& zg4p}X8L`;&C#3PUA=%=XE4zuRFb(Bj$baCeWTHLR`&$A)hPR|L)36MrhPR|P#Hrye zschB>^M<#i&WuyTTT*pKt3C|e@Rn30aF`n2l8PV-Q^Q+Qwb&)W%PLimLj_YoY$TEhty}2Z_#NV`ia!F!=r9 zjLp|2Q!Z4>rOA}SR8pFgDd$Wh<<&CDw9ZYY|5)kAkX~~e>=S>bt%1({o}KwGia^e6 z%gUlyBVJi7k&vZ;??Sic`Z| zQg4V;Z}7UJzDx*6G5XkiJ=@+b#vYe# zPsV!T-@+tf+f&A}?X4Fk*>?B?zCcx;9k1;wbB(nfTmyeqZo9E|NpF#48R=wa(kQh^ zCf71)w?|BxJWI1^SWJvPch0wFQEP7QfLu<)zv=-gAET z3~^8#0BrHe~V{U73jKT)ww55z8a zObbh}N$xftZ(2w?*en2>gFWYPim}=$*`)H0lkvy8C@zgJfM7Cp7#k@F9$f7YLWZ(I*sA+=N z98Z6X)Pof@00~FP{P7h`vi$8gJJaRB(UG4{tX}3K(M);JjX9j#Xp6i?% z&2>tQl9dcO-%)oTGov~6JZmH;j-p0-8L2eV!PzjMenq*s(X47n;qIV}NfdA4amtHE z_~1C~BmQlnj9tx{JpL~;eD1@i;IovcQ_xR(R>zULjkq@7&T|2wyz!vU>bI%oR_A@6RGkp?Q zT$btFjgV~LlyBRRVICh`a-X)E{zmFA{zV9I_RHg)>AT+RUx%A-`-Z8vb7aL=^?t~E z?QX)HF#o-6Co*-|garg=m(={L+Zz2NyUlpS4xj!i%RKvsp0~pR=mGY#CH)?p@QC%ua+^jue$zKeMk z`&td=SBFnz3biIvcn{8;kn$DxgLj^XLi?KFgz3}hJEYc=iZ^AZ^MPB!c}c!~bW_Va zumo#?F<%QUMl%>mL|-psJ9jtHNTWa+4ZcV6<|fNdzI>C<-Xxs-{cPQbt3)c7ZyPb- zvJ&JMHi?-^-rEHE5S@S3&c9m1 zD~L}b6VSEOrr`|CpT~0~*!qVleCL7LG=aAwbngCRW4jsN9|zli=2e94b5p@qtQKM0 z^uK`Z%<-{(R-scv+Ab2dCA7Wf_ocKELMa806qqrp5%OqRpy$L5`PvHFhh3^3t0 zp8ucyNdk@rKOWTwoUJs(ro7ZAR4P%C(clZN)M{5Q-yY=KcKOlLovJ)4$vAwJK5aW* zk!7j$ez#`53v(%l&)@z8Qi^VzgyF-gz@hs)+jrGVm=5Y;Xc%x*MBx>@FqI#G3DX)A zrsh=;3DZFnrfzOztIu_MwZDxa&mOS{>G6a9k?nvC$$kDwf>*QVZ9PxW+blo9AC$!O z+9uhYt-CiY+MCLRnR-(w9+n?z9o{zdrdo#4hAmxa*u34IghfJ1??q3+!{}-}VUM$U}PzkOnB{sW4DV1wFbEQCv|uv=!{|63+#sJyLS2vAAxfZdz^)1Dm~np-i;f;Zkqe1 z-)MgCUc4batWm>#178S(j)5(zGeQgs$vG16Zuh~cYHAy&Ni`3Wt3B^*x(<{=K1z-U zKmR@B!N~aI!S?1kl(Y`Az4^5Gc5ZmfSaX){OM9S+^V<(GY#YN=UmF5M@;&;p)*dyN zgyef->Xi02-{UMh)W-?i`bpH^@DbT{<8NGNGkw?7DBrfH(6+~F^A-Bo3p81GRMUA3 zP_#hXU~cKo+>(KCO;63jI5cI1uW`fadwqy)|uT zti;oGe=5~>;{DBkc?&0uq9Se1T>TEGLf!wN$1X|*jdx88+j6V&-ml6B-vGY^OpW*s zMCy#1xOJH8w)f@R9?*uj{E`ie@~kc8m)w=n+KAi6CgnkN;@ae|vvu{Hz}`)Hh~eAz z0O5)X=?!dMNrd~rcCjJxNUy|nEVVA5eq688Lp=2veYydM!;l${wh_6N38bLkd-kuY&rTLkd+}1O)Zx1YkLIGN|4| z%^p&yQeK4X*@qNrC@+8ZheJsL4Sd42a}3m#yVo;%vD+v23?JOMieHv>Z_z`smET2d zg0)NW1}^b3ug1K{pIRe0Po`yf)g6ah0kMT$!AZ6KO`%I53Pr&ywC&6kx2)!FQK3s8 zU0nF0Fc>o|Ez197asF4qA57GsA7oW#{`9sv-2NYK(K9*+Yna2aq;fsa!er=!)HhSK zteUpkIZMJu4@i1*ymb0tG|Y1QDZt#GcK|FYX)3ZQKmSoSd4(Q+}Gs?ZKCl($OrU6av5 zv+Z}CBM|o4N-tDeFBdX4jxEMpp^{tZV~myp<*o3_Ev%ExQ~0w7mwo3Wjdy6%Dtdd~ zC|b;Im7(2cTHrU5|315viZIqspr3Rkm-!RnDi zhgGC+Q>!3UPZL^qJXZwiF>kpCOh0f{DzPxut3Ad_V_1|Fn-qEOpTo%r{pT>`JJ(+mtWgA}uW_G@si! zI_-7~F|)n-T#cFcrw~TLv%kh5;?7BiB2f6tV*%^4k;fKHfP;HgrP( zA*lDkh9gNTZe(2+W3Ws5UTWX|7y5gGleF6Rh(1}!w&;C+doac7N)S+ORhM^-J}R_^ zv^?k`Y+c55HTc?d4OANL?riTPwACl|9<#GDM*vL_b(4!ZckJX6&)@ z*hI9I;Ye$-8fB!l&m=~yf?FF!HI*Br1XC3cSdG!vo#E&purqHPo3GqA+yvdFmS{$5 zH&&0H&aT0Xr>{5tOijED*1;#h za{v}S%T+EtP-vc;?Y`wA>=VSry!`_Ag>!i{p*qD0RZoVA7BCe8=NaOXJdoy^z!?CHW!r*1wfd@8nd=vLlgja$>t_<8cm-7O6M+ILIU z*euq^g+SVi^54_iH4kjU)o=Cz{T93VWvo>j(Y1|>i`hXE;g8KTf#jC)hEKpxF#9;^ zT%K^3C%IhGo884_TW|I$m-uTg>$UXFm3`y(v9cK2p~!=+~EJCvIs-%~DMYUm%MeEnh3T$HrKCk@}?s=;_>=lJEUHV*uw zVV=v~^J50bBjHPJtN{&{V(_xR3ZAxx5u3|^iF9hb+ggD` zuhb-TUn4(m_B?4~ZgWL>Npz_#GroCbchCPclkasgUA}*o7LB4gs@=M!B z)ygH;wL-te8~6=FjTEyTJi*nNQwD`)`6m9|F0q1YMx6x@ZG$_(RKG7~yY~s+_RXUd zbiDJ8<7}-@m`E1Kh8n|!Y6}e2wvvS{%BN~S(%Jrq`IQja?|RaPo`yS#d#BxJE|gvcThyXHAe-ofcAGG#g-#f?^X2dku*v{KxoU7;0wRA>w~%fKch zso=C9DPrC_tE8k77=WjJ$(l@*HhvhI4g_b6M5k)JdsViF%9uj8%hW6-sebbhZ_GXn zHK}5^vl(H&^e%$wfsQR|TRYA&-QC&OkxO@Lsm<*$32-)s!ekXWQVr_MlV@!}tlwA8#=&f3V|~1gjrDQJC`@2uD_Pj0 zd}8AVJKG;LHhwUly^^${zma$@WQk$2pOrO@x=J?x6CHm?XZqGY8ojm+57MyA#d>j1 z_Pvy8yrl`E`knr5%B+C?B5k1rP?&e zCeX7p1Y4)}roWXMp2u(P@T*)-y3%@qADg>z)!*|%C18fX0%+8y^Z=_zeaa|l^(*UB zbU0SBtxxT;J~dKk!;5!|3ecy-Qwh?S^r9=?#zbIDJ31VhfSO&$cdQd5TsU%Wy2VJ5mwO%iTlLd%S zW!wo^UYdPYpU?m?l|6+{!hZH>ZRy-qSTZP9)oWPwH_GJ%`+Co+LCkad8j-3(2xe$V zW1co3u&RJKShRawtb|qn9&YhLmEg^CJq{pRT+kME?C$UaB{Rk1`WGTR&4%6``v@-B|By$n zG5dEIwBR=%=N5I?h$v%%qo$kOqo6Vz6%#vzHfyR9eB(5!2K^!TcMn}`;F9RV)CzHT zkm&M}R1)3aU@5DB?&>;hvmwe;>h*x$F%HsyI2E@n7vXRCZ_E*)%NS?P_En#($I1=1 zY<@!%(Cj4?AR2*Z`y?-BdIp=OYu=|^vSC1X)=OQIdz@}g^bY#9z4<#nxeD;sq>5F? zr!PqNH{S6HgzC`YRKd~;_3j`Ehg2^i+}ELGCBoG*%ZUhAr-$(g*K>*pXEwB< z|6@dAJA~6>LOXiw2SP;`$`REJg#-3JLu zdrp00_Vou(Q5vX(qE{LGF+FE>J#i5ticZnP_!Rxv$)c$A+0;%BT zsn{&S5&d6{mhxIq=PXkTl;qWd8aA_3X4zWF-WFBUl zLM%%oXMzVC?|6ds_h=X?*kBUP$@}MsEL(2*6+=$f3VxZHU(dy6=HEw|ZRH`Cy-vSf z%lM6z*$$qdD2mVk1cQ1z-DS{Sk|S=ZC7n@M@UTL2Czz;=g{8Yu*EN3<)MB>V%-L?3 z?e@d$NIYKZ6NzE=2;2;5TMvZ!lYlr_vg20P2tWCh3MDndt0*>fDm@bf3`C^rIkEM; zF&dU@n*o90{A1gQ(<2g@8F805)8e<9eLKok+jgYORVQZ!%QgIg(kyjhmfASWqS7q& zVV3$h%gLo#j%;gkAF9!5_x7PELl5|xS}+J>CltzXc37_O%C=|@NqSMQhQ`eZ3)>f| zBe6F{VMXA{id#^d5_2#wlZJ1Y9W&4HhU~$ zVSJClTkjZtkMG9A^C$WF3gCPQ+QD1z>%^r55?+9l&K)(Ox+*>?Wc3^MqxEyFALWb~ z#(%l4TY1P8#n7=;W3^?_TzmZfQM%GZ9}yrog|dFC`IA{2iW?0ayYtDAnA7%^PJPa{ z-jOsEh+~J|rXlEn0A0RIc#Hv53m~u*F5$`*xA0oDa;5KC-}ouNG|ME66T1*{0}W+) zrKelrP^8*ImY~f%Eny-Gme5aJ=J94~yC;4@<0k=*TG~U7PK-dnOh}ySczw!KSEj8EtjXavaaq)5i z(#ZS?U02w?aCde{?ZwhpC>E_B z_B=5q!$Bf-_QJ$ivCDr{L8tZI;7n&eaYc#D>%rukR<`f`EEyXAxmy)y@ngzRM(}0K zG;gGpyO$kdbzH}UjXJL7QaaL=_GBtfd9s+%a%hVq!U$5O)Gm4KG$VpR6%mx(h(Jg( zCgK~d1hGN*TucNPcIn2{j{3ah5`c&@lb1u};mLDdOm* zCyqx(#F1VZ%skdmam5{Rbf0hX;j(XU{OtKglid+bRy&%kQMQer7wCLfj>{w@9t$_7 z&4RE>h${8Bg{)CC6;z52Szf5qIi3loFpbRGmx^6hm%(p?(RG{fGN&#t1t&;@WCbQ27Xl$x~h_$Bvf6E+^d96mBx!9=8Ju<#*QHj zkgGH+PyjFAi z37{SIeX3`E%avq;3DkM=MM9b@Mj$a0(J_mJUz5f3axOj&IXqyk#kHH_w5&>45OTBc zfRX@}D4v7L*qeTe|6gnUMBwb$cKdX&{n3(;<@0z8kEVwDH6-EZ;AuXRt|8FRE_^%IMREBr1M*3Y)Qk-x-`#9m21y>DMW1J}nk;WO$givoiRRiU< zeTpl##;y9n7`9oaBy_l7;z&I}CJP-t;6jIQ3f{g08p_85mrdg*`|vaYb3whWiU=Ea z$*7uK*EIj+B3;++eUvNqJhhXS&tX5?QN*23yrl^_Ci=>lWN`@^^KwB)3*6hd>KCvg zcmLCdPy2>?HC4BJx6e|r5~YT|?owWi^W5oDes3wWl;<-pWmNj|hNE~G{u{u)V2?V9 zWcUUie`k+x(&Kx0{B7G@6v7($l@FYmhJFJz*zZ`hr{d`xOvVE2hGUfbY;LUBE2|eE zKZ~hPr5Hn=;TFGxDRS7~U{(1ADb6XlJ2(fjBS5;kwJL5Sgqwx3a+?mqOuzf_{{0q6 z9Vb_4nr_lDsx@s(JKBHq^43d8FyH^?+ZKhlm*0MVc)P%=D}07!S+<-@EUiIl9B*l9 z1iIn?1o{(b|2oxrA<2B@f~-31?I*b>7b-+O8GQ=}Xdkam%ikMj3K(;c4d{jmUYM=1 z3AHTbjoH|cjSW!vS?af7@Lb#y`6Un2<3iVk&h}02H5a|!6wGt4OS!^b*9N}T+4;AM#9(+(QKUlo!dBVR{acyUdx&sXl~y>o#7$c25lLN z_!hWulL9?9mW+le9XqX0`M^fMG$%Euv|L8t6&wUQcmHK~ZoQ7jZ@EV~Y-vq`ly62U z(cTKJ-oo+OJ9(v#3?Ge7tNNkUu>__au?RKG4!scoOisD?p_V*fl*zSQdm}<;{2K+|4PKTr7I{W;_ zwOsODck&x+x<*AJQITk5Tf>c!ZJ#6Ch$^9xA|l(%|3}nOI@Hl7DUL=G%v|<49^AcA zhn+^zBh=ZGc!WB?mCs zeEcfr$X167RguO^wmI3LYRmBNkf3>pcWW#uGN9-1>uK4!yG0&wz8lv1>65o9#hq^H zU?%Eu?R^Ox{ZZB$EXumu$5_fJ@wSs@k{gHpIT;0DHD6@d>UU3r?y^f4#8Y5b z-!l~FN33jZ-O7!%^>NU|ZD}yJ3$8bp+LC!RSuGGk!FnMEn)A0QL{U^Wf{@*0zoupDpSbgUA)3K7^&AZX^dScvdGTd6QZB8X(w9YVMtopb{M{_M} zauxH2(jEpua5AA(zIf zXT()`r+s?qG$aQ&UKo5-v?*&SCta=BMpJE3vit;WV%eBgtf-DH`nsJ|h4bN_q19Hv z0QfKxye>4K=1!{e=@vl3(&xC7s>Y^=CspkkUf}TooW?JIQk5&we44o~?-@S6v^Lod zLW;j3agSpEw%&-uh+-e{Hd91_^9OkHI96_?#tzf3=cG?xd-*sS4(4e`JO_dFK?5il z{Mt>}D-d#5IU(ELWSf(Aabgu)m&-_zS1b-|XvC?kSk`FT#B3S!EpvyD^=;64xDPJG zfmP?BF0;Nus2K1fW);7sQkA`F-AGm#;#ss;Q*aK2WIfvaFf5)+TQd}YGM+T2pWxol zm=(Xut!=7RxOa=3rnz?84(+~t%V{)ssGY=PfiOOlW5Ko0mW>4r1^sj2dM2sAQk!mU z;gaiGtlwgW->9oOG0%KnZSVA<5ok$aI*dy#QF1Q*tqrrw3~W;SIiDB3RzN2q>3huR z8Na^-U=$VmboR^cK^Ww+U(qKEUCN68>PWdIGlGF@&R=?vh31!Uo&#%MsGr7*x8-~M z3pn@)O$Vcj%!$RH!=|+8oAC+QYyEC-VaZ-1_rOBep?fgvokM48mCjlqgZ*IjPo6 z1xjS{9wydBiS=<}eUvyQPMi`YDu$znIaP__!!+28BhKux(9ys+JBHI7t9EW93V7IG z#P4Jp$w2w2chKwc|Ze2*mxFnajDZ?qXaz;sT$!Y_$WsR6U-_6MT zdG2yutMyyFL%-P^zsS|+ky5xzKgXc^JpX(6cSrL?vevwGI<^SHZBpyBBj{p{ST^KV z5+6rBtGQ;@zLS2AJAEsc=2Lq#5j0%Vzva&GN&hZZk!|vqiL_*^K%zsIO?0H6dSbnK zcPJb&hw?SddHhCmodi895Tg}ii`-l`l{Jd~g>l@}`3e9qI=Yo02td5umgI;1sU zFjTq8!yQq{S!#X6;HG28bU%n$>i2^1yWfk(sgfvv7Meb1C+*}c4xR6DoHy+RPx)Gt z$sCU%9Y{y?w+Hw;% zzuhfl;nCRuTv*veFe#h)q3nfgXuw7P5?1J6-9oNQA(nF%S(SMVGVk#k1yk)!Kgs{D z&}0`GS^T8d^jd0ag{6R6^fM0rqNdSgKwn8r26#-=)Eg1PnkFQ{tMHw~h+s8+HRj$6 zS5ZaPb*FCRL7>As!t;Hs%Hgci6kA`{NwsLh|6+?S{B>MU*P`{-q9Vn?w5TSm)}q#~ zMKz6YQDpR_Tht0$i@LU@MSVbA+*Mz4+rHiWfF$f9o}5%W)%`EF(?6IehT})qP7T&h z^rgwS)1+$2NLyXLpa8Kq_>UrE)|)>?)bn;cDR$4q;qg~ z9&G$atNKP;r9SwohoiOPxFBIA))_QLgz?0KMWjDi1i;A-3>aU+f#Jo+$Bt&p92VMp zfSi|uc{viczUxOUg!FiUXox&R9d;1fk1RzCg6iDW`8v*;1cY&OQ%Mb%X9bfc3qYNa z^`*yw-J3W^=#2^Fz1&Vv5Zoo+Js~kpm}_7(7L|^=FPV_v8Z4K`2hq>R#U5kO9~JvO z%)P@=(@Cl8O-fxq`JUUkd!8cxD7sRlZK>nSO3BI(rqttNQP|objWxYfahYXq#-=$) zR(Vh?9o=N5ru>A9nVB(a;2J{4!RXkEbiZZ7Z@0Zad0++h61Vgkuv;~XNfd6sHXf;t z=f`6~HW@tE|55N%q|Vt8bR>-RH4?{DJWFe{uY@32nAlLvgBF8%xaF+ifsHIW=po!W z?{ZlP#%5o{9^(owaM&-CQd>Voba$|f8*!7B^78cmgDyiv+TGt)%dyhi~r@?re;n0 zp?!O&Gg8|NLI*)xRRBLO`Q(I1&MhIjc|MiApRM;}DTyX?hGe)l)7dbjFzV(GvJ%_Am^00v6+H#!~z}!Mv1=bFvx|EbRB$$e9RN1mea+CkJgS2 z^c7Y&w%2b{jkE`WWzEK$o}#e6gG7NXdICK8&`dUbx5a(NzsmP?KK>>XRGEhdGt(LM zRy}Gt*cvNwh|dBN!1}ZyEuPd`3r9a87o!gp+JXi5Vgom$kLAz*A-_HN(BG=l48k?h zY`I&&oSSFfTsgh7CtHcE=Anz_F=h(NJ z=XlZOALqJul=m4gCfknsPI)^Th(gxCs??6j94pxKutj+jHTn?j>m8eKyFF7}dSBG6 z%DAY&5nBXDK${KTlHVa>uzW+?{b3Qo4@N$xmNlnn^FM5Tqve&OssY;N_+uPEzzG5U zn*)R^N!&};VnKpOZo%^f>aO6jJl}N#7q8Vbse7+tToS_SY63=aeT3Qgqeu0oeW00)^B<<;SR%goK< zqu_myA#O&!#AX>pZa}1`Oj6P-J2W6=EM7=@HP36N@e&EqK|VNZElKNAqN9VG98cOh zsFx@p>B;=X?t{gk<~C^=ag1SfXABd(k=+R1)wK1T5|~cBm%_9tF<9G$v}XDexnTv^ z1V*Zp2k{KUYh}nE#youJT=Oxsa38kagOJ201cU5h)qT`ziCMvh%l3_@J$`{#(X3$a zzn9MnUh&0J?eW0yJ1c=-^91_y^t4zuq zibv!UJfiy3&VKwbZM~9Xo_ns!+QGCS{~ML%H3QeYD_6C%kIV z4)8}BOTBVBeL6v><3c*^)0o6K4jtQ*WI8QLriaSrXLi;EbF`Dv$lBFQOXhdI%?-8E zkU$pUval(na2U@#Ec@i5$(I!umYr`=%AeBTD&xp#Iug8z%53g`S2>;+kAs_)Ijl;V z1HegAO)NV|C2;c`FJFR`QLFvJo5(Yj>A`m>gRdnvtoo? z2reoqsg&1LDtw$Y)UaHzm@G&E$Nt|`8+AS~Cp@L3q>aRDD;ONwM}q&PP(@lL@?6b; z73L9b;8k3w8jvhuY6xAk`==JF^)D}Pktvn(-aE;>#v$QX)$>P!k23P<#`(N2i^jpo zO5wTDT6_z&+&pg#mt0hiQ?iUAJ5Qzzb&ifY$zA4YEjuMPqWOW~}E|%xPiSuY;6|9>$k12|)Tps8ge9@RC^ekW!=Il~d z2m9ugao)e0ATOUz1!u*1(-Y*aQ{I%zTUKA4aln9mt@zrp(g588o`~~F#4v+Jl7E_= zPn-K)@4`CYlqt6F57v^Xx2gdO@cv-h0uuCQoxMp1i0*k2C&tjuuLSMVa%lH9duZ>j z1TCUp@I}ehc~?d~KgK`K^NDfu%%hG2)M6m`${XYHW5CsM&~@`7_5tcO7~BSzMfHhG zesJ89mxU!4B}DH|@N= z-$ciGA}}-Oa4c95@q>Hcr}vT(j1UT)tDRgLEM(Ve(8a>pGEEsw@%R6c_vZ0YRpWtumBu++hy^f|9B(R$0|0Nyxh1h794s=1hyO6+-v|G6(&?4PN z#efcU-kmLhpWWJB0wXaBI_NFoUfnh-F1|Vjv#~^(4V1tyfy2bu4hpqJOIy(@vY*Ll zv#vmfe6kH%d>%Eq!@3i5C&*N4{RdD32WX^Q|GMM;6z`M#B<|kXxVN3$4foI8xIeoq z8+Xl?1sIuNy$-BbBThF5b`Uq=<1cT*$4?dR|G^I!sk0`Ns=~9ykfH&Ne7*IBvS9Vr zW0+PUqdM612k;AMGPLWotP<8)Adhhcf>Wc_E^D<$qpWElXt649M&}r-@DdE`VfMjw z_(y-uCX_zA#%|SS`7^Edv0IU5-D*4D*ifz7U9H-!S0)G@!j^;xGY~thCsEc^LONEM zLI=@5Ocn*b&1#BU`@Ved>_3tI zn+WK4lm3;+lx`@2w(e5;Z&&VI`pZ$Kr2pbg-KGCH-s{LE{rQ$}9cT z6dgIGKY|cN`r{NtO8+Rbm_zynsGL*!hf@?@>3@Ca|5o}_amb^a^uO5#OdJGHP(ya5 z`{#sqF8vcxrldd7=q~-zFKqU`y5A?$YCpS`OZwlZ?N(mtzlL+x7=t;b|E!c%a8CB> z`MoH}De2`hFg$vG)BpT$CH>hqIV5c&QzRXtHtb5$Ux*`-+seFwG9~E`=69EL3l4MV z()0T=tsb>oxg^c6a;R2bNnfn!$SLWGQkFx~$Dkmmq|cB+;E{CE9o;3Zy*XSBZ%kZ` zk6|UMjEM~hjA2g}UkSY(W^~ysWxwHQVMd$6&z-(hH?}}Y<>ecdRN#Us!}}C&_;8pL zuMduVyLB^s57p!@yUA+Zq$bm(gGjaY@34N8Y4Ur!NkTU{CDVj@XE(8|!<0wV0EOhN zYZs)g{wR=1b_pg~{0DEp;^{6!9+p`C+aa3hYC3s5jg#^5b|RPSFj4GME>Fj@?XEcF3vRZ$|aa-a;n|Lmdmd*O}uj1Q~62Vn=^;>O@m_Xet91%qCE#XA6DC5eQguZvAMmk61pPd#U%diF$oTk}RR1B$ ze!wmbV;O~v`7sbVwtyL#kgeV0Q@O5zThoeD+0|%{Wyn1F`H-+$)Qj4w!Pxr}!g$gj zp`*bSo3IHYo9MVw@x#1mg@sTS2)_X3qj498L~+;2-FLTKhGltEA)r}*5z4TY9r-ZY z%mz!WUy0j9k7dddL|$+U#unrtZmc3~{H*UHs4xDbaxAUaW#->#=aY1yZw1~9#CMV91VhCGJid^xjxW4943SsTgg9Uq zINDjg*M_Y!&cklu3yAmjTJ!Ix(&!n_s6_}n4-<1 zd%d0S(CvUvi^SD^dmrM88!j8~PKA`Xi*KN~DiX5%hHMg+e3C#oJ1-G3rWVRDu;rVu z221~F`F?z>41=j|AABIRB@Jz%GNi4BUtp0vNrjn_3sutv_aP=FpfQNg<3LVZXAj4e zY9B*06=;3}*w#ZY074WV3 zoMTJzMDA}n+AAs5KeYl)AK|-I4TLlX0zyMPpj(l~BB57m1iH|cqh(ds$PnmA@p4H! zJ8gYm>Jsl!w@A-*|H88LM30=bbj}l9VaHll&)uWtYoY(VY+5dJ)3Pw`rNt}H(*>(z zs&+0$HBB)i$S@%VjC2cUl{--;M6~v~6N9TlZ(R+c~|QOKP587aE| z1=_CrKR>(wh3jrI|NfWm{=eBPb1yADa?;W{_ow?mo0hMI{%*8f=B8z#>7~W)N9b9n zbpiBjS(|dTI>mtCW4vVrWgJa3zGAqnAkF}1&3V##&~CNv>9o$sL5bh*X1S0d0B*ae z;a9+POIbcAL60S~tRJPBn6(aT#Z4LZJeEvh_{ViFp*{xFwR;%uabvi^i@}zk(#O38 z!GAJ-lxTfCs65z}md)UhInpZRGKu1EA?vn(L&;5r?QezcPr$jU>mkk!{9^w+B=Id< zecng$z4%(;dkMN}iN#w#01>l0G+lk7Hevl{srWwaaA|M{N>S>!D7ELICDz@-mY#>s zHy~n0mcKcyw@+`0{sAv}q>d&uM1p z!;lZNi!iEOnT0P}Attt3bOMPzNKcD>Y0YX*iR^8=FYGzcR$)1{1_9&Hjcg+o0&rTK zH-0J$)4?AV;I#Dw1trqvyZ)R;Fe-j|l+SZWyVEjJEo%h)$2hl(`T_X~xo|!YqtHMK z^bw0rYrp>j&Zv!Z-8DJ*9N!J+KTs`;PbI>g>+3Wwle+1v-7`Pc`p{jrwk`H<_iK&J zn~?Fwt8J=W{d(3B+5P$?s%7!}ALHzAmmvzJW zBC2Kasd}cYfQHB(Ck5H#q}0Z9lY<9tn7uFK?d6|<#V?x4;5%VAVC`Jr(sYr#>6;U! zTt0{Wfx~*zE%Id556*ahI^t5O>}2#R0K@mNR9*g9bqwL?@Gm|QBf#hkN<;dCnL?~h zCcewc3Riq?wH3V|RyD4Upb=OQrZ+VyJM=0S0b9q;CT@w9qZ82|KPkLWr=OY5yQEb=M||}hpjMLM>WqoT@45H zvz+PT`LE+~S|^gWmMjEY0+NvND$xq`3>2)QBLlL-4Kh!h0oPfrnk^+*f8!LX#ld7e zt**U|$rIPNuWghAja(21YKO6^nJHBM*OjOdiZACa$HvOWLD;?))Ydnb;vbCN&nnkcHp~aQl)5{aVYDnw{zo<3Xb=k3!L*Dhti_cAoYq+Dr z#1&9MbeaXf3VqpOeR!|*rNslq+yb_RR?%)#Jh$CVuJonl>Py%Aa)RI-8&g3RrfdF} zn1Yk(@xgDgkMmVn<>oX}ZJAS{+t{zW8)7py4#U?xf}>Uk?uGh<&y#{1C{HNxff9|9 ztQuxXL<+Lt(6IC&ZaKb(PZ`Tyav|gGuec`$6u<-&Bhf5AfY<3#2nbaco)bJ*OP%x$ z1%2sEG~$SZGnNM9#Lyli%T9W2-z2h8=I&6|{%=IW$35U4(>70*(&~zoK8BELDqUd(oHr?$wu_;}? z9(OHfb@?G^lB3Jr-nO!}@RLU!ND+F^s%h6gZ5<;6G-tcKUA5Z*5qiD*48En%9`9-u zWBk(BVJbTFRV;Kb@YtClVX1)fL=iHuewPc@p*x55I|mjueQ`fFSJd!npPQ;k4K7b8#(qXN{{40yyRwz6ELy_P3hFz$452dH!$3ktVBfCL&-e)XryFhcS=rnQ!*h3B_YV96*5TxLYq}a zWDNWEr=8;IoGmc+zEqi%{`xfpb$QoHnswwD&mas)G1R@~#EpqbD$<6R=j;{h2iUE4 zE^)uELEzNG0E@&LATgCSmp0ixS91R~BC*Ul8f{cNl^(csB?jm_wQQ62hoX0j9-VZF z%T}DmO%RW*(4p8H=`ElD`k=x$=yz?%M*N8Yx*4)16ohTa-oH9y8tnLn*N#0kFc)nP z|ItO;(}?Kjr0r8GUT)g{D$I4GZGfA$3NLNwevzv&WsAX&BGC=wjKxFuNAga*c@?lg zRnrsf_yx2}J$Wr4JAosH$M89AWo%QGu|lRJ78ome^C>FHWSm($x zE+RZ{QR)!LsR2c4SBtcD7+bjaiQ24_>9N}TLlGEt>c;KeZ|36my_s3u zHn-*G_Fk-(lz<+QCN6GYl(nZ0fw{T;1KMP9d!LAEr`(QY3op0l!86TpTXNNIa{DM| z+U|Y(#qYDYZGR;E9Ab0Zc9D!{N0UESM~b>@@-1kS#qBD=w^MG0wTJ9iJQQJj7VBBDsG&zi+f--mum>e7oay546|O zAZqo%TY#z2xDAEV18?%i2ljF_k0z>fK#2Zn2i`Z{;k&v?KFP;;z}!}4rO)T;jC=R; zr3U=)I_tFcPrBxML)c}Tynf6a+_Q!5YNg$`4u4U68QhGWcl|g!S1r=luS1djX+>^C z^VJn;rQTF{4CUAlR|gCd*4DM?v=Rb}9FeIgQ%Wogklo^Ww15+ZT`*s2lsG?MAjfWt z&3Ef$wrqxn#}00_4imRhoX&*xPk2Qx@2N=uoc?Jy@99KjK}9(IG*~k(7Zq`PPbJ1& z+&34&SM@f{n>P?w$nmDS#>fY#k2AX{z54BcBVnwXJj#`2w%?@P$gh@W{*8p(bOzYO*P#WdosQ@=0%{ zXPdIIZptXia&zK`m=LKbZAwu_Y|p7E*InjT6x;jo>d7Q*b2V3d4i{GI${Q`{jTXAE zRsubtxk^}HAwT2P?#bha(n8)SN?1Se93B1VXW*NQEkajl&-Nd5*X_P(z0BJ;T$Q*f z>aZHQxk6C9kqa1UesHn{o;`9qtPu`lAv_KB6+dn}WXcaHW&hD@}bT&{lSbm2ETc#svf@EDqxI5kl5c>tNShJRAhc!!0 z=j{%?ZPq;~)=aip&tgHQ8j4uktOuDvkQaae5i5o!R#nWZQZyk0;<@}%5i6HiHceis z&LmBg>IIU}QcZ9YBCz+?WO{v_nua}6-G<^!=kFy%X{qKb3frvZxXe&MJ%vP;RR7Mh z?oz!;XNy!H|5HXW$br3B)plJBIG&XHX8dKWyxb}vr-1gZV0h>FN=#1y%n%@k z`RIzy>()rqDVQfd9M;Cw0JOBC)tE%romRHM`e3!P7JBNi>;jw}QiFRcOkifN8_3lP z&N5)GLromHc!13(;(cIsL6>SWM4H$Ugjr~_z}|+;-1;(if%WMsbUJ3Oc*R1*Rdz_* z2JVw!$zZg76q&}cC(w}Riv!J{mGU>EH#gYLL)J*#A>E+o}z z?TY#9cU)T9=gcPULc2u8LSsg)@={PDu4))hB~PU~&VcRAZ$@{?@^ z#lKK(cisYYzd3m2f7Zr&vJYIYobTF-W$zU0>x|~95FvF3UnRu0`Loq?pY;c7pT(@o z)VyQx_klp|H1+(zJlxFl?83m!PvAMZ9cquq9^td_H$PC@8_&rFs%BZBcC0Eco3}5D zdj)FmMgJpJ5h7Zd}|;Q;oOW0TP~hBFAg6yv1DDJ?tdN_&JxHIx%u_IFtyFi@7WE@@Vj3zM zQfIrsSXQ1J%6482Ts;4@*}LHC+d;sTMG#QG(s$NAXmjhF>yoxF-ISVG`v z>UFE7?kr57S^mv=oKZo!Ok>tXnQ1IT8;y1v=8qOTZC%m~mhEoD}&X6ZYx2TDHvCf zh~d!sHZY6-s-g94KaMD7=tXWFW>}R0)q8G6P6;@a-P|(=W&cE`jR4BJ-Rfsk_NbIp zcqwa#e&?X+PcK5HDrk2(+GxD>>)sIA15krdOjm>mIawb*;N$j&?aOF2Z6b zYu@MSr+{SJK2M=|9L(R2BlMXK14WSPa=vF~O?;lV!Tx4)4%aB8 z4_U;Q&qDpi;>_;$ez^SDZfS>RakZIicbO0F?OJ@?2@a`zzB^F+4-$b(fG=u6qPeUG z?qy1s;I?OCsjK(`y}bk~m{xZjnE{+^Lj)R^ByjnoNT0AwZ9=Ec@xYOFXW*Gyzk-y; zGtPa77C2d1z<-eo_}1qHcn=RWT)c9-(<8V~k**$V@QO2dY}GIWjwj<-YA!t55MTpC zZB`2t$|=V1g8`nv)g7yh15UjnT>vStlCy%sx(>x?z!8_QB3RC{wLHv}2f!XAClLT@ zAQB$y-C_AzW?Szge(SZ~)S_ieR3KX^xX0h5ejywRJLs;WbPz2anPjvPQ$#<9>ihF`vq7>w5wSW4)T*#4Nrwdak2x!7|50f{#H$plF8MF%jG4Ul7k&g6THF1{AUG~~7j%*O> z)^zBFM-#NBsL{okUtNB&g`hu3bLoq!rN;tz>$G5-GSu&kvi}>nwC=lYmz)*K9Mhe3 zDvwsWt(n`13GGjUc5kE6(#X~Y8Nc4C8XP~wR#*r)CxZPsTDc6S;G+I|TfK5hx3iz! zDBP*C#L^%h2;m#^WTRA)gfvl?rHeIJ7RSZ{3Rq>AqK&Wsiba zCghNk<7P>#yV=UqBY(}&%5^!BwEA5)T+?@>)i1l@Iyy%yeWM9<8#4-e|65D|-qF3i zvO8bdtyZy>hp!bmTIm=<23NcrE^{|poz)H3lpL+}d+ixqgSz25WH(x+Ffn`iN`~Ch zpnqV&C+mPe3BLyZA{EO!>S+|{jrChY0ZAI$mdYBm)1(Z0i&2!2vCevAUY~9ihP7p8 zJrB0#iY~lZOsw>6ptTn}7D=6JWOX3GLIeBE(C}7kAvCMe}Wy_*Y7*w*jPSQJ-#l_$J-;ssPDl!5W zJG5($8A@!gSk&ypdhqE!p-=aSRL|+t855xyP7AT@j$O;@4UGNXWPLPZuD2!d9bUY! zqHcloTgO}?iVOezcu`{O$#VB7D9p^K_9Pk6TS0$zc;VX<97_5sa2(K|ghKl+a9*ZP z!P33eNlc`pRt9PlGHC2PxX_a@p7bLPxk?%>*8Z}^>#pdO3fPcf00BG_>eP!`Tm#iX z+wmXomdwXql(!uGRV+X`{^N3&-%I(FYA9=c$Xre?tP}&Xah0COZCjb^G5C5UFOq0A zJ}iK0+eo4;derj{f*Osh6Xb${zD)%P%2>U_5RxoJVUaQD@)CGyr3}qedxTmfLFWq; zG7r$8IrtAKSE9ax`vBoei9FN1Sd%cRA#Wl0z<&t>S@$TB%@RQR+9Czvku+;_;(Xi+ zF>O9A9TdkgwTsv)KJjrxl%%DpdXgvDBJfk}S8Uky6*-fu!aRdTZY8#8=}X6-;@HMsYX^i_d+_+9CTaw)#LdV72rUR4d!x( zbuf5jV1<7n#+Msk_Mn}Tw%$;iNUX$>rpqQ3r1lTdIT$K3!IcrT%y=$_m@~7JV6)Fe z!(@SeRGEvgw%4EdSFoGy=+R5;G@;Pgq7b1+ua;Wbs!waYNIQ7XRTc>-zd+|G~t!i39Cn+wmMXj$~|;t zxy+jIdl@Sm5>U%Q1WGVH(S{8i3p@#SvlX;qfKO@Aw<_u#Y+kL%vjQ;0*gfq^?vF9A zPf+Ot-pR!fPjf}em%2EsGB3%%?11QNs(Nnfh^u~%zt_y(7g?#ObtD6*)d|S1uHqSf zpAL6#KU49Hs_P3Mgu2DyeyZ*m?Ax-+v#j#0RO#}Cd!dRiZ1Pho;RB<%Ojw=|#HLf= znJFopNeeBgo9ypM^_Ant&E@_MxxFMhcT3NCec37ytAJc&Syh4I)dq`%c?#~yM3^Z1 z_<9kwasfwI&nXQ8Dez3Wzpbu^eAvEX3(hN~aYAWy#g=(*D4_4Uymr_6&fwW2>2`D& zr#13F4gBZoZAcqcqBvEya>ZsId2sdrkTe9oq7!v26!t!?pz$D0$kc>4FZ(!Unq`%+o`i&KoA{uMwyuir@h zQfLA<{~lVCWo=wGz-wg2j-iq9L`vLsNkS%4^0WV-?x)9R!xbwxAIDLhajonwt>0zd z{M=t|s^UGaHM6jbi2(Y^aU=7DN*#e(P}&gD0ldBp^<>%=Nx-i8%jq zrmMOd&FBs!w=zMEHLD8&3wfQm_Mc97v^l?NuXF7e9$!BOTS6RwW_7-<2alxF7kQ1Y zMAOeQ6&I_D1X!Rdrc-|u9YqEmpPga2Viy=Nxzw!W*(V@NHyxNkc7keysi#_QqOtE9 zh}?n?wLmcUP8F(2jI^c$#FLMKSb_ZLfl9(*J>QXzSvPNeE~tv#iv}@7tlFeLcfW9k%BqI zkSY-Pn-u&_8TdsR`1TpFp+rFil;4adcL0FS^PSqh3lRcZrM+F58cXZVE}aj&zaaf)q=@L#Ua~NEMN1p{*HF7F@>gGmT2y5>Yx| zEq?kk91$?9$x*n-j`Y}ThWDS8ab^un48>&&B z;)+4cgklj%=TY|!^H^UG4G^Oy8s`!oM~BCWo}qe+)Da4JNlq9#09(qb%eX;lJYn*b zN`(^(n7&TUo2*pK%X|3MWee6A*E zGS7aQG$kurJ)=aRJF3E_dU$XF1uNX5Boj$ki3|Gp zlJ|qOCVY0vXZ?1#9!#ueMi8q*d3KwdB~L~bwU+zAIfjs;iipR>xkbK!pB{RojhN3{$rTmB%AKb@c z;3l7kqMO-AI3C7J zE91)f4h|`5z6NoCjMKXDINOBccaRycWboNMYpP2)sj8gS zf}%#xl@K3gnHutw)p`&r?&xLDpzj)eIMio7G!m+>Bej9p@w7Q45W}<(J(aapxMwmL$c!l|X9g`4FM-i!{T3HSwU|nN>{+JIwAK3@DumeWYJlKBmRU!`p67zZ zGMt}9C4l8aeRscu7+G|pyWUK9y|Rpd$GP2@*amyw3I$Z2j~I4bN9C$)fB1${L*I_KO1YIaU83W3roEeaO$bdvk z8c>{qJPNbO4$dOprrdkWH06V*=@`l&aHF4;n=y(BHbwxLN|L6Mt0_`uM}0`$a&^=T zXk&L2)2gGG%6PNg#*ip}q?0(cdzsJpbjGJYP7fRoPRsfqzR{K$H3y?jXQ-xGIW({= zpPwmqp$%19#gA{}Y?7I-D_RvD+y|Pe6sDDI8cz$i#vKjv6kmcLD9j`Hfx=Kwdi@89 zwn-KDck8EUo_1LrM4P5&Hly6V7DqF@NwkdK`I@MN1@Q#XELza@dhkhO?=A;I(yzG%tOK@ zGNyzJo)3YM>p_E4Ow$$&DzE&{v9-bKKz zTDxcUAervw?vGps#&>RUtP43|*;@Q7NQ=hRyn_ZZ6n~lktwTVY+GP=AX%x1^+EHxl zI@6SsDY;tLvDSro%Ip2(b-lMVoB`=eD`+AMP8Q_k>&c z*--~@WK4uZsL#A>YsGCpdkCW&BxIL5io?=c`f4wDl{-M;=!#9(707Qp`$|ZA^xB0T|C zEXfFaiCfrwgHl~j(rSG=6$3P5?~6$c`3L1QK?ha!vHf$O)vktixJ(Dvs+H)(%2Pq&X<-OT)IQ3#moAr%{s2RZK ztYIn|GE6nNnSzIoSxS24_%X6%VqYD9T;w6?JF{Xn96`u$3Ti3s31SlE{j|6@o?lc= zKz#5rY;P~RrEC{;cd{}7K?>-Qf1V{m#A^*U5-hGAB)xz{NyC`C#b(+bL&sBe(=lnb zVMDh^C=V&VrkdZ77(B-(kBTqThpjHCmQtvW)ZQFhxP~EeeIr12D0(tqT}KQPZ*P^= z&E3MOWlk^rz3O`ErBqB!sh+!~=T**g1xkb^PV;9d_3DIrb^5}GVmk@fM+t#Ai2(Yz z@7xpaKR@c`ovC1QGQGYNyEmD3?~b!Pc5mQf*uCGrld(;WH0VvV?>YB61jOlQ((Z+f zbBm!`mlUU$m%$ONGG-KmE?k!v+ZGB`d=@gkH!C=I)NBT@5?o4A^Bod}f!Y`G^AP@* z>D6M(xI#R^Tfy|opK+K0<#(X|E#j{^#aFYrE8q(lXW-+-3PAYhvBcGTn*N8zkKm09 zb-dOwx~@>w7=nkAG5Av$K88O<;o+r;?G;G*65-x8Cl^*D6*A8)E)1EM6c4O2XA~FV zkk!ytfkRm0i=JFqlzJI|%gW8)`GPec`qEv#;EEmnDq^;MMUEu>v|8YogZ*!km0?h-bt~7ckd2q}c zv@dGD*HT{GkBCF@>x%nTlx`^9(1=&8d=2aHC*Y5EZp1np8>I1aUzg#3@Uh{()GhU{ zf59_@Q-YJHoB_elFpnBik5=aFLL-gKNaCS%^xNTq`5e8=*ta31AWEiQ+Z>9u1!}pW z9W>IxXh&fnmcoPCa|lQ~anzbX?KS9_(nLD2^hm61Cs)K05Cwj4Gp_)E)uS)aa;v zn-y247MSA-hp6qkdb z9&BD&2z@U%R$>4{*=s(oMh$Adt?>arpb=6}fpjz=l^d;+Veo#Z&aU!N>F|>k#unq% zb_`K&&aE$|MfDN=xW1Y{W+GX>IKm0+BwJznq>nTXCOZ>5$!yC zUeEZfzR(Puz6Lof@`8w6k6M3y=~wk)uoVY|;OhgnD>pU_TN$6w8}nD_)fM0M%v%{W zCJjgq60oxhHPebpp)qo43MceNBcxCbjMlk)AGl^U)5%{zw63BWMizC^xfuJE@sW0` z!?*#Vi=Oco?cpl=(p!{<(%Y?OgFsG$=Bd(utyCeaFxokMc7G$$RlFty=Ol1QnHo{6 zX23>qY8*AbAP~D5iS5|V#V4^2LHv6z9%I`eba6lev3Whv1!iH8_B}`g-`SO}2rMla zwK8JSruX(mzstL7Xb>Mt7lF#uhwkrg6{73&0{-BNZ}-t-{FUVS{h_KZT51mjGC4-G z$~6Ef@114GFlua$qzl(V0LjCk0%pJ#fYE9TAhsB#v9)+l8oxF3 zL}G#3O+Z(=mfU70{N3RcZmp5wHHeX}ITcRQ!I~m~tq#OmD0BDpDio{!%ydn-!e)Zq z5{UH#ecrCAJsUiwelD_1az3K#!j3b><5re4kpZ}xrN|Sm!pPCQ^>SYFK(x16j`7L^ zR~^xsKy5xMiiL#BTL#~#Fl2m((X;5f$Wbr~N5{6cjFpiP+0VS9P!IgBzJVA+KBa4o z)>Y9z^vg?qkh}rrINF&PIoxInJ#$fgxVKoS)LTGYy4I#W{7|Yn+SxOFzpHNKO*0T% z8@V;LURh#ok6rW}M&k=2G(p7cqUR=?9=U`r`4x;0$r<88VH2~_OUxswwIt@Bu9_g` z*x0tnZS|>_U1o~b&o(&pUPAHXYzy{)tLS5Ik?ebG<93cVQyGsvc>3uR;W}g3V~i?y zc~o1Zw|4i9w)wrm^cQCb&t9eE;i_M=t(vX0lf9Exp_*$7eCzHS9f&SM<=~{?X~D@@ zA)I+87HI=3jUAQ78zJM9(ruxZgwKay4wlp9#RW|k{Lj$#Pb$s1zDhGv5IXYs;?S_> ztNSwA3}~UQS3SSIs>G ziX;1C$yF3QA1?m6!QTX@DmQ;sDEjSf;Q*}e{Com@CwV%g*KjHLNWBs`q!zzE-wXgZ8%dGSojumK^DI=T`R zR6Vm7F|`2UEy%O5A*2am0Kr%}yEo!=(bdyd!D6+c`?hbKVH7SyqAT?={I@B_58U2r zC%AZRaazDmE-q=wFSb$OwTf~Cd4Qr&p%`fT=Z>ID9XTvyY!vE#@M2vx`$T;2x@I-O zo^#%+=#RZ4Z&)izN%BSnF(pD1n%=F^A>~Gk^#@c-tw2ao(fd3}6{1s*qYluA z_m81I>{n^5YdBgRZF4DO4FUY8NgN3(E6)Fk>cfQmewdQQ~|#h)b1<vM2fpaRo-1Et|l-#ASL2Xa#nQAe85C>W-q9KIc6Rn zM3&1Lrj54b9XVzuanhh2zZ~s+)`EO&MsP9CX$>$;|4FC;-#2LZ5PZuYLhy|ERG33m zCB%`A^bbO%>s65QMq)|iRgC(m!uU97AUhD}k<(zbt1En{IU*Gsj<{Cm zuykla(41VIk0@tsL(o7fQ2PYxm2RyV^-XwOx9(pBhqb~e(fuE&eFJs14g_kq;vu#* zd|XBWo_fv_cr0t*u4WgRAe<#&L!@G-Xzd`a!*)1fB!891mc@_{6SJ>*pP9v}V{u zROaAde9Di*zQjR?=_|oCL{^;-o$4J;GQRO?&{!`KT#xoy=L*8`pB#kAUL;qk@%1QG zIt-DA&(vxh+Zu>5^pHFpHOq}-ijyOdQ2w~m#T(hqKcm*x#s87#NqA1K!=fvr<;lCa zG*A-(cug*lmBRBJWcETL#Y0efwQwGmRH3-1xF1i4=;A+gFMib3TCGq#t=IGXh;Dr} zaM#z{#Dse0BQA-^uXp;X=bDJ22JBdTcSvd5u(oK|pm2|`R*gETF!F8m`hxEwUxiHn zVZRuGxq=rE&w+uMG|+^l#X#yOwur8ID?xmTAm-+#^b9NzBx6)__-lsio(6bYSfdjZ-lSUZMsuEjArA@=(>Ig{cbGV)?65Q9l>2U7w^eZzZ0aA zwCLs@;V05FqWy%)LdfCxAqg;O%{m+-Vsc|4(oG2j!|13`FxIih^@3s0ar1_a$f}Gt z(5@m}WK=VOANE3Jyt)lP60vB5IhxU&KV$>YVq@HYKl(rlI*@_(3t7LVn#;ZpP}NBH zr(rKhy3%M^z%oOs*gG?QTl_PQ8X*j{)E2*h3j7y}zaVK@Q#IBgN3SVlI|uLZ&h9q@ zn+SB#s#)FizczljB13LyZSnVheYkJh-E&9^Ye+I)uPcA{8Z2jvKZPF_gp7SRNzT{; z^*9N41^d_h1rY13yh}}O$5S~YkqOZnsOhgu0saQ3nEINSXZ9d$5*-` zWPIFIgdFSkp{Og5gYd{Ug`PHr))lBBdr8&Q#^AC7*6V`_zH~zspfIyxPyB%%#-A!) zf>hJ2udeo45C5hwW}Fu!CosET2z0Qp5dTA_s#vc|BE9qSd4V2r@xCS zC~s&xHcKDJtKLr)FJwK#{}D>8S%YMfEDo8qDjzc}P9=}&I??BweE<=$wyzBSrJ$83 zUy-lrVB}g~?gzTeeeV`*D;hi2m;0LPK``X~yfNI@_HsFsWf)LJ>yX6zUf`IoGmpMq zVGEq36WibBcMe!I=vB(_W>s$VpFMB5&pP0gzP=X!@j#OYw4gmmj5VuU@r0`?vJ6Vl z=yax{5kI~<9G=Jv2cez0ZxGP1J)8*5@!>O_@v+tAqeSnY zhTs%UJ~vshh#oOoY9EW*Rp!yxUk_ESGK%Bh~jjrIYGE(fpIoE;zF? zUQt~+YIXS2pgHj#>>Y2eikBT|v~%_Qr+c6mkyp8`%GSZ>=u5yKvaK7olMpwBeTa_i z5&qN#HS#d%_@B1n#3GWI_R=I|>S7^xM~-@&s=6PZ18&J8!^4{5_-<)OnbK`(;pG_uS>dRs;5 z))}Xm#an57C*lOa=~YI$bSn;IuUtZV0|T z+ZFyOWcHjes(grVLQDA&nipSWL&zK_-=$sK)h6_$5|z<4d6m)TqRQwGMHkga>apXT zp(%VsB|Of`XcwaPzk^YixrLTy8ByWgmNukIw^>&m*GDNFE4)i$iGOcv&;9yHSX#13 z00_m|$M1_GZ)UjUJZSH*2QRSwXuJP#vH()TOuYD7%J|zhjMk8OaY1DN`8U+_w&u~@F?2wnQ;Xv6TIS|kqPyDf<4)C1J#26j2k4|>;s)*+sOKmF=G3Rgw;ufsxnrF z2g3fT=Ehju21nb?qDV^P3m;htx|I6u`~4h{W8h8*|F=w;{>}KoiG_kH!~Y4B@ms5b z7aaT*SVHEV^5j)X%#TY@mGmI_H=RU~w#7dZjVNa%hv+1SDV;Hxj@UwiZkbP*(%SS- zCr(Ffllh44qZa?Kk)nzM(jI`se=Yv^*QpflLV>=WhVj9hK=|7OqTUZpz)=x?lJ#)o zksg3_CAI^}eW3PQW*T{@x@9&y3?~w`V2u8sA}4t^7aoc};R5slBWuZ{(SI@@L0^(P z7Gjx{z6Q^#G`_W`Kz-JT)8H|vABcU5<2fK^Hc(U<{R`{H00nof70n?t;d6fi(=3?B{}>Y?N1nK-9=MFFhGUg&^L1`;*{7fh8;j8Q zRpH>aYLZwMsO>>3Jbeijeg;+qRQF|r@CT8Da-&VV;eq+@Ko`=%u3(Wwkn8i-xH!Yq z?ti}3;cS{0S49R_96)vh7hf84a7i!Q_=LX)gXU>P@Cy#D#JUQuh+367E(q3SszxNm zHF8?1;?)tMPjb-7H#+&HIkDH)9OLZ@9-pOjvSqBVFTGw_*|M6kdB{H$A6LDsH`Uy1m?hKY5}Cq> z{TS-mAhY;)#RMMiGehs;Top2Zt^q|>0Pt}NFb!MyBn|kdp+1lWwMapg`CTM@J$LlhTYUl({8Al}2?nY9aR&<{JIS%TEYeRxQHn>EF7V)%~C1 zhyOxje7RoK?Fa%0*u)D}eg!-&RsARwphDxCLi+~=d9fGStAhlvkK?;qX|l0236oYRd^YdG$2Y_P`#Yd6Tm5z96(M-Z=y^K%T52R14dxh zzHK2MaRhhH1!}WslpF#GAG&Qm>y-s!7ousy@kp0;f!CVVlxj%=+hJM#^A0?1r;7qH z^=dLiX59xnlX@X!ycViiMQl~0UJKtAl!;C)a4X~2bYNvW(cHV-XvX=k;77~IhNPU6kK^oi={7k}3uUmbJ-Uy)zgg`>a0(f;__sTPlbjBXk(ick zURAuYrbP@g&uJz5qDm?56?~|d&-DLh#cMoCeGWyJ^Svy1TX*5FH5dyD z=v(qW6j=}MtIZ@f2Sxr^)CZP6tu|BUA&QjlimQh|Dmi{#iO z>KG{YV75i2OCle&L|K9Vk{6PsmRM#44DN&XIAh3ci4}p&KByBi9vzA#N4YuTF9{B6 zC~U}BLO!r~PKN?Z`(Mj^L}oW7hhbFI2hVC)c)=My*Ah9zqy6U5*Zv9h0u{}&3(g(L zp$PmIabp~Rs<1_b;A}}KwgGiM-Bwmm5QyQ107&u-aY(n|(-k=`Vq9E2P2{0Y>l%1ca$ z*Oo}^YET=3DS;cl#)(1gq0)Na)kMn}>JJu8|JF-D^%&(Op9j(5$Q#w@!{qqnJ~UKY`c<*tN=-ym0{E;nUys2Z2!&SvBlzCUdzODZt$ma;eATFQ;D)D= zK;(=HR#r7^Th*`*=u}|-!BBxJIBa z4_6J!&Sz<2+eui`2PzQgi^{1dvqskQMpS;x8jc>6$&XnxR6X&>tl?gk+AcC{e3Is0 zP?0}msL(fVs63RYhmuhAy5b^Se`20gu&4*lpHnM9;?UBq=xyU*E+A>9X}Jdg5N80i zxn?MA%na0B4uk6pzQDg_b&EMM%mAiVKGtqEqMUakm#4e@*2P$U#iP{X(nO{4cF1^p znJ+K~l7F+Q?X7bB<`-Mzj=->k=UL0>5ME}%s}UGC4Cd3~5(h$GfE(_g*#sQh7c^m$ z58I8d0Fg7)^v3dWsFsYNlCm9(UkvK!W9}yUPlR4{PdGR z7%*C(Dlv-F~Rfe~{Zp z%LsHLfNt{_!5c(B{SABsx2=I^@fV~j&88*f)_j)SDi3?ukCi=}C=!g`9xgQJ{cwa!7+B)^}l{4Z=5mwvcyY(bAe?E*lmPtM2RQ{&}Dc|1{4 zmMlljMbiSc<;Y%C7O1@wdTO4OuSNj}VF`?VQ6P2&^7Yjm=;a zUk*y14ay+F4=%#0++DS&u6h9XK(l1B7uqBT;g86K8$R2t3kND0-hg4H>x-)6U4W5t zj$%aFbL=FZKSV#Cfrp)#@)rNEP{@CvYY%C(6pbX{X`LLT<;--)OW3u+D+K7MI}&sS z-Vv4C`+Lw=gN~~YJo6XYCDY&1Fx*$LGGM%gqUI=#L7tF@g=Ju=9*KVd7TAOK-|dDy z7=DAHD2_a}zXH1m;`Xj+MZa!mK@lN4Fhm z5!+dSb|K?#v7cuDeL;Q5FqPxcO2^}%9?TlGBJ#e~T1c|>(UUcpBw&e>QSeD>aPO19 zC4d>jFLOTbr@n#briEfi6zlR({05qa&|v?3)T=aJU&e{1a@gw1_&vo^0)?487!#LF z54NFrq?jWq*j!t@H-7UfjoM;mI!+oGgzIjbnb0uYUxJ-CQ5OFcV6d&q2&BDM1v`=; zWJbo8)E3j25SndgsJq`%18^3AWf{3JBi+0_uvyT_?NSD@rM0rk^vm3ex!PsA1pG6Bt|IpS^sa_a$)Z14^DR2KD{$jq0k^_v32uKc8HRQ>iHgY!0n5a6OtO-HhqlRMAGBzx7aE^6I{Q1l} zgc|aD-jVH?tkhzWfSNsx#B+y&F_{6ZOZR~)iND6FJ+_K{?zBt(1KjQ!TXG|`?e&#Bku)!(5TNQ7A(rKMS z;K*+MuqtkM758(sUig9Fe$G|=sH^ous`xHf@p>0&>s9f!uHwsFt>61dfS>Csu6MOw z{IL{|aTS-kT5q?c_+VG@>8{ot{Jv{^OxF_*-(S6gEG@N1w@7h^t9XE`^@Ocbyuwxd zw5#=5s`!3a@tZEvHc9bvI@)%R&33iE@CyR>6fbbKo+QO%DqO%vxmy2~7plj{9Of!M z+tvC89#8TfXd3M*zK@5Syv3W=BTI|rUs60~?NUc-Ke%wKi`~aO>?*$3)%twizZD;2 zx{8}zt@$wu6kp;hp5|(O0Ebe1%tTjljjMHu6noBE9qMX5yL<6CSL*|5UgKlZOB}{N zd>L7q@1AOmz3M9VyIK!Iapu$(UQkZ;uf*ubegrLH_=GBK?yYz~KV<%y`_tQ2=HXg| z_}Cu!vcr{cRmCSDCfSy*3M@5Pip
~9%MXX2^c=)Fo_SahA?h;|)v#_VH_PHu`~ zZ8JblI)vgk7t-679V*Pxd!yXkUv|Yu$*y?hm~((;RZW*%o|9j?A@#Y@xx(TZu>ot; z_Vk7@_KG{B9fzpR^nN{3OA)rgh7{oXQVE+up6Be~IwEa+&y$=u!Ku!^a;2rH0g08y z*R#)1M4F4pSlPBUdEw(2xro;asfai0ZT&oBYn3q#Ywn?7JafX82OM!50FF9h#WPgB zkdo?949xzb8|e3f#t(Sk*gs=}nJ`4Dp=XX7>dJ@%d0YXt6I$OG#AA|Ekk=?foF z+V&8pzplt$b|6b1Axo`1>#Q!k|8YUO3-=7KE?9<2^OTFdhk6rAS7agZsdzPxN8?DX zdg*7UEg1T~ZL8n+bv<;72Ns|l$BU}UNxd=*4E~dc5FUy?EB7^);SWM?EJQz87k=jV zS^Z7>Ac5=r;4+@CYHUYXtck4aS3RuvZ|dc%m!rmVs(7NYS`Ht}dE<%3dVSuQCy;R_ z9t7oUf^ba(qb(tG!Azp=xnLT8q8}HAM+9ZXABt^_oLhlExZN1RKRJM1ns5}9Cvb5V z_d3Q3R*&SH$2g^8Mc4YVL2+hDXjuD<(C`66N{C|E#?Yv?D;`TdC}OTMwp+*7^};cQ z>nHKZ+$1!q8udf?FF+PDK8>6VF>o=9R>Ru)C72toMHe9lK6PqODQQQw1j(GCVNrcxNEG`T6K~eZza;&>mEA6;6b`?m6+9>#!%zzKd1XeA?${;En}AS-`LJ z&!{xgmH1|fItdD!fbfVYL$6RAVGcTTLqmvKh2kf{L`~+Z9VY<{oCGi@A^3F~j@(Xy zk-@4*qOYeF;ddyW(P$D@(x;W+cO-sC;up|PWBU+(L-?J9-%0qLir=aDord3O_??O0 znfRTB-&yz$$()c8oMYZtN4oH?&d6!$av#E}zIME}>_QN}ZenaL->d=lFLmra zQ1KcLYQc~ozLsua6D;v%tq_>sf+w^vaM8k2BoVEsdkDV_A=FjID+?+OgoGy-FT_?K z-cuBQ3qa5R>wJ@-`k+xG+#|i9(x{=i#N;e0mOf_{Mu~E=8=>p^-JTA+f8*mjJY9^a zci_fnU>W~^)YqH-zth+5o}SU-W5g-dkxKzyRCehr=Kx(b>iWKN`BJPQUq7Z1vVOHO z-?yxAMI|Pm7TmkJr2iaWV`5L-)nu&AcdVRKzX$8j%G6J@eh2ISCU^Y}Z=-(wavOe0 zKh&RuKi06^_3vl>qD=kzJy1W5Ki0RcE_%2>8*1r2Y1$b+t8EIjTJ~enRGVd8mV63j z%+mGSSbw2ie?L!smL+Sw^-F$>`m^l%pR~K-vn)B;TYrhvKU355tfxN9l9N&9qNn6S zz%R4w&-c`4S+dw$e+las+V#)!)Mr`pYcD+|(^0>}rvGqHeU>Fx>-uuOa-bE%8v&vC z%AbxG37$@tI>+@l2=ix@eaB+aKh0(9{@TFb`IP13``hB|2g} z;cr`XVbb($=(-HGtWk=%{+c*zlTF;EXeh+3A;6N;auL^YQU&Jl-z(xCZFUnE$R_UI z^@_O9D~;7w9y!nA^#J-Ui#~v>W2{bn1?uq|Nm*CD=?2>{S9pG%JVT)GS>p+Ijc6!c zv~2zgviK{=@OKO0QuxAO{i(V5oAeEY?}H9g_%E+<6Y@(%h$H;QmtFh~qVRI@*Sa~I zzyEo|4YvKdEdG8^usi2(=tyt>4SmP%zsCqS!(aN8T>Mp&zge2Ut*hOHoT>PC3^t82IU z+tb5eeN`^~TtfX!YyF(K(oM+YS7-5e0ttcf6Z`Ua0?)-?=)G+Ie&*qCssiiq_sQB_ z^0(+1FMo^PvibW3;b!`8;ly10RZoEZEY$Y%Pb=K~y)q|@zw=3m&EE@Ilw z@7J%o!Ol@&9sYXnn!ncJUjAC&wD~)Qa5MZZIXM@99qhkJn4>xV;t4k)pU=+X@A_63 zfA14`F8=D?&F1gSHaFM>3arE5;RL($@n`+Y%b)dz&EKVjo8hl8Cx3-9{xpA&Hn|B2 zWb=1#i;KU!o$o{nabUV+vF)C7sMfyMo`T=g}b2W6o zg1$TOH==iU1%KHKF6s}`@c#*0ndM*Xt~~z$c)OOT6_);VQ)@Aznz15)W`Ak3815&1+zj|BIbuFx}NJ{HvUGY z1piY=W$+(M{44RNJN`2yGN+jL0Xa@a_rTFs^PnqF#mnWL&tHve@J~I7*WkDK`#pDz zZ_<1W$rgVfB>4}?UQV*7lk_>s9~v@sztc%8G8S!(gMP#_aCMymTvK0=cSZk&tiswe zaBAiwq!{1;jxUkam_J8SW8UH8t& zU${geYxe)0sm6r##Q!jj(%W>YG{*By`WeajPO{cXUjFzozJ{1|-K9u&AZaZ<7q1kz zJppAsR^c3g68>xU@5@wU5#-YB@5?j*_tK@(1kXP{rfMVky_4*8lJ7nWoPQFWo005L z$ybo%KkHXSU%)ZdutivYS(DrBU(ZxywV+?cG;lQOQfY$cXZ16ZPdUk@PV!#Rt69Dq zNnyDWcjq?^<>)O}IImu+sA=|J!<5E(8Pfp#M_npS@H|~VBRS1Up64Vd0KLXJ9!bH; z`}(12gR7uv0~4a-izyE2_Wdc;B0;tuBc|;}5!Z{(;AwS|Yn*`i zKZs{wK9-o<73Ncsr7*{l(wOf;Qe(aoNsak-C;4Y5d5e=Yon)O(T7!wX#UH{m(SZFL zB%5Z!K)3j>K~hH7#7{-lR_ZQm@h5buv7?E~-oQtIS*o+8J)R%Z&qzM#B>&+g>(Sj) z)c}hlS?GGYNsdF!ILDzdek{>0;xzcKC5+$pgw1%pPHD7td<5(ooh_~Ke6@Z?@+v2JrIY0N z(`Y&V1a0DUyj|nWXK1?;g5VV0;xD1hif}^Y$V)(xfz!9|SskzXeW|bTVE6KCs6Ocu z^xT7=1X25nc9cl*y&+a+eKj&@Q9KLyL5c0jx0|I?O^&87O?QocILsze2(3=jIl_(Mey!PuqYjv7_4zvtg0e}Bw4gfik72jXr@TFdR&ScQPdwr zjchM6wDz3JN3>D%VAolEL_IYxr8AE*WxS6^4>6Mn*0%y+uR6&t(!?AsMJrKsPNql` zbEp*2*(^g*BioDqSzi#H4{emq*es8zrv~tAnMWB|tMSNgIv!_KT)jud{@gm82Unor zUF)IXsZ`SSeiO8MW2)WpK|TK8#cuzv0?cXu?|AM1aR_MtkMkDg?)U{r_H=T6PVxtB zjZon`+b~5&lKg{cvoKF|l>?XU{~=5Je@M}2qurNC+WsGs8uJz>nRJpLJIN26WQR^# z-ybWOKg2UI-$Bf_|A#E?{~@I@w!ejf%<%v4Z2Nym z+WsGsL}@MlKrH6M2Ng2-e@xl_AJc$wn=Z92!A<%ZMf06xt&_a`pBcyGQY6JOSqgKh z{Xd0s0801|{vT7e|Hm`{_tK@dY5MU2RU1X$JIPKb`R+d){|`yq|3i}htX~nm^8Ypq z%P(tk;r}sZ`+rOWN0TnK?dr4o8AVSy$)!&6UeK$3vAdBJmK(7{p#49E^Xh*oYT*Ad zW&3|j1MnYpsco;P>t_^AbCTyd$q7KOagIk)a88h2iGv1@g{EmsxR~Nl{vU-}B*@ld z#Mu6yGk98^_T?stX{|f@MHn$feOZ$IFX&rwGN!$NJlK;Tr zV@`6hlU(E^|LG*}*GcPd6r6F;gLtO@N6gx$pNcH){~@I@--V>@{~@U{-|i&;>?Ch- zlBSca(@ASEF~k4Ev+e&OY5RXj%IKQdA*!}gcNzRYoodwnA0Gi`sm``NgNO7piXL>5 z|8SD^=x*(g#E}$#q+|lLP5FQC3EJT(;Xn9)I%WHRd<5)6b++wT9H5_3w4ak4;3U7r zaI^hCByIms4?^p)N>HHuKSe=OQw;x4r)>X^k3iF|vu(GhO+TaPWhc4LNpc)&#yJj! z@neZr`G5Zw#&3fgqZqH(Dck?!BVgC)?2P}XpHXy`lf2SNa{Otu9Djl~5$fjuK@i&i zqs)rv|6K@*wEx$V?f;>=_)HJJ+ui@eNR_giSeE7gVLVIO|HIy!z(-jm{o@HqNDy?Q z;+j=fqecy$ARc59O&~E74Qmw9xQMcgB8s{w6Tu52lL(JvBgyO6CI3BX$$yNC zlK=i`$$yB8E&n}k$$v}{E&n}X$$wwQkpF_Z5e-D;E`PKI{O^=;Eg$J^g{9*GpHoeDaHH$LUjB}#tcAME>SB}C@Hez-#MJ|Jna zzHdGYSRnXKE0~#Fe=+EH(`9YwcT@xD_gW2VpE2d@eDn{DRJC;~ELCk2RTza9;cm3C zIoEf81B~c!y{>F%QK%rJXwK@SvxBE+CIp7~E0^MqX($QuVrxknQ*?98{v4w}pujh( zFsoZ8fwgrYfj2?8W(qb93^%hL!PV>gU}7Ba&=H-K0ZRnf1ZEb)-`M~- z2dP++h>0b5TUtWkP+V#X-MS3Xfn{lC=daSBQogKR5ctPla)oz3`Vk3k~ za?@cHY*muztz@S-U6LYo9pkC%Wl$F$%`k?39_p*)Gce&Bc->0j@pw%Kn6B_UbimwT zuY|lA$AAEDgP8O}R*r6y3xh>Gl`|S<@X$ysRdN>NO#yWChB>IywoOUDg!`TGYxMcS z3iAnECF7>Q$!tJE8I@xCEd#2^_|6$;7^bjb#H+8r;{d}|!HUgjgFjS?zUqUk*}jVT z@_jYF%arLIZEnq~734l&`ocWud^*uNj4lIm?+4a21 zU$Zp7`@5A(efjV!u1?dg#n*lH@E0a$Ykj$k#NdYE<~6uOjdLwO&CyFR4ocxpCbCM+ zUoxb8mFJ*iWLGKkaHNs`%k=5n%s&fNr;@5ClKF~W0#%=Mj^`d$32tYCY39R(f7g6aaBo)et z%vJ?q{)#;Anrs2W-wYkK`9tI37Oyoh2>7KZ1p4DrYGgmA67G%jC~twEP*G0pTZS(U=YXoE4-0fWiDT+;`+6cn*%% zSRBAQ4BYp}e9d*T*g!$~S?OkHDZC7?Ox5u^iLo{C2f=c_#XrgK6&cCzN;x?nkJ-rL z4=Jij-e!&0MsN9>$9zq<0BNwm7=l8tO&eeoWCZZaD8kGQJbOiKI_4!ll*-U_b1_20 zd_l`5PIwZ(jHcn$=F&&O6~iAxihv3;=QHF2hLkac0~%IvO?o_xd`EH9=C>dYe?`7} z80m560B5ck*Vmvfb2>N;;(+NxAzb)QLmtgz?(^i$mc0O^il6)jChpJ7Vo`nJJ=^}m zUbsat2CoCd=VhpCGq3X=>NhrEe(-aJ@EqWW`(dITUR|32>CT+?rFF$A?*d#TqO9RJ zzQ-)FAImsc_75z^yq1F{G!VlJLkvE`O&L(`@$hTsmyv_opI`dmSozn?FP(Q%{!&b| z(esN;W}VDBMq$p0Grv5EXnTHn^B?HfGams{w3%Nno~bzE?@ZE-N!;_x`)_#X7fb$= zY1=puo_Z()p&jGW;jSb@;HH91`86;m=d4XKn_gl=2Vj80*9rXIp44+`5qx5RCl-tQ z6L^g=x-N#eUUjpcgHkTgIq0u6=Zi7TaJK&;%QSCcS)6fDSVrJ9mUJPmfG4XdA=CvP zAP0dy^ZiDb4&eK$n{MIvsP=S(!zllasNm zq?wm|kC7hyX=vFrb_J(0Xo#E4BOhk2jph(Az3B(d)r?;c8eqIN&0vqzo0E|$0-?Cc zEO=e_f-QgV4*d(+#@(WS<@q{C8~Sg5fsNgL`uAdqQS^V6Wr6;30a?$NP5I5+Ts^UO z868x3dtvMsZF=DfDaq;uc9_a?GTiE-7e3z{vlpItko9jg=~Ka+%Px_1SNB5Rbkz%; z9 zF)esMI7C9+Cb-+&?@FNX2rhH7OF=f8`Nvy*q0sA@NnHp?L>1#u$*-%dn zHKybcYD#(jX1l%j18i1k{sUkO+3EW$fhOBk(?g>f#8rRj?VW6oGg}$>B;jc!>#dVr zBFR{e?(~TOtC=jF$#Qiv`ZsJ!>5sPPWIX_m0z1i40o3`;KY+(;u%-nafbS!nsKYf_ zn~A~^b&wNvpaXVwz8{{PG2QZy;+)ySPp_5HPGPMSjBiQ@~&TVEAsu`;jjJFd^VS?sbE)r6LUL-EH z6Xd>#1U^W0GYQp{>I8kIC6U|h1}_HK<1W35EX9XrdWQ3_HUZfiQ$FP<82l3_#YYbK zz5~9i!KRc(8>-V#W6E2kBi?6mX8Xked)zB?+%kaWub|oH^=LNht;wZ=4{OOC8%gI+ zoosUercVX|GnveBdQBs{Kfn?T+285j1hNdbkll|kY>0GF?NC8B(Mi0cTqQ=n?GCuj0l#;^ zZyj)>2AfjW+t6AYTB#wJv8wtvIWzw6RmMqCwj;6`S05_2Xr!rY@oopFA?KGtvi?--w833En2y0#8H~-M6 z12kBZ`I;;qdpl8r3{utBp>QPa;6$}*j1l^i1ODKETO4q+18#Cai;gH^ofB%&6rrn~ zP>a3@UG9V~b-=|A_?ZJPaKMip@B;^&?|_XCSnq&!4mjHZXFA|?2Yk~3Uvt1$9PlLv zeBJ?{aln5%;1dq`r~^LifDbs}y$)FIfK?87rvpxOzzPjErc@F#XMEEE!VcM}RI||o z>&QlLIt#{=0Gq48Mw^&ygiiK1N%okN>`s8AINv2eh^iT?llhTMtt*+7t>$k>b%bh0 z=>$h3fj=}dqn5I}8D5F6ru+sG>}y5LM4Y+63Z@)dD`FXgXIa6N+iGQDWbo5=FjLDs z&fqF5m=k@iOgId_(GJFpR4YT1!IxRV9J~I|;EY-l$n;Baa=nZjY`M;~(H8`(g8uDIOice}2Ea=u+VGImjLbkt{|x>#&G^oMp>$m z{)|6*zxy6xP_RKK131?KYaQ?%2YlNBr)d!LmkqsQL(gldF=Z+t*!=+y-QJf0>izC( z0A;`1?IO^*g>;sQ2z0&~j`W&RCI#$lWdQB{?pS>A4~=Fx|A=OQaAV4K{L%Z}VT6(F zQk@LoU4hu#0S|D%{T$HefL$E0lLK~iz$6DuaKN8O+o=8M zfLk5#I|uy60XH~c!~snQ{I>&s<$x<3@Jk2$!T~>bz=aOj?0_FS;Cl|($?{_EL31q+90?o5`zk8jXAQua#c_{3)y!+h&(vs~r*bO!T+WXxI zJ~Y!aoPT=1yPBUE3oD%z%N=m311{EJQ_ANy)U2V#lm^lf`yFQ*Hv#JX?s|Z--`xh2 zMelz1ffmwvwUg}=fNl4?f0JY%I>}}NY`fp}OR@`{Wc>lke)ohgWGyMgw|BpLfMlsh z^L0m01!(Vg-ymA}1A!RMKTfj3O1RUagYKfQ_iyYyV+P#@opM=O(S~*KzqM?l zTfH7LzuxbD3sCmEd&6$VyWj1zoXB=^vTb3uHv8SKl8oi((pLa%yWd^EjHUHKTXeE) zfbRV+zxfC19jQTUzxxL#N{~S+Yrngn6XkQjE)Lkq0XsTik^?3W*^hM|fCp6-KrUU-l0l#v<6%P2N1AgIvpF7|}2W)o04;}D52W)b{c@8+o0c#v^ zmIKakz_%Rmbq9Ra0bh2&7aZ_e2Yku_r#Rqa4)_lTe9!^!(_mxD{e;YSzlz@PKD(4` zG|yQuUIW;6zdK%%{mV)A4}fj=yQN6x+V6hxb@YDsG$e5LyFbtcbld&zS5~lhzx%!w z?A`CaX$O1uyN_AH-u>AnyCG5nGSBd-+k%tp8YP5b73TksiGVzZS!a7 zvoThWDeaZOZ-7T@u!i5Y&odAzg7A0E%Hl`aQ`3kWM#B5SlKb0>Xvv+;M6`ddDd}H; zY&3EH%L^zw*!L4AC|jZJ;iRxJ*pTzE8Gme#`5eAySXJ4kZ#$G~Wa1YA&gVo)h*;%PKn1`ngz+(_KE?hM>&AUbP9-@BDBB-QVLmw~glVj|t-N zoffGumx71l%VCxZD4SkjdjQ+suo^u%tF|MWW1b1C*~rtXlp|moMSVso8V@@=Z5;Yo z4>1n?yKQoN-0iT_#5=k)A*c_W$BlB)17y{DwrGq@i;_TZu8VAYF@sM7{yp{pGaJP)A++waTvdzIgpV3p97qiY+D2seox3T}U}4Y1*^ zf@`14?uPNXeZc{>W|2CQhY!n*zFO;SjN&icBlJV_tN-BX9u)*HpE&eCXi5vs% z#9yi6>4-9B{=%KaAFbl)m@;Pm)cEmj=plWg>2YpVJbIiGQ1p20o+x^>TVCs3@yh!* zT+fic1ER}w)0d7kW8yba;TJdlN{v69(8bJOxRdy!b@}n~r|u-4_KfI%I^K*~e^dPU zw&STC{(T}8kG^~#iS%7x-KM|V@xLWwBYJ%PkwvvTK4%;gH9iY(@r=)HIKQ>W=U}vm zmb9x3JwA80JujlP_S=&k-Ja<;d)hO?-JbU+tM&~11?>_4RR^&>Aoc4LcGj-y?m{QW zf7PLEm*c;xd6bJzy>z=~P4cV{oXQ|Nh}_V|e_G7>^=6dXKE1YONA=&tn>_UD?QYj2 zcPn}wq1v@u?Gbvd`1N1xYSi~du%>dy7dqcE|29oW*EA)K zx;oDM_1sS4uY^%Q@^6Zlzc7BhYdyiDMB+82Zh8%-7)fwz0+C>Zc{7j!fF~mh)LnAV z0v=xaDdkT@V%T?Q^p=}n;gyKhH)2904eJ&#o|4M8sW1ark8NXs@sTp<$E>n;|9LZoGRYrxoz(f~Wxrs2EyIb-o*G~K-qD6U%U7tj zU5K9Zkf-4zi##L8wzK*=0l4<=ZtGhpNWih=%e@3_WI1##ynz)GGJ6#vciZ(KIL1?tq&!qo z;{G36ZpkOk{@q*O8(--9u8yiNYTbGN1CKl)^-O0NR?Lrsc0IZ}kq4sj6Zs>!OxO40 z5C=a_K2h}z_SPrUQ=zW!vR$iB=(%vQuJ2A)eQbSHeUbOu;?@FG}EfY>{f(AYAqLFyXxSEC#>&79Hgh zc%EhKF3*q7`Y}#V0ABjcz#$uF$a4JdE`5G_e9zHmQ+XTu-1fO@+9~Kd4}G4VZ_(%M zo7>Xo4#o<7LWP+gjThcGFU(BAW5PN#RM^cE?+;B}47t?~)8Bq$x(dd(>5l(Tm(OdA zxKxd8&Sp{7e+j<<6?K7P4wtES0&}Bs6WYVi+wt%mqVP%?-hciVG%ZFYZwm7BcPi=# z!t3Bf0#Q8hgorQ3hfPuj(k4Wv`I{t4K33p^Maai=Enh=5sqQt4o*Gx1zcaVu1|Z(F zZbmxR;D@@YXWan4Z~hdC<-4!0DcHh7@Yfhz%^y5sPlEEVsXuSFB^dpoxWAlwe0p%< zZj}|v{_eE@% z)&9odO5M!eZoEaG1OId7lj;1STH!HV@rB2r)LdW9mf}!p3Arb)b(MM31NLbW`m4NF z^{=>O$^>TS+h7OP>xqV-9Fl)k4>KugT|7~h z+{5vNTc{60Q6t=r{kDn=pNu#LS>IXuTjyujn(0>li#+)m7yj<=c7FL@ZGDTXUkMFL ze_(7j3t14i#lkR^))>PR-X2D-$rKU4B(3KA7*dy6BbX`N*JRMI@dRJuY2;qFR zh@dyYx}GwpkHd%X6&Uai{q-p%gzMbD3?-%UQz^J67**z@Dc zyCh2H$7iZJRoV07jVem!$Fo(`o}3>S-HV2_J3qFW3#>kGcXA{@#_FF`l8W2tHvH45 z_@}W_%{kP*><053%5wydn#5wB1177^IsPVh=frE@l}!B~Xy14_E43Ve$r_^1$I5UD zNan5@8`VCn-@z8kIUL%H?@vruNYA?9_)M-~w!E-=={bLP8k1Q$rdwGGC(L^DW=L76 zNdL+F8myH8jCVQ5WI`aREX*wHB8i7r2R}-TgljW6y?k>IW-Z)*e}ai2knjgyrTFM8 zUe(nLnlYwZXiR4K83alVo$>LI^?{JxsPFbYRbLeTFcr42udY_|nBSM*qzD`>pT+)m z(nqaN`(k~<#NS#nl=Sn})YY3yCfk!e@yB>+p;7^^sccttw}0K6(vVtrF6X<+*+Sy` zveFQaD{^$$_7=%qSAJXXggoQ>A_FE4_ada#+WnzNgoEK3p%)xr^)7}>Z#oyFLC0e(fEFT5 zjiU=}O8}b}*3iylqxlL-D#oj`n1eED?*S{1%d>h=XWg4R>s)lYpHmWF@|_^Ht}y=* z;I0Be8_mBVD6-07KFtrij^B<~-1t@F$ews+IQU)5m&@D1Z#D~Pi{Fic*GBWBcXl1W zeEz)!E=IGk`g-}v6@{&kQDVs(G+q?cOQmr7`9sMk(FK-~d=Or~Jqc$S`3GTlGB-Wv z0eR)KH5ndb0fv;C2PauL^AJB`IRBtyE}Vg+6@^5cgY3Z--d90MS7*-)J=P*&v+-|H z)mt2I#Z}L!VYk+hNb}a0+3Of9Yt6h_1lO7mV+D{21^n|3Y^i8nMiiff_=8q-3zcQ! z(wvs!8^U~q3#PPN>Y+G?vSuXq#C7Wkb&2Q8f4HFFL{>&fT248{7o7R$I;~T6W z2-MC+n);=oD(oWXrZZjHDx5iqA1;|!*o2zR-~|y>6Ah6(!dY00B%0}I}V_&l9p zBW5Gl2#v!Z7scd{^WyNwqP;BssH%v?AC&i__@gTl=7sLB1Af9E3w|ActQ0~Szmz{D zJN7}ELEb@WZ5U*dVvxZv+6=GWkFyulS~=DnQqO@+Ey$@`0U3W%!M4o><5q zq13H##fTD-;;^J9Nn@EXcQogU<_o0591TW^xoTE|1%!X)ssEYrydsh2#dyn z#1z$q=Y6fFHEG|@=pn=1MUO&RQq?dCk`Vcmc9kCC_lK&7oi&xhv%KHCOs{&(9Bt_Z zeTqXcdEZ#Ny6SJ>Ox+Ps9MFjs#sXdy{mvYT<50Z|#guDpbFqF|ds5eiRJNyFA^C^Y z+Z05QQZ)ad7F2I|^-ot1IP{kRY6fUnjSlrXQPkU2Ywu}Z%CkqvP&Zy}Z3}m`Kf9uQ zk~Fv@?d@E&Bd}j^$6l{>2z2f_Ke!{^ci)^jE8%SoT>hg!sl*KR%Lul-)oBift8unc zZ0i0%ns(=dJy5=DK508&u#G#LZ}e;xdp<)qZ}L}N21y;yVbjm0boB}|$a71Vl2`ba zJ?1EYO@88Ur^?!*rsOQXB2d(npOwxx1PG{!n9`}E1XSZcW_vc{oKS07T+R9g%2zgq zEGLa2&&6*H`nWiBU{TV|W(0P;VsEAOg~Y~QOsdAiHDv#EYWvI&Xm&y!Cet%UVDogd`hi^I26v5~20A$ykseX1k|LttN-@*nt1Km+z z%8*~J`rpw(?b?u6@2J`R06{R8?is~_|^9=W~r z5&j1ecokv*)_yZMG~Om!D513^6DtX95%Y1O0sr6&!$6b{#sze_eF2#;4IWX^f16LB!-7k~oTgQ{V@f6$+qxFxq+V%c8inPnZZ4u5YKd>hPx zq!RGH_r0*DNA)N<=cQ~(gsGZ4L zf6^$^e|sZUFXmp4aBsWT{Od^OU0VdlI7j1Vo%nvmHmxZ1Xfj8uc=YbmKjVg@B10{B z^f2EvJyG{hhv{qJ1Uu$*-!wer+#2ZSo7N27P>(J7C5f4E?~aX!{i;Vj>!1eIn#wzv zA7YJ*EKze^Yl$E4#muxmN{qR*uYL&ob2c~lJe$43eB?3Roeyaoh$99A>i^~D5GYd05s*;!J18$G5@eE0c%((1x5)+Rv2a5< z5PBy`(FNjMpTdmMC)k)3rjrb*lLjS3-r@Snw%Hui(G0=;Oynt9Ptf@42x@LJr}b6C zsO^+_+!>fWaPQ83Phr-X90m>M{)pgE>NCW{U*UrVO>4QV7HZjF@$grd28jR98vnrQ z(U^k!lw8omXuzr5&#g3F_aK*Oz5+Kfh8anL!i#-C!U+k5tAOW6rz$ulG+l@uU2sYFXoIOGC?ZNK=4;m8u^%A zmZVXM?y^+#Cd5P%l+fkt(f*))QDi0++=3;Q9acby?-DkGTnD*1qM8(=VPUx8q6Rw z0Kb?1?8Q&sMR0I4@TQTw$D}*WHE_LW<4x8~xKT&4@{p>PQ>~vPfOn_&4}AM%kB9%-q4G z|F%d2iE-c`;}N3@F_9IN?VN;8k z$em`XbS1FKNB_RW)WBz9sf~{VCzG>N< zTX0RvgFpxKe7KZ}OqYoh^B)#rqe6Vad1IE`B&oq`=S)oGEZtz{w7EZC9$kDL~} zxArpk1t#I^Na*LJkI-Sc33$I&;djJE(qDNO74&RXhd6j|2doB#>!5+gLN(*JnLmf% z07Bu}2hZlDC6pbX7yOv7+TavsBUiEf&f_!ljUDE^<(M5sShA0@@CHsnWoy}j$Xce) z!(;}c6op>a0tD_L^(n~k1?K=$-?WV2b{uSt2VCHrwgqi87U$<|E-Q#!3AiX&kOuKY z<(LHwTSwnu)3QJ$xxKCE(Zf*~@}Rsxue_Y)fuoGYz8c7M`B~XTeIQ7T&YqNB6vS7e zZ`xeWjF01$hd>&#gny5c^YAJeo_*X0AjLi3v~MBtwU&&Cd@7~{v|yu<5wgD^-$f?7 zzrsC{mji3lDe{ILWP}p4s4D+}1lQL7@>9`SFF?95f0PcYH_t~1Rvh!@LGB4t_Isks zlf{i1%SRzO!5jpQx8j384XE5QE`Cn!<$Tv<8Ff}<*T>@F)&2jZnZ8y z=f|>rBWgUe+po&YSrND>4-!`q-*Q4``zs*yA3u$5Jp6Sj_B& z5VFVMfo}Gwmi0t!8QMQzxfdO=lkW+KSjb4&PQP}{s;sMlbwXKKv$2b`~|sPL8bA+E?(`mKZUi3;OG+F)G& zg<^Cb<<|q@m631cy{&d+Qc4`9h$=Io{%&}8+r|8OiXo{BYNkxo5~KvpTZAYHLNwTNnda)`!Za`z%@m@tJ|JA$80=JXSzX{0p5spj#ZUgRmWQD`Ib z<-w#UI=BD1LZ&$MxgV#izX^Rxe-(YM``kmHC$3cVc@Pd=NXY0hpK9(6%7H%53Q>eU z+nE;hIpR<4(Wh*~Z$zJxUqzokedeLh_~D8^V~&qUpY@0VeeNKG8A6|>ObhxX4QP)( zgK%W=oA8hSSJCGLxwy|gyNs{Pu2A&3=(u?F`4BOn&v0QHq0cO)1$|bX(;j_J!QsYl zLZ94UMW21-0=-S2GjaI9`RBA_ub@vG?b z5$?@9E1cQ-7e$|~aJ&+mKG(v94d~NRm`3O`7$Kxj(BB??J~MwK`pBw|Rs5H&@2`C9 zq0fq;iav{ujz^yXpd9G4Mu;Nx=|ftAKEn#zqt9DV;{PV&3nJvN7+-gPqKJr=xabIp8I%TN5Gr>|V=_wd2fAZBfxM;CE;${bbT~?`vs<&XB|oxVebK`5 zTi^5dg{V4y{9L0T0kS5Jn{pE(ADK5@Dpb_^t&vB@re$YyC1TjHNWFQZ5V67hh>1Z= zoc3rXdmMSP0H+qe3BP5=AR|e*Yx4FXA9(of+#!nJ3ZdnQJzvd64EXIrGNh81USe91 zXkq{M`0Yp>eEiq(TY_BskIir8t*ydu(9n&aJ6ti`9GGQJD&y<{1F`Uiz-v$kF#>D%fP9gXw8~PaD}<> z44WShxsQ2N?k!H#*_{t|nJXU&J9+|yyht6|T;+(v!45Cu`c-*Z9U zg#|sgSl74)LaC2U(5;xnutug+U3MZgTjJuuJOheZ#+@ z@wr&u$YDH+A730Ao=!g!zCX2C<~X;|x&r+0Mj_dKMG>}-4^^^(EDA-)LD&p<XF2LY8T*qd99Xj!d7jP6evrDH|Mk<3U8Ut%7hb^J~O- z>}PK2rtn+HEWmGj&Mx4mPD^1Q^Yf1~fDTOfW%e;U=Cp4g^UCiP9-hN&GaF5nAxZm~ zS<)}C|IzL5<8A*=>|^@c?eE{7HOc4`VG;6^ANDb!em}*wCg}xK+-E#d<}s@?V)sa@ z`Dfrr^Oy>bp#(D`cr=*(i8}gYWN%M@D16$nj~V%c)g!qvFv6u#Wgm0HabOu^LtNvS z%j?|e^tt+{vX5OPP@eMA`fC9pLn;bw~=Q$+W_!jMU6Y|Msr2 z`)Mz8D`LU{tZY0lmi}olS1~p4>a6gx)-%gK#`rvzi9{O%3G*jh!-E6`o2JvXIfS;5 zv8^F23z_}UcqMZd59n5!%T zsvScYO9mQ!X~;5(Ii4mlnGi~03{%i!bax|zdyFEZAlq2XiTxSd80L7;OB=&b?4TS= z2c8gOM?^leB@R;mUi*u-Fb}xDs>A(|m%X!UzqrN@rTe3MY9O{?eK#Z0FZE`B1X8XX zc~YDC0s9QxZHr?Mv-Hij_Atg=5`kfujJW$n!*&o7N$P(WqezhdNP666lScL!rYDsn7>%fEZZ+~1zF`< zSiq?A1B3D)Iw>0%ioh02C@ZS-<1tJj1ZGI46qW^l!?uE%;CIYBeVd+Bi*|dA~v)%zG>QS{T_AePQuCOqUYyZ+~x?=KOw0}7=MDrIY zH(cf~Pg^rPM{6we7p||5>=PSb*uMZbS;%br7Z8A3mu<`fq%%+0sr}3G%1#3Ed|dmN z_k8i}UwTYao!-9v%ihuLx9wlhOxnLl7s38TxBBYi-4kFOef)1`zcBPy=|^{9vQ`5_ z*}oL<6ZS7%qG@E?zkqr?{}I}#^B>X^o!kF7AyXXs{ATtGv5tLq{k&rN8y@;Rk+10U zVCQ)B*&CDteV!Gf2z|CQE$DN^vF*|4H?v=W79$@DkY9MdT7ya5#XsYr^C16>*()A> z)*}Y=xq}R*?O&J{^hr9VJ^K7+_6xtx{^jx4JoLE?!WijuQKxwH`4BOn&v0QH;h$Md z3;L|eZjU~{nf*fUui~F^Q$6%KGf&ayw6u8i`4?h9pR(W;}^f@$F(dWR_c=V}44Cr%|FpbdX7N!M#o;s>M`ut}03q5`nea?8rL!Z_& z6n(a)#G}u(9fdv}g=vI7gAqdd1dnWwJ}&!(|5^Lij9*2cL;mHV&x*c^K8up$(PscC z2mVeU2a}ed zPyZv@qtBrKMtg)7ah(?19-%$^mp(#8ZI3XrLu^{Y{sl3X{fiJ0_Ag8fVs1H1hzX@o z9C|cb>VE=+367!BjcfxP?x7hUj zpPm09n&=J!&_&Jvq$fx;><}Rl_31meHxOe3 zZ3L4KuL%Wko8YxLnD>NjaWEu?#X52&dvg|;%!_`Ix#c}|v0 zCE_~p5_%T8h7N--r^DcDvT|vs;V%x|3LD4Zyi)ojavhf(t&dAKn0G9b;c#?9VETZ{ z_2XU_1fV`I4!t9{ON&B<=|ynE;0r!UOM~>r{H)XjIiEqwwBj7oS4C&hqC(|(%Fp@M zS3zBBv9WGI=*o0|_qiwnvJcM6i@Ue@=WN4Uk8?Q`GJJQ*0EFEq%tW9(-=65Zdnt0l z-DW-?!Cq?`6VrG>DzFz6mc`vy`R8o!;2&1+PaKjqpen0kK%Xl!1{hbS`-0yw7n+k7 z>YBwS-E}Ry!nU<2%4sM&4lN8Ejn=_U)!RtUzj7i2r%MCU!Y48VT9Pg&+E|ZL69W4< zCD6Yu3mBc3^SQ6`PEpPdN^`~M%niVTwI2$jBV3DQkDwBDC{UOlzJR%S{g&-kO5@Ra zq2#Qh;Jjp_finZzvZ%bH&kAK2OTrIHO=3Z0JG$s#?)Ow{Yd8f_u(BvNU|!)j=E8nq zq&Fmdp69zB#TB_iN+Ne#*-NB9!*4)q%Q+?ZBj*%UDwl%1muojP-#q`5G1uA~f z|Fnd%;sKSdlga__Ibt~Oz zFt3KMK>e;Xb2MM;OeNuYnvrL2O+p7NMvlHUe!?~|@*_xS&ig^wxY|4zLFD892d2A>cCqP*( zr=oHuN-n@UDbumVyW{W9GkitCv%s^#rsM&AuFw5?(!5I8Eg*GA>LTeS(_33(~_Ut0;^;?Y7_^a+Yo| zxisiWKzqbQgm6CX^*z~8obBRn`tNKzvAxU}5EEVkCKUUYK44eQr}rY1d^oGC@S$^_ zF8pY7BJ`PVQ^Z2BVi&cn10QkThu*3lqxz2+l*-S(a;VOS&v{YL+?e zQ8Zdx()nEsIJ_FG1w6-NT}FI~Y5w6cw9+a^1O{cAXwlynBu(=}J^azl30I&^kVnvU zz5P7A`WXxVy9iVBDcrAst0LxI<707^a2=e)x0sA5sXH*po}%R`^}Dh^=E98BfDicb;9(EuDW{4>#gD(A7dvg95R7i9II0Mpx7 z)f)+jM-K~+$qWId;4EATHT8-9KBZ}6I^~D_={TGo=YtOywtn3GNxCY$UyYW*{-B?k zZ=5{AZ!|MAdE9TH!4FAS$^_k%D@!C+Dzvj5&c8L30UsgZ1T=*x22K_9EZhS<36c3Z zH)X(J)dY=bZJ7mYOJC&*e1(6&KTO795m}^KX!Y!9NR(pekRF-s41zqPF?_ds41krx zWkL--PB?WBbO-pEXBld;ODPGDKmrUJp2u$g#>-*;M90Q*FZ0@OF?O))#@Hc0fy=jV z=D4Xh2O@^!=azk=#t&>gWIh*zUQX)PlnzVY()<55;<8*9^Uy{ z2_6SLj0TI~;hwM2ej=p?3?5*{fO&NP4p?0CvwTVp(X;r|dKO2eS`68)#1J&rYDwf~ z&JXSx*mw6dVC<_2WPzVV0J$^=qs4$=y#aHQM*uMw?t^1iTl!extmnSqpH*G{8QVZe z{GDl4S(MY{o7jRnWYO3M$&~o906`*quoR3DmA21^KsK7kcjGk%45Oo{SJp!spP+ z_T-o`a7}_KI|Z%b+HjIbjyZue;P8O>>8t1fmd@uihmEhVlEWgr4}zFR#>Nu1&mrk( zEcjZsiPU;z6pHe$04^Do?jVki3xqtj@G~d8RR)JG*j!D5VntcGA>N8|(MF64+ABjo zk8D!op+CYn9!Bny;`aCEvTqmnMIzqFqLN1Yc1WSOW|1G1Nb@-K^B4?gCX~@Yr>iU> zNY?>x-bYI?Ne`fv=#n%H3-=O2?A3r+D+3|~3W@+CcJf8F7B8W#E{pllS?Lg_i+$&A zv+U#t`bmWq=1XEMxI*@l=5-gcQb;qFEqN%~QvL|^7hEAqubu!{-v2lT0JCKnb9~e4 zl)1Q)okBOmQDR|YCOVyig!a<#L4kz<(syz9Z^`Z1{_dN!yxqfh*Oy=!y%vB;w_#0F zAr~h4tGaab=e##M(>Lv`L@6}TC9=P7S_gs4I>}SqIiHMK?>825@$0@BgWBxYS%$5j zl2Rf(K3PWi$H|yY7?88o>Kxx49S|n?5ODDE+elQL0iLkZd+6k{x%X8Z29AW=qpp=p zeU%3R7O}^>|53P2&eE)!*LEnUhH}&K>Wmu5Yt75kIFKQsVcQ{#oD5_b>2Znl4rC%J zYX5JMBeV(QL-_9|&41}Ko*e$Gd>x6L5%g^_w#eMI zVgSiNQYs;gqP0w?Bq}|MRLCzJMMa6r%!LKA{op_%gDGEW%h+h(l=!7!Vd3Sw>lBcU zj3j$*D>$z)Ig4}_`ZVRI>RT%71AAef>mqkl4#l+C1$#PbWSkkX3uRjKn`)38lVP#3 z%_UOn1ziuQ-=p5VNnJ2Z8lr4b2gV%-g>Ws7 zK$b{f&~b{ZSxf2W3*IlBu9TegY$^K95LiX@n-c&~gLqpU-KMSAWDfQ&wg7s2!=-@Y z8lF_){>FUuL=o4DyMLuLMeF>DBh#>(DN3B@s5Q5;7_t%$(-|>p9EoN#JUZ(8 zQqOk-%5rNuOCsE4%hJc|A<4jtqVZh&5E0lR*azv=?M8uCNl4Db{N&^b`+^G;_l44uq3 zbhf(5?<<_^5A~+^>687&d$>*v-Cp97$bL${&h-*=WC8BZ9ROjW-yie$Y0blXovMf( zWy^U>C702Ckh>o!?kh^#FOqJp*E(;P-W{x5Ws!=yah>x1nB;q`F7L29bW&Zt zqB`~`>_3#Z>Y+BHMxgbed1T&hr7Q+xuw=8+H-FDK;QH&zG>%O=9`vx zsc+iFL*{&yF{dTH)90NU;WK;^41pVS@4Wt!!Nw-!a;1l}^Sr+z{a<3HAF9(^?fXCa z{UZ9|afwPeC`?ViVPFDYvB&9vtg`qO4Tw>g)>xRC&{%jF{y!W}@C&msT=?5V|Mu3u zx%$_ye@pn=R9LEhE>S;2`O{eVw*;F%tok=y|J&3L{vHAUC~(?3-yf>TDo6V$8(~Mr z=RYxD^eCp%N#r$duf`I>b|*h;l;23sf(N~Hk)1Qj(A5y0pMo18;xaDFKPhVxwzTKF(CqIL9Cq9_jJVB);&09KF$2zug-$ zAL0D+Kp_V$2Uv_MPrL^T#?qoV#n|)3|JZnx`N&2=&qqZTN)~@Lx65BUg6QFo?swLNEGXBtwiKvA`(-C?>%;AUuz*EOr^{W|s_5J_D)Ib^M1%#d_KY{dTWB z)fs!PyiDPdJy#wm09^N6d7$kcEe{>GN6W*cu}91E@8R-fNbkY^DBZ*D!#HV=e%5#{ z3CMbZ^~oAJw!DOSEmh`o7R2G0jtQ(z&wgo~{n9Y|Wpn6ZpD?etrvQvUl^?HW+xc5d zWR%6q8z;StqTNU@qhvSI%P825^upzF(sTVFg^F>N4+{v_FJO)q$>Pxkiw7ts4-bHz z?JgeZf;jXLE{<70@3V*crTYzR4*P-3XL&nR?z@Njfu4*dRH>(X6QSIvyloc|#eG-x2s_Ge_Y!1HWVOo9PctP~yT_;H3#%7!cYcW_=T?B^E_a zcu1u~sS~Cs5CupezqTzLs`?X3s9 zEiYk;Xs^7Ub>0DtxzXES*8V!fy?@TM`?KwQvwQi$KRKU|J{$);@YvmbYqcMzi@uuV zo_y2AKj*z1f6fnh`msaVT3u1z1;xg@c=))udmUaL`wUvk{fdqEi+wfk73aJ=?zD;p z<9gBK_+o$XheY4~bBnvb3k}K^fA>#{@M28jIun=rTTuZ{{E((|I zA1hv5%jx$7w#s{CY+(!7Bzpi3w2TI{j>0-@Hm}L*9T=K#)T5C_MqPKPJf)?>-bZ7L z&{7^Cn| zuCE?2Y(Rplz$OICEA5d}O%Mr&QoxTLy z8MDMnf0`#f_R z?bt`hCYXQi&f1~6Ou`#^eXy4g`O`*s1{^&7lZ0H~{f$(J$)Tpv6i6{QZ%j@w$A#^N zYJMXB)Q)0#`|VzNPqDlcVwX39<;~6Bt@aIMdCPHRp&RCI-%yr!!|s)r#PaTrU0!dN zclhp=_r?a4cSh{;a#`MjqjwA6VJvS06x}iK&1QKMcCWnsS>EHZ%PV1dC+%K&_3KgI zpJJC+%JRNCYPawm&GL3YnI8jRKg+vk_sTnh<-HQSymFS;Z}-Yu_%+JAGYz<<&S7wR?QXd~m*9o;@4jwYcO@Xu98NaJ}WP>ev)D zk-77$@xN>NBgt*^%XnV^V+1uHwOjv7G4jj!zGv6+kBpID#`F2RmjBoo`DOg>w`=($ zNp10$@w(uMUBf>{{vN{ryOw`sjQldb&)>ED$HvGn<9WYb%OB~`7JnJP3*c30SNcCj zei^U#>{|YjG4jj!Jb%~nAM4Fe`EZ*Etq=+E*k)=qqz_#E@#E2Zb48;%d)z8T!+_9| z>LANygg;rzScr)m&Ceyl3amF#&$mM!Zm0b5s{E*O4Jk~@9jD7Z)h@T)@=lCdUXD}V z3A(&BYpr%V@%lDhyZgSa0xNlYa{B=mx(MlCqQe1UKI?w)-8j=#Y6M`M^TJtD; zL~1ocVNBXYXwDiCiL4Q~J!kI0_KcqAYR?1su-kL7Zck6PN7J{O`-7?9Nka#R3%_vF zmvQ0y5XUK=9L?_v>pPks)5j=&4_%gFwjP46%&8Cf{Gr>x39W&Sc&`?+vA^oJbaO#H zYujk9JCyw$Js9RKW~?y8d`Ymvy#3!ozbO89*EcyveIu><{;KNpGF|u@DO~FLi>~MQ ztjGFu_*suGdU^7Fv!3q<- z0wqLi2~0z8%P>z@tu`-U<8UI6o*6tOd@35CTir*udh;r2bomE6k9p$Lf!m^*z|F4Ss<*^eWxVYjK*^?@~{BC7$y7IptmCE^qwbH1eB>{Fx5&`+5pXaut?he%~Suhm)|@ zKo@f@zAXC{&|}-d>}Bxvice$EBW`_9sxmdP?^Rzyj1;rdQ{Na*eS^ajQK3zrxaH@0 z%J1bV|42{y2S$~Dbj#7b!kkfBthdj9M|eMsFu z(FpR{m<2Z7Fo+o!ej0IXg7tl$^=+?bZuzBI%P*GoipViNx0ok9O*CUkF^P`t!q^K7NCXQ?u*yL8!}W2 zkMXq7k_Xtny2-kIr+L~}&GtQwINd(^zR&uO*}jsv?R&X8Ui%in=9?6}bD5ih#=F6m zvxD1m1O0;A(gK$iSM|e{#UF~^{_q3!2a7LS(iLr8>7TPM2}xzOc zn~H*UT~&@`mBWV{Ovpq%b^>y(iabTSSbzU*?X}LAsH6l(wK@OZ)p)LyZjSWYd;JP~ zm^S>ifa`Ls@o831iN{+v9-w&Zgr#oYVxKwko;CjCm)|39`M=ZUf3##*$~VTO3#kMR z$ZsGzM(%+K@%i&VZ;!~u^tY(LEx)jTC%=SVhyX;LmBI4hAz+i7|v%v5m+t65-H}SD~jAC1?vUItxtd> z4(<0F{(Z2}nd7;EgnFYH%;pab$uO^D1=x^tBbcE!E$3iQLY2klt*O|zj!iVzH8Eg~ zoJ!W4mwcBB6^SteQ66%rPQ3~UcB&4v*;kAP55!@GY^dpii@P)r>NIKbM)f?1D zNWm-2j&DLAQKNTy4{uUGw!snAufsZxc#k1G2;?sAs-j0e|;hgmpYiXwJPjfxD+$#C?B zy)x7x^Of{if++%nI-P{#604^Ocxkey2xC!^@tK+SEvNbs*wkz^f11NZxE?N?WWrx( z-qIxvwmNv?46YP7k3J$Io_nh2t{WyOwAZHzisZ(8yO)~vmVQj3w8`9mDlZt`ibSGs zT>Vi}f_dWWQkgjsagq0A1^Z9nm;H@{U$Kp5+@4ZLa;jwTWs_V;e)o0DWC2`hg(U%0jh7b$8Q(O+jQO791 z`9K365v5Vwy!62sAWde&2byfL()TupN2kBPz4Y1UsnO}LXfJ)b*)cl(Dea~Ao1f2% zYJW<5>3f^cMyLPm{dVxpHgAkh|4e)7)6KJ@)0efEzPI_i==25crO!6k)JNfaKzr%a z&1uo;|NWlE*KcgY_|AB2tX{=~8xsQ^HrL+{$u%LNY)g6HuRj3>L3!WV0`w~H z`;Gtyl=q!Qz*l)Sb_R_puizuGzP#_V3~Wq!ke>lF%!}sbeGL_OGXu*SBVQxeA>u z={aH6uwQB^b;*6>YJaGsTm0gE0~lVOVcs_&C4n>6wT7{B};am&9$mw(1Cl#erPTOS29v_6Wu`sw?BUQ zqvDp|2rsPMM2_2q^11%Rq<>H1&?Rmif7NvyBIhw zU4D7o@}GrQFw*DJT`1p0e^%q_-^{q>pQX#+(XjLO$1lHbY&`m`!K=P(|Kl;sSMOIT z`B!9{7A^NunFMO3M~ybm>JLkI%Di3IrY00u4Nas-n>HQo;3;zxj+7wzniCW0w_ylu zLe`qcKE+74a)%vw_6Ffg zha~RPw!L0?v8{e;tYj^KKbfCdMm+u0VY-Gd>Rl9}{3IImIQLa{H9mbO`Qycl{~g-& z-`+&M0{!s7L0rDkKqHB<{?MaYQxRModNYf93EmUQF6Lzs-cHNqRSv)Tdx-YMIh%`& zdA^ENtQ5H5upYhKEpi0(UFAO>85j%)9DewnN%B?fjd(wv2rSB3?yFdW5`EJ;`=*6) zI8%w_UmU!G1+H@t5mOyrZ_2 zM1iHnRXAU#JsUg^t~D=|eJI_>VFt-T;SAgtfsxnYREU8W1UW}-G{3Cn_E>`U1quwB zk06aL<(XfCPh-WN#pe#$b8399LgBLEQJM0eDu-j4d0Y;J)VyKaSf2x=i}!x0>LLHA2|ltQg1@X$fS zw<**Paib=Ewv+yfi{I0u|0DQ)_z2pLNlfE+25KRGcOcltuam~_yxBH>cWhPooq-^m z6?XwY5s+f`-*XAx}U*Zn%xf7icba@Z_t$ zl85KbHj`#x6;H_b6_}y>M09}nK>9)!tt;*?qMGBv+^FmEiUq$ii9!LKzpzL;EKc`T zgc(%1{%x!_tuwF#O$h9p7yJpHNgqW-zOfRvD)aoq7E^BMW6KS`ip@xAd{ULye0nF} z#9Dmxuj)F@S2HKSDp1m#Z*0o*z1q;HLPQzg<$9tNs`Gz_3%HhL@(=%{-;?{Ne&No)g*>>ohA3Nk3pXGILKoP!*Ly-}$==v%? zMxlAem-INCnIMD-bn01$uWqe@8?lP}Dj+bnk_7zqgJN}T2Ar3J1ZxN)h+}d-^dVFbQd}kcUkaZ@ouz0hTmg`0vvX z-v1v%7B~cC_v(iEDu^jT#wYVWxoy(T>=j`ERw7E-r{TLkg^th9WiM;I1Yjt9Sz@I;A|_R`}j z{i30r;!WB1!!W35)n_Glg56{fc|Z5hA^6??RTdA@Dj^ z{@!MOJv>!cu4aumDbW0j-)^Lb7G3#XyYzE!P%F<^1}Cd|#s+bx9O&G0LGWj=z&A+F zp00cgK*fS;U!{nh;DPjH%74C!^N|@fd0CxVUqeK`5eBO_PRy@34IDD&qAc|Dtx$Ge37J9Z1u7vT#crLpVoW;cL3k`AumHr?;y;MtpPY4 z&y<5YlN4ph?O~)xJ8#DxoJT*eode-H^ z37rhkvZ2^|p#1w3dV6)K#>S?U^_4=F$D6aoMvFZP#eba}9r_ET-#^yltL&)|LXWCp zkd5!*)fIJRFT2W*JYmsp^!1<{Np@dd_y&;QDR}f>)zCAR`6{U%Ea|DlLdwv}yunPT$-Mxm+%d+A1n) zRX`Ags!+?&lFn2>3Jw$svMgwitDR;KDEPw&j1a%C!a>v%HcW}IM!t~ry3|J%E?^S9vox)iU)!bepI zcf-{1MG8FV+3&8oDo1768lGNe8_uEF0>y>XEzl?39D5MExvHH^S-!DCJ6f3PmZsdZ zseD%51D8|z8LF=_clvd-eD}oELEF2|=Cev?oHJATvDbOo9cd?3IDN&*5iTrSNM*lG zh5d1xhr>4-@G@OAnd-W5Xhr)pw#Shx`#x+G`~@T4)s1zl+dm>9FLmfCL*-3BL%;)4 zj}Q{Iq3%x|52o@34RB0u*I!$F;V^HMmz&DQe(Ru#FdrWpP0 z3>BpYReA>tjwtDaQu)K?`|tZRX2D$3oYE|*2}6EhpI`VBpAY48VQg=z&@zXt-1c(h z1J=|0AS6;1{>J=h)a@UmB7;-B+x*P@TS=qwzNrv$AE>>tpgmev=z~_A#jm zghOy(j&LYn5afXR0-3xa*cI=>$uq>wRbHXLT%^F;l2pXz@^{S z`l1Ohd&6tRu?zr_v-(4%WP(7KbbhY&WWpd96n@wFl3XVKaq9}g)r0COdgpaXmy*uk zs+@V7X`*LC+j7})r1YIFSo}_N9S)E9Okb^pcd@Z)Sg(TSfAcakfLmkTGhTL`gY$Sw zR}f>hd?xoCth(Gx+7wwpc*tgY)LiS(B{wH3@G{@v%~qnqeHu&DZwl2>rtkqWXbLmU zysF!JrVn+sW>0-pa}uF&9iQ@pa+SenNRIfEGMw9ymc`*LfXdkpbd*qHsjXlDQW1QD zceV3pW{UfyUVg<|(7=mq(k43Ph%Wn)mpxyTnyBI{de6@gQWnen&B}!9PV~m%Xm%W# zL-s0bXsk{gO=6M4dtF}+du^+@NUXBQ)4P6!KRHmB54RfJURp^8I-czE^DkSMONV&_ zU5+*^5vuG-syQ*xqX%l~^D%I|tU{@4dJ|>dCwP|w$BTfYS=ad7>}PfHK)>;=ao{cO zt9Bim*W5xkt;&>W_7l9vTxP*uLZ)W@Kh>dvs}5RpKU-k%sLLLFTh)|)YzXbOQ@mC>-vLXaA{pGUU9y>Ccz|FW#B8#Puse5q^xe+#~Vn` z7s_dWLAV!ux&JU)gG)#ZcYE;$hH!S*S$XX=dNaU@IRW=WI=9sp-&$d35FK&A;mW=i z#cbgoKdJjyz$3`TE3w&UYKM_9vX?vZT87_`{h>Mchx%^r_3&m-uaytjp0k+Vu8lQb z=1aVFZLDrTXXKiZEA8$NT}6;v+dTYP|7$C@t~j=E!QljHKlr2ADu`#n9tAV1+S#rh zZ{cOfi&~+|t|K{>zp+++YU%vdC{*>lu~r^xQgOH0^UhlNrlqDXQl}SY9&FEsY>fYL zGmI>TQGw;C>AbM6!pr`KOk=u{#6=Acui&j?oe3j_Q%0q8OPUKkN<;aOMyZ_2J-n&4 zZb?&JWf}(SHhsZSX%+ciytaJ^>FmT!74!CI@RZopIs(0PL)}(hW-K{J_Nql|+RHpF z^qk*{cmcSDXiury118=t>qh4D*2-#w8kU-kz*v~@-B6EeNiqaBePZEy^j`cAj7Z%GTw7z405BlsCV z1iVVS>!7*o)ygw^yel3gH391O)4X}vUsFLt-BFcX2EaN;Ja6AKk;TiH7(FlhEwzJi zP+d33-Ipj(Tf$tZam5|_BX|?nng_RfEglpMXHC7+%`dLd+TLXnn=az9&4YLF;a|>E>tBFOmbV#jm(7yxv)0l%-#N(*wDIHT8 zCvU`efMG7UCsnvZ0)0qTyxA>7Q@I(}X;No5RU>0e;U^-5@VUEiwxt*JxjQSyGC_qT za&#Bu>)?;Y;&7M3Vl;CHz?8pAn?|IcE^8-@_2YGYkq)QwI}zana$RUtP9!Mdw`gxT0fM^Z_R0;R(l`bVPn1kL$V#)*V=D zW++#Q*wQ^?4oT_U+*$V6$fm3WFKZWemWnT6WKEKy>3m_cQ8aELTiaZiUhAlu$l0q6 zB4|d;oclUPltvYpx2JVqbSxY>$sX@Oma=)ZK=>zh>X zpuSuE70(K@+`rt%k-i}c8Q;mF7}P1TKTc&T*Z^4fc;LVEXBMPB2^ zi@!=wQKSCVr}AO+$;R68{Jv5-(JGnH?ernb{+4Z~1oYP;QQ zuRWxKV6EXFiG~U-2bE@Og@)Sys%`jEaQW|{ z?{xxGEB$NB??{Exo9GItKda*GvOAc!P3_xp=?P)mGP?o|v?<1~wQn!AiEfsAn6{09 zKbs#g))_rh6Rrwjbit$J{a?7-$sj)8L|Tp9U1g`!t9s;AaeuPW6S? z5FC1#7*hnmq(_1DxZ2jEyxEiXq~9ysJ%-knGiz$*VY)3DC-XgZEF67P?xp;oEWQ1i zjdbN)8|e<{0^6j$$vjDNtRk|pE<#4RhE(>>_ES;gY!?B(t7?!bh-k7^T*nI42$!*% zr??K^o;TL6=3_n&a(RnX>1R46SisYvw(cd14YWU-p zZy2L*|D3d5fppYK8Ram+(VIOYocQe4d`HMObO>HHKDvRr8mOz%>XI-5*#co(8DoXJ zry_p)F~vdXw%~dd&8=-I?6;qP;UbB-i-ZQlzVWpnM5(MTBF!)x>{;RLm(B8hv`{Ze zc8q43k00eyk#J~7D9NPPBdclO1hZytlo2149yPIc81t=8WJ5IACPahwLt_*$Eg`oI zHVJ|mi2#xzohU%RqR9fSq!cwRK-|3UUPLV@$eu08_FW%MkJq&g--tzV8*g zzn-CK1~+bMZ!|p5EdV}k!4CAInCtOkt`W&xl^R(Lb*Xztu4J=|Q*>KYY0CYGEa^i9 zmMk%wHU)Q^2s0SQRr*23DlEH&V!CG}w@PBfV!MvEsDix0&>@nM76vcyUX(g?BjRk! zQ7r#B^~L3t;hAIu!KRWoU4P~F2l=zaivD}YrgQfl-(2{xw zlo)`l6^t2xk0VFKd%+$OD$vAy=mxhJIP%Y4@GOnFjX~t!_JaQ&CX8c}pi5yyUbh3( zh3S(?uMdA~2T0lPnB+-7Nszp@@U=(7iURazYTc>`gY-tkJq*Py+31wQct@K*S>0!yTZRJ3!zMBl3BhP+Z zRhMroV<8s(w-xDeY+JdRG9qw#YFiPw=?mLRYj0v(2}3eFklQo@er>udl%L-M`Reeu zKrXVZVRz~o#b%Co8HYO24jaa3jzR9&jTq!^JB>j;)Bu<Hu;z%+ zYQwUf6wHUnG62zvJ*O_x z$P-RWY(?mw9ad;7T1-wi1sRjCbFJ0ESuDrUzU%Kh+wDiXt;kV|(R_^v-hlg&G&6nQ zd&B+cqgD^5x$yqW^8M%!P?UJ?-)YZp#Em|qjhEbQSiTbKPvi1+v%p#cz0{hF;5OH3v8OA zzg@(+`{y6E``~`N)_=}^uJW(_e&pA&#rl3SV13sY>-%w7--(I(`um%4@;UUM>yiIl z?iD+G^$)*?(x|IIo27$CaAdmNujl=#{I0cSN1k6TcgVtXZUR#J)BX!*y8vwFK=%Q9 z-q%aLuEoX5@BkUK!3Jn#1dN|v8T-5ZB}}@4q)0L>%7?yyw65q6xViE4Qp-Cxo;{M| zY2u}PJeA>ib_qNG!1v!4D{G|^Vgv#*fr}6UCpC4U?UYlWMWJbXKj$H+0~gg$j-KwME@Z^XC{lI`ZMV~Fr;tyl z*VDCiQmFP?F@#Jm8?0S!FSpcovXMysp5pJkoc`ibi?9ikHPzaTnJl~}X*$%haHW!$ zx!iGDm`eR${ZxvOO$d(uX>+9Oz1*tRex3@{fVglu{-h5@GWWXVY|)Uvu!2jCv)A$a z*usAQg~kZ>`C<7EeJtTjq3sUOVlVSgenb^}vrmb{i)HOQvh8*AF_a^BXIrlOqw`g2 z=xV7LVz$_bo2f?fQ)aVzxsCgR+R1a+ZrQCjweNt@Cyxc$>o1odIQwEhxZN0(Ey?faoeSlI^7isc({(itVdK@M+>MX}o*|Sjv zFR8?#c>7Nd0HI&dQ#n#EUz({MN2~hhWsb4bT;S`-Uc2ql{5y1-IP-oh z5>@;>MVvI*Pz_`>ZyKzbhk8eTeS}HlCG5WLSzR~ z+`7Zfw(LdwVV9vJZV>#c^8YUDXnFg~2W)>uqWxFQz~)HOyv-y0i1*Ru0TJHI?BQvR zZR2J4VOAnE5z=MzBn02L7Nn*Vu%&s_LX1Eh0Y4m@hRtxeyITNH!dfC;q=0|q&l)RN zK_+3{8IP3&TD+7VrTCEgvuIzf;=wrW$Nx2}#< z{?mZj<|Y)0nO6FOR3z?Hvn+9g*ShevLeEGx&eWQqRTPh_-PhJIvk6+!-8Gq730jmL zAAU6%JRgh4)?jpxjgwu-JSEIr@5*-C!=bdmIJBs9jl^UV)eGS`a@hF5(GiCE5yn^h zOCA{jpVm?L0QgL5gwHparP`tT?XRmV>>N8MY3E4LMU=C!6AD$@UEesUvc}8Yxr0XT z3aZTRMFO`DWvK36nYz1$Vz^cq22N>~)7^{*ixQ^6l#J6n}+86*! zR`BMCNqJYO%DS>!qAUM=aDcAV4A_-niLM+FcEv5VXla#^G~G{0cTrCdxXuo9-QX|x zDGbz&Sp#-M0)GUNUu-aoEld6|6paP24$=M7sltu5vT9?%8p0)NvFZ7F5$@)~xY|+f zWJ;b#XD4pO;P;i}s4Fb=oRW#gXrJO03iyP~DE-RusI zwvQ98M+DxuKT&xjsR%XxkNz}L)*=<5=L{>}Qgh6Y2*Fp{ba4GvAf|AplPbfss& zu3VYu%HGx$8)igyH-ihdy&YS%8B|D;+%FE)mB|BkWlEweR|%MqQy~5?b!F!SR35#5 z0H}-~uq$UKy7E4{g6=)U$`!2qcONT-kn?VOC$Mts7Y7)0>wtr9OALC~mjwSU?P+%d zS#4rHdPaA_#acpBsPT2C`?^{WUaxbne)u}ez1p_O*E#Ohwnbih-K$&FPLWDOk^XVH z`)b=FnXSR-zPL>7YWKB91R-S8HnXQ$Ukc$kas%&aFAPNCD+UB&RRV|)y&xc(Y0N16 zfRsIz*Zn%O3}(zZhu`D%yUn^T`(Va7>DZNknc6d5I%GIw?n8j2Q-kHzHuUg%z<~!H z8BcAmXV8wD2nP+rI@I5KprNj&O~z5ij{2n1YB#M1&pxlAI(9JJzL%A5-)Y(|-@c*p z2M9kM-xRVQFnVpq=ou?(fQyK(?LHWSZ7R(`D^{=Sy&Avx>1OU`IclK2rYB+${(0dEr)W$cE_<9cCB)(=V_#yFCvQ<;Q1@3Se@}!r&p7%z07WKag3u|b+ za}BZ~eIC8$ruLmeuBMv=wlgnt3Dsd)#BZq%-)gtpd6~W0o^YjTtUaTSjO>TjGY4Yo zI+ePXCF?rX>N>k>pt?pybxowMQ;}a2bp<12E_a-22xz9jF}Vo=r^sl#4M;pTwSss^ zH<|@+Z#JS(sQLQusj{5Wu81Zf*PqcItBI&GuwjD#F=6wPjQ0LI+mIWxQ;=0WJ+P&< zbdxTXy~?DXnt`OAb!*hYGO26zfGgThtmya9esM3@mhr#)d%+Uz1!7bFWe(+)X9pN` z?|_58J2B|$=iWNdM+^k?^9O3bdcgLFCfe`OTqP#GM8p+I$R7^{HD1BoPtt{BkzJtZ zMkzxt6m}-}I@55Loyomk7rtKSUTsIB>@4?cI})#R+-t8gmrzzAKDcS*x7RX>U4cU; z0#w+893CmZzHb1?FDHM0s=9(yS~RNqT>$3P6Pr~F1-G+$-$BOM95TT)=a3mpMdW=a zYnOXsvG%WpB0gN+J0Sw;;HSTS@c^K%9}vk>2_)OMk79*TD3Ek#?3Z-%9oWHw3&k2o zpE&~KWCndcQJ?SDE*5>Z(ps?k{9pQftSM`XE&&s?5OmQ72bS!oKIyztu*_Z~b=wgT zMCbkBLO4Wt@k?8gQLbeSBg%CxU5j#EVNzYB?fXoetNqhaj$aw&kLvkWF~^iB$8iEn z-t`=!>vo@@l3vO#eH%i1@CwbiEkCJg`z%%a+b*d>`(tOoO4M*`S<(HAJcal-Q10c= zs1MON6rd^e2-%-?CXMBpB?G$;3HMB?zZ_Ro!b#eu z9L`lln0OsVsYsXgCd9>s3)FJiW;h~jxl{#NM{0x{8=uy^7#2%4TU7swh(-uGjo)Db zV0UUTo=FZ1jY7Zbe&S)bTYW{)Yzg5q;e3kI3l`r`Q!9xnv&mR!LaX)SxTwNb(_aTw zwoFvs-nG7dt(90>#i_x)Rz=uO(1bSA3{&E4R>;1#8rK^6HxkSTV;ccCE%2r@6HR^g zN=7JGUFIz%k3zOS_5iuL&9pC^w{6T%;+*aFxCf+U1uAp3c}dyaZF*kjX?v;1-I5~B zxj+spDT~#Dc0$u#XKaA&c2ejbTsv3VSGVQBGr9eYUCH0!DJ9R>ml}0$n0~cVgTjQG zhbZql?VfVX?_wP3)OdEKt(10i`@(eLoWmjUdE*S-4ZoYv_9KpuRcI-@$)nx@=?4H2=-f!WcUPN_!nWeGl|R z2=&c;P9|MvOZ_dEaA`AqoBH|PF>?|8#lT^3Wga8|sZ zm0;}Yv(m#~Y+l+_p%{(n!oeI(J%L4D$=xzzuj~7i{JK+J{?Jr@s5_$CR&~zSSW&XQ z7j5TmpYgxcQ7P|UOj(OK*Ez;tGGq|%uGrH0YGG(9H*`tk(4n}LAH}&HqC631j3b|` z-ErP=I?nsVI;!(qK7@1Ks3qqNPZuV03wG~ry5xp@%07G%MN{ZH<+8^M^3Bc?l}LTdBn}dHiBuoq-w~*DYI@bHugxz z4(imO&KaVteJ>U(e*S${@n5N!4UhZWsJN%^!D5ExF2hY^umD2i)$+`~In)F3$Oy0% zeWlCW&SNYWym3oaMh{&ezncH$D4C&(u2S0rw5m!aiNMgYpGI)km6+(c zx~{P6Q2)33UD#=uf^|*rO^(kjti}!5->J5=2k0p zmtxZQ>;!;-*<}e z>_h{?OkR^JwAb#Y{(4^kpx-TKIMp(E)6Npkkm)1J^vw9m3P*1Ng#0VI*3j|Stm94U z9bP=elpR&%=?-~%EM&6z^C*ikM5Rrhb%2!i+Kp?Q=IP`ODEjRwje1jSjYAC0V196V)GN)orlA}jg)M5< zJqj$*8vnOv5Ktq3I_LM7xL6&sKTve!GF$x|Vp-+if2PB+8X-gTs8yVjp$_63H0!W@ zORl3DcW(N?!H^nyYbP#0SL5v~g(%DONt*@bl2 z1<)z%!fw=|wrGBs20q@}8=>~bm$X;!Wv9_OhFq`qCi}go+mP$a+8dE0e1>F%{?7r}{c|k(NNh7smg7 z9#m(7m_orc#6t-#BOH;)w{FA%E|+D|bfSD@c1ARKKWU1wGBZ^?cf28t+Fq;Jn`WoL z3%AtfC?{;5KMq21B3S|Bpg?Z*_M;wR(lUI5g^%Y@=*#}_n~;VNw{3~oCef#t{r4&T z8nN$G_NNPkCv-9Rk`be5H@b5>*Z6nD!_&Art^AE@{31(?vVJSfdb0KYmfAv?br)ql zibRV?7!T{TF#DZh&Bg~)^D`%t{TC#9ihtuD`a2Fe$A$I}3*8eIx;$*-Ru!6E(w#wJ z*6Of35{lIG%arw%sQzNr4{qy5x<>jDMtW(O|8vT}!jvYH*aaLxZXUI^qe-<*nhfcM zC{HeaXn(p$U@x>vFaEPCyuvD6>u*DaeYnjn^*^q{F){wM%L_5Sr8Xbtee84O{a#b% zNvdz3W_y#UKh3vKEtcFl?D|)1>TWTaK-ByvlnzcLvF}?dT2t(!mpQ`nMjOGOw{e3X z9@cP4*#0T1VJ8xUG=Gr4gGPHYGftie4laAw2@adN@Vg4rZp1$rp4#b(@cT<3U}B4D zILWq=h7-9qp=x$F*r524c_xmT+hz00%h_aZpxoE6fUKq z>#1WTp0Z9Cd{v_2Bs}aU)ti{tFqf!eGq!v?@G7cJWWDRX)LleKam~qClrM4Io#)kHGr8nFke&-_53EcHGWyrqGGUE4 zw(8U_%ZOcAi3oeQAud4%?sMX4r?0UkC%mv9dwI9^XB>>Hb9)+77v1BUbw$Pj- zB~HDUR43Nv`a0f&zbE&@%1bhg^x}Lb+nJ`lhG2Bk(Y003b}8NTWDXkaT)Vs`4c$ym z;VRk(+rOMDe2#cJZB^c-_pqPmC&TF8Xqh;MGHs4+@ve|JJ6(IQgowede)qOZ>o*Es z#^JUh$qaQ6;t~T`ohjA+YiCI5r?Y?4YisBOf!dh2qnW}#@&@=1mcQUn_#L})Zdjq2 ztw?!|Za$=y?^GM~dYEN&3dK~eD)>I{La`q~BY|YYT?WVPQR6k_R(YAVfI(W~VU43l zdDFo^tC>^&R!um)UiO!k4Mb}keI670bH1vwFa%rsfyD_pe!yvIv1yU=kTM;E711v- zE8F48suPm;fj(vkTtRa(1ilCjk2~#UK2EcWGt-oN+RN_2OR?GAX@Em-HSuRf1f-eZ z72u-jRalX@s`hyN7c*~k2@DSoi1x1#ABD)N)Px69-py$i&2aGYZtvT@1nxVyvI@jZ zRTAl7x&c0Dqb!g+h*>*P+ienkx)kG~p48Z%G~*_^YDiONO}icXw27}8l*(Ua7?l+E zh=>AM8gp0Mktbov-J0sDi+moADM=HSP(l10y=@$QE?m8Q|6?rt>XZ} z%WehMk6anthD)L1rQJ{B9rP70L{5g`Iz|H3mip{OHpCIeJ#>-<;G7_1SQPKjr($$! zkluE4z=oJ)e+%yr>%pg}P%x7uHy=^;^J-KX4dm6pcp7%!Mb~jHr`i&r1xpNN>H#kp zC$o2^hdd>yRiZ(eQk~s&(fgy;!oloDTTzkC&?QHdqPYqRf(SEO73m4Rt^?hWM?M(F zKRN>Ygl%ck7rNo@M^cF2$pgMHXj+zawl!v-Lc!10sAc(>>H0f?NMaG+&YVUul91dc zG6%{#j;Bp!$CnzJ3s4PP_IZYC+L8se%DDSIti;CA+KgVOm~DBzT6jA_9K5 zw7r)Yx!QY{CzGy*Awh+7L5|5IK*laQcO0a07J8%r*Iik97~dj z(TAxa_?Q?@`rRfV+||P$zY<%-lKK??o57UDOY1d0w%rQd^(s?Br2JZ1KU80q)YtH} zewfQuKO%hAh0l6Dmvna9D}8HA<=bJ3K5XVG3@3ulc!@80?#G$=`ljFoH1g~ZXt2xO4sKb zY_w5p=P@10*3Q@Txc-MG3@!PfieW_+oJ$4jO=WN|=9gmOg~2E$TF_+?g>grNc@&h< z+03*AT3Q-BU4&4vg~`Dklugvt6DZtQl+cR(=9&_?EDWwKdq388Aj8in=;>mMgc?;s z>x+U11vL0mu{pPyaxqjyjS4!BGe?AC1+y3{f)EOOng^5-|%`5=Fn zMm<;g4PlW{dd5=E$**ZbF1|sNvC1Z6t^afjQqT8IDlpw4H114so^?7yJwj|LN_*K< z_yZ8lY=^m>yPNiiU+QyBZF*66 z>uIpRl8cU_Fa;n@Zh<%NrTIbi{FjH;cXyo9 zJ@(Y@me2FCyJ?)VLeR?de4%^ngzlEpx|_yJKB`J}EuQFmU%^_DTkOrQmnv-PA4XQ7 z2HQ?*Fb`yfbvaRrxLJ&DWN*0Nmh0ox+FJ;;Lx4$YQ=wF(4znQvM(3cDh=TT8L3QdP zt*E3r>@tE5nL5nDq`x|>G2gb4qaNo@jFe#|y0C*pEMxM$KfskP>?4+XOYOC46WVfX zGvvF9M2qPY91BP16kV`X(t+*yLv&p!QkB{NlF$WR7y698%lwD0PHLF$+2~rhM)Vh& zbamLm@oJ&R5+jAz%rNUG!mK|Fvkp_%-ARW#xaNfBxTu z`6IyG80H_X`~r;eKgIt4cbGrw|IK0kZKM8c``G^!Z6l~)R{4AAXTC(mmeiyjWYsxM z+I3ddTK}%2O_N5Ur26eQ#m(jQ^|rap)IBnxhio9vZD>s$h6jpXPl?9(9F*txfPEY4$_P08*BZay;cseT=)%L}(w)a@-Ew$H# zwXHph+7!WBaHvW4W~CD2J#+7{{9;SJrS|7x`I}W<(YGwvp5sTq%d7ng$9qZH``Kmh zXOz85VojD;c+=$jCwPxGSDpL=~gaf2)(J!DpiUyAW11^I^_DrSfMjR>~N-?2M*4WwFxf5DAC+)E>sY(Az+t;OI zgMs3Y>g-xDG1WEybg?tW@U%hnPZJ9=tUFUHRkk;K%on`b$Bgg3+!V{+?90RC&rBf4 z^OhrHpO7LZ@~Q(Xt>H7RCnaCt5xaGCpHRDX_w?Eq^~oJKW8_C@_$Ltvg-X16nIY@= z+O=_rcd4ZLoKE3hIa#N0=~(_Mn~ui()lLE3bzXf%dz*1amsL~hPWy~>-V0z^ahkh0 zf=D%d|D9Hj41Xd+oIQKQ_D)HoXH%}& z;bcvz2VdU19q;N6H%{;~=SC>qjBrq}tmMy$l?X-?D`A-@4)&()jJ8+DTuzii>w7FE z@zV9g*!K8{Ge6XTRKYB>9uyA;6DGn?;6t4iiO z4i&c;Exe8L5`JiudMeUXJ&~ySNdvh)H~HJyBzqZMWTIJ~+%S5l?Y-7gvfR>2Q}6G8szHeu;wpzumVJIB~uZ(4-)#Cf-M|J zAoEf2``&yH&$HW=9iTsVC7eti&C<~IV|E$jWxh|9wkVK7=v26>8}p$JD&K6x>r5|m zCBu{b&w4u>4mp9D@qBFp2~F)jJH$#oHD6Rv!yIeak45wK%BI{ST)t*_Yh<%w*qG5f z)nGz)Gn<^VPcn_sSm!bVf~SXbHi?&9pQYLOHHc`M+#tNnR>0ZjNL+UL94REBPL0?c zDGr_HNKa}q^q8miP=`QV`tT_KhnJCsKnu9-c6wUj|MLQ~dSDaa{yJ((?JJs}f6q@B zjFft;7R7JU-q6o4s#@B-XfH{(ink5(53ctcyFrCw@km7!`bR;ET7|nwSbYFMm%vI; z@AI} zJS{{J(tlfsfI?4CsxklN5apkwy#Y|Zy0Qk7naduMU|Wa8h=)flc2^WI8m47nd)AJm z*$R#(tLE_;6hcDp>aJ}D1&{GkEML#uIZZSe2Mev?_65WErGlGyTCEZA$_p0 zTuRs)-(cOGN1)rVBlFsi5fquO%pPvHrR~fQO!Ean$v3nyvMVm*ohzIO6Vqv5;5$QP zR-mgaX+@m)J-vyn6SmZ|9{`br8P5gVnS=!Wb%8Ryu5)R#7>Uu#Do}A8PV6RLJo!J^ zjyU>ryL*{~Y~JAwWm9G20K-PN?crr-@Wa6^dl^6B9$RG&7#>cyAmgUFAK`d^1WNO+ zd)lu~yNOZ}-7eWGaB@}T=Ajv}l);>+ze4_FSSTUY);$B5z&p5>9hLI>dhHn}iu#8% zme>#7v}Ow+c-aEJbbt6pEnRK}~+@od4T(cwlr`WI}fquw0@cx6&la8kDE>}UBJ_by$6 z6>F_`RbBsNr&wvAov$F%J5>aqDarSD%croNUbayU_klUVVf-qN^!tWk7Gx&7Eox;) zWCxjlzr==oeM%zEI|5O^A`H&3e1d`Q%D5w(>)-Mm0IMp40*z>m&!^+sLPUFT zz8A0WW#-V1@h`c)NVI@+s;k51_CsltC5vhQbG;8KdVRfMTn|HK{g0%DN%U*8JIdB% z75^hlI}d0Z7a9X4qE&R)Wd8UQ4wrRmcmD4I zv0b>dew@B7tsk!k-hWH$**XBw(u#F&-&}<`E9Gjbw*|bkzD=)7>c2*tbjSaQudyA5 z9pwdxntxLkyHy<)EjU*NERJF8*0;@PFo_f6Y~9BId*R7&UW2DOS`8%Kcx7H11^`5h ztMR}H9x$8>FBv;Qu!#1$0-EpOMb=Ak8ip8v-IDzx)w(5ns-4|NY6iOycv>a!fKf|b zyP^E~2s0RAREZoJTm_{sHnEd6A<6+xXZPcqC`T>NdUm++KqAI;tx)bL>-5Z2u5o4|huSW=CF&SSKe`S4iYPA^T^C zkS|8)4IKR~4%4;d2;?BTNVSgEyjFtIf28gtX?}0A#!6mtk0p7%b7{lvKdqvf(M&ER z@_z6>Ky`-*MsTz1NeH7r{)r_poMZ_x!Ym9vYbz$a@J#WA4=#ana9qhN81@?m5fiX* z|9OB`9TClb7qslW(-b<8&NT+>on6);{x;D&ug0gxfhKK+j7=IGXFI_1MgL_I7<_Cjqq#-1N z@373`I<&I3Pkxr|@p_g|WP5~?gl_t{ypQrxAs83rf}MwY3Vi|XTjXMb2iUw{Yf}r2e(>cq^-U!%nB{FtZTxo4az#1 z#J)^X0qo8PwYV7B&AI!Ur!HPj{)Q76jM-bQ@Qf*}sZ_2o)E>7^=F!-l-I+&1iL2`~ z{9RjP&8=OV=O4;#gWN2klIcS2Vya7MZ_|Uv4{h!`thU0->;iYwlIJK%em6YWCvx-9 z2#Rn?e8cFbiKqx6tppVq`+5GfoWh@`Q~A>|u6yhPyCz~GX1d-~;Ygp8Ms>~kmU?dF zsG|ZpEeC7P1*Qg9rAFPu&1kH;RNgv=+ujITSl@V5WfcsEKI9(h+m`ECEUA4P)Vh_a zQNQn4)0}&#dH5=XUjz=a9apG5BDJ(>mQ={h(Jb~$U-7yd@=a|`xz`(pFG1S5=)`Pq zlb70HhZVfcGmN0Q&{+G?mI;5LgF|)U0bZ0Hdo))*tRqa#xfMFXRG6r{LZ0MA)6@RV z#{snAtL2MNBPbmF3(><9zp@SIARIQEW(g#_OI%3jYr1FXnt5qT(ua;m06Ub9;@Bv$ zYlMxtX%=^ED38erRVuHdbTw2nq;oZ6mNeE3t?;@JWs7Q_u)cZ1*fwjs@^SxL1au5% zQbqHhLqPF|;(VH~Sif{o`w#{+A~o3E+qbl7W(b>^smkScV%Kh=OI5D-KYN7gFy_%HOEL)1z)};}!qBkt-W^Uy5A0Z!b#hbB37$yB7s^Q)W~9 zhj5wq=FJcmruMZ0^mL}b5A$G0(Yjt4(y@pO?lk|EXYWSW4HNRW8eWhUNtSa#ODg@} zsYt$w1RZ440kgCBb@xHmc$w3I9S6%Ax%Nj*G2Y?xB`wp`G-d;LJuX+7qE6&HW^%Wn z7Dwj6jt`_KtcEV>08H+0+{MDJ1>OvfqMg#2%2^(#o6VmxvwLiJx2qsh)IM+1ReC0^ zeb1t)?xB@tCc{0f<1W#@FYZ?v-Jc9*52XWfmy*|1M#`kTX+FEhUdbu9E3u~cz~ZXK z(kov=tn+_)IAr54=$CNqG_AY|{Au|De>%o@H!XB4P|FYUh4;q!ekGUygOqh}KGIKh ztz-cj^n-6gIhi~znGkgfVGi;Z(N;c-g!{oQY}!5iR31iSvmA=IZlcO@Hqd<&;qaZ{ zy55NH*b&WnIWaI__kWV1tR^+Y3dqibdQ&&@j$D8N-s~L{9qOL3H}E{?gnX(xyX@i? z*PVjW+$svBkz^ufSqqPWNx?;Gcfwyx&3EA}e_11G(oi{w&h*<3BSC)mQNqzA^j(uc zXCdeCCH|=b{SVc{rFN|&;0U?*YesI7dw=fT=iaSD{wa@Y*Se5ZVEp@Y=fb~#!dP!3 z-whkkbY3_MLgLM9t@NicPOSS8VCprzU$V{lTV<2%&&CyQulpx31G0At#WTan>kEka z(`PzHBDb))>)D~{QGe^WK*v;VJ-L*>b~LL@=O-O!F$b?7W?b$B744`;3g%c4`#miq zegKkO`qn8Jg*zZw0$>`;fS!~?tEa! zTxGh4Ou;yc_s!C-yIFsxVO#QNT94IN(#*T(&s57@7H{OwRF4f&r=MzK*O?~vw12Zd z)A^j?qoZ5&XZjwTjyn2I_%m(i+S{T()81iw@2Ef1xA(V!Zqc9VCYU~rGOsD+Gk*0Egrl)FI1Sc?a(||MlzRYw zrf-D#BY&V@h8=nNW8@#epJ_~(zucec_sTzjKhut3{&Ih&A1MC-{!D*+uoN&ihW+`n z@(2q{G+4(%b)3#I&Bf=&-5An+`K>21goyppJ^?}RyY~Bd4Hw@T%nng z*lw`)*ZQ}s&|CFqdg=i;_~Y3~RM|~oWoJ>@TlZ)BURYbXKhtii?M?VIofMWY_h(wQ zJLUi5&y+%qu#pKW`ZI0SfK;p<-uW}_{WZ6p|J(eT{;r*Sv;ItX+rIvP)t|}#k3Un_ zzr~*^BMT+8NBW^u9v^3a6&it1WsF+<4l&8?|M6!kUVZr=f2K+lDF5+i>Ux*`nTDaP zdkg+d_sdMh0uKF|hU1}Tt|w*wOb`6%ZTK@?u&;RA|M)YR`%`GXG_&RZGyY5$nnkDR zqJ~@40RBun?F=4dd*8Z0)A@+Bn9z=>XvclJ*b0YEs&&6eZY5^v=z~0(4r?Sliw=?I zHek=+oKMqJn8Tt{((qUv7FzW6qLntqQ)UUuw{ z(tQRlpQi6_RM(0=O_%WQe3~w>FQqZoW{F4986pXsC_oA+n>p^BmJU%31K)Ba35-QniB+@I;H?U?6Mf2QDem$lrV>Fdfm zus>6Hpp_8Ejk?9wqMl+j#P-`%gGZ1GrSly_abDU!jCkB~_sC_3n}>$ z$Bb^}&t*9nzsWyz-@z4`m7MCwCNEXD++4VlRzgw160k3;{#4$T&WEKBu5HQvRqEfW zblz$rWU+tIA~lm`mymb3s84E{IU5GrSo&ui7-_1 zv4tUfrwI+a8+EplEN6|n=B~f5Q^*12D!Aj0&!!4L>gAgv4&Xo6Jp?bF#C36nmQnIT zOBKFTVg7lFoD9U;C_zw9oz^FY^IW~&rVLz{{P>I4dfB_xA@k6C9#0CjozA^(&c}pe zCz$hk3JIqEo$TfeNMpoT#`>Pi&g3oc#)=U$m%Wa6=SDbcg_oU9-Kl)iktJ^>Xh<2k z<5n3;ombw*Tr40`e}G~>3`wB#;pyRXw8Ya-;(4cECT@V_@v)v??xlPZUd3^+<{{g}tQv zKX`QzU7?sP@_Zrs3vYF9{EzW^X2)24A1?<7MZ(uGbllYLJ4oR%SK6}={e7UGwMIQ_ zQ_q4g*i1xDvcKQ}BY^zAwAWWqyC8Yc)l5*^!``^rNbTxoqh8N=HcoSuFdMhn z$!%5g97hfN?oCWb&pYi;dGB7a<;eL{_MITx(f<$pDGx-0^bY$|o{Fla)Sq(y-PFj~ zw(Ns%(w|b1?cX7P%7&pLg*KDyOK;zwa+?pTp11E$SJD->`%G#;CIoV@^d?}EBw3tDIMCr)Bcnfe}JL9U4Ke-=?(oU z3t&>YKjpa}CN1etS@nJrlKzw%h%!EqKcy$o59m)hmTUF4pgluz@JNz$M4V7Rxp>Q6c118!eD^B?T!oA;+Y zm&iY{Kjpp3%TDe@^GWA(SEJ@{zw?$r9x^=%s2 zd%N9ySPxSJ9|_y9q>3}IPPrhf*X&x=$J-sOKG04BvokRT8R~*v{0;dX-ibA z81ksr#@u>WrxI0N1=XdlbXT#Me37nPof`fqtx6s+VZ)@4NaARB631}~iKATJXenIS zU*1UP{)w!??bOkA0|*&NOOi7n2MIYt&EiAt>`P4x5cP5SAa)W z`CKY=`w%YGM~QUZ~#xAe2!WtyDeC;Ieuz@)ahf&QiB&`g4A8XkG zC1Rc3*xQMlAMxA=S>+cmOvppMgm3QqP2aEjZYVCPFn)Y_`}4RhErqB~a(yb_Wy^5> zQ$&o9gGPOHJ0ZhatYPk~Q8;yC#Uo-H0r4_-VQeHiDyM#i@T)23(~oh)CpOJ1m8LBW zJV$XeH{cx8V6jlXj0aemstF|3tp)tz@yKy)wretZaI4wd7Y;+&#wNZjefX(DRF)QZ`T zgBiLxO9D?G@Yv~ScfG**VU}vLq`b`8_SK=nVU@eA?0SNb zHiNnr?kl879F2)C`T|kzG*o~VH|7ZJdd@bL;EHa{j! zNT`c=DYiRK;0OES&!_Sk91Kq4>Ec-ln%_wRemfWEATyY01_N2A!SS>wj0&OTw@EKF zmqfcC^McwD7FS3CNcL8BxnJLK)Jz(V}zr7@gy6e|??M_0Ev&4P~k(4{4}-jyuLlVvX%x z(eZ@{-3Ef#5Jr)AqLCx}zh+I*U_-L-}8b^NUKf7USht&~?BZhf%o{v!n&>Q*?<|U|12flVs%8%l^0f zscq*Rerjrm;r2o7d%>lIETe@+#b6h59HLn{vzlmY)AlJxGi^3+M1G?UHuw%hiz7GA zq;LM?%y{r)Gml0$kDLSTBeDU(OW4j8RU>-{-))00j%g2)9Q=~;@b{r;L>|2Cf3)xM-g0q*TqlK!lMV!vHU-)%Qo32tdO&@)}e3iZ6 zDKB%ijZ*L$eWu$uJ2?Jn8|gmnM>gf25{Fh9bSMf%=_*N!S4ymsLzu&|Rk8<3Hrv{P z+qV)5wBHy{fBR1(sPx-^Q+dSH#VnOGbc889{Z}fJfPSjToh7#3kQT<& zY}k^Q;lgR9*qx zo2Cgo2^M>WhQ- zS<;aBx`f5S-AoZT7>Hf83nEgD@QcCOmKyaF15ib9FG>Ad{Fzb3XaGLFa_w9EjfFum zf%Y46y;e)Hhf5*4CHa*QtvE&1i&m2sO1{lV`8z+!CnVmP zT6v`rS2_r_yvo1C>R9N1N_Fslw%+4#)K~scGko!1WXW=;;@0|#G1IrG2mWk}_dm;) zPNNO;?2d_ouDq0WQ5Rd!vd%nTQ~O z^A=sodXb>L;u&ChjZBNQx>&j)+UtNyul3h#l6S{a|0zA=8n$*dU|MXiy;wDTS2f%( zEy=q)ANQe>c{B4dR=31Usk){4=;X5cEzHN)AN%*r$8Bu!CG(LAHaj1uyzb^>te)|F zoa1UJ&c{}&;omVIhrj&h=40`*Z(=^yq0rpYd_4N^nUCS$E1QowPj7ZU?t9hE$6`I> z`FQ%fRzq<<&Q=Zad@Q#stkD=2udr^;5zWCax#oszh}PXK*@pF4Tt$*nC>lk!*qXHP zQ5V)Xa)uX`*{{i#Dr8KRDAimy@8UiMMOcyWI6@8;$B=?c9idN-xahkIsMb0o*j*bd z`F*BZ@hmpf~F^)hvlhP5!% zhuS@ywnqJ>2Q%?;sQjgo=Ci2vTx5OW8pkxTJB+_hWziWyvDz$f^0hD$XhDtHaL3uC z1N|+jVx2Ri`5_)rPndZan7u3ARf`I_PPMli(5TXbzP9BSNUq8}pxoS%_rc~-U#s^n zSwSCQUFzyicn^`CrY|;my?tjsj_@wI#eE#6kGjclZwhuu{E&2VP1Jij?Pb17wJB6Z zsY8z@1pH6+jpkB0QqU^Vy!zs0jxNcjIHzIokfXw*SPH;@Djn#jkqGXgS6s!r60n~7mxqfV!wDB##lqyWZE#%uK#a=3Ar#dy>j2$`U8 z2~LXM!|#VtE_t)q;-FPv$g2kN!&ljN-E(I6VEpZ(KxRMj756;^O^0b57BY==Ibs_B z_AsA_a5I{PCm!Rp4TCFsLVIR2cYsV?x*R|jEt_{UT{tC9p=L#svIgeX^9Tt|VFbU+ z449Ze>nx+$t_TtLao(_X9>Ak}#;N@E_oWy{HWf}4c3rH=lQU(0s#-5zKhNqWp5;>H*GycLSCAwN;abjGnA;V7RG$^ zQ-vW1##Yn|WSf1OI?P$n%%JkOJPjp)md*>n(YZ$cGo4%DuKC8i$qMYeu&yFqxMr3b z%Y2h;goA7PBBRz|@;_30H1Ew@$BI3T%S-?0U-Z$f-Kn~z?b{G3-sJ(BD$sduO$FBv zXka3XMkFV|rZ!f5H0&x}+bUHUhkIz(6YCD!-`!Mq_i3CJcwDYyha^nDq4BOJ=4sk=tln2L@i(7 zO(R-4mRMl|)0?%gp&FuNUq)`&GhrphPt`&jmLME{gcxe6Q438m*ReGisX9VyZMT_G zDc-HLT)}LscmX6$u3q*_8egfK=ovl#;(c2k7iwzf9bhO)sNE6x8U&;1ML4e`d$-&G zE&`&u&4uZ;&foUoQp>j@gymM@F|1q|z%##rTsTYbb@8urMV!G(Z{Dq1Z|Qs?1fES0 zp#_O67|ozfKXWD&AmX4u?ifKVF=xT&siM$UsY&bVjZnwGnw=uClxC92EhSyEYVNp+ zb@b3!wjaZo;7*7lc(-+fZ87dXknX`zOfhy)wwV;xihI$F)11FOTx3Epl&1 z4LXdM-|^D<^2fa^ZsNybJg?;$?9LzU7cIkCc=#!>QWp4Y55UI#b6R9uaoVa2pBzL? z<0_^nQc=lb9Vx!Ti#NGVXi0qy8Qk5QcrNpEgey~DXHUDWvtBSX*$tJT9scf)d;_cSjV4kQxWJ-*P_(Is6OY9IuLzd z!Ag9a^!)|zeTI;s$IF0p{zx{!H$mr*F4B2N*;(^O74jc;1V1M7BKhTXzTQZ?|GRBD zPXQVCUst1!(7)hSTOUJ$zdule%7--HUwphM{eBUp$3@vF{pVj{M&2@|KP#m48-eJX zp!B*B!YF-ABt^a*rH9Bv?7xumrw<*F(i?Sl7Yba?h>X(zN_6cFDE(K+Q>65#sD#^Q zMCntx<=(twAoibmGsJ$MS6_d##9n67{~=;8?~5{GZ~W4h$?+S|;TNwRklrJ0y#;zd zl-zI74)k8RMDK5e&N+Jjv-sD)LhmOvmec!_X{jH*ckAkAl$2UmEUA#-N2>~QC!Z{> zCw=idkV!&{f6EprewI-f#Xm;Fi79^Q59=tt_Bf;X*YiUZ|ED}dds?s~ze|Yz%flf0 zS0;&m_v7z2(ZBZWB+=iv7exQRMD#y-pd3L~iVL1a7?! zC&e@26O4IJbD)Rc{h0TTnUL}?@}+z1G#!)Tmw$dOPG7~q&CU6&>Q5H~H!B`QOTHG4 z;@SEp4pli0Gj9QTAvw*3#@b`VZ8YYdN29||wg9A=qN>O5Ac-#5v}lfGxZ%qikfUql zVOTf}%cMBj#@xED)yH>oJh4(@fXKDlapWANiI=3ZI;sFyENU-;uTR!f6%FOPi|s zS<$g83i#B7hg0n2xksR^N#1b?(3n=j8g`GJlg=rKGfeH+IbQZMS}3C(g)x~w8& zGxI>`W+thHo6_iNk-g@(PF@{`+lztPxb8yRpj4r05gvxdJp1F;vqR-p1$zJhlXo58 zCZIRx{u!1`=Yo)BS6K(p1kZLIag2e0s@aNi1fuTLs2#_XU->S|z)hWUOVr$5{Y@I? zq#M6o?AKI&l)v_4EQEC|(1s05Dj>jKhS-bf4dx2lcx&Q~$>fHkd_fq{F#oyt;_u(J zx)NvH%0b;nBWX4aNp-Cq)V+0A)1pDaPNFTr0XjStMo3;u)-glub7k-kni7xo(A})5 zt_wRW+IL_E>0>1GKKFaK=#Euo$k425M|4Fj*YlgO1=Z`O2>d)P#e2HFIT%qb1ldGDTT=k2JD!eONSU(L@pR9oGCbaZrLwR86wg+ znsfdgZlSlZ&d0LMJ6PrGHowX>!2_=HvvHu&@-*ihx572eZiTB90mZkp!j~Ktukb&y z1iXw?VeFQg-nCJur9bN_UHn&|{)q$>B#ctYhm}$;`6R`jelpL}`g-Q6A{2Cp6CN-A zUwloo6E1%IW^rvB<-f2Si+=(u(y!aMs-j`TB2fVDC#s;E_*ZcCAK$tz?5=O$FJAu7 zf`F?xzx)?#eGjnwJM|G(|8uRiy$@2{y*@#^cpzwV3h{%=@fjf9ntmzZL!Yl%(U_1)NCb9=wh z{(25qV+^>zUa`=vvcD?>OznIBTE4$FoS@zH_!RE^Xf_)2U%;9V2W4z-V{Y}H*W9&f z(+*Woid@4`e_F{(Y|Kq4RcdfL0-Y56a_Rd0Y)PpyX8B#;uTS13xqko0_iHqb)m_+;a7*q^yzwZ9nziq$Xf9_@| zN#k9Pl3b+>P?ANDzWx0=ojZMXI@f`I8z+EMR-|)h`AxY$AmYgrpcj?~Sy&8a89y%f zfK;xd6N$MSIamx^$K)n&wh8C{Z;|h%E+sX(TqS4ssOSO}F-P2|!c8s+m)#tFhE+-) z_sTWR3i(wp`*TT`dAgOSm-(}N0+Fo448L(%81LX)Vyi>3VTLf)--sAgw3RJwj{Fb? zw;=!=3hOQTw<&|y+Tiw6Q~A`ed_8xb;2)1@4f8r`!Ns42b?k1&SZeHce(WL|@5HZs z7g-up6CO#)Ap$}9X(uQnFLXCu2N-Aazq7lkJJ?ghR=g0Zugllh_x&W|r;FSz!mFU# zoLiPA(n(}?aPsTUvJ*u%2Y;kM`EVeimnbSGKWNN7{PFKWKN9V)SlixN7S`HAgf+1K zb)r^9*0JL+n?(! zfC&{%c)m@C+txRXZOPpio^JyaeTJJRdd77;nNmG;#BC1G_=p=<8K<~&b(Vd*ymltf zM%+J?hmxiO#(iaq_S71G`HrGu1hdB@CDhZT=0Cw{w+K&mLn6b3+LS+w4fv6UuBVQX zdl~-33%=Tjx6C9A$CK(+*NBF>WYuNmq*OKBT0Li5wd^(d7JlYx4$?FrGkTf9IuDS0 zMJDHJg@RU(%tU7gW5K?5V8R7MDU5l!>*Z>%WqE2;n%286V(4m?^CIgT zb5G1whjj)nI*f1~fOVejq{ONJO=|MI$a)u6$}DQ_?wnIQkba)ZanbOyKG2lqSx*4% zJagooB+61e^Vk06RCw;qyA%g2orFmhZnR8_anVImRLGm1u02eeyTPq~_qI#xH&PME z%2v|mFBvkFd~)=RPP%P;;B}l_Iyl}oy|#uv;0uFh?>J6@{Fyhh9!C9{>-equhuPD? zE0wDX?&Mu)@-QMEU~0I_fV4e+Ne#JGh?C%xO>pDrbFs2-$Mi797?UC-QkG#diMKP4 z=Q5A=Hk^1KN7^fx&MXh{GJoNfK8l#`Y+t}2$_=v8gT3q*z;kAOl1@s#Mh6?_ijo@c zMlEh;N}DLze@Z_>>KjbyWTx~*`eIW$RzLx0dNN#FFTo#Se3d9$!2po@7KLq{tqJx5 zmQKHs%7>7i@L$|~?PRr!07qE5ybe44TjG+B;`L-`VT zWH+L_W78Qo)m1~};$A5$;PLcH(il>H(!J&_ME!N=hdBTL@%g=&^RzS zl#~dB1MRL4(52JqQnddtD^rT+lU|@&=XT$2ZuhKg^xdf`Dzcdc=~iQek->LqHk`U!Kpd9DB+dqAIhhRtLkO+^x?S7o zZZKN?CsQ?7D&tPqfIHnEF>SijQH$lnmpu@}gwgjREO#R*>01CUvq+Dk~%V_x_WrAsMsIwLmptE?wsi5qh99QfH6sZx1&S0%aLxU ziYD>{oXYObVB2^b~pll z#EqriX>N>`Zi`~QqO%Cp1Ojat!@)Ia6EGJ`x<*iJbIYpXJqdG{~Ni`kp@9wt*qFCGWV;ux-{#1*@JYcr-1ttoJJI@jQCp!(` zKn6ld;OJ6GAT3FNut4EfQm3ut)5dv{=p=#Jw5smWNBnqA5?J-pR&vkej$poRRub60 z*6Zp3CIIB<5AjG`#87u<#MjjP;tl+lwpcr&8F zJ?wZK;Ek9MEH~5UXlo4lK5-rgzkw)F6N>_CxFW2-C~!2Qz#r)m#Q$KfC(itY->Sb; zAl#snQv?TE&FD+4y>NQH z>@O`Fh~{_%DQJ>B0w<3n`Rw=sr-jHm@eXV!k4pr!h()*$^f4A;1?coCWzciP2g zjd=hrV#AdzYIb)TC}9yeOwCeSA8>lh!~*S4aaG0f+ojo(wATa&03qjJAM*cTH!j6a z2&hgCFG>IhO9D7LDFL)m7RVjMter?h5hj=%z5`wo)2!rBDx1BvpTLMnLX=3G*gpF--Jko(T3W31nfk*uAO15E58EJ*7(K=86M zQX!h$#+Khhf%{2x0^%>k>XZr*k1mAS7y;(R^Hm~0;U7W&OcN5zPttsr@k29Xel)5+ zmUqrq1LJAf&6ksv6w3l~R|Hz112DqJMrQ0_MJ&nmkf#K-5)x5-QoCFx+JV-hLYtvX zu}oyM732jI8m%g_e_d|2Ka-Nqc9dgThLX-x@L8dx^B6xv_!bv2 z`oWk=z^6}S4zz^F@wBPz_);V1uRyhx$d-m`p@epjBsACg9#*20YhI_AZH`8>vS}tH zc!soMds68nrb|KMz#S@{MbjpN?FIt71tTG{DN5EVLpG_r9{9ZsQ;+VxA z@6EdtB1&12;8U8A_$cI~`0h%GSSB=12oV!+V%gn7q6r4{`G#1C*woq@oX2z|TRUIV z!zy5w9j`4`w>_w0SWyM%Qh~83!M(^?#lj1NQB1U;%MuFN`=FPCr4q!`MFk?e z*+gAE!MH?1>lr=4H6?Ia7+hQSeyr_4hMz^*;!+ahS|wXND4=adP&iV8!o&qmP`HX? znVS(letoqQKDPO}6Fx?UMTYAc%NECuGuh$>O-3YJJai+n#rMq$@K)rDUWI^ox8)1O zq&I6%=tQBlMfu|61Iia~-JWm@{Ef3GyuT=4Y{s5&2mFGQFQmd1^QR|UUQx98m+T2Y zWQTqW_5=dEzcqWp$>Iy3Pn)+VeBTeHh&Q$;T*1&;qnouS%o&hh{kHL|!=O{SKE+Kd zVONVn1gGAd5U~-;Cc>^KfZnVS@y((=;aWP@n2;ixBt}Rfo!qS7yhY*K+f0nuF=0^% z_gA(~85SO;YwVtfv3X{0=C_(DH!Lh9y+;UhKO|=WrfMrNOEhtW<1qpPaT&zh@o)N61$7+&UYbr@cWZ(V0#TR$t=ktGD9bEjddVJTw7uNE;En^m zMX}=T+86FbpGcf#0?F-ic2AFv1h8@q`-@fn?S^DwY z+o{9HQp&*}R5I(@cq20jP$szPtu5x=MdiHoeB21$V0p&8v@;l7LbKu2nSCKd+O-09ZjNxrS`@$4)xv^+4|I-887n*+tg-F^L`eM-_vM>ChL^QdXx7faLADIV` z6pHqR7t5rB|8@3-+mM7e!{YyeKtFJ}{$Ag6EdHlv!`g2~Y%u%6{>p%TVNX3{8Q|#F z{`Q4G&NTai#feui>#k=fH{t!Ns4hLyHIkPeMjlX; zYA>+uD|UanJQi1Wgk2K%si(0`vV@!o_g*HhpwK@!;s3O4Y66XFvgH{9|P(qfA#F^Y`VjIvJ)E8eZ=DC;m=%k2--yyDny^TM|#M8BjdAcp&j) za*2&&6238nwsRb85OT130@$K>(yM-39CM3ans9fzl(M0_lQK!6(oT{VjNUinT~Xrh zR1@1cw)s`j#!*clitbKJc#9Y^nJQHOP^F=G!PDtC{1iq!2VWHLJbDdsh2m4Z{^B#}<&_wLr?0R|^tpdZ+ zs6o0qkiz@O0mYF49i2)i^Gqi58M8aFV3u{fV z4-k#{;VHS_dpEO&HatiGl5a0?PEIEvG|!joWH6q*Arm_;ls|+6Me9Z+mDt=S{F~f6 z0V1!eRe@6frstR~nKkC9D*T)5Id#zrUiOK*n1c7D64CIJRt#sq7xA{Dr(f&CIvOAv?cg0d+oK?-g~RpRh2 zID-)<_-GIE2lENU*9rLF`~)hTiO(c{3}qb3X#OO8Y&R#}2EF-BRoOUjOU54rWszP6 zK=vmoT42KX<6+e58Gne{;>Z|LTiSPG@1{4EgTi{Y7SH(O?S#<(IdI;b@rUN+sd(fa ze=LlP`lsWqHU9WMe*E!U0qx{BU5eW2H(!KbHpeM$eEoQ!tc5yRgo*}Hx4FGgnPb5| z+@6${{HD*r07MX+8cc(yM@}5mz*(`$;-=efi_rI z8bAKv0Kyr6T!s8c8s}=@Q|N!^h9T zaDM%vX1tZ(be%ZN_V{CH{3jjcH;upl#~**>sOi7dl8c*@SoSH#A6LP7CJVBHr+X5d z?gni%bQ?GT`A;-D5Nz24*`9|=4E=HA>XW05P%F--#j8Bk*(z*Xkod7kK7c#13$5=+ zfQR(#)Sng6ps?1;b*hh^hg*9vVmlGhTk+5xh!j`ofyfTljjbsT!yRgK+WsH*4 z*T>$qfwkhW2Ij2yj&U`@;4GY%P zdje|1`EGbbZvHzt$6mB`0c`WtJ&kJM@iVtvY?80;I@A&;`Y1PVuu*h8{=Yncs;(4| zP4agJN&e1d_&AP*o*9Su{2dRyBLT|(C`C(je16e>drbrMxo$3WMtuH%fG(;ojXv?G z&#z0D3M3@9-by!P2v!!EU0q!#@waja$%gB4~9Qp|AFG)ay9>V{qdde75a4hra}` z$%!KTQq$u6eeB`yeoKGmqyaRv#BJJw9;F;Q-jY5Dseb+`R}kL55RNOx^R0l1xDGq^>y>)@`4Ug7bitLmeE+-iT{aVVl; zJagTBe~EVYdqcc*_ZNfPbYNe{4qnl((U!#B2bnz*+G*k9KaAj~C-MI_4Mbn0AT);zmBK>Ix-D#&Vd|AzeISxS&g6Lc=~z~a(DdwuB>m6^C)D$eRGSu z-F}6+JYaICeeBNRH({Sj{N`HYvJL78B$RT{fGt*O$x5-O6rw%YkngpjG7u;F%U;)}lCW!h-m$maYB`bEkC< zz}0zJ?+=86dDt7)!U|iK;-r}{rc=Tt<`%!Xj@ZpYWt?L1o6SHBdmHjF8rf{c+$^m` zy*G!5wE?kFf|vnx;0^M)5~A1{c9>5ISC)DaZg-DeQ6?JU%;WM!f;gX~r~#XO%bW(* zF@T2bwyIou1H}`Kllof4u$G?8=df|iK-qq)<|Lju3Y^C!_6^aJ# z>ls&o{A(ruC_Av6rN1@I?bZjI)wTEZuoyu{#xvTm-xMJv2ZCm3;R>+X6gL(z~eG{h`?fAb0xhQtV*fO zwtjQ?3taIi*Lp;yVUa@lCBN^@VD*=k8qFE?HKWojxlmcP+KRNC+Ux7Nsnt%sCxKzE z9aXdeIAq~K*pM%F6#Exhlv)xC_QPgqrDfrv_o|B?>zRhU_RuE)1r1!UomyK={2Yf> znXN&e5uRR(EyqwQItjv{q|_0&*42&m$>ZT73{0Tvhhdc*`*Z9=RQYLW z0b`>l1F!{_?d@B(w>Pmf)y`2?YYUbZZHV<_dn+@`?~_IsDEWxzeqC3p-bR!Or)q>g zHtIIiU!PMJF28SwS;07*r}-6aXs*yE__H_y9DM$^#>MBS54iYTfd0B@P1*Ty(3z_+ znupp;L?QBg-ih$5*#+Tju3b>!{5o~kLWYj)*wAn0PQlKgImRaKIsOH$h~>F#3W;i zLRVs7Srj`Y-&ts##tluYX#&yOa#Sf2JLyl&ctHFr>>i`Wzqb=UTyG;>s{G+6dn=X= zS6~=cfnk^*ogxRRGttU@wM-Y4!*7nl1&%}jLu{I3qp?k)zh-&5Ij%O>U(*B|pkXW$ zENhwp7Dr&$G-P5UplsNPAdIbD3th8tPM{>1mt({GLpdr6p2oex&36{3<&r@-JRlp3 zcYfx-VMjH-2t{}pSnhMYW=t+iotx7m4TnZ>dyKRwc3Jw8Zu49%478Wk<3GCjNJ6^N(ZEea@4=@COVa$vgAhfuMIn~ z9_1xfg2j<|q~kd%j8cU2^lh@QPO|<&oQ>V=FRtFP)9x?2)L$m6e^2_WFSa}Ncd5UE zdmz=-G#5v!F`~5H1>R4=J@>ogrdRCLBHYuMTVef1!ENADfX$_cld>A-)3-3T2y&ljQa~6z%O{L@N>(qB(fAI2To7w=H!RHV-VDQ>)Pm zA6V8@D;TFov52WnwXQ|~iUsZoyb8hWZ&ZK#BM!J({5zr+Ligve(}PyssWO_UY56I?;W+ zrlI3M^u)Mp)i?Z(2AcnH$ypJ7nK4Gt8Ie_uU-dXPaxuaK(4kzd!zS>Q5Hg@;BeaUN zDj=<%eo&k?_0r98`{x;9$p7^?6~I=7nTJqL(5Ywuz+G*ld^;{b6wM{RyjR{BmL@CK@v2#j$sAUGE$%yAil?}GE%T?oC7 z@IlsCN`fOOahjsbeOgab!f*Wb9>Jez!PoqB<{sJcG9^7*ChZYDnVs?L_C16D_x-gz_AbB90@RNA6<6P6 z_~w~bj0)3QR-_oZXRyQbeOH>>Gk8p5L}`8Ka#k^h=63=FH5m@&0=9;Q^u$FAa~X~2 z7`l*ua95516&zVB$jr3^2sh`;Xgu^lf`gx_a`uB4Fh`ZWL|>y>`7eiMpuaEO@PW>V zZy&V;Z=&PqmyCw?a*S86o?vN=@7|~tyN~#TbWbxR^er{U5seHQ#6X9RsR4o>pU_hoD?N&GMjoLrq+Nhw~Q7?{FFYpVuYV_h!f z)#z24>hYIpsx!u@nlmx7AAynm0qQM2)yPG$$!?pPBtl-H7V`y&{`5wh=s5k(Az`$o z@V;#0gF}R|o1|qbgZRPEt6u<-*wZ*qRlOu~ zSfP%!P&?B>O)OWGF1yEuCE^Qj0~1C&o5+qW7%FG6y9a~WFXD8zVDIp`xpixTr=rWW ztb5&ep~IRg(hx%$$KV&|lSqb>?`=P=c@-z&VAkQeKD*k~S_#c$#1?eF{xfpxR_#gs zr?CFfN$dX~YLB*I!7}X8zeFg_YT<9EUJ`nt|Kt+rJ`V2`foW!s|@E$rIcqlfWE+oK^CYPYj2P+N4JjoMzaM^kfg z8tER`qq}?Vi9JFl*znwnx`rS&fACnuoTL`9oc>9oJv@x{+xF-=8SixvALxAi%ZwmB z=*1Y;9?r<%*BUx>ckrvn;v=#+c2F;;cQW|ph+WOYUJ4vky?Sk&up#jj<9$8AuFT@l zndAKs0Em8c#*ajJ;%hYb7I=|a2qlaVm?}?WG&Xt_LRTJpkm7rx+4^26`nX;w8XFxL z|2^B6(n2w}J7Y@e_ji_IZW|4^dXX?bbeP1r$d;dG?rPH`x%4?Q#4Dfkw-$D=ID)Tz zV8Mee;sIT$?_?qnR`@UK4F%JOo!%{2O>elKe6e4r|TweC_1$gkj4!@&w%t1l{MgbAoE2cd-ZHU*Cg#I)sQH z_15Jbhu-QqSD_l2L82_2ai|&!IQpOl_*1_FtmJ*lCwLP*p03`tV<~tX=$=R#T(`~Y z%NZGbtDZ&q*arGv+s6ogn7wj8@Zz`1#cy#E{O(1DYV2WGaauiL67*T?FTGWSF>w|+XA+pJbz zkX%gXs#Aek^jr9HsupEx8z$998 zxkB3K6{yd7it#_YR5#z|Oz;eC9H-o?QWP9ZYc?ATPpmKWEID24O_;S3fnI~R6lic1 zCd4IADR`j{Ol;I*d!{FcH|kdx&;@T;oQa#@$&P#zb>Qbz09X>y0er9_q=8!TRV(6w z7P0U2Ty^{|P`yZ!`f?kOt&SZ_FDD`$2okNVC zLPhEj)Ed(QXg8n8NyN)raGD9H6+4(ueB*0K3G<1*+7iTtWy1LvxCn%gMWP?Gs}<19 zz<{#iG4<$wVyQ_<#be0B^WAzQ#07TX=Dm>_NaaHy!ajxGh@6*qh*9$)ruJUYowGUm z!O&6GT*zkC1`5jNNN0|E%9`p}hzGYm+d`n6_xs+TF%xlcz{e4c&g9?d2i1sXBo2i` z58@~uOm`kD7-B{chs%S79&_t2X-+c7c@TOGv5XkG+H;&bzu%pi(8pr-F@q|UAMCgx$Webvo8UN(U{HFF(fENQ!^eUR|+J(I_2e#Y; zMWcHnrzuaKrVY#QP**bhf0p_LZ=%@*G*IKS(gVq>gD{%54nEu-pI3hXT@iIM6dA|} zePKer9FVm>Mz2DCtz%8<>!V}i?=5|8VHhEDT?2F#O8Oh}+(k!*Z>@#y;UtCTP5%YzJ6l2ES+$51P z^m^}@eUF`-?Ll zc`ZbkbV~aRb~{JR*W$BimumVF`o+VoeYG!%f{h0CXQ*)bewY{1=UZdenCDvud`n_Dj)sLI0}2A+zj3-m z)+FXYb!^x8NXIqq3+`*57?Q>Wh*&(rF83`K*A=M_RvNq!er7**j7B7|ANslPB*MyV zvEghYs@GP9UeFW&D@3+$URG_x9ONViQA9`nUC;2CtvlNoUq!-WoXQ<9Uiml#P7&Lx zV&>@>rb+A2bA7pQek^)4#B24(YWrCtuNS?5yvp}4SNR@cr-jPA+IR1FVlmdvX6jcn z{N0xTPmuNWraI#&U!8U~bn6UMZuO?|h)Zu8z_NWcA3CHi)rd)NY8Uh(me`vnAeKSI zq&Hm!Kvr+c@d#8!tB8q-7AOw~L9MV&T3^bTeZ5KD8FLioNs3IkALHoAs}jAEs>JuG z*;a`PS0xNbC2*$QD_zwIbkM1E;^6i=u|H1a_6kz>Ap<(n2=zli6kvn*J1?J?xe72p zi2~e%UGZY~t2gUJ0U&>XODX@6kU!@iI*>nBajE%`n7UNswcGM1URwSD)Mfc2J5=N! zb>xp-F;dCDXL9+Y<__iG4U>@DE%E!XrJ7faT@nBGGxkXQ_kJznUyIF5t@aOiDdm4A zT)O>VN%=!!>Qar^Zp)vDY54^ax?=AUv&?O{k{=TnvL;l8| z$-h<0{{~0?fR|GK{?6q;nevCk)TJ7+-IhNQ)A9$PZp;6ZJ&-?Y-dpm=>}NO3zi;zy z$RFG1!e856^M5Zk&w}}1JIj$j;H8v*W#{srMEOHv>Qar^Zp)vDY54YM=1{>t1ieZw5_4UHh?-xGbqUf7J!j-SANjPnnVu)KjP z`iF20Ct9wd#Dt$Py z0{U=~>kruV>3&Q4gP{|l5065E>RgSO=!0F*i&&yRn1I-pn5_>B0Vqx%lKX=*L?fUX zTYLv#3%_!3tFOB514lm=q}GpqN%i9cuqLT~*eU@P@oEK+gzYPXg)P49KwjT1zKfPx z!-hEBDDFTvl5`TEf3A&$&BJ&nVGOlm0<~f?M-5XDoSV_8)(v-!g#DeD_lZ7Y0`I4z zN*IZ`*NRf8#{eyrN(>kQl^EZlN)%iQmAC^!RHtdQc2^}@qP9vr0zg{-V>f$8pB;@C z9R0x3Rt(h0tt>TuqoW_sq}Gr9lj_G(aH%``!BI?>=m%ELGUAxTZgf*OURB-Kjps`D zNH@l!O6bNN*NAS^t1!T&QjRvf^Nt^ERrJ`4z7wDv(;-fEjK*tsm80=9TRBVs>Vmz{ z<40@!F#5gS_a7F5BOU5NH^vWz-SQt^!l{V9DN+e}4Dm|M70f zADjK{f&VxTRZ{*TNB)49QvP_?nf%95{*ahDMkBV{^2fq>?LV3T)Mfcw@uSgi?}7Zm zk`Cox(e;pG_u>byeYhL)KV{G4k18quX^#8>FQxqPt~2>xMEOHv>KKjKZp;4zNB#ih zk$+d>&F8=6h`+OV^JNG(zeQIeA>5qYhrAE$vUTG}3^yMt62R&ZH{ASm3(i?S3Zh92 z+Z@+Xbg>>=*GRZo-Cj&Rsb{ji3&HC{E^r4HnEGxPXg&$`$L>&9|6UYDO$4}9YO)^h zqN7|N((aZ#Zo(%QKuxM3ShXFyxWInxuA1Dt(N>d7QR}4o*sWdlALHW9$E|e~rrYsm z6P&SiB1OD;ewX9T-7^^XV=FzcJmbd_MzR?Qb@MOx$Y2aal`t3+eaiCc&o@~9;}Je2gu6Qf)jjEFgXH$ox8n;*r4RpZu&`O;3${GGW*{-X zfHL0r!oBZ;&G)Ixe7jDkpusibq`JTxiYwRh1q#@|}hOvN`QvP_?nf%Y8{2?**bm~E>k<2=-mo{ozT8)C`&SHB^Q3sDJ+JN(yDo}j$aNpv=C$aZd_q>6805kIe zZX|>~O+xScF;9*CM40R_G92uQZ3RBP{#tt(cEH3W=SB8Xej`%Oe4m!q>P2F7m@MQm zJf#3lXxjKRX~PqKx&`O~g^}25EN+c|!2BL_wGtdW@esSr;Gr!_Q0Fn0Nu$ z$zXZ#V2c)y6LSB0)`(~)R;XZoV9%s`8H7%aOYsSqDs+tzxqQ8xw!#fiRy8uKXJvcv zrvZFyu2R@{1-W^WKNNZz$_3X%ayqK@l!!6ba*I`MB|lcUTkR8QQ=j0;S6IZ(9q zDPr!}#b@ipp8rIRnlA3rp;OTGr1>bdPa%|;yA}vO>P$h7X>SfdFIvb$vct3Yw@2$@ zpcT7GT>w=FPC8!$@S+z3y!KnH{GIhWe+R1C)qJxpt8LZoJm0K&p(o$0j@k^paPrL} znRj|L+|fbgoY_j~%{g1N8XI^Z+02x*Gvu7HPYI&Nu6iEw*)9kFDGqUCB3V4rsM(8${a* z5))Puo~1&-Lg$+;LK)z*(nGjcALqLIm@MDyP0$rl%_q3|W``59n{Q_6V@ryBGBas9 z*{@%vE;60$1yQb)>13DKb}w=J2~SFyD4nl%DGVt=UJN23(@pn-%NnpfxG8%8WB~R#`TR$KF*J0vj(P04DI@{*AG1N zI`HQDfw9<69Mtdb`hlwf$5}scB48zJ&-vj?15X*W3@cO!<@Nf3 zMfrl?ha3oGCFv*Q6aLyIJ--a|9k+e}X?&yN(#`LF(PB5IOWi7TV>r*7J6??z3i7mf z03Em732X7dOcOheHDq#|@5+2^Ar^w>Cr+E5Mr7_%>Zc^h>i_p-{lI2yh-R-JFyF`W z0kerI=aTzk^GXvU-ar+Oh+#td9MrGrpxyO)0~e?rco*G*=4R*b4H0BROT5hSHgF{E z*$x3*mUjFP0L9pis)CwfV!gJyhZVSsZaZB+Fl3e0fE4#LljQ^JSK8i$>}P~s_TmJ( z3a`7eexN8H;@r#Y2gbh&au=yyKcR%_|LpeqfddIi)(^aWTzhfZ>jy@nqE6NiTvUM( z$O>>>O#vV@bqPh;>fse-;tV&+c!$O}z&h&@$XftpjX*lfceLUUzi5U`bb@TR$Dbw5 zdu{yLy>yp)+HOxYQ8%Sd;t%`g36pm>{xAS_V*L5ZIBGrfT{j%tUix;v>)EKQlkw-c z5s-c}%IJ#Kaod1-*zR>O%rz z(_ojiHCP2ear)4We3v5{9sR)R)S57c2;%dg50HF@MEy9rF@=6uamoLlbeF4EY9nE@ zQ1jZJ(;kyF-Q}~RL?BJ`ouZy1lDhZK}3jp=@`)owGhx!X~gll(1?!HT~0X- z8u2h>sH!wtyQ>kuB3crmnh!vo_76$(TlT|-%jhR)FP=`V5Bnw6hXa;&OCNrO^p;DS zx~~fxuq`gk^6u)w7ci30g=f#V?ZXp*mr5IsIuhF8$&a>m&to434TCoP8S+!ZHDbG~ z4Wo#dXv5>m=kW@%@8cpI81vD1S&y4cCZ?{Oy8XBbC@cBp^15h-vu)P`Bm(!XC)~ zg}o;K?xnX(ShhRzKXlLJ52HupNMJs z1CU4lUCD3hwa^j&p5?bB`ix&LpokKtlw>(&x974un9Dp&1Q3_rQofi&h*F5g%}&u~ zw~P5LPai}*+5P;MMp#AUx7>1;D2l2DxKwJg4evV1Z|V69sL2!vRvj*Q?RI|4AfhE| zaw7okc7Ds+d5*$#x}GjkC*GddiM{asSm`Y%KA+5B*kcDHX?n{O2a3HAe=%9NoH%w! z=$4;{afH8E7qIQcwSbpO5jNwU*I%^j^Y{xpehx+WHAJWSX~cHdUK~rrL=mn5pl;fW zb?zIi7#!zr$c8$%i}exfJF_e}n<+LruLt1JI-??8A=j7e`^qfu9?aOTIy>P$ZjWYe7M?!cEn=9{vkdbB;C{B0!}qxf-{&XX7slNS zJhuqoVbC-kbY39kws;GJ#KaBQiyGn!B;F^M*ZkS5^1WiJM+$pYzCJJH|33LH{j`T8 zZ_9T9X6xHLD$q{eHD8R0YrotTo2}D2JTYN6Y-})JjJP3o1I4z+1Z`~# z%KKb>5C5Abqz#T~R98*$NFVyiQz)z>`b_Nn&cmq8O5{hJ4u8Kg2ftA5%3SXS2sb_f4=FH4I5Zo|7J z0iJ{ZG`vWLf5*ooraT*wysy3uAot+=QvH2L$31mef7%{?-+&Ae+HY(|m@_RSoQ8RP zb_RxH>}fy4u+>8@$eFe;j#aB!mPy-fm8)Vo=le_?K%E4D^L=06JOaQT@NodF{X(7d zJ$FbRJkIwVf!Go2xA;qbxA2|kel_l`?}djvukv~O`wZuMdB^V`)ZaVz^|(*82YY%? zdtS6A&VsPVhB*)`;IRu0VjkkVZWQCDXP^?x;T@}ib69_IwPiJaB=~Eua^e5T_Rp?K z8!f0DMc7tl;7CGq8Bh5fk?ot8t&a;Bkv-O2?XlL>$N2L5vpn+2vPhB^P8(+s}v$hk>X><-^-pW-$eU<}k+F9CUj?dGo7j{Y#6d zwuSbO`;Pee=6&UUX4fC=wMFt%@g6U&%E1EbphO&RY#*8`hdAOy!Zp|bhpbNuWg`nL z$0*opENue`z!6C=!BYb`atzxS!kKCb6ntfryk=m(1x!KW977Dr(RsY%Pk(=8B=24x zOgyh1393s!LN`4g`O)8Af4F$max5R%9y|aE)pR=#bmTeh;F763LI-$1vi4h~yj&fCJoVq7OLLi2CqpQhj*j zR!1N59epU{A$`<|$=HoHxZj@ZLrC<&#n;BQojxSRRsDXvtq+3ZPc3~Y^Ud?(iG38C z(n&*aDg@T6C2EAWGxlHEDlHKCEqod~FswIB<00N}VkH9%EIh59YQ$J}jv3^jxe;e+ z;sT2R)Q&6gnA=2;V|E}8Tj16b`rK|*jE$9%4ToaCkYXFv$lQbtxVv0`BQr4C*FUps z^*=kAXl_)m9F>munwHo z`H_C^PvakQUS6SZaf7*Z+VD9&{59yju}O0So5f3jA;-N=t8|!$BU)|dS?>-9qW+o{ z>Cto0hY%z73B+h}>^T<+#^+<}oqL>+ig@%h!g3?pA79cQq~yoj@DIY-WXBI}!P8+A z96l`F4o?fb7?F$@OFu*}p!sotQ?+3(1C-En@f;z3+_x6|!02XLnJ^;L%r;k(6K^=2 z7;cN*W(34;Ga@W}FqcKow>V+0vly|+tv!b5vPfo9z1Fq`nhEBz`sm@B4|e;-`FyAJ z^4-w@aY(0xf^O%8LO7e=Fi&k`O^2~lJRn7-2&*NeWT8)xrhVS%c&Kr$^ z5k6!AvO%!D@YmD(8X4y*ICmvq`)+Hn0uKw)?wgV3`3C-Kj`v9y>vtd+3%&;f@b5JJ zNaNS)zHdkWHs>8Nj$;Py6Y)dyTB?q6KPhUcnU$U9d%zBp;JA3!?i8?&k59ZuHBIFw z=U@a7sdSkw^ki4hC5b`F-o?=2jWrYIU~)cV6jp1 zV(=vN#_2}MO6~`g>#J=c+sznlw7IdYZ5^^$PPSKpVJrJjbbqaFGy2G@^9pI3i@A|a zDGr>?GXh8#u7Zk>Y4n%88+-+y#QNCh(J%3U4SpVooQXc=17GcJsFR=Njx<*a{D9dU z06ORn0&!P(^99jkzpR+xnmgs@_C4X@~VM%YdK_trCxS@?2Ngq4Z z%ZQA~flZIh%9d@;)#j(uaX`5ql{E+Zu)V8$4n@H9CkU7WIN{fP0UO-gZ?2S6!5nQg z;BywNG)h)a?Mb822)?N7q3CpUd81^CnhM{vRbCqATk60eGSD}$>#<>e72Mai80Q?l z80}lpD{YSF3{IowhxFh+(aT5lN)vwj=JlH6ZQ<7Y(W6tnPizkvCj$#dUEyD0t8pHh z{)(JUj@E9z5eQFEfszlWLEi@Ti0vmT0pm?2$@MJ`Veuc-YpXh^4E{)6Luezz2;A|$huPqRaY;j>ZADjc{M$<)<= zZ;}4JON)PwK_;uN`5gbjpD#T@Zjs*%2;qlm$CREjINONy?Gg0Fj_}PZL*b=@3D|(R zOUVzIG;dyps-dmUpxRhy_b(DjDS2)BMKHzFbBxHfhpIpJ#@vfJCabwr7N(Bn`FD}b zUm7LNhHp5m*QgQ}Gj8}H4e$T3+9-K{+Dk^HhIco7*oFhZ4f7?V0MA!K3D(D+SaJ^a zFnTh5(`Hq45PZ|<*eu)BX!$_i=)v`t*EyE;(pE79N!VUD1*;7i=}`y&Gd-=YVHR2@ z`v&pLby>>)E|k#B$6rw;OOMbV?J)o}3SEYes|PG;pTd^)3tQwkfW&wD=iJl8xA-LJ z8;1gA!?ZoXisCQ9>lps;Yzu9S^){N3g-$M`!P*EX3=;bq`yS#d4qTg zGg^RH0H+PItIUUzz?Ou5>Y5%BoMkINMkH5rM8dNPWkkY=!xZ#CgL(u?zMkrfHQNR* zP_iZXoHlSm(3GJ#u)9xD*|>p;J)S9 zJG2OYEqhjLp#XapKo<(zg;QzEVXj7Euk!$%RP^&OUn9d~V5!~?h+6t8Vac+Ll2uzC z@!ht}_veQE)#c`k7$}q%yi?cUD~Gd4`E_Kk`VQ{YUadllbZ{0`6`-O5dTa0eK=`LH zetu{d)C4M~o;?YSFcHKt8%Rc0paeZK2dpqw%RRam&f1~T|8oN!b(K8ekcVd5WCcR5fXYjuGd8hD7wsiyEy`960Ztn)XK&6Y>X z&DYUlMeE;ow0@~{BulPfzx4Y;`bXrxC5LZ4!ojq@G`jw1V%U5L9uSe5hM9gu8{Rg7MhVI; zg>gyVI^9X2)r zv+S`JY6TW*qE#YKq6WrUm|aY!i6GN0F=m4;MHC~gF2#tLHa^g{7s8}r>ZUONeuCzY z*c;JlbfuOv{uYrkGKO$?5}pRuEK}d&P%o?mw^|Q^@4-Vk(qL0EBGYn$#b`yU#ehu1 z2Rf~Y`;N4fHD&h4({_%z6`%6W8 zG3WiV}cOgwwAp>;}$IC$+i;^6Da!5U+@K4efhVDo7L=qIcp3=Cg*U_ z3?Cmy*=$x9p`PXuV#osKu_KzwkK^_%sa-AKyo$6rBXVLdEtz1FzMsU=XW2702=hg@ zr8${-s!|&!t<)AHtRE?lVzlG*st^V$FbdYe4dRzZ$*bV|R|c$-kq#eXnc9KQ4>r(h zAGeXieFk|j=q|h`+rwKpFcBX7vzjkpTd;A=bV2cFMnMy;(NS?Yo@}Hy8|h7Ii~}F`yvbgpqW&ONkkHyv5;5RW_x7KKG0%~o+ zzMQ;h$!8xrIL9zQ$L$>SsuvS5{Zv1EU5R3>Gd#Keh=~(F4vv&K6PD9%lj?P?adu5ry9W;X%x7un2uMTGLXvfu7qfouo z6X8&@G;IfCkNDoF4$xz>tKp7TI@ zT79gEW~f(B>?9${Bh8_&)tp^;Vf`bElh%J`cHOG()&Kg|`1)VJ->LtmOmF>J3H7&H zO6ROc7d|l17K6*Ca*UGo!GiF#?7Ht}l-dlrIuN-Gd>9Y1P{`uaFDXeYY=9mnPQC5< zF7V5z`E@k##hx>CXG$Ow^L4PiJ^Z`o&I* zrO|1`OqQcT|OZ*z5$OFkAuyn> z70+tC?2h9hHD5?|ltG+e?E}-tEr*wcL!GaGKlZ3gToG^waZNfTu9o2pG|ZRHCo!M) zu)76MyVvJoaVP~w_vT^1lm${FuydR-WK7od5#?b6)vTIz3YX|`1G(}!c|Bw*3MH+e zmtp2KmFMInckxOgEo{KDS*?X(iY*j=IWCU5C2>6W9gJL=xi)w?W|7>99mMs3);n2$jIRSfg#gc|L|LX$$L|gT$6dAzhs5)CZ0{nGcdukzlyO% z3*f=s*D7|Oq4P1j4|ff7a4;1vNddEPcvE>Hq(H;z^|cd%UG?SRvD+%@Hq0_TP=o)F zh}|Z26e4!9zw7G#1@Eb&fI%SRH<0c4G}+xwbHea+xnkO^aRX+U8FxlMwN;fLLoXUZ z=g)-4)Zc6>J_C*mASb&CrTRXzgYRd=eJ}D5Ijq$oKp0!dLyV1%6NGzVPD5rbOP2X& z-yzdv7zMmxl)MCQ^lgp;&PNNto?v8YAR{+0WJ1>T-r>@0G_ifH#D)VAweW|p15um& z8NYPY>ojrrWiLOkIC3G5T&h^d;y}C@TJ{)153%PpZ~Gn{=gx?}>G3vHOzaGqZFMHU zWM>k-7-8`Z!Shm5;FBDU&FUP)as1&BqzNkQ=ArR#r%o3B9ffH1c#Qa~Q;5HoX!OkX z_R$_!%J`-udm|j5HMA?%CXumJER5Kwb8I`8Bis|450qs5&z9)1t-bVU!?m1S|16dh zF<`4(xJlvjw`n<_+!+^s?;5;E6XE^Rfj2Gz9!0vEMrA$bH7Qyc7dS--qEMN^IX(Yt zNbnu`H<&y^uzQ!mSOEgy7*;W`68?Q_px`4vCMJ4^%eFylXK*xgNWg4ULq3DcR`(@? zpT4^PqVD6w<(YmsA}&XKb)WMEqa8I3Xu-Yw7`=JbxftqPOdD@ICvJblKsrJ{GxJKp zRilxrxO8O67s2OY(h6vS&xj1oKO-_YH*}3OmDt~maQ{4nP=1!<&p5#?5Iimo(+SX~ zyD?)Wn>fq(8#3@CBwf>tZfR$FFc-eAnt>9i$5;DH=vr*9fR%0LAb;El{JITuhUfTd znI(dhCxAWaC!7&Ylg-Ip$?v?AlK1^lLTz-l=oHNPw5=_=2}Xtr@Wl2w1&}5voqhmA zZ#G4{zt0z$Ek%=rhpO`UIe39!-DgGy8XQ9m2udTwuu087nZ^;OA;s*6W#nTU(BHT{ zh&Yi@j&0IoGp2_I^@eZuqawT0;66|N6@sQlMkU6yP18q*E1?OqF!hLyW4B?3VEW~P zM3CJ01u)S3jqgaD-rS3w)wZfp4^-d+C?}NlD>O5gfTHhMDEhuo-4J|SYTAc2Ey{y& zxJ!%vwk2<|C(Sy-wQ(u!|A5r}hw|EgnGAs;Ty2EU2i>cuVk3@A(a-<2h8Qg>w_5NZ)7C8vjVd-4Ai>P#5jpFe@myI zgXwHoX!SMBGc^W-A4g;8$pi;k&Pe)k9czuqb58Hrh9zH+%MS^u9M2CtxdM|Il515D z-N_Qfuw4Yg?9h|L&@J;lN(M?^^pkDm*|BIjOZqS(bj@KNp0(qbG4LpK`8d*QnVhvu z*ZY0N@i4uv=2DDVKvw#C?Er|v(^A{rzm1PEWQv;J4^S9zM#S-Tg!%qTsU1ZOwjSzW z0Nl;jrJVT{lny+NUgHr*J>HMPYdG24H9k^CjYb&>>VX;hYu0d@_e+hEhdyy;z6lIO ztKAOf6k$64Qx)JmLO8=BERf#fac@YN=X-2|N7q{TQ?%+i$%+DR_5p;h@rD>-J`r(# zjFcUD9ZEL}Qq?M6v`TS?T4-A`n9O=H$6*$}_xh{wk0hvoc~UFCXgx5@NAHLp1=dSX zTCVfW=5g9yRi&Q#W`D@1a8|SFtQsXN(ASJ$UvuI}7z;Bhe$rMW+|K(f!jyzH*&2NT z#6v~kTV?=jb~BN|=p6>+Vq?}55O|-482|fIEBvtap;<^0oPz|@)+8_;h>cPdIpw|P zWW*2(XCy>jfJrD0jNdZ~zGb%&I!E5~ZDi;`bVdV>0;Ki)kRCcg8>YLpp8fHVotDO3 z4kijPK-s8z1736*6j|*o!qpX2X?KZ z=mli*5zJ!4fWmw8F}zx-+iO3A`9)`-y{@EvTN)@?iiWz zKirQWM!$h8PXwV(MXRiaQ;h*K+Y9vzy}dDvp@`rC;VOhCW+6w>*7C89_+$+x(avTB z;4`7q{)6ws#zh`z7lGKfnsR*P=3m4`>-2_80!)nD7)1`+KS&d76R2 z4o3Ca&}QAWuthDA;nh8bCEJ1qlp zcQNV6Sg7;f!24C#^cdTy-qt0?ihXr0mnJe1pI(~2@^BTtUo!(k)2-?+Ruv5IwCh(j z80T+Fcw;zh)9?%zWeFK|1k|wOh@CY_HT$-Cid$ScU-I7x`-V7pz`J z6VnmBwj`IG5O(6wm>V0r&U6S&{7ePokoeEAi-g3Tj&qPW69paVQ~wSr4-cnqUemjI zI1i&oljx`$2Ww4q@z=u#I*0jI(w2cGY36q3gK;JX%K+3_hzTLXWbIzoc?30m(%~cIf2O14K}AIp`hJf?Dz@NB=MFwZZUO>b}%^hfWCXqnieunv(gkfG)lR0Dy_ss(Z8huXd)vz_7zW@~;W%Jb* z(A+uNe!Qv2Gt7Ra#_vy!U+^}@GwFDO@sD=t9?3>WC(hl>1N6kv@=XwBcn~J*8<8u7 zi0e*?OT&fVs2;<+*gHn#I;%;ooFjt%*cvWxRu`ax*jf>=_BZ_nE2I5jrJ&E^fAYRZ z!u{9MBf0N!(v?#_ihb*KFCzAZb_I6j~VufCut@nIz@=!)KyeX=YI* zJYonJKoQB>D&`dPU`&CDX$Yjh6YHnPhcFvVtgNVQ2p)tbs>4qy-@mO4*|ALHMB@y- z&z#IszQ)}8i^F~MGJXDxez9yj9&dfyx44J>RVY^5aDAV$Q!;$_HIyCQfWdA$$?+M?te}f(mVaW?rBMb2C`zq@m zk@j$Dp407fy-m0j6EoI7eLul-e|GjL-~8`<^UnD-a!e=r=3RLC(hqZ%wq*BN*9XpI z>zsEDv#Ipv-%lJXY1c;BDSs8pUy1TpBrQMLF8_c0>4-mAZh~cW&Aq4GGAhk?Cl(f0 z>XfeLN?9+ACHPI1xoORndF)7=E3HMxm4(u;Hdhu~zopi%Vf|KFzhn5@TscAiOw>P< z`O`G}FZ^*7!O{;KpQ`^M_&~oWBd4>%HxC>2*XC6NWu`?LGz+D)2ZhWoLt{Zo789dp z@Cp{PJZ}m^h-Gc(!aK(jFl2b;<97^~aEw7ynQRfh=kRkngKxkl0Q~@Jt}2K58zUc( zfLvxpmBXXU!h%FT&GF5{pE>98)N=k|gwk%g`WN^b;D@lI9IIbQn}D*Y6>K^Hv-j;4 z?Td@0wl4t(Yg?ZRJJctreTSOeTq%m(Tp57;p}GeBL8$}$7{fIT5cp&=qnOMnq+)=% z<>ZZ}4imiUkOS`Kpfp6oKU_j&+sE$0(+uBx@X${Hx4j1s9N4Syz}vkF4+7h(@L&}7 zDm-H^!;>bv7v(!jc_B{7i>95c~*)7MhPq1CR#a@X;n!~={E-Llf6l9go*NyPv!Opf3r&L0=|B~Y~rb%?*bTpG2v-D*tF0=Kefy*3yS%u47ed%;h zHa-j-2n%m4)Fp^dvA!ferTUWiu&=b(S*0(D&lr74d?x5i;xk!a5}zshlK9Nfm&B)9 zU%L3%_FzhCdm#SG;&QL5vs3orQI*F>o6NN?Fc*nW0`Rok_DPFjioP^Fs2a6 z>@hv+R8w|dz+8#kvOqz@Xy&hCo1sy@dHn)d_{cRhC9T&Ft6g(F)=6eQix!=RxuKfx z(|va?D@QoE;B|iiVlbbp`HW`y7LP`x6^k!sWR{z`2KH(27p$%?;|2;i<_pP$&6!w3 z657O7ZSJmhj2|Jy!niIbVRQr;fh4%Mxd_dh2<5$QAcSac9C=yayt5;H=cqGSS;2Z@ z%58t#Koa^_%Japao_V@G}HZF?!W1;16>xr zt8c^iEqEsMHNWDekME+(t@5m&_s_(CKbQ4CXn#LD?t8wA*1F%zeK7v}>_3uz`}@kc z@A)oT?tU-#gX6z%<@dSv_r2r3=eua8`@P(Mb6_0(h4rK#&ouond+F!9=yIz(=$HFv z?0e{63+ERUR$$?0o1Pm)tZ!sp19mlFLx3_CGOkw~yn<106N{!B`~|r98sW{QUm%DN z?R@zxD(6!O@|7_e(`-f%nrdn`mKS_zERFRrE?c8EA!ok~vFP%Gmh|;yRyr}dviAG% zjJ#|lfUqX122}|Bk$^ACuX@Cm&;gB?;gB2-U7UflfxTB zcwZw%ZeXgti}cnI-u}tq6%yV<-Gg@$;VoXBlz+v9cW(FKeY6hnew!R#F5&g)9=zKL z@5tov48r?2Lgn4y-w48c^|hq*RuSH%-GjGfE#O_B99}8m_3IwIzY*RE$>Gf)yk!XX zcZ1$hg!jH{h`sG&%>CEke7Nqx%OJd4lf#=#c*k@P-qUXa-l@sqi9J}epG~i04UlS( z`8v0P=)=`>)$GvK6JPGoGdY?-u_wCyckTPDl6)`i{oJm7KQPJn(!Tq3?fcjl?eUlP zyrys0=uh&!wBOsh_We~!zL)lTZr8panB@C>(f_V}AB(l8U)uMYeY-|~lJBKG-`2J7 zuS)X0wBK{P_Wi&l-%ES#*R}6spSP!9+UJ^mx<-He_c|4ZPAUCScnhuYmY8yY^{ncW zf2QMlvzjibdD1KCdPdJ#&bP=g+pNx)0vpla*z@X^`Ka#@e%pTud_8AKr$FHL5nuv$ zm(a9P&0B55?GWBSlfqjlKm^`@S@0$$frpUL;R zC@?RwVD=N3wttFnxT<=S`X`|DP&>zLS=wQ4fkL>$A`yQfDB(hcJVL#OuN%cz}`z=cKvP%Wu2}CZ> zW7rlo6Rmh3$mK?L*DH48pgwg(-vhnc(|4_1-_)e_&2;Pgy;Wa3jEaZ+)Bip{DC2x!kDkdC4PvjAyEs zFdzu(w}Ydcl?x6s!n1^LJ=LvJ%eCC91U#+Qcamz+TTR6s*Z*L>fd)M``a2|FXfm9? z9m78%4t{PN{C+lk*h5rcLF^db`>V(m8{gIX&cb&Y?gZbl(YG?a@E9Ss=&vIESij@Y zuOSp#^y|A)eK%F#Rq?Kmnut3&j|=>m0q~;Nm%NaSA05zX=uM?l| zgkOpEZEE(?)1vPzde-PWi=O4Uv*ZK$_vj)$x5mM*j)Oln4*ordMD3S)+(@YdXviW|iiyw+vO;4wQcDSv7IQo{UrhvvY&faz%t z^|t;nXx@>2b@sjxMyR9jJ9|&hBej11_vibur~RLRPlx(MGj8c8ZTEz0QfbtuKUn(T z5HEf2_{Y^(9n>K8T)0M{)Q!S zB(#Um_7NYC$dOM|A^zg`nm0EJ;Nh8IG zfW{{F4ivy!4#4wH-YJEqdPAXwmZ`f@m&1L*Ly?^fcb%q32WF zIP`qKS<`dF3!ulghpQn1NIYeK%SqOb-mgyZ0NwsJ<&jri%wER#6J*5JTshhLonrmY z(7&^*`HO!>^XxhLikJ27r3}Gzfd}2EkGYp~-OB~;WrKUU(!E^mUaog9Tii?KUbecI z+uX}Ej==E`NM^a0+3qDXfUE+!?q$AvS?FFe>&Gfv>RuY|WtDr$tRJiF1ov{XdpX6u zWY&*Ww%WREnmvbC-h={2fBsMY4!i#UB!BiFEwbLJsKLA32{swq+8{8^?XB6BSm8Ts zgvc(|G7;SCrWtD-@DB@)u?kZyc!#EOGDbX`)sz2VCybpdHi^OiTn+rTC(>%hF}?dc z_6yg_0L~lPc9$F>5QoKp{Q5KX#@D*r3ooFP*{mA>l8(bra1w-$?%XjyJxy)ATPjm0 z-vx8|qPUGe27T+_cIkWh@dWzL{3f2hd#*=;aOd=G`AXCG#C%QPM}Ll^@0od^uMKpu z)4Tw*d+5{gZm&PYNUQY!)3a?ciBq&w&1_{g6}iZxfOK|UN92+@0~0ND1^^we|J~l- z;P@$ZeSPEVyESEf-$=QQ>dASX)klBHuFsBFczP>Lqx@yFm&U_V)>&=US?sB^J$;?m zmmgQ(KW3)lX|`40%4b~~ZTrh4q-6cG#8YH{QzY18aUG^Erj)8*4yGcYd2*LuwuX=m zGFkaT)hn@lMMveU)Vh-r;2+dc`BL>rV);*=u}Dmg&mR)YKig6HVs(0A`MQqE=c|Jg z%a87;e3kn2=Lz&4XP2+poX#@}Z-8frGh@H29`>_86k?a&+AGnKRu4N)-&D#?uD)T1 zUp?$_eX|o*v3l6S`evQn9H4KWmYcr%=4QF+&70uws)zNGi}R|7^^}W~s)uFD#X;4> zGI-&uyAqyvQ_t^0g=y)H)x$R7H?67XM&1ThbR=F@4|`odT*il?rr6s$f3kYmzx4Bm z|UdT~z< z-y2T?8J_Wf>u*xw|0$9fi2wb21iwBd{F^NJr*;88<(riMvPH?Dlyw|q)$z_hy*x_J z|D^G4RSL&Gxqdc9HGi&;gPolJ)Su+=TYjAi{v-?jk?rBjdgW8q9Vca^v4wFBv-h7h zzQ$5>XKM~?Gnz2gYrl%s^Xfuu-pUOOu*zK06EM|oZA(MX59{a0NS=sJAy3wSWUJF3 zFgGDH9M@y1=6P8c=@oPQPu={*E zUD5RqfNz|o#gQaj{;w|h91bC37>qh?=af!d)QL&p$OPxEB9=c(*DFJ55iWYls~*xm z_XfU$J^1D);`?aS#rMoE;ydayjqkqg@s0OC*V4S-e)BaRg0{yZW6Ib$t~WctllNki#zbHS#XZ8#fo ztz2XWt15~xu$|!#N>0E z%R;cCI9i8qWPgm>HNhv18=9#pYRWS-HQ4AcZSnDxkDMP}Hl&xY_RqY9iCsKUKL-{# z$Wva;v|qvhaz6=9tEm0hS9=z?Qx@)3hI#$8v==h*he`c7IW;p{j8}-ik_H^iV7{up zKB!k33G+v0-iOCOxII-$DmLO14Lf>`$O(s{&K5jpc#t_g6Nh~e`7v=1eRUVw*fA;Y zg)9rZvheAdz%mn9W<_tK59s|zdA2(1afo9sc09pGJ?M$B`4l(pxoqF&%sdjT+OT~} zxp}NmLL#IeO6cFL^)BTf>NHKUH)!54AF2?~;I)j69)fVKg#?>E-bMSzmuI+ErP<{_ zL)^kG&v(&}KhW^)@87iVL66QKWPhfY86iZoMu%uP&xQeiHi$`+0sps1XTVI$!BVr ziS1?jUb!)jzWpuwZo*@SzCIRx=ltEF@22-PeW&7)ql#UikK=&k^2_^`rf4HQGcrDBY5o4_xLC+zu*7Oq3@CRG<_H2(cYo295qvZdzrrd;^}+;5=~zdW-J`~ zR$21<(?bq@P48;@uE(Qz`jC(L34N-qW#{Xox?dh;-0+3?Ld-SgIoRQm`Gz_AF9EY+ zPI&Yjt1~ssIv$S}FeCZwnaoIz{DkT!VvWgh`LL&OTvyUYU0xj?{}=PlDk=T&82qTu zm^vID3ID&2-6XPxB1iHIIs?01ol#+aQ*M4_gaxyjKAEU+ehmU+6G^pU!Z*Ht1ZO^4ilDD$42-*5>ak`Xf)TA5)$b(BNK3GT$TZ5kf&6a zaOP6n@p*YTFMR=i+k!{S>Gq++Tr$1~8DV|seJG=%sI9!D#aBCyh-$X_aT@3FaOUG? zMxf*=);IMo3Zu+?(>MD@;Kld8y8Ge%B=F~HA=b+u8)D@AbZVn{=VXAhmEf}UKzI-i zjoYj$_JKS~>g1(aXP}I)1|j6Mvm?Q0)5^n7kzJ_ESBvcCw6dBVxWZ}#3~@e+=WXAj zhO(NSczd#xTMjfQ;fkE)FMU6NDKp=F4glNCy21Dx+!qbYe8*S&07{hH$w#5G1j63I zD~=&t!5cM#Z8{VHO)DapmqY~f+2;ZTP>XJ{ggOvBv-;oYWUOHIW9$NrD$mQQ_tj*f zP&m!3V;gqca@}B*6MccmMR_3d=uz^qt&N}HQ8xPJ{6$S?LF(=B!pYQ5ozs3L zIDyB$Iwbx|ZQD^B7)DiM1J8{99WPYwN7z6R`#G3x7;HqJ6xuL2yY1)FNvv~8ts%TGn=B{15j9?T82a@ixvv%HWHP%a{waM za|kx+ulZ7Vm~W|8-NPu;jsx|0NG-ct1E3xlC8F%Ux*4)3w{5WU@hY5d_K04E$IudO zN1}uAp)Iy)r<8|tMa%23w>b+@Wc|D)3c~0GmYd6J8ld9Dnk7z?5}FnRuQC3LEpV71 zov4dNKlptlU^u#;twS_JF-mt?7>U=_{@ zZY}fubH$Ka39b14cpu)Er>hbKFnoWkXN7fN1_y}0Fr)%H!vP`<2D%ZerzkhobHAQ6 zX_8R`^wYO~j(Z4p>9(Vm{(y}f)|M5l00>|08o-i{-oynO5e$*=AlL_uaAsakTQI;5 zqjq0VRNGMRtCI)@w#w5~1GcaB9^!*X4TP12?I#U-TvLi;l&W^ZGJNaj`uH+5%Lj=*#Hs_(4H! zYL1uE+y(FFvIYoWq9@x-1HdzwT;&8FoDYirPJ`ElU;tv(&L>py*q`G4Iq0X3i%FQw zI-S~zk7<1r&7?wdGeK%%IY#cqYSiD-(?;?f5-6dgVbHVzU<>B&R`DV}|{`JNWWDY$llT?k;7bdSOdxOL`x(L-=myT(_?qCy39^$Q&4BLoG@sbvoW zFKAipEYj!d(*S})iXCjP7%85)0EH5MMLB^d_6X2!xH@mZ)xEXGJ_cA|!T__XKL`*k zHHTupT26X8ts#rnxG6n25zG#q1uu19wtPWlpB@Pc4{gWB%8tU@%wq!!=WF)Yal#f9 z%V7<*4WSo2&|-6KqNZIHP9rUMG{olEe4BQu+udEP*%mz?zk0?(6#G)Zwr=a$K{ZDI zEKe*u99^IAenpf~PNylvZgF5y|8I*^__7Pi&c~+DItuKM+_f4+VE{9Sjw;UPDPF?0 zGYX=Qq&F|^@g!^ONJVFAn z=)T%Z_{7|ZAfY4V%L!Nu1eNdjeEPK!pz%7Zz0q_k(KBsM!YBE{g9;*86JzO;|M} z(-6s9o{l0~Tl%0$&p;~;j;3v&pgU?V;S#Ghxh*(e%qQ0$);8e$&^lT&pgn^D2u$-KXi!9q-!OwhlbE!Q9_#)0WBX$eMHj0g{YR1E5bp%u-wc{71N|M_a!Nij4(2fsC{Y-sWHQ?RpfTi%MtOav*wt0{|F zG1H^=L#S>BJVsw_B~b%xkT9A38>k`!ohGl5^I?uX%voE zDUN1ND*=#d%v2&+DReVnIDeb!_bC2mM5M|#mk8FV-fuCvZ1f^gaKmH^_= z#?q~i^O2Cyki9Mfivrmvf{d9oGrF}DjvJmK0k&}XOL{-a(wYbcFiFry^b6UW09<@n zghzt0(?rMGzQMu&a5Lo%TdwETNlBLos*dWkbcrAljJL~qLE%a2*3!34>UOQZovdy* z=-a94Ho&3bTk3JBilzx~o7HWxzLoAcY3mZfMe1!S-{t{ZcfLj?i+Kgu>g66_8!rbd z&g9LHrF^kA9w~@%r|SH#m(KOXI#l<{M!&V|LUyvEeLVl;>-_v3=u{oW_4iP;JM^ zv3Qktb6aJP5!RkKAr7aJn(! zpM*g^tlut_Cyc3s@%Q(SU(W2v8ULd84KH>Y-d7s-jekDJPaycl&wi1zh4dW~%|o3a ze3mP+p2d+l?Wliw`)*iHHzp8ZRGS3|9Zj+HDd1a`Abz$3+IQzA=bkkvU!wsq`CNvH zN5U`i(K;y0*o;S=TJlLDXaQJKC=Av|kkjcTTVqdzjxex9upAW$An86< zlBX{oaaho$H*86@7>SMOJbUcvN4snN$VhC!J27Ey!4K%d*M-u91IdMTS7GGrWb)Oz zkuqB8qtX|Y&SfMDozZ#=%v9Abm&fQ!o==Y5RRc(`J;M~_Cw=7;sFU_VasshK%t8ct zC^~am_Z$KM#R>uRP_qsKBVe7FPgGa7CwJ2!_a+=R)DdbC#iLPMiXSv$1-0kOV+@v{ zIoMMOmm=$mQu7A6YMwhU@^TcYIAGQ;0z6fRY_wfe1e$H`O+l2>o*2`p@PUDQcyv@`asVgzw9q= z54I8qY`>6GZiEK27?BX9qn36+hknsJO%89$VMI-C!+u6Ij*MtBUcvpH+!O8RFrv6s zkb;c>HuO0~N(YMka7^4RMZTMnJYHyk78`7mb6PWHmcjn`gW4K6+Ih;o7Ao7*+j3pZD!#-Dm3`8G%=OMK)=#5>Gz}+ zdB(aHrE3-&OKde{_-ty@8{4;v2vI*8Dy@i2sF2| z%=TW1dQ&(N$xkDdnvHn+nxly*e+1Ae>Z43z%xe?nJ78IUTj)GrY_EgsT&N-3Pi$kKR zm(KRQibcR5Rmw8gs|fcB4mO|z5sr>naCjKLnHuZ7r^S_sm3{FIxUR%O1V_5}D{$=^ zi4$Fu=@oK31UGQ9y_h_XSzeU)Si11q^IsjddZ*W^F z9dtb-roL@dZ>#mKaBNTUXi{&7>$k$O(>gW2URH6^eO$U2DyN zVoQwh+(^gyq(CoS(x7MK>}EZ$p4+KG-CDfhtp@#CeXBvgLEkp)8$=V9O9331b(FM<bXEoJY2wCo;sv_0CPpLF9q5UL8(72@ z5(~+DhN6{A_!wayr(2-3in+v6Un7q69$*ingXNKe)ooXL>jx@28RHA3uLuY-v+?*6 z-~%)!EATzv9O4eIN5F`mz^AejdkW1i25N}knNiBo3M~B@iLL~ogXLW{mSg=~49j8@ zgn5`COk9czxU9jeA~KCH&`i8rq5YzO#R2eMXkG#MN&>j;VGlW7@ydm5-5(vewjo5x z`T7eCO|kcrr76yRyI2}_iY#}FAh92SBt;I*g8MP}pwAKy4=-c9{(EGt*un)G#MhUj zsLgwKK6D0?7A*{QL*IBxh)q4jvX4C*ExAioc+WrxQ%8SMwztW9C#-{k7*nN$SHp7D z=+?jjZT=?gE&jVkdvA2mw*p2l)*>BhFX!7Ymmqw|t|$c61`1yb>tTv%bRfB~RO|__ zNai7OIqR2y)iNwDOwW~J$bsa^Fl+<{ms?})n^ZDPi7m*mw^4->Xk_vt!_c@0G%z?} ziog@4nQ%n>rZj8fR~}29tZy5nGJTMZ%Tk3MqOeq;542Gth{3-UL5|rV)q;O0R_PZ( z*5=na5px93RB7)nT|QUv9Dp|2HjaBXk{_^WuHY#HRN4!k4?*oBcvAR5!NV&BkAf8i z&&lum1P_;V1VmiV5%}=fAV=Qt=paYV^Y|baEcNUWZZ%j0cDQZg-tyKbJJ#0{Jn8@w$x)k4>2S4xh6>7DljD`5_|4l^+kFqar^TddPXV z$9w+~@?#mh<50ralOM#FmLHP^EDn4B_s9<<9QDcVZOM<*=Pag9 zA21Rt<)*SYjHYk^y-jlwj#vpwdXr`W4AhmBY~@%)DUPO&4bH^00>$f%XT?ASq@79sDWu%Xf0IYO%48=$}GSpJ%-VMSZ9FX0x{8Sz?O!QH=Tlbve*FC zmoNgPpiMwRjfOiFyr>?<$&1KP0fkW7sSNXnS>JqZ4m>%@0ILYK-j)n3yW44D-GcwFV?X0nRxQMZ|1FY)*j$mqYz% z)M-szjezm|*jl?dn!3W06S?cwBG7$Xg|XGk&XsI{Ivk@ z#b#Os$D66a3;FkYS% zYb!v*kQvcb-P9;DlBS2usOyWwY>T7mOO{8|S6IT9s=+OAl!=#8c)}H7* zNR*ET>PKH)`Ax=Cj#|FG@!UDsH=b#@$sNyCc*f4B9#Z28q4Rn?WAvjV^NeR}_?H@U z@!nG^6TBZRKbKjr|IC5YR_W1OqoB}!b29rY_5DqLF0*cN>+|jRkv-Jo zrZPtKAJ~;2ItP0*U%(WDIrHRT^^=dt0WX;v?b#M-?ZT7+k<`-2E1Mb3 zZ$&bN3B>wNZaWo|&x~6oX1YXeWvMB;wkx=JviZi{Bz?hpYZCN3l#0aX79xVlYOUPB zX=SErtky!ZR4iqXn_|;%;iKFa6iwNZH~;~d%hd*kHthk^qhj8*M?{f9 zOBM5dm+y;(_`*!h(Vf}tQ#P>DYFWHXU~ndwi1xb#`+<%ZE-`HC)5{q?7;h^vE8ePu zT|Ig*GDr;M4HJ{`;^6W~3R}BmQ#W>WgBW0oU??|$ z!ZOj|0oJ*zfG_;|E;2ZfT9DJ>6h0Cf6sA&TMKiG^o}7Xoz2mA7A|bW@dCUV4cjH%s%mG#TSS%jaIBO?wSpS{`ADc*agC?2(0m&2&KB8lj@7J zAT}tRTF$3s><3P4gF#PsN+tJ(o7@{-jlJPDEs2FV8zgf+a!F&G_6Q(L?LcU|S8cU! zo9Myv#$5!~e=;+%U=IR&ci0kble_}Mq<}Gj5|V`uVj&CS&K|}mX@-9w=k;oId$V-A zO3zd8$zJ^AgUiTUT7YN#dE3PK8j6fI7fJ{4Bo;iF@VXs!w*eJSfwxtGhgjf17Py=R ze$)22_FuI9IUC=Mmz7{y$RzIcn}PW?|5i@7g6DYb5LLM%>sNmS3rRC+0pef3c5kVC8?@1_ogycHJmr>b0zw`r5e;S6v`e+%jqrrKzE^H^tLa1TW!u> z*~!{V^%(kUR*%d4Jw9>;zv358kGo^ks`0vVwmDqdgkB4CQ@4qc0Yavc`~)f~+BDf_ zt+e^O^94#~PMhWaHlKb^wOQ-7$z?m;W~G^VHdqhrO0&>y?vcB!mTQdU>#F4%Gjoqp zYB}ITRO2-{jra98exfw4KXS%wdhJ&ODOh<)&BkKZtj}lL#j`h-R5sLI(lF$w4TDGG zWkc1)>?#z%+%lIo47t2v@MR5Eqqs&;WIcX0*mnB3(_TLcMB0iZ4iHtN&CI#GG3;^t zToSU+lWe_KFZMmP%yI<`DlS5taEZ%~$#nIG-!4M%8lPwxs;Z8WHTqU!_CJO za2gsDCd$(%f)AoGQs`G_!dqC6hvd~~UQKdE;6zzCXC)f8aMlj_Vs^Hm&ev} zsh=JqmVcP#7q+keQ|$U=f9})uKc>rH&+-{OOe}$RR<}Eu;IA$bRSoPE^Q>G?jMxVr zFdmS~Zi3i+BKUx=s82OqJJ>!dDKF+ZA5HZ>s#PETjvxI|fAr-U_~>?iR7>4ZPl3d> zA`cw$IbL_2wgNwXM1TAo(w^8+5ftPZzVAid{(^!LjCU1r_H@4L(QdJ6ig z_+0Spbm0kI#XB1Nf7V^-&nmbsfjMPecyXsd+q$;Tg%Z^IL)*%>5876YJkscqz!wlL zZ?yfx{sYQ8@};$Ho?pT!{coD;oRDE4@J|&5{x>U3C?4mz@Xqf7W=mI@RCTpe=uMq_Spq)$n>$n z!Rf;znSrCRp^_U9aVAAD)NkNuBT)y&95SY#I}(3RzXX5AT#P>hf7&o)PQ&2Y4OJ~* zQ_Yd|xs{Rh>2P^WEXUW8%sDi^^bT*?bUZ6i1hP%fCn1#?u(AnJHXKZF=yCmocOg46Qhn z9#e)hm2a2L_RyVr&W&b92aQPl12_%VSj&@uaZfmeK4v34a2e`=bsM&WR-rAd4c<5g zjRsRmMZ#56srN_IW!%Od?Ki5(xbQ9m!N!Vo zU|nmcSRuyM*X*3^OMJ9eH7PKSYcdO<-lWS95$r;k6Yh?j5O3pH0y!NSM7M5NNbX znDAx9_Q&J&#C_O}Uej0)$~0Lou~n=BnDI@8b$`X)ZT7QZOb?8Rzs&SB(iw}I@l_}_ zztFl2xW!2EfJPNU+g zj6|t0Wrx`e+Nk&yP6EVO>YgK8e+~1~M#g-Aclx=PajIR8Kc`=cKVwE=x~X}mCf&el zV6i5GJ$4pEf~?6!GT~q$rXisu(=cjOEw`^leE_zRWby$ANYQjDOiNJUa8Tgif!VZK zj39vt3-J>a*p$u)R?>b7bjhz2)K^nqtM#>p*VfA6yv(nk#0xOZ4f58HJ|mdNq18`m;6FU+%PscNviU)=@b$|G z3h;$=b)j_wh704;fe-ajd+8?B((*@a$8#m2yHYzlN}Dkior>>V`yo6 z5r3@3EQ@ag@@-4o14scD)CS&x(y^QF2i9j%iJXGP{I*~D3T#@ZdVU4#&(zIip<7YN z9*PIZ$F>9ZU8#(a_TBV}-@bkKIAx4$-@Ol4*S74t0JyDEw;ao1Dwxa8vF~U}X4`j1 zs~&IFzB?V-5_??jD0;~QG3xEL?*gh#pM5tA4m?0oYaYeko5q3-7=%teqS2Q0u##extB?Rt!D*)Bfl&nQC3f3A&E^g{dvG7N3GT z7?FbVUg_`Y(yMf7$J~1ua?1XPlnw)HE(`kL1p={-bqyY_pd7 zAJX+d&GJvRufLNnf2XeBvG;Cc`EhvYv-ci6ZyWaBv`+}UYU>o*cz4|E2-s{ef zwq@@Pk`Ijux%S@6t?2r8*n3^|_qq1o1b)AL_TJpJidu5*y(p`2?7b_`{g1QvUK|d4 zPYEhz@9j2W`|Q1vUH*^Qdq2cLwq@^~3!lx_?7dl(#XD^8t%cX3y}kFFWvZ?1F!$cW zl$NC)V*)w|ZoXsYo>AD|+#9`^^?Y-4F9`c{hs-_A?{nmeW=6R+kqJP1PlcODGFgFH6ha42uKMe&(y^Nks> zRhy58Bko+AuPWQ-n~r!2`^b)Lz6K1}XY)lk%*C|%UY_W;`DWXSDo+vxqE2kS!ObXp z1Rm^w$rm|8nSA51GifU(-<^GYCf^4v3zKhm`8M0+>nZ*6Ouna{%Q5+ibjSTB-(4sq zCSTiBzq_@O3-yVG;nae`sX0-s*i~`?ub6RKC9z{dspe?v6>HQgkN}=wHBZ8%3WLUU z1Wz?EN($>0r3}9+W7=%QFX>MX-2gS`1+=96xy-RMpUZ}H;nG+)Qg}I@5e`bi^voD})-HmO1B8G`j_UQN(9+Rj!AMI$)-a zXy%ee^bwISt0afOKSy&weAzbp zP=Os#HbnmxYr>uW`7<7#R_M$bcpX|v%X`kGy!$yjg&sSx3wk+zf9cp)cYTS`t+e)y zs<4GsjcprT3r6e*tCy;E5o(q2g=d}x_0MU0MN_pz9Y|0@gol$lDdZ)nUBVMUfG_~C zX3gCo1^)##?Vq(Q&8;&eTFbfipHqtP;w)UwcUp|o^otVW~FN+bCx zx{0w@vQ4!bU98%y%xN=gHM+NMv)1*Hbo1Kmi?ul{&LjK0sQ`#O__VRQi$_sw(K%oT z>Eo`OK@UI+b)U@OYET{)d4rPM=D2hD3VqCEmUDi|s{`cKJwahh=_$b`yon-UbFy5g zNM1k&YtE4SXM@eSV!fC|1b$~dauG+k<20_%z3t@`^({QfCC%<><+_nvBv zE5o$cZ_}kOdkT_*Zey8mUhR+T^1XHWq%MB~Yu~SZ`I~k54Z3_rm+!{aWQCiZ=U{;c=WV&B8VdluS+fAw>IUF%<)<@PhL zk_)5~W5N)5`b6*!UD1jsF%0Dt&RS4561}p%|E~W2JNo-u^!I=41GEJ2P%=Pb@re=z zRnn&*m{sdhHdf=a?n62E8-?z|*efkx+4L#+GzhZVZ#Dk=CU9W}4drZo{hY)4TJhhd zTaEvI47m8uj{p8K#nMiT{|=oeB2f~$*b0ZKw&UazC+oevc*~SN9)FM#4f@LB|Kj344eHyXS4Gttiq1Nl5OIh zZp8Bys10fnBT~oDS&n+J9ZGakBXLI&q@QdeeYY#Od{|IghYn7zlL&1D>_=m}^?5Zu z8~Y4Xcpu`9!z2Tmkc2bAD-PP}vzjSOqd36kumb!!oO{>H&xGZWUe%3`- zT5&1jvl`)5!AD1;%JpafKaavs*uJP;wW-!%{D`SqsMlCHlh!C4m1i0pDyScnzhN3dGxw zHFmu~rEai5q;4RBD-kj%alc%7y%BoWJB&jkR;}tZk= z9{WPX=&M{ppnWrq#l`_v!-1$u(bhA>KTa6*dA>u_qdksN~?uh~+A&>PIoB0R`L`HNu6=9nWlF{P?t~SgFkQ^qZJ(4R1AR!GMtE@kyB9{@U4?%k@ ze;N%05QBW>BfDU0PctaWNF2-Q*9&H_nck(xpP@D)&9pJSw+l86F<+RvaqC^E28%{; z(;!?xw6Atkva*3yh@cOLGv+Wwk|%iDrQm6kgr{LARmCXK=xuU`I>PCz zi$fJ3BU?M3U{)O-fU&8EuLqn3tIimK_VsSyI5mlC`UK~KLY>9@+H^?Igx2j1b_5?gq_!LfRB=5!p;ig9NcKjq(%c_#^8;PF?zWmb0 zCsGa~PDT~O&Yi$*lUW2tsnP+bb;PIr2*x$56diK8HRF@)W;lZ)>48XzFc29N&ctY# z*BXK|%ESuE8oUPP14gnFia`344{Th|`W?J?W&O;f04|W+ z2$ZnMr??9B?hi5-DNPQW{2gFpcflj)bL87Gq!sWY#kG^Cq717TfU92+y>~pmWgc$y zA~cgs)V>NG(G1?iY#BA&NbUiUXhd{YKMxNeMIbuwKvxNN%KX@F3VVsigz;xlzi;k< z-7_RkiA9H}orB&u)2%A?k*5G$q9-57*i1QUfan0vu+M(>ei&I^yBX61Pc?ggyB&L% zDZ{iVx1-C#-QNV^kh}BhP94ZV9_R7_4n~xr`D9?-X_^Ja22`a!poUdoPm`QFS#uyH z+KxL1pcLoMfz$BF6{WFVfbH0y9ZbjWcVN>_j+$w>F6Tkt7{z@?jH)7FKX!%1rsEW< z$fVFgQLb`DsFnpThbo&NE)yLKW4Rk+p^!=;5u&|2NPtw{7nKE`qx`aZ^`a{svJtRv z4V1%kPTz%7Rd%!#9xFYyHGiB`Yo*D0S}UWx%&(`5OElEJW}0C;%Rb^*;JPJTDn%;v zwQjoxzVg)P-W)LEKLL{5DYU1aLc8Kh#2zjrPfUsSj3NGj=yG(nUBlq&jP1oPu}UE4o&WJX8+Tng<6cot zmf65Qy$ep*^e*26HB8|{)lWpm^6V9CYqGxsKI1e|-DrnEGR`ebCw=eb1DR)kBp-C4 z#wYt#aUers(EhEj8c>woM)uXNF=PpMYp<64RzV=sYp=!5x`%h)Ug4`4{d)~$;V;j7 zM{@UBh+tAjz(K>rW<9H|FGjvWmTR1IR9fs`0Ib=aqja!$2dTMr6E>qg;i$JTGvCQ! z*~RABuM)6u!MuE&T6yWZFV_i>YAg`jgDe8mL496i9auu2q4N4YEgHYxZ&k6Xu7u9F zwA9gJoy|IM|8w5E+o$e*Sv*It6SpeBWR2Cc6fU5-+DEbt{|IdA$(RzMS<-ZdZd9zl zVDFjoJJRNb(=!?@6|qXwyNvu}IE_>GW*EFY98oDJIGnk%6&_z;Lnl0iOhCx(@MYGa zYY7pkX`lcMi~Hd52P^>AD;`TbR`Hdz&Y3eL0~4N_@o=tAXy2!G$UX!WK2Yvn6y!$v zzREH74sL7ePT+e?JLY_Y8C8#=5x5Pw(xuucS7k)Gd;iDJB?MZ$ITJx#CDsj|;Fh!- z#s7IQ0Q!J#Rqv5_rw$`nW34_$VfX`H-C5UF)c~V07QBfy{E9WaOqBeK@$u48+lP;d zl5ch!_^7{PtN6HT&z*yhr?4)Sg%9(f4)HPUXoZgWx;dNev%7VC!JH34HH9+O>xp{k6=;_w>_JNG-$%>BXTs8%!G zmDW1=+*yoZU@_Oo;R9Wt4BZN_KUlBUWz`Wj<;X6oE`MYC?fUUqm!kv%_)sDtufXpw#x1>+)%q&>9lk_}qvQ~+PD~4+JtbB(8j~l+?$@TCYQUm7IsXWytU`j1D z<6~$@x%u>Yl~A=|=i|cUD{1AD=!gmdqjW52aS|oJQw_qS&73 zsGLx=ik8c2jh|3;KOFMaOUQ%xkB>EBlP!c3NP1%=XW=J&eFBY?f(AiJ@65UMIb2)- zW#Zz_#)R*{nr1A-xm1iNQ8~ejN}Rg6J6^z;J2zk?mjX;2{tfgZLrqvj*h01zS!??t z8MOmPeOObm#)81X2E_71_zAobDC`bvm5uXCk;~eZ9uwz=o41VQy#N^BEXSLtJfG&9 zMsljWQT|2mWYZ}sPZq}Cj4u!pMs02Zej3S#`9Zs+ix}t0fZr~34hrq3E2~9~0A^g8 zdO~PJ?T|MTze07&zL#b%sTVy2)A}a16ZW>G&CVESlV`Kq-GI1yvH_{}PlgjrBkokGc;b z0s9AHU&hh6)L)GEV#OIrW+_nTkzIga!aCOt;FcsIN^&h6MujFcHHM+`2@6O^MEe{C zuOA5j{&HD)c@*|xs?DWL7hh{YgyQ#qP*WwZ#1|@9tcShS!IwHS^h2RrVVj}y0Tuf+ z8OePVX8q^1^#U55q0YnzJe-Zjjb6i$-A^2ZgC;cyBSBZA;0T#5+Tn=KivxgM!O>SJ zKpgRknuI*yQ3hYZ`Dw4f1;L41quj;sSd|k!cX1)Apt~5#@h;Zg%3X}?M?n}pIukA2 z>)B46thEi!TWi9hM2;@sxzY+Zl)AU=*Kojys!6zhKz&Lo(ljA}!h7^Rxf#64A?+{m z+oO`-Io^9C`7T~4Dxq78kW|bm8w?)-V?e!l?7;S4_1HeV=RT%{l=x&ysK&uK*|U+j zQuqW+miC0c6hLH$RkJevjKt5yM0HsDojyvC0+7m_dL#`QrZMmp+S=9~J*B0S1F;|bTTy=Y)RSPd&g1&N<*^gel^YOtoB9aCDm3E= z^x!FU53X5m0o7gkvbT>U6%7*9lnKk(<@hR4bvGnSlSRDqka}x$FluIgRDi(eV6_pp z%zo!%8|45{0-Q09V#Q$Jqwt8mVKvxBYJ%P?8=yU@CmfvP1k-DlTDa(iywBiA0J0Jk z!2m8=PW(>1s^BH*&~UVH#~rxG0i)H3rjs|YdNoDkxJ5gKXCoUu%6O7p6lDSPg-2y! zD%jnH_#CfL9Bui$NDDWykWzr`XK^FzNzeoPogXw328{<@e_JuHM3zBYYZ!>=JE>3f3&v)K6vgJ2Q(b97!JIQ>GXF2h7HBeqdXvVR7iWC z^fs)x-T9aynoGlM!wh`C&S1|=)V9@w$?Y{y#Tq{agV4O)72S6n=SKYPY~V1VzYCm| zxbYx80VUzjo2O6T-7FKs3Y<hsj-o_g;(r09>@#qFcNRFNxjTrI3T&!%)b#%rZy{Y3!bW8-w{RygFx)UexK) zm2f>O#@QFYv?*{_C6)hLdmSCXV1{H$KF$`f?_*iTCvF{!`r*O37>6Y#M&md2ODv>6 ziZ=MOlaZ{4PYYzzwa`eMh64C`8rH4(q_dHzz!RDYkWc};7#>J@Z6vrKG6zZub;qMN z4|O*Sc!bfshA*%-lMpmZ2(>rjn^??QS^1~N+9$Z?p^gIk@8||6=&rc769TKzjA-Mj zHpe8udRHa%^5hEm24&vlNCKpCG{tFUB(6i1Ubn6RIXNgws_olJhZO(HvcH zXzd{RJ}4^Zq5UJ^%2|JM$m2->*EjhuMujeYpC{mSWYjp6^ikUtQgXF@i4=0G`!!^p zlg-iYlQp0#_{xFvmjDN8^>bWv=l?;Fc~2?v1{R87NcdyBfE4H=91Btis2$o1u$Z^a z9oipuu;%dX?$AcRtf!_Cd;Q_8mi^h?F2MT3Iq*+nN%efpdlwh3;dO3-eJc*QNwwMM zs@b0i<5uCv-u#Ks0>@ANl*xkT**^qOI1P)rEc=d7sy;Y(C?}mG+?M?S0PKX<9x5yUAZ#CLK6+Y=u$6AoSHcE}; z1}$gS;!3_v@vr21kr}rO>>^+jom1GQ8~<#-d!EkkD^>Sh{Pz^sy8Z(6@RFajn9u!r zQl~PCjpQ|`j?{IzRO`?tlTLwv6%+6o_Q}J6CYR_Bz>NpEsPjz%LvVcs$-l30ZCtkV zB5pmtvjCv*aa=m7-P%iVqj=RA^vy+CZ)iC7@jzl~sehWsQ13IM1J0Kg9EdgAbt1v_ zQUd|jPaZf00MZKo3^MJDJ%B=8(lMjJD>z@_x4Y>1f z)!hUD20T53JMwCbJz!r>~s};L~4Nh`i-s_bYDCi+2|Gio-TZX zF1$t;ewc*`N-HpesRA8RuortXg`;W_d1k+z^VCjYj=762jrRF+>wv4#eo`pX1;t$Z zML&sF+dozG=1}ZBdmM)7_JWhM0Mmi10z&Jl79D4Wgmx8H-5|bLj*(~|2A{5CPNrp6 zCj`Qy*KJF^)t4UA#gBd>oT{p%tTi9VA~Wf z6n(gf)9wZ^O|?KY*0H~ftWBFK^!0chxoG)msM@|oNQPy2J~bDrdUA|N-Eh#C3WHVO z#fAn46?kF)#t+tN`vpJH?W_GDHPI;Nl>H}vqpTyR*gQGQ$QPT-pZ}Tu+`|racj?lf z`_r>`vOo8*eSw}1{kcVa`(NwNwf^VN-6{UudT7Jh{@hX={-O;`C<@O|9L4_U&ke*} z|KR`px&QO$_Cqe$_`lendmvQtZToXygT`v6eg53qoAUc}OK#pSf3Emwigk#f`0<`I zC`kV2&;7sa&;9v!`E$?P^wrn%=g!(&ObYmOFLLP!j!`GZJT)!HquU?BcSu1vi*Ey`SpFeC(!|Rz30<+{{Juj+@a8L z?27-R{@k1Xkl&x%_0zA~`*Y9Ig>(J6Z+(Ko;?FG~{C~-xdo+@g&;{%B=bq8j-k-Z< z?N?d;++M0omOuANmht;@_x%v6SAKtPFYBB5a|g3xIHT)!`8WA*^y;;7DpnLo}5f3;z^iZoBI< zn$($XlHc6A#V80QmLRPXQlL*|z^jpXAN86UVkeoI!h4xp9<@$o!X)RMrhN{k>pi1W zJK-2u=4w&dnsoxC{#aE(ZP3$)O+|XArZgŒZ^$!cApVsRaIz-6a8YC^{+BOPj|lP5T&j1C%v-zt1XQxO51btht3%?lR=$~&29t)s}c*Nh|QTQz`RGtVPk6u zmnCo>Rn<;ZyUiI>|Vj0Y#T8vmg06)-4MPXPE%_X!b>>}p2UI$s!D((w`V_CnXhNn zte9I_YB*5Ia^gX9{ci;$zoxtP4%E&W9RCPB<5o$|;-X`zLdT>6g^osEU35IIDgip4 zkVtJ-auO?f(Zhz5?+hm*N5;3(2NXKDN@dZ=IlRI>sX;RM>oioEGBqXrCs-gwS~;HL zlnZ9;(+SfWCSHge>!=gBZX#cqnFHscIYh!^i~o4GY<8|elv+Pb-OX5P)WvWN;p=Al zyHVr|49$e?i{~Mvb$dCQ!ih=uO1c>y{1CC2R?T|sfP#Rv5se_9n#@8ZESrSwu2{LB z^+SG)smz>fpkd}hD!sEL7?}kkgBZgp=4X1;B2$*52PvlgO z7QE+7a~va(xq;c+R-&eV4o-a~8JRkx@T?{O*4h; z3-2PDGhA@V6m;G}(gfR5GABpT5zNlfnqVALJ%q=Fo=gm_8MBmr=b zY3i-q(B071Af+`Ay_XN zHpTt|Rm88DQV>da4Lt?dZ9s*Ir#jn7zS-2txMKi*08imyLH`P4!lUZ$oM5N=jkx_C zZu=i)-0>@1>o?*@20wH>r(J~K$X{s!La149x}A>2^43Z?&j1y*>6Sdei8s`nZlkHM zctnA_>6X%PhxXk{qt<1Ap?P#NcG6)2SO+3KwvByuTda#tfzZI(^JPoXiTF(EAWs6A z$X|kO>p_ zj|IeGFYHb+FCRDC3LmQ!)@8l-9USz?1d%;|h}OW!J~fJ^FPfn-{#CXrRZX(i{g|Ar zw{WuGVd{{RU5)7Re>Erjc;t3)vgyK)wvUt5qO8ZsE|M>IoRjT`K+}#n*+Kwr=W((L z97E=k#TSHzhK7ZH9J+8}OFJH>5FR@AOY9SPe=TrLCgz|U!pq6v*<|fLOmVUA3dabu zY9*d_kd^InrebA0G%G(VOYjX@8FK=AtZa(9b6DBExFsu_h$~px$VTIi+wjxwjz1Ew z(~gz3t=f64?Dtdrtn5r2;%1K~E4%w7VP(|Utlxr3Y=xaod5bKh#VUN0*JW1k4O#3= z^3j4|g;hx^TI({+xr)fSiom%b;GKN4p1!qSpBH9kQlfVGGR+Q|Y)l_A85w6sfw79F z1!amEaC{pMs}}TW#xd44WWA}nriLLCwC!ZQP|p00?m=M@m6$H-9TavO2y$>b7=!{o z6*HkKjeX-H?9y^<6B5Qopu<*E?u8)|GtV@k6jP}v3(R^8!aFr5RW)};8D8{U6vE0! zX~3LhX8OmGy#>$0skQOtr^Yu_8VSz*_=X}x2IEJ1F!IU{DK~Nsx1_$HDx9iZf&eQpmKQXo!c)41kzMAa(>e zz!_l36+9R_#L(Hoc|MhjT6+&O)jtU3g-{noAX8HWJ!x(vg&sjwvO)(C*vo80vAP;W zB=yhqG~z~oh+O5K5-~SdiLmY%jA_RMhnLx%@DbzhTdV3hc$Hk^Z!2>r2WT%>&O-=i z$@v`<@>TVwN|9@ge~8@{>sW=hn&}FwH^|3cifFLV`uRM+#YhaqRK^4$sUbh4k@z9* zf!o+o_?A{;X!gf@#H;3Z!ui1Q%;D6#*5OCwPT3p18T&k_5BMe71KaE!>IxWloQ3%m8vlL(TBngrqEOECg=Z;y z`qB&#hNPyja(J{i1N2N5-i0~L$qO4`YI_@ij4DTRBA!$col8ZbLQv5~=)2aRWxk(| z>3%L|`Kq zc;Ea#X#3{BqzjevI=43ezn1(xt>-r8|2LJt-LMJZ|4aEhdoML558|BlPs#0IB@?}Nu|L;g;Dse?H;z_=)ZqcbFTO5Z28M05|C;a zR(&}AlM-(xhEvNAec-t*TXrvkKuLv4EF@I(N#<~BM7B{6^GNLaocTOB>#JO4dS}S< zpC7u7`TTE?=UoxFo6Q3LC(o7g-l05C?4g*)H<0JAAl0~5-oLIq|9Htx#!(l2@Krzo2-_WEOxtUu5mLJlFZZL+3_P>q0{Yr(V+ezoA)MP*9yz zKL~4^j9Vw;kDCIV`LnS{n1-;4s7WOk^CoF>TLeS}rgn?y`aB35mhl`oUhMiK$44624GfHr0Zz$f1oE=Aj z*)pLsuc6f2h&n-=wb+){FYpYsX{O}qj|)m~M&58FRNEIfv7*QbC&f7(6~28YObu=% zC&9-(c*JU)w%pnb*}EmO{tJdUmh5Bi+QhaB9U&_BwW~m(%qbhB`{x z31oS7Grdm4QyqU<*R`t8I$6(?Re6=yN9Bf&0pjaWza$QUG-Lvf1g`*iXeOb|AWAxQ z)QYiWO1;c<^CJHi-y*?*nNd5+xPPtzkDQN~ZL)v+%(ciaUxWPUDor>%O0`(WL3;3e zH++Rn%XP>Hepj#*ZDao^+%abWX>Z{USm@7)zDMz!^_R)jfn1S28}}raSD=yuQlaMr zPTi4v1P7}lLk{Rl5FPG!9ky}r0W@KZE=4)SB;l@-a2fc#4*0B+;UI!e;q!-b3yKG} zk;iBWZqY|B^zo<|)j-8{MKONe9a}s>@4)_OBpFC{LII&(r>)RTx{CZ*MFwRjQ|}Ob z*&eH4b1qhqRB4@xv+!fI78u=tmIR|05GH^buNbXN8~a75AU3XWv{R$rG?+L#L z^26^1z)uDaAR5UB(Pp0|_F3?zl3N+cThUY&E!bb6h|}F!r5qSKya^|O+Na|y1%GD> zjKIaO&cg2-Nf!)Z~29!K_qM(jiX!4m7J#_XNlXJaRNLt0$Qr zS#f*zpZOt#3ERi9|0sk-G`P$9g%AV03`<6mYOl>&zY>LPWO9T#g?gsN{Yat2-f$1h)V)6K+*%rI8$r8?V{*7#ntQyKj%e zTY}+mTxGoiwARf?{uH;0e(d8xtnT;RkM1TL7C62Qbg+WI;|j>Fj$AkTy2;5O}IJc^{f{K&0#A9>=8SS1_wSMpbY)_?z!uY9%r zm~H|f)=8QHG%nM*pK!nTCYFM)?OrHboMOmnD4B*q98RX;$DhM1SpMB+@w&`9dMUJX zy$xRF<#RF*+sti?^YU1L{ySdXjKjUIl~^VTLt3VJ^pmY_7!vG#w27c9>csHmN$3}n zZK*Q69~cNVE!fjB6AeOCIDH z1%0!Og1!WDX?vsKmrxEN>y9okX)N(yJ!}M;1jXk53t=l1%%)2pc7ZAOf-Hf~5mSMg zpMXyzc|R=$Q>` zS_<8RMx5u_04jsB30$h4{q=<0`o+X;z%;`8 zffF^E$BJO+9Et3=;7hI)j=5IE7ovF~%UQTzg>e@sP--?3bEG|uU?lgHVjwl8I{X=L z{i*}bdvetLpXSBMg~W*xvTxVz3hAWvZ=e0<=nrpzibQ{4{yyptAAuXXJvS1^p>0<~ zpv~m9eI#1(>kr-VmcqOfuA)CsMwWovy487rxDE&e`njp^`v6sreE?E7O>HC;n>{@X z;aFM-gZvgkHNFNAj{yQtLsJe>coxEOcy$l+ z8GH;D7!FSra%qA{>HkO@lctOzY*ml%f5=f3jG5vW)ELky7;H$1KIY~L(olg zbfjO2_F4~+LGY^TU3;kQ6*O=*8dmsHw$$UOHVbI>d?A@ifES#F=RqZYgECp9<+GUF zLo@bv+S4}EIJD+`)B%%nZ6?8%9VblCDCE4O5)zs|Bd8BFt{fxiU_4Ue@t?Qz9en4S zLT^I-)27fXqB1&!@FH;OY2!$dF537AK|!U$V%;e2iUpM|F_Lo5m$>Q(FdA>F-xDzj zmC@4~zeGq1=SmI)GVC>|&ZE5tvYK3j5tC=E#8sIad!q(DU)z$d6(Rh@-iK-|Xnw3` zbc;PfqVNo~3sFN3QAF{G+{i!$_QB{>ju2M+}ww&7$gP^l4F_G`j`S6x)+sfA4WRkNse)G8S8V5i(LWl92l+h zEBE$yg-#sBd!B;-zIdqYi){VG?nlJ9(e~ld%D$LQa`xF5FFuRuM@}F%1N!|dpM635 zr52cRRdcB7yw77(Y{p}!3g(T(&<7RRPv+PchiOv8WYWsNJq=LFwlCiH;N)2?wf0ne z>vg0>7X6+3YWtU2uxV*`uUu6^rk>dm2UBsXV45lTBkb7(TL)&uDKsOVU!=^4PJbc8 z&TE?N_gB1vX>uit;FG)cClh#eEswukCYHw|M2BN}ocIhZk6-%&hc zfZ~_q+rJ{Q+wy$I23I5&lNk@iiUe{^Jc8e>KX*mqIXox9@I3E4dRAvBr(}-hO6}|p z?afm=`?Uf?i}|VnpW1m9R}jMR<-$~8_>-%2 zdM)~uPM`UBcHR|&U(c)ZyAUS*p?3T95b>29Sr?vezRfqs?usN32H?M;~_e@5`ZCe>>|DhoB}0 z`d@E7Lep?Z>k-GZ|Cl=e`RfrKtT9o=l=S7!dc-nOrf6Tvdc-2!645((Jz^-Db^Qrv z;Ks8Ia@QmJ;4N)~p1AtfBQC|QvUj$%9`O!TO;+$auC68Vb=MYnXLfP-YkdXC=@hpJ#i0gQDt%BeF zxcz#>;g7lN5uqW7XpBlkV{H{88hNr|BmFAb%M%E1log8j@@eq}MIi(@ni(u&FuMTP zzltoTKX+{fJ}T!Q^b0{Z41Q#Fp>-%4B0)Vy>OvQ}{dhvu#7u*2}Zcvr8hyuSrB`Yk89l%nI4xy_+f~kx!o}k%dC8Fv^ zxNcQM)lz7YdIbd$RilG9h<7RGgj1#PS}mXSfU-wzlvme$83ofj$9w_79_x#z>c-Q{ z;GXA!l|Y>=o;0Ila$uW8RE>h-+UM07Toe~wbv=CWzCbE`i9ncvTpa;XIdN1N-&oW_ zK#rDr{V`N>{5#pFa;$=J19<)zs#A{8Hp}n$suxy9@EU<_v(4Fdr%Y&L{GW)QT2OHg zT8>|b@nV$O;Zw(XQj2FqwfCit!BfYVS_By+@{5zXHXv@7nDVENhClTkG$2bOA86f{ zS3uZX8fj)Pk?W7=tK+0;U;NZ<_*TbHu@K{@uEirx9^QAL8D+&!mAXqK!(Q{Om16Y4 zi=S%29pEYPQ?iE>^_TD&q(!R8ehfcF{|0%y3%x0i{`et1&a_07v9bo#Y?W+$jsia4LZ<|uC!tY_WnQUf;S#Wy!dBr!Zd%O)CsLctuGRLTfFyuEHub#m z7^cwrSCM((&N(Vf>KxGHYzAZ6BT-6$AURUo9>lz7kyPWUYab+nf>>Xml)9HdDSnrI z{M-k?8rMH&utr4H$#wkP#kkE5lv4T_^?g?2_`jcq_`XW((Y2mdu@<$8AAhvO)L;%I zzXViVcVsQ92-vm;)SUc)dfq`jpoKGM&oNe~jc!Xe0~M_MQZf?xAauy!jOR zc%vwol_cl>^!ASwVpUT}%{za5RCRIk)f>gv?;GncP|r4Io$KpY0Z)&jQH?mpM+uoe zjzN)3$=}&|FFfiT46u>(?XyST%w8H80!7JP8c;CgvG@K(fv5e80$uP@FA97Gy(ud` z>SwIljncUsjZ=>vA-Kf3IG+36jgJ~7xCH$t11Ob)%hkZ8=(GO#D9AiKbQd{S z1Opc}grAet5FnLw?%UfV7XqOk95(^ttbnHpdG^S7@g_T7{}Z#mI6y;wFG3!aQNyXB zw#Pm;WoOwVCDw?aDg0$ES?uw}rY-hQ;dCb$iedwN0a6cQfMjxSF+gep=AB4DFFpzc zh<;!B&ElgLpmpl^4Y)$t;e|oT7+%2D@4Lgic|sdRDvq4$J&TA|3h_Lg+IW!_ zUhAs&)p_?y6oBD->U|J*Xw6mci*<~Yqu!T@dXEhdP!;^@eGttCMZM=?UrN1S?x^?u zgVgRvXKVL&xZ3?8U^~?Ac@_PGixV{<&t7g^RByD$1I-|UFn7u&FiNz0vGU5v%JC*4 z`$s(O{xZnYrrscN;8%`Bw@)&XVT>B;PL0y=PYjGiBUrS;%b`-W zU%@{{1T;*@?9eCl0Vnu!lf*@bXa(O1eX2B`JSTXWnVN6T{HGWVl`qO?$WVfZ-zci!f)frD1ZgJFT%}8t>KSs zB!MggOL4`g7tiD9_a(Xdy`mxDQpiU%82@5~qu*;xI{JNyih*ecVxS}S3K$7TzsDPI zd&C(z`n}8vAzG(Fbkz-j@vTK1omao_o=3mW#%Iko_4_4YvD>HLbA4I>J%iI@BsW9^ zd#*K}d{k|8uk*nWRQ5OzmByU6`S(tY9d-l-P@BfK(WA+WApjApdPj89m86gZr@v2-6 zKRcesH{M547bgWDbujZ>9bc&3o`Qxo&Zc4}iH`qg&@`x1m^=qS9bc7ZD4UsvRB`nk ziG1Xdj%o+Qna~(q4SzU#5wK6fBfo|}-LK(y#!Ic?Z-PG3=&80>c)Ig4Bblq;1D6A^ z2V($sRJi(mjo=dWpRM1kUO4)FaX$UNSgki~MZZ5KuYP}!*GHdz@65*z_51L4>-TGb z34i=zKK(wJrQi3%6mx;d{SQAv72DG9dDemZQT+I7zX8)YP ze2p~|IUlnUub!eVSz3+ry+I!!@{)b1P(?0CsyfR4bl3p8juf|HCz2P!hF(aJt6b0Krh)39~6PLAi@Sxl~5B ze+R@Eg#Ez`*vq#~TKk8gs&FI3Kfr|1a~Zw-WtJV@>mRS ziwY(|?O9tP;1EE2@c2`gKqfmWMlWFncTxTkZ&{fWwcrbCkLE>BnCNk~LgeDdQ6lER z4i+cj0<=aa;Yu)2x6ekR9Id)e!tdk8ljr-Re!mj23*OSlw;AA~9niu4hpT`-v9rI$ z{SW7A1Arvq`Tr~N)aU=-p}?g5#d~o7wl_*E|36H#LL+f98pP1P>Hddnz@|Wu*w~SO z|HEXU3S=UIXvYvgvKt;;E&uL^V?2~yPm*f4`ys~q)PYlVU6j9)B5`b%JpfKb4fj7Zp@H1}5BH(kEU?*gg=8v0*YNBz z1Tt|O$~fF6*Iw$H9#x!NtyV;Y^ptgY6WVe<>3~7G){@#qkc9e02LZHD$Kl&shU^+Z z$3X3J4WO|g^MG9{dKp|ndJFjO_`==y@GdkjZ2)l#ghv8%fkRJkzXl-ZoaO!p!Cc)) zhqA^CWkECvh`b#Se*ja1^C@a1Wb3jlV~{~5FNE4>Z$?F4V}HzQjG8AKqkahY9qfxk zP?xMHw58lt0lBw>)Ll_GLUJ5~EYE(2EAhRnC@ZK8#UpZ`9;m=R1})_*9$bCbPB1QN zXk3(7hn>qoP5d`f#<~OX$N?ROZAY|LMKzr)n+h!E(BN9A8u=aKb_7*m-ay&|6aLpXR5jSWB^;=>Z@RLw?N5$8bQ2wZVycX) z>1j+sinC>M5)JQXrqG5ut-v}IXA~eL!5+;jTa%L9mBXzDK&(+XgC;x81W)1kR?|#K zi%2vqa4kWyahw^!-_g{@sM`J20$|&SyW3*zx&k&!s#WPz)^6iC4OBW>9xsrQe9W$G ze&9`ND#Ta}Q{kR_vhxu#;nt#P>f#_M5~mG~4&v~SSWuDX=-}dL>W1J3ww0R${GsS}xWw z|G@Hc7SRyQ2Qukv#y1q8g;8w9xP^faG|otd@m&j10K!8)yGKO@( zihF!LHj2Y)X5hC7$|zRgnt7vq*e#KaoTs8m8?hd!Df7kEZSnA{TE9lJGZkT6E2@y05fNE3BDHuJD>2RBWK#Hsi}(aUR9 z>Lc*#9tA3ttIujm;W9QXd-R|7>c)7n_tQwM;z!6~^xa6sm6eUgE!_7INe}8vmR(k{ zPeI7IYaTR|9swy)Zrt)WRiMl%z)j^nP($5rQVa>ioYBZZD%YcaGd&2-T^_PIo$sIs zn<+d=Zb9eBnb3{1vx<#JF;SMVFCKjdQPn8=goWgT!k74vgBC;Ta}*>Lcr~FdOF8yy zfb^>_D(eYYa1e}lD`eR&m;fFTbh6iJC1yIF3mE&XmTCwaY~@5#3KTQ&puFyJe!3XV z%`Yfuo2ugNFrsQa3D{?0Sj?B~jQnMMtcQf0+A<`&49)mm>1-=ZZzR+YxV?MeHS{*= zfxQ=QSl?aJA~H}L6Fb=hb$`2~F%#=IWrZBMUCgr5A0Z~$U99fC{`{EzL2~#lu^%Cq zCGa4F_jDt|6;>wu0x&0k?eEL&Zv9Sw=64F%kKifEO^u)XU*Yp`?OK9&ex+xgT|ro=?``;bwPrJt^)dg;gM1C8<6dNE zq0)gAPRRelSXHe^6x7K^#Zu}eEcM_lN2L>MG z_7Br@w$;P?1WQgg6$h{wsvoruDrW0$0o;>*bMFE3*6@=hS+4|OW@eBFd^|BB5+Ma4 zAI;QezkK{$OHRs1=H#hZA4&a#van=uYJRM*S@C@A7&9}V5Si;J-Acj!(VCfRqdZS7 z3vGEFdQLy&R4a^Byj_R0gFaCF2&XMTjDT5>M#9MS#lgN&{Hly%PT(9MNE}Juqd$u+ z^i>vH70sMhIJn~77{nbKM9zNDe>63pA{(;^Ml+7NLAyLos3_6QLU{a=k@zV976Ffs zGDBMI=t#U3)vTF>I{A^2xDW-U#Wm9X*oT;Zr{S5IT56vn?_RR|;VO_+ zf6R0jv!bgv1G0#n@EyN}6o{nAo9eolnNvzGKt{crif4hD1+1fRJXqT*Gd>5FPHSve z$^&c3FL7qsNUSvI`r{uJfyN>{5zDkZ>N9(OV)k5MRxG-D7eK5Chm*Bh)zcx?Re7_b z*18(5`?d1YOub>9J#7>FZN|SUNG*zWGjWQ{eEY`0E`ij3F7e3wjRmo8_7J=fe5Jdj zvL>_{m-mNu_&%5ZGlkPgg=S|}jZVxOVPe)HXLI(XUW=xOThWU5t~nYyNn_jYl7~-F z@^-98x(+A?^{lt<#9lr~nK}^aVzn+G`Z1Vu3-AF1d5;v_oWCUP4J2httdY?{K;)wm zGksJfQ@9Td1 zE8tL&;wP4i5;OfnGkv;cAFIjExqkv|h%GQ_{TBeGnR@ALjx3r!+)V8gq!7o@7F-=> zM1O{1NvY*#PuuLrh%JWDf|Z)-0Omi81P+Nn{y389e~DDGz3e5NQps<`ar+!{)=el)PhKAQKaXFXvNF1yag?`5t)qM{)MQz<1(;<8`n;il$<`hIK z7S(-Zw$4E(K-7y`8chUM%RhrG#H@Jv+N;cp&v3TR%mY!=wR>5Qj3?KvDbiXB*-POM zL9nJVU@?B)%LdI%b$>H6_CRy|#sI{{nCH!kcdnT?{=F?mATWbZm|tkN)yXVa%;fFh z=*B>N-2Yy-(RR;sXOdb!{R^lST;_xcehbUK;AV$a3H(S8AO+BY%rnLP*z?pEb->h6 zx@I)u6(i)}tbKcmt6~{5f#8TmDIsM+arUoKLh9xpAvH~B@GcCc+=5Yu#voD*%ms%U zDmW{#iAIqG>{(;rDj4$*rH=tQf)=d-8x=p<&y24IQM3UMo43?0Z|iEd&SR%cC8<<@ zNwt_;qoEMR=ayyRSItkJIl%t0OCnD#GB$KgfUz7MquoiMl!1uAi*QP!%e#c1IFqB8 z&7iHAZc8Yr78+6S#%RT-R~v1u4ugzVd=`6J7^Dp7s(;FWV$0j6uqW!DGoPIPf#vo9 zVVUW(!5-#}Ddj0mX3sg+vHD}f?78>?^0^kJpI@M<-x;z^1>UI~SLXW{hI%qv0;9nh zNszl{`a%F;Cq?A^D_Wwh{gl! z2NK+A-p4Fp*O>`37o}HjP!Pa;^rMt47uZxn!x@Mkg9D$04}WkGbjZ){S-(wwmV!H8 z*RJRRt_RS8kif;t|3EtE8%-Y%4mp?rLVLwl2vsWxsx@>4NoY@C%n*QtUa05Wgx-D_ zXR?{INocYxWQ5^aLaIcPDJitCJ4zy9YvXxw-8RQ_sTMUdrft=C!?x@DC!Drf@Y!1b zdT+Zv#OQ2)eQzWE+_vNqB)-=_=yxe7DUKFzruTKN4F7ZI1HuRR7W&yFe9GfbNjTEK z2t7;tqwc^cRbJ$Ctbygw$=TiWf2P>_G0Es>#4er%IsI~AO zGWoVgsXvBOSCq89>-46vQKUv{ed={H^}KZ3ug13YFikmoL?kh`<6Z*ghSubRR%beliQ_NY8A3aK9)NvM_bn9pA z78u5BI9HgR(jCFKMb^EasW}SuW-iSh+2&h>{zWo3JPN{E=j-BCpQ~9qI#|X5mV?`o zwZoA$6!}asT`MtD%@)=1CmvEA=Wzv}x-3Mfjr*j5YP)GN zH4gAE(I3D^M z@jPVid-r?px#ymH&bjBN*3L*wSSywf6oFuYVqN%puBTX8u33?r{Fgoc5tN^qTWcGt z_p^?6;eq;CXYH58s}ly-LF$lqZXVX=`}QHPx7t#R170n})>7pNfYZQ65IYCBw{+TR zkgynqV8Px1^1sKo<@XaR5FaupG!P_!$GnH(yPa&fye}T><2UtJ{R}REs~*Z+07l_A z#?mdlZSAolmA zTcLbgr~Kam3^oaylp89S{(ny1>+`QWk+5>%Q!yW^N1~|V>yKsUb3&HZk25jcvGX&B zYtg$FU`U=3JJX0w16aSAHrOa^B4Qpk8#r3}8esdi;YQ4mXTkr>QU_?l1=+qmFzDB+RL(~TvBI!(_QTR5R zt#kI}?VyRn#E^xGl1$K0bj53Tz-bM&|98JwiMuBeYf2U`Bu;}k5?xPm{ zl_ShrAqQ_6%}wBzIzj`u;A_6(<~Sq*Spq(156V~5SuwUdZ$QKha<0)Fs(psqo%-{- z)PLws>$k_737^kX2-X>(ne_0?^_}raxH*fjgMcH&>=7uX+ciBTbJsH+6EbNOZneqe zLDUq2OoF2b#z7{J2bshk%Eg$G0>+>dZ0&W(-0mGJ7rjhS01?hF@lPlW0n+bRwz zJl|ReXCofUKLFmqfi8!`5+b?Qpb3dcLk~X?dt$PQtNiWhFl5kT(eO8FG&Bx268G5t zdEVMpyVw5Ta1L>{|2K%st@ba@XnzfqBF^@4q!*?H@^bPc791$ZOXgC!VU(^36~?A` zYd2T>Y=B%9jE@H##$s5=WI^c^X!@~v3$9>?$XFgJeSaw5qv7>6EoaQ-$>#)Qn9>gQ z;Q=BySxl&U2-B-KU`!9EVfrdEB%=grEqE>Z0Gwkqvh!I@ zh{7TpF}i6vq4Oz~h+ma|fKiGGgJPx(JJ<#a63!D&Y%KK3;3U&SEs&w6kbw*_xMJu4 zu+x<^mV>LRsBM`3Ve+B$;M{s}knd9{q;6kNePa@5gJ!kpMtc`ve{H@{)+0qh0CZo! z`K`=_!%OjL{Y}m^T)Mgt-CI4q zzbt?7t7t6{1B*>2N|a)!-yA-(+&odNM}TOyX3{KZE?)rbr9FRZj|`Nhf8jAw)v9b) za&i4KaxDkm>)33(eL=ET^h1!1ZBXGaFy2S#-=XjWp3=}f{Rspj zpZyrjx*A;=>q>;M5;R2mrgvo_b$Xqfn}}Mn?|rZCgkKO5YJVZ{CO&()5FpM<5GXc| z^i=+$9h9%mC@=E?Bsa{rtaB_RjF7JDNfP4I2anx}mK4_}XWb77%PHawqx4_kbl>GE z0>?$@kZ=l7xxuWw;Lve7)B3_`4whX1peZaly(QxW%nkf;)Zhwaosxlf=a8=obe@(x zOv`)=^FYRSFfBGcGv8ARV^2PzUVbKrTlWp~XSLxAEnSmKY zc0!G~KR5wP9K$6WAxM=F6WLvnUhrs+t>iE#?d_va6KTr&(B86bK&EVM8>c8#gJ2#>|Y#Qq41`~t^L z>>#ykO|HUnsz|1)+R2w*|~^RW^$QHitkc^Zdi6)7sKN{7hz5u> zRpi@wfNg=LkI>sg@@;#`Id&lQ1h`>qo~R)JL-2-Y)`M&fyi4i!DMwIR6)=H&UxPxV zcS^nj2*Q0L0Ze&TJo_#%Hq+jU4Q~g#@EQe8h3%sKEp3F12E-&(Nhlu5K4;QI!^~|i zpO@aLGBsXMQ~q0u?}g%oze=`(n7kku@l5?Y+>cE>-(U}~j_|eViF5xMxUT2@M>+Qo zQJ#Qswr~l-USQe*;L?bSu;9S%@Hz&blc0H-Zv42pj>gf8p4z|j!=Brp7$2mF|0HgT@!qbEzJT?h#?D7sn(a^5`#4F)X9)GQR3^o&7-H@K(d z+WM~u=fgQvp7#cyDk8F_+j}J{fdMJlGXQc5Y{cIAy53-$rtQydzVMr1>B|8dd^|7J z_oF;&{T-R$>k2<(@L|Fgwmio}4>)^~mVKz;cn-T&c0O2A)P}{EJx?NA9GjSre<4bkG6*63wu zjj#*8X?PW{(sy1gU@ejxFFOSm=1-fLK>eJWzXSFBS?FK9O8pv@$zbb;5PHYn?wmsQ zCsUs*Oc+R-aLSmD0veN;+hvmy1%hYRc2b-)YbSKZ(F=Nr43Hp3OFJoW}`5vo&c)Ie)Y+ZSkbxX#s|$mKc27I zw|MptG%@8wsQRxh3t+DZ&%nj0EIjMkO$({|8zpBSkfW?5c4W$NR4J}0Lg{RNU=)65 zEZqiKGAbL+EX)u;{n0>t$RMK-c1&B`;p2sp{YfL@y1K0vN`wY!)bAy`eH41 zvulCn>H~(vqFcB1D!!8o94nCUxAlXfPj4saZTpgU)PVO$haeXx6U&hitFR)R_9ae~ z)$3;;K1CKg7xZu?=^-p+2HqSjU5W)Q3o1b~Ts?$A7=oiaSTDFVdag=*iqiw*v3`nI zSt~0K0tFl2Csi-O{3|1=bO_y0;>HK}7@`jI1o#QqxPVUM!H#ye)Hd z)_U$*e|fA5eOirb58h$5fX4w8L6ygT!9!SejuK7+ni-s5$DljfsxxD}%#Z48S6|m_ zOryfhT|9t8a=K*qEzvQ2t)wMhgpwu*u0jXqwr%JgE03R1v!t3y`R@P>Gb=bN(5blQoQM-ECFEl>|s5tgZQ_L?Rg&{L_z&k+t<}B)7pz)GJnKqosnyl1m z5CMrb7Y;#q&l1u_OMvn>%Co`yh%k=4ESHKy2!osXs7(w~g+VS|6UIW?r~-Ia)ktxO zSN4{(!{;gPaLZa?@H=D;^O%wAmH2~6!+I5c9R!456{uxNHZP}^1EeRiQF}Xyy?7Gu zBszi`^9!~7H_lGb)lzN44C#c(y~3$Z+>MMWXcC`o`__O7Yf_pDp@%JUe#Siz$9V(w zd{+sfRqQ&Dh3%eMmt%j%960GXbirCL2b1l>_rRY7N*g@0%8)Tox@t-}C{QK+K(7Kp zf(S>o!v7j>(pbV^$b29LO~bs?(ZN0+$FrXcfa`fGc3nHD#$!12i2dYw@qshXjc1p_ z@@3j7mF8=K!q)=WkF}tfmw&*G&IeeD3>2oolCLk+!3)EMB*=+sy=n&o!=WKwdTm~y z5YT81Ed8Mu41Ug!56MYB4YLSU`8MdWn7qb=`Fk2BtmGg+c}+co10wzMV0?OT6i>S_ zJ|i|LpSOk5qCQWwzcdE1E`B={U+?0P0ymK4NCD1wom%lOjuf9DMzc+eevgep7^qug zTF>+5B+Pg0IB1k%BD5Y7(`_PGhTZBqwHRs1_l(p7w&0c`lxI?irXze4TFw*(8Y z4#C0%U@8lCBtZL3axs+uYb5DDy=f=u5AG!WmQLv@{_^Tnf`y~RMiFrUFXes`P!h%p zG-Sh~5x(M0*deI=H@MG%N1!;1)<9$ng@a0qzXE0hs7yg3$I*zUSN&k&7=)Q*u(V;? z0fE8>7$458EL~aY8Maht)Y}mLX!svzX6^{IH$cI})0R;TzBR}=B&G;F|7fM^{lgy5 z8=zHOa(YPCcrX|q3=2O|7p%^9RSrIy9AeN+$R=(N%Qk?+hyqK0MDph{R2ki|skR70 zC%qARspaw7${&{(C6)#o z>WMO*IMGRzE&zX*L6lnGwkcyDWVG-tc0hUTT}Nw z#?JRdK0$2MuUZ8AG72$H!W1ZdV<7g zIFp3W|446_;Aac>!B*K1W&gpBRB67FA@8c@<-i(_8>>H8EVRW`3Uj7gq=ixm^*|6* z#rEgjKi)lLY>~|1ay*bqgCv|r%JXw7p;v<5FdtbEn`;aOI)j1tL@0VehWyId6(q{I zDR*RWXg(gkh4&*~B|8$}pNSwhC$BZ1u-yJe4ZPKw&l~f-oX{qjP+VIY0FJvHyoC9U z_|d{%9W4CFz`mkBdRI@aCrX)@buIfK5ma%81EuRcw=87J($-!9cZGBqTd7M9;k?vT zpf)^Czz6e70QmtL^60#$R!N1Imt4JG0lMIeywlW`@Usi#v3Fol zKzd38P=3f9tm@z_|XKZK+VGN05SY_!~p!j@S`CYwh?^FbU|(^t$+uD*yP}78D+ku zPJKm?8z}9GPQWCA4K@ltkh89h-?V7}a*-DWeyh1D-2Q-lM5Q^HFN&we0k5Zy3Ap>D zCVZR_ETZ#a90BqgX+nY_cxtyu9k^3UbOsVnAQE4dKbh!U&Fj21%rJ8~q1cG3Wh_8C zX*Xz|=866&NCis)$izL74f2JD2@R-deYn>`B7u?O{0(6GW2dUOUeAUg{7e$e7$^#a zo289YZxGsH_uGi&ioY~HxSeJ~a0 z&k9#;-*Qo1byRty4WUojGYY20`Y-X1wL19I>kD^VpU<;sb1eESEr_KB*yT<+8q&^+ z;)X!s*Awgfo<-S3xIE{MMQ1S+$RVz)fOiao?EuvLqx={9&DYqiZL|%2b7at5fss;H zjU|C)d+Y+Y%U^R-E{=80p$lModhHM@X!b=k2Z&RMeVfaF8ScA`Z$8_zsJ!67*`$JU zd2nhA?-0j^MmlCpZB;M)E1Q>uVX4}LEXlR3uut-Fon>O3x;ve2l}EN|t;v`@zxMf* z>UxWeMz+r|-&ys)nJWE#aes?(#&l1&{ zD{b}^in;Mko+ZJO11%$L|EPfZ4llh4i1bY@U;=>yNLSQV6n|R07Q6+{!B2nCfMcy6 zdz9)kw>P%uP``=g{qG<97sTo-A6o~6-{h*BSYaMrS-Np*pFpIkSMo&-#&#zdZS=1r zyQvpF^_>pIHB(q|uJyXM>Am4TKU!UK{&CpaPJ8xSh;JR7}|Jt(hL zp#-%2>}Zl5EeH2@>7DFnc-X}9()%S>xQW|F7YQZ_SsuDs04jl17<(4x2U5WyQUMks zF6$ZuHP@%|Xr$h6<^V}S6Fp6JJj z!FRU(-HPwx2Jj{|2r$J3j|sI1O8%+mGp3g(3ZER3m>mXJGR<56={+M{iAymE`AYJu z3SZ2f7aGMMUwDC}y~4C1NTa@EVq|--&_(#09sa$fj@);oE3rRITKp~Q{*onnF|JPX ztl{@Jf3VtGekw|QYJYvmw72cA)%;p%e|^ob=k2fW`SlpS?784C-_sIe2&}g$M9%$g z5Qi1XL%^@iE*}ib?MAmhUY_rUom340Bf!9&V)K3VVzVs&@HQy0kTCq8XJ1<#`r+!bWulcSpS&db|ICM6iFUL9(su-MuF3cG}L%%r(tVHN8BRJmSJ+e+48T~HG$D~Be+2U z?tPnDJHh4p(P*x4)m=BjRe#b0BV5nPwrGC1>A^5|0q5Gmipg!PUvLfbz=b9DT;vJ8 zAB#bWZ93%xz;LZ*AwlD`3yVy9DTq|O$$ zcAa{Jaez0ar6P*6bOhwEyaHh-emdbHCN^50fXdOHy3|qs$HI;ZyFCoiG(NB`Pu>B8 zW2v%1>@v*y$bqzvw50)cbv0YEN0?tv+rzVHSx5c~*S#Y^8=xCli|4WyHF%y~we;iM zrLEq6OZ&Y(`-3sQ*#;EQ%V4?604fe7S@-U3_~3c3UmHyEhM`bHj4 zbb(~v?5U*>jm0cdy!r)ZTEddaxsr+RfU)Y@0gg;em+BH%1J$uUkt1{j@=GmJ+!K8T znfR=ZekMU~$|J`MY{$xRH-d|q1LAJp?6oV9o`*ukt92XwBx!T_Tr006FJV0ivb1PB zy#Hc$$?m=+QFAHQ`n^|zW&&DTNJz*Z0c zY4i2``CaKnPxv=S^6u(*YM>j)7|(A(6+4e-sMUOGJm;bmC#qL!Jnf_pAQIFI=7Q{1 zO#|BDs7R^>b2Xb_?JWfzR$4-=l70+Nuhh2Ly5Z5KLwzkhj9-d%8NV+*{#n-eD|bBp?(6S7eyL24->SC?^>#P@ zU8-+Hx<13I&xQIZFMzdj>KGu00C8~?9gOW8?$oph4o2Gby<8LpjrFQ`;y8IP!q&98 zJ_~WP%MO?5hIDkcM8mufxgSQfVU~gO8jJroc-81@c!Yl=Fj-KdS` zk6DG6t17%^)i_(f9ox@*?gW6a!s}TyaPQd{xhFuN1X;rm{llMh>EBo!bT-%b;jrF_ z$*dX#Z{m7zRrQlmzk2L+c)Rl*j{irX%}dy3vu~XK$>ERD?DAd<`eNUeu*TEm%abwb zEWXs3tZ$$7YgoU|F*W&q3;e3^Cg>sdC*gBnjHMfVZu@;I+KJEaB02+~XJ2U}mW9vH z>Kti&o|wwvtKW~%n~NMf#^;k$MXKsuEONQ7G>y-Dr*ah4_hk+ra#;B6#W(T!ctml^ z_Qtp1^B^5Td>+U$1Eh=tpSQwj!N%u(nBz-Rs$hwI`TZWgJxiSUyb?uv#^t_F1` zn}Hs*_Du`{o>;sAl<*bd7!*JrpZdo?k&aMN0M!}FgY2>+%t3Z$t>TG^S*ujU$_kqe z_^wo+{>rL(xs|oZuC+*wW>#|pGnVL`VKdI|SVfUq-*&F6ai6V~F+8b^}5jHo8!^}}P)e$@xD>PKuqHy)p z9*TV#lzFsc=b%^4*nXGnzXvk!`P@?{fX+{7_T`@d2xFf(4nN)O9|8fymvAERD{#hd zipCN`_?C^sBI0bwteV6Q7q6x~)3YQSX3yn!UM1H1eBaBIb1b@nOf1+-3Z4MFQE9G{6ZUUfZ08*GnYfL;m35*tD2gYj{w ziRv`FCi^CXYNspkMM2~)iKZ7(q`Uf86+YvoF^l_vEd=@>Lf$TleqfL+LtQI}G$ga5?dbE;RZF(d- z`$Y80qDS1>H9fk3T?KVX?d?7tk=omfq?Cgm9VRB98|t~Q3q9H^T|)Nu?K5R>chIA+ zV36gYN9)P;?J7NbWpANJg-`siq(@H{1M|C~M_)dbCIP!fk0x0)WzwU+TlMS`Jvz#& zqBA`j>*!1udX$GkJ<+48|D*J%DXQtwYcOWpAw9Z>;}m*yhZV|E*MT!r%kwln8g!VZ zN9AW~deq%{xabbh+OG183#xfM?|gnA%yzW=qDV5VQ|gQzpWnN$ztj2slWA;C&hKj^ zxK7of-d*o+r~2+l*Eid$&(}kJE!EwRUy5}ZKQ&pEWe}5Vw&>98&J3(3Ky+L(jI2? zj#f5Bj~kIK2ZfV~snC0{`@J}z(Kix~+zruc;(R1&cj-mPbG_RfM^O(e9K6F0c@2vJ zZ1x4w1y@sz0frf@1(>e{-kZ-*o!mz@DvX42aOHLZ8PEeaU}K@g z=yM2X+>jW_IZMsa(X-0}%vEzkz~!lZfFpO#MBydrnHbV(CQ3Wc1O*wm=+Q}9Lg_-2 z&#)va0Z3H#yKh12l(+|^9_Lz8kNof_MXQi}V`lO-R`Nj*icsJ&89?V?WIk5n2?NfD zqy#t}br^&C+h86Y4g3!{rlsX49u}KwW}{NH13?F^v@97rY%sRsObD4Nu%DKEId~BP z%4s@{&%tt72%M$CS&lja?mGmbX*O3s*44|UJnXobkTB|(h%(Hxy{i2>XY{2yI#+#^ z5j{ai=c$)7qA$_W1?s7c=gX!v z%ZNT*M~_y88PR9x=y7VFjOa6U^dz;l+Bx{Mbo6BPX-2e9M^~#?Got+xeRBtbks*IE>ozlXTCo)nl&?#$}GB+dTLY>melp8Wq zM(7m9lwW3~T%=Rlm@+IQWu#7NXUg#zDHrP$k|?!rM#?CilEaiAraECTTBmrKvMwX# z=Q<^qDJwEk&ekb;OnEdTrA((3Fy#*!Ddjq)h$+)DQYv&x2~);qq@1Hud`v0JNExP6 zNV`>GMv9?Rpryn5&qxXAl+jH24qgS)cyO*x8OM~h87b%Klu1lknvoLJDU+G$7>FuJ`DCH;zFg}!Z=U`xuzpj53`=0)8!}%G z+lEj7R$1|*gZg{iB>g+7LDw_6RsUA!{FUWuYJfRW$s#njNXK%8&eySAk_&ZkK7tK8 z$VJzpgIr~;I>=?!rh^R#y8b3jaN&&B^>U?D>mZkgS7&HNus{ci{5~BdwpZyO(R+dp zx&XOq9V7zJ*Od`tSL&dks1D{K)~mZiB)n4>Bi7xogG95ZbCV@|8U%+hD6?H(hffuP7$nWRv{3QgNkf3|JdBy~ z1=eqo^;=^7`mA5W`mM5lM_a$+tlvr2?_}$@TK~$#Tfy1<#Xq1!oenWLFCCnp4lYOs z7p8-Y)4_&xaAi8!k`As(2V2uYl@7M0gYD^{3y|YK^o$d41-`-ofAqh%sNWMDjccfZFU~X3Ctv^9x!Fv{_ zV{_||wPW{9$L7@++p*iwajS-c`T{%li*#&JeUTmedOEhG{%AY)g>D|UQ3b{vG#R%~TDb`k{BR_v+i*vSw+Td{|yW2@^2 z*s=Xnv5^|g3ACJ6_HTY`gCfGk0AAiocsHHEr2&TCN@z$YaG`)Xwh|snC(LI;mYpys zoxnwe)0tHwoKE19f}GDvxFnsx1qS_tl~9&WXkfxYcEYjg1TMb%gYAU9(+OOP^@Hq$ z_G?lj=fbQ%#7{%3I)RI}{xCb?@pJ;0aDASgaA!J!3%dSrJK=_Of(whJ z{s=qa@^nHD6OObK0_g-V6Y}kZqI3cYLH$v7!U5@oJSOaACv3kuHSz)`c4b4i z*xyb#C7m#d2?y8-holpL_pbU}J0UxrK!R0&pq-Gs3Lr5fHHg&e@J3ZKk?ctY*b}Xn z{|5|$u`A_Tzj-g|?*i+$$kM~7^z-Gi4f>2>`nSqTAAPR=9(RHMoitkiP9CR!tA8WE zvP(_TK`zYeb&yLjqJvy~vvhDif-xQB0=rEIxuovUK`x@Zbg%)zyLFHY<*z!(rSXss zaxpB_!Bzwp=^zpQMI9uHH|QXddW8L8Kx6CKP$@GBi80)D51 zM7bYykVv*o2Ym>-?-M?Qh-CGFsMA}=5?T7`;5Y>L)IlP|-a1GW*iQ#J=?Cgy4T6U- zDApN`nm>8-U?+bvnG&}D$Dd%1`48*|XP*BMnPFei?@)54a#e?zHxOj;CJw;+VuofB@pCB;9m!K z1^e0NzU*JqupH}tS*LGW6P)G31t6;!%>ObffaA7AdtO$`#8b=vD1}l>A^E}^b4OA7 zm#0qll1Q$w?$JVn$TyT=oVaJ?CRcW71I4BoSI|7NsVoNsR&LdyC0<;6%YTvI7V7FN zdP%%S(HJ_)aIetbE?|14KJJ4C_`cJps@b!(BT|x0eRSwUE?amNWdpcgkh-X6K>=@^ ziNGvJ?SuXlug1MT$Q^TB;r-#jg^*zbr~#Mh#*Br(A9W?_PK|^2afYgS2W8RB@-;mY zyBrD?uO2g2ZsDato`|8D^k-dy*X14Ggr~YJ4NuMg&isnh8V}m?5)J>UH&M)p-zgDh z^OA!vg3*10x@L&n_c}PHbJjK(<6Elt#LZL|*F&Ho$X!zSMY-(@+kRrX8I`YzXoJr! zK&pIs5$l=`=WQF+L>4eVHk-iQq46(HkY>D4{N*0y!dgGWRpWAnJXS;Yu&DtkV)0{8 zT>OKX&3HQHhYP9vfqRx^iOZ4T7(9YvdMfvFWTv6R`c~0jp16<_m4aO5gE0Utz)e$zCZ>*3wLwKQw7DB+=F`Tge=lUuuHBGoD!*~iX3;cB|V2d zwTHWps*P{%IND?TXm3!r?OFDWpbThP%{|a+7Dgm!`PGWrPuVg$5QeianQ&m{xxw zzZ85d?+q4w9vNdd*b77vk#!p^=5MxX#Zyz-8<+xWp6-HmrKKe!aBng@c5_T|8& zX)db@lrY>LH{X@evF8wqvZwSnL`+xU6jC`NNFTv#UaT!tZ$4XPA2zHvm~; zWov31;??fz1I_CTBEJSomcAY8Yna#OA;%cp4#WdQq`8I7>2y4T_nA6*AGD!e@P~S< zio-y$TXGQ<8)iR+B`}lz_GN!!pkqyZc_%-!L*YTOvkUNEPGQ{Wi2UFR72jB9o?F0S z(LaX~zrM<7hQNib!CTttKVq*~3X9+{d@80D!7sou zXFLAq2;X4DdVh2wG;NUvbf<6PC7mlZz1UBCFHNW8zIm+oKRbOhUGLgbhk`RHP{(y+ z5|dFG^8YQJKk-uM4F>5m9qIRUP2ca=Os6}B)6iq&_jhXV*LHg@-QMAj`nvijjrDdr z(vR=l-UxL)Co+~3@sS)Y;|rF9ofG7*f)n9p-kif+{2VY|rwRt~2nziXk^m}7r%O*R zLOc5&0srCfQi0c`FUwg>#1Hi?YKZ)hHMNg^Pf5HYZHF(3j;ew&j&)}@Vr}?&#JlF~ ze1Z-3fI0j%U`H6+2VVowMI1+4MMCb^7jCWzSb9e4Z~t&5ZiH!)HhR ziEi+@_utT-bG@vx@z!Wo~qC)Qr9Ob)PAH|OJ zF6#s3A3i^`{|T}kM70`Szln64p1g{*&hY=WBmMDi(*Mw@eq3wP_2=pOf9EKFbvNZN zaHLmuO+N>oB!=bK?+1?{vvMh-F3Z8gWai#Rv)@ZJTk?Z3N=e`Y=| zN9Wz&sfREt(FWnLac;r=OBlL}Gdh@&;I>wgXHknVj&hsIY~j8S=aQ*6Uz`BLegQew zupDEkA2(1hqC-Ty1|H^P8I@+1-yD%s9R%-O6u?sk@~k`;f*J6_eZa_@~lCMq#J;00C+ry21Sa@)`C!cfn2Jgw@O>l70 z;N0=Tv(>NgorQ&(m-uDdY7-+W-cR8FVxcL6X@5{t^h~ zI8+_Slp@BQ8w(a;hgfO6uFPcs#cVtS5blGz-Jyl%N)ldoCEwm$!AsIF!|4-VhY#T` z3vdnty#Ns23|PY&@!)C@tSf;Ggn&Ec;{d{&fUd;xXhS*4xF`Axk~dhp6nR6xK}-Rm zxfeV#9pDQ0jkIn>~ja3;Y{=3ZUNP zgB38;=lms3#%I9V8B@jBZn{b7fwe50^vCJ%7S~Py_W&^0d^KRgTmS1IM5IXQiEOL* z1v^SeDlfu=7{+fNe~nmmPB07n4DupQ3OvuX2$QxTp5hT`nRrgC7Bx+R{%;-kAeH&!1JQAJIxkIZXAN7v>kR3V{+&3J7t*<^1 zzEz3qG)_Jjbb#eh5>ue8g7Su4e;57pAehH_ZUvO<|CSi?qE4c#nS^U?+ zm74VgPa7fD!iO>71f$jVuO{-B*kk#NF-Z6XJe?i{VY>^|2qKiXxniI<)CZ3&nH6~S zKAOLfuqZ{UCwefXP`G6Q8c1Qv&@xQ>hnRA>S|q4_$mpu}8nHX2Ot26x#4gJBHI?UA zy7A|H7yb;#TAn^I5ZUMsMBpPLdNg#VF|>o?RV~ilCkE_ zjfJ?1zlQI?9N*?9H^e>M8X_;l6J8eRSB{Ytgg6E315&qrjM8Af&vSdjY3PY3x(Gdv zeBLX(C)}5B_e4(xszyGBIH5g2*G#EJEil<|ZtTV)ct%6-Qn+A)#LO0)h*b_i)8qVR zL;qm@C6TRt%*p|t=t*p3D_rvwB7g-y9LQgZAZP>@HU@qsnkD6^GD^SqMEBxN*Hu2qg10vdIyFTAQ_8G@~aJCSq)|{7`tCw zP|_7;oqTJ5eRNkhAK#X&4qGR>Yl`MP)lEPm`J~?8h(zv0JvIhwzq5c@`xMC)fhk=E zdtkw?2m~lmk3=g!5^5K6WZIvSJcAJV$Q>F0obNTU&Qm)diGZ&V9YDC;Q{Ga$7SQ(8 z-h-5<-2UeyP}HHL-5G7f9d^{miD%p~0MD z45G?2`*HN_+<5k}_Vm6$lIR!LLhxIO(TeXB3m!H2j%)=-_U`n&&5iC5kP8&QF1)W_ z_(1Jh3I6FvBOm>;&L-P}+ClO(^7w_~`d?%tKzU?ymP}A6iA8ii(tf3bl?YyfAfQ(1 zN-O}Ut5>rKhXM4Wa*!Udo*>~C1>;Q^BL@0_6%N{2j$wMuM!&foigrS^Va5KO6|&h|+>Dj`_rLbS1VB_`u%8*9ZvHBl3@9kVc*fuBu@{ z4L5ha)xfy>)-aS28zwH=119P+Pq>f~+Mu%OTxWyFpjb~ew@zych9 z50rDS8mN=&!lzmZ;V)pT0XfK4wheK0toILomfG(mDg3j4@k>iV)G#=KXaAsKNcZsC zJ<-E$n4L89h7c-vSn5g1C-(bY#y8|s9q*{`9^vV|SzWyzoB!928VC>cPfp-}(C#rtJj{>nCGveU2!A8EvYI~f4osM@v)2q|{P zdEksZ)amkj<}R;@e(I^6NjSxRHsRkV(qew*He5-<2->Eej?{3qc%`i&JkP_T(z23u z&re1K#I^+`(4EE0CX<8F0E}$$g_^-`E^wQ#hu3RVd85_nht0WnFSKB`81emHe+@IR zv~>?OV8jP`Lw6_f^2Zr3ymq2X{qf^19f@l&Rzy6)i2W2I=uJ$&f1uGw^h>?fs{WX$ zi+bycLcQ0a-VsLWJJ+5Jk;+vlZIm`oImX;t_{P%Y9vF9l591CWZN6(XH-Ij57;iKf zhxfh`8FBU-gC`s(C;AMu;fW3uvIE)Z5lY0*IG7dcf@5^aV#FjuUu=VuCB(D2JJYTIhsW7;#EE8kNj}fw0$BU`ydr%x<^O zvpLS(8RBP=@|S@atq#2breQL65^vB`o(#Ib^hMWSR}ZOH@_Em*Pz99r!Ygs(8OTny z7@m3^g@?3Z&rc$DjqG87NAk&3+_9;+d#O!8$v-;qgNT3uc9`vu*|$!PwC9D6n|@HF z-4{AN(q1*OF0@aiy(o01iatp7hYuRVF!eDcw%T70CI}yiZ$HB>gLIr@!mE=XaNZD& z{pkfHSYL^HgdJ@&DCZA?x~;f@nh=~f=%bs@oz~*<2D~7)31|RT!D!Zn$|LRBp*_{W2U76f zgoDg?7%9l-D0E<&m&at>IB({2ucvbeSQ5ZANN1q0j%S~e#PjCa&#*-DmEwlvN+-y* z>NItS$NZP^{TqOGo{@D~E)}Tw1K(skWaP;FQfL9-egYRBUslhiGI zO)ys0X2h;k!SUna$NtKd@KXRff|08Nc|fXJjYBTAl}bcBI!g)JhGJYBpE6n91t8&K zxA;gundYRMff+DexZH>xa`$N`;F{7$bPfsa+J|bbB!$k>yZa%!YV4?kkq?{mCHx_Z zXj$&ne3t{)ro(J{GJ6SN&Ff7M8XHv=o`+If@f4$D0{o-IRbE<&J;Ipz6;F*gzClKl z$Ae>T=sXaN@ekcViD>?O39HG3htDDQrx33^|Cq@3KH>gg z_Kv}c=@Afo@&EfViq{GRaSEl&Jr*vKa~WqEr&mFJMCPcAF}I#YH^LbxvC`Bo%uB=ELr%fnC3}8RwvuJk+*m=avy=*A}7Urlwad} zA7lWfAlGyNW);~qx1SZ&e$MeaZe%*U1qwY`_xk2@f#L8F%%gM(lC*or;thQAxMNkqL;rkKVE*E`pm})_q70^$AmEcii9JvT z=N|*zsX<1A-68wHl7v>O512Gh?GtE`DLnbHgN$Q$cswrwAFmJ(yBtsSdqlFkI6J+E zphkk|zoj^FB~~DZ*yQ0Be#wz3)g~tqoF=9!ACHYuM56iwsf8#s6YsadTFUMRWLU0H zy=Tr5QaP@mkp{!~fI9uqAl}i$&tP8x0{}VjVMo-@@XP*fw^qW;Jp%f%Ia24f^PUm>}6wygqRfa$@X|i$rNsqdj%5 zO`H!ns!uoJkB1Kiq4cRA;bS#oIEBySgH-Ed7zKe}?2kMSdL?^Hz{IgHN2Vu}de_xS zB+~8po#w}EI7RZZQ`m*kZkKNwX*ufetY0(=UpM0AU>h(YcwT2IWp0W@v>k7vF9VkT+-^g#PigbG){PVEPF@Bo0^V>plRenk!sIa2<>dkQ_md z=v=t@CO#^KL4w=>xAUmiBx;?y1&wH+rt2pc1zilVy16eKp{)V=ogw)q)H7IVzhr9= z{A4x*LmOT)Pc?C+)x?pyiQTB*y-W4?x9V@i`oR#o*1tKU|LD8Qks>?m_>(0B*E;nZ zU9kqwF4ez4O75)w3$6P1=%IdVe(N0b+p(4q7ueRpr-1TE6`kif!P9(d5+vj2r|PlX zyUm_wYdGDEhx5%wyUh3Rr1c#POPadDYU*U&RM+|FvHrbxss4kl`rm+&N00NJ?my={ zSBmVcyuv?af&|Yi;{Ov!} zV^{>Kj~+l8{@v97#JfAH|DRG>M*a6%^9nSh4wBRx+-Wgv@-V4}+J2dj_yLuu{f9 z-d{gVq?}~PpT`UJ*wvuwih{%mS2Jfbb5SedQ;>&ek=ub-&T9;<$n`}2f~q`=ycKZa z4Sp(CmJ=vlKK)mbEghlD$q&XVy?lXLRCze%7cJ~NSd%Kk!-HKKJjQKWyz8Jd*|II+Fkc^{3wCssK#G3i+693ish3zoR^Kuen zke7S%eVj`U3C~)_v-gb{dG5`=LC_nnLjkoPFje>uo~589unz`}-2Bih-P_wPWMz>u zSQ-tj%=N#-eoUES#Qkp1BD{4};e}j_`b9m4DZj!&w4mJlGVu<$1@-ZKnZD#b6>u@W zmysF=F4yItT)39K1KXWdtzy&iBCqvQ3v0G^B(7wWl$BEQg0phs_oyrtQDrVm;@tx~ z89LzPob;!;tS&KUAM#~w0O2b+3+y&GQuuO1 z8egWoLooM*FP|ZG7x0A&=Fa$XE$}6qPh)9xfxs<=E-}FtzC^FyTq@X7m%LY_%M#)m z{>?DVDS|H0kat3tucrfDu0kFs0wiKPL6^8QH{?kdvGoT@h=4EK-{$W|bu8!*e>tkfY?qvTvS^5DXo`G=}jM-b&3V!qTK* z7s?m(SiUp=IQii;|M=H8z@XzL9-Rg}1zYD*z7a6ONM2*v)zc@+DQF{y%2ELXzG~yEHe$b+ z#79Y-wI}E64M|mSa9}pKZL$%?f>C$l15>`L>-aYL%{SHYtS3FHU+(^>#vGO!l@W73 zHe!uYjuNLJldX^KVPt=?Mt0@#dSplHk?rPq#&x%)Uho)O>3 zOm#P&UBbU3TmDo0`{yC4k=ginFQa}6{;e3SM|IQJUGOjEFI}HEo%G_j|L#gJ#>nZT zGrhP%>L>4|eqlAWk2KYVKXumc>8Adz;=^>K+E=RS+|K$>NN}Z{Z;sVNdZf)cq}@MX zFG$nJ8LtUB=h=4honTXMlO{U%;n%4?q%uyl`f_MSU%156ewnwG>Ma ztbOjz2DZP|&}$n~1543M8((dBc5N@GQ+u;_+TMc&8jzRnpgrq+)#kvL;jdsI7P4?& zGA1i=fmE6?VP{(HY+i4VD?MM`)V~qR)1K@9`WSXPqy7&iYMuI{qy8@XO+1CjrEYFh zPk@(^x2W210PXx1)qa`V1NQ~!cRIgD^`8A2RT=t9C5GI>n#hiW7VLE=%mbda7VO?+ zy|4%V@RdDySsy#-pXYzDfA_uY=wA~)*uQJ;aP;qYbpF8`f{r%zAz;9uqygs~t z@@RO{;9)~uz7E;Bb$tM9wD?T}mtc4uDtL?BI(=`<*Z_p~1>~MH9;MUu(S2a-GSs*> zv@iUj;nEyVFFf5HjHvK>o~|&j&1x?onEDg`B=LBoZCdgi^c<@EGtFjUDs$v8SO0Az zn5b84A-rwK?!=hQVu^jEgzRUc?}TPkD?EV=P;|mI0lEqn;};Oi1!5x$40Ci&xjD|; z?8EII90p9ND8Vm*XP|}x#@pRJpH(-KZ>w4l95(kYdK6T&pUnG4^-sb#_R>mL7O(KZ zY9X|r=0W?y>8sIP%M|_t)763>weVyhI9NV7!ZbLaNmR{IZc>j@4W)aG@8 zL#Outd{RdHF@6FL_ay`lMtr!>h!3kW;&%~-*4R^$jpkuqLb!PtXB$6*^iLjtkV)_r zzeU!!D4pPVpiO^UkCRjPSlSZ)qIp&W;&brdFmID-o!QJr6UU55T|4~$MSt$PFx4Mg zSF{D=(|lYAEu5`2qV)x~h%GIbgsA@`+xy~9C``$5&0v#Xw6UH!JQWj-I%ep19V;Ly za#xPu2yLse^owk@LF5OGfp`TF7gu?Yl;a0(zJBS(I~4o}U=m=|oKj}e5&k4r+kkJJ zXy&}Yc)dVk&oHuh6)0*f`!qg~VP@lgLiuS}4CM#qfEaj7Uz_m>m(PBI((NIyYNYbl zfjj0soRPrz_sh+fSeLQ%lWZePB574GtC#y#`mzS^BNp&k-Xbizl19xhM~3IQaipys zHYhw8Qn0=}J2nr~co834lzhs@mSmgN^~A3LpZZCUVCA3Ki@4dWhBbpKRidJbyxNLE z;X`yqdDz-g6{)9?NA7Fam$2x!ZWL{<5JXJEtfo=jjtoTf=RbEYcur%h5xquaZyCT}q?esCYy5NXYeGz^>Fhc!1r38v*U{OB_= z_1!stMLNHXzox!{!=oAEFmIC(0O01Vg@{88xQbbe8H~?*ls|GX9|nVwSyaj6Gq*E; zZq*k$1Eq260C{7#Ne!{P=AnpgLG#L^fcwLF$;Zgj?ODy5!@TKQW5cUAFU<)VFcO(w zX6Q;HAE5`?C*htVYTzT#!*auC+49mf(aS@7oW~;mrtBTkRiuiK$_=eV{b3yYXU%7s zNV|LLBFNx+VV*|;+eYP~jUvIDU51whAoNh+B>>$4y!^WZFA4#BfLYJ*dh)*yubY4D z0x#@cDP1lRuA6Ut(O0lh(mQ|ahwjtq8Q&vn>KAZ+A(jfmShAi-=ED8@^nA7cTLu=nh_z1wwV0s!RiuD##xetYCcVZSy>9r-*B6B@|BIgF0C zp_ghlr0v%9)TQ!odak?tuQLDW&iNrD1*yopwy$LgXvF$1!KTyEQ8kGUS`x{GUA?Y< zck+Y2E3yS`mOWTIdI)#lV)R-7IAQVFQnirT06>_d1xrY(n2yat_kwnbJjEzS$!M#Hhjxx{@2tLa|_#&FJl;y%1 zM&x0Z@y$LqQ3YrLY@+3QE|)blH)#-pcEMnk`Y7%+Vu{B;xt{0&QYH)gCp0Ypw7JYv zdp_b4+l8YZfeT=+T)^x+H21m5$2u+zjomOJCrqc|j1^6P+utcwr@fc$ev0`PLU7!#4nK zaIg;Z%sk*zlu7XslPZeWSH_pr@Jld;%FLM55QI7^H)#GK29I!$$qSUZuvCLBY!ng} zFeq-%E!1qn%*qp;g8&cSISnzsQ9*UP)@e zH?Jgd0KAe!8X1f|oxetYU(9dCFN_)$ez5*Dxq#ssDMkbO@GUSnk-#5y_jg<5KFb_l zGe@^Pwa0K$!uTU>VP)ZWyzVlGrg^jh!v*9oVUMQn0|^L}uHa(C%V!m>i9BRbXB^R+ z_Hl_*@F6q_*L^<=npa@f!foPo<)(J1AJzoS?}O&mJa~-5rocfsCa|IfUI8Gr;k@9r zU5s1LOQ<4%^T#AW8D^2{2y}n|7xw{p3cMu+F_2+TEgX2D;Mg^I7qAtt394W$+!l=8 z)V>Oj3A`v^GvZ@cO4UANo*j2ye88yz&l63-ctrzm%f+h>H6kCk8HH~KU`j_!puO&4 zT;-rRBNxKmkP!OIO-Qa20nkl<}HA0 zcx9y?2~7MtDhu)V8+GBcI5Z@ofF}HdrEPeK3IV%gQoHW)$c6we02QDq_L9xZy*}xY z-E^-|9R|NrYzRAog-LijQeQ8^44UsHUgoslzX@9M!+dxTIM1=#C{M7DiT`iC{a4o8 z;BS7~dOP`+RT| zy563^dRwuh^%m-Gy?u`Lmffe4H>GWyPcOHM)N;EA(8lVwmm4inLC`P^^~qDR+(M*h z3BBYL_H$4vn>@s@(9nh~Hm*E0)@8xL8j^cKqOxWNe9O$#B@0wa-IsNZY=N||2-U=A?@FamgGb^z_RLqy1;a^6CDh_8_) z43BrsY8Lct_(;B?<+cC4`M&qepFH0q9{=At-)mvou@4KME*sb}ln)TDx_diaT`L0^D`|ErBqh05_>VIN=H_6HDzq7bE&?jC` zi<`Yyuh=<$+GNMSOilLR0U%7aObr(Iz6a^a9{hTz$$kX7HEXiL@$MQu|Ecr6zcO>av29!WMck(o zWxb_QiTxHfQgXJjT)FT(bE=cS>K*ya8$KRJvT{#qox1GtZ5qApn~%5=%HoX}H2K8?p1CoGdHiJte+b>4IUcb-JZ6BZrQwBJ;VEQCiy%Zet+ZK)f*%XSfdB z^3ay7xW?f%Jj0g-hvs>1y%v0v5u1WN@Kqyz!=y?RBTE>C-{FR*+C=b}P2h-*GfJD_ zJI8E;vZhcOrQaEzU`t{c%Ernt;ycI)L|VNDd|Tl^9)QE&+|V)3?i^$Zk4F?B4b7Dm zY39HUXEDuX1*ib@qb$$*6?P{1fol7F3%bzl`2=Tkhe!aoSuHs!FK>eSDlJ}E=$Q8KP{7mD%Z!C`G~iwVN6OtX9Gx^&Jg@m9pXY?? zt%(jV(&C&cUR=AJ6fm0uh2MuxhgTY$A`eH4o<)7M<+Fcwc79-dv*9lDR=U4s=1TXr zVBxl;2aOwr5L5gCqYAi}>z)P8?^PD(8$vHn^h*vH_mJO&K|o#TO3Wi?xTkrtm_0xU zvk!S3o*7CUB6u~-o46JHFP^CjM3%$p)q1!888_4|kzro9HC>+QgUCU7p}c0i1AGeS z@3;f*!~&@)y#)T<1?Q4)R?@A|7GAS^x^K2CK}*~EHXhTj0II2)Pc^=^YND?1%WB>n ze0g<%o|?Wj-*QMU%H_Fm`~I;yYd!DV8O=*E{*G|D+=k;_DL`cjW{JHQ1` zl)7dIeevAF>#tqrJ26vYL-_~DqE+LhYJF+I5@@FgZv=W!t~aPm=A#tkcQ>(cY?k1D z>@G$cwz>~`tEtoQ1!^`762o#Y$kec+=qih-!6Q}-k6g|!fa!OETLiS8iWSK}uzufc z98QK6z^BWof<$kwlb+~bb99w&Hu~;~mLi)?FaL?-pG7ZI$3UT%iJOp1%X8LnK3Xvk zX@#+9i!no^Dc27lnHs%AbWfZ!NP!^xh66B5^dEjRwN$qWK>hi!P>yRX?Su+W-Si%M2VE5gutc+z3~kY(SEAVy&pj2rUR<>n$Y;oa$^@V z%tLzNa&B2Qh(BB?vr(B$8=>I`D)lB>_j{0~PXGl={M)8er*h6LO3#iJ(6ZrbG-Qm2 z$A~A;Yr55lJ=H3GeUys}?`N7VpdQ>=xq*He^bA+l#!gdpEU;2QCJMjGxXyjw8Wi!| zcD)P*H;>nQYI(^Rz2~aNts5cR_HrdiAg>LY_gTxBC-mvV34z#CI;zbWEJf+~YN%+` zJhyFQjQ}8oA$rG9S@#JT;YdU_fiHAhhFi!(Fm@g`O})KA_ML|fRO*i1(TaRV{3#(9 zap{!pbPOi{yiO6?}0mzUY^=5XtI7D z3;Y}fxJ9@jphdR=W|OB@=!;WTIb=DdV=`9(^Q)lw6elM!O0Y!2Xi`7~UlMS}2DE@b z1zd(|GvF-|Fag0fJmb}oxf0)qeU+XJ zVxUhiiFv{JgkBwqnM?&jcq$T!CnTpvMM&}>nRp4DW8!4MwLXtSy=EP@J@bPt9rZ2z zybPZy&7uy7m})op-LnK$E%|+Cez*Q_{~5n);9}5!%JW_$NYxF`yL4MGf_Uq_fZq=I z-m_4C2YXYf3*Sp4fZgMJ+t;S2p*#K;7G59&mR^i1u`c}YDB*wc_&l)6=6~_XF{#I{ z^1otJv11gX{#xuNWTBf03E>MKQ9&8-j)FlU{T{ z_~1G$uF80RRCf;&T(#vMAb`+7S-)U}-@tl;SDW4EgS842%xx4a8B8$jR)=}$HiYfjZKCn+) ze6ini=W;T}<>p78$b(FRZZ@iUE>bHp$8hc2OYH$eNI3PFxC1QlMBhXOK-l^G5p8rM zL-F!VOh}L~rz5KYnn8X-=F3z25~3~pu@t8W$+{Q~PQb>kndKVfO7Y86XIRE)V43GL z-eFBP^*XENwCz}$S0?{cV1iYKRkv9N%M&~;;wfK|jA{E!6YTObq<~wd4!b8FAlVFX z!Sr>2Cwd$R^v=2E8<2}T9PxW+{IVz72b`J35PNEW0F|+s;@Su~KR&A~yzNN&(qP{y zZ~KCix2>fc7@NgP@s*>P#pWv^*s%D@U`)6@o39KMej6-o4VHe~17CR}YZ>~e<}1%b z7h%`{AlH7Zduy?k@)(pb9zY!Ob0DmSDGV$al3imf*R#e9w(_xgm^A2FEVlA8WZ)*G z*-Cr7WGOX^xpTJCh=G5CRBC2tzVdMapv6}j*cj;b>w1vxaM;09o`HF{DEaR4lyW^@ z)0Kt!}L)Z5+OKZepl#jhSa9GRz|ZI?Ym_`WB4|YA_($uo`@` zu+hh$8O=c-f=~tr4c;sVE-7o&rayFR|F@X-e@}L{7exNXZu8&6`~_X|H&0e~besQb z=5POJ=lYR7o$IN~v-)mAx-^%>ZeP=z8IiES#h6ZrLI($Kp3lQkT_nD-E9*G#^+g zcni`3tD@|q3h?ErZ4`=&uYtgb>+tc;*S z*0msN1g;kfWQ#N&Kuh9CtQygDnGUW@yzzT#CrZW&m+Z~On`4#LSZwgVDHaGK_RF+i zto<1aq_0RMxD#4k^h9%+h{f9fePJKoF=E=>vblnTg?P6j&-yKrU%1TXWlj9gO}x*Y zR}UdbZw2vZxE%xsBTMWay@unhh{4cd^$@@*jW1TrGvY(C&qI)Sd^V;AtRlhFFmAqZe+X|wg zub0)qBf!s}0SgA~KjqcLPJXub42 zaA2Zqv9uSK+QL#D7E#yf9b?2583;=?Qp9Tm%f_5AHPsR-)aSe$hCHF6C zUPQ?PxHvRhe)F9S(3GHa!27*5-q+$~lI5P+aOn%D@1J_^Z6Fts5>I2%dFD1A-l#si zRj@ESx;Av7?YWk|;|L^-Gnik3b!bb;ZMb=AKj(B~BQ(g2R#8+wnqo@`%|jHL-)ITV zYve|dD_n-_K`_3%5f(=u*lV$mAL^3O4dqk=z?g_0ZPfvrxHeK##V!y762F!eSSjF# zSDV<}dD4CyL=Vms8t_-&+!%@Zt+c=|E@^<03z5hLl;FY!IK}Z=Vncc**_4CUzPtKgVt%8$ z{7-e8KhFHQUGrC~NVoaNGQWBxJ#5|o=4v&f+x*8f|6*tUUEZ(6JmGlQ7xc7WNrnMk zGi2^p$yMq7>Irj)`xWILo!G?x{rgq&_5WzUvNtGe%fd?2+m>U$`oFPPoz`Wq+V@@A ztG@cyNvHn-fq^PrkVeZ->>XFiUtGNw$eIwp}0zI za>C#dJnNu-_K*dG|I&WdcPIPR&u;li`xV@r{?F`J(=zs}QQ}fGHC4O2Uu9XFleKL* z_Np75d(}7H>{YnKVC_}drzUZq8v4yH?^9f8JKm%A&)B0DLNl(0KH$K9Ew53XeCY!Ai#5ZBlbqvbF1^PkL$ZXiA$N3g2ClDw5j!f&%h@A z-YoDYSA9ZkhoA~?3mf8DZA{7&Uv}c?V*7%R5)?IRtU(2dl{S&6S(3n6Of(7z-YOJ9Py~dtfEQqKcg555ZcTlq zwXIsbwYIgbZ3U5QxFuk{Al^{a;FWV+DOeQ)R`~w^XU;jh2|?-Q{oe26r`dDn%seym z%yXM(o|$R#^OLk&IX1gNUocJz5e?38PrHicIceQ@yF8Tf;1tFc+LJz^jnV#emWSyc zPt5_xt@CqUAURv?QIGjs%nw=LOZ1Vjz8|)$FGF*r3Mb78ce{FClSz1sy$h!@wzn@2 z)xU9GeaC)%eYbW{-*s+%^E#?8<6n??2(Ff8%Zn>x|7m%#_g5ga#3Ds#?$Rmb1$Ji; z+2FZMuuRaH>dA|j=CK{dHQsiFI=b5<_#+|%QCOWLeX-2Hlb%f_HV{_UV)vO(w}HFC z>Ckcm&fWA865rCi0bBuku`}b?KH`1$>TKC@I=i#@moDEZ(R(QQ@h#~@^c&>Ioqs*F z{8+ILjZ-Ua|0(%#IU4oN@*@uUOZjmGG<}Ei<7BvM?B74|FUgO~a15Mcgu{~`-)^7( z8|23x9O|avcf`-!4w8`{%jODWi~QhD2D|Uhj^xKUIk*%?4_Tit zKZdodFGF`CKYmA;?dtidThAXK_UrM)$RX?V<;NRy+V-zqeS&TdMIN3tm?{z%CC z64a6L>9zNpHLG(++WOC;K?nthJ9K#>=rSzS;E>2_?r;1Wr(^W5Y|)M{dC{BG9cAq^ z>}=zG=YwFH*-%B^___37Xg^GS2K{+7v@I5d@rE&fJ?ZPy_m}q-1Z)PE~d?|z@ zvKN_ZOEZU+rxDPhj8mcQ`V)zZY`dIt1JercARny2sU?Ij1elo@;mOd=RY8#kW`1}3 z>IWE0)d*HyTJLLoRHw*-T)NwIThc8vi!<5B?MQKP2AIeWpF$TXEIR;o=>)-eVjE@5J}c z`+R)gjr9ObD}m3=q!&DiJ&G+CP%IJimA3mC6wO>0G@q+Y%>?Dl%}`E0yM%ReV#fUf*vd+8ov=7s+$dj6qU)Y)<*D7`p5IpPf`# zO!AYU?sjgz1;%_r74vZg7LvqYQt;ajLEYC8sP74=7W-n{Zluue|NWoj&+P~C=L09S z<`}oY~-Umo=>7Q#xr?S zN8>q*safMW?O-kN2o@vNI1cU*#5o;+u%}9)7JC6sx^YL4;|JG?r>`iJ;Mu~Cwzm3} zBpBwZpT#9*k=f$e6s-h8S5zjRLEHn_E)yA{hg;=0;_FcK|98RH=QnhOuN_Ry!dC}c z(|Fv&*PlBC@kj?C>?efn6RShr%5TVz=it0Yz#e0Z3~0qP28- z%HsNXh_G<{S!g!ILGP+I-?hhaxgDzQEY4maCtTe&85&TxzDCx$*)z^QyBtN*f0g^| z3Kom_Xu(3RC!2nk5h!`2WBVhl4pP76E~IE&kLK9F{ur#ZMkw;1pvRj~sy(S4Ha#Zp zQA5i5{^{}jHM)TDoH$8_WGlxG|Im}KQ>+IM=>S!p5}W^!!PBk&kScDFAr;-abA>;o z(|fcZ(io3oKX^#HU>p8FIi#@EtOj9GTD82G1+F=Ep*#zY3($H}ge z0b_d|mRju47!wQ+z@nlUV?%$OF~-t12HG{ofFzHfNXatIlPN~W^6?dskK;r3C;?nB zI)fij)7K*AU}ic+;j$xUYOZl7bV9N}l<5x$v#m5q-BYaf;i}(m0 z7CxpUDAL8pD9W@9K0q4(1OBSqr#&oq{;I~KzCosZv%l*1mOtOT^gVRK_g5WqzF8<| zUo9XXR`OBiCn0+TWD5k;_^}X2sg+8a_%_`rrnVJQB2DWLo~Qf+>w2#K%>pG9NpJ<- zz6O-NS_-$=ul>;1!=%r{ny-ZHOWtJ{+Rj%z-`=6^M8zy92bW`(BXESU=0drbyp2Cq*t^-v(M6Ob+TJk!Ukr$vZg z+QXjy_`3OxufKmvcveA~)ajo=3JR}S^qsqe=kF^bhFamL%t6zx3P^Yn9>&S%0~Y5ex<*UxYO6)yUC#) z={KF=GC}1)Zk*{Oh!=93~ zG05mBCeL~%pD=9^_7u2tlSc~<&(vw-C~i}O=P|Z^4xscHKZFGt&*ZyfJ2*{DKB{uK zX?SrUy<7}-q2JZ&B;h8W)2kAOB9@tk=(?P~k9C@AKoDl*kXbbYB4&OM{1!!20KO#R zB#Y`ESa*Qxu=*4uN3rtV)D-$Hl~6jCrB&;O(xtePypHqdYmQ@+TkIWif1KG~$m2iC znh=`1nQh-LYaz0}p7H7vR?p}7W46>}J_dLbpUy(p@5ujVa1ek<2U)+{W-e>^M+#;c86fhIaFkH09Ck z0VA}U5j{p8P*hMNjdGod1%u^{uEc^1uc^yIa*O6gg%tK6u8@waqEd75Rjt5c#SO=- zxpyUFn-1~`_Y|RMiQ3Mia^j`B7aGhac&s+S&0GctB$*Af6t1z|!~0%1vGI(~s!9~b z3Wrstz;QqlCUfgS=!PMFo25hC-Y7>w(MHTuLhG zxt2e4KlN+G69uxz_hCG57goh_@J)$g;rmExh|Nr%XPVC*_w(7a*7%&^bc9$(tRYxA z^h{{5KBNk&A1>7k)8O44A(G$()wB!nQ=6KNY`8}o(&EtkZof~LkxZZMNe2)Sg`tEL z$8KhFaS6E?{A`e)Z}V$&w3GADQrH2~)rz#G&!^<084ZksT6wI(b^a`RnG z&h84dneg!m_i)&tYzEHFD4X7IK-nyGhYb7%b~%{ez#0%tzVzl$QIaTzn+oz4Hv1B6 z#xRH?uvkfLYQg}I*#1E^*?P|p*JT+bXQ>~VjeJz`7K`}Ec#Ddc5j|nc2h4wtLX~aeEyRM;?Rc<@1Al%j$UtEok~N>)K_%eJgR|2X6o$ z|G&uZ&jN=hzyBew-!}65X%x-K@8z!p6$krY*Yhf|e@TA-5GDUJ^1JdDj!uinZ|u7I zACuo@*me#1Jr+`kVp&8qImPOE86}z3Zxntge|CiB`{d z@zYLtD_#_1O?VN;8X3{7Z23L=tN#u8efF#j7GHh-aOF4l=lQpTwin%q zlk??v0uUiPM_z=%Osy2_M@irtn4&Dhf{W#uW|#;(pP=|K)26n3n78OOHVR+^RE~?c9j(GR8EyQnS7oskD1Bm>HBcJp_+UiLY_e!+2=gy zPd@kV-Pd;V*}4S-ebD4H_aBN&Oa95p=QCgK`-aJ9<%JZH9Zfz(?oGnZFE#m`HzRBE zc`|mHfKfgj2D~VwgaF4iZa()?m2vYozABrp;2HlDjhpp+^QCQm_coJH(9<{BbJ_Bs zedug<-0YJ|9(+)P>e|SIFPY-XgBE%A<-u0>6Xn5^>XX;i-}AK%S1A^+=WM;~PGAN? z0Xi3Q;g<1u6A$G?7HU)ZT(<^*E%*VSeda5;(*4BBznA&MoCElJsLGcwV0A6_OE(E) znyqcFA8ly=PPr4`m4hol(O}%q&D&{l9Qr4#TX`MyAMV|EV3|Jl60qLt!1cpK)Hyfz z$?>AW8X6ETfO9<|2?GvX>IWL6oHO&M-Z4Egc^C3%ACo-<^Dpw!kRqU;v-~XK2gxIo z4#>E+*ExFfg)<({xz$lH1)Wq>Ooxo{OreY) zi?-0$`m#{Uo6Odw=7?aCNo>Y>r(y(0>Gq14SLKIjR&0Hm9?t6G!jfg` zAr!!ay^-7P4r78U{sMXp&0X*<)L}x8E4BezO+wc~W!0JI6#LC#^&lG+?Rig<+>4p$ z@20j9;6&?I3i0i_`68VM@VqmiPG2$6 z8}boN0;}gX`8oc5{$$8V5zp7?qJN)wMlW}X=P~yo6vKo4J6uHe?-Ne}y3--?h(;I{ zcZp}pjXq*U`!_Vm{q)22)HQ`-(LfOWRx%fyK{a`JO9sg1scc181$&@bd^*NwkMHp4 z`H+-@z2If)AdxEtFR~Cl?1yGGv4z4{Wr@iDb^1?p5AlDR{%`Py=|3%xzeztsU9Azb zfUa6GotDX~Nc@7I$g}HeDrn%F?-zywNZ~?g+{#6ogSqN#kCE&;DL6ws9ih~SxPpCE z0*A4P2S9GCcGew6dw(415|C|60#n+22a;SZRqz9O_S$?E-`cc!9@<=0D2BjUY%q7- z&Ai&%k##VC{7`yTV8Iabf~hiWa&QRM!OU?vN**3_e9tqztb%h`$YYL))j}9Nk4)GJ4pz>j1tqaK;%`RUg7YS-XnGuf+I{_Cc%B!;m@gZE{BmtQ+)%o8gl$dA4Zx7-mfRAB_xd}Wo9GjA zQR)bkSPyK;PE~c${WZ)B@R*zQvfqsyI543BMOaZ!6iNRT`@31*o{FP(T0jYZ{Dssz zhER_8>ea2FeGCBEpXBGDnt~syOb;_tzwAt(Ohl$aNIRU-TfF{Rb4W4FR*u zzHfprDn+AFi`lbem;yL@4n4=L1(WN|VlOu|;F^ijO@l_AIj6TiZY^$!uhdiBHUM-$ z&%3xNH8@8uvDml{oBy!9%w&Iju_h+V%2-a0?>`&It3=FaXF=xm+yu73+1=yvZ`X4+ zAK1>LQwDT+U~;RJ4>iZU)IQ4@^N#?1*gwCP9KL6-mSlc{;oB;$Z2l4FeLC;r)XYj<2v1%$8#Dc zG(@+gcdM4T?E$>wtj_V)e52R&qvLjOoJu>ZE3yaE?~^`M*`N(0?f}^3o<`g~1i00K zfLq?WxUi;lleVN3X9ZTq_D?Y?Q$sdabeVOrE?*iiO!bKA+A7>&TV20dPla=I^BG9D zLT$-(Jg$+6nMVGVY%$EHaU3MLTeKxu_GhN5!q~oRqTBfmwA%h#Y2%gn zjQ*i>G2+$z36H?O5=@eD2qS7l)wpaUeO_WybZEte(OYnVN?{HTbj|6#Ctg+GDgNPC z@uuTSH}QZ2vBg*{An79Ox z_)lyye%bEJvFZCucV3Cj@K?j~YDb^IxwP>ph3TQ_^9bW0@{HY_b4~O#WXZ*SQ^a0X zB@onNPyL4?#21?b1waAWA-%!wt;iFDHCyg?YKPH>^wgxB^a?-zdT5~>2pTK9#>g`_ zV>HzW*;|N?HTDJZ-8tHl&G@4BgC+ME$6G_o1`Vy4(^DU}IX<)ut5!n?=;k?_6%k`R zv*;~6Vx-s>);x?XEgW}bhZ~)*1U{H~$;CNH$7Kl^@x9k*iAHoK6(&tyR=Pz!oSW*g zMO(EdHKJj&8kC?R^|MekYv?E~19UMWd4 zABNL#jm-$Xc<5y5AKZLWFrC(jf*W@nO+hdhbeN< zst@IjtdD<`YmTgkCexM_Ji5GV;N0A3H$47=kAriJizH`d54k?(X&^vu-9879aqS&W z6qQ9zteJx|GvW4-^Cj!zt$lH;5Hq%(ZuDiXThf09o(1H0yGnXeD_Z;^R1tGEgufHFRC~f^Mb@QJ$yJ~)O_ww)!JU?yU)9DCIH>mYIdVy1jxrl`{8m zr>nWfnSuHhCOv$LH%E+2>_KE)o49l+j`s?>VjSN;=KTu zY(y`k$J1E2ijgXEHo~=tLE*rA@)Mcwl|I8xLU9(}3KEBT02>V}f$6mrVZ&xU4H5FY z$}YH5uQ6llq-H@JM$wd^ITet6X&jOgw+B>o(H8W|L%)dNR6VkcM3%}N`83nPy$z_O zJ3A~bG%zEqK?YZE)=+P1iQfPgR4^17MJ|Y;rqJF6^z)GawX05a(RMX9U1OqG9CXfS zC$jRc^Ya$Dc}xAgN4LxSQyJC|MUS8^4!S{FHP-=mu(?p>E_=FU0+zbrOzL-6o$5l} zhK<|l$5hQ|`n;UWwZxHVyRw;3?h3r<7BSFO9lkcQkaK`QY;TRO)vQ&mj}drQ>kItW z(++3#Gq^!qdOD(A-ls((kzM4wy@`s?e4S|O;}-rd3OfNA=3Vx0AR!f`uI(UA1tf*v zlih+}aTlr7`Zl3Lhk*?2Tl?`2uQl5XSZB^l#<6VRL(IwnU1M}@4xA(aMuVOtdL#^m zS5uf{RR(iv>YaxHOItE3Cp8#aawa6?HO3LC!O(Nsf_*5*NU>e^?J@!wT2cp?R7*~l zj_tC`x)GxzNUUpCc?>k%Z|OO1wo8Pi2*6zH!{{X+Uu6ZK;5%nzZ$kT|f9>%@)*!@` zS^^$VaMAHMZjlyrynt^Quv{MGO);{|zLY6SR293~S0lS)vPQ8FaB}#EZre8a{HZ1P zvzkU{tox~}(gRYBmbeZd<7GXyEIKVvujzZ4Q>)Ia9uv9e)W z0`byNz6jdFFF2UjtkmKpi4cxZ>R(Y~oK9_cH>D-28O@EvfpG((c?FV0!Em;a0+q~#0#>C``}0|2%Ivid|2^RwQ`*qg|eKOsaxS- zyzC_2+BF%5RmHmK~QD4H`eWx}xG2~nd0uPTA zj}44AS)d(SSdEq|Av6jsI1%@5Duob^wazrI$KP>UVl_b4rjDEz16}V~U5YnzU*Er* zo7dPU=4^hkHPvl^J`RMRUl~dDS)*HdkX6-XYon)7s8yEP#+b^o4YwVex+$l8e{=&x zMw|=G;j6+|uWJaGZJzU?`9k`GR1Ii-Lc^?|+Fd|*n07+KdlAJ2Iee{A7%wY{B9yl> zXjO*ts_Ns7onahNe_QTS0H)koG0*D(-Vq-Fx1 z9&p`ySj<}$F@(Rr4#uaUC6=QrrF-n&kW#Md^NU5F!-c_#GfydknHiRCw$LZ3!ktm*hlvZhS?JmiQ3OE8QmMjc_AP6&8|;?M{leBW9EF zMg)=_Q~aF{Hk$_;QZ=AG?T(-086;k%B^uOIwGwJb8;%P>(GfgFKu=oYuPVa`EqMo$ z*;bv-0O&s6s0S|~IOc?>^5ZH<;Z1$oe&IGZ0fkPUI*%^9W8`JM96Z8@0;h zgibT+p#Wyv&; z*iCuJPg(63rXl2Tj<;%}TUB>Ax8djhv7ej7?(D&<^dEMIY5}5)(SJ92xStH`G~jGR za{R`6crIYC`k%V+6E3;uC-i!keZ2pPZVTsb7g#6X5bw_9TixVc(Cn(}qnUgyla;0> zNztOBDNX-tX6%`EMf785o$ygW{8`p0<+aPzQ^Qc~;=+nrqbrpIfp1&~CkQ5B6u%H2BQT=+JpuzfrEaa3kk6X*%i_6x z@@%SVxmHB%k@`MVT~{EFG9%>(Pc$Zh)?(j->(8Te9jL3duG6Wi#J&I?BDjATx)R=5 zR0oX#(~+DEJCx%SNLN&hR>I<1niOy&!8!IkvBo~FIt^LuXLh(KgI)R;A}Us1V_>7k zMEGuUDr%!E+50G{48_x{Rn0Bzg8hUDAnZF*7)a@^%~NCC>r6m@XfJS}u@_0F|4ZiQ zY_2p`;T!!^5ts9V0pmg($6A|r9eR3AVWj-cSz5XrKM*ZYy;m2`JX5#k1oa%uVBWT` z#npNk=x7Vm>{mzP&5c-Ut{Fh}q3UQ*BA4r3ZS2K3s#Ax~V`mi>Tk^1+IB00$tN~ap z3+Z{d=~tcKT4w@q4!2`uM~t8kh2H$YeAO=F_{MJy2BK>k(yzFJGs|8@)!unltQQS2 zKR2+QZxrerRXC#$5E!hy^Gx^?szPw?dJZS4MYNs$D$&mxjO{u^Y5F;zKG?slgumVG zpBGQ_xjOr4{>NK^3=TUspUn$mjYBv08zHMM5Z`NX0#qJre#`d zJyP5#zmFGhl;0)?Y|Rn zZ9x>M+JB=!?8d+^Q|lis_I(}*%&Smd5I0dk;BpWOw&$RXLEvt`SL3ZIKew;fZzqnt zd-C!jrrB$v(W*n_S8+~l`8(535tRWkbSHx~1`DQY%RkWKby5Sl)Zr}(eKFx`&70dL zRt`Pz3B4^?a^a;`Sg6B@4;o%LeVMijD{w9LWVAQE+$98;ST&BO5bMlI(~aoZ$wm4y zV`6m54MjNKy&bVS7pcyX)_W>qIL<4+ibYvaUp-~&lzs%Jn_#hN!RE>kfi+e35R&id z1T#<+W)^(uLWw+W+&pdkq$v}oMwS*$m?FeoYl5&VgCy*b^Bj7Bn<#>qa@1NgN_bC( z5w^IucSccoF@)_okZ9vdcxQPLC&)q1DFO3Kw&QXIb8sEDr3G2GEFAv|=>JrfLaIu_ z@eKg+gJAPunj9do=}^770^h_f*r`j4lodB~RXAQzjDqihJ^6?$*nfcnb(qJ6!dMRw zTTffC0BNWpPh0R~sbNM@#C#{+RaH6{N#RrtcGozpS6}l^0ljpQR7DrvLNK9uYY8^R z;Xb7i`55XE-C&}Q;8MznZXlBp`DodQZiSIl545;CAN|aC+idVtk8X8PsD4vs{udZl z$P*VbVNxNDH_`YSOjw48ai?=N4(B&*Ho&?qKa@Ox3q>rKi0ffGW{7w&-ay0{N|$-p zd;sGJ%xjz(w2wPRKt_LGYtATf9zk6$vAN>x5+P5Bv!&C=PZ&Ra{FHI}>hVR!_#3A| zGOijs{bqN>f%@6#G&qXl%y}&XsEZ=I-7r5zE-sroZT$4H#?$--&nZ{As`s|EVE_xsWKnm#>h@b_7Xi@x}r zz}dL%7zoDtbx=ztr9zkBPH!VM`zWb-r8f#5B_Dui&adqq4zDk0Uy^~#z1l0{9IIMJ zxuq$DK#VH_T7Lc5nPZEpCXWRgKo2vZrGbfVq>66|HZ*56N>fZHABSB@5zUL-^>LR3 zL4jv0aFwh-2PapT+Pz{>iC93=$3bXOE#5B;Ra6817x@I6#TQKx&W*8S6Rv7p`~x=J z0feK|vP=kBats#=7krGAT8Ij9X{Ea>|17+*ls3#U>&j~Drch0CPjnbi3XyYyRC`pl zxjh_T5AnhU0EiU}%{D1gtV<|NAW^JKATV%zaH;}2Mg+^PCC%Xw?MU517|W*UPd%Jl z@B?ClZb>zlCm}nuWFt}-f-v(0xsljxL48t}W#k9#BVc9lYxG@=6vUYvf7t{f;oQmf z9kLQ_vVGBGq(9EXqEL?(-N~D5t-&FfxjS`haL^i%8uF1~VlFtdQtR% zEXiJB-1Q8)9t%(Q8Gf~=3-@^=(g$yCM}!4o6~Xd32FwY%29tUWddDypmeiX-|1I`A zn9DnP(kdFP{j{Vk7lCi#EY}hYOvuQSol;k)EFqgQSZC9f(vAY$p(+;{GjQ2ySwl4m z^>SF)hB`5%+gh7$(Qm1u$?T&2rKneP$lfpS?!cbIg(zPDej9H!M?)Ut2VD zY~<_5X7{BZvE82S;bkz)CYbI zXIKX9N2u2PfKX`Cuflv$+Mt^Qpwxn_zpK=LgcC=d5En%-gSEup0f>tb;GmKCAF~-6 zCvPG(UUr(6e2M;(dh^u2& z>o!BN2(DI*n>uqWurwvI(kPlf-iS`05?LWr2uv4h%>h_VgXKRagq9ahl~y0?JSX53 z)=t2hj#G&QMyzqtqa_PKSh1UPM{3D0ftA|Sq`bQFkF`7ghL_Sk6B^PdX{**Eupt6_ zTRyx(+>P7J*vK{8^Ks>KE~1b|Vx5ai-7j&KyFgoT6#6XXzL#!V)mKSY`y^Jr4u4iv zxG5S_o`r?D>U=llD=bww*#3K9Rf(IDX3FId)T@fzl-HTElyXQZ$JZf8osYnUeoap? z$Fo#*se$89!RSLYh*fw3KhzQ-sexaej1P1_Qmz#6!^3D!maT%=4$oG3gycb6<))B* z{Vd;DDHLO6H_8IuG{VFDK;SKgtIHWqc&UL2exNs(72U@V=c*6&{BW%MA_!Uy_B3F;Dl*rh6;#}ZyI%lKg-4cgSetN8)4SW2A856{tVObtAm zA29uw51sho5rXn;(Y|C)UpO9zHwef69-n*dDPem&AZy@ZcAix2>BkQ+zXbYY{4hj) z$m0j7dHHY`KlD={UM|81uc0&fp@;f#J4<+Yy_z4sL~GH5k63~;I3lB(AKv8$ztIm# zqYt*ZO^OAtpTo&oevulyWh(*aX>i9XoQ)!NjA0$$VyiOJ?Qtk1XL2^dp37W)L`_x( ztF1A8Xw7N2?*=41b<*zW1Y*KdXD#_A(&$gI1|;`r$>;H=l+1cQ?Zt}ha>-Ch)m||` zOZ*JVp#sT|NU}%><(pdYK43QI_kxdWJZ*w}=Ss9f{Hb0?f7Pa=_o|Ne^9S@Xfb=NjZ$auRF^81~t$9@(6iVd<~x?_%hDrhJU5{XAzfWd>!2uusrF z!|>ThxxoH}9DdDT;n-|v3pFZyLCGKCQ^cZw0yDxHMdEK7gf!SkMb6E5z~q60Ka`~= z$@@(*W&bV{Mk8U>)o#lkL5i$L4`%9>Zt9Pi?`^gYQ-6i~a+w2E21UW2DKDP=R0$-v zb;8Yn?SzplKsH}solBTUB4q+Fccuv8TxTn4WtahE;|oB&$i`95ue0eUSK16ej~fZt zV(-Qhf}^2zgmmt?9D!ViIDud~YC?11+;f{Mb5Cb-p7S~gj@kOU75){{kMBjWz*uY# zrJ=YI&rm~;e4Z=OwTH%|HDm?nWXjSa7ezO)5yhMgy7ul@_|VphbjyFwD}S0;L^I$` zdZhR<0rO<>BL1e_UyP;GD!dvERa>2EpgEJ9A(i1`))I`6;-FrNiiKeo+{LAoRL@tA z>w=Jm?O7h=EN~ORmTIEs+zyQSqwzRaU7Y8E+H7Q$0f*Vh+KKPPDWXz}&Mj)H%on5; zIKxRRMQ(e3Ku9mZ>*%M{GvzC!FrY8Ff&+u?%E+!Q_#LXopWU%eg$m z>`R$laldha*MJ!VF?3PC+JPwP<>}|=IR$wp`+1Hc^r(x3t6ARx{8=^GO}UUMJEc+) zNaFjQbvn(J=D>uplV<>(B9jW7W|s5xdUuvv#>s1HV8b4C2_}P#`z<(W*11mrc4+56 z$b6}R{k}vQNO&nTgk>gXmBE^^v_>YDGp|7Yn=uRYCzZ!Ae_03lWiB!E669Yt75P2* zAL0a7Cy4wUI1=Yb0(em9QdluM8LSALkrlV&8>uTQ@43!q_kFVa-pF@vy)Jvb2}>}3 z{Oe3icfO3DpKqLCN07hc2-j*-*3cr^R}LRZ5mx&!mmNwJ11)s%!lyzfeJ23{KBeC` zxdkf-MFygqKx*(6TqSbh_S;d&x6GnEa+alKjUi-jkauBp<3_ij(V4U1^Nq)v`jCafl$pIodS7Ga9d3GqD8;Yr;@jvb2TO#MEHSSP^h_$In3Mp!wQD zSX9c2Y!BjnIgGl)!sn^Ny}iO|tZ}!^*h$s0kCHGoa9=Of!T_N3y;##kbFk`jod`*_ zsH(*;$6IEIxpQ+y$T<}wyQg!06mrTfq--~@kZZd^A5x|c4XOE6TTB42ZrN=l5z8z4 z9Ntjjx4p9IjqSSt7Yq?42lu1~p3g4OSar6Dlx^ExEc!9;a#oQVcpUR$iV|>sC3)Qj zEZ|o*0B$8=q!O$*me&-{yeZRju5Qf$5AL#S1pRQ=sIkNPVrnpC8^X%(NU3UW1RaQc zb1pzNtG>~)i-jKx|( zfYafdVKxj6b#)#^vB=ZorrtPh^7z?M^xckPdeBL+i*2ow8i>T1ZgO*=2ura5lt05@ zflkgcepbL_)z>C4O*StHL34F#1-=5<)UT;O(6$%AQug{V=%={AxTvR~6)xH4?t(9d zRpsJ-(5&}u8W^Yjw+J}5guACjhyw!o)*iAQ*3F*$;(VN^QCt$eo>7QG3q2UMM`Fm0 z41zCQyCcSNPYsNB2Q>h^w4tQM73NrP_4+;w8gga^6Mtu0wgZbR;GqTUnqSKmEXDNMi7S=%1z(VZhS@n7$PYU#qkRFMj59doC14* zC}0%+xV|Oc(=}tzX4e*1+Ny{JppBc~W(Spa!V<2^Gkt__=KmVsBeMGg zaShaI_U9dzKqzjD%orF9;@pHh=$XGHA`v1;@RwE6zss;HbQraj%p(Ef$xHsQ6C6)a~KrsL(a>BEb_9*I886-s)2)SG7xNpH>n{#?UwQ`#l+uL z*?f<5=@xPQgUbA>TkMr;8IVJuCEjmS{#8}p9}2%^zi5+<;ux**tBG(G*(1BTZ)OPf z7LQP8Ohf(*SRs2AHhdOZ!?gfJ_ILsJzA^LCHXoFhJO(tN#@Dy6|AOyMA!)<2xF1AH zgEKjsTz-V4bjqimc`Q?m3=wfKCrd&nPxz%xMjq z2$8;et3LnZ?ZieiMNi;bn471n+G{qJVkg6E_WhB(KsZ)Wd<}L7Af_AHxUcbH`0m|( zjUQrP<4N!+!m(O`Fxmqcb?&_Sg1^O}7cKEI9!s}{_cVnN0gGqOrvewI^3T-GM@!K5 zTJzBX_^CD*SE@JKp}6|G3_lm9s`~|+lcVv-23DKDCpwyw6Ws(ec@>`Ydz+KABbf!t ztP*GA%ywU!YhrHd2Jt-gT^|{@0eLpa4jP0|XnK76Zax0)ZoTh%-CS5taH(pQoJ1U5 zatu=7F+ihn^cEYcBDQ+G#zw9~w{i?<{UjS5E5jiRyV!{2HmfFPEo7s##9K&7Roq>j zV^^EehE&Du)X>h!16rhcO>182w$3^FI6#{7nEj`oFfo&j2#32@OUy!rwW;w9JY>4L zW)VOz0PYF*cPW1%&zox+`DDNPI$C3myjR$uH`{8}EP}c5m=-?*Z=lzJ;xwdMHIM1$ zOA)iPZVCQTZlizuIbwyiWETN&HSP`t-B>r;wHAoRn$x-o=X<$Gus>^-{ySeP`R0N$ zUrIkA#L%Up+6Y!)k5n$chhw)Dcg2jG5v!5Zoa6209&S(9!2^%>Geeh%mRN}A$nxtZ zPyGP`ZLWf*?%8Q&y8Xn+|Xh_e?eZr zIRjWP-9(r+$qf;ROai@kcD}>1TO!S!fr5aTu=c*| z^8=C9ZllIUR=J^RMr7qww^g-fnHQUeMqP_m!D8xDgn(E;^I$DREtID)2)4VMbmagC zu%ov>itEHY#X)VJpb)~+G~}8@R)AJRtLRp>`$E=&PJ|=xK>~LK-k{@ji`_Lq>!6yz zjA8CsX3%ockz$}+YS zuDY5)dL^u>=>hYgxT+pwS6B7Wz>kU zU2}iLTqo)|eBixLQ6PqVV8f4t@%=~5tJt%k8LySt58wNUv#@Uaytd?=VDxAlA;DSy z3(?~c@kl+gF1Dh4D@z*hBe>xONwRU8o_GF)3vW;c-lndEhv{{<*8npV{T5+HkLCH- z3f{Q_55ddE2MXM;0nTe5=yR(ZZ~78R6ZDC5+hByy*$b$4w1}=WKf`4?c-E;ut$@)o-%_n8&B%40WS;0NPWA zNndw8RV8NCOE^nl8oY|3TCF-=oAVKNy4<`PHc5J!_7pSareD{`@gYCGS=Uypq$b&T zOnI;h)QCtj>>B>FpLUC%_JGurpZ-afy~XiC2M?I7MoE18w0LWgapv4(gTJVynUg5K2bku_49%HX;D9~tDl$D&vWXhS^cb0Kg-q6 zV)gS!_46D4Wayc@xpAPQZhmOT210YonKcDOBG`X3`c~pbMl1fOeGwiNF~1037BOF? zwfdZUL=|^@HqS4jAjQ9I+hQ{iR{n(+e;et#b$g@ym^!r%&d1R6ZYM|TH5<8fI=H#IgzkjEFtbNVUHOigCr7M1 z8u1>n5E-x99?84IYy0h&QW{w`o1t6t#j4VhujM0KYW&tKxfe71{qQxL*4byEk7xvH zOO7FwR6aH!B?&P7bI32Y4-NAhfcgUI`DpS+>ajn-g)duT+vSj5d|oD#etz_kDq;=` zSkf=Aoc70&jXrqxPygZ#c2SH`4@OM}hVvTrrQ3jhD*Xw*__i6(@zDi;I?(;K5Z~OD@j?T9ZtPnD?t3ae1?n10;W(Kgd$1 z-uM%?l9l)| z$rG?o2@U3Ul;K_QG{b2@qxl_u=PtB}C4F*xj6F(k+v`VD$ErS>(s8^=A5GO`E6zTm zo&2$+k6}|fEViBrT$+MQXAEmdEoNcT$PZgH!#@|#YKR)c%~BYd2$Z;WPHS865|ueC zqf>w!BqhQIg~R)<{%HS zLbP$1Sy5v1{0g*M3dXYvKEZ;i=u#5j%Y3#*E=4|PF!E#}z+~~%Vs?=^f2*Lmo@_JLKz_1+qJH1W0_Ls8b2oy*J#T>uQ0`QuILa2^?$!FCu zm|kuTOPJUWWn7POHiA5t%1o!ZW+Q)P!M$|P(=j~jYu<%J%BX`8vL*;|c6tz91Dd&W zxhaTK(oUp=H%D%q`HF)JnSrz=n~{N?uR(=GZ9ZE$|Kl;lW$G$Uliu4c__klVCLc-+ zG`yfusr(&gM*nH6|780mlo&}3 zp2!UpFx}yH9HSoTft;oui|{yFJr2O5t{yA#Sg9WC@mQ}O$B;eTR=n8=&5{tG6-)TgCLgRp6&8qH!2&B^$VbfaiNFxc zm~ujUX=77z2J<=Rf(bwlL=(Od^O4lhd>zhCoZ*CrzIfo+1|g%nkh-5L%L@!kVebYe zIf!_^B_}q!%XlpjV?C+GWAI~FGlV0xnBzwwGM=v{j`2W&*z91AmZ(&j*(e>3lOD)` z?c+_!n~-oo_x5PemvW1iI2i&l%bvle#PW(-EpY+zR$QtjF5)jvF96qQ307G#9KjX% zrQzfDQnVC~z-X2^7V=HPchv!0K?GY3J7+$!Fr-GOeETx6ueKyfU04B+1lMcg+i~b! zE>6|JvvwD2#Hv30HOY~96cJKWx+k`BI^F_xscSnUf}JZifWjVC95DK8OK@D>-=Ie~ zGI$2ZM;7^-b&2#IrU1{%HRsbCL7(q7?v{5&zJaQ95<4Lw8e(Z z+7yq)ld*MHQ`d4DKT%6^8?1~O9GlpXd`lOg0#p9vY&6Chg^#X12efn|mLl<{oI9nd z&d&&@O)~M|+^&*OKp$8D{Rp5RkR%-$14z`(L~$i@MBpF87$u4e z@nW9=s}J+t5}c%G-6IgPoJqEp{25?iS0U>ZhkSfRFJf!7QvJsTY0RE8IF|=D%E5{@kp4k~^`V3I{;l%N?C% zY!h~La#VCHe?50~>Uge2n)G@8dNz9<8psM{&{#qGeunn&sn&eKo`g`G2#%e*lZin$ zF`*LK3MP3?bLbA`!6Mb1-N2Pb}y)?P2zDSV+kK42RdFOg_dD&t}ETwPyaaA}ZLs z2`s-eC!(!B3XRBRN8=Uifd#jPiD}3X$$8P4C>5cH=ST_3X;nb*8S8_o@P`#Wv<1iF z3+N&5KwEkM?3}t(Z4ORWNJzJxKFFA=dLrI>ly=t#;OOw4M6vP_joYlJ3jW^OAB58F zW%_iCZw-#EIGH*hZQ2+;k{%u{`2?+VczHYoKPlGwlLDOs{R9I2Fwm*02B~BI!FBxT z8|$Dum38E)M*DT?NKaM4dUOZ3%&oh~rKfyVH^_-8tp7)SF#gUzAofXjUcNUOh=q3& z0u}8)@QyZTm!qrQSxgZ10Iekr{$9PSO@U3x1F7?W84adFZVrO;!nI zXWqkyFShz^PT)PFt!l$64$lM)YfmvzhKgL{Tp>AEw@s{JPT^$O8ZH`2nQ?L?t-kf_Heb5zt z;{BP#)BMC=HaeGsI#jU-GC6Q1ubX&ZCJ|RzxQPoJos&^4w)YfcKy2?l#_-tQBE;t< zm(d0BMTYWL@g1wu9unyzAw^MJkqd4?6c{Lql8s4vj*IL&kdNYsQYVIUQ%=+t=tzov zgrNJ&@W6AsJeXJT{i)3RFuZ3~If$Q?zgK)?@C9d|n>7F9GAbc>^ar$2zf@?{I$Xhr z4Hp#6ZU0u!3qTTl0bZ}f>540gHDn7!htU$4NLTYkT>h1Rm67C=#f^A0y71z*7AA(R z1=P0@SfFKmkGJL+!^QIBK}`1JSP>>9O#d3o04@6G*m*zttbYJ^%&IM%(Ko%yX>t@9 zK>(H(=qbE1ZK884CAqbLN*J6y@3%UdL92uN4pIf>0Ec7RULK$=sR(Jw0jL%p)?hRa zIRe|NF7GLJJd(Nw`@;KmL*_aVaRZ8ra*Yovm~{!Ri%j+GxesS6_@`Q1x3UV5Keh?r~^CS2h-v{wOUg?YjfA8-Py|$!VF176dOgps18^{@s%?Uv2mm{xN z3C}M2xYap<H-kA2O>^f|sGt7or$qgntbY2apJUWdNd0tGKl$os|8A+Ml|QlbZ2my$qlFCI zrZK-KDfWWVxhW~Uucs1{F82E_Y}=+Jz<-!ME0dXi2N=e1)I$jJ1OC|&$l+S^_kslA z>t3YO$XtY98kmpC@8iW!Fn#`dq7%o346Gs>rp~KCtL#y|_X)PPW9(z+l_3epqA`f| zk7to)fA>*;{_CEPh{*|$NG#cNhjc*&7sXb&-564)CH{c6QEev}q6JCu?ymj;o){NM zpNjc&cb8Z{VlLj>q?_LZgG2L@!M{A(sE5ULiV^_UZEv>1LVF9Wv0Q*2&=xkvR-7SU zqkjgp4P1Q1BE|j&V;OY9NQ}7xW%sE9tpHy137-j~MGWdHgXD%E>I|-sC~1IoteP?> zf^LT)wWTK!$ow*c>mRr-;T3ndv?WI#kG{akSBA57r)sMTXDK?roNee(XK#)l_XSu zxqie*6fZ`_3s7NX3KRv963o((3`@~d$<643ZZ1|fCJ%jBDWOL=r|xeA*h}ltx_f~gjtCI0!)VPO zn58saS|B?s@xh)61Bl}U6o`mr6bpt%4BcjXE1e4%9eG{I(*n~MQMfJ;+$R@txX{ki zbS$jlV=dNv@FQ_I(tF)HiU{arj3EL>a0mzrLx3OqbQW)$v;Za_#yI+OG=8b?p3ssa zQaT)0aq3`6*}9)C0Bdogr@CS-W*6Ps5Q`QA{pHQLN^(>+H$8=de)x!=-vK5B%p6X)br#!Ltqp zm+_}#CCDCy`L>Qw`9s zpwz&Vt{Pa;Mh(D!Sh?ibI{5fZG{*t9)zyCC1FwQ79*TciU_6vf+oxypNh>n6jngp` z2Dk(RtR*Ml!EJOMaOVudyQlA!{J@H%ITBNV4&{h=Ld=yk8`@KBd>)Pr9t%n(i3??e z@L@lKSR0Yu{)4RKEF>Lc5SavVvQ*wy@<-VZ!SiI?-E`Jt(|{w3e%HS60pd|=w|^;w zlSP8ju^kQeCTNbuE;MPzYgjq^mnr7lA)uK49pXzmduW`slf7hd7gGwGE|xe=Pr`b0 z8Qw*d%lAp?2XeeOh)5FSO~=l?K(x2lNqpP`c|mj?YxlXI=<<3mxa< zWd21aI#~aFE&Yt49#X^Jo_;6`J(MW&5R}Sj13OQUQqaBYxWO*vk&#MW_!vK0EBT|y zXwA793|R|>*sR5p%d8LSmZCe-W__Vu07@dlPHiL6zJ{FK+E}+O2b27ZxU~oHyp*EZ-+0dF`F2O@(RMHQ;xmDN4WQ$+I+iHg}( zkK%B7)7!)`v*wHb1SWh>v2+mt-olS>*DF0*(c&OE4JT! zJxuH1U4%H)ng?v|Zp7!C?QrTw_-W^U2aUub;p{Z=n2( zr-R9z^Kgo#7ro376)$kjZDv+{)QN6<)CqHsVocOoDn6=g?K33IrUv+;njLLuK=4cq~nJVe=lYx-vIwrWH|)zgeU#am$pCC=U5-D{-e>&?{;e{O6N{ zn$L6VLuzUlxwa?%aZzkums^Y@Ku$&Ok*KhBYg5-2hwM*}h4f6_R)VwQKC~x@{V%h? zX4}L|?A9Qb^>E5K;xgeK`p~Xs4tdngw9UiRFwH|2+)0A7iK8c^2P-Xs+j61}+LGZo z85-NvFbl+2fA40eu4!#Y_WlvKpgo)}2K?IX;WAFt7LM_7ey z8^L()mzlNp)X<^{xS$C!o7=0+9roRz6BuY1N5&W*MRQL)dfrksr;*TZvhaz>-3wiN zQ_O!HJ*e|sNp4L=2BUW^oY!a2A1J$;Zr=b&rt;(Ld_Bj;X|wrOWj<%`3}~=w@Mydr z-cwVQZ}itwSLb5^sP8(x{Ho%RaRS#L3qUnknAMhGr^0%BhYS`zqOmx_N=wY7MaVr> zn4G_;cVV+NCLbh;F*nj^I8;yplj_stGj#8o=_yW$E13o zKj@g2kOhX*kr8W}n9bwRz>dVVOP`E=bp5*?%CS=io{aYRJ{g^`qJr-|T4Ec}&;h>F z1LdqB9{b*l?gSj3iXaPf@>;Bia+~DfphBpn<0zMj`Ph;p*JFG$LZ1X4G6?+%=Vy=v zEnd~l?I z4yxkNLZk#HR$c3C`uQ}SEMJO;W5tWVNRs{n3;J9fObc5wi-ojFyU@l*AL$Y zbE?T0mDkY7HSgw4IJI+Ym(3Hx=8z&;i*@YOK;Ae$jEdP zH2J_N^4SP9;p`WOob>=GIzfWClyDE{Fa7e~g#U_i3!XSF@dD6=yIOK;2Td+6i?Xipdj|G*(+hjwXHIm!o90#Um9Fr{W3V6cMw!Riw7*(10`j~N!Yyl zD&|Zr*%|gALzBu7Z4q=z=Sf8+RIdYYh&N=%G#H{Fy+|I+uyTyImh6F{B2DYHCianH zJ^-vrQ2`R6y+%o$1a7$57Rxe~yeA=&np|+;LTdzKGl0BG=*SBuGywLSkRsLSCoD>A zMbQ%XfNVglk<`_YIMgA)e5!vg<=e0dBxd z|A=jfs#Dr}v;g5o;FCSRaCuaT|?6xVJNn-3XiO%Gb>3k9#_U`imbS@b6U&S&iTdO0F(6 z{VhFbBQaMr{fJtePmkQww?H$@U$1yATRFtv1t+LIm7{P;k#3z$NAkC^-->t+P>pee zcn-n|$Oe0&c9^VbgZobmtl56V{C5t(CEsO@xiM^BTttS26WS(WPc$_3kss*vnaJp) zi2*Ia9azrUV6O;HRj)O%HhWd^7>EsD+wZOh{vJVW6ZTJn9;%B+gY9rh2_#MpbXO`- z90O+b)ID;zYZ!VHVwd^gDT2wC?iMlMtmCQ7on09<=EBrfr(!f<43dmS1HS%Z8kpNE zQqsPc@nHB`NYiL-HF|!Bq$H#Qh05PCf+wdQdiwX(d>OL?E;q`yn&WWS}5%LH$9yq$&QMX3um}LxLe>lXybQ#RzPuqFD_@ z(4A}!U$q7Qg?87Wk2wyFA0=rAfP}QfG<<=eO~Y0IZ7IUi5?3+R!`_FKo0RJtj5nOY z@x&tF7R+f6ip3jO>33UO49%z%k5atj7I5of8 z(s-BcdpK4X>tx5DjCHcGws1YIwj?bk-8%lquTlbUGs^Yy8-SLc^YI=%5lfXNx|z!p zN~hr~%1@rLX zq%r(LS#EvUFH~*ys)0%?5UbpNg8<{}L0rww2`JvyJ|C_(4=Dm3pxHi!nUSkEcS8OH z6Xst;brwG_T?CBj=4B{;5#;RL!YI!5FZe!Mr<+57pn=2jcqJCx&O4edes1kvjB>&G z{GK}Rz{|`=JRW~0vpMH)-0KA*xXs|@yv{7t=)QAewR!;BW1qbZ5>_bmO6OHJN%4=| zKmMsvQ*E7CgF!pbYro&(a%r*Z#z75#R9Ykr|2ZC|;g{pV?x7l<ycEnQvs;{tVmh`#VXx-hB7dw)0(m+z^Dr@7Ggv z@$)h{_bzY(Oh@=r_Eh5#k7;srPOdh4~N;G#kj-o7L}v zmw-*|&g|vfhY?ldXWa;%frR@ZX>QQff$0$KSd7_auT?SuVW-AT0)z{Xq8S+8K^4fW z>^RNCZ%})xMrMzkvcXQqftjpf$yS(m=%6|*uofm17C1q=?DXAo@E)R0P@J*>Cct)Y z9<>hQ!Q5|&Yw z_+!g)or{5Uj#2rh6M+nbh0OD2D|}FvA07&k0roPaH6QR>0z3xnD=P9CT7BnUK&PBk z$B|Nu&~$N;3^2qpQwoVM=dU7WD&Y@Q>u{JX$+U8`HMm5N?>|fX>AG5+MpJ9`f+f>6 zu}w=Ji`phM0I}5G@%_Ce6hpgX2igE*piqz7Ioh4qBU9-X7(O+n+c2{NZKY3|zqkGa z<6158B67y}<|00OBQs-`e88xTAS@_s1><{jqOaAOFGlio==>;z@+Y%!AJq$yyxApK zCZF*S597FaXN9!5U_}@*mWhFW2V%AjDvLMBaZ3eNwad`1;Wvg^A-5 zTvThWb^3DvdG6Mrg2f~I1&o_PT94xaX(gbi*FgYC`TGl`u7V3U*ILa^ABpxLwnpTEZL0&>`T*0P+50Fw*DC6p!0!Y|c>YNJ81uh|W%s^S` zST0Lf%58v6_6brJ(~bW_+q-~ARbBo6Gr2%O@T3YBt(Pd#LRBQ*UIK|`Fu^l8Q7WKV zwbF+AVrwgf8HLIvI5W!WaWu73snx#JTWxDw+ae+ggj)hCHlQMEQHr;77!~RTA`1C` zzWdB1foj|LdH+8i&76H-d+)W^UVE*z*N(zC8I=}15}x=rO-${fyCm7wWGJf7oLLmrhQn?n%2JL20t4Z^E_U!80syRGsMyUM^?*|} z{uHAP8d;t%VmM;qZTOoCO)J7gqKp>$b&XFUJ&9GWkICOXuI{bWCUe@31WPRDL?MHH zS3L(-J|Q-5$y^>X%>Db{>Tk548hx|J!O85W;t;px^v$f2{Qd9^_zD_SV=cz}z-Grw z=5L5s(KamG{7qjZLFcduO{CkL4NEx;iob+ehi)DuC=T|IsEZ9>vq(dHee$g-$$h2J zueW32?WtF1EYU^rzi<>%mV)f7(FT1KWjA4a9Yn3uu^Ti}i1pItj==8Kf;)n@KF_@X zNj$HG8V6>aExy%zLU^v-9i%hw8$}FEMgD&a>Hfp}>tLI0n)5}q~2MJ+)d)i$=vbAfmw3RPP|ajEUL~x?DX0c?G%*<22*Phm2=nV9;mam_?6(M(EA!H z(7eRFv?ea$5iLS|%PfY~$jl1QV@oK4rpr}ai~)x3@Af8`JgsIGm~*MMxF_*)AwmAZ z-Z0X|A!wCoR;~aTuV98JUG;9nyHvk=DSFWAbKfr4P z(M>-9B6BH8$u`MWatu)-g*ArK>r#RQYK8a;@Om=z?Ekjtn$ymrJco#vK zD19Ey=MrQJAz#p$Ar%ETyh`wzl?b~(lSD%iz!yz%z0)c=?Q@bV);rIFGIQUZu04no zvz~O<TIrV!BK1a$*P$2Sd)-j4 z^$_FPC~NV>VO|2y*lotE`3*;AiX3bCCavjAY-F3(ci`^)ot1BwfHb|HYuq~|acC6f z4UeFk%C3Jr*-7rgwr1r zcKXgCJa=zN4-R^_{frpzZVr*Mr<_d3_0P^MGT+!uUq@62zdzu&w^e}(zO}iHIi6$} z7M-ZPbGPs6m=iiN#2*yO1G%s}*sfS*pK+(D!Fqfpu_cP(B8uvtWIO$gZvin?eUKs= z?=}M*T6O#X>K%rhy}Jb6c0X_R*+sA!?DRpd4(|hm3vTfvUt;9xOg}(JY$`9K{U>)X zi0zJ@3Cw)FIWwf0veN4Tb&~BCo!HEWjN;oVZ6bs`iU{9G zEN}oTqu0&wqzGqMEP8ru$a`kxC$h|2J-sHDdBj``Sz1G-Qq{fheRKII=p>*Q-V1zj zu9Pq9obSeDC9rS@?FZva(BS^S6uN|)&0lv0=VB~_0PhOb%d-t zSNWsJ=FPyv`mTQEV0qn15)X89nwJ+e|$f%>EDzU~#@VJha@UTDQps(1($bBQ2v7WJA(gM-Td@YcVm zTpr=9RNX&SZl%9M+(8X&;6TQaB4~hufgzb!|L+@kj+p`a{Cv2@>!Z+|*5cRJ4++&! z5uay#I3#BVU2OAN^YjeGp2cUge9gBOpTMWib$0PzgNR=F67m-26kku3de!u}uJf6( z(y-mW_kScpSB12Hef;a3Wd?psIMZ(}wP{WFum`u<`1ruR$<#jCp-ss6hjFa9{-k7O zPtmi)`?h-xH_yKX@Ah%bodMVL!&1BQ{b`3so%gbb5@`+|I=M-{e9XHxkZiKUACAsk zF%Y7^#on{qcKekhp6Cx8tGN{PnjL=KTjLdS7TOU-*bZVAZ(K7ZbdDg}^NM|Z8w&|7 z(17^WB%dPxhI`N&uT*8$A2*oG*~M!pVD#ls7_KVy{fJ{yOYvjGhP{#_3K_KXO2)J> zj?Pz>VDZN9<)teM7(@0UtC%zDaVrK1aZWj2k{US3zsCk|qe2Gr8Y;;?)Og~xoQysb zD9))jQ+v!g@dopA)*ti z2C1YQZ`3tx?C{yU0?st}yIg3rLTKf06t!5=9-1B+YoDqgDUj^U1bDa<$fbx8U@Z;pGFr%r_p}rSz#jBN zL(#8?vBr=8sPfwKe(`VH4O?Sw`PSyq(`o4)?;Nx`(uG-zlSe!|7O#N)PJyQd6Pa8ypquau(ZuqHe?VR`W=zI7qLrQApVqQ8#Atjh>^9;;)(0vi zQ+!8$0wP!WcO9n1+~Lj1m(a4M>J0>wpY~}9jZoyAvB^(+Bp!QGqnrK1U-BclTIJnSR^@8T zSM`$vtGemHs!CMV@}}$)E$4THd>y{5!9?`s)A)?-wjxn3%kxwXkY3Mm&1U!3(S8}Wp;^mQL zs?6x8e#Gb)&=BrvZI#Ey3*D->YM5Mx=}~ft*ENlx3K<%@fRN!)(1^TtCP5v0 zyxtsSOae;o9}usGzC7A3daIenFLX|Ms|G|<=L-Wa{S#WB#wE7lw|Q4??SOVrztn1f8Dc4P_OeAlT~f`7lT*a zU8^GK=V0^XoF4-9@y>ugZQ=4hvptMX`ve!o& z{+1uaXr>QO|84gigJg_MYO5}ySgFsb<$#gIPJXM3N9XP{qd73wACQ5TeMZk+=;{w7`X8mU?wqI`B`^F z9{w`8=LCCN1cMA#WS=>QYF%=vbh#m&O(6K;HK&GRl{>p5c*vAI^^~2 ztisP`{ow8O4eL1n&eiT3t89x8h_Js#aMn2I68`o`Y>OD-Kz0k6p3v5SZ6sp;&+NIa z+8*jFH{sv+nP}$5uvsgkou@VkvAq+6_N_Pm3 zJ8CFwJqNr|LleW2vj-I5jJkncu4wJH58)mwrd?O~0Lse40qnn`P;;bK^xd=kH6kzj5QP}AjwRZO(DQeg z`M1)8h&3K?bNbzALyNU|iDou8rQY3CE*P?NNy`s`CZL9<&E1;F3XL|q4_i{ytt$6= ze%-*sal%TSsjYx1UyiBkrt) zibMEa_ozOksGy;ua&OkfxshChPikm;@{Mrf%7}O?1jbkCNdUb?I+GOaE|;J`OH7nU zfAp0jh<{Ig)%M92*MIqx6UK$STT9HQ-Lv&P4MZq;cM8e;)vOC_im;kO56oTmOfzGSq$y7?On(uQoj_GZuNa@OW5m9{T)AsU-$ZH6%W$>XdkS)$n*( z)oFUq=zG9vEgr>jq9x4L)-T)E^0wVYmzKnzjkvY*L-R;j8P0BH;f5p3=bXc!!Y$#` z6q^~TGx+THTf#zYM)Y;>*7pvEQAEj1xnR_Y#oXfkYYcF<^NDP%P6fC#0d8p3kf!*_ zK=)Ok8;EaC&bwAhOQ{=t0|Xy$CyXhHuj>xr-y-NBBbl#%5rEjTQ4%xlRbh&yL#gI@ zBRdlB%3a3iL~9ogpJo)ZsY93)#6%GZXu)=~ro20~XJw{yqHbxN({UPdvCJ5}`%wRm zaMfvvkJ0QD*n{_bRa$tC>;TJ4{WiAI9DyygQgTw08%X~~z9Wn%oghUkIiC{dJBmoG zjO|N!c6!WtBYQM9C}qJlsT1^suz5Y*SoU)(^%?EW`tr(b*S~L;L3% zD=ifg)gERntSI-1@qO>>jsR%cZ#CHI{3D3_GY}jg{c36&YZS4(*%L5`F4j7H;Z46i zY`A{R!I3NB&e$UPp$?OXXPh;5=cQ^tL#Wm*$U+#w^ zsSM$DRK|MZL#bnMblB6nS$@%-y-U7aT3j~wgZ^JCEK7D2T6L=`dsxPsoO=m+%boU! ze(#k*1+AO@rZLJC%`f3MR*5$2852?UVhz9E?#DSJ23&DV{5r$pPvHDG5p8KrpcQVd zDI;SDRy+7PQ$Ox`*uguahQ+JU$z!*1-qlTR?59|XTv$5wYQP+&S3ip0TL=Wns;1)j zY`gG6R41{`HSVZk!gRZ`?S>5!M%Ye!a6Vk!SpiqWx)rVXyrR!%v18riO>bj}10JfP zBgaBzf3tgKVS-zCqe|SO5~p@^O}0fbf9)1yEYUiLJGUR}9xxt(5eYcEWw{a=C*6VA zHrrWN2C}!FUt$oh_55H@chB{<{qB>FSc6RcIZRmdeoA^QW0-iS#RwLWTzMC7EDYhS zB-Ds20npwxuL9&Gm^G3t?iGD(U1dbC?qgGE3gUx}gR|`kQbLp5!<_j#=mc*ytVWV3 zQw6iBm5{+`HCoeWl0)zz9*#DAW|U{Rhm>+c40X)?y(&g31PaMf2&bxUI0V;ckO+;l z%rV@tMfDADj~>zQtpJI>O^6V;XegYOzv*8v{;?LZiw5DH@Fw z8tqPeFOLJ(O}7HGL8QZULdzqPmHLz7KL?rCy7M&vT-4N5*{xzWSSOh+p%0l|P^TmC&u%bDijxL$>5HGwM7$7R;MAn)BWi|8PKy!oTI+@lXE7 z6#1KOk=fgFI54TTKxcvMeX4E#1}H}Q6!Jql4?QpkNABD-`_c;LSHh+)T$q#`c9NBT z4{FARP0hboyeKzUtAkt`CWBXyeX`}y1Xgi&4fAO`<~55f_ucHU`J|)6s0X~(U4o_u zQEM3JxCa9(d0UjU=-{=KpYxn+kTwTZS8J1;Qeo_?Qe%u&lTOFgbOT&<=bO26hkLKT zRlo(u=P+q|LI(hN{Fm@LR9YUqcY!CdpBToFL!xoy8q3^gSS@E&e*V$5xI?`OtSt7z z;?~ep%$im}hY4DkIQivQeY|(|Ki&SNC^u z?Yb`W6%yk^Wa?aB`B7pUJy9(&r_63hn`+(K)d!<;?s=p=-i5E5X^rDb_G zb}d#dg^vkx!CbV>NWxx(chcoo9?^2sN~?AIKKKM0PxNBZaI@X;QpAn56-C^5TS=zq z(Avs%H;i=F;h02u^`rwXhMnEX4s2!?eXWFk*-q+fA%1ab2Smw^9*HMcm^1Mrj=7u< zy-(K*xxTXnJE^=2rS+?q*N|BlwXdf+=Q0rO>ZS8~bTHSG-uA|$mSd$vk#w#y+IB1k zTfOVRch+~$^BSwZ8j63HCDG))x}EynWhxH);yp`H5@!sC-~nTUKj8WSw(ObO(qlW1 zFuCQR){qf?gL8vv0*v49#R#!@189iZ;q~69^bYTII^u5u*Vn zTzAnR4X$^DtmCzHtbzyJS{m=qJ0#lkFtaOZ9jQ%^u`7t+N0d7I%zjAmd4QaP+{%E5 zTwCh@UF@B-v1KoCG-)lq6%L{JfGW|uqaW`p^x%*cfCwi6X zo-rk<7$~fI?98%>{4Di=(u+Xmjiu}p%5acK+sL`SZ+=IxbD#)DI5&V0nYgK%%Kp_x$-S-LU&T1p_QXTgN zbr_MCc8x&f6&?IaH<4Gga#j3mxf2<3Mcww|oZBPuw?OQ5V9vzmyb#Qw&p|@4Cjx#) zqOe+L%WUrmf%76-2o_zoxke#J_Ufl^6f^_7-eKRG+zaP&knM z&R!MGEEC2&*_S`w-rt(JgcJvws~ieKvIVo1e$C9yTBbNUcdd%icCGVw(|D>?vUFb0 zBBznGpSdMD8ym(H%)q)lhqV@RQY+bz4-G_NJ3-co~B>RRGQyHA<)+(cR_JA6+|re+%;cJWP%iDY-k-a2)#&a)qOp5(rOI-9E=yf%_YCEj*FDDo<@kQSl07X# zG*eGg_grPlb$+*8AfU;$pnI-C%5{9VTr0Jbiq`8ysuM3})HTu8lv&7H-u`g*>45L?p93FBGlfjrvD)9e z?OV%5A-xoX;h%$=XNB<4`wmYPvLGb?tOmJly!Z=}fF>E(#V=l@LhW4$-wo4qC(|6| z^~DhI93N`j?{}(kWy1phH@d?p4AL(GSC=Z+=uvih)trvB&%M~rf#)yk)i?+tOu)Xe z6|b@|1$%r_j_PV$x~T36TeMIomF1}JoKaF`zGxO~_BjOHlO^thOw~=%2NbGqx<01o ziA!GX{o7X-!QsDkIc^N(h$4zHpBbW&59a9hn)tSZ%Un;Hd`94Gcm{KX4Iy{rP(0u~ zn{3~ALl3w;XXH>ce;Wj~CMJGn)OqSz(+78viS_0LLeyLjtlOosP%r)v^y1g>PfV>T zqZ+a=HR(LKFEFLb4bHa@hV7M?wTGD@i?0nC+S(J^djDJ0y;{o7Iepc}Yk@v9+evKm z<8e3T1CiOz%dhljE@KoBpk01tC;zq(D3Qd%!VSd}xVD2NGiwxsR^4AQxh&}f$%0a@ z+kXrA_4NTH1ny15ARW@l2a=mA4A-RGkE-&_*UJvbt%M~(0^Sa(h60@>a`l&fQNo}v zN*MM<2{m7oV1H4Z4*mGNgJ^HMvCT0wN37X9e&RwO1N%q`frdp@} zWn_pKd?Hylm&1)8RYmva0)n#u|8Q%!2fY3Ddl z6Z*IL(XMyTj{}JSn8H3Mnpsa)hS)K={L}D~^?1>k6Ge^%vKsDcwI2| z`?>WYMb6ik+=fS{e^J|u2g!3kx4r}5W9#{sHU4kmEBKeS{qNx``M<+=K!2I*e+l7# z(BA{<1Hb-%t*_?)Uf%)uQuHsO``^z;+5a8B1ICY)`7a@S{(u8NqThi26!y!lx8b39 zk?pkoa~%`%?0-S_b=Fu)%To%5fMWdn^7a>$&#m`=+kWR7r~S@8=(ZKsvy;lVu~Bw^ zM60{MPd&YuM#S=>m3kJK8_z`su$qs~eWmw`&vR4Hdvn@3m(z|7i~;bazx&4o;4`r(nVGo|XC;%OWQK1Nh@YG5Hu7;d|1< ziB?|c%yNX;@rtPXeKt1oJ0^casWg?TR^||fNiEFG6nyU*2K*DxS*tstH1rxB z)9c1&^e39iXITC^VsmsF-y8x&Fd)?qW@(toH|Nc$bF2nFS-e|j+WE=ncA#O-^P^=@ z;fsdMzqW0We80pG;fZk?P3x`t&N)!;mH0q@4zhP^IM>lW9h0^=HO#biW2w4a>>awO zAQZ`I^cqV2uc$KTq?mJ7JrMe1+2W$Dqe@h*xd6S~46m~@Vm`cyNLUf?;xqL|IDrl& zQs>gYbk#Yn#QzEGK9v~VqW>q;`gz>UD=PPI)Ioqb8XSNZABDKI$-g|vqU+a;X~=g? zuAN?Cz7s8p+x0Xe&*s<6moB*FvD5#%s+Pi;N#LFYc4+75?1EHY z94G8TE!ai61pUhKwr9>Z`E;}9aV@sAnCY(Q@c(o>o;P!@IE+&c{P#^NZ?|#ThrP91 zsFxjvTDSd{+)|`Fy2QVbXw!cYiEj`vs&Kqg@rlWamDW+gcE4BRpKCr$Ltcjl)M*hk9^LJ2-EthM zPIE{3THB!FoAKTT8oyUpDZ19Ga_ZXrwf;_1$H%SG8yX#H}t;2OtkJl-G&MD>>Fr&5ZrQqnY=^8V~D9#Z?Pu9q0WRn)- z)XWbqPORG|1@bzR)vaMwL%!-7t&}T5nVdc`L61$O^ej{oJw+~)fx!QTg8u?1CTYoEFY^?MzAE^R~B4z-7BLM0a`njrkxtzXQm+W>zDwJU4oor^Nvv%5pE6E+dCj zR>d<#7o%$AXRUZ8yKvN$Y+rVmXr|6X>S`Joru`a;C;BaK9nw`R}bMcH=}8ZZx1}l#oUFDf(w2>QdTU4AbNkut4Y`7Y)toaT5BzS{T}!M za%LYv72wyA{hu(+dfM3}RI}EBa~gWHF@DYrU$9OXG`=zBj>PXC>*GYG?E+MIF)p8V zV$jI$7*t3O+XaKtHWS$mk>;!vBB6O!eB!V9)_BWXn{pm!UvB04gB)3#J4Y4G$?D$A zP|L?lcUgZrtB9^y>A$0y$o3`p@h=qIM9_ANw-M0Is96}Jey16c0#r|Sam6c001bOu zx5!Hly0+WSVR(=xG319(;WZ!bvZ#UQJXL|zpO8< zr3-?T^``byFXM*>@mDdDpZrUIeRd7 zdi9nfFG|#v@;0|dXDNB?!R$S&P=vQ9xAz3PhZGmyXghr$;44}Et0y(k7Pn>ZA#9}= z^kJO)bo9N=gnmp&75bxKb5@ukYc0NtBz>Ce7~X~^1`d}je*@=)BwA##%qeRbc3_w> zC7MYL@FxE*H@cV`zhlO*u2Gk~@;zUH(U{kXu_#eO!7a%36&0C^Mxb#pJC3NgMZ;S*gY5qnDNX zz4_>k-j$DvP1z$P@8J=$_)(3Y^osXy{G>PI4{b&3X)TTwl%&?P6>~iuM9bS2$W^fw zO}@E{?qKKX?cZDwLQBXTH{prL!X%bw)J*wiJB;CW0bA4#`{eOW)H7JQI!%K?qugD9 zR5LcN@e{GSUGQ_PZm}-L;I$dskH&cg*5U}wV<(8^2~|O{_lK>U<&pu;K%T(2AKd85 zT%)nU+iCOoTze=+VOlwdpo*0-G7d1}$J63TYOz~u=jB>koonqATKh)On%qXqFJs7i zx!uUb(`PV@+IyHL!>!xNQPabIPs1Wt-?;$H!%=`!{A0en7k|w(wH6=6w?UQG;-0zB zWOX0xQv#$^oRvPIcYu_i+@(-ILeW_1<_L)6eoc7D2~lk8+nTdlovWM{SsE+LrP>^M8Ie77Sp`iT$IIqDX*|0JBUCnw9>lt>oXP-1X+stY!bvi~U+6beSf1A3&pFu~G)l(kN&&~IK zrrCId_SNGnP3T2J{unZ9TU@u?%&c5>-KI`M?sKDVIF&b6LiN9@O1UgQ_=zCz`lfEY z%t~@l3Kv)%-h&UK+4%&3@-)D|gALPlliF) z*kCLo7OGVod_rL{pdMB7Yn@-FnYA z7KOlVEF?TnI*or}Nil&+fKu8pDvF{s;?m8EiIND-YF^Z_G<3!Vq2&t*>h{7{o-Cx^ zx<~VyaX#l*a?+zmLozQDGgFGfd_?iBirBwV%|Ta<2zH)U6{7 z<#Vd)bM)~}<621o zit+;&$TH7+0`qNz5Ursh-@h*8Wm%ByILGCx>BOJh`4URrqiVR78pj}{n%MxX^e0f| zNJ~-qd65<#cBV_kziB85MTQrZCk`WUuL+P62<<*wp}Wg65u(wzKYYkaP1C3cY`BIl z=6pheHxQ|Xp{sRGaxV^pn5kYuUp8pBD64bd4>#_vLY2l3m+@6cNJUM*jD{3AK+z;Pw!vR2B| zyt{QA8XnWa#u-_g?M^7Q-6w_J-op0{*;#0hNH!DZXcHhk4<%UVd9m;t*?!=}QLiz; z8vDxEt>n*?Pfuwi_jM$2`ZH^xpCoE2|I_VfKYucbUpdPMQwhY`S=mQaVBSb3lvke<}~c z&-u#Ulb0Xro%G<=44A?FprWebi5+kUweG1+&zyq%6}hD^X8Sa{B!ciYWO&S*m6DH@ z96F`{WTSC zjw1vy!fg}?Afr2A(Hc|V5Uut-n zksxRe-=-pr{`S!BIClz8@w)Ksg3Qq;8JuH13+M8vg)eqS5ahd8d`WQ?(}#JD&*rkrQpIc?VmrLb zO^U8-25Qv`1u2A6ddK?`6Ym!P?hknIF*{Jyxl$r}43_n>dRu4}`K z+aSJ&28#&Fn%iTJTzcRhv(szE?-J;7aK>FvFpmhfd&MeGwo)enz8JQr?`3O0Qhmu( zA8{L8A`jYwn%?PC@dz|`jlO;B1CzWb)0I4ST37O=a=)CZ-qJ1k%x=jWWDw(UR07^KL-Pv{oXau{wy9a@aXW4cZC8!lbHSvZf^t>U_ty8 zaqVBq_0#NbZel^_Mwz>R=r#V8fsoXpo)vKLt<%@Njoc(~>K=f944j`I+~K*82jlr0 z5je3=+%V1GmUHVL=sv6f2`w~gna{m;+GD`y4(V~UpdtNI?gr}YD{@0RV0YaEKy`n> z_de>qeK$BhpHSy;;uzu$oj0>Awe!k?tAS5N4#7_GNqp3~-z5I7k(7!(siPJdM_2EPRlGTyl<&O&= z{a6)GSH&C`-Zr7{s@~6e9C7{XsC!NX#Szr1Q}<)`ogctg%9!1ooshpOF4>5rqrVfs znKAcd@+Ryb-W{Au2N_n>@LPz4IBun>vEK^gti$$%boWN^M>)MO(C*t<3e(kWL`7mJQU$KrT?+}7b|a(UppjH z>F?2r2#8YW)(?Pe4>CgTJ5BcU`_#F018|7cQ#2b1sFnU{kWdFzsq&G~$=9dH zs7jNO-DhHj@s~m;)wgQ_z}X+o^xNf*#3^f^o-R+LS}DX+A@om;RV83wl7O{1Tr~#U zd$LzWt<R%*NE zTsjhi(D#}=g%We)V76xwy*8p<^mQEa;rsAX^9>M+3gRREBk1M`GjLXNmPi3Q5Gr+= z4gGejR+`oIO)Uvtd?m$;bKM2LTi*<75$}$39jU-Q?=u!fVv+6ME9lTyZhe$05MX>t zUriiuYO51ELKfC7Nt!VVb4yO+kTl~Eb`5S+F4LglG=;ye$)DtI_aq*0*!N zWAtkXJdsm!k<<0d@`~g7aakkZFjTkx2_6GRN6=;J))`SD%oh)mZ+cT*ncqylXy!51 zrA>&7MWLiw+8x{pKVXpu_V|z?t!}sY?3dNZZ^_iD z0GB?saYi__AEF>)SUq+i9KU~;EDfULc1V!8d^Y$jIc=={X~0AXMvwt)&1o~t_G6)F#AJVc&jkV6djZSo~wEzRP-bis^;{fksEB$NpRS>n(_wr>e z{(52K-boSb&XtXOuir$H%M>g)gF5a(kZz66r?w!tiX^nd)Sn0{8P^74e zH+?Q({HrQ>+eg1=SgCFLJ)2XEeq&aOD;lAyQCO8|P1oaBLBC_Hbh!bccpP_k%~y|$ z;b*LLUlZubS0P`(v1Gdr{^>pR3V@cpWkNn7AY0-olzP>K5=*isw84a?FL~dDR+tbl zLt{cq{z07o2vPa-Idt1v??;fxF?xNBTB^YWF71cD$_e62P5dMRZd$7y?c2FbrPg@F z1zlO-$sZNzS#w_|1=KXal=zM*epR`1?>tIb&ji1InrKLwsEJ#UZHDle&z`=4d`2<7 z?FoqL`yu7y2z^Qc^}S!ELhlh$-_JKV_PPlrmMj}cT56*SO<%J8OodjP5Ph#<%Ukk; zUgJXkqeKB;S;W2cXu*i$X}(CSe*_6Z?;sm%AN6-?+-4M?ZKZEiEi-!1@(=m)zhiK` z_;j=Wtn`({Ww(*@Oz}%rx;~dXz)ve(tuklP0^QWw33g zWTJ}~FapZz`9+7lh7T!@1+~H2mZCkilWnit;y&xwg&{vhvkcWBhUydzl{OXY>D(^k zwE1@-oTlG(R{ApY)g!`9BJy+FNz3I{{jyvx(=Vgk z-{kLorjw*$jK*_cJLC5;17yaV_GrZ?ju{zCed(>{yC>~D&ll~KXi?5Ft*E`L za_yX-Yv=bSe=pj(-+c9^ji2)s%$Iq&$24+Wqvps;&oa4sOvumY_X+!#1CP5*`)jzv z>9AM6gBpIBwh-^~>&=`pN;W|&^#`V3C)8jIVbLhM)m$%C{jKSz2s6h*_58^sk=-b$b)oNm2$FW_ zB@iUAP4VvM?$B({U(?2XjDIJzimZ8>UA3A;^{#+Tt}0O?W_pDIWWE6e@+=JNX9%^^T0D+VZL&*tfPdLeur)vY9xyb$S+{1?Q~DIUBD_-HYTE(AKU2}bI!*_hk=Q1 zn43dLSB&M6=}kCkhC1wK=24(B({37>$zS(gAwcE5>N9vq^-RMA)6a*1A?hY3>N%P0 zv2GDE>t&ijhRP`#&gd0ID(fd$H_s+tojZOqYcT#Y*{pTh7iD8{2JwKX89bQ4>h7MV z+y5OOFiOG(u8pWuniVt(TlDGJCE1H_FDJ9KZ9ytNlz71!tI%k_>X8pQ;RtZ zMt#jX1t0wo=<6;sl_L7n+pKH6yQIGgKd8tEErS`@V%=+MK98Ck*q0;Lv)TWFfS5rI z%5yU2s@Ua}wZr$C3d8p**`F>{cIO+2U4zZ`$nP9h6cbb4A8>&B-KML zq`02Gc#BT1^3LYK-?(eAogwps+A}6|*#93>G&4~}!`VNI8NmKx7qPW&M)Rjfq^6>* z57uXJ?Rm62GgRU&h2f95^%FS!IL&+hQR_52n=@bE@4SS;&>rlB27i)0)cGJ&bk5+X zE1z>VTO)T-iRRkb1>B9bE^ka>tP* zy{L5(2~GZ!X1nWkc8;H5|5N@4gV+%DRV!RUc|=^d-Pk1{`{0{hBCd0GndIxbB_BSq zEBS^Xc}%zDkFM%U9tHGyd4uhqZM*0C<5Accc*olfo3Uv`w~R~&&kqvf1TWmk`@?4g+3QTBm??;I28qihaFP2OGJ5;&0eB}}#y1TwFxd2%8krPxLs|SMM)6~7 zC(i*=gt79_QO|PkVJ+UcyLL>tEU_&G@i~{2#!m)Xsk4JD<9V{=JBX(q6PU2XNBKQ~ zE!YovPbEw(eachoou~1wXR1b=AJn?Z)Ea+9>YiXeI`c{4f}JRIe4 zt%fx!3@AMLq1n@{#TU_q)^KWl9Oad|GCSX1(2Mw1*+!(s6Wh`gK#I?w0oqj-594QQ zHIw$_B!+Bx4M#aHPBHA6quG7m#*<0)KCDN)34yNKO3f8|IK>{3wsTCF;zs_tkTGT{ zBR*uPhXR`Sb}kBk+|Nu`W_IEEN+H8A^TV4e#Sbf~a-DUvx#Tr>Z;12k68)j!nQFs2 zZxygW319PGm`5X$5bOg~s=Y$#ydsnSwP14lUu&8vt_wiB#Dt!wo?3ksR-dYPJh`at zm2beD95av@M2g-sOR3mhW>N~P`;*<6AQWPkKR{*O`2oPydv73Q%2vPrb5(lGHhw%; z<&(u(Qc(__r>#@i&nyK!4HvIe!Q?XGAmrvW(V~OU_;IZZb?&gPM1#g&HG)V|;v38w zNPPxz(+TfptYxUuEVIOa(UiUp(pW_?hH`5>kx0dXPqt3-0CmW zktfMuDm_8V3XpITJVi2bP1!~!mrT!+CrF+&uT8u1Fr=L)#ZDikLj^S5) z*sqAl(Qj7Ek?)>@7^*b2DL$!j?{I)lTx=~q-z+)&=zU~6)qAqa@nv$fnH=r$b(k`d zqd81mF>#5Vb|q@=;tk}S_B*F#@P2P9TY{$cUgI@@Y7KqPw&;O`C+4e9hhV5OGl7t{ zGF#HocdEWHOj*NSgf^~A+U}T=>f{O<>_TS~oul=L&=dwMF{|bY41wUF~Y+B2? zX^K6^l4S9pe`*$3Hv0%Gb2b2|4yw{fkpBgW12pP~xXU3ReA;(V+DxPvQkm_%kBZU9 zwN`op2{^YkdG!#^G#0ms!n*^xO2`$r(%Ks6g!@$a7Rr0i{sK5NGm8siVay9>mQRd@ z_r$_Gc_N_VRqwQGa-G0UuH@T#r2_!*_uuLbTwD-ZI-Dwu`hKT(`04`elV?`5`c6|m zTU&saL3cu6vSh)MukiBewL0P)%{MQMO=EeqQ!!qO;;h2-^V$+ZlwV|^lV%egvG?n{ zfCEQFoU?Eb_-gztB0JZ^2+6{Z(si6MWaBoHl`5th>sIZ-IP2z>P!&qN=%&iI0k7!V zn}$fwRA=^kmtkef2;qZ*6I$Wi?Z5qPN5|a1j~^cjZQL7v+SxdF`x$5O6wBYAeYT@x zok3>6R(spUcq0%DT&1KgA_qn|5$*=%rFA%lR2L+McSa4UcM|A&0+?%^x4io( zAL0ErI7uGo10klVm^A+dcDMXNA&{>`#$gQ?c}f$-RgsTHomapSh2nGa{A+8=7TUt;EUy-w zc_K-nn#aQx>tSe1vb`}-MfgzZ^Zu^k1ox6`E$)Xqi5|wK>oz&#(H@sNgeJs|78w$a z_p@BdL`%f^ERv}yl2DoV zXXJSBqWE8M85OqRX_u#A=G-D;*l|6SKHOjes3Y7;ZtnT+gH%KMD zE5^$k?e%&E;)?RN;D)H~gSJ9iKrUUi6q$S}+NuvU1ty{%qj2XO-c^%?=5^w$uCh`u z>9+rL zRyU5QiC>82ia5h~-&(y^_-W(tP_0$#asQ;#LwBMml6-3)$z9j4zUbN{h;Uxey`HLW zT}k7OVd|^%vREyw4s#x}F`ls&kEG*?qaw?+!u)L@2ZMP+SD)WzT;I#GX6QA8s{4Yz zY~q3fLHJz4dWG;WKhg<1 zPh?x+zTiw9qyFi(pg+!3Ujy1+WwzuKb>EQ3?nNm?Z&JpM6gT%$e=#%nx_1I40$Z>6Iq`!o9R!pMW47dF5_eK14$xuR(92kZKSTW2mZ)(N`9$c$G}==;;;^DiYC zQ-A|Nkuz0O_qqBID0U8%yC_0#ECW}JHRElQjD^FEzU6`$p+ zsLxkX8+?>_x?YrZP5tJKsC#{1%_knqhi{v)m^HvFHPN$5y`I5GiKhq3vUmRTbg~x$ z?>4hRP~S_zM~U|wALhL@lir+9e>|W52c`d(+F9)4ERYM}U-{#}zcP+n0#+U#WBSQ< z1J_ckJ_yCXpE++o*FH0SRyjL(OBIrs^ck6E24V-#J>a8zMHv-&fBq(8Dh_&O{0s`q zKDpHyQ0q)aJ>T!68NIU8rGHShZUHUeh`R(%hE4b%B?&)!dHTKS$d*2?&y;_ZJx1eP z#W;h{U(;`a)o3?`NwETVP_s!fUIHfZLFPLo{KhoNCv-rDVe46$7ckKTRr=NGQ zeBgc=+^4iN={6KNyc(i82;^Dy&S&hNt2r6jCBpD!3(3)%Uc_JW@U?_54IwIr+!xY` zWZ^rg7x@(WxF~8os@`Hso_l+HV@w)tz2W>BrL`!pyDkw)7CAoqgbmS{8_Gw zQsQ7gqw;09R{`5P-&9hcxwbrfQD)MqTnnmtPf(!CxC2?WYLd6hOl|1IoPm{`&~s_! zZFZJD6gg?X_vPPeJ>6@dLBwo|?6t$M@*3_LlF01&4a1$OJ=VaOe3VsqLFS6;b{=L? z-g;+`-H=hYYOTjpy&7K`8@f6&w>{Jtzbv`T3=dlmW!%RU;3RR|k?dV_O;R!O%efjC z!ZUV*8B1&Vqs`P1u~sx^ih3m5&$eO6mH*U};qFQxKeLFY?u;pXVzHMDYe zjYyjdh5Hpdb2+EN(IrW*)LOCG<_(M$sb1e8Po}5<;H;ZBn#OPK^-ba&GYW{{ z3jD*tiR3aNLSf<<|0)^{_S1SE8<`5~VxpTZ;oaIk<(*?z&4_JV06(Qpzhp1CI{8#c zeGVs{CQoQ0-KCf5P18rw>-gfUlkHzYmWYrIdCkK##6DBv81xD-kRux7Q0QL^b_PC+ z4s^eKH4XBd0I7Rk=_=tr2IMq8Vv%XwN*_lCI&Io_43hgt5#_XTOS^0{gXKP^m7x2% zy5AJPys9i7tLhc!9?`CrrifgV-t&gCJu z|FI}loK>ujFzK_6Qv$Y|H{_<6f(-S4%-vnW|vxxLFALPG=NpMb1h zewiVwaB)g=R<(vyyU40-UeMs`p=^B}DSS5i5&#DCtY-GS;=g3*;@DlbTezIlZzzDx z0j2=1b>3dI!-6Zwd5G{q+~J^a&XM()={GYeW5`2YnTH-G<~lz12o?tnbOWNUAUm# zKZ}oGP)5;6#d?#wOsUSwRvIzQfN6|yR~9o8vFdp^_FN3t{(n& znPdFhd_Dc8U!1R~tG*)t4)O)$0ih~KMY~~F@UZZ4yeiB-xmcr;+(A5{Ge?pscwYGL zn96EUgDz;R^3VT|nk@E@`;YP!`go)PdyRgQ;fmW$>yVm@{Bi^mZA>E49 zQY5bpY--Yj5IhzS+w@{i@;gZKyy?ro&3@?Z$B)GF@AAck1@Ud~6V`pY%UG)MagEb^ z!KRGq6(4<|EP}I9rz`>?z_4s@9ie3QhBr^d5WKe+pJFYBWcJ8u)i_czuT{OS|B9To zG}0h!^5*cnA94y6PieS#1BjDF_Bc8`m> z|6Lk$ufsdS4P`NR&L9W=a81nF(6PN+bxj6IG<$3>Z~Mp2Th#Gkx85{0M&4rgDySGr?%F)p!Z4`r^~M8R5DiI8>r<-DidobKF5%Ezb_p1J3)QF)Hu_mnSG zH=RZ1cWEO5^gJ1u``5Vao2d(K@H#uu3NA=)KNsWS9?nLa7r&hk?1BB(PW*_6$dY@* zM{crvEn4%isp>T|MWsBuJ;=1S-MfDVs*C_8iL|VX`jz`vnUZ}CH&Ptj%Pf6Q+yRca|@s|zIw!sf?wC9&mj?w0Tt*Lz)%y~LC8Gp=S{J> zgH?Iz@kDp){k|V{_P*mAD!xU<oll{)p1$?y@ z|A9E|?%r>1)dR4guW2=ZZAMSLH#&A%?hlzho@@uMwMH zBo({O@@Oq?CJO_@$h__?f$G}HTgw*`E>q86lLbJ?8_HJVzs{f5;-8S6lV<3n6?6F8 zT0EDq5Z#;EP#DZkYw`DqGF5xXOP8IB3h4QHoC9(OCv;lfXSF6$s0RN=PIh>N&Ag6oJaMG>cGG}&52A>M{m3$elP zDL;Jq73IT#=vsN*n}kvmdEOW~;hP{Qd=qVFhn$erFjABKO+Pp9c^N6<6954?h!ORs zl7M+wj5P9|;C0o5;dxNGm>G0ybeHFt-V1ww{weyKLj3(sS{)>@D8~Hn7M4KL9@f?1pU6bd}To# znS%H|o$-naK+b3j@`maNhxbL^nZlRo^IKQ;xQms4C zD;#Z3c9Uuy46`m%I!*-me;rrBnV;`JiVvPesnP+|tD?ydosz4_1k2*ET ztAv$G8wl$jCPnQ$T5dwBb@b_r`7K{jIun#@n8p z9MFp<<5*yax1)w#|3Jyq3Uv1&Z|*k>F%)Eq^ly%CR zyZ>hwV>@*bC7fcPPa}tk>|R@#7_z&rsW35!Su7HM#V_TnBpyNa(^KKZp``ar;5oX^ zoWsoYxCtEe@a*St9Cd(nfp^lk7>)yBG{rWm7&8@Ot?{L9XO|toFKSEJBBq$JHvSzw zsqkQ}`ijPOyIxv=* zhQ;+!=(+bpF5(yzzldu$_sSAGxmGkS{^-@UBL*hkgIg{Lb`$TYnZ^?4m644zPcEoV zNcenmVfM$J_82%BI>bm)rZVhTTZ`8>Zm7O`Lf=h0juRIdD+rm2uiRG5qh>u3V?n%- z`_JMptm#ixjLjv1_kfWl&Q4tM;X*xkpy_C%#`P^2@dVW+{-onty4iM$|3Ykht~co_ zA$0WvghGkNCmXBL4$l2_9zWBpj>9F=%LS+YgR}O{-zdzsV(-ExaqZM~pjCuQb~yfRB?<(knx1#~U`N!|_$$5r+&sEsC1> zy3XpeVwv-KkuZ415tnaq3th618Z*SBuY-+DR?pxk;NTy*NN^r4IN{)bX+nn*ipe;d zgN+Vu%wQ~2I~4!5xHfV|m9XczJ?z#|B6lHP4AguNL!axP&iE|XMcjZNeYA!LizJe3 zj^B#1$aZmbOV1sS<<;-qi57m#XLKo`!CNDtZ3r4JxLv3@V`H$1^wn`7wpYnla_6jn5kbj`H*y zLmk7CeDQ$)?)zrIOH2oJWEx=rHa3V1_^BrJDljrpOBjZZ_^}|~(dG~zkzFHF`u z6JcDLL~T{#R#6XjjlWKX*HKUaF$aZwnmNGg!y9sLeg>?RIE7#qrmW7-!qt5FTH$c{ z_tkfC`8N;kV&g9e*!X0(<8v&d=AP_%z^p!mSJ$%5HDiR8-ut5jjg1P9L#FG99!~z ztbmI5z+JglnRhYR6-n;PDXjS_w{AbjU>ufG_3rG+VrB1|4Tk8x z0rnDDCLFHk+bZ6SWa{>(HrWeeybrz&F&R%uE(yJ^D~`qmcIC_1tWnz8%sZkMoxc~e$z@lPRrKfI!@8U!|}s>F)3Knd~JA9Z?3r#kj5rfxjnICbS8E@ zd&5d(Uor_v-AiJ$60?w>^Wn5me^sv=99eK33TpKMyZ>NYyx> z;kdM_H2XwOZd9=;FEU~~WT|yKjcM#OFmxc~`yf)J@}+4@BE~>3_qHwk@~Fu**5b{^ zR4HCca5|tjCB6Uh6T<7tXS5Y@Je1KX%xc<0JUXh#yB!eL39`KNEo1`QFnBs>$#r z0l=H=@G5_m)|jgwf{iow54Fwe;U={Ep!Z53M2%onq}RxOCo6ZyLRI&FeCjAA%Clh;w@_9u~{c6R?tqb z&kxy`W$Lp==cf`h(~D;bT`Sht40|blNcK2pXYlZ%BNImmjbfF5PrRQkBt7c9?922W zWOiPQk8?I=BH+^XCsb^z8GcUuu6l*TaPocGc?GVKj&)YzLwWH=mf)q~ zBDOt-!!@`Nsa!h;yC=K{u9N^}&+TRjVXEdoNjHL(5d4ig>o8H@4C5ZqjsJ{ZXrKRo zN-w0IGW6m|7Q=z`VxM9}FBbD*=*2QVy6DB&&!ZQ%TXhh<7)qh2=*3t0a5jtf9Y`=P zGyDe@p8qfCMQ!B{D`8lo=vGvI&g%c1Em2SIG+wQ`8xUk^Wxr`TigScs>Qwcz{PzC@mkzXiQCM| z*1CR{xP#WUtx}!q`dmW(Std&B`grvxpghsw(H{n01jxThHRV_QQQ!a9EB=K1ia+w7 zR=n)tzDs+-qQ5A==#L2&ec$Xr_Pc+x-Z%Uw>%AuyjfTdo^gsRF^?n4g!Ftc}4@mJ# z{Kmmu{KO^`^8;cI<|lAK7P%zqY?gRq11yE}amDVO>Wot;iwUGQvNorvJbM;k1jvkwLI3!=>xFtbHsyKxe)RX)M`N86CS+pOQ=MMuF6hZDD=7A-m+ z9v1`0tQ~$n+ZdF$-G1eAwKBU;reBZb-ovfieot}Jb_0^MK5HA{E_7N+uL{7(1EA9a zVu|jn5vif)6b)?sv5^Aq@fzc*=?IumuKFUfxUhul%3tQq*r?Ov`tn@+$@k&2o~CYN ziMEo1uQ5nQ-`^hJt|hZdwxL*A?X^KqU}2ijZHz8JI{2AXC~i$_o--=ZMH+CAilwNQW?ZKkZ}4utvb>`Eh1 z@FfuoWD9>bGm-0Wr#wM^#U_;p;)JO4Y+j-;EV=(C)P@mAva^AgO=n%a{3dD|{F>c> z$IMR$ShwpeVJaroetw&{kZ5`hz9k@^kzQ+)`v+Jl*?BuJ8?@kdXUzSoS9o10l)0ee z$+=V}hhfiq4~G+xxt}(YbM`g3I)uw;K0sADps2ByUb>Kr)OIeNw{!IymF zjzlXf%Nd|j7(8=icE>YNH~gcLqSCUmG!w!Xa0Z0I_YqJLUqDnmn-M`17}S{O`&(=8 z^ENYN-Q9Qp=eeKxeBkW8_Ikb6TGw^0YyH->w0}e%EZQ2znF|C#;n=1+h&FAnS!^f*8nHoRcE9L2a&0wE!oIKhFv(2=9ot$RW@}Z%` zdz3T}s!KfW2x&j#F$*wcabdSiQ6Ez=v%a`i>x&6>hs0CiJoW09Z&C&)g^&pG)OTvc zSucoV!sV$e^B|{I;>e2{F_CMfR9z5t8!NT!WIrix_>0Ew7p?_`7UI0BIbX^-HfQPb zosrR;QGKi70~Q*~+16?JKnsnjBxQlHg#ft4*)ZG2uDavHXN;;eZLK@7Q*tv&u>mBfmmnP&qO38@Sy? z1(kf9AjjJny;v&6wa+kocnhsO$&8(o{GH)E)-kGj`uv6u&}lBDl2rLd?eW(pcY+ta zlsbI6)_sG|b)Qt-ch(&jKBK;*{vuQRj{T_niH60ERn3Rnnr{J6c_{l3D|Gnwijt1j zc7ldk%F8vl_a`PLtpjin;qwJkk|Hr!Z_FB&$?M6RKnZa?ED?mMa*=)F{` zHZBW|J|j}a%_vXuO39Hk82QgYwAcNl&5(l3ShvO9tq|{G!v*}0BS}R2>Y`L{pW&-v z-IZsIZ}27 zrm8cHVVR==Eh0;p*^nj8Q|k{fs`9@pY#Vf>q{m#$22(k!ckpv z!jVDT?Wp_4SZ9&LzpFR`&1we*92s$7G(9a;|K8X}5bwiRN6xr1q=32s9j|IAoe>${ zr~Y{}iZF(26nTasT!dogT5MuVSZ4FSmJw9VF^piWysHf!<`1cZnL1EY90GCObQDvP z7F1=b+nvuXOP@5PYFWDUME9;ro%Tp{p5V-SjT$H3U+dg@7Tq2JxS=l~DwKmX)aDKS zMVyB!rEusNn0OGUr4%imw!A2szO}N3&up&w_7n~$Zjda4{{h5#66c%btSs5OP^Je^ zFQsZHmuPy9$vmtT47|G0oW$ah$a5;^ncp~ubJy;D8&|&3)U1;2s3cTG5n?+2@lfRg z#Z3=*vTPHmrFqvX18nIT5lq!X2@n(2qtn;~q0}6c28!8o8vWlnCOne5%~m>L>omxC zEjb24jSX!jtr`?bX6l|-;j2_Q87ce7@C*f+_NMMGQ$?lU$vQFyX%S8R#a8}Szw+3< z{mQ#rz^?5u^@!nlUJWPaX2MTri#Kg@8FkEwIvEE9AV58>A*!W1z#;5O(c`(!6LHSZk*P<`9e z!8ubF^V>HqrADh+Yp`it?Ih3VJN_4#C^v-~b|ccbZws;cV#98{&n{x{8k2!DQ;ul; zI`2pM^i(+gtuyQQi@2+Hts9-LD>=dMFlXsA>C%SuxY6y^@A~81ne{#T)S|l_Yl4u= zJ&q>P)?MrUSl&ue)TcS-@ji)BeXhq-2%+8==_E0L=GS=h3&KR}Dg#q1xTMoK6=lR( zbP=f0W&T;WQybog|ES~qL}A1^V+A#e?EEq0G|wi2vTNd3I%i=fTRZL#ss)$6dDH}_ z`FyB5YLe4DL!=Ii)CI<*2)&~YX`s?5_1AO;y3Z9n-LLD9AAqtYOOHeCH+zYQiOeo#_jDuh)V-Bb5ow!55}Co%cB&@U97ml~L? zp^D+fQZU0*q$^z29!^I?(naYwSyuc$O=S8dyV9k1M$&`JBd%pB)2qFUi4pAAO>CDz z3nA9WY1RZMqrXKt$lQO9$tban<&jJ@;RG%&EtAj=rfFpwNFxYW z%El1$EEsJt1SWu7z8D+QpRa!<6phok@OLyr@M14>rsi z;w^x*0oxZ%_1(J$<`i`FT_8LKaY4aE2y4N1mhsXfd8H08=JJ-|k7~F_09rQUf%>n` zLFk~2$CJEolHASgT8D6qFY{i}*w?Vv){mb-q^dP+v@upn^vRjg{ddPjI z;}=0=!sa?1@2i@nzGRA4v*%lXOduGd>EHmeFHl=I_03#48CweR)$9jGkZ(NwjjnT3 zx4ueM-IahpFG$P7(&1h1%&*73IZw=upJ$mEbhhcS!R#| zHuwSM1e7b_DH||sH34M`c#web;u`AVEOKk!(OljhVI!|~<33f-yYE*$R@F{lH1R#r z(%{VcC9O?7WZnlk%}pex=gij(-fUNfTlegf*m!pB#OIK?V0B{?-;YmRH`aY7R{giy z^!KoxVRoB#WyD<`abL!7Le+~>Ws%Gus`aiHo47k(B@2FPjtQY7fIDbvEc0z#a~@Gw zhtuaUE13`W2yi+wjI2qAN;~}zCWp8i*zcRyQV~uXP;C`bf?b(@G1N|-Q>Nk*E6slP z_Q=TFjizH(nbQYEC$?g^aDJ{uHXWu`GH%zJl>Ug(Pz$@QpgG{vnM1Z047fdvKO+u+ zDKj_5A|Acf47)J=9-n_@WM}6P(#JQuImr~k4A-gbSTqRF+)oeiI)g>Ffa!PbgmBwA z;!6?!a;w^F=7p?Ar%y|3Hv-X1Vff~XRIN&%mP`=jZ5AWwj1F;JAWN#j0L*`NeOGYK`T%D4d|mUv_k>SkjL zA5q!Dm?_?haP=k~-#}1F-LHcjV`y$FAD|?-#$(T1S+}gfnMty8^WN?K7QkOPh1s|CD7q|KSH@ zna%}%K$hv8?FVF;&MAICmgyX61BN{sFdgY^&Z3*eZXT?m233z&El<8U?UF3R^y|yq zcXws(x{NvzQp0Eq2Cx0{LwylsWLX`TBl&v2JLeHIMVV#60w5RyA%7YJOP9LNotZ`x zwBv)5)K6(n1|<=HFTZzm~7W5^wi8KXtna%l!C@a(XhY zB3r4pMpG&BgZ_CH3kn-)JIF~NX{umH8^ftd3997(uzB(T9w%CE8*{hDTHn}*1D^fJ zuM-R5W0D2TN^wX1p)^NAcbW9b)zdz~LCa`5-mgS`&tu9~2l_l=Y2}3gGI8W|tUNgNI_hPRlTgfWBArU1gL!te5T|_L=64KQ+JuRIixuKa%pGJbJsiaLgC!ajTr4X z;H-%C-(Fk2Z1SL3Xr1(tc=hrr0~D~YF|CGx2V;oc6m5NjGGsh-F@C(QB4aM2`0WbJ z&yN8HeU5*t_y;%)JP#ELLFQ5WMXPsDKEUqbsynzxj-4*{nZt=!=dj>P=}x#1}&kbppA0#2<(E3>WnVs)B9?#9I< z>@47J8~W7@mbiPDsnfLMB7hkCxU14p?D5fw&*;L}IaWOSb8z}5#)pQm^qC{o(c;fx zJ-8X8{6Ge2JN4|QWCBg6{v5sd45uEuWaeI<+0^5(FcWAu^+)T)XEOB%>!pnB&}!=Y z@iJ`n{WX-#?NDMf?$bt_S>~>)veu5Oc1@e+pHi1d`ipGXXChT-8kwv%ZzrTCOX49r zck2)3An!r`3SF5_>gSEET8Cy3?*B~f#1<(FfvTB#^UVTX zVfB`*UbSxe=~y5{wVJ4Vmt7HLHLhhS(8eB)KvJpMC><|`9~?xQ$k5wNS`>k4Bh<}e z2oZl@z>EuZ@}(E~oor~7YrL=U2IY6$;;SMh4eG(ksQthizR8bS6v)+p7Eb%yRrI^) z|E<Ov6UPt8X*m;9_KbayKAL zTc&%1NwRBwVp$Cef~esg1iyeM$Ve&Nj(6=_U0rlJJNzS2?E~e_Nq!Tijy9q+jA=L1 z+Ie(q=3{A=J&8?cS1n7te>m6Ml~I!Vw(~G&)~Sdiqs(*q$ZjFH8>(8PRlBm&B>m8b zqGRTm@v7kZ=ulr8!CDVzAp-Xc_^#pZ)$R2i`Mn*iOmLXB?TvzdU!Upf`V(zf=Dme# z7Ej%7wI-&GCMstlxbnJ|6K<_rE5eC4yF9c(CK1MpaeQVku6Poy%b!H+@+Z-{{7JMf ze-f?BpG52OC(*i(G>K*%M_uxJD$24~^a!K`kZNbvAq0pK@1VnsW0-cB`qQj4D)8Yr zc~CsGQML|DN>c_X07m?FNP$(WvZ)XNCQbD-ioeOQ>gu(M|BPka1V#d(>Hd`sTbwmk z#HyZ(_Ft}RHX4PZ@hi1%`mw<%531|M8DPP@@;<{$c!`}-b}(TeopwrYN_qZ{(XPz? z7nYRx6KP$f$`cnUnn<3!4n@*mh0g>r&=EzWBJP24&MY?BC_pH(cQv*uV;D#)48)wC z<${s+>7^YNXFY*mx?KA>FX1KlLOX;^On5A6U&WNNpaq$EPK?>5Fi0D8r(@B!cTJ0m4Z6}#G zN#@5AZ;;eTW{%XfB2J%{BOzpCwEwmk;*+!pJf;0$$^Zoz$xI+_mDo^>wZ4uF=d2@( zRcVW$IrNx@N}*(?7Dm|!s?L!S#atP$dKB4wM6~)TXXa6m zflJav4EM=c)sE<{^>huuZJ}4HR-odD+2~#tnQaVy=BqrQHx$lK0&??HFIgd{m#mP} zi?2=BAFY?Hkkd<6$njD%KcA|4&V9G4n~-ekOLdldW1k09WNXy^rJ z(Q4guY;+&1vpBcNMYnNSk)4R+f{7Ssg_+McoaP41gx*EWL{Nz*GZLSiTu%?g-5s&E zM+ohzt=eJs^@3R&Z(%}$BY-As zwE2ZgO~XBdZY;+Vv4atSmTOH>f#AqokH@t8KgO4#R+oR^qVeO$b1Bg7qjznodMrJ< zk2edWK|b^JMo?ZiS?)BSqBG{b$#eI7&0#B)jPmAnaj@LjF}%+}@N-jE^NXdw&=r2z zShIZo<83lGF52lIt>%2)7H6hd0~_prb+6OB5zf?$*z_I|*YdU2fQ%xmVP0D5A2|_kP1~Rviw|QYLc7Tu)80We z2=(MzXVLkxNVaN+yu9wzhTYiSPv=4zWUCp}f$d#h?jVN3oaTWzB?S$drNt$kgf1 zter4j!vK4OOr7pD?#uivgiN)^EM!U>ABY6_3XrMDj1NjsmZp7Ax5KhH(cgAV7w_|{ zT~AN}y&#+36>tiC8^9@{roL-D9Qrv_Sc6Iuy#9EMwGWZmj1N>UC)xZc%9rKeb)*Td=F3 zlG~?yIwop1PJFolo4HV$1bR!TOX#W(RYJ%ahldnJ|<>RTYI>N_Oz04xi;Hkc#r78Oc z?64Q(sWjMzm@zd3K$YlJ2&lRZ2F^u!)G`lH_3y@0{gLH(F`nvGrc)lCYBjGt;i>)z zDIiLgo3yjh zE1v4i)1@%ZdWSmCcz+38&AIhb`aTa-W%3vPslPT|QDLtqg)HW?;XW*_ZskY2Hj1a+ zoMHU-2CBN#f~rhZ3#zK3a`~VtW&SS)RgD=#5n8+%P?f4@wRlrg?#_Z*YR&@MA&q^W ze$i*`Zw^#tDvcVvitiRwbtZ(epelWf6oaZ%k_AJ3!&DO7P|#>@j% z=@vi(s`?cV-W&WE3&6HsU&Sv1Rn1jcPoSzsKKKBo;~4QlITln^MZN`~s&loEWm&!j zRaL8Vu^>(m$G&#u4Qc1Jgf4 z@KuWCEfR6N;j88o>WxD)F!-u9y!i!bQKk$`8x6kdy+IV;1HS4PxkSbIDpS4Y1|lfC zsr+h(&`Bk^nkST>ZFvJQN&F~`CzMu_X4(>o?m*B(hI;=KLKnN zG^2BRka@i-X-DT7-nDx9S0S!WWMpL#R~0O)!i%Mn_JFvmU<~;~qZo0eUY`CLZ#;P! z{SqKl4sZ1xLi6xe%7zWee=XiBX6Vxc-fEboRX4nq@KgqGwV5FqObUy)5~k4W6u7Ej z%z4`ch6*rW`FN}45=8;t>I7!9v7%xX57@Ke;{n_DVYUI=_TuoZpqp>)0dMtPg(1pB zw_sO8I~~GXMcA-;S9q%-+Or+volo2x;A)Ac0DK0HYyelvp(ntV!mYv42V5-(TH^z* zF4VL|e46&;09U42*vE{WC=j-?7j3=30*oX0cKom>2)o=p-4&ds{5_mI$v)hF`hdnu8wn-vPf` zI)di>o8eboJ;Sdo%b8=kGf?D<;aA((*bmIve;6fWJ}XB=7eF{LLaK zd8Z$cWkEmk1F|gW78{U*U)?~!M~7dX{AuchdLJ-Y4PFbsIz(Uc;8!LF&<`_ReUy_4 zgMBqHy7S;yMiXm%&nSvn_*J#G|AUg?@JbU+{eAeA$}50hee85WPAvS&RDcb7MbcjY zzcS%LVOjXqE#eSthBgp0*h#kVt7D`JO|(q82!4gN@w5SaWlD=v>hJHuuMCZVUs+o1 z4Spr%TYuf*SEu&|zfz|EUGOVg@$K1d-v6(|uhia;3cs?n@!?ks&(lzvQ`tb@W#Lzf zVc}OcZa4Uqb7~M9xl#0uB6184CAt7qR|6{7Ttp<^jLT*HwR+!(Z(v#9t|T zPW@^{q4us~p@l?Ju{DBdDT?q{aGmb>D}C&Szj|SqY7EG(JO0X)=i|RD{wh#JEC@^J zE4JIT>@q8be*lDas?-%Uf6G_HVb1QC`tw+N1qfdB1t5 zX#ZPx+vLN%o&msYVO}fP0?)y`Zbo?Q73OuC(>PY_+`zm(<;}6qIW~U<$=4Iv$ zFfWlmbH*n%MGVZ#h>0A`OP}@E4d$f}!GZ{w*9c%<`QvMJ7U#v$)dHNC3jV(t=arkS zJ>tB~aJ3+d)BkV8dF?2~d8xVq&dbbSALnJKZV}E)kt1#n=XKo4J>k3z1^fvc;JjdH zc{ne{K%L2FQ+vmGeV!$s!Flb|Q88(DG1AKnRbS1rNUtrjE5M{QSbIQv9mCoK^sYHf zD&@uwxjdv73QQL1WiF2X|B+rF9qIKKCNNvY|30KwZiY5bpe`W2n2C8vFMs$+ItuCa zG;!oOS%)rJ;P!$c6ydL0EYNFi7U-o*$_4b&^ezN?DJ$riwYu^BH;;-K2N@WhJjSgKtIXtm2VT5fCyTopt#MmWHZC zFd!{DYYWy-ETc^n1BA(fT9XLc_h{hPV%q}$M8a=Pe&v5Je(TkL8oxCgF4G%G>L2iT z#c1Q+i@)pdYJw`7hu_j`ulTJUOsn3i_V2}S4FSK^B4$zG@=8Ggeyhfr^&FFMulTJR z{2LLc5WiJk>EpM^EQ{Yd4g6LOE9Q&kkfL!biC*Y;c%L$8hYzLHb=(So-zDw=FwU<6 zuie6H;kg~3({hPi%`P}Tu4X<+Vo+M-UeB!nEl$(31mv(;z31nB;>;rdRxiBmd$_V2 zca*eqS*ZR8-5^?LvsUt^@SlZf8SriZ(V`wbK(yp{)EmWrc7DIm@03tkiFY6YJ%O}d zJ{ET9Z&l(TRUj?75qwbnVH^Y&O8zT@7CR!u$BFOSA)k!>-{kye%(R)V>gu^&11qx`wI&%DPU6tc6;- zjCuw>u7+D5SNP|`$JJG)k2(efKCbZ370>qvRpjOB;hdMN|D@NvCjO&9dAT~&_czg# zv#S^lxDIDm_p*ozu$@46(fSsgvNxx$BDgZkCD2*A@*&dbwQQ%?Q7V5`&~I-A@CbYn`Q z<7pgYIgK+&iE}K<>+T<+nZa|7gg{PWA2w(HWq7Wg z?1GBC7SEO8EuXdq&!u*oHb(RPWBqBcnH4?axvr#({wsK{OR0v%bA3+L`^f&Wb`aag zb1@-6!omy!|5$IKcKnO+T-TNN;2%rW(y>maUJlQt(Y+m_pe*Zy@LbQ*mp$OQuB*K9 z%&~{i&9hd}m>KW?j&p_1t%u0G#3xQ4n)Kkf?$Q1P+mPGE0Z_G6F73V19KELu!Le%i z^+8+}##zCJoM)_Gv5jxMOewAlBKSq8xszh@VO+{P2jgm?1pUcLLX-K8v%Aiwy&z=X zEegrGmr?|dH_I=AKI^8Rz`fLWKmz8FT&kmwf85ucDz zROS}mL2_~Sr$5#A-D8ncBtUX0f-+L}zI!Z{S%~DCRf9yz^X+BppUKug@a^>w!(K41 zvxv?nqul!$_f=+N#2bLlo(=W(fX*ofX(erpe9u?cl~X~ljt@R3>&Hk5xQPX6RkG+Q z0BPO9;=#G`cW>dSs z0oGq>vUPw(LW_Ru2GDwfI5~ipfZTpTT3ILqLr??I`b#eku-b{`C(15V0tZ;CakK8! zQFg!K_agzc&Va@OXkE{*J(pGhmXY^E`h^3a_^3kn`*jQE!l}Y7*o@vMz}F&aaX-q0{)PkH=!HlzFlu#b7>Nuh>r{p3Il*cWTj|va)|B}^(yQaQ#_iRY3~4Nz zhG%g8+jo0q@L7Is^4(qyCxL-s={nXtZg9Pme3zl<9i$BH$TG@1igSrqCTv#Fw0t1e zN;I(mx@0cjeWBm4cQEjt7lcYDTZ8>&RA0l9A))2lzPB&J#S*=nVN=04n&)G(P&%!k z^=>IZS)ITPfF)fkF(onvTN1)&eHl}XcPY{HVOWZkg<%nk6E9iUSA5DxVkzIu(aK~X znFLMqQCU}Nu43diq61Xc5Z?_JdB_ISZhFoaokC?@%)OP0ua*~}vW#%eLuJhucp9Hp z!`NOjZm@3k1G12a@A&~)NW@qDfGi~9Qa>OIiHO>O94hN{0{$*4tA^DkFd=7_P^xf* zsWndX)4;ie9l}^t1jc#@8Pk*ht3f^bzf!ZaU@W}H&-u_0q7aP5@p1fLsatvmV-3ps zzv8T~@qaZ4c6t;Etp6)z>4ULM?%lvxU#`5-tUrsKU)6z)!t<3$;}0wih8zs5Kej(( z>NDIwi@mzUdkN-gu~(m@>>jXJg9wIx*Ggrtcf{RpdRN@77;$w0YRY`=MB2qxwKtm= zA8vIf9pfbTXXxkPRs?yw#km=Ls<(V;()f}G4&%SYgZNMD){4kbn#`i}HhtsI_j7e0 zkAa^neS#0k&y|ANKhe)n{BM}Co%3_0V)B4ixUC@`#pwDy5-%_>_f_7>Z^w7KyP_h# zSb~X$3a4m+{w9}AnS}`TXyQ6{Z*oqkCfH-d;U!5mjoL$x^fT$0zhD;fg3zn_SuV`DF%W`)$2Bn-phO6;5Nh zkEUv%VsHRaGtiucTN4=rjk*|3^&iHW6|F9SQcYmGbn|4jiEIj>RL}SUS-#QY2W0ui z-F`rpZ~V*;$nuS}4ah;MzDqz4P^$4+p2s}7-lC=6fFA@paWE?Fm&f%b4@YIB0W;mq zx4>JJ1{<^M`VfqNsvKAm;57a~n!AGWUL_b~l&>O(l_>sNMHhe4f45nGRm8YHme?j| zRo0OeC-i+^R+(3sfdO#J)B@m?YN5XXIAvv(U&2V5=cL~>nlM9Cb(6cQolf&|A)+QS z>x#fqnD$zQiDlA>lj)Dgd+bw5By?Tn)Sewy8ESx-vQ*g{Vk(oZan50txV3R5RqU!t z**UZRgkmT)>Usn-bLR=FWAIi?UL0osW8SJJKR0cW=Y`cfJhpz zK0-=O>V}Xqfpr~%MoEYT(5T2zJKyk71^cy9%xa5t2Ck~e_F9g`;N~MU9N3EY37D?a zEcadEr8VReakmd;UUPG}&4>Hp)A*U9LT+nz`*jy{JTf%!aF~ez5AxmO5HCUU8qu95 z{tR8)+$ty^9(<#*IKASb;}z)zFT5?y;4L)om)E_}@9SGopf~VhwDW%e`qU=Xfm#kB zWBdsj@RR&cmHZ#V<$sEBYz$80FCgR#{X&!jUdj7EB(wXypw6uu$2TzNRUsdiGP!qLpN7oZI<8G%jYajBXiFCS3i0yjM_^1=Ct3A)#Qbr4F z)WrgCOBw5JsVJ#D<5-tVTdd2aXA4{|aWf^ZmhjypS4&UhYRR8a$I@uys_K_iuUI@eC9S!=0FwnL5MC%$uv_%ze#$h_*IDW}iPVzmuWZh8R51HkhsuQxv|Cuu4S~8#q zmO;!~2jhuVzv475l#I5>B;;u~A5_}z`^S7xg%hu1n(N64RlNV3f5!>ciirC@E;w;Q zg?q?OP-6JU7Xb3V&k5B~=-@P(tI*x2VpTh>6RMcI);OVB>Cd_m#4`7&-@yYeHH%?M zd0rOzn(u%r&|_)4%GP~~}9)JvWNs$wsTJaTM{RMUaf%!g@FTox%l1ZMk z5~kwdlfKJ?FgUuo#~;Dg3ZdCBw#s_zW-Mv-IT3O1F?2IcuQFn9lG7eprC($|)3LfQ zK3>)N_dHVljM(0tveq=uhCTSacuQm`JRc+X>}jXxnDH}~8EYp~?D!yNy^epftx3zC z?ar3H&oF1sOAk0LR{hlEQ8D+aTKB`4b$wb}wa3%_Zvo>$aWS*jD-Wr_$9uNRpOAE60Gerleu4#CTFIw^=8+5 zwKozQQ7=B73hI46sOv&;;53)+rM_lAL6Tj6c)O=|gQyNpp2()LvYh7tt=%HaN#Eym~{L^!<(!YLwyn*42@8-AdMx&||G8kasu`zf0yxcIg>y!1zTbG5)zx|GO+tM|m2Dn)r{w}jG^_x5H zB}vyx>RY|$+Xu2g-SG?KlDm4%4f7hl+x5xW_1imU<=;Sv%VDeeG#65NcE36X2=FFZc1TN2~xYswy0_fvbf2IOJT8c4XaHLE{&%Sb9bu*22NQVZFLRH1~0Z|W4wP0x_Zp*8%uPQnc~-? z>qI3AF5$kVc4Fbvh_r6$OVKr3>8uPlXos)h@~2G4rrF_fVdG^y>^>2$dYnttL*d0t z_7aRV-|W0FnmUTiroo%n*;_9$%W|!`at94g|$6d&k@|VOCokvIA zo9@B=)16Vbc7ZeNc5)M&XTkG*9;2!LQSR4rZjsCfiF9W)b<;hWqYUfROD+GdxQFu< z(B*IVZZ3U%+C>x`eh57Y>&5c2c>1*Rj$>ylDT0IbOy-%#`=^Zx>8W85_lpP zsI-)SE6fytC-+TSF@@8Fb9=IL#v{$uAC^tMeUSN;iTJXjF~wz2F0VrX&%Lk0lHB8$2jp4 zc?z0x!$kE9^;^B86*JL+vw=hPl|~6^qHsDh|INXNoclqSUe*udS!bWXWWp$e+rRd-A@9abZ!4YE=^6=61OP8d5` z^<(v0<9%;xiHELkkB446FC95k_?hXa(xVNrbZIG7YcLCF_!pc@Bs49@t!tZZ->Cm- zl$l@u8kdH<%e`$VG+L&c{&bp0(?79PDK~G`GF?iaF-49XPoH`x@F~Z7%#&_uT^)1r z_}&@YwVo~X@VM9#4Fv`X()soA?vwDN$D^$s6~;eAjCscGl(1TgR1?3Ci_M1KJvUuiMYl(BE$n=DRkU?;g?!+K_Tare^h&(?m6$sW9vp4mQXy6W zDPhOVu@-pnrg(aAS^WN@Fgjw-+TVLUxVs7N^PEHzXw1Az8rQ%!d z^nSK((D0TZLj4BhPXJeAUgJua<-D0)w;(h-7S$civ|@#NP^_&KktM#;g17vQ_1liKOQAsURe=K4;;YvHF!*n=5^O889 zk(ifP)-Yy|n)W%wW^H;>nIROU9M(biaFe{b@oxSjw50lFTK-CB-SNmvCe(6Gs15!Y za~g#kW1jet>R+^-q#U+on!yJk8k#;ZJvq+rJS?qbpBc`63p=OZ`N* zlgRXMyzg}a$->Z~HNspuzsEjWqONij`jQCqGb#~F)iMUvmKk z9OI>Pe@meGObUN8Spuzq;rVo#Hm)a{u={Rka_h1@nw%KWL`^A2i`r-j^Aw|kG7a~! zgyH6xf;wg@X+}KMiDc!&FobW^eaaBX7r^id&zadQwu9$+6egj|nNgx9QzVds)m!Qj zUJR#qZQC~pxk+xwjPP}tOJRf$m=Pmki#jT?-*WjO*wrQ=6c)}~7b zn!%lUl7Z^A6D6*r4R*Z0>h~0EFW_{UJIsJ4q&Bq6GrqhOH=iq5hMeQjF8tC?*o}!6pql;)iBJ* zaSFd%`4P?p;>s8!Q${KLFNV0b2VwSG%p_w8foivbsF~+A`lx9QysNKwzq-a8Z;<%i zI_*#m?Py!+vOow$t25lg)8d^+HJrw3MjGr^$=y=FnTlNkZA{#001J$O={cU0%hRY(`5KDy zk__JgF(91LXr1O)%(#rJp2#A4;~8nVYnafK&Q5n(JytmHR#XHhIhx#k{lMGbJV%1_ z9sXL+D0Sg+M$@^LqaEU9j0&>1XHZb}a&kUp*tM_r-3e2c4E+?lN`cmAqQf)BQO;3L--Nboh$XSgor0|eEt>2dh` z%lwcAqQqS8sOHl1SZD_`;`y8qdzvc7xs1?VZ&({cICHd^Ci4VluTvL^50GP}Wlr-= zWEM+bi<(#(vcgPvte1D3AbW|DYlg0VNVSv%t=2kyQ)gYwkflJRvHq&bc>1J+0&$H>cZ_Wx>hQMAyAMh-y@b4Z zqqA;EUeh*bRh1NCPeRE?s(;b+H?51M2XMPbEPdKa)!Umts~DD&0zHZfwg5>d|bFs%N80W~fF6;+diC<_Z{kHo`?!L#5Y37rg-w*#k?+ zs%~c+F&z+RkHH_>UPrwhuR0CNBSxi>XQn4ak4;=`8#J|m9&cvp@i|{e7to`wa)ha; z_=Gz_KCfO@|I&ZT02SXY3RaQ(KSp zhIAv$NI}2Yl^LMIB)=CMnbE8K{;`CF^m*iW1rpgc(R-BN`BTxC-&(x&D8Fk11}qjd z4A#aqWp9|dN;h8;4`JE_eBnLEm!QsOa*YQj;AuDCj(J}wo~_WSlIB`mV!APLs}%ah zAP3!CukJcTp`(mojrg-+52mDk%%Zl;uaQUIe;5v}A!vq?yVK5_^Z>@(`b@&eUNdnR zZp@RAS7GF%%;1uCFHY0>Cfl_I!gQUn4&81d_cbHJbeg|jR9S_>*T%nC9nkn&G7p5W zu_sI$$a-;Qf#|KMe+$VmjQZ7GVJo5qb&H{@RITcDM&=F)D1r(CD`9^L*5Ex#s01FT zMJ}dqV#W}nR%SK8^``o7P#qI*+I=x!*tHwc#Tb*YdyL|9!tOegm28@>EIGc2t1w!{ zOvIvJqD)nkXq4A(C0<0$>JG_H6_I>DPaZ2Z-!1zhsNDMrLAm=P0(+>j2^hl%)?#Z9 zkY%MF27EYufSQi5(1A9A=rnM5ovh=rc(K&v*9 zwTfBK)!|vQ=P`lC&ML;|18eKXu;33?FdK@jj&)y=HDK$sLH>L$G=*4g=^JL!jHh;i z)^`rjnU3#caaTP88!7hDxNLVZYuhAnyb`}1@vK2$gPBCLG$23k>?GwOmQ0bXpUtq!(-cXYnmtP zN{6>}Jd15Hubo!{6X3cSeXOsp>}au$d0XtVc+%c51SOtb2DbODj;I6q=nWEmC}Yl@S_ zv9@|W8>Z#;n5)~fhB)7jC{xv%7}xx;qp<76n3#t#9frpPN?y-==T*-FfaLLbD z>QtjBy(t$+z!IFhpWz>xLOVZuwCBd}j%bLTn%&qBKOL=pI+m)&euxlUmDq%bB<`cc z*ccKLA+#=5Ma|c#5f~$BMd-0ub!V*`GOfVykdPgEnHp1ztA_O8Q`s`txUgFeve6ec zD6w*SYTwpPN7p!ucD8Ol+*}CL|GEC#k+vWH)hUlxe&`Ho%}bNpK4fp<>`60LcJ+-N z(=uaom(-WV6vdy@5bNI_O&yK}^fW%&^TYbU#hUa@F2pH`9}~A)`4(0B>ThB$L!#VIiR9u~;KQ0c?(>;38$+lETcvgka&Gyh zLUk^K*RtAlZCAYdNoS@OK!%%*bryYsE9m>}=@`J47&guoQ@&dZ1OcnK+ENi2aYFrO zj+vYjYHX=H;f&7``c5=`@t(SaJDzqHVe8jL(_2C{BUaWw>@50LpPI&<^=~TYa4^V~H^V8Rrg}h(dAa6Cl z!yh$wYZmV(SkpC2Ie#dXM^m325*_*3VNT)#1oX-hwteX`_p?L7JI@(_45H6Kl%CB` zxMA9W5~t}(Ju)^1+*#u!wO4&-xs!Yt)m8~AoaFEHJu$6(nDjZjoyC^}%8WkYBzNd@ z>YP%P!sO9Pl{gE<<0q8D_6ju_OHDo`d}YZgwkBhTglC`)bWN}OQf%T`@$_|-1BO5P z04r{iKEjsi+nIe?D#WWZn9;sHsN=#Q_Gua`CQ5b34QFOEUwVj>IEVb3%7g5kMayV% zeVghVeu$D7Wsj6|xHcG(%fqRQ%95+=GTBTLyL-r?Zdp+D{mMW^Uv>rA*v-b}xx}MP z^Nv&bzP|6$NJCv$U6_lx4q~k=VKYEok|l)GIG#$HK2Ra_L!-3PT(aFJ+0bsuj#4sG z*q&;KdmE0yn=`a0BpHRWeIMwkja$z6OR{l^vK}M^njl3Z97ddt289BdV7h zbtK}9&6rf*Ii8&BxKo>(u*qro&djhE|J;RF4v`@eh)cN2+$OR~jV?u&0b?IsTHh9J zlV1-uRL-nvr>pDs-`=&KlPtT8&DAnJ?fD{4zc5txlYbeT^6}*)iC2$i*KBEs$KfrB zGfPbR0o$EFp_y$`vi|1rc^>_wad&iCVsvT9`#7YW9aNX?g{2}y=6mb^+~w_H?1Yzy z){*Lrll%-1fxU4IpYr-!=If0BmZDe%GjaFJmD^<>WJ!n40|DI~B4IT3@J1@=E~|Q% zo8E^-M~)eG!&hpWFcP(dPz;}Czn|Fb|H-6M?zU@FW{{E1QZ*piOi?~Qk(KEdC?9jt z?rXXpQ2hWv|7{8}zE@FO^#-5MO`mo`=9&$ml6cibQ-h8lP{IxkB;{>NDa_vc&gmfy z-bRWLF2{W%>Rz!f?tUHl^g-OMr$IM$M%}05?$sLwHBY=%0~BHvJLZ|`&xJ}*%|7Ff zUCW`!u2DBlu0Ruxr>@=z2!!9SX8<^CkEd?xd~~@_Kj~Xo=BqHap+Ap4$^a>}F#EC= zX0KD&o0-fOsfMf$+HSZfHFj+*eKBqamOjOJiBD{iIw2s3_CXfy+tj!IidglBH#EU8 zSEXu+dm2jCK73Rhf#8ylHuatU7E0i#>2(7~mE2ffH_BPMN=t6jiye0d8Il`0HTC`W z+r}+ru->fx@Y}a~pMcVKemhIg#iWuO529DF#~gD%e7NS_3rnQ&Mp;YG%bfpupOS~g z8)Gu0uFNdu9qYowClTZ>&)m%`z)~itldNC}v$&h5{g0|m1*EAHX*NTeU7066dNy_S zJgm01K7!fSR=+*vD@fPc662;|$~QUcIgcuSIhrENatEb0v#;})7CL_!eYYXgwiW^l zE!3uQ#1QJL`wQmQK`dP>hVRT%DVtF4(BP`~)Nk<%n*1ZJnt^-gL6T^K&}nal!c7Az zy{}So!|qe+;tjh`!hg=2(exDyROlDF73wseMO+H*%hq#gZv}ftm`GRL({X=1T@P&j zrh6DbZDU)YA;f$)<5mLVWG2;}#J2^6M6hW2-!s?wAD!gSB@f!hE;y;gn`0mEIi+NF z$K!rS`#<^pd0}+MTbIZ@>du{wQ6}29tX)-cmn_hmyKo*qUrzOLlbt-|82x{KqJYt- z(u$r6-C5=&H}WZ(SfYeznup<`@XkI?@@wcM(bRlXM#_AQs-daAQ8%d@|6n9#Ja*d0 z@}O-5NgQM@U7#u^*O4haT7|VGOE5QyKB@9aa=s#d9>@SN%)k@jye5*9Oxw~;o7$4v z`?CUJ{yI@9xq9m5ey&-b8%@m?3pcFyGg;P~d`zs{XT3L%&$8YrJVq@MqNyL4ggys0 z_S4i{Q*vs)ssGUVqD?eqXd6vgN~dl%g2!DC?~7J1=aPBNl^NKzx~4lbzr;%_t<*!) zHnGXdO|K=WVI*`uml!dZbA-tjf8aQx8ODDhB9ny0*5{V)rCjW!KpBXr45$`&h~hEbw%T zqUj|XPpAUNulaLV$FFm8{*qNWIsdH-137<2ltFjnQ+ggXfhg+k4&npKd=Jrhu zkEX}pBN23Zg?LIQvwXSJI27$JlKO*)D>nn&Ic|Cl+}vrpmj09eIE_tw)+myh#rI0q zOFNoA)Q}B>z|EV-V91&)`UaChJ0+W=sTp=~KOGG2B}9x)G%-yUg4#0ZXWl`$EjSWd zsC=Ms&*hKksr*UV^5gD@@E|ido#c?Sn8>L+G|I(v1Tazi`*CJ5ThHZ4n|Rf0s;#@e zdxedAl^!bmD7|FIQlx5QB$TnEE8HLrvvCn06K3j#yfi9w(4Fobiw%k9PoPFcU7EZe zlJ?N6(TOG_t-KJFZ*V?o<37<49rw9UiIii8F`}+j1F?>#P6MSdR~c!C{QRSAH=|KG zjnhY~n-|_j%t&f(13zK6EnKydV<_tAop~MoobBkR8Drf#dIZ@NbhNQgzFj~!v>PYs z5V5GE6+UxUSoKJ&0+G-X^)&8t)YU!Ipth$PEFy!T20l4WcV}k(8OVIVaBpCbpn$)o zF06=Fy{ln}HW^Kw$BqNLi=D=zwUXP>w6##&%`2Umn+SJ1{l2VP6|&sJc1g54c?r#M zZfR5El<8E{J185@qR$WDT*R7|Oy8D{(!|D4;FIPnHq^a&^4429iSQkRyx$@_?$3ZE2CY!12eH2_jaF!|m23sm_7;Zmn*=247;q)8VZB5ev7SAN8SgEW&lzURc2xgj^HY*QwFwRwig z)S9wpe6Xr7vt!nZBN!UpIlonk{ zA*vzGcr+B|aVP(_M%*QH$SZ5{cUjoyMzpNh~ok&1w9jJO}1$xFw0j;`!{tu0W%jVd9mrUyo35ZuzF+0dtiW zk$eF^`n0%&#iNA7x#_{jqE;@@IwbDiVSrUAiDXxzO_VnLa9W#=;VkTDvvsfzg~&vd z&F5kcriee^a>WQ9QfZYSHkn>%qEs!bb;)>J=0cyn@ccQdaOON>h6G$vFdt4|sAXU1S` z081)JsjK0a*6?8L3iA!qZ!{rll&s@i6zRX%xQd(WiGuSX5~kqU2Vz5evaTo z!3PaB?~#;Y?+>V?s1sc#&w9w@WIG;%QfcLYNLHn)UPu`R?WSMS+v8QsDc+e&g4GbH zVp-UIw(bC1gYxv4Jx*j@Dk)|a>A!t{!@?4sp~RZ5h9$PbjUy_U7V^yhB0L9WP;N5>gSEpaE( z!g^Py;8xHhur&_az#r1%#PT-58NN57q;5#+ykYX%t@}A}C!y`V{CQmZE)*Sk!-#Lc zsu^yzoN!k=(t4TGboJPx>E{e;8)6|YlrfD2nG%Wc&u}~Y%=EX8BM(rFi!JgHI&oDe^ zSjHBp4M(ym!PFD8gJs>LQoE}S3nxh20I;y2H`}BmbRXpLxHHOf7rWv0+a7v6Of{%d%n<*DkG~!kIp|_rS95 z%}TuN^evRC-(?+N#0#87@PfeL6K01r%u0J8ypMe>KNxErcrg&}L!8FVH6p$^2Y>91 zKft>$4ibi;;GUFuH3DF!wl11KX%L!5hG*-3&ab-HJ)vu$dz;nw^3B+PgJ$JV=tECb zn+m3IJXJZ!OR;7}9UcZfF$a|MvzTrxF~c51fD^&2984>t|1_Dn&Z3XI>zd{lPKD(K zQ^8t}jGk=e0{a1M5;%!(ovxj|Pxq430dvnZdDQ(eLgskSE@h<%OK^l_ARFvvt^!D5FDT_}im)+;GXy4D5yLc2i z)+i2vRjVyIkmO|KYwPF<+mYZ-^7sP{PR~gW<{`1fl;<>FR;eO<1wmvL_!-E7`4*vxKrGQ#zXING#Sg@e` zD82a(*ix`q50nD6xCf;`!A^2ok4l00HuD_5u}w!js|9$60M=_unnu$p-e9b8m}K}4 znacxKg{9Gdgp3s`WKmkf0Nx?q>?Q~DnWd#haB6-#|A$t$zKY#j$yihl=Et3{>=GM4 z+%Ks#{oDN>No@RU|5fBCig8%lglp!szFL~t__X;X;+^rjgkgCZ;gI@gGk!GX@!tpsCMZ9ZRS7F)2#||4Z7E2g7cOJUqYF(-RS)s z5a35AvL$E%jYF#~HB<9N%3@0Y>uH>PF-zWjGJ2Zs|9Ud6zb+u-dB}u9GA8bqxws`* z92YEpjEmFRunTplZ%OzyRm`&_=vcQj+sltP3W8xx!Psw0ia}UCL!*r8z?w!wdaCz1 zYn>A7-8lv&xdQp4y#OP4<|3ovi}sy$;WyyNnBF%C; zBhtnch_p8`+4w@t`vMM8;6s+$7>SN#fmtY(o@bd*D3zkAg9CMYZC2gZILN8n8@hO|Q4dkiX1JRBPRf1hcJI*QB*>3q*!v`mF`#Bj> z8XI=xFPc-y#QXi7nM-&Ms_0iPzhYBPpwc7^qNw5+Uu?Uv$@Q)bW=dA9eKa@RuGEc6Rjlu;7?+AG_r4BX%&0#GX!Bq!wx{ z%3|(l?1Oas0vLTbR|HdFm-W~b*z zUq}aemSqQF5g9*vn}e*RD)qw6`&b4sWfK#DSKv z`QIkL4yd$$!*2N4m*C5Vd|20d6!PKJ!O7J=18lmCLCv_NeqxJUd1|Dl;hkpgI*b0U zy&%UC150-$nHJIPqYk}*Vp0VPDdw}1k52qxz=@fNO|&J4WHU{VsfbV97@P5-WraUy z!6R09lu&dzfIu-v#KlZ`z!ANHn{(#VN3Ch&lGNNfil7U{Gud5m=Co$+ZPvNdwv@5h zvNz13Q$wecx(ZlGi;-`0SDE-h%FKc5Vb)4>JK2%Ox18?BsvH-x^sn+qd0D{cIB2jc z&X5_CWpt!9L(Uq7E+Y$Ub0c;I9VEHDqpZIO>2sTB;vs*0)(lTayzHDYM)ZFTISnU_qNapO@a+sa(91iC|WhceC71 zEomf7{uf_D2T3iwQEv#A-?Q?Drgev>%nqEbtva0J6D1W|mKK_CVDTlHF+c3iw{Je_ zxSWVFpbE39G`5qdkE%(T{>-;J|Cl9gZ&v3IQHE1SQm4|lQKRs#m#Ws;wPv{LkuV-a z@K=))f2*zd`^^t}sM|Mkb@R>GaHa|5$<|U6!_GSgw~~fdPwuNi2Z}nZxvvndvMccE zhE}iF9l_4M7%2&YzJ*#>A1!JXLNpAu4(+K%U&3@72;^R=rEav;GQ%Rd*%}I^-kY_I zfos?yGxLvp3#cX57vA-9j#?|i>2U|>YOLmOyrQ{mdu5_evbx#bNtXC2qo+49yb)Q> z{@t#1iN`9M*jW#kwj~=VQ_Rh~3R0qI=dGubhrI-euVPlPmJz=)YndUJ>o3t&FJIpgLeDnwm$t07xYbfUEc3sq|;W~rtNNg+>xC1i{4DX1YyPnIGF9Hk+KtU#UyNwu6`&dbMpD8Eq zF1(iV>b~obEily`L!%Qf9HxB-?SiHb_~jiZ!;{C&E$JG_`5GLuC6?F3N8X|2bz@Rv zPSSq<{?U2iwn$PnD*@G890bO9M3jNY!gWuGy=3xFjX5psM&_1u+yy!kAKG*=r)Gxl z?6`mi)E(+Hw;~1;oqeshIcHX*ayDo`qXX{XRXQNGQqPrHARt&nBdj^k#3}kcPUBp% z4W}Xt$*EsmWZLa#>a1Md$m#Wo&V4LC)M;!bt3>C%0nD-SPrUDZq^$nXXq(1HNn2Q! zzmkq$8~&TE!wpAvFJJ3xH{^Xs7Ln9kgGWqbSh3K=j#tkt=|kyD&XlDbzDle!_oayX zAF#kMkqay^CcSTj`8=6~%zc;L^Y!*2qg3)eECXlWLq%_B%&SCmtjXn!Xdk? zSyrK8I_9XhWSn5d^u>42~$;?z0+@M#8vBE0 zBvRgF{dKZtQ%`jts}btK3RK6h&0WMHf0mThKR+cc2TEZ-b2d3t#+VJM&u~IREoy+{K5AQeYnVFqX?rIbWS)I;gUv0Mc z3;wsOa?P&U-l=SbwiyLV?_M>V^=vCwkiFSfe#JB*-^yOjC@9pUBfVPLy}21p#q)6X z6lMyIDf6nICqVu_zd)GgCSezuNETF?8qLnaXm%Dpd!)=TC;J41e`4?m7nosY56PKf z`XE63ff&tZaXhrydltV%qWYGc#2?g^A@4Y|HC$AgFaF(}PRP$mvNYuN>r|bL^vJD@ z7X&%k5_;G$c@@1QurAd=nV#0`JDa*o-11FoV@NSptH^J}`*z?Trfzus{GDN@R3GCz{#lt6_I?-4{rCu@w z^S6ReA-n70YvY4}~h*{tI&x{oZv9t@+aCv}1Zex3Mvy8*9Prc(C_0 zt26W?Gl<5N8X@Z>K1FH?T7mS+-7z3Mko{&~#2ak*Nm2ZPy~n?U6>Kz>SI==|028!o zC!BMLCPBd{{-p$N!B!*Xv!x^n)>Q6|T0@RST&`Ij9Re-dH)frJ%GM2rGm7mYf2&4o zisCfyql$G)b141gr*Wx5ahjDqrMa4|LO;z2!>W7@->=&bdrGq~SGTK3!#;#`8nX}a zj=IzAO6O2F&eDNp-Y;HO#Dz8@aFBT>Vixtx=9{Qyv}8bEO=aFzsFy`kejV-4zVvfu zP2eT`&{w<0p`Gu<;X+Qg@y5Zovsj8tO(JOqB#L)S6v%vUlxcT9dwNBcE9lsW^Os)N z6N@Bviu(CR_Wx6cGogoQb51-hHCNJwfI)r$t-h5I*TnE)vF=>6k-5k)-^8l`aTVL& zz)Wlkg;uk-X0{~7U(Md*R36yEBr@A@M9~(ewll>`O#~?5{lVi*)v;Op?rIyrNFTI1ETwe zRkLHYSBvTmx~ilbUJgFg3t+BHjg*fj*WVfa7u(VgTWyG#r^J1t8<(`UbZJ+PdyVRE z_w4LSgGmk>8|1Z`4}K*-=H1IHV%7=<=D-o%#O%7BtUJAGizRD|>v@uLEa2v;Q@z`s z5Gz?rRq3SY#C6$4;Z%m27KK`l@pZ3#v=RMU%hAC<(I(tV)`B4A^Tg4L?e_bJKQ8#5 zl|0KZm8F)HY4)>3`w^@U+dWyRUkKBz<~gMt?G z_zVIwo7|w0@#3cp!pguPiQ`qfO$Js=epwn)Tgzhl#XrLoO|US3Zd*Q zD#2k**{JDG^4xYMF`*J@-Whr?5`D)Z4pU1iY@?EgB6oe3=IlU=UczVetP38?uu?uq!%UY`7+X$u_`QRjB9=bq=v;Bd1{>o*3`-5}-`>m|OrG9l)TeuKyEuiN zE$)ZC6$jGI78g{0uf_d}JiY!#hn;WjJ=Ua=hYQD~0p<-(S7gtKRdWpMcZ5em#**P3 zxk_|5483==k&~<%*mG7pw1h0MdH5LzkixqjC4V0rn=YNJ@ygh~hq2{t5RaH>kK5!v zU7$~C_yV}e*=7iC<;1&8AGylmz$4s^j-iy`YDE@V1>ltQLvESS9(~N z3}(!y3~pJhBt@darOqhL!~z})?TyB6(L!gdGmB>07WUk&GG01;KWkkgUsU%vQ_K6X zn>-1r)WR}SeY_8!6oCzlT>C7Ir<%IuY}YxtJMLdfSF`c@WP zd@3I;90K$4bfBdu+~>XX7>-^#)032>qD8Z+}DTGn8NFM zk#)IftBazI&PCfPjb(`#4a!3Dd6BWe8gYi17-r3t2Y!z9ZdZFw)1YY1)&mQr(K*X( zxC~|Ko6A*0|H#Ah zaH1s5DO3uazZk7x5^BL;TUC7iAUd-9AaWi)*!#Vu_W}rv&F`sE&!^*^GTGpc9 z$NRcb`-;}UwFmsYDmlc+RY_ov93Nf5x}?`C&E{i%l}_S4TO}By_a*GWq87gXd{=AwS4264pL! zr{guZ_tB14^7C3YF+C6eA{^E={!F41aW*wyYygl_-wHytsPevP_=p+!1r@v-vFkUh zAY99=!sdR@uU2-Vz;xP-9-CAL`TfK)Do4Y+4dwIOHojZi@_60OrOKw)+>Rr+-lSdP zk>0;u!#5G>)NjKTpFvB^Wnz}BfeAwgyhrXOpQ8)DMN`IeL(T%C`I6*7E1mf-rfX0s_K0BpGg7)4BlvIiCc*} zY9cO)wVDV@hD_v+Of(88Euyq2`m5Ta%m6MxaAqX8*TGb!wXL@NTHD%IYg-j@0TZ@> zYs3wu3hwtZE>UY(1oHnr=iWO@2uS<>-CgA~ z(w~8pe`<=@y*~e&ilgqv4ai6SyG%c~*DqLq&er-z#O=O%{Sf7y{e2nc?8Oc^PZCDX z?}`guaQ+(ejsmAF*b1DL6v%itLy1 z;)4tDW+_c?SJB!@%gMjFsUMQ(#_@c?s>pWx_`MAC6v``qBNzK$zLyzk*XrCZWU=1^ z`zBt1hsTxKH&!#pvz^Yq@f>eRd4uUC7hP@mO5&youwfFY2z4v7` zc|r%RcRPKV4K2y)U&&Yr_+{ZRFSW_Z^Y}})^ig@WiyEy}aEA~>?tB>y;0*~(_?>GC%yLlgZ)AI7NV>*{~7XshP_IfmGNMAHio>xmg z1d7PZK;Y?383;V^dEa%t{8(;!eqBrVk#{$F!Wgc&%V88}BlO7cq37l^txq2$-Q`x! zKGeCX%Z@I`;4aF5>_nZ;o7qw3_u#aB^x)8a;h@+&-TA9;uFBX9STy$|^v^4z)h7gSzX$2d8i`$iV%5AUOttBkw{8jR7e|T?R z*2(x8d07YkAunr4PS%hAl9yGRQ{mkEd)??vFy-oX;|RSxa?Y&pRIk&Pf2;PjnH;!T zBSCk_WWVI_MBD7L%GVNYvA4D57xtva5T&nr{nju1?Z_*Wxb@!AG@MT^8;W2X;r`*E zIl3y@7Cj&szu|;w++>P=LExWqr73hWIGpNB_1dnvb%Y}Nnql6%>FU7V%v_dYTQuca&$5#~xIcHTx1XJu4WSTeP3;S8bEUfMh8|_xV^9pHT zY`JPgEGm`Ht1C*z5*nb0CZ1(A@P*wPr$iR(*6UFy{hDl^BGI^#%P%;nugDI&ab#5~$souC$jbI06{ ztU6A=gXRSlsnK|e1_}A0B8_MZ-`Fj!Nui60s2y_Rb?-g?^z%l3{OPlPniqfiWPbi< z@uwT{4*x%oKRxCKY{3L|`hOaKdj0ji8~y(&{`A17Ssfv~KI2b+w9d)=Z{ts2DbvDu zq)qT{EL+Q$dn|zqO$Mvj%UH%Fx1-@%D9+br6{zr+uaZ=E)U|`Pof^8fBLb3^_*L5Tj|z*r0~6 z=+C zL5N$wNl?(_)FRH=1WTH<bzGP-gCHUsy+li`3I_l=^&_M=Z=8CbAwb;o~&YJ65tO=!_mbK2DO%@+IL z^I4M&735g9%Tp8EL0*wdu1O(Mv$2I!NzFpQ#?$RPh8dmJYb!fbO>^UIqX?SVzO8?} zt%%#J@?+=8rFX;J7<$e(zvU7{ny!l5{@KSFyHj&VCA*C-E+Kr5;5r?2fY$wl!D2m(Z)eAHNL%bJV?$v> zOR8xUtEK9r6j7rzUN3BHNnJZCxz1Rt>1%kKs7b>k_+8P2T-O=GJk?Po!hnyf{P4iz zaF;44H*|H*dpBZEXbvu8`$t7KeX{1WapJekO$22eiVKv&mqPxo5e+T#rZ&n^-N{Vc zuvrplBohX)o^uRSWH9D3HRx2ybH(qB^T{1o*6QmeeL{1%kV~-i)b|0<7KtsRYoRyv z5%&lTv|HuUcP()PpVARIISE{?_cQ{qan?K8M`}V!ODOYjw3gK9!+4w5>&K>!0 zPCK&iHa`KPE-!81EGXRi9a7vW-(3g0O}wazxE%J|aw1|+4tw@wlHst)-w1~MpV;DE z&b48~!1vqq$pcSvuHw+WP&G}Vs=ODf?0XeH`^LgLAkpDd`vNW&?3j#wd6rAsEvT(I z9HBk4fGOVKFu2F5CwBqMa)C&_^NK(_<;O;ecdMe%?&V7 zc&GhMT6Pw6A*4J`C# zI7gVcT22&Ov}TMg%w4W?*y6L|YewDn#|pJhoMm&FFb!E9e-%|8-z`_dh(WD0!<|B@ zA#eKl$J*6wjr%Er8BvFMOJ?t5HDsJ)j_*V&=f+Tr^SpG|X7`)l|EMCRO8URSO{gHD zLJ~UM1nyhTriIgE@d+NUfLWS*x@mm1;1vBz|=y2Tp(HZ=E21x(orDULVk(ZJIQ-hb1fzx-qlnkJbbW$3s+B`^= zkm5pWX&rqDRkm?G)k|9P0GtU#u3GpfK-D;vn~>JaEjk1v7{(3CY9vHOHH!#1)Q%!p zv{hZ2So`_BG>d>*(ToYrk;)G^#Xa{}7jB$IcV1j~j#|>Xv1QV6(N)^P-_% zw7EUW$AQ2p5OrAYa0;8J20(_hq__l^I`vB*ON;f^0*KCCK2q(>D*O9Nuu@EtJC6Eu zO)LR_&gYEg`JB-Va`3E$V^3|u?Ng&wv{q+!!KW*P$L@CAeS}YH%bl=QnYV2)zVEl& zvTqBQl^QZ{f8w?6vSGIi!sEHE%D#=c2c5NirIr?Tp+c(U0G%r&xHI0Gd9BPnS5#0_ zSNbk9)C*y56g^D=nZ~d&_G3IAEo{uJBP9P2(zL|GPAETDAUCfgUhu2hlA_j;m$xKG zsS;BWQJR;@Ge(35#c$qO2+hOdU-^uCs-)1ZXVXhHiL?fFB*r-yV>YyM(E2n}C5f0& zjW?vckUD!eL0ou{d1o}-8sr|S@YFRdZqSZ8hm#&1pVLw_?**#pXt;G6#he#-P|C)! z&?DPAQkh$4X!s*iBX#t1>tOscu8!oXq|1v9##R)D;#i@CMj(KJBzGih+}!9jj7-vy zj69ud9Ea#gp(d5ltu4oxqup`_3YgHTitBSwv)nj(97%HH=rF!3wI8nd z9MB7rgGK{_-|C|3jSbapQtGzHm_5}S(+6eC5ED*{1Zy|V(?Ydh%&7%O!aDqOxj{hn z()u<%Bz}X`7F!cvCWz%m&sTkEj8LweUE_TF*oEKv6g&>Z^@j$y))u1Ihs2aXv_#JrEA}{?4ZFWp5P!pWBPMVFk z#UpDbQZxt9^b>cW~(y)22;J7Z|S^YumRE3vRWH zuJ#=Tl~3ab{W;3h*6s1ODr10&E*9@7GCG~4?SqU7E%TlsFi9l!6QDDx z!@^|3c8@M;iVlcBARLNA2DUytrHJnyNpM9?4nNEFS$g~Sg34#)>@+`&d&W~hgwWW< z=Je9|?yBf`j*vHb!ertfurgK-VdnZ&F4lg-T7Cg3wHsg|@+x7^7s*T$U8Y}`w6#oT ziDLn<{@IBC(Z4xBfC>~cC(vbzjYl%b)Gzu9tU}e_TNM8c$LM?kGzj;|;Ha1I&J_? zjz{3gzz;j0^hFR$JAzU;8jJ3>{>aG)a*0z^0i_Li@X;DnKRmQLL6^7@h`{tj?@;#u z9Y;kC{tq~{sAV2t0xzoDm|%4&kNNY_W{izKJJ@w%}Q^?9XLrrV|<0d_*uM zt_$Z&F=LhejLKErldE?`+dMUg%#tIdOTE?C9WY(z480;hSADgALFY1KIfYuPHxgqj zcBuUcjVS+ebu;c7Zm@n=OT4aHb~Pw9>2yaK<>Ib*JIbq@=IORCvsCS=nMVI=Ka6e= zuKZUxzH^B7+cvw7djG-FzQT_En~_g_)m;OPM}#u%&$bCT)PRlHts%2oPD`}>NY3}< z2?ea*S+Su*E&jYdFS~-+$Euq4Fz78fo4uUl;s4N{Gdt_u_}_z|Kc)3MDy9P4=n8uZ z{fDi}`WBh0I;rk4SHlk(@9L>je;M(A!Tt2V*o+I)cod13ci5~ zpmMe41;N@?v;N>#*}FQu_L=M6J1=$hBR=~}#9vhE#9e4I84?&Sa+3#yUONA4z@o!f zE=7mnFCFC^H z-%6ymjsi#M+ft<0Dsgz`JC1yPl^7gMmDEvC4X8z)Lhcb!ssNhifV|Pr5*y&|ESXAf zP8A(ct5}$p`WQ9QSTTH&XfyiM6_qbxq9_PguC~=-6KCa88pW4u( z__Pd$e>vParK4nrN(&67MYu|uJwtU#k*%6TigxjzmsyoZt-l8ac@ye(Hz7l-^WB6D zsZMtjGL(9$n~)*YbDf0jgc?DDN2g3Ev3Vq)XTf#u^$J$L6{`JAyS0*1$_nyU$oQ&HJ7_&TOCQz`A_i>z5WxtXhzM`1Iu&QWC?dm8~Lfe|xQuiPN^l=w|A zZsUHYP$!&7R3EzrF_Z{=PFh zYTX+D1F5&YkG+9Hr|IN6Fd%JciI-(|#T_$(XVWrD+UzGu51I`-Jqd3ax~-@UFDR6$ z4(jn8=rr3!u#V4ZMn-)|@&H^_BUc%?9ZHbe00)GiAvUyloeU(;X-qnjPYw){Bq|{e08aDPKo^+4y6;l zNrW{Cx47_Oq>aqdcY9Wnb0?GQB=Uy!DDr`l<#y6(PnMg-%fY`Zsl`Tg@N}nSHN8^v zK6#w#pAu@(I=GPQTTX(k^=b*NU8^MvoIyxh{ER9s`8jhTD*lf|YId z8d4mwhOYYTWzI?`I1A`C!=3ExN~6*n}IcA*(l*n9(XF{ ziIsx+Q}ncb8o6OpLrxXq3ma{K<4T^mC|YgMSQS(F0Zp1p{f=ySp;pP>z|qRCE_MzrtAneAv0xbRpu@O|!H_7uCj>37{b8-vJ^v1C#4oAtDy3_ya0~m;~&6jTs`g zte3(j&~PUv_+-OOTlfcA$;{J1jRV?F541oN8>MW2Sx;Z0pljblSr@hhypj5i&c_9D z+~yiVscvX_>79X#1cxDGOC@*0_`_yFNIQ26#w$oB`K;PGI-BX#fq=M1yk(-FMp7la zr~(*l3&wYi(h^TP5`ZI~?7>qT6fARulvCY=41$h!6EX-o*iFbF$nPd(5Y(lb?9B4i zHx+`E{asm=<;K&>&c{d5PvgbPb|wJ(lgTH6v+-i6(q`7&x{ON0Tt@Hm(n_}U-mpq1 z3*^-1pnX2j1AlOuh2H>Z9wHo?c3glQs2r9iQ$NHz9PyLc8p%ekPRrB{&-5LMJ`sD&bN7w{4yrD*k9oIrX|W)%#m>H zYZ0vSRJ0YmFN)NVwccsTHWG4lx^?`Fn9BN)<^Oh))PKU9 z*VulP5NLg*b{m&?`Tj9-sq$m%XjlwHnM=0*(q^ugxz9e3a!exb2buE`votlQq+@iE zEF$(#6hwsQB2ShBG(;Ppy%25;SvmTm7uE6ClyXAv6O#z!T*34nFPigdgTh)YdP9oon@hKs9uMtbOy7( zcr4o{Va(Ct+81MNn>dm~6_q7=07`m_Po-zNL+_Awa#I5MOy>9YR(k4)-!6^%IElU=~XSseYaKV$grID@H1<|8xd zRcpmXlIluBV@Y+kZ;a5>+iZL}(6ifstlgksuYeR{vkos{?Y5x+6w?6wH$Lsvhz)|BIDQfn9ALIGYTz z{%FbjDPb3G^pH3X)Vm;2?{Ai*QHt&ZqBikd*-Aju41=kd(D=(+lDf%SP@hTq1xfDt#n-G+UQuQJT=gbcxkimtk*9OybFBAn zTl$TCf#~u#XloxJJ{A5XpUYu3Wd zd-gd%B6AS)kJ-Y1gDPZpDz3D=3jZ%_DKV(>uxB($!13a6?dln4BHItKUxy%FYI05) zPRLYfi@!*w1B0_27)>K?TNv*g&RV%bR0Xlt!8gmSOKI4iL*2{E!IofRSI`@kZAiUN z`fJuB4`kBixURc_bJI71wQsSLB(uQVt2(XMw$oMXp&)0=%H4X39+O?&AUb+flm;pp zE)rX22dU9i`<85=ZWMc45I&TCabF0W%CeK`Z@+AR&&ZBrlXXOPd`FSq+Nv8D2P_>& z&MvN>FfI$=c>Ph?e5E(&#+PB^r5_~x21C*o2O zSiw;g^Kf?M@du5Vmj%Q>ylf?%?F0vxb@EY1GrxkW}I&`j+{ zBv7F(xnwYR(94ze7Y9!2K6^0B-Va2e%5$#KO}$R1xbRP2zLkoC-Dj7e04$;&w9?+r zt`Xzjz;sH5jQaz#Wek%KQm&Folk!ijK@7s>^g~F9KcibZq*t5dP0FRYqV;V`#pKFx1*@T zzNTZR3QxUITro3!6Yos7Z{iB&xM(Jyp*@`VDp>6WAo$oGOiCyR9w&PGBRb4#GI(yXC_6K)ba+%0v3`H1BZ~WPd$#mhXn|CVg5io_VBV2AP zL{rp9OaN5ZU=qsRqEWs_4a)CHqGKy}rQGt<_Fle{@-lB!15)|&LM{HwzRTNBf&MIr zFB`gaJe$9fl!{H+76!JYfLR}=J^=9>ch%YF6Uha zzJ{MeFg~|9s2e-*>@q@utCyBjSl1fXBEP8pk1gDE@=;NIGp>B=&7%21qbLyjpn9G2 zTI%6IIW7IOG{U>(0+aZfa_iwhA^v_Ou+<(;)kPw;n`azOeNvHxs^oXDqbN{Cf8-LT z>ps*TO$26A&$MH@=1oI7^nM?*F5X_<5(!M7)@~I|JEmuVmiQ$vX^*y@xf_P(_=Ja2 zcZpit5ei&M9_vCRaJ9NX=2m`%r*33QHuHoSe^UVF{5H?ff+Wd5`$ax_O`$|3={Eq{ z2LDcbz7S7uDwcRby|({;f-Vxm=k99Ub|k3fi)fO;C#0LwGY03QBZu>iU305g(!q|v zE}Uwb&6EKlp+J+^cCQXJAwq8{LJ*36>UCaAJOF-m#@3`yy))3PI=zuVpL*@na}EkN zj~rTqPLCv@C0>z&Af}nhtJgj5oK)KcV)|K!9bHJ)tpQ>#fZR}EqAciB^v9li*7+yQ zjP|D#>095{+qV>AiN0O;w~0C~$iGL?24kGU=`iD^Sf`9ZnxX&wU^P-@-BN!0VuPyN zoW*can>jvES2;dVLEkH&OzApROiYCe3R96oc2~9&Px{tCf@E#s830XjDOC&D?uUn1 zLS;IOXmT3>h4#ezLyo7IPpV87+J$fN(`Adlpc;MZ-6|`0W%=r4-f-GtfuYq_X*GG5 zXq0kq*k7|%+)m4Tp#43Bf_&x`PpCS)W%w^tu*X~9Q*Q~i11HC;-JDq*Uo+J0?Hzr+ zv>Lqa=`NrpKiVc_cE4&h7++nWz!Kx&q5?@dy>@C{9t}*_5?8WvNGopz`A z5vndJm+IT79QZWTRqAH%{rV(X6^QM4az0n$2k6fB;!yPLcY31le zfS_W~u*4_kIm6-Nn;^=)u+KwjR9WN_sxi1jI`)W5C}Og_jUMPzonGlsPE(}vE4J># z#&bfwRT1snv>LLkoi&`@q@&`v@p1HQcjQ5wV8iiMMOi6jHzVi^xVOn3o)`z+uHc9g zdtBPA(uY&I&b+?u0^SWO{An)!qJ5Fd_x6In6KEoS6Aa;y?)V40<7+%Q=m)|Qdb1e` zP~TTSCD>lbyjQ_1f+A5D8GdzOqO2)ymt-@~0RmSnhM3|`&B%ia-73Ws*;ehPk(%0D{-%g+eVf1!}u>|;tK zS+tlkS$rQzU-AWLyFPDS{So9TLF?kKAT&wkvYxB8e?GZ&+LASOEvHBUoD|*F-~JKh z%)6aMH=!0?;k?4uA1{?2w7*-f4_wJA>n@lqvS`k*$*aA!vV|CjYAy9vYb<-qWx;k9 zV&e^W;buwh>SH~=#aWNN#e@NHPI>K&Ba}QPTZ6LZlCs8MuDobbe%!2 z5GXr~>*=Vygpc48qC9%bZ?JNuy@}apKJ1Vy-fQakjiW$SN-w-6L-A^dX4h7dE;Kts zZFk=9(5&3aFn@38@sw1a=$Hrc$qt1&fX0ODf$ z^dR&EA=P&jB?Ll2EU|dSGkhlE!4dYaId0#Wx}ZnZ_!jBZAaZ6$8}=~l%BSL=coq`M z69Q|tl(gmR<0D%ypZBL`zrQ|Sl)$fjqaCEX!6yppauN5EeJo7EMejUdZ(pmR@4YO}L&N}M_k=l|Ai(AGArrS62jx=#p zwu!T{P5cYt8|s5~*%hP)&9jSPKTo#!?Rsg;>F}f3Lf=+QV$ounVA6@jD9e&X)aq+# zE1_a<`L(+Nm}?jP)Vjp0SlL;9>@nDz_{ik{_(ZpNZE1oYvk5>E+m zQ}sL7&`Nc(jr#|*+kU`8wsnKYNJ+BKBgN%~1p*`E4R>qnQ|lZiqT)VZvT5dbq!N3s zkkLM@(;ouDedQmZwr4)I&SW`u(b)qHy7=3QG008b%IZe2e9F13!D5OHMC&N$qwGq?Z|~N>7tUmT(>U@#MF<7+r!ZGd!6d9U2G*hW`P?HW`#Rh05 z|LLE5V@<#1vYA(9I>Y-X<_N+Qvx4xKki=g2%|X=c30xusKW6{bWes;6ubNTg7)K`r z4)dHenT+=eOzEktC)VkiF4;O$zyn3Om)vg0a*Nk^)wJ1%P&|Xhu0`I+Y`-vXY98zr zZMQFgGQ67CcqQBIDFWksnXiVUEB1gadEJ#QUF_ET2urL>al@o*g zPfTyMT`n3iZa|nq2SAu zs4si%o+*xSneJub1)Q`cYgI?+Uy2%hkBwU^@KT^^&wvUL?Jua_22^GH=*zHi05sbd zLFGR2XQ}@DU&h}Su3pP_YM=d?z3%@3J^g4V2AvF$_Sv7}r~e=H=U4ggF@MnlhRxAM z*u8OF8eJ4ST*n(x=qG;W+sCt}MhA5D42l(}i})<~Vr5Qfsgpn5>cx*rf8b1H(eR!9 zH$7(qF5Iz7v_^K|IEu&(HiwNoCOWjEK^pOO7dFR^6rQTGV(*KAOE%sRaRb@Sx65!2 z3FyWaR5SEW^Y8cZrnL#f79k*3NQ8)$>3ik;NASW(>O6m=u_ibnY<$V4+Bj{==)qXR zntxa_pks6uz3Ax}U0TlT@y(yNj2^5l8RL&zRq<^DXVq&z6( zo7h*|{lVs1U+h((4&D_`o$sf&^d&O#q*;TUzAWCwW(X%V)PamM@2dd0 zdg@1h&PZy>-y?XL^~Hpus-YTR+zQ6Gojx-rzoj$r8>>(xp5ci?Y~q&bsRr;#{4Jxt zERx;xSsCtF?V$RqGHpqN4`d$+vX2OMpe=#y246G&7_^{cymAV}HtEJy<+*hj0=TlC zal{=@9{|`D^Z~m9p0=bq7yN+27*}L}EaFG=?tqrOfhWRX8S5Ky&^GGXUc;Ahg|5}J zGwZi6CKq%R+1q5fir*+sF2@7GNa56)ka1O&eT0CMb4nZ_yxt`YZGqUg4EEaF3(}g~ zAL)yb0%i01!;bG2(vjE?R40u36S5tUcj!d=YXTI)N1S-u=NR1%LLxNbLZpJX$<5<~n^uw6x2m%$WJu3tKHG6J zRgjV*Vt|u)Ujb4m-<0w3hAnOaJj<9>`EhP}qFRl_g{7*k-vIKA`cv&%r=;w~+b25D z=%haTNS=FPT+jgM_Y2zrh3#*<*sjbP=#)by$)QFW1mBs3|kY`wJ+pHbz67+-~xhT$N*-OaAuDT^fnRhx1UD`iRVY80+(gW4wKY4UtjTobg+N;T8cHYP12p**s z0@|roa+VuhdT9-J5fQkExnO+S(^QI262FAHo>iIm+{IU>FJo0-O6kjYlgFIs(~`RM zXD~l!s-Ly0PdDn;rfUkQ`H5CuwqD{nerBn9RqN^*JXRHzxK`l&>ZMJeVbJa+*R}zl~2aRsW5+Im0+gTUd^O(HrVaQd7KvKE!;$B zpSmX~W98Yd9GBCTo24tVdf%iQTdm^rf5r6H_n4e$_?7W2UW^w zzr2#*8HglzQ-w@&`0*D!ipZb>Y|w4k@E}lTCrM|&Sm0Q_F)04+3{$~Vg%^@`RSizl zv7|KWCP>S%ThxzqQk3@FoE{Gg(YNF!vH;J2-v<+-etQOaRL`#`6u%cUmb^1bz0<0x z^W^F0^^^-nUtt~?4>tf~^MLU_TSCP(KU=h1dJ0+%oV={L7O2HqmJE@p?D5qf+fT3_ z@HLx$RIhU}QvI>Del{Zn@;?Pg@_pTb7}am1Y!3CJ|0H|HA^B>FztGII_$c4?lXcTW zU{BK&@vH2f79Zi;`s(Z&-MmA{A%`2r0@*2i*|01(`8~xPZX%oOlZ-B+c{cL|dsFgz zKHILyu*z~(N3pQ&*qn4f`I_mr>alD4Vg@?Nes{j~cLYOQGaH#{kB;SN1-S|Ycbp6jgdN96Bude<$O)TAJ z>hZYaW$~H=G!?umy<*J(U;1}0s$0Jf*P9OS3)deM0y`2iM2t zWykG$t)jXW0&I29IrF}ZACxhEn(3sw1g0g%c7wvJ@r#z$khY{5ta;o zb>n6!QoY`K-kJM)hnmsCovrjl76mR9eJA43!dH`3#nB78>(xjKWh7=B@2ep=!&&Ey z#Ni8Od@;G1ktprAR4rk>Rxcs7l4dEoiEaJQ2l{ahLB1^B@VyF7eekiiEFXKkEW;$GD@^?;{X3Wcpa7)*xSzP0k*y{N zH#h9wm5YEIH)atqBp(5b|CPM0*h7Dp%$domyBi_x{x~!TKijkT`D9Q0WTw!xzNV0aI;IdSvzj(UFz>xOM@L3#Kgc3eH#jT0cPY5K zTjtC|>0cvXu~fXAMdWAS${_MGg~&_x8+l8zuLjktBSa`zwlfcT%U{o8Xe%OD&cu56 zjZ9Yhr#b1*3yj7L=yXfHNVehm74}t^QwP;lRE5)qrxDid_{^zgcA^`iuWf zs}Z3(?7yU#N}{KS%^wrJ@9a{&(qbu@w57u^Qi3K!+cZWaNqQZsw zc`dds0&0e{(;$Zma$KdEf%JoY$&zs8M~E?l)xP#kff6hQ|H3o!9eP1`tfx;Wr225W z9yTuFu&mTEHdS;&#^svh=mF6%%^?A!z-udgI}S}HzPZOXw9JvfWqx}m6GY_q&!gazT_i^@sB4J^H2F9%Y`iDmgXN<{J`RwNLGm$BK8odIfPD0qkACt|Bp-$H zQ6L}wx|UM|xbeq#XvRzP2BlApr%U5sX>+l%DGP$~>5)sU#g0%D_OB+~QfZWvo2#%= zS`N5Za#-pUx4b^}rQFi#SDj&HKC|*C!^^Cv)+2{OAm$MZrw^C))ZuTNW}n~ZvU++( z8o&J;IXvMcsL@?k#hb@{RX5M9rP9pmxN==HJqd>5PbpkQCoY#?iY0uFCUK~0 z*Re~8n(N4!YkBH(MMbufh29}KXYGcg#9HawJ#69X<`|ra##GJtMk?lC;~V5Sz>KM| zucbT72l1wL;q}Y{^s2=7NTQT|q1)5_&@QeyIKzW-R)OfYJVp|GCBrT3UUr9Hy_(HB zf@X7g$-Hcqw+gUJfLZf7(b?pZ3DMYQH%80_?$YZh5RJ8ZarBf78lMqQgXrL{p!N?O zg&PEqgPdovJVi{U<2M?5aWGz2#NE=sAqiCCJ1|||%>yRl^AzrwfBS>JNvgfR%u0}T zF;UznubhAME;LaByt39uQGi_e>s2LuO@uo|7gl$tZzui>D#Moe=3ULt7EszKjJ;Id zZO;Ns?s{!<5O;m``sVj`#n%=Xh3SWtjXcKTC`VWoVeU$pY0C)SnSXST=*r#pY5R}f zg{6I=cTx8)jxg7FR;Qo8l*QrwaGM+)KJjuktCv}6aW>0CZ)?1#XB@!;5QdH21i%OS z3gV-)Gc`v?%<9dSCcSj@=1UyC`6Bm~h~emln2a%0ZL-do=G6K1dh;EsQYFwHrIyIU zMUl@L+i%xr#+LqBPI^Zc9O-8>tVum6xl#!+P_QFbiU0#3%b-Qh;Bu^537E@$&8Q&Y ziCvoyy^|Jz!)I-uB`O6cmvPBikyAi;KwU8^P6ehYPr>1S?Rw6J6Q7c!GWv*6plZfx zYj~g8F5Bl7vUzuZz(?CUPM6!LB7zfav6>h62TCP<{wnF(O0jf(Xq^ya_B@>(Q)WDt zM7(4u$jVXdf6jQq#!e2)5g~F_w=7=T{n^*$^yS(WPNgN348mFjWe z;_`kmzhx-PmDj!KSDIau;a{w;Z`y8kyvsw8Z$Fn1v z7fsQJ6Kbw~w}gUS-!R)8tCCZ)9difr&;ahlL8{9yQrdr2H=yOS{Oo=IAoLc69ly`tEwaA2%N^RAcg# zx(>g^Grz?z`ZKybUBajC*)VLIrPd4>3`L|%Fl6U^ERob`Muo+4)5m!dAW1xeExzwpATMwP{V8dq@MG6 z^jo{X5DIea#T|8Zyp4gsuF3t@ebEb>(ZRRx>)v8oh{Tdb3q$L=z#I1=#*+D zv9=$rDit9~nXuKyscV0pSSFftu;*Q`|G|s6QqK)pfJI##tYmFNV_MAn5%at$jb>A6 z#8?-pB%s+2lnf$^mOv@k(A56+R7PVC)N5BWuP~dei+vns287Mo4Ddx=BH0lCx=Y15 z+g8943T?qh(&fqxm`B-9;RQXC3Wz@CYb=~nNBv>d;MzuGiXJ^IT=}Xvs(=uO{wkS; zrdax8U&{TW+=Q1sobJ^_B*VX8^@;dDw02$S_cfZy#ZtT3I3;~IF>xQ@2M2YXHubG< zqCn~Xx1{tYN{5}&Dm?P%Oy*L(kfBu41%h%^ZnFNGU!yXlWJml8A}W!)z46*&(d4|( zW#^f@#ERwcN^x&hU#EA^<@u3F;8dq4EtCGx$Uj z(=9pkU&-^X5nKi2$lAU=)~nPLg52pQI|6jGKRYMI(bLpn)hnwa#*~`q5%HW;1*RWNDi=3Ky$Y7J~tI-B^^SVCz@Voxf2S<$Q7+s@k z>=<1o-|0It{6SQ?&7$&j1w~1@IM6A;+koOD$`H;FHz{X`8h65l&8o0j$9b|fGaK;f z!P4**^@Yt+JvDk~$hZ!5iH*XpzCaf-5tt*K593JPsv2*dkxF7`gyXa8d|D!{>Z&Ua z&M#3a9W#xY%C#nSeAU&3S?G?ou;qka?I6w`>ujWYUIZvAUNKpmh+gN)MQYzs_i^hD5+6Xm1b)sc>pzf6~6EEKX_4fTiAFl zV_|pLJBuF|S4t^X(}2PJ3p5aj)g%dy&KsZzr;TCo$h}_{WotgKC!*73qZWFA5uT z%60Z;E8k=ph>j1MOWLSA$bMk5J9=c;yhW{EZ(*($VT8LitJP^@xmE2vDpCub*s=#7 z!EEcKCc4p>3fyhobiM?sZzxaS8$oHoke|Oqv`)a_jpa9}7;tsZV@J{KI60)`Tkb1| zP+0q{`wE!Zm_*`V^+Zq7y#vA?GiiXC4U1n6|4PMu%|hefuR@BdaU2O$b0DEFjxk;8 zb*f7*_v8^+f+Z}Wi&Z>hkM>w;e0G&j#KAq?1_m%47qfZ6Y`kwIU(o}FYrQxf5wm{?yk&>f7AWh#x5|%7a8YZ^35(Js4+X{?^()3{}*WvWhcb&{)H&ZPt z-1dUU^Av~Fzjmazvdd~4F(;NIn`ZjTdC_3;j9Vs|KA<{3 zqn~8prX?J$O;MaJ+GDE%kTmf{8M|E0wFN=ugfld$PrF5YH%X!A!E*aReoQh8nC(#U zv{o%~H3`mGE1al90%yiZx)E~Rc4vF?{J=2zux z1EROH`)Pa;HkU0{z#>pD+`jTNxkd&_dG4ri?XzKRG?$rfA2M$oZh+j(R$)AiJKyZX z-1^M^{8H?fgTE__;yZd`AL+*FY>BW7DZ8A5WzX@CnE8b-ESfaAvGN1iYK$0N!Al66 z_B61guytxgR_sNpAF#qykrGOEe*rcXwUG8npVbb1&KjCSpUSE`$>@YaS${*$=D0el zDJru=p+bxqta}vt5Q#GNw1lm)zm7t$cd%Biuy$=-4wcrvstDDn26rxvUMqNnK>s0C zI|TZ$YQ-VY_lbun1Ud?Yr8@l0vyei`OoDD_Ju4tI$5u~{<6&};p-pjWx| z1gfl}Z)z$!^r~D|JbIN)UGrOd>TJ|%zjLQ#{CW}YCP;?j!T%ZE-thj{)2$o^b~!N8o1SJ64_#EHfc6{eWHCL!s(jDqgNF(#;X{XQ6O<}7!EO>16{MewuPsLy z%!D5tNY$#w^h2##6#=-pDuPlTUQw!oQYY9vu}TGL$`TYbo|pUL@MEK^Jc1T@0FT47Tz?diolqYgA6YwuHEx(u0airC;tU@CnhxN$hEDc57y-)x5n zv^{^s5reb^6%ObKKBypTJxYvW568a-@5{h*Px=m7pCjh)g`iPcf<5B{Q z#>kNm7NX&PktgKtE4`9?s4`I168{o1@~_52LV0Mn3aSw$u=|w-wL3fPZ%V!kJHnup zN{0n{tu!hO>~8YWvnohG#@FTZohc%#mK1Mqz3~1(9qCecCBGGahKx%cGXCM)xn%tB z$qGk{sTM@zpCBL}3p~dH+p+Qte8(2^2S#$?t*oYk2Kyf@Iu5(Pn=R!=MerV~_^WoDwm8k>P0mYEVv(6&D*< z78cT=_d-C7A3$?Dt6f3c6NW|Nf_E|FhL0w~lYuh~=vdMewmB0`|{s>w>MO(K&{k6xjhGisD~ z2?vz8(oE_%R?Iz2_(H^Z-(^3EgQO$e8Z*%C5HJk;SLuFSfYo${nCi>uZlSJiaHqerMLQ^vqsFPgvhkSJ$#~4 zSLq`zsvy>>`ZcROlA2Ya*M1%?wl_ydBy(Clz@BJh9;jAnV-KhFxb4#6eU> zQ6ShOy8n!FV9Y2s;be}*(CVypmdPnPrWrbGQ#NS}ONr#WbuINNd~r z&+JDGtytV8wXKEdi}ci0CzQP&m@xUV*+&oMvqHSzK8Dw-B`E7LW{$4O9g>w| z2gv1&N{V$%29{Wkjg_&9uKWoNMvul`AZ;^^z`%6Yx6iqIpz?Djv@&AKc}ZdXyxGS= zqF#10F&tx9SS2wrDp#g|%UCe}IR=s1S7x2gEhK-F?S_-$*URohklhDJe#S7_=!n;_ z`@q!#!KYXyiA2S`O*Q$IF-s!S7r+3Nx#SJ&71m;4nI}88e_2oj1FnVI+R1bvja#?dl;F()6vv>gn`Qd&iRi6gfq{*&wZ~FftB^A^?d_ioManY1>|RkEt#n(DKV80z zf<4Aic(q7oA~AT!&zMSOE4$Ye$FA}=W#ZSDLE#UAZx-?zU2ahQf&37)Sypy#CRF=9 z=!i&{#Fp7+SZ3QQ0wZxrjv`W!Mv0>Bv z{F>M)8D)Q=Qe#Z1d6P#8pYKpQ9)ZvjZ80n&?z_QqXtKztFmW6^zg$k=$|*_np*9+j z+a<+PqUYCiUrtS0LM}Q|5VGIlDMz1M*rHx_G+;6O;?wGajyWl$3-sLH+2g4*hhqvk z{O_r-O9^$Eg%8h4p)egHkrUnBjAQPoQG$t`s0PkRpJx_$2EH}>Sh|>Z4bn3Eh z{zytWP>J7IF8HGsN1vyr=uswyH)^YMjm|ZsEaxS{gxk-8f$0CCjU- zikEVQQ>mbf;w(8ZL%q?sNB(t3=xFAT|Q;>&~DzSNXpTQBIcje(slD#wIHaG zLojOeZ0M;&?`g>rTJq#!SCbJFA|@bmo%JL-Pd88eW5aO#=H|#7pNf}jA4i3={s;G4 zCtzQ6{SSUjS6xr1sjAoNRs0XeQDw%iS3R^IjvPmF`lj-HYB> z?yblxqsJktB|lcnboBkph^_!x2cRLJ&*=+n6hG!Q|77QwU( znNM*z5yV}L;;5xNinMObD4sFEEU*XA?fCWr?qQSRWi((JEC5i$x8GIMmrYltO>cZT zR}Fd2V(NW|38kAi>P~^j^9n@H7m{K+I;x>!srGv;iXKce&D^A#QO+03=~WM=SbKs@ z@x3VL_E_}-BB^;J62a$|zgsoM`T`9Ux=lJwJI(%(W;5rztK3;;_8pmJ%=>~V<;|4i zD|7BMdA>5|-Iw*1xtYpy9Act>&SsTMN3%zqzL(8P{{=eMm0)1%6WMz|&}_oc5m^fS zeOg1OveGrHA1=RQM=8(VC-0ke5zISTd1bTm>s0>q;@Zgy%l_tbB1E$N@{t}fuh1nl zEnWoYH4({0CQg%X%$g1dn;4eU4Ph48is-=0^zR&gOckvQUtM_=`wl7IQhuYho{BXQ z;i*{qMie9Y66K9U03Y_eB(w)5$G5Yu)L$MavhLGFX|#6kcjDXoMQh{R2ROrsp0pHp z1c_XXM9vDuj_G9twB-pcG#aR5R_ZGO%jeTqh|d z;yV~>1Cjmbo)q8FFIpYn;f?Ru%=ju~d<^X}85#j=ouRFdy~WTrsc|vBG+rFdRLI$E z^(Eu`T70_WR4Bd88LWp@HB`=YE~d)8j`+j!UbyW&YF_>t^e&QS1;eM$triTQ4u;i! z$p0aJCxqp0(^TEJb>sbraXFxff!xh_Im`j$lbwzGYlNZiz@AXE3c(-Ci$0{m008uinqCc2>xZYb8!5tmIc`PUKuJD*ZTM_d#qr!v>N zm|RQ>r-9e|yR=Z({y5oAR86VnewqU56andeg7C2H%Q;6gk6M{`M>Eww4}M>J9^#gNh{~X}OQmf%50~WPoD#n$J(YNbMChveX%0Mu#J+R_LkUR>9$`Ii&jmmc2FT{coHi)AsUm z{*WFoM^vATWO{i8e^sGeV~MTp0^mm0qke661%)WzC3=gKm2sYhX0nIPOJP6`Dw9g>c8Zt&%BnI4>|mF z{jxlM`qHnmB;1RiZu@m6E03RU&Po4|`RQq@Q!X>`gBf>mN9hEcdHj@Qy>d=xlQm?c0;c^a?=Y!%YRU1G#GW`(A$*ZT1#)^t z5kz`bT#=rCZc$==te>^|!rh!h_`_z5M$7ByHr52|$nAc-cnXY_b2pm`AdeqG&hmTd zdL;G0W(H}^VxF0c1X$q|Tjr@5J=R}&E4TOx8R>bHtL}bkGtWd}JBZbuEzmSRX>L)q zsrHFgA=CCQg6qf19`_YVFYxyG(E6DqPvtS+4TC;Z6U@1?$oGQC_Dpug#nSG#L>1t# zH2r7So*_Q(!`bm59__h8>W&|UyJxD-!zow+VpkbQ(H`WQ`X{YyokYt5U(X-SoHyN` z_?{ngSAvn@`^|v*ys$3n*z7R<^S zuiIHUK-L|LKRD69fT z5-hD*0+*>^X$n=Ih20I7hK#4IFGzHYrG@#cq#<|x#;D0DnC|G`cu7%&NCf>jU~<#l zA+vru+!Zf)IJHkvpmqOCjGH35v06(=90~DVs4{O9n3TUOFp>H=j8Vqiv3?_^J5;>_ zWczG+AvL5zeC&mmtZR;=KXDbYwI|9^GfOX2rQHZ>bp;~aUR9QKKYPHz&a z-<|L5U*gVK2bs!=IfovFA6ds`-(!%T+p^LR9DheH{iQP*RPP}H5-&|SFg;M!8rqi=m3hllWyYguJWd&Ebmw(Gj-+Jc3=kN3mLcplX;51f4u7Vb)i zt~jJ++{osSv*{*&V5y>^xMJv9Bkn-;#Y?4=8cPU^o+76gH`BW8qt!FR**>XV5xta& zQ|-6|MEo6*$~D%=7p03r60*Z0eHG`T`a1gt>Zxv1luK}DtLSaYLAM0z6y#8-Fd}rs zVK&~Q$97n~pc|@xw(MdHKa{D7V*!V>-2Dqg5{_iK5yU!`*Nd1?G4?_gmvTsHD-kOq zoOG&v>AD|=YyUOtByp!W1^?+t?@JofT0i8uP#qTCpLK2rNGjwURDVQma? zs@@2vE!&)ubu{hF1V5inYqfsO78R$NYOw;-Ayn7Ow5{}J z@mnFFRFCy%s-P^j5ai05G)#28Oj!cJIDwTKD{<)|$f2x(Jxz5Hf0un05P~1VxrHB& zDV@^9d~>_9H1aE}~LbvRP)G-y_scJ>oo|8_S_HHSxP=-U@s zf&*c`M)4yRJ4e`fv(fmsqhFgbH7vdI3jm}kvn}A#k}pxNy8&X=&Y#^!R_0zj;k0C<070EVbsXqh6-+<1zDxsk|K-J`X7+fU z@xe9MB4?%D^HLc21@|E8^Y`hBe=_IaR@>j8T8G~tEVD3g?G~Y#wbxi-OOwKT4@NOp za;3~Dy!h>?WSH~RwrGj!J3Z%SKzd|}G<>@C?|CH}s z^?Essu+xz(I1z=D+1%QQkxrMis(VQ{&b@&3IM^KuL!luNc< zzabbe36v9>g@dGW@K3Egtjr}ag@Q0Hn$A)rl1Zlnpp{PH^ozOGZCxk=WBP$Uf1ca%{cS8UFwY$h?j3x5;|l`D!;LKr)q ziVjFo-_iPSEF&njIAUvwqbR1_txuo|S(6{Dmf~vK{(sE9d3;pW`S_oZj06F1te|m0 zq6V9=D5xkA#%3UqJ2(*(lqfDJsI+bf6F^Z+oEhNuI*MCe+hVoWs;x_1aD#*Z0c;g< zLs3Cnb;fbQg%DBU_kNypXGuWY&+GO3(AmH~MT=lVQvFE$2T=Y1H7<;m{|ku_G@03BQq@dSdMCPUhc?ZS$YNz6`=hkX5!Pz->MnbSF+A3nsK#(-?gr9X3YdEzqR7x zG8%F|P}qo(E!&V7dyWSdt95gdL&x~R0x4^uPuHTtSomrWzyL#CJhaey23zgH#YVsf@cEbqnj;P0q@vaSbJgJq&+`^!!m z&zZ^e?jF~(g*R_$`(#@?Cp+%=DsioJK9VgpYc#wySoy}hJ;*^E;0+>YoO+g8X)TnS zER50c=iz|&8O{T0H2iB;EEY9t>yObe%5ng@eBJ@FiPt)x>6);jA!+~#lGQp)WBi}L zT*3f$vKfZ1Q~>^BrN0+LRup}WkvR=1hlAPhP0GK$btHhn75q>SIx=Z#w9Y_BPiu?3 zQyYstho4mDog=5}S%sg(fs#}DHfLQmY_skT&MIduN7WzWdK5;3I_FAvA1BfHkwiZ4 z*MmRR&XnnmAAUoe_ipPNf0Wl4{DDlH62lIsd%Hb(ihkB0Rhu3mpJPeO5=@^In{!Tz z;V0#6{nT$cnQu%z=JjWm=}+=v@YCCmIG<$3(P-fqp2zJzWP^Ads8!XUcmVN^^jG;C z;gE}kDTWT_rTu$~T=nm9S(eH{z&=>lu?a%I*z!&Add~oDE(U1*`u-mb&;~3Q$)hI< zy|g!*r@5=*d>%ck8Vu0ZAN*4WXdluIwZpmcA_4DT_myHEPKceN;b1BduyfvXW`Y5j zZ8j%SLNkxXm5{}($>fIABKbpI~CsR%GFRWC!W+LWyh?r8MR>wbS%cR1i^wkrr zj$OK&6Sw}6rfhfnWx9JHPZAOKVSEV{lgxey|F~eWBIWl;H#YF3cOJB=)?ALUi8HB9 z7T+QNb@4GXT9t{;t>-{fj~pA#nVT+%<_9J|@uJ|Yp7e})4%(o~%cq0HR&*P^aJ#b8 z_ABDh=e6;)R>(BYx}f(`};gitS(kDqViud_0?bKaThUPuT96f2Y{LUSWz4N^?% zQxP7eds@XZrn*-7%a0dmqP42jOP6@R@8hS{)K zwTMGSvY+;ppb3?4SkW0m%FNoJ9dUB0cvCmr>|PsQmfkOF_}GxC`oE;^75b*~eysP6 zTM1se5+7%nNcC{cNBE0iJV*Y^{Ty9J%z#&c4$8$Qiy_b>&f`lX!J{5;hfTEvo~tTE z#{N8Ca$AVdf4O5LBsY6Zv7##wf?79It!Oo0MuEX=az6&oHQn9`5R%9F^4X{P zqS{%X(5s9k76(y^FOU((=jJcnBC^?s)-W-Wv&xE!3A`Pz^V!Y?4=!aL<_QAdndDcz zD&EI3oSWM|++tS{znpv1rj}X3$bZ-#K1ob?Tkh2rl|W&cT-Q-SFCe|RfCnn@AC4wDw@q8qKtEfuwBOB$yjKKofme% zImTUTzU2|Rbbz6(g;&u1{bDK-+pu8THf&R36LIZ1t}kK9R`L7TPg-^by-j3ymR&Wg zS*${&siEnAvg^v$wwhv{?7Fz(KvbSp|)Wmm}No+G}NAL*56DwD@*dHIS^oO~6&cEp_e z{k_^3r7TlJar&z)x`eO3cApUg!sjvHu@pG0^gLBe4b{@e4ZMX>(Jdc%Dzz1Qe zJ$%SuRPrc!Ntg3ex9d;xW+`bfHv82z@=^yj(|gKKZUsc9$bfVmvR;!DNkJNv;zCc8 zdZihQ%XV55m;XU{hX#O>k;lt^zD}iX8UHf`bii3VGCS7A6$41Yz5%u4kUh z*-EN}4;>8aR4%f-%64mhqr9tV7dNz66GsdQvY!Z9CvFZ#e!%?<0tY4iQ2fvKm5U5D zj>5|Ph2num(C3}?998BbN=o41#a0%a(i)5t%?4TA0Q2&H5dLNO_oWbG7;G>8hZVb; z#%n7+f(%IpTVv3wS&7^Oe*aoFT$T&M#meQg$0A+d*RFhX=7|kg?Zo|T%+4_GXD`n@ zj^KCs4HEoLrM<=hEmVQm^=gf9aZ-HX;d(S`OZ*l|n(Uy-A+#iJX(s3ZGTi|u4dW0O z`R>|T$gNcD^i{3%F%j6f(TV;cPGFyZK%kiAF*5r++;e81Z|%6x@AUTh?cP3L*R$h3 ze@m0psrx)<N>;On!j0oQ*jc# zj28W}CIix3)~P!~ zuRp`|r`o+c3q3T9yMbOvpcktAh|Iy^u6n3QbwOc{r7xn^4zg-a9px>CC!=lQ$sXyR zJ6EYi9&_|q>Y*HFPi5=7g^$>2sq#zUBlcMEj&@~Y_7(Jr9c7h0U}kasfE;}KxqeCf z5Dz#yd$N8OH3)#=8gcP4{wKw$$GqKK^rhkZ%z*z|?fyjo#Yuc#zn@@qn_5(_ADztf zr&gy~+*3&z7B?nMWmUEr)Q2$acAj>_;+~B|Y?j4!AC@lB?_qM4+-|0BoJ^g}n=rUB zv7Ae`C}w-St=b;`7v2^Fbt4OrTf4mJdnENhT3*KNY!(zwp#M-|rpyOA=+^X6J@ z&0KEx3`_#I+=ZubqA!K7xQ@Lr5cvU(%Nac3aDjpGX;ldH`L255p>7S+vOFK__;Q>K zWA`&q@uG`~774~>h3)1BwGuNsZ0*ENT2RnyLOc`OxK=i%e3pwF>F^p_D3|t7962?R zhniAR08|@0c9Mfha(Y*n(-LPj&Xk-UaFwubl)z!?SP4JPBRw0e-dGF*r@m>t5_zV3 zHiw%xgB9pn1YJ}Fnxk2Ze54BS(&=Od&-%}kbvKPsc z{Z%vpbqARi+**>^CXy;Wq~&y*$yTiokJ!rBi0L6PFsctT4Co@#JY8AoWhMGF0Ss0p zi)dFpn3X($^6v|Ih3@W`_kg--i_qK_2-9tLm?Y@`+ zB;Co5l4lQ)cXR;cM_??&O|FwMo6}chO{rsfUcCmuvtdrQ)#Qn{treRqpU>cr`;;^# z&ak@K89o?5t8aPE!FbU!vDHDuezLT|0!S88pMH2Y+R?L%5<56GkWr#Dv(6sCTvTqb ztv-`+Kvz&jOkm@{ z%m(RM{vhl@eS2z?MaJL_|K=sA}rF+!Y|5x5x!t|dj&4IouR4Oq$Fyy5##0fT0WSSzixb3YA}|p7fNZp*7q!Vx(;wo z#tI013hq#{AM8GEILH>wlYa_+cXXW>KwRT|POJkTY;u@8QKn-CHzMR+^ za9Y;W$f%9$h6(PLhKGJGb~9o#!~AO6d36W@Sn6!vWe$7|27Y=qPvgsZd5ADahvgmN z>RLw+)7;k4Ro*WWQhI?Puyr&eg}KM)4X5X`yJ=~)_K2^<@dtY z1r73>7w+AvzpWx*lX{Kt_M49Wuej2exhU+*SwG0SvBly4U}e}$cZl} zIy&$H(FIGarnr97;uFXZ3Pqtmcf;83lOc4=dxrvM%?qOH9 z;{7Ox>n<(d7<|OMaKMSh0+aN7=fqR*rSa6k&5=a|Mix8EGcnX9jmv!M3-Nyw{G&2c zzB9gc&hHHG&fiP78f3oG{H*J{GjD(xznS_wmuGsWnUQ$#%G@++(pW?G(o1IT%HHMI z55&V(BlO9Y>G%Id$cA21z6Uwn6b0X<*OYH_C3&o{VNUO_Nkn{~@He0Psa@auk~Y-r zH6E3kt>r=fMf_v6QlVx~@Xm@AOPx@&`!&^tR2l(I|5|-c%}EK_J*5P zAEM{ej^{7TBr?Id(HHyL3i888qm0Jf4pr=ws_-F^!-($rQ|CfCe?_|Ir`}Uz3ojx! zW?x=V?wcMaR`}zY=`irm#>YokKe1TC!eZV!x(-Sw)DLQhy{an|@-4^}KR6KxYd@Do z@K)meTV)}7;ka8zc?)-xE@UyetP=Wbr(Vy}tH9~dJqb>f4yt+Dcq{rBKyAVmEg~!t zp@}#pRJP6>r$QA}$t?sSdQXB7&Aw1fvxX9DCdib{DYwM~_roD=NcBY=EeD!~{6#oj z`F{PUV+m)RKZbC|`NSq7qK(Ef9)>_smO5vgW6BUOdl6m_!H}Dh#4i@ZHN?Vg>Q*mBoW1vX;es3mWEuyU2P-~}m(^dC#$Gcm~GAX9%_E#{cER*jtO zlCp8(Ue(U_>Wa0{r=N?zPe7vzJ0FX?cM@AyNqleo^J}rXn4J1MQSDLBe@g8Vaz4K` zvEoS;z6T4WTb%n!Le6$kI8`8z?@%@=+zKWSU<+DMXDbE}qLarGxjiYzxL|zV)WobS zW%z|$dqXqP7S#O%YuxECcfsX#HsK-BKAL(W)v!7I^j#qyqPNSHqQ1s z=v0^4C&jCW<^^7y3X~*WmsF1cYLwAXDS$l-SL1E(S;3VeDhTSd7)0SZ<70Hc z%;L-b6iMUDx7sb+>GN5XzSQXCcEp(>O<+yLKUzEI;mnI!8;>W{#=~=W^KeGx#YC{b z;SFjB(u?(nxC52rN@qz-TA{x=poep+wyN6!Pe3~`d^gxdJhXJsoEQEma5C6+vh+l; zORi{#{<*#b7zy~bA3yR>@k{ROwp|audXS*4-mdT8kqnM);4wTLet`KyLWCXU)n&!t zPLGEacZOA?M$Sc_v@zfjRF)hm)wlX?r4IQQ@$au)6!g5BcUEk9FN2q!{W>@#+bs|!TF$e%aW z*Z@a7XE?}2=(}`L6TRJ3^~4UNkn`}{&KA8)5fnZxqt_mQ02&? zaQ4QyQ?ycV)t@dEnw{b#9@8b9k-Aeve2b-0sf`(V>RWKt>GOB}88vNA$*z#Mq7975 z^_@d87SBce$Ul$f+a#6d|0@07zv6Bgp)9Ij^3IBVus8jI=I^hm*GRFdEkp88d*BJ9 zZ#8ruwmU=Ek0&en59C{B|ICn;3$%JO`+t_Im8{&&lZH9;wt>w2HT){ia^^98I&l)~ zJu`Ke^Va^ksk{8z4pW!9D>HSq@;=Em+u>;E#brM%9iIg*UrhSx01qnE+Xy4l8%p?hG8gMbW{DOjfY*! z3ee^;>QL&R!wQ&ahz8$X-@JJ`zYF-uncrz7b$-uHzxV&=&h-3_=A9L*hmgtqR%+@Z zQrY>fzyBxa_e`>qH!!~u-(Hktk&c?i0Xb>Y*(oO$2Mel7lf<0P|~GzWrl{5KzWDro8h-%WiuzL@&{nI9x{m{elwB*QM^ zzkI;!Y@Ml%V(W{_!O!7tBM~g0U1?P zy>P}(j#Px1+VynW$-_oU*P{@>)`q3Ln@X4=&X_an8oNuhAC8!uCFGbnp8rU~#n@BC ztTT&JH!VUzS&Y*p5enswqc0N&T}lbDo?2ld)}rdCD!#_EA#rkiM5%b(bbU@5nOl-L zVt!uUNnG9z_s@Bn1IJu6>2pOeSFCX_kbfh|!Fvu1Cc0NYbXf!aOFVOlHbUT3IsQfx z4cbQsi5?N_lYT)gu|{wv7A4z3JdJX_De=KqqOJ^Y)box;%@cX0`~SE+jZ3O;Z(`7M zP=G|s>iw2`zg6C^?fs6E-;kphh9HA~P?G%f zVKDY=PWkTJekSR0mtGoIz3 zk{1?9dRZ8?L+Xh|q7qK*qE7*PhyCQmMByGeiWYe7jA^a8i-=$mbBBfE_t8b%2_KeW z=?PqfQGF0Ev2cbVkg7`EON1Bm(WCNF>fgH;I~{N*VyD(Le14+8X(6__eeN7LS+#a8 z+VbaNf^Pq(ezprV@Ggu$EKPD(I(@<(zvw{-kyvxkF*{zv8oZd!p_6Yl7P$O+SU9Sb zuLS5G@{TI<(gtgHYtAp{32l}O+)aChFtER%tugWHeo!jYSn8(TkGvF(XKFpx{rB!Z zKac$6C@@Jm5syE_;WwZZL$AKd-h3sF5m-j){a3fcjdS3S{J1lWtprd>3ky{~7?0&K z)^z8V$SM`~Ssl!wKlowoA{v}UjVWD!*wbb%P|n=fbcF4mj`hIlrL!**4M(^ZL=>W# zqs_?GW#~8D(ln}Qz^GyeZNEEevfcR-Cdn)zGxb3SbqPvD)Fpqh%?)E5&Gnq<3F#gX zeTeG6vg^(4&j3fw+hg`DwjDy$dSX)Ry2ljqb0@>gd}6*|E{NXYmjoy=^Yy%d?`LuD|Bv}voSm<=o#$(!&es>${IByR_hgy*k{e=k6oS_L;Q}F< zB(WFz-{)s8UkiWICF9hqOT$R7m+l< z7c!(>N=4pV6hsn&`hV3-zg@9K{l8j*X({|kB85NH+y#Iwrgx=P{=ymv%}Qg78I;=? zf)($H*$7u!eUd0J{i^?yh*4@QzQ|r_B@VWUTOUGzn=ibhvoh71)fZ&WTZosH&UIrS zvZ5P64W@iDtlw@f4E16U_e`8{b#}fQhI3$>LAfQ&Edtb>1KSj-?dJ|`ORwl~U^_mZ zIk4SBjuk5`WdD-`TU?V{3-rLYkVM3H4S(gp_FH~`?!fjDI;)ISc0DzC2ewuocRjF8 z_{bdC`ehDmdnJ|L$azilDfkNP_Pn;+lemDy^}Rk_PipV+BmcaU_)?O3QhO@>-haGy zRZil+=N-3jNpCr+-KeP{q?mP2`1;cC(!$r=L-G~U#U0l|Kf5+*!WokWfLEc&00kK zW|L$epU!H{$wD|RC7;YGIql?Z$%p@~*|+6nJ2|B{ne16P+5K}$7bZHiYvp9k?3i^- zPNmOimj95PN_*#IcVU&&<1RVbPuFI9{H$hY#(H;7*3lhpMw)WEbFXIk|8`jxfcNHP z59(-AGCwD)N#gj&{WEh){xYY{XV>MYJ=fK&0lhGW=02Wjp7dxgIYT3Lo)vTX%-Y$ zDziA*n1-}XN)F%7(z_+WijzCy^V+%=g}X}(yFIiQEy=lnErJc58Q zdfQD}9$_N~7)IZ!h+EzRqxgyhF>kKfudOSTWc1*W7;~eEDGm=dhRCV|#Dulf+@C^F zapKvCSc14AS9_7S&3HqoD-jv&yk#>zHiCul^Ae4v43?*g>zg=UU?A3-_{U$#M}4eA z%Zynz&6DE2MtE^g#K|2ie|)FYnN$&}DoPaBR&1@!{}@TWn4xb=+G>Gu?#HAO)>E9`xvs^EDchVzKek8A?YOWhr#Rpc{!%V%DU>v@=4pH5QbJ*oI7f_-+9CRH!2P=&v9Qh5q{4!w~R zyOxHRiyTa4@WjV>Cl$qTRxaFoB=92GxHEM>Oho-RcD#DfRKjJ6W_mW}_pLdz-WqE?2pY8k~HaEz=-s&irhaDM_e3Nhf~? zH7EI3_&0dp@0<1-uUr+fMsAjftDdc6V%mG+tszz>rTpg*b8%64bjZ2594s2lFE_GB zWI4z`bx2SlU#IY^UVp^r_RGZY9u;-`iqxHpsEnRpOf^%Axtf%8hj<+7q_39}u)fWG z1m&?c0o2^izv_p%UE5X^qH(9)2T@n4bWl*4lcSB@r-pu0Z}-mT>1m>c`5xT}S)(pu z3~JaEta!bxIX_$#AoiT`_u{FG75zlU7W;gWweUxt@W!xid{>7{Q=q5Vc*+FoYAq&C zRzOs4QMu_xY6_#nl3K8mlUl5W!cb8O{Q8Z{O*N&a8i0{V{)%EAyxLY2g^|G+BAf1O zXuw4!Qf>WT!Dp7|00>0>%G94#erVFk@4*C3o1*3tHz<5&z>HMtuwn<&nq5H51umW2 zpXX5iN6EeU^?WqM+%*w{O3O)2bfX@ml6TU=BKcUfT@pP)zntWKS;5QH>pGu+hj~Z-wHWZQqebzj)yuoGJtbGYB|jP2!_>U%;3`?g|l;f9WAzPXu`sKZsC~mDJ)T{D-R#=AoJGB zH^J7XElkSPU}P9>0S|knZqQPy7krYBt=ReXY{ha``Lia+lYDOSJ6GnZqcfVw_eHN; zr=>jY(O4;Av`5uE+V0KM5T4nM+of1Nfem`^MW4~(74TE~ns_<%o=W9pY@NzatM5~O zCcmv22320n-~7(Bc$?%k-UhpppWmp_TBz@VoY!s19E+3@~yGf z+n+}(7U4Aw6_NmP6#(i9>-!LPN(W{;zRRcsE!SJZVL86Z^d{o3M}d|;Ei4SDPYd&S z>NLRDBmSU%D+iwGRAI$t%J&?2&ezlhq|#P^ZqEaxziX@;8l_{VNBBKY=xX{bW)iSp-@wT&Qy1-rRKO1xg{5k;yC+q#u zB?I$XeXsCW{FX1h+u76Cn$~ z_MO~I_dc?NdA)}02V&EqmleBAcPmM*U*oK=yJ*-Ru#FPM1L z#dNOnQ)~Vqq!%G)_?Zw7#EVOXiSmk#@sxEEQs$6##MdbfkCg$9;juJa&EKl<3AVq1 z`6Hg%F~q{9;_yIzIoZOO`tyXnI*4CJ%q;rFeH{xH|4w`%toc{5j_5fXfyAHSHa;*Y zK|nS;wj5^zTyGAaoBr*`wF1$J|yJHZD1c|+C_L76ZPd!XuD zZCAc(uKupUd;f4{J;B$CSM*E1(NESIVXL^yH zZJiYn`4v8{eXaT89!1B+wT-8?>WU)n=Q8mF2>}bhb%n*R#Qgccb~Ic~C-MHybfI-- zUp;jsC-F+M#%HqHtpz7aqSHuTt=|CYZ`;?3_9r*!)aNA+k)feG>0PvQY_$WBr53ow3?s_V=6u>Of0$<5eddrP?>zblz-t<|H^C@AXKX# zo@hY&1*)k|LA;>uu=88&ZR_kqkj%WFxS7&yB{6iRiXnvEC(2=oi0fLkemV8j@{u-< zm6C3#&mLN3nlDQ1?KN*jU8y4eptjuj5s4pI?YRBcpJ>NlB+1#-KV{lL)9p~j$B8x! zDKxguBE~HrSo3=d7B=pb#O%XF{#$6~OYdoSS|w0K6Q#TgQ%~Y^Ct^*nr(Y)SBa?T2 z-VMQxTHxh0WqMnfm?DJ*SWauWB@HC5=4KiVG|x8`{J@J2=Tl`_h08HSFahZ+(fb5` zm@_)j=L)l$@37-%`SJ{Kg9T?HNj2k|Jw)WHXwh3{pAv+G77NkK;jJ4 zk@mjVdJe&FyF>52nT@5bewe-OJv%-EtZ#Xah0k1lk!ZUH{mrAy;utjEW`2py*~D9@ zGUcf%F`kb#n(?a=NNuNDJPCh^!pU}r_Ph|xYiyM$8;LVOSm+Z0 z!AzLQP&`;_$FG?4oM_fUPB-a&WI4!F#ZjV)Q4kfpak~(w`cHz5-^re3MgPUOfk=?W z;RY~GxS}o?ziA<#$UDrn8yk4$M~OIJ*!jLa=|V8xcn29cCPzND!rkSXaA-VU^n~UP z3X3oMzlkOtbWW)Y7!`H3vx+l4{O_xFWDT3an4%%;g`t``TQ~r{PiBY}TY3q5`kn#n zah{*xxxs(=1>}RXuJ2_y26`i#ZiBy0UWc5X&+@WM;7cDO({FJuO`P!G7iM=ruJnD?-o^vT0$~ z9PPf&0L&6P5huhzd4U1P;= z;(PgeU;VnfSQGk&(`2eho`smncRd{s|h3^exB?%sT{2aO_4Mo8*mIw{(Z=o;7+ zkH=#^Cjt5v#;>Na&29(;V?%ohfjiesY#q;5JR2OiF7G zDDznByqXk}vsB@Lm&pm)E{`KrmK7Tz#f6^^XmXI04?HVaF8#A3ew%v1_=f>Z8l2wn zzYb@HU!sj$>AJdUGLK})?O8;EIU$mS+h{mI-&R`LDuQd{I^y6^h^XE1*|>-Q!17m_Py z5Ahgxe20-^Pw^cjKf`^sWX?XH!55Iu3!ld*w%0-M4K}5UJ*){0@A+?DhtCy^`Oi%G zwCfgGf~i9J3-Nk0r(XOeo*Hfz6u> zlIMXrQhiLTPY-{`ud~DdTApuj^_@ipLQ#^(WY>$iuiWzksAJeu&SQXj$EJ+^By=59 zBP05iP%JN;za=uZ5CXHkIl*NJ%j+VEE^@JAIo3hrU<5c1b0wb$CQBgu3&f$z;~Jfo zB%&j+U$${Hmhg!#zPpvbDY2sG!{k-F{Z_xypXevV#`i_qeOB~o-WsNEBOrwx!v42} zz928CE-Mc<{M$$OnUweMd|ro z9ech>`YV=j(@n2se6~BG3_~o=9WYFlzo`rNZmaec!Qp)&h#0w`Xh*V)DGA1_*;Ab} z>$3gzx*0ozY#BODBZ0M|Kg#eUJhFKK^W^nZ6yj2f!Q927n+BHyRF_q;q0A~yluYcx ztrDx)&}R0KI4uNhS(QI{#<$FNdQmw*+dcH&RxNL+p1Y7V-O4Z zPZE*4*))%qZVay@u1JAAHO?*4dEh>H?%XT3=1bgQ#Grr{3aduxk*i9f4G-yTA=z={ zT59>VOOqed=S3Ym{bjb(Q%?WMPH#Zd_`h}f<-6$g8d*ofr_t$K<*D(SPM!X%ymf0$ zr|*%3>GUg#8sgnAot9rZeKq+4l;;FaOV2&_G_dv)0&Px}mU=Ow-DQrJ%#l)ad~BUJ zKdZg-*-vp2cH`A$MY7z(G!FVi#=uLk&TUzMHYl>9F2`U$F%|y1!TKoJ!)< z(&VqDNIJ1MIl1Rg@3v_Tzv7=bfu1z(T%sJ3PjO;&kz4^TOtaf(#Y_G3oDFFbAWG}D z7LIk_ks0|n1R%;AIT6p{J6WdA3Z#@AO;+>Sm8#vnK1g>L&Z|7hqb`N5=C33|!Ur)a8Qhxx8Z4Q;#1-`H3Cx1IC z0V~#377W!8O;WutT9oArRU{Z+vRpD*)WzPSW^okL^hb%&mMXL!5#9esR~$H}kP=GCLOdv0L5PeTZ^pY+iuJ*9{|V}rRGA`qJ$B2-5;4y z!?0Q_`ku6-NAl%GWYmAkQQmMaNHWgOlUtM;`J~$IJ!v%#Rmd9`Vz%htc6(L=D9p*N=%0Dn>N{M4Pj#(a^%SsT zBHnM9(xP6Mp-ct#Wc*><6Pt^v5$BTI!&SY`9;A_IEbzBrB>lAKjPu>QY!0Irx%Yva?pCO_suTx;Iv zS58)W%f_&Xa=yHScft6aZb%E-p4*c|;!>DQPRFjVnr;y{-YOZXoh{=bDn8lo5 zMll*ImN(f$i(@qT)wyZ3cycT7nbOkgOP%h)!tpKPG2;ImL5Oi{$sqPs zWm3sOnGTQd*kOS}#}2>nz1QJeR(c)&6z(|F;RbC?wE;J4{c&kc@HnE$d6^Cu&|#;~ zHQL27nJ%8KU(NQqI95}?mM;Dlun27B+Vdsd1h!{&?CPxswtHq_yLY;)i4|T~f0f(S zH!jM+_LGo+qBPyr4Vv6L)783frK>lbCL-|b`75Xv@!zK9W!XKb-{*OqzDrYIpF^kL zpgq&s3p;l91u}qZPG_fX|8b|_!H9HUZ`qy$){1OjhimmuP`!e6peFAlX~@GP-vFnL z^Y#Q6*ehRV!;kn=NHz=x>^MmVdaD!$1GZ>tzVvhe9TM;!COsC+TsA$o$Msjx+wNJ= zK8<0N^!A1p53(P9m($z1+MXgoT$>n~?(IBH9-Zm!j<2P+)(s*+Fg@-?kJUrQ^kQyq zFW^7`$|~P+e3PG?!?SdGI=@RS>GJ#zAK$**y1B`Djd*rTH_8Pf-r{33PcObL?cDI_ zta5#=%e`S7oEgT3i2q3hCf?#(HAdie*V!J>pV6dC(g6K9hJn>VtM4*+4JAa5?`R$) z{^?qWAW1~a%#tbqeZ8ipkxD*Bo2LK2``P|48!As=V8 zrze6De2tL98$qEqxNmv{TZ1y7u9*?ke+B2 z{Mg~VTH^M+zF9OTePVnTTLW)UY%P>%T5y76$O$-`@KWwYwfNA>_7zY{;f@S*-0Ojr zy)!Z_$D6i@|3vNUUUE9Gr)%z60IIu}m`5TQxuy=HEu9es3{e2q*zO$6NGEJ%$6YVh zM9JEj2DEDfnREa6Il6P8) zTAGn6?og@XdiZ~;_s?nSpSSb@CW+{_A~=Ls>q9Ima?T-#OX?mcZ%9+XdAA}J$lsL6 zGnoOCxmGh1DGvYD`BTe^BmVIsxDol_PPU`iQdtFOhO6$D(JFf`o zu+;0*MBci+ABSHc?`HYD-E{T@{k-?1CTEW1?9CySftP8H?*d-YOpk8k!m!aQ%nzI$ zI45v!OJY3)KKU(JV~!&pziRL&$Q8X4OfU;~XplMxwzlwOrdCHF!B&n#z~iBAaJ1m+ z6K8sh?|4n#M-uT*lmuAOhoZ1Hvq^y%pA+OesYapZVTi=-wbg5_Jg1 zJoq6x>sLaqe^2rVKCT8t1gq>WXy%r@mLfISt>wnuBVb8bk}?gb_Fk!Ap7$ zPX3lTcn~Zxbm~S79+R(=%+Uu;^g<1oKm!P#%3c36FES%Lt%V1&l3BmU==xQ0CHGqj zHHi3cpX}kT_4rX%Y`hFWgnc}Z<~iiN6+#wOl;}f?ZqIXJJVJ7awi~|_frYg|LO2GT z)q&6Fr-@lBf@mWOnow3sj9qiB=OtaX*zVa(!F%D$YMrgM@e2nBx4n_- zjy}+xq_44`$2Ec@V6gJ_nV+JjI1Dej&>?V;?GoLjVpXuRZRYyWAz!FYqnakLmXaPG zc!8W-CzS+@QI+(v+6a2ytAF^yMFE2U1|mDJy|xd3Ia5w$r>Y^E@C}oANN3Lb_mHNb zF;_4bS_Qf_S9c4Q9TV|iey+f&2Wy-dlcVbZQ#XAa!DFp4bV!$sNgO|#K8A@LmLpq` zU?YyxtK(I}todtY+3U-0yzIrxN!I+QGA}`d_C0xdnKgfL<|VhKwiohpwl!aZ z=TbbdWF9j~&A*6`yPDjBYHQ^3q-rp+Su9^FRHxbraR;8lX$tm*I)~MSbtz6B!0;1a zvTGza$`a4q&m{Jmt-dedN(4_5|Kba~ad@C6RITUNuy_}2!#9fJkL_STx%SJ7!&>96ixn@}o6bMzVt}wC7R0&ku>vknUSI^hH34SIa`E=Ci_n%PFTf>Y@D} zM|vXi0rW=geF?vayuRo6up$lq&-k0qu^~B2DCv{+M^})jsAh9d-o+R%z`7TBRAmmJr|{N0fS$~w z96-bSbUJ+A8)L0R<`xyq8^X{Q(fBG~NGhgJKiWFpJ4_F^nbcyF3h+(DzlVr^GQf`bh`&f{6F&PuEq$6)2A|zi zQ=>^`9mkz@!m6}zr`>XU%1X~l(RUxbL+a@v>l=Su%&2BR68l_f2=|;$Sqc4sigcnO zUcsJEP*8(;A z`LS={#Zi);|CywR54utKn)wq+L_S20yax~LbEU8rWei#bQ$rLldNqVfe1PI-|u)h$7GEzR=l;zK(J`1sK1jet|9w(0+6}*tk=; z11lQTUSC^BT(N2)P`zv9r|}c!=ZBDcoN#jGc6@ZHC?*F7o%W!6Sse!PR&2N+1|uc6 zx(n7F6UwUOV>T!FuhbPwsh}`~J&=D=zJdD)djOM~tNy#6w%tL+|A4+^;B8ZFmBPCh zxf-{Y>M#^9lAt58C-{Pslr49UCggh8pj%taC9FNSn5IB?2*u`h z2z)3$xwyU{RB+f5=@+(bVy8Wv?poK)pcc#>i-Q&Ob^GAauJA2|F$u;S^y}fi4a&Z# zHlfwmN<#jr(T45r!5vz5MJs9sALw>0nW%T|ZeNSWB(~0q6)}C0K|Oh&Z&wUGnBPRj znPN$^Vp=YX81IF`i1V+ab6@a6(SG;>#pTFeyl{PcQ&@2MHd48KR3LIu;SMK(P8oeN zcUrU(6uHQb+eN8<@Yfn1V@vM$w)Ob_vii;S(8Ta37UG7$i_<|ncTmIQx$|)a$YSQB z+MAE4#Ii~p%Y`V0J_RFF%TT|na?bTVT`5>p#W+~B!+l={2IkG+!dCwmJSan&c=rwE zkxOMD+n{O@e@~=AhQme`b$cz;0uGzU>v`-1CgG3bsAW4SX~zL^& zQmAXKMWU}ow_{g^%8F)u%^7ne&2?1pbkx{_bSQYfOuTjtbQceLPhWegJnf>dog#13 z`r6YaVN{>b0ym=o%+c2#Oa3B*u_5;YPPZ%{Wab079GP31+6fs@y2;)amNli8uxIf! zoIlp}YV$}a!fo#-?s*%j8L$&0tYF0-6lW{?>;-&@E-z~&#F5i@PJWc5WOcse%%67+ zLlSQ>AvMmqbz&FkY4($^A~=*#C<8a~&ATL2P0js7v5%3@?K<-9@-{v4&n00-zSr(X z{x9-9`GL-#9iN+{lj}5r4;_~?fqUi5Uy07&fym`L%wNb!=BVeq+3S5Z!?>NHDru54 zsp#{iCGHNHP*!4;$bv7!bDQgcFQ&bRk&Ja{Zx;=}G+7PC+&h;xKSauxi=%i1c@5{_ zXzQ^*JH%oCbCX9%lPxqE8a^5Q{EZ@F6uoyxtAantYfgQoYF2Qo^w3P!Fc!7!SLmSw zm}lz)I{F!WA$wh}j$ZJm=_*>wm&_MSg;=oL3o5pPEj*X;9DSbWi2r!xO_?RVDVSN( zuk)C^gHLu>`}tD)HpHK_jMJLYr%JOy$#@AAGF(b>qG_)*@S;sGqz5&;$zedAM@W-p zK(3PZJqF}5p3`)8)&)YPf`-Pj~29Yqb4#xT0hs6wr>J23In- z*m`R5gf+z9+xRMN08vccnM5KtX90;t9p#UWpRHyq<|^=I zHahGoYr#6u{ z9*x1{LaBj}$4H<$?VfPbmF=7+>V2tS%Ao@BBrcmX_;OvRFNa{VUXTC9TM|?}er_=c zXSV6;O3=1X582j_r#~<;g2!9C(`4fc9g~yD;SXTgjNC1*-TtmQSrD)8w!^u;>>geO zkHY>+S9@1B^TC+a!sjT)2e*Y{ky@$R~Z(aX1D9n%R z0MI#@jUB866Km;U<-3;N_6K6Klj9VroZBe)*WmD&a%~HaRUUaJ%+SZ}-UQC>7UUwJ zXd43wR&EP&%tnfN0TsV1Y-r;So#gqp030J}PiQ!MMtsgNZwO=J6G|Dv$l@Tr5E`FT zK6Gaowtx7EMKjJLv>W)jeAX}2-lNv7Dm8D`&G<$fD5Aduut zjxVQ|B<21Z)4Yl&XAg+andCK}WLsq`=~y@jpY7C@CLhR@QwgTE;9iCqpL1EdY?YL) zJbN-)aCwqRg$tdpN)YF(G4Wo*Llxh766PS&58T9Hp%x16hR-Ro=KDbo*DPOITjjcap_7nhjbJ_UL0@F+zSlk`3heSNHBK`W zs(JGsqug8Lf}C-CN9CKd3$gY;EYG+6D7X{9f3W4Nhuwf9K;TeJ>gyy88LgKO>3z3Pm zKsbf`Mf2Il^}<5rbM5!bL40-kApU38M*zp%`pW{54={MUpE?!46A!r0%(Y#foDcGf_Hv|inq`TK_tk>4$+sh+ zg3PR1vBUW?DSu=h>h_#kmd+}h9BG;Dm}QYXgDypyE=%`t9YX?Qb&=-F zyiF~6oP3eXgz6b)1WsznONBrZ^D0${=0}JZR>z+7XWQ)0jCJw6ZuCzC4#P*{8a`E0 zSRKpgt>~Vl+(EbfDR<->SypD`2e3iv$nWOB7IMDI4EY?2fyhT^ha4TIXFiZQc?3_K zPi6j|lPUFVTVH{JU3fWt{@P4htJxccm_XmtsvB#RLDMw0HVcCVJH^U)AJ!f*Pg;09bb5{}mPt!?SVf$ng6F(I(^M+2IuLq|m74vh>+8M0J zPFfLuXGIp_JK*|YJ*rJd_|_5EcYoBLb{X)wQy{6P(bME zGuv0rQ9DGw+5ZIvr*+AJy0zeam{PWeX^~Y|r%99;<%RNp%s`2qBvi3I=s^6^8;a|@ zX^03ngxiR$%@_06GvMjYU8!k;Ezn{G8&f2yqE;GwZlgxKWA1aEEBo zUuONWJ_Ve4$w!1pxkD!&DPq2Bs}c{aA}v$8+=?!zSjd4vsAGD6Q;IkXhYJrdEVz8% zy_C}3+`YA|L4YV|68W?gE9p{L@m|F`GAx;Gxht?WPz2yPaSWqg;=s$`AuFsK-lvNayQKHozxPbLi4wL(5XSYL z$>*Yp#k9MYyHuKt-X!AxH7(}V<7U`rvbOzXS%b6`56NY&Z`uVz*9@Xy;NB0Do!S&#Z$;HuAdQppLU>dm=QTyiQz+QxTX~q+(R00mfTF;3^yGM1 zY3Q)~6)eF}uhtsGP%$9cFeul^zbxN)LZL^k;X#%TDOD14>u` zSC*4F2SJ=v)I5z)7Rhfg2;&7Pmles3m5g`DK&p=u##$d<%_2bNYBPgIRmI}0Bn&{2 zB2nVUe^cT-IH!iIp>u@3h3X|w*)1pa^@U{h5dn?vx}S-trSqzmX5HT!8XafhjdFm$%zvFQRJM)Q#wb6`e%NX}lQ6trE$( znBisQVVC75E}}P!MEn7r())kE@%%b)=^#{R#;XJI7&_8_DD~aZceeleQWYxQ-HOH^qVsHB<=d^Ru z(R{9!>Ya5#>Wi%Q37OxE6^_5o4m;8u6DO(Lz=sN#ZD~uIx?KZT^LeHbOc0t z#77xR!=j$l(=k$)UkMMXZJZ?6nkyqoj0~g_vJrG!ZaYX1DXJCIMzGt;kaM|K9H8Pw z!T5>A$$Hq6w7$gk9C5@P&c*Ds^rt9JNB^nd(SRFb1{RovBh8>Gd>iRc+g@ItXSaRxeG9U&O_lypW`B z-x_YOEpY+crgry8EhvU9BlW|xq#TAV$7t$gQfh#cn7Wp=F0T6+#a;`mfw!D=)T#!@ zHzh7?B18C7*s=qdPt%G7-1tE^F5t2XSxOo%`${7Ummbo9O0Y!8#GUZO0?fcC$hN#I zN)eb?81Md>v0tJ!ORT4(t=OA`shU_%Jif$ZGC-HLt3!4snwBX@lY5pT1e)-9mg8f)Qb!4%imP5=w+CBA}pP{g`X5v!X(qXS|sHi#7tXOL>m zP#Js&q?)Kmb(uT#PgKXQDqwttjZkOhPW|2>QC}I60;@Mqf<&VfiFUoG0&R4;AW%O= zp!G|2v=S(IWB6Z+M>k6&pMqGag=rMJG6Tkb+NPq=aR&$rH6KaCfJp!uNP+)K|Lf zp;3vVk+dXe^pxy@vb?U<#tdZ6k%km96Qq%krBZ`N%7t(ghLl|*a$3bB?ti}o1rR{m z1%)cKRu6>^m1+$N?I-n0WF3VnD0Iz>(vKFEC7b;Q)LAFgY0L9rq$(z!Byw}eS31I^ z#5TmrN$i-^@jmFhMc^XjC1UgR{39Y>i)?2H9HXx|as{0?a8Yl!-Gy@84OJ$s`A3k~ zww$w~95P+sWru)*?!jWj5uZ>{#IYQ2_T%kC@R=n}&AYWC#J`^}(J1txPutkXDmJMB zGSPh!!)(LHTG1$iFHRx_DCXhp&Ieq+1F0JSREhRC+_$f^;i?;}xL z`D4iW+=~2}!DDDj!{L)&W@eXsWe!_!s`0sP0h;}of z3XTHwCRBk$Vix!B@R-CKxT~1?hdHfZ+nF()Rqk=51mHAcpu=@?g}uy*fn+?)2a+5R z0FmXNK{Qy6G(-i;$RY&Dh#~B52}BSA(_kcYL{WZn1z%%7!-OzHm-fZt?rB{BKsy+p z{Z(QHthO#DyrAzP2O}diF;y6_qZ$%fPY@lk#1F8YSJ7G(M83oE@nm_A1}gF$F^*~g zp-dsX2e0@oo^?D=C6Vv2Dyl(Nc_M_SrgT<6p2{gsf^nZXnBT!fI&n`#a96{eo>;|i zmEu7#&U)0j4>@g#FW-U|?$Hxc&1P{W^RqJO&sMy15?1_&V#n!9N5JsN=rgU%nHD@i;Ik zv$ubatf%ANZpHTH140GY)k4Ksuh4RjW7{v}Y_|J>em~gUp+$sTAWke%Iz`;sO^KzO z1Yy|b?$AojHutyk^fq@NPZFLrD)rlL4JIC^5d_f?HFxNu1EJR76w=h_lR^OF<2ZM$ zLylhnxny;}A}{gNuv=?*;<>ek4Mu;9<#$$q+&y?(;=L`^x5QUz@5WnN*Kc7%kgWCQ z%`opxmHc}9VIsr7?S^^7X>^mU{Gm_FKwFeKv0|^XG~_z3YT4~Rv|^)}yHI5!XpLT( zJdS7A{}e0;f#dGwid_?aG<*U;x%t9HCUv2tqDoHRfr7kR~r62|w}x91GiJo9*!eLX}<2_LptlfNM8@nLO= zc)FR3w3PJlD*dXv6rzWhXzItqN!=*&*K)W4Vqgf9#lCQ|b{Mn6U7{%vADgeC@2$cx zC4GJwB6#&W%WcSd(YFy16F;SBi!4SHNFu8NY-5pkWYSyv3m7~OD=ytJ9M*L_CSRov z;0Axy=ShWl^50Zo@B#iDB<7MRk3ZkS(q-%MOhHjX-!E$f*7y9( zN*$$r=)i^72=~dtt9e&CEI%oqzqr%>Q08|BuOcI{%uym!voUA1C4)rAY|J zMOsSdU%$Fb3d#Iy>UvViDpnFm-n=heFiba8aZ`c|Vr3~t{AHOcj?+T3yecX*HI0-a z`FDyl3NW|nmjx?LaH)&a+uUL zmZp((fG1lY*G?xF@x~DTv^)adTS+`f^P}L+W^=-W-h(v95@dsrsLZq#`-|X5WG7st zI1BRB*J!D%6B7;oV+2SY(CKauo%&?Z>Dyn*pmWhFTmr*Ah()t0F~M{YdAQ)xE}MEd+Xr9Sn)w6TO(DAW%5UTpo69;|ZAN1S~I zH%-#>%A_USdYuQ>D_{5uq}N%VdLt|E5)|DcC82C*IJ*c#Fs@*@r~prDzfHk40ML?R@9$DM%4L)I*9>HCazm zks`5PFt#;wy_~WDoJL$$2#zFenH(!^jxF<+WG7#ouV2HWm+>JjKvA23YS zh>hFT-|r~f{jGWo#;-FDea-c+pkF$`V;!mwP;MfpgaqXF{p}Y6A?knUFCl{&{?GiAmjIQcs)IVp6F)6ko+3 z7JLadc=+;yGFAi?Y{5iB{1GBMcgi(kkGdeE%B9iCu9%f0~Rk2Or;<@m7W(>5P`uJ}_XN7*Df7bl^KS2%s>)j9-`^jQp@{R!L{n zl|q8j8I-&Nv5yDFNTGo74}Cl^hBbL3$;27#ziBY;tCHsT%|f31pDZAMsWk~8kJpmO z4Hb|BHFY5=1>{x2L;i1ov?6)(ae6^#fLW62zgwj1)e(Rjlg;eO&bq4dge+9=#&bZo zoBLwrVm&MRIFp=#%*2B;kok3iKxX+t9%RncO|ixyAHSZeYg3b17A{RTXs! zUmfxH)*1vNEy`hH6>nx~Eqb4be?gx#S-Go=3}=Yf zo9i`on53SR`Xc_bGha^Eyu-aO&(~B5DRe~mZ#&vbagJ^-zQK+|7!l(yHU$qdE2pe(>Ts`6O#p zu>C}`B&eI)=awt!rWY_Wd@aEu>w8O}$Y`r_YYj|Ro(V}Woi(wG)bt_K+a39t-eQU> zkx?@}oe7va_Oz2niWf-nV(HH5G$?@-vmPlDNO7EG4cER@bGL!VKj!$S>xGYlaMFN6 z&)$OkzP>8*VWCcI{o&r}f_+K$8H`U7o0o%$-~+5K*Lx`{ERt=FqYv^TcUbD5$a~$< zoPgOlov*~sBz{a6*EhMFAl%xFS7&`mWYBQl39^MW@0G-aQX;JX$?a1$CkLc61*AP0 zSa@Ng;Ey8FhDriTPdun#lz5cSY%(PHuW{{A?j0G26;rg+iKG{^yEo4I+xzCh{_LU@U^8H2=GE z01M~X{XIHxswRI)QtkrVnRw!!EFEYsFm%9*{*mgD|7a~j3l7p!#Zn2hU@uK|A@viq zU?qG|M_MqjD-CXp47!UPnV^UHO+0-t8W{|MnD@zo0VqADmQ52K$aE3I%n7+Klr_kZ z8&}B4TV8~qP>b^gtHXbZNUh9XI&X&z@g{h8J@;L%$?HhUwAwPtf8H%eu2tyXw3G}f zs9(*MLJVoRrYmN{QgwIelm(g)m;C20uNMuePl-6|hqOVd=!Hjy# zGo*sU?oTTSV(t75D7^ZSK%KHLKWc#0ThbU{ajXhDZ(Gp-r=N&_`+jL++*A90&3*=U zJAaUYT~11mVRFv~Cf+RmnLo>(1uNf}Il^p|dxk198|4A10PB4>{Kl+`>{dzH9NzaO z!~2d}$ZaIahdCiS>#BAC+%vV&?Nc4ju6-*y)CZ1B{N0F*N#gHzh#0!Bj!`+Zavjz) z9Ap)%_SfWtB!_HF{O}hsn9~!2po!VCwxQ$YRIMk3mqn7ICxj2a7wFt5)qrQOX{wQw z!b*aL{I9U823DAQ6z9O|&}0G>6#BIrcv2j&2J}2e&X`hh`%YO>J5Lm9GAz)d5%8-r80Wu`-@Ub!N8?i4hB?c8%j&@sd z@-gNJP1QrxmZNf9Ms-G0CHLrxDkVI_<0li7usYRQ{r}i|7x1X6>*0GQnUJ8t6BPw- zCDvF;(Uw>*3>VEnM$X_2P$dRSQCbx7f>NE~q9TDwAjjiqyil=KYb{!8tD;qmD3S|g z0$L5=1wjR`%rGiZD}->#`&;{*$($hC{@>?&zUO_v=gX5hXYaG`Yp=cb+Iy|Nwy(xh zpp<92vkQNGS(-5Zm^9R{?GUI}*iD$Id;xq^@OF{5Kw~)LwO3b{9U)QRXnKEbVKz7c z!Y2!4YXiv?M@ZDn3JGCWC}m6_n0lmx(d7_KIi`hU0AYGsIG6?aIE!1+#TGeopDl^Q z&xiUeWy#{2!nJVi6p#aQOeMF{U;H|$CL@$)F;WZDuGm1auyKc>2&x;{upBP-5nip*eR;HnY0H&w8$LBSKHMW6^?uW$;mk14^2I?47;SBnWX7XDCHsW8B$7&Jk9d zEID>}7f~aBwULoplhk`>D?5aqhpqa(83L`jDf*RR^ zlOV}4)vV;7UF@P|L%vX=J)WtyQ`T!&JGA?ItKG;JQ@Yv~u6M6{MhIIsgmTWK9O$7k zf+$h^y_$uZ+D< zI0OtjMS3z{uEafaxNLq3Pimsz_lB}IB5dhe!gS{6o*km6Qr#K}M9)~lH|gW&c_-?R zk=a@0%%xvq8gzL&Cs7YKj=5arkfZZTJt}xNsIxW60V|MV*0c;#IF|+&5t=xcivZH= z@7U~uL-MpAe=Cqaq>c6Q?6Un3r0Hd4V}0yk;4Idr)7_rIh_fZAS>}J?UKQ(V%OhG9 zhs)Uq#mc7dpPfn%-F=-c(V7MERl>HNR#$OdhU_nxV=xvu6HcN<4JV;wC?9h1gSK!2 zDSYS`Y1O}!wD4&hc9t};3;I~xnFUyu4(&qY8imWUCaVuUFDYHZe39wdJ>R#B&=s&Z z)g`vOL4!J38|hcztQ>X(+>a}AxV@6OLN}O68f^jS$D5_`jnQHMLVT3o+t(!rB^x>q zm)cQ~s_VvEsT1t=ld$q}+FkO6T2Cd02wf4SNjccWWc5SpL9D{eoQq&jFt^htdP8}l z7izPMA@@#{hq4sAxHVjnVHbloyU5vZPf_B8Qv@mHxPYf9d_zd==D?YYMieZgQfV@C zcEbn+xfD>bj9=q{W&D`e%#+cNy}lqBREwEPTETi|dt#7i;$ZLpY(5jSftaax(wsrp zsmVSPDzg#ibWnz=N1=%?lD^$igF(SntGbIkZDE2a#&NEvAd&dFd}Ho5h5U9Wwq>ez znazmE_~;q^_$GsJAaAs#5`&I{)-DEFg?~a&F;%1#YpniAR`MMiz}IAkn^yH1m5`<5 zU=Tktu;dGM37vV;Cs#WoePBi6<~STg6uqpfGs!KnxOP8kDCi1zsiDZdAcd?mSbHW$ zeeFgMB{MJ`YxY&W4j!0?obJ&kc^<9eAv(s}%&8LnQPZmlmJG4Bhc&a5IKveJ(+nKogVL``3h?aEW3uD9la5gNp zE9t((*{|<{L0B#BON~IxqZX zrp#H6;6Bpnv0>$o;0GKvKGO<5#}Pc(k-F_qDs>-6@B~Ndqh%{KHmv=NOxgQh&9ry2 z75uIv_#{W_Syu20NAN3-)U8(VA05G49aYfoju5_e6@6W1g6CJ^ScBGzQ1)t{# z9_~o}loj015qydx_>xCe<}OEYnIrSrR`7?PXTb95x(rx06C8-m=|b+cj<6|z=^pll zqtqdA=0N*)N49r5lAgyBhu~`+!B0CeEB^WRnQCP(mlYcqhD_74^Oq9b^}BlABH9EhEtrU8#SQjUD8TTtAQ z>QaPgj#U3}1RaU2)DiScM}{-I2hDJ#x|<+9#=$R(GEQ&=9sjy&K>LnN^Y^u6+INc; z{H`PTBuDCdRd83vS&pE0y9fQ%k?HYobgRy5jz+YqpkY@#%A4j$`SVs)+fk0-I~}P< zs^G5b+~f$lyL(VyN2afL4;to3H5~n1aA$Ke1Dy}z8R*=)Nd>>;2<~)b{6`hsRh>^9 zLI1Q;&U2)!c4Yj975rOA@Z*lupLEaoLPyHU?{krsi-gaQ4SUfMyx)=eEmrU!9KjDeQvXa=8L?rvID%I> zQjf8Mf9(i<#1Z_86+FxlJkJrl)(ZZSBlyRTvR8bj%I^F$)9w+D)LX6KZI0kinlkOa ze7j2B;0Vrfqz+rbk2-=McchM6!BIzW+)=d~6Dsp79Kll^sl7=R>~{nkj?|N^;GZ~x zuW+Wol%ca5!Q9VzFvbqjjO z(V)K)RGaxjr7SOT+P~3PhjmvATU{(GM7i--MbeEu(GSseYY)_Q9w-NS_0Gn~C3?4zk(rR8-9ygEg#5UB z$kAOPVU(Myq{7rVkyo`gJd8?IeGxu~*X{yEz zmO$ex)yT$hp=#RgJ*w(!5Hr1?TGveVY2Xe^ev8H2XfsE!8ba;{Ejou7fs%$$&xSx} zL*zy|*B@=n6SKNqk#72RCc-Zd8DU5!!oWjDI6f1BBVwuubsZS%@fx|S>?mqj^W&;d z!aZ>yt|&+)=rPrS2p2hzf-l@}_hzbgdtT|F*R?9{k9BdIaTPmks{htSJ`23)w*N}C zU4 zNE2cUT#t=sD|u_;fN-$bb~#ZF*`q(rCLn{4gHqPHguclyP-n?}Mg0}k*lr+H`n9qN zi<%+l2FU+-B?+EI{!NL8?feUyJ$>24J9HVw50#P8N0QAW)Ob-Uq99{$;!)`#>VC9t zI!{-q8e-e$UfGz7uYp~rg}bgOGq1#~%oSzEl?WZAiL~>?BBk!T!i6+kk|oEGkL*6)yl0rUR~{Wbzx&|ZAPmiV7w`f zVe2n_dNr+yL4(Fuch1TmGVGNBxi0MvQM3w9-l>XsWkx#p#P7&i`USW)OWWDa>&-r* z(2AYvHbOS}db<+Wd?34DpL6h$%_md@-ek*?t%>Td28mh(yTGE*z!vXVATu7_$Z(Abm$k`PANxDTvZC#N110SuWE+^P~xd3>Si>jZtsFn*ZdehCNnF(Ce5>E#mvb2 zzj=Nvwk8u=EgIyzB0ax>I#$w3dNKc8wyK3X>E1oMHoT>DS6t0Er&XR0AfJ*rMtcfn zFcn{M4I-n1OK>mEt&On9+L!^7{z|3&m%7THZ`E`cbW?6~cx>g(?G!n@Jv_Sd<~`!t z6E3T~xkFqX;lY(R?-keH@W9HO_lav?_$QS&?-$qp@QIZ-9}w4p@KKdFcZ#bs%rVRs z-Mj9_2RIE-a0^YHj3O&f#VUv9~*8WB>_jLo%yYTMn<_t0{Gd zuho`c;8yOe@a4FfnE9R^zF1p6ngi7Jo~pIJn!IosoPj5Ru32Pt^rLLielFIQA3-<; z5FR-u^!0fH95ZKQW-|+4v`wo{3!y+wUX75+VWg-gC)ov z)IyE0f3v(*Ti#IIh*qeAC&o?#4T-F-cv}axM7C(lN4lj@(!GKIRs6&lEv&^V{4e3p zmR8_@8voxh!O8va(u{;V@*K@b%}2*W>KML@`)11qaaZf|;6T*~xn*@G*fFRD%@^LO zOWv1R0Y!-cQ_&t4aR)btH$RJUoAkzOSNizS>a#dr89igs>YWc zzECQ}t$7w~U#3#w64m}5X;4c2d^N7{@yx5Jkku=AC}=8J1K_U(uH1x9AebOJ=Ol@| znM!1;Twe0U#qdWT2;W>%zr#j=V2Si1j~jwbY_yL*80p z`qjJ$?8`5%sxQ-)*GD+T-A=9b=uS{E4u+^JbEDLmP%J=4lF~tX>@q=|jU;IiMABmw z?lNyn*TcX}zJ<5Y5r2ff`xRdzc7t3Mea7Z#R=fW&byn`hZvaF<$H7drL#Nfk)WbAkQ zOSVwIe@LFk^Zf#C`M6(shJ&$}VW8@LJ6%kr>p0NasX}^y*4N|&qD^k9vqmYnE2Q|| z&NMxz)_**k=?Nr)K51nfs-&ulA2!MV68hvS9dxc%Rg6OrN63Wbler=CG2;ieWRKC<@KGL%!^x--a0q!@fwEt) zCeZL{Ay$O~(e_+z!P6jHFm@H|+#AHo;{IUl@_oTr#ol0SOh;gqy&}CW@QTY?y37Mt zbLITlFECIThio@+x>|mX{F?B~Zw+o4k*z^@ho}jbv<8@3&MO`CJ2dfp?cr;1?Frw& zvtvqa_-5XF!?SrZ(n?+7Fs}XKn|N}49RBIJI>R^6MzU?sojETM8;d?f2g}aVK_$#D zkt0%lW&S7~G?4Lt1_d-l!XrDNQA73aR9_RHO8RkE0Y&sy5#^4u;|0&#?+QCx&5*R&9Q*(3fb3He-^$dn;x`qT6!= z#rs9O<75a?$y(%{%RMFN&z}sas1?-i%Rub(p{P!tx2q{vtL_l^D^5&IMsdxmBr`$DGj+p&i&4$1>tA&u04vlM2kEM*kGtdd> zUa$TzePXQH=&<=EW=cK!rOHWL?yl(pJuTj=7w^YLW^QCu`mEqqRkuH(S=qgA#cTB9 zCN=P64pQ{!3-U_Y`T1Qn*^$qa6A0^`)0Lup`ds&xA4$uTZlXHz9|abSwfCg5>HUZf z=zn{}Q(ALwQ)WpmHpW?12ehZx2j;a)w`g~*XCV`G$Ahtx`t<1G8qrzQ)WrN@+%Gld zHCMeV7V1XDUHtCn_a}aT<@Yqd7x=B>2R~i$20s)QE4K36&Tl8b-8B`RR({j1{AOAC zRT5UikCG}D^LvEfQhv+$)$wDTSG4eJ<+q97Hhu|yZTw(5sMriEzuT<*7V!N}e!u7U zFu%w7J;e`Ior+iZG14nu=l3>0dbZ*-e(-!1yQUZw2ULC$E5A8be$|A<_$}i15WmOx zaRp$-^ZZuwTf^^P{NCb+ZK(E%$GHDSEB~9V{O1!F`(73I@cRS5NBKR$ z?^%8;_%-rd#}6V}!TPk~BYv!$D!w)Kf8+NI zzZdy6@LS7|8KL4`ejoBJ|7Cop@9lcA%8Nqn2sn{>A zOr6^me=i-C>YpBuH5FeG4lt}T3TjlXJ0y-r%8L%$kKD(t-8GKMilON$bh&Q2Ia9x& z(ZDWGZulZQf4vi6^r84Xeg*v4GpH!!*Pq`&euMax^3(Z^Tzl8}A7fx6JHAZn<`DEp96}X!*7JSNFwsywF4qpLlSX-~B~nl!?$#1vh-zHy3n9cBgFm(gx5ww4VFMfZCB z+@gC8Q?$7Y$I?D|3sWa=p<290R?4GR9*@XlnLO&{(JGH^@@Q+~xp0h~@N)Ytiw*fc z*LshB-GiLg+}okYA-9uLdoDS5mikJsh# zfjqucLk`zMQ6rM~MEgC>ehZnCm@#=gB#$TMu~HuYlE?e<_#!>D@GKN{F?s*meqU$5 zg`!F1JLK`8JpLh%m*w%AJl>PX=ZbKV{6agK%ytAUyw-jTA(M!vJpL$;zsut#dAur* zE%Hd&^a}UFQFh8-+3#!Yw~#D}d%HaTAde^Hu|gi}T+Ntd+;R@<=*}5dMX_oqD|eo@&2k?vwa6@>nd7rShngM~gf*$s@t= zY*)B6(oR=lzpt|2GBr!gh4Q#x9)Fd`3-XA|;~ja(6l_huREaZSl4Ri}_Irx`mRVFH zFObLYM5A^irj(kfV zGE;WVl6+WLW+#{BllZT&-!frJf+~63CyyoacupRx6L1PUvkYR$2+AlPDz4l?)2xQ7Dgr@+g(ZSb0p6$8>u>n6t*>1yATA-jata z5Z&VnKat8y&u888-%kG9CI9V`|8~iLyX3!J^4~7`Z+GMmeYT3Ib6N9)@Ud{?g*V;2 ztI-`koQS-ToN;e7K5^?`ksxMx>mUYNTPkI>a8 z)>UyT>6-UZ8?_FflCCcixUndYNI|UPqm8PIMY-7Af(YmcKdB^dT;UuWcVv4snJ4>c zHMyM}T%5uBf37>S(}r_be)BqHgL~#oV|_z1Cp?Mi*z6%C1kKS{{kVkbm<8ZS)*E9A zf-*bDW)zZ9VfdW?Hf97ODwd|KXY`|fTJ`(v0!VFT{xwfJ`FxDTcsHUZ%^9+H1Keq# zX5*Z1^vAeQsu*j(jqPAoq&JHrt@_VhX;ps)&795(a9b!!G#{J!-A09>@y+fppQltgFF6^RmLAIi-KlynbNNoH0o2duJsg z3|{pj$uM$te4BJGwkPzVls^j6J_8{AX zyBlTaJ92#Vqw}@u7xr0LVj)hN-%`dCbG52XwEm#p6?&odUEor^wLk!8HNuI`2lp;4 zS8h;i0>QN=FdPP~FAq9ZYob@RCc0H?qF*tpNH#j7Vl1PA^P-nc0!gNVB-25XS!6S^ zl$axR9%IJxs2I=V@<}|dn#$vb={#n_+%2yZth0Dlty;Jmp(EWv5&dW`H+t^1n(tg4 z%YLUNTL1r^e6m&Tmm>Rk1ejc*n+0r8o*m+5*$=NbJ@W>5 z?vCX6*?->ljV*;F2^-&GPJ(X;|3WtdKbZ7zl7`vOMtHDUBrs4Z&4M+*)NsiE-T(52CcNJ7CblgQ=8GEY^R$M zs6~h>@8q{8FEw1z*JwM6XUip=8xbSN5`$P+SXK?Bac2{^5G%e0Tu8{JZ`@V}54v$j zuxBg0nei?%0~K9;*EfEt_iPiuOF(_lEH6kWNCtbh5KtfityHCNIv^43Sx*3PiUXP* zp2%Gkw(+xcDQx4Ot7L*Z++-(>$U_w>x~3qh*4nicPJOwtBD#|-zTge~|KJ=iUHEc1 z__9sm%a^5eJRLp;zGXBBFcJi~0E8F=LW~AMMuH$0fG}e~n9&7NZTz6b7|@IL2k5u6 zRG|r*xMK!=BOCreHS5rG`>m>R!I!+exz< zxrb?VVanhOK50oKSM^=cSKS}VM?UNn)XI_iScsxTovSuZwPE4tr6bhFu zTR2ILN7s7BpnuXPi@>6lrK;;cYtLYkQX2xBg0ai;ir=?z=`CX2bb`VqVXFz+2D{fT zbq#UXO{$D&;E}RlE_iezF(7MGB!*Pn9pWOv)HzdX1JP8WkpyexLtx`a(%FeXPgW)s zedT+7$edgd*!ZFSy+PJh@_k##yf`ngahv_UUe;Xly)|SW9@zMa{dslJIE@m4A&7LJ zkyHf)HYP(o*Qv!BY;{7EnZRXKqtyB;cG)I71qe2}onrcjo0GCVr1%}$LF7xM9Rlkt zsa|S9h6VCfh>WpI8kvvvK{zq_7VeEuvNi&^5o-H>?VG5?Zni8^WQ<5^Z7Cyi$+Vym zNFZtq#zyWDIc02adq(QWAa@8J50+or^g%>OPGMv{Qo{dEAh`y?BKC8I+hJJ{D<<32`gD_h zO>82$4Sxol$alNJ^QhEMU_rUd$$}~J(PLq9O9!<@65oYuFm?l{9IrZ{0J|UY?LG^z zNN+1T6kzuN*mflV-V<2WCBuavSQo_w5nS zbUfGL=@8Ggc&@^;S3Fbj{1(qX@%*L={f1xT+b_NeXucrt9f$vb_|d8me-J+%+7>=s z`L*hws*Xt{SE&xEPrjhuE$R*o>8QUd|EA=hcq0N%-ml(?r0|^da&jT>Oo#c#DU-6h zWKu#Dyf=KjNLZt*-HD6dB|Y-c*srsZetzMOd^TYs=`k~xNsT=Dl7R8LuRLJv7m4zl z<>Zp+D=9_eGP>8TEtoF^3f;^3k4t?T0vw7~W=+NPX(_6FDXj+KdxIPGFBU@}inhFu z_DZ8S5!oIXl3z6A)XLeNu5dpL2idVAn=xV$?j10Glo5y{B~H0hF9*z_MTtvSaSSW& zDWY6gAdVF$M6(;Xrs$wgt5q|wFIc_HN5ySXc;rYK?CAfM9m6Vis=KU)`2;!S&cvD0 zDiF-zTE14Hsx+~4=G!WI1|kBFw*?;GDhWGRp_d!~x;T-u$pVRJJ?(YRm@2A@*%2&S zP~T$q1hC%G1(*;TFCzmo+Z$g8VnYW4Aa>Q_?#jWg@To$JwdIFtuQUjNg5EgrnXBNF z3w%_h$QJA}{vyD23kSnzWo<3({M5QrUe%8-{|4nExv~*^ntjdTrAC9OfyQL`NBSln z+K9~`pmF6U42-6U;94w=-mL4!N|&IbIeaXKqJu`YT)PuAM~x2}F(D$lIee0CR4aO6 zUPOx*2?i(UuO5UmXvU<~whE(PTaF?7>QcU_O2n)6 zjB|X(IVt0unsJWJIA`IMKd#gD0JP~ib;Dm-W`q{=u8I4XNd9sEgYqgfr!9&5YsKjo z>;0lWioWlIasPeRw@%;q9Na`t9~Lh6$}^Fi6!Ra8x3Irj4=AE(D==jg`7W!myf+0>b{jI35} zA`y*zRjbJ%?<#r#ye1owIaZ>VG`Jna#{1jStSkCalWmy=2dQ3(pV?N+r zANkk}Eep8OZ@zM=x**k>-xdk(=-%=gRtzfgv>KW_u?CbDTm$O;c?HdC8~A@p10OxL z-dPIz>je6t2es;TbZgXqpFm$>WaJTmrmI}4tz4cQB$;JDDIZ72&Vp|UwWNN@=@w)A z4*|ag9B`4u0sQfJ9l+n^=?mYbsOrT*j4VpWKX3){f-ROgOhs- z)Tv6H4fQ&g1@2yq0s;3z#)SjiN2F$_VLaF!38&$kGDCHt*wEfd(f%tl{Y%P*_#f1& zc6-RA9;~On)hX8VFHuQX@f zlkf9EB?&K*c-#%6sfa_!dIhC$;VQ?V)+YzxCqIFZ?p5&D7W|yzbOX(h*i=3zPgO;( z6b#nAD`hNb3)=TelnxMXl0>PN6y}^3{8mmYrPH+ea?P0TeM77AP$Y@f*M+;mOgdY| zG*p>E<5ftxD(wX-&hoJpzm!Ob?tMrVIv-mfWWt4)56ZByzb?E>0v_{{vu_Ze3NyqKes7>Ge1!FR?#>|>Z(<}r*OFosaT#*S%M_A?pt@@4Ctb>~$b^lL5QXUybM`?X?j?Pz4^aa<@;(NI;K2Y)Fm^R{ z-X1Vsqvm!Sl7lILkA5s>qd>0Oi#v6poqx#t0fd;u0hCsQ#`7}NLm;oI=3Clb!?-@U z-G>=&)$Vm#wQzhsAxF`@osnntArI+fphcB*)?73Q5ABzR)9&Nbjp%B(usdIpgIs!V zyqoGP`n^BUUdbD^aiR8gqzcA<$Jj?n@l|SU*F7n^7<`n@70xpD2$$P$~s_E+I3nB>ZRFp0GC8M#cPqzuFmXleJ363N; zgZh5Pb@ip~WDvEGRPfbmHuI-oFp@~(i4jdH#%n=IoddAT0LlV-(M3+qmEyb>3RRVg z$0`d9lp=-qOHNiJPWc%Kg_1NjbUxjtaxoY6S6}kymzjO|C>yg?W)$Z*Y~?PN+a z`AokQ462q7T(CmZe6itfAJpH+gkj_=np}Td4nUmyoCQ0%AW0frwE{<((NtFaYO?&_ zG>$qmso%*gXVVvKvyUMAyun#obf)kI=0if)E{u8Lm-73HlDT3(E&wL0pjfaUaoxQq zc@BO%(x9$L_wR!7u_B?r{jR#`x?~H>H*FEh{$ksAQGIb!a{X7zM5Us%=QFd(cte%r zBdNpB@qZ`Z^U1dxlk_t_Kx_ok@|SEB+7(xDRsKhTyte!y1+nE)kqxGZ1`nbW3HQ^CXtM;|-G&w+wcbTd04OZC`T)(2J{OjVD z`(MuRmZpl$^2zMP$ePQ)jH%#i55X+U-_mMs#WJ>^L;gQYbN)TTN7SYY6>B%R>`Zs$ zM2lzK5cxb1JL_1pd|6U7y@WyE5dI>-IE4K6VT6PqbTH>!duD8E_8iAyTYsgrirF~} zxAZbQMskoQkw>2jo`5x_@}jXcx>C=6Xck_MB?uv&t|B}nXvG-GUh2`RCxLgY85h&^ z<%;8&SW~hE>B!PRd=1f{JSopoBtyN47l`if4Bry;re@p_GB!ahEvdQBED%;xpWGO` z(Jh0o(D>SC45TFm0m#FGk5w(FL+H2~f}4jde%`&F1V|s;%p@uiCt%zxBW0Q+qR%LZ ze87nnPsp2``H)>1pLwz8pki+FzWrYm1c2i6IMm7z*l5C!H2t2^r09TE9Sa7d(1ThN3nB$A8WYX8FrKO*Pd z)OH3Z!#qFs8E(`rw5s2eI(lHPcGn^tr8SXywQTgMCzstG4U*PFg?a?o!@HOb&HhXX ziax|9aym2U-k|a)$K#|MYEY_cbO*if-iYZw)oHr>tCC%{fyrQLZ}v@_;SN1nR-XmD zZIREQv;}^*TeWC(tao3~!lMtFQ>Q7d*K~t@rk`Gvy%@XlevhjCh3VRlvTJWu+@}np zQ~e{I)gQ~Q633@4<`ecf*86y!RvcXSwcYC;nC$l)y6&G+_bkrcdD4~7vruA98YN)O z%Z`QTY3{-aI>*L|!>O>16X$~y^miR2&|k;(VVo`T*QNeRGR0EtZg#aZsljWYfQZM{ z+4;}x@NweW*7;9QSTovAC2Sviy~k~dHuW&xts_e3#`f5Soi+Y?eKKl?<8tbaHU?b7 z0r=YUqb-%vQ9ImB*NM`+NPTefmZU~4q)4F%R*^od%+stgeH414Rj7|rkIaYU za*?Il1^fQ{l0%bURkx6-_Ot2{1U9EFR_yhVX&~}C^(7{?3TB6DR!P&qW{J=ZAuMbb zVYI^L)j0kGHkX49Km9H?SCW#R`F|3hgVGYEG9B`EX!Gx-06prjWPU5J)V+&@#0Fx& zLI^Pwq+nWEnw$;~LT98Jte*IvbiUDkaL*&3`A?lM;xW5QT^pq~H5{(pgT?h>nKQeAl8Ss*?BXo`UWE>SOyMIvR1VNhb-X-Q!J|kRmIU+p%}Y4Y(JbJ`VGc9 z*>_N@_W&#R5~dL`6>P2C*G1lA_kpv&QthL8%VA#0aENbk*)QDTw$U+9Ke-2KEmRz> zg7t(I=nWr=z?M-|FLBGV-N=d-b0xYPl6G9s+j`@MNP8m?O z$-bncu+-fa|7+5*-rR7`aT}uR+!ztKSQd(v+N1M2g>V?nb9daP&@*B^_Cg{HVwY6}i#XCR-3y=c>3Xci%UiPHzBm|PRZZ8v^NsZ-8{GA~znWmwH%+L^<1;UKaCsG4uYuO9)Ot;_ zUX}7P+NkN<4T&C-3$5P_9yJ<`ctfIh!;ZXD1%4bBbT@K9m`!8p zl=g<59$)N|{SAry=yvVYHe$Hjxq`Y(EBiVrO6Bn3Wkq?-E_X75&sY3*nelbFfC)SN zBkr{bs#3zPu?8?I@6oU|;pTuxF)xda?5HKz&qeu8zH(_B1$;)-(x zgp3#7`SMQ9Mm`lZzA~Bt*8~~PB64LD>j?s_pfck#!W92vhu!H2J3!beUFjk-P(SQ# zXSp+RSSDbi87#{828#-241y*ZcB4WDiGO^CJUa-5<1ebQb-aQBD%`)hOuzl)en@y(6!@KEiFt z{pRiUMZ#0Hs*O}cH@{=aXx^Ud!&hDx`E*{#)z@Dch`i6OWiJymaUZQRzFZ}kg5B*z zwbe+>s`*wRYH(?H-V0=H9GUka_e;5=d)&v>N9(hr`?HOlz%s7Uxbqz1l+VjO8laR_g2_xBB5`cd z8#>O{ckiJdNm&3+shziHvM*G|CEGx4UdNT!V}+#p7~HBAz$cM{0a+zkNHb*bU$sd` z9KIe86xk-2&|ITAU?guFGK_U>rM94oG(sF8rb3OHRbx3byKx(X?Hc4hMuW%?tO}7& zFqZ%Gc?U>TIio=0lCJVocjUL#8)jXGJ*3+X3#{K4G)|4?a~esScLN|5Z9t<}C7<;5 zY=`7rk4tTyH(-!wd6T+4Hx1;E$hyF24&P6hu}O`_u$h#zVDX#{PYn=uvNQF2`b-*| zkbAy;D+K!lRu@y2wO+lrq&|%u;iE0w2oIQ`tf^HJ*=6Iy7ZyHDsf~O*!Dvn{AU7+$ z1@FkeELca@Oi132a3Z6RVdk1B)LZ6ffK#rwHT-#TEA)5wCZ)$>_TjRj4dIG1^K#EJ z!gJ!Ph6A={ndqs{O_ z4lq8@|CilgJ}I;VZl|$$Vs9c!GB(8IR15oSd3W zgwg2;BhnED+Y!Pgq8~@A(9FY{&qh&SJkfhDy&vu)i;u9DP6`#nL_=OlJvxq@M@nae z=p^-pRkhTare^l=HbhFzF&^^*53X~}F?nbt;yT?NlW$&-kL$-)Y0Z==!YJYzb>GU_d$Y!{%Qch=!H2F~DfM;39y z*~Ah+WQtVzpSCuWzbIF7eGx{>+G0^b!88?{HEb@UXy#-j4B^Xm$16ea@C3-=VjNfK zCd8~iYpwpwrY8|EXkOVr0GZ9>rZW#qZY6H`>Xn$XxDFR zB9SB&Q^{De5KSQ$qBL8XO11#U24le@9dmlp2H~AMH!>QIV$KNnine>gc_bSzEutmk zlc(a)=k1?#={T3~<;owA172?mF$WF>ryy2u!jtKqT6N+P)54&-o%HCR~ zKeQ@Y^hZ1A8tpS#|2$Y!DeW}>QB=b_Xf7$LRquZk$u?xre6Hvb-dL&;lHDYeHBEq} z>4GQ~R?y_FV2Bn`fs|XohwlQDOWH;G7#JQB8-)E)*Z}7N+y%l@EeP8fKyOW_`5+#z zvZ6_eSqTf?lLFYID-cUrKzR~nE8yFZ7ofAti*>*TPv=`)pK}bgWMxJn;S=iw+{v#2 zrS!sQ^g`rwi(aPQWmQr%Hu<)|yn8oHke;C%jFagGSx87XFpL<}buE}C(zUV{xqrtv zP{RF+v`U2o7PhH538Ai_;V^{sSZiIYvSlR4A`I?cw7W`7_)TJB(~Y;t>;M{ok|&c9 z>VsNU34KT#JT$Z$^t*r#12fP$u{}Cqc3erDc9Ia+dn&ra3Pzub=#yTtbs)KkC6QpLDQAI zuh1HwnOmXi5)xAer)`mw`-vE~GIkP-PhsmM9~J<8<5fjx3HzDB3BWnf zcIw6*MWwg{TolCTu@cN*_tChOuev#+f6$zYcw&xp+%zW*R9Az#i4-zVlY6=PqEVXo zs)r<^I!X~{XV7>~5npa{kW2Rtf>p4%4Z~dmnWw}ootPLA2vxrZ5+={XhoY`fojQx?9Bm`& zuoFPkEJ0NJFN1S+ZQZ5_wka~mDOP9@oKk(1p)ph@Sm-bL0zwloc14C@vrA_AS<*bA zsJs<9Rd1_T1o~EQKu#qdvpp{~m(dTtvD1O!KaAE+oR-cw{qHn2#=f3&BI=Ipw@Gmz zyTuTSd!m!0V!G3+WKGMy90sJe28|^)HrhBndz)H>Ak2b6-q+9J2z&?Y`|C(DEB7a|JofQZ4^^JzS^u*t$hYkqaKE>U2$%C7UF zu+hR}uJfir-LMg(&^9JQ4sA><0sL}SMXNpym%Tns%H~gZ+L*@2lf^#Zckodz$rj*~eHL!4e%iNi9uE)SLPi zVaZpS5p(GCBP>|xdgu9({xqBOBXhoFA^Y9)BODXaQG=BMtDEzM4Mt-kPx)?_wHkUY zq8AY~Z&xd}^nsFl9#LURkuNcvtm(}FGK_O^qUS;$rKHlT-Z_jc1bnaK2ylGIRLaUB zMDv<`ah+ zj3u>mXv0`CePN&F7>cB_bavEX6*-h5M^G%i9dytXL@X{5iIaW2M7Fk7b>d2C#CFc= z`s%N=KKTWZqL(6s0BHDYt>YyAM{qAi!~bQQ|Bm}tOH6ZOecUewW?gb9L;z5Ro*tSI z@(JY7sziSt?cjRQ!ahf`Uw!ef7X7}eHazB>m#YyuEvi>)1IOj41a)QJ&~vQH@tG5! z8!)lX^tVWYZAE^%$Yjy9$N3^O>*ly+g$Ro&aRh=u@E2M`cI$bCj zK}X$g7U+}Lp$uW>n?^zPS|bF1KZ3BR|2cFq=G1mZo+Oa~4KbOWcD(qqEj{Vj(7Q3A zkqRmL0ZwpNNi4v8zFE|fwi6K}pFV?)8qq|G37An}4agoM`X~KWwo2j8QX8E@odd>N zALq4X=!!-PTDN&b1HoOqxY6DdG#(NS@x*~E+-xDUH*1|D3YzM(X3Vg1E#S3#t3El7 zFmS%Gvg1RGF7A=8VWvt?D8A3>Ys3#-XJgwWvYo)fOk(FxJr^{|<~-bMGd774_E% zj28oA+92|ETbNDSN#e^^Qtr{Qp*1O8_~#IU40e(?TYv?^0_!gLie|8-J?VsRzLklVrX3?Pq5zJtHkhUD*o zNS<|{Iu~NjsUI?DwN~Y#HeIJeP69O6sgR>_u@?1y4eh4K(Rh0HppG=omG4Fy0(N(} zf2IPxlb6VF%Jk$&)l+ixrxp9-F^>|>jxd8+`$m}KJo}8$Yu@tLDBx@Du2vaFG0(Tu z*yS5CE^D85XAP?-(YH!Im#L9RC=XR5(XTyZjsBIvErE!r<5+4)jhPxr4Mv*3wrl0{ zZq)9&o%{}}&hhE$Tu&INBf~1_RWf~TK{awHnS$yB!5LC z7*8sdI(#C-Tbn;mx=7TKCrHh_YJ6)8M~lZ)TI>v9i79l%@K+|ECd&}VTC5^&>=%%< zUy(_=(1k4dW%d!wPR$RYZbL>2&8=_N5ssx)mT}`>Y$>N2o56l5#x9NN)UB-3mqU0_ zL=iFh*_7Nx%KViKz8VsZl|-U99P4eG8ekbHA0{{W%(Ld{le2u70OC64>QNAt=(Kt_ zXNIEFR=dqeJ(|H;$Qd}S5n7F|QIjIRrz1cz{j0rxkh@Ua6GbC-9xmylyAb z3U@S1G%k}z6A^Qv$q%IWOr@$QUUhER){eHIN$YEq>k+eXJfJ@ncKaCOai#GHmB;YE=`ZO->7e>e z^23=L8uI>ItNNPk1JTdXlfSYO^;?^~r@`hRTRwBB!Q4Owq7vj&2LldtMpmF;F8!oM zk5)BQ%CjVw8dCIeT?9T`ttIU9fZGL~Ad={#yEmsezn;;MmpVI61X%cNYskx*KN$NB zxX1BfPEvg&wdO(~!Nw2J8j%@P(HPvRVIl8ZTGbvZs}!`1X*I}m(`1>3;S|&`3xbmy znffjOF^mG0gRo0JrE!9Z@E3zaticl%6;ZlC(PXQEqSvWT07#`d0U#Y=9e5P(E$C*T zz59c$8=^*qoOfW*2-{$tci0TMR>J3LHEP#5WNZfTO85UV;X^Mq%imPG{~IgkY;;++ zO8la!E=PIGMEU>KXQjve9>K+Qr=6%ef|CjpE0Zn)%Di!{dKOrV+P`$6 z!b4Lzb+4MKwd#mazb(mIDL~El>49EVP68n4}?Das}xRhNo~a+D&OgmT3+ zWGlo6iv?u-$|MK!$QVZB(eRm=t*Mq?3Qk^oftg>!04_6P|0X9JL)CDumJgBZWhn2o z6#cES+$l=_^>bgefV7_>O7rA?>927Ll$w$+plTy3_nk`Rp21g2VJ=JW{sB$^!1-13 zr8D_3mBmw|JR;XMACgkZB1{&>H#n}vA&cVExqL?u@f%4mdh%N^I11uO)(DZiF~$^J z^?}4ws`7%#@X7Rvttzho;eH3DXBqfG`xN47>|PBhe{J{HF|pIpG>u!wvM8Z1k<6j< zlXIxa?yY6T5K(nd#fmc~c9w_ZTjtPt$(QN7t_4V1zn;qN78QGp)ceM%o$H|a8#Y6p zpGCGl7Pv~Y-oH3;0t)6`YV}{Rb$kf5`f)`%JCM-oM*?g)Sj&-6ZGde;S$+h}2h|R} z%pf5)`5xgLW4R{sQ+B+=Py4JLywu|&`bFbiDiAafHN1sV{acB>kdM^u0VMGSkj8}= zw3cJ+YA&}{8ghD@S(SxB@oFSV{kknD99s3uY_0mbp!t}Tk={&CofR_v4W8CBr_`YV z)5XMk4ug$eW(=)mHbE}O878B=UKpvA6ll&--?@;!$dj1zD~pGk%}Igs%7a-JP`54oj&Hvm7xAA*nrOC4!|3hA1jWox(g$L@f&*$Bs-F1loBg6c-VSb_{C8k@Q zzCzg2>^V}_MN1W^Eq(n~<<98qPnBE@r7|jj1P)8}?D9t}WqsrmhN7j=&@9o^FBMW0 zol_4z`xHhH74l_FX&e!34a8TI6DplMln(j7DJBrz*BPD~@_szy*Foc*knyhBC!?cp zdZNbH#|Ki{f zrRL2svNM@cZMExs)&6~*A+7A=)GDP>+G6A;FXpr5@fpKCj28=jkCBkmzQFGj3x3T4 zKehRgKJQ?ikK@2X1U6vC)pGvV_|V$VL9~ayfu*o)_P*EXAxD-2$HBfRVO&--vwXK9BRhs#p#}0MV~z{v{Asb@7=aY#n(@ z@EIdKQpS8K<83r0dw`((on-_j6a5fnydL?~=jMon(QcJumIK%(k3h6H5XGQ?Jzr~2 z3t+FT7i0_n*aqr82zY=l2dMu}HBtSf%wW7z%jI+UCT6F4fdw_6F$FrL5IQ@u><|z_ zgD(S}(=yOuJpWJN^H|86xDksaepyVS8SM2h4#g&+ZT%FmfkL(>pJncnD*j7FLXeFn zv+fNo)$XYuVR#m%TGY^}3wp1tpYbefyXiDZ&z{5S?NI&q50V)}{S51mLB(tDPCWTHYx+%+|L9ne zniejM-Fj9|;^NDN9?8Wm2+XyrRw4x4`_R5!7Wd1huK>6%*~aItxltS!>*nSC#XinC zdVFMmsRr*t^)_$ntDCnJB>o0dt(!x1^QOGSL*h2JPDmEf2wAVAhifVR*{_R5USw=U zG+ZFZyYh77qr_5n@kJILDHK^9Iz|WFGfuT>$x=fL_oqQeP_h zD*MyhWYayNBz9Mbf`E0I;vkVJAYQ*t3fa4A-5@Lj8sExsTw_P#Y>K475-AWR3JSbX zNA{bScn>{75vx%w`Vp#~aR@TdKT`2~y5+N?z!m@kHjG7|24UoN=o6skiBO2Nx^YvU zQpC&-uUB=Gf?u(!u`}@;G=&OKYPtfWtO`t^0*OIs6hvN4t+e4^t~TRz%VEiCe?LTZpWdLku=@NA7%b$}0k^R}}B=EKWy)=fw4W|b%n_}N?1{OyS; zcL}n=$#e23r49W#Rg{?*(xY>0t=K?`?9huhBdsqu*=AL=P^pr8qC?sVkyqAkxRcK+jX=uwFQ5t5_)W6YcMvar8!qbk{DvJ zdmQ_M9f=FxSI`b)E|39vfFz=S%xG&#q}JoG_h$ofKcAUk<9-G9fH{YK-_CGPtS99q z8i*+h$$X-tl>YF84Hrr(8CcR+}UmGf+Q zkyBI@9nhoI7QOfjW3+>hUy@5`A$%VwfC}6**176upBY8O!|P?2l7?I16p3 zC>spKEmB!w!Q{`@9GRh3^rB*b-W`0-p)?F`AW6XNgW&aXq_85OERf6)SoT%#`-*hl zT2(*E%h(7~N&~zxXn*Vq5&7;+yw@lj67?cwm$-+JV2M$)t@VYJcmN`3;0DcS2)d`Q=_`d5NywLy;M+Byx^UWcX6fEL>)T`CP$ z;R4z(<%o$gFb6FxJ`^3P)?TP6&|YY?vz`*|7&1C`UqR(l2e4ff7F60* zpRHBP!m&e#VceW>`rhJMUIQ-6k{3c=?0${%KIm35}4O0xhobvzO@Uxb9Pcs)F=_H;|#Ra2%+i6*mlC#hcS zg6xKltm1XmyJF+cbZdH>kE=!*Iqt6!p82#ugTO35YedY`bH%+yfqTlRV}a;Q1H2Y$ z;$A1o8)KfgD9KgaYOKREJeQ0Aw9&1;;`IRU2(rxeMfYG!Y;+3(Uv0s20v+uIbDK0F z_Pbo|g{I;L@9SFZj|6mOH9S_9w0!L>ZH|1Sy|7WA+^k={L4as? z3kQ#bvEEt9k3rpZH@xzlUeKOyrV}E)8#;1}*Im7#7O49;e^xz@@vx#7g(qj@Iym$$ z@=WRklo_w5=BxU2O$Fr_C$=q+sq&=a>$%C=;D*30kzT2Db(2eP>%%`6B`|XY*A%Xq z`8m>e&R+{nE`UZS+UK*yQy+QDwofURS`j(VIg&A&$R9_ZiVX^HgEpb#OXY;RPt8Nk zL}uL`q!xx5D-{Faw$sO1npAE<olr^ zq1fo>lgi9t9oG#IzADV7iB|PKfLT>@$~ad%=L5dub0yXut`11iAWOhnDg5C&f+~j$ zX1`B#<$~rJ11OgLB_yk>{Z*fEW4Xv^Uzaehq=vp^t470E@=1k>1vz5s@ti73QjLt~ z{LOZ1)w3lY>9&xrWCOQ~i<(Ey8p0DTuoGqG*}t1372l;*_a~}Us#?00{H`F<652rD zOvJfLxs72bo6P@$C?TqJqY=_fs+r>;hO=+3;E+?t-#WlGgWF+F9fLz3lB0{CbB8(SDnYh(> z@K=ALKC!RFU;z(Kp>8%FBu^sRzEzUqMGaVDMD&}-wW?q7wPe?dNqkvV_zCNQr7$eg zz44qUt{LDG&J^bjwli@v3iE2KGFsnHOq-^49Bvg|gzasK9S>m!VX1UC7j4V+>sw3e z6KlpC=oES7@w$18kDPRK*pJogqzic^7f}WFJQF{XyqRBEbZr0u1WUP{Jh(mfIc%^{&JzbJd`JgHUL1Qpde01Lg8wj`$CCTc6P>xEo?7ny_%Pf_x4(g5Wx zQ&mBq^GcpW-c0%gu+C$j$jDhKpGBNICGJ*7KT(`nPx&?SG0~tZX^Fj&@k=;X?UJ_(4sh298ZsnzF zTiG#6t9qR9u4-!wFToohVQmk@A}n%Op!=hG{56QN(Ky8z!Q#fx8R~7^Yy`BY%j80j?K^P`360Y)ShNZTLFHP6}8QEVZgX5c_-3^ZcMf&v0K*GkhFq z$@%&obo$#_()Hj$8UYUKwn3`fc&58eP(XX3{7v5qK?{&#!`1bI0`6A6Zg966BYLZ2 z>Z-S%b@tXvQ{a%RH=zyRyP&J^;?BWnxKvbl5*`qDA3? zHtm_SZ~QHcO7)|RzEm%~la=>gyd@0L4q1wpYWKx~>#0a-&72!Z39o%C1BLxLj*GL~ zi(w89qbG_)`3f$1APfpd<^Y+QQ>vnC>Y@^MJXu5{XEb1|b|%)mDgwpGZ%VdAhn=YE zqqTMR`uI0e9g!5J@;iIIrF=#BtZm{=%9OfrrYej1Ru;oKDC5rq=Op6b9!f4^AXYV$h@vUi#{^;V40yyojz4JY1hvp$W5LfN01`IK6$ z*5hWctEm@*C};?^}D{nY&E#U9UY{FG8`;^SXNSqu+J) zZ*IEVSK)9aCSm)|%z1)Dfc`{i&Rk+aZR%c!@ilY)Z26wW7ag`x zWi6dDT4l9`45U*^l}`yF)#gIC`dpN$PhS;pwWJcv>Z!aUz9`vM(wTVsYv#>ir*xIE z<8rCJ1WOt3Dc@i5QLAsJQ%5OEj}2=gfZf1KLJ~)xwF?|wE$-xKp?9%iOB}&xot+6@ zX$4n1g5UZ@CU~)FHV2u}=PDCverg(xPxH~~i)9lAzEDd>VcAA3+ZZtF>oQzXZCcS8TU<42Bhsym-J;>xvY*AOO$D%lRRT4wed z!zWALgZ{dzbTm;gDs~nKhK!hvlkjQk04w^nGundQpX#yFwz(g3Q2{&Lzm^Wl*3C16 z-Y>(fgjV-W?*#ZR=Yk-%VNa)q@TG%TBm)7#8wE64C{crE1T<+y2^h`51n%fWQ9)6pq9Dbk z)#?nO0tP1|+}@7Hs??V`1d6P>k@Ipt>S(!BN7)v+{pVq&%LuHLGAzd z{@y>I51D)Kv!CZY=bY!9^PFdsTB6dYlM)e6N3uM%f0R=`i#q57`U5G}Pm9a4mOFu* z50eYD_%5neRupdXds?+DEKei-H~69A{_yBXaAwjn%( z8l*1c*46wV*SRVOLj{D^>ITE-RP6ca;qZW|sG_Wav&rA)JC{$7wK8{Nx_PMRlG!K=7t@!75rKHyW{xo}+`t7a`+yYvc{E z1T{4H`eAzFR=KD^jBSFf)_Jp)!AXe^Df}=#X#DKOGd$K|)Au;t#MfEGeQeRznxHu^VyfFe8X2FA2N-_hLYwJ3;~a82LE3q%ao%)6 zX~Q>-H*0^C3T^S%X*yq(e@n^djbnL1Ct>}uSuTWOXC8lsFJCon1%4{lzM~b1i>1$; zQXDidDbhCS^ER1NN`eRi^4xB6IL{bjpAGJAf;bt&KjJZ1PAp=h2PsY(w>QjB! z6UTJm0V~z;BZaLYzu1H7(ix^~Pq}>p5Xj^|k50(GN-crmM@w@RD#*MR7j+K{cBuNM zE}qchQ`I-0roJf$MMv}0=DQvJgiMrOO;uUCBXB@;N7MP*B&he8gLLvSp2tU}b6`CM zo=^%ZG2#gZRARU`S_6b&nJr%u=WZT=+n$V&qcfZie;>fqKmEAj`?}X!^qPBZtqC zv0`hbQn>}@L^4d46l3^oeu&3n`c6vaB!(m&HLIm>Mn7jRVZXv3U;1X8vygiBXKwNI%=~?a6&EiZ)%j#bI|k<@goW_88pbyw7MJlyJ}{0cIM~$$SnR6kp;|^ z)XdguRiP>&TFQ{q#NYZTC9678wrZ%#rnGoY-W&VKD^QH&uNqp`%+%wh0PbXWYHY6} z=w5cKJ*#i_nKBVy>Mif&ubNR*kX`IOMyWlb*rXb`1mv8gmYcTnF)7VPB5(M?RKV#H z@2ZmqqT$gtg)1t%XEI-``+nNWf2rBLRbjAM*-1ir)&oy4>u!DVi=@6-<%eVdu%cel z=iMsgfw{qT4F;huDPf#YB}6hKai0R_t=ssq2a?~}#(`=NO6z!LGUq25`4h88bVM&e zB=trvC8E@KE>LMh`t>v3>igAVGf64b)Gx=M*D1mq^WKS3E zkPdX_cHnPH#>n8U>Og_hflGUKU>~;w!Y)(?Chw&KKX5ug{@e}-Gr9f*7(6lHACI5%MgGYtm2x-_$91+a0^=o4C`9*@i0s0N z6Zv_vMU9+{fjek4M-P&NJc>ncRo|zE&7#1AUXoClSCA=ejJ$`M!^ZGm@e{p@)s&F7 zjo~-&qb@F#Tqdz4h03TuQ9_0Zu(%MF@Z@rBQG7AtLK4#Pfu*T2*)O?6^f<4dxvw8T zBM`8^=K}0)=XHWZu!c#C<5^QuPn#sQ*q^E-pRrc$L4MAUeJ`9!a@^zOI9>6i%4bgn zS0}#(APwJa$@Vj{IrQC)w@H`^Ih!CV0Nr>|v;d`+7mr+Jww~*?cHuh1{ehg>o>5ZV z^acVLhXM}M*})43w~iG}&X8?v-DTr>xp13UrB17C?tUh3_&ye^BSjxs7cZ55pfbZ( zw9^`kc{gkhA3|Q)bQLq3@+=g-hA=&NU$V^|xi6ozx&$AQUhGqt6LZKX{D^0hIet2t zFYYz}m=CU}^2i-LCy%JTdXOg?U{Cf;m+s#hmSZ415``D7L_s9L;%=73hC_1&@}O*W zhoLN(T(FAw+N<~RL|+gDf{IEh|5n{=QC8IkKCG!SAi@*+_v$Qh1`C$IQ7+tku51psz#QsrNdgw$R$t&&~w z;Z|~m%&J23G_(X)mFYxFEf(Dm5igL}WP+f>OI)LMqA?4+8?LI8-1jg(UWX$lM!5 zr9V>)Gj)FhXF>)F?$Oak>Y6Kc@jG9BWY%uHoxi*vhNaed z8t2$|>Xfes{+)qF)*(h=F}p6VK{>C|11t7C_0&^?wYr~6DXp>EGbJ(XkzgV+y*;_V z>?fS`!gR zB|O^K@kgy|#b3H1U4jY>R@J{#WOK%3pcoRmV!gVIGN;HE&4ERk^vi+8iCBy5om3Y# zc8IjhHdB1&FcCy|0C9+RPz${sAbbKRG^`BBapKXgJ8*yMNg=kR%|hKPYbR^jLFU5h zvRI59)xi>3KwTEe@u)cURtBZUCAbeP=AeZZ^tQ8lC zig}#Hc2fph3?=bM60Zdr|H)Rbvf*G;*phK5rR)8jx*n7}U2eJpv z0U<%5?>=z5ANd2ZuUPvfjGL!wrT?xQq~Od$DW34A+%M$5lSpPfaqS3 zmfdf)Y|l&N|I*7b>iCw#lrrOaZWN8ajXaO=zQen*+A~gQ1=ivdvFiq6%?DH)keXo0 z*lJ@_!2e;je;W*M`Hv;jdH9lu@i#+v<~=70hgcV*qei*(CsIHZ>~R?~u0tF69GbT^ zGSpd(jk5ZL46VP2Ipq|?SlvrhO{g!;eH)RxftD0*%gOqzX}$?hk>1mM0WG8mU6KM> zgifnFK}4nRPVDS`$_09L}xy;*+w0R%flk#^4g`&q&Z}rIt7Q zx64_L;;=cm1lk=Q!%{$MnAcHL@xB&YOReP!Yfp`DK}oRO?~?9vXGDr_JAjjV!`?5g zUx*M!WtrAdCaP2Y?^|UexTEPqaU}y+c7?}vr}HG301k^}7KrWXSFP1NV=gRE z7$2V_3w(#RY9_yO;-t#h8Ds!P(t2VNb0ym2^@Qswf$B&O6mx%?!*9IV`B=lx`)htC9Z^5M(Wb z-{X?fd*HJd(8C#!c*Lly@w)4i+DRvJsa=q|{~KyIjQkF69LsTML9QaOA}{cmXmk{A zTrvV`V9V{5PQHCrKEfmB!p^+7z+D6nl2snZHJnEs!Xf7Z#JTnz=_>x+*%$PaO-=*% zlj^U_bDzGz{27LNh~FSZ{JfVs z3~vHn2}pnh+TPa@FH$nAF!>_ct8mU6E7M@@E+W07iCx-SW!-sB7V+2%^49@7g#uSG zMmjgz0h!oW>kjF&e>3Qx2px61P}3_Mpm~?k$F40PaQ8LcZZE_K(uB`*pQS)Bam<9h ztc%Ngh=jJqc-5G~rs>Gv6%fnk1vMTU0v)k8305ieC-&;)C=rpwBziDTPV%sX2R0aW zCACaA&m7jNbB?o{)oelPoMY@}HP#R3Xghh>pVXDyO@3=XBq_B6ZP8mkI#C>f-(aDq zxTM}B-tO{G7^K)&;eh(?oyyYMbs}-+`^oLauuC0&iC;TmgJaEQglrU^`K-gN?G`ZN z+py*Xpr9t_Gf*sReIAFRulM?V9H|b(8K?`=2=<7i)Q$gvnk3`_r)7}|l;6F1YEi7E z|6bkh{Vj=$y!IkzH6nZ5$4=Z?4%exP2jQ5URmi&bq%;+4SCPa-Bw?jAs*@59U4LA} zkAON^pq9?EVca|L`Ri4%t5zA7bED(#kD3Gk#&cc_ z!lO7^;kSWMzOhMw!EiS5?(y-FS@_Y74LTk){Ds#YrcNxGtk_fpYigY6$V zHL*FZSDE_Y;DhaD4)Ty`uF3?d3YsVJ|C|x#)x#7L26n#^NL-mWCGm@Wmecr(HgQY} zus7M;X%K%)!2hJS>S=mi-dWYzmKPo0Ab4hcu25|EPB5zK5iZ1>p=*sAXt0wTv zLVD~`HUsu&X$pHhVH{PPJy!5#`SyE|B?qJjs!SsG0Oqvfc=HksGozWWe4m8gP8WsFbdNeM%)x85tQKNR-WOWX3?Z1xZrE6$eIUCrC7SF~!ehX4xm92x2E5{n_LL253Lt>PV&BPwV~ z0jo&7A_&*RmNDpGS6#6YOMXy0^%J{ADAl}I)%MceFtJ%WkCL)kvY(+<*=@2&5P_6t zN_H;_H&C~T@Dp32#4wa|B8fRN&^lzGVFK{I%RoKVV)nZzL>0<*A_jo6hdZKKT`TLf z_cC644$DSVm({BVHz4XL;J=BuT1%-vPXJk<|4@Qc#MV zawN<6S{S{(O(sctLM5xyl{_Ss%!9P{#+cuoP0|5ul6xoBNz!_ePkZ6nMUr$mDBU~h z6iM3U;0nD}=;G=Ee<(?>N-0@g49J|Et%d@8*eJ|MTNUN3>(MRPhkzMS(DKcSpZ%~w z@v}W^MPh)T?HTo;%g#Eq2R6XY_7`@x+5d@i+K|h`Z)t&f?IQo%X%X-9aKjnd{I**qwGZz|sm!`$?E|UjkcMuE18N z#U2CEW$9-NY!bHBoxEaM?~by!722Cg;jYA^X)&#BIt!v!)e>TTfp8c>5DVnC2UVXKh-<^ zRnqO7Rm&N~k`1>lH-Tq$^TESaH-(}u)aqVg0ddnxv3R4e3@d0tUBA%?@KYv3k)C;$ zB0WdCq-Q)R)*GCY>6gsLLTM$X8d*n4r6?nCq%!Ld=L6)=U&HAt!8XS#Afkd;1ylkCHxvmI!DBdUZs8~N#_cRxuo62gq8CB zW1#mx+1%~kn%UkxZI2MXWb8~U^z8|Kj$;Td3m5>}WyQ*gBinhJXE|S+vZ*QmO-?yD zE}Xd3h!X}@H8HN~W{91ua-s_x%E`>Q^+Q2hLphO_;=>;3Li+LgfI~}=t zF>wW&7u3s@nx!)U*ZuA=RBYbZL`-&anAwGhBNbw`BRbZ`fSmo|F%UapbQHbk7g>u| zytb4(D+R?PCN(b=j{9y*IA&^Uw7Po$B_hPJv9$tNpf*l5sb)@=L^0_?ivN5wH96CW z0z;aRSu@on2w!-ed^PjFs!3diX^m^wPrz8e7Gg!AyCf$8@A`8)hTsd4M@tC4<#;{r zAgtGi`PM9Kx44$alKE0P`Z^9!QVQ$%8vKwIf|!Y|G8%6}(8k3Ydjl&JQ2rwx+)y|YG(F0;=fX5L0fV2MskF=agL@RajDJwd!7X`J_P<|CMWzA? zLsVztzpxhll42~?R7w{8u&yQz1XA5j48DVvCXY4_5_J4wnPpeTm-AUTUqx-E&@lyW z4{$}5vbkkXp4i>4`4Jk3iD7rT=wUuAMCimc+P04icADgAI`$lZ~}{qx3w=EeQ0J+993(8 z3Rb(zA?#h7jhv;3l?s#zle@v~VF{IKz9*#C~+@@2n( z{|!Nb8}3f$#L9UaIeV;!dF{&5IYKa{GjddFSwsYLg?O}ir7etS@K1-ZxcoB|TaQDz zGxMQ&Z-}$Cvt$fst7`2?$Rs;FH$%B~uZpWrN8x;KUlkt-7;pGr6&=#nz8CG)vR6tk z+Chp)WU-GM#6r}2(JoY-=t&WS&Zh1y*J+O&D2gQ3?oCluX z1Dk$CaUdUPy!^LfPJN_HXs?ojT;jlSk+ezGx)1qYQ7u$xK{2Q*q6iqmW7LukdgX|g zbMPTt(S1O?>yg1W8*h9n7E9T8rY8TNjIUopeF-!I`i+(IE=mitj(3}X+In1VPbY?*=_ zD))Nd;QsLE($Ss^AS1dQt1wS-3cU?-3C@7sU2&_>{{fm?($KYVr4XNr$reuP6^DXS0hLt6UuZcFy~- z%yW7XSJSy1Kz^)TR(f&XKg!JY=DZ2TF3=1ImD@>%^Dcn%rrCvbRYI967auq;7kn|B zDd4)W4kyO;Q$Xf$bxK0~5D9TdzIE&=86bZpyFhUt5RhVze?{q39R3jN&I>fKZxD+x zXgha=$jWvVbjpGM{VK2OWG?)J=J^Hbm0L)Dm$190VI@<#lBL8OcWOJ2+WMT$w| z6SA6PEjdj(T|2)}b?qK1Q^=pT689 zp@hBnWD75suv=xH!l}K&fVwy{Yr|zKP=gAx__MWr=df`_@&05yg^5}FlD^r=7{Ti_ zCO*y>b4J!8eiXgg$w6vlJ(sjF+PbHep;0ZA@@51;hAX`kzLGYBpCjvhukxRRfxY)A zFPxUaKxdDl_!(iTIlQVK?Jw0TRom;Zxq1RP}C?=7VJvv`h0~jZ=9$zvzFe@8%biHxY`>07`@E)z;y6^fYxBBDJ`pQ^wLQ zG86V~5s1E%rCZ5R&p17|9~4?Bo7Zna{r+MxNF#~3RpcPa{t9@#$kk_c--!O$d$ZBs z{z~|hgV{N-Rhm;%{}z*YFmb-ue$^#OTHUk`)poO@^0JYnN@t=jD6;?MWMe*y$>t!y zyL2am0HuNeHEFi|2M0S;Z4eR1eD3h)T=RLGdDY&{=K^RS!1{Yw?kKak)OJtwTAha@YWQ!@om`=(VtriwmR^fYA->A9j^ZqwFpjG8RM zkUPqNu=io1RmzecG`0mAFkpJpru3lqtw76HVoVSE-$H_Mtm$pvXiX0$N($_Q(-2>& zOlXRV^yCtU+Mj~9&U&0nHfR1OE7u1_YFNOxu!qHE4Dx2#1`c# zyEt7(VsCZ)_x8UYZ9E|(YP=nB+`a;?h(jjKWk}!=Zx&~XtreXlg6S(jko6#MVj`;B z%zHR-VRJa~6K;1y+GphYsDX?oP3MVv#A{v)R2-b`ygLAw}Ik%*QVt&nVf z;yz5tK~o7*%EsPB4d}?j*w|I%`pIGQe(9gPI2oJlj)-=?0jV?~p=eUl(npT8R8S3) zv0W9qEHy+iEcIMmb`2VF;hFI}Fa+dEo-Vez6e*+XIVM}+d}mpT&3~(^Cn#8zhS&?h zF9%|WD5l+ug8$%Jfmkn9&srsLvZdImEbtkDGe^}UUCq@`oJ_O51kSyxdp1nTW%u@A ziaYE1BC#^;WjzkIA5E|O@=U%US3l;ux4i1Qw+zj8ZxOqB-@#7By=Aku>NAGyy0;wH z;JCL0RP50n{w;V$ZTv4BTn2r22bUH!tvI-Rp9RSi4le(M_zFQIBCJCzQw}a|yK!)N zG9WGn;^6Y695k^XQ6h|@tgsmD|NCXz|5Y>u5Jgdeln;RO(P&|j%6I!SR1l%W*|S`= zg&hQs-SvhBL0O4Ev0hqA&a;)dIgM9k!bRk~25G(V%KnL}CtL4Ib?WR(TqZKb&r%u| z6bMQ^Zkd_tvi5wC5#>tY@+!0n)fGDfMjOrqU)VPZ1<8EZxZQq>9+`J3 zbSFgFaY{9>*hmk-Hp{UfBij=85=`uk@OzbSt9l^(_b8qkH5z_|FpM&zJj<)n+oaq2 zrgT?dBcpSM;oLMRHiMwqj~P_t&!K`r10zOSp=Dn~16f2*s|zvD|1IG=dTLL?XZI70 zRnC@0K~G^tkIf6N3e2i?=hfiONVRiQTb!`@Pq|sK+B`t6{ER;YF|$um$qze<0#z5a zO5r(D_;V)C70;2=4Gw0U+GanlCOuW7E(^%)j~XXFPb%Ca&~~;|v^Oi0S}mz}E2+L0 zCKu9JZ=Pb0%B+ZNyTsd9W#%QL3bbuClwNf|)OYSD)B^66`+AkTC#|+evWw{h(PydL zJ$a!$kqr^7Ojw;;NG!#y*aGs~6{;>pI)JrU9)!lbJWA;mRIiu>Ox~Cxo?k+tGcBnr zyO5YGlADEMrF<7w_X|8BJ{2j?g*MkiK^#!mK}lb5T^E?hK71EAJ7;fGghnaD=(q^# zRy96r%4K4*gGll*XJdg>JuEn8Zb49cU~W|~Z*IOlN9@p9eRb>s_QA0Fj2FmwhwSfh z0)OYafza2M@8ky(5LRI1hLqq)MbmM`JR%COS{|pIXdy4+X58(_FJ-L%+!}6u-g{N=U#Ys zOW(QwsdD#h-5w;ujHCHXP4+C2L{!8gt?qO&>zlLKM!#t_M^Ylvw`xKTd6!~o5$Qod zg@`mUO=`bT#6P|4QUKCa7t_lwWX_>o^_o#|-a}CqOif||(j*$Vy2+4-6kkB)Mo6!_ z6j>I#SC%a4YTllhnBfab^On~)b*YQWxO+kCewp;%GjV3$xsMSjkXT;@~WJSDbtv}X+AClWzVw=o45%w@&po#Knn;a^=ht|_(-IT=(SAecndyr$IJ zU%gJx=heSm-@PUFcAlPC%Ec|lHD%WL#VEuQOC-^_W&$Bcbn8$)g)5FP(VR=@6AN)) zk@F@jC^>CHD1LR=LY_`r~2Or5n5dTIv3>ZLlSLThp6VJqU&IP>NJ~NDfrbP z_$7#hz4FXb<7?gclw&QC67wXkA19EL92v}SCg4Gyo=3>3)Bq*Y9T#7{Y0Y9SaY(R~ zmg8HZ?a9~GNqNWq>&6ZERN`zB^N*{$K$-jKfq8kMSPt*vF>KB%;Djrevlp7n2G>YH z-(T}tH@VbfbMjD3u9AQHu!@%!)L)CHG0@7!AYkLUOL2ikKQ}!s={l3 z&)B%_2YFcyaIqp_1XUAx?-ZdxB$qeOp3_<{Wv?}zK-iS5*M4yZ={AJDn}+D`b;*Cx z6S+f8t!l^jD`f0S1 zc}+Lo(CP+(HvnH&|LtU#|pHHu$6rm^-b19S#p`j$1x7v0peL$4hEpq#@S#_?Y97c2;S zOZgcl=#h2QJ!IZ5?kH_jVDPWo73GBiRKS>%xN*FwhF5wcKsvQ7)E ziPL~L@wUmUCl-36Z*dD2gC~xX04i&2_B`I5)zQgTQ>~6xE{!UUyvn_DZEA7ohQ-q0 z3M{oWh?6Ji$Uz?kQClP=7f-ZNb#zm}$$f4@cUdH#s(am1_qmnEy5}KNF8V&H z1vD`Q*d_VVcat}kzm~k+f#5@_(u4$>QW|-GFSO+(K<7GoIO|KG17nJmbb;dnJowh7 zCEEf9_Y=)8u_RCoa9ea}8ff6m2u>@{mzbxVFcVf&oC2I648cqyTYAE6K}qf!_!UDB znkS>@-W(arK=C}~#;`4sWdvEG{&nf{KX+hvIOT2jxlDUctgLjP_s~ZHub5M~c!$IcdXBf*5=whc;9UC_4w)(cz_aAWo0kGJUHS&AmMauF+-?2- zTJX&kvu|f+x$&W$;SmvCe#DanOd+68umpc~Ne-3>t5Xk!@-W}@%x@D7yayNP5y_d- zo_OOEh)le_o$3feE&sH-b^PV-AX%0Wxp%SI(|F`mS)*mTu^mm5oGX950wgf<-<0tQ zx|YdRCc9HTT^|_*A&uP0a0A^hxjl_HyS<1!pR7%_Y8Hv1P`DYffJ;1)1H^H=Oy_XP z8ezC{DB!K%6Bw2563J(xv~s?*;&hs?Bjy{0kWG=W^enO|9JN$HQ79JQ#_4WdFUm|X zoLY5*2@tdQ6Hq?KGLnW1Mf6I(Bw=EhJQU zap^&We97(x=W&ZcUrWwsgFsgBt1lH|Hk?S0G@oAS?Es--iBVs5=U`N*twl}pyq5zF zAIJ#gL}ZdFd6}aF6!TDQ@j-~pFXK*|`mku*?yd6!hBvv@{e3fyr1Q;Tqi>;#*cTq7 zeR;o6Tcd;LoB5;b`NXI?8gS*OI{@vy`G)g3r#s63T344EUAXP>@L0JPg^O*t-AFDx z!V|ll^6sP%P^hVj9H5;MKOT5k*X|?{p-ZcVs=a9yj)ZX%iOASs`FO;&m+;9xzuat} zzIP^lhor2S-<1QrHAhcB^^DN0^Ug#b9i*6TVJLB?cR^cK!LjFA;p51XP}h@#p-n>5 zt=rMjnhEKFi-9OzTe?ovW1GD54KBg%>xP~j{w4R7uxUudrcsAtW+^7NFxIuNcKz{i zkQLn~Z7n~1Mfa@&!nzIoUGb$vd?i#Re~qn5s>9#80hp}l{<)-#@@NT>QSjT)>MZqe zXmoSaZR8+Mdb4%ge|F)aO{|8F1&j>ft7>{%@Qs&mnEw+tN{yOWQNEuhbJ*OnX09&t$i2 z<%y3TdyzcNg0hn?8=y6wV!qDhsopXV5oB3spUxZenSK}VYkB|oVGcZG10?T{yYGkc zzUBjgW05>D_G?xD2FaTTnrwU26JW4AnI&?l_P6tFJyN17r9S&rCk>gtT|G&EH}XUv zT)_`}jpRRoL;7@5^8c0hG_|U)Z@7^H8T$B>gL}}&2BBP;^qOAjH|3;{>y=)VlRl(Z z`Y&_RcO2BSeYy83)Be-F(uH1U((fldYjpMXv2NIA$Kr$GrNmEErhLgQWZhV|_#mUb z)upB~1KsZW$$Z`YDr`?BC0|hWQlF|0pL421F{c{;|6E;t!}Of~?%t%g4+)vO!ap=Vw4_I0$f3%u*Yy!f3hH^`(NB~8! zpXBWjLPwHN0F`~ifbt!-=qaS`BfciqwutKW^)f`ZdI;%q|Lc5b+i&{L-j^W424d+h zxTv4Iyc4=7HtS@hwXVQr|yKCAj;x-5Wbla7Ok?T;I(v+->nt zvKosgjF#^MJB(>;+*3H|&ZQD|S{-=zE`K=ZQx_i-Ie= zP8E$_KF}%ZnIAC6mSifsJ5|{U<(rY`#+D@i>Z0jmf&(dTdh6OeHGKK2!lJFsSMT!I z{sbx=FfT7a``ApBgsv5Dv(xa5mOmBiq6cu%>9#V5`Nuve!@0YTEm^lyy*T*`yS5R# zphnqEEA+Du;=7VCxt8u6o|!L+qu98QG%SP@`h7k>S@dsMAM^uKB}z2WpT#P#9)P=( zZhRdnHGKmv;^u_r==Wu@k0TQ8d8Fm&3e+OvKAB^$lIw)7dRcF4r5oKz96m<=Kr$ze zA7dTlByLQ;MgJNE3o`u~*|R_H`9kAmxuYd8;|$SSu;-3%F_t}nmrXmRJ0_gvP@eUe;_ehJ#W&g75)6{6BDtghG- z8HHYp(4x^U+}%UkRAoH81U*#9&tqGZP|Y*xP_)@x_JlRBeOGtwvS*=M>!bV2IV!o^ z)VaqraNcIrF3Xy&qwzCKzT?h22rIBnA>C8tXt##=1>GHKQ9ihttcU;OQse4ohQuWd zCsH(d`vT}E+6<-2FkV!;4w?I{0pn|>^AJ#*zQF^9n1060FNKoo^ST>`0iMjVxLtrH zy4%(z#V$Hz=xR?bh_gGMADehU^!eD=1?eb@h)`~PCb+-_AZf1n%PI| z^Ijwd0$Yg?Vs&;m7N6pF;m{x#id{%n`*OyJ04QSm?yW8=&NuocuX8`DPCO@_cq-Ki z>lZY{K$2_vD)dbt8J#c=H;BO3#u!b65$n zPKC>4^MhFB{j$KK2ZoF%8#v*VwHEfPCJ^s!BQKNQnX~tV-}iPbQ>xxqmK9QvsuEP3%A4n)@&vUqK3bsx*?kl~V*xZs<4b1D0ppYq&T{N7a_Mb)h7%S`6QG{#wsJ%~tQr*^10_%N%9PJ7bk)B=s{ZkK(6FyLBULokorE2lKAgNl;qT zcjqpeZjPSbv%P+)_ClHV-oHTF+s0pOURHb2;c_qBdOr8VV#IEeJHdDn{Y9%;`JfaU z{s4bvz;O-q?(`i&s|9-F(ep1{bo8Z{{g{jL%J{ zXRU5uvXnQgjhMQT#_|Fov+`dgs&O9(BemtoP^a(6&t&jxvIhS{zR2K*AH@SB9>b42 z_|nYd=*;7xna5F?#}S#wgEEf?WFCiR9t$&%Lo$zp+{ZRwf%~M@9Yd#6!@iWmkfKpw z*ssi$Vau>`hCS#h8TJz-s$t9dU;7jOIP0g)clf6=RLI>Me5`l;e9j0NUl^Za-6(4R=n57h;yW2ccs;y2%YjvPrS8|^`@Na(5EY;#yvj$Ax zo9BVauf*OO@O;;O+}U~tAC0a1_+H?%o_I(V(GyQNL0?rfc>_ls`^?43hu*J9>B?7-fnP$na;iS z4Rc>O!?WgODdPW+^G44^Lr0)4a0~_dS zDhnGQhm9{dCn`$c-%%^Sa#7TL6qlX8a@r}5%-79dC?M(PEedFAMTwrM3df2=gz#61 zI>^6G9`)L#`*jbB3>QV|^n`yV%Y#_XfttTJ=X5bI>Yme|QbDZp zwK;xZR~P3cXbwL|C2ol>>GYk>BloMlqH@Jm-NILNRo8H-8on}7y$#?^HyvD2gU~Cw zun&AKhKd#I1v|5}zs47h#Y}b6VXE6J-sxr{tjYYb7Yh4#p{Sb=DX2c?sS*w|kzQJB zCBiZSmT@W6DQFJ4f2WKD%jT&<&?*m*Ja@FQV8`D^N}JEi2U1w>ZN6oEk$>RPavo#P z6j&F_Fpn3YFUPEc`+db>k%jG*y0-_LoJW}!N6 zqw4Nn^f~7EJs%w@S7Do#pYtG{xTA}WC0Dh{B*d?wDm~^bSFimO-mJ561Z$iLyx4N6 z^|T7j5lG%Zd8YV4AxLthP0ZH+%x>D-}U`7OxAo7N9D?&`MX(sh09 zg+ICMimQredqPiK7L62NwxIYYveBF?vh6~VZRc9I;&>;)Q|bl&iAyx2MTN%P|Uh>;J^M?_e6`;(?8xIUB2l z%lyV!eSQ=f&H}X0XJn1IDv`L;S~4FbgcR65`C9CLy@0R4r$67IWkPeNi%p084exwO z{ZEwCs+=3td0_c|w|qCafZ>xynOytwFDUBVUm!B!1nrScA{JKR-H@QD=dr`OPJw`g zOLX1eqBHtu`PluI=3nx$=D(cZh0kgJxhHc8B(jIA7{h~jjgZHd?T=hqSII2!@3c^nW zQnz1kfA@Yl3)9-fuF zrYTeURVR5sR`Tqu(m2%QYD4SmWm_VL(=uE1tMk*F1=+tN&u1mh$w`#-K{@G_z0ybI zq>t>GF7iKW%dgM_ym&^mM2NU3r_3K>f9ifQ)&)@_EJ5N*&~gf4dUP$+p_?cuUW>k# zxAn00Nt8L=Sk@rCU(=15tM%CX9q_BD3clQzT}`AJ(~+mD znl!!M{byy+?wGG3%7&MkWl~%AU zrQ@*=I;^4J6XRO5y%ZRP&3!_#tK@cFQDX5}$m2?RoVT$iaS_|%IVfOCHt>Z|O4Ekv zw}%tQsJG-8(c<7?!=VsywcA*5vXRdrr1f-|Dc9=G1Y!V@;+GW!C(*rUr2_h*7gQS5DRY}=lJ?W?BZGdERLrf#$~PQlkf8aRb-KL|+6)?c_J zTQEVHhUhVOwKaDM5>+fIjG%*^USQ*lL6)-$m9~>Fh4wCyE8NB>NaK+oxQz!gjR%TU z3zDyPZV@5-bB30T2XH)>F%$n^ly7K`pR}8#VgdYo+N`~xXpcRc2S89Lz^d;JEoLeN zqyh{`pha}DP@xMgK+_pHML|lJ#xszbz86TTiUeXh5CT$EehS|lNZHRhgO+-@a)NHj zz_|l}r*9g3p*#5Op4xHhLVgRJRo?8VLe*W>rSw>IF(`%b8`0`k2u_*(v3p40^HoJg zQZ4CbRy9s3vQXjY7zCl)b-(8?>Pwb@aCS6FMIrN;l5XmfWxGN2NCjHmdR1!;H9Igl z9xW=c+7kJpn#pm3z>yP&*w=V7`Lqg`U0#q$7%9#+NSpkj(C6EwqompB^QUghY zlqeE1RQ`sHkE&(k^#-?h0;{HCidmm8h3YQ0ka4VJP`#z6OHPp-Vf>Kk zU17=-rc~6*FwwxAz>nmjY&8I`u2utrTu>Q}792nFgkh?KmQxm9f!PFNq}P59#i3H7xsB))~>-ZwVIW_{MPs@7{*FXDS?d}KAM z50koI6!EzHtvvuyE<~f$(Wz1@->-TWjAs|@+9m~$FX=|Z{eiWew;J=pLgm3-%M_=3 zl3S-ZB+y8vGorK7O}8_DQg!y(8D|rhRZvccrwd+^)0sKyZJCD=!jrIVI&))J^Ib_T zBCmAFM#hm-WCw-w%dW^o-Mkj?i4WWzs`{+|Vp&*qB?bHfg>LKN7ufSa&PV$t!4xkXjk z(lrP_Avt*2&gBIs>bpM|&4ctvkYmQb>5!XK=SJP=zOI=B`^e$a{)+W#5JtNL;naSm z>1xJk<9+7p)0%!R?{c3>N?zosg6tu;iFL$M=M+N5)6P)^<_3-ahxpi(>*m2I#-L`y zl!IWSh`nJ$&IIhDduVKQ{~LJeS%2T-jQvE}^ChZ$oakJ19%sqDHO3L4iaDOhDXs+t z?tQKtQkY*dK};xB;z+8?nT6@h+N@T65|bDi7@l-YN#qI+9^hV!;%SFBtE%Y3@C$r4 z{~>g}Amsl@nY2H#{(@yb#L)n$yMUx&I@fmQ1<7Jmd!!rCMBRT3#+YFx*33uPJ>1Sz zFL^lRrHt{ObGMjO$$0Pwu+Dbt3ym3|s*!S1tyHHA0|^-eoH{?T`lqVXR^ehoH|BU0 zs8F?qj5(ef^9T?n?0;Jp>I$ssH1y3_Ln4+T$J zy81co!^@CjoLn$QwyVjbr6oiF$e&LsBnNHvTU?jpZ8_TT@527&e~Z(spjVi**qUwRh`xhz5i`$_AQVou~Pd*Jl~XOyAWz zj`XM-IY5PA4{MwFe+X$*L{jY4A`R_|uy$k%7%6Q$T2O}(j)n%)Mr5?3Z1pV*p^j3= zV|*8@#~hN#<&x*}HTeehw>57Uq!Tq;?JjoiB2O=thuBB(MiGxsz}Yiwtg8{X0=!`x zCeS9^WxD%|Q^*+cwwCYEQHrCbkB*iHFNYwgvpYJ#b?+3{&RZyza`BvXUU$1_v~PT| z*M2-!xs1)bCpxS_q@2vI{9VqWi?Oh@hq2I7*Y~K^nl=&Y(4|yy*rKeE0_%rtA=m z?-oz@|4Nll$U;{CpW%ww-2MxyY!#&0X8c>3y_M0Mt$&uidjvhi0*=N3tUSTFR5#4+ zZy3JEx}6pWF1F5#&-^xfx3v%bq6&=GT-F+%_q^k(E!OLvbsZvx>%X&VvfPMVtF_}@ zbTbNA$3~Fzc~kZTHHe-rgBDMJ(gOeu{+#std!~z3N7OA!SfjPu!BgxDFpJWVd6!uF zx$YwpF5i(HspJ!-EwL7GbftC)s?fwNFQOUuO({pQ53C_5ssZ9F0W;oCS#*a!kBy(S*>v?O^)ch;UV$D7?|9V#L;pQm?#ya_a*i>$B%D>*s zmm`0gd^-$DoG*FD7uFkHx%0idtyWf=>}nV4^Ip~-&7VG6Z1*Yt&t}Q2-$d799NaY{ z?NvsXxv$f9Fx~dVzS}-b+KzoNs>Slr1LJd?#+-gVZ^gDrcwy{iD61Ss;OcL5^8oWY z1q!)}Ak)~<>BdI)-Ppdl17)15es_FY*7#!E3Xtp5!(s=NGprNSEsgKHrSE_9uo#hQ z*%?-!@Wm?E2Yfkdm(!8|75MfE5A1jucp&=bbmM;o9=Y?;FT4GL|1a7fl9<*`C~@sq z&0O%2-Fn{t{nm5vyH9*T6W#|tpt{PLi2qG|$X)-nefDR-|8M=N>a#y+4ga6PCl_Dy zvoVGP89CkfUs*4?^Hba>JbXPm^8XHB5ZHR*Z;#IW--1e-KZvJ5E{ixOO}LNjn{W@! zWf6)>_vDA-ztQa~5X*PC?vw@Aa2#pE<`40`4w=8LhaDz|Im`N_#JPDKOy1xXwvVLy zrnQ}e+Z<4l&BEJX=@rdRfM92%@flAgL34xRTVGc^7r|$) zW4`v_VD+(Lov|+ZUdoIkId$M0=OF{G?W0T}}Dye88{}i!GuPp z)BdG&1b?+6orkS z7UQ3G2!&#m_x?wEvJdVZpFeY?C%QCQ&^=_QJYB&pZQg^hJEa81*tWsYr(J@w`^c74lR)i-NY$m>Zynj?RnA&s!KB8=Df@@rI5v9b*L zQ>*(qJqS`<4y50(j2EYl*L3mVaT~Fp4s&p!Gcwye5!HINd1XE?BUL8}Kcc#=0uMM{ zvVTWzmDn~#4KS4_`nt8AuE~Is&rwNRo&Y1>8GX1u`Rr`F>ntx0BMzg2Ccg&_A$G{} zsYdiGJrV7|fZx$pjh_dWua57X>aixQ`Lf%r>56^sH8w3j2(?v*jy58;w7ts{$=_^j zYE1;Xjp{DZ$F)RvZZ4NkDf^4mkD~x8vN;{n4kjU#9YPEa)VYkXQ4$cOAQobPkBJrYCMG*(Sfnmslf3gCiEp0$Yyjl{c$^vw^kDlPB;5Yz-!|4JPuCDq6l755@dq z3%Y<6MV<4M4-%Fbt3Jm!@JO(R;Zh){(^0QLokloJNXUi}99E3`Q`oRnoknv<@}gmD(zaIJj0>=iaiAKl=iu_faX{8C{)xMK2%vF>J;-xxfzO1u!>o#JrVTc zoHHQgRJpZT*;t+^X_k5bAU0YuirHU0Ez7QHJwrWA5DF$Gs;t|j1UYqavJ^o=ugJS% zndF|n%^9`s$1&g`1wqaX7rJ%L5)iD#eb*CMTfkpy-?fzGa#WTLew=|PLZr)Rzuf| z(qUCYK-DlwM|s!%xVUyrOoQrWFCwTTHPw(j>j*kft!^t7YL8&K zxEjjKm3haH)8gx;HOdvF$_-WJ1T`mxDUAG4ceg6Xp+MvZAvCpL6l-ylkKu}Uw3zVr za7Cwf{d6AiQ$fZE^mFrF5&bb=XfcrIei;{?8Ls#geMh+BeeLFTa%#SAOC%z0lNAq$ zX;5IXlSAIjbg9DSEMzC=WXwRie{0CUp+~|5#Jc)LR>r!9L^s*XD3iTjl>BJ=-g^Nfhi~8vPh$sb z&hg(ym=ViXHJcIZy|2ISPQFY*qf6VAO@SA*Jj)Ttw)7{sUPURk4Fhe4ujx4@{=y7` zoCQ~ZQ}%e*82@LTRjixi?jdKgzZ&lbv5RoW*A>B#e?8AwnVX|llX$S}M$)?EK4nP} z^CdCGBGp8FDAe0LC&+vg@_`@Enr-AQ@3h+GNU!NTgt|j5@8*XR!^VpFC2U*_!c8ue zHRq~;A1fY@_wSa*$^0}8ma1YtyB&{u>-C4=qgnme&6TRl$oOX=EDRehE$ZeVebSJ} zC=ex52%H1muo8HW`4mIxjqivzm3FYY$z z?EPQp6;EDqux>5_mYtEqbnmmIrBkkaUvaD0(jOFY3`!bEZl;1ozuV{=PJNzaUDo(v zwMJ)V5>0$WVoN%RMn1PAQp##9-%)!_ktd2i2ZsO-j6{6a=S_n3sN`deMPe=Pb;v{0PA!7y}PQ0&FurD~9Zb-4ja@*woyg9(h7S_Pb%x@ALX($QM%OEqtZ0N4bEd-O@ZezM_Q=}7Jt z2G1kCGL@$!=1(X}vRhc8rkyV*wdI$|%FFsRd1J7wfT`Kw4OJYiU4J)KI$XATW(;f?>y(^hB^>B`N&+1BJAe-&3{z&+zN_ zf=V%kUo}+f;MY3&*cW~kDEv|q855q3U$DymDT0mMo`qm@5hE3Xou?3NY>7gkNxu93 z4SJ1M==HLomzt+{9v7;x9!jiyq|^RjtVo4=xHcu<1Ur(4D6EQ5hhWuj{*=b57Nn6B zR)rAr1+5gSvyiM834s2#N_AvE>w;Vv|aY zB&6V^%5&Z?6%zY5Ag=f~VWilv4xcTbIo^9nn^pgu3h}ppY{=7o4zuWOBB!#un4OA` zFdJT+=9CT>CjQs}k#^MGqe0Ub1|`jro$pa;;w(-fkNlMO!shU?{FHCz#7|NlQ1Ybg zc`+*wR`dPE2M|eUF6_%Zr|U6B<_6rZ*Uf&Y%y1%Wj=m84Tnie$?NnflyoDCR#>iWx zc4PQ6fGKDUxskW%sCZ|auZ1Tt)uY|Ij`ebD^T2j2iiYn;lwveyzp!~a4q>WZExv^2 zl7Ao|0=qolP)cSR)#Bm}nuf2yGd75iaY<@QgSZI#u%(hNfPYIO_D=O_UHU@`|`_;xqbPkq`#ul`vuLD zGQ$)9HWkW{o`eB!y2e^b_%na9_+vxa$Ee-fd^)wuKOV>PSgOAE6OiWGV_i;GsFlNn zi?QGiT*uL->L)2Jr$_nK>i)w1uql4r4A0{icjNo=*jY%x@#dxkU(gk|648$tVsmWx zCX(N}L(=iy*l)hq({vY^td(wwzhsqA+iAm>FC~8LrazpO?$$U%(xI>}6ae_pk^zcNheRNe1+Fn#`aO63TP-cWli9j=stT#1{NBNfU9YU{5> zT$88YN)%RX_=HiEY*)O6C(_G2SQj2E0UfmXgVc!BbMI#6jyeabX3phf(=N&O+cOnt z)UM!hU@g(Y*a3(dvQ17P?d)jS`W#!jS;^?U%uk3T9pfq)U^n^n1Y z3iN?VJ#n#Dy0g=|E?vRmp?U?}m~$5cw+bzY0}uLD*}O?cDUoeEp9L<4?@jq&jxSc< zJ0rM3SN_S(Q?}xS)832BkNi|moH>CguLrvHfyKryHMVX-rAj`P*b{gwe;)k++FK}$ zz11AP>a9{w!}&~3e9M|yGDrA1(OLyn+m*5)+I;0a%Rl=T-VNWyl5`Hs%$%Cf`Egs-6`!%hW8D{HGi#0v&|dkDpgFpV2RVUrsC@%n#>KO-ieEfG zi8;t#d_(kV-JFde@LJ?&92gM>UPihS8Yid+(GHnYQYA92*X{e#RrEc!p72LmQdSl{ zaa_w>DQgzdAO0m|D;-m~hHmV~mjx)ZV5J|J!>34kwrnCaL-n4l8&zR?toz%Q)d1~~ z0#5gfFo=C5%pREO`0t)8>L3Z^ChneTd8$YM?I%|5;)qaY(t_HfHwujOF~{L=6hJcw zE+mF+aNydax4hL~_dk~`2+2MsW=|lqYggbuY5Iyb9OS|c zy{;63_5`EL-@&M~RX0%+BMar#r$+XA7~@)MWX}>%2!W@6$gGuaNZ4-qqUhS8(xh2+ zc_`L!JCBF~(89JHye=X=mx!Xb$nG*oTgy^Wl5Jz1Tf_ZsuQF5czfg&S`* zXlxCbOXKR;Zk)257DyZ;51vroY7ad~4&-DHqsW(({3$FEt>c0S``T(6v19840 z)KPwHn?~?GxgPYS0>%@{Luc4}MLF3Bl@YtT&_nJD>@$&pdLENl(R$@@JY0G2AD&cG zu!yrx6LoFc_WI8L-pCDsSgW@holE>j!nxHxEfxFNfU+P}Q>n?KL|jAraV83a#~GbR z+-;HDj!7^CpLcV(W@{(PCJ3<#5gE`9^!QCECB^ zy^G&A5T6vhwt`Bh15At(Aq7lMFNvA5!v$c2BpnL4A_GG%-0qPf_tz&y3l`m3J!xVH zs3mWrFd%-N_~p+BI%@|rZ+Ti=0_w5I|MHp$ssN+E-N={B+LR~Lw|(7_9zv!?e6v|g z9_zKEydL6^uIGnVhp2cLvyI^qDrvR;<0Q86Q@*95HTqV4@}1oJ5LQa55ESnsPQ7ed zjg9sZ|B&FdwF1YU@l@n^ikr(zF4oJ31=fISE@E)L`-9f#AVadPc4p+rH6(5G(%C*;JOA;3< z_TfSfJgzco>MTptd_edRbW>iH&wA1Qv~S8wQHzU`s;&Ar(tCnM-7UW=ujoMU?Onso zxiw7ZG}AAAkg7*~cVgWMOza=skLMfJ^HdIb9Y*zhSf)M

I|3$^Be&2TmsQ zdxg#QkhG8|QPMQMzF$1tFrjO4mGpR?EmgCL!*%irWWwR|`GMzP+gx3R3^~XH_Ehw@3d`75B<}RqF z++Rdi0Y}zgJyjjds&4I3cqdpu<3#nhSk^=9H>%1VuV>7yATl}rdORAw zS0_&>>-U6@F3(Q)L`~6bJpOfeWv4ura5e*!wR9v#MVW!+=4=F71Jf@CB^G28Spwwo zW*%iLUgRB7=lti0;h$eW9{<7Xe*C7hpFLYmm!#(bEj+9^c;6F!b`j0I77tMH;=AQ? zJwCbqO?hmxen9jm5(4=R%1R8kFr1SA=-Gj-)sj`{#`f{<*79Q4z2|dnXCXvoI~%dD z3}3Bzx;JD!vNDt*TKrbNlRv5{p69Dy>(s50=kz|V(LnQu2345D+^)tZol-28y%F@b zN1_-+%@v-`A$Pb1v=tJVjLw_zUboDcQj?JOzb*RatO-Tn$sBpueU{?w#;WMv9ugaA>Xo<@xGdaySzliwN#7?|tv0J&Bb-6&?NutQMkN2&(ij`3;XQ zyuym*Qg4tJ?e0B&`Ozin)*wO9AjBr@dF&p`GYF8y#|gCt1S4GOoX8_X8#%Un;{m}8 zteJ3CdM^Lq(8wdEjRQec{1E}HdeP0wRU%(FNd6}s?lC9jmc(KM-SQFGXXS0W@xttJo|EV{CRxz;ln9E%F4F+`50a0Fx&F;t-Pa<$BscU z?ROC7(0J!ci>uUY)vd$o@kLV|qEi24Ty7x0H8o>($6i-MLA?cuIYkz! z8T`o`zhH8+*Z%XvJdnaML({*W749kFiG9_oAfthZY3Oqp(O=}bqETboFi7NH#u$e4oN4B^?yAu3&>jMc#3FQ`WUP=u|A~%fg>Q=WC2?|<+?Umq3ReD?DD*4 z)zZQCTJ3Z-&jw~{f5N15JUnFn4WrJ@_P1pkY-&igkyFRIF97jCK{b84!vRICfXE3G z;+0KdmLe1eof0T0*1x=jWWa#wu!aU^7M9jOHma4&c7&W-K(p++PL-7Cv*HQ~#?0r}ERyJH%oMok3LNu^|%+P5Ha&1u>AnHbx3sc zeAH(IL3=p8$x|7VbGISvhJ@yf1`l8Cabog`S25i?kJJhf6tODZycUPV2sylN>vM69 z2wfKR|He61$_TP+HXi12 z=x`7}5rAfTpRdR0@tLpQEw_y67T@&j7OkwAxhTSS=trk^B^gJuRRgWAFJ|G{j}?Bu zJ2fF<_*Re2LX|CZkfwSfqnh&jgE{JkW;7a*tE^j{9cOi`*4Fy$HZ0DH{~tfVPO$Zd zQBMeV)WBYLUL9uw_k!r>`rpO~aW3xWu#sQ9y<1>$;>TSqAAn@-)V5V!x20cyFC_ar z7hphH(?o8)yxCGM^C}C*$w?3afAYcN+2X#Y`^q?n`gqRI7A9S##hReKe?Tr874Jay zeXmscYyLb-erq`lowt4|Nb7(D%>_8NH!FURGB!;?K7Rl@iX*TMHr!gvx zlOa})c+h_fA^m$NgcKXss<~$al2z1Hy(u$tc{y|U_>Mgv9L_0%-BZcBHyQ2O1u#|0 zc)4cxvs)_Hfp%qQu+6o3X>l*#KK9eqTznrLGBszGB>l(r7`;CrP8JKpyqc>_9J{;KwvBeD~GMtaI+eyT(~@&WE#a zr{m$*4`WLgb4TXVv0u+lx??ZosvAwq11q2o`7lc-X*-xoJV@6zdfqTy@SvGDos*fv z-R{dVJlS^d=N~=T<1R7xvqM|pQrpH0#MRy1UWqndf9!F(Wd?3_ zVm0W9PSit?D4fvPCn=@^GNT=?hSU}AsPPsRwBeBUDSD?!SGa37A+mck_~M=B5zOsg zo_;d3*s@JwA7SN`H&$=c`XlmQT#?OfKl!5jjAeO0MzzW%keIIk)yJ!zDTYY`cD3cj z37J*k3{}F}fd;s=r3kDsbh;8t&{W*epURFw4W+InG~7RPl*Met@Gv~fh6o{JoQ*Cb zqV*KyR)J~5==Tr*_&=nF|0l$8vtQF0A#^xKLHo{2#`dV~>@*`LB|{|Xw6~EWu{>Wb zZ-}RJG6Zk!UNG*w8Jh9Rnwzvvhg{IJnIzfDp zCR?I>DZ#k%L!@n(bi)^V6K(_LQ`p9g3M|Ph0j>u^eVE2UhdOYu4Je5m4qZVzRAx{A`rWkHU^_LP%7e*!Vypa3kpqL(n3-cUKZok zzwTWIfg{>Uc593Oc6Gf(etGdbs_wSE{$UC&eJqm2{uEjwY0pAz&c*WJ^5y|yPxs+H zD5;S>ZKj!C$RYs(hj|=Nr+{y}Cr>lz!grd~VC}bS*IV0~oz+_A@~Lt!J#~?U&aYS! z?n8NG{vDlA>nq(jdSy-=-);`2_GF4HS{^*16!>EK6L5+fo8_yw$b#;{%hhyl^VH^H zo6<)K+5j7=vXb6f%ei!wJSt9kdr+4(uI~v_YcwAkCF~6dF zil*(r^6e|)N6M3s_stym%iy=Nq+d@{#e!>(nGAW`;ifwO65X1-12nX#(wcxL85S;T ztJBxW|EF%aZY0)V+}jz4gS&GwVmr{WhAgG+b$0(@@ojsT8HJWP|TRZarh&|Xyq7`Si!;cpvHq7 zyd8n2sr3`uAoqT0VZdn$CEyqaszci6rGv25Kp8P%%VG+!LltFgg;{WeLThoAQ~vxq zWG80Bu(Hn;3@KITUOm<{)44Z`eiZ*NpgJEvzhy$8=VR1RCS6j!~aJ z;Ymhg>mv!mYdvQmVcSF`;wkwn7Z!*O9gXJ~%wJn+=CS4hjW0RZ<`}_h4W%(H z+d39_z4B3EArhz(N1azHj&Vip| z6(o30Tat&nAl*IAeC^ky7U{l$m=G~DJ2kC?;63FAqTgQpKPC}>o-JCN6Jw6PD;yvi zyQr-Yr50OqG@ZxY6l67C6*hNM=(31B{&!R-$27N)j{Sz!voZIgyb=8cuMS8+o6 z_x{@#DObBgsS}$A18UO1qCVev-mV$00*Gu0h&!;Ce=s^=!t{U(PhXu#eW@?KcZd0QGcMfX-Q|43`@uFzE*1hge88n$U9n~RB0Jg zN|X+%ge;Qa$h+ALETy={g>U7yc4z+*ELiqnlqH$~NhF@|UdW-fZ{u({A6nM|x#%Zo zOD|SY)J|63S79;|y5^Zqcf6jyc)S=-p7rIo^Fja)2XY3fjV(YL0nfjbXb%p4dh=uL znqA3GN@8t91Q7j1f+ckYt1)uzZU!@hMRE1%Jd(6vJJ?X|d4v+GiPx|eNqXlkpV{Vl z*d*+W36;>=7{9lHV?X=_+jnv^eV`$e;O+7K`qQrf+c0A(H!Ht|%S4$7woKmM#*-V>k6yiqpmgpp{2sQG)=Kjz!O{lNCB{ zF$8pJdVi?_!VPca1Tr*Gzg07#wYV|M7YdhPDsQLIA@0m`JGjx>nOKmrZ_85`Pno!e zJq^w{tq|r#2iynSYj%YajRx(%i1xQBZXs`CJN-s+-`9s5>HhkI%lm2=!*Ud+a>Z6L zp@J&XTepg92=N;-X+hZ4)>6Mt2(Lz5V_aN5!d2nM!TqxtD)vLWH(M*d3`%A_=i(WR zT>$uqj<@epaIaM;ll{QFYXap!OKl=f;l70Qrgnnt<=0z<)%x-ch1G7V8bg|GPjV}r z2K;`a@zq?C%uV;`4m#a^cBS5?;2<8pWMC62=#zAkWY+E&k&xQ^x3@2qq6?Ayt=&)@#|ryfR|(PsYEj@-fh1uiD! z&h<1eIXLr6Ti4xeuTm17blaPXM)$Z_H+n~fRyHx_uQt-fkF%sL7p8P z(n?f9;BFP}V0MSNnJoneOm-{IWKYEcjUM_0J(bT4Po&%Z-4$zTt$PQY{+Six_FIG) zccR6&>KUgSXjd6TQHvf1FVpqW3<|ul{4M`qOU~g(46LYcS$_tQ)OfLR@ zz%rw@_HY}@j)`a!{Xysu$3F#CsPq&2)YO7q=rPHI*H)l*vAm4%i~;2dbbP|Nc+u!Q z;NE&auOfa&N{iIye6bEqz{P1|#^iWvzz$CvfJkEgGcvc+8Ol={5IOeBI*}jK=u|9> z!WJBatU=r^2%DfznWqD{tPQeYY$+M^BfW}X&QsyF@sDq92b!F2P%Bf`jzOBlAmNy- zD6x!J$WsD!se-e~^E82iWicv}8t&(h-4@s2nDI*8?qW|ve2`+RpL~4&@0m}LVz-}a zj8k;vs$*uD+dtm+3c4RfrdfkmNHwKW0ZxrZJtxPcVp=yVltXGu8m|ZEqg1I^k^_=3 zM2;xxUuHYDUy51Q40gD)y5R?@dKCy4L2y;~zvs&B9tE*`4m`FYAu-g)Mk)L2PF>j_ zAB$8nr0TEnT{*?vGI^vSm}^&d zX$96(6(hRp7U8_KRV@2tM5Ggi6I ze_we?1F8S@FlPcBLf0`re!`V8fEam?9-InuiZFZ7WpC3XwYg^Y+C>VR`a8b5S)Nm8 z)N431ChdYud8kyhqRAX^>jaRcz1PXyp305T@L}#sZ6mJ+SW&xxK4A1tD z`5H}sy||-z%n>Ws;fcc>Q~7pKT(d4&zSJ#@HI>%VE#ic7w-}@n5af9zDAc2N_Hh@L z2G>Z1QfOPU6+0=qoL|Co-Z0 z5W0EyR&?{84ZoyL-V_!qs0x>lPlgwhdY=kl*dAM+%yZ)uIaQIaQt?yS=40ji&NR2I3^C7*7iOI~b~39JBdOXzR} zRfzK1i8=|tm9>?fV}vdWXAlv$vB=TAENac`6q?C`v*{m}MI0o;Ze)e?3A>`4=8bd& zJdAG1Fj$f>S^@TAGpyV?`*jDMQIOEYE3Db;*H|{ib>Iy4x0@F0UtW`=sp(B**TgwC zymP_XR350^_hTFVap;RWWjZdW#w7$V?dpFTEyFZ{>Cba>N7>vSyLvq)xv5*##>J@m z{pHN7-votR2^aZlN4*hd;jz2iktTxXBN_+jcm%)EwStdwX@7 zkbHQzf?>=796=y|H^H%H4N~?B)K33pJ*cm5Z+*EG$JV@$ z)Um5XQy_l`z_lQyEy*kY9nUNRK?8$nwzxE$aT%&!3-Tpco4>enl}Y{V#+GJ}3W-*@ zNI}QQKf7rwk6y36N?xO{Y4{rqTRY17=#l(@GVe&4h__n>4wCt*OX?*z*w(z#0JX{A^k}c|qt_)0??ESx>Ind;T6;>HQD&)z5C$ zt)b)5>ed1{)i^xVwL!=o5eD^M*_?_Z_v*31yXVZ-TH2}Mz73-b#-57h=BjB@{F4TG zdU%hn)ySKg6xAc{_{!3ce!!|ou8&V%T-}-lQ%r7+2pc$1AgnC>Emuk%kbcHibqr2& z>f$&VEn1(M`vuz^9bQ_BXH>3?FU(6p`OJQw% zy<8U4p7vx6oe$q;^PG^ro*a!v;}6H9PcGPpam+L{!VIMO?Ea7pd!ibgRYxq%4`E23 zp$gU{deq(-1zAZT;bc*Qv|I}>2$Wf|NUNqVa=`4$E_acgz~B#-%ilrFnmOe2 z!tk(|Yevuv*jqK;*B}HWN+d>VZHUgr_CQl@Lmn?&`yR?nxK$lk zeN)DulMyHGJerswghx6vBY>@QmK8yEd)E9-S%)2IlUuh{YKIkMy?@8edC$=Edw4go zi7aQEgp$WI2VslW+iKN&{=LfTLk0e&j8bc!3JbVbQC=l&h#Rtby3DS+c#*sLqWdq_ zbvRXd!QN#fHsj@g0OQ+$_un8Dsm>UZv|g9uU)TY_C$yT(bNpLj#wMJ=FdmDkJ2tIm zHd&PQ4a=es?f(0bXS48oX%!E*p z0V+juq#Vy-9qQ*f7zh!5SGUs5 zZh-}DB2WheUn?u~nckOcuXYt4f)-j(KGA)^_-wMEY_a;3uKJzA~t6 zb=gRy|r9RP!wMD&^QxfYEJSlETGo zNNXphASqrphB|3ToTM`j@MM^d(+=|IAXr2Y}2~O3Oca2AV6Ah#5+09MR&gPZ| zJa$fYRE&4=#5FWXUa3)}cn7x=wtAJ8wmH9?N zEsVageKbWqrf`b;J{=rT1(A3%Mcld& z2YYk(a9$BMYO;_U><{S&8WG&x=8s!*Bs@K#uIo5biy%FC#T%?<$0w3&#HoYT76naC zPR{{!s(!dtBKg|AD0?+VKu%KZ;)7GO1}kQ%UCmf#<!%$ywkM6>2LH_T!fdAMNQT z?$g{rGL?I|x}oPmzmsC9Fcaj%_4MxeZfMhpbWO6PhqD^X#KL##3l)ZzU-LaB=j8bsL2@$C;g(K$?++sp8)4#3}`SF`d?5^D`{)75JnJYVbb7kGxSxJ?7L-RW>Ko~F1Fa)osZlskg^QBb{= zPH*h16xkdbAI4AlRG{f~m~G(sr&qPwn`@QJ$<3oW8kjjumw@BUy2YKbA@0NT_45GJ zCX?c%GKV8C*61}@z=wSQe8CE94yDFW@*}mLhR}sQGM@al7n~*c0KFjx#VrpkA%3Db zys6UuY9W=x#tXYhiVr3-&ZA$CXw&+TCTk7>5%KpNGvF3W>fzs0@*_2!1DSB|l7Zfp zFQ+oR%J6Di)6qPQ1XT&~tO$>`B{cF$0-r#p(bd$aydPaaH{+05&f}#Q5*|=nmgr}b z%eEq7DY4+0*~J>1?s$%FbMM~STksK8r)!%NTPhkJ5GatZMo$+iC9?GmKZV|}Y{nP^ zz@t3+*a_>FG-d6~&Pj@aXgv}*gBGl55w=r?}y{h$D^|of?@{8KxX@3|847- z($h=VZ{(sz0ozoXBhbhsdhGP6OE|2Il?GPVSe3XK`9eGFpuZUn_VPJ#wm9 z{%5inp;fhV6JxrUfRYV~=gFt_xf!WWUbsJvDJr@sTI$f$Ud*IoXJ3lbvi^NHo5xNX z{t#wJ=p-9Y9)2C4lywU0eA^$JVYz>xLx$h>L(7#Dm}7@u0PZ${kS~<1IKQw}MB%@o zG8ul_vgx@U8Esjsl2n)1r{~B%qeHi}czMPA+6$o;_Ad{Hw8^O;@opCGMo@z>ZItRd zQAo8dAi7+yUEeTxT@KwNQ+Q(T-rH1G7slHZ)J@?g1hF*Py5ypK4oQy^}w8|GQ^QQa;?{;+7ppyuQ?@R(ILs#Fz->cyo28#COd$fj$15K4Phlk+Gw2ENQTp|FF`T{)l`R&HM_Hw7M?%4n2s70}|TRf^(Q;h4NSQ;Ys<2V}?ve41bKs9{gz^OZ6A?+tE?AJeXKwMKfe1SFp&UwSU)e~ruHMYB1s+A10L-t&(m-nU&E&a75 zO@}GiCQ{#%BzO!jQl>yYhAc;T%O8$d5j_rK*Mz)es@u@u3kp4h|_k&iHe zT9oiislHfyCfm$PUEgVhQ^{P3pMy6H*apFh&Nnz$_N$uQAirpo00a#dwA?B}Qy}rt z(7Sh^zrFvY-x$pUpBE2&IMC*fVPi)8*>`_bk z)V(C^&FO+N9)-OH;g>TLjlpw_!yAF^8472*1nGV4t@@6j$uLX^>~&FNpsU|v{|;UE z*AIpMoAsq;U|1K=5l@M#4+pX9nu{M=tNtBF15jm$l+pjV%Yfcc5R#yO9FV|q9*G6pf?4LL)*Ot z6RRbb>9BQ--4blg#UQ&?Qh*4BG4&LdM_QE9(jQ)!WN1h2LS)eCG8AtTbgIi>0H2(X zt&XHKb&ySKg)e#}MhFr_{1?BUVJUje3bGah$<)Ok6(s5`wm0jg$5bWosEehflttJ3 zieGrKjKPu~wQ)p){ik~+!=~FB=ZJ$NH}>khOuL|G5NEBRSA*uGT$EK*n;1Nj*{lGL zo295Wzc=x>Ms_0|m$*Z_MmM{oO;FDk9VBdBVQ(gfmo* z&*sw~tC%BT<}*dFP;f_KW4DvdV^AA3EF~P{r@Ef&-_MCs0#{2j3=<0l9AONfnf;qJ z@1EQkOHE!&7ZqdWU5(5yv;W9nsJ5E(CTI*w^r+Y%35A;S+cDuEIt$)0jyuUZU@})i zKOL0W+4|3SM=-iBalK-d99>NAaN%SBqv8xxkA4dT%CG$22?Z+KrM`1PHso~=kZ$xWlsfL7&*322+81QlC_yn7B-Q0< zoTJMAOjRy!*gPjTkn?j2bmtng8318(OvvXMi7Q^n!5iOSQyW%S9W1{fm1urNX+4kp zvV7ohVoxZ~30lYwA3w|0sQt8oy3ai0*>`j>jK1^8XgZ%)rJ2T5d6$no8cV=5nnzav zhz)dE$=~sx2@|~O?K9_r)kK9^edjg^9)xwczDC~w_GJuy2ZyHORL&bO-7nW34U%hS ze9gwztam}A{N44z;&$x4WILSk?$hZ{4_+R=RE1T9_hLf5F5^HdH}8LZyhmgeOEbT) zE)csXjfayT*}nhq*>tKhI8I)qf=tw+g7ot}sVidz!G6u)9ZFHgtsQR{6P`Xl80>Zh zCb8>6>}W^8f;fv7S>DE(t20YdU0C(gv-jT2tA?8fLbKLnt3`|I`LM$Hfq+q!)(`QF zoiDDfLa7NZVBy|M;Cu!^f3)O4XyHSEk5qtKKtb#%ZL%ENF(?wbbaULF@-k!v z7Y8_%{H7(NAj~%iORT7w-GI`0b|8WSi|f6eE-5pfzIdFP4w3zpwGI1i%tEzPifmcp zGK0}5khY1fRMwb?7&z;AkUW~OYB+^*O)YY*QaLRoYfLB!y(Io4al~v~x>o*w#|?3E zFxf^_A?vmoz}6j8mi#=z)e%cjflYz(VjgQD7HUx3c>nG5=cBV>kpAHB9B49LL69o& z!&R@(~U@Lv9B;%HILCkJp7jd~c5mmrwH=zWeKsChHIARO^gAo15P~ zjM|t)JC9`1KJr@+igNp~Fd3E7E*V&cUHWUE#E~hRXOnyEMvU(e0o7mljLoy7(?19o zeVDkJkd=nCtD45ISVF*A;4hT_r9f-9?9M(mYERpv9?;H4W9R_uJ!(Pw1t z#m~9GM-N|Y`m`P|&m8rgN}#sEjtUCg7PZps6b%QP3Z?9Fuip|-5Y(J1p~HcN4yRxX z?;1RMw7$EkbvA69XOfjaX!%N zGw!sOORLu7v-yI?9;DVe#f&ssp!#G`WR$u+8}(ft4zl4iD^SSwG8~I1sur*BFN6y? z?}ppDsQ`xHXi)Tww#V8Noq4-Wdtwuir<2+X(Z>9aF+AlyTS+_zVCb^Q=nookbBVL9RW^e(uZTbf9hzp7-x{X&FH>(jP znQy0~XkfMq;tpmer*D9AhEdc~`m!uktqI*Fu67f*xLi=RA*AKWHgY^`p33FB5B``T z;l?2mMdHgOe0^N6!RxdQe=gS}QFxuW+7W37CuuZdFpwRMyQq)b1TF{6Twb&#w{%RY z(^Wy+7BtN5?INu~1l|IB+Y^2$hc-hGm%}=>dXoQufje!&(`%P!@kXoICs`Cl%<}g6 zhQWrMW~-xixRTP26|Ne?SJ-0}5DaspQj-}e^~j&>p*eIk+Bklj;yoVvVIK5YYOAL4 zepjf;6&g5r;uP^@lT+x5Urz%agoFT!7e*?KiepP!g$Y}?6h;I~QauBdM_{!KyMx<_ z-qnQZ@oDNI>y?oDdEpt#i(E``tDQKoCSCFIW3%WMXl}IdnFWjXDLGVj$g=#{f1-8| zYdyj1X1}*T!BD)o43DpLk-rqnZaN`|VvNkSQW+1~qj%7tR$O<^ZYhf1{9UWuiyMfq zw>SPyl?4{1IIGM`%-9;@oe-B0F5x0LLgO>$XoyBIky$lR@Vls`{ZUg?^1Q|II7_}> z80pU$ac`{Y!W^)2#8{%H?6e&80aPYs1XeGS0(@}l^@A*xXUB5=1WtCaumV7&6E`( zTNz4hNIaweZhbtP%qwix>=f|_76Vsygaf8Qf>{h~;V(1@`=tn|8$1a*KF9&el-lf$ z=IR)*4YBmdGsK8+v;t|20TN5wb}(>12m2klFtl1`x0?T}57q`}pIjZR?GI2)tuyLB)PJ`cMmiVheKI)>wKlX-xV}l!!U+BnJU3%ml?a>9@*a;Etus(SMiFW00!>I*(?N!grAXMLD6u>Tyny zt;9nZU$B;AynYth zTnl(u@*cT46*iQUBqA=B6o8f@e8u(UD>QQSW_3NMv7MomE|rP(py||{F$%eto(1WY z_BVJIvgl^%%fN%^gXHMX51$_v4tl>C|M|htxIpd9;E|Sq=GWzCmZoeGDj%p~*@ye< zd2_{*hw3yjNfM;+Q1Tt269TMWE8e~%he9Q2=4fMy<6mzM$A_;%4=CFUf?~##8s?2j z3&h-~C*Qxe`b=Aph)qcZrKc)iWdzlvf;o*>C45R@lzZ`j6y4msKY`HeuURca*@YEl zGrCSreo{$@aN86@nvi&pp$r8>0X5hkl+u;=c6XM^;}qrG-KK(*w#)lX#o z(zusZP$e{4ANaU#xylki?!_c5m07hh|PFfQv=s4%-k5jEQ z7#$mStd<1>6ystM;d@v(#Xh*L!6Xz*{9a&C_ zodpw^FRtl$T95DJMATx52NG^ogA(k5_3y8gygO95bOZY0(E~e4Y9k`F;ajN-t(Azt z$c)#BPAgF|ygX(s9b3*r|I?zwvIgtbm^utwqH_IGv(JxY!TBmoaXtvMy({crM<=CB z5-?r5`D`eL)t*g($s<_1chJq%73tqe?M?*xLLV^{mboSWyNhy&a-ijmj%dCOt8rh zqzqD3;i6`#hMOF_^MI`pL@7MZ$FGDiw(0f#;=%H!|8P3zWxJ_Vm^- zCUV@`FrDhs`Gmuhj_GdiV!(@0u$4{-tYqMImN`J!WVWOsa~Tox?0OPwT=yN*kC;tqkR@%Uz)+DO8ojSly6P<|YI2$FE{vC*oV!(g9X zxKR&-BI2-1lWos^H4P~Z z>egAMx!0LgCG&l7Ac)}4$2LO1;@z(yItB90v%O#l*A&Nuc?*HZ?XVsJHF9DTYH2~k z+q0GVAv!dK?f{RfVpyd1f(f_F385TwFUA-1tDsNBo>pQv{X{`cl zNx^8b05TpdYtrM$3y$#tddkc8%CVV7L7nDip)P5cV43oWcFC_V{bm9g%jzKVv%!Xl zz4lRIJm-}!A4v#UE0epM-gz7+QscF5>bOX0^;;hk0!u!8)|HEE1n#|m;DB(RaOSZ_VSC$V>6Uw2oPvEY&PP1T*hvcN*YjxrN== zT1Wbz;v{IZy=X>w@!0bf*|F@b0(x|j))77G#cguiwM@4s_^Xr^h`x`*RxI=08bwvI zF(qZbrsuxKPYm;OECa3>)!Iqr!7RW}5!u1)_Krd2*mqgDrr|fNX<6~xA%Zd`KOfd| zyqvCYKFog3rvb@L3(zHXweZjrk<*H0PoQ1j+l`oFk(4#DEX*yDzY3v{V@#pO3?%l)u=E65YtS(#U)9>RiM<-$dS^mT<3e^e5Q`EkB zl7SeyHkrXB`xHHT&qMlrk~8OMeJ-b;7z4|t>D z;G|Oz6=S?IvXpcP(4Yg9})H*0imiW_3z&16kkFr+TB$-g^rv7&fKFa4P zldC$gn%&QGmM~txVkImWBc=j}Dqm*L$+dnXs=Q|erp1ayp;OMLC6wt`HT7zre_-_( zdL@dX&#q$SVo+RG!a|kiO`et_^7#% zgFWqDr@6HQHuT29k|DkdhvP}XvRK;1-V6tCaF^~^j&7n?5f&X+R3!pEvx!nz-(het(430*9Q2et#1uo&jiW5zk zQyHQ`hbo`-+%XKm#KqK)605MpSeG4u;{QI(9%dhA1X{(7uPs~caQTMNW62G*l!_+X zrMykbudR;W5i2Z}hifUV=AZgbkRh1MC$j+(nR`Y>CrO;NO$iWFs(_DyhQ zaxJ5yvm?4BMt3u`{Yr<@W0#uV?b@2wjCU?2oI)$bmSBQx>%-j%z5XDA^AiaSy?p;s zgK&(`f!Pm)hbZFZ#a1-_7qSbw3Jo3nYcOyx zE=AGtz1-`FT2?M)?Th{M!<;XYx#{e}|AWsp`S=Gzu+lCoKvK)?5d+k?q+GD&!_~F3 zqd}ZtN3(@CXzJ|G({F$M@h8nwU%niD{owQ$yw)=-B3TtDN8tJQRuRVt1VL2bJ4Ax|r2c8Q<`y`Gl=kFt{!0ui=+-0@BrC|D4{!FmNf7%vgp@yHEz+mKyB^IP> zn3h^M!|aG+MNZ|}?1qxLMq}kyW3=AK(;wd&kS=X35i>{~Z-D(n^L2JZ_maTIcS;n? zdliNAPwVynkzkyA)LJ#yRV-{e-AGVM?FMS!g3*dzFR8}>ck6wz>o=yyr&aM*i+%3r zKOp7uv54jQmKx?nRbxh}C^p4f_R<*|?dq(CvH0REVxu-d6=e1z=D|@XO=;`{g&a>~ z55JjGF$spn*`WP&reo4MGe$tquYYR`UkfAsAjSLf2Sl@MmVG<&C$0_Z)h9w#rgAr306q*PNL$h z{4ZQ)YjX9ymq17^LTbYbEg8h6S#dGl9Lx|=zcKOPubJIGd7G$gZi(t^&|R;j1B%Xb zw`W49czg_x@EavRR9)=`vo1|JOh&gVCQ!4+no(Qu&T}kQ)h1nqz7XBgW}uuKo6|J8 zME((Wmk%^-;$SK4%?aY06e8)P$lq1&G^4`Ae#wy)9@N|p6e`hDo-Ew^NLBOD_S5xyddEBenn(?7? z3#x6bC_5_AJL}-8H zs8zd0_{PY_q3f^I1lpEhXdBEcv@?7?UiVEz=mq9cd#W7L*d9_xr2S;fEj0oDFuA$7 z%+g$8Jx^!<8vay^tD>{%iJ%Ot_~+~7bvb>3Z-n!~@_Q7iRQeg-q6UNqwA>+q?vrW_ zAH~>aDL7RmS9b*E?!T>FA~uS&X}J2zXf=1IOjd{PwYxqgPRdeA3DOOpI1ER}pYta6 zNX6&a?pR$QT)dT-EQAeTzATfk88m*r>TRZ8l_EKR_j^6F>Ajj!_<6RtT3=g+U~Nbn z_9iKV_aY#H324-S)F?6?z7e-qb0@?;*9mxbUqbwXUV|)}U^K|I@L`V?7{SGkYHf|f zg@+yO{I7$eGg^jU^a$1)rk-5z`Q5WvbRfVJ@7dTjre)ElxO-!xfa$JvU zS5rJHoV(E}`uf+G;py@Fz}@R({5SsAk5~7Y)?Q`BS-vUlu34udSGDM54BQbp)+^<#ebh-4GQwB>64 zYfQ+4$jX)F*-aib*fwN7u#q|DVfmV^%&;OS%9*wNvhoSlO-m};)(m5za#xz@4_{CRB7op+tkO|CC>a*Vt}Bdlt)w9eNmg{X^^37X z{E^xx#faGJU}wmSY3Q6tBS(O&>p1q$pmCb9lCyKHeBKCLC8)L1!jmUw+T%6+oh*E<+^VT`Q8YS!S2#bW{MMnE?we*W!%<`Tc$J3IZoIyC74R|{Y zfpq#ft%8t9HxI4W-%u`Lv4ZeelR)l%;I_ul70)Ts%~1-yRYRZN+c#|G18Dgi2E^>! zW#mz7%Bw{#1)>=e8*4jhBBWjL#X#5~EyTSM8U*#_P zh2neBLZUUOLW#A-F_b1YQ9F>);uXrdR6kCC(dJU6_I3U)gw%b8ARk>oL1Mm|+}vGT z@xL!@S2drWTJlaZp6D%8R%S|_U5>1QZf+SP#afVuPXQB01!oX;!=Qj?@+zO<#PB4` zl_r5$WeFqN6Nwz&pVKeD@RyE;WM2xZxE+L}PHrBqu4Yn(`$3iNl*9{ik}yCnTNw*} z`Sx{)Zs9*;BZm*rE3PE2l=6Z)>KgDtz~>?Vu$VLOYMiw|?%jvo4@RXG~!g;uN*9< zLWP?D^M$s=B7^NaE*UEud$dPSG+|ZVTx-X$+bx^yk;!*ZEH;59rEA@?!kg5P5l+@~ zTLD{>#%`;TA%UT$tJ%pffWqBOBfoFXIzt+F`+#7a#b!)#CLhWp#U{Mvzf#% zaQB9kHhJP;uwJGT0|$A2Vt%ir`Pb6;nz^x8;htm_1KXAm2^9cv%`zn2&Y})v2EV0SiMiPeTqeusmCApd-+)Yi2B{wY{rAb<>+#3qcc()e z#QW#B(HZ~w`D}O^2J!~$AM0cdsiOUixJau>wrIVcl!*gt*_jDm$1>n0dX-{LG_j2#BhIXHP_vHaooj8cI&JwIo7g;|(%#uSuMI2zH)-EhF(UR^bkLp7<&%Yp40Z9! zP3>NKC<|Ysqt>ol_Dn~Ys!Q1;IK@b%0;@rMmgu1NCuiR=Z7a-i!%V9=#I~g#9<=H% z&GayZu5BH0k!;RyCW{~H6$#arYc~JFs;OagT638X)=PM*R1^tax&GE4b2E6kpv4)@ zMiT;bO$xOCccRGZG^KN>jJ-9(`tR=4YHdTVKNoqkISRfLjA^<9I6*`#m;`BA9mzbT?Bn+#cNR zZGgGrwy(h6|14D{;<*pBmw|{- zFn(}2S>16PSt)|gFH!ZB^ufMHW9x0%8qEFGJ!A`($yD8u>O#Ab<`b^H9*o40{l0mM zaTxq{gL3*iWjC$1+J+8B9T-III#UXByv$)CHnZluc)7s1{exaMkgC(!%{u}n9-~Z{ zYJo}ZoQ6&5CQY>;ex9;lsvM{=!BP4N1*c}c*cTl7Nb>APiH@X5 z2lv@cgysZY}48nX9nVv1Yq zE}CrLb+-iOHjE~@QPC2WN}tYfp59*L=-oz9k4lxpPCaX}f#^hZ9qlVIm{%r-YQXZ2 z`mMGq!V$$_BF$|0c{_&)MPN5xBhyL=;&RzLoG4I3TfZ_C;T%O4A9q~O5b`Oes2(mQ z+Dvdaw(+c3Jx)IxiU1U)Dhm7tnDU0{>}HuxUgdt`h2K$31rB5s z&cYZn_rncm^g zcRd5C5O#^qE?k z4h!?rBqfo*MNsUBv1Tmx<{|YdrL^S&kX=)UbIRuK6&x+&^p@o!VvH)U;tI0O;VxHJ z5P!o8YA>AW8U_?#4=#=By1h(4=CJf@jOznz%8t~@Okdl>e$v3Sy&k8+{Y@H;gzcU zDl4=}t6e*GHfr3pZQwkXst1_Wx%C_MdZhuW_5w(gDIthEt;fqtYl@FS=oWO-%-A;& zCZG&m;%Hf^tMZW+H_wRd3U&j2+vqkyYU9B3qAMLUZ^%-fta@WyC#kb{YBKNHzm6eH zu1sTfbDIzXszdCqJz)+rT0YhA%N&pnf)OduyMQPFOJY1xuT$*A6Vmq7p{NQ5Y-_jQ zFo(1H0W}F6Zne3|JiaiQYRtCrMMtqW(T-P!5!x!VrZntU)5|743T>vvn$}FWCfg`-nGJciLMK(< zZ+s3zZE1a+7^L6c@_pmc2EjfFUYs!@0r`U%w{j^PdCdcB@XtXAU|?vcvQ*R`5M5xJ}^5!R04Aph1vsLRiSy zCc^9F92(W1xLa1N;`VsrH zK0uvY&&nBt>Eve=l&=rB=d=57mnRCWor2YwvBNT7XTgCtUa7>1d^lmY+ zWs@WE82?3~k{C};iV<9~sLPwvdL%^y2wL zPU}!fBLz(w-U#R3Pv|7fe$i+hEd-r6G!&9Jn*?d;?6svbo^8!%aek#J!fu{16KunY z45*btg(qUcU>F>Xa^ZW&AN-{+ZdSi<#YXsvoA944TF>GM>EkWwJu@M!B8q=YU~@`; zHFqnvPOv1k*p5qP5q5qSZDP(J000J!qD#?CS8ax?8o|0AG}*CPvL)?a%vywp>(t(E zn%^5E0gNXfXpmk5W$}IsjYI6B3#K3`DvbS$Wa|Cj#>iF+)QxRRzCkv%kLU0MSabyW zNQTmEP#$+hV-T+WZjzCNgmCbuR5&b%$i2Ib#NZ}K_Qd^2D0`$$P$KqvbiI5`IIdZR z`RU-*>W{yUMVX=5YBW6i`vr&g{g03OEL@^b{p^B)i$Ftyzl(ypA}aDMX3Gm345> z2<1M{7Z1OZR#*#vB$z1&Zsubeq?1j6+B0#J?=2vU2Gij$Hk4}seF6@U*E`Mns3HeQ zw*nHjq$*gRPS&&A1&-MWs*{9xDa^ZL0=3U7O*x~RKu?Q0p?VA44I0HRoS1i5T9H=V zn&JAI`%f%dLcZG`Sb!MlI}uJx|JStBwJ=I`gWz{d>pX1RD}jKHKT(O@NMj6(9NxF@ z8buI@R0S~7GVj#G9zG`*|Zf^gty8Y?CchqnYy~$Rkg4TDd_+I z>5j1z;~UkBXt;1jXY`Die85+$ppR0SNzbmtx&sRDW^eRzEm=-ns>4#NSAYw5Y=dHP zr=dFmD%FW=p|f6Nem(_Sf#0f+=OIhpaJ0kJPDN`@nN@C=c?iRHo=CfE50Iv=QTOp$ zeGb?HiQcA^bo{WseB;j;N@j;>$DL0^`tqg>o^kNnV8+WiAbx{0I*}lM$Zm!p!Fm~p}DpZ zQCN4v{B|>>a>#~tQM1;L1I4JaInx<^U^i2&_3i6z(k!koXMb&V!1T>U0~QwfZJI6T zAJM{ZiAd}CZ2%5-&sI|)ELfoQq&ZbDSY%e5-G&O_pa}O-9w})w>*zf@JORZ@5Qfbb z+Zw@0u}aR=tWFA6igYQ7RoBI3vmDTy2gli8s;(3TY&FXGUZJHCF9knU^whNLnFt2f zh!63{NVh>S#wPlF*fGltB5>DNsCFBqF(hT&T}*L}R$()O+&Gr>scweS_D>D@zH8^+V5d z;n7#KzmYf42pDeeTZ_Uri_aF<+SJU`tcl8j`>W<;|I zY*b*-7D+=+|VxM;AXOE`IS5IF~$l z<=6~$Cz=;V|3qf=!}p`F?}s18ABRV0f1NV8O2QfLk_(&a4_Lxs&?Z{N(4H|5v#N zh0?N{n3xxAedI?QWJ7nRzo5lr(4Zop{089u)o(4$1ZY)Z#z1teJ?R~H2AfWdMXtfgW0kBO7BL@qnR(FN&T?zq zA_lQ_z2C~#D)vbPx@Tq{d~ovBR&Gdra$A-g*rx(HzSn-J1 z9Czp5BepY9B4!5)Ws>^qtHX#~m zL3J3~@uJb`Ii(v)xa0rX8<w( zBy`f&&3Hwd0oIaYnb-mdhCj}cShp7A_$W`T5xqo#^41SGq$)+1z3F*GeE1BjI%KR+ z9MosS9Z*8y1WhrTh-pa^Vl?~L!;A;ldbFw^AS@CMR>ze5UXEZEV6zLzeO-I+*72Q! zjqHb=2orQkN2HR&Q$y;TlRDUcx+R;ZrY3?Tq)AX*fKu?*Lfj;}h4-M_=c_cDi7tZT zHYLK)IsHs>f6U!ej39-%+K3jW$Di7S7S@y}RrOnAiP2p=ZtF+2k>t=IWSj9Mg(@Sq zh~{O7h?D=!*Rz@^ZPqOdNy9ZC95Zlha1Aig)@Z$wS(=hR-ylJq9pt!9MwaY)aNk}BhLY21F2v+<=-WkFN< zt;4J3dim?O!Vs=dTnkm;Qz78!VZF35vLXd!oD(Ia&)hC9fCPIaEMIy!u<`^|yF?H~ zro?w>WjDc>D=#Q)Hj3Hv)7-rvXZLPR~cQ@IEP@ipQW2heC^;9&n#V#42Br}aimXvId2*8wa!Z{>d* z05yJUW%sDB*k`borCfBsThG_PblG)e+dS?!u5ULs`00iKz~O|S*)b^2X#)oUC(kc` z7bo=T03|!|u}=iSp-RzNJJt7&skJ0%g@f^zEKz+x?lshuWEBk)JDm>^Zw_hC@MM1a zsdFLsjsE8<_-B-i$IbkRhvKEVmW3hkvP)MOsaVFn{YVxFY_k?$0310eA@LrDDZgZl zuC={*+0KHUxA_R>_;~fl?={>@cxtRQ}=$>_IfhQ&ivO$2|_+ya{>&C6hdWore z%Rc6aM-9^Hgw}_E1gZ+%>hNuB*r_%%{>={RVGkCoXvwPyr&sod4y5WqidB<*ey@(WRJgg@d<1pB`Zws zO#O_ueht4XH(#~RXoIh?*tgb_moA@zi8M3iFA|Q?3?(<<+hW??ssaG3R^xb_QBGcr z#pn1mw8DfB1tVK|4LzEM0=j+Hpr!$%kb98HnmINXJ z9Ke$^Bquq8ype8KB`H7NPE5X7SX~ zHwZ;Zr4r2MYA1*V88^acHCxtOIpdgQ5R$#+|34fNcX#UE??eIvMFJm=N1vJ-WYda7 zj^H>0SNrtotl_yr_3~~UY!HURbg8f%A#Ov_oZduz ztv)b0y)c+%L|<UO{4ra9n*ENfW)(8HLXDmJ;EARLZL7>)`RViyZo#0zTD1{00?A;J+i8A$CTV3f4Z@ zmcFlwAs26cN`)oRx5p=3r>wPPYcQsLT0!DIaZ@mo+Ky%idw@r>-x% zN&z2N#-xHoRE+61=R683TurRg^lN7baoR}~zKyu`OoilNNisk|>t0oHscne6c27(i zVA;0GAUijqHNajM&;k2o4-)ucj``>ufxpwowKA^8-g*jD!su3?Allo$JP~uD;;SuG z3Tl9VU~~R4$#YsZ=zeyK*~8-B{}6znjT`@TBgB?jYc}9=C|V}JzuS5ee3$5$D3^Oy z%9=0!^)SC@T74*Av4U5g0&c7zRIA0EBvm?SuhiIzC_hl*?fKICBU#dp1>yN9yvC*# z7fW&b>0!_l_pOa&rVK+D5ln91F*zy)PL(|xkKS@KjR?frj%gi`IqwWES6x@zajD({ zBN243v0d=ItEj?VlZqrO@o+b#N0OKeTY7Thc5Fh37tc*Dl+_v+F(2mBiwWzATy5m( zvphY$CF-28c^V`bMOk|=NR<2bO;Xy8RL;uW95_8AgQ!EBBYZ#>;4YmZ7Avc@wldz@ zg|`)$uU2;qY14u}v7T|kI?vuIGP*6;(!uo2dBHiG>FHi0DW0hAG9rYh3x$K+Y5g}a zB__bc1Sv4yEv$~#IYlP=YJ9b%>YNO~#Zn!mnQWEsL%Zg^aU(nu3ES3}ff3D`UFz(^ z%UJNT(Pfx1lexGNj*pE^z8i^7+vNfJsP3J!Mhj23jP$6h+y5fppG@Z=a_cXyMF8pU4MQm}zrtT3BC>qSzYT~VG5=|WG z=~OMpd71vMh{SvkrKYk7+Ne$fy+A?&a&DOSomd1KG7^;*B6 zOLdMo42U-4Umgc9`K-5pJj}foVx`RdC|O1;LzG8Y^eIJ%E~e|Xx{RLEB6cA{kg%hz z=eJw+akhFhTdNO`4l{1HzM?#mo*f_Vsob-bSS;hKD6lkpUgn5_N&5EgVRa27h6w=1 zh~jxDN5oPG`K~cE(Np|E^6Kl?<)iBmZ!c1!wG~|$Q}A)JSdB7R%|cM3#2tamvZE$1 z40b^DQ?nU7Z$})?H3W^vEIR{c3+uvMP$Qjps7jnv@*x)ZVkE@)?fG(fV}1Ih+vD}W zF(nKP@E=NQeoSGK1ej8LDKEH>$X7ec^2+U=Oc>6n?8~CV80iE?YRzuw%hHD_ph8q& z74#3dUzhVM8dXegHYb&xT-(_7x8t*ao(#tyhNJg%WV$%9fCEZg`?_v2*=O_VkB}@7 zr#Fp@?5K)+`hF$cc_8Z`%0N4`VeIO56#1w;&(=5^t5!FCVGLOIG`)c%m3sM3BwcyG z{yn@tVa}qO$%bFwk55j&oeWRU{>iTzy(HsBHnfuB4alfTH{ka9+?b%V)l|>xhC+|l zXD6_ZESZb2cUR57bJMDgXz~{Y)CvfDVlsNWeUAA zuy(^J9rqSnk<@eh0#+b9y`A1(oJgAE-n3Ud1PCx>4sAVUNn1{?@o+_YMwTW-?5(_B zhKRK;Rn2EW?iRKY02&9UvZ_Ejd1X9DWHBZn?a~gUzdP=dEBx_EW zx9=~n#_vD=kwsAdGuXpyno&_T%Zw9S`@djMy%~8c_nS-cRWRp8qw&p<6fDdbowV}h__`FSY%-1gN*3>7xNjdn5 zC*aYTgf&r0h?^rv;;HMe!RqvZ8VMqg%x&GvfHaiQ&acKFal+SKs$Uze@aj#$D>h{x zmRZeuoU7QEZ8?Ndjp4tw8#)dR-hEmvx{S{nL-rK+i?#FaZZ8*e*xg4FUBF27zp|5` zW7RcN=O>SxTeuQL1VNdfOo=I+ z!RI=-kOx~2W_(G{5UbP*9??RIXBYiq0MZU=qO|D;WE5rw##|HA>{(26^5;Lr!nCdU zZ(|31Xzqzm=044dwu#1xmO8gp(W5p(xk1?${^jXcZnK(X9L*G5O>>O`8J)8tMPm+g zU|^<*7nDMzBIa>5wwNx#O?~SdVH=F+bg{nIL=7|EC58$2%EvT$%H8WQXj3Iw@Hmgp z8XOXzLjL>f^Kx;ObN@n4(t-|()GVYMoPWaTpRoU?T8}g>xxslys{>Or@>|uUF2v}D z3g^oeh?{X5#rx%g(VRu?f^~mp3=v@0N1IB+Ql_@lCPfJwMt@PWVO@obC^<PXp}u_uOrQ0h_vj>(7n7?D7R71=HD`az4j8l6aTbLHK#) z^@STdNUg8V!poAom@DjFy~ocR;P^c*5HCe$xfAspCuE-2Cfs;Z+^MSZ13{GCN2lMM z({taPDJi}SWwKWu<1k(TEEbElU7WOH1wi9JS&>;GQi1`rSq%&~=$2X{A7F@5y|O~> zU&4gC9vV(SQX}G={sC4FP-F3zozZo~-4Qu6Ahn93+M|Z9p!782L0}w%Ag}wlcu`J| zjz7Q@EuLOB-~>bLT45(#{PF!Hi(1vW6kK-SvxLX4=>_?HA$u?eyy#?BLd9zA&T=DH z=K)O-ic%m~E&!hZ+7vJSAvTwS+wJxdwd_T@$K z<}5taK`cAGzXorLa;?RMC?E_)pW8!`#2QWiob^qqs>>0FlrPDt>|%G2L}}#R)9o`~ zdvv;EmS@q6qaMs~SUZ-$l81qAzx6a+zhJgiDRx4i)z5wM%Bp(5^q{SyeHc84a!tB><$^=WW(A-SNkCE%=tkB-;@VMWUCsIn=Q@dbcXo>=` zm?Fh)I&B$;l!u^EMP5)JU03iADXI@gELI(u)1A*MeT-=x+v-N9cn?S#wuY6I$%C^VM#XKv1iV#{& zYltUst9a?H;w9CXrbFX}u#Ryw56~M=zNyw`ESlBBxmYxuOGzH;D4!8VHn0E(vmM4) z#mCf0b}>uw*9no!ty+}V%Lft*9oj}4EB;himCjq%;FH7EIjy)sp|(l9QXnB1GOH^^ znDEQ+XoRA|m*H21I83C<2`W7@!kor-N{p%`uQ>U=8c)v8?`J>fST~AQxH7#*?pM7P zD(etxGBAG7E=D6o#^rBbXO|TzIJa5sspyT!;yZcE(&7K$Ry?=u1U&JOM=Sn1RMB)8 z%21ZrW2SybLv251X;ALHuK<0o9P)PzteK4HH<5!fXz?$nPpKuKj!fT{CkX; zUo+gNCnd=>>9G^<<-80IIJr@2_knRM(;rYJQs~zN{DHTO8V*YzBkY#SqHXRn%Clin zT-GB$IgX;H36@{gjglXp|A6!!@vpicj_X_M>tj2Lv-#XmS49Dqy$N=8B9k|XPsTR1 zsYSJ;5U>`OBG;2hpVn!ZR6);b;-MJ9IWS}4gSRf{^rXX9iQ{Z?=V$XeqVr2g&29x1 zTEdzj_!3g6^+qcS?hAiURqwUw6HxXRvshU6)LQ4L@$-w>@yWb{@DH^No2e%@+2BY_ zO630%A@MCx1rrFdYvDGh#G64Gp)ltbD*eSiMnyO4;wDrV+1PFFbGQW|0AJ}|5x$y! z-~ICZ0S~KKh))e#e!(zqVJV=t)$YC%g}V+|A6)YOM3NP=R?x+dVAuKpBF^?5zJlS6 zlV8?Q5Kl~jBsg_EpB{FHboj3{p~qfu83Wy#MMA^YO*Q$6wHUGO?4uK7NhXn}lN(Q$ zXdcNr8!nMTH}-0Lyj+dH5qLClN7m1+-`$@5-Q46Rl(SC=#+s5u>XoXdSHt)T_?C9_ zmI(&tw8(H6`d-t`8jbekfRv8%F&t$tAhql9B^*{r=p6s6<^6nSGuWH&3wskLG5?;= zOi)r`YebgI2pfFI(3^~-W?4=PXxEVCCSg1yRrX^g=5)?_qe!lt2 zanr9TWc(rQ-TBa;ek!d$7*k*1??HRQFO&radqD!#9Tft?k+L1q43B=Tgi ztX=Lh5y2N28lV8Lh4hK{Zu%89P5;UdzrrZq$oPR(JQ#9d8{BCG+HFgBxWsK~wH_;# zmo0Sbz2>|mK!=i9y^7I}7JvY7q;xV|SkR{sthv;p!D?FdhkyK^``P9HAn`MqnJ-!>+oo2S5$Oj|E|X{8J*?NoY;%upC62K`&g&lC_AsY8;lOV^Gf;SG zBVZ`o4F8tfT`eMCS7$kNk)&S}d>kgn&hKxLbJH|ruLi-=psaNdRy?~`;5*23!#uDZ z+VFHAEqc5-r+fAT8I(^`!~u6zn3E@DUVESgHY%u{BtuuM=(+-0XF9?9igVzgqa9hB zKdWQwu(P)drpHuCOFTCtFc=Yg7!bSBh09&t1$0&_{||)fg#k-6U$L zJFGaCIEh9bn%j=2w{YqWi!`%rKOoos@pf$pvk5_OxLQ^1I3p);I-1lnyPz3L*&2c; zJjnmYuev}*L+6tij@L@4PZgy`TQn9}VV||B#5{}_*&cF^rzYM}IUF;;!O}e)fUvBE zB2Mbs&*Sw+A1BkP5xmmpKTe6LO~=au!6rV4q;=P?i3xMd0@V(bJrk!nQaW&8P1UVJ z3@UD6wj_lQ^MJJK@NOrtk$*PScr})Ht2mVCSzZjOvMIKY3n*b8v^-|B1*c8efyYv? zc1UE6FH+{0ZR|s}+8n&n3F42QX>N6-Dwf6aM;u?6P0%E`xsS|^!e;Vojr(d7EuLbf z#o{)0eQ1g=Vd!$uqR(ujJZXxZc00-#_W5ctS;TlJeT-$WwHr}8e8gH?+z8W%ilAGr z?-d)WOMpxWIiyjkzr5F>DL{@Ux9wJVZS&l&Y+ut0$H;S%-D6NW$h^mpL)|n(bv#1N z6&(noHF&l~5pYOJmAiXV6dl;n9Et!=`02#+SshDgv+7&2C4S?odD0y;WmrsDm4GF0 zl%(^tqN)N{c>enM6gmW0?DPEmyN|+7IAJtHEZP}6r&=B3jUN1KR`U4MX)m{LORSlW->KhqRgF`#%ohG)jD$-c% zoQ+4SZiQ^J;wGJ3tCdP$+4V30MyuH{-{qQ2jI%q5=k+0c^x=IPGL~(jA|gV&5i&Gi z-~V49X_N)smY{K7XUc#$<&TQ2&5lP;?hbfs1i;^Dvt)$MVG{{fi)O|d*VjuaNNK!4 zTog4C^&wi4cN;(Q$gmk_6BU~6nOVkXa|^R9weYc_KjS4(Poc~Eoa;vbnqNO2x2o;y z0alFE82>}5`LD%~1;fH&Qq87oMY4_0dtp9%w%~G5zPV@EFry-oh_L0SrI4)mJ^|4Z0_)dLk3=zZYOjHaO z7i%HPgEt>h8N3*cJ{+yr_rT|LExF`Fe%Q>dZ+$^nQfIZqs-&@Xtx08NqdVVNXqz3cvgmH2&U*=MriHeOsF(1;8^OiG4;Yn3u8R|~Xn+oYTl zzK0{T{S^bC)iLd?#mCrqbXU!FPjrGJ z?c_;H7k{H?kqhu9d|N!7*J%rS2#K@>IWgy1UkFmt&YIpe(4(J!_M`cE-mIC^h7CDy z*7W|fX3p`H^e-7ctpBhf1B&Jj7%co}78v5?S7i#*3`eVz40?Abjx$N%a~h5`aV1H; zaZXXMN8o%Dj_Yt-fnyGi3>=D8T&SO7ocrO($Dtsk7O1C*IM2Xwvr11_&x3FtkHe$V zQ*a)LV?GWI(QI7j;uwsBp9^ph_5nCqc-92$0%xe-Se zj$29miO-*HBb`iaoowKpqSEY-C+W&M>aKg>`cxbz;^?5`YnLbBq9=}CIL^btap5=| z-Ei>3QKz%GivM#KSi^Pfp}1ySiKl_tes}!ViJzo8UyFKIHuvq z!*L-Feum-5!7%~Hl{oA^|3m`x`C|L#XC@M>=WG4$dINunA};-&7%TrDl|KT>)Z5vu z@>2|U(pCPw2L4i&|Du6^Smoy!>}&q~VUTBE=jUxhyc(`7?lXpY_kf)m)sB)? zr9bKAHM|nkdi$IeTQBkHjM2KbhZ9%P&rJsZ{i^?W8~9qDuQ22%teUDY$Um;~gND4N zs`mF8_}w^g;&Z0K&K`v=-DarwK9xV;AfK=Ds|QIM&A*1%aRxh#lb;*|e;sIkJg}qLB(34w&mdpULVV6O__I%8OG^#%THYQr z$S+ajea#@BtMYSU&&;2`23(f&=7~>+YR7$+Q_#F$@-xdIUm>`Xw8BuYcE8?X@bhd{ zeu%-&QkB2ZLjD>9Uu|yEBG^gAxcZ#hzf?2QM+SMV-rk0KHC#S~qCP*o$MM5?jGq6x z;9|Zg@a-V&GmHboUoU^En*S+=dY@7G&lu!?QtcNS>ec40r3U%0VV57y2Rln0r5SH= zRu}#BGRQAhi>@~Cwfxkhoa0rwq5Z#R$mdek&KCxLhRXNitj~is=Qz%o2UY%dgFo7R z@NSfI9F`5^VU@wY1Ag%HDGq(T_Xw^ey{Y2$F9Tjf1z(bO^>zwL&Zqf#z~GN^SCyo1 z4Dmh>Iercs=HnrF>;577KH82QlW=Op;UdB|1j zJj5xucy=-5p`B`{y`kRURQdA_@|vIX40+b_f0}{+u4-pE?6V!#8`|MHC{I^q^rv(+ zuH-&W!ES&b{OmXQ`Ht#8$4h-a)nQor(IDSLSdpaXa86gRV@`N}E-0Q+n3pr156uIm zq6J08d9$Ugth~a)IdijS&CSgzo;i1plr?T%*2KJ9W}>w4(pfo0MR`RMbm!!H3UNu@ zp;Fdmldl>ze(a@E-kj<4XF_M@oSDVaoVj_qGv-RXF3K&G3iI*{^NMCjS^3~d^KZ#3 z&Yd9@6;Eeb*5y}TJ$lrYSyzu4bFJ&Ttm{UNzS5NiUv8N_cTQGOaZX`zRu*fWK1+GR zpFRs-&MlOt&zf71HwUNOS#yi>a4uRfn{qIl+qW-ehe=se=FCT2Q?9%IszC#@vT{pG za;D9kH)t@fi)Lo!GNi2H1qFF$(c2?ctO^@fnesA z`C#P_FR$<<(yd3x(@7SQMta-CdJ)4t5 zfTA{Xrp+xZj^*Uu?wMH#t69?*Kze3wR&GvFF;g;I$wtB4`J`^i&CL?v4U)1l=K!XV zfSNaFo^*Q={mKVbB;7K{lQlhWUe@fKTLIYYyxFwLW`}i~+ob%wx%txUoLOjYV9uU9 zFHb6(m6ul_6(K#j#X@lU%tC2qQBgroZl08{01ekzT~^kt610wD$%9z)AS_NOEX7D|K{ce`<1*s~^Ll%qkX3Y|=(9f(a_CR!p{G6GLzhw4pbLLJ*dISnI!nzR~ z0wEeR^BHoHls~_4W^taBlbf4YR75?Iwt4xA2U%J93L^^EZFvAq0;n^A^@1WspD+3v za*h_FcFNf~%wciiEOf%+xt;>_7vTf5&mKva=jE#{1aYEa=1tEj&VdKh(CtLe25ZiA z>GDf2%{m{$(B)T-9erum-~od%tZ3KgOP5ZXG-~wNtU&|B(p4f>TeSa@)T>0SptQk? zNgHwIU#`i-|CfMOSPYdBIYpvvoTO5Rz9zjrrB>G1My%>8SGXla>?)dy4p)91@JMe> zsW$=K1b9t*iC90Pon#!!e_R1nV&eKxf^-x?rJ{~>920skz_LxURIc7HSbk7f?&&tO z9ap4Q=*r)Oo~EyqJ7UV2v)J+^U3sE(3KGZifjCZ_IkO{In4g1v@)Ub*bn*$(7pgs+ zq)%SE4Y#U9=~dOAY;|72bv@2WwU723&HI{u-AQ{cCclR!jI;LqOa7TUzV=*3zGyUR znKoY~|5}~AHg6 ztXuo6((#!)?Xz0Pr%&3aQpeY?zlL;tG?d6^n~tx|fmm3h<8!@G`|Q&3(I6t9S{+|| z24kVD<7>|<Vm_}z5;;X3}QI=)lK=Q^zRaqIY}X-u3a==kY6{v;j0r;eYk z-YsazV>Xu;u0NSdp0BAtK)NSt9{CJ{Bt!X&gD8j*S59K3LU?n#>BZo z$M3J>uhQ`c==iI3{PT4DN*$l$mi7th_=7Yi&f9eS!8(48j<2navUrz{KU61QtK(~H z1T2xNQBZs$DgF*@6z$7==ild{*5}mtmAX7TKm-N z_}UsS%Nlfi?iWTr>!R&HJHo__NXO67@l$pDX*zzIj-RXJr|bCBb^Ja$ex8m$P{*IC z;}6&IZ`JXgI{s}szFWtirQ=V~@n`G!lXU#KI)1i}U!dd9(D85A@e6ePLLI+E$1l?H zy*mCp9luP+pRePW>-Y+CO5q9}e}PWk?K_YxKZF^M{1g9VJa~%a_H9Xiw{d9UgTtl9 zvx@Pz9G}LsNY9{VxV90Wvu-8LDOtEi(9=kBDi#h2dJ1Vy!NRKrJ&`o0Uf~Ksk0Z?~ zSGZizqe;UDDeM*Wg`_#{2p0%?FlkP$!r6j8mo%qT;R%B7Nt#osuv5_8NOKAm9w_L} zq&tvK7j%2loJxgL1)WHmQ>d^c=-(ay&8btk{umf%{Y08m@Nli5_mk!nDqJJzuSs+2 z6b=b`H|Y~euNL%n(wsttD+K)kX-=KO<$~T!np38*SJ3N8bE*_B5cC_Q(@19v`X$nw z8igka`We!k5`~?DevCAyLg9geevmY$K;d*j-$R;HpKz+6myqV8Kv)v=9i+MZ8m|9? z@fVU#CtWM(TS@mIT_fmeq&YPThXg%^^qHhr3wk2yUZg7oJ&rV|OyP1tk0#xlv{%p< zlI9dCTp;Mdq&YPTXAAmV(&vz#An2Z?ITZ>!1>KD_r$FI>g6>S3Q=f3Upxcw?lqZ}j z=tR<->Vzdh|5gr~Q=D-9QGq{cPHn=qg5FP>Q<`v%puZ-~sZ2N|=-s6GNEBWz=NOP(Zo*?LFNOOu3b_)72 z(wv%v2MYQ@(wvfn(*=DGX--ALse)cYnp2RlBqQEpY#OMwSwMHnp1{wjiA3K&8b2-BJukoGOIN1-+Rx zrwC!Mpx2Y;)F50S=r>4DBAqShmq<@0JwedVkml4N>=g84q&X!B4;1u+q^FWj7xX=( zIW-8U3VI1?P6@)2pzk2fsX(~?SAjq2Y|^!YzLhj@{oxuxPb1A+emErPDWrL;53dG| zv-r3N{V+E0@y+hQ*KXgw`U%&Ktq#?{IazX7Zz>n3>MnzwlKc@gelF*|$sKfj9vm*Y z{h{K-#u{;J;_WE%@n&4}2RcQjJMe9BYF#hrgp%C>$1nHc=CvKl2XNsIrn>#xJ^Qvg z&Vp>h`|sxG=a(x-d8XT!u_yowG;mTSePmr7HqLmXL>e1-_x(|g-@N~BIphN0x&x&R z?x3q-eF&R+Zr|oqcOdosckN5O8E+qjbsO)4wCRFWGgAB*5NyV3QHRl)$O=*D*S7arWq)xcLzMO%$NK&@-8Ls&F_Ms zTr1qc(iQT*aigm{9b~yXcoPn=c8YRAl*|9YkcZG#K%&;|E3K709jaZ=!M(=t3%JL- zgB}@5wel-44Vhh#*(G_-7NW&npjqnfbv~Rc`C|zDZ&Jv0apz; zHSz_x5#UpI?qSY2+5x)GL?|2{Bxe{WmXcAH$(#; zO6%p%z=3a-^iARMQn)9 z`NTWhGasvt0s6dOZpG5T<0LP@EWi%TCl zDX|!>dyi<{zl!FG?obVJ=$1jeOfJMctju+{JWSN>FM+5#sGfueDQi7beNg87=FW0g=L2*qnKQ`)Gnc~`PatyBBte7m5`zfv=Wcc|Rri^ecWo_x*^5iaE zr0@kXHTTkL{t#1d;R4^di3IjZb>JDsm zFWbNgx9mjLshE=JIYHy?J)w(K*I#agU+zGB+6KCpt)Z?ybDHV{*-)JWEzaKE!6(E? zt;&NkcR;Y}iZ`NONgj@xl&d>V>>|mtW0G(N+^*}1t_#5w3W}?1Ac&|`h<-=o5&3xz z_QGv2{snK^BN$!52t08m+^9R(=no)0%&HV;5C`3qpTbBT^i#vVcnf=+)&ns#i!s|B z%xtJs?iv^|0*RG$$XCk--VQD`$YXQ5U^rLqGWI%&5uL7oTBl7!=PP7VSC5>@oCI7A z7zJ^#X>$bUWn+zRTVl%E`e+GKqnkd6*CiIxB!rmT>>^{Pq8*oZ?ejt5kr*5y5lAjn#Ga7ZFddgW`c zrfrWG#AWhW%e z^Nue}$c?ZXaJ|f=c+L-cUe+aeYd_W2NX=Hah%II;Tnt;){$e;sQl1AgAV}W^!Aw~i z0wO`dItw>hX_K5<<}ZT0cLV<>r1+nT2;}=iDND;iD)=~+tH$^c&(qv`Zi*VBPxujO z0RMq%)qG@M*MNTO+eO;yFQlv9jLU{zi2cFo)&5zk>%I-V%1ycZ6~qw~Y&48bwMjv* zR8=C4biM59t7p4|tCPXk*?%lzKcVh6_cCFkQL0-RSI7MEdP6~P2-9^l``f_R*}qU{ z|M;l=m%JN9Or9=P_s0g@4hkvj)({6Br2jpaTmeYHKNV$YBABa9Rug%lK!f~%=uhDX zkq_X}=s6A@358N@3waLa(6s{oNt&rt&D0^0N%9p_b>reX&}#YXNvK%qKy}B(mDk8G z!H8Op_R4-IFZhvnNn(w=B*zZzE-7D>x|tXWwcwGtid@A;Ef@--_XqgJBB>t(`<{#g_EnDqV3 zgL-4aU|#J^MpT;5B3n&K@d?o_9s+`yvcaJ2_LU?{9!HqtD+W^89V|#j(+aI;E%L{h z*|@7+Vkjq9?uRFHaWNDZOGBRX1yM+D01r~e$0OW$w8tZA4~JY`NL0gWi!V}Y)NWgl zrUUBjN<6P(w7Y4wsAC~r34jQq-S1E{k6`weKEzAbJvFy%Sue~WPV; zUNDrQxQNCteESpeL+*c$pRPpWKd8kIu3_$h_^)rV_zxT7rxzlATtwp+zWs^#A@@JW zPgf%G|DeSWt{T7Akq|#_`v&~ev=tJxr+PFYSsrsGN3d%7bUp|KE@j(80h*$3OPV$^ zX|o)5o{f-`z*Vs^ot6hEmRDd7Tmi!?*>rRG%(g(=usT#&gg0fh%O40oZ(-R1mW4gMk z3Qy4VtXzJuy}>}a{FM;AX*C>w4(I5!{7BS_R)vYwAre@U9Y+OED+rqJiC2Cn+(BTVyRE*IN|aetL`N3ya!%TNJxB z6m6_gJpNilB<}51XbsHSBzpV?T5XJd!TncE{9)lS3*4H=4=Ls*2wucvlJWqf$AWu@ z-r{0m(ZpklVzG@4F)|_0#_K-pug)^hA*{6E2@Q*N&xklO>noknJEFJrkW}0Y7VxkJ zD|}LOFS|%Q6v!vghhSzc9^+E$`U#n8Jb>XNn)ogZ1UO(A3o2~lBzDO=WW?>;(nlKs zVxHi=(V7kSoCf)B%=xuvGTfEn`Vl@nR_b)%L&H|wzR8EHN6JRG(=_xm7@dY;WNVOn z=xVXoiB3*_m=N{McVHkAE1rDmP0HE{9QXJP+HS<=lqFAz94oXhlvIXv#^iK8Ofl1u zl|&($Jkqsi;jo}<4GAsXeESO2wjJqC1duF~+__BQOMdY7=OX`wI6&K?5AaSiP)+THQogW-CbQL^H?uXd79x*RZh3xvotK zHw+%_=CdHzCBj%IiUZ|dl$y*To3MG8W^;MeW)!sHQJaz0G@e1bjzk}Om2_&6YVAR+ zql~W?aipxpY>p{LUe|NtDF64X#zsv;wVbjx6Kz$2a>VAs#JcNQ4W`T*vvJ!!_skV)~&1ft?gis}#Nzx#ITn~^dY3G=mki@K61Uy*vKvJK>E;`Lr zI_q?EU7GzFOE9sS)pQD)p%ZT#mClBNxK6xzyg8D3zo0uPsvAY@u0N;y3x=S$7BnuZ z%if7}VIrcU#MwJW!{4#YBBMkOqRV1+plS%5QkGZ>zQLHa%v0kId?_y+#~zCP8D$6) z`KATk{0BqcU~c0CF_u>7BNKZ(^=@BvvYd-aix?(rF-+os&P8JDM-bQtVwK87NgJ_a zYp6+SqK1U{8g^4Bpw@7ORSj`&W9N%5PeA0tWn}3l9B?_H7$hOfzkLmt$t?ocfPB5Y z?F!^AX6C2m%&NZHv2pdCqOb2Bt-dzV`n1+kFHdTAeFgFLy@=OUkT4~_Zd!d0foo`C z^|H)%p^H!41voIEw??0ml9hIbj*oR%-&T-c%9A+Z5G^WMeV$V8AenN0z;jsiE$Ki^ zzs1(j;e2)Rlr5HbV7BS4&NOYD6!)P2FALge$8jU3e(iqJomFB&kE$^yZBA3j5|CI5 zHQ?VMZ$oxtN1FJ^nqyf*x8cziK#fb2S?f%Ta$@g| zD8SA-dvv6ID7OLJSvPYucViLmLa8{hu8!$JO6%R{)VLeB>Fy|8RTsGq@L3)LoSBJM zunDKyl(nfaR0~68op2%JV(E4m+#_V7mSSfr_1@t!*r$I5|$NTQn$pw{RJ8C2ZF0VNqH5 zSoc>&=6Dpy?lx%5!UeQ#*RHz0qRf*bhL{t;#mRBQp5eTZsvQ})f+n9wgavH1(NIva5b)RY;hZa!g6)$M-NEI&47!fy2SA7_ z+zBCf8%5tIC%Q)p;rVAmRM-qE%4icGH@F)^aIXed!{6h<4`$peQZ_D?(kD#CW_82j z(uV1H(F99RXL7+fr`_xiC5a>jDUF zH(to_Wo+3E$BWxnJ1TJ@Kv*X7?eI}zNSsUl}g1N++PbZn)lZtH@*%0n^t_h za&by=@4AeQOVAW$1|a_jb4R{{Q}+v68U*60*-903pygYBfA3rU245NQza-k0e=#NE19>xY!?!! zp!gf`?||gu4g9+u?QJ1^)~2^WT1&60s)R)*q zZT0tsv=n|*cu8S*ZVh&Jz|_0D^i#!O5m6)J(FF8pOk@OYME((AB~1jC(@4Qgd5}A} z#|vlz;;&Y&faVUaAwF21VG`uGl@XoS0FfnkB2VZUtQ#(W&GCAfpBY4TlX$|y4o>n| zYW{yX;@covkLN@f4AEe}PedJTNN(Q-p0M-E{2~Cs#Qj15egJ>LCZ7xpW^^cJZRfJo zrQ1`M`lChO;b(cWAtwB840(qad9DfisXtOAx%5(n0vrgE{6<)POTi(yf!5`(=ntnN zN@WQgHiSLguEGnTp_M>YEkWMIQd>|&As??Sw=o9!vz_REr)>1GG5#0rEPM(6DC9m| zq1U(ZobSsx?o-}{PVi+M+kp#Dk8ldxr02l;G`yU*v7Fldk^gGP7bxf8j+-yKzSSsE zoZ-e@qEYn7l0oY2XHg$9@Z|g65d&3%CrufMBBN6SJMhB9x*L%}af2Qy?!veMEEXvi z_YieNdrPWaiUH#pdiD@Arj4zA@aU*$`}**XPD2PfB@aA`_FQW<<$BH{gQn#6+KLOX+ zn7A#Z-VzmO;bO`j*EO>~$+XVH=dSOTHsUZ3c%}2=Z@Lsw+85X$n{S<=4Tco4@izri;GV-miLwJSb zCaha#^aEG+?`4k&jd-`ng}eMIU@7m~q$(?0pfZxc6fYjuVk&6$9wFMzp<_}VUh>QM z+#p#Kgy}7K!Jvc%A5j zmg7(BL?59(9x3Wko_V<2!{4*=Ww_=tyT#Rx5xl_1m+{h%xbk2I_arXZ)B!^8kI6d$ zApG%f_6)~KV1Un)!hfYk@Y^cwsejisV~(9dr!GHO6<2 zS}AKCJxK+ZlPY7M6@!_wZy)U16@`K2Vo$x=(dEYxQfSNqn&^njpx_7a@ay=aeuR{y z8o?T3Vlc^{{?b&b%zrJcx^uAkQ28A^1HG%Bl3MJin?d0&L5j^k12%Sggs2?MYe@=|FDN=G_=I5a|9*gNR>7H1`F ziCX^aSc8^x$3~Ra4Rtpz6BzjVuLO;>I-bJWvf>A+$5ywQ>XyaH7sf@-mIQ`mKi|!}?(F28D9|gN{bI{QrLY(VYX5+Tx z4i0_#AevPBp49J*q69|)1cQ#YxDGgy@VDA=_#o1OkJdB-UEhI{Zv(^bSUf;|?h3jN zjC7n2<HadFDg5%3v2e8WfxuTYua`#reJsVV0m-OC*ho<5c;Ei-j ze&i#jfa?Kxmwe`#tQZ$B^Fn(Q{8u>4ZP_cxgk|@#@#XGinOGk1)Qk;;f*C*kfUq7% z>Ecqn!i)Yi2u5n;$9t*P28%izH-5;J!un63m3Mh49UcznXv@7!*+v{c6hq-Me}Mo; zynL$c(mizn_yPZL(E!#s#c2a6`FQMt*7Zi&K*4-MIVoj}g_dB2?-q$wEa0IX!s`B? zV!00(*d9q)ht-nhEX9qAJoyW*jPj+mSo@-^N7O!EP7OLfJisV1=7iG3;J=1a7+ThV zkA2Sm1}kdJXEEl0<~Xa7_k0LFwYV*c0d&A|H>?CR_XL*rf{1Se|8^?AL%mouSh;AE zvNV85RRYr_A(vR36W$qNClxOWb8$i`o1U`N7bP@}p2el%=OXOcDN8x8Q55DDPYbh- zYDW)vgM3S7vcVdD~i`ms&+gQ;qKA6qpKY?+V!w%M{z`A zJ+9hNFTL7vbAHJ=g?f!#|M&qK^?l>_?rCKtSIKYUM{TAfVP7 zxxeDY^@_u}Sk6Wj&+zMf3kCY-s+J0wim} zNAu_F+icx<^HZD{?KzA#w(Zw`01=jTM44#sM=@bsyn%oDyOG7?qt}Z%2mR#tpMnBk zL&E%<>n13r^C@|za@{Kt*NJtbeHmxMlLXJz)s9Mp~6 zRkdS{jM)c1cuv6;yp_WDV+yY{$D`Y5Ky8j5d>e-?u$pI#l^Z3D;g!^tFRNya(c$xi zfowe5@F^oRO8dzcY4+EGf%Zc_@FgYx>s!fAxa0v5rs(R}Xz-q3s$qZ#wTw;nyeKQCehm9k;UPcnPz=(&x> z!Hh4q0-t&06Q3uTwt!vADzNLD4k0VBpX%|P!178&p|sE{0i%C4qYSPgA1NdypNp+W zlN-D!tB8WHwNPOJ>p2n2(-q6BgvsUPSKW^82J>Xezwa|`p`vV5)Vye+KkPGPPBEJC zDfrec)Wwiv$GD^KAwIQ*_GWP~W5gCDeFyn$p}%jzMZnPuOhNwx1xnKCdpH4KAXJjR zT?nd4Zwy5msgvIoVk3PWUu(n;3AT8)Ve%?iy;z0;WuB1XeMiBj2Cq81BcsQPNCtcI z3jzUuxyaxe@{v4J@_l%H!2}yomL#;4yN^102nzv!Ma1$pks5!QFu9!ks*{z`gDg3V z(8tfcMA`GvtO{(d`Nn{aVl-m}_}19G$dF^P$!12?jNHTGV8#=hfz5F8iA~nKxCl7P zz!dZuC{VDW@8P`THEf0n!FX(*<5#zcP1g`C#bQ&&GGMb?$V9OjaxSsa`b|kBgLm;I zeyrw-46Y#`*pQNc`qC5|Q8q(p#b6^W1pMBJ<$j9g8N%dp@~g%x*pMZ^OX%aV5oPV7 z<^?uuzA|8=7|nPBd~0kvGUQlnwroaxDmDkt5!fVb0ycjmpV++1)*f&i2&vfkP@rH# z-^1@?F?R)z5ja&Hui!$K+_%;g z7g2V5)V#puv|0l$iqQ-Q_|~|17;-Ew{g_P^m+M&^%$T_mxFnI!4EJSA4>+y^Q_yvw z6~_u&n%#T)oH6?La9os1DRN-sJI+mk30-=@WsGUe_pNY!;xBs$?5OC49@q|Cc8 zPkppEn}C?H509X9P$bDeP@uGieBe(?o`UCOlQC12)kIUPJ+KN3%I2_&zhb!$Y(-}5 zPQ^ZX^0|9W8-OS)h}stop!;4!1E3VZO9CGaz--1opV7vmKVT!2IAgyNWz~-3q0Gm% z@KyRO6`jQ_W#YMJc^WEFV%c^!jrmhWt!v0fmPpA%zA(*_D0@k0DWjMAST8ID{OJ+P za}>+TU_`RSQrIU?PWq2&mPFaOsC|*8!`P~id90@tva}a`i!5EkXk)XKT%~4dD9WlG z-$GeDJNH5J!yBARALhVv55Je?1tOB9V_^NXf_THcgf&D~;l% zH7Q{M8;XcRu{=t#EW=hLSuBNp^5oA5M*LVW%1(>g7s-163q!Ifg=D=BzD2TnG1}N< zeen*In2BVRVV@q#Y*Mh(=^yCJFSD5A$|wK8MZj@%y*jQugo5ak)^6zNACC_8WLmYG zXbl`w;}>Z8w+Ts|q z9KLVEGZa?Vx8a&MG&~uUB?cWoe$Iu_@9{V2_zHi|aa_WBf{qoC^OX#gJm-N3f(Sah z2ORea?XGu37fPiBc2>E=`EV}+nXov(se~zFO{b!-SF%1hJ@*{X7DLkFtDBmw#yoI|& zx^D;!glZ90`Sl_3+MA=7u*4O;u9I;YbYzjCcz}ndk&bIY7q#EGixmt-1u!uXEMG}K z$uk(lH#=#sYd@-;v)LV}abs%0Uu6;dtYQ9p7wQIUcp9#u@w%e%8&5(5t-Nvko@&=F z!i7wZaP2C^j-m1nUL$>T$z`eTMwi@(m)Q2g#H-LnOHcH0WASMa)sAQJm!E29cb@8| zqvUSzg3h$Qu)hs&a&c#RQHPDG4c_^9s3mc?y0y4dKwVR1gN=l(e4A) z?lyNM%jb$Wy~dCm?0P!2UdX9H~0gDBgcVxCxFr6kw3pg;UV6mjqrd2#!kLnv}{aLxR7Rd<_`!!0LE` zEPNrqg!&WL$UjDuA{}h6$vbaa|2Dh_vBjm zKEEMwNZWvetx6L+x_vjq5Omb;h&uiWu9MIt>ce9(EFyAs7dB9ObgSz~g7ShvWT((| zB+jj~RgqY~s_EB}h+jwQ)|y$0aSZQqxl$hH`!i}2^PCJ{hrmC)00M0cwmwHMy36+G zNhZrx&jujgdUc{K=)S%X-fDEoDR;dC zl!6^sf$!S{iLMU{2}ckow0(#LLhj(iWWFmJz_*NoU2msAE?#ogn7d$is?f^ZM7jhx~3^LcT#E&IJ)2hodnj8 zVWVC&RMqQw?Ke(hFWiTD9_o>qWDy~f$^E*Hw@;t~-<)+U5xSYk1U4Ku2m*Bn9P4oz z$y_Qbc@d11wOt>>38O{O@hC3PbW{9qi+0>~0qCG(5&o*(XryBvhi<0@uUGe30lWs-O z%6%XaA6`eqFCqPmR@zush&6TC!EZ%D>;Z~Rqu2!~L(i?dR=i7to9%rcqyB*7GoFHu z8k|zrijEv~ybFT8ztQowQu>BcTIP5f7i#_-gRYJl4#b<%+S?<(j5(0h?e8bQ4oALW zLU8ZLlQGSDh%oDU`(*b8FSn_#j`iVD}JTT33x6 z!N5;uwKHA0OYr@3taaT84-{eXh2B`KIAkQ&4M%wcZpLe2*K<6E^A~Z!5Ba{5^ys(J z@VhL+SA6@2|5THfK@EHH&O6Gmz6o9R&3H}+T@BUFe)^pAH|_WijTp2N>!vCq;@&Ep z!EHy}gy0wNK#d_m35yCxAWgG;j1!LH-lzGDSoUM1-s6x@#nV*O%XHR>cg=mJKPSvP z3$H=p=sST9|IsLbMngs06pfU0;c`7%#vfRH;r5s$V_>m^w5Es(E5CA-qkzCs?{i zK9>=)4z=m-V%UqJ7nxe^8tMAE^i2NB9iK|ZqdnuQ2EO5&l}U+ZN%(;**Dlohspbtu ze&%oqs{-P!N$v4U;U3X&-Fy(%r8!|a>cbYENL{3ryX4q-+3c#$fGCETwtpWkRYF0M zi(kSl7O>$x?w1=IBj4;mdkthBP`^rn6yjC)((dkD0*5gwSAbWq_&x~p!@50cUD3Qk zNc?6I+fT8h5u@x62r1g)QgP1>mL8SAS*34>7+6F*)Uuxm_jEceMG6|^j8`Ij@otzZ zqaR@~X1H^AA=n@Pi2?4S7m>3O?-t_gpBc4e^aUf}+E>?>V~cBF(6tX4WxHM2lTC)` z;EQ9yp>I<7W(bpu`>*2}FnDeD?Kb7kSpo@nz_9=)!`E|?>%LGf*jVb-kt8m|?3ju*&Osx_<{OMj{8o+_O&jD>=?NONW(!DRLfD@y z@9_Sf<4`NSWUUZU$J)rei{EewjIX^?`TmPsEpbm%7@p_yasgi_d_xu{hsX$>K p;-9 zD`8d6fQUTmd6B{iVpJBP@T@ZVr``&^ajn9{ATtF3nJ zW6|Q$eUx4_7ERl|Vr*c`*iHK!;;WDRkqJu3E-D6Hp|OFa?l^B78@Q}{GA{5U)n(mN zaj}aRX>fEO2B%li3Y|BOnyMn)91r(!g#2GTe3pv;tA|Knx;JC;wh@?g-LO%*{0>RZ zd{+Fv>e#KWMrmU@IZVG&_A79%JCFSoH8SJ%-qJ?CrqNz0e;c|esaGU$f7ym6Ur8fc zn^$`#zxRk=K0JI(n%51#M|yZY8nd)93IFPjGUmF!I#H@S-_5T<_2ww9!8tuo(P*F z8mwz7E#iEba4*Aei1GKuDmr!HmwKYMJ24tjG?sGWCqG@QqF%wO_S*p%oAh^1F>Yf3 z(C+KJ)PAT)i%DoJ-xFVBOrUVlq8Q<}6n@1-coK!zm&OPm zd>F!B6X9$MC;TNwcqfIgH4&acVfP&|!c`RRZ6aJi;rmNsgjZ7d*C*oxETQnuc`?HG zQTSgb!d?oW=7|xWN8zVTgv%&Ay(mWbW(pUY2$xg%@3+SYkD;*3M0f>-f0`R3Jb=P! zCc+gI9x*3I_#_I~JrSRcRTTEliV;5c5QM8tgjZ9z`qmiX?;baQ$xFJS(FNL2m5l*G>sn^E{Z>6xuL^zGY)2@pVewD&* z6XA3Uzc?{Q_z?=9Y9ic+!u1nkgcnly;A8RG7)ap@u8tATr|>2d;o%fsI6g-BDhfYr zBJ8B_dsoB=52NrcCcg&!LeBYf}y2-iLu zpN(t^e|1@m@J!hJ4{5w4=}T_(Z>6rMXOMtCKKCz}YDP7MCc-Ny%+*a@9~?m85)n7-wG~ zIVYYknnTZc{&2>+^MN=!1IfQ9p5KT3i{ts}V)b7|*XDe{ej11^M4$oxl)pIr)#p^UKJ;DxU8pKQW$PLjKx& z;_MfYe``E{2KlGQ^Rvm{jwK3%pOeVHE1o}r{0rmxZt@Re^}=AsN&YkO{NdzZAI~31 ze*1WSAM&g2jrtH~c1&tFCU zF)Rxi{HY-Sjd=bF^7G^Q<>YsZ=a-TH5mu56_PyjUiRYJ)KP;YKK>mJjoShluKN-)@ zCVyf)e-im^{oG_Rs5EOJbr&rhj7#VSWGUL;UozD(8krURIa?d%3s+K#ULAN z#P_ZF&qty1KvFN9w_)wQ7gytJcpM zTNrudeL!_BJSFn)tEjt{zl&FpxE02KO%1=Sh&d6$;cs>F2gmhu80BRp{)TI5!>G3* zCXK4(-}U@cmA?WLqBgjSuFMaNtjz1S+O7)#`OQ=BMY6CpmNI`}Wh#y1ZGyg(!B#joFqf4i zEAVe#hHV(Urz3VmkO$*0yec~c*k5P|D=F(r4|97!*+bBF8Sr9+;%{85lirAJbq7As zTHR+N;3it#%5P0t-H5?Ww7Ry(w4ZlriB|U@eQ0*8Yw0$Y^cdRMQ-4JIH}=|6*)k&N z+{U2w=)_@>Zop#4+Gb(VZJ!Ai%eyy$#T`dm5{tI*z@p!xW?`}aKPFgg*qdlSMvXh% zl347d53P52WcKoZbwpa}QZ%blPMITxni(StFi+}!P zjm2LXv~9nT-i&>|*y3zfzZmnm2^OzE-bBAxiGMh+<(_H>(}z~aV){y8aR~ym>KDfY zCwnZ?4OsNLwpm!L|I7pn|I1Ba(XGBEu~$HmF9M6R5ttPg|7Fm&SY#WpXn10DbDl4r*;tK|Ci$#S2i+_cig~dG|n_%$=zWrj`FZPF95{r5Cq1CZS ze-&8x5SSGfS7Tqm9*d9xi?=>#78b|;ZGy$*?oD8EGuHE4ZXUItKD0U(FTVyXj^L*X ztgv{OLEH9=S_2k4{@yGs3O_Qz;)maxxL<6?&ndJV7B|y}R>xxa>%ihR1ZIWB1;EK3 z3+b)c=Zjh8qndN?{_bBUSp2$|yD>JqW@E79&~jL8rw^@;#g;dK#g|yVx5DD@4BEC| zq#LjplGCg??G*gvF47*mgE{ooCdR1s-?StaW9UPxV=>_^U~w%1v%=yG;AD@5(}2bF z>aoq~7azTEg2m^Z+u8Sv0oZY9xqh*pKD0U(d)5GpYHT4`Vet@yw(S?$1}t`++^qGe z(c4V0*p$=6dek%6acDU#2GECA$704hU@;PbSz&P;aI(k3Yrx{bUCp|8uia{b#n^v0 zaqm6}I}R;}#WVDw)v@@w5?H*p*BXmE8MJM`s4!sB<>Y2zaqfF2SbTL;6Ik4X9fy{~ z;w1Xe>R5Q!1B){em{q?x#Gq}l2pO=DE^8JRPrhq{#i&3NSRDJJC9$}NKD0U(9o_*J ze??$cSma`x#U6`V0~X%%nuSH@%_dk3EouUbLhLxST)#NB>Hh*2D>eX&;}Mt@7N0R_ z+kPRfiG9B4KD}93+!ZpxV(iK$u=s9QOJY$-A6mU%^x6n479lVzEUv&di#-uwGfU;o1di<}RR zv&UjIb{tx+UwlL#S{;jR?*fZ2uzYWY#S0ADwqJM+SRDPLS^eVr^(I*SdU6w3tli#{ zSd69*t&YWY?*WUe5ttPgrvfK?EGi6GyjAXMPQUn|(gcgM{@KL)wC7^Sq2>C;TKdrH zSk!I>7Vp+rV{t!&w(S=o0~Vnp&043uc%2CrPvbYEZP#g^#EwJDVR0^fXmu=RZ37k; zATXU(I}R;}#gp`*)v;)JA6WeTLu)MNGicj> zA+3#lzIb?Zv#{v>mI)R)4NdG{+=U&7mcybmeQ0$omi`l1oPofs`b8asw#6ddfW^|6 zn}x+=Z5K#nG&0VR6FiCRn_V zuaw)~FXmv!q2>C;Z>#?=VDYz)fW>hL%nFN77_@D_$TncneP6ToFP6M!f`zMV6Z5FA zt6LI_IrO2``$eA`U~wk`v%=zXY_r&7;Wc1!bVRfI#o<>>uy}N46aC_P>^QVszxbLy zv^o}VeGDuPVfo$)i+?a^+kR1Dz@qH&X6>=w`mz}o?a~I1f14V-Yf7v8}OLSnPet1dH+gn%M8Y7&{Iv*DpSx53P>HzjgqN&#;AHg~hWB z+O}WR8nAfz>tR7L#@Yiz^VA6&5E0CwnZUb+OME zZ{5`_EVjO2f<=$jO^i{!vE$HkSiC_WS{;jhp8<=F8?CVjGHBa=k#4|Z$NFYrap6i6 zEY^J81Qw5B$D!r0=uID59gBj`fyMa<%&K2BGH6>YoCYkseVT>EtIwHW@#$4fU~vL= z99j;G$LK?=V{vphuz2AeYb=Twv@I6d1}u*L(X9Q8p3jWWg~h)av~9l# z8L;T?Z59>_pESW@R7Df}dVANlBo?>QhgR2o{_;q(u-N^m2^N36-UJpGV#lH7 z`o&iI(CS#!dR1%-2NvfcFspv?JA<~x zqQZd1s$I>(;-!a7u=w?dCa`Fa9fy{~;t~4L>R3nzfW@FgSN#YWWb_BX|u36 z{Xr8fJ}z$pi-p*6XgMs}(}z~a;@%&C#mNZFs$YD=plz|JHDEFIxn|uj9xOM(V)@!8 z?iW9;YDp{>(uY>ZBJB{c2qG{mEN;Lyi#-<7+p*6V@BG-TXT7%fn_w}ssWp&%>^QVs zzxe6C{|i_=R}U;2v3zfZ#XlLeZNEr2U{SE5Sy!`7f~e9?SPu zSiH%gZTm&G0gE9AnuW!*drYv%XlUYDZ}T%PiN#g)q1CZ){{k#-L||4}oDH1pvG5wO z*fXVB`xiUQOt6@o*TkCnFzh(AT))^%A6gxY9fyI%zp;g2g~j6x+O}U*7_dkm(=05; z-ED$Jr>mR5;w9`jv>X=0=tHYxk=+0+E=6EgSfl_adn`f*ENX@}3yUhh2^K>$n!w_8 z>^QU>7BA6$JNufSs66V_Px7_@D_s5M}5U8iQ^QU>77x;gR>vag z4`A`sW7b&Q#-MGnNH<{7<>h9LQQa1sVDagzO^i`@V8@~5uxLvkS{;k>W5D7>1ZLGQ zzGTq0SU3$>6uX)=M%}l_1dHd#G%-dU{A){MaR+^9bu79|qww!vATTQ|uEjQsJr>zU zET%LIi^PQ{Se!DY2`r{z$D!r=#lh153s|g502aSv`Q8ePY6flFFT4gUk_I;mi+O)B z!J@~&Ca~D~a7$t_jXtz`zZlX6SjvZg1T4P6^1T%nuQ6!bei1TY;k>O`Slqn81PfPw6IfI|(2`h;qYtf) z#g%P=#SI9|3X3y=lRXx-1}yq~(X9Q8?ek5rczQ<@`xk?;$Jy&cNab zmhY{wc$Y!z`-S!|8S`JDuGHaBnSg&G+E<&nG*sM<|EjgTru0PJzpyR-^<$x<>ql`q zi!F4#QM}`H##`uQ+vuEPq2sjC`Svg7@ub`6yl$Z*+31v7=;)r~;&L$7LPz%;9;egQ zLZ>47ycnnR)t%-!@Y?9SVxg05qqD$5$7!SEvd~Gl(dlHNBiZQu=MM86==SmA^7f*I zj&2_|PRC=RQxV-SjMEuqq2smD>1d&oZKLz~0`nX=ZFHWu&`Gz^x!poXveC(~(9yle z8JD+q7CO53aN~47EiunQMf82qIGv|0bi6h?vn_P8ZFELh=s0b392Pq1HaZ{AH_w4& zqw|D?j_!MWae13*p`-gAW}MDY3!RGS_XXp05-fDQHaZ{9GtWV`jn1PMI!+s%JPVz4 z8=XNGI+BgfA0G2~bid;gm$&yVbacPN6Q{G>LZ>47dogi3ITkuz8=d|ZI@vZlzZRS4 zz-goNo`p`jjm`rWI+BgfO%^)3-|>vg+c_3Gy5C`q)A^;yJO>rg-wTb?*<_*Pwb5B- zp_6T+GucANX`^$Ng-*JS&X0xWIgo60HdyHB{vC(7yagD^NNK|wvEmL3mvD8j>|$P-A1RAg^pyS^Pkz~IjDU- zvbPnN>lZC_LUGT*Z6fOj9t)ic8=X-WI$j%{jutxEHaefrGS7k2M(248opc+W+bwh? z8=VXbo!Yo(+GwuZS?GjpbUwY!JO>pvI!{~Zcx`lMTj*rl=!~$?aoXrOEOgRsbUwb- zJO`4E&Jz|owQkb=Y0#Ekd4lA3!MrZog51tuZ>QB3!Q8monLP;&w1`D0qxM$iZJ^>4zkd02Jg-(TyP7ezmuZ_+R)6H{`ZKLzHg^trk z$8VvNZliOJg^pySbDD)tZQL_$6rXUec@9E0I%_O+Dr|HXTj+RgbjDlgWZUSRVxi-- z(fM|oc@ENTbY8d6k!*BIEp%$*o@t}_jJ41S+30k&(5bM|`6|ae2VNVUS1fe0ZFCk` z=s0b3ToyX%HaeXwbR-*{|74rzpf>KAHj2-S7CIpt9gl@hg^kWA3mvbGPDcx!Y#W`= zv&?hgw9$FqLMPou=XMJn$wnu`LZ>$FnKp_~I}4qVjn1bxo9CdyM(1e@9j}efYzv)i z8=VmrI!+rMhlNhMjn2n6ndd;V(Rso`Cw~1PiqA|%r@TDV9r*TI_u>PUc-g=mD3$XA zp6^oDdA`FN2eN!AfB7kxDOXCLMwTMnL6?kw<)w0C8Z_i~umfs!RU7IDOIOSPY~R>e z*A2W??%+*0z&bjWLN~1nZ%U+)Yc*_Ex&xz=-OEZtRoiz=#T(gEAhIko0*|Og*5Onjvgt zdaJsM%x)kp_w8gbCb;u8W9Qg~x`wiG(fSz;qm{I1i$r{g_8Ug~=p;s)iD;Kkg1X}3 zL6IW=1TYXS`G}U3Jmmy~gMzzLO=;a<5UtP(__HI{DimvOVP-k`Rb7;r$&xQfHJB7! zpJviNX38SwXxk#54=^UgT$du?T>`T1bY1I{<=lNHO+UiDE27>-8Hjy7I3Z0uF1 zDY}MUwSi#j4V1|pGy~1;Rj1M4m|k_fh(POAgRW;hhF*1-0LrXa{d9b6(v)5`M*}v# zSB+Fm%|LU&&=K3KKJ92QMk%?6X3V~YQ8unuoyTZmdevznKCM?>nyI0u>s2d6ip+Xd zk}+D*tGsGT&3n~2#Tq++I~d=qzGCChjpZ9CDEHS)+Q&@UxL!4qF(GEPSM>vF=vCDl zbiHcl5AnUqcOWf4PeQMk;0T8rBc4&22`l{}NEm6y^Y zZ(+VIY3Qix{SP*k``HN9UKL-y6WX~LWef)U=?$K*84S4U-M-R#srVGwuXhI}w=abI zNGUJHO{lR(6etxdBZTjO8#mp0cfcd#HiLtTCCT!*H`+)`L!OTAYS%V6B85-qz$+w5 z>*Z(u;gEa{jk@AS#oK!K;_69E%P=^dvUZmeQ=Z7VD-_rZZ$ffEEuczd2nSdoF~yVBs#8%W@4t?4yH*EwYq#Om za^>r7l!R*aua>_MV#1k9`Rh7S|7z$lVSr7|qz7avNhETa>&s(OI7hTwhy+~QAi52p zy4BG)=B>(@=?mVZ%tZp#Efu6$eZBH}IH8Q(wz_9Wb)&ClcKdU>b?YPbMyFzXuhr_k z78UnldvKO{4k53Hn0C33fIhRnG8CPJc}ovT#p$BCu%)N0bscgqyGW8>f-Q_(NXY2a zx_+X(+DRmojPC;CIAGL4qX9wek_+}DbsqHojcG~$}b`4gkFbA2t|X#Di*Pt>B*h^ytpYofK-dlqd( zkN#<$Xrs-G(Mc!jnEhiICGr!Jm9w+mh|MWW9ui247SYZZN-A^x!Z!DdXmi701|3kY zcI_j|s#@|$*S>`Vg06k;74Bt2z%9k-Hoie+bOB>jYRbB##QZ?g#puoZ8l}4TsOt8W zq)Npd#bvN0Rj!{PS~S}u9y>+@XwNS&)*zoP>dF)i70zJhzN`bRPJ~t0VOZ@%6UW$q z#Td`%v{qq*empMG91n#nnl(Kx@jB5QC&cIs6g?~8!5|->(@%}`RHnq z=h|x5p4dF^SvV}{+9UETB$1w4CD(%4MP-gkbqA9Y-AcaqAm1BAk`4LxvKI6Zl+~*F z<}lPC_ch74YI!0oa3w$A8AUYB5=&9?Ikv{pjuZ~5&7ob{J1~6r;9kIDE zvF>_S!?}cLBF^N-Z6jUv3r7$WCK6{P4eD^&7PV~f7E6)?>nxH*fhyI8i6uo{OO!y zCW3z__sgbpevN6)heXpWh8BIk6GCdb6I0en7;Ut4i#{dNT^?Oq=>td5^JCXmzF(<6 z1$sZz-J&o`F0QV?6s{_X&QI(q22_lE{yv!NDD%1HS8yQkr-M=D5WR8(ujOlgJ=R#) z8zpICTJ(f+Qpy$x9l;7$cA!zAk4Zo6qNB5=%K5&^0@Qs)ivMKJ54bwh58ladyHTU^ ze4h+)<@x>u#SKYRwuXE>-;IA-dID61bw=M_iFg!6u3A>hXoylVL^A>(g2CZ0;j zuew5slPviPDAb)97pEwDAZlLBe{j<=U(;DbaXg+F?eNk65r(V!7(8A{guEEc@D!k; zOVpJqem6Nx)CEjb`Q=QMctDk5UrE%rV`WmUju0%gL|0Qb`n9a?eJXHwGBoAj)P$%{P%Kid!UVHp5jDHLbmxs7WFR$jE4B zWZ@WQBr}Aip=~gvWaJZ(V1Ebro%{Y}XTS@HoUJU%0$Y;e?k6B(hn zMMf@QxN1iF9j9ibr^o>^GMO21U&@S#HZlW-l#DzfGU?9-0~sM786hRNGavay*&<#3 z)r<%WSci^SzErV1Ntj$tepMUZvw|DQl6N!V@fi_i=~44dWQ5`t899sLsu}5q8<1!t zsUio+$W6@1u+hv&CfkS`hLns1MJD}DFpv@Q;W8=t$Pv>vBFbj#@~>t@SP1whL@WAM z1dR$3tN~l>*il!-f(uAAh$xmI7FKK&K}7|{f(BzW&nFsJqfrqfHtey0u@E8x!Mb20 zHi(Mu#NZlTbz|lC{hl*(?|tvyn->)L|NVUM<<32G=A7@eGiT1s{n}S110p1kLFC)N z`-m)OXbZZY!!xIe8B@aS! zeUF~cMUlDseYg}S&*Qqx`8>G?9=T5Y`<+xAd*H3D(;nTFjf5Vmz&h=l-t3>@b=o6v zaL29F7E7K#yH4wR2s?jaEeAm8sRQ5$6$6VV835%+*JuVT&HzX z&KUV+0L1H*b=v*kM-PA;dm9fWHlk;y0TARd1K@uS_Lww!>$DG%m~owE4kA!8cN*|l zpn8i;QR}ovzKsN`ftqaVYvN`KrUNLTYdL?xdP$VjGd&qzr(KS{e{)}Tc=eC2Cyb%o%TU5B2vhvv(S@!ca^(V$G_X5)o-5Gr&mO zNH>+cQshoqr|hY$K&$q=>Aiauo2q{ft0Dp^!a0sr` zo)DUniNZO&PV3Jm7)FHT<_4dA21H06gUHQP*COJr(=HbbfQYQqD)%QM(ndysks|V= zAQ`nzJ0p7JA5M{%1n{?rFdf6jIFIw)%6TZ$li_vRzHEYFL`ZHX`s_0xLh=|yCQ)6B zh__A~B^Uq^S*P9fHzHEVHd5fp{e>VIwN5)0TaOWKqz^@&AHd%t!gL@q*yEf~&b^qP z46oDj*aX9fklc*$*=In6Cj$5bwM!>^}$U3c` z&prbpt*q0Iq`DRnZ=JTUV328@wi~_At8<;UQ@Jza*&thA*vUHWhue^$E$g(a>Hqb@ z6j$3iZM>E*tDIKXX)Eb%T^sAP&uiS*NY{Co{`B?e%}Q zzE0a98x^G8Aab4d_8pL1-@A3%lDdd>nv4IcW}s7|C;L_){;TKr;rK71kzg>yf01P? z@n4o-4VH$2qdDu75W_u!4EJ*kz4)(v!N1vyTGIG0_9Ywth3(luU>G;HQUb%gh_nK1 z8DdjCEi$a+%~=4E6CM#5RRmUWC};dkcy#LTm%4 zGB%HGgxEnsVI#EqED#JafJ8@#Rex;n_3Ki64~k8X5IfKo-2?B;!o8$uIDD{cKKT`H zeGYOv8lqt3U~i}5ze`?8oY`KhmZBgB!&_ipvOY| zy6`ct21aqy7B$dNTDT1R^ve){*8tyIl^OUp%HSUx{0o1m>uH8r=gU7p4oVwh~IeF4U>$D%gnUqrnQn(B$ zVdG~I!x!>QkPFF%WI~x<2ko`BT}p~b$Aoo)?0@?L?0awCeti3;Gs(sLjs$>If#}GJ ztO*K8U%$Af38LH0*rzYezXOfs4m`VUaHBh}4zLf%iX~o+{EZhtSb4e-Px8mtZ;BR> zOL2rBZdj?jS%f#hk&d}ibM>plu?#p)4B{AD-={J&i|x*WTzzjsMOoj#u|s=X)1yQJ zt?APOiqtSf)1dPPkj-}5Jni`Jrnx=&{dSN;64wsq%#CaZvGU*jhL!&m;bPmt37`A& z-_>sX_SECm_79YG-3j#Wkx zs_jqdoNCKo399CzWOHRKWT;`P7mmXjhYa%shB@gu7zc;pAI8F~ZsB|)55`OZTS*;- z)U=4ZW^?Lp7=(%?Ah^vX9uh9GQ?SG>U5P*8Gtp^bOUzC+)Ynsia;Szfg)s$FM4oj#?#F}D11=CbcL886Hnr_9B7%iW%rjx!k{m85> zai;f@p^N0qrhvgX(_j=`phT1viUTw~SR$gp27zN5oGs=qy!9hh(OQ1Runl<&F?=6Dut0E}Zc z=<%#Y6262m)lx6u@y#ejSMDOvw%{EEmVie_wzrtMsD5a|7mP(K$d+J72C{b8fN9aO zj@4Q9UQLp!4Y8?#9BDnJ#q0y={P-)u%|n_3qwP@GzArH7ctE1|1@`xvk4EEC+=ckd zMvQrAM?~WGWL=PFX`u!lUWI(p@(9A|`cMy5@DJDHwnO~(PWsdbh#>U2-CX;!V4d~_ zD;G*QT>he_4P7e2$}yRPHyVg=VLn7mwyRrNxX9^78Kf1~y2v?~k__nY$?96#(bzXT zIxz@!&Dixp5D@}t*nSJpFg^C9#UXWw*4ZyNB7!cAzU#v+=GmQs=;sJh;1;aoP}jIR zCQpX`HWAsR*?o!)NXyh0WH({TvC@kujE#Imhs!dZt20O84Ty}wLlnCPIi7{842Iw_ z+;L@Xmswe*9X5i0g~5&zL9EetI*wychcj+^?A@5Fxk$pE&hQU|odf-?M4VRGa?CP& z?a2NuPOBQM+}+5n1tDJ|Go-+(ww~= z_^TJh_Y1wSgA|%4tW);ycUlrzEGf<1l1q!#;YvMALBG)H%9)-U=NB5FS~1D|RByc? zs*cl2-W}?*&)@|ix%CSL`EX;pFV#(`j3;7rfKh<6D1reHnN38F&m$t@Df9h84{tAs zWQp7<`}doC5QzvWO+s>|AR-)sexX6iIp`NU3d=s!v-p0N6L9*4f|}TOyZP)hAQJEk z1^H0ih|DJ}!he zFj$m*cWD5B+eU-~_NhG1hbZTIVOh@fnky6$CYg5#co-3Rm+Q07fC$NB+Q`;a*CNt$ zBa2A3U;sqkB_exmLqw#FECeG(q*#zFsYL=1VLA}ullk`DNJQk_IRX4FBEkXtR37JD zm2qC_1R}Ygyb=ZY)Ex2BHMJfi2SrQF#sYbWI%-EF^K%Um5)fLP8N~nOe7*-5s?k#N!my$7%3vBOW`F&NB|;Chsb;~ zZ$uC1@~*EhvfIlP4%nyiICoUe6NP0t(`yE58)1@}$|e|YBl7NZ)}2;w21H06gUG+P z^q4gM;-YZhVImRvmWZ@;=Tjlu$S5#UL)4iVvi zeJYRhf2EE}h6>Aarq_(sHo_!x1DjwN5qY=BuigxZkUR#F_o=S!H3oAxfiSg#0TB6) zh!*KLOjI8o*YhPrCh;YC@mB;xrsiTr!!m^y{ zHAib3VUn51CKyIU-qrZkn*kA$#~|`5)wPIxkZlopQZN7_KM|4la*0SG+ei;EQbcxD zx$}?!M3@dl_+-lA^NB!2-fifM><|$Sutz-3|B^Z?$rYC6On1?9OfnRLqRxhUMJf&ma|AtH0PAR=myfRQ4yh02|U1R#til2Ih{t)h(3G_NM$Y9-cM+CMGAFVLh7pl>clqoyAVTsOMDC@!7LjM@d}Xh> zK`_vLst<0LkhBVzjd(ezj3#sqAI#DoNJ-{bVx3lt-x>IYwT_EE^bBt`ez6wfYM5xY zzU@S-)J(b@7P`OfbjclY!Ek3w$*VIwkn_9w{W2-vZ97$0#Ff7s=MW3l@V3(ylxU1f z{FI z)I%vHU{N=*R1Jw#)DTCFR1|s*qO{?Sj8x<#WBREm&0H{G$8g4-aaFggN+*OG)&_Z6 zn9Uubaz~T$R654g;hhMn(y3-59Rmv)%?W3M9<8#{sY;ZNiwpC>r2-U2H<9j`yW*rv z?j+a=p~jMdalJ|>LMAm*EulgtOR!5$=|o7CPBjzhR4tV*%SxI9hN=>!qoHrsRq3j% zbU(yO_sxzXoe*kV7noJ61R`WoPxrWEPbCZWod~JYsb(Ub4Z>YtRP*5N+3ce^`uS09ziOZq3=XUl}{NMrpL zxb@>|j+Z){!DQiEQ~C(}&j|a4O9AzC;m(h%rF8JfHL zlWZmrQNJ#tN?I!v4r(v6lskwe|Dyc76c}l**a=WGLA`=~r(C zL`WWk$g@<}BI0?7rU?c>L_9?E)*~X)Mhd`45$UFK_d!CMhp1$BBqF3VzXtHPBdc%- zdWhx-O{|A#2%BISkzQm!)n}gp5t7Fsav#;ThmSj<%R1eV^FGV6kO0y(@zePki1U*D|E9W>5(Y|bg zVMN43G|^|D0g+ZbM3bnlMa1(EjS>tpd5B)#T&(xX)#f2Ob(Ai*P<>qH$9stSNy)3- zL-g@TDSxmnKi)$$m**4LhKFc?N+cc=AQJB(>ZuZ`Yh^7QAQcbMV&lr7N@2#e0bMROy6pt$B!MoF&+ev(m+Th;G)<5g}Y_9-<9Y zy1`bucn{HcjNZV2M#8n`AsTxouv@(zqG22_bvAPzq7iq5Jw)!jK^0t0rdt+gz`%Kf zS>J??2Xq!1d){DEa%5y&apZloudUoz`1$wE{`avE!K{EnToIVdDc?s711z6}KfEVGz_8%xKIUzdNB)pS7&mf5ozWK$-T$*ZcL zH_l4rzbvMVy0h<*A5fdY-xDx-ZoEbB-YPSPAaOwnuE<`gEW48BN8gequZ35qzV0R^ z3tvV#wJ#uRmg(Ih!Zo8MQ(ws0;Qq9GPf58a%=`g~a3AjoY)K79DK(q3fXi4wogDL~ zz6De4%?Rp=pE8@XSxRwl|4%Zo49y@Uun`SX%w1YW`= zzX|?qNah#(5olr4m|c2YHAB&}CUg_BSJKEXC0U(p=1ASsb!~4rZkZwHR}v+Nbhmfz zZTB0sk?n%yOePm3^}@2HpcVI#R+KhW`>umz(zf~~`(4s)iu3@+0G&ThzU|WFTY?M= zN_HVdms#?gD8YgX1^a>?i^6#ov%Kh1d~4-z9$OpZEaCvUD?d7!LYyHIpq;J7neEqXf$~ zt}Vbw#MNE9P!3;eim`eH%l9#)&Q zsq>U)4xVKXA}A@F<{-aJXvMdt!z~=X)!>~xkE3y$PM~~vC$jMbO2u9H!<|661pvAe zM+5AEjemo(E_~EzDoBMvoxW$APdjS#1j}&eFitCrI)^dJO&#ecq7HKMwFnb?!sNTB zcob-TcQ)o|Df$7xu(D|Y+lFrUv_q4$2cmvL29a_*C5@1BJt@E*h?;dXrF;OBD-T5J z99O&|R?1r|Ec@ewQVtX;Pj@F?9s*HazDgN5t97aq?K*uQA=+57cK~jgBAR!mY+@XO z|D&P68lELwEP_uxNd&iWr?fVZvZoTk#xh7i*R+le?P3ID7 z5FlP-Ql+^WeZ3%2XO?`!{!nL{#$upI7Gj!AJGpZ%*;1f#<>e_{>K&@Of-<{9RlD89 zx|oW(;GwFFb+Mk)cY!dm`p$WR`X1$4Om`_drNz+B2(*}a$RJXF3%dx_=1E!M9ie-l z7L%)%Yp1MIi#daN2|`{_%5Ea%6;8_WT6C~ob9f9$xs8)@K&+H|2c=wk<0?t{Qn{7# za$#bzycjh-qW3^2<=Y@~?b`M}4$J{5C$ec!+543=0?PzTa#;3?lrpx3Z|0mU?o)6S>Wkld0G!gad&6!f`d*1+asNWe&QNNR)Eyb zzn7qxrk!hgrJCB=ub^2HmZV=|Q%^~`OjA6d{4Q}i4IMW(Y*ZTT5}X^nb3;78lyVFQ zr@UT0$vZNMWtaUv$1JP{BF;;t=e^#~>tDlvdE4?1^z-^>oeuNz^7|aQt(+~aWo_Y@ zx-RwI449I`ouD?mARe z>bcB3h|ekVRdK8O)Ywm2J zJ#QL3p-?@}BfhGhO4{w{@CAuYQF5@Jq}W3g-cyA**wM_kgsOEE+wLc1A*?K|7>e1Nm@ zHliLg@NDmRZsGIvEBd)6kEhpT2Ca_oQe1FV=F^#L?7I~HcM=RoyY#b~bMooIs zN8S*K>fl^fs#a5p7VE}GpWd2B&71(SfzfVA}}xYPG-K2 zLd@&`=6qLJ%UB37&|TeaC97VMiqkT}c=mAonB+ZnS2v|Jeb+8fpxxDF9(Xmzd7S4r zqPT>;y0x6?HG_x*Zr>*R)9#H@M&C`BtfEhbU0t%W``ke>>7{s>>LwHvUIT=Qz1I9w zFu*={JrSw?iil_|1o$W-omK8WNPrKsKz?TP$y_!y5)pa#t?^5ODl zynHZNy0am@$o{Blk%-8Oq4<7v(Q>w;w0>15SV#4%{ov{n*J_I9 z+OHl7)KFZ%I!`$d1u_M=EfGH{{i*{SDgBG7>`88p^4Vu-MI?`DMaNRz^nP`)VBq@I z@Gpo+TECk4CG*)M5h?wOUa<&7q+i`3xwIF@^{Z2rb1#StL_+=QdjcLtgyg1|&prbp zB#%L)H`Pt=S3LxSO#P|@Hf&aFzuNMMn0|G{z)-(B_KJvp<@N>T{+V`C*MWV(qTk@; zO#Ke!kD|TZ#{2DZu;erry)XE*(B>O|U-09bLku4XGJMQ2Y;|9dLrTQHVBB{o=l(tI zwy|wEKj?)P&89nsrqtWUxQ&L<&AVmnNeJ!TGWO}`tbOl0ln*$Csy)}nyFy`I8y{UJ z2-PA>R3Yk=O~r@=ww7-N@Y#>A1-F z9ZIelN71N(xgWYmY@KVMA{W+k`G@mWyaemTdG!ZbuYOk$M0oWV&{s?b-%XbHfIr<~ zu>@~ChsAXhxekY?*z=dCtiw}GELgUO6hy4U_xjAULWB4Bq~~3Eq?gyXiob7YQ{Gqo zyuS52%gdW-9gZ{5XlTK8IJC@jYd^WGg*`9&u9~q`Se$P4Vqitv!uNo5v3I>?&Paq-}eoRDUy6@p3vfxueBv0g?$@Bsov8KrT!i5%rh`gI2 zxl#}j4jM$KSdUfCxx%u%Cw^*1%J{8cL0AV4Qkm|9n%FNS4Di`!K!n`wbRXnH<&UAd z7LjLN+{ZzJ0T4Nvh@Acr5fPIx8+=sm=LAW6t}*4ya(UR5j6fs{St9972-AVcB9HR{%DI~9IM9P1cMP9N<}CsqMnv9i;@y%j@)$(crMec8F>IXdHQ#+e3~bo>ytw7~#k^N(H7&0Jf_!`QC-{XJbUH}!2sis z*faONLqyW-nV;TcKKpsu6no}O>;gt0l1Gv2C0FbA%v9x^3wn%0A$w*&>@-IpLUMDN z&prbpB#%MlDynM{@$8w=f&mZ_d*hyLB1{J&v|ALB5z4um=@ItK?*u%I z2+7UiKKl%akUR#F0;+2f@$8xX1Op%<_RPr)64y53+cQrJl2P_d_vit=k|LJ{@VAIC z9fA|#JN$ zzqGv|_ROZ7Zrftd>?$R%&SP|9&)n8?744a`Rw0AfGy5V#Yxc}V53+g0+cO93AF^lu zeollv&i@-?%Kq@U|esyB)(; z{lRPltKbiQX4f=-@PRPtJb&;8`=$GXbNM>r>l3#_c+W39|4qTleSP9arbR%a0~L6Av%88vY^lTVBsx(;ai|x`qw93utkes_$V#93dl!%aw72|_*R+g z4+uGmcMA%%j|$WlNAX~c2`H-pvaecH+lOPIG#$MaWATUc6yE}`u=5lj>*Bvb8R03O z>Rior`X0!ndy1c687{Q#v@_E^#jSd>4|4Lg2ooFGMz6HUhc60@v|kuF%YI?tY!`2R zfC>a;RyOGu2A&J@c*64FnjrEE19R!%CN$ri8|MRm7jHbxt~n!0Gel`&+k&B1sp}5! z3j+i1v;7T@<6-!RFAQwOvD1BFV0W;U)OC@X7KhYqetr#YJQNq!dWj!ahDv;tgP$w$ zh2geDj-hD*D9z^jKT+byaEZNwB_8QY+}8*L` zkHA}w5vY_Fvx`2gNiV%0$I^qNUb>(Df-O1GA&w>QlYpOImayXa%tePZFV=A=l$Ama zduRbZRgHdOE}39$z!tGt?$IB8H%;{u9?;e|E6#l{&P{Tn9>g8Tfl;DU|MKUZJHlsXdb9jCx=Ge$hE6K5 z4A3|{U+{jM!1wFfTp`pb9soX6#J71i`XYxYLK79HqZXm;_<~^cq?7cJbE(v z90PAs`WympKHCb+6Rr>Pt=a2T48^!v4#;?CU-0dLsBvKA78EVRIPlD?(c{4R7sihR zw@aSCHV!Nhr{!uK2WIXl&19TyCh_CI(W~8ED&xTZEPqwTfetG0U@LI^IB<7oY1cxy zM#q7Rb`S`AT8ZMvf%R1)AzW+YzSN5JUqj2dw}i&73*Q?;BM)XmbevGa^0N+a zFno4Qh~bq%hQ*FytLs8e;*smZp<*ZV6q7^&@k58WJm9V^)7FJ@6xqcIeUCns8Yd)Q zVG6_vT?e7P_2A4J!N{!#uXGCe>%qr_!mbCOLHz)sTH1P1>%rZGx2y+Wg;we7!AES- zL-EcWtVLrzC^1Z&5x}~+f3k>k1^-Nzat@Kd$~d?1uP)Ea7YY-n@lZ1m=~%%Ra<2Jj zaH=wcb`Px}&1@=ZRrvNqQK2m>$ZgosQdf{e{XLadVvX(?hBCNJ8uAbP;Z~5xj`vrP zgY5yN2SI69kc}&V3RJMigH8gq@W>($GMfWhoY2veOJf5WpJhf;{F~*v;u>&*nhQcM zqj3Vb{*t~t0l8eC9$M$}_ z<&(LDe|VpvRQ@lXk|Or=nzO>RKktu~IA4&=FHOv?K6#7h7Z-GSYHqd;B=H69ns=&#vrjMHFZqw*}Kk7EK20xIC;`- z|3WO))hg4@sWR;VnTjWsb-Fqm|IfOreUnmUrBeNl=7BF-;&W#eU1k-vAV}bl{2M2& zi!ALYAmfdG#yXg_fts3!j6&5jnSWbx!#X9kpgYZb{8`6LQgrMV>v! zLiEHn@5xxm6bO;HW|8-JW8#`O`M_#>4P4}pQvBgn^8Ts3_a$#qKS63&$q!u+tmFw- z`V~AEZ={0D`3IL>#gmG%CMZlF4o%Va1Ge@g4uWh47gM6-O0?DD+5G<&mni)ssq_yC zJ+u2w|DX{vFv&$FqYq)ZB==xNw7nt~E_C@w-(7YXfg zc!QxB38?q1K^%&2gGtw>n-V^yfkP3d3KLsXw8bY z3J6#sZ>m^`n=4Ld!_0SK!tV5B4(5p#AlH)W!h(10U!6S%q<{2s-I&FSd{#={#p5*6sZpapMlb3gm#tGl{2|SQLOli#nIS+5q>>5z%E#^UeSd$(|J#h@b z1E(<>Em&aG@My!dDPwn9}24og|MWHJ+o(KIXw*E8}LoAmL)jV*XLZ{v`nuJ@8Vute<^G z3eA&DDIp}=j)*Lll%`yAX|ZMLPKJkM}j@Kep9s~xjDdR zpJD5lGCh+{Yp@|pXd7DTd; z4`D`3FR-rR&e)5Ls0dP;V#$?)h;RsokQ}L;Tg0)fA+fr6o6RJ%lz@j3k#{@#>@y%j z@)$&RrMec8UheBP9h{3H>PHe$d?+sMs=WK;;ruh@@^K%{}{To}OLwh^YI z#{CeI{grb)(`^XJnKJ9mW|Dc6fQJ#0cN_ccGay3p7(}+9x)zb0*SBq?y?iY>P<5FvRCBL98NN2EQ^VQ?H-%0wbE zgNSsHCut+4V5Gg~WGP&~FN3cjiukjODDwQ_k%-8l58lj#Nc3L<{Yv!_QQBJXzfMRte?2fYtfIe#N{q~FfL`BSj08Lx;8CHrgH z1jC5PyVw2d&438WV-Wcl)wR85sXJ`&qF?|-o+ly=Gl+<^kpeJMx%XGO`yhcKt@5Lv zH@**UpNL*VO0$J8vO`2Tz!U9p{#feBeyXRO=`OUs7g<~c2qO@Ych!FNWEX$}gUX$U1R%n6v=Kg;o8kJ2Kt$ek^hI`v2nX0B z9_QDjj!JTcWjWJbXg!n6a5lkk8GW zwUKNv(l*jn<<3F^?GgEz%_lPnzM=?3Wn!1|4BEHuclpeTBYXF z^<{HK*8122-r%>mP1ZA||&jL944Khm92ZZT-BJCEg+RvrJPhqBQvLA`DovxKl80Qr#F_t*vQ2=?R(Xu zR#ZLOQIHHPswVyD0elaE71ak1vVnzHRR4tgIilnAp;#|U9yR1Mt*AQP&;FXWqB=th z&0|es1d|^SvWuBg^i&bh)eyrP;0KV?LJCAnGtfY;SB^jDI{ z^w-Ae9ut2>^&S&B@5_qnm;3mXwxT*#3XclPrxz-sBC;s*KEB9qOlLakGY3C9HvY&8 zaA5=C71fP!Yepc_!ol+$$=Vi6h~zPdETOt~1oKu@a|Ht+A}cCWNkr0CRJ~R125?3j zG4dld!f?-6e$^J>ddNUwG@)$&(rMeaoZ$&jtFaRR5qMA3&Ya=tjNZWQdmAeuNXd_I= z$jK*Df<4R#MC9GC0sP}uRC9zzztS18q8h>`7)GRmMNjqFXF!DHF^JqpbuA*^it0we z0Eozn>Y01IHc|>kipY8@cM%eR2-ATGpUlP41G>Cx4B&4O5e~r>)e}M!yQ1pPCKyI! zB8$GkXP*HPlE)x&Gu5?-cq^*Q1p^==E2_$=UK<$&Mt1xYB=swysVk~8um>5@Mut=5 zB?0^`B233XI?m&Kw{jlJ^oSMJzHEYFL`ZHX`s_0xLh=|yCQ)6Bh_|8|B^Uq^SyA0| zx7S7rJh{IRB;`Y)Xd_HV8|g!_jy*0C5qUR1fWJkA=|E(#$2p;#dkM?%iYkvyFpLPv z%?O`;21H06gUA@FYZ38QR6_&Xnd(|ZycJb{!2pQJit5}u zy*85V$vsDqjQWb{?#D(Vl0|jy3*c`NVLA}W@i?EOoa0thzY*{-BC?|D=d;g%NGmI< zBdM-M#9LAAD;Q*2QQaWB2l9u;|l4V8p;IC4C<`q>LHwV_nifR)|)YcW%Lv+wb-xdcLc@o*2`A^5m>xUo(lKOXLGp|HVZ)AtgDYPs_m6%W^4cuPFo9S|)& z9_~(CbROQB-L&W`D%R!sQVn=3#F?16TwwQ2)Ys_l8Mc=9-XIj?)*&d?hANipx(%&d zr*#wtSCrUbdwbjO{(klVsLp-viw?veE|6dhw%bP(w;X4q85V%Zg|}_2xZCiyi6E5h z+c7)&G=TQn+Abw`0Srm#7G%6J8K*?EaS!0?Ttu^Rdt}m9_#DEX+)OKOX?N+-O`Z8j zpEw_Tvk{NbxCz9)3G+RC$(pV}OR-{ohTV9&8tmyOsRRml1;`r<6)TU`1ZDNv{+^Qd zrtW`f3KY@UgfcG(ZYJJ%L2zg95#0KBcUX^#3lZzfyc8x2!gz@PjDVLBy}d7LoG3*< z07+K{@6}(QdNJ?c^t~sVAC=HuMMDAtH(uMFqPdTK*!aB3E9i)e6L0$8Y!PP&BO5w# ziiqcZRAVNH>hiCpc#Uc*AX=?x;ntun*-cY$Nv-0maB)_c7O}qvh^$(hyg5tS3h?(j#tC<-JlI=0d zXrxN1d0?wevbsE9DnvxTW3X&Qi zbnG?wPSegH9EEfQ6X}n>J6%{vQsaL`E-x$qwkqd8Qy|+Z2<*ygJV+S0mU-k+(7kw4 z1-?1JTcWL+qIrAdfv`~bsB{sowD8G1H{5bV_; z0ifYaU-*_mv4}H%Q{|bZRK%5|H{066eWkJ?t%g?x5#jq8c#j#(BE%na+^%eQ*J2W5 zQwzja^^mb2L*t7YRxvlHAdyp-&zM;VCZoCdA%DT@i=_N4Vh>h-r%c0 zk3%#2Y6ypqkeY_W!2bnsIAs@$!~RGO9k1+B_UCc<8Z{7)!&25-G!Cyyh5qUGVAw80 zIJ|?@G#n29DS*TAJ6jy~M5@KXMO!tSyqjZiNcoPzz7(8?Yx6$!4nG!6`ZjBP%y$ev zzX@E~+7tb9WZ}_VP}c_s$wHEDD2Pb2uQxMxf~0}AnR2&fpkxdVq1)U`r9{MOy?|zs zR@*J+V7%4a+%v_LJt=K1J5(bPxEjDpeo7gv}Alack4k#RkQS%dw9m*kSP)rA-DvxtgIae^3XT1=(E+X%S`0O(vLh=|yPNljQkzyBNbcA4_zRuh&`(?o^#FYea z8C1s6p@t7;)72O~!tP=Y`Zoq2-`82Xm6Tk~!ccORU-DhKNLj5{RUQtr%)IcGl<$0< zUu_*%es?Wj2-nn6>VA}H7nP_ds*m2^{@cb$RLaPar2BfV2)0JAROmzL5}Yii%+9gW zEz*_}QD0w6SjpPEQh{TNX<9DQHM8RYyXkpx*d49X3898X0Ld0+(+~9G$%ahiQPZUR zwsjAA;;99znOu{>$PZqMf%!?Vl+>Ft^pm~#JGW*}VmFA=VFp`J^f@N5Ed3r{S~r(z zSEkjOMP4rzH+ITsAY?Kd-;|L|Ch?K2lbIh4WYaML?h2M={>a5jW%4{444yw>@`|wi zF!vLx6>mQ*yb6k_y&w`-`_H2240%qo9||W^`>_4c6`t@o`{5wTqqEVf+YgsfjCA|q zZGkN+T>W79*&+m~C300h*s;MCGngeVBqYB!>%MEY4*dd0&tZ5uyUVBL}(|N34v;fvmXvp z&J#f&Wj`z;;9*2aZZ`MXXF!DHF^FtQb<^#Kbp?Y=_QQKvreX-J#QL%pzccW=5WiLU zU4-9N+A9_N;b(+6w8?%rMM_?s(WhcRT&CsA?28#E-hTL~i_F$SxJK=Ve}5{7^yHk> zs{K%)5((kjxQa#WhXE>Gj+HLnet1;x+7Utx<;3Kw6Ri!UwNtJA29=#`C5BaI8)q5G z49#6$H$(Taf9HTEjH+E+8Ehw7yg!QD>>OK0S?>5tVv`PFin|C3yb{&ylzaW1J9RI_XNGFI(1TRhe@F4wLwB|HVZbMaKW@e8n^=6bwegcvWY|fT>rz0EoFf5{(N zjq~L^3>?Mow1bY+X?M=GcK^?2QW)<4*&Khk*ob4X-7mKY6i<5SWE+O?ASmndE72HM zHVuIsHVokukZKhdJ~Sdx=G|HGgJXQ2=40QJ{iF)-a)A>_;w~3x53T*n1u{k$EZfw| zJx!R{E&MwW3*h7)X660{lo4`I2WgbthdQ}uYQ6}$?`GLf?xQwbCAoKTa(^XEtlZ0X zV`RkP?pyB%OVLvab>klpz(;!p2+=mGOu6H8BL48M&uACO$h{XKy^^H1W+ed1JVY+M z{AQ$-yP+$0?k0pv%e~H)YYIu6$hRR6JJ*cC5HP1J-iiytv_Bk;loFNrnVXIV_eyg} z59VBezdg_P_A&&4`Xr?W8*LS3UffAZBe=GQhxUJ6qx zOf0&Su~R>ycR#1)Cm?cKrlNZj2qpW0%uYT(f!0I!{y;_#-E9ITDY^yZLUh-cay@j< z4rKSx{hweIi|zw`ExNn-nJv1Xas$>wSJwIS)Y)2Pe(owNMxeV4Z#;Bw%3dXO$1pEZ z*$u+D7G-vT1|xd+ap+#9MMt#Vo>Z0DKXiO5@P~(PejuZVZY@bu+V0o7|31S!hCfF1 z_Rw87kljP~P7=qr-6Q%~bYFvIVw;3T_iAn$d+3VSWQ00ytIXX>9f9s-S~#xl_FQk3 z(Cy5;gy&6RV%zR~)UvzJWlwjXOLq}KhvMToh^c?89b28Y!Fg;PWOkn8`W0*r41=D~ z{xJL|tr0hzU9oO(IJ41Iupu?3h4)~i`(rl3{#$z#$8Z$^=d$xK!SNO~7+%9@U-FGK z%G2=%?2Q+0BB=wS=*8~cJDpxqyM^e@bMMmtmcopAwIh^Zc*-=SrtRrAn_JF@3~DsG znI)q}508!0XbRqhHM%s4USuDZPA{oPhUm@b?*%mau7lO+O{AuU9yFUdL}?W@dVfru zMlaz_SfdA{=tcHqI=!S$2+^CIphnv|jebD{lhw#=?>3unh?1|7w?8d=yo`vzzHqxU zK!ZJAyFZ^P>f$fmCH{{cv7^7+5#Ek|@rs@<7QpS>|B}x&ZhnKv_OU*|JX>S?_Tjt4 zQL?F#yL_HpfVM-QaNe>&2Ss-be%tdxskiXAu=ea`{bNHhZl`_QvrzKrCzz&kf=TMC zA({GZ&#$;Lcz6`*N8NG-;G`R!zn#m*Wt|2oAFdv?O=Piskku@eTq$3EVmcTN_Bc;h z&f;pYAFe(L16+ZPF+V8Jy5&-}BDuNRXP?0>M{?_y3-aOS@3mCdez9e;+t#~4Fo2`- zMG06%i(xUAB!xMBbg}v(JDC$zu??i0WEIF5tSAFbxw7fXF&%nx=RJ5fRsIHuxwa z^@3#7vD^MzMIw?#bzThMZ(X-cM;oCNOF3VqoViSd>z3*6Dg{|NZpJ1^*X>Yd^uB5< z?@smEXF!DHF^CMOx)zaPHhjVi6b#gL`@uf4WmdtNId$uIe>v=tUx^{67Ng2va^13D zn8RM<7y)Zs?!~2>4!&UBMT0X~x6rtj?2r93HXGBK8T`HC2lkEI-MfJ&KvwHs@j+-k zX39beO#9|8EFA2gce_7v+Mn|dRuEiSr&J(ZJLPX7uL6$&fp5*U-+yoAK6ZaBJ@XY7 zn_(>7Nh&rxmVSl>K|~iGP65^rG=@xL>8WRV{lp(jtIlC-iW*C|iXOuIu-Jb}u9T63 z>0soKr9+f+FQ!L~rQdXq>?b5Q`}yoM^b?ZD^pjpxH+?MKK`?M*>3}ndNZMFB?QB6L zPvlM+OE<`ktO!z?BFUA4h;RswrTvw2u5b>Ir5_XU@W?@Ovz^aA10p1kL1bsDn?9Cy z6%5>1dLZqg^s)3tK{9GAZGn#`qG@JPWEx8wJIe4;x!T6k?_cE@u?l19E6mWAu@oOl1?SbdZzf}DUlI7v zjim!P4yTT#$Kz-x5AX$J72IA!B}Qe_Q7Vh;K@7%azl631erLTU>|R3$a>GDx7Xbdc zQ)3%n5ZZj>pWpieUTIlxHekJpe<XBoD-*T7jZa<752U({Yh@rnXj38$az zt9rS$lYQB+&AH3qAN)%{**6vHcqjYbIGxDkyOVwYbgEWERs4fR^@>o~lYI++5>;!t z5{Ww5*GG8Ap6r`ri>7DZ4A!EnP#4WzW|eZP)j!KP0rO;^8rbkGe7p?)c&_-JSnvx4 z#o9;3avRO4Bl-<;;l*AA9ry@JV3c3L8T~RJwU9WfYfv8^`)?59M|Qr zexf}=y6JEzOhf9me8y1SymK%c8@_vUg zDb2OfVwRuQro1!#yv~WxVrF=G*Qjsc^1s11u+agn`39EmPXo*P2IlBPJ=z!kWfeEH zgWGc_ed?19Q?sF<-CX;!V4d~_xUe0)1rZueY?92vhc2@UzeV?fD}+hRhi=raZe`&j z)RXTUDCH_6CEom>v#dQ^n}WaRm9H3z0f%#$b=j5r&*I#h=s$CR$BdF^@huq4);dOS zb}C1$aQxU}IGH2Dwi;*^{Co=YXf)FII_)tX#s&FG{5gZDujjgPAPZGnXCVvC<9Jmm z45FgNI&BnLY%PnuCQz)kb(jw67kQkIP|np%x6xulQDQ+-qs>2s(^PDodLa-M+`Aoo z_8Dv)a<{flkPjElJ*cjQW{C@;-b63}B6kvzgH9qMVh_*oJ10p1kL1c5PYZ006ye;hn1GWCX zKQeA5y||mqW0mMdwdg&6X(i28V19TZ#hBaXsJMmkNmBCaH0C4-YP^=uQh_V3d56gYK}3qhpn<1KWDcQ#wqg{vrUmm2`X~sz&J%VQbl@F zgS8PmC6VEsRk|Dt^G8R=NjGi_fmsOGM(mVCc3tqiVAsqJ3G8|u6DQp}|1V;%7t5r> z^~TSbGtf5pXAA#qT)^k3Fl?D!_Bz4q=P_YaGAXT>kxVw48jjDzP4+HcXr0U)`4X^B zjkX%x1gi;O)(EbE@a3G)?7Qhx>>2PT#mv6lkAsAP*>?l~Srq+cu=if@`C6XSX5Tvm zjqvPyLc7R8pR=sF!bh+%)9m{e3r(MWx7R{t?o6hf^|}e$h!JxQDNTn!v2nBSLaC0F zvtGg3_jKA6;kl-o>>mu&2mOzAqh1 zMABy89F?1MDhlAN45NTg=1Oc(Mj#^ZzGscw(kvpvA$X{3me8bJglCU1$qYLPo6Ql3 z$h%v8_J4l%t)RN;vv09rkZJZseY5*luD03tl4oS#li3UdU;OO*A>vfL35g&0`pch@ zmD%^Fr=|SCc3Oy^eNWc%g>a3|zGqXSRiAzLR7HAPMdD}QGL7XH!nHR0-drUx=VY9H zzt^~GAzW*-?{^&5{mA9`+4n@1PNwO#cJk>2nRNcd>{~U^>*uY_zKM)vGW(vHkxXXa zLs};@uRRN_Q)l0Iz6j60&i|N&Pal|)qp1jofA|Lf(GqeOPLlW5|9CCA#rq!*vb=o% z<5?{jZ|VJN@cfT^1R3t<7<&H4Zs3olyLEzTtTX4d6gQ*ytsZAZBqpE${-Yv@Xg+dA zIHDPjICOpzLDQ+|(xHgv*+L-;{GnXH?+NKWcjIXSep*EH*3>U1qWN&GExT{cAJhMH z;@4_K^9%oDnc{}rK?P>WGOHhMs!CJwH8{jaG+(B#i(oeDhKxis(;h+}98M8V5{lL$ zn%`FmY(z6JW}Cc#78W@4A&1SB1OG-bS@_Yo=0lEROA5v{w=fr~q{}QZZguB$6=Ire ztT6+Sadz$1_`v4+0W7-hfz96^>C=0G&7UGsYy+(^jZU|yy^@wepnRMe@}P1`281!+ z8lcv|=E)?D3Tz(blfnd&MzU=Ks~B~CG~ZdjR!m@XO@_c`Z--!%xVq3yN(-04LAFdf z0{xz|jg(epu582~&Nn;(K3w>QhgxUwA`m%e@R8_0HhiuGRFJgF?8UtN<6$L4e@%D! zPGLFDd3xxwpv%|An#Ic4&B<6VOsvOuF+8>-diQP5YjEJdo-239y)B{LD7=vcqr8>B5F(3Doo58cjzj2^nBBuzp08FC@I7fZQb<9&O%2T-Gj?inPGZ@e3A zYSF#L&uq~>@@M9B=!y-r*Ak2FSxOy&?f|^;&~5o>mC${kmIl$iO_*48r=XStQP~DW z(QWrGHV0-uoZ0zDd;H;{`&1yKhwg5HlC%e$NG?QoGbz_YcU&O5hweHgjz_m@V~Z|r zsMM(JM(*l*=!!RF(fbzNj!GSYZWE0YH#FS!;VPkfDf1GQ1Hj(3D6=w#0EAta&`4D=?nvmp2a}iJMlwtf$Z^dvbPvi*_WUvQu44 zjJ+0czW94Y#IKB~ui*{Y`%&4F`fL=vG~zqc=_R!|ie844(dqP(dP0ca{O4hs_QTXn z|9uIRW)yclQqwjSo6Q@2AhRDK+$ID*J1h=?I=l%Z@N^Wt=z2#wy`)Z#q8D99rqfI6 zaUpuM;-LTnzkXm5_yDPCTcgcJYHbw}Sk^lZf%$k7M&PL^deOB!onBI}j-nS`&q=43 z)MG>R=IaLo2>krMMc_T8S_Iq%Z?lnF3nB2U+?mH4+7g2rWIL7CePWsUOA+A1kH;== z4=gvlTgO5X;4NEV^l`hqAL;}4X4lv*uUj9^u z8UkKdREdFz|H(R1?Rwp{JzeTZ4w1TB!}2f%n=Rqo7I&qtw(ij%4N^W_@<>u+J-;$& z?_f!m%X%Tv4_E)eOS(CvFy#lMjipDZeSIh!UQ~qIkmkr@xfU~TN-ixnE<&wLIdffw zU0XVYYR(t6^$h7Q--A8<#;ID#GVDB`eFiTn$*tcw$cMYO7g61W$~YUC69_X*FaRRE z6OrPBh=}-&4H((@=R*XM29Z1EBRl=SjYNc$=0(Ysf{1Vkeq`q=dXk>AGfzKRykLL9&Kb1e%$8s6AZTzc{jjkp8*k)#~^YH)wPJ+>2~%H z5)6RIVMOHg1Bpo5-okT&WYo@n-ZznmR8pPW1Ng`7Eu5m9D?krKs_>Jtv;Q3d4$1Owe| zxqXCe_EyNCo^oN_uCnKlUx{g{7Q_7v{4T_=i^HqNGiE4m)U$oHeh7eLr^!YmZEFS& zEoKSlAwSY}>BzW!>8n=z4KeaHjgz$e!9bV$;{9UF|3f|VLb#^3XXN{Y^Y0KudRmFz z9uEO*=pvNi1ofn+gXj>eK;|jJx79?l$tr`3#47J$X%2F(o zu4OD?)hv_we`6O2TPBmSFp9HG9+5mcA!f2ne%;3#QL>?qjwpk*P}&>VzhyeK73op#ol~2t-I}Hu6Pw zhzN&Z%;7syM=4Pco5@y*#vG1j6AaHf)nxyaU%eUH2+3m*d5-E@L_EvnUctawCiC|q zB59UMca^(R5eY^;TnA541R|s~zXkA*vrKA*CN}EfBsRe?A{AtRkIy~>A|#JNWIENg zhrP%nVc`vO502su}pe1Lt8A9 z<+`jL2N+;4VN>BR2abqkGW%vJe=ym$YMGp^kXoGZ?$*fnymWhiEm;pV^=snnoc`wz3pJ>{e!@_r=4HFt0 zA80=&BEI(Tkh$YC` zU4V5*mzLmN${C?rv#wCsqf4FV3aquLi^!u(CBj=`2JV5z=^rKQ0Fb>fhVtE{=qgkb zk1o;I$Uh5`Wz;}YpRXE+KXHl)TH|h?$3q90Mhg!s+_+anIJa2287>dgFm0_Ei?T#5~zQh8HInG<+O;v-%iL}6}NPi)IQSD)2c_LaiK>U-x>e^<&oDfSPu!6`bEv-3GLTXB@1>9=-8Uju9SCci+mvjjvN1~pcbV#(4jHZ#`ihh@0sd?|vyy#7Zl{Ken?=Ce5ew4?}Q7j?slB0W(O^#=@Qsl*7__`Rx{<5{Z?OLQB6Bt8IA%^b1XKs zQ|ODp*Ga^2Tu2*zvu^T->0^-^Qf(?jE5q-iny_gC{}B7CexuU zpUhR*)=UvlQh%|KHeCsAC6|8LPr1#LxAuBr`M_UId)2vsEKg}~mQYY%1<#fJZw1mzdQRmmTrOr~ry^vj{+(xDBi3E6zm=2x!WNyGlW{QB4x~>zD zI!i9S&O^B^64-6rU3nj{ah~`dWH~au(MamEwyv65*O|1?+3!!R)mNw!bZ+V*mHZ4I z#b9$?*_ib&r+qE`dWJcz8sq=uc^o>td1~^C$dROce5R4)3&A_T${$G{d^;5~j3ghp zN{Jsy_Tg-tGLj^evp+DP&ZD>KNT)Ew#1V)mLp9_y9ZjCN+CG!Qtz#9FgUqdncFDTA5of=H-v)~xNMxS8$$?^#qjJbDV zXpKH9$nXNk&|9NN#qiVENLh-zl~nXf{JM#0EAhdyp0+FTrIXWF;`{i^Z3&;b2tucP zLp;YPkoEX+An+E&MN%o=RU$_^jjLg);U6Y|OSIbfP;DkXBM{co9F4k4BS3;9qu^cBBHWcv=K%%Nl&J zv~-x!y5H$O4{ojQ99X(75Tzy6u!Y6F>&4#6!v6^5a0ua9?D2WOxyZ}wuS#}oTi&Pr zy#A`hbYr>UyBtz%^jF=?TJ%|9fdw1g-G@e#TMm10QEFafsI{zO#ja2*ek2Nt+FjcL z3%m&TbRI{Cfs#je*EWrh`^kq?<{lQR_F*>i>ZtyGt`y2Wv$Wl{e_$^$qF7Rz_av7V zYrW#aA$ZGQg>r5YN4v)ToPtIOQ;bPwZ`u`MueiLM;Iq%*6(>1{y>vb_qb{eq)+_$A zi*h+fFu<693=v66NOs!pTEiBCNQ20ovb%Ql8+agA ziU^a;)^9~3BJa-f*=In6yu_RRR2M8(}(HIOBV?^^I4~)l9c>KlTJIlgx%}g6VZ@Z~HjTXP*HP zvWh`u2-UTSyzio1`U(bUBPSD)k(&^awB5Cr1<9zmpC0gbMIcg1b*2UIw}>zuh%mlK z5jj&iS1{ei{n))ECYhfJco-3R_jjLt21H06gGhg>YZ1XAC~YHq3kJHEG%X>45)n}@ zx2(o9#T+Tj_Lp$E(zd-Mb|mv1tr>qW>GK=nVmiKB?T3(MFX=)pU#30mB^?o4{)n}3 z2w9?BmT_M4@A7yj8Hb2|lgh1rb>h|!SGa3D-N!|SqwQdwT)-c_$XM&hdJE)^5w05C zmxhGi9>*JH({pR&wv4{MbTwzNv;ESAoo%LA&VlLj>IY$Frnh?4%G{dcHP|K|uVY?w z6%w0{gLt_tFe$^bNIAJq=HGt=GOZUTGb`wF(_Vo2icHLpGsHNyS4&v`w|}=piZw8E zEE_I7c5Sl;9^VKmq+0_gccot8Sewn}L=G@{l(Dzu(Mc$iHE=TvO}7S?3ocPnz=P*S z7Ry=REb!5EaTH94^f~y^aqR}>+@j+e(`$m(z;+8F$2F3hkv{tj;~L3h#phC=1{pXAPXFoGTO&S_w5lYoLjMhY=yU*~e#}0TGhNAaVfJwTO7u zz;=Q`CTpNruAk1Y#M-YGgWF$euJ8#QFB& zpvMvsgo14P49C&N1Ch;8s+9KcMV24I2u8aJl z^v~|~6tQX(C0C+9%;|~T<|Q^w*H@{189jllKI=^DpA_nXd4ZpqGP8~Ql#F=)Yh+T!0j4rQ}})W!#eN}ccVdk zZ=a}@n{T@cAn*q+;vX&!=C#>2o&jH>J7s*g5%@XP-rJB1Iv3Rth%)PsZwfthkoD1w2}0Ha)kOTSZMG&7TbkD#2}QBFSw=1M7BFBlHUwvUtT zG<_c-Tfd-e-%VY$7?`&nw6fhOTx?88$;&A*FbyCI#lTz)8i1Y>1M|F3m=*(b&Woh3 zGf({5744+XymGl01EbB-#lZ9-TY@!4d3g%EwpL}1qs*?YWr@OVj)D2~0n2`>FtPfU zzeIh#uaPx_$m#nB1VF9Z_^Ih26zK*sJH^}pe|YEKpATf5&y1wlH&BvBVVy=U4ARv5ckW$QmG!ryw~@ND zQhVsaq!^}GV*K}h=E4JqwCQ)TIk_t_+#W?PT6!}*^r@>y`FfWWb6-2Vje}ul82%wz z@X&KPL&<|N1Ho2OcSdSja8I-8whl&(&}rS)OWZqL;_IUWC4P9PE%7;|hE7O7+skeu>Uy-)#1eEOE`8NdEpNL=)Zqacj{;Bk&fDtO1qMVvf{@dOLEj z*?Xr)ae_^cC)(mPR2{t&d7r25RRljv^${un6C9m4HP}}`2EEeh_9yL%MqE7J$9YI+ zY9x<-!Q%#*4kJHHW$5Y2`GY-6mX`D+sgvLwEwm33u-Fz4Q&R7NT8w=^SxBW8OGt&OxT1Qt2t?n7X^luoo;#%b+IK750H-Z3`l~C@uz(kEyQvaERNCSRfbx zk)Mgk3QlL~E~>sNcNXD7ug{q9D**Ye@h+NJH>RvN_Tp7!|EzF zK`ypa5ozIKd!Apt8QKWRV-R^wW^e621KnoCbAka7SxH1b`o(J_bVX@R?yYju@s#GG zy1Ob85phv<^+k4w2#4T?)%#LMCH2BtT~uSWjWEfKWfKe|BJZB@t2YB8B#%Mld8%vM z2oE2yvzY0E0T5}2;ma)i*=r;IhSk<8cda7AbaZq+nZ#3(h{(H@0sQSaA{>GnR<8<8 z%5kvZhSe!-f?-6eS#+h(J_8~ok3r-?s%sJ1g;haB$^-*-$Xr($w>>kl6UV#!O3XyH z`29-`8IBaDSmu$oIb_(8%<;^i+cPibbu7rLp@C$s+JM#LmOiV)`@%MAzC5)<^hd~Y z&YIqJ{PWv$Was*2g1@C8b$EP;A`n`Bn>Coo)x&50M3D&$DS0gj;p$c}%N+it5@{@6Dcf2?lQVto@OQq|Kh2soZ&B3`97qqQ?1TCO;O5h`jsX z|NPP{BElg!d%h$zc6%v2dmjHpBqF&iy259lVH_ZN3?lbXU5m&tH+z-}25$Cz@&_U! z7FIU+=v=Xm%AJLTwAu55M|zePki1ZU4jgeG?O?87D)ZX+!m8L#u%XF!DH zF^D9ou0_O~JueXq-0V5^zeGgZh(CLNCrHXI?P;^;uty>hX`smO2Jp9tFddzw89$2k z9m=_$>B;cyxfh#Y7!i`2@jm+uh>$!6k;|yAMZ}vu&lU{a?0LiYUK{ae&t-yS)CSK$ z?14rMUov~X62RXg5}G|rlykKr658O|icK(#2+7TvKKl%akUR#FkyO_r;?17N3kI2H z&x2{Sug=*szmW6DD$JgnGDB$g?6VGA*J__VAI2;f`3cW=P7ckUA15MaPv;94kHr+h zJ>Uz!t0fdSI$3C}FT9j2<9*@1EkEBEK5|;f7v3|-@Ic4V^MyynjdD^;ae2FQInto{ z{U%&$o8s{vcubnddlGC2r9d?6{U@b+y#FDu!N_{N4}{#F$9u$gY@VLSdrzm6I_Kyy zI!!37BlxUR0V&qw{qa4X$9oyqy7UEOv~|(9?VaHaxw#9A zFtv)C`=`lKZtm&AsdYE^!vC-|t6j*?MLl+M#V0)5!JFTY?O(DiJGqq#uK-QBW@ zW_I@g(<9psnpK&vZjSSazlk?MLOtSFTo>|)r=00aapS`0-U?^Mo1Mb>hT3^k)U3fU!B&*@Rh=yL25pM8e8p4{zR z9~6^|;wz|bLS=ly`3^=12C#l^A|f|75)rWn{Z-UwO@c@tkvqi)Iq2R$D8)^1d&OSBZu&^`+n2<^jWpZKQ`$&#>A#sT>cjD0UaGay3lF^GKgg~z1P8)@p9 z2oo34X=U*vO?SF?R_93b#t|_i%}*GDtfm-dCqfys@`{L&CS`5+wA6KAZFhe7OyGk; zW7l?%lV$wc?hMP%**(T2%R+0r6N3y-bqrfw+i{SMSlh*YJ^Uhsq@|qc+fi0-_DtaG z1N?>ELNLy1>?p5glU_oZ{sE!Ah20dXeecNMiB6$vY~bS`rr~0tu(#aYaJe8ce*Gr&uORhowl53oV z0kH8EJ~Sdx#;b&c-;GMnnvqZ{ETrrm{ui-Gx3b#qves8tDaJWgR`0`VPYbAMF$+J7 zTpgw7z0=R@pG&;4ZFz_JdHt2uU@z|)U0J>J6joNVUTke;bsgTat)gC9%t(D$lPfF# zEM@_FUHaPUz(cIX)8~u$_=aDWv8n404F*_@u)4IFHN{ReL#0i-Z6Yy7mP#H;YCK2$ zf!3TU=Yq;xZLNo5P0vp`wx`86lxU%x$J2IbzWZlnv7|I31I1b!NH_%77P~9wUcy;t z{86eElg!-P?2MnPmAuRL*=LyFNN(r1ARjIxI#XTiSv|__N3?uG3^3zwN<_AiC$WM2 zwZ+9tr5f@??vx#xW!RIG89!K*-MuN4Tv`zp5#bPATXa*-xx!i37IwA8BvW;3BqH+e zCtsNih>$!6kzYUd5$WZ2^S@#u5$Q%mI>}So4$T=-c+?S`x8Qb)KqQOm9PW$kY#^qi zh3DW$*KzA9=N9$8Gu<7pV3L`}CK&d<%e&?ON8Fdd_c?6uC#8gaXiu~g$KYQ4cNwKQUDd#{VyYma@RF1^;&`hT8t=AC)J z-*?`;iC_8m^XccCcjnBQbDo)ZX3jY?^Rn%k^S4 z-r$q;5g(!1Pbv>ZXdZ=|EP#kaXtwntM~EaMG~Y@a3&*U|dW^eG`29cGpK^9__HGz8{n^RS z8>QwsoI=Z{4#E0i81{GJpBXAOFUyF7oK)PA^~b!X{D9qXAcxa?`U6vV*Z^6e>hoOw zm?KZed_L)EP6TdO^Q6y%^TGx@wqsuSK$;{uFWdxobfBw^qzv<7&6qVW6u-_Mo;NR? zqLr42x;Z|lH!clUOG?}@<$F)sywF`a_ZQB|dEw5>f<2t%X2~MQKBI?|Jf(+!`5TZI?&O?W!G$A#;m!nMcK@mp^deu~Q!dO9vV1Aj!G zj&l*gkDXF_4MfqGZ)2yFY8dBd*#|YBtFSz;#*Jhjc{Tnzremj+HjQNaM7Y>fJMUq^ z6T7K*7pYsnN9%6teU34DcX~!|>RsIv=ABY{ypq)O&5HBcb>^FO_j0F{_$%f5`! zC=nl@_d>hMUhB(xFU}>d?CUIw7pO_e{w4=m>^XTjTt|9E4z6e3*u7rd$RR+^j_ zKMOvx*oyAFeeXHpJPq4;;5Wpsn}a5Sar~mmY3602N#1#TiM<_84 zn(pEG=093V;Lh78BrAO9?FcwmbC}UDW^Rv|wS9vjX|W#iw`S59o=t72t-JH~7SRvd zHc;Dt{fpYlQhB)3c6}9bC=%diV>(s^d@`3@kSCy|t`G?ryz_RU0G@j1?eXj!UTAyg z?E|)zGVXsZgHQ>bpP)|E+1*t65781j&!*0=E}+iR!u?TPTX=JovL6zlGt;3npUgGq z=LsmOYeWJD@4S6mU{AgC_RRcFLx-Mu+_qJQ&ZLFT{(WLQKS!OQv%RUZ5s!H{Rj#=) z*Le2M+c8ID_;25xw>S698cDtsyyJJ?-gkB`WEe?4h#Dn*B-x$wTFyvPtDOBvvhqYQ z_L_5WskV&s@4P)!%jS(FOWBxl234jkV$ji%iM0PROX0?*>4z0PNFt^tK3L(sOT4s zBo{mrwO;Jb+gAjl(4Ds>d6SKfFOOMB!*||JQEp|TaPs!-p6ncnk>rGkW!pNFX<{Tf zn>tZvH&3hyG~EoiR0o7&y5(iX(w{A(E&U0$_?}E#GE^CKifRt zPRzga_IwDP6CcmN^Y#c3IBW4zX%uHI9vErtt;Gwq*^q!cZ>vWLgiTzIhOEUx;Vsr; z=+4^;TXkPRVpi9xVJ)_C=WVCq2@COmPf0&gfm#m}f!bps4n?0t^EX5G1^7+9^EPK; z3#(+u^_*qlckP}GA>5AEZnC45_vPl7UAnF->toCP+E;e2FYB$6Z=Phm8FALV*RnHf z$w&EX^eWxMS_?M7p`sCSd9H*j%ptJb#C66Q1+IPlLB@qbs@s}=QXf_Yn#}KE-58aa zHy`JKCCj}rV4zddHc~XSv+RcPs4Zn@+3K+ht@nH+Wzya5%K6nND8CIu=+3f}L=%lY zoXlkc{eU^jXx{x&RP@R40}e;67{&7Wa8>jW)wMgz+!bwq7Ys0jZ$m^DG!hY643;@W zdaB$UZS&&H)#HMQkkb6xvxAVTsKL~fpfd(3b3?a`!?45Meq*=94-5%pf9?_um-)77^hPk0;zG zG&v^$?PoxW$-azTFu!f>9@fh|`wT?LDg}|NsIEoCUD0;FU;sq6Cn7T+BO=mAioiz^ zSt>||;t9vWMHP5!3aHLoG5jqeOwWlY%uvqs_?OuazT1z4FviUR}Gk+>bhT_Zz!lxBLMB)kmis5e&NyHPTD(6Lt z$P)ZSiy$VM-t2-&L?rJ-&prbYlBXbY8r8Lk%-{gV!R0W)K;sD)zLOSbp0Es0jdScY zL%8}9e?FI2_RstHr<^w{XK!-zf-&o_$;FzTC+0HOoOGZp*=)$y-AWdW`QFksYmWM# zU=yFC9)LSI*&LXo-i^VSK1coeVb{0DKwN#>YNTjrj{5%8VBZ=^O;3qcX!{n^bLOaR zmGf|>+uhIcIch<0!qquyHP1eyZ;^XS-|9|vZQpWp)Gu?0K{QA8mZ!Wq>YPVdF0}jk z<5Pl<2VCLQ3f}!6L$RFygvPvED#A_h-7@{T!d89y~47ym}AJPhOb}M94h_kwU6# z5pi?W=MPy#WR6-xp7Q3Xs zHIrR1IsTB`eCCzOK!oHehqSzuJu5qsry%mqY>$YWqZTlch{zoE z#XtEZeZM|3EY`fQZadeZ0sKB8fSwMcODQ=52QY$UIcRE|^3_^5*&G z&FCW}PeJ5as+&JYJt!Dt%~7u{!8YKb{&{@(&~RODBfgW1lUBRwGI zSJ)vLe?CQMZ2Wl~S*H6HHnaS^U*W)`6MlvD;tV&A7`EwGARry^E9|m*o?k&P46^&? zuf$=7=nBvUU|i5LgbOrWVTS|JJQ!;>fzUaAg)KdSY^?7L0_RuQK{}1|EBrXpYV7?A zn+t`FLT~$5fv_pfuW$#-cYRR&3im*`{EhW}ZPjuE=)(`Nzsgq>bH1hXU=_z*Cu~mmLv7F&G9$nAB zJ98_pq!?NLoPR`7>5sAgiT2;0G!A#_gJ4$>%rCtf_59j0OIyUAdj2ni=Ono%Vm1ta zxJw&5#R{ILi}40Ck)%;|XGPWF=yb16w!UW%@b&f2sc&Lb-zHIgAA{D_cV(>LuV_ON zZPj>vE5zzstJC-iXpC8AIdaw0yE2PZ#x!=@Ih2vsO=aX^!@<>cHw&qDw97( zsR$YY@9ITZe1T+7C0(TN6qF{si`vS&-P`#2kPGTmEF~s^&Y4*T-o0>F5b|LxcH*#w&LQmkc-A^2Bxj1S|1jnf$;y2 z{}$}aovc066mPtETztcS=(rS}pK354!halh+v8pRlMo>=5R7Kcq=|gm-O=(Rii^*` zS2+7<)^4M~I3A3eW*!xqWL&&P%W5?1M821di*JD!EQdjrnGiAPXf&&a@-o)p;^OCs z23Su0llsiKi~7g{vmB$CE(5>0hlN7XtdWQ?#zE6)*4si4^^(!7JCqeozC<)@;4yj3 zNM$aMn6(|{AT8ERJ}^Y%eLA(Fwl11gBl3)pi9HQ9aZ-aq%-o z<_Sm|^M!>p9L<^|xv6pS{n$CY&^9i9L&UOeoy$Tx-$9+Ivx{b3D_TP5N2&ANJE*g? zaDS)s8Y(4ip}e^G`A6jmNE-8l1vVVbdRlT*R@xOg>@#QG>xsYKb`FGSP z=_5&>Sy5k%Mv{rj*^eY&Aqp4MoN@8fE#v&S_y8@NHo#M)HX0Y7X(0`dB&RC3GEq1g z7w?>}GYQT95zDr9CT&9Jqo@;gb|c9U(J~rI&b-yNupdbl2vDK8_znnH=CrVkBn=kW z@JKR2x%E|@OYjr9gqdVk&+jyndPKysZJkM*7)ef|PSDwoB!}ZMZzOr(SBwatz|=g; ztguINB#G=-iHkoh7{=_^KwSJD#hFW|X7kV8!7<%_J;Czx_Uly#B<$D2;|!097`AD@ zaLQ`i7LVHfr;(B2as5 z)S>8;DK=`3RgyCuVa46^=jEaux85o_2ttJ7;#da6Et>a#a%H_$Qry0>xB9Z)DtY^s z+_-pO9_-9NfBaB1vsQc@7l(Jg$!&OZ>w&y}-L451o-EYO8WUh;@a?Fstb&tFn8mweqJ<-U;3)KC%|PDiG$ z5}W@nmBJMQ*0aYbYd)F39UQDy@}87ZT5S}nU{Nft@uQrlDCgnAvX<$Mr->;rmr154 zR~O=96oN=A$veig&u}r49D`pzA1VPeJ5hs%sJ1jNharA_D{iAhIVBIsPUhqM-^fQbZmTBrAI%f#G!dnad~B z_n;sml6O-Kf7?fd140#!^C;z9EG%o89)0nQNoFYl&u?3V)0y`d&prbYlBXati0WEI z*2WDQg2*<40T9`Thzy%fM5K=tfsrC|ryyBbfCM1Ibo3EEnYG}23cRe6cWDfNi->SQ zsKRj`s+?PYCd*o;H}=*o7fdpr67VDRLoPceRN06byjKene#8 zjjoRvFj7S71j))~k$X1Nfe4?>@^FU*5RtqIG5jqe!T}fSI?j72=S9M@mg&*;MocoV z67VD2nSqC?>KL%oaYG3TBb*>@&p?FaDTu5_buA+A zbH@P3k)_uY10ZrR5!pbVWE`0VMvBNdL9((Q2|$GDK!i`GdA}ecl6PV}SYnWv2;|!WaMDo7(%48ry@)SgVy3Ql=LKln3r%WUw!->eM@+9L( z6&NWZqonf63M2p#rUMZ^ndkQnA|iQ%yvR|2PdHRpPIH`#lykYTtYvzmoVLYHPh>x1 zXb=&}`$!5k$+NMi^#?J5R<$$GXw)5aw-vd=4#hRioi$_>7jBL zAOVOl9f2O z1|lR+LFDgL*CH~W@l}o^Qw0OvC~#%*zye&UC!d(a)g|yUMpu_?xEaWo(WNQ0TujCH z%b|XW4e%4QTdyNE2QE#yy)SE4_aJWg#-DT@!v3ya#JF?F5uMf1QB|`h{(TF5vko&5D`M%y@i_SZG*`;oIf?o z_Ji|snZUwtMY?WQy889f@cMoekxmG8Cl%x=R_R2@8r`QAZD7-oK(&pA2x_XCpr&dG zYE~%$PN@aEbMOY4?NquYG#-H6!Rw|;cc@Aygu1H<(zUW!^g%D(Go_!8M_!RiPRF2a zQ`JnQQ?*n&-8!by3AIQ^d&6A)jbOLXO1D?fH0d7gBiIR{eh&i@EK=!2$Qs>aTWvRX zRT|9`A+^V;W+I)crPAp(E|pGIV!z|M&V2W^NY`McyLA0D>3XVkLa1MMf^>6K0ui!C zzkCsW^SyF`=82FhooXi1NeN(tH`FSn(y2<6j%zG4oYMVbQB{E3V9=TfCc5EPhuM#ITAb++ipS|`n? z1J2yG5lSnaS?zfB!_BMUE-hhNHot;fllX5jw$fCVQ=iD`=DEB=<~lDe=2xVXWa9n% zaH^ZWLS*K24xq{gGd7u+37d#7p3cVD9all$3gh&4?3`XsGy*8rHs0~vV4zSDM`NX@mQ^Nq#&H*dt5jmSS=~dUa@NJszo@& zeUB?E=i$OR>3h6+U~tt!a`S1d#kOQGE2}BN``)c=@{`5-SdPa|SZ0wtW!3U|jca!A zdwiXVw0^|*`12)vDs2MlWniT1xC5l}$`X+~$M@J+5=4ZQW(O~Fw6YZrao=Mr8vq~m z63$8AUH?K-jY3Gb}9LZAL#lAHT{^JXAI@)SfKq`DRn=X<mvq?6p{5*?q-oY$M;x; zpkV+JQkq|4_}g(rIK+LAPYO-tBH^6$Js!#~m_&r+W`<{=>M8P@G5jqe zOvgal;5gr;oa>lglk`3A$S#;fgyiO2&prbYlBXb2L3J%6&i8ndU;sqK_jtucu8&kX zxjzvkL%zoYb_pURLpc@9|K<0Eme1@q)>&kBo70zamJ6e2*nN2N4-bksplVZxLZS5E<(@Pf*UonT}&y z_{s4-uFfu)M1+4;8N=TqA{^qr$Agt~v2afM9{&qv z0*H{@Z134;AVTsKMEX-*i-_|*ZY&r85%E0^u5f*%2#gewn*_ALe^JNTus$@k;kSp3AK% zHF8)HQ-%on`}-arY!>X6(1vK!_xKLCiPXqvZXum$^ZWZAi&eUXR=RZG<6l%dA^gL9 zj}zV#>>8|e>AuICxuK*+ooj!X@A2(-A)Wfz6qa^6F2(ma<2M!--{UA2R=*niRJ!l6 zn%hchDyI>^Kg{>|^g9k0X}R_~F2(nFu@vrz?{Qmfz6|&tH(w2^Ti@fABoQxWM}3dO zSyJbvkW(?*d3gLeZu$z5nQu8nDVxam_{-`^-($27coCha_e~(r*goLH7bosfzEx~_vy=ar4F7{uq15e%ac(mo$2p6yPTT`=1Vju89afTxzhHfA5cHqCneXj_IOKS>b zr=i^kT*FPGaNTLfg{UWIgRq>G8*mWMosEr7PUG~@#G6%m_SYY?~Hlc7q%QbRB zk)H;}M+)x6Xb_!o)$FtN0Hgcp@19V|Z2>-A+N5+&^}8rN$MlbsZNQ;E{6~_unmja^ zQ@aUzvRs%~`Z~_29`QP>MH3Hab9~arZ2@kDXf{hc&zGOZmU;@OT60PqfEovNeX#lQ z6409u%B4AHv4y%mIF0Uf{j-XFQrfMip)N{&XwF#tIjH*B-s%bMOn-W`SV4L5%-cl_ zAL)|Edp4l@#R1h=-Mmp&{Z;iZka3pTv%B4C9O*sFoF<}Jz0c|@dL#HL%O)(9Y$J|e zfbx7q8%`~K{g;B477in_Rw`}6ZxcG&*bxH`*Zsn5)iF`4=AVb{iN!Gdu?^;J{t+G6 ze06Ia*qq#Yn*9`2KjZ~&Y5o{gQns7s15DjuUx$XQlbr9?CRh7a-&HZKiOsH%L$4in1LQeKoli zL;>0E0hQ>rNb>`-HIjXV+bOFCaYJARFG1jp^WaFfqPT2@BHP;0apS|K?!4Qrzuc15 zme!X|o>*TnUQg?8?+Np6w|;+fQqMP=oy-?#zS(`ToYX`d|3ZCTqSM2Vku4kY(=`c5 z=yvPpkOPIQ(6g(|d8_2#Zr$dY?n7CY?2838+ZL;%(&&5Ey(6thivW74`y=4a7g3I1 znBqvrCn9bY_`@Bt-YQn`E*4~cvq&1fGdFMH>+8~K{Gp!pT;%Y{OyeKi05N%DT?Fqd ze4(rjqjz5`!eb3z0EgdQhnml3WUF5;OxY+BWYG7(YD`;^$B=-c{Q5Y>n-pFYFxSj1E7j(fNTqciOb#XuZ$wlwDu8aFO6?(gvoLjAA+Fo6o2qWo zDqrzo_lr7>gWCa(^r1XfM!jbbk!u>;r{xlR8H0J;7Ky%f&lr4Rq#++VNu3o@<$u8+ zu3LSMRSZ6QDjel{2a0z*NuzEx(u&6$5ehqXt-KegP&OT(%8@JVH;mXfgX2X_T`M0U z9l5O&=eC9ji%#0P!xcVf!j53;@(`X zM-qL)7(MH~94uN+fM%4uQ>XEW7`rl!CE#hc%_(?KRPbOF6b>(7sRM98stX9;!)J35 z6wM3AuE1_E&0g;ijT6O~2bbWLS(3K{fETRDW{0izva4x>-i7~i^@^+y2cN>3>j<-W zt$6D8NR@+vj@~@~D$N8bY|J~IArrWmIY`a>IOY;_*QwyC3;lLWSW}uN;q5ZF=1X`5 zQu8F-GA`k+k%Vh`38Uj+OUz2YLBf_nX%co0O8DhT2?;NGC5GX3%UcY`A=P5I9A1`{ z1lZ%*E*?X7TCRFL8k+xcN^Wg*7PNXR1{fribi+BXZuq+um$(vlbc$9ij*z7!T^}qd zs@k(C_PA2jo~VrlV(s*!l&Kzuh1HN|5aT~C@~M8$VEZ;hCX_Iflq61bl(I=aWd z&B5zf54h~QtC_ApdKKyUQbv+mHsZMwyUDPoR=47z!MItZnVWtWvQpg|!JTmGc<-Z? z$~HM{`bByfHvO{NE7lKID|su%s*N1)EUMl;<^1f4qE4%rR<-o{HJ-sfP&1cFW)xx< z;&{*1O7dn&QPC>P@eWot6cOjc{k`{4-D-tq#pr-ZonQb&J|ZHG#}g5ld)2a`Q04Bf zayN_IvyJ@B<&(LfXAlv|`}PE1n?*!8s7FybKP)sk_oZDXbK~4aWIuF+AR>}?jc1>M z2+30rxq<3hM81uVQ%n&IfXEj_CJ~XmGd%kYL`a^3$k|laBJyI9MP!s<07N`ZhQw$XhfXHe@c&J}W9y;lB6h(fA|yBadiEKJkURyE1F5b>B z<*nI6FaRR!6Om&_xjs?`MvBP8f@El8VjnoDWcy6+i(W#JZ;0V<5n(#|$WX`mDCOLr z>DUN>pT-*PBTO>i5%44;lDC^@pMeO;QxF+IbuA({@M=kpBU=gvKxA7Ya=_89kMsp2 zMdWrtGIS`qJ6ulzM0!!3>KOhO5vBu?evb1Hm%GIS`q5YDLpA_Y|E>=^zQ5vBu? zZjSS=%DGjx80f~t>l6_tnU@H75)sKO_UtndA$bZSJ*lomo4Q#w$9J<|+hfvIvG5`&?ir?%3{u;tK7L(%up z<;U`;W?3KA;wr>E)g%)2V-1jKpS=dM#|HXM`C1~85dIO{C61tUeJCBQs?mD-;#YaF zr!p4r4`gy?7jdzO7i03_?#+}KXC9eZ{TcApHy2Ylb4`zLf8woaH2&h}D?+y5TXQH? zx-IzrVW>Ud7QE~Tij=ek_klk;FbImBc!rc|pDp+_E6ukB*U?G?wjj@P2C5ZX@JElH z+Z3)Hu^WDLRDWD(a_-KK+kywf%NQDaIkeyC*=LQtAWs>4Z>G9->~*%_rGf!wBe4bV zKa_}+HUV|x=8P3p?q(!l4aanJ06v*B;a3YFB6%$%d~J3%5)N@&@E)N_wFL*k6&XNe z5v#t$v(G?;*ZGupGy zK!oHeh@3=qEh5eqJXkOQB4P`kcd+XtRbZqo`Jx~hvITcXU^0M61x0=!hQCFG=|E(f z<9xPqE@wJ6h2tm37F>;8Fo_7s%|V`h1|lR+LF7=XYY}m_;2^;Oh=?tC;xN}o#( z{{+d9Ex1K^Kp#nwZ;s(_5n(zI8S6M7r<{i~9h<`O(-^k}ej1-Z31j&#sxDJAufj&|~kuQ(oZxLZS5E<$?AE=!B zGd*Anen!BPh>+a$^XxMaA$bZSJ5pVXh_eNI2?jt!Y{9(_bbX|+lluliGGq&`h`?k3 zkzN#eVhn$a2-AT`KgW51axP|iz!qFYz>|oO+^p}}XCOlI6ht<3$7*@01>eT zcR0ZHks>E|wICU?1;1S}h)4lNJ}HL3MTF@3qEweNR(|0o~#o6v9{nkly|l zc)#oEmY=`(_J$uZV6Cs=PvK$Av2lhcMGW13SAH)7kyb>B{kB$`WI5YfHLg49a~VeM zX1Sbgtry(owzbxwa6yau811&!*YVy(+gdgI9GL0yuG_7rCqZtvt@V0=zI2*wYn^6} zj&!P$ty$d0GEFG#Cbw%p7Lc%8u5?joTWeS0EnjB&0isD9deS@^{2XM>7ym`^sipNO zUXj1Q^$aaqU3nhnw8#6QwE1}m+tB(}WS?uaxwY#xi~#&inAE*e0cDPeJPbt6M%77#hqdVPf}R zjfmvKR+`HS$L+~2HB$@6?ZV&73&(B8-%AR|ZO-4C!f_k%x2|wp5B^>k?K`ai>qwy? zfX#G$XxMF|tEc7e%G?B1iGKSlc|gCNC}X7GCm(c3zo!;k{Vo(HR=;yQaog3Uh4!O2 zuYm{~LJ57#FA%_^Uj;%%pT*e>OF-+kQ%#Q*e1-){Q5>sDcTMd{F5KU>oYdPT+TV3# ztoRgLulZjgh~4hjO&b3SFaP5>T~iUZT$-Xy)alN}IG#I`65m7%V zm#W*^sksqVCYvEj>ZHWmX18!}uTmlbds9DXrj#@Dr1U$ma`%gH2bOp!-`_j28|b_S zPDFM`RSnpJ{}MAAsdF&MV#^E88`#}IhYkktem9W)I*#4*l~Utr$r@LV*SJnp<2V0s zHToS=pO$sJ#-H~}=vW8dPRHBdvpQbrYxFyw#s_QseRd<=UxwXCuWi`YZlv3gi(b`? zMrkz{>jQQo{cgLF{CBtea*EC0kMzRzTn)ho-Hcb#U3V_~kH%o=(EUd}(BzonMk1jR z`(;pIF8?;Kee;u=pTqHlTa5Ha^L|02VL8O4mJ){fYU~F~YsuGL9sUsGeM1LJmP0!VT2v%EyqUPdQwX!&IH@^*aod2qv`%@14O;6c_X1_cA!H-~18!uNY zlAFGseTI!ka%=U*`7pG%71g!S^oinq#exB>-lvGj9s`L;X%nRA3qFd-Ri!K!`ljcv zIA$zX=JB0lFL@KL!Z36i02dj9wOAR+}6`Is2~77?Zc zk#3IjrpmchR!O=?&3?g>Nv3gW5E02+-m}j@gyboRtVDG!B87Z$iO4qth=KY6?jJTV zB__O^SmUMj7-gC;u*|~m0{k}M7t7AlIrznZBO%tNti$1aFU+SiF-E8#;E`UP%L*Df zmznMda?A3v3;?ssnF*{63#)k*{4$7s$2q50V-w}UH-JXL!BE6pbITi;0}yrt3rzCv zJI=u|@2y%^kum0NA`Orn^FH`8*s(@Zh?QfFmNn)bj?=}7G4DP$aC8miY>tJ{uY|07 zBCHsA!zJ%3DV6hvGaZcln0JVB?k_BBncf&5^S<~l*q=#mcJS;o`ZLK>`t#0IH-F6Q zEf_>&-adN}ky7-@*qAq?L=fo(#=HeYh%NX-UT?3ljG4CI*1jf9`zeFd5Ia&~n`IkQWA>m&dCN$Q+bU0b2`luxAzP-aep6{sjkusNja6WZ7|U0DqxVBjq_c!m+fJk#cV=x? zyF*`sb`*IEQ`>eTbwa&DqIXZnoJe*CZo`Z8^P5sngL&*N{1JJPX8-Re_r2hitt+Do z2&~hkqDz?v(aksO)jt>#G} z@6NMylk+U0vite6k%8SRt=5jR-F?}}RBko(e|NxwJ|R=-Es!vxfMu@FdCV zFsC*(#K*@fv@`!m7S++k+JDMVRWQrZN$xh}T$-=A47z}Hs+{{X-TDaDq+r%Z&)5tO^^)v2;MS5M0!!={bTrBM3@dlxGq-CYbxhrrduC@wTPKy?q(O{ z>abi0Y=>9>!B<|H3`EE(1(EN!^N3Wla}tpcm}o8HQO68Sv4}4!V#}4*;}vbf@Bhgn z=6hjYg$22I^L%AtnHH#Jsu;}Wk6Gzi%np;D=ExGaOoJoMzb?xfX)b4@=ZrM_!@ZpZ z9wW_pLaN<7eWZD%9}$#Zeh(?-*t%*q9NYh#6 zmT@B2GCv(*$N(ZT(tH}jKW(JBOK9w#Y_-heBh8-dg2_HoOhl?Y`wT=#o`T3!s%sH( zBTczrpmu2bNYg_+-OF&KIq8a&k>(n;2g{)adLnJb`SUU?&X(XHxsjl~ zY*Z*OGHcX0V{idV7PR!{jLGBWjC`GVwKoPeyR&4=Wd&jk{_onPnP2hjBt=6jo?G4t&SoPy;;s{`(9UK|$6|msl&+iK*^Kh%ta#2wSI3||oGiv6 zcpaF{B<~R^D*9y1W+YFU%^s(^b~gJ7jyAk=P3BI)0Q39nL}cM6L?my;(?{hl0b_XH z<13yk-VP!{O0%LDIXd$r9OAasvwa1T{=!*f5l6;st5NR;5h1ymB}LnV2+30rxrgdn zL_S-|B2p(90Fk$eNMj!&lDFdNu5$MhxpQI>7r?EQw&M9VhJV_M=V77AS@9gGh!j)n zq3nVwE1qjS`;0z9Rw;D(6K^uc>8v<1j^pNoGrS!6YJ*cZO%5fe6V{`pDT-*CO&yox7XND8T@TERW&a zRBhz?$O163VPeJ53s%sJXI|EQ0S%(S+Kx7pna@K~fkIZs%KPyOv&V}vtdJvI%s&h{a ze~Spyfk=bne7bV3W4b*TR;Y+D$rP~*CJ~XmeLedOL`a^3$bnSXA~G#H+rNik07Oo;cpRP zIuIG_I1f?I!@yG{c?u#usjfxjFfNjbNReQm{)W~I2Bvs6*IEPQ%gD3IHJJIag6r}2Z4TlR#r(Si z1vrD7>pD%8|2SZ%%rehKjR@Cw(5Y zTdqBwI3XsKYPWpcldX!FknXdAd2%~E!O4zMZREyeOw+61|2pQzlYtjBVpn9v(91Q97gQL~?v(k6(;38ZtJaGbj<=l)E$ zp4zzGawj6c0Ype{mUv|{5FvRABHym#5pi})GZQgjsNJ%HJmuLfBc$?BOlUq_If0S0 z7e(IPiyT>UOa~(U@S|84D(7OR+n7+?ZmDAzOpcr+H}A6Tw0ScSA$bZS9~L_%EzWLv zo{2<6?3QoV=9BahZ?_DV%0qjoX2azaK%{^oZ{bCb5MeqH>4qOgNL zR?a2=@y(lo2+30rd6DYcx5n8mj|m1qMC_Ii)*>R(M+_LL+&ih<%}B_*&*GN<1Q8*n zS;vbUAtD^&cFQ}`MmhIc#O;=G?1D)|7LolUzIihcA$bZSk5gTXh_hSn6byif*ewg! zbbVw27%3usRPH7u01>8Rn&6YUg5!9K-Lj$=IYLA@#O;=6rHyj#HjLXXqu2$Lh|FQt zvwZVrAVTsKMDC%w77=H+)CmSaMC_KvKe;|K3yc(z?kaaZ5`YNPfe4?>1^*5rB6;7& z@V6tYaERM24-1WcAv$2U3}qKgB2veyukq|N5FvRAA~#T7i-@yZrU(W=MC_KkySqM8 z1xAWUp~_u>1R%n6Ai^he%D;k$NZyAr{4FBFA#S(aE;RPL&w8Il+-}(;xRlT@JYVG5 zXCP7zNmCH1rn(jpXSa+K41kE(E!VH%`p6hCQbfKKBtv$~hy_7JMiQ+TWB5nw5u{^e z^>$0Gavsj~fZehsyI``9kldW%*=Ha^@)ShQrn(jpXSa+J41kE(Emf<#K2iooipV>H zWXNtAJU@s?2}OQ9hJUmkK|0qXj`L*Y+@I+IyQK%aU=k6Mn~|P<1|lR+LF729YY}mF z%TU1}%WgT6?viC`w+tM|^>_#DmNhz1Ktg9`F+6K&rQUAf9l5W zVHqwLF>EvLO9LYq_Z`E)QRs^-4>dqgMkUX>4}U~a$PncJ$;qVlR&0zy~cyfD`RJezjqA^@Yq|teZ>6 zqvj~exwDAyek99bn&l#zIEQ+KetV&WB+x)>94)}n{w4Bq!p}`+ zeW9@7=RVK`2sSaW7z%<<7v2&CpAOmcgW&5yHU`1vJpDbZN!2z8ZudRo?)OPgQV-M; zg~kWq&UnVgPegm>2-jdH2@fk=)vY32dt&2*@HU}_X6V5qQ}Nh%&Mw{@qaSh9XGRBN z%|ERg#eCZ=TkXsGSaVbR$`0{m{Vv{%T-o0>)_l`s#F{_*=J0ER&#?s z{4ufSS?t{TvE~nt;s_3(O%t4qX=h!xUWMIH94dBKi*BR+>|r}u50^eNU4Jxh4Jji@ zEw^z@37>VHBL44{z+bH|@3VNgi&R=7taDA0R+6`yXP>o304uvji1VQva{$$~XL@R)INFwi0ai^{i~qZb zh;Zzkv?L;NLSXA1<6pX^~*BktV8h zU<`kY2-AVcLdSV+J0EAM_wGJ1Ca*DxwCSvW4iTOSPPv==06vycvj)JOzQyj|P|4bIpr|-z>WTjMj`DIy1jBV^9wqw;bwsA5@=mozy%B!zz-8U~xOl zH1fer(9ac*g;uB(mVzFj&;xZ9NUDcCRrsBSRTMU~fj&K-^`PFx zjU1`W_N*T^&Af{HFvr+GX}$a^=N57%H=J8o{&0{hbY*s9+WyyL**xiKuB77U7J@6Q z>VsKZ#>(myX`bZDY8q@Jai``8r7NpBu_n!0S*={)db?j)9i^3)5Z>HfY|kRt7pRt$ zW*S`O5Wz{4Y01;VPeeyFA$y-_Ns&W^AG5QEsTzCigWNv>Th=}C% z^dd)y2#5H}>V0XWoM=#dWmV2Dm>dyXIa)UQ=FLEafcrdG;BIkURyE zsZ`e@;#OAWf&mbbmDNp4T_33eBSqwEK{B+mI_e+6K2kxEUyb2!5n+1H%IZ4hT+Vd6 zi!Hvg>c=jaM1uWc*p$p=YN;**H0H3 z>t3Hpmg)ZbLoL5XSWXZg3%<#>Cj9k(i!(ehV(9$!{Fw3*cdiJI<(h&%ANZ+&v)M zwX&N#ulLfK39olwp|FnSZ7vtkn@}X^^}ZeD?L8p;;&8s#dlOr=c)cI`UaE#+0RQ%b z)3|8YKdl4YsU)d-2grcxH+YjQuaSite8?>cH~0i$YNefYnMfO%G|jFllSjn1M=wP^ z%}^}v26uOQl&3{wHoF#eFdAd{M-+{D{~knRc0VAxA#^w7MK_ZcX>-_nVZQ(&>NOP- zhxyfB|FKGpei3k#3dTn@?SMbr-KFne<5{~ej2}+YNS0wDi~GWOgD(*O!uW9_2rf76 z&p+J7r5gA-FIFb^3*%2pkc(d!r==xw?x(~MTVoVe2nFfad%8T3R4|GaMdD=eKNcp#e~_0 zWJa#nYZ)hWox8HMf)z(6^0pD7>+O}L$rE`wZgxZfW()~LNnZP=Tj;Kn{IbXRvOY?3 zef!F8>dX2l$&s$??;0g}`bI=ao_?;aD9P2xMIXZp35>?;!|xd-iS9ZXL#I)GjAZY9 zIlIAp7>;Ka2c6F7@p5&(3v(H#vk=(AX;(X|$>PdC01+A8UttJBp_J0coSa0?v zB3pk+L`s_=H|UxvujYrE! ztzT$vBH&za#x=2DZ(hN(&p?FSQxNGwbuA(f@#EEm>ANq80T9`mh^!}1V#ymYQn^nT zBtsE_cWwzH(u|_!z!?4(5vD^w9}!qvIWJTq&{;Xp zVY-b79IJ>h$=t{;nCv5x_W|2Zn>PaylBXc@>F16~%T@gJ3H!)POe7+^5|P%$e3Cvw z`&1DbB9(_C0uSFDM5LbTY~w|a5MeqH@ezTqrHyjz)}uMb*37LVi%ZxAlZZ&(Lf^a@ zh>$!5kyoj%eQPE~Cw-d)10b?D5&7gZA|idn+pW8*+!fR(cNgRB;Q^hLrl%J*7U@5D^aXU5qbC8&wV$mikq$6ZEZNk{Qh|m_$VK z?)J@_fe6V{5V?=)T11X0vTx0ef&ma2N<^MCu8)*~ks`9T%3UII&t^Ih;ggwsQxFl! zTN=aPj;z8VzKe0L&{XypmimR}W3-Pj$sEKkm_$VKuJ`OS5FvRAA~UG2MdYv14uwku z10Zq;5o!3;^^v|{q=9z;a)K8@jT5fKjXqdU%b2~B0Ou+%R! zmuMehlG&48Fo}rdReAOqh>$!5k*QSIBC@j@GEJsjFaRP)5Rsccaebu7$^Eq;8Tu;M zQ8xw=DWE#9#_+d@FdZXnH^=!pT*dc<)aubk%y%UY&4S|2Hs z%qr}HNkk;?0M9-H5t64MatPJ6h%6WFP}oy2us+f!2c|@yU)q4HgwlFgflc`RKlw;$ zxtJaIUJlc|i$34_7o7!pue; zD8My}`Cn=Kb>I|knmSN`Gn~1+0|ht%m?K$0KlK*7i2stW;XnADzwyn{*1R`}h|q&{ z2WAENbAH8*{L?$p z#*1I#ns4+f=GeLofA(#r7?`k+R?$`SWV z^o0X6fC$OWsh)iXA|y{in-5pjNrBLxE>B7TXB-XS7+eu*~($&g>7^r|2t%@q03 z82-^ZfSSks5*H}vMNAL)CDvjWOwM{FH-~%n8HkWP1(Bnvu0_Q8CH^KD01@#^obfgh zkv_5jjC36^Uyuy>CAPmZh)5Gfz9WWzv<^Tz5b=JAQ_>GiBF-N=-QIA0WQ>#h3PCb-y7Fg4_X2axNQ!)B41bFV(}BoX$9X5^Je=wFbYn5x>Odi(DTmb8=rGNQO>VE}j}hq=X_L z9mC%u!gL@q)N$^koclA~p014hB_2cYH-HGqO()Mj0}+y^AhIIWwTL*s#8evO7h>+a8%eK?z%|L|YDTsXds$`Q`(G*jd)yvPwEOa~&~FY%?cQRO10V?BbO9KXaAcEKbfBsc%@ z&6|M;$x{${k?PvF#`z^46AXZe_$5AgnTY6m1dJ4som6h|D&+blZmA9;LQ1oa7db*i zIK=%D??@X}&H+6TN%$qku?r>j`a9y6_7KhB3Sg-3mHm4A zJ&@k*s(X7Ofe;@fKj5w(tC~*zwnFk43|!bMqCcAVloW`Pm}8zkp6W(^%HUVsca}Qk zjQI?BlrRIMYY=wx**&n)x4UYD znI78Fo7?P39&o6bg>pFHGobp#0o4ntmkz3a36QZavk;#+lbIqHGRd3v0x=fI7XJxA ziE!Axm!PN0_Ye>zZjoyOm{^Czmem9qJk1&;pDQCOWvDwJm6OhsosHF%JTR}QeD^$= z+8rSP;5VQ`W)>Az8l7)SMMa#5kDM1oMe-(yOdb^`;(9KYrLW@#{yk+WfE(ANkLBo*FI+r`?&Uq9 zZSDU%MYv-B->LW`+S_=}MgA`SbM0OHFMu-I{ujH8|00k|m(|bLk7Z}&&cAvk=WCyL z7ylGi8SVVr@z}u46_Y*}!y)COj@2TOpA$xQ%i_Gre#_#~h2w_cQ*5`5DjZkJ-(w5M z?atq$JB{0szb6!q+e-2~jqAhTV>*rN$={ObllLE$G@H;k&D}UuA563@Pz`-$vHBsP0`3H|0PM%m-FkXvIj}8nZFM91b3EawScv;?C% z#W}3t2^uWH35Da&@l|y81eb$AaP1Glo80bI-)cK4qO zDsTye4eej?whB42F}R?DH~DK3Hd$A$RAy<^+NV`rdK@^>w}a7c6`t z1>cZYIr_dx0|-Tp$^0X)SI>_X`@0{di zoE9gbn*YmLgcjSyW6|9L}=s^DA@X}50*ZN|M$IA;IO;*6`O$P3OS8cgWs3FLz zF62T+r2Ct)Lfsk}9LqvA)8&WKZ;5;?M>JVifUh3G`Q>T^2RWtK9q~E0=;Ulq#=hx` zw+ienpD-`Dw>-b>Uwv7>w|tNGmF?=w`n~0yT-o1sZ+Wk0vA2B8jJEcc_eU<8wi)f* zYSz(*|8INCk13{Ii5PCL&vN&c&)09gOYh`lqp?KUYChv>SynO<*oY2=@_I6N#2MBr z(@LLQ&2;_Iyvb5Vl3J?Nk)W~2+9K(%dlsQzHZ{IRkNwX zfzIZBs#~qloDyxUo-P;wk#~v6Q%yvqv-u2E=mj=vr+1LE8{WHGEfh=}Cf;Mr#&Lh=+u>Zz_pWJI*Fx<)VnA|DZv z`yMAE(nn^2ks`8!%3Y5HY-D0Ox+b5@8RLV9NS=w|ZxIm=@o?SULX)$N*t*&4$bKNZ zARUISQfJijC9m4E&p?FaDTrJ~buA);qm9+)2nImpGa@phk%&kisRAQKSsIEn1 zr)XpK@qz&m`GSZ{o$LC@7$^4!f@COMx9^!jL`G8Nr(^hAM3@dl#yZYb%6T}`ZMbfv zBElrI0lQ!l5y?Bwv(G?;NuaJoclA~hU+#{M3`h&Wfx2$B6$aT_8EwfJOz>ARM#TXy-1cm zO=h5A07SkcA}2iR`bb|VccUN~3fFCZda#f5qB`|4{4F9(2O|9(=VO&~G1G0h?s!Fn zN#;iao$!5k-ey{MWis=SiP-a07QNuB8NQU`bd$J`))xp6s{|VuTBD( zt)f#j^c7H@%VPLjM3@dlx;f4VDCbrU#V|eEBFZGwLco)VNZvM{eFh>VPeEh{s%sJX zQXL9SW&^sB}|hzP@S=DZmG77?Zc5g)EAQO=8)9thXH zPQa6hklgh2>@yG{c?u#MQC*A3JL=SEGOG#(K%@}sM6>-I*GK#|;wnKhw2k;1xN-u0 zM8b6^#_+d@B*JxDE9W_ih=l8ovg;9Q{R{z5B0_T0#k0>qgyboRbfdZ!k!PcA#6Lbn z3^ZJK&F2GCwh?d9gX`ncdMx;x@cVz-M$A>I`J%^is8&oeTpQakby#!c zo?jN1Sgnnb%ABh8i!&SbfA&RM{o88&La31jNHZK5qqB>RYA@szgI_}q>d}JV%1XUF z+$r|zExlH&BDz)!t}b4y#a>|EUPln=N7j(2s-}1d@azg|I|?oxD$G@p z*+dM_ju++v!nCaIKTmE_ z1;%MonkS`{tv1Dyo}!!=3Fo9G-4ia;z&K5EbBt%7F;0^_Wt<*Eb?rFqEa?LU1I%1v zNuP5c5h-l~>I=X~t)%B45JZ|p?i@>c7x=*fh>+4WNU0n|ghSkt9;ck=2BJwPx3B4SA&-#|q2Ea}Gt$gC;K{k1VPeEi5)wPH?OL`l@0Embs zJ?tMuMEXdTllx9VGGs}wg>Yh^k5o|POJn$3M3@dlra8_-m2)}M1D5os1U!id$<0=t zeFh>VPeEims%sH(mUK_S0EmbsJ@8)FN5(k0>jcS=CA~aCkpVH{vZR}j4kFTvA|D*X-y*_vAkxoq?xCEEnI5pD@8b-bM1Wjl!-({Ea_F{Nyd>PC-*3+JY-2fKQf3&0Yx65MQ`Di2xGj~x|6L@ep;yvPwE2}}ArX`|GQuT$9tlZY%LA}{;q%|L|YDTpkhy7sMc zmh@AC0T2;Ox@8s-(e;Q!WDk{F?BLvuuXi39M1+*4mlrugL^#AZzJ4Tal(X?QZb_fZ zE|^4Q4%t89n>PaylBXatkLp@PoF#pqV31`=zfULcvb3aUc3BS4x5JV?UTR+EmUM5e ze<;AB-I{Jme@bU=WP7R@zmFw-<;sGHm{e_A(!*3DwY~l*OZpozusUvrizWRK3nL(4 z!A`fNClvjEu%y*??6@&3mh{_2Q0+I^@M1~N_>G0dk{*S^K}&k@ubraTJhG&(**$4V zNBei15JfhFZ{yGq+rN9+lEnVq-G#>P-yKAb+~zd->Eiefz2e6uO1<<}<>$YLwebOo z{kxwFk!ASxZkA!2`*-Pu3+&%b`$p8to$_wW+)q50_O{GX7y~A^{u=uPR6og(Tdf_eGbMJ#z`Ilj? z1H9ah;X7vvoO&7NLsfIQlSD2bohJ7xCO-jn#leZYFV7bq_U_BdT?Osv?n{0_>Jec& zaiMt@Wx>6>)|YeVAjSt<+V+-s}3{u=ixMG`F^_GYIwak45|=+6(mJVb}{) zjqiy~o_N~?yH9gd5X>*F$B^;s;=KW=y%FdW)vB(N>|-lDvd|RPenEC zrsV<}Y($c1kLim$cT9tO_Ou$DEL`jc)8h_Rtoi-6tvCwlm*Dm|dr$u*xaud%UjCp= zz6w`R&{R^k;X?f=+y-8$gTRIkH~Selb{_i~xKmMW)NuM4xHls~4%95CDE#6_=x5+| zCQ0-eIMY9_sQUfdXsKrgSUoQiCRWdh!@0lgs6yMF7J+Df=}c*xJ-ixIK_#s`NAsO% z*vxfAo#fm^_E8%Q5z%JGZ}{Ynru6$?BiW2_v9i5?2xVJ4+WWSf)O{mmYk3$FP(1Sj zXz+sIGSP|k(N5IvF~Vs=$jw3gMh5m%Hx6Tg`DTS{IabU!J=VgG^_pS$I)>ej2HG0A zN7kIO#xK9_R(O{7+Qt$hBegG%A#*0{XE(h`^Bpo(?!wlKkOO3pfD2o<--(SDUD%qu z`!r{Z6ZT%+(%Pv&df4PW8Ir{KN>`&{)nol2}cRe99uq`)WGN=x52wWJ|S1acXKcfMYkLRWRH+=myZL z*~$=znyuFf1C1Eve#NBo{=sS)NipZfs*RjINT;*MasG>PmM9FIJxFgnN3~*-dF=pe zq~&TQdFy%h8Ack(t&tYz!wqR0Qe6uTwo*cMB(5SDz-*mHM7F!0h?F)#?!Mroh+KRl z%Y|-({d&J3BE6{22~tWMB69X19gH}|E9b40b1~EHtt+R=I%zJG%+my%W@}s%dsFPn zo_z))WR-$QSE_3fSr-$QAo9a?!~lp~O+FXH~SWn{>+7nrwx#2DcX`I8Fm*(=ylT<#Hvjj`vxlK{_O98vG2_x!G2A0)628Z=+`7q>DPUz zZvNQUO)!YYzCYIzk-V|5MwUFGvG4nRf{4i2cZ!s1d+gg*ITtG;91|PkW8VS-o-+2W z=GkW;LhdPubf>!cW8W`V6N6~%>n%@tW8XP~WN7UBcyJIA8T&@W@J}22Hc-xKW8Z_E z^^=Im*!PoHCIgW+#=b(TYY}l{-{)5eBJ~(~rlpU4RcbcZV|~?xG4TJi9Z1H$_r7cA z*teS0yv)bGqfmcv?7M`6a_-o7)fR!VFY*EL#FHr%WMe*{w|_|ZfOZxd>#`{!%XA;m zw`>&nl)MjUgOY>~$Ow^T_~qu7VVgc64*MPO0j;p4Aon}rJIdn4`hbqa5;xZew3cLh zAJA8Si8*36RGlIpkU?Ia4`^*wNPR%-t3pj&(T99M*9dR%0bL8N@_j&S0x$Z2x^ber z?Mi`DeLxRZU8kLy-$tp!pZNB-U8lliyLE8F`%@vMt@r2R%>?Jj`_tTpr)M7-`AVCi z!2+~(^Z{`D<&(BgxNf-}s-X$Fn14jho{!3`vj;Ae)1s5AJA-0=>7^V9TPm~xtixw9 z$c4$(5w`>JhdcgN5G%Mh3$ng*NgCBRE>_=KIEeT%z=U;W*|=;xuy}{Wp5Htm;Cx`{Lfhe|cZ&;(aCMD=cuV7>jq4lx9tVNIFuCmG;!L zWt6drOQPJfW+!Y)Oa9W_vu3o5$E11n29gQ6b&6~JBNjoCSMMC_hS^`lsb@RKoee8c zb28Xg^F`eCwK=RCW^EA^4{Voto8)_la?Zl#n5(d(&&4>I@HL!zdC=F8U-mD)toJo+ z*S@mL`Lf>E@ZDumy}zrkVarZ~3e4eS+VVAQiCkce*B=Q*Z# z&lbsW)nslL46v;1Mns;gCL*%X_NK>1Dt8GOWA`G{fe4?>Wq%1GB6-Vuk)znSaEQBI z7SsqL{e`8vT~4K~Z*Rsu3ZBmZA|yArO40TpLh=+u?xeaFk%yzR8MT4|5LuImJX%FW zq>uCkA8pBQDt9j=01>7`WImbm_6Q;(d0)lww|zu7#N93r3XSd~j@&MaNHN(DVHe~= zyIkrN^-;CtUFF$l^bwM$AW}zlEh4w;?AK%_3kE=B9U^ka#Y9B95+42Dk5TD?8+{fL`3o?dG;BI#7vJkvV3c%P+f~iZFE}Y zbin|K^dchHPH}z2z<;BNd@e|aF1sC$7-0aBW_ppHkKu0-VLDoTiQ{~wa$dxAd)e(7 ziU^a;X6%AVL?rJt&prbYlBe{Maa7kLGC4Y}a+F{IL^dWOm6fiKEO2taDM*GcyWNZ9 z_$G;N-9&XBi{Wn(VLFHxI?ff!c@ERk-Q^3`wT=#o`T3Is%sHB zJ#ya;5e$GxUm|kmMXry`a&j*aBtv_CcR=7WfJi;nxif~pMTF@C7&eL`3rb>e*)?Lh=+uhEiRNh#XSotF)_N07SMTB1cbleWc3C{h%Nj+Vi^+ z0-*s!DyU9f41bFV(}Bn|$N6yOT+Vd6=QsZG*slqA5)qP{ojv;uL`a^3$R1SJA~Hm6 zmL{{AV4(Z3*61Nl)H*JM%cc&2K`_iT^1*z+3@;$${A$+wgv%~&e&I0A11PZZ?Co0% zqXR#1i%O?JXJymQDIRxFQ|$ZU3 z6hAs^|5-WrXS#KU$5*7!5%A$!5krk+} zMZ~R0|2L5s01;V{t}Rb_E7Fq%$Jth(nS&?>@C+Q=8MS7T29$Jykg9j&o zNHay=&5In_aZCpyenncKoEI@Yup+&dT`-9V$;~@#J8j+!L`a^3$Oq>-CM|A7`WzF9 zh^$Dzp1>#RBYs6%CY6U)r2phNp0Xm{+>0C`(xiy^73mk!MmhJn#8;%1?1D)|<`9u* zee-4@Lh=+u7E)dN*0>evqk;htkrnCt=MWL;BYs8tXO+92`sCi{^7n0mh>+40dyykV zghPBq`nI%D&V4TN73rDmf=NW`$o^s9ycvj)JOzF z-YR#6BEod6D)?lkZ5>2J@>cL7M~DcA_=@!3(ndL-g^aIAj}9&+^sblNee-4@Ql5^; z-Bi~i;#Q>B3IVsW{>zD>mCZWbCFMw>;B>2bLuEI%KYySR5EE;lsJ z@Q{dMn{m1GVW4y%E_doHd2zXIXbRQXxZJ#V^5b&dB-_X34ujBcgLL)T?7*c_TyAKj z5W;X0^J+2|2!#!RO<7G4YNGc$6qoyDWAc``+!fF&KQ1@XRxNS4)wF6Gmy=)|z~_!? zULsrl2CSd*NQkKt!&MD9!Y>PzQr7hp&x4 zqVU+Tt$bYSRC}@PX`S?9+0*UCvSaPVvS&m)Rxbf7yT`ZXRsaMYZ9Hu^vO{F=)K1Y| zm~`J4EnM zsih4V)vgi`7$tY7<^&xO4H^7)AY!!J_$YFd6K%>byQ(kiBSr=7EBhjbCL5{p5u>Na zMfLu!5u+p5L&RwFecOr{{V*gJF?vfMe$R-}G#6*?OJ7=k%xL5J9G4L@s`xx7W`q@~ z!DOegqEpZ0dnRk$#vH4Qkt6@d^&)r9^?(QV2_iyD^DiltgNSg5FDIue=Q`nBOUGxU{RSSBOmBp< zWjPtw#D0PNM9)405wc1_l5!r1Gi^ySu0T6kFh*X?PL}Y9L`a^3$PrZ6 zBC`4F7LhW+0Ej$JL{2@0h)5q914fF-Q-b9GqwYGut1Pm1h@e5#L|rx3jXk;+>|l+^ z)r%U%62-zUHpKReN;DQQ7~|e+#Eq*_RM4z7t}VI(u@C|x#2&1%0MS*L7{u6PLH_qW zGxPN?H*s;F)#t(7?|d_7&b)Kx%$YOgi@MZc*R3NF8O7?{@4??7LOSX<*5Q1P<~)LQ zbE&~u8WECI7F95eh`c-0WuE~NCXYen2v*l1k`K2*dd=Q~0T5{>BB!43=t$C$`w2lZ z>QaNvw~9ohh}F5-gTFz9bRaU^;e4XzJcx9JxA3QNv_^y^wVZ&55s`O$y6iI`!sIcC z3}$r=BC9j1O*^uUU;sqkAR>pK=jccw7-=23Tab*p)L=lgK`&r+CVKEUh>#9M20EM* znsYws=2C<65MD;FAxV8mz{7~hyRBUI84zLe7(}*bbqyll*sEyQ6AXaJdqiZ=xsHzH zIC4)CB%>}h_~DO{I+DfeTKa5owpY<+2?ju(#`dN=W0Yq!bQ%Jh{(HN+{$D?gvnzNS&h{-h_u+NXqS&620)~pi2OmG zWUOfhBaO&8Qh3z$fNyUeiAWQxbA&6h4PB59M0gFL=A5fJH;`_==5@YCge3I z-VJs|wulG^_#+PI6>NZXOlY~wK|sJSC4Xk}NjE;&ASe zHmWQWmNlfy<$+1~BV>OKRWOW*ylZxwHv=L}9)rlMtgh)bcjOpE8UzC%vIZs(YSEcQ zMEfIPq!HOe%RLGNATmb&%;b~08_S3hUc9{9z!ljdA{^k4IGo>;HmV#UENe(_?4xyr zBsG>Q7)C_iO?R6&10qZwgUGY2u0bSaw>v!`7yyy}MC6q-934r5kw#=oEq4(JK!kKO zBA?WxjUy3}cdNM~TSSBd{1J!qd}*V~LBg_z^u}zB2ubSCRKYMJ^6oyjc{3ow9|Fql%AOI24fe4?}mHCl~$h$AS_{;RIQaHdL zaX3$tG?n?nvW9efr4UK#NUC5M5qbA_mwg6Am^=oN+gM$L$eDJ#(=~zt5XmDVb*DKx zk^@E>krjeuWfllPgmfUnCv^@2PZ7OF-YxdvZ~YNwg+GEnn)AJybJx#gSwp)0mL^GR zU#egj5qVecvd@4BlgA)Z$?6(Jj6Zo`sS<=GSYa^%0CXY54;t~MJ-Cfki8sO8XY z@^m%1afFjk^<*zHaBik1_96qPE^0V4=&vsFPM>p+iG!qKYk@=}sd^Ix02+a2hqjgR z&nmbbmqWg4oFftqBu_|m7uCuEnS|G?!Y7B zq&rSaCkge207#dwr4u2mR_z71a@X-Svjw|OPD+5?J-TZ}94wu-rC=us_2N9F>(X-> z5wc1z{oBLQ@-Y>(wBD>M_x|Xb$@ROsTKf83y#qp2+1%MH*Y8r-K53%*V^8}0@&=3+ z{Ev^L=ai(V^grN}l8iQP*RXP^jeZD2t8R=xJ^ zPjY}2!BEfcrO4Rm8c$Nd46)H;|4f4xj*YH^aCwBGZler)OCBAP%M=?;o#KoS&B&{* z_`;D=Xp>ae7aJY6Ze+1csb)zoUnEdCcw?g#nsbA24#!3}SwC`oU~)CeWuIYuVDgyp z;Vf3yj1Nw1bhu!E5mRELm!3>S^jrjtG$JpbDu~pI+`ic8K6#OdFr|7_a`_Mu4&K=4 zMVj+u;T(>Q=ByWq2$QR$T=p3dVe%M6j$?HVB2H}dK*0crNNn`XlZZ$lHu|(685JAd z7Hg3as##8v@ATkrdW7hX%GGe5z>LkSch}5<~)M*h}h^S z1U!rgldBzF_8Aai@)$&RWpxcAPHc1&!2pOzY_#Y^M@QV)XpJBl6&vk?)zk1!0H-AoY?4hCBy)TNNjX7c@jI~#zrp^B%@-Z3)hT9B#R;+=fU3~LOKx1!yk>v zMw)XM=O_`e(Z@J~h7nKa6x*yv+|0T7Yc z=v%`b9Z7+av42|bau9$B>2S&Uq-s`=L`2>Va7DI=2nTO$^mS>Y*x2Z3s$dwAG8X-a z+q@YNVe%M6o?vwiB2H{{ieLalBsMzdXh%oJfRV9(TJBLG01?uG2%l6%zeq&n-47o8 ztv|x7-q`3&NfR3zJ)SBUMq~twzQbjo0TCvTLF8^$*C67=Mz0qPfQZCK>yL7DBnd_u zk$zh4BG$(r8@;G+BqB_ymU{5F{s=jEW1|mCn%LOr5UOApkwIjia@l7kwzZ4w(j>~RSljYab@bQB*Oy+TS}<+0KEk1_Vri`eL`y~rT3(X)DyL1LqOGDA;d zqi5^y0}m&5ziDjro<~KZfu@n-W20|#FT{WG%V825?W?7ez#vp8J~q0KmQE7>*J7ii z9}(<2IVtHjHhMdEO;pMG99j!v{oBVzn;)k7|E96gv+h9=+S-oMkCOml}k|0Oz;Rb@G9J8Zzdw#jpec`M@6&OZ7H==c8nt)7Hh{r-b*es;ItubC8R?e_Zxc<0;g z-lVc5h1u=C#$o}sNsy`--26|=NL1c68?Yi;8C&sWFnN8OmO&U$7wu#ro<**VEk%!~TuCnHd<=H*m4pCgb?l9w+~+wiyW>x6 z8?%IWUUtW3p2u^tJJ$9*o|`QX6%De$SGol&s~c)RwkX!!plzem*YI^mLS#PS-)`N@ zMO#poWsn!hqV;BLH%rHGUxE7lYM%E4rI0T_mO>oufR>pX_TR-DXa@+mQSQ3;!aa53 zGOn%0UGX-G*{L9ZM466)U#XZ zMSeQ(KK{I=%**l~XKJgEbzM#qKQJIWw=&OHLKEJK*4@k>a+e?OihJNYKFmw%y%K86 zkA7M?ukvWfM}K%M{;E0qS%5bu*e9LJE+~2>()uU(^Czn6hk8cN#8|Ho7ZQQ=eNz?dZ)^<+$<2>cBW6NLP zU;Z&tKJ0c@#~t%3j{<`%bS}0%%gp^7ZIZX3fu-3UukEXL(k3$KlTJzPPGSCn?X$>Db-*org6ROE2iy#Q9y+vCcE)kj4*OZU#I>Iy8?k3Qgn zY%|1;pg`vP6T=9?JaH}hBpt(%O+6)>opn+X+)$oxJXewq1Ib_gOcud!p?tw9|{v+fgY$nf?iGEnM3Y zjEu!?&;k5|i<@4ou%j2v+-h8KQ_BKasV*l6$J45kP9WKJ@Y6h!IV|18&uC;d4m=Jg z+D2^D-HEnByhWR#JYdvcKm3*_+H{>KE^C!~jaQ@7rAu;WlrBN}N*!0ti4*p0WPKhu z&z5M=huQwIKeawl--z93ND6H^Q{s}#YOZCrLw8k`TO~ua-JG>yZNCu<&-&Zie#6@C zHpsSK%?L=KMZ8WRGT(!nMmlQCQAK_Ac|bs+{-1%g<0{ma6a)xHIot+mZb@NNL%Q9L zOOkq>%HcLq)l8voYFTz)XQmC+c?Z^sbCK7a$PUZ@&`?7Gf>7ohY< z<*TNVjyey-AN9+!fPg~1!T>9ECIxloxS+WW)!Yh&O%3Tbs7#XjAgDA#-QKe7zRpaG zI=lUeTD_Mz4d@PZa+}n4c$7I~9lSRDgGCsB6XP86P^Vg6#|SZTE=`9s|BJCC{cp%* zNlp~Jy_RHSOm)0%3gdFPZIpORa{pdd7p)~(A+_QJ$5@h!JHXhjIgQJgw&np#GF#_O z`7Oz5RA4WIl&ZH3dTU8$Q(o$sV@V#D8dyv6_MVQOm7&SBX6z`XMOl(t1Ljv-lJ%@~ zVN0@jZC0Q{8`T=#O=lGs=&H>9e;B8w+hdgD)_Sn1AM zUb;?gYEN?HARZknZI?FjehXmzwot6}L)~zi;lE!p47-h$(%FcNl_n!&r9b{H5Gx(d z!N%S>a_sHFSm|!^+KrAbSsaLt1}`Of0STN-NxqRraV{l!7Vmr^!6x;YZng$M*r2|A zQEJ=-uOsqOl5>Q2?4=~i6kP~N)aANpdVUD)&S7X5trNJEtjJnpI2J2MM+R`S+vc6Q*Kl?3yi=H_*0C6jxW zcUw2FJ1aR=^163UMI))X>76A zTmRAT7D*l&io$V>s?mu8weF{Ny{*&fRYYB1K){U2lmp_vvH3u<6nWp<|CGT=v_8HcenH+YF zYt&vobd1(!b-*GjHprs zBJ!?8a_NRJhzJM0x~DmBtU2ck%Np8$d*=j6svhylP)*F`+~2vC$$$u1#US$2PA(!B z*i)}dNF*Yc5RtXyNpvI!e6-xBN#RjfA-;;(QUoGdtj-~>$aWtS>1e4uhw~bmbC)bu z)Q~R6egHU0>Mp8aux-t|PuO<4c{3nFRxyaQ|H)y}eoB9ITq@36BodJ_BJ$&od=ec| zV5AW_S_+T43h`Nlb0QFFV|8|OMYf2L4n(*nt2uuwZDcOls3E=aD2Z3<^~xKlf?-5t zE%Obxc{3owLJ9R zA`p>xe{@B*hzJMo`HX){8~Lt6JX#~tK=xNq1;dEQyC%1JGa$m`F^Igt>Ka7$v8P_^ z1p^>*0}*+r(9w}PFw!mgCoOj^2tb5%Ai^hgTeLx!cWb*MTSSC|_k6|zX(QiNh{H7^ zlgWMzRWOW*ynD=T-VBH^c?=@|Vs#B7+tNv3uenPw03tUNk-6JDI+6k-jmXAY?s5=- z25n*^@6?LkK!Lb#oaPpjYx^{RyoAW@{*G#jfKpZ1)2Nv zZ<5R0@C6{Q&{ri=_=`ZB#IiA0O5g-DCquGx4>HPi_;vPFGv-11R5N1fJO?Vrpg+8h zfwrDykYmsf_aXz`1$9L)GH^6i!+Mc{gN@3U3|x}pJdqPc{N#7W$EID2x}&n7O5oK3Y)AbeQy=x#Rk$ktS@@N8<#g2+xYib7ON zo}SI7J}zKi4a}zY(S;U?`uJv3_hOYW!k#mw+SpU9wO-`lolPy=N~$wRIEQCb<60y8 zDwC^cB&*aaLtka`n7%rT)ir(9nN9suFo5-v*;LCPiAZ2JwXK%BK;-t#rf$MgWCS8i zsn&2swqB5M@Xn@Q-ck_B7tZ0?)ama=BEsaVPO|m{5hjm8c~5r+Jq_?Muf@LD3^T(M3_7Vk+WD`gNQSm8ZH?)$Vv>PR_7e$<1%L4W_W20%n+Q)h1M=*SpH?xzLGsMGG-Vi7dLvW}w2cY5$Qh>#9M#yXt;qB)Ns z-JEv!&ZfR2;9*3VTY%}20%n+Q^)2zI+Aqceo&B%noX_$ zS|lPx6glm|-ylLd5E<@pF4mj}ksdLd`hho$OA_WxrG7tU+5z>LkK!@{wnsYws5woc`2zVF~CRh0` z`wWOMc?=?(v$_TmXEv2182DyW|G-f@c$ylWn|ety{JPoH8{<)!Zg_Z-BcLGagGVD~Q+BPk785fyX+vs@ zXRY@7uR?3J6D5r~*ODU3__f*t3_rWaOsTWygw|>YdKvCx8Fsr?%O#_Twc3fxCUd5V zbvEqiYr|qJ{^`wN>WGV-K%%0%Dr{$MtF%WCW| zlz$R-^H*HI8h(sKe;iqk11i4s!$g**bmdiO)meqeqTc!gB{I88*nZWVXtVaY&iCE% zv)-)UB0)J%r&LWPi}YsO99dOdesH=a{S|gMn~iO^zk_)?cT<>J>Fp>LQqag$$GX_8 zAOR69)5^-PPDa@uT93k*%8z~+l_&LPQmc41T~@N9DIcxV3=sH;mYkG$_m`~pe~Xnw z68-V?$=IR9)^K(xRV*vBjhiZ2oIAZ_v9vLFx(;|sim6vG@rT_x`#e_u%|8AIaLiyY ze)<9D3wGw;qs$j6jy7MU7;e8v(e*FxudN0!E89QUYG5|x|C8*H^|U^vdBoO4IofYS zD$UwU@6&#@p&ym)rDwOFZRkg1-}!R3xbR|_WHmsAuf0P8`LTjOY-PT~8v5u1_}%&Y zB@fO-e9L8ZyF0!11*z<<$%^rlvr2bptVQr}7OqS;+t6!1&ZTPAt9(!W)}|yC<8RF> z)u$nTe$uV`m&l4*-CEo4QvGtV=Owwax;s+!;*=(AUJdip`nJ#F6?z0$XG*l6B~#41?VAI`mP7 z?KA~t>rDz)RqNGSEYqs$vvu4CU5$MwWj5O6+cn?|EMdpNg)q;dZ^56wZsd-GVBS64 zyxBOo&>uDFQrq<`@AsEE<+?i#KFhP^{-$5{7*vjZ(8E9bd8OWS4SWWoOLlPwb*khG zsYL&LJ9i}9wU<*kI~DA ziw_+{L^EkWYy%C1dWS^3ZQP28{5*h960hlk$<}foBZcep!Bx{phsd4yqh`*IL`2^0 z;fib#Asx^%kfk|)&j!%nVSx`#dSk6dM3McC&qpF6@7|KEJwb%YV-R_d)isFh#i&1F znkyIpk?o1dXKOl$w1SbA`yefM3+q!gjdUQwC-rbsBqH)|OIKuzh;T^D#sbaxQ)#2h zW?@;=hChvIXeHQ_q^_b0a#rDOTk~#?+q@Zcgsfr^na}DPM7FkHZh2BL03tgPk=FhW zA`M`q<=$D#T@L~fAsr&~N!>mx5)pZq>xyg<5e{hyg=x-jN*h(y3Co%${AsM#Izo~< zmns-WMBdfA&6@!cCXYd68mns%S=WBKrB*NiBD)ijc{vUulfg*Ky{VSF8U!FhIuPNL z`fFn(BJys92Y)m36b@+#g=x;SB~4{YSk~0yPa}4KQ%6WrBdCI5MC9FFF8d6KFnJ6j z_p-VMk(Ks4B{vENKx7aRd1?&@kuosSa`)GAj|BmUkPeagq)KN-A|mfPJop<#ghN_F zVVd*flBRNuu&gP^pT@syL`YJHQU$|^$h#X{_8Aai@)$&JVs#B7pYys9+L5aS10Zq` z5xHk|2ayqAq~-ozkd!bB5Fs6i45!FvJQsp8*jjk3r;WR@Wf%0dET-BIgPQK;$qYQr*u%WDpo>L_QTHCCmau zNCzSVDe^H`F_f5|-}K45`5ycYBBTS6B8PL8=3FQ&Ye;XrMI%Cz+KMU|Mnv9?aoJ}; zgvnzNxq#I*h`eaO+%iHi03t^dkqLbrMDoE%Bl4yoDVGWY5z>K39z{OrnMg$B-82vW z1`*PMNP)xoa?LqMSk{o#9Mc*UUF`RPbRvd@4BlgA)3jMX)W+;8`=?kN}mku!+M$=MDftze|(eq4~0O9g=l z=|H4~B5&FdiHN+r$%DT^gmfU%=5Q|2oSTJZ4e5>805ARseye2!Jd6mFtKD7p84zLe z7)17Abqyjn+dZsX2?jvq0wR*^;~>%iMjDZ+f~0(K1&ELiMCvJ4{~3{p$h)gO_!~q> z2O>=l=R-8-I$>EudgC1$5t7vV1U!t0yen|oXF!C>V-VSv)isDrw0l_d1Op(FA|iWd zIfzUKBaKLvASoYQ0V1RWk!p(k{j^9#BH(8L`K>@tjm5eh}=y?){`eeWCR##M9!AN<%26ggmfS>oFc!8$V~(y@@|+bvi0Ig z2O^^!&TDJVNnu$-dgBz02ubQbs$f`0b5E%qU8j%tyTt2u0L`VlB11a)s1ehWak$3yJB3ndA2O>od=bzXB2oDI$8qyo@ z(uk0x{!SGPBO>owC2LRSzDyp2$ikmpL48E7-rq+VpWiy2O32KQdaL+j(Z*UD|# zvF$L+>JEo)$sMr_d8(IA z5s3zp89IEeHZ={f1rW5j-ZeEBXo)1D-XDpQ25E^zuvPrc8-^d%PLxhoZdx!@n4b&W zpKsu2pAM{8`NMEdtXZAG&nfBgw_}aSWD=r2`FqC%MeMjg(3)t7(6vc|-@ zjELKnjN_6MmqkX%w=JaX@e%SF-=g?ngnTo8_K0JmM97yhNiafwa2LgnijY5wCBcX> zF`treExBaSvST9YV8lqc9&MKjAo|-oRpAKv1S}y(jENE}}L5s`Q6x*}Ud zgo8Ii{`Pl*wGx)$2>JO~fQ~?f$<>pRwI^NzlgA)3gVi;NI1%!D1Op%<5%T7*9Yk8e zNVnwXTJ9E++ZQ2EKNN`wQ>v97{Ecrd9J~?o=Os;Sg#2WxVAyYJCi_~KeFjgG$zu?? zpVc*pI1%z{!2pOzgnar}4k8U;q!AgQ<*o+-Izl>hgiq=+tWHMs8hQ7*2Y-WzaPUUR zpO7@M5%MHeFpNkYi@woip8*jjk3r;SR@WfnM93!y20%n2#9Mswvi44@M#)?>_M0ZxA6JcBIzfe7EMD5|-fz`QB8)Fd|H@u5#IDK!nL-5Shs8 z8bq83`T2qY5RnM^-#Z;d${e|u3X-xB5r~iuM8;CA;~t1aMBcsV!QUW4IuI#$I8V}? z#|X=CgnS#SU>Ff5SLeFyGa$m`F^F8q>Ka6x2>Ho^0T7W0dHEL(A|o8R-xegJBIF0( zABo6tiaf)Ezd?j_ATr9~e5K}`Bpp|d;Eyjtz8+ODj0lsf5ia`-h%k8!A|qK{gNPF$ zPYMP=L?Yz>x72O>od=W{gYLei_k5%Mgm zU>Ff5SBJXnGa$m`F^C+&>Ka6x2>ITE0T7W0`KizyGy3K`az7zRMn%Xszc&(*Jc@j? z2Y-VI=|H5w;e4XzoI`q5I6}UhfQJ!baW?np%HDe_1U{ss}!fk>0Xc}vZ?j`XT4n$bF6!9u*;f`>setswwgjuE^GlCmo2?I-GMg=M?Ex;RyKy zRKc*0Fu7XhRwe@?Odf;Cm&!%NiI9ItA`y`YdA2+WB4v);CraT_5%TA!Mj|qnA`f;& zwuq1pM9Lk`E7$Err$RH8&l3rwx2>CX>$RH8& zuMh2cr6oc>rxzI{LVi;(GDw7cR4+0}gnZXtWRM8?FNvO4S|a4H_9BBs$fxuogG9*B z>qQ2MknhV3J&BMn{4ad@NFwBQLq(#@5%MFnME~6g`I?mOKZ%eZ%pFkLwnl}%aX3dJ zI(}5fSokZf1XYqB)#!?ln9yfYnSKJy2&%=8=qambsa| z5sB>0?4FOGT!K_^80yts`aRb#}YK`|*=KAe(y~yV>8~jcmDAw%3G< zk!}8Ml&#j@8o!k;8^hSjj$yh{WPyV9(4U)l1sOz`@5`kc5n?XH8%N9=F7t|MZ(zrI z2Ua+6{3>`t=N#rG3WZ)Nw-hPwwr6jylA@CudKSoO& zXWISmV201Dq^{8?t*o5au@G{3LUVCYOv&LezPSx=oI@vvUP=`GUsvh=`xynyPCko; zj{%^yMo#}cAbR;S9}cL_&b@YH9PklRgOF|lX?07wUr2uk>1zwo--UEDNNtvMwUBNB z=~YWQUr03|J!45H328D&4_eZpLb@HKTP$f0A>9GeL`y0V(w*7kE*3G@mB+!^8Q?kcxFOT!&@h{3m-L19<_y;We%)nfj-Bbsp?F;}lm9;}_pb*dS(T8I_{c>oG=?9!0QkefPJW!k zANCB^nJ80Kq+)z^R;m6RN!@r~!N*9!I5s$f8iWt^)V@jUHNSB#x0jqaP8g(ch%1#f zu2kOv`rU_2VeVrug(B(8l1tyu&5{*?BxJ=&6a7cO`#`b?sr@-r3yAP6BhR=XW;`4j z)VVo0@4`Z7p)Io1!b^0?9oONRzeYIre6p7h5K3Y2RkIf9QMe)BcL{%;i>m?Se^Z!m`?* z@V%0LYG2*zyyD7ipZ4pVXE|=yeyQ(y&31m_(3P=Y`w7l7k4~=XzS^{XKfa#5V-=^W(yE>_r`KHM_yl#3KDHmO^LN6kDRmNobidoWHWw_tQvU;C% zr>!2i3FQg)0YEnI*f~UhlbD+iE&byPF903IU}*-PmM>Bjr;oJ~@%(6eKZ1 zq8sq7>U$9^sB~;Bd2@4s=e%hC==AvSX0<{L^~8Iup66`ylD5#<=KCd$IotfmSY6YY zd#Fz{{6vLO8KtT!LuZ?h_cA=iGVJzjGog<>+gyhic5sz*uV@ANY~O`@IcJ-hCaXOy z%3;nn&p*&T+pJ%oi`Uw)OqC{2)Y>}Ks?%&8v~R+Zu38eAPsQAJp@32gBypw>A6A(- zkBTMDw=R9EN%%$x#>iPo2%-+q{9&l%7JzvzbAJj{!!Ke=J>!6r~-rb9VQ}<}f zPB;*qfs={+d?LY7m}_V+5sf?&|K#d$>BPgdEUIHeFLe)4MQA6zx{jMV(~?=Kg%_~p z#&@c*pazbucB+TpK~409>(-OYDB-=(BY%n3A%E~KK`S8PO`!VIt4~l?yvb?Nu9PPVcPV!U>q2Y1l z3&1hZ3|;CPyzSZdmUu^D=zB{80Z5m8ZwbZaP9L7bVsob#^&dPZ_nNy=EBjp0)Hekf zd{}HDjh1MepZJgfn4~%TB|e<6cU9uUB<50k3ThC)4Th%65dUC^2j{_w%f{ACe1t6V zA-;7sQz{*-KmD<)5`clW0P3dcy41^3ro8BaU`6-{(prY|vEax*j<5?#L(<(PBH ztSy@Vd-7{&a$B6K<`v~gIjG|IsUiJsj*4Y@f>9txpvQKpAKqX?$m|fUTj1czFJH;X z5cwUe^%`-0yZRC5{I*BFkQ`21*^}LeBA;j|wPSnz0Ok8lPj>q>*Mp$J!}h)|)eZ;9 z#iKh6txf4t(_->u=pm2M*CGZ-U}ZBT$S7ed-z#v?EvCXGzE4i_t71@Iez~lw82``} zbEl7$&cQzUOb%2}ZF=TUICigF+;GOhc<7e&pq#;TF3#>afyL0jFvOM3`z1Oj45t23 zLD563%3chWwZz$Nt0h+(f?aS;C=#8v?{4TIo#-G9g>cJ#HQh6W6SZevE^cV z{_jtW^T4Lne(gDA&;F2T(~icTEkFz|gS`l*Regt9kqp8uuweK%zEy26iAJ{I9tY7W zF?u;-k8Pq(_2b?sD=j%%RR6ObGiOJwuyiduW|HpK*MriH2uqiiL>Z(z)hpe3qkYo( zG}(s~G-+#O40Z7hQKWOvf~(QNyi50T^17=1{%bwT`>>nW?Min!dAVyeN9=gu`*K(A zAfT#-f^WP{uF%LS-Q)*@37*Ou;m5GIl&jS+J(8uEGCg0_fAC@#NjjC!?Q`_Jyd3(J za=ujYE%ZuV_c9pjdo#x%rCwM1;8m6)7rJ6zOFE_nG6OmcVJ4X!`%2UAW=bwyU`oW( z9P|x3n)5`>d4#a68H+!S*Gp1;nNog5RAuzLKfCNRtSgbbSy%FkiPc4Q2CJLaGCs-~ zJc&mM23Tq92iVoPmxze0J#r?b<$m!ML8J%-AVNA2;gi}6L9qx#V7tSHC;bWuE~Na*sje7*^LHawnCNi0m&I0FgC`$muT< z5xHBn5PUQuGX%-X0+HKy+w9hephY0UlXh}AWS=qWo8*-I1 z+l;^U_zPo;tE+o)I*0v2ZN5{sp0fKYi)nFkH(G34dA?Q0oCeD{aV{;3^-yCi&AQuW zvNZ1s3SLWdJ3`Z8;9+UzdH{>JG@H$Lw1^f(YtcoLHOkT~q+Q!C)Xbw;)8jk^##x$; zH0KdWk6jKSOY;~4jN!^?OY=>$qW~GSh}>he=!ba@lXl0_d_p33If$iMQ=S5r<}XsX zeDyG3X;UvQYTJC^1R5{Zadny$Hg3Rs$ADLl&3JdLBAB3n zrCEAvgr)J_d3d|DwI?o!;Ew*dS{po5{DTRbBxy`s@D{S<3`XM5>al!q)3=gpkyNwId$VS8kE0!fO^@FR8Se$%)j=q0cjyicuCn(sAoLTKVaKw}p z2o^jEpSYrHC1U*Z6Z-X<@>+sSBM{tBheBxQ!oyN&edqIY``Zd(dLUnWYf|S)3VCQy z7oQ>sHDL^i{QTT!W1R~Rs~{RC*o!%jK=eq8KF1WzD2Mv-c`6=1JdAJ7O|NEzF#VqK z#1Mhoy4nOntSI%WO>!7fmYyu4*kKLLX>T9ID90cHF`blHjN1oKV4ssYzwg6yPWzSt zXZW|_mCe7Mfifiij|m!Ntpn#ebr^cQy?gNbEVC{-1xe>8Zec%b{{+=zO1%bh6a(7~ zlg=o402k`}AGH#HtvZQR^1 z(IlO=+)nq))f%v>;UOCuvb!YJ6OTxbtdf5H^)sE(*7e91&tfT29@!CC%ZwOpN1@xP z*^Nkiw(pey?K{F9H#Hx8^zB3Zj2mS_1y0*w|O%lk{^%Ad#rBI(##bM zGFh5UR^i-FEX|CKV=T?bFhNF04AW((jp{fm!qWKWep98byPx~rBx%gtZ!%fN&;5!G zKWmMYy6lY5+^@*X@G#4;+qoaB-ix{4pK&GYwN0MM-8SC2-}KFbbH9Fpx!>Us+L`-Z zF0Jp({fcab8l1V`g_6QdxGpUggqrBD&Py!jW%r9=mz~Mo^3$EU-*u=}aPD`3DO%=! zzf7aznYrJLdd`W`?}J&rdZ!{Z?Q56BMvBfOMT(wG`%YnZ3s3v(deWGNp?D1y_j z5hvh>opv3AzHVoIRd!$S14ueQQOh3Y-S>2g>?R0L`7YDRfsUSAVY+6v36Er%cAM~8 zs3QmQin(K==2kxE9P@_R@Y+LjtEZldoF4`AR=RoJxm8)u@(y$Jx^t`joxH#4+-k{( zm|NX5sk^z=#du3ymATb%`r*Gbx8hbcDi@YgmtZM%2_#Tz>vfFBQ}AtYU9CaKm)f7y zouUy7W%PLJ)x)DOzVJ&82t15r@S$FPD2Ybawa=CX8g`))g!G4C%K`?me&DV4skehz z$z(n2`J3ikjVKXR4m(u)VgXauXf5MvRbd!+oQ*zHjWTO>-s5!M6w0Y>yg^HrQeR_z z*2f^FhFAvMi5-o(ex)>p(b=sMgjUB<-ZZMToYsnzgQW(jPaf-Ywrt-PH-*+;i}ls@YY$VXIPfq*O_Ti=ZzetWqV%4 zI-$-TxzfC+<53p>t@bIkVnYt{qT_XHt;1jp13Nz5o%6n4_3E0LdezN>ccR|yRV5?+ z^+T_^&NfPXulnc_+b*_O4c469UiBCPWS*MK7i0|MV6R#si0}(6-d;78jp;&HH9n=5 zS?GG(t5#56AnNw24yl3dRqM)ApjVBS(xQ6R8(7%$DaBZ-%28IjaIe}_vl@eBpulgilcy(VJCF!BY zk-ch1&5a!Z6TVQdnoZ>h^{TZk%kJw;rlDT7DeHt5Hoa;sJO+BzgX?>G)$~Kcy~_H` zj1Q}G1VfL{e9h0H^^%bqXAY`u>P&Ks_n9{~{M_}DLq>#r=C!;G*S8G2^_e*c^}=V~ z5it>;&%A}#XTE0LpwGNgk8zG)yCH;jeCC8;?)c1W*$TNn^M1NjKp5Ykh71ven&^i_ z`OMFp==jX#C^qOb4>m=M&-@Y(48Uhjzi)?OoVdCoc* zpOstrsc0&e1-Z{P_gZ|`D{FpY8U7EEWw9_%J-EpVC~wn#iDeTm(Zr%WeJfsGRbpB0 zbSZ)x5tCKf=u?$V;|}gYGJ4e&v{Q=m(7G&G~g|G^;>b7iUR=f7ejCAAn_p{Bh z5=yyZw&0ta4bSg$r= za10d&IcsD()k*hA!- zMst>kcQ9_>riQHfpXZ|l*e&njWOu}Kud);&YwTi&nRW)Z&x^F)wPKH`f&Sg4KEIcP zf#%YE9;?}1>ggWmv2EI=Ds>*cKB~u!(oT^kP`bewqsX_;C~_4xiwo%GF6jPxM&&v* zW3C`i8M0=&JJaFTnD5KYyC-tY^vEN5C%SoExUTP6-h`Xih3zOOuZi}c7l^a6IbOKE zV7TrD(0Wn$kHJbzK86m_ai#i6dZX}b4fZL#vrj`?_H=QZ9?+MMPM0i8B^IMC7Nafn zj`dFXtiY|aA?tf@2k69T2mR;KR1BB%^CXU|{#f=i!gsBD#Dqipr=!Fj+b_{N;XEie z#N++37%5w2q#VzoZe@%9Eo{_MaKK`1s~kCz4VJQjUB4X4m)OzX(HBs(psx6bf$S%W zXg9hS3_@K!=Xu<*zx#UT^roKsT;{LmA;rC|=Spyht>>wH8LsF0-g*w&$6rr(&pa#{ z8bm#Qq{yWEjiXKagw;qnVI|2@I@#doFYZ4-q3El3Yy`L2P0&x*4Hh^sGx1oVwF0H+ zPpzJFw^wIrxwWo96JW82Lw6j@oiwKV@USNDCtQps57|3flV!XJtEnzet#zrHCSefK z2L#ppA4O+Cz<{xAFLH$@JppRKWOk}&?m{(!JJ>ir#g;dvG*sS+-tw-phN21$QjV~Bll_-SKU7jlWJXH)M z(NUBdzj$aWu?WUukz*{L?=r@s+-oeP74i`)%~Sc}LX}_uPjsY)3?zd1`FU!{ZszB* z)R5iH&&8=Bd+=vfB0oK3PyP}Uk{&WhY#sW(?f)#*>HmBB`-Rj0ds~<9zt2#YBgLs% z#dX=$TbJYa2-js0HE&iC`l;$a#qD44ga%1}nw|uz^pM5^NB%7Xw24lf6P6Q%AQY`> z4hHl09_CbVXI0Uj=0q@TEj~Jo^T5N>3+PmRY0m@0vkG_5DR)u`(>?Fq-RYi#>|ED) zRw!$r8N*%5ZXwF2$60@m(2;t0Pk*) z=H_Sx)vCd#tunzHlr`?`d5JF&KuCOHd{0d32C2HW#1$W$P?sD=Sjo{0YT9U$R0a|! ze;H?WU;L8QF;&=9l%YhNJ@azJ*zV!hu_^eqLg(>McPMq1z*4(|0i_T?uMvRJoS0dr-3eNtEY) z!&hQzyBe~(93Rv4dNW6f%5_45UoQY-hHNf8V_qfB5;|q>8`B(ET-rZXLPH z`O>sOx!VTBpepeV{rreoTNIZ$oju}WM}Qec#&fjN3F-X+Sm2hm!Z8w;Eb%T{@?FOXJMar>1I*ZdaC#GPg&(D4!p2{pAoQwfZRsHh zI_eSSnL%(X8u2en?XUv`sTkjyHLd`f)LK#YhpcfM!i952A4#ir-(KY9O$)=B4_O#F zUBI7J`VqF79IsC&q=RuNa zWJAX}5TXeJHz(6WhR;v5fSoSj#e>Yut7XDpkOq~?(=*H#nN?;}3Nyo$v30mkkdL$+ zsqx5>dQzeV6VAsxWp}FkmjlMMiTl4Ka7X~(nLYQsMIQNl6|~50ggSGJ)Nb2-i%dQ+ zu0@`?DcB;z$AntsQAyNYi|m5}BtpK*TV#F0Xj^1ZA>r`1h}ci6wO{qo(iLUHv&LzU zO@7+wxlsq}YH4+lLC>8kPFW_!>Z#&vQFu5|*MS-^N}cL&)qv1{ugPyCQ;t`rovln? zbvQEF;R(@^zx|hF8i&%+JQ}Clx1$;Yr$4(gStHu1&i2b>BMDU;4tx<#3C9K~e+Z=E zbj3eMfLA^|;OEa80gIvDy-`#gB4RRGF-NRGRTB0u(OES%PyUoiSRy!G%F*_sXn6Fz zs68BUzE+AdX1z*xN=BUNT-%kE5fVj6m$>n_;zg;%LRj;Kjx`_KZfr-n-|}UXTjhGd(E!5=01&f#F-zQ1Og82x z-lCnYO1y;tUhbslb?P?9#J=SX;?c4rf3rGzd~O!@_05xq0$I7<@6wLxN~*wA0y1}|UfX@eF# zIBoEDl?WHx2LHGs)CSK;7Ho_7)opMx@x#UnX@je`3bjF@^aGhad6iu3cHBbjR?zF; z-9qd!O9Y5k0MV*0-O`xI{Xh*3B}1=ALwV*;fw_2(ar*J+-yu#reComJr~-r2`k)4U z`A)T2dez|c238S%cly-l6Aw(F#sR_cwjDnS0P(XKD>Uh$+|EJ$fBG!B)jNZ_6b5%)R zRdIoy-h7_IvQ%*ghK*&;uz1qPsJVE0KYAuPGL6YgrWdKljsJl)jzSC&ZR#$UPy|B0 zn&c8jaAKpb5`qm#k0o~C0eufS*UN8RJ|H}OaWFOAOxm!R>vz$IvWP8C8A@p-)>7N4i$UgfFVBVVaa zSQ(4YL7Ro}$?->lix>rdj6=OI3QYYDq=c$0R@e31u3slU@lg+#RnAAO0THe)SQ)Q8ONs?~_-j%CY^}BMs8|1z#N}4-r zACuSmAfCA%qm149ErD3R5z4-Ziv^+S+@mOWsNuQjBE2LaS8DJM(Hxx)%LaY7IXJ!G zNb|kes!3X;8ofbtW+8-7hvVxXa^|c+M4GDq=yw-O$wKNlI$5PfFuO&K(6>*7*06Hb z`bVw$tNziXCh$j<-FrO(?As>^oaP*vF3RvZhKbX6Yr$9?fVS%?NF)3I=#SzyRsjZpW1oy7N{8G3zEY)qAuGEzD5{UTKs zm9kKs7ED>Fj*3c|r}hb^%v0Mi5=>dBMn$E}Q^SHO^VHr<>96gxA9`xrwvnmr{h)@t zjmHRIuWCDQLS$_p2RTsNDN!j4Rb?<`p}IIKWu7`Em@-c#nbKd|S3mI7_Nxs|ZD)XL zYU}z8O@z-=TN|YvYW9DYe48r%CYA69l4rdS{tUdAd)wablEStv`T0#M6jSb&>p8vU z>UuM>e`cXz6WT?l_aICkF1yM6yU4hIH{i|GYk=Y2V4gf<148F`Gof8rzUm{2U4j|} zdQX@7GdM=9I|TD??B=zBoi4Ri&+;yO&nefoY?oSsdAU<=f%t-mE!!3d@9X`n)ii3> zPabzmT2k-pJ?(_Zowv}K9&o=Q6Zh4kxqIeB*w?E?n}abO`+66YaF69n_&1RZ}drfl?Z+Lk-P19B3F(7_YAq3&wq!= zHNWFQ?(=mGa!-O9GWpLUBGNPDMjl7xPQd?rhTJL3euv22__hbRf8`nE%0LYb9}_S4 zA!lct?jBp$M(5Kt9nAE>8E3aUeQyuPUDpyOX2!X`$mh4w?%JbsSFhJf$x3ta(%k9A zOEFZzFE;C=$8XgS{wIeu*8+wuXk6|MV{^M06cU5I%7Pe3q#AKfy;n{=vg^V_(*}~y zRC}{r-_WGv=ic4Eo;rYGms+uPKf5j4nhc!fxXd#~z^ZbGw7>q6ceb0?9h8%F zuRAs!?&KvlgHUiM4xO|iIMAX8sO7;usz<&dqZ5{We)fz`GP%uHTaL@kTG?;*(Hx%; zQRMlGG@}>#HKtoF>Z|_v*2iF|UNih}{4+TRl(H>GHp_NX=assFrGboe&FYD@0d>V( zyW6R!65p|)8;LKxgc9d=Cvj1<#3!My5fZ=8(yYWQ*9uAO83_bHGlot&iuUX}{2%u0 zV@|dRpgtS(CLV)lW2%<^kJvN2kqWKM#ey8&@a9ZT#73&E066gRZluZuNxZ*Ss099D z`g2Q*pvZ?-_4EK^`6hrGaO*nNU)c_^qpcU?9g2zZR``FZhggOxaqDvKuz9BT`1i$#juO^klbQ1hZ)Xy5o0dP;z6JF3D z!72HUR8lX_VlXbkF`pJ({9m6;e}zvtaZRuCN6gc>YFLY&ihm&GXkDuXnb$n9po138BJ=E0 z0o2a3GoMo#sT-gTRmAz{)ujRK!7L|wrpG6Dojg^%IJonC*h|tBZ~<0$T!2#Y#gK*L z5O=LZ-V(jW#_~eZ189=jLf*jaHp0BHACkIS&l>hXg846IkYKZJCD_|5!6{)0JP|~1 z4NdJvoga$xd`fxjc8oR2kb~IkpoWI4)(fPY=f^}WBg*SMFH~Nsx4b+0n)3eQmS?@g zPBo_2<&}ra>*p~XUu0Ot&K$>zR+WX3WSar zP23FQsSV8hWR%-nPVdf``_kClZvU3~Nevpp#frNe{TK;A5%ZH$$!7q%D%%H8cz)uk z0~mIxksC$KPqqR}r-ou}#r6gBZt3Q=8i@GUxjoAJ>4r|ZR-3xiKfQS~BD>iiOuMxG zns!;Veq8QAyR10p*R{(+$!FT-ldKHw;;DnQ%L`DOfHmn-*Mnt5y9D#5-MntQ9M!YD z#cp1=UDosFm3F~eGGdy|W)PNGb$DWb<$AW`{NfooY`mIAfCqdLuin9|=b$V1ocrdz zAa6`XK;87|+; z2m>tk0cf%N?3%K7SShzfH{Dpr)PpT}x@gmwT$F7H|a0vzB^@TR>2 zrQn;+EDR|M)YQvTIUxe=Xfd65;?ae>3M5PddYA z%b++spO}<2I85=N@r=(gOcQfn5j%b1h!5SySihnH_QWF0(w2I60uC%D(_bdtBa6?4 zowfGUz4nj2PdjT2;yL=JJ$`sM{+=!p=Bo$Dg5t(U!^Xe$yNn_fszrmOrQK*)p?Vpl zKosG+nbPn&8uoA(LB#Z8ET{p)->EJ?4PZshr{d5}GDG+1{_)Mw#*}wL@d4+H_Pe(f#Z%8PT1+;CG7dR(prg%>^ld?n}>j(EZ|DgYHwH z8g#Am(5Ytr*@v#3onZ|taOMCe$ev|0-jln|Wpg1-f$@M`4{J+5g*ML4`y5{|nSL2d zA4AhG!j(0*babSOKZ9rT89WnxQO9A}NRMH^vtiUqj~}b!1Kbfgbp`9m!(Y6(qmV!0 zEZ`LWj=s5Ur+S2ptb4fN8|2bcXM1WPpBB9*5>0F9UZMd#m1q;MLikewJMjygA zvnHA&AiMHyzq^j?iD7C-juN>u%7C2SE{DBv9BmMcO#g`PS*JeW z;XZ#Pa)R(0>5W8AJDKcpf{GD@S~x(p5}>?GlRl9J+aEv5Qr_{2OLgiiLE$`N^SP7JOid&v*w$AKz zc~^zY>*FnNJ6m4IbfS5=d{>_q99?fZf=R69?m# zt;jgoKH;h5jl#lAEo(YOi)}d9YH?I=&5}8g_s#~__EFz`=$n}5`6q_-@5`q=`o5tQ z5B>W9)R4Y^G9s)G+Oox!_wxy%@+NxAd*BPB@8`MYx%xh?*X7+1E^l3Ld3)RPe)^YF zKUd%T2Fio+lNedlio{xAfJVk8XIUfBNt%!_+dor}%Jt5ZnQ{erq8D_jVpm#s9pePF zrN6|;yz9DoEwWu|lb+>$8{!6r_b#;v80&H!ebeXfAH@r|FJxZFsFCzW@uz(5Q+ylW zED%4y-DfvCU5seMr`T%pDQfF(HECbj7w#{bqseU!KI6#W5)R#gIF#o`&Nz;@^^Bv7 zfyAC3D)C}q?7@uqxcJ#&doV#*7+5No`CySKlJ$dTFxo8??>-eD0MMP1J`r)HO;AP; z@^0+rb#-Ua@jc4BFv}^|_OLE>k2kNkZ4pwE{vz8bQzhXB&iTbOa8Vzpzexj6Pb|UO zl=+E`m2Rx9SN!W%^qRle22nbnOu+mj=uW_TcBu!Bi^MIM_kK68i}|@d%X^NS*TsAn zH?P$kCn6cp-i~9v+G~37bZRf74rMzW2|GW`x4I*@9sO{m37l4huWG0lmPVUrw1>2r z5{OTcE=JsW_E5Px3z0H?j)^yCE# zyE}GAps0$D4vpO}P;$FI`q@$<3}4}KPy^cDsTziN=PN{&*K$;-yb^DDSJ?6na?7(l zq*En(UEZj0d7nP)so$Emyw^bujDnr273c(g@t4LN_(^Cf$p9t635j1jzg@8O~yo$#G|-&mbGgTXuhjA|z-(>J3!qnKiZ zW>iONvYt`(U&02K8C4m=eBJq?p!Dt9Wxq(!s@^r+3RvWZzwSK^TftX99ydI4%l28lPm5LGsZd?m%H?34NR#b4Ozy!ju6Wcb7Nf3 zaT-4JcZgHP10I~}J~B960II>swdj`~zG`qPeC~IM(<%3Ra4K&zI3++0jYLNcb8+(T zzq4nPBF~&1aUZ)ZW=ypK>nJyK|JpNW-`@KxxrRmI+yycQ`VY>3B_sW4Up0_-V>hqW zDV+c6S>A=HMF3~)e>u!4*V^srMFU*B4fDXYeq)_o&sz5Q-Gt1J)pTxT_ne_?FrWNT zsyggMpC`GE6MgX_F~T-PRPAqb6LrAG4Me)XamK=t_n3AmTFpNe>elwp1!H(@+#4R! zp1#7+CY9h2YR?-Fb#V30V}p5zxq038Jho?f*LL%|^P&x%yn(j*G|_!q$%yw#xRqXz ze5RFN`Ox1=zL~q|jni%eZH&WnkAv*3zzxF1yg^vJ8{7}{PO9W>OoraV4vRO3ri$M{ z6a*VqJW-H;FE^9e+CVGMNW5bfFt{=2Z9Vnj&$m)T{=}w&^0vbJfj=r+civ1586-co ztF*79AFEE*eSTY6*`|X4tXW52cc`aLXXvdz$*LskOP^@$z8tQ(=atXa@y3MFckk~Y z&ocU-Jj>|D59byl?<)FBVGX(W5K3V*k_Q{8d!s;T>t|N0-P`xnbRb#Hms)crkB1LJ6?x~s@v zcRT09%*NUoJHEORPD`0ygjry~mj204!5Xr?HQO_XlQAvgjADJeF_~F?oq^G@b_Lcl z$K}2_Hn%&b$R6OE4r0&e&NMq0^RExdm=duE_#(+?EJoQoj>T}+9PJtft#yN^4q(`& zPU>**ch?QJ086KaZVWS+cXKzd)mxl@IIu@~Kl;om*Bx&kaPkrxiTMpp&zHOM6L|pG z+><{#J^r)cVa2;|7w-kPj=PP73Y*}bEVf}R!#((z(}OxA@fk)t%uGECjc+UrE%SX( zt~Ru{+1tQ2${O`l#-Aqt$1?5`mhm{RjAd_yWprbBK5Wc--&OmCVrqRfM`$AE?c0$f zXQ~~LK4hW4*%6J>u}nDW*Nmv<9!u`$ExZ<_M1bj!2a)v2!Sb$L_v4b^W; zZ+VB>@&>r&S&i&ee~2hg^ir?wE<|N?pY{0$MckMQ)zh2su#Xt}Cr*S6jN&u!I{^B- zN>7Bh(%mI&O_#p^4FUqY;6{}ld)UqF!b#&qj@ULi{yUw}w->AT>18;PIqh>YZ4xXx z;c(&}&1T&9i=DjK&07qQvt*##7ts&lZ!Utrxe)&5heJ~(A2@qw{(6M$0mtc~evaX! zDrqmO6!*)BeVt#&@8nU+e`9W&PAsxqi$|4Tf7kH*9 ze}nAYwPFZF>LW;pei3-3CLa!1?S;L6Z9(HzINv~ACGGb5ung^1XFL~HK<~-E;f$WN zTP?mc*t2$9Ygcc(T{&6)?+sACi7tPp7X5e@O^bds zs3D8K6_qZqqo;exHj9>Q>#$^bVaZ-TOhD0+J@cxOY#OK`k2pnGdnMU5xNRr`v-F-J z%q|5ffZ1+d$qKAwo4S&@qr`Gn)hF4+Whw6T4{nRQkS>H>>`8L5=T1S%IhYG;QVdH! z8%BrAJYzXU4Z`~A#OQ_;@{^JjGb-yH!**>#>6|)Nt^`V zFtl~;p2xx)d%*)^N}w?K^1~oSpg(u1W6@ClIz;AO+s$jetuD1;&+;ySxp|+X6n}d-zt{KdGk(<|Tn=5*jcP}@u z+cpO}c>^u6HeR?bk$HdCx8h!z7WjF-zXhak`E}lh|FSBp@V&u*dd6H@zg?b!|IRl= z;J-J-_qTXt-Y-#PU^MDdKf*)lLEdR@UKjsHCvO1%N!snfXed3vtjETGkFr$K8~m@D z7smg%Bt{~BNE{;(w3(lj)+g@vyS`5rDytd_)^L;`K&j-!`SO+ZgLi@^V9c3UUJqy6 z{CvXw`K0^vU-l=i1m&%zdTDviE>tDCV70NIaG1#@U^M|z?~d)9>s6-?5^q|+dqDCC zsr?slO;(u;TJ>$H=^;7X)ZN&QwpCq!0{=-RP04f(??|0hfHG9EE|gb?Cab2Ao-`MU zK8=OMh+>&i?dmC3hV3eSwW+z_RXBgWvs5QvSk?^0pT_-ltw>VWW7%77Xw}uRwUT!& zl2u3@I}uZapK|n+MFwsx7~>Ha?oVTKtQ&6~K!;aqyv^#SH8lSQp0c~WNiYB+-w=@{ zI}#DhZqk)G;G+@QPs^PJ0tz410eDf5t&m+L_|lL!AK*rk(Rp&1n3Cq zK!i`K0t<-|IwJ3W@ZfKBL^z}?TO7_aB~4|6u&g1y@qAjNs+lCIB@SC^TU#+au))A7_5UOAp5qXz#*=In6$zu?i#OfME?qpLCkut$x zd~I@mqI&ryi7fn`4C98E#nl`n8u_3;UY9MGsD*>jguiw8+l;@Mf$$c0c>nSxMIHpA ze)Zi3f1B-Qv=)27v{mLSVmsA&9D^p!91CGlV*PccQnDP#M#=SV$z!DCN=Yc^yDQ6> zC!Ls#GRpC{7JpOti(83i4ma#RxipU5#+scZOlz*@is`gwTxBl!2JfoMF}kRfjE+@_ zYE!kzwrapbpPdCDn2L#ltLij|S7KqLCLBg;efKxS*4ZF8vr!AwNyyf5Ou+nmM&;MH zby}~3H*ot#8#u`$Z$z=Wb)m3)t424%E5N)AZSCyPi}4AzzlK7``vg00gVO&KpWw0W zD1O){I2SSIh)z{R`Ts6?^uU+NC-`J*@DKU~gLR<=Y(~FNa6c9wBZ_58wW+7rIGUIZH#~e@yF*AT>3#|UuJUkoTnjwwNEgc)ir(D@d+Lg46IM^##Tfm;1g`G<(3iM z?-SgNz+MC*OsV?2BHIyAICy=6SE(WKKEauY_eNN^E?T~SO4k3-CwQFIHHbJq!5xBu z^$D7`Bq9NyU;{088w7!lDEXs(f{9qDj6j4b)%PC!jgANhuTSu-q>1$jj-?8Q?R_iR zPj=a7u=h+JWACT3x&{%)CrAkf)+czZfQSTqg4ML#O#+3_C%6zxj1h=1rTWx^f1FS7 zkfe$A35uwKVMH3p{yLX^21J-V29YXO*C68f1eXd1)+d%WS9f)hCg^~5JQUP@kNK0!at?zi*_uA2C(e1ZhBb>|a2ySdYPkv_q&>q0)kvD3po z0U~l(SO0ES1LobTpJ)URWXnCxO3nQqv10$_Y(H$la!u?ZiyS$%^+mzKQwIa4N!o;J zgp(tFky`xHPeF!tUWSiPGYr$*)ik~{Yuv`*-wCV>N(?w57g__`{w#`c{#yZ%@ z#ZnE!`vl?LH2C@4ig^$Xd$N45-!?_d5yH{B=z3NxcX|T@F#L%dtI8Rd(c~1PHE`!3 z{TzmLggT>sto=D%B0KOsbJCmP3p8Aeu2*YK?yJ{9Y%S{5y53sk>snZ!zs+fnQnbQ& zKFT)(7ypvgzA5Yt%4|c0oAI|9Ei}UMKr5DwVMq!s)Rrn)jIbaoi>(-wAj0hD02F_e z&%_To2ZLJxE=SlN`x_q^T`~TF{l{$}30_Ca`H5PTv$B16-Bfjr_?x9BGBr{jP^wej zuTx5!=P)JtuS5R)@haZpbGntB<_KYRZ^v$6g9bnGSBZjx;GWtVQ}miDheHdz#! zSI+kBBk~SK1=@Eb-mFf;vjPh%D_s_oq>+>5&0TndE(^l=$*TCtA6IfVS21@Cn#DPf z5!)_1Ff;ip;expqtNGCaqH}&9(pCfto}(lHP~o)s{wDdyg3MO051sRtJU&) z!aK#lYwc25oYuemH1d-D^}@uUTY=U6(FaVjwOoWmwwB+RT54RXxeb8X2Qxc=bRn&S z?){#O&oU!Z6nIL~Tn;A}qB}s!-7tIHdXjRqo4w;|CeX<@waJ$YTo!1ZXLnDYBdF(S z2_jRg%3fwECDo~G7+RJB`su_DrYT^Wk~bXL z*|%>PTHM|9Y7UAc6$Dc15U|A$i~yhp7HK-wy7?IA{G&_861NYRIA?;V#08I;5+4CI zu(Z&r?%t^PB~IHQRL9}o68~aL+}AD9E=Y8$og+*93FaAtXbGCG7^b}h|1eZy$IzNo zAz4G^#;^b9?n}U{Dw1#mh%7Ea9VIGaL{wZ*T!{-3lxQ4BMFb~~8!m%!+)#r=6iI-K zi2=nW8uvIlisFJgNL&&lBB0}fii&&OI|dbW93qbL{=cgGEccv~3k>kS_xwJ*>FVn0 zs=xd6QeAzHJ?F_qGqido*x;OdaP~FmY2I%*s6Pr~N>&X2 zfd$NI$VGQSeMk({#A5Uz{L7ly)DGQxCr#yd7PZ>Vv6+P(+83@|z)1-{sTPitEW!k) z7|4b>LSi}0R_*4m9KMiO2JPrqzCA|WRUV+ehJ>4irC1#r~AW(Oy^gpRr@**j! zzNxBN;+LwbAAxN1;R3q@3Du@~#|J93I}nz^Hhq*Qc}taCM0!;<>F&&iB=hhqamLh3 z-j9Ev>0(cY9SGU&4x|)+IZ)_;T)w#{q}kh(eNG~B8>SGE&XST{Y9UH1BBx5__K;{6 z>4jB#l=LzVBV|t(tjgvM^i_7AjC>Z=ujZ-b4k|fML{@WK;7&J4GPmKhS@vXM@siiX zwp%4c$ew`6SDSf4n!P>QLK2C{^+e=9-Iz){0XteMx1Z(j{PVYC6XH z^0^#Y{B>5sNb?Vzj`3#Dl+wZ8A`%&CZdJ*7QaU=)^m{255we@heDN6& zA$tNMSI}IGh&R%V6b#%*Gi75Uk~Y$OCP>DOG{?+|MMOrL7X$cPL?R>2)hanh5#b2r z&QVD+J=q1LeMIuk_QhvFgzO23oJ(`lN19=RL8g&r8y-Y+SGBfAnj2DQt<1*Y}kzfu+!5Kzs^Eo zvI5_`*9vUYufst$)~{12YyEV;&i5F(LVlgz;tjBVog*$u_v>_&Y~Qc*L0!PF(?xA^ zew~HLlWlaJ=hs=e5&MVr>ujh7HKN61{W@2PZ1L-GW18;Q`OQ`>SAee-!I+om*HKqZ zZs^3#_Z+mpK{z9u+j%NsxY-!oY5-7zmpn3{#Mni@c=h!zKk5zlxX0Fu??iw4lm0osBzpNi|*Ll^-zCX&V*KM#` z&8uBpy*A=&-R!MSyc&C}eZFXGZ`B^T?5k*(R`bQ@lK8*4w|ep{yW+|19Ed{;?yWBG z%%?55;yD=3=I8`~70*av)#)~N#nS7=KErHQlsuc=PIJ>&Jd*_j%H5e$IHRz&2s4n!nv#q)z88Mop&8UCvnM7XjsZwByBTJcn?WUfiDDvqpp_FxxG zSn*uqi_d@vr6(XVhUTWPc+M0Ibj9=e4eMiX#pl8dADOV?DLXH+;;FnH6T~X+t&Tc9 z(@2vo{USKhy!m(>@EB?S8vrbMq#4%E>qY)Z^Pm)s8)>$j9ovg!q^Sy2m^9KHr;>}b z7mdPCLvW<|8m`osUPN}Yhc7-uFCu$FFWQ^trjIl|1OqqH9F|2y(ngwF+Ou5T-l_vf z`h>mJydjcZc)7(xe2*xRGWV4&Y)Ck&)({0RBlM&F(5W2P(&nG;?C7)_Ss=&c65zh>$%2kxgiB z`bg9IyPU*G{9*D)vo`luGSal1kucJ1bxvfY+5VQ8ktVdadQ&WGdvEoU@Yt=;t2gU< zIAL#9ZsqxVs~IyQd#jS5z$=`}K_t>gsZ?%tB9kaLEYD{ErwOvq) z-m1mA+*`eNCk*9YXv$sq!|kn7c-GzCs*BxQeF)B&z11{5myhhN9#(cVdHUY!23G0z zR)cP8dv6t5oMYecGgj@9y_Nazrg1l7(#t;Wm-Y8n53gF;aei5UZ#Bv*yH593PuzsP z)w}PswYRz-x$LX5x4K#r>t}COOpiwTxz(Rfv@4#*@ZM_V{4$=4@}-sqW`5Zn{2Tu< zg=tt;Dmh$Q>kz$rd0fceXZV-X>z`HPg&+L9InJymj!NY-t~#)=3@W){wjV-S(NUwvaTAVT&8 zM6zhEMdT)Tg{S2|7Logi$Yzp~KGGR-6p@iqc`6G8AVNACkty>Qd`U4~Q}POZmE9qi zNC*ZnZ>*AAH59WOL^i+`#6CijxtCp#3&tX;)AfAGYxa%FfC$+W5c&RRACU>}3eWo_ zvX9(PL{|QrDd{5&R8~ZWN#&^~(K{5t+z2093?k$-2ly&GL_|U`fO!QQpfVJ|Y_EAO zrikm=1*3>a-g{D1K+1p!*%J`?i00ZpGRj@ynJ*Xskr_nfyPt@N^pOP+q=+1*dN+cA zK0-Pgkty@&gRzK6UTkE zINbRCFS0LCay@@crz$L?%I9+a4W91C&d2kQ{om%}i=^SB^YQNRjK@6UBdFgAfzFa? zKK{p2?>X}4;}t)$x5aJFN8TS>Z9c30NJ@ofAJQR+n{a(XYgKX{>2`A-oR9l+l@Wc8 z$Zp2@;xjx)WKVdGCeYmU`S=3Cz|F@u{y;?1=3}!=5Xlw2Lm?K!{t=4^In66lDujqg z2!>c(tCDj>a&$i4>48{8$ZpQ_#b-c->|Fxp4RZcg&WXF!DP35c9V zb1fp?e0-E(;O66tz9S-O^YL6kGHyQZhx5W1M4G7b{Q>+fBBTS6rT9@q{-%-_lU}8l zjDz!WJ9fb+B4js5`r!<5Yk=z@{$3VQ_!sZX&ZRt=G@zcF3Ojh9A6RbebPqz=` zBQ!O1w}o?|_0xqjxQ+@r@ItZsOL2COwoMdiX?x)h!o{<~Y?&Tzpj(bZf9|_UvhC*Ix!9beTaF4-`inf4zgs@2<*= z3IHbanO$s?*pkP)(;2Rnusc{1s5FE~41`gDMx=?_PeDuHAGqStMF$ zr$^a+t2OQ$rLj8zTRMevPj0Obc>}%zi2KaR8#%2ALsllkDyq^E>k3B>7 zbsxbVP4fy<_S9wgzovWPuknA=zju(lcf7o9nYXLvb(6fO@&783-gg81IkB}}_SGlB z^W9vFlrnBd#wmkA)b#dDUt5O%H*b^eh`S>>ekWz|R zlB92jR?Vee1z8k0>7O2xq^A@i--2=w7$&xM$i8|oXw4j0w6@DZAAg|!JsN+HyHx-F z3k6QWy$H*9D$-Z|S@VkVcgfMsa0=SY@gy9inf!bFX8QM)r1xrm(_^e4!Dde3-yNI( ziA+31Hb`pz9q3TFYoMKV0tX0m)cZEdPTfU5cJ31=+b+2!{_uL@P*VM#_+-lO(GS`h z%zh9)a==#Yvr`-43Ws0mP^lF6esE4qLf}5|r-b-Jn{fOypq*-@{(@XQ29)Fqs{RjSy z?m<57?oR+bO|!RWPx{;|$4-?!=>#}foB!L{F?AQ>yZ!P)zA>BORDd}QUm_qJk}G|Q;17g!(Tn(&O&^^!-Q!kg^z#s zq%T=uKd-Fa)^7QMX!^0e9l`n0ygqC^Gg(|Q66jO*lx`gF3bn~Oc7JbA;l6oJg1x+@qoeF)Q& zt`4WC{N|+xNPchpU-|h&W>0z*8a8+GD&WJGJ?TS_iD`!}pUmt@Z?V9;c*ax;pUCV< z_W~$;c2Qu;>*RO@r0mH(uq4wb5DPdrUHpketPU+BzR{9B`6oVId{p}e7PLgG4PPkz#IeTOxUv-t}W z0kk3mEvAMD(Bev0?5RMpheKQ_c4CNtVg;_)_&~AIAubf#K14vVOJ;a4#?~u!DNEDmviv50-Z`;2^Tqt%|h=5{K zU9tIrV)d4*N{%(L3L4YiuFdWVaNXjHc7>v%@yp2N9q>Gt)1EnQ3Hd9|$K@oxeBAxx zFnw+=wYWKZ3kC?VNuPrd`Qr+aX4i;yr1~@S)=0Vr%(imOZLC0M=6x{+`7?7J=uDX^ z{=plx6UR++GxHncd`U0qGM)#xqcDu4%ruidjfLepU&RDj=Tph>)r`(h4c{R#ZnB41FSk9R%Cvb;j8-9AA++8R)5{-B@ zEILMHxJEpdHPWKxV3$9h!XMu9>L*fti-rYc;&tqTjCtnVsF<{c_k<7?-CU@{LsZx( z)YC%L-$50tKOQSqBbn9wHs)^XT?D=7qYgoN==E%Z<3PFy*}nFpKo<#H!*cm!F+_Q- zyCtc9>t3eS0QQy5=UX{uIi4myqN9s^v0GCtAI~Lx)Y4kFUqA|%wYICdIUeJ!?axt`8456DAaU~CLak9O<=ecFxQ!taITYsMuE=^eXYe3uQsU ztmcD|D>Pcalabo9@34b^$sa1 zbyVa3%-X5l=x%=XP&2D#oS&vWEf@H@To{&qyhz_8D&ioD?i-@B)|OsrqV+8ge;VU8 zR7-(0T^%U$$KIMHg?UvrPug8x@Fw}2kx}0|RcJ$Sp1FWwXk|E0U4UZ#d1@PPi@EVK zTis9*ha+uv$D^mp@O3|JxwxGTovQ`w{DNAjv9je*ADH3b6@|()Uliu6j%vL3ri^4I zE>>**{Ob6KUS`6)yf|4m-S=i276`K zX{_8Q&mvatp-0<_l^cs(fZT+JXf-EmV*SL*{~i)!Zh9ka zs^Gz~XM9=cK6(<@^fo=5_65kZNJl?z<+0MAuC^yyJhsD?VExg&IZ{eUF2aOmAjpqz znyiu;-h%;>^oG6BEg_yHvmLyfa-tO$FL`JA;xn9Rk=>qX1?4c9q?qPbs*c}re7PGr>!W1m5 z))`+CdjuN8?57&_qXcO5k+wz5Yja;tOwHbk8f_%e z8rn?O6nS~AHALQDYb_a!SJ={_V{V3@5AD^>YBx6#uf0?|VbmZ9)R!Z$*ttUQKe*VF zR3FU~B^5QbOi)v^RJ(j(RPEFxYIh*DYuy{#VZA!9>~k(P_0KQ(rv&^29|Tlk4jvC4 zeGu^QG1qK$4(5XLxg12iTeIa$V#k!DcV-PqV@m(mV#bsyZzPQ=t#A^_DS1do9aAop zQf-eZ`>5okG3Dh+$zw{kFMiF(lt0ki^f6`StHdDFn9@=GLu+qL`4Mi@RT@*O#4oef z$COL7{vq}mNgh)+()xvQosKC@IK=@X@<6pYrd%%Gob^1W9H!cJvv?(sDIbbIMdF7r zp^7!@eoVQq?`n-H-;9lnDRa(@jwvo?!C-JQqyNQ+ClIqRDf-@qbA`u-7>uGs`bXkp z7Iw1o{P%GlHzpFZkP{TRy%X4G%mQcZ*q8-QrExI}7>;{c=hnNVg)MaCO2maN zT-+}`Y~gF&sCh5z>BR)#YhUt?1f0FY z;~;16^x@%!okMK$GffuSj z?$W|Jl6*>hsmSGalQ96dYi?(oyp72X@D9;82k`^f?h9ix&5GmG!UATR7Z(r>3-c?d z3(RhD*wjW?z*t!eW4qwO0?OyI=d98m@uFf>L$|`7=i(1|QLyNmZgzo#cjUy@z3uLB z0+{9(+=n41v^(tY9K>g8KI%-rNmWSkZg;r+G;U$<3+@iN(<)91S$Lbv3F>x(NU^$A z!4o@jz~%1!i(iAu>2?%A$MS`J2kr#tmzd_9y3ZtKhqaX3v)F;Mzsw^s(sJLtW#GH!Rtp_`9p%b9Yx&+9N`eW z4@?0B9c(92H^H+>@T8iTD{G9Jr?V!9;HDupGa}gXSF7biBE%wiFC4%l2OQ|M{2feA z%VDY)2Zlg9)0dsD@B%Frqwu4w)G2)GDG^*lev9D7SKhl=f)}M?aKjrH{Vzjr@KUVb zBE4(}zpU@KSTJ{$%Fe&ktJn8iO!3ODQ@_Q{uflKfQvHu_#TK$VeS3Jgw*3}8sL_>(XbJ2w zHvB9}qwQ5AS-!6izeP`K_X(nVpq<-e{OR)~?aH?lyo7Om>@l{dcKNE^Qa)K|O_QkI z7k?1#gi$Y2plz*#QJgDPdQGF!zFb1Qju;KZxuRYbwM@J!>W)#bN-iEd`^_TjilJ9! z00t%V_guklq1Eo%FOsk;Q0;_KFEv2B#VqFhsCs3h(%vOW8O`g=x>Y;1Ote$8R6B9M z>JrtOMC}fxb{nX6Gp%;}eVL@)16v4o!l)Mvpk1A6AWBy0^@U1%uOqcU^F&G2PAwDd z)GXDmNf^~5r6y53IOwy?NJL?x-%YdHeUPYK7u8M}^^0QAu0}NwC9Cw?B$f7#MQXa{ ziIS?FS|-{_3E+h_yfsR-6K>G0H*W#L*8GKt{Zss9O8ruoCtQ(!g+DFBH$IiyS4;hx ze~O!J6g8`|(+k{ei_Qa&j@y_km}?$80ZW(ixt#O-HGcV$*g5cv%~?g#9Qel5F>_$= z=aS~YX%{8Wfg4IGonI=%E}cb#bKon_wmAo$adGk-_<$4@@oPQ@K1_4d=fGP8gG_Va z1BeVpv#z~4@R}adw@2~m#i*4$2lkbk*QTFM=D@C6{}5Y$@*MaG!hG={2;;i)v&kG- zirCOqngh30jrz%;tBS2t-@VL%A0Xy-mFB>4a>}#*{A@A@9-`VU<>1lg9B5C1gmJyi zfp;N<7}zbe+9l6{gY=w87}whzn5EjywAv-lf%odEj4-aZIq=LJ!ETz>E_n{@sM-nR zdYc31B3OLg&w&fi#t;;q184jxW)5_I;iZ^O&8f3E*a!T=i&`Uh*^U<;>lZGf$Yj6p zCRU#B7w&&X#4nr`6xhiL^!&nc-)Z8GDCGWCe+lMu&Z2SN-)%Qb^ZpiK8SHs~FU3$0 ze(jV782OjhIzeyG`+ETHSa4%!Upw{Nh=})h58<$G$$gI&kQ#NH&nsWDpt+16oj`(j zGP;a`Ym}e25Pv8s=QVb%kn0+8FRHp6HCli1Xsl?`{l%@4z4-Y&pkXSX6lG_s>}mA1 z>Yo+#v+AESeJ^sHzj%bz%Q}dQY?2EwEbWHar1cjU+NAXt=i4M#c3{r4N&2CX>}Qi) z0wUSRCb`N(GS?;v7m|QT;Ni*;$!?PLe9KsQN-pE;W4*_R{wd-;PCY?vY%@(cN}6d^ zyvOHrWC_0W7%NL)?XN7`@X+o(6xGl%xRif5?{PESweWoowZ6~6$a9{%Ky1-3bn3Ef zZ_P)Y>E7e6BGvjnpDv8}=;-e%P4XUBA8+Lk3+i?ZbsMmq`)bg1FuAV=eGLT)J+JX! zoO&HtoO;dyulLoUivk57VL@_y%PJiTU%=(cxIl}-p?-njcY=PRW0o%WdFr7>?9@1X zkVzxRx(3RGzY{d%EEeN;g4my=@{fmzDISa!-gkmtL=Jie2#Bn_E32nvjTcC^ooWdJE>69AM6j`) z2RX5=A3V;AFBT!zgM0?u$s-5!bZz|{nBv>|Li(MlU3V7eAMb+KYwL-Df?iwy&MIA7 zFNZTZ(AGo!0>QTK#A?{qABgX{Ak@}917*T(eYPC9v8_3jh$6yv*7pk9wyoHiFgT>9>xYR?%MMP;?%$N`5sE%(!^v3ptBVzuOi5*T|v;nPhpyC`dnmOpT9;k3N#@F18OwY-95DgL0K zmivm9hd3>-1ydT9Y3FKrPRp~DHAc&$f?Bp7wpv=g!<7cLyh(&uET`hEJ#hMGz?7yX zXY#1BU8$t&xh z1U0N$*?PaMe-bpoE4xllf@;6UNsyV?)=5wua&?IajBeG$VyrUoZ=HOl%&nOh@D@jU z{OWnQ1}i?W{EhthReJr(=ksh|-rs1JoGwowi3>d9*4yC2hTIas35;cue$Z?K+!+QT z7X&?K2xah59w zQ(>zlZ*yOK2B#d^?ZH$~4$q*v(_9P9emejf659&~2r=$UMEd-Li0EsCAV?7z_W;YK znndqeMtvEZ-Xa!N0q!-L{^jTzOh4+c?O5YF^EWBmM=a7 zB4kfMq$AC>i1f;}h%CL27yyyIh{#rw(%1SykRo!PAem|efv@$GpL(Xudnd&rB6-II z@VAJF1b8?+$(yOjePc2pLQx5b{B*C6NH@Ox zj(y}45{XEEBC>&`q>oI8AVuUPsXSE+0uUj+u&SOZ^HNbPB9eEoud+MN6$$XFc#>DL z0V-29BC?wFhMg1A^y?;|NHT`&V8WKTfkv%mX@{Jxz<R%$$Q0b-VBJ4Jpqw7Xs&%~mh`ZQJR=wYkpV=csg{UHA1Q_)MPz@~djtqTgmfUn zl({EFOqlideo!`6}5FvX4BK0)a zBJ#nu7LnYWb)5Fs6iFlDYA9@|GGucNQBLqsItl-iU0 zvb0euPefLe-mrrrLXsK5E*M2b^6vMWHv=MMPe5b_&9#Uu*v2AqvtR&3P9h@D;awuO zkMw~cMPxJ8I~N2XLOKv(%8VNpi-_d?6u{q(tRev?6WR7JQ zj3Od=H~Hc-AVT&8L~f-Rbp_&Jd)CtP~_uSs(xr(t!w5 z<~*EEN}x=5GLXE_0{FZ22#aDpf*+Oq50%{dUy7_IyR%$(!Jd&wvQo z6A-zY=2}GV%dv=DA{YRXGl)pd9bO+X5Tts4CrGB6MDJOo0}-aoN$?=WAR>8h1n_t3 z5f;UI1V1YIMwPr+L{^jDu!|x>lG%-2Fp7xejq=53K!ofGh>WJW7Lgkmk;6VRLNEX# z#YANC?Oq>Q070tvhk|6P5d`!R(t!w5=14e`Vi1wM`T+iJJ;I_`kKjiom#gGD5m`-o zLmx$iB$LA~7)3<#PV>cQK!ofGh@3@pEh1%%$RQ%f3I;&rA|g_9o7YFCLy+qIvLKnN z1p$bV4n&wT`@{1TgNWqK2;grK5eZn2c#p3|S|t~W$ZFCX z3KbEO%;y9=iiqU(@x^CAgzO23^rg8Lkv}qGhlu0|20-KrB68?0ULPrhAVuUxK{AyO z0uUh`h%jYV!Zj3wh~$k9;BOHT30RMKk`GkLc_Ol!^oBzf5t7V80v<&~^0xBDXF!DP z35aYk$Z2M9KxpR4xcWq>ud6GiAPmFDnKS$vZ26 zzePkOU_IhV-bE$nh{$Tv8;0Rj4uF$n8sIUEK}7O4@Wp39gzO23bfLKxk)8RLKqB(* zYGMFHQbc4MN$G2rAxIIqNRUirfdE80%TGO1=EFb6A|iRm2k^Iuhy<)hJjq+CKZe2GjESx6!gsUaf&xq&J5k3f(ja<|$NSdVy;mq{C?>O^EU=?%ja5t2*=yI>R%$$Q;z-VBJ4JpqxoX|8>0 zmNJHheWXD!03v@UB41ulMASb5L5j$Ms&_32KxDf7)H7xNfn&lLL?mxpUuB1gNWgl; zll-Z)QL08nR+HYq_uds&)sti{V;77fB6-jG&6@!cvL_(&0?oCEe8R{WBJ!|c07M=l zB5zIe`bY%?DI&Y5-en*F5z?VDQ|3k-NyZ=|d0l*!9U>wD>k&`#YtlxkQW05Adc$x< zgd}q|yI>R%$$Q9e-VBJ4Jpqx&Xs$)%RlaYJh}^q&J+Vh>&E4vI|BLk-QpTd5EXZ4l z_D{x;SjmhoVJHw7c(=+@8IdA?7S5L|h)7YTS_Je>>$m?AS@^9{+A-63oYBC9`9q-; zs>NwbBScQe?*ja~$dA=}sRVtxX4x`UTkir>d+aGSGb9A$V`lm_-*zNxUYmib^cR|o zS--?&jDQFxt3veJ2D9$o58 zu;@rwc_})gGo;KJQlW;>!(qm-n19i{WUnMca@COa7640cgL(f4&nQJuj4JYtN_g`H zH|FLJ7WQwD9MLbyw1NWGvi_oH>5w(QfA5*5n2Kq60n_4Nn?c{Dd4Ywe$_p?Udb=nu z$+W)>7SopU>~4L8-g5tMc2w;avQlVwZT}?gUOim26UOxsddt1INqr~S&9vHmoA~JN zsoDwS`Ut({zSw-TgplxkJSl}my2WB?zqanKY|X+CtzqG9Sonf9EW9lX_hVuI)=bZX zlA8SeLDJ;Yv_lHE>-5%4cWQS-i)c5>Hu+@-Bx!fBYA1|XN0GnET`8&2RGDgCtEmc2 zO_!9kniP^L#9ju{Rug`mNbE%*&L!OVn}2`nHTh~4=8n+JUcTQQ6;j&}Cw3;wtHKn!}sqLkj8lfqH2d`7ol)$6CSqdpGQbK3fl<-?z6inj6t)2O( z*~4YE3Ue1^?q0*f+%T9k*RU|x)@G+QEX-x7F-BUXAK^obe4n@wy8cjU5n+UPN!uV# zQJ03PO66-x8V2u@(v&oewultc7LgLRMTFnBh;ZZY9C65)KSH|}1Vo0<+$E@m@hj%r z<&415Q|3;wY>a&|BDvJ|LMbCSWQ@FNoWT8$ zdX`veF4nweORY2u1nhr0%a2Chl;_1(OHQ+VlE1gG`yY`IjJ$bPcv7uA0fT1=#X^xc zLl27G|B&6(_~J9{f5@J+|Dm~d|Kmm8R0syx5lZCEqvb?IJxdUzh;&fBn?&zW zV-X>z`D&tHn?*z<1S4-A6rR*#ksOV@$v-d_5we@fzW5A?kUasBDw=B%@gi?76AXZe zMBdy{Mnu%J1VM_(GC?vf^5)b7Vi9Si%5Mkow}_CA9=_0%e2Yr1BfTmbd9x?GV04d6 zc2nYu&wvQo6A-za=2}F&$eXhT10W)iH`k0OBI;T4^!`+kjElTEdjD8NYN_%I0sJi@ zqyv$ep5&BDt|7fD8hO)$T`-CW+0B{0_zZ}UJpqw(Xs$)Xi@X^s7yuE8yeYlP>mwDO z-meLgsWQxZy-y$Lsf{{0us^n6U9F4r`$}Sj1gzRRBFFpezWKTe3 zIL)<)c#${xf&mbb$eWSlygpJ4LHg7@D@dkBh~A;dn_c1ubaI+I1Nd7+L_#p~<_wiw zB$A_%H?0IbiU`@wp}zPGh>$%2k;7@OMZ}A|*;6n8A`*Es>`JeX6he?9@}MA@$``#u zkvCiJ6Wd3~X{rMFTSP=cF!JU&m7FJ%qmegX6YwY^WH)>G;xiyZ_5?)srnwdoFY=~` zU;soU^5(EBygt$gf)tTk1j$sc=pBl@>9BV!BIGoe2k^Iuh=gF|%>b30Ba)+$H;V{( z6cMtUZG7<=5FvX4BHPnki-;F_(^W74A`*GiZ>-lxIzx~mk`g52B5#)M6^lp~RX!(x zzeR*}jI4g-&F(6>RSwUhkvDS)coY$`o6f%Y42Y0D0g+8;u0_O)ylK6h7yuE8yy+<^ zU5`MJB66u985eo;>7KEOG*RW@0sJi@qyv$qp5(1n@?z5QK~emKB5!8)i$#R&=0CnM z84w|R0wTYb`iOXuH(!%TL?rTNV@c_H1cDTiGok*!tle9=1;d6U{T77=oqUjz8N^#~;dBX6D; zo>ZPljz->`$SxQ~gzV-HUwj5c$ew`6Jv7%M;ziy}5e$HcMBY4ciPuN^K#(HRN%hVZ zy+e^Vm-dN8gq)^1fWKRhP(m>B<`LmZ<%r~Hqy6X1V5q3n@!mT zqll2*4D-cjK!ofGh@3=oEh1jz&0xU*h)Cqk-!Am}$aDx&M4lHUQ?(#q_9Y$eRi@1D zy<-uPyn6!pTSP=cF!JWFD!E2PMk8Q+9T}Wc#Tlt zn==x5(@Rb3X4@z^^5$PVh-t!zbt(DR>GvTd@@5h~^JYy`OjjrJ=13M^mB^c=ILL!B zOL=y;-Xd=vd_}Zd$V$M--Xd={Qtf71?UEyJ{>kgsRViUyZ;>|_yv$11 zF!H9~8Wxtwo1Ye}SBRfzx(05E3D7Z*a2V5kYz-yy=BZzPiA3JC z@pir&+uK(k4eh`e9N9N09lbT*ptN)Qk{vL@PB({0awqqCuUk;Yy-?||!mzF7AH9h# z&KUsTu4N-X!I9d20(K|x!Vy2y3{f$NpGkkG-vLz0y=>{L)?ZfZi!d*=v+~PCidv*! zpM59?S+aXz9DO^{;uWyNm>4Z)QjpW)^wrejV5h|jkz#TEsXKAq#o_v;B>OmA2dXMq zRjq7MTwk>O4p-hL$a1(c5qOE!Yv2`&TCah+B=JQDZ=Y1Oayw$ui%v$cTTiu-HrFNOF)Qw`pIpizN4vk$%3HhtO-0k3d`3g3ynTZlI5h! zM?}Y!nVU9eV!rw41Ueg1a{XfJ@S6&!j>anp>zOoD;c}=bxDi;kYx$E%7$_2yd7?07 zjaHk+{T9Nb96`HI%$#i0gi9*yW%wtbM|MbUPJy)jS(KMQ#^MhTsa?WScc)Zx-%W0Z zRLvGZsxoyMR32Gg&mXj5j{Otuw~74|ZP&g9-<)@K-^_BZ!03%e&KD8r!H0WgJ!-qG zmcE`CkJ>(~rMp*51hb==0T5g`wP1SoQ^!0|1xTw#*JRHY#g3|MG)F0_&vz#4yC)O< zc?!&i5aC|CW~S&B@R?@E|2kwTT)u)(3>)zk1oL+hehe-^HQmhQAC(26H--Lt zg{NIh_)Vb)ZNg%FQz-A9N#*mES%Bq-yDPl6!ajl=3`QVeWH@CR2cuPfE9`+ROBh;3 zh(&Q(H`;b+`;vV{_s=Ccuzd-xaKV(fCAmqvk}aj=o}!q%N3{7iLPeg(z>__@5eAo! zt7Slb$@cb-@f+a}F4s$TY3YYQx$G~=ZsBXEaf^<3>)N&C_=)yzB4tho%GPmf5-O1D zAHz~AerZt6MV1?+2QLi{((cWgiM?wFmL)DtBE;hIK8A;p1CDgPYd@*_4)o!b&0kx~ zRlBb_j7THH3R8|48dyHwVgu zd)G%@S&Y4l{#nuUTxE{wUB@BE>s`NpAJ@AQQT!0A7ZHD(2(c*MxG7OQ%Axo@m>d|m zIuTe})PhlpAI0K?vorqiP@EMg_&5uaqhGM5U8N?Vs6BO3pg>uurUO_Lf$YLR(tte1 zFUGlrq3m$0R*kDQH+E4VM^;YYT~SeBd*z0BT`>F4X-DLENdEJ?D3aw%47Exa@UF$e zNot@zPytgE6g~nY#mE8O-DGQBAoeIaFp)LhwtRoIVNSL^k<39L-idwSy_o;v^j zhV@cF$MZx0(0qj55);f+O!>QmNB(&C=uNXKQ&&QxD*6A)#=^5&%~(}>6v@@h#L*iQ zEb=s=H^Wd)OB9~95c)B9-UjWVm0XBzc!}4fk6S_{#nGx@{5VX&=mTa42LCo6yo8tO z?+jK&!GR%p?@Ad3;}lukRFhsV;*MU(~yTnU+Pr;LYrdBpZBdO zGKA%(Rx_(`>MU}Cfkbo5zuIM`8cPm$>A$w1z(g@6t7Kzql(~Yc5WXox<&T->`hSP8 zUMXuGd`jUdxvxC2wcY43YI&=!t#VOW_EVxk_H5B$P#s7spXUEi4f9RiVVlNv4ar*| zaukhYr8e(A2--+k9w(UNwc2v6HV0zcs+Rd?P<*wLcYL7Q_xKQ1=_S^xtip+nm`>_P zi2k6@BLB*T(gB{Au5y%u&xQb_z`Y?z&4cKEh+y2EHQ|v8Kxp^Vas#|&S9!whw`Z%m z6;7Ok>St;7co3`PK`g9l&o4!|$!s>q5w_c+A-3J#$C^l=5vtho$F#0T-s$A66r{!N z5bT;932%l7n-8;?YX&xB(2>yr*M2zG1Xo(cNdwQ86hw)OM4}ydUhB+(=fw6U$IFA> zAjx6vOSpc={4dE9+zO&rlEd8!;(AG*=EmhEShLveS~K_fBH;q?U&&SuOkciFR%+!JPJPEy2WwZY{yY?>_u_s7eexOBI2@ zbZ5s=$nn+^t>470CGvpZQmC=?8NDMlr(0oVxA_IQ!zmW=lg)Bb>!U9GHb&#Y1xv2l zxvF4E_ERV%pY)L2g~;Vzr%ZZ6!IG6(EpsT;jo{gnxOVcyB13zWdEOJ7eeDdXl6m?G zWa)<8TxDJv?S=Tv=llY82IAgiI=(1h@i@4^Tr~(417-GM6h@DyrXaBIR^koN6UQyi zD)|GL7V9^SJ0qKaB716qf##2brAb*(jE^E&_@}VIxaI@psq^hC=_S?%6-Svgm6`Tm zt>A$nD9W9={5jT$C0Cv7%=UBd$9@I|EQEFoMZ4h(VU%i@1qBy6?OJAlZ2=bA_~#ct zsgZ8MQx~*s6{H>xY6}Qqwn!e2|Cjq; zmq~V8AnC>UmwoD`4yvo zz=x-P5GEt5@!?DBvNrZU7f?3thb;OrFoW>>*4a-L{7^Xc5FArs&(NDftA;lfRvy+( zLZUFsCmI{4kB2Y8xY%QEv+AXVu>&4c> zs?u)el|t5tFDqOGiPlK>khPjCk^AzC&R3CBSotd)VbFUxcA&>#7KNr&qw)8r=4??2 zGxFRVJ0n1gegLFZN}#&zr-pDI#czI>1LtH5hKGZm-)e`?;iG#Xfq1GM|E{EbN{s?PbB`x&1usg*0-bX?p(4`D3#W#mvQ|i&g-cFc(#Cl% zp@J}0gT+*O9m8Ae^8G$fP3GlyMk5YK`xh*)IIN4S&B|s@uteH=qtz@cU{@5J(X(>B zp2faM|AKrbZd~i2r}?#-an+d z_e@j_=NQpy7Wd>}#$_%NPitZ^s>Q!`_I;Dk2oY$fv{A0rTroI^y7YpCmhuOUBNNJG z7>V*xOfdKgmkA?^{CKzW*JU5Vh{d zudb{G&ki({5yKn5c9$`8wZeNSbqxN=AU{ebD9($|V1t%ru3z-aN;l@%@c}1581!To z>wMsxOWL=b$nlI{<+Q|=3l1(=dewn!6HXGCrQEb}38oE4e4(jBVTZ%8ujPIe-DHEk zF-a}OBvnT_zZbeO+u7c>p3QInU)J-4!ty13WI7sWMplmgI(zo$uhF)~9DF-xZoIXn zb`x&_1PifbD5y~XTf2ODOvE;y_Bt5_7}=aOn+2I@E0ZyA-t^xmniHMwgiB^b=~MV>MKpc5m5A(j2oaH6tc8%HdRHFGa^i-EcaZc#ya^jW=4W`CVi1wM^Q4qEfklLL2%^_g zCGVw@^F(Ad=?w?UI#^xz^9VR^1OzRq(!7m*@fi@I^aMmUqq!E5I#x_X{(CSn03tUM zkzSILTdaK`NA(^fNTzZ@03xIV5vI%+IJ%2LMDk7w;BOHT3F@g=$=j*q91&SfN2q%{ z4@u^q@M^{&B6%x(V=^E@_5?&$9^@l(KOa*f@-2x(q=txela%z4&XA*e|5YkaWq|-h zNCzTJnKyrkMMUzB^i_7ZSVe+{ORMCKRB|gF+<0FRM7r-{k!1ePE*R}2l4sa<+PoPM zA$tNM-yP@)X=cESAhMW5`gt|pZ?LRf?5n=jrg68-v#)ciQk3zt-~*t zZVWgknhZimzP^MD4EhExaLDVo_*|HO-5~+sL^Nw=9+)M zi4}kOTn@XQ4=!O8o>k2n+8TwgkRDPH7=;IzxF*0TTpZ|3$)j*%e_|<5STVHKR^L*J z#*M<|9P<-K;pKt0N*aZq6`oX)z!n{ahqAjy`xDtsjW0e!eaKIRPTJzJ2VPkgpq`g#b-c- z>O;GIpD{b6B&i~ zj9qrrliif~;xiyZ_5?&Or@0mpZxlXTFmR*rHTw~fv{Cp|K{9R>J{pIFF^F)qH7^A4 zw}_CAd6%QDK94DtoHPpeU>A%&H8KjH>5I>RNE@T@IW*TI;*G*X1p|Fob@C{jtLwko zwKfVD+>&_|{wqgn)z^)}7rq)Dg(oh_8Cf~*KhHCA%IqMmj*Y5EvjQVwK2rMECS0)$3!E!VR^Y$>Wd(AV zGI89}tP;L392*vTadIGnf6Ag2r%uf9eR%x#YazCUOX0-BgvNg?SlZcqKJ9nJ!62A* ze!&7vT3OAza$O-Da8DkDFszBKD+AeGC0mZLiU`Z=P&)gm#cI=U`?4PtG**5BZ5qv7 zXAm|+@)7z*^OJDcFVe4gMGR^rhVu$Og)jfqPsNP#`6Bxgk==OUi`f&apc=Nsq3mV0 zYC4L{1g&}|4aiLiTuNNP(Ph`hUKVN#;P5iR{Zar(&%D#yuTEu%WcW+nkI{kX_X{W=xxZ6gacQN4c zcHX@eT?5{|4>hqE-2ngAiFa?B9WN4Af-~?y$VxDG(}ex_#r@=246FqA{UmN0z)J8m zVb#rG$Br_5mWB4?%ek|7sxRlXw3XmSQZ#NQI0mPFF>~4o&S~H6<M zdt7)zE5Uuy(=lEbQA8mQwPWTq$-CAUpJ7fTd%`S#Bh9sQ+ETY4ze+H`ET09~&3$_i zk+hZIFMG0F+t1$kM zY!01+DR$L%?JHB%1H1ObvHB%JEx2pHdU0GsVXS^40C4hH-L;SR9QwQV)1_$KSp6>? zI>z)mj>%?Fpu(iFx}!=i64-Rt9vrLhz`1rzuOqwpd{?i-WaxEdPk0W$*~Jsm?2XlL zkx0LojMc3>GnF=0A0w5=jnz+o6pM(A)qD9WJHHs|81y+N>yGRvHb7-)*B%_JuZf+C z)pxp3ic06pfJk04BJa@L^s%~8FmPk_*ED%eIn8#y$_^2c z5cHjXCT*0;5y{bAdnvnMbYvpCY4Dpj10rNk=p!%E-1M>fQNh5C)r)!)k+iXTSJgX9 z^bYw>t3QZEgq&t0UuB1gNC@uQ-;g#+C5_c1*#)DB$XNZb-@F+RX=AK@oaUyF)prO6 zna1kV*5a;R#_H>?Ud^%kG!%#(t1G8O#_AiMi;mT9Z_mw@DUiMq*xTdfi|JeO1BJ(K z#q%jKd2j!-Ad9^{R!K4ineE?+hu2x?TV4$dmnOoww`%ZAbPryX)UT zO>Iot^e6{@F7}ao7I==KPr^=f%i|e@sw|tDX_S zS7pP0vOM}cmJes@Jes*?eF;ud%3-L$X}3N zc5A<^zvth0)yjU11w~}fzigP{54{L`{sVqpfxrNXs*2h3Z-`v>QnW*>`DTSA z*3X{5kk1?3NTDzkNd)W2zX_{uIG4rk`OCR`nX?^d z#I!wscPSdTj+_YRRnj{0m+k%8CTSg6FFc_=Ki=j6qjk?e?43AcH19TFe1;jZ2#<5Z z8sTo5YiC3T7jyY&t`Q8dMyMbnGkXw`v~^@h)jMAXiqPrL#qh+%AVN;_O;5izi-<@F zt|Mm%PiP(4j$3bg&VCpITVmD-c@$sai_d@v*%J_%N^>nDUQ|MuanU;sp}Cn96F_WFpyVZQ49h9H@0 zlGuS+q@!CiWe$EL77@vNJb=GNL?q~I(p2(jmAqI)Rxibmi(DbeY|JhgMMUz3`rnaa@u^!e3pgOPH7|W7cm(IA2j<5$0p_K*0?;MTOS^UV`jhY9 z7%xTR=A{-K#l?&{BWUOufeLMZA{|fIDEw%D+DRoBkzS?#jo`fWT{uc_~LyY4g$rIV>0F-*_Kqi7|-eLj`l3l+vYvMTB$+^8FiI zsN_7-tuHz_FFo{HT=S}bW2tXU21F=50g<1#^bzsqr6v-Ih|EhHN-Aw$I$0`@o0sO} z1TY4XT&Q3M_$s^IJn2BhpO@OHNjr&M97|i$eT3RJ~iIF^qgSe=B3X!CnC~E{CTOr>K!vL-Mb(b5t)~^_EmO> zMCPTBrHxXYInYNU^HK@BU=$Iun`ivy&438m6A*cx=2}F&dFde%S7%;2V=X#=WL~;q zbi%xJ`T3D~Y2HK8dCB>5>gdb4Tv|Qg%gO&G;>)=}c&zKCgc6f|IlEeUew@Y$&qsVY zJ%R#vbOPJ-hjmF^JRMd^m}h(-N^?DBi%aTGV3O{V zDz;VkL!SAin^bKBQ7Q;A7Du?VKZkap7U!rMR0&@K+HBGj5l_`?BEu@T=mAk~RXkOL zIRr;TQ>=fZ8$1fF&;@ZDSd;VSS7Bv)@oj8&uIGmd_(>8MPXAAHoBki<`u-oY9{oSX+|fq-KW9o;!k2Ti1I@=f7^y-uyoO+n z-IU!=mV6Bxqdykf%K!(!V=a?87gadh)E~VlaGI16Qggd(ma$95YRdI)Wi01TZstai zpT67gsFli^D12&k@e8rllGA*%302iDp@%l26w2;m|?3V zufi9fVa6o8oiT%Q==_;VbFGeFZ-RE{}3cojiUD~ z($TG%G6y%rA|iQ@2k^Iuhy;BRyY+vlqy%0YQXDT8jnT^>6qlie}P+xooM97|i z$e(GhMPw$u7<_6D6AXYzHW4ZA{=g-h~(WJz~3Sw z67U5aPx4tRxkf}*liqNtdJRc3D+qWL5y{K<#b-c->=@XNyQr!2pQ#BqD=5dVQoAf)tTk1xbCYdetn_fyfA| z+z|(hF;kr6T@k?FB0@Swg;Ad5fhxI3L{^jD@K=3mNHXsd@F*gZ*TWZ|0THq%AhH9^ zwTO(xJ83>brm--ATWwWe(ISrpVh@8B6)uf;BOHT30RMKlDAdKIU=%}^aktqBFQ{~ zQ{@;$B(K#sCIcd5PeA0i_C6vf^4N}u7!rxdzC>hGN$Gk7f)tUnr1Df22tcH>{M0jL z-k2SWh~yRcDm$NsNPw5eliWomxAM!uSdW0-VEtYs8J8Rv+cBbGay3t1Vmce zc|w{8yED6YNhBh9MC89&OzCn*kBBCm=GP=2}E@Imz*Ub-$ z{tLB!VbtRms8A#-*h}Slm?Lj*w;!>Rx7b4$tF?R^O0|~HUQun;2zpZ^aWL*pjo{)N zIbYA-Br&h-2}~*W&nNk(#FK?~35fmu`Oo0dzEkK<-EW3RrhG0p>4CGc*gg9dLsc4_Wt4zDmJ^Ph# zs>UEfb~8tct_mV#Pe5co&9#Vld-f*;10W)M_Qk&tk+eN~U)8%w^bVcS-}+cABIGpL zzRC^}kq|tge_PrpbP^KWv;U1+8?1n{?r zh=kyt{W0N5)rjQip8W`R!6+hRH&cA^84w|R0wUMbT#JaeXTMS~03xzy|NDQuK2iZe zipX+7GH%a)R{VfoMwQ#(=$?H)cEKnjWH)1d@fi>ydjcZk zX|6@Y+q3^oFaRR5XP@@7*GGyyy}uG9;rLn z7&H6kQ{`C!{4FA+1Cb$~$%2k&|hzMa0{) zA0Ze35!th!|C858`aqB(@`4~4w`cE*W5yUna;fsY0sJi@qyv$Dp5${>at`TOkKiY? zXaAjmM-d^r8SIPCfC$+W5IKtGT131(`+kA}5RpCmUw-uZNM{IAL>?0)|?vvuq^*Y_Nk2_u( zagFxug9=er`;ObQUpqOvXAi{<4Pw`-48#rfUK)uT+Fy8V+|VJEm>f5>?0c2h01q4x zgC}9z+aqy9UkZ~I*pjjWy|^KMY-wrQ9WXkPV&jIm$BxZl2Mb*eb2pcY5Mr=2@zB2}Igy}OZJyK_cWXl_2BvR+O+tMO+2Ko#VsdGCRyhxo_z7v?-<+1CL zmlmnhC>%BzX8t6>s1Yp{`^uPsB3mML8ew*Nq)vmaS|W9h)2iVRlUK&j1*Csg&@m)` z&Yr39JDzn)EgJ=f${xK3RlYf>azW*?!par=oE?IBcDOzg%##(=zmw`e6Z$WNtR}B< zqwks70Yjs(_}9*gR_Q%6k4*taj0U@KD*kZMVCUS6Xt2tH`?F^k+>hV;Mot`ee~*$K z`LkU~5B~JDAGdk{<>wdFqWYE1_h{SMYiK7yhDdHt$*kf9@J?#XPRUz?NLazjU7bJu zUF(GO`+8=lCa^_NePzKN<>T(S5TZ-^+CRo`fltl#LR9SeBHMTe(T&&Gh8rqE z#Irly9DR>%r}A<4=eai#)q>S_gO;IGSskWrSm}vBqlX||E@sx%m*}jr!C|O+K zV7rjg-d)vVhCIc+IqBm{ThSdN#cEw$>uc@3Kj~YrrfJOwJD~MVC?;ADa9Tg5Wn#3x zgB3fik1h*BEn0_eMuuFxxH0(bATKh`kE;98Y!Vk$mtJ1GE_QE z%kCj`dl)l(TEj46Xm1G3yB%V-@f5Vw&7CCs^|E;5W|eYwNw+VTx&s)o@8c`2eO;Y> z|D=8Wz5tJUW&N8!DFG(#=FhU4G$lu%UUPv3vgJxFWl6zaa1?&j=>96Lh;)0~rx#`+ z*iDjoon0bmw@|lnBHOl`yb-(m&?aa1S65iOHy2CMuFul$yw5$mCD=0;9n4G>z~b)r z{Bld0lKE79v;|n~CIxnL$**<~RB3sn+dDlws@)`+ciC-%b_=za6WO-iy`rkFx-a-K4JMFQnatO`hGIAwuoGQvi#LD(!+J z$x!2DQOT4ASnMVRc6aln9jDS-WksT=QYUG9lVrY5hf=8fIFW7JP2Pyz`LxN|{adNE zdpAuUu^t_JLA-Ju#Ngh%TM7VGrUdZ?Dw z(Ylu#t$!qpK>;;pkQ1=FqxDeg>#WUo)*d2Oz@{%~)0v-mHrdho8NnzpTJLpJno4En zQHx_s+Gu^1(EZVRZ*9#|c7>eu4kFaEousx~lf04Eyo9|Rd0Z}`x&+aImJ5y0X`>l3a| zQ!ndKVJvl}=>ac9S<^_cgT1*?nY*wYx+th21M@ z_iZ0|cKf6C4+2=+XnpduG`l%AoA)fh@uT%UDlIr#@27UlxSW^Xg@iiEiEP{M*wOk1 z+T`p$?ow;_m0~IE?%EA@|NVW>Zi5kDXQ|}^SX`w4S=Xi6-NcFJQwy-zO$uhIrJl40 zRoY_G?VZW})ozkZetH)Y>J%rkZM(@EY46);le7EJmsq%#%3KOJQD_hn>JJuRv0F+7 zPyL^k+|a52M76tyB8Q}RA)(&kM7C`=c_Vf|M4O!5=Zvy;-z1j8?q0O}nRh+ADx%u>=x>B3$WNNrGjVsFGy~xRK)1n{?2MQNv0^h3kmf;C$eq3 z$s4iz3EJfBzUU%r_Z?y>?B0oX&w0nQyBIRm?(VAT2+=eYfj<#WrI6j^F)J;=Vz-nE zM%}+Gxv3(NrYHEjs@)`+5$Rn>s1G}lZQD)Wh~3Z7CTI7U3$5MviKVc+5AA+sk!N=y zWT@TStETy)X(-OV3ZA5p-Q+QyoRZvSN~z#E{hI=RDo>>8IsNWxH%X>Ay$cETpSI21 zx4{#3*W``ZJ%=_qyT@N(?S5D+h24E=_gim!cK3k{wR;!UG*>hYMbqC1_gKho@|bL= zB<+?`!PEHn1^!fyNYm5!-PCT9%&7D(B-H0@n`N+@yb-%!p-s;2tIxM~|5Gf5-TTn) z58m?Z?hF}f_g<=LmS`G^nZLav&2I9T?oLVCEv15I?w<+#sa8Etl{5D})NYbYX?hnD z>Rj7q8SEx+#O}9fle7D}^Q_&^iKVc6AnpGAP0w!sl)b-dDre+Xp~(1quTHa@JZ5{R zB<+?`!ISl7fj<-tzk}Mnn1##IyO2;{wQZKcZt_O#{(v?)yKniMwR^5u3cHV`-QO}H(1w)a5QR8GRfXX!I=)EDaKSDeN9jyMKJcvwON{_mQe;EeM>y<)@x0^CV6rLv{;wFQ+8! zmQt9%J!!uP{HYodQ%!n9AGMn#GcCOf3H2k}W*O`zZ^Z6zX_K@2fnsa-BC!;9pF+D= zyzbdu0U6rf$El`eAaMScpL(XuvpA&-*)7!mPD$D=r7(Yc(%PxCQV~;4dc#K6TS}2N z>0OA7=1bdV8SEx+#O@zyle7D=bFAGTiKVdn9NOL9x4RfJ)b2k^rKu4hz;4p9Zehy2 zI5Ev`p$>FP(rzh*`P-A$MWq#qm}=4+HdebyGPUVlNT^F}n`N+@yb-%sycV!~_DE~@ zm!y`@rQ0arMe59+mwu1_n_hJ0@_ki+$bSuj!B?j1a8zVQzY0_|lwc zEStFoT#=_YST=2+z)dZIN3AkV+^IjBx1p2~QuBNAGB3LstfpMKSFb05JWk$W^hWS| z8*|Jz2s`M``f<|9j9#O=NXF+&P=?;H61Hp~Dw!UyJx;nr+|H{RCvGunHgVoMT}r8% zE7!4FgLGrSE@fo6l$d2Ytm&2ovjx@JYb)3TR z9uk-Six>cr%ZbQVl1hu$K2JJJ+@9<`oaV(K(nxcTky0T+ zGkroVB9iyLZ%hV6$ew`6Pp|lhjAc*|5&48fB2q>~HjtFW^iPK%efm$5%H!@>zcfA; zky@H_u&=U<=_ehC%=9F$WCK)&c5b|VQ&?4BLlHN#3#PZN&HG4-3g8(Kp{N8zK6}|m zq}bh`eU(HaGMR|{xPU3?BNd+BN2=asAf)Z%p1dj+5ptSceU%*|A|be^`%c;@w5PMT zMN27S61!j&5y^YSZ{7@ukUasBH)yVXYEHyZB7Ni;!2pO<5Rs<&L`3>XF$8HJ*F%rS5D^K%-QI`NMxouFy)9Zq5tpzFMiG&`I=^`{AVT&8 zMCxg-MP#tMKRaD803uU~$m{dGK2iulipY+tcRmO}gmiRkrp$Hm6M*D(^i_6iM4o%e>mz+2 zND#9Mm@?yVf*I3CB=4sH{&ubr3BeuWY~cy*5VurBawz^-cEKnjl6R9Y zJ_90TPe9~Wnrjisb@yi{2?iQ@I_<-x+oCmFbG$34#i@8Bei9x&xOT zWBO3wszsjmVu2%Azz-yS>*J)$pWn&F*0mW($_0U$w~N%zQ)OQM+~d=v`Y+J>g;7u6 zvAQf`G51B`|NZhOCuFmqYQ*ziYIMkFNg92q*HML0&&8opo@ykD+1Daf+M_FZ>k_mr zCX2L@4U3gascMQ`O0|Z_y;OUR)w`N{^Ui`-H>=&`rX=kKsCL4rr`OOfN3|0r;cL-U zzUY(cqp3nku?NYKx8C5jW~p|CT@YiE}>7H<2^zxouX`}7E!GB5yPlKA?CZkU?q=ZU^JN@<%p;qq$4Z%odk>I z75tNps6KrKKjKB|6kWmhfU7%ZxPpba{~={`A-Kvb_^J;RR`9u>p`&muA}jcjR5E=9 z|EvHPw}RgVCyg;`HW9l!eYo8`LprQoiXR=X&rr#WNw?=H!4-Tf4sc^eRkGt-M}BMW zA-E>QEX^W&!l-&U&9$Sdw}RhOFaRR5f*H+%TvGt4t&Pe5dEnrjj9R`5Lp10W(R_`@2A zNZJbi7C|y@1>XUulQD?YQsv77_*+Cs2O|Coet=4@A-zg(Tn1P0iwJlW5we?YeDN6& zA$tNM+tXZ&h_{08Di{C}S;6>?ScjIyy&hKInDWl5g1n{?rkPbwq;Ya(( z?kc&IbbI46xPqTUz@vze-E{WFXF!DP35aY$b1fp?3cmF@VgN*B1>aLrX)E|k1LkDEufQTdU+E((R4Q;0k^w4vJ$CA-nmHZ%hV6$ew`6uh063 zcq{m?NhBh&g5OwD(ntIi{25Yt+>OiEaOM}&NAjui;l9dlWF;Ml48e~g(n%%fk#28X z23PQRu?t4~2-(e-Y&&h<42Y0D0g>isJR!~A3VsoZL_}8bE1qUb`iQ@RKTax-yK(s} zP6J~Q$)(DB`zkv`NCzVQ@S}+QENzsyf}g@J7)2z9;@|R{Hv=MMPe9~7nrojLZv{U` zFvzrm$JrH^4z+7-1wV^Roz+>vPhx>pS;6lvs;>1F{03V85TM)k3VsIP{g2@X0 z61*!Jh{(dc%@zFCs*y0Rw-x-NZA3d+m_xhd75o)^H)NFrVDf1pzUzJke*m>xgBAQu zPkE0}>1c{3THL{ALhOUK8qrG`wfW11A~ehJcB2Sx}b{&1r10v zxS)8TD2jL?-l#<55eWp`#E3>0Br0gU@s0-&Q9?u{c;f}pRfy+y3~IzH;=%Vk)!j4m z&h+FBF6{r?-{PC;uCA_nx~IFVy1J)UHb+PSXa7fd*NV;e)pfQxaK+6CIZby76f$3G z(*#9QUUmn>4wG-Q>nwd+Axu5<{qzG+);nl-rZi}7wS1esT6MQT;he+iJnK-cP8JGz zs8S<`2=d~wSe&~YC+SXKPLVC|WoLO;Vt)m-OqT4QjDMW1{4&noC6yR}8V6>~X;_dA zdiCyX=?aM5MR%A}PV-X!oNEr>;ke<1#Y8}-%1+3@(sSgpDHM=+GVXpe)^J z_d%r}_AgzUSGv0NPe?RN4L{8s$Fo|_QkO}^M$3Z1qNVlI;24Ve-d_F^l;{oaA^)MZ0!t(IrQX=zp5NA)D<##m$i*QBtbBPApv~b z<_^OF&~iEBO3)6nvj2plUKhGAz~?dYA?Z%R>bDJ4zgfHdQ+$*TkeVQ22mZn9E9!=_%w*byjYjfK$~-)E1qHST3=tU;=& zu^qZTLl~OXPfx6SjhjVlJS$k^?14td!G4YQ*lV*YcGmbC4jJR(gJF0>hBN?R{KI;q zbfrR&26U+ppn{1#3(e5tmEe2D?|I<#YX9f?5!ykewLF`isCnRXoPGV`hStu$K8IYq zm8cJAU#IB@tTHzE*;me!oLrK=Cwd;c3gciBTZZFcxbUjMW+2vS6Cts=ab?thWOJf| z+Ttcr%x(52(LLEB>&a@Se@%^-Z!OFpiy?tV=qwetE%G=wao6j8DD-BjwXh^*gF|ob z%=Gqn%(DD&!cr>9VjhLaRQs(Umd?*Bo6lUe`2cj(35(bife0mM%e*N{rD&P#32kYa zo7UsUnxtjEq!sJCC*oUXE2(*Xx+kP%&PDyLwakM>t+&ki+Hlnkrd#InoM_7wuZmqW z96Jc)oFlftD$bjawluqDI1QwAx#gVM8b9S*<1I+H0J$)kYq?#CKX{c!k-S}C z{}glVnqbx$oPxG(H?CdNS>&P~K>~7<)>hwO^<%1Q$_G`2I&{RZYfEyc!xo#4XRfdK zYO9S2k|)bVvZ6vgP-EkzeCPPIla=gt%@%U$*#=83v-Y|UIT-tqfVEeT!#RnShu2=Q zD};_L%!(EZ7qdcGFw)1doxO{qi%6hX2&V-UsmXy%DtmlTo9Dnl*q(0rFT>IWb`(gp z{Qg?uMdWyEg$oaJt`+<_F?pQiEG%Fic)jsCU}7+{Fz!Uh>u+Y^t-%*EH>+GXrNT&!w{gIRw;BrI}gj$TN#{s zv9hSkNoP0Z>V0ueXZb~hD!QQFnXi-6qX=lg!cD&2w07K1d1dqSIKMQr&lL+@_q?@J za*)>ap?Oz^d-Hj_Yx%CoRXJb59AJQ{p(!8@D_4ujiR+vWOhergUx3X7PQ_EdkDH1g z)5U7B2_gkbaf=1RU(C~hbUZHgA3Ng_sN393ytCz~U}?LbrGk2jf>j1e*j2{Sx`J}F zT@?yf;I|sTmH0)aUbGD?+$v8m3BF-K21t#+sMcN)zC^AFS6g$o^=7oC*Z&w-KjPbf z%le$rxKE`1B~e%NhjQG7{%`#dSO3wvej(gYAv27$QfZK=sh8)Zp4pS41)P8VujUJ6 zlEp8t_V0rsXTl`7$cT+%e05K5)YMX0{kyquFRfwA9H2%iWN){0ZE zPNh%7B#RR5y%NWxgjD(gRv>k`GdQA#ypk_)ZDPHW7xd-=Xhy&b!I={_x@^qfjAv24$|1C2hq-!^uA{3D30N9qK05xY%O^E)t7 znd3MHT37f~>+fBl3wgbw!gHZL$U3bH?Zg9JzNs->#<=ck>t*F_7A9s@-w5~W=zd+S zT{KXtt^j;%8+YSy;7Rwhb@<+6`HaLLw2NM6bJJXy9%NiDjA0jbXna)q1Ky*XwJ*04 zZs*EG{@yibVUe|9OXSknPN+jKG_OU?p+rqfVYUk@)h5^>EXlp6sPLXOSMFIemPH|; zDVnfFi~XWa=fb+WCjk09(yO<{hPR;aV%1uLf{nYg-%yplnhnJYy_mZq$9pl~>BT01 zsVA5GrS@VzafseV3 zKTd$dX2N}caBsS??DUW2={|^5I`cX-lzbIN=D@O<@91fI++of_WXp0N0 z6XUv|L96w~B}S}5{>e>C6gmxbO|@+AyyAlN#JJw_XIT!&I_DKH#1C@H{8M1hl`ffVjzv4xC z>yFO{2Z!+KNhzsnAN=9rbEU|h8lS#Y>M!Cmk)rtcT!BY7KHFRpz$bnGWPDmK_VBUx zxl(W6{#Wst%|%IFuHSz;Q%d5~6@Pg6oFuZR#%D(=^%wCui=z1WoPb9+K0jR)z(?(y zj88o>P5-gp1f`zhLdWkv{vDj~(ihjIYa143O!%Hn`uu7Be}dD!W`&XJF3d`BiR=ep z0aMtLQV+t z-{#h99M5xswUOR=5YGiO>A}!y;NHm0wM*?vsqMQIzyA*Z$YJP|{@MdevBG93^j*oY zZ%c-JgId0Yu+7w{&%!IV;B&^D+;93UysBN(CUv=AK&3>}1x&(<2xP~n_gQ**CtGCg zl9F8T$o-aqKA<@?S6z1y!bc!EFSF*z)0tDy9JU7jwOhMXzO9~5)|@&y{7V!!q@e-WMtI`bhwYxUg(fqv zeY?E1OV}*9kQoz!F2V;NYg?`mQo449b^7Cs0po@q{hM{E3u);T1nmCO#w>AX@fYBJ#$~L?jer-c8G0ByuO+_A>=LkPbvhsoMJ@+h|$g5R5UeD;Gox zgtNZ+$DDU#k{XFEYzHEe_ka{_3nCNK1T`}h8WAo3^M{=mn$^iZb5vD^w zKgRri%{f~X*0%+n!LbKlBqWPN*af4ANM4c8J_RBqk3nQI)isD*h{dz?k+Fh-j;Jom zJSu^u2d6t^4k_mVsAuAD@nHfCYLysNYw)#n`FJ^xkJC0*j`|8YlZzG1(WF@_QyCo>N0aqFCx6Nm+9P3!Y6 zvOez;@p;!=$YR@TMS7ABp8X@YiBqJ9RzwK@7jf17DBX462+W<0bgN>eo5Jw$|6yG9 zVU%u#+{Q7#nJ*-;yKUPz?7ou#Y&nRBH(InQ)5j)D_3=&I6(tR2F36NSM?l$~iCiF9 z&7@5;g;by0%rbv>28mG12T%J_x*RRtQX^gVc5%`jr==4@eOeIA>RHU5?bK%x^|?vp zDV>+@OD7N@_7<5flBuQBO6fDNLM_rAPU-GzqG~)4L}o%Rfiuh)4GNEy)}q0pxU@~-uM3$bt;5&be&fMZ>D3$BDs1?it2W2 z{k$p3V`i-PsIHl@ymelUU|`pIUrZt*p>@z!~d3kG(b_pZc0ht_#}X}L#<+)3-a zf6>7dMTC@U6JKPDh;Rt5^WKy;ie2ZO!!8(I)eI;5NB!nav8o|?3?ffaU4w|X&bw2` zfSYw*?L@DSC?eTp zU*WS)fe6WC5SdAJ4IusHP?U#VJE$h6Sww49JSZIaHvGn|} zzhf@zyx%y!w`HBTxvqbx)UTJD>-{PVS?8TEGtN4%^A6C8^rU>PuJevy)S|s7La$pl z=nWXM&YSwVz}(qL7r)MX5L-BqP6+=O=jUXd_w#2WUFvmSM=hOR4gIgydBe4IvV23! z#;@}v>ak2NKfp>tgxv7!ym`Fu;=ftvoq?P7%xKiwI&Z7*TVLm0`4!~QgBlFxY7Um; zw{@)Z>{-R7Ts-zd2r@Dvxd$yb5_y!k=pZU&Df!Z1;KwT zSdgw(fAj}80y<$JSVCL9aU7PqngS7uM`NV0=Mi=GFv*th-wh`$EA|PTDeRSTOo?etGge zKfx7ct5o)Wkx%;VCzYE|68^o5G*cC{S_%;wy!MHH(r+`4aU}6S>DQ*OwtccAs^GTc zjGgd@jRBa3jrr02&akIwnnC2)!+j7`Qg*4%XQN9aRe0O|bI9KA;hwv7aJxVCUUPpd zTOugiuLn@JF=^wv0mE79Yk9oTikce`^+F+d)zIg620p4z8VEfv(X@sCOvy>CPxQTs z5~5ej4x%@6Lwc=1j;Gg@t=3Ji^I4dfcNcWbu5&k$v!7MuI$bxKb#2oiN~%rTz{#aO zt(eEfig|EQ%&)c#ifPZ~jNvAOE861a?TwTZg^7{!TI|D*?su4#av6wh&oEN5#|OYH zLIF|sF-__K^H$bmJ4w#ENx74i@?&9Qr2GII=A--dwNm!fRR^);TOGjiBNPxRJ7`je zluca&Qr_8lov^%$W!d5f1*QC(NO^dgIbV4rh-}Qrf08ilYo+_r@_7J%FmmM<(vk5e z%(1WUGVGO`i2lpu9azrI^U_=swxUlu{xJQ&L{BIr*{K7brFHWKiO$rCaNV<`G$ z!YaCYmsQoPF@au0-Ugvqu6!X`Z* zRjOCHRa{!9w!DN8)Tuqbp*Rqe#~yBIT*G4zI154L0MGP8bIUVs=9VnpQqY)P$a1|4 zi3IFIqI3yLm#F;{Ti`39wWa(D6CQi05Mt_v$ zqnHi}`S4tX?9mz=gLL?@^pDPKypk*=$sW|T$1`A4jzt0WuEM%z3XYE?8v6(XJNCV^ zA9UxL+Kfr}KqaH5XnqsQKv<}I{Y9;)I=OaSZY$a5io4?Z>??_J+apX{dJO{Hifhw3 z!{NqgWC1jhuc=tXkysRf$ps3i3i&5V&=HQu>ZmSv5}QK;YJ!L`{{XI@k`GM%dvo@? zNpQ!ps|BJ(x})1QL;B`Ge(922*+Uk4%6;dhvs<{*vkh=q2@I zq$bm=A-K7YgkW2*PTLGEf?CzVNDT$?G^>3mWAUQyzL&IkRa@I-)mNsEI@_fIxiRhX z3bX!lyOaW;_;x8IsP1+-OYp8!2VK#6yHsI!DhX$4tvivLjI%vBbm|wbb{UA&WO_CG z!$7+%+QhWWJxDd}VuOd8)oqvm^>#TCJ;DIwcwh3^i`?(ae$v7I>ihCN0E%yyFA1u< zU0xHs>(t$swcak7oHK&`U)rS|Qj>AE?XvJQSGzop)MR?KQ+=Ra_DwhK(h;elprvND zW^7EmFzyDH4o@aEt1N271K&A*=txoFcZqR4zyf0q5Mwg?E^kWTS2)QTI{RE)yHN>XNW!A(QeXju zya-b%nto{R$JZZJmiuvDMc$OZ3u?ds!#U%|C9#W1><`mpqjtC-^)QURA7kvDFG`2? zXDww2`4%&7Kxfl*Evf?*(iseZ&q0LE=7#g};LO(BXiIYZGbi0fZTT@@NRrql6In*_ zsNFAlQBwcRhT6aO%^I)n$X?~(4vmRdde@8 zC1vbsd3rb8XW!@TdQ?KGqij?eOIi6Ma`d!3?RmVrQBL|cqw~h=2h2emGpZ@0KUKL^KZJQi#0; zk;ME1Z|OX&{uAo1wJkQz(Y6PI+R$h8i_vG{?6P=g zY$v`Po!BPw*hl*TSVQZzVChD^@X9pfm8mA5Kl9kZy}eU8Py( zF>>f$bwym9@PA+hlUL3&>P7cG48AXw6Oc9#E(c3cH3CMBtg^H5gjKfwk>io7SjtFJ zJ3FhDyv+mE zmWVF)a%MW=HRq)lh&q|VavIZX_7GD2*OuVd6}|0Na5F5s{bABO+ZZ^xa-1%0sCK;&ylm#QUgD>K{s8*nRp|YwifdyGqwDgd6JMvTWJr zK_YQ4B)t&Wyt(2Hs&1zS=Bn#{Z(*nprzg+1FkzK*w(3`l((5=|eSZ!+N_4h*0)A-6 z3y?#RK9DkPo2~Xbi|?I`M4XlM+i{()G>a{Qk8;S5o~_h&&T2`iMh2>lo2_=$oHK=G zbhdh)b8z&%Be`08w)e`Uc<)Fa^WJSlbQ6R6Y3yt@ja@L>N9u{l zzolqfRx~7!L8Rdf9}#c1dYy?xL}sh+NAgMfh(B8$spXcr1|NPz1$kvUzU~?9?Ku!3 zrRwgBY!ML-!P#n+w2=us)E{vU&Q`_jf>A`O$^KQpc~kTelE)zO7S#>UR?iCtsb;H} z>8D(uv(@7-0oS(7R)eJG^%=G;v(>)3{?xP8tJ+T3@UzvOwK22RE3a^@Nt&(R`YAeF z*?5IY0H!8LQwQP|_W3muuaGY^CcNM}a-@yrj#ubq`1$b)BQ`Y-um(7!@ekAL?m>n< zEW=jg6}WPN`<&Kga=bzwjKt!oz8sEM*h8|(yjl#&K%@h2 ztz{{=`Gym*t)Y*1J@SCl`KILBP=-ycuCQoLC_}bTm`(q~e-!X)QN$U_Fn1GirS^F_ zqqqzTheH_-3RYcrnp9mSn3R=M?9va7Er^|w2eygCA3Px?j403jAfni1BpQa>FPR8| z0Lt`q$reoRO59<55(Wy?(g3Ns@?3%z2%f?nLo?mA%X~VQO5CN{@ellAH!!zBq`>In zmOacF^06SYyUc+zZh$_~}}KtnqxvGz1Kb{<6bc5C^|)h*cd37sKts#mM#vHqQgw zpxILQ3^dK!Ms8Q4(PpXFK?9&Gu>*xG4D?=bhELdZ0h$j@#kD;4gy&<2mK#SMj$==% zQ(c#m%`mLuC$cw@qYj#=AX_%%%WDY83{T+_G)9T!Jc1l3j09|b4*#Bw!5cw%ovt~3 z*%|7#&>58Myn)}U6NcD`Losn`#Bb#)`wj*}Q`UE+Ejp!5WvBUN?J?mNRpOORb;|d@ zy7lwUgW>u7_5jcG={TKQgIu%~UPWMZkAA2}1LEHXIh`8yy`g4RgPq)jy8KxV0dTxE zz<9?vfyTt8B_U5+@8Rr6QQPJF4$kFJ4!W-DDrIKUv}*iC&!9|)k)FpN>uH-ypTUL0 zz&~ue)SfJrW=WwW+ht$uL^@Vsq*V7wDP3)x?J`<(4%#kz%8RBwZGT{&*|7=}+vNzK zeTr3BE4E7>)itZIkFBTeK*0d((wB(HDJK$eHx-KQT>gBUffe6WC)};qgU4zJL*3;HaFaRQpiO5kW z5Rs7WGDDDb*)HkW6?OCx+9>M!0RC~FwgH-Ry+(uqvNb_Z+lK@^iU`SZzrUwU3PeaA zgUIew*C0}DJ#86+0T5Y2M0y`jL_)U9je?}h)AloV`5cId?Q&57|2R)uPtCbnBSH^c zP0)6!Bj8a)NUl2h>{B2@@)$(6qPhl=hq!cu5vTs(3}>z*e(k6@PaDE=G3n)2V$iL{ z?=1Xsy*Q(UNTHga!;9kEF6{=zdD=SYEBeMlD?K}}A5Ys@UB9(mM(4%VKly*< zXBvneBAC{aH;EWF*SNL1kc~IyPc;;W^zRdqn;`_1fbcno`VDQ)Impou>w2 z=gZOcb11=OQbrGtsphGdk6~{M`PedbrCDs^WFOn4jht^BDb<>xes7MOr)q@8oC?)G zw%|N9Y-8seC-c-@KKm4JTr2ZbCDk==oHtLE2?lnadU^;E3C&X*Yq@2XN!}5Z^VFT1b3J6n%pIAhda(;e5h1y{%4eSf5t7Fsavjw* zh6Xah=k^;&jd-=JatT(6A_uG76tH+o2N=N=W2~eWS-iET`-CW$@FAPe}c#=c!Nr zS3b6bC=u+N*5;{`o&k++K|4>K@tI?uvi`PN08ecx%?`tfez3nseQldazVWqnCcAiF z+bg))7t00Z``W(y8NGIAq`_!3zP4&1G7J}dY8bZaYvb&(4!*W!4~2YfLxaAy{j0*h zwqCxkjV{PUz}L2I$k+BT^znRc%La+M*4H-E>RRpj+TIWfpjdsiSawl~hKlvO9gV>Q&EEhGxDIWz-|b5U&FQXrfXgQ9cbkdT4g79<8oyf$ zh#bDHCqN}->vcZV3j5t^$lm(4E?&8Aez!qZw)CKEX_U=BlXRL}wk@q}ePdUT@>-N2_b4TD_7 z?^bf8({~mwdx~Gy_qz>lTiKobvcBJ~vsZS5`rWqr2mEeV?$Vmy?MUQu&_Fx1sJ-;V z|CQfu%{?3f81U95;CGV)I~;`c$9Cq=hQMKG+^m7@Tu~$E95|!njGUXKj5cz{OHY*Y zSTQC!<8mO2TG1c;!$!`5x>A}hAtUFWU!2vFQf(8cHqOZT@CZ?dW(dUTiJuzzo>ZeQPC>Ja;+63=LM>3mTTv56+*YdLxKSou!D%m8#zQIWaMKa7$x9-WYf`K-2Ha|Vi8JE5u?*-vV zq0YXS9j~=Ghz2`{rCrm z>iUP0Eh6!59vN5vwYq*G+@O(oHTNL;;5f`%*_6o!Wqb3T8u=9GW<7H8ZmtlSTKE7F zlKed5JAD0ptdQE`JG{AqRi>D0k9*QF*Y=f#Ty(B&`P%vV=0G=S4-pLPTsx`{5edz;vkw(S5+Zj}&|bIioQRN8O_x$hhzN(^TsuN@ zZqegtWUgIJz@vzeTxI+0Qy@a}7)1I}U4w`>*LD{S>|A?HHW3NUwf75>E{9^qw@yT4 zuALmfKW?raq&e4XL?RBw1_B;Mgyd>ZpM45MNFIYo52|Yr@#flX1p_w4JulDYPmJ2-T#!(6*~9SX=?J8c~b$Xt643$$gfy=60+;OpJT`2}Ye z|5~v4xi&-Bzv1WF;~`ONbM5MfTc2xBnhA|`hqH6-8E-n~TI>I;hDE8iJczy2_&>+C zL}Cp$k$mg_B)eAppS?9NbF2#v)$cxy`agxp`aj<=3_btnIp7aJp7FuKJBYiH*oBS% zGdY9HLT3iMq%(tEFUgha-Hemxj9a|%){rkXH|R_K?9Q++bd)IPfEDx!;fmYx=8 z0{<-GA!@G}b(PT|caDr#+5V%qsQcfmFnZ`P*wEW?LMnhhVTo zT@BDE=s@+_Al4Ij|9hx|j<>V8c(fkW5m?U2SICPCAKGi&KBMuo&$!+A(_`F@{Mpak z_A&#-?e|+d>J~B{y<^CN#r2Ivi;Dhr9WQz2am#+^*2!_R$jxZ$B$7e+P`x6*|c8Svq8e9eJcRbtB1{ zY5BN4%#xHRk?3lw-W6R@t8O*lHF-O7JlACIt8`74n~*@S1;)h1Kz3tcs?i`^j4$>> zIA#NW;=fDXSn^{S3B-;z(tXRaU39)DTLs*vIGc)`HSdUQNWir(k1TQciCe#^W+Kaz zQU9QLhlqHdt9TlSaCr&E^KYu@PT@*1*Gh<{zNzM-0HJqN%`RV&uuh$~7dwBQy7nP7 ztZl}R@B43Vs+shBr{GOB|KwxxO*I$vWTh!@s`=Y4@i)~RE-YHTsir%$zzQvTQ_WuV zYP)Z$`RrbE+r zJG*bH`N(3i>iR2_?uFsds@_6w%*`9mGK((m)Hl_DtRAlo{>j#vaIU|H#lttlEJSMP zri%loafx7Vh8ge*5McQIPDl;yJ2b1#`=iGNZkOOLKzErVF@?-)9fx--y&FgzI4nkP z3=WSm>#yUm^lldp^No=!8^*gWV5mR*8M1IArFP#@-C_UqxegKNq_~ zqdK&SCvGpB(6IOMn+mr_dyjbk7CUazgpDM9U{GQMwcR}3n zp3u~NWK_?=;FEL}!q9rB=}S6QAZ4_B)KoKh-Az{Nwyo_iE1dkQseM{8VRYM3|(q*#)Cs8OgieXP*KQlE)xY zOmz(+dv0P7xkNAkBCisWsk;-Ake{kikaYQ}hJEBjMEq2*2k?*cQ{AFDS8GJXPj#+F zgh^^ocEKnjl6R5MJ_RBqk3r-zs%sGGl5P+=O)vl=?-G%TyLo+N78q%N_i{l}e;KSS z>6;TreCR}^lIlDkz~3OkbS%)SJkEuha|P4O^fxC)Yebl&y08mI5s|!8efB93A$bfU zXHZ>(NV|>(k)s6zAo4L08M~|3M@l@oUlAlH7m3_S-<;^>9?(gt9uDAd5D^Z+Z;M^1 zITr|L{mqFhI1iQ0XOe2iE*M2b^74H4DG(uf3?f6Qu0f>P?zU$O20-KsA~Ld@*GI;H zk?teU3X+pYiQGxwoY-Z#vyYHcO$*>}5D^Zre>~2oXwJih^E9T{jMIoPNi`GjC?b+~ zkk38^A|#JN5Lsb&+xHXa)87^|@dr#&D+qWL5y{)#XP*KQlE)yjH`O(WykU3Sy9fqAq?w2u z0`t_&HQhbAZxJLXXNlainT~GFC-obgJ+Ac#^DYbEZx9g<_@V%^HP*c~=S*Qajp_C< z5R=p!1U!m}Ka7m+1>Vbf&ma&O+>oy?Ddg!Fw$}t3X+o(NI*me z(}4(|R3ltR4n!pHi~#-y5#fM+GmrCbnsdt^(npwX4+Akt&HKQKh~y=F_9+k{c?=>Q zsIEa|7Ke1M(3*E526|7Vd}3Vu!S9(I?{X`#=C8%?e{~qBJ65IY^CE!YZ$R8VDQ>fU zqSUh<(RJd%gafgao&R%gq5UPxU-_s*HX1z; zAfT4O&t~$`dzq`=c@75VghjNV{QG8I7S+@O@=9S*oqV&yq8h-y={@mN!@dhZnWQ#_v(q(#F>k2PKE?Y=Rx$7EFsf_bSI?r#5ezVbiA6QKD-j7< zR4?oxh$O(6BbfZ?Bd>eG?dE6*QmUC!DhUzc5Zw7cQ*&;SK~W!h4O&z!1Ux#XlUyC< zvrmBt$zu>Xg6bMXJd0|7!2pPeMRj5(5eZpTj|h@3i)x#@bqyk(MYW?~07S&18n7J^30YLr1xc4h z)gIf7jy_ULk*^NmZxCTR5Lt>JjYvPuxti(ba=D;I^*#ZQB0_Stz0W=cA|#JNWEZMy z5b-RkO$7rWA{JH8ZM{A+%aePuAnCHGzQnt7S)^B(R1{XQ55+IUt}A<%yb|!*5lk!a~{t0vZzIMH@jf8kC0q_!M4-Q zn*tG%#~{+Uwa28$$hL;?y{&}z&@e_ksONL%NN-q!gL@q z)Z_etpT zPs^Q!1V;VKkG7~DsdFMiO0|nGvPDEV1TCu1rHv+M3d^WPbq%{<6cLiETEBTyAVTsO zL|&n~1`*GqsuB!i|SdbYY_1)s=Eb)R2J2v64G;d}3bxUr+G=9!7S)wkaeR{HF${ogyd-M;!w!oo zDZZr$teAnKRZ^E&9k{vgx+;_=+nZdpmJl~q}VkEw+UWg3Cl@A$)UVNA9 z+jrez(j*0C+3#h!W3qm}Fcg#3Tb#q@F1cg!!!cRmL#&^@5QxdzQtM=6vg(m1d!*Ig zA=ZvsAtd12cUx$MYPs|1ipjb`c*h=M?Et(O4wgj+#O+%MoH{0Jt_j2%hV!rsbtG23 zvGowF@bLSQ7_6~U+QeX8^`PL~mKdy&dt@_o0lrxet}*&X`a* zgL?quGw}x(^MyO&LbLs7`W3gNT{XC=6Cddl=VL#4=ZdQthm|nrYb&1cB$H2YnEgOXydS{{>l9qBn<%++JH zB&<_Er14d$QynLutJs*UF@^t4%vI;9NikPj^D#N*>gP>aY08+Z7k=G5_UmA;3yW4` zuAaLNqrNNV>e-i|yF2FU5|oj+lK;9At{y>Z zB<5;HI(l4e%vI|+jJ&qBSfk^S8-v5a%=+s%oOZPfha-_1!eQ$M;7~Ku;BW_0BQaMuZ5+j6 zgT-9UxDhc|t5*JskIk4HLVF_4sRb9wHrp@!yog-sDvY_BsUQ9)F;|%88FMwdH2*7n z$oVV0K}uaZilYcN35tSYS6IB_`;YodGrc=-0M9M5=Mjq3FV7frtU!jKnfj-&NbM@5 z^4!=#F16uTBZrlE@l+?H5_L^GFx1vI$1uH&dwV0+G8xi9oY`h<}x!a>hBnsdJ9JX|4u=wy=Ge4a}gop-#?K80;bR>s;6iph<+ zlc{d0ma*CH=nfDJU~P{gB4ao)8;=b5Xu0RN7esQ907UZSM}Nm>@3~GyNU83TQb~vi z2Y6&W&Sz`R*}`%f(`$Cqh%ia5A>g#OgPIsqDaU7@0ui!`K_pk!AzH>2c1O3TU;sqU zCn6^$h)8IM=rKXkbvAUnIZi~fsLqrC{-%#G9s2dekH-2q%{i0lW{1dJc*!KC2zV3` z$=ly&p8^q*#~^Yb)ir(O4Zf!AI6DglK;%LqGH~tYwvVKPkCyumLDKa>hYquyh$N`a zwE_GMB1{J&ojuNnYtAj=>xo{9x{QEF5h1zS(Py6m5t7Fs(v9jGMC41gL}YWpKzn2s zRmAOacNV`yZY2h-TG$=`)gCuT3bpo3c8j*1`{RqG-a-Mn1hRmzmPt>S(e~HTgxNgL zXRc~D9dj49bJ6O7FR$=1GFHEQD!H{bR+kED!Lj-uFnXd5g|Yg|0KoBM^;^HQ*JPqOP&}7S0U(#&441daUjcs4#ADK62ZT-Y@glH4#8-eeR?7Jr7 zEB-^!GOpc?$T8km{JhY@SBzB>aKd{1^9Lio;>UvwpDi~GJzwzw;NKiN3rwhtuQ>TE zFsH91C$i_!bbFDjhK0PyyK~|yGhXEMGs0fv4wCI(S2zRecqe;bZ(%?3K09)oRn_+* zza$jKUAyEKQMDFDoL=M{;VoX|8=zMBWbXn~HNOz7hU%(~7rAOIT%M&L0q`pI_$v{o z@u5K}252eT;xrzCK7__-fWX0nyVg%XMh?W3<~NiKTZwOzt^|w?SO`|BCN2^9$DoXooK4kc+CIkZE>kyw}oz|^6 z^5(F|)%)ryzh04KI>M&idZcHC`=8R?7~kFVY+{`JvtQrE+SdE>0?IBw-7D+g!1vnE zZ7O@0U)G+uYEd_PWjE*zd{gg)-T&j;t=avHkjuV`25C_b>WBX`yZx46?u9+1*yZ>mx0PBRW ziOAURiAZQI`N|K1h^z#Y?fzcaSahteNvR%|Qb~vihu~WBLd`iF^jJBG-G7-zgh{I1 zBThslFVAP60uhqOATosN8brLcWVT=cM1CY9Bb$jxXf64yAn965?t+a(2O?QiXIcRN zxV7XdnsX-TU2Dl^0v=sCkz5_*vrmBt$zu>Xlf&mcunTQPjj)+Jf@z;{~ z3X-n1WGC!lIuJ=v82+E5s)uMYt1wEJbOUbf16563`S?QQBIMO|a{bj}Phc7LZpg>hr`JKwU^ zlkEQBSUu(emoj=Be^QFdz?Y)e4TmBz@8Ppl*YrAXtiD??uw(V2CL$6VtGjBsWu#3W zt0&*Ts4BKKm4iWXB_NFV!`Ocw_ZV zf`J{YpZS`IgvRQQTJ9`xX4IVg=#TDRfjvq`A0ee`4B#I(RzD#$lR28Y#_EC2#fi52 zZ}i!xK!n_5`p7L**C67J)z=6HcC4;!BqE`)`X@osHCCUAZA=Fu2_mvQfPdUreV67O zH&!3OE*LXb7x?T`AkxZMT}X8eBHma%MleVf8OV3Wc%zmyQ=zYiUcl zqQ~-tcdXrCXQ~#vf4HvNVfX)iZp7|CA}GbtT8a&6_y52p0?qViO7MrZ`ya!mzqR`h z*LMG9#_nH(0uHFGo&~$`NyTdV_?e5$C zTl~jqyNAoJ9O9Mr?f!SaYE#+!{j$E@f4f(9gWCN!Jqo-3_XVxl{cj-Gv-_XW5C0Rp zpIfWp{r>S-X~*BykLNJ!Wbe_@F@`qttH?5To6I~K<=bHq(1P) zIS?VGdP+(qAtD@tYso7#=WOAu?f$dH53ARUo8I9>gyd?d&prhrB#%L47}Yh1_~#!5 z10ZrS5gFY;L_%xH7X(R{-M`oEPDHXO^2`AKacjvlHRnvw+qL958WAR`76Kk!IZ57O zKKm4ikUR#FBdD%H#6SNi7yyyWiO7j7iAZQI`G_FtT1##-&51~Y>XZfWk6TL~t2qbP zlILken54cU;88>*Z(pB%3Pf62OZK9=1`+@KqhJ6;3W&&n62+&@kC^2d6IEtmM8ZWf~4z2=t^wAIY!n> zsxvHrzd?lQK%~m!+*Na~V7fUGdLL)qviVF>RnCc1=l$#}lL8U4ib3SJfBT5|=O39! zL?#iD&E-kPkrGetGo^CZiO@H(f9OD@i0T~Si)>GFF&&7Mdz?FJ&IL?2CqnPnh%iar z%`O=2Ba-(8+fFxc3PeaAgGl2?9+SZNMh$tOwumqth>Z0(|0HcRc{tO}iO>@L)-Xxk#4Z>`MDpJCn>Pg_B#%L4In_09jeq`8 zFaRPmiHNEvB6>aI$=y%Oog;G3&Xb?{d{U2KJJ5lMX|YuE*&h)7qOI|~W)ZOM;5 z5juT}6A@CXPQJ(%5#bO#5&Dj_QPPP}b4E6kEXJ@4MiG&`C;jG4fe6WC5P6pB8bti_ zkAeXZnM*_#E%W+FIvDBMx2u*rfdnAJbPRobQj>3TA|iRe1@O1)5f%-e2wfmFNhd;0 zM5dhjJc(T}iiqUR@Y$z8Byb|M0NB__JucYqrMd=@+i5;9@g~7Q`?jusHEthb+pReR zaH&T#W#`aQi@ainj|df8Tq@{5^&`!QEvS9(bd(M~$MQ zj|5uF^eCot9LA6Cs~2m|!eZk9n7fgzUom1xc4(m;ncuV`j>t$dd#3n?AyH zK-&{P8tXxtb0*VG9C*+!Y#`uKL`bgo^x3CCgyb=Z^q{&15zj8%Rxkh}Vi)#(hlqsi z!dnGNmtFYB4NgQ76#0q({&pNjIuPlMAC1VtnsbW`?K%!TXcxXkz@vzeTy^o;r$B_{ zF^F`fx&{%?F5E~k03u=+?z7bEBMOYP+~WmFmtEL2*@;L4MLsitzd?lQK&08@yocso z&vb`f_#zyr4n#<<+WG8LAVTsOL^@JkgNSDru6~;s01>eZGv!J8$P!QPiv>xSUHBo# z@#yYtEk!;yfWJY6=|E(u$9Zebxti$?yYNwV!Dt^LxoY;6Nr4E-V-Wf2EguojE^J^T z5fQs^V|fbMg(IYLmt9y_>_nuJBKPw}w(B{j1Cc8H=-!v6Iae^{>+(~z@-j6Lj$6G^6)zuf-A|f1ucHt+|MzMC`ICjBk9~n;e^Ze#bfe6WC5LrNV z4I-Xh_^4n2M8qy!`kL2A^1w*`f?B!uk3 z@z^AEAVNy@QviRv9wCRIUHH7v#M*^J*#)DBWRm^uKKm4ikUR#FyQr=~#Ip-;5Db8b z*oBWT@%l(Q7@6@;%blP;$#&tz*iv*LLQ3^{0Drq4A%~z{_^{B#+J%R)3q}zUyKs`v zJ_RDJ*oCE3*C68Ah2sQ+RCeK?>+!6E*oEiyAiSyULN0HO#MUmnc~sOcwDAo5R=esi z?H-6{sQo^2j-j{EnDB$XA&Ktsz6t-Yv z>D{Ll+U*gFTKJo|oy=*4Q}+)?Ep(P_|Fpul;{s6&J87Nloi|?~FLdY4)>P?ESKjcC@!jwTH*&5U zhd;P~asB?h^@f%&Z@n4WvQr^9sA~59DAVRB#Ootu((;c3BO48cC>6h@Nc z2GJN(_Vpqv{Ai4#SDX6(_tYQgU|YP*H-&e)?+RP_o}Xl87tW5yoq zasFu`<)1v9>BjE{(IA_SxwxsorHsydSBi>0DQ0YPk6FVkr@Cgw_H3brf&tbr`w|hg zfQX1K;HHdh&P?cZ+M0ydCWi>=3hIO4Z31*&-qwf_}Gm zq>YkddxL(rG3x&{%?7P?z703rtwkwx=~NXYNjRm+_K zW3F@MN8ivr`3ff@q*T8J@VDz+77hB{76?t!H;;mTx0BcfqlmO{89l>ip8^q*#~^Yq z)isECw$M$20TAg+M4oxk>mv$`^f=N{%iVwkAi{LK=zLOFT<%0f@)`s98$^Ud(C_wy z&`houmin7VW{-?XY9PB{6cNe0(Py6m5t7FsatqZphA-&k9ppE$NW9A`=zLBuFkmB*`r2L z(aC`d^VCSA-QVjvrmBt$zu@dNOcV&-dw$U4lw{CGFNBHQ)sTfSdet>k$rff6OjZ( zJ~n{AL4@f*q%(f>2*0)F+@i-}rq=}L>POiHqkV+rs@Yd21tKJmLFA{|J|f;+-M~a5 zB6Ib|@+5u4pQ}em<*q%lx(l3$$Xwme7umiwk-0iebFSBjaPO=pI9FG&3q}zkxmv-t z)6JU#5t7Fs^7(TflSXf@ev64jMCR%rpXHPE5r3{8B$d17>e(E}W9I4}zQ`7l$XxxM zw9({hjR^P7>{qmyq;6mrj3Od=Z}`od0uhqOAo32?HE)eKSHCD2q?)VWSdV^7nX8}L zmP1FXx%$l=_?jin)yw`7ovV}lmZj3}0l($GEfK$Eq0ksN<0Nv7_gnTc{A#>&SZ9xl z_$~JhGCa^SY}Ic`7}mjWd35L2{Fe81P35;d2ts?Ot$mKMF~FX@>S+9y{{*G=TYf2S4eK2218U*%nPqk_{-ED-3hBuGBj#A{?~U>O zmg0@Xeci={Gd8;FguJtd%#d46^WJMHZrD0+a&3OQCfv?#YkC_c<$X$aL#{f`6V2_0 z9E9o{&%%%)!pzs?kS*+nydOE98}j(Ppc~TMaq8dalH|sMhpi)K^3V;vEox1b(+e3c z`#RR!p<8WRR88B;-r|?_y^s^VvK!P3S=j(Dq$+LA3t5d^zER?ZyhA^1NH3%p`{(jO ze%_AbG3=TK7_r`EJi#+zy`GX6H{gT(0p957gax~1XCc*#>XmxtC<5~m?+(~Sw3M%W zoU?Dp2l@Jwti@&59DJ5@_8o=3tDcZjNvn9KgOTrpyi9W*&UE90>?1F$wq4TCaVewo zj`7*2n0?7TX7)XS>YCa2HG2o_VS)kHBd-yWa~>liAs^)PPY5D8B6pGxa*s2eh>%j< zC8d%O5e`8gTseJ_l zAhMK*9RDa03E4Fd3z9CoW@~IgI#y^|RHrn6f1F)2M03sry|rs>3^rMOLBOMkkX-HK zvrmBt$zu@t8`U+4JjBK!+J`Yr*FB0_SN>9bFP2+3m**@@~JM5gLFvsR@G271jp@7p;4Qp+aX zVaTn-7+Z_q|0)KX?}hqpGj@wywOD`D(;0!ioa3mLH_v#NcJGg=vu(G$oc_n3DMsPP z1dpJ1>Ee@JO@L9jA^=_dDBS#z_lEi2rCcfM8ik+cm>;!)MzKHb6{yhkC#ENj!cDW- zo=H1F!BKc3Hl!W>X*k(0k)krBrRYy2kLgcuQeD%ZyivGXFtDTWiU)~EXcRtB%bi1g zl27K|Gs1}oDb+T<$kr+p4#83Q!-oZtY~dUog~y)mM1%jX_eHjd2#26|sZQD`X(uQ+3XgOyJM=9t z5BSZSqK{<8Bk~B7ZqCnBLyI77>w(1-+gg04Nqi3lmx_W}IlM&a2) zle7~Q9EAt73&xDXxB2W-AkxYxJe}$qM7&XWqF|6}6ux{tdJbe1&fhroD102pQ7x|> zh3`HzItp9AK{ex@j+0go_zjMa-rJfhG{$c*m>lE%25E+$e{XA#p%K5qj{>Y=_}d|d zq31Vn-P_9H()bOM?`<9HXN0~wHXI=b&G`I;(zmkmD%gT_)w1??n4RD*0=8QSz{3=z(oFP_JiN^7xruvtD*uQjXUg;XtHcRb(m2pB? zF=wgVpqPWTn08$O(~X8xCJ;n`R3RVHOjB}~|Cwk!M23Xidb1R%#iwb8dpk|Vt72oP ze&W)BUV`Ta;1BC1cw#ub1pWH7GoeQ5$g|(A8sx7}(x^lY+6=q2C?IS;0Y8u;Eqv$8 z%dE-X`Eq$S?R)zPtB8G{WFo@8|NPfKt&Q$S8Et>B)4mUveb_JSM;WcCY*X0_{j$D& zf1g)2m3^NL6!J>z%_sVTTIQ7G{{kRebc=RI2g4&Tt3`{#&-LodHu5S0ieWol?+>kb@ zcHAENDJLD3G~}f%G?{tr+vTlAkK-G*v}rS&iU(XE{2h8D1R@ufD@3`vwZoP|13xCI zT5t$`6K2F3vl1PZ8TJQM>u6}-*FjGGk0IhZqpaiQX zUnQDjWt6uRDt&7Ww5vq}=yMeHx#uqGBTItpPm&BbpT#>rk@DZmRHE9RXKm5;IA?#WLHwHC5$wSD?dYAZ{_;gCR!xUm*-sE9b5>Cl!>>hhr>0VVZY18LKB&{j%m50K_o zExD8Pgw3>3__5n2Oj5_PbNEeEHeXWjvMgKInY7T^?^|r)N2n8YZpvUURd?c1rYm%5 z>DEg1ZV#0}f!;Yw4LlG-=Y&Okjl3~^!Yb!m)!~;^Z`JF9cW&UVngU;UP(QqAHMUXW z->R;6*mkjR)n%Hq|5kl<3>f>G^F=$?Fb=;}y>;1=|^j6(14dr^PHl=RCPBE5U)b{rBCP~NHv1F8G1I!klo z3jkMFI1hPy9Wy&o@ou%t^ID%^=74_4;v!pDdYBK&fj7M%L>CgAD&+8G7q=*ZBlaLhG>4 zch-;Is(cAbCK`8^Ww$w>Fb{?e4u#30U1zTa4W#uJ-p4>_Z=bJFF!%QP23m!xF_PgQ z2DdA8tMH*(U9-O+REz1S z?b0iB{cHA<`m0d?QnVDB&912Nh_#DZQLn^`8Xx9hV>WmV;rtI`!mLK*!N2s@XOVKhH-et zXs^ra86#cy(Gqn(Hj4N@@@x5q(G4ws^vzSYgy0=~t2*Q)>xZ}MAloSMZ`G~0*mkjRRikJH zo5fl;BXhwxxQr@SpIFU9*3A>TZ0M~T!mb-+P@-m72J8A(JwbWd&phkqF44fgRWIF4 zeL`>5wo;qxt(rJ688rP?{aJ1rHu_e*E?JZL4n*FnbHkmMRO)HVto0s7+Q?hAfZ8Oz zRZob1&{p26_oh(Wkag2tizs$V@;Yp4XyDa0PiHHj)4KUc0FSk9E@S72yjAl}D>b#Q zv-7QbojUn%)r)uxy;Udw9C)in?-_lolGb5eMV8jrVV$(RdL7n<9OKtvuS%QXoG4va znD&+W;gHBW>_y#hn&HcP7>2E`!#D}8!#eDvuS4swq_0{X@MCx#7XGT$VhHW6!+sLX zy>-}&Rv~{K)}&iSuY*?aE(+Dgt-~%5-m$k^H=3$t9d?bbx(bMUheP#Otxh^6vKl)# zD8)ruingrATKTF~(rPSe5rfs(H$OO5V+}XiRZ**DpZ3f8tFZ^#RyN-+>#xSfNLlR{ z6Tcojfb&LmrTa@hnQm5y^3^J5PVuVFx*WcTrOVYKp#(7xE1e=zp1xUedbzm!o~62z1lt^_wmy+D>04Aex-NHF zBC$C40}g)mYGYky38tYB@}}f3L*f$kIq2~1^HuAE!fxB9Kz~X>?GAMg)&PMez7~H7;wIO z2j;(w0!!6x{Cn@0*+;~@ME3Zdr8qQ$t=S%!tgT%v6)weJB6o4&l0-h;?`m`%Hg=nK z$Dg%D*@t^+Z@kge86AaPp;l!;oYAH2@eGCVYOLL{Wo-!_k@W?tf>sbLQI`9hF>Jlj zqO|b$()^YQICT!oKY#b)!r#;Kch>L9o0B$A%$qg0KyS@0*nN|{g!(131)rh!N^^YD z#ET}|QMQJh77#==9W4TCe{Y~W-S*-84R?j)x2lfWg;uGq)zov2_2XTPIo2xGU z`mDZzy--3*YH;ui1p1S}PyQVX90rtVH}Op4Ev7?CEt4{m)VNs&%b1XqY2@o|Bg~XH ziIwW58karVbzG<`%^`Ji)J7vV?;O>VQk@Z~wnRkLr;3768@p-F*}_>zZFJFEF-gtC z-mvV*Cu=2n37>t69eI*t&B~qqARi8g9jI=phNc-;V8}?=TucnGczuM3Y%5Q)RPPQx z8j%ap>|mFL1R%n6Gz6d2@@yv}k~c(3>Dmk;!XX&7v8CpmDJ-Y;#7|8QIu+P6NzKCM zc0?1C_pPr?3Pi{%29X~o`iQKscPp-7A`y9th-@TJvYbx`AC1T;Z z%=D2rm`Frwh{)<9K1m<(&jcN%<(3mY$>(>UJ;;fOoC(_77ug~bITQ4av{BOe-2obr zdPWRRVi$}eB6+X*&6@%dlE?Isx2djqYv%D2@qCr$2?jvqZ6eYzo`^^v@y`VH)^f{< zp0e3YN4Msay0^Cz5y{)m7ug~r9D?U}|1E8lbS6m0SOR6GHHuv@iiqSrE66tjYt96 zAHyyfMMUzZ`s`C6Lh=|y?x4B`kx4kVB#2BB41h=r5qb1FuaArYBaO&fLDF@f`h^EL z5gA2wJ`Lb+5Meq7(y<=r2Q}y6Oh+s~erk@?h%ia@WfzPhB6$;i_9+k{c?=@|q`C%? z%dzAUL@pN$fJi$mi&Vw6ULVN=BaO&6g5=~JByc?y@jR=#}KJ0=~L?myl&prhrB#%KPpXwS!Ms+ZVj1mlh$VNouhHJb& z(jAO6BL5a7Cubpn>k;|U_o*M%(}@Tv)%*bd1`*+a^@zuLg65nlET=KuhDtC=WwHxK z5s|!+KKm4ikUR#Fv#G8@UoO!by-kQ!}X#*+bZoG}z1*3>a-e8}73Pb|;=7rZI z$5CB_NMCybrmtY2qe$QCk(Yo0TY-f%;2HuK`7l+(2Q_gAq^ze{ey&Q@-#(@d)3$E~ za?z&#{CC?6a80A$T!#Xj^3{xWD8Ly}UAPVfIAN$m)}a8$Q?cuo{8?3`v z;Nf*BFqj3dT!#WfSRi*D3LL`%U07g>>{OsLR?XR8I;D73&?(_awVm>tOm<2eo`v2z zxd5X9oBAF7;+#OB<9!?p!d!`K8YU+pV zX*_1~Dy9~8dw3LzUgO`1rsFUV2Hz_(HfHzgeDC#Y>KG+ceV2l-e*G|_kcleY0$vU8 z;{e9rGGUd|>VN4qiiMr%7_0x-ai~6Q_5Xe)Wr|w;)$lDlhO$u6Z2e*h~D zTmApkmFBQ9lCAz9utn&omXzxJK(%(3C5NEZzn|uuEu5oP{~~xI9U~~o)uulC6eB3f zW9F0$s%u72&+1=u1u?*!B36HvJcX?OeCZl4tN+vPPDHXO^2vUOva5Bb0})#HdbZj@ zbIxSCxd|j_^*;kws{;{|s}^6G6o`;K29ZB5_YqlPt$xKsA|h7*7V;Fb`p=fiT~`0w zdpQwFP~==+WQz#XfrxMQZ=yN3$i%I0%MV)pmF$9!S(X$0S8O}oyeSYN_ZUQ)F7uc) zdRG53CK3^``hOqGr;ycuoK)_*31mJt>>O`R14Ta27uh1hbRg1XU5sKZYGg2O^|Y z-F%TPBElhP^?xaC6l?Wg$1WH}q?+s(`pugH5t7FsQb%sn#OklV#Oouo zz(}{`ep>EIBmfbnVW;&{tMUzqli?n>MFl^Qy@a} z7(`}MU4w{c^;Zf8Kt!zm#TR>hqy&u2_^0JALIMzBIuPNL`sZ%WJ|cO41n@U=jc^EB z{Vxektkpl9T`-DB0js{-XP*KQlE)x&Kh-secvk<-f&mZ_tN*!+ygo7pj5H#fXt_rr z0f;aii110}@9IQE@|ptp8$^Ud(CU9mXp(Nr4_f_4vI|BL8P2M2^4X_Agyb=Z+)8x~ zBA(TMonQb&#OlBALa&eHfsq;i1WA|Ge>S%N9OFn1MgA~=zg>?Yo$C>g^GwY-o9Vcj z3_nR$|KHgKqll1PUE{M)fe6WC5E)N(4I-Y^e}P~CM8xVZzrgDw-N8sB@}(f@vigt1 z#-Ia{EQ(wgz~3OkbgoA{&Sjc&CeyJV!B3Lazbm_76cLiEF+Tegh>$!6k&CIWLBzBA zhYJQkM6CYn&-eOBIv8n0-V-EUR{!DH9CaX)pvbcW_!~r+&h?1L`D)EM&g$>XE*M2b ztp1aH_9+l)#p)kHbqyk()qkX5kjm=6iJKPd)9UZ@25p$OnWtj)r>{c+vHF+4-u4>A z>VIe*3W(L8zYYb&>L0ic1;py#dL0Ug)&H58hHZmYtp2Chp@3NZMe9&Nto~!yp@3NZ zJF`Grto~opH;C1L_p9tU>u&Y`ey;a=Ij#O9Yr$8)ewc@cW8hN%`tz5l)o)|^mdXzP zd1M-h>HF-v$k~cMLL=b|4JwB$Y5a#y9%t&!|DQ%{ett~fE?Y-p`jikEhTr{R7`7VI z$1QhfOy3wUVnog}n-k9)zwE{I)zX{NSPXxUL_#q-XC&VBVso}aXP+b4{@IGvTLohJ zx@n#4p=O0ViKB#r$Q)|kPAh~2L^bWK6{-fT&a)M_3vY?(;~io}g)0;J8!yg%JJGZe z{+kv)YtaGtF}yGvwCZ;019USn#;=^NBKdPp2|Y;q&*~-kb1;sl4w|r#Q5u?7e=Op( z-Eqb>_if{pYR>B*=c3`O>Ra7fQ@h=jTL@L?0k^o0HppewS8*H!I}< zj^8;?=>r_K_~nu4F~Ml80*0O7%z8t~u$72hT8U)#iQ}tKW*H({2h=s?sWbhkv47^e+Q$Oo zMDf@{wfEs#V=6S zwEWCSEjgM(L@Q}0>Om+SQCEZkph$8qK@K7lk$~%XcKY=fL?%u}KQ9RObBHIQi^}KX8nE8+mvS-0O06 z!B<$26vqT=(xICLkJP(aJ5zjWp!f}@UbPpA>GduytW4zZS<^MSKfK@5^oNuE z!cBw0y;61BmL(VCZ_k_k;}19wPoehK)Tl(mTMl^3B_{(pfENikx?1xK;hkZI5q;Mk z<}{fHFzSW8);umJv1;>2n(%k@qSNsY^FWv9Ib+I$Qs;rKr2bhQ2~}=Zy+=VMJ>|8z z#(zX>ybrv+8h`rP)OeF$qm2V@Rxh8i?lpdRdPK*b!5WKgjobS*+9={?b)2)t-!L>I z3=_8=ln!aY3y6OV&s?bxRfDAigKIPW^LSZkh8C}cer1~hYxtgoWxWux_)K4Hd66i&)VZ44G_ImNRn!cH_`dVb3oT-0w-U2BjNsaGp&oai3J&k<5u*gN+ zV&0PVYsaSYOv2H+(gtCj^nr$VJ3Ff-rOFFbYm80d5Ono!t~u8WXZ?YO9IX|T)cso- zV>4MR$!k1~NQhP`j7^do^E=3g`|IDH>M?1Y(-qJ#@k1uk`TZ6VS$hhf#QD7hjI{ZE zqEzm>^tm>}i3nEJYt=!%$kwsRbhPJEkMkNfKxvYzw;Yo%+PRu6Zr##}h~zDoqHRHh zDN<2h*YPpLvB1}gk@=49;=`hzN(Et9O~SQIf0oHjPLD*k+e~gtM^|Tk>O-9f?Y6*h~(YtH*X3=NFIa8LsZuwa>+IZky`}= zAdmzw!q!HO%%bkM+Ai{L?5k9E`_kb>W-v;nEBdc%-x_X}xnxqe-PSuEH zll>re!6+hg*#~ROjOW{ss}IV^r{6y_K4CCew|pcbZ0oN$OyB!6+hwJ#iB!A_=PVS^$582-AUx@9Mo-a}K(CZ`X*3 zJ9iIu!6+hv}38RK_q)CgUATM0Eiq!L?#^X^$~?QG>ynI zL2`0~1g6bqI^G&SsR8LuL?o{|fWKXjuqf6e_|crN)12#t)sdxOq;fA7B#UYgfPRGGK!jhWPsdn9B<`UA z{uUA8fcc2W`9kGfDJ)AFUabqbDh8Q0tb$QQB<^UReFj8Go`A@4RM#T16=uAG$bo_Z z5ILTR3>)m#kvU+bh&(As7L_A_^AY(|#V@nNMzM%U+^qrpEh54J^AV5pP~}`EEK3<) zeUlh5_f>lJ_8~oPe9~gs%sHx%TrElO1laMK;(2Ha_k9S9VrGQMWkGi zEGj?%5Mem#2*1pxu#Cmb&?Ih30Dp^!aKL=T<9w8Io**ns8D9MlMT9|S1p$vDB5^zW z>@y%j@&rVBQ(cRQx6Nrw!2pPiCL#wN@70mfV5ErLBuEyGKmZV7I1u5N`5ES;7(^s) zOaOn2h;YDs#N)ibavmxyOBr6R#^EXknO6yT6cLHr!e^fW5t1h$(v|93M7(WIZ3F`# zatRUHZID+-^1w(DxmJ)Y>W=^*!f+tMFJoZqi9tl-&I;gf5fKiUk9eGWD(Ak!vXtS~ zbnSpWgUmwM4Py|IxMp9O42Y0C0g?7p*COI=b6Rs8F#sZ05RoqOCF`2rV5Ep#D47@a zKmZV7I7H@`c?agC7(^uQIA3HpXB7^Zk9eFrE9dUQvXtS~_iC$QkeSUY7_B1`_oc5) z21H1nfXFw;`iOYjoK`T9h+IoV+R2x!YqG&e5g96(7iA#;h%g+8@XIXDibX`?4)#TM zhzJMFM?B8IvjDJ=!^K>fp)tJr2DJt-$ds}QMiG&?4w)}|I%2>`5jjfbt{1uIF&v2S%RJfqV_Y4PxZb|V4iVvi`H07PwUkj&ov3GD68ExSycy~U$rBKHgX-E=<85Q{dX+-4XJR+j@5in9j_E))U z5P&+eRQ^=)%ap_O7t?AauB$JyLqs@WKH_nHU&^ScQdpKU+-+fDkhz>yFp7x8E%1vs z10p0(K;${9YZ39bIn5RffXGcm<|$Sn2&gzmr5BGl?lsIhPy2+3^K!61*3>a+=G7cWWdtQp`v2M>)?InxYB9vXtTO z;0lAxAXdRBA`Ui`Xg4(D9;U&$bqQ!zGr8-KfL157 z)jA}gQO2yC(|VC;voKGtLjo@8&E$1Rz!k3T34~Q zF3wC$ca@0e8z@nyu}Kn5-%BJCLOme@_I*VL6|BVF86kp|=mlSTA%-?zd(pAT#ces1 zA{$Ip5o!2V6P^rW*J!SOQ1I$(r8{w4l5}hK6zPOePiug2ca=_rEYY(d?z!9|xdea8uBxr0!txqjeeJb-}XDDUHnB&rVCbXpB0HHIKcATqiH4+s=9- zdCO+37w?i;6g}CCcje*8y#+5`mm?@$)Qh)#P3*u21e(oHzD60nc*ipTbT3}HFo-*_ zvFZ1*+13-4DS>S5c*}4|zZQRVygf=e*D<^#>cv|De{sxsOLDWb&pyL=OY(&Awl~$a zeFj8Go`6VKs%sJPym)N{10W(^yxsZ{ku)#fwSr_( zxyT(luwlN5MTC^*tN{MDjtGaK7q6#sE)&jrO+(O&xA41IL`ZI$ePuErLh=Me+EZPN zi08#yb0{$YBI3pCB41KRior$!1k#7$15%IiuD;P*b#EaKXzNC(f1|vmesAL{@ zO~c}~v51VI$Oro(J46`H;o0N-I|~5kRT*xtX$X4pN?8S?h>+ZTAW2)Z{wH|?BJ~IR zhVb`*7w>Xb!6+gmHw*mY&438W6A*ch>RLoR zFWzjy0Embe@AU({I+6`WibzkDJ4@saUDI&Wm$8VD(zN$Qc8Cavpcikclu=QW7~=Gr zhM*U3IICb35t5q+{o>7l2+0!=d4%d(L_9BEsbBy^#EbXrU%fhFz(^74ta8_j+#xUC zwX0(hA*J~yfWMoMkVDXmH(zLq>V$LDi#Lc>Fp3Dt%|Cti84w|P0wQHp*COJ1@d^b4 zAR=D8hY#@T$Wky;M1B_}Xyp8*k)Cm=GF>RLoRFW%*X0T2-{-tGH)b!3hw_i8~h&Wktni&#X;De@Zu{M~#6 z;XtIq<9v&9E@OB})Qh(}t6&rnlAFtX_8AZ%c>*H&RM#TndGUq|20%o-ct!hpb)?vn z`+Y$&&Wm?cLo6Z%6#2OT{uU921CbdX=K|$Cf#D@lFJ3oR!6+gmH^Y4P84w|P0wN=+ zu0_Q2;tdiEfQWeUuKbHvM@D;cFBK%?ym+YI>$A^*2+0!=8BBF8A|JWS3JwtrfQWeU&feFnBY9w?{m6VlGR}+F z^Yd6l`cvex0R9#ch69no9_KTab69mxhGMdTJiGR}+l`>I$( zvM6$X0Dp@J!+}U=k8@w;+@#ibhKIa(ZxZk*A|y9meD)a-A$bBK+fZGLi08%YAQ%7< z@#5{dk5@+w7%3tJf@D#>$Q|nLAp9|0pp zbf?m9~%DGH9N4thiirP<3D*&!kvf?m9} zQbvhhyc<{rqlio(``7*A&438W6A*ce>e^Q0dGV?QgG^q$d${3seR}aKrdwNiE8KqK z#hbJa3B-$c{5m8MFW&a+kU+e6tEaVI2l3)PyABD&i+AHXBoHs&Y3q<+Dm@du*CBy; z@qR36z0%^vTfzjb@!}oA4YST$#pi*nx9X4ICMRCJqkMrgI_1QR*JT|Nh!=0wjiTXT zG`yC*c&Bj#Y>9i|a}4P>j2G`jm8g%EDA|iw%MGZ`*JaEzOJf*mM7HFWw2edR=g=7jFgoAnl^_tQYUIs;C#w-BrM|)#i>~ znlvhu^`W>3Gi4zRtcBDYN8AxOZ2>dGA0T1);t7 zhsFx--upv`I)y5s5dLAm@kK%*AC=|`E$JFnId^SAr5s+Amn_yUDd0z^CAlBt0mxw= z2lISuIrEe|48DZO>30_V-HOy7apu!qq}VD@5^GCl)PSY@Dt^xX%9&rmd@OspkN}iN z;(CKI9z_A&#&DZ=XVSb5tgp_gzcy!n!M`*%JGGs=$lzUt512&30e>6&D zvLIaYtW=W)=+qdhWBlFX()W7h8Jx3ZK3dv4UgFH+e6{m4Y%0v zsaa$DqBOA4fb!!_7~p(5wDxY3U_<6z0il4iaCvp(iInfAws;4~OTS5@+!67Qwqp9nzT|0}1ey3^Tmwg&&*oHc?|A`5J~VfR1QA%U*`|S0*ukLky09BLH_Id{fD@ z>^Mg+)rcp{2b|2k3pGfWRFz(N-d3gYK#B zZS%WJifZtvm3=ExE&9u?)vV!=YK~qAa6b7U?YSQ4Y-Md4{)1f>%F|tZ!SJ>XRW|(I zwzz152dD*5#UaSur&`*RAb_y?7$ zx)ggL<-r`i=;D_(n?O2!+VGMckbvl4ft&+aeuw=|wM8eBfn>p7dFRySm8c*+AV}Up zFJ9TVL}(CmT*-sX&V8fL5y^9^4{d8c{nwApM-;c;Id8g9l>z(&0o|8E(kRDS8c@S@7CHEkUfLxy&Wr2R~4jMI09-=KLVH5#-iyleS~eB@c5BlY4jC zC?vBXkGt;YACej0wzBuvoQSHGm#Q^){)xEOnuGhag)~EoQ&V&%)2 z*LZ}4lePn{&(He;wuyAjj!wxGZJrPCW>g7Yr|o4Y%RPXSh# z!@r6&aIZ?DQb`Fp$jK4qQGf)^;Ye)=?Zz0BmaWXp8b-9~o7!y^Lba(T} zX3U|F*}HkBE42sj49sU{2%jqv19%aDyLoz65Z>gwdBS(6a0w&X?9?rCZ_RU)xInab z^St_m0I=3PgwV8CHrJXvx}!nr63?}Z?&xvWq8_bHyRF5`@d->3WTl54u#(AIb4)PD z(_D`G`#Jh|^X&Eqa_kq)vF^Hnj-Nknb$kJ#R!9GCo_Rnhs^f;ao9BwFa5qoaulbxH z@x+6oeE??@Z}ll2vIgbcWIkIf7eLj^N3DKfit|6Xn} zatB5Q?4rEucTPp7<`!n5o2f>FftuJq?}9*m6aky57@lVzLpxLP@q`DtoIZs#4Lxp82Eo|0`p|iYQUX4>m<1X~sXE3poyEU-~#e`eITt;vGiMaPzL3fWwu*~1Xzz`nZ~iL z&w&-nJc9(X$vuc0MYJ7WADKf4d}1C;BQw=kvuBWa)ELH^+DFhoOkT|T@82pnd39`i zxZ%>4+r#wE>FuGPlxMI#G-Fv4+aC4^6n%1gn8Ga5+rzt}wtd<&)E@q}B)L5-^ucm2 zr$~F4sGNrasXT1>z@Jci*lKBvNFy@CXvL)E;`|c<{xxhsVc9+QWj`G3~+Gi)jZk7f6`|?8Qsr zGE6h?4ig${FFuznIZVXci?_D?+?Zj^-=2%ui#H82+|n`h?8R7n@QPY%VB{PnODd|h z7l$KQII$5dgxCmzZ6iWD`27SgT9q4Csb|TAZ1cfIp82^Psk0h#J4k&rqY5i&fW^I` z|CCXW=`hyr>jft-5j!yFspoNCG+oY77BA|JOw7&7zko%Rvp_DkT}a7gQ07qH z`@1$-jorY^WmjOv+Uy!PN2&ruEepuQZ0_EaLR)#xpgasMW~feU0w!U|s3_NgQF+5w zKwZWki^#lZ0tWe2n~|@0_);IazWhN@H16aJs6G60A+;jZJwQmDXK>k)+$U&+eBNIN0bzspo3yRMExgEEU+kDywv^KDH&(Nnv|cH-CBQ8$i5G zKm#T+IaY(lEg-t~(YbYLKp(J40O)V-w?Oa6&=T6;ZPOSFkSFr9c^OLo3E19$Q``G8 z!Mr?JC2vCSLLbSoEVJsDx>5cdvUW?3zqL3lDSep&k1u2Lv^&4 zD!!^xt9W-zH?)dxF11C>W1(^8HBg2MmIIP$3aZ?EpA@W&RN`<5m)f{Ty;2+O70f-t zz#6*JE4{ouPbR(pS)RxT1c-U=Y)!VqAXUM{mX4nT1_g(N^XFf^%L7|sT;rH9K8 zf~Q!594`GS*3%2paFNjZAo`!*E4VNMOi}V-T+ZV3N4f#Ab!mmYL9^?_G=7D(ok3|| z39e$S>9RHr7YQA11rS_>OB9!)>;NuDP)Oo(8ACJRg81^tjID6>gd}U&*AH9f71Y() z8Xm?xOe~^>6CY}mzsD&2X`8<@|Fp~Bj(^%)Yrq#s?u=JoNq^uhQZvOi4ykhmMEq!v zAD$KBUx9@4n2-wY6_jCDCj(O@Rz#@}5NoY8Beum&1Bdx@ib=l3t`3!$+}*_uCxu#Yf4+V)NKNL8DI81`u8q zdNzPZH;UK*j=GHV3~O~50=D44*7QMW#Okm!Ye16KAtA?uqB;JXQ+1c)%DZij)d;mY z`c{X3bzJuxYdb`A92v~#+mZg|4Z$QR;$v^^V7OvsmaXo(w+pNyXU1g%!qXL42(#dzu(e`^wE2P z5owWru!`W{2EL=7Ymvy9)b5nubWAD;j7i)Dem1_%nqTSqkzL?DP>|AH9MgcfH~uK+FMb!!*^;`H;njaZtps}p znaS`OOTQjwFLAY!RM=-Q$&uWesDpfHqJE9)rc}lgxLjo50>MB{au3{TnR1rk)CYyi9mXb6qQg}pA^cz5%5xBXSOSte0t+g zsMWp-2X9iV-NI-8$6IYzs+-_{JMKR?mWJo|Z{e)hMY_v&X~e&%)HX$Edz?<1cj z1+pg|-@P?@j*adii5C>yt%9=61RBwiw5e_V-&Qp7m4~Ze`voXBA?+ zRn9+4xXO7TxXR&*AyKx=n3%Hd6O?T?%GU32_a@*J&6~0{+y?=C@%DG(t#Ev1;s@-k zx`rF*Cv3b}vZ*DVgP;Z$SMH*-)Y}HA0}w28Cfr{z!2m=t5PZU^hg;~)xG@Mp#?rZj zX~q5<6m3@#?J6f)fo3hGGY~b!&L!LUNbKRH9Fi#IAwem>NUf8UwYOL)rwS9hU33zx z#iRNiy0vn$gq4Ez#VvE?UAJ~?*@en2o7JdA zAgJOh+ANx7C*ra&E}5l&H12brBS=Y5!@;usLvQKS3AeYgY$aFi2gxRIInB;Vxvs5m z5(f4$xOqBR*C*qCh9OAi|KV)2DAJffw#6cgw z)QjAqm+lPgUNMM}(wrr!v>+@Z!XbD^W>4i@C!F<;%+ahoB~=VE3*j}6K}6!3ePuEr zLh=Me+EZPN$Y$9Vku{CP0Em1?M7qeA)RCoNq=;N7na90!_fB~%A~jU!IA3IE*RLqJrGJcwEEEh-N3zhrn~y&yB2q_2gOTn3RPGT7;FewaQ^hY+9^au$TvuOY zhlp?p-jVsflu_u8%r1(^P_niQX?FGFvbJA{~gx z>z{dbBoB-fk)A4de*^##hUeLr?rwtXFQ$%=(zN$Qc8Cav;2oJurHn#%WDeI>)0ZrU zvkFELk+=u_;>~~v$rBKHgz8#Eo?=lDky61xZB6%8CRvET<}+~X$wJKW)f5j5*_xhw zCdn2%UUFWa7UFJD-DGS2Vv~X8wQFMjKmLiDZ&+I}Yk?Vus+Kohw(rmueB8n$M9x!* z`kTPRw2y*md=bJrhC%rV8Bg~Vdd3JtHYXXPFSk+eFa zg)-LMaxK;@lNWQc8?Zvh&V64+Ls{3kZ^!?#0Y&G&FJh?_(=o`rxN()==rYZH`+e&5 zNB-RR7GV%K_x=6$*lcC)n;*zFY3|!sIX6ic7oGdQ2{&*|e?)TA#b=+PKO%WTf3ywN zwf&Jd_w67Upof;Z@1CC!5gD@#7-- zB0_TWG0RSiHv=LhPe5eVM;?;~Z|?gh1Br;teZOD9ue7=EF_L-Q{qXZ)Rf<8RfFkeZ zi|i0#I1rhEKiVGGN*N{2eQ#hDj3P3D>|ghbHv=LhPe9}?s%u+~H}|a)41kEteOG=+ zMAGKIeO2xe)F(XmrBy5j5mK6Me32a@!XY^K{Yc6vaqc^oRWORkP_lp4FWwA@kURmA z8mem%@#emd3I;$#=Dy26@al*^_wA)}_g6%MbKhHTjzxr&CfgU;AtD@tbKlpbj1uR* z=dcP!5$Q|z5BtTN0TGfXAo4iXwTO6g-#Y|@OmpAw*%7bLx$iViT>RY;$#dUpB!06#}dgxns$Y2q09%=kKy%zdx!Cy4Z6 zk{0K_7yOSssxtTe@K8<_|KQyBoO2^*qmJB8e@%1bo{8DNx5ski;pvXteiH3Fa(^faIC6JYotz_gHR8nK=3Iz1W?NMV z0oX~|Qx&SAO+U^*d#CUg|7E`aOi+2qpB>nYtigTaGV>W2fq#8oi93uG zae(eDtsNx(MPS_WnbE(t*#yWyKhtac;aq<&!Kd$bd~WXie;|n2@wtrde=@krar$Pw z5K@aYUuYd-Jdf24mqvDcw&)8zhl!a{&!D8+I!STjc;@G~v6laH!o|uq z51#l@{kpk(J~~U@dd~+BHxW{EKfU!heU(=@u{>+6-e2=MxVZ~KW(c92N0@;G<>nT6 zf_ZPv`>(QH)tax4;ea({MqX-)ZBQ7c<>A=io7&IkzQ`>BWd;?<#N%(hqch8_Z+s&cH0C zeKd0KMlVhT;4iID^OvTI#5y4k(of%FeG}`1J$+DB&uQ%41$G8qhcE2Q(mxuvMAAr5 z!-0C4EYo0pNxq(gw1`IQ?#sYm7k5h$sY|d+G}9VM6nY@;y`tD`Noh_9WSe9F*it!H z3TJhG^^m5f&aX#quoL&NRwOrTv5yv$6vkwjxRcyY+=F~*pZ@+$k4eLJIM#qRSYzrL z$mQ;IBC?Tur5OOukj&!@0JYc0B2rF~`}rcfr3}ME27oroxs2h~0C2X{^8g$rBJ+`G&`&p;L}U>;h zATpDPeEJ#@NizT(sB(`Gu|m$T`=`VrLQ1o>FS0{KI0OvUk|!Xti0WEIKI0yHBJzk}07M=lBFi`~Y8~N1U;B|=Rqp->NOOMOJUJE- zQkssw$PN+V5HtY1DrFQh09?sF7FX(##Yk4cC?XO!$1mOth>$!1k-0Jr&@L9En<7#s z7yyySiAeP;ULENTMvBOmDt8YA01<{mWPX`R@g2IveILNz_N>Ao_(0r3p$R<@m#>I) zC;P#yf>A^y?lzx&21H1nfXH1`*Vd62xGRTsWU62QMCK8Z$6og8NH!QLB5hReECc`% zh653PnM)?c))9$Y8NlBnA{>Gb#LX6(&;xN7YO87Dn=Xg33Pur;xa)oP84w|P0wO7@ zYZ0k%n{o0510b@Hh}^lkT*+|zKwKMbH4HM_unI;Ik+=~)`wWPX zJOPpOsIEn18m&=mHG>5MAhL*vj9cQ>kvX2+uL_cJ55ye^r==L1>!c}37lry$PIcx6 z@VAICobwTn^X1C9jN$fyxT6&j2AOPD!6+gUcf8L&10p0(K;$H-Ab!H2O+bV$^0EFm;N_NkwM!FkYe8dU+h@na?JGdl~M#- zxnqSZ7t^qdhsZi5<|N-d#>CU*TqM02yJ*#}q{RqVLsrm&P|Xi>z;=R5XEYnMR)MEP zcagdqu63VuO7EI3k<-SY%wqyAFG++0FsP?}h0T$>WaD>#`@1uK3pF2;s1{$#<|^G< z4mOak!X%a2?c0iULg-FK7d0`N+v@7JQ*)yWGUA>U#PyahsZFYxNXPv-JOo7PgdV>s zoluK(a(Zpd&IF!EEUGY+u;H6gwFR`DG7I_O9qjtCq<~jZtA`{scw%?ZZrgy7_Ba?! z8Ef)~!aj#9CD8~y+cj>A<5-z)>6yC~#mHdkX{uqT7Pa&|4byYXfL>1-K9n@N49R5a z*{7OgMA}x5Ld~>>t@UtL2|Q^ z&pyK#LGpw#ViT%s#|Y2T^FtLez^Eyfp6%o-&C+xEA}NM)k$c`8`BTL&v*Lp05fKi-tsdQ!bD6NztsX&3&*S;Ah>+ZT=PQ!|5t1h$^3!uZBA%sZ6$6QgSb93i zSDK|~xMUt@>3J0{y_l+5K#>RdBD+;Q!%;{4tsWhe^8|)tW`#f1K}*j}R>9~zg5>5? zmYo)F21H1nfXL_1dQ5yv&sz*6B4X)jdWK(VmYzY9dC>@wJ7nou2p3)qBBV5b_CIrDp=GU=)$Q%(~hy-VBJ4 zJOPmxsjfxDv-CVJ7yuEm^!&Tht0TR^NDr$lxXQ0#VQy@q&u^I%rD*yh>$!1k$+KLi->3GnJE|m5wY~Vu)wP$*`SL`a^1$URio zBH~$kZWIiFh*)|m=6iL-fRQ57LFKMT01#m~5aE}(9R9u-L?rI>0R9#c;SjX+JSsFr zb;2@g={bT`Fp3DtO|j2D10p0(Kx8`AwTO6@o(X~h5D`ny-SfOUvJ{LIk#7abI7`p) zi((O}p~(LU;BOIOIOiiC=R1^hCBtJZJ$+aOqll2)jPu!NK!oH8h+IQ;Eh3(!XOv(7 zM8wiF?P;%$%<<&@M39WL^bEQ%7Ljs_{9*uqHy=Sb5b-TNHz?;ahR0ZXc3>5ZB0_R= zuFpOLA|y{h=ZfDDuAo_*+C6 z&iRPPd8~4t!0;GL&!((`QA9{?PW0JlK!oH8h@47wEh3(!=Lo?7h=`?U^pjp48STkk zB}m3udUhWji^vFyd`|#>iwMJkh;QjRM>!8=c#NgzX96BYgyg2b&prbpBu_vjm+D$X zJWEd>!61{Rr`LLXDM2hfJ9m+V_!tPwrEapN=dtyE4V74W?&m79HI|;eH2=XA6ott@ z>wTl8SbDaQb?rJ^dfwks6zOAuOt$o#^FO|)N-RBxQo28|KT|9{&42o1iN(_M0u#5! z(sQhydhe_SEI4j>OV2JUU1m$qT>837ivG8jo~c_9`1N4v>4%A_?Qt*}tK;dVMp*nNe@Ze8t5j*u4nxw^akT(UPxuj~BsapmXlh3$4mWG`&J z5Lt$w=URp>?uG3E8(3s7EZ@v5Ts?wDtH|>PzjpF=!`2{eR>KppNMbi^JsXHQ8O^`Y zzOJj$`a&w~YK4_zSIgf?w6q)JdiVGV_qpJ;(Ar!jSMvw*wYMNGJUy_3)yx$TD&-cW zO7jHbWQQg!p2P4D`(-~83i+ro|2)o>1K+EVbwzBRYO7M~OO zDK`wgiyMZTWpM=(z0giK7SMhudR&_Bq^Bd9>S8`5cJcR>^Fs z5^kI7r68o@1(jkaNURkM-nlJeJ~uUd4}|G%8te+7Hzv1w}*&ZjA)dy7W|+QL_ab7TF|nFqt{4#9N}N&S6PT77Z!WOe-MSrv8go`r*wkix zKdYB^B3fp70Wk;pdi^#cq?a^FX0mmf4rS0mukvjkC^{ejFR47vvac2r6-V{{&isL>*?iCH7&k5A0_Fn2E4ig^gQ?a&_-0V_xo*wqohro+Z z4TGkk?VWVvu#k`iEM9_8R?F{a{`PtDAqCa;7MRh<%UpC?8Z!x9ASr;=?k%Y*59&p< zeTmvo+bpN;Q=%WVJ(=3RS59rk88Xz$%r%nK@j2$=gU}mJUd(0`@Po&;s=a@+cQq%rs&57F+(4_EcS2Y{ zw5rcsp(MAe0r$9aajohOwplPdm+!buJRb8X3*j}JyxK(vYue8#t z&UVcHK&!e;W)8ttHB9t#t*UUAE4@;`Rn-YZ_J*2Jt2#2R|u#_)Ke69XATJs;+;Hwkl_H;G)&MEEooC4pX9c zDOV}Z^%w-|&Ef;Vk$ru<&EYD`&$l_;e@w*YaB+~~m5yPHHU|zu5t{>N8}a9FZ~XZe zXCqjOlvxcsu;Z0iP;im*r|o=;gGM)l2I_eiDUXBD-XYir1@l~Y{`O+0P$l|0{6k-N zmzD}YD$RZS3qm#M4P(#WZX>+KgiwHN)6d`DVY9}uBD@)(Sy!aqcf)XnIqs&&5!-Ep z`S;ZP?Gf7+Ptcw%^)~hdZRlKJsH4T~^L_v*tH{E7fA)FX%-9)ZdfM~-wEpb#^wy=_ z(@*QqK6miao|HFvwb&8TcTWBCgB>yY_eh_I73)0g`McPz@J^JShZUGYEOEpsq4Ny) z{!)Q?TuAlJqfNMNv?T2<>ZKggH@d^?eAv08wO0vS3F z3kyz-^2)i5a@JXbzP*c6SddNM*DV_yr;NsZbSG68eKL7ikgN5u1jXcNzp~6@((nUk zsSJFBf%sAVHWB&mc7Dl}j$NC|Jy0^YTM6fBKU&ov(PkbDM=^*<+@8M3Zhr&Afe7b4 z%6Sb7z-?KS_Zh3%q<~0YvY*Nc0ewzEO>Eq2lC(95kW~UA%c-t?jd+!t_B|&U0FjS~ z$fvgv5t;V&_T)ZLDdSmVVF!977LQ1o>FS0{KIOq;eMP!APk-ZVLv=5TG zDPVW9$Y&LdA|i3m_{E!{j*vV7kwsM3BJviCf_3B(!9cxmgR=%^!Kzz^I7AM@B+G3| zJ&}hj*VBG$whJ@sC-w;RIk7@=GbpT~*1igRs%!(L;gdU5r6;~v63AZ9J27ywaJc^G zz3{r%a{~1CpR6}#((lMYwMCs{tSR0{Mq_qSfjMq$k2Ua{Og&bP)URNVwH%h+XaVA7 zyI%vqC-+z<-|E%I(U4Z_%)^p2uE**E(^X7u96?1(0vRUtSSKjwp#od9$NCJ`y{IzU zW9{X$&rlo5J)t)4OLc8+^m?rA1OwM&9q~^hlGbD0UdnWFJytu87|}kwKM}b~Qt6;! z5n*_!$Lgn?`!c*F+GG8jfJfUW$;~!C`wWPXJOPm%scw3Y)k!dLJyxGvh)7zGRU}B- z+p|MG*4Hp`#URpyBA*|?-y*_rAi|zWYu}#AxjVy4qCM6Nu|sqf$xXJ;J_8~oPe5cd zs+-jyrOVN!xnVExeR zmx#}DqR?0u=9mJNMASLTst!<}>k5pqSoOTXF^#a{ zNk*;rPhQPI-#L$qhkTqff5^w; zA*K!e%s$A5KepW$Kb!+^D|9aI!k(P`9r+A%=lt$McMcNN7Ui>H&x`=<_a^;$#wvK!2PI9KK*k@ zfDat?>7;fFoCNp1^D%U7n^W{>Qh9P+B+h-fRSx41_m*=5oMoxpTMH-N+AU}5ep0u@ zbtiKYoB4U+%+CVblH6NUFI1k^ZNc)qoF`t$d*1YT-fRYEWyzphQ?I0lUr^I|x2&w) zpHD4K)#P1Jvtv=?-!(;tRPMBrA-BTe916Xt=G@(1NG(g{78g#Ow&|pe@c%3e=KGlO z1PbD9z*v$yt$Ar)8C=>uuoycew|F8Gv>m&P{J$&g(1rEwifZx^TD*P!=KTL8fL@$+ zUE4+lwhSaX4FTl(!SkilIr(kQ~Wbw$Oq)+A# zEJ9HU3QRNHSX$DDjN6$a+sUSgFeRMpHMSy%!1p+TKLC+X--#cdz(gKG5anMY1mdC&H3Tv_p`es3ljjgDS*A`6teA98>=Otv4hd%rBocXt~ zSs%1)TyK!H9lN#se>;=`TJ2V_ZSE@N?eJHe4PfY)bHg2y?drUe z_Ak|A<=$LhFwq>GbNv)e$kJ=P3PFD!2ldQBsvZ~pS&bthek1U02LwzX6kOxrc*27~ z_(g#5i^kpJ2|I(ZAwbwrIB``LUS`|G7Tyk-3h#K-nr`DaFPQknA>$!$!y%F4pv=Wn zq~}B7P_W`D(yi!MgSOaUaYQ}VAyXS{hL^30@mP;6j)Q-_wJzYRHq>m^CSsN?)3? zuIzGTYhEh^e_dndfnHaFJ87n}X2!`d$wBRe)8ROb$(EF+T_9V##uN@gJ7H~+sMA+i z>ZWMRN0iBo(bPtT9P$*O);*G=M!!byEt>-a1dLF}Df^Sar`K zBF{`AB4UT=4L*uUj>;`-=CGacn!d4!kkWj8y`P&!L^uRj-SdPdWGB3gwZ*zMf&mbDjEKycOhm*EkqthI$ZvvV+@k~+92kp8 z7DfIzfWJkA;i%!AJZ1hKdCnknFsmRfGr_Vgsgk$?pM3^INS=U55!JPb zY|Nq{B4Y#twL`4#GBCk%x>PoK=a!?7sX@2mwtc!K8@7?Kt7)Afl(oQ|vkHBLe^GSr zZjv({^$;s~k-+h~y?l&-$$gP(YL}G^=D6HTS%Qn1b;?OY>Yu*owaIPAQ0J-**a@ zTrr){2Ho9un@e@m`@S;4!1aCA6NyM#-?yd8-9r&!pNP(hUuM#Nu>~P< z-%s*$OX~X;3Qc0)HyF<97(}`=>)U+x8Cp8Y6I%LRR5!ivn<^N%zVESXiAY-C*GA>e z0%Oz>_K84*U*?j(#3CYbD+Bl^^?kF2M(@}tiS~Vmu?i;ieb@W!Ga%AJ-3v_m zV34WrdyUr|ttYRM^nK@l+{(W1M9JChIa_ai-{&7C^nHI~r>r2M+}Q=1ZMTZ)`<(5T z3vTneARDmVe)x05cKf{0SljK=Ex{5?wS>JN6D>b~@5k)k5!>yUAj9#Fp=Z0@8vNI$ z*>2e-g-o<=k9Zy?uxqi%#^Aw!OgJIi+*Frlq1|03FQmZUkIyj0b*D|1a?on%B+42{vdtE* zo{(gieQ_J8OT);NZSlhykFJ50)>*qQb1yb818HsUt;ngl;XhCvGFbE16dHBOWKS~T zk1s$AdzIR1ZVx1!$%Lf%Q!u|x0{L}qJGQUSdN;DBvFc~FyOv4qg`pCGWo8zwIVD42 z8YH&%7(;JAyGA|6&{ac_wQjX4z_yXcQFH-oRz3$P@+`)Y-+J<+xHrJM;ld!vi ziK)v`;O}8~I0O~!V39t|9>pjHB}~wSE_nI(G1Q3+#%jDLAhfh+6wXiq5dd{NiGbx0 zaI~{g6|U|K@tSCXsSGXouohi}zAm!I=gA3f-5lBIO>z>B zRod*HkKT(Nw(fM+_4_;H*rn+l7Q++>bd7$?F0m7Z5vX?N8A+pyRNB!onP)hhvZMJY zW!LXLAconLnWnGb&(=))OQO*F{dM^7Vy4cdG=B?Zn>2^*sGK<|g*bFGRqwA_G05D# zXYBk$;#Q3%693ORY{QivlZGiA_PI9uHv{pbx;GK|`3ioe&0$ZF%;UV~&%(_YgGdjm zv#&35;y$16Spe=jH1(PvponxQi)nkrA|i2bNz&FJLh^(;?7LLg&e+D#*h55K5Db9G zeniAvPDIk?u>Dl-EHF-+!#)f@V+ z#xLGKK8JmY>RLqTjuS*G1Op(_mx#PGhKNWVF)#$EMPpBuyI$-Lp$D~Z?-h#(Da~fS z$PN+V5PVR3xs;K;{9GRuv=)szvKY-O7)3V%0(t%-w=8tf1Glkbl+3*KPGtS`!A6)~O-iwia z`Z#>N6nJzT?zDYuMIOP zgz4hO;r(`sMWhEseppiJgvjGMDjzxsz<`|!S21H1n zfXE3{*COJL!v_lnZX6zQArVO%hvx~Badz~bdc-1-Ge%7Sj5h`S5Tn+R3JCmt!rse`{_cJ;0jmK1G5Ulilq|fq8v}c|qd=g4z_zJd@oV zX60^$IQ7>bU{iD^JFiwG+7$P5a(*LRcp4kV&qf$aNAQj3Ukd6Hb1@0F78ChoSMH`)^u&3CHJ*PKmax`O2e z#a`8iV&%68kIiL?L)mP;KbkGGx!F(LcpSKwo1?|HxdgwxS^hph!Zt_hbCeov6khai z!}R8vfrtUT2*5$@rk@EfpF?yOQEOe~*6<-~E5lYb9uAeo#E)m&L$~lK3{$VdE$nww z@?p%qU<>|h&9w+kGoh|Emz@KZwBvDpjP5Y(wU}d3G{+vn9RKWc?BwU@46kd=ZzI<| z$1S5dKK^n*$Eu&Kj%5h7Iy!UhT2m66<1gF~nU@*@bL1d2(;@f=r%dW&gN*{{oa+Lp zz`EQ+EYmIpdu#R*u(}RdNcYIVR1Kfu%&MNb4{Wxp4{6C}`y67~Uoo|rr62zbn=R{b z#AbWhbAS=sl`HE})v>h_7I<8dK^v{R6XXD3kFUV(1wU?%Nl)M$IjVSXA;RJJ*xL(g zX+SAFi;ahqdv|-m2P1?tYQMb`WH6kBq00wmm^XzcdMC&|nzk6SmsjsX&3Grs;a$@h z6q}nIgLS>V;2z2wy1ih!Xn=|68`S5iVbn*a<`dA9>jXMma*MmYARo@fAZU7f!P?=P zNn`Z(f+~rMzZ2xtE@{kY_cr%CW-XuOCoN{1egV?7^Dk;cZM{1|?h*ZOdB{yC!FG(je2bF7%8TvgsnbzG2vh~7Dt?FaJJJ_o3-6X6ZTGd;wP?B5K z-e3jhVKOF>lmzSs~SjoSnWMv%o7X)>#3MK zK^|6|Ii%K`imy2tNL){yXZiX2LjJK)WIZ)B$Z)u0*y4JMgHY^x>MTDZZH1R7Gp+O; zBWKP}TTk&MhVCiBEbi$=>FcQu67BC8$%8uHdTP9shPR$N%&F?Hr!LX*LI7?H$zLnj z)o^|ix1L(v!8_B(Npt#+k&A5BvSZ}ep{xkJ9?V}vy^mZf%wt0$i>S|q*skinS|d`l zW)XD;YGBMFigVe}o`BHw2J^1V0At!@xXFx!5cVuba4$l7+Wq{rZd%)9dbKX?kJVnj zZi3omzBtw8%R572ZThuO+7V?$&$M}(44CRmzY%<3&+89N+`HQRZMen~V|rgfYnJ}e z4eOUm8VPFnkq%?~GFC~cbQ!55^jfzAk*%pY8T@q;&>Ng|%F{(N?IEl~=dCAqip`dk z=EqYgs%C3#Z^9vHv3^!)Lc1ULk(r*JsXlR2u&3=UtW|fiFZ0=Fu)UGo+TMbE*ptno zx>m*yo#(h%FhB?1pNKqu5)qN%DjR$hk#;I~76Q^d$Cqs!iwG&re~0+FSww_G&|>|t z&?I_}`*R8rMWl(=$f-X242Y0C0g)1_YY}$!1k*lb#MWoVs zj?WbgfXLBAJ>7^ubixq$-{P6ynyzF#-U zeHy){Z-DNhImet1*lN8yg5@E>m!6XRWr2j(6|T+`&13Sv^?&fX0d{C+nf)jcCPzyO zxan5Ul?MAg-f?hJC1|t+QEM1$&NMPhv+ieiYAbf6+Ws--0E*Z|q-otq)%AF`Iq8M`k?JDNRK}U`8KrmI#kM(8nn8hVlSZm7lrzT?w7EX`Qym3~i3&32pA%K^~I^Z>0K&foOa>Qni<_w2|sG$vn=t`cm6iL}a8o z#24B5-yx;~xn-Qe>s81AO@LqKsW!2QNZjte$PN+V5cI8nDP@$n$LV@j!Dzo+$E;uRi#G!z zBu_x(O{$wdQavLWxRI*<7$TB3QXQaj*9a7$Jx=###UesV)6EyzAtD@tBh?2|Mxi}U z_QmB&vbcg(Fp7x8Rr9iF@9%1A-;1>fOG9;q&roY&`;B^jx<)%-J$RA1;CK?pb0J3KN{rDPmwd8B&y zUy+gO$xosqm9reU);~Lf9Fy${T`WJ}o^bdNsJJ_D2@Q`7 z{$WVX4l>Mf3_W{7+&L2tAR#xb^UuUv4SGG4W;GZbv>IIZM7q^rUx~&cmBLDzS+e8> zlco5P)zDRM*Ct0gOVSX_uFesO`c_nfhWk9OV4!W=~tUfAYVJMQ+R;+0si&(C` zqLAqP=ngB(GL#oT0lgkaIfhL#>ZWz2F`6zFzA=-2P0#_HGSU6_9e+44?U$I~jOsV0 zjrGjtA zN{-_A3XdXN@&76>Phl9$hZRfAc*^YFe(1Hrd31RQhh-76NrfiJut|M@9xq~(dL!4_ zhFVN}kDu1JN!`-AwCDI~eVf!NUfK z-=A?g{2sfysmIbjQ6+{RyWri!E|w}o6q6Oizx_M-3*gdS`ZeI$m(V% z<=iB5Vm*Z%Ji$@i0hb#sAa z9%qO9&v&tia1~>Y^+k4bd4>a8+S}CXl%t&M7#?GXdx%vqT1QB3R{P3iK!oH8hKk`64?+BCDIA^& ziOBnsv^6VWk|!YYaX%lC{?0P_3IpwJp_>j*vcsK%`zg`EmZR6L!QcP?>ZYnZw7MB{ zR+1g;LpeLL-d8vMG=I0c`RlNx{Lj?dTl*rr{!usteOW6G7DSrRgJHzzjAWtH7xYBOAVPBUj3jLh zA|y}f9~V*G^fB}i!N857%MK(WX=CWFDz}V)VGH5SU&bOrO4HF7*&!kvf@A2bQbvgu z!jY_k(K=E`_H+E={o`ZkT&imk@y5_H!N857)qf=-X=CV?Dz}V);Zu;4R>vYjO7ndH zf7@z=L(oFFP-qgz(7~*NQA8@q{x+X|21H1nP)F{fx)u>{44o<%sD&_j4E`(DNw~H(amV7}{r@lgSwRlZ;yHlADa7FCba$ z82aT*NUwDZgA7Ml^TTV=F*IbmeE0y?$AInf)~1N)(S+`)j)Fm~nX+8Ik*e+j|)K;uzuZUP1 z(sp^(+sJ~3uD+brIosvFn0k%scXpfnBY@Q$(^Ec2w#na5KDU(5QEl=ukwt8K`8>}Z z^B4|})`Zybm^IVs0gWv{C@J1*Ap4PRV2MVJwWiNTyle_?^Cj-=P+V5yUnTBNi5nG) zYllstOn05co!4gUCO*%$qS+g7i9ntSugo*2K8+a9W_ixbL365SvrM%59?rx>?sws0 zZI(a6xEgp%_e9MbO+IvmPDcnUY5$_}F|u_RuGZ9ByEIm|M0@J}%Ps$rLD|j_*}S)O z=Yz!=WEUF4<*=ByOJ%z8lb#9g?)SK zZj{;CQ{Sm=(ViMI$-!1wg044WPra^BtUWb7?FoKb-=2Cz>(XxNr}gcr8+mCrs6BPN zvtduYc;lArsfQw#T^brlli6NBU`yTL_S88vLZsgrv?j$d9J@t&?2=|r%`MhVjq~=A zp0mL2XvE!C<3F_1z6oeR{v$^P<~||SXKm_nYzs;ifH@Y>b{Av+onZ(1c~3CZS^a1* zQ2W&hlGI)!B+sVi*^7vtg||*texcm-lA?VB8QMAQ2+9`BwE8~>WxVI#!=#ya%OICIc8x)g<(s!w@eKqD)Y|KT2!~Hjc0cQ0_5fQTo5s_Ja z9{4CC{Z#J$2*6sH;Xs66=3)5sVi1wI9et7AI!8DJ?`BxJmmtztSn3@~>a5gR(AA&D zB0_RgBS~9>2+0!=d5P*;L>AK2MMNqD10Zq&5qW2KB9dku*i+^1A##VT1GmGS7=s8Y z&1SyH4iVuH-08Yp$|$tc_3z?@RSWxQRza?Ff@N#(KYrXV-VAl5dom(VQC*A3Y?{D` z$lZbg5IL2IEbdK2(yRkptK3x)5zl;)QJ{DGacDz~id!`6W- z;S7vHgp{TsfWJjVI0UT&bA={k9Z0c9Evc#_iz8VDqlie{jXwJfh>$!1k$=c&uAOTk zw<{8ns|5ofaw!oh@8#7If2ZsBf@GY9{cQH*(HF{S1u*Xh@VAIC9Bshg>3WxPu4K5~ z>3X9g!XWb(R>3GD5;wtTp8*k)Cm=GB>e@PjJC_uZ(SiXGDIg*@?dsK$Ibftc>qRLpG^TKV`ky8W%AW}p`uHD6}BgJ5(h%6T*iwY2cv4-IgnO~;g`>}{f z+*1MkEh54pRW!rnJYG3Z5SFD3ucrMS>=|S>kDW?r+{r%s42Y0b0wSkTU5m(|jV&Ta z3I;%=gos?YvsXt(gOMV#NRTWVfdC-FaEQz=v*&xUh)CSM0sJi@!U6LUkMnuTd8n`~ zWq37R3t-P6^D6<5))9$2!e^fW5t1h$ax~Soh#Zn_5&4T?07PaGk)b`kI+6!QipX3+ zvZy}-I3JNeRs1qr*To_tasLS5ZxIm=n2&gzPg2f(g=HzjtFP34ghA#D0v<&~;`;dP zGay3p1Vj#?x)zb$X*^@A=^+>ZkuoB3)J|R<=?zAT$X$YDQ4a(F5r(4>`DHr38;gj< zO$^{~5fKiUk9eF1DCh3NvXtS~`HBdGOdSD_A|i1+`0O(vLh=MecBZ-(k#5`!K}0qe z41mZzL}dRSULDB>BSj=7NET%w0EjRgi15pN|DRYyB<`XB{uUA8fcc2W`OnI^={K@0 zWq9=|c0Ph2vxI<05h1zR)MuXo5t1h$vIW((h;(p!Ab#DE7yywuM5L#DskZ`*6p`_Q zWKlf=fQXSlRs1q5VcLlqeI@R+0R9#c;eh#w$9a3@Tqi6`8D8Dd&PT}p>33ogA-Vb4 zS0)1@Bu_x3c?TbnZ=J{g3kDLAc|@eMe5tnrj1-acB=e#g1OSnx@~4VlW;twBF^EXq z(Z0xT7B3tyAMrSEqMR#*Whuj}Pt`iYAaft9V6=`%oMG8%@n%4T4+V0(nDr(GemfSB3W z(e@)x!pat8ayO%D3*@Ohe8AT-xt6oq~5}#@eCIAD_t%wYStIyl{>ERurzltbuJfT3CqKCQ$8??NC>2?X^YU z4pl4V6K99o@6FhnH-efz94J-WUo#vqjlmzS)0Zgcp$spH+M(LBVn=Hp$;~l7`wTUY zj6L+$iNEF%3W^6ipJSF08g zhJz9Pl8VR~%DFGY?H!>(JJdG>Jc0CLZ4`rwZuGEg~pXShAb7PLdv6YwY^BsaZ$_8AZ% zc>*GPQeBIPXNT%47yuEmLmk?ch@{z}ZWbitc6$B>A6`sAcUA`w~Gi&JOh+`|$)j)CmFnEh074JZOj7QaM*LJjM?7 z2&-VUj*#4}^_9th2+0!=`F=|u5zh`)&p;v~cBqZyOXq!HWcxqKJkAb9&teQBUa!){HIn}kT#3GDBsaJD>@y%j@&rWgqPi9l&ki+JFaRQAhk9%?ua0Dcks{JY<<1hh zLw2Z3UW`SAlxAfBe>Wc?hoBv5w$Kzc>H0BZhdPW^Fp3Dt&GkO}42Y0C0g)8dwTO6j zsC>Zyh=?8P&P}~KV!%idStCfs*`dyOAr_H(io864znhOB9Ehy-IF~BtI)-CDfWMY77@=5HBvADB4URs-o&dTOTkDHSs_Tq*`WqLAB#v0 zMP3xZ-_1u54n&rDoC}q6CBrcv!Jm*FY8zI;C?X^`BYgH55FvR2BIi+Ei->238Y~z9 z5wSy!>*UpuIbfuSyede>*`W@siAAKGBF_!rZxLZQ5UKDuU#^_X7>@Y}{)FsM*{p(5 zL`ZIq_t|Gagyac`oJ4gkBAy-UFu?$bh#l(OjlDWTdy^uvP>?JtKtP%uYS%@vh>+6U z6~NyjA{>HtsNu?af^d%7p?)CXQA9{?4)xh*K!oH8hzy{*77@=5wU=O!$qv=D9^Via zJJgOBue%-Uu6qDboE@s`manZd3SC$Ym9gCK)zE58+YyI-TQ^Y?vi~31q6g@k~Z)56yCCVcP_L_zj)wY zn{^(Ij(^dtv3XZ+hIbba&1l6bjAL4V49@dHxt4NNUd{R~TCg}G+4$d=w8 zI#L}g>~D9Au&vqByFZ!~vZ;q&OYwIpYCvAlx>-i+WWtpM_svE&+;4gI9Q<(GdQY#$ z=G0W~L%cD*dwzEzr~qZHY&Sx7%?&l8rn{YBI1&g|HrbG0Ey!^(yQa+#r@fwONwk`| zyG;LErJ3d|$bBePl#fg%SMmRJMNc|Rf74MvagzR~VJ>IdDtNy1n`Wu&&MA?UdvlLN zVN=_j8x|wJagb8bVL54U{Y`i7!~^s<%{TeG>u)-&a;_hY|2L$N)Uu;Fqp+z>&JAPf zXu~#Q-KaboA_H-gvtY-rzgWI#PZ85;151tUO2HVYpeqQ%Yz~Qo2c|<=5Lih zG^cWJojeimon~c?+pBsR93P7SgT2=N!2fhoL7oXSc!ej6u{RU%h>l84VO4LKpofhs z%s;}U_Xw#6#;E{fkR$yRq@w4&_~C(Ze3-#mj(Q2H9TtK zL25jHcu4IM=Dxq9o=IwlROvHeq{gBS`_*PHVg;!J{zyY=@%$Vv9YSl_OwCLgJ$ zZJ*Cn+fQ=Y-4#ytC{o$xvG>IgJvHTN=_Xl6AVg{kpMz0?X{jlXxo+@naFIg31wXt( zK0M6(1oCFzuz=LAkSoxTrKgs@VJvP@cYV`qh>-%mhd)x-_FOoz!1W6&G5-kkJKt)L zQegIc8UKziC7Kdpa$pl$2Y zzCFsz*FQh7q`8y5n|OnsA2{=7oFCZhy&s#s`)c}NHqpelGKz<+K^1Eqgh8W) zXjpMWKOM+spxu^v#|FlMw|Vgw4h&)*oq#%}3$*T%PS0AF%wu?7iN5S`{lCJQXlRzr zC+59}*MFm&{(BDtL|m=E=fjg7lvqQbk`%*=GrWDk7JyZluP|Ny&r=(mt7$k+hm#uf zgy@ImXd$)z&(G9W%;Q5nZTCHhMF? zy+nmU=1O|{eWC4p4~ryGMxDtaqVwz2i8>GE5JwcA6)mB2F?IgrC+aLE+!x8Ug#W5i z_CWx2W;k@_m$~nWGyx@a2PYtPmQ?DyR&GXMFX}C9O8euF+y22IGbz2&Na(A!tTL1{ zX(KwnN1dp%crB@Ot!N3IZ=}v&Vl{2cxjT}plt-wPoe=8 zC6&HlsocI3*o(4-O(}iO)%FQJ2APudsw1KA+Oo=^GijkSUm$R2#%j!esS|W=yiyAJ z9Z_*&`7=E_{i!M1`P?KW5N$vxWFKX~Ct|Xa)|HIO4BRSXx4>KT*(ScDS6YuY zR7D&NerY}0;zz@fYCqTC2^ia>by9A5!Y$gP-8(mpB?--!Kib;bvd*N9=={s~R%fqA zYhVbSoYJG^$X8mAcCKWoeN(tcTlPqrfPE<7aZbS49uEsa7@8|ailIdkSaXU?2CGtZ3X)(4abtwt=`V_~Hsq58?R zRXe?#w2?Zm>D1Y^XsfD!sK5sS6~>*QIq9=gJQi*^?-=IB(5mUDc>qV0dO&!QcEUDTpE zF-^I*<-a1cFQ&Q1&ykqsH@aSQC7V=hH8`e@X+CE7dG}y0sg1-mYyAu#bQq?MY0}TK z#5BjRl+d|}q~Tyt2#I)Wby>Fh&oDQv$+<*q`33Y$g#sH9H#pG?YwFj>$ZOfnI2_X( z^&sSS!Z2F~t-ENZZnXGQ?FpTsk(Cvu7ix3~hn zz*s8uiC&N4K1V~v=)8&maX$mT581t7r8 zLZ8LD3l9cYwmn;;k7Jh|R3GYDMS{F*ohhdXu8m#$CO+--2Qmnk|?kiS0SGC^5 z=-+`jzlEw1_!72|dThRSJq4jsS(ggdiiTd@Ct0Od?W{|Y95$BgTYf(Djvr!m&51wm zN&2@41{hS=AtE!rBqB1v&{%7?DObxKLjn+CIz;9#bs2(G7DVLTH(z_D8AODGe+S~T zLKFBB)_>OI5X4I(HL0H2$_)iKdF6Wu5_oE7i+tz#~Tj8;92N7~l zfymXYu0h1T^JT1H07Nz`_Gy@`bbz!@6MN!$ED;t7!kC{(5Vc_&f*W%S4wuqC`5eB@ryFFRA7jyg*-Sr zLe6l($d7x;lRTvn@00q7##-lyMo2w)yWVooj(T&bls^n$@g)D))Kuj^{6BE#%Rodr z)IpR8&daDWlM4Q}p@j8qrvLi5=g!IA3IyR5~MQk~!{Hq}VArRL1B1bwa_{><`^ zRL^kyjrKW`tJTZh?$S=5BYBEG*S5@M;@$bOf{C2|$w-wazd|F`8B(}yul$>LS`p!h zqz?5&cJ?na9qpNiKia;nr8&21E5vkXmkpEDy;$V7AR_M++fJ)rJBW}x1tMR5;WAn7 zj#Q0IBqB0W{rWk7g+{7lrEuFwHTw=LA~I6#?TPFl5*ev}k~RvQ*{~sFk7hKgp$bNI zq>*SX_L{dHL`a?jk@s2M@JKaJFmOhym7fuj&`32%%Pr$f@I=SQZnq*rO0}&gvV(|l z@Q+l>q>WOZ=y(NHFp5YW+0XTww;e=Co&u4VS>5nR^^9Q9-bl3?#uH|=79&FEj8qRE zDkH^M2+NTo^+;7AC3pHrwWBV7m?=N?NEOrN3!(m`41?uxW^<0D(I2dF-LYE7`y>*I zX{j>@Z1;F$8L4iSaU}gn_3ROmk!sdu(UHoDMaZ2m7f7r7ViA@*U(OI3v%l&ba>S6C zVt>`vhM#wC;t@5GSj2{YhMPMK)5an=fLLM?RV$0I@YRAvH~`9jyz~Tti2em`AYuVs zn&tYFbhE!|!eL$@LciWu0ugfOOD#PC-<>a8=om$d6G!Nd`nWNQ{-3hbxLdD&y1~@d z+j`YUD9moA-7gjJ>XF5IZsLQ;Z_Z7;3sQu)UhUv7diqi+8g3glSxrmOfzj2kVGSfz z$0u<83!(*6Rl&fYgBQ|FRn@}72zS#ZBHUC6*MRIz2rs0%`DHLQJi67Y-8)tGr{lzx z=+%617Vp1F~DG)`@0E~kMl?j{ynDhukX8`UyiPZDel}p%u^VQAAxn}_ChI4ip;!R zt#AUH1N5CL+frs{CFQM)!)E|;J$y{6EpJa$820B06LTKpXzT}YHc|}CGI#Mj57PPZ zS~PkaPn~qEP&cTR*~&8t*+kY{GNaH5oyQd#Q7JSG-<-#SottmA6rlm#+%eWzRlsdV ztm;kJ!APuX?#I?xRX8tgsLAWasuCT`dxDqOi&YJA^Zubb4;DX(od-|VrQ3N>iMKQ= zXpvTRy8eM)|A(Di=*8z+(ZZ3v2Rn{4vz}VttcR{<6+-|wzYon9$0}Z7=KmkEFPKBz zN-K(R1`%{kortwTnf!|*P<@yFqu(`17D-xONg3QpYC`k;r{+0EOjU7W)-FP%_Xq58 zvvH<^j7h65_87P0Op)9;Q+_@SmR-&&Cbe`Q(XVCVXsI_)xS1$Se9u8a90o1)(hmfP zVIp*3AHk6|RxC)V=1MMInwgXdhom?knsY*PE)vdq1@0gj*=90H{pBVrBJ%DGk9|9c zkURw#GhGy%kep(j`kChtDQae?I1$(6o~X= zb;FipbHTu|9E09*5%Da?Btg<Z z*tdfS$x|S*6{{Pz9K8gC_AJM>vh_V)3umDoogLxX-+n!-SdL%z&CqhZiVRlEG54~F znSoanfdE0`-SJPxHjId7#e#aO5t>7_YyofQ`tUP zvUjFW2X!miauoKXk91D@FGZI5aeQim?}iT4tzxE6JL;AGsj9)@dIKJ?1zzv>KERi; z2Q#wV=_GZ^otoqndgCmUVJ%+<+3es>)MkQ^(>7JZ2W%Fgga>si-B0?2j!jKgJ6}zz z;zXj-#1d3Roy0{h86ssrGS00Dcef!LBmpjbMDop5lCvUFX&Mwc`Sh2I^x60q_;MZ~ zyiV0APzk;M!ZF%8x}5bq2=8I+bh7sS)fmonZ%Mny!8h^XoQS7bMdppyy=k2{`X?>S zyR(P;YSl+KMa?ADRjT^do|Im5ky7ibhUixsldE?=Di?(Z$dE?Id$N$W{QK7vf z^Twb18t*TEhtO)7bLRaEZ-~{Xn1#*RaDnlGL{+&NZT*VF7mo|6D9&%CBjTH`e^)axE&pm};~aFS%Toi#Qe!69)S0;TCQ?+^49Xj}(+OJ)k8Id{{Xhl`Ty zv&J@-n&@-wC!_m_>kwp5a`n;cth&^v9oK>6#&z)X;r!y$g)Woj4{1|UuU=;&-p*Q& zh5%_4i50k=eXN^6Jh>r!40*bt|C$h8d!F1!NYR+G?0i5k7`pkQ?5;TA; zuBoyjBJUPT){Y=T@)U@?$?BT#t$EQlfl$v22HKgL^m3|cSa!B(RV{i@J+$k0IaAaE z^~7$}|G1hj>(Lt`$@(Sr!ac=P(rv3v;yb6qN{*k)Uge)-S$o;7JGR%$P7*D_iGFS` z+Y*uMsA8g*75Nk@buX)ZnK~t_i(W5VCCJ-)+260U>J)pETH?O%1wMf~^lA7}XjR@y{&gT_OQu&CveoeDYre7*WkD2zY9`V^^9J^d8hq+^`$mW{m=P^<8y;~P^n zE_jKlN?o)}I;!PE_2j$8G{Dt7;El-4;!M9JW3?n5nOPiIJ1ctP&az@`g8nuK`lHg9cF{@;Law# z8s%ja1Ipsg^cQ!UQ=I;qR$nG|D!J<2#dPU?Ne{@7R&Jkg}E)4SN z#X5LkBPv9=(RhPpAS7TE*?5HZ=&Rfbqw|D1s<(x)=O4z zKAiUkFR$m#S9UD#v0h%!n?J^X4zdTQp6Rz%fGq_#?e}XP&%( zy*>Q>>F$3qUPgV`mzRAI`V-V|Uz7ol1N$s&`hyZ{SNd^;jK!%OF8$~({YSrBEO{hp z`2}*~jd3AvrEB4O_Z9SI`@8`D+VAju*>YW|c%s2`bC+LaEmlU^Q+>r6ze70q&&}Od zbLKb*ze7gZjdZP;q-J1AT1MGmt>j(IW8d*n*3XA-Yfn};si8TJYXnSesV4^TJ0=j3 zjpdj49ep5^_QB7dBh8R6atC&;FDbPmLP|AMa_Q0xBErGHYkfV1HA2E@L)DV##@=JWvZ1B;DoFIkU_5!|y zc#lOjV-$IRPh`gvV>(>AJePAD8z33jwO*tVY2{w7NmN1lrv93kUF#o6Rsp;nM93-y zBA?9i5b5vSsj-lWL}U^X`F19MiH>-?)(_Qk%TB)F{Y_6J+GIh5lxinWWCs!9;NP|W zrL<9CFW_Mskw&t(iYgdIMBcsPHE%nJkURw96cKq>=QVFT zh>$!5A~RWCgUGsEF(4vS1Op&4g^0ZVA6G}FfRXMs+iJOMk$^=grWfJ91pHAq*bTb8 z>*$!5BG)Lt26pmkQ=GstiR zGrYBV$3>#GQ}-}~_r1z4UkG}2oJ$11SGkjycRKrN@iB_K6=*WBtN^C9_=~u&>~Z5B zhnn`jSD|fDTZ_QXZnsK%?sl;H$ZKs# zNbq$?Iv@G%k425g)nfX(AHxk@wbe$G{jmLf;uW!e8p1 zGp&foyG=Zi9YlnK-$#C5+9;)uJdP?DwdAd|@^xPGwqwajo&u4Xtgb=C^^vCt20%o7 z)8G z;5BbMh>$!5B9E}T1`*dso+KCm5%H0qf6~>F1z=?SA1!x15`YNPp(FgI$`Nt0AR_O+ z^Wksoh;Z=x$kT-;rH_0hRWOQ39gDujW8V%UBu|0JZLF?A#PyM{5)6Qd_{a}Wb#-J4 z7#aUZkhI+`akkx{*HYw9eE1tgm=3cs)#ZG@<~*6{=57hUk9+`CFp3DtRi($i9Yjc; z0+DN3U4w}0BaagdfQb0Wlb>*PB;m^ar66g$TjGQ>tU6Lbk>Bv)ZxCTR5UFuF->f;8 zG2PrP;rEgIQU#-kkX()R*tdfS$x|Rw%IX?KTpxL)U;sqKN51B9S4YOUa=$M~+I-|g z|6xUBBt@R-!`~pnbRgpS$m2EV;Y_#q$i1n8QA9|tPVv~cg9yn}AaXjZYY=gLv1{uUh{y4AWC5Vswcm^57M=ocEj`+xBvhlAozmyXn z`MWF75tKf@}AVcK;xhIcbqN4vdOXdO)ly39J-x9f-3(fVQ%fm*dx$Vtk% zz7@7SdE;&CI|tQqSJ>`&RM4xJqjT!jX--wW6}B6N!mO}OK3K4;2jJEfwmji2D{MES zzTp+N8%)u%!j`X#Hrx7~v!HPdxSW-fd>50_sp{HiBMWUYzd&nhfjY9##vnToYJ%+k zg*J13OuFx%jzFck^mX14JUAue8j&L^i z-3eCn_4iTBx$hBmG)r+uk{z-XbVJj*-6Yn0jOOc4%xXSR7vfLs-rPr*=uhm?ya5xB z=vKOx$Frx@WqmCPWC(v7*LpZ>X}*nna1fW<0$*LF{Z_1snTb^)L36O$|L-1Fqq~`J z#cDumuxLKa10oJuPuOn4>B^(;oy&h{P=)Whmi_+VzO4azt|3a#>n+2 zTRkz7tG6X~3eRaIRng-*i_Zvf|%FBoqfZNXwlsatGodkDOpd zgp_J)Ph@9~D;)fBkk8rb!8pjtGRo<-!pl#xBGQ}e=SbF$AVTsKh|Fho4I&e>p)8Ew zJ|!3ck^V%a@m?Ylii7N`<&J@IC=PPla4RCDRJoqW4kE(A9|u_^Z4`)um>FFwJ@T`t zf>Cc>-c9wIw;gYt#X&aLayNl4xtK0 z5s`P-dFAH036i!r$U(AHO(VT}f-NZpmWQa*Bk17~NMBW|ev2O#UZv{nFtQXuQ+|8Dx<4 z&QfOZ;vj4E5cDi-g>P>_^g1&Raxj`tt@_oiVY`cqh0HKlGT>eyz1Lrw6z9)6`l`9HEoseSa)+faJg zN8jd7iWK$HKRV3bUC}?(8j`1DKKgJL8urm26C7;2<~KdcT5JJ}y}?7z@xPc3>FJB> zQTtfUnO-!kM8rp5ft6m1l_0t5=do|cN{~E-mDrorHCDp)(eniZ*iG@#51C9vLO%K( zw@WkRi`)Spea$1Sh>%j1OD^3I#%>A+zmGmhbEX#!MEc>+EWeN5NWi0ZljLeEk9|9c zkURw<+p@X_5!XjwS1dHADs zWOvQERgWZ0pXK+_=MnHIA|zL9d+ggmgybm@S&!8JOv_c zw|a=UKKcqK5)tvy^W>N4i07l9A%)vcp?wqaC<`L>6!}n3WXFy$9f&mGk49uI&AE>0 z<`i1LkA5#zFsdUYSBhl{XO)(Gkx_AEf23V123s`}rO#vg!ya)wZ6<4kE(A@1rl1HVW+L^ZV#m zPz9ril#%^huX)=+gybm@d70HUh`2ubGlBsS5g+}%8(kgoeDvM5+#@w2Ooy|!aT* z7_{f3pT~e&XZq;3e((C1_3a(dBR={+GRPo4`konN5Fb4&gAC%MzxiDUee{0We~6EM zG|SiXoR0bE`I6yx`REtk;OdaoNAK1OnY50f+YE;;s+>MiAKh6St;d`|&8#6$-`eP2 z(Y4Vhg~qIn*6pYlUs9aed9L9%3o|chEp|2j^MJ_O=tw`q(GJ73YoiQjTh>O$ubj+s zZ1;y;wsJMTQ^Q)<{5WZ1%O8YD?)@Q)R{i3BW~g5$Vz-XR!P0oYfjHTZE<4#N$Be#xBk%DmLSDIT#UcZjQ7#ym%XGKt>I;N(-b)->D zbKuqyHjMWLdezF5UpnqCfMHGXD?T`Dip#L-?i`?UvRQw{+M=w#jxg)5rcE4u zN^qz@YI2PHEObtnc?@}+Lr}LjaI4)6jk8cqb?(+|7O43ni>$=Nr~#mrI(_1lUW*48 z>7hRUFF8mrAgR$3&E?xdq)@!4@i6MZwH)!*^<}??*-3K`iQO|=cbN4z#2ja1)4jRq z`N)%?>qPm@o!z=M4?)gabuE^ki`dJ&z{`1C;Yuk||65aojb3iY*7FfH@+OHlXcHvh z#<>C8uubkXhnza!0QZIoY(bN^gjPZM(X_0B?wicfY_Vm11pbw`sJFi1a3MdG`ebVX zphZ28)XPxkg_Od}W*u zP+Hv_3~2E#d#sWVdX5`f4olWQ$M&6d@|uU^{@2sft+D@dns1H$L;d5AUSoH@lOB~U z{UK4jDt8+GO)vd{6;Mr|uBJ_Ct&8<>m)V0~SKD$u+-|NgPbqBc&sIAP0-K}JgQ9ArbE;aa9WP*R+c5?}aKAwXAJ;)X^ z0WJq|v{y3tsEvmH&4esk-uKp0_U_+Vm@}lM43eN5@Ib$)3xUB!MW3i z!Eo_KK_7GR5}$K$fG_3;gOUr9-xMWR4^A!?+^_j>#JW{WX{LAGv?*~C>qaGYcTi>* zCH06}jZw8~ULHr%U+4(PNSbZ*Sw_+7cq_`^$yj`jt2(7`BxUDFN*{Ne$S1Gl&=&M& zj!&bK#os65U!&)K?T&0~d?-D)wQi)p=N7kC$G;zyEL53*o-1zI!$V_bN&?^;SuY4!{Ag5LY$R5viAHaEj?5-ai5KY- z-zb+7F`}|W?XguCQPo>a!L)Fy>Xu2Nek+{gv%*{WtgvH*7bskL8Wd-NTEj2SI$E3s zW(=UKSroRg(+k!PTF>f&JV*OIo4a9{rgxMEorbf~LB|g|Zcy={zwtZeMq0>Zd4sr8 zZ@`a&FEzCH;OgT1!PO)BRF5bcTz$r{!PVyuA6#8Ja&UF|7;3`i3v(y$jd)YS(D1oB&` zEe0Q7O%!fKDm=cBDBRdQ)+Y)#DXJJ1 zxzk!87=Ng1n-SCHwYNdRZaizMK)ws`7rGF66WN%WkZuXnfufbwUqGwG>nTUzhuc$zY58bR?LCEW)W)Z$w%0rOgzZ{;ebt46 z^)N{6m?}Q2zJ0AaAn(RV9u0LGdwuaPY3+56aN*H3U2dq-Z~)gS&jbGs&De{ zbjhPZNMo<}gUVV4tq$Ak`oH_M@Fo0kweXb-MCg7H)UJhmqiRN`w%4`7L8{OR_Ilb? z5qo`Xc1nBgn^z%*74T4bWd|l&xmW!HJ3l|J@IUM#QsI}VlcATubAK%VUT+*Pyl{LN zIA2&SMuMhxhQ20@+)c5Pa(z^8{NrSNAqLYXbr;%~cT2_>UU&%dGz`CeTRNenZR7)BH03XWHQw2H{bI+ko9kFNZn_Djwm zRb~0HlG6F{l|C5q)#f`H7*<}<->}GcNB)%_1W1(8f4+M9e5lLB_)0i3&zbVU*eTy+ zcFH%|boqVI6pu<%_+{v$PF*VK?H^xx1-@#f+y#AXG9XcVAoW0}K32k5MLqq1s(O?c z13>ixAVs^^h}I`oazK!$Bbw$WQRO;JpYac2)BP%`d*;*a4|{U@iq!3p8VV`2s7KBN z4&Ds%x9Z{BJ9eTTZuH5YRS$38AyYlv`P|Od!zCa8uhGM&uJq|)ad)GKcOo^kl-HuR zJ*QLjaLD$ZsD~3j`m^fcTH9r+hyOmSv-R+(5C7NbVc&9}9=;YcdblA{jUGCo&K7kC zA`w1&sN=J;X0b^yT834Oje;p0cOxnJkrcCvK}%c4NUC1dS&QW&z)35Q7^V(ZPAftz zioeH7STT268F$MBR&^Lp9IlB9Ho@~S^Sm*hi_G%|crGx{>*IL1|cpt1AMWhc}5k=SGWzQIXL@Ub6)j{^{VEI{xPfynY<)$!rU z_%qeiC#s{L$+8ScJyBpd^B6_xS>o2uKc{hsfkhgA*wNlksN~@ma_e82|rP>sYJZq`JD*V3hK-&BK~hKzFbvb?kR-(KV^F5DG9hE?wSDyu99; z)NUQi`~J6XxsIW3Ro^0>5VWnZ$a_ap_KBqI5lQJEN!c@!vR5Q!U!B4gkp$FVO!)vj zr~*jlGv(`Q6IsO5eQ3&!X}6p5k;b0(gTgpweP28eGwC$tj#;NEcg*^pcowq`5ca^c zSam%2$Fmr9Jnw^NZPNi1o*kRM7oN3E*S6lV>A9|HNq*xjPbrn}td_xqiy2pH^l3hu ze%?>UrjMUXSe%t9qZ?f5#U8Z8(C=X?zt45Hp`9?(EUnfD%oP`IS0xJ9GT5i*u~8;G zV7^-G0);`p$Ad#?g4C)eAjl9b-<@NOY$d2Xh<>mGCdwn-AJq6iMqxYwMf)IwM zUV42M9)oxWTv(NncVTp&+6$7;jJykebVpup|7>@kTHSw40~PG-jweA>Ov|EKz1@YC z?dB3JeLNw2tNIDqBJGd`@q;B=^Un10dhIap)DGnx@8$K{VS<}C)D9=$h1U-4?-Lv( z^alT;AFTN2i|tJoD?xMUGWZh9P)%%3H~Tg3%!Z{A-L-+5~ZI)r#=OSo>tG}p)k~ef?Zte!r#!T&-JECK7OV*Rkp$#{sLRLoE>9ke|F}j z4*MOYy85U!WGFulFtfM87;3QzkLox~553d5InV5jWBT+mXNcuKym<13K}o0uJa@FN zQad^t3Y|6s>>9$}n2vS6bxj8qD013e07F>QukmF?L|dLY(W))syia?1J#8uLSl)}h zyq>lk;N^AZdD9C_OA=GPw@B~P9g-Z{P+go?U5>pa@qAdsub@UBCE_1qyWi{BM)DfA zk#M$!;B|2mETrDCd#P+rU=Tf^OK6Qa_TP$KfC9Zv1wuYFM*Jf@?;^qMQt{QWyF=z- z&8M;z(X92-!Jl0T+>`T*+UBe4Pe5}sYMazkDWR(_>o@CRlvxL_C#I%$)b$Z>OYj*2?)9`ld{-3WRbw7)T965DA0@#G=KEQLI zyRiV%mx`)~8BdlLon2?_E@%u`_W5Gj!#k_AxkvwlORM`BvOME39^p43n0a&04qfhKlaY_W%1 z__5nX&wf&z$(Fi;U47fQWU~j3_Bb3XjRRcS+uU6iCANx?bHUCg8lh=|m z^T4Q$-PI$$cKV*m*JJ}<9M=m=k_Bj|=1mav@(AwI1n9@Q54p1p;;3gceUM9S@Helw z>)oOe-%2TNxe9%C^WCw&zPfsa+gGFIh(WYynwr}e%h_9LQ)51!yYdOaN}--g-6veJ zaCRnAL!G%rjiUfn^6{Lz4_@k(vb?`V%ggnbx0h4iPmjChIbFU*Wo2C6XFEmecQ-gg z7j*sRE+=ZJU(zejF$^v0renPN)wne*qn#F4s|laZH5w;xXkK+G2I%sy67eO8;>C%f z??7SRMxTG%?eiBuW_m}xzt79?I#q9T>BRyOm^E7t@I~g2b5H?(u3U@Wi+@P^AT_EZeRF#IqRAIy~wh4t+D@djuY_9Qm!4_M`-V3zzCjUNc`YT?e2a^sUxr1 zp(S@V7@z>D2>vqH#5gL^jFyrwpOz%JQ&AolCknSVkMAT3x8Wl`ze*NvC;bl@qc+bt7YRpyMov>d-#|9*V9J^f1_71qCt>m&Mixex(qtNxt~g_Yeczfu2| z{?(^{%kab1zm-Rda4Ge#?!buty(w8B>hIFO3w6Oh{k!(Vi2jXoin8k8i68$C{rhex zEB-&Fe^)-_)4%&Zi|U_=LD0nx*|Dm!JZub^hCUPAoRX&wff~skot0NyXu6NF1K6MA z+nhpcfKGIEeaWB>knsx(*~Y{DBTY0U?*5S`XaC4@?okw8l+NAVVoJ|8o!6Aho~$<- zJs+t=Z*?nL-Bg0760~r!)3qJGN*GIkN?>}`E?IKE>N^AttT*D^WJJYAAZNFWDZ>#} za}UICTGT5KN~1N3vHNWtu^m|)$hx>djdc?=3 zMe~pvnvu4sO<7p5j}DONfXo*@Jrr+EbN~T1coht^6~WPA6CFr=#41Fh1Njok^~djvm%&~90j8-{mD~#qB+9v) zJMC@j`NLoO#h5DG;K;fWy|ldgSb05c<>j+-@s=3{QurK1AM)DPxda)i4jhO7W4Tv< zF3uz1(?i+f$S9DfF0T7u(oLN40b>^(YG-`FPYj`<@!{cne7g6>2S)d9L26`txGNsf zJ$Kb1h}=P25xD{QzhlT9IQ>tE+}K(la<{&3kUJ5n5j%YP;Ep2Kb4w!k>lPhFuKTn< zA#(fN?L+RQ_Y89RNR8OLoemBlCl&;sqI0$wio)m_;U|TD3#iwB5hsP}OMDbv0kMm^ zpCk6`1<7aZ*MfIl`xS_o45y`K+)mHzP4rG5kb$}HhcIS3%>LkAV$9$Nd&Z2@I)vGA z_yx?cJmT<+O~oQ(@~NfYR!cwCna@sD>pg8|SyM0##6KLGw6PX-%JL=JBuxdox*}(m z|HCt)5IBTwe*A3^V3z;({_)1#i7#quIK#9FaIO)8XaPfd$8d?|`ls>*>he8gmW4S5 zevHSDMEoT!+%=f;Gu(ihzJ!|23(oRu)iM1r%i07Kj;OWjY{@cWO7reg&s0i#x_yA``YA7{BYak+k?`#$*kQXZL&nN{GK+s_zqv2+_^Z~Ccb%~U;on% zo_~GnPiV-_yWM!gPFqg);Z(TD;It-EBLidJ0YRLckrC_bp?%g!*)%*> z=3_8W&+aeAL&@0aoaHsGNX8`W7QrwTZyDknJI$FmKMj$iA(Xmgbz~U5R9Ko}bo^Va zfJ_5q7r289DfBV4s)~%vSbQ!Q#(14cE1E&+& z=|~$i-I7Tgj2akjgTFl-X@e7lC{-H_eDwFV!R$W1HkgYaZX3KjK!i)#2Dk1QX@kcl z%kLQ|k0gGM^K#)Ekv8z`e?ZC8j*}Zhum61Z|7HO~kCSJ;ZtU9bNR5n>1NKEj`PN{4 z^YgGVNQ=`~5B&*o+VUnJPKB=-oYq8YWSq>~r*m+cH|0-=)2bRDPMa+>IDL%N$T+F? z3gYCBlhd7Xk{Z^VGdq29(cR48#?Z_T;^}%c^v@)nBbt=LvPgIVew;8dOFZR z@3~%HC+OU&F6vm`J-ocmx_YbH&&}(#N*;ZcUU=cPO8fhXzv)kU(*Uh62OGe@E6|3d znrQGZ=;!(#?c@Jc%3Ptk94N9u9~hHx{4Qs2`lRRv$L;-f*(FU~qvB^zwS`JE>!NkM{C49x@5usexWzI z^yvK5x}^J;C$r#x7{rR;&sd2C|N2ngb-cVD{u_5J@0-S4|M8j3gA zd-yFzOeBbbHSdjHUJt+9y}Zs|Kle1bkd_?}QcugAal|`l56Xc^WOVP=zLL*q+h1P_ zYMb6`YBOlq8{zHzzrgw+W3Pl zU|D`TC{qNG6Y)hH&wSgsu;bAr$yP2W#@qZfbIJc0R=-~D!)n_XB3OwRi-rv8iPm?_}#c?$nN{T z-O=alV=VswpYFVmPj}vfZF>*Sm|jmje!OGb_VkSdr7*?%y8!j5_zBKv(1$iaj}gv6 z`#64IzUZlre;^<9&{Uf*d9YEAoAch+>w~^gJ5V`frJW+&}*I6_SRZ!*5_^2h^UUW7GJf>a=BYPmF`Sg)r`|n_ z^}*)HePv@S2DaoMvn_>0`TSbJ5vxTls_>c0*8jMs^7psJt5>$u7Ws48`kmYsy|xRt z#oenTZSjkPMas6grs0oli+NjH+u~3n<_z)Y%!syyZ?y31w~Sl;VkLt`6ROJaI8ZA^ zfzgrdfQ~e8u6wK=!bCgv(h{lW4cxA>HIhOfHau{J2&fJFtIx6dFxb@~H8R-UwhgMN z2RkQ{{>MpwQNG~mm;Q7lg``*IKIzwSq<;&kAye6+-X|RYQ_|P{B_jR(ND4{c*Dw81 zbq4zlJ?R}|-J-UPN-q|*;=l*S?}nX5SKSK}Hm~Px{4rY&n^+_O(q-lDk74*aPWHo@ z4^YR#PHOwf^vHfV95j;+hB2*UP&s!uoNqH+lX}G2OwtJF3IFh=MTu@V{%BN}O=q1T z1IGL1lfX}lHb9HkAR_%1(f9#ETG1L*URbmS^{#FdEn3qw5v@UY8yT;7Sh{N?vn@AQ z6wo+Q5m*2#(8ThmWdSS-Tb7m2VfX&9|AN=wa ziP$QmKV{{Z`j(vZBiZ(uLH(G8e=+s>(_~PZZ#e2#s_jYht>*&h2L8dS>_@4R@?(KI z^;zW7pHMp1-*R!4hu}!;_ zY#uQfKa~kXZLGHc|D@#CH>_+F3pVcF7(Rt<{y`5T;464 zMe4Vyzr4RX<#qSU^9JM3E zNOP*)qK>~vG!zLK3ob{Ou+K^D<(<<`d2=wphss;VEY4cT+LrQc7+*?9A%d}dp6?q0 zyxwA|zFNFVM0-!tvgqDfG1c_WI8r0M^TSgCNR2o@AN9_( zydO4>)bBEXd9_cN`kmpG=k?C>eC0*swoot$w9jCdQx{z*TGm=u;b~cLKFk?-Fi&CX zJm?AjmUQC97##v7KtZwo2R5O$!TKMN4wi4td#;z)v4U9t>sa1Byu1!(SpW0q&6ggH z?*+^mIp&-cbkENnB-DZ93~;f%eccm>qv&H$)}}$2SFkPzMj8jj5T|1=+`B8&mhk=s zzr6&{4_eoti4=VO`y<7HGx1}h5HA9@3P(zYZl?+Eb?!rdNJn{BZ6x*`c1FC~9Qiw4 z->PF%HU=> zKmIavV^G2NnZ&Sb|AadZs>X_)(SGxkM@+vz7pbAX)1ofgQ0&a_#;MOWe?pv2I^Ty= z#lw#MM{2|#AGty2;1s+1Pl(f==lO6N{*b|GOQaf{9Glppc39uT$sI@hw$Zz?6IV^~ zC?Gje3fBjHmMH!d^P{DRCw_t(rJ7(lc@&Ud;O%~{v1=9no-1bQ6PX_QjVRX+KSSUU z)<7seO%%d4l*grsLR|agT37d$te|!MZ8DyE&L1sfp7t6!F8X1>xOgMV4)yI;b$gzD zTnyzc_VRk;;wc@=yQ!Dg(ScUAjhELMQzGL8Mh@R71M`g$#`#Ld@r{wPo;MPa2BVAF zFHC!`XAk*wN&cBDqYFGa*`>m(y)geR(ldhT92X=!+nawSc7pjso-==_D9efE-dfL( z9-Om=rWLGZ3!o_VdUWEjr<83b4*NYIgOYpJklP2O?WpeIdz<^5Wz;6NkLwf!y%}4s zZ_jKm7uCGZ$5Z^LGf`MXPsXil)st}EUA?@Xp6t`Hyx&0FkgaG{tJiVLb>}tuT+Em8 z!kG(3_8eK(GoBQB(*kw(xh>$X@FsV zlrjsBknd;rL}9M)XAfg-plZ0WqoAkH;^5~RiNf{W)=eu@URTJ({>uB*(bq;*m95=Y ziZg*$GI-bgcT`c*>GO@^)nex7w1RaLh5nzpiNfx_w|R-e9=@OJB?^1`ey*P=T*I8Q zfD;s4WPFy+-y*Pd4~}*<$yaI-X1ZA1F%N<^5GQimmo_Jetclvr>KTcf986rCy%S@k zd|c7Dq#qEMJ;c}*W2xokf9DedNxvC_vA z8q%uXLAH>Fw5pGQf3QSr-rKyqPHVTSdpnkQgqPQ8xmGpG&FflD?UV0~7hapS|4qY| zLT}n?yW65|<@d==%+xuj+;?Mq&Ir>Iv4K8g;!fc6hzeXAoL7zkUB@PUzJ6-HPo4Z5 z_wqZE$I}jyg=h6PL4&}Yg%j>n_y>4Ew4aFaBtWu9eJKyB78A&k^MG3`8v6 zm3-^&UG9*@bG9LQ(~)C@iLrPmh%~O-5w&=dV#c5$D0*;m0i6YY`hqpVZxiug=xL|p zj9H597Z~8or%N)vO^<)8!`b>|=NSVKV$eHzHm?CTRplyHl27|sRkmTQWMgdYp%W^n zKntzf?)p`2t~Vi;xC4^iQ2cu&8-GKGB%3hNCz)@2^@D-&^-0JQGB>Si#!tO$K2iWk z9m_k=%j>9It19&JI`M=K#J91pBXSB<5o1N~xB7LIp4Cvyl3##p!&p(7 z#I6~$c7sPa+TyU}g5*zw&CwRyMF;7-g{M*32iO$Q4rc}s9Fvp9EjlEMW5J8Rc2`_( zJl3>+g}*7dw9n4)XGP z?S8nM*Ym3+YP2a{gsn`q*Iww0O1&0sq}4w#n`xwO=%T(x^4pbaF0wnmtzczlAK}>F zheta-cK?7a$t3o7TP8eYP7?DMhBoVYjHS)iMO|GB}&Xp&fKP>yBx1&N??P? zw4t8^O79k(vd2siccdR%$M3}|mOOreBiUR`#j1CdfA38BJ9aM3c|C#1dq8gJ#6c)9 z(vMevXKmMT-tJyruOH9qSl;=My5)L0QR(LObRwUY_-MTFbRzRFoi2#>@r{M0QI{`dGhBhbSD-y-aVVal2G=C+&_YXs*o43?81+;@3 zepl$laO?tJX%?-R+AIrJI+9d`ZGbz&hY4-V8+IgkI<}}Z2{|o0?>j8v-+r%z$r~dQ zK2DyFgo_e(3DGk`u$cH+-7}SBheCCrA5V_VV#uI;w=(50=$^Dr4D|cjZE!1qr9a0^i zYVOFIqVC`#7{Ai0#i9oO;Q*+mzz!{4i)0=n$)Yz!^^jC2TB|9UoTZbQtyayxhE>F8 zRaJAxm_55rEF!v34bqtX2kd{gnBf|%ZJL;&<0;L6<%p@%4wpXJS~v0lcj$F(vpZ%7 z^X%4c9vXT-N7S=b-H&V`4Q*AA1BqaH*1TtWc|BV?u48$3_3}EJ)2jAy^SX9S&KtGe z=S-`XDE=}rbY&vmjIBN^u+?Wd?`Zx4cQk*FJDNXBjKGa@#h<#CZtcSaRdi_&Rd#XM zv@eaN!{f??EYBNDhs#-o0H%Xz&2(u!ucT>2aH<1Or3=+fAe zAfH7wRSd{4?FAFmRD{nfF&M^?(ytVkkT9jbVnA65O^<#aUXsF*tVCZq zm7HUE<#J{d6|9ba}a`FGbi^=@!ia!0C`{3tDNgU-Q9^bqH5(_Tc5&s`@@z$Dh zUvO?I0>c-U_9%i*eO)xMM;63wX}*qc9KYT8Pkg~-in6(W*cKH+$~r1cvDA06d#y3K-*jE znn29SXc0GY0NeQm&X;3+=7a|O7q;vcQ-|lrY&NAM`R8we{5k&o`4tEDd=Wvb(z9nz zg=FgJ%T~4FYKal^;%%|n^-Q@L3&Hx`s`6EBGp0;0(?O2e`41i*Q+t3O2Mp?1jv|m1 zLEipA6YOzcE))5%a`kbR|EBQ;G9zK!CruOjnYq+{2FVXfRsjv=za6z z-H45SK?(vkQ9wsfFjZ>F!K>SFTa-Nih-d8Oe7mB2Nn7bqeSW~t%fv~T4CPZ2wF2d2 zwbrK4cwX661E}y1Nh^dgvOBaHVSD`y-2EA@!h}h4*l!xtddRmr+Y~r|MV#7#XsGkUd6f+ z`{+s}{FO+kLl9&PR3f3a_g7*UsRS-@LIb1FCdgR3ya3k#&K`zNSVt(;WGL?JELVM= zoCdV!$7}g+`9>g}7hlviFaDOUe|1?l_Bx6}v@O8pSXJcoqs8)WsPHbY2 z?x=C|8Zfqtenk~{?hCrccPmhgqhh5e%VRQLp+8<2@HtiZYTm(PPN|v6XSEe7+q^Ye zwMHwkPTfYRjUMlGIrUhwLU$_oNr&)uyD_?HDFl?p!YecuT%aX@c9H3#Q>fX^YeC-G zzs8o|K>gKfek-b*R(DU)x_jwoBK=rM>{H*F{H?CqC{zPU9Vt0X4MvM)y;ZXN^tk!5 z+1*{O{rPE6Ynx9~6+f;?>!{lWcE;#)a}nyv#(;IorYNX-quV~n(4@`jrn7svobT~- zMkd{f@VBZdlrBO|Dpz8OfWlwdD{nd=A(3kPv0{gVTp7E z*nVS6>tTgaw~6t^(6zr)L!MbBZCQ_|srT1mp4+=2_cu9|yHWR+oTb#acun#n6j`IL zMxDe+CIA=yAt@#l@&mWvT_Tpg23ZzF0GTX|G5Y0J^>+(Q3kZ-$s2hMl1*E#*TZc5H zJ0S5<498SdsxDTt5oo8XkH6sH*n;Oewb6le);Vf2Pd0QFEJRnCriX@2}OmW9sI$iKeYDs`CG zIG^!GWFwcaETdH{T0jGOu(faQFCB9hjMuC+a<9&j-Y_$UD)2pa+Tp|?YJ*^qd(~8F zc--(XAGf9B9=&<-=hRa4=uZ1`im4^!XH57vQj63QT6{a98%srAvyqztA9J7Pmv|#XLY=UL0 zvm=5bKW!Ct(h&?v+C_*8hF3w99Ko`^JLn8Y{E=!JZn7xpQ#*1}f;UQ@IlEh)<1g1g z)(hChXC~wKE$@Mg#z9xFss_@he7>Um`Cm%=xO%Y>&aU?UaJCo1RvWP9Bv!aMe7ar>aQP)Et@Oj4?cA(z&{3q3|`W_c~u6Ww#&D7FX+LACMmRT>ei%0G*hawh#K zrlxD-*RQ4P;n$Ql4ihsmOk9EnpaWL2iwLr{2-1L&zI*&p_%It+l|LFQ!G{E5NSfC) zRTj1z&nn^6mEhK~M(U|YFnii?)(yebJCOPgfDZ9s5gaPwW9mrs@#7;CnMM}1X&=^4n- z7%RO*>)KoIiLUuB=sX<} zC{p4pW76^-?0%`Crdg&&N}WouT8;B$HbMnpvC)rXr6tnh=T(%?jFpT5aW_4dh_5?y z;G7HJ^J?IXn7Rh2T|KzfE6iPp+O{kS#7HE*)MGx19!slaHD7Or(ONCcINz|%2#CAPUO1<8SWgU8?`AhTquj?puTt#o9(oD=Euc)+;HagX55$o)k`^U zMCSJOC@yHZ3c?aO=DCAcgnHvfK(K7JXGAd6%o#Tv!I0!kEyIF&ZDOEu1Z!{H(EYVK zexGqj%x;=I9mx+yuOflVhn6sam^R`ST57@WkPheZ0+oY&dAya;Y!kJMq%gwNhcgp> z_qx7XUFo}g`BB1O-FO@#i!oRcY7Hkt7#0yvJm4jRK5m_atf(t^fB>%>Ap z>tv4}cAV45I2-mJJ{K0k_Dx7YmR7M#{4l;_vJCI2EN}W{*(xN9Zd3X4GbMJUan2y9 ztM{Zs{c%)6HW4vr6ZEpRye~&YTP}OY(-waz1sRv(%MmGMBVQ>d0!f+ubuoE7{rco> zPqOrRyukZofjs>LTk|C!R_4$j1?OG^=j2x2Ev>D8SJn4G1U#r|mx2}bZ+`p(P|}F; zW+|VQr$}6g75WL4<(fL1s(*O?yac1#m zu{y)gcrj(%g{1%qB#2JK{(cRHt!if}Q(m+}umZRqYa7nTfHV6>4}Rd=`fCByM)!7K z`=Qg|qzYFX+&4qXEdFEB#GsfC2S3ggK@A8?K5h{uholp+b{T2B?eNx%-)kL5d$+@L zD~IPmkEhqT4R2X_M)l6qp}QnY)D}kbc*UF<$n(2&Xdkfp<8?^A`M*|&V(E2gH<27V z^aS>sMs%pD!P?&K@O%%sL@!VBczTU{U6iNT2W&QEm&~2UxRvgka#Wl;|8#E64D>HV zCVwOmd*#46GI9+!fx~`M>LR0sm?uBqC=(|Bp zdh7v1(E>wJC*8Wp84a91nO@HMr*)y6W_=A-M!uWI{w}fZBMaOy-Pkx-twPk+{~ZIs zo?pOOreiNUjf>2sOxw}>7yvWWg3qiuRR+XpadCN}EPO-=^Bv-)xZ z-mHo7dn^3L!j8g3M;(xRRV`@wxM}WHxAJj(xk|#xO}Z>X{Bb*c%YE|kNfVsdrda7; zVD6h|Z|zRZXWZ2bv)Z{7aJkZ4Ftm_MZ%D~Uy7w!q%2&op*237{wZH21|dn~GI?N+*D?)0Ir=T0wfkn%Sj=>$Js zywj`pH&6t_{1q@?=raEn-%W$LpVuqkg+(4f*xTiGv5(jNGKQj|tIB%EO3!th@%TQ{ zjIXH0KlPw})+=VE*&2i93rs*8I>1|KOYs+zxOuBddoUWpVYtPtb)n$CY5UK2I5;-% zstYRsISq=B6`y%EQ8#HyU1W89u5Z0jkCrq-9NL4vKT=s4agRv=Mx2na4E!WtSvsjt z#=mEb;d`Kurv2WrV2&+853CFHPT_0jOXQ1s%S6ZU#ZOLhScnwQa2&}{9?9^BKTYuw z?{AY=?Vj8pErDnDZ+)d}B=9_u4Lk|FHcgiQk}Pc*-qR=U;fChh|` z;ksDNxBB1z1FZhqnKCwh&Lng8W!Rf61OD+#91VM_rxgYRuUg`ZGd>i z`yhVQLL55_#P?qvAbyL)S6Ya(N!(f$Af7?uV=TmZBtD`tKzuKWx3>`YCh@;20>l$Y z+un-R*@rp|V#C=IT z*g{-D;seV9#OsrI6AN(>iEAzj5U+j@#4CnJ(HKVJPfG&COG!M_LOh(r`&<|xeucy} z7UGd4PF@foeu~7WTZqSy_=EEU#J7`p9}DqV67POqfVh&xy)49KB(6LsKztU7KR7;$ zMg@uAIV(VX42hqx5GP37=ga`{ek8865Z93Sve5zJZAe^fA)ZX)*UtzL=a9IMg}9c) zTmK_K{O!9S{`t6Q1*ed>z{4j}2EX4IB zK6gZb_$Cq`Y9U@g;`);U#FvtIGYfG8i8nYgKztgBzbuZT(MaM^!vn;JlepeO+(hE% zjtda?C-Kb|VnyP$ivz@)k$9AaxP`>09vdLeBJn^AaVv?RIyykSq7lSvTZm(4gSh9g z0P$NS{`hZEG_pxN{Kx?D3=%(OAXeDq-f z;&CM2*+Sfh#P=Nw;U5iV}c<;Rf#K(|0 z*Fu~iabnK^@qQ#;dUOJDoVG_SREQ&@wiC^0>KztL4 zAG8oJAaVW<0pd$Ze5r-Ffy5VX7a%^3#6vB_jU=A8O@R1t66afpn@GIr)&b)FB>wKG zXayCC&-qJ$cry~uvk_PMq_a$);3vmI7|GRd8czqHt z85%{Sh{VINnaRg__1hqR*g`yv#Q(-V93Syg5|>+uhm-ixH3P)2ka!q~z4;*{0keg6 z@eOW#%*^3uOMw%j=_2)Cqv=xhZ?BK=5&RyArb{E77)_U!TsN97>M&+0$VAL;RrN7Kb@oEA+N+p}>rT@2VOn0bfV zORV4((R4AT{iEr1v=i878Rj#U>9tMbn2dJtvx8#PnGRMTF{G z!1Qs^^Z`uYA)4Ng>F-??;nRod*GJRynO+!8@6Gfd5bX%blgIRjqv_d9KP8$TWBU5h zbeRXtLx3d2UnUcmM$=_RvRgD=rZr2)NBGFxXi_v?CRm3@(`A91cI;a|)2%4qszrtcF?uVMNMgnvSECYb)OXnF8lc`Zm$@;Y?qAd4$g}rca2b7cu>>(ewhQe~X}0NS*;qe;}IP zkLf2y)B7-e-Dr9~)8||o;oqC-7e&+anBF&Wp4KF(rQ7aQcQaZN0*oiTFW zk>*sIS4mbKuf+mGJ^u0oh6VUL6@M8?uj9gl`r9Y60x=m2Gm~SbJ(pvciK!1)bmy`} z&Aj*xSUVYU1J)mE)Q}mgc)>5W_#TDaHD>V&s~_@OmWFbtw}5mqUf1*HGyGk^8-chu z(BNDR)X0b4Y6#1n7{38qe(yrrHG2P+;ff69d_=^5{9M-7zbCr4bF!eU^5G+cn$%-OZ7tP7&&i9`9oK2sdKbr7OFaM#f!CesywPb#% zC7WKzs3j+SY-!1xKeM!CWnE{sWF^b(@|H||jFudT4U}F>=Fxj~@n6PDr^UY@g#WPT zGr~XTBMbhEKD6MUHN7+O&tkbzU5PKa1sd zIsVz7QUCENTPplVv(jntuMOefxKBp-Pk7gYfAz5z{41a8O#CZZZkOYq_?-HWb?j95 zFJq`eT#SZpU&(U29RGx({^N_Ql={y~r^P>37@SG;`#B^0bKbGwfBFU% z{IeeKO#HK0ZkOYqy@LAxU26PCv(jnt&ky0h^6iZ9pRmY+|J}`5(V1K&uI%f)nOr5y z?Q;AR&D8&IQ{%skl}?L)K?wg?Q%3mbyk)_E&s7%uvv3z+=i#5la=RS=>@TVREvfMz z%}S@me`FZ{qcg&PLW2eWr~hHWzY=%nbsqkeEVs+?PkcrF|2j4P%UJ2O_*aDRpL=yi z_~*P~!T-m9TJYz6Hl2rm7R&8&{IgrA|6iuYe>5wd7XR81{`os)g#U!sEch=PXu-b{ zx8rpl{*^4Z%kfWqL;c6r`jq|;E1eeq`Vjs-8ZyE^XQ2iEeLuF~pM`sHIuHLWmfPj{ zXMaci_u|yi_$Mo!7XPL&{>z4BHoc*iGLQ$?Q;CHf1v&^OO5|%Ryr;I`62ulY>^TE z6Xsj+zidYf{*|~HuM_p3<#sv#i65!|U!=x=87rL@|AG+yz1PYJ|D1Ui{Eyhsf`1n7 z>+3xHvsiAIL)|vQcvD_}lKf8_k|50lEN3+st@ox&@|F`^%@SiZtg8!P^Sn#j>XJ_JH z$#T0K|3vHv=>LbQ@n6PDr^P=uIOzWutdkM`IWsNzU$~A1|Ex)!iGLQ$?Q;CHvw;6| z@2AFpG%KAJ|NIdCYj2hj{uBOV!GCsd3;vb2bSD0lEVs+?PjsjLzn2>SWvp~s{0l<( zPrmh-OyUnYGc5SOdXpU68r(^jb#rIppT%;!9RKW|)c?lR_>X3#)8aoeg#X$*Wwic2 zq0WN;?CmV;kCiueCjONyx6AQQtU>)>k{bVItaMuZD?<3+7thH4Q&+oBv+fnfO<-+%CsI(VP1J zQfmB{vC?Vrj~x>9{|o+}nf~8z!T-X;Z2FJ;_&QPlS#Fo(pS>CN|Hah!k7lLQ;-4SF z|C~KC!hgcQE%^VXw*~)7T!zpc9kSZmZzdkkoyuUC#{v$*9Z*hA@_)n;{;QvOsP5&?HO#CZZ zZkOYq*oyi;J2n2xSn0I-UlGE;_UerA&$-)z|Dw?r{IkkB6aOrh+vWIY=TrY@rpA9X zE1eeq+7SN#D9H%_33plW-=x@rf8|A;iGL-_?Q;ARTT}m^PmTXFRyr;I^&$L={+m(! zIpgxf9nAMv^c|H=zH z6aPw<+vWHtwxj+(mm2?NtaMuZV}}O)|0%07!awIW3;yrFX~92hTxa5+#d5nG|Lh&8 z|I<_BKbn-^5dKa1sdIsVx@QU9MwjsIv?IxYSqL-;RvAv68I#e)B3 zx7qan+|IwWVv0Af1)4t|FP8gFJqV2h2>%Jy7W}u}#A1Ic|IwNFSF+qL$3L+r z_5b12_%CCn)8bzc!vCuLjPTEyV8MU-my#H?KmU)oHvx~L*xrXH0VF|Wf{H{02?7#S z6fUCR8kEsNKyitJ$~CwEZdcTd;u07LkqjXkR1}mYsAyb?3lNcH!j?p@N>G%jDAB9Z zV_c$w#x>u2PIXsT_f(JY|M`6KJY>47-gD}lQ>W@wRaaLhOI-&hbUG~5F)P1u5+yagL zyY8p4|Ez!io%Wwa<^JRLFC0ex|Ae>wcahQw?O*M(f9~LYvVVu!8v8%>t0w*?Pxw3S zpG@Wc z^8e-D_TNQHC$ztBq;vdVk-AUz?=Vwi|E9Mz{ZI0xf2aMEsoa0u{wb%C|1a~l|721+ zq5U&l_MhH%pX@((hQ|JbYBlzsHSX`U|12u^AGd$u>E!=Qz3sn?lul^>ESLR%ziHpb z|I;=0KW>n&|G(t#w0|;{`;Xf{WjOi&VsHCTCZ!YFKgVVNaPdCbf9~BH`wt$YvHz^> zztjG+sN8?t{)K0d|3B(&|6QbXLi>kZ_HVp@pX}e^E{**UI$vY|VS{v$N@pLN0CY5!SN?muq-!T|aILT~%;BBc}B zzuIO0f2aLtQMv!P{R@NS{|mhBzl)SkXn)^1&hh{3w0-J-I)pU#UsK14 zF8@FG@3en1mHUs|Kjj?q{|CJ7Kbe$HX#WhC{pW4kr~YT|ts48EE`qYt{_7Pqjs0hx`FGlX7M1&t+rRK4 z^8bjp{dbYls{O4mG|;zeD-_#TB;k9w`Hji5t8-KF9o`n>gOgL0@8j}URhdRE!8RS6|PC)a=iF$o<641QvL6en$W`PGyMgp3N9yGoL zGy^F+_4m4If?5WNjD z640#opz$T3DfXaI-u;WS+jtKe<$cXKn!X-1rS?09aWvl_ueU)s0ZpX`O-=%uhzCtp z0-9_Onv4WAy*y}q3243;G>+zrL3$gM+Glje(Y)wE z6HY*r=RuQ`fM%ozO;!S$E*>-)31~hYsJDSH0nPIsG|IOP;_P;Z2aWPQia45p2TiH{ z4TU(G&K@-31T-HXr?){)0-C2iXtEN}ggj_663`6ypz$T3IlzNP`Sx6#-99*0Zv*9f zfpIh|JZMVoZ`{Sv-0VRUPC#?22Te`_np6*(tOPXg4ba;lBLU5F4;o(rnj1Z6ly8H_ z*=?8yjq*MBIGT1IG^O@8$m3|X9;3HGI04NP51O0=G}n62WF?>(;z5&I04NcN9py+NkH?u2TfK2ngt#-83|}6 zdeHb1&W%G&u=qA|5nZ323rC zXfhJe^zxwbC7}7{NWBdj{k-ZyQ=NdOz=NhV0nPayG~om^Jv?Y~641o@>TQsf zfM%5kO-2HmnI1I01TOoVTfaZ%ndK;7`pn1`QCY*pK&x0l>0nJDc znydsgT|8(q63~3wTWG`<8hH+s-C#?5K%`WfayQ=NdOod->60-CKo^)?76 zpjqNUlaqkvS`V761T;fDXfhJeBze&I641PLxZVbhadTR`einJqR41Uh#)GCb0nH!} zns5S|KYHl($w@%-x(7{G0-6OLG#LqKCVJ5L63`6rplOVo)7tg(OLx5usuR#`_Mj|(}6F1YWmN|`h20O(VQFZ^ck-_x4X5VI`_(&z%E}^GV-HSDf!0QJ*@(8;mX~u zYs=P56Q9Y69&sD?K->qSrsMFh{8BI&NzQC1pmjn}%R(wB7VuqC3-7>Yd-O@|8>6HpM6UgmthsW;ZX z$c5AaVW2Q0n7?W0Wv(xyivp70+JjG~Th>UArc+txiLwlQSr*5~73CSm9W{GexxmI? z(FFWQ(ix&ax@j~yZ%TLTh5}oR^G9G~3~eq6zbH4ByKKO?{@%C?gEPOz4k{Qv52}S4gOTipn!xrX zvjXd&YMn3SuPsRbqm}=~?(aet3&1L*c^Vl9myk3Ps0O;)=bw#Fk`ScYHV$1fqyigx zN`l3eSzuN>q7PNP55Fn=+qMt=jEt-wUO^YH(x0{Tr)uWxPDzIG;{n9BF}~#5VDT#A zXmmaJ0AHlw6kO(4(qCVwy?=F}q%g1@b~13ez3_~brUAi7K^pW47A@f)A&!yJ0{#(^ zR8&bh2Km1!t&v38aJBHXl$1~hw5W>AoC&_B6uKIOt6*(GCTND?GMu+PB{WV+u+ZQ& z5SXg50I`n7@E53rC6sDr8h<`RNvE_47A+u#RWl{{V1S!?nCTX;5}Cc{`8ZxLnY`9+ z0II4^Lf>HMDzjL&-PVKA{!CM>ABpDYVWvhma;-h}rvoL4(E*TPqy`*v$Ol@V-rZWuK0vNh#8<(E;dSjOcR(mLSj41IS znJvPwbb?*thKHz}}T1p5qHJ5>1Zoqz=u z*a(8X=7v3aH(0QPSMb`Qa}x?%Sh19qYUn@_N3+^|1N083L~j}k23 z4QqS=u$bRA$m0aN+zoqe0bm;x*b4+3;)X3;1lXerY%Re$xnVsQ1D316HWO^ulP-h2 zflu?q#wf5i30Ccftyl)wkqYcRf-Q2xE?N#)YbRUN9R$0@4V&{gU=0fF3xbVu!|q)H z*ozA6JA(Cb!xlUR*jxqnE5ZI);nH;R(|}#2z}j62*!ynS?au;siUQl8U@P6Qf4=}& z7X@}8!3y25MK1#O?E$tyx)E%m8#eY8z-kp(Z-SlVhOJx;Sg8UVM6iS0u(=h0-J!rv zBiPqZxD0Z@TEH$)VCNBRvm18sI>3%rVB-k3)D1hk3b3{cEQesXyJ2rc0sFY4ZIJ5- zHr5RrvmUV33hWkw^>@R%4F&8z1vZOd$!^%w8vvW4z#;_u=y8`p-ro$^a0RxQV6V7g zAJ+obO@WmWtk?}pdjqf^_qR2DiC~l5upi$9>`eu>j$o&|Vf)nswnBkzBv`r|cFjA0 zO;=!b1pEFmm!{p{1MCt7_7=h3aKql+4%k2i_8!3=cf&sW5U^AQ_6fo6cEhgO0oZ39 zY=i6~ShgExd<@uY3apu6$GTzH?*!~Y1@;TU+Ph)Td=A)+3M}<1z#5mk4D#`pfSskl z4kg&DZdj)nU_BLB2Ep!k!z#Z5tR>afv_HYFcf+#225hSWJDFf3+^~(`0QQUm8$qxh zZrIZA0Lxck7ZL2IQkSMIw`Q}1e@uG zP5KkCU6?>vLxOt)7C0qp_1MS+zO?2BbC zgQRr?Y?K0fiC|T3*p`CP8|j9P zO$ThH0{ekrN4Q~^bOWqVfwdCsx1}ykKRgVui3+U4)qrht!#?c+*hvbkE5V+3!xm-$ zc8~(=Nw9m|ugu+9qX9)itw z!=4`q*jMdr3*1Mr32xZHe*uOU)ue+hC)f#Y*vR7nTdcs!3FddhT801?QebNdW-NBO z#D7l!>|6!5j$rHEu%#yg)=z=0C)guy*v&%$^C_@533jU+mVOpsA7JgoYD(`DY_uD8 z>PW!wS#b&bl3;z^up7{JV>o?P!hR>%pO3mUZ5j>O)e7vuYXIBshHW?(uu~OSZ-SM( zVM#P7Iz)jDBv`}^E4&@tzN4iZF^#PnO0X;4u>5I&)hVzb!A^F=etHP7g$otfO$4iP!!EfEuwxY1tpr=)t8|Z|-m%6=%Vkko;}xmjyqiJ>g zo(hS-MvGrVcvE)Y6w5BdwAdmAJ5FK`&|BBmk3|6o$61z%^ZLeU1*IM#M zwAhd8ZQV*Fc7hhWQo%M#>>w>RU%_TxXUWh`i@ij_7E0^~59#c1w1Tac*ypv_)-ASf z8P{7f%+zAvRj@e{o2|t@MOe``lSAp2XH-k7o}g+v#7a-U!791EmfLvdX19*162E7wSuOUDw`~iwNbC$PcB_KTywQ^RLM?WMg3XcGep>7ugjHI9sl@;MpiaM$ z3hxGq{jV0=L&5s~W68Wsi~asBryQ9Qf0Gu!p73U?&ym-E7IxTZ;`T z*er?tdA?4+kuEvH5?`yuAFA-Kme@zN*l*sj?cuw{lKCbrc0FMgdt^!c>011J7rtEL z{aXA)MV1zc{a=aBCPNhL&|59J*J!b+E;*)3{2VR*gV$}Flu7JmTI}-*wq9b7(_&{5 zR}>2w>TU^DKtWZ0s`_ENCZB=&JFcF!i;4rLO1yB7O8VU>QX zS>n&u;upE_>33Ojch%yrb>Xule%D-`O@_JfQzd?l7N6?Emr48_E&hXzPJIX7ZOMO$ z7XP#hUn=qawD>z*_y&ppIik~dqzmuMv*fAO;twUf**{H{*hjV4Z#Fn}t(W-gwfIWH zo4hloTXLMP#m;x}o+9ynEqCKI z{yZ&yIpIy)geA7O78`Q$E|d5l=je0|xbXE7zfp_t;=;E``~zD27kI9ww(*RxWt*$C z_*E`^mc$R%;tO2(DH7jCi_do9%Ow8Ydvx~c>%ton|F{;vC+gHUbEc*5ty=tM7k;Y5 zpQ*(!aN)}({va*>8p2y+idmK{y9#u=4s-DyEAeZz_*8}WLWwQXVn42O+NECNFVo_m zC%h@Q&HFelcBYGWO1`CM>ujB#=ezLZBz}t)-^+zxDDlg*`0p#7x>ig4O@}yJWfDJGi+`2yrW`i! zleO4l7jNGjOYZ%(_z4Q{t0Z>kOr1Rjxp;>qex(+lsqH>#ui$#pQpty zcj40pfoWwt%#eeatQ`fM>U!}#ba^Wi^ zey|o_;KH{^d>bu3+l3F#we0im44r-Yy6|C%e_V^-Q{mLNPU3IX;x`lCtgG}QOO~^> z*hRpG^L|dwl`G-nBt;ic*el_sGX0O~I<3xAN^O+bty*kvmqx*PmXyo2_#f9eEl@A< zH*4`5fp=<^UTl?cIw)+dDr9;;EvGwNC6B$=;`4K!&I%)4_-PVftHmGc!k0??!&-c7 zwaXF`KUs@^)rC*H&yxQ{Ek5GHkCpiLTKsqyJ}mLu@7CF;KjBT^Y?Rn%wb(yaxodG? zi6#9Vps;IknoOUl<@7Q*S*2D;><}$>4q=rUbjEzE%ywG*B?|9p68phjI_-~Eu=NuA zycXN~id*~4`z=ZC0)?%8nM}V*%V`xjIW&5};xkx_FCe^GM`4L=uf>j6u#FP?(VaT& z2PDwwX;9c24Smp(aK4t)|6X=#R4(xowfL6_Z))UQVDTQJ#m-T%L5WS(VlM;M+0QJL z6x;7mHA;KPDm9Aq_^0NbT^fZY{yr`K)0dnUD3$mtwD=c+CrSOYd(j>R#lPz$WnV4j z?XHs2AGS2vGfk(-*)IGPiQlZncXi<_Bz}Pwzw1S(<|zv;d9Kmo*AU*U`*9LGOp7f7 zHrCx`pfX9+R!elTOQ2?n-*&ssKu5apS&J+Mp3vfdDt9VeBJsIee2oj=DDfk-_=gA| zXP|T~_Bt2ufsa_S8@K6nJ;{ZiBJmYkdg;or3tuPkWm^2N&pY+?Ew$vIrp3SE!Vi@Apcem#3!fwL>011C zE_{i^8@KB8J;{ZyllTfPzJm*&w#?GEP>cWYIj4PcBz~M0|BMU&qQqxv@proLbrRol zi%#EjT=>jVOa3}7zMBglmiUEQ{8!I9^=+2;DO&tm7d~UTCC^YTey$6jBk?I({G~2@ zsl+$jth3KiF1+tCOP(?<{?})m`i_(MX_)bf5wi*4)T?OS1KJWGq;R)%4V;ZinB5{=Ok zEd!CIY>CA7(qeBVtYXLtiU0mTI%Ut)^4_e)c6IS?mb@2e@w=XK$};dt%Q)9)@oQZ8 zaS}g7i=X4dhb6w97Jmuw@lB{qQf;}>?eL8E4 zp%%Y_@TQxWNNhhX_6`NxAhEyQpp$!yg3TziWZt61_ENAp68pFoyJv+hZ<)m2uEoAi zSjAHfi9cJ5U*y84J#ER|Rg1sYg&!*MyRO&SWS9#-MdH_J@u@C+nZ(c0;y-x8sc(bC zU!ui7?ZT%#W9i#Zi@(E#A1LuZU#HV|qzj)T@wHm~p)P!>#6PUX#~yd;+amFkwfI*F zZ~A)1vzD$WYq7-&woqdITI@sx+bpsFyH;nDAqqDAIZK8$T5Kv|75~kV_&Hkq2ah@N z3nl&%E&gd2zFFe?Y4LZs@WJOT`G20G({&`_t-eKK|EtCJP_PXWyG)Dye!0ze;0u-v zw`#GQ6>L~y&(>lWDcEv}Jxq(eQNj9FS~7e$S!ajg3N}MxH)^q66l{*fKCH#YN^LvX zZ-iX0#a1d<`;Cy(wb=Ozwp_|^kQRFlVHF?!Oyd7HNoR{8F8r?&|FRa}&V^4ew``rS z#lN@ADbL9gf1wt?!i66v@x8V9kPBZZ@jqUp(>LJ4uaWqTT6`B5{tbzLK#TuksZ-w_ z5`UEzzsiMgmiWP1e1Qv}{-S07Hd=hP3qMri-@RIApT59r&dsW#qnwQLiM!47!yMmp zQ;ysU(pg-ozqIk02ip7O!R)@bi7~&6mH)N2-{wUn0xAuy5zD;W%xK|iQ zYy2_;bwp>EnP-y~g<2pt9aGj?58ajX;{2=IH4hlz%Wp{vjjCz)IWEzG;smraX*^$y z^V~YpdL&&e#|596hBMnH)G=rsfg-q}6QH`VwL$tMr8-V%+Z3kP($HvIDts@=!^^;; zd~NsFM~UO+j1Vt;2Ff8fy;NO+-v<0vPnF=?t2Bj-c2(GEt$3O=%GNy4fTw!!%47mmVkAYic!zGxoWn`q}f-Tg4rb|Stqw^M7-b^Xh;s2u+H=(|%tqTIiQ0Y5TNy(miJ{dX*3q>4%Ld z2d;=NRdn&xCpc@?a>c*jO-<*ttM+v`XH#!zjH;(|JYBwfWh2)_W7A=AS!W}wsi%ul z)KB**TtAIXT}>*H+z!c2Lj?r|lt2T&7rxcVZ%o1%-~d^PSN=*~%txX^Bm~6YF5lhi zfjt3O*Fd7#ShE=dh=yZX7d}hj+wxaBg!KRJ#Fp#Y_PhgqP*Wf1X271Z31*tAr5K$# zSWPgRx?8k%-kwiDo8hKSAzI`0No-Q1DczzI=`SLkZECQoQI8ck55X62(@xwou-O5{ zxsXp?2Ak@!pS4JvS_7hR!XZ{NA__`G?Y#m7jyYit{hQg~%U6S5`Z4oo_s4>9KsiaS0t{ zyzN3hl>+A*e`%g?TuRBs|G}BV47l}T$N9#mZNV62C5YVT8-FRzH)fii7jfs<03(U0 zcI8F+1;x`YgRLm{SqK`YwDteNF-Nab5 zUh6dGP#+R>ZC%9#Ulhlyn$iwdNahRn)y5CU(Sf~zD*u{5RV46Ae%>odxyRDq87cVd z%S~>Hm01M#;_ZdTJp=6IsTxCksFfr_S)$|$47xF4rAQR-kv>LZvyP%4fwmLrlD z<5wKi8)CL+);yh1-9jQ-Cscc!0PU<%F<#oek!lpj2GeMO>LLwxq)T=JBd~yL z)I8++2s&X{sZsyEsL_H_P~G$wRE_f-$`uHzDSturjFaj-K{fd=sB)cDhk{C+>wY`!+{anYpf`_pucT|^ z(JAP`=sfFm=DbAwh`h^~#!8|b<8p+6U=gzc%{Zo6C4Nvp4+>+S#r|T~&(0!>eU$|B z<>C>wNk?v%5-j3$b_~U*axh$BE;!=ZY?+I|C7c&czC9y|gmAOYs$AE6*!vVwGBDkxCpIiz48$@4lY zf7KMgqJ3pzHWK}-SCJP*kCdsWBQ@Gj-VVgASuMsp)f~4Etr`Y(mE(>&0uw8Sfoltn z0W(}kl4T%46hE0WrccPPWWe-;t4?#Wcs)YJn7)uk^Xwuf@vm-{PJyK-|C;6~yx6Ro z2Z^YdaX2)5UX(_)qSEf9oV|8361a%FFq{n4f*W(ihWb?EXH6ApDpwoWL2z_&hUns` zucS*|z(m}_kYhm=b+22vdzJB~9~^p%JKk(8q|V_Y*pU9k3b-#tQ<~rZm)62SlpOxH z!=st9avpHvvqj&l6U+$T$DMdN!g9GUL|yI{r4v8L$*7}XR4z26p$T1bCvK)uCtfDg z&2D&0)b7Mv<~USYOFb6#+Fxb0^u`CllM)&a?f4Rq@{%eq3biKdRM*2uW5L8yzOV>umRc6;qN1x$~3*x7e^BS4P zN}?R&(=pujQZ}qvSX+>bDpjCq9UeU5RnOasJ($K653vMMw zreWKa0*{VCq;b{r+GHz^=nReUuU_F|LrBk6VT&vKRdob7(3dc!70d(0~uQ+u% z2~%4z#gw(lbf!t_y~$`Ce;-an;aK)546Z-+0p3)e}1 z**k=0V?Jxf$D)HbQ_N$;Q4(<>5D99nD6k{Ky-^YWMdwJ(#aflbLcss?9Aeh1)*OO{ z;PsFJa|P`XygVNbDNs&^h|$~*iq{(}`fw*=jz~LN`Q`^zU`-lLptgBN#T~N|p3D7T zHHxZ^pO&1Xlv2W_Xgkhl_R64)kW=Wx&Mqv0~2XKY)-fpTZ znlOmE+8I4s*2L?eXgY}593vB7L1Izhl}Ml*EmO|$HiiFRXKo!U_SWhru>$kh>chDA zfYp2Srr!EZ_^Q^zher}w*qBKs5gd2zyM=qYEWAizw-D@#0&iYhoraGAK)|99WQ4sR z{n2gj0n)VNLEm(Fe%_nD5YEWVD^Uh~@1KnU-%((wAMgP?T#ojh0XA5iUBc2GE4lv` zHY;vkQDC0tnMxQ8*hA@Q1ZMO9LkHdY)KIs-{Jw!r|_$YSxl=(f0aCz~GOI!6OW#^JQ^sNgp!ETub^iz(p%- zN&m9jCB+bGqE(~NGI-QxHdvW4+RpI$YSv*Nn5#@#Yo)WwKFE4XPrlpWiKDgRY5&K; z^SGBagJ+5qTh@L~QwV#p=AJz2VG6m=`pp_{hEm014J=Y^e0u=jtb?TtJ4Vo@h!L01 z<{r!(BU6{7j**X4_&>`0t#K%swOnwKW7D_+vS4QqkhkA$i#wXw6^EV#pE4skW{32{ zS%w31tO4y~Afl)oD2%0pCY<-Ah-F)%CrHe6h4GI(bIyK}*>sVR%K#yZ@CW9M{Eoj+ z>%gFVQhr|5D1X5~`2EbhQW{VC3&QwY6Ih0!L-sOEwVxce!JqF3fbJplQ!Mjr!!2_s zS=hICNtv%^ahRsrxDq#T`VtIl(0>whnAX1lZ$LaM_rsiGVGF@uRRL{DYGQEu(l1Vb1Y%*mT9rAUR^2H{?=g4%U{RMXu z1FFSu<4U({amSs~A{S8UYXa*cf!QEo`*wcoa@}kZzndvg*9~*WZ{Lkbo_P`CHv=Z0;)vhp z#1Ow92a!koW}1Uea>ef>PDlJ^#?xO=<2NVWcd-(`Ib}RR?)c3ayDxRc?r!g*%Htq<5?32&L@GKn?P%ZiWQb-%6~=SVQmkI%L1O%I zH;30UOu?`Pjh3L+C`(YaA;d$TmvaP96%n>f#A%AKblF;OE;X%*9^tdveX)~r3&oWp z+T2ECY>LCB@zi!4KF>)#pQwvNyFgNEEclRO5I*-wH&Z^Ro^5e{-eO;FFBX1??1?&n z31;YGT_H9GJQ!fFSI2VERneX>vEcL}ZfgTHaRJ%FlLL+Z{7xXM2|SGQvL7xAE#x8x z@lc?I*1zJ4d>AZ>0wrdVA0jw}^B(r)W`H)DB?Y_LfqI2ec*;8aEvnk$%BisR+U~d( zBY}_5j)TPuDAf`nhqNxZ0V(;F^w*b5gReDFTlY>>1S3pY&P6FC#qm;#rdt77MeE(s zfim%ZN(_aggJjAkPMID3mrQwyQwpPlWlAYhl!e~;xQ*3mmFX0(%txR7l`_MrKvkKU zR7DPD4kw6PnN&)2DD(3zl%gv01*fRWyo(e?nN7GwTwI7HpD*!j-(Dmu;&!2nI!d#L z$Fvwvza=AwJ(DbbOdC1ev^UzccGS6g?`Q|vw06|VWLnR8WA1bjcQPozj2-NbI|C^> z^<2aq27EWf5qCCxhq!Yzh&#iNbOrXj@tL8BJIr{$GBxgSQrEFc+~Jf@pNfw= zoN+h8p<@q1-{pzpP7lsE<4zw)0kQUW-pD0hiGU(j19%6HSWI3?JML-Th!%%F5A((k zM#sgS#~5VJ8=pRri~ftaa~{|wjyr$6VaA>CYYAtE?|I|s>B=++j=%$P(8=PP%2Qy5z~4GXR-O#9{%t?+S#Wg4@yCh`Q&-BiDD2!pb(~t?dKJ zmFeTzH&Ogqhox5f7c1Z>B35ymc@kML3F);3Irs|!siB6^gQij9-hZJvDH&gA9(^Hy zB3Y|e@hakIgdXXLZkNi+=dbVjatE1m0yidSd@z|(qHVic1q@aSI8_!v+Q+W33%DvNL=%xD zv%IUtt!1EUu-pd&C6j@U#y2s&>b-asaWpPk8-b+^av+4wU2{v zmG7`2csfAD#&77qir6Qy_D*d@&S)I(N!U#geL#z`qE-_F7BAMu0Hygd?X@Qz>Je0Q)2)p9dwQo132a5`eZ(CD-a9KU1}tTe83R@f+M5_~KD;?`4ESY}83S^n31h%kZyd#daqbvk z1#EsObR68W!I-tD1rxyLwGGZb`+;kz&wdk4h5p43$5$|G18>qbOj{o;nwDlf*6}Br zI*KLTdgJNNSOPqCVp6D2eqLR2?itZbxcg$tezH2Z3R2;1%k0 zplr20+o8D_-SS)sPoK19I>Tp;^6ct#XEFGMu2Au&G+sP?sV49uB1_&&w9$pFc@uhLhPhRwedRMhj9iq<7snC|m4z(_&@@fO6 z$fsYPB8ke(N;98dTXl;^*E~$1@c=C&;=%Wwb5eZRoA(0W%)m`y;CW1_aBtQ~-;He` z-kbE`Cl}(qX^Mvz9eh!IMI7G*f0&w60d?9~OMBkGCIn*9hbLvE`gnI#h3MbKkH|Zf z$(EQ&^kbZMEHyLc1o;ZBN-7HB(ySn)mtr>T_0$|$rM}Rq{xx|o7{5MCFF0%jX@imb z1N(-5^_b^_kq@Ko23qktf0DzNo#?}umy&W;p32W@6n(q9Vt{@IP#9b(_l=q0WvA}{wOaeXD@Lcqml z;%UA}yp?9fvwugHxX6b5!#9W4Mwj8(!mM+lj_lv`XCBRlN{nP)ZZq-b5~q zYg6E0<{ex)KX0K`=leZl*Lk?vqt5TU+EM4-pd@PXPZEe~@yTP*w-m3!>oIh{(0B;< z{xu8e-oK`RV8b@#_O2SZ&e14Oax&e_i!tV+#KnVCWfSTVJzMsl`+>%8QTKx+I#OoF zuEIP$gf!|t%+8|JIC&Vc5}n1F=q&teirM{ylVX3v+G&uhstkX`y2(jL!Q5hqtaKss zh`D$kf*uC#Mdh-#npo_SEPn2G~Y>ZU>IiB|w+yJ-`;mgrcSc?Pj~ z8)VxYW(}GF# zC`0O7#L*a&2^w@MyBrNtS(%5|2DTvuuJ;c0%MCn| z8rSA0Y(jh&_l=tQxY2X6y1MJH?tZh7Y3+fdYvTzF zX}IqliaSi8#Ey}|qOk10syg4r% z&wD2GUO?Gcm%!kHjG&G{*d~q<2!-`Rqh&e=r+fJ358M<63NQk}y*UDT99tnHfo=JD z+js=BP3#4X-716Ahxf8|GEp>Yvj8Iy5LeQzF{7&)oSaH<-fK+eFwnZbWFU%~6lT&P z5?>arA_5-Un^|dQmK;vifUJzjtYvo?ZW?Ihen%RV++$qxxE-K&#;gEU;2e~EJAndJ zkcz~=*j$Pw#i4TOL>!IveW-P9!$Zq*Zcw?$;<8$_t=?EYXc^wwAMGB zCegV)+|4VON)9{$SNAm?qBPUX?ezS-Cw#dbqUWPs8sGHU-5Sn&#}_i4mmD_s5qe;; zyOP)#kt24u8k>5-t|<4NVDTvhgfcEJ<~o}Kh3pNDVy(!Je1P-bF$M|HI06M|kEJg< zp2`iO-01nT!B$<4bqC)dYfQHix3&SOrbu&HQw3we4!za6^ixzxcgFACIp&X1l5WPZ zrf31}oeUNi=g?22I1NAONQ(Gk(a*yQ-U;1h)(o@h*PCmGJr!?s@-o__)+}sU;+>2& zzNDt>@+*1!=JXEs4ph4)yI@6$OhVIuWT*^{eN7!LPPIOg*knbol$s^v4{goe-?~9@ zCZP%Sug1=Bv46E1q7!>8-H@vOHI-z9(Rg2Gcw{RE50M`te~yl9H~PcW(L+$S7(@K~ zGTQ84>ch0LP)$}&1K4@(i zjh%$P*cf#tA`ix3lA98@zz+=kum1udZYoL`7Q(zkZ%~h zh(I>mxV9FQ0o`4yfx}vk&gU;@!=-o1-2pQ&c$o#yUJ(15sxzG-BaeGL}AI|&YYEB#!n=2B#hE5^I zlfZY#JjJkh0!R*--sen+kdsh&M?x*GKB|s|OYaK5xRvzcD?8<>@iR z;ji)O4kh*@C1^v)=STUgLZ3$;kVZTU{uwL|G~%h!8aS<}ycu0!1vO66Z!+Q#`O)QQ5jb3V07L(wvEynhjG^?3!V`{J28|kKf)TXspGw=88t>iI@wulEZo5;h`yv(u`3` zBgKvH5H~gh=`#)oKj0gKku%boj$uq~7Og{weTNNnP69JN8%gqfgU_i(mGdFUcH-0J zuwRC~7zchWHCbE&_HYJ%E<7VuXK{t1f}&D>qy6ac8tm)eI~v9FY=v{N6Jw%^p@4Xh^zc1%A3d*^}+ zgT=?Q^O_(+u&2$q!+EbeG>z5txb3)*%jHh=P_T7J7%sXtde$(%97Ebw!%*eRxM zGq{?0Qjp?%I>|T8CdtvVe#A3ov%>Al%SEoHW&H)u|5!Yi**xva&4}kI&%l8>{j2Ge z7h%`6m;(5WHeKz$!L$IP!_NdFiw@gxOLEi2WDaps6DPLTog8SMK8)&wjEq{g%zg{Z zZY9!-b8XH@6RR$8leU9U$<3(b3a*l1qJ7SNa>TQWFg=tgJ=p!MqJ)yiABSfZ3^*M+ ztSwtJO$^ndw{#lqGwuSB$FmBiX+l2au%B1|dML&g%=qGn`mBPJCJ$1cRdC86fZY3} zIOEMBu4fgYS=>m_!Q+K#%|59cIp2I%kqapx*4{p=;1XXtUh}M?btadpJg@G5Y}~Vo z9~fjltN10Ii^cJ6{CP{{>tmj?o>y1PjybOF0M|DmE=TrDe9{xY zKi)`j+ZRITjmPgF?%+w#+GA0Q@@%9D=vR2m2BqYqZMuXKac|w% zgLAzx_8w~=w2s7Ben~2IdesmHuebDLVa5nylt&0xDRR7ut{#uf!d`c!H%@s68$keTXtYbnsz&7ran5$p z^M3B^d2b#?i%+z1k^aRp>FEe{r;C#LY3AFQkiLC!=JCjzfeMf}vL*E4bWma@ua zC02SiMUPDviXEY`58!JUm@UDyeQ6L|w~SAcVG%Q^6oJO6u80}(4+NgVN(%$L;Y zidRwjSbyP#&6B#p7R9Sb7HC&toP*Pfa8E*6kn;e62t-99MoJX(x1kl=m9t6$e)S>5HxVotAHTmov&2 z+kowto}K3~(HkFjrv}+ti~)~nqHUkswb9m1`~7lBYe!q-w!NZVWz*Wx_Bp2Y+;>%R zp@_GQ6j-;lcgNdiN-jPE@s&Rm5ZM@|YzwD=pw}VBg z%3Nkbuef-7q$s)({(ocUNElVeC&W!v=Q8{BvPVNr z;5|%X>e0y1D0vcOzKKthpax^b9UalDHLraP?L(OaeR(F0_DhH=wi}%`uyw}yJ^#c* z#rMHRJFR)+9BR1gw5Gv0OR!fW>^z0@BNPq-QE<1WHbIQ^qbRJJBM}z+X?E0Lv`%9w zqxNYb0fo(lrhsCP%i*n}Ifr+VdH|ox!To zbu5)Q;e-OZv4z4(BJ>E%3Xgm!3(heR)_Gsdg-GCFyE48}z_o$Ti5KK}|Kz~u{(B#z zIF$FEFO*Y+TRzpJ&gcq>#gSfui#XCFgfqUlNc%jG32clXZf9d4mT!;Rhk6{(YBX|< z4H7azW-OlIbRMfHB=89w^tceOJ$9y`hqE`{JA(!h+s((m$SOCUSx=8@u;Tv2^wBVc z&FKjtwB)o9@P$S#!ZUFy0w+GjBd{Guc;IkeJPV8j%J}TQC$MlM-XL7WXnIVjJSsGw zuwWgV6sxKxf9y8as-%mDQ|t*n%yK_4fJzBGOyL$sV?&b*k%FTsXo#8HHJU1eOiz$u zq<|e~O@pExWO53UoBYxJWx~(2@LC-B9Lw(KW7%Dh;8Bcj-ljBUl-*+d5APSpEyaE~ zRT~Z5v`^Wzb|hK4ceK~rw00!9QqpSXZKY#G97+2R0>-=~cO1!}4i8l8AKj&glV=TAGK=F+rHcnafBJ4fp7oWafFjDJY0z*oYDgzcO2o23WPT+j*LTt zGA7=n#F1y<@2+?M$8)|JM{*zq#M;|9!X++6fQXy7HT{Q6HO$=#n74H~EG~|G!XR_r z_C-4`T8Sg0AW1Xz7UC&CT~>{UO4@lF>8j0`U}xBohu=0qr~pqq-`H;vhaNoNutN`J z;N;O19xB1V;VbcI=rPdCRe&i1Wh4tn~LR+P^hKl$u2@|bBE#`q^uH5kZ)alP^7mn|68^BXgK z{~X_Al>ggAdd}~k{SL%iKb7+&($U<~G*icD9q-y$ZLigxpFLZpjw6Uw99< zlr0O~Na=C@0vd*(%4wo|GsQX&jZadzJ_ly3@#9XeUx}3ki&gG8GG6EchR(yLvx4eS zz$|Jiii$Vud&6u)oNX0ynzN7s6jD=g1^gT`tfF7A6czvLN;)TzvqC3gT_YN`7kuwj zSbsg)l>dLYP}Rqs4bwiz)1)bFjS(>_1;y5~k&g6Xz>eCXEcEm)Z2T5Vpo`Bk* z<^O23olIPTL^evgVw6sn80~OT#0R$uqu`wkw*%yW&iMFh=>YsDn!`t6+)6t?D0UJV zxqtkK*U+dtu{R1iS3~fXocx*;)M^X$$vnF-2EJg8S1B@&!x#c1mQZ6Pdj~2JeSfIY znD{9N~yx%vy8(pPw}1VLsd;b zEZSC@>$V}N7xSUpYVP(p@<7TwW9=OD@W!_w!O)O8C(OOXeA znZ|W3aZ=8?imYl%Il_|iW=a)OW*XD5?@Y`-S&mGW<3W;Rk}XH7DF>bK{2W9+lpbocCJW z(1DUo4%i^C>0mIgmZ{GOilPbYSi(^#JThS(kG3r#tBoP1kT6r&_~BQ0U|=3BL5I3H zeGfY$gpl}UAsxObzO7??^b9$pJi%<5<&EY`$K}Rjh*+k{YXfCud2{Ys8z`kah|y@Q z8c*ub5fJUCr{HhKjN~RVOG9)&>2|IEB2&UebGc?7B;r^(YFIt*VX?pXSR{!<78;G2 z;2R!#-1P2N!cCg?LbYc!e8}UNsiGe%H}?C{9K%r1!n*+cBk)Ey*cW3M zN{S^xW|NPROz9j>O!0=pV34~Bn<`;1JG@?Y9Af2!=eXYA!e;Qu5?b_+H9#g3JlBms zTEQ=|@zhPAysc8Xt>|T7)2%dGq>#Q$Ih|_Pv1UkLriAo&kZ1`qLNac;fN6Wm`h6BK z7B&MIyMFmuhr>STcK$#xG>sE1;+c@~${vc}q$1)sIk6H=(#71Kwk#qPnOhd&f;6Si zGRnaW-vDyX&NGcgTm~lY2bsuB;~pI{#kk3hOffDeD1vkRfjWnn>rk7>tL2w>jgU?quAigS!}K3b9kP+?+9%j-jHZfJ zp8IRo245K_)&{d^5pe1^Kel4@qkLm#EG73(!P+1L{LMeMD*NRg8-lgLQ6TbI8)TZ- zkdMaK0B1s%Gw~OBmv}J8{~||o$R$i-jNt!OPkM_ zGt}{d+E2 zSsT>t>9`bqfOZM+GCM=5TYG;t)~4HFN>2MJE5aLPe-XE)4ctewJ#iFEsjpRIsjNnI z{cDw2|2iHesq0_;sS~^i-5LFhZKSmleV8@o;w3;hM;%tN>a10)69iXf6>GGU;Vpt; zoxO@hmuxRHjdsRW!`>ntZY|cwcDy3i$Lw7jKV&*YO$TRwIAwjq?$R7tkvVhzB&ikr#{6poJRqAX>bmH|HrUIh*>Myh0zpqa>vM>NZ8{ zD@+mglOlv50@Hp4TE$`R=TQ-Owu~WB%-sS|yt`n5y(d`^I@(ThIvSi}L6Fh+2N2-r zL<&w}wJ=mX^>wk=hEx3cN3ittx<3a~1oAmhhHl|N<}Mg>gGg*Ay(-ANKZ0hGfuus- z0}?D=AU2bjiy}A7!VVnX#$j!@=vK7E94(a?DbO&ogqlQ*&UnKa{j`t7zea3GF;^^x zgE@Cg5UqHX7&n+M49R#ui1{uOcA~7Qq~eYI>v^+?SZ;!eetD5A+P}J3>}%mSB$Zt{ zNk@{+#js-{l}B}V-9--jAIL*C@;vdr)10rk8b?}X`nk*+Q;BFQKHE?MhxZvz^tG9{ zwU{5^WKJtPT@>@@v!EFGQYjOVUoBu}?jt@+MXqdP%IRI6GXp zREtqLL&jzMg^gEW4)+XMLp#%^wZMz`5 zfiNZa@L?>#fHwG2lQI@~;Z%$TP6v_4Sb%9(B3}j(>OQKz!dQSAcf;rT?B|4>bab*Z z7T}aUq>I*g(B;(K#k;%)6TV}Xqq zkSD2Qfp7lAlT#YNHOjHTY6h9l2`ghuZhP=)y8|j|A9RcZ+Qq{oQv1~Q9=bus1RcZ zj4v-1n?~#p+NC*}|C^bEh`WCpCzL}py5-||Xq-@Q%r?2$zJ=GT{P)rsreXS~!tvOqE_QWP8}oi6 zGrx`Z8sFwwMDSgzxP>r#S+F;L@tkNt>~+Kh(EJ6iU5vh^4yj7mbNDUZ>+w|yzN00S zvzD2AOy*6$5CuR|bGOPoAq^75Zj~@}2pd=ZOl`{HYyLHOpcQ!A+-eerq$S*J=V7bK zVwj)4MAV%F*s2-uCa@_nj^7WSQoL%qb>Dm#-{)EPhv0qea3y88@fVQj;Y!L&@)zXe z21A55nazq++Humr9}=e5Kw+}%Emi(a82s+n$BKcahtorVh6wv}>^sxox!u5J%i2uB zrh})5m$|?;^(J*JZg?wNFl;9oo(E94at7q_h0cN;)yA3M|3R}NS{5H-ik;iT6gl_c zsyGB8wRNa?c^#pytYrPv_Hm z*S!3^dE&g_x1$}T#U^(r$C+n34m}WIlcq|*Spcw*{@JsUYc;FlRd=BjuwQ75hP+mx zr-v&k-4{B6vpzbQ_D?nN^#QxdKy-wJ*=b}UnJ)Qb_mK}8Sy|fElZTBT1hZZ~tQPQ27L61W1RHc(kbBL9Gp78340T^_=X1ypyvIqYoNtbk(jW!I z+S@e~F7e#o=`~S$8pL~l!~rmmj^t96eYuKPxm9nV9~O}91S#etf|$=Ge}Yf(5?%o?_lnH^fFP%|37VS%a3B@Fg<7>m@_2xG z6cbHR_BJe1Mfa0oW@i@+N{%z7s`^6GT){NFo=_Cp7TsSGyZ{0Of^7%{6Y&&~cR)}j z7I9S~5H!FRaZiOY=T({^G-)x4r)uKB?0_~7xM|O~Y3(==+&kJXHmw~8Ix?+i97yRc z;y^uh_{YERjsuO9{7p0B00Z7_aKwR6Mk5aRLF5q!m}Um@;hlCIxc4K(0cQNwIcgl> zq~Cr};sB>?2FM);I3wq0R~$$kK@RR62a-77i~}i<0%GlL9N-eqLO_g*0}o&~KT1{N zK;?IFao`>XnQ@@_LoWI+=F21DZHeQ+r#G5$ApBOsIPmIU4UOl|3m)U2w35LS`$GfF+GD#w}nCZ!%+Rq9M#ja0dkmBFiE zbZP|Nyr<8T)C9gnuMomvM0iq|{Q)hbf7vF4Q*d^*YwC~dWWH|S)T1ir4TlIb2zdM^!K|8amrL9G=_~EZBH61mMeawGR?Oxj8frNXf`{IiWAAjXrPOMFFM;i z`dRx3%A?S1eby3Ni{7NtVnyI@Ve_jqUZq6z(DfD}l@CHZPUvOBQWONfqbgW6ooNFy z9RPgb$j)-olCF4dgHGb&0R=izJir?&p9RYm8Z-bb&f;6g!N`~fKL6 z7gZW+X;T`>OBSLpxH@MoG}^03ffDA{IQzt!#=jov)d!0!>wm^~41C}qh63HUaR;U$ zE~o=C+6pO*jeY1O`hsdC;OH^>u@;oRIa3S=56Q8tJ-8DMgT)0@Dhi*9 zpM5yk-{(t8GA{U`BRH%gQY?p)P)5-(9OQ3)!S+NrOucc9kYjBrHQcUJm?saQy%N|w z$R!)kcRhgiZGc772qpO;JDE;<%;A!j@Q+ED3j}SD5Hiq@@c;~m4HA@sZ`{J3*1VEx zD3gYH*5<|cgOUG=CV?Z-J}C@*T$sJXT*#~mY)PsKybYJ!yMcN!j%DL>q4NsYX2PvG844p0NShy!wP;G93`imEH!=_`-QxFuYuk5qLQ7 z?fv|7*5C^2LRE+Ci?@>hWfx+9c_B^-3>4O6B>_VT+ahPQ)fYU6_8Zr5D6Ke?uqQY<^Moz`}g#@rtQ;p=*z;3=DU+?9Z~(O0wteVlI4@d^qz*-V7pZs}Sa|6ovHg#YM`plncAF+)Z?mrZ#wvXh*WqvS`GtjPx;2KieE zts38h5twRVB1;IEKEn=M!jEv}$ zfgWlLezD^|@Ckm?kdaOqDMf*_NZURm=~T`-u?YABzwTyS`USTj;)=ec!k9jononKP z1O#*Op8l6#A!P}v!krpTDbcC%kBQg>1ZrO7@QV?~#kpL0+hxYk?b`*E2BDs=&j5AR_ z#xvzc4f1LVqDX_ggZbOU{2FGCI*b&Q6E8d>#}MMxwrt8(TwWb*=&UU$BSK29Em&w> z0v#+`MTEvYNQLK`*TPm)p=;H<#JxRn7o<>};x*-=tWqwEyH$5_<3({)hM-{-iXj@K zuP7$DX@pQEsp({}6Z(puNI?lP&#z=Dar9}iIEc2kKV&HqnSuhxyjrM{7HTD;1x}8b%zxb_W>DV!aH!NZkY-QwcNmpE1f;)GWymbs$<51!toFLP>6a=UpA~)_u-C3=lirGcQq*5`p1w?JNeo^8; zq@cvHni4M)B~md~>nEC`RYYU-6UDF-kXkw?$ROtVl`JUN7!_l@-WReI6>z3fV*EQoK?pR;+}v|qljg^6Ogry6WQTPuJ7Db5e_;u9ahzX%7~IR#c=A2Kigw1Ud2&ps@j}s z;(Yd@0P-m4k{rdX0T{yPz0`R)M_+->93@MPTabs-<6A=mU^HfZ4|PwG8f8JJ z{tp<1w_uW8VwLDVjZ6%WDGj z@x}N1vAp>}dwu|N3}iB2Nxh@POnyU^+HKJS%2@wvY6X5;d({^P9%MLebVUD*zdnM~ z1;hDjeM@R&!}?!SB+Y`Fz{1j+z@qzwB|661fi=W9Ih^+q-s-_I;JBOLKAiV4Rs~qZ zg0qP=)F}P`n0piOsERCXxD$v(K|7!#0!kE>fTAdZAgBRpXb?sOaY0eW1#xgeO$28Q zc5GVGwv8Dj$c&&-XOvOVs3b5M(+LPkT!||TqGnugPoqXajT?OLd+IKAZ#szc{NM9` zJP+wxRj1BYr}k4-kXTCky;o@j)5@{h!!#6{Vf=Addv*lR9W{zp=A}mQzfh%I6&!#x z?Y#`n7LrTQ#Nuo=ahC+{I3SC`gVi$o*!FBifSKv<-H08Fk~zu+)rkGCUBQ z_L`jmmkLiSh3_lv1FsIyFz~X&+gOQdo`{PrzzJ$gz$YVXCHf^I$w!84iol`3kz*Ul@C;Ti(8eisVv%QO-P? z!ZeswU_(X@B*qG9|E4qc+~M=x;fG4Fz{#uIc`6ylOl2__u_FSFMOn$C(RNBPFXXII ztZ?BM_%aD;7XM7`PE4F+DcM;A*3CE$09p--#{YjyafL08;eRt80FiF zOO5(pP~4=Wh$(mS;tg!fwRHl6I&|8078BZbvsE`&5V=$(mnNBe$@{X7h>5aPIwCZF zF9Q=jKde>naJ~?AJs1;1iAjxHi!`hRs+L<&zXmricgx+q zl`Z!~VCBE$-%%m4uz=&S#_dv<`Rat4!kQYND&~tpGl>i5&{Z)k|OTNPXlyz@Q_Uf}j2B zBUAB%=6m@%WB(F4zoNeJN<>Ly8q(@zEwsEoaxnt;rRFL$BNUn}zQw0ER)WrqwA(9% zcG^O#$r8LmCZ{BF0no}f=v}D3ON6A7Dkm5(n~Z2QaFh)zK6j#Z+w8P%fw0-M%}27; zw287*)3!Wa)AsguF+o{ZJ{t`e;Z+l+zSxBE%NRg=)ZZ$RhZ0#je6Iwns5CXy(7mAe zf@AexLlF~17=E!zYBh9=tA>guoDHzpq#kMytYp%=wy(#&)z9<;Fym|bXV?zRbPR4Z z<_z#UhIPdnI&X}MC}^?@!!vAjRQlHxR-rX2HA)6H69N zv+Wpz%R;M+_lC(~73p}X&ffh+omjrC493bBt({c4aAzkDSW1m*U{4MNO>F03Jj17C zphLc9T4IDYa^26o1TF>_1!jmMLv)3(+F7za=PSUy4LO})Kq+2=T4hXBoUl0qo<`%o zJe?Cp*Y1C+wafPU4wI8XK&%z^GngLmz){fL4vJMyMn>ay85YU)xZraU@Eb;Mij}NM zE`4#e^Xl+QlD^!ksZZ{pnVb7TZz5h@aA(Q3>M2{clN5P6i<3x+@yq%&%DCOhup8wY zDq7?#I2YiJ#zXxmb6qrYD!3M{3_Z;}e>1Hz7H4d2=1@xsjo+9`I35T!CHzB-My_fv zG5o93aPZ@kHp{mw;0j?k|DTx8abeG;5R~7`$l&St?prGzU#YPQX(>NC;woG;^}JcA zrn-V=0sK@)V0lFgX8JA`w;?8s^?8uRIM8{1%G{KD;S*IjoLjnhQH3+HPaAeR2sUC#9s$!r<8m_-t(@UNMM!ceUY zT;7d&-|e*oUV$^Y#~_NU93GxRvM8*x-A1LbekfN4zxyM04@A$XRyf1ORsmfL`x1R- zzm}EG9{o+*V$R>uY}5bBJf4bOSG%F_BCU|PR5Th@VH|{HmDDL-a`Eua^9RH9P-ESlHS_k6}XXg$k~8TeMMr&LZC3M8NDn8~Xn;c)i z`TJu*Oz%zJ8B9FQk9P*Y8>wn+&d6%&QLEHxI$ez73eZesw9^*N^6h+cR=B&zw6^ zXcArA01sd;aBKvN8$8;Ysj8?E%wj@NwWhz# zy(-Jt`I>B}v!@1?wZ=(@a64VSHH#~K($O_mnH7OEV6`Xq+o)z3MT%;UMfINtJ5+x! zRNa-K5F|xqBdIdS!E56e9Jb(L%GuDh$%|3{4MkFefogoiV+W~te*%A#^)ww8Tvm=! zS{-741N#{n*%?OSRZ$wVg4wmkkKKfQVZ6A(W4ix*+EiB-6TsNq-$v2r>yTwkR1}$2 zD3;h1w;0QA<^g*&nC2X5^#tA$_>So1DrPYExSkQ;qZ)E;JgUA~0LD`FO%pKg#&;~j zT&BL3!ZI-ky+{bJkRKD><;)h9D7h8T4I)%V?iECcAHG)*;pw}tZ9?eZNya!7_5klY zGF7~Rt%26R&t)I&Uz0U|YFEBc((JFwx)GlxfsZ*As~!n~R6Cmc6bdGe8wwuyhxu{Y zllV{%#I>MecUf={(wh@gV01<%fpBNC#Pc=27K{U0VpFoi|Lqc$=LVVNE5tjrftH5+ zY`T=8s9KCDGe*~8^w&%V#^Z_lX+W5mi9f31KOl@0mTDV6+du7Oc`_GopQ)O=R=9Sf zEXyIaCdG8}thTbN={u@q8-v)yjjSv;k@;^)AsT6>!ooHD!L;>f;ZQj}n}(3DSiH=baK}k8i486by_nSk^m&EdteE%$^=yLu8Qe# zU~h=h!&&G)=2P2H5QDmydNGZHTNw8Ind?*F}pcJ+O zD@uVORSJBP*Jyo|r4ScTy~g;N_!Nq$A@UmY<6lFh(flf|VVqSI{B{=wW1<2rMWKMT zq97i-C_)HS2OyDFdq#_}l}yr#Vo9?U1$i~f9}~5TYR-4+LwNg4RT+w!s(C-3Y8G~i zs){PKsAd(_l(>Mp{217j{$?{6CV4!%fQ9;%(A-@>g!XbJTEGfrqnWf_I=o$rjP+x( zp7kZ}Lq?5P<0J5js{^&DcM+wzTh=3(c*33Qd6la|%k?m$_&~!mC@E(YnTM4)YZM9Z zOLIqs^K7gMVN&}M?mDjzB)Zf`o`r$H9PFq7?NC{!4~Yq<~tLOAagc z=SXS`=ng_qYXfe9m2gAAAIX%`i9AnA>(_k@_teM>_>OnX#MM1Og-vVx_1)GfEWu8= zvj^dIKXkB=z6gU!yoNuj_dQ$;Q9PG4o0;0c};6W zwxM&rz*4ki`Nqytkv2;vv(V|L2k2pCNPbZK2pPR=W#q@G)NEp9WG6(XMw&E6ttF9v z{)j)-Qm(sga--6cyZ?R67{p7QW@l6(>3y32&vh_TeMx*VdI{M8)lNoZG_t z(!0XV9neh;Nt=yNtgCEu>aJ3G3h_#PL!gDDGH%AV;1`pi7N;kzKm?m`ju)MCXx4*G zS~~|g?SPhq8k?{ufz5ehhd+?|c@Y7Gq`ou+crp;7P#^hO*js)|ROp@~B~+?HOH^o? z3N2SZ;hB}Y}c{)*>eW}6!Ln9UB$U*s?cijdLHt}LyqQY z4S1C@ZT`VKg8l(=YGa4LYh*U!_*A+&#_=X5_OcZc{x~DJe-k0=cKCA|cla;D|E_UD z&+>Q6>OUUy2Y)vS@9mdAsq0q>dU~%5{2-u!Ot;P+gm$0r*lDa1w1m}Yg{cZTXP^vD5yS2=#Nt**FzNFvtut zHK<|1`U;MRV-4>3$8mbhY@zTXV^q{Ux|HbFWVPOxJcM=3OEA}sO?xq8J@+)1akAB6 z5)Rlk#|k%O)Z+kShd^U|?I5f|bE^etI|Np%j;X0bV69rS9v{V7hUkxpTwtCU-K@HX z-79wPkuUomaGdSZMh)g6fCR0u_A2}_o<#PYF>m4jQ*d#K=i z1aaLFOvgrYw0)BDLN}7kHb}6OTzQejN-Pa7XD_+48&?%t9b}#_nQMr{_&Z$stW$p2 zciM*OE7(uo1IWZ=l#s4@j-X+9_FZU=a|p9SKV<}Ar4(l4j9q~ zBcJ~jr3@D>a;p+!+0_PeCJuVjGR*Z4N(afD8mEV(#kbVK7YlZ@=;Z>JhVZ7e2w!?9 z9fJWKA!@%8V5}QqZd!ylr$xByFSf+7Ag8sWk=bs9n@BZY=@I#;v%G9oEI2+RmV^2Z_(et84od?F z>WCC_EWab}1h)dyo{stYH}T}JJU9|)FKXl-V zaij&`sXXjn>}fVV2f#J zbt>=*g|8qt$a|eW5&dG{W-C6N+VeXw*$^=Rufz*f#C#(p?7z#9!GBGN3d+TIf*{6^ z53uB?Vc~jxHk`7_MYoLgP$c0JuS3VGt$b@4;c(6runLY6#tL%at%FtM=qtu$JS-bu z!F*`zS0IjlOH`Th8#jA7$a8iQVd!Hg!}6d#(OjXUfPmtvzW(MEzDuq_f_TLM`U zJ%GZv2Gn8B>KerYE~w(Ou2X#*U7l!ikH=9@!$JrU~ zMFt#ca8sXP!f6CWUrNS2JM$Ew=3Vdk+Z$~3q}s~hZv(Ex*^dOj{W^~Mh<5dv_@zPtw|Y>Cl96M+zMWVklm!jq+50-Lh5d<;_b8P`DO0WIjbum z(Y&u)bfq2kzD38?{9JIT+NmjG3vd^;Pn_nEeN45pPQ&07~_E?CB zF1nZFJ0_`7;Xhe`)k1VeA}5BxiP^ACtxrDuHT22l?zk+(X@j)yUhU*VXZ#`L!wTG* zGJe2fnnq0S=nt12O!VkrtOQ->{xxH=vvFpB8*|{e5=>lMlNOS!6s|tTj-4j4B498+*B(JK zn{n-8Hh%0dSrJs%>G$7zHv(qYxy)bnVixHb1EDC4{jt5Wf)q?bMtxkhfDZf;fls_; zH$QKKgVgb!e2dL|s+u~$k1KY`6WXI|Y3A>`4P*PuY_}@OMC}l8s=Af;B-ShZMfX|) zvc@X``?MqAL{Ls6;Ai*zs(?E{rHz2A%zRz}Hv$+2rwjOBw}72B0nr_vAqJ$ zvr9177O-zS0?q;DGy-<~bpgAk6Y#Z|QjAx?Pr;H$K;PT0>OMe3@s{8rX$4#gJ5eS| zlU5~oS~~*X4a#W*>}xW*7ZV+XoNY=lb$5CJJG2$>P`7~N8ypjLN^me@Lp6n19l@^0 zO=?6v6INV(6(mztcqPihzb4Ms2xTpa#{+dDAAgjc-zD{?l1W+vx}{!>!-H+Q!uFPi zZ9K7EZetsk7Teuvv2`(d1OFCpR}9-=zRBYkliRYN;Gz>LJOqN2!3L>Mhd!ot>@gN{lH>uP|kB$%iEV?T*butffS!^q+*mK_{h}PX2>@T6vX-DSI`% zbpuy$&WA}rOzh&w6$v9G!oRo|wuA8+01`2=j4j-_jM(9|!3fjD91ikm@;GUa#8_PN zC=luOz6USWyUEZ2?^x#ez0?seL*u~^ngAleis8Nze=52c;=Msq5kJ-@{>QY$UwcU- zZgY|R4Bf2Pa2^4u*Iwd`8w?tnf!&5UJb%GzS&MpWR>dn3+pgMK6#Fdsb0vF`Je}G@ zR25#`fPytP-&(IpzR$!@-5c?AYVVMi_%xk(@+&pi@-#>e3 z7Ab+m7|wo&h*_xXL!oH|cOmFsBeBuQ1_Z)2{G01vv`Q?I0WO3rdyfktv%)pZ;43^B zwVm9fMF`?2xfsBRq7-ISY5@oCTKEQpDUX$Y8Nw9G3jYpa%3y`hM3~}P;S&+2Wy20Gj*92-`|dJX8c$y{$xA8 zk@37&W+vEA47cMe7~kEBXE`hU%MhO!4KPjA?FrTfRrj54?mfgpx;PY2XLN*N)Rjbb zKs?0pC*16hMqU)5`8TrwvpV_UJz)IEC^$UHr4beCP!Lcb9Sbf_6@ag1fK*=yMzp24 zpB94Yo2|sF-H9JEahjEQtvhiY6ETxeXm4;Q{*8&81Pe{-LZi6|iHVz#K~u>4HKGuL zYq1*<8&mT-%>lC4hv`h?oOo>&)K&Ovh zc<0`jt@{;bC4JwSJ&er$&CTqb7aaq1Mz_->*30bX;=M83_$$mx`o1&!2WTcy?PfOd zFNayDwyZ>Kg5yoiV3r^byJH-YYMuN7iIovmNn|t2wN1maGbF<{J#iD5NPL1ns>t7j z7OX1kXsoY7{Wb`eMBW4H#CA9DnTjJOX&h~@mYV(!vZ<$5k3=0;AsjC$#PKmR)DfY~ z)VQ_`j|Rh5Y$p1H#1Z(TIPI5~)7v~G{R`#x**2O;-T_UliEIUHxV!(_x+q$dbw&=V zN|t|33sSZqWlqyoYF9fWYevoF`#41p$b7+pXU9RQgx-oPbixZ+qV z(Cq230^NeUiH(wJUs(Px^xPItZ5*Bxp99Qal4Cei7oTo@L%aoVDBBz2I{2XkHyvr* z*#^O5k=`LrR=A*ti<*4}N7No;@1!5NhKsAs>PFFI13V_`12{=sHDhy-&na#@jWfKu z;W$A3DAIrqD0zIF2dD+aJlleUP}ZeA=JS%q`PXq*P?0=3QN9_?-(i!jBeP}LXLsnH zD|Bl~w-$8kj9VSLeH7g~hpvEFbg>;+RN*V^n|R7i;8YOM)cPeFLU6c}1rNon1eFTo znX`2cpK~MFS*dfl3i;~;PmseWkawlAYzRj?qM4hCoA3SDnh_9-L(GHm{>wK4J*0nkZoc5@j>02^hHwGL{SYP><@ za?!m7gI&OmvN^9_fegl?0v(O#0up0B{>Y|L@O$;#g#{<*^Rs|g?ngrVMck=Nbi`pJ zlg>#B;D5%PQD-7oZ`XW8-+J{RX(Ctjq#E7WB_QuTK5kyF@{;6n9iZNT0)TvMW`T_^ za8TJ6%rN-e=qwd9l($fJuy`F$$)cxcf}A|6G;;ui4Q9rkCT!zeg;c1zLGB9yYbe7S z!Wl;m_TdJ)g5e;j@=4QXroyttCU|sD-Jcb&Bqk(JX6Eca;<5+~WyJMe$_C(j-?|2s@(;70?}P;T@qt>SfqiLlBIs1g>PAHR&%i(PtD8)0)2l6>R?Cx=0K95E;(VVp7XB)d{87^_m7A*WJTkV?GrMIlzhkTDp~GNV#6N>yt4vMRM` zNap4&epYHGYn566u#bvZNGd<}#GHCf3`4o8Dt$ck3gV2_jJ0SLbPWIUZ&3yz_T{uO zW6#ZmjWgD(GJnCCxG>mVmm{aPs@fp5j5vF3f2Y-{#W8*V1(`}niJ`H;6ktnlf#4`xF#SJ;0kZU5R0Mb3W8AM>;R##2wjkqALF{LW8L9MAiQ&P&5lFbvW z_0q)EOvX>O&u-f0-o)bI743Vfe`FgVg)|+psJ3H(Io#YO+}fqEhY6JE3m#Od4?#($ z&d|X+I$)>SULksaTJcsKy)T8dxq)>4ZN{FnfH3p0MBXldMD3v)K!Tei@@ zEt{WT=Vmj{2L2fgwY9m=p;nu|t1u_oIoBhn#-+P3FS5ZNBv_il3=3hGGV?uL&bN_V zke17Qol7Z9_-C(Zf@zx)8DGs&awnX^?M!}-^T5?xa86-=B9`UiuiS*PszkZXUzGrR z3%eY~5vm!Bvi3PMuADL#tARCxJN5o2tMC2*Bx#@rjx8 zUBf)8Mg62L>T;q+lZe6FWMEB{*pgJW1-``rK99f^HgL2p@K^_U3W2xSz?ZfKKHLV5 zPX(}C=<{}SblsajfHB4-d>>c^c|_anTW8x+oKN6EHgJm=kxQGa9N=jLzQ_iC3BaM6 zOAzTRV0F@4#d&6~M92nTBDlTfw*a;QrY{7RXxTl`eYl2yGYU>KKe(I47?faYs`|_< zI3*Rdy0CJaz+ezaO|s%w+wr{^Kg5cE)sFAL_#;f>R`P%B|W4oqSL@e&FgyZq@NKlUsHC=wNQuu{BE^Yg3v8N~x!FXHx@pgO`<0(D4v(TMqCx0#`=92!gS#IfP+ra-6V6XI#&6c9Q zNQxHwT_{@q^%X#9eqyp14B50&uNs*4mg$A7jP``3Op{U+mkBVYmRtH2vX@24otW+ z%;lqBrI$AMsBAMk$$L858CRKwg83SSQL~stuaB&%be&YP6?!M$-^n8w%{)WxJj2@N z`Swba&R&%}7s~ao$w{1Nqxw>;yprU#F6pdt8QjwhupXGgdSLpplie;A;_gS5} z98{~))#{vRKn=IGp6(B{TbFuZPHbHhvu!rVDmFbm=dy>T=Opvm{GliC!FY#(FSXNl zk{#ks+fjCiJ8cKsp=^Y*k~=t8ybp9WZJZ1;HW&wo7sJ`_OrXbPX(WDdju%A)=jC=1WcWD*cs*(n&KB#$XfYMRX)SS`p9Rcj7HJ@t?%H zyu>G^CB6w(WfOjm4$CmGYzwA~!2Dw~Wj;)X%oR=ir`-F?CDBRQm0OLNvrjlPovSw~4 z{nZuBMG*T|AJsa~uOEo0AdUqZ!PTTyq@G+hx>Tx=kz8X&%M#DGCXjI{9>CS;H2lTH za%z<;{#nFpVC4uVE`}PkM*1GfT8LZq>L#e-!z1FNb+tVkK^MC!WGYTApzCnLF`NCLV=FPAFtO6=K3^ z$ajcARWi4xtuf0mDm1=y|MGYNRTBfY6@YU`738t)@uvhUQFXOm`KE{8{=J5$y2~d;%ES9<$k7cC+{9nViChE9>J%ZRo#0?oIWK61mIjcYR+fBT;Af-O?HTY%6%wKAA zMCk@V_`}msl3L3$RtS3Qd*gI4Ze^BnUI#VK>wwd#MlfE|#PZtYy|0}#cVe|ST@wegiAf4Cb61Wv;O8w^k zbk=ao#ili^Dg97upH|zHrU<1KY@bZk8U71Nd}N2}HB_K;9Jn7q6aPY-W~hG>s$QjD zt$3LWGpN1+g`&0`zPN~ZYf90ESHES)zR6f=YC_w=p{loB17z+*gU#qaEJ> zXmk^Kl#oIsDMY#_-g5&K0|18?KXAv+L9C|YOWnaq2qr#f4rgdPoN>RnP4z0}vu(BH- z#(E22VmAzIMgVrhPpy!a5M8qyUC2gvl%SKberPQNnT51TA8>U00=Rpaf$j`&*w2*S z2!IejHA2UeP#%)BxWjBhN85b!5SYz3118`6)Us}i0^LkEx<X1Z%wO+R#ErOd|fXuEkf%x*}+aake0b6pGcrKv#B>GS{+2`j}%P-BpQ)d^){;}vFlTPgVS>ExeKaoauY})t}TJ< zEdsTrKWhYhNsGY5v;-a^fouS2V&0vWKo^U^n$q1Gfnhd*6am^ua0UtFy9xA9OW>(< zY!&rX&mpjHPt3Im+?|%dwg?E!cN1ttTw4`Qa0ujT1RNFhPfOrWB(Ty=;F`1qk`rtR zj@Ae`GtowJ&_+c)flRA~o!!Bo7lQm2H+h3`U%KPoK^%=UnB^mFY@DOnO=SPqRkY6v zkR-u@+ga)1y)?rBDm9CNkqDsq;b$$K@s*LzCEa{C%1b>ctwpCgWSwiFWWYqpPYvY} zL^Yh7tAvf3jc2Fwuz3-fYLbnKoOI zJKGp!vnl=i$+TG}xU+P1^P7oaVwhV)Ulk*6wmWVs;xv9=bq8N`2Uod+4>8yg&A8DF z_kFY0$d*K>nby&$Kf1HbL9ijR5Sl{0fQU6Ts%qj;Ye1ijWh)@27AqqdTB1StN#}5n zOx_!%GWX9g=3kAiws!7A!_C@2W<2t=<9nZ5yPwVM>mi7t2pXI3?&3?zQO#H-nGA;O zvo&jbl%R^y;`trF$HBFEc-2IBHI^f5YN{p1WZWAi665wao*dyekFyUX{LDcH&py!I z$d7W3?f=*tc8ED0hMz+bxKE$MX3vO;)y#+UjkG_q}m)nu9s1JPZOHiY=`HcQ{ zI^Kd4fcHnc-hzAYW4r}-7&5i<7M$c+gmf4x->;J6CdSeL4krlW9jkY0Z^21ahZ)*i za1!%6fV^+PNy6;kJ8!{ZwBa+lKEvv1z6JLkVmxob?Jw!(TW~qx0&MN;TW~`0cQezx z1^3`8p{h0^QN)I^@!~db!7Uab^DVftF+%!R-h!JA0rvhDTyk?JDkltY=63YNd`~Ny zY2D*)+a*kHUHfoTgT>pIfsl3f2sgg-xSJ|0c?a_Zh_uDHIh(IUwN&SVlJ@9W_;ysT zKnUlc_9XkkV34($4prnO=DeY1+!B_9l#Mv|+2||82p%Z=D3sbY(?c|D|Hc3pU`@uY zo#YA1y81vZdZrn*h^#Y)A8Ef4{0{-d&E57vP60uXXTWebC=ZQ(eX6_>{EP&4Ay5)n z1urm!&2DZ1RD}0N_}oYVUfo=Ya{ZF<`fJ`96yTr#}<< z_%N;>%A=$U!$k{y1>=Om3`Ic>ppnAc`{@)IU7Kk?_xs@=ap-KuLLqV{h(u?EQbmHM zyF#Om(E-gpE;Nj;-EXMX#XSHt@`C0}#G_@GA2R;m!7N-Aj;V*!UKqt@9cgbcEiQ*X z&qB)%`5+LEz=i0zfiE<{r99=yHdK6Vt*~vsZu5pxT8$y^rfHK;crtC9tW^!k`@=hS zUZ+iN`Nuxxt#R@?ZSrc#TPjkdXXhz4mHre zu0f`D+E>ZbZ-l3P9f}6GRuJF!tlqv#)MFQF?W@FG4LZl$G(^O09k6 zgR!3W^&gUMwyzau{igO+D1L>G#yWu?-rhrl*RYVGUQ=eKEJPgJCvQO3>25Jmb| z+E@CM?7e-BzGb$r`8(|Pl}3cOHnXdP$gT!+-BD=X(EzOUoPEo^Wu%sSvWz97g)Q34 z8)$J_oHmu8Y}gvy&-?I*KPvEpPviJ!U^7mRVWg%msl|sc@g)A#HlpoTbF_;lqaZmC zw4VY#hF1er_xRG)y8r!Fw(b?E?t7A-0Yf{S7-dD$y4Rr%tg~A8uHb|RyNrxYsZ`u{Ets?@p2v>I@0jk@MeXeK`m7p=}NWUtj| zY#83k@kMuZl4z-+Rkj{SK@xzaavJcM1^)4_V)?*R59lv&qp{frjXIybV>5k(wX^5u zOUg#JT^XRqa9wr~TeZNJZUhg4?h(8?GMkZkP=@i`#d{mZ6Qi-UoWpqasOFeN9?J-I z&n(J}LY^q*6G@}~nF)lW)@HEiS?bkN^k3skEBYC~Q$>$~<5)b>2>jt1{`D0efHz0+ zkq>ytGE+{7U|6MW{1h}o!FYtRNX)^{ZxGby%g8VqFWQ@+#Atl;up{UdmQc*xMySJ} z08OZpNlFQFj?d)J_@xL0RiPN);5#O%xWo)D*~tMtMM}CL!Z5ZNb5Fx415S)|IGjTF zvS>Z*lHGd{hJ>H$3!!&byht`!Rqx&d5&FSl{4ukB^9Zv_RC2-LHVNb3j1Si^D=Uc7 zpmB-D;ko#35Z+J*dy;n}bA99^u#-_Qrt4}WUW*`7}eeel?gyCc`#ar z3ltf_B9Qt4)Kn@qTqCUd7pjqkpb8DcV(3MX4XMJtf8hj%Vj>Gt;SfDsA|$g>I%Fpt zSyux+R$%a#MB%uNuMrYkG)#qpS8kaY`#b4b;U?f@*q<1gX$(Jg=bq6e9s9y~nHN{7 zR|jK4A#n+XeHmo%d=lCVc(37+0$rBFdiZ?Q)}t7?sKW3idv%9=CW2W+P@)j@2+Etk zBAT&!=*~SQXXhlZRg+mVlen3{mnh&f6SpFy)#4F1u~v!}wb)}3t4(aXBbe;2p}d_a zvlU8QhoETp0BxN22FY*@|6X+~o}i;4!S(h~@;=Q_iYgi1H7U1enbO3Fts3frIwo7# zUIBK64X)YrWgQ`?=XFJJydAtbGi4L`5vTceBHfZ#(y7KIvXn%oDIy~+B3Ii)iiKsC zwZrv4JO~d?cGD1+6JbY%(AL2rHbSL?Ob6Q~9&CpsH;9*(GKnXNt!l97z{XY&?7BuZ zYzKO<9h$sV!?v2(W_z&B_h8F#c&n8=%ANA*p5)temg+VTTTg|}Wo=`DvE=N-l0V6c zixT8@0)KgmTaaInxg9~qcu4n1uF|k=Cbow?*q-%Z(**erV=LVT4o_aLVf&QW&hudV zy$747CE;@K93bs ztIixR#FbLNC#hv8yOp{Uq;;igYWNzjbL*IUCockKt311X1#A-(wi_(Qr+ct%H=tH>_K@V`8t~l&UX})Ug8(0$yiEgMLEt%Q zfFBUxzR8Ii@bd&dQvuuU&hG%I7ldY6Wq2J{FV8HjchHkwVdcKR$u$r#(A(E zo2<~Vy-sY8Dr_!&z5#wq&OR;~)_^}GaG{5E1c2=b@*3Z>)9kZfa)^fQD`M-HhV)b+ zotKnRjw$sX0{=L$ZMh#O!2Of&%V1Age$TG~{JH|R75)JzwZrEz9zF*o;~KV;iR}&# zwtL&h_TGVRsgF;drC}RKY$toLjcOlTi3i&W$#2l_TgGrPv3+ua+Zc8NdpnYz?!h)N z`Iv_7W@0PzVEcRf*tYXtBdvT-O!Azk#al74jZ@g{(ZGc^wsfO`2R#T+N_Nx`E+xY6 zj&}>YpN-IJKJ5l`k_X$MWED;6rGmKfmH+Z({HOWMiliw^Z* z8=738VKazruEKUSl*!?KHIAZ~bIIe7f-_FfAU28ZA6wnKm~D8w*}m@YWXsXA`C5=I z)5Ci=5AT{LE|x>TPM3IEa{Ug6i5y~E4N@2d+YQ48VAnOFVe9O{c4o3b!`6@3W_hsP z+CH`#Zp&-cWmxh!4clO1>*2wc*FLrzJ=lgPw|wJB8YH$?@X!&zlF4L+Ehtnrsi%%c_NaTew&?PLB+I?Newg`0m-xOd@zvBmXZ;{Lp^ z$UfM@{T*movb!1VuDPVSG2HyM zLVm7>{8Azx4qd(*TS}kKAgjg2^%s zc_EQ6Qpjzic%XgcAIcW7t`?`24JJoum=_WAKo90K+Q+=m!93n;ZsU{x`LCmpa$<)4zq1;yrV^(R54HVwET1owHF%gX-2o~BTZtil$aVUf$UIUfmf)~3K%`gNJx7N_G|Z3=KJ zCs`;;x3`-nV@&oNc44?XWQ;y*Z@VzWXw13G*@Zc))?xC2>A#}hFWoxXIaqEo;T5dm z)(jj4z%v=ZUlKVNf4RF8ITareRj8hOm543-KxeCO+59>U-!XwyJ2$CYFdCID7klSL z^81-b?YyLT0lXVT&~CqSZy-YLWd{Vk1#uV#>^3GFGjLhpX5b~GF12@i=j!{lvcniJ zs;lmU!ZIfJ-npkf@Da)q+naoj7CWhkhhd`t8~BA=yPxe8#Li{H&kFJ|2#LcA??x}U z90?W1jVtI$5-1NA7nRGZ_#s;MhQM+dgfBJ1Uln*Z-en_Ef?9d-?OfI#jzIuj9_*YM zjAnqm?EM1Z+1=Tx5@aTPEU?`1xEQ2M(-3GT0QN@lmy&d<4}9ng6@A!g-i<)p4D>C* zqt=7=M;2|IR({(k348z`U*X|!o%sMl7>TZsPVGByKN7ACz2FCf1Tu%j?snoPB!au< z;JQ3)rUpLR&A%V+_N8JDhq*R~;i48Fo~}3*NLq}mdLe5EY?I^m?I_d>75fvzjMtA~ zdsdLcaJ}fp2=2*FH9PoR5(lG`nvIir$^;It<~A>RtmZA=Y8&);U^G*Ti{4?0+;K6m zZwcZN-0*r3n$!Zz<~`l@!45bcfIazOER(0OSyI*fv!{s=S2mHU(8$aK3Ui!reaB2+ ziedwG>LFl*mIKYPY47mKaFihe;bFcz_HPLA5V(&!*Gg5a3W|n zX7VHn1X66m{4BPdElv34iK|zahQMoBRNj+}0H+0y%hdnLNMr=hl*cFA*RqpXfLkAk znjT--8pNI^6IBYW9lhQxpgb2)6i;_sDQ&V-!dT$7V0gnY+e=9I3i3E*7=50zJ$rn% zw`F%6Bd}|0j#v*J=Dc}7sj%}pUO`*oWWNu2pK$UzUO^ApdDHj=U3!)B2`Z)YPh)p6 zQqAYGoYBQ6!zV}pt~uQ06EvaAB%kpZGPUCqBzX=#3>AW^wR|p*Mr%|nh!@0kpCF04 zcd+IYBrz8Q$m(P@U+(mL$qnC#HqppBnT zec)X*%1x?DLUFbWk8;%fONltkRR0a_s^+M)$m`B?hKAx^pr{Y5K}S}&2H&x-=%3Lrj9nI2NfnZNlDkMB(|`V!PH8dDOlJ_Um@C4rExa=mR_<}NM4v5_q}e26GjIlC zwix$e5GO9D(>B*;*DOM$nbtjn;MQjL~8)RRjcvv zlXf5C^gl~+`XEgo;>~-dlh^5grte$ceokJe|2fjmo2LKia+&IX>e$f)v6hZHr1d{d zjLtY7{f_{A(aqKWywVN*PhVter~i>W_ahwz>-0a59*X`)5bs{7_dgQlAE@;|67z2W zdHWwpC_uL;ukI9%s+Iodhy{D^e-4#&v;XN0F2L5l_CG>#Iyx3rg4CqxllnxFP}TaM zH~Y8gfBq^!rqBN)hY0Ck>3`<@YX9@?6ITDTYp?y!>+QqQt8ohm>BB_lH7Y|j-t2?; znXV6Nst>%*_N*E8)^z$j3E)je?>klJa}oMRt@D{N5!EYl44WPNOZJpCW_a;$?8i3k z4PZ(~)Hrjh^gnCSn6C8|4iE~}#j5jg+)90JKPSx-gQP|>r#!Xs<5=2|V(R2xRRk{rO) z2cDrWO-9+b@sxsx(U(F>Y^QJA-^L_5t;caDWUEu%+ug@m-P`Nz-kuR9L*Ww+ZiT{e z2m#+G$oJEsqNlIAwQnNC5<`z*PSl>7V5vd)LMNZhQKzWgDh{12yF8&egjJlp`zEN zi`=Gqn>u63u{5Vm7EP;*M1-i*-9T6e3g? zxeTb68H>@Wc1ePe#(R=oL+3X^hNEhi~TB4Y?F_i#Qi802+lnqR(i`-;( zktL{V%cP53!Y-2UeLMI`+)g^CvW3i|-6$p|f=xY*h% z+*F%w8|3;R8Zrv;a;{Xi68M(RM{bcIUdc~M9yBm5jdMAa4A)2wS8?Lh2>e&)5tF}a z1%I)gLNMcIC{>zvfA|-U$r|JpC#5m-$P8zbc&n^Z%VxGj>cyw9JOt&opN$F^52cvA zt79ta&8Tmo&@?J4Wu~wkS#e{VhlKjbYSMnF^6QR-db2^!~QTAA5fKL`7x!9GJ zJQxw7qE&e0&dRxe`kYQ`#N)_<2Wux>LrPvPgTWd`8lQk6JRyb8P!0e3aN{Tq=&ZC@ zi-A=~HwlVsXhX5hz78q4R8Sff^n%7xCi$$xuz|!4MWXi;m&9? z6%*F5*2vb>nStioGe()b7BmF5iypZAbuyGH1M%$(u-V2*t=V2}SFH>pRD0EocDLDA zfJMY<&4^QrHmv{6=;q^r?Pyw_0SG3?TxUc!*2HY2^K(zrT2f3mnstUEfNeF(9!@h7 zzNaAlNZ6D2VkfUN5}v$od5>`NIwRpjoV>qsLblyATwSKB@p20X#yzsU<7MAmM8DYw z<7EL@)5$en{_zNmmv?q-cf2flt^`tO+!-(5d;rGFg7}Tw^zpJpeRPyIUY3}D0LVLD zmV`0KdB)3M-V7t$%X-acl5UQdx9|U(#>+x+z_Dq@%kvafZM^)*k!{Aye^8`hnMKXU zO^WodjF~=NMX>*&J+kMf-3ZFXyoxbDaW`6soRur`Lnx=dg^3FuwV7{@6vrkGIF5RpI0tW5za-%WQ#O92b z?{s6U;m|%__yn@9G={FR$IFdIMw_hT+*xsv13Jtn+~eiGHVm7dxSA) zyEA_I4D8tc$N|23a9D~DH!4~v&pMjDev_;*;og&`sMN>gHs%P+Nk4aizJ!GO$c@Mj zQC9F5qcqu5EQW8oIpDop(c@T8nTvWtR5c(Nc4*mzZR}&pxKJCS+7>iL;kwAe6|dx{ zH8kv)pO*b26#J5i<8>PwuO_LFTu5Y4EPsKCU`Foy99p$e#M>C)W57#DHQ+7hR3Ij= zwSsLKUWR2r$#HC$i4F2Vtf}aHjl{8=9TF3v@t%bz?^_{ugu9wq4}-Bvg%W4b#(`Qg zNBB|C+2*uz-}x+%4At(KZ^+oaeRIpO&22gn#f1gz zYsS=5xpujeC+J&|VTTrt3}RHchCgmYn@*bgK)6f|gexTno`FRUau&G`S zmd8_Cd5A1t=~HAGGS0Y-3`$gO2b=B3PWQ;qZV>l%BZrh@L&R`C`4GEVx{S39=$2Qd z8_=z7Dbd6$iN=Cj*A{B7B1ZNEZA^#-M+kX;IE6?c`ACqUUE0|P?NYq*Lo56gXSDH3 zk(KS%9!#!bv4oFC-of8+4gY2oj4?m%I7oe9YbbdqkgHG@Uz8%?eg#ugH{jkmdA**G z0So)l2*pnEp&@sIC|c42W|BM&?a9~QOjEBrdlI`i6*M&qUUaJ1gkZ3L4$O(@gKwg< zwu+Jw#?AAbqU>lF<(6S$fox(h`?!cFsAQixxfJb_-N419NxzaMa`>>POnSCs^^QKvc|8%UHSLAX6 zQP;Y|vkpIq(YGCpd4&L6{?m><)hpM`SFQ-PQwCsO@gOp_vkotLI{&Z(HB6gV^xVAz zSNRa}t=H@G3W-{Ds5Y;VnDYSSomWW0_QRcd#URubqihz;%bHivcszGQ#3kLFS1kEO z*xJ{1c%k@Kk2Ld&K8mU~uNdF0&Ag(UBHaw@Xf_U4q_ug)DNs<0GhpCn;zo#M&MWMZ zge0(Ca7{SW?IpHf0_^X?2hABrsMTJf2Z`2TLw+uDqmz{HJbtH}i5&JnKq;_U{>YEB{Wbg>*~8(3*%3y!M-)0xb8)^U^3iaX_PS_1(%Ouo(x!3 za6W>WGOQN{j2)}d_Xqyo4u8gwM`hBq409l^29ZE11XyNtUx@@Rluym#qWQg?n-rWa zyO3S*H=|%b{LLynNG1yB^SdB3H8GL*t!p9u3OK=O%H)E-py=xb9PS4ELdN2t{%%LP z*+*C!6*XCUON%`HZgy*h5D-iswpt*T8S7sVu|nz!mDVd*Ib}?dK-Gj?GO#et?}K{E z%i7csVukuqY1<@^6~z?e18Ggv(8RjlXj%xPnfXY?-BS&b0(^)TrDW#!FcyFUI|oVe zFFrv=BCKw9sl`+hx49WF#mACUOT96*emn354&bf<_D~J~=H5Cs5p-+1^<>=omkZ+B zmC&CePCG#VE`nNNgfZq-`q}b((N8WgV-!vT&=5n$omgDw&o}wW!?WD z+1zKwmbepljf%rEFgDe#mdi?J3^W^u^N24wTQFl-^wx6}8Y~Ep!`ByNCGQd*VSJ}% z^8Sd8Lu-Kir$z3W}405Sl4a&7;epFW0H`y96 z*%NyJhila-f7+ID+7UD(G!@E3jD8ZX8~&1iA=@_H@YF8DehNU@-2(XNnKYHg9g{N& z%ltOdgE|S<@W)qx`+dtKLR%-5B&yKlF;xn1GAQ7hSQz4KB60RFE2_&>ndGvrDrvc| z`1w_86{v)&bC#<6on)yF>h&exMa7l&DDGoB?Ai&Ti({o(qRWiG-33F5TWjvijENOA z95p42D$CMLW_<}$114+P$e2$xI2_tx;{kxyiwOKTSPwRmz=@$g3#k3{Ij!-(HrJiHhvT%RWm=w*wbjlGo@3@|)DkG?(9 zMY3p8XM~I1@fBj+7=I$0WQdQ#-5&=pS-qoMYyUXe+J%@nP`OeIikSSxkeill zc{<7-JsV5cn&UfwU}0gMI3ibf;Gz}O5+4^m;PmtQ+V4@7TdJ4RkZ@Gr+|2#(1RBz0 z0PM%qx661+DgC*hS*CSdV>uyI!^~`DzjCwl^8l9& zSQSAzsQjN*eb2+TPa`AL!Jixbk?%1Ku>h_B0hm)cQqY+3N7ftcV)$BvoetQN$islC zk32+3$irVto>!jdE5A(lky`-)w>jUr#zen!bGujw&;@jU4_pyc0lRI8EF%tO>=;X8 zATb0t7Rf+@DGM$^B|yA3h+wpIql|Y35v7QRSo~3Kv_yz;W`k=pBy9#UV6ibSsL6}E z{@tO13_5ZK8uEMCTw>7+7}S7b(Zw>L$VWs1qYNsW-^M4nfky^h!w}-#QSzhG=13kZ ziYdl*EgVinm=(Pd(FdcWd)N#@wL_^|TtZ`3^__VxLl}%vq+;m1i_{1ZC@h8sk;0>I zn&TTcLz1>t^0*j!|7#iFFgX}46YZJGZOh9wZeE^{6~=p!6Xm#qzfcOz&A9Fr%q6SX znTHRM@u4zCDWn{9G#aexH1U+F%FZ9-VC;g!!WU>!-4In0DPl~#OeL82d@c>+o=>r^ zaLqEL`wF_oBxqK>3~-5UU}i=AmaMo74I!hT85(q&uy`e7Awr$}$ZRKa5x>JV{P7h| z_phlT0;A$Oxehc>09CE*`+~I8{;Iez87pI=b}8ub{n*ec!Z8rmn(xce`0gv#KE`Ae*u)1b;<*a0k#LVc?;*~_+D?P5-szd+9O4JLiGQrhM+)9*;VVUI ztuD1Oa8r==AJGO~_7wXP_GBhM#^iW}rHuuuEyA!~$zk{M^ntq;Hi*(yB{X}U9K1p~ zo5PTJT(L$hbCKOFD;$S;MaCuUwhNAq6}?luX|mlnR~+k7cMA|%>NZQ(A7Rs^*+N#1 zP%D$dh*zp2bqvF5;jyT#O8?mBR6p$*@C^lJrxTb5oS_=x^7$hxR2w42_XRFz!GIlV zYeHfoA1#1v%o~eSRHpSpE6vj=o8lB@WKo)`Zt8yc)HX%aBG{A(_C&HW!OmbLNnfnm z+ibcQB-tp$RYlJ8Wfueat_FjqF}Fd$>lTG{CFy$rtgBpYz!2(K~*Of6vQjLfG| zYl~{xt1ol+lgIU?*6o~exvNCh@+#C8uNw7jenwf7XVhmL?aFz>cw?jqrS&)i3bdxPk7hTp3VD7+07V?MT{s$zw$^#dt|fK+phpd41qv2>B5HufYH1 z*fOvdS0beVhw0|y=Qo^P>@E5&rag~r<<@vF$_TzE9&lP{4)E@Jk+Hh z5$hDzWE2D@pk`rN@z$2ClTsh)M?B~o_!}+jh`-2IYK(bA_B@A27<0>6z<^BR5rD3X zu!OSutvm_W@W(j3r_A3o@diX(kmD>&IV@fhe?FXvg(oHI+&0neD5=mQZ13ZFI@Gq0 z>*XdAocoK$Th(nsf~lnyIk0!YsOacC3<8hlILE&*lZ_S!F`Uo%7w)98V9OE}%gb7X0DDydosRcHM41iIP4rclu)U%?FYd!qA#?)Fy~NW(azj`z*d<+Grd z`k{LfWTl$2fr_6TgNa!fV+L4qfkR)iOy(<6pt1apC4uGcqQEBk^5N_K;Tlz}K$RT~ zuLIv@!Y9@>SP1^Ag3Qi}QihE77zu?}?~R|mNc0s>3_ykov^bfC-4m_uQo61WT)__U zmfZ!2wPc*x-;$B-Lh?D8Il*V5+s|B;_b(i-_TrnAj)G{`O;ciwG%6z?O@*=bNmcoK zfA3m5NFC{r`Zmu+YOF=-iJx}v8JSUdJj7V3$m9SeKh4!s9FRE(H5qe#QDI5op-|Do za51&z?ud3TBUD4qe1*KLx5Aj9_^EY#C1!#Z+EwyJ46Q;~B=Sd|#}|;8!tHwvJdT8f z2fxKrgmEc988_bh5%-ZvM1AB~f}*nW7qEn)kqi?a9)`KcmARCflB2E?6nGc|3&EPG zgjIEX>Rad&r(kY8l0FYBtXg^jToPDXD`BXKJ}d%Stm=(tAHn0#g)6lA;WR`g^4wsf z5SKgyV>+!E9A;P=dzyrzQkUiB0T!gma=bivG^WCMWu@2yygXKDULM z4YRNM$T5%=ZAmVFL@{XC<}6pv91`naTxBaPheuswDw+$IRGC^pqsnl)cSSV5OKX8{ z*d@x-FRbPfjtF52&$o1Wz@gF{j`8X-7rcA)cp##@diqO(g-x!ZnZkyOmixr^r3(8O9w{SRt5NDfijWMg3G|;_fqa(L`y)R=6K1zkAL&Dt z!NT|(jkJi^aQvRosy5Cf=9X#5OjKy@IH4h|ja)gttbpSSYLEq$=Y>-AGNi9yb~Igg zhias2^G9}rp~OtLUGbE~|Jb&5JIAq>wa2)uWq;HkQ-P>lRBN6P7S2oyCu44AZ)EDxT|&XQ)OgGrvguYUT}}EvW-o1e zPaI+hntf1RUrTQ2)|c!m6%^%q^LLc73FA%nE+Zy)^hcHg0DP&gpf_8%!U2gAcWGR5 zxO50B-LV103j78CBgeCGSi$1>Ae&?9Q7(r)yDD_KQS~kRmV#^{iK~uOGRB4SKs$sh z0{|xC@KeC?bR6c-s8cVGXNK##;6Wb_CiJiIq3qejmyr0UHC= zN<=eNyZ?x2N;RzTo3P6GNJSPsHlw1WJKD7>F10GY&4S#u%d{}YuvS^Png{`ll$sSS zYm^L@skEtbm;*?Lm;jcH>BzY{FJtOBVrYLbHW=x6 zNM(~{IPd0m@kLkkK-M+`ezP*X00>OnvjGAk{4w78U&0=jCUm&wny{SuX1yMi>k9xP{j zUE6cm;OegJj|w8vEWmYRI!=s1HEiO!um$%P;6J?UpTkQ?!Kehb7+bf|wh{XvV&%b- zaIa~{jwT8$B| zJcC3=`oM^slUb!H@BSF}-}x|=V}`?Zm_vT;)^avbQTOICLrYaSYPeu%EU*ptxx`PE z@?d*{Ygt;&$V1G?QD|#AVp*}{nZYWnr<_pMDrHhDrTjh^ce80>uzi+L zHkvgGyB^Mc!a01Kc4CpuWBIMd^KjBnb1LXpa6XM(P$$mKJ2;)fy{s)xDcea>zL0CK z6fpH#jR`I8&wG0Zj%mAegGmtVTUk9e@iJ2vP#wJg!;IY1I3m!p0GDh|LxHxilr6R2 z47FR4d{el?XiR#zQ~@*TcrpsP1%>hzn8|p@6WMFTCDj+~ z{l8E#HvvetUT(RZ0YXjq3 zRGs}JM#GNlLf=O0Q7j@%PHfbsAR(25oFGB(7CI#45T-koEY~U%7HYQO$IGSvuG6nz*Q-~ zWxYG21Mccu`n9mitQdCF&B)j^)M52%VYN-km!Qc=$L*E_$ZcSAG}4g>6-&mJLol>g znlxU+cT7^T>`y7~)A_N%b03DCv&!~U$?|95VV`Y*fPS}K~j}3Dr8&SaKp-N$k}*8%vH>(Gs#-(a6mh=pkz z3$(@h;9rxUhfVFv6qkee6O+S9M(#H3-=wdNMwc9n+@g^l1cx6Rey|OVLfT?HzeMez zIrnBXW}`vJ%ew$FPCre)saB)Do1=_s^)1SH2H#p$oTW-uNJ+bZU9ZX<5{?OBX(8az zL-Hj?hcnfAJm=uxc#ZtOhC1ZOY2-&}bCaF{(yHqHjIoZT^o_VP6yKus^E4&`8WY3u9g8rRX@T^{NnGYezk5F- zDlFH8O(81r2RGPe#3kRrzJe)69AePf23eO`Vsv$hG1rY?DG(?zS~W3tpX!KlcaEdW z1?pRLc{9Fa5#}<*$WuN)%W#`v;o*sLH=Ps7=&@iFjYu=954b}wPbc%F-(mk=u)m7z zn-!)ie?Up(AY}ynp~uvI^??U6QrM<=08++tC2`sVFw{Z#v}B$da*B@i`eM}UGhs;< z5{w_nMkTWgC%1!%WCSari6%GWg;`+yIwlPJ$z^+&GGQtbOx52F-Vc;DWo12o0}B|d zO-;;n=Q{@ZEOS{32XV_>j`llx?ykN?&j;XJv)T2a$fm_#B`p*+GBvTxO=4X~hs0ow zMD0Nii5Jwjkaz;$8i~t=gpy*)9kwD-sLgIV7lTd`yZuF^-1BU^)pRiQ^U&F)C_C5pEMyK!m7hzV|(Km%6t*i}QW|^Yc8U>z+F2)TvXa zPMxY-RrflpX@)x-xojy-b9{V`n?Z92*!og8tP!wE7>CdB4?$z`J$}62jZzDg1b6G1 z(Bl0)zK40rZRcJ@GI_lYlcXUCA;I8?F6_t&xyR7v25ddKVCxR)tbJMtQGrKGH8 zmmsIu*;$eubY~B;v&Ttxt~z#QWlk)Dn ziVOR(aGm^A%)!r}oo9XajZ9uhipC^Aqt{SeEFOMOAgN0A%qGLL6fJ*@RU;AQhp!?8 zTh{PXj)BLVkUaPn<{P+1+zriD&~a|))e1Vo4gH&f4s=6LQqU|nbTFW6!hQhJfmEno zHM=U3@AFj~Su?AR4211nk&E5q>Ib)rUR5+sXlk`AH6TPVeDR-+aqjnkD>9b3e=jl)<<{NW0}Q|QnZ_}h(c%mO~T z0#%Ov1oPmE5F1{GC(%#nO8W_(B!m@4Gmqb8#4@FPFABR`Z;AL>8>jJPLe>*+V@MNq>c9YaKC*r-wG}lJZp#r7v=ND4$aF&^3zUHR+-B zLP>4(3^24dD#WALN)`gPy4lcXMc9Wgzf=0b((=`^Pj)6*f21T19_?W0(DdZ>>q zJcVujNyPFLww_SE&HBVobNA5Kfsx!pA6Im$hjwHSU5qgloD>9Ov_CwLqv{Mdx0#C0 z=>ti9c7noCeHNUxKFg={#*4h8YA;Y=3-=5LBgy@B=MGnkeTPS{&8-D2u>#9)kbk^* zb*T|&ynr~eUgRB7mx8e6l5caDd`*gyFJQ@IQL@b?$8{3VS2jD^ThP@&HDjM%*E8p zTi9)ig{N;`Nfw^MCM!%&VJ84;*S4RxUk*TSf=Bbb@^oN^;q8r!*0VQyChhfDI(J!k zQg2+LFjQ}3WtG>FIP|0G1pdzfDX}4}TS~1Q!Fng)LPqJU#pl zvhWmky~6bL@Tq{dQ1_&9co=Y#$KgKYyTX}Kn~}0-MQvMSTmAe4g~3$^H8W>F=K_Ix zN)ahPrYKa5#*sOxwQd83)>_x#(QAVj0A@wXT)vRf+B26upv}_vY;l$TJs!QKe+HO4 zQf57p?Ec?GOBE?U%#4AmCv%CXW$8UVc?Jlf-&S;Y5->E~9f?P;^!u@NSEQU$`ke`& zrHYilV1^kfb7{wvzI~DM;~;Lm2J?WS)!;fjdb`hsWResqpGr(m_c>Bwdb&?PVtV>& z24E>8<*m3sE4i@sfO-pCr7%5(y+o+qW=TEtZeS$$&}>CFLo|$)EVGAt7PZe(Sa$rA zJeM7&FjNnV{f)+LH919vTNBTH7fzNq3I{L(^Rhk6zu~ z%F@jq>TpVu{#>G^>Y<~V;p(9xefxUop6}YK!RNrxYVa-|y*;#)OpFJ?Y0G6_co}pNHM$==+!c*8lh3P4*E1`Ou_3;*MY?L1Anc;o}DCkrV9cTAY z&wHhp6jm!e^lpWrdMNlvtgLz{pHlSDsft3`2EBKZl^q8Rt&I-Hqu0vz2F%?{}Yei(hC7|_fT?5vhnMQma2zNVTP-Rwj{l$hYkRt-P$Ro|MeS} z^o@A*O8+Tf?jD*_`eLG`>Y)!Y!_`AY`u6qEi$L6Z4MqV&)Bg}WdVAoeIq_ZUUR&y_uv+P%MnflVDX79xxbks~=kecXT>Tt(hsymq=KH;e0oL9x#=@ik z;T-(@xtG2f#>Um^r7t;{FMap#&X>M?d)9auw}494GWk(u7*n=@C?cT5EvTwlws9ih z5LHdbIix$&aXzIt&h}2nfBsrjo@>9x>Xs|@?*!x|Z&M3o&EDR?qqoOA3s?dlPox-X zJ}zU@DrgK4NB6V6^YLr{j36hw1sRb-kO36rAr%^=tX+~1+VT}B{tgOnoz^mAqGF|1 z(psvM#|JG1p>8?Ztts~!AZyCK1dm=pf)wN}HEnKRo%)dC-V}54-@io0TzyV1b()zp zC+8gz-ZxcMAZ~ZP?gz3~uSIzDI;lD2m*k`_BBsZ0oTe~6eq#hNJx*!>V2Ot)yl0KC zgJR)vQr~Y#F6=YFl0D*Eglg_UZ`34z^&pUw{Z%fYno4fKqj%5TG{QW4=1wQZ%r4VK8_C%d&DmpgF6m~S*GqARsc6eEpD#40 zGM9&y20Z3H!&E@3rAy?KU7K;M>WXP5-?GLXDym?R@u;hbSIaFoH=j@|$E8K%YX4xTei3CTClFl{Rm zvD$lvNlG04W{NXRx2saMGfdBxB%NWpUKQOS)*4bpw{eCEHEQDw(>o*6xnT&OJMYul z8K(2mXf#Xf6ww?y8ukritdlbr+d#EA;$SCdFnU6H(5A_Ba>_{KaQk7IUCtcRjI(Lh zA;;Sv&`r9uPyPoTzC3NCl{nAI@yLI*c6cLm9(lZU97H+K87di;1Sw1aakF#jn>8OlPJK^B`YP<_< zZp3xPQ*bzs=U<_@o*3XGfsMEXJ`z|R4Xn1#m@V8Y_w(Y2Xe6}LZ1Xayi>#}NnMN;sDa(OGo*E6Id$c{byF#4 zA9%Q6ET>olr4yw3R4zJd`IR=Z@rWST#ScS?#uo5adL6~bD2v7AY-sf5zU+x;)8%BW zl+^>u;*${q(V7VvuV6@M+XXGd$mK!@CvTDF{ezUr}_kfyTn*yVH z<8G`BkJb?7uc{V`Kdb#){t=!4D*j6poNMR=-J?Y@9kWZ}aX?{wECv-ly1U)vne0GA?%ZCG#vWTgbb&x8n z*4Q=j4;E8v+)}s$*L>ZK7Nv!i_k$2hkj1ca=VM+7Yl$;P?a^Jl1ZZl%E-$yiH^6hp zrXRUrZ!c(gXdf?V^n&!pB;Y_yDNhc@rWJ^lZ+w6~b8H6}sXyL3J-*Cp6k{8t3&unm z>?55H(WFt?lIR+$QDc(|l9g0mWbt4#9T$Ji-Aul+1v1%SI^$h4Qf|u0be>_*~OHbQo^w}kK;IV|Dd9L=B-<&!eqFl_lE`STXAyGl*x2hgNy{ON&45P>i5V#rWiL39`@0uF6syLbQ0aIYH?1av8Q?ka z&(#=bVKa>X{99^FQme)toErNV-Hq-E3pzM-n39DC%l7xk^5Xs2AKsZ!Nxi!l{QADB zgTYD%EXernQ>i!AZ2YLwY;@!IUmSgW3OKG`cJ%R&v9|GfqP*cKTq%MXR4x{p{zTLJ zd>t~3>Q_Y(B()UrYm+p+tdF?{KqMZ10Aj{C&h zNHLiA{#ikBdbzI>l%$rR=O{s?r=KqtcZkw9k&M`SrB!Npp-PM9Ln}Sei^Ab+;P~-{&V&|3kdB%l zO`k}CBFI*i7D0a9?Fh0Ca4k%@o?;Zr-30h13s|esWyHN~{X!`+R*?m`x9OGlk90ib z^vK%rGOo%=cDbSvJfPFnudvh-5?ea`eV5bk=UR1<%e+{UaVO#@(eyy2X_6X)R7Iq+ z`>M3qdpDJq$~Lc)3QA@7(kic$Mq@lUhLY3Mja5qXq_Q-h_cJsfehCnK z7Xg2L**8SxF%ll2luc}7#mAz^EXZZNpwe@geq5zR@%O2;DE>~B7R5jCvtwn~10F3T zXVcs}jgsw1WvFRdb{}kwVJa)TyP4{VW5`FU{_RWQ8br4KEX#Ba-yA2dLEz~kgS6sI z1RKXd4Qs+LvW{!QFW?6bqlAw^eucFVhyQU<|7wYOov3wrE#nF?bmQM2Nj;?A&#AQ3 z`w^9vdM{RKsrO?$oqFF4xYoO}j^}XmPs);8AtGhZhcpC;G%TrWZ zw0s3_xIt@4q;?|U(L$DDI*d<7vg^!8)v;z@$X~OTW3q0-)o_KPK}>rj2l~yOm({%k z^+>HzkIcX|tE<%9{omrsoyiA7Jok*UFYH*xG0%)L3Gv_-5&bLjyEAG8^Jp@YN zbwTWbCNLPy+u1MWqregC1`{KnniJHIfo;!|gfL$MaJST$ z)0WS*gu!&lMI;m9AU2V!g6+vOiI%&GjG1|5UqM7)h}YN}d1blmprON{UHVVnq|hH} zDwb(({beA=bb2E{1mzahE-D!9T3&Az)x0(_s?9dY%COrY(UpPkNdRbby|lOR9)%61 z!MFHD4*W+91z5DyD{V z%Q)%ic(dH?qaHH+;iYJQm3u2q!5_X$0c2S#uWAI!%%nqb7~FC=A8-aVSLRKKVkBSv z&$OvKaTY;yEwe=ClE5`ip&7RfaUMFU4;YzM2u)BqB0j7% z#Ujn!oYqig#|?N3W46^B+OTuOk`Z?PlJq)h75@sKI%C=fdEZWs;a}$==i9J0$R}&$ z!#(8KjnNi)zDE9|_$o*E%(ls^H1c8(Io?gTReF;~euIa6VB6#)Iy#J8hLd zMR!%qEe$cF6~A=9H@;q+l7-Q_1PzWsvEEQ4d9*S!lO3(#HYIPJ|!N$ zjH~r#>autIMmOFozylWNX}F#&J0Q#Se?eDhC8oO@EX+t5!3v)=yPXb(EzXYoi(i3{ zYS#>jUI=2~Jrmy+WLh;T#VZ89d{Up_m_;NkiQ&f=%1BJ01H>#Ifs(f3a^-xPA&FZn z<;U}wkMKg~u~GG8t-A1rKXuCz_)NxR$1_{iuWR%HS6_9R__)lYNM)_M?6uLJNBI}g z5M)KWh#KpQCsCp?tPHc)DeEGIxbL5{S28e;SS52KnQtAW(lX!LN2O)H)kURczV&;x znoB_@W4lVreCs=vmig9C-#YWH_W_TFSz<)q87BUI7-zLtQj;{;SVa-UD4&6}nr9x6 zBdb}2#_KEtFfyTAMa8*&UIpn7^e?%OER=?$!jl)R%uDZRG=U2iJjMoN%gD(r#<=%3 zG9TL^iRN$V9ksVgkAS-IFCN+{Caqczc3weUCjv|9SQWa=d9gB%1Ns*xT zx==@V<8g|^QON8LE=1{ih=|8^4Mw}aJuW%KWw_a7snVXm@hvL@Y=hRI`mZbz@J_V` zzz*s*UEQh1hrxJ2p?VMt9g-Bxxe)=W@)1B10Z~SxH@#u3gmu<>?edc3;q(E*W`I`1 z%LU97%B+n{yO2-DokQ5jWk+8S7DT4J3i8Ml?KlYKo49Q&cg}e_W8{_t#)W$ z3%_~4TeF9ykiQpTSfA$dvaC{RR1vaTJgn1T6}wmv=aR_W0m zZ+RS`xXp!85kXH??jsUj2Me%# zW6uilV?MNvk)hJ!8-ICI;NlykFE;zbUn|$5Ms69DjhV<+t%~NpRIEs4EYLHiYZ-MnSQKhS<2iBH zvO(W?4qL!Zk5sw5tjG6tofuh_!Wm=vM3vtC?HQ>Z@fxefwj-8Z3iwEqlFn5QJ@>mB zfn2Ew-@vLHK1hkxJWXL|6vJPA=2qfyfWd{DVjUx5X(aoSZxhqQ@m0VOKT&M-w_lt|f@$eym1M6^;&Ws};Dcda`Qd3~z8r01M6g{S zJz%nGL;jQ#uA&AbTVgNCR3XKmTAl9D*_eMnJEn|RkVftWFa4aZLVK5`&J`n@e7CXC$C0K))h-xJX%Mt!F42d} zlAqQiM-tPshH)TZ+Vlx;bg<7%3&S5m^TVJ6{ozl8ft z%*htw?>959qydG1ix7Mi!f0|anHfF)p+ay6{{g|*!teb+DdD$HxBhxX=MBGq5JAni zS&7+Z_{|&AZ4F~%s&Gouu*YJp4P$ORPw0&um9Y}C)2#5L7m^hm2h6Oqrq*$D9JP+H z)jAY)P-<1P8!8yHo0Muj0JtgCT6$fZYF&-8lhnGvr1PrvArbWdW3^7TG=M-AANldB z_4a=ztMw|vazUr5|2)7jU<`oOt2E*d5x$-dn@w*GOB} z=YAUY^KD{l8-NqHwuybH#`{cQV>gdjOku594FAGnx*!MBD?HF*e7$Kg@!=rV%y0g4 zFu$E}tnqQ~jK4GE3uM?PuNFklaig6?wAV?0nLFc9W<1J_Yn?$F_)>rfOgC=AdL@!upuiz(9Z`3yhtoY-h0ulkzbfPnN1DVcn6F(3Um&z$cI~c-=ENIk z*d_3l$GNSmpxq@@In`*LqqZ)a7|lR}o z*m$iwzJ8(;wi>E#+b8}WbfsmkLME7g?S{StsMoPCC2X4;ZxLYTOkCr6 zeG2M}2%GGtJ`FIdWA=&n@w)^Yf=mduzZ<%D3f9e!iw2x7I6h9x(FFPu7~V1Q9l|^_ ztrEZz-|78;oh^yoVv-*27VNeZ>}HZ3uadKkp55vsuXHDq)H4eIB?Y^E0c$+N=EV*) z*30XsW#Gl`pw<3s!aOy7HwCN|uoTl|SrK{ld1snDlHYbS-$^}8cuehG#w(R;5{#27 zxCU-K_C9Pw?Lx$BME@d&D-!It;a84;VpA;FCA-q&9mK}Lagu43-trhKeU=-xo-mIh zRsq(+onUm3)~%Zbsh zr$=fd+skLcEU+4DzW;I^7L3K{MlguzkrNkqmRrWwX4JtMuM>>k33(&oG8sYmH!XWI zHo7yx7?cTL_TGsl(1v5((L7SWcZ8CbmHstJ8SBA9!mCh>j*1$bEpE$ zoPlZ7FQlM;kTB1J&K-bZy;#h=@O3eB{!Pn1Hm^bw43wC_7r+`PsbqTg@WxZTQ`*sB zgh*(;Tev}l4vi<=(7g!l9pB-G?tU=2!rubsGSFi5E$^Ti2a;`6w8h@>U)`)9(=ljv zz2n`nc%$)65;t)iJKJ4wMIi!}i;$695eC;Z|DEqbO}Q1hc<34GvPNF*q&4mZB@v`v^_X#= ze?x7_JQO_$;gAx>}mWrC!c$`OVtJRt>mc;W7Hhr2Ps_4@jT!yyE%>(8lZA zsEWw#S?HHHFUjM8E=Xe^^ig^1g{g#6uyG^G^S0r1z#y-B+lT{4r|i=i%H<=%qPM7N zo^HQ9w<1PRTf0+dSgOFb;-vRIu5pVq{sITP@#1)uyWQWupN6DL?GxYR&RmX6bh01Z z(E9-O)^9%9unKJ~3TU&h#<5-|qgfnpNE-nq*jFH^KxO1I1Qq5>ni6Sz1>cWw>sUu( zEM8fP7za8Qn2Dr5l&f80X3VqUF^N?q=BZO@iFsD5w8T7RDlIY3ODZifPmxMX%=0hV zAEI9E)k!ftJC?aaVR#Bt|yB=+=AgS2L zt)fVMi(5qzH9XIK7cJIEBEqX3E|?~;%0^@=4?j*|qc2>|n>n;E+-1pKBPlNMF-C4p z^OZrj*thC~EA4{#uE`i$-6_?rQl86yjNOekEnT^y{h_K|v@0E2=T@nI+q5a}k18lq z_eT};qNok$c<+y@BDnBc+#e+fxBty`f7Eenaeq`Pi0~O@xg9D{hu`|#oJ~HQj_j&v z4nLPO4}MS_xzU_D)Ejc?dm7ZCLY$~J6Yh_gy^ zLJBym`zGCG27`(u(oi7okILOQ`TnRmAXgK@K4>)iejL+gL49WXsO!(OsTXb?C;kFg zQAKc(5kBkK>h($dh9FS+v35t82-pRqA%NGw`Qb*JZ6#e1-BjT=q`aJszU+hJMYs%0 zizcdKJSn*mZ_2PyG%najB#`X8t*H? zTe}-?3LfLz+{KS~qa2M#v{h4dGE7EpZ;1DV@>L-(Q;eiSn(uKHvJH>q;9oJhyT#%# zo5j^BS-k0H@v_5WFN?((o5kTNS={PoakcyLVm#VP#v4ee$!jsmW@b#TG2 zf^h%YEPx+*xpZmBRRiYTeHXXyt6p&j}<9B(I;7jDc{8 z{?e+^Z-vHJj)0Rf-oeg$+s_@6?B}W_-}G~}aL=%}_WC&~vD0-a{M>n}R3nZPOR!+{ zww#$se(p3?bOZ7mj7h5KHvHTzZTh(oT0H_-NT!_jCcmmX)ZcHDShfUW!0 z?3*Cz|Juj3{;ZT-s{uB-^3JYWF2zM~bT$%dfMcv*6IhF-q(BvfV{eB(xDPXnYLTsJ z$(PIFwNFl&aa+7AE|)6>3GGPTGZs1=d+A0;IQ0y zp!aTUgAF_<59eGV56{TMt}FK7?y!$q5Xbn(61ie)DMqBF>WZyW?TW3@?&9!Tl%Z__ zuHp>FD#qdGPwkRROEacki*T$3&BRK`(OCEz&mz2sXMtD%%fYWPE}x5zQe)ZelxG4Eq>zckZ3~Fzkr?*%C(w?<1}0;4bVt6_(BJ=oXU>4Dq5-eS`<+ecuzXcBWMTMp(*8L zT-8-&i)g_!mNV>#YB}beeE6{RM`Hr({EPnvF1a~tec2~~1`N0pHw)Jg_*Wp7%K<>0 z{wWXzRPe{xeF^(pjj=M!Z?J#dc#e&}+?YLsU6p6*MXrn@l+S}WretzuO>-UEXn=pk zl#iu$8FuX!FT!$38J6uTxd+U6^mXV{?e{j3KYjyBL4DM|<|o$S>*wCPzsByLP&~1p%XsrIFv3knQ3Rmr7`%K`OBhEu2621g1^D6ka+b!ot<&m3b%D}t1 zVNLihWcV6Kt3+Dk2)$2aW3h?(>5ctVqElm*mB2*~%=*Lbj~&$;_p@^=goJlDGtmiC zqcQP0?wWjlhoh8@_c%(aM_NQCNYM zamPh8y6{|KVE%Aq>I(z~M9)O9;a@QcW;LaBe55M=JVnho#A?4IA!;K&mdqYy1N&?8 zAEL?M*De1`5JfyC>{b<^xOcJ{tzAe(;0_mG;t6bxr1K2(F6p3h;6_czxlUT5OMKhjoJH~K zUUx`hjNV|!rcO*e0>=+h#Kd0O-@mYFotSthw$QhOw%Va}V&XEPZ80X^S)gL#tQ!#g zHjMYi!~+R__!7j#g0NtMD<(erzle!ff~bXJs_w&7c#9Nmr2MUsR>3qt9r>}pl(gz zeRo`pt7;K&mia=sAqQ(iw;|-im|4CY-AW5~SLSfQUL*td{c7MZGY-3ugX9M-lx#e) zNaERIurKz7aDW}`_fzb(xb`xQ^Jo>Y6svmh-q_`!;-f?>ibXx*JxEyT+{AT&#$p$v ziCE})&@DGk-@}FH=hL!J(iR!E&BG$YDpn6hYQ`fQ0Mk(3$D>u-XTfky;5q8olna4W zh|#@Au5qSZX?7fNr^aSF<-!C*MN3_$O0?7st$}DM@SJE7vyZ8n)^s6IhEt$}^8-(l z$e3^;ZykOrH|IG^ksrOPwBW>4eWf(9g~S#ayDfpOm`Vw3RYZ@eR8CD`11$*xeK01l z!N2$!aLLVi-W1O(!%8Qr8g)AxrCv<18BM2xtCL=&+mVZbiH}k7Lo2wF zgFmOdi{R=AV5s{FmzmcVN?w1VwLr`<_7i_8?BL8$GfRgEu%;9s0%c{Dwy@5cms5|W z!*~OYX`$EUWGxu{@|5vx7M+Dul{{Uw3eM*cX^pwbbizfH&@jKmA4}eP5rE!i|(zy=D z#`7pwzAk_k zZJ>L}C>GU*>QN~In(J^y@0!5JbdI&4K|5HB1|!gBwK|&I@40{FAwDZ2TQ--~#s#wz zU_*%>7!QG7Yh?fO2L{h=l|60K$Oa-Vq$huKZK5XdCZE;>R-)fcTPbv7g%0aY{=70- zRlwqr^6W5gK@ovrpv91OIq4zda?lnVuOC6PQkM-M9RHU3bS(4dTXZ>RS}PV`HT}^% zHtps^*vVs4s+!XytKvV9vX?FRN>C=Yv!EyzMeJdQN%3eLYXU{^^hLa8e7C#U`5?wS zFZNvgOZ>o9fttWlQ*QRCBBKdcsXKE2?q+bJOYVP>-kvaKfgCI}G0;t6_+R`(I^03g zz?-Pln^Gws241aFn{GxReIRcC2f}JW=;lUv8whIxOV~0?z;wCs`fj$Uw9MX03QHMi z89}jHrU1GqNTG`x!BW%3H<QE z0?d*k@W;_e=Ohu%X+?zBo=Vcl)tU$oAUiH5?6hJ!*sTd)3gtn%W&90tw0`BM-z`J_ zi#S4SApzeIE3vSYq!F3`b|uuFDKpo}!Xm7GteLC%B*uZ=K4hQ-am?e^n;<*ReIQG9 z{1PUG^Ue!&d+*OCb$r%%&^h-0Zw5BDkwGx3ls}G2Uw_!!s(;+ra;wgGGD)TTp5V0V zcxJ~$e}DKA<$QZJz;55?z&B-;3XE5pJ8ACh5O~qqDTq-?bZ_xW&^6mvb1J5U9`k*HdCd>T<#WgbBiiqv% zpkIt~beF+wt5hk==yfD)$n3w}lgc{3m9om7NGj_eT3HV>+g(`wlVrWys zAh#;q^sc=U;jCg@4TYvyiSW`M@6bA{7{l8~``dr)a-CI-9jLG>H^qCs8M$f=V;mPN z1{~#G!}Ll9Pubgg0R+Kx4h-6L9D!w{OQz!W2j^Iq@f^+iMuR&{m%P3kk`$zJGPBh*b-M_UvDf5{I9Y zVh!VVRjRgs;n_2i)-bMDMK{1Y8jO%CT3f?NwSVDuQ~+*~iyJMhNW4>Pu1GW-(CUiB zlP%*h#%{`mQ`X+S+26~tBIqniZ8{_GibO5)YK;z0^R*lDq?yeX3BGo#DKDe*?1{RR z;lIx~>N*Bc!xo@J;a{SM1hLZ$P_hK?J3ga-Hb<>fGm(!E;ozdt&`>GxzNggu`5-%p zufNvCxJ1QwU_1`Qe4T(0h)XPU@yM46@?hn0t)keKkAvN+q`_uM&U(f5?vl=wk}%8v z&m_+BU&+mRB`tI|q*M@o90-B^Cx$bk_%#LW1?qUMI}F;(E`TaaY~kCgoLAC$!znmb zw!rBvpvAYjIlXm_r4->*q&RgjIX&G1r(4OX@BXgP>{d6Y^A)F#p~+IwpC)qO$TpGh z_7=DfBG++lu7liMeTpltqkRv7f)U1v6`7ad!v_l(Y=p{;F(@gho{h-8GAy9oifB6s zlkrpjcNBs4jf9tiMuO9ULcC0VOwz#;WhhXzf;q<5^iyVb7iQ;GkOTH`@+Rpu;eYTU z7%Netpdosxiblipkb@UQ_=}6th=qT+qK+y5qId8Bwnca<_vJzb%r#aW$--j9M!-eZ z;7lCUqS&~8vt=xog^rHTa_j8J*{)f210FSds*nY=u&~0)zi?FQk(U&OtWq#qqB2Bb zr$_4EpkU>wB@`D4|4pQk`u+jYrDDyQiJ{Gi3Jct_T!F$-xe>w?t+VV5X&pWrjZ36; zwDA5|V5evh!G1`Fcvpj*g@MInZp=ltwv^B~3%t!{$MsC8kgAtd2wR9_sERIEh9=i} zkW1Z+4pnKdl6khFvJCZ8j;i-5EepHlK~~Kr?32=EsVzh$3_g zs{77rXJ5AN6qH}lf?u+<)6YhR>>0Yz>k<--UL0?`sCEBCT5t*#cb z8*H*Hq()j~d>Et1n5^t!lie+3H`-*GNS$ht@gbcWfJ((^XYk>sGE6Lr!G+$91(1CSWeoth&N{1U=LxMjLy||%;&_Ke-v6VpDRxF(!N_|(>k%{ zs`k+?acG@b^G=&KMXY(q%_`QM!=SSGFmJ4xOYrRRh&2V_>>;jL^YT52HKQPE;eDCV z{Dyq^1t-?*It;ON($970@lGYO$t3#skS4Yf8q3zdErd)(0^*JwO-0l|6(% zDPqkW$v0!oMSl^o+8b+1iK|Xa5o`KYsoJ+zM~_R2HPcnm4G^ut=%R{lBi6hPRcbxf zoEA4@&7#9vjWv&L6>kLM%qH3ViXEIBvk`owy%0Ds*?=hQD@bh^(Lr2NPz&_kYXWr; z&zE=re}J(;>NQ)#=wf0thWw>dzQRt04Wn1xL|`-i;Y_*>yqQ1_bB*|zQs`4DYWX2f zQ8uGt$X+kyL{eqrq)gybysub41k28K(LkNHlWi`SIJ9UwsJ6LkyKUDT&O3&9u356OQ$`e=G9=&75qJwv8e{fD-az@4%jh~^$HF`RB}VdA ztY}!MMGVBr!URGw8larGV250@ZLWKpTo1Ox?+e{rzw807HQ{2CNhP%c5Nww)LoWy6 zw#|ISgGyv4;@&gEC2}sAOD_*EC!f3u{`f*iTb0gM9Lh%>2#@aUj4E-n87*vt)|h@O z-`s_t1D}}-EBJF2t~Y#1jzSk^v5;7apFhzGif*j_3ImBtH+JE>3q}0$pu6xP zi*-o(!yR~YKc*6llW4SoU2HBYb1tE^8TTzBtH-& zT4u}^2-c>RM0`WB%4@b`qo3RMPn+0xHm^+p=Z*g#HR z1^@c8d*Z}85)p9_i9Qej^AnQ#OG|_l?hH>x06aCffnEE6q6(%TkqKBWL3wgr02=Zh zG^D?@f=rB@r}j`KMM8r^3_lsWQ0HwpAShBs3z<`yF~WL7_uD0Mgp*Z|gdY7B%r>amhFiWB8D`tC1# z7mZZ`{978`tOMM1Z<6jj(BV60UD zegfIa{e1hywyl@vvTNYK&$#Iz#w~>+m&s^~&FK7;jFzWlG!%?b=xVKkjUL5((Hj-K zk$tnYQ1HwGXW9jRrZ4)CxE#bpe-a1+41jQrG8P*}8+;g*r@=9|?3> z0VogyTP8ndpUnd~CeG=l8s-9f;tz7Rws9F`^i=XoQB*aEF;WvSgy0I0Q zWz76c-uR4>4FBTy;Nu~rqT&){R#fG1rOafe_BC$A9brhar0j}wo1oy*!CT=}?3Y-!9YRk^(r~^!Aq<3k@8TCRo_QZiZwMkv(u(o(7ER;73qp~rPP4(Q61g{(NAZA_g-!uR0s!V3Pi z9FUc!17cd~bpu*Akq6}}pg5p8Dy3l-fx302(@(_3elrUE!yH(GF#YRWzaO)T~RUxLEUstYp^50P11=kjA=SYStII zS$~Drfpf7{@fs!>E~eS1S!$@gJEa=BxEb;eOs_N9^fy|c^eF5kn!Cpi-NzwxpDYrn z9yR57tw&iFkS`X%zm^49X<7i&$^y310(d#40*VF9RcU1b!)XC`s)psWjTad`aqYZlvQ_1VbM*y(o$=?NkvZYrTp(I399S zH=XOQMPp99z>TpU7>yTO%nz`cPffvmwVU)&FY|%%FWnfodN86AAY+-1^L_iB@WQQg zs6um*BQj+x+}EXWyBK=587Cod!t*88^K%%{;FtNV{PGMWRFJp}g{vU(;l8F{7BcmU zJpP-VeH*gDla$&p``$U?mxW(0^??6A+3>N4!E=wudYiCokzDhDi8`j#1DH%bO zjNMZt6C9C@sTL$7HYLk2CFAoB|AiuT5z^7XRw$wXDHO*apIIE!EN&@&r8vQn;+Sfo zIAWu?Fj+$ZLTxEvKU)Da_DR(=|31sLa_}@B9jmntZmUx&3%Aa|Q0VH*Q;NjQU_w6Q z1iZSA1Rl%Fc}#4wZV!}-e~AcuGi=fa;T+^MTR^@LdfDFao1@z*GCH}VMe4Z1!$1o6MuwXD=T2nTp*C7pfYjh9#3UkX zBwSC?qJ{F4x2lU()J9v%m8jbPC}pnFibu+iup6NjDP#Fru*+5uj_}bxPVOE}!_syY zdTkY}fO}8zWA$35*=uX@E4@~5q}MXlLa!w@okVdD<-YiAIf*i)m6KSG6nzqYtm2p! zpM+oKlZc~y5>hP`SBxw=39_b>;IpOwE!4kw$uT`sHFfL^yQgVuEdDGm+phy3)iIdz zFSsfypx_m?t!Oo^R&@~ES&?Z8@sn)?E5JC}-ZDi9VUFXJ1zHdN;dF_6X^Mz@FM=3a z=2~Rdgz1eaWmHnuDW!#5M|h(X)1!$pW_59Sv<FWW301dGNq9Q64I>xkv#5HGc{XAygVi($Ol z&OIZgIFFr1ugNL|mqs55OM96rd)FrQrzE`$qDRJ_v0gYtO?T;*|t$hnR`_iZXJjgw(J~dEsBG7tbJ?-UB*j!IWLJRZ-p5AX9ebS zkamzyYXSKH7;(HFde$tlE98myJ=6u;H36_WZrC@3)w*FH02Yi+se+Ykqh9*sjkTIg zP3)%nBcNJYk1PDzWc&ds@vm3-d^IQh54QPl?V5`JNx;WZGd0H}Mfp%rXp^`SkTv#; zPN}yzI`g|nQgYmSDmiXwnd22E#|_CGgDE*aA{-l9=GfEZ*pSR|SC>?^4uWHJ%0>%) zq^+cyl<56{u6eSqc&rK2o|HW@rR*`1vnM)bPw| zK$GM5s{mnth=g`(mw43#8icKy01*k_L=URRj82MWrf0rHctp6=nYMopkVJw2eFma3=6)K8HDKBJzNtEZRbNe)Je0O4$O zO_sAJd=pdAz|KSQ)O;fUgn9>Kft?EnG6R<<;D=%Y1@YiiJRv~ij}@RX%>a!7f&^%S zBLNyyEd*%9W;~eLS;d2Vwx+X~`wm0!iG4hL%Rjp=_nb5qkB~GxPtb!u52cfpPx^giFHh;**NX5c5+-(Hx_{$u(`G4z2L%} zdfpi^e-cyIAr3Pp~`pmJGPEi_rqnDQ~8&;)%qi!ANzm!=(CXpdlJsowf$oq;&|?#>#la zVq$cP0k$0iuSX^vl8JpZ9Rg*%>nE~SZt{-&8V`c=#K@=0eaFCDQs&5{-y@-IOA2zr zx&2{#XPdJt&bU71t~f7ki9_q`ihHSjw6{96&aSvQLfhg!5@XLE2E&?DS;P%+OPjaT zt}b5_*rXOmD~ky}r$6?^3BvK|u6=R04LS?&e?ip3zBr-z7WqMaU)+w4*cT^^&&t;K z#R=%r0ouMefeZnXcVC=jtRCp>i_1a>Fs{1}gRiwOF2x;^f0ul7U);5j0%EmyU!0Wq z!htFF#qGw9dF~~Xxe40eFb?XMv@dRpAWdsPeuJ^SgB0DyzPMZI4(lLdi)Szb51ISo z8Vksk-VNG$ zjc^&Rzk*Na5AG+BQyWd_ciO3q+sAM?zJwQM;a`GpMzGFK0;6~kPCbN6$-)I$0Z48I z|N653suH-!K_$|&k5!3|*~3&KGkZ{cAT+3jWu4t+mOz)mSVa{WmiwRqrPtehj6K4H zB69|Q{=^k!J|FH;%Q~XLd79v0TY(HK3GSCpwk*}-HPcA;~L(k@^Hob6_(oqz~v z+B#D%W733fzQ{7_Fp+>snDq{w2%kI{zA&$0AhxF-8K2|ULK>J@9J+yn)(TI93nj^u^2)ynk*bN2 zNwxWtKFtrT55{tewXbj7{|8kZKu$4!*5?OaMS#!fpco;^WSAuGBv-LX6wK7ZJ`91& zgua@Nhwx|o8~lsI4p@*AiWq|vBXWQ=KlbrjTQHgA_N5xE$uKA}PPh`y|CY(sxbqb1 zXCg9WBf~f(pa=O;(qIJC|f_L9)HIEF0`sxhpNgVnkw?-B#!-t{Ox*s$PCS&{) zoAd24tS|hI=N#dal5dV-%YPTK+B=3xiJSVS7{f-YQnfK`TCb!r>@Zcd8pDoIMYl1A z&4<~yK87vCdi=yFYKax>Yntoe{Wo*mylPOE=S#Yy)G{}*H1 zEmvz}n{_*q8r6b>U8CBw$8c1m8{oghVvaC!&JZVxY#+jx)IN_dQOAb>7oTGJSqvs` z^%ZY|=CQm9lP+(v^-^arIX#F_MIr@9%gbTrYBZs+&S=s!(st7j)@VMFZiuoc)L9>=2UWXKji58%O7zG-yRN3jCY`*Sdc0gr!^knakcU84rMo+BOg-6dA6+LGUdtYfUP+RTAq}g7fT;t^F%Jt*^gvDd2 zaLx?z-C_5AL@{Ll1KFs-990AU7>m)8YA%TyP-N#c&m4O>O}hjU!G)`W+?<9Y<2hiUkdJ@| z#=(aot;9Rr^fx*5OD*~(HvRVy*+YMdn|`E2kCk;*{^K_N%gOZVZu*}_Q2szuUYRVJ z_!ligO=|*=;jh4>xrC1iJU0LOXy7sXMIByI@*C?Nf*o+`Bvw`h9Cdx{>nPip`4dO0 z&@nAj6wv-eS!K4cJ_sxK-am#}a-OH!XF^VGHES#$G4C}!CM|dtBWNv#$Es0XEqLS1 zL@nn1bxdMW9Z7VNI{d^9yW~4}QO(N;H8YJZ|%SnZ?#{zrWosEmRooUU`>rb4~M7#`G_c< zE)ge+(|07HxBYUSMOrn;I`1#YVIh041ZXPlexC_IWO@Sb&?&6}*N z3RWOGHP-;+&$^sR_2m^vI{w8EJ25n;(@`oQFq}na@$tbjCPQ_-|sxm6U0~S#g|Ck(apnc$S z!}xk~16!Xl9U$%TY!d@^Q>Hak-7uGus_}?3FtI=}-j()+TaE@^w<4F8ZPmU}GAoF8 z9oCRw+%pn8xVS9Io8#mr0>cHV!Vmv6llKxneC#Af_ObDuX^&m>>;sGfmYK^f1#D;6vY2)V_lPsRb^pqx3L1r zSdRcp>qb#L)&%aM+96||5qn8(Y!2MxU!1POBnYpzGy^6l{{fKA%z@mQHR1WFITx36 z_zS1T0g>Erj9wtI68?gBuJPIqo?H@ec1Gf178xrcz2q)zWFrluYEf0 zi=jLpB3K&qZ9u&puTCDe1?nk-GdcL7sV$y^}}+ygU8;AMn-?SXBK z&yV46iWNyuFl}5Kwr6C{isbn?2ha}MK@P1mo9o{`+Rb=DE4v-=8pQq{&R5uougXnv zPPh9QHJ9_T@{(eb`x>%L(LRAbICH$RdfUFy1}?i72U>MZXT-C`dqH$4s$Ly?l1OS&hmHq zOfA+j9^(_<0IbI+YXYCpiP2eeq~HPTDtN&vU+74PUvC`!nmSf77c)q0-SE`I=?aIT zgYaMC>h9uCs*HE~$VI7f&{i2AsE0S@;bT1H2Y5?jmGPOR%O!nlI`1G|k1O@#Gt)u? z5X4r&@l$t(F$ioUQc5CIN=UhyXMBLW6(M&q@zyxpbVxb5Fw?_F@1OXN~Hf(Ig* zAq<8KUJgP&%AK}~%P}Sw=fvt6ZZ0NL+Ws&}#xuz;#V~0$huX z@wMtW8?KH#MipG73dX%|Awf~YMI=xF`~qY5SDkR!FR)l1_TV8u5W^dKJe#Vyb0H4+ z1@iN9@_pGoqJex@8hh~h>hw@2=BGndlggp4mAH&j#yTa~o4a|LgwpL~k?XnHqLD01 zt^qE&2(H}Amg{iH6`huEDP_@@;I@oiC2?vOZk~pQ&sY31Eq?F4qSuq)O25tT(?O`) z(+I_>%gdq5vz0En02##h2=HS(yG2CCk~5*|iy$MUsK!|oeGQGGvX{*>4?Haazuf@- zXRDQeVb%%thZE+@MAarY7>_Y1M+f~w3+>RmqZgBAHEw2SD6A}mec`h}~197CCtTWqwj_qN#D zgB(6bflp!?Jhs%hi-}(vJ_{{@1<%=4k$j)8+Q^z&ZDjaMoBXA+LXCY8kyR?_&r(6Z zUw&kpMZ!-D86Rn?+}jp?I*OEq9q#SJEK+{VuKusjAx=brqOv8>xW!;3t31IHX2$|g z;6z`OoanP0Z4izYUc_;l~(A%&VFVx$uI(l*@u!cX2y8H36uW%@$Zc zCXnx6JQG}Ub3ReuHvyU%I_Im<831(-kp0T)tNS)lbv4Ep19|i7r@WEdM6WU;zx{^M z5Eob|eOcc(;f)sb*s>xi-#6in-1Wu-FPfcY%BR|m+|L~dt*J{g5-Ty6Q#W$Igd+m* z_w{H?G&OFy2z_eZ$W540jEi}bT02@HdHF)?YVF7-hE&4N8bxennwN5ys9KvkMMRjF zQ^$L`qteLsZJE0dfHm(8IoSz0R^*~Xt_hzEm9c@UaN+tW_@WSYLJ*dQmU;rUFEBP? z-&tZHnkzji{SVbR~&$LB!$W&kQG1 zFq}+UIRUTiD5^EAi@P3VRT ztnx=EsqP_-%5PKs6I6drbuX(T>W$MhhFLblsTxE7qH6@XMb%A2wl$VW$U{3lY-eiK zmCJq7s#gpbYgqlfqlmq23D)oD@`As^|G3pX&ZF*UL15{?zliG$Et`;5f0AS{IZ*y!3eH!_-vX@<@4w{6m892s}d`!$^7(-NGN#~23 zv}lD3S93C>y*-%Aw$avJ&9xbRT4POk0Z7~n791@Rt_JxdDoQ!K@Z8rk3fRyOe~e9M zY^AT8%@vd;w?3YAr0mNy6k6; z1pJ6cgE>=xg)k{EF^tbKc%Vdyl=CY1;|t-Op3U8_ai7;k?kQoInw#?hrYAm(qm_M8 zXX7Dk(+8U}2xWezRZiI(r>-&=kc*LnpFQNZk&m;fTc-FOL+Cl_D)vb$D3 zjb35A2;|%f>4BjW(Pb#1FZ&QX#WByRN~T^1r6cy(#86ByYov)OtI=n}_GaUpFCYf= zL*96E5+^|U&EJm5aqp_)5qRF@NMN0h3msrT!$BvCp z>4QZ?-%(bSF%pmFb}h4P`TE`a%E(ns%+OGM`p#?<6&=>1JhZiG*L*TAUr!B|D6^>$ z(5Ihb@>59Zalt4>4@P3S_~FhMNj$uJboe8Gcol18TaJ+4$%&E~e;tWUoY=e>>n*B* zo@pdAn|OWMAV+DUtKWrZ;EzOPR$AIEA?wA{^_O9u?{F4P-@K-HZ^tOalLs!WP%uOdgDpP;8Q#Cur#{e ziLuXy`i#M!Z*M-7>dI@{4?EBIH%dQ)1-(jJdYLvF6GOz{hIe(%#?Vh;yP@^K5NnGP z!*nm%-C_O|(>RI;6s*qDN*4i66YzaP$&|4h!bz|wt`7_Ix`WHB!mP|PHQULdF8Y8H z7aAFx)b#7CA7uK4FH7=UNuofESGg6`q%U+Ryg5fkZT{uo+vVV{14GpXX;QE{%iqdm z%v{LVe6E9F&dQQd><-B9B;nhW83;I~wbx9@$i++nUrZW@a^}!8SQ9m~H!7Iwja0Rz z@oTWI!nxX!I0?_MC+!1%YNco}xEP;*&q4Y_O?Yd@2ACzgGig&n-q*{lAW#2{()ONg zA@ocNo0d2Uot$a*al%akfD}g`WG!#EvGcb*fGmgoQ&R$^MdwFLAkJ6Ont!yL5(w6 z$i_=NiO%qudG6-HuavS@B8HRZ8i!i-UurnFzl z%Mx0b{r04KqcLV<{A4KfLJ&9KEX_TF%h-5q z>a2O`=~#G4nWx50OFl~m=~yk4uh_@{x+>T~hI@8fOi!@B!G#vp@&1aArwx}q_u_CV z<=|}1NyaZ@?BR0yM;I=D`N%U|<^!OH%lYfj_sK+$F!02L`)m4ZJJ2fU5*r+@q^3KdiXjlG}pYsEo^CxX$8~RIq zEl+Q&4S#;%JEG0Z8|4di&CS{D3w2x*_ztf&a&|R`_JL}Cu6zTdzKR;YslyA@ebEtq z_LqisReoS+yn_t$q*-20!%_YvCqqiOpiNx*x)`87p)P9z8w2vSIXv#0-2;F7W@qAW ze`u7M=O(toascQjxMwH6#3OioR|j`nH73w7pICzuYXC-KXre+#ADH-;dh9RMhbEp- zk9|V^+??;O6yQ;byA^QX&{#5_3BEIDSH17UQgddcx+>8DkZK3As%lGzGDPV<|0}Bo z;|O0~)rkDS#zwrUYv>!ohV@D0&^A8Sle9{7VkH`(vHfrk)JsRkN#}zSmkn?}o}`^_a;M zgx&=Zf2nc&vIMb-#@tDFgc?(f}1~f)_V7Zj3fBvZ*izh5bl51wI}3&i?Ao; zLlCvFzh7uheur*awickjVAIiAu--~x{KAR)o)7`8{BB3{n!skbt!bMTQW!{ZGo#2iPRv|Z>5X2!rR$S6fdXnbWRI)L%caSSzDzPr6z^36RVwKTEzpHUOxIwh>rUff;N zSFNF)r%KiKgyejK!;%L;l7?VZj-?sKX{u-duqR}aD!Pq5Aq!BY*7t-wIm6l$azv|p zLT+shZ*{I3|3cf;ndc2C7EzD7yImrBXQP~ZG1UBOF~&YrwF*8RyGGR4ir+gy-ThaD zy(-$Sk-ah)(&nQ>Hzz(uNbtbs#JHa1}5}h#G*WOBI;q5KHWGs#U zHdtE6>iPZ7vODCnhm25eM=6lqTr6u)QURd0ATC91mKvYP%V%zt;eQ6meF0~ZFD&X% zvkynF3LPf6{}kLBW8`_9=qzDgexL}0RbUA=*gPd$NO3kh!NbrXSZ)k+WZ9b+-bB$c zsKUXJ87jo}48H74d_)<00vh?XTO9mOaO$lyzL-12+&^ z%Cwf$aIAy2vBk**%>zjI6=Bm)F{)XFc?~xuKsOQfUBQ@~rtq9!(a*vOdMpT{xG$|o z2V?H$uIv&GN?}>36O+=(u=>O0WMjw?Ji;PhXYemNM$Do<5*~%DJbB}hhL}?l-Loeq zqO4mB{9GS5uQ4i)Q|_RO?w~K|R4n`l-a{l-w4cq*CL6=erW9-%Z^Qt@6XrO$la?{Q zEDiRqeFA6@>Qd<&W(DCrKhJ2d=;>yelR>PBek#h0POA^9Rxr-!$}=Qmp{T|wFniq2 zAs>o1jFaI+G`xcyJbwFn1PJhQMSe_9K44&BUFFDYIO9MXLzv7lccDdDa~E0|&t6&< z#>198GGpFJ0pW^qK(m~Ox|F3I`Zg^sOeiw{?4jCp7}3gaTQed#RJ#$Y^0;9kFXug6 z0n&KIN1 z=(P7tZ5fwmvYmPCwQ(x^E4Fu+h%!0#9mf9RpdRm_vZ;A$7ELWbO7+G*z(7;09CfVr z7&MUgSgm=UV4yWh=TG@Do<}KBp4pK~e$Vj5A8^B-BqSPU?2C2Bq%;l_W|c2-|Q zs#R{P3jjmQ!3&P4#A>)%=6GVRbz>f3W6sIcQ2PL^726q)&g^@HRWJ9AE3o!vZ#6&I zlU&Vm!aUV{4lu2}hwx~Qc|kVRnYdt0ro$Nfj)D@=klQf+jY;?C9W0Ohbd5Rwn4=;9 zYW%4Ohk9emI<6xZj&ZIE zhcPm^Axpk{rmK2A(7dW%)dDH}x=#8i&@@%tgU7~W-Ga>}cf;L~SGvij{2%K61U#xD zdjrNh36TJ5M?^tIjN%ed2i!qiq7rNr6c-c~6*t6X9K=N90ycJ9(za1_L~$HPbes{D zapD5RNV)?eiQ^W<1(g}&=;)1c362Xm3g7#ls#~|JI|;=9@Bcl|$McY`bLwn$s_InT zx^=4n>XD9D?RNA86ih(jq4nO0XP76E;0fqhe0;D4yy1X1cmmpL%Xn8$GPM&{+=jdfJb>i0QW;h4W zKg;p_BZ8m6O?biGRf2k9jrIH^m^g?spMNBy=%1O-KSMV2{3H4P^G}1AwWWLFMdMa$ zJ9_?6TCIChXTFpD{G(L2zyWyvQK~od{BsTZ&}N>0PSejn4F`4o{Iex=_)OXoBds_N zKK(o$wBnnJ{nq3>$7k}64S0iAT(V`n+XTEpEAC-o)}*kFb0q=6`>t z%p@m%cxdAj*dR>%s!G$KVH>T%gB-Te^Hof`ZXx=$^#C{SM}*S&b2#CU|5{(=J3&3m z2tIU9v%UZ7Sq6{pnD`-P8S0D<7}(_9wMX!2^?_nnigpG2M4$VC!?Zb(eZyZD8vn&fyo z=%3@Atz0fAB+})Bb{CgxS>9!vdWTvs#^WHSGT0@@sf_$6Ro)56##Dx=*1JfBZ6Zip zMS7x+(MD{A2o?aha)1O+Gc3%Om@G`yBv&Rs_JOn#WAYV6j>$_l!sMspJ)?o)1_R^yqLWTZ>7xSdYGw|1FRqRvoW+2-3 z&QeP2z1z4MT>I%Vnx+(aGl<7qO0Z&k*4+qvwh47`luvmTOz7y6)AzxXUJo18qt(*4 zFwl2mM80Ljr(ERFMtr4qm`|ah*Z~@t3)zLu(3-})grkV zU)e}vQxkT+T+uuYAhQ+NP*%NlZb0CF7~3NJ}Pq+TIt5P#uKdo!$EL~2R zh|PRER5ncFe4IoH{<=;pJuJl8?8GWrK7&8A`0EmGchq zT8(EOF88*=2_9Mm4=WE>PR3g|R7x{Mr|yIoRa_XnM8dE#l+%IX5nQt%>anLAeN2)C zLcHlsEl?e%E|UIaB)z}*S4k@HZE7%*?)-I zt$Sez8u$xBgW{J#FoX46#Fu*t@zVw(V5J zBrS77hRjh$=8@f!35j$hE=TZFkpe$8y$6CKbI18%Qqh+5b-1L}4Q(|4R zf9fPyVh%U0sp*d2BGq_B5^7av!0^!6*4MG$1&Y`^rp7Av43+Jsp$Nwc)psz8sE#ui zRIB25;xC_i_=}kYS;I?D-E(AfI2OlH7OfWo*?32WNGwzanM_)}?LyDzG#`QP^#IzaKjbjHtYBic({AP}&z4b;nzqFD)K_l!~CVQ@W+1gVOG4 zO1ndMMKNyRgN}#s;~TcOk=FQRcgpThaKn}SL>1wu213=;^$8&O3=pndz%1>7(MHjE z-BYAQTk$BE#P;i!Bt3n>jD_3FW5>a`~OX0AQzsH3ca&5JeiJxa*jwtz$xx+_r9atd6IK2n zs9!z5kb)YoO#c6}SI%?2((AEqc|~n9T^H1QYPxZ7>aX1sr6TD@L{(wD29wy-WE6=C#DFIgYTOxe$|OJ;4@R5xKZ&M+gZ zcjuqw4D8pdO6RUBy(>?op9AT5=a(qGr?GSqNimL-P2SJov^Yp90_Yt-q)!NjLn9Y+ z5DlD7JwkGNFE0Hx&7RqmGX=M-_d%j}6p7rnq3NAw_`B9-{8N@Gg<~#+TE)K=;~bcB zeeOIaa@(+Z_r*}#@Yu|zP}$J*&PGzPC25Q+=?IRP@sn=efMx%IFkfxPx{E(J#sKb) z)${Mx;W@8!Wk67oWRI5y9E`Pfydux=?(KVVN7l;LhlN-PbV-g$U_aX+MRlXBw~H6C zMdw8&O}-Uw=5-b7XmwnA5lL*svzxc?zKU%$*rGFE43+QV`~2!+-#sDxYrT}(=dn=9 z>ZxgbRjX^Nx?)?*TF0Z9$0Sx96Z>~h4ehlaT!~f7H|D7T9Z75$op>v~mvP|dALfTz zU&AtitM;dT9JTErfJF=7ue#}28BlHMxQDqhd=U|_gPB%~i30R?fSAr(jF9ZnQ(BC? zKNwCC*rLQA+{H)@kKLPyvE3z-*|`Z#4fUUipqE{$QUFU^T?5`UI=`0@uU1(zW{&n zP`^NNd@3Aj7+$N>9E9K2=^~_G)oG5vD|MRV?=qdnQ)*lc&-QK83kSmh;~{x8aUOzK6!8*)>ozgiMLf3;3uy! zela2Z!{w?-kroYsd{7!?qhu1VN3e6oyKk^mHHKY3UNgz}hP;(PNFL2&RjaGl?6}(e zp479@d<`*;@nzpbGXAx0zY|U!iHWT$P6^S=hKSa+em#H%!|vHlZ}DaJH+a*rD*iS8 zD(nHPf529haGV#O*yXCda_2S3K4w9q;_n_ePHL2ET(8naN7ICOIL_ zQI6pT0XT+lf?UV&6_ht?kFFdeB+1;sF?J(f`mQ)eXx^b1?dzA3ww&~Je{s^c&^C)h zwRm7u>4NfY!63}@!O(^$?$QPDNwt&%s|0+DS_4lb3d)ZrzJi)?0s?Yce+$vRkkf!~ zeF1fy>BJesQg>k-vvwYAd?%>Ufv&N~Kw@L*0#=;V*&A<4?Nr{oy++(3h_W44#nUJd z#!A*yRXhctZJ@4%D#_EprUsP@kQ|B9g-DTn6jFCoSa3gu~zWiv|5TLG`p&zNi*Ee zDrUZ0%%MBL792qg&1@QoJtj3pr&h(!XG&!q45DN`iM)~b;-Lh`JtB>z7m*OIEJSBd z&SO5pEOE*?zs&dRT{{OilVv(5DZ16YZ5RYat`qNuQ|n{u7M4!jBP7plH0~)st}*VH zBUaB;{&mB#1W4gY$q6qRy`m@Pbg`Bk9(k(@o5M}~l8qDF8+A#%HTPp%UUugdolns$ z-FesI`)xEB!QTsfYLVMZCt)i^vUEYDdg6jjxrtTQmd>M)lWK6OhXTjl-&Qy8PqOU~ zak_q9Hd*_d*s94-CDl{<#{g5sF4t?oshW6B!fU#RA%BMC$GPNxBCgcM-3FW=g{y1$ zP-0p7+YW@BMcjF=kWxp;TvteO2SWN0cbzLF1YCIO;&#-nRgN#3v&-==ad*4iD}V#{ zcP{s$4!GwN_cxcjQgJg}Sh}z3fctFXnq2NNz+us605-~`vAs-J*zgXx2NL(O%Uu8* z4#(gwGOI0p`vxd8>hE8~{p52012_ckLU5}-unpotG0L(1q34C#CYvnoIrOszFzXnT z)x*l#m05e6ENqZ7T!Wd_M@t_H07a%EtGyiAfzd;VI}qd+-3~N*>EdfKDq2O}^g1X{ zbSc}2JK4p(2OKP1fcIdr7Qb8zG44(Somfa;idVx0I+MbAE71rKRkj5kNA!N&;rnn@tT7t(CR0UWSqEBrH_X1;OP^q z;%`6~B6c<7WU}-`RX@~*gp8`;Zo(c5Mi=Qe;5!yg@!x)!Wz z^!eXioB>dG4o-2|oDfU<-PHb7wP-(Xvy6`R`;7LPf%a&V8l$zR3pQLTmtLd#{3|S3xIzion|d&=#4rc+UlIX7m_K+&^6% zhY*+17I*J}cN^k%@%yDv?`OJX^9j$JODn0hDJzoPU(YLHuWmjj2P>Tb7)r+2_zLR{SC-VZoDhRg+bsBEvPvn7RHp=@*0VbJ|FlvWck z0hhpI%4#MpYt}YqTirz5v##FffQ#14#9!LaG>B=WE;@z48%jKrmiU}CUv zicnao4W+gji3oLKf)OelUq;M!z*u%%3Z0u3SknMbi|N1)j2}eYey;G|TO_>275>gk z*`8Sr9ICfk0^e7N9;kmcn!EsJJ(?i!5h=q77r0_G9}Uk^cd?|7cMZE5@{;9`TK)Qb zYMty-od_I+^t^cx$D;X>88fV{-@~guD2&zf?=EG1Rbtn0C5zBHl)PMjZLH^79+&Q9 zYU3~6F?w4|cg%yIxDLyuJLUo;RxRBTAxn2}saG%@bLxhmkES^Yyk|BExPg+aYRJl}7tS_zBIj=k@FP zN*Gy!P*zuh-mQ9G1FBz$9tROBrU@iP%YNQeHvlw>j`70Tx@L>$`@-=E)&X<=O$V$>4>T`b-+Y1JM=g^&{0g370>arT!;;nY?{W1$pUbWn2*4NWpb=7i(B=wnTx#bn8nx5rbA=)-?!WK4usoX`| zxbkDVCSD6gtWtTlssS(_kw~6*2%H80FAkVQBO+~j4^z%t>+ll(PBh2aGgszJ!RcrA z>-5WziNcAIb65`D8*fC~>P8{>2kgDcj$O)|vAMQIRp$_6L$0N!$WqhKRdc_xa;GTN zY`#iQ(Q0-zY94q#Xf+R_>BHm#n!I^g`C8U4M%KxetW%V%ZMRI;^B<|=7aLi5maKdw zE4*c{{H>O?n~}A&HmI?8dIUB0GSXI!out(Cq?!TNYq$!q>yFhn6aMK%fhArA%Ar9DyA@e4GfeVtLftlMTvwoOfKi+?hDxo zbkt^>*(v{0ezxj=sVQ8fT0$)(7C~b2++}{temIZgD+dS}U&TUv-mMIkA>?LIXhZRK zjXB4!IvYq&2Z6%R*hbRO0E&EyktgH*dBz$GC6I1p0!q zB82;`O}IaY;hsxrez-TWp94XsvH!N`5c}`wB=-LnnSLisvN$^S-;A_X&6~Ovl$T-4 z7l-noQ*H${{!pH$Wc6Xt*?dr*u4N51!Kv=qK-N+#!krCg^(r5^Stk$D5`)k@4HDbJ zRwO&qQo(N!w|op)&W&OydN79cv1An}Sz9=Ulxtamq3LIWqVq`;cIB$rU1Z$z0BHOg zeV!*i=oJs|IUi+&@X3c^V!NfCiB^< zVO(N-6NUg>&!?ZP&?sB*w6SoNT*bgAs)gR=a$R3TBF=LdC5FbYMvB*|@={n(TnP#+ zn_y%1cPaIZ(z+JMk)fUEl;gn5(xzl|TU2AB^f_tt`2?V)wrv-cxi>5`nFN?AlKYC} zaOJn)Xq2lG(V9ZD>$w`qhoSJCmywf{9RHCf54;j~qd4_Dzx5AP=HIz8vDT%7a2qO@_J2Y8Dy+pQXcOpT$TIHeLAsrx*dG?lAS)2TM6t1A0K7SnG?h zZQFW0-*^o-QQz)AnsZM#@8#8Z=OTgt49i#IZ1W7)4Uxquxr5wg3drx$pSfwQG zj>9OFO>A$iJz-PU1O4j1NgNZ+>!8`9e-AT1?|N z5qJWMS=SHx)oRF{GdPiu6G$^8`p@x4qO%5l=fpPnf)QcXLbWOKBk6pdnB>omYFN(B z?9T6@y1>G&h*S?-&=rZ_(dKtaG+HT}+a;0T?FMx2lW0Xx^=h#Sl45?xA}~jFEG8rD zx?Rc0myf?0>-=U=ZTUS~k*_*$1!S4dOF(yCCeeAL_>s=bgzmgdcF=iQ6X?9+>twa~ zGdWK@hRqqMtr*%c7>Uv67Bz|2_>XJy; z^@J{o{JQ?XsHYNWGWA42*AtVdrwD$eo|w?}#AFBcL@%PA#81g;@kMf;ls37T<*|b7 z!H?TPwnBXsC&6m;_kOTq=#dA^5mc9aP=0hU9Rw=OGE`1If4m{nIm_Tsj|WW7D*XNa z?x}lh=<>m4E<(b3Zxbe!Sts`W19PLy@5p%CUk2}s0dH_(-yK`VJ15``PV76?<{d8I zuO)DpG!78LDZMR`B>yALPu;4gW8n+-e^SBNHgUZmlkf?ORSF1&^aezdAkuj}?t%F| zdgCn?&TN*UNPclX=~q{o`zH9sUNKZdEe`le@Y^)`J`HMti!~N_Wd*DbWlL?#DELzu z)9#(2jA^eeA(n@1Cvu<1E`C~QkW<8lJ(Lad38503?!!i5JNJA<6n~ z5l4h5E7N=<<^954{c>U^T?DuBqr0JqQu6I$6TV%OnWUxsZh4PpZ5}b(VqBuD2@t?UI}|UrhNgl+TNf?9r1r+?+4dr z*^7y22lgJ8X>aotu(xB{K7qYKFTNdLAiVtIxMcsac{g~iM`0g=N;kJwVKV8b_e0C< z^p1@^m*8W<^6BZhJWO`(C7c|UU5L9+LMi$!y@2SkQJgU=1jD8|XUyJGk27Yk08=Mt z%nHwk$VbJg4_MhPzPKD`%!=SKxQ8$}V^&aS-eR3GE12CulzGOiWGuTisyx$4r-H-_30(!x}i^Y36nr<}Q7+51S` zKVvqC^oWd$aZVAVUv0~gCgcaFNDDvoulK4ur?b9Ze&{VJg>`1_%d@h+UcOt19@swGKloi~Rp|AnVFF#%IPc zDQzJf&7}X?njES3)vJ8id0Woyh+i*Lwl}#SNxqvEioKrXRKQquKWB2dlfyghPr>1; z^SE6J`y9wRa>cd$=2m!HpYVCX6>2>ff5S_B;kyfWL zCd6@VmtqRn43U^W$q(MlQ^7yTlMobNotuMjp8-DcAYCpqFPBpsJ2&9O(mn~izr$fk zQHPlq+iiz4FRL4(7T0@c{e%x8SUItl5SD3r33389{+qE$_ffYC3)!v#Z!k{u+cMsd zHyFJ^%wF?4^>!MMSJtR_+`zyanvxlhn~8q@2E=0_c<4eW9`}6_@%Y2@JB`P}b0UQ5 zj>@pu?46AOofg4M-nQehpc-$o;;~@v0#Rl>mW=&o2l1F^f_m>@uRUUt3K6-efQ)$j zn&j(v{PxA&ipQd{F9s%6hgSSNUum`CXX5&-_<5>QjZiVO#XC!>-c0;Vb`(FIao}%1 z>T#gtXfqDL)9WLRC7hbF+OtlKxPHrcSiXv19i$hcmhK;Cm8fS*^4mpoNYK4vd_ikkm4D>Z}hHe7u- zuy3HI?O4!Md4JoJSH8-)P`+bo3d_nUp~!#!17>mkQY|j_Ghi7OODmJ5m6)4X1atEs zhB(!a`1AhvCJqGgrx_dWJBUA-yblJvLHxOA%Xlvcc!T&eNq9SrKV^$l{Ap*PiJp@g ze?r#)J@Q(_A0gQ7JSYC#-H7;e4wyQb4+_sK$VZ(8^T7`gkkTUfP+T+_%m)Q^e1#Q% z1hXB8GUJbAEJCOWmR8*5{Oxu$&8+#G6My#quZ}-OC06`V4|CS1({<-& z-xP>e`pvgn#C?zZn)h@iHzA-jsYCnUt6PZ3Xw3%iyN|QM zNirA2Z18*35x5YQIdgU9a$e=17*9$YAgv)(z6Zk7dsYlN$rZFn32IP+5JF}$Dc;jK zhK^c;N7zsjgK+Wly^d*TD~SkY4R~0n=fMd$#ojsky0OQe@P3gJ3ACT@k&Fh_Bz|KkdWQsoGznDd-3)TV(LxU!rwtm z&Ey>$@CGrpWXpKB33!8;+Cz9djj0nJQ!%xO!E?VeGGpp+qW?1;F;xg&ndHRO&t64L z?Fpt%Vyf_5hkV`L)ST{CG?BCj{`WuZm@26M&ah&tVCq4X8B--=(se;h^>7KCmxGT6 zOiV37Q^<&^8?c8SYir7ikP7u%8dF8%Q5amZ=5$GsikOO*Mrg%|sf&M?6;o#^)h)Cb%7L|Ggf6^5gQq;ugcUPc> zI}XwrYXb}6k%itljop}b@@kjI>YAX;8YQm2i=p^cycp!a);}S9F_J~{>FNlcs)6lB zFwV)tqj7aPA7vMl6;{soUS8%u2ZzddkIQ3qAJd2+xPCd8#YQa7s^QC3=Yu`-l|9_} z-3@y}Iel`xU&_QDvWh(;l|9%*6}%i&%h58F(j5gU3JSE*r%aqs&08- zAT~1IQ3wl)x@SR7E-WZk7LZjexY)AbCScf@D84QN@2NM=yTVr;HNW59q1R)Y&<(UX z-c|EiLUE3Fp-Q(ymv@FrvvGSTAf22?uEaccq1N*eL)kJg5f}sAIPMNCv3mZ+CGm{{ zmcSm>#pcrwII{+8%iZvQC}-;&Z|Ds1KUq=M`QFs$1OJ~PYfCFtSxDhMa-WoizVhx> zY1W)~n@UT$W~sE4YX;KEd6b~bHHYDhT|mvyrgzg~&d@5ZRxQT2__7-^;aA z>GKnG6YXA+b8-rDy!dn}a*FRDLsbcBArh8DICOTpEX6lH!2Hlp^im zJgC5)7@`xmtkwN2R?8Ik41g&aB_P*^;Bn%F{@gs7N75=(&F=NkWS8{7Tw6?7DgPNEM<96ew2T_ zf8PW3*fxipww@@pOCnaKyCe}~|JWsol;Qd=Nu)WQ(IttrvV*!L5l0kuNh1FF>i4G5 z+(+p$H>c z#TyCpw-Tgm#sd^mP=yTI`9EDIyisKQsFGL<%KuI!=OVdIC9$%V|FudkK(b9G7bf#t zk;377I0oYrq;R#(bI|<(l2xTk5Q9HY<9IGT>G`?}Uyt@N;70)Q0NG$Y3%yE;(02Z6 zQ++nY6QscBURvY>q~J^T*(=UwKTF~z`0P~?Oi9x@M$ENBq;mL4dalWtOlf>ar)Fj2 zN$6U1I4K5C@h#dnn_>Vd0*iW)0^JWI!&$JX*~3-T4dJCt#332wbSu`f8?Lbys-=RM zy4=f;wS>bD_>Ia-GwIfl@vXf0z_ zs0{lug@;gjPs6hhc(AB<<}sMs1=#I?wOpA?!LBR6xfS0IouP`*PieJI}q@c2oRLMg~t*&hVQ=LrC z%VCr^U@V_0%SU&~G`ER5FiWeKjbteWTKE4}@U#H@~9pBv&uQrO0u@t|KuDhir{*sCh z?zZA}Msd>#L5U}JLvin8q4}$_FPC<=#3vfX=UR%tKtI{i5?@Tk6O`g(x@2y{m#GOQ!gv(-VU0K zaC$vZsRhtwiMk}4>{OtvsCyhKB~E#Qp^IS zRkUIl27Ep&6|X5-jSqgNCl=LojnttIS+JJ^BDu2 zGIIKLmJ^2oZ8@Y!Q$;JTLnZOniOfpccvAdjuS@dR7#VEV>6!R<+ebKxVZ) z4xD1^dGj8e`rGwaVbxz0ggA=Ap?Ge^G(G^}zaCr90g+XvaR4KJCAXdc+pNrClIaA5 zfn?7&&fF%O;-?!y5d?%bfOKsnS;IA}bT7mErq015LM^`#F_pXqPl4C@6-nS`0IGU4 zrQeLWIAACVWKsH!vB{<+kVWY?KQ5IRnFO*Z{WB)H6k#X{Sd{o093}GYtg$HxD9SjK z{G4I9E}i1?ZRUfqkxxK#F-fjshs(EWfz3rgb1_M-BFB?a-FfEQTm&>1ljOq7P!1>B z|0SAhuFXY2b1_M-Lg88(T?20bRDs_Y;`iGsTL=Lygh~B%)EXqQale_EWObAL$eI?q zcP*gwR;E?mc)j11wXH1Sk*O-T!%q|{dDi{GPU!cldQ`rmJ z@UDjZ>FrI)&cU{DZNYYkirRugKe@DKTa&EaS|>4SncLe(FNtoCq-925g0>l>aY4q` zM&TFO*G(YT+AY-w=qsH zFZZ3khY=qE32hd82>7mz*5aOcZFGrEL?9q4GDIV6A_6{9cxiMHs1osmfz*|>t00DJ zM6`CW5mT%=#UKLOqfF}Z(o6(C8iK$_Rmpjjom@1|DcE6e<59o<_L?uqI`0#Q(;}k2LrPiQm!3 zA7$`y;L!&uJw4H^r@eQLUpsplXAFQ{bfY+fz&HR1?@Xqr7}h^(Rt!ZU@CHL{A?Qx= z`3X!Eei^hBr9Z3|*pvjaDE+BG$fhJ*-67$oS zm?FJA1Mzzj=&ey`F>vr^3*Iu+?S!_O!vBzW*a*J7XDAsC?Kx%P0LaH7Ox#;ej?_&M zrs^?&WP`fE$4w}tW60zBc&=(BzNx-Ao5NkPQ!PU;Vc^AM`Gk7eLnZPNlYnt6r z@*TFOJNignX{TXa+PCp?}lj(`@&Wcqs3 zE}jnfl{x-wvc={np!u0h-(dK!&gAzyz#5yMfaYg1eWT$&AmGO)FLX8E9lTxBG8)WL2QJ*Z_SYq&4KnrBs#xYQ+{ z4xBa5x_~4TT$1rx9>U23e0LaM2^(Vd{F_r&q7w|8#PGEH87i4uHcBP(%1&rI4-L41 z{cZ+?tA1B~2pTryr{HHBd^z!qpMt;3;LjzV9YOF98GI@5=m^AG4eh?GoPt#WOg#%8 zi=+%V-F;Q%vGR9Jz2Z`x1S-7Pc*n(#aK#UyD14TIH>7nH%n++}n7dVlSTD~*6Yj^LQV|CbF&xk6dY9@?oZ=J|r> z8v)NiK;Vie4E_(9g1dCZ5x(FCBj7AYuxIecWD4%m6`$;`Wg)1PMLg+ z9+`YAeZDrs_c5EIZ6^b8Cg1HoU$2PYtR4qnR7xM}sCsTgc4`k$Tch&7rm{j7({UEI z30P~M^1KT^Aw13^?0uxz&eT&?Hbprpf@+>h3Knr`&Ch7c>Ar?{TsH4Wpi&39hVPY4 z))y#CMIO0IT&`~}(Q22}jHcRPS?nF;SVdk1Fg4j_ekNcpb(!b8%n34AxXk4N^B9-; z9G7_Y+T*oGJlL5tITf!Ougzdrvhdi_-;GwQI~lh znLU?zwq{P&taN#&k+{cLrzM^aoMlWYNw#rG4ggL!8XT-^8`IxqE+F#|m-)MkOx4eI zAH+UDj-~k(5@NeD9*r@J6ot{+cIZ*O|eULo9x2A@Z`U#hMpet}2lGL~)8!qq#&iw-fD%nxW9=YNg^`>KK4Rfq`@Dg}3RXq(H zo|QT@ZC(fTvw^e9I)fx@T+_}2P78d(HDENUe{!jZy8?H2!M>E`4!@hGK*%qykT&2l z$kqU5Mb4MWwap1m_gqXaRq`e@8p~4;kU7}EcRQK)aG5ItW_-12GoR-&pG@Y%T;@>$ z^Q$iN?k;m*GLLhaH=b|Ie%)pM6gigJ?*L3);4&`{n44YZ$6V(5WWLsAt_+xQ#)Vzx z%U$Mk$eeVUj}Mq}G>XlK$M=c+h4Q-#0qS!1gppj9wwsR+9&LR3+B zqSKJSJU62hoIG+7XrZlwfL6hzrD75Itx`M)Fg3zek;qiRc_vjXuvHMyDwwoXjCEBU zP8CyJ6?7pDBIc?n zqly|=#gt4HoFG$0m92t+R>7pDqR3UT9aXGxRs3>JMk%6NMbuV7K&xQVQc(|ntGb^8 zm4g+81?*qQEaOqpj9wwskq5i@ms2>byb{|slu=BB3lIkt%6BQ#ZIn@-c-@zs`%lI zj8gdhVt}oJfL6hzrD6&At?GUZV5;yWr$zlfQ-$B63T+hxvMpMNISHgBeJHt%877!K9_4eWFu}j{&BpxGG))PFMHeM1^17AzK9jt%6BQMYXG97FATa zDlX4d;n&4_>?AhxC<0mqla`91u8Lg(amFd($|2Z_nyPUXuRGn8O;P&2rQKFcKr3d_ zQv5Xdtw!(&z*LK?;*LxezWY2|1p%#sNlV2^u8O0nqVQy=o$Z^c!XHIiY!w8w3MMTT zZKpY7L^Hr~ESEJTszRaVULim4!BxYb;z2zrex4V_+5TNTnR>QEND` zsf%37fr^s4EXu7&d6`T3?Ws<|KLMDU?vlI#oOXt4Aw_z&w8r)=0qt8RE#Kbhs)$m> zd{@PlnJWBX*KDgGpj9wwso2j|v1=eMI1c2Z)G}A;kEfV&1yr19HrYxEXr)YAN|%D) zYWWLY@P0~npSo@ZDz(NnVn#OE`4kkaicTQcI+yDRa;c}TFP%}e!8V{|+o)o9SH-oND*U)mW2+#bRWNC(IMh|K z4^@nGRcxQB!jB6JZ50Hx3MMTTt50?uwGv?J6jwzJaE_z=$i2W;K|rfu(o!+qRdE4T zT;{46pQ*y{f%9z@1hfh!Efw3iDmI=36|-FxUjXNn!ta4|Z50Hx3MMTTPk`U*3=dGn z{jQ2RnJS|GgPpCSDp0|srQ#R#f++EuYR#l64^p}t`)&g&wcROBh`BbK>>>&ZV&CcH8t!tH zkW0nB@0{2-#WtOQHl0b!^bl19D^BZ9go-Jyihly7pD;z96RD(;|) zxvq*EGFAAoZ-T9YfL6hzrQ&c`#lBS0;Hv1Ksltza5nBZTt%6BQ#d{|>rDy_}YIjvU z2b|+5zZsR-DhOy5Oj;_+Tosp4MbW8FBRM5gg&+Gy*eVEU6--(xwsTeFQpE&U#n)pq zO5yjn;kF6_S_PAqil@MDRrf;xQ&Cq%GE;>g`-*K91hfh!EfpuaDvqFv8dpVepyGS! z7k+gY*(wNV6--(xut(l5#rptLEv|}}fYa5jHkSI~b%3pcfL6hzr6TUCxRxpkPjjmK z!a#-Ej^|f*p{;^|R>7pDVh>lv_Eb^gs@R0rrA{gQ-d$j;AfQz+X{ktq->U8!fT`)O zia%zm@JkW0RS?iBn6y+(c2$h0iUqEUk(ny|M!SB4{lEx7t03M|u>o(Ktx|jeFxBj; zco#UwQGSeSw^b0(DwwoX-0P~C6Npm{6s;#*IhD_(q0^m4aBe`U+L_;5JX#Wc4=}&9>tSXvZ^YIsRcv4~l#@r61`^pJk+fY@|2Y(g|qk zOj^>9bEO~bf_qW0>yy4frOt5mZ#*`OtPLoume&GIO>?=L$R+cxnnHZiWYzLhWDbh_ z5Siz?%*lXxZ!{Wj(zax$!}nmq zPKRdh^u>}&YAx(jJ3UTBPReu5edrjvSN3jLHJ1R^a?%X|Q-xM+I|p_>wm>XASCb58ql0B29JEjMc`5b{ECafWb z2UG;qXHScnw4`r1+9}l+08>q_^ml<%rRr~_FN74c97{m=Qzk9x54h5Ar}TDLdWDfb z!1fsd<+BA4Dc>6Li#r1S&eT35unPdx6_b|U!LHtZ)LRTnizH<9?nG5`L*RT!F{L7) zOU0zc`qEL3&z1m8O>m_@0-W;M&UUE?s8Y>^NcnV-r6OQj0s($uh*B|W=^gLtJ&JlO zT)jh$-d&(7=Q{oUA_1kh3L^gq9%=am{!D-^pTLsk32ER_cyF$Dba}Rf!_ceskK_JBUm(Uff=U@4- zP7?e=gbDp&9h3ftbrRNkO!C88SstR~7(d+gHTcQI^TQCKFEaSi#LMPnhR5K`sr`UY zjR2Wd?C25jSXOwv99Szno&zv7#brF6j4~+ih9a8aMnF~ZbQGu(JW|C3stK@)3H$*7 zs+dX3nr}xrdOrb}TIlM1130C($f%kIDW-}E=qhH?l75dXJx=M(uJo&o^xcj0DYkS1 zS~`=K^g~_g`%wCNSNirw`oTu}BwIQGEuBeA`kKQX&%6vURdkk9m5YH>o;k!wpI}QT zprtcuNx#9Beg&mRTT>3bOI5nDO|EuBeA`aoCuHk3ZymA+x5vK?J(FvMG3>m%e? zO|cnZYQD?7OfyGo_cW%J*rpNCrZH)mHrtgxgVGyZ>E{{gdl~5?Z0Q8FbS5q7gI($U zDBW|Vhm7=njP&8QbOKsBla}sVjXF zrH^o>k2cbW80kf}bOKsBla};euJoS{gY+q`^v{4(whuMZ2iVdHXz5H^(w_vY)n@)k z=~b@uDkFVgBfZd;PC!d%(vm*jm3|bZ*SOM$8tMBP=>@iQ0$Mtgmh^89b!=||m|EjX ze-$|8nf;CQkS(2nmd>Ol{VrGfEtDQQ$7wTH8R@^FbeWN?$JS^QUBX+}LL+^+vAx}vPC!d%(vtqpA&zHO0ZdJBr9T6l@(hnyR^yOoODCYEGigb`&Xqom z(koo)ryJ=!vRO%Qv85Bx(wVfR@8nAFttDZf<^ga6uC)Srte$^mf*=V_5SY*t1Sb6n zLdKW(r~R+J!!Peg5#Pa=_k)S&1VQ8kU*7itKDEFt^!W$FrTT09;Owliz*;@*aDb^M zmvL`0$^_v+Q`5~TgK0+uw6~bFyw!G)BYiEvRJ$v^2{sM^ec*B}9mCO~5N{1f6I|wF$Xwzw@2{DowTBtg8f?=DXw#UqO#Ajgr{JFeOigp8 zzX6;o_)$iBtu38^md>Ol{T^3(oYLpI(yunsM;PffwsZnoI+K?4LtW|nP?DOOTBi{_ z{$soU-PA}ZNW>RGNUWZJb9m&0B-rqoKo8@Q6HMmnBPV30`y6am5Bz7Z*9~9rbq0Sd z@n&Y+VDLkUH#6hc48AY$sTP1%d8Qt~0%R^6OaRtu_{RWD6`boZ?oUQ(_=g)GEl4@Zd){|F(mdj1WS!F5dJlR)G_PKtSP}boPNZ5;8$*d^ zy!{@WTI0&T$d!FMK-#k9@_u&ZZSTtK(QSDH&U0GYi@$Lk_8h?O*;nGqyT+Awaku5o zcjXOs<@M{fy!EcU)%!c;T?w#zsVUDoAs=bV2sOr7@4bF z=E0gdT6;WOyxN+N-f1GiTmU)}Flj{sZ$GD~?*oj@Y$*xf@r~>nboIP|T;+&p1d4)9 zmsPeh0$Lf9ma-dNWmf{sJm+LmrV9TxUDQ@VK&xQVQZc|)(Tgh9xTW}h-;7dht#_nU z*eVEU6--(x7K7gk&3^@$3Qch;{O(K@{(GkBwh97T1(TMFQ(YCuQAM$J*nq3Dq%N2vR=Ch(%HFTZHdxTAUs z(SOOu{aHeg{HlFZ-NL06XlMAB-h0H!A+Hfko!p-#JcqSO)dhDFjzL|fMerlIoG-YO zP*BhIwC>Lm%uEnv-k&8I1GWzC&tjwSmQO-0`FEoJ08GaHSB3@6QsA z8+&(ff7Xdgt95@?d5^67vyM`#TOzzat5m7R{T*H1DUBO=H*MrRf;MR!skwkfWBr(xzEd3N}8C%(YH#Or1LB$u` zAXsPd;RM{74PH$&KV%4V`uaCB++`8&EXqSBuUzG^z{%2OS)Owp3nlBlD`uPi6*7JE z!ZSMTn^vU=@34S3=+}F18Sj6iMsLusznJLj?Vw-JAEEknlpVO==b8O_F43>$pkE8Y zv#n0Q-Z%>V`kT)>?bpI{K7^vugMNM0m+03b_#e2NF6h^S`Y_Mx*Mj+r+_cy*^2KW| z3@<(R2e}kPGD-@9emwwn8=<$$zk zy+&!Z?izhCl+~}ND%GlA|5mBqOus$?Me6#l(dD!Jetog&*YLEt>zL_PC50W{c^vN^ zFK>>S29I`dR~@vVSSqd{YIPC=&_ksOG^o2nhq2RoD<{bX!F3A|m#n+y@(1(a=Vdsi zi~m|**%o@MXU>fz%Nx8Wn}6atEdX!_QN#9lQZ8NAHWWt@)PNipUCIxLy`xTHV^DCi zo@noTv|bAG_F$gen~Z?)JS0{fR|xyOXhmVpwS!ZCr#UFBo-kayhhxqWG)EJc-4vU- zY*SfpgoUZN{393VvHFJQilI>UA-9SpR;5D&{8+OW1a@dMcb{k2e2j1NRmf9L*$$Sq zF4+bRezIzMRYqy`8}ts8PE|@_XBF!PH!b6*t^oyOfG&-8sJ>6O`W2pb**7P{wAjpO zs5~g*Zoanl+~kEK_6qq$Ja+d^iuf4ixYcr=uOo>(tKL`hP`VICY_Cx2GG2k!fD)mJ zRjcGo?-;owacrWY4o=~012>2*;@NZRO6js8={)21r;4CDSx;8)T@+PruVO1}y$l@E zAP+i28YE7a6a}+a;KhANy1AM=ULhjH5FEXqi}P1W7hXC%-QP5q<3ZCHF9V(?t%_g6 z6r?wJ`@a4Y!d=;R0t^=*9B+q)~??^;wW#;2XqxyJDCck?B(QO4>;cKK8h z^WJNeS$-B+xx@1SYE=DPb}+>XsVFbkyD2k-Bgkb*zeUt*8vg zv0%-^MktOYMRJNxHpVCWNHMFTz&mUQt}`@@lAQ1z_~Hn{9FvnOYe~Dp`&~}1N)kLbr0hMob+nyblAW|*X;EIgH>9m;W!#VZu zaMh(TKB0qxN>fNipF_!1DQ8`yiqydcLaHfO*RoZqJA_`Nfp51+G4|gKUq0DTpR}TF z+rU(|#Z~c>X`61Dk^B;D=>usAkihXruA97qvD`ETdLvm}aN91wUwi#j6r$nsq@me*8@a=E6m7<_F<`2r4r3MX3#lVUysVV)`n3ouG#gk$s< zDwtwIWoN)1Iw`%C>3!D?WY}2D{B%!)y#QF{>l{Q2vS=FV#P5W0l~%mr=ANqi=cqoL z6Rylf`-#>|6@}w+)po3Y0yT##KNrU@CKQRSDoFP*y1w6q7Dz=TO9mp)M)DT3R?_)~ zh-+4W>Y2#XdOU*I4PaAfePe>giTUUb0llbBF`dDUhEs^T# z78z+fh`o9F-f%qm>ew5uoDFUUSsdq$FrAlwOl=Mht$H5+b)%mHRp}Nq7!_Ub|E>qh zxdpR{M(?%>YUVKfLJZXdAW%toWoKsuxr-;QO1OmU=YR@*MXax$et_lQdEkP_rog4f zzXUA*&TvWcR2WJ~i?@X8hF%A~A#baH`mJ4GB!0cy971JbYe4@GqA3<)IaQY{W!tyyk?v(|xeT_n6{UL{#3UlZ={^Q=JP^Uqx-FCh!$D(wEo8zu!1=f5Hpbs3 zF3Q0kf4tN9fq?RCW4u{sp;^d8Ce~1-M@oW0p*J<-a$+qypv5paF=`@=%z?%xnxChd zIy61Zg;X?}T`%Jm&}IAUx(Zir#eQJamRM@}q#2HX1_8-xG9s%**F3IOfE9@q;lIzL zIpFt>NxVEZfrsV|sZee>Cz5FN`t&f456ADIn0X?mTD+4}m=xc{8uG(`FI|>sh+NjN zTfFU*$a1d;pYM(mqHt^t_#)McGL)ZOOn0Wop*!flw6-0mn-i(~a_T&jcjUh~smnYN z`p*7%L4Xy2Pj;+o8oSofIG#AH+nmEle#HNFhT93?jM?NHf4;6asSwtK68 z%t0UyTInw0SV!WgVG%Cz%-q|g#Mtm@1<;#EMT{Yp!hlhNHE+3#d0S(DM-cVx`j zjFJDACa7ktd%~E&;H8Y5+n9P##`_j(MmHJDFwjKjs6{C%9j$yh&Y26Z#`Hnt1y{&OgZNDv0c|Dko6s;=&Qi&a^RE`YPrGV-s)UntS|{D4zH>u@RSzc-Q~9SxX-| z%C_|Dfxe|}`*&>StDwj*v+aFEM|BV4?3FYksE62>lTZnW*X6h(_ft5novQ+6{gS1h zVn$cCbz|vD)LW=^PyA(WB!>G<%O^-OQCh3kgwE#@UUOk`d~YtQF)U> z`Ojd<(x&7DTtQR%c1|I3G|)Vxue5y~rlG_e9MYKQ+pmNPoB9Q{aGbl;lT9;q%z zMKU|Y`3BpIgk@G!jnwH{rE+cf=3SDdYa{cMJ>m_pepKliEFu-a(`z?{+CGZS1VJvg z23ME1U@$xjwkR_n0(<%hG%j!UTWB|l()s@fMkmW5#Wk8Lq;&J4qZ!o`f_X4k54#q=4Cz_)`~!s~Ehneh{1Kh03vu9<(zQt+fiZ46{!? zsc5Awz8G|(=iy6qxXf-8K^NaWASIu|vS7Z2GCoEB*6r^h;~~SmI1_ zVtZ}KS-({wrR;c!(#eb-3dwwjqI;)A6;Cf`wtMZ<*t^dK0*gs`?=Y&sHy;3-@uIQa zdy~8IV=D*fzR9-(1OESF(`4JG-@UDE8WY&$zvyW9j{JYirlw0RKYh4b+w=^u+E4xq zly>iN?&uHvgrRx@y0qV5<#m{Ou9?~x{{U?qkN^G?j>L*;H9W3p?4eD)+V{dp0CN3>qD!tqyNOHv3T^P|i1IT{a}wQB}uTrk;Y3oXUip3!x%_7)35C@Ip@YMtZ1xV1|HDS#R}Z$4-@@8TWu^QkQFL7;Y>N zr|uEcecEuUQf%8D&sybpZf0R~wCIbPeX3Q8D730_2bLQhyq-?<+Td55PQ;o3ik|e= zC={QF)N@gIspL-`(hSNvpr^*_`GZXZ+P7ulq}1#DMEp5qv|Z&>l!e1-VbK{Ajc<`q zUW-)EqeZ?mBGo-|F*{K;JdZB+i=cC8V{0+~G>R_Pa8gn_Lh{`!UgzMN(t;p@6tlOM zRF!{&mtx;YKfelm2+QrYB|%7u&ip1+wkNpT5iwgL;U%Tt;Qo)7sKWbfB$_rRl$df9 zw(Tc0jd){(e-c&@ZO_Gj1d!u_LRcZN##_{kW*b{s?9ZCm6=24XkhH!w8fd1)tFSwW zc&Poc>eyZ#y*;%!GGf$vZ+{rLWjua=UGHrev86nI+*$AOn}I-&8I6?B<&s_czSqbV z;afQPDtt*VEF@OJosLiMhA4Wvu~bHROo zft9VL$5DD7P)`wH3XqN^>Vh692L5FQcAJ&5mEsQvMjJcFpu9#J(()fXEhLwLLK+!}8k>W1GWU z^8e!G{)}L|-a7)hW>&DpG7t4-J`~6dD%ZoSiVT_D$B-P4|8Qq`$#f2>;@7$YxX*j# z<#xR2b$kbGpeZBTk$GZX+-d#BkXtef*STIt~)RN9LtvH zey)f%jLP1FBc%6u$XJS(_~pl>#luI+WDO4?e1I;*NRaWa{t(I6@9K|$6)748j z06mkbJ`gAK;FRNk-(!0D!FyuQwo*urEN~{Zr)EnlIxgTJ&NWkF281l87f$> zR!(uGTHXbrD8t1L5a6M~=m_>69p&m6LLKTI*>w00$pPTMUL^~WoUM`tNG4P=gydZ+ zxgJx4dsVU>$v>*3hvcIw$vK6V%Q=q7t&TVU0H;^iNAZ)n3e(tQPt+bBP?uZFFnU3a zuhGBxkF3OWB3948Md3M1 zp)_()H6aQ9k=1Cg@eu&wXa2-mZp334wr;XzHE@y`8LaYwJ-Y1%yd_!uGs&<=wfxFd zEy`~#LNw_8P9t!`8q6zIm!jGuVbJZ^A380KR!I zmF^*V?;?~aIA7o)*pkrt-OfI;uON8~x*`(zPF^tF%Inb;vcC`=Z!93}YuQ2a9s`4- z-BIB8Dc}yHWoJR&Yy=2=C)Nfu(@v6q4dB+Z4Ab6%ti-k;C7JNe*Q)exlJ_P~Z3|%E zqFp7g+$b9)@I|0){dp&!VRu3HGfo%y_7z6p9+JNUoY&fDm<|+VPk2yiCG2b6NAgA* zYljJZ5o*2lRwLkGK|YU7M@oRecYeewxg0NZ74jUkjBw?9J38>4zX7Yt4@v%&{T%qt zIi|gwB}(o^I9K$9eJc->yb*XPPgJP(ZydPPtzZ-^I z1-XF8KN#c@V&;*i`4RTbI9&49m?|12@QJ96*0YQNh8w&|H)as_%{Wr>j$`!{8-}w5 zIT@Q%TDLdI3PBcO?MoGau-|+5rYKzblet5||TI0`}at8Xl`mUse93_E+onL>GaaN0w z@G;tZc21Q1@=!bJrjD&|M!L=dJNbuG}!pv+5SJ^h4n=PS-k?>ba z7?myIJX^vp*%I=Ngo`O*1ENeuDVj>GQoN6RzeTcIi|uM9z-rYV!WJT8(uKSEuFj!~ zdzFff$nsrXf0L+)))N^j-^F)vAH&)BBRD5#8+Uy+NHP_`56smD^p47A0XlM zYzaTw)qHTagq}viOiJjREnz3yhHo)wX4p_*B#fejW>91}s+TRHCR;);BVoh$kZ?z~ z1gAEyLcZ_n!77m}n;{F~)XxwlB#3u%)c^Fg#nrHns$g z`56)ljfAr(;cH9=GfI(TOL!gm8KvlFB=o0*MM?snm;6Zgy*(t{j{I1?JWk2SqU-UH z#I_}^fPmWyh)JJrE?C4lWA#8U6jH$)?C9 z0-b@TNQr(^+`&}AJ?mg2pYmX%T?Njl+za`36?nFP2)O{I9#dt6b-`fadBJ4&dg8xFC*80ELKnAP&r!_mzdD1h^CkDc8lbrvz{U5ttf zs@O)Ucu$I}R=L(p)e|uyt%+EF!+8`rSL1;-qb7&qurt%-pGCgiSZZwJ2)M=(lb&X3 z^24uKex>4F%eYa#aYS}#+{5HNG~2ir54VilF~hip+8*gF1l*`gO!`)1+)-4q8ml@e zzir%~ROE}+cWPV@a^9~v?SXBwZQS+9&lr~G7~LzrgoHDd1pC2jv>k4E3XR?N7U&X5 z@d&uSCng;=D$b{h?|NocZ+~0G+sL=8cfPHHfUAO-bj+yuxeY4rq6*nzjCT{?Va-;z zow7arE;rjSyaEQjVXXBm@c9(C7>dU!@+f7s?UAttKYDqZv)c zP{oH>3C!sC^KBI`Am3I|rKO7R3Ajy*m~?-m;*&3+q9R+x6}E~=87iV$s;D5~mV%h{ z0HY#G6+2|B7;w4esPD1-m@%=*y~M;nN>~kw3_ombOL#V0LY|TEb1Nj=l`SD;OSn2) zLJuRMjuP-$U4{*^%3<&H4tzshnRG}QSpff6&2YkE>MoalSmT+Uyn=A(>ij>`Y2`j zW!z4uvhz)LZn=*O8{Agq2g80lZWZCZh99)}utOE3Hv;<`=8Z-mU*G6*8r(3@sb}QH zSgFJKDU#HCwRFCzyN#ctkiRE|yN346WtJbWL4HOH+{#E;MhT}V33eR)t1aOG|2~6+x!DpSadH)2P ztR)J5iow4GJX}Gn^?=Zy7B0flZ)!Fut&ENT!RJu=O;$mBFZ)f_KL?5VR)P4YqcJ`X zqG>{`o~fMhou>nx6tpVis`!b>z?-KN_@hm?O1#IDG_jhwk?MJ*MYYcT$6S0f%8~--7#<1o|;B6ebV-ULv zh^DqcTp^@qa(CGVGEq2y6SNy(wq~+yygFhmiF74??b{61|8USje@Lhz{qf92X*|)|}z_5!&ZCmm!4TVK*6#fa} z^j-#l+W1=r<*zbH_|C1SklJ~Cf`vYpjX~0{_U3SLKo?@zt+(3jqsKS}kYSf1wb6PR z>>-t=HVXek;4uUI0IBy027uZq9FK5%jLD=n_pZWHlY+#si$!f)K4;R@#$bCazNHT^ z00sz_4VZi?0201)4--~9jh~{5>91w?ko6u#%{Sw(Sj<+1By7op+J^hZU}o6mi`wWb zFbEiSDOMZQKbthQNf?J*rvGY?tBt?U4REzd*p<~PF`3jp-YbTA47*s=wq+6p6!mHk za5-8dy^8^$_Vu1NO)KHsk2hhpC-_fdeM`3Z$QQN6*Bx6K3bJhRVWXI7YK!k#L$Dr*c4J*eg~MIEn9xN z_o;2Y*Gwy_Ex?taKHVZadL&Kl=v{5Cs9iD_?D+F!-4z4F+hfLFtX*ppux)m{hxQ?s)k6V@)mTYqC*nIoLum zECa;|8wCS?6pTsrFet7fijLVR*4ikzZ)w+}#74n@9|dDl#RkPLL@{4&ecFub34fku zM4X9qjAD|m*pa%}KzQXJfN+_DP%NBMO9}J|X&{_R2uswBat$GBAe0fpf!Q>C00)8w zLT)wE zA)Js6p~*nFi4gY5hH!xm;b*mlXSYT0N>?Ta6GA<5WYAD%Ls*&(;V=VX%OikrZ#IO< zHiSvp5JCpRB0@MX8^R4oS*8D24${9P;r;Z-L|jN`Om4Vqg8}LRA)SGTeWWuc^`s&F+X|3=7XW8)r>o7K>m=Q$6c!r@ z3kl&I=2#-0CtMpb--d9cr2CXYoq;f(5O&X|VVkWKzQOos>%KzN!w3Nbej#8?>RW?i zH==kFAToN(<-;u@xDDwUTBG19x4*sm5Fm_G5Y+iirTa$P)ht1}Y8WM{Jv3d?77X~s zh%u>S4T`Zuk(Z64zm4Kc4C^+E0u5DAFyQ9{V^Sf5q8(8@0uY(IJio8UBrc8wFvzZ6 zp^f{>4BYuPZU+3g8Iu}eaNqhMa37qF;yb&UJ7k~;*eDqAqhL&GfPOlpxq zaUoIsqIUc2T1>K0d@Q?tOje@i*eDqAqhL&`-k{j}08rcy5U$4BfOPDS;BO$@Rej`O zsVP%GQBBzTX>XgPGd+?-E!6{>F|ru&nUk0|~D5E)va(nc{O1H~E}1p|H*j7b$46p#EJD26H&HlwamiY8jg z$Uwv_eS5ntb?=zTc{%_9312^Kf4HTnKEt%d7O!fXLav*91t*l;IVB=*#uDK){+a1&|RM`#e6J2lrNjbT!Y z+T63rEBaOP?s(hdAa69_v@@;L{U#TtssY|wnYzr%c@J|=mz))OlL}MK{;Y$otXCpy z#whm=mYq$d&yaNADA(^ASNO{BL%j}Rj>UQ*uNcR_jUaS0Ys0l~dDYm01&WN3`9@n3 z-bcFKAC}sZz<^&87?Ub7B>gZKB;5lLt`>L^>1CDtD@%m@$O-S!*xg&0YsA$@S(?M- zFR_SUuJ}A-H~+~1sw7ldC<_3|^iu}>bTKA%rJ-vy>Dq>gU`Ex`2U^Vj2bwppnWKB;9AdIR?VF_X5IQ*$~#+5U$IHQ1Dk* zt``!*IoS|WHiRRyAq+AQ#uLKsSrC>(#NbWoY^y5tOKo$j+~yVoer_=)^(TX;1Mxft z5EF>4J57-K~<=mB7{<)pycv4F$c&F8Pym7CzGbpQ&{1{WPrzI)GiWB$Sx8;++8Fl zt6e0LU=`T_-1=evy+zB*L|3M{F3WgQmbwcj}c%y|%AQN*?ES6UJc4vvi%bA~GdMBeADkGI z+VxsjMyl_Ej9jEp*!IZ=#fU8P$vfEm@3r2*zJE52OS)JzZpSLJP2)J5Mh5&eGA4DP zp>bc*_!2;57`jh+jTMajJp;uU8wCS?6pTq7W>74f1r)Lx@0v5RFPQ_N5H0dvZ%XP* zl$VzBdZa#pB-bicj6NG~#qjb4gwfu#yU^~zUtk>?IzaDua>X`vf+6cbkfqL+w?y_( zHyBzXd2%xak8;XJAG9%1v_Kn=Ksl@54S&_s#(%`YCrcC$N4+$FFaVHh0+`|l(8&VO z-4CDoK(4OUJQ*_ zrz#9Py4;CYdR`SF&BQqN%Ienx3TL}EagO(JMk2t+!foPn48BM2Kz9#i?oj?v>+!Ya zO&?$10d3X}C7-1+{AbQ=D`8HBl7e$i0*A{9Nm`N*z^okTjGC$paE$O&UxGN@dUxAZ4_}H zdtGja!?#gsolM{&pITRjudM-ZV~2ws{FlC0)I;g4<;5UE9T)gAfz5L|6-bKzyk^Aa z2!iHA0om2SdL+;n87+bQJ|H7DC8>O73#*3dNbAvFEY)Uei>yfq(^-L(8LTqCz! zqAq>KNA{=aMYXF~qEUSg(iT0mOi86Xa)fp81}$AYLy z2rl~IL$EZu^TwI;@#E;LhBF0*CE`Ue5_LLmhEWC=f~8Ss)a&f{H-jwkG(SOVK2Ls_ zJQ&I7^(wlOKhCJz*y~vWy`Chyz25jhpl=z^MFOxlJMC}|Cd*~a&p2_P;q8N7NixgU z;y{Kj>v;-E?OfS}SJrbobBih4itmnD?;eWhh$d7u&`HNrWtqM^nizfggYexU8P1yN z^W8D_A^7gN6@}XH-63VRAf4@s-i-Ez?~V>}`0fzEm*5pY^n#$MDHU~nh2^_LGM$J_ z5M$pv8zY2PwM%XHV$CWohAc zn1HqYe$G)l%vbCVTyz))`W)v6*uUkWji8An)??VI4@CN)({EhfKqZc?41MzGyDIej z&>D1(mNd_|c-3GpWQ}CdbH1ptM=S*626>DWlHYIk$^eJF5QZ;l;}AibD|d*Sc)Fs?0vvfL5wDANVW z^a>hU(>R0~c&`x|t}w@zzlA4Foq@0OY^=&LW#31VcJv4rF`0c@ zSdG*At!NFa$))UFURh6TlGkzQF(YYdaJZTkEve^cp=f-n?Bcv`03C}i{z_d{<; zhAy}G^u~jaLT{XdLT%^`DN}`XN`lcFZ_I$+5Wt6iZ|e<-8uEapHzXzxnKJc;Bve4f z7@t2_o^sB>v3{dBc;+cXZw!@mtv55~?iAJMPyh_Sy^DQ6K_e`f7D)G=| z>!VkB0OZ$8pKnUjKTtEMvi$=AUA=St>C`~)*M!~^Wgv|sUSSVGCwqVS6zDrk3;h*` zwrgWusfF+_9mS44s^6gWDHRbvTeH5aL2UyeB9G&YLOFQM;S)gB&Wa{wway}{y-a`4 z^`q+6HY#WH3ekB>p+1+wKaoJaT0ymR-*a%lYSF$L+vT7gPPg2#fS*)#FP4?Q7zisc zeKeQ@1FoXF$`7Vgz`%pm`KQsxQRsPiKc($r!Ny~=kp&>i4}ZU^J_crYz)XZ*j0>7l85$oR5zG1s$!asYeNsHpSk?03C)2i zIeLzi`-hanz#c4H#ockwS1p=Evgl^RY@jw2WqHsXMcHy^-)lKU5&MVNcRGgSB)nLC?S9hVPc{B zXd4GS0L~w$=()TAto2?Ac;QWsoGbNx-Cy4UK+$+WB2Vu2t z@fYlmI$H;^$))KYga$>^x!l5(+|32TgkM6FeyJv#UkkAsXmtSDAWn2Em!7kcl(`Uu9jUgtJe_dD64#V1+n1F~svBR7qU zq01B6U77B=;7h#PV@fSzsibz-r6*?qqvv&Go=SB3f6Sqx##++45k+O` zB43(hp8V+CA8lZ66_u!Diu1Qp3|cz563M9zq@PyQQc9(B7{FESYY5wygjp}>7|&wT z2nUK^4!7@ZB&5Ae(a#pyjqn3DylY~IfCP#Uf5FTmQuNxfMuN^(n*&U(+Rp%*3qW8g zGi!N=Xju?k>FU7@hKUkFzfCOCUmg=1arMW~#AAS>Ehf(SB8!P<-|R7Q3X@%|g3F0b zgm`EkPs_sf>WgjTIxHL4=Qnw{I%VS;0RK`ht}a=)M(+Su)#q9Dnq=XsU~*DgY&%Xv z<61(r@(OSmQ$$l;_2Nk)f^`~8MsNQY0oyYA-V1G4c~CYPn{V{0yf>1yCaLOSL?Q-& zh6?>$7@L|>>7yl(Ma!8xpyjF0vRHDdMN1ONDN&1Ff8Y8%)gq9ixO-9PugP?}2_}Bs#dH9zDYqb#eD-C)UM3Q1p75 z<}A>Q4n2wl;~&&wrrLrU$nm-n6OJxvFOJ|J(__lS{c)1AQhR!+yMZGEx#nydR+ltQG z>u961?nm3|*0glihJ~Qve^X~2_dfYzcdF??(U#8o;uGffDgOH>dt6-2WVh{<&U*8& zo*sGay-Zx)c7SVgHm-gau2I>zrj7S-U6h6EiD%oc*KXOkR!;KjwTYvnD;=V<5Teq8 z20MKVM~BcHe9pjDM{P*VP-B!EN+OE$QY)pf;DWYn$Ev*-uJ#(6t zBP`0B=8LiFvqdwE)tLaEX^SdmUDMAr*VPIqd8jle98hbE)Mbk_+KxHW6R0eX;2a@! z3oAl_F-z}?Be%=#|28=C=2JFDzT}?vuX99Mq~OZsIM(2qqv5>tQ~+>CN*q5UOQBb$a8_h&K7rY@>`& zaX8kYmO7aC!6hT-XO6k=KMAhXhRT)1&{|S3M`9Y`OpaFjz+};x_$x#0)Bd6MmnT>=F+g;8&^%*OK0?+<&o68;OOsgfd z&12cD_3Ja)b|B!l#kLtT82i{ZWP-=G%bDzA68=P{)&2X>w!DKziA_o``S6q`h@HT!bEnL zZ}`csjW@-x8@Tl?>;}q)9?or$TsrQAu00W_yOfScWJ`KI2(QAiUOhwZ_&5a*ROQX( zU=Y`8F60CkN0%Z-ownjJIu1SG!-ke)bPQ}mfJK8#%Ijrx!ZyqFm3Rmnsx-23SR%=8 zGfa))RR@^a&K#WnvIr=b!(gCu_Cl9V5U1Yj=2-~y1{$(VL>3r=Dq6kpau>L&2Oj^+ zVt8Dq(A@#jM;CA;V3%npVBfZt7lQE`L2_X=5ToUqoWEZo&*J9Gi&aiz5DH@x-V8|9 zh8&QDtzW0LeUFUAW#?Uh%i8x?_in5E9+_qD^U8Yr9}ap7x9@SDlvVp4!WTS$ zu)IQ+!&erR#0&Jgw|@7e^%SX0Yc*GJ@IqBQH><)Q;uQYQmGLV2_)eGcDtNuGOtIVc zYWL6GG~lW^_YYLJY3iY2C)I{G*+@9fKjeVLQpei)Jn1y{Mp^@f?Szha8UO zB`w1n8b7ZIZ3#q6x3q+NB17}?DYv?3ZEhGxEgjmj9nYkBt*Lt04ls1uc?^5Cjv;#D zL5sO1_s6PY?!A3>scgxeQ4?wjRE=Q_&tj;w*jT;uhV5S2;%$nSLJj6N?yAy5mx%^$ z5_Yiu=Uv&yE=7#olLSOW9s$C7wm37oQ&bv} zY&YrH;F94#;>D7UCF-fhRMGYB`O9Ldme`Ee!sOi#qZyCIODNcmUeS;Tuy~_Np1olo z0{K1oC?S5q;Zq>Ap(6akItw}5yPf>McZ6(@e8L)h(rOJLcpllG2+0gCK|^w@FHzj1r7oj9cc&XU+{=L#w3$9_ z0BW0S@Gg`3?QG=3-W7b|zbVIaF*X|De-?1El;(U`I+?V#QucbUtfxG$+PSjFd1XB% z+RrP?k%0V_(-Y92e9MZh$|om35)Ic4>_J!KR^#t?FE7yVFX441Yb@D$2%Y}N5cc>V zLkRu~g!u3V*10A?OO7njhe+^BX&qUTz8~UR6MCP?4P(o2zOSQv)dm9W)b(TWG*e6X z3imS*{tGfw%IbqliVNZ^SA4!J^9Pq;rm-$wci)y$oY7bZ<&M41cd$SCPEPnxX#97S zRYtu)T7aB=r?C*7?VYi2;>DEE`{;A)Wqep1dcQnZzY&Qp@Ag5oZpLV?bUE9rth6Z* z4x96y=!JV-Ad{CNp-oeV0%?YOsQbD!B?#*orj5$yxVnjWo z;3Es+u*V^b9+YL*=D(7jJ%6R;RCC!9Ope(S+$9@AE9c4v9e0>ISGE;H&v~OW&xbTI zdiNzK*#7RhGJ4+0I3LnW()Ia}B2WRccJ_RTU>sZ8 z%K4BNaIFAXt@9xtPs%zUGG8+3^C3@PEU16we8^F#5`@f16-G;us?^b5LR;rUHvZ&} z0XO@`fRb7|j0v=^|97s8{nE7iR+MR8F(P>|quv>H&<{LquslDEeMfBV>-pK0_i@GU zGAbAROK+BiHfY_lDLrt!nXA5*nTdz$dN_ZWsr%}>sb>HY6m&6Ip$^A})=7V5v66mHc)-n(<4EtZI}Xgo&d1QE8V+88?b4 z&gJNhB?$pj0;f4Fqm3$ICl-)89Oz=@fA$c(%3|1OB&?MT1^*zJH3Ox`BTku(^!)ZMN|2}CG~n+wj(b!IMZAHcYV zC#?}kAW$Cq8_sJWj2G2to*(rsUgiqPYwY1YIKz>Ckml7C*sFhoWp{6hej0uMb1*Ga z!VZZnz)Ch3AGB;DMjZkl$2j-IMrXI|M3hax2l}y$ayLYaxt#xu&cj6L?wm*m3|n_? zXWBh(+BX;E;R<%?J<&jTPyXJ5_gMKmix%&Zss0oq(5Qvz@!60CP3A5@WeGbSmw`sj zX>>@v!=m?KvP4@$S#dV!pgu{t?JtlNo%{%slcC$Omv|Kyws@9lV0Wz)mWEFYE-Ag& zx%6M`fi>h~)pcfVX6rqml~UG*1V{tmhDf0C%4q3bfiO4=3#7Pn4&>)9w0(r;3nB_~ zVEL;rw^_6f!cPSC_2~@IcTcxpa4@b4WG}&*+e6#9#-iIhAxN?0M&rP|fLgYx*f;xu zWd{3`T(1q)<1c=AR|n$xb`GBPhOW$4%x;E01Z@Ras-pHRN#b?)WTbwW9IV6SPCfHn z690BsyoNLLk61dgCmj$*VCKn`KD`npB_74_@_T(`uSBH2>UwjW?uEZ$3u_KC;Wc=s zTxU}5LrPWH1aCtSKp}B0jS~Rz{7BcTi6-?Lf;kCkNEsO!5G{Q>5Dr#dY0`%wJuwnD z3*M=kU?Pu0Bx)T<=b@m5>HuaAeZ<4X9n>#atZXfgQNj#7Z;LSs11+sLwh^R(?~Y?J zQ$~ZVdp`A5`A~Y!`jhyuUG*~5IIx_yXzB=XyJ`Y@f^+e;kSTK4teU6+@3=MUBw`i2 zi#Om+xtltdy_f&eadix<>=VC3%fhNGo06|iCe}M|)(RHuWa3_a z1VtKwD;8xdA)>TQ^>g1UphTu@C2Z?RwJ#kfD|vXa-nl|!@*X67`YvBpQrvM(MqWnl zYUj_}s1-)Oq?KKhlaFoOXz5GsB7MtBUxve^)H{APGR6<=IsilV+;Ber()EcH!{Crn ztgpY=@rs7!Lc?d>xT9g~SF%0boq0G)KlDdjon2hbc zC^;D=(cTNesk-Qt-8xRsmOaZh70UUWe5$t>%5!KFVKeh)u9(P;)L-;qum{T>$;OS-XP(0H|3!ag6 zU_V3~Gn{jAInL!pU&Pcqb2NixNRMrf*1ljs1hnxtP+ z&~Yo6JyX#lUBgF1KVjKrt5uio!y0>siyyng=Gzi(^_I?bo2tJmQ#HlVKMC0tgSbtR zzLgeXa(FqWlwNZUM3UQF$M6P2_(=TyC9In6qgAT;y{0?RN5VjWWTD7@LiW=-yLbKJ zyCjz9b|=KhE?PZfXu20>0Q*Jdd6e#2r=|b56v=ZWaseX~BvVOLNqnXA5oFD!Qc-qF z7G>o?nI5#PH=(mFriis{GE3zRMD>@QR*U3(ydweK^Nq zFWiR`y+}m{!ipdLG!Rc(!vK;#6S<<5LN0F$fpK{{qt{i=Vn(qdrBykFLvy)iW|b?rhqI@I z4`yf31eaE4HsGq;KnJ(1m{<3zKk8gwubPKk8NG@!8yN+n>YOXiRlVwoBcxaTP9lHL z$c$b!6L?(WR0rOKH?FDfJq{jCRJ)BT*TJ}bjGd>}+=Z};p(hVt0I`Pd6r(#IlOdn#Rx>Nom⪼ z0>mU!Q!FyPM2%1tf-V`U023EDSKx%5+Xxnfgo04vhY(Q^$TdAdeg^07Tbt28I1qD- zBaot|^6ngG1gLZFmNIUX%;^7ijyI#nTvjHfs6qlW+~1$7XFT@=?|2G$QGHOZC#3iI zC#2j!pX>Ah@ots+f(=WRI4o5y1-|J!C8Di`U-LLLaoEH)n6~q)#urvz!vgj-7-}00 z7Q%WDg!N=pRV^aihLO@;L@1ORh}SRY*#2!VB8-G#oh;K_p7v7|7w zB&kjoyoRH-9#goaFopmPClvMyG<*fjre{$D>;C2QG2eB}M-jxdd#1B#EtOnskU)an zdh|=8x!|fos7=gfN>yHecNh37x8Mt^V1KvZPs?>dspimSN5kZTFO3qsSBfml2h#$} z8|Z@R4KQxK%22N~+ZQ!rQ-GHh&OY!d1wRxFV^yPv{=~w@?)p=&Z4~=$+1F-xa1R4q zCF%gulAf+GTdW#oi~@Y#V2OT*v=1|_8cbJ?M!H0HuA48c^H9dErag2u2XZxnF<_P7k zop824is#)kMl8L!A^pu>o9%(A5&xxEw|y%x!~F-^$<-#*xSTaF^z|IfnlZ!}$X5Y! zZHQ``qgaLfs*z@)Q~7m!wDD7ArB6w(eJU=+(#MgQWaJ@8#6oAUT_^`xdAbO}=w|Ph z*fZIOTA9h_+(Ns}5X8q+rDt;_WUS0iSIPCmP&F@cH716763Z zH2K0nOG8cQK^)(}-<-w+@i(t=U;ORR*d2ch;ife7V6Vnq@%O;S_V|mdT60i;86TxP z{^3Gw)xgC?XztVj!NsE=1n(+b9T=Kx4_OEaOY&mBwy(w8=lu zkO9LzeJx`KC$m|tHw+Lf8imzpi`E^~&}y%fabFT^`Va|R7oCj9 zKCp!Qpr^_gI$JmLEVIO^84dc!L5{@T3wI}s8@zIIXJlb;k_0E_HvW$&6XWJF+)M;z zkPuMzE_}YpN0c9NIX$S%8r}^+L_WHU_&WfP`0WI*)|)xv$u2QZ{iw7#QpSy9iZeGP zW(|u1ni`sCk3((H0uqYn*2FGC7&gFc{$lv32StwaAk2VhC8OHWHz7ZAJOkYoerGq( z!#*gcd+?5n)%4VXjpX(drCp^rih0BiBZd#nRaA>V&hqWs;7IHoe5&fdh$HwQxEafR zIC0K+Ro;xg{C8FGf= z-l^6*kOdM0l@q+<3>j@TJbyn>I8-$?KrT=Np8$MI_8t};Z$*84sto*$!UH=e;0I%W z?^K-oE%xyEuNRQ*~PNpEIb4&^1WQam~6+*RB@NW=Pt?5!Q#3|1kP7L0IJ%4I%5Pm#KP1WMZPe!m;EAa90PKkJI7J>Ag)TToM{r~ zz2q6~P+wbGm9cuE%AkaG>IDX;YCI*v;uDGBT`_H<=#*9RCqT`Wl!yctpEy*2hmyp~ zXc`-5Av+;RcB@)cbP6)-{$Hs$;dJkX!s+E13y7E9=n97@niH`2r&v=0#>2ysYv6zW zrMHNyCZ!za(w&eW^A1X&NLAE1XzMmg)c~&rIeTH#nE_8pf6^6Y>C1bb;u@vOLP?68 zCugf(tkp~Hhaf^2Rwj2TFgyPe*=u711wScJZT93?tzejt-DZpx-J&_G`kXi;Evw{@ zG=lO@YMr!^Bxy4OfHm;{vCWhM)CSpnYz{{&$%>Zno<_By|BYLp7iheuCN_ZN)WnYF z4>SRJ2e*D5%OxgS$@m-$@JY$Y9al-HD{A}#T1&AQ(85@xz-*1ckb}`h1va*y-{8O_ zU3hmJbW51ohy*QN?wkdpbhb|Af-zc2m@1nQn`9tiFdK2&{l4EKsw3UXW;fYOOh=?r6= zG)sSQhM<1YN+CR4s6J%uWDNFx7pba%U-zSRfU8*HDtCG`lg)Av0)rkq5r9@ZSDuJj zTC6%aW4Vkpi1{O9u!Q`@MO^F-&Un~OI7ua_2?lzp>7h_i3L?5TM-|<*&)o9sUAvHU zn30en=Qzw>F&GG-@WIN99Hle3qz?28;qf<@OSj*Gg;HG=^)p237o7Qx3_PlHzkUg< z<=6oL4ciTWSrS7mBZf#sc86!S><-_clr(=-hnEPu!!trUJOQA?&;9?Wq?H}YGr4J5 z6-+GBOC02caIC{m$P0I(>*?Hd?s_Y-|aS z1Qvd+aN4O;r>83TdxwXlminPrPV}JH-t0kt3EvjSN&(#fZLff8>T~&SEUD+t>5xVzH;%th+Z#;CRzHl*RzLMh{qRTG zh!SDjh>Q^RLjb?Q-e_xWqD1y8P}hCdfEu@;eEa4Iqug27%J5NLm zabZ0wumIL=mEp!9#gQ22FIaYP7dNn%{1mKwoNdA?);eO=#NUUf8}KdqC5i9EY^KI% zQ_D1t0GR=N;DDq2=rWhHOkAQGcge~kpic3!KnPgax%gP#mm^%9sNyQ1y(&1al~uuE z@z9!6<7*Nl3(7;aWAq^{bb7aMCj;z?tkrlf+vSK$!R_x}qV3{&1oh!+% z$32HYt2G%$0w~13njDMR+E^G|Qymo2{$gL55%dtfLiTP z=N0GCOOM)eiIMD}-=q=GRXS%VEDxp8J7y_R9Ut`?l}jHIfyuufPG0FW`Dz*QQr zV4n}0K-em-8N4zWi%M>go2STaSu;ecG4(36yr0+>bd@Hs#!s$3eHn)LU`6wq&> zjTe|a65+#EHl46obJ2QQP(}oP;krOlP-4ow3gZ%(i!EfFN|ttToPPcS>sX*Ip^Vfy z$GqxQxiw!GfC7ZIZK`QJDbP-9HiOrRrb#Brz1nE(4{QQOr%5ZNVR9!5`*_zZS)bYth`~-x#&dJ}Rf{99oonBvw{}{DYi8YjdlHW~jhg6I@gQ0#^ zX{t@wbW+x~x?+U{jwLI>p=|N54+jOwq(miWA0R1O89he~&CnK!v*?8<775?2%J&L6B+vMy@1k}=Ur{#C1$%qXjsjMA%>Ho#SIqk#oWW`ibRiY!>#Sxy5^ zY2kAZRjXhh50fLGMG|>}iqtD$5D?e}vZ6v;jr(8Xk%J#>ZY*L+ONI}zs1C|1mf9<` zSFt1}xhO!|^x*UnSMU;Q!Vy=ETPB-uSjR4>I3)yU$q>mh86u&=DsSVs-_)AZU-7r* zbqp&#>BO$_TJQ#ZE0rN@Pg^kLK?p?hG}*s=dEHfNs?kJQ5Aa$a!?c70+LvazXn@@ z6q6(=rV>@Lu~O_uU5vk`SWhV?Nm5KDs$!3$7{)~h+m$eOXgd{wA+mcQvHBPxw$b2e z9_RU}F15-%5_-Yr+4Pk~G7HN-_@%2A*%NKC#_c&*K`zi0c}KRE zJ&~~1l;9G0nClM6HprPghPt2{{dSEo3XJbR+g*2Hl(p_~?M2kp8bS%aIEgh&4+5@8 zz||qmQSIzsdiV@9xD9}%hZni@@SD2l=PTHnp0a%lVQHn+q+Yku$KyQNcoW}=BvVx@ z$=bzIsp>rW(Pf@snYcvB+J!%h7*{jBEMPD*IFB8~wF_!+tX*)e!nbxo>&u*I8eYeB zi}I15)`V(N1+4nmOBU_7fD`za?j%=Tc4o<9p)`f8Y@j3Y3R@|f0BTrmL>q|9alBXV ztf-qQ3!Jw;;l;+$2#=DSFZmjf9<=^C6=A1N|yPYQEIDz;WdROEz>8d@x z;$4@=c!;UUU-ATh$$luQ4jr7Fge>9E0d$soAC=$E`b%;1n#XOMMET8AKb4Z!Tgtdm zOmX`3kuw)e20!QWG>v_W#ADG25L<3owzHk1BU8cNFfH+pv{F>-E6&dQSbY)1qlDL;dU&&A3AvZomUQ92C{El}l3Mz+*7 zz74Vfa&x}Zlh_m&ofVgHte_~Pf`Rlr8MmeWiQ@J+Oom~UMAJONFE6!Vk*O@r`jEmz zeo5I1Vw8Hrh*!D7xzMt}CWn!e5(x=d{;PGvRjQm7CGli~)Ga1IgF~ur3=oq_({*FO zSGSYpqCnf6J^<;NviJA}9zUMD)a3^Nx1^KmOc51HNgkj2g0O#zsxg8)qfjqcCpaE4 zOPxVqe$N#m9NYS|DzC7ezFd5!1^hfe@csZEExk9u>loxEds7dMfWel!bPOm|7aTqx z3R~EMS;D)=$STa>7-OzK!Yhs)bm@$$xLOwcbnr?%_XTS!#BR6B@O4yvvg(`2$8ttCVmCD?*>Q3=k0R$vb$-mCS<)Y2<88e$P5JLvkD87C_ITt0V zQYwztoXsG_y3Qr+KLe$XIP}7(_|W!76h)q}Jn!bLRXGPs47?*5Sk=sdliL(ZNYzp) z;MNbUS|kY~sA8_qmI4XMSbplRT*qS$aP2k>vO*xc_F!-Ougpou4w`jW(G{KxIi$&1-U5~z1B6ahi(#fTLrIAsm8!YWx0 zpGjr8y6Ase`*o-MpQ-%~i>%s@*_Yh|wZ9axy7sQ`s3xZ$FADrG)c%d3|7U7{(~DN^ zFX^dke>q}x?OpFzO-_GaK(J~LACd)QvpkB5vOL;3}h9syUMo1qgo3q!}t zu!SxX@VZE}baNowM?{nUv!ER}mn2Vk1vvxGzj)bzq7Dyljab2l_}0Sb82)8Q@9Bs# z(p#|)YGBg{Pfj3X3n1ZnBM&p+HP;m96GJo5ZYe*dnOl+^DBMSjLB|Yl){$Lx`AL zhkM=Fp%VWP1D4+w&pK=IzD#E|;wK z%V;N)GMvCdTS}6CGF=G9D;*@jl06|egYv1{gK*=*STMTd8iBX zArGe4xF1EcV2am1Jljfk1{Y6|2FC5O0$gcAx2Wpk`SQ~ofYAf_7AeRdyb_1i&nG+L z)b}b9+mNBAsaUKWi3V+AE4yr;2)4VC;=l0}tc7s@2V&CxC^T{t8hI(mpP{86p= z{d#GtV72^yeR*h>->+vRllJ?ysGFe1wOX{PIHlVgc+u!k(mZml+&X&u)3{>7KIWxk)dYL|sK-$nleg|T*^lWFEMnlW#X>d|O002y=)t>O5MF}Q z7`~1I!$J##@{h3^99tNO(Dg!{Q#)O)aNb~cGj|6jxXe}a|MXxY;+fn0*SEFcSzY29 z3S332;`QaBXC-_9!sVf7fM|`lH90w2`b^H`!InRhWoMzih*hpCfg}nX_*=?P-bZ5F z$VNC09M69O1`G3(qCED^UD)_C8ME`cW(Q^VE+zGx4yLaie5Q>=99t zv(@nixfEFvAE88#lY+=esXN#qx`GCEaq$NEV2RV1p4ytJqv!#JX&P8iI z+pZWpd9&t z5>V}xUC*Is>});Hg%s6>L~IhFS-9_0dN!I7;>i}pv^6w`V#0S4wAd;^i9%3t&?XmN zM$O_J7|#<9esOuyFC)wYakAwk8F~m#zG`LXQ^W~~=#NV~n)wt9UDLoQT?mP;!-Cai zrK%W*qbg zq_?5f;b@@(!^|2~*a5&M=T0~RkB5Y4@NFb|aqcAgqi$pp^ z=OK@)^Z3c38O?RZ%}V=v)x7gGVXpreXaO=;NGY$H6<{#%g0I3~09E|u=}P(#0E>5k zT||c7%`GM@oiE4jQYl+e2fIiE4N-{~H z+<9R)u>fZw2b_Dzi>t`Az=;I(^1=hbJLZ$NLdk)GR&1CLZ70;VN++w=^oJs zgNbcB_YhuuOQ3Q9l^!wM%IsEkwIX4ul6-1B$gtwbRQnbu+<|NW_bW8jQx2m=5D}@W*Z}$(#9(sQ z{h$T{s8R#Zm5bA8*9IvJgxz&N4KrVhwStzha&lrLw5+@CH?|{%33~Yu#AYmZG&uu# z6~J0oF>5?f=}j3khaJ^^?aKc%wLkf5tM=pab?y5iR@dI0r8hapUiZIK`*kb+&(wZs z+N%9kyXe{qT;i~Lc=Kme#)a8t09P%IxVCaCZ&6`hj->@S4!GBoBrHYf^&2o-?SzhO1hJAI0 z_6E--#1pDRQwP%L5s98SdnEJ7L4_gNjdzb6SSd29<0OXR?e2i5y#<5HnjxWgf_F5* zgo&2E5{Qg}gI{G&EOl<$i?e^6zEf;+cWe#enidFF2&$JZd1vR&OHt1z_B5!Qna5nDrB8J2FccOwYRZYUU@&!y(B&dnK1!SF7DE^#Bg>U1&n7%J;CS?jM<}1-y3QJn^%amfLth>MB3%TWr{kQ&SU|4BGW7&ZSI_+*8Gg zg<97+7cr@bKi7$f3oenH4o+DqPtwA_`E1^1sM@8!t7>{66O2l_+Ix*F5O^{LpY1Rm zH;s}|-UqWhj>`&n<^X|CfH#EhHdckZlicilj??v-tI_^JNXkCzm38g0W@rA+mA&38 z>uteZ<(0*XJh}&W&vvx8@%>xMwwXX9CfdBY1*@}{)P%kYq##LwswkrecY$pq84lRG zxy9PsxcgApHh)H;Hf$Ry^BU4Yh-cgU>zBNp+u%(89Xl1$pR`Cyx%wrrcTKuMFQLiw567vS{XhS9B(uwPpVTw2y8 z+Sm=*dZ%mUOgGjL1yP=>EJSfNc$fc70wua=c|KUHqOU`AYqry4I|udX)}i+FpwiM3 z&)4QG=g9h+(3>3bt3e#N+p6W0?SKx((mPl3$lVexc?)0^VS(ZhNY9ex%~Tz@nyb}G z?m*fxo1hT*FMahM(u@n7e^-6q0=JSpfw;hVzvIsg{6hjGF!?SIy@hul{xLR(_YX%d zz!21cG{-ps#p41k-Af>~O0x499$4nE3%cM!^gz;O?YLY!z(-QOy2vO)oifmHHI9ei zl!2ydRWOZ1%@|kL9qtD)TR@a9P%ZiN9W#sAbZ1Vd|T?}o%Or$D6d|NvFcn^fZWby7gP1b8o*y&=Iv!z(+k2=&45tMvwYYX~k03jbe&3R5Z1KgJ_~gF7L36IC~2E282Aj-SWKdgBXszIqIyBVVRk^+0Znx-2kk$=jr$%2ye*wH|K>j(`?<+X) zsH~0{s3P3pt-l3nJA<^CNM#k6%j45)P(xF#hVFt=e4+FZV)ruT@>xz4t|n&}55Kfc zWIU?j;5lGI)Gk0=TF-L%rEZtIV^lVC+8cax`vG4wT3hJY#l%M$|0&idh;;u9q%@2$ zXHX1$Zy()AzlL-l1H3nZm$^uHGx57I{wg5#Rk1y=;h8&y?c1HjmS>vIkfTQfL^3817euR-E z4AsRpq5i&l=5Tt!!N9F+r#wsErOmOMrrUh))YX12?+5TZ>Ke_0a7px7z`+@m zE34xeOIA1qxJs9IDk5|;M&H2I)tAL_@|@4C7O3OsLHThC<11FAgA|we&s7}^i_Rhb zXRv9XAxOtD{$9kh+WQ4#D>AE%<_*sHn^o;@?X7CJEmUq@PTFx@uu`#;b;&n%DLV`_ ze~x7ssf#BxS2G@NQ2gzN-r#Sy^V(Szu-c8?X7AKYf4l8Pn3DwNuh$hb<{h;g=2AOZ z*Ii9r=io$38qc+;x_W(a8sk4fJVpLeJ!D+QA!9U$2}E9&6TGLoTs)Y%61yD>8m|0% zqePyW9v@1eaY5!ACGJ7LabY+XjK9DVT7sLTGMa|ohJP4*>EQ$i0Bd7w5Pk#7kK<1l3D}Imhty=5s#%~XaovvXWx$~YvCk;VESty6BQNiB)T6h&g&v< z@#}MgF)mQ!>c=G*JIfj%(YUtVEog?}*wQ2w;|Jap0&{0hRdyg%M=s$7A4IhstM|c)Md=az~y17}CL$0d8Ff zZWkL_pBmDZn_8;0O%-&wr_jWz!!1x>=y3nQm)+s!B5XPw1G>YpL?THDiP|@6vl3epi%wVY zrI4QYVjCs(3p9 z+J0Ltaxj%#M9!nSh8!3|`nyEWDYLS8Gs`z*X4w;}5%a^6xizQeMKRfVJrFJi7zNok z&8$>$GSiF|Da`zF{uuWfO*6!~w0jfJzL;vQ zcNyc&JwHE?^LR~XPWl3^})5c6_m3NA@f zOykM#fv>ERfAdfoz2k1q{Ao+kRM2I0NHwKt-D zfQZT9GV79<&Gvw!7&ZoOP}U&{^FLh4#K(PG2FKnC#@+_0D5bkO#%xOkXtuPX0=Re9 ziVCR5{8m(ej8yU12H+{H`es1T`Mc`;qU*-iw#S8VneXUMrq*28zx#XT+eXE? zCs3t(?ij%~5aC0>PQOzKIN>7#4j4PA!Qb0Rmipny-_%yimYtB>5!^w|uFm*r{&W<>+e6|XF5Crw3tiRD|zSwP+>4RjJTP*rz? z)hytXo^&cAjR<#CCpk4ZT8^DEEC!x<*k?rnr{=TGEeElI%bI)QyzhR_NJLZ(rNTJt z3&?&_)DJcrAKZ%Gv*r`1t1kG1j?K>JEcqPYWtEhhK$v&;`Q^Nh`vkHvNh>EIwhrt> z8iw9YmqOTx&3FUCQTG5LnM-ysD_`LR%R?Jc-z`;VfHqaPe|@?c#}gYsJl3Zgjtbt% zF$Q0IM>=97urU3M3hpDpgVGPFVE0HcTDtKvi99MT9jLTnugD2dz#GS6zi#Z6)vpJz z)RP}yQJrpwm=#{k%IdG%EydDnAo%Rcq80HqW!3%5LtiywFQlPI+L zu?~Y3_PZOV;vJl?dhTSa)ze!Y2F{AMr(Za39ivDhY|EJ% zyt3XN`DvzXD|h|6zIdqI^{e2<_k<5J_rn)5y6^WmoF^HAANlsfA2|d2;b);x8~fo> z<|U+~dA$AbwUC1<0emo?>+|-*CF-~zoA5%^M%Z+tH>ylI$dtJsE?FP=843EXA0{sW zCv-XoV!a>E3lrWG`)?L4!zQyTB zp7d_OrF{H{rd=tS^nUoO9}7pU{qUo~pe7~1P_gQ+-+`!7tNY=-yacuFogt5qzjoKL z+v5O6;5H+eS#pbfA41gI$k*E5v^yt{jYfaqe0&6d@ekyqo^JQ!r|Nz_SIFA1k$ISN z&{>?1t4XfR$2o7okiZ|j=Y?4r)0PKr@lDH5@5VXnI+!c`m;S6LQA-)8|HCpZKNj(B z)MNkti8J+qR@BTUn2fOtC8kx9oo(3Wai?Q?gp%1a$+32rI zOZtty3DKgBYZjDFpfR*r8Qe9C%q(UuBQhe(7S{uGv{EEKjE8!C9(wh8NzXm6w)TOw z0LY!kzou@eb*{#;dwJ|4L^Y0uK_-VRmDqNHjH(oyI<;!Chy}a~&<<5I862OO%`{h- zytRvi_r!AG;vVj_X22=LFU#Xz5tek1$b@EE~=3c?rX4p>f z@W?(9k1a&n^h*BijhRnyMg=BuUU=Fm>iay%N%&^(ds;X3y({8_GyV?KK7A9Qs>lNc z(5pyFk2R58_X*Cxj;PMWunVP+q0?ZR8zr&}QS~P`ob#~_1YXGZ zEJvC}riXf#XttA8B-$CqnAc{aGXkcAo?O61hZy0jUFz7E+z&$1zif_NQJ14pLz$W-djRK-kPQ*nRn6Nohh$CNdXLBad{S!Sw&kN9IJ zcm-ED?cEyv)1T=qRrD2q>@kS7)-4W3Fuk~&aKD4a{qXl5_xIfRUvWRjaDT-f?V%9} zJ`m}e`qWR*KTKjS5*z)Ax0=LuNc_Q{coh;MG#eq=uArQ?8xMFehL{3ne*GuFm`F@T z{>1%EA~B8dCkBW~%VJFjanOB6P3$Y80RjAVQv-&8c9DZso!f=?i&ipE4ggQ^1AcsW zUu(=oFkOTT%7EI=YK

dH831`Cqk0u4#<{KoYGac=G67KSAA1BB}k-pZHTJw6 zrsMt8)W7{1>X9KmP99%f#3fsoD=Yuw(Z3oCa!|3q+Lxgt3Buo{ajmneovF!{ME4Wl zT}>{cvpg5wKP`5R^w33>N4@Zg0IjtK24&cfm6i^{c^w%>mNm0#9SYqc{+Hc=D@j~C zQ@Gs>U*T#N9-#{B(N&u~3bQrj8gXKZbM2kvxCk2dTnY%)8_%x-RLi()FYuMZyyy#I zay?*JoqaG0fPBUp+qqJQ^jRfU_p|)u=dhgVXhK-U9X`SRbXQ-n4nY*)sN}ZEGMuAG zjqq3C31m}G3FYu@A7;;k*|vA;T7SOj$d|qkgSpC+3pIIzKgUJL(Riau?hrY~RRLM~ zj$^*xr>6T$_hRe`s`Pg1V1IHhlhKD|kVUU}(4YK8$E?Z@LS-$!uRxB}Qh%wZ5vM@z zxb89J+i~45MUI`R`w-^Ks{28VZM*IrnA~>VH|G1=z1|;u6~XiceB{KoG->H8q4UHZ zmOfkws+rD^lhl2@8|pgKaqX>z*9Vv zYh+!lk10GsqqTpB1~m4sYcHcka$-J3uw)m|lgl`-8$XITSOFZD;;|R;x2%$X^Mki? zZ$BYXd^>tf{6f4$lPd6+z8s~~Kj7?aYA=7nFeZG&gv0#_1DLRi2}At}`!L~2CY4>+G4BLcGkSyF|FfFSYPNj{?;eJn-Dn?p$2D^kWc zhp1V{C6E}CA%3d+$Ucdu$kpV5hA`a0dL1s0H(D{b$n0|Np6KbRf|)*f?1E}#*Zr6F zzPkS#L9gy{9Oi|eZxDxOd51r$rqVaxjj3zDlE4e?ntZi`t&dY-F-MO?Y7^T5keb-r z_=}asMf^nuMmphj?COlk!P>GQRqx&qFRrJRYvmuDaXTuW8sx9sv7kG0GfUhvlA^;Ghz7*Btw&n+FKS!N1obBF0w7?qth}hG(0FBNH4-HRYmp^ zV51B&HMQNq3GytHN$%p!7;iF3_;$LbS3rscNZh3NmGB<;n?B0`86c6rm`n^$3n>7H zOWGX#wZgY|HsPZr{Zdo*XbInfaQbT;e^rH!k;tD-CJEn8Pf{vfP0*i3)l|4l@_)DvlUBWr1(Pyaj^<Y6k&7dkSQR5Aa4X*$OZVwpB3%|=K`k=q)t)}P`EczLm-Bh|$M$t?CMHiT&<5_gR zU9=#hXpz4t7cG=Z8o;7gTSW`uKGnysZyaA;xw4^(Hm^oeZigF!$7B?J-d}XBA-Ix7 ze}KrlMGGIwC_33+^fOcR78YI3qRKc_OS4n`*_%!FKQMd3%8uR?aL(~(?^^EGsSmUN z#mbJ)fK%wtex%9%!zyGy!paU^6L3cRvzM6cHO#&p6u7htG5!46FE`oeF#CFyoqgU} z_}))2L~vza%{MoHrCLVsE!@pi)rql-o+>kN&LNyzEwn=A5zwBN4Buh07c%=OD?92G zaJFM|Yh|x6+5fW=*{Mn`^GEG0WEwyAeB-sFGUpqex3#m)%YPE0F+#+qSru*X8X>;< z#`{~_Wz9EMA$-Quv}8`>gw0vxehQ z$m0Avpp2~Mbs{CjTa{o*LL1r^wM+b>_STysYQJ8?T4&V}s+TPAi&}d>*@Z$jUK-IagJ|b&^yBHCj}SMW z(Lw6g?)z2wrk$7JZ7Pcc@3KMEd0yC1Ib{tz%B8s0(Ugh#%RHP}Cf}6V)s#8cU*@l> z%oK1vIw&`Mv%wiCYbeHX0{BdnL&d?xh$sX+IN8?`qzaE!S9Om7-%j< z8!f(@q2tvbef9m4(q_G*DsKC@FUq~gai9)uj`K9!3fD>QuA?upHg-7j0v4F3&Z-|Y zNjW-^gsD?Nm@1%Wn9Qzr5LL9AVR8`wc>4=pwK4qe$DAC>QM|GSGWGzeP$yHNW*7=y z12*nek`$CUH-z&8=z$yJBHs!5tIrScTtE>lVehQ|@H)Ibgd3)+3a##{`+Hw(0S<+s zvix!OJ&Xqd9+#Nb%Esn0DH&VHpEz$MmsVSM^j}{tXDO;n@Y)h`?9_=N*+^w)Z0C&q z0B47ii&zu{5tZ{$A)nAxmqqqTj9#Z9JD+Vw{Jc&-p|3BNPE%Qp@8wZQqw4Obkd$PS zu`tl9aoRNWDK7Z64=z5hARkaBAfZkAUL7i09^;LG%WdbpRxhNnluKHBi?pNVMnyhT z6=}iCDqUc-b!=8!s?J)rkNC*C0?6yBdEXEVKEGDJdiA z;dK;hhXb*nLX4OK2ReD_W7+?bnYBN4S!V5}gw22gK==&|So^*(fTdgpv^&6So0EhA z?U|aaWG3fi9t6|O7@)q{u+Aa)#%mwQqM0Grtd`6s8&Fp=1r$ zDyQ3fs5{1PZwTh6cNlNze&#UVtgY-&Z63zE4#^pZ@n$W}K8)x0fbKu?RKl}(Lx#0- z7Vl`>5oqNso^@PG%C?+k%6ezxV@ubX=&x^M7&f=Z41ZVLC@cjqdXYnNJpKn-a z@gydKOqpl#B%$DK?=0R3s2XP(E(Vyhcn3pcWSqr&PSW*RyrqkUtey2uBN%^tvz4=W zzf)K(zk7duE$b}au?lqqTDZYEQK7cZ;RZcjyQ7 zyU(+U>=XQ^8w>ZlhxJ{^@77M}4gUWD7o^YuzIo*%-#K`Zv_RJDAA5N5J-qxqoF5^4 zQYE@ZHE;@@PY~~(ket4$gvVg4JAEhtuK&t0LFx`UEvoJAL1?Es=Z6E8H9P7yOq@D{ zS!z;r>^HQBalo=C43^s12|wZo|I+(o1>ZQ)i2y0G^uV?X42ZJQ>OlB70a~GfUPGYX ziMh`&SsT~w%|Y0-^8@=s>%i`Df!*K(Rw}@FR&`2&^T?g@Kvz8U zGOEs~9?qjr|Hz&uzJOn(aNsSeCGrXy?g{`etm4z~KG1xp z^HKCT#&-kioIm%Hmcc3Z$4cV=s>(Co$L?>`Y@CL-QdHYuPYHLEGeN(rK&yuCq`)oD zXp`YCu%rFJj>!Zz0>S~t(GAIwLf=a;n!uh+fZM*N?aPLRs07mApqKjUy9p8T&;wkwW=Bwu40f6!FHC41c0G+6;#C;c{=ispUa`Hk&bwm_gIis1P zP$4L=vIuez#lTLZ9{vjT?ZBj5$bbbU8l|>os?zvI|0-R5tcEI_Qwrt}E}W6JwV$VrUAzIi1tKeb^Is(SgY;=K0GqStp+ zCBkz)>FQN!npEkMep00((2f?Va~ABcs}y={=&~v3{8-n(RV=12pGIAfH_$yN^RA;S zxExlZ_-XG$D2jCF^>0CquJQ_eyQ6Poq$&W_<|G0Y-@F8>WQNP5u>BzzwcA^tlbItzW??A z-}P}_q@SnioKxqVsycP*R6SMYEIckrnNK7zF8Wkske>OT32c2gHF0rf)kriF-P->C z1Wh-Z8NYj6UN&-C{ANP9lJ-Or*PJLNc?zJtY25ROn~X8lsGytLJ2t-BRdx1+D^LCK z>SpV2r@>DBoeddq|G^G9yYSerP2KDSpH}K-fWw&Df1Oh|Bk-J<%Un}8_(&d&I`$O0 zti&lIyzoj@)o~r_*Y@EOwZZiU!DTne%G9!xcdhqvNY#|B(P-voIdhKa4CCk%i#$CAu-x>kJ)Rkn0|k zOB)5Ho^R^=CqM;qBhs@AY%P|2IV(i7!rjd^H}3~EHpQL=AdM6DeBfyuE_F`w8i#33 zv8N@6`0k4m14wuNXP1JG&y~(oEjmK4&u-^rdMg zKN8J!p26Qat)mZ~^-zGp1ZUGoZ(tNLTxyENTpr){@VK4=eOynka30)~hBAD8Ruh}A z`O_MscTkb@ih(&f+7e zgP5HRJ&U@2QOl-OCywFJtp(DfQ*w|(B!Eu3^?fD6>C@tojWv^gXu@T2_~+bn+KHZ8 zjGK(d;X2b>?h*Y>+=w=W^y$TkN#A(xRt_$oFuLE^)e(HwIPr&WftF1eJrF=RevDMY zSyZa7FWL%G=kBsmNKp~4OT+O*a&bcDG%$?ssLZ_Hk)<)T0h56aO08)bK{{rf5nS#T z0_zB_3!*I{_VNnh12RJ3Ys?LKa;7vd*{enDZ^Lik~>N|){HGNS*1&npei3k%ZeW@BZR&>4M&kM49$O;zP7!rELuf)?JFEO zpMD0-C@wBbM(6w{^OBdZUVX6#^Aee(e(XovGOIc|D^M{sF?kltP={xbIFGDlu9g8w zmydRf-A{7jnsw81L3Kl^9Qrs}@g&Q+4~U4x!f`dOz>Jg#!FELxYs<2;QMW9q zq~F%E3e{Dsd(bvo*1Vz|E$j2I?3VS6)3Qq7L8EDzTfB{XfQGjE^IjH*fG7e)Eu4p< zS~%l-zPePF9J-)TTIg|2S?pD%~GwZ#cbA6VtMKR zq-hqa2@O3cOE=BS`#Ac_ZkmsNX_{so9&$I$TP%<$9-Q^C?waQ51n;3~9_r*A_5TVXeSj!3d63<%t%4z3ePUbJPne|B)4 zNb+hFm2N*65uXm7A1+OVzVSBM)osS3C2GHE@!mkA zbwJZ`G*imucH z(1Yc<&{xyAPZl|v<2G>I?cKIBBYR4WJ@6}n=~aL8$JmRRJa#E!>;ka!JWq`M&KjQo z4y0~k?1J+u^1-+hWB>4e#Mp)KAwhSHU6PJj?uxNX%GLn#$Jixf(Q{6Wor8*+ROE`W zb4|+^W1lGb*7@(?0&Hz*j9p5+b5)KQ`={7F&kB=+gi!rB|NYsl82eiSWS##`1IDWC z@ow7@5TNH6`#uNIOGn3SaANFE>%;_&HvphH_UayvBM~FVwvWTbE~~O+qYQ(Ft!mi? z8&C-ytFA^#u5feHdkh+$!w!Xine}>nYRfgvein=G5E!$>C@!+)oieRzil*w?L^8um z@Btx+Dbe&7xgRam&=^XiS4>U=y+K`DDPiKVF9xfx&?PsRlCiEYAb90c8}Dqv<#qeu zYbyj57t6~5c&Q0J5l&9RyNUfizd!r!LLL=gf!OcDxQLb+2IA;-PoRG<7N=qnzK)W% zgV=pCG6(dUt&(aWUrita2R6D`{k*+Q?8>1Vz_hCA=ZhBMw?2W;1(RLj;lI3Fzz&~| z$FM+0_y%>)wOT+)xdx|v!Ov(w*_jHCxO{sWZ>|d9nPuT*{S+afFJ+MSL-L+`TR)sNWbEkf%TX6Telz24^zpg{qc_`^Twkh}cka;3&e0W-b z%=oafc1y;G-O<{59v=o`nkM7Jlv(x~Y_9R)%e}gVdEg1R3c_J%fF)jj9v@nH~3 za*YoQS};C@W}wvLe!Zqg-8 zw@Uc&EO!Y^PUqW8I{7FeF?pdBasdj7PoCKx6*7luGJ0DbYI%u=43pD&Hks$%fRX1Z zQZ%vH0VF?Ud@HIY?zz|c{kg`duD=y|+Nd7MwXe`jNCq!^Cd?_@oi$^oFVpS3#MQi^ zlumW#s2ujSd{aR#`|8Kt(ZO}>>yRzO{R}IO!en)uV_#eGfe#&U>y#wl-I7x;)%JA? z4Qb$ZzkQv~l3>hyIGg)(Z0sIhvPU=iN=lCB<^?M!Ef9W631+b zcRfdFT-(&x)3tGZ+G|{odzHqu7QGFhdSF{LU|ZGsX`CFC7ug0rtwKVFD#OAj?itE_ zED+r2jSUv#uP_@d-a&bQv$mk{kq&c{>LuIaEq9$3xlKKFn(*PW$W5;}Ec^upG=RaSTIqV3U`^RVSG_Dz6%@p7)mN-wWL28syigiRe+#!5rv(A%2^w zi-cTu%}44YREN5#3q&TtBra2X;OZy6)1ys2Fv+s2OT9Zimb{FPAhQT;wI*Haw+Q9& zv8%o;ec33?2(A_Rh$cskrSqRRS%m zJ7?1DFUjnrhr&Ab0H!od7^o9k)iltp3Ef{6y+6SH+(2aQsFj#B0Iq!)GV*X-F*0C9 zbXuRL&=R&N(ebGw@Z8m(X3S`pOz;WP>5Bm z`=0zHqQzp{(7#*M%j^1}54?t6+9J1)XYbI(c4{c}V#@=`ij>e$+lG^mhIk+J^%Cx<4asprW28Y%9(4R9l)Yg8A0-Li63 z8mm5=6*YuOwO7=6pyUc}jH0=OLz%)}m4Ir)o4un^OEoUk5S-1WSnN^s%ExeS0S7aQ zts*q~JXHdgYOr6U2>S?cIGrzvNzaEbd}~_u^)01ckt6h|642sQq3WtYw+0Iqe0aX* zs60Lqjm;o_6eNsPi4#47!(KAX|U9qNSI=hj!={uLlr(uLF_VqW1Wy z52g|w>A=C(KC8=LG;lL1r$iXYa%MMe+gsFzPK}ahqZ}qEn0M&7jNX4fPk51tkm9H2 zCR1V7&*Cq&-f=55YYhTu*z@onT-FKkAYxfjIKDc(I@6!8!DZ7SIe&}COW)j-&bN73 z_5#>W;ON-TAfH7G^NT?HE!Nx7!UZ(&7({U-lf?~vS`AH&EHg2yFE*4;cHpfZ&T z(fQ$ozKizHaV~CngEGD|K@l`{Ic?y$Qw`tI_THVsJFy*nAEYN)NwtlqTdB7xJJ-{ifqF=LFhZ2 zg#Qwojk*-{&|KTlPK(>&RRYFrz7`AK3JZ?^AS@rl#^t3|jjn+OuU<3KvVmZwm@_d@ z!p3f=WYEjnDP1fjayAB5&8*1L%?lka-HaBRalIT9Tvkq7(TR@P7hl}md_UN?-m4o5 zYaoS-=V91 zj4oTBOPZrt3ZzD!=+IO|r+QNQqhw%32gU@)z#GaZgEH%)5ZC{OIycERyw(~UQwVL^ z7Ig~wYbK#~q1u33wL%+YXkaD*DfC^pXg~}r&Aq5RlI(eYmVxhRjL=mXu;{s6TkIn!72qR-EwM97wy7U`z_-(c_0%b*GU${EI{WKQCwJ*~Nx|*?+dBa%NEISN(tks3C zMw_t`xtXBgC^V=B6p1chxIa29Hy5oSolRlWmvVeZH2O>(W0}KX%0Ht17)u?KC)Fax zA^_v6JTaCT^ATgY7D(O1um$I9cf4Qe0L{hMJ=z&<{9C2?} zjOAMaGBNBQZjz!EusYymci;jCaDpo5RJepg4IWb?K@M&+GrIYX=-6#cjHTg@9%C%K zbPq?*eT;Ys*!~^IQeQV~oNt9>I=E`#Y)=gPi}u7 z{|p(-8e(tc#|1pou6O#kX`zet0Hmi0YJP)6yc?jK25UL=51Ij2eB~l<*?$AUrjUI8 z0-ZHzy7+D&f-Vr{E3ZO&wmSN3pkmil1I1u{t-$|)+5x2S&5U8KTv&q?XFf|QZ~-6& zDZCyhuekp?zkLemK7+&+>h#|+Hek_h_0nCl!cDgmd;F`S&tR8gs_1r4`Ty|1wEzwx zKy8RdJ#)5+MlEUzEhMvunT!i93ML=0pyHfnIvsH)?oDk53S3zIqx0SsG%JZY>b)D-J>-T-;1q)wt3s_)qD_4ww}`pb za)d=7as*-q_o)Yd;c_^?H)>VGj<%v0^Sn{0J(qhL?&Mxjd2%V`2Gb;}D*ns`3sn0l zPqP*9uG!C^en7Q}6dLNCD63zqrI*~&i7y2Rps%~yO*je)M+|e!O9u|LW-$wv;Rq6J z>Bdwd)?s1bTGBDzwoyf}7{Msqn*Yk#GuW)ngHf}u*XTsfTI6i@(%4D!#>YF;c{VrO zv6!7W(V@)eJ*8WIFh=9h7i%{7i;}V_aM;qF;z0h!_@UTk>7Y0$ZyLe1gadegsS9ql?UcfY%KQ*M5@ZFP8iZT=~;XzTTrV=tw<&?TV4o_4Vd( z6yh4cxN0dU1*~CztmoeW6=Tf6+IhysmZp_i&iBbm?5$3ZejIg^1g_a+6pQrgKusiIjEgW0X9Ab3!nQIDR`Z7iGd8Wa6K0ytaFNdX!V*NR1-4l zW8sqa#Owp1@1ZEOwTB$OhjnX6=nbgCEXXW5b)CMcF=tRwUAscO1w?qGwX!9c^D_R+ z`~ibgQ|N9Kq0diJ<)6tI#l0&MC4YZ zsITvc(AqMizMR7Y@hZu}!7Uv7W8A@SB^`vMnplJ>$+D_gf=M3EpLo8b&LMD~G~i1LR)W_|okwH%HUzyT!pvVkQdbrAewGB3ZB*-GAF>K5`{aSe>i4L?k6L8BZ1i7TbRl@?fq!Tt*ReRSKyyDx@l9c!v`Ti@z%L6VqoB|RN7szUg<7VAVGBL+hMG0^x6_TmX2FQbsqx)+ond4 zKKmJXGHnk%y-NLkqRfeS0PjS!zpC!cgZ>VsS|&Mi@1cD3j>c)lN%XfUFdL$m_6NZg z)+o6y4Vo5LeC&dJ?{{<7Kmjtd2ACUS?n+Wggn z*v%eN)2hb=BK>fAU?76q`o84-?;E=!+aRR+L;7qeUHj7$pyu|Wm`}*I`t)==V=rWw zz3uwC!Xr`Z=&xV#h=a3{v@P!>TpP;tMLJ%G;#5W4D_Bv4zuTk!nR#;N8%Tx(x#Mu{ zNtu7)6*RuIZxbZc@Ju6;@vvv6-VN@(5^=5fO2jYaO2oCkD-plMmw&(gO2oCUD-lUy zb5|m+Z7=Z%fv?-v%9V&~_r#TmYty&dO8n|_wrjZ(aXEU5uD$=iu0*`eX6q!d<&QTa z0Jy>x{6X*NRM+Bq6Iy1RRp*3vufUAoAJNW%JI=v%0<#Bf8EzM@Au;7T!PJfKTjl16 zJ+7UgV~-6CGL~NAk3F_9`Gac29t9x%Cr|8g{Yu0h|9f$_u}8uA6NsYzoY>=av`s?z zy??o5kCOCt%oTf-l&1jXk3CAp3Ag!Tk3YP}p_i-JSY6I>pWuHa-^3m_u!U`T>`_WQ zAf6-kc%v>=8E+P`$476@ialPfi*5sJZR*duXjkkp*L{N9qxqQFqwSS-zz(K{I~m>G zC-_W&eTK^oclH>SgjMYUuFPKd!WIqZxK1(w>s<_4_(+d0*KwUnP28VX{DrVF!V0W< zaMXB2UZlR{lMB78w*EuCY`jar@_Gv9bL45jaMYFQgFXdw{NDDFh}4}h5{5$p2Fy1O z7&tYhYYZjlR=brCJCtZJfzzr^&|om+P3eMCtI*j1g{f+aht`^(Obi$-dpH)Q*=|sF zuNqQGMr4D5r~;*9g%f0d_`ocG+f&kUPU-DO3Cx=sCb)dknsk8;H<(2)$EJkPT3p#x zf(mr`w;LZ~G;=NX#2~(EED`5$3`=qj_rJfLwXlY3SlQc6SjoJdb@V^6F-70bdgBxP z#PWJnOwQX`ryv{ijOoaS=g%K?qI<9*-_Rne9UE2Ijps+pY{@) z%2{_V9Q7X@eh-_v0&esQy>8R2E_v5)Q=hyamN0e#JS+aoEaQzv*jNcg1VDI&W`+wl zOHe3ZC2se_cwl|~^*FhoJBs(m%f(CU6 z1l4Z*eBvPnfPZNo`lXg=coWJRmTL0CM;v%v1rzHamcqqw_Mu6ARr%rE)BH|#^qoM( zuyoNBYg8HIAZPXfhZs&8ud3KZ^s?q{(F=&yC5qF1ZJa{ExtmpErlSH97>A9-vp>fX zdE6X~$+i1K-9l_8gTPpbme0~zp^Od`0kbB!d^E~Kii8I+$>MwqL7G{-#EAR^XTF0I z)({`K0XhL_m8!lBlYD)uH0mU>Z#XIYm{K1=HCl^5!e$|LG%#GLpV5+CD}^pAA7Ej9 zX=AMxEV<%d15L-NPG~P5;8SUt|7KCVofL6ohTPnxlCq&pO64*C$|ig<2~*Z(Wxe9D zu%1BhtuP*&;Jg*YV`bLca!7bMUZ72c37MLVQJgUL29Cyaxp^K*x>c2Zd5B_DjN2dE zQ7n!$(J$-pf;b1$iCJp62;#ZKJQv{^evok22hX}zmX-C!KFbM-B)OfC5H=G@vX_`E zd@UtY>3(**_~!38>c11kxx9l`q#4TnaGV4Xs_XeTzv5u?fL+^?l2JvUfvo4xgn{xxTjwv1J20L#J{L&jmY0Qs)vD2R$IhP!rkeFN*PMXC|+0=V%yg3|S7mojYLj1iG;-9MTuzG5GK)uKioXJHq z6IKbvu&XeT8sk;K@qa^QB;{6K*V%!upNHr`?0K*P-a&v*eS)`huXaL`!?nR>&-Ws) zYBktLKNu5E&TA0f^%cKoO{TUEFL2=R7WmX;FrfS6MZj#|%ZInC!P95HIKYRAmZWgR zkS-DREMHp}gy$n;i1q zc2>5$gm=k%FEF#@J=x&-<-JtedC&E`_#ThE_v5v_Jk{!zIF8g*(cK=y7-8BNZ`%1x zyV#pH5oyLeL~wSD45sOmZR@=+vSBkhf~HTgQ%jJFX?q*Cf!2y0UyfHg7YH81`r(Ao zjR!iO#lFaERE?X&O#&TAc;bbWrI3IG@tJ{E?E#7!CMuV?5A z_adB{U+Ajw`6yj#+>JQJAo^>(QdqTW{330^i0HCl&)f^~wzwzr)5Q&F&E zu=p8CYK~WgpXb1&O}ZP)0(W->;_s#DDeAu2h8$Bkm{RJU5jM~27jT++(h(A7ON}J= z9wCux3yEhfUotcY z?n!XH@oG^{tRVQ9g%r=t@3Gx0zyhT*%qmTB=xpVv(M4Dr}c z%-t^tGJb++IR$KoGBH==@ikbJxj(-#bYE#WDVOk=<$M5tUK7)%HCnf-9~FxK0rktN z-*q*H>IPLsKMMrsHq?Y3K*02~n$UwJKOz7(cXek`P3R%M)`T8LdqA5ou?`Akee>r2 zEG>41XeAeeS#1B$O8K_0I{I25GANAj?=0n5c57*Xks}Sbx0X5MqE)e^^HUHy+1HLhu$|HHwNL zJsb{+>3+CiuDnP-&g#n#C-Ip~bwe3ST>&Tn^9Pqo#bb4NsIKSV?Si)+2}%h`3iDR$ zd(OqJ)?g9;=W2wL^J>a_XCzkVPwtb+6Fz*E4esxK(6GiGsAKv_s$gNN*+V<^}veJgNkIzcmK{x6=oHFIF!yVfPWu@&D z#=*>JOfb)s!jI<(9HQWO!;cdbZpDuc7%TI{#%}mv%LmSDIm){Q5+6!wFa~MQK>4whn$p0V~nn zVans1PKdv+{)u8Oa}_DY#wdL+8s=-T?;u38rapvQ0-*K-5)40o2p#)naTt&q<(fDLB))0){E>!KC3IUa>x1UU`REU@rn)b6;d?u1tF!)c?btmyk_MPXI$vD z8_^cqJctY20K3fo^#O#C=kB|M3}d|=vId%EeH-{>zr zx9orHFTHlW_)9zdfA25t^p76=rO0BANWhUn*KNb(myW9@|WtDbn7oI4(Ifj z4#c+uE`Mp`MVs@N-T{QqUwRuAmD^vcUQ@;1#V=y9KN!o76Wh$!y*N?zLoR-OAphYc ze!wP*<5ByJZ3$N2Z(27Ses5YhabrM00QpYK*J~!h;F!ZR1v*U23xEl zSz;}LSoj}ZsKxpsBw{UuSW9wv5c5~Eiuh|Ki_+Q-}?aH`#|6O zR=)S3@4eXfzP0atkner4?|q2xeH-8Vw$^*j)`-OwSEs_1JD{4NK&RTU|JL1u>QG1c zAFb7ObmRo7BL-*da@5fj%*cE_XfW&Oy#HJ4D5s8VJUYfQcR*c;KaP&MmG*;lQLSaT zemdIUP$!p(PCzj{IEWaKowtN}sWZ?KToaYS*NaXK z2tSV*lB)57bo|8)!keOpq*i!AUiX0TX73>>r~V5 zEjD`1Y_^7pntQbS5scErUs(Nlk;uao6YT4YSmSv3{h>KH?I}M{xq}7pr;dKJO*|XX`VrfzEz|PkjBFOogh~u5cQ!ENMk@FD9|53 z4M|mbOWsP;#BfCr-A)#ILE8T;#TpP?iH;g>@q#paKy*6^{LNG0^BoY}Nu~=L;|00d z1EQPK#a@u}JRrKDS}(}q07*4_(?)8vIqufh317;u;Q--u?Q?rfN_okAR%zFMk*ls= zL9)O0mm$qt`#6aQ7bNY)+AsRMM>V$r)?53Pr0A>tsYuIJ`&OD|0=KX=^ughnLsBEX zoCI_krmFiKUI>tKFUY^Hb+?8-hxY+Ur59usKvH$yv_~|Wrv_%Ax%;KOfpEG8`2B6F z!As^mO{N3qt@L%(K$s=^7NQP9nzsh}N)3!=4Ja?!BEWiUU?Z6G^Y%H?EN#1{Rhu1z zdaRLD(LX$mA*u^u6<}OXqP#iPm4&@3a5`m3606k^q{FjGx)g9s4t5V@+DI?;oi%k& zHGD^f_!`@f5xW}FtcI|cOe?ds86525Vl|Te)$jz;ywxyRs)4sKrKWqy-UL{0HC#!G zKHkno+W({)ES&#SeSw~v$sDh$POA_lcq(#tj2?bv?Mpb_pQ5NpS;n+uccqpOiyLC9 zqu=xi-pcR1$OjfIM$Y4cMQVw++)u8-$Lr6spn7k{OU(E?Ggf;u7BS;yX1wanxCPK(tADFslDgaJhe$6&`CH!VW zE0Yi#38``AMZxMCV&R33c6U(~1d}oBHhZQf5>si$Eqic1OiaZ${cFKI1plo7O4%VY z59uy|!Zk!a{j-=G5Ul2Tk2#nVc5QdqGmp}&uJEu*4@B+Q6RQni75}3qNHX_eVRZ$H z&J`r#d5>OJi-Xk|x@dyRKKA@UAdJt+3gu;Jo9$t1}kMr>Tvg)Srn!k8T9Lf?;^ObmpJK&=C zqhre$4=c4L;95Ykat9OtJ3zQ##EUh=lRm9j=7d*DVO2jsFq2<7dmDIRu=-XM@8Ji7 zT|hN{=heVe7eD$82kZ0cBe7wFgu7vE7cXOin~OJoQ0>Gk{$E{vzk)Tig{$vxeaTZM z^gf(m>=IbRZdc!bf}X^hjQet|zQ@apvetLw%Q!eAEuh(}um*JWv zPM6ecyNNPurIzP~SZUVkYND)U^Xr|zKxrv%zLMcoUBY(eTkpg*jK67Z6U01go8PZ> z8bh~ho2PXOkZ*0X6Uxy0uttw&&(v$1Gr^?2IO(iyUXEnn+NOiwv7Z~KyS2?VRhEn3 zcWPTNgBd(?L$9Rce2~e*`JedT2 z9`Uh+GLfJHi7?U!sZE{XCAKTTuuRke(8Q@Pz<`;!%eOzk!}pQgcnM&&-^guF{y50{ z%obtY6XDfJ^$Yt1(mcZIdGJGY|9w%An*r(-b~*|AI6DVvQncF%qfB-nO#3zdFj#jH zkO7(=!(iP-Kr$Cgkp?7Z1f^!Cw{&N$fwMfdLQ6w|pfO_k_k_3JA zJ{4)%^{!Ja|2Df7z^RZsEnIQ1oRN>-nmT9LXazYVA74xp25gWVk&gy|_#+>SG@56o zc0K%5zkD+Zr+eJ1)Vwe9@kdPt=B3!B`IA_n&%BI7nn&}+qWO{3yf5xi3{bD;H~leN z^Z!QL<}|PKEqA?#dho|PlA1WRig?HEtgamKj@uFMxZNf9={eXunrXgx$9|f+NBLcF z3;oLPLpZH`9!r_3^jc0e)o5V)5Em0~A=R(^6w*A(A0o;hPvzHoiQWZJukvpqL0_}K z9BIEz`5M}qa`aFY05pxcOh@*;{C$6+lx#qB#J0@~(&7Qp_NuhbGb}y-x2e1HVsSum2Eyr|QU!FCy}UD`XjqkPm~ttXdGCrD9J zpA(@EemE7opyTs+uvq2|5kP-XYhR@xDEo1%wD+on6Gzgc)VIF~k7NQoaswMTXk&{W zel@Sh;+QSbmhh~`g?i$Vbkx*YhDUi@a;e3m?5ZvYgzv70*?{md_ym<}-Q~c#v3FIw z&pLM<8-Uq#r#k&P`&0_&M2i#g6@wiEEEXS^N4WTLhdH?H{M;bksRnHs?x(Bla-9<` z-n-o@H^=!vyZt&U5Qt1qm-66>z%KHU%LR?NH#)`WS$Z^+SB}GZ76NepaL;)bgYy4? z``=38@$U!67fl5Ju|8fE{fY;j_0u@VgD9(5Ltqd5S-ayr3n9F0uKPR-NoqR6b)JQ! z+yNl}c@~nf_fgJy77P)pcku-PNi=UK!L%R0~EWLcV~0plv69PR*pl{CxFaN_56Dg+I4Uy?V$61<7xW2K=O`7Fxh#(aU1=dFL|}- z)tSQ(?bL}EN+Lfg(C@s=COGp;{LO4*1H~orFW8%?f%tAwt&zM}5N*h;wE-SPA;Foa z+idV#so>0wc+aE(gql}XmHqSy3*`{$73fh;Sm4Xsc%e2hAn`TbYlx+k56?pP7To>; ztbTq(?f15GpLcS(!uo|b_dX{#AG!bb=2khm1;}0J&Aq_R9i({<8#aY!zEA+eGhfqV zuCjRE9k>~)#}YcS8&9H2QOb0I&3xCHQs1c5K;|C?y0NSuu>6fCAC2apfIy?sl>SRf zg*K(7nv!&wlL6TvKW&OKR5suq*R3wy&Z1L~Zlte}Q zSxgB`9~U8hnR;52lE!qBkcyoKVXNCXQ7|>#ANzN5)pP~m?WQGk9Tv}W zvG^nVJy{eOhs8t4;)lqzWO)P6reX^WyVAX!iY;)lTW6qAu?6@*%whYy-0Z#tc$;0J z>#+OyX^uw2fD?8F#$oqXz+|{L#A0`6!$4K#Agjuys~&3i=u zTx|xWtB$oP^>Z<}0Q8)$dWa44)g&;;!$Y(V2L&R#2$*y*hp9BcAOe|chpO0@2X)gk z?gR`t(qyDBI~-MNGVB>V$rIHpckX%C5T{SyhVA3Y-u%(SusR$N@Tesz zQO_TB_737v69@;q!k@4_YWf!(*Uaoku1Ud%t(^M6>O~G~47~~=LK%4Jj{&m`yE16q+EJqJ^}0|HvnIrTC*2@RuGhy<-r3zk;Ar{AHc>y51F zzwqI{TWtIL&OGC*YRlj65%(Df*O_NLwq>~2I=Id};|d!$$2{Yk4n5B(=Y*nmh<~0j zg~@-|5AzHGICQ9Io^jn)m}guAq;BRJg7XFPS<&`9WBqoRX9(dFnrlE^ezR+yu@Nc0dBz_l-^?>E0~cUxOXnF<;$sKpm}mTWla%V3 zXY8_X);#0i0%Yz$T2~@PZ)TnW4|Fs0jL;%8&nSJ!ZhqFD4to}i*0^JjaMNYRYrd)Z z&8LmFs_I)fZ+IWNq(Hb!Guj;Bh!S~!)d~)PTSE?ZoPc_&oYrs=`chYBy%==N2kSnT zNdpen!^_vWI02J}H6YgE%v<;>E@KZ?hnh`nI)&4Q|=CT6&gjM({75cxiGJy zAAhIjVLJSKox)w@gxJ|Z5U_{_+rbCcc_L-S zN+nF^AvVLcHp8_phHG66H)uRCVHi$?7Wrqqh_twxFSzJbPd%E$dM?CgK3jkrac~{$ zdD)iXj&*Py>p5C*yFGXG<92O7t7s_C2>R{k942qQC+w#H{J6Epey$n}`*|Rcy0M>v z^APeq_VZ~N)U*)ZYNp$MO481IyX>c=WU906r)10=?X#cz@T&qVPLsoaj*xs~Klj#V zeM{}9lz1ry5?zO`b4QnR-#vmo&K+`}jm)y2j|q^mpHB_m68p&^!JIqVO`N9J0%JcL zdbXecdZb%8w{Mgcd%>}x_q_i-?r(Y9)Soeq463}nstSd=jN{$MqmPNB!EToMl0DZB z4d?QUbcom$d9}hO1M}4K{lq_Nb8ILdJ#pf;8Ftu2to7UJyrI_YxCp$YcRJsC{pmRD zARJ7l)A=^cS|nay$lGSbEVK7{LYm(n#Ob5oyrmGaM%1C*5S76a#{yJ z?&%J$V;xT1GTdPfu45er*|<4;tB$X=ZCFAhaCm>eZD?Tf4(jk$eKwxO@&8{1F}F2L57+6F1{#JzIZhQC+(ZNp2uW!Z+=0%UB%Tx~5k<6Dj1 ztZm3xwxMc4kG|FF?%~8XFe>1R%R(zTJ7vOi3{NvYwb9iYYv5ybJ%0ib99Lh@JQa-U z!{VelJ&@1cBw zP}bNIUM>M=LW@=g(^zbave`J;4~zqjmo8+%UL2kwB*pJBE`^ zNvWNmLQ6@`eMpibSZu@5PA_9Tuc~KKL1gdhdV=Ry3{M?FrNLt}PSY?i?OQ=xBjs20 z*AMg(Eqoks;luwZ8%Wlaa~wUX%QEFOCnDb@A-8{h|u zS{1whMOX9*k zJAc+XdCseoZ6^3MdLzoLswYwS(Qb9zB?N4BwAkvnv|pAwu0p`bQpfp^bgzzWs5Y-U zUK46s9UDPLs{xe!CzFZ5u5I<_q<^r6zTlom6yUgFj<-L54Vg44YSX#kD? z5u1Xf#@KoIi)q$U{sMrBstqTNdu7OP|7%q}K?0Gz!$~Q36GpFjF0$$hlrKYA@Ma#N zYvSix()C3@p*2^Wf`Tq~74+k_a?Z8eM%@AKr{VG?DQkFYgjX4z<2}llN>P(b&vB7F zEg$AIx%6yT(yIl9(A8O_h#dY}fS-Uu*6^V>Yz=PoNs>}<`CKW( zbi6V!r8{1r$ZlyaLv}K_>`qJJ7i=vZjm-_2poGw+GH{-bw%pvJpfAGX8DUu1_SMFj z+B$8jD9_E`9Gkx>eaK(#`bw>~IavuAGck;ihHx;Z!>zf5Z?TCN2yu_q>34*>+3n0WM(>G;9s)12ml3}|Qq;>nunAZC=GKA3<~hAZ2O1m=z-=YZ zy4>OSxE}c3L^vvZ!5mfj6cYLH0c<*a{v~<_5R}FkD}#|WS1##G zLZAE62s{QkTxO6To%g*K*d*~sZ76{H5<&*F7b0A^koRTCp^LnI4%~6{C?yBNIqu5< z9{**EFebxBVQB%}#hxu>Y#m>+n}kN4fRjx@*78avkFQ-V?I9^l?zl4mMWCcJH_O28 z(0S%o8AcK46!OKu=A)ihdtCTX9k_r!r6|15qZXiiweRz&Q^#MWEsW#k-Z75Dj4kc< zEG!wh7pS#r__GBF72X@*HAf;-hguBZ$hv=9UrSEZ%oiA)%#9W1^nhe!HfXe{i!dUE zlN0f^|D=0Br45N4YVUcQ@HNUDxdd^-|4c#HqiSwSy$EGjMepgVzzIhYl!0ox0Yhv1 z@r|J*PW+f9Ck#wmt@_r4W>rOJ<>52lWGJ}_T!m(}jBNh~;%cl1Z!bhAoRmbyJtK>4 zV*7&_f}%^pak(W{H_REAvZu#*f~(aq`K;dB{g+&~&r04|f@8H+X_#l{v0<89G0Ytl zsNv8O)}q~<&{|MDQw~G5CnwFa75UNMFx!aE>Z%wBc99I(f1X2yLkdgTKM71y!yp+j zD>O{Ph8g;I(n)9-Bm-s!U>ZZW!5B@t&4$}w;BM1!NCsS^z{Lp{x8Yv=2kFHNc&TDM z4^J8c0KnJ;JvWAG5Ei%6}#bY z--?~8qPGNiA!n$gs&eZ9zxuXJ*Yn^U>9BpCZ^a_;>g*oW$_awG2>7c_o%96Z)t{>sVV}fUNSTm3!v7! zN^4Lt1-(jzANgEV8-uvs!Pq3bGRX%>>HUx3Vqc6qp5i zfRBM6t7iLPffu78LlNXpZWJ|JNonGW4LPxJptU57yF7Wuw5#_Nd3p}b{%^L#dc&u- zHTGSk91JlyGH%GR@nS|B?1;<67L1F{HIqJV3^k#5%RWf6wG9oW5R2XXmpMhIz&Rr& zVXs|B-{(d~%dRhkviNERJ#313px78%z<#m-FbmZu%W&&-sHrO26kv4325jX#GrE9N zum`=J=jMYs9N2(Q0XO-Qmf-@flEp$*JTd}SE zGyt8GX=?6;v#GaDj@A!UV{Q2#y0DL6-;rhAoI#{M)H@hM*7*Mc~F zvOr`b_Zf)gK!CqEXoU@-n{AQl0ZHH?ihjUd^|o+Hce4} zux3KP{$ac6 z!i!rd@tO*RI$$wIh}xT#nVW{p3)OG2Ya2r0UksnUtw4bZ)z7QIDE@UeB%f za^%ArJf|8?JXty;LeG9cYC z{m4OB&pZZ5-K=K{&T{0VzS{fEv35lI{eTlYdte1KxRGj zrS(#@Ydtg9oz-I@62?G#*Axt_+!39c?qujq5b`~nv;Pn+uq$SLt@3D(E1mCm59iti z;l!k5ZpK*!wn03%Og4GF2M(1PLXghKT(J`jd)N!M*A(%SnnDeb0bbE__`izgtu+wY z4-jo?EU02AT-8P^=xj4PZcjRSoGtNRWP7pK+fbJ=xookqIF43;=GVvxN zE%3K%sT*k36ij~`X5Yt<6HjlaZ_*@Erv^#@*`7SwV&Wy zNz75BzhkG=^Iw^XSo+76k#j2rSK=9vPq&LIr>*d@i-&IBiNXo19^4V@UZLl!qt6E_ zc7YBOk-O8KXwrHbf9f~icA*aduq)FHSFSO3EgtbRgFhCHk)?%!8c9L~fdFU(3)Q6y zxhly0IT#_|n;yBks$P&WF*@{Sy?<(kj?GAk* z(Gl{+MK1Sa#_YYu(7R}Clio$8zBl%TYtRG;WZNuQoOdleF(}3ez7^y=Ay(JGhR=ce0I} zWB=Nm)!N@H?t=ey{aU}jSIXpryRhL*0ET_-@%Qfe9sIr1fz*w^Cpb;W7v;-W$_P2X zmw~@0gb%>Qewg$Iwf87VN26Bl{cDmk5I`^_V_&@Hg5dJW8&Q{EYwU#>&8+=v;_v<8 zWbwSTYmsAb>#>q={JnB;0k*c(-xF457v}KyKKg@{>hkw`ZNiSeozQsO!U=KllzKye zjKBA;^80(+fs+nr{NQ714El%h_qy5JI_i4s+knS<^y>0@ge$dXYUpVlfr<+I&FW_n)ht zMlW^wkiAQ3zjuQH<-ZJqF_sf*%@_mCO=iH-#2L1!Tui8Ew2xFQpyRyV+F6c&K3M3)pZE zg1DItb(P-QUNZ;+kWp*Q{&m#)8`x**V8LqmpDYx9ttcCe3W!lS+%vQ22yW(pe65=L z4yW2$uHmUSsNkV?N%ME|=;b|eIHGe@QVK*sDY76v*oM9q(2b$n$rp~q0oXK$uUiC_ z$Gcm635dm46>7PPG4c<*4D9A*V3MX%WkrFlJA`{>hB2o}MoH1TK4$}5RH^0_j)d3{ z61iQR+4K;b@AQu7{|Pym0|-jZ{{^-9ia1jGe2%w1pnfUt?Jl$$qB&j;9=V>x(i>w( z@(FvO_zUlkW4xLrRA2^!)jY!mt|^mkg)DW!8nx*4%_dni)l!*-&!wX^UGYp8zV67^ zD^mwRlt=(|)UIgsu?AeRyiBO4x3Oh@bq6>A+gjLMxpxiZZLD6cr26b0cR$`7#3$@q4n-EHk6_tZtw z5A3$c+gwFnU>Dgj%v+uB{R|Sx(CsMh0@*7PT7btiDp}hOYBnKV7cnpzF2|=qyd4KZ z@SKrS$3UZvbgE}&;K#kz!FBwDE4B=GoP+E52M5@=IsAjVmD)cjqa$$6 z$A15yoXOk#2>(C;{`-l?KUnsA_y>mqsT==5a26mRHphtvE&B}qfe;>q8#^8UK$3?4 z#4EnOrj__w1O2Bw+dmM{nqQG&_P5I{asT5`wbr*U0dykYw}Yc3-}nck!3EgbQvX0o zyy6$ zo63qHeAbs%XqWF_vt<}%w$Bisr2Yrr6CQYCx8D=ipsTnB>GMl4hM1`_kCj39X;$k; zV$U^?F~M`EJU4R9H3Bzk61+cst(W>7GR8w|GrT$v*?AR1@Hf9=EBr02z$GzFy|51x z>(>*3GN}UwgakX)pJdC;+V-;nQ4rbILvkEA0Lk_vk=NUom&7-E%o~opKE6E8l9`7k zcKO1NU+y8`UrSk872^M>2tK@N-z~Msn|dBntD=qkfDmW#jye1PV^WBe!SG)CqEwK^)K!sad`7Ks0*%?n&(x_6?*R)OUe9c)lEKpZ-9^%Oe|6Owb_(a?h~vEFJ_4E`0W#tr0-cXCt?X(!yeu*h z1?FK&e}7GAaXZ^(ol+g&L1~MtqW1?PTB^cQt8%^>?2#(0sV_l5fw#*fqjOeauAs@Q zGd}pX3rkpY^3Z}Ll!|+NxU!y<{b4KAo!D?}?XcMqx){#;rCtMipxvdEFR_)RIyy_w zR9;>6I;9dqo9kek zkW}`SdP_`|afm@PE_4?j@X;rEpkX$V* z-zkh9Uv<6g%L>js8{FR{FDNfC1Dm%PM(1<;0KH{P2aYCS3!)AlS%N2PD7h8flc4wt zH4WQQEq(XOYyug$%Hjv=_%PmBe0W@_DsnPj%JG7pVssf!&e1fjV52yv55LO+*$-Nv z35oiRQ`>%y4aWN?KL*KB^%lW`EkS#&5K1r$0fsg#fiDp zOgJfZGztc1E}6ICEg2FMii^4$&{8wC^pCB$D4M-QNY&N&hCn*yPVU+|2dT1ePde!& zE?~H}tl1U;s}J_>HEm(cZn4PDZfaYBnyc=6>-CTZ_D{1?;iE!haO5ubM=O?F1?LH;(G8qAX)gL?Pxh^mtk^~_Pn zzmJMF*%4&7&v2J}zN_45&T>EBl5%&*F8A&CoN|9Xg59P*3~2)qkKCW_?8yD=!6J9M zZ@@BA#{|JI*E4d6`Y367MV;a*@-}3&}!w_g?fmPz)^|Cw)0Mn+GRVMV|;%{NA)yE0Cn~xt=5oF(#Z8E0(IS z=a0JbE6UP@Z|Jf75qdK7xO8dSdL4^$NYLmb90ee2II%X`AVJ13XCdlh2>hfBh0X?> z9|m$y#6%=Jx^Qym73bDP8dxr6GL&FEr%WZxQ&VgJ^&(8`#io;!viEJAWZW>-uMvVv zbj_oYfYu0q)Z{OO~b)*)R_eyS^rj*MIc z#+X)BS=={rmU#&-FCQ6PE(L*ixR`U<0m6x;8k_zr4q>!C4yWmr5Adja5m?bp51*O| zOIUE=MJ9NowZz*sn6_g-+0J<3I?l0HGtb8cF5|_aIkTD5rF=E*l(n|MyR7!3(+pN_U*e027lg9nKNXuiXsv-6D0 z0qp8WArGRi@Gr9r8%aTEA+4+at^vKud_ZBU;~AIhyxNOhNo>77U8m0fqcaq1Ux%e+ zP6bR;=xzuCoA7mBgf4Tf_*QqfAB2>AD`f!IciVSGN}-j4xzFA0#YpKD;cN(4g?iz^I3GIG6LLI+CC2b^1bV3Wd9kU#T#5j9-xt(Ee|!8B>CL!?Em+D?Xva`2_rV0Tzt0)H|zj6@oiy5&b>sM*{y9@j~U zdgiE5i;PA>;7VjyOZ+bo!EE(e%Ezd6aApv!No%V`d1hrd;^yN37au2r4?Rpb=wX^a z_Anh<(H(akGR%6oTY!o)#i%!t-F}U`(E1Wb_z(8YRj4&acVFmVvI{-HRp>d)u8yw2 zH^ND1!(IB3uF}s&>H3&tRw-*!SLyTKDt-8?d_8REsGIdN$a|!J^bJS)w~_7YsW61B zkQH)Tur_2rp}|_?^)oI*Hmr{a^DVHH5C;@P9Zd*m*prQ=-OzZyw}-}T(737I>I}iy zG15HHB?IV(!JEh6)xWVCn=+*32MP-FvReL|KybDEA3n{8J31#ZaTWqFRoE^8F6+kQ zi-lX@gjoLl!B$_o7(FJ7VylKqd_6@YXgE@fZ_^t%nG~Gej>LpK+XE#5WO*ze8-vHH=+l7;ENbhQ%3vU}6~^ zxjXYH25VsoE=fpihb$%P&lX`r;N`ofm zjG?SS77T2I8C6@=E4Oo0O+yQ<>b@ZyRa4-jO%H|~Rr#pHDxda~QFRIU!M-w%s%h7# z`e*@l#a6(7nO*b*Xo)72wRcQoJ7JYSd9lCX(xkq+W})hTE<3=QYFt&#u*w=7P|On2 zvU~})`-5$4J-QEk*P&r&1uPacTLWQZ=&ns+d}a%D1WjAjRfENr@?HI96bF(rJc_B- zO+$Z6r!iD$e_C75=XJllEXGO*?2hbe`9f3%k_Kv;Yq7zZcSs)urzfF2*Fa+Pks0Lh z(F=TZKi>;AcgNj=(OKM`>*B5k*)ovWg;uxj7+BP~?gPF~v z^X!4dE`8(Hj>v;hdai*4%T;a*c{WT@chWy9!>^}qrnnfn4cV^7Ig_?pj-_JkBT;`D z8^A$Qy*k8EErE+bWSl?b^CD)WXlE_DS;Onqp;PH2t^$UmfN4#!b3vCSoq=Ee!`TN+ z!UmlC_$df`VfK(w+x?I+-K&t}%#e{J|FASu@RN|J&_WIz6QMt=-(cWaBXn~P9M^j3 zuKxrB2X}YDn2{#Nj&dnM|Ij|^(WEMx3RGNeOkR~`%Tu;3Ki$dFwj5c;mLKk9XH+o6(J6&yj80bCl?^=M901>kJ0RA?muKTrXl+Qxc^f0u>l|&Uex-H(|pj zYcvB^SNoMVow(2mC#4E;iMZGndfc@z^4K{Ss_iPu?1MR;eBw>howG?G%s~YPDj196 zlllrylWoJyNQska!Jd0=MCZnB!9gE(INF*hP8HaG%dcpQ^nLK*9lI6(WzGn))_7xF z;Rw*^I)Z;Va3ZO^@TSiJgZyY~s?a90Op^)5Isoe;HISq@r5J;Bi7czhFLK-FKhQET zhScFNejc8RAHt~{)9CpK%bN1T1$g9CBZ*A~*Sx?yGijC$jRA{qlF8IO-k%JOdNCa5%Bd#1gNv-$cp6`gk~kTRzmV!>3;AYOewMEGmNG+a z!R4}u(H2aFgIZDO*U?riVWfK71m@%*(2fZ^8d_Vp`rlQe)IK)&`8mL!7jWpl$Obzs z2iRNz16#`weUF`r8mq47-(7>ZPCypUPrwT=?`?n&*wrQl_q8c1v}iPnV2rS?+C0)w zO_bwXd+^ZD##p8?tm**quFTc~ZO%@qZY%|gQkNi6NM{CkNUy~!)X)lJ2vr#1!!6+F zy}-+J0Y8I8e@mV%fK-FwxWCPDVGfSZlVU2sJlm6wwFhrJn$@FY>aq*Ac%%pq&%p#j zR{omZE{3pV9dqX1ST+eTF+wm0*i77*1M|cFRE(F2BZIfEM6#a|bV>F?n~~8u$R&tp zGXhtNMxdOP(V7})GqUlQY!UvTOSGzlQY-Z+5_#_Hp7?dOj1dA0`w#{g&4g|sTiXT9 z%~3!{zZ`WQHU+$lOjiMG1lGm-RyOIwa*&?ufa}_tI>icG^*7*1x0~B&k?nOL!M?jq z;Y6Wh!yP1W#|m6<=I;1)vAByDmMT{2&jRbA`IBBO^y_MnEzl+ZHQnzeK)MQO5Ja09 zT_Gje1=N}X?0OE`q_?t2U+N|OM=xp3`}s&@UH{GtJ2n?AkFxXWZfk*a8pB|li<+N} zfNL?GatZh;UR|}K1^ft!KFZ4l&ea&4hP;nOI_@PsGZ*QqY|`g=;r5nFd^Q{IAc4!t z!ec)f>3RdkC0(AEwAS&jSl{zW_kmvW>%M&)YZWjbkgfvi3}SG3cy}>4%cr9oa%`%^ zwsZcn--j?L>81755Yz}lojMBgeWzjjBrnzDEOw01*v78L)fUE%UW^jK;E?tLg=|f2 zYopAzQ2xzursHya$q1;+a16CE&e0g2k!3ldy&BEmSNepTrl)?DZV({n6<5d(3EEVt*?WTp97u z*l9kc!i;@B7S2P7t%y@B8c%v@JSH@3tDu`zKG^g%tD6N5wXvN|GN4I%bbGddakL8K zvugfM7tb%ata6-wFCTk?zO)T_WrrgMRK#=%dvkVRHLhVO=7jkBx^dmJQ54`QX`PvS zr?$5lx-titxr>GjVHrdiIz#_fo^2R9)5Xv^E{4M4ZW-#OOA5x$2N$jyIY*fCY4Z#u z`dy0y1yJPP&2mcZlSD8-;ngJr%~sVr;AF|wI~SuFJ&YIQr9yvz=C}y7GiI!h#GGZ)dtmTVp6-eE zsCk?cpTP@eUVK8hm3GmZt-HVc$EkG+q_MMddV&58=gaSMmZUhL+|4fRNK+U#N38|f zF4-z6#e~+HRnnZaHLcVLo6yD%En#j#W(VRFL=!qO?k;i7=5K$7jQdq#v=G~&Zk z<)?*j1XqteDI?@UAMPnV;F6%=UZHX8U=;8_v~bi5@s_{t-!iHtT>2lL+Qq)q z8^byFjL+CH=bmvt?$HjevuFIUEyL~O;5vK8H(`Ih^Sw?DMMQ)>j%!5Y=wDuk=8&g* za%j$2tbGpbe)NP$%AaDo4w1MbA^Q-{6$P2kLEh`dZ0p9)ZpCb^8OYcmP8s4H_S1 zWyp7$STh*R0TyZiPO}=dGk3zL0mJGyi%Hz_nqIXM4b`<1{`3rkvnS9v;$P+;W+>0W zfSS-D3bzm5WI+u(>7yu}BM*9e2_CNrF4P1|z#Sh&zb1{#R&{nd2F*Q1glUGdvwXFP z+ZG&F*U5M~Spm9EoqRQpyg9lE&r8(oUpukFc7J2&K3K>}Sh2$VfuV*M#s{!9+FYhc3)ri)E#wpOlRwF68<0N-aI^tVtWIgBm{yW6BHrf76lZ=1zg$Gpo|VGUPN(M zP!YuyHKV9EI@~ajF^=Mb;)2BM6;Kgz3B+h-2E+tcf+FG`S9%P3amS5(?|Z7cySg*M z-0%1O@$o!lx@&pQsj5@wR8^mT}*^I?7`?tGYEfSnKA+2E!ev$sl# zoelH5$nFI`8_E47hr-hOivfHNRoxUl})EpN0uE|Q2RT-i;1@y3GWHaQIU119ZGAG~q zOKMNH3Iu0F0YqPZI{7emWK9kx5Qay{WH6Rm?UTxy{S%?J6Gn}GB4tt0mm0WU9GhtJc~k(g2}&6ktkx*G2DR>KK( zQVmU66tTbgM)X$Acf7Y6%D$kwT+FjK@h@|`UTyqaKsxDVGc66)G2e&*sDkaRQfJ;Q zvQk*g;!a@K0OWh=_EdCH_cUoV0DKe!pu=bY<~rfp04%aD(#Wm>c=B^kiC&WRLTnfQ z^|CyiGlHX_xi$F!ovjEKLCJBclMPiI$i$dUxvd$3ypf%m$CxIx`#W1P070JCudP-@ zY^zSV(%Xu$7u(&6*Y#4Z=o9AUnExBCxVjUV$2`sY{ug|I!dW$959?#}O+~5Zh>xmm zzt#?;ZNScn3!`<6=omSxypEq2|m@<22ca4 zSKPCJ=eUtxJjSag%Io+SwDrR+-PA))X|K!?SS?a-dBGWJHq$_a)Q4Wck-_i42UlS) z1s6$oqA+<2rP*JbF~qB1!w3dx$SM)-vdI z7&^9~Yz*kAcW#!`Bn#q=Q__X_9vxqimyp|$R17}jU)D%h2?A9XB|7xkX9X6ggkEL` zG>(n}p9YOvz_%`^863Gp2bbeuD7Z14srk-yBFz7hr~K&2Iq;t%@6G=-w8FCxI8`e- zH}|TP3Y(H<+Wp-O|DRF^8095TSiycVEk!C6Z*nb2LT;3>K33AZ6zP$TKl1$mD}@-7 zkHATm+>w+}S-1^f;WifMNj==7Npd{YOX~s86$I|@=b~{@34t>IC z!9}Utb~zVzdBJW@PYKR=iUOXPN7V(={IM3#M<+;($g53L-8AEmvLmbh4Si;tZ~(PZ z{wIT+F#@ZoZnyHkp}VMA6p-v z*ZPJ%Ge7Vc%=_5B|GzO0n3cKBSt%mRrB2j=;aR$YHEoPLA(xGi3d6Dv6A7KiP#tOg z`jD1`;-?|B$KsC?+928po?X2wVr!7PGE|7(Iwd{klb^2)uds?&SUXh2-cm48(iq}2 z?s^DTL+myLD)TfOPl$whx(83%JTZ^8=>d?&ni`(*?PaP?R~hQTZ-@-U@nZaehbMll zH|I(6OBe(@j33blhcSctmMAe$4!i$=BzhIj197Vh5iOe-D8>FZPi1`bAV}oEiD}+M zU`6X#^gwA}^^hBpPeceh0kzaz#P3CTIg2k{^vi{Kfr(>y?NxYAPM3f>!l`;)j_TpQ zJ`de%9J*tXFe_awd%AS_;?U(wg`&$x4_(43x<`So1`fs^MSJ*I_%9m+%1c*m%)?2H)==3=1j-p!o8fm=i zV+ z(DN8uw`5L2YedUl6pH$2@GZvkoK$uai3q-1tV+p2Qu?-#LT}@&HOi5 zuM|i%88iPbV6q`Lf~|~ynT=>!05+@;Dv<+Ot_rZxt1 zFFx6B`B~ga_W^Gce!JEq-Jjsqs4VUw4r2g{imN@yDagt9eFx{~RUIP(qh(71k^ad` zi0Ss2`@NXA;HcQ%$CkUiHHdK{c#T&2nk&?*-Tm zudG06?@IY=e*>AmiC)gxq>$rBbYk61*WT+i(^B0`x%pNnb>fX&Lq8*m#BMX?w(jOQ zm%(hN9#6EpnescTX0p7^bZnz8*M5}Y)go!KnZ=N=+Br7kb7bwn5wR1n$=wk#FYj4a zY;W}Pe#YbN=6!U&;@!7md+QpLcRAQ7F$PuZu6kP6?gs5E<;f4u_zbm+<{#u0x{vO` zka78#v>ns&8Q9xG{87?T$HFJ%v^PT%gCK2ZaOL+-1%>&YBC-pi4t1ce$qKdVt!z-o zDyUU9)X{`G&4JoGE7T2u5+P+{R>t_((UePB_|_})+TzxSK1F%Pf9e>Y8GDOI2N%w0 z(DmmzK4!J;3-eS9T?h^h+itzdUVl0G;J?fjB3_W@vL%zMEy>)xZaLNuaLdQZ zpK=`LAdCiN9hot$h9k?pLY22rDwASr2=H%r*+fhM#%kxSLPrgI+%ZD7mCjXOIu9;r zxA5MEGh47^T$gyvV-KyJXXAkfXbZzDki z5{L}2*43Tyjtn$qmjRd)b2#<-opx=FH-=LaxRRtsi1zZn{yLLwNY(7EuFD^5cXgeM z3!zwDz9H4auY2srA|*+t73|@%ZCJrY*fWrw?QB-?4=>x*SX*gl2Urlus-iZ&=3)DL zrGdokmEakc8eg8ynr&D39L9u|eua28W7mLYzI5B-iEEimyYT0u?PmPjmX6uP^8gRy z&BJl_!&Tr77Z0&-;ed}QMkEvu3(js^MvD7YIQ~O8z7^hW)&=-vn%!Dv+e_+vX-apl z52ZSbIAVEM*UpGLP&@p7h|17G`yi-3RE1N1uE^$<+U)J}FR2mIFD+t}jSK|R-~HCSV|O8cbT^JMPE z>GsK6sA$m%w3WIAVPUoTI0YHjp;HiQ%rMTvYvsA*b1e9@#%$<>+iDKMV_OFa3`7dw zF$d?N>YY8p7AP4jIYUr3m>9>y!@N6Yp�pw7~4wyU*whh4v(-J+EuSV|Ec8Or)LgpV29f z9+&2muV;)=%!5B`Sewje(>4(=^T$=SoB1J{dEbEOhI$Y4PtiGD9n54fzp2u$_Bq8a z^UyYB5L|sIfUoAW8N`^E`CI3=oB5mm$f|K(dd0*1X8NSzD-zZ@Feuqzm3@GZOX}S^ zbQ6fRI=^Zjx&-@WtO&&tk>;X3PVSH&opl}jVIk5gMs6&&D%qMkx|-3ruM7x*NPE8; zKJmLM(0uRUr+Jm9K)a(rQR#Vs(zBxCS_}HW$ z>tmnt34NncDY7A0?_()3wB0PVq|N|iKGY$%`QS_%G=LpzSyj7`eKyQJiC^V)=&HNPgyc38)qf zenII2E}-b-3kl!1lXn46ZY3*av*=tH**T2U$$(-#Rq-9%qZX+O$jSUJ@}$yte-`P- zNcv!`9vnyO{sD5hGD|g2KFZl%8CbAI$v|&l8Ux^sD?Ks*&p>dm80!JXV(FU?u-`l2 z{Rr0oEe`MBgSU#%6E^Qhg7@ShB;YFknO*|5RKd7okS%i}i+ANrQVGU#Rk@`~9uU~a zwJ-)}+{&VtJ)RqkMe)>5{aO91D)3p}0{^lC#wp_E@pFW^l7|J=YLPs9fy7X^f1qH( z$;|(OlY!YexjYLeXSAD>tHFs~@AZFDjo3Y>75~vX>07}W|B>304@6aAF=+h$hI?6D zwYmmL?DJLv**>cM?p3P?KOj}tlx_6k8z}VqC2NCRl=evA{q1kzcYaoYv%M|c!viP> zp|pp+m_~cUi&l^EiJZzrlUu1i(obK-k%a9{jKfFTSYOd|S5~!Eu}(XP3_uSqmm`@v zl@8Yrw{%et9ZI)vo}eBJN{2O{DgYhw!x&vAzX4xr#{YT@tN6z;E~lf4`^kxWnsEae zm#gD)pR@Db%{Y9S<+Pjs^l=AcHY*2}EnM>oSiK-v&V=LviUW2ND@V8Z+E(M6qhU0R zWx0NHAr2fasRf2)&>`Lv#37^YnXCWtqqHj~ms|-kl+`f!qPgrhUu;t9?NC}gqurG5 zY>QGO+`U>YR5+)&EuxGXp71!x4Mp2f3CDOWeELtf&;xjN*avdLT@a^6@sIWXBQkc^ zCa(~J!bd%Jk3_Bf3D#G9X8fla1>n=u2;r-GbD9!7^maJCP3VA^gn-6IXF;OiC)c1s=G&r zbhvIul({K7BtJ4y9^i%>fv*XJI$YnE54cJbRAPewfp1juv!W?ahsd`*h7AB`c68;^ zk{_pGM&Qs3gI@EIn$Y#TsfUiGJL!;!(20_CZgVdV!>|{>kCDH?;a8um9p%AAgCU+1 zK{|PpBQ)3li({;6h8o7}Rrrf#mSW5-#ZhN~jFsYuOY#=$(wzdht?M5M!u*pz@z{R& zTVBV%orALmpfh2e3ol_DUa)kT9A40h`0vxR5kHZ{4<>P);ckc9SCJv}7b{LjJ?TU( zVbteF)JiAnZbmg2QB6+NG)65pq6R!~YmIXmb*B*(b)t?&RPzls4^2+^z6?L#4lk*; zp>|;SXgmB8C;ay)!ktE$>x6%f@YaoT2*wbZoiP_+qhQZfNBK?3G2D2cnw!dV zTO<7N0;O0VAb&DG!$JPotdQ68rUGnQ?3r8&CJaGHBS$m#le)y(VSay0&CGZ$ZUE z*v*ww-elLDW#;0G&c#ROD)Hp9tFg(<#TT86kIaQBhi;@2(6Z}vgPDsjIu{?AYmg@w z#e((LXy)RJ&c#RO8sN!AnPaZiW-h+yTzq7%Voxr+G1F!)zUW+hWG;N_bA`{Y_!=`4 zUvwruG82rEQ5m*4EH!iSMd#upb7AahK1Z;z z4E2sq6&;dO%Db{*(eg^^W=hjmipdWjFd5kwgFu^FFt&?+!$9JQ^$bbkWhH&%E9GGQP!q0k zEGh2H1FMgeJ_Qb!>5bOQ#_kbZUd`atj?Vsq9)NMYbI=vJ*+<op?hyugt0(|7CIr#6XR= zo35wBK~tbqrF+Co*OVOTq^m(X+zk5*yy^sSnwyY?NuJ=Oyd5c3?eI$n$EW6sIM1YJ z1N`lD9uD@|lUYyUizn99)9_762e{0|{f}SEjLz^)xoWBOh_oUE3#D%#0jdt8GfIsU z4rdev^$Ct%;RYAi8Kobg5)qtPh3iN@;|5cHb@_U@oSYq8mj7PI?J-7IGo`w#F=6`i zg~4ckso)==tc@4?IK{|$3PCn{1 z^`j)Ha&4!erHlvxG|tcl^m_C_2YR~}ftEyyduvb|&|w$4YfCAb`uUC#swr~VH4xbq zrI&Ip^m5c4*_y|qjB3?f7=c417#U+S(p52{E1W;p!mG2FF{P^yX9aN{fRcqfsNbpZ zOXvF#oYTPLkNI5EO@>1Wb$Y#wauVtSJsGHt6B#_d^!LxTXJZTnn=$nhRle zh<*`fF{T&(gju^7!mJbn%yzX)p&7ReQLxQI6gYx(mGWQ1h1r7xrN^VYu-Da2LaEfZ z$Bk&YF#Y7qS8`&^*yNK=&wf>UgWu<8XJWQOnkPtX%P>5D6`eG@2U&a1ltd9CUd(bsT#b2u!v#}!db;bCv!j-s#_VB~l zN4^9(3+BFaMd%BWV%K$P{Z$m$F9O(^ET3aTR^?R4D;zJ+se=w<_o%9+2eYvu?cXSR zwCw9Z=?%wSdBnuPh{5ax?=H~$|9GgB+VJwO-@EuVzl z`nwkmDpx8Dicd1?V=a}PlILC`PjKULog_LiNM+(Vm7`YX$3rzZfxoDW>Ck#It;o!~m zRjFQ%rn*&}y+SYH;Pg*m#9meRfWYUy(5XLr6$*Y{s6o9X6~>Ey1S?USt@)RNyF4tT zw?N!*cRE`!Im9Zsf?v@}sf8?jCGun$aegs&HTXTgiF(# zX-P5432l)z-$G=-z%le+9>cJh0*WNGZ=pswQFpxl1lZm%reH(RoGpS@8R&nl_&056 z#y8MV6W;UmyDU54Jx9NH)A7d~&(o(jl$UJ?L`aag(Fs9bDakZyDS!(%ETUq#7!2of zanX*(EIERM9Cb9`guavxv)V|p6NlL}x9%^mPJ&(89& zFG~dD50|%6=IGEI(fsMPI|k-APjmx0ab{pg^}$UQG^ztT$rw`=m-BL2zgJ24%6tXQ z@;yNX5{xW%)+}PnojYe)O?C}09_^h4ZD4Ab1ye-YnqV!`kTyE+bb|lO*OWH3E4MpP zWy|(C5V_1ywopSzW(Amo=sOGY%F|sdLd)?bqinf#;be9SY&PaKA=oZ46{2Ej$cNz5 zrY^?fNAiqCHX*~yLA^#P!5xGr>={tn+5e#kg1%7@yN-{O@@>$>tR0`?2PBrYc`PRJG#&VWBtMEB>-)v>4N1i)7py{dcOCsU zqt!`@*l(R{)}A`60hXU_V_1HkrD7`vedByXh!w-CZjxWGYv<;R9UZ||gN~rf)eIaK z77uMIFWUrvj3}~IhBk44_(E2ft6d5_pCs?R3FeTB;_sb=|Mi~wpzL$GdifE44BQl# zi>ES2ah)$Q9<89Y^(0KsWE;#TZlej#*hw!0meYHr058IKY%A-6BYyex$32GF_#BQm z{uq8T-U|`YHX`IsFJol*CZy1=MENvp4bQ!{7!HrGp>gn~)>6i_!_XB_4H&e=9yiw&ZO?z1YqeT}nbUSNKR%}bG39mqTU2_8e&7dchIGXT>f_bppwj)Ck79w6 zmFNc|u-0HSU-J>}ht-Ov8 z`8bmZ6(;sv5w1Z_p%E3Mt^yxrAZbL!va7(`Nh1-8q6=(+O?K+cwD4St=d4qVJog~- zMcH}zv|R`uu=1z!Cm5MrgfEA_Ry88FO zT58ZnFlzy*#Lg0U30(Wzk@rwHFV(5ayI=eA{`Q+g*F6nxGo1Hfg!NbO@=Ze~$IE^} zKbHO+J>sP!_K_3Rs(4gd(L@kSI)IP%=#Wbpy!J+%pe6~HU*I`G?e~>9LG8y0 zXs-jIVPS~zABI#0@43y}sXP|~6fqlA3Y?&J%|$ptO@QB8_gxEYVNmp}3i|Y)#tCYY z=y4=MM;-dIae|sejGFGApa$g;u)f8%08m+t`d)2iIYI3!iPtBnZJH!($#_gU+{Uee z<~SI&aA4UGM;q!Yp_H>%e*KF*VM|Tg6+nBuWsg>wZeH8zMxM&`#72TP-5Ndl#@vKL&sOKyxVqF}qvVN_9NpY8l9Q%vDmpQ!)SaDVpvErat7;W>fVD8W` zdj@P5hj$T%3PQ2Vekkt$%;SgW?=Vlb-4I*Pr2 zH>x_z#cj|^8(MJR(qk6ZSzi)p2+h?va|P#{-~2ddX`GG@PL&tuLwYUnRHD*z0a0b$ zi763^JR3#Fe?-Z_Lwsy$#1{?-1g_E;@?c&dxNHNSao_tI;dE5|v-k(89EZ$Mk_oLN zdzmX0jk$r+qfzABk!`MZ|5>1uh$Q5t$2oW**pmtjCNhD=@Y_?JaWj-Ee&&8GCG{r| z)0L}qseFgttBAMhZG~oFeOKbk-_`V=;n{Wzp5uu!C{%gbY*_n3W%_j)3z3A6qLe7` zxTT3)&Kj2&zy|=u@@;sj2qiG0z`H)^uIJBxVZ2jOUREJz$5f~TvE-yA3@A|u6j$HR zl!xrLSSG5cq7gwNtvgt#N*W<@a&URs?bb=ydf*KFutL77-;Yp-m;;SLeaR_HseIgB zq-ti3IC9CtwsjzA7(%jDT+XYnRJ5wBmr&1>%j@`FQmROO@v)E!t0Wt&Gd-jjoa*FM z@+5=Qs*^pW?j|Y9^5UN;gHj{B0#!@+f}h<`E+f}i&${XO#TJdaJ)K7X={`1U z1(;}|_bk%fs?+px(ln|x6f|+vE|HSVlOJ94y}>Fxu2hU{6tzA-k7El}X}^!n3uIoS zgS(@H!df&{^XTohtF5k@dQP!j`Qu1E#-Td@WfFn{Y5RRCeF!((i1}4AeDmFTI|M~q zYORr^sxv+LhExH1l6%kXfA95>*w-d;AM#;ow@E;5RUoNCRD<gFYLzPTC?4~Q-TiW}9*Og3kc4V+=j&yXX?w#^Q=&Gy_uV4$SW2z`7 z7b2Ug8y%(n*D{io8Gy0?a& zK^0VXdr7H7YN8@Fz$UeRcas!@4Hfj+-7cw-UQ&hP5f5?OXS1tpuv8)IqbNj;waAE2 z61SflqP5U~SCzzdax~19AnDaY9dw!kC(ZFH4dta(=h78(_ld2v&^c$hTBsD!nNdne z*pFa&+t5NYS1S%(E%e4+9u?6^P$1l;i`%V*MoUs9+x-;*k8DrzlK79(XG^W_$meLG z4hlqRp;NG(0DZC;?dQ=#46x4nJgXLxxPv64M++T%rf4BXD=j2a%i6XzYfJ*eVi3qEx!MYQ?}LlNaU_}|YKd=|BNAAl{j=1W4=Qa1q@X2#P}DdfP4 zk9jmFmU}qdKYQdkS!ScgL<0C*tcA_ajMAOSJ`7L&cI3Ux&Fju&FKA!h1KqstOm;6P zZ5wk8NUb=gTpVl?4Ai#WRmxxfb)-fymUxJXZ2Nhe@h~L68Pieh4kOdV~bIwZO>!>!oDIk zk9`RrWq4wDJU81s_T9GAaTYt5dML{Zb9-m8=$wbY+z}?WK{vBrGUi-wgLPtWu|%~4 zYBAUAjxwnc_qhqGTOQ`cf0+^Zw1DI_)|pSqTyGiX9?K@@@Tf;DAloyAz4!q_GG)3* zhES7I1)O{EQRdlJ?|VdV7)OQUyqF?k!|=)Z@HP(zwV3(VhZceheh9No2QNn9YfGaZ zz;3W^(nzl9xYLU?6-d#tg}6UgD&Pd2zJoL1J)h~-(b6pDwYjC+^S3m&G(S^?8nWl4 z^`ZL=b~p*2>#$=_b@xmj!iq%`>Wb|Ea8X^X+sv1o;wB>ZA>UkULU(?zF%RjKG-;%X zmfeRVEuX?ua;z8c`ASbU-AzC?)Ve2m&iOlGy`gmy7*NapJFEUKl_+C&d^UbZ^DT?P zEsa>a+6!Z>cM#KHjM7JYNeuugWd^x70A{cPCDPg65p#$E5yPypA8Jd;6XCGTuYOeA z0Lg0yF~-_woLE9;)s~PO;7|agwrL3&sz>FH44j;t&id(v`Hm9gdu|19dW$NCKlW1} z4ER-k)iWz)6RSv)A@(6m#@X~2VO8T>p^u{_=+mN-TR&dywpbDCG1aTDO?YPz&isLC zIwTg~woCB6wqQm&I3poALeA=R0eeD>tFz!o{g9s`5YTV5o?8TBc}X8}5Hy_puv(GU zaYdJA}Ibg+#Opx5ge@}IF_`4|%{>}z}!uR%0_=OBVMlCOR zW&c8sxf0a@;Z_x3fKdUXlC!;{*&9d#jzOz#jgAO{mbYJjtuQ;odzfFV4i}7VLK+RY%9-2FxS zLxOb@1Ts<0p_$Q>hk2OCY2$(95M(h@6t!kC-^=1JvryUVG2K-PCK%%!-6?k=I$|h! zi5K)`Wbu`IDT0i0KY~}I+)l<4y`p<6;+^aRK>?* zvQ@=_py(>KAP6QKy=$RF#2BW3PP{|zu8LGL4|B6J`0p$gU0=ZT+T`W#z_ zgynVo8z}8wDX-ciA|I!W6VjrjoA@kmF#Tdw>goBoivsO0hJkLjaDe=r*I zCdIbFz&qMw_CK;Bug2rOJkV-G^Qnz%$<(BjbsMf53|>^jenT0M);blIhH5g zZI9*4yr822Y7gDRxJpfi@7CNks0F7`Tm`Q{!Dc%J!<=hB|9HC}fQex3w3e#Escm)M zr#*beU9Zb0i`W6*9UVt@McLm;xr5R5H)D)&HoB5kdMq7Hq7a{eHDJ_tE!Ks{@CfRE zQW){CLGEUt-(qSfM_}h7cSC3f^Q2Hf-4*{u%nONG49rwdC;1dc6gjVF;k9xO34{~+ z<_Gap!VnufhY)=KuR~*RM@ENv=Bi8zP^!-^Qk|(z7`wR>SO#I%qFc&RgwC)-D@$;v z!Bn8(0M|t98azyHA=8Y8HOZSblETpha;S=? z!NEH|R8PGlI3n$<;tZ<{5q;#fe`daV?HLKerDKu=4$j=F0((V9!1L{EIN+qQ$?8q+ zGAM|zNN4g8vce5nnf@lP1{2@_9Iywhh_5bB52^@#)r>EkO+}G?@fDK@f1e(c#?aS| z5RLTkP}9xuJp8IJy&=EaH<*lkm73)gZ~-%OT>VP=ZX@l4fKIF5jHG)nO|Lw%ir164kzNL_-_% z5Qm1)N9=nIp$+(pANf=+SGHvLfU{bri`rd{YFv%u9Yx%q?C4(^T5%)0^(xduONO_6 zl$U*kuid|a1h`&J4V*uhFNrabV#jteg1Y!4CXehur^HBCz>u}fO8k-V6JfH3hc-ld zRYumOu62g9CxK*!w*^#=Ux#xYQdc`Mhae_Z>b&-Md25~u#M2@@Qr9@Kod`1qd?RLj z^Qmeud7$Fr|~`|@7l=5<%UC$%r{U^j1`;{!H8^0w*6b!w4X z{|*Fh!ut0x|N3_!gFBDM`nM$b?+EYux5f2uWNKsmTk<@Jc*u>h{tX3)bu9pQeA-<9 zmY`mz8|&W^^4XHs>)#Ub&$He2?*R}UtN$VnJGZg^E%EmHH@FaS#?o~={J4bT1!rYj z|Hd>y*1y>mrANJgO6&D+No22oA1S2&X8n72z;TR9U$5+bTz{?A>)%y%jsUijPsroD zZKvZHaW(li#)u%<#7@5LD=@(seDaQ5%)#NBHnLcEl!?AcL*HO`C?F3|zys`x^~UV}muo?Kf6N{S zLBcS!k{_M=jDIt=3aXTya#nCShXKl^XDFlj*_<3S$xbD;2Zm&jhs#fpSwuEb%|}e`7-5}p-QTp|u3*6xepxwg zkkPXS8>_&GY3&s7gPrb`sK#qdu%5!Z+7Yn&$KO%*M$LaJiW$WkAZ^9fM}`~~YI zYR!=>QVWkmC1Ucbc(E(ONNd+c3Gx{eh>^esMJ7yja3~H$sBRlzGK+{nwSID?U;#bM zJW{av>b9j|TvaP6=seVwf`b`tOP$cNO0cx3gREh#XwBFLt*_^|qBU=bORIs=URvK7 zwBCZBn73R-+n{x0Yg&U1T4xI_X~3<4%up_|Bt)X|HUL{3Fc^Lsk0bx!U365@lq+@7 zfV=TS-~Z~4gbYIz=16G%>sdxZ_o7O(_yPFyUg+j^M?z<{FYn%NUUww4o0B(-AHY9@ zY8*6(l93%-g9_$$hz4krEL4A>_jd76Vxf}6N3GO)P--lrwB*0rA zGsi&^6gJs^qnIOvf>g|smaItZL>RyvdR zpN~ndIp}eaC{rhbeu|y}lI&IRc)EYMT91%QlG_|1J-5wt6U}*-z1z`Yv`{k&R&b_A zD<5}w2lRf_UO{6~wRb>2SmlP=U#N&(uYlvO;LK|&x*INVQPo&u9roJ~JW+fZT;7%y zMsCoXDjV6sk~ulJE$L;Xv^Q1qD``Wj6Ewb>x&M4QW<>WQ0al;Z;j|K{@(8{=m%R;# ztMLt(9k1sWcKp8EY7c(S?l#C$fHa?qp%jVMSQpL4R~mJ}k>VnkTpVF=v6FC7;Bavj z0d|zYTnF_m1j>HTr5Fe4ajUsz8OH&OaZE4&U!S))Wh}R_*$1VvoxmKD$ufSl|)(}-Z{vx z4|`|Phera=qxQU37*h7t%eG%s%F%ihzi@d&L2UupQI0CtpwawthujO>m-`SmciZ=@ zw@XQG0B;+tpXO0XzJ~%+N!lw^P#N#l{u|2MP?CFI!uijMRFe3YIafY2$PIER;YxfT zQJc*>StlUI){Fc$@Lp@tL55Q2lGdvWB+Bc!!y>2jApOA2n+yq*_G})Z9&<}~ zR}URZi?MGKg=++F_~eVH5BRhTpT6MJ4t(0gCmwfD^D~~XBa$O{a1JpRhQLYJ@}^EB za^Q)tBJ&_=nLSV^z7)Amif&9n5MPQsC&eyI@v%Qe0cM~!mHn9FMSqGyBgGJ=P=`tz zoE9SmcX_fH$09}ZjUFaSjObGteYPh$YD8baXx>)Li5040d-tS2f?vVtT|Lp%)!bCd z=xK zrZ()ee9{c>mKCsUMeA4}V|+2$*Upv!3c?47S1>PDyq-PZG!fiG#xJu&TA?rbZ%dD~1k$egcegW3d!n*tHK z|65kgrXSEWn`?_e#W1X|PUP%k13G(4^GQh9WW9)ln0kDIsmCXW;4CH_Ie-6iLR$V;D# z&~2I9nH3*tQ6C$uKW1S@#4on{&ZJP)+nD)jA>g9Q@GpwtUsRI63or0+950nP^Zl;9 zsEYxTLa3bS(JQrwvxvH%L%O+VYELJ4Csi7d0b{q}OTje9`{Vy!&lB(2W<5WHZ}IMg z)?d#zo#)o`Yf=sEujiwXSJ(3$%xc&3-7|GPubknnXZeO6*wt?}8yURw5Lit~ zkW=ijnoIM?1*{{GsST?sd7eT%>d;-~dudNtO#v>t%e0yjw9hcZYD&nDceb{g5^+0> zlgDZvj@<%iF=aKgoLX_9#A~a07`Omi?X{XhvGj;6R&xd2{UIkwHk>qB^I@&5=JS$B zTg?~u5YmR#%r>j-2e@s|YJ=688=zRh%;oqKE#s-#Kjey$Gj5j?~jtoJaW zMkyO%G;!lH{UkP6G`?Tnf2N}h@b&$kQl13vSD@I|B@AJD4oMzI&+xt3rh2lnyFz!kxsyI+Xt&4tE>b)|e zOsH70oo}JEm>=XW0wJGrZWNoTjbLJTt(_-b66yRI6N$nS&i=}7*nwNyjIvc*-$!(_Ql%W3}VrWhYc>#(1^9_kOb*N8s z{uQGTwXHdSmUyi>|J+5`YOm%Lio;+++?ktR51gf_8k+N&!L2msjfylh5v=NTMfz_v z=K&D9ZEMbVpSITnx2-v!YCD~|E+39#3j`PDZ8IlIazC)V!8)%=X{T|ZWXvqCI+f}r zDr4?nl%_-xTMhQD31^GmwO9WHvWtQ=^zI%88eDp)u^O!&Gq`mml*W~*G>X5l#v% zFI$9b`LK;69*SoAg9Qvfo(e9HEDg(LSfA(q=3yc z;$@4Wk)55ZVN=l@Wgsm_`SYcm;!!Eiu$9%!kqS766FfBz_T}6eQoilM7bY#4{d_zT z^b!-4FAB7pkEt97?mWO{b$NZJ3njqg@_J)$t#IcsE)hy?4P^T8gEgIsf-~kr{vCf` zwE5tlq|JwiX54%^S^*8N&DIQMwh%zG1;fnC2il6(E3f5sT<8nnr1r`=d_rC<%ob3H zDkTa?iO>w3xmPai@Gx&;QnZmudoXDyWw;x=PP?*d4-Y~)@U7JxpX*C(4Os+MYg4Bz z&SEW&$CiOCGYNm*UT$93T6Ak)-VdL2=(^V8?Wj#R%eSNA@0G16rcwB_yWds}VsQ0- zuoaTv!5$u4(X%^j#e2xqhOLl1$L-*=6{q!rtq|a6XPUM`f?htruoV)LKq9}bkca^X z`)tKp8Nsw|D_)g&Z7Ujk{!g|-D0YLLO*!;R%De{$c9aU|z9~n( z@#Mu-^k;f`d7P;ek;Ndg)aq0NBLGzroz^8MvQK&0;@r}{$w}U_^!DbT!u%>ruF8T_ zYkgV1KG9SB!xTyGdsu26@G`$+h2FtlwFqveh+tzLLT~0tDv8M3^0E*w^`R#j@T3GB z_M&qVN~!WQ^p!CJf^LP>cV-dGqOhlFYlnm^=0vS8uHmMN;0(CVI}G67xCoMgfx}mU zgcz`Lwdteu3>fb?SmDw2prRk%2;Eu)|Q)rt$L)HVq0>rlEi|V55GllpVLz zkQ>|U_;XH9SL4fgYb#`!9PuDxC8`mufk?+ zo0%SnBUu%P-M$wi5?ke1YTTcQztijZ_gr++;0*3JaNlp)Nj;ZH+(PWl%k)5Q6?mQm zuESSX^?otl0gp>QbwhIV>1Hrjskp-4(}ave&;&InR_4mhobi<--R0gvYyoxFQ|b_> zlAaySp$|9gM6G_)9NEGZ*eJG>{!l0VzmQ(7l-txSA!WT!&dTdJ6hcWS3ZF7ya>ff1 zhqso-%t(O`J&E2Jj19vOQ`cuOw!a!ci(blS`E+X=r31tZs14xQii&?q{Az)-DF~91gX`xN?4Y0QH2g*F#WLdj}|=tz*CcO>H$Egg4tC zSDzerv*Zzf+{}&Q3$BlhlMkJC-^`~2L%33V%X-yuF!mW(4Xcrv)%DfiTV_D5yos=e z*r}{_Blf%1YK220g10Y{C{0NX7*!0HI%K4$S36>1a-OI@Rtg|r+O5I@4#U;KBDu}u z5F0XLZ|rQw9)i=+nAdvhHcnXZA%6}Nr#cO?HPq3^!BJq6(;^4sHJlJ;u+ne@fsIkA z=9tzC<4w&d+FkWfTriIAp{nlhdIMY8(;M*d!;x;cH~i;V2+n_iYQ!GqFgp{me(_5-h~waGD1g%MTVmaDQ(x6Rc`zDaDw(VE&6AB=~$X_M(xwmz~u=CNIBeTmCd7& za^m!|b?gC=o_?O!GI}JbMg|Ct5l+r!h?1a-9kP!yHGTQkq}+73BhVJPS<*o{ZlcJs zq_zU)sv&|g{j$qCQObJO- zYhbnpWV7q4x4*6)V~WR+A}i!9#?C^lYUqOS^c4ZrMx`7or@Rpc;7&O;5k*bpxHYk} z0XWp*@h|{34>h8OIZ-E#5(h_U)3$bf#;C_}x!m#gV?f2bClLBDTJ@6jwUpyqqC-mS*)8vf8tJCQiTCipDs&8VjZ7_rxf?tu7(-ea>yK(5J}bD|V8ieg4F*+}(wD(&YI z&G@BWobzPlUwsSe9tg9o^PfaIeub_`a~l&xG{(50E3exzHPMl|g+K%K9HgwWDpt^f zZccS~qAL)sHi|8}>`$)a5Nx=BrH4vLuso_p<5jv%p(@D@ zQ|hM0Qi?l1bw@r?OPvzD7&9h(F-g84GcJe0jYn}Pw^*d;%quDP6u`{MLQMu=)~fXH zEhBQS+qY7<4=3iZ5G}d!mC04a+QGqk5LlT(qU#Jp2Jy28apHSLF_c~h<0pgV$bQK; zy-bY*kZ{y+g{P@sRDaRbX{(*`QXA{NwUGeD=KeVBMT*pY%-FC)wN{k zi%~XjCFgnUt}58tI0;ES-;4$mo9EMP7HOF$KRWf@mov2l$;84&xe4L*u>-*cg^j=Q zm_9m)<8SNZqzwOtN?@=&mvfS3)l8Qva+`(8s7 z>aC5JdD{0wjHv5l2QU-bmcM`{hL!%%ZCeaYl)OHU+`1hfk-33nr4Hzk{G7E6QPhhZ z0aA4LmPPA?NaQ$IgoMmruexLgCV%jX&`Tp+5jwyny%(ne?z|6(lt!EJ{um>*DU_EQ zh#y_*6lNWU`t`B>Sq*3@{>J4{8eoc`|N0^o5;TK_)(@6%mD!K#Qfm1JZNgkSz19zM zW-Nk=5n}~5-iE#X`X&G|9m9$^rH-> zk!|&(6Q(e=>PNeCH>mDk2P0hDnqaIHA{H&XBM`yYg|^B(`3Up@N?I?~Cei@+VHckq zo560-B>vk0MDt&U6ZmKyQ**EW`A!222e&?$e#HjN{a%=az=)s+W3P*;=}An;6o2Ef zFGYEXy0gBo)xDpA!E&DNgA!>?$VGR^6my|5b)fX~0tO|jJE<7HS^MM|EOqp<^gBcq z5pV0ah@9PmR>a%czwiy6^`cWzSe`!>%o3#p>L#LhwPx3(-5jcbKwIkbtHb~@`vXH;~P7{ zR$J4nl}f=k_Q&KH0e&o#7Qp0MlIT_lEy9kH*~||{I89n){g&Z)K`or^=^v~Q0}Jx$ zfGcj9Q`8X!v#q|MhXHziW+9QBqY2pF0CmT)_P6%F{_*zb2YYHpR><@hS}+y`PK9;O z3X?J4==u==xQx}R#VX{p#g32e;C~vpua^~Y)Y&|};xpSi=Xs~vE>sBQUfUi!6+*=D z5Ca2D{_rY7-vpw&w?O*H|4SBe8s$`HBzSWrMNLDY1#_bCKRAesV7{n5O2N zBA`;u!PwKtQZJXou(0PyPR!B=J?lu1I`3G`rPRp9PGuLCgMEq#OI0)9s9If2T0FG8j6L#Ya(nv_-;O$)40zle=mD_x!|Hudw z<)UYFQLY_}8nn9+MkR`0ek@d-V4`4GtJ0~t!IQsAF}k`|0GGEW^r;5T_v4X037q`v zPx2L7h{t38;E@K@DJU?OCiw&_MXO|6DUa8l@gW>?w#9n=R>vPA;CSAxoM8JyY%}j2 zZr)rc@67h)J;lxI`e7XJ zOYNfN)0FB;J$w-SF#dr|ZTMkGo)qHIXs);OTR(q`Ex`od_af5|LxP5HZ}?$INInwz z{V*h=s=MolF%>Oijh5k<_QM#49wJVpjo3+n|FA+MC0_esguw;aYOl|pP@Gwq#Sh~h z8K0Tn&VO}o<%dx(iL|%#n?DKZzwyHui6TL<)7QR@vz_*+(0&-vM#m3>;wO7}!^p07 z_AU8=L`N!-a?S*>RIigb+ij=(i-Rno3wg3w74ofjhfI{ z71o=6aPuvUm3$qg84V;K#h=t%xSp^(2CSF!IZzS#(&N7aQQ8gGugjI^oQ0Hzn_+oOZP(UKL1*3XKSe>ilzl67;10Bx;qvI=DUBWwkMz5m#ascRIZgf_n9Iop zbMfG|m?NU~>}f7@$0i4PnR|a_1xYTOq3pOK9E?ib} zY&^CLD3sUnFV2o^kk=AarY;qZ-jaic|A$fqa!{)0x^1geX)t4bG~O-Mxa34{sq*Yn z$??#N2djfBmDI_WgWVEt7|Iedr7mHPDj{3hKZ)?q4vwCnM(yrdU={nILg%nT!jW92;g(FHn~dEye(+^JO( zfi2u-lBpDr_lGzr7#R@X>I#)!DXk5o$Zo6mlc^g&XR~^AKaP+8Nbl~mf@h?Z!z7m6%e*(T^yMs>ozk*O_vR3gQ2~5o!&0q0Cm#kmtLZy19T%=7 zAVr3(*HkDO3|CgqRU|EIAb{|$f-&#ineXLtx;eZ>WDHj+P*L7AU4l|0R!SM1aS-1s zrOb%Mvd|t9ppHgA>zi*OOckKh5Su|h@vl;zhD&JK5cL+maKnj}kC7ky9c?8PgUJ!O zR$k`YmZK{=^bIE@FTOd}LS~peS;fNM4KlGbXg`J^JLXBo++fF48ZotunPA6UZN$9E zn2;TFx)HOEF$3+GBaE2O7}MR3>1)JnX3VePU3lwk#B5>A$9Bwrxf-I&llKZ@UbbW2 zHDbCk=5dJ$#%7@+MJB)bEyrm(%IHscuZWckEh@{g@K}>q96*0uatB}-i}k1U=aLVqb)+Gk$N?zn8 zbfZD&PJ_@@By^D?gtHZ;jjRYt7?+MEEwZenaJak$XPidpo4nAw8_A0pnao`r;d`fI5khwBtbdAQ!ehOQ#?vtH;a26WVbP7?Z5 zAM_+Y^o}-kh|sIO(A^B^{s#0rg#PU-FV~&@&^>JEZ+-*x$6n~?_HZlYHN@K$ViEdb zAM_HG!c!qT+0b_o`Ufxc83y!K2J~NqKE?-qiXXbC4Sfiqx3BkTmA{Hzu6r2JyCIon zed(=`EgVPlfccp;!M3=u5rOcN)-(5N}sV zDWU)AgTBoVy|WE{1)*>DLLX*8k1?R*gx-;vL2*76|$=hy&PGS>%7oW1NuG#Iz#Boe9$-fp?9;P&mr_LUg-V?^aumGLj#}- zebB{z=-qAT976X(9>Wm7wyRqqpZ)As$Us6@f99=_S3t^BA;mWI0%T1d<%Pb=fSzeU zpGxSne9)Krq4%(%PayR9Ug#bM^gsjpDnhq3dASbyp%1a4H~$3aTfERO?BZ5PBjRnj zo=xcg_@JLhDLfT&s0}@b(2shd&oiJS2J~`5kM=>I>4)Cah8{-f*Syeq26P_-`V&Hb z_o=r+wt|$0>%KPhr#}MvM=$iEo!tsaA>OW#&Z_}^w-5SJKXgAEdIq6;B99?_V+`m? z26R6{5Ai{V{m}hw=zR!%kQe%gJ}%dt4d{`C{`eDbg?tNAo(kE^hJNb@K#%i6-)BHC zLA+fdlL-AUAM{;*=)G;|YYAQIg&tu*pJG7A2)(xt`fxw=02{i9(D!P2 zt``ydjgP$*@)1aRDr6rUx(->BFMFY98qo6$=uZiKwGVo_A9`OK`T|1#;)Nb)Kp$;D zcY77kJ$=x7`Jo5e(47d~4|xpXYb;KEQ^?7U7oUzrE0@UT%e~ zN4zc9&l38H54{yq3sRm6InaiFkkAcY=t&0jO$PMGg#L#QdV(K%kPTfz= z13K^;pnv+n%XJ4o^qDsFSKk3Th&+abEa~Z1$Sa7qD`a;<-|vHd9HsD7$XPb@t%Tm! z3w??KeW?L`7@?2!L7(J@KHG*qkkChYp||Yhave0FM-%#s_q`SJBS?9;KF5Y$_bs5u zd!gqU(9a{@u8<1|UEzbC>xVwqhQ5K&*LtCkHlWWmpksvI-v@n!ANo8SdN)Gf<%QnZ z!>y35n_RA|2>td3Z-smgQl1K#U_-x*tjVXn(6<@Tj~dV^LSOHLp5=!=--f<~(64!+ z2OH2~1A0B7ckw~*=ZC()hTfjgUwNU|@90*@x6N*a{7mQ-?|Ca^El7DPiT3fYs;xBH+U_Cp_OL*GK^pA2xyOvJmJ<55}e(o5o3`k^iPg z7JC^q4lro!gk)B(qTz`74t^RVZ0H}q0(5^b^h?{j_45wm?N&XE&G9-*7ocq?QxNEuu&FDbF1*M0%$FTKzY7|_ok-mZ`z2p#i5&+$Sp zD>=@FzK+m;d7+OopieWPJHG|!eSOfw{Lm-b&^r^l2zd>m4uD1`5bVPhk5Dz)1Y%V;_ccA5&dF?jzeY@ z`t_~Q<<3Tf#8{Fz!%L#KL1K_W;&PJcph!3xrbjCh>MZs0raZg4Hhl&fHvs8cRXbTS;lFgI9}Hkj7J98YdexE-`4NNn?bM#)(;IDOp`K! z1Ujzq$nF4xz)=Q)-biNcs0cU`+t*KEv>{G8L_f%j{#qxuiaz_)W&cE?SHCV*fPhHGx`l(xwE ztG~seLbD_!yY#`Oh0)5Jqghz+R|pAeRpEDv;S>gT$P!+= zmaX&6h=sXp`x_E3J(>H4bx+XVQ{ z;XPJ@_NO*&Tz~$KRT26ai2{+{IQrpZ6v9d#j?yWWRNDZjY#bLc1`%Wqkt3YQd58pe zP2m*-;8q&?bSwXUvNh0L>2g@?aL7vxBHN)c|SW6f~mJ3ung=#GY%KW z7BTX){$=pwA>_IBh_YkfOVA4vF3Jg>%~#>s<*880%^RD2PSw`0XJzr}|L(x7KK=f@ zFS>bMpZ;gtm-iMoZ=SOs;5sL77N7opRm!J7N+0{GG&`>8(?6TRXMTvo5GBD;s5Zl= z|C$Tn(|;2(wc*n*d72TAs&;+)e@7oo3GivSux~~>5)@}L6?E~(-$AT5V&}-Y8&$|) zB*F;7b5Eh4}4uIC*#yPxKNWAvxF9jE1tGzz`Lh;!q`-Uslq&|nYWq+Y+ zoUORe2RLn#S0qA)#f{&xevm}kr~fy02nZ=sz+a#Deq=kr{Al#^ZTs|(IYax|7q4}E z`ddjSq_%(C>Hhv4-UHEJHdyN`l!N@|92mIw3vT=~2M+T8M6ck#%ztvxk3|c?Uio%R zuFI31h1%_YUqOv3RO2Y#d%b|C2p~@5T{r6os@$~aG~W9jc247kpARXgwVO3|3Z_7T zui_TG6faAyG1a;5X}sg`;y;b|qto5fc(I>tkvb+Y^ClEJ^rm|t?;Fpf$tgSVK+b+3 z?@7VsWlO9+BWWnqQ5USm*(e20IDx8tN}r3H${%Ep3?KXhewhgzow60^My38kh8&TZ zC_;sGdkRG;FPm8sDFFjGRi&g0HdmD%EY&$!!Kb!!j>SFB#(cty`3Gc+c*=`&$}(=Z zi}I|O(n+nTMNPTOtU-;PUYed17%iThcBspFUdfV zkIRXQnJ7pL*k4Bp*hCxbS`Qe5Qym#YY?pnEZ{ znsMrUU);xuF%Jb5+1J=oxEA}d+7s8zb~aCPuKeOdz!&FybJv<2`1Ee^!vC= zpx+-vrZ)7uURm6^`4>MCFEoz^6Phr*aWlV(eHBxu&wo; ztt>ZGBqUzz_j^+RlYSS9Z$ojnIy-lFMb*&nqt~_4?>i{cO^}WztG6QkH~M`a$lA8` z`xWDC{r>hg^?Ru8bky(cj*xD!W1q7QRg_=OvvPSoA`P?F$~;x}z1nH8CWemB`;|KW z9CR4|%cNv-5<*E^>-f!oNdu)})UYdlPof#Rz4jLm&~*ZYt#%I$l;JdXx`$Tdc-p*3 zF%%>?!~JshG3h)(BrZH;jzTtWUB>`nIcmGcx^u2$1#n(D)S7+5E)Ly@ND|u$EJFH4 z)^SgZ6<8oIC*q|d^cc=$$Gbk0ef`O_0#)T@Re@4ifhtY79wr7>;IZKH$O2I>^-EA% zZF7_rNZXVuPy;xY{dA#WAsqzVzIzcYtYXOWE!OYDwm|eF?^Py5pT$=i=HRxUwK@1N z5*zh@l(KZJsoY@f8@8=|W)AE__$8|H8FFO%fzq0{u{GT@f)53(eeU`kAjf47a3&)r zPENroZ|ZLQv3ir=;T* zfxrr@aPkT(ALYd%t(PO_vh<|*$}pxSE1C+!Is6IAk5wFBu_6;Bv61mDsT_yibkNJ} zLo)~op~;KO>6PVmrveRaq#klg&&fQ=>Y$x`;0321BK?HB+lRVE$#tOjBJ{1uC21}- z(&Ra5a*?KaiojlN!0sVg4mYxNaI&oVQQOP~R!<{AzLQ`H6Yz|^*;eo=vwfQ{khVM0 zZlmuP+ilbw#!w=R5@QiWewg`fM8o{4V0CyX^|b&mV_YJ%9D9`4{7Li2K8&Km{PD@Z zM|qp}&s9LE2iU)p92@5DS?-2S1ljDLFYkwAoVg=5sE?E;9YB*OHd?x@C9uXRkEEq6RHe7AqH(T zGpx5yjz@MBVlE4zHj9D;-#ErqXU6FhQ6oFsd7eQYqeQvXkcmiDSf5o;RKtD}#d<-N z>h~8zs%Ki~A7*!!n9=Wl+suBicAlQ;#l;)y&?}xQ;UF^YmC)aoQ$kgAcSa|0nHLlZ zR)26R1nMK3hx>mW8hbk!gKBhIvob1G914)i!XE#ZZz`7cocI`PR6IR79{HtW{LdAk zjp%XM(H3aiYOSz>6``-0Y;rj^OKuk}+Zc#+s1JQT2{W}{TI8JFpHoZ0vnued&tgE` z3$^nzI`=QBSDc8e5uumPaIop%;2j^b;AKs{Bc1C*UlnJTsMkL7+CMX2z4nX*qh()D zlEA@Y%aEm4WCWz+>&a-D$y3sA24H~;;w#dbJcO)pLsq80$*aN1oq^!fD+jEIuP#py zstA46jL}O|QDk2X!-(+r>2Vl%=>OsEe&B09&;Ri!NRu?xL{&xA5;GH16IH{^2h~(k z%|tE3G$qSa%q%g|FwL+uCCf4~Q_M0{4O1WSu~brxBvp;fOw1HBO-$9vLdDc1GtKY1 z-{;)db)Dno=)S+t_q)eqm7Mc@U+??A?(2U4&p97C_p64-HT>uvYHY72O2CCLh40V0 zQ2AHxpcx-3f(9C|?o=S|%*MA1-&@Ux3iKFRbf7`v#m)b=ieCNhV zgx{G}wV6KJ-+f#WMxBYc|AoHhQ*duP;-DGl{52viL$~H3 zRZTC9aX$B=!JI6;wA1$-s@c3e_z;~#IiNd5Q`g8|&7yOtNwm-%&Y_%TYUq7xt6U>{ zpGu+93H%s+)1I6|IWLX*y*h_-Ug=24_Z-T3W7{9)9Eu)qrtk2jzYFkp4wc}%?>UD` zqE=9|4$%TG`u^_1xQle*H{T?cK4xO5@28u%+xxR4;2i1SWEogF@hifaJJ65fB(Z|-w= zPOt88=uz41p)bljv)!(O68bSHCXg3Z2;k5S&HU-@9- zG=1=FZcCdd($&woBdsx!C?q#rnu=!C4-`#0#QzsB8}2+qVh z%cHNcqN{45^o#F>v{g^~UPv?TZH%Bb(00##A~EA&6;h5WeJb8}v|>G)d@cRF78PDd{r@yFf~ z?FYuuC!|Ea6+m;xeX;DPW~$Pm_gnW-?YUoCNG}z{y-r{BRYavmbwRgza;qb0@QbK? zm(UTL`JyiBFMm47v4niupd~LUNHmw=+O>0)&_*~v?(N*1w*%%6aWe3@r?vm%-P){+ zw*NtNARqU(=Wy{&`mHkEOz=#4XrGQa7C7723iHof=5=>VkG|o|Dr(|tH&AV=PROrw ze{u?S%=o|#uA?E+tT9fris^eB=s@?a{oc*`;3H47Mo>d&pKGGKZqbwY(!|crJ5Ix1 z$X(DOF#MG+&Hc0iWyFUY%KnQ`g^kzumee?}h zcCq`^V(r|glkE#T1O}N-=es|1+0&fwo90x^H!WL4Ki)A(zujSyWX7@3CdvKb&2-Z~ zA>Rz0Z<@AI8Qalwr|HG+Fim?ec+&I`UC^*;dY_)pmo!~+U&E+!pI3xXUD3{pQco{9 z=N0bb{KC>7xChuAXt`dcQ%E9*T!VU=uWp&?yhXo$#rgFG`jtL5*8QqYTL=0p^V}OW z(BW?u8bJ4(oz7Y)!%*E26dy?UDXOCB)H`HYb$ISlTFlqmFnT!}jzcfxzVzOxw(ytD zC#X6F^xVTvW<1`ry2|$S**fl{qhEYzQsge6w;y!+<#Ju5!Bms|5dG=|3wH;r?7)jB zJB!n%g|0YrocR<-EuL=|uj}TtMJ@i2T|7%IKG=Klr|GTtoFr57Jjr&ZQ~2IzI}ED} z&%H=}eb4=kHa0E)L3Y>w$Jw2qLYtbZX9@xmoG9=JO8~=rmhk^=Z}+3 z71+~C_s81)*ACC8v6%{?%Lrd~h|^{It&I-3=~Evv=|#G-W9pGUj$-KkQ)bIx_Ve!X zeD`lMo|ovcdRnE+)s@~?1JdFyjzg|_pYy8U7oA_-5<*9C^p%i>ahK?@ ze<8JoZoAuiEYi~V;y$4har50Q-py=&ak6(an_)BQ8?$sXeUPV_bYk*JpmQACOb-LB zrIVIVZp+x6+wsHC(vGJ;OFMc?y1W~@ye zC|WY7Ss$KMdGF)ex!$Ek^W#3u&G|6Ed}+Ho`0MndjX+h^cF28Um#c_or28&-v$-#l zx{21AKPJM{%7}n0`bu^uP}B3y{?;^QL4>=3UvL^|9+)w&CecDU&2$v)?1O7>J5*`s z`hsd7hovhe&a-C)aet*VmKb}+VzQWSvY4NBi5?NkPyFy1`ab$+@)PTFbEs9{uZ*W) zt}otil4|ZI#GNWg{E(iFDag8Xw@)9VW|p}|y>pNI^8`z1i0J?H($$V8nDa}CtHtRX zMW#F2O&RXBl{tVu)3zYlSzDH?Am_HV6~slj4?^461Ie@fA}xsF!*tZ@yo zlie#_j#v6*L1Kj0Dwn&OZCdRrm%IAvRmQqkx!kOhf|?9@o_la7%bnH|*Gs`Bt#4CW z=@~Nfuo!78&5tInZ`0){lS!LdD$xk{KEV6rl{((yDi8j&&AC~f+aTB9e-_4j0DsHo z$g*<%{n^j9>}Xk5uD?IT%YysQ-*_p;xporKjxLgn`jzjslW6mD>zj1#!~ylc_PTcR zr&s9ONq1W44%becWeVthN~v5s`6X>;DxJXpjL_FkoR@;j)wL7nm1Bf_ubnt=e6K>T zotWx$b-C9m+Cwx1hg{(Pb4TZW&$W{W&BpGtUpsNu`0U%@+R27cXRYemNp0zE*G_)! zAkVdvbsL>kyQnPvJYN(^U80%q>@nVryzR(?s_gP0&;93y6MnCq9K5qL*G^pKP+HxQ z@qAV%t+_#_f%(z19SWv76zTaj&pfz62TU>pDRbL-D81wC5A*1}odTL=T#tl1Uz_h-vDZQG_T$Kj-DUqx1)>eDevX2F)gLg=3iR3S%d4B&zUK5G)v?FO(iwnRDSe11{dZ}F`LFr@h47c} z?_j=9)Be8rMfcCi&U-)N_ss8$d%NFDa^BlV|8@U9!TH@>foU{fY3qJ*lJjB}UGGxA z|8xk=Q}^$w&ihexY~MJa7n(;g=4ZQs`Pr`VI}WB>vYv&5>AmomYbbc*5MDUnd6DjM zdXV|ue4nW4+I;6d^L?|8_wWKgab6rt|82ZVp=`pZO_hXyb${fay)ygi3A#O>_2)`T zjOYC6WqO4k`m(=f(XWkV6mI`0?E-~u};P;oB_ur-W zJt=gqBD>c65BiK*XoU(|>K*h^^L~a3YI5v)%74%s$7!Ljs-SOs2R&)te^>>jlA=$S zK|vqj?!9Ify5L+Ib#K59nxLKd{U4k657PU#`xKKtU12cDsRT_l3l*uLPD>?dfAfB( z1a&n(F7bNOw;WEM&m+~In{wk%v=n`aFWr^;^W-cBof*7uKsQ-!WjlUrpLy$3y2ffJ z!YS&(a%Y=lH#E`v>rB^8(%cshmeDev-9_U8wdh=*#`clM2Js4?HY+TorEJA@;I{^t zw|=1Bx`*F-klwN_e4SRaJnvPS;B-yF{F9&eIQ=)b!u&UI{y5JMi^JSM1kCT%l<5A^ zY;d30f5r4Bm_wHzqw5A^_qTYzy4k!saQ`juR}0On-S>B(J+F$8O|Mcu%#O^q@jE6J zc|}gM%zx?2MBPh;@OnqfQgmyt!l*X-BcJD8e~#gK!7gYdiH6wpHHW~(GurH z*%Q)JxAe+;d5h@30rVZ+=AZC9^EJIoDolWO;ji4J3UU8Jmli*!U+B954Ws{2UQ9sO z^Ant}0T}MQ5&p9`oVW7a>xziaeJ6sh>5_9E+HjWO>#OwY3pIH!&_B-3()>U{)9D{q z_%G>9hYU>63iIE< z`J+8Qn9?+_&?Dwe8SWq3&Hw6B=QWeA`A;@Y-XGgU{LC@p`BUZrPnsWs+*p0UiLiy`g)GXHvzoi`Yr=!Sdvs^*3^N+irT=&yc@bt`#`<)8&kL%zs zOl3Ls=DI@B)e-F;ido<^+T02^cRfr83QEm?ZNl!2m90B(w!^s#QPc(J`?B0wXv?DS zRCU(1|5a+Mdt1C}6`hC0x>w}8eR!w(?{vM&y~IXdB9)eiFI+u}+F>`r9eI^+{DD?^ zg>phobPmQh(WhuG&)en3<{#Vk-=elZ#DUUGpx>yG>B?`#o3{$oI>ysFDCJ8`^jv4w zn=55}a?muJ3dDKSQ&)v9Rd%K|yK`4bFL<`w z&L_89E`SLwXJ7cF#$^L}TU zRrJ2sdH-uG>Ac?w{Aqwb?{{7b->%O4omWm1@;&c&-k87B=e)m%^NHE?7{ndU`@1;r zd(QhGp;r6{=l#wazx4(<@84=Z1l&9`Va^3;)h^euEw`Qb|I$I8^Zrdm&Z_Tn-fy0~ z@_*icy_fy|j`#hZ_aE`=raM=!Jb#7h{)0v8hPjw)FMXLG!8t#j+M9>|27MYt&lQ}c zMNEh2?v8mx;tS3*%}-Ff)ER#2Av3$)a5mY4X=CV&)2{R@kC_E4 zgC4Ty9Q|n-=cNw((!(l@Ii|QnV_o+ibuP%1QH#m~vZ9Seukv*@`iGCJc0rb31r}&RJ;pF^2Pr@}lSCIU!^L8M&`2~8rAnRRaoRPRuXjIL*^cROqR#iMpR8=pFMiQ1ANL`B$0|K7Xz$ACtA|UZ1ZX8Kt{$HU z+n@(;z-^H4vgdm8va$_2MSm3lwqL%>ZjohW8}ut@**k87hNio>L78S_^X@X=ZO{_) za?WeC4RS!*PrSB4Utdq#pbfOp9kxNvGU3a8wn3jOq-~HB_=o?#+$PU$IWHBwuC_tW zE6Id>w?WPu&D(soLF=wNTZ21pgH}54d$vJq-J8ZkX7lkGp4)QP_&#ln-Q!@c;(GqJ zv6p+TY8#Ze>9%dqL+({KP<=GGdbn48mu*m&yKaN#MtQbD8&CS(1||4)NnjgP*?~5w zu7#gC`J_$FXW1f|%cN>6^eA<;&h_)wAlig9zjexcYjpg8*#NxlY>gV74FFv&e(%#8 z^hF7A@6i*X?*-1M`=zvj``{XFg7zlA7jOU4xSBNGCTQH_UaHO&OKVsjcd#a|ie53B ztAmxn)9n^)Hm%3RdCT<2bDhOqjbf9!(qNa zVVVY08&1XNz89j-y~CXNai^9p=x~FU&2HBePFXlrkko@@eXCod|XNKXU4v!!%V<7;~-mGd3j66Q=&>=O~AP^B?v6V9tfjD|CL?^qBj{cJm);>O<#;<|!)E zuBP6eUrb+{B0ayDRXL}ThJ~5!(H-i+CvkJHo7B^`qtq-|`2eS`gr*rq_xuS&S?xV^ zI%mtc>B)kWQ}(T5dMm%!yycuKCeaUcs_6XVS$Gi%I#qPP`V^o zqCKWFKYAud))H6l-)UwXFkxMPI%K-?lIhBq=oBo|-4*8_^Y$KkoBH8?+5M*>f66oc zFiTKBOv7)xM@4r=)$V~dM=h?LZhVX(=ScHEhQ}Db%Z`?1<@jXiXInN%mX+g^e_uB1 zmE)6m=QbEUNKh7ViuY<%O!T;DRS0db%4lm<5@ohlbf=j9_QKh!Q@6@obd!c&j4O+d zZ%Zs`qD|z7r06Q_hf#~4qOGsLcn>PCNKUZ(Fn7J{X-=6+CzoWbQ@%Aj#90B~Fx3$Df=Ks8{3*Fm*|Fo^t)aWH6a-KJb zdXp+Qnq#`tInJS8!h3OT0hLwel|EEN?)P$*c#h~?PTuJb>5?4UBD8C|*Zuy8A2~;K z&F0XFGVgLdlY6X-+<%%{bePfDR>3Pwe?)!AC-C`RTdHjpIY?x~X@`i)A& z6&YVZdGfsHJiACu>TvHJ*QwT*TNC1%(Ved5m}mPpx@Qw*qg{E3>6dzOx{gS_gMZ`i zeBR4{)JA8YeauB40Y{f~>FGR5foalwdSdam2Q#kI1NYJ=caBvH@7!$q!711u#O!)xFfPXd(>ISGX-4}+W*ki_*;7Z)4gr`e>C1%-8|!6 zb=ui_dMD2F;%(z?a_F1=|F!Xc`4LW&>~4Zwc)ai0>^qEil&nO?d*em8PrLg%@ObZ| zx#THa8Sk$->j2}OdnxwzF?Z%UZ4qdm7iQADrY%Ula~bzDO)T0LIFp|?Q)ZjyexQf` zr4yxE+Matx(CnFLbLx5i(HzA%4-T4VA?YV8 z*6^3x%7#Z!x$hEiLooAm$uI682Ev-OrUGiZ`P6u;dwipv=`5g;z(0eRM@t?Uoq{)b}rf5X3{^-oA%n7bcn{)v!(uQ^N7CG-Px%* zZ7}o19A;2ift{!=BruPb{_sDTM~nVxnY zH7^A7h#n^T-=0THsKuXY9+f`ijI+$6uTu-}Fpu)d-Zqc!rN4FnbqO*>M=kF3x#y9} zaEpuXo4ea9b&2Ojkh{H7m%m9-AV9_4$ETL14JZ(ffutv8S3esEji^NY@K+T#ssm-FY<_IG<_{eSKFqXW&- z+lnx+-Xy8$wqwD&Hv0}+;0>L5B~m%j&Px6d)`2TyxU54)`|S_(Xv^^?c+U8ZZvw|o%JjL`|5z4X>vsbG z>_dI6-+5`nPt~=4=apH6e6RI8Z**AcbFF{pS^wAiw>a;6uJyk$-)Yt%vupYc*ZQ3` z{(S|w)<49(R`r~5YW{84`oH8}H64%8LB>G$s+}D@U9q^s=NOKm?YaN^jd{WLeq+5e zuOevwc3b_@(PWBWH;RwAobyvUsOUM=e8!dY0S=TMy1q>pXq`KV7vFl4)}-zrM!jLK z*;mn3g0{vFsJ(VS>;4c!_o+EO%}pD1Tey>oNw+_(NNs^@)A?~o{K-BIWyo%Ye@ zapoNJqmu{EYv$J9A%5L+>+fQv-1_^8glnRYInO!de(rJmL*_Q$ySX{<(r2C0J%Njr z9q2JvXD8*FM2i%}y=(rg5ST6+LAvUZQVxp;7Q`@(U}P>1b+y1GV0rgC;Xi z3ro$b>TbpedfX=7WBe~cmlm2G=b{yK?%C2R*724LVvR}nj_!o{a14h_O5$wocXFCkq0%KJbhMc!O359;D zkC!SuJqKl}pK41y$KDBT+i#@ZYuPS^_PDZA0m;yARaPpXFSLu4b#WVReGm0*yt30j zw0S!QZ7;HRZ-YnmHIA?XMmV=cvhya}G-ykWRipZQ_Jg3$^YJpO?V(RrZEg3ZznXm7oKw=B)!2(w^>eH6jg{wr)pK)b?Nm8FgBJ3>EA#cpPM?z^bhgOrW^ z$o9Gv+F)fDu+4||%x39d9orOWcPSfv(Y9eAw7JTrvkiiFlCouNPtQVm=%;Le%eG-B zv~90R-_qGGh4#3zhu9`VyH(ktjkXPapBvTD+CqcVi*_bBVhJMiIC|ks~Z6@md1ZA7q z9*4HKva)U23T^8~>08Jp+ulXc9#J-l?RaQ6DZ7AeFKDxrEn|D*1(b&bWlym^3~di( z11{UXZGiUb2FXJ-+j-C)R951Sg?62?NgTI3v~!e|xL0PNJd9R$ImbN!Z5L%F?iy$t ze=T_^8QK}jNyOTDcj7p2HI}Q#{9$PY(2D>>0_^LtxFy$-^PGlc3$MY{+$+hknrJC>zhV?K#x93CgCkJq~SeWy{!Zg|>CI^ey0@ zw!Mp>J)&$Z+wstDQZ}7!FKDxr-N^RFRFsDVWj|(n7}_4nM%=J{+W_s=Uq~L(+0KLZ zpt4nL$3nYK*~k{#hVIbLQ8tO~m2aUuj8=9j+XK*cQFbHSHPAM$l04M0oegb;vNzd| zgm$H}k*zilouQqfY&_eGQ&1j;DLaqtK4?2CTf}w+wC8>=$`aru-*->n7eiQXA zQQ75ek3!p1*)gBmHf)CW`U=TII@@e$Yn3fxI}X}nWy{z`K|5F32DaCdQ6A!yeW1cIY!ji~plmbSp3u%yc4)vf&t1Rk-$1<| ztLy@{wa|7~wu)^rv{wqHZ!WfTp*^5%QlM>b9JFhcEo0ja+S%Ij)ve1DQ65Gr8`;jb zp&HuG%E}q(YG^P1RPwNZaPO#wjajct@a(QZ}9AZi4pOa>+vp+bn2nlnn^6 zeM^9Ly|VFadqA5(*8e@*0*-Lz>nJ<@)!O84veS8ER%b5!x-v zjtaFI>I3aUWsBI}Oho-lRJMWbQD}QA8+)&9!)9o&zao8Gz&0D&T4hVvj)S&X+2}Ca zhA3#~Dx1#s+A}B*amtpkt%0_ivLW}`HmryCa-QTNlWhjH)yke?I|ka-%F6w?uF%d> zHnO8_Z__xGhY`xk{kTeKJ1HB_aaTcm;bqB#94*X*wp`g$e8e&w+CpXJeo;8Ismez4 z{i5?vqdW{&R^sl3HdI-;A6EeF*<8tk#GMB1Ze`_u+#qQ4l$E%_&`wcS?#G=;KzZn| zti;^~ZJ@GpKQ0&A6F-(bNIgt~cDu52Kdv9NIm$}hws_RH3Cb36{T_$5x3Y3SZY#8{ zOQmmeKW-7UN0gQOapR%gq-+dd$L|Ggma=k<_r_S1hXiHi2;eZZJ(QLEaT}n$xTyLtDNlcrgy;VVJUVpKl+u9hH@_SOM+1A4wi$EYhGYRdzD> zZ3wja%1Rr;piNO$+ED)_%ELfqmvbBTKpUiN3EO4Rp3adxoMJl_+MUWu-v&UtR9Wd; zduWrDjSRQ7b8-yILtka5v)uvht(T;4%h@i5_L#E2WjhhtEy_wB`aru-S;@oACs5xK zm3@oba1`2}%AR7o8QSZMBo6@*How`>)+!srb{w?D%1Rrepq;C%wBg!ll!rKFCvzKW zpzWrt+;d$I?d2az9%S4ypsiL`#%&C=tCf{|u3e#>rL5d@Z5oC0FhW_m=UNGECuO&B z&Q?KtVIj)HOlZrMl{^fGwouuBa2vv*O;uLzxt<@1@-SFgx#zkU+E8WXo@)WLXBVhE z@O{*2(C$`N?zs+vHcwf(=Nb&{6lLX}>zV&TdFZdK+;iOpZJ@Gp&ovj?6WNjnx#v0w z+U?4Qbh6u$e$eJ9EAy>w1nS!aWu?xJL)%-~>D-2`(6+uPeJf$R2-+jcwy+%!?IvYo zAFz4o1#OnHnQU)-4do$0S-JOo7}_4n%Dv|e&|b}wJd|-8=0ST1^jk7_=$M${n=& zVJHs+m6bbad!P+cR_>rJgZA_fBo9g4-l@>;RCXKN0njd0*2T6xw8_dQJ!o@wawy6} zUu8?!?tu2zTznmwzm(o3zZ$p_T~`Ow?t*9vONlIPi1A_ zvKiXznUaT0j++f_t+H#`j)S&XS!qKQv~!h}{oA##pghDWD|f|epzWrt+!b37?d1%~ zgWMI%fVNs$xhpmX+SSU+U9qmv&QezHiZu;Jc^ILr+!d>Ywv)1QS8Nru7rrlfkh@|t zp)FTd?ureEwoqAl&LSMzRAuEki}R18JPcM=p0n5sZK$&HoJ9e&XXi*B_1}};%ZyBgc8{`huW>N6 z%aoOSjiJy^RW^X{x}ALtb1XivW&eUwq13hhp1WmE@1yHr^j)%MUPD=VXV@==tBzRG^UdDsE%tr>T% z0FE#VM%YIYZm)n5(5^66RX|8LTQMD>pXTGG0?zhBJs+Uj63?-BL)%_isen9aPku-G zC>1aT+8xSD1@wn@v9eMDfzVD=Rx04cmrx%1C@U4P9om~|cdLL3&g4uOp`0Sv3Xo6# z7!GZrv8n>ejhoSAEY|Q6u8#X|Db^6_ALMlf{ff0651UnOCZ#WRzTw~QtSi-Rb zp`YmEWhNZ^BFa)P)s{Mry#?AE)1=)YQ8r5pp*^f@EZanAHz<3EZBJ59sBXnZ}Ra{u~E>^Rc(prX|r^#7wUPOveVhtK-*1O zsjT(TUVcvUA(fQ@ZMCveS!1AGt*lg5S7>J`E0xvsd6b6{Wc^pb8=Rf(Fv88L(&K|{ zbD%wHtg3(p_KDDM@bOXsJ)qA}ZHf52t$?dNQP0OHE2DZ4+OEpVsIG&y>06Qy8Pz$^ zRw^r_IvUzl%F3vAfp#WY|D&47**PAKveR3w?RmCap>3VwJ*t`Pv!So`@iMAop`=3iWZcvLzh%0JL3{ZDG3x+Q!M!-nCz_?VSy6g|gFoTRRfk zmC9~o+Zoy!$~LpT_&Jn^Vag8uqHV)IXgeyqfb9xs&rOm%oMM{>ZK<*WeQXQ^o013FdQ63Or?Rs37y#{3Wo7Hp9@=DO zW$SVB5tN6%Wc_bF!ei_Rt%eaUCQFayy51~k_Zh492{9ad81w}`ehK?f=%@O4+1i}$ zj(XouwY`pG?}WDP8`4iX?p+G)ab=_X+WaL$yH(lgZ2LmHNZD;{Z#|6qHeT6)FWEL6 zgSMBlNo==3dt;*Hp@r>2Xb&q})z7ve5!wyP#y)CoPiW^UD>L$XHR%SxeLnsd;l$DuK32i53WhShG_QH6{gUp1P z(3UGJGhsNig=GEDgzs>6TDzbgk5g-ttBpsXjWSlvgasVC82T$;_x3Uq=0IO*yk{nC z~AucS1cL ztJWqJPz!B$V^swNJZ7tF9rR64dwZ#XSS12nL&=%gFk#fQ&(Ql&*!N9>=M*{g`bHwB3wV z6|k258t5D2rPl}8&W5%^*;8ysLc3Dgn8$7ZIzu}{*-W+ z|D*ah&dz!m;qoZyvCQiXXseCYqsp;ILch|-%czD!pQ_q2beJ90^Y@^h4_0>aSFPO( zZK$$R0R_;W9Vz*c3YZ4%Ze^tc20@#rtW-cSv{RIo3OEyl^3Y#dxzoN2+CXLHPJ1r2 zC;sbhmDOjs&H88TG~UKtgKYa$v~8kzRF6q?11*xSEX-KEsLQ&rmR%UL}<4tE7j5m+J$8OSIcb9 z`h@`0;~{EoQZ41sh8e4>WjV*rhyKhkZ!gs{1^OMvd#;C^;@JJ6U97BBOCYopm6d8a z(RK-Z3t%5*%Uqy zafH1vLa17sR7(N0XNP!?ei_G}3jIzWFV)fy`W)ju)e`Vuw&!iPP|qhQE7fuw+TO}a zwQPm9^()c_sg_019#K}RWjwT-l$C1f1#OnHQY|iKA8rMeG5+eO*PCu}~}K-)M_@=?TgHnbJWo?<%^+Lg*ikFjm& z4DAeMGud9ef$}g+*~lkt+;EvnCAM6lG=B z)c+IZVW6@yYxY1Jr0gNi*)nKP54hV58x?1>9tR_=p$K-HE%)rZK|9-6HNz%z?8fV; z*Ta3h%&>Ck!&F7@?dZ*y@%mJHw$ZG*(r2I>!!!KE=mNb)WeM>Un?FmMV_D3)(j@D1|oISXG5Cj-3bn$-drRsxTS)t;Tzf z(PN*s)zTN*MaoJA+`5ALI9^$)fMd}1QdTNp3$!<4q`guB3!y!%tW-cEv>TL_3g`*# zJhJ{PU~eXs>@!+A9^14Q(x1|0C6VoUQr6Fv2pmw$W@up`B{18mZ~* zPhUbA>gVHSq_#tUv$yno8^_Lp_NcNlQWK!vtgMVwZ)mfXm62*~Lj4=3tc=tVXrq*k zdB%>(CTOpHLGmE;It$twWo2F`K)ar-|7uyzEenPbrl_^a@x__HqwMrIR#nSJj=cl= zTfMx!RLdghj~MTn*9{zdJhYpXtxB}n?*(m^vM#na8c`n;l$9zx3~di(r3yDdd-e0u zH>tvT&>mD)s&Fi{>y(ws>JIH3Wu>yNxKJKOll5O&&wt%!eJ702)>C>c=VeQwJ#MV3 ztOXo<0`!}Gyi`_C=;x`nY~&~QrXbg8t>T#jN;hipeh*XZFC%pX`Y6?w29CW6+G{H(AFp`Bb5N{dSzv#dO(|@tc=vv^C%Z% z$oijC!;@^??}8Bm)!O8`Z!WYa9`PQjB#u21`Yk?QMyeO|S;l+j)N+n}<8P?v3ChYy z9fr1tvNBQ|puO5%+8`q}588vu%1Dicb{$#&BX$3?cBFz}gh^^`GE%3{q3rZCR?Vpx zj=dfFn-6_l5(o1wiPDeab# z%7(U9*^qD8xZ|KLR(3kuC}`&@8<1?{Ui$#$B2HPUmKtcgDJ#{o9@@)YB@a?98PHaf z^*^u2b1(YC2#eL)q*?-@ooKA8mUNDN>@3PqFCQ<}vI+WY4@u9fICd7aHOi)c(~eXE zwCk0X%IX1ahO$ywSO1FoH%3{htb@>YRaPo%9kfkdBo9(qbD*tMRw`>Ww5ybr%IX5` zOtStfD|(X6`tdU;JH6G~_)bop`D@ZDYh3+ zqdW{#Hso8jz5Af;sI1J!70{l0K=L3nAr0D6Wo0G|fi_=RnF(RgrjYeN69#dQYfqu< zbXRMWnNSSvl}_F>A&FzpfxgnmSFs-f{R$s1Gp8f;(~S4b92dtvcM|n;kg_s!N}&x_ zHg>A5n0#o@L`WNCmZd-R|>qzbd4tyNa4a2&M7Wc^p+ zj%hZNp)kT!wYGh1&;AKzXMnM)3hUVKguX4z+e;PZK!4PD&-OTex^4FaXg4b>RoENa zY-QJS+}2~LkK>dLNwsY_0&SGCNo+Skd+lE7TM^qVXlsK{5xhp*d z+8t#5?-Lq1lU-qiS!!+ayhBqh>hTC;)vO8lt{tU)(0BClGHVK;Kif`v9>cMxLAzU7 zsenPy<|!)`5De`UWu*en976f%udGzSE@%VE`X8yx**2SVV1&v*$&QTFXlPd%t43-$ z$L<7unva)}I#+{wK1j8tgkzUN8?3C1R6ew40;G>JQYp~xQdUN4Ahfy4%18x4JBh6S zk&5}A9jOEFq3m=~Ym<>$18rklfY(Tk;@C5xFZb~>QbVB6H{Np=v4mrXL7Sqij8y$W z)W?C!%1G^jHb_|+sb$cf{#4p4BQ+J;on-xw)Ze(r-C%^-YHc!7m)}J_9%-zaQ!O03 z0{U>r$F(e35Yle`BYMegb8P+O(vnRN>-VC+Z{M24N_LF>Meuz^uMLORUCIJv^$mUmTB8C0NSO>#ZL+e{ z*`9m{<)N>#huH3b_SQ}5Tk~Ao-o?-!Q#Nv*wG*M;qU;j3eV|>aY`}aQ_hvQfTcWa~ zvaCG{ZBJ!O*lvdQ`oAO(%U`r{v!Sh3Ha^?hanKekyOC`av~!L1e1GQrNIOFsc&WxJ znwbyT*V7l+H6Nqb;|oihZ?&~m1_lHKl+phKT)otq8`y4v_C~ApUbeCep*^guY-JOn z-Jq;&WqU$9Pg&W@Uav%b8%x&zR`$?Bo1Hx{LXcY9S+>idJ>6o)CAryVzM1_b=(qd$ zB|o%n=>z>j<2~C$*~Z=6k9wY{Yy-zV3T;niLl)UKY=-vw4Qayyw%O3uD%-$z9JIyC zN@YbsJ6Bn$tZNl04{^#$Wz|62OvuyiAyVzJ& zS()r_y^VT3-tlPv-M~v8pe4Qc-;;A}i?_n4t=GLfctyWg*Y7Dfi$@<@7_5P6^r9c>A zqFS5WjXLob%1$3+Rb36`*ju2#an0LH1!O^AW4xyV(m8elwCj~EVcP@R3}t0hua=`e zj!{-d^&qrem6cIl2W`_oq;E2+bD*sx>wi=qS!_qOAB>Qr)+R^$ZDpv(6O2`(8q2Yd zLf_NJ%cyRE{_0if`DBhg588vu%1DiccAc^^Qr)4QqpXb7mAxn*qm`ABIsk1Kvi?Wv zH{9c;Fv9U>$&QRvGPGNbRU>tXWA}zW+sDgDU4Ikxe5`6qz!FIUs>vi?VEGWYmoDauY?wKf^49njwT*n6ZhIrbvxkN9{Q zsd3O38*lfO96JiyxynW?wWE6Ncc_nX%F0%?2HI}QN(HQk_VQ(EuT($=wAIQ=1&o1q zwX#wHU7?*t)_($6g5iVIMCQkO2L9<2@Bn!m)cm zo1tvLk8K59{U6lFG0MuQ9)z~5vNEdcplxcB_R6Tvfwodv8P(Cyt|IGyR3GOax9vtf zo}ktye>Hm?+TO;hEpQUY-VFWqzk7Qb)p^h#G~P3+OE~seXxAw#Bh?++Im*gNT`58N z7_F>~)B$L_C@Uki2HM8PyN%SJb8T%V!w6d`g3XTnwOU_j7a6NYs+nWA?n1pD=XlRK z5ML!Z^s;Ty0a{9~k_^qWukV1-Zn?bIzLEVR=#M!5&TEhJT6@tecJ2LPw8cJaZ()Dy zzfs@E-(~GJw3PH+*1iiy3-npL)cj)Tk6n~eZC+-3HWAt_%E~p3KF}^ywraVJdvhns zK%%lPwnw4usjOV%-3;yZkECyMjW-+GT4m)L?>K0Sm6dC}QP9p+R<7}0djsVmPFcCe zTLW!3W#t<0dT1|SkUYpW-VA7~m6dC}W1wBFtXzxj3hgXq-q6QC9W<-JqSVtn2|U{}%Orq_VOHsD`$)va$zQ z4eiDAl84lMJ0oX7yHD8#Y)3%5LfHnkouExqHufjB4HvefJPc8`jBPozVPyRuhs-aq zYs-caYX2tLkx$wg2W_#jYVTIWvAaV*$ML@Vm+3#XExNEx*K-xWeuQ4X{T@J+&)Q`R zUkv?~bJDZOLc7kn&>m1$w(xP#u2EL*%yolywz9I-zPuInZ=|yFynQvaot2d>@oH!< zHb@?1OFRqOeag0Q&PG7HLRr}ocY-!eS=ka__zlX#5M^acTn=rRve7H-7#BiYUoUyc zWSa`@9%Wr@2Sd9|S=k$eLOa!1KU?_YTl9>OE&M)u{q`BrQLS0F@GGD__kr|Yw(x1t zmMSY-_#x2dD=S<0FlbYhl`VYz>!@!7m6a|09%zHe`risZR%B~qE{t&CtYk-?ZH$9< zjj?Jg7|*f0KtI#R%XaI+X4LZ`sx6ruyByjuWo4uap{@U`^if7C71}*y{b%$K+_ESb zVXj)6oHbp04fQzASd~#1$36gk7auPfT?PGxGt%>jm9`RQLR+q^WOO*Rh001s!=X)8 zR%-wJCX|oC%1Z6;g*H^#_CL3MD}eUwUnCEaY^OoHTiHyugP_eL>%UsIuCgt=x)Jqw zj9Qyi%Ry+n8td7HhQCa=!@O#zir2IZE`9p6w~zRRZP_H~xBK{X_I;pV=;N!{-`Ie9 zp5WsnSKIc~K;MmgBV7ge>U1VA^mDk-ho`)K75i^P|2rQa`KoQyW6;0s<1^W}gZ>*n z{t){={Te0d3qD>Z{A>}0mTg!a<=l80?R_U>vi~>=ZBJ!o|FId`>wlKM$^Ii7+FG*yx83d5+td$+5tga7l}B3}3hh*5)t)|@ zW1s#d%1}QaKb`${=x-kPj(>>#Lg)|s_@TeD?N5Myy^r6?_B zU(UW9`Y<2wVxJHFnLl~wM>eEWpxzLA78?L1N2w_=pDbA zeFpT^K0bDf&DKchSNix&_TkW{`uGy|^}j&*8R+9(>~}#Q=;Nb*W81$N`eR4D^D~+K zc<49z__ge#pr7mGTi9P&h59?%$0u#I?XQHslaH4z`3mUI{lUAx8#(?o=yx0M+49TQ zd=RvG$~JJ^U}&c(8?(*!@yyRrPWmgmgzYY91C^~~n+xrU!_v3N?Y0e*pxv%)I@^BG z<|tdmwrwTq+XQ7Jerwxs9NON>PG-9m+ScDo-`28S1nm)JPq7^j?IvYocG&jzf;LOp z1#E8=p*$ogTf+7*v^|s!c*C|~1GHCbB@aW{&V%-#vgvHcLc31c61Lr;ouh06+bb(j z9!4u0yVLgV0JL3{UBY$^w2g-(4<&48LtCM2z<=8|jD&WjvN3EsLpwv+xoj`~4CP^% zvPEq7LEBN;Ke1f_?YSDsgNtn%w57_*k=77s^OcozxG-o_lpVFp=C{5OFn9?=6G&^m}(Z%BkbE#lZ+`D1zNH$Tu@|gLbyD>L|y>u^WGidOh67%U-P<`Y_d& zkP@5GLTKv`O1ouLQ=#3Xtc>blXqS=of802pTXwAg^*TjM?ww|MU7R_qZpFFi)*b z_7T@#K|LO8tg4n4j(rgNu0CF>Wi|8{E2ZZ#zq6w{3)+3k%1DiXc7?JsQk|epQ&vXm zLLSP;5M^bg%ApM->wlyca*wlNgxdX*9ohGcgSOaMHBv35PaSS*e!uxhM~Vm6dAQ3vH;f zQY{70o_+gn)$#`SH~~gjPZ8{1K<0H1Xfupe)pCeqU;Z)b^++Et)lva{xN1w%n|4%J zLVJFnw0p^3YiB^aSJ_i+he2DQY)hGq+Y#Dn%8n|x_S{mGi$TgtWtBo3tgKX4KD1}v zk~~Odr9it&S*fgn(B>+;ock68?IdO8^OsI9L3!w>Y#qnl32j^X-Ksn6Et~b(FhT`I zu+=SpX)_YqmBy;-j^^0m(5L$NboTX&QO^hZc$p2mpbu1SujAOc(4Huhe#*9U613Zu zjoxST*ALnpWz*TV{Rs7Mg0dxSk3-vA*%r22p>5qOeUq892-+jc%FG!L?IvYq=JbL# zOIevYH*!!O5|ousE;|fu4`qkGZO38*v{&DhJS<>4588vu%8VQf?K-mlk2uPBZ9y=? zB(*kq;`sDSC_DX(RkQ3A$KDS8%~EeKvt}XmhmH4~^9`-A8BK(CgR)XtJ)xbatW?(Z zMW~Nsm6gh>g|@r0Qdz~&UiqE$O)6_Hv5&4Vb(zHLJxwDr5qxV!Tg{xVG@9;Hlf{Y1Fr z7PF*hM9bLrfp(#?0oAreH?vVs6O}DtdlcH9WW646TJVky{%g2EbBSs++aEytuCkL4 z*tkzYyOwP2f#mr73-L=YMYN-p200kRDVhfAiawa7N){5+JE z!OF@uWG}R#%E~sR0NS%}=y9CR`A&g)7il}@vQZcaZ7$h6920Q13RSi~;dP(;0m{H2 zweANF*}5o&HrQBoToB7X5BifkXiK_WHD($w@C~@YZ)gFVh!@$$K>I^uRbz_Sx6DNy zecH#%M&}Up539CRaqM3~`|)q3-7;Y^p?ybLnJ`a6`>L`bwRUhKq5Updzk7=}Il#$G zl%T$9WpYlw1KL~Ly^~+Zu@^yq#K%kW$3b6gyl0Ca@O#_wC}`&@E6Kl>f%+JytR%k% z+HT6qQT=*oFK?6f%29m=wAEzqFoQikPUar>hY=R5waG{YLOan|HBB-(_Ob7y4E6Hy zGE$qMzqVC+zL8^RL0hBjU)d%=yIxt@U-f`CLs_YSt8-BQ#waTla1h$AWc`m+EB7K7 zMmX^s$&MU>O@em2vG52i^01u&J>ZfVw50bD*koR!>3b*(Bb;@~XH&{3?}NUhZrhjb z%v{TB$%9Ls+(PZ*vz!*zlc3&C+D3ln54Okspv^JX=88YfBb}GJK3o5F=Qe)*EWLjF zdFlYQW~rau(6(1r>L(A{lds>cem>xqje!wXQv{on7PeiXon@?=>5)fl4ljNe^?I0( zmm1g$eW+?n5yvio_UvY9w`6o0w7Zp+j1Gb}Pg%Kw6AbMXW#tOanOP_o{gn;*qs`kc zXamXm-zp5_2y~P{(C;+sI8iX zFv8)D(sTL7qC{vn7^`}o$gz7spW)-B=a*kVJs+vslFqTKq3ul8f6v!)gvBtzu?^C5 zx$iv@+AYSao|ka!UeIUxcZPiwAIR% zupI;KYGqFyv+eB)?JQ;2{>j>=@1Q)4P}aq^653A6MjW?sS3!HBSn{xq?M!IPm2F`= z9NI!m6B^U%Q4zKXb&2zvLDZ}$3VYY#g@!>g?5&*nH;xi zI_mWZWhL{K&~{Q*GQSGi3+p5oseG4UCbZ?smT-HALtCh93)^sLQ_1=t(a*ncNA$=v zl$|KOHa_a!1nsr8-Xl7SW6y>DfbpL5d>PR=XxAv4&T+dzJ6l;9(aX=H{*6>tMzk8* z&dP4%HmrvB;+nf<{$q|X5k}ZT5o~tkFP!^8yUS6`Jj%W=XyXb&n|!g0q!yG~gb+wRcLQC3F(%5x|Wqm`A>KLBkPWn)g+{H}qv zarNCs{}e|^h7q<>1Uvcxr|sJMLc7RVHTp5^Tc@I4k5jQ_^p8LrrR;Q$y9wHBzmPUd z=Ch!!QC2da0PT9R{a>_(1za|-HTqO#F{wQV>GZBJ!O*lvdQ`p+c~0cUO8Y-nqh zl}Z^0ZLzXaDN)eQRW_d6aBVWmLmXNERn_?e+l$>WLVL9~xpt8U?a7tiRTayzlcC>g z{B8TjzR)gGb~?wsH3{{4yt0z{W6<_eRx-Z@+8agEUO6LJ2<>5I<%}Q^+6`p=k5aFC zJ4#_NLW)|Oj8gqKQFaCztLFYFj=c-|Kowi&elD~pR!D|2IqoEAw<{~7)DPMmWo4Aw zl2QLAC@Z6M9NON>$|!Axw)JOs8>QcKk7vLLdntmgclpkrVbB&Bt47Jiu|uJss$$D1 zo&5&N&;Vs)8*F9mhPJ)3vW3or_9Weiw*AZGxKp6rp==4;{?IN~wwY}pv=fz;syZvpsiN+sSCE|#z4DTS*f|M(9Tjeo#Qr*L%A5CY#G~1 zXgev}%yt#D7haY;4E@OVZ6>tk%5Gyj9NI!C>#$}ZyAmlII0N2=IT+11c?R`w9bT@CHU zA4{91T4zDKPuUQc9nlfcu25D+v=g*x%F2jdh(~!CqO6Q)IkaJ9?bZ};t7daAvSEbU zrIH=FPcjbLVq?{aF6Y?Yp`W8-%ZOeXi+Vj;+2}@_`2)~)QC3ED4YZ9*q<={qcQ&*Y z%2u%*3GGT{WB+d3+Zoy!$}VSn@hOytVamGL?t`|YvPn(04J)8Mw^;J9jcppVrOHNM zvT=t%o3HEwwqekwDBHreJ`Uw!AX)#F9e>%jtQbbP@+0Z-Oty2OJz%V^Z1$s}U!`J8 zWp{ygrm`&@xA95T>*2~uWmiBOuI%KGZ7x$x!~4}+AI3M_>-SXrsSd}zGr$D9EuBh}jGu&su+v$1OQm$P39{rUOQYZ?6+(C$^Xnd1(F zwm?}K{f^L1Q#SJ7HW%lPJ?#0vdwGocT(A?wiSQ$Gun&BV7Kz^!O)iGoY7}_h} z^B&O{jy(tZO5<;P&S^BXtCXG0al1e}Q&}0&#>Y_qhAS(hQ~_-`S^wF5gIl%;MmREC zdMw!-5A7yn)%-Zbv7?}$t76OixHb^=I!@UZj#~q5H)SQ8>!H2;UFn}>GXvUcWu@lF zK)YI5srjzZ&LZo7lw$6&HGd)&Wv7o?+fR7wu^rl*v%E(siDNH>{;=`4)qEnf8jO~##wshLR10l)Wo49#p}mqWeUnj|3+(~2{zvKG+~WZ-!cw(18Kw5n zCL62fQe?2Lfa70A8S1TK%Us$DZRfow->Zo+Mavfb4+@p zKk8e8vNEEFq3xlpjOYevufA}%5uF@jvz`JY?4k&EZperZgf`b$HKI#6b|CZ~w^ z!U&;iZ8Ay)(4PH{_bA11?5WW2H2$`&;{a%vDm$Iywud%ZSsA61UqTt`tE`OD4rp(s zNqc3K7DIbXSsA5?&~72?f0S~$$DLq=G_^Jvr3-ygkB1nm=F&!vT?&1$iY;>~AKEkD zmJHQ#+!SbcDJ!Ei5ZYX2Wt4)TousUc(&-qKi+;+=DD8x{E%k1rH2q#XmuABV6%@hN zyNuFEXjdAmMrjGh4u?Kf#gyP`sK>4wl=#q z{Cr3&=XcT<(O7JsCOL}?v-Q&t+8kq5O$=p!vp0&JsA5Y^9EG;0vI{uwW@xWJFKsSk zn+&ElMIDIJJnc~p~(AeMo)hMWvHKuEg9MgZCi@;I*H>hh4#3y zsvS$%Pk?^2iY@Kv4Q;lvB^3)Kqo1;}b>9hX+qa~DvUOhy?Qvyg>z)klR%K=D z-WS?M%9e58ZbhTMjaRmr?J;P3DH{`R$8HO>H>TWei#ClTq`?TK6u}+`yg%4h>=0=4 zja8MhfMW+kKgGvOwVaGXS?a6WQpT}&KznPlv|FlWF|@~&m1>y??G|OFTKYh{P+6&# zo1a5{OC;-m-xC&L$GRLw2vcj5kt&3?evPxpWu*dIA3=Q^N7jD@ z#6Dnqu@^=NRcn)D_5x_nCVN-FWR5)*`klsmMzoCW0BDygE0xk7+GJ&29QR~*l%c-L zN~P?8_SQF~y&>&w-WEf9Oj#NIiO_CQRz|-MvRTdN|D*r;&bAljFhZDG zn;d%=fvC8GqZ=kAcwUDqF^JgP@(H?BfsG{+;fIGSpAmc(yyCZF^SQ zTf%lJw8xc==wjQD4DD8BpJCe<+C|Eyvb`0F`ZiwK1#FK&+e=xQ1zVuKF+t^luf8sX z_Apuh75E2k*$@~ZU#(5{Kw;3P7^{vITpasMSCpatK3=vfJD|UnBt4IL$d2k_Xpbo? z8J!627G-5y(FfXv%F4Fl=0m7|iOR~h;wZE|$@(9ub=>1Z7@>Z=WJf;5Cl%T~#;TDj z;n)MA&sDJ-*aks6N!j?Wc9c$cK^f|&Yzf<)(6)VD`ge-$QfQAGtNJIEH39m~Dt2_F zZF6sEvz3*<#czEO^>3WA(>d-DXrq*^V!H|2Yl)JJfNr+ESByjsMj%*)UZMyT zP>GO8d;}7wft))8!lM$eRKw#+xPU~l?NCfI4K;~8B!EiLN~cojPN&e}VLJjg|KD1B z@AH^*W->FN*Zc4HrE|{SYpuQ3+H0@u#X?2t>meFy|nXDTWQv4=ck^qZ+^zv!b2wQt32V?r@==} z_%l4=ZzXuw=x9Gr*h_4%<%en+x0ZUzINt_qjgB7ogx%W)yWFIEizn>nvn_tdOxTM( zVOQH=Lm$=rp5h5>*kGGX*qNTN%WSZ56Lyo|OAqsGuvRO7)Dw1^4c2PqH+sUp6q?Km zFFZ_39Q34cCn)Hew@ynw$P@NTg0=NCO(yN}eY~VzkOpt{OOJWN&$RKNrSg)^_9K6BtO~4OVp&j))RKR4c4lu zh$rk{f|iU{Out0xy-o3iJ=X@i#H9O&>0Y`x+6HUs z;sHp6m&GqYc*bl+!(7FR;N{p7Jkycc!?P53iB;cvCkwrqJnPuNRruw5qIt<$`u zo^OM-H2=6K?A|t5OY^sQ!frm@(uJk@i#=gi16FH3yuI8!qsXWgp-8jnKkK>(KZG5s$GZw7-l}fG^E3XivaUw4RZ#;)TG0-P6f;-HOyHAb8I@ygT;XP zh=%z*!IY%KJTMI~Z}=2H=M&79DQP^vum@nC)G!wjOe`JdAA17kXBy@Tg1IXl=GhX! z{6NDr5KNPV@tgX&dphnN`U)$jnE<|+4)E<600=NZgaAI74sh>G0L*59I|*Qa39z?W z#C>~F#bvph^M8OA1)Dx``BX3Kd;C<(O02t?PxFMmgg(FQ9_x~n~5_q4%Q9jWCrJYoO5z_M)bc%UDd6wdOb@FP$NDUWMu=nzlXZxF0a zLs64<0yXEB`ZODDOG5*mu>0Cz$4t7nd&0i@DT`-ILzj8NJ_cCb_PsT9^if*JM|x7Y z)>fKze(2wQUJ`$nU~L)-nY4fF34e%+HS-p0FJRYiqr6llDwc_+>WQR_opLzL(VVY_Me?*BW}%6Ly*nHgt@Jz0ni)rIRiB zI!)LMJYgROYODzY4>@;`)#x>ZQkk$`^rg{ z)TPI24PD|1yB4t7rT&~rVU8z-Mq6pt{gS)h^^*E*g0)F~rAd3(6aF9@ZAoQ?ydcrOvSew)_6aLRBFR72S(YB<1#1nRk z4K``g4ST}=VV>J!XD!Z+YH$3+AOcsrH$|Ml6Zlww15fQ=Lzd4 zSerKMO!y8@_)V3T)Rs2C;tBhx4Yu8+d$K3&jW*a36Lz{M>;-_$uA%mMT0_G-y)<-? zt+c=#4f|tH*w>GDYN*$weWfRSAHlnN`!hUYZ?(b3O}hJe!d_y7Ek8l?y!CHh^3Auw zhD_MUJz@6-EVS9#$uqw2_DaW0-KdU-BJ@YI_Fyv9QC||G6NV?Q*^MtOYEzsT@r8^c zy0bQfr?4msMF6Do!ZExezj#Js|Bw+J1K61SZ5|UZfg@Fu=Z3=DD^PSYWHgG9QAE=R_3C8NP7b2O`sni1_L z1v1v9E5|>u|8b*7$yKtsqg_hMOO58;{O1y&}GeQ5y|Y7m^!q{hj+I7k$>B8^_Y$?3{5d{Uw%~<(wO8-M(}hiLg2} zfzRrUl{Ng+u@pZ`jJ7)d=~#{*|C(6HXp8cfcq{p*qj)8mS!kG3&#gMo7n&;pI)Xbw z5eAz0tAB3OoBp}=oBeZ_Kj)uYx86T@=`Z|qYwq^X4c+RW8)&`M=sTUr5Actu-)%jA z7tbMMDAdtc3JCER9&z*~k=lP6>RWWzqI4`R5}1N{;as1uy=^VHOdJJvdzjr-{L{gh z;*|4ATuvH)iP%@^vytA?N0`2beKolmNF0AvLNN~`#`(^0$%IwFIi*A<^)gONF8Fbp*D%47z! z*od{SJQ3xzcbtI#FE!dK@#A0HM?d1V=iam1%mX~Gk~Z@lvYD^LK+lUA7R>T=8s6!P^|d`MRnP2rXsV=tdcgfifm@M zEe2bWz#E(fHo``vfk*i*&A`}7inp?X(KC4N#*eu29OA!?p8acBgZ?$F&Inf?Y=dg@ zY$GPF1)FSsPK_{?H;IbWNaAo!dLxsT_B4uTHbo~gE96%eGKwPrab*IGwr(I>(&IZC zbz-#GoHQD@FF~K$UYlsI-WEP>)00Q}iqMUn;a{_C+d%oA-}8w%C-{8uPxGI+rYKPX zR~+}RsomyZQ=N!3ZVyG8lV=<27aF6+TOnh&LbXh2>G|=8W(b7Co^zGuI z;6#ysO>n}P)_}6Yr+owePiZWToO}r$B!M%IF?}fEO8?%N8t@T2_r3NyY#wjS+_4O5 zALSX1??52YUi)@?^;=+9fYrCa^4pQdcff9nl>aW(DGk!rw(Zg_k6K$r*48#g6&+c{ zKUQm_*SAjN)+TefwbA3`tqq+(1>o#0Zn%xCQ`%)Qo@|b<1h1hEZI@KpaD43lBCClE zEXDU8s{89(*e>ZANpZ4(7e3E+Nzaqms|l%1?B zHWmv0L>%B8BixYvYZ=Q{dgun9F@A_AImc6b+15L$GwVDC$|i5KiqQKz%aGXY2z`l z>0h&oeDpv!HH+p?=vF#y{9ejbE_)bL5L-9Da|icI)Lr(slgoaLAj){L&1F|1-PO&{LE?C+gkld>^=ZPkb@Ms8Z0~OVy3K6uWZJOy7=Fa7OHe>Z z8$HAQl8#{X)TyO;Vaso^3Oiv` zY#}rHAJo0AHNLe7E$aK5vb9D+lO_Fnjsy2kgc|^^#W{I$3H$vc>|Aj=m%kI`XKIbQ zP0QH?<_u4Kgn)VdMv!N)<^<&}r#-ykDEONz2Ye+E>w%XO2)AfhhRz4BgHrAUyv(bH z0ogRGvm#?8HF+<|~9r?&fN(gi$CGfdXB5d)Xd=C|NGc%|8 zm;D)*D30C(MnIFeIP{O@8(W=ji8RmK6SP6K*N)_gL7?21#(-=fAeVsjf8%h{fh`(l@Yut+ryJ#z5?RGR3U+QeYd#n!Vpi5Owc?dL5SGkP>>!6q3ee#Bcc;z}$z%|sag zk?b=#{UoF(YL)i;e@s2s1a%`?>5w9_5gMj>X*qFbYM6`sDeHfw3wK^a@X%t(BdwL=zk2+DIX^vyJe-u-iChW4>B^b4*Psob4R1Jw7U=ro5h zpZpj0If^BVSN~d6_g*Zs=C{n`mj>>f>2KQ~BfEiavu(V#ky^s)Gk`cSV5XKz$Cf5H z56vb<$DgOufzlKVUKbM6s+K>()_y!v5+8Sg_KE{6P?#9ilz4`Uq$c=o5KU9a;TRvH*`wWyXuxMT??x5C+4r?e-GFARgM-yp|^ici3k`1w<;?GvMcMd0ES=v6#$5ak5sby}TBU%D{QgkEGr#9j6R`M|{cM=s_!avKxw?+v9I?fS)PYd4~DfBSD+LzO7&@HFb!Q8#}6WlrGngL18 zc;0KmXUKw_<1$YiOSqXi<5&W{2q~@lt)%g5%W2<;9fk2}{XpG57$8pnJ&#YnIuzXD z>n{b%1ND@AC^}{d(DO&fAa%p%Fi73N8!aL4j*j~zTeXPk3Fv~X=#3c_O%%5hK7SlVgqv` ztfBk^|JA-9GDbsFVxcLcq4n{pp{d2s_}*zk1C(p@mW*t}QidZSgJ}(Qj`@ebZ3ny? z&F}qfui}XctiyO2OeaB8;5|MY>8ug*T4E;kis7Ir3r$qV`^%_qDfu0Yd(7kz_J=T9 zYaxP^dA&U|u^EKncxy+o)rzLlob)w>qEtxe7}nGX3Lha6r{afXq!@uIgMgMf^MlET z14H3&jFceg7*<*DxN%q|?lP4hE>`E?omj628fXJoFopLr2A zm)15QT`KCvvHZ-vIpbJ<<|+q{@-x8!>1Vq4g+safS(~33AwSbg$-hE4^Z)|{V4=3j z@Db;t=DrUko(#MF4C8D^J}k%bGw;Fi&~~50&jfdSIv6THtAhzR9E{ypOWrqtchfQg zY5wIq80$;_autpG;a|Gp(79LQd{4I*`XQUmJbxZ+CiIM} zwX^0O?Uhn;Z?6YomB8IzV+)`e&vAh}$KGCLu6KJqdVzO)b>mp=^=(v)R~vWZSnYMd zfuq{%AF#qp_XLK<8TqKCff;Ra3f58(q{Di zQJuWmksQ~_PdbuIKc$E~>PW8A$#*%Dm+Ryl)#WaKg4m_}vR(2v7Xh zHryD4s--LZ9gTK|gR%H5kKsnA6f!EhPiDP(k1LL`XKEq;`QwUvoYsCS3HkDfO~^e> z5#nzpk2O(Iz66j$MQlG#@3kU^AC+G<&zv(cJbh9r5$8`u&bdw6n>b}Fa%P0aun1@ zi5LjIfX2{bjl1x!Banm$*T-)q_g>U{cFUdPES#a{3wObwSoo z*@8Oc_EECvI+0Y=M$gbvM;(6q1GfAokNhTE{!({7R!)cvl=>(uRTlIj_L@vHJ|ms$|hJ+wj`pIO)pS3 z2J^CHo;F}?dl9FMwph|>Y#Uu=v!2xynB404E7*8$zre_&|gci zSdta9=3(*aFlh_RXnHj!!VJVOqvAiGRK+ z>>QM2;Xtn|MQHhlS9yph1i>~ZFC7lP@pl*;#-rh;QeVTN{1^$8h9VGRP%0+Ugx4Zk zE(F+cpcFdN;fLt8-&lYUhnriFMmtqqn70+PVq0S9h!-p>XNp~OfM%U ze#tlDst}IN$~+NR>XG!CVgjaK@oMQcrSazX{UN=b-*#5Z_L!wiG`BSsh@8Gy#tDt?5mcWjeze4&cwd-~%X z(gs?*-DKxLg|1Z|M{F|(I#`Veh%%%jqz#z1khZBv96y!1W<|g3NETYhG6H&?uY}@W z@K5Y`B9S3DvKGrCD`jwG8*OeuP#^ttq{XhqK~RKZi3#yUoT0{$01+u2Ec8XMQt=4)z)Q(~C6UVIH_gP^Pc>IdNA^p*^WQrwY~ zXergvX5vN?1vmkSt_@sIoIOa{tsBT}&7B7wdCL(yy5~1CM&44W2&|ZYEGwqhXD((d zmN{(2^q7McbHJbSf2=mHg@BynCc3RTBM(dr|k$9%VyO zwD}}PK0&HcTb{fhC4NkodvIVcRlg{v*&YJ8V1Lr0hvxzX)r|zCGt9e3lSMxQx@^&Q zZX~Ao57<1afO5tUm$pg-#HW$o(npxShC?*Dc}N^?8=*w}8$VFOb4jOujQJe{?rc#j@?KWQHTF2^9s6g1Y!YA1kCBa>}THN?1GPVBf8Z6M2gf zpXEe}lZoeywx=mq@7x^>ZIT)#GTEYfn-~rE5#&T;nHK6os7(rmdyyfolF0z;R5nbNdR(ZN3Pl|X&zU8Hka>=)2noYiY29$g+AyvtzyYZx`Pb-hc zors2oHdB${JI12Q^ihR#kFiXg{kXZuh+#l4Oh*n~c?+^kv>ZkW!`u&XdlJw8nm)^U zC*1tbMC0C=K-N&xz`w-la4>avh%~<=t}4bFPuqp+?fU-2M7WRMeE8bShB6aFv`)A( zqJd^fKZ@Ul=h3L7g}jK07&2-%B0zG9Q9asT{pa@JpTv4@UcnKxlRtqDVtxbD=MVaS zu$A@}I-0xtyD?l7_hNd1@QrSm$f($34*9$X;Z1n=znk1jWEKAaK|FCV6(`>@=0L7E z0<04;aX<1}`UutMZ(Bh{3$e{vl`O5b|(<9IgON~Boy6RClx;e<$NR_pq& zQ=3rl^?T{3rqYSwB^@iNgVRYqWAPCtW}w(8K4PKq+(Ki-c++^dzXt*?Fz6|Yt`7ym#WBPxDZR}{TeS^E5I(wg5o5Yt2JKAZ1 zf*;>NPzQRRq}YFN67Wo#kJ4ujv@7)is15JsqUM}yT0Et7YANwO7(=>W=lQ7%M|Vsq zaaPVax^qd1{cJesS0;^gQBg7ExvA#ZbHhB=1ztvl%KaKP7n%ZaP!YDgjoMy#(jNFj zfHe158`-^L9r>Jau$LBUdw9_mH6QE(YBxZmw2{qd$6#aIKtDo#32)+es*UWZ+{l(W z^Mg@d&%(NI1k1vDm$?&DkWE1Crse{}>Jsy!#EIKzZ zCYNUYE4t||(%d3uNPb&r$&|nnf0i_B!LnSC#HzBd;bQ*AI&_R&6*hR474CjHFqnP$ zBv*^u9VCag{W@s0x9wTFfh*RQ`BU_J^_l9+-#d`zW~WFayHM zMd(okSRE`mUDgF>6BCz^AjYz;@h>P;aW17$P+62{e8)+nN))?k9Ik2Xt!el*jS-@8 zvXe%Mi2c&V$6pAB`1oy+EM7dtSm0xfXuNqSC7ZI;i0`{;{7BPi(==|>G+red4?Afr z7gcT=wVK94P2)^W<4vM*xr4@z7V*w6T(az|Y5apbUTArOu^`KPMB_+1jn-irT8M|; zWS%52Qpp-kCaTFydl_V2ranijq;;6abK+7rnXo3qTjW&d-_m4e5t%!kWT+j8*={nY zYBCj?n~!TU2NRhZCz&{r8S8cF=5O3lLa5CEU<-VO5uuyeL}t2^Op3_d>L&AZP3FHe znY%QZqlwHQ^-Pv-=<^iu86rdBkZAkL`Y%&t66Z53OErz-h{knJ8YH*a!%bt3ra_^x zF)<6TK>k^fXL?K?escPw z@RO|@$kU@cRI}I*$MeU^pof3G=Rf6_1$zEc$?w0n=YN7n_NKQi7oU6B)e^5HK^&g{ zOO#@I{_CAIs>BR8jiWUU)AR4IX|U&C;G|I^h8}Y9@e08>JpXfyr9JQk7zt&1{&7asp5N~zlOi&Ay2<=XlQBL2J(>)A{*hS@ z-LU7cAu>+S{|!Y(dH(;sViD>~2?q%3mOK%1o`nH(}8V)-gWEGN;Mr-jtMWXei<3^%7z4JQF8WleX+m=F&Q zf@3^q8Y41DmLr1ZF$@Rf#GloM4`KfCKd76+X}M;&Kibbe!~MUciML_dA6ygGy!{sI zdsnov|4W(}@A)t^VXa2A?aMY{#cmtb$;CMJi9Xh8ul*a@aI^(ubSu(Cf4_sai*I?> z1pn5)Xa+sPi5QEp>Pk-tMZsZJvdz)j`G-x@9)D`%&SmlUm)b49RJMJmL<+~Ujcano zv9x%G4F~d4Q^&VYwr`X;WsUu7C`yS0_OfY7rf9vSa`#;70195v7fTP&$qY#OtIsbDKp2n$$MqT9uW0%)s{@SeMF&@58Jz zoqT_#J7>QCq!)cz=5)TD>%Wd>q(Yi-R3f@~GMye!a`}*pk*Hg#-S0S?q>I*t7A?!S z99S5wQj3=5bDo-M@@1}=Ya0(Cl&#^rW^39F4>1v&f977z3)wI@sEfpwE#?=XWWqkr zu*R9`ZLNWTXrW#=(FXv?Rh?#W_y2_24M=;e=o5c950HJAas@5q3L2fR;3QN&yMaSM z3x^4k8;AtAK!inmH81cI;f)z2f`W28inWx@%rl6wsKnti-dW{fS*^OLJ#E_4pdzW= zUH>Vs!oS6Zvn$3@X1Xh0V3y5oP&#YUd`&6uiO8Tu3dx&@k(;(ur^l@2+;3rz*{I## zUY!60dX5sDy4Y-BuC`~@S5a$MFv`NQ+l{?w zU(-HjVeed5lsL{K?V!hERDDxmO^C$))q%S$9c7|iVkt2uH{W^LK;utF)m)iV@L5+Blv61d69C0 zQHU(ijV=iO`ug)=Qz8=lwd#C0ox0b{(EVb>-%FrM)4k&7KW5cq_)h_-)Vz=fuW}9n z)7D1>2ozIGi-pVNN@4`H%U%l*yFZc9{kBAXV6b(WJ?ky=txj@Ld zte2B_QqYfqmq>H3SSAaMqCoqX>J`v^9J)_p8wx_>mvkMaU@CbSZ(P)(D5g9H%J@V6 zU6L}rjESj|GUkXJeyn!|73EqXH_d?c2`LS}6~{}EA`o>EZ_)8v6zOagG2dQ9w`}ve z2(!(b+_%@F*(>JXOR>_BfMV`*Grx%=#aNOt@#zedmqRbzBi+Vqy|_v=5BdMT>WQz6~>uVML^%1(v<8!>_#$*j2bZ@eBZnx9oVhBtKh!{@>4 zaPT2u0d0#B?1=<>76dn5e_SN^Q0QW+j2O;9hSl}xmb0d~w7vM0P)G2g39SDGdvLJo zQw%(c0%AkOr6BYWH4Hw^1bl4=UtHE!l*LN!LOs$pSFiXzl4$V><#dS!cX5;GMm;XK z?e3C}VI4FcLxZe?sj-uXw>l5c#}L=?;owFo!o~%``1Pkll+eXw96~H&)5P{X`SOis z(+L@W5}&=3R!163Xd^s0#%IuOgf#1hgJZPbPVv^3MS%(4eZ{woR1##BZZ&z`$Dtsa z&u9hp&w_gi?wUVHl#`epG36v3K#N0cCFSkPr>6DA;P*B*JMuV5aRWaOhm4oSCh!We z$qf8=#BjU_UPww?T$MR?vBejOJ5gRZIRywAODwmQILj*W8z^zTn4MOF*}JIoc$Lwo zL^le;kwE*I2_KaSMG08#cIwA4(bGMN9vMkaQ!MO7fM+&&UB?UJJDw19Qq$kxqP9$* z_F6->^s)%R4Tm44gsv7y;7oL!CId>vjYwr6wBp z8s<swAs-hPD7*KhzPvPoZ~ ze;@|yj8YLIeh0g{WSai5eCJc=s2_&rmzGPkZvkIkmc2Sd`b8Pi+pP4VY2UdS=hqEQ zyBa^1MU)Rs`wFEaG$cjBqhY58gek#cB!R9r;;a=EAvLXMV%A=in9hnvWo#ywFi^f( z%f1CFADT8z7N*YuaGphu`B9ax5z|&w9iAGdD{q5HGM;_WJU@VK(?uoP8E(fZRSLS% zgkGdh3%8Jbp#?>aN3xF!50#L8)2a9Cupoo``XCXy1Gpzln=Bg7Jt; z%1=Z4aO+w$rGNK1e&4uB?jy9%#;(EUn{E3Dos>d%5Dsu&+pUg$gwETskFXx_8TJtv zXWlK+{MlZpmkvPpQ6ijX+XGzKlPJt=3zgIp^MH}++X#-r;6{CobZp8Ps?C=;RJQTJ zU+aAREwAw4XjD7`u>p)R0shEJsnk#Kz zsK*YOBNDzhg60jNc9Sf^#?J`zbKU@(*F65>B^U#2OpHMy9tuS<6v7{p=5jv2L`5ah z!f;Bm+=!tS#<{m5)JpL`g5MEz&3YsarqcC-!AtX))JvTC@X*VcxKsKnNT9b?Ajtt# z5Mm6!++p)U0aNc7s2kNZ6xmHpjYp)3z41ChZD)&|)N<8;!{!mm!e}NIM#L=10%Sy8 zauq?=+o2$^5UIsX0oIk*6Upno6Gz*hN%5U|~MyMDzw|ZMuoV zqr%7h5`Kbw%=!Omv-iU2zW^h4(LYDiH*EAv*@scj{T};L`k)l!6182WYtk{6%LUF! z2I8f}v%qsL4u2Y-(3x#p@#2AdyM=2l2G7V1_lp*;HRApqhW}~h@~j0@%&j+)dR%LV zYB7eYDk;w8D$+2P4sX=DDMweEMTZyV0tY?V$gmDCuw=1jEk$lwXvUL{JKMswbU1|R zNSYqJa9=@3pz6-j;eT4V);g$t&yF>!E}=3O=^R^MC3T9y8$QWK#~70xqZ}i6^vyBx z9`p`i+1Kli@w?8C^f zM+QUdMfrL$^~%_cx$BJ)oSrF{cW`4)B>28Dm=0$I-^Y0-bl%+~k=pI(c9TQJMf$^d z_|)waB^W?qz4@Bc*b#!ZH#UE|L6eii_Hd=S8YPf|h39Z!g9TC3Fdpq>)(1 zGbL@C(D`ui9diCC5h}!Kx%ipzwS3CgP=e=oFwuAw>$@60yuC(`SDZ>v0~Q={N5s^+ zks3M@>Gfg;#>UKO^L9bs#z@U4MFTVsFNT2QQJ#PR2?T3MVhyWlU32QO!jwv-UzEn(bS3r zhN2Qb<}1r&1*qk=qzJ;{akHiCHPZMkm;Bn$l#-QyuTRq%#?;*n)VPO(J=e2jpLH>>z^h>u1Kri3M2Pkv}6Uhs6n-MyVQ)eI*?-er=e-sp8a7{R+D!MoIbPcT1{>n^faTN>U_jSau)W~}4eF~OjE zk?o&G@l_C3U?LGm!^FH`SsZ{u{IHE0-Bd`-Lsm-bzX_s$l^4 z4HsRJE--FDAO5;)L zYCN=u?Z`1=q03`0RDZQpdXqiyKD8)hOd%pu8Ur>W``d_IN=n&oahF$Q6$2yHCj@3OK zoimQrExrA^RgUJm?v+gPxO43C$XsuEBDQj}<5=>1F=rf0o;endZlg)L_RllQI9y=d zKG{EOpd5xQevfr^TdxR%MLW9|IXuZm4~lQzC}{)3@ym#KiW-SI>EzXZY7VZ|9^RNT zd)t)QdOI~_s!UciD~#T`l^Bc4bc?dDX{FP+H#ZujgA()1VW=PyK$9-zk|OnZL>t>g z-x*@I&&Lm^jndMY#K`n9lRn7Ie;V!grt?E9>jmzUG>LjJ4 z;Xz1AeFG&mk;HTfovI@=J##I{#AqF?n?e=jLUQURt(?}u{#`n)lk^2BHz>_T_wft0l!g}1eMpk&i< z>tK5U<+KiV7KGJZ5LQn?SiJ>d(U8+ag;}+(zIx8v=h2KM|FXsk!ipD!B?`hy7KD{5 z2#XhS^VWPx0i%G{L0)jryR1+_WtA0#RbCKQOF>xe1z{~M2&z9!b;_UrFN}t zGnJkkYk3Y>d=j7Ckm`ZNcT#7zBNtB7-GYPYxxyvG_WqNk(Zd{-Trf=k^o5K$>h+ z;%xC*eHa3gJk!l=FDVqZheB)CLL&m#{jo%>_ z1E;*Dt*k0YT5)b2?9R+ZhIQB;#&9iL>hTxzPBkGTsx)7+v|i?0AXaG!Z9ZB4&UkBy zG2~hUc5phz7Ld7pJ4=dB2JP~UCE4X-ZMf^b6j+niyQ{3Sg32n-r7VZeTDY8Cb=IC4 z+N@QlmMgsEFr!e_ic$vL$`62B^#O1Llj73;%u+PLB+QuawZfVMbNC(A; zQmWd)z^6Ik=8e9Fnf&d^L*x6=sExO__EKNtjQe;X$2cV-i6tv@^BKYF`1l6@#_6LM z>{O4aQb%RjY7L6x?Jf>o)kT>|_XBz;ILv?kHOmkY(mWy-9KMSJ`{qA!%@tr2*kC7y zPYxS7n+c)(C}5-Fg6}XhyUcR0KTJ{-EPk-C0Orkc9O*HdxU zbsQqF(k^Xner>`>ilp^9-#BSdA(e3=vhO1pGc15YiHYUqP&V|gE-;4s z<+7j@MoL^g6nqw%eiki%*|Pu}6|)adDNWa)M4)O-b2bZ)!ebDxpJHJe`+kgKUM4s*eB_}Lg^xwHBErdUB( zBL!iN7KAlc5LUb(EKv|vvLLKfL0CTesw3|nsH7mQ(t@zca=`NNF~D;97`q=d$M5_( zyuG`qVASdzX=*W^w9Vu)V^@A4?5Yoh9moMY!3^7`FQ`g8rPgS z_7p=7iL&6AzvaPnw2xZ)|X|2C5Hb&Zmn?NdQEdo`66dKYd zEQ{dVj>T9ESsYo$AJ2p$OUnRT7E*U{Kw-r=fS_oh@!N$)()jygaSLN+ zzAHaGz5^dJ-??in^dXmwg*s`A4)0OH<2#$Lv5#gdWpuG@g;-hN=HF+056 zB^INORkT5%Os=ovHWlXryKb8qT1Hh4BTm;mEYk5If^#x%y6@(Sz)y9lHPzK8g@IFOGEYsJ!#@;ouDP`@&GkcSzlX(-fWx0CV zI!4XNaRxb;7lcJ8Dx^&=XlmhTZSM9P2Uc2d?!t1nfsumxp{5)-beGkV3zoyD)iXvu zo}fLKGF-LWwddp-cgxdRP+6iNtYmg9<=?H57WsJR5TFYbZ2o;oq#B*N91_~y`;rX% zr!Jj!XXhwGi|EOYWww0mqiXKdCMvVfU$ff!202`Hv zw|F0{Hvbl1l7p?g%PP&GEH~D2#Ixnk;nEy9bk}lSb}WZwxuzn^8JS`W3fQA>V&p7d z%Hh*m@`7$phqjOEq~$uOcTNuPZpn<3Z{OCF1D0!a*9)Y)M|ZItN^&|2y2;JvC0zZW zi?5L!_;ToZbdnOB{ESTk?QS`7U}R}IrZv;7+BHfNTwHY=1a_oNtX=c!4BjuvB(mEC zwAfzzwo}p+^IiS6vyvUF3S6QW?o##^S#fQ0^CrA)HKCJ(4CKKKwz{{?arNkqwC!5q z=>j^YJUOiJxY|!|L1U;oNITgm&+X;v3&LtD2&*gy8*p=2UJzDA4p{D1QpwilSiy3& zbvIU3L0Ewtu-w`RvaXtCu+$osCHpwg?KheV!fGi9tGyts&VsPI3&QFt2&*d>EQhu9GKQ_) zPBK@Fro*SLF*7q{KVCkT!8V?`el;|SUtkj}>kjpFzq{2{50f%s)q z+_Zp?4;q8o;<%}!g6Ty9_$|e0QrOgMq=;vT-h?EaTEjdcGPlC}ZUg44+{M?s_onmp z(4o8JH3}AAuQQP1>zz+I_$pU?;WwQxB<08#PUEg|>g%g6zW$0URnzoUYv=1iCtp>H zFZ`zSg(MHYP>rT-4Fz{tM-I}BJ20=4a5F^>ah5+q-CA$mnaL1M>Km3_63I}6FrsQUn&evFy!Lpo!#w8tw#6=K$#J3(k9)UlEXX}r@+ zypdBt@1tqi=a|_KAX|~esqUI=mH5s4_dLihH}SsZMYhw-K8MJ5^u>rJ7FkB1@FO3R zg%h$m+PYamZS~CfYQ=vG-o&v#Az4<^bEso=jD8}01Sih_5hr!aBvP@sh=KbkN$h_I zW%m)HcvPknwzwb9iED5Y@p8O{BCGhPL*i_{9Z3c!CH8cIFsbE4DkBJ&5VSzRE72G4 zf0C5j#&*!Ufvmzj+s}RqDW4&Uj~YhEZI9nf-j1&)Knvld#C6aingnc$tcO|%J;w3r z!x*8MpFngpj)myN#6NwJ+TGLP=BN3feo17$`Ya+Y9{0+|;fDBtVnJ~98Y-4r3^hLb zY8=Nlj+kGep;gNBy}a7{V%!Fo-ri4kwf8wv8fg(;hl$CHRBU}k$m}cBA)yc@4oQ>Z z+kE$o{mY%+@n6_gqEtv<*QhUR;^O!n`pX(R=pTgi_a5|R4ZYIwZNcbJa4oK?Xk3fL zsAxXf=WA(RONXrDrXBv6Co0y=BY9=%CH#F%Z{m|6IYN58dQa3Mj=?YC1UesurCN9Ijs9Gyftq8NwB!R`qaiX0mXzDUY{kxNJ4E9$nB&!SJ87RxlgM+Fd!%f?Ng`t+pdG% z;uv&^;_xxg73WyGw5#T~*wJcfesQY5?GvDfg5;2)qcO^8-#X75?Kav7leaC!#2?RP zAbBie-;Y_tAyQ4GItD}Ng-oEvhrEmWdQU|YxcDzdbtwABCy=5$n3_@DBP;RCvWNh1 zbS2WWs4MlP&3UK0X`jKg)yeN%38)BN2|W;>UZF;5$|GdTY;2_6@mqNXI{<-7|S z$DzGt^H_V7jr|98gulJ^pTfw~GF}+h{o~4T{bBXB4H=aBE{`mUUfHyw5H7|-^4YWS zAi)eKb}0p{3{rt-R7eQo=4U*uaSae!ns1)+ z?SuSl7>^t+-4@tOl`}q%{Dgl^EkuDHjpz7gqtGsdoCTq})!&w^M8$;}H1S1{hx@+8 zXge05;Xe9*O2awo;re~#gRh}{oLrH7o7V7k`LKt7MGI2LSK&V}u~L?Xf}MPf-$eNl zVrUk@wK1H*H!|RCY{l~GQsPymMmpqMb$8+%g)lK9k9$t1o|vZq!lEbxguMbTg~Fss z-~B@_PhR-oFlkB>=UwS((wui4qdH9b`s3K7nHq+DB#YguSIZPH!=_$kyhI)pP0g^^ zzv5O_7&pUSZia1SB9iTGE1B&wE@7p#wZ@*ufB_x%QL^~a6`rhf-V==OV12`}?3kFM zQJuLp(seTYv99t$C1^g%19^Gn2>a(y>joNG=#i-7dugv>##LxedYFNaqvJ;KSL0#S znI2nHN4#U=`{nv0-g@LKh0u87SxYH&%s=(^O_!r;=-cUV zbJW*JBi~WW+Yt!8PK+iF0YFS@7^&nANyGFAAKwwg7rx`)=UT@{#P82e(QSKY0A*C7 zD4K*K=^-mqeL;r@Lm}wAGQ+5zRt_3}1!xQ!f2BUgPXAipYjplIsND#PuzfZ@>FB&1 zok|i4O4&Y?r)v&9R+qfWJfV;>E3%hqMlAE(TF-&B!F_E98602BNZ<0~D$3aSJxWZ}mTaEU8u&S|STg zRHA_l@gN*Uh#}t;m0l)?t>ag*`dPQ*FiOh zWti2tV^Q6SM$0hUVFZb^Nmvy`Nv~!Bwk2gtn#KlhoK;)Kjp{&Q? zi1zTYWNY}gx?B)Uax+)C6>^%Pd?lZLKof}`)XWaF>G`r|Xr_cU z5jy7I#xa^Ry=rdtgvtbi@zUa%2E!`}CBd))bgH6;c4Y^{E5O+C#o+kxhso{Tr;wZC zmzd~1iX0zOBS@u#<9y+`zJnzxuEQ;a%6QcLQQoEiPV=s@Cy)LRYV7sXGuGHoHvNBF zV>_@)VAj~~BUFvOgj7{y`i%CZc)H`mtFf}9K7<-ua9YM1+y0mTZ)@zdlWaA%WR9w_ zqmim=OrMOO6bIkrt}(1MHz%>}xkLIfG|wB*G`Z3FUaO-K1DtqKOY;t213n>w;~?)w zE;7_{>Tl47ePUw-RONm}Y2sLh84h5ku7*MISj+GS!WR)?gI~tPJs$(7a^u2m?`~e| zG%qdImQpreYI5aezMYo?a^mGvnwJ3gY*#si%%Jh5og49o8{@;;}>Q zx1m+qM@0TLH4N-u6PP}K(Eo#<0-liRJsc};MpNSuSyzhUa@s_sLPYmPIm7BUIV12oOMEt-}&jNIT!)7>7l6HbYh zj3TvTm(7i174sDb&IhugPk_`v--hD23;N&GhFY9{2Sa3s^&iEY!-fvTQm)H}##VUN z_aro*2Nv7q6YrWdt;${DP19%b>0;vxjN-N-H;z@zM;$mH$cDCs{}ncL7nSnw>4$71 z053oE*B_|*p8t2VzAXoE2Xa09&?Gc()-+#DnKZ4+4Y+A$@0I54Z}m#b6JyDD7fC~& zeg5FpMTzstE#uC4oj5UqS?G21sZPk*qqouS|7y5@owzdbfpnem*m;`Z~Q;3jMp>-CdOC^sn{#2s#6l~+)(C^lvUH;jJ~19F(?CR(Dx z8tw)xdQ6Nj;!!%xlQ)UYFYmucy#0p`Fmg1u}Qk^80LW8v9 zFGSsm)>3>4FU4<6d&*H(9gm-Sqgx zY6epAiRXQUWrjvLZnBI?J8t`f8{_7VEU!4g*6rPp6d`ZCsb(~$SOLu3e*Iq~y&xhA zwk*zTfHNP(u;k$g`~0jM=8L z95H}6z9mZxpwnww?h-11yF?_HYY*YCBp^9Z@@_EzOpHH^B*(VGh9~7Z*%SWo&j?%v zA3|;A6(D`f4t7}Kv>vX8{B!Rv8aUdU^RbhUo^vNIfdd;+x4%dB?=yg zf&)%j6VSBnvvM0lX;qvOPa){QtG{vM=*mcmJ9Ea-YD& zvPYpjSg#rv-hv$NJVs#D_`|5CnBmm8aOU3ZNb?>S9{o{R0o7oOvj(AB@VE%A2@caE z_TSQ9=KkraLq8a8s$m@q4L1-nYRcJ1>$2VX6^?vm59!|*g$FC(40+0g5s>s3(xxc( zk>bNBf|~r39K%xtb%oF0_9o?YV5`(<#Xifb6TY&8db|Zs(p$>}op?F!j zZ|V#^ZbaTn218ge3K0`uC+xWHN7KNV8dnn&>}98Dc#~iJd9J+3QDSD2fB)X z2>OQvZSXsX567BOpit7e*o&3f+#-H+siY+?l_}j~86FZ>xMXh;|3#n~Ws8X; zh(gBvZc%LIYuO*4PVI?fZ4kCXMqz%bfhhYl8}TxVE!btxViX*GOg3W1q`M5`wJV5% zWf*TUMO5{Jmrw>&v;+o(hi-8u9y~M?6D*iR+Bbg)cGVCkmEk#+V{BbL-bA1DZKO>Z)7J#e=72E+x>6lDCK?(af0N zEk><;t(hD5%%BDgi7boIvC&?Znbb8_~1Nsp`7MKp4g!ruuIKV0UrJ4 z5Y3SRqYB*-Mr3jb&Fx9<*Ir4df|tcrcVVMopd=|Ju8L*#oDP(kNUK)aX^c_pp$t)rzU}RpG!g4 z^-Ojyg>3Y?6DVOfo~yK_c|n)u1znyObVXj!m6JicT5J_#Oya3sSTzMg2}cUT8Z8KG ztRSp-L0F<7tYkr0se-V4_&z89u|Y{eSfvGFl@)|lUJzDAL0FYJV7dGADqv08pSxPh zBxf|cW*M!6A?D8J3wSc%XvL0EPfecib$P-s&l7%WI()jnbZ}pv4(*oKrPC(H$+x#{ z$py>7TYEZh>5{lO>&&GL7gkq6SltC-^%R8Fn+ujhcTvW$S@ER0i{(;=OLrp$Va2_$ za?QBQq-X!9~3x$5lMUa4N3i z(Zn|F1Lq%a`z*dfkZ~1>bO!+!K=y{}Dlo3%nh!?Xtuqd}{TiD;;yL932{)fBwWSY8 z7!@m?Rk3_<|0)Efm4TG1+P5iHMQX<&Vg=J<(g-r!g1!BT#L=8)MxjCrXrKSeu!Q)K%7{lWs^w_bAC@4bW$yb5iaq86mlaVJWZWS!Bj1Or% zJ`LeV3IXvBRA&FFCf*~!!+8r%`d3)s#Fq`c1>i$%14sl}O+!#TT%jGbd6-880PNZ*Y zq=hC@1V}?|{Uo%1%_{n35_E>w*xhEV;~G?~Og96Y{cBd+p_TJ)>m>>utAEXe`sht8 z>OL{R+yzb|sb5|2Y%5kAYbn zeC2-(N69$U_H|u=r8a|cR#%#Y?3w__BvcIt^aail*1cPADnVUW!YmvTcA|+5ibkI zr&~(D!jJmU1W?nxANAsRrCywT4XMYB9)*`8uo9^x<%KxV4vtAhkKVo$`qt5-_fXTK z=+S1RruC*tQU5uBW{e*FU*P@4zu9a6P&-C!3A54tDZT#nr)0 z(zdz^!s^bBmF7*T!_^BsJ&c)cwJ1}&X&t0Nv4vxT<~{;Oh`%GsYf1~gh5k~5o0wGLKH2A$@2S_efg(mTqCGe%~P(qrXY2Psy{ zBV67ghZ`$Z5S9-b$iJ+Tg0M;p!Ya!FOZ9cOR@Kg0cNn+pmMyz`X&tOYIWi@~?tr6K zX(*Q!+GRQ2jFAsVRg;zB;3$w6bSN+An#|D3$5e~OMoe$?1h+a>yAEBs? z9FqurY@$4?F*<%2QPba9MrrOmJ`+if?<}u-+FX11D>dqzzq7=ro025=lFk#FN5t&? ztWz8{JGT&h`u3crq&^MX`<~fo51l-TSr#u_RiF@TIvJWZ^8-JEXXAt;TTtL|Jq<(y*cNa?-Zr+Gb z$QDu#ohR;J@ku;tGoXV!fA`0C>9k5Zdi&;sk;k9o^0C3ZjDaIMB?}`q7NX+RH*D0$ zAQq@cLH!we>}XsAo}*&F(TNFt;JI9EEf*K*;(D*UgjF6vjH6sJ!FkeL6m5p+brXXm z?h()MX%2ktK;uy;s>jzb8yP=CF+Jj;XD257Yioaok3ZMUA8g!%&M@T@E_-o^$PF#c z!@frP{u%;!ON0YWsYuO7nS9k8;2Wz6-}rO1^wkj@!{b@>sKx30!@G0_?une>wGLFG zL9KNlbM>93)2d{O^4w?yyCcDFSb9@dOOH`yvhBP2XmhOV-j5w&tei&Jj&?PgxwH(U z+%d-R?w6=FVlhyyk6@q7sNT33Yya5t9aYMJ{!2rM!iBGM)$u5nx1%&>K^1W4}5 zp+gtaYV@3|luL1YOf8KQx-2uaX?0%l!sWojNaq8@3s-Q--u47uRq3_Dt^G>Itj2K5 z@!75O8@CKrT$R1l8eYkAw3Gm2Xnh7jmjV)kWg%nn5#$EI=;9+v@qh-f_y}?{mGl7j z7sQg`;v*{X5TJ)jJYWd1_=qYzprFM^1lW6|S+?6oL)m!-NA@q9wH?&tg5{8OsY6oq zOzE6CpzG41U9nLRGi9v>EYB0ZK2P|jJmFjNgm2FizB3&@U7M~kd>3P6Y!O_~?$*!^ zthAQkt~pm(v4YAPDX6T`9LjQAeNRDHy#--KbHH+Io+9Y-*L?m_h-1v1_CRQtu9jw- zpH}~^J?L0mM4tMr8nP;euRxBpv#o6kU>G0{Tz(GBg7qpMV$Fk|g zZB!eZIV34b=Pj$;GIr4>NmghXvzRM%d0w1^(xF|p=GIP4F4}Q;>p@nz35-X(;F|^c>2eX;%N-2iYIHc^r_<=deY-e z=`XRTcrMN}<~_=~?RA(?@d z%M|HmX9YaI@)I-4(>e?8txtHzvZdkPZ{g~SN{KbO;a+LsYK5l6cTHSs2N*==wC{W@ zuyWaVK9u3qzVn>l@bbne5XYd%oX>we;}0l|_MOXLcho62%CvYi%a@rm3Kg}AW=WnH z`rq;U{OOsaUUR#twik-_s6NWj7{R+kCS?w`@$v#_)=aj$}3XEl7>7#pAl!` zr`<|Y=9>258WRqgQM-J3(89zbt@}!&CFcXK%7K;-f|k?VTuSV9tf!SbDi*kZdBMcB ztb7!)M`=5iUgh3x;aXOH2jhCgK^t^aJ4~zF)3h+<;`$aL#6qj*IG%MptFBW6%P=3D zlI+uMzJj3@9c#5Q`K|3u?qob!e)=dUWK7E0*YDlz-ogF=vFM`*bC zH{G+pN415;Pr6Viv041kz*_3G4M3QJ)%rN)5gHCn#?2Yi9zy#3!D|*s{D{P7-^v>S zMTvu;zA^CyT6ChTd}grEMJy37Y*GnpunZc<(k|UFB!0UW84`JAI<9eVy*)5~8!{Oa zXE90-3g_)OxRy=_9wFuumk-nsseLM_F6r8^T6kRk+#)7EJ4;0+MKM0YA9ewDvwiSO zR7@LS8;t>xF8kR3nYBk!xoB?1e<025p7ywzLJP6@v#sabTOze*-y3!I?jPXPhD%f% zPEvce`fwg)QX9@6)7fS*t{4hZ)MqW$!>7#zzo?+osDjXenH7YQWOLHj@KO1rVjO*; zX>xg$#-Z}2vnyxmUoc^0Of-I}N!68sa5KN@;=v!*tHo8oqOs zcWd|{)Geod$UlL))x!FYWZrFloocWyX{&pPK8!0%@Q)RvZi!LPWw!Kk+jE8Oxl%t5 z1*%XD+=r62{R>Ot3eBTm;59mF25OXIOR2EQV9t}!PK}yU?ku#W=@!LwIKOO?{QOQh zbki^KqHkLd)}tmtHNuzN(*s(zl!$z6g=7562sNl{NEeLDUAe30uy3-R^Ly!?YFBO) zjtPJ8nU^q-I_LN6>)0`kp~m5i7L_wS`&LgQ90!Wf8%`{R+D0I2@#4#U{_vkZmd@Ac zPh95@Kf^$ZuiroB;HymWgHF!*#FneozVkJ58m$7h@O2N?h)ghMk$pd3WIPMf#MSY?s1kbQlNzbp zx|=2Cvx{}av=SQrohw2LoW@D12)Q^ZmCCYnf+Q#loXDP#ZVJUWA(0}UOi~}%Jm%sA zephp%C~8h5wKPu3#U1tfE^n<9m=#rxR&m`o|LsEd>TEvs1m_5XWTao(Y( zRp`-LQuvW*vkK>Y%|2$s=qfy1!f`WVaS;uE)yf6>7d7(g&ICWp4qx7K+QSdhbnD82 zk@D~P#O8;#P2eW;Wi&`1h*QeFh!c`|ZI5i5Sl6?*$=6T)t|z1p?V(z3{o(aEaJ}m2xbo&wt{YQ*f?qFD50p+ZAJi@KA|ZN2};a zL_%D=O)qADS7hGo`U`M{PLPA9JZ8)88W7*ZY{NCdC_C75-NvH^#R3aoJCl?cJ1A%T z_n=@^zBap*=rZxO-kf(&${h|`X165b`yT0*W2#!3j@ItLGU6x_Mni}vTEBIg_!7vn z)<{WoCjsS6jNmbb?m9NnP|1b_vltPFkcPv-k@C<)bu58VB!bc8BzR2BWjf2E33Sk) zl=)Iijgl0+cWbD5^E0qpRY|T^Vv`8O(W;#Hj{Uq0BG8KHSuic7H%sqz$hAh+As$&n zA?gA_{K^XiXUQ2Rznd2bV)%#UPo=5jsTlr9iN8f22~9kOT@k4zT(okErKh)vmZ_(g zZF(9NQ<#bpdhF-i@K71{n+b^rzM1eGc?qF06k7kiZY|VfPK@;E*1{ysr^Po9B>mAE2Q5>W zw-zSFS*#PzNWyq%(alyYH+8zSkV-(&GOPn7%didYA#8dL3bc@`EZ zX>-F-0tvRKlItuj)>&Grvrulz^g|FBKFFL0G(sBkv4Jw$*k_AEzMcm}%ipX+4XJIF zoNfcPVYpnwKlbPOyTfjo6WHYEr@3z7B4J6^4EK(@OR}86?H(o34Bm}nHGqpU;7ro0 zmI94i)tgwXba|s0Ow=uLHCYi=rR^@ya=0_``u*F?)k;+pa7WHt)9Ohp=$(iJnVY;d z?Of6q*=m<*99P2zblUp(G`=*gqlTsiA-Xgzf)z4j@jO_}B5DWo0KJHebRIPWx=-yV zR07|prq*1{*eTeJTtO4)Q@{vn@Z#;_4;gO0#sTJ4_Czb%Rkvm2Q`f2y<2pHxNG^C#J^_gA?FtJYZmRS((sY;$2*=TBYHq^)Q`Ut`T6duXS>D10YnXiDq?(fkX$r`JjhE#Dd_K>pm?L z&9BuFwk>0A!HxR(m^^+*<2LcFdnP6>4L5I_p!jc!2=OK6z=F2Gg8mzIl0=y8wo8p7 zT`Fz>qfkxgCT@+JtePDT@`{gXSK}p64UM?MbmJGSmQ*7TiLrL8V7hX`rod>CI*u}Y z7~aUSTpYjY)k4ut zm`ZW4Mxa`lv2r^~xmk*N)=x;m0bY|f^OmzEgoi+bX-ODtOop4c`x@{K!gdVD##Jy- zQkw?8dsKK(iW|@07J{8}4n}Ztt?<)+xDbrhbOe7?q;A|PBlvqUe#0Lk)aNr0zx0a0 z&v;xCg^|ZXI7ehCn4rb5getL0j9-*K!BsU@ip4M!ObU(R3p1))T$!R$A+tMz33D+_ z>85qClt&(Lz~P~Q0(YpV@!~X=0^)oZOTZ)}va^IFs)s^Y>PGD<%~yJ{P z_Td!BAeW%h{662c_xqmroSc-3{^tMupXb--NzeQ4>)LCrz4lsbuf1PiZ%~pKoy21> z@)gRU=}q@jL;|@VS`D~HK1%|h^rY_-Rs07QPm9_+?>L~NT-26jdqMk-!@dtn{0a#N zMY5+L>fsK2V_&7~wi70*I}M>HeJ_Y$m^LwH0u^1@sH@%bxcsJAWUs|iG%sYdX0W7a77Ry|BmTYsnLVNsIYFF7^Qyw; zmCGgXU&X^C~eh|e3YBk)cA(M@TS3le#q7f_(;MqU@(lLT0sO$mGrJ+YWwdlj3Rg*R;!h_bUdv` zokZ4PlQGRj7%v32V=E9=NCv)(%4jtM>-Y4i#Pv!5 z@_Y2QBa@vVsUP$keaRN#_KcO2N_hTfV}bc_%xBS>BB2=<4KhC6kHnHRG70ErUN1uS z+0n0-R$6Fkyf0P14gZ%lTsWsU%@Mnv^j#u8>lNR2t6vPJ89;TV?UKb*T;X)F3Maqc2bQ4Fj@L@^M;l70qx%leDFl?9&e;x-1JN~NNeMTadqt20|CHq3!mlq;L^5ZgRh;GW=Y3SS z@LWsa{W_PpS3Fc-9I6+ozlHT#AA)b8t-}l1LYsw9gtS8ke=* zmVT(Y@u5`xG}d+#A18pSM8(PAe<1Nu0S)SQ85gyA2}TX3k#2gcva_fCu$0GhshP%F zsc4u^+DK&|S4+kV?1(MItP?Ams*)(QT!luvWe44oQ-dqNvYF5xH8hylH}KBpb(cO~ z`rPd|SqE@}&eCc!85FtGYy=U%o5nJc3SFkHRIUVZ3cg996e(Gc#PP4h6>QU|Pgu9< zqm#1#>ZcFLNOw}NGwF32eb0Kn2`F4Z8b0;-LodjMb zIq5A$sz{V*ZP4SOgby>$x%;nzrM%fO=r-s@&i!fW{`2vOY?M68?G+`-NwP6wxs4KP zne@iIJUU(LmsbAPx)&m;5_Q?!Juh@A2&A5Q>4*{h5c4^^ke<9P`)zznK-dx4vK{UN z-wL+uQWR4DI0pT7D`YQAUHvs?%XUz!4*}F?-*D~}c-g5mt3%%C8NE~-aPR$8tYh5H zNNi*#f23bn5d)8=Se`lM&5e_4QNb13IgzBQpdmeCWd>^oX=lCNLyJA>m0DR>QmD%f zva;e=E6=5y8ds*+LO8am@dZNPdeSS#QD}t~`e(v=tWb4RTeb`` zH#I(yYS@Jl45H`trf&nNRMrW!LgRYKopZDFy22LL`htC`MOS_5%Ds8U=z_tN9~M{> zX45b0Go{ULSK>%NUQJekBpA7WqseZX?00AXXTHe_4}I=Laz$k4&i}&b+)1?6&4lba zuejBnd@p5Tu$lC2u?{v0lRfFjfplxIc}MoZ(b&90c*$<3;kGwC4y;3NJZxKt#XAh$ zO^uHy>ELVLC$tvQ!MVks9o@nWDriD4kKTUIT)~-KfL?1oS07D8e!FQvKnmTQR=OhJ zMTMdJ4nw!6?|04|og1OMFM)2~OCH_!o=M-4=iHhC&IQl#U^I;8?pok^7I-{=6kdta zojuWG^$))M{AxG!5rOqwbK`U7Bzz7xUsjj3<4}1PKD8(hX@zO1 z-MMcw*hd&_pF8_{bFM#l1Di5pQ3)=l+U^%S^-T=e7yH5IoY<_^>Y@ zhPMMS7F*s!q?Hgj-At5dHM(Sz*&AU&V#jAt81u43Df-=mF@oG2ss0*eBe81W^Mq1N1_M{i7 z_9Cl&4qsUY**AjhMN`**vk=**y;Okgw|uwVR`K<-OCs637zpk^U_n6g!rrt@J%P~e zj@?7FWk2b%i;m8uFY{>ab~Pk}jV8v?c7BF1;S^rgw8?Fo^fvNt#87% z&onhY6BpQ41wKWAp7c}vJrT)^XQr;NY(B)gjuvH2xx9)4ll8+v{c%gy)waH?e)owJ z)zy9Sa7D0KSI;wzb^5eAeVR`3EJZMZh*b74vf=yRq2e;vu}acU@OTeXfWlAf4lP+CgSEXBM#VD% z=qdX@w4NA@;Z{LtlxB`32cy?8nAr2c^fAvv*l}j05}JN(^n$w6ozM4JXmJxKlE+mArn}P2aT7iw&AIJ?0126iC?Qs(&F8-aD?I18Pr|f$C*Q zo0-D8VBU0sU}n)r5DwZiE}8n>ni`*qxoradX6HjUZ5FYX$d%aP{yQpM+5CJw)`$RB zBqD%7(MrKEzuwdTgxQuT*s(ytL(I+9xF zs#?>3YHIvbS;H=*&B5rT7cRi))|Lmc4dzZN@FLBNWu`2$=q9(wcTjh}24{+@4Q{|J z?`w%dNM#3L4KOg^E3%8poeP(_X}6#U z&N>Fpvisa(6t!5Z>4(XD1fiI~Ou$MW?4{DH^Qb)U#6)41nF2I+z+U_rw8QQ+gm7eh zRG3PCZLSiK=rwmU!~zDwU#<;n@gE6diJJBf5N;QInd<{!#MN zq$*?dNe_6D+NXRl*vH8F-8W7ytoJKl&pUd2y&oy5$Zn*vO{`&~Gr$hxPeTsU3SrD5HVr>aW|37%D0#r=;!6RBWYTs)xa0h z-ePz35@WfA#;U>3g6pA4g|d4K7+XYgKa7DYY+=Z4W*IB=7&K-7pe{@e*04d_NY;D> zeiRGcVV|H^jiPdaP@WvgGnj^cB$bzIcPufQr^!l=<_KU)u9S=2+-q$#tu~sffZi~g z-0U!v#Su-;!|~Zf7pdGwM39LMhxVi|6>2Uuo@mTys$OcBi27oAUxB?NyYs$+vy#&# z+G{EltwXK`D=jHByl7n}YdAYm$d+jR$^~Au1~(+|Xudc%uBft~D8BL&v_PRgcbHY~ zZEAef_DH!n5(@Y-D=8CXbg!4u%V3XGR_aSaxSEVMp;REFC0qw$;VOS9?oPG00)b3> z90ZSjkkWZq2%M-qyled1<-XlLLV%#u%9Z|x%N0nV+s%&(H4LEK&Ougw4Zbm1wG1Z6 zW4b!RG{@S|DqfaG#U3^j_D;>>cI~wCqIphyLaJdRF$d*xaytf^%I(hss7~c}kJFJG z{y-;E5{64el1z^J^3kPX>+n1PgN&Cn5>c2k{&*jvFbVK zr#=Z@^&H?_28v*VR_XzF4s+31qugA^z<@u_pV8JKLqEJou7WWW^tMnij$Atl!klea zn*Al4aUv*U)#U&~VVtes>yBggCV3DmfR@rxz@}dQ?qI_IjmW^iEo8CiD>&<5`uHNI zYcJBi1`PU3QbT-p{y^hbU)ZeU6cZy0|NmiF+*0G&*>g*c%{AR)43~$iuKsmx0>j4; z`D++HiPV7MD6D?SRXqRyFpL8Sl*+jn&Bu4d@Y|~s7#{de!0-#C1`J1s9fsTu&lO@A zAyFvNio8_K>*;-qE~+B=Xe&U7DruV)q-o^&(K?z@VuPE39TY?@$^hQ9S7#`QES9rj zB`LUfm4XUSskYU);NDf=MDoiTTc|&2YwB0Ut4o3JYO>WG6|V3O9PdgMWa(VMQYU`_*=7-+vVKN z4M=`PWJuYMqvy8626%zskKBhy=XlNO3X?>k6w)Wsj2@#9u=wsQ$`dA1D#~ya$>6g? z7*ZE3nYgxc*nRZr&H1xfUOttonSaD2~dc`3<9C-Am|VI(>hYXIPW{uwee?-s&}F4BJhZmp@0C z&?W8mYMqBa5-`gO);4kvq&R<`7E ze}RO(*%;AwlV%AsBt$EPSu$w$|3hN<+!P8tNr6E()lU*kXrHqmXD!PccJ^C^wjVg` z$iW1a3L)Av5HT86VQ%tHBuSyd+`YG0cb_fh?z_d@{kNFAUs0~t|6z?MU`308Rq$MJP9RX+?c|r**NEkCOvDkSw-M3SHkx}9$IM9XBNV`R zj6`3OsP%CnbVciP(4D!nxj4;56KUb2`})B@q_0D_s;@);A$|Q%)z*ybH+=u-@5kY9 zM)g%BkC?;YwB#JtAs#vKJTKs-j@QS@Nj8XPNZ#6j<4W8sS2#zGDaEV!2*oH~lGg5t zL(rxtPesF^vnsMkW6_A1IPnm>CLwH`&igO{X^F-l!} z&%>s+7@oFVC$Ay6bkALpk#zcfpwak@QJxFx)`%nYr@75ib$h zV$B;A(jBc%HIYT4Y2Y_)ZTExWu{BmfJLKLcw!ElHpSNU1!(ptL%Ov` zyGXdJ*~bf;;RB35W!Xmg3K|yWsSD+c8@?qji_eL##3??&x3(zGnP1^fxzU&`1V|z8 ztqgI%arBZjFig)7y%cp*5n@zN7ChWwGLaH}Za&0rP4{YdNR_ zcM72$%zaEPM5t~6X6=h;VLPSD&VCFE3_CSI8dqWm1;|y9%uK{~i+mOvnqq2et3CiG zk`c`b$)?M@V4Z>FmwuL<$#I$eROXUKH?se@)CCnb4nC&gsVXq%*SKR(m9~&P;Bi^@ z1!EZ|?M3@*)AGSUpJ8|NFx|lVOgycZ_pj1uYTx`H%?Mhz^-Y_I6j`ZBpuiBh$tXVH zg^4y1S3)ekT0}>O?HK2W^))XRmQtp}9e8*QoEfi#WB5ZTmt{}zFfMhQ_7jZP3l%KU z6ZsBeb7Sj)m6!e%&@8-a{9Ub>sv~ycmWnaE@_-*?4v&Sp?dW=))~dXvZXtR>S8Z8U z_D&5><=b~ng#wD}=?|kOYDmGQiuEaIrSg{aLN#^&i=m-hqgv+{uP^nF(S68YTm(Um zz{~XY&8~dQHC13#RoK_~B)2b6tRxI&u7#nPlJyTsFuTt%7r5Ig~4;iP=Q9 zr&r_l;_`vQSb)xK_=3w|peoeTV?L-QOm{dDg9~mAU)=!#T2dxbUXOMFBQCQ6ZuRGi z4%}!`HgT?~>!&#{IhP_i`GYxjvqIrq(LP@?$=P9&v+!Ke*EI=(0AO6*>f23!e|}8* zaN}6VhU^?dXZHPmvQbyyGi{5a5W8riE7fr57Fvoh@w8`fO@c1BC)?Q(YPSLmt=!t6 zXBgUv?{W|RZS~KlJ}kAeEq!fs-|}TYc_aV?aNM zs41co3C$87Hk8s`k~mnKkGE5NBMQsLY{%B&0AMx>2f6P6`4|ZB1K&>eNn|!rR5oRJQv#?&$8V34& zrN~~%OKS6hAVY65hPYZ&H7UH$oSBy}V3=>Y-jw|h6_P{ix;?aZJ^_$}d5+U#p7eP^ z?mPI1)rD2!05t6_EY+xT`}lo@YRA4p)AMJkkHzkkGm*?~>7{hCv_Lxh_WnpkxCu5# zD!(y#G_Yc&{IO6?jVY{1wmmiV&dTQNR6h#*3p2-09yEmhJaQF{^12i_E-=YH%y>t+Y|gl|*ifI`)ys_+w*nv zE}TECPxM0GgaEBDR%=Zv_+T}^*J%QKj^ zW?_ZMW#gY~gkYuj)J#i7_D=rH(?1TLBi}VV(uNV(ih;vXaydtzVH1Z;;5?B$9Q_(X zw!sU-FrA8b61dbgDmc?m)MsdI(9Ij(tkCLw?uUHt)0X@En?<>%eYH0{Ww}=t=e{ab zMjI3#E6&wE1-VFg`dwd~yTa${jPRhlnvW$FK(*NCK4!T)`drC+8+xu$XNTn_dCYrB zeCk)cm*nhj)8G5xpQqp-4mCA!h^X-y@ejQ7L^1EsMW1^;a*lMP;`2w+k=BmAbi1ji znTp>BAtZrWnCud1zakc%{c^kQ%eeh!C`&S;R0if!lbJh=H{OG=*v-qYHp1rBDqrRW zLPn#J(pAtdL|=LiDi*3rbK^!k^}CVfE&JcpAx`~n`@b)WSto@BjQ`hb6*43b4nwl?+@}hRg1#vE7$R`T zDN=R?YaRl3{T$*w58d4@`GC+3~tz9{1YTZ@m3*IX!eU-Y()LrF!$`1>;+tLfICx%tGFq2+L z!mZZPdX0(~>*z0VA0s*}Q+FHXE~D97$-6vLcNzU$&WO^N={=0-a{7VU%y|N7(MMQE z&v@NtW6ZU6hzM^RZ?oFwR#SB6Mw7et2iV4k)%p`iwV5S4>_{U`?oW59Xn0?(WcS*q zZ4xzU(et6+XL?KWynoMejEtjW@!3KEF&SRz!@l)8(%+h1DK_?plIvCiFFXpoS9y5L zb0^C8L$VGebH8?!d<4_}#y7saj&Uyo;ZQQYjFZ6=;dvHc^)r!v#MXL6#cEFzL!LcT zLy>81idcZCf>ItD6?eDK&FOa9gDJ-Wie2+9s+?~v%>CF{^XvRl<{az%(!z6DlKgoO zx}T~Q?y@UQPz*w-$Vocr;hx7}2k1$!#doE2XRq`t1WuK7m#5!}zcKoCM)d1+!~YcS zOaa(4`QzaCR4ZgJ9j@jSqgkh^O>NU_O-@8Y&HS9%!|A3c{h-8)cZxr^iXiuz*RUEO)yQeQ&HupTLrRh zB06`UPnsW^ZBIW4y+3NK8^qSTm<=(~r^?v-?2xjTjBoEv_+ffb^6vw9?MOF^T< z%N^ZUZn}4L{c)}P{`Lk3bMYa-8_6#4G&M)D))k+6Zb-Ft<;;b~ES8#85am#mD z;m4AN{bGM|iNaS5ai7`ep;`;6~Cmwu;%zkzN+tE!8YjJCQli z?+`O(-IPI6@Rxp!V?ixLO^JZ`!I!C`S7G682iE|9vVRUg%Ok}fHuUF?$3X~IF?Z1 zUTZf-3knPa^7xxc0h{pAwKvqTu`4lh5BZ{btPD?xu<}rZl_EUnwPJk4UYuR9!o*p3 zB+k0s`;Q3XtSjE+`l=NQn_T}f%fwl?>1Vd{$o%NDnbi$$imsZhbvtYuMA>;?WK`fH zsUe|Jdub7&M%PSAL&5}Q{kaqc#stxRoW3u&{g^>N=_Z1Z{#b0Y+~}r69T6LJKibA9 zrUhltFDRi-MO;3Lri{FQgJw9Q^@)e@mL)XP$c~6HmR??ru{S?B3S(2OP{7!6GygV> zJvQOpW2_E;QH(K^NAUa37@JFnVF~_+U~KgIyCcW;3K&LS!c_Jt`Q=9~$r7kAdeM>$ zm-$K^RMKMElYW4|`}ymahK>(||2NwIu@>*{siFt(z|gYk+)*bRg5uWB5D0!h*|}Lo zna7gZ)c9c8`4#*>?t=1MT`gbn)P5_D076qh&x-+G79F36f_N3-usb$UpEc z=QWu=n|Mb9<<@F467NH+%!~H1V+>d9js7U|L6Vf-2%GnoD)E-zLBA>5xP7S-cyQbLJDD7!l zB0O$43bOPmp!Jk#tu$&XO+sIxt-@%tX=<8ShC&sL4G9agGfYLQ*z{>;d`6zQ4NWnR z8BySZc8-H11@m06z}D*#5wt*$9RN2lnOQ=~t*r&w2UXU`3Jtq&p@8A1)~QwP=;K3P zkiFG&hoKF>e4pU2&CIKz#bNhvh|5C9_JXX!lrTGV5Ee&2)9@?LioS*2e%^yfOYqv= zUlq-I;6WR3uwrk7W_UL$oA-;$Ciqa6tY_6odM-vW;NU%M?XmC{%uSP>;&A})M6+0I zKx=QK7#`LaP{zK@7vtjx#JV><{|IMeTbyULGBCfLrUx)_esnO8&hr)-F4XR zNSVYsmxN^>C=MW4paEyn3nISRG&|-S$tK&;0!eomtJpq`e5oIOJB<6G{2to0^h1s3 z(jy!$i<7(2m{YvS{pvMd>^0q141Crc+m(Ka?{;?_r(KDD`>tfVDRS`j3kQtDIAcWxbdIk3&=En$RiY61Am)dK(%?S7bW}p?(s?f-` zFP-J(fiF|x%h2gN*|oQ2pA3^Nmg7tQuo*n+g1#pd+9iqSg`hWXZ_EB7u3<9W8@AU| zE0XC^!4SX5bg_cosJ*R3L5p9sd1VDfltH(xNs+=UM~^7%T2gM%EiKXFHn9jn+SW?LipHe>^08A6b>{w;5+i<|M^XSRv=vXbt{d+~#OG?Di*-fGDmwz?jni`*tRBZRtq{#Yt3l03l7VMcN@5mHoA6%f2WaZY8OU z6X9??^N!n|aJb_7wgz?Q{zENBfpAExQC)_7Tgj}~+{cs@hro?hCtk*UCHTn*XMvXb zSR$Avvaj1bfXjrwg1bj*V(JG;7`bPnNYCd8OOLqEt1I2vo#L5ZqwrU!yMVki_BA0Y zZ43$^ylSnAG24l`LNvz zTLQXspH(+;JnbaTJSO64KU5G;+x+-uA5XhS0yL)!c5I-zF{5kcCz=RSS-y$oFWe0F z`*HQ&s~h`rD(HdI!5dt3)5c5pYSd@4tYCj1IZe(G*4;-*E!tTha;arFSH`?))@W*OMKdsAOt%K_(tpW zvhetN>vU4FEOzyChggJNSh}nxteCgQdefTEoawWyV0Z-q5i~Wuu5Mirs8qU6)bMB_Z^+jev>HysQ#;Prcx_sG$bV9+azzSFtg>Yt z1>O%9`kiW^ zsBqm;_KUJ&?5mO4G>^gXjZb`W|43UM-_4k20c&k6`OS^PsfG#J!^ZQ@x3yPY^PLzNhvM{JGpatX0Ib4rDWK|PQwC1l3I6BD{cd*i}Y zr|wl3y1E&2ol*;Fx|83<{C4rXl;3WCwdnToo9GIttSg}MT>+NwiX}XBC3e$J@9KFd zS*tdj5cO7Ly|pNnh8Na`+cUj((L~Zx`fBC3qp(lFvpxaO_X&KyPXG*kVxagwXRFVT zRz-boG|Qz$scfWM*O`{n{hQxUZ#m1u(*!(o{bOrE{{diu;II1(Pyn%q0+0g~4A4U{ znTA$P-Zg^aL=S~hfx>{vv`q1D227@<#=jXbnU-4rX7D8O9|mHu_)!=}!WaykFo*yV zyyPLOqQzA=O^YD94I(ifr2>%wmT8&j-wd!!OSOM9z%nh9{F?z*0Fl)-0)-KIi2Qgw zM1C{@A~vHuL_qir`jZ9dXfTfXDA1M1wm^l6t;TEL=p23`H z>GN*}bEc)=zZuM#mI41}FlVfBuaX1>ii%9)V&ILUcLk^>@T*jZFUV| zwnXV2B~ZD6q}eVc^YK%ruZ=2MGpZ!ILsec|o;4)Na=eB89&e)5&c>{n|3+QPeTmAE z?AxkZn^fzE1+}Wp%TO+J?mo4<)~-H@ToBcTvqm9L{W;)z2K|Z`J_o!(ga5 zd{SGt+tC_|&m2#TeLsou(Of@FrUyZ&qHg zmzBr(d9${6#`+4d0(+(3WRr5RaP@e1wVRIp_xDTxJ9=%c>3@fr{x@muS$bQ-jPdDr zec;8BRUIqmdv;#C-!K#^qimPT6=KX+m1dFWzFOG;sA#V+7@1*d9vBRwdys`~FxBuG zzlnV0V%riOh&GW2+%hDgSpm@QO#blh9%6;;rQdzv2va&)$!IDAA7bOtI4^B8?)OU@ z%btDjOWS~HaI5)~o+uftd^pQXb&W!;R`9%?JYHS`0FSlN1w?$<<&9T zh5`3OEd^0@4zUxMkLk5g{})jo{I&w{{KWZC&$-CBl00#Io}-#Cgrn*wewV5(4(Z+bU7g<}w?#inZ@x=d2y+;-nn*09;y+>Bnu)BIuH1;?uLY&TC zCwz!`I^NbPU7%^RyBqYBb2n+Kz7fg|8Q&Vuwu#_U&3bFsy)eO@MzdrhuFQ$jXL-0x zq-nuqBlVNb{X-XhZd-NHobIcx9hudggY~7AS5>5=?Z6|y;j8Yo;ehvrc63Z|C3YQ2if4eni${8m)M=^ zYRcmSV6eL?QsOzWT z5eSo!dvJVs%5&56o_X5uAgv~*J)z@bq4Z$b`3=2ROiMp`(J5^3Vz=2=R@fKKAD zZYZR!t6led(oU(W&5Yj}5y|o889P@X5kCgtGj;}@Gd@P%jGZUyiP$r)T1n-8qUPBu zz>BM0SH?QO%B{E(&?V+g2v0|}g^6&ImM)(mFNX@J{?@qIiR-p8ZSeVqP>W6t(`B)TVNFOX=1 zB#atnXVl&QsZqmgA18Xf$n!GnzDe%i-sU+`n}5Qu9NNq?+kT_lG=7&Z27Gw-ghYdG zRW+!0We4YHLBJe>2PFB~%w~0YZl3VShn1tmkv^ON7kyfY6n){IK(cRwuPANZ;Dp+7 z)2nLRXIEo6*0zoRaBXI~nCHVlKspbUo-V?ESgbPy>s+TEHrFCUg1svVLei?izn+CG zTTiX3fU&W2l5^SDGwC`?HvH*|(sOxqojiKiZgri!%*f>H#GcQ!lZE@wlEbugK`1(R zE2$=SnT2Qahr4W+m9dvWck260uW_(@!EM3J1!M{_WVFN|>&q#7$c?7;rTmLv&M*Kb zCEP`J^6Yt1{A`*M{bld6iYyn?CmJXNfWjYb-mEsGTT*^|h^+w8w|q3R(NJt8JoQ~c z@ujh$n3RO#gwasIP+q<=11GwgUO~WEo99=j>c7PG;ZnS$3&PEO4{YPp;q$oXecY$j zRL9|!l2E=F42+%=>7|Mym$guCc*T8>)HF5d6*RC&`qA4yg)PGN$=39eB!+DR%rjQ7 zkJD=qsC{NPCFy zAUdU@!$zHAh3pS0jvmYMp-od~*(`JvaZ2rD+4x5|T?52|+eL&k^YbDz7 zT6W8Kxenjv${CZlpSrFA0YTA=RCL8yMOVz2{2q!ePn6Ua{+aI^ZQWpkH85kwUg1XD4R()lZ9RP5NAzRLjq-L4}eT&*B% z4!WCp;p@h0r4hNGXKcQ9RIZ%W!vc2K@ofV$+WtVf4mbD0azAsIGF|v1=?7Li+(7W7 z18wGZK$$ME#vi2G_C0}Aaw{h@&=2$S#Eo0nhA3Qbj`tMPu;pbBFv z3jeKkJ3bNSZ)Nj+2EC?O)VH*ZXA1j9dn)+S{2%b=z*xHCp|a(>v|!)iD)o)|s=eZp zCBHF0fA3QHX(RO9_lk?acj6oKbCkA)Z_G1o&>dv5nm4rzl+{MoTp`_s?-*y@jA4u4 zn6GvNk3}+Xu1C(6@r4{neq;W%B0N}!@A4b-8pqt2_JPLighmWA(e1NdQmQcAq8YyS zo`H$2enJXQnVRuFDyYNVl^XS#;ccvBn2hh)Kc0;JessvNd)0_Zxt%p{bUC@D7RV7V zCx{muEB8GF{f&{ka)!yEyT{Jn9ud{&r|8EnwUKe&E#1d7y&Ij3pr?l49pBasM=f^4 z7Zk~x#qJ=h5{7u#el|o@GkFs%R%pmwgQLjU$>IXo4)ReNM>Fz%?{bjr>C$`;E(eR) z&2nq5ly_v5%m@xx+$JXDE4A>XF0wHD>YZsho3*HzmXJ5la_09+(( z13iAXrX%tng1QTV{oq8b-0gM5_`owEsROSm83i zgM?I3h{)Eng2K(V#0rtW`1CE#>J!%#b3(X8r%+Krl+T}NK4W(odR!szbY|a-d8cYY zN#0rg*HOH)xmhIxW+v<%^G;uZw&UeM3+?x$?}}wXPoYi$12Ee+L=04v8)p0Z(%D7K zS6DYO_{}SV$PJqd;Bb~1C z&w+nBP=om6_`@128IE4wHPQH|6HJs^NB#?xMC8A>6z`0+j^tO0B<5K-@|f?IyU!+W zmtlS;IA247ZkIxF;L}!XYM`aCD^VV>tEEG)hFzV-2;YfJNOn`X^cB6ry9Hq^@5>7z z1hhMh&M_&~z;#XyJoZeoBpDWO+mgLWd-nAe#GtpOolaVs?`Ih0Y*HrGR_@bLa`WCf z>mz*OBMPeBLN`}iH_5w&26YwvEaw54H%T7?@peEwPsYnM!4N33Xs1D_9s6G<`w`YT z-JHJ_-S07~`zLc3MjDL3&ddga!D;2^oyFvPBM%hO9xS4X$?Jh)J|0mBeTjltOS`pt z;GZPE%3>CB|7nBq2Q}iAcuFLH!%)^X!HmvbWPIKSG)(Dv6((C@iavMrc4gjvfk*5{ z1@23uQSURm4GF2lfq5T$x|{D(sS`jk$AZSfYyfl6)+o5{UOc|6>-_ov_GR9tI`9J<-zr zP4lFGcM5QlrLBxh@jIEz-?9NpL!fu4tl zkxTT<15MyP2rmp$J2^?DwBD=+^ZB;7jvn~vm9+4Q+zVFrV} za_%~fXz)OkbT~=!vGlp#eZs*)t{;Ic5C^hA95fIyV@w?X`Do3bJbm^ANKc=;mBZ+FKsS1f2LW%pu$eCid9%SHmFy39~}-(tEz1Ntx>Q}SDSKzZrvdE@r^oHkM^9>9P&sjRXb}uYWgIJvXi^J{2OM{1NvHP`^4UlwI8YGL6 zG2IN``z`$iYTYz2bi453F2Xy>jVsNKw^=A=r&a;Gn!n#qhKa=nsE!XDN+C^B2F5ai zR7&W8vHgi?njJ|~|K&!|9(lhM41I_C%Kp`mf@kmATHO`=44-(nP=23lKEy&JWY}o; z2-^pdw-nlOm%$wt@(zlg5m?izz8QD%!>EgqYf#17I6vClc=t%d-V6aB=Zf?*MvIm8 zRYU{;$VnhpB#RNCJvel<*7R?i8h<;g-irDvNsK}FEUkm+ZhC{y2w%^L*BXaCqNUsd za6nr(X!B5yd5)=d)(cIIFId<(Ez3 zyWlwrhOo<AIe=MVGd*H+eEI$hU}#{XTm#+r=Z4~l@fo@xsByYVuNysxz1Jp~5c zl~0-))d%tUD^^RG5RH97En(6GwWJ%k2B{!|`YD#*h1XZ5q?RxXoVEs9>z-+y^)xXh z-K%iThM2Q2ZvP?+S^8Er12J8^oV&Dye4T)pX~D&CX6-u{>{*Hf)yTGe?okug#>>?q0g zv4Dc8hZUq|kXjbjnJDSgx{bouBepy8?KUJwat71DL&+ww;h51F(7c)+(d)kOt@2cB z`nulqVgZUkNHyU9Z@kW(nJEXEiZRt6D#+3ql`Elu>d&KoBdO)L(?e=T+j^a)SgfO; z^=P*QBiW>eOcoXih1+~!WBckFvU&+KQfIy657tjIMy@uqNWqYq_9^_2^1R(R_x7Z5 zpnJJ0M!>t(=a$D9-y?J8vRdD;8<{yS)wV>G%zY7PHaC#DILiD(K66H*&OQ0$4+1bQ zar#+eKcUs1Q-Zsqe9mh9xW4UP9LX4&xgkkxm(WvAkJiD~I)z0IXpE7b(X31IkR(fK zWF&jI=d>a3zz)Ygywa#hk>pNTxQDz!H`IsnaWl_}%%)}fwbnb0PBX4d-d?^m%Ni_( z7{IwZdwhW%CMOEh)to4%TQW`1E4hVcrJN|0&EN7>`-s}+m@o{-U-|_?H(E|2M_Lf? z=o?%=w&IjSRO7=@XTddtdxTr{@ac-})h_;=%I1`nn$^eJPpTM64m|eND3Xr?> zMLG2*0pF8euHKf@PH^&6Hvh!ZZzKIo+%JZRYL{CVDX!mES^7vXHwO@N`Bq;l>Hd!^ zMp||UFy8<_v^U%U!*{sX%e9qZ*R|a+b$tVYh?)&SOh_Uidn77yJD|ti#^QahxT&3M zO;TB|ztH0ff4M_f?Io#dhMwId7f*W{?JLX0R(kB+3^fsom!yQ7?0KZ3|LYcp^wOkf z;vId?o)13x-^Gg8ZQ0{!*l!{{_>H{c1&ZTcggbL@6{}v|Rx~I)z1!qfFObA?31LmQ ziU{i!u*6nD?1?sbxf1l_BFgh@d9{9sAUMRUGl6#gh)}N`w-G8l*1z=c zhIJj=s9d?+x4BwxE`2>BaWs?qJgZfJ@Do#paDV>84*T@9AO?gK`wh&ZJ)~C?X0bCeZvR(G3NRIOFMVayD_4$3K-q)?Di%y>mKBxJJc&2JJRdf% z7Sk3klmBE>aJgqj%Xe=xMIeaEf^+4#hlsu@ATxtGTQTzM@7yK zc~sVJ;KAMSCGaY*q8xUd*1?cx9l*LRH0V!iTjx)_nKRCm$u+66ZN|G*d&rb;SV(=Q z-~0;q`WIx!U)J1s8E$a3=#D*h9LDkj03FHAQa|jMvYg80S3~caGh40L?i6b~bHS*q zoz=vjKWgUsd>gF4+Ii1EXR)CcFhC6`w$&LQN^+scDB8ejUwsx~>#OE6p==Y+9WtEd z#)qfz)c3Z0o~+ckZN}%e56|V>jIYI8pc;8^)1ThV%G>lzYl|{!+ZU-trn;39KXYG19ou8M(1gC5T_hpS0O zNbrBwz7}Wx(&Zj{zHQI!PPqlIQpPig9m^ZEUFi~ij{Ixrvp&)1wNvwbF624WqTJBu zo3yV<%Vw}1rnrNTjr*!E(ZiCchk1z}j!E?JA?rc8p$BuXXTpdiiKe)vAGJOVJLe?Y zd38!2(&u^3v?$lNlVi7}EU}+}(KV{mW=Y)lUtDB}3hu}GA`nNF-Ky6SFNSqV z80JVq!pKi831f#O+Z+26^5MZh8Lz$28ur`0^6jY%<09yqikZnIsu!-X)I3UM+9l}L zq{bs(AJ|1BmYopf>!Q!XR4wPIF-scT4Sd>{a09n|jgrU!{!cZWTDfAi-rcE$*a;QZ zO8BYr?a2>pYMflb3^ZlJ9%r!i8Ct4GNUBLz(~-;)1BQ{gPye&z(dS7tDel+cCHAB2 zqsWF5KG~}+pMFhfRt?ZByp~$2glBw!FL(e`wG;Y8fXFd7_09{iu>^zuWp(5PG$)Dj zu~+|rM413lj(u+tQBtQvlsiRT_sOG$1A${W@F-qlKgym=wz!e}fM@qfcm_sRO1zjw zC;aBYXT#=oiLT?jmU1K6Pn%L`F-ydj%gsFO6_9yoH^afrtR#8yEp*A;%;e0cJZ@&+ z%#La%+S(0mOz1ZZnuAI$n1r!-`nWB9yo@lYYqJ|oOJgBlc{I?Q1loiF^8+Q@ag7D7 zJcg(X59Iu6H|eIZE5EVw^10T6ppU(_(RGNn$yOctZCNJK#a_W0Cv3s)X*tk$-tQK_ zl}~&Ri9P9i=u_&AxMaZH@XOHOhRVxBQ2l`4J7EiCLs1k)7qhLCYF+LJD|OeNkNcXC z&3LTbY+!V6%4e15&Wm=C6i|0^)LF+xvl%f>X(Nn|I($bY_;8PtlRx4izG7uVtktw7!cY8Xioyyhw`zg<4ua)yDOMV{h9h^#^&LcrVFP81mg@?~Za7oJG)Ns1p zZI_p&a5JreG|xktHIRnAZX3~nZP{@LWp1$z$$P*$gKIXL$E;1!+2L7(eDMjGUuLr& zH~W+3W`7c-4n=Nu#p~n0dYP#_R7;mnCcGPRT9mO{ zo8RwaXe*n4p^CPJkDEW*LfOb5n2h2htWlGVHVGvP_<{c73x$~q|i61!$sYn28 zrhYva4}h|tzb1n%B+uap{((eyTF!4?SB_bLgKqP!_9D7>y9s~b#owx({TF)R`AJ1} zJ^}NFEp*%N4^e@aY|=(tyb`~|a#;I$?TY3(B{0B*CW#Rr&?Sxt%UynVkKiU9d>d$< zKVBA1^z?BHE-23($Ij~WZXCOpUKA#9`F1dNHeF*NPE zKPYv?09mfZzI}B+K&?7GhUEak(rdT$RJ?r_+JIf(Q>Dku@;=IjDz4%MN%7@&xlg;l z$ETf+|L1unr~5JL&GFvb!e^MwwCru^3QzvVqIIr(nkAk8{*3){wPp)&&=J*l<>F z-3f(V9aXw3|78xMi*;*H+*fAz+P2Lz+wS`tx_jvGf|1D$nFn$r#)Ti5Z8{{oGR_SB z{8PThn8P}!pr71XTTx|dTm_)~p1@MW?-Kh7_}Yb1D91i$wSL@@PRg;U#r)KSOw3Qa ze>u$0a1(?(=F>J!(SKxtMSP*hRqqRYfrPeCW@9zXq+R2J?R9cBRAJG)U5W4%!rKlQ zghip2i-ix(7Xv|YiIM(9Yj?=48Mij6pqQd8yr#611hAN@Sjpzt%Y zwD#3TlH6b{#iUyUY^4WwA-B42-RPd)fzkEaB4lEs-5ZeYW;trDamPNJ)dwQBruYA( zu}ovD`US7#@>Id(bm9175LY zuX*eB#6?3UspP{x{{!BOpO;jA5jJ6^swS*d(hDmkNmwa`&)!Y5hx!<@Pi-A!joU{X z<5N_j&EJ9-kI2(L6T+toXZ=sP0SN~Pm;0qP{R!$2a6Nh2& zZR!D;I-8$Jalf7wwx@-!ZQDMsepwk*0Nr?zl~10Ni4}P+iP5ggDQ43bmS;QInn~8f zH`|B0-c!TA(t$MI)3QJRvq`!{zd*0ixjU~7woYa9&usi5yuzdhyA+AC9`E6H!S?0V zzLhGq@+cQ31G|zKvUcYdo%O0Weazz^`nc1>XKdo?`#QbFbZi=t=G|ar=+G`EMB)aUpcTM3vd) zmg)m5JXe@?-cq9#r+Kx0QuPFdEwY5f5eUnIUE8ezrvE~Us|72bKsJ-i(hbWA2EB%0 zfM`hdC&y5|6MZs1!sO{^@*e^~*?bZ$7f`d)6=BeBEC^07z#-3@I8SDjF72To&#?px zMvpa7jD{D#ey>#IhuuXhV|P#Rh~0Gv^ZjtO<;QUvc0c8uUScu~3ZpZa;jrh}ooeT{ z-R4MK2#kgDqqlHVz>_3#RB*>>o{*RS9vvavf*GAlE85Cb6Jc9c5SE@k3w{_+pX;`A z`dFYyJbm=$7IUR|e)_04rq2mXA1^$7SjzDfDhct9;&UX|A`h{rBbP++X~F!wnW51X z&YQl)5$r9=neyPr^E0KF=iU}fbX)u)nQ?`$IL$If&lD9OJyWKT3hV2~&lF2Y&J-os zOi=^xVy1lEET}NgvK8tt1ZT9Hl2~j%v4V5`;Yn@xkKVFOm5+DZ{smjTeYw=j+Gs61 zZo14TyOyDHfjL0KI(FTOd8A#*^Jt`6x7Z{kX%}dSsCw7QDgyO1d|U zgNt_x!u1w-IG)rX@~g#UwfOQG!swzJp5wKEgKA#M!HGbXVuFUK@{$H|IR^1Z-ZF}+ zYE03ubKg1?g|#JI+#@scbiAAA(R93W(Yv7IBz1}0=f~605|VUO!rx9u3G{>2wnvD2 zYhRiCp0Y3ToLQvYwnd_^ZG25s;mi{I33cvLoiA6i^F>O`nn5RZ=AdPdv5nZ_y(LA1_#zBTEMg z#{qusc*AfP#&gjHOkM6vUxZKhgRY(NVWSyVJRCMUdBAYoCCdAAOYiZmv1?NIM-EFp zkDK*{nK}n-%rLJak`ee%pVcL|{62@&KOU*y*4Osd%(e$m@H^ZcCkNt29e22UQ02HX zg9Nr~9(dF`?x5p-cmIt>&p!I#ubB7xsZja=lcPd+;s8_f3}1|SZW=%mi0g;Ve44a} zbv9_bGTM^sS9bPt$WIvvBux+l$c`H8)hrcmHnDQKf7i|ix!SrIaHoBHGoIo{Faqix z0TYk%DX!`4Ydk_G*W>cfP2)d(v@}X}`hqVBoanX>4L_m}4R2CW+t7G~4UJoEm#-hg zGrm=zT6_fA^%aVq^y_7KL!Ii-?;8LkL}+vq-A&&u(=gnYB7q0l{&-c&W%^Zsps3yL zaVTmf332T2VC9Nk%Nf&~s7~CRR@UD_L-wwD%O>_8P?IDI+=Jo9|xY)Vg&ch7%S z6cj)$+YV*-U{5IApQ>jr>1QVG^t%f_Mu_$CjDMrXU#DFc-AH%dhoUVL&Z?eTu1`?; zVeihc^?lLY1O8BK`aZ;N?ubNHA>clSq(0zW{b;+T-|a|Ow4(~Jb&Q>=2s@sVMnQPv zP3jE0oe=-6>DN6vkBNQpudh zPc&8er4+sve@Lw4a-J$Hb94U3mUC4FFHj0M^L10qzYT)L@Z21Ewjx9d{M{<=`ia9~ z`<=%uHAE22fkAiT80DAd%WJV?#E-VM@QFKOCiH(<{c+*p;vM`0m%!$x`p5G6_i{rA zpK@=iAXJQ>>Nk;b_VAbJU6)$K`4y5S$Ni5pe|7G?2hX=Kas> zfA$S+&V7hjzVZcOW%UQ<_JfGKqMxShnLpFqDht!IY zx_v52T~F$cA$6xo8v4x|qs2sQ(05BeD|0Yjp{r=NMh zF98=H|5=Q1o$f`~HsUPzWfoeQO0HX{7hbeZz+a7ev=O4tbAfex!xgUn6)gu>jH_HA z2Ni^E60ecfMAacJgnse8?mMPf5q1gktVkx^q%%X)ET!^tPV6$KSxr9txA;b#{OP*c z+cVtjSP4&Om8`qDC@^3g>XrB2%%dO98t7-NCdaY=Xoc@1ynU4pF1qwRCb|VA?jpJJ zvE6)AV6FM87;8j7G~0J<3OKa^zcprrD!3V~e3Gx_8){-pfC59N4osx4gX)A-@Vvrm zwZa*_wz1$b8Xcur>NZ^ygOMcOuz8j1XwPp)aIHd&?a*d~>>agI`|~hSbdD#3?x-;E z10#iv_T`_^Ffu;&{;s}~-G58nw=X|6QS#qQm;9tJc}k+>zIT^w^AHj@S4ABm}#b_ zoP+v}J%cf0i79%FLZDDAuGuk#ksGO_prZupndTARPnQ0`v|%m{xu-ZO)jT|+12nNz zIf??_mZSGH9;IfYB;~l@ zi^t=S<_J%<@ev>APWnPTVHW#az!6Z3G-y_*D_Y0z9HTwbPmM=0*8c}qUivFglra}-Eg!6&{5H`DgH5Z| zbou$!`L4s+#)yBacg{9j#WCfj--7{XG7)##^v@NJ2TN|k|HP$P~(s>>m4YOJ3S)Q+X#Zd2FWS)4C+F@ zg=F(A3#v>PhtbaQQ9Cc4QL>$Dw$zR))6QPBBgdvO&bZQ(?UP$-N0n*k!?bf;+)n9n zZM&s*RGD@TD!GO_H)U=-L|e*H*V(*HGQ!VIA+ZoMcinhK)Ru0_V=>9QT*6d-aBIuQ z1a7oji>TQXsI~NOK-f-JUgGn&{-}3P%c1I)b7cBO2Qck!qIDckdv+?73qm#frFr?! zo;BN1?n0Pf*Sg-mJglq}spii7aV#2=JaG>t^P>qo;m^|raHLt;!8Kc7x!i!D%l6r` z;}y94-BhnZo;9H^!+0h)>{DmWc2*X-p}m^$^)uu~?Pkf1TEH>PMrYge-w^iuwb>t2 z3lwYTF?_1nlY#?Ch$Dt!8ffjC%l)fQ&9wWs_A097J_kJN#M=gA^^`j*6pKDj?E5Sr zt2M`As%S;eefiy>sh07mB`{UnZcM^n=EHt3Q(_EN%f zceAkiV9Ban_DP~4DdVp)J>cw;Wx6QS)VMZPzgtt|8apu_cdjlo|e3XV1gm(dB{R`8czoM~L}$YC8__O4l!AB;h&HZJzY;QDSe1{doNB^iS}+=K=y{c>?^401sT8fcptgG%+r zpi+N9s*FLUVhmzoEfm4Q=t5FO%V1%B^juk3qtJh*K`LL6Ov>}-l(Pw zmHf!vD`WC|W=smd1p7`Ic>swsAI8Ao(NE#XH|y+lQZKUeJGGhRRzq~_ZnlD}{gy%3}mn;E~aMZP){1c}jb_A5_=M z2Yqx)abdFWq^+vA<*&#Db)2!MX$Ded`=130GS5IUKJ@v1v)w2Au#_R{gX@>|lUc1d zchsu9P)Sm(rz{5eGX51CfV(Osk6|p<4xqfZ zMlX4vS))WpUu&n>8*4pwU|9cFSfX#}SVH!bD1iWgao60cdV<(~o-`|;88iKMs1Xr?_kJ+gj zqD>j8`MJH^&uyB&5E05G*L&QAH&TVL+IEc8_jk!ijX;hR+<;FRsbgdvng`16glWO? zMPD`rYTFhy*_&1q7&aKPb$YYqu{LvzITPJ(4R27X-Pc{BO06^Ylo|TC)n^D#;HoG! zVV`+BrqMjyC(uY$I1uFK3vfQ@*A=R{6?_9NPt1?cA z2$MzA_&~U5?96dV++2>^s}#}Z{W-=>*_Or;a3cd;>o=Ge>SHbAFEmeaTwT-&r>{wYhNs4d42E}fYiC2@Q))so5+Ck*2Wt%D=|7K}|UOyZYbTS?lAm|tk z!C^on5CqMB(qeClC{$qnswT0RCV-dBSNYZY9|61<+Am5WFA~7>Q(p|Wy^TK*yPzpy zFFWElDvWE|cSU_(vBWC0Et#v9^0vKyZLy!sBLB9iPfgrG69BJjk$G>;jqdEqe973t z_eCEJE`&d!rdXq2p=h8<{Rv>AL(q5tttZNP7-Hvxe=P;z-fF8cDAQ&L9fai*I@&B& z3I@?Z#u`!1bL2!Ih&ssu8aSf|_-j=etEa2R>M7S4bu%e+6Jy8sQ;eP5OzVVW*4~iI z4<~nIoR%C*er4O`je?bJDKO<{&(==D_Sv;`(`O7K|B0pu{*(T{h(MGhTBIr7oZpTPZ$gwSL^yw@PJ_zKrWdu9n2vtO0b90?!K{6~`#N zSM+2}JYoP}eEQDjW7~dpFbvxAQCWwhLP=UW&BX1NUG(lkN%p?aOx$^DA@covdUs~L z|3qFr22)>X+AVrbl3*r9vsHitwSQ&t7JMz$E}~H*ZXSgQ;^$Gw%Dw>i=7S8_Bf4{% zg&b5~z9%_!IT-ISoz42(9yoK2D1q^Snng|zc9SOdXHlAv0~lZHsSJL9?W>^ z`ZE(2@YGiBk09H4mekl7d?d$Tx%3d$vn0+jk>mC@&hXh!k==Z34Nau#4`34=r&Z(` z0-DT64kgF!c)I*Ud~h>Qyxa%P`M2LH-N|d}_*#MQDsRq?^iFu`7qrJeT!EaepihEg z1rw))VeJH`8&!gju_ygF!*6)pczh~8RnGxl?{9B-Lg_}O!hMQ!Kv1?3D4H6dFb9(o z^e=1IW5g$pIZf}+xjMI3PRp79j^H7<@a`4@ z<{!C7lPGZq&Ca`M1`%5=JdYhs{>VOxCcl_*SoHa)ni?NZHJnUjxsqJ}heTB`BZH{K z2WL&%NkUr-iteB(jx0}vxgD|x16KGum#o|~B*xarOWwh96WQ>SHa#?R1k63ZvX~#G zjJ}5^N#VbNpcj-P=-Hw~DT4m^i7gW}y?c_NS~WFw-W@?F++9S_nw__bpcD2kAZSd= z37jza2a@uP-SVVNy|P78{{H1rq)gp3nw0)N=ltDwZ4J*UfU#{B;c9gQ8Qw}v3_0J0vH{fravJ>qVvEzO0U--E#lbsT*E4ZMZv%@?V&-0Q|mupfLjOO)Tjb^!O z`3XqCMf{apZG>mwv-#iIMwM)I^G#zff!MHdm; zM_y*N{&)Yni+R-S#7487`S2(7t&1J$0v8@#=wJ3iiOBxWu>6(2SNGXX zYRB;IX7S8X8FIO`KzM40qO{JsWYFRww)(Fn>hGDT{~oKaTwmYLcQ_T!EU}-^=O1(Q z*=9+0zN4^+VRC)G2;i%L`#oqwsZ?{9Y!GiHdCfcoNnZ0&l^}QYx-kYnZ3k9=c9*b` zSTF{61f_m<9Pxjsdl&d9i>rTpa{;2D30@EdHQwM) z|NH0jA^SY@%?jg_W2%HzS zus;&B0)Z6q5%CV0ds2xEfet)_$@rs(fK;^&s)7?068W!df(!u`0~wiBgLlCLG6bXw zM7u+Jko{RG!2T`(Kl_IO$ig;&M+|lVln{UTs7C;sQcH@>QdGl2x?y!j7wgf8I0etp zcJUQY;0=E{$0^F4(&p$y}Ti~w&I zL1c@Q1*l^NwFX$jY|HAf)&sNd5m4^pClgZw%w4BdhX+v-^%>WFmRPv)bG zG5p$GUJ?0;mLW;)P9@GwD&;hmnmvw9>gF`BKK+LP+8#s_(Prh=VS~f**Mr`GxgmPn z=Lc}qM~C6`Bk%Xig{4`@$@Z~et2}=u-Yw)Z? zXeR|TZk87G8kSz`DnHIuzFf-lt1d4r-6=hsD?g^q5|&9ylCZQli*)6K_w6jeFf*tj zU_flIu{uoZnx!f8;22yPX2)KMAZP-6CCN_Ob2AwO_2H{C`>$k^HgzT@3%HhxXb&a* zMw2|&O76s{#eIymIE1tkSi_*h16l)ntaQ$rmAG2$p<#~OyYP9$WAlocr$a||oh}=N z%=l8-vpAZ6j@FatCm_z#Me3`uc@cSG*uts{TVorc6UR2%ARw6Fs#gFc71+3XagYyJP82$287TSeuu z7Hv*Ze~8nD@@S&=QMnZD(PaJcm;}0FU|r-%w_;{CSEQybB&0}rAUoOVa(zBi;e_#$y}~}`Y8IL{M;BrM9;3*Fk`m~7CDKe zPY$JzjvAeTKI3fq+=JNoxzcCD@BRz)S-&JmpNAq2eIWDL^yzxr zqEFW?K$cCSbNE!eD7uqeXclXg%MPk`CgEBm6mWzicLB=;O0B4a!`#8d$t$3=W~M*O**Q zOpePRjC*DByZ7SJ@AG2t2{9O$c|CLaH1E&M40W}SwDE+1;3Av0* z7D@_K1Z5ix?|ZbUozaVMFFW++iY ztCAnxH`Rz7V0`^WYXpx1adwDmGP0SS9Qm@6(a^V8_sm;2E}*km70~BiHzQLPVuH=c z?mNaix}#R?Rhs5vE6KtLD<;nl3-ees&Ns7u&BeU=`bD|Y3`>tAVb0hvilfI^2yla_ z)isa?#J%fy@+4;zoYT{qjv-L}>vD9p)KyhHr zdMNHOo6XH;0xW4nNeLbUJX+6!0XC&YlxTV4uYwkqw0X4aa|bO{y4ZqNy7;87M6Y0A zN=jrO)2b>4goY@p0M9xyk~yJiENN-eTd|~}d?6dvy;d)GI_3X?=ahWa8*8RDsnf1_+|tz%~6B_YxK6J<(Fw0CakAx(BKvrtO7F ziWVIgTYckqpru2)ZaiAB4~l^uCiI#_>vF0wC2&N^k0%Rpt-UNyO>7O<1C$`Zfjp*a zN>s-eLOD#T4Z6#MZYX`a`BW@ z?(5O_q(=x*F#PXb*FNz}P$-XfxMwb8dAo&QMW2`33D%&GXq@a*ew0 zQ?hs`=71u5W(A(KElXGrTsF4U(A#`5F>Iuta@PeWIfdnc8nfJUN(w|v!Lo%g4MRO> zz&-M~%R*tE&9x?8(XNSVYU)t_iY)9pJm^6pu>00^wsLM6eR@?Hc8x;#*I)KNr>w*K zo44dt_5!D@Gnp-xvN`a?DwGzUn6kZxCt9O>Asx7Fi;e#=W^F`Tt5pD6^K~D zvaQil1irE`mzk%|_}}S+Cx#d=v6c8&&!?(OQnka!rDCPH)V3k^c0=V`SR7X)4A!b~ z4Ka9rP;4`YydS$(u+_8Ji>)4mEm{vPZ1LH`7N0F_@!7%_c`j|Rg*r-!WefpacUua4 zs#TxJWZi)rW%4CeQ?`U(w3Jt#5`_zuRFq*>S<_(5tn&7D!`K2{MqXDnFc^bW-mWXZ zQCHrM%14>XN4Y9r^((vbQK)=%!&vygp?s=>uWvPs#Zeji_05K{yNLm-#oQOtqc+t5 zQ%MtW?R&S#%3p4c`fq^}`>=jmng3TP@gr>BqP0wv_;b=m*4LoK=1o$0CQAIssr+kE z;-YI@lz5V4O+4eG#EcDU2WDuR_yNRdL;{2}ODA{?*u_S|SzuwyoHndEJ^*tB!e$_+ zTG{jE)~=c0M#*>a;hFM1%6yZoe1FWCZzl5{&3xFJ{?8J0AhH1=o6c0m+8cn$odvePpK2% zsYumWXj4+MYMA{*4+W;F-9G+utEY2kxH@wzC$9Wo$V)RtxH{WHKs0^0a!IWrz$j)`R-9=Uq9hj^?4IG+i z;@`ZgL(Bu?aWRGQzK+z7`Bfvk4* ze4LgjiNhI%*LM`#)$Msiyg5tRVm36Amps?YZcwficeqlP^ zSh=9N%kFi$K0v0qCTDZ6oofklwbl0s5ClW`9#+ERB<*U%MD}pm*;ZQ!ehikzv3Qge z^JVjhffl}|O3U&IvhANtrM#yH_dR>-8*KGxPrLM}V87p=K~M^D5Ts^n^L}>DuY`x1 zO3;z!1MF1AR2c+OOtjIRw5fR%8fHce7yhW*q{`z9noqO~K8}JoALz|@v6b%>JKxQL z28JYhhgADpD6>kQWtW`57I;_!!_ev+$`%I7Zm!cLZNA7ZJ2b3!E3ACgcD^pMv8RP8 ziQXxJ7H+dj*4rf?N68@kR=!```EGW#fVpHRj0HtL#x}e#1GY;`V8!s`qtvSDPP?WP z!dmRT$-w@Eoo{Eh=w+N&O|E$3Y@z=Pc4j3krMco|JM~qjI%wG?oGWgy+IG0&E))!4 z%hR~*Y0++2aqg>uE)HyX@1T=4~%EYQ0}Rz8O-UL!Mlzz^k$ z8?2HJSKJlW!f94MhbyjdwE(WzB}cB<)~dmAWxcX-}*)$U?V^j8)x(et@<0Kv z6V&rp^Lm@JIbOQYv(}jEZLC@m3B{}@+Y~?5Vby{eu>gCo$&T03JSFN{T<(FcDT@nE zZJ9=T>_%=U+Y0|^$pSev?jIp^HfO+%@ONCW1xXya^Ipc@zJ z`OR1XOHdN~CHcU?j{Dnd03t z=n1CH=G*PY&O&1{LAmqoY~}m2o$pBLln~TIs^a<^C~naWVJDD8tIPwyI++pOPoe6M zPzr%)_)AmH#hDTr^Zc7vH965F4>xVEA0kzyUC*N%`fWhfMfzc2@yrIKc0Ddk;~~RA z*J^?_x7(nejNW%W7|go0#zotA?Cislz56=f^7ooM?-zF74Hzcf|KrR1PaN$VE77mT|%AGyYQZA)t1s?^3Fxpu)SQys0aE(tjuPWKHSbcmYK}}uB#c4 zclFV}c0RhsV8a>Zh0Q;(%jdKANBYV%g_XI`F7uMGou`ATV2J_EGwc%gNC_=V+-;}+ zlBv2|StQIdQ?*ONoPdIX)w;;a=g1QK1sVvIC0@E(qo~=DCAz_G9$5n7Z>TJBn^o44 zB_3zlfc$Iab7YB|$Z^| zNrx+r4Qt`!s|@@OR}{NiFcM}iTruCO$>EA;!EynZ>a2VYSIiaG^l-&lCRdOvrZcla zKwZtw1&*xtoXsQS*)Vs4MFB*vd?(i{cCP)I3z6kDhpn>Hw-0vbg)23htnRF{GrvPd z(+xp%+%dE}O~_;O1#^XV=T7FbI?Y@zG1TeY70hLKI&T|mRXCIV@Gc?4e4Q?^Gatgt zcBhLY)fLVgKp5-7TtU^*&bJ-%0+xj*uF#liF12faiM(gyewYi4dOOb}$YTRLs;*`j zT(2xj{MODjleuhQ@3GS_74G&h%z>sK7KI+LGoR>m2Ur~(sqz~~KAdhqSZbFU?35{w z4=93Yl)_|KT;EbW^DH=n`4Ih>Rl%Ef1<#XzH4Z3eu?8&?U*ju#g(+)ieyVPJWQJ+# zqLw72on@*7rm6wOPqn*pFoN?XE$8b43Cq$Y@w^ViX)Kl>Rk}=V|RqL9u! ze^~%CyY<YNhCq67te-Qm*E5}g?nJ1y*mfKe5vB`07_YyWrjq;fNuexhXFrd z_}>Hk1-`zVV)x~G$-MAc*X;7ggBY9R(YhukVgg$2%mt+WP~1W+76$$;D!#cMpK;O; zFA@T7JBdJq$V(`E4w~t{3bri1OykQ`^HRf?GtEl_U&fo4Iea+JFU$`^I z+S>WToiV<2@`XENeCfuEkF%#vGo(n(W{&1wWYN>d4Z`z!;&Rw$DpFm0N@hp2c;+9l z?7&0R**Jm=adF}nf2wgNPR<@DND(SR4y5O#vD?+)701SKByMy)GZoj5W+i4k4FC>x z_uc~2w$(q0J_E`8z5tnBp<0`SuJugC$0_*f$7XbdS0eqSK{lgVRP!75ky9^YGg?|r zG)dc4Lrv}K`Nv>Xxf^|fwdvta*xXE0+VSs{d^%O*ySc=MWJf>}&{$rw@*QF4>lTOv z6g3%*bsqsce7W>)uKZ{))fjw(XDySu&x<#jy}GUn`rvwn^@~g+mi#)wZtEs#%VSdi zWrt%xdj2nHp04cP=DFps{)}&?dDxzqLA}G;QuPzr*BQ^ynZfd9Hy&g{(l9?Hx;G_i zMn$S|9WWfY9z+;iT(g&`-4LlN(mrI}_(Cri`ZfJncE;hMY;H)yEMa?gmD)aczB+## zQs=Iy4|R&)nwWujQJW&8NtHo=DPNsmAzH1!pZ+>`?q{8kdfzFou}teXF*7vUjHj{c%mjAsXkwr9eW8&hl3f_q?a)!;f&T?h&POo4z=JE zMmv(hJhdd5zfFPalD~n5gQZ<}5*NW374t{VzMe)td%XF<{QVo(Y zH=7eDIQZfAQ}T^3bQU#kkQ#^S;xa_zGCVivvE;ffGb5#U!r7p{C|wwWLAbYOtg{7? zb^EGwKtJoeG>19|_Os66In-GcQs+p=7$qnLj zSO;FLlhj+03ZFwHAS%!E=kc^z1C|8#)$u%>v4QIW`wnNfbRV668}+(FMLc^Bj!8ZR zA5k0;6TeX25-LZoB&rw>!NlzYVMSy^e?s@Ok&Qt{A+4e%OBwRqlrk76|#b#aQ~ev$2{b~3aP*7(~(Qh<+&CX0yYS}g$*|s z8$avTST`}>4IK8WJFs)+<>a;92iMhhWAwoZv>TgW-6P|vYOJEIQ55J|!kI#K{FIo7 z3-($JVrShg^NeBHKb(S=*03ebX&R#wtB!`m4f@)Zc{df|FK*iGo`~N8RR`nmz^ZasCXjOt zoT@+=oX+Sz$@MOKvgvND2C+4A5rds;cP25ce;Rs&?#}iL!VcP&E#J2UeZgeKm3SGBJ`C z2Lf{>z57B}y58sZCv zC&ujM5V@+s3-GiZB^TT1A>)tq(NM{-7Zg@?gR2FealQuiSsrqSSxU*U5*>q!r7mN& zmsW-PA|0F}$_Sk;yL<>!n0Fpf-EN7K^3b*+D}{T0F#yWU)K|^ew z2?I0_bA1%3Mfl5DxcI_&+t$xf>U*}kO^pY-S1hC zULG&Qb4tGIa9-|6K+{ov)OP9NT=_9=4rH06B*~#vZx*4@ zdvon9Kr%C^e6V3kh=#?RjBjbT)|oU*JLKul9uiiJlbkHdEv<>Mkdv{^iQ3Jg*>1-9 zGu$&Q%dLpbJU{NaNcgMA%%vcol+2Tv5q4VT<^ z=#mwz0aLQXE0sgbHE0l}7*93RaGs7VDY=sd%#R2p18T@duDE#ZO_bYsMnBQSzmcl% zv$;A%JA%z$=AW8!wHsmJi#Zn5jVQM=8I&(!Xb3&9&OC!QD5(TkNXfx}c270m&3S?7 z2@QsNFFu3KC}o0&_@kNud`h28x5H7&8WTKyH_EIA!7pX@I$^j10^(ITUun3-trcjH z_li^xX^Y(=G;GITrpiI7#@e)Ns=nfM*HnEOt}mt1pz#q--G&(EHliy!iql+Xy~2A> z60ll`IBZoyv01tX%pSuKP+cM!&Qcfrj#|YnKCR+Zq}p0V6^N3G-Qv?KLe{xaE)5m? zR$Sy|Wrh){txz@oL}11VxxHYR@awC@a+uLljQ0~0G| zR_18Rkb^T7VqYM~-Pv>OP@t~OkVChUj~r)Y$e~-wLyluIX!5N|q&mcBfh5LFLpl^~UQ zT?(Bfbj9^=<4LFHn>}LydfQ+FC>!wy2?x{-)vWOXs2lcEkYoaWxdEb{ zU?;oaH-NG^8&Gys1FC_6Djs{IL2iZyg-h|(HOr1Z)iuk0=S|MC^?M^r*2%S=m89ga z7R1rQ`i6SBPr6YnH?x@q%`vVkCfX99HsYIb{R?Z}paS)apL1bd$WpooSX-Aosn=Gi zOAWl8GwcdvkQuf`a?X_>-I`i^o6NBKOA~)oK?P@67Q&iK{-4J^QrCaPJsa?nVkyzvXT9wqx8dY4$ zY*hW`uLf02RjY38YcYBnIed#zCjj;@MwIeAl9^Zb`eeKdM<3%Nha6@t_zmMdmm zh+W$ksPiu&ceo6?_x{BeyFQ#1CU$iq)fT(H6hgSfE(}UJZBf@q{mm&BmcvCJApLo8-U64pG6_XsXntPDOGJgs zqiAmdn6Cm2ea$$;k--J(CqjsYQ&5Y|dpkZsVQ58aGAw&qVL1CY)8G zL4ec?fg-BiL`VUCg)%JP(SOnZ32#z@3j^ce#jnq?NR#^H0bo6LtHdmYnv7VQ}Ac69*6{S#gPMoD5PLF0Q)Ixnr^S&foN|IQ#y;+1-L!B(~ zl)g-&4Ez-q+ukkFb8p_-*~v7jO+Z^vZEM%Xn#0p-(}|!{qPOH~_t)|KO0$*26I2{C4O=RJS`Jy!?B4R`xE2fJ{OZY8ZQg6`aNcn4SI@7Ic zt0NjIK@B-h3dVXrNT_F0lbZyA_>lvxFCsErY`&m7Z@-Rh-Xyh}OZvZB? zcH_Vo_qnuu0mrmaA>ie`nn-_X0CWuU?w(M8k%BIt(JQg{@0Br?CoZADXQBzZ-39#; z3@jL_N)ZGyFi(hHO{rqYB=V0-uRa-ZUdGASQIf1ns%S zDMZi9gOBGt;_(saJx*p2Jpp{uDoa40J_49=FrBo(Y=&5Y?f7|{vDFJ(W6#lvr-e5c z>zO749lcXF?9m|N$vA-r*=LFjYa<=pbf2c9o^)Thi4(vi@-iKxD!k2GleCN9^w7mUnPAeloPcuB8-aYj%RcOn%R5eEi0q#=~ z-rlo&`m1?{dF#}_ZY0Dv5aNRX@pKKb{BRF+2|fc{oh;Tj^)HY!3@;Z>p53)70I1qDb^gz3{ z+y(7_{*f!R{iN_ffcx_^eBjRiy$$Y`8?u7iiO)W8w}481aK-OBi-mJXH>@QZ*1mR^ zvs*aFH%=(gdyU4v$#s0@=>q61Oj%mGUpm(SI!kR&Km*&#z4QdK=HcB5Sznr+B@cUN zu_KRl5%cinxy@oaR(?OHDynJsR1!|_RJ9U!|Du*6gCu_RB)|W6h>O`wfHNGyqa@^? ziS?Wq8uy+cK7E>i$dWcSKf2oiF%B0awxC^%_@u5wuf)Yj;>_z-)h>Y0f_5;T5ws7` z;s!_}q!B=)_O$6O+}5T1W_&ZfR&QMElz#!wh{|M_7llmJL);+gDsw-};08$~i9+Vh zB8abZvH*9?pza0QaDyc4u`e65#})Tntd+Gbb`PnA>13WukX~@Kivu59DjfI+jk*j{ zbZj0L3>pgXE4E`li9$npHb;hlJiGmbXjvF_ljq03BYEyg)ZQcaVc%nFRlltv2d)NS zU07MLSGZW;$jHL#8hmtl!`*}oSk4#2$5iWXa37UJ=mm+EQTk$}RMYV+SoM41!7@Cj zW-|qN&-Q0fSDu1$+@7v97PnOB(<|bYF&((Go;I5rK zI08&$ySb6)ENvyr+~ufYitvn*c7MV{T`y+&Lq`LE$K<`SK(1&5CT zplyF55?or%9JtF^Yn1@y*!u7J$<8A0n+C;ePRe0ug+|Do}(ThaC!%?2XI|4Nnt#?I6_ML}Z9mpM|GMc*?uxK-8ADdYUXT9a9&h zine-I!E#+Y05JHfu!y}LE=%W|1#tl3#{L0vcb|c5r+Kr9$rF)Wmc5H0FZJwzoZDEI zE@~W-pSf0EEACXBYGU=O=uTN{(|E>`#~;0d3)~B*Tb)J|dUHQDo5kX=G~-8;X6PXx zn@Mhzioyvr3nlynvfR-9)Y)#lP=`fq>b!WXLmjTq(pkA>oKNcXJB*Cjz(S2pEUPwM z&U%D5)OtLp>iIP(gmBA<(rqIn&UBUktE>D&Ql4LRd65xom^n39eoUJ;u}o5uL`L*x z5yVb%vH+FLpspttrC*Q{InLbcvo#mdAq|7Z?cIC(L9TH(YvI?Kk19}wo{zA|t#62} z1j=Du&(U!^bXqFF2>ZbgiF=pt_K;cjv~>1mS*NAr@!2;moqaIzW6a`aS~4=U`<_?d zZ3Wudo!9fgvIxiUyx)prIA7p7d;V8jkKbB-lKEPpe)J^Jm+0MET_#Cf6y<6kW-n9E z-fqg$JZYzoQja<5aYU8iUQzJc-MFgSGjKg>+<5<)gGFoxN&UWdHy){CxD*tRni`7? zNV+!hx9)_8KmOw~s;7r>5;s@s77F_y^?sx-=5n5JU8(!(Z2;MIqZH3IkHP|grh+#^ z_;Ed(g*DAPZZ#e&!q>uCIL}8?HZ?Wy<<+{ZA)78?Nse`F{l0@9gNp^&tlsT)%)+ zgX;qAa{*j`{u?i@sV7+bAi13g*v)Nt_sG0qyBLqYK$+Sb`NHqTy_7!kE%k|f54O4{C_4Mh2tDp0?89aA7G>kU6j~B2EZx|e! zalC}-h&TR|{nGk5_N6w6nz<)?4+eyOSW0|b>DUAF?k7@vv(DAHy!a=)-w<0{SNnd1 zyGidqQdhfHp4L`EqH?QeWA>t|0nNlwZVqFTwmes;gC7+kYq?IyWPyVtLJKrJBT?Z8 zt^X50Ya3#(<3|n^Xfcb**VjIP6Uo~VCo-axw7ds!?)@c%t@=r~u+vrN{x{tAd5J@mIYK`27J6+&i~nG+gppb{fi<$%%$O`rNl?fIh!wl0~1? zBmJNcN>SAPW;DnL4bDC>NP`je;WU^GU##pjIF8<0UK*TL8cqW@xBD=4%^m?vozEl- zQ|CPVzm2K9oeI9Gc4rlp^5 zHftKG&|s`1##<7{`6AHcvriK*x5i%DwzYmKlz3dWUJsEAcH;U5{Iu5JjK8J0G-4)x zpM>?`c>L0OfT7%i$0e*?tKh#LiNJfYj!~_#SD<^mivO?S|4RIS9sl3J|IWPD*uNr6 zSzaB&;}OaFGSopcH*4kP<$s47%86Fu=*Jr?F?UUP398AsHT|p2yc848i_oR;A4yM0CV82!7J~|? zYyomW(-M8GLTh-#O&fTHb_Y+m*O8Fsw;9VRoZ=(`7KN603JzLw`|P&K*h_RnY$p<6`8qDvQTrp*gCdOdgbgmZOF%QLMS|8LTUujF;Wbgc6p1bB zf{|Y_YQR$ZQ{?jo<7x&mX;B-I-d%(ZqjoqeK7Z)ji7u=m02H)8 zH`Z=D+l{pbFe~6+Y+-G&`tFwoYYTui{I6ZCu9r;mvOxV}gkWv)w~DnbD=n-UpF+B9 z0$G|w7u3*?^Y27Ws&b_ZGjSJYL@$OC5pwHu8j<-B zb*Chr%+Ge~^9>0qVmN2juUntT?gsq1baY3T!9}#C{!2&uy!F{t!e7(2P2K=zUorxIeLmaGJ`iczgic5LvHpuSD+L|QLnn! zsna3ujlnvz-}-#cj{hIt`s|i+MYER(Q4DA#VTF3tp3o97XmMrs4)!1yM7Kq`aD<&9 z!PU4Z@2X=J1&6-tp!KcDy7Re?&Ed}H$8I2l<0xK#?tC_!fS4K7q9EvR^@JNL<)MZo zRA;YVIa)8NYtnHGy zoM%4$1FOY+I{BL5d}^P=M{ zZPmsc`8Yh$WUeY5Zu1!5p%K75SLB@q>{8d}R7&P_vCWx!JeVzEgTQRT)!8xY=@@!^ z1lkT@Hd+&kS%2A25Roo0k_&Sy`?OQm!E8I&0_~=MM)d3Uu*CxD%wfV+@2Zk(jxvF^*Uz)z`w4p29Wz6DCCSOXZ{G5aoF|o zoXa@KyxvnL^O%2VTAr4R(j#3w%b-m)Nayc$=J#6pMYu1Kx%dsw#!4a2V!1Hs<&?|J zbKLbDbv;jXJx_5xPjfv_=d**a%y6u^@c%b(ct-BT-So))!IjxZu8%w-8_EVbM7^3) zbxReBYu&?aoHKots&dlJMmy8X)FdYzk?Od4&-8LN&Pm6Xx0N1OhdAj`Cq1fma?&R{ z=@Zp|5LM0eXNr?PMXhzxr#b1<)Cwnkx|2R#Jt^s!sV<+IXUUL`%y9?4dS_Lce*3`H z6sIi@uHsI*2UlfIx(8RoopcYbB2KyoSBfOoH1go8!%6qxYO#~SjGl^V`ul>i>(N0?)T#a+OhH(Rpig4SNz|a92npE0iK*)aeqvZh z&T(qvbO4z=DJmILHBr|I(TaiAovj==>i$>9-h!t!6RQL%6V~vld_mFjb-P+#+WmeInC+|ILO1YZkZzG8(CygE zg>K~rjpeROQsxxebSv*SfVd*1Y#$%pF2N~pKi$gJiXv__2fxq2L7@oOx3#{a|&$u%lZp{-VngQw;%qCg7BBA7k_TUFH(dJ|H+~7 zBh`T)6bi!c$YU7e-Eht~GK7CT*VSC-itw2R+(d#AdN|tQx4{6QwBK|s!{^r6d)OaX zizgfgTKm15N)eD-@uCMDxJZq`PW(>Tl0hE+T?>o$n;NMV+@pVQOJ~E_6Lmtg-{{N- zI^QYvp>rg}H{-;A$@hsXf8@_fq}sT;4%GBG@f%q?Fvpc<ql}ln_yi$o&2mbtT#w#^0Ug1SXM1m2N z$t&7gC%n>qlOc1zF_8~Ue7=W|%*R0bF=U=OE{x2VA=L)+b`Zit=75Ejmg78(3OGzb zVxj^C@h^%k#wae!2%f(X3meP4$X!QYnWrLC8J5I7zEvo+Zx@7?Da=~t zh|n?vvzGZ1+m?QK7Dczoii77u%OG@o797kDEwgur!j7aw4#-mW%Q$#@;O|zwfet%2c+X@3NO?DqGlh*`utooa-0ONW}$VrGCv3{ zQ=GNT&Q=*c&((2*E-XY^n5BU{@lV793(gZeWo`4m&@#BxEDH{Q9#ZD1=&-DF*mk(# z&)c{1;-~6155Uoxtn+eSNL!1dBeVAJ#Q-02&4Bx&0}~~z`CJ>VSYC~|dM4MH3RW29 zf;{!I_#-wB^9IJ&R|99;+@Op4Z?n|B6z z=uMe6sXqi%sZ9~M+nfip#QhV96e73TAnaU2-vu(Dryxr5wbA+(e zTF}Uzn z=yo($xcJqPc%$IjV+CGZYlMj=(}@1($AYOWxcsX>2j{^~_?%#m7Bb=18E&+*2lI{f%g_lcjMzLQN#G%{~X4l{gDzw# zdlKDnCMVHLk%YTF@HbMmJ8tD*4qd(4ublJZ@ko)YT2WrQg%AfwQum(?-3x&WSO89R z>hO>Ly|sHEIyy?qT=_A1PntwcQIgUr$cW=?7O-RIZQ>Ei|SV%q(Y^J#-AO=?N=~s{pd_!Jk6QV4lfAcD_7Q*`Vw! ztE`*5NR2H&CdONVYtl?@*r-U>4m`WKuJxn;8rS8M>lO_Sa^2Nu__=O3FB3d|44GgW zdfI)m_seYO3!_F&A<1#Lnm>kPuR;#6hyK#UA9dTuWDi!yrCPH`D22b&^8z?y`QJ%8pv+RnEe(eoD5QOnARs>M6)p4^Dk2(ra?m&7OvHR~TLf=YW^m z3}uJpP9u62F#Z^D$dUpx0v*VJV7r*Z0v4~NucqIy)6!VCS=smZZ&_mQTN z4Wx(PZ79zUsm+Hm#Gj=E&>#v1)_QcN>_tBWW_hlD><*SSc=F*`Q3AK?o{Uu6OnT`CtP+78uYhLuFBQ)3 zI|i{9C_6Vp*`i=sH^!l%X4)YP#~3ziw#!rhDDt80t5bnC9pY!gVZ?`jci>p0+W45% zO?<;6s3Eqh5V&h*PW<(!Jb`!hOg zO|XtF|M(Y>q0@s9f)1B)?}H6!)x-;<0Xj+<)?=S zo32`1*evx}m~WP9g7Yvuy!+(#Q!_gleV(@ccVNG@l}5Lv>1(eOaNx(L zeo0B5x;x*uPQ3mDd!5*CRMeIHi_1RZMHS|$0)M~0=k%-bfUtgD zgH*d;_pI%+Ux>&LdU3B7xBu-Ro;y3Cd3DSLYR)H(l8^A4Tf$WB0ddE>(4s}gh>ps# zE{A#UMDhUCVR=4eUxW*AtzB*FI@M9?h4JVCn=w9>BG{m_Ji_v0oO>&=1e=-rhY2>9 zA=O62?eF;n8;(QL$8DESR<6bkd}uPAn$Vfz&GK?Q05!grpI{gsN-FiCx?)U9ZACbM&I|Ms@L`bKtS)$Z4*I&L`Mt7oigM@j< z-6{{sk4tBQ+059T#&8DWiA}|s7pTL=;byM|MM6qmH~59 z3=RUX6Ip8An*=MJs7(tY(g;G=%|LP>1e|l8imk&W>$J`@oEE;ARj!y1;0wovKjd*? zMNR{EeTbHNRQW32u%;5VN?KAlW!;ScSWpeml|FdCxcl&-w-0$vA6N;zj2w>eV&I~l z95ArGt zcP$*UB31gHq?KKBNfLc9pls@la%>k`UlOh_bu~poq_w!Cr~Btt{$knyWA85IWTZb<+tuC|;#fCNtG8e&!G9zbNN#y)QQN*PYezeBaHd6PD?2%r z$JiVuDjZBG&uF#|b5BB@>)#EA=2;$kP+4f)T`)EWqg874C*6 z56u+T)`7YPnQZi|t55CYYz3FfTBZK{I=i6*HUfjIld(s;-U9;KVx9OKLCXLuTAr$V z5^u-FI*Wh(fFw^)JO=K$LPjo!83RAc#hjX#h(K~C{NL5NooXwtxH@0^(q$^OpoJA9 za=03K5=hdB;MlZ!|EUvu5G2Ap5MiEtZ|C z5a_*$6pKo0-ZVfDLFzZ5QosiD!E3>B%JW7x-Gn}AorXm zmHjtHmeA~6(yZv8{iE6P6J0d>(LV!>dRf#(vx8w8laVzMso#WVLEMzT8XQ@txknb% zBWZf5yTkKV20Glt?-r9?hj~UyJ%rQ@W8CEn+kY!u;h;Qq!Y3kW&eFYw<4Vo(wszIF zTbLH}1X69`{q;Bc)MEPIuL0=S1Dk#QN*`zU>+sNi?dtB=_xkJ?!@; ze$(cn0IU-gaWT_U(Bi5Q2Qe}kI&GyxcDRjWPyyh0Ym*O-;SL-Z?iz;QA0gGo@70*a zLam%)T|obP)j41;^dF1lX3o9cmQ;<-Lv!1lify)61eZ?bjd1p}m5SklxIT7pH(wT& z&ZPDq(yCSwD>t_UxXrq_PeHPq@Y4eU^EsM!bv94!`(0amxoS97u1nE?s9ZYEv<^2- zN2k;9ncJiI9#84;(^p|q$Pni>BRs!(P2izO`Yph7tEQm?&uOD=cJUN{C;h=9{7=ut;dwx!*kX!&DQ%t$^p(0k{{znU58Ygt?vbW%sGWn?k;s{ zOucGAM{rGqRtny~0I?dpK0)C6XnxQ~#%=GReopMcO5_>%vs@^m(EE#aJK^h%{dYF{ zkTmjG8%dY!tdT@f&_PlqQf(w%_iCSGA4lgrV_){hI8~+U*m-OCQwoE0P$pPy6j8ZX zah}uj#%jv8-Ec~yq_367&=O}mCGZrXI1YaFYMb6R4)m3P59C_xy`iP|QIHplt!7PF z++1^%H3qa$A4~Ul+ReihH1$It>hC+oMt#qYVW@u-sW$4jcKA@QabfrX1LjOgzH^_OhD$jWn*6HGv?Y^zK4;bxjan z{&ti`l)fH)5Q6H%I}91LvzFwXTgD%K366T7?mzJQk}q<21+zLQ>AL#gLB@y|QDj1q_T@Ebtt)mSi#JG|sOwe~Q9M zyTOExak$~$#?*6KN&z?B0Mznd*J1Ps6YNw>GlEv4wlh+7u1=gd4Sdt7-o%}H4JQ?t zD0h<7h9r2<9v5rB@jJ{rJ~d?;V%^2hquB!g!-C&U9g`e4i5KuPrrpzE?T$#*6lCv6 z)C|EnDgCrl1aa_w2oCQ6GuLSjuX>IgK2Oj=38kuy9NwO&ZFe}FJyoiR@Q}mX$>HRc zMD2>LRmY)ja=8X7VEAF1EhcZM&{eHT45Z~JF9mKb`1_!YQaXg*n2>AlE zmyFFx#pb{QG0n0-fYYYv6$h6I1m;zJ6_{dvoXdb~9BF!UM?<E}0W(^z6n=3CT))yYW=sR?LLp-$?f|zqQFNQKLAep=oYuXg<23QivrBX$X^tnF9N%LFey;{ol2| zMey~5?L~0EZS^APm4=FuYKwA5gRQbjL&ArgJS`aL8g>f@fqg1=8u+t+ia)x&_B~&> z_jI~_**0No_e7-H-L3@}dsHL84Dz+5WArWV?_1&^8>O$pEh{Kj{2i%w-`>Gk3hf(d z&V>jXR$DBMmq^?g-Z}J23nHo7mFl6x$P*anTx*w-y#9hvrb z#ngiPe0RuG*I?f9?3e!KKmde^MFa}?3qz1N8SSPfbFQgV9}EJJnKyo4!e`&c?+2I+ z?d6wnTC1FU94zHti+WpxacLa#Gr39Tkn6H=k=vl+wjkvLw!7c)G1BX!Y+~(4I0Alh z#nOEv1Rl+f_w6TF-4xWZ_javV^z!I|Ac8|Ma)Q%69a!^NsjT)AyA$i*J~`K@&xH0} z<12s9wU2O!_FZru-p8AAsPVmiL49aQjpaT(zJ(g4gP3!A>TrhzctnxY#de2Hb!(Fr zQ<5VCIjaPvi)a59#KozskLzG-Yz;(5neIt9-Cp6$mTEK6N1fCnq~`NN!!@|_uyPGb zr5j4zq>wd^@!UXHXC>jz|6+F8>7SSS`-Sw+&rk0PX5rbF6Rlob5`;Ls#$2gCBZnH- z_N$NAEDrXOTWnZdqtQBQ8a%r|o7xXYPqFnA*I0n>pF zEb;I|WxU|X)(*eZ%E96sKuh_csv`W|2LAT;_!(r#ZGz#5bBdpH8Y(xka&@sFRQWw( zIDpWPQuM=$<}Lle1ZtYe>&CGQ4?mn>Xt@@7!ZcV#^o{CX01$)YgG-4cd!Fdo1k%JO`J=gvUq0{pfA1~G) zk*{UyD+)CX^yOg<=i4=KDs)ewcp4U|$@$rv@_N|UGf zsSZ1JQ60w|9F}0K*iyR^59s*HhPCI4>Ex`{7H2so4Vj;UK5M5xLB8_(tkDRpZ$|lJsi<`A z&0s8`0gh$g-O}avHM>(X8DF#CKLukCZML=|i2ZkMGMX!d5;GB()YTv-Bt%3vr=1!s zhkc2b;b?@9Vo`*RLM#~~)#~i|8M32ltQ>*t5RF4?N7G^1OEP4Kp*$=*J9D_JO*+eG zhNv{W5_U27O7;q`gdNYllD$nObm|7;X}faS&*%!sH7Lj{2R-iRm5#1Iqb|)WHGBAZ zW&2M8ymE9Cl-L&Y{5K-#e%i2t=6>JO4hUfR{ePYNI% zRMB9W(8d8h2FIa`X@|G@*laVa{{wI-d?sB^3t_AQ?Do<0P)7Ipi;@05-?}N#=MN>5 z>GLOl&DiJ3A$`VDqlZAIK4*k7GcXzOe|P|vXFm?WvbP(S12e<&-@rdC%U;cF=%Yai z+btP$x;qg(8zLFg%G3_r(z-^=pSCnr@wA3LgTjZeL&lY^Id^_+>d`V1~b*N4A z(1#zU@!4WP#(N6SLUdLtQrW@&~Ddo)@m2WpnKXL&2cF z=+zTd+s^0#8M`eyksY*-yxj_~ui#n!>*)(-MX#RsC~fi$7@UMR<9vo|Cwxq&x_5CY z3KL}~+IJ?xJqDoN8?%q52=v?z4g zmEEe+Uq%w|Zm1w9$hzTfbiJFNLiB`5FyY2wQ#w6kI)JE6Xbf3Ob z-RGlIpR!rqDZR0IsvIIiAN4Cn9yLSVzfbFK$j^hN(fYU#Kek4%r8^EX#R-JexTRs- zP<_fw2_sruULvyrhyFR(fVLdzjCK_81JeM?K96;jN7dC_>k7boGr&gM2*4{hQ+zGv z%m;Hew)vQ|eS5H*j+(Fw{KkU2L3#8hvp8@6N62|Dr?5;AAzpoOs}J-P;96-V`-~Jz(o?(J5%#9(lXKBP=-b^5`dK z!~gKNGV-P%DnJ&CY9;-5x5)fBSH`eboQvpHiXnCicn@F6h*8u8TbFyRVfLH=#PaL( zDP+?v@nlDQSvo(SCqEc@Wkn5nZgY@NLat1sc@Cx?wTCqCKDE)=br(>EYLP*dY`X_I zdIjmcjTprU?ZoP`wR^gx;jU4wKm4tPw1?Wx=|Jl6bS+*m26UeeZz`Ao_S+uEEWF3f zek;X|T6gzD!Yrt(5~38a*~x~fsd>+tm09bu+>)1^kQTf?JCCDM16Cx5BRacJHd-9< zO8d}%FxTlbifJ4e)Z?%CsS<*OlVziqUmaNQbVcZc?H3f@`pG%8{#75XUzJ1aGM94a zO<;cI-r#z$muo$s{-F2N^p0wlmBE&dFu|=ZrsC|DZB#cx{@BL4=_xoW`Ra1(Bj&s_ zG+Mo%Po04Oy55HdYitI_^bnC=<4#`QSzOYI6(2~Go7wxlXopxPEa7u|BduvZKA+R%8*)V65h zNY215t9_!U$}bKedyc0;U6g+q#l8F)vtWL3+F69D1fEj@x}%<1(p)?7p#4F3A|6fqIE29vzYd4Y>x)Bf@^Z*gLqa&@;`

`4Kl@x*c=IEib-hM#S~lNL6w;) zZvVZPDfaXhUhWjmz!dZ7pyk!smjbnZrm!Uq7gr=J)5!^|;V9fW9uC78(j4AEWe0)- zaFhsNb=3i-s>l(40dbSlW40O7|D!J>4vcgKPZH37)yy7 zX`MDn_rS(k29g$_>HduK_H5&Pc~g+2pBIv(E9e?rMI zpzd%Fb)nv4x{Gy4oQ%~tU686>J09j(>SxK0|X+APgB5?bchyL)%ry^K~4*gYwJbY425W!`J zdVXsh_Cd1o$?yIaiK!bT!9&hN=Y zPhVtfy@-_vAH`GUs`__cR?73%|HrgdzgYC*9KNZ!@?%z{UmyoqNq=eLkGc;eu~~_{ zV`;#YDsYZ0GcR?R`2hj(9Y%uKumNIj*Av)%GMBq2YF8K0|9i!$GH0w%M-H@D!zChI zba&sZ;bn-mp6Nnb5iy}Px^tNp65ipFjqvrLbpV-yUFE;7eD1<#V~VUoLjBW0rf7Qe49iQoYlh7onRE#AC4!E6YQ?-2`km`hWekOm+>|c1AxUyT@w@X zihns9Mt(QTeOUM<%%YNgD-K~mn0KoyiI!8rs1(!wjC^1|vVcfx!VFqiTXPpFA)i{Y z8p}9^7NHX`RN)?Pp0QHTmKw}-ZeBED%nPUTc&d@vvh}O1Va(2&XovipM5~XYKs+I5 zha%MnyFnbxt{aAa;w>7oZ89E5Z0O!0M-QkQ7~YjDk~{4iYHp&q_qV5nk}L`QLnwx= zebZMI$u%Y8=n_GJLLN`)0dzwF=t*%I7oxIXEUR`!zpOrPhv$@hHDhD8%s>-{XT?X7 zV$g6%>F43T9W-IffI6`Q&2y^IBs*jdjm4R$9&fBDi>DT{-&zFKw)_L`Ae}3rf@$dz zla2-4(H3y`=0k7XA8n@vBXi})z;?~ZiQRfo4l%D}4*9HUWNRyfYT zlU=fAKI!HXR-vw+9qg+!&wiHY8B+JGvWAq*gWj%B0T$GC$YHt;NSQ(11r(-)lOQ^C z-gD1`p;D5yrs{bxxTabfR1%fhQ{mces&|m73j9M#%7Q5)awLEVC{8~S8c`F3?~aI$1Qmn^$)thfiu+1Z3Jv9Z3ojQ)+Ts zX@QJhwb$*U+XH1i=o2j%rI>~H$Qr%S8U&2&9+P?=P>E!72ct1}=MDhly*Z)G4yJF-H z{T%q#X3Hti0%^AN9^&{RQf;%{nZRB3qoTo>s5up;8{SrgX za$PAh7P!L!3vo6b$Hn4vU|cJ#yP;&qt>Vb1=$*?A5IkTIrGcV|7`Xj(vpn})ZQUwu zsf0V27Iq+MJFn~&yE)s67mS^bWmb%MYjyRmSXly#ZS#4n(Qorv+kJxWz4*H{z#FI` z)-796#-LOZa6^<#u&_Ce`C$=ET@lh&)YVqf)s}l7f_5j}1Q%*KDAi5#sMDN>PBv_L zf%a6lKi17J(Pl2OZWhA$?l)p#da*|n`$$jzz{YPVCN2!AZ7*MKy{N52FOkK{U6Djo>UkovAne)!^#-<9) z0ZT5mXU@XkVCHPBXDZ~7IDZ%i?6ZxWYg;MwAW40Ai<2wSvM+K*bKRYY zOOdl&=j>1q*g2V`ekVDbO7ZNvQKRbDq~nT)dZx!4XG_OY`Yl=C0yR5TKMJ3c_3d~D zJRSJ)9l_FUrtfi)5{=A@qgY_G^Z!gXTgXzJLq(k37YD~V*-Kq&`m0<>|BehID=m z$Rm<-uKegG)oI89$n}>d{-~=+uzD5(pw8rPrz_JXIGzL_vk=j~wWB?F$qGlE9Z8ocHg`2(% z5~iwCUM9kLyjfVKLvqfQAEWaeh#Wwe{v!A0s5t1Is+Tj-wn7oQzTI3OoKsIkPw2>k zABvw`Fu5dY=M9AZ^(>{C7Av+UdqXbj#2d9L*Vr@*Q1oY1nk3@d#!wJo@g1n!>NCkH7-(Zeszm#4a}@5F77>s*seq@&kTi z-h)3TyGRlUVG@TSF*VoS;5{!|4GOuu6-k$_Lk?3BCVgg5cVXZ`IbfskY;%q5z#8~Q zB1o_BRW-xeH_`;5wa^1OoeMywqgmH7HMv2?0bzEHgOia8k-0(NWYjpDg`m3&=92Xh zyul3%f0Ok^{DMggKUv0slxSpLy;vNpiOW(pakqS6O&my7C#@i2|6?r{J$kW_AKjYT z3ps#T{iTUNDvCj!s%IfinR>AZ9S1l4B8b;LeXRb03<96KU}$Yegw*DjD_C0wsnMgO zB_;NEy5G9ib_MF<2RLF}y4C~Ok2Jd0X81M*T}0ld$CKqEQ6MyTxrkU}T9ifbPl#va zp1-s_2RmA0uW$;174VyQN9F;J-5wM;>TJ$+Kc z#HD%}B`BFR@jLZc!-ltW&IU&F+FskIqgrx^p5DiO5~uW8*MT|LwN-PMi#ur{*fXnz z;DyjK`(-V2XK0yyvz9q8v<&W%<4u>ol3rXMC?$=}!?~Bhxitg>$TDU)(OSH9yg!4Z z*wkU&t$<WNo2+J>d)uoHD~FRd!S+hYH@3cef|T39jAnt=8Yu$w1zj&a z{O7Ibx!OKvt*ME{j1j9(S^7LT0&B}dby8bsuV^tuSQ;!%5vul9h#IGFoU^QX0dS^~ zhjUhLu^X&lUc+z?-#p(~|7bnNI%3OBmQerd_*Rbh8!&o9BlYi&&sYOQ&@~s}9-rWN zX9=tUuJO(uyJbfc&jp=c;9B_pX9fdEF2Isj+u}+-7Rm8O*d0@FtvCB*F5y zsJA3Qs7O}=8L*SHwLRGab5lX0Wk|AqJlk&KU$uWXMH&%iQ?r>8Pl^1iwWZVQfH#xe z7?rP~u=b!Uepr*Q{27J4(pgh9NElO58z1Dz{$jlXjrcHUWdU$_}Zf7V99`u zN_Xgla7*^FAvO9>cKwRhbC1)oZP~SFgn;d;^*RoAJ(BHVTS7>D!#AT^SDF;7%IONCVXhsf^d8<>Gi zw}$$=HQwpg-Eig#cB>w#_LT7mXzA&eP5-aeFLcZF>)Jbg=z8*P8(jsV{rUi51MPn8 z&}YA>@f9zcus%n;>ANz7l5gMP>)NhP*QTKpL6rU2-L-43^`Xq7q(|n&0@|QM7r`Zc z4LTVre%5hyTQ+7f@g^>}SlhsB$Lk(q5i^3xHE#iVA~+_RC_WZc4P}+;LQr1<7MHepo7j&pyfY4>cS*ED@AUZB7tbx;DLJlu#Le)ZebA zKp^6ErZvwCpCw)c$TQ&o;aTu*!+~LA5_kuWbU`w_fK;19dam)2A;7s9=?#_d!Bhk` zd9QCaNw$cCnI7#+e(USpC#%pobKYvGb*$>U(#?kMQ(3#(0II<+yxRUe!h9~1&)eb6 z-0Lbw5I|kb4J^2cepA*WK3w4PpTlz7VfqgjRzEW=-@V-j*Y06(or@0f(29m@CqG;# zna>)oWAGLZ*9bRUQLswzd>P>)_gk_j_pL1FYpOY%ptbB-QN>jUzF>Mi$}o9{a$6*C zTh($UCZ$YK&+?J8$6g}9n4V;J4kGu zj!w{lS%O`n%dy^#vaw7VI>Q|cQlgPNRUlEpw(83e95;0m$7u<2D4Sqv0DQ|bdis(+ z>b*sRqY6C7wR@M!2lZ{A6&H>ImV+@r56V&Qv!8#2#DneZFzbd}q%t;^Qja|NK4|3M z&v)0Y&y_NuMc^1spLHkusGEDg30|An{wBSoiKn6ucU3QH6<~JgX~~Di`1= zapQu9x&{-T-*@Y~F8(KkPY8qsRuAzN1}0mhecotYX-=);#${2tL^UTgNw5#4Cr2!F@P!7_H+p5{k1)y=i(e{yCkGGHyw%d2T@ywU913K zjR>jF-@C(cDlm~Q2<@GBbbKaU>e??Db2yL4CV0j6e|XEdxc2!+N||0;z!^9{YR@Gz zrjon7XGq~&XPv&SD5u9Bu6v$2whaAiz_u0-pOUp)pN^1E&goU#ztiqF&cQcK_ylrH zuR6}#dpX^UHa=|__oFghbG+0_`~-^6AS{9L?cf$`QIy;Ha?NCs z@q4tk@fF76AjjFv862Vfb>;=xM>aWvR-arsVw;fq{2Za@tz5YOZ|4Vl=eOoC0&a`S z)tYlrNR9sf=^AtC--sM)TZjGy9RElQ%B69ay%>6~VKvC5?hT8%(_{yBO#@^8d>b1S z`6UHvPJ;;YT7Wi!{KS_iWHJt*Y*2JU*yeZjyGJQ%$_53zx3EF+Or-kMr9&|5s`^)D z!y!%?QzUvh#UMhp+IcFq+DeQoIpBeV;8uk{K!vVNjapQiiamo(jpaOGlGkF6!^`f* zI8>c#;$Iba8cWS)3dCBrtTmgfFJyCaP6ROoY;8&6>euh;HM9eX;ob)UO*asXX823c7`C1+ZibD-p)9{Repq&=hy7p8Jivv zd7qmUnYJ@JoGiedY-el)+U)HN@?)4yUhn^blp#iWOh#!OBX?bOtxr8uXMz;~NPTi9 zk?OL^Z+wBC&A+Lu{S7q1;zg5x!+O^VUM9usyE<5aFb2UgcE9gCTWSdUL4q#RidNdq)I16n<1souqP2b_bmZ!PF~zVxmwT1sg74et;y#zGg7 z=N>$lIk0A~`-^4YsBVWtzQ6#a=!^d~qtrN@=VM?~Jv}#n2OXy_A5mAGN8^s(bxy8P zH$KnFxfAA)IrwUgYeyHifhje-ZF@9;IJl=pg6wR-bh)+L9WA<)(HHW$L*5<*-s3wjmuku|pa?4G?4XAXP?T{^$g~_`0=2 z-+`ht9gZ)EcY<3W?keGR-`WmUgzyqD&~#h3t8AqF*+C@1e<>rhXioyTTQRa+{dQ=f zqx5NF$jKb(qA(4}6D`d$mcz|z0}It{2x{P(A>e8i~M!M$sgq4HiiJf8@Ojc+|z!2fW!N5-*vt75QYFcbXqxC|qRlEd3WJ5qqV&&C%C0eUni#qF~MnR2= z=KKB5%>T0g-GtEB_xZl(`FI|(^Pf5A%$YN1X3m_sbwgk5S~4xT0B)m$%ll8^qyg?7 zL&H78!7a9NPZ!*VoZiQtr9YW6Z75jjYM<480Xh1~PxJNvnU^7Z15a&R5_9y&DK z*OuA&I`Zx7V!m3w&ds65m&WU(G0nmvQ0et&jl1(^yL};80 zNL}_Vs%Hy~xsmjOb7{hHgCTmlz~XJQXO8npLyMQZMqa)veZz`z?r*hbrFgoIy+%i9 zJjr;Q9cbGfRUMDlUjV0iI3l71{`^ICCV{ zq0v1rYOMfGJ!=S_#UYb3D>2qLZ#~4X-nbUsuxFpwD2)1+@4>y#>tx)Qj{VMLyWYd>S$r209 z%uIOrAHZSdh*2_2$_0Tz->)8aKp;v2sOKO>Y&&P(_VEi_8#!w#tc?}9+E`&}<69t< zxjA1OpE#Y`h!?E?3;$L;&O3~Tz2tzISqjgs3 z{S5Rv}QJsktEB@C*zltHd&U`V~O!l*Xq&k#Rx)zz}AOR7R$f^b4M9LA-n=H5tAZDBh; zwZf&^wpP6AqPLfe-i|_#shXasb{ByY3*^V}@Y$b4wHYOb%5XPmqG}exC}@Y&+Igi8W@rrHt}Z-p z^$^DU&_mcVa1}OcSG8lbuYCxAsviPY51!m8@z07+`_%~a@(*Faeg*BT!PUNw0{M10;prE%|I$8ut@^KhqRSnO|BJ{B8sh2-(trGmW`LMggvR= zI#o&py9k9isU(i;lOTl}^Fw=jp{iL9C6h~`NJnjdC)**#DBCS7g!TgYG4CCJK3^(d zr|8{ZV~|fmWRFgZRq0w0UubHUo}JtgbZl;)HP-60u1B7k?}(P*tpYUgZf;{O9z9ly z8J&a6pHSC?p`h4MJDLqH$v8aoJ8+w3Qc&=1btY%$F@p5ab8Hw(N zTf}OvW2{}}?_=YX*;QWUYHLy&v+?{H2c*#Up8JvP+1~TaDHJFR2!T?9)?9!#NkNIu zNG~tj29lbQqNIw!GbXtca^+-RmQD{MjN=n!uH8-0B|S0^S7-dnBaAy>DnS^Q7~a9A zlR-Auw#V%dr8?qiHaB4+VyYK8U`4xkey>ZI8eLo-orwfOB4N+QRb&2+UI8>Zq5 zgq=Tvh0Yi*5R}eoRy1`ngMru`kT1S2!&lKY7YN08tO*5JPNr4E)2PfuBO}Bs1p5z= zCgVyem>T;tYPoHPQVgbS>Zf3!Q{=&V%-|(+cynUREdP$B;!@@q7ap^x0qnwDuwuH( z;Wl6KZYdJUK4|dPi?ZaF{(-3`ONv~C6Df*7Wm>7DF(1Mh^!TF(Zjss_u#-zOjVvr< zlV})52&!xHGbweWkVvK$K|tP`#P)AM4{U6fsNY;6bxCBqF58-&y5xu~%*lw%kUAEe ziwpfOBI%6PTG^u|>ZE!QPBbz#-Y7NiGB$--?c7W241>1P&Uewf!$q%N=rL8(lM%Ur zz=;L&V|bWJoVY~Eh@1-|f}QMuK$HYfXHRDnB%kPJ*yK#Vjg}|A3iO<|uL5H<6vS$i zFa&{tH; zDIYm5%AAUf3&3*ga6Gn%r1cE~tvl{9Y5ajUA*nageFFku*li(S7*YGL4QLmtunA0cYKmMs+XM2w2$fP z?BBD$nS@~GUm{$w1I0F*ICa96!y_rF3ciW$q{OFAkb!=@cO${VZBwHSFha)vAAH?U;-czvy#^d&3OrQxD3 z)O!UzAn{`+bVw~)RReS=7V7YQyI!Jli-WJ`Fd=78NJ!p(s2RKkPDQ}0+XT3Zm0tJTsgSzrA*4qmYLv~Ospb0t`w2$tZ{?!a&6qdb8n zRr+TA#O(4!^*Z-*XmMc4wDBX3SW$a1HsWH>0g(#;;R^As0Ccnl2=v$M5^I!1%Qy>on5fY{Aodj+f5d z;touJpo^;d5;*DbD^Pm2K?LnZ3wxGdnQQw9lytFlaN<3vTlV}Al-gnCV{Sx-Izy}U zPdhm<^Y?UM@oeliK?}kTIW`SMpo8Neq=&Vln$u0-#;vV^u0meO&|jrB*XY0&fqA!r zZe|gQWBUrWr1FNw#1z=LFNuj5{_@lCIJmZOXQkW>Z&-%aJq7|<4Lbpg)*NNx-3Go{ zf9hDQSu@d4;DcO}i8fLSXOl%IAV5*&AD9_l_>Ef^to@X{|A4 zdN2`sg!4=5V--}aM1KZ@xN~@m3RIt!*oDM0SKOk@p8EB}Om{hLB_JX_g%V>!3MQ=n!GV@&RBT_lWkjr5OtaEdX_dsP2T^-vsBwOMA#T(#PhMSRg+ppQDfu#u1&8;*UD#7!ecs zRTWH5hVDXVwi`xrXRe~n=!v1OKyoViOV%c(!hVL2XkTt+?T5JKoKC4VkBWugi)>iU zOF8dp63$gh zr$aS6f~8RE%A52Q+IS+++ihVXP9PekxaKbyM@?;ej))H=h>^F7%FE z8eW)KX%Km$-J_2gI6uN*)Jo!b!vH*$&XjU*K^H(lrVYTbL2@ApY5jwgh%m?kqe^hg z`l)>PpkQvv2F#cR5Oaz8sn|-m+JD1-M2t)*s-R|Z?(I^H7D0TX1k8YSu`~yos7DxFbX~ z=vp2_FRw>P8AD{OgbhoB$K^3>DFg4$nj1%NbjICZvX4iS9!Nhuik(-Cu}F;I$7|6K zcGa4%s7T#>4!gW&qUvIxyI%ePyX)%_g>!rOE8R5%CJ)tzjZpCgHHgVPh%$7rCTZvB9WjMp?##MYUuB}7gG$YDT=)J?(DuL@$=_D$nNCS(tMfyw+2l2EktRHMm2mBlHe+yEihY z*jGCYWZ#LDu^A%5kDWw1qJ%qgB&x`Qp@{^T5*ulzjwrPu$`JvstKX?FHw(em`a}=v z#nMS@fdZA=qdvOua~Lx(c7!^?e|0Cy@FKk%PZJ)VBE7l~*G6q8!HrWR)Pj!|^-$ji zZOA{>8KQBGK6lZ?&{K6+0}~L&qFSUaDnw|DY9YqpCg3krhfm}_B&>aO`S_?om%gDR zbH3H~$xt{ktvifO6iwG`5v^O~tK9~5Epr^Cgqp%I8Nv|QBGk)G`0d0@{xGyRU7QeL zs$j|C)fF>pPKmdx(I9W-dN2j%o$~JfkY_4xbJnG$BArm!UQVRNU>`*nf-qwTpNBtx zrnFtIG-(91-QxR%uRoYH##t@dd|&kTj~GP+TBC2BH)YXjD2y)@Rfn zli8?o0I)LZEFw&z2yW0xYLBX$X+J7X70 zs@O%0clnTA6DhcYNzOHyqH{PG+`K|2Q!4Fso(TY992X;kF&wl+gj#VwtF4hSu=Ij< z&B~=UQkGxbKxZ+_!he~?BhZE#ZDRJUYt<1nAFaWU>CVuFbvr5Mz_Tw?q(Nq2QosU} zFuYZZyr|wCvC|mBK*3*=CHl;8Bqa$oxak4>nRL@=1sl&+jm=NPbwQvLP6}C!6AuEU z8x0X_YP`6DjTZm0?lp00#Z|*}6&B$khOprW!Jr97Qc}M)w8gr~0V`K4P85B-VN3lLmoL+|iH!3+KV~i*8!L2^{6XDoSkVoRcc+&mOLm+U zp8_MRkr0}?OoQb+jHwp!$7%UvJ{%i^Z&qQ|(wEn_r@lKWGVLQ!GS@NW{nhG#|5YDISbGy>G@SX2vgmVL1+kZa)|_=7k9d zZS%sa9cJUm)HJ<`T6DkrJ7om}I7Yzwl2J~&F>OR99n<{VI%2b|9!Y{s z{hY=no4?Skrqxx|g{$--?CUbUF|UgO%I6l!!>1HRsc}%A)hHV*l-CBxWr~Axn?_l0 zq3nKo;as+MP|gL4BLk0&SVFviy8VCvEDr$23QsDbFYXn1Bw3(OmjQ6{i>0Yw#Guo{1(DgNC( za5Ik-gfB?)s|7&5@GEI3P&+=uEq<*0N!&Oc5o^bCR!aq-K--7DU%(K1R=6dI7`VOM zv6p4&E=T7dhNS2M$Dk@aBZGy^!103XPaT_R)L$~rWUn;5Qlq{&h~}p5Fe|Zz$Yns`%O!eKug&a}X&6w_99FG!b1?h5 z!bQE|WOzD9Qc3oXq(x3850zZBJ!oE#wM>&Kn@=P;J&YP)+2Mi69`)Z6I9(IK=*H4v zc9ftG(H`s0{)%5(l>fTQ5+!QiC$otb3M{ceehkzSKw&naQ&Rj2NH(DvpI$kxkFU=_Oa;AT{Qm@G86-SbU0qBqrB* zQ5?R6J;TY+tMnzj3|XLo&sY6JPxqXdxzZL^C{T z$6w!m?h-9=;XmxczgzH`s`0baQ7f{i9Sb=$ zqD`Jx69)@9h?1Q?xgb*8Cp#bz9Rbvp`%_cN7yYe}gy~~&rUian?)LGX@}LKBPPy8% z5j944Adl(U2PZ1jR#rTZVECMmO11tD8zbka#Yh0jP#blf1nU5>@%e3vlRrCjb2y1w z@#N%c=c7{n!uqiHWUx#@H5c)Q6X)F1Bt#C8lTi-c98SKv-ISc1taCmp)jQUQhm$W6 zZ#Z#IQ9Xf3o0AHu9lqX8U#M&vK$x2#_KQ=$P;E00Jx}J);*Yn_kXA^obp|WhKpDo; z(xIa7xaHf@2hy zQ}PCmfu`$s@A}0>Xo$vzf(9}?@D^Y96_JT@bf3k3ReucIu4{MiGib2ZAaxLis&i|x z$2U!?%6}QVPx6+%SRy{Xl-(aA_%D01=3#mz%%IQ*v*I_&uuaS^8<2%Ac)Q;N06~Lh z%SCII2E3}0t(D}_S{DM*Wf5G=Ic+?(kd}v>)rA~aP9^JW<(iJ|+Gg@dSVADw+TU&L z&rB-=N-~wk>Pst)Ro#(3wikz=R2qa_Yv*_B*lxz+_?>}`GS=F>u@dXd}HRJSSfiW32H7`Dy+i{?Pa+x?YxAe(WI|F=Syt6EUzjNko{jM1-Ha zZJ|v+W|yArY&NNilWJajU|tl3)1_kC>6rPgHW>>@B*jl(&B31B{dVq+1ZaE9&TK3) z%QTT{t{A#^*J5ZD!EUhO)t(S6HazL(5^1>zvhmd%?!mszU|VnyA^~0bHj&PL9<;Lt z$n+`zdqBr~b68T|w&lK7^-mRqW-6OhO8cC=0)Dcaspn)P!P<7RkxTP)TWJB?3N_u| zwug=J${u@O+#N6{hH> zG>L|%h|^%>6cfiP>f#8F4dDg?eW6w$9=jjnil+G2UjxfU0^HNZKvB&O8Fb_DFYv3l zCZq!;HD_dN(88phFGoIY|6^zN2k2(@N-MEDH}P5~R$Ga$<|dxa#0gg78@Y)`F_E4+ z$@8t;#NCnTQK)xzHA2CzTCm=>78trO`5da2Ih(uWERifJ2VHg=E|q&x6f&nPxy6ud z`_!iOS3q^fx{v`nNl1yI!vnWsx?`wMuf!&0M26=F7GIAop!0!%YXK&Exc#BUt+3=q zI>leo=G)KW{Rp7vHM0%7=%SkAqBiiBQUu8!j@5HH9^`fkPaDLxVjHJN^e?B_jTTg? z4fO<}Ea@$dV5cwEy_-k%>9cCm%%rF58fiXoj6&Vhm`m4C+=Q>alm={58<}di;sh}NA=4}VtxgL&OGk52Me)0p& zXIt0?-I7JU+C#F_f;-2CTMOmOp5TGI$AYV|;g%6@FAv-`7F@!HyF-+@Sw>-FNc{OX zv~6QzcFbKxBgAEs%+WT9f{1LJe*!8r)_>fmey1N#f?#R%@EgEJ94LKeS9LVVPVkktq||kB6S$0tXg7m~c3H1KR<6p0zPCYp#y*!==oNbi^PJCnAbm zyo8+@Qc>CQI>~JF7n?moO0!m|5dqvDlb9Axv#-{uxp5C$ylVVKMoEUeGs z-xPMLUD)l&ckVd%%JxPwPGOm?tFZsxF%Ri(gVc7iP5SA4s5u_em~c{g+s?C*ej`ZD z7wOg`nz_T98~Ysmma>U2l_qPxL-V zmF_D{+S2{NVje8>z4ETBnD>wh=pP9y1viBcZKWw1bmmfzHw+RR_6LX5Z^x6 zH{Pp{aS*lWZ;fvbz~kMP!H`V ztCcN|%tsEbv`7Z^SLBHpS_t6{57pF0@yXJJPM$lF$GapfWv5tp>a1J zCM2sN9 zrEKBcj)ZG)kYyxw68`#X5A%=?8`4YZhiUa42!fUPqY0h`f*C9%cY>;hV% zk>73gb|y2WNeMAj$e++^{zC-QY93yqTTP5I&duq|fX=DyUYph!(2AspkDmHjn`c~7 z%&b8=EToMaj;(Q+)Ll&CaqU6Pk)BL$GnrVmjlw?&Qt_41cLQxp?Tr5{x@*Yz%Fu^c z6a(|_m#lMyG^sFEam{qMt+L5Z1KI3F9kF9sqDYEA!>&2a!wZyx39t0&=ML~ta86#` zTWc{vg$UO6qD}pMQ7$2loq$aqy!i&tQz1c$e2E3d}sO&5sS9*K2dCG#$wtUYiTVYm+Jm1Fna74i?RciDZ(q$6%ss z1E^y_H&Och_QN5oUi7p`^bs371571sklKn7C7hhShXnu$`c#>4)$Br4han2PRVwvV zvM8LiFqtm}t{>ieVM}ygxXZ$ta%OOL4H9PmTZWMCvGaUmOtySu*P~Pgd}G^!u;alW zxKH01=y_7^8L5%IQts6rWIWX@daOZW7StNMam4|p zWdNc^1|tKvYW=dxzO0l|RCRzYpkLb=s?Jb$hrqk^YaB51O8)kU!X^JgYS;{Y8QccX zHkKAMCM6D*PinB8VwANGBvEf63cVS_+++fO4cs^OiQ^uw;^>J4gk@^>^X%`tPhehsezSghn3h;;669RA<|}ME z4iR0;eCUVrqQyTS@S-sMXvc@Amd`hYp+|&h%i8SD0qHE(`ErVNh{Z>LE+0Q7uy;{y zivfUl$z}Q>6gM6_6uC!J{44Hg3D6zQfa8wlm$;)D7{nc&*h0&zZHw`i)-HrT7jj3> zv_N;ULF)jT=Z>CW!TrdFt0tV+9bIn0onXTqKsc{ET9q0WFS6lE0q3es?WZ4)lH$fZ z{1w4SfP!Jb5e&aXFboVLm@BPZ9Y6i8P}M?$Io1Mo{PY(BG*2+QT5yh^eiGrlg88z< z6xi|8k0G2_FfUqgj-P%VHOZ)Xqy;h+*6`c#;ZfO$A!lj$Uu<#zLG-iv z7Dx=;@O=EJ=D%_HusYxdF@^2V$W_RAIPc2F(zrG2Cy1{GUgw;4GSVu;lXh;E$Sr%g zgGge&8gJoWE;d5?hmH7&C{**`Tx_=CF1tvIF-3vcJ)q-|y$xjh1M@g;=SKQ!uC*dC z9uVxaz`k9x0^5}Sc=T|D&sgzU;LNV|f%4KH;d_1H^cCv^qqM^(w`>O)7S{*P)XBDh z8c4NGk#iPK9R|)bedGi;lz~}e+AwKHDvd2faWDm9>%+`aWJe@t-ptTMEq1BJfB%HU}cFKpF;3^>m zuALn0nrC=)<((o^<-6N?Y!vm$(Ws>c$`YF8Lk-$Uoj}TC>?Vu&B{tkWByQK4VT@y} zSBa0Ya3ePE1%>k1#e!R8!%Zxd$FO*8f5<$V;@@G{%)w2H2=E%|op_JxD$l*B!1AZ#C(2=4^LH` z;?q@uzJd^KrvXIUJeNS}J7bFw2_3at7V5PfpA#h^@Vn`7*m@}X4aGzwaof(d3GTpF zZzu|OZPL9YX7-az*w3+{0n z?qtGw2fD2-xTkHn{RrpnG~WN#2&BV?D+XLRDe8pDUL*J58_7mn7NKff z5xUYDI|WrlrkzkU#kgUCTmOV;og=5oj1>Pxc@6SbJA)=hS+4>v-l*l3k9UXQx#pQq zBmcb8Uv2QcGwk1qVha-x`WgAVPbM40w$bRPbboNB;CPEY4K=?Rg}t7I9S=$c3j5qQ z0~eNfuEM^6T=NPWH~8Md-Yd#ENMWZN#I^}`VJ{aPZ(&b^GHga+Z((7N2BiXpee3Ii z3rjp#VgHR>^9p;H!S@#SDbZJVVV845ikf~A%sd?RrP^6N7q(Up|V{l_@7WJwk+wH4oAD8v={5Ul$uW zw0eCb8YeJtb>c4l99!V;hD_@Xxg0zTEDs0Ac~Gw$fP+#RjJZ5qlf%QK9zy$AJlvVf z!xS$M!>;l2@Nr*ZDU|*pkB9Z5jFuc8g_+J8QgeRpHq#?3fTtIbyj^V6WYzYBt;|hA zGDn^>EU0H~s9y_|6^MejiD7t~=v{Jqo5b?PnI>~1H2M_)L$@|= zOOKPjM;E)nah31!NXmSPQsDGXMVO~&VEGy!XfFia5o)jM2(7HbuIn```pW7a0;kXa>#Gr3jq*z_oSVxh#gh7+GJ_{-5o*eVm0E=#GgMfWQKv`;Lir zG$;Fx35v|@x55R`<7rRv(1tk{&>30_+HA5o-vGD#>C!lx(=to~j4v6P?cssg3?z2O zdXUC~;EH?`il!JEedC$9P@agq;jgL}_qF4rzn!DdywVK_*O!bi5V#cvkBua!)Out}imvoF;HOc=k4dIcG}~7)aY+8J(x?FMr9tPdAsR zkSvEmSY&S#$UC)S-*Ji~F|BYh$3rTLM|WzW}YK3&P^fvXSW z;sUy3DuM&UdcpzKG!y_DTbst9)2A-QFaXQTCiE{P$^}zNyzH64`TY)D=IsWcLs~AM zw^1G@J<^(p12fhDHj)EaXti|;5FE={COP#YW#K0tjpF3fRriY{7fDTJPef@jp77?7 zGFy9>EYkQ~_|}&}nf_t8kpnNZtA)1Xme>zJ629$}Vdgyz-0SC@{ThONSBZT8ECws{9 zh~13pvEIA2Byao^p`O6+*qJ4&dW>J8KC}k6X05R$zStO10i1Q-4KB{wLv<2nXSi5m zeq>qsO5peNDX1#b%a|mLmy%Xr1V2qO)PqeC5#SD?PP?GDUGgNNl;5t?E)`y9)u~QF zovuRmJbL?I)ag=@tDN&JQ@b5puuk!UKz^G!e9zoEoeiLzI=v0&(si5BHTW|C|KBw}7uQ|8>om8HZN;f0f0Xo|A+PNsm9(eQuj%J zEfi3pS^BbIN8-_yIem^fLk@lpck{FQ0K<=!Q=4?BE7Y#``R4KZ^f@rU9cGmzSZN<8 zg+g_+44K2E!>|}`$R9@uNd_|`35g5viH1hT(Xda=tFRPU1HF$#NQD4=)3sNC$H$h!0ThT<);3CLl)+#uOG4UN)iO?Qcr@5dyAZUs<7-S zxBWN|yFt8GGx|NpDoI2Zf?|%jm!pRsd-Tvv(|crd=&dc?B!5)tA@j$ZpEprn9={wi zy=evLlAL1OLX$TbcTy>}vPuLViJa66t9&@J&gXzsi z>|gViI%oD~wtwandeC{t!v!ej%wupcsw7v4dGw_FI8O+zi`K2v_bc-8W_)Z}J9;^a z=u=-E^Eq$hKo{GQ`-Z6XW~_J4R$hR!oU&r3%4Oezb2i;)dRko@X6U)n>)|GQGcruA zboW>2BzkDpXYpd0)ul!*L%)eT`rn=vt$Vw_h8r`{S#eKRSzt-++Ykdkd2!lGmNOhL z&)Q_R5H0M1No@D)1$&wu^LWgkpUX;{TM6@O#NBswf$7{*=Tp22Fa_mUkVnp9HbwFN zfoi58#XSm8#ATaK|BAXcC%Unk-=4$jVC`i!xY!h@S8lTGqTh3cl-BPusZ5pS<7#F~ zLmNRK>EiR5P&@F*67nfa(2pb0m4%aW|n<*we~Qe4n{g1Y!vw43#imq9qfr zLtuE%i8*4i1TwWe{n2$n+d6({Bjgp@5UtxFuFVbbEoF~^Dx_VK|5qAnY&vw@pDow5 zrRhY5{z5h=A&l4RZp?~t1x|@y-43k_)%?ZVjtJmGL=TlFGJf9$>VOqK%&+bf%UoBu>AM{btHTy{uk^#7 ztgp+@dXOyr$nqdpmUa(60Y@3w-(ca29j5J*^*-{jC9_NZZytHLZ=nVM9^8{l>ICS^-Q2f4>Zi4ZFb^jI z3w`EWsAQ|p%+F;p2$)=c0(e+kZ|OVmg#7$m@|C1$$me&+`NYp~h<~IzXI_i!>LOa- z!sdifnyWZa6^vy_?v&>t0FFatF#qDQUsGCGjLAj45vUz8M&enkbU2wLF1mHbpvUC> zmqb0i)?SX*7Y`|`24Gfk!bWzi>LFwAUJ z=Ns5b@qpkR5KZyr3?Ggu>C&jaT{-kflw9wZ3lbrNH4X@d5CW*%DJkm;QMN8?y`AGn3&wn0C}-Kx zPK!^Fn@x-J+w#Iz|iO@pq)Ik91$o&W2h9--&=220CCkcyowS`}menl2? zcP%{oV@gqTyS;vNhE&zCoyDR-5c?sMwcr3_Q3bia=XG+emu&z212zSg4=MWY+wu5- zNh&`E>S;jH_K_5M>|VWza>DjuOx{Zx3qgt!)o;Rg$E#q$N2nspK(ie7npdMP|S!h z19hq}iH`&dbX^a`8@dIuB{RmZq_&n(3ysB(_qFS*-gcH!z%Vi@A1fY%ZjpI{^8pl~ zwhLqtl{X*w0R)`Mf+#NW?SPb$wH<)$Qmf9v^&dHVdIWL>v*(_lvd`E&+oN^u@`O!$ zJSOS)BE2KD9J#{1T7%1bm*do8UBq>O^3&I(&AJ*0O3Y~*+Y1+`LpNb)?a=Q5&5Klg zo81;3(s}Tdz7u`7sOaTr`rF~%^^B0n<%o=?zjH^uji?px`lIP@tk~sz*!C*$omOu) zY{0WWH+P2GS(_ko^Tbg54csxDwjb_k*AMp~LR`KwUBn|RS3^{+)Mf_4i4-S?Y7!n{ z)~`+-W z+6)yPJju`!X`xTWS9_TiffaxjiNR~2#zp12NTGIGUMvpU)#6eJ4=ncY*N)AL#c>1J z0(`TM{yObKMd58;9$?Njp7gCWc+n6&t_ObNl(`<1w0_!M-WZ(-~%qCCLcw% z1JRQM+iMq~t@a9V-9#@RBTdvSCBPMOJnD}BGM7vHvYtL*!$qStPpe>+!wotWpk`}8 zSikbrt;()vt6hz^`q+M;(~$|jT8v?<&6YeF!)WA2JIA+{fHiHe&3M^rla~A7A8h2N zyAX1Gr^=!tW#ULkYgAL%2^3(2{sYZ-5vHohVC8t^zX+Z2bd(FvV&UN%1kf1R3m5D~ z^_VB%Ny38i2)`QjnY07lcN_V=bhx%0W~?^!)DDB~)FZC?a$9K&K{AohuR(413flr@ zkG8-<4crzwLRt2WS%{@iRba*+54oLgYqLj2>ay^68I3TS$!k;l@c6`dedu*l`clB> zoRjZD%xX3_Uvp3LpnAHge6ilV+4=JL?EkjBEgLsKU!ME<-{u?qFY+Bqf3PVzcZqvp z^Yn@be*d@So&I0s8~h&f?GeYt=9M?{J>)xcbMyV-_tSoPh<~%%FY^69+VAZDBH!<$ z{r2^3etEx-_8a*x@*QIP9dFr4?AgWKz88-|!;Z&@$32Ts<3z#g zY|f?xtPx%Tp;-(5x$6oQRw;zmD52%DxR(qIu0J;a$J<>LqFrzR zC_sC<#W&I@USacT?JNWc0JFDasL$Xa<}y&W^CWr@%-yKQJKVQXuC z*J&F-D7aGeWQSPl(pom<)$@aaUkC$()#y=@Yi^C^Y;8t1Im^8T>+Y+64_7p6&D&)uO=(7d&|n*+F@Kg-qf2RK(DO=o){ru8Ji{WO6_ z_(|HS-QGPBvq2J9seyYwjjh<9A$MEjZC-`$@^>5o42f=WLAso4(^ZC6Z>>(DZDQEn zeD_@u>T%q=(g!za8t|%}vk#}7y5|@rYfo_5{biVThZH!ZVs+rU8olk*tr{8ZC8Ho zY}qW@AO9<#W7#MRSqjIXJzr}`A<~0N2Wl#%c`99);_XAA$ey-P<10*Y%8)4z%%hC7Fof(;cHKX{ z1z(1{2c-64Uo~)PG+Dbr50>JP7SY#+JVS2hayAqUgWVl?Uk>;Kjd2Mp`V-=Zv&@d`|m*_}taaC*QLljL#l1sR!jVw|~6nO|LNXwMf_b7DLpcssa?f zjYv}*R&A%NW+h98cG3#Ti@OL@a`P30xaXgC6Aq8B^i67ajxB6Q)Va!D0=tIKEMxrAJ z8AR>F*gizUeLJ4R9DXbLJMdxbWUQM+cpjUZ>_ArzqmofsF0;;KKmQ7IY$kD?BZl1U zZX9x7jn=*DtHE}US5Zo)tEx8;zktkU(#$+j`oME#EDz632Nsv!gRlCS!Ur&V@#DIH z^Qxy|&l#qYv&$@iGSE>sFJ+oOeXSAIQ;5RZu?bqvyns`RlbkKD?2t5F;HpYvb~8(O z>viM=M7p^CBj$CQYgw(q>(zi=AU~#DwSd5CjZR7NN7bMj6EPMQ9%`yd0S`51kvKCl z0y9TS!dzeL#ZBr7V|f$eTB;doW|@pw!1_;^)&XNapaXgT*lQP6Vk#t&M~FY&`_ zpN(JW$xQy(EvE@ztxn51QR*_ah_TdHy}mIKu^lmjvOSSree8bx)$J)WT-wv=hyY#g zeXW!Rb<0NNi+`D8aMA!RjR3g`2QUE-DOi|#*MPqEAdPC@oR&tGH{H_C>t>GTjsYqL zTH4%Q*wU6o>y}ANTZU%A%+-Hhqt3DvnR!?(N|b)mUWQGt4b;a(>4XkxbrJn_u>P9O zFI-NGA6K*6xP(nBwTQ7eMs0-pK4P6!DAaYidPM^^5fGv=fGLTMNda}M75dU@Uuq_4 zD-B!jbS~vUR?U*uOkhw~D#<{ynQX{+o&Ii+AK_W81Pbq^o=z>p4aho)80sNOf~sQ& zt1G&}VC*6o79-e(kB&e%JV>}mdGsu^Sc?Re=F+oQ5Nq_+s9Q(uUVs#J#O~uyj`9tp zI6iRq{VPu83nCE`7bU0Sgn!^D&cX0%#AEeP7SsWu)cw+_YgL+$FrHgLYCI+ibqIPh z-3ZyOnyM{@)VfpqH{;|k;o|ZGA)TEb*p=CZ^htrh*9tbC5gfuc=4ly~x zE|azg`IW0%p1{^QZl8uf5xFjqpJYm?zx@)B;u4kJ7THMTbBHW}Al3eN7XtTNOXPe+ zCT7?@OB|oNXOYn`H(O!;B8LjrYYCucq0$nfJzTGamN=uK9zpURRTYP8rP^T^?#IVa zQh^)2TF|Lug6Pu=Nr?PrXFl6%&5s7B^dew|((9vbO2(@NN{?>_rIIgjxuny?YY>DX9ffWju^>pEy67CoJ z2ek<=Pjf2(&IbEbXc60N^&;Ge&s+nGo5>SYpcj2tUQ0>na~QAO!9VHc?x&c*M}a%8{vUwjB zfF~~o5_0p8P={(`geqp&-v-_$6+0VI(G>sEBw4@!YLkHKfDNoomL?0AfsWe&akvGO z;P@xCJe??s1@dE{)~}aZ)+u@e+ZXXt93tC|d?L!Z~79h$4YdL>40Eq2bWo7=ctPKr#`k z#}$&~D=9lJ^Q21RTB-t`B&?R|+j^uPPh_cTjMR6d=hJ)iqNyJsL8QunA+Oe8pG|xL z3nTkQ!3yjb=AnN1h*&Blryd7XrxY0}TF&JplCbuj2~+}5o_%KzKSnu|JmgHly5tPtDhb@leY8=+!F2CF-(up8VTh+&I5x(PY7)7pTV(sgnX zU|~Xymo_ij+>I%Gvs$7Kc=O>rLQtJygr zb64;qX3Y?!&z#h!4`XOP07}sgY-h$OxZ{B9nK4ckMbo59keoro zVA;v5YZvCFQm2iKH7$8M#2{stS&W{N=9Rq?#LPA=f+q>9%YKQrT6|iVdRnpXHr}$M zCCg-1lUEn?T4m3kiGpixP;h3W`u)MfKb>t8NeABZl!_kflAuaY(twE%#E5U`GIJX0b(jZN}!8kc5s9{bZ zjEU6S+&W^XfdYC2=~=LpQ(PabmUg1M8achp$(QzsM_PUly8hbPkrbhDSLxT}4SF6} zJiQo$B4aDNqpHLr!;~O4z6K_h)$*zn6((euGwo;xjpbg|vhV}ksV($s9x@=oV)z6A z!o$;8xM6>TVh1ZV1I2;ZO*&ur0%VJNXKWgBW^W!%F%-D*LXCp!RwRjc$4x80us(J) zQy0t6igbxQq|;@-^{YBzTy+STwj*$WqXh(g>H}zYIH|Y7>kH?Y1w00~lUoYS9^azt z=Afp)70MUK;G?&c_sZn8BFp1_bP~VF<@0vZ27zw9;{r=Fuuz=6&w7%Jo_m=rUe#y* z0?BuTp2q)H{9h_z*bYwvr(ON&!VM@@`w`CsqH<=EgI30c5`jSud2V zleG(hyGU(=yL7BcwJX0vB)?XeS~FS!w@`(hJTMxPb>Lfh2#A$O6WlOOa%n|96+5E{ z-Wi&2vYiidO={=a1+%4JgvCR)O93}u{pSKxw5xuCEP-ofDalrr4G`b&0N3pY7c%Q0Z(nv-u+1gaL*OH);Sa-2;z52LDTpyeZxqLU)+5KGV14Ze_0{j!SG^ah zd*4@!-R$o_9I1OxLhs@9QqBf}9UhX70&O~2NyDlerTL&f^eTSduMfS3pZDrRuY-+l zw5{0?%%)Ew7dQohZ3O|p`c_g<447+q^Qkyk&YcBzb!z+WCM-qW^p0`60aaXHjnVN$%*#0>bOc3@W_8BH1In zt_Sml=k{+-i?>6ezO1jto~^14*eLy(sOuE?F3=46S|St9lO~8=U;Ku`d|5vgUAY9m zsGo{mp4EL=55tbH5fZy3^clii+Ux2va~&X;f6~wRJ>4 z=7Cup9Ij*7%EpS-_l@-F#%PMaqt=aNZ{CB^n(6jv9bG4-%P#^N{LfIfyh;6DTXRzH zmVZIq(GIRNjsI|~A>popOVs4+Oxz!J<5t+_MI2k=xh>xEZ{NC@egxEd#SwO`Tb7C2 z@9xDrZBRT%MlQ0VWkq<#FHc5(H?ITZK8rjJt|Oz4Eep!Xn{V8~b!7D00=THhovz2W zIFZTG1!Q9Q1Kj%Sh5$#=I%Gr!p8zjU2H!#73h0R!_elrWk-^HL;a=n5Ix_f;8+Twm zx#%gQCo`SG3`I{48Whi|YZqCO(Hp?alhKuk_clm5)3?r$Lo%Mx3+ISyfEx=NT5i|S+? z2C1~?G}w97lFkt^t^({VYpWo!o#0zVzX+=vQ@8k3GSjO)7%|wei0x%*mX9Uu_QN=Q zhI-_da{%_Jn=!&=w?|wzPMYFBqDBbNjPC3{K<)wQG{{zxtegvD2{irCU6_LJ?!pzW z)M_#m7h>J&r3J9kqN^%xf6kE0b@cFo%Jp|}kXx>!w(yqgF^s;Ravdx{LnznfsGb7l z+CYY^a(#ueyUIlkl4+~e`x+|;b3x0>F*XW!=i}n7FCb57MQ52>Ugm=;YCGD(N(3vk zR!|Qngrk%9nZG+uQJ%HD62(#{mP%=1F2Ip{<#8w|j|!(zf%uQ8<0M@^(rP*x71bzx z?~l8~Z&JllaFT}lOdR$S<02=BK+&g_@P4qd;#fzZf`M`bpo(z6hZB?UBlx|@5@ny@ z%(irI7@d3*l6^G*gvKW(*An>GKjHlo?U-_LvbKS330A7z_6%lSpHB`u0F72|P^81- z$VM_Y{CG+lMqw}8s@c2U5&A&u18}8Oz(X?x--a9*qG5_?y=kCVo&OkIK%q34Atusr zEmIks*O<*u45e@QrH;hrP`U8298F&i{c1>a@Rx1FI*M6_2|qG4M=^2RFn8MX_FxU5 z?K;5Ael`V$i)0p@#se(ZV+Mx4;sYKeC__b|DN<71h{hxk0?4saQSw~g#%iO{#hIfy zs7O|_xA#Eha|;3gUh8f#hU)aCD)qx0Mx&2n>etizEtiu9`S|Mwid$eENSqgUs zm|`Mlc?NU~_h5LGrB5~bXdDa$#}ZzjI&a80mJ0N#19EWe-h?H9i?mGt28SQ9GH}y9 z6pq9Phr=bx9wkT0U-y5*!8C0~asyg6G4$3AKf>P5*YlKGC+XV<7zf1Y}>YZjIblfubdHZ2P7nYK$Cg0d=rsY6H#+!E8;JbfaWcZU&|VB z?AX#hfT>f_0uY)!8WAvZlc7(r-13+i%&i_EEY={`$T&&p+wHS{T$h4ph4q@4et(E5 zZzCnJxJQ@ly*?>fOPn``wy0N;CdFEWjtBn{^-qD2k45U;TcubnVw1=n>P`l64p`;@ zE03w7ylaG&%OyiBqg{0#$_w_a@=CHPFCPDLWC5EOpR{eoriYOot?Th&TQTIoi4X}O zD2HVEDKc3DnIt3~dsXn;4*7&#^U|@HXT9`W)O}zc?|bhEeMuHE7))M9RLMZ>=Verq>tMsaSzkqHP7^RS>w^T=vMqa7* zK&<)-UJhA=m3kS4sJv2btlzv+Jr8(Ys+9=Y#YbrJHUOpN@ewXz3TbThg_-) zNF%RQCm>dh%PG}FMCFxgFGOxmU44GDRjPFe<&^55hybb1(iaHhl*;Ovd)4O~@=7(x zJY}Zz!R_dSv0e*j*Z}jC782d;dCCom&6=k)IlMrzhB8laVR&@5Pkpq$@JN`CW67>h zEgdqB-`;f^%fT5R=4fc<{+l~bISHiDC;cDKQ%abNw(|bJHcxSBBQ?M~!}`f*;@dlLIi+bZz4{tCF#X~P(BzqB*m zYT>GLU!kQ<2(iz^v7C7lSrLaFxArG8=o$cAur~`V?lV05LtZ%;dV7%3eAZmN3!#f6 z8D*=~9pi2}@S4f;;grFPW zf=H|Rqz4F;zeUB-b^w@GH!)TluGTzew&)J}-jh|=S_o`u5-rBx$BywSe)F^ z-QzH9?@_q{bdnn``GeCzsw6C;D zU!_SmfWbw`Vm^LRF`*{>Lg%q34@V5u*#}4ouobPYp0kld0!t3-dXj$8x_Zr*tgk@$ z*aMFUNMEn7K>XA87^_-v<6TUmp64H&7|MwuI88~8H zNE2K+=W+Ykhc>syC&djuz1Xw~<-^1jJA4im^}vMA>%Gc@4CX;{jI#Ps{cvMlpMJGN z@0Du>hOe#bL5w@7Vebf{?JN2U3t|1}Az?GQNA)DpouF85D8e71TjEtxl8MqV(~X3TCBJ z?|);Cxf4h=v~%AiIm-SFf`ImO=<(}=@B(p#1Hoer+-i?w4f11-=^PIT&*sWY>$tg+ zWSwI=W^~3KyX?9lEu7QA=5XAmi#^7W1dafN?a(w63U|gPSV7!wj-cxQwP+Fqc_=>l zFVh3;a5Bc^aH$N)aX||wQp8qo0R>m;BA8e}%2xc^IgmCSNEL}j9W7XqN&W*dSYTIl zjImfFcrF+1?-~uy5!x(dPsav(0=LK8!|~2=vCjAc$(Y5$#kKf5F|_u^v39U_hlCUv zE8KPdtf2c|eR5o3+A^Q5!15t}Kq5S=f^~=O+;4*%RU-*kT3snUc2l zDm=)r@kq)`pP(*hLo&xzqH>LaR#IFt%72+M&H2g{?AW32Dz58-zp76Shkt+z;P4;Rw@0t7S05cz{aDhE<$>?ucV4G6j( z5lFN0lg*4ZsQQ}z3dl4rc+r$#Ut5}4g<^HaZZWhvWA!E!O)*pyxb-gp&>z0qGWuda z0GlRNM{Ga@s*wk3rAF~427<05=+lKCkzm_F08#fa!a5o(CvjzMP4_RmyP&_JNJg(yGA)ASz4ZKfWtKGk@!uG7#WyqK!!0D=_z>u7X6q`04 zh9E8QM{~f@4FS>g{d3pJb&2hRx1@CsvVU^CM{|ifcY=OE8M^<)754Vs`1pZn6k1Bjz)7s>y}4P>=$#k3r4V zYiSbtLWy$X%;W{)(yN&s>RO%%p)k2KXPs1(5$NN;Vgc91V-$Bn{_47?eH%uP*&E08 zksNnItBKbc>f#T^=As*?$q3DM*gY26GEN#{_YwHQ83c@ub=^zDdj@@CxT>E+PI72* zmG4@t^@h4IR4hj3Sc8`3W-f!k=PGlg(RzY1BMllY>Zho&IL?1zm&bT0zs%;%BvN)4 zK~JdzT2JHEy`8bQAR^&6)?cvRSUZx)eOf-^wB1sk!)B+USPQaO3auOYQ@?}&@GdFN ze-Kl0Q8!+J0_xxx>3OMcEChOIW`jyP0DlLPm^uhZ(Uc&;Uf3E~)Ffb?i=Qw}`>gE z+ZOWx_V6S?cAF>xI8=^JWP} z>hs@8A&Cn4rqvH$MKH`bv__!E+N^jUioq4% zIVa!{>5Uj~Cx&`%m`W}Ihe>s!n%7FP?^B#p(k}b-P;saEHvLw&{pnh?JRJmctdT^|ABth20dN)W^<82$|~5`iM7ueIk&F+pjw~r27h*YjyP8!+Qo32;L5!W zt*3)MUE;5hlfIVZWW;sI-5*v=7{?jV zWQ;upVjFPqwSwE4llqY;FdDNNT@CTZ+H*=&Nv@<4aLpVEQ&I1@6rK9FlAG9Gu2JDQ z@XOr573?Wma^ZyhbOIct%tx?frt^g@lDNFRk-(Ptd2CN2qzZU)Pl$8`M_MF0f?LkC zW4A(VP6Zu&nN>mkoE}b6Uu&;WiIz`W!`a!ANu%Wsi0H-zl~CzqmrPm5Q*g&78936u9#@Id31H$0gj=M@s9 zqcw<-R)k*29O~P^2G1d1$G(YJLj}q{JaFqNPb-q-yzSQVc$O3iEB49QuB@y=u5cx0j52{c? z64a5X7r?TNfR&;K=3S!!bfjfx&;EtW&bE`p&aSqSICEu5$r_5L-nv-J2w`n7Kh5kC z%^F<{W`Vn((FSL)J+*;+CRhcz2)H&$A}Q5XDF$_E<_HbI3IKq>CAPiqVhHV!y$#5A z0usXM?`8o*PlaxFDJ!uxia%;Ns9WMK&3quF0FGHAvrS;h0f(F=C_nmg0!ie#er&#t zJxLr~0R$jM@k)XV;4f{~1Z1wL-V^x*VmAX8%83p1SU1ESR2EZ8m+S?sSy=VrpQQ&5 zjQra!XTwmlMV6sgVF26*dD^;=Gmo=g?1is7UJY};ii_zG0(7zmMA$0RttF!@ZQUP? zv3m?#=Q)qYn1h?Jbn;2Rh_zmTTNh#j+T@7o#g!d+tL4*`m0*=LQMuv;{ zA}ftxZ$|Vx=2m#fqRcjGhf*L1dO_ zWGHNVyL(ja1@@q17foO3;>fEBn3NY>^%xneRcGifP@&4CU2d{(E)*?la*czEQLtZI zaWAe>tk)2wEg%r}%}rfTN(cpR{eUA&GSn1KRz*<1=|nTrEajOZa=R-Lx{Dr?KUlE( zo(a7^K!WHCdK12h;zker=9d6VG+stB-p&Wx9I&h1BTil~BUNYh;1$friL!fe&T7I5 zu}{@Fl!!d>nhtbVP{5Fa`vN_^a1YQ`@J8LW4}eg$w#Ts>*D6^WmpfRY#kJ$X57$5yJ)e4)3VwuG zXLfZtV`W6MRqspzOcFhT0ni%P-qGU?`U$jey#ELTaRO*%Z-jdWpuCJmBBUUf;3Zik zGVGzgQAC1srpacaA+=8}+h`4C`_%3oP6}#2yhJ21{KgS_@P2Y8=khwrpZ%-NKtgi0 zTA^$7mbHsq6Z#X-(A{%Cg)ZY*_9FJriMq9IH(@%`LYCDZAp#oDqY$nBgbxdLBI*pC zcIcJ*sZdb~zFa>Qca=);rTVGEOt8Ct>J~(vp^-^dh8(?*WA3_{Y%xyX+8KKU_04~s zv4tjt%36e=%eZX^`<-&xFzM+AG*P|-zhfJwrYGdPV6&2T1Mhbrb|`^m$k_x!8S5t; z|12?Hy~klmn2V;!qOWFDLO$bi8FJ=pvc&O*!?ZKfZOQuPv&Z`V%05*M+`;HP0Xkmy z)8Xf$-b6&vln9E(c$1M+CISr9$r22ti!q=!W0Uq%MtHWLI>{=flFzThcwUonX7KY?&2qe9ZL)00oV)DFk=BGNw}#K(|^aPa4d** z=STzWRTnhzq;E{&W_r|YuXgQXox(;$HwLis#E50dPz#@yUOgeFZzmGjRtO zePd}rL{t3RUt1w$SK`4!Sdl{3MM1$fL`N5obqfan7S+tc!UY32Zmk2pn(Z?W08oDw z2j+16E3w#zlDTav7<5 zy;n2vnl!M~?0>QgwtH3|)h(H1Y%YDZ|JQ;i=I%)R-3P8*UIZ70O9Rk>B|I;N(zjub z!~)hLP1gXNLH`5?@ZzJetVMJ{T?zS`=nq7X*NjjSu3rBdsJH_sYYJu-66*n^5nUoF zA70_Tj(vua)UFU-QBAdxBIZ~>p>Q-xZs9mtxs1C6nchf}1B&mD^58BW0~h|$%npKz zg<(AA%CY6Ff#kSW1}WVR%0!O-?D1HAvt>bB|rjENMe%1!-@?CN>0-#TD4sJFt$Fhtu0!SNQFeC zK)tr6wN-AV8m-cOJk-Xkt!aJa`~TO>?AiM~La_MzzWe)V&6!y=0sD< zp%H2LV=l(ngtiPkS3CuLXsW&8zCGE)wPzxW`iA?c#kGfY{;*XJ1IbvHen$AwFCQys zbJp@C&L=ZC>#I{|gx7gzb0qD7nSrx8buZv-&YzJ#%h?>knR*p9*LODOTIfP62^-04 zNwi5}_rbYIl@Pj76>5cM$HPF=u=~c1w0I~5U!;Cf_I%tYXe|VZDcDmy$*N{}x_tlR|`_~p0Vn9rB|9v$@uFAy$4Z-1liu>b7x+bgvM0R;~sOd{lj_{4}%b zg&XeKCO_-9;AcEe#x!kWF1H=Bl2!aQh}p_X+OYJ>9i=MAWXN`%;HV$WQB+KRmTzTa z+cPpnw5xi2SH9j`;Fpqs>u0n8lay|mE<|`<%Jii z?ak|XZUp++;l4MDzPd7R2gCBnWPnAOuZ5%Vl?9S}6Mx)Ug+N%Dhv4>=A0r=mY}mxm z@WMMzMVUqbxRLRNh0B`$04y=NuXQ5-_@4Ua{J7Y;C?j8!?l+Cs=nd2SzK$mkMQG$MS*Ds z>#Z4t2IJNYeST;%&U_3jo6q@GL!>Jl?V0K(J3T3Uc8b5C{%4|C zKW^#eYCPG&(c`hpeB((cA+dn1G$VhO@kDSwLAvg=E~@6b12F)# zl5om+&?bdF2x;irqVvlgc)5!HY-c`JYP+%4in&9C!wG(d;!H22kjjK2{1yk!_$pap znMmEF$C-s7CA`$l$*Lz?5Y-3ieXW%?B{*kO=5xB~I98$Z`;221>37ehmm_yQFuET1 zQ+tES%u6JV_wUt&8c(ARl?Q+H$xU^B1}&hzMa0DsrGu@|!F5^(*ZFj?)m^4^u$4Nv zj-M^U8QJCAc`R1h&g+=YCvBELM{Xorgx*KPF2tON_pe6B~Ewu&p%RU^wIF#hlNOyGk77;ccNaLy-4Klj` zgX8hbZXjX&PJnNVWoR6GPhJ2{@eE0T)qNoVW?ZkI=zbN$0~(QcdoZzb(Tg}RvohyK z+*`*`38`T`N~MK^&W5QTzI%-KHCdinMJ3$7&awzU+n1r+ej zYJI>BNqnDd9z1@`Db9`Txix~rX7Ub}PWmbr1F#0MvlSD>W}J|7lIS(OP$cKh6#h%> zb8!K5x?9AwYIM5EDaNYH{T69uzw4fz&o)rY!sk=M!ghB|Z+xEQ=ko|Zp9fn$je+cP z-`emQ`8+H;pMx}?jijATo(;4RMxHg7a;VbstU!vEr!mT1?s+ME;#eZ?Y~FO~vEq+8 z#TYFYMt$RFn2?`fC$vq{4!$HXe&+oN)n2Pa}gj0G* zn-n$#bEp&@mXSe^3e>@)P&187y)8z^=)w~x_Jyo>#ccA0EZb9hyLo>8Q;=|9Zl24L zKJ!9W9_j(z-Pe2KqsSq8uQ`$=*0E%Nzh|}UNs&B8eVzjFy=Qf&SY-1|&_2Is)mm>` zp7QU@dt??P#SC@3`C!wuGFrsEr^7KR+v{d&)J!Mrb~pUOQuFJKkLNU%Xvl)I7d^WL zXrgBaVGf*P4Z7V^gs9%*R^x?eOV$^%4!+QiU0M!ysMoJMeQqygX+Fc$YV365a8Z0J zHlLPtZ>H1gzWo$uL+E<#SNMiUzQDBy51%syMo6aF41ExvFxa%HenUG0%{xCcP2F#s zO1x4$2%bJy_QHb{8HisS0@Z+}xEj2qDdvL5JxkFW?ok%kTA49@!+m4DSFTmz57vna zt9saT0B{4lWt;C>s2ePslf-Lw>*YKijopA@JTeqJT7Asxcn1pzb`P{UA|%uoZ`Ac0mq3iEl$fP-RThp!Ntm?r*_%+sUYfyLCLqBN=2d&|*dP zayUkv%%c$CKC%toWiAHFCP?;9lz^vw&Jqhu2eoHM{n%4^k{%Yh2QzYjaKZ>@dy;?j zN*>Gd9t0&lI$*2SYojq7e5u+rCF*jRoTeuuQl~*uC#jk%cT>zwg2XG#)0}$be$Pa5 z9E0nu&Vlb?4OCcN_Bjb6z^WEY!D^xuCYx4Vl%de-MFuLpryXCQ-;Q+pX-5?)i-lVg^o(k^H|@MWUhd$ETKLT6~#l588ZER`JQT--1(%$ zCi&UNJy;5l6-F6pz^qFyv0)MLZiJ;OaxgVbLeH})0Yxs~UhtEI`sDT`7&5gT#|Hd1 z<;Kg#TCfd_>+o@kmHfm{DLf7A5@6xVH3Cb&x^oxcVEL9P>hC+xa*|@Nh3u6ei&ES} z1-hP4(l@-j>k$Hxvq@z01?2N5s#Vr7XTv7`$g9E@ zDJ|taD<3p0y-!5m0ex`8;2xHXxlmtyMDc5AD0Lv&E2D&+s#z|EK|kdxl=@N?Jl6A0 z!B*g*%%DK%zIB7V@G0<9kMUxs#_*|SsiNFp6GHIQeg&Wk!=?Q`IYW~OgBP4n2J>>| z)6nX(VmQqKcAdJ@)CH%W_H*SN1L83&@+RL89h<{#Oy ztzKHs6#BeMZzT|^l2zUR(s%MkA_Hs={Bs_D?Ad`Hh$y~Zjk7|KCi!o|iR}=w+1r#& zaz7GB@u>)Ao!p=SL9Y>Qx68zyXJKfsC921PhGrTHJ}(^_X>%iul@s@ieATk z{$IM|dids=7^Wh|0%R<=TQF10y@=)hm7P~Fjk$l42+CdNFZYUlEEmUtaNvNdF4bc| zooz`%Y#2wV^-G7L(C)TrU_qtbPm$u3DE=k606>Xzu>^kI-CvTUGYrO|*4(Mq=u15G zSw8dwN!5|c@`mm2k&i?_R_fl?|DK3-g6=HXYrl| z=j%w1`n~7d!G0?VTOMTQ-X?`TiBreM;(70DV=!tN$5w_%9G>Bu97npgmv9qEO4wd9 z&;&V)Xln=G?ubXkKZDJ@Z4Kh`CQYYV&~a}iRkQf;4@h4x)o`ZnTTw#!;m=t9gAeys z{-@{p%8#X&zXbCTG52D+QU{t$uqXg*#Lzb24dMWh8$w+a4yo9;~OeR zUg(@>7v(2jkr82k5Ub7CpVI7|*p$#-S(_A6yq((z-ug-o+}*Wza!*YO@x*9vf_rLG zC{HB!eF%Cl&Cq9Z;LaRp?WI*g4krZn#$En7&lY~;;VjHS58~URxsOu^u#>S)edfIL zEGi@0EvPSn+!-{E>3B!tX;M>^?j@z>*t%@gg1P5QZr({w4CfH9t`vNV`J+ApW>o&4 zUUh;D`cp58d8wk8r|8vt^ajd>DfIGsw*yCy0`%(LzdgX>HN6kUO2@A!JuuVZ zozIIQst-Is5R}QMGDG2d=sIaHm?G>#%0t%$ZX`CJOPrE9r?hxxVw|F4xjKjS7iKi5XoQ!zqK#UDraHxcY z&)HHp#AN?2T8G&S6Fi2Zib4R#CgdJ*-RQy%!i@5B=75aG#6)(pa}4TpJYb{{N7R&Xl%tPNvUejMzyi+m^@BIjs=TMnZ`+`fxKdh`s#TtwSrH!#Fy>C6VLnn%FW@R ziPnJUc?M+1e|vr9=AWnY0PYlI4?b7(>1k-XeShUuue;3x~$uiWghuiWgh zuiRiec%NRm(d%jYE0(y}l=Jn$<|a!63>msIzF(8vjsDo(u%w^|T|zkZu=Fv zJO+)1I!hOrgx8!s^HC@XncE>G;pP2a>hR zryjR}^x)oMn%vI|xgiRvIr1b%urEVlQMV5FU3S#w$TNWPbqkirv*cJc3#0n%1$B&$Cv$V;sn+Gv8!n_3Xu z+y-g8cVqlVLlfYxJq29GR}uwFNP@{F!t-!gn*S0{$U$~>pY~f&Oyng^|TMJ&pCc#EmJcVYT}~aITgIlr@@*~18Rd#}I|A-+M`FRHmz6o+x<&eONfS;1J;uI^@v>>jK=%QJ z#U;SxjdL@sblfl+rNt%Ux^GBcK&JzmvU%6#{`?+{q-igk;`l~}g&LN8y07FD(@X9; z$yf3`Q}Ukx)g_y)zb^O8eJuHDYO1dDV+g0zd6B>5ze!%yd6q5NY#esEzq~t8XYZv@ z*>~o?7FHYC-flU_1Y6eJZf>6H@^(0LBBSH}^aPVLzU39cvhT~iVqx}*67@Ln04I_%{rMe`&Ba0j91%ghUi$42Kc=?;m-XGb5Cq2@* zZa?1elKEr`j>1D1`B^8s4%gesln1{JarNb7%0(n>PNv*23eDv|nSy$mGYhRPwq!JE zUrt8&Fj925+fCk;`7A>^j?n>}f9Nxg(OB$;1#rfAQw7vuUr)A711U@&J3rr(Eg_ad z^+`S1f?h!tU;+>Dlwiljd@}5cB6hNU`cj*J*Wag8LOkUQY}I#?BkUR+iIFDSXtG=~|Q+hMphP214FUG35IG;pt{mQ>ljpF@cs_y6)a6t8zf21p2mu~GGPMDUn7PmZ$PWS{X7pQ&lA|wFgSJw zDc?=$VCO)XmUNGmsZC(TY$~+Cp6VgeJ2S(@d$aq&8jZ!5hpJ9G7JD%Ii?|ouE*+e; zbKP0L*Q<7>6xTgl()AhC^H~DhA)bE{h`767X7OwY4#a03Mp)%5lnxK=%Zu$0gL<(& zY+h_HmKWQjP2=2A$bJWk1k)M5h`R&HPF*oFwlU+A$cS&eKpikqX&Uzv!e+k2t4r7w zP+!PpUF{cg(Tim2sK+7Jz91Txx6n7=&Njl6>92f~wa0qi)&g@f(d*Y>SRXl121wLR zG!y0fG!rpMAVo8kR&={N4~0)RR<$eIHXd<>r{B2^ojIrtK30h`cuunc3ZO(w6~KP% z@6m0u=P5Z0Sf>E7mKVbdG=5C>+BC zBOA3ROpY_>eF%Betmv+${ljtHU@c?IF&xkg91l-+0iw!*}d1WckVNW&~{K-njpq2 zsuPObJx3^mA_>sKUM%H&YN=RC7|(_+1%lGhUM*lOnFzEht?-zlXt$fixRMc<+l(s z9%>Z|+VYEBk7&S>3ZLXbZPDH^{+e~m%GcTGfdRneu@!lQ!%xOM1tQ%O>6Hi4bxnu5 z1uIn&0G;kN!@WU7&XCfIl24x%+nM)fjvHJy8Pbhy3g8}ri8a-X=+JT0{e*pDUb!DW(9i-|?MedYsbq-&g`(Rm? z6B`6`QOOxDZpYZ0HJIkeLHRTrf-5+?WhD}&>jB7-V|C4Nct6IVfU&S=2g>5%t0lK$ zGF`XxY)qf6me83mZPT?Vb9Cs;DA7@m8xO{eVzZ+Ncevk5CEVd2?k611M!3Te{{0H6^^T2S@DbkOo}Nm0hubbW zb=9{YDOFGBc!wdpR1t39Sc7d6!*RR&Cm7{GUu<{h`3YBMBiwEXhZW)0jk73YEs9om zc`D&ncaWd(q1gzx8p7KfL=@{b-r^&?&gGfl0LSax^^#MI;+Z3|h+>@~T&W1J-MGX@ zc&+;)Y-oV+TK8H%;W^m|uQh}ZRfJnMF7**^aTlc$ZgF${ga>3J++qknbDM}_&Bj_E z;Wh42sf5?KKbD+Y6ptUCMHFic;W>)%>Ww$~2(NaxVq^=5Vzqm@pYY6VgjXBF0~F!L zjo0`HH@Y{b5^i+6m$Pn~FmWReerSh#q^0Fh`F7IWSW= z4cxYpu;(#hC|lO8%DVVgGq?A~P?-fANB(n}x^h9m&YC9Ucwh23+p02QwG*aA2k8kD zzcffpn{*A5lEYIl)ikQ}Jw1&&Ok*kVuK^CYc{@2_2)H0zI~eMI?`yzU%MMD4$wM=^ zc`9!;@}{_XUG5_gY|8uqE;ilo{XSJqn}>dgMdIWL$i>BU$4#Gu9*6BHbapp6EIq9s z(vsm+TqV7xE)lAm9BS|sycTegD#}BdP`otvQc3EQ3CFLtTjj@%p=h z!QNz5(SuX3w{s0MV0p-44L%vv0N+ZXCk1|Ph!aUGN@1Y#+F(1=(fOI z;WF7?Qv7Si3QwLlO6ix~ZXxQLy5qt1mvkJvPXFr7eZ{fM#Ew84j?b);~E z|4uZu29N0z)WxKj3d7br^NQ>jY%x~ZE|y|+d&_K&y(*J*(@IGlLR4iQL*weoSoM4>#>$ux z;bEF*CEL$K$5?y!sj7@RRyD8>I<|J9*0EW0GU%89t*k}&^y;3Jd>%_q*Rgw`dY+EC z2WHSQVt;NrHU!0|>Dbh|%sQ5#-q`A-Fl@au>)6lHJ#{fw$9C7Um^2;hODUOkY_cuI z>R7#$lCEPxZzR)RWDRE+eRETWTI;6PX1JyYW25#Wd0^E&589JuFY*{pRWh%4zuaFm z!h0BQHEnP{m!<(c9R$$46$*})Zx^$_sihaD2^kR zW82ei!FNKup7tMbjM+rcVd%=TXVwPAkx7B!cn~?x+-tv$ylErD^Ht>7^xCb^HQI^2 z_t|fvjQ!GQ4`iQhtjOAD&%wHFmOgvz0e$VWSIwiCaDJe3p0CetgAJ8F>kyiHen5a$ zqx^kVc>cruK%WgzUP0+(?z0Ece3-e;to#h)5UKCyKFiyDed@DSH>C90&3Re->_p^E z>$5j6%-91mNEq`Oirq@sC&6xag5h{?eRdO6C(r{1lH<&y@$w7+$-~KOQAmMT_ubI-L0KcD{sj| zo?(JN%>@rU&E)gcKMM|wRCg2IeQ$QAAO!~Emy?f^G)+6q$A9lQR!)DJXY1TMj+N8T z({a=(U7XQ8U1myb&>N*&L*IG61&3Yv zRU0fq^I4<^#*U6pcK5WBa7vq~!nVM|do@$G7I)QH99yz}Nr4mV?=F)SdCVc@Wu(K~ ziXk9bcW`sTp*eGqgjt8v_$5;v|aYNf+;Hp22&9D7KS_! z&`xd=w=0$~bb>QEIKiM0@03Fku>qhad6Q)_H9rWmES^nJM<#feuan4f^=cV|xWc-8 z*=zVnj>S9)m{`Y`sZONBU5iaxFtY#tWyqRs`X20>q#)U}SWMq_cN>THJ=MxV=lWH$Gbwdc3vVQ_IYqELQWsdU}@C0%bE zKm0E-9oQnvf4}D#$G!9?ES_Cj&gH&N*vo|V>0ItQX8#aHLhR;TuBR()Yr(kNUvaln zcNv_X#$twW*x{Xo`lOUKxDEhxzdXg^PN{>u4F!eSr;|_+lA6afj2i?7)v2z0vU(p_ z^_}W^?^D3eeibMND_u0$L$S%W|UmfCO54tkOkUug|vP z^7yr)aQ47}Lq^dMfo*ZMez6jH)20^BT%X1}c+1p}H88&g#HAnm`f0a2-PIh!hM_}c zKhfMH1_WX;{qE9#g5%8d;g^tCb8PMMfc?br5C59Rapw8*)KreY_YZKKIqxx+V>=qm z6#X#X8zSC`=HFwT%A9C^S;9Q^yfZNnt1>G8y2LE>dJ{eXlOMZ|Uq9~7kJuA#Y>QIm zBY&5kpuSr(jgar4sZ?6xy+9`zeL6b9@yMS#SCSKk0~F3ZNEanFE%hLJQY#6Yaa&u9 zHYsegf3Bpg2=Df6z~{Hrpj+w98&mLMyt>^xvgeaijWY3B2F;4WK1-i~-QWu${0vJy zK6`??I*C8vk6VPJSWvGHq<5sG^FF_R`Dj~YbAnZ%gZ@N??hHtv4pG}e$ z6>0{=6nFCbl(iJVo8E$>e(;rM6_cOfH(j)qG%3THLe1yf6i~ ztWUUl?&%ovzfEVPs~)1Ue0Ev}W`d40qE8>V$>(sKkiU=Kc2_FyJ^ z|CvdjJ(%U$14;XzzXj~Ud1u2O9E$u|?1A8{M0&s;+}#CxK*A~gxlIcDF>JawDq4H+ z2v5w&5L4BwJ@|U|e6$BHIx z&$dX5vn}$#06ZJQ1oU}kLZ5HP1@;!P3dg{Z;0YOk8#eK;Q#ZWrh?-pO-AyfqQP?i8 zZ~)&)+=!y^>JOz7ZO)B`BXw^A3pJurXoEwL&l*5vxXdA-Q` zh#RlU*n3lPkF&V8_ukq!+`q!}O6$E7EUvae8{387E$A$%XQt9qP|v3PC*D5>!`8>@ z+BtXraFJZ~Iov!)IG(>6IZ}He%&DT6c~$Pw85BssvPy?d$FYKl^%=(+|M3b(+b=Vg z(KI;Ko@rpo%IJ7&O#7Bo=G`SJ^2E1%%!-wdnl8uW^=p!kqcrosbb4larQ=w6Mf!|m z<#n*aQSws$EY76HV|#F(YYM*D*c1ylEi0bX6dBt%BiT6hoyJH4>u|4QW$m@{N$SD6 zp-nM9P~YVqbOw7j9QIiOQFmcAFWESum`Mn}(>P(I4!+hnVHAUq(HMLeVGP4?bmJ4o zYA9U(2_*`;3unTvRl$<@gjq_gkq$hAkZ7FoV*Rogix%Z=i@eBhSigvD`0nt5YIGgF>xvvOF z$e~-9>+jE6D0&E>a;W1c3ccHX6LTNK)B&V&ry)#cHp`vFTQ$i2j^+bz@xk|S+?Pzk ztxR~<4YL3wVwoAItR&Hh0Ns$sQz?QCN(8t^g;j7xq1zoxK6J_ZxpvMwgWucb} z^f*GVw$RH2I)c!N7CKF!#}j(8gI3CNwF%R@!>HKt~e# zM+==H&{2f8S?E;)J&DjqE%eI*9Zl%BEp(dw^Q0tEW|y~2ab%b&Q1O)4u(>E z69x_BA5?Mv`elry=P78|8(!V`gwYE2mNyW0#wVP?Qrs5wc(KDfFwWsWfbN90VVq-R zhuisP&<^{@xjyj!M`-!y%6}*HCWZgsQD%n!a0dRPbOiC#EY?9fAowZRlA08sx)swC zG{6?H%c{G|L=RRKz zN~_@9Sh3-|6>`Ua03ELQW~9}f|AxptYWx(+eP8Dk7R>~FrS(M?6(mhV!EC@z&~ zb=P$U`8MNrQ%P}3Pi`t1ody|`206n(yxxx9{byFLFJt?~RAuP2c&BQ}KHGq3aMZ{; zLWA6K=)KHtM%JY!VFVMbu^b3g_gYEZ%gFkn^k1+%U{K1)`e#Wo=*1|uTLxxb{$LjI zFN6IA)^v4(46U6SxoH|y52L4yssHT(Wf)dN>Qf$2`uk=X4<9gehraL8l>x2MB=r1m zU~~Z3ac|V5vWyNgyj+Alro}Ki;BtHyB-f0IcR`N&38^1G{R#749FOc-zHE<^(?3+W zV*5bHF_Bd>F%LpyW$vJy!WBPIDH2(A2bqXSjFCsK21n6)LMP%_IggQBZ_6IcaC4<0xhnRdM#V3{%M`}nuAt4)C zJY1L|bPw_|lE=vFMB1$(Ipp<6Iuc@}oypq`q#qzFY(z1f&wP~{iil!3kI~jVnS|P)4LGIRb4aU7Z9CLB59!T}CRIe7}a|k@z=kL{%k3 zXtjpsGBSrqH)u%Cfq_Sr_Bkwc0zbWYuK)L{-;BpSpvdUw=KWS)D5hA}K(jPP=M5JGu$QKZ~pULYLB$Rt7 zAk8+SS|x|j#Tp3_-Ttihg&La6$aF*!H)u$RNGGaDj?g`V$(QKl0wy14BZ_7|p$BPb zKSsC(lo+BR{R#O59-CB|4YCc9#D@lw14H+uFXA;s=rH8HPp2TFdU_ry{7gd;Q4Ntx zXeFSD`*l)2A>YuE9FkhfAkuK2?=Wsy2Xd-0%BN*kx zXoHXs$QNuxH$)zwpD5$)*SDerRNIBOaBI1oJIfbBd zh)!X|YrLF+Na<%%28LAQIRgOQj)}b3jR7Imcp;8;uL7EQQzzvd2*|H>B*e%wOn%Nl z4g%y38&TEIWs!GlXb!VnN2J>gWDp=RgT%;uCRb^QlZ#4@wh_&64xmE}G$&Ux%xaG! z_GvmPhxy*k(-jLL@&+P_Lrii$Apg?IIr+J|z48G4gMt=eBrIIDq=d;A z8OT6DPO%YHl@N;@YM=)q@&=SAafpE&1jvh8opKo2!{qlhB#)~1-!`H<4x#G}QlS=F z4y(<}0+d0Bk;RB4)*1+r?$D83M)-Z}L|jAq5mIU+iu-&*FVWBg7&)Iv(>0`kkb`xk zKO=ceK2t;T4#>m!=Zn}u<_pOCJ{(FheTaBX6e>ar=igF`BHcs-Nqen^BBGk;Ktk^V zH1V8HI*1T%4+>q9x}C`nYDn(EfHc{Ns$>qKF%1ndaz2r&G$iK`K&~>$j7(D*m%0=XLChyje9E$TtHlk=c z`G9UPNX+tGB0a7lAwnv3B$ts=Cf}tYIsNi6|Mf+@hH!F`a;8o}M0fjspfKD(`{k*I z$S2*?0hKqxDSIae*dOYtv=c()9YhjGYRphRAn%)*c7DFDN*xs16Kn?)p zHwKB3b|!Dv5GTJM#(x`GJYG~N1ZZ4CL!o|)4^!;*tGiZoB-F3&%EStTmD{f_BI$Yk z>MluEtE>a+PSb(KgH@n^oy^yrQ2)A; zqdT~0)0HeXNd*!;Tty{(kVz6OEC+PibuZ5e>ROHmznz@iy4gCgxL5^3b<=cUF*sqK zoVxRqs7@C`p}NzPUlM32uTCL^@=U(Gx*^G!-<%v0B1-fJ=+OY8uHgT8V6YCQHprNQpQXKJaE-=*K ztgL!anh2!n79DR=lv{=h(%l+`_f5#WcFRNp&=I)PiMv#Zm|GxU$mAobrw~ch>SXb` zc8Gh@MF))9-G%WF`JMnYaf!|+?puq_CvMp#Br{qki~F<|O+x-I9!8fV zZrPiNB)+DT#S<&k*y4$;)#4UU?Dsl_p4j6Dr|L09iVP z7dx`JTGI4%wHn$~^70id@nKfyexv2Y{(yc*vxbNt^`T@E5zD$MtShKk?SMx>dB z3|+0G3=@pBF!>yvEdJ4ClMJT{t0kxt{V2yk2WyoV5A!uj4{MWiMO@D z#1s3srYRoQ$)veWC+E=lIZ|UI!ifi1qsNqQpt<5y0m^FcHr1ww6@@A%zGg_#sp?Sn z8nzda=MYI;Ym(_PJ+6~;`e~XWmj7K1b?9L^q zl!t|UbgC{;G?j<-J7m$zeGnFr+6)pstS6X!iKgk$yJ*qLjCc)^LwDyJ22pufAV*(H zd2bTY4MFI3(tTgc$)Sh!tf5N}>s%)P!6ehe8flUTYVnAN#TPk6uJo|pqoS$hKGc*> zRikNKM*a##OVn$c;$hJpCN?6v7txO}4UwZfEJ%;leoYT2;$b~OjXzV93K5BS*-1(~ zEb)Yg=w$J*-q(C0q8e8`tdK5WJS=`5N-y_yIpSgQ8?B@%9@ac2Z_!MMhjo}Pk`b@3 zvn+Zapl>pKj3zT_PgN(20jdhmi$o539=&59=G0*EC(Ccvue^x+L{KWau=V zEFRW3bTT4ZgXvW9Gw>uX9@eL{WFMPWp;L9aNoHgcB8fj6dqoe6s|LizG|Kc9K<_h9 z+ zlz3Q^3^qNiiHIcD>SXb-CYx4P9u}pCe1A1_J9=0r5UJL%N2h9snQ1ffOGFaWO_B7l z9@WWkw^T#GsVZD?uhtxTSYouC96~+!P%REXIAe?d4U$17ZfhsrP+?IKelZ+yDfrha3_4C?6T&2f zlSAyqKhx2)?tPEKaX=su_u(&7;S$oiNrlHST;_vct-@i#r>bxPD=}V$*AjlF3OnIk zCoximMW{#l@*J$fQXj7Rp+4NDPjHa()!`jPjhtRn;bLa{z0Q_aH}y$TWlbK-mg#Oq zNjha?woFwj(?}LKCtIeARVL{G=V!}wyvlSMDIKme={6dW4d*>%M#ZIbyp3>11$jYb z5{a~D%k+rKGz&k8@2ar0#vKTIR0mp_Czqn!0yIprI%D!zkQ@eX5(fZ{t|cQGv!2SP zgO(*v$e3J&WJ*p})p%w!!&$Zx-^mCP!Ap+k*|k8@$3Khbop|91cmL@l94Gl3M%=XX zZQ&C#o>5E1eca;O^KEY(-zVId#kJ?#)(WmY-!>D6et6D2>-n%I9zK5yXPzcC&Db-g z={g)|3*(DKMLfaAFB9>gc;1M~@!yS)?})z_|M#T$%TsXu_nDnMt%AdFEdgnCxxe9f zEDsCd_}UgRLCbdF5RV+9c@mRY9+Gh%wFxu@?st)pas+t=&)JwG-f#a>jxx>ky+8bU z)$Gkzveb-|AFpOEYzu1Q)r?!{QnMFrg4FC;YCNx|w|j@zf2`h!17KOZdtiFa=J$Fg zu4%?roSMh6I39D0tm8SiNGqBU)Lb5FL!0rO8yanV{CAV%$T(wN)6`b?o2td|5?-Li zT=z&-ueBuL7Af}EnidPGdbuvQT9AVYQm+KGPwLfzdf`9d@!EcE2;sV_Y;wGDP)=P%vKB{6PreOn zoLGfhT%MeaEDczHl-&{rWVeJXlCoQJ8w1BDv3|UVYnOFLAmF@_pIaABjtcC1B#TXS zA9hI0dsVE=&mnTm1YjP0Rl124$OBX7F@TyBuDA_dTSvGc0dBZlyd2QPN}Ytt)lETC zg9MT!A`7oWCHtV9+KVXz*0G^GwD^joY%Z}<*myw~P;-*5WC;$pahy+{jX;=zQ%vA^ z1faxDa+ohahKMe}WQgceLj<;h((g?L`%1U_cbwEtv-M|$GurD^++SE+YwNp*_X&5g z#kIEn8Ns!-eyq0j>Jx(ME{=Q6^V*!1)TEzU9tx3kp^xlTR~oMbLBu+su^nzPOmy-v zL}5YX0CItC7bNSfO zJ}z&Ay-MNoAxYm0moKwG!{w^=0WR%1*`Y=!^llvPo`uycfoFh+QrGbRVbzN;vUJhQPB2s)}ku(!OZ;Iy#NGP}F*osBbe9R=Bbr@23tQ@T~ zk0XbA{)9WW)QG*5cwFx#?vkOXmlFR027Dz_Px)F`q9~n)z_l&OqP}gH`_$OL? z(^IgSm6DDTNdN}fIlLCmiGe$C-M_^KN%~OWthGW?+1{u<)MiB*d~R2j6EpJFX8Ah z-R>(#ajpdyYF4c`7Ny`zzMuD+FD&%rJu<_Pe0;Xs{WfG0kGzHZAeL(O+-3We`|N$n z4R_fqEzxJ+ z#8AXoakM!vqy~CE&LSUyLQ1E-T)<#YhulLp;4x%Sz&KgMzN)j2_28IRG(~phKO>@O zr>}F|VKQ>JB6lmwTh}zB9l6)3yPsG5lqxo(RW9xnF-!S&C81V)b|7yf=Wv_DP#kwA zlvPMHv=7stlfucNy38lbzl|(LOX}Elys;Ojfd;)4H zk!>aYaBo?H^|OjTO$-&^m4d@Jlzn0xlOje{w%~b^6b`L0eTgW|CMuCi+#Q1f5AkjK zLxd?J?Krd-k@koXGKh3WD_q2FaefG7S*mpZz1A;Xx=$4Cvb9RCyCii6plCuZRIu&` zD2d{VivZV(ETI*VwMvkYwUnYo`5qfNK4EC0U4}o=KqWd=|7y(ZK8)e!lt5ivJz)_{s%fs9_WTIx#1zMLYne^H3l}l2l+7p6N65NGqR&$$zUfo6rrx|CCDqnN06g{ zxbnDdoB!Phhdc2JdAg__XqtX9IVTPmfZ1ROa>~dcGZZy+a$1Iq?kJ|Ay%?;vGYp&b z2_K_CxV@<)&zhO`CQLUuJTAXms7S4l1(m&xrVF#C04bdglXhDW0W<{xYKDq#gWTk$ zjKLf0LB(D1BWT1!YGg5T0Aq?8X7f%{-pcwBOMTUC4^|iE3UyTZk&+WfGoUWPDz~G` zV^C#CSgN`sP}Loos){V8s-#CbNtJ!1q);LUs;p@DQsp~;h$=rJUY6JNQst)n=YQyL z*p!;0qNu6AVQno7SA0vQlD+VMP*Wuy5E&R0kwA<_JZNQ3WkObp>Zh6m5f$D6fP#6v z^g&cA3s4F~qA6t*2s^rrOp0{w1CZ*qYA6jTQd9nt2lj_l{}cV$-%{1QeEw2>`+k^L zoYsB@f|W%>nrj%aXFM-w3|?*Gv#0SHd)l}U=pHaoW&)k)=bak~QA62{XdjpWg1g+c z_`W?1`asO>NI21eKMhzXjp4!R8J$hbKHi)&_3md|S(aOa?t&S3@^CNd3X}9@mDI3o zmlMO5n24hjJ%32!grlK<5{z$O{vuADhunJSgP!D|re(Vr4~5)n#L1((@IZ_JkzF#a z+3D2_#+=?;&}l>dZnyto8TP%3L8K43zrokoQ`VEZ-8}>PgnOsOwI1?1!L@5YW|cAP zz8B@Mo)y^i4#$4J>rm%;rHp@`?>aoKo<`=RXop)smB{jbQ6KpKB=I@(-wEAJS>*i} zWoDL7qb=$DN9pMH@m+`WR0Z%pLZAWM&*5E%@rrNEJ22&0jZO`@f97``R=6Vg{myqa zy1U35Y;vNDCE++lWZrey`GX+es)x!IezWc&eU^~V{H{a3l!yfuSrv3J9t{O2-EgT= z-fXI&Dx)*`-gUTMgWM%}JdbJS5r-#D!u3o@dBov6lE`H^mNv$g=6@dPi;6sxSfUt>IKJHbx zm`3|Klkg=b*b0wk;=`Jhs&E>|W0>bQL<-1cgKt;>YCXGrG@0WyU5zi{p}ud8ls@&bJ_BRLKMx&_HI z5ReXYk_jBkJaFKWhnqY+5K_X-{4RlaAVlrFGIc0xHI>PTLBt zPa?OezkfYAV85UZFTL&Un%K4E1M)JCa;doAvAA{}`T5*F;a+2L?Ff0hhZ}e|=;io} zcyy-|kM6)xEpD1IwrOeGUFA(R~u*i3E!FBiSaOO-XCoK3w4}FKLX~u3oc&f z_Xq!E-yg*K4cFB;xZ?Spu?)e$V4^;uM29iom@rM{*on7#7O3E~_=IW|8WW#T2b3<% z?K|Ml#%H|HuGu78f8F$==Tc`6Hw~=g*kzY zIK1Py!wg7t8YfsB_f_eoP{a>(ni+$~=(zhT19nInNUSeNqN&dqTOa=z{4+(m+x;tw z3yi^cONv2H8_{G8UZ?Zmxxtx~ih7`Mw1uh%^$sUHLo8H1sCNXRj)h($6pkeH9qAMz ztZM~2jL<(==yd|c){^6Hw$QH%^k_oYTIlrx9Zu+77CK9yVM1@Q&{BaOLuk2$&KBsg zgif>2IRZV7&@Wl&T!D@tbcBWSTR&Z!k0*4Hg_aBS1VX#1fKWb2a-Kj>B=k)Soi9+C zh`eB-6$0h?Q}-zgy+NR(2yL;@8wGk2q2ClJ^!_)95e$WrY0T>;;VGW~QVBA5*=7>H z&jhP!XOP^ZCULbTH(=6OCPr<1a46>U zthuW%&wsmdT-?HjTrn1%G3pnzjls65``ds28!`15dXsuG{Yu=5!&%?>%HSL3Vc@wN zB)hy}p5Utz*smcx8qZ(4<`^v0Eo;HYvsSZr;&%;x0Gqm+T&c1D4p>VxMhh%?JAT*V zcL#pgaejec?o;lJHmhBq?U8ltHXtNZU=Uho30)|J)Q(=9`?qQzRrYlw^&ry%a*g<1 z3v$!QBFORVc4l%P@*HiGy!-C$daRr&HPaikYJolu+D$8E{~`|Z&GJ|~NuQII^!F6$ zF^ZV5(zJ4{ib)CjX?L{|0P0bdCWW9~QIB>U%ou^+9Z{Y)MWBO$A_R6aFjUEw&#q7r z0A8&T)))i`Tp>W>M37#@_3P3NDJ?3r|aij>TbtyW3!?#j(9=m{JIDamW$NpKkA@)zG zQjzZ7L)j~755lIO7E3>kHjR7dE_`vd8%QJsQ zT;6Uc)crBKA6Ct=Mjq=Dz$X9{ZfK83TpSsTN1mad{|syvmb0-yZ%*}=kY{{n1}Hq* zrYKJ*%FdbB!eh?suVB8PYbYA#V#Z<5c0e zJ$D|1FR~p5G5iG~H}nDe`}X{o2*p3tyW71Ph9Tv!XSe%5?{iQ$HSkJKp?bD=Cj02W z@iAj)owVOB6#<8G6iOX_I9|oDFNh%_nzKbGMsq{ao*mS9%r24#8Yrh4!Zj%n2SaDh z_MRC#1Ke94v|O-$gNKu+c7P22lf@b(C-8{6xX;UnQ?Xkw%O(?esM%Zl0$;e%w5XIz zt`HxNQAE1+F1wMJX!~As8R@6cOVj9n?`6>FAoaA3p_jV)iet6!ejkqRuMnxPPP7DI z78)1l=Sf5&_2aI*9bGbZR$B|tO#XbioT4mlTgTYnv1Y8`UtSS7LHVr~sL8jHx0U%k zT@h_msDogOJh*B3q=_-!)Om&lQvq`qqJ9P9J zjOG_02;5HK?$o$Dd+H9CITr|Yy03E{+z{yugTT%tbOGAFe0u?A*J@tYhIAtdZOesn z7Jm4yz<DVr@oby9*%R(F{m}ww;LxRRudSFcSN7<3`KMBnW4eI zf@EO-Bmcx{X!^G@B-=4t3w9ImM87_D$F}|JLJKzx=5?%pp0g!3B~!X(3Jgs}AvkJC zo){dD-wEJL!uTa`w1g9eCWl1vj&n~z@;1}xuKSMC4_9-obzXC7T3gqnk%z-)e8{Tm z4CidAEx=Li;fq7bbJ;DT%ePQpqBz{M4{S|9`$RrO%jBzitrk_?CmP@hRY)1}puY{< z3zYIgS5o?zSaRCq!*}iWMoV4)jU{5+WE>7kCPRwfhABL;iD@=$;-1X*C>_U+wS|4g zu{P}0q*o5d!}*vA4M=Mo2Mml1lTg02I!r7a8u zw-)peTZ0B}!9cSXhGC8SDaKv7L9-fb*Z2>hIg;G5_&nIP5A>s5$mzM9w=?iwSyh3l+w^njQKl( z=(?xMP94?|S^|TV8`Yx}^#x&$+m6d8b5X$#_4Ua7#8A{tGN`YrA=n|)OxY4(5T7Y) zx~D|kTd@TAf&eEZ`H9!a3rWY7XDpbQ$w851ghfhIHTvf=5WwNE=Y^2+q1k1TEH_H> z6ZdFB+e(Jv)%Dbm*#m8y- zzWRX#kC7AQIxfot?!EOgr>DSuer!hh|6CUJ`Y3&rw?8Al?{y2mzoqR=;rC@G?F+vT0l|}R*zkJ?pqgJZ*mb$@zGeB< z{)rin#iLu+t;YXv-T{*0Wi0l2Eq?DNuznuEy|iz*&|`S3Sd6m%sQ7*C9Ze-r*gy$s zykI7>7zL$G8wR3=eZW1};@as$$6xw{+jF~Du90lFd$-_vGR0l7dzK#~cg1$lulaSI z@2*$}A>TpG+azt_;(({K_Az)mk0O7TyJCWKc#LZ4vrNS|!!;sdV<&XGwn<@)kaMb3 zAi<=p1=2BG;x%&$KKg36`&=*imhWjnO?)nUm)pG)TBeutv4J%oIwU5{eQ61}Rtah? z`U+Mfu2zd1HgWA6^RD|zk49)+kj^TPPE#tK0qJyNvTf-u2+~;X(YPp;#x{sNg_qc2 zZaW$$8sFCTT@UfnMS!T?fK*wje$eIq1X*la*b@%d5;%;!@(KhL$F&z!vI+&5yvz5{ zj7Q^}xET;%KM8-M@n(u;idw3j5^r9D818+5(;_A}HOo(PUNbPU%^}b?etxwR9jP)j zM@*)kHws5Cd9QF}HGb#+u5je6XA4Kpe7tbvvfS+YDX)3k<7EI4m*Nz+Q< z0M`fBq4qtU+gA=l0(}GA{FgAxOdhMkSe|l{LsXdEIyu0Gx66JJr%&5gjsT4@2w^f^ zgjy7{7R}Am_!DpDgi75)bOBOFA5@&j+C-mJqQT$mpr03$|0_ zt;Pv!K#;fF<#IuqZLWSTvwcm$jayu6o6qPQ?o^9wZFBdZ#l`cj$3?m~wn(X4pn^r( zG8%6-J;jWX9EDVBW}o#ARZ!ZJ{m@UCdjbJ25>HCUY+hTXpf zBMPQ8&BfLtre4pLmzS?r|DOT;B9d)Bxj%nKx>pLF=9!qJ?I}q1>zV#%C))Gh(T0zD z@ICs5tp(Rym$(2euv-129IlLRe=hpO68NFGxZjkY13JkfT|~4YSwNpIH`>tM6MIhx zK)F^kuX`%ZF-SfKdiq}u->1XB>qeKzZ$$r&K3T;dPWip-6b1jK{uLztS%0+zD^D$v z-yiBP9J!hO7GOaCC4w7EMc8);w3tM+8GlU&YfOWwP0##W$C=K8biSza+OhPqT#RffrIO<7&dQc0_-W*q@H zBvQ-uGKA-pRD)HEEch4^%x$n}D%(zz9t^THK%;RRr!Mzhd6Ju+TVSy5L30pCoveFRJA zm7*9wEjHAE@RikNb1KR!*p$==;Lj~vV%k}^lqOSMQ?;mKZdq8Mf$Wqvxt2n#v`BwO zW$Ek%5N1`lbS}yWSI=Ks3z01d&#kCM!&OQ9NO)dNRjhh+7%iWgt85AMlnNo4Ydwyu zt7=hMw6;#MWDF0f?QHbewlW~q3(C;QQnIC8Q&w9QtC>>T7#pd1=K0 zsN~$3(wwm3sH~=@O7(<&kUJHMVy{>TL&%EGsj8`oRR_AYws$H^P1&5XibW`W_EH*^ zx|*s53(9JUSy5>uYh*Yee4*kLQc^sYSJW(AOqEf@W|z$=Mc>wmrs}mctd(ebO|%AO z)`hET!mt#JDym|&VULWWY9+In)k(8VN*<|sL7i$fCkFbJbqmDMpcBu7Zfj$z@O-tL zQwob}nto1IY{6V10drWsAXYoy*unwfX??PRsqM6=qNXlpI=`)y?T#?iiOxqa zt*wUDFms#%;i<~{qWD;4=^_{zGmIML5H74_v}pkoy$$-HTUr?_FP&2ttKsxwZfRX9 z*z|St#WfXm=xo;X&M&Q*D+bM4Uw^w))S$0=dB|K2`IO7yA}muU_rleOis-t7b&f(7DCnGRH2=5?M7#v#fs;ugfmhS5hfhHiafGLK6s>;h3R8*=ShBj87U@Bc-`+9zsrR+`j zJbR*=vv~3sCyo?e_Y=Ko6DRxW&8;Y%S6NkCS1|`utJ=D-(Fbiwt&a&a57V}wYMu-O zm>y&DURDR=Z0&YX&uo2-Q8MF*Z+c^9nBJTZdC{EWVJ?KuaNb&7Rw@3VZ|qfidLfvo zmO zG?-DS0pW?6rfnJQOg4G>Dk2^&JGU8o1F9$f;+(4LrL#*h6$=PFeFBH^uVPM3)toB0 zv9W55eq}xk)9ldQ)cRYpmMD`Ead!J;-2!4BO)|+a|PQDQun@Q|yo=$bpg3vZ_VGKQ&eo93R0wQ=jpuu0s%mI2w z49!-FzOUx}J|*z%ErkVH`Kn)DQ?)Q$Rtr^H?CWxH^mLOd{qZ3f?ntU^?#W!}m|X^a zhJOn|S;HHsF{|TgnY4_e+uOXw%kK^G7#667=@vU>ZkDMX0_;$6{T!JF$U>gkF^gKr z`J~bG0pZD*iNM^$)=Bs#Ubu%Q%TDtEsEd zt2W-m!?PS21nr|6uq(o#ET}B4_BiwwKD~ZIJ-1YQ>9=BsG2L2Rv0wo(YGVtyScm?) zuwn_PsTWR)$f{*!RprSH2P&y@+V!o`;l;9UQyZHzUy}&R(Bp5S8W32B7C9H|P>7Ds zO&Q4b8e8c?3~gMYlT|rQErT7&P%0;Qdid9NG+keVXr8LFFZk>l?U{Hekds=N;0T~6 z8l3notbkVrH^$#^W+zj)6QopQ1|09Go7*fKdI%vmSfvb)2El80sw3@}^7^ndrpvMYb)PoISa&lYH4_m`iF%v-Vz}&O zV~hmVw9Je+X0X(rXqsI1QWniuu&K04VI<4EGqxY)-^&hJT0MeH_D!GqutS#CzLv5U z#J+8iX?lVFCg*PSL~CywWWfJiHpobKe{7KH`mvwy(*~IjFL?0E+5>1R+#}!mm+f@f zH^?+yyIsJU6E+;PZIJ2w>5jYQBi$~slUPSo3|jUbvOxc^RY<}2W(fOfr%cytzipI( z-o*cCqfDeEvo|{HY?Z*msOHy>7q;I8c5MSnVOzN`8)V`rrIoXn4KgpkIwZyEld-gB zZtth->*xEnL8i;`;rG5lrt@2Uva+D1{>&R>UVY61^=BC`{5xby{nO_IzV`KYa%|)7 zeS>U2)AcsWf^_%WhFO|iZT(ZnmHo0|hVm}_JT}bI>S6Rl*TSwJWZp0X{=`hPy3`G` zv~sMxtYx-4BwQ{{pSob~#O=Sn?3kgvzHOKV^&_Lb%An7tO*4!f-tv2|J7;O~Fmkuj zu)PQMWrYarR%Tmpk{x=sBVfK-1m((GHSPVjNaJx@$EFFAG82dn2lje!JI_)?_02+TRNG> zw{*|rvu(Jc)P2#bEE{ej3B7^VhaES6KfuaS+Qu8nea4-)Ubfy?&;NMiE$j@q@XPvy z-CQ1isK9~Xs>&|`&Smc#D|zfqZToo}E2_F#|8^$S{ioe$l}Mh^XRBXxpQ%fyd-s_p zVrQ_jti~C?V8Qsg)srjBtDMrT)E%e&9Yw!=tfJd~j`}qyojQHgcm;pCME%~X9{H99J!)}t+N{E47t4J zzqDnT!tXiudY6~u__@9eI#{jgmrO4a$gLCA?*|jq?-(67{H)gb*WGok8D_x?LceMXJ>G8GBXuW^Vy4IocWS zgq>rYW1Zui5zg_>3C@X5u`|*c<(%Y(n_hXOXkmS>h~pZg#%r+~O>AZgsxy)H}^$PE1=gd^kDZ@5KXo2+e&+lf-@ks`dBXXH^Q5!>|6%Vtz@sYKwx^tP zuww5G!LBG)?7A%>uu0b46i_sVWCM|q#1x9X_t%PwU9mS%5K*y!ii%+Gs30OXEGUW^ zf&K4i&U1D*3Hthe|95@g|6kW+*mF-W_sl$J<~ef?;&Cw@A5VBvJSAp`r^Pe)xZHDM zrkEw37cYnx#cc7Ccv-w6=7?9tTrp3)CSDhBh&RPs;%)Jccvrk9-WMN;55-4fzW7*t zB0d!h#6t0zSR_6di^UgWiTF}{g_qL55#NfX;ydxZ_(A+AmWiLl&tkdwMf@sOh~LET z;t$aw{uC?4DzRE*@IPEhsic;UbfqVI$hG9!aviy@Tu-hqd&&*uhH@jhvD`#%DmRmx z%Pr)Vax1yD+(vFIx0Bn;9b_-LqwFpF$erZQau>O)+)eH-_mF$a|KG>RUb3&;Tka$K z$$jO1a({V%JWw7a`^$snA@Wdpm^@q_A&-xLODPd$$@f^jLTwK zB1>gL9wU=7CCg;FtdNy*upA+SFyk1U_H^>|1P4Z@Wi@a6dCU2K_$cge!d6&Ff z-Xrgo_sRR^1M)%nkbGE9l9S~l@=-ZOPL+?zY4UM7T|Ob7luyYS@@e^ud{#auXUbXf zdHI5TQO=ex$(Q9Ta*lje&Xx1zYw~sZhJ5q?`;qYf`$)F+w+vVYECZGS%YbFTGGH07 z3|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS z%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPN zunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X z0n318z%pPNunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E z8L$jk1}p=X0n318z%pPNunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQu zmI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvik zU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS%YbFTGGH073|Iy% z1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS%YbFT zGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrR zECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318 zz%pPNunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk z1}p=X0n318z%pPNunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2Fv zWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFs zSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS%YbFTGGH073|Iy%1C{~H zfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS%YbFTGGH07 z3|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPNunbrRECZGS z%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumI2FvWxz6E8L$jk1}p=X0n318z%pPN zunbrRECZGS%YbFTGGH073|Iy%1C{~HfMvikU>UFsSOzQumVy612HuiN?38Y-73r3i zrWUbNdt+_7uD&r{E6Pd-#Y(C|i9|&#nJOwRVUGc^cp}eQl^RgS&SR>IL&-rwx@aO4 zj~A5`l;%7lrR60-QUgjWQ{}}d zYDnM{E2~0wiDYRamMjZ=3)kq2c;TYbRIbQyX=zzBS&_@Ctf)A~E@YACLQ>Q$6-tG2 zso_ypR8p9iADVzx4e1^btB949#Y+owiOXWi;!YmXqEKFNI8;^^OXX3KNaoU(R3t;i z?2JcC%8SFXAT%D$V?7>?M6%I}N{WK);?ZzX)<4lXMKTu2_BOE?k9MIJjqC22=v<3L zG+vage5V2u(b9qfjEsO~xJx=Y^TtFX8i~h3LCX?R8eqjmsT4Tp+9#r@Vpp$ZED;Yy zVqLxCrIAosuGmB}kt_~+J`o*|3dS{hI#N&=!^n%K1|>s9(SBT*9}tS>4Ov7?B|;@# z{h~!(a!Z9Of|C7QlIYvgWZ+j&6ptaRXetp82CyG35)WDrcR?~1Lurv%ryh>R;<@@! zb@M_^q7vksi&0Qn5D#Ui6CxD%%lAkO7?PJhRuai`A#yle9x2XiKgI&&Ls3CcYwDvx zvBJ{Q{5S*3%c7-~fdoOGahk=1d4nYIu1Ew)1D{S~$)w8fNb)GCr2ONhp&)4@+RcmN zRiV1RkO`H?gSk*#KA6T(X*B2zcpzS$2RMl(lch-`z#t8o%wqI?X8{l`!sIC<4ibsn z7>z`#QjlWNat!mJBQUZPL&AB|5`6@LNj;nsN8mflZ&fl>$>k=Zp)zzcU31-<$7CXk z36LzUD9RJtQ4F_aDdbY5JXusWWKb;Vu*iT=Nnvaa{>d07OLu>g2uNKNFpUa!a>va8 zFzEt5{Q=TFs|4miELjnY8X=$80L-39C<(EXA1?Th?@Q4{Iq?vK%uhkmK)8azM5r(* z6x?<5z?dj64rVz-V7R!`^g>fo<>6Auji7PJ1nuqaNpm7nTAT=FCop1`go<(h2}Zd; z5mG}?wLnlKPAFcK6ZyzG9*qr#_@Iu;n`e2x+`*XRu{HHZsw9-aTndIV3EEUysHDv2 zKb8!o0zN>7p*a$Y#&Xgs-!~^mFjbICS$QzfWATDu=*5x+#o4<9D8wj%M5f8XG2+pR zqF7}YuYsjSC0)Egb^Bg8c-RHRTM?C)Y2M- zc;y&bp1X*1ePe_xK^GeNaZEG*}UVt~C&Z{7EJj zCUfcE%-Ml)9n^G)T(1^r=lb= zi;a}Vk`c`KygLje-k?edW(*^YrC3QQ91lhl`Yc)yDvD#GU=jo*M6e{r0RyNxu9oJjZ|474Z&P(;bBGx`=nCQsub43WmRSo(PsEW5?I_MY4PHxLbXDHsG&yrIR-TjszJp-#^i01&{q(a zc`FlmKt6T$C@zR}_MlBwG#cDNqM(`<>OuR>!Yx!#K--sK=9ZL}B(bAPmKEhDO8(5w z-!?$9V#5%@WTA1xbq_pKo!6%D4mN6ex1hi`UDg2glD z2^WbQNhfenF>|WM9wWAeZL4K2B->#weMMgWntE5aH2F7 zLqB8bi(6Lb4)=!*OHj9!{&>R^MtW--%Q$>Y2Xa3wvB=aas;BH$6 zg0e!dI5ZekVD*VYXc%&tko@TGoW!XNr^*vF&p6!Nt~%WaV;FP!H%2TK1BTH6T6|=) z&dY~Z5xKdL#HcL~ZaH1=h@8CBtm-V!X!n8zc6KcfYrcF#WC+1vsFL{dWmm3Ca|^KC z4wSZl95HV~Aq_GhB?E_{A#5uL5rHSV2(+>*SQJ*_R*&@AJ8&6xW>rBT$Mwf>SKlB~ z6|HHz<(kuw5Zn22A`ly8v8udI;QaG^vU%r?7MiXlT`Pebahz@_Ts{rdT$JqnfPA?S z-1ss5a&dgtv*nQ}f{rN2E*?x0(}+CEhh!I7en@8$p`fC@qiJK6*^CDn=GU)NNRT8~ z6WYUbGE+t#6(p0XsVNATNEu12tcHvP@m~a$C9#Pph$XAQMn&G<7Hj=TSy2Ub3f8ot zcy8a9vte4&q9=~j1?awV+;O>XH26XVvFrfCt~Q>xbwn@(6)nTFI|bh>5<&wZtn-@X z2cUn73iEe5NKXo$U;_KGSlyIcf}`gUv70yiXk{M9s+lXyKC!IyO2!71Vo2mwgnei= zN?R&Uh%GcY5U+|Ru^-_qp$b5x?*6D%PH@3dg@{2DpukAQj>&V8yk)16aaDPPJT}6;2jm55zvytg<1Az!{1sunsCOu0poRE-P&)S~#osHA||jARm^1`?VygP<#?^@fhIn>&wU=rTx*=ad-c z_F5GVK~+&+RT4=1P$Uvd1#=WC%KV#fp1`gQYE>EZ2R0qtfN0j140K4zP|g<2$Ncg+ zB?feCP;pSYzwrXeiD)M;U&Vy>WN-AL0(44twE0b_N(T4pz#Y_&-Qjp3{exy=2@^Dd z8&1=Uz5ME$YcQ;RFJCXmu}B*bSfSGk#&`Fn^j|HpNzWL@o+7t(04W7gEac-uAQqBC z5&_}x4625$Oc>gjpkDbZG~Blgk3MOfpxYL=A0Wjd*ZIn%r?A2uL~ z)UoW31y!C39&I4~Mvy3Pn;L}VPZS7=D%>(~PYk-jNYaX|B!$2$&T48RsX*gSTYywD z5Kveia$WLdEOzasWu^x?jPInKUD)oYI%$!3u}1zJvr7bjOHPgHzEL+#%&p$?^6Jv8 zypTM(ij7Io<d zH*csMO0#!hDhD^NfT9Gp!g-tj66%X!^p_1NMb?FZ9w~(lZgvT3REG(A1eLux`>U*q zU|7)RJZMZjc$j4FVS(%|j}-*|Suv0*hZe6S$b-gBc7aJNpQ>0@VeUZ;`;-T3Uv`^$ znHAx*=!eiu6#4set`bE}1f|o$DeJ&+jAU0u92dDuz# zqoQ~?g4JC~WJpdX`x_`I3DAG6%?jF?tRme(ry-H>{dhQY#ByjPf-z)jnJP?VZy5!Z zd9Cx8Y(!qRmHx91tY32rJ2W~waL}-7>O)J)*vPQa)?zVJ5BpzfDD$70Z_BB!23R50va;If6w&qazVe!_b ztS-xCC`)2lA%|rN+|VHh6)`KcJV7!510{~zJnBRf95PrOj>iO^u?aZg{M*re$1nTiLkgH2f3Q!_&iBM#7e=Z%8*% z)Kt1H-ZVU(9-VH;x(X0jQay@NgqoWXoaa%}1UCXo(qj;YGX)d|ccP`KIViRv)jo{v zt@Vw=8`7cLAgsE!y16ag!l8}rqlTqh;`Oaw-GA zRM!Vds#{vB$Cb2?64kZMp@xQ{#=0g!n}xdJXeD_j5!d*_9;vPwkuGRxZyh0;(=9b% z1LRQR*0$=Fw$i$~R-{4u*w#3@rFv9pGv#6)%lox#&AN-L8|zJIqG?RJB~?8d4G-cp zclSazs8b$kISyR8LTybgSv^LyrrVdpRK@>kZ^5;~+7|8ihN#UlZwrETJXzl}3hpeB8P~XIT>W9IJ!5FP?tsd5ppD5Jc z)|5;SYp-v}P6CYmoTq5=2lDWAoB!acx~-b~-Hda?j;VWlLpq+WZfVSoitw=Z$fzLO znudCi+zPSMH3BAo5JWYPjRwU=Cz7VZpeBRpoV#_`UZ%L zY#?M$u6UClNu#tn1Y7t))Bdk%A0Ge+tLYYUTYf- z5P!^*2t`&9ow=x-mMRo&8q+wur5Ymwjx}XL{y26)Ws$XDOtgJevuGYM&QuAA5f!g* z9GPlP<0Ka4SYK_330JqF(c{X}kc)Ng4GpQbmQ*@D(zt8dAcc%{hkzsjH@Y@9wz;~I zdZw!zVJL!xj1hL(bnF?z?V>f19NDNO_`Al8wvJq54wzF!S!23pT-PLB-Ka}vp_X+c zq^PmJEt`NG@Qc)BeIhk*hwHQMaJ^_r*EBUktofE?dQ{VB>W5mknP4+Lkuphfvx$uh zzKMW7RExwuZkCaT7BQ;5p{>5TA)R+8f)v5@$=;YM>T&DqL>)X5)wn&hiq^*J=GGBS zzR(#Be>1;oTGAL_l#ZjNI2v_&YD9Y*4JEQC(c=(V)Os-6hJjHd#st!_C9u@cor~Ku zthyG{G}|~Zl6Ox*pVps}Ms5Tgr?su6zB!%eQC)|zRuN3|(Y458KxRUIwpe3C~u{CL5 zK==c+xwf>i0cSM@EOm8kE3O`yE^KP5g(q24;~=-N?4jn-eFE#Yx;oL=)R@G&uBELW z_YA~Dw_@gV6z|8?6$zcstYP_iiLpmGkJKPc z9{mmx-%K+;=SZfT8_>3#N1~-UIcl^Yjb^K!Q83QSh(-?MGAscbzM`)#yhzWo} zl6S|0A3XB&@e^ieil3~Zfrf6hWi(Ahx|w2~jr%Cphh!HG{vb_b{goE+S~`&hN!v>9 z`nGX{(m|!r5=g!3#Km|(fene9YwGLiz7FfKVYC`)sZWFDrcuq+ zEx`Z`)i#rei1?lYPP%I++Zsg*lOxqWYE*TLS(+o0(amOUfvOu@GejAx&P=2m>O{18 z6s?Wehg}fvB=gwiPyS9poxB9jWtqDzX98yg`#f}a&Z96ZdaAKP#W^mBn7ZPoMhL=D z)op=G;ItX;mXIOlq&m)-;jWo=3~Z`zWQV_A8PkGWMSaaUVa7_rteb*cz46MgmFcCl z@#bpf`G}gDreH~!sHw+{%`MIFu&4L;$C*byyE67=JeaYFv5c{Xv6=B~#w!^oGEQTh z!}u}dPmDc&@XOtdaTmq|7{iPy#x&y@j8`(=!8n<5CgVKDj~TyZ{Ebol=$F3%HWm%An7?u`8zV~pjDBN)dqUdlL;@iE3ZjPn_PWK=)<zMN;~5`je3S7fM)ixI@5YQf zG9JV@i19?mlNrxr9MAYL<8zE3Fn-A>fA!1Rg0U~-5sZb5<&5==r!ii^cn{-KjBhe7 zU|h<$igA+_ez`j_9?Ce7aVTR0{E5-|%`a~=#$6c?VJu=i zk?~~4a~Q8>ypQoI#<`3O7?(0;7&rUfFLzhQ!x;xMRx%D}JcaQx#@iU5VtkYF3&vj= z*ZIRQXM4tj7zZ()$ap&AWsEm6-pBX~<5!FwjO%y!`S)S$&sfHIGUFAD4=~PPe2wuN zM)jwkUoXbP7|R%kGmd4vnDIu&2N`EDzQMSd@kho#88=+X{lItxV=?0}#umnN8Lwcx znQ;>148}JYzhGR!xX~)Vyqy>iVI06%$ymeK%y>5A1jhRqpJ05IaX#Y`#^sD+wO?*e z#%&mPW!#VPD8^#Op^OcTr!bz!csb()#)*s%Gd{sMhw&Z81&rS@IvKxyTQcs=7-p#@>v3F&@NN#8}CA664v7S1{hj zIGJ%K9uaUaIR z7~_mX7)LUm$#^N_^^A8hPGOwM_y*%=jLR9F_5AX;WITj%0OL@`X2x?FuVB1`@lnP% z7?&`vV06~^%UO?cGsc}5_h#(R7-Otp9M0IpcqZdzj1w5|V|<)(7USEDpE7>Q_!DCX zqubN3XHUkh82d2p!*~SaAjV3@YQ}oTaf}x--op3@<1EH`jGr=o&G;*0j}82KZNj)a z<6(@2j48%y#s%{ZCyDaP51?=miC{DJWg#$5TA4vhOS9?lqMOfU{* z9Labl;}wi|Fh0aMlkqjiPZ+;o{FQN?jr{s-#n_8+f5syik72B4Y+*c&@j}M&jCU|T z%J@9vn~Vz?e_~w4xcGr!&65_&Vc!#>I@^G5*fzZsyl_GsbNh zcV|45aR6f_V*}$EjF&K8%XmNIbjF#CZ!<1t{Fza0?$={u#$6cuF&@cS%6Kee4P!gw z>5LaK-oiME@kz$#8Q)=?&$yWJd&b`x-7Wn3t;e`2V{gWN84qJDWGrT^VjRxc$ap&A z1&rev?_iw5ID_#;#<`5|GcIOa%D942Zt2&1UB=BBcV^t1@hHY)7>6;AVmyWMBF1YO z?_-?G_$=caj7u5+WL$eIzdjo=?#S4WF~V5MSkHJ0x+9Hi6j`W;2-0vt|pmW!7w^w(e%O zQQN|72eZA}0j8JQQS~;ak6N?YN#)GWY8SOD%x*Bd!|VaGC(K^|q3NqSo4wUOd8VJ* zSM8_vUxPV7<;;QVKy{GnuMSp+s6$~6Q-`Y~V2)HrsiWD1R9Hn|qH8oU<(mRk2r~et zC~F3)fof1E6IaDqQ=&>cnS?r~i%F`KDpTdgRH(|V8LS4YA?jFl9L!L4ygI>{D%I7T zsH)YlE~ZBP-J^!jj2Wr^Gt;0tn^9_%YJ_QmX@)sD&$Or()e6%F z(+)FQjbSrZ`DUE*%_-_sHm9l6Va`xz!knef&NJtzbJcn3e06~_7pi}6E>ai6T%s;j zm#KfL%VDliSHfHcb2ZF0#*A0v)wSw6b$y2*;Rky+1uI^A1)t%}t zb+@_)=3aH5x?ep2^B~MaY#vr*Cc#WrkElmsrWi9-J*K9q$Bmh;o={J!r(kBlJPq>< zn`af7=hRG?S?YQ9f_f2Vwt7jutX@%b)T=Oa)jXKjU|#QJ-cV%TRByq&4fBqA7v??n zzWP9Y$mSz8UwsVo3CyQz0nEZq<}>A+MQV}yTrGzALM?&$66PzIue+FU)Hmu|HcQoa z>U)?U)Q?@vGPO+o#O7!9vs(TS%`d9^y&pbG2`Qz(hwvbCje$e zVWk?vL+fnia(4;eh5+^=OW@F&Qsd9{0awpcDwj<*zkhC_9JO%P?&0=uwWIORum+n{ z8kP2c8h0&C_WVDs1&Rjc@N}d!b(6Wu7@HQ#G&AT5;=#8gwMk1?=P&+{Dg8N|DM}z( zj28+do4`$#s_3{>yhH`Hb`jR;FIR2H>*jj7Bfj_#^Ki72}*D*H7(Ucl3rN;X37i~n5rjck$Fm|bquIUXSduU|pXM*PW zg(Hdb$e*f698kky%m1OqK2h)`inWWT2SdeikfVc6MI`*WXfPUw`9qzETri7V$54X^ zs0@}asGA`iNtIp;g;W1Il$>TCit=0#Pj&JOR+KgM2`_V;0FWb!Kv+%^Y$?`O74lelf)rxiHA@IYETfT*Pb;~btJ>)ZHjbZ4cZhvcz**V(eZe<7ITfwr9*jj8OwiVlnkl0@AAbN@3 z;(F0X>?n2;?P6!Ki`Z4{CUzHlh`q#~VsFt`>?8V#eZ_uae{p~~P#h%si-X0@;t+AD zI7}Qaju1zRqs37oEFvN*VxmA4iUFcX3>1SzToj8Eafv7u32}_T`-7rfTrE#R+1Vs1f*Rsi+gf#RyR^P7)(UgBT@n4p20UlLZbD3Y?Y} zW5if7PMjhx6sL;Q#OdM;ai%y+oGs1~=Zf>h`Qid`ow!I`EG`u{h#SRaV!XIU{7YOe zt`Jv>tHib9CUFb6xLvHHD&-J)oIGAu$!htaxL!_>H_98p;1O~XV%)LDo(cHO$4|tk z#`(5*N4zUO6N~Z#|4a5=>>+L%E6EO7@aF z%8lf9atFDY+(vFKx0JnQAGy8UR_-i!kvqvf@N?NhsZd<@vx4{6??N2Ft9v10idONoN{^Z~x)6hrB3NM`1A9O0Kl&=#MbOSch(2m3wGD7H z?2l-tM7tu|4bjeLd$Z%&2s@@7l)s;$y^Iit>m#xwU{Af5?yL9K`{;h`cQEh(eIUDf z>D~0M#(uZD3F|^y2l}hRyO7h(SS^xy1wWsm0RLq7v1$vXepqBwV1!tTJtU;8_(t9= z?~-@Rd*r?HKJawEd_X?TdwyoR}qMif0fsf&HfG$Bpd?bA6h9h4@5& zsu$>w;a*EUA|I7g;x;i@ z4wWa$o8*1scD+=5C!QBCh!@3d@sfC1ydvg^SH){$u9zoY7jK9+#arTi@r76-7K;zX zLa{)6EWQ+9iO;!tKZ@_g58^%Xf%r(w7f*>9;%V`uSccG_#d7hB_*JYBzlq<)AEHC7 z601c<94@azJ1&$L$&2MB@-o=V<&p9zc{FTK%V*_G`IMYtX62J|I-4gEwg{RWR}Gi- zu#b_CiD@Wfig-fYCDzBDS%?Eo4-}hgFLS*|Y^k@_TNy6;XBjyZwjFhEy}RB+&%xg3 zW|-T}IQPf9f5n;*`M9*)Ld`CE`u8XE3T{5YV3b8KXu0VZG@#kMy-wC z`uMqeQ~d*UPT!%%!QVsjL3xL~9X=D~BsonM!?q2II#P$YhDE?)eXoe?Qk~FAxGMB< zxR%LkTu+x5nB0czTDV$topGJ3PtzB|EySt%EPcB6M>>spAucy#|5kAoTqmJ)Hmsy^)32Vy`Aoh$qzE9ta93RpT>-&MP=vPht^Ym+6&ZBy=end~wkLjs;I{Q7RXXWU4a2v}K~cOE1!&>o4>Y{iXg!FV)}auMl%Nem~*&s~(GZ z>xqft8}Y69+N8V_*OYt)V{QhnbWiX{pMQM<8pZ|k6X+JFL+d(1K8o1WMF_f@fu^0L zK}ogIY=L-x7WQ;W*@ziz7r$tPBYGK29o^-Gv>&T>@?D3n_!tK^tyTj-9!Hjt>%w% z8FYB7usXfPu(B;`5z|pz2jPeLriTL0kY~zax(2ozRI6^&r|3)crDm+03BPmn#kl@U zU!kwl9ncL5F;EVYao~ogbF zH0gwR4!!xD>C+iNvOj71m;A_1{Y$-0eNOhzy*Z3o;#A4`1Uk1A309jgI0SXei!*Hex<N|)(Vu39-uJ}+O8FUr~SCHb;^Mb440%DHl$d`-SC-;i(0x1|4!f}Tv!Q;9?L&UzP3 z+8EOA%r$zO5xO3^YjHl8VY0^MRCSsue}t-qzUw@74zyrGG(*#N1$0=X9b2m2(6jZ6 zdFf&pafNaNv5DAJ{3%w77mU`(*CEYUzo;htx+;<?i4wIwBkNDCCpL zTq@RbXL|kgo$e9dW6l-cqu##yGBH(cBKOy$^_!zD|_7Gu8FjUqG5+<$n`)Dz}JRai6{&cWdI9p88A_ zcZ!Xjo7KVYD)$z3mv~U#E$)@~i0!e0z8A9XXZ@T0UAL-@^nK!fG1oa?Uw}KpMVQ6U z$p^$s*e5)Mby_V(=?{96n2h!6qquuc6?7kc91`sb+_mZMP3y{f$JeGmjkU)!;z#+c z_*OnAewQ=FeCK256NjD%%;HtU5GUcJ-7+Wc6g!_Ne+_YrS>2M}d7l2pUDqvEKe#>J zFWnOLig*n@l2miVNzO>;9QReT&UjnDqs!E5+4aUEJxuv~lJ~Io_yFsUkHk052n_C*mOWDb^zk&Cca>u^97%)+t|#)3LSw3ew%zs$Qt}cS+h`icvIboz^P@Q2-NKRHW8QG@cC`#MfL1JbD_XOV*7IStn=?u6;pEmYH2(ZGjF5A%=MQ!{ z-zZO>=X9t))k@VvUhG`y{L5KOp5oB1XI-=Jxz1TzucQ6lPcR$0<4Uhj=69@+wv&A_ zwH>bNlj)P$LNxbS?){NDHggPI^_lhM1l3b-E+@hDt~wSmSBS?mwQ2_3r)93roS-Sy zd&bPq%mgjS9ad>7I@sJ#a zGR9~2QS-!nq^3Bv9q(oK7B^?o;^a&Ra%nfUcrBAs7H@y;dr@U5RhrPErRKJ%= zn9_Dst-ux7t1m@~)5MLLM>Cfru2d^fkD=-?d^n{l;<7?@y~ zpwSWha=egFZO3%P=#zO4EBCiCL%tOoVh6ni_S-vPcfGURRhG!X&>W<(s~syT{@LpI3D%%4rQ9djh*P5sj+^HH{x+Kv@iTl#TVzu3bglnJ79NgnatL-w| z>T={#h*|D4bQ9XuTPSrnbY<1>J26v@To>VYvnk2Xm-r@=H1)d0a6wOC{5*ESPO7%! zsLWKXr~JCrc8t%gQa+!4%7?&C(0}=TQ`@l`xy1BRwH5Ln56MLFq`o_|wq74=;@Nn@ z^cwbTg@Udq{9Z)*b@Y0g>PY^z9b018xS`${v4WYlnSKBv+l%8f zv!Kn|Rut);VwNn@lc7?cCHEF@F}ptReKLm_Iou~xf;xSK{QG1!&trpnb_;z^<{raJ zpUl?!RTBr24>7mX{jwwBYv#@8z|VaW)}w`xqW<`xcI=_|)Eg+$^K1nE$n?`&K`*qQ zX@TE{+K!z}4R*|{hadO9b{(Y~u~Pc0wEK4pd4+36DGtaBJt%7rdbhSCjh#ydxagV#88>U+T#ov zQ$yt$SmP$~H2n=ZIWyVhL*-qCRaK!_f?SW%+v>Z}ch_Zpfh(vlm84X$E-`s3v@`hC zcHE1-?xtAjQ_1B}iUxdDaQS}U?1DVWR%yl{&4IvdkCfCxzcn?w3ihPw)d8pz#R}#j z*@7C;NUzo(t6CF>#=alZ&z16e2D_=+jt1Spxdi0}=<`>nhoh`n*cFV>?YaY;o~=*M zjMjJHH$jX>m?zFc%Vt5|Y;H7f=bO3)-0y;tHqX3;YhZ3bIGHOA4l(V8^h6$4aR`Od z8Y8N&HSHv~pC4TZLQfLWgLE8WK`ErWpg4isFX6Ooez(Im5x;GW&lLS=He@-p615!< z;kUa^$i1KwS`2-ALN3ORXfJ&Qu6|y04J6nT+0-OM{cxY(T=|nY&ZUr+6k}j!h8mdZ ziD%+Hfn=Wv`%L3U_MWg)82ORi&-F5B$7(xngKM(B9{B{lOZNQU_G9O+8#|k4$Jtb9 zQ}X$n#+;I5-NM9rT=&mPo7xV4taKhPl=BOwOh2b5^;0HKYHvpG0QpC@mC)z-b(jgQ zK_83|8Xq)zDb#npj@{jLTpt=${@4n5qd8tEHqY$fkdMDU^-Fx2bH+%~w5R)+-SyaM z=Gy%h>~BLe^pSo6z@nF zjT)b23b|TOK+Gk2Lgornqo1KMuI>01+OqDo`{zD8;k;69hd*X(JH9h5{vKMHpLBV) z{#5T@pvB4M`YU$(Iagp?g(tO_=|6M_!v5s&5Avj-02e;;#A zp}V_l@?Epv>wo^7nepcjnLP|UL7ewjC04Io)w=p^)IBVoS#<L&fBTHAdB z`o>w#i_Xi=bajbtbuWdMkTl(2>aX=)PD(ukP5BGD&aHP(!U>KBw};d0N=0Y(j`N0k z^PJb5*PR+@ynfMNx$o*Wob#ILyx_d#?5xJ>+Z4_Id(=|rSACV50bOf>Gh5%GTz50G zd)yjN@a{LyZ2QQ2^fdi6R-m)g!*YsRs7jE-6h)fCZ=t{Y3{Q18mM=oj`G>sR>5wB7 zJ;S6^rR0AmPCe|0BNdzIcXgdJ+}Q@}sd9Cxx5}I)JkcGhUe_nPTkDIw;i|XMlG53_ z-trGcse8lRsUMP8qP#1dBNd(rs9BI7bmDh4omRqN{B@+_B5g^qT%(sU~H zCAZR{XQ`!5DPp~%M>tayl{!ULyTjZX*S|t&;Yiat*uzXwj`Nhd9Z!1B*3YYn@;g)i zmu0Q{nmSLnxc8dWpQ&~{%Q(xSlVx;naU^!pbn1{!9FA}|*8TV#-o@UX*p>H|Ma~2A zJ~hl~bg67ly@10yJzP4aJ4F>aD|C^wo+4JqxKq>|?^UndS>LO020C@>HSZ$#R`s1e z+d0RnMBO*{w(!Q{>GrwK%Wk{g#@iOhqBKsU?5sX@+BI?Qx2V$D5aI25viqnzPEB*C zyZzM+_ZgSYR8y=i-4)OZ9H3jh1NCj*K_=xOXMsM(nWp;dbM#Q>1gFV8L?7kVI+OKz z`abso_c?cx`-pqA_n7;*OV7H;x-Y1RyI9BE5zb(gKES1Oxr4#szG^*pfAzIASmL~jfl6grprw){jNs{ho-xkKFsZ=1n)>5fk)_2YNd@%kiwK#Ea>KSD@*9B%O=AU(*x7=bY!ATlF00 z7j+J5b~~Q+5liRlb)55b+L@~F&?8-9=?Q%RPDOWRsSr>1HgNniuX7M<8%KEqvRoEn zRk)RdmTP*>u$?nd?|@c(gJ+I~YLLFko1ph}=ma(Ky^nL4bDQ4J+24tqRmMtPt?60V z*G@(k>m!_Nobk@J&bMx@o&tv7c1!fTF4bm$^P#)GGv6)M1?p_Qz&%%g=3b1GxEnf^ z?qJkBp^tZId~D(zqhIurdTZxZcMH9xevM|4`=&e2P3d>sZE(t^Okd_~Cxut8KXxnh zr|!PavCeVM@y>xxmGiuJuro$i>T!CoKHOR4e(o-Izi{dKO4xbDi#T(=sI$bq)!9^U zreF7l=sTQ=4xRd?8je>r+{$D1DCaoc=rlRa&dJVD-RiVC?amlytaH3R)j7@i9A{up z(4>R;5^bSgnCIT7Uw7};7dUht_7dk(r%J!?UgeyqKXM<_)AT1Uy+yIm9j@s;iV?cd zxxu;7xykX*CQOra+&|s9uFvrsZoPiXz1q9R8}Gg6o}@o;k2Lf5QHN?d#lce*?h99Y z*oB_q^uTevXPo=p2i%8l|sqQHKg!`o1sGoJ|nel8sD}254sGgGT_36;ttgm}Q z&$FSv&AHt<$m#Da$Q!Zux=s2a_hGkLPjTr<*2(%Q_i5LEo^_&A?euj|)wSL%Z<=1} z{7cglt|Qf3@@n1R^mqQq-@x6-z1z9Rx!-xfxkhj9Zsm^GTf5VtCwKx-XICPe}w?j`W z_j3C<^VLqy?#|xs-cCQK$T`IMSRIP}%u!B@bF_1S8*;`u2f8umbmvUxX6GX3Lg!HT z7Uybbs&l7vmov>d%DvaQ&w0?9;5_0y?o4;ic4OWXPN8?9`;_yxLvJ`e>CA9Sy{DbG zoTT@TGsrFXzHpW}gT1BB#_sy=cJB6WZ?})Ti%U-#_i%T2_jLDhQ|>|TVeZ?q!i{)` zxcj*UUerCoE%FN7xEuExy(X{N9p#qbPTl5~d86G5ugooXhq&vi)7>-N_4sWR|E&{x z?;fehYc;-i^LoRVobNk@QJw4sr6{nx_j-4Ndy9Lkd#!t$d!2i`dy{*!dxyKyo#@`>-tFGw z&U9zH%iZtX@7-VAU)>e%AMR@RHR*Y4d24$m&h6eEUdq|n+r-<{+gfe!UF`1Q?d9#~ z_44-j4)C^78TUYMTlJ%Rkawten0L6>-#b_T@(0kGSmv_E*xp$>^m3O0evv+~_xOaOF;-puHKM-2KYcX~QI zI>Gw&pW|=HL5SbYwZmLBlLx68)b zk!?E}+!fbjvtg7&U%2+hub-Fp_U#lBettgZ7@u>! z^SXuPm-C<7pYfjk2RTmk?liIP!gbz1i2tA01LuUiC;oBHvptE^dD@)&@k9@?7S126 zgEM>UiS==!Wdoeu+X&i7It4-J7`6~wimkGzqWv?`JBr?-4^BkqpNHNPC!+h}32f){ z&^VoBPDJOQhdxRijnmcPzdR8goQF=C6VVl2&O)DH&O%rJ!?V!sd8eV*bQZc=4#Sy@ z^Th=?D}7NO@inp*PcG}^aGb-cmvl0>0Z*qJaX!~Si|e1vr39np800{Iblyvdaq<*{ zbYk>$X!*~?nH%!|=YMCfA^tgeei#4qto|nE&N%ygE>5(bpO-U5r*qYG9(qrlgbvO@ z@0&ddjsC=0=nJx^p%0fw;6$Ym{+Y^<$tx@)GAd&@=Tg`u@4u;z38IsAbXs#w@#qBS zrREIhnnM51kIriQr?#)cd2K&tk)$(bL8@!Aw!kMqI^BJpq;v1&bAvgRc4N2LH?hyn z-9mzV{s|W2i8-Wax2UB!MShGqN8T;y-*}{C8FDO_6@OW;%D)U5jFbPz;_UxW6XW>5 zh)3^_&|g)T@OAK3LqGfq#bdfiya&xv9H$lsi$!uI&f5*e+YSDip`qeQd7LvtJ}v!S zZZ$Md`-vj+CTW>d?o>Euslm=U>R9J`^M1w4SP{_K!OQevc)MbeSlj&!(&Q$b|Dybs ziU;H|=A6z=I9a?5?^n?KsW;=ST@t6A0+~mrZhV>d1x_GWiKAsTWZu!T5od;%0!il4 zN#m_y56N1bPToP(%I_f`NaoSm9r8a=eug(d4wPr&Oc3=By;-q8(#B_CV+t5pb>M{ZQoQ{UhPR%#aM@&4haJ--b~_ zshdP!oWC!Z^!~}Vc-Ml?iuJ;K7rkX4)awkK!tteN8_tMqhSn>baUF%Hu02ia^W{{J zWbAD?t$Z}jI=zOUKjwSFJCUJku4 zltx~Ah)$QPFg+-jbK>Lf>v+=w2QMfokw4+Lt=^kMSO*j-vsG} z&X6bK#WA}3JT4dEJp3f^kix0Ha`7yB;we2uJdKmf^Tcy{8BWFzkuM;xuqk7a7%pz| z=se}qco$$4-W1vx>jcV)v^s=`$gj-_@HAY)v)$(*4RU=AH`6VnsR5H)CV4oQJXXA%644V$<3gc#8N8^u}#+CZ6y7;9{=0 zRMXSdBkrkkic5TlG%TmWJ`F#*lb?-uL3S~3^OMB+R$inp!PuCOlZ*Q*Vrjm(P%RRl;tl)X zWu-$b9ieCzlZ5D8_F6dWvI|a0?Iuf5!-*=45`tJ^IT+`&2g~D3+PkT4h%-#}R_$P5 zxc8-)tOC9tqi48sI?e`%CA}x!uKap_>zo3g7nFbhTGzcqPVkE53XIO*9V+KdwbHp% zt%iFr*j4U);kfk9)3u7uS1y7)Nth9L3v!u;v2lm`!J)T9e!?s}-uVT(BaBX*Y+Qzz zQZL5|$FR)6Pr8p|r%!wQr?A7H>OG_GL!BSM?|H7-Ic6-*QM0_c&?~>DE|Hs?F)#K14sw5Ve2$l+Rlhp^ zdgc$<|8$DY%-KUzE&C$Rpf4y-#8s5%S1RUXpjRDwpDrw4hQ^fS!D2zPY!zyf zajA8$B8=)%jJrr!ZfyEHfAqbs-_XzF>^1$u@;y8m2+I#4KXT_{=}hc-I5|BR=do|q zbMf}h9h&TS8J+RHnog=x{YYCj0dEm1qbUno;`2eXfqJ7IZ_$P27L>nVh?8=?sny%$C4);d`3wi7T0h z@IGHyZst6M>)|F&SZ<3kL}nf2v-F_oAGg zcgns1t-9E>8gDW>rz7Q+&IG*GIKkxdsdGK_X(YkPeFHR^r0v8TknW-K57Qe|+CsE% zsHB$p=5w@-Y^w!5QE*I++Hha)FHc8F-ymKaLi=OAaX8vJMQ(^I#Xk&h>dhBhxLdj( zAWB#N33D|1{J`?0^kQS65hzdq;2T);kT(w@xN=u6q&Qy!ZoWw(nJ$|M;)3OG)~f>;C4N%i<|l7>HseSFpy_|zGndOUm0WEwcMIUB2;ZQ~4{hU@HX80Bz2To>YZu`9ewJB0-K z=kR>6)BW$Bf0HVgLU}p+SzS_H)Ww~P`FFNGk>kPMA$j>`GNkMNyEOkUj5Ox?ap;Mq z@201fxscw_kY_TaAsiq(SaOaCDLzt6FIjN73z z?(Vy0pU1ub8Ql_TmNJ?DS2at%PU$MV(NFL4TxQ;{&+&Cj_N|+V;!eC*dbhYo+$-pP zng@jc{>&u2IYaTM;LRC7-E@QW<_x*%4d0n!mU%bE5C5mvk2$~m_)GHqKF_n~$NA6f z)bb6@6Y9?C{=Vgz%)?@m*h_YPXDE}QcZM>V|BjZEPNQ>;d{?0BTT|HI`;itcles{W z=IUb3yK~FOudzhR^$s~v(us?^O^o}XbIW8N>=yem_IaXP$luqjbEx0)x4Px=-_i2U zCFNZIyydwx`L4$J$xL zooO(mNHUOI7?0Cg!92guyzlhOKPZ>pqNKY3-2tYXHzqrmxa4okBw5tC+y_m`D=S$~<@wlU3{tcUEoQA@{@y6JC!#Y}Q>1??r_j7NO0`}Jtr8ikb5Ildj@@E} z`Mx)*m5B2TcD&b^@7xt<^)$i0zg-T;cLD3oxw=N25NpNPKb(RejocQZ zy$hku^7U=Yp($D-_s8!~jKhn%X-!EJ*ax9hkA-+1vpaM|RL6U8vg|;k`@I+69eu!j zHSb~gk?!VE)+phuB+B&r_;Ki?mI>0zQ7>$Q6A0I%UeB4F7o%P;s+*uO^tH1uoA2Yz zRYUO3>0Hd91t`4%wI&zUex6t&4^Y&L8RY*tM#=*7elh7XK12+v>*shz@*Q$rWO|Tx z<+LC7zs<7=bXdgomx#5{d~L_q*^rKAfoa_-2>G0!nvt&U61>5_5Dd-3XkCQwJS@h@ z^GDaO;$KG38}u8U{#uBy69pQSoz&;3Bh_^!G^mdvmj!UcCvRumc~|U@;xL|M9D=hT zpJ4y^8B+O%>9!;iD*P zA->zRG14p*PpAQM2I@zCOE4}Mm{Ch3-Pgs?*lxs`-3B=iVXxx*E5tJOH`SO*q&Ap{d^ZfL*?5}HF%o*#&7^VD9SE3&p)n#Ui35ghM~DyVnXr$EVRK_ z%P)Oz%_cs3oKW%pvLc=tu2e2rbx0$eZ+DtDuv)A9mu#A8)&v zQAeY1PxEElJkPG4ZHH{+1(Hwt=kL|?LADCtCVi)=;CsoNiRoz>-S`Tqn)FXMR&j@7*k{AB*ST6xjxQt(F`e)Pa!wThpseM`eW3P z6r{03{*>oII3>LruFv82$H^k}Guf!u7s0nbo(%f;r8YeG9IASvzW5)YFnWigMBk;M z#X12licda%4t`z7;yXLAeBSk++GiFgNGqy8u0}b zpL2h%2CdBjhH0{0vmBg{(e0FN;8-k{l<(&;?i%KFC!i{U#q4v4#PJx z=xN4Ogzss%B3_6)pEu&i=aP6LzI@)uzCh9!bLlI-VVsW$n=wnWbD(?{VU&9?La6>! zTN(jDZ!R?BA?Grq4Y8<)N!#CsQSd$P&;6k#op18;pIG=;;+RVGO9?pgTS*#J(x2uu zsHBts7_(-Od&f`q@Opd>Azp|#0>BfrchW4}x=yGYJ&|Ym#O}!fEf1}^4S9)wsI$hh^ zYsipzacHm@H?A!`wymnRy}4I?YpKf8xd*MGIZfs1q^s1--V!9E& z=D(co+qbc)S9J~j|LDEy@c%{E`YBg89&IcG2K#t&xsR#ie4KNKmKe+XBBP z{4dRQ4NYVA>IDjRZR?e8G$aPW!_qa??XBr7L9n;>O2!7pB4wfzbIt9oBl-@jt{K@Y z$Wb(*6ck=NuCaPleNC@X=}}EB<3Mq*apS7||3A9Quh?$83;O%J_|!q2WB-%*==fG- zKCHSnXpdjIpBsnn+`5h^D2m4-1%=U6B0faG5(`BJL{o#3p`vI%a>t{gXp}6Wc)TDP zi$#+aXsjQlJP{3*#S*b(swhs!Y3fY>Up9OOR7PVJMIa#_jYM!MDk&FNzGI_~9@$K3Nn?3C=AMHB2X>r3D3G zItKsJ61EhF2E__XOQZ1PA`{W#P;yXlQ7Q#W;2j5>fJ8EpEUthh5|4$FKuS3BEX1BL|MjV#KFii23jN;8CqdN2XtRe*_5 zR9GSkD$8QYV(#T=QONJ@P#GF&`n9AY8N#70F(4LC;H$Z)c%-zv!~_|#{5Ds_l0^kW z(1cJK1~px|o_;_wR4GtN5P_Z;luBUg3QV?6?$iKuZAm0ES4@~s0a-yG z24TE3M7^2kK%V|w3YEvph@t<(-rImjc2;MC7vmUPaft9Z4mieKY}(jPtGi15L%Xp} zm#Rvwa!abBN>X>bY1}1Msk_{zs!EmAKek|ccv#|)geVS62w{oV%MgYoj6xWPF$6k} zy%I<+$_Ic-;>q<<1d1%;9ceg@3OQdK%V#tJg5MAY*BC*MOCcjZu&W)qMjZd&UTTGScBXUYHKb50GgZx>V zDCQB<-3*!@NsaFhWZ85vi=5>51ND)YbBJ(#;e@mNP=U`Dr?MGSLzzg*t}}L^Z;Q5Ks=0GJv;3a5yP6PcS7tN+4A%rVcyB{6S}=RB)gG z>gkEYg{)&L#&JkO{b+J|5s`(oE0peZ@PBN`*+1k=3^}P`lutArrYIMk;Ylz>*+mVT z8ym}_z@kbpb+~DLNYjbT(Ed@>-OwPvpPEz$c}ic$^OPv#*@KG6j%OT1MaDUZ3N1_I z$dRT1;}vC8U&n^i`bu?A2Dz?Oa=3n^gv_DkD`tn#TvEMkoF#23@Il)WQ%|Y8gjh(A zPNI=EwQ9z+0F*Ngk2ESbsu$rKt&b!kJJKmMaj1Wl8}P{ZsLsp>xTxAzN~(pClc|`q$8#aw(A`4-yf4z)4CRXxY2*e|e>&8m${tVcWz~f)FDrwxsjtx4d#9QaRfXwzQM}+CJr3k*={a*0nDCoe zL2fo>k~@9~AFBC$))~q=BS=@MIEGw0G)j?LLP12Nq7z=-$?;6yL6tv_`o}~l z+61aSJr?F=40x0Plxt)jyclgw71n*jpb!a)dKLKtEuTYqtCW4KfrN0fhfL)FO|)2} zHbAtaKnj@1q6dX96hgyT$|@pGOKl$2LVDx?5)`G4UZ@G17)OPS*4W9Ku&2>@Xye^| zqw3q_>=c1dZ7q`A2iO$c_w;GXlEu&Yi**Ox+Fs=%BT-bX+ee?&SWVwpeiUH zE=)LZBDKQA7(kO!__s9?_^xd$G@=j$LbqIBl(rBo7z<|12Fwag@ZqsvLwA3{-Olv z!6Bbgx=>4xv4$eR#Edtz52W9@3XrcRRY;8a%AGq?B$?Q}QbRqCDrXcKEPcSFgz}Qw zl;j|Xq4D()C@9ocqG1|!h>H<)m|s&x6gosRehFntDA)5mPD0&bqG;$aiq11F>3y)7l+UkGUDJd9J&Xne-IL|p=9J@Pi-oi zhcR^js2@-&rk!+YidychgSsm>h9N5@DLmxT`h_w`esY3>PI*)^hABXk1qys|Dvi+- zx2+~JsD>18DBmR++e*HpFDBM~Zm)IqeRDiQ>L4N`Q;1DR%Jc*>XvvTYG~VN;1`=tM zZdxRCrYHhUWko$vnubAT=j<=$Ckxc=F?~1GPKa`J5%TCti)07gV`$WLvbSJUIe^s8+f6XK05po*gN1*`(paVTn(WQ1Qz-D2HYmjM|RWHo_{{AdoB`W|n}}`+>Bb-E$X>5Mn#L!S z=Dqy9P#p0lS~}3LJm`?PzT1!vH@^aZ6widaY?FU|;@{8j$K@MY@Bf$hyIkav^?Sb_ z{}QrEhF|8tzW-}{P#&O1^MaN|b#GMWnc6{}MmhQ-l*xN=YwQ&Meg=OXItA*~ zaq2UPx~+|y$y&If?6o+3IOkAJcQ@`WtKlr|+i=34o;Sm8z)swDb{OY^58~Ty+>VyU z?(QAVK1>FuP|v*%w%#+aH*gJZOmk3^-izNU{9TN_fv@F*W%yRxPR_v0O@xKarb7#)3x|_J^r?v zx1D00fpEK_5iH|F;~Pzi+=!UH1#!9)82YvsF}wqQZpAyb7Nm6=r*2l;sZRf{GXGwO^m!dxsn_Fg04aP8{=EkOh~heYr7y1m*H`%BA{cw* z3O*yqpD!~lYzFWm{G%55Ench2ZL9rz8S><-5I;YK7=0~b;%bEII>f;q^PO7V>&*8X z(E?M-QXabrq1lf3xYGQ4Bi!VAqr}e}5kI#W7v1icglm_HBWi7TAvP#(Z$pew{QNB9 z=M5%)hLHQ{ALYLN)PcdjI}j6hATC~q*!UU5$E%V0SHaRoKWuLNIO4K*?AYj2>z=s%e}(FyMq6S;J=*+ z>eny$y9NIV3-1Vix8P4%`1LPx`duXWAq&4I_{U$za$jlTR|Wqe!GCjmP`~qnpB4Pa zEc}Y#2L<1@@XLb#;kC^7b_>5G_%8{*&%&P*{09X8^=(1@T7sVz`~w#LnBcbwzG2}D zg8%+&neSc;zfbUw3jPucpAh{0g8%A3P(N4jZx{SWEPTJMP|I>Ap{_+x^9_G*^9&B7N1|B&Fne{)d3eS&|F;2*W{ z3BeZyf4_xy1%IvJ-)`ai1^@JGSnkah-VywRf`9I&pnmIr!0G=k!9Q%_*91Q<`1e`( zRl#2^_&Y89dBH#VYL*FVqcKP32fS@<=FZhoM{>d#t z{Z<6u7W}6z{IcM07yLUd{F31N1b>HxKPULFU&(T>vhXdzKOp!g-VoI9nBW_N|CEI< z2!5~N@3HXv1b>O(hb??U@L&BmEcXfv?+X4Sg8%mQLH+s#f4AU2Vc{LY?-u+i3%~w3 zY5xU3WZ~BY|M(Rw_mzUz{gP|azfiaPhs;mi$1L}<1G&2qb6vgj@MvgKa0-0qhxddt0Rxz{YW`xT4caxYu%HOuY( ziA8U@mo4|2<#r#p=q>lM z?S9pwx7^E?d(CpY|EEQ7xtA^Xn&o!CX3<;jWpNMgDwNxuYI_)4wXwsvSUq0r%(u(5 zZ96xZESxx7s?Lwr8YfFF>_tt+9^h47NF{EZ{p{M-8^z89e zB`Vr=TB5i7TR=bDu2vC;nf9qjHG0b53HnT@RX-a^x;g#R^>#e<2I)6gsPsyEQlO{) zpwBl(8!uS?4$#le_GHjg{_a9$tbDS%zuAmU!=Chen7(wjGhdyH4nXwC8^zy_v4t~Z%}Qj#o7}U3{=1QXv+Z`Xoql2RcTxM_ zYDH$8P02_2afXbxKEI&!L;oe+Y@Hp#$;1~#e+$W{o!7&4oN$a}(KG!h{Zk9`%^sC- zPkO5V(>Qw?8~Yoi-;Qi!=Ec-M82?cJuT-5`h^{?0kbjG*KibVxwb&}SSNI1L8D#!; z^XzDI=H!8DWFhQDpG+33F=UeaHqt-cu9oMkJ;e8{zXnnN6)MmGTYszb(L=bN`tMHH zYcHn#qV^+GE5}xT8`U3_|DkzdrWTuvdg_n<|L|$5{OZkeObPBqKbWBML*wUs1BnnB zj9&D~-59^)7+9|^crW@v^uM!b(Ep{}8xsS)=#%LGdGwLB#|HV&v>(;^c~qcreW;%D zcToFZN@rqZQz7U{|EAK3=IPSH++4XGS@<@hAI#Qg3&RI`i0>_bM*-*4$KpG08_CD` zW2{E)SG)#2!;k)7p?Mm;-)6lw6CDFR>33vWbEWxmkLtU3_)&l0fOEX^8-@Q(TytmJ zrn_p0;oSls+{f5mEhwc_vT+u5JWiG#~(k3;BJUv*Sj8mQ|_ zUlY9g|8sGxTqRQf>z4oi|BKT{<4OG|!+mIHCr#?)=CjT%sdl@3R$YdKafRfdDK!-g zV5>9m={-J@kSFw((b`dm*}*H?Yx9~Dvmj3P4BH2Bs7psa=+9)pP2|GXH#mGx9OHOD zHp}p<0zCy|UJ640*l|hUlMH`&8^iGv41Yvv7B`-EQ8 z_gBTOd{vI(mj$o+h12CkAkE-%lEE>GVr!(S$WB+xoCYZ(F6_a<*k) zR$$@;EW!wijKfr_tu`#4%vZ_dWTUgtYBk$%xx~_?4dgu@_nVx)dw!MU)mdhEtH2(l z22~LHJ3q>FpAvY{zi0RO|HklUalcKV^4%x&SBt+VA7KBQj&V@at0nZBULId5|4V{b z|108Fx#~X|(dSbfK`oyNBw4*wZ_ei`zS0Scd)*>kNCrH4V^JCqg)062KjZi>{0@iv zzW>PZ5rL|M>Yot*c6gJaF|U)UAzREBDsw!Pb9EQipytRV<-uk^>x?0?ppjaKgzooEPRXO@63N=eOCUA;WGl2 zR^zWF{u5Svkfb?_z?dD!%+sx*lMXsU?Roq*TMl(AF|m5wp&yRU(n6;NgGCOeI~L|p zfVoQ5@~zV2;p(5W{`Wo4djHZtGkiaG_w?@!D3Yc2`$ zT^9Oj!EX~7SMK!tJ}F=8La*`L|7{MB^3^aXJ|TEJ|7!Wd(nZcJepoGFpnOGmLjJer zOdK8ro33PS{w#*G4$q1Czmy%+TbfgKFLDo{PEel78D$A9#kg_Ax}ZXD-{ z6p6!f@Ay)A3fD#6V;R;H#F&TfhBNB5rMY+ z{{J2w{+Kzvu$d>d`Q#P!@p89c(k2TnINgr*rI~7lj=5ub?05quZw?j^RTn>85q%!I zDs4XZU&rv%0@bhP?^W?1%0Iz5J!4+#I3}0NvsDa#uvUrr@_HTnp)hfcN&AjN?KL{C zb<=QTXH=sDYmgJosq#X7-l zdnv`?n%>XwYXa@?eO&x&_>zISLeoQ(iO0>=Vf}y2^4Ci&_j^+e69*aE@)P1eR6fFU zo>YHzXTi1hP=*4Rgr76b^2RF+-z!kPYx=H;e+|FllTmZ-C?T|Z(4C5e2_OuM$I54F za|?53K4K1=3}*Dp!P@)@7}TVtD@+}uJ2Y!j+bi0pZC8m53r}(UediqO{m{D@J||Fp ztNtzVABw-IIa8|Ou#$3;Cu8B7s#Q;WjysyQhBz`9+Lzih5jDWN$ouB6vtDbz$?%#F zGqm;V|C{LYpS0$LP2&V3l4g+=zZjiVYMt_Qz3R-ATU3P1Bv1z<76;|bnXT0^3*^ku zngZoat}Dlin5W%VDbK4KA-E#?jC_&xz4c2B&j?fkjo-(_zvd5GOZVo29hp~_p{QBl za7Jh5oe@loImI$fRp}haCR@3}(;Q!y{w?eEt#yX4{(FYDel77IO8?-TH`SiVy51x( zxg)zItHST{e`0wfFUuH_?-ppwUl;!xKZ=jp^GQP%TE%f@=G%3oUd^e{o|3lHsyGYT z*_tM#vI)V~-*WtX^wq4_JwL9-{QZT*s=H9e;E&D3u+Qm#>bj2fUlSFU3c ztJ!WY96#a6B>z0kQOW>ls^T?X!J@BI2CcI3-sjCB$OqU-*6FU_f{7Y>eof%d3%plg zQ{aq1*v&NlVeH00{aJa2PoVnK_*)hKq5KtI({NBZcem+A)E&e-@pml$ z)kj(G6K`jD?OhCQ`33PGk{_`r*pX!_f5Jg0n#!opcVKcEX@ZGJn#M#m?aXvenKsST z9bN0zm}gccBH+5{^T<7{@5H}lxFk?XH2(UZ(s(ueul$8{oubsO8b9}hyQ=%gXHhA zo(g|a^0B%V{-%8Y-vvG@@b3k_>_0J|R|!OGIpi=oPRtK(;2x z#?eo}`VH>q>G>r7AFfZ9f1l;{Kg96U0(%kz*)Q~KpJTd@|;aL7d4(GQ7s&CcrDb-Kr-;)WF!&?O$EV~CfUD8Wc9#OFHJx<@xewpQd z>~V%q2vi!C-xB|!_9bG?pZeI|GJZ@?YgPDt=1*DfMc-n0yFgq1daQiEFo_Rr8GwyF zW4bghDhmID!~fKGSnjze8Gc@%Ex#rHL*WnY*;LBja8>wC|1HaX_9=!pKFv_6HU8Jd zfB$o=x8l+NHD^B1*!ow%747Vk{O<}~aG~7u7J5-Rnm=tABCtNJh`bZea(LGNj^S2u zt9K3Gs`yvAiXWssZGk1KPea1U z*i|lJxFY-(zsGW)d5+-~&ofjCmA@J%A8R(gJ#|f`+XyC}=kOo;KFeGC2Zq;(Tj^DP zLHyg{A535bhdsfvBY1O>59TYvukQye_x^um__#n@{%V|j{|M_y-REr(VX( z&0EFJ(0R+=kQaXO9|}L6iSw^-Zc>32;rGo;S^k+z7%snpVJQ5u@~!o`P0CMvpTocB za+c@*B*RzsN6RmWe>?oiTl~9WHz}ObU-*6eRV?q&6%5}mFckh6`GdQIYkiw7hKYaV z@Q?m9%YF1p3HMb3MFB7U#lIbX?3bf65rI9;n~8-L;a7My%ln?d#A~AEuZsWHKybg+ zAkANSYhjxWJ;uL3ko12Y%iDPk!wsuR|H$<$_dC}yoDjDyzaakY@Fz|Cqw8DU>UT-}ufKu$zJCkD zRe?7D74aWRUz}MB>{;GK*ob%k4>^4I-N16UzLDVxfwugF_z%hVug}mBeUn*iN%$SR zk>zG?Vt7uVEq^6W{tkQ3v_`-d@9r+;<%j+M%;DcUz;cJSGh9wERKHrj6XM@a-$6RF zOnavF%%h4|1~G6+_&v0PgQyC-?aFOm9*)snqXqJ@J*@Ebkj{VmPuV zT7E+O+u={{@bCHV=I@sH|HduM@0h?33)E=Q_+5(OKS*b)Fze$#Q?Qv}t_#0!?Pd8N zelx>w2(;z*zl`G}l)ra{_jGSYeoOd$=r)$yFK|?#Eq^Iaej>0ZeKVpB>viGxoqa6- zVuAAlZTXj8#NpTUMYT=K2i*i!0)Ykbe*#y$&~t5;;qWj+@#bjywk-aNPu}9+^So4@7yowtM)@_TwRkz8D=2X>$Jh5@3Y?w~ zzLnwE1e%ZdQT_$-Z}X@AM|ZM)^D((1{60Rxav#GTQuOQ*w{hS{<*$l=&A*Dr{vh9( zkj>|>#E)_KAIH5f^nBlrEneR-*=H;&lzh{rK+={?ufy!Uy zuZn*={DV6~XDT+OMB)+-$C0=$(##Ff8qE1F_wQ$;O7N~ z!XGD}#$Wz3u^M`O9zJaj%j*o&tTTIh{%mW5jSC{U@CuHf(KhS%i8BnZIV3y2u;)_pHzNA7Z%s zbJ6jcx?&4=l+=GefrA`pB1Pinm+f5|CP&G57hrY zTR09~n2D$r{Z5Fc)R>6KUeVT|Cst0ezH!3+S|Y5ot()3QtnBn z`15;8+S}r}q^X8M=qD`Ql`BLLWAy=-ZP8_v=2jdnYC%4$qJQFToDTQAo#BH5)whQC zDGjf#|4{wn*{X8j;Byu9l`I(0syu&*UI8h*lGEdcI?HV|7=A*aEx#rH?es}nHn&i@ znuUIE1ByAzrQEu3Rrr1Iog)97$QP(Sz3_|wgcp9ltsf(`HV=U7fcfA_Y8r>R9P5}# z#6c8KQ4>!p)@l7D$Is9Mtk)yI&CvO{K=G;iEs1~CPZ`mfaLXnTw3OD6H&8gKnVD** zgUwwhz3S7un5;KrL@o`bM9MoQR@oUG9MnUbtp<%F@v&T)Sj;$aeSS1S3@=1#q>W?(Wj%+uORtqRiH9UV*Y@S)X0f^ z-`*73!J}KNQWfkT#I@@UV?GH73O9IEj_UW7=UK03{voK}KB-UFM6cZvV7|*!$~MNk z=2)ap=K2*JzwQjkgzD)sz{V0!>((r;wW9E`zDZt?M` za%{My@&-BF5AJ68U4iOf_4~N`_v$adr8MZFSJ!P)mHsO^er_FRx!dkwc(*`XenR|f z{3t#dv>8Z>@IB@m=&>aH?mNPAKRM0tGcyd8zZZT>KGvaqwhkedZ07hk)J0U)R%PB( z!^BT<{9NzeW5DjTNJpeX8YdXXc?8crLo2*2rHXL&2X z!SES@>R;n$)snCHq-~Rp&OVzK7Laz~Ep#GPNnFL@zw@_Q?#KTF!|w=G{wlv9{x$rH zPX=uY(NJy(H`@7*!^(M1%v%lNIvww-R~(n6bMqw}&6}Agqiz^wP#Y2YD9NY-1+I%e z{g1KUyT8n^El|Cy{{27A;SK9g8hbYBNPo4^6beJMCMqcimqgxU-(tN!{}&9O7pT5f zzm+)sXnd*~dE--DsoAUZ2#|M+c9($(TLLN(Wg znv3~1jEW`UxAHv89r-@PcMG)TuZaIp`b62Rq*U_k;A-Wp92xe%hQq(-q7n1q>n~?` z#l;NOx5j@${DZV=BGxY`Z@y*fK3V9sGu^w#U^$sa?H_=i@ zWxjc`+K4-?8xC#jYL4H_Z|3-XPlDm|0+mAJcS-zf{!+X-AE-g_b=FFg`O-3`>9YYPIFadlj3uA;nzEj>8>gasWm4Ai#jk(k;{x-^AbC zziEm}_o``_uYeQ>t;5h+Bt`KfxUF^MXlF12o3@69hXS+M`N16-m*Q3{{ z{mD%E?Cah1iR#Qr_e8bca)-eIy~3Z{C&x-K7^*31V*FVDWir-?Wv?_m9{Oi1v z;&FZinbdES*Ax#mlImbk=qxnocR&85QxY*AP<{#v*K+(^`unWUrJrY*5vcxDzn1t9 zmG20ft>`ToGpgF1>tX!?HzDIHU97!3u)2(4V-Z2vg!X9vUdQ@h`2_3zz~3%t}Bci(qeuKPWPZxg6KHU3t_e>i_(9P6`MtaPXYk*H)0 zmeLz(YhKIF)vw4IFA85F?z9E``T?Xaid=$L|wA%We}``~VtJF$o1 zl0aMjjpAS9hsHN_ut%b$fF09?;@Ff%#)f5ZN%%c8%yOT)gW($vFtp{bSn?H5^QV5B z>j*hrB9D52Pg=$)(tkaN|Kmqk-kxI&=LIT%jsJxB*YGQz#=ky;kyO|UMKdy>PPus* zE2Ft5!$0PpZCn>Wird{Y-7C5E3wH_VAT`fGmW=6}pq(3(X=AsCx+BJyDb{o4GdN!b zqpNM)-GGC1zGT<_0M3&wRNWTsL#$LQuP3`dwTf%LcHDBi>L%QGy1RGn+OZ40giRFk z!W%gL&iy>c+nFVXpAo3>qw#k_{A>Kt`Bcx=GsPN0#%5wv`&nfX30H;R#D`h#@JATF zOP~^|{B=vd;*++`W@I2T{jfiu_u?@s4;8j>_}4zka=*L6aNF-PRQ@WzCH^)1iYNOy z!8;S6K+$hQ+c6fdoFWbs`<_+dxBNMlck>q+&I(koDt}%4>%5cV<7{?Ql8`CbxJtHg z1BXBH7|VVBOAL2@nW6Gm`7QAu3P08FU7NGc@ac(adyZ^>@BjxZiTQ>@zq7LfCaQBS zImztH=qga)y2v~8SFF#Kf6cHUP`#^u{cq&(g!Hp*ic`&xNoq0^?v!Rs(Z(S}Sf;9; z!Xb4hH%CU`M0x2>1v}j;xi?%9ecq3oU+KC05{B;-sMMpm6}IVrsNaTcP_eltBz!5q|IPlkf{15vXJ;e>F}%rJq@b z=-TAoj0%aHIQ$>|36}rJR^b z(enGZM~5Hh*Jzz7?s#Nu6tsljlSf4EVTPZ)Gg|&qoO~=dVsdw(R===purB--kFvar z1@055ihJpwhz`G*zw+kNeGQBZUw9UjoOZa`H$?~sjFkBO8%U_C-Z~AxM`bT$v{;K$2nPF}%o#*J@iL*)RIRChd!@qP7%N<^1*mws+TYf?Ohr&hTtf1c%k@;wZn5@^dWh<_b7D<1jZoF}@_ zKFo^nd-r`T_dUPB@Hv6XU(4UB__yPq*MBf$Ewk0J1zs5nOzh$CfB2VJ?&p7z;Z||0 zca>id{~`I5|Gl}r%}Pi47k-8JvD|O`GQ%syZOdPclaKzRH&4C!6vmz;KVaZTSW9Z-?Kk-^-nTn+`mfuL!^TZ?N3&eUM>7+_wDHIQewG#G7B-yatIk zbNJogWVs*z5X0{XwB?V8e+|Ex-9fURzPJ}1 zkb1>!H0NLJvu*$C1H_ z!s-9Y|IFbY5~z9?1poCfGX7lx?-V%x1^#~Xd4_KjsPy}U{%Y~}o-=b7JEMefCa$Zn|Xw3hSxpHP~%JEcSY!NPR-S*g zfN?)J&rtPP6a2db|FDH$75up1-)G^^3;t@s-)Z4j1pnj=%e}$EFAM(Dg8yzOsNa&{ z-zoSnSom{-zeDivweT&$UnTe{3x7=TPfWAi>nwah@ShU=v+baM`viZF;2*N^3BeBw z{yi4n75o)~FIxD1!GF8Va<8@Uj^IBb_@{p^sNecHr~fIzKWO3C1V1GBcUkyV!M{@Q z;}-tB;JbETTw%|W);gYM&x8Ofv;n&AF{dWugl!adt{6&Hvvhb^dfBY!ReWiszFZd4${+n|_{Z<4&EBKFD z_+`Nl3chXOmjwUAw=v(_E&Msbe@XCt7QQ9;4+#G2^`L&o1V1hK2P}L+@Y@96u<-i? z|NSG(cdvy{2>wyQUt-~1!QU_VubvF**Dv_D3;rV(-VyxGg1_6sua9#2KX)hd-EHC5 z1plz$FS78ff`6ajAHO@O-+95`Dfkar_!Yt5Aoy7ezbyFg9%jCS7Jfi*2>u}ppAh`8;NN56UBO==c--8rT{8pw1^?{{{(h~6cLe_l z!9OkiFzsJD1x|l;@3Y+JEcbcKy>7Yt-x}nXu-pa9ea>>9x7=%%+bIV5yOw*ObO0Zuf0Le#b2LvgKa0-0o3}-f}Nl?(>#=-E#N8 zJ;-mL6U;u1G4iWU29`iOJya0OIV5$qKVe*hXSr}EHAv`8oWJ8wm62fD>nl8c6 zmY@k_`*48qSI&%z`J>@l2-qv|pV(|0$p5p@VJ`)ibQ6dwCu8a?r| zJ@CALNXaAR)B22h2+5}n_E8KDgAmb#_|f_g?Vk~bA-vh(cL>$5!3Fw_ zScK_)3(Ol4BNSnJ+8~VuS~()N5sNUrIbhgbVBUa1m_D?C)ssV*p7bx2=^8`2$FwJL zWcaCm8tw{!(OA~e{csn7Bl5G z8rflHo zrJr?yfW;vsPwzXh{HcVH|77rjfEY3*j|d-iSjECVSK~cdgyo}tD3(v-j*!!h(G9E5 z2>B*|)^oWA4sG=mZNdfiG1tLnweoAeU) zA2gtD6NUV%J#g_D!n0v=n~kSK$iKPZ8|@2{$h%cEmO4s*zk%#9VMw0Zn~u|8?LmiG znJ|R-;ehi@Z8Ms46hzP?e|ZL&W2Ab~7mcp0Y3 zojuzUZ`zhjxMStB?%qq->G6mS$HTE0G7H58P95!V# zg;I8+P|O$Tb${S>B1bkTj0fNARJNEKK1|<@!7GCK{6wahn=+nLlN0&k&}fD{7!!)a zqmw1vshKI@{5X9}m&kgqGkkC&TO1qB@28KMT*|!oFK z`X9E&vJ>NzV>nT40^`|c>spKR9d_o|JBD!XnT-SD95U&r2kOBT7JXrUojeu~jO9wD z-1vUDAf)RkW(%XKbhi6J>;h!R(?$nC7`&O7EIEad!>rZFVZ9Da&f7@Y)^7%+Y*Mt~j~BNMAI z$HL~E$>gfu;ZDX`;LgIGDIK7En=lu?v;Rz~FnZXy)xY;;G((oR{H(+sw2lQ2Y6AwZ z$ZLcq+s=eYA%6f;TIP%96{a_{x&0=Evs2me3CRpN6rCP3`DZwl&SZxXA(RQm62qe@ z&Pj+E1b;l62B)!nMl)&fTWKVJ5UGL;j|^pAG?|AFQpOt1r%Wa&93DD=)Xt3~{l+Is z+4LloE~a3YKMi{Z$d2?SH*xqt7LhZO8s8uIl0k5ad8BmL6QU*?B!j-7&Se|~g$_(lJSRsYzffH&@juo6KXCymnO6TxFF9uShIf|`J4jEyBGHwCX`zdo#VaXP! zvKf==Ch(bDDV-{sV${V@J~f;8Og)e-mXLSIKmbR80|hC6I$%dhQ^@7U3i+Z*2#UP@ zMOb=pD2idI2F1qI2P8e6Gg&$dv&gvKJeNH9iU$wu=uwn}n~(J0SV z`<%YM@%%(~uRC#~>drP{4eK<9bZ)an^?ApgL*p}Db&un!?gj~&hp#GHo93)rZk+X4 zO;!iV~Tz`kV=-!LA&KxK#k|8nvYT8;#CkhU{ zbSG4Np74F>crExLoesK<{od04LN3pom9g+OM^Sr7(t%) z#aDJ_W@rIsl3`o#9v@rpGc3lP^o7ar6n@5vG%m|-nCT5qrBuD#p3B0-CF0t=8-em} z^5RUDlUDeYP1j(0B?r9U$3!ptuc>3Tn>qd8NmcRtjPsg z7qJ91(wv9wuy!>M>v-rM&3nn9@rAhqitBv3=!NZGnoK=dn?F&gH5xLT&_z}e=t552 z_mbHRvRRX3yBRirn)k>yPLyHcu);nhOksosQR0idQTCyZ?_>jeXL0#>rhSS^6bixO zy{KkrJtZ|WUpob3fV0i^DBIQJm>npOFAkIwTa#M{0ntEvO7q91wp%7*)avGN&X z{(^el90%qbx^$=l8Z&3dN-rH>)M>eVXQG*JS5TX66rWVN`Rc6!O4y9qBTo}}DELbB;AJseL(T!G4FEQ>Q>O$5OuUP z=4gkn(8hqjjUzXcjhWfwl~lW0?wKj9@X>SuQBx;#tXip+-72k9xRnLE&fP5(DM+Lj z8bK2#FD>XLdD~{l12JOjPx)C}laW%Pcj4;h2TdQBXd9#|nFBWcVYKP^ibkDONB>qe zr`9P{4{kv24>{9^^k=iLI0P&gQJ}g3u8T$rcw zMcT)fn2$9D2Dh>g&$7n{#e*aBm_}o|DeJzx~UOr-nwe+5H=(^<@y~C9>2; z6*oIqZ6Buw-6aN8A}+h^GGs%StLG>WoNS?bRP>nKzd?@MNDnYTfiwBd6wp|GERS}& ziaw^Zo8``CWJ+$N59fSRX$}*b)wb3{v3kW2*!p3#&1GqW_>z30Nhc}iX4)9Cy3}iH zwlP17-v3y$QA4MkGC%1kbPT-quooGJ%+|BSbupQu^w!LKsT`v(6T7HQD;S2iUGQ@& z6o!t`)+-N|zVT$54x%qDh|oCJw6CV?>J8i$UH|ZP(d~xAjKLP&?hq6OlN4BVb=bP- z%6OHS;0&fvP%Rf2f-ahR6Q4{cT+278{liW;1LIAo5;f3-bl;$oc+tapc|%AuvRrgM zw>PBpedEzF28nbtQFlzq9GRbtC1H>dfwl&Q_z)T_F1luLNd84J<`X|WM8rjn3pH38 zuDIbB)RHVuLq<@syr?1LA{r+%R&*EbQ6l0XG%z$a(!icDQ3HrT_yWD=Mc3}6ExO@u z(V}~BND2?6_`18yn8RWBKH)KPpvd`)2B&6(NI55>n?jtKZ|rat0(=dI=R#%by=#>T zAv%WSSL%;Wky+S|)Gug#ebrd>5Lm()YSq1TMa$dql~qY?`YJ)C!sZ|P`s1&QGX-zM zc(Hp&h}X#aEjlbz4yC@qLJ+MTM>Hu?FuL`U2}Za-67+|8IOFdup1HY7#XWIi@7&y8 z8jzI75r>i+J^Ap@)^FW`Su^iQcVfkBPR-Rx0E>g z4m15YFp0UOUS0-J`^SmY^g;+|n;?gM(FC1-Bb6mxg|6G4gaw!&i9dAgnWskABE4YI zanV>^UX-hZ7O`r$FjvLLW^0i$&|;ur<#Y*rqIgE~yOj6nq4Gq};=PDAZf;N}F+)Ys z=vjDnefbDD%ic2?bACtf@T6x-bp3<`YQU&^?*P>Rm>Zj+l%n@i_2)3dojqf21{uXj zeiYMSqh=cHs3bU4#cX+uYA#KXd*Pry&QUi;F-;HEE0$#_>#-sc^c;I6H6|`7zKPDW zF^n=YG})Y;U1UIph0SY&evt_mO@>-DmWX3`iXN$Y4(kJ9KVCr>e`JZoJpvt%hW(m= znap5*C?Er_sYPlHw?o~P3Kpm35q{l`BVm3-XjAUOjFPm zF%<|lro&N&4K(GL;+0A%W_#+X+1VNf8E47eKxY_J@$LB<<^ztt!^^iOD=rRT?|qLj zhRUc%F8P70YOXp5Ol3KsHRym;p#yqho4YuGu0Pwn?efubp(*8VGPiL2NC^%qAlHgS z%QJKpSroYU$UukozZ|8C5=$j5RBC~it#_uSgkpYU<@U+3TBl>CG%kn()1zE@K1t+Rf8LR7|~yW_q?*g={g26%_ans2Y`#1N6vSF`X&S@4zD^ zaPwS`3c~2YcYPS~V-bEysQ5$kfwhg3rB;<1Ij9T&9d_99aBWMSx zE;xF`lvcAcgi>_WMdFumm(x(YRyhu*X22tfy-BogXs8jKO7&E(a>V>5QFzdYyHyvD zZ;w!1^yaH>(aN6DRu&MmfzcG*deghg)kUE<9mUZK0SwHLv8azVP&~L;%rDBVuIQ!A zHBVK=1@ys*#e+kOCY+UnLrCV_+#F4AQg9cGsm1X;e&}*n_@xdD7VJ3IeEk(3npYMx zHJTqKnccf%@zJ|G78uj%!Yp_Nt?J@<)9+Naj#s`n85xxB91oaHZu1?t=-u$R1j6koT>Sl@lw3qAED+O5t#W8`_H(-OV3Tb7!|ob+hr5cM>UVEt<` zJ>RYml{?kSQSSS`5I&_Ut_DKYP9@{A%czGqTVANoqYPYlElFydD4>_BnV_RL?%`^o zkp2!1t{Sg&mpm1^BS;5nK)pEu?&wE0W1K)_Nw}L!d0+StZ(h7_l>U;si+1Y0WYHc9X)u3nT0hMdKU&449Kr;t zmrEkkO8mvl;BcKzJs{B#>>ov+65`mJRy6LkkGJUpY2lti+ zWfmixQhqcieK#JB??4LreN#iR*$OO>KE3J%N;NcF8z-LTB44^&jnqq4n}k~zN(GKA zf4WPWrGIwE*3u4>WD&(xlC|q6kX}p>l@GcE7n<@%EDBhea<#c=`8V zAU*u~K+*&2H&n%9HzjrUP^aS_=oD=xqFw_PR$e?sCXX#WRyhoI1AAA5kfFUg&7fX< zP$y4?!yjA|XIq$F^`_|-X#&BUi(9m2;*Lrbd;EU%<*i%U`SZ(poFENF&g2 z3-jZC$B{Fpqy7SzN;p0JXo(y52f8nmqs>qDQ@>Dl+VAo7;~7-2TYO07`Up>?8-A=9Rk z*N(Sfx?Ui&2)*ody-<#}epb3(D7&8Ndcn*jyx6~{29{h}yH!W*Bycaf4yJ3klYANn zG0a5y49Y8(G|+#a#Y8NYI`7p9R+@^t{TtNu6|IPwJ&`YsI7%lw9*i7p zR>FCRmn={rIXN^Q3m6Ag>)174`O(Qiy3%0*tot=yG9fYPlTIU0*ghOc<> zX&R&lRSX@?Y10y46`3^@ajdH)5Bg#&S{rGxY5!xmA-!I$wxUVG{KzI zJyWh!+SN|yD4pmVI!pU}qoORFo@Q6ZLcJ=HOp7gx1C+4T%ue9U7ab^fGnouF5Jh!S zxI=`DHC&#-v>t*?+tc1nBu7Yj_$n4A*eu$3JEiVm1Kq((9-;dLGaX85P^A$GiT6+#2(OL>=O!0tf7G}j@Iix#c2!>V40k^$9y>a-lU3wmyth(&t1`cMV64xC= z)queZY-ybAJ|@3V79+jWVL8#fQ2gUL`O+=KZvkf?5742(;Jg?PY90@UFJG_t!`mHi zb!Z7L21P?&9WT&!vuNdc!K`HZB+Z-X=bu?r$>Sj}G%={hLJ!8q{& zVd1{4*uU|QWzq3*bMx*T&bpJagX!x0=_N8ClzGs5{J>W{j9N2&)Z;4$DBI(l@GbfE{*j!c|rwwnvbPyA>^vAyrU z%W!4_I~om?9g+0j-GZt5c$Id<)=M;E-RS0Z)tJmn>5uxiL&t*$U^fiI0_W3 zcozqw&E7ztuEtmf+5Vx!wIMXPGCv6u@xiT$KF%V(V~p8SW6+Hs><%$ILD&`$f=?$i zOe?^4fN^UnC)nsB>!-O*fWr0!=$HNzGKH+#)j5cy#4;ONdCskzu;wQBJ!f zR-x?F7>p)m2h#b{Xtq>>!iIhVTwk#9qVhEMaiUMX^?d3sQ+qeTt9=L7n4_ne#%_NOGIcV&742t z2`-$@_uPK}#L4usHlPsp%#<1{PaUc>sC0L{FMMcVs^XUeqd#ndh#R`vI4M;_elngA z1tMU$IzMwl`vHDm8b8#U%idvBan!oriiRDVfNL~5aKY(i&PC44or|3xb1rdS;auum z=JYu~?p*Htg!4-0pE zkB(H7E>z$qioxV)r&cO=Mozc=eu7t0^q}XfVlC2FTtJ$Tj;~fl1s?k>$K&PymE-B+ zFEc#!6^8xd@A-e`NBuwiCyakW;6;zK`%>}0Zu$SL`1^*y=LJ3`{w%c|{jN~uep2Y{ z`!>HK-=7g^^HcYp-{bIp_A?9*{U?UY0v&9iZe}(#8q4N36PUd6BkMdKfd~9gzx9?B6Jns8g z(RfvQg(~0Xqu&)OpZESY^Le5AX?|3BiEpufAN)kLewq)}ze4@4Q29La$(L5YW8Y-` z5+8qY`YE4#{=F;ze4@4a9#LZzVg!Q=llihw<3Hs-zil2 zs+U6ju2A`W|94-Uers%AGzt#{B)5-xW>;#RtAn~6zEQEI`dj6 zx6!}NPv1>vRBm=?q|>TaoFeR2oOMh)U3JW<3VfVwkiE%v~eSX3gz)zi{+2-1|32}r`ggC92=Z0es`$V8=^+2Bo@IAYpz`nk9P6X}T`<~AKPG%Vh2wZD zKmHg*?qZ`5m2L)l5qV%m^nGAG7{05&$L=YC8otM@@Fo4%Vj!&DODrs2iYxJ-}cTFo(lWd{YMOpNe0i^$+JN zwOPzop&+@KZo#Ud+ksI{$00M6kc)vR#_bs0vRyh1ri>n4t6{AQ#%i~rm~~u~v^Fgh zV%70BH*sdmAqq+%V|0Mcm6?+oimu{hmWkBG(2k9e!JcvEHfF{VAp!R>@j~sgj@#Tq z1+#$Afu3IeOA9lw4B4U6TR|ew#e|n;EMWM-(@%pN3|EnTbv26)7U?HmDP1^DxE%B%IE4&Ga*|lk0z+Pn5e&MH!(ea6>;>56%wR^jEv}>vTL%W*y<4^o(wvX$>c=hH zc2xYIx6C*$c``oDPv1|xh>}II;yCBO$o0X{<)g;^?2j{iRNzB>?EZk@9}{Ri<7Y+a z-y{Bt0<~R@gG#?7^dEaJSiYaSl;ytRGKN~dzajp${!%{sWc;@-c=g|Zp2MelCIi>l zD7EA4q|tS*klaZtGPKDmW2R`lLDem0J9?a_*jgoE?is6j5V)DzwyW2Q=wJLvjt6c3 z-f#uGj|tT9u8MywoPvLH)n=I(EO>WvKcW#D7SCT>seB zmu4bxrv4=6MS`kpuL>0i?1T5A>&1)YE_^!O#krR%bdJ;iM;yKnUmpzLQ-kdOYl%4qG zxT{CU%ceo292Sj03m~lo$)Kmt&0}p4&HNl~*FJ@X$px&QNQa<|PkBCezs=1x;EhZM zqYqHwl~cEc_R!qQf!S&t_;N8>Ez^x+V0{}5!9(cj8s=)1h~{iwT6WE>{>Cc@tJr$Y^b`ib{tJNq*_*wd6&VTQ_J(#{XkVz2K)rv{@DvMaZDOTAth8``Q-?K)yZ;>DDv!lSJJgZqQ}4<2B5L!j#468|Cn zBd-rbzA09*cnbUBZYhmhTd?3m_9ApGLhl6Fi+)<8g5AMLFwE_vSGrj`Gu{!S2egCA~TK+`2a}q{{=3VNYUO>F1 z(ka(0AfszX&t~-QCW&E&uv`v+$}7=>KU0`O6#7Z&nZWH*$ge-hP4pRgS`Wq3;{6wdb(2 zzv_CHS5SYO^~3JM85MKf^t7E0aY3 zwIi73#~LOwK;Kwxrrk7y#mQC$<%NcVvgRrhqcHcu@e zk6(5qNI0H843x2Q`bHi@lAR@tQDH}Erba{BIhZNHW|9GS9>3+|WiYP8OB?HcbQsO- zh`|U|mtKt`6|`R1v4dSV_)j|`x0>rw&}z=ZzA)uodO+W8M)?vIwAQ+yiLgkZJ^#a} zVe+}!fl?B$?i|Iy3=NkTI0n$r&S8DLhTRQrA%g`nl9N4yu9qoxXaUEHcV*IJnY+>x z#nHP8nY)G$-lbOp-Gv)(=ms7u_WNAoav||;MHQ1f!}W5{8F34c+$)k&|v?J zd!zaFer~c;uFu)#Y^%(kcD7}P58|ynjknYgy*24AkGIxIycK8!rUMpF+&rDqql}oU zW2?7hrGWuiEjAxLzimtuVyT;|U>CezXrDlWZotZ)aQph+p9{9HZin4(6R7R$s`$6t zR}Abb{_7o8#(0y=(jse~b!srn)dAW4R;Go?l7pt9%o`~Y#{B;k78;S z(?k(nUPd4%(o~SCx}6j*9~*P9MW?!*EZOaKwhRm=I$O3SZ^8Txa$MWlj*>UC9eY1$ zFy_eY1U6Nd%o4v6z-t#J%bI(g?c27sEA{5_ZS!+2`a|GQB3))V(^?=+u#k&_-Eyy^ zLj!e}wt!sc-tLA-v7AqnHO;ms(nM94AIi3$-&l2SqKVT;k-TIq?ZOl4gT2liVzmw1 z6L)pW9ZrGm*ut=VdZDwuHB;Mey2I_xcE2|-N-}0=j7tX<_L_MTnktcx8WZNbQ)r`% zpyENhhpDx_PT!UR#4}=iSH;;6OJ5BSgKtSenAd@U0f+v&6ogH7=-U=dywHEwD83~z zSQ+qsw$j^P?}xo$k@SD;GoIZ~?o*AU;P_NAHRhVrVy;|4gYiQAb6fav%&l8)Df`w* zTwRuR>1L|pn7M??>4Ww$59aO6+&)@|>#3*TsGg>iO)!9m`Vv(!jS`TrC_Z*3I__R~ zOTA)3WYJ-JY$RQfJE}5lsDyb)o&z(CB76`Qh92cy8jG{!p`GZU*9I#n=VaSt}zCsEzaHt9YuT&%Yr_qXLHa_Q8lGmQ3j z6uxoc+vGSd@IvCFm<|jc+6z5kv=v1ov2E~>iyaH*vM%WO<@a%Y^p666_E*?_MBpz9 z{G7n21old28BzX_@FHia02H{L$ zDxA6`ytitG@gCP)rb~eOP0E#*z`PenXts2=pp~El-)4W+8$0No7!)ED5siZC;gAn; zOx8!|38Vw$DiT-Ql@2%)sRHh0EaubLWQ0rP(wSm@%qe9{unwIb&6jXf9}@JyI9(Ho z?TRPRgThG{Wq~j{B8INl#Ks`%2qEv&6#JGATG)ZX9rgMd@dV#p41LzL@Z5bq2B1<;qPCF23lr(DQU;%E94{K#rJ`mnnHir?VZer%Kz0G{T+awq5(D zw|AT!+Y$!u7ML8Amp){Zsy|Or{8C>HdxGm`H0vOm@i&ojhSN?aGmH(GT>+fqXvpr4 z4Iw+0Pn$kZH@aL}Y8;p$OY|5W)9MLFRi80V@Bd`vhEkgnma|%^jzN-a6*FS#hnp6& z|C6#opa`Nm+_4MQp+*^1mD+KZ`bvCs>2E_Odb69Yms_;a5c7H%Yj?1ELghfN1EAH| z04v@v8DRdk-{N}ZWy=g-CGh9|h2ZN&PBKPbD(1WD_tp*Y>MstKh2BiZPuIO&D$pXHhAjblSMNk*XF1Iqt` zjwinSNsjkF6Zm_-!)_b?v)~WK;BEgG>Q?!EeWu}t(PeWo-1LViXZ8iYT#tIlZW63^ zWTK24Q_u=zyb^#H#F#u@dt=q->^sUI-4SR%)Pax!jkX9E@6~bVfKT&4DKnCLbY8em zqxwba-<7W#_C@L+;V-Bcb(g!I@CJTnKP+8WV#;mm1WGR|1QcO@#mK_vLU4`g2L2{? zI(-}wGact34)|BiiY>pI**JIZotW~yLa~}(~FyQF*aMzOwR>i$>OXa{#8V{x#k^!8#zZEqp-)C#+Jif*s z;ZPw*Jf1)Ff@H~qlZlSE;0`AeeYn~|+mDtK#$o-9<69SMm`e_Q9$vtrNa(BVax#(6 z9S<*#C`f&jDBafE^i2HfLeGwqA0Ebi-RN=RfO-y_qz}89thwnJ8BJgE1sq++Xkrq* zSTha#W^-Q^@6^D2SctPYL-V+p?_-O)=GI{PLWibM?@!mO=&mUeqRa-aK&a3w zQatSOh946i3U>)fb3HOk*b9F_(?X1K?8KA~^AW^mX$7e3-RU|OHoe64p}5J;8KXBu z1{8X`ecS?5|BXhVGU7CinaNEa1B_G5%%s1Kz`b5+vw+}*4uSJ!3CQrsLLD&eeNl2d zm&KRI7shWG>wMAW`-Sl{CVX)Y8$&f3^j;{FU~`6nLA8xRm)9LaFK1v!0-Yl2j+!*} z{ZRb)oG;=P`O8q#s#E>O;!Ru!;jkR;`l_Hehq>L!`C1*-VYTDRq>fACS-#zcdBJYg z!=-_qsRwbT38q!&Xx?L@*{q|iMe3y8z!$6!6B?1ovpRk6_%k(DR9{?pac8y>V8+Kz zshCD6lY6o>=eVn*?wvbvA3KJ}LxQA1&~_Q~>eOGovK>VfceEd(pR7}(HAot@4eZ#D zVI*dAkdT-tB$M+rD}aFw)zDP5ol=2(PNW8s1H1O~8;FQ@H-qFL?xUBL3B!d4V+EM@ zM(oqL9Fr|{G}FBv6Axxul=Rw3Gcn0sX6S|;r(HK36~{d=D-{n$-y!9++z+1!;YB zOCZ^y3k_B5oVDEJd9)VYc6YBsV_RUZ(3apF4I#oML;Qs*H_s1=Cit(>K@PrAulwGz+4hL_1FfuaBlc!w+YDnIv${jd3Qe zd;Msy8|BSE#@(3MBQ*Ua7qhnEj?#@o`*Wy4FlEqHp-bm)5lkC#V>)g7j-s>b*&zEa zfxLC)iB)}`M>Q=M&fL*)Le$g?E&oy$k#_00KP1xuwB^Ix_*I^3qT5fzprvM{#Vu-= zP7{_l+lCagK7ekbIGM%F=4i?6Y3nm1MGP?5@)B0B_#%08udYSR`X=`eImy92$gpOM zx2ctpuI8#ecXL|!!!3Pcb5EUSs<2%B(haxL$*PS@*VNMxDf;Qs6){0gTW@ssi}vI4 zW$x6R+7IXsXG_j_cYMSb*dd^LB$VqeucH&>0D6qnsPhq1s3iI@4uCfei+@5h$WLAD zf2xVKxZ^q%r?@DHI?5ArO-83vML}*TQL?(2`7p3Y(8jJtbbf;OzwXz$_A*})vnhVkOol%DLImK~3 z+C05M&`nfgSKnzTkA>8}`EHzzz#>IlM9X)F{Fw05_TWbPEEYkEv^0YYG^{z)04Jxf z>z^z4-dg(o)9f-@?4FO`KP_D1D&n33oSxjU2ac|m@fNu#etQvE{X6uEKyhKK%Ikm2 z>&G8E#q)H!fA+aGb`Sm~LtQ`ae}?^s){l3XRoz^!fu1zBZx$+;J*N(9aIfG6Yq%ux z9{elTKy1*X`-i++9PHxzWsaGnlZ5o}Ml#*WX;Z-)gyRAA^7mgaNw>DIQHR*TLP!7L5k z1Kue#an_?xauHfCb6`PcgRrB@+!cN*6mx}aDR(EDuhGfU2$_O&4uU329-ShV=~5%K zR+mntN3sV;vg0V^L+Z|8j>}yAIhN04ofL$P$s~}23n7c?Tz;Gu{L}gI;T$@ox#GlO zOca$y@&`+qVs0v%N>AjbNI$w_622yKP8&gl_h|lLHj~Lt<YFg!X$yW0M-3Anqd#P7}5AqHyrr%|FQQjP?Dv0eb}`z@=haQAp~=X4_wKN zm_^+)-8~QOHde(&R6%| z@A3cs-|PSVpYzpfeaT;ulCGnQ)z(U_nJiYG0b>i5RztNdXKhhMrD^=G8?{+N9izF` zSg5bCo3*(W#9OO0(1UBzx7yO`VvPt#I3XalwX)o-%`dOCsNAv)`Dm*KCI^sJd#176 zs)dHNyDh*}Um}c+>Q#tf=j$y0tOL~mCvIi6$)?^|Yc9`LS_-m@dz64k)&2A*Q5sCPDmDLrD?h5j8N;DQKAhTCnHTZ~LURrq8uz~!XCbcGT zRa>ZF=CxLm*6Qr_8pg0$ukyF{2EUbIIM=MS=BulVXjvJDs19fs9M@X46|cEEJG-c3 ziH;IaSL?+?AL_pD=g<4b7J1w!zip}S@6TKQq4VcTwDZ>Yx5a`0fy5SNSI-|pRM$&U z_vubbLNoj~`9})>*L=Rh>+q*vq|aYxslz{S`5peL>4gBL!YqN5sJKDhi($YG1lL0o z6~A$YY+eU%hMI3+5_a$68ZNpY&>-9e9~2H>M6X_4T}@3+f`wuS64?CP6cVPW_kQp( z`5Ep15B(?k{(sG1)#nXMz5fl%@BMd-PF;+mN&ykk(+E7=FT~!WrY{*hAODIx{2w@{ z&%bY}!~f_XkDz~EQ-Ih=48$;2&I2e(VQg%Rh$8UG=0rynmvL2Ih=vIl=Cs+nqaubU zY1mh#o+dO(T~V`9A4}G)q^i-u<9(|&2QF29-e3ovbCbpl9D%{F<(9)WUARk2-KW)|uMdok6^jk96Gb@0p;>9@fh(fTJBx;qp#p)qb z>`}vB|FjWe;)sTjbwe*HsHv}^&rooq--CrMg?D4o_cp==;bUlXjAA!N$_hxbx?X|Z zp;G=D`f!=8>Y+6$)n;v~Q>t7(Gy*@=m`ic{WaFmj!TszyiX;B})c>RFap|J2*O$Fs z(=T~i(=T4oG%Jz+wP)r364X!m_W~56`1fv0?=9)`Gxq&GmP#i4^HwWAZ~4B&(ouGu z{@(YKcU$=v?y3I;ulFgl*Ln%TDDK_NRhYdlv2D*vBK~qp3hxAp1 ze9QtBU2ropqa$&zD%{O|SYW1I7_zVLtJzr8VcadT*9|wJASsi66MGT1pi$lBV%|5u zj@A>wH<@Z>`<`uW+&G=By$hkl0DP#4O^7RSYjuQ-Y7!U@P3qwQtUzK*my$6Ky`F5` z98m4@=mBJ>LY-bse&6W?-;_E=;-QizpkvTiLhtB@k!)`wmpb>tCCXe4jHmn#+l{`) zT*$^So{(81Qcu)|VXGjM8kPu5OhD4KR6sEKIpm&p2biM?{QagT#R&>___~A$FD0*i zSs+J@YwIz?IJeqAd=@P(F{&N!&KI_>!6T7`o2C zQROqX)(o`YZ?=Uty4oJ>Q|}Z-PgRaGiQ6zyIBhvOBlYa<_fjZkj_z*?-HHg(P|_#p zso>=}!o^G<+s~=W5lL6>1FtN1`Q+u4CZYB#0$y7OZ5zZC8wGJWpV(K0O^0MfD62N8 zt0VR`P*>FN#S$jPC$wWWUsQTZyKe{(({mAlOs+E8c_smDyZ3a07~6vsMT zjUcGRW*lYZ@2LFw%2E0%z@pujxV?v(ZYPmlp{&uQ(>}!EB`$tYQqp{VY58ls<=-eQ zXLu-|jVCFW8(*yPp)CsgO9~hsj51>{VDtVLm9F{emeNsvKfdyf`rNnF>6=Z<@At#U zmB0w(4bJuZwMS}Iu98~{wqxsBgPMI}+ne)c6nT0U?rqWR=uBo@G-P)aeGB6F*ic9D zadLZ}Ga`ZPyP5~a1p3%mWOpJO0tdY^kQqfDLT({MV05t#y`P18Rutu^3KYM>45N7# z?opW)7C_9-3$m*z4dV6NY%3y*1mzlJ(mvemm@%1$+gK80nU+j;NN{Fn^VfcXgHH1b znq1f$DA^3o!44Sry>V*bAa$y)q&&Fg*pkE)AuA7a1KYQT+JjwY1FD7Ol=v{gYs?c@ zfLZY1CW|?fl=dBR?g(Q(22e?vOi_z zBKa(2Yd1+>oCr=8#_AQot_mkAhl@2m=3|PV z8|GZ^12<5aZ6_)ZF6>qhwn?y#Wh^WXp_==8X)Lx;{V7|ACtZJuEkGE`WD6^aR!dS` z0ZDFZiUcz)Tr1hYRMJeo~u6GOzBRS9v8q6kP`t8?L`>pORymxl8hw zwG(Oub2vLv@Gx8+r?5ufB82*f{=D|=;C0Dsi3xBYdEnwHd7ao6$_vRrt3NRTqwXtI z^5nMwSpuh-KxSAoohEP8(_!=iZ>Vob-+_3F4kwmpMz6=y@@!Nx2Ip}sXXTe(gMDD( z)hsVM*S33W;2lE)3QFE2VM6TP=$#n_I;Q}tq}{ax_{)dkxhQXpL1|F^+_4E!G%vKp z=JNod^CsS!hUzcvkHMD&@U*prcYP3?puw#x*Ui6`kocfH zOJA3cpO@^=+Fy$y;)B_ybx1OU$1c`bO2k>sArXU>@FYKUzrqxtkquaqRp{lnJ3M-` zUx9MPKB6`jFeDJQ(XnKtWxyD2Sh3{}*UCD|yOKT!FAqwpGP1lGkL(M@e8=D+31}EG zze@4Ibx=S;zybV92=Pvx;5-IKBcRa#Lidx1i4=ZfALlkZgqPMX3}ZLRy$Ji^jA@lJ z`^oZSh0+%0#P#DKko=i}R`TJW(0ltQE&Z|&>hrh%6Bed~z#4&V15^WF1}N`LAB%a5w} zKa}^sV*O9C_dE!naPLc%Klrl0qw~o5gWvSa`uq!)I)Cta%kTU_+uoC@ixKY*+`?7a zxhP8_9}Ctw!k#idmXexMlwTqim->0&dX0O;uP5i?+>>T_~3U`1BshI8@_mT z4kjLI3NE)bQ7j1hvB^Ww*F~4^pg*RtYyD7q)4^3Go%NtRMF)uJ0>rBMZouRmv;h0! z`dE9pZfiZFqlHY+3juM~lOO}uY%;diy}7lkuIA1?W==!d7J@5jPDPaK>BRL9W7P$C zpyTMb98Jc<$2On*9i11KEPb=3ueNmOKGO{=m!gf+><4>auJiYezmcE6@A?<|{BxH2 z{C(c?56|CRSEKo>@&Dqfn|=*707X*1p|KYoZ$UXK8Ym1|nB1Ff5ZyalR6rs!@dvI1 z+2fQoiPNP_^e(<;!3IRATj4j*K$|1h>K!nO=k=;Afnis*^ki_@JAjWrx(viW*uyaK z*h--Zzk@OdBOOXJ3Z1R4Y+eSqUIF!I4UW3$k{OT6C$U0o zLmQp1W5l;+9FdRC=cMs26-Mr?9nmgz!(g(-I3;lBE#O0L3fR}R58^6^`T&#-rP5ja z^APsWN~cnr^WAeqKimca@#n@|*8w*dB9ymb39drF17cxm(NP4%5%r-D@IjdF&>Jns z2I#?5!{3Pfg2zH3m<$0uozr<_e)KDK{{8x=^Yib6f1=NyvDD|^Im_?!4`EdVThclF zlOouocqz6Qq)w`hMPK36YJv_ZuFbtZ_Y_>0MKM&CB#Q{gfa<;?lwtTSozKUu`3(o%17mqSgU}%M z0d|Xf07CgrbkB3o$*_B=zhvmZw7%Sc7!NS z0gsqM=9)71MoS(-T!#=t`anuM# z(oU>{s^By$N5J6|N9Q4qz-Y=80jWK6JRFQu1eY2X|MbY}KsAxP8;tB!a&~H(HuY1} z9sK(Q|CySSe<$VN>GPL1=%#LJl0TRlnx213emwQ9PwAA(|H~*!GD4WHSxp%(NyeT=?{E5PTx(fLzNoZ1H~7y9wM#;DowKkwoo<5 zAt42WnF;O~auosXU~CMYYpCNic=LWddQS28uCG!&Ie+H8=k)nwmOB0>Ex+T>>zSS$ z#vE}9b6Qiw5tLOt`d8A~6`V_T|L{+uu z4~Mn#a34#wB$wm4^~Wfb>qFyYAK%8)1w^Qr>-F~_4dR(S&M<0elb@-AJ&*_{m;^bk zu`_4HsI!?NKuD?nNgO?&IkQ^3T2G4=h|R0jk|85`OPag|_WAH+O?u)C)h@TyT@Ct@ z0Hv1qRCB5EH9CLRUY(ymZ@r?=-)X7OpH0i}^Ji*0n<1Pps=Qh2w+CIBFgczIKH8VY ze*fQEL^0iIaiCZ{GCrRQC%z__?!8*^^U25a_~}2R&p&3V8l#C5kgLT&sd}C)-WBD)<4HL_~`a=i`Hg4q)+zagS6G z?IH=*V+xpHunB#eo2iPp&nJb~G#(4z4793`2R2Vc-lWn{Y8?+>R(FTKCH_&R-J8(y|I;_-$A7=8&o5XS#^3S}jX&aNWh3sVmGY->;mc0} zxenqjfGE337EhG1r2T4#_aX2P8vPBlZR5`N@swhqu>(S7hF;Xw9livaTsM{|Wyv}S zgM+n+p5A$^FnTNOs1&By&H7wxEE%8cK|Nc!?8pSAtn}QVyZ+dCa8x^9xqTBF3;lhF zv1uunp4)?u?{)b(fUiBzD)}_WDjgG-W*Zl>OWc}zZSasQjg7DFA{Z5HKZE1bp&ZdC znk~|~ZUpCW`CO)PCFj)FU?7FHX`8MKRec;E4|lS0iob=n93LNVl0`ZG+9xkhP0t?g zcL(@+>FHVgJ9R~pEBZ8jnUAlN1Q;G4SF8y1LUd>Elt2wH32;6e-{dl#JphdHe`q1B zHUZxz;J67*VCBq8?!ftZ?@nwyO4c`yFrXY95^O2sO4mo_;KW}|GQDuI2yIJ^f(o-} zPiB!-23Vr{bkdM}Dse3_+!4Uz&W!-T-X7z)q`L<@flrOijv9`4>5!9#18Yq*III>FcHz z5kQS9&!{#@0a(Ic*|gFzRhO^Sa?UNwar(s~uNsPfaAHS!NV*KN4h}z}l{-FO?|@&a zQ#q_zc0$hKo|+DM z>7t%L|7bIR{><3(ZA<<9dE}Dj_w(n8Y!8+ddh2g%JuiJjKK<%<>a%};`@8h{7cHNs zKWfjOes`gqzxM;$QyP52)!Cl%84=t?7O;dyNV50pT=lO3(y<|b-vwt%r+ftNuXW)x z6#9d>onW`1r@)!qg)VX(K7-IiSRT21jQ0fRU%1X3?5qVwr|3PpdSxJbq?AdP`2=eO2v#O@H)$;;?$;6rH+8M;4<$zU!SsLbaHtI$`sJA6?M$%DilP6HL*Y*5+217OSFz)^d&mK5*~JmRYm{zz~A# z7)TLe*}c%+kg-Mnv$>VQ`VPQGOhh#n_0V=Nk?W(Zoc1zk8|xk&K89+aF}o>(oIM$_|Y5>Bm4=B!cm}oHU!!s)Hwp*shR!x z1gf`6s_D3XN%A!$xAbOo_*$T>Up&B^Xk&_ zQ$L~4=RT-uIRCy@^S?0A^ohCk-X+|Plte=m+R^j?hOH+gMZ`kwu zET5P2wAjBFF1=Mgy?a_kHtq+*Q-|Nnd+P5!^?H8%lGan~pV#N9*HcW3@ICcg+Rvwc zpeb3syrf3El)`)D4&fAHVy^DF-cO&!0_TmE7Ef^{B{nc)|2 z!B^Rb=0yR)C7gDSl~72aIjs;8nUgNSRsp$AKC>E6Y5%_a7xMj^`6Ye6ZK?Nf)AD=& zrlzwVuvZU({{)Q;M5Q$TlcIqtkH_OjTu-;)K=8>VK3n;F=tVKZ$(}`Tpe_MSjf@bM zg3x2QOcVqdUgy#DpMITNf!E8q{r>g@Bnj#*UW$jWi~4o3Fp>_Re&D1xc7nY_G~ zU2LpOCHN;-5Oo_=a4DGF=<BQ~lbYCri+03{jZo%+rNnyy1So=aL+OT!Z?KL(H+Z;Ov1H-wx6w9!@Mqtb98aQ zaKS%R4)%L~k@7H2;0*~)-)e*4kAnxH1I*93vFp@M+S)nT(J%w+VBYfHU@twDkMPUv z!J^{+qBXGJI@r;?Ca~pr&(Mj{+z2Sa??|k)J|n;c+*v~4n?;!LXC3CF zLrfs-Bg!5XV}jTQKaOooO-(cx-Y_Y_o3`7aF!r^HUB)G7?=s&}-`x=-C(x1gd1a&O zIGJruWgLb@m;u;8d%mG{5;&nWX9>WKrcLU6$CSadWDt#&VZ_n1TOqx zrt@11C>i=_-$V(ysGwutvYqpKHDs}GIN`zSM}RQb+F_&K-nANDQ*|i%vu~ogy<&dW z)E}pm!}5ii=D+}ks1-pd&>bit`JYvQ%?untjoR*?*sx1nl11RJ#R|N3&*jjK_$K=n z;5N-q-pl27Ki7sDG5KsLkFXT@^TjXBH_VMJn>2-d`d7?{(?qfwK!j&D@CNlT8cW<5 zQ&yR>r5ch(ok>%(pZ0e|Lun*R6o;vD7((QiI_Dt!&`6H@RbHyJI4gjcfjNZ} z82Zq_{xXKZXCKzJT5YGU0UF@3AE-k9<{-KsWwQ^)e&lg$1mge_-$AyFO ze9AbrBfJDc&*!Vt@G_Ls^N|C3)Su_$`aB}82nS34awha#)i|T#KhFnhi#&7AVA$Vl z#=_uBeP9RCqTlBH@ImYKwYu9Im=JB8iqtobo0Q+4Pj)HpQ8=|d$|+Qxacasg6Z(<) z1{j8o6?%Qu?(U%k?}Y-=U|=yQqt^5J78@h773y0#HlL4c%b9pln=yRBj@X#Kg>0c+ zua9?Tgo_SD6j*g6O*&NPrl?*=Iq~(D!u4mdN_qC2UT>pbnl04m`Gi;zjwx$~*Akl3 z;LqzbYSUPR(tMUF%IEbhRM9ehX-u80{g8k9l=&|nou9qIk+QWdeapO_cq#NR@*tPt zH^+hZ%t##{dPCz$t^!hSqPBx8UXamop?p+c7}WmkO!f_{0f%zDWr{pACdAn|3TQKh z4|tDLu<%mzm&OA{{s_>l9NtG8CIruH6o1Umg(li+(T3vhv1{l4@Lm@>Z@?s>`iG)H zg7>-(peR7qBmcvDN0Qh|sZo`*tC9v>ORx;W29@Op;^2QJMx3q?>{}3)8OFVtk`y(` zpXE2JtdflODxcp^wd3;(`m_-{JM+EL-^H`F%KJM@S)4^uzP}zT#e0qAaX_{V1`qSZq(rg$ux~V)I8sG@E?wQltyJC7!^>SCeAuW|0sa=lw~_70 zy9c%GLP4ViJ-_2KSAhO3aQ6Wj8CvlCS-yR-f(RK3KRo{mba!oOig2=!Ej%K>qDqK; z@JUomm6*zz;Xou@dX+{=wqf6i8^KbX1K*vzA|o+4OZ1nx6X51UHZ=dD+<5^WJ~;Qo z&F8?V+N5xEyA86pEG%sp@Hk%!-m7!>7;Bar3;9VFcD04*J; z{QOgqd=PEMIrKO38M{L;UV3cArI7!|Y;t2oIntmuq!}Cs*m$x7A}$fyp?#5FT5fE@ zKPE}q;qA)cmV98?WOuegm6lHzr*KUQ8SD}H0NVcv=;L_T6?t!VHlzKm-GQKn&m>!_x6X8e5 zYc?3@`#kR?>qy+5a7^OLjMu^3xqRGKPm&Mpk_*gB=8UpULc{s`3OtmME3`|V2naZG zD>D{Qwrz%dKGTfVA5~;OtzA1Gz?n~FsE0CIKFk+zIY`qiLR_EYN@@|yCzaH|J>?~v z*6lHD%xU>3S0bM>T=IB?#c?JbzPn=Fm2tatB4o8%zD1y9AO90V5;7h;FZ9RqIbIrc zzHuP7wIPfAuzaEqGz-yVgk~UI`$YoO@0eu8^1r`Q4 z7ocU}^>eDmI17klCha5N6e22Ll3JBtSIQ1_V6EQxngOQ_G|BNCnp!^WZ-|vcUwP`g z#PX^qfUYTa={`6*U&mY%AYZj75r#C8O!|)<2YoYgx%SFE6ui5GolW3!%H9 zFk7fZQ3XOU4CpAMKgL{`z?RwBy1mt5K%YkS0@0Q)m2=Rd2Eyq7wm!t0;mJiYC z#IUBmo2qtSel~@5B-dSan2}OEllsNU^ILts2Z`Si%kNnv&BHf}Z6WPmnPhBoL02La zB*Uga1)ss5=><5QTdak;Q7?ObQVoO`->UitZ~RzZ|KQ#g)${tGrLKSQ3Co|;Kfof( zIYlDk?QgQJ^}p;1tN&7eVL+vCYgLfX=e%^4oD$I?yGlX zq{U3mjc35?At{AGqi`+KXr#%?;^Lg>6(HE*)0Jx$)#oAUSzO&7Y)1B7B*d#-hJwP0 zztIbZT%UiobM`C-7-AU&X2Crv!JCw?c(Y^>iulv;yYn(RU~fQ!crY7~U+!+NkUzcP z+4+I~AM8O3Su}*Way`!2`GzVS4Jic4vKGxD;XM|^`q=d`8LB_0HDk)T)T0nZ4AFa# z5&M~CohRR5={H;Y9hQENr9W)xKen`gs#Q>!9C)lQ&rUZky=JO$d5Zr(-ncw{@p`j5 zh5x6gCSUV7zE2^P=TxKGoUL7Nw(#=t*3FLSGFXFe?_>qpy|0nbF|C3F9{`!`t zp1+vBWaZ!ftmb=_rGNU2K7aa#rXRES$s6OI>eoRO;*Tk*>n;>(SwR z%HnUO_TBS8WzXKO=qK4qix=f3nkph}*5q3x9_U-<5zyD`W*W!WD$9iRYihWMvVd*B z?bwFjfyfX+)u8QQK88iF#Z)X@uOhEyp{=_#EV#59sIIgzPn3u_!e86S@-V5jnFyin9d2fLL2GI0WWlN6`o0F>3{_eHCotIhQBU= z5eFMt>|H=ITz}n3BbX?6mfA2Spld`b2p6LIg=H^52O0WaIW?rFdE$Dx3<^=`8Kh4_ zs|T7r`U6#(V12ny+P}UGsdt9IYxAuJMivN*UJi|eN&kxZWW;5cweY=Klbm%%s{~6A zkOXJ9MdJbYFF4v4g9f?wfhDw!Qw5v`T7)nklZ?3k2lp;|Yx22yw8UqrD`fJW!s7)57=W>hMV zG7|C~lXbZ8ph%k^2Vm)ew+I^uvzxHDEu4kaMM~OW9zyq3vewqu)7b-<9Drblc7VK9 z1(N6s4#Hb$);ps&VSz)HCP-G6P3Oq!6!geah_0L9_v5zan-+6o*x9$eL*7QMs8Fp6 z*)Su#t6@H69RmO6R6XN(>vxjzHNdALD0 zp*89Q@vA>lD7A=n{6MSW8 zNSwgW-+lA`N7=r^nO&w$lDP-B{y4n7N{$#vWvJP&Z}&vgUT)>s0jVP;-Iuvg$Rpez z{mRy$m&V;0XvI6ssXrJ0u9XfcC%bp}x+(NGyOS%JNe1RIw{=WX-UiyLRRl5zC(&(~ zCZ^CUFtty`A)fUI25h}6w3xk+GuO_1?uz^ahf$7Jo~#&sEIS`jh$}ImcK~vPhE^CZV>XkZExJ1+wK?4 z0#d+o8mJp@Q~0jFFAv|Rzek_Xzh6^_Z`1NSd{a{a61iRgsOkWLV+&x>{ojQ>u(fl% zq`hE?oTxUF1m8Z5Ggr89#b)OITp_59Y;hm(2C9R)*H`>}^!xJo`Q(T6`Bgua$IrVh zf56YAVjT?h-((UGrGIet5$&xu1vS%p9ptd{n>=H~Tb z*!?VY0HqxZ0DBl@-*LrXH|}_*I9eL?-t!)H-sXB~Ck#yc_lXe02Spfd@`d5nw%Bz_ z5uhP4pn`;7r&Wfb#QVmQKRtcmgL1$8i$)|X8KlF0-sv?6 za}THd9_Zhk&-%>SJH`(;Y_U9v$DgHgCFCgQv^Svx4%A=zU0s*IV(A}`NPolL|IUc- zUhaQC=DX+nkE!Clh=)IX$oTtLR^K~5t?hk-r9U_#{X6#lTSt8Na^H5$chC19Q^k7` z5C82$#^3i?eY&l+)oVMKy75!7hX~1zFb>cI@2zjiu}O-(Bop?N?Ec}|ammCz16sJ) zvGEH!6H-_&sB>r$Csb7PhTgMYq0K^lHFmTBR`E?`m-v6t;Q97fDx6OL|Jpfye)O?C{GYJ=P9FpQ zoalF<6Lh=dF@P^KU&47J$O$(H9+$8?K#~js1gz zI?uOHrpesg1-9hvM?_5)GKAd_w_937>MxWF^~RBIs^o%Bq-PJnBHEv01dJ!)AM5Nh ztYBpM%##e8MMM&>Lz?w+hTju|TPQaI+zc)sKSx*O;Ksn>glY7S^+#K9CyNN~h)O=) znF;@leg1vjw_p65x_*=K{QUpyHGRG`pP&CPS$?1Yip>P^wW67i+uyb@*|cNit!11B z%)489!l;@qB$L!U5u-ilAv%XUH_zpoK}s4WX8i3HFpZ za~6cXh{_4-+@7)|pVnyz9+5A!h>8c8=VTuE1&rbjn5oG*Zz|CI(MHko;0?7o`5-%|8M~-N?Jv<3n*Qm3Kdgn*3cZrZA3dqM}^{&wvK``nkjzr zT*6!$Ljr$rkU=8F$OoRr28;KbAUY7;pt1=F}5 zTtL`DFdwGe5z1a;G6#-^wwGHTPJVl3JUDRImw;@k2omRD-mWCN+bIhb4?e{S;DOt|KrA^V*2faTv{wu}LZ}$}+f9o4H z{g|a=@6u<-&!**f{JcgGqL>-JKP3-5jxSkz{lBAd`2FZ*->lEGmO6Zoe3SOa;d{K{ z_oGG!TPB5zh0%L3EIx1Tz4u!co-co|rW=;N-%^L~1Hmh2(8|5j(ouX7fA8(T zXyrfscePy~-|zfxef~{L9eqGbt9l{Sou>Wz|&jgHww7iMKluNX-uB8igs z&b^2462ImRTztWJGQ3=xmOQ9#+~fU{Y?s4asYVrdepN@qSu}j3&-O9y+}Qa%w^!;n z^iV4@)vHhP`g^uBe1R^hAuDO8p-Css$2Ivl9#>xB^`h9nhat|j7x5*tLTGGczYU3_ zx*fGwM7JOIh3;w3jwx5{R@|?$c1pTsT8AuIGScbH1Po%gyWPF?GW7WnnbMx7gw+LZ z*Th6Bw|{cJaIw(8v*#}&m=T!*@|-*{pWvncTKAXhKak%a=0B*<@3hqShezH!wEs8P zw#EIeAa;4}ud6D^+#VdR!P^od$GFY(_96LwDe|5CRDIss`_zZ>@O}F~)#qQe)ZzO; z0lulJ2qLr$tv}Oe+J=I5^oUCf&sXSEw{L?e>{9dg6d zkqQ6eGT5qIU8yClTFVr&T}K=3GuzcByo|#mr|Z;)qVfafIjZ=}+VSvKu|Ig^v-)bS zMd-Tr5uBi`#wcIt`x_B66r6yZ32v6}IQS6U(r!iCpX1;}e!FE_{$t=B%6|;pasF%{ z;f0{S`?iBETzO&ff!NC%B2fv@N*{>lTrR%I{lRmY;hC@9!+r;1br=U~uq??B{2{0O z#6O^EI|ndbst;w%@XWlPFL;|=fHoOi+Pgs(fAP=Sg|FXrHmfh?U$z^^6eY9?m9E%P zCHrf48FL;A<~;-+QB5GTtEMMi`&rxW?x0hH6vl)I8Vo(Z&MRJl+glgR4Cq#a-0t_c zs7ec|6zYL=ywfEQn-l3^4>zga`uYKUBT(lS=NfoJQ1O5gM;~Yi@YL=qM1%)QW~G6C z1pb%*x~}iv`RAH`#?sIGHGO`irB7Jeu=J*-UvKHRS^6WE{=B6hxAb3I`pEyR^?s$L zS1et$v}5UWmVT?H-)relSo%wr{(+@`Vku0MwzC15NwGQbk;4SMgL0WGKh z7Vw;kc)(ua_1-o`8`#gJnP{H#=M3GyrOTL#vM4cAPLh8W@n5~b?W5}#v*1(IFZtv8 z3-H*rJMPAe%1cPngek2aqtB zq+uH$1>cMeP8xgJu^rh4Y$QB@n|No42T@r%L4Lt|>KNAo$JU?Ep6^F-w1DSqoUU^9 z_ME zu0G`Y6_1s!y3Cp&N%(cdVw58)Erc!W-~r`26Jyx?I+3XmU3MGW?ZlpS+xJAGeqLJ`5~ zmabP8Xf3@`Sy@E{mde6vO-A-xKBec%4_f*WOMlDKe`V?C{vVp}KeKeo(%d=z@B9=G z=eVL-;eqW_mw{y>Z;KRD?Qt7lr!*J$(hcEr;s_I>mLvx#BYYT7#a@fjUR?;E`Xj}| z$1Q!6r9Df(!BWrn9rpagh4=pb&nx{IYd_mB7|cCCn?dksi1%n}=6?G3(n*Y*_@32Y zp*Y-)<5A z^?UR_{o0S{ym$WGX7UDU@cS(F`|Z0ezw_sw02LW4s6Z+=yVV=a?aj>WsV4fl$7Ud| zfdT?A-}nqp3g~mJP|8yg12o7}T?v@>63*@%{Y!6+d6`If@U*&xCZAt%ae6Pa)#xKmn{{>&H&#$-C;or0T4!_qW_9+?U9LTHfbqKd1sSpG4`^4`{ z*52R$l01ClU#icWmO6ZoeqWyd6X3fPLloG&$w?ILA&B8+9aloVGwyX#Va|v$IxjAJ z9rAgpLz9fHM5>UQ|3HrFbZ_%;5Gk1iE)Io!ZBykx+kwVOC?(V1IxseuGf4m)qLD#^mUkq!I-h+HJd!ven4)3S)bIr6|Q1V%d$y>y!^b=HoE$S~AOb%fn0C|h~|BGJk3qPpq@t=H|uGb%%*7Q#-y>d~Xef_>@ z`HT9mQx~yPYmoV4_q&DVyU>9ruY$~k;}A?&fz(KfPNq=s0#9WQ%uI;&#ViHZ?QrT+ z{0s`58U~{V2r7g&Y$2N*!TD;C1@|1ufqy%&7BV+3G@A_tF-JAzA<0s7s|%-wH-(Rd zR_tIOuGe&{$^HV@Y(yKV5$rB=F@?oveTCKyaCN_D2J!5F&;LUm-}ha%aeS?&pR)Aa zllk%efaUk|1NzG7G56!Ei1`9jt@Un+7+HCOvgyjt)6+2yZ!vBBki!4SQwpb_-!HG} z^Sq@#Kld!Z!|(M?UCzND4j7y|HJaZ-!%&XF=s83VH{lGqlF?^Tu@!S>=-SeLQf7tN z@(vjA{Ejr8=O?SBui8LQr0Rjdt~dthL(mtgbZWO3ZkoP#S^FF(==9~A=eeMU+LaAx zyuq0#jpK2T6{q@1@WXF#KHX9L|EZ0j6Pw=DfGOJB6~f4rsNKW|&pXLmIHtzAto_B7qG^p`E2 z-qZKDEd6JeI^3hu6@xDYeonJ)Cx2Au_YYmuc71+7HPGjKmiqi|SpK2;P5Wb?$(Y@* zZ|@#JSueTTUF*w_#dd#v6Y)y>TieimJWO5>&oTH1j#n!OH{lKhDk}(cv4h}6$uh!{ zFkJ#0Lta#ILzf?rW}%tcwF4y?(btDEUs0h=SFkI})Q$XgnfEXMW?Dexf$F3e89UAp zJ-kuz+S)NY}QrO*x+*R%9=5>#}P zfEPN@LoemC`0vpGT`5S%pi8a-WQ~OeN)-ANbef}1kD!y-?cPGo92dHaqx)?~1v##w zPAh{!>ik z)5Z>r$rMTn8zW@esccFv%_LpUXMn$zA-@T^hN~248sn{#p2Nx3fnX59yB?!PZePe{ zQqmC6r5jK&4Eid?^#mpXlv)_9TrM0ZT1!tR+gyC0E82%XdlD>8jz64(qN<484m0I^ zGUk^a%L|P>a0kbdHZJ5cx1|DHXr)Zaeh@0)MOasZRe`;ZqEvR}Fcqt4m0(E8!e3EgfMq*DvW1FRD4`4Qh3?Jv z`eCxQf)^L%6I|*6`4e-_VrH~s+{)A=A{HsT2e&+6$oSSm{u6cra|8$L1lt1b{WAQX zVnPhPS2%}WOBXR`jUFyk=AoRM=Cp%b!@=*5JS6KEgDWf#OSJa)`D z@Je$4!Kq%mIi^4v3Kifs%@e%GEDmwV*(t|7fEdT4MpF6(uU~hPG1hynJwOa}3X!#+FeXbL`F^Fxp0ISq(w?R7 zvGn^b{fMQ%Y3WOrKJo)v&-RaL`q+jc`KJ3tT zK%FG2?M}qc zpZt*G>qjj8XOlOc>%fz zB@5lW^kU!UJKed~521)B+X7w1Xx%J(l|YVAJyZ{orw>*Ks3oMx%Hv6Wgu(g-IdPe_yipKK}E0_`d8#eO|HD;d}H$ z+8>9{>zX3}m!MS{P$FEva5E2Hij!XFCoUjd;t4c0fBXMc95C`R|i54v9l#b zpeKjfu>u+xtwAY?$5+tQHMKCl6L++6#-%zIOzNGlWF}PI-)Mf;VKZKFZ+Ye4_k)=kXt@ z75lL5WMBHQ&gb|4YJUEI>A%$Hrln#2|I-ok|FX<x~I|%OwOB_ zoD01P!GfAD|j@&Dq#(dU={znVJ!ANfdr{)_)>!!vh%`U6AA zZfrOV^YS2)Nu9vYTYLL|mWS_^pVO2K|AnOv-wOr!Y#AU1M;J0(9!G`H! z(c!-b+#QnSC4=V|KTqLJzfjX{OFv+#!~f{d<;OqZ_oBdmwbw@%&>Q?9L2DRvy%sW=V&d!q^T#GlK}_hD-I(tOV#mpIe@i2-!;Vs=QsibxpjaHY zk*hiQ%%K4wmJK(N2vF4~%$|5CiQu8N>j)GyDh)ZpQ-5#)11=}g`a!9zX4;+^Xq%!2NSz0?hacU z>WH2|<1ZS-({ba0a{^($r zoL;3$5)}5Igb7BgQiad`Rx6oXURr4`FD%rWE6+A+Nxj9mCQsL%ZPoClT4_F;v{q-A zYl}&%)~r_+mR1*MYt5utyIybAmzV4je4lCsMjg%CjpgRk@^iMbvQle43u}plrSU)P zMptLA*OscwO}MNX9IUC^Pnq6tu8?{#bjkN?s@77+I@xQUq7FJvH zEA_=%vH@4(n>;bck{hVK#`=;wjBZ22b#N(bm1<=k|0Epd3XRSox#cpsF<)E4-EbD4 z)+xzltUU+<5NXdcAPAj)>C}6GWU}vg5^7i#UHUg|`xTdIMSP^BbHNSkLRc+R<*D7-> z_3K1b2aYZd7rGsZbSL)`ccKiuAwnJ}Mty0uw!BnpHkX^p8WpFozcA$8@~-f80e7R0 z@w~C5pu;P22Qf(;`i12iwWO?~Ma#}oDfjgCd4(?P6Z zfz~+p7pg58K@Zl}UFe`0>;Nmv&D#9(3U>P@hPu9lWxm3R1!gK~6!@IN4&TR!hcI*i z{TakAtA)<%5Tg&`%{_EqhZ(Ib0$0Roqk6ScUzo46&1Zoy_~XU@jSg?8^Eh&PeRz>E zj5Su5=2ljl+A%>}7Ml)pz1Ccwt+aFiypM$X?cIJ);?ofd@2e~it9N#Jc?D7Fd@Oh; z$KzP?hSf^7vD{q2tX~3JmzzLq^0tF^rva^KO#5Bnw$}%40b#t1u(lFmH~8Ygio){L z+2d>1A`*nvYwxiOI~@2a^9o;{mbt|H5m2X-gj@0znV z7$M0)9I~+RW&h05@Q()}Gf$e0)OYOGzu!TSc z)GBSw`Ipw5ziig3t8=yL)f)7_G3RPtm@(xMh2g65v~iSr0qN87)vF83*gzFL=@r=i zjCkbPTCF*RK{fFCJM_A;x`N$w1w+X_yRlGN3Mis@M1wJK6PH*FP+f1;5a@4tY2n!f z;mWRdFyZObNc)6A<|bcj`Z~oRYn(p}QMI;E!ST~tNub`+KIAViH`lDR=BulV4I8@< z&@X_A2CwvS0g)X}z;thL$uI5Pz@ILi9bbA%S#04e%s$4_ib7dquNZ;o`iD4WiNQ3qgo|zE!pOBZ?6?zP2~r zzM>yvQp~|KE&9yG->5DxS+<0{58A!UGfj||mX|zUZV z`O<7vu49u33rQ?oEdDqk!d$(MZdK-RuwtU(H+6h~HcXHBBZX{K-U=D6*K0Sl+-<}x zuu^{732ne25{&hr$?(|Oku1o%~vqE)%qegCy@o#b`f?0i$>k)W1GjYKD}7y8O^2MT5U+yHH_~q z4Lv8XRq-<5?)A&{B`xGz17p=`exGiQy3Mr)Hpm8tW@)8SH&Af%qGl1E0C4u%DtJg7btBiASMeLm(_>tRNy{GtMRMa|LHC3|Bm(F z(%-i<^xyJ(|Ka}z9cItQG)IJbwKSGmgsMQM=_ zc>Sic3K;-a=uYYq+>CQB3PwT?!8?2VHYINEkPmJ^goaXoLUbdPqS^=J-#-7(6@RyH zE8d*HbnYAVxnrs0?*+^6eto=Oi11gyoZ=L-zR@ork!4OTkFkd0uv+f2gw!uEnYs2v z-m-j|xM4d;L*sm4D$-eMS#`PkEMKlV9)}>)msX*yVTUWuF}a{r3HlQBN1}*e;4MLO z#8(uyHII->(hB-_)OQG)8g^&w9SjodvKYne!RufX_ho44QGubW5w!5q$O*yNL*dsn zut0=cQ{UNvy(lHJ5HG6&(*w@IM}J-C-#_}>`T6%1-=@!RwAAO{q~-VZE1kqYQ{>Mp zhKUnQK0MQ6FrIt&0qYCa-Vc389=`YgH~Rd$mO6aDP=N0V1H*S1Jd$KFZDQQFK%ytm ztAyz&I4&>->A?ybTZ1~fUBl%nOatlaC%;SE{VU(C=^xqizp?al?fn;6`bGah^Zn}k zG;P`Q-?#LCwe*~QPtnS0c9a)?L&xv@cWV8YI9EZjb8ip^YRxSZ2UfGc(`kDeZ+>&I>f`sK<@fVFj34b!92%VT zPz}|;Gk9Ow-liS}6$9<%MEIj>9R6B|V0GUW{ey|DL^{!4x;N3D9G@DWMhZy?qO?OL zZylm2stwJ!`CX_Pgf^~shftU8w|Brxg33Owvs9qH2@*P3@}3(!rix<@k(DFa&WoF> z#lquPTP=Ub@g6*CaaQHgb0Kx!hsSsdC&p6|K8*)(0z4aA{hd3Mzr&Jh0Ejhz_Oxb7 z*P`7@e-{Xk+3ly0(jTC1^8v`4p#Alw&9wt)Y>G3t3wA-(r*T|4zz&5*X0x(5P8~!# zb<=O|zih47?!#|JRwebA!CgmJJ19H=UTDlr)|Fsb0=c*%_;6`hWlXYoMB z4p*nhE+Yg4TkHD zsskI3PsVBjUrEbzJ!jZ}YPRqxLG40N7rzfXGCP%QWhW7les83R-!C7I@^tn0HCJ1FKRCTEBqLF**Jx3a}-xj%D=Ze)M5~Mi;f<-gN4kP1FSVYZ{$L~Z9JD)ogD!>erUj74o=3WmW>SoQ)|*La z8?c_}MmaIT8N%Ko*k^Mb?+u>}GoHhxBh2sx{|6NILc$9O8RkC21l#c;gRlMUgTJKY zPT!(E2uL?}X#F9WbbQI{09X3$u!EF61!pB_0A`hUAyV~X%bFRY2Mchsxnt^GI@m#w z?3JFznbrXwS#4tY&@F)yO9Ox_W7^MwaMKS~OQuC5P5$FP2wclaD*7+k2K zrJ~UWa^LoOu<;S)p|{%^NMqg(Q|v+q-N6jJt>WmNzI>T2`1j~2WK<{h*xtv%Xdrt& zrn!2iCMV;1GW7C>!1&UTALI6iq(#1^VLKTW{A(OvAHou>yM8Mz&mRtA_73P#KfSmxjL6Rk9G}v#JB96YMhKZi42T>cCu}Kca862Z zAG=95%%PuFA6EmcxYe&Uu4^__91zhpN!vR;QbN*tN__0)$1x@Z;QW-vN4Qqtl%cJ* ze-uMw1;X*nG#j@G7z6;;X#C@RQ*gF1HT`(HxOTXY?JYMC<9yT1mtJEo%@onGIno5f z1hq>{P)ZMROVZT|b8QCq5>+sG&yi-5xc(SkI}k0(Xf_Yx{DfOKzK|`{S4I<+4a8b^ z|4tY8Zrn>dTM`va)f ztp~)5->iA_vsW-i?eH@0$cgIB(P(h54AJj^)Eeeg4bc-><92rffu|?bZOYog`mOGM zR+0B3)Z;|m%u(fOIGA5yUJug}eC%Kqg*g=CB~K`#QPpg3lYS&NbS-nCLXEJyi`9*# zDqYFX>p)p54uq}2)nxM^blBmP{5%N@`F(zQfn0v0P*DV?_4N0R3nnBqTzk@>7mCIw zPr!1Y+B;ms7RPSLH*;q*3eF)yH>v{N!{?)Ga`=rbb_5Snym0?b00js(k(2cyDyLX7 z#2i=9%Z((o9fB0rvFo=u#F(lKOxUR6yj$<%3?%yqH15}OEAaZ_RQ$5Hw+GmBH{nj0 z3loe6sPe(IPE3u#Xrk^c<1%4$#*!rV zVaUM~AHVYDy)N!Ykj)=mkc$F;US`w<19Ok(43)8A1u}tgbN6+25~)uv_SLJhk;5G# zV>^bA%oO)i^%JA{fWZJc61HmHoijMS5vJ_tsPY}#-#MmnKT9q%0%crp44;jI=t0I% zVl8masBJSaL~ruzLKh96Ctf$<1&bF`D4YJ=Gmfgr%Gxyx?!vYpzviU^Mc&GAQ!pypHT#OUsKzgI>7zfdJEspc@Qf(McWE`c;yw1RfaM z_IRb#Q7%A#Tc}2u+D-Djp0a^-*oH5RoWWtSw{h{`9MgZVN3zR>S_^nv zaT?9{HEn}MrFE=Qh=t!s_?vM^G&rq|O}t>NfS9IiNx`%zjE5D@40 z-=yDtoC@WN&6bwGIJ$gU2fWz=t4F7je`FftN8n-!AXI#AxDzE^eo0);f5-S3Rn+qi zF^;gcBLE3SJMi?4(+d<^yhEq+H=Oa!WlC0)5&$Le#QgwwO2#wW>*L~U3{)d$8#ZHE zC=OqovR`Cz1pruS1_Xs^z0EDq{LzWx6UXb}Vj?9$1}3;+*`0(}P9-nE1XUUbqDbjo zOjMkSJ7tpxPSMZfj*`_7s3d6im*B-=VSkMN)f!;sOIHtN6&3ee?*o~4F>S=_H;!Ul zq2%Imo)xE+4az9vBIEE9W`a(kDnURZJ{21lKW0W|MO4;J=p!3FDdUJPDjk>w1p*Dg zg)|UObXwqZ#xjk!F9Q_xwXET3VRf*r+#4>qABQtZez>9R2U2n z@D{8&UCeT{XZ4mqpI?7v{Cq4Lv*dMNKIRtr{D2<~twR#sz6mEfoce|bFA@0ISsi?J ze0lDJ-kLO)RUliWe;ZYk!!e4%>j%2$V;YaDpA#t014=eVxdM~#gtNt55!-qMJCDll02$YNOfGXTi_URh7{THj zuK#{md~$s$Hk_M3Wt?-e1caNOiWanT6d3DQ_-u_P5$*6XjmOhU@*d8RJ8fe}WM#po z!w8Zp7T#Q3kN?JaounE&*Wyzo2)%V;q-Y|6;5Zo87?A@7OvLpL7|^sS2UlF zE1r0nQbBr)N%2skeo;LeU4+t{g^#=fN`@n$!$ZJ9m={Wv|qwyMFqyh6b$E-M9LIH9DY)n zC5#XsVTH4ly(S=Mx6Yi}j7|w&Mnwxl*DZQgrbQE82O=6Z57EUryv58iWG-+X@Mh@x zukV2G5*-L47kUQ<9Q?$!pkcLz>l5B7sf2ffpmCLZE8WxHMr0^TW`wD%ig=&o0F~%V zUD23tH!mTylabsSY2Oxtd?ZDg0sA;dsdPp%Mkl}B+@8&fK<)8p-<_I~D zNNtpXYwb9CbM=-SGc)4owv9#~3cnpL-BA^G@?#n9-rqRod<)}VT2VIZ;&KtceF%Ue z!#ytNzaxJ8Q28>3dpy6q4yJ(rSTPgx#p@yT_ZU_$%lV&|KZ4K60~l2gAGS06GLp>% zj|bRChd4{o{2V%@GkzJI`R>74az7o2JA(n0dw7b=Ty)s2zwv=S17EgO8bCQyF_^G6g!6q0eWMzhiP~+XZ&f!kQk>J$y%;aQy zCv5AX{*1g3bcGcnAaD}3^7w$+zy>3Or_a_;#A%$Dbo#6rVWd!}RPl*I=BH$(xQj(QTaMs*n z2y9N?@24+K(0Ku69srd_O$g+3CRf!sg7*&J1*TfGOg};YUU_waTG^+A~E$aU9Z< zV^PE7MJBn|U&M`JMHnXmEuv-H>%)1!@UD54<$wrCXp$NdFm?m069_E!UtNJ_8+tIM zq5X-^!l8RNx~&D%3Aj&yp3)Mm`-WADvud%1wm3lmxW(>t;gf2?9*B;h+60P!Sj52D zdQ7UOt>50ke)dAdfAGVHy0CLlCgpVwT){Y2R*9BiacP8ZG~0Jd*GHV;xUTXz3iIN0 z{oS&T5|df)qE2vJM|HL^rnG;|+p%E};LCJ^L{oZif)YI3r6yX-H72w2?>roI@@c-c zhy<7LwQU~#ExGRSp1sh)dloHujVj4P7}`Z-DhpoD0Fwi;%``6Gfa?L;-B3L3-64~k zXAR$kF;ux%!J>>St8JGMANKKd2PP?7*h2gbD#tn^!fa*?W~B4usdQcv06e2qFml`3 z1BtN6(R8a5q^ati>{;x{nH7K-6xt)JR)A0X@eGg(8WbUy#n4r%usf2=9^h_I)S`+T zgy_%H>nc$|nG*+STyX{^J5&goV7;vZDhQ(bJ*?;*)eIxzatq2fVlF7%pOhdKl^?Na z9V(F`gu=E-yPzA_+lKZhGg&)UA-0qDZ73#+I#G|p`a6VJ`iXB{;oUIi&KX@#XJ&y8 z<=p^~5$HH=-5dwb*O`<)4G|!GfcvTXdFA}5F@hIQ=rfqi;LL_hA?9^BzLPU$6a7Nz zH20gz1)PP_eIbo?fuvj^&c9~Q&pZHo*UCSTd1k>JH|$G(t}xXJcq(&T_UnGwy2U*T z*b-ibP7>g&aQ+gV%ItV<0y{_g+{D6N?oKqD?euTIsWv&&ntby+-f?dN)Xng|lbt)V z?Zk_kQ+f@x%Lv|vM`1>~!t%eB*5Umy;A!RPWghaOek^w<0&?|%a0v}Trx&)epp;d1 zNg#H+clS*rShqr19HOnU-Rs?wEuyVDo3NsQB#_IW1z`j%Mzb9R8O*@99g5@1KcEFS z0w>yz>a-TrQv7#p!FX9kf8%K_0L3l9CCeP# ztlsF?mImu;MWq=2Ix;`Ww{V_Z!yMtlrN@}>*+9p1%di!&=hrh(k3jxgdTPaR+X-Rk z0w)bNKs2sOpHS#N*n%PkHXRw60&lRyj(Y_IXzkjLOkHo?qD{*i2xeu&t?>I0370V% z%W+{uTw#4>rOFmhG;YGeRCt_j6Yk}aJOO>~)Yz?3p3Vmy`LPZ^!Zje%bD| zsJVoHdwcgL%p2RiiKcjtyH|&Ah61>x#XTg|1UGZWXt!<7Q=6kK^4BIXEqd+~T+KqLMs@jvB6v zjt=!4;21z`gb?y7?#&6R@_KY7k&7$77*APCHh;K4o$ftNB@PFda^b+rt_E?1@uld9 zemV=>>pwG*n~s_PPt)BVk*|BVyRM zd{mD%2wk;SX z`gF{dHyXg<(RogyHCL3c-OJI)YB=y-kE0lCE(QU+DQ~?CI)&B`pgy;|A8m|7p!tas z*NfpAu9j5}L@O1suHwCRs7e`8ug?daJC)F_(53{=F$t7GtC22k>T~l?2T^}`F(jpY zN5ZG!s*AoM2zp-vnn*?6yBJL_l5NtaxF%E9V`mD+IvD>6TM`#kCA!+%#eRqR1~_^9 zmS#bqV?jf4nw&I+g*+^p_!=#)qehxIOjCTZ*v+_B+}y%0PhOmEW`GT+MLT3LCbf^a zFiG7)cQXC@bowG1!m1hI8ozy*U6YHw$mWHUIaxP~TbS1$-e)!)Lqn;jc?sIWJPdkH zAgc}pGqR+*yEmcn547mE37m-c+Vjdw=Z8rsb&^QnAVFyc&UV2Ew#^oUlWjm(@2qtD zJMiFIBqMVS%6MN2CBWO7U4?_!dz!4k?W_FU<-b^i_v8X_Zw^+!{qk)j^i$|TluDs# z58ZogJ=iuFNjGC>W#`opD+`o^UADPE?}vTm6o9WQMCL)qW}q@pjRHEcCEf`jCsR=V zFG7ncgqtYJ3>C5Nz)2Zg*r}m}`8y&R=_ORKgzm64_lG3b2mJ#T2l0ck|4I7f;pGSb z=E(i7YD5&_hlASm+)yVTbDZl^bc1r)6+oD=DqZ}zXcLU+h8-9_F+89qR}_7EeRJ#` z*E%=2sGi}gw(Ywz90O-bb6i-nA$sUsAwM#IW4GKTm|!K3;iiocP`Hn(3-c~Q(`*aV zk$ulCWn4#A@Gd5uci>(-3Trz zz13PTa%&nKY5Ix=BI9*yZ__v7WPkHX)+0L#hZ3flBH|9;N{#RPUTS%_Z|?SRNUW29 z$20{b4lOn<%mE6pc<_i@ks_Q>!CQgNi5zMrd@B7q0@!Gt$oZlO@p%hj2)HS``Ju9D z5g=TG2`g1i)SFxgp|0ytmJPNR@k<8tD3SVdhoSHX0UV6I6fM?V?=asN5#Eu}T5{tM z-n+zOcZ6^!>L2b8&IH3X?O+486UyqU^1viO+3Rj9(juF4Ty?lyL5E7<}iC^jOCZ(HR7A+mi6%ApF2dfgRbQ1{P#?C-&hOZWi+?Jc5kvEV zLs29b%4fs=J~_s+YUx)-cb@aA%ZfFMcOc&2c2{$0P(WN+Np^0+LDbF7Or&6hjC$Wx zr@Xw35ta-cWl-c$uqW}a6#;So^?j)TWLyLwB}`+-3oI0FgBZ$BTg45saLrq#I)2ghHt|6IATHZJJu35eerOC zZH#`F!#c8OLcX>8wu7y{Zoml0jlVF}AMQFLNZ8XcN4Uy-qCem=5**2?k>9Mm`rIT! zT)161-1Q`i=TY{lOqMosDiK|Y&nKt&KxypW#I)iR&*qYhnBbkql>$RcJ<=3(3S?E91W#xQtPWU6Lvb_o7`vJVV%xeY8psU!CDbC;bDKUG)R+9E4ND?!HAvk2Y!4sBL_`=+8$?dIy9H?w;&}HJ`o3Yd!&Nofu;w-)y4v!}g zsr-nEQnGo+>#cO175jS*Gzf%2eVDRPl?~H6GpW>@KzlIgtuta%j#%ko+_O_mCP6H_ zCxv}KTp{4y@qt?$u8Ak=1fYiG(QqH&7n+`PFq|ZEvG@9c+fnuBHzRt&JWS6?XnR9K zXv2K`b4hu<@%X|uNgjKlATbRDxp+MTG0ZcsPiGJqDb_7C0-Q25w?PGBF*4hALI0u~x-VCxQ0|7ghLLz=jd+{+yLT z^B~e!5YIU~ zyJUWt$R91Mz!Qk@E*{%7cW;Lu*C)i93v$j=){@l|%Q>;8;mlO-f+vTmh*z5}1=gQ) z5W_HnJz{=01fjy~!WsiZgB%AOJ~9jjh7pZ+JmD0<6?fxcTd(aApVm$x@$locw#M=h zTef(ehN)Ztw1@x)*gydN4(`6__8&0;z`%nKQm_`mH58s0Stht%L1);URMN4z>LGcq`wGs}38T@gH{JqZLvI6Yt2~(HLqw!f{&b0*`1K z{)O~XqUhY$dm~;;1vu8B_9=Q$$kp!m;qf+q_ZH@-0hB-gOwy3wK>n@l7uh=GZc)G{ z5Excu;ggTw{T@lwf#si%Lw?^VG&Xt#hlAI|r%`>GoY?#a7G!jqcGSx{=0eW%$pFVQOA^R<6&|bYb8d{XJYewCj2N=@(oNS787QeC76vQbvHo?ehS11HJ2z zn_oI%d8y$%;2f2^3{*yBPYrA@1)H9;OuPbW#QMm+S7$rt4$w~38Hkj6XswOQ>^3im zkc_B>%Z@A^kQW#dNc4oM#NZ|v6XAa13o4-cC@uj;c{t2sJjJQ${bSQ*<|$hPJ()e< zDufs_BFd0U8X5?KpYv%Q>MU>zqw7*KsfK#!yMnw=&SZZ5pbI&K(yd@_RB_*{L)R(H z=XhN0Tj^4ExPAP>I*u8l;J1dW;a8V1@`@Xc5*OL31^_Kt?0NgC@VXQ-A$J1)hv4H3 z07J)w3<11h9`JF%H8u|;%*A-KFR}~}pR81~c_jWAe+;vU9M6K6XPNt9ct^)6%kZ~Q z4G_lg>1$~H-F2-$q}+c?KphEZJkBbA;_e-DQMg=-2X1z>8xa;)6PW6(i9+LXgz2kS zaSMUARs1`B8`O)rZT3y%#M7aBvn}x>@QRC^38Em1NNPNiM#w$@#xy)hQ88?9e{KfPZt)WaI%q#aCbND^uQrHS zLw(c!fy{y2dR?fJr`UpGR$q9@`Ekv@oosZodx7y!yNG7OX{Vd1v?6lF+}Lt2jt;SG z7t}pgqKM>xzKJM*of>6p4DlG|Bv)z-|8TaG^a7hL{!TPc(J@@^a27&(shcIX@2&L% z_&tG^uiP>L{2dY-yp8Gs1Dc&e_prf<>y}Ib2ZxB1F>`j|cL~{gbiOJ`V8h{BcbhR- zP!X{#6##qo=lz0y#rA0bWVY-sKn+Q+*TMrd5uB5C>sge^3}3AGgobTLHj;}ynU6(S zTCVR)vS3f@J&*f+3In&&wsLcEp&BM4ksQyzXpUmS4t>i(n0@pDe~gV{RCSRox6g`=$4&26ZL&~Dd&OI##I%rQK%C|Ro@Ji zd)w*6@bUs;9M8+@SGw3^=6ana_ z8Suz%!cVeN)U^CTmd9f;>Az3~uN}AXJwbeKJi`|VIYh;2p~Hj+!|qLnWSnT;xYu01 zHw$mFx4NBs&F&7gne7RmZ>-$AF?+9Bxwo{8e=5~x1uv;_-l*e;*lcy~RkyHR@3XQR z;u_wPw|F`5-y!ELBF@dO-dpNvL47>QjN&}?adLVFBch_n+>uL;fjPh8(d%kh2vLEF z+=pp*h~(<^-B?M_-RN&oCaA)F2$pZm`a9|&Jx0}K`q+Y!j%3t>(H5%LLky*ie@b~n z+TO&!sEO|=xC<`?hvzEPIlv(jXUm78D`-+hcb|IWQ4%PE#2{z z%@sF55&yThlokouL;h$&2}?}P%Wx=piTsklMLaACHk;q)sB$8o;ZT?Ob_m za-3@&bNKzLG;lo2TnLq*qp&Wc(TbXYxkvPYQY35uD4D-HY(Zl!zn|721)#u~d?VsOPrR-5RL;l2_XEr)Np5=>7MS{ zndP#*+-!f&G}%4f>h9^;)o8O*Q&l}vn(D4nRrh?5vj!jh5cokM97mC5KP;TYAp$-S zh987H5rGgGc`*2p2M2HjCNUHxaST4>A;?3N-|u|fkN-z?_w24L2X1nws{a3b&pr3t zbI(2ZoO915gVb|^kAurMNHORwM~t+|91mevO!=k@Qpyb0`^XQ1Dkh~`Qb^hoz$={V z^x4eE?Me!fyBKmJ1~D=y#H<=-uZS86sSsUeYL%ehq|}nTf4oDYLnGscM7pvGiF37U z@Ms>Q{XyM%DMDuU0O_q!D(F12OcMd*S7=qEC~07Vr74FH`A>!pj$Yn_raFo5bpjmS z5f~<$tGY?|@$xZGn2SW79JfakdU=gQ>w)_2DUqiTOX{L60SpwM3Q%ctrkOne`;6`C zo2x4;k+foY^o%|EJi_6$WEM%ZOfrqsvl>oSe?IeSrF8s`iLHJ2H)U#tap!~z^Qw*X zymh<^UJ*+bcG~sRCrlfeW4RYq=5lDSe7-huHZ`^#m(iBPsra4Uk9`IZubE%I1;Cf$ckXFL)f9kwB($|#SLM_qF$5y&7i=>w8&w-^tuc=;BqI?1{QpP zr4NTs{mN0tzh=I1h=Nw-3ptKBoidk)*Mo*^9GomfUaJ{ZxD`a1xT3rvu@TT8sjYYA zoQcD~w7I%VE1wN}Nzam3VTqU>zhB({?(7oM-a##g3+7`DtBc-PiO$0c;=L_tVAQ!v z{N?ioC~#v4TLTmjpG2v$fIS+@L}R3?HxI{LZYaK!pWsGiwj0M6w1RD!Z_sm z8^eTBY+SwYshX)dREFAeSUFmeWiE5$;o~riV?Q_xjejO`WV!4m725|nChH)HHBpta zj8JKYr`6baY*!-q)Z)OYQ1*OEnoTwwPE@C$bi53OGF8%coFfu0&et0@;R{HqFE;N) zsyN=e^UzBc@ZZfm{4kQ($0S8pXSw*WWb2SOG*^6pxqJkFC9O>|Y+!YF^x-T*;?xqu zCI_r7h=!*l7w(>ahupcgm}0Hj7(IFq{e%amA>gPO-9WU-pk8dD}%8L z`W$b4lUi#Sy3_3Si*m~OO2V0RgSfd0aD^sp124&uXZJB=4v2(%vg6Nqo?*Un_-L~W z2~5mWy!|=CF5a)k>E0LXEMn5dIBWJ<{8W?AOSJ&uw|=QLzA~VF@}2kJ$MTBL4?g&y z@Gy6*ccaO7wpakS7Fy%}Qm*&g?7shD(Q4ti18zlpxpFcdEW;w+Wev*(O{1EJZP2U+ z8IKR#P{%9o;n7nFf z772wM-`(fQ;H4H{f=L!FmkK4R6XFA|CC9f!CkSc?r~sk+L?chR^va*N{~6oGqk0xhFXr_{qJgx+WAp@{9#J63meISnYSa;3^VQh_fv=*1QF~m zKT`2V3EzY1ij}yMR?@V<6tpES|2f<|_KZoDH7o{RdM1$+z%>?9(KNWfJHobubsqNO zp<`M07-GbOb7rB7V*DYE{MgHkhesl~b8exrvgm=%+49P%fYuPO@QCR!j9KY}8foX{ zh$~}!!iH2a*Zr!*iG_)DwOH9#cbZQDweqEO6EsNKkbzo$7&u655LGh!@G*8&(E9aU zyskeE*vx)%mN&Y|(}on0L!`Ojj3%@g0iP1TEwN}A!IL49BarH(g11xc0N^574dI1; z%V3gFx|uYYz`aC!fLxxSFWfdlTzV#9%x(wxnfdaNNd(G%RE!!M6EuAS2fo#Xpu)6C zY>9HIpc|g*@(rE^|Gs^-Sa|Dd@#gib#alP<{W>08zlkR|7w`yb?!x@_8^splSCE(& z2bBZ`Z(mlQn~QrlCDs-?w{&lkoO6o0wRN4CIB})(IIY9!5fe&=RDlc^zkPv@hAtN-q(*->O z&kCDB8;9KzR}?=qR-Wj5x{IUcV#yH(Q3w%F^4}{nN=hL&x%hawZh$lHxQC9r{}(C1zyjumTVpw)szX@PExHN=qn8=u8-{c){ok%HF!zPb^}AWEk&Eo8Zr z>|h$Mz@}xT91Vv|R_5a!lr-27be|c~-Pu5*6k2{t(~-3G`kC@5$f4)vst@;WBNGmi zx8UO2Ly#DOUu2uWQ3$bAXD~orqaF%N8pjl>i{BQGK}kC)>3c_KU1(|ygEXvJ@2u{-Bg@|1VJ%n^a;(!d6X0TB^v7Fih!2!Qr zqBHiDNF#%NjIhoMGR(?0Cr>RSE~3)DCoK;Re~i6`93jq4e)VB3x-ohwGq!tgncD}P zf`#^h{ong9k>>IG)tlJ-ZNeE_6Pm5zOD#)YBT7S6mWj}aj2^JX?B?CrW&g5I_{KzW!SI}E21KW93(VF- zZLDUUUCH+QVWDM%T&~P809g*5nR@eNh&*szF#QW%d5cY)T%~rLF}a-Q&i#>K{l-l4 zT8R2xaGgk=h=p-}L1xLba+j5%#nNWpW9 zB&R%>TxOL(tZULrhcF06eb$ZU7qPR+@d9%s#8=qU zV{-v{DpEEU)E!nVm!M6HUUL=ktrcSMQGbMVL-U&@!s!$EOK|9kHlR{V zWoE?K9GlI%X8ze*SiTqLVMe9_Wj-~5Lzv6Mh5VsqZpp0WABs`?Gg-u8CAT%)?Bp8Ro-XiIdOxiheriJ{xgN*sX6<-gUAw-xciqlQ zS4S>=T{nj5d+NS_x}(X#{OssDm8@m|Po(Qx)9AYP=GDD7g)lYK!iX2k{8^;1%X^o% zYMm;%SQg-8xrzTEWkHTB6NnI)l;0?c++dxK>#dkJ5&Cp)?@MBKi-rbl_|ENu@&4%k zuA?_3sbx#l+D+(tsU1b;gv+hE?VS|RC_$_VQH>Vo@GH1!96>!etx6F1+#kQ{FGt(()IH`mQ>BAW6O)% zn$dpb@P{~}#}yjdhg;7=a}&K`9vK+>9gdnAP;L4cjmqmYhJ{KJF5Z&yD#`o!mdR-iWoLqLX2~<7o?B{$ zIcpa3iwI0k9{hR#{ZOx?c*Dh*nPs-p|Qv<_k_}cP&Y*_)3ZQGF!wRq9^L)7N3{1$V={S$HS#I z?kYD&R6a+z!;_tmgcX3cF&xZY+ZyZR+2G4^6#>b-6vq2slB@Q%jAFE2?!sxMYD5Vy zcgahFdGTluSrS7JgB39j)0v*umCX&YQVT9zU*PK}S|U>D7?TA{wH>R-#naAKVnYbY zQz{l;%Te6SFcEi7YE9;YbE|a(g(Xj#^;_o45<%VdLq-3!`r7~;7 z^2vnEb@R?%Ay*}RBg~O2`&9V!zKy(jllWI}rLEYh0z9=N-ha+T{USg)-bA!C{{q|{ zX1;~&dsWCya5s)dIBE9EU>ot(On$)j<*QJknGRvRcHl!BJs!igdY<8G#4{hSa|89^ zYJ^)JuZu!H=XhNdY$LwucwHE1q9^%!J1!MIN0#7?M;Gx({nCR zic5a=Or-dR%jKofeX-c_g!712x4C2DsxK^$rLq>F%Bb2`xB(fS#f?>DKl1>aa8a7K zFZ`4Q_fu@u0uw18`>*p5YLg(R^1Z&Es6oJ@28nbWB;DbCl!Ied2KUuqdcO+92_hz> z_ndp z@0_#0R9+?T3*JBOg?T!m&bL7jXV#w}xPrPzG5f4NmZZM39i9|t_S)G)=spA3L}m|* zcc|nrWx~53*R?gR9UMgL^um2WpGk95`z7t|_IL^UXVbZ9bllK;W8i9&9KoMW@1~F2 zCX`>;xsE@x&Q0qd_-thboy6`Ulj zS$WR=Tt`-z(klrSuD_11YKnG;MyS9^69FZbrQ)dN*C~zyK84%Vk9P_6+;R} zUcCqV1ZK4Cza*D~qAaFQzYWlwgElyB`0b6y*n?tBa5|X>!omI6ZoZ_+a{Kjfr7=Mjk&60a5Ny){*_H2dmH^ zz}xWL)FH+O>^!0H;nFCJxR)L|9x{zHjYz?AhC;2ey*kq?WwsP2bLbE9w6$aYw_@>5 zi8-98=IM6OreFkc8N8VHZE-K-G*?TYp%9S4o|y5J{Cs_`$dkNz`xg4=ksP66rw98X zX@dCRjAkK>yy-ePvN{L2ixg*OD8Ld89chA#8s-Y5q+)C^vN}p|GP;D+ntVBy+hjuh zxXu$Vh8}?mBbW~{+B}-dC_CPE$DzlKn=l?A5EoIQeT_Cw-~=^+&lZ;wI5c~(CUecY z!@@3YcJyRkj3ztTn^3v4AE;sz*F+h6T5{B=t0 zGup@A&MbcotvA+3=Qk1G1|6ZC1=c9nfH&&#D$qf%H>$5XyYHf=R^&ZJM9pP^H ziAb84vu%+M_>|e&q<8x``=#gBS?0%hIZJ}m9J9Z)yT8A&wN|XIt`?6U*O<5h+m-cK zhYvoub!%;HXO*0dtE-Swptyg#_Z-I%Vcwj4Sll^1lEX95{;C}Z_6_|;jt4Z6j&G{b zS3w0j_}nS$UrZ8b24|OnF2p3Z%K`X2#@hfKW*q1^(Mpd(?0cISSYSSC!(gr13{A3sdv(0U%Vdr;Q}tU zzcWC*qIShEWrlLKIea#|Bd0I+;GzL92u?;AhllYC0)n>+fq!7xBSVP-ht5EH>~3#q zEC$tNiN<(MWyxzn069GUloMvh-%P?UWb)Yb91MBy8lIK?AjXH@fc zgp2kuZ~X&fSFh8;*oCSE zN^#(x^?FaP?A^U{b!+<$B7zWMftb-Hh=kW4KbErdv)A9mX~NTS+K-Yzr?Jlx+i}LG zb4=ZWf%v9sLP~Q`FQo{!8P|wGZ+8RZ5J7Cnu>YfrE7Ea4c}^pAyy7~cJ8DV~4?`Lq zRbA~)08TY;{*sI`tSD`0KfnS`zT%t3`%QHJD($8mMm9mxOrQWW?=BC;a<>8R)7MF4 zsD(Iq`qtZ8C?Vh_UNs>@yv3RS&Ef-T%ki<#uNEIH7Kq3zEYA^+wc>|yDYV<`_;nA$ z=%C+T;|42j08+(3|2pXQ)#BF|Q5jnG^_w^K3Q@==jqR|&9ZWNqM9`m^&G2*&mc$E{MP(Bw)c-kc9rxZe+82kIr|vvni9bAkeVi=gY5&n zCL=l@Pi|Ax%IX^VbyRV3>-I4+=O{Vw&Z zT%v#yuMHul%$h_>KZuA=*<+`-_gDBj?<{$yv1eZ2krFvyc+BQ=$~xp4kRX-9%V4)Y zMt->79L#JJ8Y+6$BW%WF!wx7D`Y(` z*G}u7>%OlD08%v0v7PSvvsKuU2Z%jVyi&TQZ;ShOwGiS%p&@m8j_`+a`x>^n%j16c z5pPl6(W^@D&o3@~SbY5QyCgGsX`_2z{$0RbyY7LYyneSz|3p8jmER#^TqL$zoe=|t zn-?>Iz1|-m!5zk=#RH6m9|Kl7O$z4`Gt@DFEG$vn&6#Ns+8qt8s_`&7NLK{-Byk}q z83V0~#SStY>KfvesdQ;VgSg@xaUa0_p|oua62o}t6$WM_=kjS7VIp*qHByZ4P}Dn5 z&{An%F$+99IM1Wp6c#I}R=9ZU=uuH%s~Q_X-fH z3+Zr>5EeZh+ADa2JdxN#GJcN47RKy$|IuT$Zil)u=9GkTIZH7Kh|KjSM+y}{3{8Av zj|n0^6cXu_&TcRr>fl5YM1(bb-f4i%^J5%*<&1Iq$k?KZr~)dHkBimqy@J+uOEp2R zb0$T88Kl>ciRW-;_rg^2K6o&^3>~Rf9dq(BmP`$acv)Q;y;y!ikeOW3$0m$Ri0Vy^H8wXztO3q& zgk+-U%Gm4D$*6K({RTE3N&w}W&Ts?+J5J4Gh$=a#^9gL?KG4(U{YELPdIQJ`Fz1s> zzFp<3TD&Si623*GVS2Ce1))U#hpA%(-2?wlB~b+x?+-p@M6eIbH$4+<3Spz!$(UE? z47w5M%K8h7d)(FK^r|KRRGu9Vk7wJ15e#OK=i`1y zU_%eY&hiS9SK{y(Ox4U|s(*&=EK=e^(Pb#WVR84k|J)KHsh1b1nU+RG71--v5nHAV zv_!>ARjwQTW8OO#N`|z4P=!yWP(~Xlc*)qHq2zjWWF_w5)E~E5ZCz(4Vp$2Wue|;n zufw>C&R9Q+*-Mc#sYK>nptE|~_-DBN85*g78RL`&T)yhSBX;G54t`g7`xJv(6m}`y-m0vUo0AByUvKS@u`Q56{?|4S-X_+;`;PN7N~@8eccCZ zgG$Ld{{-EpL8)O4alX$9h4^R*G3IncG+U74vRt@qw$rQ=Uoy^Gu{h1bJWEE!(rg7d z#8}n=T#Zb}m>6wREGT>&??_DpGfD(?EtI4H0684=KLwR{Kfd|Y1n~AENW(imsPBAy zFS6I+2xC;%H%eg*Yc6XHms0umXGA{5IZh>eJbaNbM;xK5QaB5(Fr9DJ+A?>d>J0T0 zDd;pbH)|tLOh?-{{wn$DDitf>BVYP_gsYrA(#;Gx8+&#MZom~FQ>JC$OFi!{O$}>;)*{jPP;PA70_v(#cq^xwfo+@E~5U$hP(c(cn7iuV&GjW6Y>n3+S$iAOXR;9LQ%|u z!r{qk|L91bd|Wl3v$IYoADxaOEdFSXC^jik{WOiersA9xoUy1IaH zt_$&>77GIV2V*0-K{~?qvrLjnOSCL*NxSgkGc*IB4ipqbz~r$UcM{9;H>4&AFi8ieBBA;Zi_1TIR^ zl0+M2I-4II?FIrjUrFb?8sk>N8Y3Ar=e>pxm~3Jff-H~pqU*r}SW1xK z1l3{*@x7q)_;Wbktwp!C%lfRtSL+;5&M`j*W8>o%8PlM6h9osq5CVgRUF4wpx z$L(b1XcaUob$s#56o=Gj6j(VpaX_Vz2r|5N)-zOmZet591_iVQUk{Ni734_t>8!E| z9qFV)zKD~7lcB{hqzSRPK{vOSHx`iLIOEC?l@!!>vWC@%5DIJSa*ES&Q#xthVg`;t z2Mcr9M&ioS&dwZ=f5SUe!hijlrroIEMz7Ocaf@1&VCBY&^=Gr{kUBPFjAo&Bdf+hb zJVL~lMkBhaB&g*CrWrii-`Ywp)fBnpOf0G0%|oOtmIj7|E9YK4aAZFuBV{tBkQG|} zRT8b`_`^)D!3LTE*~tR33bPd&LPm<%D~NpfL~$HRj(!+*<2;%zWQGe3!%%|xDDiQ= zST1pLNUZF5yuYV{6S|C~g>9jayPFw{N-E-a~BOyn6-4R%NNvUpzl zbA`~`Uoq_kR1n<44Gq$dCx+>;dL_7~9M1x&}HUFq3O`NL7W{?#>Aq^Q{{= zA~s4?X|59^S)Q)GP_|VaIc6XpU5xAe?t6Gv;Z`o!-m>} z{lBj`>nom$y&N|(dnw~kkU#YRpg)Y2LIM(k<(kj$dn4%EzVUuPdc}VGIHJQoJ1@}pG9Suyfx?KTeqj9cD#2amXnAP~ zx1q+Y!?`UNms{tYzr0@z-ke;Mgf0>a6Ma6#m5n@zi(owE;GB*yhkBE1 zK?zyEr=kfPK`=$+BkaXqbkePOu(2h&LW1Ah=I2d~ap+yGqj!3Db*VY9!rr>Ox^h0SQtPU|i zV~cWSdCfs2EL}@Jt#ef!a;x+nx-yFHbo#4^>Oh1-?*xYklJA}HeXl*SBKaPUK=OpOhN$}aw#KO;H~v!3($Ua_;X0iiH}G(j97&oB-8xWCf3a@Y>8 zBHa$`Slk)PNr?&WDcaioXls4tBi6;@c#2!C#=SR6^COa=wteSlpnzT2DLaTH5m;s; z64mECyYaNIn^-~SN`lSS`mHK989lZRWf(4oPv~H^e{m>lK_-Ga(=rs0kCV#BCCm_; z2or3jl_w{~6^`P{2ASt7^f+g#tMXMk!>86*+)C1P;GI!*fv` z{LfqnT;0a7z##}%V{rPVXkq4r{abnBEDbg`afG<({H49-9^S{`t8P@^=;PyKw1dptHo0s2^ir&1~$R; z@$mEw5h?JHPYQ%{B}XH!LL(9@2(y6Vyc)gnW8Z^FB}8ZpkLSwtfPw?DKvR;^BwZIE zN0Qg|G;uzu(1UTj?mf0iYUT$r-n!jt9aK_hFW&&9dYWcX-RW*&=SBK)@KQX>?-A%3 zuTQ5EDx*-PY+<3FK1<8T~VV+VyCTFY0wsI4c3kg!D25+{G*pCE7;(wr9EiaGrHe&G!zx9{tq#k-1 z#2U9lC&whmATd#enL3#l1y2pv z)e^l0=4sC)fhFGnaEcPQv(Q1AqcD%+c)_)^#>isH)C)D36v^j%r9^ckf_!&+Iv+ja z{7&R%q342kZhwGV&_X&9J%Yea;03p;5xu?R_6U;v1atl2KyjlSNckuf5kXYgRk{9j zw+DMjpW55zDuVuzR2`>6{3WcK{HdNo_>|%Oi?6_mHB5)D*6^JMU#TdYILc;(vrxtZ z?9R>FN3UFOf~*Y^Gah$Gp{B+99<2I+IbHFoHv!9oy(}Gu+-1pq`!ZIZ&{p6+xZJL) zvXSu{!^yDzBL%cXf`h?Q(*>uFU0#~WAvEuVDiJux2{8di{Q~6I6^VTk^yQyyJmkr? zB}$7)XxmAWrWB9s-G89qLH0BpBy8fw~#H7#DOi#4DHm7^&wX;&_Co}I`*w4 zhBCCnbRgK2QQRpWxnE`<+fe7esr}9hA~m^9OfkUl3<{kZ8YOxlNknJ)A#a&f^dm2_ zd++7$_RD3>tH(Mr1wX`&Z4*n9u2uDtqC!{QL6dJC8Is^&)i2cXaR42?K){yo0*me- zFi#Him*<983yQqjW4ib)x79*hXTMAmB<&@Hh)>UMPtvdY>f~*?pmSubwTw@yv~K8M z7>m+uApq}7#CSFvEq`9u4;Lsp_u4oK&Y005vhRo87n>H`9S+AuZeouQz=Tka|#NhO91pwgLc+NOJ&GC0N2fV_O+(a@+O-RqZL?x#Z z#FcF{{a9SBTuAdmg@()h@%@PHU7U}i{FB~f{YlPE2e75X0Hyx8Ltvh zQSsp!?L(<`9E?;!;fd=iw(?8^0H9Gp0Q;5yRQIo!`v9>+5Z}!gSw<9m46C$0u3ZbY zNb{26UESyDRdw0!x!Oald*hQnbY0Jwk}c9?q9(1&Imh9n!&zMkhQLdhBN!F|1_fh6 zoQgKAD^^xM4RX}Q^sU4lBUVYkrU9d6G zG2vUS9MnS46@;$mOD!50=DvTEj1VvIcXZV4A_ddp(a|DgGUE#d11`Lf2c6!_SzKSj zr8mg3<_(FDuC{1emNP0DG1;`Kq&_V4@DBaEvmcPde4U^Y;_$$iXCQ5sWH4#4Zs$w2 zZRHfFiQ^Q^_L7YT<^%?=$Vs0B5w0gL)3{j_z;FfuS*jKYzQsnS*xA^ZHH9KG!JAv^ zX@A2rwBUfZThbi&30jMQjf(L>`5PENP&UBKG$RkQK+i-YMAu}Dk}(r<^^u^${$e8- zyXk+Qcl)*LcY;!R={wg_9_!byp#s8g5r2q?{m5}zjD zrm8HyyuRuZAKR&4-{bq~bmkm!Tp&K8xKwR>QXEh{%$E4l0zYkiPgM4^#L@j(P951x z@Si=2VxUOP)aAIjfo!d_e)vT5{(Cn#Z>1~P%^MpJr-Sx5EC;r*d%bhW&pOa- z#^tVWXf%-*6J|kFRu&IKIBAz?3LQug+2h5R{8qPBh(%pwsic)IC)=r31eFsuJ`dmO z+R33$*^&e(4f~P!zP3O4+`b`mU4Zw)`An;IZMBrjz{Cv4Sa0A{&f1r$;)q3 z)+?!d)=I_gG1rC*tz)JZwVV#Cey$+kEo?4pPU^m+K`uB~qzL#~RzSIUCvo?{-G%33 zm(ddoECo{`p4Rk2?o-ZfUcI&k&Xo6?+SZSfN_una=wIf6vv}qQAX)15J>F_?tf*E@MA{=C7b&SaJwi$3juA#SDyx;1 zu8hkoe3;OsEQ1?KAVa`WLy748Y9qkS-KS_KZXSU(f;%|EA|ddzK{*gfLjhAypA^V_ z6(Tz2Fx?7h0_BK{*h-KWfz{G^qE7y7ANUl=`jHu7%`mxB3mc7Yy#YdV;rEMDqXsnO zE?Xv432par#9$Npe(c7@rc<>kZ$?#ZS5^=Wqv^Od=%UX?W)Ha%_fBz|4B@sM82QWS zpA>*eQ$lCChZKTadGAj~XQXTrsPM_V?M*LjLx62fkOeW1akM2YG4y-w!yb<3363d# zYn$tGKb5_&;ex3DX85rJ42<>&``$e=UgHE*L6+CLn)*)0&uchwOHZHn> zb~-#fk$ix<;o>|;C=(C1SkfFiVRMv0&(7df;xqUHp^uDXDPT5%MVCQpC3@mS&_FK9 z)SguOA@6ylmjAs2-^IJdeZ)wSfomt4vQ5kT#p-mZ5SJy*^2fw-I0jqv;MYa$A&^4^ z5a9`WoJn|u^8}8rKy-MRC)PSnZ`4f@%MPS1I$#^vCb}{wwNO@~eh|YesV#9Fg(s!r zPd#IV#eVR@W0#UHfj;FKwLix7hqyj&e|XU5;dW;h^r%ATa@jg&K|QB~7dOf_GK{32 zymPR-w8bq4aC}NkN<6R{I=N3a;ovx`6+COo)}iWn#^Q>p@*(gjp|IP#jhk6)RVc}Q znb%2ysqLlmcegi7sNg54e|E<$RWhi4_KM>OIUcU8A)n%eq}^vN=if4k9%r?ze4vz$ zEW#f-ztlube?lf%755dtZi2L}(6v;iu8*7uPFFcsaf~=&9Gp_hCa4K7ht5wBkHUU- zAqz@W#~DdE@av-;;bWdv{>tmI*PdM&^pS@7WQ;pWRwbbL32W zF9XA#FmhY`I%+OxX`Hz=W3OZc5os55SyJ1Vv&Dn{w>JyUSR|5UuCQ!|QjqZE%!Xdl zDLkK!OZh#L^;H!M4hsH!To~StSZzC+ZXRVh{;3jsXQR4al-sFmCBP4K0~7CTugQH;)l3*j5cNg(r6UFqlaLq57o6*JATd*B1_6#K=l$4 z3gF~8stKRbel8tz%?`y8(x2!s@k|xCKD3W4((@R9T=)>Ym?}R)Qq&~cF>7yc{_0*$ zy~zMm&wOM0kxsHpo2%4oxB3j#EzvK1#ci2~q~VjM$y$!|ez<8glg^o(4>!piN!#i$ zZ{rkTh$zEeGgE?r>$h;O|(@7bB#1gYygDsqxl!h2X=u zcz=Eq207FYOexEC3d)+Co)Xn11+FK6 z&X;1yfi*xg43&_(5{(=neewLB&}6E6=;l&wZ`)6b;+l%yVD0UY=q zA`Q4sr!YZ4)Il2aj46H)leC}7%UP@q-Iud+4!C%yKZ)m4--UA(>NRs_>n`FQ{#JqU zZXrJ)czJ#u3D)hBFbY#iw=PZQe8r=8nGm~*+fQxCNgVl;o)>n)xQY!st5eR~6rm3!2R1G&V7I42Va061 zVOBZxDg*D$;2K4qWJW`J;F&GSVO3uSFtJgKvoSP;@7VZpk*ddwr+NbX(xBn;D6D^S zcm@bTtY~V?@ASs-pWuQ|s+7oT_RjpfK#6LX?ltt`fe`})Qpe6n%BZ@$&dG~n=F%PvIw$v$ zaBdGal|k<%zG0@^zr!651E%g5FC{nhjwD1nF47-MQ(k2SvmeVJe)!VFA`{)+-+w&B z$;C&HKcA*Pl%{4by_9U-@(DW>!b2bNJ3sa4o?syZQLYgx@`Fk<+)E3I)v z8@Y^`xj@zv3?S3j?yVudm`rhcJYjk-EUE{1lFe5c9VC|GAR*y}6jNeW*dRXzD2#%W znf>v}DaKLOLFEwXXuwYgT}S(+kHq3Wa@!yk3JgV@@`AhESK#S1T3$cp2G+tHWY%6i zhQoTc^3;{jxn~*GF(>hV2#mL9m$8YqQ|vV$udF>s)XSi^IKMDIzpyaBP&s#9%FjML zegw_v(Pu$H86fWujh^J8`mD#6(4*X0?yUa+CHxt)4IizuNYcs3z(-RdFB`<7tWW zR4S(Qz%U~vt=s|c2LR>r$GHu)!t29HK~=*-*||u&0Ol-JGKY-~N5@eMbPsw4bgJGX zo^=-;hU$h@SA~PJPhLTOF;V8FOGu10YnNIg`8ihFOMA<^usYx1SEPHvzQ5zQUK*&` z;%26g;K)1_@6G=46L{mXJmhx2@>?xazghJDxE=z^P9*CEfir9f(0xTQ>r=8?M7rOT zLz7SzQQiU!iiO!L*XM5D+P^k=12+rKUU@V8cysp3+wwe>1DE8KcL%wmQgu!cj3z@f z*Jb;JP!C<4@Sfb4m=s6wSyor&dLlsNIvqrE`leZ-AsG*IyAYtN)b1Ll!vS)fYjf}` zM_fj{)FxFTv1d6v8Xl{NPxVK8f#WC2>$7AjxiL~Co19FUVBOLqD%k8m>|(bE2?;^A z4y|1FGas{WJ{{`&gLA{rWZ}kf6fi0jPi&yc_`uWtylG_6b|fh1Sw0rW2#@Hd(i>vo zRXOS(pCTBMlO*Vwq$ngfl;eY)ReZ1ZJHDmY?;Y+hq$i>}p*$hzAAktngk<=Z+rfO8 z(vH2&nlXBL8wirCwvu-z6kXlf+CyRk{C2{HSIL*iwHDL@8grdl9UV#SSyeEvaUL*ZGgUpC3Q$mW zgTlFhJBk5b1SRb{${of{;NTNdP(@_vSaeVkKG*lFl^@FB6xN>>P^rQ!2BsnE;E5>V!uN7A) zdzn=eTuJxzwUcoh31y)u$Xy@TPTCK7-A81+-QH29yXktu{%V~L!_{xOmf63z-`3m5~$QmQ(KeCccKP06~_xCuh|_0c3ds)-Me!Y z_Bv$B=1smOAkYQmIaMK96SO7}j36Nsq0!*hIFxzFv;h@+fzmCdE}n2mEEQtXyIiQ4 z1c`L#w`^Q8IO%|uXr8esxi9Akoo6M!2*u9gjELU_`6A=vl=d$6{(s39tw=9^I~QM+ zC{>n=0w){(l)thUWk`YJk>sC~Y=h~_nnXn`LV>_m^)DOuDdt`*KVp;{XZ*-L0+q&) zrZwC0amflLrpck{?TVUTQRFf_G?n<7>t`qy1h{F+PK}b@z!*~#U)U#OOXa5+B*=_D z8M%4ZGntbTnrJHy&As+`v`T$6A01_bmbcrWSNgWHyzb^eXZuKR(x(sEm!kl;)Sp0S zN<@*-kbD7{tOUFs9MaYnVO=?~fx=OwX3?xMc+i4CEi(@>zL4@>vlyllouD-Elt_fe zle#n%auw*}9s=N(#iz#d6yDwo!h~e!-4cpBQqsV1gwQ7~w6p$gsL7fy6HIAyg!iW* zY3)_%-8xcJKDJOwA})b|G2RWKPuxcOc%V*w0xWN2z(+<`2?fKv zjC?Gis3}=hX2kmZrm*=fsVG5=d=~#A{fVGQ=H+!|!$^)036`}X;swKs3?7v{HnM_UNSg9$wa`M}ZZPL+2>1p{@eCBFgQQ3PjA@A=drc- zGyD9;_GAUQj9{*9$yEePd)`y6>E)cCJ}rK~ZFv7Rfhi-V(mYW8>)k1WYE!opsm{x9D3!7b- zrlx>ycs~uK(DT7J9?0iUe@(~lFYW55kKf4NU!Pw&!J3Gi+N-^Xr;jQFnDZSxQwVzH zZ4JfBJ}&r?Tg*E>w3Pm|NMzjoP#LaPEj)`{ZbL7Ie+A5ZjEGqkXPUGFMwR?s1vEmy zc!dDZx`FwrQ41X1JJjGokBDBv4r?5AcZledtw%=;Ru3#j0y;KV-hd$*c2auh1_OWx z|L!}cMXSDFq>~|L3H?Kxgw4N(*FxeHm7H#eu+T~u!8te=LDONO5_)T$R}OTT^m_jJ z<+-DL1Uwt6IzJFKw?howK`R`};KFE&}`-z^WX9FnhZ2s@X!Qr7Ebouh^ z!o2)@lmA|q@7M7iFK6+jTeL3E-FVJ_-yX=v!drv*1+TwZ`lFJHztYoB`4dhGJ9+Tc z%eW?G^#%NNyjq*lA~u%br^~eJB?YlvDT!txGhd{(?5q3U%DWPyg2HmcCzkdvDqXZ3g6J^WUOzn^3=w!? z+l#s5!O`pPwSvMk!Le%O>%rs(ixpBUl#_Qn`$7gi#jHp`G?GEfYm^PAmO#~ z%=Y#5a48lHJlx*PuDzz7<0EnphdI&IECN2C3wu2S7NG5Aq&`pQr^pmspr<4jiB0E5 z)Oi`i3!3td#A5s5Z=yRoC>X~$F0!ZuH5pCQU=hk;n2;#I*hnwj$W&& zyxx^K;7OO=EtIYUOC(N@<-`|I0xE44ir6_gzIe!%p>jPbZqdOh3pn8Am>pR3rI<>r z$V|d-VPOI#I1BAW9K;94tBV_DiaVG}d;_5}_xAi`W={_aLX_wqpD(F2baUsVu(fqT=<{Ofu(#d07WTqADg_Xu*t&l&S zX~_{vi88_UHs}n>ParTIIz@E$;`TjGNs)?j<_^ZNcsZTmM-W&Y*`wv-H`@Jz$_YIOlJ0bN8$x%3=XCUr!OV{?)C}`NyUaDi4gIU z!T?HxfU03?y)8f1?v|gnFyrO=B?4SIMMi&!OG(0_nCJfrlF%O!-Q4HFXk1SU`CH)N z%K&VNvBy4-HHZnKps~>48L#e!;cYxTIf2F~_Agusj<5=Z;;>*{sTI|}xM4GJr<0jo zY!)yXid`xkb$^6*`SQ%pZgUZ-X62S|ZA>p{j)5BkywiL!Rh32Mz+u=0-Vg?3{WA$MuIT*a2W_h6Bhq%g!;-5vDgeUxV2vt zO9)a!K(v+-Ar^E31%~@CCXj*yg^1qt#vLNLMXj8FC^nf{0Z!Di!qb3~eUVa?8ChQn zr+3rkIYO~jVQXK}C zDz-HG4NQe7J7do-qg4$L=!R)!QNJ)Gm{42Bay+tjcYC<^4a-2_S>&m1KldJNY9Km3YLW3!5X+9(RjjMZ{svQ-o%y1 zM%G?Sm!#>eva$$LJF<4Q+xi-DfiwR~QSx6Vsf6>83XyJBuA5{%wE+oJVK}huxeQKJ zYGVug0)qHR%kgdX6>}`4Z#ay0wobquEuqfRL+pqV<|~s+8tjxBG}+XwOg@I2=f0c#kVW;XJeqoe$J5 zcYX@mI_nz|NBgJP(DtFxW0}JQJHbtA*oc$nm^F|t^)J^DXN$AG5Ct;ZQJ02g7`g&# z0%PR`0(MnPBCS+(30+oujFxYt%Bt}dcE5H5CFSGX_3kzPbCr7p@{&PuB8Tw^Z%VQ? zWFs~67zafVV+6LOJAuvaq3FK^&)tjgF4d-}{i~4=o0K9sV%w8_5s_TDKEa#yzFmuM z8z>c|b8qvV?K8NMVukb>w6r5Ew_^^&+)WmC)na}3t`#=sxXFphFYT->QzeGQ5aseH&Lcuo6MeY9XputOQ$3 zjwJU|^j918O;|U72#}&qz}MEX;);Z_m?f@wIs%gcV2HlJA_K>)(qsF5#R5jd#m}y#8 zyedA5O`O)K{8@43B-miJ&m?^ruvE3;lGcejDRxR)qXIZB4l{xTPg5Rs+Kkr5Av&>@ z=G7b-PElxa7HtGM#I4-d{FY+G2qAADiO_Xgsv5_u{b+!N?dzz2dgOPrqqO(N8UT}@ zLWaTS409EC8Fuk;EU0)%ahaK>^+Db(%53q?1I>S_nY!kEd%y!RsZ>1{-OQ5}% z_L>+8?2FAZ&O58+M23_WajzN%Xpll z#q#)Q-I{)sTGo0I_gZ@AO$o*TfVY$zE;Tx=UaIVtA!P6oVN-GYsxngI4 z6Ue>d8S?2!JVq-4YK9!lqAGZc57_SLae29p^t`B9o02II8)8UEzc|^_X0V^o&}3f~ z@ezTL^-?rTT!PHQ@rXfOczYfSjdXH`MQPdo5e=dPwV>mgFvp2#IcKHwx#A}{VE6|WQ--c?98o#u5lDcWgO)fPedQ}(A?}rW zj3G|SegEb^+9k@IPY&4UBNz3WEi->kwj>-zVa~9A_xdx!tuM(XYw!ll4;*H-j z10cUA^i%NmN+uY!9zlVXzeo-ZM2^2*+8B-JM3vQkyG9@93F33qactIVs^DUwP8mW? z);#Vf8V3f}mwDLOJP|@tA%a)O)Sx|ioV>2`7tb;Z=yKEYoAOZy2;#0C+(uY$s{L8t zT-v*>?3J{bO>|-d32R{mm??LUpBw`LJ9&t_PNT2r6kb6*1?6_kVJL%u{&z*_&$PbC z%oD^<4(8A(jKf{xaKAiw-ufc;Ht;|kiGy?=6gi-HG8aX2 zErJg73$BPGuInI>oL`3I&WKP5Gib=h5RfyDIgoT4E zMXvjIJvN|W zlG>59TmoNIour<#?R2<9-j6UHE-w451KS9f#wc5t7cs?>y5h(R8_e{@T8Ic0i%lp) zMx9;`cRGqir`1xE7bE$Qg$?JMp%-wgV-g-9VKIXAGOwx_A+vT;x<*(#NKKIfG2`Eq z@hbJD!XRlo9%}<9X{^>2A0nK$Na%)j^(iimf#emfEy;sYEEIpOxPJ3y?KmfVQR45| zjM~Nk7LnWJzm(3#ooe7iN=@Y`m^mE+2glk>%w+g9_gAKl7=N8mP5p=^ZOE)b zT0U<_qM|y(W3%(q(Ws+FX_t^l0i|#lPIZoo86s)@hzFHo_{n;-?qGpkN!4PsyFIe0 zkj%Xj3-}}uGioFP9?y%R+W);ldo_P7&d=ljGqn>AwFal@D-2j^`mDvVj2>H9wOSj; zBUl@cXqsM@qpy#de1opL+{h+n4wrS(%EvRl`SZ$ddO%ZaJ6DOQ0(9)Br( zw>3)828+QPr={|8$t2Ur0xz2a3y~%MQX!>9M5m>mmg81blpY zLbHqSU*%Yp4MAmSSC+E2SjH%aUxrk;(lq* ztE&RdevHcx7$ydWsFVOv6XXQ7*e9t;lXDGdR@9!%1WLjs0n(j5#JNjEYLSiaFl)f?{XyP+f#~4}&*V;8MPHXIqHWF`z;ec+~V@IuZ>yG{R|UeEJBy5(>g!=Ybnh64eF< z4yPjH`(O!(aq492>B#U%R?VO^!f9w+=S8^|lCh>TJ(-GejW}1$(7{;G)SVCv@2RF-w<++`p4>BTG%LC&H-S3eD!wOa`R*YLWfHhu@(`-luf-GX9YG$F;#| z655aJ_N=s2lC8Xc0#+3sH|cj?ET;NFL-{2+R_zrEBS*4+H`JqkRM5MD5KL(j8aV#W z#Lwdr7Z87l^2xdf?F|&gIB>i8!WJH346u`&`9lR3QFe(f8Kaih8Q)oojEnrsomT?{ z%nrou(r1rC;(!4&l*>}JEL∨XJfM8i@Jgc}GOh*aPO2qVGRM%LzXIw$mPIz&fBl z?BU8VQFu=t0}Ae>?W*Y#H8i-bBO$LSYIa$(aSm`hp#9~{Oj_N8a)gb6X|EiQFAQIij!_2@u1Zn-MT)P8c2BG(F0HAc?kVQWYESDQ^s~58ZuR! z_Lz?SSZ{)VhOHlfsQV1O9Hn^3%{q-3j;o}cCS_i+{vJdiY!7n6L`h_tQ3@~e`Yp&e z9jRn<6j`cfl9IzOFGg6$7UJsqh#s!L?kC%D5TmXsc23RJsU3P3ahE#5Eu{))?C6lhRC)$$OH+Xq?k|R?;>ndGm{`T3Owsd?Rsox; zm29;+1oCJ6egV2LPS%(Y5VHE<^%#3AMlPGn<-vjw2*wBS5x`||B9JVAw+tnlHX18u z*18g2#)u8b(B1;&WmALgM8I?LmdqU#SJ@d(>ULEAL;Q_VGQbnej*UdjL2(F!H$}&3zf^t;0tZ$flv@Q+(tw}`GTBij?d7@I@50r#4)%6|h zi@!U=Il|{{vH0ATb0Olo!eL^Oa)D1-8to?^@i#(9kbR(rpYt}U3CqQ_1O&p2(Hy=3 zf9kzB7{zEo?L~=yh?uQkG1UpD6FlSCA>h_>NlZfwv@ho@T%JFHR!Dsd2bz$D`*60e znEH7WN3)3!tXvo>FhmVRK#^5Vqe4{sH)kuO+VkY=f=+1H_iZXTE>B=k6^|IVz&Q0X zgcrzma5^wE^+n7zk;IFJc+&=jt)jdH7ez9d%(;Z5IA|LA>!8Xo=L9`_cQDX!NLbS4 zFo#2%pCukq|0e~iZM{o9Ld65I^T@t=aP4beUZ9>;CB68qfoPmOTCtxNiURWJ= z4yb3a8$c#Oc}AeGU(-T}IA35#D#N(ObXadcM~VtuKWUrzxr+s9 zfmDXPdfFc%ihKJRE+&(Tbk)XRG73pKSx-Z`_)8;!q;?^_J3Q8*;VF|Js&j7EgJHfWESJy9%z$`o=l@$69CK7kL`R+e^Q;d}&tBDFuP0ysS4 zF(geoMRE%Xq=j-hyPOZJJtZO1n`m|J3zYNO!(|-B5k{Bp)K0+@;9po9CR{M(^}ow`*v|_cl++no*>Uulku7M zM-j=NCf3L3GnF~Bx3hGI^^y|nNQ_9oDC90_XUIQS1%FFCrGT5-YTG|Qo7?^5#V0k-Tl z)r7b&uU&$)==n-sSt<`MG`8^z&1Ejv8VB~p+0f2o%Xv&r z<}s&(RhtwvjfrDXb4+43&MYA#9<^Uy-fY_yJwMu|IAid}2;RDZSPNt)V>gTAs+0BA zwYiz4V~{dWIPdHZ2i#VieYBYcl}&u73~yWDb=T3+D(Wq?2nZPmu%a z-D5`4x_cbZnJpH5gh#PA=J9KH4A`rz$|0_|NyfkW&ar{sqrrDhM9@1!J2DY~#06Uj z9()HfkGa^(V(wi_Kw(0tN(mtL=W8y3cTJ$rC$`G1!px1BnzQ6(Y_U+U%h%?t-u%_70iTK!=U=u8?DHMw|1O>41m`qXCe$ zGQ43#eF3CHQUnSgx(S3-<_FY9OHNM&Z={)^WN0w$Ad_bH(TETYx28)Vfixm=;Gv}P zM)nEhS$zS5>4jNR7}ryAMw3S=>KL&%Je=_&*~rV$E_TIR$=*t9WO4XJj$lwzd1Ye( zp3yZ_ZtMdL=CRiRQei4PB(Hi42NXq^H9}Y!JT;@4@P&}d7-zHF`S_n%K!Kg4uD~3} z$wSHu8?1|Q-ud`DX-|6c>J7Sm6`Bv(!o>`OS7^L}LHG$S6oUcD3?i`Z-pA&Q3ipRD z$tVO}aE18(-FCmL`7uG6xJ_YMcq%=Sx1C-t#pgJCB1NqQPpcXw>vRaGj%q; zgJt1_NQ&?KCxF65D9{#w;tvp-(e)ri4Ag`E;qn#!3AxePqth#jNbqHVK(5NTV(5iYaswtmPGt?XnCb&sc!?3>-vy#shW){b@ zkjIQ{jdU8wYA~e!AmMBH0bO+lD3^g_zAB#d)o}4W^lTzfB9A1Ek?0PffAFj9^9`=c zNi7_tdIsAzt$-i*f7}m6`?6eafPhaFkv|&hqLl2#I1GS}^P4VY*wRpo83z z3tTSSh38V~p4W}ogQ`7fFM?-UK9&F`EJXS!8)vHqV`yVpDH#2K#`-DTh)1=i&y=+M zwnv#1T9aki`)O^a_48J|FHj0e?3(_l$u&ZUx}+Q0q&(tcdrT^vq#dJ78Zn2IWL`uw zhhmFDnk$*X3>PdAwnYcLB<+VU<^9lplnI`P)Mt$I6!MxvAmnfTUHZv#Ax}3GN+7{R z-QVKnQ>dnb|E<( zq_x%nP%F1dosJ$Gfrr~@Vf2eoV>wF1T{#U6OBVFuqokBB1Q2v8Y-1(hobgxWU+^HN z^%1pdY?EJzz*SX38b^d)jDf52sp{qw@(>M>{YhL?)}CZO=2lGB2P77A_1&eR>H#9{ zyHpDg`yuUfNYE^1QRyOuG|8NLs`-M>TV9JssUuBR4y~_=wN1jJKpntQN^w~tZlHpk zX$M-=*D~`3&tP)bB<6#DOuvtSEFa@Gm8Xz<0mn)@PfE6pOp!lAygbCIoH(FXjjU9W z9!@{m&Q?zC86Dje%5^bpxW!b2{$PhIn>rq(u7~S6!(_vw`?JYoMqFw?aYRGqh2{>T zcu`BGhFXSPey{}FR&r7-yoJ3LOfJx}y4WGBy&0|VBDKqLw~b{6){w`fwK2YK$15SP z&MDY%tPDplh)I6LAUuULEd-Ruy?vrmdiGK@7?gXoUUT-0Q`_uKP^5TV)0+l;;|2*l zlU#dZq|G1Jp)Vm2VIZV|9#OL1h2_8xtH~*LS6f;h&wk$WqURM6d?eE$Cwba|^thJH zs~z+mK^`9ek2O90qgbKlu77-UW_d2Y8ADsAbq=O)7%W?TDzOgBFGd=r!|C6up#z4_ zIoGHQYP*~ceU|+$O{HN#WlT~e0&EQX-qzCYzUEn0ysY2nD6gjekYugetxe{+Z^WO|x?<5OugF8o{);>WDI3fCP4nSl_9R{!dZtjm>)hJ7y_+ER2^ssKoI#8 zxnL7Bg`s^w2H&s>`d|f9UfNFMoko3cCF(0&{~B*fO3KHsalEni$U;tR+QAqI&4}0F zx#^TEdLSyT!w{DyLgaeHp7abJ!os4&)52`UmtP8Lz|Gx_Y2mAOlW^7?jWqP1>I?#d zz}g`OR<6EC6$g(PGUL6)#>cS#Kow)zl#X%9h}%(cV;8PpXXh3s0Wj^fCvYFYM1gJp zQ|yJAh1-p}4|^xi=n_HX#bc;u;%|WS?Zqq&zcaCQdBve^GcMe%!*nyN*A5;Ld}kc- zn9ad@d;+BP=?p9`*<%4Fb%)2Z?ZF6VSWb_SNEUa=dUvn%=AiPwQ@mTeSNwZ#IGtvq z!*n8^>nO(&Z|9|8ciw70p(PA4cvcQ%sFKO3pOu%9Gh2pUM~l#Chnx}9S^}#E*{hT==sSKJxK~F=sCeDvO1WCxZ+Ooz(A8SkJ!o8PvdM?WFq+t$H| z2LDiFZqA9aLQLVsd8&{&In(!n#vB2hio*8CuEe4DP;=Cz9Xx;i*k0xzV?sA1(?P~0 z>^ScpV{vt#hiFHBi7;jiWl``GvE4KH2MoeljqRX15p{}kOF$I@C&3_uB-@tkJ^U0F zPwC;EW?A8ZYqdM@yw*+^?(P$89CXB$m$V)(69{(cXOEftofh*tzck%c+j}AtGrBjD zL2avHk;J0fSTCH*ifb3w;QI31i$Q7ta7aXA449Tr^8teCn5S2FHc1mndD-f&9Ycij zVij{TW9&qW%f?;P4^VG#(dA1R2Kt#`GNpW_Ec-dLH^QA&!b>}=aJF-pANDv3^5X7D zv|#5j*me%8sUn>@cYUu#6K^(F>M_MSB%S6QW2$ZBJl6(!AOo7u>gf@Vw(}Zmy`>Zr zR_>7m^G5R4XLNTw9g6kj+%>)4Ubx?alK<>hF@%P9UK5NJD~DYH$DzJ_n$Mkm@lu(& zr~^M~zlX(=tP14`d!^V2Xc&i2eqf*C&f9**8cR z`HYcL%Aqr#dwX}#-5rb0LVPe$?$xN=R0L*kho?;(<@ zaP8E{HESTk@qM_bUy0OZcmNsO7T+i_Gu^@Gd8`Kk8))h_OYl!*6gPy)n8zt15K2k= zxQ=jQg{@xTlZ&)x(?U!X(D()ASEwJ>$u2xovO@4^#GrrFhk*rC1b|~Fk;La1CzT${ zVF@fC=^H-)(w7e(~(;KnFMbR!4{dtGDnDPji zK)y*^li~_8@$?vs=w^P-Pu}y67D-p1ZwHlW;K zfYTAWr;7YQJH*6j2tS-%?1_CJ+YG&;7g!OuP99w9Cc2*A7sj$A}(j8 z?OBc>EtT$J)dIUc3_hZea5sea!V2m86`wwvy+b)2!;H`do5>tV3xAM}ioSp#*TUxA zkR+FWG&5tPnb2``An~9(@XB~9T+cpg$0d=b@)~nh;-4FE?BbhbvXp-ul3EQ@#CM?x zJcN!(>csxRU=T?}B13%lnr6sUv=4px1B=KLyMPliP}lRh9QPT*%)g2-6qQci|CnuTF7 zhRoXw^x*~s+8NX}s(Lm_%I(NIc^KH6{f3%Br5t+3#CVOHJqZYl@pQ3WTxBv47ZPRQ z2+>*^M-~tuPm!hgUxl|?ncDN|Kylc}S<)jx;+WwqkUC^@rN$IwY$nT?!0%uYgn^>3 z01!l*s3egA5d0$Db;|jr*P|E4KkxjzoyEhKY6^`wb|SMzTt>ASXT5uc-$_ zpP;|u1`)be%0oflfpB6R3vRBWeu(mO-@u{S*5wY)FRy=_QI2}|P^B^+keZ}NP&Jr_ zFR}7NF~(ldO4XD@JO}25CVB&)wdXLBGQ^LzpRM*W@Zw?$n8@`jPW4(fs%4=WV?9w% z(P0U2IIsCrZPs$OML0_H?6^3>Ie(~aXrQV66$Hou4aze)vk$!Rlk;Cz^@lhm@6n*z zFsw1Rdvs*6@pyh_2t7r#o?shgWW9%Zs*c5h+D9!>9a)ZD)}UF?fQrT8czC22PC}Ms zz6m){Y;K*aAmH=<5iXF06Px)g9OCd8aAYeGwl$c>aL@;{ZZ@9u?ZAWZ#KSIMh(N@? zis2_5Sttop%aCu317f~ydNN$2lcVT7oC!k-{Rm7x>5zqOvENKNOyd^4eDH3_AtAWG zSXHkOqGMCW_+0hH9L2hb6w+#?cHJ0)fyIdooZ=1?WyF}YY8;ifS5r@}1CkmON!4JO z(tF%_f`nbY@uS?4CS|`>z>#e$w75yrDXHyKne>a|&6#LQufA6V&%Wnef{U;z!6acrm#JFaaA0pi;KN_##@+Q*}msXs~kv;Pi222{7)U9i+BCB#EpzpkG7v zr8PK@E&K*JaSknYpQ_DLQ)z&xI7t;|nE#Y`ORLecxOrOV^j*T<^jr*BNPqs4>mXjB}jq{F7HU^1}xE{y{8EN?bJleYE-RjPkE_PhWqyRt6+8ZVFCiTqOidIW?;vgP1;ba#D+r z%D|^cjeIJqJuBq2&iJHazlt4v)tQ;WkK<84e=6;t#UH^eU#?j%k231i&$BWhUnm;; zQ8Sfyf(wdW-aVB`g@Gzu&f_3yz zV^&gpcY9E6xkoSThB#^|4Lz7C?!15>@BLNPP{-K0Fg&R(w@%V|B^SJLqb1?ZA+R9$ z*Iv6kd5yq*Q`-qnaVa}vA#GhHR(tmc!T&1M-{l~!QSY|6D(ls1gjaVbGz|6#=p~h-MsTStE|aOkrDzm zpE0(Uh8E`G)_qN-Yb1#T%Z1)kpYuIahK*RO>BiTmP@XjFdU@M~`gHC`Vj)B&WHgYx zhS-Uw-6Y}IAv?#9jhX23mbtpX&z*@H1cqSYWQfZ5|{ec-r#e(eP+Vv?pvxPyIoJ@x-hjip zB7>(1OOnFcR8+%#u%I82!{Q$b5@I;|mlRacNN~f6S`j@_CTIM3HN_mT%fO=Cq zSVn=|LpBh&2$O=PVv%NG@@}N57E606PX17!`d%Bn-9M2sP4BmmBDRMT_Fjep$Z{D7 z5<_i6GO2n&R@)T7Y@^7E1FTavzJ*cKW9(*-I0gPN(2rFlWrkuPf>Vp^634Ro)AG~HuD?KInL?l_x|Yv`T2K0+LzBSJODdL_(R;(LZLT?4+bk{w-1SqBR|7&3ko2XXXKR}4hP{S zU?B(L2vI=%wgzj|K)&5QeuB8FV=f0c*4tXe%?pokBH?h@x~KVA^w>6R`#8VunC71k z{_uf3_?3^fUswK`etLgK_I_dBFeL`b-zWC|%iq&_tM=*jf8_OVAkwbO)7;x~bxZ=H z_UoVEul9vKgil+OaxVI}E11XNX~y^dl{Z?~RyH?2TE4rnxq3|m!U{AUj`ZZ(=Em~Y z_Uhg>(Ep>Sp#HVHcQy__I@mZ^`e?KN5Tu-3Ls#!Y>$$cv8ewY8bw;Dsr1;7=i}{F= zHs)=A4VDteM=jFB@i%jXVpaJ@H0x^J|L_W|u5YyFi+8?RJSo2RHT?5Var8oyyG9_a zU(={nr%aoiNa>%Cb?Ux-|ECY+@&EhVI)01)k$!sF@7eqPzpl?eu}>f0AK3d(Y<~R% z`|b7KcEYsYQUV!Zp6cEEU~hkItJv5pw(ss2+v~;F+Sc~&2L;{*z2~dpkLO2Vcd{}| z2TL29P{?ktt$Z7T16!w1@T;sGecu|Az+uXZGpv9@zWumEnDz@NPpCK{^`DZ!fpD zmRq-$Tl>qco#ocra_iTZTOTa9Y8MW}!0~kX`FVf-#@|yqe&0Tw5YDgfSwG)Wa{24V zPp8Y(|4iXNuuq5geS@d#h|((s_7i*myZ^b?pZPEJbKO3@tdGacKYJjL=Kpv7Eb!~k zwSKPk=UYGD`U|aJX#HaA3$077nbt40e!2C<)|Xm;()zk>X{B0XmkxJ5MYT*G%`<6f zds>B{qq0%Kz_dVrMvR^kH4s&f8RcT z@0a!WQ+xjd`wTFw{-Kq-Zl7oInb-f`A3cz-zyB|ET+Un1>;Kg1|KTqwo`1tWAKK@^ zj6VOBe?vca?9=Q2#Ol9h<^IJbEq7i#eq{B3&+4t)=dal3U;Ki?`{^(0=YLyj{}ZeK zLwo<+KF@03`Sps?-}%-1<@00S-h25S|84D-%Rlk=ww`>?emkAY7( zG;FnQQ1#f@Sy(V*7$Xzc92h>oA?0cdS=F0+me1cPP;c*sz(rN$9fxA()${h6 z3ISB{#}5Rc^XKpXn>vpFmwgWG^S}Fx`dnLYwVd9+ZuOnd3lx|xPu>=cZy!BMonh#J z-)ws}1jm7&Ke6_I_-`qGU;4}X`MdV%WgXu?w(`zT-{3&WX5LHYpT+<7Kpy<_e_P=e z|BikJ{CeylbT~d=f8iV2{sa5;`c9AcY+YGcVB)zoBzS-s)eF^pe&5PF{PL$) zari$u_qydZ^>g87f)6~!ZG>~4$QqM|7cRmec55(1bO<&(wivZwsiZxap&ZO0fZt*g zjxh!8LnJaqYK)eqr^lKG1`sYUzKUBiuNJM#;E4i=T%03*^nW~%4*Y{}D&04i_45lW z`YA8*kB|R9vhqG|Dm%PX_4CXB{DC~&TvK@e=p+67jR*Dczh&heeu3K4dzFbqX)FEb z6N6VC_om-o*ZceXR{zKLdE)@vKoko6V$T=eOvYbI6eu+vb8llpI+DTeQf2Oem5xjTC(-yjA5D$l{B;qS)|?~%6Kwa?Ihd%sXx z0|J0EzI^#-52QrXc>L?<@BJ%5pLc&#`Qz`}=S9cO`Dxksp+K*v&mLU?5Tb+7yIRwi z(CvE$?|UP~?{~)f>Fs^r-rw9kS~-Nu@c*%QKk!Xm_5a5&9b+9jQn0V=W}QYbWFc~zYqOA#zXh)x&Pkh+%Q@;y>S?obf>&3)OrZ z7Af1r#OV{uZka#Hqvk7pQhDkLWr+;mD#P1Ey&R{^KTL*47pwWMw|;f|{4&2^&PT&i z*2~p7dV1?wXMB)4|I5rCpI5-m#`$C~^KouT$qA^f>k~moPSJexrSAUAXN7ucSDcUj zQw!mE8eet+Kket|0$mGE_{(w586VQJRIQiXr<7HnRBn}WzvZgDT%7(nRc=_RbUdw` z+@KsN<2Q?E#GF-Xe4}_l3_Yucdu9IpUzX);Rkl8(>?e7X#Pd?0jL)d?PI3Els_g!v za<{lz#w@Z84#mzE* z$%|@yg|u(0cv?*VFEzegY!r`)mThXhLoE8bD(~2$TqVQziJot&;TNQwE9IS{?%!_d z5BhaQcbCk2%`4KU@;f5)b^3Zo4Lz4(gk^cz-%|ODw<~vw78$-()N|_kbjtktJY=+a z{_tSsTs__ObpFK|pQNY#earV$ecD95JiR}=W&X_U?!RL%F;8LQ|9-Yt&2RijxvK{Y zWcX7(jPGf_fA`_K-HGj6aZs&~wPL6Tzb?af_b|Sv`TpI9>vku$PxqV4b~@vKc1XWC z5>)GL#SfHaKUX%2dOp2>SY>|Q&-M5$8~wF%PDM$@lxp*N3sc=wsvY#&rju%U&0@3% ze`T)I;DK62dBvJWj&1VX}*8=;kw<4?bH1#(clGV ze9*>_T3_~vvQ5^@?$fGV@CT)yU-#dz%%9kQGe=+1e`{T4=e@?i;NP9`p*fvu`RBx8 z7gTwpc#T=(gTgX@eoRdty`Gp{|z24~I`t`-Q=!`E) zm#tFP>&Gi)ouhLzbGyA?zQ#%3Rp*~sa{ih4Im?x2q*r__bglDJo!{;A&u-_Z|KbqB z^ydb8y(OBNVYBf+W75E>T|NOXkz6W2F z;k$bn-_v~m?!$Gv6WjM(xmqtTi3PJ%Inlq$_#r)vPn`ZgrL5bX*go%kwH{7aDPNFs zq6IR1RuAJ7r~gkW>vku$Z+?whAD|Cnc@|5zzr<7|~DEB_CY%fxd`;2nH?MllK<(Ycrs+G!v&nk-> zl<88=Tdm6ad>~i0w@=jDQJ+6JWVoK*EoI$L?o}TPUG)xHzOU^1x-H=|scx_Lj%!V% z^Zk-1A8k=REC0XVo}pWDwbmO||E&9hS`RB4m3zgVGTe}|UV?6auFUU!k6KP<79Z%> z%r-xEyJ8(&`5OuIi=vx(oR4{(=J=Tvv-w2dyuA13n;B?cART{pTl}d_<`75C-1#$W zp19k5GJ*MnBpwv5irgQ>yvq9KoAp(@V+^^6t>NHWrny|5{sh#Cu)?6&f4-L(mK3)E&#>kaGQ+PChdf*FJrJBEQu8uzk zViNl971yMzG1uyIY|3kGVg|?WCr0l#yIuU=d-1&%!SnQ z;~?{H1r>A6U*pE_9l#~<2~&65ed4`2zPH~UzbB$uHh;>oNIxnveitdeYhIx4L(SgB zwF%slP#SE=-T(EyrP-s+ANj`@%bmC4zrl~MJ!;QSuH??uYP7kT$5`WiWlHrNp3XVP zeA;{b7m-|K#rKK)O8u(4^vjkspYPWFS7Yhc;`q}CxrBQDT=Q;F=09uvcFyMGS-Bc= zf_}U}{Ob6(I6ptf;sEu}&u`w6iHlNexOs^Av#qXw*UdMNHU>AD=Hlqf7gOh%zg%LC z>l;p6k zdM@|so~L7@a`59=Y2M@C{0)ZN{CQxexovnjtl9|;gFCgDKlf6<2Ia>9{4`tci)t;- zv~ddu^TAT)D@**rN?kYVoMhezdCPef7iqDhWbR8 zSk_Ms&$TG$iSdc~PxRet{xq5H+&k5DiSGvz%Xls!tPxI;|- zff`;W2E>6uHGH19M>O`T;l*N;cu{oxNR7AuN|~}xIq1jA<>H?Gs=V)q%EA`qPI358 zRe7;^NHl(msjv69 zYIvvUKCa3U(fK=7ZWSGEsvH(Ozpu(IQZ9X2m5+*TVO3r%<))LWT=}Zf@|w~q?iB42 zHM~)@y{^g)Vpz2NUJW-+E6<82{-DauXOv_9q}=mo<=S(~^J2+gRC%Y^|GX;Kh=;|F zzpCNW|E?@aQvG|IIQ#}x?$b-T*HBKAa!zkm_K6p6RORA6%B43co065|WP3TqW#T4r zgXEnRw@FTt)Tj5&YB}5cDkJYu>h~+DvcEe;y&vlLSGUV>J-uDZdOyFnq(Z;9k+*d5 zE0_}A&0TSQf#X_J=;eE4`98U>FGnq(YFYXJ|LDl3nkMhdT<=!vp`yR64{?hOkBDlf zuIuSiWq$81>NuB~X`YzsRiLNtS^d6HAOGs#qw@EOdbn0ENw1$q$=B=W-pg+<^^|X} z-p+dYZ)=aQu(#L4+v~yX2>+^n5bspi_>Vqr=$z1d)&8F{P^pJ&^&&3s|8m^X`+u%J z{OAd5Q`K=!=jG(jF%Ncnva58+^!-!SauOf~X~^ClU_pC48I z=G|3F$NXzMRmMMmo#}d-|KD}^NNLYwV!Jp>*28&mK($&gTNYf~<1&7959529@85lR ziL~p2SS0OxR(#9-F22`X{h!cqb!|C2%5-_+(C5_jA(^jFhAQWYOT}H{dC@jf zO;;rjT%*c^6*UMcJYXex5)Ukd(`*?_bELx{FGQB;~T{zV!n*8mgV}ywcnDw z?aIv`QWlI-E)(~N7sQ+#HNHk%Ia-zXi%GevJWgCJ?i91fsPS%bp5!LotAJShY&Cw-N0ht8U3OLWi0LvsTgoM3*&S-S zIx$JM&lqu;*eUZj-LIy{lpdF=c`(pAcOWRk`0JW!q%s@{cO_ zKB%)ri?FFo|~mCs8BYF z8)f(@DHqLF<3r-wN>z@C$L6TA+oi0Ma@kx}-X!jm@fIoP&Qs%q3zV)$l^euLd0nzf zd5cVc`Y|=#;Tq+NT4hn4vd=;(iu9f{>OxO{{8E<;pKAo$Hj18uHtr-&112chq!?#ckpVao|ohzTze2 zL@6&5cZui3beV3G*e+%_tNAyIXQZB%@2cTziS1?yVF$rGqd79RKBX!diqqEPPbQGr}L&C3FuWG z*Ddp(kop$S0&6eu3_QgC$_kGqe}DQ9xmSI|Hbzi1><=JX#BQj29FarzspsPnNa=M!nu4W zY;Ghj8{t_RG|;@urLz|Wo~>PZuv2H&*Qk^ zVs(5ATx;&)8g9xFzaHSq1(eUMxa;!m6S_k54HaZae9>LQx-Cp!qo$t8*0q2u%JJFt zkZv;VIS}I{35PznmMPMM+eNEW!@+^ekG83fersN z_Y?J;)-i_FxZCVVQ!n3M_D$wXd+@=#^YiciIREaFWmK5C>i?`6U0@gF0gCrkRB$;{ zt$7zVeJ=#A=vz=-&82d*-m##j>zHWVQIY26MzglN%nKFce`d!2v>M!(&-}lYM@)CUJ7MCrXzm69re^@woCjXI`f7k zl4j)*urn{;S=$UTpZeZyI`ej-Z$7PFx~jKS&Ah(z@{#|lqndOl8QyhVyK;Efk?qRi z-HvTnj_5kNP33Yn`gQz~5NaBuaAr+~HGajL3{bB$T?gR!su^Ronp<-!4{WDf%%&@M zA3WZ?hYJ^Bnmt_oQ|q&M_Ixf&oT(n)aYw~??)aCHRcS5YIaAk|z{+cP{7RwwtLDy` zTRyjnd%uv&p2;ece_b~~D>tt%HLs@S=D6}Kbgs{uly@I%dLc7#1=N+x;YwB=%XY3@ z!2Pu89`U=oa>*1Icd0?~7yHYhs+!lI-n=H10LO%cE3d9BW?fml=gMOCmBmq47IUsF zjy8*W!}7Q4U*F zdF|?YU7f94_tLp~ea7#2UNw`Ou~x9xOwD*O6(YM%AxRt+MGR zrR#mlmN(RN)izZQiv2THxkB6_CS|GN<@YFaMk(9xRSpujh(#Y#!#9d&#k{d<_-e6T z%=xeyUN0UK)5odduJOvG`;~QKhge#mh93|s9#G|0vEZYsTq3rJVAA{fHXBTkI$EImJDb)%a;slsg|%HWexN7Awbm zOu1bgQKHHl#X%3N@@lbfsVXlMFNifCSHn+<<m&@FC@D_#$y#g(|0wR(47` zBJ<@-xn`jnAFfkoNx5RFD(?}GJf+GRUggBu%Jt$Iac!jUukK&BtIOzJ5f6!o-v`7JVi zSR8HM7W#@`;;1?F^v1pF_@h5R(96rr(P!c6Y~z|2Cor-89O>Wf`}nu(V~=mjx7Wkl z>%r^@Z})?@`@!4&;O+h3?c>1P$AN$3IABiuX8-i}R6X^pH=8#;PQJhDY5uo5yr&#} zUj9~>^Y(Q1_^Nz+J-odh%#QGX-4EiOuiJn0``Di9Vf+K1wRKzUizH0mFoR< zhp6)ge^w1oX;A9nJ$ZS-@<&*f-+#55f6sHuwc<*jDp$(*Mo}*(B=eWZbVJ3S^7U}L zeE;4l^Xsx@f@-gR|8JAB&gp*tTwMoK`LSDOmihfKAN?-k)7F}9zk2I_|B@aj>b^kv zJ0STx*QoVyUbHg)AGt0;w=XEm%gp5qGI=tX`4x%zg8Evd}dbH z^16Q(67FGsy_`YoRJ)?$Rdx8N%HOp?`hhr3%z8l$@Asn8F6!k(CI8ZTHU5C8^LtXa z&no%4Y?rcM`j1n}I!EVnQ@YFRH~!!?Jwnv|C1-q{`U*jRj3j;LivH5mL@X;P`OSXS zz6)Pg4iHN=s`6@4S3}p|n55RP-cD8~cq{!X^IpDiS?GE5MzXAsEdR(?RXzGPDRn)9 zGJd#>Kl-&R#|LEmfv>3H8)f`kt*6e>+b=B3(`6n$8lOa$y;9B^HD&hvuGSUJp2H5p zH-LPrHX-w#Nwssk#&tg=T;AieGnt>`K;42_3#!a3jLaKGbj@?+^6q7Me0fy(cum(7 z2_cskEDd_o`i+`eHKC^44tb3l*3PP(JHy4d_C~q+rLbX^d5~5{hB49@>E7n*C?5$r)6+0!AP#JNJyYU=D&EAXI50qsGj}!j4Cd%F>6&Zx5iq@ z!wSvsbML6=K4-kS*PO5GndCf3ubP`;m`@-xpFG?x*PL6v$ub@Mk|A%FHnWMXQMSXkIe{`AV@}m!_ z_S;&e{i4ne$@qiE)cEY*DYJg7oF>-G@Li&wKPdAXGW_6i$r)~sPjbE2H={_^Pp^Nw zlrJw=g7o_F%6NJG%F5|lP5C?$eHKq)t#d7iKWH=Ykfo~}xBKhcKeLc~M)e$Qj+x1g zbkvdIirA|PVQJ6Am(_Y(A?o$fDdY8dP-doj-K(pqil64ps+v1vZtV>7lA;;r4RAQ{ zaE*d_@e@}*>0=KMnk<+)!*O46AxFz6ID{D-Mavh~ax|R9Q^3(Mms7(nsAh02N6p;w z_?>y;2cT|?F)M$q>CE}8l{E|Ich8iTn$yQ`wsV~YUvs+njOMYgTP4(CP#xyfOM-rV zm@#+3thy?7gzJ9nSHovi^MvqjuP2Y!Tzh&wTuskWTm9>H^zFXvt{0Dl3A(?oaJ5*i zxw>ai>&j~5j)hh6!>)SyQ?Ggd&@0{@o-y(NWpE|K_5OuFruMICr&Rw+`MdNp@p|)H zO4R)Jn3`{m7!k8Cso@smRnvn-RCGFj@S@s+Cf*^<=y)9WG8j2qPWabl%wNK4ayin`>M3`(Wd(^dVVbs$Q^Yb*lAOm#o@z?q=nH{>pjp zQ6~1E{uVXdBFoY1M=$T_05$%UIPkryoFnS(7**Xcrsq2-(}%?rnLb^N$n=ROG|SNA z^>AI*>b#)j=ze=n%88#3CH7lG>SGmkPU^?i`s|#hY<)yoSf=zyxmn7MpHRb-rz_K> z?2&Tm3^lw(jL2|{EZ-%0elcizQ{JwE95l&EfJPbN;U^Z!-Hhs5^j{pEW5zphtL z_3ml7o=>au{#E;bVy@nw^l)FL+WxzTsQss>fVgEPn zv ^jywKu+Nbl9?)=|rUwGIP@m24Z*G2Q3>jwU>k7H)p{HOPmB-!A4y(cAfa6WIm z`ZF@Mh&TVQe2&o5e$^zeJID3w5KFtxS)^fS8h!q2k>!u-;X@JqIYwf>XP{c|TSdJ* zr!4QDZqMmcZ>$&8bpLAM%^Te{HYm$Gc#Fz2Qk6O{B;#|(^ASt@2Z+54E3;p39VG6b z`gnf5*AKmab=B~#{iWyA>b!r|>qn}b|JIAT|5|3LorYWzxsH4z2m!HKi6F7n+(+R zX?5Pe>iF)F^%xQL`gP0emRYqoUB9{d!}RXw>o@+>YdLZK>f_M$&JXnZd6QLn%~5(j ztu?fswHzx?ujTtM2X+oLx|<~_XE>(+JN@lW?0 zwZz2rr(d`Je>p!%oum3qs+@P#Yh`$1`}O(6f9m;*?mtm!r*2PI|GDDZIgaC2MqTe! zQqO(0|G%xj(z&X?w21on?&$WpVJ}ugkFTHc=gD39CF#{`?dl==b4h)E<&pE*t)iYo zpYH^vKHaZ>NcbpH&!T)(wacHT&YO;idU+NZpLx}H^lEl>LxVZ9>*~yBD%6_a%g*Av zgV}ug$uBkeu7LX^{7?E)Q1VkpsQMLuQ0bL&tCR<%tKqtFy1$2Ie*OKw9?$c3ulx=< zei1{z_$RGXc>oC)jFekxO!tq^tjv6!J>v2wu!;TORxSPKZdK0}Bb66y%B`8obuzqA zEEVRy-`~`neuZ;}4c72Tf28mFcoYov-WXmE~Wne)G*A zE?%d8hO|r9Z<$-=?hzB~SGGWnud9A*^|Q+I^?K0t&&dD))c zT9vQsr^jDUov+tlv(!)b)6C4bu+H>COl#HltyrY$vq{wb*&^d}S!@CQdA7{Uw@Z_z zJTPIrUer&$YJTkxpHk)7%ayx7rR@J{rJgS!%is1THGJ@T<*Lsp4~XrLt8#yjvRbr@ zdVPdsdA@~L_V+AX{QFsR<#fA%Ro9|topSH*>;{z^5KoJG``MpSc81;N4k#;Uyqw=XYI-{)Zr?W9&SPIt^}1fa*YycVeL@M_H*?gRZ(6$?@53_RmDeci zR$r}kk?Kc*7gasmMZG+mjF-Za%{GiQMpqQ&65f zHlHi>CKP2|UA6d-kmT=fQuXtGU0JdDNRQ`yTh6NE%fH;CM=o&JjeL-+FwI8=#{U>!HFqQ{;*Q#k z+6BhtKQg+8nKvnUuxQ4EQzlO+o>IhBlV(P0K-F)UXox8ZRxL0xvqop|OzVtHW8^|E zqbZ-O?f|B1dZkW}YQJThTK<4oT)QOmU9W##Z+zOfRsG6D-M=le{2Wy+qt~rBe5mTThEa7Z*ZzI8 zE#~9zzJaz_5QkwDtI>MgFjk-g{oC7OVH~=%E$056VU(aBS7HeFpqKH+OKq_L7NCXU zi_ng{(P%S_b7;e~=C+s<$Dj{uFo?@BiaXKzvSGBK123W%3%}3uu^5do^~5x+M+Y84 z4-VKv{jdxpxC~QYF^ncGH2ne7nFiZpO{PC=i?!kjOg>>4r9WU7{4P(4NEbIUObLX*#8&Q1Iw@z?IE_;>xSXPLTvdB{RB^ABc3}(eX!qeX(y(k z<&W$kmfJv8VCuXDN53EnL&h4FGMggenVV;E=AhJ$*&9CM-#eK;9|Scy@r zLF*q4BZ3YrNqRZv#Q+BIB8G9u4KK$mQI^yD<(M7Eq8r=LkKP-}$0!1=@P|GB#i*?!@4Yy^KRx-=~++fsUJc8J93MxtB38mGy`j*mQF* zqX6A~dl}O)_Z_{AMQEh-GFD*=Zbsibdl`GMv|lgdC|cju%Q%A(?DIa_Z|P+WLC?E; z898Y0-^-Yc$?xf9RALC1V&i~b##(f~x0kUE(+2i3_G1*=u=$o=#(DIn_A>enqW$lq z{b(6P`>_>E(0?oKN7rE5kG9)rKX&3y3=X0FSpR<7j}9yC$J7td{#$83W?<7$+K=wr zX+P!;qy1>yLHn@j@8G2zw7>J>zgJr2pIQ zVEy4VY(yUhaXVVrFLn=SynKZ3X7y3am$8Cff&hVJk+_V1MqPMLTftJ!}^&KtC?Q7TkcT?C(w4Y!^I? zE=(RpdvFAXF*}Ft!tr1_+Heh);!bSB;AplBp2AMF=F%RH8+qu)N%yi{a1jP^D@O1T z=5jn~9m96Pqz};^%*6msLxbZ?#aOlru0jXyLl1Uf3r0W8cELg8Xb;CD2ima)eYoT! zY!}>&VLXn>9H%Z}DJI{?cEK!cLKlW`C0aR-t;u7%;2w12Ic&s%<7o$4^Vu#O=O$t< zdeMm+F@Rg|XS?80G&l~X6wn^bKo90Vz;?lMY{5p1;x4pvoZMH)cEK~~!(kI>4;ElD z$4|#ZwhJ!CQVgIM4`T?Af0XTleJ0T!jmq&rX4u!V{8|kj3Hc(owykbIsOMq*e-Ys8`1JG?ZGUx@VYRzlgX*gPqtpgYClW(oiSu!BTYNVhrN)nQRx_h8AA8+A$aVl+zBh%woIX7;Hs1 z8oZvZMhC91V7r*FbLhv5*n&f5(+*zm(kj_5ScERDM;~s%Fz%SccH#A~4Q)8UMSCy@ zo6tU&?Sk{L6a8rAb#pJe@!&kR3!cXyrawx1a5CoddRkh=cEM#>kIfjsV`%U?+diM| zg8iy#59Xr>E3pOL3)n8W4pVtO4xt^-q7N^+*)BNzG1`M=n9S?+QY^*#8nz2=$0m$m z2>aI34qnFx)UjP~9J;X%8*wd0(7%xF!t4A2%td1n?ZKfK!1Tx2E?9zwwU^O=X}AqN z*z94u;0bKO)F)^UjzRkeXzyaS3s$2KH(@jG$K;{3_er)3UcgecEulSFgdr^ZB-;g7 zp!N1%#%?UcHf+SmQnm~Be~R{CAzFs9J<*AEUbYKvzyKb>Ry>bschKHtY!@7X9(1A~ zmthneKFxL+&Uq2q@ie-y-*Vc4sh?rHU>+vl*~{>t4cDO;H?3g1;2{iQ@26=G4#&bY z+FQ?d!D-ltJ`Cb^wA@8|pJBUT2Rd=^O4@_tuoVkG%XS&T>jkD^6FTq!`te8u+XXLS z6th1^dp^kaL>D?&v0ZQ_He(ROcmi$dwD(!I3l8+r9-M?tSdE?Nd5-OJH?J31h^^?x z3mC-SpJ%&Z23j(BJ;YpGf%WKH!*;=4*osj!MzTGhryV$WE!zbP(2q;71vg--jrM+l z?ShBVg~^Sy2S;ESv%ko8$>j9{ZMX(YaVL856gJ_Ib!;Cj!cJU))-39Ug?I+tIP^qWLBR$>^}VR8=r4{ey_r~R0NUYv(bxB)|W7(21gmudfK z_G2u>YINg9Y{a7&#J(G8KaN97F8vU5aWgvc7}jIIuh4$X!&Y2`#=RV;F%8?$f&Dkp zek?#gF2)wzhEY6$sblDmU#0yx5nZ?xeYhQ)u>-?6Xfy5q5XWn@;W8}6o#@3=*n~sA zM*Fb{J8=bC$Flvg5YM0+hc?lEEWseI#0c&|%ZJ(in2W=|PWy2h*5fJ+;9hLS^Jt7? z`){HBI2|3h8a=ol{dfUeFykAvAImZIBW!=P;{kNxCG=s|R@#r17{+y&Y-jtU4U_(h z_G1ouaUM3|1`Oe0?8H9XX#ag|e=NjmbmK;B#G@F*zTc$%I1Vj&Y=6wf&FI8qSdaYz zv>)@Z6&Il~p6!om*oF@5|1H{&1?b1c*n-I&&hwPyJScILp0<8sXe=Ni^=*FSnq5W8bL0pLu+=G?}*#4M{ z!*|ktoQCzd3In(oTk$*^g>3(qXg^Lz2d+jB?nggfz!uDCru|rssT0`#XvYKS!b|AG ztnbo(ti&*`!{mu$IO%ori+Epwg*f*2VjrG`s&A1mMIPp*9e~j}YEW~Q`U^6!1X>3L7S@KIb|G`|`j4rhNnS9K; zF&t~b;#2WvQ1h&dk!$2@o( zn{e6CaI6*A-5!o5f1LBPVc}RVF25rjbK%zE;aHJr<^s zkIOKE&6xTK`z;pYkh{po&Dey8uoaU=kY7gqFc;H4NIvFaBd*03JcXUuKb`zfaK4JA zxEt$nfQ@{tx`%uWV(N7IMK<}kW)%6DokKplu@$#s@(kLExj1Mv`B;pNcpO`BtDSsY zGJ$+2=fhZvg%iogJs%|>r%xgua~~vsCjB1^aqwjFaTPXU5L@vACYQ6`r;v{gQ_06Q z50j4(Y(Zx!`Djcde-``EBjls4jC`~>$;VwY$;YyC@+)}Xi-mXuJ!qLlKIUO7F2Us4 z^qUIuvE(uGv1uv!*oiIZeu{i-_mW@9bj!%cvsjN+pCKRXR*;WNo+f_|?W!jqEzgjT z71)Gpu@##z*+oBGNj`2x7aqYz?DJXjaSV219j47?Jz^;iY#<*eVlytq2p-1Nd9>?u zU>_ewoqT@JBEdnQ@%ky7GM*GuoVY?i~MRnAK6JhHlqtCzC=FmX(k^VzRU73 zZx{7gKs&J%cVRuA$7W3X9`(R-Om%ad!9tw(Bl0nFfPBpT8TlB%l8e@%W3$4@N9)}!R(vHvC?kGGPK{eDA!E&B%+VhBAr?*#eS`}gEy zDJIvke`78#{R8C||aUA+E`B*oed~Crc zwC9tLNA4%z%YIfsJ~|&DAJ=0ewqgqoC?p>XFzr+1VJRk0ARmh!Bp=s5L_S6_bs76r z5&3w2D*2dIOg>g)D{jT)PxJZaBjn?`ndD<(Ir$jG7Mxc>K6)z2U(V-MSc*}s$MiYm z<8+K*Bc^_)mtl30kMpX?#~p6+G5Im_(Tm9|*k5YN$BF2|71)UTum$b)jpSkdSIB#Ye!7V~totf?=-5mimNb!vo!E)% zzD|2ra{jc1GWBp{8hL&!W%yyN$CPhSA6$bG^naK7e3te56Y7IT3-v({HevAr>VxMn zxq*K0GwOp`Kc_y}ij6q&5cR>`*ohgxApdjp6D-AbSdYU(;5KZ+Ft*~L)8wz_^C!&3vcHj!1NxkZHKGe!FpQme@TL>7w9oUt;pP*u zQrw93*oMtGsPBnb1SetY8rp${XnDtpmY;ZpCKI9!5SM%qIT}9LMe_ADhvGwgU3;=mhd{ z#YFNOS$_`lao9uTqZ1o(J+|N>?8M|E^1sM=EtcZ3ndIZJ$H+$yMlg!0>v%n>B_Gr3 z$j4LIgohWBkJXFF{}TJf~METs(#@9PkYJxE@sIPh2GWA?Af$D&s9u@h6j!tmdak8bqfR&2sHY{k@LUs z1&wy{an-Bjf0fr)EX6(@>2)$zh+ENv4L6*OHKEbxWULj( zV)EDMH<*h%(1jh?h}N4<##*omJMqAfld-fW*4L<$u~MwhIT@?RjL|1!%~+RvG8Vzz zA143n?04hH$9nW&iJg4x#8zB)ANgCTM;`guf-W39o_w5)EojdtA8Rn}8@!LgQVe4~ zUchEtc0c*J6H~XcKCuwT6_AgW*o2MPik1h+|1XY9n2VDN$;WzZ#C_O;#suSWA@+p!co(2IlXs4vV~sAJ1Y4dwWjCjPG*(fHpjZPMr1x^~Hl2#Ky(sW5tu??_$4QLOzZ_FOJ0kPR1}g z(egdEFWPZEx^Wx&@yI91#|ulz-_3sJB_B)Bi4Ew(77SwVPmzyyw0@udh7RmNFQzXe zAID)B7o%kl`vKbVEV{Am)8yls<>aGx1^GW<{XI=SHlY*8){~EuF^Eo#Vhvh@=KEUm zaV>h$_6+&BVmz?J{qQ;R(X*O-+=xCrh(SD$ zQM7)Z{2%c;|2+Aayq0`Cj{$7|0{J+mk^FtUPNE%qf02B&qaT-G2%FLPF~{+BSx@M|-RQ*&7{J^Y$wxn0e!}?`+A-BnJ{F@N`+S*vY(}Gn ze*P8m(YuL!Z2v0xcpigj-Aq2VqV=boFMo}E%ttSJF@U=fri-9rA)czr+{4*3T8ScpC>!yvB1D7K>YAnS1}`M3nV*o*-@hhfb6FYmJ&% z72P;s8~NzK5H_H3i2V+2Solry@gVxJ4TBiPD5eL<{{_b7VF8=l96R5C+h` zn|utQ_0ysAN}aWqv*qwAo*B`QCyDJUo#&%(E3C2 zu?7RU55t(Vm;9s5hjv_!ZVaLyFJcJGenkF%({Ip*o#@2uedMDXgSZT%*!#!ix3U~` z;FA61<7o_F*-yyFgJ}5;$MY8Q@i@Bi4EoXdDf!qRjbpsdp$&7mN98>eU`|;L#h~V_vlPZI1(GzG29u9FZYTdN{r7|9Vlcy0Qs2m2>EC!Cm$;? zgvZh7d^DQLzevA92d3^OAE$qxd|b4L zeBAv5^50L+C=ISCSD$8xH#w`B;iR+=@XAV-yD* zAwMa}=<{px(TZLy!~m|xFh5{O*8yq2*@kf8(n$ zI}W<()tDPg(2uJzgon`R%kq<7joEMvI&mNR(3AQq*Ucsw>1nUVqUc5IJCckMcfA^O zU}VIrF)#MMn|$1bVRUDZpThP-J4Vor!$y*iB^W{<8t-I%+sMcLqsYgULh|v@RPxa` zgM4g9YriC8k&}G%l#`FUD#*tHmE>df9P-~qo{M}ufNmT+mweoYA+*jTpF0{Cp$!|* zi31)bAGcMJkA>Cbqi+HE?@lrtZt`(2dNKPk@^LeUu@x=-lZ^f~S_jde(1C-#PCib?0M=s|H=^ZM`so((aXPwjHTtmwLzwyv@(0sCwBfkznDPViamSCz ze?R;2LGp1cI&s*~$;a)7$j8aQARkYm)ynci+X&5YzSTh}m$(J33-cH2QVKe3<;Mj#v;a zmJY77WqZB5BW4|*WK2W{E=Mn>^zVoTu=$n_uCq-tDsJnDS?;8acAPkbeBAne^0CZH zJ~pC}M!!WHT0THN=AjRlU=Vu`B_9KKl7AQT-%UOS(2IE)I0i#lhsFn!jEiW)0e12+eKPsz#UOTK6e}I%r?VeDL_Q8FA|Iz=0M}v|ThMYh zueVdl#|Cs`?jz)5dpY@Lc^3H@v;%E8WH$Nesw5vbVGzR@#ldsPA4z{i2iBt(EiUqL z?R@faa4q>Z`W4zSsg8WyxR87-Ttq%DM+N6Kc6HY z4=yDitxu7UjTpvrUh?nZIQS{@u?pSTgnqoVoO~>tgAr=*M;p;kg@Liy0qgJ>B$L%!Z}t#KFn0#eBH=ov+1$*zaAh#iHm%>p1e!ffbh5 zVqRQ}0SsXnOW*xk%<>WXegD_E{+0gq9`bR(0P@Y@7{bQ)l5c1K9Y{VdMJMh;AD+h` zrrkn5mZSAPULVkb8*e2aOW#jEZpAPTvyz`j&QS6(?RN5U#4z$PgdtpZ2l?aKE@;CG z=)|1iKbRFjWQ z=*PwdqO>TNIq`zkdK`hK=%{mW_iiS_T}VHV!!?j`FH@GX8CFIF{OcgbbpR~G@d2@LH1L0pa;FU0|VHB zVYK?lpGq*AN}jd$8#9MsxOg0h4s9ie6(yJ9|P#a(-_3G7sR(_6rY(>jl`p+uzF(2J{ z5dE0+Ecuv=#yskUHVmK>Poobf`N+p*7{z9^K1v=s(DoepScL&Rh+$m5n*1vIJdSQm{UZ6ea~=8Ef`*&^j5a)tPP~LZw0wzt4EiInPIPZ(y2scrnwSo~-(WgS z-o|t|2&0&e)*9YVq5~c1#c~Yb;%`zR5TI$%Z z(2gN=;|cWRISgT+9kgd5?L-@nKqorBLp^Z~2C)^RIAACBT*P>EU;}#b90qX2OXQ;y zEswJu(2lL>#sSUbV;zQYI~pF2cW6WVcgaT|`mlNz`RK(c?ndhqv>P3m{XOz=3kJ}- zn|$1cmc_hJL^}@uKKWRVeyqa~y7!R(B>nLRV9Jf13V`Hf%sAwxADtzfL|5#3*{vTF-eWIxyuF`B;bnT#jK3qUD(+<1pHB?C;4( z*J<)`%^%3eA!o>6$?GiIFzb)x;|}!UDGZ`DNc=z$lhnBL6woKRPfs z#`3TVThNbD3}EVN`WMVyD z^hdPgQFP<-Wb$zrhA@i87kHhxnS6Ai6E~p`d-o+D8!?LM?;yXC<)Z`7pchA^kdKuZ z#t>S*$noZ#dglfRyJpdAOihkRU)emspKOdUY}3!LAf4VR-6gXqJH7{uK7l8=pO-N1T7 z2Nn(_AD3eQgBZq(XnB#>fm_JO<>@HiS@VZ4=mEJi2pLLVN) zAX+{^zBwMPn>b#g0}rAXlZTRzZVcmcw0xC%q8;;ZCm&1Dk1h=1CNws4{)sjmJdAw& ze-zzuoYeXJ!0}OAR+6!jm1HCtNk)>j(#>`0R+5oqC7EB6m2@M?NHUVMl8lwCoQxzR z$y}1LlF=n2$w-%xE+gsYx^8dUt8R5^e$W1TKK6EJUf=ik^ZkBiw%?jxhG|ZJnLaPD z#(CrPf9SeqjFVrk&zsC~SXiGS2DA1n#+hO#_cO;D%bf5E{U13VhB=VjoPkN7)P z`vx;ivdI0cal?d1>dm{ICq~)uD$mau%yR>)Y@F!le(ZSI#%)Y;>Z>2AXIXu%bpvIN^>|vIdS>}>9&$rL}BF0!_l7Y84|J?IdeI8&veHBx`^g6?~9_Nd}UwL1}GJBXg=yjMK zzxH~{$RX$Dea;U@vhW-0%Fcp+zhLaQ?rSz5c0O5Q7qbtTn~5XVpDn-hdjJDRtqY4B zvdCP&_kTxbd(rC(Lx1r5E~{L|+%eY$lYewQFnZklZ2Xh?S>kzipD;h;e>VU7&0jJ< zYn;yfU(CJ#%pB<;o&&c1*A2&ZovQRcZJO6He#?F|Z&Hpez zE9_$StofOE$oy*?7_X zEb%9y8{Jq*|vY7DdKGv;7$opoU=i%hV_ zE=KJe>Cajh_At#F^K43)!+sL{oONL<+nHdBT`V!Z-ny`dA^T2^ZEX6yIT+kvUD(Ph z6Aapyx)^8r3)Y1_%(2EYo9;D-{VMoH>%vwhnP7%ptTEkbUF>H)jIzcKHhsw)3~sb8 zY-OYUF2M-9m}2_N)`dMRvBrKjZ8C@bF!&Yg!d7-O!2-J&v`?ltTNm~)&Kf(}^i^{( zn6@tV(N>0;V2oYNF#R>_!XDOGW3&CXsmmM;e%-pTm3byuVHYFz;q(^k!XBnrW0pOafc?FTF{Za!7xpm2 z8jEcDwmIzo!TYQWTiL+`)9hk}>F-zReAtqWV3Wr8JkF;w>WA6XanFu@wT*|ggn4F1@<{N3Z(!UW^& zVvgxO)`dL`obh;u+4K{0Fu2#cu$4t7SYsEX|M2*qS{L>(%^LG;%9-P=$KP*V*vfV$ zm|_=8Oz*QU>|y93k7pa3er65^_gfdXvdRR5=RBTqrhjf-*uxxaEVJo=IsWPKzpyTB zWs(VI*u@&tdFxW~ct%-c2b+Fr4hDOy3tQRvFOO%0T}(0kE9=4@mRMsyn+}@eyvP6A zy0DeqOt8Q%2LJ8xhpY>G7-x;0Z2FBk7%W(q3m(rf6O6Ho8K!@0UD(4KYi$0H#~(Ha zgAZ62wldEIE9_$AqQ@VxF6?27HD=lLJ9992)Ve(E@oZy)33jo-^zW?;dl;;GJX_dQ zGzWu!ur6$6nF$6S@p#6VK4x9m!whRIvgwcJxa9H2tqWV(!35LnVuk5HS(isWo)OmA z&ZZOQVDQh@g{|yof}zVE&jiyY>%txuSYwq zJxs91ZZ@4U2ZR5xE`1))7A6>H7dv^BIo@EI6VICK3Ga^?=2pgdj7i>NhLavLAD6Pm zZEU{k_cBH~;GFg16sEb1d2VNgC)s$-?@#}cS1`pL%^uC@gJjXbj&YPbznd2IkxtD={@6Q?Lh<}@(vzX*MX1I?< zUSy3UFPQ(o{{4ngu4e}iFwINMbM$}A&$(>8;omD6VGrBc%M{04G(YFF#EtCdA%>pv z`v}`O?qTzD0lT@G1s-OV*BQL&_lm0dxrlLgv6Dxc;|-QM@e%X?&-ydWt&H&)lf1m$JrfY`$gv8RdXS&Ce-Ja~bp8&I(Vmv2Oh@o1d+0=L)8{gIS(ti9;SUKc_L| z|Nreuws98|Ji~4d>oq^8v&z*BK5bxNH(Pj)aW*|}e$Hf$Ygp!91_lfaoM)ILYUbxG zCb^Co?qiV`S>wnn<{vmPFo#jDX9o{3%}dO4bf5V-myHbr1NSn*9=5ZWDUNx<{G87c zH?p6H7#cJ%(8o58yJ~(eU^h3jz{9NaI)j4;2F71AKNm61E_U)LbG*SaCtf%I(+36? zGt8}w@fef5#SAAsX?`wcjoaAVI52R6Q4Z)gKc_IwWz2IsD?G`@XABGs{;&Dj%66_` ziaVI)X_h$ThWR;-p&{0vZQR8K&#;@ro-#kDv&z*B`n`8ITX>Ff4!`MnIplxl9qN2D z!i$V^*e%D+DJ-yQ_@#R2S+1A2T&l;om?>^&j%Qfmh*_6>{_()T3 z=dS2;KU1tR#|a@H2eN1^|_dFZe*HA*XVP= zr}a6Fp%)ActYwUQ*Xr{qbDZ`WeJ*8ir1fBwO<&aK*sthw%UAVTV&H`X{oSKJ+Zg95 zraAa)`fO#5D;OH({$Pw-y7al1Ii6;P2tt-eYPCX=g?p3v&7KLocA7mw*N|>8xQJp2P>TXYyEKp0}C1D1}3=o zus$!b#BmSkzkFa|2_xKkM4x+^=D6SKa}H}<%~04n|52Y!$MrdfIc{QwhyJAh3O~mv z=bX^zYG$~dC7%0>{&=rnC-pg>ac*InNB^qNbFAI|{we)ex~>@GE~dEuL4Af#>$CZ9 z`V$;aS)UWn=yUctect+~KD(>>ud)uk`W(@x&z1f9JpNyOHr~+Z42C8S45S$2zNhqg zj5$ufsn05duXg|aPoI09_Gmr9bpsytdC2A&_-MVvC4(NV2O?f~2R~Ym@YK^Et;acj z=%YRl**dVmA;CxMHBNfLqxH~h%=_v`>oG=O`>4-D_WCj9(Rz-{-}-31!W|!av>u$K z!zf2~=yN_Z>|lv&7la~o@1k=B2`b^Mw>JDK7U<{0SG z=cKRew|G3GJj?_yF~g=U`aJ$k{WnO^m0AH1%oj2ft6BqZxXO?=!~BOmX@meNI}c&lL>La=sX4l?jgQ z(B~wUc$R^;djIxeeNJGU3s&f}f3-d*e^Q?bhGsi|jPYDjpVyh=icjftD}!&dpD@ZL zpVMcC8J=Z{&Fl5&xKBT?&&7=M4AUI2L7(GUN$$@}#=jR_uLhJk(hoW;OA$GKmhlYXv$+h6E&SYDq~f2q%&9{qQj|JV9#V~QJ? zV}TX+9nzogb>lbsT+ak|GsBZCaqn^ccl*8Lj6UZ-q|ed+)aL>gxRo`YVyNBq_%D5q zW{O*x;~`dfk-_)4um7XZ9S`es(?{hse!tAie>T#Y9KUPn3 zO60M6fs>{@RJ`w zOmNXWeU@0_^mpkmwGQvoXZY9pT*5RnEbuIA9QGUi54o=x<94QalsWdY!oY9!JKQ&n zGRXw@GsBCA^?8ed4|{*}fIjyz&R(WD=db!aeM+BGPU|nT-erAG`@23*GRLK7^m&89 zkJv9B(r1bZ4n3#OX)JLi1IxXRF~T#9^Y}mYd65MUtLSqvLm#z|FvcoVjQ>lYUFY?= zo52<4|F=GuFu_gCaAl~sUgEBo_SOUUct1F{w;th6##v#Sqh8iqFL2Jd-g=Eo8A{mq z8ROuW_tsOK$Q-wad+QaRVen(#PrstK9_2hHc<=b$dWPFsV&s+jE1f4sxQB6WyF;Im zJN3DhHJ)VXcvOIc)!HKy6T%KJh_+0PD6xXbf0GNZR%W*1vNVZUYvm%O>R z-p$}l&&OkI-`Kfyjqt@ZeWH7S!6$JoZP1WN&7mZ+{X@HWtvmo(p%3n$qMJp z(n-2M7-5a=ob*=bm#bLhuGx-*hZz2pf4_N~pW_C0GS57Ry|cGo<-&Q6V~u_5eU6v2 zmh{%Mj3>>{QD4&iwEI2nJTUn+$H~=Q&I4C{y|>=x=QgqE>*g)`oW<~3zt6Cp``F2g z%(MIrefF{WGv0S>^*mg`Bo8yot1NT*Hyy`1*G0GE-~o1U;3`OB zyi=cvALw(%E`2Wlp+2`~^;4dYZJhWcea>f=>sV&$r~03>j%;B+J2*L~&o&mh=6-#4 zF}&XWwNIa2>|~XB)_$wc=HvRGcR&3}pF2_I#l|l>FaOo&5q2;+ z=<#|tXAFM4UgUB1bM@07uZKJB{CB0`oUT@s&y6f{ANzTR;mwXSq|Xg6(P!Js^lyL7 zDhq7>s^5#)#?Ep2Jj*Okyj-6ZHl|%KVSUbK2N$uMTUlh5{XE0)*S!B{J4e4lpL3b# za#opPbC>rkY-4!5J{K~}4J`8j8^3OUe5F1YP0;6RcC(j7j(C+mr!l<6`_b3wbHh}9 zUY(}T$Q}Az&gO48Znp7ERG)p!a>Jea+{4DLj*~51cb7h=&(Od9HH++FKl>T}rgfgF z&*|*sDdu^TRgS$|zuWI?@7Cv`_vkbIe*N2D$MxB}SpQr0xek5iKCI8#AJ^y1Rr;Lz zDSa+qtG~_l_XT|p|Drx)%ySc~EVB9AuBT3YHhoE-8<}O1We(n`f1lT}E`6^3x<2#l z=2aFM*`m+I-_ZY#>zeKCV<$&$)#r3p+0(7R-TP0raniT+nP8SXw&}BnjoW}mpykDRD^ZMNSOZ^@8 zBew87J2<*Wp9@*!=3nV^7sKE8{`sIjF3t! zom@DgR?jo=f?B=Gh8NcA%|CIyzo=GkPa4ad99x1?pM_6WiB6It2gfT`t!P4 zy@ji$=(Fby`aCmLpL?e1^YR_~Keb;*^|^?hJj6W5->J{=UHUoeK0}{3?$+m&Hhr#S znK?Gz@49=7K5wvtD`)9*8;d;5ejb^xzt5cS*5_1qGRZu5x9jsTn}6ot<=&&u#Y}P| zvs}7VpYxXK@ArDYT%U(Os?S^OX6p)lCfU#3_vruJ&#|4Y34JbRo*P-^@zweV{2u&C zea>K#DQ3AZsn26<{Dt-Vls-4GgL~M`k)PJ*S@yGet$yBdvz=*n^6+Q$d4^TaU8ny` z-)9?7Fv*_v`ds^YedgKN<9=cbBOCO&_zU`6!y<>?tIx>{|H|>Qoj2LZC7t>_@g;o@ z*{FZe{>?USV3JF}tk3RE`pmKM*RGeZ=rhI+CfUtPU)AThv_2Oze8~O8cAos2J})uP z#a;T`$mZWT&unAkR(&=z%Xus_&BlWDVheA5Q=cQc^|_fv9$-JuG5lNm@=kr;$muil z3w@qtmCbqm!#Zr^y}#7wc4j%EN1yB2_<+|zws8L;eQr9h&!PX(=Na~M?M3|~-nX!w zZ4c{n74yuo%FAs2o%34N=YmJ{xsq94Vwp{s^pCoZ*}@r*>2n^tnP!p4+0Vva{onif z$Mrdvojk@o`&i}3ntsvqUDfA2CYffI$603MHT^&Mx&P{O_EY*?cT=BRS>&+)>2nIh z$Lu?7XKBzCe>dyS)O|4m3o=Mp;zjS z$937lPIj>8Sy$@aJjo(w4ZBkB=SqhEWM5)CkG)WzgGcFeI;%{v`Go85MfyC(B&Uzo z=Q5Vr#l}B--45wz{NVvxUoFsn6Z)=FAEDT+Du^+4fhjJ4`VADnG{-7Py;L4x4zz|6ap+ zU<;2j&gNG;UWS?DHkNsdfd{=mig3-hmayqq-Iaj?iD z%k1Zt*EwH*bA3&5z8HAD=i^M4*v)=s87jMOTlBe(3D%hBm{xPKmCb**u59BOCOP1Z zo|i3C9Vb_@@r?VCExgQ5uDrwCY`fFXam93V|HC|s949+IeZ}VqyFNbSdAa4(EkScRDYey32Vv=RVAumq&IxFYMdnd^7Y@>&`Lv zJ3ox5VblChA*XQrd&r?Uu&vixfGknbaJo!iS zbM2qZ&)t7E|G&(8()=9up!wNWHa}0CF+cY_WPWa}nE$-r3;%6?F8h!9Is9Ss^HA0N z9NTMtuB(}!r~AzRZ_jhp{G5N?{0#J)p95}~pXH~_&-MQ^|Am2pctc;kg-f5&SC2D4 zq_5t|i$nW-KC$_m`s!uwd469#@E_+Z)K?Gl!b|$J9uhRpU*4y^_0GPp4HaAdWC^E_0=06cHXA-)gzo2 z?W?zQ%k(~>^`4g?Dc(4U%i_f z-riR)aQ!>_>Q$EJ_SJ)r*ni$-ejcB1ey(gcKZ^^@&lL;J&*h8Ef641m-2B|n7&m{w z{EUCl{A}$oKMyW5KbL*f{Exb??lC_vea!rft};KDtu{ZWCe6=bYs`Py`<73ep94N) zerDI1pKDU)XK20odGzz<=khO@|1rn+Me{So1b1|rpR2xNevbaC`5F3}`Fnl+b@Max z4fAu>H_gwX_nDtv+s)68jQJn;{5#CgIo~%w6Fbe%t{<46Q-5fF9>|)XD|VZ|W?%fV z`MGb8`5D-2evbL6`I*R>pNH-@{}tzVpZU4_XXa;SzxmnwbMrI!3-dFc_xyeKH?}eH zOUJ_$vz*%F_<5O)PdJai@_anZ6wflt^#?s4%k1aSUpt>ytrOe0ifL|Ufmzmgh@oq) zXU2G$DK;N+{y3WzrWm|_`+bx1z*52bu*wXtvc%W}&hwM5A4b^EIL92(=VBIk;CK3* zd{n<*hcPZ;ifftU`J(QBy?^o!_4puOYCFdhMzm;cs(w}h_5Fw&K%P$vcMW^ zZ2qJEQ|?p7m}ZK{nPbCWJRkQnc+>HnbR1mG1k=oL2TMH2!2j%vjIhc$hyGQcQ&`|? z)_8!STh0?>Y&xaS3CuCh3b!y=cl?ZU&x86r!VHi9O`k)``aVs(jSa2`xzY25D1>t=XfSKgBd1S;vNPDHUuh+@ZdxGJjFD# z=k5J}34J2UL$P3Aec;R%0d>%0$oqTc+> zhQO%7Pt-e@V46pmXFn^P@bo9@jYF+FBV5ULZeWUAnPrwWHZ(rr?{57(W2`a7)H9y& zcef3JmLZ<^_J3z^SVLgyGoSGHwhe(!CU}Y&t{VD;zqf4&grD_q*!p4$)@`8<8jVv1{+<8D@Xk-^~&fiWZW8E2Z|=R5yg$_h8I@p%nC zS52S$+0Nrk@dC5#XNeunt^*Evf#VqA{IZQzrg@bGCPzA6rWty^>;Hw0mszIRILh&I z3oEz3ev#vCZV0Spl$V&`_!m2092(N+at2=D_!!|;#yRRG`fO)`TUcX>p^@$@#uyyq z`PjlD zQB(9emnC*G@QQ}OAx3zWagKkzKI1HKD{DN?(D;VHfEInWFvS(jaVIN0!{94jUvJRo zOeVON8SZ0=RR$*5*IM;Ck8y5fngtekoi$E)qyDSB-Z92*rg(xmHcZuLD}xhVKa6r0 z6Fkcdo8F|)HU?g8KV^h_80UGW**s03b6DdBh9X|q8DlR~9CL?0+gage24Ca#g;CyM zf{~~`m$Jld3{0{wFv7ui>a&$;CRpHh)_9$v*LuC2uFnNbF~b~Bu)>=RPWHNcmp(g~ z;C5zsiX{%1q5nF^#R!)(&Mecszyd>W*5~G#`cv%xck8pCDNbzD=Mq-9jltKOi%|}K zi$13^!(}Y7n}HU`%?KN2>2osE>|lXgS>sWL-rzcAjAP%b&jrje%?gh)*y_A9%J6J` zE@FmTSmH4T-snDin?9#7&gD#V2Ma8-#$j{xr@GG=;~J)zV~!VD;i$LkzsY^ZC_9

CCfI8EQ?H&ODXD7_<~4GLly)s5oSVAP*VGL$JZ23VG2J*~Cf^ zUa7))E6b@PMzHWiS$%XKw;B&`hN?b@jb>iFZ9p7P@=a}_CeA!cWG<7>+FbMzB(n}t zQ=5yoFDP5?m^YszoJTp1;W6TIh3sOuO2A5BQSP7t=?D52Bp*jwbYNWVKvEDwBqvy zzd;-dW~<(wU#L}%&WkP9Q<-o+eKgHrwlBrPJSPv~b5ko+Qj6L7%2JJktX5ESs=JwR z<|1FQmRKfzXkNNrMyqY+yfo9~A7FrL*eK;k?#yTJW|B=6WtkZqpEHYZ-fRFMYLsA~ zxLA~gS?Ww9++I#yV}~DXM_8;ZR^0&$oK7fTx-z}Y0b+x#I-@g?@@5x5yy-f~WXcYtbvtE8?st9JQDh zk0T+NR$m2`vX>AluINhDv_5rbuo$5gsmh&EM4`ctzNVMOCr!~P?Pm@4p`iUk=6D47 zsqTUIX0i8*3#C1!JH7=kY21d@qshz_lc776%&Rl%fhD>rt2xH&S*F*c-T`-T=|Mfu zc1X4~{mcKi$(t!BAgWeE*SFFgX(vf-Ii#+?-5GtbRZWXzsRpicAk-J(&Uezk{>Q<5O zZ54Tq3=JnPcw^br;iJ@+Z5=2jnZ~tKDjv#?h(;!K&O@tN<|u7pN{Cfrk3=~vG=H7 z)SNvUN)G4M+=1H}s*3EO(BsC936iFZpFtJ@Q-AUL2Ki1G;WgQEQ#GU>k$MO4oR5HQ zMNh>VagHBO7u=jlQ+sH-v!st>pB2w{;eyfDQG)1;Ib~;1y&4#6LFtXiGWqWewYBG$ zziOq=vjFfAp_jGtmlK6{uGRjCzVBS=cdV5@(huiK-@jJ+H^vWp^BTIKtI`TT(30XK zP!_IHpEc<}94D&MEy@1ruF8c@Zt_{Yh&%!d?Vialb1;jtwoF%-J+0oH z*JV?QbHhM5s6~H@h|sfBjwX_mMS6^N$;AWh;yD8shQaQB>aE;^ZTTc+(F?sAqLXEe zx=)~a#BWS;B`PD2WK=GRXOjhWeDS>lfi-09b~T_w@OaI@HBPG=(lz^I%x+JANKf9y za-|b~i}VpXnVOAmGZVK}@_8=({1P7!Mx zV1bM9o7rr-SEhV(h?LtA){w;EF*0ujYmvaG;vk2>;K{@A5vTU%94Ht4d4SKr*D1(J zRxieW5~*M8E7tcJ)*yxs;_VeA306n+G$3Xe^s}mGX{ty=`(;!1c4Ub>j4DXP3J9mI zcq8KJ%)x>Ub}6@l&_fu6UVYOIIzu<4N6}CyE{i2Ks^U;4tvdx;jnAvXc@RYf=U>R; zPUlx9(50f01Sn@mC^v-i?9BA!Ao33jIU_It_uhyck~-qg-e{C-YSv%@nbENgTtp6; z6m#%ea1Hqltp(SR-1>Iz1q@#EjIy#PwOT$m?rlA{eo zts)Q$!{{iEfj5jllW+XymL~WJor_$aVlfbhkqT3f2;8VF%7xApS}5L>)G}R!j||Bv zfJKfWPGK640Lux=WTo;Ryg-zG3ezb6#?mLlD;}WnfHks*(8v$b`l<*Ry%eH3g?39r zJ6kQzsP}Xk?oz;F+K3lnbl=WsB>gS@?;YrWueEE5DB6?EvmHj!D{c;)l{#$Q9HJOA zqes(U9ohqD_fGhOYMM~djS4FcXy1UZb#=9bx5_Sb+mVz}c;*1ng5eUXim(V&_!xzkRa`_-76L_{fWOih zqB);0gkQ01(g>t^jKVi-*_yybqZ8z>@RD;jP|GzXh{Cs0&ow59!bdfCjd1S08Qv-P z97H^f!Z&LF;*jPo3LjMtwt|(oD0~b3VNV0P!fdzi!1yedOfd(lxpM#XG`3$1XCuyi)!8!Q z_G)*)j(UGfjYA_879V@?`%*502X%PP+rHWDBctQn2gmo#wuBe0ha9OG?Ej7?uy|=I zNA$5A`xdo%38)ICGPlg?J#)=sx12D;QFc)a(|Le<9b-AJ#+a6)$7E-~!7Q(s4*l-2 z>4Vllq&4lB3oU^SdV+;3BF@_^g~WY<}IzLCQsW9Eik$-jd7W z*u)*JmFIN?Mmb+S?yR8W2&H>&Y<6TqlUN&?#d|beXa%rZB)@xZa(b}72X_n&ta-ItzR}- zb+i;ET)78_T&WTKvx7ngEjn(|T^U8Ns3r6sHjXix8oDtVbV@uO{>brz(PQamqv?`| zSXv*l`Z32yy2TG5UjG=JGsx0mW2T*s-*f~^CA%b(x{KNvrM}|HBDW)u*JKH5m$I$k zjA#3H-!6^gbW(F5&VAbM4&p zToe%&Ueu&!D|K|;B<9_@z&Py2uil!0Kfl~qX@1?4iZrdatyNSt-#s#>qfNg@KMd;; zY)H^XRI}@(A#-)#*yQlU$dDt5j&r5sZZjlU(;wZEF1i0ZOlO9;;6GZPu`QSdT+`s_ z9uv=-pgd&ho`oXJH?TxZh#B5CYI<;XB50E!)RYsNCt#TSX6MGmN4a#eU&L5j;KnTrq`bY6^3I_e z>zHJ)733Vs_} z?YdEc10gBIRQKeKBi7wS5Y_Bcq68~C0bEP8=GcH~XJ|3Bz9$Md#O5ZHr$Fkc5=isw zkR9=j(~V^?N^adqTdpP%O3`$U)6My$3rxE4(HQNxWJVG6(Q4f7Q$sqmtfNjxLjWK2gLpTg2aNydf?1jWoXtN_2l(Ci15}*R zUd}ULkgK$U%K?~CXAz61eR>m-Lt_wj?;F()?!r5Gmc0h*1kqdhP)*lq z?0PBGxWbhsinXwGXvIQ1jIlGJxal4oSGHzZN{1pSC?@*QJ^KN{fmxy&I8_KoVR!~i zr4luJ897+N`KZc6f1`LUds{s zG~fRv#W1dCrhQd^Auzbbb#&2^)To4c}qI z%WUY|(4~Kuecx@v8*R8~!w=i=K^uO`hELn@4{Yf2`&xImDtHN9?q)i(0i_f7)DaUtu+t!Jd6cQ{e7~Y3h8Tv7@<$ zSyky#e{Yr>f!Ld(E;VdJH9vP=7%DgPR@@kP$boUfuHNKkAornSqpBRE&&olxW`%4X z!@hVkPwb!K$!55pWv(0rW=>NQZMvM)t2caAMg4A%pO*uWTIILR=C;k}Bx$Z(%W4<(CWv7nZmMxwloak-3R(EQc4S>`^_vtOm zhCzPzJ$H9u+}yk4^!hixmNt9^zOl*;8!t@$;OqAYb*P zyy#c^v6PRbx0ue>Vy z-D?Slr7&%^RE~Y+cKPVng>3Yz*y8P1Ap?IoZMvGQ^*xO@ROEXwng>xn7{V1bT4lhi z#+%C~w{)b~DtB|Ph}FqdxhiI#!{Mu#@xs^b43F)yOR#4#wZNJ3oKY8NmU{Xz>X=xtMNjU2{xZC6F#fYZk% z+1=I+!kGgDejf*p$QjtuGm3liloyMAd8^!!E0x3%n_(H) ziA3Bjm97_k;^guRV zKr&oc56L*f?vV>8%!yv)&S0{#N8~$GW)EW^fNHo(o0()g|I?+|&V-uHyE%R>a<{f8 zz0{Llc1PwxrsB+n%68dP1+cs5hHZX}h%F1qPo5YP^iR*>9bOKfI7TGOViCW%ZI>Jz z*4S)lZFi;>;cF?K^KzxbyX4Q+989}_0oMuyS|y5O^C=$l*LHFCr*7nxC;JO|2OJJr zK@N;VsN%|O9PK$Xs&cszBpQ&SaBgaIyDxsrxKndS&*y^0FsBx2}F5y4JMiZG=Tf{&UC z==@YZQvYTs!|2Q;Vi4YP&_g6Tj|+#gzm{-eF9nccl$^gJqBnAq8S&%O+>%?a8jDh^ zaVj?uGtA5d&O**&CbI@822k&gzW!Z3eb@9B%ZGYpNFFK4+|wK2Q>q%luXrM-*d=T3 z#}Z9BrY^iog^vX73RyoVRjNmhjOfGmVq=DWKm(lkZ#am|6VxoY4^CzUXpb=<4ji_= z!ev--$mWx(wQS=8D#~hX00=9^0=v!m1?=bCU>?V7if630RZrGr5)%0^SXUW$>ByWO zf@0>i+)H_+nUkb&e&INd!%KNOs~NDSztb0*_356AOz7Ltv*D6^Z%BE^1%t7eihch` zL%ajJ*Tz3&!~esEkJ|8Y8#=gOv+uubLzj;WKWpRv+Zx{;-2brO|JsHx+tAhH)i+4* z@>#WT=L_%By&1lVfj2SmCI;Tbz?&F&69fPM$G|(=;&P3var=cPew~fD*uJ+p02^9= zaH~mPHco7^l#;8S{o=w0Ih?_&A31k-L39WO(J0?~x%XjDmRqQXH1xRFiZgp;Uyyf; z=WV;($Yq{9fg42vVUH*$W9yFIidTe(xq$jPc) z_0UrE$c?Z74cqGj^$y=94(%kh$<=oU%lo(No0b#vW^Xe&%lY1Da4n$ClQbOJJ-5UL zkRr1Ail`=JQzL@9pA+X8+3k!N%xcBmoQ5LJ{=^50gSVwzse&JzZhxgNQ1PW@WfD13 z0wkw`vvv@x)oGShg3IS$lnHfOs~xh&&U3&qdh*&KmIit~iX8S~o3hbWV7CFdPMdSC zMi@A^z|oWQ2H0@V1w^dGBDm6X$rTy4XhFC42Jjm>m4<~~m9@7w#VXg+-Rk=0_Uy^> zNY=gCvWowJIJh!8-$jKk7b0a&cnb>sl z5`pbNo+eWqrm2^V$qoeBY(211;KZ-Xn@oL>p~E3odTxqnO)(U(*|<5ebNLZS(uZXyWhCPAbrJa}Tz?8&npwI4si{f)%+dRBo!4;|}sid)>tp zqD*_gTT|;5AjWp03qd)fiR0T)7a9G9L2R(`L#iT$h{n^;RgJ|*B9{fbvLTe?*USTm z;Xpr$s>taKfi@tTZ$pPsXOp|!O5<`j@P;e|bJ*I@U(0npD50%pz$~yu-(u=Jk-{S^ z&DlL6e2cs-Fne*}2>8~ipKo(gH*C&vBS+-IY#G;kISHfW_Yc^kq0j~N_4F@SxaFaW z27uR{J8G=-E!>U>Tz}8b9Z^711#mkfa65PO^vCi;!|VCBL9u;)0R}wJo$w=+XOCzz z)M|)X&b8Fvgs7F==33n~Cn<>aIzf^1F-*w<#H0^8ep+< zajTc>7et!}`;X@ut)HAEa6WJ&P!y*K!EnXk1rbGl(fmUCVqai}QE0D$Pm7vccMRbI z9o#?T2iMf(k8ac9D%bM1xH*2SIW(U=k(TI_VQ$~Is)<0cN+XO8dO|{laCrZ4` zyqwo4r;E;;?ZMJ0+mwcMy*n4pPVt6xYW@;#X6KdW^6UolhII1kiqaAr%HxPea0Yf{ z|3BR=`_YTls%&S6DMYpdG^Arc`!+eonrMStvGO0~L`4ohDbLF==bnv~2!S-D5BNhV zpO-T!@8D0R5`lL;y;iycGt9hh!_WgBFP;v?Db{$ge!GGdq5p#PW)5i_EX=3WeSx>S7{i3Sz;RFY4nV59;6{52F*wy`B*@jHoj_a$tOD zg!7eQA3a5GWav>rh+JhSlU^;w^~o9b5MuVXkqZmvEh@6;c33!w8c)&GJ5g#bIkT6O zw~Y%NNx}8 zmOIp$N>k1^$eJ@u7q^Bai>;>TTYp#TaQT?)T*ZQ7uo0OjaV$~)plT6Ovo*5Boh;=C zNN1VGk#KrOfN5c`Nyij3zXjG*Yyw>0OIfZ_4QAB5T%e9E$V$zcWEOm*^9Z8Dg zUYvnkmVaR;y{72~x{ri$JVgeag)A}tC4Y`<&EYqugH{TF$aMK4hBr}*n3TN^PKL!f zpgb0hj1fHJWCW&cYN4iTu_Os2J>1+@L6A=Pbd`FU#oHLk#`QO~PszQnEQAYmI}I9l z4sR?~olBpCP6koi_i@u$&yaP?o1Go@muqzRk{(0FUMP4)PzTn2#k8~sc9I1pvPR=H zTjo!WzrZ#MA5lLQ=^C-N_Ht^UbdoWzvM`Btl=dLCg(UM01%+4&d%1Vx#*rf_QNj%P z!U%h$%f%hS5_v;EyYV38q6hm#NVZ?lEAyr7t5=;-0A<#@K33t_PB?+r^E_zmxbt@m z+#;>+Mw%z}HP+t-oXcui%Hy=EvaA}a9QW+VIFQ^0@fcMw$x1r(9(5Eb6II1*M|M?|)_F`U^t))f43Si#X@y4z zBqM``pJn=BBpiI104NwPp8Bg|lQuJ5*tL-XU`jOEM(H+Aek64@wsq7LTJOO3R7Pqm zDBHfZ@Dv=zayvS>xIP4VhOw_EIk7Q*5i(1BL8h5k;Zb*W35L-oBlE zeO_0(w<~S`$OD7hB=Tgkc6R}bN=C$s=({He?u&P=P?iXLjtWFJI%M8B^{h;Jk=3aB zA+S6t2Q(I%?R$NOyj|T!;8F}{cz3PD7#7M2*rptA>5tlbhAr_kaWikYNZKH4WqcAK z23SE#k5>y=fyi!T9@aqf7fOpTlz{ZnI|#Go3PhQ&Qn;wBsLZ5;SRA4wiIgk_F=5`l zzU73@kwpk1%R!YvZKa_``tAutC~2@1}qE8b9h|uhxbQ%M5-mLzA`JHtiQ69 z3$w-9n|wnrHgFcNm}#`Y*iPIY_8`1184y@xwQmW5z8KipcO-rFfb2DIO>7%Gx{aXI z$Ei6xu3ABrCl7r*?BJpQsud>>iMsNfq!O^B7+U{zi01wAz6i-l%Szz@M!zeUQ++vS z%$WmT_{o=?R&16LVCKbM_q4fD7mo3j5XxjEBfT(d-D^0RzR+e%iRc(|0}4pv_NyCnbG7jeeNAZ zYQ>k(S2s4dY(Zt6t#)*DP*=B}H|bR0`|Tw2=8WD$s7v%7qGU3f500@No12y?Tvc8; zjNN8RH2Mxx9?U_sCehR|m71I`Y^rT$lVTxA>W=$}Y9uM+hHU;Y!P;$=Wry_1B-6B< z-twKMZ>8T2%BPl!R7!I7Gz|b^g;CtxDCvS&z0Mcj)guP4p7`Z`VM(`^zkD6cvqdwpIYjIAxOnzR0)q_fQLixj4Kt zLmT~a&=#qf)(AVQ{l(LTS8;3G#XsI?W=uw;^8GPUjm!vYta;C=*kk(S;H7IvpA5NZ zI@JrEI~8sYE?pAkxOiS`k!zol;tG^>xE)8!(>r3gs7$VRQG;ZwvV-y>?L(x>O1k+7 zmvrU0P}8~7Y8&w5(wi+vtx8?1one*NYBA-CcXh0tu6484*TK~>8n$X@W4cz&ZQag; zSSsa$={3t|BU&;rjJ_+Y2m7ja!tRA*y`f7FmFatB zok&k0WXW9_+Fy~5T0uRbmR-5}PW0-c@`@zii1td?tRWPhdZ_Ra#>(hS>}+Fo5#_8n zZITVn6}kLIQ}Yo^Dnb*LO3kYGNGj(8+p`D+fd}!9!NM$Ek(1N*&LL(`?Vp(NRx)fB zZ#gxw0t%S*-nKQSYXUr(pq&{mz!GXhdF(R)J437(aS1 zPt<>FpvP~)5F$~A(Rq&51|nDlB$QMf-){M_RZd}2VTjRWu7@pWFrVUFBO2F`xd9CG zH1Ex9ESg2*6dnEM8YZX{A5t%za@?m#l${)cFAjNOBCT1AX~<+^YTMAHhRGvZTx4=6 zxPu+Ak6?UfP?^Cn$(?p`2y)uswbzdBideJ#Yjw{uOC$q3?e31c*6&i^nh0&kVE z$gZm*|Ea4f=TvZUtKpV%jhJxEUN2yHWwHHE6c6=!8F|EuCo`F@xM;+AE{ilND*Qg;$uT+^T2U;7q|{ zSTx_mcztqf&xrC^Rfk&h9<8~Q7uMXgU)@*b!>~h)9AVL;jaGOwQS?}c1woB+{qWD8 zr15*7v0=uB5AQbd&)d+XxOtBWUmP0MJ+(5!DZ4_Osb&TEx^CVK=7BZ$6^nt|Zn{Pn zGH>{%=bbOSQLwxbyvy~C;9PER1ecbhhZP0eYnAf$%2KMF-M+LU>)h?^)9%f&S@a5j z$Tx82AO_L&c2zw4Vg&~qae(2#xB?=K_q=uQY=8fy7kS?Qprl9s;PrZj=g0rs>-AF@ zBVHh!cq{g`=U%U$MI~@6;jTW<%M%{QM0*$E`l~$exWtq0_*aQ1JW2Q{;VHtCgf9?2 zM|hU-6~fJbM7j;c6Ye5B`NyxZth_J!k@fe zpOf%UDUa}l7bu7D@fTmOZ-N?jzf69Fw-P=?co*U0gpUw@Ufy4Mz5Wftv#-8hAMPaG zKfGSA5+47j*XvIb=D)>v!p*P0UcYq{-@VoPNy1w@SL+jR;X7f5@Gio;2u~(f>!%2h zU$R<1OZdp!R_k*K@_)x_{Yk<{esHzE>tfH_bUE;Zr>+2=@MPC&{jHbqPPmQm6~bY{ zO;-X(nBTfue@?!?d$qp#yXc4akPqRly?iHpynnU+HNulSsn>S{e--5sK5`B4-vivW ztMx|-U-%*3>Bmoe}V86;Wr3h zAl!5*aD-b3kMCct?_(RnH2PpTaX)ocap9TI0Y2VL54}>qA08fMy z|AF=s<_X{Gla6o~;VXo5gl7r!gs1)^`4H~@B={zLobV*!=10kg@HpWsgcF|v-xhgvSY=l=sKLC*fU$Un4w4cvimuJoUPq`Vwv4-szuFZ3tj?}YjPllpGu`ac=julOZdoF!8hSue*`|> zO}z+*2{->S{X{rHcn{%SgpU%wLihsV@#ksxdx-zPz!%}}7wAXAZGT2N+sNm?(;mXJ zgkK{({v!GJfXBZCFNB-^hH)U_8R|>8`EMx~zJBs$>P5Ke>*PncneY_hS;Dt&ryYL} z9N`Q9K>Y|O{*n3-p8O{Dlkhe2CEWDSlq=r}&k`Odd}|-?|1WqU%-4YI>_Jj5M3xvBbtJgR0qJEdx>s7+tTZkt-OSt(e`k|{{&l7HXSG|6m@Ki7L zAl$v3e6RLASfl>deQ3s8cjS_F@7#3Jh6mSObcw{n4!r5#f4vU+gI{ZS&x7<7zVF%B z>zAzOC2`4U;?nCc?p)b$%=@A5d;hz4Zef&|@`edtBVS454JR&{Pi)Y7+{)`EUw*xQ zvBcY-lvm~7h8FS11%`N6CwZ0UNBJl4OdG)uQt?jmPxAj2iM=6l$=z+!i6`3I7B(g> zNq#P|VX(85*zh^|#!u?_3ja<3|01E6Ok8qrTQYI!-R*l5e%mb@6PFH=EU{s%b0v5l z>6{9llbw=E@v>{3=Us!`v0Ea-e8v-fg~X-2lZ)c+R^XVlInqw+B+BuxK zbkx*Uz$D$KHqSdvy4OkX4JIx*F8H~(eK_IYz5eFJi3{2%)@@Aq#F53IGzBo}hhfq^ z{FT@1pO$odySwey#Id&aEkIu~l-Mxbxo95tl3)UmD)5&gr+um2z}tQ}n0R%4`{}j- z<3pVvNxZgxG;!>LIl?4g_Xpo3EB)p9`*|rJx$J?Byio6-Xd6si`ib_Dg#W<$!9@4* z3q})t_gjzAo|FhP{bn9fOJc zI`$=;ix+%c9o(Q$xuTAuXFF6#XhavRfk@RRrn;-6^|pCSI)hIql-UBsUz{sqZJ z@pg0K!F6pPGT0jLOq+-6rLBUu$ALfg7q8b>*7Fj!lm4;oq)oP+;Brg*huT}VbIA4E zS@L`0uU@bJBKQmXt-bxLw%=~(%()JPzW}n0a{JD_UjOq5{4?$Cm(XR>&tsjpB%Xy@ zPPfkzCKJ!J(_ivogaRdfp7f{x_B%_TA^qc|FZ~^KM!luJ0o|Nf-#*)xcx?Sx;tA;F zDgHgP{-(r<^>+mHGSu02WAJiAXY~2jAYKUiRGF( z7bFu8UT_n1c__$YZ)f;C(wPe473XB_9p_(_{Ldi2e{wB)9g6hhGo9^UxG?c-=Sbpo z=V0P_!WRk85WdR4*Z6mA(@5ez{yn&9Eb%b^PVnzB{ynkj1BquktIz=XHPE^&A@nD7 zyZ%D>>uNKf-b}pL5HEDNi}=@AXY3ICgmf5=w`l!eY-d!hT?ZKl_mJNiZ?*oV2>&>} zuI+aX_3Vv}gE`=z1pdCZ)%rT{7^8z{wzQuK`Ns{NZ9f)tz({A?VDNH%XWJu*XSXC1 zr?*UL_{$gB>(yj-Dj~o~NcP}K>efI@7CthuD?}Y-O?qlm`G<>!F z!y6ObL&_Ho9~l=Kh{Z5>+(njo$-i^8{?k(LH^SQ!!V970L1=kaY5Ixv%PsLpJC9qy zISrp!-}WO7Db4&x`L|z!946zJ^5gvdbX)tabd*2j`1@#Q+cVMkL7^G#e^}vt-@RJ@ zteq!X;b~p__mNo)3&Tx#8Sm73-9vt_ea~wBuUgDI2NEx)+WvrQFkP8xhn~DQ`fes> zq2p8JbK-5QP4b4U#~&vCyMb}PT|CJ8T;Shk>CW<#xx|TeZ9fqZ%ihkz!SiUR(BG~O z+W+>|`t6nvhUwbde`Q_bv3AB@dx|ibIMM#WAo1P^+ZlpaT7kpVXqZ6s0uNrgTE977 zpM!}PFKhdMf@}sm3&C@;^Tv2KDla`pK99X)wO%n<>tD(L72+@XzSa5$J8nNA^!xA=bB~*9R|b-xH(P>pN>vavhPp{Siktpep(m z($k-mv!3Ur%UBn*pud|FFJ930QZ!}qJ1NGKa`Ke(#O15?D=pp{#@`j~d%=1*{)VKZ z!`I=?d0yYBJ@-(~bCh!gz09w#=jGgd=GMd$Q*EDW$ySCt+b>?1cxq}S@yt{{@hsu# zsgDBQexbzfBX*G3y~HLH&reMzUYr_EoZ;WAQwM;mQncuyp4hrtU$OnyL?=iom$yIG zNGD^ROXoo*^k$5^Si%uL@Eqkn^&aS)XZMr%SEN3~Z+4M{+xWNsEsW>SzFsd%d?;5S zO|=a()QCZ%xAMQVYnQ;2&(BzTX&OhQy!*oTozk$;$N(DZoFOJYq>@cAPQm$o*-S{_SJePe5NJch4Sg%M5+BH5l<1#8$^?2XZtqBK?|Wpswj96 z{p9oSU9ETV?0&;MoFe{J;(uKt!}$$_-@Trqr=z23P)G5Y;|{u(kz|t3TUoF!U9(z$ zN+RAcA7%$X$j7lSt>>-e^CJ0-NIv!_^{*0t>HAje`&}fV#2+XAcH%$W5dSFg&k|pY z#P8<$B=LO%tM$huKCGv%*Y-lZWoi~oo5{|bB5&Hxv!p*k`cK>Rt?76elF2vE1{PyN zf1>~0@cz~MrFNX3gZ_r;_v;uJEeOz{PVn#$`8~gTwT`$F{3QNy;!hJVVzc{6{O5^( zwnh94#6Ls)PdZ@2E&Tfi@nhGn*54=b;dn<6@WI5T=r3gbE_^}s*S7z|bIru7+p z%Z0N)(f*0`4_t8k!n-eO|H!(HsBv_J3jCA6KZRag>opdvgC-LGJhl294fvw!0svLH zQ}pf60)In%T((*_-k7+({fE~jO1CGLl8M{fo=Pl@CQ5VWX#qbT3k};PW5i_`DU6 zM}U7~VYPmTjEn07x)}@RwUJ<*d_7F+FKEK&Ac`-d);Yzr`}@e0Uq-X@2MJU{wEu*#sVe`@lK(U5)%tx>&*}JjXkp{$sL&Tlek!qHN>)OV_YpKBk=Kb% zWTMDBjO6b1_qHEzYrmo`5=|jy{ZxG${O!y59baL7A)anvZPWhG>k?0_`(Wa+bxC&hP(ar+iD%Ze-_@2ly)K)0e%)~5#dS9jGm&_f=hN$^ZQOoBv=Qsde4n+? z`+2^D=Rx9G1+QBmUE99s94=KD=HKTj|EUkH*1s#>p0NKB2CQCij&bsbt)#BI$Vcp& z4}N&H{`I(iB9tRx6*eE4$2YZ}$5}W0xkz@+BIe%CkG6~#QDQUYAE$ipM;Y$~LT_#R zRIx2@`d#d)(|pHlY3I=i0ET25)$d|wJ=gbF?DzQ~ecSa~!u5#_umW!r3f%|EKPq2H zy|xg4AMvMybbFZ_;SC51l5Uvq*Zglmz4x>&n)q8KKjIHbIuWB5OnjC2GcDqe6Tj!~ zX81>mf0+1RHTm4$_Jqmjq`+h6&AIrDiGNPui63|I!zTU};!hLbW8;^=o78_jjQtGp z2ORv3i4D7W-b{So$85Wx>!$VFG?UQ{x}piz?~>mf>6S=WHTjj=il+QL@u!JbITi|P z!#*SM_Yi*#cIpp0cnlp9{|NC95`VpkzrAh5#6L;=v&1*z;}r3wAG7lIFkQ6Az<-VS z$B5q~`PiT2f0pZ2r|7U`VC3{BgR80<;~ZuQn7{nU`k6&=_&UYtaem__7?0$mRO+Mp^_;1;AqWa0}WyGQ=4E2%8&bB||Jy1xR{@g`AbL4a6XV8!H zEaS}f=M4!z)TEDh-k<_M=0Sl{K5^WKACqpMMCkaOO!(*mWpwQYUP8gglfXR-+^@&= zic$K1u&w=bU_q2^!3elsmCY#Rf*3F&`H3IWH9re~5qnoFdXCFIbAsMxdN%rt3|Y*P z-)sLKdBN7t;!)Q**Ngt_-+(u~DQKda(M7LIoy;rdjX#OL-_VKMK=|1ys-)g0Dd+b8 zuv-7X`dGa~xi6GsVYprGL!wq|rVCYtZy}3Km&5-*wOYSS#)IPjU;>lcUy@8vulffm zcNcI+9$T$HY{yO0_y;*wPQ2;=WADA=qbj=p@q71flHE-f7Fd!{3<**e3=mj?2~svB zO6Z{)dgw(;1f&KCRqTnP0tONh5epim2-c|BTkI&P@qtHCQL$r#@B5rNbF+zgp3m?1 z&-ah->yy_D?wm4b&YU^t%-p%N_u_8A+FEzJ{7jVmaXsW6yTAJU2vD3SOMowb@cf1M z2~nLVtH*gD)*lb5QAQks1LkBc)q3#+>gPNp`y||-#o}#>{uk)^pv$@k`!W~_JguH9 z^F{NE(LU&4qx|j51y#iJdXvtBRs07!#lbkxD?#V=S+)KcAIZ}=G2*~>Z+M!f{7mP` zTzh37sjhk$LpVi^dTJL|bXR$4?fA%y9uJ}6@qx}#UT6j9 za6M9ezgp9u3muN*;U1b1eKkPay~SYUH*+AT5a-&yLAlO2tG@5W4ZGt$c(a)~$}w}JZEw~l!zJZ?h+>t$!w%NbNJJELAG3%4i#VXL4|&8>oLDDj_I5vos< zj{iZ@<|&}sA|$Qbn>`9TTrKAiizUdB=E&ig=CEQU`~1~PFU z00SkRumH063DnQqk9DR60Dkn3`}gYnfX6saYX&8@f93~HIV3N+4ekdHoxgBpO?lPx zP<7nn0MO-Dqq-9%yDG&;0px{_oWJll$|~QC!+{FN4JzGSPLF{o?_3@owy??q>jBhr zJ&tvvL)DY{1~hf39wfWqjixQLk`2gzaXa)=Onk0eK|kyxup&eLG5N% zD=>-?x?b0|m@l4^=buvVtiyW7&Xcy{qm(2}4V35Rpk7Wz&2?-t@auuk2L3&2faTH6 z;+?;7{1BK9D`iAH{ zzEpo4=)RZFU-$uK&~c>WC6M_T0oN}8{VeGH?e_cF?NdMLJZj>rI4?`}v+CvGHj?dl z0Ql@$cxvx;;PZihl=vyf(aO`M7JMY{49VM7({77^r}M7oP_LO2KwbHk&waG0eeT1t z7U?ql;73OE!de()h(~InB!7)VQ*^Gj4CidU((ZqmN3X=mCTo;F4?@R0GJtVRr3CYj zg&wWMrb7M+$j^D_{Dn3DxnG5C92aUS*f)CgKQLqKZEAz9Nc`J^e`ReZ*DFNq&>z_~ zt3BrLoi**61^hVR^FBC#;bUTiUrU@0u2*P=9k@jH!qX5ri+Dx!pqg=y#Sk{+OJ+csCksmEuTGh z{=!+3U!6az^Ii3PHIUAXtgmx4l)qCy==^ihN3xGZGV#|6|JDPa{W13Y2?4)N#F;Hb z*$n(I-lF>R5ctZ$H-T=D>+;hPbnLQEWUb-j8JP0J8Pu;lE%vA$kKy%-9FAx0RH;@H z#NQnM`M#FtAJzQ0`8OT+*!=2f8;$os@Rx)CLzGFsy6?-z)GH6sNTp=ed={=23O!JD zGvs7{bN)gk<(0boS=rKBj9gPA{P+fB1ggA;`tjf5KA-Xm>dUxenMLPV&n7uOt9LF5 z=So`+#}(&Fllo%8f-PHg5iZa_dU7}@3+|~9mD~aI)pzGF6xNi>^YM^+g-MR9>TQDD zqNH40aY8JqU$~$?(GDyitJ~>QXFKE%o6$}#&aodxSwwI=}V~*je zg7O%h$6pHiJ{JJkTk;qlgUI=V>U9|H2Uxo>a%sTTxC-W6s>HLSKCI2;* zt8bN})4G)YC^gdGFIaBVb&DfJ7bAlI2kZ`UDN^8L4h4Gz9xF*JT3|fN;=jgn)fc)o z|5lr(2{Y9yZp`QWddP9uS_?Kf8to1Guez#n8`{ysH{%jKd3j%9QAg(+sL(>T(6MpD7j9T z>teZXlnOQSm+NA=Zj|dCa@{T0 zLvnplt{=$t3%UL(*T`6DU#@NB+D)!k$aR!lr^|J*TsO+~4!Q1@>mj+mDAy0<`h{G7 zm1|_2v@h2-a_uJ9E95##uG8hZSgywZ$G=|k-P@&yRs8>WP+e0>)wQ;m!nG>yYU4Fr z@gL~_sb1(hB`;B~hFq&QDSU-o%j8-p*F3p~pwLIkwXzmH zU+~AYzg-m4s`GWZ(686^o7JT67QHmx*SsdZOzOp#i9fffN&kMg!siIRJh3J{`F=$& z6uPfdP5R{56@8D;Q)Nc~Eo=hUKi7rJq`l9OMH{*dS&5PD8Z&GyTMo+tFg`8DZJ z3cX0^m0fGnUlDqR&~{MHZB9pbY|v|wU&(9mb%!-u@4UKa`Kzk^*im2Zc*J_A$McQC+Ost=jLvZi ze>y>3tFE6MM*W|Q6*nmUGPxGYHBYV~xhBfBw!}-NeP0XJeqq~cyAf}e&_hD6x}+w3 zu+WzZ{cMMt^wB~u*Y(@iq)!uimC%bi)uh+<&#Epp=`Cd(+sZZZ#{Ylz%fCtS=g2ih zu0FY*6?v6%EthMNT=V6s?V2Te43}$Vu%^DV1%HiPL)~i9Zx;L=axK5KCjEfmpO9-_ zubTAt1%Irq8qdV^n)DMwcLfx^=(3u0oiEZfy+=*@4vCXIp;z^+N!R&ei_jBm>8I_a zuit9EE=r#&vAd@KPuI}RYWx!AYUry}{8i*XYy<%WZ`f7BbJ28Q8fliB!e2je?*X=l{n4GM4PE?qi@^8(+Yb2~m) z;^0A1I~#hvUocyZRJq(A@+M6kgNH{8hQm0tOYi7ZtqU>N3-#+@21@aNe^~RE-=_Fo zN{N3|Qv4I2)ch5Q2jlbU*Q+A}vPbvPD_5K@w)@IG0 z@{{6U81vuwPae_yr)U*~uAln>`4WS{ZB*MGF1uCMda zK51X?SN`|<&&|~Js|Kk4o^Gx*)%%?PslKvT>w9$lN{QEJ^~PSU4nMjJ&&L_(GROLG zM(q3khEdu89j#?xhv|9~n}=3AFgqMk6Yv`*hcjwDj+#1LQLE`cD zKw0Z1QngGhBCYjQMAJ_+1m<%5XWhWWjj)V$6BQ#}5syPlYb)a$A|F^gxOhKe*?NeJ zQ_)N75h_Nx>YLn&52=?_cD03i&Teihz7LB?@mFl=Mx--#QwtRP=AyPMt}%)Oxp+4^ z7?DH8C|4{hTjTLx#Di!wa_&#SMmz(pqK;9o+)n}Pb1l6G9G-<}&b9mnpbgKYM3h&Y zN6}@tr^SNFo$#_|awiHC4CPL$WTt4+_!$1hJPo)lS!Ov6iYsCtlw|6!ni^%eJt!A> zI?@SC&o#~PU&?e;Gd%CY;GWcLNu=i_Y~$&<9c7>AYr^-s73Fx(ez=JzbT!J&JzrWV zXB42E=y?q(z>`V+Zsi$3GA}2Y0Z)h;>Awf%6wf^3AN&c*X`Xo88+dX~qa5;l2cvq% zu7XzCo>p)l&p0aQdd`s!$Fygl%=-~hE@5Dgw~Byd2Fkr(6423Hh!zfe&rqFCtXqW_)-Yl^ zo6n$~qeeY?qh`ztwzmxq2V60?(f>qGp|D}|z5 zr=c{vFsaQWPFNaB#=fPojg0yQVD&8^d6$`l_uY#&V|u9aYO;7wF1uPnL+=CJW)RuK z`ydx@0f+Y?E=IyQ^_r3*(NoaBPVmqMhSdre7v=JL%?RU)Ag%=Ba?zukdMya++lC7D zTRJA89Oa^+_tCq)>bGKy!|Ci2qR@0Ui$k>zFobUpNoeS#|9#`k!>HHj8%SR5KLOV> z{Ci;()Bia})#1Mj7|UpUhNMn5Z=~j8k#T%8xLRyaL|(kvAhs!Ro-L@+pb3RDjEr^~ zG$m(oc_Pt+1}(@}e4b@+)&_~~P;Th?2+rLgsRgPwGOS97X8U#m%vQf(MEnh8LqBmx z6r*CpI1&=^I&^B-lvB13eQKCMnJ8iwT4@y59knB-!8aN;xtxkik@6Zf%Rw=k1mB2% zEF4*>HM;EbU%C${&sR|0pH2obJUb!Y-<`@%*pq6+5s$kilu2tGc@e_Ja~!HSj-pg+ zcpim*ja^iBdA_|EWjB?59(o~TV-J;)#h^yxXeuXq(mJ6WGYDb=o@@wi?4_SXrWo#D zAT7Re6QZaFn$lnzo)6(=jhj)~6+eBR(YX0BaFD+a$2H1D3c1(ELquaANm6wiP-BKt zq9K)Cs^LZ?-sdSs05|p@Ksny?1IDUxW2&0y@nJw4$5J@}(W7yVaypP|v_M=>g~jTn0*grc9i(L6JNV&hT7+mx`e zH=$@ae9l;mr~7047a!Z2$e!ihKyK3p<~BT2No-qE#Kro@1`>fML$n4fv7lND66I-+ zV2n*{%GLgCj&f31wU)ZtIIuQz#Wr~q*XF+`g01OEDsDj($2Mb~+&{vX;$tr%JR3GP zSq;j@-r(s#l0=z~q%SE$(%esB>Pd;MPa1euz;$DNq=0eJr?8XHQvh^qJYfB)Q@Ng}J=BfcN#**UY?wLj9%{?y zc@vGt?IL_bkA*xJcQ2J2dFW*DUqF!-OB`*#VD^J3{3_o>K_(xW`HO;COtT$cTG_%#!2r zBl*TXN#zlq-?7Mudy2}ro_pG({4|xvd2&dxXQ-U#xeouwRV1UWsR_xKp!_T=Z?>2; zWsVW|95v=J6W)yn<#_@uGvNthJ4%4lY%wQ)k`ea;0TE_`MHYIIfJif85&9MP5&=Os~w6Rw~xR}v5~6TC=Cac>h_nwij=jQ7q!P{Ya;6Wdj>FMn9tQCkNp?CCzN5Z< zLq2?D&11V4G~C&X6Ik0CDk#a5;l>kPji2w66mLzabHn8uBe2#L;zot z2A-&dONsIg0nt$j^(ZjUY=^X%s22GP;rHL}CDE=Hi(%aFo}zM$3Kw!O4i|@lX?z&I zOTjcM4A)mMjRnJ&f~lJfKc!&m9K)u9sY?u>R4^%(_%zzbF*cqcNik;l$%syd^N?~3 zw@~yq?FyFR?u0HoM;g<##fL5s%lh$NfQlcf>EqH{$-JqGiOkN5CQc&(DAt zc@C2+UAUU~y-!jk8YTfQ?>WkDCIde2A_^dfNdn@%Q;5xCpow=2Ih>P$rb%<*FA-dB zmNYdVKqLdr0YH@~1}^e8BZqS_kl;-rz|BC5r0Myyj5rSiiQWe(exeyj@-`yxi!rHR zExifkeO?Ayd0Ue6)MKEHw;rihpMik44EKa_J_g!*Pf{Xoz(BIM2n(yYh9<31I(kbf z8XK83!YSV8$zS{?nI`1DiSj{Xrp)vXqs$*`7NE{jZ&w&RF3wy6wnA_H7y$9+wE!ww zk|#AW?<9f@H8JtXwKbw?)QFE^aUJ4i_!%{_djPX5tgdHVJRHp#j<^)_38V>cIyKvw zO=5UwVC4|k#UxKNy(6hdL8e&VVoFe58E|^{Ktfz90})<};;9=8i}V%~z;8pv-$E<;xHQ<=!GvC&Q#DuJ8_`ap=RqQSUTTC)0cly?)tyFAZdtc^tqoWh26~ z&6*g|KSmpg{xSGJ#oriO zhWsahFAVI0UmDK9ov3EG0=HmxF?@l8@DC%=XjK44UtE%73YzyWK;5{O4xWdUYh28L zQ#nm52j@@Sjb4t<@HqcPtnwOowZor+1`U5tF1JI`=`RFJq(2LI(_et#b@)F=OP2o( z+I9N3z{U}NdhJA{{~P3*D1SaUUH+};uG@bRT;1cR-+@Q_7en6||6+8->+b?J>-&47 zR-wNuc-HvehuPQqo1@k`|41zCO#dmkx5GaiEn5D)z~uX9BUTIjiLBvnZsitWe98|p zpeFl4OWnH}RsgfQ|6{V6|0d)H)Bi4d>hSl6e_H;{@L{L_1n?35ju@gy|JU%eD8H3R z`Y%CMw?6>K@c0*_R-lV zMP^_Dnk_a1i!rK&j=(SoTjL0HhY8j?0_&-QBXAvTzTOdd1@5)M5r{`a8y$h2(E3_O z;0f}8kl}6uX`%S0W$3);1N1ANZ{ZEkWK@c8P7|ohGZglZzlh2n&tOqW+2wf^p%UNzJjx;Etb}G~jWnXET_S0iMAb+9@f3mg z-MYVkwH)z%y8;(K@0z(rd^WG3JbwZo-;dB(mJuowMV0zupMlf+TE)*U0?KpaKrmiK zMI+&850vN74Hp)z+}XLgC>#D3^PulMTBW)C2~Rn|H6N@7-p0WjE_b80S_4`}J5GY} z3o3x~zm4%S{Fg(Z>F)shIE?nsK^JCe63B$_`pY>2x5DD4zX9CP;r|k@Y5BXrGoAic zpho!Da0a;^c8KyfK_!>}6L7lyt;o;)522-K{~7p8j6VQ5UjJzFasOcaU*8{r@$mW2 zLs|p>^U%DZ;rVIYe9FE)TsUu1N;reV)!}ph+LJyyFtuL=e>f@ZrRWO^bUL|KVlkY=^HL^k@ zpN6MtWSK_NIdY9G)W~euS0nQ@vK2-~BSRXw9evTrM2$4iO^q}(@&dwEBdg>rX!3Yi zS0gJllHMMqk!2d$BC#4-sFCa8T$(daBag!J8X3~a*Ta-g)X0YLQ_X2;WG^_iMpnt0 z(`0%fjz(5!WJ@F^jV#khib;(u)X0diZsuv^jxf%UM$UjU>FS9Zc^WRRk%mS-6vkO4 zXIqm$3Nu}WMotPJca40nWwp#gjhqqI%{+~~9y5q;J*1H-$QK%!sF973*frA7NOu^r zO3uef0+Beo8Vu-3<)$;KN8FhJj@MTg6xz|JMLyVZ@GIc zea5=9d#SWmUdHBe+ay@P`pF#G)f|e;2uv$Cl8Sp+MSb+TTE#wC#V8dO$5b?_hG!3} zSWYmjxQA8zi(po9535LbR!YSOw2E>Jvb6gnqT&;_ibDE_if%IMPUS&T2~#uwnI&J_ zDk=_o0IF2n$tpfhFsrzeRg6SZRx0jf6?+3#D((^$i{zwwY4@Yj+KXC6O{%G4S96%z z8Kzu$#cr z?0}?@x?B``yNuiqftez@qVAz2*Z~!y7Z2)DH>KHLImlze*o#xj zQGTM=n@xSxO{Nab7zmyh-Nzv;bUgxH%AN2@PQ!eO8|k!UI)+Bd)y2>n^0=4XbR*KL zG3Mr6^Hp~b_?&kvlBW5Zn{PP0^km0;odMH(C)mt4+;mUl@OGy9Z*qO7w-M?376UGC zeF7>Oi1E5;-TpQMKJRT<)tK)v;P-w*(%xkt-aC%+$$Jbm_imy5_dWxO-X%o&fPq%t zdx-KO0|D>-1RP@^+4~3qA2E>PZ9+Ew*iDbf(!7Cgx!6yu4 zdwYY~{FH%#-p$Pbe8xbIw;Lt}vx;pn!ss+*`V7N7>GoX=le4LQ<6#N0rOv4`8|rse zW;^|%%50`TRhg~ymnyT7{#IqS(Ro#76J1bcwh+#RK+O;v$W&#vk3*H&JeDf6b)2fq z#)(knv1EZrRc6yfsq%=9z`MBIY3hPyIK83D3#J*SM-`XAsiGA(+ayMnUm=P0JPYB> z8DHRr#a!euqIY4~2*V4RSi>S$PkRu4Z7yN6>fem;caKOw3B4IbMXciJh~<@v*d-hg z%K@v1UBb@4pXi)tmbhthKLc3hnPqG-kCn4F1CnvHD}4_#xw%@<=hkTSyO^`gLP4*1 zP@_vRf0=6p9neDhOqyeuYX!T*W@a0%6ZA_qnumS8pl>^%MZZt6u|d$IHFp<|*NtqL z)(Ds`6sHQT0+>D?cd+KQ9OhQ>*%j#=yPMeAt>QB)IDY-+_3pH`h+l5`1|}L_?)Z%i zIKAB6o7jdz-S(5rM zp(TLEi`i4+3D|_7z#)Tj;6xb~g+w{*>sf^h{QownLTD zvqkBYWm@TewUq9{O6yLt$(&xtu$FdDJ>jOLMffcN|yjuO6RfC zr-{x==dsdBUaj(8v3R{JE==i&VD48Xj zyFv+`sT9W;D4|x1TltvQ5rTPvv6YVx#lzQBC%3W0p#<~7WSff?Cffn0pL3CD7oFj> ziYu0+)8~k7xN=EW6L_t;-9-zNufU)66wRRuZh=LbN_ab1{@VmkrHog~aFq}6+-mq* zEZ8|AD)L<1=VtL_TgL2@Fuh;?E&5>I&F}#;>pP5?xzk1K6gudYPVZbc?_sJ{d|*jd zM{>+vE;<=R?>$cM4c{_%bLTx)V2QX<`tPLkeS+R{jYiW!IdhMoWAD@GQbOM^=tIGF@(X=D|q=c+P&zK5ITwXUcFyz7=L$AK%t2SuW*;b7TITk zKhqe6f1?nO*y%^q{(l0(%+j)*szKA}$6!~}=rAM%WY%1y0$het5}kSI z!WyI~n-*7UVS2#chPvIDiW_8y{7jpaUJ0cOM8rIZ7_3BaXKoF{&s2D4aT)dCfKbTD z*DA5$Mm{EFHnN$lEKVc$l#=4M>f0*F$PF}t9fgr}{g)Do`(ueYF>vPP!n7RHf>Q*b zm5RT!IK}a5r=T@f@aiz8G|hCjnu&~fa~Mya=84#oVbCAOMOoYkmWJ`I)_hHc&j{`f zBj2ORovOu9Q%{HSysCM!s(Hl1Z-lXZui0{|*?53H4P&a;MfyL-R_9C@xr-(jR?8rD z{tDw6s(Eg=Mbz&QVjGZ!^ELSan|yH?`4&xnMw2tMguH3{GcINhqMgv*y!b!oIsX4#VV;1~Zn4r0ueC{8^afy-Y z>ZEK#O>%R2|7fm_tovym;dOs~!=hzd+7Nh^IfQ2){gMa%&?TWuzPeN|)D%Y+<`K0} z8^Q~Qa)(l9d8)m+V93|-ZzZtIPDccxa$t+CSz+odTBv%-Yrm!pFL(TYmuN)kC~F z-gP=v-_=gwiQMqA8WS0Cs$0}NZpG#02Og7nS)lJ%r@D4SfK^Ux5u;5>oukbXF->3N19g^PRbX(fuJe!xVZ(>c@;btD;~GCX`32S%$Gv` z2;|E|1Wke=!Bct~9)`b5@NYw-rHsc6nkf4odIo(XjA^@Oa)vQ2L<^^d=@eQx7}mlc zf~SCdPvPCx58{JH>cuh$2FTQ3D2pTPbZU%mscFnPw48?ZJ<4gVX(uL{-A2D3E`gw+FNkI_GA_3;GY6`*2%FnsMMM z@G>lkCD59?CZy{?yGR0!l}g~nxQox$nJsu>?elU=i3~LGvXV&*G?YbhD_4C;!`_ZW zU9#(s?gW>qs534Nu{o+tDBRuk33xf`9)Ldm2+2`b1t=ILtQ2)GfKNx=T*23lx{ckG zXo|Y#XcPRkqfQS7M_n03ons03DCmMuNOf}L%eXomd5DuvG9;3;VY;s#s>U$`= zKsC;*t8~Frv=u8nf`4@e8^H+n6*5hY_lH%RD0oulP2E}_xuv5>UWoLwOqeJz&{?;& zP^+U{pA65gA7NPJ*lFJ+!su^A@pggK{mgd#Z+dFiR~)g36Xp7EMA7a4WWdVx--x1T z5O)!sXO%aiXjY*Q)hO40i+`DfJL*E!O>zBq1YJF=u$R3n=vuD-o}jB;|1G+4dtcBu zX&+C2k*1~(1bs{_TbkaeCD0!V`kY3qh&aY3@LnVlp}?I0IU*9xkE7@(yJ|!Acof}) z8eZ1*L=@e{y1cB)Ck*(!tiY#HbQ2oyK^6#!&f4uD9*BKJ<)-5h4Ukq1P- z+p0PM&cHru|4VV)11qZlxRC?kd%!9HZsY(6U^htxz>ORLlK`s#xLMrpaLoYNEa+MR zaJ!(Z1K_PBsCkE=f3`iHbN`)!uFm~s2tIR*pd0B&3u*${Drh^3Q~+#a6KsRRJS8Zw zQ=%OJB~hz->j2mu9soOZ0FZ{I5&*1MnFIi9b9Z;RA9|6!&Z{P=C5OTy$!&s!ma{zoKcnW~q6y9xB%A+XEa-uB-z=L7cS_qz6 zt7JS{s~rH{g~<+pkXFY?Yt#f5oX)n_@0mMcs6Vsh-agvb6-NrjQ~COI_Voh5%Gal} zuOB2jC;RE_>)!!ZzCKetENyuP3zuX+SJ1YvE61D1`m}8+j;Fx;0dnSbn)y+OAVy{0 ztCizP;#?GU7btj4vr4Vzmqr~#AF$3?9sE>ov}j-(16jwwYVCMn3vu>HPyAht;CE8p zw-bjZRdpUXBL!y19}V0g*u&i2T*bW!K*!YvtY*2eN)BDr%w4tDjR%q@FLN^k0rH!7|7-+wsb2PfoB<%gG zpD}x^`FbteXV%muSP%=dPb&g6oQoz{gOZJw3%tiuxl9p3cHrM!8KG+sj71m;slU#k69;mqeCo&FaS|v3=Sw z&>R4I(w2clb$%kiVbe;*P&)QONEtk?3)?W#g62?kJbz4X6gpnk+X%F&lO}E#7gpo4K({?LHaHilXvz%mnt;_;j2k#GS#f#C!$hfUzD>K;qx)lcw-={t< zoOTW>*Qy%PxnL&;<{Wgvh(2b*1*+jF7yU|!@2|;&n9F5YLr_kOYzgmqI+7&l_p82S zaqGxbkM-A?N^vZ2qchdhk#v*sB4CxNo{prOj0;5PdFSa!y2+q}4l1@QxP_|;rbmVf ztOBT>0zMl_PXUJnbYgohay+`=v5qZPmXO4DRM6G8QQ6WFidQH%^p7OmeX!|Lj+_}6N zIiVjC33uYHNcG5#xAZC_={Clt9<061K#Y1w_6`F+^#QsW9YW`8o^iR7+}G_;$kJ5a?C|&vyNqe9(~R+68Ik>+5hqZ1y>6z`QPQ>)Bbm_;A{JzNATo-C5pfH9H*_s z{#Ufh_CGUZ1Orli*iJnEsctUVUGU^|?i_5c z!!}{Eovx#HW|iE@bnJBawGg>f8hx$T%wU($FL%DhPVQ%Ow9_e$-LRs%smNfb`w_5m zx(s%@OOmzIWpHwz3b@Zgti3WLf5k{(akWA@S(f<6IXPrintt_V(4(KAf03J>(sVxP z)?d)I&h-rtboIHuML6#^P_U5?Ww2k!yf8@6)&9%J<^~J8)&agDY>@3xpXVY4w&;Ml z=psy$rh;!Km=E;jL>@<59}zq`67->w*uF8&16Bw8hOu{B#hcXuzj$**WDFh%sTJKw zCK_J0z^F)CILev6D>*~^)M>w51{$aXexo@;8YWSP$8deWM9cWdeS^u;WsC=x70ctxKo&B zLC0A5sswcKMZwcU+*F0fujV#ns7?pZ37OVy6EwM{_={dq;q_y|mRTXLLLs+~84+@| z&mMLcCJMQoT3Sz$W@PpjGC#kc7AEjLE%5Yur5HV1p^0O8m_YQ%ZRxkLBU~FeF=odi zXf3ASWj+=t`ZG%|8L7inaU8)os&G9PL2I#yPC8tVMbKKT7hp9<9E+eiVhLaspC3o4 z#nq;plxh-0Ck0&{L{}xC;ZuTsL*CYoy;|Cq`?sJCTL_=~`9jc%Hkw|2WPT~=svC8a z6X2xgX+h^`ZZ(O0#U>~xh1Vp3?du3y4I#n`x=g-ix?z43K@oX*iUjZ(W`B)AT3jl4 zVP|`P?7N5^!w`@hgWpG}n>U{K&az;ampl3c12JA!_(ukO>csp{4EVjQ^UvH`yhP-0 z5q%(xL@lOYjVQ4m}Lv@ov`v`ki0xN)lL!cX&^B|waBy;XUI0oCjYlZE6>ou6 z=&`5~{94GQXm3Tvxf;7kecB<(2s*}xsHesda86d7e2b_~FR`%3!a~Vv8ME-ArA~q_ z2Kr8^xsv8&K94+8sHDNOT7$aI6a))|^Lp6oBU=L_c&p$ktDMsk^ydtW%sYilSta$w zu+}(X)RD`Kw3j`IliBQ=`ZEb8k^=piB~wT1)S)<9bkV6}Hm8oO0IQjPHm8nVMCaw@ zY)&1Y09L7Ejs$Gk4H+z3Qb)d^?d`+#u8C;)YC%_CFWh|=PQ&KR0zr4z8KqDDEKGF^ z1)Zp61C1Xk2==TkV=hEoBiLbDMEb+j;9^1NX%XrClZ_>Uo+*<=X&?N?-CP<$KXS*j zoQW#yEMx1%1|_Q~@D#wTxv`MFJc4eoj&+r+;x`K-Vy@KF{7TLchWZ)JDh8bV{vC5Q zS92wC&kGrFCsD`NaM^=0`o5Nd=p^dfIxfd}xku|+DSbxb+K4TqNaYII5h{vMJ3>`z zM`&hlh)1Q&0e$a|xB=?%-P(p!tdt zuPXl9t7YvIoXo1KcZBE{1MRL<)o({2d}lXDDF6ovaX_+aq7m#PJe1aGg(fNm#|ZxI zGCU+;Jkpx)I^|M2tyP9G_18@Ih<6ylvti^}np`B4krBL1dQDAi(&Tk^?Que;aJ`So zn78w7a!FY27j^B;HuPDlL$tblpM*wr|AGTFa5;7h3 zyiAe#_7{geCpI)P2MGB=NKG9l0O`+S^p{nz=IBee2>sa0jEhu@f13vXnI$)j(}_cI z{E(^>M?X#+J-g||(T@|yV!$eK^y9?w2w;^s21p1NF3MoprRlH5q2WP-{@`9gcbYs2 zJEVhof>*0^R_!zd$uozc5$(qy?6~?crMJw*BO~gA0%uyT=Hk&2>Y2mY<$XV1irG%O zR}KZt$q~KKw|-O}@C}Fwm*QOSZzv45ma&W#1L~u&ALzavP*^CH&r;)tanW~D=pL$g~)Sp zcLCmn(1#T#AN{2p2K;iD?uhBA5+B{YK1_j+!lmN=x0V8TgemZAI4cwgJ|;x!WwUY8 z)0~IsZ6dqP>xG(AnkHH~3wR%qh~sN9elIlap}| zb~p1BgsGo{DuntuXb+AE^|Q|&Y6Z?yXb+AA^;6GYET9uDQdQCDxhoM4)kz8NIbI7^ z2qm~vnBY!ff;)u??p!Tc6^*o6B)ARZi<*Vd2b?3||A8*~9xbVd=Zd3ynhxwX+}cLK zUFPTG9AJPYyaPCWay+Uk*ik$#cu1t4f`Q(HJlnn1K792n1;|y9=5tXAj~t{{R&mW5 zNJY;yf&A0_qGA0hsFzHovRRUur!`g_zt|d|cGB%nM!HT#r=4{BvmCHWMW>x~`?DXg zN=08g)$LE3Od+M|yXvFi?*;wABP!fV({D-u`mCVOYP4D`{J?6Sfl$s;3Y^znvXsO8 z$@$3yWGR;Xvy)a1hL`32!hk6$>zwl-*s$Fy+h2b>hohgE;8z8E4iBM{x_#&|k&RV* z#??Jw_pJ!qpX!1MUaC_Rjpgb{CC%(vrzDKLT$4RE`7t4XkFmW~HO`siH^I}S^qRus zw}P@XgBr05e_5%1+ZSwQg$^rAw!{(ps1YIRj6sw8$uNN}1W#(Z@+8=6PwqX1iCS&T zOqhSmq*Wtzn2_!1O@CNS_F~DTye;Oy>v~Y`nbimb`>B&|1kJ@j^x`9}pE~*IP}*KU z&>MJsbB2Tr`s-qEn$?@C-B59y#gMDJ@D1#SJucI3xPjg98o@AyC zlTb)~LAb&;t>l@XRa{wsjDNdkK*rC93}mF*A)~F$AycIe@>b9tH|^=(FZF3&q?h?% zVxbA?cR`bnKBUlY>+B{qY&73c+bKg;7wD$&ebu(xs^eBIGg}yWe$5r&XNWeZD2Uxe)44h^J`%J{BellB<*`w^hB7^_h@) zBP%dW_2rM9*e;Z2=?UvFG;0LA3zZ}t)ROeK{*2(2LVgwG_cZx#(FVVp5Hcl#Ga`F2 z26v_4sS`Y**Gd9L+M8khx44ZsE}Nr= zDlQvwT#f{+;?XxxEMQCy3&?|5p+EIIGZ8#pS;`dgl zJ+!tQ)$RL8R5v%+u8Oi6{>x)OBitC4i-H~=IP6&&MtINF|IbrIx^r>=lnad zGJds6Phmjsm<63P&<O4j|#^x{U9B`ORwUs z=YdA%Myb!CwN(HLt#Kl(_!#Xm^V$3TLZ;23)ryQ$0UYs~>1g{)wn*$lO$t%3c+2gxFnkZelgmfV5VtS1_v?l#=|(V5_$alc zFdwGBI=1G5o5C2!XvR9X#-0>T>e>dy$#;)K?XHwvp+a5;EwI zh4=(uA?*YpA)ozMA;FNaHbZZJV^;nFV``q@;~;_-)#R4;Ua8S@F3s5%$CNoAX;0mX zD1^FWusG$ZTM>)XT`#^Bu{hO*S|mY01PkC>5mhwOIyC_Ph?R?eg_eb=dq!J}FSuiP zeU47Bile-bPOwKTT7UlqSS8pa7OlTiGj)PJV$u409$=MVpWv69d91@F87#aseG;zb zGlE`fqwCcJx@?}MW1 zCr}FBlqDHefti#u z*BOZMvIX8?z^8s3^`=G3Q=K&5w(g%zNwa*M+S>TQk_Ug|_%ZqE6(Kfd5r)hB&RP#O zc;m0z71*61Byar90TldRSZU*L4*1kvn~^%LK#8cm@%P(ug{Pc+RPondQ|W=^oLo81 zzKf=Z7@5)19{o5fI70y120Uvw&h=;quvo|xJN4mj(9LcACIfE-%Y@wK9=s7RH^5(f?a@^#9jF4h3(k_mHla4C+R7%8=SIl#en z9Iy(m0~}obzB;%LaBvL*-2JeKC1L-VIWcDZQ}mxq{60Mwxz-@pY^MCJPgV)t6dn@g-r5SJ?i40FxL89KTtm`Pt116S zpVh(d32DP6%0*7xvsn^`b_$P?IS+{5wEL!DH4{!#Bb!D)N-*0opuaTznEmv9JTi>h zFjE|R;Wa8A+HpMm4p_xQJC27g19d#K<9N6VaQX|R$|V+kHpE$6esFdAzBC|`EfS93 zazDB{D=HR<4%RFncA-WmJSXbNUfN}zE=3L!cUFWlfSvd?pTfw$-tENQ_zN@@btw`s zo3>}L%}d$CU1n!%$<^@iLnfN-!mf)=0DgT`sx=N2XK~S^tJ6nc405_fyXns2ibq%X z{cH*Hak zGz-z%ZJ*$2f{2Agg{S2YKPOtaDPRO&5}xsJmu|wt=YQFzMrzMhN->HCU4MkNu#h}s zP$D!KBMcLDwi|67Tm)UyL3;t(Wp_Z~0tz{`IR{)0O6wfNN)8I|iX3`bvH6GNw}pl= zbUg6T%u!r*<(RK9=p z;HOmS!0OpY$gzE^Bl*-r0Am!qLF`Jkuf)Kxgu~*wkl?n)R=4N2a%})Fpd4lcxk#WkFdB#H z1Ta#c43qy)*-Pz8cxl!m8-VQ7whEBF+NMDEJS`jAM~Hi_g2jJR+Sgt%=_rH&IG$hw z4m7&sN;5L+iv-T?DFR#vacS3xG1l7;J77-a4VV)(`vzZ26)v@2X2K!ka zUn?WnOsr4_rY(wz1Be+6lSN){w}bBMMvY*yRHc2g$7)uk{jwf1`VT?!r#AU9XsNgB zNP*0EgpE$3WPTn71iuLb8X*;8kRpoD!bgmtZ;k3C-3#|rBplkhEdzc-eERf9J0rEV za2|vfwg7NAml&H7no+JPs2=5_F9}Au=#BYll|ICABhH-Kmit*Q&?O%skzIzFqmf0W zZxEv@oj2xmjvqR$>@ykUSW9i5Ru!lr2pRBJ4$8FX2ybW)?rdI z?!{B*S+3E04!$)5LJvr$DfCA!8N=umYUW1{^Ht)fFCze;k?%wwelU+aK0^y3`qq?r z!m%8F5u(panV+cg9Su=4v5 zj6BGpKeObG6?ze*IKGA_szuNW{(5M)VR{j?!a;ig^8u?())fxg1Mm*l>yedgFORkK z&J31an$BilD`=3ZF|&vP{rZL595+K6LQbBG+~H8KUnp7`+%_k~rlA|}o-jPZtM)vi zt;g|2uOq=`=vjmrpTm7!>K{XBk5u(3WP_gyo>ua6!|=Zf{_Qe6@?(4*EBS_Vl~S~l z-=`|OttDb;BekoL?RkH+CK+iJ6f+Ch+C{UJ6hs>TnI#*L71Z)taWovEJ!=7b)&Rh2 zdA)!=Ydz6c6XH&}$11F1sDN1^ z*@WIRS?@BDgsdQX_XMBPTXDEYYQ1N&-hBWoy=SuCD~Qf|&t$z{0<83&Eqce_uJwNO zzv@i~FtDx??tkjtvn}ZzWWCM6D&zxxfwe-YZ9;5JBgyru>S8mh7g*!qBqMWPF{O;;DkZwBQpFJ8NToWc(Ga~O-t6W`r!pV8O=IDqJN>|?bD0CnXI|#0 z4<@gVGF1;wV{(MPCx@U*Ug;cidGOp|Z+___`YXn5=&oBJIUS zV2@z^E5xjg(MS3-OIjA{K~x;ZC_RV~Y@vaG)gVT&H8v2P2QfmWwJY@?M#&&1-XVji zwjaHMe)3U4tJG7E^|=DIIrS*;Wq@oEr|EO}SHmJ~wgzkjeRJk_{EpsXqL*U>@eVoZ zv?`b?S)0$IjLML zcuFeIh2cxX#C@s7)qY6uxG+&tiNshyWjx;yTN$bE3fWF7m6~LvVM@isZRX+2du{RxJlF1{Y2++J#Nx;^)J9GI6pDfkrCfk89+6z zp9#8Xi=grDX*?sV67e?FUn<} zGCQu(&hT%OH<$4SXteePi*?Fv`&VWp*l-?wg4%KV)}#=@#_@#UCt@J-jGMqzhiB;i zv1gP|pjDoF;ZB+nH0FiKtj2d3`iE3??3pqr?cH`4GL6z}itM)9>5&SK6EZo-NxL>2 zO7P@w_0VH1V{2~Cs^>bGxKeKtR&o<|kzMxW5>58F4Au3QsnVKQFye!3nyP6b(%X2( z|*iS^ns6i4SV+A$tv$5;tiImUzR7>9_?j`1Kn#`l1gW9*fo&b}>!g_ou`zX%OK zBIriae|cD3F6em8tsG+?s~H%p979155JZllz@GtTacX?jB<*{SlPuvf514(|!7*}M zpxuM~wNObJhuBNBV;nJCfQ^1wryS!cag4H6!@ry!V&yw3`xtw`*oCwFn=Ef38cX%f zP)v3d+GC4-dl5jM^(89T;aS>1>@Q_uIS2Qcnd1fufKgp z@D-u|eh-vXbmfM;f0Qj+((U0mMXmexFgRB@$srfna*W_6!IMLlG9C`uRmKt8b7Sh} zXPdCv4mni2JMM7k%WY|o(y9EJJiPf+l>O#74E{4qUb|L%q2jm`W>)EGCVSyYz_NB= zFKj+ud*Mv>!jXVw?I3=Ya;x^j&Pix^uAr-b(DO+G(DMZSus%PK{x>u-=L`Bh8_f^e z@&*09Mk}AanmctfRA4VvV7Ce4l|FN!`P&Aat`@0u<>l6|QC{igHWxGCQk&{aSfoBN zwA?%h0Z3f(VzNS0ZJk%F98n1qPJ{8f%$bjGJQSH^$Xn5L@WNDO;|&_?!r626cuw<^^g`oLbmXbmlrD@Y^;b`F*^#Gp3LqS5wrznKb;L03I{ph2`!*f z1nB(4}$=!c<9FQu#xDTmAi2~JOfz8Lz?)k z&wiB5uH0SFj~q~)FIBF58S8Tnwbf%^1;3aluC2gvlOQ}Z3F`MS={u8{nbprdeP%E7 z?kZe%uIrn=f13Z!-tK%VJ9L)yji7>MtYyNDXhSZlm)8F zU<&~L%#ysD@ECz_XPDveB!K*E@)RxWoRhI_JcT}Vbc$AWJpqnlH#tR%y2SvK`8E1q zs5RZ5Z5b@KG`VvUgny;5cFs(mNICOsh3&6BCz(h48-<-|WBD=S8T}M7mp>QsE%o6M zw3^FLW*Gcz3W3m&p+!^iF*y3RPrUhkyBqM@3s&STukk$G{0~%idbrUaNuJAd$b?!y zk%Re+(fq{b*E84i1V29c6|&M_`cdPEJQ!}njaWcD+64HfCYjGYjl5w|2%PxJ+dcTk zDjJ60xeDal92g0QD`W&86rL0e*dE2h{uKU>(hr5_GVoLg&q~PuOz@PZj)ma^*Qjl3=Z*ZkGFTa%B>5f5>B32_*i><%bt5=b@Z^fU8DEDhju$3!#RaIA2gwYUfAoLMk}vK`lMEl*p8lJHN$|xMkaW6Rr+)jnE0QvO7kOk~C%j@W zc~zkp!Rg?UK%|kdQP2GE?gd5x;Vs2kSDwe zo;uRB?h|`LVa+tXNvg9WJR-nQIN$F|mK|33Jb+Ngf!Y8=K!Zg=wr zvs={}ulV;=^K()7_f+%mQT%ZG6f`wqJN`3oC0u3m5dOzR!~X+Y(yLgzJu~!~sonlo za{E^aqxkbqw~>Z_1I*>e^|w>g-DYFJ zs-%5-VweO8cBu2chW!-@b#w>02cMQ0jmv1GyZ*(V{Fo*zFVT`~SG-|NTo#88ZJ@Ty z#gILgr%i^(@|3xOdX&c+T}xcX#J4bAm@Bx(cDn|{s>TYcVN48=;Hk_;pU;@YA1<9r z2Fc@jZ#t3kXp-a7J&$M9nz*Ld{tII?Z@0DupHzmoa4- z6mq=7D=Vurs`R=VYXd>_ic&KivOs|{8Pzp(d$5#qXNGUWH$<_e+XlZUsmu@ z=jsns!%-`RZ2_{v9!MfbT@3t5!PE2L7i>IDZ~~)uM?Puf)|Cs zRA_?2wI~c|jY0(#I-_tBh2dvKn6}(sG+ZPqa=wU4rUHo?Mg4&;LNh8$; zptGFWB_Qn}9rvK{Ar%e~Gkhq!0tIrW0k5O5mI}vExEF=tDI!c8;BT@eiF%nTlBn;f zK%)Fti>U4>)?Ux5FD-9;uD;5*eNxAl;1fZjqD12hqk3~&)TQriHDLVs{4 z8Gt?!kRzD(WI+6xCF@bIKYbTqD824K@(=pIG&oQA-Y&!K0857V<%;(inG1!?dQ7Ds zmJ|vmhsBa$`VeY%Tafao^Fb80QlU2r?@(a?3egK-&?`~MqQVpuZbD)BVG-6ygk7#h zm4nKnKA-}L`ilxAs^voTu6D)#&r|PS$A6heMJ8D`^ObP@jo@_xQm&hZwrbmPv(OKq zZt7kE>|MS`_3#)|=~JzRSs_;Y9*@%AETN}r**Afd4IQ($qOh3?_oDCy751SpauG&= zz6cxn2mN0<;1&FTH;@C~M{)lc&ANY&+tn&T*R>bwur$c4F6!$ z_b?o@SGRwF;eZWSFx=aQUuSrn4Ig88nGK&}_zoLB%kX|1{)^#F8+3d4dJOvel3o)J z_A~sx&7a7y{e7>&$qetY>tD)nr49FCIL(F!1IEtVH8aMb&}onw@?gUOszA%%SGLx6 zB-)_m6$*}elwZTQK$VNIP~p#Ay)0F)+l38cRaM>0@br;1PzjEP2S#pV!EQ@`_s9r# z2_v`GWc|e>BbXUR&eG&|4=Y<4!Qo-#DVp5NCQk_?uhrz?HhEzf`EE^~X_ME5kt;NL zrA@vqjQp7<-)fV0hLN3jNx#ECid2B4xi5^Von{LAz!IO%eKw3KTQl8fH}rNGd4?uG zX_G$>BX88?w{7wdVdQ%?`3swDiht1P9o6JNZE}M!@<~nhJ)(yvDU9qW5gW9&$(IV5 zb`Y8>GVf#c4#Rg5{7P7Bl;CM4GL-T5=h9l?b7}cP<~&&_!09qnEE3>n0M{#lR`JVl zVD)RUy+Ym$2i{}rp{XAVm42rAx={HuX}qJQBp8F0leY)YFN())#fX{oo`;Dav3Z4& zHnD?gVYM#VF6N2fm|@VLU2Cur94L%*kCv$z*--NZPjlU5#$&GQZrgX8kZD7EycP#pRK8<%aLmmA!`OF#M^$w1-`SQeNm$yF1V|wSLQ5kq z9hRaZO%RY~0Yu8u4FV!12r8h`6ct581w|Cat_TWZuh>x$QLtgd^4a*5|NG9JxjQ%d ze82xb&)q#|&U?m8>W<-J%Dc%m`C zX<13Juwr$swx=kaZLoEdVXKEKXI4CDl#f#7^!bCkRjq$h;;YV7v;FTlMR{J!EQr`-Eb$}S3dVzR73R!r}&7#(0su({EYaa%W6FvjJXGhOO2+ z-pSh{xU&LV-hPq%C}vsQa-x$5LyKF+6ftF-HO|VZHJJz0+%g7wr}l;~U9lD7pbnni z1$VjSKa%{|hcSVzpvAO7wJ|ATOEw12t={R$pBv$C8L{QYCTGGKZh5;zawoju)}&(c z3u$;#iZn@p39t+_B z8(X18D!DTX^Vo74B-;SMEvG2?Jz~o(w_EZ6+QlumOL9m(bSJjlPRTRtBTm?I+a@bB zkUQA2&rS}?M6ux7?CsHM)dbZuw-M4dCWkDU$a$ z#wmJixzm#AQ0JCAGTA2|`GYN|Ao(|d+;Xy#vrxhe zw~U9xbZ?U($z0H*@5<-wVj$2NP$DmRs)7WL?CDTTV`L0BYiv(|qy}xWcVym?wEFI+A=}75R?VW@=$O(Rni(T`u!w%8`|v|NHW*~k<0f?`~-C9BShSjq){srF9JPPLP9*I z@k}Em8lF97ishNk@+{QBU#~B1DV&W2)1QG^-{&kUo{1P{?8pF}u^vqj8MToQo{TRs z3cVQ>Xtgh+DWv|4#Ypl%#tLLWT1GayE|~E#kfDsG1=!DK+>6l=$@msyFg>Ffb}}+X z;5##80KRKw_)%>%<8N52ov{z?sAC1cM0&LMc6|%ghuAc4H@i7)NhcVzU}zkaz1>+J z4V9w;Z;$UmXNAg9jko8wpz}j5Fok)0v3bRz_o;g-@nx2u4fAY5K)h#u1~T(&eBrMj zMeucW0{UVk6ASh=Xb&Mj$X&ggk%Or|3HqWc_cGDdMS2;X+H50+#4O8 zg!ZKc#HU~;Mhl>s78LY$M)V-snwBn^S<&;zWa2hU%z4q>=%=(g;xxdjqtly!sVj~n z9G69V;XAFK_!8EZM6YGjv&3&;mPN32Ftn6`xSg$yBKNnUED&S|))|K)x?Q&$2$r%dWoZVwL6+9F z>dgnV{zbIcNwB>B7G`~Cn_k3-cad~j6L=Wd#yZp5B3A?VNOBbrfqNwxKyZRNbfnJt z_?il1G0Q&|KWXSvE7*`FX?~(|iAuwCWCinBillr1<(OLLu~(YoD->r2q`eFKHtG4f z5QDFbsqNW}uW&iL&eNBrZ8^T{d<9F~RMP^%_W^5g0sztK0Lt-7rqyEsR8f!sXo_ofGi7O0*{X{qy69aZ7Dxob%6@Lf^^aK2EZej!fp6@YFyHbc zHnc~^HJ6vuBwz-D(p+9rTh97^C)iiE-upS6U)IKB6ux58o0u;T28+hF94hX^F!^r)# zI7V6Q51q09u$a51hQ-w>i`B6BCN%7PwFFImPLmHCCLj5S$(}V$?n#-3kLW zHteqw$^Q(#DPE4+S#oVSs5h!Aj>8XAMsLgI+{ENqW{8J$=M)IS&d`Gn!vItkc@;RuTYt&LVa(*J=uc2 z&eUD5#7&|&QntnTYxYF}whfc9oWVOO%p#bmgZib3ceROvbCh^Cs)WchyEivo?3AWfUNZxjv+}NA zVO!b)OFL{39^!_#ct;i7#rfiVoSmDGZ``Hy@FFX(_tmxnNAK%W!5F=HdhoLYzO$wH z!)V-9()6IL)sH~GLH!It}(sqT`1{>B680C`IM`MR;Y~E8!`~tAw*<#LcR-R9FE$c|n zWcx9}-RS5&q{QsjrcykVchwc_G0Kq4^Gw_E&f=t15#<~W%rm^N{_E1Ab3 z6PLS@OF7-Q!{d$%NLcM(A$H`RE9`*0!vTzs*iaj3+nh&5VkCi&BjX!n7lS>A5_f6Ui&K(v~C>&=!62zf%0Hg&au+0mQ)UT zA4<&_o?tOkunN%e2DF!i;(o){lm=T{d2^KXJ5(^rHY7S)d7D)+ovXHswR4*s=RP(- zTil@S4yd^re6;kk8?@E|4KqMLxIs5*P{EZ3$OzUJ4X}?17?BQK4WF!Kb!^W`J-+(# z1Y>Bma{7v=ZaSe$PL)XRpTlgB`FI?8-AVyB%!jH)yB*5J>xRr{95Uzd_If zyKTwbcP)16<7lHJZRA}C_6f3`$Zi4KC9eo<|K_UKTaEU?MflnR%WHYwpxZj=wO8W* zB3j2FWy*H63WgZPYz(KjM`<4Xveh*!*c5_{B0Kwf{$&Dbmt9uVb-mgm% ztjr45!znW5Ar|y`X-n<$dMJNSl`rtfeVCP(t%Ugy{;7m=T*%24)2hJytS~Kr$%B7J zI?UJUkT=l)^->_t$(T2mI-qL|&?Gk~W$Bm!TB$&CrVn`+I+h}r+l``654kNl)fG%s zAkMqC(^x|=?mO1l+DH=l5gT|MB3BfX*Q>a1Cc(IW3_>n1VmFz~i^RLi2>aIRE|_rG zBEv+FN00^F(zo^CHEnL`tGny7)AQ_Vf}ne5Dp?)pr2`aPn@*RaXW^FVif-aCDl=&=|@+-eo|_!B?e(ie2+ z8C-6GX`<&O_;^0H42x9H-uUV&SyJ6s!Xa*H_lfSOLYZ4+h3Kx&nx=0Tz4V#Vo|iy4 z9b1M)%9`TEV%}PbrKvh`xE2<9;&8{c2^st#W^sNlL05Xz*+TpLphul`vXAp2<0(Xs zI)x}t3VPHT!*ikUu}@ri>~naK@cfm>K7Zv4N`!r;Aiy&Pp7`a^3GhsTO?rI3iUgRT zuOUvP1=?W#_in8OCe6oh?>XW-`~<(r!%5}PL7b|xLfdf?MTB^dhbMG1O1xJ1Ta0Ay zSg{x4NGt$)f>cXihDJw4^Og{2JO^47-w%kDaTVzn!$1acl>*X^*lJ-uv?5mY2?|?M zC*(b>P9>z@BQ2dii1cn+fbgoshR$S*p#95Hor}Il3-E z8`f6&jnWO5p;PL}zYLl|lUF14qte%lE(eRF+`95S!YpbZfUqv+_qkL${brmgs12h2 z5!N}6&czy>e?BI1N#oSiJXM>X9(w|vokHIZ3vP{^LZvYPxzw%G( ztPKG9g6yr@yn-MG(?V2P;QE3eu_1t(Yzu=)+7^b=!Z6!H55Q{ka)jtW3p)FUQXL<$ zp|@k9L&}FvEWO^g!1Tz~1K(GX%Xx*He|7E~_~8~9WKBg_eO7%e>D73YoJOdcE$MqBl!uGf(8HqzT>P!pbFf}lX1Y~xzbX&G z3d?5Wn-4WkeIh*(f6IuKI zI!N$6HzrtOt(D&l6-%?&Lt_6&DBKKV*>e3P+3&#SAdqiSHvLvG2;AFbc7kbGNWFJx zV*DnQd4%U)duk}?5&LE3N7gH=69a??MmI-;t2kX4-l+jdnCvZ~8i)wcgx71F7}a+=>v z^Q#pW86rPo107^bHq-o*j`__r{|n9E@ITF$VH*1h!%!@yc|B*`<(Tj9x6Lo6`8Ky} z?-$ejc(U>}KT`QQu(^dC5KEY0o;AI58Wf_JGhv2Z5^UnKAr6Je6kGG zR69G?lQ$Q{DrGW10Nl*{n^4qZ3#P+0Ag&^@48(gN3W#X31>8M%g4h9~^e&uG zeGIF$Ehx}AQrRZ&_ z6dl4>y-St2ThZDCwDy^6#WmQg)LJezWfsW+X6m zbdxRw^SM$`JsPw}Tb-4v0fYqMozdwMQfAf3RQ|HhTm3tvg@Vw^fPaCsx9asUAdcfa zNkT_D$~gIg+_yCUrWty%5mQAlMT?OcjhGq5==VmPn_9?xXvBPI$qTn4m*ST4Tzek% zTFJK)3~t>zhbV_;<%wxC6-;&psID_K(INASfhZB_Yy@Wah_X1P9q30!Ag zybdMSlNm5z-x=^svAQ#0eL_0+Mj!cO{T}07EUzxBMg0H&g2Trv&)y}R8+^R->|IJy z9TNC21sw>c1y`|59TJfCajD>wO9lJNwExFK*a>Ce%l{MOYhRi6|F#^YeP!DJJ8ApM zwEqv%_LXV>pQP<8)BY2r?JLuMKH#mcO#A;LZC{!8|4lj(=9OtbE|-Am9p;s3zmUwp zFt1GeJ(3w7=9Ou`PmF?Rqr<#1?GK1CU?zqOpy>|^dOIV`E7SgT$;=A#%CtXITnNeB zFt1Ge>+qDDRUPJ)X@6aD2AIpjyfW>tCnmt!k}$7K`?CaJiM%Y#E7Sf0F$1vGVP2W` zw-8r?xiQQu)Bcu{*%aoLX@4upYz_0uw7<1vc7%Cl+Fv4WhR)+*UYYinO5gT`vryzO z7Yk6&vsQ#xrv2*5w0{E|DX&cXZy{-4nf7mFbL}hB{@dBwC@#piL|Iz!PH^e$P`aJL z-exJgQkGt$OY2&hyfR&jSEl`)1j}pj%Cx_;P4mjMzl)^Pg4e@{|4~4q_C;z|AGI%1 zOVYkbElFOaPRpTB>AQgX9b0Y7{~Z<3yH;95mPC1xIxSav&M7o4kELpfD*ZeKBVT&o zTrXK=aX($0W;f>?&F5KlqQTl5z}B6LaT~0YOY&J%8LTTypGbhL$JDCZ6N4^T{~ZEy zSQ?A?Q0$5NVhzB3h_9?*5yhc-aTGM$OmS!&%{HgY!O$8cP_TF-${BcG_D82tEsv%` zE%6o1zfr24Xau^zP-~*qK7?AGU@*H3xVnGj1C}#}(*1$rj0Y{7P?$#i)sp@;RKFFL-B%=*L=CaFtlMwN6gGXrL zLiireeud;*9Lt3pz6Y|tJm`sx8V2*Rjpzs~cCr=RiLGjZjERlFcQn?d6u!oKqw+?v zZY|+vY$wW_#+rdHjx|DgS!`l+%pS29ODwCi6&&0Upvd~H0Q`8l2@Yg#`V@6pp}(-} zh}^slv?r8_42x_a?G3#J-y^s11|whSZcRnDo#Av^uhhbVlec%tevg zNN0vxqM4D~N!JSXMk^wBu&!w6bwo9?ndNmtUJRRQl@-RN9msKD2jcKwu{(2wAy1ecpT|uMI$>#qqeNslg3$*2kfQ} z!`v5nkhCYOYMK>!h|`HLYbwZxi{Nrr*7%F8$RnLWCbBLXGuDbc%1V2Op1=T%JVtwG zgh~+3$m1;U7uuK!`U%qgLq{=OBRgq)K-TOFVdqK4Yhb7zCW*){(nCUjL_zN+Jv?*= zIx6xM>2pE@>DbexM~9Z9J&`>#P}jKZ*68-gUg^BZ8FRrDEAk90^N8%XF(F3wk@1S` zCkcC&j8EiDnK8zSJV(Yavb``9d7ex_Wb=GY5TIn&UI2WZ*n$^M>g`+$O=Cwm?BKO__O;F2tCQd`eh7 zz$p2QfrxpsAHv9s9HBc|p6r=~9o+*-BTx3z?6}YOgTYb%l~_+izBo+AmtDx_d`TTE zEqfV5{grG_T6QlC-N@IhCzzJqARo*zdJs;_Zb!*CWFl$VnH;g-{s?R7X*n~hkoVt- zFsuc0@D~G-?`xAzx5v>8faEyx*gX43@;BQ&dqwiKY@U4~d9Tg0nUdda^K6{th0U{l zl0RbagV;pLpS0z4vf-uh=cICgj!MAKRyyZBIxG1+TcHVfTfu7uOA!KJ{Ukyf;u}dLCx0V8%ombIEI}q1=1XiN zLNd|tEDk7-pn5-+SMpEW_;i?;J-sLswp(ZkWr(cs1gtM26@r;4!b91@ zwo>8^ui*q%DH&gQE2q;_B;yZzIo{&ZSRl+J%Sb!f-2Cvb3~PH8mAiX_=^&Xz_!P#t zqhtn#d3`g|Niw6u9_(i#oh36PT*)5mBAM#&Puv%DmCWk!W-{F*vnf1`^JzjdJHo5! zPItjkz9-zD{nA4+&xS9gJ3U1yTK!^p3p=)#=mzG19V3>@m}Oh(%n^!ojG43p!OIvn z$MrT3+L?$97JRRBm@A#g5EVi%6KkksL|Co^&Xy=ocpP`~!vt3&(MHpzU{5$)GFjo3 zOp+0@0r}zO4EspQl-ZuWq&>;7^0Ok-L_Jgymb=F3G8wJ#4UF0hS*a(ypZPaaqP*cS z+j)^1k6bB5@P0IUV4LQh0kV-kEALVCdRAnDxCUj7Cg45Rk%=;LR=7`F=uML5ec^)~ z1xcAB{_uOOYqDh0!n|AC$Rcs{+DC2oP`EW2WovSLi0Y~Q`$3pjaM zP3)CgSI<1;MXWJ;P{bCa>pU^uzh}j|NV)|`U#uFD55#(*T*T%hLp`xi(f!`ow{XiB zyOD=mv2!p71Y+M{1f<1g02z#}M+-u+#@LC5V|_7FA~D|QkRF?jJj#ewAeOaa-Jn$+ zs|03o>|LxRE{ipS){@vz#7@MHqWe9u!Kl$2+m4bMu_O|*I+iazyi?Y)3MDGaE6@_z z*e1Gl6TCAq1Y#eeJlt*t?Kc z$Bv@Ci(^Zguyw!Vdr4s!?X^VVF*H?(!cP%hk0^W^#=W9&GBkana4-D!i^50XLqHTB zg%fF_uoFBDio%|BOcdUVc!fn_f^(WE{1b)gqOc>HlpzYAMUG^O!v7-RwM5}a=tV{0 zFvx0)!d>vZjwt*Oy0ES&d=>uI6NR~Gczsd$3w()*!q#vzOB8lMVYVpz8G+6L676m% z3dbN&jYQ#vY?~;Ygg`D9g>S*@%S7QaxP-!uP)Fe-K%($2IJiUFZ6wXGkR(lH1g0aP(!j1^RWuC&NRPYooN6eRc3SUBcUG6E&LPb}23U7zkS9;{> zJ}ZHn>|rgDp7S-L6?zZtN|#3=R%k4g(i?HF5eyAN{L>qg4u=LH^69yx(?bEoC_RsK zW)|NMpPn!0j8GmLkzT+9o2)GCBhs62T51#;b_$9MIa(T94Zeka%ah)$Ic#K&89&KN zZ%&kDql#H9up)-d|FryBE_&B zP49R+3PUfnhN({U&kCL19CT-S5EdFkx(n%GXfhPiyOK^1y~XlwR8`}IcL_+-*d+wd zYXf|Gj{~$kp&yVvZOipbK=+cCt>AMo5lrvb8o>{}fH@((Kf`8)&W3XO0J`hR!nL6E zGf8?wXSPD|Ktg<>Hwhoa@<3<{(m4Gr(rH$Mr!gp_P1BQ?(CF2yc``{W``ON*r|{Sa zD@)lK@~pE}FJ~I!IgLxFV7+X<{62kpCxC)Y?S(+;WOLPs;>kIm)WidNc*6+R`3KWh`o)Z7O_6a z5l_>z2V1_TXLTQj(*s3(+Di-$>^YQxhGqSL`uPzXb~nMTQu0sl2M4Z1$@;B0L&{ss zfM!K+fiJ#b3{H&>4ZMmPct*9wn5vnYZ!zYA6pefoX9xBI*0L5lNYjVV4~lMa0WMrA z$PmO{(~V0Vy2Y58W1RAO2IePpv%**+>7wlP`br@|g$n}HslZPEh6*f{9bbGey(vp?idp4wf;1L9_D4(! z?4?pRWETQfnX3TLU56VkdGGR)*SbsSDfp|Hg;t{I6#QA~LM!w;6k0!xHeaL^X3&L; z13fU{%U?zLGFWSU0K_&0*iXQ>{+m&C`R6GA4S@KgMs+-!DyuC1)~?cuA5!8s;Z1if z7O!jZXGap!H;PAV@k`2KD_(IlC0?Y(N42;zX^3UL_v}-Kt=2!mL0x$nc4Fc?{}Akv z%TJzhFw|xGDrI+L)>1A9q%f)8DgoK zt0Q8?*BE{+(W;MsV^@qmOkZeKS-pz7gRvwbkkLZ zcy*VO^9EQkH}DIV4&^tZ{CRX!>n$MeRe(JNgaVBSco5~a?n6I5u7qsS9ooYkx`z0t zO3Vy6co!*RzExqG zsBHY1o&2m`wkx63F$wX3w!TV^eXRV5g@KWc&?yTcOR`fYD*z3&heR6Lq>WV0GsIG~ zKjofhwm`RYVe+~{MX`t#%LCuDhH)sr1~rrq2eFS;eQnsfM^|;@4^DG^i>%H?R{Vqk zdrQL(yI}2dtja%+BrJZIF4D8n3Id<%qROz6C+O4FfpJ)Cm*=DW54zGw3EAp+V`U(C zJmty)=}KP%HdMpP6wHcGFvKggczDW6ohoa#wZL+B`a(nLX|1&9A4=`bZjP@rlz!1l z#XokJ5kQKnnkrpN_Zmtq(0m!C>VGJ?5-PsWQ0lFfzEVn7Wu2PiC>8a1n@zV1Yqw=2e%8z3I+OG{NLkbli)S>p``j;8=5ZgC378>`}5 z4Gw1TbS7FkV%bu#G90ca8pJ!@QH9NAx*g0OWK}JW)-tKOIp46bxsa>K34K+ZA zHOS~{2^wdB`~@lo%W7EC>nA$iQiEzHgWksxbfyN?Oor0W5*9xM&C(zv8Dv^@`7A+< z1g+Pg8Q*u8g-m$no}Qp-=_w7WnJz0oOGqVxj%bjPF4EF11}NA>g}_S9n-a9c0JYH| zBcmkfX#>Pl)-vtNYFN^9K7E>_K{c~ZPr?Lk(4ZPwR~b}u3PG|e10c$3{%BaT%E>ecSJ81z|6FDC*^oz()6yhqy$aW}`d$TL4!U z5PZ(DgFM(Q3&=AJ?JuQ;CV}O!DY$#cKpwhf!M zI=)34wE}|6rcUy(ww7(Z%4*1zVZt$ z@;mW3`YXS5wPUm;1n>C;7tx)nCgQ&b-}Bolcea7#S-;?+NT)Hlq65a3+(8GP_6rVd z`A6AL+s2CGtYwFP)5i(4lV{}Q56%=!D8iWnc_v_opLE&%$lPxfjNNt-Ov$br{rREZ=^81#_sue51iZ4s+%nipHdYMbV@7O}>rd8tLLwP{{y z5!Xt(^)G92PE<9K*GAyOHO;Wd@?DGP+Td6T3rlN(`vF{O7KkqOJ%kpwz&X9RQi$sAS~4cNK2>(Quv8NuE%kv!T3QA|wQg%oORN27V2+V-+D}V00n*a1+R`bHIF=67w6w;5t+uoP zu!@=hY3U9~q)(rvECoMG&}!=a=WG2RYfCL3g{7JRX=xxN($Xprs&(y^rNJ!02U*%2 z14p**eOjsske2?^mO4L1rFN^8mBZIzg1bjC-+(y}wlLVS62y)>(JVl%psItN*Pv%(h4-K7NZk=*d$BO@CAir=UySS0zg9$dnqQ~4b7#{a= zBa01WM>leqfvm9Ny$s|yH*$g-InF??bR*}vk<|wBaX0cBH}Vz(`I#Gen;W^yK&E4g zHQN5D8~K5Ow4J4jnHd_>PBdZniSNK_EBC*hluTVm<4z~~4Lfk&xgm~U1d_IUh=4a>22Y2K5&w26Mwdoi%=UD`ysOUrm%@6wWTmo|d@6!ff^EcsR7 zi{;q+LtwsPyl_};K#LJoC*|=}1?RA~K+2{6*$T+~IMoC) zKSnDd^Wz*_i2R68RK?7XSxTo0=eK7V<#vTkA6^lax76MWsJyON&nn_|32~bL_~oe%*w zYN6ezN8ApyGmz8W$R|uBcWw*R&h1P?XT4kJ7njrV2?lbX8@b1{Znc}DkQM8&Z@$7% zvyc~t`_CI{mCWn;z_(YiVO}>j@yzQUO31vfw1u4a&Qir{-s7z@MSPp1Xy#x2uAM_8 zoJ9SpEfSTd^&us_XD9dzawX51D*Z`44>ptY;BfGEA{WcFTSIB7X>;iQGyi za^Wr{?qOBwK|61)@u;TNOw7ijtu%2uKREcAZNLem${LB4dg~Qa+w=>fq{I{ja=tOUTPqJawG3{Bi9$!4mI4qc4qfMLgp(bruZAGCg$sF zCZ75Fff6!bkJ>`!>({DS$0O1Haif4VCcdrNElJ_W!=Y8@>l(#607bIO= zh0_u*`Ru*<;rYe5H5}|_SjCQNK{0L*2m7#O_s{RndwIpnzGo%BV?it4CN5s_@pQ*0 zsDxwUHQz7`E~_?kr6j?fq~rbM%Hs9*BQt^-N;-wa=U?S8h5q5 zxf}VMfgIpQR=ANL8_2nCWM?<>KL+x4H}Z5hGQ$`lueye(Vd>68^okHsI zDo0#uyvkD;dT4CoMEbmMAd*QQG~SIYDq*2KP<#WNJmk!Lnpq`JVU)dYXB8H&@`H50 zNo$`CSVc{Mw6qoyY3WUADSnHx!sXw7sAHbOtC8k&VzJkYEuPkScb4dN3SQSfAJ;#2 z8(P8kN~?MSv^>EUa?xn0;oV14FUyL5Z0L2@P;#t+bI2PokoIEu@O=F7nW50dtZe%+*@@)h8tsB|djr`6)#yYwJ(%p?r+i!O(yCdO7)>zr*8_1*^Ip|THpK@i} z!9ZT;M)r5tewKlJ%8eZCMou=6U%8PZ+{k4HvQ8&g+s|_&w;0IIZsY}Se zjr_zwu684*xRL)gkUQPTnQmnEo2foJ>PBAdM#c?fCid)H@u-0?&y5^xAltiW= z26C($dAS>Tje)${jl9Z@+-4vjbtBihkuMm?!*1kyH}Z&q40mz0eWM$B(m+tBy1Cl^ z<4dl2X`F#;Q z&I6INO?x~LnWcn05SeNVaUfDTUlsE}#IBzwet6$>uN#3nRetd(0;RkpnHF4zVtG>N zVG#19P_fPPFhKG_o2O-YE43x8BEGaxEcKPWj6!_wqeXo1-#n+`;05<&LrAjC9(`=H zR36)00=|1)oJ$c``2K(#f0?|f`xmVxA3B}<@rA9f5#X=%Er-Defp5hN;fnu;yu2*8 zOdbq1-3$H`oS7HP<-yQY@H|dgA&*lY1=o@fh>5G^;ZP!>4#qBoX@1VZ>8)0k`2aj5 z&Gmf-$1kTUkX$y6Q4B}USKaNPsw)vw-Fx482C@$9GW-g;swa4Suv+6ai)#&JXE*YG zzlp5eqLBZxik=U9aur>v`hfomgLYmI19BC8-7{E4vrw*mp8zM3M(yOH0zk$Vl~b8h5uH}V4m`GXtzs~h>Ffy_SD)%L&K$k3~)-t6f{ zdX4!K1E#=0PIV(gZe#}od4n67=|&DSkbB+8dkiF&7%LUB3+B`>6q5S@964FL?3}ma zUl^bWCN>Tsb(SdwikJgmfz&dwzEP)rymWja8g3{|bt^Rdhr;SbR=Z|OLGFrb&R`=LBWpa zIrDbnB|9c(AlUIN#ZY;sTlt}y%8P(+tCfMj-t@><^~=+^xHU-hvf`&3MxS>ZeY&Pm zcoZL@@Z1x9t?=%1I`J_IG6WF5TZcmc{jxMsaosP`s?XL!dd zybA9ghF7$=;`bRg*Sc+9UDGDp@{GcdhNDj@yt<;eE`?`SSn;EV?XTRnZ%bjhS5JRA zHJxSkv74`~USc5iXse7VJVzTtC9xQ3Sd;OYx}w8Tgz*RO;eEE*Wj;MTDhFaXjGu&) zu0MErZZ`8d441_P5{;u&>vZtVCodl^ z+x0Tes*MD2_j7htGwhly(Z=^oU#uo3Kz7S3IIC6@P+A4a9!TP^C{^Ba=7SCz6!P{` z&9>t2DlzXEFVy0*9q|{2c5f}7y^Xz`9O^!(h|5O2}q z!&+R~T#21q+8x7)O-Hn{N&#>Xh3}~(XDiE6# z)QUfEh)cBiG4+gv75~f-57y#6sfs*R!aD7^0)31K%(g*z)#M;H4t@l?;U1r;ky1}; zJKw8n0BrKl2RzW+&P{Xhj|%#soGyiik@zHou?DDiSt^5IvHompKAt*46mVOA%1HbQ zL+>=LSDex-^zQ%6?i}y$ijY>yT~_qaV;8T`R_3Ox6nO7cYZ32#ia;pbHqJJZ>~3u% zsuL})Q=Cmse-hO2TuIN+Z*EUTD(VzQAHg)hVF+cW*ACW zXr*OGorG@k&!+#QE93hOBU`kQubiwrVThmA;(S$y6>p;U-!e2>ocP>v0b?p5$5bB! zn1$?=V|hmk7?fQb#3M1CCn~5j<=m$S0rmiG5Uq~KT4At%=@mm@sMEx$_{WAXy`&-M zli(eX0woT3#X^*IC@1)Umo#7F|DksnBc2xIgWc`7mO%J|cR5M~r;|=q7h?KMBA9utBhWJq}PS;%!uQ0^#YH_|J z?rMmC(c(%+JlGJ|g~QS{=QyA;sl;4MLxgoSI*Rw~wm;4Yt+j*Q7m9XQthJ+kI{$eU z*QnTy`Md4bo#q3BkJzvfaQl9pp>kQUnL#>zCU)@R45?x%6)ddfM{IZiD$QgnoFTj6 zW2w?7A1dWi%&^$&_$sRFM}f~f@QH*3UhS1XfbSd*xV-J! z=jCnJX98~DcJ1?Wt?~eQdE2$m%ZKfwZy*tHLr|LZ=NxeMP1ixme+fQuukxvhU59nU zV1SO{T!bk0?m;xd`?1D;U4b}YW$^cW+Fjx?$#`aCRVptdzNGvuSEfX5@29XPPoJC( zGZi%f@>I&DkjPUhPk>OCVmlMkMpO9>U+Q{W4N;cFo3K<9AT2e6L|PgLLRlK7EEQ@? z^}QEsOZU=JO@OrYmbMgq%dvE$vZMng8hD@9mWBgXQ4=67Erdk+v@2!l{hB`EMQlS= z>wIs+QcZxg)DjYDX(9+6rzaDnEhkP5y@R!-9kdjy0g#s7)0XPJLuJ`_BNY%+jQohk z-dnV#a{#NT36Pd9gGBnYH)ZJ#WvRKgl;{0YTME4kOEm$~QYj?T(lijtr(-pJD)5${ zt>W}3E!6}_O9!>3hVMC+N>u)0$jFZ<^j@khT>w}`O@Oqt91`i%i_%j3B9-491zVvm zN5bes&PcEqO@sKFZYzGJ0e(S)S1Yg;UuTHF)#5!VTk_$$yA4nT(}S$=xMSl9L)=n} z^FOiuvEq8P(Ov#kgVY}Ah%;0cQan+Ms~vHFLwuzc?{LJ|7~(s%_^=~>%@9AQ#nHps zwG7p>tox`ICmeBqL+l-{JfGo+*BRm_TD-{-e{6`mYw>-5DfFp>T4;W1*q>bWAFj~gN*FmvHjB@c3+$-zeI^`-tsZm%sJ!*5%!R+q;Et zJ=`ti9jxxdb}Bc5*C*7*5enz$vcm~1@VtNkK<4tMf^8)@sel9W5D9`g8XJY{~Cq( z$$NKS^6=i>!Vm2Dy&@Htg0t_1r_UB5>eJ;c+fLrZ$kFX-%bzZoQEEgH?2PC z;Z3XOe+XXQwECdzqkG89h0%j@1pEe`>*a@~wC6_%=hez6yX5k7RLrBFnTd--V)>6R z@#__qy}MashdC!;9yLt8q{Ux8@0gO4`wNDRuQVuS<9)+M+PTV|-;@n2{-q&qro|Cw zIsTg=K2?iz9dYm(JAhmhUto)avoP502YMPPDI;;2R<3ZAn;YWWw78EWZfA)1Xz_WD z_%uWOi56Em;h zaP|k?ZQmif-O~x6kHB}nOQ{iz;f9^~Pz*Hg%XwO~4Abq`v_Hs`e&cBy!cV2ZXY;Ls`P%ko<_no=df*;HR)u6Cf>>Kq4(o z1p!NJXa2T?v`{SM4~{WCua1UK??d(oE!6~+9)aWlBqjM6yrtiRYxfz3+ZoCblk7+M zBB!_o&J;H&Fk9V$ztjLmQI!Pl|G2wdf4lWc{9hQ3Z!xf)HTEVwCAQmXVxLtE=aiW|FJ)uFt4^yD|0EO;N zpv`C`;=SJnA>NgDJYp9!l+wp}h74&VZP%;GI+(&P($x>tv6ihS(WE2 zv9WKm%D%b=lY$a-gwyNKNk~qGq%^$JvbKYWUu)Ez17+!R z_5bbjJ%(Nft+&RN7}>v+Qax#L)>tjYWVM| zhKHCA9`2*iT~VIflm+_ya(uI)KT7Ktf8?ZLXw8nA`YdqtpEdMv*7^fY{fBGnv%t~+ z*w8?>;-W?A}sapTq0# zM^hnp4KH*=>u%_ne5Dr+q4(E#{$}s@MS00r*jQM4w&F_1fVdRJrBgsW3nD&PDYHXg z)=nQtIsHFde6Hc~rzwx$s_F4TJ!!$?|6Gl~Zd7^+dVHOy!322hfk%JRV-}WXf*biY zh#U~BNi+lT0f`C_wT{8{eTM53#;bTo58BCs-GCw9qQwK1*qI-Zhd9U1f3lX-WvVmo zPeuKR)?Q|4)~jEn=l1$T!|U<3C3@Yrrq@S|SQo;L;10Vp4%6#Rp4CZsU54^raIb`g zrJWU5+8e|g6qgPG@dAm_AnJSvVhV_JNz4WDDv6~aI(?5Oj#CwIXk|}QP0UZ7AQI*1 zl#tUYxMFH3^wA1sYMq3P{fEMOLt(mBn2}PzC3Gvk*8n}LL7NN^?;iNK-j^kR!WV& z9iu_R^}4Kbts$1?O@C?x9RsiaYAkP6>k?rk!}*?jCnFgOP`)1>S;E57*5JDT0HPg; z6(o9qc$-9j5TWA;b#=>ik7s)6s@v9UY$-_vlmD-D||Gi<~V+YHn2 zF(a!k(bgO8Nm+! z`ahv$Gl;$~;57dKS~aCTlr8p?nTvR>H#4KH!dlD;)}=?JpokgP25OGKfPU;&&L{uSbu`o*kX?-j4*5d+LAL z|4ETEKpr+MJ*zEkN?8hWvC0vK`*#dz=5$r*iz%oxlyki=>)qFWMYxv=pD0TVUXg8y z!JAn#c;_3tuRm8>)(NGTA3^Xg^2BE#cmc$u|9=oX7M9iqcO$scMj$>V(HumBUlFsO zJei6QcTIbzEBB8Z?(3M6(db1MZnw)p_c$Nq{ov#|6CxckACeh;G7Z)oZ#N{3B-Tsu2D z<*bn&|5#|aoBg%2M6cgSd7Y@~wYkvP2siv{+Nq}3^E}tjgxA|pek$B6VPWYb;MRgG z-2>t$dfis((Ce{KkRjgmFJAv^2X#@}^z;&2oAGV^KRk{1y)%^(kLVhYtCYn{E)DTJ zT71$G&osn;YjI|3=ftN)@z0%jTJ#D7+2SJAvb+>hJ|GGx9uU3RfDX~nvJ{jLg%0vA z*n@c8Ye1_sw7Y`hUR^`HR*TPc#0L!V16n-65&vk2_iOPkN9?&P6}ca@xJaJ`kJmB8 znN_O6FFV>z3~?JRKH!Ke3~@g#{=yOWFvOF!_!mcfwjo}j#clO898VhJyR~?vBVK5T zU)17>j(Dvh{!)u)JK{SHabT8e_vMawry(xV;_Dpo>xQ_O7T@lOKQqJ^Xz>n5{Hr0p zOpBj(#I?7kdh9kWe%%ol8R9)!e9#ehFvOo|@i9l-&k+Bu#lJgZea4p~yYa;;ECGFh z9N%JSch=&1j`%x6JW7j;9I^WrldL7N>e}gCV|1i&H)L zy&+zs#itTAZ5x-!sHXEly4U9Un}2zFdn_(|^%JDe+b551vLjb8sp)_5!>PKPYH@1%UuTGWYH@1%zuORx)#B9j|Cb?Nti`G6|M^Gkx_Jq5 zlNR5r*D{@dP~zYk>2+!VVyODC;t&Zum4XKxtd1i}u%avT2wu7BATLjrc`k!(-jYxu zFASd1l7Gc2;vV@|Kvu_zEx}a8v7wD*_y=ztF0}=`iL_;ZKgzRhm7-c1VBQe> zH`qS+4O#Mo8xNP`UPV4w`i9_xrNzJNOO|g4UJ`vCJg<+xDTaZo^M}4*`IhAG1TQaG zzAf3jKhb3sxDqNGeH6d+m z3c$*TqU8cu`4Z)415(1m(x1V-0Iu{Th`&fguExoN|AL5tm=7Y}ag%L@d&?;}hL>3s zeA79!^)FHfclCG*7e^TZS>PP1j4<>c)%pVs{nW|Pm^vrwE&bP%qYDg6ziLZ!4ND7a zdLj!PPp(w@T$5)Y7-$LC&_8XRDYpu9-o82BZ z^A{V(X8vBYndaf_`Ea+M(u<~{nV$+iCsjTL<y}5anJ3kgj#?o%2>=*t-%7q5bx6B1F6P3=QuFYMHgC&wT5U#!%bnAh0q z?58Jc_LG^IPotlfE4^y=)0bk+V)WCiD9;fBNAK*X1K{R@D?JKgFNxzI!X9+Sb4r8Gosy&rQwN<8Qtq+|$QN!_v9hQtx-1!0W61p*s>5KWyeK8^>m@t=Y_7 z#;KK+aJRA2+rwra6N$^v%$rd@7|keQVd-7qHi9dC2*lrP-5E-UtxJc3ooY3GLT@&3 zE^;iw13~7gq``)}g|-R0yRfFa<~fxZ>Yt?aj?>-m#Db-8w-Du(UbxG`(o%41z?F6a zagxO8Ao}<~3g3;nd}1IAQH_jJBGpnSO2Huh;2MLY5&oXYXkJHKhs_f;n`c(Y3vJwOVt@G8hJ)`q+48wzi{1dlXEV##CaIM#&q0OY~y~S3Z zivQ}_s1&9XvqA_i;yaC-fdlXrwpr=u)i(V>F+kVY$}=X-!d-bvyOJ%a5`xD((8f~? zRfhJ(Hoc2g%(iK1X^twV@?4v4N6aNQy^+zLCuyr=h@cCF;K5_3si@#W8zkMEAn6uU z$Du(J?eg7>o&AUER>x)Zd$ zp*_oHQrc(O8h_GiA4#{EhW_bm7k|?d#r>3_+vrm(A$WIDhx=@Xf2h>*A<}K|4qniE zs8M3mZAq8fw3l?5q+5&~i~cFM%S-5Xg-zeV=(Ux!)p0Kc`9kmxtPXG6Ov>#hwyW}g z01B0V-AkcSUkKjJ)@k+}1i8N53K`@EHvKAlB}-|{|9 z_pqbi61?%Z?`}ymsQqR!!0$+M3>DucY4zz&PhS$ep}Oy2NlVC;tnn2|UPJO#8-0TG zV}h4g`v%z=k1;*^WsrP=+0lPY)jUh=l;kXuPm;7lvrCfaGuXQ&c{Tlbilo(NE9rX$ zFE{tyDQQ``jOl%nET`iAwjV#SF}Dd`kniiGPq(GecaZEa^JcS+KFTOuD|qk2fGIPO z1J|a|>m<2^i0dW!I1}IoTk&pIxkT_DmA+3(I;D8IBo7gNg(O?hrz<7-1skx8q}3;f zdQ%1O=;_;B(z5$olbkO5QMPf0?8j+UQ!O!5lH-})7un=g%w$!Pthx}Tvq)Nf*07dy z1@EKkyHV1zGwvXHz6`J&s-q?8qjzH@DF@_OJM4`Zya8f3ZInn_HbA;GP?E3GQTZR~ z{oW@){zZC!=G$PqfiH$p+D)vX3HfrPZp-0a-*v38+sz~oF}il?&om)RtusH0fo{KA zEt=Z{$&c8;-TOfK-kA1$ZOm6#_YahBU25M6@`5yB4Z@DCBbkw4&T4wCW!ya z(Yd@5#Wz6S?nxz^g0&Eitnt2@*x{QJq^&!I{6VFkuGN*sSm`@Zv@4DAJZ{^du!g)* z2)mM9M0RgnvxmUar7S{QhJ-crf;`A1TQ>}L7`sHWRb<0tvsvRGU=uBrf3PP%$I<>l zc*#O3TXvBL zR4Ofe|D=7)hkG6jaThKAMTxPn@+`vZht4rT=V;JL$HqQGe5n?v7LM;5;@h?O_f!?W z*}eFWo?fGwuW4AwX)0g8!-Flfu5yxsa(#>TU~Ox^*NguvHtbR~mO-?JU&PD{^KJBk zS<+WNCmOynfe8ZrmCpX^x3~b(3}UPiUf?}vve=sde!%(XU!ZtvB(F9cUJq4#ZkFHB z+ralhm4{H{fOKJ%*9YOrzyWIkh(|#r2C7WMD3YHeFe_onOyH?_2Z)NAu(nfy>wKwF zcKZFrRLpAO0%fIq?ks$|H@9aIte;kD;OpyLdE2d1Ve4F4FSmPnvfvCJisW!B`PIjvE z%JMHAXV2orSiVAB{*2)BWH{$AxE4k*w!jo|&an_W1Y6W1b?yL6#oU7B=g!0c;}(pc zo7cj!xCIBE!_NH!fT%_4+z$BS7OWgq7{EDhY=NcX+_spZxCOhPy9!`#!HQ9HJK$s^ zw!k!T?gA8XtL+_?>BoK5*y`*Oqas24rx3QlLt@lQOcmVx_X+DasQIkh>cEZ|6-AzI zD7UOzYvWHKjwWRE7G&B%d=-7@5y98f@Z(84uP%OkX-ga9Cz!T~KO(SS%KW{tlJ@%i zlcvpr%+G(1^{vZ7(fl5;&v#OZ-9KPPpb>FOhZ7VDCmrj>AsLdq2rQ@OP?;!257F zjdXA~`Yh_3+XC}#s0vQ`<~@sID>Nn_^rc^d3|c`E` zF?0*!?oZO?xmK9%_!DGgHwcgAdm4cX9AI< zi2Ol1D>M>SNB$(8ANm3L6gfe+zJckT zc^xYgk{Ou!2jUU&NM?BEr8okO`0#E-JZ6|V38@qbh#_DmW)?s*5|o!vXJqnUkt6An znU#4SnM}ccotwEEVTjZbm0+qfr#Aspm+u3#F3ar2PO2wH!rGF|YuWTHkp#0Wb1V%M zhz9{%o%t356lo#e0Q3JS`wsZ1itYb9cXyL*SvH#`gqCayAt9t}5=y8`??_dO3MeRu z3ep6n1VKggDN#_=DA=ATsHo2;b`*QXj?bqLeYR&sd=^CE|NWksyIHXO-hV%z-92Yc znKNh3lsk9k-i@Jkh_*lnK{kipA*D=^Eup(8xmi_MsyPTu0FI{XjL>v$$U0YC7UZ)=e0(!FP$Kd9Q}i zQnxf)>XxajN=dDEQnRe^Qm|&sqrUEn=^3{m&p;0iub{_!3LGqeg~8jIXRs!MpREF3 z29Dr10n^}|j8-(nAAr)m;LNnr-=qMl)XHehl%R)Px#S84n3~5_+wHDSFe=@xTYylG zqK3ARCnAr&3>~kAA;h!3fb5FsKM`D3^bQnTML#HjRP>3-|>i(%nHIKzKy8J%u2!?eP=Vhig1$)Q6g(T}5(KHISVxaVS61 zQuQSP6-9?pLMpPo#wjFty5(mjQZBWkDJ%G6ntv?tR;=h1A*=ORv`x#7RH;)?xKJI< zh>MHRBcR1bsukl#g~qdlH9~QP8fZnWAnwo>Xoz$Y#1nF1oQ`xBWoe-XQo2ZSW1%1D z)~?1YxAg;3CrBdHi9YTo$f(da44>|TObzjk%8?#|%nk9C%8{Oe)Q9$?cZ>8AWL=0a zRgUx)WOImbRgNSC*&bR)bNZ-jVDHY*2-ZtqL7oiFpgH~2B9!{s&@HUk{^|n!?a@AB zy7;W6k`NtIe@+oIKVzvO*n1deo1|v!WLx6jZb`V!)36 z4GHe(ooMEs=&xw7-ss=)>x+Jf3do2K1T_@BjvYm`4St(jZI?ng9Lcwa0a9AASENpch7~RkFg_-z6Q8?bUgTTqPsw?kG4e0 z%IJ$oIS-AP<3*&Gy%gabZ42kC=t_9qj#j})E80`wQh@GgJ?b_s+MkgYU5ZlK(GO5_ zuIQI2wL7{I{`5qThZEDHUqD%UbS^l(QI6ccXxlJt9ERcrqKnXwgV99@fsAN1oYXAZ z8&dVrTJWrlz6lqf7i|NnRnhSnNmcYCM5rAdiyU3iJCHIrdKzM>J{l7X|0=m$hLo_5 zic65WL_vYoIv*~uRK#-q2Z^BuU=ihFXjq{k@K?kZMCF{!{?jFh9omiZMBFY$k1O8VnE?Q=_w%~sB z+uz#nf-UqJN&9VW)0e29$ajLM(34OX`L7^$=q<8+FNiDDm!|(tZP}hDgWu1*{hLHn&>Of>kI=(A5J~8frxwGhAj=VHP1lyrDxxnz?9jICOwI!y*!i z@zFbxOxFm=TW*~JVQIBrAxFCMcqHVrE5sBYA(+T&^#)RWZ^bZyk~xOuI|;#;)kZ4G zHySFl+7kBrMuq|B5)S&(B7kL%5z0ROq-j=GOiuwgWys3sP@I#Eemtvyb{XXd2v@86Cw6k7nXG z%kqAL=4EFM+61xeGZ&s=WeujsE#E<;XANPptvkv)0cwv1H=u!ME$4+=;a|awJ*3A$ zWc&UEesSF|zesL;8J;XU1&fKAVNe)vBcbPj({)!6e-n)vIE(WE@l6O#;B{nod-QX?ej0sfQVK;=^pL_;vsk1q2 zOIzAz=&j3%r4*&TjG+Ed7-!*>7<0w~M*E+M76yAG2%{UD!? zI2{}8Gjj0Gj(XhawHAP3druZn=R5ZC}wkg3}x~59I<{soC zuK5f=*+#?hr>-e{5WO}w5Hnu(eXD)hQ#^{~#w*d<#3`B~KZ-)$jIe_MUO>z%0hv&0%cG|77eI#$Hg2-E52`XNt&N`uW-)##fU=Jb$De!JMMtHJ z@#~BLnzVdW<7bZXn&CdE)h#n!jQ^VWg;k<}EwOzI;JrDprrQ*q3cUPUqjePwZE6c# zghWe7$C4zUN751R*8Wb7>4-bGP?zSVwn7gKQMQ;?ZDlZo#|N36b7RCO2d3aqYwE!lkrti65-fVv1&yjW>U zC7+Ih-Cx%LuWbdo^j-Uv>AR*>vA;Um6cf!xKI*WNK5G>OBwYRqplqSx`lE1}Pgz^p z?-gV8V>@G>GOQeKh8p95QfOgFReQzS?Z!Fi0p+6_d*Yf|oTC~3g-o?`_KI`LT07={ z=$OAkn(5<4({@JsXWH~7U>4Kw0#Npm;rJud&!z>1Um$<=tQZ$F0vBo9P;>n;R*7+% z;WMah$17O~a7e9f1Dsd02H!?pb{9M=7d}4&FOsbk&k0`B7IfK*q4Cp!>tW_OrH2`- zJx@Nopm>SRn$$J-np5;Cdeqq?=87ARGd9nq8*m(fqs}c*D{gofKv~28Z_GGi z27t1R|H%<^B9OmZ98qsnA_(N88jryMB#zJw*F&v##NA@t+rW$Dg&lWG$qMtu5h$s~ zj|bk43p&8r@;4BdZvGy@Uk0vcA@|5)Ctb0UvygjCco(6?4-7JYJS+ihW7t&?K?47~hRqvbrfDHFE?fi=+*A>JkXa!{5 z0lfU4-?c)wozbeAX80{zn=zVZaGk8M53d}~7c=UAV@4VZBxYy^H)2kkalV+*lejzq zR?`;|mnXztpeTA5@bb(5)T}tn@*sXY7iq)B&@f)L7WQIyQ7?u~H7d{{8viVH4ATq; znQ=cYKvFI49+ofo-HdJDVN{E%Il>)ME4(r;yo0019Ld!(@>7$!uE1PU+@Trjk&AZ6 z9C62s#NXq5bB;8bRvmy#6VUXr#AWU~N1DLBz;)1{l??jI795n%7JXlWUU^m}@WnEn zI<5@(>?ZtW;LP&f@`;O*R~V-Y{^_-NL3rUX|?qDj~&ga(NV2 zq*8dzumNgy;b)4mFB6}@tJaxfY#z!2ZG(#gZl}>7!81*J_Tq& z#Jges4F#MT?@t;!NenHkbPPRS8~Wm(8Jcypp|L*B6$tEn0KGZ(!LXLM|He+%gxIMW zrXyb+vg5^$>wuR({JVK8c6W;Hne~T!_!Mt7Sn`=_BnBk?u@;S0^3e?cVLsxI!Qzij zRlsF*(fBIj(sTxk9lL?+rZY6zbfhV)FgZ^fhdZ_Fn?f!1!yafma96ApXmwj?Qq-hMV1}=r|DTO_sIPbVA zjXw&!n0MU_&dHPbLX)|oBLi(Ok;aNnF>j|S2hAzw9knDHE9OnLBwA9;`)b&Q$4QLc zP^H&L9JH$*qI-*zT@5>}V&2(P3E_4%JZly6RweLP;0#y8Zmama$`tw@tLi=st~VQx zZF4-HLo)jU7r z&BUA9%>D4tB9qhJ2r{oz9bQFRc~{u~41iGp$~G8|quWfs)b+l?udz8swv$TmBf!HJ|Po$o^+5~h}Sa1Jh_1V z0C=bSxm1&{m=)jB+*uk;f#}x-FFLZ|ZB4N@v)~(dN>M?TsU8Dgp39r)ADL;*c9ig;E*62FMJ zcp@a8c!IciA|#$T2)y_ePGdBV-a|VkteA6?V=_}5lXawHt~N$brDIxa$JF*PjyVHB z*>1z}2N99#m=BPvI0hSR$3>y=SD9dZo)C{LNc!c&_PFcMWpbha6}i+&C;2OTs{KSI zK7OTB5pF2!@GGvNybiT>>=HGa*Bj_} zYyn@N3&z<*;LI@PGM%S~nv>jirsrdC{*tVNHK z=H)HiG%r2XrBev(?^8$ENF19qZ(ymZAE8GR$Y1K`eb&!ZqB1H8dMD7XV!`{g;2^1D z?7wL2pgyoqR`Nb@ZbH zu60J?kfdGfI~eB*{bwlEc0EJ82KEEWJKyRV*3x>QU3phrJwtE41XO$Txg)H8$YfGa zt6vqX)3BROtnLAz>4=iZ#^h4}rnI%fE1C9PgvW~>(aLMYW%-%qO_Cn{FoPpg{^ zaIC(cRu2YR$GuT%2ho*8xvfd6Z&oaLQGfU~>}1USokfBe(jxNSgv%J$yDfgjEHnY5`5R+NnDgvD4Z3R#k{@wUW%iML;EU(KFWUX#ui0%7S zhuEnSXh>}wh47OQ6Z%KctJ}~`Y(s5_1EnX_O^m72h)Nq0^nRk;Ca7*=E$$;KP3mT% zr6Zgsbu(p?P0C+er91nKYw75EV|EF67wuG-Nb8e9GkN6(JK(O1yX zVI$DwXvU5>TIl_emv;0Obo4T!;^-^rtmlb}qXlg-4yZW#3VL=FQE~Koq89wU!9KI*Sn9m(P+;|%#%q(~ z#UxJR#3VrzqiC!K#k%9gIvFB0D8u9NlA{cbCx}ThENW1OL=DP#s6iPFH7FzDi6SP$ zpax|O)SwK28kEs*ittLIrbwY=*wd*}zNwNb!`)QjUCDLjshpAbkvZ#0oOSe(O*4yF zYOC)?b~DF`2i|i$AZTw9IF5;!VNcI$7n98O|fyfy^E6bk@RdrzX*BgEX&BA zIT2Zwq-6P@lq`GxL6!rMWnVUIeFjvq9wbEMNa#SRwpOe*U0JP}ku_)u)$M8-A%WltH#)X2cf@OTLgM=uUldW|cxjKax|89zZw_0iOt zYmi&b#rPQzF@pa_Obv&S#8l61I;N}?>H*_7zNjRtfBRMVS#D63w>Rj3#$*H@mVUIPEOSZ0t zz1B!B;<_3>vxaUKVDpNatpH>(^i@-+&Fn4oVrb3r$~uP564%WFR(A0x2`TiSI7(l{ z58STi3SZCf*Dn=IG}D^cFn&S@oSZV?Jc~SzZRU zJT2(jgLP=jr4M|%^$|~(KH`Z#9_Rz@p$Pu;2~iK;K8YTH?b)TzTc({MupA?G>GPwY z@ZhM+mV=`<4|=*+4FsFbgP!iy1k=49uSn|Cg91N~bl*7qR9b@n!@<)v{<(waS$;W7 z==t_k=nn8Kp=W<@P^|#Z5_*2T1E4p+vxJ_X2!{haOXxX3I48ifgr1)X#{xV{=s8HZ zB*3$To?i%81$dUw^DE)50iGrF93q?u@+_eTPn!WUILNbv9wo@AAkPwdY(XXjd6v-Q zR-0hi)F6+Wc+%7@KxPK>A?fidT01w$vxJ_YAPa&#OXvyl=(Dvr$g_l=h?)$fJ~*cU zNS3+~$az65h+v<;+6rx}f;>y;$x#pCZ%vSA2|f90GuYMzd6v*qsMlD7L&y{{T zOXz82Ap<;1=(&!d72sJy&-E;>H^8%mo*P-(Fp7O9(mY<)qf{`>mI`Mot5Q;5byBme z5YG}e<5@yacg6H(JWJ^5p<$jS^z;-s%(H}Pw=>Uh4Z<~TtAIR9n6^zoo+V6gMMJzZ z@e{{@mT9FG<1frck=~jqVV)&S&lPh6OwD6zvuogToRvKpu*b`)Z`Q~ZY!{}CJ}b-Q zus$m*;`*$tfcmVgfIN%q?<~ALi>pEVW@rnI5khQZu>$-wi587=+|%WR%E%xK9wD)wRwwHd7s0Q8USf*zz*z6tGBD*;eFBbk{gXP_aF!p;BuIQL2hr z2Lm5sbPdG`hqUHuvWEldbx5h%2{@rO6BNw>%i9j{ZU^sW`FRtmKGdxxiXXVPBLus% zPrw0ED(OMYMW^bFN&!kn=~m=Zbc`rM-^tW`Cwv_0 zM=9fk{!DfUK1A-J0kZ+uYYhZNL$2kenddg){&S(x8ydVBNr8hjX^2*MHPS;v3A?Q< zZ)og2V2IAQLgOfG`CkAz7#jU5#mr}j73&xqISSE zYMrDVAaymF>Ba#kP{rK9KglzN`7N;g^-xq4I;l4l>B>D>D-w^*pg_#>&xhR|Lo??l zbDO1^Hqt?-v3rhb7oSdn603!~9%-RD8z7LA1}2r$2o-kD%lLKY{DM5amj74~ib7{U znAEyBCF^r^)<)CvFQ{n?cUtynM9dguMY?KibuVg8^RM*)^>IhXZ3^r(Mf7l@s6vpxuc)u>da-?aqXYvggj7 zX4zfHUy{w$cDpO{stRxupj}5Bssq2G!?L>(t_kp>)9y~$+5oRQ?H+`?26!oH_axjS zu#$H6BAl@NLr~&TcAq`yl64{brWCSYN+J8F6mkHCO(6#oHiaBS*c5VbN+E}&6mlqe zOd*F6HiaB6g$(er+8)95ssOL6?U96Q1H7=dk0IPu7jhKg9=edD2`6+R#}MwX3ptkX zU@P(k;%TwVKIITgxrlB*m8C)VNO&fbZOhBTHp6({Y8*%lT~_2F#7Mo%o?VN?>{-(- z`*cD$ta~~hvvLMqhNnPKsy~vQuHinY-08CC&htb6*VKQO_UKoH=V_15f@XWZ_Gl-j zFJQVm@E`)!UP#yzxQFl}!f86p&L*55C@247%6bDAv$-rG><<*9Chcpqc@Cw2?f#WG#Pqlpyyvt0&!f$S z?TgDWdInCXvP)QKEAR}J{e`d!bb_KGTzK*av;9({Wggt?wOuw9P zTHqh#zk+aj;5q7FPuLqcjC}14gnfaI;uq*rIX>%=mGu`ISo<8Rc%f5lI zH*guPx{>|~26&#$zKQDFw0@pCZ+;rErL-x8#gutRQ!wH{sg}rv>IPr>)w8U+AN4goA+$rr$w09C(=}xsz}-FrMjm5zYzl zQq0~?xQ!0ByP0h)`=rxnTlPI?14gBjOi&EQpNiW|k1v{cL6_VcpMWcA%kpFv%<?sZHNRsNt096 z*r5b|agCwm4@*0j;i9~NOT~uaL}e9n$Tav0;y)tX@cd0G*g^aTD%5z3DZm#t;fsjR zMfDi^oxqD^Z~R?~?!;wwyXJ^?91dVR#qz?GV%98n|FgQ=%i8I^l2yi3Y;1g>$g=)w zj84E&I5si`lit$jkUk3x|9`+6kh%;~9jL18Jz#J;J@BB(qMlj2q&!IKct3x(;-{1g z7k`-sF_O!70ox9&;uQcmzj9(__TdCIS)W4T^RTW;jklNKcbwVARfRPk@ZmkkhH*a_ zKQxTYvb6!|2g?ja21T zQkAt*>sLvw7fZEXEi%Qj@O`b~{Lach0mGC!R|xwKCZx;-w)`PBcSTKXYKBkXbRC-- zA8?WriyB`}Tw+z@ZB7QxX(2MGht3Cq>)=~|gkq53KYJ z0Ph0mK;Ck@IaZ-h#Uf(}z$OB%030Mx4B)t#0IC5z4WObI07hY_69Am{t1i_dDI2m~ zpoV54qtieeJPUit&ovA=h=nUKlSR1sTzQ9eJXn<%r;zV)$a7U+t*-Lg6!NPMc}0@E zHHEy-Azzv#Ka@gl2CF3R>yqRbQpgn!d7DFyziG%tP83@viqQ;K8Bf=McB&R-V2?v< zwJKjUM7H8}nrJU&b3D2g|Hm-)hL*cDqigw2a`F-GmERijP>`Q7dX^(S(-_9a|1Xn1 zAL*qgosHj(`u$A@fJ&;28zw4kBTVD@MC`azk;&2?>o@{JImQz98B>gql<0^)qj!p3 zXB#eNd0dKJTrB%NyW*DVmXdwOo?nmdGYZgWOlC75t^15&h%xCiG+u)#JV=r%-NzW+ zeMrL{tLhO_#i!ztJJ^>#8j_u#sDY|uMOA0s*ipx6`1&q@C#d7Vqr01llCHa(DT>#N zSm)uO64(fJss`%M#I4Pm<(}gOJ^qA@eV^~ zGe5^6FG-SLP9b0IkgrUVKT09*aLD&2$v>x%-*(8mljQKvx~RZYYPfn6=Ng==Nkmn`IJ5tDBIpmc|@(U?sF3^hQ>yqU6Q^;iwc~g@7Z3=m) zL%uUfcAFuVE}!L)A4!t4Q^;!^@{37wNecN^hx~4m+%1L7MS8LP^CWqA3i)G)d>~0a zF@@}IX{5bQXI6Pm3c1iBw@8vNNg?-j$i+$W^(o|O4!N^Kj^CX^7OMw3B&+h+lpt<& zM4JY}Q&Y$fIpj(wh$|PTkpJP3dnd_jQpg7!^2j9FY2B=@9P|WY+lfiC(*j8D>5$tS zk8(6xgaP77WbIc~m}Qx;S=hYqc`olBJsY$XL!HRDNKXIP%@5nQ%`I zJUBiWwki)8GDo<_4S6YaH#f!P2=}F=WA?e`UT2^fBg5%Rx6e4dSv_-DzFoZmZvQcXU(5Plev#UEOk3PAk!{;cg zkB#!rF*Ujq{j>V$mNw{PLrC5Ldf&x{b}XvO>ieQGwk61wnTB){NN+(1Zq#vtIg4CJ z#H`A`hUYBs{Azd@X?RvlyWvF%6LNir7`CNgt8~m^FxS8r5+PpGARsDNDQch9YVD8F>Wzw?|p+dwyX&O#)K zR|K6-l=mu>pu33j=7_qI+6v|Y<^2(jt^`UKZsg4nT<$Ly7hX-ymq5}%Cur$>tM84b z08%F}8iZc@5VD#JnRtS+;TDc+j%KG`=}9q1!A7w8T>E~}1B4ZCX2{8loG+8D*&}xs zd%8NqQ=+AcKo zBRu(rA{=mZq3BOtbl1S2*s9_f8>;lOJoc+UMGlM6gBg zc1H*U7H^C8{8tw^ppH(nj4cl*eavVX#9NuFjvdAuC{r)qU({&L*%*3)1Auntt;*!k z(}T(`2T|96pkD)(j&!xjWOsAOjgMiHBJS$47`?z>3{Cd}%?&1g>SYl20;3^BKgkru zX}jo1N2TyAaCl-2eO?`pR$Z;iX@-UFzSgjq=3O+rW5T$*?@YrcqmyGXL*f}N<8vhk zp32(|FQfPqhx}|Z$RA80OVvzCRzSD%I{2Vgv4A}|X4gtB3|>SJwv}lWf2} zo`%V8t1k*=wr6$hp|@vkKb!zJmdsnqpY>}cyuqy^uFj}8Y{BBR)vfnic?jFwJfewd z=DGabh2pLwyUkrF?m^=Twm_3`4;PTTP~4*ky1WDM>sccp6WsbO0G_J}>y2J+y_L&t zc82L4U2eUj%dIzvrT;AkEi3MYP&)T`c~(73uwNA5YJw2v)-kU)omzf(e;pJ6=jLP5+FRv}ggbeQR^19WBuxx4ucX)Zz)Mr3uW}v%9nH8;_oAFPS z(i;?HK?Zktc|+qQ9YHI|9bVq+SzK?BJG{I% zvb1>7h4*fxxxB1Esau*Yb<0#%rKCoYiKJ#(&A7uW%pG3d?uzMQ?(p*V&@gv+d3y?M zbB9;@?ab5W4zKjB0&<5}`ZfW%!^_u-hWNP1wE)U8Ezd0c*}U=RYt0m!JG^|khPl}*P+;GUWS5sw5N>2jk)%X=qV?veV0H!~DY&r!KP_JY4_pHG z1Y5Ccy}>l(7tCYLhJ#BGTEW=WfFr?okV`N>0?{nXvkMvM_y;cDIBcbJqgO_h-09rt zmC=Gq(z($qqt!No;T8aM-LNQ~8@)m;$|0T3-Cd#9{Qw3!7bDkZ!HWO~djM{h!LnMx zhY5$+=Dn6@I;dH0Dr^?L0dO?l9;LOKhnux{oPvKPa}En{WiOaxHET)G3!gK+6(!vI zE^3S8djh7SaKSz*TGtH&P4pt9+9ro^Noy1;dM*f7^stbl-9e6)0d_^}(FI^}!chNE{M?d2@{H@&%JyQmsaU9-nYn%9tiIQ(Bh?2Na__PrpkjJ`De2b*t)aA)ut$Kf9ZNz1r^l%E9gX7Cxu;RBM5KZDOW z4*zUN5S_6MKI1ri(55F7ZTO7i@GoMhrP}Zr$KhW!X18IH!d@3ki5L`jcY@VY;^tP4 ze#UV)=(>PK;WLiI8Lo-q-iMh*NDyzvAtKFOG&r2WXB>yaA`)rChf9SsU3`cjLQOIt z+;$&uJmc6$SMn*=xlFKHJONa~F|(u;-C%S(=N!?i(dVdWCcBX6r)cZ0XmvBjO%bS` z=*pHD;G%2Mb)`pJqO9KNdu-m(qI?u2x($ss5arv_g3%J_$%szGZzwtvzs;hawlFVx z2--5EyU@Kwu;&EJK3y|=twr|1IwWQGX2Zp6G6*LI0Q3f@LpZY!)5F0yGRW-9GUNo~ z$R@KNM}=6h6j7GhpB+F+@NLQtAb%A$21B#W9S{+|LDdR0Z)I5%RL3%OP}ygmb*81t zrSS*Xp#iB1Y5hUgnyMrm4zi|I72%v5Iqb+;kGAC@Uo4*`7{p|sE0NU~6hIswu68&NS)Pl?xr3bJnGDWA3g<3| z(`|X~CFdM=3{#nm!!4O|%}RvZJ@dude8+NO4;Q-4J8yFD?eq?&f{)i>U_Unjh8p3tB^hT$j1X?|0qh)*ji^PU?Q0NzU+?@n~fpoj) znDG^^AleGn*p{{*1Yk?HHf$eSxw^si2-;)G1f(B;Kq(VDOc(ZzOUvd0n0pRRknlOI z>j|s|un$1{>i{%wp*2;Zw^NH<8&T(hjc)uw`k7 z_XXIytn70DKY_9AdjNfw;>JA22J0)MyQ2@t#|9~12VH$Ij8{aET9J#N%6AQIbrsr; zvpdAyux2TGrTEE)cm;^(Kn@JF0@tHHS3l!5TyXkaHA!TQtnIH(5xmzC+@b}?CV78H z@ERky2{}G5g5y+`75|$_z8%S5Ykjz*&Ff;b?)5J#{DbAyfVDf$>bOKzl2`*HHcg$_<*5>X>n^ zhK+Cl%IsWzS=Aj0!I67J;qs6SD53wr88Aj?69iKI2WJ1>`V;Ownbk6KOYHni3vr^i(Vq312eqg1G zgFvU-*mtfHVrS_HRts#^e8oxMY%SFQsV>r~%+^wOLsp&PVtQvR&z-5|F`^krG-(*~ z`>Vj_@^UI(vxwOZ)>=D;9j${!YweRXRKuMX5gw{@dzO8%fwyy180MmEXD+=A*I7%3 z8t%#!1$C0ED_0ZLR99Umj0AYcvg-iL`ye`G1Ea%+Vyg#KiND^ry8S?r9-`8T*G^#J zM>TfL#F`1R?BOD$#`kboFqf3i3(%x9>m`}>l*}}&dL7N(t^@7t<*J4<*TSq#y;tN5 z&T-&l#59)tcOOoOVzhnvXypk}-dmJwxbrfs?;XwDTl6PH|0FPI{Rt`D3gGy-yu8A4 zc{c+t=*eNIrI0sAbWG+ahoO@|)Wc9q89zRT0zC|AiTHA77;5R_FtiMKyBk^AtzDGm zdRK3WwKkH&bD-;iN8?|TUk0AGu2sUnb8>u!84cM!{YYd-{Cn+F78HM{dCoKPbIW18 zk%t{t{4zuM9{oU%6hh@=hQP*%+TY=OO!C@S_VmzI{D_m&4kW7zgr@>r2FL$$dz_76K)=0XRtD zIsj8w0%!p6HGop`mpu-w=sfIvc>w@aPAcO*k}Hr>_HO`b*v4A+4S>4|90ZWD8bCT` zz{?0^0eBif$2Xh@rR|{Y@fdqit03=@MfEk3bocwC9U1H&` z*-Idn{1?QQ7XbJSz)S-F1aLoqQu3As!Px9VVB3kc1a>Ace&Qb(ozbMgd05$_*wxInwP&3S%PSR1fR#BvXHMTSvs(Z+eLT!+mRvJl!|I$kTn5 zn+<{PGd`v3mRfkEEGF&x-2>9@*}A0Nr&*rafNM@{tKPpYT^C_0vX^(?sCq70J$3eOB(0T3xy!z#Fk?b@lCh0POODFNT zbP}E9y5I@Py0dKYHL!FH8tyY^A?`eWZ`XBtl_Tt4yBAF9^i~S|ZWGM0fl~^Xm&?c9 zD%qo5D(a_tbYlo$!px6q+?$UcO^SD^82JF&nC`JIm16A&UaTL_ZIicb4SJ}1kh^LS zepkbe6?%lYTynS<^xj;1P#S;fBE0ol3Zn7$Z?;3PWz1OD5`5R#6Y*Da2IvGjj zJAt(WQ^f|Pv_Bhz7+zS7AFKtnhK8l88~#czMEXv!_q!s6Awh-{N*+Mc$Dozm3BcO` z;3fd&07~almdO*DOvdF7{RRN|^q-8x5hllcrr?8zl>d#Avq5_ad;^&4IKu>c<)cm$ zh5Mz9isV3GC~Z0nS!5*hMIO=@t1Btp0<=fK zCZ%0wn36Soi4@{P(4|24?IsZ3_hs~!5S0PtzQ8`^gprFhF7R`t|* z%ylo)Uk8u0qqhx16&W^(qKvCej{OL*tmgtKol0NPkX=k>j-NVo|22|hJlE7J`=wiv zmGnz{(vlM(?y-qG4UJ4sJ50q+=M{Ha1IZsd1+{AW8leCQ~)w6~Gw7%crr`OROWq|@r)({AluNc{EBp`ciLRt(B@kM6b=e6e! z=pqRld#(5thQMXVj|>5GA{kjWJl6-ZWR?wD)fHxFlX1S2LAa{rgH6!L2&;b2q;uqo z=b8d@Ql8LEK37$GGA3nKZ+i=H_$`I=G>6mr4QEFyeqsvedWUnuZ#WCB_ysAPk2;+7 zzv1j=Rla37lXL%_NiJDV!(5d2tp?V1M{QhSD|)w!Oe-&tX=SZU886UtU@T3o5yW1c-|2I+(*q4xCJMZUSV-it$#mdclTYVEa{m&&z$fy`@P zXym+h2G+g`Mf=IuVWFFSdtT=$C+*zWpO3 zxs#IP?VlXU{+o>CIRHvY70JH=Gm>v)=sfpP@=UuLR~V9Khs{QEDu7Z_MY0hXV&e|u zkZTbeCqje)Bzv@cuC-=L!|B=ldfSS>mcqNr@N%Ar>CgGj^e65$1z;uKC`=%S%|)CQ zuSp?4?vOt-^=!p=8Zyl>8?$8Y2OWEy7997Ol9I`TN)rn{PLf+0GFw?&A+tzUyr)U$ zbzQe)I)t&wDt=Fj&MAgy%643`Y~Q9ZEq5|b+Ev-vEcLLR!H+)Icg7~k18!8qc|FCu zp*27BKrKBZTSL@dsM1%5&&b}F+UJ^xoh7`U6Gp3M4I_WMmg1D0*NgWkxn5k^6Qp~U zERM>h(%*zlU-LbotbvEguu&<_PIar7VQXM7S~piI z2D(->H$~B0ErI4YPoTQaXk1Ga8yAZG31w#pLGdE4%Nf%aI|*Ip^D=ja;+hy&mQNKn ztEP81$mktD>O|CO?MFI+e6{~&sWNoBH2(~B1?8n%XeM@bDjf!%u-b<7PQ1OXGS$6= z&%)X&P6&)AKi88rs694Kb$t*$znY@D-p}k#P^dY&Yw-0%zoU@i9g-okvMKn`QdZCR zT|pWq9{Yh@!{w^mQm5OxeOiOhpv~`z2FB|Z1eqeTLZ5Cz|q82OQ6*H;c| z9kY`@y_qum4kz%7J9BK>_^8I6nCOg>EAyM_uB;mrZmz~a`70?{TAGq4?{d6VFC^}r zGWr*4yOqXV3+6HC`vm!slHBg1wlF7G!?r17q>O^Lx)H22Sg`AfN%#mFyGdEP4DVcJ zX&>k^yq!eHFw-}xl%|&N%t84}uxa#Frtd=cZCwT>qh+Z=(D#YTYK5R3ZpK`$Jy!Sj zm<*^v?J608q(z{W^abz)fi3_tZ($b-j@{2 zkU5OR290a{>4t~bt5;|q*|ut~S7jtV)9}bOyG?A7;3iVLyi}mYn>^w5)o( zVG?_%7(_0X&q)!#$Ps@j=@Bf?IqtEl??}~he~OmMJqEc4M!=`EOiHtD3T80e8^t-h zxra44!jb#BHK-58i-@r&<7Elg$u670=QA|cljP!+&5#B*?Dd*9oMLN*#%sJG+$E&e zYTB)A)yss&E6*X^lcSbtT9i$Dp3rzbJcOHf)I3d#kv3CkygDDkT|R22ru~NvdNOH> zm&il79Y{^qv`(~TgwUQMZ9esk5b#-wjXVIcv9qS58x#=T%%w;f*9vlWYZ(t*jO;E` zrr>cXtrhRE)LsQiz+kazZ%Bc+Ho=|Frh>MjpsrJQ5@LejO6_4{huOwm^PzgIs6I^1 zLqzjoDjp(=1=PCqE={A$?dVESm-KnATavoI7hTt&itO*HYp56_drGZi*=z1IQ7{!m zepKV8j+n3f9i)S3fn|>asQoK|7Xh3Gphv=Vf0zKur<22fFQ~nardB)$TPj||Psg{Q zVUQ6%?qeX;0}RFxN7J(n%9cJBS{ar4xE&`3tqqlJe3_=|H7TF#nBBU+;>aGis*6+9 zR#qB>?HLN$6y@Qf;SOLIpm|3ij+7r)g2ynWLG(kOw?H9t9JMgP}y z`(~HnwH`-WGhoZk7CUgi{mUdid_*c5?g=zf^(?+6S} z3am^KNc^!t(**af6al`{@DFl0HJQT)DFQeCu|U)1K{Mk{7W(x+7HCN3P?sX$HjU|b z3VmZz;N%p6PJb+LUs9mN)Fh|vCu#woYjLs_B=1>Oj!0pYaElooXgB)K*a+N8oQ7s{ z9KKPD(8RMb-te1#m6~)bLWJL}`zH2QxDASLV78jD1d%=m->5}sqH`J|FkMY_PDwO> zSWO%NBEQ*d)ue};TNb}94o?htp#|Ucd)1_;+TgWH_-2lt=$yz%KV41ap$&f1Pf-(` zgBwvfxH0h&T!ZnO9#Iqb_P`q@@lBs=PkaPZS$^&Q5FY|@e4F2)Cf$ebp5OFuCh-NW z{N@}x$vK+QvU=kB)@b+m2F_9w0~qW0&EBXcE`|^IO+Qmj;udOto3)vA5&rmX)^=iH z8tx+Do4#6EZ=!5&D=mhVY&AKIjhT(T^+}Gou+{mT)EV~if*sc``;m@Opq;p9;tA56lA-fM=IPEsuVIi z{5(?Ot`ysL`r!@B9hY+)Pg?f72oX<7FXSDl0XPUi@HqVNn=uNk@cyR>xH`>Rk0jqu zn3<$mOPTJoA)sNmZ-&4$(d+99{xoT`VSQ%9eWh2xUVB<`FLi-eLel@ z_3_Mxo7Y{KoqN33BF*FdJFws^{Coz~807KN6iMYt4oOWtv*GS82UFzChP#J`d1k}i zQ(*f;*qVNf>{>2>H_~rs_L=(lhJgC`hJZZ2;cZ2mg46NCa~lyf0{mqnd@OHkreyN? zhBud7nE|HeNh;4u`8qScGI=segIQsJ=EsnUp5fspogtt`pM)xZmZUzA02rlAv|kCp z=4}zl(N;{&9tY4e4~p~t0}C=a{&pn$&Ow{@7k@>vZ#vbsrzu`v0}Sw&e2R2B^h@N5 zE{|e)RORb{AAjrv5j)rhaDIwdfg@H3dY0GUatZ#U2V!7rbvwb0*#KLMP2T+oupECG z(|zyyklv9cuzY-kmcN{uj4>6om&Q<=_YqiBd{>|07jIZTN) z=SH9sh*6ctyIp>nTlT^Prb2U+YKdaEV0J*rlq1*wbEGv`*`Fe6u_~d4kc-X)Ld!MR z6ya)#)stz`My%}5sc3>ybIAXcMwp%EpP;q2$}0ue5EYK~fsK~+h5RC^aRPdY)^koe zjZ_x+QB1^Ii$Oy~wCy%!wLx~nB)g@++S0N?M$yy)C>gERqFc{B3F%LRA@^7S{~_mt zQ0{Q9Bj+R)CFcuB58k1yym3Yi_wie8X^WGxQ?nln_SjiS&z*svzL3eEV`O@uKP}*- z@Y{!Up)k6vNue!-sL<~)o7S!T^@jW%3R-}>&MS~>5p%u65b_+qj8kvWQ0BZDnM&^O zF!yItayUBo3PT$V%f54R-|FOEc(WlN2eKcEA+EaNUDqa=J}5$RyZ_(^N93*Ik5UAB zXaU>1%*y{EB_FZjf*p(-X+j;9 zt8Kndfq;){+=oU~DiNP1S#`M+3pZ?QM&dEx9m>Q~uUOi67cLs+#K7QF?a>agA9;C8 zS+w#?7H!`|@BO05XI(z{qG}VmmDtBfFK0pp`}d!qCa+(fHs=&n4(j1fq`z$>k%4?v zw%SMOM?tGRnpp81Qd@6Fg#6QpQ4?y1PcT4iKaGC#M?=|3Q`)F5C~xiuNbd!)+_wNs z15i$C#h1WV1Ir5Sz}KGeikBE6gm6_)^dh?2_<+j8{h`LCoD zugR#P;9X@XRcvq(^*oK5g!K1m3ll450L#7`CA;?bloZZ1sXxKw4=_Bs^M#emx}P(g%IOFsVac)$E$p2PcB1<{qFD1|pug7g10n zQSfi}o^Ai8tXc`dj~Ib^|J27i9M-JRyNW(xzFim%Pnyi@V^F_uo8Jir;t~u?pf2zI zw%SA;3|$!vuN%R3(8Q10{|kjB7LKM#EHpw<{vIQBL@acn+bxsD_84@1-2+2$j9xD% zE*^i3@@-NKNmg5zjbQ9*D0?aY(`Lx$-izc9A(guYfCufWoWzPpft3I&?3B2ghW+>r&l~5ZKMY^6HI<4%e8WawxtB5- zf5&S&-$$C;M9^@D^O4Jun)^9^-UmY#IOBR5c*Z7$i?3n zo5->iNr$-G-RX2dOb|EW9u@}*0x{zhkk6yiqB&+V&1Q?bG8zV{w z&=M9zvz;q!eQqV&sf6d6b02R)njh8ZMtH~NM%k(C{Q96gy0e=_{>?zUkY$|_+?NNT zGv3Cve{K}XzkpuOw2C}ngC4-MNIL+yi9ij2b`SFDqyPp3D15>wxe_&g6I5VI~NXWWl|EEc3raWH12c_cm+{E+^#b-bujtLAOCp zu}kbG#U8|B*G^{Q5Q3d?hiWK!bXP85EuR^qhDj*Z#S(zKiPPCPbpHumwCcty6z%jL z;`F+oDI)WG#r{*Xl@Ebp%~q+|GRc<9C|1vtO~#>I8lqctF4^>W6O&l4x~x5T<$@<> zVh4k!d{ko*yiyaS%A8w~G@D+pFm;fq_qHH9pr|6BaZS z*5biTU97yD4JVJ+TYWi^9AymcnpDYYZR`$^`f*A+!O$@qkdNx5axX*r-LO9i^y8#+ zq2Xjd!;k8&=JHLr=t@tW0O?f5>D@ zpz@}pvW(F(`N`X6NOTZBeR&08Ut@xX>$sm+4| zxl-FoP0fr6zoV&erqRMHwd){`Ht2Ib<+!`>T|;IqKcvaHR^%1qax4VBk%uW2f; z;~dNAp)Zl#jzQ0{wYa0PgaU4S*#UY_u<}na>9j&DXu6KG22L`$@Vb8B(3G-RgHo1$ z2RjerNt1{140gf02ikK@i_jqFZD@h5YS7MvW$_z$Kn-$MfAKD?LCz9%;9)iR4s=yF z;hSa=8sw}yl(;+<&Aplwxv%e$T&^%wlD32=EA??l@Iwsiq6@8X?k4+7a3;PNisiAH2| zfXlmhCmNA00WR<2ooGb12h2Osjt8d0&+LXc7*bwF)czBKr zfAa90^wvy~hv%f{l1m<*lb**^^DHOxWG8uk4qlcv5|otZ=ip^&OtF7Jf8c9+OqH+c zF;%{%$5i>`F;%_-@OJg5;Sn8{U)DO)WhL9smzMdxguVW+3IY2Fhy6UwewILL`eiGMH_w)`2(0asbR?@^E(e@jwy2CW#Wmj7*t`CAkAMou}?^0(On z4%QV{XkA_!WiT&bM460*&o03x&5+4R9W6*leZ_;zV(bLxG zaV7{Y5eV9r3!7{aFt60Gz7F1)xp2>)4y0AFw#6!ffveL{!h*F(z7iQ1tN`#Y0t*0? zJ%#x!xr#ObgU6P&+YI0wBo|LKN7_`YVbWPY%$a3b2A&;; z=T0{oqUK4LGRND1(SuSKdUd(2;)8~l6?9ulKFy7U2P<#V(Uth@k&5(q#r7wo*kN>43sF<0ub@X%@!bVF zCf6!meX8+mtjp<+D9-L=1>#6|CpGL&(x3T%?7eq*RaN#ke$Ktg%{|G@%}wE^k&r-u zl$(%HLk|I@szFh)f+&h3DvE_sgs9_;U2vSSMZq@es3T(;D~e@iR4mxbSg?+56vbZO z&u6W@&pkKrec$)@{XNh7*Ei2|VbxvNUb~#L_5mu+W;nTBKWF0V%eNt>_7itw9w5l{Vq= z`NyE90C{?v+#X2j;9e%W6C~8?w16L33V7s;- zrZ$PWlg?g^axl$q1FbL{7UMS1DEmE%GyGcuhBqDJlJr))2Wxsbz!sKktL&s+;!u!j z-KC>#mPuOhW|^R6vTv5jS!Vl|BMw9iN0O6oUnxZ?OW~xr4st!tZ!V`Q)$mwg70VN` zAqNi9H-7Tvji1)#qp_C8FLI>Y`f~@&AHV3VP;20((pI}gi!5>5UPBx4m)F%gwN790 ziJj%Py@OQwi=98j?%MJlLT&93<}YvmA$EJ0FWWnZF#%c53TT<#)x^oVyV{6^?cX;z z7Ypfyq#@lCh4e1cklsZa(ydWQ?;;JG>reGc(k$+f!l&(nw6gRy7=lpbJ*3&uNc6Wv z^_`j=!dZMjC+lS{yoGl&0Ph6+GniVusWhZFl?r#0<>uhQKQ|*IyFtn2D+dbdrKOS2 z4?r>G($dHmyF)@REscCbX}z>G@-1P#v^4S^VZF38@;za_v^4SqVZF38@*`orv^4S) zVZF38@-tz*v^3(lMD)_qh%1O*S{exnqL-FNvfMwSczS7RB;xh}(MwAsQJ1CFOG_g$ zLG;qnNZdUT9KEzOQUrI1Etp(d8Yy~r-67yfYN21-J%cZ4WoltVQ>B=2VaxU)%&YdReyc;-o zwt&1FIJb*n7H=TUD}iTmvUme&UMc%Ji$|n+6{8692GYE04wNk3KpHFk3o^~(r>0}& zcN64Ys`;Zhr1IpWiSYq1z$L}_1>Shw)sVmkk5Rw)K*DZ}U*L@oVj`hfzgob9C6ySz zz#Fe89F6e{yzvIYvDjJEZF~f9BE~Q9#+wM2#rOr@c#1MLF@AwJ-b}bI#*Ze(TL{<3 z_;K3!5W=b038c3YZjJHdwDC5=!(;pcZ+s}>_82e4iVq_^F18K3$oO!=9kEkb&Jl#C z;I3G-SbITaB>szWn_3|K?ZoJw3!?1%Xp9q0fk!wI<2JP*mvC8(+th+Q!Zk5&Qww5; zAes6Yx2XmB{{-CXDAC2E~yZ9SbT6%Qm&3@8^)9Jukukkthq4C)?D5 z1XEJoLT2V@A&Lk`HREC?pNMgrT2S&N;IbIEsRezgS`*_owIE5j9!VdA|07X$YcY+6 z`IZnUp#hdK`x1&m<~jV=Cy^)|g$gD4B37d4b}*8B5i3zF)Vn(XmUNRk8S_V?&ry`E zAT{|XfKEv7n$43Ju@VExj`1;OV$eja{_(mPlO4?bqf-7v{b?obzKE45Bc-PFCWy1GnN%bi zl7E?7-tOp%n!-yWSjop8?++(&>Ca17sRHch=o@(uSD!A6twUf z(u-nY9Bma|OSm|;AG)>hPn0Q%y@5g%UPpQ|wg+XdXOT;tsE`1PkBvHIccCM2LF@Vv z=&GXQ4?EZ?{HxYzFATH7TM37XmL2I7-bP2CRdfWv+b@SsSI)wrydZWa`lN8K&L*=&(2J#MzQx+=ccisx${R23C zL*=}=xbVGefjHsv-xULS{|+Kq zBbFdHr+gGS9}~&TDd)F13qRqPpJO={OP9g!|HBUr;w{+Y(YT-TjTL^Wn$k2c87}zD zIdS%n;Fl@RUJ<-NarTAaVZ~WZ!8a(*$_b9oPcuE%PjGyG`nSlIRTTUe<+G5LCxG#b zDS&*RnuKjmbSfMP3o8o!RN)(6!IU5eo!*Z3}uw2Cl zcm-8*!*Z3}uw3;pT!_74xoE=2$X;$(E}E$GBHvXm>Npo=(;JqHCXuc;EEjdM5_-dO z(d3no(HoYFrqE;S4a-GSDc|bkuwuEqVYzrEDb@SVM7=!D$zFKl*$bfn;#Zw%;yO#5 zA0T#H;xPf@0!w^%Qd+&k5)Yl6Ce|3DtO(A;5>0v_;#7035%PXbN_fjzrZikDggnme zxKGp&^BzFP5x3@Dh!!1j81|vHv}?eOjP6f3RCM6+xU6{q;VdkNppfkj^e`lgmL7x~ zy#~?1oLFKfI00GPxlW&mTRjW{{p9}Vegu=u$gR5#`6QWyThA=jm?ncSCC_&97NX8@ zZ5J^4!x#P9aVsSGqWOp8O^Zs}xf>fs{l27!i{>8*dKKZUQkE&ZX#O#vG?J3%~YfD2$#ipbA~&Va9wN);bDYZW93r-4<|e>cIjlm zBM48A%_cmO@Z8v$OlK6~1+gO1+X*j;JwkXi;pMUKndTV6zlkLYk0rd?$@>eC#qRUB zv!M4dp%=L9bz*BM^djMCY$q1tC0!b?V4^SU(zu;6uMn<@U4*5y`znWLeQX%z|3!LN z>@}wO8sT}d2PpqK;RSd#4af@DEs#%L*B)^o-nCA+T&_E{Vh@Fagz`U}45cEG%F6$O zNU_@olgV%T|3IWf5C{H-%VsjHyC6Q$;?+*gP>5rWn&Tb^V*Y_t-c2*i|BQv)-DG$l zMikEHsGgP2Cnb0jg-A4?Ux>$tU#V~W=WhXu|JqjI3^12U!SfyW`-Cs&@BIE}#HeJ!Bk0S!HlGRlFP2y5H#m8#Kg`!7wfs@a2LAWD0XgmYblb)-`at43&BB#yxfxO zj~)x@gAIA3Pj0IPd67$RmK$zMnnW6Sb$kMELwInt`69Dey1}WHn`#vy3M!j)^!AY%; z0=PM)nZ2#8;<(e@FR=t}dkefK%-T`fXpSqX!;Q?*lD=h5gR=efQfOe)P#^MpC)^sSt(2x-5?NF?F zVED4T(*C5~NnK>rUx)hMqCPj|{X)sy6)5!s$tre~rZL}j9Z6Sp50v_IuE_F*?_gf$%WMGskEM{3MX35v3 z%hg&VQI48XFLIXpba&X_R+HnU$bo-uPc{ZXyG*+xu<9wiEG@I{r<`;*0oAYXe#$vF z>uGRhe16I)cRbK)DaBT<Rtf&JJA)d0GxwF1CJEo#s` zqJUaP+)hlEZG*sTK{--a8UdPg3%2KCJL{}jrEUzcced=UmusR<>ORBfcv)iE8-493 z1MIUc`vaf-Mu7ci%T83-vHDqn{g`F9`)p^3mV$YIVA%_Nc42^>gDOkK&hXj&1MEST zz2350h6UK7`Lbm>sY6V;IGRpT)!w7Y_Na`e?!fFk+)15c)H#}N5_KI-cp>=joIIn8 zWk{`F>7-_uQgBE;qB+UjdZ3|mNPVbDWDcoi=*(3{$RARxS902nE;b{Ib|NFnb#iF> z<8J5J*y0WaJYGzB3qeeIwCGW5(c12JsmmsFi|^lHv9+mLxv~n$k}K{&Pl0BX8L9i9|T=`q+ScK%pMN-OZ4!3qs|^a zU)22`eqFq#gS8mE=GK#74Mvt$e1~S`g)cL623?>?U1FqY2v4e%7{Xr-ords*=Cr*b zJZpq}L)ePq@>=!~EP*F2HE4HT;2<{QO8V8a*-WdA0quf5NmVE;r6tBb==Ld>-@q9$e{X!LEAF_VfAOVCIG$ zZb$I9wwm`xyKA(c&$wMZz*_a27wo9_qweo{i)yS5MRzac-pp9SADC^H@u3%gET*^m zWVM7IUA1gnIe|4kw^g%QjYf8_9}mjJzWw1t3-Qn2QPQ>ufDZwrt~QeF%#)C-c#g%U z>`v-t!=|sj)UvPl*>@WDHn49~c6iOTCp)Q4fn<3yF3E23^1>jHXSjVb4JU+>QWz5dD$ zulWvo_XqSQS-oyw@8tk{fo0$2v)>CO`)ix*8aVUs0(uu)y>ETJ$WZMKHuqnx-sRA% zG7NUpW~swS9h2VUGU@e*M_h;I|Fy}VzV2?#LwwyD zL#MBML+IE+_xbB2hks0C87943jF9i^)}1VqUJvHCtSK13d%N`*t>b4j5f+dSeBFIU zA(8Qyr3liEVAi9T8r21Za_7=jY%wY007d@Xo`;c;&Uzv+@OkSE=h7P<093uwQ(2kEyl0TzHwAzf81U83lxXs-SO@kf35ytUOKKkCBU$&@^%Hk~Fuw!0heA5E<`@-+2(Ro)Bd zm^7W#Edlncmfgp)Tka3A#c&7srJ2j*(Wg9dl_`(4mc>t0@%|Ps!N<_1@(jABtb=uS za^+vNR1eQ~IvNeR1kEIw*i&k>+TG|_{z_&~wr@D$E}zcJkph3kCv{$j|M=^3N2mRO zbV;n!en2|eZ*t%sqRI9RDBMppnVTB^yrbR8_ARNLuJ9E5c2lXm-PCzAO3Po#oX&q? zkH}v#(Rm7tfWKr>=Ps~k{))Rh8Bfk%Vr1v@Fm?Wlm&+$fvYfu4oA;xRnWFDUZAI7n1WARgk(c}RVwQ@ z1aV1`eN}1=QS+)4;b=M5`7dXGUI9J1Jt+H&13=c>gR;Lln<8?1Q1-Wk_4c6b?+EMd zLD}CE*4u-!e;};42W9_ASZ@!?{)w>O9+dqvVZA*l8_OafdV3JUONi+0K?pA)qPGWS zXTg|pYAv@1A-rTB5WPJJ;Uz4s-X4VT5+ZtgPD;^o%jmC1^gg0!b?am;0KuzULvpwFCiR>UW`O?ZU&g(yG@Zl zGy4SJZHn9|poW(SsNp3nQ|vZKeTE<2ZF-jqIL&i%DoIK3-KHFgR!!uQ+E1u_(=Ixa zot)sCb_z!2ts5`GPzkvR$CHvc9^bn0qAXR^<6AeLCnfZ_=l606mw9~a#>*pI;2CMynJ33K^Dp<>Y7v6)b||@$F5olCZpW zmYfE134s!Un0*OFA<5E3OfZRjXx-dp6yhsgx#F2ae5EV5Vg@8J==r8&g0G3?jh2Sy zYhrm4%behAVtKR0ocNkpUKhbW@(7p8vHE7HCFK!rQXb(ZXD9^oeC5pGf*;U?t~ zZc-lMCgl-sQXb(ZXD9^oeC5pGf*;U?t~Zc-lMCgl-sQXb(Z^$~7VK9U=oa2~Sv zMx#k%6Sa}~2shS2bcD0M{;A6IRtAwek3wm-JPtm-6rjYJD$W zxeK9y7?qU)VwWY>OifF+TH@S*WWo}M1SGefW76CfklbvEdjurcTjC7?$<>y4PJp=7 z5Mwl<^U=rRAUvmBo)YJ-;;0DMSWVh?D3`YAg}0dJ%N6$_Ik!qY*JiU4I1Ek3Key-Z zD7LtAwx<$Xuo|kA!@Vk(rki>Zmo&-odzH%~ECOCB%e5-Gc;^b>RdQz6&t*sChP(TB zO4@6yWJ_9W$o`(R`k=**+uu-&Ym9L9lH>6FdVnE+U=~4ZtCubTxz3OiHtFhxOAdG3 zfri{_$yIX8#UMkTXUY9|!Z=tO;3X8dMxTl`xPwsl+%~Rqo7^R+tCM@>2p}oj&MvZ}H_$<15ns|EE+AJ7;!8TXO+d@V9==v{*lK&BT+HEHrTW$|nAY%}5`AMB zEXMG?Qhi$}mm}UEl)97I->j`?=l;mipY<{>b&A6V6&(yT%C3&NKY#7no_2yg?Mkni zo(>5T$(3BfVl7eApAq*CB*0KH?a!FI3{8aoJ-PPOQR)8N1H>Klr)>f0&&?;N`*WPr zc%4x%Lx*WkF=gqgEGLH@Q8$@A^#prry%9dl@2O%;(ArZXa2%?vJ@o{8>Or8|Q%|s` zz9(0D>IwGLuvctPJ*7>$b$}U*<+9y-TB)r*^_o#A$Y!N3@TvVteMYIPed@IwJI^Y0 zqoqo3l)2A$=fOWo9xrl2b394;B~~%&^<{c56OMUnnaV4K6V6~6S+7loE}p}jTrLA^ zi{B5=@;wUt4M0P_4w)VGgDJ;${V?5W{KTlYK)vxNgNz0;plGxvJQWB=sTV%SxGX#( zUN{BiyM^U*8B3UwF(Y_N#>*}2g=QHmx3C9N()zcs^;=|&{FN=#vhQ#ta4SJ+p{RTN zN~Goq`ESxfcmm3Y@^>!+y+vxi;aY%dF@(foa9+(~)V;uBoycO`QBQLD9pQv0 zX`ewCU*<`QXA*3x8#7$zFZpPC>|&5v29i?qd*I--V(Tw7>zU1rkN+FzIif zpc)A)B}S6%a8z!qU#2r__bk*O$v=y|+?3 zYzi_1>@x$2?}NN`1`zaQpkgZtcfT*Wtq}G7Wvcfi+XGntEKf3W8Cmow~JCkgu$Cw-`DGg#76z zq_sap;C9qY`(q0G!@=Dc+86l>V}x~<_T*6=W(TEo#=!|u!)j`eFe)8xw<;ziRP z)zIp0U&CFEGQU}i+cY^V7qT*|%^3U~F#p`1Ma8x+Gx!Z# znL<`(0Z^?>u~w#QpzSX4bmdA-``C*)jw_U!u(HPL`#y_Gs)wvr4=K|9#6ueE?te36 z(Elsdx(6SJ!o%2C)=n{QfsMs$g?3;LwrpbE8&{@RHn8r!jQTlHZ(L*$nNd$P$PQ*y zF&vga3<2V*IR2EzK`JkL^hnWG#*2)9Db$%-K$1yHJSA{ zncZNsTFr!+)!zs(tJiE+p)L4AZEwXf6{1s?25qC_8UeZ;vK*EyY2gr z#)VM$#ouZFJD#-i7n{>whAk3*@wZ0X$kc+f+|l+JH*$#E{v0fqzxbPD?5#hAa_dif zGuD9o#ouoK0{`(Bf1^E&N56V3YnJeoC!kDvZ;Lt1a6tcJAS zPjER_XR*r10BW>neq>L~qZ0R*ABgtM4@7(B2ckXm1JR!OfoRYC*l&@HMtkPx{~NH4 z_RKFQM>DA4z;PtnGry9soIB_DEzIVg6(`P+j6_)=jrPn>FeTLuM0@53qCNAAnY>1O z=9lm?SdI3~??Y9M_RLQb=DG6)_&*Z;3bmJLPv#ql_GI=Y6ot$-{AZ&zB}_4X$(xXt zFva+#&m#p5Q;Y|~6yt#~#rWlKvbiNpF@6PM4O5HvX6!-#@EN;%_K}Q{#UKhUbUDHZY3;X zit%)qVmuwD7!QOg#sguB@jIEGhAGAaVT$oUm}2}MCaz(M@q5`U8m1V(kFbU*#y1ew zFva-&gf&bt{s7?x5~dj6SdF|6PBKg}{-6}zEoGQu+=MA68KxLFVTwtHDaK8hVkyHE z<0eco$uPyZ2~$iS>jE)hib;kk#vheOy>60Wig6RBnEW@IGX6L-&2^IuQ;csS5_6Lb zQ;a`BB<>~|rWk*cWlp$BhAGCMB2wZe8KxM2x&@>%H_0%?_+}#YZjxb&@nhAGCMW6~XNl3|MR=XU|8(@io=F>b;XlMGXgn=r*B!xZB$Q705CMVMmz zWu}}JN-|6_{t6kxr3_Pyn=r*B!xZDMQ!E}zGE6c429ZQ4 z$uPyZ2~$imOfhc46q5r=fxJbr5{QxW_5mn#GL&SPV*DKzr!17@d%p2^j|8W0D9JFz z_B;`H#PU9+9l%0OtK~>Nq(`hAGBBkox2#8KxNjkoiP&lBG33OqgPlVTy4R zrkG@yV*Hb}NG+CA$}q+Fe{NyY(Netb5dZW6!Y0gy=4DVO_(AJS#|=-^NR^nWI;s$VT#o-Ko(YT6Q;P? zR|q@hepq5b{q8swt&nG074l50LY`?=$TO`9d8Sn%&$KG!nO227)2fhXS{3q4t3sY> zRmd}~icjDbV-@mDt3sY>Rmd}~3VEhgAu*8BuSYkoPxoq_q zpJ^2Y!V(KQr4}(h(<%srB^Ct25({itA}c0gi3tfytkeiZP99#kggnk7h$}S2z7qfG_BjWl72oZI zTr1AOzX&X5HWhOLhbubqZ&t-$K*_G?L75^IF9FV}xD{};;!ynSReS_Wu49rLu$IZq z1>+x1Rmg3;A87R}Ot*=qRsAo5DO$XfcPJitM%>oVAfmyHZ9>-|$DxEn8fZ6+FajHQ z&ZfeM8f>goVPrsIR6wEKDD+1;vfVM<>lGb^M@(bs7EK`JIIb&PCvPNVvfK&0NkbEz z7)Z235_R$(L>*nX^Hd0FktRz@PF@)GiMUg56Kw`(?qswXoHCA?5%&liQY7xT!-G(?i%jw6? z4EJMMvtxTmrJ0V z$(JL_J>=^i?*kto2k?8Du%5C8G#CEX4v;g#gADoix9g63?SR8EDI)Gp-=uwVy(RN9 z6F=_GIoFa8oelCKM!Lo)%cH_W4SCBsR{8)`$6aj5T~@kI!XyrpCg}H;>(ucNy9Tu~=+jkvNHwV3fX#VNl;)b9m8kdMM@+#}s1G1KNt#NSbFH|wl{ zflDQ&XueeRXhCB6Qs83*N#sjimkCmmFJ(SfQZK`C7N1U>;1(fioSd&1@EDSHyWOu) zF`Ol>80^9h&YYz6tr-a3P40Tg))#`l`#UaPvu!ZkuVBodgVm_dMH}_GXd|DC+CFOJ zbJ2|}8u_O9I{ddc58E4#G6~?;YsbR^1PSmy!G;?QJrDGHrQ^!+^R+Ba!y|@W3N~+w zr`qxOcaGbEeDGFZ!&W0v4T)toflrMEpnPr{rDr+~Ih~qlGX&2zNiE|W#D?Au`g)-U z-p@oPd`jDpGD1@z^r&ABr)j#OcY)q8&mj8&`BH`OVHz|6ubFfj4m0ecxuDQxqEqD@Xi?qntM7UEm2q-W0dou&fAUI%t+q(PV}a`nRfZ^}#&4emra71PGV zi{QyN{X+8!I^=J5hXr<+MDl&d@d=hoE#f#t;P`j&%>wZo-|)@Uhk$CR;WzXeKaeY4 z;~Q?FhQEt9AH->Vr(R%jll2+$EFs$rVE-A0x{`xWkQ?l?jX}#6;T_bd zA#XGWx^{q!I?s?l@X5R_$;~z7#A=(iJjuv2WdFH|x)QxK> z5tm~|R~I1yTi&xS;xW32)ce*&JVqC>2&lS<$LJ!i09q-bJe#;)!V4n%4wG5@3Fh?@ zxWhOp3pVZF)}1`r4Q6h5vuUKYmGYv@)9PgW7iES^2;^p^W`;mU-DmQ#-_%f^XSpCS zp*+tq+bn0eOwTWVfM&ob+NV-x=T~n=MKOWyGvZbNgQshcbaPO>_cFGa^>2fGH40h( z5`eD=JONNRYy(PNzaFfQAX9%WfQFA;Ji$B?(2SWXU2COp`VP`#R)RIQH*eILpoZ6+v5(PR z-dp#tBd`Tm-QK+3y4UsA-Eg$8+nd*0_u1aM58dqR_T~k2M~p=AYi4PEH?jvFcprN8 zb3k5*2C3f(z;6MJBy-e$eq|dbnQnUt!yy}oGaQ|qnh_nhdA`%|qhY@dcB`@xfV&Sz z?--08FZ^1)4os(^$aD_J?Y=7Ng>8fu6lBoL4ap7tjOeEjJ=UiB!oE&JOCXKk+cY{_ zY!+h!dN*0Ux1cvOpts5DE%)^f2(Ul0?DanT=m6Wp8W(Ngg+K7wrw7>emR&Q%7RnkW z>pjh~7x?V=0@{aI_WCxf{at{4x@CXhv-6ETF!5_Fd!3(nZGio-Wk2e(M+De!TlTj; z+YSOI?qa}7z3W?T(MpUxkzHfi%l)G57GO`b><*uOY=C`$Wq13DpAlf6Y}xC5c29ua zW7%7L_WA((Udv9{yi-pE*ixx3s|o+`gK^lL-%H_dAkce$w~kci_jRy#23m1?N6=5X z84=&1RVJ&tS<6Nrr#xamWnZxwX1SY@<2?c!`>8#3ff3>a#xi0m z;IP!#Qm$L+er3YKQ*O>VZMSj4T0xKPR-kg@I8z8Zv>$w+yMlgwsJsKPf|I~diPSoo zqT}UCnN>UwAAbZ>>1N>S1etkGVS?kUcmi;0E2wx7z^O@MeTbV4ctm#OZQo6W+;M!C z;w}broa`x&6L85Q9AO-H0aBQ7{DD}hp70UpnMjnk4Yh4zu1CtT2|fK#$?r&}KmJRy zmdX)l+gpV9mnz=J zO1z0V{4%tAKQGU??>Q^uzUQz8F)e{oSc8}d2JU;lSdxppl!IeK!ZwJh7WQC*m==L- zgP3S~Hi(I^4Pqi}gO~{0ASS{#h>5TbVj^sVmSzI4`P}R z#1CR(Y5gE3B7P9lG9Z2sQx_0Fh-oh%eh||lq~-@P9S6h@Vp<6?KZt2H5I=~Ch#$m6 z#1CR3;s-HJ0HU8jM-UUs<_9sIgnYIOVqzst5EDTg#Kh{_ASNclN1XMbMWWXLi?J73 z?EEtUkjkzU>e-gsD~O478^k2A31T7~iLON=Iky8eK}^iv1ThJyK}-T_5EIK3y9ZKV zHVuF~Y5A%38zjPBpJ}1vFe~}=cljm2y1u$x^e*Oaf z(bKD+H-hYVe0e@Tkg)6N)z3^Mu$&_ZPjNH|tst^H8cyQ83dE8$2(2JWtI{B}0#7VV;=c-V32P8qK^|cZLMw=! zhGaAdtswthz%~f2pqw1dpn_egL1+b)gw55@@dz3P25=@MBT*JegU|{ROi6VMnVANm z6%-NHAhd#FCa*zg1tlK=)*!TkK2+5pw1OmIz6@|a{*Of2t;LIw8uKk7P(lMNVfG~y zh0Ip`$E%;`Ld0DC+!r$D>Sv+e-GPitSPgUa^Es5QAT{|gK*zjH5PcPvSC$w^ws+!4 zum|z`GLCmJ@<0_XDg+@WLwyM?JmznKCg?uYM++@9EXggyWuG{Y<#P)2pAESHgP=4yo`O(u+L3 z`k8RCr&m8yro?*#g(|#`^rWX(KeNcCPK=~s0LA|Wu72JPuF_ontTp006@|AFHdjA$ z3Ncqd4*=C%{X7Psz51DHPxtidXQns9YiU6ucac8Z)2p8e@9gQ-&rIB2{mf?R^7QIw z!gD>n`kC-NPp^I^yr0*_f;~WZfp;eQsc_>$SrSU)z3uy ztDlMZS3eW+uYM-tU;RwPzxtV(`d2>_@vnX+;$QvDGW%CQ6Y;NpJ_a@LuYM-tU;Rum z|LW&c!SSztX3`z@>gNl<@vnYn*&KWIGZFvlXX@CipP90M^)ng%)z3uytDmXwU;RwP zzxtVC{?*S!{HvcS=3o6x#J~EPV*b_7SE11U)z2)BfA#aN;P_WRKLo_FS3f^X#9sYO z9slZQsgJ$-nfdrvKeGh>)z3uytDoONYW~&F+nBVu`Z>(?L`;VZ%}a($NOAU$;Fl@R zUJ<-NarTAaVZ~WZ!8a(*$_ef&&iV=djxM8EMZtejJ_}iSCd%`RDF6#90^6L}LU<(> zR`7nRPy$>PObP0&K#mFww|KsJZeM)N?jTh?gMXZ=sqimuRWlYKA*b4ZC8MbRMT-2t zzbRV7jEg3W!YW6?jEg4fG&&3psi=d?M-4MBnnb#W85ec3LKyeaBz!*M67K=z>#inT=7q84bl1>4`#RBE z&~91oA3kG&KBCYcxgvKwxlH&X!mhVB=@&CIzF!0+%e|}yYhLee=Fp=GzoF3OsxTdi zx>p#5$5GVf?v-y*p@WR8LRdyQUJjZZU+e@N_1>iNHG~u17Rp>pxXk+l;Xe_s@m`|L zb%g7^7n$+(gj>D7Oy>r|?Oq+_|4g{UJDxH(5}xk8O!`fPySyXVbT<>8=gp+dUkESo z9wPk~!i&ABq^~Eu)TzlKGBQjX?w&IV|Kg?{G#CHep3`wyqAyIS#7!UB7bZrAxifE>?4482>uN4x^b-P zB*9<(6!?W~^G?AJ_zdzmothjz8(BY0Y}ryo7*7eW0p4#bq$g8)YWO1H=K+`ZA``XSIgc_y>CN%Qjb~8p&qli6o6)Ntr6W!(H}$S*(@5qGFi+9 z&~%59N@p=>56uFrX{)SG0a(p9?EP_|I7Bzz9_ z*lOk9m?|v#4o) zDHC)!+MB2Xl4Y2!1CkeJN7BAeq49-ax-!oLQq61CnDhB~Q*wvyU-q z*683&$wxEOYz|1CmnnHkW|~U^lIBWhYsp(P)BH_9^6ktt@5oHECmGk7i14 z3rLR4lzcl=GS7@s)_p;yWUrPV5Rg18Q}VmaG{*)cZ_kv>@5r#v3j&gFWJ>nSl>Bo* zGK$$FQ1?-plD8YlI@D-jP}0S zYYtz-DXswYC*izgs=C<-Y^A`Rp({AE(IYPX&UnN>0Z=FJ?5%0FHbV5i(2Er1RMq!; zEEZCa^T@>jG>hwu=sJo%5*kfWW)c6vWYGqo=^i7M z&Z2l9E!t-4Jr+9HW-*s~%;GEnn#BP|G|>dnr$Rk83+G3Z#Q*?JM;od1RCT?fbWrcv z(DPPrC#!cD_3qtH?+Zg&O1&3DF+3-hDxG8XZlPZGzFL8Fl@2hJb=3P;XcYC>G0#$u zRf_(^DzyRnml54U(RV@%t!OtSMD%YIO`R}L^O!N(v9~{a;e(BDc2d7H?0I0XLlQ6~ zFT8%Z8a%F253nDw><@hQCjs^wmR&Q#YX2Bu|76+oeD+Awqs+T69ym+ht9|xP0rptS z-t4n~A7Jle+0l_U@2dmsUt4yE&wf3?zSy#t`|SS&*mqj?T|WD#0Q*JD-s-bwn%-x{ zzOwB4QMPFN1lT2b#w_(-;Il6bu!mXp#XkF*0DCvfe%WWg5nvx}*@axhKaz?$qix=Q2(V-DNy2XT+1CcxO_rT*mOBFM znU=lO*ZzBeeVAom@3Twx(_z4honhHqEW4#Hz?Nc_nfVS&@u;!lgP|(C>BjzX*{Iuw zrClhBXHBW;yJ-%~Am-uq0*LYz2wq)nzk*_SXS^pB+Y#K8>f$a@Ueu79W3*oxjxC{T z^X1{DeGPpjQcaz1kTZeIHd*949a0V_^=HGq7~BwuETd-0+PF0$+GRzY;u~;K0y26A1GDRMFx2WNXyLzVWp6`7oK5VARZU+ zgfSB3xk@C;!;DCjCloQBUvcXwM>u>R1n`g>XTjYLl-;MxO=7ETTnEa=wN19f%5;Xl zLCFt8E@xzw`Y^=p?J$S4?#CfM>2QWVJQK+JklWXnS}#&g&0wBQ{4T_!gDvy5UJG3y z_;Y*e``e=fm1z0d9v%Eno?@Oz{40u{5#rIoZN%lR=`%t+I`{;*9vz$&x&UIi;dy37 zvR3x}XG^{Vf3f@ia|AyUc>hX_XZPF?OMq(@POke6Yj9o&m2w^@zk>MrA->*CD<50#4RyTf5)OD4l+YsRoS$!K%f%u{VK&$A5ub#!;P zPe;cGKG%ccmAc5taSU8+vt@ua8mf z9XTu#a@Y;&@zEhtjsu9w@zJ4zUk6;xWU+51Y8Z#54dV(^c>2@5QS2S~Q=9h=4C6YZ zO~W`^wZ$<0X6Q7GOMH5!VVnTx@s5%E0CK613_>fp-zdQVT0#r83w@{3>w0fz$X@J> z$)Vdr_%F8(e&EthA@E`N@MXsygCj3tIyJ|!^(IL3Y@Dsh=K0-r4OI1@P$jma0kzvE zNVheFLe2<@tePO*wh*{>+XU&h%YcvEWRm>`wb-sPF-K)w-@VxgQXt=y-gD)*Tk2XlPAW`>{A9aED7Roml%>Gk}c{ z%!{S=+*zy5UEL_iYZ>wVFbuu*jSs#jb}*fL5u%!+AVfCg~0r z+b$Pa4lbi^Md(wMAy?!pMIIe4FML;ro&#stV<@KEKg9XPsTskB_(EO)at_i~h`?m{ z=k_!<*v?mp8_}-X`Cqs^CH{uE6#fgBuD&(PcK$Y(uKqCKI%dC;55nh$-|x`YT-#sD z_q8E!w&X$h_TD!x^W_W6G9P>^g}Vw#nF@aAK8?oI3VtsM;3IQV!JpjQ!9gt8{yL^z zsU)U?0|t*plJA-d)}&CmMCc$K%GK`$`o~DSel~#N*&(Na+{S}|oeZq;C;*=T7=03e z@S6MfAN@N4Ht(Nu4%YU15NohyIO~Kt=$S<*`VU&mP+9fVxN=|refvA93ZuY9)M}$3 z7svCi`1yuO_i%SGwe-A!CP6BTjUZjZGkz*gs@u@%622Dt4knIsj1U)3anzq>=HlrV zL*HvC5JNv6Tz)*xX?ojmWpVSVL1b~0wMg5*_e1H$jgz|Gv^V|em6~Ypb*Z%n@uTYw z2(C+SHQMx}cbg)uKYp#V-HPzhiIfCh>+P5`zI*yx!6 z@PK4~YKcjO_I^WSpr3;FzIr~sa$y8%?++S5u7TDVI!*6=p>J>REgu^pzl%G@_3mPL z4199LG!w`2L{unkH5p?$EMxf`l&Zlb9L3va2XCh^FPvMG<+R+}JNL5fa<5_T51HI) z(zlw#Wb~Q+n_Bj>Mv9jGdPbJUvIkDmx;ZU*i?xgVYVXjphkP>wJ$Qv0GW?kuvf^sU zR|E`sof`5^w9zZoc=@WJdzH&g%rL&D=Uy#zr>0;wkQJhkFdpJ$-;n>=VrLbV*frPA zDl24Gxs15XDl24Gd7ijTizmyhlAmX1l~q!_+;G@b+{`N7hMY00oZ^oQnN?1e!tI2l z%&hVocOV{Y>#TCRBw%NiGu&KoIE(14a*nG{_0}ISm{oblRB!=@!(|Bn!f<#8|6GN% z>t6=&DS!rY8$Sb97sDv{0YG?7&jG0)jWX@-4&)NByZ1SVw8JrSr;f5 zx|g>T$DST{#~Km8>p$4esX@_6U1xHpbDn_WAm`rB**2><=k*!R`L9Ns&UsJO#@y$m z9yN4Y@^OYP)~P1^vSHJN*ZFFkW{e5<^-cKf-u1X^yLw>I4++tP4^|UqtB5aFTuu1k zfC(R>Cj8?x=p1TH^;II%gweXIj+(7#AO5*L>=yC4DsVUYu2zhGnrMGcT;g#R@5%?x z_gIl2z5CyZ%fOf}cpcuSt^J4@Dt;R9G2+9gODRKZ%w}b#l;>%%>+a%snb z4;ecB>@Gsz-p{6ESg_#P4w$P1BD?NR}7TF6{(aUQ`>z zUtTo%XD2o9vmNWDUALG3p;xuv&~ZPvnU1TMmi!%BPCHH&o+BeF?9KnyMB<^P!+I!w=a8fIbB)jZ2mBi;potBFX-EX$w?hpdl#nU_^(ULfZ z(3!NbGO3r#ev%=ic&iwDnRxhCG2}97a9!F|h>k8{Ds>4nHpaw0TZE3-Xm&~qeaF8H z&SIRH`)3zG-~u$$I9V5c#%0l$L}h8Tm4*9tamX3Z<<1vO>}O)K*V#t2yCmeK-ZmK& z!qDN7$E9%)G-YT2(@o76kX=Te!*XblNxFy>yccSFX^N@ z4ShK1i_`R`Jq%rpdq0EFxKqa%guQg7XkcKyVYid1iwv7)ut^j2!inupDF-@DR|m8B zb1;jIfh@An`WSa!_#2x=)6+r47lVqQ1Qf?x#X>vyntli>hRpDl5nE;u-}L@rb8{yA zgCq6@_MgjnV?6J9!PmoC*k#=m#8>NY~W>rox9CqLfk8M zO1#^vd{^0-P{bMGe#wQed`K>Ws_sV76@>>?VOK6z?m{v+PJlwki8G1s0UPWnXBGlF z6JDof-zH-7d@;dQOh9L{#;SFdbs#;gC*)r!_V7vD$bAgC14aUK_54@w5TL-q));@c z*;ji2RCzDwHJH3S$eYk71Zg(lRwI3mFU@(i{zI_VL8x&XfKLF7{uuzA{QRk{=0&g? zqp_!zpPvjlJN4#Hdk2|M`vm{A%rc7ps$%gD3=uY+Fmkg{!Q+s4dQ9@WVlBrRwr?Hn zCK=R--l1lpj@6g^8m%6M8l48#=_q0Sxd7fJa5aF*rKsay09-}jP5?z^sO&=kves;V zVAbd+0r41N`o#d8MCt&OIu|EpNEd}esr94)b=m!!05?wRHDA9KiC~*kQ7>$4UOAMcBKP*=wAC{YCgG+HK z^33UF@JINSNL1;J%aId*#V5_U8IvM^#iz{NZ3bTT#IM95G{c5#_L(!oMxiGA&9YIb zxF&g)jY2KG&z)hTM$3lI%7aPrSAMZO!+tWaPi*F4=%o4hl{kcE@RN4@6?e}(9KCWN zekBf}8P}m?{8ijB%YH*I_h@(4*VAyEgkSFc;aNk`5&Y#I?9Q;Uq{Yi;*cjA4vuD{D z)W~mK=MSiPmh&8%--MVB*+oN4H=7=K&_j0kYugz|v>H*0esb`It5w)o{&zo;cNmfg zX?!U`|08*!8wyaKn@Ed9*O6nsmq$2MRgSoh);j@e)M@1N;c&AObsG6%A;=na8u{i@ zipZz)BHt3$sME-Igf;3k@;zaVI*t55SffrOKN8lc)5uSRHR?3-GhvN7jW{k5jXI6E zf@sufBqWGNokp_UB`Dqk`E*_+;vNG;qfR4Hm!;LH(@0DZjXI6Q-KF4Y)M=#1-3f?B zokoh?xj;1PG*aR&M`{{%8Y#m=JR5ZysdZ0+m`0sO8r*Y%Xw+$>Q4ozfjWh|OQKylV zAR2XwitRofqk0B_--KaydbbI*nYx>T1+!h2tPapu*!+$0Kl@t?zN-6Ud zJyP-2$G>8Xnoqq+&}g)OXf8OBD9uBHMx%8?k)Tm;G|34Dje650F$Rr#vjt?(sMjSR zgHm%xiY&j*r(n@p7=LaasYR;^#svH$!F&OG2*w4xieLdjY0%G5CTZrKo#L~}Dr8{4 z7v6Xw^MjjNLt>E<7g*v&Bo-^tvBb+sEK%aR-y8L-N$jJ<4oiHS3${|0!3)=0;&Kwp zlvrblA5*AJ_p0Ixnd-NJPu-X{_aL%@>W-fp} zRUxNlK7ij6_!WR}0QCQ&B%R56X7cP6u*+=Y znaZF0@GfkE&%t_~iM8tkvI(26mxq&Fo zF-Q}#*ujeEdJ%1N>UxY!G15BAmvQQz4A8Gi(M`XJRQMV0&&Q zYw3kAnA|DyY!)m+B(3NXS^+<;V)sUy)^C_rg%SAQr&V<_@}6ZxJ6Pp1_crX^s_y{( zI;2zmX8=zUSPNhqfeQhY*8(^bz&HT?s93WR*xA5pHvzz9jH_y11n?p#HE#i^=?@#` z{ckq6rOfU2+dX8q3FJM&uigk?1%W#NTm_&XrD|UUM!Tqc-ITN+y6pmJirLU!aE%jM z#|vLQ**4W~S!*6$8R?5FZ&u+6)=!zOp++`0v=T!@+EhnHmyz1YqWxts+kvCv?<^5V z#fJnqDhdXmXq5Wj@GD0jnK=$u%BWd^LeFuBqeErbbek;wVe_ZcnJtISP-G$&w+8_Z zn`;16USu?STinH&7FU;VvZsk(jx=fJE726Y1n7na(=SKz3k+u~tBQ-j_QoCm9 zxV!w>&l6&rCjrT`9(nfG=#^)0w#^f&HqS1T=O{nV>U>*Ih)JHc4JOaM0W|d1=#^)0 zw#oBWsM;Dc9iw@|;N;Jp z5uv@ZKWm$8o&=cZ5da!`YxK&qH{0a-B~RFCmdrdSJ>YOy-C zRCtkW4T{yPiC0BPb|c;xf?t2I#LD`teY%576sc1Bi>HsmupE;{tT2F6&p?!=sSjSe5d^ z%l(-OGyI&#Rl=#e%*e7fyki+DrZ*L^qEK`fF`{*yYA;+Rp;&dd1@vyTdUoFt(A(Tg zZ&N_;9jj-zCILOiFRteIPC%~`J1Qxs-Ms|#>U-(^5YXG*>e&rWK(DKpUV&L>J%9zz zN~^cgY@wjX2T`0@M>%x^1EM!r(Lhu1sh<%Y8xVcoiUw-W4T%w*6A=ByiUul-TY9bN zp#jlGlvmm&P)8g-N?FG{b@v!i?j|OyDE)*}S7ergT=X8Q49wnAQ7uxdQ`crz0+cy> z$1+X(85ynuu!+72|H}TATPE4RMighe3LbM(r*RAP%0h^`+}SkmCpdRN&2riKD*_%Z zRO}y|mLnIPfY2FITli?>HLAAA=1V|l$eueRt$W?$nc7p-yO(?VX4wed%Z*^OY~=1` z61r2|z=VrrKX<=?CA&cF0j5y2H^GepKF!1)q#91OLaz_PQ@!Jv*X1r3+|9BFy*!=Q z<&u}|Ft3nG97SOT2NPT?B^b{Pu9OU9+j^ChV1H7t7ErRiMzT${Q}1F{Iqab$G|!8b zw}Hiz{d1U|q`coN?+NOiF0H(m&pVyGW+~w5{|o_?b~&9zaZ)cawQj;;?%_1GZcXh! zX{R7}QmQU@`y z!z3}TBsKfP(uoP^47rk}+{5L{QB7$N5s?!B1*Pf&Izy_N=v0?$K9!zIX(#n23o@Lr z%cWfNp-ffq=ADGa3O271D#0RoU?!(OMY~d9l%}(g5{;4$rwdI-aHsVU%GJ1Sb5MrR zvh$Hw_$SI-4|-@BEo$ie`9}g2YPC>lTo_}`_;(n`lRfTT3j+V#p4~CbtDgp|X$U63 zR{^Xe@E(9Zt=K4S1+bRD4*(t_kd5-^wT1ANdvoT}sA)N`C$UIi3Zi`&L?q#>05tTL z9XuMsgFE@pEd0|n-lR1dPN8XrL3ROBxzHf{0D-f?H0941a^)>%norCj_8}1Y9;tE8 zJDI|G38yY(^m$WoEhQ7oeZ%FMvMa3#yOP(4f7l+gFdGi z#^JNnFb*>9Ja5GX#`;Bal6#m;!N|8ERAvRVJA*c|b(-D6B<=i?Uo60U2d8!Qy&I z_sz#ivj9k{k4Xw@IBt|;W!qwvj*?oIA@itKjhUDCaR--c`6{wSpt2O1SS6&MZiuRU z2v7;zBuj0_(P6(pl0a*uo&ahM-PE&x00nn|Up%Qyo!^Lp4lLGE2r`H%Vhm?VJEt3< zUh0js8vKTl9%u{*3ZV&t(Y`2oD&2P>jI!q8&NMb>9+8$b53?x{Hj}huYl}OvTxy)n z#wv7+ayrT`>MUm`v}J2sKrjTe8k*K4I_%6-T^L`R7{KtePIaA7*_uvdHo`LS%sH5P zM%tqSX+x*I1@&i{wkyPFQ*;&rf@3uCKXjJ2p@d_Rim3{VG>)ZcE0$7>52jcnO*J8% zCmuAXRUM}zoe5sc$Tii*yBL8gBlF3~++mgRgg>ppoTsMIzUZ`_Y!Zboo)cF=V>fq? z(s_A%OP}LTyEbXj8F`@MAbU7)9HQ|*CN>*Ims)Mt7&|j5wxdmI7tuk{cBQei)4KA| zDMfHxb0inAc1yQ}w!`i!Lg~3I0f9Y?P~LWV?rB;LqmzZ(%e0$8=b08V=-vSoS?}Zb zzoe_#@0(5#*V@5{Ap8CE&`<|tN@v*1{9ySsodxN<9OuAvv2d-tX?~1~gZwnbv{dup z7SoKrsV@rjk=V*1K?0WRx#$~q=HfsPh~QytX51mvf>#&Dl^+>b?}5)rWDsBzOAH~Z zJ_^SX84`I%!d)MkCc!5LTszxBT)TCsbQW31lj8MMKqY0yU4zBmtB zYm*(`c5*Py(j2gEaY-%KB@I!R)M|ZEoBF1qY0o#T_XrqnJq7}dIuOcxxnXz6mM z{XHt1(VL^~1Un|!9vLFm=bQSDOScAR!SQzJv-))S#+GSB6So`o9a=3jn@mcNK2Ak& z{}}|NJ~@-XAv+~a`Y(oTdX(A$i)C1rU2aj2R#EDKwm?gB1&{(p6Y-|FHUbEL6h z3EKQf+Os~5^~y~bU0Xdbv(;mnt~K8*{3Pjkrk^eF8+`jEP{Nq88N7w2Aq`p-Y^CBr zE0tIV7SE=^j0*aLLkfN3=eoVuDGM|*`o;QLGwiINHE3nJCD@65HET1js?vU;mnqT7 z20F4|z%8MzYpheMRj1V7I;8=2Hm*yX5xgnq;X%mREYSuBvsH&wZ(35UvLRhTgtMee z0=H>=D9Vtc>0&LNHr*CA@F5vS2NP*c6R>nnBWjXEGYRw@JDlHl>@0#tXB|fGty`w) z?O;}y^|g-wJewf4Zq^m#TUQXbGjoAy6W^%>oP^rDZry^rs^YZC!xz|HRiDgZm9##r zR0{3y<9cu4(rIxoRuLF6Kr8K3!Ht~Ecv?4X<$M%k)qWP@NBjBBBxp@=FILMGF^&6$ z6_Ekf2h;(Ooz_5q)L^V;%uR!geVK7)CvJms;x+}P+p-fkxM}+nq$%C-98Iafu#h4( z>zWgm$n696bGmP64b03UhYg%^hS~u?Oh?J^v}+g<@E9X4nGSbUdL(7+&U7S=HiJjX zi^*D7QiIEtYv*X;j?+|)GZ?SQ8f-$KNl=xEQWdmKM|xmS3N!{dopwpX%^2L+?>oy_ z+9`JbGgY_xI|VW&e_F85dU>JgzN|?M`!ejx((XemH7n>ZW}8xpC)wH5LXcgI4G6NU zpKb4zPFGrteLN?f1kv3BT?sF=yCfsCXD^GJn=Taf_DC0t=$^x!;n>v^+)IWFT4G+h zUNefdW_t%qX^Ggo>0Z;{B<-8w!!Wk?%OJ=OX8%mmf8WcgdrR+PbeZ&j*t=L?mS=rg zEZrXJvGNT8mZ=2J!vW7&koJrT>j(ck2UG!Hh5q|5{2U4)2UVFKtHL_A%1qbQH?Rkj z;a!#K%c@IxhD2v7TpnGSieV~EBXp(Pc{*8=4Diih`!z_NF;^6s)-=$Vok8jMOkVVC zgN-qh3pC*O;Prye41UkLs3skRoWoNAm(=W!O>%gSWj!cL!ILbTEzk`Ar^i=T7^T?G z2L=j)E*cR?3(_OgC|sf6FxxMa(40~v40kq+^@|1_V;Y7iQXOl`Z@ApM$e>p4_{>2+ zAv0GUs`l6lDZopnQ^&DYIx+5C)FVrIRdcebktxcQVD;%Cr`ir6vQt`kJKw3v;SkHV zJ>Iw9&R58p7OOlfSScnwJMG$cMwVu=2Cs>!3i7+^+}73GkIcy+z=n6rAc*tX;fl%* zXf~MLfMN9&JTb9*v4}buIS$8~-+B|zdXrp#z{z;YGlL2(%3*9*`({+<+l+AxZavBW z?TX4D_>xa?aDjz2m9-hH>+J$7nWnNRrT!8|5-79lt@3~i5l-6I1nPpu?aM0T6|&%t zg-7GYTJ!Sq^J00-$$A;IL7G@&S4y?M32*OF`kR4cTu9)YgyV?*#tv;*Mc}N2Ml#6Q zI&?F=4K(WmhAoZ|>wH}WHR^f^t1Iy`YG_#7D;K^+EpSM1AhZU2QJZDJnWR@dcD@{z zt`9F?@rw`F5*PwfqTbF$Yibuy8LO>~br=?3u zbb8QtWz-*TMvKNnYOON-jLj3iCetPGBt3X43%lMqgYaKFjdUC6Dj{rLgmoM6Aa)~` zezullhdj+Psw)`JdXZe~Mg9+m1ZE%_FY^E430g0wk?8``&(VTIdV9CQr+xAiN*#xv zrr2${@c^c56`2c;%5=%$K+*^o994ErQ>~7rU%K09WHssbCR*#4U9#68B|HxlZR$&+~PK{6iNGr9l8w8e8EH1 z?fpll%P|#z4&=slez#e7n`+L%DcxT_6ZpDvR+VESr#rrI7!LcDzjTM(A7+9Jc zTy0YzuCa=l8(ho%*$L!2u4zWE*^LS3hImQ1vgOOPq1BD{bxiSSSguWzmTm^cJEl67 zOt^CuycT{Y2A1Z4hy(H5*sYm?y%_-G1OZFn148r74KNi6_?ql=voQUbwzjw`Mz=Ve z(C=+FK#LSwY=e{(EU}ZWrYAPE%&F+KfE2Ba)X3T# zaKd!|Q+5GH*c1hz?kk{_=_Om8LGNg|CZpj06E!B2CrnKQ zvPpZeqYKi6f1#!RTx6*~e=QNn)G>exY+q!hlXzxm&)&?pLC9H|7-$PQF$G^{+eRSW z)WDM^(chyT{7n8SB)XEN>-*CClL`kzcd-%poT;b_BS+KIHCm%U09b1j60YD$nUt>6 zXl~Hk&T`;Jjbw0`*w>qZmN(n*keP((LNSqMt{pEmk-%@9UXtZY5t_@4W(Y#r;u-8x zfCPf`-a!E4EUrBZQ_|*kdIz*<_`jt&|5cQ;8{n)nr|@F7Wq@Cn(v*cmv8HTR zV)gf|p^K^Z_?4EWJ~c9yo+2a=Y2_lwScx(6O0b({m zqbJ}_cLu$BDrd`&ik=-&Za=@FYXaye4N6P`vkC>O`fH&WA z;L&7GjK(ZRO!f5^`*<3O=h~5&1&B!xXGto>5TY~c0j4O}rUT6sQ1GEmQIFt4)6x>U zq85{j(jxa(OCv=h5fjehsp4o!Mgd4-X-2`>N#g&PA}b{$1o3S`i-iKjmbH)kc$wv$ zIo&^O$s>D$2QUh;D7&BNO1prxrBI81SSxbbXC<*YnItyVFPuqYwhTJPUF1@m`RPJa zcA`r?n-{&$JO>DwP(Z+a~Sa z#;2(%4}lr2kWUhrKuWIxIxG+13n#(@ytk z1hry-Z|BxX5rs+qE|Z2hWGVvrbk{tKWE1`n$*18x(%tounME1648*-PqX6CCmRTS+ z*<2jRHyjC^19m$9h~y(D{>M0v|K}#-vD|2Ts5RLX&W-oP9T^3U(L`p6e%%^v%xw;Z zayKu&HE`>~oLIQ2C78%*jkYH@=icgC;L5Xl%CnH9_O7O=Rt;2+Cz_hV5ftMiUWq6= z(-rg`dN8|{yQXNn*#XuRHTy*esoS1-03)_W<6I3*lI^%{(p|O%6D|6#DH;n)N2q}w zb6Q((U5Gc>A8TIIQggu!J6n^@(RNh8|2D)s%sW|livy~Xd55>bSaYbOJrZr!mH9;wf;6+01QjA-x24-nN z8fz+$F><2q{8?c~TU(H)ETG0*cy4GJPevlq&ARgxJW!7Ob>ptfm-CH-9-QecRqJS$ z^5M^uZyrnis8QUW>{O$(AGwh>4{kktjzRyhO-({`IBKX!8Eu)Q3tf-UW@DZcH}vmY z#;JRdrjL-{+n+0;Ji&u^)x3w-Jc3XI)Km-kWQpvtPJ z&!3xc80R=os=dQcmHU&GUl{Iw-MrGHTPG^jo^E>BIa2N~OIE1T+z%YwO#MB+r~DPa z_2jQ%-^ftLqFMU z-01A0hu`g0mGlUq^PCZ?_ARJ>?l#IPAfJzJM6WKY@X^;DeRNlZE-aw<82OZ!7I`Vl z$aPX%AFkk>Z3Vb~wlsm_rV9vxR89D3-GtoT=#xu! zpL0DW)sS+ovR{@XXoN`_$WEo_>>`N)pbzKsi#YQ6jR>eBlUElk3QNp-bLR% z*GuR5R0}XT?=ME~C3IgemU1Nu6XYMEE2aDCjI><^bRHvZ7yc3qW+0D8bms@m9=lbx zkuziNyt2H#^uw-+F4}|M&mS}9T|(~%>@aEcT4zoAZ|U`8-RSjuKxy6U=V+3y@zMDS zs)~>+K}jFA4$*~!>IUi=eSpp%=aTb{>ztG24>`sb~8}qVG z)X^-Ts@(^KKy7s1qg*FwGZy)GJt{$0W5EfkiO}2xFTQ6?eG-rWId%2n3UU%qoDxt( zkAUm_q^l2H?~~`M>G%27XN+7PEP8^PRkrfi)8#&jPac;YXd54^mN4FGE?GW8ENLLs)IVs}96~jgfaDC%^UQ(1k4w5|Pz=jXf zu3j(wr=wtiK8%~+qHIPV%^Ec}%?>WWn$;Cl1N_S3f5-WM$BxP6_;LEh_E9?EboJ90 zfdfau4E^=5fR7$mpHa;`^Vrx)zAPS7ohT@!Eoy}7!2Y@L#xYt4SS?W#Gf&N=dlQp% zjjUtjH&zYrk)Ywr{4 z8f~B5P4(ln%w=2;^4&q_yVOzt07g#m-p=#Urb*-48UCkfy&5^H_VacecxiZ7j(ekV zW0u~WK2S|!80@7$o{!%>L^nVeaM2AeI^RbXGL_9k>Pgx>`Ug6HP*djBCS~pw_(b1$ z74$dW512jqKzZ#3izf0YWmdCx%22ty+ia} zM?pW>wNDkGP2awMGp?Jl7eclOLUzJfI1~7{8JDCg_0wdJalMmfC$>^>1ed!gR-m@L zA57GkbY8*e08|qsh$>ey-@QP&^K)|#sy);tVDZxheYxrfJE(i&&EM0dgIg#H0Ro)r zD%femDfM$TCqGy1z!tq*Wyx=xF{A_7jPAjax2Qy};hIT5bWEZ>b-1{&!$-4+XiJ2< zJC*9rjXBL|qS-!bNAm{b>a3rwD_2*y%vWWUm{7&W^_S2LP^7bnHjOz~&_{aJC{0K0 z1bX{arff^9tLx}uA6Ao{%+JlsRj>Yqb-M35fIe6FD3YLShNyew<7ywI2>3q>73QQO zRfaX=H(Xg=XsF(|mwLukF+B|qa;XoHhyb9hE2V(ZAOxlk=H~(g#<5-d)%zF~w~Xb2 z!+dEk4Q*4dtb8}WoX0;3e;gI{_^1Am+I7%RpS&3J8ls4cuE@TN?i`^jFv5`f#8%$1 zKgo_oA+MulYxWMP*Nv-ZGo`geckdbAF#wU8Fm9a5OoM)!^g)d}&r27M88^RenUUuJ-Q^Zg;kbI1mn~!!4VB*?qb>3%`P6}F2<+!@Z)pP!+XIE z64Wq)n`*lFY%>0%nnMgjWuZI0bhUT=D!Ma5*N=cEcBoxg?%sXJ=-de)5AP*SY-bht zJ|}d}vES^a1ms(czPKG)3|%}zn_P6U>yD?Xg;n;N2k+bV>TSlYv;BM5sr@;Adanyo zGIB8APltMqxz7F%H}8dFa-6=3ui4-aPTZ13pJnyrU!Z$_wzmL_0=iDnQ16hDH-i$! z8Yjh!a_6oOHv_j{fO3WZ-w`ZQFW#&C`RZz{aixs5&ee)LRIdv*ajhW zRm1RJ+5l})_KmIp)4XhuS`w69z-qN%z&Iv4MW$U9kOOk3Buxw8sw3bVif;{hMD?x$CJb zF}&88ff^;SoDIj7F!0{iU+~{@28e6HX5WU`K1^Bk7k_`~LWou(@2k`de))H({~=<{#Uo`VZ}ffQhv%E%PUpTg_8h5E;{7 zRPIB&jQJN*7pv{GWx}{2YnL(aa>_OqJ5}V49exj+O*CzA+Ht<-@K31>5>>D#2kHtz z1@oPIN+AdhE?124&#=sITfZFC)3+V5Abw#xHO?#>i0_-Npq}vil`swKQG58S@{STCIH6Bhz z8Io#Gss8WR8CTET2b?*WBkJWeukK)c`>4u0vR9Snm)6riIY)o^V80rs?{0@V;9CSP z!%E>8M!L)Vj~<3T{uL)Cw3mWD{6NsYvVDlYH1II&=8LQf4f;^huOPR8HZOsWSJa zpG27#HNR4H+kij5tDm8_d75$Ubna(}f2Iu|hJvLQ`@4+`u*wH81;g>wJ6kdM%{%m? zIy!@~csQp0qSneWlvykuKHJLe%+d}V{MmBtuS3&J9>=hH{vi`q_d1>Gy1ly^)U4X_ zmO6jeaQ)5!RZBhIFHmSw&0I~NgYNsX1N;A_-o)X2co&}bxEoZLxSD)zdyWG|XR1jx z<44dZrvDqjM0BO_FQTV=2O&nsOUbLehZ@w?FR3lm2)_8*?loo5n(44(gcd4q7F{^0 z|GRjyr>W3S7Y?o8O|4@vlN!*ew-maydS5rq^o3!96ztmT-``&jb$)tse}BF^7fwTL z#w!T*7>+J1_HEHGH|^$r=R0EelV^If-?^LHbma<;vshyPGbU?^H{9Ac(voj1hR)`p zMw7Hd+2)C6SGegzhf~`0FT*FD_B5wNui3rj7oX~K&O{q|+t$$(ZZ+M^DQrVGA|M|z zaq1)IIA_v@6GqW2icP)=H!BQ>>}7vm*6mks1wfAON-7<^dTHU@mNkWIit=l`4TU!s z7BcE|@y}!YBcesbVav3UY0o_a&RI&EBe&umEQRsCFSzS>{7Kz?xZZyp9E>jXvP<%k zq0+p$`Gx&+8@_pJ7%Y$8qY^V>+?|?tq`y8)y$rR^C*$G%r-Rrt&bH z6}yk0)c+I51$|`edSD^@jJ#Rv)h*AgIrJ#42J`*Rb}tP&UG$&Z3v%6a-R|5qrG*1<>8PVH zh-s&D==cfx({`WR?a6l+4ydEY;lUg_K|6cBxw-i{h54v_BP!D*m+po`=GP7vJT$Ic zx7$6pbhUfgEv2QUZufw(aE988e_fCj|HgGci5}ef9(UP*Ih=0D z4CEai4)sR3pPSv>M=otCkQ;aDfU!*XX7%Vo zEMPwe9tvS4<7Sa6*gH&zoD;|A-QvzKKMYq40?$hzv=6+l;qNf z?pCg64$GeW7Cwu=yIYOr9g)Y$bG&f&=I)hdx$>Ltz^&%fBfYQ`jGJb$vJ4+~pSn(! z9fWxs9eVxI!iLhEsIg?mFkD@#;LegK9@+mm`6uYm)H?Fe$GPj#I z=Vts@>Mq=kan)<`ZvcLzk4qmvM}z!zyVYy7OP-H!?aQGLk&BLRbpc!E<>xPhOIIDJ zgQ?C~&@Z*_-PR|2_(x+%;8jTXnI$KsWFCEJTOt?#yM;HmXfb}Ha|>Gzs~1XDL#diK zfbl+VOwe!d?sGRUT{hQU>K;(X>izI_sAIJA94MgT+dDzOzuPOAxokkau$%rOqu;l+ zkA9CS?%WEDcIN<}=VExto93lI^{A1&enI;I zJpQ3ajpilgaVH*s*8`$xmdE??cq;w&{dhc)Zu>zzPWGsYyn|BtLwNj6kDAQeFOP$G z{B`>6Zan@6x78f+!D--#rmxgcNBo6l>XEx%bVITC?kG@KJevi>VXc$y^3hch3bJ3F z!+CI;pBI6v!AmaVW+zqoD7TMp_fbwCB2F~jSmY!`V6t4)hR{PF`>K{iXmtVI08`oT zqw8JNfN)eF2c`JMAYG0Z%|3$4+JZe^gr`y;EsRi^k8T|$FRHm{weN8K?mD_H(tz9L zH4jyDVP_v)q4eGeHTmeuQ3~mrF1jW{clhYqQCe@6V83EMx_Fc}=|LmKp#6_>aD=BY zN;4z05#hH{SoTs9p_?OA2jBWAd)T=SqI40e^wIoL4x*uCE$Z~q+DV!*d5V&gG;{Lz z)HMlVN#{+{^hv72^S8E7CYIGM+bdR=n!{)z=vK#fXF@kYOAo(Q2lzLQi0tgrkCZ^n zagcuKOw0r~oJDOB%JL#=2VH-9pPCVVV@VDO6-3T0j!Iu_=otUDJ-QM*0R7}aPp$N$2SVX)0zkI)+kAZ{2@hoO9`(PPJsL1mmgRamF? zdrH-EI4NNj-wuWH*hvuV1fmNrRPfOkAcbCpH2i#TK_2AUBv3-`#x6U^iGtG2W0jkIS#F#hYVLZQrhjdkUXb z%kl3ZT?vn-+CPjn-QNw81cUiNxAL;&x`*CUiH5pDtSSq|Z3TXn{44+1Wl2glSUt9f zAHY+k?6GxfR*hdZ`0o`b!0TMdn?-^qqEjh(qlB@j0e%O^Q8t}7K0Ms7X3~pYP6Wwa z^e|y@5OC7;~{IB2q zcMuzSrhoh4-9LhV$K>sPTOGu100VBbA7Ko=5LKR9$x^O^ay0-P z{mZ63ndSC-p%=4U-^(v;1RyR`*~5n!7R!cK@bFrv+n*XHJ^mRwwhyB3MKCDceFEKI zJUG1fDtG+Z-#08}!0}dhS)%}h-`Oy_yUpnCeBB-N8F)?*ANo<``y*wAD6?;y7QAXDpc{&_*| z8QvRrdv=!Ql!tQT%R;3Oe&IL}s0Hm9t#F0${uq7K33p9md?h>lg9Vh0#m5R*Jg~Ra z_a9)uRdkt`{k^ljbVJ0CXycJ%#}W8He(W_WSK0o(G`@X;_B+8K+^^yPbZYy!Is&=h z2WJ4a^{Klkj9AhrHSq0KLkNHz2Iby|1~k|^ftZ(7brA32eLIZkCkKj-(u2L@2g668 za!)At>nitkuKytXz`p`Vp?^f%IqGozL3IF&!9RM{fgN~$JH%cg`i9017tuJF+Yo(q zJK}WLu-KZU%UB+qWUueGg?v2`+(HD?Tz zX)udVYQnUMFLQb!BMuVBqz`YMsMvVZ5w&+65}StU{PFBOf4L`l)lTb*nh#SpYW`xY zOYXVVueVN=1F!b33-7vWLl&zE?b$TFpp@DYlvVIEV5`yZbc*uSM>qR+wQMYfyTprN z6I}!YEcpbrdQpHx4K7&XM4rd1)Rb9tDT>x-7G0kB5kewR5|HAPpf&_w3NX@#G16;} z#3^sHnpF;O(d~8HXc)ELa1<=1kM$NHlH{vwppQZ#|HM%czzwuVN8%Z-zY5ecirk

QVBi+unxKB?*iLWr`c*p@?{w2~*vTJs7SIV??{^M8gaRM!cKY5p zv~({^W@p2+A!d2gM9UHGE28e}cb+PHY}cm?OY8F+>fQBl(0b_~oIW}t*S_^Nxa*_O zI(=$Z*;2QEO<`f(p;|x8x$Q3clGB%8j=KbnI#Kf;8pD`hb^6d_>8A_J>RKK}+{sHX zqPx$_mAm^qy8BnB?vi5GsIzlt)4^pQ$2{AXZax+FXbrMwo&>Tnjb>7uNlz8woTyb!qrFL zGJrg47DhavK9O}mt#zw-X}B=QeQ!TKyln)zcYU5_+(;I|HUXcBscd_Vpq#a?Dpi=Ay~5oxF&Gz!*!G%BHy#u-L!E% zL0>vI;i;wb#+D9Hm#e&X=X$r8R?|^?}?Y1I7)qme@mGlo= z3+OvEQdvz05SXDK@thw-wRMXtdY7&8?^se!A4Qd8G*VtmALlB+;VK6H9JTXqiKcz` ztQ`Aq^Euj_mZszUZ}39eotTpSD-J%(78oyzBRE4YS6{@D)_PMks%N2hmO9Vt2cN`$Oux`e`$4p z|2htIe+WGKx3HEzjO&{YA5yS>`5@Oi`6bSCLhQ^%JHWyIi0cQOzAqqG<3^|2fL9wo zZQL@$@9+2fOB+<~33_!q@*ST-)o-Kf)8LKBKf$`c;~0B`{q#te8vAiB{4_{_bCGZS zGoOPUjjSaoY}7P4tQxF;@FDnMqhprq_|e zpzf=_0~2h;;+<>;JMV=Q{g>^7kfQfEeYn4;SKqTtzPGmzFlE3|oNC2cNH|I{#d-lF}_)BE~3gKXYhIPGRnzz5eph-5l5_l*i*Y;v5x zs*i5-(R-0p^IY|F*s9O+bi}@P-n$$BFwBG7`*xI;Vx+G*y<748)b^oe{q=5lJx}Fp zGOt71d5$kZ3}XCtjGs$48c1=9szLSI1FE5^!7#vng1~sg@r|>xpNz1Zogw_U!u#(m z2x4WZo5~>vr{?Pzh>hG*iXKSMVm4ac(ki0KE;x8%<3YI1%mUC&bm$*1Q%nf=sdRPJ zIV-oZhuWCKU^qZ_N|u880-+C!Nuc|)@E4w;6_2w|0{6nfEarpGENEbUqCmd2oNpX- zXc|tUv7V!*PkV@OLil;tv>G}u9`z<7{arw+XM0`8av0l}Mv&BiSPIIjk#}8Bz9DY?8s)gCI)Pu* zSuldPU+860dBMRozW}{%^Em3!#Ym=XDMi9$-llSY<*PUC-_i|sHk~d?>{;Gf@x$Tz z+;ynAmA>vAd`T@h@r#St{vc>I3k zZTtud(39I-!G3=O-7-c8jlN+-Np{m8w@q@2S8G{aSN~2#H9lkv(Vej1dM4>Xs9QUU zX*=J4lWJJnuz>IO@*VvYO3j~)zNNGiO4y%_5&9S^&yUb&G0eZ9=qP;fetKqGAB^`O zK;QZYW0HQl4VlD=x)adV67*{*Wi5%iqx6q>coPqI^1}!o?nU}rH9zb(5(g;?4m?b= zN1mZD@}`IBJ)>_>Kk^S&ag8sd`Ug<`P%l3n#M5p(eGX6boH29=X;3bBwuj(joL>W= zMKgC+vZ#zbipTN0O^fC#t*@QTb(1k>jK6Zzkhx-vEPyZ`9@3`l{hQm4TJjH$ylWP!>xF!2)k+!K$9^rEU%ML?h-!w)uT>~_8kTw?hk^gZD zX=rrw5KiXYG0LYf@@UQ|Yb0|DSdRg=_QI3et|kO%-*QYI=feT&6I21us6^Ty1`{?M ze+ExFvsdDOOvlyXZBt&D=e)obEx7>RnW=<=KWl+<8WTS25ig6`VoB*(x?L;OT$=@z zorR-1^X7ZZ)VeE5)v%Rr*LisnzjQzkaqg-wZNM=kPPY$6)IyKv=LmK#ANY7bj=g|0 z#(*l!Jt;a!uR13mU=)41lr{~`Sb8-yx)-TqjBo-3$y=8WQpaQ-Y`*c*W9#bF0{(@P z0&=+q+oaFCr&gx{H6r6sFd`mfaqAm}ZV1rVA$dt~;`;hoWAj$+*ASwF}cJ z*oBPl-{&A@{THgaW%oLyb$p<=k4`##9@z5{I4_%I zXF0S!Z#~kHy!07oBD}ldkY^cP=Ov#Dc~WqTjqU13K1ko{b@aRK2{g?`kDrHT`bFr9 zUxkJJj9f?M4GNKW1@<$2!nkF2e~voRvU?9E^*Tm>#ED6r+U_zZwb+;M4)19=kWb@q zAbh&lwJeEYy!8F;x~ozea*piWw2t;*j2~f)Pvbf+*Ks}8D=@i-Q3wkiS91cdniI%V zeNWZyk<6iK68V_650Et|AQ3#8J|<82(^_0O-PIq5vw@Fdj36n&PqERB!_W-(bLk8p z{F)ztCo_>%udtGy!>XIA`%XT0kgHxl)>u)qWti%RhWYV%Fw+fQ z944U+LjkyyDdD9HTpZ2m1k?2*2YDu_@l8;N;UN5;nKCns$NvtQTBjO?HZ2;$uqj&+ z#A1;tXvHE^UBgO!$yC`;Ev2TRUP=+fz5NK~6df$3RH0fX)iZq#UR|VV@doEiWIL)t z^+wT6b38=|bPpfdn;bs8uVF5mT84zz3>8=N)vy}gyXz0oS`e$;wGON_x#rII9au^o zIO+m(1_prZ{Tunv&jrBrWWn;=qpEbrekMNWI!+eT$gx`?T^GB1k(&Op|9SO0?AI=s zLJ6GOxB|r$YQ&xIUr&$ss=>O3jfasMi1^e`9Ah{MHtwh2ImVIAT|f^yhmJum3?KZ* z7Mk1+C-Et~ct2hsFYnh5i2h@E8Zr2g?=Ha4a2x~}-gfJ4o`k<`|NjQZ1FPBL)*Mln z1z~K@Vv}2#g2~$v$igcd0^t@l&dklxI)y-}mqH-ipH(a8}9asZX z6?)4$z(nMg&0BFg%HDH>iL&1}oOIa;wYU)54jiBWWCc_!4yrQpfC3# zoH0{PuY-Bohww{7F~YPf;e+#+c?SCHD)Zg&P*66`Ua_vI)(m`T;K`POe}o9?>N{Ra zmk;5n!SbPFIedD;sh;)6?~u&lx9~{DwKFMa3|KosJGSFcE{-y`gR3R(fEC&;Ct(}Z zVdSGHRq>B=)%X8hT}M9xhFvAzc=yU%j(mw-Lpp?A5u|8s~u! z4}lFDjyujulz$ru+Gsd~pkOdD1k#$aOLhJ=OcnZ4# zr`C|0VvHHihDYbAXN+5B!j755>866OP;6Yz?EHd{Z>{TkbY5NAZm7wFJiu2Fp~Pv8 zM4y^vd<$nBca%$VcZH=wLEnypSXBPcG7AJjZEP*ZXM3pm75ZN$za% z&^Mvff7v;NtB8;F*&@6^DA(M{tyQhZpP7G z7u_spH%nzYZ+CXH;RidZ9{e}A0LL|#&VxOai^0H-aUes^@ZJHX42SOmNHfS%pEx3+ z%9mlKd=AD7uKRZE>W6CW2G!IGN__m-^Sh#XGXEJQx2WS$o4moUHc zG5L~l+&s@Y^vn6~CBFNo-XYw68@ERwk<@sczKMe-qd4604St<~V;7yEo1_{sF1JW@ zd8U9_j$no1_`z8T^#8tqu{)7-GrsN8-4wFXX6osGKiU5QUD@*g0-*4PC^D(17i$1??aMsNg8~Ljc4z-b$CJ0Sf{CN#4}4L*j-&N3kbZLxj@p7A_0h*I zzG}5m2r|hhdi^*Sy75i*3HZ9u^MJp+RuT~rLqb1DMf9HVgN7oHLpyW%<8BatlD>X7 zvKtN}E&S_udvS%VM@csBn3lTen<)MAIWF^xGb>#947d5}IT74=aqZ)RY~1K3&!O<2 z(L`T$6Eyl9H+mV3K8N=&qY(nTs{4K1 z{lBC8eR%)x=pF^xxRLIW$lpbeaE;ed;}O(&9W_vZ(3h?;JPb8lWe>0d1Lq@Zj)1NF zD_jV7@uA^-|9oM_uWa`XpEyB(;ja1tv_GS(J_Z^}vT^5q?IgX0vU@Q>zTR^Vl;T4t z=oB~j0LDIv!uMlr6lCLu>%WPj2T-4{_v`v6=s&o@Lul|zls{rh*J_FHs9wG)v0Uwi_c3c6yF&y9=LwewtdIg`J7=x*$ z#ssZD4^XZ~K_33&E7#}$PzhC2U3t~ST|E?cu^JkW0IhvR+n#gR;~NFO(l(GS!lwNL z$t3J9`6L3k{B(S)rt47M(YkxfRka^s88vh#e~M*O0nRhy;}1+4&o8^DOd91v;y{md zshI~M-J;|4`qs(E7hk)*9sO^{yT0Z92bQ|`!%wU(^T*e#7chY9L=){cCimcAx8(gM zsMCi|p%+9T-XI9qg6`b@;TLEnyzHNO5C_iPt*|P6?YEV#_OIK)Bz~xzuIa<~I0|S3 zgy~XO2!vkl!l!bc=!GKP&0iU49qERJI!Nc6y%t%$R-xCOi|6O-EdYJ`ah=RYAeS) zKow#;(ehRfq<1{4@Z*)9ymhMC z;|{7jsAmXiW0U2zJJv&vb^G1!6&%slQT{o~zb6U@oK7C?QtqGS`t|?obC2Q65n%l1 zOq-adj`LZKVI(pAa688&&l^Q7<}sX6#{JK>bHx5JXF>C8d=?~vR5H-~kDTAq(82ay(zT6rqcysP2C{AMb4slzWKDh9vHD*pb#0yTXAGyW9M z>98|_^f7$;gyU*W33{)Wng&bNZ_8I7S3fIX4N>+z>zA$`MDm4!kBs0mT0@BGfdzwe z9PFn*I!EbQsMBR?aF=o2rO{eigpXcK7&Vttl^RT@JEGh{&Wn)#(e-1}b+~*rT{(!P zcBhklTY+FK7VL2ZY>4FuB-@kmaMOH8AQEj2w|6)y>dH$3)wc)MR(UD|sI4gw3&*?g)7cSA!0*F5rabseo8&FSfLN~&H+v zaI|;EF|tXdG_uipDzH9ZC39@@_@Ip)1%LZ3<$^9mxb> z8vtyP+{z%vML?r>sW?!*x-8(Ss4FV-ti)#36s;_(DRKnLJSzfqB~{g)%8EdZe{G4L zL~CO(5DT_9hq2eK!R9zd?ubM%oOHITq^KrPRZ?9SSj#P|Yq$~Cr$LO#2IA2zVMkNg zgiU%H_Fb*2*JDMx1u(co05@RLDoHc(S{zdxS#_yLK|&^d#Y{^6jxTP@~k%D z-V%%jBC(FPK%>+wUbR|xQ?(X;Uwm{j*cxaFw{`;Qn(+}tM|-d_-Wf3wxHxb-Kw^T% z5#AidP633#WNbfgA@}B~sL=?@2*4jo48^xNG_rB!P;6tkC)FPVsJ5ykP*GVEs4l82 zDOyohl73kqs3<8}SFp-RD+ORf}H!a{>RZGZT>zFOVXMl5iVSOsFLs+6a1X4m5?kWG&TeDywARW}uefpq&=k zQO-M(rYqZI_$8-ocSM@N9%P(2HaZeawk864SOyT&2X~Xkds#qPI2LG6wl!K6g}&BS)?=5; zSC?a_kbM*mBwDabEe>E?xINTk!6pP=5$cjmBwdujsZx`xS>veypRTOaI9a=Pt)n}X z2)A|es)M|05HD~9OG+-*9i@0cfWt8voWc=r7f)20g6xa0u3aIVB)l0jW!Rg{F%7?X zIAq&BYIMoIa(|h%oS6`{~euSh>`Y0 zfQ6DH*x4CK1e*hG!T82>UY1PVlqeXcs-$RTpt7ROpWcw_@*>azm=6=W{_I4cG1?xC z^#p*x%sc`u9q~l_rgp}LG$&hCUsTLYaBZ0hV^a*)R;?}ptB?(seJrY4;i;)AssV!q z_X%QMECSl2|abDQLDz%_4y5 z)R|K$4y>%G0z+s8Yk(#gk2bf5o3b&OiHK&W#g*l2!Go$xR;JojR11C-)zlOfuR(bn zG}<1)hJZx@TP-rZy|$#bB(QdkznZyl4Y)A#ZRWhF!E_I`u_GpIJp_3i1);Nm#SVdW zXzbEdx+NUzVBrGJFA&2XSt6>UI#pCvvZ|(NbpSIeE_HBfawyoTU)tpfaL!X)R0gTv z-X0DCtHE3{w#?S~Do;rnR>y)rJymdD2r-!=L`7IW9}KDLz`}*0Su-puE(X*BD@!Uo z01->#TNh&8fdFgrxQVm+seI6bDM`m^m;hFh^&3-Ij=$w9IU=m{U zd>q^YdARXV2c&gIADD8Q^chp*K`8HyFd0%yL+=$O!i%eGz{>-o2t-;tp#EAywX&)l zjKQK1wnjAh=sskBDr(CE!q%#FJ-|;xQgaDu3!%iathF&NdP7+yfLUF;YL&-lLng@- z*5*VY9_};^DW0(qAJZ3$8eaPX6R36y0!Lm|Qd7JJ8YR>}-bYmJ48rO6ln6vq1{+L)T47;a%sfjgjjWP5Izv%r#*E3)#$+NKcXUCM z0xyquhC|T^zTMs)>`p>;W~^9%&12!x3{^+~1SQQ8YyvmJjN@@AEJ@kSRFoIR_>j?5 z;DB_YnAu3BwgzYp1xheNGjqn}P*Znao};Y^Jd1A^$nQe=U35BhAP-IboZDJE9!M!A zTJ`fZlsE$IC<`ze<17bo; zk4({)Qj`HzsTx95TLO#{_`9U05)zM!0%8%c)nnz_;>wk<(po#jLSefB``gwLgItZn z=wk83d*z5>$w5|Zgya~N?EFA$mt~dJ)!`wujy39}K`_FcxZY<4+Fc+`2G3r#U;Pa(;FWJXr4L_T-W! zjL2dpvp~0#xi}qIhhf`?-4?K^HL6<1mFNI6xws>iXj%{!{YBfP0x>of!36OtW_zVc z#>N#`Nz`K0lmIX`v@yzNY#WRiuxGXrnSn762}blpO!y=^EDMFX-26Zu9-F`z16Uhh z9dXD*{>Hu|x22;koZHmQ>RorRC$~A8$mNOTgj%DH_LOSG;zVRlnWx+XgF~AvU;|yS z7qx;QM!V)pn2**3guk-!1X68FDMz}6BitJ7gt8q-ijtJVlp>xZYf5Q?1@GZHK+ROG zs`PEWSoV(2L??u*0FfoQxh1;5CR8AY62V58xZG7WR0WIB?0l0|3z%>q2hp7@va!=~ z@fw!a``s=o4O& zV6%y1-Qq$3_UraCGjWwuxTtF2%n zglQ01QC11vSoCz0C8YEK*bA_3#H3-S&}x|u?8HfHLspkyO-03?I@lX*F0S#wc!4Uy zOy5*7Q~ENPIs8K_JQYP%erO^va|6&iTRM`^fy7-TS}}7z_HS`yRR9j-C5bikDnPU z>jb=O?E8WB#m*XQt=f#KW*J}=!2p7$URzOASL7)ZRFQ31JZ~XeolJ-JniV4bi=op6 zii^_hk~^tpuPB4jL`3=R>)C90+P^j4*%X&nd zrHBP&nHO&xIPyj?Q}H*Ych~guT0pX-7CU~{7D4I8zG)O@?f`!g_!1bia6_xjs#;j2 zZ~%GAgy2_HR>G!h>Yi`eMy6*v%_YHk0;#2}@>G@A7s2-?ZWi9WMGNwTo)_WIYeA_E zc8kddTL;WZCeEs|C|jvctZ55^F#16(vyzexF2{_hJs9dv0wLfWV4oWH5r3rR49L62 zvw95+4W<2e?p}Fi_d7j>ZjOG!FJ_i61=%|5^;5 z^t6+O(GIQ~UYFgH*4yC+N`u{7ehb!>WW&PZ-R--%=w|N3fNTR0jW?3^f z09GdJbn_i8z+ZNo$sfr9pjn#=tBSccyftao z!mJ_~hSOG7uO)kGr&H+SDQEP=TiGWe`X%YUBPsG_=X9#IWqMfn!n%)sDH>9BJ@e4j z>|@b#Wr6KwT_v14?CGx8Zc9_-Lw6Q9udJ+1IgKG_%BmbKZJ?Djyo3;Wo(mRmluqnl zfd$rJseFJIOow^;lBX{V^kt#GEE2W~6A%##HcJHcOu1$`oy4}#I4;AdxQ$G~B3n4f zOR6ehX4$)t@J$uS(GlzlM&axQ*S8paaiF-Sstf@L))#eL!eMe12oRXI0<(pS_2pK% zI67PKac6Mz1e+urWC-{w*Fyg3QGtw8w`6TmRZ+PEQ>(`A@-E7xO>ZIN+yX}vcw-FW z?X-!DhFk4OVCESws}Yl8W(m6{*_LwGw8fhmo6OUsj%cWf%?WVO7*n)t49rI@CRybR zr;QVt5o)F?rhVNh$`PIC`gnBfXTu9?+{zVTpFRr*UNp zcCmm5w}R`*?f{VLtQ1;?8?Yf1hvk=oNQN?zmO=osL};eioG^~!XT$EQa&vz=bU;J= z@+q|ya$Uw`h65Ea`Vp*i8FP(IBhS=VYZvww#34p*9hj`c{2&C3B zMg&cUe#k@v-6y?QaG?PKwT`1_$7(602?A)LBs?e`t;seMp@k;OK?WRD0l!&k#aRW! zGOI{5)&?ar%sfPEby6%Y5DDRF?-x*1yjn1D%+aKakd7mOIl;ba)$WqivUQENCJr22Ii0K#8vy@i+iRRtMlES<&RkHv)%gg%3{L08_s9U$XwP zrK3IU(Box>GsHV*`l|yNPNO9J$QU`$(JHP6wg_bvtQ)ZdpbFYzDoDVl2829hq`B?l z=ocSM1xED`b~>Pqo%dTY0C!K-p=R__JXi2DAgqEROre! z1G}rWxUv>Xj^O4L(+t84{w*kU*2GgDmhvKBpvF@U%~L`WdUK@<8y7RZftt=h0Z^dr z>?OTSUOVC`O(LS#R#tmzJay3UEiHvHOH-7NX|Jg*FREY%3jl{$N*7*p52-+ybUY=* zgr#6?gi}*%u|(P`c4OA0iY=wXEKaS7op3Do6DSQ zAOSW5%(yl#2{`f*eBrbhaWa@1c6YQ1sF3K`$j2lX%ayDO42qTMRhgq=K0Kb~c4`X8L$Y)fHe)*Ma%F8$G<(ZnK$}p! z6SEgyWrbm7wbmTi%aoo%YPwME;B;vX0xda;1M~zmlBO`y^8)sAD9se{!KNm0=P?BJ z-n6&EH^CF@pLQY)vK z=qJDpyRPr?w1&-yxop-;)>A;krevoOF274+b7KycF~}eZ6jiORmf15SfW6k#iuH?XY6f#m z(_7voHNUAUL14R_-FFTML(@?Ps%c8X87TUsy#ww0IE`xu;>~cR#@mqK1iEU1FxFzI z5#p5{!eY+Cg9dklBNFTeG}uvYSJGJZu>p-Sm(vA=Q;TaGRtLweBsXbFW2og2BmllP zu-UI*E>xPQadl|i%oga88@v$&Q#QKdVpi0K!Z6`W~*u} zB9S+>cQeN+UA5@;B1aoTqN^K@&$doz9EcO+0)2p0HFGX&s{^abidI)c9q>UYa>7wH zQYcCsP_^5d8XduSD0=!*U}>~i)-tfSsQPvX@UJz|=zx>h%xd5bs;I86aE+7`Be zvoM>O)?%_r&{Np67>{a*YFGxqm~|eRcBjQU+ZxZXSsg*FEd%Vb`G`&+S&*@Po~ehK zDRkXP{{vK!NstP&#PdLH36y5m1axF%TTPuuz>%ZVN9+iOkWz|ar)~+8o#=UvP#lIt zJRUP z;dUbw3XC%O8$V3hMvT$aIi*am48a-BH0%a^7@u10oY zunl{*$z-X(0XSlSHEm5{NpNiwk`U0Rh!TD`h!sSIO#}C;py3R7X1~ScC$= zd-`i;KtKo1!WLv20H;$nwjk2WtX`N6>@hj0W_5c{Yj1-WL!bCIZfEOxWqz>sV& z844)}EtDrFU&#r_W`a~YTQ$kFB9hVAm}qQ8>*iQT64Df%=u^!cVn7rTCOSg$U2Pgu z%~w)}g~PMK$$I4opu;d(=}0suM3AC?%SD4BtXsJ8aPC8UZa8-jt42T46-m{wzB08`DJA*Kft6RHw87B8&X(b#6waN)-0q$&ySm(&ErTfCyI)KpgZ zdnW90ZH{$v7vj~K(qeU0JrX9QNopQ&d$hH}0gsh6A~_I_3oMuIMWkoK5>3_9`((NC zdGTDy0vqD6oH)T?;}-T$DJPnkx*Q4M1VcfH6D7!Nh;_xA@_0PJM<&l-%r_&_a4WZU zBH#?m3){)FV;?`RsEc$luHFQV7MLMho}MSxlL=RgN5ho^jWi6ImmZ5TOJfGK^iFPP z^(;96saNK343Q4R%w(H*hp^3>TjO*B*Wvy&_e`!W1O}iQBqY@T_Oi30*Lj)sI#VP2?NGIK{$&N ztd_hrZ6P)fcy;nQ6WMqZhj^1r?jh3>=jD{%Q<&7Iw@PmT#^VeWphYZ&yJ;Zl-M~uh zor6+LD&T#wX6mW%AbSVX47C6fKz{Vu#?fa~5~R}`qgTq9ZLTze-kBzOU7^+vSW}5c zYkX^vSqh=bFYWGj)Aj3{3}X>;k@56|o&+Bp-pf;{HFXKsNBF~Nwk%1X&*GqKJ@AwKf4nzJd`X)cal_9ixh zoyXyi)yfVmP>F(AtJGQ^<7I@iCO`+PcRqZ?8q#hz2GvRRF4WenBz-vOO-D zyzI7?Zhoq40Z!)&4@!+ap94lX!kr3Cn|o>QeN`ohKm$x*44Pqm zDZB}Q;S(0tiuC@4;JaXiOZC1Wwq>BF@=GKeib9=4^kF}6`xwE0le^VDcy%@g_Zq0C8Yf=$=Ym^7R} zwmE1x$?7v|$!QyKI-md}PkK4rE2xV>bb2e(doJd)eyyjHUMYAaf(hxVnd>`ShfK_H zm;;z{@=-?Au-7f{9>JS{-U7hT+$%}gHowjWC)s8kdxAF;`SOnN{4nQONJ5b4e2qOo z2yt+5exz2y1g{V+LX4Ng$daaw(>t)^%$6+bk$VgB2*Lx+(n&NNuqhmk>}bc?$aF%0 zoZA7=fwZY6Ih< z23s0LQap7Sd5t5D+{2lm=YWF)$v&J^qBlH!%i&wzBR-o1B@+o5Rz^J+AqV$teab{6 zsgB)$2!91ql*|1Ic+5TMO3LO+k@cZ7cB~;C03VxR-;|_2bKrD?IU?7MF$S=%#5>S} zKfaSfBA%1IhPdf$y$MRP_Xtdz?E@PUbmH)-Jh%^jhs`5*EvWGW2}gi8ZyAz8bwA?3TZ`6W{X2sDNi;ViJvWqnKfZ5F+Aic zW#6WY#8Q!$ye?6$(=Su?b#pn{D0NMy#p=I2i+P(GCOx5aS7Ib(j-#83g^{k8?m1nS zVJAx;_7bUAv!;ZPCUV|oWlaqNZ&T3Fa$xa_Y#47A>n@PD2~`?N;3Wa%%GcDcHPbg` z=Rti5cqzbU9Q7qdRb@DUTE=HUbt)AsTsi+9z#)(FYB?w}Uy|KN}M9ysGFL>HeuBNgE;NkoqWcFFk zaGQ@G>HOgE8ePxOoY^UR1h6UuFK`~RjcZ%yZ}r&xg#x^S@uvrqtlzUuNFS^`4HgJe zGHo#d@E1EcKQHrRq~$B*NTC^Im9IKX-Fw#H&$9or(fnZ&6S916k5kKQaJ-PAD?Tti zZ{ZibNPJ&WtT1>wqF^wh9&s6~t4W9vxyKDFznqa1Vc#P%aq+2*D88d$mU1lT!@mwJuN7^-XEmJy5qGMAOhXE0vmE+}*)9g!O`D9JX z8rTGe^rJtcVwxIKA;#YkvKV(p2_I>euO^sEA%Exu`4x!{B*aJy@u+eWkFtliCTwcj&A`HUTl&6dX*P;Q@FcYhE@~ zGPf#)FU;=Jh{E$>5`u6{%^r~Ck9_c~q1Q;i=>Y{)48{~JOc-#PRwnrkYbT%xpqjMT z0I(3mk~^}2pbcv^8hN0oXs0WsNUAU`(4+{SKbj$uaxxp*4S zgB*llqXDioO*H1+D)4P!7k+_AF!Yd+in>TA zg`XDnr7I+HcT2h+_kzeGBa=B2j!|)a42WJ}qd+Z1+7sigUyfowZY6a#At zBW8+scx8@ccBO|ES5h7Z6y z4RasA5MKDj*&Y1i=nj4t@!ByVP9W9Y0;((uA-b^$2p~>yV{mjZk54a8&j*u349En8 zz2$svBQs~#AQQsuxRVI&j*k`0W=}rTJ0*cIo2y{eL@S-FFGASphh&V<>!7B=01`$-i z2~b2(6a|qeqKxv@KD&OkR01`Z@NPuV9eF(j>UDcan*sbVSP+P-1OBN zz}T?i3>T}XFPXN?`a)Gi(53Ltlx*)Zl$) z*an`bqI}vIo@|CKU~K4f#PHo_SO><2K1U4SZ-xzEZ0K{Gb4axp9;`>%3xS8ID4(M@ zY~>7nju;+b9_zr^qt6k;z0I%zj17H`v(#X=8McADt0yH1Gu@0^4$Q}24>g- zLeN+12gY2!LExHZTy0h-(hS?cqfOKR9;2dsCEyx1!xj(%sRS_Q z@|A#Vu5s0Yv7xU7h7B`p0AoX6i3KyO)$uhw%IW|fw0U((RvxgUqN);%-e6AM;)DKr zqi+H0Mn43Eu%vHw83p>GWZS4gzoBu}fmoGXzFrtEw742T2;>q0jJd`x;myX?4}?Ij z8o-#VzndoX(YI7JzwE8le)zw(s33-Ywc*r?Z1&JHOsLJW>U~QYOBopUiM2(GPiKIi zQW3oSmX+_GB7=ieSSo^#RGGXG1rl%1_Wu&`+cfu*AH1X0qW}_jUu{0{g(x!ct0vp0 z3;yEUs+Ro+({1iqN4GG0}?L*@-goMQd|ZJ0|!m_Wjn zp1J&V25V@Hq{*0B?GK`&ns*fy`W% zpOaKbHb3A_TA8dJC#jj(0h#-(-Rsq*+>^-VSS?H`123>{D1fX=xe1^_o-?g}AdQmk z$aHq%C^H!)?s40gMg(-O1z=t3gK}W4oF=kNZfrYWcL|`)K#>I;MYNma!`v*!q2Ja zklhfR5cbuENCiR>!5Ol1ch3a*<^NMe*Qs`}DsVd~%w=z>MgO~hyQ&TUp+{MLzz^?G zos!iDJZHyBlwW;tp)IQq7#sT4hvA+vRNBCkcD9}Z4(~EvPr-$@^b{~Q^gV^)r!0s%FgEl( zh2ejjVFMT&`kwlW=JtZ+SO6z#jxsU8NhT`RQMgGE0rxUd^ALptCMtl$m6`X`HJI~4 zP{38(e<6ah`RaHA!6}Ughh+H!srl-y|l{T>P zc56o9?z@fGjBueX%?OMQeKTTsngvk@#)iHbF?^31Hh{6AZ^j>KZVy?G1@I3hY671y zQSq|E<+T#BGXiItsJWHGolR5#i7V3zhbs4x!5#2}CTcEHND4wke19{o0!X}~MSKL8 ziC`R}=Zt$&%3cq8b0(h&5<|oUfwxPP&(cBe4 zf|Ca?|IxGS2BH}X2~M;K=JP=d&y+#5(g@B|?oU|+{lHLzAtIP=-2Fh@$}KU{ z5x7?Y`>AIl5u!B6wyK1PhKVQ;52sc~sMTqfn!9LzQ%^k*R6eZ1f6smx!7 zN}r+H!K%RO4kL2DmQ0`1%j@TQl${iK=8Wo;EKT6)`WP+0G~q&9mL@PZ^h*=NpIQ)g zU~K4@CWg0|VFMT&`lb0#&F$ZoV*#9MZ*w$(tC^?(zTHI4j>6-EC~cJyb@R#K?rMd% z1QC$nWGBT9K175Y63pzklm&O?V<`N6QT>%N@c&p0{lGU`G96M54m)Xngn6J@ElZgD zs&=p{NbVFPavfXSplZvF^e7z*oMLS-7kHhD@*N8o+S0MW*wA+@hHF|7bzp4hI~K#0 z%&-BB4SmOMp^5BlITpZOOw`<4;lU;O3_f_=NTBcF} ziC5YaH|GQ`AZ|qqH7aFgEm^hv6y~L>(9#`p(1f70p6EE(wecedm2ibNhkiSOD)bQF9+n z_b@%m>mA^+CTarTZ=wQ75Se*jPu*-`?g}8miPg{a>~p5ooTP5nGk49mDcmE7YRNw; zwY3sWlsA344E8tn0*C(&qJ*h-vYxues1{xRfmG>GJsGOmA@D6N$_@n%b#mMA&Pp^} zkCSSPZu>x&QHZ<_JYbY!8W(hE%ao=nCk)K#i9W4ISrWiA=2fT4Hysq-J5-7CO9C#m zWk~>IL%$?2{BH}Q4vY=`lE83*88(2ipv@8|VgDFYLXe9Hf7_4EZjmTF+CBWk_r zkN$VIdM65L8X#4Z42f%Zt3yFpHv|#zk0xq9tMHwn4r!p`kvM-4w4xAu@c&w^X;B%# z(~Z6Wh5`wWgC55ZlhEMQ9 zXb_RuWkGa}!h3?~7YcW?Y?|*-xK9uP4=_=iG8}3mw}8%$IHZ!*!~9~F{K=CfjZs7i>S z!0KN{fy4Scmz?jST*0Xcm7fQRbUV~o(118rFYz}V2o zNf2MKAnL%_(60duuQJ01FgEmS;JcdJ&n?FSIMc3>P2f%@DuC}WQ4?4 zdOj*d06f-2%`+8#+(ZTNG7~kgQ}}HY6+jZrL{J=3&F_cwSl-Ymyri(H2cD}X&QCpD zXv@?CV?#gn7#?py)Pb>~pLz_BG{XikHuO{fr+Ss!^Lmu$<-q@#r~tmvI;#U*T}9=U z54?q`%?Ivmq5`qT!!Z5smC8{XWSGTarYyuiO#FdpI4#7DT8QuHQ66R7e^!?fQy^a`1>Q4C zaV$Et=@0q9o zE;Ui}d4&_T&@zcY63Sd_R@W>(9I^qDs93G3S!@%s0q$s`=4^$-CMu3l_#qQDKd$gn z6BR&;CLSr$_Lg7)q-dFJnA9(5HswwYe#tT%BAuUT2&EbhFIR`9jKcpdl2PVRQ@70L zynjxu{CAWdWnlpSb!K%+Zry?%K>g zc|G>B_T7pWK>=jiWH}M%6yt7Ej==58Lc{E&+~vvvhq`pA%eO3q4*n>HTx5WxS(1S_ zwy-)r<<6+7k^$t;nZIR8=2_JaRs|(E(%cuRuO%Ov(-YmKM_KW}n^lxw-rlg4GxW>b z8`g7%etCPtM$XVL?^z$La-6G2$q{(ixz#Dz)qvNHn>Ji%%dQ5D4Sm`ewk?P{FgEmQ zV>rhQ8^G9b?6il>upd~n*&Z?&rQP4{)6q^r5xDaxMMm|Y2yBc}WOQOs1fDcXkrByd zKG$=r&f23kdj;_CCTfzyRP$H>w>41{NFuUP5$fTlRRG^>q9*VH6BWRVOwfqCp^uMmZlJwERR2){=imX?&;XQHX%d zk!;QcwZCz@glY0GD^a<5f&PUqFV~ zRM6(|dQr@@gQCb@KtceEKP(P4oZd_JX&aI5Q0ER-$rx5FnR4K}% zBkCNu=Z_Wlt;)SzZPAi%jdU5_WiDI5r$=j&L@o^!1t+WqWs~|E`uvnSnZ#TJ{PQ02RrMj*=D%tv9r324l%CaJxZSdyDG{z z#X@J;${G5m!0<}*SO-ENU-1XVLHH?z>vH320AoWxg^ShT8)n!B-k_p<+TO60GxTX= z_*L^*2SOle1LGik+Hif*xEjFN(5HQy8vMx&+raH?70des7z?5UJT?lV-evTqpa}f(C`Cqul6mS*96z==8bGYd%zYKlQcoYTAPV61CTaq| zW1<3hi;0@RpPHxu5=3Uz?yTCaU0=ungK4fr5S*+p>GBZU)Escohe{!=$iq>HBkZln29>TD@;@X2_jSYUnCKf_ZWn*k})-btD4A7{H4ltRmcTM zn&N+BCD_x5-1CT=lps`KkP2LBR)cBZ`9#i2Rca@^v+A2m^(b8i{PvO6DS6TXd_-q6 ze_4VHZRs*#Z0NfT!wW2kIxsf$U54Q~X4nA6hQ7$nJdC~bq=1exhS4f_@5vGl9dpV#Rtrtd(gI=o|onkY`o>+p)8Il|It>^b`cA{}dJCcs zj17IKVR*F}Hh{6A@3iAJw?&p?0sN$in%67*mWc}BLndkhA2Cs}RN;$31e~NLlx_gN z$wUQknu(ggx0%Sj(m6=ow1Ycf$fmPc&wg2t6KdOZiTUYZ34F#x9Uy7Rg?X|@Lv)!P z`|V1wuMrhM$}dGADrzkvg8GXYx>Yjkq^dU$)uXg6@Y0j5ZGq>UT8Z*)3m4kbw!qlX zw=ISTS`c+$Z0Oq-!#QTy0LF&CZC5>|N@OQJ%0%p}aDP2csO{N3Lh+)YwnX8tf(ZD8 ziJHLYO;i}v8p`j;T{yI*4tCO`!~txYs0kc2Q2{){L`~qkOjH2hYoaFb3=C0fbQA=YwcdBPxJQqi6w{Mp>M| zP!{)ma)EMQYus(%>8Dj~FZVpa^K{40FKM{YmL(004gHeF@Cpl}4vY=`lE&~8X4nA6 zhJHzZQ*(RBax8!ko2dDs!sYBjR{%FNQ4_d@iHbQ2_YWdq%S27!ktQmD$C{`KJjX;u z+S?auoS(AL3t-5m^Q4}AS&!wFh?sW`sGz_J3UIX1OH;8Ch%z$Rc*`YrJx9W%|vY=U;fCqypN+r98Vcn z2Z-mAtJP)na!>@~TviY;j>E4YA4i=yVne@zykR3}=vR<8?9UnYySD_q;XuxCz!^TK zb$ZR}>Sq_HcbJFPI9xkLnJx=g8!jpk6(i3$#u zEjJ7;LhPZ{&3W+2->tT5*$i|rJSm7yPNL21Z3OY6%}4=!$wbW~l;}j`ZUXTkTWPwR z|3wKP6cymqKt$a5kjlV$LC_kDn;=)LO{^_EqNn9%cbqsd7pJL*`_=hF7DOAkye{1Q z%JPP-oS~moZ&=S6X7)Z8Y9nXp_rAx}@I}kfP2$6P>UU$SEalX=Wyxvz8sxNm!Z|IU z-BgWdE!$_?zyguG!RXXtaBu8HhyIl38KTTg8;w#qC$wTB+_ zjh)l-HOOiCgmYRxy9FB0`4)N`c>lPedc#)E&`0kL>p4T8kT-1P41JE5Xd+*<91GxA zOjN&7;q4}J^L&Axx_E3ASngGo{5YQU*cT;Me<`~nz4^$!+w8t#um1^?ap zq5y{In?%1=6e^fBtuF@=Q@gFrhL!&5AWG{e9+T?T7V8^_ zciS6?ZQ#JstnInL59=p2@*62!Xv;r>R(pX0?*r-RRIABN>FLrKyu( z^C#7LA$SKuonKoRqLm9^!Kzi*=jySXfQuDhsz;ei;1w#GSUaJw%itOlp4iuA@YP@p zyff&HxGZm5r3&O{dX%yQf2X1f+(g=Ai{#&9dqMH;SCL zx{S66iok7EG_iKt8C?c($bOUaA=h&u*DYi!A?*m<&>|TG5@cDYx`j+AnKeNiztD=5 zT|$+pLn(up>`ECp(7OxDQl*_}p%z#j5JX2S3`A~=sVUKFHgj#@1}dt0gV9z&5qQ%m z#dJ}753QVsRu>POnTHmzZlVtG@W^Sa%jms95qPqSq>0YzGKfR=P2@wa=R&Sq$W%g_ z2zZ!9G6*Eds)-m8N~Vd3<4wv{HV0Lr4y6n#vMXiaK<}DpmeTHNp%z$uEQqdC7>HaG z-8QM3^gruSb|T%6eS;}hApGCQ(ISrfERJCy zo=f^xm(gU4V;G3%N|8~BV>m=mAs;|wumaYsfE^$us}vc%OY@UkMBw>R zAsSsqgq*pT^p)->V5~}~{#_z(IFK{+?-CunTvfE=^(dEm;JsF&AuEj)V~DhwUU@bA zXHEAXR*3@0%!(H9IBWa@NRFbFPUUQkZ|@K%@JANsAaPExI0t>4gTK-Eeiz~dh6vnk z@V|98SivIb0M|580bE-}a-Xzcm%$D}kGh|3q7HBeT~o6AwpXa?Fw0V`@1}5m5CPw< zqSb4QZXCH}QuVhFcU*tlnWxn@vVMLv*a4p$&u+?;Duhk-C{Y1tsVM937(ID}ahwTesDL z(^ZtEI#y3E2zIwC{B01iT`aOLtphJrQI?$r$rdZy3`>r!R7Ail!dAO@6WQAZx$J$ABIeJvIVXy@-IU^`0q% zu<-kVYydqy24Oeo2eOQMdTbHw2jZ7iPsjH3GK>9kTkJH97^nTawQjhF+g@D2|DUm! z@ds6#36lL_ecf1Qglm54>lbRpbcxlTs=eRXR>$fFvoLHlDKYbPld1FrnZk*+Gp5?@ z8O7`gUyp23ZN-1~byGf({-e(bS-6#y4VS&Pl8)tv2+N&=*@mx_rEH}v<@&xR{)iq& zNB1e6$b1~B?Xp)YwUif8BtV5lG*+xX)>wP~82lm#*XlB$LZUg{N`!~(96p)sb@HK( ztADabFOn|Zw~e}r&mm*?kZqbtWDUjYX=*zvB{v|_;P2PQzIf~gXT9^1V$4?;sXGiQ zx@-hr97&bt>ExeotGNUGfQj0`vs5IH9`@@pfIstU=CKKtzqKY-N11QnViR?MpHor! z0;k<&w1T|`?*M0*s13Z)M4dFnziANi$(`Q6zS^O{jm+bsCx*L>jxfb0L3|^KfZtM) ze7A3;%YX>wG7Ka_`GFDf!6?M*F3wB(syOe_qZAGJvWbR(lQp}EwX;XM41S}+s*-6z zyn_}F?p8y2b_2XG;%apn;UV*o$J5t`lw(+r~r(fflUkig3{T3tqq zf+8?ZBlE~v^C5P5H4Z#XPf14t_f>kiuuSMOz;_u*-6FZjBIy9*Nc=~G4pDc^)5O|Y zle-KS=}Fne&*(DvwguP(-W~KNcNyGgdIfM*OGNk>>}nx5fqTSyOxvMBIJwK{6?Ucz~27e90sa*!Rl5GYU=jp>eOlxC4G~3nmKu=O}3eNQf(v7+!Hj;7_GsXhl57K zk$Qbh1?y!ZM7F!0lMOgEKTHLe>oKkevTx}*=?_KjuyHVdjB+BIZRTz^9@87>=k4CQ z4SciR%?|?CQc=E<{-GRiGDEl9)b!M7H}GK<<%7iVD`waN zLLlydF_&M3aNT8Gbzp4hH;r$q!GmVl1Y(%U`F7R5&#c_-UrkS~YAS8u2|;we!cPW~ z>nA;hwR9eEYqJ^v?rx$M@Msea06$`)mXBaytOyPWR=^<@$;R5(We}3_YeeGAFi{YfcE`w0x1~4SuCg}@f)3MSf!19(DyuXD}5C*lCb^+pX zLT&3VE*AyM)ZtRyySK7wV7tv0-k50LEr@uSF6hi51Hozp1uzKM~r?5 z2w@p&Jwxx_ALfd)i*XgeGfmWlmdl&m2m?dt?ozdv5}c&Ra%F%6c_$^$y{2S`c)!I| zq-L4@cU{%ywT!%UBJ698$Zg3>^we)nr477Wdruw;E_M$EyeBjBdHL*4_(tV%0`m#kaANW5eDu5w|`DqNy z5rr$)A^1UytCLPqsYY=EyIWN-@%pm&cc2(tV)QNMgByRjkAZz1OQ!{#r6OsbuZ%F* z*7ORdXfG4BnhFPlh!UQsqF!tam{QqafTY>eOUt;flHfYCFFmF^nFp z<*zjuzN`dN9AIqdx0uv$x!NhUZKicGo@#-#fbcC}Zdsz5rn!ci5ctH}sVjFG#K!Fz zD?4Mt`KRU4PWe%Ra+zziy$@`&F#_An1(wNb@)*XGo$==0^P9#ne$%oTuRDhEy3Uxe zi9jY}>X=GYw5P;i^o)7qOjT!&5#CJanXn)c&(p_LBBGuWgVEu6W0=tw<5?EoJ9J*k zR&LMmZ}g69JleB2-bA0r&DNtl{YzWhQJFS~KwG*jpJ28?3U?KgjwVC>0s&hBlx9wRGJ*!9Aa)IBs zjk*bZKt=g0)#BYNuCMP=9fb?{ZKLl1zo(+{xxS{Ha@7OIhW@HY5O$2~V| z)OT6*1@ImdwShNVLW96tOyn+XwFva0DLt!Um7#)P zOhVn=g^CL-a-njLFmj=C?(G`tq}r*s)too9^k+0`Wvt-M)snIv^19Z!SYacMT&$dX zZ;17NA1hi1s#X~*cp!;&*u|P!=VFD8IC8Oa?(z`pV?I{2J`lwUz95P9co%DGor@JV z;>g9yxw}KGOMR?pT^Gd){!S9B|At;_or@JV;>g9yxfepL3;JAT(E4>0EBG%eo1)vm zMXzt33l=&8$py=~&2+z%#kJ6TLu*CVDjOEOw#o>$`}*d&V4)+BT(F$$55X?>-q6}5 z3KqP7671Js-#iyAbOe$MmUCYY!7lOM(0Wf4Eco;!*jr!UJQpl-V3-fGi}_4Qt821+y!`HF}hr2;ir7uTIG$Jz!Tw`I`vO)q?9v;~E0ST>ie| zT8-y=i>m-$Zd`m)z;e1#wQmbnz)Q`_JsG-Fwf8fXVPjPAjHAGf~$?F0A6dN2Jjdo za`W*8)h4BK?@5a?U3I90+^m)FKKE|cmK)<{?dNLqdyA$3K4qdd@L&tjy<}LjYZcB9 z^e8g|eAz@z;1uP~&xq%0d9F^5%eTMhs>2lr;cu(&)Tn=C(HFo;R+;(0$tH3=@Jl6l zBoG1rV4?n$Hw@`<}t zL~qce5CPw4q6YBGMl?T-=w{8}7v{bRe8@y@CtOW^>|nlzfrqNE-eYwJU$p?-zB@xH zwlS&#INL;R;I&3HW@8kZk=!d?KEdrp>CBbA%GB+lmfR~{_xk3!D>`%plDqxj9IY$C zesMyV5tA~hc9uxfDZ}YMompun|UXp)Y(}75oi)lobK|i;0@Ry)~}5 zLgwv(4$Nz@O+IUKX({z zX@)J}9x5sgTU|!ynqm|9jZun>9uJDZXGbYAdM+peUo}w+IQ6YnhE+6-c2cRlQv%#` zlp>=8gCekPq89L-qih-7Zi-FdPfXMTHn)faWb}TON`Szhj8bGYZ_CPD6oKzmQI#^I z&jm%`S54Fces`2Dqcd$)HGy$^_~l4@&`jkI2=IsDynQ5oo|YD;CDtTGI}H^0uQkk z=m6=C$_b-WO|cH7JESVWJ#4b;Kw6`sV{}na1THpF2lzu1)q!ubF6jXGFi{=YFi{71 zjEU;NvrND@KqI+Z(HtFzKMunRm-LTPBT#pNYP63IU9@jYGsH2|3N4ESv{^-J8}6-Cam~c z`Q+h5eexh^l0Jh#?K$g@0{AZzwG3K5MW4dSCTam!HBkXv(?l)c+A3P9c4Dm;%qg`E zy9n10`XRLn{Z?1Oe_43$^7y=}Y-1|Tl;vVQMd!;RNL7BOF)*2O*#|x`c6bXnt9ZVx zN4Z)8U*5brRW2p}*9E*`3&XA&%3TKVa}igo%Losd+mV#Myk&s@gT_Au{FsV*U-)G3 znV{!Ax*PlXs{KAamh0uLn*R*SPqb2hwu-epdn=utIWsEBK6;co13$9qcy*qx2HOQg z;0`LvPf$(IP7H>?Y2zB6ut62i$Mqx{O{iX|8wh@P6~q z0xmF70bFFFIxwd9S8C|b35Gxj3N{>apxY@a-y-#R&YPisYM$BV7j1 znDCU5E`z_B@U(Nf44w-@|MuEvHJv*wEw={{*^iY+?osYj_;3&b31w34#6|ug#9!3S zwCPnl$g9ff-3o^Pqx6C*m*oLZQNziykn-=vr`EYwaIg_Z?iJjY>S?YXB~p*i5Z+p~6NOxloT&Pgm-3Qtjl-d+}(EM6rS|NMiNx#i!P}SYacMT&!PJ zPrnYaX5NcO>$WIX@Q;#Mhr6}pUuvC;6*l6?#rlkTnx=2ANnJDV#iR9_YL`6#o}!kt ztA8&(wa&!~8*$`f-BLZx4Y6k4i$`m=YW4b6@&0-wR=-)K*11?=CXQUJ$El~!>QU;N zc`qKVb5*O16}(7ghm&A4@5QI) zxnQ9qkX*2@s;g~uW0uNh-it?THPtFB3*Jy=R5tTod}^Kx7CHjS1-rMpIx_^Dc`qKV zP82Nom?YTDd-17xE?DRYBp2+Q4XRD%06oeL4Dcuw$>T`>S%B28tTl%7)UbRUd7^aj z^4(-3tBq%kTe&As%@(g;Nxq^-2^M&Ri3WiWsz`pN;EXPV*&18^J`e|Y7+VV%8~WQQ z=r^~T$vq8&EmSD?KEPdLy)@0gsrQ*?=e}=@3NGZ~rvD*Rl$I)AIY;1$#_g(n|9VwG zf6${;8Th1$n!v5B$|oP)WpJ4a^HqL}o<+Ni3w)rSlUf1KGY?Wz1{Vaqw0w^y@#o&3 zPZL_Lb~5kbpUivsWcal5iO&1Wch5GvBIz3A5fIl!%6ZnbEs@U^og6m2% zYym&6hVqGKV9e$F6Rxgt)q!6&Q41Jz`P=+&s{vV*(+7Uk$U49U8f))1pTPx|fV(fh zP0M|k^;#SFLlx!g`WhtaAgE&VY1uGMO&G7A4Exx+O{c{K<8uthfvB=EAr z@>Nt-xFje73A|Ed^oXS~3?#%#kx>YEID}du0zTFPt^+@0am)u&f4N!!iMsSC-*;7; zF9cg4QCEtL{$n}J2NHFq$SCA6Kh0sT#=h3n>Wn-C08;7YY9r;htr!v}U#((Hy;Yqd z!J^K1iDlUYE?u*VK^YhxVQI?WimWv5)}v}NWF{pEASJ*(g|mAfbS8kJ3{o!z_r&wOGdHP7AmK}R6D`@TEX)k`7R%x5#udMFAO{Ffxy%x5!F z^IWjd5lAlBU33{8ZQbp*IaGF6)v~PMPuMCP1U{i6xi=i?G6?kUEqbW-GO8AE*hHP0 z#y7{}bXPZ4<$b2o1pdrK9pGwhjAcnM z<*Vg68_S0pyGV#>vV6*-I)jAJCd)J6>I@Pbu2cql$)xIJ>iSn2EXwjA4tU_|m9pI4 zesSbm$u`v!{#$pPweRu6lxR-KWX%alw+sTE1oH3+%c@>YWcu&Z5yUGw1f zs^C8Lg-TOZmXjiHw{e%@pjkG6kg4Wagt1!YEhSFRwH!M>Ay*l!t{)vO!y7`hK=?J< z)W;Y};3u}0By!f7+*Z<@*0wyn2wRC7Jm+zi!{ku<8E9MyoQ8pu%H=&0WAsQNuse}?L2N42|B&3RK5 zuiREZMPWpg=912+{3;Mucoh*4BB}5#E&v?w9RdJ0RV4fH$0q$jccH)Qu_sL9IzTP3 zlv`Hpo>4my0inw5)ev0~qJoG-GiB+j_H|}e2Y$sw1@L<+l1wg~be=AQPln}ip<51+ zVJW?z+GUo*4eIAn3!wx2y@^^7U2dDK+mj$VXbtNXZ{>RBCiM}5E`W!w3DMx7x`j}# z1i(*NL8=C^XmI?1r_49-P(39D|M;X6l=U1v_JppV60+swo^k7qyD6dgfbPr? zED#TwHakT5@6x066hvg7X|p?2`(CpufDfohviamBYIo-(R3s^0K8da6;E>|wF2y-&fu%&5+GPUY$63|A zRUOCVl)Z}V@2DD{s*$1cSCNC1ir1J@J6>CI=OiLt8M0@I2!{kJB399NZ9?7RZ8&!w z@2=zBb-cTdch^bR8yiBHsR9@h9`q3m`UnPz;2oA-0Sq-5^g+2DI z1#le`wWjMOXNFyRTEJ~oBu)I|vNdv18bOQ)cb_L;h(pq5-6s~BZ7H|y}Np&Bo@n~UMDET94 zq_xyiikaGF>iY)ubFGEY@lSL*5RtpQ4*HbFLfd9u8o~W(;~wHvmNvi zM>XK71~OEB55B-rH9S=#L*?(}(}K!hweeK_87hA#f5zHXSAS5Cat8(csEG>T$4%4% zepW>?spm~NS0{5}nAG#!q(X+J+$3Okq1uTE2vuewEmYSVOk;U>Afg>NCx zjvulB3gDwEk|sWXLS54u4rMvtl_e$98{m{s8X3BIp;|yZWUBQmjc8MQH=qL%`Dd!N zv1)H&Rt0by6-kO0OyH_{U`Ual%L}cPl4*)5p`-}iz9B^*9x^GuMI++IO!9$Q7NiNo7`Q#k@1(ii#p!~>lQWK?pqMCyTR8~H*FF#GTdv`1sSmfTI;T&P)-k_PXe8oIf zkFr>StDC3}T-QYNfp1mOgxYCqZMsrLw!I!pSsFN0*vai#YL>ZUo338=T%qEVUy{XY zS9K<$DZ1{~v-LNex}Tv$KeJ4lp2)pk#p=gqHQ!sg_ma{6Rj>j+Vxj{0q>7|y(@5ma znn)>2GfC}a<}h2`@-KieWwzPhspFljwoQmaAzewZnrBw?pVyfPR<0!5srIgB)dJ2j zQ2{(yMUwtHkWUOH(aS?9Oll`3!R$5bk^%@*rX>5Q<6l@zO^7IsJm?6HD})tc3o-DY zMl^hrMgpPqE${^kvIPw8Tr1zCoOc*^0ld#db>N>&)ByfXMN-~%iRvK@p_HZhL4}>H z)6^`pbRSYL!D_Cznu}jbk-b5C#8C}+s(}oZf3fwLqw4om{TV9%R>L2Z>iWr5!K5>w zBAZOJq>~_TY+!{~5dk5RvV70I*MZ}2gaCjyo2UTZp(2^#^**Pw{f#i|`dBN>eQGC* z3bU_TzZO84GK=aKb^Plo)M-9@H<`;5bbV6O(F_JO;6+&>~2c1mk|}f z15_kcTK^(V^E07J>xcSOD5cVS;gn8_2ip~)ct9LviuVqU=c5*C6C!fYG}#5J{iR?9 z{HciwW?|nD5%Aq1Y{3Rsz!$D z`)+UfU!~%&&q|X)MU69kcb5xbE>?K$tIY*MB$IWk3*ep=t4?@AkFtV*e^!yK(dnyb zqplWu7|0)?F4fYmO4+q5QxDRW(|cW+x>5bqmFcJc?$eMrwJ_bLv_xOO-l<1<{R;fE zimDf@DYrLlvaSnWeNacFM|6TDYSFO}Tu|H4liB|rFoETsZC z!(7hlf^l8`H7Ib%vRIZVc2-XxH~Q0SVE%xv{OyyP=Q`aLtf?F)>QQbnf#;}b`Pxaf zGc(@^r$eV`IPwz#eUqopoIHJ#t=H`$P7Xd0 zlIJSrr^IK3^T=5nql{f8RG{xAN^))BA$qFXWf`?qDvH3tQHqR?3W~sEM=3J8Fen1A z8l|WMci7epTR@_$9uzW~7Zia+St&9)CMW`lvQlJpQcwiOG5c$a>endl{~zl7|2kO= znNCR-7+0z7HnPQ9rdzDMZQx%`)C4}GqN+g|y$}?EFOE{wfgKhr`j#H$RR<8~eYF8# z%;l#Ut|i7*2gZi}D@hpMs)iG5lQ-`&c)-{S;L|3mllXH%1jMJ@Eb7T{&=0>)*Q3l4 z@ZBbw2RvIvRjC7sB0amO8Mc5B$OZcIBMf3TU&ETR%r>?nJm90b@fy zuLN@;&T98dLvIYJi0nPCeEL3tq=W)QRaTEO;gW2*zdYoZn~=JMr% z>tHi%00~AO+W}*)u`AXvu6|%_=r1={s==rASia~6f7!?i;MY|oFE0IWT@2{SBlIZ0 zz`S(0%ZNl|rvQe~O2za(WhBPyIA?^%HHB)xO<@bZjezrJMT@OATB2SOlzUl?W(v-xES+d0P8 z0LF%X4PuBJxoiPrL%#;S;XuyN-}3!ZLquD81^Bo{?|Q{s+5BRapWme`R!elcakqhk zCYlF4LPg_q%`w9k5Q5&KVGy(V4j{5Ejjaxh4gF+exUm^FfU%*UYz$X0!+v0F=qDS) ziDozej1B!{uc`)X=y3yiAlENnJl=lhqUtSx?PhLxVod}azQ4BNnes!TC{l@yGX~G~ z4fOsXi&~aus8jh(#xs*=f~CjOF5SKl);NbOQP+v6;7Yb{AXfSAxnDc+PkNMFY~YhB z8sG5uX4nEkAd3hXbNQwth~FAl9T*$>ro-@IGi(53L*H~55})iaz}V0?oi`lF8TzKf zkoZ=S$JM=tsXDET{5P7)s?sctSb-C`lSkk{LY`_i+D)#N7AyPzTEW`D+f|gGZVYcR z!xj(%nQmar<)<62n~bXtj1B#CWB7eDYyj~r6A6sDdk2;=IYbu95{1>X=6?EEOoKB zCD#Uym}oBWQWfQA9khOgqeRySxt z^yj#I^!F>rF|cFoS}~%!=IbSIxzM)cBl`TVFQR~X#il%<=4~_<+$Cr z+Q2(hlusK&KE)$%@cHKuSB7qhC&cPKJq2Y3W(=?TyTBFxLQC6dfOL+m~HIH zE;qJ1FgEmaL>Nb!VFP%Ai3WfKQ$D2x$NYZY;740(4U7%_UU<5C|5%6u_;C{zKscvJ zV3$nVW@C9j9uaOPmv=P1GwDrn>T0>#`{k#Ax~aSJgH9q&U9My<izf*VruQKdv#lCEnbJqt{$RKKDtn!UKOF8#6?ly2Q6)me_D`)7N9gn-1$2u_f z=$jow+{h&Z7#sR7-p%Fc-c+5gDqC1kZQzzF%9p_#wsMBP3>a=~9_zr^qb~!7xREjd zV?$qtsp@GR^VkNiJ8q8Nu$43PIbyhmd8`9tk3L5XaU(ebV?&=~O+Bq-9^1f`$ITJL z70s{(gg}A-##}z_CHgt>@7ZV9+rVc{)DL`KMfv`M>lbF&0z%Nc&@hPE#*XYkW2*xp zkc-29;F!!$5~1;Ve5nr*0@)OSF_)jW`!t}X7MR=OP=QdcML?|bC0wdsZ|E9#8+fgX z#y6a3hAkijv7PBs#N}L1(jN(3!pr zI%_S1&eUbl(U}RFnY_YDMdLICQ(Z1A-w@u=S}-tHdG*#3nCD!d~2w!ANN!`vLr(%j}-j&0!8CYlTUyo$!y z9Q5q@X4nEk(3@`tF`J)nB5N319T*$>`Nr@)X4nAYStbM+bNLp4YqoLq17kzq0vH}* zh66x6mzx7PCi87^x{{ow$7*w61cx*WuscdIZ5HUzmdybe40FwLoBrC!efFy(ZQ#b1 zXA{UTX5^a%uE&k51>D5AI>4CAw~FVg!?l@l4FY2>-#wnI0atA3Tjfbj?a+rT9z8UTJ7S9)({ z<-#got`juAvn|dx@aHC)2YgsX<8yu63|l}5dZlL&v-#2!*+s@y2gZiJ^cbFJh7DkB z=u3~`=gqJm7#sRc0z(p$9RL^``s*~mScbMtHt-h~gqv({WfO!|eu9?hPlpW~cN=(= zipDp*J^c0<5Q6gN1RRt3i6x4AjI0iXK-%P*5e6}vpKaLCmYa28Z0Kj(8}{c6{cL-~ zft;bA?He`W!?f193x292mGDnGGfMtRXGY0C>C7nImfrol$of(}poZ2`I!Bm&a$~S~Jv=)pFm!$=*>0`sOo1O(H8xD{j z9<}yjwz1b9dx1RZ1i}_?3o+T)+X7nUQ^q|rPda_kY!kyYzllAQEWgZ?&QxWr7|

_fzI5KuCM!1dlZ7FDA{z&gkmHt#$$ZN|c7*lcxXm1s`DTU;tqHa5-P0~~2vycA z5VQQUyI+4ZWNVAG4ct*h;~W0Neutz5grHon;F!#(NEFW)Sse&LS$uFz=8F#*+Ol4O zv7v7PZe$a(bZ^%t7&Hsh?`7KZeRtXCi*$1M|+`Ido<4wmaYFe1yQ6&M@(7Vw7I z@O{&H!-1Sfzg~~jeE(OElBB!7W^~+o&FHxGn$bzSsD=*F%X$S8Vt&1PLn~cu=u77f zZL(rRKUo;kC$e6FgdDd_Oy*k#vU9Ef#%<=9%r`S+XicbX7Ypo_Ed{lb{{+plED=rOM~Rr`1C(Aq$Lac)@+TRB6&@V&=+&d_f^(>26jhfsk_ zRg@3a8@6(WK2!|1F^_d11QX;dbl^COWeLBLGxU2nQJ^g!xB?AzUK;QA|9bK6%N0`hwp)r2rQ zIVjQ%96fytdaO#W%zS8E{6?_cx&ZlI3;A;Rm>7$o$%EYocK|Ii98jtEh^6I^@Uxw_wm>;?}A)FPb zU&R0EwqkWJE}!2#lli*8(41Kha^B-9!GWwSLKJUI2e!S#_B8M}mlyR^V{m4(k`y7US4#Uth6JiJ_$Ago(maC2D9`f8np4(lf29*0A@coGAtYf6|=RfuA)|2S|t|ecb~7dr$=8u~MXsIetbB_!y+j8<4+GC<_^Qx6v2C z=S(yRe91%w@Y8nL90XDk@dzZ;%+|5I7Wh&lIuwYt>?V&5cNqmP_oDh=OqPD^zWi`c zpW@lZ-vNG5Me>&uN4gBI40@E3!SoJ<5$M@NN_J1AnTbvO)YZg6jq|YylyV>(%E+7{qM;1t@I% zxVyXn1wtTfH)q-Wt>yy#bk%sXzJ{DW$$>`Les2SS9)3=~+nbi;w!jit# zWfbV$Ztv;q&^L^J5C~zlj2Q)b_wvHiH=uu$(RY9lmGu6ud9fDwF)MTd+|#(4z zc7_=iz}gg7@E{X)AUerJ1u$^C%0WbA;vN_UNtPUE>0AA+ z@PP~9Z%i}{d_+Z608i0Y*zDu5SH|?Hc>;L z=~^PV)vOBO-6rZl^pc4RVBmIL3lWj!gQT4}o}`bWKV*-j3m|{2M{YlE)Uz`zA~yxs zs7kOZu;NoRa%%$&M6OkSr$l_{qr4pfuVDT=z^N+g-HtF=JLr)p$CN7EXw2x_L4F-| zqZMaOUAGH6MBzpw)`F8G+8dgCSEkSEn;SRUn;Zr3dnRfF?=;aMZ+#5fL^1$T7tw)(*;O|XT2j0APrCrUiktl#`jv2Oq5Xjd6fiahVQ2^2q>T%;jGaz;%IsnyFmLUBzG4qwMc1YjPLru~fTWF%C*un)VAC;)-vs&d3fA z#G|}^IsYv9cT~=v@U+BfPnde`2~)Sbs=EO_=0e+E&+QdL1J+G6NDLphqRw+W)Onh+80*fW+|KC2;2 zv=9p5ZYCNgDniLTMZ7-ArK|yY5th6M026JLn|HeU`xZbu4f_r~^?<1qzz0p_wp4xI zS9^ofEiWI-I6?jxBV#@)BWn}5g{n@fol@JtEuQIm7OmXJ(^8#@wNqCglW3+AmXVzz zkuiRY%B8u1_(YZQ)e*Fn4|hZh^^dCEtw*UR z@U^LwxC5O0#!6JxlhIQ;CzP8uhaleF1#VMDBI%7FxFh^e7uH@G>o)>~~+8`)M8gFcvZ(u*{_Z z{;6swPdAqgb{TD=QhC!Ch}TLHw|JVgk4kAuMXMQUkX&R18T)}w5jV~i1b@QR3gAU1 z8uT@E*Rs#4^Y4UEf%uTCG(@);cL8Kla@X>NyZn{}MvSp z*|$?|tflN|4;oQ1r10nOhj~?K5elytjF$y|d5;epf#mmcN1XhOL~Tzgxrbz51?TncznH-rqja z8<4+IJauvvbE$WRzCHd2J(jZfXqbHFuasSBHCKvF+p^K!V7|Ep~CBf=$i^32qN;{MDrHSs2I8#zJKk;n;&D3GVsM@~p|C-QV2GVzU! z5noT9iLWQm#MhH&;_JyX@%7|m#rLw-QKsVNkyL3VolT0CTZ$yQLey|zdTc^%PB)#H zQby9x>k2CQ!E{uqM-i^Ftz%9X{5h4$OBf(?*=w(~P(5K$s5!~XAW|vFSQZ1R4t2SuR)?h&qnLshTL+kaB)vW+N zYNEk3e7P+nc>d0#h=42xp-+q0r&+8KvH^x{hSKJcmjv_%KOHOXfFYZqwDw}?Lmwja z5T|?7h(PF2t4P>5v_8<#1I1PBl@R&5mGYC&%5HwhtD-1txO){V$TZm#dBR z?K0C{F#oD*6D)*+5cV+gBAvX<7EY6M!IG_cb0vT?>E!ojyxzNE(p_IUrH$Ay4 z!TXeSksjrZtOaMKshpZ9Njtrsirk96<_eke$d~oztn`i^mD4>p@tGw|l`?^)D&zU& zb6VdI#rU8r#^?1UN*SN2O77P!Ql0XPi(}Q|>xs)8U#gP{D^(fK0@wNA|G<4_)nsg@tLaR zLQi!ht|eoYVv5E?Tsgi}ClgkxGM>xX>hf?s%7^xj)9YT?iR$UzkXrR#rlxj1;aHY? ztG@}gL%QIDR3?97d!);tW5QELx`R3h(H3|;S)-m<6TQ^y0<{Z&cd6qy*Usx%O{%R} z>+7b5m2@oIk6QS$dosAhgpw$Ot4$~gTL7? zSfyA_;~}mbU#gP{D^(fKC4aJUhfs=hC#1I$vI(B+>a(d@U@3v5cA3~xtMbjj)GYS~ zVQMEi6_hcxkI#kHu28C*^Ofpk(nwXtbIA=Lf2%t8+VD2LGkn2rG26hSR<0tKyFTDC zDyp7YFbP)(hIU2nYF3PJ)yRH z7d+Ga6+mWG-c@Pq*`c77&SXi(1WnMQPN?nH1+Q&|E`Us)IM_qaGI0~g|gfg8B-eN*Ybe0Z6zy*GfiS^PBoTGwM^e8I; z_>ze_z*kjNU1k_P96n76d_+Z+BBP!4CM5H=`wTS*pUiBZqoM^y--PHX6SaYVH<7!9 zc@_8O?30?rvhreX9FQ9Xu2Q01~d4Zl|e-61Xt0R^Q*W7z*Gk zCK@ChVvr}1z|UI*1u*k9)}-0+1<_?1j^bTJEU~w8@(x8DND(6ZwPy?SsAWb87}`89$d6`=`Zc= zI9A$qytv@%6(S`YRY%yyEg5w39?vF^%Y>zj$SEhJ$ZZZ3q$$g;l2S?|rEH=#7SXQO zMQtE4%VP~sr0`86Y6EXFQ62c~xLiNcvk#bI0esj*P2jIhztvyqu}VQIr&Q7}Nk%9emU77++MkyQ=K1LT2* zMX0Q)PZ3#*BJf1vednD2|J*z0+-cS4{Gi`={`cF@a?iapxz}^%i+DE>C=&Xv^nH6; zi{NvK^_?VphK0(=wgDOzWQO#xkqzbC8r_9MEV6vRN|v#idgoKT&)QCs{h5Wz$UX^3 zhsDM-p`2?yxxX2B&w}4J96`3W+jbnU+BnL|(v2w( zTPIkjPs5AX^`Vf@GOld>4L-q>i?Vl~rI@hR~nD zerlm4S(=ZzxLg3~C83tv$G?Sph9Rd5SA>VASS#N2@I}0{>Q2y}V67y{((uqABg>_$NH&EC2mHf{{%T=Qq+5JhEA=ZdtCF=J*esEir1Z&|34?98!7 z+GNAlJfJbl#3itCm$j87JI!iUkv+~rNwUXV$eUL;z~PQ_rFZO5BuWf%_amS1EMB5$-ARFFN>LS6=)ICP#B@otCq;L!K1 zNW~AqJ`+M@U$Bs8C^*23@kyXEBgoDHWQIRmCxwD!m*fbtRTm19opfMyLa{X+sJJG( zFh`KBvQUuhMLB}*bZ2tKHk5L*$6II_S!Ss6E$?A#u@x*Q%M6VmTaBS0*@JDs%g8cm zqsvyY6)Yz^$3n}q&jB6@ba%`*(<;eaPw_3GazBtC&ILgVM3{&cgojk)4TYWY*KJ-l{0a=El zbjhD>Ln|lC(Bf_iutIy-$V$lm(n3{akAQJC#Y%eE;yWQ_BTAMT7(uoex17ewGHlT$ zo3R;`kS(;g$E(P$0c1R|#Z+VV#2;WRv>`1uZ^_?fQ(Z>(J_{xNJeM(}OKtBJ_mF3V zG6xveBR2kJzXlsd>aD$ultV;4D}X$oFD9E-#=uf4G1ic=#O!S!M`FxMc6E%H;l^xP z850MGyaZ@8`3bh7=ZyA)I&(CGVs9#4@)z0yo`Xl-gmZ_z^L^VDl?$ z5thBuFT1zhhH-DvF1JR{4Q?XCT** zn%Ax+g}J8U=D%x8FJG=P4Z7B17rG6|?Qxr9k}Mx6IW#zDG#%V)=S7n2{kDSVjHb)T zcYAJ81BkOTWa7Jh5wjLhYmd-B*|8D-v~)=*M)vZEm>W|905|Ni-yypci;xUbvekgp zLRQhk*4?2X+52+@*?Kw@bmLeEAZ10WXudCmd_&%V<5LB1wp!i>fWDrFPqn&|{}V7- zjL7mmgmNZuqh_1SfmDy|cpNjOVr!B$UqN+*CDet-v=sLkiBQ3IV4Y%BKz`T1~Q3RBVcHY(y{{}8&&ilZa~Ez8$=1& zsG|Q+Br0yOilt&aeZp)#^}TPR8P#}+Ch`+Ex|-vawV2z>!| z6iO%_$AK*bRezZ`75wZ_jO-;AD(eIL1gILt9_+@-YKjC*~J!0vB*1F+bO0O+D^G+?MJk2wJLor@6_r0TIy?g*FVgD zfvxtO9`cKT?I=GgSQYHM9GfS{+&l&kHv@6lBu=&pvdtD+LiU3rwl@E0 zi_$Xx$VL_Y`A5Ys5R9yLWTT4y{G;M~RYLP@gE zSg4ZhW(y_BzHgyQvWzQcdbA*zYr>%1?z#(yehDg@i(AglC-iN2mxq%Lp5yiWC>)(& zV=N;((L&`%gDtmE8QDb^DqjKiLJO6VU2h>i0M>@P1&8)3vSW{I+CodnUV7x##vW}^ zTE-sPsG>jisJOlLSVA_c=#M=rer^*iB^y=r$KJ*8^lj@gN%mOeC_4bM^DUGlyTU?c zWScFNB>N2um62s!F=MX*!E}W|*?t1^9UPhp!!oS8*LuThkc*U^k`+V2CM>js?CXHy zPw2EoY3Wq5QANK~srU(kkp+cpRMGELD!ywKOUXtR{Z6e%B26~OB-w9TsEq7J3nj@u zVxcm!k6I{6_B9KYk!4&lojM!R%dD1n)4dy=dA}Vk6=bW5IW3ovePhbj<{)iRTDpsD zRMGD)D&A^?C?OkF^t+3S*IC6#7ug(>WZRIV%t5lNEtDjCorTKCUT>i! z*@rAtM)qL~CCM_>n41tw5npE*r#me#!=al&0@J2vnN zvhP}Raj)F*70crk{o&v%mc%Lg!@*Z9jZ^f8!xkhmZ7PR+1=+QL%nHTUH$y?PkLL)w zRiuZbtYSIYb1hUxmTr_&`BfSOF0_K>WTQ^~LJmOTC97CL_SNakbP3s`W^8S8(-x&= za+8fJ<`3dE8$=1&sG{GS^!SQZEF~LN^n3GdVzIPLu-rNna~G~$E?E&vd_)3btXIJsI3i3+M=}7nQT^kx-pKLrsrtH_6H-fh1@h`(noSCAcfoGmEXJpsiRl(r}> z1tl9*^b1PGq1Iyw*{GslP%3_8qc0^JRrCv52v3u&#|p9wEVP7dIiUEoX^Ya5Hrc46 zpEeawupUduMiu?EsW{mxmXeJs`e}D#9k>ZpO&_px?3i3a_B=rGY10;^C2g`%ML%sS z{?G;Y`f-=J$la8 zx`VbTE!{yjs^}*~#pyPP60%W6KSwGSTg6hcQAI!P405~N=9nb=goVn26HL0>gUW7` z>0j>~0qFwyB50^L!gYl57}M71<9%DaLt}ji8FboMfRS*}qt* zigB`7G2aui#Ee9L9{|@|Kov%Zov^Mj@_)7-EB8kFp-1md`akRO+K5N;z1Cxr?57r5 z${?oOzDSY{=_|+7T7C8i0sXPREN1&w0q*%Xseba+i9Un8owcgXq4&5 zS5B_&V<63F3w^a48 z^?ZoR3y0XEGqLb!mF>u{hutf(Y~3HCVwbH*r%McOr+;^WiS!4c@_fJNC!V0CdWb!T zV==!qq56M7M8fP|(!*A$=w0M8uM-h-+`}+k88LpppFvlN$>26nSe+Y?`Bj%9CyJ$R9Y zTEJes%tH5prTLh%<~L#c4qLw@*-h5nQs3QD-`!GrzSKsLBpXKH&3tC}HX=|HmV9v; zb4fCU9c;!)hOjb(+%bO&j3&eM$i8NwGFFiWrB2L+C5$QE-7s*UHIyV9madX<53@m5 zjsQ!y^2n?&d+2-DDyCd{C|JfKrv`=-*3(-6In1gNmbT8uiZE8PN81`#F;)g93qIL- zHvA-6h9^?zBhrye8GO|>V7G+OB#evYc6?MZHRdI@25|I)P--X4IWMZ!rL6N z5FAWHgK2hPeStcR3Nk}C4Bhd|FUKAd1hXc8k zMgGuEuTruc+dIlLKsF4Kr-K}{iyar?Am{HRt*;l5Ot?P$gA7hLY=wU>V*=c)y#C2p<=q>|y_5cCK5!!OY`8~q;z~<#$P5L6<j|RM$=4nTt`-g?(T7`Lx6FFw%l;O zfiSMLd3n|GMZD?^Li>;Tt@t9Im6?^M#tBf_+PmTUBA%5;q5Y<{Qp+CVB$RIPR}inK zXy_#vvSlYg4slRq6hkF|COQpt;-V9TTd! z>D&cx57}6~jC~O=`3%~_PdD|88E?LbXJt9GFSb@{IbB(=nCesOd}!I~ z6QH@s!b-Da-0~Bkzle@o|KG#kuyEydSDct=sr98BEdiQ~ES5C;y1T#<;0hPfaibkX zro*b)LltDtw9pc=C)60J_&ad4MQJ%rlZ`6+ci^b_0fLd6m1Lue{v9|fzGoFn$wn3Z zJ8)U#c9zXCN%mn2RXzfiwqkDOUk;IOtCb}CkcG;~{&iwSykNIZS#fkl|xDent?`}mBni){Jze@H73oRkLPwm!vm$oP^y-PN#==Uxa zTdl_uvQb69cd1xq6-&uR75(156bdhc%8l_GpEbGl5c{n)TCofArqQUlJ70RCcB@rS zlHD0*WR$oTV+PK{Fz`ZXi0n?*P#IZ<7PEl%pJFn58dUn2?0*A_pRT@Qd7Pr(p}t~C zoTA^MzG7*dqTitdNaV1unOr4DvZn(wIkMFq3X**&N6_t8dKhCB%gI()Xfav3QBKQy z*lMtX3ek`~$9EVP8|_Gu#>-1IM8}5Asbcndy^gu ztYRtIsG{GScR}G^tC%GF-FkL#)%9R$E9Sn%j5p>4=k|sE z{)-Nop9Z&8Q+ZDOu^lwx;l2aIy7UR_ON-&Os`yh{JNiZSaTtKMPjnk38c zwjSLP^(o*Lk%HBmIlpA z;to^aR$Nf7))2UvVBICj9%7*~vJ)+oBpZfa#?Y69Qe@K>DkIBmV&-}AX=WX-0F{wO zwlHZ9$zR65x7JODdI_snPWBB8rO3Vs$gKNp(Lv11&S}2N+A1OY9~LSj`)R~{Ne^4Y z5WmbXvh=9p@W-w1w3JR?vrdMnWLYUQ%-Om*6eP<^89}xl3I)kVqg&*S?CDULYZa4p+7d!!=|=BE*!V#x=Z?Sa zaOh+!@^!NGB4?DYb#{PU7YdT48zacp{h=V)Fi~aE4W%E~#hdN*aRu3PPBja=DrH3v zTUP>=GXU8GG1H7-J`bC$hjOxWt*y!hVAq5YJzi#^ao$lI zvSAQq3?gGamNAI+7Ahf2w|4+hJS$b4{Q)gvSAQa4B~9-v5KBP2_dq7wNR35 zSO)L1B7pR6q1IQxP7WbPP#!{z;N}o=`$g6v&@%m88Q$DttEEjfbuJj}I< z(fxs&706daHwi4`xA!KC2e;E{CODb`a zy%s*y>oD7c1H386aGrr&+}qS|#WBjnbZRx8BzqUAY{dH3^|1Ajea>t-S-xD-2)bz- zG)&NNbV6Mzj;k1RUx-@ghoP-s*TdH3Hna+|G%rDjpzFb)ZfM_z8Kx&C`Zb{Ut%u}D zJdQSe46b*hycN<}Q1v$n)0Z=ipYk!N=U=*_y-8tixr)VU#H- zhvZo>xqkN@dYAM!!f2>f>1%msI{G@mCg+{4d=bye>+t;nsLI0aN>?W4PKz(%d19Y& zV8jeeikypJWMuWO>tTzdQBEXeY0C(@anl?}wi&2w(T1#QWFzKeoV(@%M72L?Oac_y zE=-_%T@PD(Tg7s+v?Za5U_OsKhUO$LwrE2VAR93klfXilIUQ6k?bok!eR2>kw8P39 zuUFyFrC6mU_?Sz_7^yA(;|XJ=2DdF0Q+gVD7{Qs&X6p%?O$FIV^f9%fxm%&ARvq$Z z+Otz7SsII*J~zPx)s-o}{r7VlSF#jVms{)JQusWi=US0v)M5ZJcMLy-7T}b){n5F`^~}snT@^nJXh9#q_!>72}LGWj$jC21WRQcJZ}wT@PDN*bXQsOIt?J z4V~sVvP4RT4_mY$bCPVtT+BGT9#!IkZz{pf&P?oZ49b1a%Q+}po9%9BG1?al~ zA^U}eD#;GDwoB;ldm-ey`wg=DBdF|v$$nv>QnK6I`c{(N(L$vx%UBy!=^gNVmyMv3 z?0tYn2E#^QRqMv3+q=T{d{DJU90cQ&K;za8>K$ZbD6aIt)Gr&3?9I7ZJu-%xLZjk1I+Ly+Q(K;7I( zB8T!NLTmE#SF*QSU*%-)wonP#`z%!Mx{ayZ2u!VGK-Cy=SEIObL%n_NY%L>8Q<5a- zjcYM-$jyH%h7Ys8O2|&JP#M`77AkSw#yt0c!LERo%9U#%S0sgT3F2}bR}`yFILiQIHsv`TWg-Un=WjDuk?`c^2>+E@^g6v8Qm5^O)p$f9+Td3p;l!d3t75czia13@F7};=>t+CKjvfPE3dy{P47z&c* z1~mRACY|nV70bz{EL267Zj`O^9=5Iz1<6L8`ge5cl<7(7$R2KORg#?yXjpLOkRCSZ zTSZc0Bgux^WTTPzca2Yk0#D~LcRlxo2tA7kS$^9nmuQTq*+$@9>K5S8Y*4j=ljnUd z+0v4wMe#?Lxx}sglwsatiR_hdXljLqB~+x8JY&fo1JeuoIH-(Fvd;n<7Id!dVdGVR zX2`MieyC0M^Bh68h7B>WxWREtdcpOB%7%h0oevAL@sX7GFp}Se+GH7#)@FkNnc>b> z7#>Fr%mqO&xL;TYC1mN_bOKv{3Gy~cV>gqoQKmV$J^L{42 zllC`sHRuDN{h)sbb^T|c{|PANf1gKwb)oTd0cbDiZJ@6G!~`RMGH5&KDo|Jc??)K< z9f}Oy4fH@zSH69kkvj*pAM{C3S3a0&0^dV4JzIu$2d+h>4`}Q$({Afc1=X26f19XA@5VRlk z1<+SP9rfT3*zhN?_bb@ZNR)!E+1a$e3;Gb~&p};#V@4XJ2K0Y-GVT5I$WyK!^7PvW z|E~Qe$UOi`yL0l`=l*#V>``uc9(nrR4Egnl|4C4{4sLuufgbh01-)xPUHM-D7zF(T z+t?=j5%g2g0`%h}`TEn*-7ucnqH4NrIA$LFM1E5!9ygmSZ+Hv*ofZU-NFW-Ya^%&>TdEz}5dKu7fL!WkB zf8T)Ik1!5cH|n|a32dA%1-%mVcc6a;UA~*EY1)0j$M0_16F?6Iy?>m+p8|EQxO(%T zw+_^mAHIh{MuLt4ov^3DKi${RqxW+)O*;X(b3y+H^3-#+z6-eNaX*qL{?A}{!#>7O zA?zIs>c;a|$elRa9AUq|hPZZx9__gLwa}{vZ3LY>#ziX>2X*y-c7#Em1br6tSD?>>{tndDFE2JoCFly!t3X}(V46XOf*t~T z1n4Z#B&e%D`l|++0{T_ZuOID7n)X%48Twt&EuaO*8~hN^B2d@L&A@K~{VC{R9{CUE z8VetRZa>eocLa6qe+;?LKqo#M=w}NIEm&yie9&spcF=CnKG0u*8m;i(r(ypk&^JK80Ns|qF2`SJ*>JS8BjVp3 zbP6crrJZfXdoA>iop0=KD{nWRXQ00cbTjCXf6?9t&>QFU%h){iJ`8gI13D3MQ}W2) ziv<1?^nTFC-Nev70Q<@bphtpE0euGam!L0!z6$D^eH6b{`Z*|n@%J>^i-#MHYEW1I zcHnn{-V6F8(8oX@2YnXwMNrq?sO=20H|TiK381e0Y~cLK&dF#m$|HXn@NUozpf`f@ zm$CPv?fP4_y+O_a2j6zXiuTK>5>*wP^Dj zrK{0)^`8L#9O$n>`74(}w0{rk>i-S+uo33S4xl@NeiyVC)YbnL@K-?J1>KTI{_K&) z!dlStKraT}2+FUa_!Zrqz+L~9I~rs$=u*%$XclxO=-HrMpsu}HxV}h$o(ft9x(IYB zsH=Y)@Owa?0R08%E1;V}UH#o~9keItIM9PYj|80t>gtc)*&yRU$AcaMS`0cJ)YY#B zo(63KZ3E4Kt_F4W9|8UZ=w{Hj^T;2)i?MJbXbtFcP}hDr*1by5MW9RbtcM5VI{i4% zd7umPT)%GtJ{;@iD9{2>H=dsYe+-oC?o)Z>=U|gMy0>g|$eK2LPU_iD7eKnFqp z2lOq_cR<~ETzh9jZY}6PYwvB0+bI~2NzkQv#^<}h=ixkg5@;6mXpF}sD9>MSqy0YU zXP}>h4##-i9<%_I>-^j3-xcU5_AA%xNAmRFLx^iP_&FAG`Rus$F3J(EbUi8y|lq`Vx-6 z2FiViE6*Q?4#T=I5|rzXE6<-e)j-azzbn51a^DB#xMTmg^3Ou zLAS$r*b~&1F9bdVbX()?kbhBr(m!bbJ*;y>upg+#dA>2v`F>-C`TmG{mU%qYS3?kUIohgn+xD)Q67J;{kFL4+nMS?*#rl=!>8) z=aKIoGh3VZ4(JV_g<}nVFzBJ63D9|m=6`J_h zfnET*0o1im`Eneu1YMLzKA&7RkNmO&OgwuYXy|Cr{Xh=^odmiF^de9<-u19|3uyZ` zIZgf@8#sB6Cs*IPG%7UQ~UF6gD8{Dapu*l#`p`fJeNg1Yvp|0mel@K5Ro zklzDzZ%{X$OMqVrNl zdYeJ{Ql0JbW*Jw0KJZgP`C^6yK zS!la&oS|R7#Kg6C0rV~c<%?mykG3oS3h>uJ`3jgJc%h0bKNPCQ6BmGfIkSz z7q&c(w)>tI=EZ(?{g+_ee;t&sNvT8IeLD)r$&#h<;i%lLwLHQby!_ao+tAN*n^3@-$XuEIxaP@D4+#R5NL&tMyyYhQ1 zG4YK7<%>5CM%#VghO55}a@C-GKgN2rUHRLAe;<@@!gxN9{GWh-49a(2?2DH@xb~L; zuLtF;EZWg_-(cbDzY4j{pnSQ+`)IrGlyLRk$6@!@oBHxe)O>pM_IQw~tM5LPG=b-U zo(}5DyHEH{;0d*Scx^A*kAMzs~ z?T>k19s4alJ7pI3MW5k*+8(%{=9+Q!3!ulRcDVAipN2p8!5XeSpE$7(UcR`Qx8`0*&4f@b_9}wW$qn(Q&&+kF`v;bG0aeW8(S@{RyZrx|1 z{`|g?_sd;-{G)H`^L|@C`DfsF0F?40^4!mI{kiR7!H{6q(1Z(1Hx3QTV{!Q-i&%Vk zurU_jF4z={Zy#(NnF!p^uwaMa<56+=h+zFrarnsKsaSl+VA0NT@}q)9d&J>81?{o; z&H=Bng2-oBuuHIK#y=+y3w8|(WATFE#W^QLEEslJuv@TYVI01D@bO5m!B%1-|{BYz$64&cE72ERxJD4#cFt&fZI0y(Da@VEAi^D5xoV-msz zGE&Xw8X-!)*THWF-Uob7$lnKi061>B20sP91vr1BqkaRf?DvgL2p0r{`rjZ>=ei+* z+$ilfz#{l0~hNi*?fX@K_72pN?8hPUH$#Es01b!Ig{|3AZcoO*b zQdcD(?3d8U-%;nih>th;ZNSxUiZANGWad9ufD5L_7iIiehBO=!aQw1$KVg3&R1g`_FZ6be8m`iCiaE|qk{y_JM2d_ zFBRSeyf`qQ?IbSM@2k=8FdvN3_~@V?@{17XucSY<{cqH20}{6Ws28FsywJhbck2od z9Q;7oA6%bnr-*(X{21W94z7MPqw{j`MZl{aya9N^!Lz^%9sGRYfrDQTeDIRmoI2b9 zyx+m^0p9E2j{)y;@aKS6JNRbc2?u`V-sRvkfLA;CRNx5*KM{DL zgD(+0ZokwhxLU9HUBK5RZuMCWeDJW@y8U>v^fEKi5O9dxOBa zesX>5|7LD~y&!(I9S7e6yvxCdVLhyN@UdK19lRKLp@Yv8Jg#3#1Xua;JC`QZxf*z4 zhN)*8>f8prZ>GVUfS(7v@F;_y0XtU!?>^e#AED0I5kJP@3t{J0;Dg5+d>Z8YX#coe z{9)kLz}3E4eb|ru?#S)OLDa|X$HH%!{z@7%!P8=2^;i34x&62axICI$OY*$-7Vu&R z{|oQ}2OlQa7s~z?_@$kFfDbtM;lTSGd^YfI2QLTS?%<7r$BhT|TXH@A@g3AS8JFsF zIq<|BQ~#ZTbKWISGWdDGS$}?a<<`F!b#UuH2)s~x4Fb-W#O1kl{tx6;=-~ap0|$Rq z@VI>6LSDS5$a{jH0Ova}xo!-Vdro@3;H?^eM4alkbqeQOC2EJ50|x`=J9f4}ell>r zB4GgdJm7roz_)-`0`J0e{FmXkK+A#i)w=Y1mf(7Se!>ab!bI3n&(BtI@@1`00>2zM zpQZmY@VkNY?UCCLH3uFA&Np_Qi+t5Xpp<>S%C8IfCdw~2`kIruKve^xvA!N3y^uAb1R>=Ziq9N>Y2F9ts7jKem; zzrS>e;JThTA0ge~8^8w~{CeO8xIaMo`?UQr!P|%v-4Z;easPhT+ptsY z*!ft?`}fV%Z>r<+8ZWqtfA9j+Q`f-pT)|a6tFg})v-(p3`TmQI{ELuRzg<-F?T{~k ze2d1%1iiSw(F=UF;BoPs2RnnX(+~N}fOi3}27W^xJGTn1^6I}jp(SsF{D0<=?}z;0 zca8jYkpB(vu4@gx82EdFtNS*IE6lnlP5t?c#&->>Kb@`Hqp{uwGI8{L2VQ8z1NF=T zg%|t{^1$~7-v7D5=L0_gco*(3LEA7biO4Lh#@PYyNsX~5qC-V6Kzte=6LP*nf+qCSftKU{EC&+6@rol$ZgQlA1X zziW^fW#Zv)$43JXfKN2yK_T#g9gRHKL-pHPl~`zRCV z0P;Eo@=3@SAfBY)apPxk9=s9u2XMaVft^m^?M=pS9q{#nt9tftsMW}+z%K({?ci4e z4;=hEz>z98}N#iOcI*$oKup$e#;CuhPy2gLeYoBsX&7?0f+E0n}5P`ZHYi z%X<72nswt{;CpKvjR-jm@=5%5_x>T~;H&7bXCX!8zV; zm-`7So`U`G@HL%nEnDP4s4y*@W{fWV! z1%92z(TI?H1XttXDcI+BP)BVVoYor5iZF!3}Zo)+M}tp?8kzc7!TYaw6k zjQ`t#_ak4fZ$Hjs=jA;3JFru|$;2}rb^e4n?57ata5-_u)nT;8<$DdRtLi?W`V;}L zemkMt_v?Ry;CRZ9GvoO{;3awN*XP04(EbO;{+_UNeV%c35#)Q<8~IV#KwnM#J%cmO zJBWX1@DA9&A9$D3zx}`qzcBI_pq|eIAAHu}>iSuI)U%k>eD8lFq1zwI{UG)E4EPqT zlgAo37%Ar;C7(n*2LT_eaWo?2h&=cl;Dvi7BGN&yB#(TX#$`YMsgeH+v@Qg`Wo&Lg zekYHeJM!R9<-uRegMXL@-&xO7`92-jQ@lu&IplrD3%=XXU4x0(cTr$c9{J-nF6-gv2`#F=w^N@I;7P0lO$H8Xm3_G$ z;qQ5PemOIb{fl8|5bHo1cCG?md|pB$tKjzr;MMOMyc6<$z&Av96}MYAP>HyoM#JUoQ%G@HX zJnTNq92g}R4l4d`?8l};eiG!n|6=U?9QaYhFEaSyL(G9wfcL#`a4C!aq=5H+WblQ+ z+kqEuG59xtuhTdh5ppH%e`e$ph`$$j!5<9X2%Ya!9`?CzJOsQ8=N;L0>d(`_6TeUB z_I?Hq27$N#%-}1K?}xw#G0u;Ge2K0n8WEzNm8a_5g}QOP?S}dnK4k1444v`7yHGdT z2I$W;-~rZ$YT&bhcmFz}k;RBJsc{HJNFC(+KQ{8u;Mi*5U9itJ^O8JvuFHepBY0uN zAK9P7eiHe93;p;!@M?@7&bvY2ThNb}!_c2KPOBjuAswpg{F{UZ_rrp_5AZ^#efxA{Heh^fuBnJX@lR5yp{p)zrf)8LjFwP-5U+Q1Mstf558mYEbz-T zjz)yslm~x+c7AT`tjG8nAby3xAAl|Od#>H(W~cjm;4OLV4@W=tBmOI4XAj^5dzt>- zh&t@AaR^1ov3c-H!PR+f(Ai&|0sFnqyxw7y>EFaI#;^K)gZiw2e8Gl6&ahwX&wUGo8w0JDOS>&4HSZj+!;8=Jd*R zb5T>Kqo!zz!P{!jNY`bf2d0_>4IOFNG3|D-l{JQg#&m0Hd0QsidS+{?uBASxZ_3oQ zwYDlls!6`4xj8(%GTosYnYxS=9_$SGK5#YqCLIbGoJ@RnyU! z(Fa>IP4z|XH67Wasc5H~>VwSkwpFQ)bYoLSjAVjU9ZiyUXKP(s2l%tn9c}4Mkm;;# zY09RW+5oHgq(=2RmiC%VCcC_&(^O=7(A1V96x7tWG_{7!Ib~ljpEJK`@{}1tv-nKa zWjmTp%r)6;P2KWTYsOfa5!9yv1on_%&1ng+H4~tRgwu9}stTk#I@&r?&25dkm1&W5 zZL49GW>tZL+D@rjQ>*bTCCxOowX&b<+FDv(%Qmf4V_Nl` zwCmeewKlh*19Lk`i$wYm*6UK4v`iDFpGnurps8D_8y)G)N-=+CXA=U^0LN4)(ji5w z$(R5j(%vThqYTz(S~P8F?#wLLob-YWR!W;V^#LCpDC2U4>3n^> zS-MG0*^CvCc-tMQroO%@E5lUG*pU%vS9(0Dd8B;Bi6PQ#D)eiiTu&Cx3CW_-L^Rke zSu#__%Mi(?YHPE#&4F&Jh$77f8HH^fYos7eStEdHoNYuqJR*}sO>SkhskNcaaB4ak zt|Q&jwlbZvie{q8P_h~}Kvf@1TpW~@OpOEG3L^-y(0GVNV-HcAUD;%2db@>A2nR`v9_EhilJ5| zIj^KCqAUb;HO+OY_H;*Gx;1M~B*pr8-STwZ3U%&jsxu09c&bFTNPA~TV>;E+CfzP4 z7Mug79u*$boT_Ce-O(f?ytPJ6p0?IZw!NdRy=a;~UfX@=rmkUvx1xi_K7RlAJFv?}yCK)w;l&hT7tV~V`G+Nh@&15?p8e~aGr54U9 zO`Wo!tUQ&HGn!o~v$6&@x3$XIHYLk*s^){rD<6sDv_3+g*l?KSCE=FG&M?)mX~vPhpgJNj<&U{ zWlHUZ*!?x_?dp`!nW>TPl|yDbA#$=#1@lgwo0>cC#Mu?6ln2Yx&F!fMS(VjJqM@N_ zwRp%hiBZK%!nIAUHL@<)w)WW}LUIOEn}W`kTG`{MCG`lsfs!L;Bh{WswYRO3J(1eM z$(~5YtU2#RM$cr~sbq_$&5%6@w;wZRS$1ZzWhYMw+36uW(>QKwtIIZvV--b8P8G6Q zOw}znQR%h1XvWN=rkcZQH7}Ymt9XV{ZEk8@o)taO)@x3il+AEz%r(_ZPc>zwt7>XH zn(8tlrFVC7-b!g_*y71-G80#IM7C{3TGmIbRBAq_YS&0#$sCVhdZSaHGCd-O?Tnfl z)HO5)GRk=33$h*AHSN+BHT4}0H7$C_XMk)+`pk@!+qBMXHt1SUldYP{L~jyxCV~V_83|l1MzVjFvyt>|(9n{dtp1sz{+X)&nWp}kF8f#6Rw{9D zEwWuTtBeN0%6PA7Cay$`nt@ZP6H8}*ZC*+Z#T4cpd3C0-qrW~#&0T!z?5{1DBT|tg z(vKZkflfNLA~kP5tj(WW8l+A-<+KxKpOQN5#1qTrm8Z&QpK!`N<)OK$R+gqrr=Eux zy)tejMBS4a*#pV$KHG+gL^Rtei<#_!I%--Q(_%(%%e4j?%tA?EnVgYJuWha(vDWx{kt!=X2*43!_oO@Iz zduv_$ni#O9Jr_(ZDF2$A9k|Mse{GIhvAP^ z39yR~q-IT$d^#oFEuty2MhBTzUHpa^O?8Q(t~X4mxcsycOMKa;mULS~eT_2)8^nAj z*Piab$km_T9;nOVKsINxjmniaLrK=}PPO>t%u~8om%-X7`b>`vx$2ekL#{2gjMq0g z<)@cDrdp(h^)W^bpYJ22MZB{m2C&3M}U#ZaP&7 zoz9dMDce!s>5P(^=Jw?^8E@rK6ExHAj7ELllVKj+M&}d}6HuKma*K#XRWHSI&S-KB zOCQ#`YfgiV4`&cWMs%vJwb>apW+s^&1GC{#8w!1%mQ97Mfw?g`{g%5slJ#4>$@#CT zC09$fb+Q1cy@H%nRF&Mg1} zfU+4kfyjx`xOGM9Gi|BmQUzJ3RgI&I{p4wO_(`U?!ZXuM-R?qHs&zqDc)9)4nMunT zHnm!9i*ntV$zbkchy(|&hI8&C$U%E<)fb5^G2Ifi7MZ+mZ|OTcvbwb6{I8ZdGY#NU z->5K%S>4qQ2DL43h)E%%X1TM3Nk!XhJ67c8staV!Hu`E+Zneq2$?RiPA4T@uoUZ!B zp*PO9;5vDkCH|l^yXTbbtEE#U*jm{>nXy)ri5n@ha;TGgvoko<6bnqpr_81<;#)4n zO$MvlI_guaI@A>a)@ZYhRhwdUacR0Dyw79+bs4Vjqy-I`HLcF1;u0Z)fO{0R8dyzp z^UpNZu;Y5g!6K0CO0yj@gXCgCuYJw6HP};`c+~BsNSUM8FX~>(v{`D@gu_9?#mzml z_0UF?YjqK-yE8nGH>kxTx5Jr`?rqc0Sbsw`xuBL?mbrR*K01RZwQyys6!&T8sGYI8 zDXZ>d*-K4R81{m#nn|EV_IhTXcRI_9PQx+c+%!{nC)(u_FVl3EGgfp#=u&sQ*;u7l zH#rl%K~JRIJX0yz4PtYy!@ynixLuaq2dM9qt+Spe+AXhKU!8L z%reSM*Jy*dZ5pIkr|X)Xv#X4Pn6aUQ!N@n42@Or@X1QCvjYUp%zWkTl0VbqXP0jUn zH679KA7u5YQ#)Ll4$b=VI_C^H)gG>u+DB&bRPiEPeaDLqIUHeFrXrj3peVDZMK;bt z$`z@W>_(OcMfGc1#h#&Z zPeLETJ^q|VN{-1*=^CW~uDv-M6zLVVC@Vb|6sg-Oa;#17+>6r7aRX&}z38%KG|aig zXpldnPQ=7|O-oaqxNZ}J@=uZWVl2uU9mr*Qi=LlF_37HqMp0H*fr6W+zWd2TwY44c zB@bH7O|5D2QZKU7C1hcVUwQq1=r~axBLCy(I`%n9vjFgWP5Mx>(a%BBP~UMb@k`Ukx#z-vW@;X4ozs;jR20( ztss!ELG=e;Kcf`{rwS)uG1~Yy4NXWZkmosR5~#mtR3AlD?$npBPxYr#{#9RvTK^*x z8s9illi+k7FimX(tR~Ck-!CKa^SMwTtDxl5ZHSGZ=15n_@h>9!e0~()d76N}8$aOS zEMZhlX^+pDdTJ*l;re&;zYzK-7;*bNszo~kK>bwx)ee0=`;9gVz>scm^!XgDE;znYJ;){Up&p@Yg^Bv-^Ro8L7(EOF zitAe2hA_SIzmjDA`8&Kq=-)RW2P2=t2(Q@N<^QNYpTG6u9Aj}`{r~}bZvB4b=<_*U zTNWDqX-7g4g#AynUl{e7UOB8~qRJzb?9J>`|Z35i5lLfayj%KIxz1;4Q~LpEtH;or#}vBBnpoCw*7YX#Do? zZn}&<|IP#IcK%TRV@IFAi!D?SLXnU9yOHRpFxn9QukydL#r*kqCl7wx=<`{DR4XI{ z`lV16f3bsGeFsN5wT?P8LI7e>(SmN{pU?8= 20 + - not containerized_node diff --git a/roles/common/tasks/disk_monitoring.yml b/roles/common/tasks/disk_monitoring.yml new file mode 100644 index 00000000..9e6b430d --- /dev/null +++ b/roles/common/tasks/disk_monitoring.yml @@ -0,0 +1,41 @@ +--- +# We use these scripts to check to see if any of our test nodes have bad disks + +# Ignore errors in case there are no repos enabled and package install fails +- name: Make sure smartmontools is installed + package: + name: smartmontools + state: latest + ignore_errors: true + +- name: Upload megacli and cli64 for raid monitoring and smart.pl to /usr/sbin/. + copy: + src: "../files/sbin/{{ item }}" + dest: "/usr/sbin/{{ item }}" + owner: root + group: root + mode: 0755 + with_items: + - megacli + - cli64 + - nvme + +- name: Create /usr/libexec. + file: + path: /usr/libexec + owner: root + group: root + mode: 0755 + state: directory + +- name: Upload custom netsaint scripts for raid/disk/smart/monitoring to /usr/libexec/. + copy: + src: "../files/libexec/{{ item }}" + dest: "/usr/libexec/{{ item }}" + owner: root + group: root + mode: 0755 + with_items: + - smart.sh + - raid.pl + - diskusage.pl diff --git a/roles/common/tasks/epel.yml b/roles/common/tasks/epel.yml new file mode 100644 index 00000000..9b5f5dd9 --- /dev/null +++ b/roles/common/tasks/epel.yml @@ -0,0 +1,21 @@ +--- +- name: Increase the yum timeout. + lineinfile: + dest: /etc/yum.conf + line: "timeout={{ yum_timeout }}" + regexp: "^timeout=" + state: present + +- name: Configure epel repos in /etc/yum.repos.d/ + template: + src: yum_repo.j2 + dest: /etc/yum.repos.d/{{ item.key }}.repo + owner: root + group: root + mode: 0644 + register: epel_repo + with_dict: "{{ epel_repos }}" + +- name: Clean yum cache + shell: yum clean all + when: epel_repo is defined and epel_repo is changed diff --git a/roles/common/tasks/kerberos.yml b/roles/common/tasks/kerberos.yml new file mode 100644 index 00000000..d50fa632 --- /dev/null +++ b/roles/common/tasks/kerberos.yml @@ -0,0 +1,44 @@ +--- +# Install and Configure a Kerberos client + +- name: Install Kerberos Packages (RedHat) + package: + name: krb5-workstation + state: present + when: ansible_os_family == 'RedHat' + +# See http://tracker.ceph.com/issues/15439 +- name: Clean apt cache + command: apt-get clean + when: ansible_os_family == 'Debian' + +- name: Update apt cache + apt: + update_cache: yes + # Register and retry to work around transient http issues + register: apt_cache_update + until: apt_cache_update is success + # try for 2 minutes before failing + retries: 24 + delay: 5 + when: ansible_os_family == 'Debian' + +- name: Install Kerberos Packages (Debian) + apt: + name: krb5-user + state: present + when: ansible_os_family == 'Debian' + +- name: Install Kerberos Packages (OpenSUSE Leap) + zypper: + name: krb5-client + state: present + when: ansible_os_family == 'Suse' + +- name: Add krb5 config file + template: + src: 'krb5.conf' + dest: '/etc/krb5.conf' + owner: root + group: root + mode: 0644 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 00000000..c9435a1e --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,67 @@ +--- + +- name: Log the OS name, version and release + debug: msg="Host {{ inventory_hostname }} is running {{ ansible_distribution }} {{ ansible_distribution_version }} ({{ ansible_distribution_release }})" + +# loading major version specific vars +- name: Including major version specific variables. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - empty.yml + tags: + - vars + # We need these vars for the entitlements tag to work + - entitlements + +# configure things specific to yum systems +- import_tasks: yum_systems.yml + when: ansible_os_family == "RedHat" + +# configure things specific to apt systems +- import_tasks: apt_systems.yml + when: ansible_pkg_mgr == "apt" + +- import_tasks: zypper_systems.yml + when: ansible_pkg_mgr == "zypper" + +- name: Set the hardware clock + command: hwclock --systohc + tags: + - timezone + +# configure Kerberos +- import_tasks: kerberos.yml + tags: + - kerberos + +# upload custom disk monitoring scripts +- import_tasks: disk_monitoring.yml + tags: + - monitoring-scripts + - nagios + +# configure nagios (Except CentOS 9 Stream) +- import_tasks: nagios.yml + tags: + - nagios + +- name: Get SELinux status + command: getenforce + register: selinux_status + when: ansible_os_family == "RedHat" + tags: + - nagios + +# configure selinux for nagios +- import_tasks: nrpe-selinux.yml + when: ansible_os_family == "RedHat" and + (selinux_status is defined and selinux_status.stdout != "Disabled") + tags: + - nagios + +- name: include secondary NIC config tasks + import_tasks: secondary_nic.yml + when: secondary_nic_mac is defined + tags: + - secondary-nic diff --git a/roles/common/tasks/nagios.yml b/roles/common/tasks/nagios.yml new file mode 100644 index 00000000..e162e9ac --- /dev/null +++ b/roles/common/tasks/nagios.yml @@ -0,0 +1,111 @@ +--- +- name: "Include {{ ansible_pkg_mgr }}_system vars" + include_vars: "{{ ansible_pkg_mgr }}_systems.yml" + +# Returns 0 if found and 1 if not found +# Task fails if not found. Hence ignore_errors: true +- name: Check for epel + shell: "grep -q 'epel' /etc/yum.repos.d/*" + register: have_epel + no_log: true + ignore_errors: true + when: ansible_os_family == "RedHat" + +# This task is only run when epel isn't present +- name: Install nrpe without epel + package: + name: "{{ item }}" + state: present + with_items: + - http://{{ mirror_host }}/lab-extras/rhel7/x86_64/nagios-common-4.0.8-2.el7.x86_64.rpm + - http://{{ mirror_host }}/lab-extras/rhel7/x86_64/nrpe-2.15-7.el7.x86_64.rpm + - http://{{ mirror_host }}/lab-extras/rhel7/x86_64/nagios-plugins-2.0.3-3.el7.x86_64.rpm + - http://{{ mirror_host }}/lab-extras/rhel7/x86_64/nagios-plugins-load-2.0.3-3.el7.x86_64.rpm + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version|int <= 7 + - have_epel.rc == 1 + +- name: Install nrpe package and dependencies (RHEL/CentOS) + package: + name: "{{ nrpe_packages|list }}" + state: latest + enablerepo: epel + when: + - ansible_os_family == "RedHat" + - have_epel.rc == 0 + +- name: Install nrpe package and dependencies (non-RHEL/CentOS) + package: + name: "{{ nrpe_packages|list }}" + state: latest + when: ansible_os_family != "RedHat" + +- name: Upload nagios sudoers.d for raid utilities. + template: + src: nagios/90-nagios + dest: /etc/sudoers.d/90-nagios + owner: root + group: root + mode: 0440 + validate: visudo -cf %s + +- name: Upload nagios check_mem script + copy: + src: nagios/check_mem.sh + dest: "{{ nagios_plugins_directory }}/check_mem.sh" + owner: root + group: root + mode: 0755 + +- name: Configure nagios nrpe settings (Ubuntu) + lineinfile: + dest: /etc/default/{{ nrpe_service_name }} + regexp: "^{{ item }}" + line: "{{ item }}=\"--no-ssl\"" + when: ansible_pkg_mgr == "apt" + with_items: + - DAEMON_OPTS + - NRPE_OPTS + notify: + - restart nagios-nrpe-server + +- name: Configure nagios nrpe settings (RHEL/CentOS) + lineinfile: + dest: /etc/sysconfig/{{ nrpe_service_name }} + regexp: "^NRPE_SSL_OPT" + line: "NRPE_SSL_OPT=\"-n\"" + when: ansible_os_family == "RedHat" + +- name: Check firewalld status + command: systemctl status firewalld + register: firewalld + ignore_errors: true + no_log: true + when: ansible_os_family == "RedHat" + +- name: Open nrpe port if firewalld enabled + firewalld: + port: 5666/tcp + state: enabled + permanent: yes + immediate: yes + when: ansible_os_family == "RedHat" and (firewalld is defined and firewalld.stdout.find('running') != -1) + +- name: Upload nagios nrpe config. + template: + src: nagios/nrpe.cfg + dest: /etc/nagios/nrpe.cfg + owner: root + group: root + mode: 0644 + notify: + - restart nagios-nrpe-server + +- name: Make sure nagios nrpe service is running. + service: + name: "{{ nrpe_service_name }}" + enabled: yes + state: started + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" diff --git a/roles/common/tasks/nrpe-selinux.yml b/roles/common/tasks/nrpe-selinux.yml new file mode 100644 index 00000000..5550a72d --- /dev/null +++ b/roles/common/tasks/nrpe-selinux.yml @@ -0,0 +1,41 @@ +--- +- name: nrpe - Install SELinux dependencies + package: + name: "{{ nrpe_selinux_packages|list }}" + state: installed + +# ignore_errors in case we don't have any repos +- name: nrpe - Ensure SELinux policy is up to date + package: + name: selinux-policy-targeted + state: latest + ignore_errors: true + +- name: nrpe - Set SELinux boolean nagios_run_sudo true + seboolean: + name: nagios_run_sudo + state: yes + persistent: yes + +- name: nrpe - Remove SELinux policy package + command: semodule -r nrpe + failed_when: false + +- name: nrpe - Copy SELinux type enforcement file + copy: + src: nagios/nrpe.te + dest: /tmp/nrpe.te + +- name: nrpe - Compile SELinux module file + command: checkmodule -M -m -o /tmp/nrpe.mod /tmp/nrpe.te + +- name: nrpe - Build SELinux policy package + command: semodule_package -o /tmp/nrpe.pp -m /tmp/nrpe.mod + +- name: nrpe - Load SELinux policy package + command: semodule -i /tmp/nrpe.pp + +- name: nrpe - Remove temporary files + file: + path: /tmp/nrpe.* + state: absent diff --git a/roles/common/tasks/rhel-entitlements.yml b/roles/common/tasks/rhel-entitlements.yml new file mode 100644 index 00000000..f1d155b9 --- /dev/null +++ b/roles/common/tasks/rhel-entitlements.yml @@ -0,0 +1,200 @@ +--- +# Register a RHEL-based system with subscription-manager. + +- name: Set entitlements_path + set_fact: + entitlements_path: "{{ secrets_path }}/entitlements.yml" + +- name: Include Red Hat encrypted variables. + include_vars: "{{ item }}" + with_first_found: + - "{{ entitlements_path }}" + - empty.yml + no_log: true + tags: + - vars + +- name: Set have_entitlements + set_fact: + have_entitlements: "{{ subscription_manager_org != '' and subscription_manager_activationkey != ''}}" + +- name: Find existing CA Cert RPMs + command: rpm -qa katello-ca-consumer* + register: existing_satellite_cert + when: use_satellite == true + +- name: Uninstall previous CA Certs from Satellite Servers + command: rpm -e "{{ existing_satellite_cert.stdout }}" + when: + - use_satellite == true + - existing_satellite_cert.stdout|length>0 + +- name: Subscription-manager clean + command: subscription-manager clean + when: use_satellite == true + +- name: remove host UUID files + file: + state: absent + path: "{{ item }}" + with_items: + - /var/lib/dbus/machine-id + - /etc/machine-id + - /etc/rhsm/facts/dmi_system_uuid.facts + - /etc/rhsm/facts/katello.facts + - /etc/insights-client/machine-id + when: use_satellite == true + +- name: Generate new UUID + shell: uuidgen + register: new_uuid + when: use_satellite == true + +- name: Run dbus-uuidgen to create /var/lib/dbus/machine-id + shell: dbus-uuidgen --ensure + +- name: Run systemd-machine-id-setup to set /etc/machine-id + shell: systemd-machine-id-setup + +- name: Add new UUID to dmi_system_uuid.facts + ansible.builtin.lineinfile: + path: /etc/rhsm/facts/dmi_system_uuid.facts + create: yes + line: | + WA{"dmi.system.uuid": "{{ new_uuid.stdout }}"}WA + when: use_satellite == true + +- name: remove 'WA' PREFIX from dmi_system_uuid.facts + replace: dest="/etc/rhsm/facts/dmi_system_uuid.facts" regexp="WA" replace="" + when: use_satellite == true + +- name: Add fqdn to katello.facts + ansible.builtin.lineinfile: + path: /etc/rhsm/facts/katello.facts + create: yes + line: | + WA{"network.hostname-override": "{{ ansible_fqdn }}"}WA + when: use_satellite == true + +- name: remove 'WA' PREFIX from katello.facts + replace: dest="/etc/rhsm/facts/katello.facts" regexp="WA" replace="" + when: use_satellite == true + +- name: Install CA Cert from Satellite Server + yum: + name: "{{ satellite_cert_rpm }}" + state: present + validate_certs: no + disable_gpg_check: yes + when: use_satellite == true + +# set the releasever cause without it rhel-7-server-rpms repo fails on rhel7.9 machines +# https://tracker.ceph.com/issues/49771 +# We have to do this here (instead of in testnodes role) because some package transactions fail during the common role. +# However, we do not want to lock the release ver on all our systems; just testnodes. +- name: Set the releasever + copy: + content: "{{ ansible_distribution_version }}" + dest: /etc/yum/vars/releasever + when: inventory_hostname in groups['testnodes'] and ansible_distribution_version.startswith("7") + +- name: Determine if node is registered with subscription-manager. + command: subscription-manager identity + register: subscription + ignore_errors: true + changed_when: false + no_log: true + +- name: Set rhsm_registered if we're already registered + set_fact: + rhsm_registered: "{{ subscription.rc == 0 }}" + +# A `dnf group upgrade base` which happens later in the testnodes role will +# update a 8.X system to 8.Y. We don't want that to happen because we +# expect to test on a specific version. set_rhsm_release=true locks a 8.X install to 8.X packages. +- name: Register with subscription-manager. + command: subscription-manager register + --activationkey={{ subscription_manager_activationkey }} + --org={{ subscription_manager_org }} + --name={{ ansible_fqdn }} + {% if set_rhsm_release|default(false)|bool == true %}--release={{ ansible_distribution_version }}{% endif %} + --force + when: rhsm_registered == false and have_entitlements == true + register: entitled + until: entitled is success + retries: 12 + delay: 10 + failed_when: + - entitled.rc != 0 + +- name: Set rhsm_registered if we just registered + set_fact: + rhsm_registered: true + when: entitled is success + +# Output of this command is, for example: +# 7.1 +# 7.2 +# 7Server +- name: List CDN releases available to system + shell: "subscription-manager release --list | grep -E '[0-9]'" + register: rhsm_release_list + changed_when: false + failed_when: + - rhsm_release_list.rc != 0 + +- name: Get list of enabled RHSM repos + shell: subscription-manager repos --list | grep -B4 'Enabled:.*1' | grep 'Repo ID:' | sed -e 's/Repo ID:\s*\(.*\)/\1/' | sort + register: repo_list_cmd + when: rhsm_registered == true + changed_when: false + +- name: Store list of enabled repos + set_fact: + repo_list: "{{ repo_list_cmd.stdout.split('\n') }}" + when: repo_list_cmd is defined and repo_list_cmd is not skipped + +- name: Set replace_repos false if entitlements are missing + set_fact: + replace_repos: false + when: have_entitlements == false + +- name: Set replace_repos true if rhsm_repos differs from repo_list + set_fact: + replace_repos: "{{ repo_list|sort != rhsm_repos|sort }}" + when: repo_list is defined + +- name: Set replace_repos true if newly-subscribed + set_fact: + replace_repos: true + when: rhsm_registered == true and + (entitled is changed and entitled.rc == 0) + +- name: Disable all rhsm repos + command: subscription-manager repos --disable '*' + when: rhsm_registered == true and + replace_repos|bool == true + # This produces an absurd amount of useless output + no_log: true + +- name: Enable necessary rhsm repos + command: subscription-manager repos {% for repo in rhsm_repos|list %}--enable={{ repo }} {% endfor %} + when: rhsm_registered == true and + replace_repos|bool == true + retries: 5 + delay: 10 + +# recreate the removed machine-id files to avoid breaking +# other parts of the system, /bin/install-kernel for instance + +- name: Run dbus-uuidgen to create /var/lib/dbus/machine-id + shell: dbus-uuidgen --ensure + +- name: Run systemd-machine-id-setup to set /etc/machine-id + shell: systemd-machine-id-setup + +- name: Remove old apt-mirror repository definition. + file: + path: /etc/yum.repos.d/cd.repo + state: absent + when: entitled is success diff --git a/roles/common/tasks/secondary_nic.yml b/roles/common/tasks/secondary_nic.yml new file mode 100644 index 00000000..afd1cbb0 --- /dev/null +++ b/roles/common/tasks/secondary_nic.yml @@ -0,0 +1,88 @@ +--- +- name: Make sure ethtool is installed (Ubuntu) + apt: + name: ethtool + state: present + when: ansible_os_family == 'Debian' + +- name: Make sure ethtool is installed (CentOS/RHEL) + yum: + name: ethtool + state: present + enablerepo: epel + when: + - ansible_os_family == 'RedHat' + - enable_epel|bool == true + +- name: grep ethtool for secondary NIC MAC address + shell: "ethtool -P {{ item }} | awk '{ print $3 }' | grep -q -i '{{ secondary_nic_mac }}'" + register: ethtool_grep_output + with_items: "{{ ansible_interfaces }}" + failed_when: false + changed_when: false + +- name: Define net_to_configure var + set_fact: + nic_to_configure: "{{ item.item }}" + with_items: "{{ ethtool_grep_output.results }}" + when: item.rc == 0 + +- name: "Check if {{ nic_to_configure }} is 10Gb" + shell: "ethtool {{ nic_to_configure }} | grep Speed | awk '{ print $2 }'" + register: nic_to_configure_speed + changed_when: false + +# Assume jumbo frames if 10Gb +- name: Set MTU to 9000 if 10Gb + set_fact: mtu=9000 + when: + - mtu is not defined + - nic_to_configure_speed is defined + - (nic_to_configure_speed.stdout == '10000Mb/s' or nic_to_configure_speed.stdout == '25000Mb/s') + +- name: "Write Ubuntu network config for {{ nic_to_configure }}" + blockinfile: + path: /etc/network/interfaces + block: | + auto {{ nic_to_configure }} + iface {{ nic_to_configure }} inet dhcp + register: wrote_network_config + when: + - nic_to_configure is defined + - ansible_os_family == 'Debian' + +# Can't set MTU for DHCP interfaces on Ubuntu in /etc/network/interfaces +- name: Set MTU on Ubuntu + shell: "ifconfig {{ nic_to_configure }} mtu {{ mtu|default('1500') }}" + when: ansible_os_family == 'Debian' + +- name: "Bounce {{ nic_to_configure }}" + shell: "ifdown {{ nic_to_configure }} && ifup {{ nic_to_configure }}" + when: + - wrote_network_config is changed + - ansible_os_family == 'Debian' + +- name: "Write RHEL/CentOS network config for {{ nic_to_configure }}" + lineinfile: + path: "/etc/sysconfig/network-scripts/ifcfg-{{ nic_to_configure }}" + create: yes + owner: root + group: root + mode: 0644 + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + register: wrote_network_config + with_items: + - { regexp: '^DEVICE=', line: 'DEVICE={{ nic_to_configure }}' } + - { regexp: '^BOOTPROTO=', line: 'BOOTPROTO=dhcp' } + - { regexp: '^ONBOOT=', line: 'ONBOOT=yes' } + - { regexp: '^MTU=', line: 'MTU={{ mtu|default("1500") }}' } + when: + - nic_to_configure is defined + - ansible_os_family == 'RedHat' + +- name: "Bounce {{ nic_to_configure }}" + shell: "ifdown {{ nic_to_configure }}; ifup {{ nic_to_configure }}" + when: + - wrote_network_config is changed + - ansible_os_family == 'RedHat' diff --git a/roles/common/tasks/yum_systems.yml b/roles/common/tasks/yum_systems.yml new file mode 100644 index 00000000..26addd1b --- /dev/null +++ b/roles/common/tasks/yum_systems.yml @@ -0,0 +1,77 @@ +--- +- name: Get the current timezone (RHEL/CentOS 6) + shell: cut -d'"' -f2 /etc/sysconfig/clock + when: ansible_distribution_major_version == "6" + register: current_tz + changed_when: false + tags: + - timezone + +- name: Get the current timezone (RHEL/CentOS 7) + shell: 'timedatectl | grep -E "Time ?zone" | sed -e "s/.*: \(.*\) (.*/\1/"' + when: ansible_distribution_major_version|int >= 7 + register: current_tz + changed_when: false + tags: + - timezone + +# See http://tracker.ceph.com/issues/24197 +# If/when we use ansible 2.7, the next two tasks can be replaced with the 'reboot' ansible module +- name: Reboot RHEL7 to workaround systemd bug + shell: "sleep 5 && reboot" + async: 1 + poll: 0 + when: '"Connection timed out" in current_tz.stderr' + tags: + - timezone + +- name: Wait for reboot in case of systemd workaround + wait_for_connection: + delay: 40 + timeout: 300 + when: '"Connection timed out" in current_tz.stderr' + tags: + - timezone + +- name: Set /etc/localtime (RHEL/CentOS 6) + file: + src: /usr/share/zoneinfo/{{ timezone }} + dest: /etc/localtime + state: link + force: yes + # Default is used below to avoid breaking check mode + when: ansible_distribution_major_version == "6" and current_tz.stdout|default("") != timezone + tags: + - timezone + +- name: Set the timezone (RHEL/CentOS >= 7) + command: timedatectl set-timezone {{ timezone }} + # Default is used below to avoid breaking check mode + when: ansible_distribution_major_version|int >= 7 and current_tz.stdout|default("") != timezone + tags: + - timezone + +# This is temporary to provide reverse compatibility with certain +# tasks that call yum specifically. +# Should be deprecated once we move to ansible v2 +- name: Install yum on Fedora 22 and later + dnf: + name: yum + state: present + when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int >= 22 + +# configure Red Hat entitlements with subscription-manager +# skip_entitlements=true on OVH testnodes +- import_tasks: rhel-entitlements.yml + when: + ansible_distribution == 'RedHat' and + skip_entitlements|default(false)|bool != true + tags: + - entitlements + +# create and manage epel.repo +- import_tasks: epel.yml + when: ansible_distribution == "CentOS" or ansible_distribution == 'RedHat' + tags: + - epel + - repos diff --git a/roles/common/tasks/zypper_systems.yml b/roles/common/tasks/zypper_systems.yml new file mode 100644 index 00000000..a7752e63 --- /dev/null +++ b/roles/common/tasks/zypper_systems.yml @@ -0,0 +1,34 @@ +--- + +- name: Get the current timezone + shell: 'timedatectl | grep -E "Time ?zone" | sed -e "s/.*: \(.*\) (.*/\1/"' + register: current_tz + changed_when: false + tags: + - timezone + +- name: Set the timezone + command: timedatectl set-timezone {{ timezone }} + when: current_tz.stdout|default("") != timezone + tags: + - timezone + +- name: Add base OpenSUSE Leap repo + zypper_repository: + name: repo-oss + repo: "http://download.opensuse.org/distribution/leap/{{ ansible_distribution_version }}/repo/oss/" + state: present + auto_import_keys: yes + +- name: Add updates OpenSUSE Leap repo + zypper_repository: + name: repo-update-oss + repo: "http://download.opensuse.org/update/leap/{{ ansible_distribution_version }}/oss/" + state: present + auto_import_keys: yes + +- name: Refresh repos + zypper_repository: + repo: '*' + runrefresh: yes + auto_import_keys: yes diff --git a/roles/common/templates/krb5.conf b/roles/common/templates/krb5.conf new file mode 100644 index 00000000..eb41a59d --- /dev/null +++ b/roles/common/templates/krb5.conf @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[libdefaults] + default_realm = {{ kerberos_realm }} diff --git a/roles/common/templates/nagios/90-nagios b/roles/common/templates/nagios/90-nagios new file mode 100644 index 00000000..d4bfcad4 --- /dev/null +++ b/roles/common/templates/nagios/90-nagios @@ -0,0 +1,2 @@ +## {{ ansible_managed }} +{{ nrpe_user }} ALL=NOPASSWD: /usr/sbin/megacli, /usr/sbin/cli64, /usr/sbin/smartctl, /usr/sbin/nvme diff --git a/roles/common/templates/nagios/nrpe.cfg b/roles/common/templates/nagios/nrpe.cfg new file mode 100644 index 00000000..d866f6d4 --- /dev/null +++ b/roles/common/templates/nagios/nrpe.cfg @@ -0,0 +1,31 @@ +# {{ ansible_managed }} +log_facility=daemon +{% if ansible_os_family == "Debian" %} +pid_file=/var/run/nagios/nrpe.pid +{% else %} +pid_file=/var/run/nrpe/nrpe.pid +{% endif %} +server_port=5666 +nrpe_user={{ nrpe_user }} +nrpe_group={{ nrpe_group }} + +allowed_hosts={{ nagios_allowed_hosts }} +dont_blame_nrpe=0 +debug=0 +command_timeout=60 +connection_timeout=300 + +command[check_users]={{ nagios_plugins_directory }}/check_users --warning=5 --critical=10 +command[check_load]={{ nagios_plugins_directory }}/check_load --percpu --warning=1.5,1.4,1.3 --critical=2.0,1.9,1.8 +command[check_mem]={{ nagios_plugins_directory }}/check_mem.sh -w 85 -c 95 +command[check_hda1]={{ nagios_plugins_directory }}/check_disk --warning=20% --critical=10% --partition=/dev/hda1 +command[check_root]={{ nagios_plugins_directory }}/check_disk --warning=10% --critical=5% --units=GB --path=/ +command[check_zombie_procs]={{ nagios_plugins_directory }}/check_procs --warning=5 --critical=10 --state=Z +command[check_total_procs]={{ nagios_plugins_directory }}/check_procs --warning=300 --critical=500 +command[check_raid]=/usr/libexec/raid.pl +command[check_disks]=/usr/libexec/diskusage.pl 90 95 +command[check_smart]=/usr/libexec/smart.sh + +include=/etc/nagios/nrpe_local.cfg + +include_dir=/etc/nagios/nrpe.d/ diff --git a/roles/common/templates/yum_repo.j2 b/roles/common/templates/yum_repo.j2 new file mode 100644 index 00000000..7467eb65 --- /dev/null +++ b/roles/common/templates/yum_repo.j2 @@ -0,0 +1,8 @@ +# +# {{ ansible_managed }} +# + +[{{ item.key }}] +{% for k, v in item.value.items() | sort -%} + {{ k }}={{ v }} +{% endfor %} diff --git a/roles/common/vars/apt_systems.yml b/roles/common/vars/apt_systems.yml new file mode 100644 index 00000000..8c2ba5c9 --- /dev/null +++ b/roles/common/vars/apt_systems.yml @@ -0,0 +1,9 @@ +--- +nrpe_service_name: nagios-nrpe-server +nrpe_user: nagios +nrpe_group: nagios +nagios_plugins_directory: /usr/lib/nagios/plugins + +nrpe_packages: + - nagios-nrpe-server + - nagios-plugins-basic diff --git a/roles/common/vars/centos_8.yml b/roles/common/vars/centos_8.yml new file mode 100644 index 00000000..9af7db38 --- /dev/null +++ b/roles/common/vars/centos_8.yml @@ -0,0 +1,4 @@ +--- +nrpe_selinux_packages: + - python3-libsemanage + - python3-policycoreutils diff --git a/roles/common/vars/centos_9.yml b/roles/common/vars/centos_9.yml new file mode 100644 index 00000000..9af7db38 --- /dev/null +++ b/roles/common/vars/centos_9.yml @@ -0,0 +1,4 @@ +--- +nrpe_selinux_packages: + - python3-libsemanage + - python3-policycoreutils diff --git a/roles/common/vars/dnf_systems.yml b/roles/common/vars/dnf_systems.yml new file mode 120000 index 00000000..3eacc969 --- /dev/null +++ b/roles/common/vars/dnf_systems.yml @@ -0,0 +1 @@ +yum_systems.yml \ No newline at end of file diff --git a/roles/common/vars/empty.yml b/roles/common/vars/empty.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/roles/common/vars/empty.yml @@ -0,0 +1 @@ +--- diff --git a/roles/common/vars/fedora_31.yml b/roles/common/vars/fedora_31.yml new file mode 100644 index 00000000..087e67a4 --- /dev/null +++ b/roles/common/vars/fedora_31.yml @@ -0,0 +1,4 @@ +--- +nrpe_selinux_packages: + - python-libsemanage + - policycoreutils-python-utils diff --git a/roles/common/vars/redhat_6.yml b/roles/common/vars/redhat_6.yml new file mode 100644 index 00000000..4ccaa912 --- /dev/null +++ b/roles/common/vars/redhat_6.yml @@ -0,0 +1,7 @@ +--- +rhsm_repos: + - rhel-6-server-rpms + - rhel-6-server-optional-rpms + - rhel-6-server-extras-rpms + # for xfsprogs + - rhel-scalefs-for-rhel-6-server-rpms diff --git a/roles/common/vars/redhat_7.yml b/roles/common/vars/redhat_7.yml new file mode 100644 index 00000000..a3855f1a --- /dev/null +++ b/roles/common/vars/redhat_7.yml @@ -0,0 +1,6 @@ +--- +rhsm_repos: + - rhel-7-server-rpms + - rhel-7-server-optional-rpms + - rhel-7-server-extras-rpms + - rhel-ha-for-rhel-7-server-rpms diff --git a/roles/common/vars/redhat_8.yml b/roles/common/vars/redhat_8.yml new file mode 100644 index 00000000..5afcdbb6 --- /dev/null +++ b/roles/common/vars/redhat_8.yml @@ -0,0 +1,9 @@ +--- +rhsm_repos: + - rhel-8-for-x86_64-baseos-rpms + - rhel-8-for-x86_64-appstream-rpms + - codeready-builder-for-rhel-8-x86_64-rpms + +nrpe_selinux_packages: + - python3-libsemanage + - python3-policycoreutils diff --git a/roles/common/vars/redhat_9.yml b/roles/common/vars/redhat_9.yml new file mode 100644 index 00000000..372da7bf --- /dev/null +++ b/roles/common/vars/redhat_9.yml @@ -0,0 +1,9 @@ +--- +rhsm_repos: + - rhel-9-for-x86_64-baseos-rpms + - rhel-9-for-x86_64-appstream-rpms + - codeready-builder-for-rhel-9-x86_64-rpms + +nrpe_selinux_packages: + - python3-libsemanage + - python3-policycoreutils diff --git a/roles/common/vars/yum_systems.yml b/roles/common/vars/yum_systems.yml new file mode 100644 index 00000000..b85f0086 --- /dev/null +++ b/roles/common/vars/yum_systems.yml @@ -0,0 +1,11 @@ +--- +nrpe_service_name: nrpe +nrpe_user: nrpe +nrpe_group: nrpe +nagios_plugins_directory: /usr/lib64/nagios/plugins + +nrpe_packages: + - nagios-common + - nrpe + - nagios-plugins + - nagios-plugins-load diff --git a/roles/common/vars/zypper_systems.yml b/roles/common/vars/zypper_systems.yml new file mode 100644 index 00000000..c655e01b --- /dev/null +++ b/roles/common/vars/zypper_systems.yml @@ -0,0 +1,9 @@ +--- +nrpe_service_name: nrpe +nrpe_user: nrpe +nrpe_group: nrpe +nagios_plugins_directory: /usr/lib/nagios/plugins + +nrpe_packages: + - nrpe + - monitoring-plugins-nrpe diff --git a/roles/container-host/README.rst b/roles/container-host/README.rst new file mode 100644 index 00000000..b7611cb1 --- /dev/null +++ b/roles/container-host/README.rst @@ -0,0 +1,31 @@ +container-host +============== + +The container-host role will: + +- Install ``docker`` or ``podman`` +- Configure a local ``docker.io`` mirror if configured + +Variables ++++++++++ + +``container_packages: []`` is the list of container packages to install. We default to podman on RedHat based distros and docker.io on Debian-based distros. + +The following variables are used to optionally configure a docker.io mirror CA certificate. The role will install the certificate in both ``/etc/containers/certs.d`` (for podman) and ``/etc/docker/certs.d`` (for docker).:: + + # Defined in all.yml in secrets repo + container_mirror: docker-mirror.front.sepia.ceph.com:5000 + + # Defined in all.yml in secrets repo + container_mirror_cert: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + +Tags +++++ + +registries-conf-ctl + Add ``--skip-tags registries-conf-ctl`` to your ``ansible-playbook`` command if you don't want to use registries-conf-ctl_ to configure the container service's conf file. + +.. _registries-conf-ctl: https://github.com/sebastian-philipp/registries-conf-ctl diff --git a/roles/container-host/meta/main.yml b/roles/container-host/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/container-host/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/container-host/tasks/container_mirror.yml b/roles/container-host/tasks/container_mirror.yml new file mode 100644 index 00000000..74f5bd16 --- /dev/null +++ b/roles/container-host/tasks/container_mirror.yml @@ -0,0 +1,60 @@ +--- +- name: "Create container_mirror_cert_paths" + file: + path: "{{ item }}" + state: directory + with_items: "{{ container_mirror_cert_paths }}" + +- name: "Copy {{ container_mirror }} self-signed cert" + copy: + dest: "{{ item }}/docker-mirror.crt" + content: "{{ container_mirror_cert }}" + with_items: "{{ container_mirror_cert_paths }}" + +- name: Ensure git is installed + package: + name: git + state: present + tags: + - registries-conf-ctl + +- name: Install registries-conf-ctl + pip: + name: git+https://github.com/sebastian-philipp/registries-conf-ctl + state: latest + executable: "{{ pip_executable|default('pip3') }}" + tags: + - registries-conf-ctl + +- name: "Check for docker's daemon.json" + stat: + path: "{{ container_service_conf }}" + when: + - "'docker.io' in container_packages" + - "'podman' not in container_packages" + register: container_conf + +- name: "Create {{ container_service_conf }} if necessary" + copy: + dest: "{{ container_service_conf }}" + content: "{}" + when: + - "'docker.io' in container_packages" + - "'podman' not in container_packages" + - container_conf.stat.exists == False + +- name: Add local docker.io registry mirror + command: registries-conf-ctl add-mirror docker.io "{{ container_mirror }}" + environment: + PATH: /usr/local/bin:/usr/bin + tags: + - registries-conf-ctl + +# not very elegant but it's a workaround for now +- name: Restart docker service + service: + name: docker + state: restarted + when: "'docker.io' in container_packages" + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" diff --git a/roles/container-host/tasks/main.yml b/roles/container-host/tasks/main.yml new file mode 100644 index 00000000..83f50138 --- /dev/null +++ b/roles/container-host/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- set_fact: + package_manager: apt + when: ansible_os_family == "Debian" + +- set_fact: + package_manager: yum + when: ansible_os_family == "RedHat" + +- name: Including distro specific variables + include_vars: "{{ item }}" + with_first_found: + - "{{ secrets_path }}/container-host/{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ package_manager }}_systems.yml" + - empty.yml + +- name: Install container packages + package: + name: "{{ container_packages }}" + state: latest + when: container_packages|length > 0 + +- set_fact: + container_service_conf: "/etc/containers/registries.conf" + when: + - "'podman' in container_packages" + tags: + - container-mirror + +- set_fact: + container_service_conf: "/etc/docker/daemon.json" + when: + - "'docker.io' in container_packages" + - "'podman' not in container_packages" + tags: + - container-mirror + +- import_tasks: container_mirror.yml + when: + - container_mirror is defined + - container_mirror_cert is defined + tags: + - container-mirror diff --git a/roles/container-host/tasks/pipx_install_reg_conf_ctl.yml b/roles/container-host/tasks/pipx_install_reg_conf_ctl.yml new file mode 100644 index 00000000..2e13779d --- /dev/null +++ b/roles/container-host/tasks/pipx_install_reg_conf_ctl.yml @@ -0,0 +1,74 @@ +--- +- name: "Create container_mirror_cert_paths" + file: + path: "{{ item }}" + state: directory + with_items: "{{ container_mirror_cert_paths }}" + +- name: "Copy {{ container_mirror }} self-signed cert" + copy: + dest: "{{ item }}/docker-mirror.crt" + content: "{{ container_mirror_cert }}" + with_items: "{{ container_mirror_cert_paths }}" + +- name: Ensure git is installed + package: + name: git + state: present + tags: + - registries-conf-ctl + +- name: Check for pipx + ansible.builtin.shell: "command -v pipx" + register: pipx_check + changed_when: false + failed_when: false + tags: + - registries-conf-ctl + +- import_tasks: pipx_install_reg_conf_ctl.yml + when: pipx_check.rc == 0 + tags: + - registries-conf-ctl + +- name: Install registries-conf-ctl via pip + pip: + name: git+https://github.com/sebastian-philipp/registries-conf-ctl + state: latest + executable: "{{ pip_executable|default('pip3') }}" + when: pipx_check.rc != 0 + tags: + - registries-conf-ctl + +- name: "Check for docker's daemon.json" + stat: + path: "{{ container_service_conf }}" + when: + - "'docker.io' in container_packages" + - "'podman' not in container_packages" + register: container_conf + +- name: "Create {{ container_service_conf }} if necessary" + copy: + dest: "{{ container_service_conf }}" + content: "{}" + when: + - "'docker.io' in container_packages" + - "'podman' not in container_packages" + - container_conf.stat.exists == False + +- name: Add local docker.io registry mirror + command: registries-conf-ctl add-mirror docker.io "{{ container_mirror }}" + environment: + PATH: /usr/local/bin:/usr/bin + tags: + - registries-conf-ctl + +# not very elegant but it's a workaround for now +- name: Restart docker service + service: + name: docker + state: restarted + when: "'docker.io' in container_packages" + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" diff --git a/roles/container-host/vars/apt_systems.yml b/roles/container-host/vars/apt_systems.yml new file mode 100644 index 00000000..e513e8d1 --- /dev/null +++ b/roles/container-host/vars/apt_systems.yml @@ -0,0 +1,5 @@ +--- +container_packages: + - docker.io + - python3-setuptools + - python3-pip diff --git a/roles/container-host/vars/centos_7.yml b/roles/container-host/vars/centos_7.yml new file mode 100644 index 00000000..e0d59071 --- /dev/null +++ b/roles/container-host/vars/centos_7.yml @@ -0,0 +1,6 @@ +--- +container_packages: + - podman + - podman-docker + +pip_executable: pip diff --git a/roles/container-host/vars/centos_9.yml b/roles/container-host/vars/centos_9.yml new file mode 100644 index 00000000..9ca52e4a --- /dev/null +++ b/roles/container-host/vars/centos_9.yml @@ -0,0 +1,5 @@ +--- +container_packages: + - podman +# Doesn't exist yet +# - podman-docker diff --git a/roles/container-host/vars/empty.yml b/roles/container-host/vars/empty.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/roles/container-host/vars/empty.yml @@ -0,0 +1 @@ +--- diff --git a/roles/container-host/vars/main.yml b/roles/container-host/vars/main.yml new file mode 100644 index 00000000..e84dc53f --- /dev/null +++ b/roles/container-host/vars/main.yml @@ -0,0 +1,4 @@ +--- +container_mirror_cert_paths: + - "/etc/docker/certs.d/{{ container_mirror }}" + - "/etc/containers/certs.d/{{ container_mirror }}" diff --git a/roles/container-host/vars/ubuntu_18.yml b/roles/container-host/vars/ubuntu_18.yml new file mode 100644 index 00000000..4dc4ea94 --- /dev/null +++ b/roles/container-host/vars/ubuntu_18.yml @@ -0,0 +1,7 @@ +--- +container_packages: + - docker.io + - python-setuptools + - python-pip + +pip_executable: pip diff --git a/roles/container-host/vars/ubuntu_24.yml b/roles/container-host/vars/ubuntu_24.yml new file mode 100644 index 00000000..3e79485e --- /dev/null +++ b/roles/container-host/vars/ubuntu_24.yml @@ -0,0 +1,6 @@ +--- +container_packages: + - docker.io + - python3-setuptools + - python3-pip + - pipx diff --git a/roles/container-host/vars/yum_systems.yml b/roles/container-host/vars/yum_systems.yml new file mode 100644 index 00000000..f6a6b7e6 --- /dev/null +++ b/roles/container-host/vars/yum_systems.yml @@ -0,0 +1,4 @@ +--- +container_packages: + - podman + - podman-docker diff --git a/roles/dhcp-server/README.rst b/roles/dhcp-server/README.rst new file mode 100644 index 00000000..5e9688f9 --- /dev/null +++ b/roles/dhcp-server/README.rst @@ -0,0 +1,109 @@ +dhcp-server +=========== + +This role can be used to install, update, and manage a DHCP server running on CentOS 7. + +Notes ++++++ + +This role is heavily modified to be primarily useful for our test labs that only have two or three subnets. See https://wiki.sepia.ceph.com/doku.php?id=services:networking. + +This role checks for firewalld and iptables. It will configure firewalld unless iptables is running. It **does not** configure iptables and will not install or configure firewalld if it's not installed. At the time the role was created, our DHCP server was running other services and its iptables was already heavily modified and configured. This reason, along with firewalld being the default in CentOS 7, is why iptables configuration is skipped. + +Variables ++++++++++ +This role basically has two required and two optional variables: + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| **Required Variables** | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +|:: | This list will be used to populate the global ``/etc/dhcpd.conf``. You can add additional keys and values. Just make sure they follow the syntax required for dhcpd.conf. | +| | | +| dhcp_global_options: | | +| - ddns-update-style: none | Here's the dhcpd_ man page. | +| - default-lease-time: 43200 | | +| - max-lease-time: 172800 | | +| - one-lease-per-client: "true" | | +| | | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +|:: | This is large dictionary that gets parsed out into individual dhcpd config files. Each top-level key (``front`` and ``ipmi`` in the example) will get its own dhcp conf file created. The example shown to the left is our actual ``dhcp_subnets`` dictionary. | +| | | +| dhcp_subnets: | | +| front: | Under each subnet, ``cidr``, ``ipvar``, and ``macvar`` are required. ``ipvar`` and ``macvar`` tell the Jinja2 template which IP address and MAC address should be used for each host in each subnet config file. | +| cidr: 172.21.0.0/20 | | +| ipvar: ip | Here's a line from our Ansible inventory host file | +| macvar: mac | | +| domain_name: front.sepia.ceph.com | ``smithi001.front.sepia.ceph.com mac=0C:C4:7A:BD:15:E8 ip=172.21.15.1 ipmi=172.21.47.1 bmc=0C:C4:7A:6E:21:A7`` | +| domain_search: | | +| - front.sepia.ceph.com | This will result in a static IP entry for smithi001-front with IP 172.21.15.1 and MAC 0C:C4:7A:BD:15:E8 in ``dhcpd.front.conf`` and a smithi001-ipmi entry with IP 172.21.47.1 with MAC 0C:C4:7A:6E:21:A7 in ``dhcpd.ipmi.conf``. | +| - sepia.ceph.com | | +| domain_name_server: | The ``next_server`` and ``filename`` values can be overridden by ansible group or host. See below. | +| - 172.21.0.1 | | +| - 172.21.0.2 | All the other keys are optional. | +| routers: 172.21.15.254 | | +| next_server: 172.21.0.11 | | +| filename: "/pxelinux.0" | | +| classes: | | +| virtual: "match if substring(hardware, 0, 4) = 01:52:54:00" | | +| lxc: "match if substring(hardware, 0, 4) = 01:52:54:ff" | | +| pools: | | +| virtual: | | +| range: 172.21.10.20 172.21.10.250 | | +| unknown_clients: | | +| range: | | +| - 172.21.11.0 172.21.11.19 | | +| - 172.21.13.170 172.21.13.250 | | +| next_server: 172.21.0.11 | | +| filename: "/pxelinux.0" | | +| lxc: | | +| range: 172.21.14.1 172.21.14.200 | | +| ipmi: | | +| cidr: 172.21.32.0/20 | | +| ipvar: ipmi | | +| macvar: bmc | | +| domain_name: ipmi.sepia.ceph.com | | +| domain_search: | | +| - ipmi.sepia.ceph.com | | +| - sepia.ceph.com | | +| domain_name_servers: | | +| - 172.21.0.1 | | +| - 172.21.0.2 | | +| routers: 172.21.47.254 | | +| next_server: 172.21.0.11 | | +| filename: "/pxelinux.0" | | +| pools: | | +| unknown_clients: | | +| range: 172.21.43.1 172.21.43.100 | | +| next_server: 172.21.0.11 | | +| filename: "/pxelinux.0" | | +| | | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| **Optional Variables** | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| ``dhcp_next_server: 1.2.3.4`` | This is your PXE/TFTP server's IP address. This will **override** the subnet's ``next_server`` defined in the ``dhcp_subnets`` dictionary. It can be defined in your Ansible inventory in a couple ways: | +| | | +| | #. In ``ansible/inventory/group_vars/group.yml`` if some hosts should use a different PXE server | +| | #. In your inventory ``hosts`` file on a per-host basis. See Ansible's docs_ on variable precedence. | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| ``dhcp_filename: "/pxelinux.0"`` | Same rules as above. This is the TFTP filename the DHCP server should instruct DHCP clients to download. | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +|:: | This can be set at a ``host_var`` or ``group_var`` level in the Ansible inventory. It will **override** the subnet's ``domain_name_servers`` defined in the ``dhcp_subnets`` dictionary. | +| | | +| domain_name_servers: | | +| - 1.2.3.4 | | +| - 5.6.7.8 | | +| | | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| ``dhcp_option_hostname: False`` | Should this host get ``option host-name "{{ ansible_host }}";`` defined in its host declaration? Defaults to False. Override in secrets repo per host/group. | ++---------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Tags +++++ + +Available tags are listed below: + +packages + Run (or skip) package install/update tasks + +.. _docs: https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable +.. _dhcpd: https://linux.die.net/man/8/dhcpd diff --git a/roles/dhcp-server/tasks/main.yml b/roles/dhcp-server/tasks/main.yml new file mode 100644 index 00000000..ef384f1a --- /dev/null +++ b/roles/dhcp-server/tasks/main.yml @@ -0,0 +1,65 @@ +--- +- name: Install/update packages + yum: + name: dhcp + state: latest + register: dhcp_yum_transaction + tags: packages + +- name: Check for firewalld + command: firewall-cmd --state + register: firewalld_state + ignore_errors: true + +- name: Check for iptables + command: systemctl status iptables + register: iptables_state + ignore_errors: true + +- name: Make sure firewalld is running + service: + name: firewalld + state: started + enabled: yes + when: + - iptables_state.rc != 0 + - not (firewalld_state.msg is defined and "'No such file or directory' in firewalld_state.msg") + +- name: Configure firewalld + firewalld: + service: dhcp + state: enabled + permanent: true + immediate: yes + when: + - iptables_state.rc != 0 + - not (firewalld_state.msg is defined and "'No such file or directory' in firewalld_state.msg") + +- name: Write global dhcpd.conf + template: + src: dhcpd.conf.j2 + dest: /etc/dhcp/dhcpd.conf + backup: yes + register: dhcp_global_config + +- name: Write each subnet config + template: + src: dhcpd.subnet.conf.j2 + dest: "/etc/dhcp/dhcpd.{{ item }}.conf" + backup: yes + with_items: "{{ dhcp_subnets }}" + register: dhcp_subnet_config + +- name: Test new config + command: dhcpd -t -cf /etc/dhcp/dhcpd.conf + register: dhcpd_config_test_result + when: dhcp_global_config is changed or dhcp_subnet_config is changed + +- name: Restart dhcpd + service: + name: dhcpd + state: restarted + when: + - (dhcp_global_config is changed or dhcp_subnet_config is changed) + - dhcpd_config_test_result is defined + - dhcpd_config_test_result.rc == 0 diff --git a/roles/dhcp-server/templates/dhcpd.conf.j2 b/roles/dhcp-server/templates/dhcpd.conf.j2 new file mode 100644 index 00000000..5b0c2378 --- /dev/null +++ b/roles/dhcp-server/templates/dhcpd.conf.j2 @@ -0,0 +1,9 @@ +{% for item in dhcp_global_options %} +{% for key, value in item.items() %} +{{ key }} {{ value }}; +{% endfor %} +{% endfor %} + +{% for key, value in dhcp_subnets.items() %} +include "/etc/dhcp/dhcpd.{{ key }}.conf"; +{% endfor %} diff --git a/roles/dhcp-server/templates/dhcpd.subnet.conf.j2 b/roles/dhcp-server/templates/dhcpd.subnet.conf.j2 new file mode 100644 index 00000000..2d93039c --- /dev/null +++ b/roles/dhcp-server/templates/dhcpd.subnet.conf.j2 @@ -0,0 +1,78 @@ +{% for subnet, subnet_item in dhcp_subnets.items() %} +{% if subnet == item %} +subnet {{ subnet_item.cidr | ipaddr('network') }} netmask {{ subnet_item.cidr | ipaddr('netmask') }} { + {% if subnet_item.domain_name is defined -%} + option domain-name "{{ subnet_item.domain_name }}"; + {% endif -%} + {% if subnet_item.domain_search is defined -%} + option domain-search "{{ subnet_item.domain_search|join('", "') }}"; + {% endif -%} + {% if subnet_item.domain_name_servers is defined -%} + option domain-name-servers {{ subnet_item.domain_name_servers|join(', ') }}; + {% endif -%} + {% if subnet_item.routers is defined -%} + option routers {{ subnet_item.routers }}; + {% endif -%} + {% if subnet_item.next_server is defined -%} + next-server {{ subnet_item.next_server }}; + {% endif -%} + {% if subnet_item.filename is defined -%} + filename "{{ subnet_item.filename }}"; + {% endif %} + + {% if subnet_item.classes is defined -%} + {% for class_name, class_string in subnet_item.classes.items() -%} + class "{{ class_name }}" { + {{ class_string }}; + } + + {% endfor -%} + {%- endif -%} + + {% if subnet_item.pools is defined -%} + {% for pool, pool_value in subnet_item.pools.items() -%} + pool { + {% if pool == "unknown_clients" -%} + allow unknown-clients; + {% else -%} + allow members of "{{ pool }}"; + {% endif -%} + {% if pool_value.range is string -%} + range {{ pool_value.range }}; + {% else -%} + range {{ pool_value.range|join(';\n range ') }}; + {% endif -%} + {% if pool_value.next_server is defined -%} + next-server {{ pool_value.next_server }}; + {% endif -%} + {% if pool_value.filename is defined -%} + filename "{{ pool_value.filename }}"; + {% endif -%} + } + + {% endfor -%} + {%- endif -%} + + {% for host in groups['all'] | sort | unique -%} + {% if hostvars[host][subnet_item.macvar] is defined -%} + {% if hostvars[host][subnet_item.ipvar] | ipaddr(subnet_item.cidr) | ipaddr('bool') -%} + host {{ host.split('.')[0] }}-{{ subnet }} { + {% if hostvars[host]['dhcp_next_server'] is defined -%} + next-server {{ hostvars[host]['dhcp_next_server'] }}; + filename "{{ hostvars[host]['dhcp_filename'] }}"; + {% endif -%} + {% if hostvars[host]['domain_name_servers'] is defined -%} + option domain-name-servers {{ hostvars[host]['domain_name_servers']|join(', ') }}; + {% endif -%} + hardware ethernet {{ hostvars[host][subnet_item.macvar] }}; + fixed-address {{ hostvars[host][subnet_item.ipvar] }}; + {% if hostvars[host]['dhcp_option_hostname'] is defined and hostvars[host]['dhcp_option_hostname'] == true %} + option host-name "{{ host.split('.')[0] }}"; + {% endif -%} + } + {% endif -%} + {% endif -%} + {% endfor -%} +} # end subnet +{% endif %} +{% endfor %} diff --git a/roles/downstream-setup/defaults/main.yml b/roles/downstream-setup/defaults/main.yml new file mode 100644 index 00000000..044146ea --- /dev/null +++ b/roles/downstream-setup/defaults/main.yml @@ -0,0 +1,39 @@ +--- +# When cleanup is true the tasks being used might +# perform cleanup steps if applicable. +cleanup: false + + +# yum_repos is a list of hashes that +# define the url to download the yum repo +# from and the name to save it as in etc/yum.repos.d +# +# For example: +# yum_repos: +# - url: "http://path/to/epel.repo" +# name: "epel" +# +# When using the yum_repos var and if cleanup is true it will +# delete the repos instead of creating them. +yum_repos: [] + +# a list of repo names as strings to delete from /etc/yum.repos.d +# the name should not include the .repo extension +remove_yum_repos: [] + +# a list of repo names as strings to disable in /etc/yum.repos.d +# the name should not include the .repo extension +# When using the disable_yum_repos var and if cleanup is true it will +# delete the repos instead of creating them. +# NOTE: this does not work on repo files with multiple entries in them, +# it will only disable the first entry in the repo file. +disable_yum_repos: [] + +# a list of repo names as strings to enable in /etc/yum.repos.d +# the name should not include the .repo extension +# NOTE: this does not work on repo files with multiple entries in them, +# it will only enable the first entry in the repo file. +enable_yum_repos: [] + +# defining empty var for ansible v2.2 compatibility. +repos_to_remove: [] diff --git a/roles/downstream-setup/tasks/cleanup.yml b/roles/downstream-setup/tasks/cleanup.yml new file mode 100644 index 00000000..94c1d6ff --- /dev/null +++ b/roles/downstream-setup/tasks/cleanup.yml @@ -0,0 +1,33 @@ +--- +- debug: msg="Performing cleanup related tasks..." + +- import_tasks: yum_repos.yml + when: remove_yum_repos|length > 0 + vars: + repos: "{{ remove_yum_repos }}" + tags: + - yum-repos + +- set_fact: + repos_to_remove: "{% for repo in yum_repos%}{{ repo.name }}{% if not loop.last %},{% endif %}{% endfor %}" + +- import_tasks: remove_yum_repos.yml + when: yum_repos|length > 0 + vars: + repos: "{{ repos_to_remove.split(',') }}" + tags: + - delete-yum-repos + +- import_tasks: disable_yum_repos.yml + when: enable_yum_repos|length > 0 + vars: + repos: "{{ enable_yum_repos }}" + tags: + - disable-yum-repos + +- import_tasks: enable_yum_repos.yml + when: disable_yum_repos|length > 0 + vars: + repos: "{{ disable_yum_repos }}" + tags: + - enable-yum-repos diff --git a/roles/downstream-setup/tasks/disable_yum_repos.yml b/roles/downstream-setup/tasks/disable_yum_repos.yml new file mode 100644 index 00000000..b98382a8 --- /dev/null +++ b/roles/downstream-setup/tasks/disable_yum_repos.yml @@ -0,0 +1,10 @@ +--- +- name: Disable yum repos. + lineinfile: + dest: "/etc/yum.repos.d/{{ item }}.repo" + line: "enabled=0" + regexp: "enabled=1" + backrefs: yes + state: present + with_items: "{{ repos }}" + ignore_errors: true diff --git a/roles/downstream-setup/tasks/enable_yum_repos.yml b/roles/downstream-setup/tasks/enable_yum_repos.yml new file mode 100644 index 00000000..1fa87f46 --- /dev/null +++ b/roles/downstream-setup/tasks/enable_yum_repos.yml @@ -0,0 +1,10 @@ +--- +- name: Enable yum repos. + lineinfile: + dest: "/etc/yum.repos.d/{{ item }}.repo" + line: "enabled=1" + regexp: "enabled=0" + backrefs: yes + state: present + with_items: "{{ repos }}" + ignore_errors: true diff --git a/roles/downstream-setup/tasks/main.yml b/roles/downstream-setup/tasks/main.yml new file mode 100644 index 00000000..35133f51 --- /dev/null +++ b/roles/downstream-setup/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# re: 'static: no' -- See https://github.com/ansible/ansible/issues/18483 +# Can be removed once that fix makes it into Ansible + +# These are tasks which perform actions corresponding to the names of +# the variables they use. For example, `disable_yum_repos` would actually +# disable all repos defined in that list. +- import_tasks: setup.yml + when: not cleanup and (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") + static: no + +# These are tasks which reverse the actions corresponding to the names of +# the variables they use. For example, `disable_yum_repos` would actually +# enable all repos defined in that list. The primary use for this is through +# teuthology, so that you can tell a teuthology run to disable a set of repos +# for the test run but then re-enable them during the teuthology cleanup process. +- import_tasks: cleanup.yml + when: cleanup and (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") + static: no diff --git a/roles/downstream-setup/tasks/remove_yum_repos.yml b/roles/downstream-setup/tasks/remove_yum_repos.yml new file mode 100644 index 00000000..fc3741d4 --- /dev/null +++ b/roles/downstream-setup/tasks/remove_yum_repos.yml @@ -0,0 +1,6 @@ +--- +- name: Delete yum repos from /etc/yum.repos.d + file: + path: "/etc/yum.repos.d/{{ item }}.repo" + state: absent + with_items: "{{ repos }}" diff --git a/roles/downstream-setup/tasks/setup.yml b/roles/downstream-setup/tasks/setup.yml new file mode 100644 index 00000000..7c554b0c --- /dev/null +++ b/roles/downstream-setup/tasks/setup.yml @@ -0,0 +1,28 @@ +--- +- import_tasks: yum_repos.yml + when: yum_repos|length > 0 + vars: + repos: "{{ yum_repos }}" + tags: + - yum-repos + +- import_tasks: remove_yum_repos.yml + when: remove_yum_repos|length > 0 + vars: + repos: "{{ remove_yum_repos }}" + tags: + - delete-yum-repos + +- import_tasks: disable_yum_repos.yml + when: disable_yum_repos|length > 0 + vars: + repos: "{{ disable_yum_repos }}" + tags: + - disable-yum-repos + +- import_tasks: enable_yum_repos.yml + when: enable_yum_repos|length > 0 + vars: + repos: "{{ enable_yum_repos }}" + tags: + - enable-yum-repos diff --git a/roles/downstream-setup/tasks/yum_repos.yml b/roles/downstream-setup/tasks/yum_repos.yml new file mode 100644 index 00000000..8cf72438 --- /dev/null +++ b/roles/downstream-setup/tasks/yum_repos.yml @@ -0,0 +1,7 @@ +--- +- name: Download yum repos to /etc/yum.repos.d + get_url: + url: "{{ item.url }}" + dest: "/etc/yum.repos.d/{{ item.name }}.repo" + force: yes + with_items: "{{ repos }}" diff --git a/roles/firmware/README.rst b/roles/firmware/README.rst new file mode 100644 index 00000000..7e83c8d1 --- /dev/null +++ b/roles/firmware/README.rst @@ -0,0 +1,129 @@ +firmware +======== + +This role will largely only be useful for the Ceph upstream Sepia_ test lab. +Some of the firmware flashing methods can be applied to other machine types however. + +Prerequisites ++++++++++++++ + +Prerequisites are ordered by machine type (smithi, mira, etc.) then device type (BIOS, BMC, etc.) + +Universal device types (RAID controllers) are listed separately last. + +Mira +---- +**BIOS** + +#. Download the latest BIOS firmware from Supermicro_'s website. +#. Extract the binary blob from the archive and upload it somewhere that is http-accessible within the lab. +#. Define ``bios_location`` as the http path to that file. +#. Define ``latest_bios_version``. This is listed under ``Rev`` on Supermicro_'s website. See example under the *Variables* section. + +**BMC** + +#. Download the latest BMC firmware from Supermicro_'s website. +#. Copy the full zip archive somewhere http-accessible within the lab. +#. Define ``bmc_location`` as the http path to that archive. +#. Define ``latest_bmc_version``. This is listed under ``Rev`` on Supermicro_'s website. See example under the *Variables* section. + +---- + +Smithi +------ +The Smithi machines have X10 generation system boards which require a DOS prompt or Windows in order to flash the BIOS. The flashrom tool doesn't yet support those boards. + +**BMC** + +#. Download the latest BMC firmware from Supermicro_'s website. +#. Copy the full zip archive somewhere http-accessible within the lab. +#. Define ``bmc_location`` in the secrets repo as the http path to that archive. +#. Define ``latest_bmc_version`` in the secrets repo. This is listed under ``Rev`` on Supermicro_'s website. See example under the *Variables* section. + +**NVMe** + +RHEL and CentOS are the only supported distros for NVMe firmware flashing. Intel bakes the latest firmware into RPMs. + +#. Download the latest Intel SSD Data Center Tool archive from Intel_'s website. +#. Extract the appropriate architecture RPM (probably x86_64) from the zip archive and upload it somewhere http-accessible within the lab. +#. Define ``nvme_firmware_package`` in the secrets repo as the HTTP path to the RPM. + +---- + +Areca RAID Controllers +---------------------- +We have multiple different model controllers but the firmware update process is the same for the models we have. Following these steps carefully allow the process to be used for any model controller. + +#. Download firmware archives for each model RAID controller you have from Areca_'s website. +#. Create an empty directory on your http server and upload each archive there. +#. Rename each zip archive to match the model output you get from ``cli64 sys info | grep Controller Name`` (e.g., ARC-1222.zip). +#. Define a ``latest_{{ model_lower_pretty }}_version`` variable for each model controller you have. This *must* match the ``Firmware Version`` output of ``cli64 sys info``. See examples under the *Variables* section. + +Variables ++++++++++ + +``flashrom_location: "http://download.flashrom.org/releases/flashrom-0.9.9.tar.bz2"``. Tool used to flash BIOSes for certain machine types. Defined in ``roles/firmware/defaults/main.yml``. + +``firmware_update_path: "/home/{{ ansible_user }}/firmware-update"`` is just a temporary dir used on the target ansible host to work out of and download firmware and tools to. It gets deleted at the end of a succsessful playbook run. Defined in ``roles/firmware/defaults/main.yml``. + +``latest_bios_version: null`` should be overridden in your ansible inventory based on machine type. The format should match what you get when running ``dmidecode --type bios | grep Version``. Not all machine types have BIOSes that can be updated using ``flashrom`` so this variable is defined as ``null`` in ``roles/firmware/defaults/main.yml``. See example for a supported machine type:: + + # From ansible/inventory/group_vars/mira.yml + latest_bios_version: "1.2a" + +``latest_bmc_version: null`` should be overridden in your ansible inventory based on machine type. The format should match what you get when running ``ipmitool mc info | grep "Firmware Revision"``. See example:: + + # From ansible/inventory/group_vars/mira.yml + latest_bmc_version: "3.16" + +``bios_location: null`` should be the direct HTTP path to the BIOS binary. Override in your ansible inventory based on machine type. See example:: + + # From ansible/inventory/group_vars/mira.yml + bios_location: "http://drop.front.sepia.ceph.com/firmware/mira/X8SIL2.627" + +``bmc_location: null`` should be the direct HTTP path to the BMC firmware zip archive. Override in your ansible inventory based on machine type. See example:: + + # From ansible/inventory/group_vars/mira.yml + bmc_location: "http://drop.front.sepia.ceph.com/firmware/mira/ipmi_316.zip" + +``areca_download_location: null`` should be the HTTP path to a directory serving all your Areca firmware zip archives. Override in your ansible inventory. See example:: + + # From ansible/inventory/group_vars/all.yml + areca_download_location: "http://drop.front.sepia.ceph.com/firmware/areca" + +You should have a ``latest_{{ areca_lower_pretty }}_version`` variable for each model Areca controller you have. ``areca_lower_pretty`` should be lowercase with no special characters. Obtain the firmware version format and model from ``cli64 sys info`` output. Override in your ansible inventory. See examples:: + + # From ansible/inventory/group_vars/all.yml + latest_arc1222_version: "V1.51" + latest_arc1880_version: "V1.53" + +``nvme_firmware_package: null`` should be overridden in your ansible inventory. It is the direct HTTP path to Intel's SSD Datacenter Tool RPM. We only have NVMe drives in our ``smithi`` machine type so we define it in ``group_vars``. See example:: + + # From ansible/inventory/group_vars/smithi.yml + nvme_firmware_package: "http://drop.front.sepia.ceph.com/firmware/smithi/isdct-3.0.2.400-17.x86_64.rpm" + +Tags +++++ +Running the role without a tag will update all firmwares a system has available to it. + +bios + If the system(s) you're running this role against supports flashing the BIOS from the OS (current method uses ``flashrom`` and a BIOS binary), this tag will update the BIOS if an update is required. + +bmc + If the system(s) you're running this role against supports flashing the BMC from the OS (Supermicro provides an executable and firmare binary), this tag will update the BMC if an update is required. + +areca + Updates only Areca RAID controller firmwares/BIOS + +nvme + Updates Intel NVMe device firmware. Supports RHEL/CentOS only. + +To Do ++++++ + +- Monitor ``flashrom`` releases to check if Supermicro X10 boards are supported yet + +.. _Sepia: https://ceph.github.io/sepia/ +.. _Supermicro: https://www.supermicro.com/ResourceApps/BIOS_IPMI.aspx +.. _Intel: https://downloadcenter.intel.com/download/26221/Intel-SSD-Data-Center-Tool +.. _Areca: http://www.areca.us/support/main.htm diff --git a/roles/firmware/defaults/main.yml b/roles/firmware/defaults/main.yml new file mode 100644 index 00000000..8f6f13b1 --- /dev/null +++ b/roles/firmware/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# Defaults should be overridden in the secrets repo in each machine type's +# group_vars file +latest_bios_version: null +latest_bmc_version: null + +flashrom_location: "http://download.flashrom.org/releases/flashrom-0.9.9.tar.bz2" + +areca_download_location: null + +firmware_update_path: "/home/{{ ansible_user }}/firmware-update" diff --git a/roles/firmware/tasks/areca/areca-update.yml b/roles/firmware/tasks/areca/areca-update.yml new file mode 100644 index 00000000..2078d87b --- /dev/null +++ b/roles/firmware/tasks/areca/areca-update.yml @@ -0,0 +1,27 @@ +--- +# This file is only called when current_areca_version +# and latest_{{ areca_model_pretty }}_version do not match + +- name: Install Unzip + package: + name: unzip + state: latest + +- name: Create Areca update working directory structure + file: + path: "{{ firmware_update_path }}/areca-update" + state: directory + +# Download Areca zip archive and name it something we can consume reliably +- name: Download Areca firmware + get_url: + url: "{{ areca_download_location }}/{{ areca_model.stdout }}.zip" + dest: "{{ firmware_update_path }}/areca-update/areca.zip" + force: yes + +# Only extract the binary blobs and don't recreate dir structure +- name: Unzip Areca firmware archive + shell: "cd {{ firmware_update_path }}/areca-update && unzip -j areca.zip *.BIN" + +- name: Flash Areca firmware + shell: "for file in $(ls {{ firmware_update_path }}/areca-update/*.BIN); do cli64 sys updatefw path=$file; done" diff --git a/roles/firmware/tasks/areca/main.yml b/roles/firmware/tasks/areca/main.yml new file mode 100644 index 00000000..033e459d --- /dev/null +++ b/roles/firmware/tasks/areca/main.yml @@ -0,0 +1,34 @@ +--- +- name: Check for Areca devices + shell: "lspci | grep -q -i areca" + register: lspci_output +# ignore_errors: true + failed_when: False + +- name: Determine Areca RAID Controller Model + shell: "cli64 sys info | grep 'Controller Name' | awk '{ print $4 }'" + register: areca_model + when: "lspci_output.rc == 0" + +- name: Set areca_model_pretty var + set_fact: + areca_model_pretty: "{{ areca_model.stdout|lower|replace('-', '') }}" + when: "lspci_output.rc == 0" + +- name: Determine current Areca firmware version + shell: "cli64 sys info | grep 'Firmware Version' | awk '{ print $4 }'" + register: current_areca_version + when: "lspci_output.rc == 0" + +# We have Areca 1222 and 1880 covered. If any other models exist, the 'when' +# statement will gracefully allow the rest of this playbook to be skipped. +- name: Determine if Areca firmware update needed + set_fact: + need_areca_update: true + when: current_areca_version is defined and + latest_{{ areca_model_pretty }}_version is defined and + (current_areca_version.stdout != latest_{{ areca_model_pretty }}_version) + +- name: Run Areca firmware update playbook + import_tasks: areca/areca-update.yml + when: need_areca_update is defined and need_areca_update == true diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml new file mode 100644 index 00000000..3da7d63a --- /dev/null +++ b/roles/firmware/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- import_tasks: mira/bios.yml + tags: + - bios + when: '"mira" in ansible_hostname' + +- import_tasks: mira/bmc.yml + tags: + - bmc + when: '"mira" in ansible_hostname' + +- import_tasks: areca/main.yml + tags: + - areca + +- import_tasks: smithi/bmc.yml + tags: + - bmc + when: '"smithi" in ansible_hostname' + +# NVMe firmware flashing is only supported on RHEL/CentOS +- import_tasks: smithi/nvme.yml + tags: + - nvme + when: '"smithi" in ansible_hostname and ansible_pkg_mgr == "yum"' + +# This won't get run if a previous playbook fails. So if a backup of a BIOS is +# needed to restore, it'll still be there +- name: Clean up firmware update directory + file: + path: "{{ firmware_update_path }}" + state: absent + tags: + - always diff --git a/roles/firmware/tasks/mira/bios-update.yml b/roles/firmware/tasks/mira/bios-update.yml new file mode 100644 index 00000000..18a38f00 --- /dev/null +++ b/roles/firmware/tasks/mira/bios-update.yml @@ -0,0 +1,75 @@ +--- +# This file is only called when current_bios_version +# and latest_bios_version do not match + +- name: Install packages for CentOS/RHEL + yum: + name: "{{ item }}" + state: latest + with_items: + - pciutils-devel + - zlib-devel + - libftdi-devel + - libusb-devel + - make + - gcc + when: ansible_pkg_mgr == "yum" + +- name: Install packages for Ubuntu + apt: + name: "{{ item }}" + state: latest + with_items: + - flashrom + when: ansible_pkg_mgr == "apt" + +# Flashrom has to be built on CentOS so we add an extra dir for it +# This is equivalent to 'mkdir -p' +- name: Create BIOS update working directory structure + file: + path: "{{ firmware_update_path }}/bios-update/flashrom" + state: directory + +# This file must be the already-extracted binary blob from the Supermicro +# firmware archive. Naming scheme is PPPPPY.MDD +# PPPPP = Project name; Y = Year; M = Month; DD = Day +# We rename it to 'new-bios' here so the playbook can consume a universal name +- name: Download BIOS binary + get_url: + url: "{{ bios_location }}" + dest: "{{ firmware_update_path }}/bios-update/new-bios" + +# There is flashrom RPM in any trusted repositories so we have to compile it +- name: Download flashrom archive (CentOS) + get_url: + url: "{{ flashrom_location }}" + dest: "{{ firmware_update_path }}/bios-update/flashrom.tar.bz2" + validate_certs: no + when: ansible_pkg_mgr == "yum" + +# The flashrom tarballs extract to a directory with its version number by default +# '--strip-components 1' gets rid of that dir so the playbook can run with any +# flashrom version +- name: Extract flashrom (CentOS) + shell: "tar -xjf {{ firmware_update_path }}/bios-update/flashrom.tar.bz2 --directory {{ firmware_update_path }}/bios-update/flashrom --strip-components 1" + when: ansible_pkg_mgr == "yum" + +- name: Compile flashrom (CentOS) + shell: "cd {{ firmware_update_path }}/bios-update/flashrom && make" + when: ansible_pkg_mgr == "yum" + +- name: Back up existing BIOS (CentOS) + shell: "cd {{ firmware_update_path }}/bios-update && flashrom/flashrom --programmer internal --read BIOS.bak" + when: ansible_pkg_mgr == "yum" + +- name: Flash new BIOS (CentOS) + shell: "cd {{ firmware_update_path }}/bios-update && flashrom/flashrom --programmer internal --write new-bios" + when: ansible_pkg_mgr == "yum" + +- name: Back up existing BIOS (Ubuntu) + shell: "cd {{ firmware_update_path }}/bios-update && flashrom --programmer internal --read BIOS.bak" + when: ansible_pkg_mgr == "apt" + +- name: Flash new BIOS (Ubuntu) + shell: "flashrom --programmer internal --write {{ firmware_update_path }}/bios-update/new-bios" + when: ansible_pkg_mgr == "apt" diff --git a/roles/firmware/tasks/mira/bios.yml b/roles/firmware/tasks/mira/bios.yml new file mode 100644 index 00000000..c555600a --- /dev/null +++ b/roles/firmware/tasks/mira/bios.yml @@ -0,0 +1,14 @@ +--- +- name: Determine current BIOS firmware version + shell: dmidecode --type bios | grep Version | awk '{ print $2 }' + register: current_bios_version + changed_when: False + +- name: Determine if BIOS update is needed + set_fact: + need_bios_update: true + when: current_bios_version.stdout != latest_bios_version + +- name: Include BIOS update logic + import_tasks: mira/bios-update.yml + when: need_bios_update is defined and need_bios_update == true diff --git a/roles/firmware/tasks/mira/bmc-update.yml b/roles/firmware/tasks/mira/bmc-update.yml new file mode 100644 index 00000000..cac25907 --- /dev/null +++ b/roles/firmware/tasks/mira/bmc-update.yml @@ -0,0 +1,30 @@ +--- +# This file is only called when current_bmc_version +# and latest_bmc_version do not match + +- name: Install unzip + package: + name: unzip + state: latest + +- name: Create BMC update working directory structure + file: + path: "{{ firmware_update_path }}/bmc-update" + state: directory + +# Download the archive and rename to something the playbook can consume +- name: Download BMC archive + get_url: + url: "{{ bmc_location }}" + dest: "{{ firmware_update_path }}/bmc-update/bmc.zip" + force: yes + +- name: Extract IPMI archive + shell: "cd {{ firmware_update_path }}/bmc-update && unzip bmc.zip" + +- name: Flash new BMC (Takes around 5 minutes) + shell: "cd {{ firmware_update_path }}/bmc-update/Linux* && chmod +x lUpdate && ./lUpdate -f ../*.bin -i kcs -r y" + register: bmc_flash_output + +# Print output of flash script +- debug: var=bmc_flash_output.stdout_lines|last diff --git a/roles/firmware/tasks/mira/bmc.yml b/roles/firmware/tasks/mira/bmc.yml new file mode 100644 index 00000000..7c261c97 --- /dev/null +++ b/roles/firmware/tasks/mira/bmc.yml @@ -0,0 +1,27 @@ +--- +- name: Install ipmitool + package: + name: ipmitool + state: latest + +- name: Enable IPMI kernel modules + modprobe: + name: "{{ item }}" + state: present + with_items: + - ipmi_devintf + - ipmi_si + +- name: Determine current BMC firmware version + shell: ipmitool mc info | grep "Firmware Revision" | awk '{ print $4 }' + register: current_bmc_version + changed_when: False + +- name: Determine if BMC update is needed + set_fact: + need_bmc_update: true + when: current_bmc_version.stdout != latest_bmc_version + +- name: Include BMC update logic + import_tasks: mira/bmc-update.yml + when: need_bmc_update is defined and need_bmc_update == true diff --git a/roles/firmware/tasks/smithi/bmc-update.yml b/roles/firmware/tasks/smithi/bmc-update.yml new file mode 100644 index 00000000..77e06139 --- /dev/null +++ b/roles/firmware/tasks/smithi/bmc-update.yml @@ -0,0 +1,31 @@ +--- +# This file is only called when current_bmc_version +# and latest_bmc_version do not match + +- name: Install unzip + package: + name: unzip + state: latest + +- name: Create BMC update working directory structure + file: + path: "{{ firmware_update_path }}/bmc-update" + state: directory + +# Download the archive and rename to something the playbook can consume +- name: Download BMC archive + get_url: + url: "{{ bmc_location }}" + dest: "{{ firmware_update_path }}/bmc-update/bmc.zip" + force: yes + +# Extract only the binary blob and the Linux flashing executable +- name: Extract IPMI archive + shell: "cd {{ firmware_update_path }}/bmc-update && unzip -j bmc.zip *.bin */linux/x64/AlUpdate" + +- name: Flash new BMC (Takes around 11 minutes) + shell: "cd {{ firmware_update_path }}/bmc-update && chmod +x AlUpdate && ./AlUpdate -f *.bin -i kcs -r y" + register: bmc_flash_output + +# Print output of flash script +- debug: var=bmc_flash_output.stdout_lines|last diff --git a/roles/firmware/tasks/smithi/bmc.yml b/roles/firmware/tasks/smithi/bmc.yml new file mode 100644 index 00000000..3c3400bb --- /dev/null +++ b/roles/firmware/tasks/smithi/bmc.yml @@ -0,0 +1,27 @@ +--- +- name: Install ipmitool + package: + name: ipmitool + state: latest + +- name: Enable IPMI kernel modules + modprobe: + name: "{{ item }}" + state: present + with_items: + - ipmi_devintf + - ipmi_si + +- name: Determine current BMC firmware version + shell: ipmitool mc info | grep "Firmware Revision" | awk '{ print $4 }' + register: current_bmc_version + changed_when: False + +- name: Determine if BMC update is needed + set_fact: + need_bmc_update: true + when: current_bmc_version.stdout != latest_bmc_version + +- name: Include BMC update logic + import_tasks: smithi/bmc-update.yml + when: need_bmc_update is defined and need_bmc_update == true diff --git a/roles/firmware/tasks/smithi/nvme.yml b/roles/firmware/tasks/smithi/nvme.yml new file mode 100644 index 00000000..60bd3ba0 --- /dev/null +++ b/roles/firmware/tasks/smithi/nvme.yml @@ -0,0 +1,29 @@ +--- +- name: Install Intel SSD Data Center Tool + yum: + name: "{{ nvme_firmware_package }}" + state: present + +# This will gather a list of serial numbers in case there are multiple NVMe drives. +- name: Gather list of NVMe device serial numbers + shell: isdct show -d SerialNumber -intelssd | grep SerialNumber | awk '{ print $3 }' + register: nvme_serial_list_raw + +- name: Store ansible-friendly list of NVMe device Serial Numbers + set_fact: + nvme_device_list: "{{ nvme_serial_list_raw.stdout.split('\n') }}" + +# Despite the -force flag, this command won't flash firmware on a device that +# already has the latest firmware. It'll just return 3 as the exit code. +# Ansible fails a task with an rc of 3 hence the added failed_when logic. +# A successful firmware update return code is 0. +- name: Update each NVMe device's firmware + shell: "isdct load -force -intelssd {{ item }}" + with_items: "{{ nvme_device_list|default([]) }}" + register: nvme_update_output + failed_when: "'Error' in nvme_update_output.stdout" + changed_when: nvme_update_output.rc == 0 + +# Print firmware flash output +# Syntax discovered here: https://github.com/ansible/ansible/issues/5564 +- debug: var=nvme_update_output.results|map(attribute='stdout_lines')|list diff --git a/roles/fog-server/README.rst b/roles/fog-server/README.rst new file mode 100644 index 00000000..2d73fecb --- /dev/null +++ b/roles/fog-server/README.rst @@ -0,0 +1,48 @@ +fog-server +========== + +This role can be used to install and update a FOG_ server. It has been minimally tested on Ubuntu 16.04 and CentOS 7.4. + +Notes ++++++ + +* You must manually configure firewall, SELinux, and repos on RHEL/CentOS/Fedora. +* This role assumes the ``sudo`` group already exists and has passwordless sudo access. +* We'd recommend running in verbose mode to see shell output. It can take around 10 minutes for the Install and Update tasks to complete. + +Variables ++++++++++ + ++-----------------------------------------------------------------------------------------------------------------------------------------------+ +| **Required Variables** | ++----------------------------+------------------------------------------------------------------------------------------------------------------+ +| ``fog_user: fog`` | Name for user account to be created on the system. The application will be run from this user's home directory. | ++----------------------------+------------------------------------------------------------------------------------------------------------------+ +| ``fog_branch: master`` | Branch of FOG to checkout and install. Defaults to master but could be set to ``working`` for bleeding edge. | ++----------------------------+------------------------------------------------------------------------------------------------------------------+ +| ``fog_dhcp_server: false`` | Set to ``true`` if you want FOG to install and configure the host as a DHCP server. | ++----------------------------+------------------------------------------------------------------------------------------------------------------+ + +**Optional Variables** + +If none of these are set, the FOG defaults will be used. For simplicity's sake, the variables have been named after the variables in fogsettings_. Read the official documentation for a description of what each does. + +* fog_ipaddress +* fog_interface +* fog_submask +* fog_routeraddress +* fog_plainrouter +* fog_dnsaddress +* fog_password +* fog_startrange (Required if ``fog_dhcp_server: true``) +* fog_endrange (Required if ``fog_dhcp_server: true``) +* fog_snmysqluser +* fog_snmysqlpass +* fog_snmysqlhost +* fog_images_path +* fog_docroot +* fog_webroot +* fog_httpproto + +.. _FOG: https://fogproject.org/ +.. _fogsettings: https://wiki.fogproject.org/wiki/index.php?title=.fogsettings diff --git a/roles/fog-server/defaults/main.yml b/roles/fog-server/defaults/main.yml new file mode 100644 index 00000000..aca4e879 --- /dev/null +++ b/roles/fog-server/defaults/main.yml @@ -0,0 +1,4 @@ +--- +fog_user: fog +fog_branch: master +fog_dhcp_server: false diff --git a/roles/fog-server/tasks/install.yml b/roles/fog-server/tasks/install.yml new file mode 100644 index 00000000..eed8a3a6 --- /dev/null +++ b/roles/fog-server/tasks/install.yml @@ -0,0 +1,12 @@ +--- +- name: Clone FOG + git: + repo: https://github.com/FOGProject/fogproject.git + dest: "/home/{{ fog_user }}/fog" + version: "{{ fog_branch }}" + +- name: Install FOG + shell: "sudo ./installfog.sh -Y -f /home/{{ fog_user }}/temp_settings" + args: + chdir: "/home/{{ fog_user }}/fog/bin" + become_user: "{{ fog_user }}" diff --git a/roles/fog-server/tasks/main.yml b/roles/fog-server/tasks/main.yml new file mode 100644 index 00000000..17c4de14 --- /dev/null +++ b/roles/fog-server/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- name: Ensure a user for FOG + user: + name: "{{ fog_user }}" + shell: /bin/bash + group: sudo + append: yes + createhome: yes + +- name: Ensure a path for FOG + file: + path: "/home/{{ fog_user }}/fog" + owner: "{{ fog_user }}" + state: directory + +- name: Write temp settings/answer file for FOG + template: + src: temp_settings.j2 + dest: "/home/{{ fog_user }}/temp_settings" + owner: "{{ fog_user }}" + +# Unattended upgrades (of mysql specifically) will break FOG +# https://forums.fogproject.org/topic/10006/ubuntu-is-fog-s-enemy +- name: Make sure unattended-upgrades is not installed + apt: + name: unattended-upgrades + state: absent + when: ansible_os_family == "Debian" + +- name: Check if FOG is already installed + stat: + path: /opt/fog + register: fog_path_found + +- import_tasks: install.yml + when: + - fog_path_found.stat.exists == false + - fog_force == "yes" + +- import_tasks: update.yml + when: + - fog_path_found.stat.exists == true + - fog_force == "yes" + +- name: Clean up temp settings/answer file for FOG + file: + path: "/home/{{ fog_user }}/temp_settings" + state: absent diff --git a/roles/fog-server/tasks/update.yml b/roles/fog-server/tasks/update.yml new file mode 100644 index 00000000..9478859c --- /dev/null +++ b/roles/fog-server/tasks/update.yml @@ -0,0 +1,13 @@ +--- +- name: Update FOG checkout + git: + repo: https://github.com/FOGProject/fogproject.git + dest: "/home/{{ fog_user }}/fog" + version: "{{ fog_branch }}" + update: yes + +- name: Update FOG + shell: "sudo ./installfog.sh -Y -f /home/{{ fog_user }}/temp_settings" + args: + chdir: "/home/{{ fog_user }}/fog/bin" + become_user: "{{ fog_user }}" diff --git a/roles/fog-server/templates/temp_settings.j2 b/roles/fog-server/templates/temp_settings.j2 new file mode 100644 index 00000000..3b99d053 --- /dev/null +++ b/roles/fog-server/templates/temp_settings.j2 @@ -0,0 +1,99 @@ +{% if fog_ipaddress is defined %} +ipaddress='{{ fog_ipaddress }}' +{% else %} +ipaddress='{{ ansible_default_ipv4.address }}' +{% endif %} +{% if fog_interface is defined %} +interface='{{ fog_interface }}' +{% else %} +interface='{{ ansible_default_ipv4.alias }}' +{% endif %} +{% if fog_submask is defined %} +submask='{{ fog_submask }}' +{% else %} +submask='{{ ansible_default_ipv4.netmask }}' +{% endif %} +{% if fog_routeraddress is defined %} +routeraddress='{{ fog_routeraddress }}' +{% else %} +routeraddress='{{ ansible_default_ipv4.gateway }}' +{% endif %} +{% if fog_plainrouter is defined %} +plainrouter='{{ fog_plainrouter }}' +{% else %} +plainrouter='' +{% endif %} +{% if fog_dnsaddress is defined %} +dnsaddress='{{ fog_dnsaddress }}' +{% else %} +dnsaddress='' +{% endif %} +username='{{ fog_user }}' +{% if fog_password is defined %} +password='{{ fog_password }}' +{% endif %} +{% if ansible_os_family == "RedHat" %} +osid='1' +{% elif ansible_os_family == "Debian" %} +osid='2' +{% elif ansible_os_family == "Archlinux" %} +osid='3' +{% endif %} +{% if fog_dhcp_server == true %} +dodhcp='Y' +bldhcp='1' +startrange='{{ fog_startrange }}' +endrange='{{ fog_endrange }}' +{% else %} +dodhcp='N' +bldhcp='0' +startrange='' +endrange='' +{% endif %} +dhcpd='isc-dhcp-server' +blexports='1' +installtype='N' +{% if fog_snmysqluser is defined %} +snmysqluser='{{ fog_snmysqluser }}' +{% else %} +snmysqluser='root' +{% endif %} +{% if fog_snmysqlpass is defined %} +snmysqlpass='{{ fog_snmysqlpass }}' +{% else %} +snmysqlpass='' +{% endif %} +{% if fog_snmysqlhost is defined %} +snmysqlhost='{{ fog_snmysqlhost }}' +{% else %} +snmysqlhost='localhost' +{% endif %} +installlang='0' +{% if fog_images_path is defined %} +storageLocation='{{ fog_images_path }}' +{% else %} +storageLocation='/images' +{% endif %} +fogupdateloaded=1 +{% if fog_docroot is defined %} +docroot='{{ fog_docroot }}' +{% else %} +docroot='/var/www/html/' +{% endif %} +{% if fog_webroot is defined %} +webroot='{{ fog_webroot }}' +{% else %} +webroot='/fog/' +{% endif %} +caCreated='yes' +bootfilename='undionly.kpxe' +noTftpBuild='' +notpxedefaultfile='' +sslpath='/opt/fog/snapins/ssl/' +backupPath='' +sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key' +{% if fog_httpproto is defined %} +httpproto='{{ fog_httpproto }}' +{% else %} +httpproto='http' +{% endif %} diff --git a/roles/gateway/README.rst b/roles/gateway/README.rst new file mode 100644 index 00000000..5cea2e12 --- /dev/null +++ b/roles/gateway/README.rst @@ -0,0 +1,164 @@ +gateway +======= + +This role can be used to set up a new OpenVPN gateway for a Ceph test lab +as well as maintain user access provided a secrets repo is configured. + +This role supports CentOS 7.2 only at this time. Its current intended use +is to maintain the existing OpenVPN gateway in our Sepia_ lab. + +It does the following: +- Configures network devices +- Configures firewalld +- Configures fail2ban +- Installs and updates necessary packages +- Maintains user list + +Prerequisites ++++++++++++++ + +- CentOS 7.2 + +Variables ++++++++++ + +A list of packages to install that is specific to the role. The list is defined in ``roles/gateway/vars/packages.yml``:: + + packages: [] + +A unique name to give to your OpenVPN service. This name is used to organize configuration files and start/stop the service. Defined in the secrets repo:: + + openvpn_server_name: [] + +The directory in which the OpenVPN server CA, keys, certs, and user file should be saved. Defined in the secrets repo:: + + openvpn_data_dir: [] + +Contains paths, file permission (modes), and data to store and maintain OpenVPN CA, cert, key, and main server config. Consult your server.conf on what you should define here. For reference, we have dh1024.pem, server.crt, server.key, tlsauth, and server.conf defined. Defined in the secrets repo:: + + gateway_secrets: [] + + # Example: + gateway_secrets: + - path: "{{ openvpn_data_dir }}/server.crt" + mode: 0644 + data: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + - path: /etc/openvpn/server.conf + mode: 0644 + data: | + script-security 2 + ... + cert {{ openvpn_data_dir }}/server.crt + +A list of users that don't have their ssh pubkey added to the ``teuthology_user`` authorized_keys but still need VPN access:: + + openvpn_users: [] + + # Example: + openvpn_users: + - ovpn: user@host etc... + +The following vars are used to populate ``/etc/resolv.conf``. Defined in the +secrets repo:: + + gw_resolv_search: [] + # Example: gw_resolv_search: "front.example.com" + + gw_resolv_ns: [] + # Example: + gw_resolv_ns: + - 1.2.3.4 + - 8.8.8.8 + +The ``gw_networks`` dictionary assumes you have individual NICs for each +VLAN in your lab. The subelements ``peerdns`` and ``dns{1,2}`` are optional for +all but one NIC. These are what set your nameservers in +``/etc/resolv.conf``. +``dns1`` and ``dns2`` should be defined under a single NIC and ``peerdns`` +should be set to ``"yes"``. ``routes`` is optional but must be formatted as documented in RHEL_ documentation. +Defined in the secrets repo:: + + # Example: + gw_networks: + private: + ifname: "eth0" + mac: "de:ad:be:ef:12:34" + ip4: "192.168.1.100" + netmask: "255.255.240.0" + gw4: "192.168.1.1" + defroute: "yes" + peerdns: "yes" + search "private.example.com" + dns1: "192.168.1.1" + dns2: "8.8.8.8" + routes: | + ADDRESS0=192.168.1.0 + NETMASK0=255.255.240.0 + GATEWAY0=192.168.1.1 + ADDRESS1=172.21.64.0 + NETMASK1=255.255.252.0 + GATEWAY1=192.168.1.1 + public: + ifname: "eth1" + etc... + +The *fail2ban* vars are explained in /etc/fail2ban/jail.conf. We've set +defaults in ``roles/gateway/defaults/main.yml`` but they can be overridden in +the secrets repo:: + + gw_f2b_ignoreip: "127.0.0.1/8" + gw_f2b_bantime: "43200" + gw_f2b_findtime: "600" + gw_f2b_maxretry: "5" + +``gw_f2b_services`` is a dictionary listing services fail2ban should monitor. Defined in +``roles/gateway/defaults/main.yml``. See example below:: + + gw_f2b_services: + sshd: + enabled: "true" + port: "ssh" + logpath: "%(sshd_log)s" + apache: + enabled: "true" + port: "http" + +Tags +++++ + +packages + Install *and update* packages + +users + Update OpenVPN users list + +networking + Configure basic networking (NICs, IP forwarding, resolv.conf) + +firewall + Configure firewalld + +**NOTE:** Ansible v2.1 or later is required for the initial firewall setup as the ``masquerade`` parameter is new to that version. + +fail2ban + Configure fail2ban + +Dependencies +++++++++++++ + +This role depends on the following roles: + +secrets + Provides a var, ``secrets_path``, containing the path of the secrets repository, a tree of ansible variable files. + +To Do ++++++ + +- Support installation of new OpenVPN gateway from scratch +- Generate and pull (to secrets?) CA, keys, and certificates + +.. _Sepia: https://ceph.github.io/sepia/ +.. _RHEL: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-Configuring_Static_Routes_in_ifcfg_files#bh-Static_Routes_Using_the_Network-Netmask_Directives_Format diff --git a/roles/gateway/defaults/main.yml b/roles/gateway/defaults/main.yml new file mode 100644 index 00000000..2ef0f5f0 --- /dev/null +++ b/roles/gateway/defaults/main.yml @@ -0,0 +1,26 @@ +--- +# These defaults are present to allow certain tasks to no-op if a secrets repo +# hasn't been defined. If you want to override these, do so in the secrets repo +# itself. We override these in $repo/ansible/inventory/group_vars/gateway.yml +secrets_repo: + name: UNDEFINED + url: null + +openvpn_server_name: server + +openvpn_data_dir: /etc/openvpn/data + +gw_allow_http: "true" +gw_allow_https: "true" + +# fail2ban-specific vars +gw_f2b_ignoreip: "127.0.0.1/8" +gw_f2b_bantime: "43200" # 12hrs +gw_f2b_findtime: "600" # 10min +gw_f2b_maxretry: "5" + +gw_f2b_services: + sshd: + enabled: "true" + port: "ssh" + logpath: "%(sshd_log)s" diff --git a/roles/gateway/files/openvpn.logrotate b/roles/gateway/files/openvpn.logrotate new file mode 100644 index 00000000..cee4906e --- /dev/null +++ b/roles/gateway/files/openvpn.logrotate @@ -0,0 +1,9 @@ +/var/log/openvpn/*.log { + daily + rotate 90 + compress + missingok + copytruncate + notifempty + create 644 nobody nobody +} diff --git a/roles/gateway/files/openvpn.rsyslog b/roles/gateway/files/openvpn.rsyslog new file mode 100644 index 00000000..97983006 --- /dev/null +++ b/roles/gateway/files/openvpn.rsyslog @@ -0,0 +1,5 @@ +# Log syslog messages matching 'ovpn-' or 'openvpn' to /var/log/openvpn/openvpn.log +if $programname startswith 'ovpn-' or $programname startswith 'openvpn' then /var/log/openvpn/openvpn.log + +# Stop processing matched logs (don't log them anywhere else) +if $programname startswith 'ovpn-' or $programname startswith 'openvpn' then stop diff --git a/roles/gateway/handlers/main.yml b/roles/gateway/handlers/main.yml new file mode 100644 index 00000000..c5d16428 --- /dev/null +++ b/roles/gateway/handlers/main.yml @@ -0,0 +1,30 @@ +--- +# Restart networking +- name: restart networking + service: + name: network + state: restarted + +# Restart fail2ban +- name: restart fail2ban + service: + name: fail2ban + state: restarted + +# Reload fail2ban +- name: reload fail2ban + service: + name: fail2ban + state: reloaded + +# Restart OpenVPN +- name: restart openvpn + service: + name: "openvpn@{{ openvpn_server_name }}" + state: restarted + +# Restart rsyslog +- name: restart rsyslog + service: + name: rsyslog + state: restarted diff --git a/roles/gateway/meta/main.yml b/roles/gateway/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/gateway/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/gateway/tasks/fail2ban.yml b/roles/gateway/tasks/fail2ban.yml new file mode 100644 index 00000000..82ae7547 --- /dev/null +++ b/roles/gateway/tasks/fail2ban.yml @@ -0,0 +1,41 @@ +--- +- name: Write fail2ban defaults conf file + template: + src: templates/f2b.jail.local.j2 + dest: /etc/fail2ban/jail.local + notify: restart fail2ban + +# Set a var equal to our ansible_managed var since ansible_managed +# can't be called directly in the next task. +# See https://github.com/ansible/ansible/issues/11317 +- name: Set f2b_grep_var to ansible_managed string + set_fact: + f2b_grep_var: "This file is managed by ansible, don't make changes here - they will be overwritten." + +# Remove all service files in case a malformed config was previously shipped. +# Malformed service files cause fail2ban to not start. +- name: Clean up ansible-written service conf files + shell: for file in $(grep -l {{ f2b_grep_var|quote }} /etc/fail2ban/jail.d/*); do rm -vf $file; done + register: f2b_rm_out + +# Show what files were deleted +- debug: var=f2b_rm_out.stdout + +- name: Write fail2ban service conf files + template: + src: templates/f2b.service.j2 + dest: "/etc/fail2ban/jail.d/{{ item.key }}.local" + with_dict: "{{ gw_f2b_services }}" + notify: reload fail2ban + +- name: Make sure fail2ban service is running + service: + name: fail2ban + state: started + +- name: Check fail2ban status + shell: fail2ban-client status + register: fail2ban_status + +# Show fail2ban status +- debug: var=fail2ban_status.stdout_lines diff --git a/roles/gateway/tasks/firewall.yml b/roles/gateway/tasks/firewall.yml new file mode 100644 index 00000000..a72d8497 --- /dev/null +++ b/roles/gateway/tasks/firewall.yml @@ -0,0 +1,60 @@ +--- +- name: Make sure iptables isn't running + service: + name: iptables + state: stopped + enabled: false + ignore_errors: true + +- name: Make sure firewalld is enabled + service: + name: firewalld + state: started + enabled: yes + +- name: firewalld | Allow openvpn traffic + firewalld: + service: openvpn + zone: public + state: enabled + permanent: true + immediate: yes + +- name: firewalld | Allow http traffic + firewalld: + service: http + zone: public + state: enabled + permanent: true + immediate: yes + when: gw_allow_http == "true" + +- name: firewalld | Allow https traffic + firewalld: + service: https + zone: public + state: enabled + permanent: true + immediate: yes + when: gw_allow_https =="true" + +# The following two tasks require Ansible v2.1 due to the 'masquerade' +# and 'interface' parameters being new to that version. They only need to be +# run the first time the role is run so it's okay for them to be skipped. +- name: firewalld | Add connection masquerading + firewalld: + masquerade: yes + zone: public + state: enabled + permanent: true + immediate: yes + when: "{{ ansible_version.major }} >= 2 and {{ ansible_version.minor }} >= 1" + +- name: firewalld | Add tun0 to internal zone + firewalld: + zone: internal + interface: tun0 + state: enabled + permanent: true + immediate: yes + when: "{{ ansible_version.major }} >= 2 and {{ ansible_version.minor }} >= 1" diff --git a/roles/gateway/tasks/logging.yml b/roles/gateway/tasks/logging.yml new file mode 100644 index 00000000..8c7126b6 --- /dev/null +++ b/roles/gateway/tasks/logging.yml @@ -0,0 +1,20 @@ +--- +- name: Create log directory + file: + path: /var/log/openvpn + state: directory + +- name: Set log dir SELinux context + command: restorecon -R /var/log/openvpn + +- name: Write logrotate conf file + copy: + src: files/openvpn.logrotate + dest: /etc/logrotate.d/openvpn + notify: restart rsyslog + +- name: Write rsyslog conf file + copy: + src: files/openvpn.rsyslog + dest: /etc/rsyslog.d/20-openvpn.conf + notify: restart rsyslog diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml new file mode 100644 index 00000000..d993f94e --- /dev/null +++ b/roles/gateway/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Include secrets + include_vars: "{{ secrets_path | mandatory }}/gateway.yml" + no_log: true + tags: + - always + +# Install and update system packages +- import_tasks: packages.yml + tags: + - packages + +# Configure networking +- import_tasks: network.yml + tags: + - networking + +# Configure firewalld +- import_tasks: firewall.yml + tags: + - firewall + +# Configure fail2ban +- import_tasks: fail2ban.yml + tags: + - fail2ban + +- name: Ensure data directory exists + file: + path: "{{ openvpn_data_dir }}" + state: directory + mode: 0755 + +# Manage OpenVPN users list using secrets repo +- import_tasks: users.yml + tags: + - users + +- name: Write OpenVPN secrets + copy: + content: "{{ item.data }}" + dest: "{{ item.path }}" + mode: "{{ item.mode }}" + with_items: "{{ gateway_secrets }}" + no_log: true + notify: restart openvpn + +# Configure logging +- import_tasks: logging.yml + tags: + - logging + +- name: Make sure OpenVPN service is running and enabled + service: + name: "openvpn@{{ openvpn_server_name }}" + state: started + enabled: yes diff --git a/roles/gateway/tasks/network.yml b/roles/gateway/tasks/network.yml new file mode 100644 index 00000000..b61c8d19 --- /dev/null +++ b/roles/gateway/tasks/network.yml @@ -0,0 +1,43 @@ +--- +- name: Write ifcfg scripts + template: + src: ifcfg.j2 + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.value.ifname }}" + with_dict: "{{ gw_networks }}" + register: interfaces + +- name: Write additional routes + copy: + content: "{{ item.value.routes }}" + dest: "/etc/sysconfig/network-scripts/route-{{ item.value.ifname }}" + with_dict: "{{ gw_networks }}" + when: item.value.routes is defined + +# Restart networking right away if changes made. This makes sure +# the public interface is up and ready for OpenVPN to bind to. +- name: Restart networking + service: + name: network + state: restarted + when: interfaces.changed + +- name: Write resolv.conf + template: + src: resolvconf.j2 + dest: "/etc/resolv.conf" + +- name: Disable IPv6 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + sysctl_set: yes + state: present + reload: yes + +- name: Enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: 1 + sysctl_set: yes + state: present + reload: yes diff --git a/roles/gateway/tasks/packages.yml b/roles/gateway/tasks/packages.yml new file mode 100644 index 00000000..9c5751bd --- /dev/null +++ b/roles/gateway/tasks/packages.yml @@ -0,0 +1,9 @@ +--- +- name: Include gateway package list + include_vars: packages.yml + +- name: Install and update packages + yum: + name: "{{ packages|list }}" + state: latest + enablerepo: epel diff --git a/roles/gateway/tasks/users.yml b/roles/gateway/tasks/users.yml new file mode 100644 index 00000000..00d071bc --- /dev/null +++ b/roles/gateway/tasks/users.yml @@ -0,0 +1,21 @@ +--- +- name: Populate list of OpenVPN users + set_fact: + openvpn_users: + "{{ admin_users|list + lab_users|list + openvpn_users|list }}" + +- name: Update users file + template: + src: users.j2 + dest: "{{ openvpn_data_dir }}/users" + owner: root + group: root + mode: 0644 + +- name: Upload auth-openvpn script + template: + src: auth-openvpn + dest: "{{ openvpn_data_dir }}/auth-openvpn" + owner: root + group: root + mode: 0755 diff --git a/roles/gateway/templates/auth-openvpn b/roles/gateway/templates/auth-openvpn new file mode 100644 index 00000000..dec071e6 --- /dev/null +++ b/roles/gateway/templates/auth-openvpn @@ -0,0 +1,93 @@ +#!/usr/bin/python3 + +import hashlib +import logging +import logging.handlers +import os +import re +import sys +import time + +log = logging.getLogger('auth-openvpn') + +def authenticate(): + # annoy attackers + time.sleep(1) + + path = sys.argv[1] + with open(path, 'rb') as f: + user = f.readline(8192) + assert user.endswith(b'\n') + user = user[:-1] + assert user + secret = f.readline(8192) + assert secret.endswith(b'\n') + secret = secret[:-1] + assert secret + + # From openvpn(8): + # + # To protect against a client passing a maliciously formed username or + # password string, the username string must consist only of these + # characters: alphanumeric, underbar ('_'), dash ('-'), dot ('.'), or + # at ('@'). The password string can consist of any printable + # characters except for CR or LF. Any illegal characters in either the + # username or password string will be converted to underbar ('_'). + # + # We'll just redo that quickly for usernames, to ensure they are safe. + + user = re.sub(rb'[^a-zA-Z0-9_.@-]', '_', user) + + def find_user(wanted): + with open('{{ openvpn_data_dir }}/users', 'rb') as f: + for line in f: + assert line.endswith(b'\n') + line = line[:-1] + if line.startswith(b'#') or len(line) == 0: + continue + (username, salt, correct) = line.split(b' ', 2) + if username == wanted: + return (salt, correct) + + # these will never match + log.error('User not found: %r', wanted) + salt = b'not-found' + correct = 64*b'x' + return (salt, correct) + + (salt, correct) = find_user(user) + + inner = hashlib.new('sha256') + inner.update(salt) + inner.update(secret) + outer = hashlib.new('sha256') + outer.update(inner.digest()) + outer.update(salt) + attempt = outer.hexdigest().encode() + + if attempt != correct: + log.error('{prog}: invalid auth for user {user!r}.'.format(prog=os.path.basename(sys.argv[0]), user=user)) + sys.exit(1) + +def main(): + handler = logging.handlers.SysLogHandler( + address='/dev/log', + facility=logging.handlers.SysLogHandler.LOG_DAEMON, + ) + fmt = logging.Formatter('%(name)s: %(message)s') + handler.setFormatter(fmt) + logging.basicConfig() + root = logging.getLogger('') + root.addHandler(handler) + log.setLevel(logging.INFO) + + try: + authenticate() + except SystemExit: + raise + except: + log.exception('Unhandled error: ') + raise + +if __name__ == '__main__': + sys.exit(main()) diff --git a/roles/gateway/templates/f2b.jail.local.j2 b/roles/gateway/templates/f2b.jail.local.j2 new file mode 100644 index 00000000..335483bc --- /dev/null +++ b/roles/gateway/templates/f2b.jail.local.j2 @@ -0,0 +1,8 @@ +# +# {{ ansible_managed }} +# +[DEFAULT] +ignoreip = {{ gw_f2b_ignoreip }} +bantime = {{ gw_f2b_bantime }} +findtime = {{ gw_f2b_findtime }} +maxretry = {{ gw_f2b_maxretry }} diff --git a/roles/gateway/templates/f2b.service.j2 b/roles/gateway/templates/f2b.service.j2 new file mode 100644 index 00000000..863305b2 --- /dev/null +++ b/roles/gateway/templates/f2b.service.j2 @@ -0,0 +1,9 @@ +# +# {{ ansible_managed }} +# +[{{ item.key }}] +enabled = {{ item.value.enabled }} +port = {{ item.value.port }} +{% if item.value.logpath is defined %} +logpath = {{ item.value.logpath }} +{% endif %} diff --git a/roles/gateway/templates/ifcfg.j2 b/roles/gateway/templates/ifcfg.j2 new file mode 100644 index 00000000..36a564d5 --- /dev/null +++ b/roles/gateway/templates/ifcfg.j2 @@ -0,0 +1,27 @@ +# +# {{ ansible_managed }} +# +NAME="{{ item.key }}" +DEVICE="{{ item.value.ifname }}" +HWADDR="{{ item.value.mac }}" +NM_CONTROLLED="no" +ONBOOT="yes" +BOOTPROTO="static" +IPADDR="{{ item.value.ip4 }}" +NETMASK="{{ item.value.netmask }}" +GATEWAY="{{ item.value.gw4 }}" +DEFROUTE="{{ item.value.defroute }}" + +# Optional values +{% if item.value.search is defined %} +SEARCH="{{ item.value.search }}" +{% endif %} +{% if item.value.peerdns is defined %} +PEERDNS="{{ item.value.peerdns }}" +{% endif %} +{% if item.value.dns1 is defined %} +DNS1="{{ item.value.dns1 }}" +{% endif %} +{% if item.value.dns2 is defined %} +DNS2="{{ item.value.dns2 }}" +{% endif %} diff --git a/roles/gateway/templates/resolvconf.j2 b/roles/gateway/templates/resolvconf.j2 new file mode 100644 index 00000000..71ded309 --- /dev/null +++ b/roles/gateway/templates/resolvconf.j2 @@ -0,0 +1,7 @@ +# +# {{ ansible_managed }} +# +search {{ gw_resolv_search }} +{% for nameserver in gw_resolv_ns %} +nameserver {{ nameserver }} +{% endfor %} diff --git a/roles/gateway/templates/users.j2 b/roles/gateway/templates/users.j2 new file mode 100644 index 00000000..e1dda586 --- /dev/null +++ b/roles/gateway/templates/users.j2 @@ -0,0 +1,6 @@ +# +# {{ ansible_managed }} +# +{% for user in openvpn_users %} +{{ user.ovpn }} +{% endfor %} diff --git a/roles/gateway/vars/packages.yml b/roles/gateway/vars/packages.yml new file mode 100644 index 00000000..3e9466f9 --- /dev/null +++ b/roles/gateway/vars/packages.yml @@ -0,0 +1,17 @@ +--- +packages: + ## misc tools + - vim + - wget + - mlocate + - ipmitool + - git + - fail2ban + - fail2ban-firewalld + - network-scripts + ## VPN-specific stuff + - openvpn + - easy-rsa + ## monitoring + - nrpe + - nagios-plugins-all diff --git a/roles/grafana_agent/defaults/main.yml b/roles/grafana_agent/defaults/main.yml new file mode 100644 index 00000000..2df6f91f --- /dev/null +++ b/roles/grafana_agent/defaults/main.yml @@ -0,0 +1,16 @@ +--- +# Mimir URL and creds +agent_mimir_url: "http://sepia-grafana.front.sepia.ceph.com:9009/api/v1/push" +agent_mimir_username: "admin" +grafana_apt_repo_url: "https://apt.grafana.com" +grafana_apt_repo_key_url: "https://apt.grafana.com/gpg.key" +grafana_rpm_repo_url: "https://rpm.grafana.com" +grafana_rpm_repo_key_url: "https://rpm.grafana.com/gpg.key" + +scrape_interval_global: "60s" +scrape_interval_node: "30s" + +# Selinux packages +useradd_selinux_packages: + - policycoreutils + - checkpolicy diff --git a/roles/grafana_agent/files/grafana/customuseradd.te b/roles/grafana_agent/files/grafana/customuseradd.te new file mode 100644 index 00000000..bbded822 --- /dev/null +++ b/roles/grafana_agent/files/grafana/customuseradd.te @@ -0,0 +1,12 @@ +module customuseradd 1.0; + +require { + type useradd_t; + type var_lib_t; + class file { execute read create write getattr setattr +open }; +} + +#============= useradd_t ============== + +allow useradd_t var_lib_t:file { write create open setattr getattr }; diff --git a/roles/grafana_agent/handlers/main.yml b/roles/grafana_agent/handlers/main.yml new file mode 100644 index 00000000..169e45fd --- /dev/null +++ b/roles/grafana_agent/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: "Restart grafana agent instance" + become: true + ansible.builtin.service: + name: "grafana-agent" + state: "restarted" diff --git a/roles/grafana_agent/meta/main.yml b/roles/grafana_agent/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/grafana_agent/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/grafana_agent/tasks/main.yml b/roles/grafana_agent/tasks/main.yml new file mode 100644 index 00000000..ba3d209c --- /dev/null +++ b/roles/grafana_agent/tasks/main.yml @@ -0,0 +1,88 @@ +--- +- name: Include secrets + include_vars: "{{ secrets_path | mandatory }}/mimir_password.yml" + no_log: true + tags: + - always + +- name: Gather facts on listening ports + community.general.listen_ports_facts: + +# Resolving selinux conflicts +- import_tasks: useradd-selinux.yml + when: ansible_os_family == "RedHat" + +- name: Check if prometheus is listening on port 9090 + ansible.builtin.debug: + msg: The {{ item.name }} service - pid {{ item.pid }} is running on same port as grafana-agent please set {{ item.name }} to listen on a diffrent port than {{ item.port }} + vars: + tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('name', 'in', tcp_whitelist) | list }}" + tcp_whitelist: + - prometheus + loop: "{{ tcp_listen_violations }}" + failed_when: true + +- name: "Ensure that path /etc/apt/keyrings exists" + become: true + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + force: true + when: ansible_pkg_mgr == "apt" + register: keyrings_exists + +- name: "Import Grafana GPG key" + become: true + ansible.builtin.get_url: + url: "{{ grafana_apt_repo_key_url }}" + dest: /etc/apt/keyrings/grafana.gpg + mode: '0644' + force: true + when: ansible_pkg_mgr == "apt" and keyrings_exists is defined + +- name: Ensure downloaded file for key is a binary keyring + shell: "cat /etc/apt/keyrings/grafana.gpg | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null" + when: ansible_pkg_mgr == "apt" + +- name: "Add Grafana's repository to APT sources list" + become: true + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/grafana.gpg] {{ grafana_apt_repo_url }} stable main" + state: present + when: ansible_pkg_mgr == "apt" + +- name: "Add Grafana's repository to yum/dnf systems" + become: true + ansible.builtin.yum_repository: + baseurl: "{{ grafana_rpm_repo_url }}" + name: "grafana" + description: "grafana" + gpgcheck: true + gpgkey: "{{ grafana_rpm_repo_key_url }}" + state: present + when: ansible_os_family == "RedHat" + +- name: "Install grafana-agent" + become: true + ansible.builtin.package: + name: "grafana-agent" + state: "present" + +- name: "Enable grafana-agent" + become: true + ansible.builtin.service: + name: "grafana-agent" + state: "started" + enabled: true + +# Deploy config file from template and restart the agent +- name: "Configure agent" + become: true + ansible.builtin.template: + src: "templates/grafana-agent.yaml.j2" + dest: "/etc/grafana-agent.yaml" + mode: "0440" + owner: "root" + group: "grafana-agent" + notify: "Restart grafana agent instance" diff --git a/roles/grafana_agent/tasks/useradd-selinux.yml b/roles/grafana_agent/tasks/useradd-selinux.yml new file mode 100644 index 00000000..85e57a25 --- /dev/null +++ b/roles/grafana_agent/tasks/useradd-selinux.yml @@ -0,0 +1,38 @@ +--- +- name: useradd - Install SELinux dependencies + package: + name: "{{ useradd_selinux_packages|list }}" + state: present + +# ignore_errors in case we don't have any repos +- name: useradd - Ensure SELinux policy is up to date + package: + name: selinux-policy-targeted + state: latest + ignore_errors: true + +- name: useradd - Copy SELinux type enforcement file + copy: + src: grafana/customuseradd.te + dest: /tmp/customuseradd.te + +- name: useradd - Compile SELinux module file + command: checkmodule -M -m -o /tmp/customuseradd.mod /tmp/customuseradd.te + +- name: useradd - Build SELinux policy package + command: semodule_package -o /tmp/customuseradd.pp -m /tmp/customuseradd.mod + +- name: useradd - Load SELinux policy package + command: semodule -i /tmp/customuseradd.pp + +- name: useradd - Remove temporary files + file: + path: /tmp/customuseradd.* + state: absent + +- name: Verify SELinux module is installed + command: semodule -l + register: semodule_list + changed_when: false + failed_when: "'customuseradd' not in semodule_list.stdout" + diff --git a/roles/grafana_agent/templates/grafana-agent.yaml.j2 b/roles/grafana_agent/templates/grafana-agent.yaml.j2 new file mode 100644 index 00000000..f58250c5 --- /dev/null +++ b/roles/grafana_agent/templates/grafana-agent.yaml.j2 @@ -0,0 +1,33 @@ +server: + log_level: info + +metrics: + global: + remote_write: + - url: {{ agent_mimir_url }} + basic_auth: + username: {{ agent_mimir_username }} + password: {{ agent_mimir_password }} + queue_config: + max_backoff: 5m + external_labels: + nodetype: unknown_nodetype + ingest_instance: {{ inventory_hostname }} + scrape_interval: {{ scrape_interval_global }} + configs: + - name: {{ inventory_hostname }} + scrape_configs: + - job_name: 'grafana-agent-exporter' + relabel_configs: + - source_labels: [__address__] + target_label: instance + replacement: {{ inventory_hostname }} + +integrations: + node_exporter: + enabled: true + scrape_interval: {{ scrape_interval_node }} + instance: {{ inventory_hostname }} + rootfs_path: / + sysfs_path: /sys + procfs_path: /proc diff --git a/roles/long_running_cluster/tasks/logrotate.yml b/roles/long_running_cluster/tasks/logrotate.yml new file mode 100644 index 00000000..19ef8170 --- /dev/null +++ b/roles/long_running_cluster/tasks/logrotate.yml @@ -0,0 +1,19 @@ +--- +# Because of the high debug level enabled for LRC daemons, the root drives +# fill up rather quickly. The drives fill up before the daily logrotate can +# run so we rotate every 6 hours and keep 3 days worth. This can be adjusted +# as needed. + +- name: "Write custom ceph logrotate config" + template: + src: ceph-common.logrotate + dest: /etc/logrotate.d/cm-ansible-ceph-common + when: lrc_fsid is not defined + +- name: "Create cronjob to logrotate every 6 hours" + cron: + name: "Logrotate ceph logs every 6 hours" + minute: "25" + hour: "0,6,12,18" + job: "/usr/sbin/logrotate -f /etc/logrotate.d/{{ lrc_fsid|default('cm-ansible-ceph-common') }}" + user: root diff --git a/roles/long_running_cluster/tasks/main.yml b/roles/long_running_cluster/tasks/main.yml new file mode 100644 index 00000000..d298c050 --- /dev/null +++ b/roles/long_running_cluster/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# We only need to install nagios checks on MON nodes +- name: Check if MON node + command: "systemctl status ceph-mon@{{ ansible_hostname }}" + ignore_errors: true + changed_when: false + register: mon_service_status + +- import_tasks: nagios.yml + when: mon_service_status.rc == 0 + +- import_tasks: logrotate.yml + tags: + - logrotate diff --git a/roles/long_running_cluster/tasks/nagios.yml b/roles/long_running_cluster/tasks/nagios.yml new file mode 100644 index 00000000..88e6bcdb --- /dev/null +++ b/roles/long_running_cluster/tasks/nagios.yml @@ -0,0 +1,36 @@ +--- +- name: Clone ceph-nagios-plugins on MON nodes + git: + repo: https://github.com/ceph/ceph-nagios-plugins.git + dest: "{{ nagios_plugins_directory }}/ceph-nagios-plugins" + update: yes + +- name: Make install ceph-nagios-plugins + shell: "cd /tmp/ceph-nagios-plugins && make libdir={{ nagios_plugins_directory|replace('/nagios/plugins', '') }} install" + +- name: Check for nagios ceph keyring + stat: + path: /etc/ceph/client.nagios.keyring + register: nagios_keyring + +- name: Create nagios ceph keyring + shell: "ceph auth get-or-create client.nagios mon 'allow r' > /etc/ceph/client.nagios.keyring && chown ceph:ceph /etc/ceph/client.nagios.keyring" + when: nagios_keyring.stat.exists == false + +- name: Write nrpe config for ceph health checks + lineinfile: + dest: /etc/nagios/nrpe_local.cfg + regexp: '.*check_ceph_health.*' + line: "command[check_ceph_health]={{ nagios_plugins_directory }}/check_ceph_health --name client.nagios -k /etc/ceph/client.nagios.keyring --whitelist 'failing to respond to cache pressure|requests are blocked'" + state: present + create: yes + notify: restart nagios-nrpe-server + +- name: Write nrpe config for ceph cluster capacity + lineinfile: + dest: /etc/nagios/nrpe_local.cfg + regexp: '.*check_ceph_df.*' + line: "command[check_ceph_df]={{ nagios_plugins_directory }}/check_ceph_df --name client.nagios -k /etc/ceph/client.nagios.keyring --pool data --warn 90 --critical 95" + state: present + create: yes + notify: restart nagios-nrpe-server diff --git a/roles/long_running_cluster/templates/ceph-common.logrotate b/roles/long_running_cluster/templates/ceph-common.logrotate new file mode 100644 index 00000000..53d82397 --- /dev/null +++ b/roles/long_running_cluster/templates/ceph-common.logrotate @@ -0,0 +1,12 @@ +# {{ ansible_managed }} +/var/log/ceph/*.log { + rotate 6 + compress + sharedscripts + postrotate + killall -q -1 ceph-mon ceph-mgr ceph-mds ceph-osd ceph-fuse radosgw || pkill -1 -x "ceph-mon|ceph-mgr|ceph-mds|ceph-osd|ceph-fuse|radosgw" || true + endscript + missingok + notifempty + su root ceph +} diff --git a/roles/maas/README.md b/roles/maas/README.md new file mode 100644 index 00000000..e504a0af --- /dev/null +++ b/roles/maas/README.md @@ -0,0 +1,156 @@ +# Ansible Playbook: MAAS Installation and Configuration + +This Ansible playbook automates the installation and initial configuration of [MAAS (Metal as a Service)](https://maas.io/) on Ubuntu-based systems. + +## Features + +- Installs MAAS packages +- Initializes MAAS with a default user with High Availability +- Configures networking (DHCP, DNS, etc.) +- Adds Machines from inventory into MAAS + +## Requirements + +- Ansible 2.10+ +- Ubuntu 20.04 or later on the target system(s) +- Sudo access on target host +- Internet access (for downloading MAAS packages and images) +- At least 2 Nodes to deploy MAAS with High Availability + +## Inventory + +Define your inventory in `hosts.ini` with the following structure: + +```ini +[maas_region_rack_server] +test1 ip=172.x.x.x ipmi=10.0.8.x mac=08:00:27:ed:43:x + +[maas_rack_server] +test2 ip=172.x.x.x ipmi=10.0.8.x mac=08:00:27:ed:43:x + +[maas_db_server] +test1 ip=172.x.x.x ipmi=10.0.8.x mac=08:00:27:ed:43:x + +You can do this installation with 3 or 2 nodes depending on your needs. +If you want to use a dedicated DB server you can just put it in the maas_db_server group, use a different server in maas_region_rack_server and another in maas_rack_server. +Or if you want to simplify and you dont mind to use your maas server as DB server too, you can use the same node in maas_db_server and in maas_region_rack_server, as they are different services and use different ports they can be installed on the same node. This way you use only 2 nodes for the installation the db+region+rack server and the secondary rack for high availability. + +The systems you want to add into MAAS should be on a group called [testnodes] with the same structure. + +## Variables + +You can configure the playbook via group_vars/maas.yml in the secret repo or defaults/main.yml. Common variables include: +maas_admin_username: "admin" +maas_admin_password: "adminpass" +maas_admin_email: "admin@example.com" +maas_db_name: "maasdb" +maas_db_user: "maas" +maas_db_password: "maaspassword" +maas_version: "3.5" + +NTP variables include: +maas_ntp_servers: "ntp.ubuntu.com" # NTP servers, specified as IP addresses or hostnames delimited by commas and/or spaces, to be used as time references for MAAS itself, the machines MAAS deploys, and devices that make use of MAAS's DHCP services. MAAS uses ntp.ubuntu.com by default. You can put a single server or multiple servers. +maas_ntp_external_only: "false" # Configure all region controller hosts, rack controller hosts, and subsequently deployed machines to refer directly to the configured external NTP servers. Otherwise only region controller hosts will be configured to use those external NTP servers, rack contoller hosts will in turn refer to the regions' NTP servers, and deployed machines will refer to the racks' NTP servers. The value of this variable can be true or false. + +DNS variables include: +dns_domains: # This is the list of domains you want to create, in this case we have 2 domains, but you can list here all the domains you need. + - ceph: Static primary domain (e.g., `front.sepia.ceph.com`). + - ipmi: Static IPMI domain (`ipmi.sepia.ceph.com`). +default_domains: List of domains to preserve/ignore (default: `["maas"]`). The default domain is a DNS domain that is used by maas when you deploy a machine it is used by maas for internal dns records so we choose to exclude it from our ansible role. + +DHCP variables include: +dhcp_maas_global: + - ddns-update-style: none + - default-lease-time: 43200 + - max-lease-time: 172800 + - one-lease-per-client: "true" + +This list will be used to populate the global DHCP snippet. You can add additional keys and values. Just make sure they follow the syntax required for dhcpd.conf. +The global configuration is optional, so you can just remove the elements of the list if you do not need them. + +dhcp_maas_subnets: #This is a list of dictionaries, you can list here all the subnets you want to configure and use any name you want in this case we use front and back but you can include here any other or change the names. + front: + cidr: 10.0.8.0/24 + ipvar: ip + macvar: mac + start_ip: 10.0.8.10 + end_ip: 10.0.8.20 + ip_range_type: dynamic + classes: + virtual: "match if substring(hardware, 0, 4) = 01:52:54:00" + lxc: "match if substring(hardware, 0, 4) = 01:52:54:ff" + pools: + virtual: + range: 172.21.10.20 172.21.10.250 + unknown_clients: + range: + - 172.21.11.0 172.21.11.19 + - 172.21.13.170 172.21.13.250 + lxc: + range: 172.21.14.1 172.21.14.200 + back: + cidr: 172.21.16.0/20 + ipvar: back + macvar: backmac + start_ip: 172.21.16.10 + end_ip: 172.21.16.20 + ip_range_type: dynamic + +This is large dictionary that gets parsed out into individual snippet files. Each top-level key (front and back in the example) will get its own snippet file created. + +Under each subnet, cidr, ipvar, and macvar are required. ipvar and macvar tell the Jinja2 template which IP address and MAC address should be used for each host in each subnet snippet, the value of these variables should be the name of the variable that holds the ip address and mac address, respectively (for hosts that have more than one interface). That is, you might have "ipfront=1.2.3.4 ipback=5.6.7.8", and for the front subnet, 'ipvar' would be set to 'ipfront', and for the back network, 'ipvar' would be set to 'ipback', if those variables are not defined in the inventory then that host will not be included into the subnet configuration. + +Here's a line from our Ansible inventory host file + +smithi001.front.sepia.ceph.com mac=0C:C4:7A:BD:15:E8 ip=172.21.15.1 ipmi=172.21.47.1 bmc=0C:C4:7A:6E:21:A7 + +This will result in a static lease for smithi001-front with IP 172.21.15.1 and MAC 0C:C4:7A:BD:15:E8 in front_hosts snippet and a smithi001-ipmi entry with IP 172.21.47.1 with MAC 0C:C4:7A:6E:21:A7 in ipmi_hosts snippet. + +start_ip, end_ip and ip_range_type are required too in order to create an IP range. MAAS needs a range in order to enable DHCP on the subnet. In this case the ip_range_type is configured as dynamic, it could be dynamic or static. + +The classes are optional, they are groups of DHCP clients defined by specific criteria, allowing the possibility to apply custom DHCP options or behaviors to those groups. This enables more granular control over how DHCP services are delivered to different client types, like assigning specific IP addresses or configuring other network parameters based on device type or other characteristics. In this case we have virtual and lxc but you can include here any group you want with any name. In our specific case we are including into these groups hosts that match with an specific mac address criteria. + +The pools are optional too, they are ranges of IP addresses that a DHCP server uses to automatically assign to DHCP clients on a network. These addresses are dynamically allocated, meaning they are leased to clients for a specific duration and can be reclaimed when no longer in use. DHCP pools allow for efficient IP address management and are essential for networks where devices are frequently added or moved. In the example above we are using pools to assign IPs to the classes we just defined and to the unknown_clients which are servers that are not defined into the DHCP config file. + +## Usage + +1. Clone the repository: + +git clone https://github.com/ceph/ceph-cm-ansible.git +cd ceph-cm-ansible + +2. Update inventory and variables. + +3. Run the playbook: + +ansible-playbook maas.yml + +## Role Structure + +maas + ├── defaults + │   └── main.yml + ├── meta + │   └── main.yml + ├── README.md + ├── tasks + │   ├── add_machines.yml + │   ├── config_dhcpd_subnet.yml + │   ├── config_dns.yml + │   ├── config_ntp.yml + │   ├── initialize_region_rack.yml + │   ├── initialize_secondary_rack.yml + │   ├── install_maasdb.yml + │   └── main.yml + └── templates + ├── dhcpd.classes.snippet.j2 + ├── dhcpd.global.snippet.j2 + ├── dhcpd.hosts.snippet.j2 + └── dhcpd.pools.snippet.j2 + +## Tags + +- install_maas #Install MAAS and postgreSQL only and initializes the region+rack server and the secondary rack. +- add-machines #Add Machines to MAAS only if they are not already present. +- config_dhcp #Configures DHCP options only if there are any change in the DHCP variables. +- config_dns #Configure DNS domains and add the DNS Records that are not currently into a domain. diff --git a/roles/maas/defaults/main.yml b/roles/maas/defaults/main.yml new file mode 100644 index 00000000..5c900e7e --- /dev/null +++ b/roles/maas/defaults/main.yml @@ -0,0 +1,36 @@ +--- +# MAAS user and database variables +maas_admin_username: "admin" +maas_db_name: "maasdb" +maas_db_user: "maas" +postgres_version: "16" + +#General variables +maas_version: "3.6" +maas_install_method: "apt" +maas_home_dir: "/home/ubuntu/maas" +global_kernel_opt: "console=tty0 console=ttyS1,115200" + +# DNS variables +default_domains: + - "maas" + +maas_dns_domains: + ceph: "front.sepia.ceph.com" + ipmi: "ipmi.sepia.ceph.com" + +# NTP variables +maas_ntp_servers: "ntp.ubuntu.com" +maas_ntp_external_only: "false" + +# Users variables +keys_repo: "https://github.com/ceph/keys" +keys_branch: main +keys_repo_path: "~/.cache/src/keys" + +# Should MAAS mark machines broken in order to update their network interface configurations in MAAS? +maas_force_machine_update: false + +# Override in secrets +maas_ipmi_username: ADMIN +maas_ipmi_password: ADMIN diff --git a/roles/maas/handlers/main.yml b/roles/maas/handlers/main.yml new file mode 100644 index 00000000..1e407788 --- /dev/null +++ b/roles/maas/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- include_tasks: _auth_header.yml + listen: "Rebuild MAAS machine indexes" + +- name: Read machines from MAAS (handler) + listen: "Rebuild MAAS machine indexes" + include_tasks: machines/_read_machines.yml + +- name: Build machine indexes (handler) + listen: "Rebuild MAAS machine indexes" + include_tasks: machines/_build_indexes.yml diff --git a/roles/maas/meta/main.yml b/roles/maas/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/maas/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/maas/tasks/_auth_header.yml b/roles/maas/tasks/_auth_header.yml new file mode 100644 index 00000000..71c65a6b --- /dev/null +++ b/roles/maas/tasks/_auth_header.yml @@ -0,0 +1,18 @@ +--- +# Build a FRESH OAuth header using the pre-encoded pieces from the pretasks. +# Requires: maas_ck_enc, maas_tk_enc, maas_sig_enc (set in api_auth_pretasks.yml) + +- name: Build OAuth header (fresh nonce/timestamp) + vars: + _nonce: "{{ lookup('community.general.random_string', length=24, upper=false, special=false) }}" + _ts: "{{ lookup('pipe', 'date +%s') }}" + set_fact: + maas_auth_header: >- + OAuth oauth_version="1.0", + oauth_signature_method="PLAINTEXT", + oauth_consumer_key="{{ maas_ck_enc }}", + oauth_token="{{ maas_tk_enc }}", + oauth_signature="{{ maas_sig_enc }}", + oauth_nonce="{{ _nonce | urlencode }}", + oauth_timestamp="{{ _ts }}" +# no_log: true diff --git a/roles/maas/tasks/add_users.yml b/roles/maas/tasks/add_users.yml new file mode 100644 index 00000000..c0cf8a6d --- /dev/null +++ b/roles/maas/tasks/add_users.yml @@ -0,0 +1,53 @@ +--- +- name: Add all users from inventory variables to MAAS + when: inventory_hostname in groups['maas_region_rack_server'] + tags: add_users + block: + - name: Get existing users in MAAS + command: "maas {{ maas_admin_username }} users read" + register: existing_users + + - name: Extract existing usernames + set_fact: + existing_usernames: "{{ existing_users.stdout | from_json | map(attribute='username') | list }}" + + - name: Create all admin users. + command: "maas {{ maas_admin_username }} users create username={{ item.name }} email={{ item.email }} password={{ item.name}}temp is_superuser=1" + with_items: "{{ admin_users }}" + when: item.name not in existing_usernames + + - name: Merge admin_users and lab_users + set_fact: + pubkey_users: "{{ admin_users|list }}" #+ lab_users|list }}" + + - name: Clone the keys repo + local_action: + module: git + repo: "{{ keys_repo }}" + version: "{{ keys_branch }}" + force: yes + dest: "{{ keys_repo_path }}" + become: false + when: keys_repo is defined + connection: local + run_once: true + register: clone_keys + until: clone_keys is success + retries: 5 + delay: 10 + + - name: Update authorized_keys using the keys repo + vars: + user: "{{ item.name }}" + key: "{{ lookup('file', keys_repo_path + '/ssh/' + item.name + '.pub') }}" + command: "maas {{ maas_admin_username }} sshkeys create user={{ user }} key='{{ key }}'" + with_items: "{{ pubkey_users }}" + when: item.key is undefined and keys_repo is defined + + - name: Update authorized_keys for each user with literal keys + vars: + user: "{{ item.name }}" + key: "{{ item.key }}" + command: "maas {{ maas_admin_username }} sshkeys create user={{ user }} key='{{ key }}'" + with_items: "{{ pubkey_users }}" + when: item.key is defined diff --git a/roles/maas/tasks/api_auth_pretasks.yml b/roles/maas/tasks/api_auth_pretasks.yml new file mode 100644 index 00000000..7ae8f956 --- /dev/null +++ b/roles/maas/tasks/api_auth_pretasks.yml @@ -0,0 +1,23 @@ +--- +# Parse the MAAS API key ONCE and pre-encode the static OAuth pieces. + +- name: Bail if no MAAS key + assert: + that: + - maas_api_key is defined + - (maas_api_key | length) > 0 + fail_msg: "maas_api_key not available." + +# Split key: :: +- name: Parse MAAS API key once + set_fact: + maas_ck_raw: "{{ (maas_api_key.split(':'))[0] }}" + maas_tk_raw: "{{ (maas_api_key.split(':'))[1] }}" + maas_ts_raw: "{{ (maas_api_key.split(':'))[2] }}" + +# Pre-encode static values used in every header +- name: Pre-encode OAuth static pieces + set_fact: + maas_ck_enc: "{{ maas_ck_raw | urlencode }}" + maas_tk_enc: "{{ maas_tk_raw | urlencode }}" + maas_sig_enc: "{{ ('&' ~ maas_ts_raw) | urlencode }}" diff --git a/roles/maas/tasks/config_dhcpd_subnet.yml b/roles/maas/tasks/config_dhcpd_subnet.yml new file mode 100644 index 00000000..dd44bd7f --- /dev/null +++ b/roles/maas/tasks/config_dhcpd_subnet.yml @@ -0,0 +1,173 @@ +--- +- name: Configure MAAS DHCP + when: inventory_hostname in groups['maas_region_rack_server'] + tags: config_dhcp + block: + # This section enables DHCP on the subnets included into the secrets repo group_vars and creates an IP range for them + - name: Read maas ipranges + command: "maas {{ maas_admin_username }} ipranges read" + register: ip_ranges_raw + + - name: Parse IP range JSON + set_fact: + existing_start_ips: "{{ ip_ranges_raw.stdout | from_json | map(attribute='start_ip') | list }}" + existing_end_ips: "{{ ip_ranges_raw.stdout | from_json | map(attribute='end_ip') | list }}" + +# - name: Create IP Range for {{ subnet_name }} subnet +# command: "maas {{ maas_admin_username }} ipranges create type={{ subnet_data.ip_range_type }} start_ip={{ subnet_data.start_ip }} end_ip={{ subnet_data.end_ip }}" +# when: subnet_data.start_ip not in existing_start_ips and subnet_data.end_ip not in existing_end_ips + + - name: Read maas subnet information + command: "maas {{ maas_admin_username }} subnet read {{ subnet_data.cidr }}" + register: subnet_info + + - name: Define subnet variables + set_fact: + fabric_name: "{{ (subnet_info.stdout | from_json).vlan.fabric }}" + vlan_vid: "{{ (subnet_info.stdout | from_json).vlan.vid }}" + vlan_id: "{{ (subnet_info.stdout | from_json).id }}" + + - name: Enable DHCP on {{ subnet_name }} subnet + #command: "maas {{ maas_admin_username }} vlan update {{ fabric_name }} {{ vlan_vid }} dhcp_on=True primary_rack={{ groups['maas_region_rack_server'][0].split('.')[0] }} secondary_rack={{ groups['maas_rack_server'][0].split('.')[0] }}" + command: "maas {{ maas_admin_username }} vlan update {{ fabric_name }} {{ vlan_vid }} dhcp_on=True" + + # This section creates the directory where the snippets are going to be copied + + - name: Define snippets path + set_fact: + snippets_path: "{{ '/var/snap/maas/common/maas/dhcp/snippets' if maas_install_method == 'snap' else '/var/lib/maas/dhcp/snippets' }}" + + - name: Create snippets directory + file: + path: "{{ snippets_path }}" + state: directory + mode: '0755' + register: snippets_directory + failed_when: snippets_directory.failed == true + + # This section verifies if the snippets already exist and creates the name variables + - name: Get current snippet names + command: bash -c "maas {{ maas_admin_username }} dhcpsnippets read" + register: current_snippets + + - name: Parse snippet names JSON + set_fact: + existing_snippets: "{{ current_snippets.stdout | from_json | map(attribute='name') | list }}" + + - name: Define snippet name variables + set_fact: + global_snippet: "global_dhcp" + classes_snippet: "{{ subnet_name }}_classes" + pools_snippet: "{{ subnet_name }}_pools" + hosts_snippet: "{{ subnet_name }}_hosts" + + # This section copies the snippets + + - name: Copy global DHCP snippet + template: + src: dhcpd.global.snippet.j2 + dest: "{{ snippets_path }}/global_dhcp_snippet" + register: dhcp_global_config + + - name: Copy {{ subnet_name }} subnet classes snippet + template: + src: dhcpd.classes.snippet.j2 + dest: "{{ snippets_path }}/{{ subnet_name }}_classes_snippet" + when: subnet_data.classes is defined + register: dhcp_classes_config + + - name: Copy {{ subnet_name }} subnet pools snippet + template: + src: dhcpd.pools.snippet.j2 + dest: "{{ snippets_path }}/{{ subnet_name }}_pools_snippet" + when: subnet_data.pools is defined + register: dhcp_pools_config + + - name: Copy {{ subnet_name }} subnet hosts snippet + template: + src: dhcpd.hosts.snippet.j2 + dest: "{{ snippets_path }}/{{ subnet_name }}_hosts_snippet" + register: dhcp_hosts_config + + - pause: + minutes: 500 + + # This section decodes the snippet files and creates the variables to add them into MAAS + + - name: Slurp global DHCP file content + slurp: + src: "{{ snippets_path }}/global_dhcp_snippet" + when: dhcp_global_config.failed == false + register: global_file + + - name: Decode global DHCP file content + set_fact: + global_content: "{{ global_file.content | b64decode }}" + when: dhcp_global_config.failed == false + + - name: Slurp {{ subnet_name }} classes file content + slurp: + src: "{{ snippets_path }}/{{ subnet_name }}_classes_snippet" + when: subnet_data.classes is defined and dhcp_classes_config.failed == false + register: classes_file + + - name: Decode {{ subnet_name }} classes file content + set_fact: + classes_content: "{{ classes_file.content | b64decode }}" + when: subnet_data.classes is defined and dhcp_classes_config.failed == false + + - name: Slurp {{ subnet_name }} pools file content + slurp: + src: "{{ snippets_path }}/{{ subnet_name }}_pools_snippet" + when: subnet_data.pools is defined and dhcp_pools_config.failed == false + register: pools_file + + - name: Decode {{ subnet_name }} pools file content + set_fact: + pools_content: "{{ pools_file.content | b64decode }}" + when: subnet_data.pools is defined and dhcp_pools_config.failed == false + + - name: Slurp {{ subnet_name }} hosts file content + slurp: + src: "{{ snippets_path }}/{{ subnet_name }}_hosts_snippet" + register: hosts_file + + - name: Decode {{ subnet_name }} hosts file content + set_fact: + hosts_content: "{{ hosts_file.content | b64decode }}" + + # This section deletes the snippets if already exist + + - name: Delete global DHCP snippet if already exists + command: "maas {{ maas_admin_username }} dhcpsnippet delete {{ global_snippet }}" + when: dhcp_global_config.changed == true and global_snippet in existing_snippets + + - name: Delete {{ subnet_name }} subnet classes snippet if already exists + command: "maas {{ maas_admin_username }} dhcpsnippet delete {{ classes_snippet }}" + when: subnet_data.classes is defined and dhcp_classes_config.changed == true and classes_snippet in existing_snippets + + - name: Delete {{ subnet_name }} subnet pools snippet if already exists + command: "maas {{ maas_admin_username }} dhcpsnippet delete {{ pools_snippet }}" + when: subnet_data.pools is defined and dhcp_pools_config.changed == true and pools_snippet in existing_snippets + + - name: Delete {{ subnet_name }} subnet hosts snippet if already exists + command: "maas {{ maas_admin_username }} dhcpsnippet delete {{ hosts_snippet }}" + when: dhcp_hosts_config.changed == true and hosts_snippet in existing_snippets + + # This section adds snippets into MAAS + + - name: Add global DHCP snippet into MAAS + command: "maas {{ maas_admin_username }} dhcpsnippets create name='{{ global_snippet }}' value='{{ global_content }}' description='This snippet configures the global DHCP options' global_snippet=true" + when: dhcp_global_config.failed == false and dhcp_global_config.changed == true + + - name: Add {{ subnet_name }} classes snippet into MAAS + command: "maas {{ maas_admin_username }} dhcpsnippets create name='{{ classes_snippet }}' value='{{ classes_content }}' description='This snippet configures the classes in {{ subnet_name }} subnet' subnet='{{ vlan_id }}'" + when: subnet_data.classes is defined and dhcp_classes_config.failed == false and dhcp_classes_config.changed == true + + - name: Add {{ subnet_name }} pools snippet into MAAS + command: "maas {{ maas_admin_username }} dhcpsnippets create name='{{ pools_snippet }}' value='{{ pools_content }}' description='This snippet configures the pools in {{ subnet_name }} subnet' subnet='{{ vlan_id }}'" + when: subnet_data.pools is defined and dhcp_pools_config.failed == false and dhcp_pools_config.changed == true + + - name: Add {{ subnet_name }} hosts snippet into MAAS + command: "maas {{ maas_admin_username }} dhcpsnippets create name='{{ hosts_snippet }}' value='{{ hosts_content }}' description='This snippet configures the hosts in {{ subnet_name }} subnet' subnet='{{ vlan_id }}'" + when: dhcp_hosts_config.failed == false and dhcp_hosts_config.changed == true diff --git a/roles/maas/tasks/config_dns.yml b/roles/maas/tasks/config_dns.yml new file mode 100644 index 00000000..3058dea1 --- /dev/null +++ b/roles/maas/tasks/config_dns.yml @@ -0,0 +1,85 @@ +--- +- name: Configures MAAS DNS + when: inventory_hostname in groups['maas_region_rack_server'] + tags: config_dns + block: + - name: Get existing DNS resources + ansible.builtin.command: "maas {{ maas_admin_username }} dnsresources read" + register: existing_resources + changed_when: false + + - name: Initialize DNS records list + ansible.builtin.set_fact: + dns_records: [] + + - name: Define target hosts for DNS records + ansible.builtin.set_fact: + target_hosts: "{{ groups | dict2items | rejectattr('key', 'equalto', 'maas') | map(attribute='value') | flatten | unique | default([]) }}" + when: groups.keys() | length > 1 + + - name: Build DNS records for all interfaces + ansible.builtin.set_fact: + dns_records: "{{ dns_records + [{'name': item[0].split('.')[0], 'ip': interface_ip, 'type': 'A', 'domain': item[1].value}] }}" + loop: "{{ (target_hosts | default([])) | product(maas_dns_domains | dict2items) | list }}" + vars: + interface_ip: "{{ hostvars[item[0]][item[1].key] if item[1].key != 'ceph' else hostvars[item[0]]['ip'] }}" + when: + - target_hosts is defined and target_hosts | length > 0 + - "item[1].key in hostvars[item[0]] or (item[1].key == 'ceph' and 'ip' in hostvars[item[0]])" + + - name: Parse desired FQDNs + ansible.builtin.set_fact: + desired_fqdns: "{{ dns_records | map(attribute='name') | zip(dns_records | map(attribute='domain')) | map('join', '.') | list }}" + when: dns_records | length > 0 + + - name: Remove unwanted DNS records + ansible.builtin.command: "maas {{ maas_admin_username }} dnsresource delete {{ item.id }}" + loop: "{{ existing_resources.stdout | from_json }}" + when: > + dns_records | length > 0 and + item.fqdn not in desired_fqdns + register: dns_deletion + failed_when: dns_deletion.rc != 0 and "does not exist" not in dns_deletion.stderr + + - name: Get updated DNS resources after deletions + ansible.builtin.command: "maas {{ maas_admin_username }} dnsresources read" + register: updated_resources + changed_when: false + + - name: Get existing DNS domains + ansible.builtin.command: "maas {{ maas_admin_username }} domains read" + register: existing_domains + changed_when: false + + - name: Parse existing domains + ansible.builtin.set_fact: + current_domains: "{{ existing_domains.stdout | from_json | map(attribute='name') | list }}" + + - name: Remove unwanted domains + ansible.builtin.command: "maas {{ maas_admin_username }} domain delete {{ item.id }}" + loop: "{{ existing_domains.stdout | from_json }}" + when: > + item.name not in default_domains and + item.name not in maas_dns_domains.values() + register: domain_deletion + failed_when: domain_deletion.rc != 0 and "does not exist" not in domain_deletion.stderr and "protected foreign keys" not in domain_deletion.stderr + + - name: Ensure new DNS domains exist + ansible.builtin.command: "maas {{ maas_admin_username }} domains create name={{ item.value }}" + loop: "{{ maas_dns_domains | dict2items }}" + when: item.value not in current_domains + register: domain_creation + failed_when: domain_creation.rc != 0 and "already exists" not in domain_creation.stderr + + - name: Ensure DNS records exist + ansible.builtin.command: > + maas {{ maas_admin_username }} dnsresources create + fqdn={{ item.name }}.{{ item.domain }} + ip_addresses={{ item.ip }} + loop: "{{ dns_records }}" + when: > + dns_records | length > 0 and + (item.name + '.' + item.domain) not in + (updated_resources.stdout | from_json | map(attribute='fqdn') | list) + register: dns_creation + failed_when: dns_creation.rc != 0 and "already exists" not in dns_creation.stderr diff --git a/roles/maas/tasks/config_maas.yml b/roles/maas/tasks/config_maas.yml new file mode 100644 index 00000000..4ef2fbbb --- /dev/null +++ b/roles/maas/tasks/config_maas.yml @@ -0,0 +1,78 @@ +--- +- name: Config MAAS + when: inventory_hostname in groups['maas_region_rack_server'] + tags: config_maas + block: + - name: Check if MAAS was already unsquashed + stat: + path: "/var/lib/snapd/snaps/maas_x1.snap" + register: maas_x1 + + - name: Verify that MAAS directory exist + ansible.builtin.file: + path: "{{ maas_home_dir }}" + state: directory + owner: root + group: root + mode: '0755' + when: "maas_install_method == 'snap' and not maas_x1.stat.exists" + register: maas_home + + - name: Check installed MAAS snap + shell: "sudo ls -t /var/lib/snapd/snaps/maas_*" + when: "maas_install_method == 'snap' and not maas_x1.stat.exists" + register: maas_snap + + - name: Unsquahs MAAS FS + command: "sudo unsquashfs -d {{ maas_home_dir }} {{ maas_snap.stdout }}" + when: "maas_install_method == 'snap' and maas_home is defined and not maas_x1.stat.exists" + register: maas_fs + + - name: Change MAAS current to home directory + command: "sudo snap try {{ maas_home_dir }}" + when: "maas_install_method == 'snap' and maas_fs is defined and not maas_x1.stat.exists" + + - name: Check UEFI template directory + shell: "ls {{ maas_home_dir }}/lib/python*/site-packages/provisioningserver/templates/uefi/config.local.arm64.template" + when: "maas_install_method == 'snap'" + register: uefi_template_path + + - name: Copy UEFI template to support ARM OS's + ansible.builtin.template: + src: arm_uefi.j2 + dest: "{{ uefi_template_path.stdout if maas_install_method == 'snap' else '/usr/lib/python3/dist-packages/provisioningserver/templates/uefi/config.local.arm64.template' }}" + owner: root + group: root + mode: '0644' + + - name: Check curtin scripts directory + shell: "ls {{ maas_home_dir }}/usr/lib/python3/dist-packages/curtin/commands/install_grub.py" + when: "maas_install_method == 'snap'" + register: curtin_scripts_path + + - name: Add force flag into install_grub curtin script to allow ARM deployment + ansible.builtin.replace: + path: "{{ curtin_scripts_path.stdout if maas_install_method == 'snap' else '/usr/lib/python3/dist-packages/curtin/commands/install_grub.py' }}" + regexp: "'--recheck']" + replace: "'--recheck', '--force']" + + - name: Check curtin_userdata directory + shell: "ls {{ maas_home_dir }}/etc/maas/preseeds/curtin_userdata" + when: "maas_install_method == 'snap'" + register: curtin_userdata_path + + - name: Copy curtin_userdata template to generate CM user + ansible.builtin.blockinfile: + path: "{{ curtin_userdata_path.stdout if maas_install_method == 'snap' else '/etc/maas/preseeds/curtin_userdata' }}" + insertafter: EOF + block: |2 + 90_create_cm_user: ["curtin", "in-target", "--", "sh", "-c", "useradd {{ cm_user }} -m -s /bin/bash -g sudo"] + 92_delete_cm_pass: ["curtin", "in-target", "--", "sh", "-c", "passwd -d cm"] + 94_configure_sudo: ["curtin", "in-target", "--", "sh", "-c", "printf '%%sudo ALL=(ALL) NOPASSWD: ALL\nDefaults !requiretty\nDefaults visiblepw' >> /etc/sudoers.d/cephlab_sudo"] + 96_create_ssh_directory: ["curtin", "in-target", "--", "sh", "-c", "mkdir -p /home/cm/.ssh"] + 98_copy_ssh_keys_cm: ["curtin", "in-target", "--", "sh", "-c", "echo '{{ cm_user_ssh_keys|join('\n') }}' >> /home/cm/.ssh/authorized_keys"] + when: "cm_user_ssh_keys is defined and cm_user is defined" + + - name: Configure global kernel options + command: "maas {{ maas_admin_username }} maas set-config name=kernel_opts value='{{ global_kernel_opt }}'" + when: "global_kernel_opt is defined" diff --git a/roles/maas/tasks/config_ntp.yml b/roles/maas/tasks/config_ntp.yml new file mode 100644 index 00000000..eea41802 --- /dev/null +++ b/roles/maas/tasks/config_ntp.yml @@ -0,0 +1,10 @@ +--- +- name: Configure NTP service + when: inventory_hostname in groups['maas_region_rack_server'] + tags: config_ntp + block: + - name: Configure NTP servers to sync MAAS + command: "maas {{ maas_admin_username }} maas set-config name=ntp_servers value={{ maas_ntp_servers }}" + + - name: Configure the option to use NTP external only + command: "maas {{ maas_admin_username }} maas set-config name=ntp_external_only value={{ maas_ntp_external_only }}" diff --git a/roles/maas/tasks/initialize_region_rack.yml b/roles/maas/tasks/initialize_region_rack.yml new file mode 100644 index 00000000..28f0dd31 --- /dev/null +++ b/roles/maas/tasks/initialize_region_rack.yml @@ -0,0 +1,46 @@ +--- +- name: Initialize MAAS Region + Rack Controller + when: inventory_hostname in groups['maas_region_rack_server'] and maas_install.failed == false and maas_install.changed == true + tags: install_maas + block: + - name: List all enabled services + ansible.builtin.service_facts: + when: "maas_install_method == 'snap'" + + - name: Disable timesyncd service + systemd_service: + name: "{{ item }}" + state: stopped + enabled: false + when: "maas_install_method == 'snap' and '{{ item }}.service' in ansible_facts.services and ansible_facts['services']['{{ item }}.service']['status'] != 'not-found'" + loop: + - systemd-timesyncd + - chrony + + - name: Initialize MAAS Region Controller Snap + expect: + command: "maas init region+rack --database-uri postgres://{{ maas_db_user }}:{{ maas_db_password }}@localhost/{{ maas_db_name }}" + responses: + "MAAS URL*": "" + "Controller has already been initialized*": "" + timeout: 300 + when: "maas_install_method == 'snap'" + + - name: Starting MAAS region service Apt + ansible.builtin.systemd: + name: maas-regiond.service + state: started + no_block: false + when: "maas_install_method == 'apt'" + + - name: Perform database migrations + command: "{{ 'maas' if maas_install_method == 'snap' else 'maas-region' }} migrate" + + - name: Create MAAS admin user + command: "sudo maas createadmin --username={{ maas_admin_username }} --password={{ maas_admin_password }} --email={{ maas_admin_email }}" + register: admin_user_created + ignore_errors: true + + - name: Restart MAAS services + command: "snap restart maas" + when: "maas_install_method == 'snap'" diff --git a/roles/maas/tasks/initialize_secondary_rack.yml b/roles/maas/tasks/initialize_secondary_rack.yml new file mode 100644 index 00000000..f1167afa --- /dev/null +++ b/roles/maas/tasks/initialize_secondary_rack.yml @@ -0,0 +1,36 @@ +--- +- name: Get secret for init-rack + command: "cat {{ '/var/snap/maas/common/maas/secret' if maas_install_method == 'snap' else '/var/lib/maas/secret' }}" + when: inventory_hostname in groups['maas_region_rack_server'] and maas_install.failed == false and maas_install.changed == true + tags: install_maas + register: secret_var + +- name: Initialize MAAS Rack Controller + when: inventory_hostname in groups['maas_rack_server'] and maas_install.failed == false and secret_var is defined and maas_install.changed == true + tags: install_maas + block: + - name: List all enabled services + ansible.builtin.service_facts: + when: "maas_install_method == 'snap'" + + - name: Disable timesyncd service + systemd_service: + name: "{{ item }}" + state: stopped + enabled: false + when: "maas_install_method == 'snap' and '{{ item }}.service' in ansible_facts.services and ansible_facts['services']['{{ item }}.service']['status'] != 'not-found'" + loop: + - systemd-timesyncd + - chrony + + - name: Register Rack Controller with Region Controller Snap + command: "maas init rack --maas-url http://{{ hostvars[groups['maas_region_rack_server'].0]['ip'] }}:5240/MAAS/ --secret {{ hostvars[groups['maas_region_rack_server'].0]['secret_var']['stdout'] }}" + when: "maas_install_method == 'snap'" + + - name: Register Rack Controller with Region Controller Apt + command: "maas-rack register --url=http://{{ hostvars[groups['maas_region_rack_server'].0]['ip'] }}:5240/MAAS/ --secret={{ hostvars[groups['maas_region_rack_server'].0]['secret_var']['stdout'] }}" + when: "maas_install_method == 'apt'" + + - name: Restart MAAS Rack Controller + command: "snap restart maas" + when: "maas_install_method == 'snap'" diff --git a/roles/maas/tasks/install_maasdb.yml b/roles/maas/tasks/install_maasdb.yml new file mode 100644 index 00000000..2b434cdb --- /dev/null +++ b/roles/maas/tasks/install_maasdb.yml @@ -0,0 +1,33 @@ +--- +- name: Install PostgreSQL + apt: + name: postgresql-{{ postgres_version}} + state: present + when: inventory_hostname in groups['maas_db_server'] + tags: + - install_maas + - install_db + register: postgres_install + +- name: Configure PostgreSQL for MAAS + when: inventory_hostname in groups['maas_db_server'] and postgres_install is changed + tags: + - install_maas + - install_db + block: + - name: Create PostgreSQL user for MAAS + command: sudo -i -u postgres psql -c "CREATE USER \"{{ maas_db_user }}\" WITH ENCRYPTED PASSWORD '{{ maas_db_password }}'" + + - name: Create PostgreSQL database for MAAS + command: sudo -i -u postgres createdb -O "{{ maas_db_user }}" "{{ maas_db_name }}" + + - name: Allow MAAS region controller to connect + lineinfile: + path: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf + line: "host {{ maas_db_name }} {{ maas_db_user }} 0/0 md5" + insertafter: EOF + + - name: Restart PostgreSQL + systemd: + name: postgresql + state: restarted diff --git a/roles/maas/tasks/machines.yml b/roles/maas/tasks/machines.yml new file mode 100644 index 00000000..a78efd55 --- /dev/null +++ b/roles/maas/tasks/machines.yml @@ -0,0 +1,148 @@ +--- +################################################################################ +# API base +################################################################################ +- name: Set MAAS API base URL + set_fact: + _maas_api: "{{ maas_api_url | trim('/') }}/MAAS/api/2.0" + +- include_tasks: _auth_header.yml + +- include_tasks: machines/_read_machines.yml + +- include_tasks: machines/_build_indexes.yml + +- name: Ensure short hostnames are unique in MAAS + fail: + msg: "Duplicate short hostnames found in MAAS: {{ (_short_names | difference(_short_names | unique)) | unique | join(', ') }}" + when: (_short_names | difference(_short_names | unique)) | length > 0 + +# Initialize the list of nodes we will mark Fixed later +- name: Init shared _marked_broken list + set_fact: + _marked_broken: "{{ hostvars['localhost']._marked_broken | default([]) }}" + delegate_to: localhost + run_once: true + +- include_tasks: machines/_plan_sets.yml + +# CREATE: loop over SHORT names only +- name: Include create.yml for missing hosts + include_tasks: machines/create.yml + loop: "{{ _create_short }}" + loop_control: + label: "{{ item }}" + vars: + # short name we planned against + host: "{{ item }}" + + # creating: there should be no system_id; keep safe default + system_id: "{{ maas_short_to_id[item] | default(omit) }}" + + # resolve inventory host (FQDN if inventory uses it) + inv_host: "{{ (inventory_by_short | default({})).get(item, item) }}" + + desired_arch: "{{ hostvars[(inventory_by_short | default({})).get(item, item)].maas_arch + | default(maas_arch | default('amd64/generic')) }}" + desired_domain: "{{ hostvars[(inventory_by_short | default({})).get(item, item)].maas_domain + | default(maas_domain | default(omit)) }}" + + # collect MACs from inventory: for each iface prefix, read _mac var + mac_addresses: >- + {{ + (hostvars[(inventory_by_short | default({})).get(item, item)].maas_interfaces | default([])) + | map(attribute='prefix') + | map('regex_replace', '$', '_mac') + | map('extract', hostvars[(inventory_by_short | default({})).get(item, item)]) + | select('defined') + | list + }} + tags: create_machines + +# Create machines just creates a skeleton machine entry. +# We called a handler to re-read all the machines from MaaS and update +# the _update_names list. +- meta: flush_handlers + +- name: Set timestamp for when machines get marked broken + set_fact: + broken_at: "{{ lookup('pipe', 'date +%Y-%m-%d\\ %H:%M:%S') }}" + +- include_tasks: machines/_plan_sets.yml + +# UPDATE: loop over SHORT names only +- name: Include update.yml for existing hosts + include_tasks: machines/update.yml + loop: "{{ _update_short }}" + loop_control: + label: "{{ item }}" + vars: + # MAAS object for this short name (safe default to {}) + existing: "{{ maas_by_short[item] | default({}) }}" + + # updating requires a real system_id; keep strict so we notice problems + system_id: "{{ maas_short_to_id[item] }}" + + # status map may be absent during initial runs; keep safe default + system_status: "{{ maas_host_to_status[item] | default('Unknown') }}" + + host: "{{ item }}" + inv_host: "{{ (inventory_by_short | default({})).get(item, item) }}" + + desired_arch: "{{ hostvars[(inventory_by_short | default({})).get(item, item)].maas_arch + | default(maas_arch | default('amd64/generic')) }}" + desired_domain: "{{ hostvars[(inventory_by_short | default({})).get(item, item)].maas_domain + | default(maas_domain | default(omit)) }}" + tags: update_machines + +#- pause: + +- include_vars: "{{ secrets_path }}/ipmi.yml" + tags: + - ipmi + failed_when: false + +- debug: var=power_user + +- name: Build list of hosts that have a MAAS system_id + set_fact: + _ipmi_with_id: >- + {{ _plan_ipmi + | select('in', (maas_short_to_id | default({})).keys() | list) + | list }} + +# Apply IPMI creds for all hosts we can resolve to a system_id +- name: Include set_ipmi_creds.yml + include_tasks: machines/set_ipmi_creds.yml + loop: "{{ _ipmi_with_id | default([]) }}" + loop_control: + loop_var: ipmi_short + label: "{{ ipmi_short }}" + vars: + host: "{{ ipmi_short }}" + system_id: "{{ maas_short_to_id[ipmi_short] }}" + # If inventory uses FQDNs, resolve to inventory hostname; else short + inv_host: "{{ (inventory_by_short | default({})).get(ipmi_short, ipmi_short) }}" + when: + - power_user is defined + - power_pass is defined + tags: + - ipmi + + +- name: Include delete.yml for extra hosts + include_tasks: machines/delete.yml + loop: "{{ _delete_names }}" + loop_control: + label: "{{ item }}" + vars: + host: "{{ item }}" + system_id: "{{ maas_short_to_id[item] }}" + # If inventory uses FQDNs, this resolves to the inventory hostname; else returns the short + inv_host: "{{ (inventory_by_short | default({})).get(item, item) }}" + when: (maas_delete_hosts | default(false)) | bool + +- name: Include cleanup.yml when we marked nodes broken + include_tasks: machines/cleanup.yml + when: _marked_broken | default([]) | length > 0 + run_once: true diff --git a/roles/maas/tasks/machines.yml.cli b/roles/maas/tasks/machines.yml.cli new file mode 100644 index 00000000..b5bbcaf5 --- /dev/null +++ b/roles/maas/tasks/machines.yml.cli @@ -0,0 +1,1064 @@ +--- +- name: Add all machines from inventory to MAAS + when: inventory_hostname in groups['maas_region_rack_server'] + tags: machines + block: + + - name: Read machines from MAAS + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", machines, read ] + register: maas_read + + - name: Parse MAAS machines JSON + ansible.builtin.set_fact: + maas_nodes_list: "{{ (maas_read.stdout | from_json) | list }}" + + - name: Init MAAS map + ansible.builtin.set_fact: + maas_by_hostname: {} + + - name: Populate MAAS map + vars: + boot_mac: >- + {{ + ( + (item.boot_interface.mac_address + if (item.boot_interface is defined and item.boot_interface and item.boot_interface.mac_address is defined) + else (item.interface_set | selectattr('mac_address','defined') | list | first).mac_address + ) | default('') + ) | lower + }} + boot_ip: >- + {{ + ( + ( + (item.boot_interface.links | selectattr('ip_address','defined') | list | first).ip_address + if (item.boot_interface is defined and item.boot_interface and item.boot_interface.links | default([])) + else (item.ip_addresses | first) + ) | default('') + ) + }} + loop: "{{ maas_nodes_list }}" + loop_control: { label: "{{ item.hostname | default('UNKNOWN') }}" } + ansible.builtin.set_fact: + maas_by_hostname: >- + {{ + maas_by_hostname | combine({ + (item.hostname | lower): { + 'system_id': item.system_id | default(''), + 'arch': item.architecture | default(''), + 'mac': boot_mac, + 'power_type': item.power_type | default(''), + 'ip': boot_ip, + 'status_name': item.status_name | default('') + } + }) + }} + + - name: Init desired inventory map + ansible.builtin.set_fact: + desired_by_hostname: {} + + - name: Populate desired map from inventory + vars: + node: "{{ item }}" + hostname: "{{ node.split('.')[0] | lower }}" + boot_mac_key: "{{ hostvars[node]['maas_boot_mac_var'] | default(maas_boot_mac_var | default('ext_pere_mac')) }}" + want_mac_raw: "{{ hostvars[node][boot_mac_key] | default('') }}" + want_mac: "{{ want_mac_raw | lower }}" + boot_ip_key: "{{ hostvars[node]['maas_boot_ip_var'] | default(maas_boot_ip_var | default('ext_pere_ip')) }}" + want_ip: "{{ hostvars[node][boot_ip_key] | default('') }}" + want_arch: "{{ hostvars[node].get('arch', hostvars[node].get('maas_arch', maas_arch | default('amd64/generic'))) }}" + want_power: "{{ 'ipmi' if (hostvars[node].ipmi is defined and hostvars[node].ipmi|length>0) else hostvars[node].get('power_type','manual') }}" + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.set_fact: + desired_by_hostname: >- + {{ + desired_by_hostname | combine({ + hostname: { + 'hostname': hostname, + 'mac': want_mac, + 'arch': want_arch, + 'power_type': want_power, + 'ip': want_ip, + 'ipmi_address': hostvars[node].ipmi | default(''), + 'current_state': (maas_by_hostname.get(hostname, {}).status_name | default('')) + } + }) + }} + + - name: Assert each node has boot MAC and arch + vars: + node: "{{ item }}" + hostname: "{{ node.split('.')[0] | lower }}" + boot_mac_key: "{{ hostvars[node]['maas_boot_mac_var'] | default(maas_boot_mac_var | default('ext_pere_mac')) }}" + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.assert: + that: + - hostvars[node][boot_mac_key] is defined + - (hostvars[node].get('arch', hostvars[node].get('maas_arch', maas_arch | default('amd64/generic')))) | string | length > 0 + + - name: Compute hosts to create + ansible.builtin.set_fact: + to_create: >- + {{ + (desired_by_hostname.keys() | difference(maas_by_hostname.keys())) + | map('extract', desired_by_hostname) + | list + }} + + # A) Try IPMI on each create-candidate + - name: Probe IPMI for create candidates + when: to_create | length > 0 + loop: "{{ to_create }}" + loop_control: { label: "{{ item.hostname }} -> {{ item.ipmi_address | default('') }}" } + ansible.builtin.command: + argv: + - ipmitool + - -I + - lanplus + - -H + - "{{ item.ipmi_address }}" + - -U + - "{{ maas_ipmi_username }}" + - -P + - "{{ maas_ipmi_password }}" + - -N + - "1" + - -R + - "1" + - chassis + - power + - status + register: ipmi_probe_create + changed_when: false + failed_when: false + + - name: Build IPMI OK map for creates + when: ipmi_probe_create is defined + ansible.builtin.set_fact: + ipmi_ok_create_map: {} + + - name: Accumulate IPMI OK map for creates + when: ipmi_probe_create is defined + loop: "{{ ipmi_probe_create.results }}" + loop_control: { label: "{{ item.item.hostname }} rc={{ item.rc }}" } + ansible.builtin.set_fact: + ipmi_ok_create_map: >- + {{ + (ipmi_ok_create_map | default({})) + | combine({ (item.item.hostname): ((item.rc | int) == 0) }) + }} + + # C) Rewrite to_create so power_type is 'ipmi' only if ipmi_ok else 'manual' + # init an empty list we’ll fill + - name: Init effective create list + ansible.builtin.set_fact: + to_create_effective: [] + + # append each host with power_type decided by the probe result + - name: Build effective create list (ipmi if reachable else manual) + when: to_create | length > 0 + loop: "{{ to_create }}" + loop_control: { label: "{{ item.hostname }}" } + ansible.builtin.set_fact: + to_create_effective: >- + {{ + (to_create_effective | default([])) + + [ item | combine({ + 'power_type': (ipmi_ok_create_map | default({})).get(item.hostname, false) + | ternary('ipmi','manual') + }) ] + }} + + # replace the original list + - name: Apply effective create list + when: to_create_effective | length > 0 + ansible.builtin.set_fact: + to_create: "{{ to_create_effective }}" + + - name: Compute hosts to update + vars: + both_keys: "{{ desired_by_hostname.keys() | intersect(maas_by_hostname.keys()) }}" + diffs: >- + {%- set out = [] -%} + {%- for k in both_keys -%} + {%- set d = desired_by_hostname[k] -%} + {%- set m = maas_by_hostname[k] -%} + {%- set drift = [] -%} + {%- if (d.mac | default('')) != (m.mac | default('')) -%}{%- set _ = drift.append('mac') -%}{%- endif -%} + {%- if (d.arch | default('')) != (m.arch | default('')) -%}{%- set _ = drift.append('arch') -%}{%- endif -%} + {%- if (d.power_type | default('')) != (m.power_type | default('')) -%}{%- set _ = drift.append('power_type') -%}{%- endif -%} + {%- set ip_drift = ((d.ip | default('')) and ((d.ip | default('')) != (m.ip | default('')))) -%} + {%- if drift | length > 0 or ip_drift -%} + {%- set _ = out.append({ + 'hostname': k, + 'mac': d.mac, + 'arch': d.arch, + 'power_type': d.power_type, + 'want_ip': d.ip, + 'have_ip': m.ip | default(''), + 'ip_drift': ip_drift, + 'drift': drift, + 'system_id': m.system_id, + 'ipmi_address': d.ipmi_address | default('') + }) -%} + {%- endif -%} + {%- endfor -%} + {{ out }} + ansible.builtin.set_fact: + to_update: "{{ diffs }}" + + - name: Create missing machines in MAAS + when: to_create | length > 0 + loop: "{{ to_create }}" + loop_control: { label: "{{ item.hostname }}" } + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - machines + - create + - "architecture={{ item.arch }}" + - "mac_addresses={{ item.mac }}" + - "hostname={{ item.hostname }}" + - "power_type={{ item.power_type | default('manual') }}" +# - "deployed=true" + + - name: Re-read machines from MAAS after creates + when: to_create | default([]) | length > 0 + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", machines, read ] + register: maas_read_after_create + changed_when: false + + - name: Parse machines JSON (post-create) + when: maas_read_after_create is defined and (maas_read_after_create.stdout | default('')) | length > 0 + ansible.builtin.set_fact: + maas_nodes_list: "{{ (maas_read_after_create.stdout | from_json) | list }}" + + - name: Rebuild maas_by_hostname (post-create) + when: maas_read_after_create is defined and (maas_read_after_create.stdout | default('')) | length > 0 + vars: + boot_mac: >- + {{ + ( + (item.boot_interface.mac_address + if (item.boot_interface is defined and item.boot_interface and item.boot_interface.mac_address is defined) + else (item.interface_set | selectattr('mac_address','defined') | list | first).mac_address + ) | default('') | lower }} + boot_ip: >- + {{ + ( + ( + (item.boot_interface.links | selectattr('ip_address','defined') | list | first).ip_address + if (item.boot_interface is defined and item.boot_interface and item.boot_interface.links | default([])) + else (item.ip_addresses | first) + ) | default('') + ) + }} + loop: "{{ maas_nodes_list }}" + loop_control: { label: "{{ item.hostname | default('UNKNOWN') }}" } + ansible.builtin.set_fact: + maas_by_hostname: >- + {{ + (maas_by_hostname | default({})) | combine({ + (item.hostname | lower): { + 'system_id': item.system_id | default(''), + 'arch': item.architecture | default(''), + 'mac': boot_mac, + 'power_type': item.power_type | default(''), + 'ip': boot_ip, + 'status_name': item.status_name | default('') + } + }) + }} + + - name: Build desired physical MAC set per host + vars: + node: "{{ item }}" + hostname: "{{ node.split('.')[0] | lower }}" + # keys must come from the NODE (and coerce to strings to support names like "25Gb_2") + keys: "{{ (hostvars[node].maas_mac_keys | default([])) | map('string') | list }}" + # extract values safely, then default missing ones to '' + macs_raw: >- + {{ + (keys | map('extract', hostvars[node]) | list) + | map('default','') + | list + }} + desired_macs: "{{ macs_raw | reject('equalto','') | map('lower') | list | unique }}" + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.set_fact: + desired_phys_macs: "{{ (desired_phys_macs | default({})) | combine({ hostname: desired_macs }) }}" + + - name: Read MAAS interfaces for each host + vars: + hostname: "{{ item.split('.')[0] | lower }}" + sid: "{{ maas_by_hostname.get(hostname, {}).get('system_id') | default('') }}" + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }} (sid={{ sid | default('') }})" } + when: sid | length > 0 + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", interfaces, read, "{{ sid }}" ] + register: iface_reads + changed_when: false + + - name: Index existing physical interfaces by host (normalized) + ansible.builtin.set_fact: + existing_phys_by_host: >- + {{ + dict( + iface_reads.results + | selectattr('stdout','defined') + | map(attribute='item') | map('split','.') | map('first') | list + | zip( + iface_reads.results + | map(attribute='stdout') | map('from_json') | list + ) + ) + }} + + - name: Show desired vs existing MACs (debug) + vars: + h: "{{ item.split('.')[0] | lower }}" + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.debug: + msg: + desired: "{{ desired_phys_macs[h] | default([]) }}" + have: "{{ (existing_phys_by_host[h] | default([])) | selectattr('type','equalto','physical') | map(attribute='mac_address') | list }}" + + - name: Compute phys interface drift + mac->id per host + vars: + hostname: "{{ item }}" + interfaces: "{{ existing_phys_by_host[hostname] | default([]) }}" + phys_ifaces: "{{ interfaces | selectattr('type','equalto','physical') | list }}" + have_macs: "{{ phys_ifaces | map(attribute='mac_address') | map('lower') | list }}" + want_macs: "{{ desired_phys_macs[hostname] | default([]) }}" + mac_to_id: >- + {{ dict( + (phys_ifaces | map(attribute='mac_address') | map('lower') | list) + | zip(phys_ifaces | map(attribute='id') | list) + ) + }} + missing_macs: "{{ want_macs | difference(have_macs) }}" + extra_macs: "{{ have_macs | difference(want_macs) }}" + loop: "{{ (desired_phys_macs | default({})).keys() | list }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.set_fact: + iface_drift: "{{ (iface_drift | default({})) | combine({ hostname: { + 'missing': missing_macs, + 'extra': extra_macs, + 'mac_to_id': mac_to_id + }}) }}" + + - name: Build phys_create_list + ansible.builtin.set_fact: + phys_create_list: >- + {%- set out = [] -%} + {%- for h, want_macs in (desired_phys_macs | default({})).items() -%} + {%- set sid = (maas_by_hostname[h].system_id | default('')) -%} + {%- set missing = (iface_drift[h].missing | default([])) -%} + {%- for m in missing -%} + {%- set _ = out.append({'hostname': h, 'sid': sid, 'mac': m}) -%} + {%- endfor -%} + {%- endfor -%} + {{ out }} + + - name: Define allowed states for NIC changes + ansible.builtin.set_fact: + maas_allowed_states_for_phys: "{{ maas_allowed_states_for_phys | default(['New','Ready','Allocated','Broken']) }}" + + - name: Ensure status_name_map exists (hostname -> status_name) + when: status_name_map is not defined + ansible.builtin.set_fact: + status_name_map: >- + {{ + dict( + (maas_nodes_list | map(attribute='hostname') | map('lower') | list) + | zip(maas_nodes_list | map(attribute='status_name') | list) + ) + }} + + - name: Split phys_create_list by eligibility (simple & clear) + ansible.builtin.set_fact: + phys_create_eligible: [] + phys_create_ineligible: [] + + - name: Accumulate phys_create elig / inelig + vars: + eligible_states: "{{ maas_allowed_states_for_phys }}" + st: "{{ status_name_map.get(item.hostname) | default('') }}" + loop: "{{ phys_create_list | default([]) }}" + loop_control: { label: "{{ item.hostname }} -> {{ st }}" } + ansible.builtin.set_fact: + phys_create_eligible: "{{ phys_create_eligible + [item] if st in eligible_states else phys_create_eligible }}" + phys_create_ineligible: "{{ phys_create_ineligible + [item] if st not in eligible_states else phys_create_ineligible }}" + + - name: Create missing physical interfaces in MAAS (eligible hosts) + when: phys_create_eligible | length > 0 + loop: "{{ phys_create_eligible }}" + loop_control: { label: "{{ item.hostname }} -> {{ item.mac }}" } + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - interfaces + - create-physical + - "{{ item.sid }}" + - "mac_address={{ item.mac }}" + register: phys_create_results + changed_when: true + + - name: Re-read interfaces after physical creates + when: phys_create_eligible | length > 0 + loop: "{{ phys_create_eligible | map(attribute='sid') | unique | list }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", interfaces, read, "{{ item }}" ] + register: iface_reads_after_phys_create + changed_when: false + + - name: Record phys-create skipped due to state (force=false) + when: + - not (maas_force_machine_update | default(false) | bool) + - (phys_create_ineligible | length) > 0 + ansible.builtin.set_fact: + machines_skipped_due_to_state: >- + {{ + (machines_skipped_due_to_state | default([])) + + (phys_create_ineligible | map(attribute='hostname') | list) + }} + + - name: "Mark {{ item }} broken to update physical interfaces" + when: + - (maas_force_machine_update | default(false) | bool) + - (phys_create_ineligible | length) > 0 + loop: "{{ phys_create_ineligible | map(attribute='sid') | unique | list }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", machine, mark-broken, "{{ item }}" ] + register: phys_force_mark_broken + failed_when: > + (phys_force_mark_broken.rc != 0) + and ('No rack controllers can access the BMC' not in (phys_force_mark_broken.stdout | default(''))) + changed_when: true + + - name: Create physical interfaces (while broken) + when: + - (maas_force_machine_update | default(false) | bool) + - (phys_create_ineligible | length) > 0 + loop: "{{ phys_create_ineligible }}" + loop_control: { label: "{{ item.hostname }} -> {{ item.mac }}" } + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - interfaces + - create-physical + - "{{ item.sid }}" + - "mac_address={{ item.mac }}" + register: phys_force_create_results + changed_when: true + + - name: Mark fixed after physical interface create + when: + - (maas_force_machine_update | default(false) | bool) + - (phys_create_ineligible | length) > 0 + loop: "{{ phys_create_ineligible | map(attribute='sid') | unique | list }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", machine, mark-fixed, "{{ item }}" ] + register: phys_force_mark_fixed + failed_when: > + (phys_force_mark_fixed.rc != 0) + and ('No rack controllers can access the BMC' not in (phys_force_mark_fixed.stdout | default(''))) + changed_when: true + + - name: Read interfaces for bond scan + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }}" } + vars: + h: "{{ item.split('.')[0] | lower }}" + sid: "{{ maas_by_hostname[h].system_id | default(omit) }}" + when: sid is defined + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", interfaces, read, "{{ sid }}" ] + register: bond_scan + changed_when: false + + - name: Init bond maps + ansible.builtin.set_fact: + current_bonds_map: {} + current_bond_members: {} + + - name: Build current bond maps (per host) + loop: "{{ bond_scan.results | selectattr('stdout','defined') | list }}" + loop_control: + label: "{{ item.item.split('.')[0] | lower }}" + vars: + h: "{{ item.item.split('.')[0] | lower }}" + bonds: "{{ (item.stdout | from_json) | selectattr('type','equalto','bond') | list }}" + bond_names: "{{ bonds | map(attribute='name') | list }}" + bond_ids: "{{ bonds | map(attribute='id') | list }}" + bond_parents: "{{ bonds | map(attribute='parents') | list }}" + name_to_id: "{{ dict(bond_names | zip(bond_ids)) }}" + id_to_parents: "{{ dict(bond_ids | zip(bond_parents)) }}" + ansible.builtin.set_fact: + current_bonds_map: "{{ current_bonds_map | combine({ h: name_to_id }) }}" + current_bond_members: "{{ current_bond_members | combine({ h: id_to_parents }) }}" + + - name: Ensure bond action lists exist + ansible.builtin.set_fact: + bond_create_list: "{{ bond_create_list | default([]) }}" + bond_update_list: "{{ bond_update_list | default([]) }}" + + - name: Compute bond actions per host + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }}" } + vars: + node: "{{ item }}" + h: "{{ node.split('.')[0] | lower }}" + sid: "{{ maas_by_hostname[h].system_id | default('') }}" + want_bonds: "{{ hostvars[node].maas_bonds | default([]) }}" + mac_to_id: "{{ iface_drift[h].mac_to_id | default({}) }}" + have_bonds: "{{ current_bonds_map.get(h, {}) }}" + ansible.builtin.set_fact: + bond_create_list: >- + {%- set out = bond_create_list | default([]) -%} + {%- for b in want_bonds -%} + {%- set parent_macs = (b.interfaces | default([])) | map('extract', hostvars[node]) | map('lower') | list -%} + {%- set parent_ids = parent_macs | map('extract', mac_to_id) | select('defined') | list -%} + {%- if b.name not in have_bonds.keys() -%} + {%- set _ = out.append({ + 'hostname': h, + 'sid': sid, + 'name': b.name, + 'mode': b.mode | default('802.3ad'), + 'mtu': b.mtu | default(9000), + 'parent_ids': parent_ids + }) -%} + {%- endif -%} + {%- endfor -%} + {{ out }} + bond_update_list: >- + {%- set out = bond_update_list | default([]) -%} + {%- for b in want_bonds -%} + {%- if b.name in have_bonds.keys() -%} + {%- set parent_macs = (b.interfaces | default([])) | map('extract', hostvars[node]) | map('lower') | list -%} + {%- set parent_ids = parent_macs | map('extract', mac_to_id) | select('defined') | list -%} + {%- set _ = out.append({ + 'hostname': h, + 'sid': sid, + 'name': b.name, + 'mode': b.mode | default('802.3ad'), + 'mtu': b.mtu | default(9000), + 'parent_ids': parent_ids, + 'have_bond_id': have_bonds[b.name] + }) -%} + {%- endif -%} + {%- endfor -%} + {{ out }} + + - name: Define allowed MAAS states for bond changes + ansible.builtin.set_fact: + maas_allowed_states_for_bonds: ['New','Ready','Allocated','Broken'] + + + - name: Build eligibility lists for bond changes + vars: + eligible_hosts: >- + {{ + status_name_map | dict2items + | selectattr('value','in', maas_allowed_states_for_bonds) + | map(attribute='key') | list + }} + all_bond_hosts: >- + {{ + ( + (bond_create_list | default([])) + (bond_update_list | default([])) + ) + | map(attribute='hostname') | list + | unique | list + }} + ansible.builtin.set_fact: + bond_create_eligible: "{{ (bond_create_list | default([])) | selectattr('hostname','in', eligible_hosts) | list }}" + bond_update_eligible: "{{ (bond_update_list | default([])) | selectattr('hostname','in', eligible_hosts) | list }}" + bond_ineligible_hosts: "{{ all_bond_hosts | difference(eligible_hosts) | list }}" + + - name: Recompute desired parent IDs for each bond update + when: bond_update_eligible | length > 0 + loop: "{{ bond_update_eligible }}" + loop_control: + label: "{{ item.hostname }} -> {{ item.name }}" + vars: + hostname: "{{ item.hostname }}" + # get this host's bond definition from inventory/group_vars + bond_cfg: >- + {{ + (hostvars[hostname].maas_bonds | default([])) + | selectattr('name','equalto', item.name) | first | default({}) + }} + # the inventory keys for this bond (e.g. ['ext_pere_mac','25Gb_2']) + mac_keys: "{{ bond_cfg.interfaces | default([]) }}" + # resolve keys -> MACs from that host, normalize/lower, drop empties + macs_for_bond: >- + {{ + mac_keys + | map('extract', hostvars[hostname]) | map('default','') + | map('lower') | reject('equalto','') | list + }} + # existing interface id map for this host: mac(lower) -> id + id_by_mac: "{{ iface_drift[hostname].mac_to_id | default({}) }}" + desired_parent_ids: >- + {{ + macs_for_bond + | map('extract', id_by_mac, None) + | reject('equalto', None) + | map('string') | unique | sort | list + }} + ansible.builtin.set_fact: + bond_update_argvs: >- + {{ + (bond_update_argvs | default([])) + + [ { + 'sid': item.sid, + 'bond_id': item.have_bond_id, + 'argv': [ + 'maas', maas_admin_username, 'interface', 'update', + item.sid, (item.have_bond_id | string), + 'parents=' ~ (desired_parent_ids | join(',')), + 'bond_mode=' ~ (item.mode | default('802.3ad')), + 'mtu=' ~ (item.mtu | default(9000) | string) + ] + } ] + }} + + - name: Apply bond parents/mode/mtu (idempotent) + when: (bond_update_argvs | default([])) | length > 0 + loop: "{{ bond_update_argvs }}" + loop_control: { label: "{{ item.sid }} -> bond {{ item.bond_id }}" } + vars: + # item.argv currently has base pieces; rebuild with repeated parents= + parents_ids: >- + {{ + (item.argv | last) is string and (item.argv | last) is search('^parents=') + | ternary( (item.argv | last | regex_replace('^parents=', '')).split(','), + [] ) + }} + parents_args: "{{ parents_ids | map('string') | map('regex_replace','^(.*)$','parents=\\1') | list }}" + base_args: "{{ ['maas', maas_admin_username, 'interface', 'update', item.sid, (item.bond_id | string)] }}" + final_argv: "{{ base_args + parents_args + ['bond_mode=802.3ad', 'mtu=9000'] }}" + ansible.builtin.command: + argv: "{{ final_argv }}" + register: bond_parent_updates + changed_when: true + + - name: Record machines skipped due to state (force=false) + when: + - not (maas_force_machine_update | default(false) | bool) + - bond_ineligible_hosts | length > 0 + ansible.builtin.set_fact: + bond_skipped_due_to_state: >- + {{ (bond_skipped_due_to_state | default([])) + bond_ineligible_hosts }} + + - name: Create bonds (machines in modifiable state) + when: bond_create_eligible | length > 0 + loop: "{{ bond_create_eligible }}" + loop_control: { label: "{{ item.hostname }} -> {{ item.name }}" } + vars: + parents_args: >- + {{ + item.parent_ids + | map('string') + | map('regex_replace','^(.*)$','parents=\\1') + | list + }} + argv_final: >- + {{ + ['maas', maas_admin_username, 'interfaces', 'create-bond', + item.sid, 'name=' ~ item.name, + 'bond_mode=' ~ (item.mode | default('802.3ad'))] + + parents_args + + ['mtu=' ~ (item.mtu | default(9000) | string)] + + ((item.vlan is defined) | ternary(['vlan=' ~ (item.vlan | string)], [])) + }} + ansible.builtin.command: + argv: "{{ argv_final }}" + register: bond_create_results + changed_when: true + + - name: Update bonds (machine in modifiable state) + when: bond_update_eligible | length > 0 + loop: "{{ bond_update_eligible }}" + loop_control: + label: "{{ item.hostname }} -> {{ item.name }} (id={{ item.have_bond_id }})" + vars: + parents_args: >- + {{ + item.parent_ids + | map('string') + | map('regex_replace','^(.*)$','parents=\1') + | list + }} + argv_final: >- + {{ + ['maas', maas_admin_username, 'interface', 'update', + item.sid, (item.have_bond_id | string)] + + parents_args + + ['bond_mode=' ~ (item.mode | default('802.3ad')), + 'mtu=' ~ (item.mtu | default(9000) | string)] + }} + ansible.builtin.command: + argv: "{{ argv_final }}" + register: bond_update_calls + changed_when: true + + - name: Build force lists (ineligible hosts only, when forcing) + when: (maas_force_machine_update | default(false) | bool) + vars: + bond_create_force_hosts: "{{ (bond_create_list | default([])) | map(attribute='hostname') | list | unique | list | difference(bond_create_eligible | map(attribute='hostname') | list | unique | list) }}" + bond_update_force_hosts: "{{ (bond_update_list | default([])) | map(attribute='hostname') | list | unique | list | difference(bond_update_eligible | map(attribute='hostname') | list | unique | list) }}" + ansible.builtin.set_fact: + bond_create_force: "{{ (bond_create_list | default([])) | selectattr('hostname','in', bond_create_force_hosts) | list }}" + bond_update_force: "{{ (bond_update_list | default([])) | selectattr('hostname','in', bond_update_force_hosts) | list }}" + force_hosts_unique: "{{ (bond_create_force_hosts + bond_update_force_hosts) | unique | list }}" + + - name: Mark machines broken for forced bond updates + when: + - (maas_force_machine_update | default(false) | bool) + - force_hosts_unique | length > 0 + loop: "{{ force_hosts_unique }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - machine + - mark-broken + - "{{ maas_by_hostname[item].system_id }}" + register: mark_broken_result + # Treat only *other* non-zero failures as fatal + failed_when: > + (mark_broken_result.rc != 0) and + ('No rack controllers can access the BMC of node' not in (mark_broken_result.stdout | default(''))) and + ('No rack controllers can access the BMC of machine' not in (mark_broken_result.stdout | default(''))) + # Still count as "changed" so downstream tasks run + changed_when: > + (mark_broken_result.rc == 0) or + ('No rack controllers can access the BMC' in (mark_broken_result.stdout | default(''))) + + - name: Create bonds (forced, machine temporarily broken) + when: + - (maas_force_machine_update | default(false) | bool) + - bond_create_force | length > 0 + loop: "{{ bond_create_force }}" + loop_control: + label: "{{ item.hostname }} -> {{ item.name }}" + vars: + parents_csv: "{{ item.parent_ids | map('string') | join(',') }}" + bond_create_argv: >- + {{ + [ + 'maas', + maas_admin_username, + 'interfaces', + 'create-bond', + item.sid, + 'name=' ~ item.name, + 'bond_mode=' ~ (item.mode | default('802.3ad')), + 'parents=' ~ parents_csv, + 'mtu=' ~ (item.mtu | default(9000) | string) + ] + + ((item.vlan is defined) | ternary(['vlan=' ~ (item.vlan | string)], [])) + }} + ansible.builtin.command: + argv: "{{ bond_create_argv }}" + register: bond_create_force_results + changed_when: true + + # Read all fabrics and vlans to build a vid -> vlan_id map + - name: Read fabrics + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", fabrics, read ] + register: maas_fabrics + changed_when: false + + - name: Build list of fabric IDs + ansible.builtin.set_fact: + fabric_ids: "{{ (maas_fabrics.stdout | from_json) | map(attribute='id') | list | unique }}" + + - name: Read VLANs for each fabric + loop: "{{ fabric_ids }}" + loop_control: { label: "fabric={{ item }}" } + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", vlans, read, "{{ item }}" ] + register: maas_vlans_reads + changed_when: false + + - name: Build vid -> vlan_id map + ansible.builtin.set_fact: + vid_to_vlan_id: >- + {{ + dict( + (maas_vlans_reads.results | map(attribute='stdout') | map('from_json') | list) + | sum(start=[]) + | map(attribute='vid') | list + | zip( + (maas_vlans_reads.results | map(attribute='stdout') | map('from_json') | list) + | sum(start=[]) + | map(attribute='id') | list + ) + ) + }} + + # For each bond needing a VLAN, compute the MAAS VLAN id + - name: Build bond->vlan_id updates + when: bond_update_eligible | length > 0 + loop: "{{ bond_update_eligible }}" + loop_control: { label: "{{ item.hostname }} -> {{ item.name }}" } + vars: + bond_cfg: "{{ (maas_bonds | selectattr('name','equalto', item.name) | first) | default({}) }}" + desired_vid: "{{ bond_cfg.vlan | default(None) }}" + vlan_id: "{{ (desired_vid is not none) | ternary(vid_to_vlan_id.get(desired_vid), None) }}" + ansible.builtin.set_fact: + bond_vlan_updates: >- + {{ + (bond_vlan_updates | default([])) + + ([{ + 'sid': item.sid, + 'bond_id': item.have_bond_id, + 'vlan_id': vlan_id + }] if vlan_id is not none else []) + }} + + - name: Attach bond to VLAN (set vlan=VLAN_ID) + when: (bond_vlan_updates | default([])) | length > 0 + loop: "{{ bond_vlan_updates }}" + loop_control: + label: "{{ item.sid }} -> bond {{ item.bond_id }} vlan={{ item.vlan_id }}" + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - interface + - update + - "{{ item.sid }}" + - "{{ item.bond_id }}" + - "vlan={{ item.vlan_id }}" + register: bond_vlan_set + changed_when: true + + - name: Update bonds (forced, machine temporarily broken) + when: + - (maas_force_machine_update | default(false) | bool) + - bond_update_force | length > 0 + - member_drift or (item.mode is defined) or (item.mtu is defined) + loop: "{{ bond_update_force }}" + loop_control: { label: "{{ item.hostname }} -> {{ item.name }} (id={{ item.have_bond_id }})" } + vars: + parents_csv: "{{ item.parent_ids | map('string') | join(',') }}" + bond_update_force_argv: >- + {{ + [ + 'maas', + maas_admin_username, + 'interface', + 'update', + item.sid, + (item.have_bond_id | string), + 'bond_mode=' ~ (item.mode | default('802.3ad')), + 'parents=' ~ parents_csv, + 'mtu=' ~ (item.mtu | default(9000) | string) + ] + }} + ansible.builtin.command: + argv: "{{ bond_update_force_argv }}" + register: bond_update_force_results + changed_when: true + + - name: Mark machines fixed after forced bond updates + when: + - (maas_force_machine_update | default(false) | bool) + - force_hosts_unique | length > 0 + loop: "{{ force_hosts_unique }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - machine + - mark-fixed + - "{{ maas_by_hostname[item].system_id }}" + register: mark_fixed_result + failed_when: > + (mark_fixed_result.rc != 0) and + ('No rack controllers can access the BMC of node' not in (mark_fixed_result.stdout | default(''))) and + ('No rack controllers can access the BMC of machine' not in (mark_fixed_result.stdout | default(''))) + changed_when: > + (mark_fixed_result.rc == 0) or + ('No rack controllers can access the BMC' in (mark_fixed_result.stdout | default(''))) + + - name: Read machine details to inspect power parameters + vars: + hostname: "{{ item.split('.')[0] | lower }}" + sid: "{{ maas_by_hostname.get(hostname, {}).get('system_id') | default(omit) }}" + when: sid is defined + loop: "{{ groups['testnodes'] | default([]) }}" + loop_control: { label: "{{ item }}" } + ansible.builtin.command: + argv: [ maas, "{{ maas_admin_username }}", machine, read, "{{ sid }}" ] + register: machine_reads + changed_when: false + + - name: Build map of current power settings + when: machine_reads is defined and machine_reads.results is defined + ansible.builtin.set_fact: + power_map: >- + {{ + dict( + machine_reads.results + | selectattr('stdout','defined') + | map(attribute='item') + | map('split','.') | map('first') | list + | zip(machine_reads.results | map(attribute='stdout') | map('from_json')) + ) + }} + + - name: Select update candidates + ansible.builtin.set_fact: + update_candidates: >- + {{ + to_update + | selectattr('drift', 'defined') + | selectattr('drift', 'ne', []) + | list + }} + + # A) Try IPMI for each update-candidate that *wants* ipmi and has an address + - name: Probe IPMI for update candidates + loop: "{{ update_candidates }}" + loop_control: { label: "{{ item.hostname }} -> {{ ipmi_addr }}" } + vars: + ipmi_addr: "{{ desired_by_hostname[item.hostname].ipmi_address | default('') }}" + ansible.builtin.command: + argv: + - ipmitool + - -I + - lanplus + - -H + - "{{ ipmi_addr }}" + - -U + - "{{ maas_ipmi_username }}" + - -P + - "{{ maas_ipmi_password }}" + - -N + - "1" + - -R + - "1" + - chassis + - power + - status + register: ipmi_probe_update + changed_when: false + failed_when: false + when: + - update_candidates | default([]) | length > 0 + - (item.power_type | default('manual')) == 'ipmi' + - ipmi_addr | length > 0 + - maas_ipmi_username is defined + - maas_ipmi_password is defined + + # B) Build "hostname -> ipmi_ok" (rc == 0) lookup for updates + - name: Init IPMI OK map for updates + when: ipmi_probe_update is defined + ansible.builtin.set_fact: + ipmi_ok_update_map: {} + + - name: Accumulate IPMI OK map for updates + when: ipmi_probe_update is defined + loop: "{{ ipmi_probe_update.results }}" + loop_control: { label: "{{ item.item.hostname }} rc={{ item.rc }}" } + ansible.builtin.set_fact: + ipmi_ok_update_map: >- + {{ + (ipmi_ok_update_map | default({})) + | combine({ (item.item.hostname): ((item.rc | int) == 0) }) + }} + + # C) Produce update list with an *effective* power_type (ipmi if ok, else manual) + - name: Init effective update list + ansible.builtin.set_fact: + update_candidates_effective: [] + + - name: Compute effective power_type for updates + when: update_candidates | default([]) | length > 0 + loop: "{{ update_candidates }}" + loop_control: { label: "{{ item.hostname }}" } + ansible.builtin.set_fact: + update_candidates_effective: >- + {{ + (update_candidates_effective | default([])) + + [ item | combine({ + 'ipmi_address': (desired_by_hostname[item.hostname].ipmi_address | default('')), + 'effective_power_type': + ( + ((item.power_type | default('manual')) == 'ipmi') + and (ipmi_ok_update_map | default({})).get(item.hostname, false) + ) + | ternary('ipmi','manual') + }) ] + }} + + - name: Update machines (ipmi reachable) + when: update_candidates_effective | selectattr('effective_power_type','equalto','ipmi') | list | length > 0 + loop: "{{ update_candidates_effective | selectattr('effective_power_type','equalto','ipmi') | list }}" + loop_control: { label: "{{ item.hostname }}" } + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - machine + - update + - "{{ item.system_id }}" + - "hostname={{ item.hostname }}" + - "architecture={{ item.arch }}" + - "power_type=ipmi" + - "mac_addresses={{ item.mac }}" + - "power_parameters_power_address={{ item.ipmi_address | default('') }}" + - "power_parameters_power_user={{ maas_ipmi_username }}" + - "power_parameters_power_pass={{ maas_ipmi_password }}" + + - name: Update machines (fallback to manual) + when: update_candidates_effective | selectattr('effective_power_type','equalto','manual') | list | length > 0 + loop: "{{ update_candidates_effective | selectattr('effective_power_type','equalto','manual') | list }}" + loop_control: { label: "{{ item.hostname }}" } + ansible.builtin.command: + argv: + - maas + - "{{ maas_admin_username }}" + - machine + - update + - "{{ item.system_id }}" + - "hostname={{ item.hostname }}" + - "architecture={{ item.arch }}" + - "power_type=manual" + - "mac_addresses={{ item.mac }}" + + - name: These machines need to be updated but were skipped for being in the wrong state + run_once: true + when: + - not (maas_force_machine_update | default(false) | bool) + - ((bond_skipped_due_to_state | default([])) | length > 0) or + ((machines_skipped_due_to_state | default([])) | length > 0) + ansible.builtin.debug: + msg: >- + These machines need to be updated but were skipped for being in the wrong state: + {{ + ((bond_skipped_due_to_state | default([])) + (machines_skipped_due_to_state | default([]))) + | unique | sort | list + }} diff --git a/roles/maas/tasks/machines/_apply_one_iface.yml b/roles/maas/tasks/machines/_apply_one_iface.yml new file mode 100644 index 00000000..a50bec84 --- /dev/null +++ b/roles/maas/tasks/machines/_apply_one_iface.yml @@ -0,0 +1,445 @@ +--- +# TODOs: +# - REMOVE VLAN interfaces that should not exist + +# Fresh auth (nonce) for any API calls in this include +- include_tasks: ../_auth_header.yml + +# Normalize incoming iface object; never use a loop var named "iface" anywhere. +- name: Normalize iface object + set_fact: + iface: "{{ iface_obj }}" + +# Ensure we have a vlan map; if empty, fetch it from MAAS +- name: Ensure vlan map exists + set_fact: + _vlan_by_vid: "{{ _vlan_by_vid | default({}) }}" + +- name: Read all fabrics (for VLAN lookup) + when: (_vlan_by_vid | length) == 0 + uri: + url: "{{ _maas_api }}/fabrics/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: yes + status_code: 200 + register: _fabrics_resp + no_log: true + +# Flatten all VLANs from every fabric into one list +- name: Collect all VLANs from fabrics payload + when: + - (_vlan_by_vid | length) == 0 + - _fabrics_resp.json is defined + set_fact: + _all_vlans: "{{ (_fabrics_resp.json | map(attribute='vlans') | list) | flatten }}" + +# Build { "": , ... } for fast lookup +- name: Build _vlan_by_vid map (keyed by VID as string) + when: + - (_vlan_by_vid | length) == 0 + - _all_vlans is defined + set_fact: + _vlan_by_vid: >- + {{ + dict( + (_all_vlans | map(attribute='vid') | map('string') | list) + | zip(_all_vlans) + ) + }} + +# Build quick lookups +- name: Build interface lookups + set_fact: + _iface_id_by_mac: >- + {{ + dict( + (_ifaces | selectattr('mac_address','defined') + | map(attribute='mac_address') + | map('lower') | list) + | zip(_ifaces | map(attribute='id')) + ) + }} + _iface_name_by_id: >- + {{ + dict( + (_ifaces | selectattr('id','defined') | map(attribute='id') | list) + | zip(_ifaces | selectattr('name','defined') | map(attribute='name') | list) + ) + }} + +# Normalize VLAN lookup for int/string keys +- name: Build VLAN lookup (int & string keys) + set_fact: + _vlan_lookup: >- + {{ + (_vlan_by_vid | default({})) + | combine( + dict(((_vlan_by_vid | default({})).keys() | list | map('string') | list) + | zip((_vlan_by_vid | default({})).values())), + recursive=True + ) + }} + +# Resolve node system_id from interface facts (avoids mismatch) +- name: Resolve node system_id for interface ops + set_fact: + _node_system_id: >- + {{ + (_ifaces | length) > 0 and ((_ifaces | first).system_id) or system_id + }} + +# Validate prefix_mac exists +- name: "Ensure {{ prefix }}_mac exists for {{ iface.prefix }}" + assert: + that: + - iface.prefix is defined + - hostvars[inv_host][iface.prefix ~ '_mac'] is defined + fail_msg: "Missing {{ iface.prefix }}_mac for {{ inv_host }}" + +# Resolve parent MAC from inventory (normalize to lower) +- name: Set _parent_mac + set_fact: + _parent_mac: "{{ hostvars[inv_host][iface.prefix ~ '_mac'] | string | lower }}" + +# Try to resolve an interface id for this MAC +- name: Resolve parent interface id + set_fact: + _parent_id: "{{ _iface_id_by_mac.get(_parent_mac) | default(None) }}" + +- include_tasks: ../_auth_header.yml + +# Optionally create missing PHYSICAL interface (when allowed) +- name: "Create missing physical interface for {{ host }}" + when: + - (_parent_id is none) or (_parent_id | string) == '' + - (maas_allow_create_physical | default(true)) | bool + uri: + url: "{{ _maas_api }}/nodes/{{ _node_system_id }}/interfaces/?op=create_physical" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body_format: form-urlencoded + body: + type: "physical" + mac_address: "{{ _parent_mac }}" + # name: "{{ iface.prefix }}" # optional; MAAS may auto-name (ethX) + status_code: [200, 201] + return_content: true + register: _create_phys + no_log: true + +- include_tasks: ../_auth_header.yml + +# Refresh interfaces + lookups after possible create +- name: Refresh MAAS interface facts after create (if needed) + when: + - _create_phys is defined + uri: + url: "{{ _maas_api }}/nodes/{{ _node_system_id }}/interfaces/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + status_code: 200 + register: _ifaces_after_create + no_log: true +- name: Re-set _ifaces after create + when: + - _ifaces_after_create is defined + set_fact: + _ifaces: "{{ _ifaces_after_create.json | list }}" + +- name: Rebuild interface facts + maps after create + when: + - _ifaces_after_create is defined + set_fact: + _iface_id_by_mac: >- + {{ + dict( + (_ifaces | selectattr('mac_address','defined') | map(attribute='mac_address') + | map('lower') | list) + | zip(_ifaces | map(attribute='id')) + ) + }} + _iface_id_by_name: >- + {{ + dict( + (_ifaces | selectattr('name','defined') | map(attribute='name') | list) + | zip(_ifaces | map(attribute='id')) + ) + }} + _iface_name_by_id: >- + {{ + dict( + (_ifaces | selectattr('id','defined') | map(attribute='id') | list) + | zip(_ifaces | selectattr('name','defined') | map(attribute='name') | list) + ) + }} + +# Resolve again now that we may have created it +- name: Resolve parent interface id (post-create) + when: (_parent_id is none) or (_parent_id | string) == '' + set_fact: + _parent_id: "{{ _iface_id_by_mac.get(_parent_mac) | default(None) }}" + +# If still missing, fail cleanly (or switch to 'warn + skip' if you prefer) +- name: Abort when parent interface is missing and auto-create disabled/failed + when: _parent_id is none + fail: + msg: >- + Could not find or create physical interface with MAC {{ _parent_mac }} + on {{ inv_host }} (system_id={{ _node_system_id }}). + Either re-commission the node or allow auto-create via + maas_allow_create_physical=true. + +# Load parent object (safe now) +- name: Load parent interface object + set_fact: + _parent_obj: "{{ (_ifaces | selectattr('id','equalto', (_parent_id|int)) | list | first) | default({}) }}" + +- name: Ensure prerequisites for bond MAC match exist + set_fact: + _desired_bonds: "{{ _desired_bonds | default([]) }}" + _parent_mac: "{{ _parent_mac | string | lower }}" + _bond_match: {} + +- name: Collect matching bond (by MAC) for this parent + set_fact: + _bond_match: "{{ bond }}" + loop: "{{ _desired_bonds }}" + loop_control: + loop_var: bond + label: "{{ bond.name | default('∅') }}" + when: + - bond.interfaces is defined + - bond.native_vid is defined + - _parent_mac in (bond.interfaces | map('extract', hostvars[inv_host]) | map('string') | map('lower') | list) + +- name: Inherit native VLAN from matched bond + set_fact: + _effective_native_vid: "{{ _bond_match.native_vid }}" + _effective_native_vlan_id: "{{ _vlan_lookup[_bond_match.native_vid | string].id }}" + when: + - _bond_match is mapping + - _bond_match | length > 0 + - _bond_match.native_vid is defined + - (_bond_match.native_vid | string) in _vlan_lookup + +# If the loaded parent is a VLAN (e.g. eth0.1300), use its physical parent (e.g. eth0) +- name: Detect if loaded parent is a VLAN + set_fact: + _parent_is_vlan: "{{ _parent_obj is mapping and (_parent_obj.type | default('')) == 'vlan' }}" + +- name: Extract physical parent name from VLAN + when: _parent_is_vlan + set_fact: + _phys_parent_name: "{{ (_parent_obj.parents | default([])) | first | default('') }}" + +- name: Resolve physical parent object by name from _ifaces + when: _parent_is_vlan and (_phys_parent_name | length) > 0 + set_fact: + _phys_parent_obj: >- + {{ + (_ifaces | default([]) + | selectattr('name','equalto', _phys_parent_name) + | list | first) | default({}, true) + }} + +- name: Set parent_id to the physical iface id (obj → name map → keep old) + when: _parent_is_vlan + set_fact: + _parent_id: >- + {{ + _phys_parent_obj.id + | default(_iface_id_by_name.get(_phys_parent_name), true) + | default(_parent_id, true) + }} + _parent_obj: >- + {{ + (_phys_parent_obj if (_phys_parent_obj | length > 0) else _parent_obj) + }} + +# Safety net so we never send parent=0 again +- name: Assert parent interface id resolved before creating VLAN subinterface + assert: + that: + - _parent_id is defined + - (_parent_id | int) > 0 + fail_msg: >- + Could not resolve physical parent for '{{ iface.prefix }}'. + parent_obj={{ _parent_obj | default({}) }} maps: by_name={{ _iface_id_by_name | default({}) }}. + + +# Only check type if we actually have an object +- name: Ensure parent is physical/bond before native VLAN update + when: _parent_obj is mapping and _parent_obj.type is defined + assert: + that: + - _parent_obj.type in ['physical','bond'] + fail_msg: "Native VLAN can only be set on a physical/bond parent (id={{ _parent_id }})." + +- include_tasks: ../_auth_header.yml + +- name: Check current native on parent + set_fact: + _current_native: "{{ (_ifaces | selectattr('id','equalto', (_parent_id|int)) | map(attribute='vlan') | list | first) | default(None) }}" + +- name: Set _current_native_id from _current_native dict. Default to 0. + set_fact: + _current_native_id: >- + {{ (_current_native.id | int) + if (_current_native is mapping) + else 0 }} + +# If iface.native_vid is missing, and bond logic didn’t set anything, fallback to 'untagged' +- name: Derive native VID from _vlan_lookup when native_vid is missing + when: + - iface.native_vid is not defined + - _effective_native_vlan_id is not defined + set_fact: + _effective_native_vid: >- + {{ + (_vlan_lookup + | dict2items + | selectattr('value.name','equalto','untagged') + | map(attribute='value.vid') + | list + | first) | default(omit) + }} + +- name: Resolve native VLAN ID from VID + when: _effective_native_vid is defined + set_fact: + _effective_native_vlan_id: "{{ _vlan_lookup[_effective_native_vid|string].id }}" + +# Figure out what ID to send to MAAS +- name: Choose final native VLAN id to apply + set_fact: + _native_vlan_id_to_apply: >- + {{ + (iface.get('native_vid') is not none) + | ternary( + _vlan_lookup[iface.get('native_vid')|string].id, + _effective_native_vlan_id | default(omit) + ) + }} + +# Only if we actually have an ID, and parent is physical/bond +- name: "Set native VLAN on {{ host }}'s {{ _parent_obj.name }} (if different)" + when: + - _native_vlan_id_to_apply is defined + - _current_native is defined + - (_current_native_id | int) != (_native_vlan_id_to_apply | int) + - (_ifaces | selectattr('id','equalto', (_parent_id|int)) | map(attribute='type') | list | first) in ['physical','bond'] + uri: + url: "{{ _maas_api }}/nodes/{{ _node_system_id }}/interfaces/{{ _parent_id }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body_format: form-urlencoded + body: + vlan: "{{ _native_vlan_id_to_apply }}" + link_connected: true + status_code: 200 +# no_log: true + +- include_tasks: ../_auth_header.yml + +# --- Index existing VLAN subinterfaces (by parent_id + vlan_id) ---------------- +- name: Init list of existing VLAN subinterfaces + set_fact: + _existing_vlan_pairs: [] + +# Optional (fast lookup): build name -> id map once +- name: Build iface name→id map + set_fact: + _iface_name_to_id: "{{ dict(_ifaces | map(attribute='name') | zip(_ifaces | map(attribute='id'))) }}" + +# Collect existing VLAN subinterfaces (translate parent name -> id) +- name: Collect existing VLAN subinterfaces (translate parent name -> id) + vars: + _parent_name: "{{ vlan_iface.parents | default([]) | first }}" + _parent_id: "{{ (_iface_name_to_id | default({})).get(_parent_name) | default(omit) }}" + _pair: + id: "{{ vlan_iface.id }}" + name: "{{ vlan_iface.name }}" + parent_name: "{{ _parent_name }}" + parent_id: "{{ _parent_id }}" + vlan_id: "{{ vlan_iface.vlan.id }}" + set_fact: + _existing_vlan_pairs: "{{ (_existing_vlan_pairs | default([])) + [_pair] }}" + loop: "{{ _ifaces | selectattr('type','equalto','vlan') | list }}" + loop_control: + loop_var: vlan_iface + label: "{{ vlan_iface.name }} ← {{ _parent_name }} (vlan_id={{ vlan_iface.vlan.id }})" + +- name: Ensure tagged VLAN subinterfaces exist (?op=create_vlan) # guarded + when: + - iface.tagged_vids is defined + - vid in iface.tagged_vids + - _vlan_lookup[vid|string] is defined + - ( + _existing_vlan_pairs + | selectattr('parent_id','equalto', (_parent_id|int)) + | selectattr('vlan_id','equalto', _vlan_lookup[vid|string].id) + | list | length + ) == 0 + uri: + url: "{{ _maas_api }}/nodes/{{ _node_system_id }}/interfaces/?op=create_vlan" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body_format: form-urlencoded + body: + parent: "{{ _parent_id }}" + vlan: "{{ _vlan_lookup[vid|string].id }}" + status_code: [200] + return_content: true + loop: "{{ iface.tagged_vids | default([]) }}" + loop_control: + loop_var: vid + label: "{{ iface.prefix }} → VID {{ vid }}" + register: _create_vlan_results + failed_when: > + (_create_vlan_results.status | default(0)) != 200 and + ('already has an interface named' not in + ( + (_create_vlan_results.content | default('') | lower) ~ ' ' ~ + (_create_vlan_results.msg | default('') | lower) ~ ' ' ~ + ((_create_vlan_results.json.name | default([])) | join(' ') | lower) + ) + ) + #no_log: true + +- name: Skip note (VLAN subinterface already present) + debug: + msg: >- + Skipping create: parent_id={{ _parent_id }} already has vlan_id={{ _vlan_lookup[vid|string].id }} + ({{ iface.prefix }}.{{ vid }}) + loop: "{{ iface.tagged_vids | default([]) }}" + loop_control: + loop_var: vid + label: "{{ iface.prefix }} → VID {{ vid }}" + when: + - iface.tagged_vids is defined + - > + (_existing_vlan_pairs + | selectattr('parent_id','equalto', (_parent_id|int)) + | selectattr('vlan_id','equalto', _vlan_lookup[vid|string].id) + | list | length) > 0 + +- name: Rebuild interface facts + maps after create (if any changed) + when: + - _create_vlan_results is defined + - (_create_vlan_results.results | selectattr('status','defined') | list | length) > 0 + include_tasks: machines/_refresh_iface_facts.yml diff --git a/roles/maas/tasks/machines/_apply_subnet.yml b/roles/maas/tasks/machines/_apply_subnet.yml new file mode 100644 index 00000000..10be2e91 --- /dev/null +++ b/roles/maas/tasks/machines/_apply_subnet.yml @@ -0,0 +1,174 @@ +# roles/maas/tasks/machines/_apply_subnet.yml +# Expects: iface (id, name, vlan_id[, type]), candidate_subnets (list), system_id, _maas_api, maas_auth_header +# Optional: iface.desired_mode or maas_iface_mode_default (defaults to "DHCP") + +# Safety: only operate on bond/vlan interfaces if iface.type is provided +- block: + - name: Choose subnet for {{ iface.name }} + set_fact: + _chosen_subnet: >- + {{ + ( + candidate_subnets + | selectattr('managed','defined') + | selectattr('managed','eq', true) + | list + | first + ) + | default((candidate_subnets | first), true) + }} + + - name: Skip if no candidate subnets for VLAN {{ iface.vlan_id }} + when: (candidate_subnets | length) == 0 + debug: + msg: "No subnets on VLAN {{ iface.vlan_id }}; leaving {{ iface.name }} unchanged." + + - block: + - include_tasks: _auth_header.yml + + - name: Read current interface links + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/{{ iface.id }}/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: yes + status_code: 200 + register: _if_detail + no_log: true + + # ------------------------- + # Normalize / derive facts + # ------------------------- + - name: Compute candidate subnet IDs and desired mode + set_fact: + _candidate_ids: "{{ candidate_subnets | map(attribute='id') | list }}" + _desired_mode: "{{ iface.desired_mode | default(maas_iface_mode_default | default('DHCP')) }}" + + # Normalize links to a predictable shape + - name: Normalize current links on iface + set_fact: + _links_norm: [] + - name: Append normalized link + set_fact: + _links_norm: >- + {{ + _links_norm + [ + { + 'id': l.id | default(omit), + 'subnet_id': ( + l.subnet.id + if (l.subnet is mapping and (l.subnet.id is defined)) + else (l.subnet if (l.subnet is defined) else omit) + ), + 'mode': (l.mode | default('AUTO')), + 'ip_address': l.ip_address | default(omit), + 'default_gateway': l.default_gateway | default(false) + } + ] + }} + loop: "{{ _if_detail.json.links | default([]) }}" + loop_control: + loop_var: l + + - name: Collect existing links on this VLAN + set_fact: + _existing_on_vlan: >- + {{ + _links_norm + | selectattr('subnet_id', 'defined') + | selectattr('subnet_id', 'in', _candidate_ids) + | list + }} + + # Select first existing link (if any) + - name: Select first existing link (if any) + set_fact: + _existing_link: >- + {{ + (_existing_on_vlan | list) | first | default(omit, true) + }} + _has_link_on_vlan: "{{ (_existing_on_vlan | length | int) > 0 }}" + _current_mode: "{{ (_existing_on_vlan | first).mode | default(None) if (_existing_on_vlan | length | int) > 0 else None }}" + _mode_mismatch: >- + {{ + (_existing_on_vlan | length | int) > 0 and + (((_existing_on_vlan | first).mode | default('') | upper) + != (_desired_mode | upper)) + }} + + # ------------------------- + # Actions + # ------------------------- + - include_tasks: _auth_header.yml + + # Case 1: No link on this VLAN -> link with desired mode + - name: Link subnet with desired mode (no existing link) + when: + - not _has_link_on_vlan + - _chosen_subnet is defined + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/{{ iface.id }}/?op=link_subnet" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body_format: form-urlencoded + body: + mode: "{{ _desired_mode }}" # DHCP / STATIC / AUTO / LINK_UP + subnet: "{{ _chosen_subnet.id }}" # integer id + status_code: [200, 201, 409] + no_log: true + + # Case 2: Link exists but wrong mode -> unlink then relink with desired mode + - name: Unlink existing subnet (mode mismatch) + when: + - _mode_mismatch + - _existing_link is defined + - _existing_link.id is defined + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/{{ iface.id }}/?op=unlink_subnet" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body_format: form-urlencoded + body: + id: "{{ _existing_link.id }}" + status_code: [200, 204, 409] + no_log: true + + - include_tasks: _auth_header.yml + when: _mode_mismatch + + - name: Relink subnet with desired mode (after unlink) + when: + - _mode_mismatch + - _chosen_subnet is defined + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/{{ iface.id }}/?op=link_subnet" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body_format: form-urlencoded + body: + mode: "{{ _desired_mode }}" + subnet: "{{ _chosen_subnet.id }}" + status_code: [200, 201, 409] + no_log: true + + # Case 3: Already correct -> noop + - name: Note existing correct link + when: + - _has_link_on_vlan + - not _mode_mismatch + debug: + msg: >- + "{{ iface.name }} already linked to VLAN {{ iface.vlan_id }} subnet with mode {{ _current_mode }}; skipping." + when: (candidate_subnets | length) > 0 + when: (iface.type is not defined) or (iface.type in ['bond','vlan']) diff --git a/roles/maas/tasks/machines/_build_indexes.yml b/roles/maas/tasks/machines/_build_indexes.yml new file mode 100644 index 00000000..2d17367a --- /dev/null +++ b/roles/maas/tasks/machines/_build_indexes.yml @@ -0,0 +1,106 @@ +--- +- name: Init _nodes dict + set_fact: + _nodes: "{{ maas_nodes_list | selectattr('hostname','defined') | list }}" + no_log: true + +- debug: var=_nodes +#- pause: + +- name: Build maps keyed by FQDN (single pass, no loop) + set_fact: + maas_by_hostname: >- + {{ dict( + _nodes | map(attribute='hostname') + | zip(_nodes) + ) }} + maas_host_to_macs: >- + {{ dict( + _nodes | map(attribute='hostname') + | zip( + _nodes + | map(attribute='interface_set') + | map('default', []) + | map('map', attribute='mac_address') + | map('list') + ) + ) }} + maas_host_to_ifaces: >- + {{ dict( + _nodes | map(attribute='hostname') + | zip( + _nodes | map(attribute='interface_set') | map('default', []) + ) + ) }} + maas_host_to_status: >- + {{ dict( + _nodes | map(attribute='hostname') + | zip(_nodes | map(attribute='status_name')) + ) }} + no_log: true + +# Short names list (dedup check can use this) +# Build short name list (from MAAS payload, no regex needed) +- name: Build short name list + set_fact: + _short_names: >- + {{ + (maas_by_hostname | default({})) + | dict2items + | map(attribute='value.hostname') + | reject('equalto', None) + | list + }} + +# short -> id +- name: Build maas_short_to_id + set_fact: + maas_short_to_id: >- + {{ + dict( + ( + (maas_by_hostname | default({})) + | dict2items + | map(attribute='value.hostname') + | reject('equalto', None) + ) + | zip( + (maas_by_hostname | default({})) + | dict2items + | map(attribute='value.system_id') + ) + ) + }} + +# short -> object +- name: Build maas_by_short + set_fact: + maas_by_short: >- + {{ + dict( + ( + (maas_by_hostname | default({})) + | dict2items + | map(attribute='value.hostname') + | reject('equalto', None) + ) + | zip( + (maas_by_hostname | default({})) + | dict2items + | map(attribute='value') + ) + ) + }} + no_log: true + +# short -> ansible inventory_host +- name: Build inventory_by_short + set_fact: + inventory_by_short: >- + {{ + (inventory_by_short | default({})) + | combine({ (inv_fqdn.split('.')[0]): inv_fqdn }) + }} + loop: "{{ groups['testnodes'] }}" + loop_control: + loop_var: inv_fqdn diff --git a/roles/maas/tasks/machines/_create_vlan_on_parent.yml b/roles/maas/tasks/machines/_create_vlan_on_parent.yml new file mode 100644 index 00000000..14e08265 --- /dev/null +++ b/roles/maas/tasks/machines/_create_vlan_on_parent.yml @@ -0,0 +1,43 @@ +--- +# Expected vars (passed by caller): +# - parent_id (int/string MAAS iface ID of the parent, e.g. bond id) +# - vlan_id (int/string MAAS VLAN object id, not VID) +# - system_id (MAAS node system_id, e.g. gseprg) +# - vid_label (optional, for nicer labels/logging) + +- name: Validate required vars + fail: + msg: >- + Missing var(s). parent_id={{ parent_id|default('UNSET') }}, + vlan_id={{ vlan_id|default('UNSET') }}, + system_id={{ system_id|default('UNSET') }} + when: parent_id is not defined or vlan_id is not defined or system_id is not defined + +# Optional: quick sanity that the parent exists in _ifaces (if _ifaces available) +- name: Sanity-check parent exists on node (optional) + vars: + _parent_found: >- + {{ + (_ifaces | selectattr('id','equalto', parent_id|int) | list | length) > 0 + }} + when: + - _ifaces is defined + - not _parent_found | bool + fail: + msg: "Parent interface id {{ parent_id }} not found on node {{ system_id }}" + +- include_tasks: ../_auth_header.yml + +- name: "POST op=create_vlan (parent={{ parent_id }}, vlan={{ vlan_id }})" + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/?op=create_vlan" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body: "parent={{ parent_id }}&vlan={{ vlan_id }}" + body_format: form-urlencoded + status_code: 200 + register: _create_vlan_resp + changed_when: true diff --git a/roles/maas/tasks/machines/_ensure_bond.yml b/roles/maas/tasks/machines/_ensure_bond.yml new file mode 100644 index 00000000..d37fb11f --- /dev/null +++ b/roles/maas/tasks/machines/_ensure_bond.yml @@ -0,0 +1,570 @@ +--- +# Assumes incoming vars: +# - system_id +# - bond: { name, mode, mtu, link_speed?, interfaces[] or parents[], tagged_vids? } +# - _ifaces: current MAAS interface list for node (from your refresh task) +# - _vlan_lookup: { vid(str) -> vlan_obj with .id } +# Uses ../_auth_header.yml to set maas_auth_header for MAAS API calls. + +- name: Reset per-bond scratch facts + set_fact: + _existing_bond_obj: {} + _existing_bond_id: 0 + _desired_parent_tokens: [] + _desired_parent_macs: [] + _bond_parent_ids: [] + _bond_parent_names: [] + _bond_existing_tagged_vids: [] + _bond_desired_tagged_vids: [] + +- name: Build iface lookup maps (name→mac, mac→id, id→name) + set_fact: + _name_to_mac: "{{ dict(_ifaces | map(attribute='name') | zip(_ifaces | map(attribute='mac_address') | map('lower'))) }}" + _name_to_mac_ci: "{{ dict((_ifaces | map(attribute='name') | map('lower')) | zip(_ifaces | map(attribute='mac_address') | map('lower'))) }}" + _mac_to_id: "{{ dict(_ifaces | map(attribute='mac_address') | map('lower') | zip(_ifaces | map(attribute='id'))) }}" + _id_to_name: "{{ dict(_ifaces | map(attribute='id') | zip(_ifaces | map(attribute='name'))) }}" + _iface_by_name: "{{ dict(_ifaces | map(attribute='name') | zip(_ifaces)) }}" + +- name: Build id→name map with INT keys + set_fact: + _id_to_name_int: >- + {{ + dict( + (_iface_by_name | dict2items | map(attribute='value.id') | list) + | zip(_iface_by_name | dict2items | map(attribute='key') | list) + ) + }} + +- name: Build mac→id map for physical/virtual (exclude bonds) + set_fact: + _mac_to_id_phys: >- + {{ + dict( + (_ifaces + | rejectattr('type', 'equalto', 'bond') + | map(attribute='mac_address') + | map('lower') + | list) + | + zip( + _ifaces + | rejectattr('type', 'equalto', 'bond') + | map(attribute='id') + | list + ) + ) + }} + +- name: Collect desired parent tokens (could be var names or MACs) + set_fact: + _desired_parent_tokens: "{{ (bond.interfaces | default(_bond_parent_names) | default([])) | map('string') | list }}" + +# init +- name: Resolve inventory host for token lookup + set_fact: + _inv_host_resolved: "{{ inv_host | default(inventory_hostname) }}" + changed_when: false + +# init +- set_fact: + _desired_parent_macs: [] + _unresolved_tokens: [] + _unresolved_parent_tokens: [] + changed_when: false + +# Resolve each token to a MAC: +# precedence: direct MAC token → iface name (CI) → inventory var value +- name: Resolve desired parent tokens to MACs + vars: + mac_from_tok: "{{ (parent_tok | lower) if (parent_tok | lower is match('^([0-9a-f]{2}:){5}[0-9a-f]{2}$')) else '' }}" + mac_from_name: "{{ _name_to_mac_ci.get(parent_tok | lower, '') }}" + mac_from_var: "{{ (hostvars[_inv_host_resolved][parent_tok] | default('')) | string | lower }}" + mac_candidate: "{{ [mac_from_tok, mac_from_name, mac_from_var] | select('match','^([0-9a-f]{2}:){5}[0-9a-f]{2}$') | list | first | default('') }}" + set_fact: + _desired_parent_macs: "{{ _desired_parent_macs + [mac_candidate] if mac_candidate else _desired_parent_macs }}" + _unresolved_tokens: "{{ _unresolved_tokens + [parent_tok] if not mac_candidate else _unresolved_tokens }}" + loop: "{{ _desired_parent_tokens }}" + loop_control: + loop_var: parent_tok + +- name: Fail if any desired parents didn’t normalize to a MAC + assert: + that: + - _unresolved_tokens | length == 0 + fail_msg: "For bond {{ bond.name }}, could not resolve parent(s) to MACs: {{ _unresolved_tokens }}" + +- name: Find existing bond by name + set_fact: + _bond_by_name: >- + {{ + (_ifaces | selectattr('type','equalto','bond') + | selectattr('name','equalto', bond.name) + | list | first) | default({}) + }} + +# set from _bond_by_name (computed in the previous task) +- name: Cache bond object/id from _bond_by_name + set_fact: + _existing_bond_obj: "{{ _bond_by_name | default({}) }}" + _existing_bond_id: "{{ (_bond_by_name.id | default(0)) | int }}" + +# (delete the “If not found by name…” task — it does nothing) + +# now, only scan by parent MACs if the id is still 0 +- name: Scan bonds to match desired parent MACs (order-insensitive) + when: (_existing_bond_id | int) == 0 + set_fact: + _existing_bond_obj: >- + {{ + bond_iface if ( + ((bond_iface.parents | default([])) + | map('extract', _name_to_mac) | map('lower') | list | sort) + == _desired_parent_macs + ) + else _existing_bond_obj | default({}) + }} + _existing_bond_id: >- + {{ + ( + bond_iface.id if ( + ((bond_iface.parents | default([])) + | map('extract', _name_to_mac) | map('lower') | list | sort) + == _desired_parent_macs + ) + else _existing_bond_id | default(0) + ) | int + }} + loop: "{{ _ifaces | selectattr('type','equalto','bond') | list }}" + loop_control: + loop_var: bond_iface + + + +# 1) Compute observed parent MACs from the bond object +- name: Compute observed parent MACs + set_fact: + _observed_parent_macs: >- + {{ + (_existing_bond_obj.parents | default([])) + | map('extract', _name_to_mac) + | select('defined') + | map('lower') | list | sort + }} + +# 2) (Idempotent) normalize desired list just in case +- name: Normalize desired parent MACs + set_fact: + _desired_parent_macs: "{{ (_desired_parent_macs | default([])) | map('lower') | list | sort }}" + +# 3) Compare using normalized types/lists +- name: Compute MAC-based parent match flag + set_fact: + _bond_parents_match: "{{ (_existing_bond_id | int) > 0 and (_observed_parent_macs == _desired_parent_macs) }}" + +- name: Derive bond parent names from desired MACs (phys-only, robust to renames) + set_fact: + _bond_parent_names: >- + {{ + _desired_parent_macs + | map('extract', _mac_to_id_phys) + | select('defined') + | list + | map('int') + | map('extract', _id_to_name_int) + | list + }} + +- name: Require bond parent names + assert: + that: + - _bond_parent_names | length > 0 + - _bond_parent_names | length == (_desired_parent_macs | length) + fail_msg: >- + Could not derive parent names from desired MACs (got {{ _bond_parent_names | default([]) }}). + Check _mac_to_id_phys={{ _mac_to_id_phys }} and _id_to_name_int={{ _id_to_name_int }}. + +#- name: Compute desired parent IDs from MACs +# set_fact: +# _bond_parent_ids: >- +# {{ +# _desired_parent_macs +# | map('lower') +# | map('extract', _mac_to_id) +# | list +# }} + +- name: Compute desired parent IDs from MACs (prefer non-bond ifaces) + set_fact: + _bond_parent_ids: >- + {{ + _desired_parent_macs + | map('lower') + | map('extract', _mac_to_id_phys) + | list + }} + +- name: Assert we derived parent names + assert: + that: + - _bond_parent_names | length > 0 + fail_msg: >- + Could not derive parent names from MACs={{ _desired_parent_macs }}. + Known MAC->ID map={{ _iface_id_by_mac | to_nice_json }} id->name={{ _id_to_name | to_nice_json }} + +- name: Fail if any desired MACs are unknown to MAAS (non-bond) + vars: + _missing: >- + {{ + _desired_parent_macs + | map('lower') + | reject('in', _mac_to_id_phys.keys()) + | list + }} + assert: + that: + - _missing | length == 0 + - (_bond_parent_ids | select('gt', 0) | list | length) == (_bond_parent_ids | length) + fail_msg: >- + Unresolved parent MACs for {{ bond.name }}: {{ _missing }} + +- name: Temporarily set _bond_create_native_vid + set_fact: + _bond_create_native_vid: "{{ _vlan_lookup[bond.native_vid|string].id }}" + when: + - bond.native_vid is defined + - (bond.native_vid|string) in _vlan_lookup + +- name: Build create_bond payload (no link_speed on create) + when: not _bond_parents_match + set_fact: + _create_bond_qs: >- + {{ + ( + ['name=' ~ (bond.name | urlencode)] + + (_bond_parent_ids + | map('string') + | map('regex_replace','^(.*)$','parents=\1') + | list) + + (bond.mtu is defined | ternary(['mtu=' ~ (bond.mtu|string)], [])) + + (bond.mode is defined | ternary(['bond_mode=' ~ (bond.mode | urlencode)], [])) + + (_bond_create_native_vid is defined + | ternary(['vlan=' ~ (_bond_create_native_vid|string)], [])) + ) + | join('&') + }} + +- include_tasks: ../_auth_header.yml + when: not _bond_parents_match + +- name: "POST ?op=create_bond (only if needed) for {{ _inv_host_resolved }}" + when: not _bond_parents_match + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/?op=create_bond" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body: "{{ _create_bond_qs }}" + body_format: form-urlencoded + status_code: 200 + register: _bond_create_resp + changed_when: true +# no_log: true + +- name: Refresh interface facts (post create) + when: not _bond_parents_match + include_tasks: ../_refresh_iface_facts.yml + +- name: Re-resolve bond by name (after create) + set_fact: + _existing_bond_obj: "{{ _iface_by_name.get(bond.name, {}) }}" + +- name: Resolve bond by parents when name lookup fails + when: + - (_existing_bond_id | int) == 0 + - _bond_parent_names | length > 0 + set_fact: + _existing_bond_obj: >- + {{ + (_ifaces | selectattr('type','equalto','bond') | list) + | selectattr('parents','equalto', _bond_parent_names) + | first | default({}) + }} + +# 1) id + params first +- name: Cache normalized bond id + params + set_fact: + _existing_bond_id: "{{ _existing_bond_obj.id | default(0) | int }}" + _existing_params: "{{ _existing_bond_obj.params | default({}) }}" + +# 2) then derive fields from those +- name: Cache normalized bond fields + set_fact: + _existing_mtu: "{{ _existing_params.mtu | default(0) | int }}" + _existing_mode: "{{ _existing_params.bond_mode | default('') | string }}" + _existing_link_speed: "{{ _existing_bond_obj.link_speed | default(0) | int }}" + _existing_link_connected: "{{ _existing_bond_obj.link_connected | default(false) | bool }}" + +- name: Decide create/mtu/mode/speed update flags + set_fact: + _needs_bond_create: "{{ (_existing_bond_id | int) == 0 }}" + _needs_bond_mtu_update: "{{ (_existing_bond_id | int) > 0 and (_existing_mtu | int) != (bond.mtu | int) }}" + _needs_bond_mode_update: "{{ (_existing_bond_id | int) > 0 and (_existing_mode | string) != (bond.mode | default('') | string) }}" + _needs_bond_speed_update: >- + {{ + (_existing_bond_id | int) > 0 + and (_existing_link_connected | bool) + and ((_existing_link_speed | int) != (bond.link_speed | int | default(0))) + }} + +- name: Assemble bond update payload + set_fact: + _bond_update_payload: >- + {{ + dict() + | combine( {'mtu': (bond.mtu | int)} if _needs_bond_mtu_update else {} ) + | combine( {'bond_mode': bond.mode} if (_needs_bond_mode_update and (bond.mode | default('') | length > 0)) else {} ) + }} + +- include_tasks: ../_auth_header.yml + +- name: "PUT /interfaces/{id} (bond_mode/mtu) for {{ _inv_host_resolved }}" + when: + - (_existing_bond_id | int) > 0 + - (_bond_update_payload | length) > 0 + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/{{ _existing_bond_id }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body: "{{ _bond_update_payload }}" + body_format: form-urlencoded + status_code: 200 + register: _bond_base_update + changed_when: true + +# Optional: visibility when there's nothing to change +- name: No bond base update needed + when: + - (_existing_bond_id | int) > 0 + - (_bond_update_payload | length) == 0 + debug: + msg: "Bond {{ _existing_bond_id }} already has requested mtu/mode. No update." + +- name: Refresh interface facts (post base update) + when: + - (_existing_bond_id | int) > 0 + - (_bond_update_payload | length) > 0 + include_tasks: ../_refresh_iface_facts.yml + +# Only re-resolve if we actually updated anything +- name: Re-resolve bond after base update + when: (_bond_update_payload | length) > 0 + set_fact: + _existing_bond_obj: >- + {{ + ( + _ifaces + | selectattr('type', 'equalto', 'bond') + | selectattr('name', 'equalto', bond.name) + | list + ) | first | default(_existing_bond_obj) + }} + +- name: Re-cache normalized bond facts (fresh after base update) + when: + - (_existing_bond_id | int) > 0 + set_fact: + _existing_params: "{{ _existing_bond_obj.params | default({}) }}" + _existing_mtu: "{{ _existing_params.mtu | default(0) | int }}" + _existing_mode: "{{ _existing_params.bond_mode | default('') }}" + _existing_link_speed: "{{ _existing_bond_obj.link_speed | default(0) | int }}" + _existing_link_connected: "{{ _existing_bond_obj.link_connected | default(false) | bool }}" + +- name: Read link_connected for bond iface (normalized) + set_fact: + _bond_link_connected: "{{ _existing_link_connected | bool }}" + +- name: Decide if we need to update the link speed + set_fact: + _needs_bond_speed_update: >- + {{ + (_existing_bond_id | int) > 0 + and (_bond_link_connected | bool) + and ((_existing_link_speed | int) != (bond.link_speed | int | default(0))) + }} + +- include_tasks: ../_auth_header.yml + +- name: "PUT /interfaces/{id} (link_speed) for {{ _inv_host_resolved }}" + when: + - bond.link_speed is defined + - _bond_link_connected | bool + - (_existing_bond_id | int) > 0 + - _needs_bond_speed_update + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/{{ _existing_bond_id }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body: "link_speed={{ bond.link_speed }}" + body_format: form-urlencoded + status_code: 200 + register: _bond_speed_update + changed_when: true + +- name: Derive bond parent names (prefer explicit, else MAAS, else cache) + set_fact: + _bond_parent_names: >- + {{ + ( + bond.parents + | default(_existing_bond_obj.parents + | default(_iface_by_name[bond.name].parents | default([]))) + ) | sort + }} + +- name: Require bond parent names + assert: + that: + - _bond_parent_names | length > 0 + fail_msg: >- + Need parent names for {{ bond.name }}. Checked: + bond.parents, _existing_bond_obj.parents, and _iface_by_name[{{ bond.name }}].parents. + +- name: Collect parent VLAN ids for bond parents + set_fact: + _parent_vlan_ids: >- + {{ + _bond_parent_names + | map('extract', _iface_by_name) + | map(attribute='vlan') + | select('defined') + | map(attribute='id') + | list + }} + +- name: Unique-ify parent VLAN ids + set_fact: + _parent_vlan_ids_unique: "{{ _parent_vlan_ids | unique }}" + +- name: Decide target native VLAN id + set_fact: + _target_native_vlan_id: >- + {%- if bond is defined and bond.native_vlan_id is defined -%} + {{ bond.native_vlan_id | int }} + {%- elif bond is defined and bond.native_vid is defined and (bond.native_vid|string) in _vlan_lookup -%} + {{ _vlan_lookup[bond.native_vid|string].id | int }} + {%- elif (_parent_vlan_ids_unique | length) == 1 -%} + {{ (_parent_vlan_ids_unique | first) | int }} + {%- else -%} + {%- endif -%} + +- name: Compute need to change parent native VLANs + set_fact: + _need_parent_vlan_change: >- + {{ + (_target_native_vlan_id is defined) + and (_parent_vlan_ids | select('ne', _target_native_vlan_id | int) | list | length > 0) + }} + +- name: Fail if parents disagree and no target VLAN provided + fail: + msg: >- + Parents {{ _bond_parent_names }} have different native VLANs {{ _parent_vlan_ids_unique }}, + and no bond.native_vid/native_vlan_id was provided to reconcile them. + when: + - (_target_native_vlan_id is not defined) + - (_parent_vlan_ids_unique | length) > 1 + +- name: Parent native VLAN already correct; skipping updates + debug: + msg: >- + Parents {{ _bond_parent_names }} already on VLAN {{ _target_native_vlan_id }}; no change. + when: not _need_parent_vlan_change + +- name: Ensure bond parents have native VLAN set (only when needed) + include_tasks: ../machines/_set_parent_native.yml + loop: "{{ _bond_parent_names | map('extract', _iface_by_name) | map(attribute='id') | list }}" + loop_control: + loop_var: parent_id + label: "{{ parent_id }} → vlan {{ _target_native_vlan_id }}" + when: + - _need_parent_vlan_change + +# Refresh facts to see the parents’ new native VLAN +- name: Refresh interface facts (after setting parents’ native VLAN) + include_tasks: "_refresh_iface_facts.yml" + when: + - _need_parent_vlan_change + +# Re-resolve bond by name, else by parents (no item/loop) +- name: Re-resolve bond by name + set_fact: + _existing_bond_obj: "{{ _iface_by_name.get(bond.name, {}) }}" + +- name: Resolve bond by parents when name lookup fails (order-insensitive) + set_fact: + _existing_bond_obj: >- + {{ + ( + _ifaces + | selectattr('type','equalto','bond') + | selectattr('parents','defined') + | list + ) + | selectattr('parents', 'equalto', _bond_parent_names | sort) + | list + | first + | default({}) + }} + when: _existing_bond_obj | length == 0 + +- name: Re-cache normalized bond id (after final resolve) + set_fact: + _existing_bond_id: "{{ _existing_bond_obj.id | default(0) | int }}" + +- name: Gather VLAN vids already on {{ bond.name }} + set_fact: + _bond_existing_tagged_vids: >- + {{ + (_ifaces + | selectattr('type','equalto','vlan') + | selectattr('parents','defined') + | selectattr('parents','contains', bond.name) + | map(attribute='vlan') | select('defined') + | map(attribute='vid') | map('string') | list) + }} + +# (2) Desired tagged vids (EXCLUDING native) +- name: Compute desired vids + set_fact: + _bond_desired_tagged_vids: >- + {{ + (bond.tagged_vids | default([]) | map('string') | unique | list) + | difference([ (bond.native_vid | default('') | string) ]) + }} + +# (3) Missing tagged vids +- name: Compute missing vids + set_fact: + _bond_missing_tagged_vids: "{{ _bond_desired_tagged_vids | difference(_bond_existing_tagged_vids | default([])) }}" + +# (4) Create missing VLAN subinterfaces on the bond +- name: Create missing VLAN subinterfaces on {{ bond.name }} + include_tasks: ../_create_vlan_on_parent.yml + loop: "{{ _bond_missing_tagged_vids }}" + loop_control: + loop_var: vid + label: "{{ bond.name }} → VID {{ vid }}" + vars: + parent_id: "{{ _existing_bond_id | int }}" + vlan_id: "{{ _vlan_lookup[vid|string].id }}" + vid_label: "{{ vid|string }}" + system_id: "{{ _existing_bond_obj.system_id }}" + when: (_existing_bond_id | int) > 0 diff --git a/roles/maas/tasks/machines/_ensure_boot_iface.yml b/roles/maas/tasks/machines/_ensure_boot_iface.yml new file mode 100644 index 00000000..b2972ea0 --- /dev/null +++ b/roles/maas/tasks/machines/_ensure_boot_iface.yml @@ -0,0 +1,102 @@ +--- +# Expects: +# - desired_iface (from the loop item), with .prefix and boot:true +# - inv_host, _nodes, _node_system_id available in scope +# - hostvars[inv_host]["_mac"] defined (e.g., 25Gb_1_mac) + +# 1) Resolve prefix and MAC +- name: Resolve boot prefix from loop item + set_fact: + _boot_prefix: "{{ desired_iface.prefix }}" + +- name: Ensure _mac exists for boot NIC + assert: + that: + - _boot_prefix is defined + - hostvars[inv_host][_boot_prefix ~ '_mac'] is defined + fail_msg: "Missing {{ _boot_prefix }}_mac for {{ inv_host }}" + +- name: Normalize boot MAC + set_fact: + _boot_mac: "{{ hostvars[inv_host][_boot_prefix ~ '_mac'] | string | lower }}" + +# 2) Resolve node object from local _nodes (mapping or list) +- name: Resolve _node_obj from _nodes (no API call) + set_fact: + _node_obj: >- + {{ + (_nodes if (_nodes is mapping) + else ((_nodes | selectattr('system_id','equalto', _node_system_id) | list | first) | default({}, true))) + }} + +# 3) Build MAC→id map from that node’s interface_set (physical/bond only) +- name: Build MAC→id map from _nodes.interface_set + set_fact: + _node_mac_to_id: >- + {{ + dict( + ( + (_node_obj.interface_set | default([])) + | selectattr('type','in',['physical','bond']) + | map(attribute='mac_address') + | map('lower') | list + ) + | zip( + (_node_obj.interface_set | default([])) + | selectattr('type','in',['physical','bond']) + | map(attribute='id') | list + ) + ) + }} + +- name: Resolve desired boot interface id from _nodes by MAC + set_fact: + _desired_boot_iface_id: "{{ _node_mac_to_id.get(_boot_mac, 0) | int }}" + +- name: Fail if desired boot MAC not found in _nodes.interface_set + when: _desired_boot_iface_id | int == 0 + fail: + msg: >- + Could not map {{ _boot_prefix }}_mac={{ _boot_mac }} to an interface id in _nodes.interface_set + for {{ inv_host }} (system_id={{ _node_system_id }}). Refresh _nodes / re-commission the node. + +# 4) Read current boot interface id from the same _nodes payload +- name: Extract current boot interface id from _nodes + set_fact: + _current_boot_iface_id: >- + {{ + (_node_obj.boot_interface.id | int) + if (_node_obj is mapping + and _node_obj.boot_interface is defined + and _node_obj.boot_interface is mapping + and _node_obj.boot_interface.id is defined) + else 0 + }} + +# 5) Only POST if different +- include_tasks: ../_auth_header.yml + +- name: "Set boot interface to id={{ _desired_boot_iface_id }} (if different)" + when: + - _desired_boot_iface_id | int > 0 + - _current_boot_iface_id | int != _desired_boot_iface_id | int + uri: + url: "{{ _maas_api }}/machines/{{ _node_system_id }}/?op=set-boot-interface" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body_format: form-urlencoded + body: + id: "{{ _desired_boot_iface_id }}" + status_code: [200] + register: _set_boot_iface +# no_log: true + +- name: Note boot-interface outcome + debug: + msg: >- + Boot interface {{ (_current_boot_iface_id|int) == (_desired_boot_iface_id|int) + | ternary('unchanged', 'updated') }} + previous={{ _current_boot_iface_id }}, desired={{ _desired_boot_iface_id }} diff --git a/roles/maas/tasks/machines/_fetch_subnets_for_vlan.yml b/roles/maas/tasks/machines/_fetch_subnets_for_vlan.yml new file mode 100644 index 00000000..a74dbd36 --- /dev/null +++ b/roles/maas/tasks/machines/_fetch_subnets_for_vlan.yml @@ -0,0 +1,21 @@ +# Expects: vlan_id +# Produces/updates: _subnets_by_vlan (dict: { vlan_id: }) + +- include_tasks: _auth_header.yml + +- name: Query subnets for VLAN {{ vlan_id }} + uri: + url: "{{ maas_api_url }}/api/2.0/vlans/{{ vlan_id }}/?op=subnets" + method: GET + headers: + Authorization: "Bearer {{ _maas_auth.json.token }}" + return_content: true + register: _subnets_resp + +- name: Accumulate subnets into map + set_fact: + _subnets_by_vlan: >- + {{ + (_subnets_by_vlan | default({})) | + combine({ (vlan_id|string): (_subnets_resp.json | default([])) }) + }} diff --git a/roles/maas/tasks/machines/_fetch_vlans_for_fabric.yml b/roles/maas/tasks/machines/_fetch_vlans_for_fabric.yml new file mode 100644 index 00000000..84ed9ca2 --- /dev/null +++ b/roles/maas/tasks/machines/_fetch_vlans_for_fabric.yml @@ -0,0 +1,30 @@ +--- +# 1) Refresh MAAS auth header (new nonce) +- include_tasks: ../_auth_header.yml + +# 2) GET vlans for this fabric +- name: Read VLANs for fabric {{ fab.id }} + uri: + url: "{{ _maas_api }}/fabrics/{{ fab.id }}/vlans/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: yes + status_code: 200 + register: _vlans_this_fabric + +# 3) Merge into vid -> vlan-object map +- name: Merge VLANs from fabric {{ fab.id }} into _vlan_by_vid + set_fact: + _vlan_by_vid: >- + {{ + _vlan_by_vid + | combine( + dict( + (_vlans_this_fabric.json | map(attribute='vid') | list) + | zip(_vlans_this_fabric.json) + ), + recursive=True + ) + }} diff --git a/roles/maas/tasks/machines/_mark_broken.yml b/roles/maas/tasks/machines/_mark_broken.yml new file mode 100644 index 00000000..2a184176 --- /dev/null +++ b/roles/maas/tasks/machines/_mark_broken.yml @@ -0,0 +1,48 @@ +--- +# _mark_broken.yml (uses system_status; no GET/cache lookup) + +# Normalize status from the passed var (already computed upstream) +- name: Resolve current status from passed var + set_fact: + _maas_status_name: "{{ system_status | default('') | string }}" + +- block: + - name: Build mark_broken comment body + set_fact: + _mark_broken_body: "comment={{ ('Temp: editing NIC at ' ~ broken_at) | urlencode }}" + + # Refresh header again right before POST (avoids timestamp drift) + - include_tasks: ../_auth_header.yml + + - name: POST {{ inv_host }} ?op=mark_broken (with note) + when: _maas_status_name != 'Broken' + uri: + url: "{{ _maas_api }}/machines/{{ system_id }}/op-mark_broken" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body: "{{ _mark_broken_body }}" + body_format: form-urlencoded + status_code: [200, 403] # handle both; branch below + register: _mark_broken_resp + changed_when: "_maas_status_name != 'Broken' and _mark_broken_resp.status == 200" + failed_when: "_mark_broken_resp.status not in [200, 403]" + + - name: Remember that we marked {{ inv_host }} Broken + when: _maas_status_name != 'Broken' and _mark_broken_resp.status == 200 + set_fact: + _marked_broken: "{{ (hostvars['localhost']._marked_broken | default([])) + [ system_id ] }}" + delegate_to: localhost + changed_when: false + + - name: Remember that we failed to mark {{ inv_host }} broken + when: _maas_status_name != 'Broken' and _mark_broken_resp.status == 403 + set_fact: + _failed_to_mark_broken: "{{ (hostvars['localhost']._failed_to_mark_broken | default([])) + [ system_id ] }}" + delegate_to: localhost + changed_when: false + + # Skip if upstream says it's already Broken (and, if desired, skip Ready) + when: _maas_status_name not in ['Broken', 'Ready', 'New', 'Allocated'] diff --git a/roles/maas/tasks/machines/_plan_sets.yml b/roles/maas/tasks/machines/_plan_sets.yml new file mode 100644 index 00000000..c1cc75dd --- /dev/null +++ b/roles/maas/tasks/machines/_plan_sets.yml @@ -0,0 +1,53 @@ +--- +# 1) Normalize everything to SHORT names (no regex needed for MAAS) +- name: Normalize hostnames (ignore domains) + set_fact: + # Short names that exist in MAAS right now + _existing_names: >- + {{ + (maas_by_hostname | default({})) + | dict2items + | map(attribute='value.hostname') + | reject('equalto', None) + | list + }} + + # Short names from your inventory group + testnode_names: >- + {{ + groups.get('testnodes', []) + | map('extract', hostvars, 'inventory_hostname_short') + | reject('equalto', None) + | list + }} + + # Short names that must be excluded + maas_excluded_hosts: >- + {{ + ( + groups.get('maas_region_rack_server', []) + + groups.get('maas_db_server', []) + + groups.get('maas_dont_delete', []) + ) + | map('extract', hostvars, 'inventory_hostname_short') + | reject('equalto', None) + | unique + | list + }} + +# 2) Plan using SHORT names only +- name: Determine which hosts to create, update, and delete + set_fact: + _create_short: "{{ testnode_names | difference(_existing_names + maas_excluded_hosts) | list }}" + _delete_short: "{{ _existing_names | difference(testnode_names + maas_excluded_hosts) | list }}" + _update_short: "{{ (_existing_names | intersect(testnode_names)) | difference(maas_excluded_hosts) | list }}" + +# Plan: set IPMI creds for everything in create + update (short names) +- name: Build combined IPMI plan list (create + update) + set_fact: + _plan_ipmi: >- + {{ + ((_create_short | default([])) + (_update_short | default([]))) + | unique + | list + }} diff --git a/roles/maas/tasks/machines/_read_machines.yml b/roles/maas/tasks/machines/_read_machines.yml new file mode 100644 index 00000000..070f70c0 --- /dev/null +++ b/roles/maas/tasks/machines/_read_machines.yml @@ -0,0 +1,27 @@ +--- +- include_tasks: _auth_header.yml + +# Queries MAAS and builds maas_nodes_list + _with_names +- name: Read all machines from MAAS + uri: + url: "{{ _maas_api }}/machines/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: yes + status_code: 200 + register: _all_machines + no_log: true + +#- pause: + +- name: Parse MAAS machines JSON + set_fact: + maas_nodes_list: "{{ _all_machines.json | list }}" + +#- pause: + +- name: Keep only entries with hostname + set_fact: + _with_names: "{{ maas_nodes_list | selectattr('hostname', 'defined') | list }}" diff --git a/roles/maas/tasks/machines/_refresh_iface_facts.yml b/roles/maas/tasks/machines/_refresh_iface_facts.yml new file mode 100644 index 00000000..e5eade2a --- /dev/null +++ b/roles/maas/tasks/machines/_refresh_iface_facts.yml @@ -0,0 +1,108 @@ +--- +# Fresh auth (new nonce/timestamp) for every API call +#- name: Build OAuth header (fresh nonce/timestamp) +# include_tasks: ../_auth_header.yml + +## 1) Fetch all interfaces for this node +#- name: Read MAAS interfaces for this node +# uri: +# url: "{{ _maas_api }}/nodes/{{ _node_system_id }}/interfaces/" +# method: GET +# headers: +# Authorization: "{{ maas_auth_header }}" +# Accept: application/json +# return_content: true +# status_code: 200 +# register: _ifaces_resp + +## TODO: I think this is needed +- include_tasks: machines/_read_machines.yml + +#- pause: + +- include_tasks: machines/_build_indexes.yml + +#- pause: + +- name: Set raw interface list + set_fact: +# _ifaces: "{{ _ifaces_resp.json | default([]) }}" + _ifaces: "{{ maas_host_to_ifaces[host] }}" + +#- debug: var=_ifaces + +#- pause: + +# 2) Rebuild quick lookups +- name: Build interface lookup maps (by name, by id, by mac) + set_fact: + _iface_by_name: >- + {{ + dict( + (_ifaces | map(attribute='name') | list) + | zip(_ifaces | list) + ) + }} + _iface_id_by_name: >- + {{ + dict( + (_ifaces | map(attribute='name') | list) + | zip(_ifaces | map(attribute='id') | list) + ) + }} + _iface_id_by_mac: >- + {{ + dict( + ( + _ifaces + | selectattr('mac_address','defined') + | map(attribute='mac_address') + | map('lower') + | list + ) + | zip( + _ifaces + | selectattr('mac_address','defined') + | map(attribute='id') + | list + ) + ) + }} + +# 3) Index existing VLAN subinterfaces as (parent_id, vlan_id) pairs +- name: Init existing VLAN pair index + set_fact: + _existing_vlan_pairs: [] + +- name: Build existing VLAN pair index + set_fact: + _existing_vlan_pairs: >- + {{ + _existing_vlan_pairs + [ { + 'parent_id': (_iface_id_by_name.get(item.parents[0]) | int), + 'vlan_id': item.vlan.id, + 'iface_id': item.id, + 'name': item.name + } ] + }} + loop: "{{ _ifaces | selectattr('type','equalto','vlan') | list }}" + when: + - item.parents is defined + - (item.parents | length) > 0 + - item.vlan is defined + - item.vlan.id is defined + loop_control: + label: "{{ item.name | default(item.id) }}" + +# 4) Track current native VLAN per *parent* interface (physical/bond) +- name: Init native VLAN map + set_fact: + _native_by_parent: {} + +- name: Build native VLAN map (parent_id -> vlan_id or None) + set_fact: + _native_by_parent: "{{ _native_by_parent | combine({ (iface_for_vlan_map.id | int): (iface_for_vlan_map.vlan.id if iface_for_vlan_map.vlan is mapping else None) }) }}" + loop: "{{ _ifaces | rejectattr('type','equalto','vlan') | list }}" + loop_control: + loop_var: iface_for_vlan_map + label: "{{ iface_for_vlan_map.name | default(iface_for_vlan_map.id) }}" diff --git a/roles/maas/tasks/machines/_set_parent_native.yml b/roles/maas/tasks/machines/_set_parent_native.yml new file mode 100644 index 00000000..ccbfd255 --- /dev/null +++ b/roles/maas/tasks/machines/_set_parent_native.yml @@ -0,0 +1,17 @@ +--- +- include_tasks: ../_auth_header.yml + +- name: PUT vlan on parent {{ parent_id }} on {{ _inv_host_resolved }} + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/{{ parent_id }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/json + body_format: json + body: + vlan: "{{ _target_native_vlan_id | int }}" + status_code: [200, 201] + register: _put_parent_vlan + changed_when: _put_parent_vlan.status in [200, 201] diff --git a/roles/maas/tasks/machines/cleanup.yml b/roles/maas/tasks/machines/cleanup.yml new file mode 100644 index 00000000..e08b8c8b --- /dev/null +++ b/roles/maas/tasks/machines/cleanup.yml @@ -0,0 +1,56 @@ +# Ensure auth header for cleanup +- include_tasks: ../_auth_header.yml + +# Normalize unique list (in case the same node was handled twice) +- name: Normalize _marked_broken unique list + set_fact: + _marked_broken: "{{ _marked_broken | default([]) | unique }}" + run_once: true + delegate_to: localhost + +# Fetch current status for each before flipping (idempotent safeguard) +- name: GET node details before un-breaking + uri: + url: "{{ _maas_api }}/nodes/{{ sid }}/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + status_code: 200 + return_content: true + loop: "{{ _marked_broken | default([]) }}" + loop_control: + loop_var: sid + register: _cleanup_status + +- include_tasks: ../_auth_header.yml + +# Un-break only those still Broken +- name: POST op=mark_fixed + uri: + url: "{{ _maas_api }}/machines/{{ sid }}/op-mark_fixed" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body: "" + body_format: form-urlencoded + status_code: 200 + loop: >- + {{ + (_cleanup_status.results | default([])) + | selectattr('json.status_name','defined') + | selectattr('json.status_name','equalto','Broken') + | map(attribute='sid') | list + }} + loop_control: + loop_var: sid + register: _mark_fixed_resp + changed_when: true + +# Optional: clear the list so a later run doesn’t try to un-break again +- name: Clear shared _marked_broken list + set_fact: + _marked_broken: [] + run_once: true diff --git a/roles/maas/tasks/machines/create.yml b/roles/maas/tasks/machines/create.yml new file mode 100644 index 00000000..c6d73a60 --- /dev/null +++ b/roles/maas/tasks/machines/create.yml @@ -0,0 +1,36 @@ +--- +#- include_tasks: ../_resolve_host.yml + +- include_tasks: _auth_header.yml + +- name: Build machine create body + set_fact: + maas_create_body: >- + {{ + dict({ + 'hostname': host, + 'deployed': true, + 'architecture': desired_arch, + 'mac_addresses': mac_addresses + } + | combine( desired_domain is defined and {'domain': desired_domain} or {} )) + }} + +- name: machines create body for {{ host }} (system_id={{ system_id }}) + debug: + var: maas_create_body + +- name: Create machine in MAAS + uri: + url: "{{ _maas_api }}/machines/" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: "{{ maas_create_body }}" + status_code: 200 + register: create_result + changed_when: create_result.status in [200, 201] + notify: "Rebuild MAAS machine indexes" diff --git a/roles/maas/tasks/machines/delete.yml b/roles/maas/tasks/machines/delete.yml new file mode 100644 index 00000000..b92b27bf --- /dev/null +++ b/roles/maas/tasks/machines/delete.yml @@ -0,0 +1,6 @@ +--- +#- include_tasks: ../_resolve_host.yml + +- name: Would have deleted host {{ host }} + debug: + msg: "Would have deleted host {{ host }}" diff --git a/roles/maas/tasks/machines/set_ipmi_creds.yml b/roles/maas/tasks/machines/set_ipmi_creds.yml new file mode 100644 index 00000000..2dc537d4 --- /dev/null +++ b/roles/maas/tasks/machines/set_ipmi_creds.yml @@ -0,0 +1,79 @@ +--- +# Derive short hostname and base group (strip trailing digits) +- name: Prep IPMI secrets lookup context + set_fact: + _inv_short: "{{ hostvars[inv_host].inventory_hostname_short | default(inventory_hostname_short) }}" + _base_group: "{{ (hostvars[inv_host].inventory_hostname_short | default(inventory_hostname_short)) | regex_replace('\\d+$', '') }}" + +# Build candidates in priority order +- name: Build IPMI secrets candidate list + set_fact: + _ipmi_files: + - "{{ secrets_path }}/host_vars/{{ _inv_short }}.yml" + - "{{ secrets_path }}/group_vars/{{ _base_group }}.yml" + - "{{ secrets_path }}/ipmi.yml" + +# Load first found file (host_vars short -> group_vars/.yml -> ipmi.yml) +- name: Load IPMI secrets (first found) + include_vars: + file: "{{ lookup('first_found', {'files': _ipmi_files, 'skip': True}) }}" + name: ipmi_secrets + # add this if secrets live on the controller: + # delegate_to: localhost + +## Ensure required keys exist +#- name: Ensure IPMI user/pass are present from secrets +# assert: +# that: +# - ipmi_secrets is defined +# - ipmi_secrets.power_user is defined +# - ipmi_secrets.power_pass is defined +# fail_msg: >- +# Missing IPMI secrets for {{ inv_host }}. Looked in: {{ _ipmi_files }} +# +## Build payload using inventory IPMI address + secrets user/pass +#- name: Build power configuration payload +# set_fact: +# maas_power_payload: +# power_type: "ipmi" +# power_parameters_power_address: "{{ hostvars[inv_host].ipmi }}" +# power_parameters_power_user: "{{ ipmi_secrets.power_user }}" +# power_parameters_power_pass: "{{ ipmi_secrets.power_pass }}" +# power_parameters_power_boot_type: "{{ maas_power_boot_type|default('auto') }}" + +# Ensure creds exist +- name: Ensure IPMI user/pass are present from secrets + assert: + that: + - ipmi_secrets is defined + - ipmi_secrets.power_user is defined + - ipmi_secrets.power_pass is defined + fail_msg: >- + Missing IPMI secrets for {{ inv_host }}. Searched: {{ _ipmi_files }} + +# Build payload using inventory IPMI address + secrets user/pass +- name: Build power configuration payload + set_fact: + maas_power_payload: + power_type: "ipmi" + power_parameters_power_address: "{{ hostvars[inv_host].ipmi }}" + power_parameters_power_user: "{{ ipmi_secrets.power_user }}" + power_parameters_power_pass: "{{ ipmi_secrets.power_pass }}" + power_parameters_power_boot_type: "{{ maas_power_boot_type|default('efi') }}" + +- include_tasks: ../_auth_header.yml + +- name: "Set IPMI Credentials on {{ _inv_short }}" + uri: + url: "{{ _maas_api }}/machines/{{ system_id }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + Content-Type: application/x-www-form-urlencoded + body: "{{ maas_power_payload }}" + body_format: form-urlencoded + status_code: 200 + register: set_ipmi_creds_result + changed_when: set_ipmi_creds_result.status in [200, 201] +# no_log: true diff --git a/roles/maas/tasks/machines/update.yml b/roles/maas/tasks/machines/update.yml new file mode 100644 index 00000000..ccd2c1b3 --- /dev/null +++ b/roles/maas/tasks/machines/update.yml @@ -0,0 +1,187 @@ +--- +# roles/maas/tasks/machines/update.yml + +# 1) Fresh OAuth header (nonce/timestamp) +- name: Build OAuth header + include_tasks: _auth_header.yml + +# 2) Record node system_id for downstream includes +- name: Remember {{ inv_host }} = systemd id {{ system_id }} + set_fact: + _node_system_id: "{{ system_id }}" + +# 5) Initialize desired structures so later tasks never explode on undefined +# Load desired bonds & interfaces from group_vars +- name: Load desired bonds & interfaces from group_vars + set_fact: + _desired_bonds: "{{ hostvars[inv_host].maas_bonds | default([]) }}" + _desired_ifaces: "{{ hostvars[inv_host].maas_interfaces | default([]) }}" + +- include_tasks: machines/_refresh_iface_facts.yml + +- include_tasks: machines/_mark_broken.yml + when: system_status not in ['Broken', 'Ready', 'New', 'Allocated'] + +- name: Apply interfaces (native_vid + tagged_vids) + include_tasks: machines/_apply_one_iface.yml + loop: "{{ _desired_ifaces }}" + loop_control: + loop_var: desired_iface + label: "{{ desired_iface.prefix | default('(no prefix)') }}" + vars: + iface_obj: "{{ desired_iface }}" + +# 9) Ensure bonds (each include runs per bond; no block-looping) +- name: Ensure each bond + when: (_desired_bonds | default([])) | length > 0 + include_tasks: machines/_ensure_bond.yml + loop: "{{ _desired_bonds | default([]) }}" + loop_control: + loop_var: bond + label: "{{ bond.name | default('unnamed-bond') }}" + +# Ensure we have fresh auth + base url +- include_tasks: _auth_header.yml + +# Read all interfaces for this node +- name: Read machine interfaces (for subnet assignment) + uri: + url: "{{ _maas_api }}/nodes/{{ system_id }}/interfaces/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: yes + status_code: 200 + register: _ifaces_read +# no_log: true + +# INIT +- name: Init iface list (id, name, vlan_id) + set_fact: + _iface_rows: [] + +# Build iface list (id, name, vlan_id, type) — bonds, vlans, physical NICs +- name: Build iface list (id, name, vlan_id, type) + set_fact: + _iface_rows: "{{ _iface_rows + [ { + 'id': i.id, + 'name': i.name, + 'vlan_id': i.vlan.id, + 'type': i.type + } ] }}" + loop: >- + {{ + _ifaces_read.json + | selectattr('vlan', 'defined') + | selectattr('vlan.id', 'defined') + | selectattr('type', 'defined') + | selectattr('type', 'in', ['bond', 'vlan', 'physical']) + | list + }} + loop_control: + loop_var: i + +- include_tasks: _auth_header.yml + +# Fetch ALL subnets once (we'll group them locally) +- name: Read all subnets + uri: + url: "{{ _maas_api }}/subnets/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: yes + status_code: 200 + register: _all_subnets + no_log: true + +- name: Init subnets_by_vlan map + set_fact: + _subnets_by_vlan: {} + +# Build map: vlan_id -> [subnets...] +- name: Group subnets by VLAN id + set_fact: + _subnets_by_vlan: >- + {{ + _subnets_by_vlan | default({}) | combine({ + (s.vlan.id|string): + (_subnets_by_vlan.get(s.vlan.id|string, []) + [s]) + }) + }} + loop: "{{ _all_subnets.json | default([]) }}" + loop_control: + loop_var: s + when: s.vlan is defined and s.vlan.id is defined + +- debug: + var: _iface_rows +- pause: + +- name: Apply subnet assignment for each iface (bond/vlan/physical) + when: (_iface_rows | length) > 0 + include_tasks: machines/_apply_subnet.yml + loop: "{{ _iface_rows }}" + loop_control: + loop_var: row + vars: + iface: "{{ row }}" + candidate_subnets: "{{ _subnets_by_vlan.get(row.vlan_id|string, []) }}" + +#- name: Build iface list (id, name, vlan_id, type) — only bond/vlan +# set_fact: +# _iface_rows: "{{ _iface_rows + [ {'id': i.id, 'name': i.name, 'vlan_id': i.vlan.id, 'type': i.type} ] }}" +# loop: >- +# {{ +# _ifaces_read.json +# | selectattr('vlan','defined') +# | selectattr('vlan.id','defined') +# | selectattr('type','defined') +# | selectattr('type','in',['bond','vlan']) +# | list +# }} +# loop_control: +# loop_var: i +# +#- include_tasks: _auth_header.yml +# +## Fetch ALL subnets once (we'll group them locally) +#- name: Read all subnets +# uri: +# url: "{{ _maas_api }}/subnets/" +# method: GET +# headers: +# Authorization: "{{ maas_auth_header }}" +# Accept: application/json +# return_content: yes +# status_code: 200 +# register: _all_subnets +# no_log: true +# +#- name: Init subnets_by_vlan map +# set_fact: +# _subnets_by_vlan: {} +# +## Build map: vlan_id -> [subnets...] +#- name: Group subnets by VLAN id +# set_fact: +# _subnets_by_vlan: "{{ _subnets_by_vlan | default({}) | combine({ (s.vlan.id|string): ( _subnets_by_vlan.get(s.vlan.id|string, []) + [s] ) }) }}" +# loop: "{{ _all_subnets.json | default([]) }}" +# loop_control: +# loop_var: s +# when: s.vlan is defined and s.vlan.id is defined +# +#- debug: var=_iface_rows +#- pause: +# +#- name: Apply subnet assignment for each iface (bond/vlan only) +# when: (_iface_rows | length) > 0 +# include_tasks: machines/_apply_subnet.yml +# loop: "{{ _iface_rows }}" +# loop_control: +# loop_var: row +# vars: +# iface: "{{ row }}" +# candidate_subnets: "{{ _subnets_by_vlan.get(row.vlan_id|string, []) }}" diff --git a/roles/maas/tasks/main.yml b/roles/maas/tasks/main.yml new file mode 100644 index 00000000..db20838f --- /dev/null +++ b/roles/maas/tasks/main.yml @@ -0,0 +1,123 @@ +--- +# Playbook to install and configure MAAS +- name: Fail if not an Ubuntu system + fail: + msg: "This playbook only supports Ubuntu systems" + when: ansible_distribution != "Ubuntu" + +- name: Ensure system is up-to-date + apt: + update_cache: yes + upgrade: full + +# Install and configure the MAAS DB +- import_tasks: install_maasdb.yml + +# Install MAAS +- name: Install MAAS with Snap + snap: + name: maas + classic: yes + channel: "{{ maas_version }}/stable" + state: present + tags: install_maas + when: "maas_install_method == 'snap'" + register: maas_install_snap + +- name: Add MAAS apt repository + ansible.builtin.apt_repository: + repo: "ppa:maas/{{ maas_version }}" + tags: install_maas + when: "maas_install_method == 'apt'" + +- name: Install MAAS with Apt + ansible.builtin.apt: + name: maas + state: present + tags: install_maas + when: "maas_install_method == 'apt'" + register: maas_install_apt + +- name: Normalize install result + set_fact: + maas_install: "{{ maas_install_snap if maas_install_method == 'snap' else maas_install_apt }}" + changed_when: "(maas_install_method == 'apt' and maas_install_apt is defined and maas_install_apt.changed) or (maas_install_method == 'snap' and maas_install_snap is defined and maas_install_snap.changed)" + tags: install_maas + +# Initialize MAAS +- import_tasks: initialize_region_rack.yml + +- import_tasks: initialize_secondary_rack.yml + +# Logging into the MAAS API to use CLI +- name: Get API key + command: maas apikey --username={{ maas_admin_username }} + when: inventory_hostname in groups['maas_region_rack_server'] + tags: + - config_dhcp + - config_maas +# - machines + - config_dns + - config_ntp + - add_users + register: maas_api_key + +- name: Log into MAAS API + command: "maas login {{ maas_admin_username }} http://{{ hostvars[groups['maas_region_rack_server'].0]['ip'] }}:5240/MAAS/api/2.0/ {{ maas_api_key.stdout }}" + when: inventory_hostname in groups['maas_region_rack_server'] + tags: + - config_dhcp + - config_maas +# - machines + - config_dns + - config_ntp + - add_users + +# Configure MAAS +- import_tasks: config_maas.yml + +- import_tasks: api_auth_pretasks.yml + tags: + - always + - api + +# Configure Networks +- import_tasks: networking.yml + tags: + - networking + +# Configure NTP Service +- import_tasks: config_ntp.yml + +# Configure DNS Service +- import_tasks: config_dns.yml + +# Configure DHCP Service +- name: dhcp_configuration + include_tasks: config_dhcpd_subnet.yml + loop: "{{ dhcp_maas_subnets|dict2items }}" + loop_control: + loop_var: subnet + vars: + subnet_name: "{{ subnet.key }}" + subnet_data: "{{ subnet.value }}" + tags: config_dhcp + +# Add Machines into MAAS +- import_tasks: machines.yml + tags: machines + +# Add Users into MAAS +- import_tasks: add_users.yml + +# Logout from MAAS API +- name: Logout from MAAS + command: "maas logout {{ maas_admin_username }}" + tags: + - config_dhcp + - config_maas +# - machines + - config_dns + - config_ntp + - add_users + when: inventory_hostname in groups['maas_region_rack_server'] diff --git a/roles/maas/tasks/networking.yml b/roles/maas/tasks/networking.yml new file mode 100644 index 00000000..505a2f7b --- /dev/null +++ b/roles/maas/tasks/networking.yml @@ -0,0 +1,432 @@ +--- +# Prereqs (set by your own auth tasks): +# - maas_api_url: e.g. "http://10.64.1.25:5240" +# - maas_auth_header: OAuth 1.0 PLAINTEXT header string +# Inputs: +# - maas_networking: your fabric/vlan/subnet structure +# - maas_global_dns_servers: optional list of DNS servers +# - maas_global_primary_rack_controller: optional Controller *hostname* +# Rack Controller must be defined at the VLAN level if not defined globally. + +################################################################################ +# API base +################################################################################ +- name: Set MAAS API base URL + set_fact: + _maas_api: "{{ maas_api_url | trim('/') }}/MAAS/api/2.0" + +################################################################################ +# Inventory Validation +################################################################################ + +# --- Check for DHCP-enabled VLANs that are missing dynamic ip_ranges ---------- + +# Always init so the assert never sees an undefined var +- name: Init list of DHCP violations + set_fact: + _dhcp_missing_dynamic: [] + +- name: Build list of fabric/vlan pairs + set_fact: + _fabric_vlans: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" + +# Flag any VLAN with dhcp_on=true but no dynamic ranges on any of its subnets +- name: Find DHCP-enabled VLANs missing dynamic ranges + vars: + _vlan: "{{ item.1 }}" + _dyn_count: >- + {{ + (_vlan.subnets | default([])) + | selectattr('ip_ranges','defined') + | map(attribute='ip_ranges') + | flatten + | selectattr('type','equalto','dynamic') + | list + | length + }} + when: + - _vlan.dhcp_on | default(false) | bool + - (_dyn_count | int) == 0 + set_fact: + _dhcp_missing_dynamic: >- + {{ + (_dhcp_missing_dynamic | default([])) + + [ { 'fabric': item.0.fabric, 'vid': _vlan.vid, 'name': _vlan.name | default('') } ] + }} + loop: "{{ _fabric_vlans }}" + loop_control: + label: "{{ item.0.fabric }}:{{ item.1.vid }}" + +- name: Fail if any DHCP-enabled VLAN lacks a dynamic range + assert: + that: + - (_dhcp_missing_dynamic | default([])) | length == 0 + fail_msg: >- + DHCP is enabled but no dynamic range is defined on these VLANs: + {{ (_dhcp_missing_dynamic | default([])) | to_nice_json }} + +# --- Check for undefined primary rack controller per VLAN --------------------- + +# 1) Capture global if provided (and non-empty) +- name: Capture global primary rack controller id (if set) + set_fact: + _global_primary_rack_controller: "{{ maas_global_primary_rack_controller | string }}" + when: + - maas_global_primary_rack_controller is defined + - (maas_global_primary_rack_controller | string) | length > 0 + +# 2) If no global, ensure every VLAN declares primary_rack_controller +- name: Build list of VLANs missing primary_rack_controller (when no global set) + set_fact: + _vlans_missing_prc: | + {% set missing = [] %} + {% for pair in (maas_networking | subelements('vlans', skip_missing=True)) %} + {% set fab = pair[0] %} + {% set v = pair[1] %} + {% if v.primary_rack_controller is not defined or (v.primary_rack_controller | string) | length == 0 %} + {% set _ = missing.append(fab.fabric ~ ":VID " ~ (v.vid | string)) %} + {% endif %} + {% endfor %} + {{ missing }} + when: _global_primary_rack_controller is not defined + +- name: Require maas_global_primary_rack_controller or per-VLAN primary_rack_controller + assert: + that: + - (_global_primary_rack is defined) or (_vlans_missing_prc | length == 0) + fail_msg: >- + Missing primary rack controller configuration. + Either set 'maas_global_primary_rack_controller' or add 'primary_rack_controller' + on each VLAN. Missing for: + {{ (_vlans_missing_prc | default([])) | join('\n') }} + when: _global_primary_rack_controller is not defined + +################################################################################ +# Domains +################################################################################ +- name: Collect unique domains from maas_networking + set_fact: + _wanted_domains: >- + {{ + maas_networking + | map(attribute='vlans') | flatten + | map(attribute='subnets') | flatten + | selectattr('domain','defined') + | map(attribute='domain') + | list | unique + }} + +- include_tasks: _auth_header.yml +#- name: Read existing RCs +# uri: +# url: "{{ _maas_api }}/rackcontrollers/" +# method: GET +# headers: { Authorization: "{{ maas_auth_header }}" } +# return_content: true +# register: _domains_resp +# +#- pause: + +- name: Read existing domains + uri: + url: "{{ _maas_api }}/domains/" + method: GET + headers: { Authorization: "{{ maas_auth_header }}" } + return_content: true + register: _domains_resp + +- name: Index domains by name + set_fact: + _domains_by_name: "{{ (_domains_resp.json | default([])) | items2dict(key_name='name', value_name='id') }}" + +- name: Compute domains to create + set_fact: + _new_domains: "{{ _wanted_domains | difference((_domains_by_name.keys() | list)) }}" + +# _wanted_domains must be a real list (use the unique/flatten filter recipe) + +- name: Ensure desired domains exist + include_tasks: networking/domain_create.yml + loop: "{{ _new_domains }}" + loop_control: + loop_var: domain_name +# #no_log: true + +################################################################################ +# Spaces +################################################################################ +- name: Collect unique spaces from maas_networking + set_fact: + _wanted_spaces: >- + {{ + maas_networking + | map(attribute='vlans') | flatten + | map(attribute='subnets') | flatten + | selectattr('space','defined') + | map(attribute='space') + | list | unique + }} + +- include_tasks: _auth_header.yml + #no_log: true + +- name: Read existing spaces + uri: + url: "{{ _maas_api }}/spaces/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + use_netrc: false + register: _spaces_resp + #no_log: true + +- name: Index spaces by name + set_fact: + _spaces_by_name: "{{ (_spaces_resp.json | default([])) | items2dict(key_name='name', value_name='id') }}" + +- name: Compute spaces to create + set_fact: + _new_spaces: "{{ _wanted_spaces | difference((_spaces_by_name.keys() | list)) }}" + +- name: Ensure desired spaces exist + include_tasks: networking/space_create.yml + loop: "{{ _new_spaces }}" + loop_control: + loop_var: space_name + #no_log: true + +################################################################################ +# Fabrics +################################################################################ +- include_tasks: _auth_header.yml + #no_log: true + +- name: Read fabrics + uri: + url: "{{ _maas_api }}/fabrics/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + use_netrc: false + register: _fabrics_resp + #no_log: true + +- name: Index fabrics by name + set_fact: + _fabric_by_name: "{{ (_fabrics_resp.json | default([])) | items2dict(key_name='name', value_name='id') }}" + +- name: Collect desired fabric names from maas_networking + set_fact: + _wanted_fabrics: "{{ maas_networking | map(attribute='fabric') | list | unique }}" + +- name: Compute fabrics to create + set_fact: + _new_fabrics: "{{ _wanted_fabrics | difference((_fabric_by_name.keys() | list)) }}" + +- name: Ensure fabrics exist + include_tasks: networking/fabric_create.yml + loop: "{{ _new_fabrics }}" + loop_control: + loop_var: fabric_name + #no_log: true + +# Refresh fabrics after creates +- include_tasks: _auth_header.yml + #no_log: true + +- name: Refresh fabrics + uri: + url: "{{ _maas_api }}/fabrics/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + use_netrc: false + register: _fabrics_resp2 + #no_log: true + +- name: Re-index fabrics + set_fact: + _fabric_by_name: "{{ (_fabrics_resp2.json | default([])) | items2dict(key_name='name', value_name='id') }}" + +################################################################################ +# VLANs +################################################################################ +- name: Validate VLAN names + loop: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" + loop_control: + loop_var: item + assert: + that: + - item.1.name is match('^[a-z0-9-]+$') + fail_msg: "Invalid VLAN name '{{ item.1.name }}' — only lowercase letters and dashes are allowed." + +# Read VLANs per fabric (looped helper so each GET has fresh auth) +- name: init raw vlans holder + set_fact: + _vlans_raw_by_fabric: {} + +- name: Read VLANs for each fabric + include_tasks: networking/fabric_vlans_read.yml + loop: "{{ maas_networking }}" + loop_control: + loop_var: fab_obj + #no_log: true + +- name: Build VLAN index (first pass) + include_tasks: networking/vlan_build_index.yml + +- name: Create VLANs that are missing + vars: + _fname: "{{ pair.0.fabric }}" + vlan: "{{ pair.1 }}" + _vrec: "{{ _vlan_index.get(_fname, {}) }}" + # handle both string and int vid keys so creation works regardless of index build + _exists: "{{ (_vrec.get(vlan.vid | string) is not none) or (_vrec.get(vlan.vid) is not none) }}" + include_tasks: networking/vlan_create.yml + loop: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" + loop_control: + loop_var: pair + label: "{{ pair.0.fabric }}:{{ pair.1.vid }}" + when: not _exists + +# Refresh VLANs after creates (read again via helper) and rebuild index +- name: Reset raw vlans holder + set_fact: + _vlans_raw_by_fabric: {} + +- name: Re-read VLANs for each fabric + include_tasks: networking/fabric_vlans_read.yml + loop: "{{ maas_networking }}" + loop_control: + loop_var: fab_obj + +- name: Build VLAN index (second pass) + include_tasks: networking/vlan_build_index.yml + +################################################################################ +# Subnets (create/update DNS + ranges) BEFORE enabling VLAN DHCP +################################################################################ +# Build (fabric, vlan) pairs +- name: Build list of fabric/vlan pairs + set_fact: + _fabric_vlans: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" + +- name: Build list of (fabric, vlan, subnet) triples + set_fact: + _subnet_triples: | + {% set out = [] %} + {% for pair in _fabric_vlans %} + {% set fab = pair[0] %} + {% set vlan = pair[1] %} + {% for sn in vlan.subnets | default([]) %} + {% set _ = out.append([fab, vlan, sn]) %} + {% endfor %} + {% endfor %} + {{ out }} + +- name: Ensure subnets, DNS servers, and IP ranges + include_tasks: networking/subnet_apply.yml + vars: + trio: "{{ item }}" + loop: "{{ _subnet_triples }}" + loop_control: + label: "{{ item[0].fabric }} : VID {{ item[1].vid }} : {{ item[2].cidr }}" + +################################################################################ +# VLAN property updates (name/mtu/dhcp_on) AFTER ranges exist +################################################################################ +################################################################################ +# VLAN property updates (name/mtu/dhcp_on/space) AFTER ranges exist +################################################################################ + +## Resolve the VLAN id safely (handles string/int VID keys) +#- name: Resolve VLAN id for update +# vars: +# _fname: "{{ pair.0.fabric }}" +# vlan: "{{ pair.1 }}" +# set_fact: +# _vobj: >- +# {{ +# _vlan_index[_fname].get(vlan.vid|string) +# or _vlan_index[_fname].get(vlan.vid) +# }} +# _vlan_id: "{{ _vobj.id if (_vobj is defined and _vobj) else None }}" +# loop: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" +# loop_control: +# loop_var: pair +# label: "{{ pair.0.fabric }}:{{ pair.1.vid }}" +# +#- name: Ensure VLAN exists in index before updating +# assert: +# that: +# - _vlan_id is not none +# fail_msg: >- +# VLAN {{ pair.1.vid }} on fabric {{ pair.0.fabric }} not found in _vlan_index. +# Known VIDs: {{ _vlan_index[pair.0.fabric] | dict2items | map(attribute='key') | list }} +# loop: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" +# loop_control: +# loop_var: pair +# label: "{{ pair.0.fabric }}:{{ pair.1.vid }}" +# +## Build update body (name/mtu/space + dhcp_on only if we saw a dynamic range in inventory) +#- name: Build VLAN update body +# vars: +# _fname: "{{ pair.0.fabric }}" +# vlan: "{{ pair.1 }}" +# +# # unique space from subnets (if exactly one specified) +# _spaces_list: >- +# {{ +# (vlan.subnets | default([])) +# | selectattr('space','defined') +# | map(attribute='space') | list | unique +# }} +# _desired_space: "{{ _spaces_list[0] if (_spaces_list | length) == 1 else omit }}" +# +# # does inventory declare at least one dynamic range on any subnet of this VLAN? +# _has_dynamic_for_vlan: >- +# {{ +# (vlan.subnets | default([])) +# | selectattr('ip_ranges','defined') +# | map(attribute='ip_ranges') | flatten +# | selectattr('type','equalto','dynamic') +# | list | length > 0 +# }} +# set_fact: +# _body: >- +# {{ +# {'name': vlan.name} +# | combine( (vlan.mtu is defined) | ternary({'mtu': vlan.mtu}, {}), recursive=True ) +# | combine( (_desired_space is not none) | ternary({'space': _desired_space}, {}), recursive=True ) +# | combine( +# (vlan.dhcp_on | default(false) | bool and _has_dynamic_for_vlan) +# | ternary({'dhcp_on': true}, {}), recursive=True +# ) +# }} +# loop: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" +# loop_control: +# loop_var: pair +# label: "{{ pair.0.fabric }}:{{ pair.1.vid }}" + +## Do the actual VLAN update (expects _vlan_id and _body set by the two tasks above) +#- name: Call VLAN Update tasks +# include_tasks: networking/vlan_update.yml +# loop: "{{ maas_networking | subelements('vlans', skip_missing=True) | map('join', ':') | list }}" +# loop_control: +# label: "{{ item }}" + +- name: Call VLAN Update tasks + include_tasks: networking/vlan_update.yml + loop: "{{ maas_networking | subelements('vlans', skip_missing=True) }}" + loop_control: + loop_var: pair + label: "{{ pair.0.fabric }}:{{ pair.1.vid }}" + vars: + _fname: "{{ pair.0.fabric }}" + vlan: "{{ pair.1 }}" diff --git a/roles/maas/tasks/networking/domain_create.yml b/roles/maas/tasks/networking/domain_create.yml new file mode 100644 index 00000000..a4f37611 --- /dev/null +++ b/roles/maas/tasks/networking/domain_create.yml @@ -0,0 +1,22 @@ +--- +# Expects: _maas_api, maas_api_key, domain_name +# Builds a fresh OAuth header and creates the domain + +- include_tasks: ../_auth_header.yml +# no_log: true + +- uri: + url: "{{ _maas_api }}/domains/" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: + name: "{{ domain_name }}" + status_code: [200, 201, 409] + use_netrc: false + return_content: false + validate_certs: true + #no_log: true diff --git a/roles/maas/tasks/networking/fabric_create.yml b/roles/maas/tasks/networking/fabric_create.yml new file mode 100644 index 00000000..317747ea --- /dev/null +++ b/roles/maas/tasks/networking/fabric_create.yml @@ -0,0 +1,19 @@ +--- +# Expects: _maas_api, maas_api_key, fabric_name + +- include_tasks: ../_auth_header.yml + no_log: true + +- uri: + url: "{{ _maas_api }}/fabrics/" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: + name: "{{ fabric_name }}" + status_code: [200, 201, 409] + use_netrc: false + no_log: true diff --git a/roles/maas/tasks/networking/fabric_vlans_read.yml b/roles/maas/tasks/networking/fabric_vlans_read.yml new file mode 100644 index 00000000..1e6f212e --- /dev/null +++ b/roles/maas/tasks/networking/fabric_vlans_read.yml @@ -0,0 +1,20 @@ +--- +# Expects: _maas_api, maas_api_key, _fabric_by_name, fab_obj (with .fabric) + +- include_tasks: ../_auth_header.yml + no_log: true + +- uri: + url: "{{ _maas_api }}/fabrics/{{ _fabric_by_name[fab_obj.fabric] }}/vlans/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + use_netrc: false + register: _vlans_resp + no_log: true + +- set_fact: + _vlans_raw_by_fabric: "{{ _vlans_raw_by_fabric | combine({ fab_obj.fabric: (_vlans_resp.json | default([])) }, recursive=True) }}" + no_log: true diff --git a/roles/maas/tasks/networking/space_create.yml b/roles/maas/tasks/networking/space_create.yml new file mode 100644 index 00000000..144c206f --- /dev/null +++ b/roles/maas/tasks/networking/space_create.yml @@ -0,0 +1,19 @@ +--- +# Expects: _maas_api, maas_api_key, space_name + +- include_tasks: ../_auth_header.yml + no_log: true + +- uri: + url: "{{ _maas_api }}/spaces/" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: + name: "{{ space_name }}" + status_code: [200, 201, 409] + use_netrc: false + no_log: true diff --git a/roles/maas/tasks/networking/subnet_apply.yml b/roles/maas/tasks/networking/subnet_apply.yml new file mode 100644 index 00000000..b4290624 --- /dev/null +++ b/roles/maas/tasks/networking/subnet_apply.yml @@ -0,0 +1,355 @@ +--- +# Expects: trio=[fabric_obj, vlan_obj, subnet_obj], _vlan_index, _maas_api, maas_auth_header + +# 0) Validate input triple +- name: Verify triple input + assert: + that: + - trio is defined + - trio | length == 3 + fail_msg: "subnet_apply.yml expects trio=[fabric, vlan, subnet], got: {{ trio | default('undefined') }}" + +# 1) Unpack triple +- name: Extract fabric, vlan, and subnet + set_fact: + _fname: "{{ trio[0].fabric }}" + vlan: "{{ trio[1] }}" + subnet: "{{ trio[2] }}" + +# 2) Ensure VLAN exists in index & resolve its numeric id +- name: Ensure VLAN is present in index + assert: + that: + - _vlan_index[_fname] is defined + - _vlan_index[_fname][vlan.vid | string] is defined + fail_msg: >- + VLAN {{ vlan.vid }} not found in index for fabric {{ _fname }}. + Known vids here: {{ (_vlan_index.get(_fname, {}) | dict2items | map(attribute='key') | list) }} + +- name: Resolve VLAN object from index + set_fact: + _vobj: "{{ _vlan_index[_fname][vlan.vid | string] }}" + +- name: Extract VLAN numeric id + set_fact: + _vid: "{{ _vobj.id }}" + +# 3) Read subnets (global) and normalize to a list +- include_tasks: ../_auth_header.yml + no_log: true + +- name: Read subnets (global list) + uri: + url: "{{ _maas_api }}/subnets/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + use_netrc: false + register: _subnets_resp + no_log: true + +- name: Normalize subnets list + set_fact: + _subnets_list: >- + {{ + (_subnets_resp.json.subnets + if (_subnets_resp.json is mapping and 'subnets' in _subnets_resp.json) + else (_subnets_resp.json | default([]))) + }} + +# Find the existing subnet id by CIDR (none if missing) +- name: Extract existing subnet id by CIDR + set_fact: + _existing_subnet_id: >- + {{ + (_subnets_list + | selectattr('cidr','equalto', subnet.cidr) + | map(attribute='id') | list | first) + | default(none) + }} + +- name: Decide if subnet already exists + set_fact: + _subnet_exists: "{{ _existing_subnet_id is not none and (_existing_subnet_id|string)|length > 0 }}" + +# Working subnet id variable (may be set later by create) +- set_fact: + _subnet_id: "{{ _existing_subnet_id }}" + +# figure out the parent VLAN (we’re looping subelements('subnets'), so pair.0 is the VLAN) +- name: Resolve VLAN id for this subnet + set_fact: + _vlan_id: >- + {{ + ( + _vlan_index[pair.0.fabric][(pair.0.vid | string)].id + if (pair is defined and pair.0 is defined and pair.0.vid is defined) + else _vlan_index[_fname][(vlan.vid | string)].id + ) | string + }} + +#- name: Locate existing subnet by CIDR +# set_fact: +# _existing_subnet: "{{ (_subnets_resp.json | default([])) | selectattr('cidr','equalto', subnet.cidr) | list | first | default(none) }}" + +# 4) CREATE if missing +- name: Build subnet create body + set_fact: + _subnet_create_body: >- + {{ + {'cidr': subnet.cidr, 'vlan': _vid} + | combine( (subnet.gateway is defined) | ternary({'gateway_ip': subnet.gateway}, {}), recursive=True ) + | combine( (subnet.managed is defined) | ternary({'managed': subnet.managed|bool}, {}), recursive=True ) + }} + +- include_tasks: ../_auth_header.yml + when: not _subnet_exists + no_log: true + +- name: Create subnet (if missing) + uri: + url: "{{ _maas_api }}/subnets/" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: "{{ _subnet_create_body }}" + status_code: [200, 201, 409] + return_content: true + use_netrc: false + register: _subnet_create_resp + when: not _subnet_exists + no_log: true + +- name: Set final _subnet_id + set_fact: + _subnet_id: >- + {{ + ( + _existing_subnet_id + if _subnet_exists + else ( + _subnet_create_resp.json.id + if (_subnet_create_resp is defined and _subnet_create_resp.json is defined and _subnet_create_resp.json.id is defined) + else none + ) + ) + }} + +- name: Ensure _subnet_id is set (fallback lookup) + set_fact: + _subnet_id: >- + {{ + _subnet_id + if (_subnet_id is not none and (_subnet_id|string)|length > 0) + else ( + (_subnets_list + | selectattr('cidr','equalto', subnet.cidr) + | map(attribute='id') | list | first) | default(none) + ) + }} + +- include_tasks: ../_auth_header.yml + when: _subnet_id is none or (_subnet_id|string)|length == 0 + no_log: true + +- name: Re-read subnets (only if _subnet_id still missing) + uri: + url: "{{ _maas_api }}/subnets/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + use_netrc: false + register: _subnets_resp_refetch + when: _subnet_id is none or (_subnet_id|string)|length == 0 + no_log: true + +- name: Normalize subnets list (refetch) + set_fact: + _subnets_list: >- + {{ + (_subnets_resp_refetch.json.subnets + if (_subnets_resp_refetch is defined and _subnets_resp_refetch.json is mapping and 'subnets' in _subnets_resp_refetch.json) + else (_subnets_resp_refetch.json | default([]))) + }} + when: _subnets_resp_refetch is defined + +- name: Final fallback - derive _subnet_id from refetch + set_fact: + _subnet_id: >- + {{ + _subnet_id + if (_subnet_id is not none and (_subnet_id|string)|length > 0) + else ( + (_subnets_list + | selectattr('cidr','equalto', subnet.cidr) + | map(attribute='id') | list | first) | default(none) + ) + }} + +# 5) UPDATE if present +- name: Build subnet update body + set_fact: + _subnet_update_body: >- + {{ + {'cidr': subnet.cidr, 'vlan': _vid} + | combine( (subnet.gateway is defined) | ternary({'gateway_ip': subnet.gateway}, {}), recursive=True ) + | combine( (subnet.managed is defined) | ternary({'managed': subnet.managed|bool}, {}), recursive=True ) + }} +# {{ +# {} +# | combine( (subnet.gateway is defined) | ternary({'gateway_ip': subnet.gateway}, {}), recursive=True ) +# | combine( (subnet.managed is defined) | ternary({'managed': subnet.managed|bool}, {}), recursive=True ) +# }} + +- include_tasks: ../_auth_header.yml + when: _subnet_id is not none + no_log: true + +- name: Update subnet (if exists) + uri: + url: "{{ _maas_api }}/subnets/{{ _subnet_id }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: "{{ _subnet_update_body }}" + status_code: [200] + return_content: true + use_netrc: false + when: _subnet_id is not none and (_subnet_id|string)|length > 0 + +# 7) DNS servers +# DNS servers: prefer subnet.dns_servers[], else maas_global_dns_servers +- name: Choose DNS servers for this subnet + set_fact: + _dns_list: "{{ subnet.dns_servers | default(maas_global_dns_servers | default([])) | list }}" + +- include_tasks: ../_auth_header.yml + when: _dns_list | length > 0 and _subnet_id is not none and (_subnet_id|string)|length > 0 + no_log: true + +- name: Set DNS servers on subnet + uri: + url: "{{ _maas_api }}/subnets/{{ _subnet_id }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: "{{ {'dns_servers': _dns_list | join(' ')} }}" + status_code: [200] + use_netrc: false + when: _dns_list | length > 0 and _subnet_id is not none and (_subnet_id|string)|length > 0 + +# 8) IP ranges +# IP ranges (read from top-level /ipranges/, not /subnets/{id}/ipranges/) +- include_tasks: ../_auth_header.yml + when: + - _subnet_id is not none + - subnet.ip_ranges is defined + no_log: true + +- name: Read all ipranges (we'll filter by subnet) + uri: + url: "{{ _maas_api }}/ipranges/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + use_netrc: false + status_code: [200] + register: _all_ranges_resp + when: + - _subnet_id is not none + - subnet.ip_ranges is defined + +# Normalize payload so later tasks don’t depend on .json vs .content +- name: Normalize ipranges payload to a list + set_fact: + _ipranges_list: >- + {{ + _all_ranges_resp.json + if (_all_ranges_resp is defined and _all_ranges_resp.json is defined and _all_ranges_resp.json != '') + else (_all_ranges_resp.content | from_json) + }} + when: + - _subnet_id is not none + - subnet.ip_ranges is defined + - _all_ranges_resp is defined + +- name: Show _subnet_id and ipranges count + debug: + msg: + - "_subnet_id (int) = {{ _subnet_id | int }}" + - "ipranges total = {{ (_ipranges_list | default([])) | length }}" + when: + - _subnet_id is not none + - subnet.ip_ranges is defined + - _ipranges_list is defined + +- name: Build normalized ipranges list + set_fact: + _ipranges_normalized: | + {% set out = [] %} + {% for r in (_ipranges_list | default([])) %} + {% set sid = ((r.subnet.id if (r.subnet is mapping and 'id' in r.subnet) else r.subnet) | int) %} + {% set _ = out.append({ + 'id': r.id, + 'type': r.type, + 'start_ip': r.start_ip, + 'end_ip': r.end_ip, + 'computed_subnet_id': sid + }) %} + {% endfor %} + {{ out }} + when: + - _subnet_id is not none + - subnet.ip_ranges is defined + - _ipranges_list is defined + +- name: Filter normalized ipranges to this subnet (robust int compare) + set_fact: + _subnet_ranges_existing: | + {% set sid = _subnet_id | int %} + {% set out = [] %} + {% for r in (_ipranges_normalized | default([])) %} + {% if (r.computed_subnet_id | int) == sid %} + {% set _ = out.append(r) %} + {% endif %} + {% endfor %} + {{ out }} + when: + - _subnet_id is not none + - subnet.ip_ranges is defined + - _ipranges_normalized is defined + +- name: Create missing ranges + vars: + _exists: >- + {{ + (_subnet_ranges_existing | default([])) + | selectattr('type','equalto', ipr.type | default('reserved')) + | selectattr('start_ip','equalto', ipr.start_ip) + | selectattr('end_ip','equalto', ipr.end_ip) + | list | length > 0 + }} + include_tasks: subnet_range_create.yml + loop: "{{ subnet.ip_ranges | default([]) }}" + loop_control: + loop_var: ipr + label: "{{ ipr.type }} {{ ipr.start_ip }}-{{ ipr.end_ip }}" + when: + - _subnet_id is not none + - subnet.ip_ranges is defined + - not _exists diff --git a/roles/maas/tasks/networking/subnet_range_create.yml b/roles/maas/tasks/networking/subnet_range_create.yml new file mode 100644 index 00000000..577fcb8e --- /dev/null +++ b/roles/maas/tasks/networking/subnet_range_create.yml @@ -0,0 +1,225 @@ +--- +# Expects: _subnet_id, ipr (range spec with type/start_ip/end_ip), maas_auth_header, _subnet_ranges_existing +# Optional: maas_overwrite_ipranges (default: false) + +- name: Default overwrite flag + set_fact: + maas_overwrite_ipranges: "{{ maas_overwrite_ipranges | default(false) | bool }}" + +# Helper facts +- set_fact: + _ipr_type: "{{ ipr.type | default('reserved') }}" + _ipr_start: "{{ ipr.start_ip }}" + _ipr_end: "{{ ipr.end_ip }}" + _overlaps: [] + +# --- exact match detection (boolean, no None pitfalls) --- +- name: Compute exact-match flag for this subnet/type/span + vars: + _want_type: "{{ _ipr_type | string }}" + _want_start: "{{ _ipr_start | string }}" + _want_end: "{{ _ipr_end | string }}" + set_fact: + _exact_exists: >- + {{ + ( + (_subnet_ranges_existing | default([])) + | selectattr('type', 'equalto', _want_type) + | selectattr('start_ip', 'equalto', _want_start) + | selectattr('end_ip', 'equalto', _want_end) + | list | length + ) > 0 + }} + +# (optional) tiny debug so you can see it flip true/false +- name: Tiny debug so you can see it flip true/false + debug: + msg: + - "subnet_id: {{ _subnet_id }}" + - "existing ranges on this subnet: {{ _subnet_ranges_existing | length }}" + - "looking for: {{ _ipr_type }} {{ _ipr_start }}-{{ _ipr_end }}" + - "exact_exists={{ _exact_exists }}" + verbosity: 0 + +# --- overlap detection stays as you had it --- + +# Skip only when an exact already exists +- name: Skip create when exact range already exists + debug: + msg: "IP range already present ({{ _ipr_type }} {{ _ipr_start }}-{{ _ipr_end }}); skipping." + when: _exact_exists + +# Always define _overlaps, even if earlier overlap-compute tasks were skipped +- name: Ensure _overlaps is defined + set_fact: + _overlaps: "{{ _overlaps | default([]) }}" + +- include_tasks: ../_auth_header.yml + no_log: true + +- name: Read all ipranges (server truth) + uri: + url: "{{ _maas_api }}/ipranges/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + status_code: [200] + register: _ipr_read + no_log: true + +- name: Filter ipranges down to this subnet id + set_fact: + _subnet_ranges_existing: >- + {{ (_ipr_read.json | default([])) + | selectattr('subnet.id','equalto', _subnet_id) + | list }} + +# Build tuple/list forms of the new range once +- name: Compute tuple forms of new start/end + set_fact: + _new_start_t: "{{ _ipr_start | split('.') | map('int') | list }}" + _new_end_t: "{{ _ipr_end | split('.') | map('int') | list }}" + +# existing.start <= new.end AND existing.end >= new.start (inclusive) +- name: Accumulate overlaps for this subnet/type/span (inclusive, no ipaddr) + set_fact: + _overlaps: "{{ _overlaps + [r] }}" + loop: "{{ _subnet_ranges_existing | default([]) }}" + loop_control: + loop_var: r + when: + - (r.start_ip | split('.') | map('int') | list) <= _new_end_t + - (r.end_ip | split('.') | map('int') | list) >= _new_start_t + +- name: Debug overlaps (if any) + debug: + msg: + - "Overlaps (ids): {{ _overlaps | map(attribute='id') | list }}" + - "Overlaps (types): {{ _overlaps | map(attribute='type') | list }}" + - "Overlaps (spans): {{ _overlaps | map(attribute='start_ip') | list }} — {{ _overlaps | map(attribute='end_ip') | list }}" + when: _overlaps | length > 0 + +# Fail on overlapping ranges (unless overwrite enabled) +- name: Fail on overlapping ranges (unless overwrite enabled) + fail: + msg: >- + Requested {{ _ipr_type }} range {{ _ipr_start }}-{{ _ipr_end }} + overlaps existing ranges: + {{ (_overlaps | default([])) | map(attribute='start_ip') | list }} - {{ (_overlaps | default([])) | map(attribute='end_ip') | list }}. + Re-run with maas_overwrite_ipranges=true to replace them. + when: + - not _exact_exists + - (_overlaps | default([])) | length > 0 + - not maas_overwrite_ipranges + +- include_tasks: ../_auth_header.yml + no_log: true + +- name: Read this subnet to check for managed=true and dynamic range mismatch + uri: + url: "{{ _maas_api }}/subnets/{{ _subnet_id }}/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + status_code: [200] + register: _subnet_read + no_log: true + +- set_fact: + _server_subnet_managed: "{{ (_subnet_read.json.managed | default(false)) | bool }}" + +- name: Fail if subnet is unmanaged but a dynamic range is requested + fail: + msg: >- + Refusing to create a dynamic range on unmanaged subnet id={{ _subnet_id }} + ({{ _subnet_read.json.cidr }}). Set 'managed: true' on the subnet or use a + reserved range instead. Requested: {{ _ipr_type }} {{ _ipr_start }}-{{ _ipr_end }}. + when: + - _ipr_type == 'dynamic' + - not _server_subnet_managed + +# Delete overlapping ipranges before create +- include_tasks: ../_auth_header.yml + when: + - not _exact_exists + - (_overlaps | default([])) | length > 0 + - maas_overwrite_ipranges + no_log: true + +# before delete loop +- set_fact: + _overlap_ids: "{{ _overlaps | map(attribute='id') | list | unique | list }}" + +- name: Delete overlapping ipranges before create + uri: + url: "{{ _maas_api }}/ipranges/{{ ov_id }}/" + method: DELETE + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + status_code: [200, 204, 404] + return_content: false + loop: "{{ _overlap_ids }}" + loop_control: + loop_var: ov_id + label: "delete id={{ ov_id }}" + failed_when: false + when: + - (_overlaps | length) > 0 + - maas_overwrite_ipranges + - not _exact_exists + no_log: true + +- include_tasks: ../_auth_header.yml + no_log: true + +- name: Read all ipranges again (post-delete) + uri: + url: "{{ _maas_api }}/ipranges/" + method: GET + headers: + Authorization: "{{ maas_auth_header }}" + Accept: application/json + return_content: true + status_code: [200] + register: _ipr_read_after + no_log: true + +- name: Filter ipranges down to this subnet id (post-delete) + set_fact: + _subnet_ranges_existing: >- + {{ (_ipr_read_after.json | default([])) + | selectattr('subnet.id','equalto', _subnet_id) + | list }} + +- include_tasks: ../_auth_header.yml + when: + - not _exact_exists + - ((_overlaps | default([])) | length == 0) or maas_overwrite_ipranges + no_log: true + +- name: Create iprange + uri: + url: "{{ _maas_api }}/ipranges/" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: + subnet: "{{ _subnet_id | string }}" + type: "{{ _ipr_type | default('reserved') }}" + start_ip: "{{ _ipr_start }}" + end_ip: "{{ _ipr_end }}" + status_code: [200, 201, 409] + return_content: true + use_netrc: false + register: _range_create_resp + when: + - not _exact_exists + - ((_overlaps | default([])) | length == 0) or maas_overwrite_ipranges diff --git a/roles/maas/tasks/networking/vlan_build_index.yml b/roles/maas/tasks/networking/vlan_build_index.yml new file mode 100644 index 00000000..1b5ef98f --- /dev/null +++ b/roles/maas/tasks/networking/vlan_build_index.yml @@ -0,0 +1,22 @@ +--- +# Build `_vlan_index` as: { "": { "": } } + +# Start clean +- set_fact: + _vlan_index: {} + +# Expect `_vlans_raw_by_fabric` to be a dict like: +# { "tucson-qe": [ {vid: 1300, id: 5011, ...}, ... ], ... } +- name: Normalize VLAN index with string vid keys + set_fact: + _vlan_index: | + {% set out = {} %} + {% for it in (_vlans_raw_by_fabric | default({}) | dict2items) %} + {% set fname = it.key %} + {% set vlist = it.value | default([]) %} + {% set _ = out.update({ fname: {} }) %} + {% for v in vlist %} + {% set _ = out[fname].update({ (v.vid | string): v }) %} + {% endfor %} + {% endfor %} + {{ out }} diff --git a/roles/maas/tasks/networking/vlan_create.yml b/roles/maas/tasks/networking/vlan_create.yml new file mode 100644 index 00000000..9bd49cd3 --- /dev/null +++ b/roles/maas/tasks/networking/vlan_create.yml @@ -0,0 +1,32 @@ +--- +# Expects: _maas_api, maas_api_key, pair, _fabric_by_name +# pair.0 = fabric obj; pair.1 = vlan obj + +- include_tasks: ../_auth_header.yml + no_log: true + +- set_fact: + _fid: "{{ _fabric_by_name[pair.0.fabric] }}" + _vlan_create_body: >- + {{ + {'vid': pair.1.vid} + | combine( (pair.1.name is defined) | ternary({'name': pair.1.name}, {}), recursive=True ) + | combine( (pair.1.description is defined) | ternary({'description': pair.1.description}, {}), recursive=True ) + | combine( (pair.1.mtu is defined) | ternary({'mtu': pair.1.mtu}, {}), recursive=True ) + | combine( (pair.1.space is defined) | ternary({'space': pair.1.space}, {}), recursive=True ) + }} + +# NOTE: dhcp_on is not created here; we set it in the separate "vlan_update" task because +# ipranges must be created first. +- uri: + url: "{{ _maas_api }}/fabrics/{{ _fid }}/vlans/" + method: POST + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: "{{ _vlan_create_body }}" + status_code: [200, 201, 409] + return_content: true + use_netrc: false diff --git a/roles/maas/tasks/networking/vlan_update.yml b/roles/maas/tasks/networking/vlan_update.yml new file mode 100644 index 00000000..b42cda2d --- /dev/null +++ b/roles/maas/tasks/networking/vlan_update.yml @@ -0,0 +1,95 @@ +--- +# Expects: _fname, _fabric_by-name, vlan, _vlan_index, _body, _maas_api, maas_auth_header +# (_fname and vlan are often passed from the caller; we normalize if pair=* is used) + +- name: Normalize inputs + set_fact: + _fname: "{{ _fname | default(pair.0.fabric) }}" + _fid: "{{ _fabric_by_name[pair.0.fabric] }}" + vlan: "{{ vlan | default(pair.1) }}" + +- name: Ensure VLAN present in index + assert: + that: + - _vlan_index[_fname] is defined + - _vlan_index[_fname][vlan.vid | string] is defined + fail_msg: >- + VLAN {{ vlan.vid }} not found in index for fabric {{ _fname }}. + Known vids: {{ _vlan_index.get(_fname, {}) | dict2items | map(attribute='key') | list }} + +- name: Clear any stale per-VLAN variables + set_fact: + _vlan_id: "{{ none }}" + _vobj: "{{ none }}" + _prc_candidate: "" + _primary_rack_controller: "{{ none }}" + +- name: Resolve VLAN object + set_fact: + _vobj: "{{ _vlan_index[_fname][vlan.vid | string] }}" + +- name: And ID + set_fact: + _vlan_id: "{{ _vobj.id | string }}" + +# Set the Primary Rack Controller to the VLAN-level defined one. Otherwise empty string. +- name: Compute per-VLAN primary rack controller candidate + set_fact: + _prc_candidate: "{{ (vlan | default({})).get('primary_rack_controller') | default('', true) | string | trim }}" + +# Use the VLAN-level defined PRC discovered above or use the global one. +- name: Decide primary rack controller for this VLAN + set_fact: + _primary_rack_controller: "{{ _prc_candidate if (_prc_candidate | length) > 0 else (_global_primary_rack_controller | default(omit)) }}" + +- name: Build VLAN update body + vars: + _spaces_list: >- + {{ + (vlan.subnets | default([])) + | selectattr('space','defined') + | map(attribute='space') | list | unique + }} + _desired_space: "{{ _spaces_list[0] if (_spaces_list | length) == 1 else omit }}" + + _has_dynamic_for_vlan: >- + {{ + (vlan.subnets | default([])) + | selectattr('ip_ranges','defined') + | map(attribute='ip_ranges') | flatten + | selectattr('type','equalto','dynamic') + | list | length > 0 + }} + set_fact: + _vlan_update_body: >- + {{ + {'name': vlan.name} + | combine( (vlan.mtu is defined) | ternary({'mtu': vlan.mtu}, {}), recursive=True ) + | combine( (_desired_space is not none) | ternary({'space': _desired_space}, {}), recursive=True ) + | combine( + (vlan.dhcp_on | default(false) | bool and (_primary_rack_controller is defined)) + | ternary({'primary_rack': _primary_rack_controller}, {}), recursive=True + ) + | combine( + (vlan.dhcp_on | default(false) | bool and _has_dynamic_for_vlan) + | ternary({'dhcp_on': true}, {}), recursive=True + ) + }} + +- include_tasks: ../_auth_header.yml + no_log: true + +- name: Update VLAN properties + uri: + url: "{{ _maas_api }}/fabrics/{{ _fid }}/vlans/{{ vlan.vid }}/" + method: PUT + headers: + Authorization: "{{ maas_auth_header }}" + Content-Type: application/x-www-form-urlencoded + Accept: application/json + body_format: form-urlencoded + body: "{{ _vlan_update_body }}" + status_code: [200] + return_content: true + use_netrc: false + no_log: true diff --git a/roles/maas/tasks/networking_subnet.yml b/roles/maas/tasks/networking_subnet.yml new file mode 100644 index 00000000..8bcdf344 --- /dev/null +++ b/roles/maas/tasks/networking_subnet.yml @@ -0,0 +1,133 @@ +--- +# Expects: +# - _maas_api +# - maas_auth_header +# - _fabric_by_name +# - _vlan_index +# - trio (tuple: [fabric_obj, vlan_obj, subnet_obj]) + +- name: Unpack current triple + set_fact: + _fname: "{{ trio.0.fabric }}" + vlan: "{{ trio.1 }}" + subnet: "{{ trio.2 }}" + _vobj: "{{ _vlan_index[_fname][vlan.vid] }}" + _vid: "{{ _vobj.id }}" + +- name: Read existing subnets on VLAN + uri: + url: "{{ _maas_api }}/vlans/{{ _vid }}/subnets/" + method: GET + headers: { Authorization: "{{ maas_auth_header }}" } + return_content: true + register: _subnets_resp + +- name: Get existing subnet (by CIDR) if present + set_fact: + _existing_subnet: "{{ (_subnets_resp.json | default([])) | selectattr('cidr','equalto', subnet.cidr) | list | first | default(None) }}" + +- name: Build create body for subnet + set_fact: + _subnet_create_body: >- + {{ + {'cidr': subnet.cidr, 'vlan': _vid} + | combine( (subnet.gateway is defined) | ternary({'gateway_ip': subnet.gateway}, {}), recursive=True ) + | combine( (subnet.space is defined) | ternary({'space': subnet.space}, {}), recursive=True ) + | combine( (subnet.managed is defined) | ternary({'managed': subnet.managed|bool}, {}), recursive=True ) + }} + +- name: Create subnet if missing + when: _existing_subnet is none + uri: + url: "{{ _maas_api }}/subnets/" + method: POST + headers: { Authorization: "{{ maas_auth_header }}" } + body_format: form-urlencoded + body: "{{ _subnet_create_body }}" + status_code: [200, 201, 409] + return_content: true + +- name: Build update body for subnet + set_fact: + _subnet_update_body: >- + {{ + {} + | combine( (subnet.gateway is defined) | ternary({'gateway_ip': subnet.gateway}, {}), recursive=True ) + | combine( (subnet.space is defined) | ternary({'space': subnet.space}, {}), recursive=True ) + | combine( (subnet.managed is defined) | ternary({'managed': subnet.managed|bool}, {}), recursive=True ) + }} + +- name: Update subnet if exists + when: _existing_subnet is not none + uri: + url: "{{ _maas_api }}/subnets/{{ _existing_subnet.id }}/" + method: POST + headers: { Authorization: "{{ maas_auth_header }}" } + body_format: form-urlencoded + body: "{{ _subnet_update_body }}" + status_code: [200, 201] + return_content: true + +- name: Re-read subnets to get current subnet_id + uri: + url: "{{ _maas_api }}/vlans/{{ _vid }}/subnets/" + method: GET + headers: { Authorization: "{{ maas_auth_header }}" } + return_content: true + register: _subnets_after + +- name: Compute subnet id + set_fact: + _subnet_id: "{{ (_subnets_after.json | default([])) | selectattr('cidr','equalto', subnet.cidr) | map(attribute='id') | first }}" + +- name: Determine DNS servers for subnet (per-subnet or global) + set_fact: + _dns_list: "{{ subnet.dns_servers | default(maas_global_dns_servers | default([])) | list }}" + +- name: Set DNS servers on subnet when provided + when: _dns_list | length > 0 + uri: + url: "{{ _maas_api }}/subnets/{{ _subnet_id }}/" + method: POST + headers: { Authorization: "{{ maas_auth_header }}" } + body_format: form-urlencoded + body: "{{ {'dns_servers': _dns_list | join(' ')} }}" + status_code: [200, 201] + +- name: Ensure IP ranges on subnet (if any) + when: subnet.ip_ranges is defined + block: + - name: Read existing ranges + uri: + url: "{{ _maas_api }}/subnets/{{ _subnet_id }}/ipranges/" + method: GET + headers: { Authorization: "{{ maas_auth_header }}" } + return_content: true + register: _ranges_resp + + - name: Create/ensure each range (by type/start/end) + vars: + ipr_body: >- + {{ + {'type': ipr.type | default('reserved'), + 'start_ip': ipr.start_ip, + 'end_ip': ipr.end_ip} + }} + exists: >- + {{ + (_ranges_resp.json | default([])) + | selectattr('type','equalto', ipr.type | default('reserved')) + | selectattr('start_ip','equalto', ipr.start_ip) + | selectattr('end_ip','equalto', ipr.end_ip) + | list | first | default(None) + }} + when: exists is none + uri: + url: "{{ _maas_api }}/subnets/{{ _subnet_id }}/ipranges/" + method: POST + headers: { Authorization: "{{ maas_auth_header }}" } + body_format: form-urlencoded + body: "{{ ipr_body }}" + status_code: [200, 201, 409] + loop: "{{ subnet.ip_ranges }}" + loop_control: { loop_var: ipr } diff --git a/roles/maas/templates/arm_uefi.j2 b/roles/maas/templates/arm_uefi.j2 new file mode 100644 index 00000000..0b0baa73 --- /dev/null +++ b/roles/maas/templates/arm_uefi.j2 @@ -0,0 +1,27 @@ +{{ '{{' }}if debug{{ '}}' }}set debug="all"{{ '{{' }}endif{{ '}}' }} +set default="0" +set timeout=0 + +menuentry 'Local' { + echo 'Booting local disk...' + # This is the default bootloader location according to the UEFI spec. + search --set=root --file /efi/boot/bootaa64.efi + if [ $? -eq 0 ]; then + chainloader /efi/boot/bootaa64.efi + boot + fi + +{% set distros = ["rocky", "centos", "ubuntu"] %} + +{% for item in distros %} + + search --set=root --file /efi/{{ item }}/grubaa64.efi + if [ $? -eq 0 ]; then + chainloader /efi/{{ item }}/grubaa64.efi + boot + fi + +{% endfor %} + # If no bootloader is found exit and allow the next device to boot. + exit +} diff --git a/roles/maas/templates/dhcpd.classes.snippet.j2 b/roles/maas/templates/dhcpd.classes.snippet.j2 new file mode 100644 index 00000000..b9cbad65 --- /dev/null +++ b/roles/maas/templates/dhcpd.classes.snippet.j2 @@ -0,0 +1,8 @@ + {% if subnet_data.classes is defined -%} + {% for class_name, class_string in subnet_data.classes.items() -%} + class "{{ class_name }}" { + {{ class_string }}; + } + + {% endfor -%} + {%- endif -%} diff --git a/roles/maas/templates/dhcpd.global.snippet.j2 b/roles/maas/templates/dhcpd.global.snippet.j2 new file mode 100644 index 00000000..027b09be --- /dev/null +++ b/roles/maas/templates/dhcpd.global.snippet.j2 @@ -0,0 +1,5 @@ +{% for item in dhcp_maas_global %} +{% for key, value in item.items() %} +{{ key }} {{ value }}; +{% endfor %} +{% endfor %} diff --git a/roles/maas/templates/dhcpd.hosts.snippet.j2 b/roles/maas/templates/dhcpd.hosts.snippet.j2 new file mode 100644 index 00000000..d1d80135 --- /dev/null +++ b/roles/maas/templates/dhcpd.hosts.snippet.j2 @@ -0,0 +1,16 @@ + {% for host in groups['all'] | sort | unique -%} + {% if hostvars[host][subnet_data.macvar] is defined -%} + {% if hostvars[host][subnet_data.ipvar] | ansible.utils.ipaddr(subnet_data.cidr) -%} + host {{ host.split('.')[0] }}-{{ subnet_name }} { + {% if hostvars[host]['domain_name_servers'] is defined -%} + option domain-name-servers {{ hostvars[host]['domain_name_servers']|join(', ') }}; + {% endif -%} + hardware ethernet {{ hostvars[host][subnet_data.macvar] }}; + fixed-address {{ hostvars[host][subnet_data.ipvar] }}; + {% if hostvars[host]['dhcp_option_hostname'] is defined and hostvars[host]['dhcp_option_hostname'] == true %} + option host-name "{{ host.split('.')[0] }}"; + {% endif -%} + } + {% endif -%} + {% endif -%} + {% endfor -%} diff --git a/roles/maas/templates/dhcpd.pools.snippet.j2 b/roles/maas/templates/dhcpd.pools.snippet.j2 new file mode 100644 index 00000000..2d7af057 --- /dev/null +++ b/roles/maas/templates/dhcpd.pools.snippet.j2 @@ -0,0 +1,23 @@ + {% if subnet_data.pools is defined -%} + {% for pool, pool_value in subnet_data.pools.items() -%} + pool { + {% if pool == "unknown_clients" -%} + allow unknown-clients; + {% else -%} + allow members of "{{ pool }}"; + {% endif -%} + {% if pool_value.range is string -%} + range {{ pool_value.range }}; + {% else -%} + range {{ pool_value.range|join(';\n range ') }}; + {% endif -%} + {% if pool_value.next_server is defined -%} + next-server {{ pool_value.next_server }}; + {% endif -%} + {% if pool_value.filename is defined -%} + filename "{{ pool_value.filename }}"; + {% endif -%} + } + + {% endfor -%} + {%- endif -%} diff --git a/roles/nameserver/README.rst b/roles/nameserver/README.rst new file mode 100644 index 00000000..85ac3d37 --- /dev/null +++ b/roles/nameserver/README.rst @@ -0,0 +1,260 @@ +nameserver +========== + +This role is used to set up and configure a very basic **internal** BIND DNS server. + +This role has only been tested on CentOS 7.2 using BIND9. + +It does the following: + +- Installs and updates necessary packages +- Enables and configures firewalld +- Manages named.conf and BIND daemon config +- Manages forward and reverse DNS records + +Prerequisites ++++++++++++++ + +- CentOS 7.2 + +Variables ++++++++++ +Most variables are defined in ``roles/nameserver/defaults/main.yml`` and values are chosen to support our Sepia_ lab. They can be overridden in the ``secrets`` repo. + ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|Variable |Description | ++========================================================+===========================================================================================================================+ +|``packages: []`` |A list of packages to install that is specific to the role. The list is defined in ``roles/nameserver/vars/packages.yml`` | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_dir: "/var/named"`` |BIND main configuration directory. Defined in ``roles/nameserver/defaults/main.yml`` | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_file: "/etc/named.conf"`` |BIND main configuration file. This is the default CentOS path. Defined in ``roles/nameserver/defaults/main.yml`` | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_data_dir: "/var/named/data"`` |BIND data directory. named debug output and statistics are stored here. Defined in ``roles/nameserver/defaults/main.yml``| ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_listen_port: 53`` |Port BIND should listen on. Defined in ``roles/nameserver/defaults/main.yml`` | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|:: | | +| | | +| named_conf_listen_iface: |Interface(s) BIND should listen on. This defaults to listen on all IPv4 interfaces Ansible detects for the nameserver. | +| - 127.0.0.1 |Defined in ``roles/nameserver/defaults/main.yml`` | +| - "{{ ansible_all_ipv4_addresses[0] }}" | | +| | | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_zones_path: "/var/named/zones"`` |Path to BIND zone files. Defined in ``roles/nameserver/defaults/main.yml`` | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|:: |named daemon options. Writes to ``/etc/sysconfig/named``. Defined in ``roles/nameserver/defaults/main.yml`` | +| | | +| named_conf_daemon_opts: [] | | +| | | +| # Example for IPv4 support only: | | +| named_conf_daemon_opts: "-4" | | +| | | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|:: |Values used to populate corresponding settings in each zone file's SOA record | +| |Defined in ``roles/nameserver/defaults/main.yml`` | +| named_conf_soa_ttl: 3600 | | +| named_conf_soa_refresh: 3600 | | +| named_conf_soa_retry: 3600 | | +| named_conf_soa_expire: 604800 | | +| | | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|:: |Desired primary nameserver and admin e-mail for each zone file. Defined in the secrets repo | +| | | +| named_conf_soa: [] | | +| | | +| # Example: | | +| named_conf_soa: "ns1.example.com. admin.example.com." | | +| | | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_recursion: "no"`` |Define whether recursion should be allowed or not. Defaults to "no". Override in Ansible inventory as a hostvar. | +| | | +| |**NOTE:** Setting to "yes" will add ``allow-recursion { any; }``. See To-Do. | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|:: |A list of nameservers BIND should forward external DNS queries to. This is not required but should be defined in | +| |``ansible/inventory/group_vars/nameserver.yml`` if desired. | +| named_forwarders: | | +| - 8.8.8.8 | | +| - 1.1.1.1 | | +| | | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_slave: true`` |Will configure the server as a DNS slave if true. This variable is not required but should be set to true in the hostvars | +| |if desired. | +| | | +| |**NOTE:** You must also set ``named_conf_master`` if ``named_conf_slave`` is true. See below. | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``named_conf_master: "1.2.3.4"`` |Specifies the master server's IP which zones should be transferred from. Define in hostvars. | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|:: |A list of hosts or subnets you want to allow zone transfers to. This variable is not required but should be defined in | +| |hostvars if you wish. BIND allows AXFR transfers to anywhere by default. | +| named_conf_allow_axfr: | | +| - localhost |See http://www.zytrax.com/books/dns/ch7/xfer.html#allow-transfer. | +| - 1.2.3.4 | | +| | | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|``ddns_keys: {}`` |A dictionary defining each Dynamic DNS zone's authorized key. See **Dynamic DNS** below. Defined in an encrypted file in | +| |the secrets repo | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ + +**named_domains: []** + +The ``named_domains`` dictionary is the bread and butter of creating zone files. It is in standard YAML syntax. Each domain (key) must have ``forward``, ``ipvar``, and ``dynamic`` defined. ``ipvar`` can be set to ``NULL``. Optional values include ``miscrecords``, ``reverse``, and ``ddns_hostname_prefixes``. + +``forward`` + The domain of the forward lookup zone for each domain (key) + +``ipvar`` + The variable assigned to a system in the Ansible inventory. This allows systems to have multiple IPs assigned for a front and ipmi network, for example. See **Inventory Example** below. + +``dynamic`` + Specifies whether the parent zone/domain should allow Dynamic DNS records. See **Dynamic DNS** below for more information. + +``ddns_hostname_prefixes`` + This should be a list of dynamic hostname prefixes you don't want overwritten if a zone/domain has static and dynamic records. See **Dynamic DNS** below. + +``miscrecords`` + Records to add to corresponding ``forward`` zone file. This is a good place for CNAMEs and MX records and records for hosts you don't have in your Ansible inventory. If your main nameserver is in a subdomain, you should create its glue record here. See example. + +``reverse`` + This should be a list of each reverse lookup IP C-Block address corresponding to the domain (key). See example. + +**Example**:: + + named_domains: + example.com: + ipvar: NULL + dynamic: false + forward: example.com + miscrecords: + - www IN A 8.8.8.8 + - www IN TXT "my www host" + - ns1.private IN A 192.168.0.1 + private.example.com: + ipvar: ip + dynamic: true + ddns_hostname_prefixes: + - dyn + forward: private.example.com + miscrecords: + - mail IN MX 192.168.0.2 + - email IN CNAME mail + reverse: + - 192.168.0.0 + - 192.168.1.0 + - 192.168.2.0 + mgmt.example.com: + ipvar: mgmt + dynamic: false + forward: mgmt.example.com + reverse: + - 192.168.10.0 + - 192.168.11.0 + - 192.168.12.0 + ddns.example.com: + ipvar: NULL + dynamic: true + forward: ddns.example.com + +Inventory ++++++++++ +This role will create forward and reverse DNS records for any host defined in your Ansible inventory when given an IP address assigned to a variable matching ``ipvar`` in ``named_domains``. + +Using the ``named_domains`` example above and inventory below, forward *and reverse* records for ``ns1.private.example.com``, ``tester050.private.example.com``, and ``tester050.mgmt.example.com`` would be created. + +**Example**:: + + [nameserver] + ns1.private.example.com ip=192.168.0.1 + + [testnodes] + tester050.private.example.com ip=192.168.1.50 mgmt=192.168.11.50 + +**Note:** Hosts in inventory with no IP address defined will not have records created and should be added to ``miscrecords`` in ``named_domains``. + +Dynamic DNS ++++++++++++ +If you wish to use the Dynamic DNS feature of this role, you should generate an HMAC-MD5 keypair using dnssec-keygen_ for each zone you want to be able to dynamically update. The key generated should be pasted in the ``secret`` value of the ``ddns_keys`` dictionary for the corresponding domain. + +**Example**:: + + $ dnssec-keygen -a HMAC-MD5 -b 512 -n USER ddns.example.com + Kddns.example.com.+157+57501 + $ cat Kddns.example.com.+157+57501.key + ddns.example.com. IN KEY 0 3 157 LxFSAiBgKYtsTTV/hjaK7LNdsbk19xQv0ZY9xLtrpdIWhf2S4gurD5GJ JjP9N8bnlCPKc7zVy+JcBYbSMSsm2A== + + # In {{ secrets_path }}/nameserver.yml + --- + ddns_keys: + ddns.example.com: + secret: "LxFSAiBgKYtsTTV/hjaK7LNdsbk19xQv0ZY9xLtrpdIWhf2S4gurD5GJ JjP9N8bnlCPKc7zVy+JcBYbSMSsm2A==" + +``roles/nameserver/templates/named.conf.j2`` loops through each domain in ``named_domains``, checks whether ``dynamic: true`` and if so, then loops through ``ddns_keys`` and matches the secret key to the domain. + +These instructions assume you'll either have one host updating DNS records or you'll be sharing the resulting key. Clients can use nsupdate_ to update the nameserver. Configuring that is outside the scope of this role. + +You can have two types of Dynamic DNS zones: + + 1. A pure dynamic DNS zone with no static A records + 2. A mixed zone consisting of both dynamic and static records + +For a mixed zone, you must specify ``ddns_hostname_prefixes`` under the domain in ``named_domains`` else your dynamic records will be overwritten each time the records task is run. **Example**:: + + named_domains: + private.example.com: + forward: private.example.com + ipvar: ip + dynamic: true + ddns_hostname_prefixes: + - foo + ddns.example.com: + forward: ddns.example.com + ipvar: NULL + dynamic: true + +In the example above, a dynamic hostname of ``foo001.private.example.com`` will be saved and restored at the end of the records task. If you *dynamically* added a hostname of ``bar001.private.example.com`` however, the records task will remove it. Do not create static hostnames in your ansible inventory using any of the prefixes in ``ddns_hostname_prefixes`` or you'll end up with duplicates in the zone file. + +The records task will not modify the ddns.example.com zone file. + +For our upstream test lab's purposes, this allows us to combine static and dynamic records in our ``front.sepia.ceph.com`` domain so teuthology_'s ``lab_domain`` variable can remain unchanged. + +This role also configures DNS slaves to accept DDNS updates and will forward them to the master using the ``allow-update-forwarding`` parameter in ``/etc/named.conf``. This is particularly useful in our Sepia lab since our master server can't send ``NOTIFY`` messages directly to the slave. + +**NOTE:** Reverse zone Dynamic DNS is not supported at this time. + +Tags +++++ + +packages + Install *and update* packages + +config + Configure and restart named service (if config changes) + +firewall + Enable firewalld and allow dns traffic + +records + Compiles and writes forward and reverse zone files using ``named_domains`` and Ansible inventory + +Dependencies +++++++++++++ + +This role depends on the following roles: + +secrets + Provides a var, ``secrets_path``, containing the path of the secrets repository, a tree of Ansible variable files. + +sudo + Sets ``ansible_sudo: true`` for this role which causes all the plays in this role to execute with sudo. + +To-Do ++++++ + +- Allow additional user-defined firewall rules +- DNSSEC +- Add support for specifying networks to allow recursion from + +.. _Sepia: https://ceph.github.io/sepia/ +.. _dnssec-keygen: https://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/man.dnssec-keygen.html +.. _nsupdate: https://linux.die.net/man/8/nsupdate +.. _teuthology: http://docs.ceph.com/teuthology/docs/siteconfig.html?highlight=lab_domain diff --git a/roles/nameserver/defaults/main.yml b/roles/nameserver/defaults/main.yml new file mode 100644 index 00000000..c4dc0a5f --- /dev/null +++ b/roles/nameserver/defaults/main.yml @@ -0,0 +1,27 @@ +--- +# These defaults are present to allow certain tasks to no-op if a secrets repo +# hasn't been defined. If you want to override these, do so in the secrets repo +# itself. We override these in $repo/ansible/inventory/group_vars/nameserver.yml +secrets_repo: + name: null + url: null + +# Main BIND conf vars +named_conf_dir: "/var/named" +named_conf_file: "/etc/named.conf" +named_conf_data_dir: "/var/named/data" +named_conf_listen_port: 53 +named_conf_listen_iface: + - 127.0.0.1 + - "{{ ansible_all_ipv4_addresses[0] }}" +named_conf_zones_path: "/var/named/zones" +named_conf_daemon_opts: "" +named_conf_recursion: "no" # Allow recursion? [yes|no] + +# Zone file conf vars +named_conf_soa_ttl: 3600 +named_conf_soa_refresh: 3600 +named_conf_soa_retry: 3600 +named_conf_soa_expire: 604800 + +ddns_keys: {} diff --git a/roles/nameserver/handlers/main.yml b/roles/nameserver/handlers/main.yml new file mode 100644 index 00000000..248f51cf --- /dev/null +++ b/roles/nameserver/handlers/main.yml @@ -0,0 +1,12 @@ +--- +# Restart for config file updates +- name: restart named + service: + name: named + state: restarted + +# Reload for zone file updates +- name: reload named + service: + name: named + state: reloaded diff --git a/roles/nameserver/meta/main.yml b/roles/nameserver/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/nameserver/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/nameserver/tasks/config.yml b/roles/nameserver/tasks/config.yml new file mode 100644 index 00000000..9e0fe3ab --- /dev/null +++ b/roles/nameserver/tasks/config.yml @@ -0,0 +1,39 @@ +--- +- name: Create named data directory + file: + path: "{{ named_conf_data_dir }}" + state: directory + owner: named + group: named + +- name: Create named.conf + template: + src: named.conf.j2 + dest: "{{ named_conf_file }}" + validate: named-checkconf %s + notify: restart named + +- name: Apply named daemon options + lineinfile: + dest: /etc/sysconfig/named + regexp: '^OPTIONS=' + line: "OPTIONS=\"{{ named_conf_daemon_opts }}\"" + state: present + create: True + notify: restart named + +- name: Configure SELinux to allow named to write to master zone files + seboolean: + name: named_write_master_zones + state: yes + persistent: yes + when: + - ansible_selinux.status is defined + - ansible_selinux.status == "enabled" + +# Helps prevent accidental DoS +- name: Double maximum configured connections + sysctl: + name: net.nf_conntrack_max + value: 131072 + state: present diff --git a/roles/nameserver/tasks/firewall.yml b/roles/nameserver/tasks/firewall.yml new file mode 100644 index 00000000..6ed628ad --- /dev/null +++ b/roles/nameserver/tasks/firewall.yml @@ -0,0 +1,13 @@ +--- +- name: Enable firewalld + service: + name: firewalld + enabled: yes + state: started + +- name: Allow incoming DNS traffic + firewalld: + service: dns + permanent: true + immediate: yes + state: enabled diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml new file mode 100644 index 00000000..a5bdf258 --- /dev/null +++ b/roles/nameserver/tasks/main.yml @@ -0,0 +1,80 @@ +--- +- name: Include secrets + include_vars: "{{ item }}" + no_log: true + with_first_found: + - "{{ secrets_path | mandatory }}/nameserver.yml" + - empty.yml + tags: + - always + +# Install and update system packages +- import_tasks: packages.yml + tags: + - packages + +- name: Enable and start ntpd + service: + name: ntpd + state: started + enabled: yes + tags: + - always + +# DDNS updates fail to create or edit jnl files without this +- name: Ensure permissions set for "{{ named_conf_zones_path }}" + file: + path: "{{ named_conf_zones_path }}" + mode: '0700' + state: directory + owner: named + group: named + tags: + - always + +# Configure firewalld +- import_tasks: firewall.yml + tags: + - firewall + +# Configure BIND +- import_tasks: config.yml + tags: + - config + +# Compile and write zone files +- import_tasks: records.yml + tags: + - records + when: (named_conf_slave is undefined) or + (named_conf_slave is defined and named_conf_slave == false) + +# The tasks below are last so the grep output is near the end of the play +- set_fact: + have_collisions: true + when: + - (named_conf_slave is undefined) or (named_conf_slave is defined and named_conf_slave == false) + - nameserver_collisions_grep is defined and nameserver_collisions_grep.stdout | length > 0 + tags: + - records + +- name: Print IP collisions + debug: + msg: + - "WARNING: The following IP addresses have multiple records in DNS. Check for IP collisions!" + - "Either re-run this playbook with '-vvv' or `grep -r -w {{ inventory_dir }}/{{ lab_name }} {{ inventory_dir }}/group_vars/nameserver.yml` for the IPs below." + - "{{ nameserver_collisions_grep.stdout_lines }}" + when: have_collisions is defined and have_collisions|bool + tags: + - records + +- name: grep duplicated IPs in ansible inventory + local_action: + module: command + cmd: "grep -r -w {{ item }} {{ inventory_dir }}/{{ lab_name }} {{ inventory_dir }}/group_vars/nameserver.yml" + become: false + connection: local + with_items: "{{ nameserver_collisions_grep.stdout_lines }}" + when: have_collisions is defined and have_collisions|bool + tags: + - records diff --git a/roles/nameserver/tasks/packages.yml b/roles/nameserver/tasks/packages.yml new file mode 100644 index 00000000..7c9fd503 --- /dev/null +++ b/roles/nameserver/tasks/packages.yml @@ -0,0 +1,24 @@ +--- +- name: Include nameserver package list + include_vars: packages_redhat.yml + when: ansible_os_family == "RedHat" + +- name: Include nameserver package list + include_vars: packages_suse.yml + when: ansible_os_family == "Suse" + +- name: Install and update packages via yum + yum: + name: "{{ packages }}" + state: latest + enablerepo: epel + when: ansible_pkg_mgr == "yum" + +- name: Install and update packages via zypper + zypper: + name: "{{ packages }}" + state: latest + update_cache: yes + when: ansible_pkg_mgr == "zypper" + tags: + - packages diff --git a/roles/nameserver/tasks/records.yml b/roles/nameserver/tasks/records.yml new file mode 100644 index 00000000..556aba35 --- /dev/null +++ b/roles/nameserver/tasks/records.yml @@ -0,0 +1,126 @@ +--- +# Creating reverse records requires ansible_version.major >=2 +# to use the skip_missing flag of with_subelements +# https://github.com/ansible/ansible/issues/9827 +- name: Bail if local ansible version is older than v2.0 + assert: + that: "{{ ansible_version.major }} >= 2" + +- name: Create zone file path + file: + path: "{{ named_conf_zones_path }}" + state: directory + +- name: Set named_serial variable + set_fact: + named_serial: "{{ ansible_date_time.epoch }}" + +- name: Create non-existent forward zone files for dynamic domains + template: + src: forward.j2 + dest: "{{ named_conf_zones_path }}/{{ item.key }}" + validate: named-checkzone {{ item.key }} %s + # only write if zone file doesn't already exist + # this makes sure we don't clobber ddns records + force: no + with_dict: "{{ named_domains }}" + notify: reload named + when: item.value.dynamic == true + +# We store new zone files in a temp directory because it takes ansible minutes +# to write all the files. If we prevented DDNS updates while they were +# getting written, there's a good chance some updates would get refused. +# We copy these to named_conf_zones_path at the end. +- name: Create temporary directory for zone files + command: "mktemp -d" + register: named_tempdir + +- name: Write forward zone files to tempdir + template: + src: forward.j2 + dest: "{{ named_tempdir.stdout }}/{{ item.key }}" + validate: named-checkzone {{ item.key }} %s + with_dict: "{{ named_domains }}" + notify: reload named + # Don't write zone files for pure dynamic zones + when: (item.value.dynamic != true) or + (item.value.dynamic == true and item.value.ddns_hostname_prefixes is defined) + +- name: grep temp zone files for IP collisions + shell: 'grep -E -o -h "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" {{ named_tempdir.stdout }}/* | sort | uniq -d' + register: nameserver_collisions_grep + when: (named_conf_slave is undefined) or + (named_conf_slave is defined and named_conf_slave == false) + +- name: Write reverse zone files to tempdir + template: + src: reverse.j2 + dest: "{{ named_tempdir.stdout }}/{{ item.1 }}" + validate: named-checkzone {{ item.1 }} %s + with_subelements: + - "{{ named_domains }}" + - reverse + - flags: + skip_missing: True + notify: reload named + +# This makes sure dynamic DNS records in the journal files are in sync with the +# actual zone files so we can store them in the next 2 steps. +- name: Sync Dynamic DNS journals with zone files + command: "rndc sync -clean {{ item.key }}" + with_dict: "{{ named_domains }}" + when: item.value.dynamic == true and + item.value.ddns_hostname_prefixes is defined + # Don't fail if there is no journal file + failed_when: false + +# Prevents dynamic DNS record updates so we can capture current DDNS records +# and move our new zone files into place without them getting overwritten. +- name: Freeze Dynamic DNS zones to prevent updates + command: "rndc freeze {{ item.key }}" + register: freeze_output + with_dict: "{{ named_domains }}" + when: item.value.dynamic == true and + item.value.ddns_hostname_prefixes is defined + failed_when: (freeze_output.rc != 0) and ("no matching zone" not in freeze_output.stderr) + +- name: Spit existing dynamic A records into new/temp forward zone file + shell: "grep -E '^({% for prefix in item.value.ddns_hostname_prefixes %}{{ prefix }}{% if not loop.last %}|{% endif %}{% endfor %})[0-9]+\\s+A' {{ named_conf_zones_path }}/{{ item.key }} >> {{ named_tempdir.stdout }}/{{ item.key }}" + with_dict: "{{ named_domains }}" + when: item.value.dynamic == true and + item.value.ddns_hostname_prefixes is defined + # Don't fail if there are no records to store + failed_when: false + +- name: Move all new/temp zone files to actual zone file dir + shell: "mv -vf {{ named_tempdir.stdout }}/* {{ named_conf_zones_path }}/" + +# Re-run setup module to update ansible_date_time.epoch +- name: + setup: + +- name: Set new_named_serial variable + set_fact: + new_named_serial: "{{ ansible_date_time.epoch }}" + +# Since ansible takes a while to write the new/temp zone files, it is likely +# a DDNS record update incremented the serial so the original named_serial is +# too old. We replace it here to be safe. +- name: Overwrite zone file serial number + shell: "sed -i 's/{{ named_serial }}/{{ new_named_serial }}/g' {{ named_conf_zones_path }}/*" + +# Context is incorrect due to the files being written to a temp directory first +- name: Restore SELinux context on zone files + command: "restorecon -r {{ named_conf_zones_path }}" + +# This re-enables dynamic DNS record updates +- name: Thaw frozen zone files + shell: "rndc thaw {{ item.key }}" + with_dict: "{{ named_domains }}" + when: item.value.dynamic == true and + item.value.ddns_hostname_prefixes is defined + +- name: Clean up temp dir + file: + path: "{{ named_tempdir.stdout }}" + state: absent diff --git a/roles/nameserver/templates/forward.j2 b/roles/nameserver/templates/forward.j2 new file mode 100644 index 00000000..5ce8c2e7 --- /dev/null +++ b/roles/nameserver/templates/forward.j2 @@ -0,0 +1,36 @@ +{% set domain = item.key %} +{% if item.value.ipvar is defined and item.value.ipvar.0 is defined %} +{% set ipvar = item.value.ipvar %} +{% endif %} +; +; {{ ansible_managed }} +; +$TTL {{ named_conf_soa_ttl }} +@ IN SOA {{ named_conf_soa }} ( + {{ named_serial }} ; Serial + {{ named_conf_soa_refresh }} ; Refresh + {{ named_conf_soa_retry }} ; Retry + {{ named_conf_soa_expire }} ; Expire + {{ named_conf_soa_ttl }} ; TTL + ) + +{% for nameserver in groups['nameserver'] %} + IN NS {{ nameserver }}. +{% endfor %} + +$ORIGIN {{ domain }}. + +{% if item.value.miscrecords is defined %} +{% for record in item.value.miscrecords %} +{{ record }} +{% endfor %} +{% endif %} + +{% if item.value.ipvar is defined and item.value.ipvar.0 is defined %} +{% for host in groups['all'] %} +{% if hostvars[host][ipvar] is defined %} +{% set ipaddr = hostvars[host][ipvar] %} +{{ hostvars[host]['inventory_hostname_short'] }} IN A {{ hostvars[host][ipvar] }} +{% endif %} +{% endfor %} +{% endif %} diff --git a/roles/nameserver/templates/named.conf.j2 b/roles/nameserver/templates/named.conf.j2 new file mode 100644 index 00000000..ffccc228 --- /dev/null +++ b/roles/nameserver/templates/named.conf.j2 @@ -0,0 +1,101 @@ +# +# {{ ansible_managed }} +# + +options { + listen-on port {{ named_conf_listen_port }} { {% for interface in named_conf_listen_iface -%}{{ interface }}; {% endfor -%} }; + + directory "{{ named_conf_dir }}"; + dump-file "{{ named_conf_data_dir }}/cache_dump.db"; + statistics-file "{{ named_conf_data_dir }}/named_stats.txt"; + memstatistics-file "{{ named_conf_data_dir }}/named_mem_stats.txt"; + + allow-query { any; }; + recursion {{ named_conf_recursion }}; +{% if named_conf_recursion == "yes" %} + allow-recursion { any; }; +{% endif %} +{% if named_forwarders is defined %} + forwarders { {% for forwarder in named_forwarders -%}{{ forwarder }}; {% endfor -%} }; +{% endif %} +{% if named_conf_allow_axfr is defined %} + allow-transfer { {% for ip in named_conf_allow_axfr -%}{{ ip }}; {% endfor -%} }; +{% endif %} + +{% if named_conf_slave is defined and named_conf_slave == true %} + ## Slave-specific config + # Set these in case named_conf_soa vars are lower than the BIND default. + # Forces refresh and retries at the specified intervals. + min-refresh-time {{ named_conf_soa_refresh }}; + max-refresh-time {{ named_conf_soa_refresh }}; + min-retry-time {{ named_conf_soa_retry }}; + max-retry-time {{ named_conf_soa_retry }}; + notify master-only; +{% endif %} +}; + +logging { + channel default_debug { + file "{{ named_conf_data_dir }}/named.run"; + severity dynamic; + }; +}; + +# Dynamic DNS +{% for key, zone in named_domains.items() %} +{% if zone.dynamic == true %} +{% for domain, values in ddns_keys.items() %} +{% if key == domain %} +key "{{ key }}" { + algorithm {{ values.algorithm|default('hmac-md5') }}; + secret "{{ values.secret }}"; +}; +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} + +# Forward zones +{% for key, zone in named_domains.items() %} +zone "{{ key }}" { +{% if named_conf_slave is defined and named_conf_slave == true %} + type slave; + file "{{ named_conf_dir }}/slaves/{{ key }}"; + masters { {{ named_conf_master }}; }; +{% if zone.dynamic == true %} + allow-update-forwarding { key "{{ key }}"; }; +{% endif %} +{% else %} + type master; + file "{{ named_conf_zones_path }}/{{ key }}"; +{% if zone.dynamic == true %} + allow-update { key "{{ key }}"; }; +{% endif %} +{% endif %} +}; + +{% endfor %} + +# Reverse zones +{% for key, zone in named_domains.items() %} +{% if zone.reverse is defined and zone.reverse.0 is defined %} +{% for reverse in zone.reverse %} +{% if ansible_env._ == "/usr/bin/python3" %} +{% set octet1,octet2,octet3,_ = reverse.split('.') %} +{% else %} +{% set octet1,octet2,octet3 = reverse.split('.') %} +{% endif %} +zone "{{ octet3 }}.{{ octet2 }}.{{ octet1 }}.in-addr.arpa" { +{% if named_conf_slave is defined and named_conf_slave == true %} + type slave; + file "{{ named_conf_dir }}/slaves/{{ reverse }}"; + masters { {{ named_conf_master }}; }; +{% else %} + type master; + file "{{ named_conf_zones_path }}/{{ reverse }}"; +{% endif %} +}; + +{% endfor %} +{% endif %} +{% endfor %} diff --git a/roles/nameserver/templates/reverse.j2 b/roles/nameserver/templates/reverse.j2 new file mode 100644 index 00000000..6d6e82a0 --- /dev/null +++ b/roles/nameserver/templates/reverse.j2 @@ -0,0 +1,30 @@ +{% set zone = item.1 %} +{% set domain = item.0.forward %} +{% set ipvar = item.0.ipvar %} +; +; {{ ansible_managed }} +; +$TTL {{ named_conf_soa_ttl }} +@ IN SOA {{ named_conf_soa }} ( + {{ named_serial }} ; Serial + {{ named_conf_soa_refresh }} ; Refresh + {{ named_conf_soa_retry }} ; Retry + {{ named_conf_soa_expire }} ; Expire + {{ named_conf_soa_ttl }} ; TTL + ) + +{% for nameserver in groups['nameserver'] %} + IN NS {{ nameserver }}. +{% endfor %} + +; Reverse zone {{ zone }} belongs to forward zone {{ domain }} + +{% for host in groups['all'] %} +{% if hostvars[host][ipvar] is defined %} +{% set octet1,octet2,octet3,octet4 = hostvars[host][ipvar].split('.') %} +{% set cutip = octet1 + '.' + octet2 + '.' + octet3 %} +{% if cutip == zone %} +{{ octet4 }} IN PTR {{ hostvars[host]['inventory_hostname_short'] }}.{{ domain }}. +{% endif %} +{% endif %} +{% endfor %} diff --git a/roles/nameserver/vars/empty.yml b/roles/nameserver/vars/empty.yml new file mode 100644 index 00000000..c6f9b195 --- /dev/null +++ b/roles/nameserver/vars/empty.yml @@ -0,0 +1,7 @@ +--- +# This is empty on purpose. Used as the last line +# when using include_vars with with_first_found when +# the var file might not exist. +# +# Maybe related issue: +# https://github.com/ansible/ansible/issues/10000 diff --git a/roles/nameserver/vars/packages_redhat.yml b/roles/nameserver/vars/packages_redhat.yml new file mode 100644 index 00000000..ee3222fd --- /dev/null +++ b/roles/nameserver/vars/packages_redhat.yml @@ -0,0 +1,19 @@ +--- +packages: + ## misc tools + - vim + - wget + - mlocate + - git + - redhat-lsb-core + ## bind-specific packages + - bind + - bind-utils + ## firewall + - firewalld + ## monitoring + - nrpe + - nagios-plugins-all + ## for NTP + - ntp + - ntpdate diff --git a/roles/nameserver/vars/packages_suse.yml b/roles/nameserver/vars/packages_suse.yml new file mode 100644 index 00000000..341e68ff --- /dev/null +++ b/roles/nameserver/vars/packages_suse.yml @@ -0,0 +1,21 @@ +--- +packages: + ## misc tools + - vim + - wget + - mlocate + - git + - lsb + ## bind-specific packages + - bind + - bind-utils + ## firewall + - firewalld + ## monitoring + - nrpe + - nagios-plugins-all + ## for NTP + - ntp + #- ntpdate + # do we really need selinux on opensuse? + - python-selinux diff --git a/roles/nsupdate_web/README.rst b/roles/nsupdate_web/README.rst new file mode 100644 index 00000000..59ffb9f4 --- /dev/null +++ b/roles/nsupdate_web/README.rst @@ -0,0 +1,15 @@ +nsupdate-web +============ + +This role sets up `nsupdate-web `_ for updating dynamic DNS records. + +To use the role, you must first have: + +- A DNS server supporting `RFC 2136 `_. We use `bind `_ and the `nameserver` role to help configure ours. +- Key files stored in the location pointed to by `keys_dir` + +You must set the following vars. Here are examples:: + + nsupdate_web_server: "ns1.front.sepia.ceph.com" + pubkey_name: "Kfront.sepia.ceph.com.+157+12548.key" + diff --git a/roles/nsupdate_web/defaults/main.yml b/roles/nsupdate_web/defaults/main.yml new file mode 100644 index 00000000..894d9fbe --- /dev/null +++ b/roles/nsupdate_web/defaults/main.yml @@ -0,0 +1,15 @@ +--- +packages: [] +nsupdate_web_user: "nsupdate" +nsupdate_web_port: "8080" +nsupdate_web_ttl: "60" +virtualenv_path: "~/venv" +python_version: "python3" +nsupdate_web_repo: "https://github.com/ceph/nsupdate-web.git" +nsupdate_web_path: "/home/{{ nsupdate_web_user }}/nsupdate_web" +nsupdate_web_branch: "main" +# The public and private keys must be manually placed on the host; +# The pubkey name must be provided - most likely via group_vars +pubkey_name: "your_pubkey.key" +keys_dir: "/home/{{ nsupdate_web_user }}/keys" +allow_hosts: "" diff --git a/roles/nsupdate_web/tasks/main.yml b/roles/nsupdate_web/tasks/main.yml new file mode 100644 index 00000000..ae78e0ce --- /dev/null +++ b/roles/nsupdate_web/tasks/main.yml @@ -0,0 +1,113 @@ +--- +- name: Build args to pass to nsupdate_web + set_fact: + nsupdate_web_args: "--ttl {{ nsupdate_web_ttl }} -d {{ lab_domain }} -K {{ keys_dir }}/{{ pubkey_name }} -s {{ nsupdate_web_server }}{% if allow_hosts %} -a {{ allow_hosts }}{% endif %}" + +- name: Including major version specific variables. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower | replace(' ', '_') }}_{{ ansible_distribution_major_version }}.yml" + - empty.yml + +- name: Install packages + package: + name: "{{ item }}" + state: latest + with_items: "{{ packages }}" + +- name: Create nsupdate group + group: + name: "{{ nsupdate_web_user }}" + state: present + system: true + +- name: Create nsupdate user + user: + name: "{{ nsupdate_web_user }}" + group: "{{ nsupdate_web_user }}" + state: present + system: true + shell: "/bin/false" + +- name: Make sure keys_dir exists + file: + path: "{{ keys_dir }}" + state: directory + owner: "{{ nsupdate_web_user }}" + group: "{{ nsupdate_web_user }}" + when: "'{{ secrets_path }}/{{ pubkey_name }}' is file" + +- name: Copy .key and .private keys to keys_dir + copy: + src: "{{ item }}" + dest: "{{ keys_dir }}/" + owner: "{{ nsupdate_web_user }}" + group: "{{ nsupdate_web_user }}" + with_fileglob: + - "{{ secrets_path }}/{{ pubkey_name | regex_replace('\\.[^\\.]+$', '') }}.*" + when: "'{{ secrets_path }}/{{ pubkey_name }}' is file" + +- name: Clone nsupdate_web repo + git: + repo: "{{ nsupdate_web_repo }}" + dest: "{{ nsupdate_web_path }}" + version: "{{ nsupdate_web_branch }}" + become_user: "{{ nsupdate_web_user }}" + +- name: Create/update virtualenv + pip: + name: pip + virtualenv_python: "{{ python_version }}" + virtualenv: "{{ virtualenv_path }}" + become_user: "{{ nsupdate_web_user }}" + +- name: Set up nsupdate_web + shell: "source {{ virtualenv_path }}/bin/activate && python setup.py develop" + args: + chdir: "{{ nsupdate_web_path }}" + executable: "/bin/bash" + become_user: "{{ nsupdate_web_user }}" + +- name: Ship systemd service + template: + src: nsupdate-web.service + dest: "/etc/systemd/system/" + owner: root + group: root + mode: 0644 + register: ship_service + +- name: Reload systemd and enable/restart service + # We use the systemd module here so we can use the daemon_reload feature, + # since we're shipping the .service file ourselves + systemd: + name: nsupdate-web + daemon_reload: true + enabled: true + state: restarted + when: ship_service is changed + +- name: Ship nginx configuration + template: + src: "nsupdate_web_nginx_{{ ansible_distribution | lower | replace(' ', '_') }}_{{ ansible_distribution_major_version }}" + dest: "{{ nginx_available }}/nsupdate_web" + owner: root + group: root + mode: 0644 + +- name: Disable default nginx configuration + file: + path: "{{ nginx_enabled }}/default" + state: absent + +- name: Enable our nginx configuration + file: + src: "{{ nginx_available }}/nsupdate_web" + dest: "{{ nginx_enabled }}/{{ nsupdate_web_conf }}" + state: link + +- name: Enable and restart nginx + service: + name: nginx + enabled: true + state: restarted diff --git a/roles/nsupdate_web/templates/nsupdate-web.service b/roles/nsupdate_web/templates/nsupdate-web.service new file mode 100644 index 00000000..081c7028 --- /dev/null +++ b/roles/nsupdate_web/templates/nsupdate-web.service @@ -0,0 +1,12 @@ +# {{ ansible_managed }} +[Unit] +Description=DDNS HTTP update service. + +[Service] +Type=simple +User={{ nsupdate_web_user }} +Group={{ nsupdate_web_user }} +ExecStart=/usr/bin/python3 {{ nsupdate_web_path }}/ddns-server.py -p {{ nsupdate_web_port }} {{ nsupdate_web_args }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/nsupdate_web/templates/nsupdate_web_nginx_opensuse_leap_15 b/roles/nsupdate_web/templates/nsupdate_web_nginx_opensuse_leap_15 new file mode 100644 index 00000000..d9054d33 --- /dev/null +++ b/roles/nsupdate_web/templates/nsupdate_web_nginx_opensuse_leap_15 @@ -0,0 +1,7 @@ +server { + listen 80; + + location = /update { + proxy_pass http://localhost:{{ nsupdate_web_port }}; + } +} diff --git a/roles/nsupdate_web/templates/nsupdate_web_nginx_ubuntu_16 b/roles/nsupdate_web/templates/nsupdate_web_nginx_ubuntu_16 new file mode 100644 index 00000000..0a73d8e8 --- /dev/null +++ b/roles/nsupdate_web/templates/nsupdate_web_nginx_ubuntu_16 @@ -0,0 +1,8 @@ +server { + listen 80; + + location = /update { + include proxy_params; + proxy_pass http://localhost:{{ nsupdate_web_port }}; + } +} diff --git a/roles/nsupdate_web/vars/opensuse_leap_15.yml b/roles/nsupdate_web/vars/opensuse_leap_15.yml new file mode 100644 index 00000000..2de26aa3 --- /dev/null +++ b/roles/nsupdate_web/vars/opensuse_leap_15.yml @@ -0,0 +1,9 @@ +packages: + - git + - python3 + - python3-virtualenv + - bind-utils + - nginx +nginx_available: "/etc/nginx" +nginx_enabled: "/etc/nginx/vhosts.d" +nsupdate_web_conf: "nsupdate_web.conf" diff --git a/roles/nsupdate_web/vars/opensuse_leap_42.yml b/roles/nsupdate_web/vars/opensuse_leap_42.yml new file mode 100644 index 00000000..9268a574 --- /dev/null +++ b/roles/nsupdate_web/vars/opensuse_leap_42.yml @@ -0,0 +1,8 @@ +packages: + - git + - python3 + - python3-virtualenv + - bind-utils + - nginx +nginx_available: "/etc/nginx" +nginx_enabled: "/etc/nginx/vhosts.d" diff --git a/roles/nsupdate_web/vars/ubuntu_16.yml b/roles/nsupdate_web/vars/ubuntu_16.yml new file mode 100644 index 00000000..d4761cdb --- /dev/null +++ b/roles/nsupdate_web/vars/ubuntu_16.yml @@ -0,0 +1,10 @@ +packages: + - git + - python3-minimal + - virtualenv + - dnsutils + - nginx + +nginx_available: "/etc/nginx/sites-available" +nginx_enabled: "/etc/nginx/sites-enabled" +nsupdate_web_conf: "nsupdate_web" diff --git a/roles/ntp-server/README.rst b/roles/ntp-server/README.rst new file mode 100644 index 00000000..f085180f --- /dev/null +++ b/roles/ntp-server/README.rst @@ -0,0 +1,25 @@ +ntp-server +========== + +This role is used to set up and configure an NTP server on RHEL or CentOS 7 using NTPd or Chronyd. + +Notes ++++++ + +Virtual machines should not be used as NTP servers. + +Red Hat best practices were followed: https://access.redhat.com/solutions/778603 + +Variables ++++++++++ + ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ +|Variable |Description | ++========================================================+===========================================================================================================================+ +|:: |A list of LANs that are permitted to query the NTP server running on the host. | +| | | +| ntp_permitted_lans: | | +| - 192.168.0.0/24 |Must be in CIDR format as shown. | +| - 172.20.20.0/20 | | +| | | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+ diff --git a/roles/ntp-server/tasks/main.yml b/roles/ntp-server/tasks/main.yml new file mode 100644 index 00000000..dd6fba4f --- /dev/null +++ b/roles/ntp-server/tasks/main.yml @@ -0,0 +1,119 @@ +--- +- name: Check if ntp package installed + command: rpm -q ntp + ignore_errors: true + register: ntp_installed + +- name: Check if chrony package installed + command: rpm -q chrony + ignore_errors: true + register: chrony_installed + +# Use NTP if neither time service is installed +- set_fact: + use_ntp: true + use_chrony: false + when: + - ntp_installed.rc != 0 + - chrony_installed.rc != 0 + +# Use NTP if it's installed and Chrony isn't +- set_fact: + use_ntp: true + use_chrony: false + when: + - ntp_installed.rc == 0 + - chrony_installed.rc != 0 + +# Use Chrony if it's installed and NTP isn't +- set_fact: + use_ntp: false + use_chrony: true + when: + - ntp_installed.rc != 0 + - chrony_installed.rc == 0 + +# It's unlikely we have four baremetal hosts doing nothing but serving as NTP servers. +# Thus, we shouldn't go uninstalling anything since either package could be a dependency +# of an already running service. +- fail: + msg: "Both NTP and Chrony are installed. Check dependencies before removing either package and proceeding." + when: + - ntp_installed.rc == 0 + - chrony_installed.rc == 0 + +- name: Install and update ntp package + yum: + name: ntp + state: latest + when: use_ntp == true + +- name: Install and update chrony package + yum: + name: chrony + state: latest + when: use_chrony == true + +- name: Write NTP config file + template: + src: ntp.conf.j2 + dest: /etc/ntp.conf + register: conf_written + when: use_ntp == true + +- name: Write chronyd config file + template: + src: chrony.conf.j2 + dest: /etc/chrony.conf + register: conf_written + when: use_chrony == true + +- name: Start and enable NTP service + service: + name: ntpd + state: started + enabled: yes + when: use_ntp == true + +- name: Start and enable chronyd service + service: + name: chronyd + state: started + enabled: yes + when: use_chrony == true + +- name: Restart NTP service when conf changed + service: + name: ntpd + state: restarted + when: + - conf_written is changed + - use_ntp == true + +- name: Restart chronyd service when conf changed + service: + name: chronyd + state: restarted + when: + - conf_written is changed + - use_chrony == true + +- name: Check for firewalld + command: firewall-cmd --state + failed_when: false + register: firewalld_state + +- name: Allow NTP traffic through firewalld + firewalld: + service: ntp + permanent: true + immediate: true + state: enabled + when: firewalld_state.rc == 0 + +- name: Allow NTP traffic through iptables + command: "{{ item }}" + with_items: + - "iptables -I INPUT -p udp -m udp --dport 123 -j ACCEPT" + - "service iptables save" + when: firewalld_state.rc != 0 diff --git a/roles/ntp-server/templates/chrony.conf.j2 b/roles/ntp-server/templates/chrony.conf.j2 new file mode 100644 index 00000000..06217339 --- /dev/null +++ b/roles/ntp-server/templates/chrony.conf.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +# Allow these networks to query this NTP server +{% for lan in ntp_permitted_lans %} +allow {{ lan }} +{% endfor %} + +# Get time from these public hosts +server 0.rhel.pool.ntp.org +server 1.rhel.pool.ntp.org +server 2.rhel.pool.ntp.org +server 3.rhel.pool.ntp.org + +log measurements statistics tracking + +logdir /var/log/chrony diff --git a/roles/ntp-server/templates/ntp.conf.j2 b/roles/ntp-server/templates/ntp.conf.j2 new file mode 100644 index 00000000..6df1d7cd --- /dev/null +++ b/roles/ntp-server/templates/ntp.conf.j2 @@ -0,0 +1,37 @@ +# {{ ansible_managed }} + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Allow these networks to query this NTP server +{% for lan in ntp_permitted_lans %} +restrict {{ lan | ipaddr('network') }} mask {{ lan | ipaddr('netmask') }} nomodify notrap +{% endfor %} + +# Get time from these public hosts +server 0.rhel.pool.ntp.org +server 1.rhel.pool.ntp.org +server 2.rhel.pool.ntp.org +server 3.rhel.pool.ntp.org + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Enable writing of statistics records. +statistics clockstats cryptostats loopstats peerstats sysstats rawstats diff --git a/roles/packages/README.rst b/roles/packages/README.rst new file mode 100644 index 00000000..dd7ea60e --- /dev/null +++ b/roles/packages/README.rst @@ -0,0 +1,34 @@ +Packages +======== + +This role is used to install and remove packages. + +Usage ++++++ + +To install packages, use --extra-vars and pass in lists of packages you +wish to install for both yum and apt based systems. + +For example:: + + ansible-playbook packages.yml --extra-vars='{"yum_packages": "foo", "apt_packages": ["foo", "bar"]}' + +To remove packages, use --extra-vars and pass in the list of packages you wish +to remove while also including the ``cleanup`` variable. + +For example:: + + ansible-playbook packages.yml --extra-vars='{"yum_packages": "foo", "cleanup": true}' + +The following is an example of how you might accomplish this in a teuthology job:: + + tasks: + - ansible: + repo: https://github.com/ceph/ceph-cm-ansible.git + playbook: packages.yml + cleanup: true + vars: + yum_packages: "foo" + apt_packages: + - "foo" + - "bar" diff --git a/roles/packages/defaults/main.yml b/roles/packages/defaults/main.yml new file mode 100644 index 00000000..0d928a48 --- /dev/null +++ b/roles/packages/defaults/main.yml @@ -0,0 +1,8 @@ +--- +# When cleanup is true the tasks being used might +# perform cleanup steps if applicable. +cleanup: false + +apt_packages: [] + +yum_packages: [] diff --git a/roles/packages/tasks/cleanup.yml b/roles/packages/tasks/cleanup.yml new file mode 100644 index 00000000..43c934f1 --- /dev/null +++ b/roles/packages/tasks/cleanup.yml @@ -0,0 +1,6 @@ +--- +- debug: msg="Performing cleanup related tasks..." + +- import_tasks: packages.yml + vars: + state: "absent" diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml new file mode 100644 index 00000000..29b24b3b --- /dev/null +++ b/roles/packages/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# These are tasks which perform actions corresponding to the names of +# the variables they use. For example, `disable_yum_repos` would actually +# disable all repos defined in that list. +- import_tasks: setup.yml + when: not cleanup + +# These are tasks which reverse the actions corresponding to the names of +# the variables they use. For example, `disable_yum_repos` would actually +# enable all repos defined in that list. The primary use for this is through +# teuthology, so that you can tell a teuthology run to disable a set of repos +# for the test run but then re-enable them during the teuthology cleanup process. +- import_tasks: cleanup.yml + when: cleanup diff --git a/roles/packages/tasks/packages.yml b/roles/packages/tasks/packages.yml new file mode 100644 index 00000000..1eecd090 --- /dev/null +++ b/roles/packages/tasks/packages.yml @@ -0,0 +1,17 @@ +--- +- name: Install or remove apt packages + apt: + update_cache: true + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ apt_packages }}" + when: apt_packages|length > 0 and + ansible_pkg_mgr == "apt" + +- name: Install or remove yum packages + yum: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ yum_packages }}" + when: yum_packages|length > 0 and + ansible_pkg_mgr == "yum" diff --git a/roles/packages/tasks/setup.yml b/roles/packages/tasks/setup.yml new file mode 100644 index 00000000..42db932d --- /dev/null +++ b/roles/packages/tasks/setup.yml @@ -0,0 +1,4 @@ +--- +- import_tasks: packages.yml + vars: + state: "present" diff --git a/roles/paddles/README.rst b/roles/paddles/README.rst new file mode 100644 index 00000000..60f495f4 --- /dev/null +++ b/roles/paddles/README.rst @@ -0,0 +1,50 @@ +Paddles +========== +This role is used to configure a node to run paddles_. It is able to deploy via two methods: + +1. Using a Docker service to manage replicated containers +2. Cloning paddles_ directly and using supervisord to run it + +Both use postgresql for the database and nginx as a reverse proxy. + +It has been tested on: + +- Ubuntu 18.04 + +Usage ++++++ + +Typically:: + + ansible-playbook -l 'paddles.*' ./paddles.yml + +Variables ++++++++++ + +``paddles_user``: The system account to create and use (Default: paddles) + +``paddles_db_user``: The postgresql account to create and use (Default: paddles) + +``paddles_port``: The port to use for paddles internally (Default: 8080; external port is always 80) + +``paddles_statsd_host``: Optionally send metrics to a statsd host + +``paddles_statsd_prefix``: The prefix to use for statsd metrics + +``paddles_sentry_dsn``: Optionally send errors to a Sentry DSN + +``paddles_containerized``: Whether or not to deploy containers + +``paddles_container_image``: The container image to use for paddles + +``paddles_container_replicas``: The number of replica containers to run (Default 10) + +``paddles_repo``: Optionally override the paddles git repo - not relevant for containers + +``paddles_branch``: Optionally override the paddles repo branch. +For GitHub pull requests it is also possible to use refs/pull/X/merge or refs/pull/X/head +instead of branch. + +``log_host``: The host where teuthology logs are stored + +.. _paddles: https://github.com/ceph/paddles diff --git a/roles/paddles/defaults/main.yml b/roles/paddles/defaults/main.yml new file mode 100644 index 00000000..ac854c4f --- /dev/null +++ b/roles/paddles/defaults/main.yml @@ -0,0 +1,17 @@ +--- +paddles_user: paddles +paddles_db_user: paddles +paddles_port: 8080 +paddles_statsd_host: "" +paddles_statsd_prefix: "" +paddles_sentry_dsn: "" + +paddles_containerized: false +paddles_container_image: quay.io/ceph-infra/paddles:latest +paddles_container_replicas: 10 + +paddles_repo: https://github.com/ceph/paddles.git +paddles_branch: main + + +log_host: localhost diff --git a/roles/paddles/meta/main.yml b/roles/paddles/meta/main.yml new file mode 100644 index 00000000..3413ff83 --- /dev/null +++ b/roles/paddles/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: secrets + - role: users diff --git a/roles/paddles/tasks/apt_systems.yml b/roles/paddles/tasks/apt_systems.yml new file mode 100644 index 00000000..a7974c1c --- /dev/null +++ b/roles/paddles/tasks/apt_systems.yml @@ -0,0 +1,24 @@ +--- +- name: Include package type specific vars. + include_vars: "apt_systems.yml" + tags: + - always + +- name: Install packages via apt + apt: + name: "{{ paddles_extra_packages|list }}" + state: latest + update_cache: yes + cache_valid_time: 600 + tags: + - packages + +- name: Install docker packages + apt: + name: "{{ paddles_docker_packages|list }}" + state: latest + update_cache: yes + cache_valid_time: 600 + when: paddles_containerized + tags: + - packages diff --git a/roles/paddles/tasks/main.yml b/roles/paddles/tasks/main.yml new file mode 100644 index 00000000..d0621b2d --- /dev/null +++ b/roles/paddles/tasks/main.yml @@ -0,0 +1,77 @@ +--- +- name: Include secrets + include_vars: "{{ secrets_path | mandatory }}/paddles.yml" + no_log: true + tags: + - always + +- name: Set repo location + set_fact: + paddles_repo_path: "/home/{{ paddles_user }}/paddles" + tags: + - always + +- name: Set paddles_address + set_fact: + paddles_address: http://{{ ansible_hostname }}/ + when: paddles_address is not defined or not paddles_address.startswith('http') + tags: + - always + +- name: Set db_host + set_fact: + db_host: "{% if paddles_containerized %}{{ inventory_hostname }}{% else %}localhost{% endif %}" + tags: + - always + +- name: Set db_url + set_fact: + db_url: "postgresql+psycopg2://{{ paddles_db_user }}:{{ db_pass }}@{{ db_host }}/paddles" + no_log: true + tags: + - always + +- import_tasks: zypper_systems.yml + when: ansible_pkg_mgr == "zypper" + +- import_tasks: apt_systems.yml + when: ansible_pkg_mgr == "apt" + +# Yum systems support is not implemented yet. +- import_tasks: yum_systems.yml + when: ansible_pkg_mgr == "yum" + +# Set up the paddles user +- import_tasks: setup_user.yml + +# Set up the actual paddles project +- import_tasks: setup_paddles.yml + when: not paddles_containerized + +# Set up the DB which paddles uses +- import_tasks: setup_db.yml + tags: + - db + +# Set up docker if necessary +- import_tasks: setup_docker.yml + when: paddles_containerized + tags: + - service + +- import_tasks: setup_postgres_exporter.yml + when: paddles_containerized + tags: + - service + - prometheus + +# Configure the system to run paddles as a daemon +- import_tasks: setup_service.yml + when: not paddles_containerized + tags: + - service + +# Configure nginx as a reverse proxy +- import_tasks: nginx.yml + when: + - not ansible_distribution is search("openSUSE") diff --git a/roles/paddles/tasks/nginx.yml b/roles/paddles/tasks/nginx.yml new file mode 100644 index 00000000..7f2c332e --- /dev/null +++ b/roles/paddles/tasks/nginx.yml @@ -0,0 +1,30 @@ +--- +- name: Disable default nginx config + file: + name: /etc/nginx/sites-enabled/default + state: absent + +- name: Ship nginx config + template: + src: nginx.conf + dest: /etc/nginx/sites-available/paddles + +- name: Enable nginx config + file: + src: /etc/nginx/sites-available/paddles + dest: /etc/nginx/sites-enabled/paddles + state: link + +- name: Disable apache httpd + service: + name: "{{ apache_service }}" + enabled: no + state: stopped + failed_when: false + +- name: Enable nginx + service: + name: nginx + enabled: yes + state: reloaded + changed_when: false diff --git a/roles/paddles/tasks/setup_db.yml b/roles/paddles/tasks/setup_db.yml new file mode 100644 index 00000000..d3770359 --- /dev/null +++ b/roles/paddles/tasks/setup_db.yml @@ -0,0 +1,63 @@ +--- +- name: Listen on all interfaces + postgresql_set: + name: listen_addresses + value: "*" + become_user: postgres + register: pg_listen + +- name: Restart postgres to listen on all interfaces + service: + name: postgresql + state: restarted + when: pg_listen is changed + +- name: Create the postgresql database + postgresql_db: + name: paddles + become_user: postgres + register: create_db + +- name: Set up access to the database + postgresql_user: + db: paddles + name: "{{ paddles_db_user }}" + password: "{{ db_pass }}" + become_user: postgres + when: create_db is changed + +- name: Run pecan populate + command: ./virtualenv/bin/pecan populate prod.py + args: + chdir: "{{ paddles_repo_path }}" + become_user: "{{ paddles_user }}" + when: + - create_db is changed + - not paddles_containerized + +- name: Copy alembic config template to alembic.ini + command: cp ./alembic.ini.in alembic.ini + args: + creates: alembic.ini + chdir: "{{ paddles_repo_path }}" + register: alembic_ini + become_user: "{{ paddles_user }}" + when: not paddles_containerized + +- name: Update alembic.ini + lineinfile: + dest: "{{ paddles_repo_path }}/alembic.ini" + line: "sqlalchemy.url = {{ db_url }}" + regexp: "^sqlalchemy.url = " + when: not paddles_containerized + +- name: Set the alembic revision + shell: | + source virtualenv/bin/activate + alembic stamp head + args: + chdir: "{{ paddles_repo_path }}" + when: + - alembic_ini is changed + - not paddles_containerized + become_user: "{{ paddles_user }}" diff --git a/roles/paddles/tasks/setup_docker.yml b/roles/paddles/tasks/setup_docker.yml new file mode 100644 index 00000000..0edfa87b --- /dev/null +++ b/roles/paddles/tasks/setup_docker.yml @@ -0,0 +1,88 @@ +--- +- name: Add paddles_user to the docker group + user: + name: "{{ paddles_user }}" + append: yes + groups: + - docker + +- name: Install docker's python module + become_user: "{{ paddles_user }}" + pip: + name: docker + state: latest + executable: pip3 + extra_args: --user + +- name: Init docker swarm + become_user: "{{ paddles_user }}" + docker_swarm: + state: present + +- name: Create secret for the database URL + become_user: "{{ paddles_user }}" + docker_secret: + name: paddles_sqlalchemy_url + data: "{{ db_url }}" + +- name: Pull the paddles container image + become_user: "{{ paddles_user }}" + docker_image: + name: "{{ paddles_container_image }}" + source: pull + register: image_pull + +- name: Get postgres hba conf file location + postgresql_info: + db: paddles + filter: settings + become_user: postgres + register: pg_info + +- name: Tell postgres to trust the Docker network + postgresql_pg_hba: + dest: "{{ pg_info.settings.hba_file.setting }}" + contype: host + users: all + databases: all + method: md5 + source: "{{ ansible_docker_gwbridge.ipv4.address }}/{{ ansible_docker_gwbridge.ipv4.prefix }}" + +- name: Create docker swarm service + become_user: "{{ paddles_user }}" + docker_swarm_service: + name: paddles + state: present + replicas: "{{ paddles_container_replicas }}" + update_config: + parallelism: 1 + delay: 10s + monitor: 10s + failure_action: rollback + rollback_config: + order: start-first + image: "{{ paddles_container_image }}" + resolve_image: true + force_update: "{{ image_pull.changed }}" + publish: + - published_port: "{{ paddles_port }}" + target_port: 8080 + logging: + driver: journald + options: + tag: paddles + env: + - "PADDLES_ADDRESS={{ paddles_address }}" + - "PADDLES_SERVER_HOST=0.0.0.0" + - "SENTRY_DSN={{ paddles_sentry_dsn }}" + - "PADDLES_STATSD_HOST={{ paddles_statsd_host }}" + - "PADDLES_STATSD_PREFIX={{ paddles_statsd_prefix }}" + - "GUNICORN_CMD_ARGS=--workers=2 --max-requests=10000" + secrets: + - secret_name: paddles_sqlalchemy_url + filename: "/run/secrets/paddles_sqlalchemy_url" + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:8080"] + interval: 1m + timeout: 5s + start_period: 10s diff --git a/roles/paddles/tasks/setup_paddles.yml b/roles/paddles/tasks/setup_paddles.yml new file mode 100644 index 00000000..b20561bc --- /dev/null +++ b/roles/paddles/tasks/setup_paddles.yml @@ -0,0 +1,58 @@ +--- +- name: Determine GitHub Pull Request + set_fact: + paddles_pull: "{{ paddles_branch | regex_replace( '^refs/pull/([^/]+)/.*$', '\\1') }}" + +- name: Clone the repo and checkout pull request branch + git: + repo: "{{ paddles_repo }}" + dest: "{{ paddles_repo_path }}" + version: "pull-{{ paddles_pull }}" + refspec: '+{{ paddles_branch }}:refs/remotes/origin/pull-{{ paddles_pull }}' + become_user: "{{ paddles_user }}" + tags: + - repos + when: paddles_pull is defined and paddles_pull != paddles_branch + +- name: Checkout the repo + git: + repo: "{{ paddles_repo }}" + dest: "{{ paddles_repo_path }}" + version: "{{ paddles_branch }}" + become_user: "{{ paddles_user }}" + tags: + - repos + when: paddles_pull is not defined or paddles_pull == paddles_branch + +- name: Install latest pip via pip + pip: + name: "pip" + state: "latest" + chdir: "{{ paddles_repo_path }}" + virtualenv_python: "python3" + virtualenv: "{{ paddles_repo_path }}/virtualenv" + become_user: "{{ paddles_user }}" +- name: Install requirements via pip + pip: + chdir: "{{ paddles_repo_path }}" + requirements: "./requirements.txt" + virtualenv: "{{ paddles_repo_path }}/virtualenv" + become_user: "{{ paddles_user }}" + +- name: Run setup inside virtualenv + command: "./virtualenv/bin/python setup.py develop" + args: + chdir: "{{ paddles_repo_path }}" + changed_when: false + become_user: "{{ paddles_user }}" + +- name: Ship prod.py + template: + src: prod.py + dest: "{{ paddles_repo_path }}/prod.py" + owner: "{{ paddles_user }}" + group: "{{ paddles_user }}" + mode: 0755 + register: prod_conf + tags: + - config diff --git a/roles/paddles/tasks/setup_postgres_exporter.yml b/roles/paddles/tasks/setup_postgres_exporter.yml new file mode 100644 index 00000000..dffd76e8 --- /dev/null +++ b/roles/paddles/tasks/setup_postgres_exporter.yml @@ -0,0 +1,42 @@ +--- +- name: Add postgres user to the docker group + user: + name: "postgres" + append: yes + groups: + - docker + +- name: Create secret for the database password + become_user: "{{ paddles_user }}" + docker_secret: + name: postgres_exporter_password + data: "{{ db_pass }}" + +- name: Create docker swarm service for postgres exporter + become_user: postgres + docker_swarm_service: + name: postgres-exporter + state: present + replicas: 1 + update_config: + parallelism: 1 + delay: 10s + monitor: 10s + failure_action: rollback + rollback_config: + order: start-first + image: "quay.io/prometheuscommunity/postgres-exporter:latest" + resolve_image: true + publish: + - published_port: 9187 + target_port: 9187 + logging: + driver: journald + options: + tag: prometheus-exporter + env: + - "DATA_SOURCE_URI={{ db_host }}" + - "DATA_SOURCE_USER={{ paddles_db_user }}" + - "DATA_SOURCE_PASS_FILE=/run/secrets/postgres_exporter_password" + secrets: + - secret_name: postgres_exporter_password diff --git a/roles/paddles/tasks/setup_service.yml b/roles/paddles/tasks/setup_service.yml new file mode 100644 index 00000000..057e89b7 --- /dev/null +++ b/roles/paddles/tasks/setup_service.yml @@ -0,0 +1,35 @@ +--- +- name: Make sure supervisor config directory exists + file: + path: "{{ supervisor_conf_d }}" + state: directory + recurse: yes + mode: 0755 + +- name: Ship supervisor config + template: + src: supervisor.conf + dest: "{{ supervisor_conf_d }}/paddles.{{ supervisor_conf_suffix }}" + mode: 0755 + register: supervisor_conf + +- name: Read supervisord config + command: supervisorctl update + when: supervisor_conf is changed + +- name: Ensure paddles is running + supervisorctl: + name: paddles + state: started + +- name: Restart paddles if prod.py changed + supervisorctl: + name: paddles + state: restarted + when: prod_conf is defined and prod_conf is changed + tags: + - config + +- name: Wait for paddles to start + wait_for: + port: "{{ paddles_port }}" diff --git a/roles/paddles/tasks/setup_user.yml b/roles/paddles/tasks/setup_user.yml new file mode 100644 index 00000000..1fe7fd05 --- /dev/null +++ b/roles/paddles/tasks/setup_user.yml @@ -0,0 +1,14 @@ +--- +- name: Create group + group: + name: "{{ paddles_user }}" + state: present + tags: + - user +- name: Create user + user: + name: "{{ paddles_user }}" + state: present + shell: /bin/bash + tags: + - user diff --git a/roles/paddles/tasks/yum_systems.yml b/roles/paddles/tasks/yum_systems.yml new file mode 100644 index 00000000..3d786868 --- /dev/null +++ b/roles/paddles/tasks/yum_systems.yml @@ -0,0 +1,4 @@ +--- +- name: Fail on yum systems as support is not implemented + fail: + msg: "yum systems are not supported at this time" diff --git a/roles/paddles/tasks/zypper_systems.yml b/roles/paddles/tasks/zypper_systems.yml new file mode 100644 index 00000000..3e874932 --- /dev/null +++ b/roles/paddles/tasks/zypper_systems.yml @@ -0,0 +1,55 @@ +--- +- name: Fail on zypper systems if paddles_containerized is set + fail: + msg: "'paddles_containerized' is not yet supported on zypper systems" + when: paddles_containerized + +- name: Include package type specific vars. + include_vars: "zypper_systems.yml" + tags: + - always + +- name: Install packages via zypper + zypper: + name: "{{ paddles_extra_packages|list }}" + state: latest + update_cache: yes + tags: + - packages + +- name: Enable and start database + service: + name: postgresql + state: started + enabled: yes + +- name: Enable and start supervisor + service: + name: supervisord + state: started + enabled: yes + +- name: Disable ProtectHome=true for supervisor + lineinfile: + path: "/etc/systemd/system/multi-user.target.wants/supervisord.service" + state: present + regexp: "^(ProtectHome=true.*)" + line: '#\1' + backrefs: yes + +- name: Reload supervisor + service: + name: supervisord + state: restarted + daemon_reload: yes + +- name: Setup hba_conf + lineinfile: + path: "/var/lib/pgsql/data/pg_hba.conf" + insertafter: "^#\\s+TYPE\\s+DATABASE\\s+USER\\s+ADDRESS\\s+METHOD.*" + line: "host paddles {{ paddles_user }} ::1/128 trust" + +- name: Reload database + service: + name: postgresql + state: reloaded diff --git a/roles/paddles/templates/nginx.conf b/roles/paddles/templates/nginx.conf new file mode 100644 index 00000000..ada59881 --- /dev/null +++ b/roles/paddles/templates/nginx.conf @@ -0,0 +1,15 @@ +server { + server_name {{ inventory_hostname }}; + listen 80; + gzip on; + gzip_types text/plain application/json; + gzip_proxied any; + proxy_send_timeout 600; + proxy_connect_timeout 240; + location / { + proxy_pass http://127.0.0.1:{{ paddles_port }}/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + +} diff --git a/roles/paddles/templates/prod.py b/roles/paddles/templates/prod.py new file mode 100644 index 00000000..ac01b2b0 --- /dev/null +++ b/roles/paddles/templates/prod.py @@ -0,0 +1,64 @@ +# {{ ansible_managed }} +from paddles.hooks import IsolatedTransactionHook +from paddles import models +from paddles.hooks.cors import CorsHook + +server = { + 'port': '8080', + 'host': '127.0.0.1' +} + +address = '{{ paddles_address }}' +job_log_href_templ = 'http://{{ log_host }}/teuthology/{run_name}/{job_id}/teuthology.log' # noqa +default_latest_runs_count = 25 + +sqlalchemy = { + 'url': '{{ db_url }}', + 'echo': True, + 'echo_pool': True, + 'pool_recycle': 3600, + 'encoding': 'utf-8' +} + +app = { + 'root': 'paddles.controllers.root.RootController', + 'modules': ['paddles'], + 'template_path': '%(confdir)s/paddles/templates', + 'default_renderer': 'json', + 'guess_content_type_from_ext': False, + 'debug': False, + 'hooks': [ + IsolatedTransactionHook( + models.start, + models.start_read_only, + models.commit, + models.rollback, + models.clear + ), + CorsHook(), + ], +} + +logging = { + 'disable_existing_loggers': False, + 'loggers': { + 'root': {'level': 'INFO', 'handlers': ['console']}, + 'paddles': {'level': 'DEBUG', 'handlers': ['console']}, + 'sqlalchemy': {'level': 'WARN'}, + 'py.warnings': {'handlers': ['console']}, + '__force_dict__': True + }, + 'handlers': { + 'console': { + 'level': 'DEBUG', + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + } + }, + 'formatters': { + 'simple': { + 'format': ('%(asctime)s %(levelname)-5.5s [%(name)s]' + ' %(message)s') + } + } +} diff --git a/roles/paddles/templates/supervisor.conf b/roles/paddles/templates/supervisor.conf new file mode 100644 index 00000000..a1fb596d --- /dev/null +++ b/roles/paddles/templates/supervisor.conf @@ -0,0 +1,11 @@ +# {{ ansible_managed }} +[program:paddles] +user={{ paddles_user }} +environment=HOME="/home/{{ paddles_user }}",USER="{{ paddles_user }}" +directory=/home/{{ paddles_user }}/paddles +command=/home/{{ paddles_user }}/paddles/virtualenv/bin/gunicorn_pecan -c gunicorn_config.py prod.py +autostart=true +autorestart=true +redirect_stderr=true +stdout_logfile = /home/{{ paddles_user }}/paddles.out.log +stderr_logfile = /home/{{ paddles_user }}/paddles.err.log diff --git a/roles/paddles/vars/apt_systems.yml b/roles/paddles/vars/apt_systems.yml new file mode 100644 index 00000000..3c1b1eee --- /dev/null +++ b/roles/paddles/vars/apt_systems.yml @@ -0,0 +1,27 @@ +--- +paddles_extra_packages: + # The following is a requirement of ansible's postgresql module + - python3-psycopg2 + # The following packages are requirements for running paddles + - git-all + - python3-dev + - python3-pip + - python3-virtualenv + - virtualenv + - postgresql + - postgresql-contrib + - postgresql-server-dev-all + - supervisor + # We use nginx to reverse-proxy + - nginx + - liblz4-tool + +paddles_docker_packages: + - docker.io + - python3-docker + +# We need this so we can disable apache2 to get out of the way of nginx +apache_service: 'apache2' + +supervisor_conf_d: /etc/supervisor/conf.d +supervisor_conf_suffix: conf diff --git a/roles/paddles/vars/yum_systems.yml b/roles/paddles/vars/yum_systems.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/roles/paddles/vars/yum_systems.yml @@ -0,0 +1 @@ +--- diff --git a/roles/paddles/vars/zypper_systems.yml b/roles/paddles/vars/zypper_systems.yml new file mode 100644 index 00000000..ee913f27 --- /dev/null +++ b/roles/paddles/vars/zypper_systems.yml @@ -0,0 +1,24 @@ +--- +paddles_extra_packages: + # The following is a requirement of ansible's postgresql module + - python-psycopg2 + # The following packages are requirements for running paddles + - gcc + - git + - python3-devel + - python3-pip + - python3-virtualenv + - postgresql + - postgresql-contrib + - postgresql-devel + - postgresql-server + - supervisor + # We use nginx to reverse-proxy + - nginx + +# We need this so we can disable apache2 to get out of the way of nginx +apache_service: 'apache2' + +#supervisor_conf_d: /etc/supervisor/conf.d +supervisor_conf_d: /etc/supervisord.d +supervisor_conf_suffix: conf diff --git a/roles/pcp/README.rst b/roles/pcp/README.rst new file mode 100644 index 00000000..6bcac56f --- /dev/null +++ b/roles/pcp/README.rst @@ -0,0 +1,71 @@ +PCP +=== +This role is used to configure a node to run PCP_. + +PCP's main function is to collect performance-related metrics. By default, this +role will set up each node as a ``pcp_collector``. It is also capable of +installing and configuring the necessary packages to act as a ``pcp_manager``, +collecting data from all the ``pcp_collector`` nodes; and also as a ``pcp_web`` +host, providing various web UIs to display the data graphically. + +These distros should be fully supported: + +- CentOS 7 +- Ubuntu 14.04 (Trusty) + +These distros are supported as ``pcp_collector`` nodes: + +- CentOS 6 +- Debian 8 +- Fedora 22 (Only via ansible 2) + +.. _PCP: https://github.com/performancecopilot/pcp + +Variables ++++++++++ + +Defaults for these variables are defined in ``roles/pcp/defaults/main.yml``. + +To use upstream-provided packages instead of the distro's packages, set:: + + upstream_repo: true + +To tell a given host to collect performance data using ``pmcd``, and to run +``pmlogger`` to create archive logs:: + + pcp_collector: true + +To tell the host to aggregate data from other systems using ``pmmgr`` and +corresponding ``pmlogger`` processes for each ``pcp_collector`` node:: + + pcp_manager: true + +To tell a ``pcp_manager`` host to use Avahi to auto-discover other hosts running PCP:: + + pcp_use_avahi: true + +To tell a ``pcp_manager`` host to probe hosts on its local network for the PCP service:: + + pcp_probe: true + +To tell a ``pcp_manager`` host to use a larger timeout when attempting to +connect to hosts that it monitors (in seconds):: + + pmcd_connect_timeout: 1 + +To tell a ``pcp_manager`` host to retain full-resolution archives for a year +(format is a `PCP time window`_):: + + pmlogmerge_retain: "365days" + +To tell a ``pcp_manager`` host to delete reduced archives after two years +(format is a `PCP time window`_):: + + pmlogmerge_reduce: "730days" + +To tell a ``pcp_manager`` host to run PCP's various web UIs:: + + pcp_web: true + + +.. _PCP time window: http://www.pcp.io/books/PCP_UAG/html/LE14729-PARENT.html diff --git a/roles/pcp/defaults/main.yml b/roles/pcp/defaults/main.yml new file mode 100644 index 00000000..0cd40919 --- /dev/null +++ b/roles/pcp/defaults/main.yml @@ -0,0 +1,25 @@ +--- +# Whether or not to use upstream repos +upstream_repo: false + +## PCP Collector options +# Set the host up to collect data +pcp_collector: true + +## PCP Manager options +# Set the host up to be able to monitor other systems +pcp_manager: false +# Whether or not to use avahi to auto-discover hosts +pcp_use_avahi: false +# Whether or not to probe the local network to auto-discover hosts +pcp_probe: false +# PMCD_CONNECT_TIMEOUT in /etc/pcp/pmmgr/pmmgr.options +pmcd_connect_timeout: "0.1" +# How long to keep full-resolution archives before reducing to save space +pmlogmerge_retain: "90days" +# How long before deleting reduced archives +pmlogmerge_reduce: "99999weeks" + +## PCP Web UI options +# Set up the web UI +pcp_web: false diff --git a/roles/pcp/files/1h1m.json b/roles/pcp/files/1h1m.json new file mode 100644 index 00000000..f3f53857 --- /dev/null +++ b/roles/pcp/files/1h1m.json @@ -0,0 +1,367 @@ +{ + "id": null, + "title": "past 1h every 1m", + "originalTitle": "past 1h every 1m", + "tags": [], + "style": "light", + "timezone": "utc", + "editable": true, + "hideControls": false, + "sharedCrosshair": false, + "rows": [ + { + "title": "load", + "height": "200px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "span": 12, + "editable": true, + "type": "graph", + "x-axis": true, + "y-axis": true, + "scale": 1, + "y_formats": [ + "short", + "short" + ], + "grid": { + "max": null, + "min": null, + "leftMax": null, + "rightMax": null, + "leftMin": null, + "rightMin": null, + "threshold1": null, + "threshold2": null, + "threshold1Color": "rgba(216, 200, 27, 0.27)", + "threshold2Color": "rgba(234, 112, 112, 0.22)" + }, + "resolution": 100, + "lines": true, + "fill": 1, + "linewidth": 2, + "points": false, + "pointradius": 5, + "bars": false, + "stack": false, + "spyable": true, + "options": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "interactive": true, + "legend_counts": true, + "timezone": "utc", + "percentage": false, + "zerofill": true, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "cumulative", + "shared": false + }, + "targets": [ + { + "target": "*.kernel.all.load.1 minute" + } + ], + "aliasColors": {}, + "title": "1-minute load average", + "id": 2, + "datasource": null, + "renderer": "flot", + "seriesOverrides": [] + } + ], + "notice": false + }, + { + "net": "demo2", + "height": "200px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "span": 12, + "editable": true, + "type": "graph", + "x-axis": true, + "y-axis": true, + "scale": 1, + "y_formats": [ + "short", + "short" + ], + "grid": { + "max": null, + "min": null, + "leftMax": null, + "rightMax": null, + "leftMin": null, + "rightMin": null, + "threshold1": null, + "threshold2": null, + "threshold1Color": "rgba(216, 200, 27, 0.27)", + "threshold2Color": "rgba(234, 112, 112, 0.22)" + }, + "resolution": 100, + "lines": true, + "fill": 1, + "linewidth": 2, + "points": false, + "pointradius": 5, + "bars": false, + "stack": false, + "spyable": true, + "options": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "interactive": true, + "legend_counts": true, + "timezone": "utc", + "percentage": false, + "zerofill": true, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "cumulative", + "shared": false + }, + "targets": [ + { + "target": "*.network.interface.*.bytes.*" + } + ], + "aliasColors": {}, + "title": "network i/o bytes/s", + "id": 3, + "datasource": null, + "renderer": "flot", + "seriesOverrides": [], + "links": [] + } + ], + "notice": false + }, + { + "disk": "demo3", + "height": "200px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "span": 12, + "editable": true, + "type": "graph", + "x-axis": true, + "y-axis": true, + "scale": 1, + "y_formats": [ + "short", + "short" + ], + "grid": { + "max": null, + "min": null, + "leftMax": null, + "rightMax": null, + "leftMin": null, + "rightMin": null, + "threshold1": null, + "threshold2": null, + "threshold1Color": "rgba(216, 200, 27, 0.27)", + "threshold2Color": "rgba(234, 112, 112, 0.22)" + }, + "resolution": 100, + "lines": true, + "fill": 1, + "linewidth": 2, + "points": false, + "pointradius": 5, + "bars": false, + "stack": false, + "spyable": true, + "options": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "interactive": true, + "legend_counts": true, + "timezone": "utc", + "percentage": false, + "zerofill": true, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "cumulative", + "shared": false + }, + "targets": [ + { + "target": "*.disk.all.read_bytes" + }, + { + "target": "*.disk.all.write_bytes" + } + ], + "aliasColors": {}, + "title": "disk read/write kbytes/s", + "id": 4, + "datasource": null, + "renderer": "flot", + "seriesOverrides": [] + } + ], + "notice": false + }, + { + "mem": "demo3", + "height": "200px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "span": 12, + "editable": true, + "type": "graph", + "x-axis": true, + "y-axis": true, + "scale": 1, + "y_formats": [ + "short", + "short" + ], + "grid": { + "max": null, + "min": null, + "leftMax": null, + "rightMax": null, + "leftMin": null, + "rightMin": null, + "threshold1": null, + "threshold2": null, + "threshold1Color": "rgba(216, 200, 27, 0.27)", + "threshold2Color": "rgba(234, 112, 112, 0.22)" + }, + "resolution": 100, + "lines": true, + "fill": 1, + "linewidth": 2, + "points": false, + "pointradius": 5, + "bars": false, + "stack": false, + "spyable": true, + "options": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "interactive": true, + "legend_counts": true, + "timezone": "utc", + "percentage": false, + "zerofill": true, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "cumulative", + "shared": false + }, + "targets": [ + { + "target": "*.mem.util.available" + }, + { + "target": "*.mem.util.used" + } + ], + "aliasColors": {}, + "title": "available/used memory kbytes", + "id": 5, + "datasource": null, + "renderer": "flot", + "seriesOverrides": [] + } + ], + "notice": false + } + ], + "nav": [ + { + "type": "timepicker", + "collapse": false, + "notice": false, + "enable": true, + "status": "Stable", + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "now": true + } + ], + "time": { + "from": "now-1h", + "to": "now" + }, + "templating": { + "list": [], + "enable": false + }, + "annotations": { + "list": [] + }, + "refresh": "1m", + "version": 6, + "hideAllLegends": false +} diff --git a/roles/pcp/files/index.js b/roles/pcp/files/index.js new file mode 100644 index 00000000..97a3502d --- /dev/null +++ b/roles/pcp/files/index.js @@ -0,0 +1,229 @@ +/*jslint indent: 2 nomen: true */ +"use strict"; + +// This is what's in scope at this point +var window, document, ARGS, $, jQuery, moment, kbn, _; + +var USAGE = { + title: "Invalid or missing argument", + content: "Arguments taken by this dashboard are:\n\n" + + "``hosts``: A comma-separated list of hosts to monitor (required)\n\n" + + "``title``: The title of the dashboard (default: the hosts list)\n\n" + + "``time_from``: The start of the time window (default: 'now-1h')\n\n" + + "``time_to``: The end of the time window (ignored if time_from is not set)\n\n" + + "``refresh``: How often to refresh the dashboard (default: never)\n\n" + + "All arguments are to be passed as a [query string](https://en.wikipedia.org/wiki/Query_string)", + error: true, +}; + +// This is the base configuration for the dashboard +var dashboard_stub = { + rows: [], + services: {}, + time: { + from: "now-1h", + to: "now", + }, + timezone: "utc", + editable: "true", + nav: [ + { + type: "timepicker", + collapse: false, + notice: false, + enable: true, + status: "Stable", + time_options: + ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"], + refresh_intervals: + ["1m", "5m", "15m", "30m", "1h", "6h", "1d"], + now: false, + }, + ], +}; + +// This is the base configuration for each row +var row_stub = { + showTitle: true, + height: '300px', + panels: [], +}; + +// This is the base configuration for each panel +var graph_panel_stub = { + type: 'graph', + editable: true, + collapse: false, + collapsable: true, + legend_counts: true, + legend: { + show: false, + values: false, + min: false, + max: false, + current: false, + total: false, + avg: false + }, + spyable: true, + options: false, +}; + +// This represents each of the panels that we want. +// Each row may contain multiple panels. +// Each panel has a title and one or more metrics. +var dashboard_rows = [ + { + title: "load (1 minute)", + panels: [ + { + metrics: ["kernel.all.load.1 minute"], + }, + ], + }, + { + title: "network (bytes/s)", + panels: [ + // We use e* here to select only Ethernet interfaces and ignore + // loopbacks + { + title: "in", + metrics: ["network.interface.in.bytes.e*"], + span: 6, + }, + { + title: "out", + metrics: ["network.interface.out.bytes.e*"], + span: 6, + }, + ], + }, + { + title: "disk (kbytes)", + panels: [ + { + title: "read", + metrics: ["disk.all.read_bytes"], + span: 6, + }, + { + title: "write", + metrics: ["disk.all.write_bytes"], + span: 6, + }, + ], + }, + { + title: "memory (kbytes)", + panels: [ + { + title: "free", + metrics: ["mem.util.free"], + span: 6, + }, + { + title: "used", + metrics: ["mem.util.used"], + span: 6, + }, + ], + }, +]; + +var text_panel_stub = { + title: "", + type: "text", + mode: "markdown", + content: "", + error: false, +}; + +function get_text_panel(values) { + // values is a hash that optionally overrides text_panel_stub's values. + var panel; + panel = $.extend(true, text_panel_stub, values); + return panel; +} + +function set_targets(rows_base, hosts) { + // Now let's flesh out our row values. For each row we want, we need to + // create a set of 'targets' which consist of wildcarded host values + // concatenated with each metric we want. + var i_row, i_panel, i_metric, i_host, row_templ, panel, metrics, metric, host; + for (i_row = 0; i_row < rows_base.length; i_row += 1) { + row_templ = rows_base[i_row]; + for (i_panel = 0; i_panel < row_templ.panels.length; i_panel += 1) { + panel = row_templ.panels[i_panel]; + panel.targets = []; + metrics = panel.metrics; + for (i_metric = 0; i_metric < metrics.length; i_metric += 1) { + metric = metrics[i_metric]; + for (i_host = 0; i_host < hosts.length; i_host += 1) { + host = hosts[i_host]; + panel.targets.push( + {target: '*' + host + '*.' + metric} + ); + } + } + } + } + return rows_base; +} + +function build_dashboard(rows_base) { + var dashboard, i_row, row_templ, row, i_panel, panel; + dashboard = $.extend(true, {}, dashboard_stub); + for (i_row = 0; i_row < rows_base.length; i_row += 1) { + row_templ = rows_base[i_row]; + row = $.extend(true, {}, row_stub); + row.title = row_templ.title; + for (i_panel = 0; i_panel < row_templ.panels.length; i_panel += 1) { + panel = $.extend(true, {}, graph_panel_stub, row_templ.panels[i_panel]); + row.panels.push(panel); + } + dashboard.rows.push(row); + } + return dashboard; +} + +function main(callback) { + var dashboard, hosts, title, rows, panel; + if (!_.isUndefined(ARGS.hosts)) { + hosts = ARGS.hosts.split(','); + // We provide a default title based on the hosts arg, but it may be + // overridden via the title arg + title = hosts.join(', '); + rows = set_targets(dashboard_rows, hosts); + } else { + title = 'usage'; + panel = get_text_panel(USAGE); + rows = [{ + title: "error", + panels: [panel], + }]; + } + dashboard = build_dashboard(rows); + if (!_.isUndefined(ARGS.refresh)) { + dashboard.refresh = ARGS.refresh; + } + if (!_.isUndefined(ARGS.time_from)) { + dashboard.time.from = ARGS.time_from; + if (!_.isUndefined(ARGS.time_to)) { + dashboard.time.to = ARGS.time_to; + } + } + if (!_.isUndefined(ARGS.title)) { + title = ARGS.title; + } + dashboard.title = title; + + $.ajax({ + method: 'GET', + url: '/' + }) + .done(function () { + callback(dashboard); + }); +} + +return main; diff --git a/roles/pcp/tasks/apt_update.yml b/roles/pcp/tasks/apt_update.yml new file mode 100644 index 00000000..1cf903f9 --- /dev/null +++ b/roles/pcp/tasks/apt_update.yml @@ -0,0 +1,6 @@ +--- +- name: Update apt cache + apt: + update_cache: yes + when: + ansible_pkg_mgr == "apt" diff --git a/roles/pcp/tasks/collector.yml b/roles/pcp/tasks/collector.yml new file mode 100644 index 00000000..8c01e5db --- /dev/null +++ b/roles/pcp/tasks/collector.yml @@ -0,0 +1,46 @@ +--- +- name: Install pcp + apt: + name: "{{ pcp_package }}" + state: latest + register: install_pcp_apt + when: + ansible_pkg_mgr == "apt" + +- name: Install pcp + yum: + name: "{{ pcp_package }}" + state: latest + register: install_pcp_yum + when: + ansible_pkg_mgr == "yum" + +- name: Install pcp + dnf: + name: "{{ pcp_package }}" + state: latest + register: install_pcp_dnf + when: + ansible_pkg_mgr == "dnf" + +- import_tasks: permissons.yml + +- name: Restart pcp + service: + name: "{{ pmcd_service }}" + state: restarted + enabled: yes + when: + install_pcp_apt is changed or + install_pcp_yum is changed or + install_pcp_dnf is changed + +- name: Restart pmlogger + service: + name: "{{ pmlogger_service }}" + state: restarted + enabled: yes + when: + install_pcp_apt is changed or + install_pcp_yum is changed or + install_pcp_dnf is changed diff --git a/roles/pcp/tasks/main.yml b/roles/pcp/tasks/main.yml new file mode 100644 index 00000000..2fe17fd0 --- /dev/null +++ b/roles/pcp/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Include package type specific vars. + include_vars: "{{ ansible_pkg_mgr }}_systems.yml" + tags: + - always + +- name: Set up upstream repo + import_tasks: repo.yml + when: + upstream_repo|bool == true + tags: + - repo + +- import_tasks: apt_update.yml + when: + upstream_repo|bool == false + tags: + - always + +- name: Set up as collector + import_tasks: collector.yml + when: + pcp_collector|bool == true + tags: + - collector + +- name: Set up as manager + import_tasks: manager.yml + when: + pcp_manager|bool == true + tags: + - manager + +- name: Set up web UI + import_tasks: web.yml + when: + pcp_web|bool == true + tags: + - web diff --git a/roles/pcp/tasks/manager.yml b/roles/pcp/tasks/manager.yml new file mode 100644 index 00000000..81f34292 --- /dev/null +++ b/roles/pcp/tasks/manager.yml @@ -0,0 +1,115 @@ +--- +- name: Install avahi + apt: + name: "{{ avahi_package }}" + state: latest + when: + ansible_pkg_mgr == "apt" and + pcp_use_avahi|bool == true + +- name: Install avahi + yum: + name: "{{ avahi_package }}" + state: latest + when: + ansible_pkg_mgr == "yum" and + pcp_use_avahi|bool == true + +- name: Install pcp-manager + apt: + name: "{{ pcp_manager_package }}" + state: latest + when: + ansible_pkg_mgr == "apt" + register: install_pmmgr_apt + +- name: Install pcp-manager + yum: + name: "{{ pcp_manager_package }}" + state: latest + when: + ansible_pkg_mgr == "yum" + register: install_pmmgr_yum + +# Make the pmcd connect timeout very small so we don't spend ages looking for +# hosts that are down +- name: Set pmcd connect timeout + lineinfile: + dest: /etc/pcp/pmmgr/pmmgr.options + regexp: "^PMCD_CONNECT_TIMEOUT=" + line: "PMCD_CONNECT_TIMEOUT=0.1" + +- name: Enable pmmgr + service: + name: "{{ pmmgr_service }}" + enabled: yes + +- set_fact: + pcp_target_hosts: "[{% for host in groups.pcp %}'{{ host }}',{% endfor %}]" + +- name: Write target-host + template: + src: target-host + dest: /etc/pcp/pmmgr/target-host + owner: root + group: root + mode: 0644 + register: target_host + +- set_fact: + network_and_netmask: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" + +- set_fact: + # ipaddr('net') converts a 'network/netmask' string to 'network/CIDR' format + network_and_cidr: "{{ network_and_netmask|ipaddr('net') }}" + +- name: Write target-discovery + template: + src: target-discovery + dest: /etc/pcp/pmmgr/target-discovery + owner: root + group: root + mode: 0644 + register: target_discovery + +- import_tasks: permissons.yml + +# This greatly speeds up polling for hosts +- name: Set PMCD_CONNECT_TIMEOUT in pmmgr.options + lineinfile: + dest: /etc/pcp/pmmgr/pmmgr.options + regexp: "^PMCD_CONNECT_TIMEOUT=" + line: "PMCD_CONNECT_TIMEOUT={{ pmcd_connect_timeout }}" + register: pmmgr_options + +- name: Set /etc/pcp/pmmgr/pmlogmerge-retain + copy: + dest: /etc/pcp/pmmgr/pmlogmerge-retain + content: "{{ pmlogmerge_retain }}" + owner: root + group: root + mode: 0644 + register: update_pmlogmerge_retain + +- name: Set /etc/pcp/pmmgr/pmlogmerge-reduce + copy: + dest: /etc/pcp/pmmgr/pmlogmerge-reduce + content: "{{ pmlogmerge_reduce }}" + owner: root + group: root + mode: 0644 + register: update_pmlogmerge_reduce + +- name: Restart pmmgr + service: + name: "{{ pmmgr_service }}" + state: restarted + enabled: yes + when: + install_pmmgr_apt is changed or + install_pmmgr_yum is changed or + target_host is changed or + target_discovery is changed or + pmmgr_options is changed or + update_pmlogmerge_retain is changed or + update_pmlogmerge_reduce is changed diff --git a/roles/pcp/tasks/permissons.yml b/roles/pcp/tasks/permissons.yml new file mode 100644 index 00000000..685a9c8c --- /dev/null +++ b/roles/pcp/tasks/permissons.yml @@ -0,0 +1,9 @@ +--- +- name: Ensure /var/log/pcp is owned by pcp + file: + path: /var/log/pcp + owner: "{{ pcp_user }}" + group: "{{ pcp_user }}" + recurse: yes + # http://tracker.ceph.com/issues/16119 + failed_when: false diff --git a/roles/pcp/tasks/repo.yml b/roles/pcp/tasks/repo.yml new file mode 100644 index 00000000..1129751e --- /dev/null +++ b/roles/pcp/tasks/repo.yml @@ -0,0 +1,43 @@ +--- +- name: Add upstream apt repo + copy: + content: "{{ upstream_repo_source }}" + dest: /etc/apt/sources.list.d/pcp.list + when: + ansible_pkg_mgr == "apt" + +- name: Add upstream GPG key to apt + apt_key: + url: https://bintray.com/user/downloadSubjectPublicKey?username=pcp + keyring: /etc/apt/trusted.gpg.d/pcp.gpg + state: present + validate_certs: true + when: + ansible_pkg_mgr == "apt" + +- name: Add upstream yum repo + get_url: + url: "{{ upstream_repo_url }}" + dest: /etc/yum.repos.d/pcp.repo + when: + ansible_pkg_mgr == "yum" + +- name: Add upstream GPG key to rpm + rpm_key: + key: https://bintray.com/user/downloadSubjectPublicKey?username=pcp + state: present + validate_certs: true + when: + ansible_pkg_mgr == "yum" + +- import_tasks: apt_update.yml + +- name: Ensure packages are updated (apt) + shell: "DEBIAN_FRONTEND=noninteractive apt -y install --only-upgrade .*pcp.*" + when: + ansible_pkg_mgr == "apt" + +- name: Ensure packages are updated (yum) + shell: "yum update *pcp*" + when: + ansible_pkg_mgr == "yum" diff --git a/roles/pcp/tasks/web.yml b/roles/pcp/tasks/web.yml new file mode 100644 index 00000000..15082b67 --- /dev/null +++ b/roles/pcp/tasks/web.yml @@ -0,0 +1,54 @@ +--- +- name: Fail when on Ubuntu + fail: + msg: "pcp-webapi is only available when using upstream packages. Set upstream_repo to true." + when: ansible_distribution == "Ubuntu" and upstream_repo|bool != true + +- name: Install pcp-webapi + yum: + name: "{{ pcp_webapi_package }}" + state: latest + register: install_pcp_webapi + when: ansible_pkg_mgr == "yum" + +- name: Install pcp-webjs + yum: + name: "{{ pcp_webjs_package }}" + state: latest + register: install_pcp_webjs + when: ansible_pkg_mgr == "yum" + +- name: Install pcp-webapi + apt: + name: "{{ pcp_webapi_package }}" + state: latest + register: install_pcp_webapi + when: ansible_pkg_mgr == "apt" + +- name: Enable pmwebd + service: + name: "{{ pmwebd_service }}" + enabled: yes + register: enable_pmwebd + +- name: Ship dashboard + copy: + src: "../files/{{ item }}" + dest: "/usr/share/pcp/webapps/grafana/app/dashboards/" + owner: root + group: root + mode: 0644 + with_items: + - 1h1m.json + - index.js + tags: + - dashboards + +- name: Start pmwebd + service: + name: "{{ pmmgr_service }}" + state: restarted + when: + install_pcp_webapi is changed or + install_pcp_webjs is changed or + enable_pmwebd is changed diff --git a/roles/pcp/templates/target-discovery b/roles/pcp/templates/target-discovery new file mode 100644 index 00000000..caac2a52 --- /dev/null +++ b/roles/pcp/templates/target-discovery @@ -0,0 +1,7 @@ +# {{ ansible_managed }} +{% if pcp_use_avahi %} +avahi,timeout=5 +{% endif %} +{% if pcp_probe %} +probe={{ network_and_cidr }},maxThreads=256 +{% endif %} diff --git a/roles/pcp/templates/target-host b/roles/pcp/templates/target-host new file mode 100644 index 00000000..7ee00587 --- /dev/null +++ b/roles/pcp/templates/target-host @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +{% for host in pcp_target_hosts %} +{{ host }} +{% endfor %} diff --git a/roles/pcp/vars/apt_systems.yml b/roles/pcp/vars/apt_systems.yml new file mode 100644 index 00000000..09bf3052 --- /dev/null +++ b/roles/pcp/vars/apt_systems.yml @@ -0,0 +1,11 @@ +--- +upstream_repo_source: "deb https://dl.bintray.com/pcp/trusty {{ ansible_distribution_release }} main" +pcp_user: pcp +pcp_package: pcp +pmcd_service: pmcd +pmlogger_service: pmlogger +pcp_manager_package: "{% if upstream_repo %}pcp-manager{% else %}pcp{% endif %}" +pmmgr_service: pmmgr +avahi_package: avahi-daemon +pcp_webapi_package: pcp-webapi +pmwebd_service: pmwebd diff --git a/roles/pcp/vars/dnf_systems.yml b/roles/pcp/vars/dnf_systems.yml new file mode 100644 index 00000000..b47ba6fe --- /dev/null +++ b/roles/pcp/vars/dnf_systems.yml @@ -0,0 +1,11 @@ +--- +pcp_user: pcp +pcp_package: pcp +pmcd_service: pmcd +pmlogger_service: pmlogger +pcp_manager_package: pcp-manager +pmmgr_service: pmmgr +avahi_package: avahi +pcp_webapi_package: pcp-webapi +pcp_webjs_package: pcp-webjs +pmwebd_service: pmwebd diff --git a/roles/pcp/vars/yum_systems.yml b/roles/pcp/vars/yum_systems.yml new file mode 100644 index 00000000..14ba8cf4 --- /dev/null +++ b/roles/pcp/vars/yum_systems.yml @@ -0,0 +1,12 @@ +--- +upstream_repo_url: "https://bintray.com/pcp/{{ {'Fedora': 'f', 'CentOS': 'el', 'RedHat': 'el'}[ansible_distribution] }}{{ ansible_distribution_major_version }}/rpm" +pcp_user: pcp +pcp_package: pcp +pmcd_service: pmcd +pmlogger_service: pmlogger +pcp_manager_package: pcp-manager +pmmgr_service: pmmgr +avahi_package: avahi +pcp_webapi_package: pcp-webapi +pcp_webjs_package: pcp-webjs +pmwebd_service: pmwebd diff --git a/roles/public_facing/README.rst b/roles/public_facing/README.rst new file mode 100644 index 00000000..77cf49f5 --- /dev/null +++ b/roles/public_facing/README.rst @@ -0,0 +1,99 @@ +public_facing +============= + +This role is used to manage the various public-facing hosts we have. Each host has various configs not managed by the ``common`` role. This playbook aims to: + +- Provide automation in the event of disaster recovery +- Automate repeatable tasks +- Automate 'one-off' host or service nuances + +Usage ++++++ + +Example:: + + ansible-playbook public_facing.yml --limit="download.ceph.com" + +Variables ++++++++++ + +Defaults +-------- +Defined in ``roles/public_facing/defaults/main.yml`` Override these in the ansible inventory ``host_vars`` file. + +``use_ufw: false`` specifies whether an Ubuntu host should use UFW_ + +``f2b_ignoreip: "127.0.0.1"`` +``f2b_bantime: "43200"`` +``f2b_findtime: "900"`` +``f2b_maxretry: 5`` + +``use_fail2ban: true`` specifies whether a host should use fail2ban_ + +``f2b_services: {}`` is a dictionary listing services fail2ban should monitor. See example below:: + + f2b_services: + sshd: + enabled: "true" + port: "22" + maxretry: 3 + findtime: "3600" # 1hr + filter: "sshd" + logpath: "{{ sshd_logpath }}" + sshd-ddos: + enabled: "true" + port: "22" + maxretry: 3 + filter: "sshd-ddos" + logpath: "{{ sshd_logpath }}" + bantime: -1 # optionally set in host_vars + + # Note: sshd_logpath gets defined automatically in roles/public_facing/tasks/fail2ban.yml + +host_vars +--------- +If required, define these in your ansible inventory ``host_vars`` file. + +``ufw_allowed_ports: []`` should be a list of ports you want UFW to allow traffic through. You may optionally defined a ``source_ip`` by adding ``:1.2.3.4`` after the port. List items must be double-quoted due to the way the task processes stdout of ``ufw status``. Example:: + + ufw_allowed_ports: + - "22" + - "80" + - "443" + - "3306:1.2.3.4" + +``f2b_filters: {}`` is a dictionary of additional filters fail2ban should use. For example, our status portal running Cachet has an additional fail2ban service monitoring repeated login attempts to the admin portal. ``maxlines`` is an optional variable. See filter example:: + + f2b_filters: + apache-cachet: + failregex: " .*GET /auth/login.*$" + example-filter: + failregex: " .*foo$" + maxlines: 3 + +Common Tasks +++++++++++++ + +These are tasks that are applicable to all our public-facing hosts. + +UFW +--- +At the time of this writing, we only have one public-facing host that doesn't run Ubuntu -- the nameserver. Its firewall is managed in the ``nameserver`` role. + +Despite having network port ACLs defined for each host in our cloud provider's interface, enabling a firewall local to the system will allow us to block abusive IPs using fail2ban. + +fail2ban +-------- +If ``use_fail2ban`` is set to ``true`` this role will install, configure, and enable fail2ban. + +To-Do ++++++ + +status.sepia.ceph.com +--------------------- + + - Install and update Cachet_? + +.. _UFW: https://wiki.ubuntu.com/UncomplicatedFirewall +.. _fail2ban: http://www.fail2ban.org/wiki/index.php/Main_Page +.. _Cachet: https://cachethq.io diff --git a/roles/public_facing/defaults/main.yml b/roles/public_facing/defaults/main.yml new file mode 100644 index 00000000..0c7567e2 --- /dev/null +++ b/roles/public_facing/defaults/main.yml @@ -0,0 +1,37 @@ +--- +## Any of these vars can be overridden in inventory host_vars. + +# Don't use ufw by default. +use_ufw: false + +# Default to allow SSH traffic. +ufw_allowed_ports: + - "22" + +# Use fail2ban by default +use_fail2ban: true + +# Defaults for global fail2ban overrides in /etc/fail2ban/jail.local +# Override in ansible inventory host_vars, group_vars, or some can be +# overridden by service files in the f2b_services dict. See README. +f2b_ignoreip: "127.0.0.1" +f2b_bantime: "43200" # 12 hours +f2b_findtime: "900" # 15 minutes +f2b_maxretry: 5 + +# Default fail2ban services to block. This can be overridden in ansible +# inventory group_vars or host_vars. +f2b_services: + sshd: + enabled: "true" + port: "22" + maxretry: 3 + findtime: "3600" # 1hr + filter: "sshd" + logpath: "{{ sshd_logpath }}" + sshd-ddos: + enabled: "true" + port: "22" + maxretry: 3 + filter: "sshd-ddos" + logpath: "{{ sshd_logpath }}" diff --git a/roles/public_facing/handlers/main.yml b/roles/public_facing/handlers/main.yml new file mode 100644 index 00000000..d548b28c --- /dev/null +++ b/roles/public_facing/handlers/main.yml @@ -0,0 +1,18 @@ +--- +# Restart fail2ban +- name: restart fail2ban + service: + name: fail2ban + state: restarted + +# Reload fail2ban +- name: reload fail2ban + service: + name: fail2ban + state: reloaded + +# Restart sshd +- name: restart sshd + service: + name: sshd + state: restarted diff --git a/roles/public_facing/tasks/download.ceph.com.yml b/roles/public_facing/tasks/download.ceph.com.yml new file mode 100644 index 00000000..03e4b576 --- /dev/null +++ b/roles/public_facing/tasks/download.ceph.com.yml @@ -0,0 +1,71 @@ +--- +- name: Put logrotate config in place + template: + src: templates/download.ceph.com/logrotate.j2 + dest: /etc/logrotate.d/download.ceph.com + +# Used for pushing upstream builds +# https://github.com/ceph/ceph-build/blob/main/scripts/sync-push +- name: Add signer user + user: + name: signer + +# signer_pubkey defined in inventory host_vars +- name: Update signer user's authorized_keys + authorized_key: + user: signer + state: present + key: "{{ signer_pubkey }}" + +# Used to rsync download.ceph.com http logs and compile metrics +# for metrics.ceph.com +- name: Create Bitergia user + user: + name: bitergia + groups: adm + +# bitergia_pubkey defined in inventory host_vars +- name: Update bitergia user's authorized_keys + authorized_key: + user: bitergia + state: present + key: "{{ bitergia_pubkey }}" + +- name: Create ~/bin dir for bitergia user + file: + path: /home/bitergia/bin + state: directory + owner: bitergia + group: bitergia + +# Rsync is almost certainly already installed but it's required for the next task +- name: Make sure rsync is installed + apt: + name: rsync + state: latest + +- name: Put rrsync script in place for bitergia user + shell: "gunzip /usr/share/doc/rsync/scripts/rrsync.gz --to-stdout > /home/bitergia/bin/rrsync" + changed_when: false + +- name: Set permissions for bitergia rrsync script + file: + dest: /home/bitergia/bin/rrsync + owner: bitergia + group: bitergia + mode: 0774 + +# Updates download.ceph.com/timestamp +- name: Put make_timestamp script in place + template: + src: templates/download.ceph.com/make_timestamp.j2 + dest: /usr/libexec/make_timestamp + mode: 0775 + +- name: Create cron entry for make_timestamp + cron: + name: "Update download.ceph.com/timestamp" + minute: "0" + job: "/usr/libexec/make_timestamp" + +- import_tasks: letsencrypt_nginx.yml diff --git a/roles/public_facing/tasks/fail2ban.yml b/roles/public_facing/tasks/fail2ban.yml new file mode 100644 index 00000000..362fe583 --- /dev/null +++ b/roles/public_facing/tasks/fail2ban.yml @@ -0,0 +1,77 @@ +--- +- name: Install or update fail2ban + package: + name: fail2ban + state: latest + +- name: Check if firewalld is running + shell: firewall-cmd --state + register: firewalld_status + # Don't fail if command not found + failed_when: false + +- name: Set f2b_banaction if using firewalld + set_fact: + f2b_banaction: "firewallcmd-ipset" + when: firewalld_status.stdout == "running" + +- name: Check if UFW is running + shell: ufw status | grep Status | cut -d ' ' -f2 + register: ufw_status + # Don't fail if command not found + failed_when: false + +- name: Set f2b_banaction if using UFW + set_fact: + f2b_banaction: "ufw" + when: ufw_status.stdout == "active" + +- name: Write /etc/fail2ban/action.d/ufw.conf if it's missing + template: + src: f2b_ufw.conf.j2 + dest: /etc/fail2ban/action.d/ufw.conf + when: use_ufw == true + +# Any parameters defined in this file overwrite the package-provided jail.conf +- name: Write global fail2ban defaults + template: + src: templates/f2b.jail.local.j2 + dest: /etc/fail2ban/jail.local + notify: restart fail2ban + +# sshd_logpath is used in the f2b_services dictionary. fail2ban doesn't know +# where ssh logs are for services other than sshd so sshd-ddos, for example +# needs to be told where to look. For other services (e.g., nginx), the logpath +# can be set directly in the dict. +- name: Set sshd_logpath for CentOS/RHEL + set_fact: + sshd_logpath: "/var/log/messages" + when: ansible_os_family == "RedHat" + +- name: Set sshd_logpath for Ubuntu + set_fact: + sshd_logpath: "/var/log/auth.log" + when: ansible_os_family == "Debian" + +# This makes sure there are no old or malformed service conf files. +# We'll rewrite them in the next task. +- name: Clean up local service conf files + shell: rm -f /etc/fail2ban/jail.d/*.local + +- name: Write fail2ban service conf files + template: + src: templates/f2b.service.j2 + dest: "/etc/fail2ban/jail.d/{{ item.key }}.local" + with_dict: "{{ f2b_services }}" + notify: reload fail2ban + +- name: Clean up local filter conf files + shell: rm -f /etc/fail2ban/filter.d/*.local + +- name: Write fail2ban filter conf files + template: + src: templates/f2b.filter.j2 + dest: "/etc/fail2ban/filter.d/{{ item.key }}.local" + with_dict: "{{ f2b_filters }}" + when: f2b_filters is defined + notify: reload fail2ban diff --git a/roles/public_facing/tasks/letsencrypt_nginx.yml b/roles/public_facing/tasks/letsencrypt_nginx.yml new file mode 100644 index 00000000..3dcd31e7 --- /dev/null +++ b/roles/public_facing/tasks/letsencrypt_nginx.yml @@ -0,0 +1,68 @@ +--- +# NOTE: Initial cert creation is a manual process primarily because we'll hopefully never +# have to start from scratch again. This playbook just keeps the existing certs up to date. + +# Get letsencrypt authority server IPv4 address +- local_action: shell dig -4 +short acme-v01.api.letsencrypt.org | tail -n 1 + register: letsencrypt_ipv4_address + +# This task really only needs to be run the first time download.ceph.com is set up. +# An entry matching *letsencrypt* in /etc/hosts is required for the cronjob in the next task however. +- name: Create entry for letsencrypt authority server in /etc/hosts + lineinfile: + path: /etc/hosts + regexp: '(.*)letsencrypt(.*)' + line: '{{ letsencrypt_ipv4_address.stdout }} acme-v01.api.letsencrypt.org' + state: present + +# 'letsencrypt renew' fails because it can't reach the letsencrypt authority server using IPv6 +- name: Create cron entry to force IPv4 connectivity to letsencrypt authority server # noqa no-tabs + cron: + name: "Forces letsencrypt to use IPv4 when accessing acme-v01.api.letsencrypt.org" + hour: "0" + job: "IP=$(dig -4 +short acme-v01.api.letsencrypt.org | tail -n 1) && sed -i \"s/.*letsencrypt.*/$IP\tacme-v01.api.letsencrypt.org/g\" /etc/hosts" + +# letsencrypt doesn't recommend using the Ubuntu-provided letsencrypt package +# https://github.com/certbot/certbot/issues/3538 +# They do recommend using certbot from their PPA for Xenial +# https://certbot.eff.org/#ubuntuxenial-nginx + +- name: install software-properties-common + apt: + name: software-properties-common + state: latest + update_cache: yes + +- name: add certbot PPA + apt_repository: + repo: "ppa:certbot/certbot" + +- name: install certbot + apt: + name: python-certbot-nginx + state: latest + update_cache: yes + +- name: setup a cron to attempt to renew the SSL cert every 15ish days + cron: + name: "renew letsencrypt cert" + minute: "0" + hour: "0" + day: "1,15" + job: "certbot renew --renew-hook='systemctl reload nginx'" + +# This cronjob would attempt to renew the cert twice a day but doesn't have our required --renew-hook +- name: make sure certbot's cronbjob is not present + file: + path: /etc/cron.d/certbot + state: absent + +# Same thing here. Let me automate how I wanna automate plz. +- name: make sure certbot's systemd services are disabled + service: + name: "{{ item }}" + state: stopped + enabled: no + with_items: + - "certbot.service" + - "certbot.timer" diff --git a/roles/public_facing/tasks/main.yml b/roles/public_facing/tasks/main.yml new file mode 100644 index 00000000..67639a9f --- /dev/null +++ b/roles/public_facing/tasks/main.yml @@ -0,0 +1,37 @@ +--- +## Common tasks + +# Most of our public-facing hosts are running Ubuntu. +# use_ufw defaults to false but is overridden in inventory host_vars +- import_tasks: ufw.yml + when: use_ufw == true + tags: + - always + +- import_tasks: fail2ban.yml + tags: + - always + when: use_fail2ban == true + +- name: Disable password authentication + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^PasswordAuthentication" + line: "PasswordAuthentication no" + state: present + notify: restart sshd + +## Individual host tasks + +# local_action in the task after this causes 'ansible_host' to change to 'localhost' +# we set a temporary variable here to search for in the local_action task +- set_fact: + target_host: "{{ ansible_host }}" + +- name: Check for host-specific playbooks + local_action: "stat path=roles/public_facing/tasks/{{ target_host }}.yml" + register: host_playbook + +- name: Include any host-specific playbooks if present + include_tasks: "{{ ansible_host }}.yml" + when: host_playbook.stat.exists diff --git a/roles/public_facing/tasks/status.sepia.ceph.com.yml b/roles/public_facing/tasks/status.sepia.ceph.com.yml new file mode 100644 index 00000000..5011e43a --- /dev/null +++ b/roles/public_facing/tasks/status.sepia.ceph.com.yml @@ -0,0 +1,21 @@ +--- +- name: Create /root/checks directory for Cachet checks + file: + path: "{{ cachet_checks_path }}" + state: directory + +- name: Clone nagios-eventhandler-cachet to /root/checks dir + git: + repo: https://github.com/djgalloway/nagios-eventhandler-cachet.git + dest: "{{ cachet_checks_path }}/nagios-eventhandler-cachet" + update: yes + +- name: Put templated Cachet checks in place + template: + dest: "{{ cachet_checks_path }}/{{ item.dest }}" + src: "{{ item.src }}" + mode: "{{ item.mode }}" + with_items: + - { src: 'templates/status.sepia.ceph.com/lab-pings.j2', dest: 'lab-pings.sh', mode: '0755' } + - { src: 'templates/status.sepia.ceph.com/openvpn.j2', dest: 'openvpn.sh', mode: '0755' } + - { src: 'templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2', dest: 'nagios-eventhandler-cachet/config.inc.php', mode: '0644' } diff --git a/roles/public_facing/tasks/ufw.yml b/roles/public_facing/tasks/ufw.yml new file mode 100644 index 00000000..d902072e --- /dev/null +++ b/roles/public_facing/tasks/ufw.yml @@ -0,0 +1,57 @@ +--- +- name: Make sure iptables-persistent is not installed + apt: + name: iptables-persistent + state: absent + +- name: Install or update ufw + apt: + name: ufw + state: latest + +- name: Get current ufw status + shell: ufw status | grep 'Status' | cut -d ' ' -f2 + register: ufw_status + +# policy: allow makes sure we can still ssh if ufw is inactive. +# We revert this at the end of the playbook +- name: Enable ufw if inactive + ufw: + state: enabled + policy: allow + when: ufw_status.stdout == "inactive" + +# Instead of deleting all rules and re-opening ports with each playbook run, +# we'll compare a list of ports we specify should be open with a list of currently open ports. +- name: Get list of currently allowed ports + shell: ufw status | grep 'ALLOW' | grep -v v6 | awk '{ print $1 }' + register: ufw_current_allowed_raw + # Don't fail if we don't get any output + failed_when: false + +- name: Determine ports to disable + set_fact: + ufw_ports_to_disable: "{{ ufw_current_allowed_raw.stdout_lines | difference(ufw_allowed_ports) }}" + +- name: Determine ports to enable + set_fact: + ufw_ports_to_enable: "{{ ufw_allowed_ports | difference(ufw_current_allowed_raw.stdout_lines) }}" + +- name: Disable any open ports that aren't specified in ufw_allowed_ports + ufw: + rule: allow + port: "{{ item }}" + delete: yes + with_items: "{{ ufw_ports_to_disable }}" + +- name: Enable any ports we're missing + ufw: + rule: allow + port: "{% if ':' in item %}{% set port_and_src = item.split(':') %}{{ port_and_src[0] }}{% else %}{{ item }}{% endif %}" + from_ip: "{% if ':' in item %}{% set port_and_src = item.split(':') %}{{ port_and_src[1] }}{% else %}any{% endif %}" + with_items: "{{ ufw_ports_to_enable }}" + +# ufw_allowed_ports are excluded from the default policy +- name: Set default policy to deny + ufw: + policy: deny diff --git a/roles/public_facing/tasks/www.ceph.com.yml b/roles/public_facing/tasks/www.ceph.com.yml new file mode 100644 index 00000000..61990043 --- /dev/null +++ b/roles/public_facing/tasks/www.ceph.com.yml @@ -0,0 +1,12 @@ +--- +# Wordpress has its own cron system that only runs queued jobs when the site +# is visited. We want certain jobs to run regardless of page visits. +# 5 minutes was used because that's the most frequent any job is queued. +# See http://docs.wprssaggregator.com/cron-intervals/#getting-around-the-limitations +- name: Cron entry for Wordpress cron + cron: + name: "Call wp-cron.php to run Wordpress cronjobs" + minute: "*/5" + job: "/usr/bin/wget -q -O - http://ceph.com/wp-cron.php?doing_wp_cron" + +- import_tasks: letsencrypt_nginx.yml diff --git a/roles/public_facing/templates/download.ceph.com/logrotate.j2 b/roles/public_facing/templates/download.ceph.com/logrotate.j2 new file mode 100644 index 00000000..1ca6a1a0 --- /dev/null +++ b/roles/public_facing/templates/download.ceph.com/logrotate.j2 @@ -0,0 +1,22 @@ +# +# {{ ansible_managed }} +# +/data/download.ceph.com/logs/*.log { + daily + missingok + rotate 30 + compress + delaycompress + notifempty + dateext + create 640 www-data adm + sharedscripts + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi \ + endscript + postrotate + [ -s /run/nginx.pid ] && kill -USR1 `cat /run/nginx.pid` + endscript +} diff --git a/roles/public_facing/templates/download.ceph.com/make_timestamp.j2 b/roles/public_facing/templates/download.ceph.com/make_timestamp.j2 new file mode 100644 index 00000000..3df11885 --- /dev/null +++ b/roles/public_facing/templates/download.ceph.com/make_timestamp.j2 @@ -0,0 +1,3 @@ +#!/bin/bash +# {{ ansible_managed }} +/bin/date "+%s" > /data/download.ceph.com/www/timestamp diff --git a/roles/public_facing/templates/f2b.filter.j2 b/roles/public_facing/templates/f2b.filter.j2 new file mode 100644 index 00000000..86db2b78 --- /dev/null +++ b/roles/public_facing/templates/f2b.filter.j2 @@ -0,0 +1,10 @@ +# +# {{ ansible_managed }} +# +[Definition] +failregex = {{ item.value.failregex }} + +{% if item.value.maxlines is defined %} +[Init] +maxlines = {{ item.value.maxlines }} +{% endif %} diff --git a/roles/public_facing/templates/f2b.jail.local.j2 b/roles/public_facing/templates/f2b.jail.local.j2 new file mode 100644 index 00000000..65d840cf --- /dev/null +++ b/roles/public_facing/templates/f2b.jail.local.j2 @@ -0,0 +1,13 @@ +# +# {{ ansible_managed }} +# + +# These are global overrides of jail.conf +[DEFAULT] +ignoreip = {{ f2b_ignoreip }} +bantime = {{ f2b_bantime }} +findtime = {{ f2b_findtime }} +maxretry = {{ f2b_maxretry }} +{% if f2b_banaction is defined %} +banaction = {{ f2b_banaction }} +{% endif %} diff --git a/roles/public_facing/templates/f2b.service.j2 b/roles/public_facing/templates/f2b.service.j2 new file mode 100644 index 00000000..b0c09c8e --- /dev/null +++ b/roles/public_facing/templates/f2b.service.j2 @@ -0,0 +1,23 @@ +# +# {{ ansible_managed }} +# +[{{ item.key }}] +enabled = {{ item.value.enabled }} +{% if item.value.maxretry is defined %} +maxretry = {{ item.value.maxretry }} +{% endif %} +{% if item.value.port is defined %} +port = {{ item.value.port }} +{% endif %} +{% if item.value.findtime is defined %} +findtime = {{ item.value.findtime }} +{% endif %} +{% if item.value.logpath is defined %} +logpath = {{ item.value.logpath }} +{% endif %} +{% if item.value.filter is defined %} +filter = {{ item.value.filter }} +{% endif %} +{% if item.value.bantime is defined %} +bantime = {{ item.value.bantime }} +{% endif %} diff --git a/roles/public_facing/templates/f2b_ufw.conf.j2 b/roles/public_facing/templates/f2b_ufw.conf.j2 new file mode 100644 index 00000000..cc035865 --- /dev/null +++ b/roles/public_facing/templates/f2b_ufw.conf.j2 @@ -0,0 +1,13 @@ +# +# {{ ansible_managed }} +# +# Fail2Ban action configuration file for ufw + +[Definition] +actionstart = +actionstop = +actioncheck = +actionban = ufw insert 1 deny from to any port + ufw insert 1 deny proto tcp from to any port +actionunban = ufw delete deny from to any port + ufw delete deny proto tcp from to any port diff --git a/roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2 b/roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2 new file mode 100644 index 00000000..fc1b7756 --- /dev/null +++ b/roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2 @@ -0,0 +1,23 @@ +#!/bin/bash +# +# {{ ansible_managed }} +# +# Pings the Community Cage edge router, measures packet loss, and reports status to cachet using nagios event handler +# +# cachet_notify usage: ./cachet_notify $cachet_component $service_name $service_state $service_state_type $service_output + +PERCENT=$(ping -c 10 -q {{ community_cage_ip }} | grep -oP '\d+(?=% packet loss)') +EXEC=/root/checks/nagios-eventhandler-cachet/cachet_notify + +if [ "$PERCENT" -eq 0 ] 2> /dev/null +then + $EXEC 'Community Cage Network' 'Packet Loss' OK HARD '0% packet loss' '' +elif [ "$PERCENT" -ge 1 ] 2> /dev/null && [ "$PERCENT" -le 99 ] 2> /dev/null +then + $EXEC 'Community Cage Network' 'Packet Loss' CRITICAL SOFT "$PERCENT% packet loss" '' +elif [ "$PERCENT" -eq 100 ] 2> /dev/null +then + $EXEC 'Community Cage Network' 'Packet Loss' CRITICAL HARD "$PERCENT% packet loss" '' +else + $EXEC 'Community Cage Network' 'Packet Loss' CRITICAL HARD "Couldn't measure packet loss. Unknown error" '' +fi diff --git a/roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2 b/roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2 new file mode 100644 index 00000000..0c1d2ad0 --- /dev/null +++ b/roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2 @@ -0,0 +1,6 @@ + diff --git a/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2 b/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2 new file mode 100644 index 00000000..94727c06 --- /dev/null +++ b/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2 @@ -0,0 +1,23 @@ +#!/bin/bash +# +# {{ ansible_managed }} +# +# Checks whether Sepia openvpn server is up and listening on 1194 + +EXEC=/root/checks/nagios-eventhandler-cachet/cachet_notify + +# Returns 0 if string found +sudo nmap --max-retries 3 --host-timeout 5s -sU -n -p 1194 gw.sepia.ceph.com | grep -q '1194/udp open|filtered openvpn' + +if [ $? -ne 0 ] +then + # If nmap didn't return 0, check if we're having overall network issues + ping -c 1 -q 8.8.8.8 + # If we can ping Google DNS but didn't get expected nmap output, alert + if [ $? -eq 0 ] + then + $EXEC 'OpenVPN Server' 'OpenVPN' CRITICAL HARD "gw.sepia.ceph.com is unreachable or port 1194 closed" '' + fi +else + $EXEC 'OpenVPN Server' 'OpenVPN' OK HARD 'OK' '' +fi diff --git a/roles/pulpito/README.rst b/roles/pulpito/README.rst new file mode 100644 index 00000000..3c0b2561 --- /dev/null +++ b/roles/pulpito/README.rst @@ -0,0 +1,30 @@ +Pulpito +======= + +This role is used to configure a node to run pulpito_. + +It has been tested on: + +- CentOS 7.x +- Debian 8.x (Jessie) +- Ubuntu 14.04 (Trusty) + +Dependencies +++++++++++++ + +Since pulpito_ is only useful as a frontend to paddles_, it requires a paddles_ instance to function. Additonally, you must set ``paddles_address`` in e.g. your secrets repository to the URL of your instance. + + +.. _pulpito: https://github.com/ceph/pulpito +.. _paddles: https://github.com/ceph/paddles + +Variables ++++++++++ + +``pulpito_repo``: Optionally override the pulpito git repo. + +``pulpito_branch``: Optionally override the pulpito repo branch. +For GitHub pull requests the values refs/pull/X/merge or refs/pull/X/head +can be used. + +``pulpito_user``: The system account to create and use (Default: pulpito) diff --git a/roles/pulpito/defaults/main.yml b/roles/pulpito/defaults/main.yml new file mode 100644 index 00000000..c07e0dfb --- /dev/null +++ b/roles/pulpito/defaults/main.yml @@ -0,0 +1,3 @@ +pulpito_repo: https://github.com/ceph/pulpito.git +pulpito_user: pulpito +pulpito_branch: main diff --git a/roles/pulpito/tasks/apt_systems.yml b/roles/pulpito/tasks/apt_systems.yml new file mode 100644 index 00000000..614d76c6 --- /dev/null +++ b/roles/pulpito/tasks/apt_systems.yml @@ -0,0 +1,10 @@ +--- +- name: Install packages via apt + apt: + name: "{{ pulpito_extra_packages|list }}" + state: latest + update_cache: yes + cache_valid_time: 600 + no_log: true + tags: + - packages diff --git a/roles/pulpito/tasks/main.yml b/roles/pulpito/tasks/main.yml new file mode 100644 index 00000000..e90f7f83 --- /dev/null +++ b/roles/pulpito/tasks/main.yml @@ -0,0 +1,70 @@ +--- +- name: Include package type specific vars. + include_vars: "{{ ansible_pkg_mgr }}_systems.yml" + tags: + - always + +- import_tasks: yum_systems.yml + when: ansible_pkg_mgr == "yum" + +- import_tasks: apt_systems.yml + when: ansible_pkg_mgr == "apt" + +- import_tasks: zypper_systems.yml + when: ansible_pkg_mgr == "zypper" + +- name: Create the user + user: + name: "{{ pulpito_user }}" + state: present + shell: /bin/bash + tags: + - user + +- name: Set repo location + set_fact: + pulpito_repo_path: "/home/{{ pulpito_user }}/pulpito" + +# Set up the actual pulpito project +- import_tasks: setup_pulpito.yml + + +- name: Enable supervisord + service: + name: "{{ supervisor_service }}" + enabled: yes + state: started + +- name: Set supervisord config path + set_fact: + supervisor_conf_path: "{{ supervisor_conf_d }}/pulpito.{{ supervisor_conf_suffix }}" + +- name: Look for supervisord config + stat: + path: "{{ supervisor_conf_path }}" + get_checksum: no + register: supervisor_conf + +- name: Copy supervisord config + shell: cp ./supervisord_pulpito.conf {{ supervisor_conf_path }} chdir={{ pulpito_repo_path }} + when: supervisor_conf.stat.exists == false + register: supervisor_conf + +- name: Read supervisord config + command: supervisorctl update + when: supervisor_conf is changed + +- name: Check if pulpito is running + command: supervisorctl status pulpito + register: pulpito_status + changed_when: false + +- name: Restart pulpito if necessary + supervisorctl: + name: pulpito + state: restarted + when: pulpito_status.stdout is match('.*RUNNING.*') and pulpito_config is changed + +- name: Wait for pulpito to start + wait_for: + port: 8081 diff --git a/roles/pulpito/tasks/setup_pulpito.yml b/roles/pulpito/tasks/setup_pulpito.yml new file mode 100644 index 00000000..71db346e --- /dev/null +++ b/roles/pulpito/tasks/setup_pulpito.yml @@ -0,0 +1,71 @@ +--- +- name: Determine GitHub Pull Request + set_fact: + pulpito_pull: "{{ pulpito_branch | regex_replace( '^refs/pull/([^/]+)/.*$', '\\1') }}" + +- name: Clone the repo and checkout pull request branch + git: + repo: "{{ pulpito_repo }}" + dest: "{{ pulpito_repo_path }}" + version: "pull-{{ pulpito_pull }}" + refspec: '+{{ pulpito_branch }}:refs/remotes/origin/pull-{{ pulpito_pull }}' + become_user: "{{ pulpito_user }}" + tags: + - repos + when: pulpito_pull is defined and pulpito_pull != pulpito_branch + +- name: Checkout the repo + git: + repo: "{{ pulpito_repo }}" + dest: "{{ pulpito_repo_path }}" + version: "{{ pulpito_branch }}" + become_user: "{{ pulpito_user }}" + tags: + - repos + when: pulpito_pull is not defined or pulpito_pull == pulpito_branch + +- name: Look for the virtualenv + stat: + path: "{{ pulpito_repo_path }}/virtualenv" + get_checksum: no + register: virtualenv + +- name: Create the virtualenv + shell: virtualenv -p python3 ./virtualenv chdir={{ pulpito_repo_path }} + become_user: "{{ pulpito_user }}" + when: virtualenv.stat.exists == false + +- name: Self-upgrade pip + pip: + name: "pip" + state: "latest" + chdir: "{{ pulpito_repo_path }}" + virtualenv: "{{ pulpito_repo_path }}/virtualenv" + become_user: "{{ pulpito_user }}" + +- name: Install requirements via pip + pip: + chdir: "{{ pulpito_repo_path }}" + requirements: "./requirements.txt" + virtualenv: "{{ pulpito_repo_path }}/virtualenv" + #no_log: true + become_user: "{{ pulpito_user }}" + +- name: Check for pulpito config + stat: + path: "{{ pulpito_repo_path }}/prod.py" + get_checksum: no + register: pulpito_config + +- name: Copy pulpito config + shell: cp ./config.py.in prod.py chdir={{ pulpito_repo_path }} + when: pulpito_config.stat.exists == false + become_user: "{{ pulpito_user }}" + +- name: Set paddles_address + lineinfile: + dest: "{{ pulpito_repo_path }}/prod.py" + regexp: "^paddles_address = " + line: "paddles_address = '{{ paddles_address|mandatory }}'" + register: pulpito_config + diff --git a/roles/pulpito/tasks/yum_systems.yml b/roles/pulpito/tasks/yum_systems.yml new file mode 100644 index 00000000..cf2a3f41 --- /dev/null +++ b/roles/pulpito/tasks/yum_systems.yml @@ -0,0 +1,8 @@ +--- +- name: Install packages via yum + yum: + name: "{{ pulpito_extra_packages|list }}" + state: latest + no_log: true + tags: + - packages diff --git a/roles/pulpito/tasks/zypper_systems.yml b/roles/pulpito/tasks/zypper_systems.yml new file mode 100644 index 00000000..91f3b914 --- /dev/null +++ b/roles/pulpito/tasks/zypper_systems.yml @@ -0,0 +1,9 @@ +--- +- name: Install packages via zypper + zypper: + name: "{{ pulpito_extra_packages|list }}" + state: latest + update_cache: yes + #no_log: true + tags: + - packages diff --git a/roles/pulpito/vars/apt_systems.yml b/roles/pulpito/vars/apt_systems.yml new file mode 100644 index 00000000..07dc0bfd --- /dev/null +++ b/roles/pulpito/vars/apt_systems.yml @@ -0,0 +1,11 @@ +--- +pulpito_extra_packages: + - git-core + - supervisor + - python3-pip + - python3-virtualenv + - virtualenv + +supervisor_service: supervisor +supervisor_conf_d: /etc/supervisor/conf.d/ +supervisor_conf_suffix: conf diff --git a/roles/pulpito/vars/yum_systems.yml b/roles/pulpito/vars/yum_systems.yml new file mode 100644 index 00000000..a420d29f --- /dev/null +++ b/roles/pulpito/vars/yum_systems.yml @@ -0,0 +1,10 @@ +--- +pulpito_extra_packages: + - git-all + - supervisor + - python3-pip + - python3-virtualenv + +supervisor_service: supervisord +supervisor_conf_d: /etc/supervisord.d +supervisor_conf_suffix: ini diff --git a/roles/pulpito/vars/zypper_systems.yml b/roles/pulpito/vars/zypper_systems.yml new file mode 100644 index 00000000..dae6ff2f --- /dev/null +++ b/roles/pulpito/vars/zypper_systems.yml @@ -0,0 +1,10 @@ +--- +pulpito_extra_packages: + - git + - python3-pip + - python3-virtualenv + - supervisor + +supervisor_service: supervisord +supervisor_conf_d: /etc/supervisord.d/ +supervisor_conf_suffix: conf diff --git a/roles/rook/README.rst b/roles/rook/README.rst new file mode 100644 index 00000000..bc39839f --- /dev/null +++ b/roles/rook/README.rst @@ -0,0 +1,116 @@ +Rook +==== + +This role is used for updating and recovering the rook jenkins in the rook ci Virtual Private Cloud (VPC). + +The functions in this role are: + +**rook-jenkins-update:** For updating rook jenkins version to the version defined in the "jenkins_controller_image" variable + +**rook-os-update:** For updating rook jenkins OS packages + +**rook-recovery:** For recovering the Prod-jenkins instance from the image defined in the "image" variable in a case that the instance was deleted or crashed + +Usage ++++++ + +The rook role is used by the ``rook.yml`` playbook. Run this playbook with one of the optional **Tags** listed in the tags section to upgrade rook jenkins OS packages/recover it from an image or update the rook jenkins app. + +**Pre-requisites:** Before running ``rook.yml`` make sure your IP address has ssh access to the VPC. This is configured in the `AWS dashboard`_ under the "rook-jenkins-group" security group inbound rules. + +- The Rook-Recovery Playbook is used for deploying rook jenkins from an image in case of a crash/corruption: + - Run the playbook with the ``rook-recovery`` tag, then you will need to make the newly created instance available to the public network as explained in the next step. + + - Once the instance is deployed, now add the deployed instance to the load balancing target group named "jenkins-rook-new" so that it will be available to the public network. + +- AWS dashboard access + Access details to the AWS dashboard can be found in here_ (Red Hat VPN Access required) + +**NOTE:** ``rook.yml`` Is currently using only localhost and not any host from the inventory. This is because the ``rook-recovery`` play deploys and configures the rook jenkins during his run. + +Examples +++++++++ + +Updating the rook jenkins app to version 2.289.1:: + + ansible-playbook rook.yml --tags="rook-jenkins-update" --extra-vars="jenkins_controller_image=jenkins/jenkins:2.289.1" + +Updating the rook jenkins OS packages:: + + ansible-playbook rook.yml --tags="rook-os-update" + +Variables ++++++++++ + +Available variables are listed below These overrides are included by ``tasks/vars.yml``. + +The rook jenkins version:: + + jenkins_controller_image: jenkins/jenkins:2.289.1 + +The rook jenkins ssh keyi-pair defined in the aws dashboard:: + + keypair: root-jenkins-new-key + +The rook jenkins instance type:: + + controller_instance_type: m4.large + +The rook jenkins instance aws security group:: + + security_group: rook-jenkins-group + +The rook jenkins instance aws region:: + + region: us-east-1 + +The rook jenkins instance aws vpc subnet id:: + + vpc_subnet_id: subnet-c72b609b + +The rook jenkins image is the backup image used for creating the recovery instance of rook jenkins:: + + image: ami-0aaf5dbaa4cbe5771 + +The rook jenkins instance name, used by the rook-recovery play when creating the instance from image:: + + instance_name: Recovery-Rook-Jenkins + +A list of the rook jenkins aws instance tags, used by the rook-recovery play when creating the instance from image:: + + aws_tags: + Name: "{{ instance_name }}" + Application: "Jenkins" + +The rook jenkins running aws instance name:: + + controller_name: Prod-Jenkins + +The rook jenkins instance ssh key:: + + rook_key: "{{ secrets_path | mandatory }}/rook_key.yml" + +Tags +++++ + +Available tags are listed below: + +- rook-jenkins-update + Update the rook jenkins app to the version defined in the "jenkins_controller_image" variable. + +- rook-os-update + Update the rook jenkins OS packages. + +- rook-recovery + Recover the rook jenkins instance from the image defined in "image" variable. + +Dependencies +++++++++++++ + +This role depends on the following roles: + +- secrets + Provides a var, ``secrets_path``, containing the path of the secrets repository. + + .. _AWS dashboard: https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#Home: + .. _here: http://wiki.ceph.redhat.com/dokuwiki/doku.php?id=rook_aws_account diff --git a/roles/rook/meta/main.yml b/roles/rook/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/rook/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/rook/tasks/main.yml b/roles/rook/tasks/main.yml new file mode 100644 index 00000000..6ac383f4 --- /dev/null +++ b/roles/rook/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: Include secrets + include_vars: "{{ secrets_path | mandatory }}/aws.yaml" + no_log: true + tags: + - always + +- import_tasks: rook-jenkins-update.yml + tags: + - rook-jenkins-update + +- import_tasks: rook-os-update.yml + tags: + - rook-os-update + +- import_tasks: rook-recovery.yml + tags: + - rook-recovery diff --git a/roles/rook/tasks/rook-jenkins-update.yml b/roles/rook/tasks/rook-jenkins-update.yml new file mode 100644 index 00000000..fb15a2c5 --- /dev/null +++ b/roles/rook/tasks/rook-jenkins-update.yml @@ -0,0 +1,34 @@ +--- +- name: Gather facts + ec2_instance_facts: + filters: + "tag:Name": "{{ controller_name }}" + instance-state-name: running + register: controller_metadata + +- name: Take a backup image of the Prod-jenkins instance + ec2_ami: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + instance_id: "{{ controller_metadata.instances[0].instance_id }}" + no_reboot: yes + wait: yes + wait_timeout: 3000 + name: "{{ controller_name }}-{{ ansible_date_time.date }}" + tags: + Name: "{{ controller_name }}-{{ ansible_date_time.date }}" + +- name: Check if container is running + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" docker ps -a | grep -i jenkins | wc -l + register: container + +- name: Kill the jenkins container + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo docker kill jenkins + when: container.stdout == '1' + +- name: Remove the jenkins container + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo docker rm jenkins + when: container.stdout == '1' + +- name: Start the new jenkins container with the new LTS version + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo docker run -d --name jenkins -p 8080:8080 -p 50000:50000 -v /mnt/jenkins/jenkins:/var/jenkins_home "{{ jenkins_controller_image }}" diff --git a/roles/rook/tasks/rook-os-update.yml b/roles/rook/tasks/rook-os-update.yml new file mode 100644 index 00000000..4ac0ceb8 --- /dev/null +++ b/roles/rook/tasks/rook-os-update.yml @@ -0,0 +1,54 @@ +--- +- name: Gather facts + ec2_instance_facts: + filters: + "tag:Name": "{{ controller_name }}" + instance-state-name: running + register: controller_metadata + +- name: Take a image of the controller + ec2_ami: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + instance_id: "{{ controller_metadata.instances[0].instance_id }}" + no_reboot: yes + wait: yes + wait_timeout: 3000 + name: "{{ controller_name }}-{{ ansible_date_time.date }}" + tags: + Name: "{{ controller_name }}-{{ ansible_date_time.date }}" + +- name: Update apt cache + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo apt-get update + +- name: Update packages + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo apt-get upgrade -y + +- name: Check if system requires reboot + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" [ -f /var/run/reboot-required ]; echo $? + register: reboot + +- name: Reboot if required + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo reboot + ignore_errors: yes + when: reboot.stdout == '0' + +- name: Wait for SSH to come up + wait_for: host={{ controller_metadata.instances[0].public_dns_name }} port=22 delay=60 timeout=320 state=started + when: reboot.stdout == '0' + +- name: Check if old container exist + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" docker ps -a | grep -i jenkins | wc -l + register: container + +- name: Remove jenkins old container if exist + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo docker rm jenkins + when: + - container.stdout == '1' + - reboot.stdout == '0' + +- name: Start jenkins container + command: ssh -i "{{ rook_key }}" ubuntu@"{{ controller_metadata.instances[0].public_dns_name }}" sudo docker run -d --name jenkins -p 8080:8080 -p 50000:50000 -v /mnt/jenkins/jenkins:/var/jenkins_home "{{ jenkins_controller_image }}" + when: + - container.stdout == '1' + - reboot.stdout == '0' diff --git a/roles/rook/tasks/rook-recovery.yml b/roles/rook/tasks/rook-recovery.yml new file mode 100644 index 00000000..82ae0547 --- /dev/null +++ b/roles/rook/tasks/rook-recovery.yml @@ -0,0 +1,58 @@ +--- +- name: Launch instance + ec2: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + key_name: "{{ keypair }}" + group: "{{ security_group }}" + instance_type: "{{ controller_instance_type }}" + image: "{{ image }}" + region: "{{ region }}" + vpc_subnet_id: "{{ vpc_subnet_id }}" + assign_public_ip: yes + instance_tags: "{{ aws_tags }}" + wait: yes + register: ec2_instances + +- name: print ec2 facts + debug: + var: ec2_instances + +- name: Set name tag for AWS instance + ec2_tag: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + region: "{{ region }}" + resource: "{{ item.1.id }}" + tags: + Name: "{{ aws_tags.Name }}-{{ '%02d' | format(item.0 + 1) }}" + with_indexed_items: "{{ ec2_instances.instances }}" + loop_control: + label: "{{ item.1.id }} - {{ aws_tags.Name }}-{{ '%02d' | format(item.0 + 1) }}" + +- name: Wait for SSH to come up + wait_for: host={{ item.public_ip }} port=22 delay=60 timeout=320 state=started + with_items: '{{ ec2_instances.instances }}' + loop_control: + label: "{{ item.id }} - {{ item.public_ip }}" + +- name: Remove jenkins docker old container + command: ssh -i "{{ rook_key }}" ubuntu@"{{ item.public_ip }}" sudo docker rm jenkins + with_items: '{{ ec2_instances.instances }}' + loop_control: + label: "{{ item.id }} - {{ item.public_ip }}" + +- name: Start jenkins container + command: ssh -i "{{ rook_key }}" ubuntu@"{{ item.public_ip }}" sudo docker run -d --name jenkins -p 8080:8080 -p 50000:50000 -v /mnt/jenkins/jenkins:/var/jenkins_home "{{ jenkins_controller_image }}" + with_items: '{{ ec2_instances.instances }}' + loop_control: + label: "{{ item.id }} - {{ item.public_ip }}" + +- name: The instance was succssfuly started + debug: + msg: + - "The Rook Jenkins is up and running the instance is named: {{ aws_tags.Name }}-{{ '%02d' | format(item.0 + 1) }}" + - "In order to make him avalible to public network you will need to add him to the load balancing target group" + with_indexed_items: "{{ ec2_instances.instances }}" + loop_control: + label: "{{ item.1.id }} - {{ aws_tags.Name }}-{{ '%02d' | format(item.0 + 1) }}" diff --git a/roles/rook/vars/main.yml b/roles/rook/vars/main.yml new file mode 100644 index 00000000..0eee7f48 --- /dev/null +++ b/roles/rook/vars/main.yml @@ -0,0 +1,14 @@ +--- +jenkins_controller_image: jenkins/jenkins:2.289.1 +keypair: root-jenkins-new-key +controller_instance_type: m4.large +security_group: rook-jenkins-group +image: ami-0aaf5dbaa4cbe5771 +region: us-east-1 +vpc_subnet_id: subnet-c72b609b +instance_name: Recovery-Rook-Jenkins +aws_tags: + Name: "{{ instance_name }}" + Application: "Jenkins" +controller_name: Prod-Jenkins +rook_key: "{{ secrets_path | mandatory }}/rook_key.yml" diff --git a/roles/secrets/defaults/main.yml b/roles/secrets/defaults/main.yml new file mode 100644 index 00000000..80df7bd6 --- /dev/null +++ b/roles/secrets/defaults/main.yml @@ -0,0 +1,2 @@ +--- +secrets_path: "{{ lookup('env', 'ANSIBLE_SECRETS_PATH') | default('/etc/ansible/secrets', true) }}" diff --git a/roles/signalfx_splunk_agent_configuration/README.rst b/roles/signalfx_splunk_agent_configuration/README.rst new file mode 100644 index 00000000..832bb5d0 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/README.rst @@ -0,0 +1,73 @@ +signalfx_splunk_agent_configuration +=================================== + +This role will help you configure any server node to monitor the services like HTTP and SYSTEMD. +This will create the necessary configuration files and add the server for monitoring on the dashboard. + +Prerequisites +------------- + +Requires an access_token which needs to be generated in your profile. + +HTTP - Monitoring ++++++++++++++++++ + +Create a variable file as follows. Example: http_vars.yml:: + + --- + access_token: "" + basic_attributes: + appcode: "" + http_enabled: true + http_monitors: + - host: example1.domain.com + http_timeout: 1s + - host: example2.domain.com + port: 80 + use_https: false + - host: example3.domain.com + port: 8443 + path: /my/path/index.html + skip_verify: true + ++++++++++++++++++ + + +SYSTEMD - Monitoring +++++++++++++++++++++ + +Create a variable file as follows. Example: systemd_vars.yml:: + + --- + access_token: "" + basic_attributes: + appcode: "" + systemd_enabled: true + systemd_services: + - ssh + - nginx + - firewall + systemd_sendactivestate: true + systemd_extrametrics: + - gauge.active_state.active + +++++++++++++++++++++ + +How to run +---------- + +You can pass the variables file name as a extra variable `var_file_name`. + +If nothing is provided then it will make use of the vars/main.yml parameters and configure the node to default settings. + +NOTE: If you wish to configure the node with default setting, please remember to change the values below. + +- access_token +- appcode + +The way of passing the variable to the ansible playbook can be achieved by running the following command:: + + Example: If your variables file name is http_vars.yml + ansible-playbook -i hosts -e "var_file_name=http_vars.yml" signalfx.yml + +---------- diff --git a/roles/signalfx_splunk_agent_configuration/defaults/main.yml b/roles/signalfx_splunk_agent_configuration/defaults/main.yml new file mode 100644 index 00000000..7cd2f08b --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/defaults/main.yml @@ -0,0 +1,23 @@ +--- +agent_interval_seconds: 20 +agent_realm: us1 +agent_restorecon_map: + RedHat6: /sbin/restorecon + RedHat7: /usr/sbin/restorecon + RedHat8: /sbin/restorecon +agent_restorecon_path: "{{ agent_restorecon_map[ ansible_distribution + ansible_distribution_major_version ] }}" +signalfx_skip_repo: true + +http_enabled: false +http_monitors: [] + +systemd_enabled: false +systemd_services: [] + +signalfx_repo_base_url: https://splunk.jfrog.io/splunk +signalfx_package_stage: release +signalfx_version: latest +signalfx_conf_file_path: /etc/signalfx/agent.yaml +signalfx_service_user: signalfx-agent +signalfx_service_group: signalfx-agent +signalfx_service_state: started diff --git a/roles/signalfx_splunk_agent_configuration/handlers/main.yml b/roles/signalfx_splunk_agent_configuration/handlers/main.yml new file mode 100644 index 00000000..087164b5 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: agent_systemd_reload + systemd: + daemon_reload: yes + +- name: agent_restart + service: + name: signalfx-agent + state: restarted diff --git a/roles/signalfx_splunk_agent_configuration/tasks/http.yml b/roles/signalfx_splunk_agent_configuration/tasks/http.yml new file mode 100644 index 00000000..44efc875 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/http.yml @@ -0,0 +1,17 @@ +--- +- name: Configure HTTP monitoring + template: + src: http.yaml.j2 + dest: "{{ agent_extra_monitor_path }}/http.yaml" + owner: "{{ signalfx_service_user }}" + group: "{{ signalfx_service_group }}" + mode: 0600 + notify: agent_restart + +- name: Ensure OCSP cache can be created + file: + state: directory + path: '/usr/lib/signalfx-agent/.cache/' + owner: 'signalfx-agent' + group: 'signalfx-agent' + mode: '0700' diff --git a/roles/signalfx_splunk_agent_configuration/tasks/linux_installation.yml b/roles/signalfx_splunk_agent_configuration/tasks/linux_installation.yml new file mode 100644 index 00000000..10dadaf8 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/linux_installation.yml @@ -0,0 +1,25 @@ +--- +- name: Import signalfx-agent deploy for CentOS or RHEL + import_tasks: yum_installation.yml + when: ansible_os_family in rhel_distro + +- name: Import signalfx-agent deploy for Debian or Ubuntu + import_tasks: ubuntu_installation.yml + when: ansible_os_family in ubuntu_distro + +- name: Set signalfx-agent service owner + import_tasks: service_owner.yml + +- name: Write signalfx config + copy: + content: "{{ signalfx_agent_config | to_nice_yaml }}" + dest: "{{ signalfx_conf_file_path }}" + owner: "{{ signalfx_service_user }}" + group: "{{ signalfx_service_group }}" + mode: 0600 + +- name: Start signalfx-agent + service: + name: signalfx-agent + state: "{{ signalfx_service_state }}" + enabled: yes diff --git a/roles/signalfx_splunk_agent_configuration/tasks/main.yml b/roles/signalfx_splunk_agent_configuration/tasks/main.yml new file mode 100644 index 00000000..f72d2469 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/main.yml @@ -0,0 +1,89 @@ +--- +- name: Validate the variable definitions + assert: + that: + - basic_attributes is defined + - basic_attributes['appcode'] is defined + - access_token is defined + quiet: true + +- name: Default monitors + set_fact: + _agent_monitors: "{{ default_monitors }}" + when: agent_monitors is not defined + +- name: Configure SELinux for SignalFX Smart Agent + seboolean: + name: nis_enabled + state: yes + persistent: yes + when: ansible_distribution_major_version | int > 6 + +- name: Create the SignalFX Smart Agent configuration directory + file: + path: "{{ access_token_path | dirname }}" + state: directory + mode: 0700 + +- name: Store SignalFX access token in a separate file + copy: + dest: "{{ access_token_path }}" + content: "{{ access_token }}" + mode: 0600 + no_log: true + +- name: Import the SignalFX Smart Agent role + import_tasks: signalfx_main.yml + vars: + signalfx_agent_config: + signalFxAccessToken: "{'#from': '{{ access_token_path }}'}" + signalFxRealm: "{{ agent_realm }}" + intervalSeconds: "{{ agent_interval_seconds }}" + globalDimensions: "{{ basic_attributes }}" + monitors: "{{ _agent_monitors }}" + +- name: Include extra monitors in agent configuration + blockinfile: + path: "{{ signalfx_conf_file_path }}" + insertafter: 'monitors:' + block: | + - '#from': /etc/signalfx/monitors/* + flatten: true + optional: true + +- name: Create directory for SignalFX extra monitors + file: + path: "{{ agent_extra_monitor_path }}" + state: directory + owner: "{{ signalfx_service_user }}" + group: "{{ signalfx_service_group }}" + mode: 0700 + +- name: Correct bundled binaries SELinux context types to work around an upstream bug + sefcontext: + target: "{{ agent_bin_path }}" + setype: "{{ agent_bin_setype }}" + state: present + +- name: Apply the SELinux context type to collectd + command: "{{ agent_restorecon_path }} -RvF {{ agent_bin_restore }}" + +- name: Fix the SignalFX Smart Agent service startup + blockinfile: + path: "{{ agent_systemd_config }}" + backup: yes + insertbefore: BOF + block: | + [Unit] + Description=SignalFX Smart Agent + After=network.target nss-lookup.target multi-user.target + notify: agent_systemd_reload + when: ansible_distribution_major_version | int > 6 + +- name: Configure HTTP monitoring + import_tasks: http.yml + when: http_enabled + +- name: Configure Systemd services monitoring + import_tasks: systemd.yml + when: systemd_enabled diff --git a/roles/signalfx_splunk_agent_configuration/tasks/service_owner.yml b/roles/signalfx_splunk_agent_configuration/tasks/service_owner.yml new file mode 100644 index 00000000..780a7d5a --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/service_owner.yml @@ -0,0 +1,90 @@ +--- +- name: Create user/group + block: + - name: Get groups + getent: + database: group + key: "{{ signalfx_service_group }}" + fail_key: no + - name: Create group + group: + name: "{{ signalfx_service_group }}" + system: yes + when: not getent_group[signalfx_service_group] + - name: Get users + getent: + database: passwd + key: "{{ signalfx_service_user }}" + fail_key: no + - name: Create user + user: + name: "{{ signalfx_service_user }}" + group: "{{ signalfx_service_group }}" + createhome: no + shell: /sbin/nologin + system: yes + when: not getent_passwd[signalfx_service_user] + +- name: Set user/group for signalfx-agent systemd service + block: + - name: Stop systemd service + service: + name: signalfx-agent + state: stopped + - name: Create tmpfile override + lineinfile: + path: /etc/tmpfiles.d/signalfx-agent.conf + create: yes + line: "D /run/signalfx-agent 0755 {{ signalfx_service_user }} {{ signalfx_service_group }} - -" + regexp: '^D /run/signalfx-agent .*' + insertafter: EOF + - name: Initialize tmpfile override + command: systemd-tmpfiles --create --remove /etc/tmpfiles.d/signalfx-agent.conf + - name: Create systemd override directory + file: + path: /etc/systemd/system/signalfx-agent.service.d/ + state: directory + - name: Create systemd service owner override file + lineinfile: + path: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf + create: yes + line: '[Service]' + regexp: '^\[Service\].*' + insertafter: EOF + - name: Set systemd service owner user + lineinfile: + path: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf + line: "User={{ signalfx_service_user }}" + regexp: '^User=.*' + insertafter: '^\[Service\].*' + - name: Set systemd service owner group + lineinfile: + path: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf + line: "Group={{ signalfx_service_group }}" + regexp: '^Group=.*' + insertafter: '^User=.*' + - name: Reload systemd service + systemd: + daemon_reload: yes + when: ansible_service_mgr == 'systemd' + +- name: Set user/group for signalfx-agent initd service + block: + - name: Stop initd service + service: + name: signalfx-agent + state: stopped + - name: Set initd service owner user + lineinfile: + path: /etc/default/signalfx-agent + create: yes + line: "user={{ signalfx_service_user }}" + regexp: '^user=.*' + insertafter: EOF + - name: Set initd service owner group + lineinfile: + path: /etc/default/signalfx-agent + line: "group={{ signalfx_service_group }}" + regexp: '^group=.*' + insertafter: '^user=.*' + when: ansible_service_mgr != 'systemd' diff --git a/roles/signalfx_splunk_agent_configuration/tasks/signalfx_main.yml b/roles/signalfx_splunk_agent_configuration/tasks/signalfx_main.yml new file mode 100644 index 00000000..089071e6 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/signalfx_main.yml @@ -0,0 +1,26 @@ +--- +- name: Accepted distros + set_fact: + ubuntu_distro: ['Ubuntu'] + rhel_distro: ['RedHat', 'Red Hat Enterprise Linux', 'CentOS', 'Amazon'] + cacheable: true + +- name: Confirm if agent configuration is provided! + fail: msg='Please provide a populated signalfx_agent_config' + when: not (signalfx_agent_config| default(false)) + +- name: Confirm if SignalFx Access Token is defined! + fail: msg='Please specify a signalFxAccessToken in your signalfx_agent_config' + when: not (signalfx_agent_config.signalFxAccessToken | default('') | trim) or not signalfx_agent_config.signalFxAccessToken + +- name: Acceptable distribution check + fail: + msg: > + Failed! The target is {{ ansible_os_family }} and this role only supports {{ ubuntu_distro }} and {{ rhel_distro }}. + when: (ansible_os_family not in ubuntu_distro) + and + (ansible_os_family not in rhel_distro) + +- name: Linux installation + include_tasks: linux_installation.yml + when: ( ansible_os_family in ubuntu_distro ) or ( ansible_os_family in rhel_distro ) diff --git a/roles/signalfx_splunk_agent_configuration/tasks/systemd.yml b/roles/signalfx_splunk_agent_configuration/tasks/systemd.yml new file mode 100644 index 00000000..ea354f9e --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/systemd.yml @@ -0,0 +1,9 @@ +--- +- name: Configure systemd monitoring + template: + src: systemd.yaml.j2 + dest: "{{ agent_extra_monitor_path }}/systemd.yaml" + owner: "{{ signalfx_service_user }}" + group: "{{ signalfx_service_group }}" + mode: 0600 + notify: agent_restart diff --git a/roles/signalfx_splunk_agent_configuration/tasks/ubuntu_installation.yml b/roles/signalfx_splunk_agent_configuration/tasks/ubuntu_installation.yml new file mode 100644 index 00000000..e26ffdfc --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/ubuntu_installation.yml @@ -0,0 +1,32 @@ +--- +- name: Delete old signing key for SignalFx Agent + apt_key: + id: 91668001288D1C6D2885D651185894C15AE495F6 + state: absent + +- name: Delete old signing key file for SignalFx Agent + file: + path: /etc/apt/trusted.gpg.d/signalfx.gpg + state: absent + +- name: Add an Apt signing key for Signalfx Agent + get_url: + url: "{{ sfx_repo_base_url }}/signalfx-agent-deb/splunk-B3CD4420.gpg" + dest: /etc/apt/trusted.gpg.d/splunk.gpg + mode: 0644 + +- name: Add Signalfx Agent repository into sources list + apt_repository: + repo: "deb {{ sfx_repo_base_url }}/signalfx-agent-deb {{ sfx_package_stage }} main" + filename: 'signalfx-agent' + mode: 644 + state: present + when: not (sfx_skip_repo | bool) + +- name: Install signalfx-agent via apt package manager + apt: + name: signalfx-agent{% if sfx_version is defined and sfx_version != "latest" %}={{ sfx_version }}{% endif %} + state: "{% if sfx_version is defined and sfx_version != 'latest' %}present{% else %}{{ sfx_version }}{% endif %}" + force: yes + update_cache: yes + policy_rc_d: 101 diff --git a/roles/signalfx_splunk_agent_configuration/tasks/yum_installation.yml b/roles/signalfx_splunk_agent_configuration/tasks/yum_installation.yml new file mode 100644 index 00000000..fec807e9 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/tasks/yum_installation.yml @@ -0,0 +1,22 @@ +--- +- name: Delete old signing key for SignalFx Agent + rpm_key: + key: 098acf3b + state: absent + +- name: Add Signalfx Agent repo into source list + yum_repository: + name: signalfx-agent + description: SignalFx Agent Repository + baseurl: "{{ signalfx_repo_base_url }}/signalfx-agent-rpm/{{ signalfx_package_stage }}" + gpgkey: "{{ signalfx_repo_base_url }}/signalfx-agent-rpm/splunk-B3CD4420.pub" + gpgcheck: yes + enabled: yes + when: not (signalfx_skip_repo | bool) + +- name: Install signalfx-agent via yum package manager + yum: + name: signalfx-agent{% if signalfx_version is defined and signalfx_version != "latest" %}-{{ signalfx_version }}{% endif %} + state: "{% if signalfx_version is defined and signalfx_version != 'latest' %}present{% else %}{{ signalfx_version }}{% endif %}" + allow_downgrade: yes + update_cache: yes diff --git a/roles/signalfx_splunk_agent_configuration/templates/http.yaml.j2 b/roles/signalfx_splunk_agent_configuration/templates/http.yaml.j2 new file mode 100644 index 00000000..fa30963b --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/templates/http.yaml.j2 @@ -0,0 +1,42 @@ +{% for http_monitor in http_monitors %} +- type: http + host: {{ http_monitor.host | default(ansible_fqdn) }} + port: {{ http_monitor.port | default(443) }} + path: {{ http_monitor.path | default('/')}} + httpTimeout: {{ http_monitor.http_timeout | default('5s') }} + useHTTPS: {{ http_monitor.use_https | default(true) }} + skipVerify: {{ http_monitor.skip_verify | default(false) }} + noRedirects: {{ http_monitor.no_redirects | default(false) }} + method: {{ http_monitor.method | default('GET') }} + desiredCode: {{ http_monitor.desired_code | default(200)}} + addRedirectURL: {{ http_monitor.add_redirect_url | default(false) }} +{% if http_monitor.username is defined %} + username: {{ http_monitor.username }} +{% endif %} +{% if http_monitor.password is defined %} + password: {{ http_monitor.password }} +{% endif %} +{% if http_monitor.http_headers is defined %} + httpHeaders: {{ http_monitor.http_headers }} +{% endif %} +{% if http_monitor.ca_cert_path is defined %} + caCertPath: {{ http_monitor.ca_cert_path }} +{% endif %} +{% if http_monitor.client_cert_path is defined %} + clientCertPath: {{ http_monitor.client_cert_path }} +{% endif %} +{% if http_monitor.client_key_path is defined %} + clientKeyPath: {{ http_monitor.client_key_path }} +{% endif %} +{% if http_monitor.request_body is defined %} + requestBody: {{ http_monitor.request_body }} +{% endif %} +{% if http_monitor.regex is defined %} + regex: {{ http_monitor.regex }} +{% endif %} +{% if http_monitor.extra_dimensions is defined %} + extraDimensions: +{{ http_monitor.extra_dimensions | to_nice_yaml | indent(4, True) }} +{% endif %} + +{% endfor %} diff --git a/roles/signalfx_splunk_agent_configuration/templates/systemd.yaml.j2 b/roles/signalfx_splunk_agent_configuration/templates/systemd.yaml.j2 new file mode 100644 index 00000000..6b11c136 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/templates/systemd.yaml.j2 @@ -0,0 +1,20 @@ +- type: collectd/systemd + services: +{% for service in systemd_services %} + - {{ service }} +{% endfor %} +{% if systemd_sendactivestate is defined %} + sendActiveState: {{ systemd_sendactivestate }} +{% endif %} +{% if systemd_sendsubstate is defined %} + sendSubState: {{ systemd_sendsubstate }} +{% endif %} +{% if systemd_sendloadstate is defined %} + sendLoadState: {{ systemd_sendloadstate }} +{% endif %} +{% if systemd_extrametrics is defined and systemd_extrametrics | length > 0 %} + extraMetrics: +{% for metric in systemd_extrametrics %} + - {{ metric }} +{% endfor %} +{% endif %} diff --git a/roles/signalfx_splunk_agent_configuration/vars/main.yml b/roles/signalfx_splunk_agent_configuration/vars/main.yml new file mode 100644 index 00000000..6d4fb7d2 --- /dev/null +++ b/roles/signalfx_splunk_agent_configuration/vars/main.yml @@ -0,0 +1,22 @@ +--- +agent_systemd_config: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf +access_token_path: /etc/signalfx/token +agent_extra_monitor_path: /etc/signalfx/monitors +default_monitors: + - type: cpu + extraMetrics: + - cpu.user + - cpu.wait + - cpu.system + - cpu.steal + - type: filesystems + - type: disk-io + - type: net-io + - type: load + - type: memory + - type: vmem + - type: host-metadata + - type: processlist +agent_bin_path: '/usr/lib/signalfx-agent/bin(/.*)' +agent_bin_restore: '/usr/lib/signalfx-agent/bin' +agent_bin_setype: bin_t diff --git a/roles/testnode/README.rst b/roles/testnode/README.rst new file mode 100644 index 00000000..81faaff2 --- /dev/null +++ b/roles/testnode/README.rst @@ -0,0 +1,389 @@ +Testnode +======== + +This role is used to configure a node for ceph testing using teuthology_ and ceph-qa-suite_. +It will manage the necessary groups, users and configuration needed for teuthology to connect to and use the node. +It also installs a number of packages needed for tasks in ceph-qa-suite and teuthology. + +The following distros are supported: + +- RHEL 6.X +- RHEL 7.X +- Centos 6.X +- Centos 7.x +- Fedora 20 +- Debian Wheezy +- Ubuntu Precise +- Ubuntu Trusty +- Ubuntu Vivid + +**NOTE:** This role was first created as a port of ceph-qa-chef_. + +Usage ++++++ + +The testnode role is primarily used by the ``testnodes.yml`` playbook. This playbook is run by cobbler during +bare-metal imaging to prepare a node for testing and is also used by teuthology during test runs to ensure the config +is correct before testing. + +**NOTE:** ``testnodes.yml`` is limited to run against hosts in the ``testnodes`` group by the ``hosts`` key in the playbook. + +Variables ++++++++++ + +Available variables are listed below, along with default values (see ``roles/testnode/defaults/main.yml``). The ``testnode`` role +also allows for variables to be defined per package type (apt, yum), distro, distro major version and distro version. +These overrides are included by ``tasks/vars.yml`` and the specific var files live in ``vars/``. + +The host to use as a package mirror:: + + mirror_host: apt-mirror.sepia.ceph.com + +The host to use as a github mirror:: + + git_mirror_host: git.ceph.com + +The host to find package-signing keys on (at https://{{key_host}}/keys/{release,autobuild}.asc):: + + key_host: download.ceph.com + +This host is used by teuthology to download ceph packages and will be given higher priority on apt systems:: + + gitbuilder_host: gitbuilder.ceph.com + +The mirror to download and install ``pip`` from:: + + pip_mirror_url: "http://{{ mirror_host }}/pypi/simple" + +A hash defining yum repos that would be common across a major version. Each key in the hash represents +the filename of a yum repo created in /etc/yum.repos.d. The key/value pairs as the value for that repo +will be used as the properties for the repo file:: + + common_yum_repos: {} + + # An example: + common_yum_repos: + rhel-7-fcgi-ceph: + name: "RHEL 7 Local fastcgi Repo" + baseurl: http://gitbuilder.ceph.com/mod_fastcgi-rpm-rhel7-x86_64-basic/ref/master/ + enabled: 1 + gpgcheck: 0 + priority: 2 + +A hash defining version-specific yum repos. Each key in the hash represents +the filename of a yum repo created in /etc/yum.repos.d. The key/value pairs as the value for that repo +will be used as the properties for the repo file:: + + yum_repos: {} + + # An example: + yum_repos: + fedora-fcgi-ceph: + name: Fedora Local fastcgi Repo + baseurl: http://gitbuilder.ceph.com/mod_fastcgi-rpm-fedora20-x86_64-basic/ref/master/ + enabled: 1 + gpgcheck: 0 + priority: 0 + +Another dictionary of yum repos to put in place. We have this dictionary defined in the Octo lab secrets repo. We have devel +repos with baseurls we don't want to expose the URLs of. This dict gets combined with ``yum_repos`` in ``roles/testnode/tasks/yum/repos.yml``:: + + additional_yum_repos: {} + + # An example: + additional_yum_repos: + devel-ceph-repo: + name: This is a repo with devel packages + baseurl: http://some/private/repo/ + enabled: 0 + gpgcheck: 0 + +A list of copr repos to enable using ``dnf copr enable``:: + + copr_repos: [] + + # An example: + copr_repos: + - ktdreyer/ceph-el8 + +A list of mirrorlist template **filenames** to upload to ``/etc/yum.repos.d/``. +Mirrorlist templates should live in ``roles/testnode/vars/mirrorlists/{{ ansible_distribution_major_version }}/`` +We were already doing this with epel mirrorlists in the ``common`` role but started seeing metalink issues with CentOS repos:: + + yum_mirrorlists: [] + + # Example: + yum_mirrorlists: + - CentOS-AppStream-mirrorlist + + $ cat roles/testnode/templates/mirrorlists/8/CentOS-AppStream-mirrorlist + # {{ ansible_managed }} + https://download-cc-rdu01.fedoraproject.org/pub/centos/{{ ansible_lsb.release }}/AppStream/x86_64/os/ + https://path/to/another/mirror + + +A list defining apt repos that would be common across a major version or distro. Each item in the list represents +an apt repo to be added to sources.list:: + + common_apt_repos: [] + + # An Example: + common_apt_repos: + # mod_fastcgi for radosgw + - "deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-{{ansible_distribution_release}}-x86_64-basic/ref/master/ {{ansible_distribution_release}} main" + +A list defining version-specific apt repos. Each item in the list represents an apt repo to be added to sources.list:: + + apt_repos: [] + +A list of packages to install that is specific to a distro version. These lists are defined in the var files in ``vars/``:: + + packages: [] + +A list of packages to install that are common to a distro or distro version. These lists are defined in the var files in ``vars/``:: + + common_packages: [] + +A list of packages that must be installed from epel. These packages are installed with the epel repo explicitly enabled for any +yum-based distro that provides the list in their var file in ``/vars``:: + + epel_packages: [] + +**NOTE:** A good example of how ``packages`` and ``common_packages`` work together is with Ubuntu. The var file ``roles/testnode/vars/ubuntu.yml`` defines +a number of packages in ``common_packages`` that need to be installed across all versions of ubuntu, while the version-specific files +(for example, ``roles/testnode/vars/ubuntu_14.yml``) define packages in ``packages`` that either have varying names across versions or are only needed +for that specific version. This is the same idea behind the vars that control apt and yum repos as well. + +A list of ceph packages to remove. It's safe to add packages to this list that aren't currently installed or don't exist. Both ``apt-get`` and ``yum`` +handle this case correctly. This list is defined in ``vars/apt_systems.yml`` and ``vars/yum_systems.yml``:: + + ceph_packages_to_remove: [] + +A list of packages to remove. These lists are defined in the var files in ``vars/``:: + + packages_to_remove: [] + +A list of packages to upgrade. These lists are defined in the vars files in ``vars/``:: + + packages_to_upgrade: [] + +A list of packages to install via ``apt install --no-install-recommends``:: + + no_recommended_packages: [] + +A list of packages to install via pip. These lists are defined in the vars files in ``vars/``:: + + pip_packages_to_install: [] + +The user that teuthology will use to connect to testnodes. This user will be created by this role and assigned to the appropriate groups. +Even though this variable exists, teuthology is not quite ready to support a configurable user:: + + teuthology_user: "ubuntu" + +This user is created for use in running xfstests from ceph-qa-suite:: + + xfstests_user: "fsgqa" + +This will control whether or not rpcbind is started before nfs. Some distros require this, others don't:: + + start_rpcbind: true + +Set to true if /etc/fstab must be modified to persist things like mount options, which is useful for long-lived +bare-metal machines, less useful for virtual machines that are re-imaged before each job:: + + modify_fstab: true + +A list of ntp servers to use:: + + ntp_servers: + - 0.us.pool.ntp.org + - 1.us.pool.ntp.org + - 2.us.pool.ntp.org + - 3.us.pool.ntp.org + +The lab domain to use when populating systems in cobbler. (See ``roles/cobbler_systems/tasks/populate_systems.yml``) +This variable is also used to strip the domain from RHEL and CentOS testnode hostnames +The latter is only done if ``lab_domain`` is defined:: + + lab_domain: '' + +A dictionary of drives/devices you want to partition. ``scratch_devs`` is not required. All other values are self-explanatory given this example:: + + # Example: + drives_to_partition: + nvme0n1: + device: "/dev/nvme0n1" + unit: "GB" + sizes: + - "0 95" + - "95 190" + - "190 285" + - "285 380" + - "380 400" + scratch_devs: + - p1 + - p2 + - p3 + - p4 + sdb: + device: "/dev/sdb" + unit: "%" + sizes: + - "0 50" + - "50 100" + scratch_devs: + - 2 + +An optional dictionary of filesystems you want created and where to mount them. (You must use a ``drives_to_partition`` or ``logical_volumes`` dictionary to carve up drives first.) Example:: + + filesystems: + varfoo: + device: "/dev/nvme0n1p5" + fstype: ext4 + mountpoint: "/var/lib/foo" + fscache: + device: "/dev/nvme0n1p6" + fstype: xfs + mountpoint: "/var/cache/fscache" + +A dictionary of volume groups you want created. ``pvs`` should be a comma-delimited list. Example:: + + volume_groups: + vg_nvme: + pvs: "/dev/nvme0n1" + vg_hdd: + pvs: "/dev/sdb,/dev/sdc" + +A dictionary of logical volumes you want created. See Ansible's docs_ on available sizing options. The ``vg`` value is the volume group you want the logical volume created on. Define ``scratch_dev`` if you want it added to ``/scratch_devices`` on the testnode:: + + logical_volumes: + lv_1: + vg: vg_nvme + size: "25%VG" + scratch_dev: true + lv_2: + vg: vg_nvme + size: "75%VG" + scratch_dev: true + lv_foo: + vg: vg_hdd + size: "100%VG" + +Setting ``quick_lvs_to_create`` will: + + #. Create one large volume group using all non-root devices listed in ``ansible_devices`` + #. Create X number of logical volumes equal in size + + Defining this variable will override ``volume_groups`` and ``logical_volumes`` dicts if defined in secrets:: + + # Example would create 4 logical volumes each using 25% of a volume group created using all non-root physical volumes + quick_lvs_to_create: 4 + +Define ``check_for_nvme: true`` in Ansible inventory group_vars (by machine type) if the testnode should have an NVMe device. This will include a few tasks to verify an NVMe device is present. If the drive is missing, the tasks will mark the testnode down in the paddles_ lock database so the node doesn't repeatedly fail jobs. Defaults to false:: + + check_for_nvme: false + +Downstream QE requested ABRT be configured in a certain way. Overridden in Octo secrets:: + + configure_abrt: false + +Configure ``cachefilesd``. See https://tracker.ceph.com/issues/6373. Defaults to ``false``:: + + configure_cachefilesd: true + + # Optionally override any of the following variables to change their + # corresponding values in /etc/cachefilesd.conf + cachefilesd_dir + cachefilesd_tag + cachefilesd_brun + cachefilesd_bcull + cachefilesd_bstop + cachefilesd_frun + cachefilesd_fcull + cachefilesd_fstop + cachefilesd_secctx + +Tags +++++ + +Available tags are listed below: + +cachefilesd + Install and configure cachefilesd. + +cpan + Install and configure cpan and Amazon::S3. + +filesystems + Create and mount filesystems. + +gpg-keys + Install gpg keys on Fedora. + +hostname + Check and set proper fqdn. See, ``roles/testnode/tasks/set_hostname.yml``. + +lvm + Configures logical volumes if dicts are defined in the secrets repo. + +nfs + Install and start nfs. + +ntp-client + Setup ntp. + +packages + Install, update and remove packages. + +partition + Partition any drives/devices if ``drives_to_partition`` is defined in secrets. + +pip + Install and configure pip. + +pubkeys + Adds the ssh public keys for the ``teuthology_user``. + +remove-ceph + Ensure all ceph related packages are removed. See ``packages_to_remove`` in the distros var file for the list. + +repos + Perform all repo related tasks. Creates and manages our custom repo files. + +selinux + Configure selinux on yum systems. + +ssh + Manage things ssh related. Will upload the distro specific sshd_config, ssh_config and addition of pubkeys for the ``teuthology_user``. + +sudoers + Manage the /etc/sudoers and the nagios suders.d files. + +user + Manages the ``teuthology_user`` and ``xfstests_user``. + +zap + Zap (``sgdizk -Z``) all non-root drives and **all** logical volumes and volume groups + +Dependencies +++++++++++++ + +This role depends on the following roles: + +secrets + Provides a var, ``secrets_path``, containing the path of the secrets repository, a tree of ansible variable files. + +sudo + Sets ``ansible_sudo: true`` for this role which causes all the plays in this role to execute with sudo. + +To Do ++++++ + +- Noop creating custom repos if ``mirror_host`` is not defined. Change the default to ``mirror_host: ''`` and skip + creating custom repo files if a mirror is not needed for that specific distro. This is currently hacked in for Vivid. + +.. _ceph-qa-chef: https://github.com/ceph/ceph-qa-chef +.. _teuthology: https://github.com/ceph/teuthology +.. _ceph-qa-suite: https://github.com/ceph/ceph-qa-suite +.. _docs: https://docs.ansible.com/ansible/latest/lvol_module.html +.. _paddles: https://github.com/ceph/paddles diff --git a/roles/testnode/defaults/main.yml b/roles/testnode/defaults/main.yml new file mode 100644 index 00000000..2c441e67 --- /dev/null +++ b/roles/testnode/defaults/main.yml @@ -0,0 +1,81 @@ +--- +mirror_host: apt-mirror.sepia.ceph.com +git_mirror_host: git.ceph.com +key_host: download.ceph.com +gitbuilder_host: gitbuilder.ceph.com +pip_mirror_url: "http://{{ mirror_host }}/pypi/simple" + +# yum repos common to a major version or distro +common_yum_repos: {} + +# version-specific yum repos, defined in the version specific var file +yum_repos: {} + +# list of copr repo *names* to enable (e.g., user/repo) +copr_repos: [] + +# apt repos common to a major version or distro +common_apt_repos: [] + +# version-specific apt repos, defined in the the version-specific var files +apt_repos: [] + +# packages to install, see common_packages below as well. The set of packages to install +# is packages + common_packages +packages: [] + +# a list of packages that have to be installed from epel +epel_packages: [] + +# packages common to a major version, distro or package type. This means that they +# have the same name and are intended to be installed for all other versions in that major +# version, distro or package type +common_packages: [] + +# common packages that aren't available in aarch64 architecture +non_aarch64_packages: [] +non_aarch64_packages_to_upgrade: [] +non_aarch64_common_packages: [] + +# packages used by ceph we want to ensure are removed +ceph_packages_to_remove: [] +ceph_dependency_packages_to_remove: [] +packages_to_remove: [] +packages_to_upgrade: [] + +# the user teuthology will use +teuthology_user: "ubuntu" +xfstests_user: "fsgqa" + +# some distros need to start rpcbind before +# trying to use nfs while others don't. +start_rpcbind: true + +# set to true if /etc/fstab must be modified to persist things like +# mount options, which is useful for long lived bare metal machines, +# less useful for virtual machines that are re-imaged before each job +modify_fstab: true + +# used to ensure proper full and short fqdn on testnodes +lab_domain: "" + +ntp_servers: + - 0.us.pool.ntp.org + - 1.us.pool.ntp.org + - 2.us.pool.ntp.org + - 3.us.pool.ntp.org + +# Set to true in group_vars if the testnode/machine type should have an NVMe device +check_for_nvme: false + +# packages to install via pip +pip_packages_to_install: [] + +# Configure ABRT (probably only for downstream use) +configure_abrt: false + +# Configure cachefilesd (https://tracker.ceph.com/issues/6373) +configure_cachefilesd: false + +# Is this a containerized testnode? +containerized_node: false diff --git a/roles/testnode/handlers/main.yml b/roles/testnode/handlers/main.yml new file mode 100644 index 00000000..e820eb91 --- /dev/null +++ b/roles/testnode/handlers/main.yml @@ -0,0 +1,37 @@ +--- +- name: restart ntp + service: + name: "{{ ntp_service_name }}" + state: restarted + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" + +- name: restart ssh + service: + name: "{{ ssh_service_name }}" + state: restarted + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" + +- name: start rpcbind + service: + name: rpcbind + state: started + enabled: yes + when: start_rpcbind + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" + +- name: restart nfs-server + service: + name: "{{ nfs_service }}" + state: restarted + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" + +- name: restart cron + service: + name: cron + state: restarted + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" diff --git a/roles/testnode/meta/main.yml b/roles/testnode/meta/main.yml new file mode 100644 index 00000000..313fd690 --- /dev/null +++ b/roles/testnode/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: secrets diff --git a/roles/testnode/tasks/apt/packages.yml b/roles/testnode/tasks/apt/packages.yml new file mode 100644 index 00000000..97e51e33 --- /dev/null +++ b/roles/testnode/tasks/apt/packages.yml @@ -0,0 +1,46 @@ +--- +- name: Ensure packages are not present. + apt: + name: "{{ ceph_packages_to_remove|list + packages_to_remove|list }}" + state: absent + force: yes + when: ceph_packages_to_remove|length > 0 or + packages_to_remove|length > 0 + +- name: Upgrade packages + apt: + name: "{{ packages_to_upgrade|list }}" + state: latest + force: yes + when: packages_to_upgrade|length > 0 + +- name: Upgrade non aarch64 packages + apt: + name: "{{ non_aarch64_packages_to_upgrade|list }}" + state: latest + force: yes + when: + non_aarch64_packages_to_upgrade|length > 0 and + ansible_architecture != "aarch64" + +- name: Install packages + apt: + name: "{{ packages|list + common_packages|list }}" + state: present + force: yes + when: packages|length > 0 or + common_packages|length > 0 + +- name: Install non aarch64 packages + apt: + name: "{{ non_aarch64_packages|list + non_aarch64_common_packages|list }}" + state: present + force: yes + when: ansible_architecture != "aarch64" + +- name: Install packages with --no-install-recommends + apt: + name: "{{ no_recommended_packages|list }}" + state: present + install_recommends: no + when: no_recommended_packages|length > 0 diff --git a/roles/testnode/tasks/apt/repos.yml b/roles/testnode/tasks/apt/repos.yml new file mode 100644 index 00000000..046a9e09 --- /dev/null +++ b/roles/testnode/tasks/apt/repos.yml @@ -0,0 +1,62 @@ +--- +# Check for and remove custom repos. +# http://tracker.ceph.com/issues/12794 +- name: Check for custom repos + shell: "ls -1 /etc/apt/sources.list.d/" + register: custom_repos + changed_when: false + +- name: Remove custom repos + file: path=/etc/apt/sources.list.d/{{ item }} state=absent + with_items: "{{ custom_repos.stdout_lines|default([]) }}" + # Ignore changes here because we will be removing repos that we end up re-adding later + changed_when: false + +- name: Set apt preferences + template: + dest: "/etc/apt/preferences.d/ceph.pref" + src: "apt/ceph.pref" + owner: root + group: root + mode: 0644 + register: apt_prefs + +# Starting with ubuntu 15.04 we no longer maintain our own package mirrors. +# For anything ubuntu < 15.04 or debian <=7 we still do. +- name: Add sources list + template: + dest: /etc/apt/sources.list + src: "apt/sources.list.{{ ansible_distribution_release | lower }}" + owner: root + group: root + mode: 0644 + register: sources + when: ansible_architecture != "aarch64" and + ansible_distribution_major_version|int < 15 + +- name: Install apt keys + apt_key: + url: "{{ item }}" + state: present + with_items: + - "http://{{ key_host }}/keys/autobuild.asc" + - "http://{{ key_host }}/keys/release.asc" + # try for 2 minutes before failing + retries: 24 + delay: 5 + +# required for apt_repository +- name: Install python-apt + apt: + name: "{{ python_apt_package_name|default('python-apt') }}" + state: present + +- name: Add local apt repos. + apt_repository: + repo: "{{ item }}" + state: present + update_cache: no + mode: 0644 + with_items: "{{ apt_repos|list + common_apt_repos|list }}" + register: local_apt_repos + when: ansible_architecture != "aarch64" diff --git a/roles/testnode/tasks/apt_systems.yml b/roles/testnode/tasks/apt_systems.yml new file mode 100644 index 00000000..93d8cf8c --- /dev/null +++ b/roles/testnode/tasks/apt_systems.yml @@ -0,0 +1,88 @@ +--- +- name: Setup local repo files. + import_tasks: apt/repos.yml + tags: + - repos + +# http://tracker.ceph.com/issues/15090 +# We don't know why it's happening, but something is corrupting the +# apt-cache. Let's try just blasting it each time. +- name: Blast the apt cache. + command: + sudo apt-get clean + +- name: Update apt cache. + apt: + update_cache: yes + # try for 2 minutes before failing + retries: 24 + delay: 5 + tags: + - repos + - packages + +- name: Perform package related tasks. + import_tasks: apt/packages.yml + tags: + - packages + +# This was ported directly from chef. I was unable to figure out a better way +# to do this, but it seems to just be adding the user_xattr option to the root filesystem mount. +# I believe perl was used here initially because the mount resources provided by chef and ansible +# require both the name (i.e. /) and the source (UUID="") to ensure it's editing the correct line +# in /etc/fstab. This won't work for us because the root file system source (UUID or label) is different depending +# on the image used to create this node (downburst and cobbler use different images). +- name: Use perl to add user_xattr to the root mount options in fstab. + command: + perl -pe 'if (m{^([^#]\S*\s+/\s+\S+\s+)(\S+)(\s+.*)$}) { $_="$1$2,user_xattr$3\n" unless $2=~m{(^|,)user_xattr(,|$)}; }' -i.bak /etc/fstab + args: + creates: /etc/fstab.bak + register: add_user_xattr + when: + - modify_fstab == true + - not containerized_node + +- name: Enable xattr for this boot. + command: + mount -o remount,user_xattr / + when: add_user_xattr is defined and + add_user_xattr is changed + +- name: Ensure fuse, kvm and disk groups exist. + group: + name: "{{ item }}" + state: present + with_items: + - fuse + - kvm + - disk + +- name: Upload /etc/fuse.conf. + template: + src: fuse.conf + dest: /etc/fuse.conf + owner: root + group: fuse + mode: 0644 + +- name: Add teuthology user to groups fuse, kvm and disk. + user: + name: "{{ teuthology_user }}" + # group sets the primary group, while groups just adds + # the user to the specified group or groups. + groups: fuse,kvm,disk + append: yes + +- import_tasks: static_ip.yml + when: + - "'vps' not in group_names" + - not containerized_node + +- name: Stop apache2 + service: + name: apache2 + state: stopped + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" + when: + - not containerized_node diff --git a/roles/testnode/tasks/cachefilesd.yaml b/roles/testnode/tasks/cachefilesd.yaml new file mode 100644 index 00000000..7101569c --- /dev/null +++ b/roles/testnode/tasks/cachefilesd.yaml @@ -0,0 +1,21 @@ +--- +- name: Install cachefilesd + package: + name: cachefilesd + state: latest + +- name: Install cachefilesd conf file + template: + src: cachefilesd.j2 + dest: /etc/cachefilesd.conf + +- name: Restart cachefilesd + service: + name: cachefilesd + state: restarted + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" + +- name: Restart cachefilesd + shell: systemctl restart cachefilesd + when: "'ceph' in ansible_kernel" diff --git a/roles/testnode/tasks/check-for-nvme.yml b/roles/testnode/tasks/check-for-nvme.yml new file mode 100644 index 00000000..40238027 --- /dev/null +++ b/roles/testnode/tasks/check-for-nvme.yml @@ -0,0 +1,41 @@ +--- +# NVMe cards have started failing frequently. These tasks will mark a +# system down in the paddles DB so it doesn't repeatedly fail jobs if the device is missing. +# https://wiki.sepia.ceph.com/doku.php?id=hardware:smithi&#nvme_failure_tracking +# These tasks can also be used by a few machine types in Octo + +# Default to false +- set_fact: + nvme_card_present: false + +- name: Check for NVMe drive + set_fact: + nvme_card_present: true + with_items: "{{ ansible_devices }}" + when: "'nvme' in item" + +- name: Check for teuthology-lock command + local_action: shell which teuthology-lock + register: teuthology_lock + ignore_errors: true + become: false + +- name: Mark system down if NVMe card missing + local_action: "shell {{ teuthology_lock.stdout }} --update --status down {{ inventory_hostname }}" + become: false + when: + - teuthology_lock.rc == 0 + - nvme_card_present == false + +- name: Update description in paddles lock DB if NVMe card missing + local_action: "shell {{ teuthology_lock.stdout }} --update --desc 'Marked down by ceph-cm-ansible due to missing NVMe card {{ ansible_date_time.iso8601 }}' {{ inventory_hostname }}" + become: false + when: + - teuthology_lock.rc == 0 + - nvme_card_present == false + +- name: Fail rest of playbook due to missing NVMe card + fail: + msg: "Failing rest of playbook due to missing NVMe card" + when: + - nvme_card_present == false diff --git a/roles/testnode/tasks/cloud-init.yml b/roles/testnode/tasks/cloud-init.yml new file mode 100644 index 00000000..b266e09a --- /dev/null +++ b/roles/testnode/tasks/cloud-init.yml @@ -0,0 +1,8 @@ +--- +# Older versions of cloud-init are not writing to a file needed +# to keep hostname across reboots on a non-centos/rhel kernel. +- name: Include hostname in /etc/sysconfig/network + lineinfile: + dest: /etc/sysconfig/network + line: "HOSTNAME={{ ansible_hostname }}" + regexp: "^HOSTNAME=*" diff --git a/roles/testnode/tasks/configure_lvm.yml b/roles/testnode/tasks/configure_lvm.yml new file mode 100644 index 00000000..773cce1f --- /dev/null +++ b/roles/testnode/tasks/configure_lvm.yml @@ -0,0 +1,88 @@ +--- +- name: Set root disk + set_fact: + root_disk: "{{ item.device|regex_replace('[0-9]+', '')|regex_replace('/dev/', '') }}" + with_items: "{{ ansible_mounts }}" + when: + - item.mount == '/' + - quick_lvs_to_create is defined + +- name: Combine list of non-root disks + set_fact: + disks_for_vg: "{{ ansible_devices.keys() | sort | reject('match',root_disk) | reject('match','loop') | reject('match','ram') | reject('match','dm-') | map('regex_replace','^','/dev/') | join(',') }}" + when: quick_lvs_to_create is defined + +- set_fact: vg_name=vg_hdd + when: + - disks_for_vg is defined + - "'nvme' not in disks_for_vg" + +- set_fact: vg_name=vg_nvme + when: + - disks_for_vg is defined + - "'nvme' in disks_for_vg" + +- name: Create volume_groups dict + set_fact: + volume_groups: + "{'{{ vg_name }}': {'pvs': '{{ disks_for_vg }}' }}" + when: vg_name is defined + +# This isn't perfect but with the |int at the end, this'll just round down +# if quick_lvs_to_create won't divide evenly to make sure the VG doesn't run out of space +- name: Determine desired logical volume percentage size + set_fact: + quick_lv_size: "{{ (100 / quick_lvs_to_create|int)|int }}" + when: quick_lvs_to_create is defined + +- name: Create logical_volumes dict + set_fact: + logical_volumes: + "{ + {%- for lv in range(quick_lvs_to_create|int) -%} + 'lv_{{ lv + 1 }}': + { + 'vg': '{{ vg_name }}', + 'size': '{{ quick_lv_size }}%VG', + 'scratch_dev': true + } + {%- if not loop.last -%} + , + {%- endif -%} + {%- endfor -%} + }" + when: quick_lvs_to_create is defined + +- name: "Create volume group(s)" + lvg: + vg: "{{ item.key }}" + pvs: "{{ item.value.pvs }}" + state: present + with_dict: "{{ volume_groups }}" + when: volume_groups is defined + +- name: "Create logical volume(s)" + lvol: + vg: "{{ item.value.vg }}" + lv: "{{ item.key }}" + size: "{{ item.value.size }}" + with_dict: "{{ logical_volumes }}" + when: logical_volumes is defined + +- name: "Erase /scratch_devs so we know it's accurate" + file: + path: /scratch_devs + state: absent + +- name: "Write /scratch_devs" + lineinfile: + dest: /scratch_devs + create: yes + owner: root + group: root + mode: 0644 + line: "/dev/{{ item.value.vg }}/{{ item.key }}" + with_dict: "{{ logical_volumes }}" + when: + - logical_volumes is defined + - item.value.scratch_dev is defined diff --git a/roles/testnode/tasks/cpan.yml b/roles/testnode/tasks/cpan.yml new file mode 100644 index 00000000..2925c8d4 --- /dev/null +++ b/roles/testnode/tasks/cpan.yml @@ -0,0 +1,53 @@ +--- +- name: Add CPAN config directory for the teuthology user. + file: + path: "/home/{{ teuthology_user }}/.cpan/CPAN/" + owner: "{{ teuthology_user }}" + group: "{{ teuthology_user }}" + mode: 0755 + recurse: yes + state: directory + +- name: Add CPAN config directory for the root user. + file: + path: /root/.cpan/CPAN/ + owner: root + group: root + mode: 0755 + recurse: yes + state: directory + +- name: Upload CPAN config for the teuthology user. + template: + src: cpan_config.pm + dest: "/home/{{ teuthology_user }}/.cpan/CPAN/MyConfig.pm" + owner: "{{ teuthology_user }}" + group: "{{ teuthology_user }}" + mode: 0755 + +- name: Upload CPAN config for root. + template: + src: cpan_config.pm + dest: /root/.cpan/CPAN/MyConfig.pm + owner: root + group: root + mode: 0755 + +- name: Ensure perl-doc and cpanminus is installed on apt systems. + apt: name={{ item }} state=present + with_items: + - cpanminus + - perl-doc + when: ansible_pkg_mgr == "apt" + +- name: "Check to see if Amazon::S3 is installed." + command: "perldoc -l Amazon::S3" + register: cpan_check + ignore_errors: true + changed_when: false + +- name: "Install Amazon::S3." + cpanm: + name: "Amazon::S3" + when: cpan_check is defined and + cpan_check.rc != 0 diff --git a/roles/testnode/tasks/drive_partitioning.yml b/roles/testnode/tasks/drive_partitioning.yml new file mode 100644 index 00000000..c8595cf6 --- /dev/null +++ b/roles/testnode/tasks/drive_partitioning.yml @@ -0,0 +1,33 @@ +--- +# Partition a data drive, like the nvme devices in smithi. Only included +# if drives_to_partition is defined. + +- name: "Write a new partition table to {{ item.value.device }}" + command: "parted -s {{ item.value.device }} mktable gpt" + with_dict: "{{ drives_to_partition }}" + +- name: "Write partition entries to {{ item.0.device }}" + command: "parted {{ item.0.device }} unit '{{ item.0.unit }}' mkpart foo {{ item.1 }}" + with_subelements: + - "{{ drives_to_partition }}" + - sizes + +- name: "Erase /scratch_devs so we know it's accurate" + file: + path: /scratch_devs + state: absent + +- name: "Write /scratch_devs for {{ item.0.device }}" + lineinfile: + dest: /scratch_devs + create: yes + owner: root + group: root + mode: 0644 + line: "{{ item.0.device }}{{ item.1 }}" + with_subelements: + - "{{ drives_to_partition }}" + - scratch_devs + - flags: + # In case you want to partition a drive but not use it as a scratch device + skip_missing: True diff --git a/roles/testnode/tasks/filesystems.yml b/roles/testnode/tasks/filesystems.yml new file mode 100644 index 00000000..54dc29ed --- /dev/null +++ b/roles/testnode/tasks/filesystems.yml @@ -0,0 +1,14 @@ +--- +- name: Create filesystems + filesystem: + dev: "{{ item.value.device }}" + fstype: "{{ item.value.fstype }}" + with_dict: "{{ filesystems }}" + +- name: Mount filesystems + mount: + path: "{{ item.value.mountpoint }}" + src: "{{ item.value.device }}" + fstype: "{{ item.value.fstype }}" + state: mounted + with_dict: "{{ filesystems }}" diff --git a/roles/testnode/tasks/imitate_ubuntu.yml b/roles/testnode/tasks/imitate_ubuntu.yml new file mode 100644 index 00000000..fcaca9d3 --- /dev/null +++ b/roles/testnode/tasks/imitate_ubuntu.yml @@ -0,0 +1,22 @@ +--- +# plays that make centos and rhel act or look +# like an ubuntu system for ease of testing + +- name: Make raid/smart scripts work. + file: + state: link + src: /sbin/lspci + dest: /usr/bin/lspci + force: yes + +- name: Create FStest ubuntu directory. + file: + state: directory + dest: /usr/lib/ltp/testcases/bin + +- name: Make fsstress same path as ubuntu. + file: + state: link + src: /usr/bin/fsstress + dest: /usr/lib/ltp/testcases/bin/fsstress + force: yes diff --git a/roles/testnode/tasks/lvm.yml b/roles/testnode/tasks/lvm.yml new file mode 100644 index 00000000..9767bbc9 --- /dev/null +++ b/roles/testnode/tasks/lvm.yml @@ -0,0 +1,13 @@ +--- +- name: Edit lvm.conf to support LVM on kRBD. + lineinfile: + dest: /etc/lvm/lvm.conf + regexp: "# types =" + line: 'types = [ "rbd", 16 ]' + backrefs: yes + state: present + +- import_tasks: configure_lvm.yml + when: (logical_volumes is defined) or + (volume_groups is defined) or + (quick_lvs_to_create is defined) diff --git a/roles/testnode/tasks/main.yml b/roles/testnode/tasks/main.yml new file mode 100644 index 00000000..b68c0f8c --- /dev/null +++ b/roles/testnode/tasks/main.yml @@ -0,0 +1,159 @@ +--- +# loading vars +- import_tasks: vars.yml + tags: + - vars + - always + +- import_tasks: user.yml + tags: + - user + +- name: Set a high max open files limit for the teuthology user. + template: + src: security_limits.conf + dest: "/etc/security/limits.d/{{ teuthology_user }}.conf" + owner: root + group: root + mode: 0755 + when: ansible_pkg_mgr != "zypper" + +- name: Set the hostname + import_tasks: set_hostname.yml + when: lab_domain != "" + tags: + - hostname + +- name: configure ssh + import_tasks: ssh.yml + tags: + - ssh + +- name: configure things specific to yum systems + import_tasks: yum_systems.yml + when: ansible_os_family == "RedHat" + +- name: configure things specific to apt systems + import_tasks: apt_systems.yml + when: ansible_pkg_mgr == "apt" + +- name: configure things specific to zypper systems + import_tasks: zypper_systems.yml + when: ansible_pkg_mgr == "zypper" + +- name: configure centos specific things + import_tasks: setup-centos.yml + when: ansible_distribution == "CentOS" + +- name: configure red hat specific things + import_tasks: setup-redhat.yml + when: ansible_distribution == 'RedHat' + +- name: configure fedora specific things + import_tasks: setup-fedora.yml + when: ansible_distribution == "Fedora" + +- name: configure ubuntu specific things + import_tasks: setup-ubuntu.yml + when: ansible_distribution == "Ubuntu" + +- name: configure ubuntu non-aarch64 specific things + import_tasks: setup-ubuntu-non-aarch64.yml + when: + ansible_distribution == "Ubuntu" and + ansible_architecture != "aarch64" and + not containerized_node + +- name: configure debian specific things + import_tasks: setup-debian.yml + when: ansible_distribution == "Debian" + +- name: configure opensuse specific things + import_tasks: setup-opensuse.yml + when: ansible_distribution == "openSUSE" + +- import_tasks: check-for-nvme.yml + when: check_for_nvme == true + +- import_tasks: zap_disks.yml + tags: + - zap + +- name: partition drives, if any are requested + import_tasks: drive_partitioning.yml + when: drives_to_partition is defined + tags: + - partition + +- name: set up LVM + import_tasks: lvm.yml + tags: + - lvm + +- name: set up filesystems + import_tasks: filesystems.yml + tags: + - filesystems + when: filesystems is defined + +- name: mount /var/lib/ceph to specified partition + import_tasks: var_lib.yml + when: var_lib_partition is defined + tags: + - varlib + +- import_tasks: cachefilesd.yaml + when: configure_cachefilesd|bool == true + tags: + - cachefilesd + +# Install and configure cpan and Amazon::S3 +- import_tasks: cpan.yml + tags: + - cpan + when: + - ansible_os_family != "RedHat" + - ansible_distribution_major_version != 8 + +# configure ntp +- import_tasks: ntp.yml + tags: + - ntp-client + +- name: configure pip to use our mirror + import_tasks: pip.yml + tags: + - pip + +- name: include resolv.conf setup + import_tasks: resolvconf.yml + tags: + - resolvconf + +# http://tracker.ceph.com/issues/20623 +- name: List any leftover Ceph artifacts from previous jobs + shell: 'find {{ item }} -name "*ceph*"' + with_items: + - /var/run/ + - /etc/systemd/system/ + - /etc/ceph + - /var/log/ + register: ceph_test_artifacts + changed_when: ceph_test_artifacts.stdout != "" + failed_when: ceph_test_artifacts.rc != 0 and + "No such file or directory" not in ceph_test_artifacts.stderr and + "File system loop detected" not in ceph_test_artifacts.stderr + +- name: Delete any leftover Ceph artifacts from previous jobs + file: + path: "{{ item }}" + state: absent + with_items: "{{ ceph_test_artifacts.results|map(attribute='stdout_lines')|list }}" + +# Touch a file to indicate we are done. This is something chef did; +# teuthology.task.internal.vm_setup() expects it. +- name: Touch /ceph-qa-ready + file: + path: /ceph-qa-ready + state: touch + when: (ran_from_cephlab_playbook is undefined or not ran_from_cephlab_playbook|bool) diff --git a/roles/testnode/tasks/nfs.yml b/roles/testnode/tasks/nfs.yml new file mode 100644 index 00000000..71046550 --- /dev/null +++ b/roles/testnode/tasks/nfs.yml @@ -0,0 +1,18 @@ +--- +- name: Upload a dummy nfs export so that the nfs kernel server starts. + template: + src: exports + dest: /etc/exports + owner: root + group: root + mode: 0644 + notify: + - start rpcbind + - restart nfs-server + +- name: Enable nfs-server on rhel 7.x. + service: + name: "{{ nfs_service }}" + enabled: true + when: ansible_distribution == "RedHat" and + ansible_distribution_major_version == "7" diff --git a/roles/testnode/tasks/ntp.yml b/roles/testnode/tasks/ntp.yml new file mode 100644 index 00000000..f93bef2e --- /dev/null +++ b/roles/testnode/tasks/ntp.yml @@ -0,0 +1,56 @@ +--- +- name: Install ntp package on rpm based systems. + yum: + name: ntp + state: present + when: ansible_pkg_mgr == "yum" + tags: + - packages + +- name: Install ntp package on apt based systems. + apt: + name: ntp + state: present + when: ansible_pkg_mgr == "apt" + tags: + - packages + +# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806556. +# ifdown/ifup would often leave ntpd not running on xenial. +# We do our own ntpdate dance in teuthology's clock task. +- name: Remove racy /etc/network/if-up.d/ntpdate on xenial + file: + name: /etc/network/if-up.d/ntpdate + state: absent + when: ansible_distribution == "Ubuntu" and + ansible_distribution_major_version == '16' + +- name: Create the ntp.conf file. + template: + src: ntp.conf + dest: /etc/ntp.conf + owner: root + group: root + mode: 0644 + notify: + - restart ntp + when: ntp_service_name == "ntp" or ntp_service_name == "ntpd" + +- name: Create the chrony.conf file + template: + src: chrony.conf + dest: /etc/chrony.conf + owner: root + group: root + mode: 0644 + notify: + - restart ntp + when: ntp_service_name == "chronyd" + +- name: Make sure ntpd is running. + service: + name: "{{ ntp_service_name }}" + enabled: yes + state: started + # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts + ignore_errors: "{{ 'ceph' in ansible_kernel }}" diff --git a/roles/testnode/tasks/pip.yml b/roles/testnode/tasks/pip.yml new file mode 100644 index 00000000..8ef9c6b5 --- /dev/null +++ b/roles/testnode/tasks/pip.yml @@ -0,0 +1,61 @@ +--- +# Default to python2 version +- set_fact: + pip_version: python-pip + pip_executable: pip + +# Start using python3-pip on Ubuntu 20.04 and later +# Add appropriate `or` statements for other python3-only distros +- set_fact: + pip_version: python3-pip + pip_executable: pip3 + # You would think this ansible_python_interpreter=/usr/bin/python3 is already the default + # (hint: it is) but the pip module at the bottom insisted on using the python2 version of + # setuptools despite this default *and* giving you the option to set the executable to pip3. + # For some reason, reminding ansible this is a python3 host here makes the pip module work. + ansible_python_interpreter: /usr/bin/python3 + when: (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int >= 20) or + (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int >= 8) + +# python-pip installed during packages task on Fedora since epel doesn't exist +- name: Install python-pip on rpm based systems. + yum: + name: "{{ pip_version }}" + state: present + enablerepo: epel + when: ansible_pkg_mgr == "yum" and ansible_distribution != 'Fedora' + +- name: Install python-pip on apt based systems. + apt: + name: "{{ pip_version }}" + state: present + when: ansible_pkg_mgr == "apt" + +- name: Install python-pip on zypper based systems. + zypper: + name: + - python2-pip + - python3-pip + state: present + when: ansible_pkg_mgr == "zypper" + +- name: Create the .pip directory for the teuthology user. + file: + path: "/home/{{ teuthology_user }}/.pip" + owner: "{{ teuthology_user }}" + group: "{{ teuthology_user }}" + mode: 0644 + state: directory + +- name: Create pip.conf and configure it to use our mirror + template: + src: pip.conf + dest: "/home/{{ teuthology_user }}/.pip/pip.conf" + owner: "{{ teuthology_user }}" + group: "{{ teuthology_user }}" + mode: 0644 + +- name: Install packages via pip + pip: + name: "{{ pip_packages_to_install|list }}" + executable: "{{ pip_executable }}" diff --git a/roles/testnode/tasks/redhat/rhel_6.yml b/roles/testnode/tasks/redhat/rhel_6.yml new file mode 100644 index 00000000..92353c5c --- /dev/null +++ b/roles/testnode/tasks/redhat/rhel_6.yml @@ -0,0 +1,5 @@ +--- +- name: Fix broken cloud-init + import_tasks: ../cloud-init.yml + +- import_tasks: ../imitate_ubuntu.yml diff --git a/roles/testnode/tasks/redhat/rhel_7.yml b/roles/testnode/tasks/redhat/rhel_7.yml new file mode 100644 index 00000000..262ec0cc --- /dev/null +++ b/roles/testnode/tasks/redhat/rhel_7.yml @@ -0,0 +1,4 @@ +--- +- import_tasks: ../nfs.yml + tags: + - nfs diff --git a/roles/testnode/tasks/resolvconf.yml b/roles/testnode/tasks/resolvconf.yml new file mode 100644 index 00000000..eb12133a --- /dev/null +++ b/roles/testnode/tasks/resolvconf.yml @@ -0,0 +1,61 @@ +--- +- name: Purge resolvconf + apt: + name: resolvconf + state: absent + purge: yes + when: ansible_pkg_mgr == "apt" + +- name: Set interface + set_fact: + interface: "{{ ansible_default_ipv4.interface }}" + +- name: Check for presence of /etc/network/interfaces + stat: + path: /etc/network/interfaces + get_checksum: no + register: etc_network_interfaces + +- name: Rewrite /etc/network/interfaces to use dhcp + replace: + dest: /etc/network/interfaces + # This regexp matches a stanza like: + # + # iface eth0 inet static + # address 10.8.128.17 + # netmask 255.255.248.0 + # gateway 10.8.135.254 + # broadcast 10.8.135.255 + # + # It also handles cases where the entire stanza has whitespace in front of it. + regexp: '^ *iface {{ interface }} inet static(\n\ +[^\s]+.*)+' + replace: "iface {{ interface }} inet dhcp\n" + when: etc_network_interfaces.stat.exists + register: dhcp_enabled + +- name: Set bounce_interface if we just enabled dhcp + set_fact: + bounce_interface: "{{ dhcp_enabled is changed }}" + +- name: ifdown and ifup + shell: "ifdown {{ interface }} && ifup {{ interface }}" + # Even if bounce_interface is False, we need to work around a Xenial issue + # where purging resolvconf breaks DNS by removing /etc/resolv.conf. Bouncing + # the interface rebuilds it. + # The Ubuntu bug is: + # https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1593489 + when: bounce_interface == "True" or + (ansible_distribution|lower == 'ubuntu' and + ansible_distribution_major_version|int == 16) + +- name: Ensure lab_domain is in search domains in /etc/resolv.conf + lineinfile: + dest: /etc/resolv.conf + regexp: "^search .*" + line: "search {{ lab_domain }}" + +- name: Ensure domain is set in /etc/resolv.conf + lineinfile: + dest: /etc/resolv.conf + regexp: "^domain .*" + line: "domain {{ lab_domain }}" diff --git a/roles/testnode/tasks/set_hostname.yml b/roles/testnode/tasks/set_hostname.yml new file mode 100644 index 00000000..8387d22c --- /dev/null +++ b/roles/testnode/tasks/set_hostname.yml @@ -0,0 +1,10 @@ +--- +- name: Set hostname var + set_fact: + hostname: "{{ inventory_hostname.split('.')[0] }}" + +- name: "Set the system's hostname" + hostname: + name: "{{ hostname }}" + # https://github.com/ansible/ansible/issues/42726 + when: ansible_os_family != "Suse" diff --git a/roles/testnode/tasks/setup-centos.yml b/roles/testnode/tasks/setup-centos.yml new file mode 100644 index 00000000..f0140a21 --- /dev/null +++ b/roles/testnode/tasks/setup-centos.yml @@ -0,0 +1,6 @@ +--- +- name: Fix broken cloud-init + import_tasks: cloud-init.yml + when: ansible_distribution_major_version == "6" + +- import_tasks: imitate_ubuntu.yml diff --git a/roles/testnode/tasks/setup-debian.yml b/roles/testnode/tasks/setup-debian.yml new file mode 100644 index 00000000..dd658085 --- /dev/null +++ b/roles/testnode/tasks/setup-debian.yml @@ -0,0 +1,33 @@ +--- +- name: Work around broken wget on wheezy. + template: + src: wgetrc + dest: /etc/wgetrc + owner: root + group: root + mode: 0644 + +- name: Stop collectl + service: + name: collectl + state: stopped + +- name: Add PATH to the teuthology_user .bashrc. + lineinfile: + dest: "/home/{{ teuthology_user }}/.bashrc" + line: "export PATH=$PATH:/usr/sbin" + insertbefore: BOF + state: present + +- name: Check to see if we need to edit /etc/profile. + command: + grep '/usr/games:/usr/sbin' /etc/profile + register: update_profile + changed_when: false + ignore_errors: true + +- name: Update /etc/profile if needed. + command: + sed -i 's/\/usr\/games"/\/usr\/games:\/usr\/sbin"/g' /etc/profile + when: update_profile is defined and + update_profile.rc != 0 diff --git a/roles/testnode/tasks/setup-fedora.yml b/roles/testnode/tasks/setup-fedora.yml new file mode 100644 index 00000000..b35caf32 --- /dev/null +++ b/roles/testnode/tasks/setup-fedora.yml @@ -0,0 +1,10 @@ +--- +- import_tasks: imitate_ubuntu.yml + +- name: Set grub config. + template: + src: grub + dest: /etc/default/grub + owner: root + group: root + mode: 0644 diff --git a/roles/testnode/tasks/setup-opensuse.yml b/roles/testnode/tasks/setup-opensuse.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/testnode/tasks/setup-redhat.yml b/roles/testnode/tasks/setup-redhat.yml new file mode 100644 index 00000000..e853612c --- /dev/null +++ b/roles/testnode/tasks/setup-redhat.yml @@ -0,0 +1,8 @@ +--- +- name: Include rhel 7.x specific tasks. + import_tasks: redhat/rhel_7.yml + when: ansible_distribution_major_version == "7" + +- name: Include rhel 6.x specific tasks. + import_tasks: redhat/rhel_6.yml + when: ansible_distribution_major_version == "6" diff --git a/roles/testnode/tasks/setup-ubuntu-non-aarch64.yml b/roles/testnode/tasks/setup-ubuntu-non-aarch64.yml new file mode 100644 index 00000000..de752d3e --- /dev/null +++ b/roles/testnode/tasks/setup-ubuntu-non-aarch64.yml @@ -0,0 +1,37 @@ +--- +- name: Upload weekly kernel-clean crontab. + template: + src: cron/kernel-clean + dest: /etc/cron.weekly/kernel-clean + owner: root + group: root + mode: 0755 + notify: + - restart cron + +- name: Upload /etc/grub.d/02_force_timeout. + template: + src: grub.d/02_force_timeout + dest: /etc/grub.d/02_force_timeout + owner: root + group: root + mode: 0755 + +- name: Enable kernel modules to load at boot time. + template: + src: modules + dest: /etc/modules + owner: root + group: root + mode: 0644 + +- name: Enabling auto-fsck fix to prevent boot hangup. + lineinfile: + dest: /etc/default/rcS + line: "FSCKFIX=yes" + regexp: "FSCKFIX=no" + create: yes + # backrefs makes it so that if the regexp + # isn't found the file is left unchanged + backrefs: yes + state: present diff --git a/roles/testnode/tasks/setup-ubuntu.yml b/roles/testnode/tasks/setup-ubuntu.yml new file mode 100644 index 00000000..5c95336d --- /dev/null +++ b/roles/testnode/tasks/setup-ubuntu.yml @@ -0,0 +1,9 @@ +--- +- name: Remove /etc/ceph + file: + path: /etc/ceph + state: absent + +- import_tasks: nfs.yml + tags: + - nfs diff --git a/roles/testnode/tasks/ssh.yml b/roles/testnode/tasks/ssh.yml new file mode 100644 index 00000000..a0f14550 --- /dev/null +++ b/roles/testnode/tasks/ssh.yml @@ -0,0 +1,31 @@ +--- +- name: Upload distro major version specific sshd_config + template: + src: "ssh/sshd_config_{{ ansible_distribution | lower | regex_replace(' ', '_') }}_{{ ansible_distribution_major_version }}" + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: 0755 + notify: + - restart ssh + +- name: Upload ssh_config + template: + src: ssh/ssh_config + dest: /etc/ssh/ssh_config + owner: root + group: root + mode: 0755 + +- name: Add ssh pubkeys + authorized_key: + user="{{ teuthology_user }}" + key=https://raw.githubusercontent.com/ceph/keys/autogenerated/ssh/@all.pub + # Register and retry to work around transient githubusercontent.com issues + register: ssh_key_update + until: ssh_key_update is success + # try for 2 minutes to retrieve the key before failing + retries: 24 + delay: 5 + tags: + - pubkeys diff --git a/roles/testnode/tasks/static_ip.yml b/roles/testnode/tasks/static_ip.yml new file mode 100644 index 00000000..005ab0ce --- /dev/null +++ b/roles/testnode/tasks/static_ip.yml @@ -0,0 +1,8 @@ +--- +- name: Set up static IP in /etc/hosts. + lineinfile: + dest: /etc/hosts + line: "{{ ansible_default_ipv4['address'] }} {{ ansible_fqdn }} {{ ansible_hostname }}" + regexp: "^127.0.1.1" + backrefs: yes + state: present diff --git a/roles/testnode/tasks/user.yml b/roles/testnode/tasks/user.yml new file mode 100644 index 00000000..ec83b9ae --- /dev/null +++ b/roles/testnode/tasks/user.yml @@ -0,0 +1,37 @@ +--- +- name: Ensure the sudo group exists. + group: + name: sudo + state: present + +- name: Ensure the teuthology_user group exists. + group: + name: "{{ teuthology_user }}" + state: present + +- name: Create the teuthology user. + user: + name: "{{ teuthology_user }}" + # apparently some ceph tests fail without this uid + # https://github.com/ceph/ceph-qa-chef/commit/5678cc3893fd1cc291254e4d1abe6705e6a9bbb0 + uid: 1000 + group: "{{ teuthology_user }}" + groups: sudo + shell: /bin/bash + state: present + # If we're currently running as teuthology_user, we won't be able to modify + # the account + when: teuthology_user != ansible_ssh_user + register: teuthology_user_existence + +# If the teuthology_user was just created, delete its password +- name: Delete the teuthology users password. + command: "passwd -d {{ teuthology_user }}" + when: teuthology_user_existence is defined and + teuthology_user_existence is changed + +- name: Add a user for xfstests to test user quotas. + user: + name: "{{ xfstests_user }}" + uid: 10101 + state: present diff --git a/roles/testnode/tasks/var_lib.yml b/roles/testnode/tasks/var_lib.yml new file mode 100644 index 00000000..324dc681 --- /dev/null +++ b/roles/testnode/tasks/var_lib.yml @@ -0,0 +1,31 @@ +--- +# This set of tasks is intended to mount a small NVMe partition to /var/lib/ceph +# to fix http://tracker.ceph.com/issues/20910 + +- name: "Create /var/lib/ceph" + file: + path: "/var/lib/ceph" + state: directory + +- name: Set xfs_opts on newer OSes + set_fact: + xfs_opts: "-m crc=0,finobt=0" + when: (ansible_distribution | lower == 'ubuntu' and ansible_distribution_major_version|int >= 16) or + (ansible_distribution | lower in ['centos', 'rhel'] and ansible_distribution_major_version|int >= 7) + +- name: "Create xfs filesystem on {{ var_lib_partition }}" + filesystem: + dev: "{{ var_lib_partition }}" + fstype: xfs + force: yes + # Don't use a version 5 superblock as it's too new for some kernels + opts: "{{ xfs_opts|default('') }}" + +- name: "Mount {{ var_lib_partition }} to /var/lib/ceph" + mount: + path: "/var/lib/ceph" + src: "{{ var_lib_partition }}" + fstype: xfs + # Don't fail to boot if the mount fails + opts: defaults,nofail + state: mounted diff --git a/roles/testnode/tasks/vars.yml b/roles/testnode/tasks/vars.yml new file mode 100644 index 00000000..857b2324 --- /dev/null +++ b/roles/testnode/tasks/vars.yml @@ -0,0 +1,21 @@ +--- +- name: Include package type specific vars. + include_vars: "{{ ansible_pkg_mgr }}_systems.yml" + +- name: Including distro specific variables. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower | regex_replace(' ', '_') }}.yml" + - empty.yml + +- name: Including major version specific variables. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower | regex_replace(' ', '_') }}_{{ ansible_distribution_major_version }}.yml" + - empty.yml + +- name: Including version specific variables. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower | regex_replace(' ', '_') }}_{{ ansible_distribution_version }}.yml" + - empty.yml diff --git a/roles/testnode/tasks/yum/abrt.yml b/roles/testnode/tasks/yum/abrt.yml new file mode 100644 index 00000000..2e6ad2f0 --- /dev/null +++ b/roles/testnode/tasks/yum/abrt.yml @@ -0,0 +1,25 @@ +--- +- name: Install abrt + yum: + name: abrt + state: installed + +- name: Enable abrt-auto-reporting + command: abrt-auto-reporting enabled + +- name: Set OpenGPGCheck in abrt-action-save-package-data.conf + lineinfile: + path: /etc/abrt/abrt-action-save-package-data.conf + regexp: '^OpenGPGCheck' + line: 'OpenGPGCheck no' + +- name: Set ProcessUnpackaged in abrt-action-save-package-data.conf + lineinfile: + path: /etc/abrt/abrt-action-save-package-data.conf + regexp: '^ProcessUnpackaged' + line: 'ProcessUnpackaged no' + +- name: Restart abrtd + service: + name: abrtd + state: restarted diff --git a/roles/testnode/tasks/yum/firewall.yml b/roles/testnode/tasks/yum/firewall.yml new file mode 100644 index 00000000..7835caed --- /dev/null +++ b/roles/testnode/tasks/yum/firewall.yml @@ -0,0 +1,18 @@ +--- +# There have been instances where iptables is installed on EL7 testnodes. +# This task will make sure both services are stopped and disabled regardless +# of OS version. + +- name: Stop and disable firewalld + service: + name: firewalld + state: stopped + enabled: no + ignore_errors: true + +- name: Stop and disable iptables + service: + name: iptables + state: stopped + enabled: no + ignore_errors: true diff --git a/roles/testnode/tasks/yum/gpg_keys.yml b/roles/testnode/tasks/yum/gpg_keys.yml new file mode 100644 index 00000000..5c216c98 --- /dev/null +++ b/roles/testnode/tasks/yum/gpg_keys.yml @@ -0,0 +1,18 @@ +--- +# this is needed for the rpm_key module so it can +# figure out if the key you're adding is already +# installed or not. +- name: Install GPG + yum: + name: gpg + state: present + +- name: Install GPG keys + rpm_key: + state: present + key: "{{ item }}" + validate_certs: no + with_items: + - 'https://{{ key_host }}/keys/release.asc' + - 'https://{{ key_host }}/keys/autobuild.asc' + register: gpg_keys diff --git a/roles/testnode/tasks/yum/packages.yml b/roles/testnode/tasks/yum/packages.yml new file mode 100644 index 00000000..010695ac --- /dev/null +++ b/roles/testnode/tasks/yum/packages.yml @@ -0,0 +1,70 @@ +--- +# this is needed for the yum-complete-transation command next +- name: Ensure yum_utils is present. + package: + name: yum-utils + state: present + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version|int <= 7 + +- name: Removing saved yum transactions + command: yum-complete-transaction --cleanup-only + register: transaction_cleanup + changed_when: "'Cleaning up' in transaction_cleanup.stdout" + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version|int <= 7 + +- name: Check if ceph-debuginfo is installed + command: rpm -q ceph-debuginfo + ignore_errors: yes + changed_when: false + register: bz1234967 + tags: + - remove-ceph + +- name: Work around https://bugzilla.redhat.com/show_bug.cgi?id=1234967 + command: rpm -e ceph-debuginfo + when: bz1234967 is defined and bz1234967.rc == 0 + tags: + - remove-ceph + +- name: Ensure ceph packages are not present. + package: + name: "{{ ceph_packages_to_remove|list }}" + state: absent + tags: + - remove-ceph + +- name: Ensure ceph dependency packages are not present. + package: + name: "{{ ceph_dependency_packages_to_remove|list }}" + state: absent + tags: + - remove-ceph-dependency + +- name: Install packages + package: + name: "{{ packages|list }}" + state: present + when: packages|length > 0 + +- name: Install epel packages + package: + name: "{{ epel_packages|list }}" + state: present + enablerepo: epel + when: epel_packages|length > 0 + +- name: Remove packages + package: + name: "{{ packages_to_remove|list }}" + state: absent + when: packages_to_remove|length > 0 + +- name: Upgrade packages + package: + name: "{{ packages_to_upgrade|list }}" + state: latest + when: packages_to_upgrade|length > 0 diff --git a/roles/testnode/tasks/yum/repos.yml b/roles/testnode/tasks/yum/repos.yml new file mode 100644 index 00000000..8caecc41 --- /dev/null +++ b/roles/testnode/tasks/yum/repos.yml @@ -0,0 +1,62 @@ +--- +- name: Configure local mirrorlists + template: + src: 'mirrorlists/{{ ansible_distribution_major_version }}/{{ item }}' + dest: '/etc/yum.repos.d/{{ item }}' + owner: root + group: root + mode: 0644 + with_items: "{{ yum_mirrorlists }}" + when: yum_mirrorlists is defined + +- name: Configure common additional repos in /etc/yum.repos.d/ + template: + src: yum_repo.j2 + dest: /etc/yum.repos.d/{{ item.key }}.repo + owner: root + group: root + mode: 0644 + register: repo_file + with_dict: "{{ common_yum_repos }}" + when: common_yum_repos.keys() | length > 0 + +- name: Configure version specific repos in /etc/yum.repos.d/ + template: + src: yum_repo.j2 + dest: /etc/yum.repos.d/{{ item.key }}.repo + owner: root + group: root + mode: 0644 + register: version_repo_file + with_dict: "{{ yum_repos|default({}) | combine(additional_yum_repos|default({}), recursive=True) }}" + when: (yum_repos.keys() | length > 0) or (additional_yum_repos.keys() | length > 0) + +- name: Enable copr repos + command: "dnf -y copr enable {{ item }}" + with_items: "{{ copr_repos }}" + when: + - (ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8) + - copr_repos|length > 0 + +- name: Enable PowerTools on CentOS + command: "dnf -y config-manager --set-enabled powertools" + when: + - ansible_distribution == 'CentOS' + - ansible_distribution_major_version | int < 9 + +- name: Enable CodeReady Linux Builder on CentOS 9 + command: "dnf -y config-manager --set-enabled crb" + when: + - ansible_distribution == 'CentOS' + - ansible_distribution_major_version | int >= 9 + +- import_tasks: gpg_keys.yml + when: ansible_distribution == "Fedora" + tags: + - gpg-keys + +- name: Clean yum cache + shell: yum clean all + when: (repo_file is defined and repo_file is changed) or + (gpg_keys is defined and gpg_keys is changed) or + (version_repo_file is defined and version_repo_file is changed) diff --git a/roles/testnode/tasks/yum_systems.yml b/roles/testnode/tasks/yum_systems.yml new file mode 100644 index 00000000..09d13c87 --- /dev/null +++ b/roles/testnode/tasks/yum_systems.yml @@ -0,0 +1,107 @@ +--- +# Tasks common to all systems that use the yum +# package manager + +- name: Create remote.conf + template: + src: remote.conf + dest: /etc/security/limits.d/remote.conf + group: root + owner: root + mode: 0644 + when: + - not containerized_node + +- name: Set mode on /etc/fuse.conf + file: + path: /etc/fuse.conf + mode: 0644 + state: touch + changed_when: false + +- name: Ensure the group kvm exists. + group: + name: kvm + state: present + +- name: Add the teuthology user to groups kvm,disk + user: + name: "{{ teuthology_user }}" + groups: kvm,disk + append: yes + +- name: Configure /etc/sudoers. + template: + src: sudoers + dest: /etc/sudoers + owner: root + group: root + mode: 0440 + validate: visudo -cf %s + tags: + - sudoers + +- name: Configure /etc/security/limits.conf + template: + src: limits.conf + dest: /etc/security/limits.conf + group: root + owner: root + mode: 0644 + +# http://tracker.ceph.com/issues/15272 +# We don't know why it's happening, but something is corrupting the +# rpmdb. Let's try just rebuilding it every time. +- name: Rebuild rpmdb + command: + rpm --rebuilddb + # https://bugzilla.redhat.com/show_bug.cgi?id=1680124 + when: + not containerized_node + +- name: Check /etc/os-release to see if this is CentOS Stream + shell: "grep 'CentOS Stream' /etc/os-release || true" + register: stream_in_osrelease + tags: + - repos + +# Setting this var will add "-stream" to the mirrorlist/baseurl URLs in .repo files +- set_fact: + dash_stream: "-stream" + is_stream: true + when: (ansible_lsb.description is defined and "Stream" in ansible_lsb.description) or + stream_in_osrelease.stdout is search("CentOS Stream") + tags: + - repos + +- name: Setup local repo files. + import_tasks: yum/repos.yml + tags: + - repos + +# skip_packaging=true set in group_vars for OVH testnodes. We still want these +# tasks to run on CentOS though so we set it back to false here. +- set_fact: + skip_packaging: false + when: ansible_distribution != "RedHat" + tags: + - packages + +- name: Perform package related tasks. + import_tasks: yum/packages.yml + when: skip_packaging|default(false)|bool != true + tags: + - packages + +- name: Disable firewall + import_tasks: yum/firewall.yml + +- name: Enable SELinux + selinux: state=permissive policy=targeted + tags: + - selinux + +- name: Configure ABRT + import_tasks: yum/abrt.yml + when: configure_abrt|bool + tags: abrt diff --git a/roles/testnode/tasks/zap_disks.yml b/roles/testnode/tasks/zap_disks.yml new file mode 100644 index 00000000..560c3f77 --- /dev/null +++ b/roles/testnode/tasks/zap_disks.yml @@ -0,0 +1,84 @@ +--- +# These zap tasks are run on freshly reimaged cobbler_managed machines +# even when using the -stock profiles. Therefore, testnode package +# installation hasn't happened yet so we install zap dependencies here. + +- name: Make sure apt dependencies are installed + apt: + name: ['gdisk', 'dmsetup'] + state: present + when: ansible_os_family == "Debian" + +- name: Make sure rpm dependencies are installed + package: + name: ['gdisk', 'device-mapper'] + state: present + when: (ansible_distribution == "RedHat" and rhsm_registered is defined and rhsm_registered == true) or + (ansible_os_family == "RedHat" and ansible_distribution != "RedHat") + +- name: Set root disk + set_fact: + root_disk: "{{ item.device|regex_replace('[0-9]+', '') }}" + with_items: "{{ ansible_mounts }}" + when: item.mount == '/' + +- name: Compile list of non-root partitions + shell: "lsblk --list --noheadings | grep part | grep -v {{ root_disk|regex_replace('/dev/', '') }} | awk '{ print $1 }'" + register: non_root_partitions + +- name: Unmount any non-root mountpoints + mount: + path: "{{ item.mount }}" + state: unmounted + with_items: "{{ ansible_mounts }}" + when: + - item.mount != '/' and + not item.mount is match("/(boot|home|opt|root|srv|tmp|usr/local|var|.snapshots)") + +## http://tracker.ceph.com/issues/20533 +## Trusty version of wipefs lacks --force option +- name: Wipe filesystems on non-root partitions + shell: "wipefs --force --all /dev/{{ item }} || wipefs --all /dev/{{ item }}" + with_items: "{{ non_root_partitions.stdout_lines }}" + when: non_root_partitions|length > 0 + +## See https://github.com/ceph/ceph-ansible/issues/759#issue-153248281 +- name: Zap all non-root disks + shell: "sgdisk --zap-all /dev/{{ item.key }} || sgdisk --zap-all /dev/{{ item.key }}" + with_dict: "{{ ansible_devices }}" + when: + - item.key not in root_disk + - '"loop" not in item.key' + - '"ram" not in item.key' + - '"sr" not in item.key' + +## See https://tracker.ceph.com/issues/22354 and +## https://github.com/ceph/ceph/pull/20400 +- name: Blow away lingering OSD data and FSIDs + shell: "dd if=/dev/zero of=/dev/{{ item.key }} bs=1M count=110" + with_dict: "{{ ansible_devices }}" + when: + - item.key not in root_disk + - '"loop" not in item.key' + - '"ram" not in item.key' + - '"sr" not in item.key' + +- name: Remove all LVM data + shell: "dmsetup remove_all --force" + register: removed_lvm_data + until: "'Unable to remove' not in removed_lvm_data.stderr" + retries: 5 + delay: 1 + ignore_errors: true + +## See http://tracker.ceph.com/issues/21989 +- name: Check for physical volumes + shell: "pvdisplay | grep 'PV Name' | awk '{ print $3 }'" + register: pvs_to_remove + +- name: Remove physical volumes + shell: "pvremove --force --force --yes {{ item }}" + with_items: "{{ pvs_to_remove.stdout_lines }}" + when: + - pvs_to_remove is defined + - pvs_to_remove.stdout_lines|length > 0 diff --git a/roles/testnode/tasks/zypper/packages.yml b/roles/testnode/tasks/zypper/packages.yml new file mode 100644 index 00000000..ab79d818 --- /dev/null +++ b/roles/testnode/tasks/zypper/packages.yml @@ -0,0 +1,36 @@ +--- +- name: Ensure ceph packages are not present. + zypper: + name: "{{ ceph_packages_to_remove|list }}" + state: absent + tags: + - remove-ceph + +- name: Ensure ceph dependency packages are not present. + zypper: + name: "{{ ceph_dependency_packages_to_remove|list }}" + state: absent + tags: + - remove-ceph-dependency + +# https://tracker.ceph.com/issues/44501 +- set_fact: + ansible_python_interpreter: /usr/bin/python3 + +- name: Remove packages + zypper: + name: "{{ packages_to_remove|list }}" + state: absent + when: packages_to_remove|length > 0 + +- name: Install packages + zypper: + name: "{{ packages|list }}" + state: present + when: packages|length > 0 + +- name: Upgrade packages + zypper: + name: "{{ packages_to_upgrade|list }}" + state: latest + when: packages_to_upgrade|length > 0 diff --git a/roles/testnode/tasks/zypper_systems.yml b/roles/testnode/tasks/zypper_systems.yml new file mode 100644 index 00000000..9e109334 --- /dev/null +++ b/roles/testnode/tasks/zypper_systems.yml @@ -0,0 +1,53 @@ +--- +# Tasks common to all systems that use the zypper package manager +# This is mostly a copy of the yum_systems.yml + +- name: Set mode on /etc/fuse.conf + file: + path: /etc/fuse.conf + mode: 0644 + state: touch + changed_when: false + +- name: Ensure the group kvm exists. + group: + name: kvm + state: present + +- name: Add the teuthology user to groups kvm,disk + user: + name: "{{ teuthology_user }}" + groups: kvm,disk + append: yes + +- name: Configure /etc/sudoers. + template: + src: sudoers + dest: /etc/sudoers + owner: root + group: root + mode: 0440 + validate: visudo -cf %s + tags: + - sudoers + +- name: Configure /etc/security/limits.conf + template: + src: limits.conf + dest: /etc/security/limits.conf + group: root + owner: root + mode: 0644 + +# http://tracker.ceph.com/issues/15272 +# We don't know why it's happening, but something is corrupting the +# rpmdb. Let's try just rebuilding it every time. +- name: Rebuild rpmdb + command: + rpm --rebuilddb + +- name: Perform package related tasks. + import_tasks: zypper/packages.yml + tags: + - packages + diff --git a/roles/testnode/templates/apt/ceph.pref b/roles/testnode/templates/apt/ceph.pref new file mode 100644 index 00000000..c1e70b02 --- /dev/null +++ b/roles/testnode/templates/apt/ceph.pref @@ -0,0 +1,4 @@ +{# {{ ansible_managed }} #} +Package: * +Pin: origin *.ceph.com +Pin-Priority: 999 diff --git a/roles/testnode/templates/apt/sources.list.jessie b/roles/testnode/templates/apt/sources.list.jessie new file mode 100644 index 00000000..80ba5e39 --- /dev/null +++ b/roles/testnode/templates/apt/sources.list.jessie @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +deb http://http.debian.net/debian jessie main contrib non-free +deb http://security.debian.org/ jessie/updates main contrib non-free +deb http://http.debian.net/debian jessie-updates main contrib non-free diff --git a/roles/testnode/templates/apt/sources.list.precise b/roles/testnode/templates/apt/sources.list.precise new file mode 100644 index 00000000..cda08008 --- /dev/null +++ b/roles/testnode/templates/apt/sources.list.precise @@ -0,0 +1,62 @@ +# {{ ansible_managed }} +# deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise main restricted + +# deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-updates main restricted +# deb http://security.ubuntu.com/ubuntu precise-security main restricted + +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise main restricted +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-updates main restricted +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise universe +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise universe +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-updates universe +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise multiverse +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise multiverse +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-updates multiverse +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse + +deb http://security.ubuntu.com/ubuntu precise-security main restricted +deb-src http://security.ubuntu.com/ubuntu precise-security main restricted +deb http://security.ubuntu.com/ubuntu precise-security universe +deb-src http://security.ubuntu.com/ubuntu precise-security universe +deb http://security.ubuntu.com/ubuntu precise-security multiverse +deb-src http://security.ubuntu.com/ubuntu precise-security multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://{{ mirror_host }}/archive.canonical.com/ubuntu precise partner +# deb-src http://{{ mirror_host }}/archive.canonical.com/ubuntu precise partner + +## Uncomment the following two lines to add software from Ubuntu's +## 'extras' repository. +## This software is not part of Ubuntu, but is offered by third-party +## developers who want to ship their latest software. +# deb http://extras.ubuntu.com/ubuntu precise main +# deb-src http://extras.ubuntu.com/ubuntu precise main diff --git a/roles/testnode/templates/apt/sources.list.trusty b/roles/testnode/templates/apt/sources.list.trusty new file mode 100644 index 00000000..19cf4888 --- /dev/null +++ b/roles/testnode/templates/apt/sources.list.trusty @@ -0,0 +1,63 @@ +# {{ ansible_managed }} +# deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty main restricted + +# deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-updates main restricted +# deb http://security.ubuntu.com/ubuntu trusty-security main restricted + +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty main restricted +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-updates main restricted +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty universe +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty universe +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-updates universe +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty multiverse +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty multiverse +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-updates multiverse +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse +deb-src http://{{ mirror_host }}/archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse + +deb http://security.ubuntu.com/ubuntu trusty-security main restricted +deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted +deb http://security.ubuntu.com/ubuntu trusty-security universe +deb-src http://security.ubuntu.com/ubuntu trusty-security universe +deb http://security.ubuntu.com/ubuntu trusty-security multiverse +deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu trusty partner +# deb-src http://archive.canonical.com/ubuntu trusty partner + +## Uncomment the following two lines to add software from Ubuntu's +## 'extras' repository. +## This software is not part of Ubuntu, but is offered by third-party +## developers who want to ship their latest software. +# deb http://extras.ubuntu.com/ubuntu trusty main +# deb-src http://extras.ubuntu.com/ubuntu trusty main + diff --git a/roles/testnode/templates/apt/sources.list.wheezy b/roles/testnode/templates/apt/sources.list.wheezy new file mode 100644 index 00000000..bbe3e3e4 --- /dev/null +++ b/roles/testnode/templates/apt/sources.list.wheezy @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +deb http://{{ mirror_host }}/ftp.us.debian.org/debian wheezy main contrib non-free +deb http://{{ mirror_host }}/security.debian.org/debian-security/ wheezy/updates main contrib non-free +deb http://{{ mirror_host }}/ftp.us.debian.org/debian wheezy-backports main contrib non-free diff --git a/roles/testnode/templates/cachefilesd.j2 b/roles/testnode/templates/cachefilesd.j2 new file mode 100644 index 00000000..d94765b7 --- /dev/null +++ b/roles/testnode/templates/cachefilesd.j2 @@ -0,0 +1,9 @@ +dir {{ cachefilesd_dir|default('/var/cache/fscache') }} +tag {{ cachefilesd_tag|default('mycache') }} +brun {{ cachefilesd_brun|default('10%') }} +bcull {{ cachefilesd_bcull|default('7%') }} +bstop {{ cachefilesd_bstop|default('3%') }} +frun {{ cachefilesd_frun|default('10%') }} +fcull {{ cachefilesd_fcull|default('7%') }} +fstop {{ cachefilesd_fstop|default('3%') }} +secctx {{ cachefilesd_secctx|default('system_u:system_r:cachefiles_kernel_t:s0') }} diff --git a/roles/testnode/templates/chrony.conf b/roles/testnode/templates/chrony.conf new file mode 100644 index 00000000..749c8c7d --- /dev/null +++ b/roles/testnode/templates/chrony.conf @@ -0,0 +1,6 @@ +{% for server in ntp_servers %} +server {{ server }} iburst +{% endfor %} +driftfile /var/lib/chrony/drift +makestep 1.0 3 +rtcsync diff --git a/roles/testnode/templates/cpan_config.pm b/roles/testnode/templates/cpan_config.pm new file mode 100644 index 00000000..66db16dd --- /dev/null +++ b/roles/testnode/templates/cpan_config.pm @@ -0,0 +1,67 @@ +# {{ ansible_managed }} +$CPAN::Config = { + 'applypatch' => q[], + 'auto_commit' => q[0], + 'build_cache' => q[100], + 'build_dir' => q[/home/{{ teuthology_user }}/.cpan/build], + 'build_dir_reuse' => q[0], + 'build_requires_install_policy' => q[yes], + 'bzip2' => q[/bin/bzip2], + 'cache_metadata' => q[1], + 'check_sigs' => q[0], + 'colorize_output' => q[0], + 'commandnumber_in_prompt' => q[1], + 'connect_to_internet_ok' => q[1], + 'cpan_home' => q[/home/{{ teuthology_user }}/.cpan], + 'ftp_passive' => q[1], + 'ftp_proxy' => q[], + 'getcwd' => q[cwd], + 'gpg' => q[/usr/bin/gpg], + 'gzip' => q[/bin/gzip], + 'halt_on_failure' => q[0], + 'histfile' => q[/home/{{ teuthology_user }}/.cpan/histfile], + 'histsize' => q[100], + 'http_proxy' => q[], + 'inactivity_timeout' => q[0], + 'index_expire' => q[1], + 'inhibit_startup_message' => q[0], + 'keep_source_where' => q[/home/{{ teuthology_user }}/.cpan/sources], + 'load_module_verbosity' => q[none], + 'make' => q[/usr/bin/make], + 'make_arg' => q[], + 'make_install_arg' => q[], + 'make_install_make_command' => q[/usr/bin/make], + 'makepl_arg' => q[INSTALLDIRS=site], + 'mbuild_arg' => q[], + 'mbuild_install_arg' => q[], + 'mbuild_install_build_command' => q[./Build], + 'mbuildpl_arg' => q[--installdirs site], + 'no_proxy' => q[], + 'pager' => q[/usr/bin/less], + 'patch' => q[/usr/bin/patch], + 'perl5lib_verbosity' => q[none], + 'prefer_external_tar' => q[1], + 'prefer_installer' => q[MB], + 'prefs_dir' => q[/home/{{ teuthology_user }}/.cpan/prefs], + 'prerequisites_policy' => q[follow], + 'scan_cache' => q[atstart], + 'shell' => q[/bin/bash], + 'show_unparsable_versions' => q[0], + 'show_upload_date' => q[0], + 'show_zero_versions' => q[0], + 'tar' => q[/bin/tar], + 'tar_verbosity' => q[none], + 'term_is_latin' => q[1], + 'term_ornaments' => q[1], + 'test_report' => q[0], + 'trust_test_report_history' => q[0], + 'unzip' => q[/usr/bin/unzip], + 'urllist' => [q[http://apt-mirror.sepia.ceph.com/CPAN/]], + 'use_sqlite' => q[0], + 'version_timeout' => q[15], + 'wget' => q[/usr/bin/wget], + 'yaml_load_code' => q[0], + 'yaml_module' => q[YAML], +}; +1; +__END__ diff --git a/roles/testnode/templates/cron/kernel-clean b/roles/testnode/templates/cron/kernel-clean new file mode 100644 index 00000000..80b97b2a --- /dev/null +++ b/roles/testnode/templates/cron/kernel-clean @@ -0,0 +1,26 @@ +#!/bin/bash +# {{ ansible_managed }} + +#Environment variable for +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +#Don't run any post remove scripts. Doing it for each kernel +#Takes too long. We dont normally remove kernels other than +#via this script which will manually do update-grub at the end. + +rm -f /etc/kernel/postrm.d/* 2> /dev/null + +current=`uname -r` +kernellist="" +for kernel in `dpkg -l | grep linux-image | grep -i -e '^ii ' | grep ceph | grep -v "$current" | awk '{print $2}'` +do + kernellist="$kernel $kernellist" +done + +apt-get -y remove $kernellist + +#Manually update grub since we disabled dpkg from doing it. +update-grub + +#Clean apt-cache +apt-get clean diff --git a/roles/testnode/templates/exports b/roles/testnode/templates/exports new file mode 100644 index 00000000..17bbdc63 --- /dev/null +++ b/roles/testnode/templates/exports @@ -0,0 +1,14 @@ +# {{ ansible_managed }} +# +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +# +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# +# dummy export just to make nfs_kernel_start +/tmp 1.1.1.1(ro,sync,no_subtree_check) diff --git a/roles/testnode/templates/fuse.conf b/roles/testnode/templates/fuse.conf new file mode 100644 index 00000000..97232487 --- /dev/null +++ b/roles/testnode/templates/fuse.conf @@ -0,0 +1,9 @@ +# {{ ansible_managed }} +# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE) + +# Set the maximum number of FUSE mounts allowed to non-root users. +# The default is 1000. +#mount_max = 1000 + +# Allow non-root users to specify the allow_other or allow_root mount options. +user_allow_other diff --git a/roles/testnode/templates/grub b/roles/testnode/templates/grub new file mode 100644 index 00000000..6686cb0e --- /dev/null +++ b/roles/testnode/templates/grub @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +GRUB_DEFAULT=saved +GRUB_TIMEOUT=5 +GRUB_DISABLE_LINUX_UUID="true" diff --git a/roles/testnode/templates/grub.d/02_force_timeout b/roles/testnode/templates/grub.d/02_force_timeout new file mode 100644 index 00000000..3f828fff --- /dev/null +++ b/roles/testnode/templates/grub.d/02_force_timeout @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +cat < + +* soft core unlimited diff --git a/roles/testnode/templates/modules b/roles/testnode/templates/modules new file mode 100644 index 00000000..3fdab7ef --- /dev/null +++ b/roles/testnode/templates/modules @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +# /etc/modules: kernel modules to load at boot time. +# +# This file contains the names of kernel modules that should be loaded +# at boot time, one per line. Lines beginning with "#" are ignored. + +loop +lp +rtc +scsi_transport_iscsi diff --git a/roles/testnode/templates/ntp.conf b/roles/testnode/templates/ntp.conf new file mode 100644 index 00000000..df665bcc --- /dev/null +++ b/roles/testnode/templates/ntp.conf @@ -0,0 +1,77 @@ +# +# {{ ansible_managed }} +# +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + + +# Enable this if you want statistics to be logged. +statsdir /var/log/ntpstats/ + +statistics loopstats peerstats rawstats clockstats sysstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen rawstats file rawstats type day enable +filegen clockstats file clockstats type day enable +filegen sysstats file sysstats type day enable + + +# You do need to talk to an NTP server or two (or three). +#server ntp.your-provider.example + +# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will +# pick a different set every time it starts up. Please consider joining the +# pool: + +#clock1 is currently an alias to public ntp servers, which are 20-50ms off from +#our internal ones! + +# found this guy from http://www.pool.ntp.org/user/ask, ~2.5ms ping time +#server tock.phyber.com iburst minpoll 4 maxpoll 7 + +#server clock1.dreamhost.com iburst dynamic +#server clock2.dreamhost.com iburst dynamic +#server clock3.dreamhost.com iburst minpoll 4 maxpoll 7 +#server 0.debian.pool.ntp.org iburst dynamic +#server 1.debian.pool.ntp.org iburst dynamic +#server 2.debian.pool.ntp.org iburst dynamic +#server 3.debian.pool.ntp.org iburst dynamic + +{% for server in ntp_servers %} +server {{ server }} +{% endfor %} + + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient + +#Greater accuracy +tinker step 0.025 diff --git a/roles/testnode/templates/pip.conf b/roles/testnode/templates/pip.conf new file mode 100644 index 00000000..c82ad506 --- /dev/null +++ b/roles/testnode/templates/pip.conf @@ -0,0 +1,2 @@ +[global] +index-url = {{ pip_mirror_url }} diff --git a/roles/testnode/templates/remote.conf b/roles/testnode/templates/remote.conf new file mode 100644 index 00000000..a9e67d9d --- /dev/null +++ b/roles/testnode/templates/remote.conf @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +* hard core unlimited diff --git a/roles/testnode/templates/security_limits.conf b/roles/testnode/templates/security_limits.conf new file mode 100644 index 00000000..1c515b24 --- /dev/null +++ b/roles/testnode/templates/security_limits.conf @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +{{ teuthology_user }} hard nofile 16384 diff --git a/roles/testnode/templates/ssh/ssh_config b/roles/testnode/templates/ssh/ssh_config new file mode 100644 index 00000000..29fbd86f --- /dev/null +++ b/roles/testnode/templates/ssh/ssh_config @@ -0,0 +1,17 @@ +# {{ ansible_managed }} +# +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +Host * + SendEnv LANG LC_* + HashKnownHosts yes + GSSAPIAuthentication yes + GSSAPIDelegateCredentials no + StrictHostKeyChecking no + SendEnv LANG LC_* + HashKnownHosts yes + GSSAPIAuthentication yes + GSSAPIDelegateCredentials no diff --git a/roles/testnode/templates/ssh/sshd_config_centos_6 b/roles/testnode/templates/ssh/sshd_config_centos_6 new file mode 100644 index 00000000..80fb5193 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_centos_6 @@ -0,0 +1,34 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +Protocol 2 + +SyslogFacility AUTHPRIV + +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +X11Forwarding yes + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_centos_7 b/roles/testnode/templates/ssh/sshd_config_centos_7 new file mode 100644 index 00000000..7f5faae7 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_centos_7 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +SyslogFacility AUTHPRIV + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication no + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_centos_8 b/roles/testnode/templates/ssh/sshd_config_centos_8 new file mode 100644 index 00000000..087d4c75 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_centos_8 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +SyslogFacility AUTHPRIV + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_centos_9 b/roles/testnode/templates/ssh/sshd_config_centos_9 new file mode 100644 index 00000000..087d4c75 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_centos_9 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +SyslogFacility AUTHPRIV + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_debian_7 b/roles/testnode/templates/ssh/sshd_config_debian_7 new file mode 100644 index 00000000..06f41e40 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_debian_7 @@ -0,0 +1,90 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_debian_8 b/roles/testnode/templates/ssh/sshd_config_debian_8 new file mode 100644 index 00000000..a53a032e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_debian_8 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_fedora_22 b/roles/testnode/templates/ssh/sshd_config_fedora_22 new file mode 100644 index 00000000..c310debe --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_fedora_22 @@ -0,0 +1,31 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +SyslogFacility AUTHPRIV + +PasswordAuthentication no + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_opensuse_leap_15 b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_15 new file mode 100644 index 00000000..173923d0 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_15 @@ -0,0 +1,123 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5). +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/roles/testnode/templates/ssh/sshd_config_opensuse_leap_42 b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_42 new file mode 100644 index 00000000..f0c34664 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_42 @@ -0,0 +1,9 @@ +AuthorizedKeysFile .ssh/authorized_keys +UsePAM yes +UsePrivilegeSeparation sandbox +Subsystem sftp /usr/lib/ssh/sftp-server +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA new file mode 100644 index 00000000..6e48757e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_redhat_6 b/roles/testnode/templates/ssh/sshd_config_redhat_6 new file mode 100644 index 00000000..80c907ed --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_redhat_6 @@ -0,0 +1,33 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +Protocol 2 + +SyslogFacility AUTHPRIV +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +X11Forwarding yes + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_redhat_7 b/roles/testnode/templates/ssh/sshd_config_redhat_7 new file mode 100644 index 00000000..087d4c75 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_redhat_7 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +SyslogFacility AUTHPRIV + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_redhat_8 b/roles/testnode/templates/ssh/sshd_config_redhat_8 new file mode 100644 index 00000000..087d4c75 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_redhat_8 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +SyslogFacility AUTHPRIV + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_redhat_9 b/roles/testnode/templates/ssh/sshd_config_redhat_9 new file mode 100644 index 00000000..087d4c75 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_redhat_9 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +SyslogFacility AUTHPRIV + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_12 b/roles/testnode/templates/ssh/sshd_config_ubuntu_12 new file mode 100644 index 00000000..73c9dcaf --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_12 @@ -0,0 +1,90 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +PasswordAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_14 b/roles/testnode/templates/ssh/sshd_config_ubuntu_14 new file mode 100644 index 00000000..6e48757e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_14 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_15 b/roles/testnode/templates/ssh/sshd_config_ubuntu_15 new file mode 100644 index 00000000..6e48757e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_15 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_16 b/roles/testnode/templates/ssh/sshd_config_ubuntu_16 new file mode 100644 index 00000000..6e48757e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_16 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_18 b/roles/testnode/templates/ssh/sshd_config_ubuntu_18 new file mode 100644 index 00000000..6e48757e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_18 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_20 b/roles/testnode/templates/ssh/sshd_config_ubuntu_20 new file mode 100644 index 00000000..6e48757e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_20 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_22 b/roles/testnode/templates/ssh/sshd_config_ubuntu_22 new file mode 100644 index 00000000..6e48757e --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_22 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/templates/sudoers b/roles/testnode/templates/sudoers new file mode 100755 index 00000000..d4dc6d51 --- /dev/null +++ b/roles/testnode/templates/sudoers @@ -0,0 +1,47 @@ +## {{ ansible_managed }} + +## Sudoers allows particular users to run various commands as +## the root user, without needing the root password. +## +## Examples are provided at the bottom of the file for collections +## of related commands, which can then be delegated out to particular +## users or groups. +## +## This file must be edited with the 'visudo' command. + +# Disable "ssh hostname sudo ", because it will show the password in clear. +# You have to run "ssh -t hostname sudo ". +# +Defaults !requiretty + +# Refuse to run if unable to disable echo on the tty. This setting should also be +# changed in order to be able to use sudo without a tty. See !requiretty above. +# +Defaults visiblepw + +# Preserving HOME has security implications since many programs +# use it when searching for configuration files. Note that HOME +# is already set when the the env_reset option is enabled, so +# this option is only effective for configurations where either +# env_reset is disabled or HOME is present in the env_keep list. +# +Defaults always_set_home + +Defaults env_reset +Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" +Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" +Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" +Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" + +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +## Allow root to run any commands anywhere +root ALL=(ALL) ALL + +## Allows people in group wheel to run all commands +%wheel ALL=(ALL) ALL + +{{ teuthology_user }} ALL=(ALL) NOPASSWD:ALL + +#includedir /etc/sudoers.d diff --git a/roles/testnode/templates/wgetrc b/roles/testnode/templates/wgetrc new file mode 100644 index 00000000..e1af6f92 --- /dev/null +++ b/roles/testnode/templates/wgetrc @@ -0,0 +1,3 @@ +# {{ ansible_managed }} +check_certificate = off +passive_ftp = on diff --git a/roles/testnode/templates/yum_repo.j2 b/roles/testnode/templates/yum_repo.j2 new file mode 100644 index 00000000..7467eb65 --- /dev/null +++ b/roles/testnode/templates/yum_repo.j2 @@ -0,0 +1,8 @@ +# +# {{ ansible_managed }} +# + +[{{ item.key }}] +{% for k, v in item.value.items() | sort -%} + {{ k }}={{ v }} +{% endfor %} diff --git a/roles/testnode/vars/apt_systems.yml b/roles/testnode/vars/apt_systems.yml new file mode 100644 index 00000000..bdcda516 --- /dev/null +++ b/roles/testnode/vars/apt_systems.yml @@ -0,0 +1,35 @@ +--- +ntp_service_name: ntp +ssh_service_name: ssh +nfs_service: nfs-kernel-server + +packages_to_remove: + # multipath interferes with krbd tests + - multipath-tools + # openmpi-common conflicts with mpich stuff + - openmpi-common + # tgt interferes with ceph-iscsi tests + - tgt + +ceph_packages_to_remove: + - ceph + - ceph-common + - libcephfs1 + - radosgw + - python-ceph + - python-rados + - python-cephfs + - python-rbd + - librbd1 + - librados2 + - ceph-fs-common-dbg + - ceph-fs-common + +packages: [] +common_packages: [] + +apt_repos: [] +common_apt_repos: [] + +pip_packages_to_install: + - remoto>=0.0.35 diff --git a/roles/testnode/vars/centos_6.yml b/roles/testnode/vars/centos_6.yml new file mode 100644 index 00000000..5213c9c0 --- /dev/null +++ b/roles/testnode/vars/centos_6.yml @@ -0,0 +1,120 @@ +--- +# vars specific to centos 6.x + +yum_repos: + centos6-fcgi-ceph: + name: Cent OS 6 Local fastcgi Repo + baseurl: "http://{{ gitbuilder_host }}/mod_fastcgi-rpm-centos6-x86_64-basic/ref/master/" + enabled: 1 + gpgcheck: 0 + priority: 2 + centos6-misc-ceph: + name: Cent OS 6 Local misc Repo + baseurl: "http://{{ mirror_host }}/misc-rpms/" + enabled: 1 + gpgcheck: 0 + priority: 2 + rpmforge: + name: Red Hat Enterprise $releasever - RPMforge.net - dag + baseurl: "http://{{ mirror_host }}/rpmforge/" + enabled: 1 + gpgcheck: 0 + protect: 0 + lab-extras: + name: lab-extras + baseurl: "http://{{ mirror_host }}/lab-extras/centos6/" + enabled: 1 + gpgcheck: 0 + priority: 2 + +packages: + - '@core' + - '@base' + - yum-plugin-priorities + - yum-plugin-fastestmirror + - redhat-lsb + - sysstat + - gdb + - git-all + - python-configobj + # for running ceph + - libedit + - openssl098e + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse + - fuse-libs + ### + ### + ### + - openssl + - libuuid + - btrfs-progs + # for compiling helpers + - libatomic_ops-devel + ### + # used by workunits + - attr + - valgrind + - python-nose + - mpich2 + - mpich2-devel + - ant + - fsstress + - iozone + ### + # used by the xfstests tasks + - libtool + - automake + - gettext + - uuid-devel + - libacl-devel + - bc + - xfsdump + ### + # for blktrace and seekwatcher + - blktrace + - numpy + - python-matplotlib + ### + # for qemu + - qemu-kvm + - usbredir + - genisoimage + ### + # for apache and rgw + - httpd + - httpd-devel + - httpd-tools + - mod_ssl + - mod_fastcgi-2.4.7-1.ceph.el6 + ### for swift and s3-tests + - libev-devel + - python-devel + # for pretty-printing xml + - perl-XML-Twig + # for java bindings, hadoop, etc. + - java-1.7.0-openjdk-devel + - junit4 + # for nfs + - nfs-utils + +epel_packages: + # for running ceph + - cryptopp-devel + - cryptopp + - fcgi + # used by workunits + - dbench + # used by workunits + - fuse-sshfs + - bonnie++ + # for json_xs to investigate JSON by hand + - perl-JSON + # for ceph-deploy + - python-virtualenv + # for setting BIOS settings + - smbios-utils diff --git a/roles/testnode/vars/centos_7.yml b/roles/testnode/vars/centos_7.yml new file mode 100644 index 00000000..e88310ca --- /dev/null +++ b/roles/testnode/vars/centos_7.yml @@ -0,0 +1,109 @@ +--- +# vars specific to centos 7.x + +yum_repos: + centos7-fcgi-ceph: + name: CentOS 7 Local fastcgi Repo + baseurl: "http://{{ gitbuilder_host }}/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/" + enabled: 1 + gpgcheck: 0 + lab-extras: + name: lab-extras + baseurl: "http://{{ mirror_host }}/lab-extras/centos7/" + enabled: 1 + gpgcheck: 0 + +packages: + - '@core' + - '@base' + - yum-plugin-priorities + - yum-plugin-fastestmirror + - redhat-lsb + - sysstat + - gdb + - git-all + - python-configobj + - gcc-c++ + # for running ceph + - libedit + - openssl098e + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse + - fuse-libs + ### + # for ceph-deploy + - python-virtualenv + ### + - openssl + - libuuid + - btrfs-progs + # used by workunits + - attr + - valgrind + - python-nose + - mpich + - podman + # for cephadmunit.py's kill, + - podman-docker + - ant + - iozone + ### + # used by the xfstests tasks + - libtool + - automake + - gettext + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - xfsprogs-devel + ### + # for blktrace and seekwatcher + - blktrace + - numpy + - python-matplotlib + ### + # for qemu + - qemu-kvm + - usbredir + - genisoimage + ### + # for apache and rgw + - httpd + - httpd-devel + - httpd-tools + - mod_ssl + - mod_fastcgi-2.4.7-1.ceph.el7.centos + ### for swift and s3-tests + - libev-devel + # for pretty-printing xml + - perl-XML-Twig + # for java bindings, hadoop, etc. + - java-1.6.0-openjdk-devel + - junit4 + # for nfs + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + - python-devel + - python-virtualenv + - perl-CPAN + - python3 + +epel_packages: + # for running ceph + - cryptopp-devel + - cryptopp + - fcgi + # used by workunits + - dbench + # used by workunits + - fuse-sshfs + - bonnie++ + # for json_xs to investigate JSON by hand + - perl-JSON-XS diff --git a/roles/testnode/vars/centos_8.yml b/roles/testnode/vars/centos_8.yml new file mode 100644 index 00000000..a1b03b15 --- /dev/null +++ b/roles/testnode/vars/centos_8.yml @@ -0,0 +1,74 @@ +--- +# vars specific to any centos 8.x version +# some of these will be overridden by vars in centos_8_stream.yml + +common_yum_repos: + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/8/" + enabled: 1 + gpgcheck: 0 + +copr_repos: + - ceph/python3-asyncssh + +packages_to_upgrade: + - libgcrypt # explicitly tied to qemu build + +packages: + - redhat-lsb-core + # for package-cleanup + - dnf-utils + - sysstat + - libedit + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse-libs + - openssl + - libuuid + - podman + # for cephadmunit.py to uniformly run 'docker kill -p ...' + - podman-docker + - attr + - ant + - lsof + - gettext + - bc + - xfsdump + - blktrace + - usbredir + - libev-devel + - valgrind + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + # for workunits, + - gcc + - git + # qa/workunits/rados/test_python.sh + - python3-nose + # for cram tests + - python3-virtualenv + # for rbd qemu tests + - genisoimage + - qemu-img + - qemu-kvm-core + - qemu-kvm-block-rbd + # for pjd tests + - libacl-devel + # for fs tests, + - autoconf + # for test-crash.sh + - gdb + - iozone + +epel_packages: + - dbench + +nfs_service: nfs-server + +ntp_service_name: chronyd diff --git a/roles/testnode/vars/centos_8_stream.yml b/roles/testnode/vars/centos_8_stream.yml new file mode 100644 index 00000000..2cb04ef5 --- /dev/null +++ b/roles/testnode/vars/centos_8_stream.yml @@ -0,0 +1,66 @@ +--- +# vars specific to centos stream version 8.x +# these will override vars in centos_8.yml + +packages_to_upgrade: + - libgcrypt # explicitly tied to qemu build + + # centos stream additions start here + - systemd + +packages: + - redhat-lsb-core + # for package-cleanup + - dnf-utils + - sysstat + - libedit + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse-libs + - openssl + - libuuid + - podman + # for cephadmunit.py to uniformly run 'docker kill -p ...' + - podman-docker + - attr + - ant + - lsof + - gettext + - bc + - xfsdump + - blktrace + - usbredir + - libev-devel + - valgrind + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + # for workunits, + - gcc + - git + # qa/workunits/rados/test_python.sh + - python3-nose + # for cram tests + - python3-virtualenv + # for rbd qemu tests + - genisoimage + - qemu-img + - qemu-kvm-core + - qemu-kvm-block-rbd + # for pjd tests + - libacl-devel + # for fs tests, + - autoconf + # for test-crash.sh + - gdb + - iozone + + # centos stream additions start here + - lvm2 + +epel_packages: + - dbench diff --git a/roles/testnode/vars/centos_9.yml b/roles/testnode/vars/centos_9.yml new file mode 100644 index 00000000..093a709d --- /dev/null +++ b/roles/testnode/vars/centos_9.yml @@ -0,0 +1,74 @@ +--- +# vars specific to any centos 9.x version + +common_yum_repos: + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/9/" + enabled: 1 + gpgcheck: 0 + + +# When mirrors become available, these will be filenames in roles/testnodes/templates/mirrorlists/9/ +yum_mirrorlists: [] + +packages_to_upgrade: + - libgcrypt # explicitly tied to qemu build + +packages: + # for package-cleanup + - dnf-utils + - sysstat + - libedit + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse-libs + - openssl + - libuuid + - podman + # for cephadmunit.py to uniformly run 'docker kill -p ...' +# Doesn't exist yet +# - podman-docker + - attr +# - ant + - lsof + - gettext + - bc + - xfsdump + - blktrace + - usbredir +# - libev-devel + - valgrind + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + # for workunits, + - gcc + - git + # qa/workunits/rados/test_python.sh +# - python3-nose + # for cram tests +# - python3-virtualenv + # for rbd qemu tests + - genisoimage + - qemu-img + - qemu-kvm-core + - qemu-kvm-block-rbd + # for pjd tests + - libacl-devel + # for fs tests, + - autoconf + # for test-crash.sh + - gdb + - iozone + +epel_packages: + - dbench + +nfs_service: nfs-server + +ntp_service_name: chronyd diff --git a/roles/testnode/vars/debian_7.yml b/roles/testnode/vars/debian_7.yml new file mode 100644 index 00000000..e149b264 --- /dev/null +++ b/roles/testnode/vars/debian_7.yml @@ -0,0 +1,98 @@ +--- +apt_repos: + - "deb http://ceph.com/debian-dumpling/ wheezy main" + - "deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-wheezy-x86_64-basic/ref/master/ wheezy main" + +packages: + - lsb-release + - build-essential + - sysstat + - gdb + - python-configobj + - python-gevent + - python-dev + - python-virtualenv + - libev-dev + - fuse + - libssl1.0.0 + - libgoogle-perftools4 + - libboost-thread1.49.0 + - cryptsetup-bin + - libcrypto++9 + - iozone3 + - libmpich2-3 + - collectl + - nfs-kernel-server + # for running ceph + - libedit2 + - xfsprogs + - gdisk + - parted + ### + # for setting BIOS settings + - libsmbios-bin + ### + - libuuid1 + - libfcgi + - btrfs-tools + # for compiling helpers and such + - libatomic-ops-dev + ### + # used by workunits + - git-core + - attr + - dbench + - bonnie++ + - valgrind + - python-nose + - mpich2 + - libmpich2-dev + - ant + ### + # used by the xfstests tasks + - libtool + - automake + - gettext + - uuid-dev + - libacl1-dev + - bc + - xfsdump + - dmapi + - xfslibs-dev + ### + # For Mark Nelson + - sysprof + - pdsh + ### + # for blktrace and seekwatcher + - blktrace + - python-numpy + - python-matplotlib + - mencoder + ### + # for qemu + - kvm + - genisoimage + ### + # for json_xs to investigate JSON by hand + - libjson-xs-perl + ### + # for pretty-printing xml + - xml-twig-tools + ### + # for java bindings, hadoop, etc. + - default-jdk + - junit4 + ### + # for samba testing + - cifs-utils + ### + # DistCC for arm + - distcc + +packages_to_upgrade: + - apt + - libcurl3-gnutls + - apache2 + - libapache2-mod-fastcgi + - libfcgi0ldbl diff --git a/roles/testnode/vars/debian_8.yml b/roles/testnode/vars/debian_8.yml new file mode 100644 index 00000000..bdf6378a --- /dev/null +++ b/roles/testnode/vars/debian_8.yml @@ -0,0 +1,97 @@ +--- +packages: + - lsb-release + - build-essential + - sysstat + - gdb + - python-configobj + - python-gevent + - python-dev + - python-virtualenv + - libev-dev + - fuse + - libssl1.0.0 + - libgoogle-perftools4 + - cryptsetup-bin + - libcrypto++9 + - iozone3 + - docker.io + - collectl + - nfs-kernel-server + # for running ceph + - libedit2 + - xfsprogs + - gdisk + - parted + ### + # for setting BIOS settings + - libsmbios-bin + ### + - libuuid1 + - libfcgi + - btrfs-tools + # for compiling helpers and such + - libatomic-ops-dev + ### + # used by workunits + - git-core + - attr + - dbench + - bonnie++ + - valgrind + - python-nose + - mpich2 + - libmpich2-dev + - ant + ### + # used by the xfstests tasks + - libtool + - automake + - gettext + - uuid-dev + - libacl1-dev + - bc + - xfsdump + - dmapi + - xfslibs-dev + ### + # For Mark Nelson + - sysprof + - pdsh + ### + # for blktrace and seekwatcher + - blktrace + - python-numpy + - python-matplotlib + ### + # for qemu + - kvm + - genisoimage + ### + # for json_xs to investigate JSON by hand + - libjson-xs-perl + ### + # for pretty-printing xml + - xml-twig-tools + ### + # for java bindings, hadoop, etc. + - default-jdk + - junit4 + ### + # for samba testing + - cifs-utils + ### + # DistCC for arm + - distcc + +#NOTE: these packages were not found for debian 8, but are present for debian 7 +#- mencoder +#- libmpich2-3 +#- libboost-thread1.49.0 + +packages_to_upgrade: + - apt + - libcurl3-gnutls + - apache2 + - libapache2-mod-fastcgi + - libfcgi0ldbl diff --git a/roles/testnode/vars/dnf_systems.yml b/roles/testnode/vars/dnf_systems.yml new file mode 120000 index 00000000..3eacc969 --- /dev/null +++ b/roles/testnode/vars/dnf_systems.yml @@ -0,0 +1 @@ +yum_systems.yml \ No newline at end of file diff --git a/roles/testnode/vars/empty.yml b/roles/testnode/vars/empty.yml new file mode 100644 index 00000000..85479d19 --- /dev/null +++ b/roles/testnode/vars/empty.yml @@ -0,0 +1,12 @@ +--- +# This is empty on purpose. Used as the last line +# when using include_vars with with_first_found when +# the var file might not exist. +# +# For example, there is not rhel 6.5 var file because it's not needed +# but there is a rhel 7.0 var file that we need to include. Using this empty.yml +# as the last line in with_first_found allows include_vars to work across different distros +# where the var file might not be needed. +# +# Maybe related issue: +# https://github.com/ansible/ansible/issues/10000 diff --git a/roles/testnode/vars/fedora_22.yml b/roles/testnode/vars/fedora_22.yml new file mode 100644 index 00000000..31170f42 --- /dev/null +++ b/roles/testnode/vars/fedora_22.yml @@ -0,0 +1,74 @@ +--- +packages_to_upgrade: + - leveldb + +packages_to_remove: + - ceph-libs + +packages: + - '@core' + - yum-plugin-priorities + - redhat-lsb + - sysstat + - gdb + - git-all + - python-configobj + # for running ceph + - libedit + - openssl-devel + - google-perftools-devel + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - cryptopp-devel + - cryptopp + ### + # for ceph-deploy + - python-virtualenv + ### + # for setting BIOS settings + - smbios-utils + ### + - openssl + - libuuid + - fcgi-devel + - btrfs-progs + # for compiling helpers + - libatomic_ops-devel + ### + # used by workunits + - attr + - valgrind + - python-nose + - mpich2 + - mpich2-devel + - ant + - dbench + - bonnie++ + ### + # used by the xfstests tasks + - libtool + - automake + - gettext + - uuid-devel + - libacl-devel + - bc + - xfsdump + ### + # for blktrace and seekwatcher + - blktrace + - numpy + - python-matplotlib + # for json_xs to investigate JSON by hand + - perl-JSON + # for pretty-printing xml + - perl-XML-Twig + # for java bindings, hadoop, etc. + - java-1.8.0-openjdk-devel + - junit + # for nfs + - nfs-utils + # python-pip is installed via roles/testnode/tasks/pip.yml on other rpm-based distros + - python-pip diff --git a/roles/testnode/vars/opensuse_leap_15.0.yml b/roles/testnode/vars/opensuse_leap_15.0.yml new file mode 100644 index 00000000..d56b4ff8 --- /dev/null +++ b/roles/testnode/vars/opensuse_leap_15.0.yml @@ -0,0 +1,76 @@ +--- +# vars specific to OpenSuse Leap 15.0 +packages_to_remove: + - gettext-runtime-mini + +packages: + - lsb-release + - sysstat + - gdb + - make + - git + - python-configobj + # for running ceph + - libedit0 +# - libboost_thread1_54_0 + - libboost_thread1_66_0 + - xfsprogs + - podman + - gptfdisk + - parted + - libgcrypt20 + - fuse + - fuse-devel + - libfuse2 + ### + # for ceph-deploy + - python-virtualenv + ### + - openssl + - libuuid1 + - btrfsprogs + # used by workunits + - attr + - valgrind + - python-nose + - ant +# - iozone + ### + # used by the xfstests tasks + - libtool + - automake + - gettext-runtime + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - xfsprogs-devel + ### + # for blktrace and seekwatcher + - blktrace + - python-numpy + - python-matplotlib + ### + # for qemu + - qemu-kvm + - usbredir +# - genisoimage + ### + # for apache and rgw + - apache2 + - apache2-devel + - apache2-utils +# - apache2-mod_fastcgi + ### + - libevent-devel + # for pretty-printing xml + - perl-XML-Twig + # for java bindings, hadoop, etc. + - java-1_8_0-openjdk-devel + - junit + # for disk/etc monitoring + - smartmontools + # for nfs + - nfs-kernel-server + # for xfstests + - ncurses-devel diff --git a/roles/testnode/vars/opensuse_leap_15.1.yml b/roles/testnode/vars/opensuse_leap_15.1.yml new file mode 100644 index 00000000..2c0db92c --- /dev/null +++ b/roles/testnode/vars/opensuse_leap_15.1.yml @@ -0,0 +1,86 @@ +--- +# vars specific to OpenSuse Leap 15.1 +packages_to_remove: + - gettext-runtime-mini + +packages: + - lsb-release + - sysstat + - gdb + - make + - git + - python-configobj + # for running ceph + - libedit0 +# - libboost_thread1_54_0 + - libboost_thread1_66_0 + - xfsprogs + - podman + - gptfdisk + - parted + - libgcrypt20 + - fuse + - fuse-devel + - libfuse2 + ### + # for ceph-deploy + - python-virtualenv + ### + - openssl + - libuuid1 + - btrfsprogs + # used by workunits + - attr + - valgrind + - python-nose + - ant +# - iozone + ### + # used by the xfstests tasks + - libtool + - automake + - gettext-runtime + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - xfsprogs-devel + ### + # for blktrace and seekwatcher + - blktrace + - python-numpy + - python-matplotlib + ### + # for qemu + - qemu-kvm + - usbredir +# - genisoimage + ### + # for apache and rgw + - apache2 + - apache2-devel + - apache2-utils +# - apache2-mod_fastcgi + ### + - libevent-devel + # for pretty-printing xml + - perl-XML-Twig + # for java bindings, hadoop, etc. + - java-1_8_0-openjdk-devel + - junit + # for disk/etc monitoring + - smartmontools + # for nfs + - nfs-kernel-server + # for xfstests + - ncurses-devel + - lvm2 + # missing packages in openSUSE minimal image + #- chrony + #- make + #- gcc + #- gcc-c++ + - lsb-release + - rsyslog + - git + - wget diff --git a/roles/testnode/vars/opensuse_leap_15.2.yml b/roles/testnode/vars/opensuse_leap_15.2.yml new file mode 100644 index 00000000..4b9c4d8e --- /dev/null +++ b/roles/testnode/vars/opensuse_leap_15.2.yml @@ -0,0 +1,76 @@ +--- +# vars specific to OpenSuse Leap 15.2 +packages_to_remove: + - gettext-runtime-mini + - python + - python-base + +packages: + - python3-base + - lsb-release + - sysstat + - gdb + - make + - zypper + - git + - python3-configobj + # for running ceph + - libedit0 + - xfsprogs + - podman + - gptfdisk + - parted + - libgcrypt20 + - fuse + - fuse-devel + - libfuse2 + ### + - openssl + - libuuid1 + - btrfsprogs + # used by workunits + - attr + - valgrind + - python3-nose + - ant +# - iozone + ### + # used by the xfstests tasks + - libtool + - automake + - gettext-runtime + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - xfsprogs-devel + ### + # for blktrace and seekwatcher + - blktrace + - python3-numpy + - python3-matplotlib + ### + # for qemu + - qemu-kvm + - usbredir +# - genisoimage + ### + - libevent-devel + # for pretty-printing xml +# - perl-XML-Twig + # for java bindings, hadoop, etc. +# - java-1_8_0-openjdk-devel +# - junit + # for disk/etc monitoring + - smartmontools + # for nfs + - nfs-kernel-server + # for xfstests + - ncurses-devel + - lvm2 + # missing packages in openSUSE minimal image +# - chrony +# - gcc +# - gcc-c++ + - rsyslog + - wget diff --git a/roles/testnode/vars/redhat_6.yml b/roles/testnode/vars/redhat_6.yml new file mode 100644 index 00000000..bafc391b --- /dev/null +++ b/roles/testnode/vars/redhat_6.yml @@ -0,0 +1,109 @@ +--- +# vars specific to rhel 6.x + +common_yum_repos: + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/rhel6/" + enabled: 1 + gpgcheck: 0 + priority: 2 + centos6-fcgi-ceph: + name: "Cent OS 6 Local fastcgi Repo" + baseurl: "http://{{ gitbuilder_host }}/mod_fastcgi-rpm-rhel6-x86_64-basic/ref/master/" + enabled: 1 + gpgcheck: 0 + priority: 2 + centos6-misc-ceph: + name: "Cent OS 6 Local misc Repo" + baseurl: "http://{{ mirror_host }}/misc-rpms/" + enabled: 1 + gpgcheck: 0 + priority: 2 + +packages: + - '@core' + - '@base' + - yum-plugin-priorities + - yum-plugin-fastestmirror + - redhat-lsb + - sysstat + - gdb + - git-all + - python-configobj + # for running ceph + - libedit + - openssl098e + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse + - fuse-libs + ### + - openssl + - libuuid + - btrfs-progs + # used by workunits + - attr + - valgrind + - python-nose + - mpich2 + - ant + - fsstress + - iozone + ### + # used by the xfstests tasks + - libtool + - automake + - gettext + - libuuid-devel + - libacl-devel + - bc + - xfsdump + ### + # for blktrace and seekwatcher + - blktrace + - numpy + - python-matplotlib + ### + # for qemu + - qemu-kvm + - usbredir + - genisoimage + ### + # for apache and rgw + - httpd + - httpd-devel + - httpd-tools + - mod_ssl + - mod_fastcgi-2.4.7-1.ceph.el6 + ### for swift and s3-tests + - libev-devel + # for pretty-printing xml + - perl-XML-Twig + # for java bindings, hadoop, etc. + - java-1.6.0-openjdk-devel + - junit4 + # for nfs + - nfs-utils + + +epel_packages: + # for running ceph + - cryptopp-devel + - cryptopp + - fcgi + # used by workunits + - dbench + - fuse-sshfs + - bonnie++ + # for json_xs to investigate JSON by hand + - perl-JSON-XS + # for ceph-deploy + - python-virtualenv + # for setting BIOS settings + - smbios-utils + +nfs_service: nfs diff --git a/roles/testnode/vars/redhat_7.6.yml b/roles/testnode/vars/redhat_7.6.yml new file mode 100644 index 00000000..84366bb5 --- /dev/null +++ b/roles/testnode/vars/redhat_7.6.yml @@ -0,0 +1,86 @@ +--- +# vars specific to any rhel 7.x version + +common_yum_repos: + rhel-7-fcgi-ceph: + name: "RHEL 7 Local fastcgi Repo" + baseurl: "http://{{ gitbuilder_host }}/mod_fastcgi-rpm-rhel7-x86_64-basic/ref/master/" + enabled: 1 + gpgcheck: 0 + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/rhel7/" + enabled: 1 + gpgcheck: 0 + +packages: + - '@core' + - '@base' + - yum-plugin-priorities + - yum-plugin-fastestmirror + - redhat-lsb + - sysstat + - gdb + - git-all + - python-configobj + - libedit + - openssl098e + - boost-thread + - xfsprogs + - xfsprogs-devel + - gdisk + - parted + - libgcrypt + - fuse + - fuse-libs + - openssl + - libuuid + - btrfs-progs + - attr + - valgrind + - python-nose + - mpich + - ant + - lsof + - iozone + - libtool + - automake + - gettext + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - blktrace + - numpy + - python-matplotlib + - qemu-kvm + - usbredir + - genisoimage + - httpd + - httpd-devel + - httpd-tools + - mod_ssl + - mod_fastcgi-2.4.7-1.ceph.el7 + - perl-XML-Twig + - java-1.6.0-openjdk-devel + - junit4 + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + - python-devel + - python-virtualenv + - perl-CPAN + - python3 + +epel_packages: + - cryptopp-devel + - cryptopp + - dbench + - fcgi + - fuse-sshfs + - perl-JSON-XS + - leveldb + - xmlstarlet + +nfs_service: nfs-server diff --git a/roles/testnode/vars/redhat_7.8.yml b/roles/testnode/vars/redhat_7.8.yml new file mode 100644 index 00000000..f2e8265a --- /dev/null +++ b/roles/testnode/vars/redhat_7.8.yml @@ -0,0 +1,88 @@ +--- +# vars specific to any rhel 7.x version + +common_yum_repos: + rhel-7-fcgi-ceph: + name: "RHEL 7 Local fastcgi Repo" + baseurl: "http://{{ gitbuilder_host }}/mod_fastcgi-rpm-rhel7-x86_64-basic/ref/master/" + enabled: 1 + gpgcheck: 0 + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/rhel7/" + enabled: 1 + gpgcheck: 0 + +packages: + - '@core' + - '@base' + - yum-plugin-priorities + - yum-plugin-fastestmirror + - redhat-lsb + - sysstat + - gdb + - git-all + - python-configobj + - gcc-c++ + - libedit + - openssl098e + - boost-thread + - xfsprogs + - xfsprogs-devel + - gdisk + - parted + - libgcrypt + - fuse + - fuse-libs + - lvm2 + - openssl + - libuuid + - btrfs-progs + - attr + - valgrind + - python-nose + - mpich + - ant + - lsof + - iozone + - libtool + - automake + - gettext + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - blktrace + - numpy + - python-matplotlib + - qemu-kvm + - usbredir + - genisoimage + - httpd + - httpd-devel + - httpd-tools + - mod_ssl + - mod_fastcgi-2.4.7-1.ceph.el7 + - perl-XML-Twig + - java-1.6.0-openjdk-devel + - junit4 + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + - python-devel + - python-virtualenv + - perl-CPAN + - python3 + +epel_packages: + - cryptopp-devel + - cryptopp + - dbench + - fcgi + - fuse-sshfs + - perl-JSON-XS + - leveldb + - xmlstarlet + +nfs_service: nfs-server diff --git a/roles/testnode/vars/redhat_7.yml b/roles/testnode/vars/redhat_7.yml new file mode 100644 index 00000000..77741bd9 --- /dev/null +++ b/roles/testnode/vars/redhat_7.yml @@ -0,0 +1,90 @@ +--- +# vars specific to any rhel 7.x version + +common_yum_repos: + rhel-7-fcgi-ceph: + name: "RHEL 7 Local fastcgi Repo" + baseurl: "http://{{ gitbuilder_host }}/mod_fastcgi-rpm-rhel7-x86_64-basic/ref/master/" + enabled: 1 + gpgcheck: 0 + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/rhel7/" + enabled: 1 + gpgcheck: 0 + +packages: + - '@core' + - '@base' + - yum-plugin-priorities + - yum-plugin-fastestmirror + - redhat-lsb + - sysstat + - gdb + - git-all + - python-configobj + - gcc-c++ + - libedit + - openssl098e + - boost-thread + - xfsprogs + - xfsprogs-devel + - gdisk + - parted + - libgcrypt + - fuse + - fuse-libs + - lvm2 + - openssl + - libuuid + - btrfs-progs + - attr + - valgrind + - python-nose + - mpich + - ant + - lsof + - iozone + - libtool + - automake + - gettext + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - blktrace + - numpy + - python-matplotlib + - qemu-kvm + - usbredir + - genisoimage + - httpd + - httpd-devel + - httpd-tools + - mod_ssl + - mod_fastcgi-2.4.7-1.ceph.el7 + - libev-devel + - perl-XML-Twig + - java-1.6.0-openjdk-devel + - junit4 + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + - python-devel + - python-virtualenv + - perl-CPAN + - podman + - python3 + +epel_packages: + - cryptopp-devel + - cryptopp + - dbench + - fcgi + - fuse-sshfs + - perl-JSON-XS + - leveldb + - xmlstarlet + +nfs_service: nfs-server diff --git a/roles/testnode/vars/redhat_8.yml b/roles/testnode/vars/redhat_8.yml new file mode 100644 index 00000000..b56784fc --- /dev/null +++ b/roles/testnode/vars/redhat_8.yml @@ -0,0 +1,74 @@ +--- +# vars specific to any rhel 8.x version + +common_yum_repos: + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/8/" + enabled: 1 + gpgcheck: 0 + +copr_repos: + - ceph/python3-asyncssh + +packages: + # for package-cleanup + - dnf-utils + - git-all + - sysstat + - libedit + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse-libs + - openssl + - libuuid + - attr + - ant + - lsof + - gettext + - bc + - xfsdump + - blktrace + - usbredir + - podman + - redhat-lsb + - firewalld + - wget + - libev-devel + - valgrind + - nfs-utils + # for xfstests + - ncurses-devel + # for s3 tests + # for workunits, + - gcc + - git + - make + # qa/workunits/rados/test_python.sh + - python3-nose + # for cram tests + - python3-virtualenv + # for rbd qemu tests + - genisoimage + - qemu-img + - qemu-kvm-core + - qemu-kvm-block-rbd + # for pjd tests + - libacl-devel + # for fs tests, + - autoconf + # for test-crash.sh + - gdb + - iozone + # cephadm + - lvm2 + +epel_packages: + - dbench + +nfs_service: nfs-server + +ntp_service_name: chronyd diff --git a/roles/testnode/vars/redhat_9.yml b/roles/testnode/vars/redhat_9.yml new file mode 100644 index 00000000..8c253880 --- /dev/null +++ b/roles/testnode/vars/redhat_9.yml @@ -0,0 +1,63 @@ +--- +# Packages that are in RHEL8 but not in RHEL9: +# redhat-lsb libev-devel python3-nose python3-virtualenv iozone +# Packages that needed to be added to this vars file: +# python3-pip + +packages: + - dnf-utils + - git-all + - sysstat + - libedit + - boost-thread + - xfsprogs + - gdisk + - parted + - libgcrypt + - fuse-libs + - openssl + - libuuid + - attr + - ant + - lsof + - gettext + - bc + - xfsdump + - blktrace + - usbredir + - podman + - firewalld + - wget + - valgrind + - nfs-utils + - ncurses-devel + - gcc + - git + - make + - genisoimage + - qemu-img + - qemu-kvm-core + - qemu-kvm-block-rbd + - libacl-devel + - autoconf + - gdb + - lvm2 + - python3-pip + - NetworkManager-initscripts-updown + +ceph_dependency_packages_to_remove: + - boost-random + - boost-program-options + - leveldb + - xmlstarlet + - boost-random + - hdparm + +epel_packages: + - dbench + +nfs_service: nfs-server + +ntp_service_name: chronyd + +configure_abrt: false diff --git a/roles/testnode/vars/ubuntu.yml b/roles/testnode/vars/ubuntu.yml new file mode 100644 index 00000000..36ee10aa --- /dev/null +++ b/roles/testnode/vars/ubuntu.yml @@ -0,0 +1,94 @@ +--- +common_packages: + # for apache + - libfcgi0ldbl + ### + # for s3 tests + - libev-dev + ### + # for cpan + - perl + - libwww-perl + ### + - lsb-release + - build-essential + - sysstat + - gdb + # for running ceph + - libedit2 + - cryptsetup-bin + - xfsprogs + - gdisk + - parted + ### + # for setting BIOS settings + ### + - libuuid1 + # for compiling helpers and such + - libatomic-ops-dev + ### + # used by workunits + - git-core + - attr + - dbench + - bonnie++ + - valgrind + - ant + ### + # used by the xfstests tasks + - libtool + - automake + - gettext + - uuid-dev + - libacl1-dev + - bc + - xfsdump + - xfslibs-dev + - libattr1-dev + - quota + - libcap2-bin + - libncurses5-dev + - lvm2 + ### + - vim + - pdsh + # for blktrace and seekwatcher + - blktrace + ### + # qemu + - genisoimage + ### + # for json_xs to investigate JSON by hand + - libjson-xs-perl + # for pretty-printing xml + - xml-twig-tools + # for java bindings, hadoop, etc. + - default-jdk + - junit4 + ### + # for samba testing + - cifs-utils + # for Static IP + - ipcalc + # nfs + - nfs-common + - nfs-kernel-server + # for add-apt-repository + - software-properties-common + # for https://twitter.com/letsencrypt/status/1443621997288767491 + - libgnutls30 + +non_aarch64_common_packages: + - smbios-utils + - libfcgi + - sysprof + +packages_to_upgrade: + - apt + - apache2 + +non_aarch64_packages_to_upgrade: + - libapache2-mod-fastcgi + +no_recommended_packages: + - collectl diff --git a/roles/testnode/vars/ubuntu_12.04.yml b/roles/testnode/vars/ubuntu_12.04.yml new file mode 100644 index 00000000..5e8953dd --- /dev/null +++ b/roles/testnode/vars/ubuntu_12.04.yml @@ -0,0 +1,25 @@ +--- +packages: + - libgoogle-perftools0 + - libboost-thread1.46.1 + - ltp-kernel-test + - libmpich2-3 + - kvm + ### + # for setting BIOS settings + ### + - libcrypto++9 + ### + # used by workunits + - mpich2 + - libmpich2-dev + - python-dev + +non_aarch64_packages: + - iozone3 + - dmapi + - libssl0.9.8 + +# on precise rpcbind does not provide a way to +# be managed with upstart +start_rpcbind: false diff --git a/roles/testnode/vars/ubuntu_14.yml b/roles/testnode/vars/ubuntu_14.yml new file mode 100644 index 00000000..5a3fd700 --- /dev/null +++ b/roles/testnode/vars/ubuntu_14.yml @@ -0,0 +1,26 @@ +--- +apt_repos: + # mod_fastcgi for radosgw + - "deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-trusty-x86_64-basic/ref/master/ trusty main" + +packages: + - libboost-thread1.54.0 + - mpich + - qemu-system-x86 +# - blkin + - lttng-tools + ### + # for setting BIOS settings + ### + - libcrypto++9 + ### + # used by workunits + - mpich2 + - libmpich2-dev + - python-dev + +non_aarch64_packages: + - libgoogle-perftools4 + - iozone3 + - dmapi + - libssl0.9.8 diff --git a/roles/testnode/vars/ubuntu_15.yml b/roles/testnode/vars/ubuntu_15.yml new file mode 100644 index 00000000..0b439cb4 --- /dev/null +++ b/roles/testnode/vars/ubuntu_15.yml @@ -0,0 +1,26 @@ +--- +apt_repos: [] + +packages: + - libgoogle-perftools4 +# FIXME: not available on vivid, figure out what's available and use it +# - libboost-thread1.54.0 + - mpich + - qemu-system-x86 +# FIXME: not available on vivid, figure out what's available and use it +# - blkin + - lttng-tools + ### + # for setting BIOS settings + ### + - libcrypto++9 + ### + # used by workunits + - mpich2 + - libmpich2-dev + - python-dev + +non_aarch64_packages: + - iozone3 + - dmapi + - libssl0.9.8 diff --git a/roles/testnode/vars/ubuntu_16.yml b/roles/testnode/vars/ubuntu_16.yml new file mode 100644 index 00000000..10283eb4 --- /dev/null +++ b/roles/testnode/vars/ubuntu_16.yml @@ -0,0 +1,37 @@ +--- +apt_repos: + # http://tracker.ceph.com/issues/18126 + - "deb [trusted=yes] https://chacra.ceph.com/r/valgrind/latest/HEAD/ubuntu/xenial/flavors/default/ xenial main" + +packages: + - libboost-thread1.58.0 + - mpich + - qemu-system-x86 + - python-virtualenv + - python-configobj + - python-gevent + - python-numpy + - python-matplotlib + - python-nose + - btrfs-tools +# - blkin + - lttng-tools + ### + # for setting BIOS settings + ### + - libcrypto++9v5 + ### + # for building xfstests #18067 + - libtool-bin + - python-dev + +packages_to_upgrade: + # http://tracker.ceph.com/issues/13522#note-51 + - libgoogle-perftools4 + # http://tracker.ceph.com/issues/18126#note-11 + - valgrind + +non_aarch64_packages: + - libgoogle-perftools4 + - iozone3 + - libssl1.0.0 diff --git a/roles/testnode/vars/ubuntu_18.yml b/roles/testnode/vars/ubuntu_18.yml new file mode 100644 index 00000000..ce4d09f2 --- /dev/null +++ b/roles/testnode/vars/ubuntu_18.yml @@ -0,0 +1,27 @@ +--- +packages: + - mpich + - qemu-system-x86 + - python-virtualenv + - python-configobj + - python-gevent + - python-numpy + - python-matplotlib + - python-nose + - btrfs-tools +# - blkin + - lttng-tools + # for building xfstests #18067 + - libtool-bin + # for ceph-daemon (no podman on ubuntu/debian, yet) + - docker.io + # qa/workunits/rbd/test_librbd_python.sh + - python3-nose + - python-dev + +non_aarch64_packages: + - libgoogle-perftools4 + - iozone3 + - libssl1.0.0 + +non_aarch64_packages_to_upgrade: [] diff --git a/roles/testnode/vars/ubuntu_20.yml b/roles/testnode/vars/ubuntu_20.yml new file mode 100644 index 00000000..75e7a385 --- /dev/null +++ b/roles/testnode/vars/ubuntu_20.yml @@ -0,0 +1,27 @@ +--- +packages: + - mpich + - qemu-system-x86 +# - blkin + - lttng-tools + # for building xfstests #18067 + - libtool-bin + # for ceph-daemon (no podman on ubuntu/debian, yet) + - docker.io + # qa/workunits/rbd/test_librbd_python.sh + - python3-nose + # python3 version of deps + - python3-venv + - python3-virtualenv + - python3-configobj + - python3-gevent + - python3-numpy + - python3-matplotlib + - python3-setuptools + - python-dev + +non_aarch64_packages: + - libgoogle-perftools4 + - iozone3 + +non_aarch64_packages_to_upgrade: [] diff --git a/roles/testnode/vars/ubuntu_22.yml b/roles/testnode/vars/ubuntu_22.yml new file mode 100644 index 00000000..9bdf7f46 --- /dev/null +++ b/roles/testnode/vars/ubuntu_22.yml @@ -0,0 +1,29 @@ +--- +packages: + - mpich + - qemu-system-x86 +# - blkin + - lttng-tools + # for building xfstests #18067 + - libtool-bin + # for ceph-daemon (no podman on ubuntu/debian, yet) + - docker.io + # qa/workunits/rbd/test_librbd_python.sh + - python3-nose + # python3 version of deps + - python3-venv + - python3-virtualenv + - python3-configobj + - python3-gevent + - python3-numpy + - python3-matplotlib + - python3-setuptools + - python3-dev + +non_aarch64_packages: + - libgoogle-perftools4 + - iozone3 + +non_aarch64_packages_to_upgrade: [] + +python_apt_package_name: python3-apt diff --git a/roles/testnode/vars/yum_systems.yml b/roles/testnode/vars/yum_systems.yml new file mode 100644 index 00000000..8d2843a6 --- /dev/null +++ b/roles/testnode/vars/yum_systems.yml @@ -0,0 +1,51 @@ +--- +ntp_service_name: ntpd +ssh_service_name: sshd + +packages_to_remove: + # multipath interferes with krbd tests + - device-mapper-multipath + # tgt interferes with ceph-iscsi tests + - scsi-target-utils + +# ceph packages that we ensure do not exist +ceph_packages_to_remove: + - ceph + - ceph-base + - ceph-selinux + - ceph-common + - ceph-debuginfo + - ceph-release + - libcephfs1 + - ceph-radosgw + - python-ceph + - python-rados + - python-rbd + - python-cephfs + - librbd1 + - librados2 + - mod_fastcgi + +ceph_dependency_packages_to_remove: + - boost-random + - boost-program-options + - leveldb + - xmlstarlet + - python-jinja2 + - python-ceph + - python-flask + - python-requests + - boost-random + - python-urllib3 + - python-babel + - hdparm + - python-markupsafe + - python-werkzeug + - python-itsdangerous + +pip_packages_to_install: + - remoto>=0.0.35 + +# This gets defined to "-stream" in roles/testnode/tasks/yum_systems.yml when CentOS Stream is the OS. +# It adds "-stream" to yum repo mirrorlist URLs. +dash_stream: "" diff --git a/roles/testnode/vars/zypper_systems.yml b/roles/testnode/vars/zypper_systems.yml new file mode 100644 index 00000000..3ef15455 --- /dev/null +++ b/roles/testnode/vars/zypper_systems.yml @@ -0,0 +1,49 @@ +--- +ntp_service_name: chronyd +ssh_service_name: sshd +nrpe_service_name: nrpe +nrpe_user: nrpe +nrpe_group: nrpe +nagios_plugins_directory: /usr/lib64/nagios/plugins + +packages_to_remove: + # multipath interferes with krbd tests + - multipath-tools + # tgt interferes with ceph-iscsi tests + - tgt + +# ceph packages that we ensure do not exist +ceph_packages_to_remove: + - ceph + - ceph-base + - ceph-selinux + - ceph-common + - ceph-debuginfo + - ceph-release + - libcephfs1 + - ceph-radosgw + - python-ceph + - python-rados + - python-rbd + - python-cephfs + - librbd1 + - librados2 + - mod_fastcgi + - iozone + +ceph_dependency_packages_to_remove: + - boost-random + - boost-program-options + - leveldb + - xmlstarlet + - python-jinja2 + - python-ceph + - python-flask + - python-requests + - boost-random + - python-urllib3 + - python-babel + - hdparm + - python-markupsafe + - python-werkzeug + - python-itsdangerous diff --git a/roles/teuthology/README.rst b/roles/teuthology/README.rst new file mode 100644 index 00000000..2a94e83c --- /dev/null +++ b/roles/teuthology/README.rst @@ -0,0 +1,22 @@ +Teuthology +========== + +This role is used to manage the main teuthology node in a lab, e.g. +``teuthology.front.sepia.ceph.com``. + +It only depends on the ``common`` role. + +It also does the following: + +- Install dependencies required for ``teuthology`` +- Create the ``teuthology`` and ``teuthworker`` users which are used for + scheduling and executing tests, respectively +- Clone ``teuthology`` repos into ``~/src/teuthology_main`` under those user accounts +- Run ``teuthology``'s ``bootstrap`` script +- Manages user accounts and sudo privileges using the ``test_admins`` group_var in the secrets repo +- Includes a script to keep the ``teuthology`` user's crontab up to date with remote version-controlled versions (``--tags="crontab") + +It currently does NOT do these things: + +- Manage ``teuthology-worker`` processes +- Run ``teuthology-nuke --stale`` diff --git a/roles/teuthology/defaults/main.yml b/roles/teuthology/defaults/main.yml new file mode 100644 index 00000000..20605dc6 --- /dev/null +++ b/roles/teuthology/defaults/main.yml @@ -0,0 +1,17 @@ +--- +teuthology_scheduler_user: teuthology +teuthology_execution_user: teuthworker + +teuthology_users: + # for scheduling tests + - "{{ teuthology_scheduler_user }}" + # for executing tests + - "{{ teuthology_execution_user }}" + +teuthology_repo: https://github.com/ceph/teuthology.git +teuthology_branch: "main" +teuthology_yaml_extra: "" +teuthology_ceph_git_base_url: "git://git.ceph.com/" +archive_base: "/home/{{ teuthology_execution_user }}/archive" + +remote_crontab_url: "https://raw.githubusercontent.com/ceph/ceph/main/qa/crontab/teuthology-cronjobs" diff --git a/roles/teuthology/meta/main.yml b/roles/teuthology/meta/main.yml new file mode 100644 index 00000000..72869df5 --- /dev/null +++ b/roles/teuthology/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: users diff --git a/roles/teuthology/tasks/apt_systems.yml b/roles/teuthology/tasks/apt_systems.yml new file mode 100644 index 00000000..2ce01210 --- /dev/null +++ b/roles/teuthology/tasks/apt_systems.yml @@ -0,0 +1,14 @@ +--- +- name: Include package type specific vars. + include_vars: "apt_systems.yml" + tags: + - always + +- name: Install packages via apt + apt: + name: "{{ teuthology_extra_packages|list }}" + state: latest + update_cache: yes + cache_valid_time: 600 + tags: + - packages diff --git a/roles/teuthology/tasks/main.yml b/roles/teuthology/tasks/main.yml new file mode 100644 index 00000000..d55f1e81 --- /dev/null +++ b/roles/teuthology/tasks/main.yml @@ -0,0 +1,60 @@ +--- +- import_tasks: zypper_systems.yml + when: ansible_pkg_mgr == "zypper" + +- import_tasks: apt_systems.yml + when: ansible_pkg_mgr == "apt" + +# Yum systems support is not implemented yet. +- import_tasks: yum_systems.yml + when: ansible_pkg_mgr == "yum" + +# Set up the different users that teuthology uses +- import_tasks: setup_users.yml + +- name: Ship /etc/teuthology.yaml + template: + src: teuthology.yaml + dest: /etc/teuthology.yaml + mode: 0755 + tags: + - config + +- name: Ship /etc/init.d/teuthology-worker + template: + src: teuthology-worker.init + dest: /etc/init.d/teuthology-worker + mode: 0755 + tags: + - config + +- name: Ensure scheduler user binary directory exists + file: + state: directory + owner: "{{ teuthology_scheduler_user }}" + group: "{{ teuthology_scheduler_user }}" + path: "/home/{{ teuthology_scheduler_user }}/bin" + mode: 0755 + tags: + - crontab + +- name: Ship teuthology user's crontab update script + template: + src: update-crontab.sh + dest: "/home/{{ teuthology_scheduler_user }}/bin/update-crontab.sh" + mode: 0775 + owner: "{{ teuthology_scheduler_user }}" + group: "{{ teuthology_scheduler_user }}" + tags: + - crontab + +# Serve logs over HTTP +- import_tasks: setup_log_access.yml + tags: + - logs + +- name: Enable and start beanstalkd + service: + name: beanstalkd + state: started + enabled: yes diff --git a/roles/teuthology/tasks/setup_log_access.yml b/roles/teuthology/tasks/setup_log_access.yml new file mode 100644 index 00000000..95db9d6e --- /dev/null +++ b/roles/teuthology/tasks/setup_log_access.yml @@ -0,0 +1,31 @@ +--- +- name: Disable default nginx config + file: + name: /etc/nginx/sites-enabled/default + state: absent + +- name: Ship nginx config + template: + src: nginx.conf + dest: "{{ nginx_available }}/test_logs.conf" + +- name: Enable nginx config + file: + src: "{{ nginx_available }}/test_logs.conf" + dest: "{{ nginx_enabled }}/test_logs.conf" + state: link + +# Ignore errors in case service doesn't exist +- name: Disable apache httpd + service: + name: "{{ apache_service }}" + enabled: no + state: stopped + ignore_errors: true + +- name: Enable nginx + service: + name: nginx + enabled: yes + state: reloaded + changed_when: false diff --git a/roles/teuthology/tasks/setup_users.yml b/roles/teuthology/tasks/setup_users.yml new file mode 100644 index 00000000..741ba0a9 --- /dev/null +++ b/roles/teuthology/tasks/setup_users.yml @@ -0,0 +1,105 @@ +--- +- name: Create group + group: + name: "{{ item }}" + state: present + with_items: "{{ teuthology_users }}" + tags: + - user + +- name: Create users + user: + name: "{{ item }}" + state: present + shell: /bin/bash + with_items: "{{ teuthology_users }}" + tags: + - user + +# test-admins group gets sudo rights to /bin/kill pids (used by teuthology-kill) +- name: Create test-admins group + group: + name: test-admins + state: present + tags: + - user + +- name: Add test_admins to test-admins group + user: + name: "{{ item }}" + groups: test-admins + append: yes + with_items: "{{ test_admins }}" + tags: + - user + when: test_admins is defined and test_admins|length > 0 + +- name: Grant test-admins sudo access to /bin/kill + lineinfile: + dest: /etc/sudoers.d/cephlab_sudo + regexp: "^%test-admins" + line: "%test-admins ALL=NOPASSWD: /bin/kill, /usr/bin/kill" + state: present + validate: visudo -cf %s + tags: + - user + +- name: Determine teuthology GitHub PR + set_fact: + teuthology_ghpr: "{{ teuthology_branch | regex_replace( '^origin/pr/([^/]+)/.*$', '\\1') }}" + +- name: Clone the teuthology repo for GitHub PR + git: + repo: "https://github.com/ceph/teuthology" + dest: /home/{{ item }}/src/teuthology_main + version: "{{ teuthology_branch }}" + refspec: '+refs/pull/{{ teuthology_ghpr }}/*:refs/origin/pr/{{ teuthology_ghpr }}/*' + become_user: "{{ item }}" + with_items: "{{ teuthology_users }}" + tags: + - repos + when: teuthology_ghpr is defined and teuthology_ghpr != teuthology_branch + +- name: Clone the teuthology repo + git: + repo: "{{ teuthology_repo }}" + dest: /home/{{ item }}/src/teuthology_main + version: "{{ teuthology_branch }}" + become_user: "{{ item }}" + with_items: "{{ teuthology_users }}" + tags: + - repos + when: teuthology_ghpr is not defined or teuthology_ghpr == teuthology_branch + +- name: Run bootstrap + shell: NO_CLOBBER=true ./bootstrap + args: + chdir: /home/{{ item }}/src/teuthology_main/ + become_user: "{{ item }}" + with_items: "{{ teuthology_users }}" + register: bootstrap + changed_when: bootstrap.stdout_lines[-1]|length > 60 + tags: + - repos + +- name: Add teuthology scripts to PATH + lineinfile: + dest: /home/{{ item }}/.profile + regexp: teuthology_main + line: 'PATH="$HOME/src/teuthology_main/virtualenv/bin:$PATH"' + become_user: "{{ item }}" + with_items: "{{ teuthology_users }}" + +- name: Ensure teuthology is usable + shell: "./teuthology --version" + args: + chdir: /home/{{ item }}/src/teuthology_main/virtualenv/bin/ + become_user: "{{ item }}" + with_items: "{{ teuthology_users }}" + changed_when: false + +- name: Ensure archive directory exists + shell: "mkdir -p {{ archive_base }}/worker_logs" + become_user: "{{ teuthology_execution_user }}" + tags: + - logs diff --git a/roles/teuthology/tasks/yum_systems.yml b/roles/teuthology/tasks/yum_systems.yml new file mode 100644 index 00000000..78a67105 --- /dev/null +++ b/roles/teuthology/tasks/yum_systems.yml @@ -0,0 +1,3 @@ +--- +- fail: + msg: "yum systems are not supported at this time" diff --git a/roles/teuthology/tasks/zypper_systems.yml b/roles/teuthology/tasks/zypper_systems.yml new file mode 100644 index 00000000..d01969c2 --- /dev/null +++ b/roles/teuthology/tasks/zypper_systems.yml @@ -0,0 +1,13 @@ +--- +- name: Include package type specific vars. + include_vars: "zypper_{{ ansible_distribution | lower | replace(' ', '_') }}_{{ ansible_distribution_version }}.yml" + tags: + - always + +- name: Install packages via zypper + zypper: + name: "{{ teuthology_extra_packages|list }}" + state: latest + update_cache: yes + tags: + - packages diff --git a/roles/teuthology/templates/nginx.conf b/roles/teuthology/templates/nginx.conf new file mode 100644 index 00000000..d459062d --- /dev/null +++ b/roles/teuthology/templates/nginx.conf @@ -0,0 +1,22 @@ +# {{ ansible_managed }} +server { + gzip on; + gzip_types *; + gzip_comp_level 9; + gzip_proxied any; + gzip_vary on; + gzip_static on; + allow all; + autoindex on; + server_name {{ inventory_hostname }}; + location /teuthology { + alias {{ archive_base }}; + # Prevents Chromium from thinking certain text files are binary, + # e.g. console logs while reimaging is underway + add_header X-Content-Type-Options nosniff; + } + types { + text/plain log; + text/plain yaml yml; + } +} diff --git a/roles/teuthology/templates/teuthology-worker.init b/roles/teuthology/templates/teuthology-worker.init new file mode 100644 index 00000000..a1c534d2 --- /dev/null +++ b/roles/teuthology/templates/teuthology-worker.init @@ -0,0 +1,166 @@ +#!/bin/bash +# +# Copyright (c) 2015 Red Hat, Inc. +# +# Author: Loic Dachary +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. +# +### BEGIN INIT INFO +# Provides: teuthology +# Required-Start: $network $remote_fs $syslog beanstalkd nginx +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Start teuthology +### END INIT INFO + +export NWORKERS=20 + +[ -f /etc/default/teuthology ] && source /etc/default/teuthology + +user=${TEUTHOLOGY_USERNAME:-"{{ teuthology_execution_user }}"} +export HOME=/home/$user +export WORKER_HOME=$HOME/src/teuthology_main +#/usr/share/nginx/html +export WORKER_ARCH=$HOME/archive + +[ -d $WORKER_ARCH ] || sudo -u $user mkdir -p $WORKER_ARCH + +function worker_pidfile() { + echo /var/run/teuthology-worker.$1.pid +} +function worker_logfile() { + echo /var/log/teuthology.${1}.log +} + +function stop_worker() { + wnum=$1 + wpidfile=$(worker_pidfile $wnum) + if [[ -f $wpidfile ]] ; then + wpid=$(cat $wpidfile) + echo Killing worker $wnum with pid=$wpid... + pkill -P $wpid + pkill $wpid + rm -f $wpidfile + fi +} + +function stop_workers() { + for i in $(seq 1 $NWORKERS) ; do + stop_worker $i + done +} + +function start_worker() { + local wlogfile=$1 + local wpidfile=$2 + local worklogs=/tmp/$user-logs + mkdir -p $worklogs && chown $user: $worklogs + su - -c " +cd /home/$user +source openrc.sh +cd $WORKER_HOME +export LC_ALL=C +virtualenv/bin/teuthology-worker --tube openstack -l $worklogs --archive-dir $WORKER_ARCH +" $user > $wlogfile 2>&1 & { + echo $! > $wpidfile + echo "Started worker with pid=$! see log $wlogfile" + } +} + +function rkill() { + local pid=$1 + for i in $(pgrep -P $pid) ; do + rkill $i + done + echo Killing process $pid + kill -9 $pid +} + +function stop_process() { + local pidfile=$1 + [[ -f $pidfile ]] && { + local pid=$(cat $pidfile) + rkill $pid + ps --no-headers $pid 2>&1 > /dev/null || rm $pidfile + } +} + +function start_workers() { + for i in $(seq 1 $NWORKERS) ; do + local wpidfile=$(worker_pidfile $i) + local wlogfile=$(worker_logfile $i) + [[ -f $wpidfile ]] && { + local wpid=$(cat $wpidfile) + ps --no-headers -p $wpid 2>&1 > /dev/null && { + echo Worker $i is already running with process $wpid + continue + } + } + start_worker $wlogfile $wpidfile + done +} +echo $1 +case $1 in + start-workers) + start_workers + ;; + list-workers) + for i in $(ls /var/run | grep teuthology-worker | sort) ; do + WPID=$(cat /var/run/$i) + WORKER=${i##teuthology-worker.} + WORKER=${WORKER%%.pid} + STATUS=$(ps --no-headers -p $WPID 2>&1 > /dev/null && echo running || echo dead) + echo $WORKER PID:$WPID STATUS:$STATUS + done + ;; + stop-workers) + echo Stopping workers + stop_workers + ;; + stop-worker) + stop_worker $2 + ;; + restart-workers) + $0 stop-workers + $1 start-workers + ;; + start) + ( + cd /home/$user + source openrc.sh + cd teuthology + . virtualenv/bin/activate + teuthology-lock --list-targets --owner scheduled_$user@teuthology > /tmp/t + if test -s /tmp/t && ! grep -qq 'targets: {}' /tmp/t ; then + teuthology-lock --unlock -t /tmp/t --owner scheduled_$user@teuthology + fi + start_workers + ) + ;; + stop) + $0 stop-workers + ;; + restart) + $0 stop + $0 start + ;; + *) +esac diff --git a/roles/teuthology/templates/teuthology.yaml b/roles/teuthology/templates/teuthology.yaml new file mode 100644 index 00000000..8fedf206 --- /dev/null +++ b/roles/teuthology/templates/teuthology.yaml @@ -0,0 +1,16 @@ +# {{ ansible_managed }} +lock_server: {{ paddles_address }} +results_server: {{ paddles_address }} +results_ui_server: {{ pulpito_address }} +results_email: {{ teuthology_results_email|default('null') }} +results_sending_email: {{ teuthology_results_sending_email|default('null') }} +lab_domain: {{ lab_domain|default('teuthology') }} +default_machine_type: {{ teuthology_default_machine_type|default('null') }} +max_job_time: {{ teuthology_max_job_time|default(129600) }} +{{ teuthology_yaml_extra }} +# Not yet configurable via ansible +archive_server: http://{{ inventory_hostname }}/ +archive_base: {{ archive_base }} +ceph_git_base_url: {{ teuthology_ceph_git_base_url }} +queue_host: localhost +queue_port: 11300 diff --git a/roles/teuthology/templates/update-crontab.sh b/roles/teuthology/templates/update-crontab.sh new file mode 100755 index 00000000..76356496 --- /dev/null +++ b/roles/teuthology/templates/update-crontab.sh @@ -0,0 +1,49 @@ +#/bin/bash +# +# {{ ansible_managed }} +# +# Script to update teuthology user's crontab for scheduling suite runs + +REMOTE_CRONTAB_URL="{{ remote_crontab_url }}" +TEMP_DIR="$(mktemp -d /tmp/XXXXXXXX)" +CHKCRONTAB_PATH=~/bin/chkcrontab-venv + +# Output remote crontab to temp file +curl -s -o $TEMP_DIR/new $REMOTE_CRONTAB_URL > /dev/null + +# Output existing crontab +crontab -l > $TEMP_DIR/old + +# Check for differences +diff $TEMP_DIR/old $TEMP_DIR/new + +if [ $? -eq 0 ]; then + echo "No changes. Exiting." + exit 0 +fi + +# Install chkcrontab if needed +# https://pypi.python.org/pypi/chkcrontab +if ! [ -x ${CHKCRONTAB_PATH}/bin/chkcrontab ]; then + rm -rf $CHKCRONTAB_PATH + mkdir $CHKCRONTAB_PATH + virtualenv $CHKCRONTAB_PATH + source $CHKCRONTAB_PATH/bin/activate + pip install chkcrontab +else + source $CHKCRONTAB_PATH/bin/activate +fi + +# Perform the actual crontab syntax check +chkcrontab $TEMP_DIR/new + +if [ $? -eq 0 ]; then + # Install crontab + deactivate + crontab $TEMP_DIR/new + rm -rf $TEMP_DIR + echo "Installed new crontab successfully at $(date)" +else + echo "Checking crontab in $TEMP_DIR/new failed" + exit 1 +fi diff --git a/roles/teuthology/vars/apt_systems.yml b/roles/teuthology/vars/apt_systems.yml new file mode 100644 index 00000000..50f5d3eb --- /dev/null +++ b/roles/teuthology/vars/apt_systems.yml @@ -0,0 +1,25 @@ +--- +teuthology_extra_packages: + # The following packages are requirements for bootstrapping teuthology + - git-all + - virtualenv + - python3-dev + - python3-pip + - python3-virtualenv + - libev-dev + - python3-libvirt + - beanstalkd + - qemu-utils + - libev-dev + - libvirt-dev + # The following packages are requirements for running teuthology + - libmysqlclient-dev + - libffi-dev + - libssl-dev + - libyaml-dev + # The following are requirements for serving teuthology logs + - nginx + +apache_service: apache2 +nginx_available: "/etc/nginx/sites-available" +nginx_enabled: "/etc/nginx/sites-enabled" diff --git a/roles/teuthology/vars/yum_systems.yml b/roles/teuthology/vars/yum_systems.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/roles/teuthology/vars/yum_systems.yml @@ -0,0 +1 @@ +--- diff --git a/roles/teuthology/vars/zypper_opensuse_leap_15.0.yml b/roles/teuthology/vars/zypper_opensuse_leap_15.0.yml new file mode 100644 index 00000000..793d54e7 --- /dev/null +++ b/roles/teuthology/vars/zypper_opensuse_leap_15.0.yml @@ -0,0 +1,22 @@ +--- +teuthology_extra_packages: + - beanstalkd + - git + - gcc + - libev-devel + - libffi-devel + - libmysqlclient-devel + - libopenssl-devel + - libvirt-devel + - libvirt-python + - libyaml-devel + - lsb-release + - nginx + - python-devel + - python-pip + - python-virtualenv + - qemu-tools + +#apache_service: apache2 +nginx_available: "/etc/nginx" +nginx_enabled: "/etc/nginx/vhosts.d" diff --git a/roles/teuthology/vars/zypper_opensuse_leap_15.1.yml b/roles/teuthology/vars/zypper_opensuse_leap_15.1.yml new file mode 100644 index 00000000..b376be55 --- /dev/null +++ b/roles/teuthology/vars/zypper_opensuse_leap_15.1.yml @@ -0,0 +1,26 @@ +--- +teuthology_extra_packages: + - beanstalkd + - git + - gcc + - libev-devel + - libffi-devel + - libmysqlclient-devel + - libopenssl-devel + - libvirt-devel + - libyaml-devel + - lsb-release + - nginx + - python2-devel + - python3-devel + - python2-pip + - python3-pip + - python2-virtualenv + - python3-virtualenv + - python2-libvirt-python + - python3-libvirt-python + - qemu-tools + +#apache_service: apache2 +nginx_available: "/etc/nginx" +nginx_enabled: "/etc/nginx/vhosts.d" diff --git a/roles/teuthology/vars/zypper_opensuse_leap_15.2.yml b/roles/teuthology/vars/zypper_opensuse_leap_15.2.yml new file mode 100644 index 00000000..d14999c8 --- /dev/null +++ b/roles/teuthology/vars/zypper_opensuse_leap_15.2.yml @@ -0,0 +1,21 @@ +--- +teuthology_extra_packages: + - beanstalkd + - git + - gcc + - libev-devel + - libffi-devel + - libmysqlclient-devel + - libopenssl-devel + - libvirt-devel + - libyaml-devel + - lsb-release + - nginx + - python3-devel + - python3-pip + - python3-virtualenv + - python3-libvirt-python + - qemu-tools + +nginx_available: "/etc/nginx" +nginx_enabled: "/etc/nginx/vhosts.d" diff --git a/roles/teuthology/vars/zypper_opensuse_leap_15.3.yml b/roles/teuthology/vars/zypper_opensuse_leap_15.3.yml new file mode 100644 index 00000000..d14999c8 --- /dev/null +++ b/roles/teuthology/vars/zypper_opensuse_leap_15.3.yml @@ -0,0 +1,21 @@ +--- +teuthology_extra_packages: + - beanstalkd + - git + - gcc + - libev-devel + - libffi-devel + - libmysqlclient-devel + - libopenssl-devel + - libvirt-devel + - libyaml-devel + - lsb-release + - nginx + - python3-devel + - python3-pip + - python3-virtualenv + - python3-libvirt-python + - qemu-tools + +nginx_available: "/etc/nginx" +nginx_enabled: "/etc/nginx/vhosts.d" diff --git a/roles/teuthology/vars/zypper_opensuse_leap_42.3.yml b/roles/teuthology/vars/zypper_opensuse_leap_42.3.yml new file mode 100644 index 00000000..280a260c --- /dev/null +++ b/roles/teuthology/vars/zypper_opensuse_leap_42.3.yml @@ -0,0 +1,22 @@ +--- +teuthology_extra_packages: + - beanstalkd + - git + - gcc + - libev-devel + - libffi48-devel + - libmysqlclient-devel + - libopenssl-devel + - libvirt-devel + - libvirt-python + - libyaml-devel + - lsb-release + - nginx + - python-devel + - python-pip + - python-virtualenv + - qemu-tools + +#apache_service: apache2 +nginx_available: "/etc/nginx" +nginx_enabled: "/etc/nginx/vhosts.d" diff --git a/roles/users/README.rst b/roles/users/README.rst new file mode 100644 index 00000000..e4f5e3c0 --- /dev/null +++ b/roles/users/README.rst @@ -0,0 +1,123 @@ +Users +===== + +This role is used to manage user accounts on a node. In either your group_vars +or host_vars files you must define two variables for this role to use: +``managed_users`` and ``managed_admin_users``. The ``managed_users`` variable +will create users without sudo access while users in the +``managed_admin_users`` list will be granted sudo access. Sudo access is +granted by adding the ``managed_admin_users`` to the group ``sudo`` which +should be created beforehand. It is not required to add both of these vars to +your inventory, only use what makes sense for the node being managed. + +Additionally, if you have defined ``managed_users`` and ``managed_admin_users`` +for a set of hosts and want to grant sudo access to users on a subset of those +hosts, you may define ``extra_admin_users`` for that group. The format of that +variable is similar to the other two, except the ``key`` field is optional for +each user which is already present in ``managed_users``. This is to allow +flexibility without as much repetition. + +When adding a user, these steps are performed for each user: + +- Ensures that the user exists (tags: users) + +- Sets the user's shell to bin/bash (tags: users) + +- Ensures that the user's homedir exists (tags: users) + +- Adds the user to the ``sudo`` group if in ``managed_admin_users`` (tags: users) + +- Adds the user's public key to ~/.ssh/authorized_keys (tags: pubkeys) + + +This role also supports revoking user access by removing all users in the +``revoked_users`` variable. + + +Usage ++++++ + +This role is required as a dependency for the ``common`` role so it's already in use for most +all groups and playbooks, but if you need to manage users for a specific node or for a +one-off situation you can use the users.yml playbook. + +For example, this would create and update keys for all users defined for $NODE. First, be +sure to define either ``managed_users`` or ``managed_admin_users`` in your inventory; then:: + + $ ansible-playbook users.yml --limit="$NODE" + +You can also filter the list of users being managed by passing the 'users' variable:: + + $ ansible-playbook users.yml --limit="$NODE" --extra-vars='{"users": ["user1"]}' + +Variables ++++++++++ + +Available variables are listed below, along with default values (see ``defaults/main.yml``): + +A list of hashes that define users that will be created **without** sudo access:: + + managed_users: [] + +A list of hashes that define users that will be created **with** sudo access:: + + managed_admin_users: [] + +Both of these lists require that the user data be a yaml hash that defines both a ``name`` +and ``key`` property. The ``name`` will become the user's username and ``key`` is either +and SSH public key as a string or a url. + +For example, in inventory/group_vars/webservers.yml you might have a list of users like this:: + + --- + managed_users: + - name: user1 + key: + - name: user2 + key: + + managed_admin_users: + - name: admin + key: + +A list of usernames to filter ``managed_users`` and ``managed_admin_users`` by:: + + users: [] + +A list of usernames whose access is to be revoked:: + + revoked_users: [] + +The users role writes a sentinel file, ``/keys-repo-sha1``, to indicate the sha1 of the keys repo when ceph-cm-ansible last ran. If the sha1 in that file matches the current keys repo HEAD sha1, users tasks will be skipped unless you set ``force_users_update: True``:: + + force_users_update: False + +By default, the users and pubkeys should be updated. A task in ``main.yml`` changes this to ``False`` if the machine's users and keys are already up to date (unless ``force_users_update: True``):: + + perform_users_role: True + +Tags +++++ + +Available tags are listed below: + +users + Perform only user creation/removal tasks; ssh keys will not be updated. + +revoke + Perform only user removal tasks. + +pubkeys + Perform only authorized keys tasks, users will not be created but all + SSH keys will be updated for both ``managed_users`` and ``managed_admin_users``. + +TODO +++++ + +- Allow management of the UID for each user + +- Allow management of the shell for each user + +- Ensure that the sudo group exists with the correct permissions. We currently depend on it + being created already by other playbooks (ansible_managed.yml) or created by cobbler + during imaging. diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml new file mode 100644 index 00000000..92736090 --- /dev/null +++ b/roles/users/defaults/main.yml @@ -0,0 +1,37 @@ +--- +# this should be a list of users in the +# following format: +# +# managed_users: +# - name: username +# key: +# - name: user2 +# key: + +# not given sudo access +managed_users: [] +# are given sudo access +managed_admin_users: [] + +# A list of usernames to filter managed_users and +# managed_admin_users by. For example, if given ['user1'] +# both managed_users and managed_admin_users would be filtered +# to only contain the information for 'user1'. +users: [] + +# A list of users whose access is to be revoked. These accounts will be deleted. +revoked_users: [] + +# A repo containing SSH pubkeys. Will be used for each user that has no key +# specified. +keys_repo: "https://github.com/ceph/keys" +# Branch of above repo to use +keys_branch: main +# Where to clone keys_repo on the *local* disk +keys_repo_path: "~/.cache/src/keys" + +# If the keys git repo HEAD sha1 matches the sha1 of the host's /keys-repo-sha1 file, the users role will get skipped to save time. +# Update users and pubkeys by default (this is changed to False during the play if keys_repo_head.stdout == sentinel_sha1.stdout) +perform_users_role: True +# Set this to True if you want to run the users tasks anyway +force_users_update: False diff --git a/roles/users/tasks/create_users.yml b/roles/users/tasks/create_users.yml new file mode 100644 index 00000000..6a407cdd --- /dev/null +++ b/roles/users/tasks/create_users.yml @@ -0,0 +1,39 @@ +--- +# This is to prevent normal (read: human) users from ending up with UID 1000, +# which testnodes needs for the teuthology user. +- name: Set UID_MIN to 1001 + lineinfile: + dest: /etc/login.defs + regexp: "^UID_MIN" + line: "UID_MIN 1001" + +- debug: var=managed_admin_users +- debug: var=managed_users + +- name: Normalize managed_admin_users (only if it’s already a list) + set_fact: + managed_admin_users: "{{ managed_admin_users if (managed_admin_users is iterable and (managed_admin_users|type_debug) == 'list') else [] }}" + +- name: Sanity check + debug: + msg: + - "managed_admin_users type: {{ managed_admin_users | type_debug }}" + - "first admin: {{ (managed_admin_users | first) | default({}) }}" +# Expect: list + +- name: Create admin users (Ubuntu/Debian) + become: yes + ansible.builtin.user: + name: "{{ item.name }}" + groups: wheel + shell: /bin/bash + state: present + append: yes + loop: "{{ managed_admin_users }}" + +- name: Create all users without sudo access. + user: + name: "{{ item.name }}" + shell: /bin/bash + state: present + with_items: "{{ managed_users }}" diff --git a/roles/users/tasks/filter_users.yml b/roles/users/tasks/filter_users.yml new file mode 100644 index 00000000..a667cec1 --- /dev/null +++ b/roles/users/tasks/filter_users.yml @@ -0,0 +1,48 @@ +# 0) Safety defaults +- set_fact: + managed_admin_users: "{{ managed_admin_users | default([]) }}" + users: "{{ users | default([]) }}" + +# 1) De-duplicate lab_users by name (keeps the first occurrence) +- name: De-dup lab_users by name + set_fact: + _lab_users_unique: >- + {{ + (lab_users | groupby('name')) + | map('last') | map('first') | list + }} + +# 2) Build admin names list (supports list-of-dicts OR list-of-strings) +- name: Build _admin_names safely + set_fact: + _admin_names: >- + {{ + ( + (managed_admin_users | length > 0) and ((managed_admin_users | first) is mapping) + ) + | ternary( + managed_admin_users | map(attribute='name') | list, + managed_admin_users | list + ) + }} + +# 3) managed_users = lab_users_unique MINUS admins +- name: Recompute managed_users + set_fact: + managed_users: "{{ _lab_users_unique | rejectattr('name','in', _admin_names) | list }}" + +# 4) Optional allowlist (only if users provided) +- name: Apply allowlist "users" + when: users | length > 0 + set_fact: + managed_users: "{{ managed_users | selectattr('name','in', users) | list }}" + managed_admin_users: >- + {{ + ( + (managed_admin_users | length > 0) and ((managed_admin_users | first) is mapping) + ) + | ternary( + managed_admin_users | selectattr('name','in', users) | list, + (managed_admin_users | select('in', users) | list) + ) + }} diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml new file mode 100644 index 00000000..f7027872 --- /dev/null +++ b/roles/users/tasks/main.yml @@ -0,0 +1,60 @@ +--- +- name: Check keys_repo HEAD sha1 + shell: "git ls-remote {{ keys_repo }} HEAD | awk '{ print $1 }'" + register: keys_repo_head + become: false + when: keys_repo is defined + delegate_to: localhost + connection: local + run_once: true + retries: 5 + delay: 10 + # perform_users_role is True by default so no need to fail the play if there's an error. + ignore_errors: true + tags: + - pubkeys + +- name: Check host's /keys-repo-sha1 sentinel file + command: cat /keys-repo-sha1 + register: sentinel_sha1 + # perform_users_role is True by default so no need to fail the play if there's an error. + failed_when: false + tags: + - pubkeys + +- name: Determine if we can skip users and pubkeys updates + set_fact: + perform_users_role: False + # perform_users_role is True by default so no need to fail the play if there's an error. + ignore_errors: true + when: (keys_repo_head is undefined) or (keys_repo_head.stdout == sentinel_sha1.stdout) and + not force_users_update|bool + +- import_tasks: filter_users.yml + when: perform_users_role|bool + tags: + - always + +- import_tasks: create_users.yml + when: perform_users_role|bool + tags: + - user + +- import_tasks: update_keys.yml + when: perform_users_role|bool + tags: + - pubkeys + +- import_tasks: revoke_users.yml + when: perform_users_role|bool + tags: + - user + - revoke + +- name: Write /keys-repo-sha1 sentinel file + copy: + content: "{{ keys_repo_head.stdout }}" + dest: /keys-repo-sha1 + when: keys_repo_head is defined + tags: + - pubkeys diff --git a/roles/users/tasks/revoke_users.yml b/roles/users/tasks/revoke_users.yml new file mode 100644 index 00000000..c7300998 --- /dev/null +++ b/roles/users/tasks/revoke_users.yml @@ -0,0 +1,16 @@ +--- +- name: Filter the revoked_users list + set_fact: + revoked_users: + "[{% for user in revoked_users %} + {% if user in users %}'{{ user }}',{%endif%} + {%endfor%}]" + when: users|length > 0 + tags: + - always + +- name: Remove revoked users + user: + name: "{{ item }}" + state: absent + with_items: "{{ revoked_users }}" diff --git a/roles/users/tasks/update_keys.yml b/roles/users/tasks/update_keys.yml new file mode 100644 index 00000000..decb6464 --- /dev/null +++ b/roles/users/tasks/update_keys.yml @@ -0,0 +1,36 @@ +--- +- name: Merge managed_users and managed_admin users + set_fact: + pubkey_users: "{{ managed_users|list + managed_admin_users|list }}" + +- name: Clone the keys repo + local_action: + module: git + repo: "{{ keys_repo }}" + version: "{{ keys_branch }}" + # http://tracker.ceph.com/issues/16615 + # depth: 1 + force: yes + dest: "{{ keys_repo_path }}" + become: false + when: keys_repo is defined + connection: local + run_once: true + register: clone_keys + until: clone_keys is success + retries: 5 + delay: 10 + +- name: Update authorized_keys using the keys repo + authorized_key: + user: "{{ item.name }}" + key: "{{ lookup('file', keys_repo_path + '/ssh/' + item.name + '.pub') }}" + with_items: "{{ pubkey_users }}" + when: item.key is undefined and keys_repo is defined + +- name: Update authorized_keys for each user with literal keys + authorized_key: + user: "{{ item.name }}" + key: "{{ item.key }}" + with_items: "{{ pubkey_users }}" + when: item.key is defined diff --git a/roles/vmhost/README.rst b/roles/vmhost/README.rst new file mode 100644 index 00000000..b25d0ef3 --- /dev/null +++ b/roles/vmhost/README.rst @@ -0,0 +1,56 @@ +vmhost +====== + +This role does a lot of the setup for a mira node running Ubuntu +(probably sticking with an LTS of trusty or later is a good idea; +trusty is where it's got the most testing) to turn it into a +'standard' VPS host. Our standard is: 8 qemu-kvm virtual machines, +provisioned by libvirt through downburst, as noted in the lock +database on paddles for the sepia lab. The first of those uses +data storage sharing the root drive, and the last seven use +the seven free mira drives as their storage pool. + +This role does not set up the storage pool directories/mount +points, and does not add any mapping of which vpm VMs belong +on any particular node (from the vps_hosts group). It assumes +that you have already: + +- created /srv/libvirtpool on the vmhost + +- made subdirs there named after the vpms + +On mira, we then use disks b..h as separate filesystems to +mount on vpmNNN+1..vpmNNN+7, so for miras, we will have: + +- made filesystems (xfs is the usual choice) + +- mounted those filesystems on /srv/libvirtpool/ + +- added UUID= lines to /etc/fstab so the mounts happen at reboot + +Note that the role does not assume any particular structure +of what provides /srv/libvirtpool/vpmNNN, but simply uses that +to drive creating libvirt pools. + +It is certainly possible to do the above with ansible as well, +and a later version may. + + +Variables ++++++++++ + +Only one variable is defined, ``vmhost_apt_packages``. The default +is empty, but the current definition in vars/ is not expected to change +soon. + +Tags +++++ + +packages + Just install packages + +networking + Set up the bridge for qemu to use as the 'front' network + +libvirt + All the libvirt-related setup (pools, networks, etc.) diff --git a/roles/vmhost/files/interfaces b/roles/vmhost/files/interfaces new file mode 100644 index 00000000..7c770ca0 --- /dev/null +++ b/roles/vmhost/files/interfaces @@ -0,0 +1,12 @@ +auto lo +iface lo inet loopback + +iface eth0 inet manual + +auto br-front +iface br-front inet dhcp + bridge_ports eth0 + bridge_fd 9 + bridge_hello 2 + bridge_maxage 12 + bridge_stp off diff --git a/roles/vmhost/files/libvirt-net-front.xml b/roles/vmhost/files/libvirt-net-front.xml new file mode 100644 index 00000000..72dbca88 --- /dev/null +++ b/roles/vmhost/files/libvirt-net-front.xml @@ -0,0 +1,5 @@ + + front + + + diff --git a/roles/vmhost/tasks/libvirt.yml b/roles/vmhost/tasks/libvirt.yml new file mode 100644 index 00000000..04b28de4 --- /dev/null +++ b/roles/vmhost/tasks/libvirt.yml @@ -0,0 +1,131 @@ +--- +# default pool +- name: Query libvirt pool 'default' + command: virsh pool-uuid default + register: pool_uuid + failed_when: false + +- name: Define libvirt pool 'default' + command: virsh pool-define-as --name default dir --target /var/lib/libvirt/images + when: pool_uuid is defined and pool_uuid | failed + +- name: Query 'default' pool state + command: virsh -q pool-info default + ignore_errors: yes + register: default_pool_info + +- name: Start pool 'default' + command: virsh pool-start default + when: 'default_pool_info is defined and default_pool_info.stdout|search("State: *inactive")' + +- name: Autostart pool 'default' + command: virsh pool-autostart default + when: 'default_pool_info is defined and default_pool_info.stdout | search("Autostart: *no")' + +# Per-vpm storage pools + +- name: Test for /srv/libvirtpool + stat: + path: /srv/libvirtpool + register: srv_libvirtpool + failed_when: srv_libvirtpool.stat.exists == False + +- name: Ensure proper ownership in /srv/libvirtpool + file: + path: /srv/libvirtpool + state: directory + owner: libvirt-qemu + group: kvm + recurse: yes + when: srv_libvirtpool.stat.exists + +# the dance here is to figure out which pools are already defined, +# and avoid trying to defining them again. + +- name: Find defined vpm names + command: ls /srv/libvirtpool + register: ls_libvirtpool + when: srv_libvirtpool.stat.exists + +- name: See which pools are defined and which are not + shell: virsh pool-info {{ item }} + with_items: "{{ ls_libvirtpool.stdout_lines }}" + register: pool_info + when: srv_libvirtpool.stat.exists + # don't bother reporting anything about this command; it's not useful + failed_when: false + +# pool_info.results is a now list of dicts, one per item, with 'rc', +# 'changed', 'stdout', 'stderr' etc. Make a new list for +# all of the above that failed (i.e. rc == 1), as those +# are the pools that still need definition. "" stop +# jinja templating from being confused with yaml, as usual; +# {%- and -%} suppress blank lines so that the only thing +# that expands is the list declaration. + +- name: Form list of undefined pools + set_fact: + pools_to_define: + "{%- set l = [] %} + {%- for result in pool_info.results %} + {%- if result.rc == 1 %} + {%- set dummy = l.append(result.item) %} + {%- endif %} + {%- endfor -%} + {{ l | list }}" + +- name: Define pools which are left to be defined + shell: | + virsh pool-define-as --name {{ item | quote }} --type dir --target /srv/libvirtpool/{{ item }}; + virsh pool-autostart {{ item | quote }}; + virsh pool-build {{ item | quote }}; + virsh pool-start {{ item | quote }} + with_items: "{{ pools_to_define }}" + when: pools_to_define|length > 0 + +# Front network + +- name: Query for front network definition + command: virsh net-info front + ignore_errors: true + register: front_net + +- name: Send front network definition file + copy: + src: ../files/libvirt-net-front.xml + dest: /tmp/libvirt-net-front.xml + when: front_net is defined and front_net | failed + +- name: Create front network + command: virsh net-define /tmp/libvirt-net-front.xml + when: front_net is defined and front_net | failed + +- name: Remove tmp network definition file + file: + dest: /tmp/libvirt-net-front.xml + state: absent + when: front_net is defined and front_net | failed + +- name: Re-query for front network definition + command: virsh net-info front + ignore_errors: yes + register: front_net + +- name: Start front network + command: virsh net-start front + when: 'front_net is defined and front_net.stdout | search("Active: *no")' + +- name: Set front network to autostart + command: virsh net-autostart front + when: 'front_net is defined and front_net.stdout | search("Autostart: *no")' + +# Final steps + +- name: Allow libvirt for teuthology user + user: + name: "{{ teuthology_user }}" + groups: libvirtd + append: yes + +- name: Restart libvirt-bin + command: service libvirt-bin restart diff --git a/roles/vmhost/tasks/main.yml b/roles/vmhost/tasks/main.yml new file mode 100644 index 00000000..07109c28 --- /dev/null +++ b/roles/vmhost/tasks/main.yml @@ -0,0 +1,8 @@ +- import_tasks: packages.yml + tags: packages + +- import_tasks: networking.yml + tags: networking + +- import_tasks: libvirt.yml + tags: libvirt diff --git a/roles/vmhost/tasks/networking.yml b/roles/vmhost/tasks/networking.yml new file mode 100644 index 00000000..a04b8b67 --- /dev/null +++ b/roles/vmhost/tasks/networking.yml @@ -0,0 +1,17 @@ +# front_mac = ansible_eth0.macaddress +# front_ip = ansible_eth0.ipv4.address + +- name: Install /etc/network/interfaces + copy: + src: interfaces + dest: /etc/network/interfaces + force: yes + owner: root + group: root + mode: 0644 + backup: yes + register: interface_install + +- name: Activate new network config + shell: /sbin/ifdown -a; /sbin/ifup -a + when: interface_install is changed diff --git a/roles/vmhost/tasks/packages.yml b/roles/vmhost/tasks/packages.yml new file mode 100644 index 00000000..8d35482b --- /dev/null +++ b/roles/vmhost/tasks/packages.yml @@ -0,0 +1,9 @@ +--- +- name: Install packages via apt + apt: + name: "{{ vmhost_apt_packages|list }}" + state: latest + update_cache: yes + cache_valid_time: 600 + tags: + - packages diff --git a/roles/vmhost/vars/main.yml b/roles/vmhost/vars/main.yml new file mode 100644 index 00000000..c78f9b61 --- /dev/null +++ b/roles/vmhost/vars/main.yml @@ -0,0 +1,5 @@ +--- +vmhost_apt_packages: + - qemu-kvm + - libvirt-bin + - bridge-utils diff --git a/rook.yml b/rook.yml new file mode 100644 index 00000000..ca9073f8 --- /dev/null +++ b/rook.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + gather_facts: True + roles: + - rook diff --git a/set_python_path.yml b/set_python_path.yml new file mode 100644 index 00000000..3c8f7cc2 --- /dev/null +++ b/set_python_path.yml @@ -0,0 +1,18 @@ +--- +# This will set ansible_python_interpreter to use python3 +# if the shell module fails (like it will on RHEL8 since +# /usr/bin/python is no more). +- hosts: all + gather_facts: false + vars: + ansible_ssh_user: "{{ cm_user }}" + become: true + tasks: + - name: Check for /usr/bin/python + shell: echo marco + register: polo + ignore_errors: true + - name: Set ansible_python_interpreter=/usr/bin/python3 + set_fact: + ansible_python_interpreter: /usr/bin/python3 + when: polo.rc != 0 diff --git a/signalfx.yml b/signalfx.yml new file mode 100644 index 00000000..91b773b7 --- /dev/null +++ b/signalfx.yml @@ -0,0 +1,10 @@ +--- +- name: The signalfx-configurarion for systemd monitoring + hosts: all + gather_facts: yes + + vars_files: + - "{{ var_file_name }}" + + roles: + - signalfx_splunk_agent_configuration diff --git a/testnodes.yml b/testnodes.yml new file mode 100644 index 00000000..ce49a560 --- /dev/null +++ b/testnodes.yml @@ -0,0 +1,8 @@ +--- +- hosts: testnodes + strategy: free + roles: + - common + - testnode + - grafana_agent + become: true diff --git a/teuthology.yml b/teuthology.yml new file mode 100644 index 00000000..92ee555d --- /dev/null +++ b/teuthology.yml @@ -0,0 +1,7 @@ +--- +- hosts: teuthology + strategy: free + roles: + - common + - teuthology + become: true diff --git a/tools/checkcerts.py b/tools/checkcerts.py new file mode 100755 index 00000000..b2b360ad --- /dev/null +++ b/tools/checkcerts.py @@ -0,0 +1,123 @@ +#!/usr/bin/python3 + +import argparse +import socket +import ssl +import subprocess +import sys +import os +import tempfile +import datetime +import smtplib + +DAYS_BEFORE_WARN=7 + +DEFAULT_DOMAINS = [ + '1.chacra.ceph.com', + '2.chacra.ceph.com', + '3.chacra.ceph.com', + '4.chacra.ceph.com', + 'ceph.com', + 'ceph.io', + 'chacra.ceph.com', + 'console-openshift-console.apps.os.sepia.ceph.com', + 'docs.ceph.com', + 'download.ceph.com', + 'git.ceph.com', + 'grafana.ceph.com', + 'jenkins.ceph.com', + 'jenkins.rook.io', + 'lists.ceph.io', + 'pad.ceph.com', + 'paddles.front.sepia.ceph.com', + 'pulpito.ceph.com', + 'quay.ceph.io', + 'sentry.ceph.com', + 'shaman.ceph.com', + 'status.sepia.ceph.com', + 'telemetry-public.ceph.com', + 'tracker.ceph.com', + 'wiki.sepia.ceph.com', + 'www.ceph.io', + ] +DEFAULT_EMAIL = [ + 'dmick@redhat.com', + 'ceph-infra@redhat.com', + 'akraitman@redhat.com', + 'aschoen@redhat.com', + 'zcerza@redhat.com', + ] + + +def parse_args(): + ap = argparse.ArgumentParser() + ap.add_argument('-q', '--quiet', action='store_true') + ap.add_argument('-E', '--send-email', action='store_true', help="send email with warnings") + ap.add_argument('-e', '--email', nargs='*', default=DEFAULT_EMAIL, help=f'list of addresses to send to (default: {DEFAULT_EMAIL})') + ap.add_argument('-d', '--domains', nargs='*', default=DEFAULT_DOMAINS) + return ap.parse_args() + +def sendmail(emailto, subject, body): + FROM = 'ceph-infra-admins@redhat.com' + TO = emailto # must be a list + SUBJECT = subject + TEXT = body + + # Prepare actual message + + message = """\ +From: %s +To: %s +Subject: %s + +%s + +Report from %s running on %s +""" % (FROM, ", ".join(TO), SUBJECT, TEXT, os.path.realpath(sys.argv[0]), socket.gethostname()) + + # send it + server = smtplib.SMTP('localhost') + server.sendmail(FROM, TO, message) + server.quit() + +def main(): + context = ssl.create_default_context() + + args = parse_args() + domains = args.domains + + warned = False + for domain in domains: + errstr = None + certerr = False + warn = datetime.timedelta(days=DAYS_BEFORE_WARN) + try: + with socket.create_connection((domain, 443)) as sock: + with context.wrap_socket(sock, server_hostname=domain) as ssock: + cert = ssock.getpeercert() + except (ssl.CertificateError, ssl.SSLError) as e: + certerr = True + errstr = f'{domain} cert error: {e}' + + if not certerr: + expire = datetime.datetime.strptime(cert['notAfter'], + '%b %d %H:%M:%S %Y %Z') + now = datetime.datetime.utcnow() + left = expire - now + + errstr = f'{domain:30s} cert: {str(left).rsplit(".",1)[0]} left until it expires' + if not args.quiet: + print(errstr, file=sys.stderr) + if (certerr or (left < warn)) and (args.send_email): + subject = f'Certificate problem with {domain}' + body = errstr + email = args.email + if email == []: + email = DEFAULT_EMAIL + sendmail(email, subject, body) + warned = True + return int(warned) + +if __name__ == '__main__': + sys.exit(main()) + diff --git a/tools/cobbler-access.sh b/tools/cobbler-access.sh new file mode 100755 index 00000000..da48ebe5 --- /dev/null +++ b/tools/cobbler-access.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# Script to generate Cobbler credentials + +tmpfile=$(mktemp) + +# Basically `mkpasswd` but uses a small subset of special characters +password=$(head /dev/urandom | tr -dc 'A-Za-z0-9!@#$%&' | head -c 12 && echo) + +if [ $# -eq 0 ]; then + printf "Enter username: " + read -r username +else + username=$1 +fi + +cat << EOF + +======== String for cobbler.yml ======== +--- Cobbler v2 --- +$(echo -n "$username:Cobbler:" && echo -n "$username:Cobbler:$password" | md5sum | awk '{ print $1 }') + +--- Cobbler v3 --- +$username:Cobbler:$(printf "$password" | openssl dgst -sha3-512 | awk '{ print $2 }') + +======== E-mail to $username ======== +Hi FIRSTNAME, + +Here are your Cobbler user credentials. + +Username: $username +Password: $password + +Please do not share these credentials. + +Thank you. + +EOF diff --git a/tools/convert-to-centos-stream.yml b/tools/convert-to-centos-stream.yml new file mode 100644 index 00000000..ba0d550f --- /dev/null +++ b/tools/convert-to-centos-stream.yml @@ -0,0 +1,50 @@ +--- +### This playbook simply converts a CentOS host to CentOS Stream. +### It is primarily intended to be run during Cobbler's cephlab_ansible.sh post-install trigger. + +- hosts: + - all + become: true + gather_facts: true + tasks: + + - name: List repo files + find: + paths: /etc/yum.repos.d/ + file_type: file + patterns: 'CentOS-Linux-*.repo' + register: pre_stream_repo_files + when: ansible_distribution == 'CentOS' + + # From ansible docs: 'replace: If not set, matches are removed entirely.' + - name: Remove all mirrorlists + replace: + path: "{{ item.path }}" + regexp: '^mirrorlist=.*' + with_items: "{{ pre_stream_repo_files.files }}" + when: ansible_distribution == 'CentOS' + + - name: Uncomment baseurls + replace: + path: "{{ item.path }}" + regexp: '^mirrorlist=.*' + regexp: '^\s*#*\s*(baseurl=.*)' + replace: '\1' + with_items: "{{ pre_stream_repo_files.files }}" + when: ansible_distribution == 'CentOS' + + - name: Point baseurls to archive server + replace: + path: "{{ item.path }}" + regexp: 'mirror.centos.org/\$contentdir/\$releasever' + replace: 'vault.centos.org/8.5.2111' + with_items: "{{ pre_stream_repo_files.files }}" + when: ansible_distribution == 'CentOS' + + - name: Swap to Stream Repos + command: dnf -y swap centos-linux-repos centos-stream-repos + when: ansible_distribution == 'CentOS' + + - name: Sync Stream Repos + command: dnf -y distro-sync + when: ansible_distribution == 'CentOS' diff --git a/tools/dot.vmlist.conf b/tools/dot.vmlist.conf new file mode 100644 index 00000000..e4f08515 --- /dev/null +++ b/tools/dot.vmlist.conf @@ -0,0 +1,38 @@ +# put this in ~/.vmlist.conf + +[global] +# which hosts to examine for lxc and virsh output +# vm_hosts: +# where to put the cache file for dump without -r +# cachefile: ~/.vmlist.cache +# what version of the novaclient API to use +# novaclient_version: 2 + +# sections named 'cloud-XXXX' will be interpreted as +# nova providers, and connected to and all servers listed. +# if cloud_region_names is set, a list for each region is +# acquired. + +#[cloud-ovh-cattle] +#cloud_user: +#cloud_password: +#cloud_project_id: 5633955729735406 +#cloud_tenant_id: 131b886b156a4f84b5f41baf2fbe646c +#cloud_region_names: GRA1, BHS1 +#cloud_auth_url: https://auth.cloud.ovh.net/v2.0 + +#[cloud-ovh-pets] +#cloud_user: +#cloud_password: +#cloud_project_id: 4867549786842007 +#cloud_auth_url: https://auth.cloud.ovh.net/v2.0 +#cloud_tenant_id: 8f16c274eb514336a8844ed418dfc1a0 +#cloud_region_names: GRA1, BHS1 + +#[cloud-dreamcompute] +#cloud_user: +#cloud_password: +#cloud_project_id: dhc1268222 +#cloud_auth_url: https://keystone.dream.io/v2.0 + + diff --git a/tools/downstream-jenkins-sync-jobs.yml b/tools/downstream-jenkins-sync-jobs.yml new file mode 100644 index 00000000..123e2b66 --- /dev/null +++ b/tools/downstream-jenkins-sync-jobs.yml @@ -0,0 +1,51 @@ +--- +# This playbook is used to sync the jenkins jobs from one ocp pod folder to another pod folder +# Usage: +# ansible-playbook downstream-jenkins-sync-jobs.yml --extra-vars "src_pod=gluster-downstream-jenkins src_folder=/var/lib/jenkins/restore/jobs/ dest_pod=gluster-new-jenkins dest_folder=/var/lib/jenkins/jobs/" +# Varibles: +# src_pod - The pod name that holds the jobs that will get copied to the destination pod +# src_folder - The folder on the src_pod that includs the jobs the will be copied to the dest_pod +# dest_pod - The pod name that the jobs will get copied to +# dest_folder - The folder on the dest_pod where the jobs the will be copied to +# +- hosts: localhost + gather_facts: false + tasks: + + - name: Check oc tool installation status + command: which oc + changed_when: false + failed_when: false + register: oc_installed + + - name: Fail if oc tool is not installed + fail: + msg: "oc tool appears to be missing, install first and connect with your user to the ocp cluster by running oc login" + when: oc_installed is failed + + - name: Check connected oc client user + command: oc whoami + ignore_errors: True + register: oc_whoami + + - name: Fail if oc user is not connected + fail: + msg: "Please login to the ocp cluster by running oc login" + when: oc_whoami.rc != 0 + + - name: Create temporary directory + tempfile: + state: directory + register: tmpdir + + - name: rsync jobs from source pod to local folder + shell: oc rsync $(oc get pods | grep -i Running | grep -i "{{ src_pod }}" | awk '{ print $1 }'):"{{ src_folder }}" "{{ tmpdir.path }}" + + - name: rsync jobs from local folder to destination pod + shell: oc rsync "{{ tmpdir.path }}" $(oc get pods | grep -i Running | grep -i "{{ dest_pod }}" | awk '{ print $1 }'):"{{ dest_folder }}" + + - name: Remove the temporary directory + file: + path: "{{ tmpdir.path }}" + state: absent + when: tmpdir.path is defined diff --git a/tools/generate-fog-csv.yml b/tools/generate-fog-csv.yml new file mode 100644 index 00000000..d8662616 --- /dev/null +++ b/tools/generate-fog-csv.yml @@ -0,0 +1,10 @@ +--- +# This playbook can be used to generate a CSV file of testnodes +# that can be imported to the FOG web UI. +# It outputs a CSV file to /tmp/fog_hostfile.csv + +- hosts: localhost + roles: + - generate-fog-csv + become: false + gather_facts: false diff --git a/tools/incerta-nic.yml b/tools/incerta-nic.yml new file mode 100644 index 00000000..eea67f5a --- /dev/null +++ b/tools/incerta-nic.yml @@ -0,0 +1,116 @@ +# The incerta nodes in the Sepia lab are connected to a private (not uplinked) Mellanox 40Gb switch. +# This playbook is used in conjunction with individual host_vars files for each host to configure +# the second/back interface on each server. +# +# https://wiki.sepia.ceph.com/doku.php?id=hardware:incerta +# https://wiki.sepia.ceph.com/doku.php?id=services:networking#hardware +# mlx-sw01.ipmi.sepia.ceph.com + +- hosts: incerta + become: true + gather_facts: true + tasks: + - name: Make sure ethtool is installed (Ubuntu) + apt: + name: ethtool + state: present + when: ansible_os_family == 'Debian' + + - name: Make sure ethtool is installed (CentOS/RHEL) + yum: + name: ethtool + state: present + enablerepo: epel + when: ansible_os_family == 'RedHat' + + - name: grep ethtool for secondary NIC MAC address + shell: "ethtool -P {{ item }} | awk '{ print $3 }' | grep -q -i '{{ incerta_back_mac }}'" + register: ethtool_grep_output + with_items: "{{ ansible_interfaces }}" + failed_when: false + changed_when: false + + - name: Define net_to_configure var + set_fact: + nic_to_configure: "{{ item.item }}" + with_items: "{{ ethtool_grep_output.results }}" + when: item.rc == 0 + + - name: Check for /etc/network/interfaces + stat: + path: /etc/network/interfaces + register: etc_network_interfaces + when: ansible_os_family == 'Debian' + + - name: "Write Ubuntu network config for {{ nic_to_configure }}" + blockinfile: + path: /etc/network/interfaces + block: | + auto {{ nic_to_configure }} + iface {{ nic_to_configure }} inet static + address {{ incerta_back_ip }} + network 10.0.10.0 + netmask 255.255.255.0 + broadcast 10.0.10.255 + post-up /sbin/ifconfig {{ nic_to_configure }} mtu 9216 up + register: wrote_network_config + when: + - nic_to_configure is defined + - ansible_os_family == 'Debian' + - etc_network_interfaces.stat.exists + + - name: "Bounce {{ nic_to_configure }}" + shell: "ifdown {{ nic_to_configure }} && ifup {{ nic_to_configure }}" + when: + - wrote_network_config is changed + - ansible_os_family == 'Debian' + - etc_network_interfaces.stat.exists + + - name: Check for /etc/netplan/01-netcfg.yaml + stat: + path: /etc/netplan/01-netcfg.yaml + register: netplan_conf + when: ansible_os_family == 'Debian' + + - name: "Configure {{ nic_to_configure }} using ifconfig" + command: "ifconfig {{ nic_to_configure }} {{ incerta_back_ip }} netmask 255.255.255.0 mtu 9216" + when: + - ansible_os_family == 'Debian' + - not etc_network_interfaces.stat.exists + - netplan_conf.stat.exists + + - name: "Write RHEL/CentOS network config for {{ nic_to_configure }}" + lineinfile: + path: "/etc/sysconfig/network-scripts/ifcfg-{{ nic_to_configure }}" + create: yes + owner: root + group: root + mode: 0644 + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + register: wrote_network_config + with_items: + - { regexp: '^DEVICE=', line: 'DEVICE={{ nic_to_configure }}' } + - { regexp: '^NAME=', line: 'NAME={{ nic_to_configure }}' } + - { regexp: '^BOOTPROTO=', line: 'BOOTPROTO=static' } + - { regexp: '^ONBOOT=', line: 'ONBOOT=yes' } + - { regexp: '^MTU=', line: 'MTU=9216' } + - { regexp: '^IPADDR=', line: 'IPADDR={{ incerta_back_ip }}' } + - { regexp: '^PREFIX=', line: 'PREFIX=24' } + - { regexp: '^DEFROUTE=', line: 'DEFROUTE=no' } + when: + - nic_to_configure is defined + - ansible_os_family == 'RedHat' + + - name: "Bounce {{ nic_to_configure }}" + shell: "ifdown {{ nic_to_configure }}; ifup {{ nic_to_configure }}" + when: + - wrote_network_config is changed + - ansible_os_family == 'RedHat' + + - fail: + msg: "WARNING: {{ ansible_hostname }} IS USING NETPLAN TO CONFIGURE ITS NICS. EDITING NETPLAN YAML FILES USING ANSIBLE IS NOT TRIVIAL. THEREFORE, THIS NETWORK SETTING WILL NOT SURVIVE A REBOOT! RECOMMEND MANUALLY EDITING /etc/netplan/01-netcfg.yaml" + when: + - ansible_os_family == 'Debian' + - not etc_network_interfaces.stat.exists + - netplan_conf.stat.exists diff --git a/tools/jenkins-builder-disk.yml b/tools/jenkins-builder-disk.yml new file mode 100644 index 00000000..61c78d6f --- /dev/null +++ b/tools/jenkins-builder-disk.yml @@ -0,0 +1,91 @@ +### This playbook configures a braggi host to be a Jenkins slave. + +- hosts: + - braggi + - incerta + - irvingi + - adami + become: true + tasks: + +# CentOS 9 on the braggi nodes likes to flip around which disk is sda and which is sdb. Sometimes it comes up as sdb and sometimes sda. + - name: Check if /dev/sda is the 400GB disk on a braggi + parted: + device: "/dev/sda" + unit: GiB + register: "sda_parted" + when: '"braggi" in ansible_hostname' + + - name: Check if /dev/sdb is the 400GB disk on a braggi + parted: + device: "/dev/sdb" + unit: GiB + register: "sdb_parted" + when: '"braggi" in ansible_hostname' + + - set_fact: + mount_point: /home/jenkins-build + when: '"braggi" in ansible_hostname' + + - set_fact: + disk: /dev/sda + when: + - '"braggi" in ansible_hostname' + - "sda_parted.disk.size < 500" + + - set_fact: + disk: /dev/sdb + when: + - '"braggi" in ansible_hostname' + - "sdb_parted.disk.size < 500" + + - set_fact: + disk: /dev/sdb + mount_point: /home/jenkins-build + when: '"adami" in ansible_hostname' + + - set_fact: + disk: /dev/nvme0n1 + mount_point: /home/jenkins-build + when: '"incerta" in ansible_hostname' + +# Setting the mountpoint to libvirt/images on irvinigi because I'm adding two +# right now as CentOS7 Vagrant builders. + - set_fact: + disk: /dev/sdc + mount_point: /var/lib/libvirt/images + when: '"irvingi" in ansible_hostname' + + - name: "Create {{ mount_point }} home dir" + file: + path: "{{ mount_point }}" + state: directory + + - name: Install xfsprogs (Ubuntu) + package: + name: xfsprogs + state: latest + when: ansible_os_family == "Debian" + + - name: Unmount + mount: + path: "{{ mount_point }}" + src: "{{ disk }}" + state: unmounted + fstype: xfs + ignore_errors: true + + - name: Zap disk + command: "sgdisk -Z {{ disk }}" + + - name: Configure disk + filesystem: + fstype: xfs + dev: "{{ disk }}" + + - name: Mount disk + mount: + path: "{{ mount_point }}" + src: "{{ disk }}" + state: mounted + fstype: xfs diff --git a/tools/openvpn/maketar.sh b/tools/openvpn/maketar.sh new file mode 100755 index 00000000..113e37e2 --- /dev/null +++ b/tools/openvpn/maketar.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# +# make a tarball for distribution of this configuration and +# secret generator +# +tar cfz sepia-vpn-client.tar.gz sepia/ca.crt sepia/client.conf sepia/new-client sepia/tlsauth diff --git a/tools/openvpn/sepia/ca.crt b/tools/openvpn/sepia/ca.crt new file mode 100644 index 00000000..54cb98d0 --- /dev/null +++ b/tools/openvpn/sepia/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVzCCAj+gAwIBAgIUOAVvdnT5AeNHmQVerBNGyBipF+0wDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPb3BlbnZwbmNhLXNlcGlhMB4XDTI0MTIwMjE3MTc1MloX +DTM0MTEzMDE3MTc1MlowGjEYMBYGA1UEAwwPb3BlbnZwbmNhLXNlcGlhMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPbQdUr74nVphtcdV9VhJs1cgKGq +iZNBRdVxW92JurMJuIJXSiBwGochYTs4NQprlD5jYStnpzoe7c1HsFKwVEY3xSmT +h7wdj0JIRgAdspG2XxxSU63k2t4Ezm6z7W7jnRvXjNhD55AMpxHAQpS0YhpxTm95 +SJDlk7gCmdIN087ioTYW8Fh+NI/ASjz5m3XWjsF/mTOHLYmlRL4bSWLwpKXuxpPW +YVeScyDC6olc0MOfNKihxY3Q4IJiLcBPXQhGp3pnKCSut+f+nHu+sSLssliuvGBh +6rn5c/5TceGbVvK1BX53F5Znx/AGC7XEEXKddUQbZDVN8pg1VygKt8tDIQIDAQAB +o4GUMIGRMB0GA1UdDgQWBBSCoc5pUrxKfAoguqWqY25PhYuYrjBVBgNVHSMETjBM +gBSCoc5pUrxKfAoguqWqY25PhYuYrqEepBwwGjEYMBYGA1UEAwwPb3BlbnZwbmNh +LXNlcGlhghQ4BW92dPkB40eZBV6sE0bIGKkX7TAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIPJAeutTT6llsHQcC8CUPxSGe98l +IPGHFX3AE9tRU1C2jfsidovNnxfpYksctjVcv3Zo6UbY6w83+UXciu4uusfjgJ/X +dc5na7J+PCNcgNY34fsFmX4yQNF7ffTEUAS91FJ2bXs+Ob/dIQvZ0ZJopLia4C0m +IT0DJfQV6Xx+R+mQ+MB1c2bmW17C88PCOygTUyn8ssrUkttkrf9xebp2TqyggdSH +myw4nD/iQz+l7lwmDitEJY6cyLBDihhpKEyeCcIMp2+ytEsqaCKOASvjKnG24O19 +N0+ctqX/JPZzCEEpYhlFtZEFKjnYV7DiGvC6GiGZAMWNB3oY2bm+Gf2mNQ== +-----END CERTIFICATE----- diff --git a/tools/openvpn/sepia/client.conf b/tools/openvpn/sepia/client.conf new file mode 100644 index 00000000..c51ace03 --- /dev/null +++ b/tools/openvpn/sepia/client.conf @@ -0,0 +1,18 @@ +script-security 1 +client +remote vpn.sepia.ceph.com 1194 +dev tun +remote-random +resolv-retry infinite +nobind +user nobody +group nogroup +persist-tun +persist-key +comp-lzo +verb 2 +mute 10 +remote-cert-tls server +tls-auth sepia/tlsauth 1 +ca sepia/ca.crt +auth-user-pass sepia/secret diff --git a/tools/openvpn/sepia/new-client b/tools/openvpn/sepia/new-client new file mode 100755 index 00000000..c3181a5c --- /dev/null +++ b/tools/openvpn/sepia/new-client @@ -0,0 +1,82 @@ +#!/usr/bin/python3 + +# How to set up a client (on Ubuntu/Debian): +# +# sudo apt-get install openvpn +# cd /etc/openvpn +# sudo tar xvzf ~/sepia-vpn-client.tar.gz +# sudo ./sepia/new-client MYUSERNAME@MYHOST +# +# ... submit the secret to admin and wait for acknowledgment ... +# +# sudo service openvpn start sepia + +import base64 +import datetime +import hashlib +import os +import re +import sys +import tarfile + +path = os.path.dirname(sys.argv[0]) +os.chdir(path) + +try: + (user,) = sys.argv[1:] +except ValueError: + raise SystemExit('Usage: new-client USERNAME@HOST') + +# From openvpn(8): +# +# To protect against a client passing a maliciously formed username or +# password string, the username string must consist only of these +# characters: alphanumeric, underbar ('_'), dash ('-'), dot ('.'), or +# at ('@'). The password string can consist of any printable +# characters except for CR or LF. Any illegal characters in either the +# username or password string will be converted to underbar ('_'). +# +# Verifying this here to avoid confusion down the road. +if not re.match(r'^[a-zA-Z0-9_.@-]+$', user): + raise SystemExit('new-client: Invalid characters in username') + +salt = base64.b64encode(os.urandom(16)).rstrip(b'=') +secret = base64.b64encode(os.urandom(64)).rstrip(b'=') + +inner = hashlib.new('sha256') +inner.update(salt) +inner.update(secret) +outer = hashlib.new('sha256') +outer.update(inner.digest()) +outer.update(salt) +hashed = outer.hexdigest() + +with open('secret', 'wb') as f: + os.fchmod(f.fileno(), 0o600) + f.write('{user}\n{secret}\n'.format(user=user, secret=secret.decode()).encode('utf-8')) + +base = os.path.basename(path) +os.symlink(os.path.join(base, 'client.conf'), '../sepia.conf') + +sys.stdout.write( + "\n!!!!! DO NOT RUN THIS SCRIPT MORE THAN ONCE !!!!!\n\nPlease paste the following line in your Sepia Lab Access Request tracker ticket:\n\n") +sys.stdout.write("{user} {salt} {hashed}\n\n".format( + user=user, + salt=salt.decode('utf-8'), + hashed=hashed, +)) + +with open('secret.hash', 'w') as f: + f.write(f"{user} {salt.decode('utf-8')} {hashed}") + +datestr = datetime.datetime.now().strftime('%Y%m%d_%H%M%S') +tarfilename = f'secrets.{datestr}.tar.gz' +tarfile = tarfile.open(tarfilename, 'w:gz') +for f in ['secret', 'secret.hash']: + tarfile.add(f) +tarfile.close() + +sys.stdout.write(f""" +The secret file (private to you) and secret.hash (the above hashed secret +information, to be placed on the OpenVPN server) are a matched pair. +They've been placed into {tarfilename} for safekeeping.""") diff --git a/tools/openvpn/sepia/tlsauth b/tools/openvpn/sepia/tlsauth new file mode 100644 index 00000000..bc0af9c3 --- /dev/null +++ b/tools/openvpn/sepia/tlsauth @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +45839625d348b4d5c0af603d94110313 +9d6960d0b3c3b22365f0e5ded5281664 +3473d1ece7bfc8fcb990232886aec346 +db726c28f8f6423648a7274d975abd1a +587953b38323cf13b763724d5c8e2b77 +b6a9d12ca751d8e3de0e56be37300855 +e6864c047148a30cb0b7d87fbd7f5f80 +d19c05a808ba1b48e9a8139051b63e47 +02ab07478c34d75f77d16ecafcaae81c +303c64f334e73d9b6ba71d2397941402 +51bbd5ab903e89a85cf05ae1158e6258 +d39b9f9e9a3b00cd96d6b6c8a3b93bf1 +9fd3fab9ce8513a525a55feb731ca46c +185555b2771351422b703b2c3ecbc809 +05cf68e6fd95226c5a45adc01e7645e6 +aaadeb236c0f44fb42c01decd819e849 +-----END OpenVPN Static key V1----- diff --git a/tools/prep-fog-capture.yml b/tools/prep-fog-capture.yml new file mode 100644 index 00000000..0877ebf8 --- /dev/null +++ b/tools/prep-fog-capture.yml @@ -0,0 +1,146 @@ +--- +### This standalone playbook can be used to prep a COBBLER-IMAGED testnode +### so that it can be used to capture an OS image for FOG. +### This playbook is needed for a couple reasons +### - NIC configs get hard coded into the captured FOG images so nodes reimaged by FOG don't come up with network + +- hosts: + - testnodes + become: true + gather_facts: false + tasks: + + # (Missing in RHEL8) + - name: Check for /usr/bin/python + shell: echo marco + register: polo + ignore_errors: true + + - name: Set ansible_python_interpreter=/usr/bin/python3 + set_fact: + ansible_python_interpreter: /usr/bin/python3 + when: polo is failed + + # Now that we know where python is, we can gather_facts + - setup: + + # We need to leave /.cephlab_rc_local or else each FOG reimage would tell Cobbler to run ceph-cm-ansible + - name: Remove lock files and udev rules + file: + path: "{{ item }}" + state: absent + with_items: + - /etc/udev/rules.d/70-persistent-net.rules + - /.cephlab_net_configured + - /ceph-qa-ready + + - name: Get list of ifcfg scripts from host used to capture image + shell: "ls -1 /etc/sysconfig/network-scripts/ifcfg-* | grep -v ifcfg-lo" + register: ifcfg_scripts + when: ansible_os_family == "RedHat" + ignore_errors: true + + - name: Get list of ifcfg scripts from host used to capture image + shell: "ls -1 /etc/sysconfig/network/ifcfg-* | grep -v ifcfg-lo" + register: ifcfg_scripts + when: ansible_os_family == "Suse" + ignore_errors: true + + - name: Delete ifcfg scripts + file: + path: "{{ item }}" + state: absent + with_items: "{{ ifcfg_scripts.stdout_lines|default([]) }}" + when: ifcfg_scripts is defined + + - name: Remove /var/lib/ceph mountpoint from fstab + shell: sed -i '/\/var\/lib\/ceph/d' /etc/fstab + + - name: Unmount /var/lib/ceph + ansible.posix.mount: + path: /var/lib/ceph + state: unmounted + + - name: Get list of SSH host keys + shell: "ls -1 /etc/ssh/ssh_host_*" + register: ssh_host_keys + ignore_errors: true + + # Key regeneration is done automatically on CentOS firstboot. + # For Ubuntu, we'll add `dpkg-reconfigure openssh-server` to rc.local + - name: Delete SSH host keys so they're generated during firstboot on cloned machines + file: + path: "{{ item }}" + state: absent + with_items: "{{ ssh_host_keys.stdout_lines|default([]) }}" + when: ssh_host_keys is defined + + - name: Unsubscribe RHEL + command: subscription-manager unregister + when: ansible_distribution == "RedHat" + failed_when: false + + # A file gets leftover when a testnode is registered with Satellite that caused + # each registered subsequent testnode to report the wrong hostname + - name: Clean up katello facts + file: + path: /etc/rhsm/facts/katello.facts + state: absent + when: ansible_distribution == "RedHat" + + # https://bugzilla.redhat.com/show_bug.cgi?id=1814337 + - name: Disable dnf-makecache service + service: + name: dnf-makecache.timer + state: stopped + enabled: no + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version|int >= 8 + + # Hopefully fixes https://github.com/ceph/ceph-cm-ansible/pull/544#issuecomment-599076564 + - name: Clean DNF cache + shell: "dnf clean all && rm -rf /var/cache/dnf/*" + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version|int >= 8 + + - set_fact: + ntp_service: ntp + when: ansible_os_family == "Debian" + + - set_fact: + ntp_service: ntpd + when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7 + + - set_fact: + ntp_service: chronyd + when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8) or + ansible_os_family == "Suse" + + - name: "Stop {{ ntp_service }} service" + service: + name: "{{ ntp_service }}" + state: stopped + when: '"ntp" in ntp_service' + + # The theory here is although we do have the ntp service running on boot, + # if the time is off, it slowly drifts back in sync. Since our testnodes + # are ephemeral, they don't ever have enough time to correctly drift + # back to the correct time. So we'll force it in the captured OS images. + - name: Force time synchronization using stepping | ntp + command: "ntpdate -b {{ ntp_servers|join(' ') }}" + when: '"ntp" in ntp_service' + + - name: "Start {{ ntp_service }}" + service: + name: "{{ ntp_service }}" + state: started + + # chronyd needs to be started in order to force time sync. This differs from ntpd. + - name: Force time synchronization using stepping | chrony + command: chronyc -a makestep + when: '"chrony" in ntp_service' + + - name: Sync the hardware clock + command: "hwclock --systohc" diff --git a/tools/roles/generate-fog-csv/tasks/main.yml b/tools/roles/generate-fog-csv/tasks/main.yml new file mode 100644 index 00000000..bfbc56de --- /dev/null +++ b/tools/roles/generate-fog-csv/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- template: + src: csv.j2 + dest: /tmp/fog_hostfile.csv + delegate_to: localhost diff --git a/tools/roles/generate-fog-csv/templates/csv.j2 b/tools/roles/generate-fog-csv/templates/csv.j2 new file mode 100644 index 00000000..61ee4f4e --- /dev/null +++ b/tools/roles/generate-fog-csv/templates/csv.j2 @@ -0,0 +1,5 @@ +{% for host in groups['cobbler_managed'] %} +{% if hostvars[host]['mac'] is defined %} +"{{ hostvars[host]['mac'] }}","{{ hostvars[host]['inventory_hostname_short'] }}","","","1","0","","","fog","","","","","","","","","{{ hostvars[host]['kernel_options'] }}","","{{ hostvars[host]['fog_install_drive']|default('/dev/sda') }}","","","","","0000-00-00 00:00:00","110","","","" +{% endif %} +{% endfor %} diff --git a/tools/set-bmc-static.yml b/tools/set-bmc-static.yml new file mode 100644 index 00000000..ce6898f8 --- /dev/null +++ b/tools/set-bmc-static.yml @@ -0,0 +1,213 @@ +--- +### This standalone playbook can be used to (re)configure BMC network settings. +### Override vars at the top of file if needed. This has only been tested on +### Supermicro BMCs but could easily be adapted for other manufacturers. +### +### This playbook should allow you to configure a BMC whether you have +### SSH access to the host or not + +- hosts: + - ipmi + become: true + gather_facts: false + vars: + # Set to true if setting up a bunch of BMCs for the first time + setup_user: false + initial_user: ADMIN + initial_pass: ADMIN + # On Supermicro BMCs, Anonymous is UID 1 and reserved. UID 2 is the default ADMIN:ADMIN + power_uid: 2 + # Change this if the ipmi interface isn't found at channel 1 + # (i.e., if `ipmitool lan print 1` returns 'Invalid channel: 1') + ipmi_channel_id: 1 + use_dhcp: false + # "off" will disable setting a VLAN ID. Octo needs VLAN 101 set. + vlan_id: "off" + # Define these for static settings. These defaults are for Sepia. + static_netmask: 255.255.240.0 + static_gateway: 172.21.47.254 + # Change to true if you want to force an 'mc reset cold' no matter what + force_mc_reset: false + tasks: + + # Pull in IPMI creds from secrets repo. + # Override power_user and power_pass with --extra-vars if needed + - include_vars: ../roles/secrets/defaults/main.yml + - include_vars: "{{ secrets_path }}/ipmi.yml" + + - name: Check if we have SSH access + shell: "timeout 3s ssh {{ inventory_hostname }} true" + register: have_ssh_access + delegate_to: localhost + failed_when: false + changed_when: false + + # These first 4 tasks assume you don't have SSH access to the host yet. We'll try again via SSH later if these fail. + - name: Initial setup of username from localhost + shell: "ipmitool -I lanplus -U {{ initial_user }} -P {{ initial_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} user set name {{ power_uid }} {{ power_user }}" + register: set_username_locally + delegate_to: localhost + when: + - setup_user + - have_ssh_access.rc != 0 + ignore_errors: true + + - name: Initial setup of permissions from localhost + shell: "ipmitool -I lanplus -U {{ power_user }} -P {{ initial_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} channel setaccess {{ ipmi_channel_id }} {{ power_uid }} privilege=4" + register: set_permissions_locally + delegate_to: localhost + when: + - setup_user + - have_ssh_access.rc != 0 + ignore_errors: true + + - name: Initial setup of password from localhost + shell: "ipmitool -I lanplus -U {{ power_user }} -P {{ initial_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} user set password {{ power_uid }} {{ power_pass }}" + register: set_password_locally + delegate_to: localhost + when: + - setup_user + - have_ssh_access.rc != 0 + ignore_errors: true + + - name: Check if DHCP already enabled + shell: "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan print 1 | grep -q DHCP" + register: dhcp_already_enabled + delegate_to: localhost + when: use_dhcp + failed_when: dhcp_already_enabled.stderr != '' + changed_when: false + + - name: Set BMC to use DHCP from localhost + shell: "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan set {{ ipmi_channel_id }} ipsrc dhcp" + register: set_to_dhcp_locally + delegate_to: localhost + when: + - use_dhcp + - (dhcp_already_enabled is defined and dhcp_already_enabled.rc != 0) + ignore_errors: true + + - name: Install ipmitool + package: + name: ipmitool + state: latest + when: have_ssh_access.rc == 0 + + - name: Activate kernel modules + modprobe: + name: "{{ item }}" + state: present + with_items: + - ipmi_devintf + - ipmi_si + when: have_ssh_access.rc == 0 + ignore_errors: true + + - name: Initial setup of username + shell: "ipmitool user set name {{ power_uid }} {{ power_user }}" + when: + - setup_user + - (set_username_locally is defined and set_username_locally is failed) + + - name: Initial setup of permissions + shell: "ipmitool channel setaccess {{ ipmi_channel_id }} {{ power_uid }} privilege=4" + when: + - setup_user + - (set_permissions_locally is defined and set_permissions_locally is failed) + + - name: Initial setup of password + shell: "ipmitool user set password {{ power_uid }} {{ power_pass }}" + register: set_password_locally + when: + - setup_user + - (set_password_locally is defined and set_password_locally is failed) + ignore_errors: true + + - name: Set BMC to use DHCP via SSH + shell: "ipmitool lan set {{ ipmi_channel_id }} ipsrc dhcp" + register: set_to_dhcp_remotely + when: + - use_dhcp + - set_to_dhcp_locally is failed + + - name: Check existing network settings via SSH + shell: "ipmitool lan print {{ ipmi_channel_id }} | grep 'IP Address Source\\|IP Address\\|Subnet Mask\\|Default Gateway IP\\|VLAN ID' | cut -d ':' -f2 | sed 's/^ //g'" + register: existing_network_settings + changed_when: false + when: + - not use_dhcp + - have_ssh_access.rc == 0 + + - name: Check existing network settings via localhost + shell: "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan print {{ ipmi_channel_id }} | grep 'IP Address Source\\|IP Address\\|Subnet Mask\\|Default Gateway IP\\|VLAN ID' | cut -d ':' -f2 | sed 's/^ //g'" + register: existing_network_settings + delegate_to: localhost + changed_when: false + when: + - not use_dhcp + - have_ssh_access.rc != 0 + + - set_fact: + existing_network_settings_list: "{{ existing_network_settings.stdout.split('\n') }}" + when: + - not use_dhcp + + - set_fact: + desired_network_settings_list: "[ 'Static Address', '{{ hostvars[inventory_hostname].ipmi }}', '{{ static_netmask }}', '{{ static_gateway }}', 'Disabled' ]" + when: + - not use_dhcp + - vlan_id == "off" + + - set_fact: + desired_network_settings_list: "[ 'Static Address', '{{ hostvars[inventory_hostname].ipmi }}', '{{ static_netmask }}', '{{ static_gateway }}', '{{ vlan_id }}' ]" + when: + - not use_dhcp + - vlan_id != "off" + + - set_fact: + network_settings_change_required: "{{ existing_network_settings_list|sort != desired_network_settings_list|sort }}" + when: + - not use_dhcp + - desired_network_settings_list is defined + + - name: Set BMC to use static IP via SSH + shell: "{{ item }}" + with_items: + - "ipmitool lan set {{ ipmi_channel_id }} ipsrc static" + - "ipmitool lan set {{ ipmi_channel_id }} ipaddr {{ hostvars[inventory_hostname].ipmi }}" + - "ipmitool lan set {{ ipmi_channel_id }} netmask {{ static_netmask }}" + - "ipmitool lan set {{ ipmi_channel_id }} defgw ipaddr {{ static_gateway }}" + - "ipmitool lan set {{ ipmi_channel_id }} vlan id {{ vlan_id }}" + register: set_to_static + when: + - not use_dhcp + - network_settings_change_required + - have_ssh_access.rc == 0 + failed_when: "set_to_static.stderr != ''" + ignore_errors: true + + - name: Set BMC to use static IP via localhost + shell: "{{ item }}" + with_items: + - "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan set {{ ipmi_channel_id }} ipsrc static" + - "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan set {{ ipmi_channel_id }} ipaddr {{ hostvars[inventory_hostname].ipmi }}" + - "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan set {{ ipmi_channel_id }} netmask {{ static_netmask }}" + - "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan set {{ ipmi_channel_id }} defgw ipaddr {{ static_gateway }}" + # https://sourceforge.net/p/ipmitool/bugs/456/ + #- "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} lan set {{ ipmi_channel_id }} vlan id {{ vlan_id }}" + register: set_to_static + delegate_to: localhost + when: + - not use_dhcp + - network_settings_change_required + - have_ssh_access.rc != 0 + failed_when: "set_to_static.stderr != ''" + ignore_errors: true + + - name: Reset BMC + shell: "ipmitool -I lanplus -U {{ power_user }} -P {{ power_pass }} -H {{ inventory_hostname_short }}.{{ ipmi_domain }} mc reset cold" + delegate_to: localhost + when: force_mc_reset or + (set_to_dhcp_locally is defined and set_to_dhcp_locally is changed) or + (set_to_dhcp_remotely is defined and set_to_dhcp_remotely is changed) or + (network_settings_change_required is defined and network_settings_change_required and not set_to_static is failed) diff --git a/tools/set-next-server-local.sh b/tools/set-next-server-local.sh new file mode 100644 index 00000000..e9834e26 --- /dev/null +++ b/tools/set-next-server-local.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Modifies dhcp config file to add or remove a next-server and filename +# The fog next-server and filename are the default for all DHCP hosts so +# entering 'cobbler' for $2 adds its next-server and filename. +# Setting 'fog' for $2 just removes it so the host entry uses the global default. +# +# This script should live on your workstation somewhere executable. +# +# It also assumes you are using tools/switch-secrets to switch between +# octo an sepia ansible inventories + +if [ $# -ne 2 ]; then + echo "Usage: $(basename $0) hostname [cobbler|fog]" + echo + echo "Example: \`$(basename $0) mira042 cobbler\` would add Cobbler's next-server and filename to mira042's DHCP entry" + echo + exit 1 +elif [ "$2" != "cobbler" ] && [ "$2" != "fog" ]; then + echo "Unrecognized option $2. Must use 'cobbler' or 'fog'" + exit 1 +else + host=$(echo $1 | cut -d '.' -f1) +fi +ls -lah /etc/ansible/hosts | grep -q octo +if [ $? -eq 0 ] +then + dhcp_server="magna001.ceph.redhat.com" +else + dhcp_server="store01.front.sepia.ceph.com" +fi + +set -x + +ssh $dhcp_server "sudo /usr/local/sbin/set-next-server.sh $host $2 && sudo service dhcpd restart" diff --git a/tools/set-next-server.sh b/tools/set-next-server.sh new file mode 100644 index 00000000..866a7d6a --- /dev/null +++ b/tools/set-next-server.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# Modifies dhcp config file to add or remove a next-server and filename +# The fog next-server and filename are the default for all DHCP hosts so +# entering 'cobbler' for $2 adds its next-server and filename. +# Setting 'fog' for $2 just removes it so the host entry uses the global default. +# +# This script should live on the DHCP server somewhere executable +# +# NOTE: DHCP entries *must* be in the following format +# (dhcp-server role write entries like this) +# +# host foo-front { +# hardware ethernet aa:bb:cc:11:22:33; +# fixed-address 1.2.3.4; +# } + +if [ $# -ne 2 ]; then + echo "Usage: $(basename $0) hostname [cobbler|fog]" + echo + echo "Example: \`$(basename $0) mira042 cobbler\` would add Cobbler's next-server and filename to mira042's DHCP entry" + echo + exit 1 +elif [ "$2" != "cobbler" ] && [ "$2" != "fog" ]; then + echo "Unrecognized option $2. Must use 'cobbler' or 'fog'" + exit 1 +else + host=$(echo $1 | cut -d '.' -f1) +fi + +set -x + +dhcpconfig="/etc/dhcp/dhcpd.front.conf" +timestamp=$(date +%s) +cobblerip="172.21.0.11" +cobblerfilename="/pxelinux.0" +fogip="172.21.0.72" +fogfilename="/undionly.kpxe" +macaddr=$(sed -n "/host ${host}-front/,/}/p" $dhcpconfig | grep 'hardware ethernet' | awk '{ print $3 }' | tr -d ';') +ipaddr=$(sed -n "/host ${host}-front/,/}/p" $dhcpconfig | grep 'fixed-address' | awk '{ print $2 }' | tr -d ';') +linenum=$(grep -n $host $dhcpconfig | cut -d ':' -f1) + +if [ -z "$macaddr" ]; then + echo "No MAC address found for $host" + exit 1 +elif [ -z "$ipaddr" ]; then + echo "No IP address found for $host" + exit 1 +elif [ -z "$linenum" ]; then + echo "Unable to determine line number for $host entry" + exit 1 +fi + +# Back up dhcp config +cp $dhcpconfig ${dhcpconfig}_$timestamp.bak + +# Delete +sed -i "/host ${host}-front {/,/}/d" $dhcpconfig + +if [ "$2" == "cobbler" ]; then + sed -i "${linenum} i \ host ${host}-front {\n\ hardware ethernet $macaddr;\n\ fixed-address $ipaddr;\n\ next-server $cobblerip;\n\ filename \"$cobblerfilename\";\n\ }" $dhcpconfig +elif [ "$2" == "fog" ]; then + sed -i "${linenum} i \ host ${host}-front {\n\ hardware ethernet $macaddr;\n\ fixed-address $ipaddr;\n\ next-server $fogip;\n\ filename \"$fogfilename\";\n\ }" $dhcpconfig +fi + +dhcpd -q -t -cf $dhcpconfig + +if [ $? != 0 ]; then + mv $dhcpconfig ${dhcpconfig}_$timestamp.broken + mv ${dhcpconfig}_$timestamp.bak $dhcpconfig + echo "New config failed config test. Restored backup." + exit 1 +else + rm ${dhcpconfig}_$timestamp.bak +# service dhcpd restart +fi diff --git a/tools/switch-secrets.sh b/tools/switch-secrets.sh new file mode 100644 index 00000000..c0c0e545 --- /dev/null +++ b/tools/switch-secrets.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# Switches your ansible inventory between ceph-sepia-secrets or ceph-octo-secrets + +val=$(ls -lah /etc/ansible/secrets | grep -c "octo") +if [ $val -eq 1 ]; then + sudo rm /etc/ansible/secrets + sudo ln -s ~/git/ceph/ceph-sepia-secrets/ansible/secrets /etc/ansible/secrets + sudo rm /etc/ansible/hosts + sudo ln -s ~/git/ceph/ceph-sepia-secrets/ansible/inventory /etc/ansible/hosts + cat ~/.teuthology.yaml.sepia > ~/.teuthology.yaml +elif [ $val -eq 0 ]; then + sudo rm /etc/ansible/secrets + sudo ln -s ~/git/ceph/ceph-octo-secrets/ansible/secrets /etc/ansible/secrets + sudo rm /etc/ansible/hosts + sudo ln -s ~/git/ceph/ceph-octo-secrets/ansible/inventory /etc/ansible/hosts + cat ~/.teuthology.yaml.octo > ~/.teuthology.yaml +fi diff --git a/tools/update-nvme-firmware.yml b/tools/update-nvme-firmware.yml new file mode 100644 index 00000000..28480b0e --- /dev/null +++ b/tools/update-nvme-firmware.yml @@ -0,0 +1,20 @@ +--- +# This playbook can be used to mass update NVMe card firmware. +# The isdct RPM (no DEB unfortunately) can be obtained from Intel's website. +# Download the zip, unpack, and push to drop.front. +# https://downloadcenter.intel.com/product/87278/Intel-SSD-Data-Center-Tool + +- hosts: + - smithi + become: true + tasks: + + - name: Install tool + yum: + name: http://drop.front.sepia.ceph.com/firmware/smithi/isdct-3.0.9.400-17.x86_64.rpm + state: installed + register: installed + + - name: Update firmware + command: "isdct load -f -intelssd 0" + when: installed is changed diff --git a/tools/vmlist.py b/tools/vmlist.py new file mode 100755 index 00000000..d7c1ea7e --- /dev/null +++ b/tools/vmlist.py @@ -0,0 +1,230 @@ +#!/usr/bin/env python + +import ConfigParser +import docopt +import multiprocessing +import novaclient.client +import os +import subprocess +import sys +import tempfile +import textwrap + +CACHEFILE = "~/.vmlist.cache" +CONFFILE = "~/.vmlist.conf" + + +# mira074.front.sepia.ceph.com +# mira015.front.sepia.ceph.com + +VM_HOSTS = textwrap.dedent('''\ + senta01.front.sepia.ceph.com + senta02.front.sepia.ceph.com + senta03.front.sepia.ceph.com + senta04.front.sepia.ceph.com + mira001.front.sepia.ceph.com + mira003.front.sepia.ceph.com + mira004.front.sepia.ceph.com + mira005.front.sepia.ceph.com + mira006.front.sepia.ceph.com + mira007.front.sepia.ceph.com + mira008.front.sepia.ceph.com + mira009.front.sepia.ceph.com + mira010.front.sepia.ceph.com + mira011.front.sepia.ceph.com + mira013.front.sepia.ceph.com + mira014.front.sepia.ceph.com + mira017.front.sepia.ceph.com + mira018.front.sepia.ceph.com + mira020.front.sepia.ceph.com + mira024.front.sepia.ceph.com + mira029.front.sepia.ceph.com + mira036.front.sepia.ceph.com + mira043.front.sepia.ceph.com + mira044.front.sepia.ceph.com + mira079.front.sepia.ceph.com + mira081.front.sepia.ceph.com + mira098.front.sepia.ceph.com + irvingi01.front.sepia.ceph.com + irvingi02.front.sepia.ceph.com + irvingi03.front.sepia.ceph.com + irvingi04.front.sepia.ceph.com + irvingi05.front.sepia.ceph.com + irvingi06.front.sepia.ceph.com + irvingi07.front.sepia.ceph.com + irvingi08.front.sepia.ceph.com + hv01.front.sepia.ceph.com + hv02.front.sepia.ceph.com + hv03.front.sepia.ceph.com''') + +NOVACLIENT_VERSION = '2' + + +global_defaults = { + 'vm_hosts': VM_HOSTS, + 'cachefile': CACHEFILE, + 'novaclient_version': NOVACLIENT_VERSION, +} + +class Cfg(object): + + ''' + Read INI-style config file; allow uppercase versions of + keys present in environment to override keys in the file + ''' + + def __init__(self, cfgfile): + self.cfgparser = ConfigParser.SafeConfigParser() + self.cfgparser.read(cfgfile) + self.cloud_providers = list() + self.cloud_providers = [s for s in self.cfgparser.sections() + if s.startswith('cloud')] + + # set up global defaults + if not self.cfgparser.has_section('global'): + self.cfgparser.add_section('global') + for k, v in global_defaults.iteritems(): + if not self.cfgparser.has_option('global', k): + self.cfgparser.set('global', k, v) + + def get(self, section, key): + env_val = os.environ.get(key.upper()) + if env_val: + return env_val + if self.cfgparser.has_option(section, key): + return self.cfgparser.get(section, key) + else: + return None + + +cfg = Cfg(os.path.expanduser(CONFFILE)) + + +def list_vms(host, outputfile=None): + """ + Connect to host and collect lxc-ls and virsh list --all output + """ + if not host: + return + lxc_output = [] + if subprocess.call(['ssh', host, 'test', '-x', '/usr/bin/lxc-ls']) == 0: + lxc_output = subprocess.check_output( + ['ssh', host, 'sudo', 'lxc-ls'] + ).strip().split('\n') + # avoid ['']; there must be a better way + lxc_output = [line for line in lxc_output if line] + + virsh_output = subprocess.check_output( + ['ssh', host, 'sudo', 'virsh', '-r', 'list', '--all'] + ).strip().split('\n') + virsh_output = [line.split()[1] for line in virsh_output[2:] if line] + virsh_output = [line for line in virsh_output if line] + + if not outputfile: + outputfile = sys.stdout + + shorthost = host.split('.')[0] + if lxc_output: + outputfile.writelines(['{} {} (lxc)\n'.format(shorthost, line) + for line in (lxc_output)]) + if virsh_output: + outputfile.writelines(['{} {} (kvm)\n'.format(shorthost, line) + for line in (virsh_output)]) + outputfile.flush() + if outputfile != sys.stdout: + outputfile.seek(0) + + +def list_nova(provider, outputfile=None): + if outputfile is None: + outputfile = sys.stdout + + cloud_regions = [None] + regions = cfg.get(provider, 'cloud_region_names') + if regions: + cloud_regions = [r.strip() for r in regions.split(',')] + + for region in cloud_regions: + nova = novaclient.client.Client( + int(cfg.get('global', 'novaclient_version')), + cfg.get(provider, 'cloud_user'), + cfg.get(provider, 'cloud_password'), + project_id=cfg.get(provider, 'cloud_project_id'), + auth_url=cfg.get(provider, 'cloud_auth_url'), + region_name=region, + tenant_id=cfg.get(provider, 'cloud_tenant_id'), + ) + output = [ + '{} {} {}\n'.format( + provider, + getattr(s, s.NAME_ATTR).strip(), + '(%s)' % region if region else '', + ) for s in nova.servers.list() + ] + outputfile.writelines(output) + outputfile.flush() + if outputfile != sys.stdout: + outputfile.seek(0) + + +usage = """ +Usage: vmlist [-r] [-h VM_HOST] + +List all KVM, LXC, and OpenStack vms known + +Options: + -r, --refresh refresh cached list (cache in {cachefile}) + -h, --host MACHINE get list from only this host, and do not cache +""".format(cachefile=cfg.get('global', 'cachefile')) + + +def main(): + + args = docopt.docopt(usage) + cachefile = os.path.expanduser(cfg.get('global', 'cachefile')) + + if args['--host']: + list_vms(args['--host']) + return 0 + + if args['--refresh']: + + procs = [] + outfiles = [] + for host in cfg.get('global', 'vm_hosts').split('\n'): + outfile = tempfile.NamedTemporaryFile() + proc = multiprocessing.Process( + target=list_vms, args=(host, outfile) + ) + procs.append(proc) + outfiles.append(outfile) + proc.start() + + # all the nova providers + for provider in cfg.cloud_providers: + outfile = tempfile.NamedTemporaryFile() + proc = multiprocessing.Process( + target=list_nova, + args=(provider, outfile,), + ) + procs.append(proc) + outfiles.append(outfile) + proc.start() + + for proc in procs: + proc.join() + + lines = [] + for fil in outfiles: + lines.extend(fil.readlines()) + lines = sorted(lines) + + with open(os.path.expanduser(cachefile), 'w') as cache: + cache.write(''.join(lines)) + + # dump the cache + sys.stdout.write(open(os.path.expanduser(cachefile), 'r').read()) + + +if __name__ == '__main__': + sys.exit(main()) diff --git a/users.yml b/users.yml new file mode 100644 index 00000000..7c801122 --- /dev/null +++ b/users.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + roles: + - users + become: true diff --git a/vmhost.yml b/vmhost.yml new file mode 100644 index 00000000..9739da98 --- /dev/null +++ b/vmhost.yml @@ -0,0 +1,5 @@ +--- +- hosts: vps_hosts + roles: + - vmhost + become: true -- 2.47.3

+=}Xyukw7-=ojX487U)#~AyW;=~2|T*3;sF*wup$0!HCSD#av z;Yya6W#De-n-Pv(sLusVGtB~zvc{VXwK?DK(`N@$+|C@2v%&$3^xtBCWRxqI;7(?E zh9ypUzy2)O8zbDoI4ewZL|mVt+!-s*LUG4?XWvHz#f1*|a5;B3duC~q>s8H@F~ zk|kysc$@RY2m>F`=M<*7oCRiB<7tNGxKEepvxO-xWsX}|;V}l^?)}0C^*M_P-pdRR zv%~>Q^<%C}M!1@B?qQneSzz;r^f`y2ci4v+V-HiTF~@No`drB1+=f6GqbxGPTg-6s zhxNIPfp?mZ5uRq8Lzn4uItxs)#=Q*9voA8nksr}#j5*%R3J)^)F6W(5PF=3gmCP{9 z63@|x+4&q=eNJbb38uM=1)gP%O)K=@?RASWZefb&nB%B>^f{NocKZ&aJj4XAGQ;r+ zea0DhkNuSq9%r04ndbP9>2m>V+{n-Z^D)NAN`3BRjz?JG!jJ2}SC3I{TBXmypU~%Y zmbiq0h0Z@CJo-s}u1)H*#sV*XN}sXy`tNhzH|TRSQylOGeO6hy{r!9O7ukOp<+x6L zmcOLWjbGO1h)w$Mci%C>iC@uYoM~=hfk#>64Tj?O?alg(GsP{;vB(NVMFE%n0`~&avOrXNCoqS!1wUf2sFx-_qy2ZTeio95bx&EQ23% z-+o)4tC(P(8Qx@xTkg~EaD3m<=S;@Ae7iocv%u7M^*J=-`95qPV+YqV&CSd+!wOHa zahcbn?|EKMWs-SjIefU|~Km}8O`ndR^w>2o?8S2zx~a0fehirpN%Tc1&f_WZbm6zGP+PwSp+0G<4Gs`0^^9CC~>3;i}K9{nC_pzHNS!CmWeNJOI>3p!A zyV=PK^BnPWea>d{r(B-^XHoXQR^V>i25WSRY(b4dSl_HVZH zC_CBk8_&mS46Jv5GR!TEv6o4<73@FU$s&jT*1p13Z2r9afl*f2!Pdj}7j9vh!3P}g z26M25MRst_5y#7IEb_kJJ6@I<{(}3n=y*AkolG*%$$xOZSYz|O*6Wz_#qb{;FO$r& z$TDxS@rxdJT%XI>!TZ?F6D%_DCw)$0xYPd3c5Y=Si_G%|tDJB`|4UvU*v2%IJj^Vw zvdpo6*5BwpXA9Hp;8AvSa7mw2+0Qi$f7$-Wc3xyBNBu>gvsh)4&6~Xbu#IP#WYbA~ zwz150Z2XG-iY>gv4u<}!&-pBJ1N*s;;m!7EwsXWOea>K>D_LcR&0lqX*~ZBa>T?;h z%&^SUY)rduPU~|zJD6lQ_p-=fS)bDw{+jcAMxWt-=(B@)Ze^9n+1%wmIjhg*OmYXa zEVImE59xnhmn}@NgWK87i!5@~Ieji^9Tj?LZflYi@T29wM% z%M#1H#l~;BUN7i#Av@T`ZWdYOb@p@YfAqI`Kg@Qf*vTC8yvQm?UDW@!|IRkfcvzoh z7CEeHpSbfj=eU3cu4j#h7~1Z3JJk5S?dd%}??Eh?IbFcSdoXu{gSYhRH@7KQP z{Y%YUoW}&0GQ%QE9CyWBJKSH4@B-tU(`PQ`S>Q3&c$T5>+kY8j;0edeCgwPa70zXF zr|W`Ib}_+y%RQ~g)v@bipiV$OtZoh z4F1r4@jrdu%LI=y!@;-od5M9n`?{{rLg1>;P4;@nG@GAxwO-&<*0_S9AGwbi;~}P4 zW{yJ#T&-6aWpKCSWt2ymVEe$U^$bt5#CZ)@>wzD;P6u7BM;IEc&n-;z`Vf6Cf2Kaq zF|^0NH&mZ(OmPi!Jjx2^KTH27_8~?&V3hJS<@j`vhe33reL;Bpw3dg)e|7ZR?quk5{r;XF+CYHE2tiRv=@=ATqdX+v8 zFwF@Q^;u?(tr7j7dwqV5K5tFZ=j_+&a|i!lN|R3$IHbmayx50%jRF%N8e~ZMyFn_cW^P&+`v3{vBDx754ztN;m|i-t+#U` zQ;adol`L@!`#FA^d4KIXXB(F?!42%@4i;EomFE~dkr`%LyPa`$WG3Fmp;$3%8l>V|DF5pz4|P^PoEp#ug|kAvoEfH)a&A6ea`=YK36W) zXNg5dJM=l1;orOO*v`}J1&kx3r?m_A2-T%SAH_y^a|Dt+eJ z!SE;aIhRGQWk1g|e9UouQlF!e`kcr-qpWfsTmI;Ec&+P($JoiM%yIl@^ciR1xbwm= zPcg>pOftI8b;)(C@gPHg^1Aa`KgZEb@ho%PoN}FT=;vI&Cp<5sY+Ubp=VfMiizSZ# zy#AkEFN`qFIQKBk3JV;*L7&Ml=$BlVjIqoVC)}&g6f4}v;9p!XU-W!j#7-ue;~th- zVc?|a@3cM z!#eTUR(($Vrgh>TR=K9zb@HJ18{g7riAj#xrq5F>Gj^Z;Y0v*1eI~xE&rC+2_kB;F zD|hI#f2aQ69PbbHSzBO``I$a5x8Kf1}TILI3vm59@RDQT;Rams9%O!%nt8sLz$GGR@|H`1f+Q@hX#?{5O3LDC=`C z8_#-u{<}VJv4aC1(r50HKF8nG=kU7zL$2e%HGijTUmb9*-pN%1uhsLc47%oXaa~7) zuhpB+xvv_p`TJb2$IrZ0PjcMQYxOMWvdneQx>j%er{710UGsOj?)zt7t9NkqbFS69 zIrX{M>O~G8ajo9Z{R~$e&kOW2o|gxRBjE#VVUeU-S96{yST^fpKnUC#%eH(u+MWS1@qFTnw|y1eb@d`J7zW4NF`z z#?Sr7zh{iSR*$eU!}Ibg(`vK74-1Rp7NBsNQ+x5AfDGrP2b1^GC zz~CkCBj2gd&^&$K%M1t1*XJk(9`(A)2oZ26!*b1bpQz!lf!QhhFFoQIg^(GTe}y-c5Tmh1P~hd!#$wiWu^ z&K$${=rhIO6Rz8YK36fpA~Wp&m_Dm3^{@JOfRF3**eZQyKB3PsNqz2GqtA7p*1zU` z4r83QR-fCM;|*50;4}Ky?LUn2#5#S>T(8fipV#Nf4f;=do_qDV`-}SQWt!7F^|_Tb zUSg=<&wojuTbbgpjrzQo6`o=6zg|bbtj{D9JikewQ@^6mrJMC{IKN-j=VivZ?Q8lh zb?Nic*Y&x2i~dvI?=i-+OfmQkea>KoQ?}~g^!mamlT7e9GYoxGpK}@bpLJo3L%Z!$ zj4{I`i|k^JB{tvE`hncCul+^TR01T+6_KL4kb?v&tB6 zFv&6BH9r@z$Zf2#%;tf58S}G~9X!Z1Ys_=(_dI{YpulBDxPOP^;aR5HxYO}-@((;O z%aHzQ$<%a$G%rnDYmN@?B`p+5^ zSjq@@FwS#Kv-yBN=ds34hK8AsG4?aX3BS;1oE2_m@Y&82qa2pk=X_?EWQp78kAQt% zzCLF&&J@!;$O8LWR;<=a^&qBV9Lt)aMzdm_Dx03#@SZpY&ho{4>g{OmO81 zeO_nj_Sb*bALaXu@K{NovA^hZ`AL0VXN^s#^j~CN#<-g)9(_=svD5mjGC10G^f!IB zmG!xf8P55;K1ZL?f3bD{hd$RZ&KYO*xt0a)WsMbvLe9fO`aHxG*Pqkp!GG#=Lq-23 z_CZED|GYkXnc$97IG4?w~IOT#qOH6aifAo2ZH4eY1|5EoOV?53j(+}%2TGi)S z2FH5bBl_HUNuOt#;lxMvnPT8&?o&qCdRd=&rg?@1PIye8>lhm6_!#57UVR>Bj_r@@ za}R?rci%F~88v-wVuq(!V(5x~*gnMw8~gMbW19D}z&Tg-nZ2(63XkvCXU~82x#EUC zTc6TrFN5QKeN&%v{-@6jGfdsmXS}ZeO8XEaoEW%XkMl6o9R0NG^}=ljT(8%-grN!c z8^)L&c)gzDQRdj)aJ^o+?V#)R;H&JTjB?@N>-7XDJ^gw;!yHST*m%7jnCQGR!efl{ z@(_Ivc$Pj-4bx}nIr^`*kB!jhkY;^OV~%TB;rtiqN6f(}$BfkHW@dPcCC+-G{%agB zBdjvc)=~OA$pXi|NS~`2nq*$aIPb;!oD%ZRp$_P&~e*5cJ>T|$EeNKC|J}V5hxZflCJjxV@yhfjMSz(dEH@IIX>GJ{;T>D!6 z+y8yCKKC%t>NsDg&(Tx#d4g%~dc8i^wdix(8}#33-)Yt7$T#Y9HFG@43MWq0pX&97 zQEp{|$C%+QmN@B6`fsxDGr}E=^DNUGK24vqS>q;#rrCEG=T_EufuTD+&kTK@oT<;vck8pt%I)vB z=}$K=qa6Acea>Ts_p!u&2JZ6TXX$e{<2=GN2fS6EVb-{hp&70N#@IDmpC_2(khkfx zjgdFI&e_g9Q#{5j`&i<{IoIp`T*lB$`w2U^=Iz((-5e0RUN5qP{XD_&-G2TZo|paa zyk76*$@$modG2YyUa#`jd#=};+w4;duGibRWYP6{lB=2J$i>&|Wmehv7TphAueb0V zJ8rvNpKUAjd4c_0d5``q=kH_sy!07;?)8@t)ZB4-r!nP&K%)`#tk9n#IeTE;_=LY6^ zomDQV>c7u=vyFov(dQy&Ir@@5SFv%C_fu@)gh%zcp53gl$Vr#=xq;#L`~8vaT=$qh z$Mxzn$tsVsIqrSY z>T>}*x%Yqi98uTj=BGVbZ~lPuJn+eS8)pxCvYzBFW_fV%ll3x3JpIXf;}Yw_b}njs z(&y6Jf0^ZJmRMy!Z!q*h`}s3GFQ+oWB)hqv1=d()c*v9W;8NEGTX-MiEVGltpZTP} zkM%q(a|r_<8WhMd%(INKd8p%Oj2U*a$Rn&V@GSFocpgT%iXGg;G^@;W?64>66~@{4 zVb8+|b8P2jrWk&<`MHEOCK+0$6LdTr#uP6y$3xHYygb3+M_f0IvZ2ZO;Rt5f!xFDD zu-tX{Tz!sZ{Px$w9WP@n@H}f=^*sHLx{gQavx_P2WR9m<;gIL+udtsm%9TuTNwYrJ zvBX^r++#f%;hY!fGsQIfS>eKw&QrpE#R!MI(0Sr0rnrb%ZfA+-*w4@?$NMq+1lzcZ z31->Nvn(+9BG(DWFu2nCv7HHaawqd#G}_N`-HWaB$K9tP&&vTXab2*?EccFa9kKPL zj(e5so-JI*4(?+&FS5vyV;wJtzRdOZ3HLGEIftFx!91_C%J4Y-)viyraX*u6dAUAg zEHlZ*Px?8w@FqKWKCI6Huh8c-_VfQKy94;9s_PHnp+<;US;dGIJ617b#SSY*R$0Z$ zB2?^H#f){V!^$F5>=?t0f5$q87%5_hg+;7Tv0_BT4v|I1uwuoGAy$Sga~(2=EMkWp zL(EvG9sGYc=e+lSdH>#*`||m~q44c__uO}K^O}}-7abqBEwvE!RKKH`CI;rNKzl{h|P8KUb! zyj~y{Bfg7RgIMrw93Qa_aW7&Fu@^CG296)X>kMKg;%vm_h-(pdAnr%(Mm&y~`w*Tt z-$6daZHP^X{wg@c4Twh&qlm6$n2+z`d5gFcu@Z3~;u6GTh?@{|W@3FoEJe(3!1E5V z0x|b4IK&Rbt%x<%$cxy6n6n(~+TB=R5DO6JBSsNh5nZ#e4j>LkbUchcMJz(}eh=#l z;%vkw#I=YWh*89oh~0?!E3mEvaD2r1h)WPRAZ|s>y$AUo!Sw)Q0b&PY1>!-(I>ZEG zE8=Oyy@+FHBQN4S#N0;AH)1uSdk&6^xDxRs;%UVEpQG<;kPq?wdvRREiu-U}#G3D; zZp0&qIVT8{ zM-Y1vbHb>j0pmn$MVyZ~eL2R7nENosiCBQ>cnr@c#3ICDD{y?oQHV{5QxQ85{fH+K za~{F**I>Me6^PA^I6mU3pX2z5RgdEMh_#40kHa_N_=qzQ=OZ3QY(?C-3dcwMYz>az zjO)e6aeTz}h}DRF%{V^dw6!=sVnGY?J%RIsSd3VOSdG|(xEwKtxD~M%u?unNlgPUk zuRn+dh}DP{h+)J!#Jz~Eh@SQ6L&PPBClRBFx$7|Bh^2^mPvQBCI0mr^u@rF!;xxn~ zhylcc7W5rrC1PzW#)DXoxC8M7VmG4yY2+(lLCkGM zy_<1-#CH+v5W_Fv_=q`eI6h(vqU&iq4-tzINBk1UM+_l0BlaS8BM#ky^RWTrLo7zD zMyy5*BQ8hWi?|iB53vie=tZ25XK?-y3lRN?6^P3b>k!)!TMT&Pm@mX*h~0=q+j0EoaJ~`C5NiKwOR(Mcj(G2eAvW3(@f+ z)(gY}#8Gdc4-jV{)*&__b|9XN;rWPIu?OqTR@8-9ffz(wf|z&{c@a+|9zh(q594?V z>l$Jy;%LPAh!YT75i1Z6AkIQ`Y{NQ(ScG^8u^KV=Ej+&wyAV4Nn>%rQ#EQ3Z{9obq zazBobI2>^aVj<#I#0iK;5GxRKqPRXdfa4>M{0okc7)5MF9Q+B6kC=z(cp2*nViDp* z#A?LFh)sw)5jzlj5lJcZ+LM_+u3<0FQWI6h+4zi@m+-)S5lam>GQ{9oh!0K`(n zjfnFR6Ns&dD|&H!#G?P;_&ac1#3DpLVm0FXh)sw!pW*n3NyMDr;5y)QoL9sy#A?KW zeK@a(lMuHeh7h|D_aHiUVm(JJK+OIx#*0{vSclk%*oxSR*o}AuG4~bp;~DfBVm)FV zVgzv$Vkcr3;%A7icC7zrF%HD(h&6~I#Ad`P1AEWzMVxhhFMfU&Ur%KBo-KG4eT!I$ zxD9bR;z`6Eh+8k{#m~)R-5k<;Hg^~Dexdhl8R8MdI>b|mn-HBjz4&=qydEODUV}p{ zM%;5@@7Wr}@}a$Fn-QxJ_af$9gySO?Ar^Gt-w`Vjs}PqXHY4spj3ag<=D2bE*Ku8P zF^-Suz68fd9EG?Eu^6!naSEbqH`d$BaC}4$Vh!Rr#Ad`Y#Jz}>h`oq&5ewcxKOt5k zHX$xY+<>?PF^brYcoH!;hCa^2@eykf>kzBHgySPtjKuK~*C4uni}|<$$3-khY(}g> z+>5veu@}+f!EyIsT|_L#$5F&ee0&UXIpUBjaeTxw#BRh+#N6NEc{d7q5hoxvAqEh4 zAT}c&LF`0y?Zvu(Rqxp%#G#0lh@%mgAO;aPAvPi&K+G%XJ)8d~o-c@Hh!d{vJv$#U ziP(%dcy#aC4#XXZz3^R#-QwR7bM|4J*I@jJ1&Gy%Rfx+Gn-I4m#t?fEBZa8z+=v6mVxAFqAQrrhaUfP87F`dA z=tFEpoQ}8`aW&#e#Qli5`|&*UVw{Lgh)sx_5IYbLAf80*Ma=&_UI%YLUc}sSm^VZp z;#S0^U%@;hwjkyl!21xzy=O}i*CWnHJcZbbIOayoFXCK8$2&Le@ z<1tP|AL2>GI>e%bm}kTaMDfT={qArKSX5E&7*Llp*x@QDrN7G_k>GKYoq0;Y08x?5A)ZtNc-zW$bemd;(@Y`%AOv6I_kA z&q@7B8~?2j;zp7VhZw(mfWz_bwWZ=i$1SPfQ9sB2>h;0r7L}&NBn2OY-*FB32U15x z{wGc25gWMRA;uGdpUL^J6@Q6`)p+9YD{YL&i8&e1^{Z6&hhM?|LWTSx_!jnK6?_zazm4%H;E%As zULn65KLYL^Tbh!$lFq)bH~CG^{sbxj9c?Zc?iatu-FxsO5ax zdSiax2~&<=%M@G?u9cnk{Om7Z3*0dU7lSMON-2JKIAr+@by}{gLC!NOl}$cx+Pb>d zh7TcU2YUzB1o3d)Q7&EgqWJfY;!?rzflEU)bH@FuS@F{>uMi+mFI<6SBq|@{MTvu zIhy-PoG-Di&SI~UU#zQZY%NwKSDk&tD<;V&3BHRjx0@ zI(Lly=+sgAc^&xw^KIFuIg@C-6FHxL-uPqD2jcZ}nt~I38fG_xKfk|xqEAmKxENg7 z&$lSt=(5t3 zxXr>Hh6}R$n}rjvE0woVzI+Q;2v^5$&Up;`8J{2S$TZ65vB*~s=e(1g3u8?^w0zv3 z;`1YL+5XbhKMzm+j^8xL9}CwBH%h^Y*OgLsgDvvqVZEQiPJ6xW@3=m=#R{$#Zd(SY zy8d-@o*Q^VTvev^!*CrV*1r)yC{0!R3D2|D*LxwzoF9_^H1%2itRMXM;<`kvf6fJ^ zslVBo`rXmV1K`Y7uR`R>?;&}9KK*7 zjc0?*8?IBu^Kl>hZ^%6Vy_kP5{P6!NP5q6^bxZ)hoV`lDVfYUAC-}Hl{S$-VQb*&F zUYBzoF@EuU>}J1RA-}lJTmNIqU!>s0b>4pV+I5W8_{DYJ;6;>QFZ}P|3UZ_>=(-N8~QT>@Aye+N`7DS=YC^O>W|vG zZ18dTdF;Qfd5-4wRE)=YuEVjH{p||g3-7KkP05i8J^(+C{ZKqN#lxx}!tiB3EloM? z^}@>It#yZ={nM$>>L>r?2c3=RgH->+pSIyW109a$#WWuM`teHB{PS@|em}hHXXNQ5 z^)nuW55do8{}}(hRlQO8flDa=WePq4Ka&0B3f?`);qbBdWblU9Ps{7s8qSBI&_nB6 z{!kpJ9KYtV%OAr3(2on^pH{9cO@Uly=DrsBTJX!WrZgqa=)qle4-` z?SU(0HyVFVJ+$!|uAju~=UjF-m>qvCjw`NbTiH#qaN>IQIJ>siic zRfl-}ELxYj4sks@gPm0!;(E4;oz;00*R$^`)Dec;#`&!3XoqWW$y|qc{XE9bs*Y?Y zz902u=JVl&JE2fV72E{QXH`cCu55kgI@;hCu(PT|ynb$CXLUaCU-TUVAEo13twSEX z-t6OiR&|ua#h=PtM-c7|JF7Zc;JmGw&xd&Z9HCH058QOlXH|zAi+uIdnd>NlTfxq% zjsRQ-JFD~22scil4)OYVl=E5DaTu;=L*_c1c)c9<3^}Vh3gODxS=Hf(o2pPpJ={Fb zXH`c8t}c?fj!w7@?5yfY!gaB;sv{2!DqTt^sg3_Ghj+TjB1 ztm;U>Emo)_8}HF9<9t?ic;T9!%Unkl+)j2@b%fwfva_nA4Q`D>9dWp!n`nGib@ajI zJ)gM_&tQC?jh$5;<#6@vtm+8DZBeMB1#Ug(v#KKow`p_cI(py^va_ngeLk-DU!Z(e zb(FyEQK%yTH=6TV)zJv&ZOdFo6mBLvt2z$Dh1prv;mme8-dCuj5N6ok+Z793s=m}s*WnSQ3`d0;AU_>t2)}?0^2gz z5r?+xEMRDIy_&%b*w@i<#5M1pH&?}xRbxiTt^Gs@Mz}q5reB>XH`cJ+;oLH z+&Q?;=6qIll)%-$oVktw+(vd*=c5tsFgvR{qHyyR>NpH{hVxm~;k*#*{jW3EQ3yAd zomCxvxEgj=b=1QxQ>Y^Xw}SIo)zJwT-jTVEB-}1`R(0eJ#e2={tm^Q=tyid{7H-&Y zXna<6gyHgcX0D?hZVEfAIudY8*jd$)eGy*Yn&`Mz>#i4W1Lw1sv{1!U!jgZxG|j1st%7E>;0>l>nMkt#m=gZAY3y$t2$cXjw#d;gWJjZ ztm^22i|xu>hx=l@zroI`juJS}YnjhS0Pc)J9gT34IGbAsGM2dxFWiXVlC!F#3eL~Ys*VucOocky;1+T|t2*LvOZH^0 zqYrK~JF7Z8m*VF$*jd$44!2ODjv!pt?`V8hb+o``@6B9C3~n4dt2%n%YS~%U;U13b zXN5XSgyVcxbp+s=-^^S`BiwFwR&_+-df8dkaTso+LLE+g6K?pv%;%#J&hu90I{a`` z*;&<54;Nx*RYwGFmqHz#a2q+F)%i%mZSBllM_!)8afqE&9X`06w<(`h9kp=pD%25% z8_W5u>S%{6*`K+N1l(+PR&`{55#MuUXH|z6?u0@eRdBmFpH&?pxV^v6Tt^$+DRx$M z#Ni4KWIi8#a06G9!%|2O?e&*G6xRoy5xCCgd{%Xo!};GSO?~EQ{`~%4&x3G_*;&=m z0vBaxbv|NnBNXcBfqR$pS=HhG64v{Jnd>Nl8~g`yR&@m6O4(V}(FiwAp^hlrEY4?D z$6>hIc;-5s`FLNMomCx$aGmU|>hQx&Rj8vL?gZzvsv`o|`^Qp;cv$sSXFh&T;@wig zEUy!j`S|%wc2;%d;U8x!)Zv3$#QCi1sD%stsZWIUw=6qIl z^ue_p%3O!%3cSzH&Z>@bxIT7Pbp+wIDAdscH{!j_=OYGJa5!@vJ#f?5S=HgjqQ9J- zRUIX8dlc#jz-{JyR_CJ;F8Y_ubwuIbXJ=K%VL12ul+UUT=atB(P)8x$IL>EPhaax= zubJzphnvgJs*VU;D?6(?I^j+$)RBbS&H1eA$Qyc*0S)C6*TsJ$bI_lw;Dbx{x8~k?~pH&^5aPH%o>qx>)U}sfF-Zl7HZ+2F7_~6zn z)KLq!hVxm~5r%91ICCBCaQoO<)scX6^iV#lI$TtNJu^9TB)??5yhOgllJKbv}}CV-)JhE5da# z=d-HA2iKje>!s=Ubyw_tm>$O zi?g$;BLp{7p^i4V)11$$jyRm7H*+0*aHH8-)!`Y7p9f}VRYy78LWMela7#I#RUIvG zjsMA9M+|N|JF7Z+;Ck3u)#1J#-`7y6qXcfqXEZ*mIs$OHpJ%S45pE(ot2&}^b?mI_ zI1IN@p$?}P*V&xUs*XaqNMGhU{BZl(S=CVw=ln0_v#KKkw@aapPPkE=&#I0jT+x}# zb>w02GuTRv9qe97VcezI>K<tJV9M(HW9f#q1&dpqh^G00P4J2n(MS%`xu(PTo0k>G8j_j}EI-B!Z)!~I}8l1U~D!85Otm+8Con&WKM;qK4g*xJJL(ix2 zS=G@8mzSNn4o?ZLv)NhIQ4Uwn&Z>?e+!lp8THw}mKC3!naGNg3Tt^SwL3UPkxNpMG z0}r8mR&|uX?NO*B05_WRS=G@9=lw$FI-+nh*;&IlQ_XNOC8dh~O>)()3-5slBvCE&&>xNKZP%vEq+xb+II3htnS3&9O^XRf0SZoGnv z!_8B0eQ+BToCiaDSHYFT4Zb*Y9YK%@3a$lifr5*{ZB%eQaEBC}dm_HB9R`etRbQ3B zO;m6JxP=O?5pJ`Bi^9FH;10tLy(DuT&adJ1O~DnyEmClPxGf5<9`2}ui@*)b&0I$( z+!O_ugj=lO@_hI@RKfY+jw!fWxZ#&(t|JULRl&8xEmd#{xa|rq`&PUjDL60Oh~b&* zsDhiO;6iZA6kHqJP6Zc-JE7qE;6`4Sxem`HeBG$v%HdWhxFFmv1=j+1O2Nh8M&)I$ zqX%w=f^$#C`+o|q1a7y23&5RLaE)-IznHm>DBMg1cNlK9f^(MPI#$6I!hNRT{BUDN zWUiwgZkB?Jz^zemopAdUToUe#g3G%NKZpFK%yszSW-GW_xU~u{47XpwwZmoQXC7Yy zZk&S4o`UN?1?PoZui&cS4l1}1+`!8-*U<(yUctrT<|(*7xD5)ca9+3(S7olF3T~Q$3&AZ@aBXlq6=Zp<~A>!^pDrQjlPYZP23+&%@Dggc|) z^6td-Ut#7td~mZBTrJ#M1s8_fui)C@vc8;odpunOgo1oxY;1(#j7~Dn$*8_J*!MUg7 z`mZQ+9VKuR6ufih@hREmm-OmAL*>a6Y(W3a%Dz`1P6V2*V9oQ<}PNzc}?felvalBai<+ z)4q8Xe7x!B&?mUAGu`*ubl?At<7j-k-zoPYr0lzqJeJth!}Ya_IjKKr<2BsZJBoj( z7*D>AxWjd)+$Ui6vacFIpWynQ+`C~sC6piE>P$Uc9L@7rh`;y2SKIJG_!b*J0^h~H zfyd!$l8-+w#&gpxDLGX09Qzx;xNq?S_K#@3Ri57qe}?^+G;fhV06$^^jpsTAABL}B zf4zc_!G~<*7xyjRZX>@3J%8MW7x(=iaWmDcGX4hUflP8JNr)*#uJ3!bc_1<#eM&Gv&W@I>S6VK6!$G2Hj(nHc;~seUSofi zLVj`I|JCeO`Z)j}W4}-#zqs%J_^+vtU);BNr465iKg#|Jh4F~{{txugcvR{Y_x&$s z|3iiR;=ccF?4P@UKEbuswEh@gU&MWj{nKbXy1!&v`s;&i)?x$y)wD%Y7W)A0Ypl zmfz{0llo&nucuBtncVk~Kcsn&+bd;(mXOwSj?`svBW*F%dnE{dX#{VvwuYMf0xgXxNmXw(^Rj@>xB<~E&Cg^{O0lS z$AySN_yg=!*0%_J)&?4n%6c1zAIH8yVLal##k<%SD0naYF&pCvzz=^$ef(kgsq8;d z7*7noG(!1RUa!S{i)XM`c|G#rHDZem?}yKNmd10H!uUh*quF1l;G^(W>{Y&=689~R zv;P*p78VcJe@y*vc)f66g#T~|0 zavy=O_$B498o=ZKK<>qTi`%x4Zzb+G!bmBuqx z8$ZYX);DqA;<4;i)~h6ZEqj&q!GkwXlk9)b7q+h3za#AjKYZ*rG=AMrs*?H;e0Vo` zy?<``Zn`)0kGOAfH+#K*?vVQgeDxcY|3?F8B3*aOy?Yq0mty2wwfX;<-231c{+7J{ z^<#_N2jMIBkYAwXZaxs8+$m{(! zSML4rb?l!SkQ%6>`{Nr*Tg`XQI{})Q{aJ?<}3HY)g8VCw>bD7d6o4x0>9OUkHh!a@Xq1l zzIQYprT&MX!CtBV;lu2e`X4^;FEpMz@U@J1xZX6)r{R3X;O8ATdH>z%=gZ)e@E!jq z{|!p-aQ$^wx;LC(&tu7JrK=Et3f>zOm;2WjJJF?qxMi2D{do;CTcavy{b zJ0_;aq34gueFVN`0D1lEmoB-F!xvujgSDF6^eBMAB|3Za&~AG5FleXgoW#{M$|5FrFm*0keNs?md@dJ4`txg^+$Z5@6;Xcu`ed=(dp!7h@H+Bu zQ@IY;I=T15N5+!Z`|TCE55dp4o_vXxpJRW|7jfU>H8y+#{-6!-z7jt-<)!hc^qUX9 zl)Xy71>qO5SLru#-(u$tG@iwSXkuK0?@jLqL%+r0mx}*XjEC+Yl6&VUKp%O%-yCz( z^BdMrFMI`i{dzb@?gQ|9*Ad3`Ag{lFa^U;v`3?Ok?pr*cy}mvl zk^3-w);*LztexMJavy_VGn;&yHa|n=Nyn3fpE!rS{`I3r?mhS>)BEgCYWZ)GdvV|5 z{WX+d@8|pEJ_H}Sm%P&Y58q+KC*b>Rc=t7UKF+1_sPwbAZ}D9AD*YUUkFZzi=Lme^ zeKejaPVVQOruj7Va~yu*4@`c}57PU=;GOs)xZ{5EdOy48r+Y&`i~AP4gXHz~-y`<{ z_(t|CwSM->eHecDLdvhw4>9=ZHhdC(wGA)sTYP~11=@PD)HHs>eEQ+vUrgiI{VhLC zpHG7i!S^gP&A($ox;M;!6uz{9yuO~~$bAC-Ap1^j{_{=VFdlK=;`I+x{^zvk``1j~ zFdiTLq!r}#^`u(vgYZY$>+8u+ZmzMj0kp8Qkpqwq2IuWS8$*5nQ27xyh* z)=K%`(dK95kJ86)7?1lpeEs`0d6o6Y2OqZKgYXAz_y~OV1{#k_|A_k*PhhXoKTagA zW8a|7k467@#UP%c@!YGu9xX7dh0^mS?ps{YMqclq zu-qr%TiMUj`X?gyp6hWvwuSP)sLjvoa_@)V#$Kg=LhvVScyZt2(J#_?RPra_XR}A? zsRzG|{onrwGWNe0`%JP|=^r2bLG~*B6NInYO5@KR$m7ZRpY-!<=pS+4;^20Z-zE2P z_{MhfcWU+4)}`k+)a$&#;W)xx@1J_P_rh1cO8NEc^G3N3!1wGTufINSmV0sE;^nWA zKdFuXcXA(tuj?SM(ho`as15HKhp!)Pct3pM>ogvfeiQdCp2=RN-=gr%>{a?L0iVB{ z#-m?9U;g9telYZ#`zu(l_L%&Bx%a_G_mS88?I(-U^Bek2+_%{E7J0qj9+CS9{1W#1 z_47KpkHZgnoARslgR>Yv-)qBr;g{L);=aW(_Rna~_rIIQZeIbp{*&<4?CZ4W*E+fP+=!p|V6Xo?zzcFO?pwU{FEpMDvUq)aQ|?3X zO@Ae?a=xPQoi=;|-gQJhzZ*|NAA6POuefjVLiQ@p-yqOd_6^$nbL{VWH3DD!0gYdO z{#N`n{rnpGAr8OvLzDln+&jOD`TRS1{rS6jae973|A_k*=N~7p_s>qb55PCG*Pp-p zgW5{G5FvD%CGw^KbQI>eBsZ?>;2<>G~FBe$5V#) zAK2^t>ITC+V*i5H54mz5gJ1Rp<*(8FIJr;4 zpIA%&Wo@Odrj`J?ca>{a?L0l$L1O23Kw7RT7D^qUX9 z{7D-B<2l@K2Tb#6=${~b;+H1BKAheU1|Na1-$h>Ux7s!7-q3Gx_yg?q^{QU(#eIv* zUZecap2OpBGlhHT1sPjTPkQ->(O z?w39x_3m$AK97^v`^~j3-5buY559@L-fy{bAB1;(O!*WbU|DE9&QW&fo7mumICA@^bU)|2Fw z`XBzV4WES1{X{*#=MKD|$zG}d;g_*j>VNnS_DcN^Uv`Sd|GAU84bFF8ZLN9&&-o4ldk zIDD-GU*zG@n))5jw--&`Fn%YB%pO2qrQf{pWj1^OK4im-`xbYwAFGX@qkg?-7=H}@ z6nm9^OTrgsQN1et=J8|wXTN$d4aC)Fnoq<0`{5^DK>2k){;Bl-F?ey`;;u``V`!;| ztFATO8|sb17v_@J`)#@0C*ULOzpwRAv)sGCiLXzGQ~ql-|FYcs;3r&0UZsD;eTx^_ z@Dcd!HhdiZ6nmBaaZbnkQDT!SJXHF}3qO;+O8F3wb4`F!c zSQ?M+OP`VY7<~R@@_PR)dN$n~`X>n=WUu$n3c2@u3-8CWAC|@AUn}?GzQtKnXgsaN z9j@QVeF%O7d;RtFUAd3KPq>}(pVabyD)$NaG3De(XygClM(O;xD{(zPmHZda;d*a3 zdBgb<_br}#2l$U>1-pJ_8oyyaeej#brhItl{>IJe^J(xw_}(9r*XRGW7t+09{v+_^i^%Kq|9iQQ z!^hYk(O$p)YVwBhIIHmbSWo%y*Vc!uHtBf0@VP%DuX4Tu@O~RU4BuqK$KX5Jt2}>` z@MqYMr_*bBe*n*S@$)B3sNMzz?}zVTfB7Z!39h-O`83Rb2>$5flwbG1+mb&21|NlY zzDRzZHXhGQ>E6&k3HVm_`uco}+`DJu`fV%apQQEAOu6^LH@-x^>|CxlZ1RTj2jSz} z$?N^!XYz*eN8k&7O}}F|6&@xtfq zH2JA=AAsLx_A})^4DWx1@;{=DXP(^0;E%A!rEcos;@IEoOA_AOPWe@yFP>`rda&fAA(=O{(1!;h2OS1F9&ISb!UVXtz&yzpDuFI31MfG_Bv@vqnXdU-#G;rE#R zujD=kA9$VemuUGp_S^sPtv0;pdw74zhWEqg?xykR-~a70jo+~Tgy5I%G5NcHH78X< zKi}_*!uRYWudkoSP2R9xCE!cnBCoHXpUJ&Dfa_28a|X~vx&}wn$79IvgU^4P^6Nhj zc9q-*;pgrruX4U3@EdLTIQ&r?-gytM4}VYNQCSbY@D=P;)}H|U3ic}NNf_RJfX1Wu z&r;KT8u}*&zc_C4=f9kOz6?GI-`z!C@1L;A8_ut1Hr@~aGkLv#B69DCkFwW)ejqCM zA^2hMQU0yk^Y>ITC z;n?5$7Kfkz7phm^eFMC{iryeej`uy|9;_Lko{Pd4# z{3<>QA7wvYTc4kj&rbsWL^tKv{T8`*&&BKYag%>l?tSpHJ|-XJx?G)dAB2CG{ZP$w zG|x{S|2_7natx@;InUuLC{6uU_8?aiYWLs+@vEEj6{r3YziEBW9}9zT3p?_AXq;9~ z)KJMz8()9Uii{;nV;#zjG4IhG!vR7Hhqwptf_ym0637Q9$ z{Ng;+u*a8FsfX*ZyzhPRd)a@a`5w6s!f*X2jYs$A?2xXr5%}hl@NPa^3wdaM^y5@z?WB(&D+OUKJ15Qn?So7yV0p{-f{{ zZTJMd--Z|agw3|$eeiYcFQjrU*9Wmr*b4TeW!})A5%{Q$@rZrG_OQPa&js;tJtm)j zu}@gfX!;W!Y@Q7-_6duyS6Sc0K4C{}c(G4d z-e)v^mHc9#uuAs&`uUE0e#AauJJ{cvItw^o9Q#|}#6DqXY=QQd4CU8-&Tr^Y+Vz6r z`6%`YYd%Xptc~YdxflC{6*}n5>i(;8FZK!RF#E}JFZK!Z51{-i>yOwcY_<(A_6e)A z;l(~-E7+^_o7g9;#fBIAgl%EJR-6Ajz zbID(&<&Vj|*e9%RpvnJ1?!`V~t%FSdsN9Qv!uGnztIWUHC+raWpf;bM$n%SR!YaQ!v32Qo^{Ag`F9QF0k@O%{egzdE9#XeyP8(!=aHY8hp zJYt`)V)p;h=I5KHdJXSeiG9Mx4x#-2(CQ7FyrEvPPgwpJOn$4}i+#d|3p} z`q<+~Zc+~{8T8QBL;kQ3QS1{o?Lx}0;>A8;o7n69)-4~8*e5J+DCJjqJretbRod`k zpRlkEFZKyLz+UBj4Y5zyn2TuqDqidp*2rFeU!zw(KVqM-J#Nac`$4ZrpO0dnFvl>H zA13!=pRnPPuPgzlwbGX zk$bUE*a7z9Jr?nB{ZQ`3K4IQG%CGxnaxeA?YyP6iuakSRPgvgw@+$o)_6ZyECGsk- zFJhmtV)omqT!(9`d^}>Gu#@anzTOf0gpJCl@u>LJK4I)t`a$dy)@;LzeZt~4yx1o! z=W-gq{`JmV^7#?_gw1EaRGZKDJSa2kb=LcH;&*fh16P7UhLG9A@ zQ|uGwzrvLNBDqiP6UKglHl8oZz1SygocPbVc&PNJ*e9%-Jx+D%VYMELeZqq5Rn|kX zPuMmaUhETglD)ouUMsIx>=RabCDp6a&tjjjunjNv2|HlJi+#efN6~mx=11%kHpPY) z`-ClLug}lT^7#?_gq>usGCyLUu)?d<=TqzxR%649eZnH_Rjy~mK4Dn}G#(W%_6e(I z|De{--;mFb*e5K(Ua9}#PuuWfpD@?e>hme~3G>3p}3ct)=oBvgEFZKybu-EVF5s`bbPuRq3DZlQ2BllvTu+}1z-!J!K zpRhC6kyq&lu}@geSat7(A8Eq};Jr3{7=DrsFZKzmwBf}*VYTd6Yv=b<`Fx6f!p@kz z^Hu5Vqu3{`>3W(^mDew^PuNcOyR`9KEYC0Y39Iu`e*N{mNbbcxVclk5BKKmSu*w@u z`OD;9>=U+^y?#C8mwT~K*pzXUU-tpI7yE>DvR|OhPf+f~K4BBSqCWp(pRgMC`h14u z`MvO6X5S?DVxO?GV$*!K$i3JnYzO;sTD=_g_kZ|f@&1F@C+vg`FZK!Z+(_doQOGa$ z39Gi@#XeyzHoVv;tc$&V{k%y&KVqM-;_)>8I~2w*_6b{I!;5{w4zt($ZHIh3VxO?7 zU#0P=thZvHuxj=y^Dp)ZYq8zjgHNzOrq!D-_hO&0eYenfR9+t=@JaS6=S%Dp zHgF>4$6Fn#ht=1E&MWY9z3f%;d*Mgh$RB_&v5`LvU%~!+3geH#M{W2deD2q1epKr9 zcu+5UTsmc(Pd~iRM*a}|bQ?YjU&H?A+IVh~_gez~G<*H~Q(u>R_my}*@K%~1-B-!I z4}Q`llfO^ygYfewlmDhRevbXUzDMBq*zj@qyfVtKvVMwv!YXZeu}@goh8O#U9bm80 zZ(^UYqc*(QCoIYS``UailFz@`CoFIq&5uv>7W4193g54>;r;ME>{aGJ1Ya;k{d`5? z12%jDzLotPt=<*#`4Rhsxo)TNsGKjcPgoxNHZ8x!e2RU-_S*1bpRiy#jpt=8|62L@ z#Xe!9zfS&h&HqyF#Xe!9rkeaKaxeA?8~F{Be^c(oK4Bv&$g9k!*e9&Wh8O#UO|;>~ zK4E?vUhES#+lCkWgw?U1pv}KUKZt$8w%hPg_#}J1pZ_GEf3Z(k)g3hdD$hr;Pgt`J zFZKzG+wfwau$*Z$o@ccA`A9x~u}@gk?0e;2>=RabC*{|#56^pzrb_$%wc-2eVxO?R zW`D8Vi+#e1{ighv%e~kqY!mxsTD@PEd$CX0m~T>kmFJ7tC#=+l7yE=wv*E=)VFC7N zrPRa4QGdNQ%%|8Vtcm@O0qk#**DLl3EBhAJtNYn=RaM!;5{wrm9_A1v`VxO>t4KMZy zEBG#*FO~IN>=PES;l(~-tv0;aC+skLmGw&O6Lx~V{`%EpdcGLe6R}TN=Wi=uQESkpRgr1yx1qK-G&$Yg!Qu5=O?>E`uZ;R39G!D>UHxAmn+ZY4ePVpi|>!z zYx4h+d$CX0k{^=4Q#)V#Uzd(Y>=PDeU#I!^lv|6SO@#@GS7dHODl)iC+su!4GLcD6Bb%TG=)ot=K25jlJHVg>o_A31&_6f^tpz*8pkJu+{ zI(wD=5&MK4VXybkCewTx`bX>&Hl>lqqx&=2}I* zPCLK*=Sl$HRad)=ihQK_6b}43-T)cBlZc~Z^Mgy!Ul)c^NW4L zCb3uPAF)qZ9eeyS_4t4575}|hf5bjv+t{o0kJu-yod6*`-Dw=mh%5Ci^o5BZ~Ax)`NckAqc)NM z*M;nFGI?YFqiOPXl7Cto&rNSi^NW4LcClCKH?dFHXEwapCv4m+G#-`wVxO=D>{a?r z>=PDYuhMT~pRo7YH)!+2QGb7cKNkHd_6e(Lr}6up^bf8Truj6?zt|_Ny~E^p$-USo zEa$i6^?o~L@`ip8`-BD9>;0CsPkMgEK4GWX-=_83P?I-|U+fcBx|hbYj_1L3t;rk4 zBlZb9%zmTh%jI6|6SnkCQ~rD9UhES#Vjp=u|1!B3`-H{Vzod=l8Mznxge`oF@~iY` zYM(G0UhETg!iE?7gpKZ`@hJ6wDb_3YO8pPNhP_h%!{@(E<2h##O{nXrX+9186M^@{ zO@7#0>HTT&arlDw$m{(-#pDhB=DY>}Uz@%DdObt##Xez4_77|QKiA|9;|ahoexJsp z_y2N}H;hN@6E^&>;e>080Uhc&{VcvwvKOy&GpRhw_zg_OdK4D8fr2Hz+UmtwC z4KMZy>$Tw{@ZMuI9+l^>*e7f@dzI&}6K~SBvR8Tjdf^K`qVX)cg8TDR(|j8HAAZB& zNhzrN8xExRo56?S^Tv>WhtfM-|MQ1*Z|Kh${0a6CY5sA!7q?~zUTez#g4}yh>ZBr* ze@pKD@VVES{Ks-1f;Uoqw1DfeQZuy`?f{XTJ@$-USoY{Yo-KXG!s`Tr>Q&dCnPjEN?HQtrL*heXkM==sloH+}qu@dQNv$>blQ;W%8Q zMFogdJx;R3X3E zC#;YCRSI706Xuyh<59^k_6ZxuUi$qJKCYNgu}@ev`|A|OBlZbf&Hj1?FZK!B!(L^5 z7W;%bZl`)LRmd;)2^-E{W&C2FuyXb);}`pcEn(lFFdnf_n5&$|uaaNv6INowi+#f8 zvsZb(h<(ChHu8&o!g_6Zu}@gx*Qs8W=a<+gY{XRc^DFiVD`v0qd=dMERkK%_AF)qZ z)P@)Pgt@*!<5%f7u}|1|_6rsIN9+@})kc1?PuNi#`NckAl@&DpW#`g>T(eE=X9>H%=PDd zze+p5+vQ&D6E>=r^6T$E?~!}4PuTMBli#f6|C`*4eZt1hBd^jwVxO>iHhc_zvkfoy z2|LDKrGLaeVYxq`@vHQYAATBpmHr9AA7EkzyN9+?e zb_scv{t^3x&9mXfK4F_}c(G5|G4^A%dO7OX=Z5i%eZq1dpz*8pkJu+{8he%g5&MK4 zW-smyA|9^0P4j8!AF)qZ(<&N|?yr46ef|wz>=WjDnmj%=^>F?7uj$@Uuh=K7nZ3R~ zTyR9{#XeyZH&FgpwSM@b+>3p}9O8>YJo2=!@4hPcVxO?QjpScWeHP|tf!vFI!Va4K zD!CW?ge`xL@~iZx*e5Jz!;5{w9Glehi+#dM*sJuX*e7frdzJna`-E*`uhO4lpRl6m zY5ZHX*T*BK`84#K*eC4$E#xN+r4#1b{y}>G7`)gg%=0?=*Ux8vXF}@5K4Hf?O@6_L zQZM!i+tfu~@BdZD(!H_&;rrO@>*v#QFZKyr`DeXCvMlDnxl=pRlI) z$WPS#0h2e3N9+@J@Gs=Qtv$bnek2{g*e9&;uO?q6_hO&0Wk<-rOw;dhEtY$+PguzZ zS-DUXJ?f3x6#7LF^M&n4t0Kuct%0)6cKr`6BiS+w-BxkCJ<_PgwOw3p}4w?O9axeA?D?e_^|FqnTeZqFJ zS2@38pRkkc$7}U+?C*SueZoe6Oyf~Gzha-TDEpJz^ZixR_zmY*>=Ty#Ipxn+7*A@S zuoL9<{O`!~i+#evpOBAh`9CyyLqCXp!fH;D|EcCV_BTIbpRi->yA{0HCv5+xlz*${ z`{d&h`-Ck{l7CR^=ga<{{(LcvU+fc>b(;KhTK+raUhEULnSGX)f1b%3&X?FHtnJ^F zU%#K^Lndz+kJu-yv)AO;%e~kqtmi)_|7*Dy`-By8|6Hck%dx-nCH4s`W3Tdj5&MKK zVvnUd^>A6_7yE=AWIt5Fi+#cp?5|PqVxO>_KAInu=dai&Yzq5rviyegCH4vHW3Tdj z7yE>T{!8Qe=sY@r>xk)m8Tv=;6IMHDati8x?eX+}Hh8g5nEyiZ`t^+e<8*Hrzo#1O zIr}=T-hkZu;q!-5{%u$Lo<3p}rsk6uU+Rg6 z)%qaz3ERM4W&KIQ$Ju{E=`Hh%eZux!PUBHof5bjvUF@$?$S?K@bBv_?*C}|hPuN)Y z*DH9jPuOhsD(jm&fS(6of2l%#u}|1e_6-U?2tV-(s#j(FVxO>uHhdg@GkcZ(ao&Ub zJF!=pe=mHIhsM89q22)eCiYtf(kHmC{>PlupS1PC@ca$KPrrup>;6x2AA@&}C9kjN z51mNQZ+N~Z;Vaqe>-l4H@0pGNzt4W@03QFdaxeA?nJ^{aI9QhK>bL{VW#*LZVZo~WFPucK6_%UCh@u;j<5%_BMD$n0I z{95)63iXP8!aT(^p63SAC%C@#Ph`QPpZ*m4gmq3Z`EyT7z1Sx#cq@5)Ya;b<{mSGG z{VDbdi?P@H^9{Kd`-GKDqWt>4)PInBu}|2($>jC^{6y|O_hS7lGx;H(%t;lZ&5vRH zVxO?A+sNzvd5zqM;7_qv=})mw*qAAlU&SZj=i2aMpRkSWRr*ux6V}CEr9Z_!VMA}H z@i%Dwz)|lv{#d-f5rJ=Ef8QYb2iHTU`82Gbad_9AlwbG7r{<(SQ#)S<@4OHFIfK03 zpC6mN;rx2xW9;AHak@U2`vCm%?@)gI>&^2&O&^aTe;7XdyW}6x*4qNPkHN2;NnY>g z+vGk8Kl(26`t{^&lQ+zdrxxenZt{b)@vJv_!}$I1ZL>^%o7{)squ(?6J#rs~Zx4`H z>CXiG3HB=e>Ha=`zVRN)-=Ljej{Wtg4}L5AJ1!vT8lIe!`cpss7KG2bpYrSe*?&oW z1m3@dyxyNh|4#RY`H#a#*z4;3t%$s77J2A|tN`St$%hshh}Ckdaw+~f!J&Ph982JiU+`r%=dzgX`5 z@I@=gtMq3GeinO`{*1!6uy5eLbaCvjKNIktM`%3y&l}up8oyya-Sct1*JSdS{AW(u z{206szJ3jP{rdB_CU2O}pvcc&|Nh7yv77j|9rxSavz6}HIv_}%}>^6>Ekzy z$N597|4)!tc|G;QZ?)kA@I5ws7`|XFjYp+_V(>HAtMpG2KFq#Bn;(n*@hrglu#U!~ z_s<=s`84!{AAWDE$)A<`5PWbWdA)yr`T3l*elwh}sL0QLl{WrY*L?#-t!~8KfIUne_wmO`&91z@QdFh{}avUIPg^m9$LMI@r2+%+ecod zf1>c?-ct7o_ysn+8*gfCVXx9ZKKLW-Rr)6gKfII1-=Li@j{5xY$D)5C@DcWHgXkYz zwWj$rtUq!1ia6!h{oMo7=ilI+|AY7E-y^U0&-AQxZ#Z9G_=>~i_5PVH_W}65?DhUx zDEDFbaqm-p{r^+^LhfVmOa4k;rGJv}?KZpzMfTe8et7Q@8jniGrr1yit`{2Dj+ImtW_i^~0C&+Kq=4YAQI~U>orGJuF=^rnAiwz%u@3P^;@a~f| z9+m!y!B1lUWvyP0`uy|9Vm(R12icET@SdNbAJ{i2ct3pcCp7-)=g=p({$QGaL;r-} zS0+uq>fH4HG59Ea;@{-;e*4hm4eM1xjHj18o(idl>tAy3uE+H)`zo#9&K;OO9z%W~ zeD-IQU!{M7@MSi91U_WL$KgBJ>+?U&G=9T;I)94o;Le!l|2?_)!q*NcOU-@b9v3(CX#b z-}>Wx5Z6CrX*_!_Bj{RY8o#06yzrx@n*5KykUpOVAAs+AL z;KOGBsoV$Q2mYAyEA>BoF?*%{hhM;6ssESZ>tFU?IET;gweFg<^JVB~FMRe-Y5cnX zk=zI1^Olg;`~MY_H}*gLeD-h9a2&3;md@hgwJ(D+#KMB8U8TlHmKWAQC zlUA=`JRVHqsO9AK{&`sL{qW6Z|Cro|;0Hf!%Kx<7N8#()tMpF-ehYh*{&6qI|7T>6 zPfa~s9Q#{8eem;F(D<*{=JPM6@f+qp2p@UGs%Gi>s4xlh2)ZziwzkL!{e zS^u~n5#K)|ulG-`-2325o*-YNy`C1BykY!7_{ci)>$Lv4)#MH9PXxZSg?yIw{F){A zarlW(lHaK1e_ZaJjd;GZe@XLEx%a}aT~GN{`Z)mqt_>fCANrJf{uumJ_A33HgkQp5 zrJp@NN58RG>1RK@ua(B%H<%{W^{Ht-4gC;;FMYw}FSxWO^_klGX7Ew?lI`U6e!gmW zx;OMs0=|j8-p^l=d-qEG{LHT@zyAM;Cd<7Ke!~v(&uje?kozEf`ESU-srd)xJ_0{% zCwcw(@{HWa;kU8BRC~U3$i4GX{5;z$lwYNvz3{GfbsvED+3;cbCG1uDIR?Lty-GhP z;d|Jt^s}c4@0Y$x^&Y>F`}xYtYGnQChoAX-lm9eN>O=5lACTAk`SlU$-q6oc_!jnh zKffdQ33&HW%KwSh4*w3$J_uiZjC@S< zwQ?VU_k2WN@Bc=*kHdGcKdI$^UhbW%aXr&b`Cr!jALQN(Kl|_GRh};a_zgCE82)`5 zJ_bMhIE`nlHhzx!^{SzNlJMp1Rh}=NU*P=^_A1X8KYY%|G#>r^=aKm}sUh{Vo`>LP zpD_6s+k>j<=zLM_>}Ui^g|Fn zKdJ5`@KrW^9KMuJ;Y4X>xp$MF8)e`q|qzh-2O?0k9Q`~FK_pZ}Ll-Z1|G z_=+>+@zhK`T)&n3F#J*W`uB_fDEBdu-*H%$9j?}ZPs zpQH7|D{>!z@41-re^v8cavz2-xP*LbYE-!1I_JvtdJW@`!S7|S(r-z4XD;Pe@t!Ae zeQv}1;p^F}^jipi3wxD*i^6xaSLwF|{QOI)-iARmp{@$kd>YmV_gcK4pKtP4jY^+? zgZIHNDIl-++ZmHLoUb5!oV~st4!J5lzrjb~XJ1YE_4ROs+{Z=!(d3`g`sb^1@5Dt_ z{WawE_meB--V1-Iko*EIf3w^N;LE>k@)5ZY!|yWtt#TiOFB(JnRr)OnKa2f%ZTuYj zUH@Bfz0F>w-~8~NYiT_C^-qs!{D%Gs!7mzX@;@p_?+1gA!XLPS{Qvcv$s777A;vR~ z{Qvda)#>>S-uMtZBr<}NTzTPs;r=j0`@P*>0&UiFvzMv?*e+)hdA6-UX@6U(E zrh7xbMc`cxvFnPm#2H+}By zxevo1VIS7!|8H_1gAZ<@@#wD?1HO_ze#3Z@@HsD%*IzG2$h~J1dUz}Om#Li{t}?mz z!*6G=(hni{Q#O1Qe#}cW9+mtF__^#=)(7|V_HK^1r0{w@uzqZy5f>F7hhpHwHiYHFckapKZf?UcmP+*sJu9A3n}r zrGG;3Lpo^uD*Y3MZ)ShbIn-#bF*i#4Apw8p4a%?k)pGA{!~fa)9eKTfPMf@;e|+#e z*z5f>aD4iB3_b{7w3qVF*7{+X+(+Qoyh(nP=C7CgIDGp)@+$q~{3YJ+vf;h(-nZ2A z2jJ(kSLvTH{08A8dA)yz%Y78Sj(vmH52NKiA@YAn`LEG@ncTZy#P$3!@@S>h z!*#FR`{29StMpqC-u)5fSMd?}3L8ES-^gC2-<(_Vej|I8e)GcjvRCQ10Q{0}syCwb z+YZxw8u}*;?@5~c=M&QV$KYe|d(V>B`)xvLx;OM&5v+(ty^A>5n3Ha=R zCZ8ks?rr%0%VwV^_dfWO>{a?L2tRTVjYp;5BJfr0Rr)OspI|>un;(w-U5`0`g`XdA z(Rft67ruhM%JVk>-)O^!;rH6`F?i>BH2%A^dMoAUD+wQ9uTrlkihi@<{qP6atISUb zK6@~YU&Tk^%WU`re2Be1KQ;3CapQ}e1p6J@eAdam55DDm8o%yW$bAsrpH2P;TK*Qf zkHE*wev{nC;k_4_@<-*~xgGC!vB$R#QV&;$+V;&-t%j`AH{yY!ub90o-fe+sQ3_knEibU`J?cT9Llfa6aP!u z{lH08m-_=>X~Yp%MH&@pCBzBWbv4A1OgADLk#HqlM?%~bX;M=14^2e05#fj%q9J$k zqOE2$dAE(oZ1NHz5l&t%ZKQiAGA@yMC$4!nE^;R`L;8K5d7g8A$K!s#=lRa-g$wJO zXP@W${hmK_&Tt<1h2k~)&jc26&B3SPyH4VKG}~_uev^YQQa%p80zYvS=kus{{C(cM zo?}18zrTAYd(HYx!M`Z}B*lDX;SV{)FTlqVoR21c8U7UUQTeBkZwL9kY7)eMjFP`)d6iCjGtE%{b3Jjq~#VUS`@`&pSeYkGAJ5{$BUH`R{cPlb`p4 z(BBK}FADG@$A|njvoFK1ONRWf%)SOc?kx6E<3;%=e}d=jI`|BH+QH}HXFK>3`~nAG zgEfRvCW5d7OV*=H0d)YVaEzeDbGwepRdWEX?_#iF#Zlc4ZlRZ zW_)t+B?n)GKj`2q@U7=_y*D)QE1ouwPwZ!SeEN^Q@kyM|M-}l4 z@N*n|8NOHi@4WaKbGQT{KypNqlsUFZx_GVtJgAL zRru`=KJg4b?{FdKbH5k=cJp|q;hz<+$v+1_Y_h)IBK#BwUx8mLUNgV3GS-$}1pN4N}V?Wl5Z<((g z{8;f`(VR~Oevf$n`pRF-KK5_;_a7hN{C$5^`mN_1fqYW%o5TKi zv(Lh}PT}}p8pZ|3&o=u4{D!F^|8cV~Q~VFJA2>?lKVbGX_#^3%f6VNYJ8(U3ddPp@ z>@)D|XR!CT_pN51hj0G~`*zcMknhv^NeOE`$q_{Lcr|DU{i&o%qlPTbG` zXvoht`xJcYD)wi2@xNsDS@_P5kiXyT3-I}?L;ex7FT-!hu-A-d4SuVGPyPbyU;GMh z{5P2M$-rl>;e7Jm`1G579{z>dAzw555`5Kjz?L&td(Dztr0vV{zV60gKwJ8`D^x9$>;HYM7)3eeaJk&8TfVLHRF?q z-{;^<@X1f;*H0CGo`X*e;C`lqPs6_;UNfFK_*caH?`og zKN<47%|7-YINsgF{wv=4|39-&!B4(9;Xf81rp<8=Xk<^qoIpKqLM_GS2f z@tXZx4Sv|CIKIXwE4UsaUbFpX;ByW>5C4RNFToFr_xHE&GmlRdzWo-i_g-)PTxRwO zyy<=6){wu|?9=esPqW9R<@ziBRkP2*kH0PCA2a(R{EK1#1GBHdKYBaI|F~E0cC(M| z#=i%;gMEvazkK!g|AF@}DfkI@ve#_yS@??_d;xx@gD=B(I`|s=Z4N&98|+WSAN0oO zpm{tq@OLcY@$vnz8OH5B4?piS>~HttC(OPC|6JIQGy5w1)LbZjtJx=B!1gHq2``_E z%svf2@3S1g#q;uYsP&VBUnO3%ev0rt;!iTgm+!aYYXyFzgOB|d`)7xIQt$%~J_}zJ z@6Ye$=J71RXBLO%>pHV9!Ue{@l5W)^`dY-x0>_Gz~A<{Q2w7Y`#k)< zu)k|)-z51Swe-q{qn3<3wjtg;wf?QfW8!PDuS?<&^y|tc{PR=w|B3&2*J0$(WZLm7 zuW&iIP2#-q8Y*57+zxTxadIe!%g+t5&vSk@HwZU1!Ue{ood#rtKOhbD5uxpYYVDFZ zH{$p7iu0GZjSKke(QluMWNbXnb<;W52-l`qy8+VfID%>0Kee(d;Ymw|z0>pEmm#t|_lu#{OGg{_-`v z{wV(xeA}1wJ`4Y%cyGPh=BohTw4CE>d>MX@gRj9C#B0`D@*U`B>fkf*n;d)|ey4*k z!S8kORrmwqzw6C!zj-|*VmMxYna6*!=Pm0Y4L{)EbMWyM`uQ!wryV>!!)m#Mj~$JF z?<3xSKd{d{J}LO7yEy-XVtlgjPdNAjd^*qZS1RI{;dhGHY%ewV;dkrDKRF!t3mtq0 zewldx{rLg&c;?|>7N1tsTY_(0$@y!175)zKn(;{-gZJ|eo}NMRvV+gTC-33>HT$0; z{ABSrd*gG&Jf0Q!$Hd?1`4c{3eE$%`&UjQe=i~daW}kx3i}&+6&+N1CgW_AfeB`Tt zdv&o=wyvAF)YDl|Ux%{~LaC+ruQeICC3 z-cY?O%)SJ_CG77v`zn0v>QMZL%|0;#`+xEN{622>Y53TE9KS^|zd87c;x)&YBK%Db zz5?GPUbDT&j>GjD2cLpZ+&{BksV06F{z~!w@#QJ=coyKF5dSgLc*^(be5?!~|0?IB z@iq8);x+jv8!?^^J_G-PgU`b!)^PsxUWs1uXU*eNg6|fu*?(3kfAJsZ@YeSWiR1D4 zR|lVlpYs6c@89p=ZO%UjzjkfN|IzG=@csW3@-?%szz_dgXguFBb3wgy?|p1we;Ydi zpZ5~48P62_YVi*%#xn~);X%$v;|uWH#B0`P8UC$u(zdtSc!$6xt#E50U1qFx7|hTkM!GoCs4nu9OG zPkcx}UlsU;;&1ZmJ<~isF~@LL>w5&m@tUx80O!u783#`DAG`HCg5{fb}j`K!%71wZ#uj_>=d*=OMo zi@)8A|5>vyz%Tp;$M^l0&Atr3H|*~-`x<=vV;p~nm(N3HpFA1+#BZ|Kte*`01P7mo zzes$Gmydk)*S{REo8e@^0SJASQGxEx%+IB$LXc?IJ2;P>(MJWe)O zhD$5lAl!0s{ql4CpDW`*bH!tV}5z(iSox*e9hojr-RSK z_lWn;Q%a%jED*nh-;etj&S$iI--saFV82ERjgPo|LH#d!;~(%9_&uB0 zUr%KuIn!ruh}osb^UG!PuKMy7Jsi-?>Xl2q3ik+ zHgmnczr^h6y8e^mHTlzZ{j!6n>-xLJpYP=_Ux%76x~?DpiGIH5x_+B@O?yOyN^}ebYAG)r8SiI)GA6?f!-zh}Yqnpyu0Lk0em&52{aNBQ<4M=`r~Z`VYsQnV>(3Rh8Be;dze2obJn6dr zZU;}-^;@=a{;KtV431yo7xVO5=a;VQ4>-i9>-w>uaXwM;1IK6U=McIi-gL<~yx&OT z`|bF(UEy+Y@$H-+E(!3cQ|IFP{9F;?ePW?9Vygmo1LY;~rBuI*%LwY;-(2k1LA9lH%78`IX@M#Eru>r21@N5Eb;o`UQ*Oc$LAJ_XREgf$F=6)N7tK%>kwzFcOhK2I9nYBxHlAa zY=P^Oc(yv|_}u$qbRCT`>}SN;>PW%G{}4SNop7Um&Ca&|@^CE@&sN6!9Ov zhd5guhvB-#+2$jO<5`QMj&`^{iD#=L2iN;w(RK8|4T!VVLC5EKHF`b<;if6-NYL?2 z;@RqGgKPd{bRAi^4so_RR>O6Rv&{z`pXVy-*bCPu@oaU(aJ=l@A6-W)9f!r)>d3&w z|2ujY)4XEfUXGM?YNi%h7ez;5x+F>S)4AXSX=pe5B!4De71V*C+98bO>j`Dn!b>Gg^_QgAI2&sIk#T=V}#*FpE)JH*-Q*Z|ip&Nd$v zxXp?>4#V|HJX;;f5txs`=sMcr2E^Iw$ic<`%<*h>^iVuS9c8!{iD#>05U%+E|J;`F zc|_p+C4u|W9pY?tw83?Yv(-WO-Ct4Eu^O&V;@Rpb!S()cbRB!)2E^Iwh&5t94stwO z9j$P~cC)h`&*{EKX5v(-_8i~lWpKK8<`Rn$TE-CHD{ zt&Uc><~O42$iQ`ov(?cB*DcOAA4Rx6MIHU*B%ZAfy6@im_vkvBa4}^-oUM*DT>NnK zd@O|9uBf8`*CO$3b!>raelxlby6@g0&Q?bw?pJqzDsU|l&sN7_xaMP{>qz3JREIcQ9qn-4;%xJggL_y} zM-N<|#Iw~=hU*;>UB@8YfH+$ni7}Xu*iD#>0HC%IJbR8wQ4so_R z_QG|Gv&~2BUARx8sG}9GPvY6?$iVd;A6-Wm+<-V+9YwhK3DNV>5BHLyjv8Ex#Ix1W zgqwrSCq~zihU*Y#t79Qtw>aB;6yV-a)UgGwPvY6?sKWJ*jIN{cbj*i1TOBF5_({?8 z(Fr%|h3NB=JY0*!doz6e4cvd*0M|S!x{eB5hd5guhvB-#+2$jOhherT>S%}SlX$i| za&W!xjIN^xZa|!^jxt<45j`J+aMKiZB;JjBC7!L0Hn`@KqwC1Rb%?Xou^O&hoNYcz zaB~%P?1k%-c(yuX<1inmMAy*@Hz3YdM+Po_YV>?`!7WnMQG{!ec(ywF;hINB*HMG( z5NE5S36sz*&Nd%u{LfX2Iu^q9NjzH}1-RbRqU+cKHz3YdM-?tUCVD;^$K(EoqK*_? zi^Q|l(Fxc5uIM`Qa2?`ob!>p^7Kf7fHN@uyDsY<>bsUE4lX$i|l4oK*nxgAyhZ_)Q zt0M;&KRtRrdMKWvjxt<}#Iw~g2-iF|x{d_i>~)B<)zJpmEzUL{S-4jeb*zT#lX$i| zN^rgJj;>=b+<-V+9kKUdKE_4QM=RX0-$ozLGjJ^u&sIklT=N;xbrj(`#M$cThwBz+ zn~xgY7)2dT6EGhV&sIkou6KNN9Sh+G#M$a7z{Ssuo{ueXlN5DS;aVh~t&YaCFdxb2 zI#O^Q;%s$v!gY(Y%|{+?rlO7waD5WbR!0S{_dU^d9EKYZXR9OGjQN-lJs<6G^A&aE z;94Y}t&SeJ=Ch*fD8qG#v(+&O*DcOAABnSZ|3gtn8(g2nv(=G>>urv%V>R4>I9nYh zxcJ%8^RX9ht)h+?F4ne4JX;;DaLp~zb!6Z=#M$cTg6kG%n~x$~pQ4U_auUy0M-8s` zoaj25&cS?$v(=G?i??z-TOAAGwkzr=z_my`TOC{An$P8*i;~`YJ{0&oLlv$=oUM+= zR?LSuTOBF5J&HOy;rb+=t&Tig?|IR6Y=9dOXRD(E7k@9uv(<4J?vSF6$ z9jXn+3G06jo34@KL5C+`POwHf5fR!!ysIr#Ix0rI1lr2esmpe za0B9Ob!6e0FI@8l(RIY$i}?^|tD_aJTbyk^GH@3w>ga;& zlX$i|ig3ND=sNo02E^IwsKLcAjGm9Ci5M3}9cj20iD#>0Azbt1=sF7YbH&-}*aFur z&Nd%axLXu;G@g(7ka)H_QgFTRi>{*+Za|!^jyzoaqUib90JlO>M+L4$;@Rpr4A=br z=sJ>L*7Mb}Y+>kwzFV=r8{INN;0Qn>%2sG}9GPvY6?$iVe}Ai9n&xB+pt zI*M@dDbe%M5BHLyjv8Ex#Ix1Wgru537+psiu0x!yj)nN2-QsNXQGk0xQO6dzK8a_m zqYBqMHM)+*$(Rpu_$&Mx;`&+&F8-nD`RIfj^`Ft_C3(0OiD#>016=d8=sGHJ9pY?t z9ER%_XPb}Y`;ecaj&`^{iD#=L2iN=I=sJ4f2E^IwD8t3m(ep6~H%(DT;v&>5@oaUp z!8KnRT}KwKL!7OS)o|V7Z1Yiqo2#f}FI=C*v(*uMKjve4bRDg51LACTWZ>eLMbAeU z+#*FCMYtA;XRD(hu6agu9W}TPake^|F2;O_v&}~uZk3{rg>Zcm&sIkPuJqf z5NE5S3KyRlJs*vi;QoiAjuc#r#Ix1W3D@2M;flTBf5@-a0B9O zbrj&@S4Yps7Pv`@I;wCj63T_w>#)T;3^!fjk{`nT0EKIZ+o*6kxR(^J2kw;F(RGyJW-8nu+%knrOvC$H zg=>S`uW(toF&~SrV>R3?g)70WP`JHtPbpmN!`MG7Tr1qzIni}w;5rnp3vQ*t72!53 zTtD0ag{#4hzc#v#rgTHYY=uk1tx~v!a9b6w0Cz~?w!lr88(l{gZmz;LUfR%bzrv;9 zwkupG+-nM#hikbmx{eKS*DG8FZmq%{hI>}wlGAZLLgCus&g+b>BL_EM;di_O6GafNGzdsN{v za03e01vmVL=sJpU7b{#p+-(Y1gIlj~O&`JYf)p+dH)39N9Sh;6C|m(x5gZaCx{sh1&qPPvI(Xqvl7~aTsp8!qG==mMR>*_1&m& zIk=Y;t_SXvPvAdz+0J9jATt$i5N?^mCE9WRr*Lg>`xPz=Hzpfh$7;A)3Ri+#p>TWQ zo>I8j6*&J>xK_BapNy^}1J|K&U2rQEt_ZhT;rihYC|nJ0{7unyG|j^KpTec#Rw>*< zxUC9TfIFmcTi_<#99>5hZmz;LeiY|_3YUW0u5g`juPIy}u4O@V9UI`TSGWq?T7^3d z_pHJtuf+ME!nMPl_o?VQa&Yq%t_SWxg)77DRJcL7BMO(e3g>^fMAy*X|8t^l`4;kLj%u5eYjJqp*D!TH~9(RHNYrYT$}++u~x!}TfL z2Dp6+SAiRKdvqO#;ifBG@*14~DO@|;Mup44y`*qGaHrf6T}K&iros)vEmOF}Y@Gio zTpQeeh0DT?xih+s)o`;Et^~J2;r7BkrEsy2;rvhGTH(enimoFA*P(D-a4QwA2)9|` z`r!^JTn%pgXQJz9nuGH{g-gS&Qn-b1TNSPVcSzy3z)hexQxWfvs&I1^uJKx&|0!Gw zZo9&D!o8+&dAON!ALrzHHTX~H{zsF1AN@A0eH2f|Kjh%E@SQR~H+%W~Ff^X>?+R!=6yVF^AMw0=9cp~a@bk+uo(fOTX?{?=CVuiA z=r{CpeSGSput0o^DW5>SdHA*BWjR>a5A{*lA^vPreEB|&Cq1Y6ka%30s=sXOArV90 zg=h8kQXhpo9DEMGDBkZ6{)~A&P#=ZZ34!FZ<6b@}WKoFZ_=ECWWWx zG_UzRd(Hm50^jf8W7rwQU)0B^{>W+Zqj)&2+gBETj(C54{wOq_f$fE!)4b{roR4OG zmf_cnf56Mf8?xq&3d5z$d5Vr#0d22a`0*R(JyoU{`~&gJpMWOnSavHZxMdJ zcz^$M^c4&0Lo&p8R^a!D*UWG1I9&I7h4az)6nu;L@8j4?FWY=&;rINR<7?)t0DsB> zy)VOeIQSa;8u9*oy~jMB$ws^{`CraQvpv#tn)itJ=j#LJ_<8t_gB)Ko{?s3Nse`Y= zuNQxbH(ytT@(J$$kH__(|Kof#^F_~T9#hkM>W@6z!BcYj~$j|;o zKVQ@zd7pTHzJ6woPtR$d{hEHhs6X;D2Va1HTs-X?>)Y4!p?m`KMg5Um>Ro~w8cxEo zzU~j1eGR^CczfO5j`sp}&tKm5{q_45@=;Cj3G2fX$3h&ev>M_xi7=De@BI0Dp?re-fB4y_>Bpb?Bd>Mv)E{}5gQxz;jbk_;f4<@$HSV9O zKk}4!>F0}{(>z{R^Q67l|gO*M~a3V!7o`uWPjKPtXY#w9+-9G{-kJYzh^_x%F1 zFT)=S`xRzigYP+$uS`x5+%t?b{g$fpWF=3MrZz5V}B&G8dBX}I#e>?@xCL&yilCk>yR#QqsCpYyLW z)=ST6emU$fGy5X^h6_URKW_FF_&ZYU{q=m8*~iA<{n3T&F;w+eT)qyq{ifhIi}#Ng zUpL36=QOuZ=J=ZZPXRvX;LGqm;?MT3*L^pXPhh@k@Xubt`Dl*s$#>!Wgg%srm&Vg` znx{DUJbagUf4(m4Fs`2x{KgOH=c@|;toS7|ukkC)@e@tRe~Ny-=sC?dIrtp>{o-%% z_CJ!Bzup4#RfIo~){lP$zU5NAkDZSE9Xvg!xhUSBuTPuDGYh|ax_-V2@CU^E^L4j5 zewp&WOg~>W`1>6^J*W98@l#F5_rQE*;9r}mAOAf3q|5cb1b>@@uflH-@6Xq_&ErYW zY2MeapRY9hYvTR+dfFU62Y=fY`uQrtKj`2q@LR>7;2lrH+n4;g6<=fHaKB&{=aZA~ zTlfF)Q$Nc7pvecWM`htB;^PJM`iz&)FGJ%KSU&~$;#KUw>G^$TUxuH4HT$vN`-Q)n zeGNYQG4?<3;x}FW*8OcDpX3?19(yhOhh$*l7n*$r{)rpe@AZyH17@FxUwt$C_1^Y% z$m~n-=iSQwI&c4ZbjFxJJ*Roqo$RkY3X_0W{A*^P7>|3#i`cg@w_blp!;kxn-sj*u z9efdfop^uy-4V(^u-@o7%{z0PkLG+Pb|yYIC*I$FUo^*0!O#6H$A4TgK3VvN#d=?W ze_Z_O-g-V5$|tZs={e2ir5t}ikxvc&!7s3%=dB0%d;alP{@jYM$t3n~UF`2x_zZm4 zGWM$!J`X>9Is5&J{OLK(gW|7=@n48fxyHQy;iuir@$XW^PrL``OX9D4hs2k^H`Mr~ z;m3c4<2QTPtHVApUpe@hYuT^BdsTYHZ!+gk&uQ-OWxv{#Pau8;e$EE=FAbCUzcI&; zO~B``zR!Lpt`*QLK4|tS_>{F;L=!%zByK7I}U zHu1QW$ob3Hq2@P-7sdPgw?{(b8Q8y-;CH{o^=kHSRrmwq{r%gI z%<&V=IG_A4j*q_@IX-Fl`yG4^{weYIcJ7|q0erv?vK|ffALck z%DoR4O{((o^d z_vh=c=J+}Ix$oron(;5fuW;}c_&)JZ9>Wt8m-+FJ?}6hBJ*TgYRmjgy(&W$5ub&+J!e;$?D8lzT zczRBA)xpOmVgGYB=i|@sN6q7(g70Wyuh~Cj;cpTDfVX|!Y>r=mKP>)(o|muw_A7s; z?UA0-+;$G@{eIEYBHue*a z=Y-<>&7PjqJbWhm6BYSa;ZG6&rso%2YutVlsfLEc{_Jxkvmc&&$`L)?*pV);MfAJWq`pf21@QGQRzs6_b zXE=CzPIH&|R~7k`;cxpW=Yv~+k@?r)yTxnvpUKI%o+&<~h@XLvUCH@qJUyp*j(E*{ zmEc#2U#!Td3g2)Q=i~3+2F&X%@jhHn=wPqezop@4iuaFSubAW0bDFn{|Dq!QBK*{= zIUkL$z;6}*{YL%)@i#*G1ol_4i?F@i&GAoGxr+NL2?B|>*`F#4i zx9)!e`4r&a$g|g+FO}gZOa2;PgJ0y}lkdkdM!dg%z7@(p@P3D$)BM^>&VRIGJoE4; z+{1o}=YL|3UxHsLew*jz>rnf{D*W_rj<4~Fi*bDU3j0SC@##6uMe$P=>mdhUUB&UY zE8-X7AHSFVcRtL2A^wZd_ypEZ1^&ukvDd7J*d@6C;^65y%{v@?7C!bI=i{%R{WrXI z{Rh@h0e^1AB3_nY}zkZIGn zr+KdU|Mkvqr-$+hY+ot(nZMW1R~CMygD=2uckpF+oWRvb#-Fd#Z#2#qJ*RonAN2E; z#G8tl;`_Yuzt9{%178!bIls!oH@(F9XnYAiE&kl2IidKap?m`KMbBwo^xqu+k+}G| zW}ldf^Yer3vFX%b^4Es^_YrCMb_bt>?{@G-__BC^ez%A659~iH@UOk9pWoPraQr>Q z-rpYgnB%A5SBlrnR~CMwgD=4E7XP@nJ-!mkCosSCoaU}K^z&7N-{jzv)3BZ$d}2yn&C;3gsV|UwTe+@`PFSz`uA$bo>hZ!IRiO@7*7lyoNeIjHR)^J%#-h zM@7d^!H*ox{^eoOJ`4Z)81`!vo}Sa(eLDLuN#3^cEW^jgvR|bbpBntyGuUhPZ^=vX z`FRJQfgdqmAD^DnJVU&{z4V9HLty__f?s+j#~-a2pDO%X@&5KwHOEg(NB&8UPlr}| z*~UK&Kf}S(bDCF*|2J9>}LJ=$1cP8IQSI& zE(cG~X>L55^YQ1mJ(Pc7ehctZTG(smw+ug9yg$ELbNm|RFa9Guz1I0n&cOY?b2uN3 z&%n_t*3PnB$k>9~OU>H@}wgtif-0@X5>Z95?ZMz3XXz z59JeB&l&hAGw;n=HDZi;BTAFeurYcRpBSkVXs*~ z^iS^=Ie7YL{zeB+AGI75@2{Udq45c%Gz2KMeb%as8CxH_v1LinkulGW!~QaX$OsD7F_mRCj%X z{T462W&6s2Ui3-!n)Q|k%{llI{1Xno3O^{`UvJli#wW1e5+B8SyP5OXthY4$Wbyub z`;0k$4t}F}&3Y@s?{@I?oaQ6qHRB(<5}*HE!1Zc;3VyMJ&%!?`{?o_E{_w8Q_yqQc z1^97ya6aE1Dc-W)=sC^(%h}%`E}pvSt=mgrerxcpUuN&mSK928S7Cb*ubHn5e7}Rw z!`Hq`ZWB^@3a48T=MBN`yBie|H@vo-sm~agATp|-@Hj5KXx@fUnlC8xv;T~oz{y|x|M!~$z63vYGEQ>w((FI0@Ldi*aUJfDIQTStO}sz9 z*;|d8myd#K}k5k7kr`$LNHsldvR~e%bb)Rru;0uJ<&BPuz&@UA$)hnTDTmEyu@Ojrz-$PY!;mgD=AG60e!B z3Vg#{&S$YApV)jn&rQ6)Km4qD{iNXguH*Qc<5w1byZ8sZeC{*HFTiIyIlgB6%kW(e zz6M_uzrT$Wia!#{C$K+EegfkdAV#WjvcIUj#Ld?A#7;CwX=f73VEYt};!ewldx`1nue_(k~F#B0_= z1%B*foR7xGK8erAiog9RSr0OALmiJ&@K1eHKVMn+Lk_+Gf8Kh1{4)GP@&0`M&^(?s z_(#8`pReRis8_td{rMh} zxry`nnm4~+zsRlo7rQi>MvXVY50xeHQR3v{uKvbgrD#e&L=8rxp5~u-qtt0z7j!Q0(ofk> zQ}{egpF{i-eB)M*f4dj|SD|$+->3JHRs8A_zrpkJH9Q{VY22D6{~s$n^+8H*<9yzw z@HzOY;%U9n%QT*W`LVBSiT6GZXI$4k3P;b>iVi}Th^ zcz$TSXnuAoTpL{DcFxZhFAFzI;a0<~5%+84QGX4w|0u!T^bG&p6D@8p++uNSEspwB z#mmukw8G7daDnw?-QHJA9RIlbpP}t5a2`b4`_`Xxewy>3Jp69){&DsH%<*Y^U+^r) z_x5+D?Zw;PdmKEir{~09b2Lvx{2jM1sQ=EJ-@tK|w)YABoX;%$o?fU%cvc#f}mpGtkt=8M;?XX<;*Q>d%Kz+|foXGwxMSSXeHc33~Tj*umzNqinN(WDU&-RGd%op`NYaGe> zYpyF$-?O}UfB*TkdHqn|v!_nt_?rDE^*!4q-hUtYYjb?+dp3O($JeYk>U*}-!BgL} zjpCbRqT+uHq8}*f#6)JA9FGd#AoEk*6Sv;K9?S=ZD z-R9s^@DGYV3S(QJukVHO3Cu6`JzLkz`FQ7r_!hssEXKP#Z^Gm&b`o#CiIK*Eu$EUt$nR7TkKH^Y+*~XLl zp7l9+>U-AE%JJhTO8hrM`2^;d`kuuvVc$%D7q9qU*~3GWMGFMt#p-ckn6r)C_%m>U(yFcz^xO4&@(MKLz;pAL00# z{R8zq+brHcf4}nvwo=WS>D0t;I}z=>U(xr zyuW_Zq5K2urviW8ot(dB{lred@j|?ReCagDPr+{$|1oborKWki{CHR+Duz%R|Gt9mUzv6E8_-*}V+rFsp*;?_c^$)+x!BgL}5i2<#O?>Km zHeLKD75Ufuo{9f~!c*U~dG~NW{`OS}jb~u{qP}NqyV+~DuPl6@cz^raV2)3H&&Gd+ z<7@WM)c0(rgQvb{i^R|I_Mclq`2@BX>U*|xHRq$5uMGU~`}Cgro=tP`)c0(;cz?c5 zT>RGUB`{yq_w330_47r2&vuIU=j$wUeCm5P?W_9vqP}OhIC$!NwpRQ--uC{!P(FeA zqP}Ni)^a|Y?Vb9bwTRcuFZDgU$-z_Kv-J+1`kuWg-k;w)L-hvcw+ugu{;>pJn(dML zp0$Yg=l3h-_|*4oy?D*`NPW+CI(X`Pc1ZjjT)UuG{2_Bb)c0)WLtO7w-u1?fW>0<3 zdLCx~jJLh-4EezNp}uGH9%Zjt57hUp$H7zIvlkpZ^*u{`gY&tUho>Pv;&aCBo%)_V zCO+eN`8w433H3dziGNk$sqfkT$2cGCTIw&`@s#?Wy)OPDg{Qt}6TivvFHm^udzKZi z$%p!$Ef%lIhx(pv6puqk{bj3{`krkQKS|;9@P{1or@m*g^*lc3E8mkG_iXXE*<-5fFWdU0zGwG~U*h>m=J?e2Z203GUo$?`_v}0e zPkqm3i|>-ech%JQtZ@^2)&3uThJ&ZR zXL$!teb2Uu_s<8O4AmPrAE3TxhknfYYt{qxJsYu^{R7^5*lCVWeb0KtYt{qxJu5qS z>U%aQ{yX0Km%N5Leo^1E2e)wk&v^Oo3FRMHKh*bZ?$i4DrM_nmI(X`PHsIi?@7c($ zoR2@h4NDf(OYyEB2IiOgo=y8Hd(He(-?O>m{rMejj!%8h2E}XUm-?P1wsAfhPkqnY z#NRTKC+uzetH69w-?PV`WFiP*K@7YWTPkqn2#ryO1 zA@g`r-?Po{)Xx|7JsS}3&)2o)_|*4oWU*|TyykdKeb3%-@YMHg@&%laCO-8&%Zc~b z+Y_Pj39L8jd-iyW<7@WkdHAj3AMnO=hdDm=J-hNkj*q2Xf5qkNQ0HUR_iTxSr@m*8 ziSHaP@m~n#6Iegg_w4W`oX@u;4_iLe_w2DY_L}uTeb1f{ubD6Edp79csqb0y2RI*1 zeCm6a74NTyH$&qSSP#_q?7=AvU8UxlCH;1lQJ{fKyf zelIkSe;WR&>70*desl1<#QXDmg*ko^e)?q`UvoXV0>8w;Q{S^b@oT;Ff$)6EpRsi6 zeb3rH!uf2F@7uO_>U;LG__G!93-F^Z=lFj*mVZF}`wMSJ6hszHT&d5+*g~={(C2im%4{q&(!zq**n=^C(brLdHC^**w0XS>U(yJ_=gm} z3LpCn$JgxN66fRkxr0x`cRBbR{3h|gH02+d-y;0V+*NhyZ;!Dq<$M{eb3g3Z+{05(A(BeV0@_WS@rXrk7hkk-?L>) z+5cFvJyPGZi@Mk^84;Zi^*wuHCHr}b{HgER$W`pOad_+bB=tRePW)KK`%UV5c3?Hf zzgyv{?^*7v?28Idea}X(Wl#T>gkEo(FaCD@dL#8cYbxmTp}uG9A7uZ6H(#xx^%+)CIY@5kqw<5S0e z_|*68wvFt^D)OPeXRE)@e!614QQxzHC)vMS;i>Q0p&zjyP~<~>&&vPG{(}lnea~V) zW>3dgdfCU*|Z{H+R4eb1(C=KPN+>ZQJCQ@619uixHb zUO&|LZ18FJ6HN0ZdD8e%-?LFaW3M^hQQxy!4xaj+t#a_x_iTrF|M>M#sNTT&e7*14 zcFupaV*IJ^*{EmOFY){j%<-x3*(&jx;}`Wkd(y#E-?Kg9hc$9S@t=kA3H0%%zGr)X zrJpbAdp7zxy{Eos83#{&&(?_d=WFs87t|~9uAcU*|c{50=+(T76$1lAArJ*)n&e*CHL z*|>vxPkqli9X$0tTPNP1uX{rI2exi~62Ts&PL4`QGxyUpYReqW-dtPZ7S?!B^n- ziy!p%&-`QF_8bg4U!uNe1AhoXG@Q8e9in)-?O#iACPg3Ut*3=eb18r;P{&Dm-?QyJ9z4QmJ|OCFCWYN zQs1*gLq}aKIErEXa&!LF_pIwE_Mh_n4Q5Y$&-M>vui1X7@7efw=sop4yWYW5-?JX^ ze^87M^*vh_<9z(}bCU;LY(d;$rhx(rF5by6FzHW|Beb1&2=lGiSLw(N{IC$!N zwnqG-VX_{+YtD!Io((%zKVQ`MY>I=YzGq7vJoP=>B;KE|KbrHWzGttD(9ak3JsWl$ zdw;&(G{>jDXG_Iv=8O8Ct#|N6_?_ZszeDEh_~mcizXkTs)c0)MiJZS&uC`tupuT4l z#cQ@->U*}(!BgL}UI$No&#L16`JEA}H*mbBzGtVLq@Q2vdv>09e}3ng<0og}ey;el z6#J75{4NKdhks4{-;R^{y(5%QV17&R2T$jE&+y(~|IzHL@S|GTe|xyZmpc6S7lHWH z_iWQd_L}uTea~tRp8B3mJYOH5`kpNm@2`iWRxGHOFvRU;L+B#y7yKU3ecr^Nf~ z;WTr6>U(zH1ss2&jAJ}Jp7LipzoNcp4?B43dp119@t^g!_p?L!1m=tSp7pd(@^*tMRGw1Km@B8mE?%$~IS;qqX{8HbuTg3bGdzCpp z^*wt@yk>sW@FPB@Uk}vxY?Ao1W4uAeZw%!VnBO9N=co1aOMTB4ir369^*!r#@G1DJ zgQvb{<8I^p+q`;v%=OYgh3#C#{%CLiEc-40crAZ!#aHTkmZfG|c=_w+`B418{-Fl{ z;Ah!u_76$CmE9=bUq62`$Irk|Sj_P?>n9IC%fXl67mHsc2bQ-TUjpl=3jgvl&PQ{- zB>_6&OYFZ>A65JDh5DX7C%#+ZX{zQd=lFdJPkqmZeVP5G-urR+d;WR|%x?vB#tQZy z@%-P+^F@8n*51YbTF;-Hf9w7yFrL)+Y%tGWvwczDv*x??p8B3;9X$0tdrZ8){y!AT zKQKPj_iSJ#=c8Kx8N7cK@2~%B&GD)4+5CGrzH0r$uX6Cz_v}gW?>(LuLi|&qd;;@D zea~Jh=*OS>o{jyQ-c#SRxelKCo~;w_&)5B-`~&kib&#CX(O%LhEpZcDycktBrY@dUtzGqDjb3Xoj zJ!>9M>U%cp>-zbkzGpXy_vdS$IX?A0+b3SLeNo@D;XV5KrM_q9iT}J}zNqh6?;{-l zLGOI^Kq&vf_DFrtrhJqA4w?6O{BGm^minFzU(a5%zoous(;PhYJzM7Bsqfhq@!$3G zm#;$|kErk2f^TvD8c%)C5_HhR>voA7e{X1fdFH2l$6jw>{;kg+@0K{9m+_5XV%{EbxNjKN$3ORL zp1&;Q1IO1q%sTPjdN8e5TF)i?>J`7mi$5n6U%pSiieK69az0OZ{*z`;^Pkud@^_j& zJ%9W;@&5RH(d={ZGrt!apRa^`V0`HL<1dQWj86srpm=|L9uCD1j1PTgbi>9_z5inN z^!)M8?}z*khxUQ>W$l+R`U#F_+umsZa=kd)_D1`cC&YQ<72dBVVS4aun>gF{R)(AO z1I{mt-`8J5?AK`j@?eAujE8l5i$BRf&p+S!X=r={>w~tpi+{*|G-qer-_!Px$FC0Y zOFaJ@b9~y~c8XV>@4z2&@U*>+DRKUj@q2pNwtw2*uKW@EHs)4O+uLdfPutrLr4P)f zb$!R4;(Wc&e-E`DX??HS#O~KJ4nsLw-}5%JdymD@`d;}HcK3OS4zX@&eJ5UEcdNzG z`d(gRca&Tg8Y(}U&lRslJ34;mUypWKxRq~2J34-LA7*!~oCgn;UkPsQKiK`iQU@JB z)5Gv)9WPtGwEvt=7cua%%^URtX&TP%1F<@P+xb`$-_F3z9l`DaOC4QsgU7S8)l2_| z;I)zLY<2X*y*?`1QU8WF649;+xgS1--S_Z!>aQWzUmC9OGI zjz_Mh@!J45<6L$(S{(In=$pvycb0k&!*yT4&bD7m9*yTGOlD`RqaAMKMeMxiE)6vw zIk?U5XJ?y_9=Mk;VP~6P>fbPJO7zbigd6-|v`gR~_k$mbc5QG|KOF6{aId7J-D}>0=3$8pn z+R-xw)?dr+LQ8)Aa4&SSv#q}x+=}a?T@y}XTIWT(G~DhR*?kgg%(VS3gloH*oo(I< za1VZp-N!83?-sZNx3aVCC#!JfPqVX)OXIQlcT=}VyA<5$JK5Rx2c2+ZJ`7s7;f1Lc2`-BTgef4e|Q%=+jiLwcjRt%Ke7B= z>ff;WUUtV?Tn}7%4ZA;L4o&rz;rbq8XRBin?(oCx{wCpu+CL|b!}-S7+1b`h8{A`$ zu(OQ|^>5hqjp%r*;g)^zTDJ4X6Y#$D=j?3f zvDCj|{J*jDuI~@E9d*L>>|pn%<>%(%9^T3B3X9tS_wp~;U1OQI3fz=k?7nS@cNnhv zt7u348&*9Z{d3#lUi^>fcsaP0zh-9}mmawMZ=&Os;aYyn?whi?4K*KwaQ)(bYZ*W4 z-|+Zej%Qm3ZE#EWv9ra?!gc(C-IpytcQst)zu0}x;!1EU_D9Ft3m5wnJKH$NPQvxx z|6ylaSFLb!{><)dOMV%+75~f5Hhx`jnOCD-5pKf&v9oO-{ct(DIggiZ-Php8ycX@6 zM&bJ6U!(I&!>#>Wbi9Rd7yUij72x(Aj&@t%@<*aw6|SX$t}-?>e7gQ${AY;w@s01q zb$oGWSoRw!xXnj#yyq>)w@$d#!`a!6TY0$2adx)j?*_PwMzFK3=L*GZWM|vn4#RCa zAv(Wg0-whi$?j*CdfVZWC$qD?Kgz-NoyyL3TM#a5puv zv(0bfWLy_GJ=(Rw^^Ij`%P$L;8OP3cyj%^p>kM|AEOk)-hLvYV=eHNGHyQ0>r{Mbd zd)V3bFRgH+&x($hfxEalI$jrC_u0{o`Zw%uVfPoy_S+BFe@?Wk!EJAic1@>Z`#3i` zzck$N_p-CCtA%jQ6YcT5%h$M{ZN0y;>^?=>CU{Q!BobJS6^W^8NTbRxYUj z*4qyT?#JZuKe{Jze4H}WU*6lV@P3oxm+)(y_$|yE;)zgv`9Aq7eq}D;_)mEL46~=} z@v&6MpF6Y#x{vJMt**{t|Y$Sj$eBeE(cc=_ianO9{j(DFXTF|vA8n+-$8K~ zSll4~Uve_XvpE{SIT0=}Zq{|TTH<))W?L7O+2anL*4;Mo*mc!kw)iE8-434C-Jp1E ziuIQ*etq4&kH_~Mg{S*^6UBS;VT+%G&pLRzueZ*@SK#}_H_7>G{QaTrCh)l`x)1d7 z`?+4t_|SdyhKt!ZD#j-Z-zfe%FP}Ti`4nIlv~m1fP4NT!tulN?JRVU|f7!;L?gNed z0LO1p_$01*Tr3{{Bt9}e_3>URK7+ZSSNwbCdh_tRrf@#Xm|O1)Qy=g453<+XH>dkR zSqGnp;d+I5&GtxrybI!Q^5*wv=6ZAR<37y!Yt|d}@qXh&>?bJ3hwcN7o5sFP;bXWK z*(qK#{?x~Nk9f`aXW@27sa3D#h0()<1NLfKHl*(&zHv2eV~crHS~C}MO*6S(|2*h(As^Vk(S4x)uwQHT75J{pIX>P3*I%~v5X1kx zU%ck{o`Uanh@XYuEdDe_K6D?b;t;kN1n>|H~Wy z?}fG(`9AG`sE>Df7LSi+|CWN^D?aWW?>3v`(|w@ol^kF5IqL%a_^b4u`gqS1uQ^`S z;FpNktcN5{^42@)C(#ozA5KlUre z^^k{Ocr)kY`;*PS1iv@z&oFzs57fSZ<7?h;CfgF=hF4Ot>Um0_!Zi31jfyJ9rQVg^EdB(-X}uy z5ZEqhM0VzQTzo%v)myiNfX~C1m$LWYm;W~8C4Jh@mGEoE7uajgTdVN%#Ltm9w*4rL z+a~eXDLn0K6J4CovEF|7kLLVyFk`KkhP z(00(Ra5=cW;-a>Lk<0n#+8k{MX@#ThV2L=>`u4ViRSHM{zM)4P4i)?gZ7&or3%4=C z1?IuJU2T&%o$}+}wk`w5BO1A;FZ1|md>(#@_%(|7C7AdMj<4}m_;unpDdN+1b>&?g zU*l=Jis#v1Zi+A8r~LwLR~ZLS+tp(Zz5+ie{xMTNf%&5Q3#;$u{C}wMbbn#$O7{0C zJl$W|A%3RG%lBz~=>Ec}dpN$gzTdXq0-o+KB*lB%m(A1tg~{S?P~=1R7akO!Rd~9; z@P_!~Fc}x&+O^`!gJz3;rS_M zPxlv6t2m!)JwMCr>Hfm~;zxM(UT^kve_`Fd9DkJ;U%vYL_rUnj{e|(X*n9C7e; zf8pY<^7ur>Z<3!M^?qTA#Cuk}za7b+lla<>UsKoc&-Jcz4&`!i%fyY9zdw}g!T;+K z=e=(m%9Y_t3O5MXuW)pHt|}azCmj}-u+%~4Nh2TNarv~x(Z2&-E^fWWmEgv&<#>}U zj{Y5JM%;G{E-?Sr^RtG3;-800$Mu)(_(!r){9T^EGqk^!@6-M?k6&xVYu?9{;Csb? zS>o98slv1rIR6Jd|HV)~f&D4X|2FaSJTG6v>yPrM^RsbZiW2eEH( zJgVK~Xn$}}+)3ehvY(_n=(zyHzRB?pO1Po&%fQvd*~X8a3vj}Ej%Ra4xMp#->nHSF zfKG*@{lOZAqvryY75Sy%_9+}a7vOcp&n>{Uev8M&RxdplU|xg^Y~R-7eL>=M$-Ktz zGaoN0vyny4@57!qtOwdZ=J6}z;7jo9#9t_J-*&tY9KWkDyTp6@lec+^L;2A5J>uJ( zzsA$?e!7Ft!LJbSov+#Qq2ql?ys_Ru{uTIF96W8`;~wXFHStsMv&C!j&%$>*_yYW9 z2VaICbnvu&kNp>}SCc;-@2_<5bi7|7UNfF_yx-*D>3Dy@!PD_R*{h#lx*jvv!PE7a zH4dJx$2{xc>3Ymz2T#{yCVfX=FI|sW;NaxZt#Jm=u)dd#ps{raTqF)0U6 z*JEyS@N_+9or9m`I3Xr!jJx*zFzvg=PU062Tz~(Jm}!* z^PUqn>g%P?dv-c_`n=~_2Tz~(+~MHq^PWc>Jbm6X^?iN4^xThI96WvA^DzfcpZDDD z;OX<8jZf(Fr_Xy%bMW+e&m|6?KJU5F!PDnGs}7z%?>XiN`g-Z}o>w|}`n=~#2Tz~( z+~VNr^PYzsJbm7?`AL1f^m)(g9Xx&Bv*6(A^PW2$Jbm7?;fMPC>GPhG9Xx&BbD@K$ z&wH+S@br1l7aTl&-t&Z#zFzvgXWGHj=RKD?c>28O6Aqp}@44T>)8{>#ex$FLKJVG# z;OX<8-432U@43~%)8{>F4xT>m+47XWUi!S}JO@vo_k2+Nx$?dkhkSm8u7kDWyYzX_ zvO|3OyyqJZo<8q6@n7}z(&s&Ia`5zd&mIR)pZ6RP?_EE#jSqd^bND9CU*qZXo)?SP zoS)O@J@0Vv^m)(69Xx&BbFYJ^&wGygv3|bj^PV#tJbm7CnRv~3(&s&&bckPpf7!vu z61X0+SwFui_zv-!`OU(2i`Q(A1^B1LYd)7)hCksanfmsviC=?n6R*iXc{2LIiJvaJ z5!?2Xf#2kiPab~1gQw?yB(`w97b^0p!q0T@2|O2Lxr0x`Kjq+a@Ppzt^F`1781uA# zek<@Z#2Y^^BjZ-z|Kr01c?X|@-{#=6@P{3I0sf+`T(7aOeBkrKOF#B0`b4t|A$ zFTy|JkWU4Ezk`qA=33J;T<=81{v-w8E?#r|%EB)fuNj{L{6>d-%JBOf;@99C%ldkg zxT)SIUbDZ=z%O#}dH7xjUxME!UNinx_)$OSdNt#pz)iua;x+ZA;TJpj9Q+0cUxa_j z!B^l%Kdaww{0w}>!RO(}{Yt;yO7OECd=-AR zgHOB%pT~FbY53R0Yt~N=e)4l%?^4rv2Hvj~;hzw%iC=*~;1EAH0r$tB*XNUhe@VRN z{X!Og)Bwl-xT#+GKCRCJ{2k&|>mUAc@tX7D8vGuI_{p>I{`Wuh>oWsC-NEPKyBvH8 z{z(U4g@4(>Cz|p8x1z5%4WDuFIrvo$z6iffylVZ!A93)pvvGd%Ykj>b_(cvr3*YPD z3-J3Kd>KBmTc3Xoex`#@w&484!Drx~60bQv=HaUj@k{Vyext9q3V)@8Pn?7M*A6}n zzs14l;17xKRO}Cn@Uvdf*IR+lJNOuOx|_v+K#@-h{&k1=S@`pQtIxjxpLOtM_=g>Q z4gNU?pTr^_zDJ*b2ENU~=iwJQ_!4}tgRjExbMT4tus``vu6KrFJ*43~#p6fSUvc>w z{`^0Nz99#{%E1@mH;LDrZ&cu4cJQ(H;(F0u{rsljXF2#Rd|tff{G9G;ZJ!kJC{A&)r0^hoy>(v~u zW4H-1*TJXYyTxn9CkwyT!583b4!#WE^56RPS%aS^zFjfD$@k;@M7-vFBLn}Mc+K%T z51)EjpMMGd76)I2f6T!rF2?;V2cL#-{F6Ta9Q-r~UxZ)c;4APO9enH(Tz?RcQ^m;b zJq4e5MZbMz;irk$#4o@va`0vN^$xxUUlIQqMZHO!1kd;%u2 zU+4Kp%>TZ)1fLt^e0={sv#-K8{yF5IHv0rFf)vGn-pfb64)uOE4L|k($H&mtU$)~# z4t}n9+^UN7Mffg<_!am~;@>k&;{P&KZ{RtTG3=!F9pwC^Y|pD;{C``*VH5XeyQ1~ z;SUZA`LCFL4t{-%{k`>{g7vY^?2GW{9UbzU%)SD@IqY|see6THUo)KJUHoL_zey|5C5V={w4TPajy4O z#rRj@W5=>TP2m$C#{OJ9Zk^R%w)K#PpDv!aVytKRdqW*Ba_|p3_#*rP@tXOnz>gon z^=f=9jr-~1HRG9rpK+XiJhSlg#cRg10KZDSW<1OA`y6}?eo~`;e3F;q`jUgsz&|Wr zGoE?))yM0{vjqRRc+GfL;dhDGjAvpx*3Su?kH)9r7mL^IKXdTC;ukBnuOj@|6FDDE z{0jV);x+MOm*M(}gHOS?jpTf~y!>AUUvuzP_=yS5|2i+9m(BB) zz?=Nl;;}1@%s&nPoP*E7Cr;*k{P!=foAW8cZxF9p&lULbr*M4D`;pj8{Cj8d6BO$w z1)o2ac1W0d^-z&!sw7sn0*0$UD%Hs+BeD1k9uBd@-+VWxb(v>FHiYn z5?|?BP^ZG>;0oeK$=?qj=P6zfem$;mWw=e^yyNvy@dn`r6^@=?HEs;oYl;^bH|ul1 zG7_f?Kbv0hwxQ>N?(5RA;yLmDc1C}RUZL?OpU1D(cX6H?UxM!z|8D%AUUB|1Wc(`r zU$29waoZtY^FEB8`}KzSb_ zcZ_3?x489}ZG7mtUuzsZJ@;#uc+L3GbH5tS;CwWmp8GY)!P9fUvJRe}`}LrMr{{j{ z5PzX!Jn6Y#N5pHcyVG;OTF3MFXgodlYp#Q*=YDmI*Ni_s_iM9*r{{hRI(T~S*Vr?; zUd?#YbH6eUo}T-)%E8lfzqUDedhXY24xXO-)tc1TOV9n9@8IdVU+Ww^J@;#ugQw?y z#onXOpPu`5v4hXU-yvSL{^1{W@buiTeg{v_{d&W}({sO?C+NqAp8IvZcul?Z+^^LR zo}T-)*}>Cuzg~9m^xUsg&f2E!P9fU_BnWZ?pLB& zKfm>p8K`j!P9fUo^tT?+^<0gPtW}tf406}dhXX82T#xay5GUmbHBxZ8EHNHh(FFp5bj(FAjhhHgvh9Vz&?$<7deCWAfv2*nK({sNrcJTDvuR9z( zJ@@PXvG+FMQB~Le|DH3mlSv36Bmn{;!81d(NbS%N-4h7(umY@ zDMCa)h=>sp5di~IL_~~;h=>>w5s_j;OFW{n{FU$G%_r?eyivzF+4D;IZ%5hyXnH{i+VYW8bgc z0eI~D)$&w*d9m+T-vB)J{Td&D$G%^y0`S=P>tFyL`+l`=uP-n5{VEe)lUK*SUzGuP z?E6&{fXBXH`vdUU_pA6cF7K&|@gcVFm++eMV&AV(!k?+okA1(E2H>&p*WLj3W8bgl z9rV{1`+oHaz+>O9u>pAO`?VqfkA1)P2jH>qSKHI|*BASK^%Gumy|C}sgaADD{i+e( zjf0U(#7Bzw4EFsx9Dv8ZUnL#&<;A{V1BBO<7yEuq3BY6Duk`_V?E4itgYDPYgMGg` z2jH>q*Np*q?E5ua_zsHxi+#T~34eitj}+4UQo`lc=r1Au65%!DRT=RkgxAz(CGph( z_!{DO2jKS;-||c@ug3o3M)aJA@EZHE?^i_tzJmB=0qnuPU%LY6uOq%ir^{k3;Y>w) zz`kFl!fWaW`+kiIz+>O91;Tez*n@q)_6dKJ7oU*V!oFVv&*JiS@#5utJ9>>Yp>-$$ zcP~PaQFne$4i0@-evni-ZqR zY#PT={zpQ-1o@TfZmj=Dj33R*dGzOU;`asMkzZ+dF6-~8&|gdZl>zuzent3aUH#3y z>l68v-rd=rIDfJ?kNisXr%8M#Zyx!T8sX#Z?NVer0I@9{H8M0eIwB ziZ9le7x|Sd0`SPMOboyyzp`5R0pv^Lpdo{g6!#a%ueAAvzI`IU(pUK9NA{*hm~Like^Jn}1J1MtYNED`>Eg?{8$ zjtH;0zR0hX{0En}n?gVGE9Js#^drAASNQ)_=tq8~O+U6rqaXQ|D+BPzuT%=Jxn9Vx ztP;M1!hYmeJ`cbnztZY*F0V#E@+*A;@W`)>3cw@3vM2zL{K^jDHT8-7O5PRv>x=wK z&j38~E5ifu$geC4z$3r1D*%uDN{e6W%ZvOOE|LP?D<5Tkq@qXWY&py%DN$gFIqZZTo-t^P@8vb5C zuAI33!qHI7hwDenTj-lkKQ{>HKL48PduxarD_j@(`&8T>`m9F5A>MBWa5=p6CDfa5 zo}`QD87_83=cK+4@cT;XXQ}WPyS%(6mnY^Y(r3|Mvz;2gn)rUgH&f`ZBW8&3CwcJ+ zemd%Hs_>e;2l6DFgh$)KanyYkpEf8j@+7UwxV#!3d6FB1cdw(Le&k8!2H=q=*{S3c z+KX>LEB+0aua}fN`MSIP>;?sgezsJ&bp33tfoqd8Onk7QZ$>Mf6-vI&nmo`uFdHgV?^# zjQh6t3Sv6`PS2x%UnjhKz5UvI9q}WCzeZsXuGec6@}T1a@W_MC4ZtH0x>op(iuQv%=wadG&p)s8?(fKhR$kB7E6#8A=8*?& zcLVd9`bQqLx9}|#_9G8ESop?tt#KSRJ|xWN$b*i&k?qm&$b(KEqUVtZombAh#xF-6 zbZY<}dC;7jSpR4)u8HQ{Jt!t7`J3=BkO!S8e38q`Yw|n{9(m9?!fWz;$b;?_{$?-z z3H4t={FOu5{%&5poQFNggU$%R$MT>7_*fqFX11r!wWlblJ`?Om9@H7eJbYUmN3}OT z&Hf$neT5%IV>OQGY2Nyg2i^Q9)~^{4kq6x^d{0*IYY+0E9d2R$#R?vI&{E+~SMbP# zjuGDVSN!S+dC+CTAEVHZJm@Cj-TNm${m6sv3t$iOpv8aY`q9{rJZL}RHSGa;(0RgZ z>Jxd;ZNg7f)DQBYHx6g}M<{sYLH7pWkq5o*KUx1T-S#ZslWIIc9(2tJ=6|oS2YJx5 z|HAwq6+H5w^Mt>K<^mkibG`c)@}RjDtp6s)eftaYpcTRoQSiuv9uWR)1&=&v``g$a z&3uhK=+yyu>=LAMEiw-+zxF+L*?dczpDf2e{-9<)yQGZj4Ypv`V) z{Td#5&`X3LqtK5$=qBOM@oLWr^@BWU-W_bu8ZZ3`Jo2EMh1b}RJZSDX)~}g=kq7N9 zd^az9m%GXHx8k38tQO6Dgic;rE^oXmVfy4S;TRR2v_w~ajLjSn#IIsUVnn7@iV=yKsb z{fC6{4SCScQ(6C+qUR`k67(YvdSd_{dC=LyFL38~(HF1(gz_Q}+V>&0=R$=&$b(i1 z-^%O$F~NT1L03P_`cL<&{{$X+(1TUX|4wmzkp~?xoB3-M_9G9vUU<#?i#%wL$5{Up z3jN4~?i2nR*Z$vn_ebPG`#jG29(mB}xk>zO-aPW4jps3ck-~oDLCb_cU%?kQ zB7ai&ZVJAX_&ovm3gX*6$@ZVA&|gjbfB<|Q@l%99SD_zy&@BPJ%re9=7N zCMD~W`55|;FY3C8%iATHllS0|FSa8<;uP;l#r+pge{e{hy?IsEKvPQFC3g6lzCPX%`! zaf5_wECr8wyua{nzx69`3Gow!uko@!A+AtHeCexf4~4X1hoAmR;>(1e>ZM=w z;QH1Oe`Fo&Zzbpb^kW`x`5N=CU**Ra(>3iMfX6z5DFOHj;%kMUsIVXF2+G#8{Td$g z_(?lEf$IFDHKc zCgxvodH$M|{TJ&9W^HEv7sB~nFU;fng>R(LAEEgzdkgFD=<+}Iwjb*Vy1bjjU*ye~ z5r4y0=HVOSILiKn`oTJaaqlyKCF4i)az57niQgr>CQgZU1pWTT`rZ4eqwGo0k97ot zg+E7O57rS>3ExY>V;#X>;m@YNiNntx%;T-=*#5PQ`|?;vuuu386g<`u)PBhNuT|KC zbp+jZF+WqGznu8(!hhqoH~G6{KM2=1HjnRS{g*0utRv{Shxt2Pd#>_spIAq*Jej}N zo5wnWo}VV^zuB9|I)V+t|K7FdktANuqr6y0&}}d4KiTEwHC6p!9l_uLJk}9Z3O`Vx zAL|GX3ID00{;`f=*FLuY=L-E;M^N$^^AzHb9b_UO?)WTkQ9oEm&{KF#|HV3jeo8*U zAM}muTqpY6`62nb6qB93>1XK|TrM|W73XBU16NKzI~3e>;&KkKzB5UV9ZB^AeKqvc zUBT@kZkTW<$CS~p6#C!~&JxZY&r)%S>+BKkcprU;>*RjPZe<(yULbBfgXHD@eu>eJW{ONSGIK9rg>qkny9({RAF< z`RuRQo)KQWoJYTcUtWAj&%-aD6@Z6d-tueKkFw*4KJQ&#_~ntq%xn5N{PM=aqdYkL zt{43B?!uqWxGxXCyj*zq{?t!D{PH=%Yu1CoFRuxpAAb4406hHicHeM)q7ULY%Kn7* z1HXLY5#}}P)8LoS6}~5{KU%+>$Mu042UT=?ZZzGZtfJpA%0!fUQC z{PMNJr@OC67@vISiT;f2qb{%o8;Vu7o!)!}F&Pf)kMjq-`D)_F3;%(uUtZ(&mC(-X=(8Kc ztUrhPAdYCpJ%eI`J0G4mIx?QxE7~o_;o+8f)FF;&vm`!2KgQv18O)!d=yw>0%QKl@ z!|IRj7YX_?4tI$%|EjCMt+zcGhojldXS?O?>CIyt&d*^!9uFGe&0`#{$YuUlu02D& zd5pt58ZiHBuky-y)IY}Io_Wk`<~5ANHNwB9(2sF=QbX3i)a7sYwjbkguYBeobou+e zd5pumgzw|>@)~cS@*d^IINZ5_^)FKJ7>D-=KisYVWc>;42jlRdMy!9Pg2y-dfd@?snwTf}?^mru4w-lM!2hnF^G{;-_)n->rtscy#nCYN93ZBH%nm?UM8-Trb2&s)T=1^d43J2|VH>ea>e6m$~Kju?O*yIp;8crE7neBzqFd zi}*-J7v^VD-^UUCr8kfG$n2jm{|8#58{?nw<`Ew$x{&$!x~y$Ud_s8b) zkKA|>>v#PsI>m=OU&~uuFT_X23Ex7_`|*g6%n{zbFZSaRAK56pDn3Yj&c$s1Pu%N! z#JjwRkMzET`Sl9>5g%#x3+Cr3c*I9m3*W-ENB%C=e1zvL>iV#LjbDxDEE-?ReAsPo zO)Ce*zQVm;3GEZlSv2d*{F82b>*LMiIg2&FX8x9jY;7K4Rv=hpx4lk7rlv3D%*V0eC!T z(Xo>4*XYM{76XO<%q_2vJ$TNd-+ioK6^9{yi13;?37)f99e~Gk7R@HJJtryb$8#3l zh1Xm!JZDiZ{LnP|6XFxTahN@#@24L1TukSC(@%%{xmU>pD>Q&IvjkC`2xm$@4FBu%2~m@rr#n?bhYr8D)b{xR2_hi#fhG0do=nHC+Z)7 zN1SMZ@BNGPE;CzN1SL*03LCo!vT22i7t7O?SIy-pL$ciJFh477sQEjYM8H2Z52nfl{b$# zQL~qr{~hDL{R?rT3gJ7u`sMGE$I*6l9&w@-t6Bdz1&=t<`D>WJL17Q#L`#IfQNbfl z)cO_Huj!A76WtPkN1SNA@KLlqI-;Gu>mPBVP3zd6YZ&*ff5eH-evSFxD0sw)W(XgT zW8Ug*58_14UT6L8eCs#AAWl>gfJdC@BH{5U3JyR0h!YJI{%gi*e)6^-aiRem*!~M$ zUS3nRPsE892>(+Bk2ul(06gMEXTQPr{K#$pi@fbeoTz*w^BQ|fh+i6jN1W(z0KSs= zZf~+Zn*M?~QKj(5E9!GU@k;{mh!brNz+)ZFp#VJMM9pityc+uvC+Zr2N1W*D06gME zqXO`V6IBJ^5hq$Ld;@p9deysqB2KjFZLXiTZhNlt<`E|{?=ZjFZ4cjg^N15|7JiPa zztIDOVt?xT^9l1E;zT3gW&Oik{qmZszavg`FaVD@(T!X6`VlAE6@W*a=<4_M`VlAE z9Dqlh=#p)E{fHB-5neMsBTlqEfPTb@`n}KgX!;l8M7IdvUvYgAC)y-@)NMcQz1vSY z@!PhuJ!{Dq#SuNvn@5~z&Iin|aP^P!<`E|v_#yL;yZkh79&w_)kC?xh&GDTd5huD@ zc>XK@`4n-YCBlzW=trEW+b-7JPr)NjG)4F+E?@0kUc`wye9Zba*B5c3@xp8F?+_>2 zE_^(1`ii$bh!f>~!uI^#wSR{;ISXa`~W=m<8U0kJ=l+#rt$L}n6S<;`P1jyX~0HRDfVV_LtP#eDp^tL5JM zdl0`UoB2*|{k)aLC-mQP;&;_!zM0GK^yaIGcj_~Lr+dA=^yX`cpCJ6{E-$Ys$Nwhu z9Io(ZD0uA0u|EKh{W#j>vi%zU*pH*X@SiE{!G0VUHDLXkJQMcg7$p2j3jNrRW1{e- z3Lg7$)CJ%xh(9}z?blqdYT^eAKQxU!3Hc4*Jkxg3=Z+uA?WCB#r#Jl+H)K2gxN_nK z3Fp>tTwhY2X`*m$+$+vWx$wO;^fOnuu5vyVw}(F4CEQPZIL!HN^0^#cd^qHp$`l;( zOfwZ6*3@kk?ku10ttPIpfbH|+wi4G{IKOfrzcE(9VZV56wJ^PX*ze{4*C{XQC{FGr6sjYkR&`+Zaj=U0wO;x;Ha?Dvt=nCi~T;fE9|Qvu6dL6<-mR){S+MX8!q)`=ndU+iElo>i|Bb-cnWFr zk#ybK(OJydkz@FKHGBo}>x6f&^HKT}{JCo4_X{6ihehXNM+$rD=!2HWvOO9e^HuK_ zdLH@sVaGB5t(XyQGTrn3vmAU&=AUu-)4X})<2xLmq`#*(Ukkof5`U#PkNK*@3CuTf z?UC2y_J`|RLj3u{7tnX%hz|AEUq*cY;v{?S_U0?WpQyK|hWK*f*Rwe$`k1$V%var8 zvwpW<9M#@L56W9ipk8j&n-(QfAzcK)ieEg&UJo53Y1MtYl9}2)D zAK(5IF0XrE(g+Z*!nWx{LP5AyL-0_aCRzBT}le0*LB+aHfFXFND4R<-W^MMC@?`S_k^GOy|H z$j6ToUekV%k6#ghM?U^g03P}HPM!4jBOgB`0FQk9eBm!pv`^&Y4+^hp|HOAYi|y~F z(2solIN>$d3;Fof0eIx&owN1ziF|z506g;Xw*=skk6$8uZ$To@aHS+K|X$Z0R70v?-ahf zLO=5HZMw4kKU46?$KN2l#=k;7eva^+75b5n-yyuFK9P@a_Y-~nBOgChcujeck6$jl zW;{eb{$K#UjQEmnY`?}oK|a2303P}HVZv+L1M>09gxAb3$j3Y9vi)Z(t}pWOorTxv zM?QX303P}HwZeB(*n@n0c6YY_ewV+{dptotepWI+z?(-tzVlC6e|$aS&E7on@!fkc zzreNUZf_p>_|Ju3?DAFKJo52#e#ZJQb$NMBH6BKq(0Xy>B`EjoP?cRJLEo#W^ouq%CH{XN!wihz5 z@t4Yp9~ywKB7T+d@$yDyeD{7Np+0Mg-*yq(bB9~rB5yuIivb2*%>4Z>-zJGqxZf$k z;(<$&_#b=oWyDVr{$*ExA8)>r_^W@x`p+GYKWgK{Oc}1*jxX8;s^F&{c-+Q zZ@%~#x<9&<`AoOHP4VVSiSJs|Jg3@Q$KaYR|?-z z!522C`yJs=SMWWEKPddU3cj59&VAYb=`R0@cX_Lb-z0pE%Ww1MYl)xwAFMzA{N5Md zeB@Y)5Ask9vi|#B zdy@Ht{$4|TMt|lt{>FadFA{!$mwq|lj$VstGn@s&|5U-362D*g%N2YD@fZDy?SDYQ zR};TW_;`Dezl+yrLjBYcKkrJ`-%X*v@HkrTF1#xKPkg(p^!m$*zfSmJ3VW)EuM<9A z-qzmjvzGWdSF=5F|LVuye556<1G$Fzcz?Xqn=c`LzwlqW_7C#r%ZT4Ifc3}yw~^j_ zCGoR<&HOK1{qh>WzVaUJv!*546M)}Oe9tny{^H|l{tCdC62Dvc--?}4c}-=11@V1; z!}g3&@YTd`5T3-?;itcjpwETZ)MsHUik}bE*G~`PCkNomiQgrBg~I+S;;;KH+jG5w zuO)tq@RJpM(!@B7Wl#=AU-?rQUok@ninT z{5qFkc5ou$-?(m@D;@G5I+9@ zsK+OjH(`9JCO%TZ_B3+G+ef|mI^vs+VSb}K{;%-n3s0f(`F7@i?&^Qro9{vV+2fec zv|Qlm*WP?N@!jrbKK}pS&wqGO>@VH%B%!=j#J9SK`7;#tSxbCh;eVvyBQ$7D68>G6 zzsB3165?-|#P(e0^75LhKb8@{Mfj@}d?oRn@73$CA%3>-zgOtrPkiG_*56yf7oSS| ztq6aSf-fb0f$*CCQbD}AkL}USch$uA5&nMHo_Qwg{_E!;q-4wRxE4RFldGocz4}2hrf8LvqoJR4+sm#ZppMTq%FCl*7 zH0Ez`?UC1%?VtD~!k_Dwcb~WZO5(dc$oe(yp@#TL!e_YpTg>ttPxcc(Wd`fNNMV0* z2gu4QQ(Qjx5zq0whWN^Ptp9$OKf#;d4||?W;?MTxi#t)gOZcg-{tLbNQsS?i&-ypJ z`~Yvhg7{8PG5?gy|H+%LCVr>zZ@c{6-h3VLD;BW+IRBJ4Uw9UcKMR>}?#`#Ld-FYr zU$lt%VweBOn=dDR)6>jr?%%73?^vzpYl)u_fRE6iygLA2LVVA~Y!3}BvBPgZEhGMx z0DL9!^M$9boK}Ag@jC+O-%otwC3^ddX;SPZJpE}}drFBP6@afGewpx^`L~*&{Q>mX z5#R0^F0aP^!p^iFTlk+S%G-nZssMaB@pZyqqR?MOe92O_|9S;qOZ=<=e1vY2^Zv^E zHS>E3@mB`m%ZQ&Ryr#UB#2*fzzlQi;%h-O6KenIv3Bs2v>a(~Dt$%x#^wONs9< z`~U@CLHr8gHT6?XeC~4n^{RtC!v8{HPvMVg{0X4H2l0mk@a4q!dXDXX$o1b$mFN6k zMf~pPnSa)`zo$1}OZ@DW%wOU1@|w!Oigcw9UtsQgZQ<=w^#7x#2*wse!p|8 zcl)U#e(pT;&%q%Bh)Bct=8#pF5gf4CHU^|bG7I@OZen=PASRQ{ytL_ z9LDGk!sYwun@*qY5ROtle7Nys$rs>zYv?EY#5+dU&5#~TtdD1?lZAc z^lW77DUX`eE)wz{rNm5H!{r$3^75Ko9`u_E`f2tG^8*!pH8CRt@O8xR6n>gQf2`it zvORaX^T6Ds@+OQE*k>Z|HRiXt{623U`%LV9U3ijlL_0m|JYTW=owOdJw^RG9xD`WJ5=`%DafoAtZx-ml+dpNR>=SGoE(cKD%rA4x`=K|FeI}M4WPYw|&o|yY_L&&?HS?Nz5Bp5)3&3NaiCYfq^<$rj$T!Si z!`0(k|JY|@U;rNbOso;Uw_BgRAMj?%MwwZ~L*&MA50t&vkh=>!|;u6!Wu)U)7%Z%Uyni zw|?w1(Yyoms{4#g%A*G0vCqUx;roc)N7avr;%-^l3AM7(R zS9l6Z#11;ehwGQgTU@VV8uROfzg}TK_L=DOBeq9#-;8}GW(DA}&&1~ec@zV*cujl8J`;5TcBnr3MnCqM7#o1cJ`-Dn*YtPnGtsUq+oS1U*k@w6@E1rs z@oPWWXJWPR8hfzMMA1*!o+^cY>@%@kc#VGSGm+bk^=o+SGjVkQ9{Wrz5}v;$#e9^| zzp&3l_PKg{u+Kz);d?9U2m4IS5nhw`!#)!SgdgJe_etLK3-*~9^i#Hfs>?s&&10Vl z=V#3SL191knJ5pyW1oqg0eI{)(XXf89_%x*R`{t3`?1eN*?Fx0j|v|9Ol%hZdh%Uy zMBnwU&l=);{+#tUVEkx*M$WgRSL`#`&%}~n zF#ox0kG!VxAF$8FoIcDCQ1IAiBKuP2m%8;c*4rNJGqI|a`C$tE*k_{iWqKa_Oe_k( zW1oq(ef9dW&%~?%JocGr_8)rv*k@u=06w@zVc0FQkp4h7(`&%}_+_4Z(& ziQNHs>@zXo3cY^pGqFYZ(TetleI~B_CF|G3m9fvnFyUJ%^kbiislrpyV~3xAf_*0D z1>mvI#0ug2DD-2WiM;+?-g6Z^_L=AtfX6-)mBJ5E=*K=28NXtCUQ+PbXJVc3{S`d+ znP_t*>(}tuXQD#*IST#QXQJIztp5)R9{Wtp5Wc5^$37Ev!fWiuJ`>%p)|VIiOiUME zV?Xwp$i0U3|5{-`_L&$W{G|#$(uDkT;rUzq{nZlUTMS@Q!(>@zV{_+Kgb3gQn6{|g0= zeI|PShV9Ytb;M5(z+<0@y~1nyBlek?Jdo|t@YrXf>u>e;W1oqM!e6AQpV&SV!fWio zJ`-aG>Fvip6YYP;d?(jGe8#&yW1oq#Ynj*dU+gonM)*OB@?xKf4%e~%QxrV*ndmQk zV~P#ph`!-%KlYgzGKBSO?)S0J#PR?<_L<1|qh3GunYcvwiLO7~;c>326!#0*XJUIf z>(}%b>@(5vCgv$c9Xq1(nri&PJ`+QPFLmv?z}p_|GqHLo>mTIu1H5_cGtqt+^EbQg z?a$sk_L-P{3-eF7`hD!jJ`;V0GoSD3Pv#Tynw zCvLBTt09hVF!0;>>DzD|ASL1T$f}{-h(S6ZlZ$2|G`j^^^7<@3GxKRDeK9P+)xg!3y0o|&#zaHYiUQ*ih{IPEI994Gmdql&mv1&9BG zGh8^oav`QMr@xwr*1~Ug z`L~khorHO_j+i6K{3qT##^p`p*d7XD#tuJwunuRZ@b0|e$Cnd-Q1}xR`m2a*L;qP(zhTip4Oyk<2Wd2xh9_w(%PhflE`cL-eD~NA# zH}iM8_MGX>V;#<1;Wh06aa3%}yj^lnj*5RxW9%CI2KOXCF@+Yx98XoI#1`4ma zURZ}SMfjm?j;B2d*2bC1&XTT>h3+w>YAgdGmGj`Q$0gKN+J_j0*|#F4|p>2bkZa;NfR9 zo2uu_iQgB1ho7-}8taeGLj%3bTT6VO>CC(R)$e+t-IWQi8Q0)vOcq|#9^hxJ4Zy?C zI1+$|pV9F_F0W=Df}c@5gL$`K_|*^mjIP3K<{|hQ1BKVjEATUx1>oUl!p~SLe1TW{m-FD^XRH%`w9Ai4YM%)_{ESOxvi(IaFR#ht6ZFH+7$m%= z{^4g#48X(BSStK4752c-D14ah->Kl?XB-m#I0X+squDIh-$lX0&*&R~-%tFc06f)2u04~Iu5ZHliS@phJi_+>$>rrW)%C@C-?hSP#uNNsxg)~2p|K8!U;o8=-`0<^ zJsSOmnY7+Tc#Zv7?^_!{Ki2z3XR|$R+5DsJPpD6<_w5*f$9muX!k_7-U(Ta{MX2&7 z1>mvXca8AH3jJlo?-9P2g2#H_PLFZ@9IxPOi0>!7MnBg3&JteJ9wRyS%ldn|yx0{VPZD^n_pN?{`Lk*6!$Fsv4>!&tZ)5GB*1ztV z&-`I8{RuqQ`|eu6{5&~-l>UVNi}k*h3z|6a-uKX2=9@9@%VWK7;j4Nc>wVh` zukwG09~^+kdf(Xrc&zuW6P~(G?C`4}toPj~e0+S)d}2`S4^xakSnpfDj_apLp&#pg z#|y6+Z?WFDIslLLzFUQlkB0?G_9u+DSns=eJ=>qBY5&CU+Q7W#`eMCr@f&&`>wT{d zz+=7dbm99b>L2TU_Xgmx-nZLEwm;q;IwsYpd~Z8?#d_Zw;foaZV7>2F;WhgVV7+g% zH`$&J3jJ8`+e>(jzl8O^BLeVP@4F}fAN#*@!qZZg*x}b7vEJ9I}0As)6-I2ua$Nb$Xh!|o8yy)LP~7jf7l!nxyDGM8{2eB+XB-qyEc z#A5md;46q9EBs?p>}c1dew*OuRTI-;GuspAdwKJ9#BWaK`+D=Z4kO=T{qb>RKoT!@ zVjMwSGO~sFB02BZPY{=EF8m1!9&yQT!r$rgHze7UP(O%Et`lAp7eidK<-2S@b>Z0I zXFuYS9ffz>l^>6|=jZ3ZzpdWEb^B&u; zu?KO<65%!13vtP@!fWaWami)Er;AG_j0e8sa))hPzDwo$B#$c?_b@J3D7bRsHVfxB z-eO$dt>9{iJFMU^F6X|_<>*3k>_{=*Vm#=j;4m(aNy8=7ukUzUBYFmjS$_R1)@BZK zIZ*F7{P+s`yxn%@HF39U;%5u5v8Rss+`qB@RV3r^vj_FNLHH9%PRC=sJ+OoI$Db4B zKl`usgYq8ZGsfFNb<7u0-^X#3Jqdm`#@mrQnZKFwqj@A4`3@yu2ol1E?R2 zw^s;1(&fh`=}(xyifO#slFU!_<}u!0v77DL72z+4&h_Ro-gf^x^NqLVLh? zTP*#nE#pV?avtTyczcoX-4s0XKof-5%%{i$EeX)ykq7Gc8J9P{FNoL`zg`LDMILDC z=gfbpupfD#N&jHJ+^aql{+}Q6Kp6*^M_F(jRsVdN+duKW4l#e8ocH6A2bv`OEiV6t zcY8n{DCcX|ALrlm=8*>)lgxkY%_9%AMXp!efBV9lM;>V4H*Ak)en%c?its9bgZOm; zc;tc15w=I8A9;XiZhUtZ(wP2QuwAP>~~Th_1f$B+l=CcMU9LLR6x0FOM-F5yp7 z*pEC=p1C|mYOWXZK;4B;=Z~R&kOx{S{9@N0J8w`-bp4ft@e_HV8$xW)3ohTpn@1j~ zgTuUg-$|$VaP`Yu*n>P!H{q+~eDqXr{m28=3E#`*~uVpzDNR&bW#GIH|mHJ~sXn-zLKLFLL=_-aPU^Tax*{-aPU^3oPr8 z@53}8iBBjm@<7>{%nv4C1xIwGH;+6}c~oEj$OBafA8!w{y!A&YxZ5U+_4i_PeCr>1 zpdrGKa`{Ex`jH3PFZ?SmFR$_TmQX*)1FgtrdrE1n#t~hWq(5PPL>?$VkNNS8o9MMq z4vL8>`U~n@1jKa6uCP zL~1_ae#Q5Guv;V6=jJJr%T-L}>Pvc&cb=o*YKYsa;Pw!g*EoGS zaKF-4!Qpugfh-&W$fG~x34akyWZBAj12uwHVV zf-8lOSj6A!rw`99l?dm?rBaoninyK%4$m$1Q*gLn8Jvbo=oh~C@xw*WpQ*?=qP0o= zj8Dh>T=+5vg}+nIN4F>O3H`o;n2M%ckD7TK_wkj&|H0KSugUe=j?UN7PewD=KTyG= zUtAY}$9?>E;p6qQFR8rpy|Aa8`2NSRJ@NWEoWv*85ANf439qT2TH+51uc;sOi^0wH z^;1Iph5&pS@jZ@Z{c*o9Xa0BRnS}CI5`Ree7u@UB!ke!let8Sluc;sOi*>@s{h*R0 z{R!6#_wi$oWBqYI=v;3e_wk)uCh-?~^SF;cD15wrE>GeU>Ie7n^N(l!@%p*eo5y|p zjjiBJ3Fa5couQ*iKWwhLE6a_mU*Q;X>&#_z&5TwXs8e$Dy9H57Hp^9S_7 zuen0O!LPYaIKO(SCT^yJgI`mdhD*5qzVmnVWUh}+Qcl17#8P6q2H-1*FBd-E-&Q5{ zH~C)7f7OuNvOSvnh&sZHgy%`a|2`Mjf28nl;=AbZD=+5n(o@(T&3fx{;>(5iyiez^ zjrl{Ezo!e|Mb7)#Q%n5j06gaJ!gg%GMnC57ON5WlH|vwGSHk#+`8(rO*8hTQ|8{R4 z^Y&N^(ygl19%H=bj;-=w_2MP9L{yrkS<~|+s_xY!>evSQ@ zzxxUA*&Y(?!Tdc^cum{}^Y<9x3*7R`Yw~!7{)PE_s_^4ozHw6h$a(OXzgu_U@@o1c z=I^e;FL(8y;H@9?_aWiq{!<5U9`pCS)7hRl-^H89{5_{5^P^pR&iCdqf44hBUtY}L zJ%snXz6te-`TM#6d=2rHu07QEaYRd#>`#c>>?eL+3ESUL&fiN#PrQBqHmQBkci}*P#{AvoEPeZ~z~2b3Y2TQ?hX>&6h_4d<7#h2A zME{s%e?t4l{Jrv=?_LML`4aQ@;Q&15@3TAW^e0>&U;nyX^riE!Cnz|y*EzzqL}lS{ z=QVz3(Eib0*9hkqS3-N;BAlOJiuRiOBd!-e4%er{N& z^`8ge;n#QQ!Po0~*Pb=r?Gt|ezGVJgZytXAf}gSeXI%Yzy?OZcgL)?Mp#_6tf9j57 z3H=LxearKh*R&t_^&JE7@aua7;NjQz4Zy>%A0+%jYO6SW+duKmF5vREq-TiI@$l=z9UekZ!*Y^}&(|_UDUm?7vf5ESx9Ds*k zzcBz0zdr9;uAeP#{TF(-XZZEIllj)(Jl5CLT*vx1yZX=e=Ie-`eti<(%bUmgn(`Z% z-{tC;*JS?)elXV8^#48cA1ipQujzRs^P200^);gc@K|57A^?x|HHU?t?b_epyMC~~ zX4W6r{y0Cxo5%W^^M^368LzOu<_h68{RQi5t`q(a*Z#5I_F#R@fn>hYo5%W^k$+_S z{N(&$Y`=ytC%#(%9)9u-0r*qAOH_Pc~1Zy zesY_;xPESRuWw}Gpjef<<8wm)f}cEhLK5G^n}?s=ZX)yUeCk)9@RPd+;Nd4<5`c%F zJV5w0)YowM*#kehZKd9R_{m*_*Yscb$rlCS;U`}$yr#XuPrfmLe)!3wgxB;J_{oz4 z=!c&?M|e$pfS~rB`}q25c&tP35rD@!^pV12E{nCdwn_aZVScY8 zzI+PX6X(zK=CKZa&@|?M#_E0BGuENc7yfz$k9Fu%A7uR<6+G6VH=oY@c?uru(948B zM!{np`bgn_rQop+eOmw?>(IMMc{Td64t-s^`bii+u@3!+@Fywk$2#=ZGq^rGD|oC! zzgqaw3Lfjw>xA!>hIi+~botB<53#)`ioWD|xtPxPrk}nFuAI2x!uj2|O($-Ff~z5} zPQmRVu4pEg!yU&{l>_%5ZH065)2TSzS9TZ9t>;u6?kmR&=iXnX;&5MCCEVR)YwU36 zYk7-$t|o57BV3M_az2$lRs4`Q^hf2Desl_2*;Whpd;sGOtZ!Ko{*;7vZY~kJh?#Ck@utNB!T>VcZ z)lWkG*AjojTrO{%ukq&5A6q<;#J`uCPiQZ`als9uuZ!55s{dg8&Y8#G>&IdIK3}*( zAAQs5v;M-leqpNb#rS=L;(IZE&sA_}FFVt43H9dN&x)Vq`iRfF2a>LXlppOH{cMi# z?l|w)j?m9m3a{}S(9d=S;L*?W=Cl1_suLW3_MqMhpJLt}XZ?8evktnXqo4H` z{>KV?(9fnWV0)S>^rN3u3%^Ohqo0ji$of6)Pw2-b#4i#4Qic99;4jHJ)c!HL+s)hD-TbhvkJ zOPny~+iyel8`1>S#-3)*uc5!A6Rq1&Fz58ek(V>f7m<=@EIklxNq*m6Ouv_9(1&~Q zi^$tTO-N|h^q#1>fP`x-3DZONvrO}N$Sw$(w?hRae;%@5h0IK+Gs)W=FdsQYj|sP= z6LZ5j@pPC@yb->RPP`DoiM0rzeHt0>(3x?WICF0%op~`6%HN8e*oG5JqV$U_$?Zz7 z7hm^W$ZQJH){x3G|JjKC>LlCVoJV8B?_uT0ki9)*o`_leLddQOnJ+>PouA}TZ9ePR z_rhkQV`<0L(P79Bh3)LHc_-|Ud>~8%ngf>3 zKAK_YWtcS?En`OJG$jKrumjCsxEMJwsFVG%>6`j}^hDdv{EQ3eC0B)q-Ihtar$_DE zS!Qn3E{vMpF?n2;y(i1OndQ*=Z?i^5jJZ44Zfam2&$SD3&BrnMjs|vO1GBM#L+8J4 z@B;P5*YoXth34aYyD#57UI2MbfqlKe+*9a~{9GYx1V6%J>Kp( z-b`x+d08v_LMt=+1c&6OP8dZcdErDm_9XM}iFU_{W?E~=&$hO!TAPZK9Fm_ri7wPf zC)xQYn_Ju1v2Dx?Z6N=xjosD8%sts5`OTA0rz}xh`|c@bep|b^t=SusC!AvMJH@M)?wRfLNi|!$RbgJEZs#(z9A$e`2Ev;GCGc-=XS%W(Sx*i?XCk zvBN?2pKJfojC$s}X66QalUWmj^j^q58a7{s?2(Xp#(}(vMhV9}9Ck=v7j8?;n223( z&CG~>EMm6D)GY?%*Y&v)ZA9&7@q1y9G_;>LG)wXwlK++urlP>ED>O3-?4t!{TTK3@z*f*8 zQs~h6e-yrrN}O^GSNjju{J&Do-d(3>tamg!_6lQe4cW0F^Dz3(3~JYoSs{I=X-m3T zC+Gjg{DNKw*}s@S&?^l^u|GYDKYYkBKc^GF=}E#ee6%ifE{XSG-d~De)IpmwN~1T> z-!&)U4xkG}m3+P^WPV9!uRnu?Dtz>+d``n7`7AOQddRW)^;~$V_w~KjqjZjydEwBtIH1AZAV2PPAr6*nS)~ zvm%hmuUQi@pOJ*+xlQ;<=Wj1%<^3OVy-zHlczPXvl^J44IDauPac@+JbSpI zS)XU$$}Jw6Yh|fH_=cL zvOBWjKQ9iMt)XTlS2}jQHP1P}TO2mGM(o&#sg2lo$t592!@YK!Uhk11 zLOvWpQ@b(0wIj@p^m_kyKm23t!~XV<<~Q`=c=@n34^HI&<4>=^jlc~gj19FXDK?`0 z?YnAxzvI90;puF^-(3SpfB|=gnvz6!CiHk_$dVW{W2_9RP1@4=F7~IU{~suw6tW+N z%#qNEu|6bK;aggAkhruY;LApbE+=VwhysWY$TtKXK$H2a*^PaK-PpTBmLwY0_t5kb zvM<40$PYTU$}zhfhva+11;mi+dL&{tgzej5Gcf}Bsfb+?F^3`!$&cFM#HDphi3pdHJ4>)GgcU`#DgXZ_a?`q0!7p*#h+x6GbTb9JHFe%Vw_x&(k#Uypi<&J&P zFB)I#xWPHum}y~pkLu$>{welH1MHv7wRC=x z*cx>7854#_-PJzWj0%6CDd`$wo(@5x+vAC0vm<0b4w+dFjep?#VC;8K z)2_}kQ=;~vsM#Ea{AJW0iJDbe4#}Tpfti?XH`g6BeZ3HfGwp8Y7#%xnnx`G$6NLo+VlA$f5=n9cciW}*2!-+q;E78O8#qrh%1 zFw+Yil3y+av%AnPYHTVR**hDVnnsX6Xk>RcGV>cdB)`*mLYSac&G@?ha4Ehwmm)R@ z9cNpcpYWwg6Pu!&$on0$Kn5YXg5PF)EP zJ1<7e`9%N9l7Kt)F`-c*66ZR0p<_OF*5J)zMB8`a7b(p2 za`;G$Z>Nc~O%4G#$BxgVsQ8BsX!KvvfIOP}8zAC&SBQL3$X|r)b76D0V<$W2bqDfZ z$A00MzlI%>>%wh`nGvx&tyvne&qvI`n0&vrGw7DwI&}W7i~?d7WY~k5W^IOjBLhhW zk{{2s3+R?S(;@kx=&lTc7Uprae2-1@Zf+dU>Cv(uZe8r%6rv2BN7I>O7g)2*vA0>8 z`i`Tu%@e}*k%-w7w*Ls5*CLkA9Esr5$1TXWs3oIih-W~#r`XNbu_TN_%cNwF>hmr< z^H8YdXY>bGH6dXH3HOFtl0*%T9-RvnlXwW?c&CWOIcVv0jbr-%)qj5s+fVHf5v%KS zNkHCawiLerL8yNADyix@(szQLPT7NeB2>4?!l63tc$p`%I@XL+-_(wygl*%>mR1#tl1G+zr zHNrHFAn5hGnFqYJxisKCl1l^L;rixx_O1HVGv?PflSB5w5boqj{zu3@8^-0Noce1H zSQIiMXPv@Fm0>$KV*U}fhr-_pC{eDO$gMJBiLX1HV?4RTV_}W^~owIp#TsINoCBtC-iXR%X6;u{bTeow}ue|9`f)0CTjcRX7fvd@Po z>ck$wfB(avJ><1mfa4OoGmo+jzejq2q?gDY2*WSh88Qz!kXJbNCCA(mc1W%c7ZCGy z*gj;|AFWUq{XJSq{m&v%uVyZQrVA9?Q1#v&}~_c}zWfS3UDaJ%`R8 zuJ>MqpgSdQ@qe#GvHqMg8Ot6>vtzHP%z4OCI=>njrG<`Niq3RmY)H+Ib;Psi*0zkC z+Xtn4Y9f}3_-vX+9<(*ikwiSjxg-%!Qrbj3F=-R=#P}!T=VlZT^IC=-Nh@eF>|V^n zke6lJ7c$M^OowESz&$IgV*ag+^=?BvCp0_ukF<6!WFJNVp4!k8j$P!KSEUUFy^hOb z*YW4}od)J=yQqN~Mv2UoAxLl0oEtWOryxcMi9M3nJN7MFI}mnAt_c?q^HJD7WhI?K zi9M1jum4fRJYgM@H(4-WSzMNTGwjq1B=$(Ay#7}i=DAFVgF z9?6u~zcb6cp5>5yC~I$oAWp(R(E!FBX+ZN2x#Iuk=6hdj9xsk-NsBjz+tDFfPS(TF z@`@s42x24rZDGC{k>MeA8v1`|?D%IVSapgzz%4RQ9_QLS;4H>c(j=u#NfVPcB~47) zlr%AEQ_{qwOG!_42%0Z`=>NSEc{gt!$`YG5t<2mLD*Bsao_6dqEF$3M&9@=>kGnx- z5~g8dTqUz((DBY)x3!q(Ey}!+ls5B5OuEcl0WoW=ok*UOwI5qEi}FOYiZjEm$uQ$H z9g?5P98Sy@nUlUZhNQblNq33ghU^%Jd`)&)#H*mSqOnj27LERiuFlN==GA#zl6ZCX z+)hnW+D=VO+D=VO+D=VOx=wvKM9>{MJo)^4S)1-U`}?NNzC8TW>fqmG!yr|DP*R(Dv}MW7j+M z1Ov|lmvTt>!?0wGNpLg9B*qpB)rOjoNYOir!8-#`g*l<3HRbdj>hb@T|t)MI~ zevy0s!*Jo4q_yn-qFd;o&EucDE3J*KH|=8Aw4v3t54SM`?V*z>5`0_8tPVkZmljNg zk^edzqJSjiTF1UiZb{f7d2P6Wm`}rYu{F0x?1YGUIRbfS#C{qv3#~))Rtx4^dZLHc z8)Vp-wE8~-^1%%IErq}`9g_EEg1IMZ-^nshMC~F9Uc_X6faI+#ht7}82J=X^{iGf; z05#d>o0vSko_(aA`KX>l=O^WWS)60Psc&A-v72(t-Sr{QuWuLEH(%9vNUq8S^K!1e zJJ0+r*Y3(S4>y3kvVnb>?vL{vl9%Lxc_+_4oNxY-XAk9>ryD}v*wDVy&^(y$kh~@z z%qRKw=|Xc`fgN99UMhfGS71LWFi#aaByTAM^G%_Bsj<1gk)6@Vyxj=$fkyV5M&^aa z4#|5OgSoqjeY?m!-o!3wVm^+^V~gzFMdr;Sht3}<0`qWF`*Ab#Y*V|csrfo4Piy0?y#!nV9l|Se*=en$|3WSchLUBeJFKw}oku zuQ5ZE0t7_fI@8zz?u=v73*f z@q6Jhl*zl%EDS-S@q0oT>lZ!>(W8)%pLgtP$BYX*BrgsZ5VJXKXIk@l*nSl@iz1NU zh}g{$Gu=8Qzih$mwsujbsmQQ*W|*1`$RA|b-5F+nrbF^OnP3iQ+L|mgIcgt_noUv2 zUqtQUs9Bliko-v&m?U(sxK>_5~3+$!>Gqunm`K7{*83cXvo#%vp zsOARd|7kUQk8MYXu{cV5*pXoQecz4Jre0}!Y^WyL&ifNt%mJ{RVzfr~hZ; zuQE!e9;p6b1ZQuPIL`A~ZXAcCv~e6_(#CO!Nf*cYI7Cog7FXT($C4ne$RijkOX9Y1 zw5_ZO39-AZ`$A`tNKaxRMZo0_dgt`L2}gc!3`uvr{x{>I{Nz_xThY`FpOBO`d_qjx z@Ch+#!zaX~4WAH`E__lz%#nI_b$v4>$3B!}Hq+A$_05+#_DGIdRo@}`)B0d0=Gx5- z%-meNFxTvk$^0~aZ3BnSf7<}etUSBBp;?}1U(7RyWAe0yc2+~Pv!O%h@5u*Koo^2p znDzPgt$Z_~0P>Rswz|L^EO1DEq!7&NLOY?c*x6n0?eH{-1atl3={l%4XYiUWiiE4aYD3_#I>TPi-pTwB^ zxGQ!x_H+#`5Tmn;aF6(o+-3d`uL^oao)iC|rP~)sO4}ERN!u5QN!u5QN!u5QN!u5Q zN!u5QN!J$&h)MgLI5BCT6DKC!bK>}}-Hq*{B2&@C-r2;|G=cm<6T7>KnP23P{7w;= z!$r2HnVHG3kB=<~37Hf&dg%>$7FILUpZj!Lk#Pwa4w1KAbuRSBu>Ut zIxj|UA@L(sQD~zGzA?9DLE9|cB0isW z4v8bNcK^O?01F|$n%#s%dOVIsDKcW5c5!u{iweAYmQx+W4?;XQ|jA?>YESh zJ9K_RE|`V6_NxZw)m*zV*WB3v^4tb?Aw9y>z#(~N9+(&N?49}My*yi&XC7<_d3i(o zVncI#zC-e&d@yh2+XoBH-}CK(eDhQRnU#61s#k?9jhM zh^;}&CE<^Babw;;eJm@;9*`Ae$C7X-#+*g?MW6Hi!sRRF`4)PJi^SN6?+D?WWRMLi zXuB~y%yk9!9mAdxcZNEU^ddBDiETy}i}Q~Yw=3va;YP7uj>pqTO6ykzATM0>H|S@c0oNVpx>YIv7 zV}+N7kUEMR^qT%PcHek`-Bw5&I}Jc{C5aM4UpnTMkljGLKsk`<$-k!@%9lAL&j=R~ z^Fr9(Va>Z?yCZC-MIbMW*cY&qj6?DQ3x;-DoR(=mwU+)N$&(q7*Jao@GtB*&4#}%B z!F-r$pQIfSGwm39h9e4jThx9SHIHXGB-dtv`7+BsU(ei=ji>3}$cDTx+kTmCo~`GQ zyt5t{S`PO{ee+0;ottAmh{>bs+dJx;*XlcT{$PDD({k+x4b0+PyFAx?5tAz$*l7*S z`wbjAKQ0f=whUVowyFSm{-VpNahW5#Z=Cg(l$`n_)`2(d;d)B1?)RC zY~6!Lu1}2h0!delc49jw+!nGV(NYZRJpawnZE=LRx!85Gd)G)(+R=@ew4)m_=|;B# zV$$9<5|j3>k(ji1jl`tAYa}M^T_Z7R?;43od)G)z+Pg+#(%m(p4ksLAH#IkNjXo! z^pNEq!AXl4E-byy#qp6XDp2FzI~7LfnXZ z>9Mkbn3N-R+Bm4Y^KZ2{`rpdfbWJ%qnEcNz&2%@Re4v>-S(B7@vL+_&WKB%k$(oq7 zlQl7ECu?HTPS(VvovevTJLD3RcCscW-DLe_n4lH1$TUv=nzC_fptBvRy+_Bjf7C-I30Jr!Oj!+p@X}Vh_B~p)NBeiz`~TSc%D_0TtL-~?<}7Q4tCeiY z0$WDK5Vv+5aGW>}I?xo-v<)_G(=^oNZId)wD zFX`+3vGd$BXYSm&3}IQ8XCp!ckP$FQ&qNceL2zr`>+hKUxB>ie{d((KIzyw1}a0F=9FFcgKojF?1F( z*0B84#lrXcDCM6mAuujsdYX zAVF`K$UK7+>2y%cO{67>qF#`3pCAnmisL~E+$o89rY2FnB4T|KZA%jElNpaorl}B^ zNS44uiZIXeBGf)b94ta7iim+l880YG%ZrNEDH3>E3iIqtp@GH3Am z;VB~(@LPh{?-U0;yT8owh^@S#F~lqixQ_ebV`c@w;TDav#4&3>vuxpGrZdhGfL-`# zX^blcaF>e?!c~hq9(b!8 zivBW7^{-m)6Z!{iaP1Ez0orlx9c=spupXO2gijvD8eS4AT!7uQA4~@QU=nhhC6%W> zd=uL=-rMXt;vXm&$aLRT>A>;KJ$E;D4o2uT!`ji^xx4YcFvz&X&Mj>DhJu5t-aJ9i ziFb5ab4n{v74f1SjxUGnuW7C!-mN;wU=>F7LHUqXY_+Jivc``oma7mRuT)#lrM2UK z7_WGZ1{z|Pe%W^^(VR+b6gAggMewSahrWaY0@AnFfZ;d$(+f*e$tFv;m(gPXfa)lgf+;w_VT6pNaSE6y=Ab_=Db~zd{_&jx#)0N^m*6 zN-$!_Mw+`DZvfc`%4?+r4q3G;ET8wGLB@UqDqOmf6d3$YB?%jni#>?M{f4d?NZf7% zrhniI0CSe1hOK$V$JG%z9^%uK2WX}VdwxAloQ2<%eBurDSUbzH{|5?8kKrav34(7P z4<7q;86m_u7pg&XU4ERN z5pU}_IGn3Bh3A9{|D1lK~Gp)!p#nr*=5 z&iLHnuuLsfocv7g!VQZ$K~eT+xoZ_c)sfXWIyT-WwOGx|bZ-$!;| z9x1FmFqEgQhIT%v4ri2w3of3pu01?cR5-j&EO^sCs;2s{Ko9Oy{x9Xt!`QahebO3FC9B2l2SnCZx;2DO^B?0#2_b=c-)a?I+ z#^?`b`S*iK$Zgi9JlCP$mtD3WOs4!`67oYT9oul^?`WGJUB;JUI_CO*R{rUNVZorY z@Z$`xM=*;cX^n(9y#$_Z#)Ah_{$V6;nAE@$Gc3m2E!t;^K_r3K67yUjnt@@#K^+}p zm4op~2VHQ8DNYHz-^o0UU9<|rf{O;b#2$s~xT&#QEOSfHFS?nhi--1jdGm9sN1Ri* zt(UrZ#SX6oy@_vx1XCSt*7d*di}J58wtbWex!m-A0)O6c=ON)j7v==ko3zb@bD+xb zU{2JSL~qJc-S9Q7PcgGNRwJ+lQUU-v!2*7wj#B-&rM;tD~Vsyl4mx3lbK;1!*j{Z zkW-{4T$L9I0yf|k=zx@m0go}PlghkfQUTYbRsw9n()WFeF~cE-*Nbr)#-uSr8b@}V zVWae!61YQg;6cTiJeuJ?{=+b&_x`^h2Tm0^oexrP7nZ)Aq%v3nNpK+eZ(3!Dc2WY* zluMao0dMpp0eA9DqmHUeew3Cy!v`*mq6*H}xgKzw*S7WU^EUvVKP=vmvBzRIq*ghz@9D@(vnYsXH?%)( z7M+D3cap$+hoSPSIqU$5|60oW!%S0gJCMxD}g)tmiNZbA8k_>B7w(6(bOn$ zGfDyv@iPx>1GSG42mN%yF9t?4UJy;oqebf&2|O)^d0-o8V4S!dL$_kYw1prwhTdw}`{#CC7h^oH z7%eR(a?&L5lr-kqo<{vM#KknaktQalGv1I++tWqw3<zKk%+HdbpUPsMwk2t6DKWexjVmdR zE8M&kwJjw!mXe^?EzLarOVjZ(VrFStP+HtnxJMc4Uq&1*BSCLhmU$+YrJLo%>aw({ ztY}@1@u+e%v7ESCP67|eW}d~_)VjRbn@vZuMc?}v&$*8l-zQp>m%x+CGtbuY)VHEI zU!Ja&7vn21URQy(RuDZaO5i0GM+CrhjCb=e?A&WX_gc`s7IZf)C`Ad~Wx$sFFVLj^ zSP9@;M&)DF{orfr=uU4VM|$RN??1=0+NU0cIlI<8wHjdr0hQIi{YC~L-2B0qiF^YP z(s(%VH!A~PWSC^;)L$^i17120_^2txE8)8VlUtLBn`6w4H$f7PjDQ&GY?(deU#J zi@wlVin{!cj>gA;O0N?qYAS1j6$Y9+OwkC=)8((r7${;HgC}AcgC}AcgC|lMk1)X0!)rH@A6IJgFJ*1pHrL(_*6exh z#Ad+oEsr&SVGFptudl`%Oy+L4ob8>l>a_oBL;64w%NaZo%NaZo%Nab8$~hi9ku1SA zHo(+WulE1@z9?dSv1R`AUR;N3>)f4jvXBX%I%y$o9iWKXI^c<@tplEj+B)EgsI3E@ zh}t^fiKwjuo`~8y;EAZM1D=T5I^c<ViKJS4+62=8-VH@(aj!IUYyBW& ze$=Ize>ai05jaSr!#&njnWgGNWxEqOZ^Cb%5dY|50KrWk97dZ2IM4)~tl)YR^1&^6 zwu>qh!Qfkj+qXMftx;Z?%Mk=v9;TYuJqGwE!NKJeLjrCzQq*t>e}cAo4oEQrZ<4e# zFsZx>@&y;$fHb=?xUryDFw-E_mlwu6tkMQ0D=NgkT%5m!7CxTDve z#djv2aR2vw6+V2fmoE6kb}#Moa#ssH%10A@;*3uM=R|>JY83BWu8*Q^QKE_3#T?|P zk$!Q+FF|h<4VJOdY}$NzG_8vkbz&Iz!iFXsTEs};n=xP+8cRFk#Qa!V7Ar0*+zA%X za253d17$2Z%0dZL2#))ja zbxEQG{a_+k+6HMsk{BMOaY3 zXlI7#k|}{FW`bpJCUqzwu4htxbr1%;syJ;dF4~lkz#~i8m9widEAue53_{WGV4^z7 znrdVNT{KwM({5-`Bmq7p=^{4SO$mGezJe1)6N^^Ecb!E;EU{N%tdN_KSWXi3OYjw( zD7rdmFPtbjXqrQuSGb*%x;n*9rv$yJi+P5-=)7AjbkPczXyj%*z)i#5;(<|!vB=86y^Q`t!XIKID(HWl@8pU`?6s?XD?fnvXmY;d{ z`e`Vv0Q;$aw3r^vcw02>jTQrAB=DM;Yn%;Z`A`%6-@WW9FnjVJlkBBV(KJYgib<$R zhS+5M0bYtt>Tik}W|qp`>h_@2)xvBOlBYoc?8@Nu*4SkLH{(I6znKk)Q*G9#N(IC* z4z!~5_@s5V#)MQ|0JN&hPXX1o&P^i&upf_g5NS~FEyPoeWODdZ5eB;g*XREU8K?yN zWbB|6f7)owg3vbS5$bGybS*O0OXt;-08kTSUm=eH!hR!W06K&0?YuY$q&^4gpHl#u zGHXaYwa}lFOT8fG_vLt>vXM1`kK7O$lA0II_GI$c;Sl!cS1#bcZ)PIUkl`J`-^Yik z%IG46)VkUrd=~)cgYa%*WCAwg?;0#q09PE1o<4c3H+82urF^yw_va?D^ zpgf=OKl=U%Lm&2^G6HvaL(PwJWzhuf2Vq=14m;tC=`VC3?wi9-;E0Ev;E8zH37&|D zo#2Ud*g3-mrp@toru=wQo_`mXrxfNYNgE|b!Yozfy8h&SoNhOwj8Xd7pele;?1G3$ z?uYYU*B98E6nOKSX0BQSH}moQ#)Zb?;m!Of#X--Gn`fzA@z)68ub?zC>KTATC7}yE zA{TRD0(ZEFb*~$&Fu{Q0e-BChRfAd&Qvh1h|ITjZxljmKJq-^>+}?bNuKGg8Qi0Hu zv^2#ogAN*O+6H*0qycVaflI43A`Cz z;CvB{rRJDm>ZP}|?Cs4TOKKxEm~h9i$m)R-Zkw`lSNgnLOo7d*@RpGBtW5>h7G9uL zr*l4~2!de;2yU{jp>i9v9x7Fm@o-7wq_`v{a9=YXJPS-}Nn)2t2Tjon=Qku~TC~6t zO-TZeC+68i)XOQ(5M3rQ#=&^CgEl!tH>U(%=wzNFP8#DD^j|HafoY|N={Roqsf4%wK?nl0ThyvemgQS?PtBp1}xkbWm zjSyeVGk})yl`ugZ- zl$h?Lc|LJn;cijXH%c6glAyQoGtYQGU5^$k{j|X^a-tcJh^Fz;;&QYE?ia&63u7n; zljayY6eD`aGM*Jn3u8sII0-x5-?=V$_r zO%x3R)I1>O2N>@Q(9wVxnJ9s`B<7f4np?!KTlb3M2U8UJcOrSt?d`p;(Yh1S^XR2| zMfpx#Zm!>vK5Ve|E=B0kL$qw$CcXr=g)-}4~WC&$Inm|-}Q&>g5)`j6gczc zJ*0bLApZ%Wl^;?$FIJA0AO=!2B+>;GSq!9TA;dt67D5c9Xd%QvibfOziAS0vIs^ny zM2CRj=^M!*Ab27=1O!hchk%^s&56`INt{ijE9zVUcukNt2SxWJ3A`wYd5$L0*dn4q zGBr;Y^OG6xOQxgAVq_5syrsxj;AzTj6_eL{g_+y0ATs91T$uUy5_wKhAUWFR8`Juw z?emj$S_!~OAi6}V+o`{lT z;E5zT77w0CUB*}7>7f-#|4)AOT~$FnONPAlv#59Pd<1ZSXURBm375gX-5U6#67Bs_ zB{u&Ox2K>*Qa@r*b?RY2_z#TV1fsZO|b@ zV9ylTHY?N2l)w|rc<^jCsW&Whn{>q#V=cyOEZS^|?j(U15%U}+8Vk$Z4uT@ldi<5b-J83>FbGxXAOKfy8zTl$kE-~9JfseVFC&xn@VVT=QqdelU!i~L@ zEut9@i>9&B z;$pM}?i0g2^JAz5EORSCv!1bxXT;L{SkWX-0*{Mho{f+$gJteGx)diy$1`3PPaES! z*8~Z?Ac1)fC(vkE<_=KPfS4O#yeB}117dih1m2X$JXaHGE-Z5gsasI24>CR%q^m(O zGf4s;N$TVP(?Kn#d#|{DRK;~W9rRm5?38psiko`yEN4&IXOV!ZM7C|&Mgp%jflrym z06SW}(Y`lp0U53LHc@Xv1_5lnw{#$7dugpv0ucJ|5apFgfXZJB#1vG|P-sD&T)l_t z#0uCnI!U|`eVE!-g&~n+RYFE&fFc@^0Z&9DGT@15Lj3-9ZjA&6eMgk9yVV+en)G1CJ ziJ{XmVn{6G#j&(1R?g>ICLFmq61J zMauxS4~P|zSWOhi19UDRCM8PXy@|}zFi0zsM6VzX42oR}-waa2B(Wq(f_^@Uc{(N2 zt|DSgGEGhvXB2K-ggO-w+lolg8x>`qAw}s-ikMfFmKGKDQyBM6p&=>aM2ZCNoXR}Y zQmKBL*pN!wQ$>ejjK>$FX~o2?ViI_08uP43qYfG3P#T>~6NAzjFHENu>7q@B1fHJ3 zJi9VzP;qf3gX(08DVdBnXVR`r(XY4!URj)Z&J?F9S)zFfYFk1qE5Z0^2|80kOvsYJ zyR(?5eo0zZO7tj6{Y#1+3STct^-GCGr6lNQOEFJ}(zK(D7*(1kmKLWJ&M8A3%7`sx zBuK4FixZ4R61bifkF6;!L)Os9Lfa}|w4EE%Q;c24cmr^e ze0{QuEpY-*;6ZU3`9WAuOxVGL;svU2fYR8>l-BG{VVsjdn577dnXpemXl}sWnTzjr zb1`#&R>_874d4k^5eU1odj-s_Z58d$A$Fp~TUQwO0oIXl!_z+rz*BLnhtGkKte z(m3D=11uql*&pIS{kT0&ZzJ&nE3Cgse-gb6Mvw=*F4>3A27{f~0*{b1o^4r6;C^N+ z38p%FJ^KB`l7DrwnFo#WSFN1Cb#3u{G!_1cT&DkP$Me8w=4q1Jsv*`HS?W8qNPB+1uy1!ct1WTWb4IYxzAZavdo!3QwaSh?bm!M4Xw8s52JDp!@kuH` zJ8lL_lLXDVFs%#b;khmRh5$YUXl_&lLc@YyroqI043&`-#CW@%P)O?;7QSAkH(BH! zD54HKcp~bsgD0X6J9r}Mu!AR}4m)@v>ac?+q7FNFB5FN@C!!8Jcp~bsgD0X6J9r}L zuy=8RXirex(X4L3U9abyLX;*m*+WmcbwKx3r#=}pB-?u zGFT)(qR<3*A_`4_Cz8;_2m?(0^rH5Mlal<~yglIvGkW!H375Bc7|4$6>Q?5E>fj6u zi+*l~vkX7r28Jh$Cjr;WNfO={iOI7FR{?=hE1GL10Ht5%N3@uAl$(W z!_M2sXpuWK!vKmn!vIgj83uSF%`mPTV1nF>O8E~bCHa?fo~PE|Hf^R?-tDwzauA>a zmuwf~S-^ALEkpS#cenew5;u8^K8NovA=)tW9TenR)m$IuL&KlZaDV8W6e!|3DR?5D zlY%GWIVpG|o|A$n(mCk}38u?h-RHmbv+}QEh3H81x+HH+?;qmk-Mx{#@FRJi<$rgQ z8MaQrV|39M>f?bT_VM6}*vEq>QXd}=o=B@m=p6Y3)S^_!_v1=!{tek4E5bF1^VA8o z#m~as4-~llQ21H-?M}Nx`462-z2^WFv9^FGVr>CW#M%O$NVR1gtAkF^~-Fw5SnIRdo7H&f$H;I0@e+3Pbl(MNdM2(n9Y{G-M_9xXr%xYaisvBh${u~L|Q4t zgD0YRHFzS5SA!>#cs0K(qDBUI`bN^o08d1X4DdwM$N*17jSTQa(#YWNx?Y6lr-+V4 zsYg+Rp zH7){mg}W;j{DZw5#Z0y;z0vzqz^*>Pu|DQl>cdfn=&pyz+noS}#Q%r7Rd?P9ZjfQO z&S2{g6AYSeuwi=OdXkz-F<(mHgEAgGO--6^;mDna!jPrH7frfhipiD)eXGShaKt&< zAvzKDB(aPbV_A8I#BhfMUg=<-GY;zS63v~|*2$s}z&o9EzzNHh5_p#D&)}J-cMX12 ziH%g<(sFrfswQCaEop-kgCvcV;-oBjN819S`4J}AdNv0XaW)5@h_gBHM4ZimC(>;0 z|IpkYUJ@o_Ltl3v-_!K|d){>aoTqXRQbU)hP0b}dV7$kN5kPRQIL{D`r34-;vl(tR$^k-80b_zBz^yEV z1K%9qH0uK7l;5;x*kc@_88%SF88&z#&9J`$&qggA^}q3sNZA}V;9_;tjO|@!sZ7#a zt2Yf>KQ9PSpR=~J@e9Dy3_IzS(CvL!6Ac9YTXaF~ysfHhLHNyi& z24DwnNuy*cQyE^;E$a~_!jS=AQojK8&ou#*bx0IQOmaamLHDdct4>35iL2R z5KU%DTwj3*^JmE4O$O~WknOPDeo)d0SS{9{{3?10xS*9q&Uu7we|CbI27K70Q>IvE zl>zQR)SbjO`UCJf2W@qTj?PgA0x%A^3li||H-Ni&sINyH^hjWsP*+L#k4El&sEGx8 zm^-yUvx0-soI8gMI>}RJJ8^kVNy1gta)qN=HWZcUD!X9TQE;qPsXDS*eQ$W#26>iP zn|?0dPlgj}gJ5?W;Z#UuDWoSNW97kaWcwc*WanSCT!v4=~;UvhA?$lxe`Qtlq|i zPr&zp&+$GBKIKlH@jkRxwlc+F)2{ag2fv#!k&4&*!XV?40Urc9`T~RD`Ic1?-}Nq? zl;R%*sj^|l8-N2O4VPk%l)#O3^C~o>_n|??enZ^QwjB!&s^q*(uc~tgWN-MlmMDkh zy-K^dEB!=tH{JlUC2`kE34B@C-@@`0oSLw^DsfNHbK)Jl?86hM?&spJ92fj3=`LoWFZ-L2+>)!V|eI#+85PklPKj<*Pg^RZf47V_DC z!*~+-md^IV@I*Z?f2JB(dtDrrC%M7t! z_Zi=%VV6@Kj^NmXhRG6-U%H=~?Vn*nM4CIKQZJ(^bCaszqUytl*&P4ZdXm zc3=Cpo4zdA? za@33E`Txe|oS_(}@UF98^_?Cq z%tS`QgY*VY9QI!f^x zT{Og(v=%E@eb2{R2Ic5}wHU?6Cw>JTNbbAf6YH=+r#NZp>g@r}ep`Hcr$Gk{(K*r$ zoexl=J7w^TTZP{Fbw1cK8L=f>A(Izdw8|2fta(Tf7fq#MAfB@5A{($i2n?di`CK^= z`3<)C&h0;Er|eFjd-{%1szJ;je}dG{CVYU{8zT1gi>kC(kN;lV?f&C;^0- z#5b4nLDWFK4S1(%NG*2?nKqhe63oa`Z#0AsZtCt9^WB5oDlM@>K+T%nCSp9MV1u%7FFz-=zO(cEeF-u`p8E4{>6B%wStG{i&L z%YT|)v|Z6~)64hHKBF89AfJFyohWfpK7Pz6W|@q!+X<}#vp5Lwss}$5hUv15_4-jt(aD;+$II$N&KceIQ(ALVsr|5a6c{gl(K_(9#2;kBbTF zfMAs(>~qmkm+0gU;^quD8{#?Rt^z#O!;JGhcyhnz1rQd)_D&SE_CPr8eG!CJJ|=AD zQ_^u-)J(0H?xUZG=b>4-PANm4Gk&USU<$9k%Ftdz4M4yB6abpiLR`~BK{4(dtCz{K z)b2q?W4#1C$?gURaSkARYgfSa`CoS>F@&F4V)QbA&#ArtL1ua2?VOu+ECN)Hpaxr2 z01xoLtI&GPu1>c@z5Oa=*Z#kk!+s;qD~g^p#TD*dI+!H@ zXK?a2m_fjHRvBoRTP3!;?Il=qD7^r0;F3l00=9R)*cU36PR8fBeA~LpgRscOgw=ci zblCL(2+Q3}sO$OPZY+1&KiJPj)y4*)f%{gVS8F26W5a2-#N-&tKk7!t zv(R83r-r)&#vEkpcx$-q>=cI_$idmpTK3aVG{PO6ubr3T5N9}M4C+Q_gI8J)Q7!Ra zarl>jRXYm`Lhmn!b~jXHO?VZfvnDr6(C1nYVOD{y6c_sU_ZK)s8zX?traEbvI0Yjfzh{i-9bfQ1Omta#z#w7=T6z~!U z)6tB;xQ9Qpi9RYV(cge$4$;k=D?7WyF&bpFcZ!+Lng}#!mf4!`gNn_;hCR0h*#fgD zs29LZP_`J!AA>3bI2cYmvbie)#wHwFB$#i2g2EeLPUJZFF5DjCu9_e$aGl5meP=nQ zH_T>wn`}IFg8z^`vAa2HEckCha>0b)0ux`W*cYkT4WC72#br)KC%IBGw&<26Zo(A} z0`N#WrHnY}Vy3g4{7&wfX`oyx&6N6OKJm{5mjsuTDRFUVHTFl@UWBg{o8 z?nYJ0w5%#7R>A!ZRS575!wFUYlxHE{>3pJOIUG;I&_~S)mdN4E8*DxSc#dIR>wdtk zdb{xU`(C@+yq{59h<|S~_EZ&z<+C%Zin%5M}McOBKe~tMJVxRdKWF1Ngg(>V2o*_rLd?J(i``o{gCt z92^bgJi{I}mRz*h0fnmJ_SEy)2UJZl>eH-Mi!!yfCJCVUFm zkLN230?V0YJI_tp6u}=-;CbkuQ`ty{J)jm83NH#3E@0BF?&sR!DeNTtq^vTHbH{k( zEKG)TchL#MR+1QM)>xH<>dd$?SK*;VAk3iqhbOTG7hv@IxY^n6@P7;Pd}o!WNusWc zfLpqlr3;EHNetkO-0aH0%{uVDiYMKCv$LCT_UEjfSj|9-|WCs$a$Vj z+`Q=FC+m6n$s8}=?8?*0S>6wDbB2#^F7ffr4L-iPhpR=as8$kp2SoGTG0}W?Ml|1D z!e*JTM-y%~iQ${=WB6w87`{0?1~(VQOt5el=F)JtOMveV2=Lu8T(%nn0}R})7v#G+ zLB88H$ae<@ad(v>Z&Tz$iVPc#Sm1L_Kqbg5`<#HR#G!|}Jt;0fObs6qV;`C0LZI1` zV3@~$chUA6xr(Ec`ZTq-f#ZhyXgwQUj~s6V^Pim0jXlJ;tLJ}~;L_b&V<0Zay~Lr* z7<_SQz!`VVM|>wI>gD>loW_g;m+MiA4?dTfuRX8h8$=T`z;s<7xXg)uhXb=?Xg3x( zFo(&Zqj0>8%f%S=Y`s|ZYz{Y@rLl_dP^{uR7pwSg#VWq$af%NvnbCE}E57#eGy~Bt zwnOXV)l<9U)l0WW^4D z&YWlUxf|$SWQf81>x!m!#idS)N?VH*^>pVH^>qIf_4Mcz_4M=<_4HysP#RK<_^Ii| z=n`ZHw%VbC#Z(+{@60)W6UOxLvSw*2j*e+6j=pIsj*)4IV`}>JB!0Rh?&(? zR7bkMRm2BimK6rDyp^*s;GKCh^Ur4Jj+BJlWH859OI~(G~h$A zwWf;kU`-X{*_tZGn>AI8&7M#(c6>s`*!Kw)J!8~` z*r^Cdd4y@~>@7i=>!u}c(Zf>&7=F9KzLbZE1D;e6;O`5B4m>O@^6?wi`IxYad$hVy z%?(i6`I*v-`>xe~W;v}0aN3P&1`i5%lx_CrPHd$khyZ%w(;Z^Jqc3JQi0l^?cQ{Za z&fo|v9h|T+*3T83?h^Z5SPu?#2WPp(AvgAI#T9R`EjCVk=P?*h@CR4=#YKM!EE%JN zQ=`S+Xuy^+L9F{$#^k*nT-Y)yU8xBYIh#@s64nz-@aCPa;3b#n<%TJ=i|*|H9n1i&0bCThC1O@rng|K~xKHCx7-Z#}j~8 zxc#+sHZp*_@>Fh^t0v$DhK=0Jv7YA^hus~RqXC!lP;XJd`VC%f=X!tz2u0<3O)LWJ#96Xjmqz;E5ol@bG)9=>0?(D( zm;~6H**EatT{N2RMy1Kff%8Vm(Qt>tk>l(D5OPwmO(_oy8`&g>B`vDL+Qv6jcim%BXR94@YUo^c%IbS|TTKIWL{ z`_(|~2uCsA990(oE&SLl+su7q9v|l8$xJCKFP_r(nNJ;X*}Xtp<3V_LhuNE|FuUG| zzhW1*u)X3K!zJe1fU`MYdt+zXD<*N7-&C-JBX*cWY<8rAe4XoFZ)`++#c_-h%iSHRwzPU{>F*?htJq$jOLPFWRy8m88T62 zvFRtf8o;~FG6yWt+9KfYoUj!Nwxx<7EaBuGhR{9m3}=~@+2Vwg8Lx1ndb$|abrZ;) z-DP@Yi^U3~S%AKq)7Kk&dD&u;H?}YDeJ@W#U{N;nU&}tmab7MTJEEfKQh^_sQsEQe ztrgQb(n{2=l2}~n72q-Vmzh*q?75$LPTY@3TUSm7VRU6C?5_+$m!IGd-}uQhSlli! z%JlQw(x;>43=8;{W2kY}Cq}ynf$3Zy&bv}T=;UUCGVrnuD{D}&5eLdi&aw`^k|50W zF<~Wl+sA$E{d!Q;OCWUQGKX0`_13pu`8D$0C^OT`YizcxvC#l-Z;dfJU{oPOK$#zJ z?PzR*($me9p`1Ny+yuf7ML5C)EL1?4>v;(rV>lTHb@63CI+1TXveA)D<;sCM0-%~B z9CdYe0(at}V>SQfQEOe<^ma&cCMpX&kJ9_Lq8Kyt>_69esQWp38B)CV5vc1?dQyDx zU0m26=HW_R&>XfKu^3sD3A(%VQZ|i0Do?d1j>ScD-MYQk{7`ywP--ia{dup~{Y>Xn{ zy-`d*8O4!Zjp7Iz`8k5NevY80pCcH`En!DKHLtK4a;N20snVNl*oOLHk!*Z|jW8M9 zB*k@E8Alvu>P8crIhh!Ot>9Ek?6MAFYJ*ZM{x(wlMJ%3CFqyf=iW3Ur3t1`!#u(H9&y}r1Lb$x7i=0O#zd7s zcN7)85G8u>Qe&|{xW_M=M&n3qRdn!hv}hgkgb>?eg6CsI_tW4MYp<=;0X<~31A~}~9Y>_U;r^7^oSe_X? zkSSUghj59gpB3z$CFW=0$x~UuCMCt_l7QPv2G5ri-Amc?+H@|ex`uz76n%MAnQb&O zfR}Rhtdq~23!*{QLh@&k^ViO&>gD<%b(o?YlsG+rn<~r%I$2_tH45bBPC3UV25`SK z)%hY|YaTskxR`pxwZLu@zfA85R?ONq!^*dbGiq_cqU#o}4)XSN0^zVCoM*!H3??kjV2YnQOS=%=vaygeM^B*r!@Xh&nFwd+vmfFN4;jDZP11b#C$|=INcnl;ONdwjrew2pvjY){g4>}!wu(P#>2VLcDS`~eTdeOxI%4^I|HIIhG9JQR z;R%Zgb%>4D_aw$RwZYAaym~pH2xk=G1{0>?{KmoO+2By;*)zDx^VhwE>vuLC!oM!O znnuoXyZE{rW%nW%dpciQk;sQd=(St~c*gbmYN(#L8K36{m*c4c!VOPf1C%ko2fHVV z22p&sHE$VpioRxm(l?eVBf0Zv8}~Q}+v1pTh&zu1@dU#4__vP*#H9qr^#gpf755`U z0yRK}(j>?W6PbJ=(H?QCw&g4yV)%PmSSJ2Txu5{-V8&jDS2KuqShncZUIiiLfkve# z!4HHU-OZ2k@)!KT8_n1m7H=&9H)Y;_3Jz!3kjvtZYLA_tkCuZeLu|VKs*Z#Gtf6w4 z67Yfs;D*(L73ZAw^S7JPof~&Yz6Yv1X-AVTR=TF>YOGB$d?3Z*5mK)8| zzpq*yTW%1#jKdZ|?y?ij@v6k+CuBJY6=R!8dri^I((;&*(sBE(&F)*i-<~Q^WjAuS zzY=UZz!e`t%j!$>y^$5#HiZb5+BUsl)L@;W=E#eCBY4?M^Z(jYDo;H16*k zV;f@LB*#Yqci;)eQvO4&2q+=+5k~B09GYLa9cvB~O#ZGTIKwof(Ppt9XvXgdy@qWm4Y&=4Jt{xOn#0E;eOro~~Pc3z% zo^Xf`&TPy%o!J+i*mi8EpGxY1QpFq=$2n&to|80pY1hlzo6i zOGiUw$z4?az%SpyGT4}6z-x{Yvzn({aBR{VB>uFO+L1-s>)Bmk-gAjS&AF(mon-7X zI6mSga8BOcDaKosmm@FQJ8SN8vwb3-xz_?*!qbaAuD<~`_V9|Vu8*2v2h_L3#QY+r z_JKHFj-We;tp&K8XA%2jKL>0X&)kgzlmp8XficM5yU4M(E8RfGU<-LQiOVz)OF8%> znd}$4{pbcnPHg3+FkQj#J{?PdP2#9koY)XI!9bu53p0#Mconc6Pg@oSB;eV=`w(PG zq|1q-cd(zGx{OL!0Op%T#yJJ1ChVQ2hY388vtx51hr95GSJ-~-{<6LCmNgVSN}{b} zCUSR^J9yfST3><%c!JwKI2ZyPD~+#Xi3o+-ZtS3_DuEQJ9?GrIceSEk}7D zIw7Sj+SU9B5c?r42FzX4Eo&aW@h(2%uh|XIBF0;_W(7rkp8rBL8W5`$%w*|7K*+jc zDe9;MxQ*dCM-9M9T#d)MvjBJT5~04QsRV`#pn*7$^i8!8n8ht=YitLO@MdB)v}hK- zLSio&X#pXgN;?!(w!K>$F9X4R8hT+_6L1rEMAs$X@5SwBrg_W&h7t`XEc6-RTu#X; zML5dK5aj-9N!np+^w4W8}aW0=w37}ffHL-pRc$91W zP3wNZO>}oFrK%|~%m?kA+H0^D;g_8=O9J-hH_Ww)0`6gW${Hhq2RbowUv%29%=igU zaIYJ(9+U|<%O}YD0Z%dkZmw;0W4YN+t1@I_v%A7^S#J zqr--%EA4xC+SkTbT8TE;Ba!+iisgy(?ydyyG!cobxX~Xp=2}}&X&pGytE;PC{I781 z1Ah)alv$t}l4tJb-d`^8K(SBLj;Mj_TK2$Stph&>1D24mSggE7!hj{PvKTg4wljctn}kU$&KQAvaN`I` zVZ=apL3#1Qal#ZmZ>&6+HEwYO^XGF0K|CCeCxPd3I@ZZQ0@~_0IN1kYrqhvIhxns} zk0JD7&<_As!&(cjN0UH@fZHBu z9?;9c$FSK((5~xgAaKyhk+yYVE9tnacxN|s<^HPbRWJ*wtI0|@zo6ejSsI|fu5tz3 za#w=hSsl$6c(PhE!#;1HE2}j!#R=|R&?9_{%lqU!qrDW@I5)!YWk1t_)mM};ojzvf zN)zg-U~5FxmJ;i{VD0GqaIlMyRPDx471w9zB{;RnGhE~WtU$V}bI9oi<~j`|D<=2X zuYOeRkU?2$ETmVB@_g`1^@;6j!c8bP1b{CxYh$yC0X)=_BQ3GnDg!)>?8;+rvW23+ z46Cd!xt0OB!TOhh@yu%)BxUOr9u^i#~tn`i{ttP^6#U(!>&RY+qu6a7H+T7 zAK_jOdd;GpN!Ww#rwpyGSGYdcuFlpn;{Z4`N zvWfk{c;E{rVTZA+#dwNEv)R54V~7DXAkmi?&mme&;-JC}9n^xolQJD!Tk9Oq;bh#- z$?8gzos4bWiCYRoe-q`n(8ct_E;{8BE!~VqxoM&sG8l}{x#=prGI}^|N43nwk2vYM z8@T(o@(nT8fC?QqfqVmgK2!Q5E1QPYOMSfX%8YvomYVEJ#79bHsgkmM$d!tpC>i&l z__@B%XHaFRB3g;!kFJJFx<>VmS9P<^oi1N07DlQ;6|tkQfX8x~aqyKv_#t{+{I-&P zKSKDvvh`8rmPqbC_eq*>a*OI?a-#sok{$G}+(24!J4gC|S?br=H!=wFDRT_2u2B1^ zXQAyOJ)58cXrVKJI)RwtpxF*_*fAG)zKfQ*#5q?pMA6AlJ>l8L{~?6=qG=1eudk^h zjw$h0DB`ikbv%Wac^@5N+sLtJHw6b(&gK#sxb1LwR)z`qglBD`jKXkf=T1}DJ6>kF z_;=(9Lwruy^u&lV!eB>2z+ExA7?2?aLtBaQYM+!4_=E*BY)8Oo&=6C!HW_y@3G}{P zMmf5S%9KOkRk_Q6*_K%bG&f-qqmjW7woO6p%#ot2Re5|{%)YSnf0HM*RAlbw%Y2UX z+r^cC;5$VV7Hw2=mVlj!m&IS8?8Ox!Ke3VA^hlA$RO7>ND2BF_d~T`Y{U-hSG?(!5 z3k&CNn(=(^CC=rqsD)NKN7DU|gZw^yB{~@W?OGjM?F`z@BQJHfD*#Si+Ep@#Q2_3eZ0 zuZrSERhlY@r?nu&cL;@UR=E-s{`n}DuVp$^m3@q!7H?rng*4?;OujfItT>g$6ziLB zewp5a-L5>tF~xV|i_rLBFJp>nj}yL(Vgep%-xgom;iN1q&3?miAU9b^YCca3?X910 z?j6Ft>zK@#P%+foLRr7WYTU3*{q?ZdJyBoBrBv`xC_Jzz!$fxfspJur;i5-Xf`k0P ztMsP$0^bdPl1HIZBoQx{CyRfmN8eH5z&mW*<}|t!3zE#(1v#TTlBBYT<4vU<|H?O! zyk$qiBE6Lf0~w}pi1f882=mDFIYt88gxz{J7Sb4kys&X40gp&J%?j^;3rt#WLW;f> zKE4N0e}c>>EcA;U7jQsP>aV}D5-yr?htx4PXN?EdAu6B}jK^FEunkc?7t4tQui>fPHATPx1;PTJvmSCVM>i)E2Jz}{nUe|o z6yX#TR`A|1J~H7`TpJi)AgP#0DtUC9p8W+M)vzs{>71UEI(6ZNQnWnsLM)R6^YAw$ ztoLBya?})U^%A3YLTls)R+9T1_R-TkQv&Ybw%OAv4hY*fkSZsJN(%adg4!|%^RDF& zQie>B+zLepW9hUuVX-m32&AxZXMN%vg_C9)ZHkDq$%Gp>x#QZ-#mRMpxhhgs@seGv z;o)FK+*g(gVKD#xWq zJ<*OWy$n)kUA)xW3+o@}yec6>jdYw-@jPNirdZ>^lgAzF4B)j~7VF(9fc1ITtdEB| zrZBwW%?6ynyJiqS2E6X0`cYzT)L(%Y@}bh`XeKX?25c3xn4>!y%bisVr~qb){ycd* z6sQR}gY)4EbOAF(8{Qn7lf-ZfZ;|y*z9fN%rZh(S4rGFYd@Eb>1HnRPGcA}QEi1%e z`7z)y{^Awr=`Ep-Ko43~6n7wfC0=^f_+pTrUM*)vL=z~>8#qUdPg|R!KGP=X8?i4T z@D_c6p#*h7SFalHA@DE4sz;q!;&dAj&O_BHI3RXpn_F;P%jC%%(QySYGu)`#cxIU_0)v4H^O1en zADAmeSANk^z2^V=#$mpJ9<#NHbr)y&ug;h%GrAE>NzL&}7RtRgNqN z#I^-mmwXoxGvp2yn`sB0%UN(y!Frtb-8u`x$ECXsM?ZCc1otKw^r z3H4=K&&PN#0!M)IGeEVKIM2Eo1w5ZeyPff8T)-Q71=8mJ(>~zVk5aE1V%Vdf05^Y( z@Zae%++E0jc-c48rCKT+e;)?A&j_6srk5-RW3wfc$Ltr_l9bK z6V?;V+e9){hk6%e8v__Nng(<4!1N8Ai%r#etkSwar%NVKxh8VQ9wfxqvN&WnU+ z{s>7W^=u?v21_3lS#`WL8;^G@za*Afp9Xpx~;RN_~xRa0=agQP48 z;}a6fy@lnvnx?C%xq1)iffSYqU9MzLl%-&-^i>uG%C$sH^9_Qy+&WIrMV+XsmAm5x z+Eh#IVi;NIF-(T&DUVv>sKTgG>VOyIEu0qZ!`opWD3%b5IsNsa*&%t&os>78Kuev6;G8aC?~`)-@+J?$!ELo0%EZVa~Nn! zz{*Mnni7-w%a7{@6?$@^ezJ>v7ZCjr_UYzhjIp>Q!U&BqMjt|*)KBJHaOK#}3btCd z8e)a|9{o{|SKvw8L4&3`#7zUT4qHrys!UE>3>y%2a)`;q7-9o3o}yp_9;^29ALnre zu1JXZfL;+OZ4TVw;&{{(C4pMv0$I(=I6cpS{yUn) zwoidDW~%gLH)H@#EQzKvM7sdQzAl8%yD0xJ@BoRfUB5PvgsoJb@?9~|Po!ZQ61q{B zpT-UeMtC%P^iKST7sqnv{R%XQ-o{nE?Y4*srIEjow+Zh@VxLEJuhZYv7HhZAyIuzI z_prMBA+Bh#Dgn^}H0zeijNb@NiV3iu(L`m{YNKAZ`vT?l;@e)v=f#s3E&RE{e{Vw4 z@3BrW*t@;j@x@-hN^m^Sb^b}PR*j7jNYfWg4kU4hiskMGEw>e#geL^i-840*Ck#<= z6q9s3v35=PE5rkpIb8dlrJvz=Q<9MVD#m41G)fB*FSlb3VBPRHLiMY|6g3PXg;4>l z)s!LHVVKZ>;QN~JnjPjDty+3xQO@_j4!;`~w(ln-zmDw^gCO%h$UxjT_51Z2hz9D0 zwJZ`np9UIG$;SsGA~o-v6^baI2cnbl;V3~!oQ>D4f!dwXpTRUA&Ud?+kE43)?mkeP z73B{?zk+u$aidP?##7i^<0GdIFj_BhLmfdQJJR2)gC}4mFUR675w(y6tjo_$)DJ)N z8Y=+coMK9gMNhjxNZ_gz2s{5McKZdQ$v{7Y6=v z9g$%dWq`>Rz0^8E-3YaGtaM?NO$|j{TZJA13^SZO&t0g3{e1R5C;^##4!)o?IF;WLnFUg3ZK#M z&AX0&24=J#>=?IWz6IZA{u~oO$KOsxe}&ee*3pU__c{U}u^SlPlj@-pn_~B3!wvCQQ2))Y16mvL z-(+Q^`w861qA99wJiQ62lh01LP3taaEwGu+WrM!~ZD-l`t*Z9jI_YFv4Ps4!}z}rI>93DoJJ7xKkPN zxa!g|r|CgF06@zb?$cnRm-A^Jyr<#R(4?!VhcMm<=@5Pj7F7YEfsbMc&Dr0?c{dJD zb0)tjv+tcQ8~=E0y&!B%tK|E79?_QX=MqI8n{4h9LBG z&>@G|%3WA1-U8z;vJ@--taH*LmpIR~Q!dO&j=?mS8)l+#E(D%5o^jNJ2Mc)r;uLQ( zk^y^h>eh#9R{Ax>Kh&fXChvbCLv>C!GFU?fh1Mp?UU;lDni{}rjdPVYN?@3g#Wu5> zS-NmXdd|a88ItJkZOq&gdHZLLkI6?ELJtJ6dlcX#1y?Z~5&aRUqgZ-sNPrn81ki)B z9Va{Yvwn;3HfmyHbdtm(cYrRf=ibHrujqtjPbJW^0-_tl)EC}TEXWuD_QR*)px>mW zN|FHh5MugB9Gi!nTN4D0`H* z91L+Z-VPQ8oQ##a6RbyoaLrA7J*+7XJix;@$MD``3ojF9c$uJ#nLvD4B`2UNKO_#; zNn3$GBv}zi8j9DhF}N_!vPjjeP~jIvqvy5GFo{w{wyo1QvWiZ@jeY8dI=@>dvEIin zT7S!);4If0$$`OKXQn6-E!AU{6k?0@%}6Cw_%oZstCDOW+2bNIw&4 z{t7r}|3=w7m(~A-64-FYz;K$+wMtHg!k#Li zYJ=EzvA;A|V)IZSLm9- zO$53)*w#{<#q1Z&k#OFOO}9Vsl57=(%3wxNbA-P%{A{nk!5OCx`!M(53g3dO1SX%$ zc}@$6Zejpy8vx?O{icM_Cm{BgHkmjl0~~@rkR31p)`PGrOWXi%Bic(iUjiKOplJ@V z-T~OsN$s6tgcHz~?rP)$gw@=IF0qRtjGGK_!_p3VT%2e$^N4{SJ5#AIION2P2%}y<^Etbbg-Inu zKaP^afP*e8G;-ucx*uFvb)mz>Y*IxOod=0+1vSS6Meq3{WzpXy`FUI8^M|lu9Ga%) zLE$m~?+>AphK3jacPMc@EIiGgvVKXwV-XmYth}j(5fu1V9_R6Kd62&Qad~{N%1&&; zZimZG-Ra~(N@gMapA?x*${fmMqmc!8KraXiys3PHRw2v}o+hkZxdmc2jo>`JNf*r- z^~?@qIcss*xs(Sfkd0fFvE|6y|L@B8F}Jh3`P;wobxsQPyQP2rjx|*HVK;Wj@q2dr zv+DZQqu8s#&r{RBzWFoz8uLs0I{A0@RWac&6kjMDx}w^vU-Z+3^-h@^l{}SwraOx|@FZHXFR6|`u^w~i> z>{3*0i|VV6Mugsf^VThxFM;q!VhzQCa!}#WcbwMYs{#AIV)|eB`*^JV{o$|jXVy@p zV)|NMU#siu3;O!HzJ92$|I*hSeeJ2QBlUHrzOK~Qo%(uGUvKKGzjzJ7zhe4YUSF&0 z>kIn&y1ss>um9559DVJnuOsz!roOJ!*PZ%$QeSWCtG|SPzrL2&*XsKEg1)}4uOI5` zzw|XnUwi87NPV5DuPgO+r@o%l*PHt4&(iPL*Yf&WU0+|&*Vpy+Lw)_1zUJs_PkkM! zuQT;^rM~Xe*OU5sQ(yfh_51a;yuMb~*BA8lb$$I%U;m}AIr`dDUq|ZeOnqIcuRHbi zq`uzNSAQw}etj*kuhsSS1$}*8Uq95>f9Y$EzV_7Dk@`AQUsvkuPJKP8uQ&D8Us}Ik zU(4%jb$u0Kzc<6$k)iLuIl=DFLj6l`9S-$Bi*?uv#W&IBCmpV#!wwz(T!)=HJXnWA z{m*3`4)s4zPqO3lg!pwh)IXMu`(?uhwB~ znApFmHa`|(>i3ckW5YoGn&@z-zm1t@^N0HDr*$|{^ViYgP=7pFheQ2r%yj$tWX=D% z4j0kk**aWQhfB|}`5};^eob^ZRfiAja4{WzX{ODero+8;I9-Q#>u`n+KQPPY&(z^M zI$T_bC+lzt9gdl8^JnRB4IM72!@YI5REU3$&5sRD^?Or?%jobl9WEOdE*BQYu7LW5 z_+iFG{TA!zvFEFP73bRTtDwVg>TpFJZlc4L{$G3d0v%;}Cw}~yOOnZbawEfixJdws z;cC3$0181A!aaz}gb)~zOMn1DyaYjrf)X$2;5F1s5Awy|m(x3)&BHCnA{wVG-# zvAbQ<(_Ndb-R=K<=lMR!^V@p<-Lq%+oIPje9P;M#ec$JK-^on!jOaw%i6`TJJOx*N zU(YucKY*uUb3M*~&Xu?spNU&Jz8v@Cvv9>rdVc4%eBu_z=itB(^!{_PIlp<`6J@{i zSCffb3qBur;s`e5XX5f7>iK8kD4vbG@CCT+WqtgG=6E~@x8S*EJl3xYo&Tb+Q;(m= z{usW0g$&d8@#kc`4!S~{& zxD_um<6qO`oqxxcxW(`a+>NVn#q0X`zvAOqSLc7Egjcg){aEjb;znGJ+wdCPi)(QB z4LyD>uEe#t1+T+hcs*8KdVCC*V6%QyVzYiUW3zs=W3ztrVY7aey{YFn>qiWm^&^hW z`q7Kc`ceLt9&grqiwf>qiSV>qj>>>qpspdc0XbqS&k-o!G1&h%=%IJ3w=Jbel%jUezanP}6KbqNZ){ic1){lN1 z;e2MiSwCXG)bpG5BaY4b5%@^&H|s|XoAsjwoAsj?oAo2~u^w;Mj|Obkk2Y-9k3MYH zkIG-^@n-#K!)E;m{#x%h>qiwf>qk2_>qj3p>qq=Idc0Xbda+qQ%MXx^ItREfNtRDrR=>7Vmv%cd03+snjL(GqszqK88?6O3jt~};0CtOA^ zQ(mh_=#!Ms>htJ})$LYaL7%MrR$oJ(qEf7WC4Im8*y`8Nr>Rt{AEr-LX;#0Jex?do z{XTkwdf)1g)3a5~>QB>i)F!KU&`Ug7R)3v7&XaBRpVP;Ca;*M4`UFp|)%)pbD&Ok< zJN4t0qQX|srJt=vT757*pvGIhgr2S@SbaMETs6_^GwF@0$LjOxQT3?RYv|>w)av#0 zkUGQaSJ5lgZC1a5p0Czf{Z@LlYPI^k^a8cP>R+c9s*P5Ejvi50TKxy~+3E(Xzezu$ zerxsj>3dbL)jy{1Q@^zOr}QD}Jgff;eW;pY_0Q?URISz3UHbWOmWo(CojzF2w0e*} zT+OojK>8rH#p)yJ8&#Lpr_rxeZ(4mOeYg6B)fdyRQy*GAN*|+UTYWvfM6I{_7W!%G z600}R$EpQZ-$$RN4p{vNeU#d2^<(t$s?zEY(nqT$R)36Ms+L;)Y5F*|%<9k4W9kj7 z|B${(y=C=odX}oT`p5K46}9?5(?_TptM}7Ksx?;k#`W{(Jhj&9+4ME)F{>BTowqz& zeIPxo>a0G3K0$4_dMW*MwZrP?(hjqL< zuAiTK#LwFx{U*`F^b6EMYo3Yp3)La3PovLKO;(T4=c*g6KA&EpZnFBN^m*#A)z{N6 zQb(-5lP<6GTDrW>FT0+D951iuHoCl?d+G9e9;3_ad5SKt=UKY^`h1@*ujj{fdEWQv z^VQAP*XL9E#p)KT`|j4yhfCB^s~6H2sAj7Vqc2pqTD_FMNG-Seboyng#p<)^ThxnI zuc9wkC#=4XzCwM)>U-!_>Ord?rms{FS^YlxrRrg;KSE!n96fdoTKz@(6{^bW z@6uPRl~(^feS>PV`k&}E>T#>9d-UV7Ry|?$Tzai~((1$L>(tk*K9Rm&eb4IU^v&Y+ z=S=!m^%Lv(Mf5uLw$-cY*Q<}LekDCay<_#=^lj>=R^Lb8uHLo!4fGwV+v+#d>($S! zeh+=8`nlCx>ATc>R{tjbD)ougU!Y$tUU$7hzgB%<9sef%fclly-=p84er@$%({EJ2 zN%X(6x0hb%)y4GR(Tha?lp(eI!a zh<*>fOx&*)`XtdGp_hyP4feBKmvunWF!WK1=k^>9a-8yib20 zT_Ac9{X)@4)8~j@N}ntGS@dSn=g@BzeI@-i(Kpg>7kvl)4$%+LkBNSaey8Xs=y!?! z1pT1%UsSn&VP<}wJWD^M?4Ktc^d@oqEA*}6`Sv<}i|B9Bw~78Py-xHG=-WmAC4IHH zU!TxpqW_+LSj_WB`jz7NKhe(<-G9G+UY#p?4t)ka@t2U!havPc)MD%FJd$1_<~f}{ zPW0*Y@uJVBPY`_peX!`&^q}aQ=|{xZr-7a)jz2`t7yT%`K=eE5g`&66i$wnheSqjM z(2GTXl^zoPL;66`|AjtCbngTD@f|994t<#DL+HarFQtb?KaV~_^o!{uMPExFCHiLi zXwi4l$B2FneWmD!=+0l0ThGrH`ciTHBlL0N_($pEMgJOog6L1v$B6zd`e~v+OCKwG z2fak}m+7aA{x*Gt=pWOEivD~05Ya!Q4-@^b^x>kXwdm*7NYQiXlSI#>PZqt9K1K8) z^n;?0r;ieS3Vo{RGw9Pqzlc6sygpe-uNKdfW%M< z(XXO!5dB*E7SV5{ZxsDzx>xjD=|0i#pnpYtJ&)5L6#YJWlbGiz`i-K$Os^CDHTq?u zze&GB^ltj)qW91%MgN4pNc2C@my7;qdYZVuX(#me#R>7e%A>Ck^NgUUhGepm!PZQTOihjO0ej+_0p665OGew_8&k>JHC4H7SeiePT z=c^#2^uhGg zMW0NcDEd75#iB2wUn2UY^aY|v>8axJiqX?VucHUVJXg`vML%G=cwQZ)=ZfPWpohir zC+KI0nKQ8)S`b2TR_R~v6Z>FCi`U(01(Vw6%6#bj@O3|OE zFBbhJ`XbT4?4KVyIsOW9{Oj~3qQ665D*A`?WupHpeYxmgc7Ok!<1ZD*XFsB!Z>vNf zLSG?zDgAQMXV5PbeKEaC^egBqMPE<9M*Kb7Zu)+4d?WpU=!fVxh<*#bQS{^VYSAC2 zuMzz*dX4DcpsyAE+w@w|U!<=S{WUX>_2cAw(~paOHT`bU@1ox$uCs-HpE&+&^m|4B4*h;H&+GID#PM&?TSWh| z$Lnp5Kg`c_=eKeuZmokZPi&uH+s5`8w(V@6XWPNn9q#`5pk0su4cmWW`$x8)vrU}j zZ+!4QtH)=tEoM8CZSU)P{~y`*v;7O(v>)sJIc$sA4rbfny&`ee{cM}q9$|YI+xyu* z%=U4yeHuT@_64#3`}ifcud`JutioaYzde&*2KPNc?)ysI_agnRKkj>oPVEj)-l9+H z`xj%ojqPr>*Rb8k_8{BCY;R+GFWZOMKFN0M(|Z2NY|mtS4%<0wFJZfs?WJtjuwBP? ztJv>8humLq>Hb^3kDL$g{p@xAxbMU2cHUg&zW?e+&enb3)d}Y~=Tql*^(f`O&uW`< zko&cH#<6){l|$q#+yqFoEuGi>fF`D zZ6Y@B=PASH{XEmLc|Xs&*u0--7S{iE)%hJJ*u1~zBJ4gM?ri~f9~bww7@POURblsW za&N1#`*^vx7&ed7Hf-Mi)`ZRb)w;2HznbT~Xks4oezja|-mg}M&HL4sVDo;p25jDc z)`HFZ*Ltye|61M*eZGN-vpTJ-?5C zzg>a-xDk62-x1C)TgP79cXGUbghCNLpP&5|I0e_?R2;`?xElwsnyKeY$0axeSKtx2 z4v)kwcogo$qj5hTgG00Q`8+|Na&Kp2m8ZSf?8i~;#kXP~ehm9@J5IwBW=GxAr~sZd zJL<^!d4pHYj=EIoc=PP2OO=Y7W=CDB4BUQ!b|(G{F2I2c_5LhehO=?S9KAmWx6akh z#m6eNgJwU@!=K@Ntmf(CRlffEm0%B!8W-sO`>_|dU>|PBe%yyMaru0Gz7!n0SUVL5 zFVRlJ%{YKt7wG-zxNo6$5bv$j&M@P#2b=4cR)zZhH7(KOJ-8KnaToUCKJ3S#rFwh{ zJ{zavWjGDj;Q)?fPm#W!PVB{M8S~>Z?8A-Nk2`Px_u+J0zFg0jitBJ1Zo!@b`g;1X z7gw&(<9)aRr{Hev$B`<1yr)>tSBJg01^aLp_T#`x?ms>QtB{_r5_@nH_TqNz!+}fn ze106kDL95xaWhWC?KpsYa5|2z((`BFIL^eKI1BgUY@C0Y9-o8Da4uenJp=Xq-;KSv z8T;^4*pIt#3jPGAVs*Jbe;O{q0bGaEaSP7C-8d76uF&&k;e|LG*I~~feShNEi#xCn z_hLT|uGaIX;BuUbV>pPLaUSl#`M4je!TNeiqI!N0uEKe^3FqSu?8W`qhr`u+K0mI+ zDYyZr;#Qo7-@pOfi_>v%jh;UPm*Y%)1-o;WRoFAcr`%f{dvOQ$;ePDL;h3H;1z(6$aSW&7I1b%2E;)%Emr*QnII28xC==sxdIS$|$PRDWV3G4H< zV=w*?`>@)o=TE`q*gH~>k6{mvV?W1t;Z!qU9oLJ?Z~(_}I&Q-mxDRLI@@;xP&j@`z zQS8Nsu@AT4RNR66_*d97O3&Ai74~k|=kwwq_TftG$IW;U?!qZJv_sFAimPxMZp8uI zgVS+Iy&j)o#^X%fhO=-V&c@|C_4phd!?`$)Q~3IH;UN3fE3A~Ez?C=?H{vYZinDPi_LS-S7r08#@5QHMAC6!(NgrQlJXyOFd$8Kee7Fkx za5MJfE}Vh`SL^YqxB{yw`g{%8gWIqd2d>fMeK>;sxDlt|cASd)&GFp-vTOBxDYy!! zaeN%7vcK2tH{-9<;{&)7r{lQUKTY4iKC>T(8ufTJRqwCF9^8oixC3WQ*T)C;>G7$! z8>eu5=z8|!C{Dv|IDo_Z_3>WZjD5HZE3UsEdvM7C#^Xlp!>!nl`*4aGe}f*MimPxM zj^kyO`u=xg#r+Q+)Z;xkg1tD3eYhR_aW76W;}7Zi(r_~l;7&XMt0sMXF)qjHxB+`2 z`uf|k7nj|r$NTUK?8kLD1s}z!xCN)-mvI1pgwyfoI0Jib(&x{_xi|}t!`XN)&cTau zE{@_LuETk_3+Lm0T!051*4I;rOK=gc!2|GST#OrW2)E*axEBw?>WDtyU>w3ja5El? zzk`S2PCOj<;V`baS^>`FEkI!fvXa5-dBOJj$$1`z1_VE2ua*IB{7gypu zd^OI;aa@4ga3Su-Mc8vx&mYE_cmNLLV!Qx{a1;;38}T6Aga_j%@euqSJQV*F55s+U zI1V=Rc;FRyByPZ?a0?!dJMbjjhbQBbTlM@?a12kyt#}&l#nW-cIuE6KwCVU?5z%y_^Zo*}E==pBM4R{eQIi~k7#xcAEcjKj4-Kme4KhKw& z`Pjb#&%;%C6<&#V<4bWfUWK2>m*H+4#euu@^;DbjcnuE6_5K>%gxBJV<9dIs8GpC- zI;`%|UXSbWHXO&>aR=Uk`*A%E->c`_i7W6f+<pakw0h#Zg>><9Gn>!o^rUqUQ_YGCUBs<1jA&sy==MuEZm810IF%#-s70 zIDfm(`Kl=OA}(Wp51xbrt@?bEaT%V1tMF8O4W5RZ@pRmc&&29cJ%2ea!)M_rUWOZS z1b-FJ#2t7Rjy$I4pN-@A0-XD}-hUx3!EvP564;jyK?5T!+KY>iM_fD!d&x;vKjh*W+K{owy(G!WG}q z^Y6w@xBEqLIB@USJ zI30Il57#@aLy!03a_qx(*pFMV+U8U4?G5a~J=lv2UexpZ@KEf>lW_{Z7^mVWPQ!np}XaR^Vx1F<=O7@PAC!V5WmFpl9N_#r$LoAVFD=K6=@=Qw@@?#3f=@TI77 zZ=>)9cr;#)$6)h#o`%i+8H>&RDZ%FY$6<5*f2;kX6+IbYc;dVC6Q!>PE(?C0lC;8lHm zDvsbZ+=v6X9jD_yT)_M#KhpCR;$|Gg@z?bJJlu`5ao+2Ce-0jvbMY*khO2M@H{x{M zhBNTnI1~R9&ccBo>+@&w_su0Z3%B5G+>Z-!_;=#BT55Zk{DBk~5J>M{MJRXjFaTr&< ztB)UnAHgGWCmx0S@Ms+E*5k+E9()>Z{+ZrC7Kh%`F2U#E@pvU3hwJbJ+=|`*&!ci~ zk@xj{9v9B78`NdAQQul&=0@~396XSj{5EO)oWDghAs8A+v`;6maX-*r88&En^<4H zUX{kGcf?fb+C5u#?Affh_1jhH`Yk(4chzp+v0>{L3#*-d+iN#fy94;FZd1KG_Xg)< zeQksDah(Ha-`2I&_0_7hHnw`*_Ug^Gt7B`Ou}03MH8rbi8)|Cn>Q_5gx2aZ@*3@s^ zzQef$z1djf9PXT@dh>=F=jg4@#LkD(#M$)BYj!wC*KFOqxpqsv`^$;`d$&wyxcfVk zyk;72M1MvYVme#%`;|;Ca6U^NTUC_D6vtW>CMUOHOHCl z1QDG+#+kUo`Q+5`v1e8$cEz62 z<8sV_Y~8QJskc22-0|k?-^lnz#>ZcBzdOFTg}?YT@!3A-y#8m!_!#43jF-nt zf7coBKE=%S*D=11@qOH3ew>_q{+sK1S)4!mjK2TTXY~D-=QB3j*Tnc3<7133Hy7p{ z=ibaXvwg>Dr+)ofzOB#S^6iqu@qYIk2bf^a#v7J}ZZSI_Tl~t!z<(zxkxo4lgaQ^9Ms&)&1 zp}pktDXJ!6qxz9=k$D9Fiw;QstRpAAS98<6ie-xyl$})GddrTN%C<_LwA>xHwCaOM zJeexEeEy%v|Cz@;H0r0Jobta+;G5~$%0Qj~6_`EOxzG47A&klfpX#l*K*Z$gd z%mCx^^8xrAJple61Mt6j0Q%n!fFC;m{_p|tmk&_yzX!nY836zJ0Q|ohfc}*M@IwaZ z&z1q`s|Tp}y#eqK4#4Nd0q6$}AkQh_eeml4ZyAXF>B;c}@ZT~3{=5P3cMpJ{G64RO z0pwXU0RF-O`1l5(UpxT*lmYN34}iaB0Q^$};LjL9&eQ?$7Y%@yvD)8w)eS&@(E#)> z4S=@?;PdtX^y>zozhnUXq2Pykj`YNTJOhp%k2{aQ;?VmJ&r^8!<3@nPJVQP8hXoYs zc$u*HH`C$M(T`6KdBVTV!MpSJ4Gw*KKY9=I>r9zW&-E+}E|^(yhi7)xoS+}WP8`4zM03DLZnw^n%OR|MzGo8_sPzi>{~v|DH2I(_b(o920@ zO(TC+Wre3=_JRfT7kFmQpEqyz%%Cm>Z(&(JeSv4e?CEo1>nU4!$Gn-I=`-dpP&C2$ zbLR?e#f$~F$air5EdAxA=6Y_ub$SI7&Yn59!c%tB?BGHVvI!@s=OP}GAhD$QldqWz zD?}{BnKyr$v?MrZ{yeFFme5K|;8HRDrr8VU+&P;9v*uR@J!Put^0`n^A$i%%x$_qa z0YX(Ghpu({!ioiR<^{{BVP^1-irLd&;FJN-BR_Sp-R4AZ7*-qHuOk}o|Z)27LYGfvYN1gG6Pea<}3jOhz!&zpX$ zs??Qj+WdKQsd%1KRoQ~svqj2V=g)IWPV-z+R5;<{X=k2(Rxgx&b}xA5>F0=+rv5+t zPq+>GAMr~g0u%{SoKhlD3Oq0cj~kZ`pEGBuM2hD#KM3y8pZtvQagZn9Nmm{qcHlTI|+YM65h3QSxZbv!n^h^MB%fN@UG90jGQFA)b0MuOTtTExc|%~yt9N*S;a|s z*XKz_NfMrp?)_Jqgg>|!>+zH);U%VZ|5YU6hqy?-tCH{xbnm}V68_L$tjAN6gg27# zbxC+vcO-jh65d(bsZ#Yx_~iL&SrUGD6945%cv-W!{~D6;hr39=<4O1Od{+|w=p=l165d^7tL!CxdV6dVy*CMeToOJ# z3GYk7XC&c|Ps00>@S~IPnMwE)lJHqccz+T;Cka0$37?mQKQRe!CgC%a@Wn~^u}S!n zB)r60?!VF`yu@bizw#vfsVbL zB>eeF_>Ls}1xa{22|q3g-<5vD!e5w#_uSW~{}Q9R|GY`~JQvA#dJ;a6gg3)G zyk>OpV{=D)%<6bBwWr+-ul26+^qlhusGc#8@@X8G2PEloDVgZ#;oq1CB`s4%qFtr$ zleA0~iMUGNDQTG^63bP3fuv<>NYtzJ&61WWAyKE&GbAljK_aBm*GXEYfJB8#UnyyE z{fSbQzEslU@)N}>Jwejq>Jxb?eZHi{#V4{<`bv`^9pk;Rr*dzi;GMwSLp?k7T1`lSLvH2EiN%pr_wVdEv_&TQt9g?eUhXrRQgIu zi%U$Ds`RCj7FU=kR_O_n78jVvQ|a?1Ev_$-rP60gT3lYjr_v`&T3lTsU8P4$T3lSh zqtZu7T3lPA>svMck`|Yi=uqi{B`vNj(XP^|k`@=1h^zG8n@Nl7N-S6DU6K};m8e(g z?UEK(m8etc_a!YZDiKoYcO)&YDN&))n~EndJKZ=g0@~v#tDABaB{J|VFTy6=lVY~!W#r+57N2E(V_ILv#L%06 z^|ye>egthZqlZVKGixiowRiQ{^M|B(!rh+)562f}Tt9V9EJR6r!@((@?09FVN?G~- zA@)izQGm{W*2U@{oZ(6Q>=x=aj>|{1jwtE-`_lEbq!;z2OCKg()|<}$w9wjkqiMZw zhCl2oo?O@(PhS}Dn5`}K3*@VH`AB@=;bk|C_I#oEH^f*7Pcctx;L8kmA8J}3EjqeE z+AeN%*wmP0^mHJM?vbf$#EbUzP_yJuF_-LA3|hV)1OwCRGF$A6%#`)!#_xlN_i{VL zjyW3O4+Syie+#BV1_U9R1WU^Ddl>ZeJ%xh z+NUP&q)eYYdVCKvqvIFAq&bVmXUFY{XhOqN5UNR`tS*V(+GTwoD~BwR{jJASXX^Ct zNPpg~(~Y7c5Y-9M-Cu}S>{C8_1DSEjoJOYV)xP}Dy~9s8BEN^jRc7t9;msEgp5QT; z?5KyQX>GH|W1`a0MP}_Pe?3%%*5<|twKqM;N3$$t5dWIJP}NTMr<=7eDXJKFkG&jS zt&UfwqdJ*mJY62ocu%Rv6C9EqHSK}TvDS!W6O+;CLK#I(YkPB6P}Jd- zPlfB5bZTcv+V>@Qys4wqLj>OPwYv$+g?Fk_MgA%>4{Q+u%u5vRQcO=dEfrZKP%-IN%`9bDv#HB z8GlAQ7cWHTOH?E6E5D}9_@pwbeX72bXajnD49ThiBmUOSE#LYGzh)rjK1gn{a~>!+&uGcb8dz}kCNcDzwS zlt5z|pG_eo#wbEWU1sgw{`5ktqczP>j%T;|CsE$?eCwZPYra3d72($B`!h^Q`Sc*o z@@GjZ?``R+xpZZ9+^G4Q!e;cCU*1lKh|Q^rQ2X7#H>z_m4Y7tH%};Dlwm>^;pY?|* zVn4)aMs9p64C#J^y|THUfe{f{9E8~Llv z+AC5`BmXsPwP&>%-ZID>n^>QJNE(dZY4%jQ3~lPj-b1Bm>fONA@qo3qYN{OPLs0q1L$zPGh(zFkzXOFS>4khF}8;p1cr4dorf0X+$PrYPIEEzwErLoRArriD61p;NGH2P z=~?#H-oEQV%EU0uG_BmSj;2l2mYMf~-A zle>&B%_icj zl&b481Yj_gCClKE>2n4xbDpHKoUYH2p^~xn$x!CWP>vwmbO)i>9k~)2Iq?YevUI6X zX5bY{)ku~*>?+)mta8T99R(RUcRcHWo$-{hQ{!0=;EbmXo{T3P8u)TK#DQfTW%S#C zOSML{1I`uPW&rJ*B7PfK1RNz9-6ZBgEU<8UP#5$9mPu=T0786(5Tuh(T!6EHi>1SX zMU|fvCKM=f3JgIZ^MEUaKzht+Krx_KB!ITgp&bcHDKLMEpDccV;|Ns&yu#t#1}ws) z!@CN2f$$CiIJ|2B)sVrPonh&urJ(pzZ0iAP9Fdm+H|w@82fS4{H2^rA;(#J0*mgkv z6o<_K%N-6Kz<<>oY{2Qlp$ov_&<&_8J>vHw3Ms`Q9rz7O*;DZ0%HW3O8!PDFK&abT zH2f8bF|aGqXBC8$)kTZ^8G)9LgR#p|`PRC!C4cjTsy76TeA}`^ujf_o5rZ`fY-~0t zoJNY_j6;ZZ-rp&XiPGyIf zeahnq6CK~g`U`8ewz&3eeU4kb8n-I;3Ehz`%8tiqJ5DSjr!Ss}eI|8G+(nTS$f&co z;=McH?6v2>HG!)G)@y+&fys@B(E2G?S>J^}O0m8vw7$f$bC{3A-=!2;>&3K-3yvfP zkdUYtLsS!Tps|Ef%9vLv<7=!?eVy;Ga&I5-(ev-Tlv(a?JtM9QX2-M#|SZYTsGoTcB|G;JQFHGqywS_ zybQeKo|XeD_tXI3a?a7TLK+9{j6yr0%Xu@fxGIsOLQ@wBc?WoBez5`7{L%&BT3b4_ z#TbFmW&k@=iVv_%aG3xuttqsQLoEib(Bo7BxJYPAlW0T0_c$X`1N^wAtpmJWWLyS7 z>x-q_Qed}^2H+}3o;dJRx?CGzP-xp-T6lB-3$BarKSF0ePn;vM==!P*V}%Z}0@l9* zU%ffbSTrWk?6_-jQu$VwgtvjIfg1zUlGanvmsC6^9(2T#mfRq+VJ9g@{Rm> zz7-cYPMCYQzbfA-hzG(Sri9pDm}pWUM1g#QKQ9=gT2$N&-|a8;RF<;-Jid(er)*^E z_2(J{)*{*Gv7k)M6hB;-9dCMxV)@qh`4VN>PwsG{>wH$}-aDR9^*Y7s$xEE796O$G zvft0@{4RE0^R2I>@DTggEPt!xQgVn*)nXgbhg5`Hy}_uCz^=ep8JDWEviE3tV+kfH=ED+MWwMUx2{M^pLvv&>pQ7iC z6}y=vBmQTBi=#STX1>h#k29l>`a@vtyIzq_UkgvvK)C1G<*4$&PYeVJG|Ps)ZFE9- zfmGMK!-&Kipl2uwt=8tH7)~}iDg*fltyXm=PGGt2?!Vc$AaZ^*EAa(O2w4Zb8{3K^ zx`l?)%@73|PLkUh{vSOk-uxUlKb?W!f7-Q1%R+T0_bt*h!D& zYs6nb6tUA)qLaUI@{410HR2InJfu?*Qk1TUJ*Lw^Nx$TOh;E2IqfygA87p4$Ti~+e zu^3o;l8`;>XJzA2ZLi*BL>{NZ3bOYk&Y>IZ*JT{5>l57o0F&ulx!{QGZLaVDOPG<9|7>e31OkBeX*4aPP`B`_6KZ6~a7)I_%oYy~p zspOw2hO*wZmS%%k!#J4y*O}OBm{yR;5`wE1MF`=DCo zxK>Z=w~qgbjFm&)>z`uh3#T#^pz|eJ4@f+p9hY#Pjg=`^HHP3BXcRSUYPg$*64EoH zn6*!;5KFddvN*CRs{O4$iy%an?t0?J!3iL{F4i_R4M>v4Wxz_}eZ`p_D^TLwB+KV~ ztAzpSOi2r=1T{t0C#p-C9vbEJMJ1pS-dRrP=BV|5p3}LeL`Aax&l2k{mZhf`;u5!; zOQoBoc==@dfb~C1{t6;3mL4~PAdU#ZKv7%2_16G{s&i4mOM#2;f(M~T99S)GCH|-< zF%uRZ0zhtD7c;$!*B6kL$iq?GqZY-7uJYU)XtqB~_ zaufsJE;#90m$nKxT{H%K2)IVm)&Q!7e_ayoa^M_?wgLDdO&bSPE3GyFHK=+$uf~;b z+zcA-9enYpYO(=J;bgyrk5rMLQL|d|qT~EcLS z@I}_g_Jz~Xeq-f7%L2KrtjOc}#wDvsuglK`oD>h#=Jgb?s2|_sxqT5HGE@BfJ5)ym z;wQ9-+z*^@C5kvcvv$fM$*U`nX1!kR2Ov=f^^I!jNKM&vQ2QZR z8%E(z+^E7u_5s-ctC4OQ{~+v`9+)KD4TF;R@UM64xKid28(n6PU*@h%wLh!llq*CI zv0W|4=6ibMl$($vaRCg<>SD{KL3@Pb$sp?NC=)^F%f0@{@vkStCeWC{XOm|!O0;B0 zg$y1p*5_>Eik*7Nm+kv>`52bGD@gh<6oOX%aBHx4OR!2AEJS*z5I3AhLKIuPff%Y7 ztq=_pR(<=0Z;O5s`l6h8569i8{XtQ7$_NWle0tRLFNg)M1O7q^YR91#FZJLY#a;#| z?SayD2~sK!YOlkg4cK@_acBori$ZY+4u=jv;UI$B@{Qn!!J-S;6{s8da99XyL1t-o zUcfnmO9yb+WdOSDe8A*p^2MJjods|%rR__ZJJh^%Ml=nj58kSF#13OeEM-wP`gH!a zqp_hC?ae=en!_?#blHQqDUFsvmD#H=el=E1_74l~J#f*v6zwVDv}JlyvA@5&PcfPA zx7pV|uhem>mFDjZ8!KKD7U@N7nt5g7+-5hv6sDu>0E-;2mA|Ao$l^gdauy``EK zMaMrvW$1n1KG}3COI)MWo_*{OKBUZ(v4zs)^N>CgWk?=$_y!eT~5=K zzW#r+ovn3OLWf?RRXQqjT0iAw1B+Sjf333*&|*htZxI!#r>RLgJD4Qc{yJMrDWMjf zeM)l>omH;?Kj`d{6zi|En;ACIYf(heYc&;$F8)FD_5!Mno&6{<>@vybuUB!qg&p`D zkd6uD0V)$P0n{W$btS+;SI)Om_NjziO4(0Cw^%bqBK*X4?0i_QAB2lQ3cr?l`D14u(sj$IXahxuB>uJeKTaWWZ(5?t-aS>TQ##X zJN71=?XR}zztivGl=@%k_dP@!1L^mHO22Qp3jIDE{;n%OzrQku=!gGazmHbl+gju3 zcl#35Z{$Dsr{A|N+rNGvNrmY5rYrmD_fwmb_4|ZvTEFuU-Cl&uTEE@%$Q)!2G>+ht zSi_r2+);dAfOQQKgxWL`ADT`s-3rPDG6i5I!p3D<5#dlNnOSaTo)dbQ^CaTP6Zf^0 zJZKM6u39M>o>{_K%9S(3uIm<6f=(T7R=CHMRj0qGbRk4$m5go;fTO8(fQpay&%#P5 z=rK<>Ju2{W;K^E>8UQaBTpYmR&<5z`f3TvzE{6`_YaMN}ffs2GU4Y73x&a&xQbssP zLq%U{z`<}6jdi(6OmUaP%?JFrz>wzwLoTO|nSg3hlLg>#7B?-&D?(bON#z*F1msV( zt{5QmKHXCB+M$1_zA6P&HYvU9aH{}x`YHs-pW;vh@GD2QI^b2hrAq2S;LAD z%Yjw@@!blYUGQ(mZl*`)68e8yd6VporpxB#$ud2R6~}JY2IXk)>f$LXL^9=IuLvif zXMg+`_=VT{#Pp0B5y_~28oA(+C98#IfrBvKQ#p^hMD)`+U$nQrjja$DXIR_Wp|yu# zI^5ynh9LpJ+SN+jjvw!huQ8NA{)ml%?aiCR%7)cO;-a^d!S(U&+fS5T4g16!kT1F3 zzWnI;YlYwH=8)oNpVE(&v+siRLt@J`Ny8gzFVC;`OdDyerzxEeJN-KLT8>c@k|*|| zbnD+?mN+C?e%D@gz?DHU?6pMfwHxMQuUu+dr4)PrCYvE+s7+QKBX$T2#}t&o>X?O{ z1bxIPN+ZXJaiL@AGmsZm75x)CaTG~RLmDEb#5TlcoiI!^lL9Ou^uqrZ_EOPvAy)?~ zUI6DXD;vukxBtvD=r6ithfSD zS#cGB!yyFdT5%09qRS$p4v;^^Z7G1VV!9))Nk)jA^}u4$v~C%ovf||c4(A3y=a94w zkUzz(9l*8R&A_kzRdMJ5RF-Q4I2^hFrNd<$x`C@vetO;s$Mk#FMd$rTn>+*Yl@7|KBSchS_lr|KBpL*VIJ-eXx&l z*04g5o=jK9>FnWEG(JVc#6rzJd*qscUM35^;tDEakzF-kR4W9vD1pqR6*By7AW+T8 zXq)rNZD5_mXfD0m8_3b$osEfV&6R#ax#0M1dfIH1F@9nfVc=01;7!l48B zZq304R7NCr?{Me_bU1h^?s7;6$YIolLk4g}bMOIPDUHejK*lu5&jfb3WdXX=Uxg;| zLXii^pWptiemE`U~tLpSh;nuGWOCW)Vi@D9x_2k=Z8 zg**V^CbTu0b`)q6(BUk0>vApy{#;~(IH{z`4S~2jFnX1QZU^5m~@=aV8WwfG)Q@;2RunCh$Um zAureDr=nNIfaeM45&(yDDWJ=_UXx})Q32?3t^&Tp;T!_4b2x9-Hr+h zO95TZ>1j&lJUA}{?Q&iY{4(zK@JR{$#>z;(cHIT9}gmU|mQ-=OJ>Xn#GRIxAQP;FfCxR`)ib?b5Wx z!n++vImLrE9Z;PyWB|DB%LEplIefQM#%^Y^(i8u` zMf;fe&4TP6b@}3Gl$tb~E}zOZgx4j>sck{_hiuwcpQdvsOBUyB%rp7^G-E}Pf0)`$ zw6`HQ(55vc&4RQ+La2>fp#eyP3$1Ob4|tP(QxURz;5 z)L0=$?D`1b{!yEphzI?{+yndz1+g;dKP)!(c{RJA27+K@MC?MHK1Qegv8!}?s7`0b z%60m?Rz;r?yGN%#)#*{OM|Aq%q&YZo5B2}9k~`fa|CpveHTDNh{en(s#a8L`uXXzD z*hZcHu}9mj2|1n_fAL(?7Y}B31X@B-sP7&?G z^&;bEc7X51%b+EGlK8O6kGePZI_aEW5gnB zmtChy8r2~NwJ17^d!6+CEOMmQ;mDGY#@$dL`Zk4{Bup$VkO4lBlp^~$pQ|Nvpp-Kr z>lRi0(60l;fqnNshR}8`PrAq>rzniOJ&2JiwALj~qL4n1X_0crB8!e6Gw!FHTJ3Fy zG_gw4G5FkE_{7e?oVC|7g%k0`HqwX%?|}!mh|ZVZyaKsULnE>TGHHpNc2x=tkG^G` zaGO{Jx9iBNV>z709%SV_F~{+z!%pq72Q0g}3yUTG-7CXzx~e%}h=v{{av#|%_b!}| zZm&<|K415LENvwsJ&#CKS{tCcr=0;$9Q6?8ASE9s3#mk$j77k`RVsQ`44eZlM6 z1y|iD?$@W*U7xJ$>1mneKQ$E(x321jeU@I=ljj_H3Nx{r(!idzg9@yVg4dxk-&{DF z5dQtPBJzw4$Bs_JZID+E2uw>r2WB^xAOdntIeh2mUs zYf~asjzg6)<#t;J8!FehgDW>-*f{te2NGXHxm-8|r@ewJ_9V)cErtL^*#nN`uh6MT zu1s$zk|zR+Ok6+L6nl7-I`~Xyz59HZTA#fQnZ2~NYEXk?o5H03~#*~Ed>GLS1F>(l(Qv`cX>aiqwyuJ@U&Tr8X14E7J$YE|k-Q)M~z z!<#a1BeGgWj(tWIDpvP5dLO>gh1gq#Q-xMl=IJg9**{gzn(H*D8Y|BB=Y_sM@bng?JNoLyV4B7j~dqhbS&?s z^nW~-*Zb)1HJ%c+6vX|r4rIt3#i?-IUI@Xo2Iw6FwF1P6)q&r#LAm3lfNC9E58$}H zWq{H+C>!{4ImCh6Wmv$s0l)d0;?NGLw!Or23kQjmZD5HfWiz}3*kLE$Td{-02OuPe zxUT$sMnhns_*6^h1)L-N#O(^Pnk~e!JECR)I=nLh`BT-`0SI}z@XI36<;a}_d^zYIpzOK&bmbaHqAdSDBw`v^_$T0!?$>Lw)(}So z#0m4yRGzfuTKKCA9*-tf;HQE_V_$jkWJB<>DT_{}$cYqjT;_`u(k}D!RTQ~j72&?c zLgtswN7eawJ5ya6TdY?z-KE>lID^T7;gv?UT;gTSV-2dG?5VF1<;R<+$-r&1Um!)< zbZ(^_79E^8w^vcc0HL39a9aF;W$chh?;{w zul$>o#RTiY=MszKE|vkR2RxPoI2^<~Ivm;nT@LNQ9gL0C-VKb5YO_roq--U^tpiZG zT^qpRhEcoRgq6$9D}Z!0@}vVhj}~PB_Fh(WV&_b7LM^d#762u39F&yK1NJ$bOyC5q zM3!Pe<-nyAT_;oyEM=i5>@~RdrXQA*Es}g_hAbdFWH6=_c;Ez$qF;E70Th@{8EQLk8+QlSo;PlPOSr0_FYPf@A})JKRJ`y_q~R$ z9n&&cCVl}aaW`#ElbXMnMGNm$xDeHNVh72v91Ep=`R6Fc*O}%(|`S$1Mh%Zg*N5Xq4-O7h(7i6F(QCibA}7}1khea-Aj z(&tS^2#0pE<7kV(KkzJ$13+#SG5rTG1GU(@>!-w)ZHKe;oU`4U0jRcHeE`Z&P_y`y ziB6kLU}uY6e2TipTms; zDOJ4&BwFH=9`77pNA4h&hYnI~7@mXjWod6j4AAye197BklZ+@w2!zeg zcz=_8Fa8VcmaOeY4%hSbdwx&ipVL*a@m6z)UUFlt2!eF3mG@5!eVqIx%k1-y%U_13 zzSlq8CUnOmQGf4L16`sLTb6w{X`J*QbRHgAlV$jdHyhd0^%URCD7dX$%R?G6Sb>tj zwMOJ4Mf_>?R^#En0us99U(e`9$A5R4yQmYl&$8|H7iANU=jXn|W2iT>Y57!@bVFjQ z@+4}MjEKDdNR3s2Y;0damNWCv?IN3u!9HT0hFJOmbEEneY0(O{KSX!Z>_@Jn|L^vX zFu5#WCNSH^%niI)gqNAbypJgH{{3g963^$(Ke1nkY92suCkpoEHzA4N5&Q6yH<@UT zb}jsvX);mF5pX4B8!F8Er26*SKB?LT?v*Nu%Ox(C;Nj$_Nh^4y&#o_}zg{NBqeFwg z72WEa#YDS8ywEH082L%>XX<<3%n1yX^U9Gd8jokrqW|43jvw6mbr!`qWiUeWUiK6Ny0m%@CJck-_0vtuSp`Q5%`Wq))%yAN-pu?e5 z`I_WCkmn&&UIqrQOA$Q-s5q<+oa3jK0y=(b8KACCpPIkvaA*MUc*QuN@`~c8T|XuM zSZWf#`x#~IBbkRq^{X<)HE>tzER1l(DHxY@sWz@<^r)VEPthhWeXC8J(1v-E;TguL zGM^V(YlGLyN-T|afVHjAidzZ$qZ(qdZdAFl43iro&gc=CM~C>C_tRosGGNhj{&9xv zZrhnJFk$l=hUC%z#J-PLLv_Z4d7k9;hTc^3B1x0^ zQ>Agz&;2!SzZy0au4qMudSanhuk@vYS^b_q8xE}~kLjpoF}DW#sgmrQmV>Nt^{*-e zf$WQv-)D<=v7Ju~+$o_+g?45pe3g2V;{vVI(j4~GomWKV(ck0zX6;M;Owdy_j~L|>XLMarzRc|F$ZR5N#Pc9)+ffw zcKh)fdd^x)Wa0^y-kVeXX+tILi_MbO8u{J!<3E%rsq|&KbY~oH_PbZ9LH+rOYEbj7 z_gsse{VW4G2Ghn}@E+K+V!wwwmi*l_;D>^D#ZOElku*OPTJ4P`(m$ILDa=%LlFoRH zBPQwX#7?!Lke9Td;O?&;O16oPa9;|@d5@XzXEaH!PO)e1JocolJ884LZ|eA=KJ+*2 zRkXqW1^!fd-xF|`+$TNVj7|}!_0uuEBdZ5OMS#nD)EuU$d@KzBM>uaTb>G z_?4;?uY`eqZ4FW{&f52d~-r13dgHl!Ya4swfV6msvB>n<^uqmr1c6CMQT)y{V#Z zqAdsKOusU>difv9HojaA?Z9Il4l=!-r8#r}s%;P(z~RsZC>)aZU*tNcuyVP{66ZXJ zTRQM$%`F2^?dbXd9B!F_F1IXTIElOAPqiiwpqMeS&sDyjDgJ7?L!s_T@)R&Z%LuMN zfH_lbk@9pH$5Zkwyw9E-M$OiQzwwk@7rbn7HWBcIVx?B!jP5s?zP3#3C3Pj~W$bpO zwtt2C;K^mZr1R>if!Cm+VAqn50gwB`z7(#0_06rAU|Tv)EB*04<8!0A{m!lb6BDdk zD&vl3nX+w;HtO>#9V;=XN?uhPMD}hb73_2!8{MoZu+{8MuFtVP!;e0;+HSwsnKmm6 zv$u90rtC{5LUYMCo-{U)PK-YKWSpU?-W0U=ohi@#z4U^js(eSLJ{l~u<(j(1*-r!dUg4hOG3o>p9`jstjqbui-G#knV!xHHKS2*mFV;EF?o$H z|G1kXVrv(YrrZP`pwE@a@QZcTz!iTmzy^v?#5IL@mOhWtyL<8~m52+$g8!?1+11jQ zjtg<(?`2e=;_u}EN~g$g2X-%hiL=-y_2^w!b;fUl`xG3cU4YW{uCo9oX@vq7M^Qt! z+1D^T${b?UyeibP8DI}*wiA6dY66gH*JTVwh!F*vC3qzi zmCsdzNnD4P5$r|at8C=jW95dz_GTY<{@ru_F~4OV`wg0iBWqkJA}*f7%?GpSnW@*fkqr68sS?<441??*dq{ zupCaN{ZFm<`>=HVwNulYzPi-B!i4=>|JB$sRz0FQ4=#c5+LS=b zXFamYl6+loo;Fk7YJjEMZy}prk1tl%`DYmLUO?V7e3@^w+O$DwjYyqH_jr*u&!>Kc zlBX)Q&-27u0~0(b)eyVsDRrnf1Pl2{8B>Tt*wfIBN739dz`6%3q`7K+XH&vCi}Wl$ zo{066OO)Z(Q(&KU`h3LijKmhB5cXA4NH+ECv8CA1EkMl@`iMb}WSkP$f+_1;-zDD^ zTT0bfliZ_r!*@4=5dHOvsqDKSG|(cC7OVZBG%4p(QCRYR5Xc<7mkKHJYLp&hV9LW2 zTj1WYEalssdJ{q1^z<5Rsj=72qoJfMnu;C_U#j> zk=N7Ge_9R2DQkag|HcN9{azFMoeXx_ zuYXAE)OYj@#(KVtwX%a|4?-a+XU4ehjU&$VK{MdT;MAQ5-d~rY- zyN?;W^X)Gyov}M#jot6bRAYC}L%1z9aK!H(dnea~=yPePGjR4RPRZW!x|!LH@j78- zzwz4jq#A>yvd(xZOz(KL$at;zHeL5k~W&oBv`6W z?#o^Cl=w~U2aAo00auCiz;(cXmm+$}sSfPx!MTB99Qa+OM0$1U_<(lM$_L1N=+brr zyGL6R4>|`^5)qm*N&5tlxm+qvC*c;%0+!P$!HcVMqR%`)6@8ijPV_0$7=LQgmw12@ zr7jA%99XIE7Cf_#K7TFLxS$OCvE71WSIDT@4w6aA%ehgS3O<>LhE#9j-HaVv{olZg z&DXVjlxo@Gwp8A}d$wP_eAkHlLW&Wg>1Eb(DwBhHS!P|kz@57$u;)Z*DLn*4Z27zt z;`Yf`bR&z)ZA($hTHa$TrFYs{$0HtZe(0UK*Ob*QzA<{LY$whNi0I>w8R1xgT!?no zSBb}!awiqjapY}tR2+G$zJF7Uii3Cg_u9t@R#5iOp7+GdW9sWZk>(Lda;Xeg<*c7X zLGmPKtZ-t+3TLLOn$NDiXh;Y?jy8xU(~U|SM3c!~>Y{+_flrdA{^AhnNO`T}Pd=9) zR!F&hj67#u+$g{J+0=C;p@aPX1uuWJm;YS*IV;UyIg*YOA>BPYENBv7g1Cq-_e6W_e%-V?m!vm0W zF0b+AMROf=tjtK_42mq-=;PcdQ}w%$`VN$C#BwFkO*u(qB;=Tz@hmewi|;axlUJL@ z3uLopy~`Me4`pnPnjb;q62wJaOI2pMxn!MEf*&z*f-dK(xIMv1loX;$kCE7Ar1Jm= zu`U2%8h5UFhNIb{k&LSHJoe>ioZQe$9jPml7l}Rv0W+ouMRdl!J!9oV5&1!@2Bh)W zM^i+eD-JYfl2mV`kVlJe_BK(aCouV{SjMjco+ztvipW#PW_J8$uBpqO5=!MmQ|)UW z6&`Ez%-mD`M#Q3=(gg;!Np&~AN&4TFOk`N`P~>J;hBrFQrNqV3k0o^5qkfxilXq8I za!uT{HcFqF8x!I8Q_O=lN<&(9871+=<0^Nx&fOmFAa}LudzJenxn*^7pFWH68<)LR z?^hvsF^2^iY+QNm=O5uAmfUTX39;y6``07|^4X68B?`Zl=-tl#-apZ{{-Y{>mR;sJIX*6Gb;oR*2BZZhdz8FL>q`u^wrByXm+gM97^SWUL5 z^djjwHM^^MJ4?^hvruuIVX>NWnKGBFVG+FrTjE4|r7F_Xb30y6oS-}HDkrF~%8Da2 z#b4F~xHD}W*qv$HfSsAP9Z=1*GMziVwF6L;O=fPJZ#Z?iC}5fF)l55|X++Po_X{;6 zk#3)|qj#o_gJk&9WDg(J%Y!A8u2<$wrT)&8yJ?>(cLVdSz2|0kO1(r+sp38Ll=>T> z*h|=mJ?tk8ckL?07sEkm&tSyx+cHkQ%Ts6Fy7+QT)Hq+H9N#viUugMr(WCvBbJ6|R zyK22@U;fh{7S!v2eFeMvQs&DUGGDrQJ&*3p0Dmd?Uj5?^V4_N$0!3)3h&%X?-yctS zbcy;IFf&?=XS>s9T2+~BWafEf|FY2fo-no0`hwpUddoh)PP(Nk7006%y7nFPQ(^5C zW}-Dk7C)cVYX1{V^W8ixAk)ji(v5h#NH*hBXpQo(PaA|kojWMS41bzhSbKv%y|c1c zzOa4LIIbx#MzrP#9AvrMCN&C&7r+)-w{!>A=MTnoYUd74QPl|1Z(O1$6wxV3G-mC^ zUd%haXl#es(mlw`wT%ZJg^HUo1?+%@-`^J6d%f{!%ec|TqpQ6ejmYiv*reLZl;*`s zg0Jj}nt3o=xTZ+W2k^3hh26a(j)5Sl#>8wjo#peJHOi|xk4O@KnXNcTy1n&cuY706 z-Nz@LeZT9K<|fh8gBcI^^z`G?dmq@e#%~!k+QV4s@l^2fb#7`*QAuObHVR(It6jWToaDn*X%D+vl9mfrebN&Kt>|n6A zNdc~cEnbwpmHSWUJT4hNGDMzJU3og6RsK1!r@*raBSQRI#fifvlo zU4{3R9ab|sve5dFtr4H^dfD&emyTrL_&_w*L{a7E#vXFidiRe}%B5z?nrK00xSOba zue6|>;N^Izjpixd$fn9UG_T1!+S5A7H`OPzE^0W)uBxSI_?|3J@T8)#A2erDF!myB zt#@p>hiOLd$!aM!Pt(21DU)9C`vUegpwlke(HoME>UQ4MzsCUPL`wNIn@8ny`NiU|F3EIFNz zsBzkd(b+5l+5IH6frpdmqpWg7;pFAjCF$s5-=5G}Y{lH_fttzs!v-fl!(%XLP zU4rhM+8c3RIiAYTYZvnafgFchTn{j3_Lwc747R_1sHdm)?(5UI7zE1RPO@kwRpBsM z3UZn+$LG0gjEB9rfIw|kN?}XK;PCp?%WBhDjc?~-T;~P7^_kI2eFzhrVOnN-YhDJr z#W1hVF{1|utZt%FzvSLqdoKdTeYsx+gY1+}@D@bk!DA-P+)_|`Mam^L`NweVF(I>{ zwxlNz{w8J7$pzNNP_8Gq!nC~6OEarCSf)4l7(WGxN--PfF>4UCEERj3G;>n`^)9Hr zHud85`G#hdTPDri8VI)x0(Fe%{LU8xwS_5x+CXaI%+Jl48+eER%=Q3=ibp)h zbCKEd{$QY?p7MO+5`SUsxDkc5lSlZpzib_R&*0HgA3pIwbHoIhinJJ)WRxo`VWVVD z(AWt|xZeJeg93K$-eZDR?+yRTeuu&2r^SrO*fd#T1n&uVUt~mPF=2$e%ZCKk$?Y;C$A~Ae_U68G_s6;K zphJYWcZwa&+$60mjOLF>XQm1swBD1V&ri&masj+H?JZ$uj&0}J({-Nc1YWQ>!Kb{% zR`Bw(g^~9afFrqJ1=6M0+#ULztawQ%=AJVZ`kgu4$mA}bYeh!L5qveJym4agtv z9?W@@0uC@D2hsj;_YfmuLu|E#-}^57^-v=sPwUj0UE!}&7ahb8Wb(cNtSsDZ;P_P^ z9ol?r+60dgIYCvC-rRt(8Ii+P>agZlRO&#L8rIxQszC*SMnPBNb7YY|k*-ib&MW%^ z#23s@g_b8F*FW+1;~yt2OXSS#O>&CK^RE^bLLi4}482Vm$C0Q8d-4$WlNmOPr_qh5GZGk6;eJS>)wM4fRBa>;{;;^O;~sdd+yCvXAA> z!m`Gb_)x7?#-G-o<)}WE!xYN{w`k($v z{~P&T^g~;UoMUj>s)y5(UZ{>cBMRDxoB<0_fy=d2KbHc@8gPGK$K6GqDjL10x~F&e z-Du)4vuf-L=v%Y zxYD~RQGisUJIf~v;Y$7j zG|j%IeH8aD6g4pc$#H40>d;x=0{9VTB5{(?x$8qQ+;aDOZ`8`YEB#Rg= zjOEu7T)xLkzVy0gK0#WEn!621B|GZb6)=V++uf6#9=hUp^&IbMUb?UNtE#CbtZGsA zL8Man_3@rq3!VY9oTMs|_n&Rb-eXVuk_X)0BFBC?EM0sL{xu@MW!rat!Lu!9cwLS? zi!%X5Q2D7^QWw@%q&Mwi5bc}UYV8fUWL5C>*V2%oS0Y`~HF{gBnJ0bl5&ad*!&*2q znTohE{31iO)-EO?H{xYxZiKZ*#oqif$9UoBXxlfej+#sM)wWhzm3X*s7{al==j@6+C@@exNwaQEd|kZ z8gi?3SgehavG11g*v+6RD^1);=N4F75{JT3>j4%q7>lSp!fa))3WaN(=&VH4dM|Ov zF1&Q#cn}}UFGe$~Ipq%J2QtHJ)1BiLeqZ>@=KJaDfc2)bADR9BEn4PfBb%k*DhApr zKztlkD8~~VDTQBQ%ItACxbayw0oTANxc3y>_)`)4ksY zROxz+$V{gJt2>`?Nc$d&FDn=Szq#_L$`mS>YpOpfQqz9>W7|&jFjy_dNlL3GGp@4;uBL;lNX+; z45*V|OeW3NBER=YzVS*YmKpLB%;|RR zV${b~<#o>5f+hX$LhQLu;bvUrrO{(@kQjedy){^94-rL)5(!B-WHd9cwnooh(jZOf z94he?BNEMkl;;(Th2pT>vwu>Vu(lMw@u6sDk#h%HF)&u-uoe$~(psQ?eL6Yc?QeZQ z?JdMs`#Z>76g|(3&i59L{nD(xC&fMmNyRAGR3yTd?H%@c>@V+i+O5phO_vN!85cJg;L!jzX_g{K@`O_NUEb z5JrAC>shH;ZiuWmB63WI>*psq$eA?uJJt~Pw|C3-BJaO~ep2n?l%kYQ#n2AZ4~0ha z<=h$Z?8!G%yhe2v7jB#)nvbly`{rNSvFMU5JTuBKQj~bjvAfx$VH&NynRoxZVHy)UF-&_l z!?ivw6ZfzdYe@S2d1ct&US&q7dCgOflMa;uxmu4dkJ1GX<(IL!Wg&Aldzj31$|Nzz z2pz|C(-rO*G%h80(}F4EQY!;Iu=jRZ%V(*zX^*MgjVbL-vw&*TTFP4NA;t@<$F9$g z3zf0*tJoXp^qf6+ad6bKb66t4O1UofE;#m}&n6))jY<5Hn0SX8GRDXHzN}?unz3@v zoISDxY1uivY|i@hlR%7Z<>v}k{xjAFgT$8YktGHi-GcYsU(ZvocN3pS;RLb~dT5njDubX4nX2-2bZH4@H&y~`qI(|5jM})qB zC=hNsBbKs z`KEDki|`55q#eP|=i^^}lO3<#6tFf1tWCkmviF*wd(Z1eYg^#=kb_lm8#~sD!l8@@jKDVwXtqp_2Yv3yX%j+WoJ!UWlf0}&Rom+qV;ZIecAy$ zZm!GU3awO|GIg!gtdu!FI%!pYbP7(CHqhFZ6xQ+QT3fO=O`5qOf9%FdR#$8=#jUoB z*QXuo`Kq$5_G}IjS=u}nx3)CNc0vkDWDkS4-tjz%4SBP6_U7x|Hw{i*6KJI4=(0_n zzeoB$d*OGC&#ax;BWClBSv&VYY;cDc3S-3uEKLsGO+<|i*z1I2ZfB(}26O#X38S>W z%P_mYKgJ9b{x~hb4+&e}1;QWVj&@|4(eq-R2yZVG4$(?)>>J$^Gj%#WcF3!$XRjhn zk7qFYM}x61CN0lDS3kqv2^mMmCTPNwHQ`aQVx2xpr;m=^uG0tW^r+acbb9Y1#rT-m zb2`0Ur;m-jsnhT1^l`Cobow=&_QggwE5Vv1y|Qw2EL*3a(P@9|BAtFhr%#Mc(&-0v zIx}{?PT#51C&%XK^vybbYV3BMzK-;kon~#pMQo>?v1M@TjYL_!=M~0^^nYzI}U1|S&GrgN0t5!U=j`Q2YVH5kAN}9D(%k4p=uf4ITwzA6cr)SZ#qQz=F zKdNLUp1Zr!Rti&8`*H~Fus;jJ<0&oH8Yq+=>{ISJu!XtrI^{U-2*lcCbYG@q=OXCw z=NAvk&+Td!wJbF9zX~+I4M8B(Jt%k_pQ(YyjiiIafm0f`Nmk>Bd=?o6ZN`erQjL{F zk2}1|Fs_b;-j>IA_Po(ywV>cxR9KO%`j?sOawTAdccl9A&9o;;;a(1PL^X z7;uApD%E>63p-mhX=n&9t3@S6P%mFnt; z>FP&Oy|@PZJ(VsP#aOk-XyLh9__g4T-GP>`2L)QXQ{&qQ2k_vG-TRE)d;H%a;|C-| zxPj?55EB6lBAc{?{N64S?21+Oide%>!ROa7GWkGWd!DM2#Xgj=%~0h<_UN|QS2`{ikVgEf# z0UYFI1E3fyrRejjXo1pF^Gzl0ZIsk9JwPaof*lJ_al-aBN~VHid7$irly=*wE0OEqq__t7>4!vHIx0vGOWiC z5b^uFj50$lXH_*U=j^bO%o%E%B7H+$?qsQ<&U`C5Ym$?thO~U2tTUagV`Q|K?UOZ< ztbG(@GubFe5BH$uMPA2B5ij1aPlgZ4(u1*go*E1vT_`i2{hBIN;FH0)Hxj?&0yP57 z5L6PiMk!&mvzGHV$+fRB~{sESWwr)0yQJW?iMOD(C4@G2a<=W28(vK%I zU=+I!WTH!U;8Ya{E59p!dmNp4taR%!(yjC@D^t*3JChPPC@AFF#A5-4M&MC=LM3_L z#6_|OTG18zK-aTNg!%&u8Nsd6xOW9NRN;2TrYW2ZX!2M}g)3DTNrqGMK)YJ$jxR0fI{R-nW2x&kJHHQ8kwh_ zj)-Mx-E|Na1JR_| zD$V3xMY*!_^4OR)N}zdyh*lQIUeg3O>h$E;W}UuVr%PfV>-2>>eM9UEojzUC#>$uF zHdO4axZ-(~!mW5YRdCm7+yM@5kl@NSZr5DZ#Fx_qw@BmOb#UBK@x-`~Ec*DGgF8TQ zk80cs2PYRBVoz(_(+*DVRL7QU+`|s;Ai>2n?oNeU`LbMajQw5V3TvM`iIhFf$r>VA z|I*}_Ik-aww_W4T6I}G=bU}4%lwYGp2EI3)+}|{Aki%|>;J(nf&u-RL3>Dm<)vDLFD%{GK4;9>D8rSOJ(go+!xEGzWhY9X< zjr+AjH$rgZG%hN*=*t;`x>Td8Ko!6*7)QJ z?#p&EK@pjMYVVjM?rPyKW9404dGVbGu=TLVzT`8;>Ip6EUp2uV2)^hgI8g}HU8L8` zRTox^C0uuHAb0J(mHF1kc!CNg^C@5qLe9J zw6b+4vOCt*7nW!5 z>FMZQkAIS8R8K(menEa9`b$yDSbmBP|>)$Qg4`|t$5wQNX8MGWI;Q~exBCLk3jB@l~T<9HA#7Nfu(qL1I~|MXz$pfw5pmM`X%OlMYu5toYnMi+n3VP6;{T_l)eg#vkpnwzD0s z$p-YD#yuxE%7*%L{WtlF>#}{ht^=)#z~M^e@_ zZ?SR2Z*JzZNE(qZSBmmwpzI;YA+PNx!hS#24JqX}QI69IDPr%SIr2V1Vz2jOnOjx< zhX2FdyT?aaT#x@72pAOHsHjn?23<8OYVcO5pt}%sBLQPUjf$EUMXab)5pV#fe>|{ggbacynvz-5Mh=GMAU$C$?tv6JkPTmKtG@F_x1hb=L@s* zoO9;PnKNh3+-Jal?c(23JUj(oZ1GLt+g$wf;K$X_8DEPm0&^-Lg7F_gz?aMU*E%yL z9y_9Zu9HDpbv|&t6f>;>dO~;NtV{`5V2=qbwi2bhXR2DJjgx8hdK?7F?a>oP3oC7^ zKl2%%sf=g6D*g_};_*y}g*_%P?E910N*R;xU`!hO&K=8q$yi2?;nXZ5rEvA8&MDy? zzH_oal?=Y|mGnDafa9EbgsN9j3m9KH#b9+H<|-%-g*zNuhdqDm)Cxgx*xPnEHUYHN z#62uON+l3yjKJcK%}6V7jllfDz!6Bcufaf*%4Lr9Ip!D7jller|Fqt}FO7iHm zZh7wKQbIaY(32!&5`Y!O!_p}7X%H~d&B)1G*ddCEeeO)O;1vSqj=G>tqq7Z&8=G$F zUWCqOcmbQIlX>4WMHifPeGw$wB~%dmvUyjR$a_1ROxM`gRbMiaTBn0$?6@0q24Y=v zM3pbOs#NQmtUWs!H@)!&a5G#~*&rr1tXd6-DGa9;BHe}I8rcaD$-suiH|E2frxZPx z(T$7m?hD!nL9wz_pR`p0X?@a91d!GzU24DmK53)<_WPvI+V3$^$w=4ymG5Ek>&K`P zzC<7Enm1)NZ|;Etc*msX2O1KtJnA%*jnN!C#f+uQ)e>1|IUj(`s`fW*G!){DwK#X@8dFR5O1F;sZbbT9dD@SYP5tlY!d#Wb?(Lh}U6mMNt7TvH zWiWx1GMq4Xxj7UV(_G)hzJ6~Lvs_ZY@w`-w{zzme0+B27x^3v@YRzaP0p=M#=-(u@ z!)`)4)s@dR{5*Oa)DJtXhtTx$r8&-(CVd#Q#f7C0V^+B^8O9*B3}nnA3#$=WYypzW zoXjLXM0cIMp$b}R`#irVmes`5*H}%+FbJM95Hgcoo&xiE9^mrqR6CUCbjx$F&vO(! zldo*WQPDj(4Xx?CLjQIr&G`kPw$5*l`o>(KBQDTvf=kURjT)@p!H_)pHGjCR<__9R zDSt`j>~`CEI|{jh%@J5B19V5`gw4r(rgc2$kOkdWE|-x+uC+75QsAmbndD65zIKQWEDvQi9}+W>zvAl{+Q0k=l%9YgaB} zBVi$P)iNsK0NnrCw`#sryvtaIYVTt{2?&%^v%QVr`VqM--7v!%7~4vv19CNa^*1wC<+U%_0lSbaGd#2bgWYyE(=7`)R&q$!_>DI?Yl% zM5bA+y`;^L$a-B**6Vtvt=Cm31DR(T3y-3@vFEc!7i*DOmi^%}u0Ack%&+Vjf2JS* zIN~Gh#gVJ76d_=+B$5$G#V;HEC*7q{L0X@PCnh*pENfravu}f1>}7`Jd>=KTgws?jfn8z6utG;o+`#y7OK8*28q4 z&#Ds9!xM5fL7FP=f>CEa(SiFak7YieKf)(k_naKLOR40X|E)ZMHJ)CFE1xO{K37~L z#k%!;^0cq@;C;!H@AK&jAE#75IhDQ`cJWEu-;la)%;n;{b~^QnH6Qa?a%Jm5nqTX8 zx>W7zQN|{cL#XMSDmO~C(LQSvF(9~-LjB%@ClV26@VJRY_4pup&YNW{_U0II*$lrTM^0%^MKcW3XQvOHd zhx{~b<&V_~=~YWg)lVw@ElPhckcK6~yPAp2j)q1F-b3H5qq5^Z!L0yLeu|`t%9#Y5 zLbNHz*K{e#QLr&0`2id6ls?C2`&UsTc}<(Dad*Oa=q&#$uM z2muce)m4X-?nnV#Ab^^$0Eqg+l+Hb((T9~z4t!t~0+_CJ^L@I8!$^Skx8Vg4Y5Hk+ zQ#6~BuVIPO`SrCS14X3cZ`uR@&K~$STu3_o{d?e_+#~+rJ@5>FJH_9=hkO@wjvpD# z;7@ipv0s3T&FCdK*=y+;totSI@p4}3GFK9kA^3w!DK|MZD+MZjmJOst_rKAjw2m)q zP69v|tjXDC2_EG;ID67!=YT~TA!fgqI!D{@+wJ#Tv2Ekt+Y+4JVRCkm_8A~`;n-YZ z@$WbnS^7f0;lIqe#(odvJ3eWpGs%9QEabB$ed^q2zmMeG=A`}-?fV65&c{sL{uEOX zwc<;4UC|NGE4zV<>TbxD?-SS15&EuWYs76=8-)e+ z(pjmg7uHSSj)A{O!qR74(>M|3&I$9!X@j6B_C>61Mi=JImd?m%d<{s$3~(}!hGt8N zR>%?0HmB!e)!fA{V7rrR0p|g5&a&Y%2uuH<(|)9%0n~kI+SQHNPG#7fP)wN)+#IYs z6;04Sv1QHM3MbWqetzS#2$MVqwCyi6hTrA;gw*#_ftOW26#%1R-*kj_WqpGV>zUSTm_~*Yckl;2v^n|7h>joG zD$Xoam#<{S`A*A*+Ed2=>H!1Ayj>FjCmH8$nqh8)DU$xtQV_w*cj{m(FIU)1G|8h+&ov4GEuX12+RH?93Xq|H6X&9y zlCR77GDi`jKA@2s6>0AGQ2|2nvd>t$R2I#fv&_vNs6|1t7mxinRqKy2qx@(~Mu^Ss z$Sr?Pl;YZJxP4)lJ+zp;LGyDY5k*^_rOvm=UGR#R_jHQw=VtxPa%%18YW>V~n(XH? z{bY%m&*V+2lYm&7lWzcA31D1(d`PBK%BK#>I215zNY`kOw&1MWx+tW_LU9|jZp(1L zg0q0H&x-a~n9RW%xPS3=v3_!s^@h{{DY#l;XA5p56130bje+$}Qwll&C>tOIy4{5) zm+lm`hXbyCb-ay?>s_CZmw--;#rY3%CToX_ zZtQq8wLe$yY}S3gY|yRxs-&pyI(eLD1J~d!+>iS+e<_;=m`yjg6RO#yCqB+Y(1N;~ zb<6UI8#l>iM1>ijB_B`ujcDD=IhnZAJV0`e`0ww@5m649C!VG{;0dU4<3}<0;Q2AL zdb&)oaK$M1GbLX3@lo*b$rL`aeFZ-5MOtPA>|oY^dBX9@j}US$X2PREx{U<3jh0Y{ zIp!j$2exwm7bsJCiO{i)TF>AtNL1ST`H5t-?&Ywg#>$dPy?&V|^#gt~FDV_bj&U`_ zpA@><+=AZqGKg+81ktg~W;KdWO+4<$x|3MR4Jm&jSCBD_{&geC1roQb2y&uev~cIz ziFWhDrG%>Hmq_{9ImAx$8|<(Cc(b(G(Yg!Ir}*kFKAr8=6yW%eyRGP-;rZ{har@#} z@6f8u5VH;&KU*n7^{K^VRpiveJB#GzhJ;+G&lc0V>!*5~f9Hz2;v=$bj^u)T&iKkM z)Gy4_7L{#LZ;=T_nTLP}XN}0Q@b`T96bnDX!dLq6Yc2dp3zvKJEuRZ5{3r|m+^0X? z!d)e=@!^MC_|Gi8+@^2&bdXWxIoiVIUVIDRVByDD_?JGPcP%{E!oTw2vjskT#IY9M z=EMJK;UNoe_u=Wq%9!uc<8DJdv?T z_JOy^p7A2i8tGl7`5vbMULfoRq7s02u|LlOU+Q3r@BS{|g@s&`17FrIsJ@4K62B&f zXfC}NQROyjP)B(vb3Rb>1J@jCZBak5FwxgX=L-5c(81Y7kKHNPg~S$FRmr2a_<@d* zQvOAc-EE-{4IP33Yyh#|MNG4Z7rS|gw?VLCkNmDTG0#aE%)0c57#r;8Wel8qSDn0G zxJCV=UENqROnlN7Q;8&0-0^7@cU(Pn)je?+t$XN1@+wt!w(Q7a+BF(m%*8n~`1rWn zQKx0#0Jv4f^Y8xtthV&}D;v71L$Vv|<8J0us(Wf5S92#imgm^|IGn#lp^M}~wD2k} zMH|6&ADN9OIdo_aMeqHan%87Cf05neO{FXB@upr_CsyU1%xLQ+;TAQOdmXeP|0%&3DxDKGVl6 z6#B7mTJX<3aADowdDaMl^VM|@{h{6I)cKn1(TN3K-ltOr6m zE2hY?KJqmWDf1AP?F~NiA09H(M^5mOl^(L2kNmBVyv{>*_mSm3@c^1Ahf@ajQhyqOFoJif<8{s^K&iN zM$jU|0MfC>(^XRDTF6jBfBc|6SeLKm6gBNzC{C4z*PZ1J)Ym-@IDG~(OIss`D}WAQCM=hccNH?mL1B6oX{&0ImE2HBlsaqInv{{|PWdqABUj;7T| z)PXS33yC59JGaH!>Z5M~ZT-9X<^pNA4&Vr>@A9@m$Jsf~C(_j9nh3;f)%?OHKKXgC z`+O4c`0#ZWobjdyK3KuVf)DV)I}ipgUs-r>AO3}fZ?f>CefXOezS+W0^x-dC_!bL4 z!-xM(;IoIfS@<9yUS;XGTKI)N{3c8Pt%d*6hmW%K?G}Em4?h>UY!&nS_vQ#|EY%_L z4g~|Z2kTy>e=P_0bL6;cuR>ZIy9IP}$1>Yk|C`ES8|yyj*~a>VVH8j0{28$5)Lz@u z@t4NFlQmv55-Pbab~3-I5?zo;zNNk8*f#Tbijl2S4}MQ^7t~$P$Y?(Ik*(`qnDMF3 zTbKhRp?Ifq{wePz!&@!vEyM zcWLUwms$8TKKx7I@!=~i_yr&Q4q%MsQwx8|hjWg$Qz2|I4^u2f1HTB?9L2~-dVK9B zLb+Ha&mP3^6QDbSN#0NZTRV^H>X#wQC|1yK?PgksBFPBRvR@BgC0&~S2#M14ziow? z1JI7{PEsL9WLo&Q&v@{IEWC$>H~IA6le&3@WKtzKKe15LfT8&WG&_Zl|z9tx^q{*CgNEn<3+dg4p+s?SS3Bqj{I)FNzoK$`X;; zHlgE+(X9X9wp!NzBf+5`=>~v$e*-{^@X3!f$Ton+1E@ubT$J9wX<@ftH1wsI?t-I^ z1LU3q#tFiBH8*Kzm@|>1kadz^&2MF_%|Yj`#4L(!wmtgZprx*FFpVh8YA62}Lb%$P zh!ActE&T2|vW|@Yc(Xf-uA9R0{VqD>(_tK(eJ$tK7k}KX>R1_5qaD9LzOYk2n`Qs< z^O@xOxZ4#_rqBL{QH`F}@fhy$|8>O>6d+~o&RthzV^Y%r* zH~$ws{s-=helPwtvMBy>w>7yL0o28)*2?3Zjz;?|Mtr_R=02Ls*RQf;5Pm9%Muds{ zU&{Z*5?Q)brRTdXy&XzQg-G;PPj6lgi%GnR71_#hyaoS5z_Uhl_2K<3{9X%Z;?kub zY~i<9csCz@k%eCdoB=)HRFCg+MTuMkz)FlR0mc(I0Or>468Rq|*#{gpo$KKN50L*8 zcUaCl$&&~3XcBc6*8+|i0gvR zAcfG6zud-uUOP-eaXl0^KVK+{EfNr~N)Z(7$)e3;F%vBai({3-=A2eM5U*?EZz7YU z0q7+YY`kth5G^p6Cl0fijpu2`Xt3(>de&2PXW@t5z;wu=lnz1i<-ru~F}hAhpN#po zh;tGQE*+(NCSsfE9z@<41B8q+&3kcorzA-qJaI0d$m>7nFGn?kvzAmf_k4f7sUZQ{ zhwdyR)L zz^R@Qlh3TiID(g2mbO0V&TimCxfV8lIgd4Ro7Ba5RqMMH#HVD%uVq)?4Skr`=o7!3 z!|OEi1);q7t)T`~&4rB91{B0^9VF8p@ym0y4I$h+8oxZ>87I2Mg$8SyAT>itn}hpK zIbd>d7N0B?_Hq7czeDyr$9chi_vV{5nAhxAca6N>Ir$xpyzMNF+}oLCzc=uWMl0>t z$9zTQrdj793s|fGo(cJf{chl!dr6!Z?B_H3x!HNme*RUcJ6{ci9hoWt)A;3?XPD?u z%gJvvIw$Mfohqc|wRzS6$l)&qo|Z)j%y~-N?vzqEkeu$4c)1pmqg;|&OVX3ilpc1U z$=An`gwz+O0gC1%TQWJ6i#cLLs}(Jhv?&fTEMg%DRyp#%VwIy&h*mb61NCB?VD+zQ zhlBU@K!EGekaDJR&wH z_oMP9q&E2#<`?j4pEt4LJb(#Veb!aEHmK3a&p@)IqqWe<-K3UH_Dnb6vLDkmfOgV} zw9n7Abj2yU&nzO_A}Ugd`5@51OdzI#Fy|YZ*|#ls``FuLgZDg+e-;(o$ggvms32&$ z?X^(1S!MmLV5`<;G>FU4JZetD7CQ#_QO$; zAX{-RI|3i0dAIQxl$v)U+iqKsCE(E<+6 zn$Kcd)%Nbw>=N`@3o2Mjd!q!kIr-32zQ;rU+DHJA_64|^%`D5YxMp!Zzyao7CpLKk z5*$&s<|~+e4V#_3uYK?;3+^J|iWGRhfZ6#jV3PvB0C;hzKFgPlA6aMlUG1o-6Bo%l%&F#i_#AMh*nPOa3pKg;*a z(ADb}4|A`4->Tm$H-Vol-@jJ+0q^iVPQHJs-^%YY`JSZoM+^P}`5r6Z(%Qv#HwOOj z>wqI(#9W1TYnrB>A3wD4g}xL;<=Q|SmiI#-msbpPxn=W*XZr>k`$KB0b^cEH9fmnJ zV45_Z^X1~faKIV-Jn(-S-@sm9K?%0mTQidB=+~?6X;+_%j_QP|11ILT3g9D}V*e;@8ETW$6i#lFJ zy$O+2RJqbB%%f6?F#NgNHhB;!)JMnSUXtAj+HxNS038)G8&O)z*67$;w&Z7wE1=oy zB0JzSqw&A%ThOw!3ek9eX)~*}L6pXkJ6r5q((;i*So%8za|uqjL3z`CBA`5er}Enm zRE0(56Rfqtvk2DP-~fV;*x(?7O*RYlh{+{5#aGRf zR-HRENu|5Yu#|>td6-4o>%@?e`C+oh+7H7A&7VlDH!qfqlblL+Y17FP5ySk7+{MC5 z1dmGKWa{D4Q?1S0eK>oh2dB~Kj4SnWNK4aPm>KG#iTcUGll1`+Ay?8wKAWZ{A!&uZ zw65{e^2a;>tMoGdZ`0e{&&}KaS$f_6Z_~SbU+I;g0b6d177iU5ZQ{-h+}K)QXyE#1|XNLk-kr!>=n5!v|4)qJp9vvzj7M#62 z(%d4C36Q7NgogE4mXIuCGg)FE`8}4Ab1{+ud<`PaA}>wX&)W39kFYYguk?g9Y4;*WqH;YqoWHdp3xlGaKSJLtFT);6u zH+gQwjOZg~Ye_WZNx?KqW~fJz)J_p5&)n)UPV2ABNGA5SOa$!+&ic1pXcPTyB-hawO_4V;V2gC-|#_#MEh}~J6Sr{Kw#O0y2 zoX2R+VgE7IBmBkk3G+T41WmbM&g8ejsR0DGtJ z=3khRWy!fF-8t);VXw4><34kJsGo9{OuXo?1wVyoAhSr2d zVnAv*2NqE+a?H7wUx~XPUihIn&woVz|Li|1*!qqA?ZbcUr4P3vh#VV~6ZA0m5{m$qY(<|G?0c|RnXVg1F5g4kk}7)&jet=EIWbRGZb7M`#*rg0T##5=JN~&d1tC2i2RT{M7 za!QcAkUPm6t%{j`{Eu`}(()tM2#U^Pi;rm9w(NMMs_3zdXZ@tzh&3l~RteMcM@@vB zT@XFqgKB@tMIkhPdyV6urfO~Fm*!G7Ui z231NH$>Dfgc&jyc6j?>{+Ds_OQkbH$1(#>$h1?SBtbfrTL*Uq(S_(`~7h{>?yNabF zS;~j#(QjLLI8%COCB7!PBevM#_7VF6NkwhJ z*;_T^MX`5l+F^WXry8oQ9F)>YEG|1-G$;E=hK!5EiXvQ))s!)C;j~R$(5vdeebeAy zB?5VwV*fZ@2Hgj(&%f!nJn?p^XUT4U_w=VE7;4_wg}ZDxh=`#53Sx_Z`Thh^53>HW z^;lN{c6@-r2+J_rXq(q^VxOKtkF8$$krkCxIKdF>fKRrW;jxhMj@lYlsrs|rirtP6 zUE~cICSC9`p@~w|Vth1aqDWdY*m-(@ZKbqXwth)1wBAG80yBX0_A~<>4E(=L|DGRD zzoG9>q#tcK{krQXpFZKn8|Li7!gNrH35mmw#<-NbVSL#wlW#tK?5$Es&0*~ic?LMfif7R~8$_8;&Qcq{{Zk;&! z3LICKx0?qVN739`j zNL04uJPSP0z#qpEA^HQ2XNIuUVC&Dl^{c8~$CRBMA6{G#A6^oz8caa0MU0oScd&f=}q<33VJ>17oWZBv%A6V?7xT zRT;`e2G`uF^OEi*lI|&fx+RkC&64grY4u(9FWC1yBkU33Zg71MFW+3}N)xR87aTmT zA<@3ypcRp1k8X|xd>LP)^2@+0OCZvG%AEk+s+dOU0#pMymbHoFHES5pgXES9egpC1 zylqsLTlK?X<%7se&0ok1ul~9^%<3R7k7FI0_o>7p@A+O;=k*A`zr#B@g~Uy`?%`*s zsdZ_3{zqS`2bg@9yViXFgKUBiP(jN3R(+XOHd^0KmBM)O2`y-Go6MI>Nzc1`OKg!j zaXxU~gZgt{Vy)zE77o67uctpJ!r9juy*OeQ+yn8sQ!7RC3o=`AXQ)eN@V-#;)UU@ihG`3>;k#%^&^6%?zSM?4WMHgK}WdRaDhI_Fr>;TDu3pkWr2 zX+g42(;00+Umqcvds%j8I%6&9a|@C^na*t%^rnDjznmqYN(*YRAlXIf)LYO~7SvNf z|Fob#SkQq2`i})ovmm{<@(l}`04V;lY>#x_vXCnkk|U5+77|rRAAxMNkaH9wRmAz; zLP82*Dl*_?WvE^bR*3XM(d6O4#Q9gwYhoZ|+H)k;3A-rg6D;*Qg-jI4ITo@U2pKN} z1cM6z8b?6f_}XRQg5U#pP#Aj|s`!x}4^#J!^XuMBG1}v?!Q|IFSwoQZ(%473pd8zI z>8RM7)THrL5E<*!3!{-RGqzcG8LW|0*Ye8ub^H!o8GP_R?)UZla;JIl!N(Lp&z|<> z_0V{}=ts9plyQW)u-D;-$Ai|(Ht-1r!56nj>ZXLF?|)I$gGWfdGrPzU6Fz#l=XOZN z=hH!&BLg9web64GHgojK$AktjGnu^=_ar4oD^MmK)d``q%(upR<7wx#lLb!6S4p~c zcZXT`F;D+f_lTK?4pWs$cD<%w?#L1UOZWLR6Kn#{dw757OAlu*3xS9JS34)d`vV((ac`9RL-?kd=a&BUJ%O-HNd=I^8! zBC$nst4_~g&37d08BoE%mf(X@Lj~Yl&<>YE?4@8JFKTQQ!0c)@Cb79sl%ObdTX6O& z8KjAUv1~cbHIMr7}rXCP5x zw$8WXG0Nu(2pZ2Jmu`Q9Qj9noDM54V;Sl~URTz|0aMp!~G|K+D*heQVjJ1^?6`VDt zH}`Focem&3W6MrzE9XU=3lH74k_#LE)P%;;#|wG_nD>%-U8C}=FtW#4XqlH;cTdOe z-MhCf@4M{y3jQlg(jdx=i}M=x)x0tLnTiTZrC=^y+AgtX)`>p}G)Jpeb;bW*Bzich zRZ4w+uy!YrqGMOlC6e*uC+7J>zz$qlR$zt@iqlt`XBHEqQ5ds7Ik8TD?Z>k} zmkipU*IvsHPCf;V!UysAsw_nf>KCl8mxw&P#-UK&0{W7N@np_55k7<(JNi#*1!Bb2 zj|*K5d0JgQ15uxOP%L3%BDcHv`Pa0h%8?~`p_JKG2YcCELtY@iL&=*p!-==aE!n&P z^0*8`By-zVx!IGNx3Eiq*Zrb(S7wwwpp$j3A2D5hzA^av>g#}EQtp8e-SpHtVH*Cd zim53^9){vQlmF3bT|qYJzjC&SswNZtS>{1i;nZK~>|5gEWjyM#D8?h(=DUO7$jQR8 z{mlIY<9SqsW+b57mL;wemsu_BSf5n1z^{s#tLKf9>7qmw)sR58$dhHZQ}V2N@~oioYql8}${1m9;QymW(kvV?$x7bOPDb4C)%o8h~BdY?=QC)@v zzWFzAAyp0j1OmD$mkB!F>kT!l#{0p$y~5SzQBn}QsYDIYu?DJtLe+R4G|`ODUK8^= zX`XI}jgI|B^C#4!gqrtlCH=9>AjtSoUT!{?5y;qY8jB<{XRrplypLDjE?K;6+!!yqG5*py#!9hBq~W~- zk^T2Bb)`~Iy*W*iS)D2W_YIleAGQo1k4^oV=c|p0}N;^DxWJpf*;uzjmeFbX=tF^IP zi^?Q^*sN0oGaJF$kHIA{Qg=r|BhsS+4srymrN5>({;|`ICeD1Wy`o@^WJb=?M&mr? z$thZHb_BxU=UsbMu1rgr-}Vv>Fhjsi!8N_9SHj_~0|hAC#(oJJFL0D}BCB>X`jPs> z5UC@yAb0;Ec-IOz%3B@0|3+jyU+n{8XFRP}4khy^75pTIkR5ZF=0o!-Q&lU4_?Hj|XVnB?lMovFVs%+C8b516_yE3Zcq*oV-JH$|l#4mel4tnj zRogSCC~=?@@tH#0j`;BIl1ALc5--D)Qk=s=yu=cB-J5u3ir5)pjpOe^Jp0v5h@C4f zCw}3E8>V8!^2~HJJ&3;6zctbRq5v+L#2IM_MDue2kSKn>kD^l4( ztACJ~Z|`plA&uBoRB0#TCxm#qCGL_&oDsbD8`5)Lu{pR~D7Yvc3TJ@@-2{k(#bOau zwSs{=f;HP2awg~S2R*TAF)0sDdhLB|v5x4(ZR9k!>~HH--AswgU@Xh@6ScYC==B{` zK`zU5ozW%hq)JOKvF34P5?7Nma0ElOclnCE4u?SUXic?1Omls*k#sTF;De_EjnrL8 zDL$tDp{hx4_t-z0v7nw#8G~wp8f7~0v+}Q!yYNwBro|~8CBKK6Nn|0>0COR>8jT-n z?!!OD2Y+164?WRM7&-OlSrn4|JEBKkXQ&=X#$je^G@`hL18m&qZQRG)xF6ZLw@BRI z5LcEyvZLn?d`mwgIP3B*tl$Q#-yo%mA7uY3fnojEMeF`3 z6DoLr>AFbcHWbCuiMkxQvn6dhy!|re=1Z0*6JCRVv?V$NY{mkP*bB?*7>p`@*d44c z)j&qsSTen?ib=NYEX{F44+OSTUVb}FD_nsnqMtcJYOHgqgH&l;dYw~~eyeRzk_Db0 z<8g-!su;Ud?|X%0qYeGaZu`|OlP2EEbI`$PT|9s<<6Y*jqYbx}4ZiKVn|~!=-`m>N zxqkkJ=7+dwaa^APyU_RRFYeaLH@{eG(nJ~v~?@Z#Qm&&NTIxV@IaOB}>cSx}FIGSDzqRA05A*SOfQj)Zg<=|GX=^ITy^BCO_E z^{85tO!wrzQa8V4gI%3%PU*~aV8!G$Mz6mkxj#I{)pNh>Rtb3ZoA1B!&AW_jSm~9h zq{-@oEVgOQDXC0c&9vMmrh%stKFQ@)LHJzDt(M>< z;Z{$;<@N|c{wcTV1R5;28EN2|ga=ULBxVEQp_W?{!6^b;Ou*%~j3ED%bR~f%%dI61 zYzSZM%GO4Bf#tTH;BSSSR4|uY7D2$uO^zuqw%p`ku?Nm2TN^S~v9Z-s+7Zz^_LHTb-H`bz5EPT{wnRD#vRL>x?Ex-iJ0wn@XV zu)Mbi4riuOArnq;Yl1x%_2n@YHs|CcE9?WkcIN$W(W(~ab1c9E{} z{RqeVkkQwqtstCh`-wVY=HY042*-@f)Cj?9naGuy*6cyYm3=yB|FV^KWc_(pmmx!u z7E;$Sr9HxPrj5!?LcwZja-($2!D0-JTI0yJSQx^lt0xtU)ki;1P1+3$AwUcYPl?SNjV50S3O68Iur%uTc1%78nAh3M6Qzw-y(ETH)63Du|!-L zh*A$Q{zWn%q!ZQCube=3gYv-B343m424UCD%p|C8rh$OV zt%;x)Z82fj%`8g;uO#fbnHIvXn~}k{x|uctF1PIjJ#G?k-Aooi51dWFb2Fkp*UjV- zR5z1Hz~z=tkbkJd`efJ5gww!L!VRji>X0b)ZNfPF5`s5Mv{C{txA6q|r`#qISZ3YK z)HHAf;jA9kq1F=q#B!@Ac$08@gn-L!Izj#^w;2RhT5dDbzzu}MF1IGaNy}|9!Lh<^ z83C8uN`m}TZY=~_EH{$|ZX-M%Zsy!cwl<0@HK%QoN*0?}-Uq*xO9cp&{Y+}0B7cSb z(>jk_iNg~Umq{@y;4ki=o*Y7IwhjIsvFx1VB~p{#S8tH&pV;;G9Wvk0zvezRS?gT+CA89R$KLHV5tqgh--S?CQheY_dDs~$|!;=9ITdBCK_k%P`Ktm z8ZhO%c6USvuO=A0?@>WB`lab`!DxA=rvVE1kms?*ZLpkek1G3vrxul;`}MOOA_O zo@sZ+G)l?~FYJy)Y>hFyRD@uy%zy}l`5efVC^1T8{M02FEd=B-SDvUe?XKjDg0<&@ zXq1ey<$*d*M-zo`J9-c`wv zfa(6MNXA#@9(uf*qM1sFOSghG9n$k-*9U%A1~56%_#ns^WSPr^mglyU5+TQ2s8P=@ z#WIh>4ngTKFB1q{|)MSDX9`*<=H>Ob&H*Pn}VTMv+Vi@K@2W3(V6G2;-d=WZL7a*1sjF?N%==7-%K7uDUFmtoGbn6hgb z*|vsK@>lFQmRGXM4yRZ%YLAT8UBv3g)g)AQSjCPpt`aV2ekmuNg8K18Q6%v~r9 z-IsNf?9DT`pf!n=($^mJBRbQcw->#XFJ6UZ7H+JRYZ0^J7iQHo-F>!e4~5LYqWX*C zeRAcwiD>+HS!RH$>0Hyc4PlsKHT*^f-kddUd13snfcaR!&{Dr`2ROM1h-Y8Av5NhB zn$&((JZpX@GjC-lk|{Ytl@{yw#G*b;%Qp8BYF(@KyeNJ{cK=QNS4F7rBImKboS7k+ z7VOT6 zikIXt&kv0mfMHUoIwLL@MlX^sKa5MVqp_jctp(~gkm8?y+^UwgRXnMV9kD4@uebVk zdy2<<&@Bqkg2){StEO_%11*fmYTogv<^`*t10dbuMsgpG-NdX{*J$kOJXNfyY|*e> zC<1j8>43L$32j%i%*HM|rI4FDq37&LpT&hS6hD`f@nhKs5kVZf{@$H_@*as8%zo%M z8b8-K-$_!d&20IFs-Y(dSR0vV&hTVgP-RK0W4%0ld!ESFsz9Xs3>MZd+ApiZ8|MrBcWq>Kiy z&ZD7fA*l00=51WPtEtnhlKmuF|E6|^MU=>Nq>bg5&^*&c$|qg_a+OBlvv9s#E>WK1 z`%${-C5LJmq?elHTrzDUsW|_#r6#f@S(lPh%QltY?@?-JNU6!}Pn!R>{m0!>ZJp<6 zVx;136W?OyeuGzvUyy~9xQ^BcCnxzUjCa2%-Y<`ZCF{`#xvN`KkF?`!CbGYNjg7CZ z87AY~-Q4}%A@09C;Jg5H44mt#jDd4BeiyE4w~<}a!_FO-b>~Psto{o53gdTYn=g>Q zrm3!^*|)qHzA zxJ`r6yYvps@#JsVzzLzOX_KuUpZr?%$mS|@B}^?x4lJbW@mC%{$&7P#XFXm={Ahei zw(}}E5&}*j`#WcoClFP!jbNqo5O74_+IPI4m`S!QSba;At$91d<}G;)n3Ov3Z->+F zbCKHeGOpo>LYwcj!IU!*%`gIwlLnU2TVXE%BefI*{7?U;QRtqn_q&`RRE5$@D`c~? zsgOKSA0Ht}tCa`atX6Wk>8agR{Mv(01|F@tD=Sde*AiYY08CWrN_@JJfSpp-WkRcYY}jAexns!{(G-KD1`LOIbIHbFlA6P1Ojw#u0WTSUG~NqKo$nPk>!f|%G3NLp1?in4C%u?q1x`8fGpHnfy& za*7W{9z$fm{}spm#SdYYT_m>hMpfRcBue?}tCV{!@%lGm0LfE8QUVIiQmDxR)Ox?o zzf>*T2VnCUb2l>SSkn<>mw7aHRw!6K0k;~B?~f8fQF*(8eF;&vf5eB-n3pOJhrKc} zg4|GaWawNmH41TFDQjxyo?0Gs^-O1l&$4YJ;&3U9-;63Ym5p^&aoxxYTiCz(cO>|i z=HMTim2Mn9hYW23gSnxPc}Lh`}$o)y2-zhf}8{(r?joXY8iwU#(Rb+onZAQVH4+W z0ggvxgGk({kyjVRhhRE5OY;|aByI!Re~FBDKZ&w;a-OThYpHx%+VQDb<}^uc1Q1c8 zrlkffHAX7=WMM&Rb(jS_Xpsy_RJLJnw`TTVU=e2nz$6Pn%Cx9!UQsMBQgK({)WW)9 z8RZAptDrGGi&ZhTU@nXwnXMgXQ;95aAtaB z=9Ov_J(eHl4@wJTEqm?g*XbMXRhEnEO5Hh}(!cPi22(NPCq!e_p$g$bpIT>7CLa86 zmQ$FY5zoQIRxLjiqt0g4^E;Jvb^45OH%OVFn@*6)Aba>;quYBSbenGMNj*dlwh1zi z(_+H?kwK@<2p5Sw)gfuyZWUMyfzeOvx{e{J(U7!_Fxc%Lh_K+Akjdmq2jWidg`Io^ zCN3&rZ09#ZcHfZ92XLf&zV16YpO|uqcy{9~LWu~KLhhJbb$VH}dp3PgZCReIkU3KVk5HibC zz^^-QtQe46-g6;fS%)0Btb7X&B(w227}F*mRJFZJ;}L`#^7s?w)gAF6VJ)R<<)YVr zCrZGI<5+D*AcySHrAxj#*mkl{i(WV)K&sNG0>yGkbn@j!ZN} zbgy7z6va}bDp07@D4LfR77W1a#2!_MYbIHZWZL8P=X5O~=hr&*Cr{zZ(RaO(KD-E= zd58{05qhW~vRX{zXM_@HrvrUGK3C7BFxz`Fts5;oH?O~&x>vvfa(yhaRNJ_Mnf}y{;@1GCnnli9}3iNdH|A@Y;D`+rHsVplzHk zdT?_WCxWl=RAE9O>guXkbyec&YP{g4s;gfY# z@)!piYf9;{+RML&QwcZ^ON)&z*>6oYZQ*V#TI$)-h?Gh zc}VRc|JT?9Q+>WYbVxd#Vo;*5Tjh#Q&3|rDd+=F~tN+pZAdc5Frah{}1EC6#?i#%W zwXki&L3!Kh99!g1hNgoT*i3%4;C~~%AKISmIpYB}F5r(>L#8=y4GGq~0$6K_eHqZ1 zE~Rqumy}Q2W7M=^gk+LC+i4PoHknskK#pT9;0YIy>tr9P6n}65dCmX}sB{7OPN@Y< zbOEJKtp!}`0>(QtEnuVznCPsufWZQ&oG;4KdBys>zovXv)M@$Dm+nztua$C5QA>NT zH7+5VFbCbNh2!&5``fF!HU^GTe^p9(O8JOh(>ejTE^#-hiu-_4xP>LeZWG=>P@C{3 z0&Wv7ZM4^fFC$E`N&8GnT7)h9*1m$*11@c}TkImR7P~akw%DsfSt1^EIs9s|Pr`H4 zE43y6cPJZ|@&{$z|At@aTOgJ?EzQ#*m_1dUE#9}|_MGwLnqq#NU5w5Q!e%HTQQo2E z##&lTPN=c)GS_LbbWge1zGk?KJw~uOeU!_6VC4;m)AbZ=f2SC5aQ5iXslw(Ik{Rbl zA82~I(SI({r`zaJ7dy;szRxB-RIn>8_GA}(iCG4gkzBC$2J$s7xP^1x!IPULjfN+1MxEjk)Cs|nO7Kc3&WF(CAFYXxa%mnFn)Z7o z->-ypBRMqVEzRjJ%~L|N+@*QKk6Cl0))$YHJMN3k6-`Iq+gR0-5$!QoR6h5cU`bQ5TDk%Ck%qQ2c!Fx!NaE+Yg2i%swApD8TE=LrSxmgGuf{V1tD2uL_sMa5 zheI^Ze$u~fY1!@Z!_z50=TOUx7S1$-j&g_Oae(-INj@zXe>b!1-#IYI$ZI*hoav~Y z`y}j$VjRQn{nY`It~s>=A+**A7!`blVUa6fe}`1W&abng~vG z`*ZBQ;!D_w@ZthR`2C3>UeV>*LQr`^BEw!G=_yRbHD)8bgvB?WV-pbXsBThXxgv^} zblHicK$8Mtkg#;VU9Gtrfrc{ zz?r1s-&28&iFDe@RMVPs9HLOTkvXy$(b%ThO6y{T5>2f*}j$;1%>$# zK{T=Ad^gpS%Poh}>qUm~ngsc+g|1XdY=ym1sH{eHgVS{I9&HohdY4vocekaLim3XO z+G$0%HBah?RJA7Jn0GElRjjpfgs$vow1(LzwCw3QtFNFXvN7rdu<&^gjQ^z3?6uMl!T?nCcSBER*hrRtQ&&jir8ETkTFqA){E z75pe)w@7k9i~8z;&$eoQgrIJ_olamLFwma06KnwLacCl3;&PCJddG6;R8X$dY5{Hg znQob3O?_b32HayOWmw^|6W~hAE{h<>WL>VyE(e&$E|)OaJbw76*%7xn15T!inMKbU z*f)*%iMClpQ69l>1;NIp$I(NiYv7YHuE?SMzB0h4hB0-52s50-4XS z8r}Td`kw87nAVkQM-M}svZHaIcx2CdcEtIg&iq=0U!Bjd((TVwekICG^QXFlOJ@Y7 zeit7vWoB!yXJwv0)q20bHg#B|TbXmTGUrNV#&kqaYFGKbkr4=c^*4GDvBhQHEWApN z;fvo=8;J_dhZ>V$r)DFH8B>(f@gb^X^UQ43rDS7Xy?Jwm>Zfc}x_&PB*wfEP+AB-V z-|V|RX`Frnn{qrQ>@i!x9@f;PO%|#Cziv>%BrZ9QE@m(!+8L+XQLiqFn5cMLzxFjW zwuH7PB5q&IS!&Xvr?i=GA{Z5zXl!3i#jmBQIF7UVV#1A#lUOn@KhRF5Fd_e^x!mNX zErdf1IxZ0q&gDO=R}c_!u&UXD#`N4YWQB(cO? zm}07nQM8V5rR$?JV%i8GW)1`*uFU64b5K|p&f+syKKTu~zj^X2)|BscvGb)tD2BWz zS$B6}s^7!@(t6mED~O~`F45{qp!APASf`%OooTzWO_r)RtR||_PIX;q1qk7W)rt4F z9BhmHw!{TK9k|;Ook37LqB9A&9K?WK4vPtT9K`*%JYZAbP8b<;gxgBOiRabcTL^03 z-4JlONlV~z6ILF#ED6+Ed9n##{j_qB1^~BKt%pP0MFg=6p)R7IB`pA0sRjZP$}oXk zms6B*l3daSDJH005K*F6_r?>JI8*s8CXRU;FHNJ-M;7P*2EzjCUWntFvH8Q~tgPgd zmLyMlakG{e#5S;Xh89kHaK)EGn@`2fGizS3^XFGy5v;9&b+BfdMC1_(NOBvVn8z5X zA#X^)nfMToGVf**U9O5>Mz>_qa(pPunL{8B>CQLzkna}LhpjiQ*Q9Kg{fs?EV&6v+ z+qPSq$*C?QncNRyW4Bp)3n%j!jUVwlsWpR_kLXLw!14rZzcSx!9)I7a`j#xWj(%_N zxKcm348%P00XQl^R&;Ee-1)GWZ`swkpzI(=1_9&J+3e z$hWsX;PjBJ{+mS2%#m8( zIQ|q|Tjf{VDe66Z1X!)~IbI-F0@h3LW)JnB+MFjae#P#UI^9LsKD9WNpY#$A7W1RxQz@mEAWLtlS>h#{uyP5n zB;3g}xD^;$e|Y^9UIJ>VuTZO>$s%lA&Z0TDJ$ZApcbMsRXj?Z9XapyDfSxL2c3N33y&*x&X=VOn$XRzl5HVypfwz zv17mBeXqeXJ|WbbYW_QUb|shkGmMKaYUYB_6QOvN;H)>p!C4;;i+xRvD2|Ml4s1Um zHm^M6&Z=H4WS!DXBJwb{lDU4O zDE5Py4v1C3p4Lg+#uxh~;@8Pe_8;t9YDd3AUF*WY$zRV4&SC>Pddf6IIOaswd(ZJ5 zXC!8v>8B1!`Of#){EYjoC4=}2_Ewcg$#t+=u5mzfvL<(oXfNebMITE>u~N@WB(5ba z?m1V0*Ifz_X*_=eJQK&&n?qdYkvqY?ptyi6bW|1k1NnIUB22PodPjL9UD@KqZ9^ah0E|}*Gkmn=?!4-RB}63 zmN6!_R|~Pu&VPtY)Y*Ak7wzKZQn1|rvcPP3%C=PHd1#5*`SL4d<#HK4&)Alt`0*=o zjRo<3A#LSEn$2^0wV8HBh5LCE?O)UKL&m^~kKcF{Cv z=GJ@54c7=1i9SRklfh!D6F!ZCi!H>8hPb#jg8TATa8rHU3E*UYT(-tIGXXu>AzK-NMdwVLgB$Z(cs~o~W>DyZGbIJ;@X^Q;F3fxnH4{+0;rp2w#z4 zusRGxZupYeV zG(ITR71WV6H~f9Wdk$RK%!rTu_qySwi0fBnTa4#|*q?>_Vd{SXZ%IVmJtVbbAYcY6 zkF1|1d6x^5!zTWy_=fVsD|f6Hb>9%r49P+Fs`=w(N2nZFiw&jyI0>Zff3}>#xXn%g zn}1*^j(9usr0i6P555{&I-PR_<~2?yp+w=w@Qv3+<*F(AS>lL-i_=rG^CgjnWksy- zTz{677f3ONYUv+z4G7D=NSFbyOxNL_}ipho%N6Cuh?vLz1 zpt4o}?vTGzR!9e3sWvW9sxpZ&QuzgI>(v}KnE$}RZUiQ`6##jU339I3SO+ELdsjru zH}SdE&B#T&JFe1lW!sk6%GKZ-k0+kBmFzR|Cbtt+Xe3!`o|ei7NNQ2tKTJgH6N@e@| z+oYLSk!63)JF)kNQKP6`EU@*Y3USuO90wCw4A#>Jda)cQCbaf3zKZCp4=bp2^dWk( zzv--kTKs)fHk1{_cs^4uwG5kM{wy1bxF>D0Y!!$PKHbWh8lvr%vRPGjq>QCrnrEwx z*T8DmjQx+C??%6z)1y4i+jzFvyw-QkD^SM=Fzbmj2B1f{zjwaX!YNi`|AKexe`FtB z?R_xNRo0sJt*ozdDp3}Kfh>{FceVzvY2F&l?v=YW5ZKD{b~eA`f~Pf4IudlhCbTg1 z6p1dxO>VotH8`d@+6Wil;GSuZnC0dSz(Y2=>0)B;a#nDPUg zccb{buyi0888O3@-hJdd)pM+uRDhJMwtP$3ph?eh6JPwwcn7u9gQNplL0G@t&g6-& zGJ3AXtE-v*llDi3^EqZ1%N^=?g0*wI(bURS3hW3RbYSql<$T-P9th(vcFfg!qIWcW zcK`#q7zG2Ov6-Zlj(+83f76Pvz});Btq3O!R#S~7y}63-;KC-znq8R;zvbcF!n&&& zEz!pDgktOY8WQ|nqCb^UVM;u4>q^7*NHFywv9Pj8JtbUf3R%w@@3$b+9`l(^mCHI~7rz~@< z=`m$Lymw-@2T}n{jlw5o_GdT!?|M^7%KDi8J3Bh0n%+*ARH|pNYB-6du`T|E$_(2J zEZaU_Za#2xbDGT!49U$=tcIrL<}?P4T->z7=Hg}g+BO$MI_F}dpNk61wx2RfoZ#^`<1PFwFL%GN7*nk9QTcK)jyFF zs58LGC>jUqU2`pct*?JhyOr;GRVRAZkiZ+-{%1MT{`Y!M@Td9s3h-uAf=-N%DIjzZ*CXy;*&C+nNX1Fr2X#6 zXwpcUAM3a4GEbv?(~5q}a@S=p#bu5bmkF||>@d~wRE$qPF+k}sT+{62p6%|sGu1Yc z-cAW15-rp3p_xoYtAlJRJBDGt>9x&T^rcC!{$0(Kfmn2#Q*UGb!gA_^xXXZ;ldZVc zCk~~&)5J~r#56Gr_YyPf98b*88dWzTCkzNN-_~zeOgx|~=D2n%=6{SQ=6g)eSTU#C zn18gK`Z*2uyUKo_h1hLC%q0DGo!zr!a&NJ5c4=bov{_5jZr;y5u}`qf2RWsH5c@Fw z9@IeogI)3Psmd1MZ z$5HEk9CZl&*1Z|3@bVVIkDzWs9Y2D48dNm4Ozc3$A!`|jEJGjeIAj^M_s6mIr1<05 z8R+@Pu@RK^6!UA+s^W6R;PX4m*C+^x7oDzvNSX4)%pT$d_VY*rmSK_l4CH{92y-!fx^P zx-aacpOpF7Z+|LBOMeo3zh5T%O7~x+JFeb4|0BCDbVu-Z0`4G_iS7!%7zybWP~K}_ zx=01Qgzg6eOr5hxyWmK`dcjd_wGKZYP$ujmVa%ETxy%^K=yCMvaF8)&Py0JDzZ~aw z&FhR57qBo@-X__$@8Z#8Ij6=hIF#ix*o%z;7au(2bcW68r=JeOM(EZ^24s$d;dp^A zpO-n45eXBS{xU|y!%xn|d~*rPRn*hbOT zdl}~kQ(I7a^(~6hulF>d^fNROlu8v9rHc=KR_sMDgCu(%kM7>Se-$MoHpp4d|FK#V zuI>G*(Is;CoevSw820js?ob-S%6H+vihSzexuopBOT#^8ADrQN9A;B+@5im0pmyWf z14G}-?Go#)9nCOR(_cJIN0^frQG3ztze_H^o4Jtgei%; zrYKExyDK^q-RpV`{8~4a`*@UjUfh8nB!mDSc2PW^;Q6!^%JcI)O9fQEkh@4ef9ATs zlYSJjK{1OqOh*Wh8mnxiD6qMS7Gk=|rqQCUfn2G;$M0rUj=q}}=)G-FX|3%pl zdkw9h_JKQ-`cbRBeCj5pzB}Jzls18b$sS5Ud%0QGEZ_J=?L@)4Q(&sT4ZH0oHmr(* z^SfSB-Q`zw+@r)iZS`^QAm7Nk<37g0nX9Cif9cGZ$<=8&XNZC(UVe9MS~>XyfcJ*u z7edE;E8boqH9Xy(1hqf<%4xcP?19JCUfF^g{3dGfEj9R-8oE`n)~BR^9oNtSIyz7m zYU5n@3#CZGXSOo)neP9gms@uKYuKKj-Yj)A-9LsDV7vbTGSTku|6RSN@iTu-g!KK_ z{>s8s-z6yK*odo8V6$`jEBAkeq5ez&*r`~*=>v=~X}{^5m_OamZUz56eS?6_u~m=pMS2k=h`{Kupl9$}qn&hJRxf7Wn{AARL^K|0194u`lMDqyfh2!Hi) zTHY15doDDDPu`dea9u z{+|6wAs!x7&3?;~AqrY?{NB^f686m8M-A7m{V?qK)BANm+}_>5j<=gZ5X=ALZ+RbJ zPx}GBF5L~j_A}z+H3{+i(v`r!D}di4@Lj;a{4ukR*YDvvUB}A>e1GXO7-VGsVZaKX zA+M+V1j|fcfzeReUc_6|()guHx$}4$G+83)ic}f z`NJwZ5RZLps5Zd)9vCFQ)TYFG=9eiL`_V(sNCt9?lkz=*c^cZ}*k$*fZvtYz_p6m8 z!p}H=MNdT*#9$15{j*1gsM?>x&V<37d4w8jNB`jnkso^of`z(S!peob;y3zsk>Y$C z#jV3cy-T9{Y!tRDqOO*xJsKr50x_d%QYc9jpN>dK>|Gi=?a_jZ??G$Ge&(l7fUD0; z@%-6m9$El_p969K`16p&OHZE;KHbhI;{VLVd$hqM@l5;|Oni3`f8wVU{=b;`=^%cO ziT`Qh#RR_RY4mcYV9uw6`iSc@aZ)0_Fu!19FEO!FUdI>C{IrerO{|ng?2p*kQpXpb zev9NQrJWHkgFPF*P#ylP9I12W=O7%Rugk`MbAREELUEjFKvY@ z>Uns1B!CGdh_U3c>#n%?9`W{2R{*xIAH&a!xz-OTA#p|RLv<<`(HC-fs&_r zHWvw;sXj)f@4sM~A@%Yn;al7*Q`~U;E87AbnqJ%2~B7uLOMPVeiHjk{u8I; z9J{WgdQtM&N7r@KerEiE!)*$wO+7P9Dbm#+23OL-?WV%(sj$dZTJ%eD!oTse;3~y+ z%6H^!qVKh7f5@c$EoFkgLxJ?z?`@$2-o*!#4z~E)#7r>Hj_H{!UlEG?`1e0bB)axIRMD zC4b{WO?VLr-=hilO2W6kyhZS0)BU!l`zH77k#5DLd&;D1v*|cnb-kv$B9d-J)BXL$ zzcxs^vZm8hNo0=tjF88~{eQgw=||{AnBA+7a@-sUJaz@R`uO+XsX@;I0Zw=~5F~GU zdDM-2M$w*6X%B4W%S+!t5(27A(mdt(%x?&vNq%W?12>rG#_wn38^zSSoo+gPz|a5C_w{ z-Ff%BK-@SBBtgkLUdA23&es;7LP8vG5A^Vsb>ply1T}xDsF@JkwmMKh{j@TpKUPG6 zpVOv3DO2){DS3#1hHoQKGUN=pO)veUGUn?qcB8heGQ^Cd4+kfry-6C4{BY2)91R!Dv9{%<{fLaLbq zQPQ^;yfm#?9lGe{CpkCef|q)QKRf`E|8I?--1JhG7(|?lUj7~WrSqlRV5q!a`0}sF zC6q6%0v57H#h3B7(fh+E9_YHd^D=M$*aJNW2odoR@V+{+^{-^`jQ#fO?Pq@M1VoDi zwcr1zj=m7aI2Mufj*|7az95IWjB!H{C#gk`aE#uM`469?VUnLnR5Ws(2WN@=F7K*b z?iY$xzfvoeisfoH)9a5HD%Dgz@8@$1eyx_v_^Cq1FJ~8OxqPNqm@&WMTqRvB6td~6 zzgR9V`%?!dv&B(zS*RSXRI|$l%EBGamYV=7nybsBTJ)<+l4>?fS$nfpf1-HEpH3ah zQt+L%Y^CZ0qJ@&#QGcjdsFsWQe6}nGK7QFFCF+vR_=UsESzq`;I_r05j|}+RdD$+p zeOtHD(n8iRm5YaSnQTUy(pB+u6-7YGU&t5JclgD!pI%CpQ{+~*83EW;8SocVxjZFM zk#e?LD;NAiYB^ger6?(AV^lNT*bwnv~D2Ob`v_U-tG?(7%^_R1m zT*~&TpQjql3 zQrHlKBgJ4jS5bD9t>mgp5x7VZ?{|z>uv;Uy9PGp(LU@64mhQ?{Ukb|PDivrqpDHV2 z;rE5AAVQomqaOI`tu!AXnh9F&*wwPFT|K|(luQD&9H#eAv?b(vAp z>nBU4d=B=;SD8xfXsrkn%~h7j%rXz@m&JUovgEI%=*!vywa`g8naSj;xncnhrWjaG z9VMqqk%T6JS(!8KekW{K#t0;*GUQ&!= zI!|$sXU39oE%lbHvPT%3)oMAnP-D=_M3zmZmkbvc#GfmD)11(h`rPTMX1NM;u@g>< z)T|C%-H>Xk*+XT}ISlKNxk7ldPAyW;H-M9AUBJ8~ooU)`nEvp=eKW&;e}4oCz5f0R zq#5CXI=qfbO_@S-$R0JS5n@g9odch)Vw0%?g3mGp>*yw!=4_8I6^%e7*(p~HGt*}2 zBv@&l1$+IuC0ItTkj~c_1CcstGR90gRTh5j*9tnVn#mdx5_T&hi4u)reTyoY71Bqy zxk*9TIxh^LA~-5j4md`5fs8>~s_F|7L%(juE|#hcQKo`YwycmcUrO?FHlIr^oWntZ^t|9~ke7$ZE^;4)R1uk41+S%Yv36+5FBMmy#eA^>f6Z2fVNmXjmA!>KB5NB# ze48}6oGs-=q)$bvO)o?%prq6=5%l`|3VGyr))!Gwh(6^*8$!$qd|T2-Su}{) zw@^*Nz+{lch$Lm{DZuX<X-p&3QXGGasyLWwl9q65@n!;p`T+eqnC!I~#p zQymAX1s0Gdm6<{OnMh-XiiO2|j`bpwb~sLgoDF`2#T>ObU@6*yK9cD>Ys}q^^q~@^ ztS*c=&|NC$ggTjik&lo;1m~8dRP?T78QZXz9>lC_F7bMSu3@i$_TSVFq5vUKm$QDgUTqU*6|!P$Yrfk0PPwnmy6|rE+qDI!`Vfc zLdxt29f;Tu&Jm75e$XoEc7>Xg+jvFV4?YDr(s@GUun48o!4B!Rj)-Pt9JDS-&BCT8 zYm#7+V*I8SMK=)SAQ+;b=L9n@*C4&?AuB~z8j|_lE=iA&3$iO{3UUtW7DAP?>B9)r zar|i?H6vN@ChOcFzZhH$$xt$jBUa01{AgDjV~(uGdRREulpM|KqYqX6a#n_w{Q&Di z)&RB$;lYf%fv&!5I2k_OxQRA zWY;Q(SrL!#8=9Ly2&q)6X2ucmK=nhGYskQ8m47m`4Br0LicpLNGI3_5Se6y|A{Z1t z;yTXaRo8tomqYZ(_A1k-=&JJaig1zKvZ&q~291u8#TrdRge!r-ERzu;oGeoENP&if z9z{4=VIpCIyCFB|)(Sz+f=M@4nW>7*)Mn_Is={Qbl(qut)bG>rkg8RSB1WRlfzzfk z9~4fdiX-8SM|9YW7+EXi(Kq>vD>9i>Sb#D4rpq$%2a}y>02r&2Mi32|_R5kh-k@lT zHi`<{FBJqDUGo?@$Ml&DQmA8AmTN3Csl<)7ELuwVDs+t02_MD~D#{7iMbLH~Rf{V< zBC`mPnGztZf=+oxXbN>r=!R&n&|Qnnl-putFgh*YGD6cu+d+VIAgT@>|8YXg8YZlR z#VA9di38bkZt-ZVf-EgalLaNGihjR;o!_YE6eZ|QqT|d~=R1b4n=(ZVWkWX&u>)CnRfX=~|h03B!#{Kp=S;X|4V225I3VeSHcvY?m z9ius}Zl?tduxpGWPDZfPhOqvP4MlC0qBO+0ogFJieqXGyK8k3tXRB~ zR6%;k2-jvP^!h_|eYTupy(Jt=IX8?mOw=uG+r%pv>SR&fi!#>67SiRT%BlQ2kdu%= zgR)KTPP5`xrgk|2_D2Qp_El;Ylq!8{EGB+w>1ZX?HQV-@0cv&5Mli_QRzRe(45>uq z8%GxgIjYqNN*d_Wt4)-17qTm6&XsOi%%Z1(xFZB%=kI*Ba0p?IhAOrk!EjfJ<=0Rt z{EpIsOcbzjn)V!?WZ=M$1p|?;t}IE1R8lM!NWi=Xj8`3Hw~k**Vb z5e*RUgxiYlR3<2DE$Tutk2F^Dm*zSV9@wCZknU+6NsF=wWFn=Tf{&__Y)~V{5h;w* zOwcM%8Cg^nX|A@?P_(z1VmVx>NQHz?iqe1vEDOqMLGOMB%Astv$B_rs$_QGKHW1>M za_Hx5wk%1>H!%G#`2T5zk5mfjU>}=YMfvzi5_7cKvlD}N# zLJ>^q+wwC}y!2wZQlxB`!ZX{Yns(OX#3>`ELg#*WZgHz+3Nj`|^2!=z9XT2?2>qOp zI!i((zZ%+!!!S!BN7ke{Q3rUU;PcN#if$mtEa)tFBL4hq5as)g($w{JNUmBIdI3?h zgsaYAnAt%oG>}pi4`i^Ek`<|HxrN3onwbYhE$d2H(iLMl%c2J9C?{q{Hyj3>tcW~k z``m~rRu`sPq*RcT2wDLcvVonq9W4q)MM$KH&etMqA?XOEsYW%DPlPAC(p`;=+S-fI zzmQ=-m`uen+MLOvyUxPD0+T>!s1!4lRjAtu3A>6&oYASvifhbAS(e94Lrd8sJ(=2a zDOmF8Y-G*5hP^{?m<)Qv94Drl9-(3o>A19Eghn*OF2?Fp&;jcyrrr8XsF{=-JtJ_j z^wErR8IeW;#?vG3SLoys@crPUaBFD7aJ-PFWiarYHTFD5>G%R55k&R5QUf6{L}+92 z*SF}rElsjZ3+0Zk3NXm9IMqQ1)d&!q4jW;Hd=vi&voLjQ;3KXuied%F+PV}gRGOph z6uW+a67UsHLP2+EM+{>iWB^Hv8x((rLc$MW#oiB51+u=8JR8!YR~#P}p*N_4(Za}d z6zQF)=7J#(>a()^2v#U|(3xelo5Gl_gIs&XzOh#Q?SyBl7S>)Sv=DjD?h}4zDjgqo z6Lmwos3b`lJt{WKYEedwRzb}g6d7&P{}c>pcQam8Dh#_Tz>#59X6+X>6tI$Qw8mJB zq2p0M61rJDENBJNK?Fg5s5@f*HAJq?GE#b2E~-iyOPCP@)vC&_c0Clvf^LUboJC|o zBGWm%Bd(*BaTk;7ptu8Z0sp!p(;B4F^JhO04Axnz1fxL%a6@`AP zWXv;|I1OH{ej_YnZM20mspXwCJxxsz)}we2w2g+gLgCP;3kqs^JdEi@rOB{hutfV* zkas-F=5D8VS!PZZDNWI4zV$H0X2cyu@e+=eFxv)_HKrFs(vsMYMJc+F&9dsZl1i9? zwRSoI#c(Z4A!Ke<9->(kjPe03Ec6s)pvG09oPgtQlinw$95M?C$@Qk`mr=*2gSD1H zI~2C;%1JB4=#8YZ(SZ)At2SZ|;8hR~%SELOt&T_3Cz3wN2R(84kQ zBCl2anTVxeR@He%q^nfRwX`mBn4r^`nT7mBx1?Gbd66}!HT0=9O6XM4WO898(ZYr@ z6%4gj1*^SWGgJHo5Tjvn)i$@7U?`=)(Yf~a5RMGaMjSrgf6QP z#FGXo#15Nox;CJWt@OK-Kr%32)jKKjTgf54UQGUQr9ixmGDs+Y*rio;@@8fXzcV5$zU3wgS0y_xJ9wQ-;u3{-_wF4F4?nR`x&YhZO2q3rs>95k;5NG$Ux0 zg}YUSR_xk2Y*$d92#qv28A3`i2{ob>DH~n3{oJ?)4fBQe8@w+gMMg^Ct0|(X zKZb%;U%=~IbcoK9MlTd=Gp12AgUXfyMjUbz>6bU`kV#qPi35=Bkj9>fWEXaY=IjGD z7fgQ6l~)l4Zq<_*gi3i)KVs)#ILmBhMCeF69S=qnopHL>lrgF_)EK?1cvdkL7~hpz zD`!$Snq*25i>=hNA)R$vwL`K+f(H0C0RuP@!5l@ME59M@K(}U&Qrk#Kf}^~*g-Aft&hMt^ABvI*2a2{ zK8WEpNT(d)4e`ser;LMiS$w<0C0ldNTss0_OUK6k*bI+chea%$YK)0Qw8LinF}tbP zxb&>3BaNci$naL~Ge{H>N;M)%KAyPVpFgw*d;!Z*+VBaKE;6&b+Nw@MI8ZsYBGau@ zD3}*ivT_rpT}d*9iJyFwgP2;``B9lsFhjyMoG1MR%Xy5PIc$D#$v|c#v01k>D@G&< zvtkceAwBOhLQ`uCOq%6)JRSULtyE@R83zy6dSLeg^oA1 zf6~)6OOMi(r+<6Y-`sd9U^b5IEbu_UNMxvDvQeKEYc5rP_-uw2RLe&_;~n4HF`n9` zvpuy!u8Iyw_d$qH(qhq@9#_1gdSkbVx`%i;U-Ym~Kz0L2*dx0E+)J=Upw%V7TUSF)_} z&2PXLYr{rwF`qhAv2nhOwBs#=+y!JoJKn+yq(qi0hchm@& z%0fQnq8wbNvV3T{YGb7oaXz7YWfzF~xk&mt9w|i=sXIXwR3IhNA&Gaim28oyq2Ac& zRaB(u$rWV?iSG-*?3xf5+wU#hUf4bnXiAlMJo*cElLeD_p$iRVeU%*sg0*V8dZb50 z%8EBJK09XyP{pg{7b+3A>EWy{0O?&Xms#Oo*-K|u`uoLm3x5y1Nz|=IecB_PDxHmX zRtyJD&1UK_JUbbwK^e2HXDtvgfMCTh=3GzRbv^X%u`lA;>fyedPl5k1f%BFX{TY6v zxvb=nJA{G)o1b`kSe-(zX6?+k3Z|UN#c0kN(;|1TpcR(sIQms9i_n_#(xqxC@43A6 ztwml&>M`SbCentWXG&TOzFR%A8K=3dRQk?%>xsZ6frW%^z4abJy1z5kQ~?8=^$L~B zqUn@S_%W-Pv_C2ihjgr86qgixrzl2MV7R^Ai~v9q0kn2p)2nMd3n0JJcc1avh~E%YY)* zcE{_K3whRuPMM0QGL8zHUlos6#? zGJF|2?08atuN_vFxU7R#;gT51g-!Nej9n9zez<_y&=FgFBJfiAMl%Fh^%4d?H- zEIHu(g$foR_j8O|(Cp$AQvC@*a8smo?YtQC&5s>Vo5K=aEo8@lAm`5lg-SysT-cXDyXi;tMd2oUGHaJZ$HYK1#=>Q>3f zGd_JDE^p3*%^P*zQ7$H6W^otaMV#0qC*?{(@#1JDrV_P&$XtWJzz+PGtkb?4ml}AR z_08HCa9i`;DhDa;K>GDh1gD=+b|lKI29mK^N~WX_&_a6ZJE()3Q$;X{o!9n|*I_};KboxKjC876KK!mN0s;#sJIf2L$*ZYIL2 zbs~%z_zKIpbi5+QXvW&mRoz^Svt;SNPJj$2m4mEWS#tUL4Es48V*<~eVFMTX9lQ_YAc9~@zJ3PC=T^+pe(YCY_kgy+!0dtF!e z?pXA@c2oxa?SA;;b?xl!v+?iYbH*QRs63hltJWEiF#`&Whq=epBBx7v!U@7L?d`U6 z)^+|ZPLF*XkE!yZ%5}Hl2UO^h-I9en3r1HZW@Z`iD4BH^<C%V2T(QUQJ*crt#m6sv9kxE`n50p_*@@Rn8dqjq5F)Ya!t5#i_6T7H zdb$x&f5>SZ)?%DPKo;_iLm8`H42nrVmJyT_`!3Ug07zJ<$ZR0y=bm)64Cd8cf@sTY z<;n0mc?wMSCIvCMjKuR-Q@7B44FyEy6l!aPU*-ZB`Tgk|gdh5pf%{7fhfUAB*1P=5 z+qQnhd;h>T5AyT;o*qENS>0j0% zh+I~A=PiB98#j6zH%jb2b=|EDNTg@FWje)nM-;ed)_Uycjo$u(YRBMKqE96kx;~$k z>@aPOxN}m(7xIv}4wMhoRBVFd_*ZsSu2diPLx@@Oa+x!@1?l?4*28w^^Gg<%Cv*3C zqzcMmV8J8bu$TZ|mp^X^9@Zyc1aIe$grFQvSHb%I>>g6rwRhAHKUw^6iT10EW)9Y^?!k@xa0 zjJcOHYgK)3DtU1K)HYv&=~3g(I+YwcxS#8eB|Z|Zv2@S~OKQZWVOd-vDIwHjBonnf zR4mLScc{j`Pk&I|kY!PWKj8#>Cp_JCv6J*N2s7q&NBp%vc*P28z-Cmt13|fT-4uv$ zu+`gJEM~A`aB=~Q4{s3TEq^#7qU;rr^#lQo>?=e?DY9PdU4)D1clJlpGKCkdqJPVK z2X@|OUOQX`$VS#JCK>xQRamr{xI|YqCt6Me(*U-k87xyWa8hM*L-K4&wW~Rm$e)dw z_cwz<9Et&(xwh}U&0veAT(rG~F zyzFYy+c&XDwuj^xEy>o))^b4X;P4l_P#R@0%2&5s$T4O}Hw7ejdvb9hQ z?%0K1h5C1xlOOz9lre(b9Xkj5ueP7&iX0Rdd;xD)H>16BXRLS9@z+8~kl+UYQ->Qt z+#(z-RxL^hXe#W$#X=0-hgV`u#*S}`Lp#3hTOq{0^r;!`_FLsp-qpnsRsZ{JyTh{K zU|qX1Bv~#ExS5Jc%XiPrTE05ldDa(tUXP;~kmUkv5=FTgnj0D8BP^~$Q-x@wYZVr7 zEMn*!`I*jUy^*d)$j_Wt5`Gusg4R6-e@j<}-jUIVc7t=!G&gCQUrtwa&;bpPzg@cd|Ue8N6Xj?d1H zPwfrLo0^rv=4VH4w0SfC&(9>M_KtW%$?5r#n}$Y4hDV0IsoD9deUg82_-1crWOiic zKyq$;-&9!1p&RFIo4gyTeDEywn4ca0z=*Bb#Q5a+oPBn+NzUFpH8gL&jE>Jt9!$=V zW@6u*7rc#6CaIId+JTXwIS}DqC-&`~pN@VX-8VCtB=y1hDe6BfwLCB~B^6Fi(1_WQ zxgf1Y)CebRQ>Zj@HhEwqIfxl}G!i*9CP-iZYX2u8i&yCD_2WO}pq_uxy4uasDq0PPflQWR+*vQZg9(A5e z?zJy7BctKV(7wrO>0_ZxDwNbQF+V&qHO|}qDam_oWNLnJVjtNcC*pr_3;L7W7?(^j zvPx&;vmBx)11?`f7P!;O26p7a;nK@;n4|sKL29_nyc(y>z?Ch08$E>G<$3a*mu*KD z7SYh9HiKN{&IY52aPGr~{TN^pQ}!r}P@^^RW|HH>o*wSG-Je}yW>PB;!^~QW?S7Ub zB7hieP`rB`dQef2-xWvv9$nCOM0_2!k{Z9we8WWT>MP%*vK@%Gt_eY$mChs{v2346 z9&^mQvb9gP*Ul}Kvn)rkbMD6iu-3P^at-wu9-3L>e3PmiEu_@}xatkd8F8GkiU7y< z(J&ruq%o9q94waakmCaUF)?*@9~|3C?P{)((|UxFsHkO*@1CC3ue4^Um;$S5(E-@C zgx@_hEMH;89pk}%#{*`+BWcGExU??8lqdl))(%g(bh63YpPrplDw8c99leb|ucLti zhjkB3g{6w@g_&l@NH9$phalq$#DN8w>=C0>oKj7%H(f4f@bMRoBbY1aQhED9jv!-| zBdZp(D)E-ntQpd>3`CyskmOZhFIcgifEk>>$m#O8sE?&ZBXb)e+>_M}$~uvgz2$

ENl=V>I~2T=%`)pg>C zttVz;5GI^7`eTmw!yv0~r$a(mJX-vGa_X^VcYEZV%$&Q`EzfvjC=sZBkupleU!fnu zFXfbhP~Fz(YZ&6FIR9&@L~r>3n%}0!+6t}vksrvzHd?ED0RR($YLjkM*V8&{xLxva zD}ix<&_T+-=#+n(^6M-w$Jyx0CIriWJ4Nx1u3jx!+@od2%S^$2R8poJYh_mgwsE@b zZnk%s0>vbHPEO1?u1YruDlBFi&MwIVA|t1|%xWMRC_32;k^^KK>S!T3a8L{lD&|x4 zQ{5O;BZnwtT=7yFuUWlG`Ik(pUaeg}3oVdY{Tt@uK4TiCs@ntR4Bw24)@>U_ud%)% zos5v~nE*{DZZaqM{w5Rd-Kxi`SHlL>-i{7UF5;?)2_i=lTMP!YY_(p&3&lXX+& zl3MH=kl--?iuVA4R!$_m$tE(lTNk2@(^I~~4sNwo-wrs4$6`#NYpW<;uM@Hv0Ko!owTN&gsLA9_)qO$v)ac~`{UXP@M*PQx9{57=p1L0 zv&g5SPwn$nnNC^UnW%Zk%{Cmh_ZH(dWoMM+?vR~A8+6v>4hk9o>K#Yf5H>S}Rh+pI z?nqvsqF@4++m+7Jeq)YDU;}aOGWlLBn>40D+Q0nJ)}OL!To4ChC5ljPdu&Z(b2wcUmtJDr6=vaTokkRmGj>mZT11y*b-mFvsqaF+-hM~Tcg?+Ou%ld&Tp9T>{F<^RaxbK7VR@n4Qt7ziZ%wOUB& z#Z>?9Be5vLv9Pa9GfJu#1kU@VoGY)UUMc!ibrwFKTU(JkoBkT(UUqwaD_aU zgs{D^+5xuUc5oz#cLXH3#Q!~17p|XX0!)?2&VNY2z^HjbSo2MkW9OC47)oI{V?^3y zKT&Von_TXHjq*T*nKtf@{ZkkIVRW57-Q{*(ao2!!^KFsL)O5|P3)p(?!-aJ-ySpX`Qz2 zFrsoSjU(K29WoViU^B`bMW+l;4!YbuW$3V4ipyyio})r&N3gG%g_UJeru58YO)wE~ zxhEutWag2ou|qOtRo+h#Ds0W(`>3mK27hPI#`Nwo;wgse>qK;mEivWpw0f6yu~d$O zs+qqEdp}Hu{7Q8&2|}#Mk0IXq`ha*19;e0==?M0-Rl~itMQWyyZVVmLTFALRbc^th zihP&o%i$fP9-*hZ){WYb?kM%js(Utio!$RjED{Cwb<*?7IsEmCARH%QL5im;4U{C8M<#%~SVsCFK2~YDjAX>rU8w?-2cMOmuN~7fD}UHbUXFfq#Je_wOyfNA!fc zY*W{}U=j%Qv4Z_FXXQHY*Ip8-0DU)WWk~)Z*!6kr{|lw%&$Ms-HoI$t{RLGQ@|&K; zlaG`2#03R`0uw5r`OF0PR7dh~7<~c51gM+;EUez%vyt{natCR5URRT#Kr?;%)ax%> zR<#X#!zbkFI$Q5`GLh5z6TV-*C1EP?%r{Lqlu85wj)br7A(Op=zc| zqVsSC<zUY;Z(VL&EoC^`U&*R{4|C0 z(`570wD0-Zt`i#z^Yd-KEX+@O+YF8$)=5D`ZZU}dId{)R791ip>+ReG(&BdC3Z9Ken2Ef30hqv!he2iQLPeNHZi_qrXb1h|- z*UKF3W#tG=cx_YcC#yIIWbtM6xq~VxF!`?gmoT|JSgQxQ?aORpoz^$>T9bRLzU3G> zeaq>Gm5I!pinFt2vzk4Qo;@Ssjf%4)iHr+fi;1XF6o8xV1`yi-#K-vI{+W8<2H1i; z{<8aebADU>skzJMYFHf-GCWR0m?F0@YCAD*Vz~5<^P@5iRs149HXuEZ!x%BGPV3db zU!FLn+W4~Ej9+7+@6U zl@RuqF&q@zzJ|&)9SiAOWAut8&dnp>*NvmOGW$9F6R+X$W|o2;NgbZAo)dD_Ou}jWjr2e4ai&__qZ?Xm%6z?|DKmRWW522Ve{Dr>8={l! zK$q|yQeRw>oQ9gaxSLHU7c-t07bPzU2forurru~AJ#C0{({6ff`0TX45_Ue|Li2}M z_uG^;yK!{t7f$vJU3ph5Y4lRRV1M>VYw68;dSl3;iBEVVa|bVDvNO$#4VXl>GD&i8VNY5vdo zBY4d{s$f5M+D3$x1@LmRN7z850M2U(8Xi~03Md1vYz`Myak5>;CH|$s9-(QUU&Yk* zD?CbV^JWk6&PAq}&y@9~aG)`fPHQKvqkt~%KG;(prC$*L!h5z)-)=9yOe^CnGj2t{ zi9@_|hGgo8U~r34a(u=7CsP}uO}}u?Y5E1qSxYH_ooqeCls;sfFvNV3L&c)sHO#YxlYE|6Y zY7k$lRLp=IMP1xMdvT&ZTlfVfAXWrR<5Lom#g3-(%PXLtnN!(v)=A0JH*KR znSMmFcAXxG%@5Z_JwY+vV|^r|dEKJxH+nY8Jh;Yb8?B0wR01|H-*bV@tA<)%Kmt#J zNnNglj#;WGTlv#hRYYv*Z_ZxcHKTh{-0aRxib)REegz{}q)t`!^_s*_h-W+4sc)T; z{F=KiCHMtFA_%TPXmzAH`rdW_9W%Ma|Gw0qjLk4JW9z7g5FRYUA-80K73V^Fx>al~ zk6CC!m{6@q?mxLtaQffb*}2D8 z0YpF>Z6EZq2>>1W$rfJ#RND0otty1&fz> zQJGtR4>gIo{wdI5nBOYq2JwP2dS7uO`I4 zJ|H4`8RiyS8u5Q?OwM2#qF2mv{<#4x-9QEQGZZV9p9}iJI%z6JnP*T_Ecs0SklZOo z%kQGpl8d=XvA;is=!^7-liAc%2(Wg4S&+XM{z?M(#Sm(+&&zHT+#=pIc{vge=jH#a z5s!D5l3;OSdh9@}KvHspeQ<`pM@l}`?vCe9x(Te}>gw9ylMtX zjDr=$ddb(SS#W!D1OCTQSFT~%v|(p)NJ*VT+;$Xm zK5B!pB`~n{YdDCUV z5SVgVd*igdPwnZk4TY}GW7JOD27sfnUSoHwxI-aCZWyJ$WXDe7aXyy))Ni1bE?Ct< z8UF&QS=q7CqSuqJ>V5r0@cM|N*E_H5eSND4BRlp(`jW5wu%fT;310u9==JWRwyz1g z_E6F5=Zjw3W`^w8pA@~mzv%UmjINJ4Lh<#%{uMK!OnzuFdbBK9<=r(VUy>;d{86^i zTIGD#5U03sz}%11TZ7T4xXs@%mwA!}s`6(DaM(tS)& zqwF!cZcLagW-n4D)MG+#YIFBJXl1czQ^njbCO=QMx8yG+M)s-MKjsz;Gnu9#qsI-I z_Xlh`Ed7|cnyR?0<+qk!R_&(Y>Qr~Z-lF|Lfz8PBd}ydsTrUL+p4{Gu^Nc-t5YTBq zZY?X>**HE@l{{ER-?+29tlI8%u;3fc(t%jFPoiu`@DP*9A^*fD-TU`GJ1SGQupM7? z7Z!4gqo(xrD^PMmWX(W$z%_(~cL%MpoFJ4r%lifOzKwC6mR74)40B;)gb*A+V{Z1` z(r!nu+-y7&ygMwGDQmGhyhqz(co+CQ^@r}(ME1JKno`bV`$YW*w~{;Zaj4WPaM~2i z1P|;!B%p7qUlG1(;*CCUKS)75&QiWiZBAsr6Il~Mv%7=0oX@#*fQ;n_foEe*TE-KC zd76-|J&EkQ6E!=C6=cgo(_-gloipCmbUQ*T?d5=~MX{{m<&xa2J6LJ5la5l{Qo)l_ z@I23W-{qxRNtxaeEC-|~G!TpiI5E9( zL!34lu_V7@0nD{i5@!^i^!c^`N%pt}QN#ZL+SdA#O|1oH0-fzTVS^VXR-8sa*XT>u zdQEpE%NfDVZ079=;p+dK>v(qdM-QJDC9@Rbc*#fa{uj{WqQv>v70wSVVIw+NkI()D zHR6lIcGdTsIP;nk-(pQoOHM7y`O9q}ezTZCXt)k`N1N>$ay{}}uw-f7Ls8Q(k#5g5 z5lk($`x|p-LZoI;eJx&tsfzV0HwFDHfM#-{oBb{;7&6;i@tSS9bL3L;`XwScn=pk} zSmM9_V{!LG2Zl@h6uTYBEvxU(ex_olkpJ4sYvHT2_XAX%#bAWp?UuP`FMx?+(Y+}MG6>;zT(y1qXecCnOn#D;ashQWE zboG^&x!$!TQa?lShZD=!G*pzZl%M{6K;z*`C5rO9YQbw-XW7)LEM|KJb7f!zaeRiu z_f>%ffxwDyX(CvS_lNC5-;D$**rS_*_{>;jb?)(>QJubeA@y7gC9HYcd+xNgT=ftd zRmMS-C@1Ui0K$asTsJX0W>g|Vtp0PkWXit7y(9D7RIt!#wY>^m{hI_x^&sy}JEPYz zc!nH~{TB(QY70H2mmSzLKx9;qbWhcssHoE_#OGcEO?KPfAocZ|v4{@W^z^>Q-w_L*V ztXE^sNRce}73rg)$I?2M9A4z&3%!+RatPDrrKJygB7->MII{QKn>_X25@r)0R}MXR;=g+fF}G*@T5C_lnvO z@&&6(7(+%YCbxhpK3m)BZ9&L~>cS z{8(Mk%H2N=Ndp7HZG63k$E?Jxwl~kk=(n@69&w-|zkmk!>{gC$Ox_eM(`{OdgXd10 zSZ>^Vv3qdu!_?q7*at#tQD(*4#D+W8!~Ra|ICYkIwjd&X*%$E0hR56giI}4qlh1av?2|8ZudWHIoqDAoh=&) zwugTGe+-i }cXXq&gTNfah`=8^}d64Bay0HdrU2)g9Ub4rq@xtV^wt1K+Ymgs3Z z?-pt98H=1&`P^Oa@hJEx^;m3q3rwQBU$ghtD4b%uat&Ql`KLy7_eSni?y%o5ju{Z^ zN)}$qAmZe%!YtA9T~Y!lTz{L- z0^r_+CXnCyskLVB`GogEICTTNhfZG<_cro!9F~_0BH{Bl^~_t(JVhkS+#z}{Ol%61 z;AuDiQ&|aF+2V*n?WOs0tzkJasGz3gi|`+6XL~2l;@NLU;@;cgs|tP0yL_WNf@+d= z#Z9sAqMD{SUYqvyLD<8Ck@6N=%R$wk(;waFJ8)$BK${5;`Ju(!QJ56`H<3JYtGP0H z-cQKpksaIkLl7WL|1sr~UhU)s3i5hb(d+MA+WXq)bsq%+{_@@hY-)$KAUK?MfMPWTZmaK2;AZHf^??#62UJ2f@uEJPe(-dY-J1KnE6}*$E z=(Ii(ygMa)_v_%DL?Wm4H^IBp!*@3a?}QLe>-U3qqr-PIgLf?RCCTs5*0}Kb#ldrg zfs*7u^8D=Z`MBV@)Nv*6IPHS)`N-fonrumuEV!p#96modc)p*Wle6HoY2ot^Z<8by zaSz|X6b;75-yfba1!9B28$#awz# zpvc01v#SJG|87^4xcZS@T^LAHD;L!}OP{T8-MI{I(&NNetc+bmj2i3x422Tf#>!_D z!7t_Lah&N3>|m>%<8jY>?9@+Sf~?cwCAFE`s%`n_fvX^cNwQT~2RR-yJ%0w%S3g`~ z-&2wY7EGXakNDJf98)4qo=qBUNkARX9I8rY=vgfzX2-sbH5(knllgshxv<4)@2)Y4Q8856Vdmb8)tEoIc&iP%9`ZdsB`YJ3rjFT zjP0TG&J7>%U^?kST<@l8)#iFnxZdx>26n}xAEj;&MjQ9$F=A0gJaeh}wW4{4<8h7j zYk2PXXP`d<4B}o+W}6unyMZ-hYR?7bjYR!1_kq`|E0!KV1ct!WIBi#IAs)>TXMHnH z_ItLJO|j}+uhn{ydq(l4w;2=_`jHJrA6kbKG=v1}%W5)7AIo1~P7?en3ISPR%_hI7 z+zbL)%-i5{K6{&D)0@z7$e2&Q{YEk=c(CGF`h)(-Z9GrrD6d(QGNyB{u%1ZbXv}Az z4pU+Y31at)+zdFafnUj@5Qld^wkUSLsMmjpsynw1T<}53P|-3B28n4dSmLx^W|M8u z#IR3cHyg|;t5^Ulr&U=tNNJIKa-*ONwz!!KDw{cf$2-1S$0BK5@k}#}bEn2%ukn=k z9L$OwL+o5;Yczb7I)bWo(w4sQtBN|JW4g$|Ej-eB43Bavo8YxEJ0hO^2nC!-_lx+i zYqlM5x|TY`S%gZn4jrj7JPJc9x3=1 z>=p-#dndY)Qolm8Swlwi#uG~7HBBY{7AqJGx7oWw2?b`=oSjYXPw4(6WPwCA;A!Y- zhjapfX~DM58_`EouLT6*KSCw(%=jus7OEW~z29ZEL*==T)$8#uTX0l-<>I>hERoaTo1#v`;-5|k)Af{Xz9*-1U?Zx*CO zdfq|h#9_@XHF?Ep-ORnwQGRAag3$azNcmc9%WM&gSfOg=UM52YvA(5d9r|sX3ngh=KU)K91C+~!0yoBcSWGwRi zCWYaU#FQZG`meI81VfTN)Ssl9yiJ<&A`JGUJPxMl_mo%qdd%_Q)W`%}EPHJP-)>DO zC)x1o%T?`-X8;?{`|*gx)P|twQ>jG8MM& zQ^L+Q&M*EC#nKI0{2R3RFQp63(bs2wE6!$1RM!Of8}GzboL6n(!8f*4`}W8AJcLYJ^&3$d@KV-l~ZC5NJe+l zB@zEe;WMW6s};+63S+2SM*StpVF_63wJdB0vappM=uR_cD$X9=F*|2vT&&L#QeLcf z7JiFwnzQ4}Vh^aTWj+BRq?tI9`1Ms44sGXizwNA4_^Y7BAjcL$uG9KE0}Vu> zj_G(ILGMzHP#bODDd6{9wU?a;e*4aiE!=?L-`SJBF+VuxhRxJOejQNTi+$v@c5n-Z zGgIB<08-mlhU?v zq$dQ_uenDV3C6g{{~5Q1R_+rJvtcU_>6^a&pLKL^D|h8vq4QzYlc+0?bV4#;ZG*}% zkcr{+K#!%c;^^vGSRnnqIPLiXr!^`!qa(a4;I=P`+ct#Uc8{8|LQx`KN6e~%`bHs~ z_?S*=-p6WsralW1E&60?TSyaY>^t$Qffoz1fRX>_NF1>iU3qc(`XW8O-Cx<)JgkL_fE3Mg;D|AqcHH{|-#|E3w&KRx7_d#iqp zq1IxI|Jr!wANuHiAdD?v;&Y|}{zIq%{saP#W&Xh=WYU2KN?-z=YzfnBdSH#G{Wp3+1>rmC8wLOG>6Ry?efMqb|unSrE=Ge@Q`T48*E<^y$P9*LzVh~ZBV!{5c=64Cdh>*1?}2>a@K{+fbF z_?dLQfa4eIdPhsTm86r`^|blebiL-x>HaT7&8T?=evhu#h|DBqPiFzQ+4}m|wLL)7 z`kL5;@kkGC5BL}Bd%1yQ19h*1t_YylmMn5w52r7AXeRT*T=$@GX-s}adfw}+gK9rr z&tqx*gr4`H>3MS`9TfDuKp*gjTR(&OZDhWsu9*mzX3(PTPv~n1dUJ zLDhJFjF9_Y{Y|K;SKx796;7&Kc)YIUguh93yHa>Ex}dr_>91=P*}Nv$DXRI~b+$lR z13?0vZDU@6NkkrlM5MvBFc9a)Mf{DS-=N1X;ga-c<0F!4Lz9GnqvxScc9>?hNGD5R z^ASLLbu<5XV|3ciLF2dcF7BP=M*8_J#;Svf3e~jhRaEL&nJj`Orjd=ISZ4vH;1K#dCfGWyL+S@p_!&;|NUC&l{D}-X{B|1U_|~~^t8~Q<{!($yt>v1EuU(%&Dm3Z z^|d2;EPXD}r-BV)WFfcxNmwi_btC}>N#s8^wMw;;MpY?|s)8j?_#pDcEGHF$Rk5BY zC8=Y@YidISD-rL!tv9u5NVt`Nd#P2jmI%EoS$?k5HJ`C(<_tZnz%h53=})GmCHIqt zHC3&d5qGK@Qu!*d#lCBfzJ&_Kt_3hw`qL?4<&$9GQ@OTXPw&&mgfyr?9^2yFC^Kge z57K^&U3N&!A;#2OACJD5!Vn8b7%L|@bb z8R3*SLd5^42Vn$ktO*Z+ZQ0o9ZY$bAsVL4IbXvkm6RLZ;5LS|izNJ<>tdb!9 zDQ^$y&GAg4g}fzXxGW*s=2`Wbh_|m}B%s^;79a>*bo<-TG$FeEH?EsA1U!gj3q}~ zLr!>cbn0MD&W)~fopV=Uq_lGdm9}a#$n$~Q*;A@5k!Ph}W~2JrA`Vbz8~|O$MC98G+Jonno znDXM@DD9^S&LlrFSNdSU3}6(Y`0Oiut1mMs7MrKgsd#kT%qgMRTrUt!$=&}z0lQ6H zhU)j`1O;TzV>z5a77??lu5nRu+bXD>Xz0|T%$QG{G^^GgB;=ChcAh4;B2S9dD7Eg% z2Afqg8kKLk_aIthgPM}%!c?cV+{iDa@uv)839qw>^ElEkBlQP6aA#fZVpgAhs`OHf z7fzWhfJ&?+Uop0K=5@F%@vg_3ARUhc>0@A71e4rom&W`{vbMlzgKR+isxhW895u;{Up;4}4n10Yo({n5g=p zo=+0iV!tl25d}X`AHVJ$5NAQx@Ac~jyA4O@cHR@z{ptGtXZ7m_TBrYoqK=qfw>9w4 zb`<$_K?2tc@j)J4)AI8k-QMy)5aPjzt}PgiLI+l;;hIO64C@55|KE6Y$6AL9W&!wH z;L$x*W6tJ%vH$;jbdQ3{`gn9V&@spkSQUJ_qCHfr>G)T&f3siLg*Ngw1Ub1vC$E1u zDx4caKQtJe0_#-6wY|0l^Xocd#l?Qz%~tU5RduOkpMKrDt#+y4)xR^TM1=O4RPfpM zWnOy@vG@|{s^-_dgnIVYpygDplzjy~tY!s_w*?}T7kng3o1DH|b`M(TMgw~ePG0AR z&(X-=q(Q$dNW&u)r;(%fz^~i-M=txgbo1JCu|HQHg#VR4*S}kH`S1{JB$vL7(*J#zgQoH4m9R=I`_8eup{)P*k$N-Je^V_vhjSM3RDN zIy675#;|JCUa1}~Pxkibx_kL^6&T<4xlj@q&WiXx0)BH~bEw+OpSuq~u1Vuy;aXZ^ zLr}3dHy`RDM@Zn!eamT`1N)FQ;;c|*k~jBNo|(4zLHD3=|B6x}U5~WE^v);CiygY>+jAVc9I(PyspTkxTJF8a0mFr+vVhR|r;S_4w`-=$ z(6`&W@XHBXnY-l902kpap&dN^CwHb1G@jg# z@(2;G{Iaevu)Hrf&{bp*!k4>-QSZx_Tk8hC+&O{@fEN<4W-u{x<63S&K`wCP5~qni z@QyQK^sug_9?4q1mAx7B!{S?}(tq0Vd{1B8jbl*d` zuehx%irNy=q99(XYJzqAv$$>1ia)6w=H0fRE7bKF-L?e^*rbjzZ)OYp*!X+F$Ywzs zD#3AxOj{A<$^#s0M7qfmCp%2qEc8yU5WwM21(3;pZ(l>M7Qyw3lTeQIvV zY-OLC#`UMzr|<^e&N%jAo+2#}j4`xM;Q*Uml{vG1XBSiVKd>SLn&uA{hH+~CUdAc$ zwY}_9YcNicDQyqNsh!EwIgQk58yWUdO1+Fzqc&tB&RW7y+mBNdL~}@)GtGWATK%&m z{fWwgpb5(xrOGi%Wt+?>j8f!TmVxPVGZY=4$P$dBbFpNA0_w4LqC(kNrZVBD6`?We`IhU;T4rB~^-4x3 zj8Wrdgu)m#UPdX5QH1K`jZt6R?LQ;RG-FiyjnEb~=qc|^|1=q$=yHXs&s(Cj7q!?D za|%jNx*+ncC0m{Hst$mq zCLP|9-n=K>F%Wp*Q3?j~4LX=NKH&ojY~+=>KaprFlsxfh#WRPok-5lM_H6MUf>Ws? z5q)juSHc|x^?|(kBdX}ji;Ck0aaba1=6yk-yeUVS1WoL6>Lc+mPMh3tEMy7tBOM0B zEoCTu$3ymZ@EAe!_cjU24#5$85;Q;QFeCHv!1NmdcxGKnmd$>%YZKXe8Nbggi#bc{ z!A$Zmb;AJ1#99SW zYOfZ@1m9%!=jjo7BJMpKo@h{Tc~O0y9w9~XrBC>)8Ec)!Dp$3N7t>?iUK(SaG{(sx zJxZkb8P`ylg1!QJoB%x%;?-E~N+Cp82648r6qmQqA7RfQ688q=o|(^fM7Ea-y7AEi7(}B~z2qSUDWHhz8UvQ;wEdG& zT@ct+8|s?{+Ph2}Bnz%7b~w?GzO>gH(RHRO!Zii$Swt5cPrBYwRPpJwXHIHp58V=l zln>;jt`qH%*D9dBMmPG5)0Sf-+QidnhFwVm&ob8luMz6YzmQ=!klHMUYgj;m40SJ; zH551?q`<0Km;E&g98gSwRkQHIgcKM$oos#AIv+ZnZ2cD%%J1YKPB*QECj%;MEKs48 zAWc>!#$^9Ok(_su3 zY1559o;5L?Xp`pXYfkGVXwX~P?D>Q+qY%d)7ELy1r<5f|f312FA!d9C(;wBG zJui~pGvB%4Ctz*%hBKMo^zI{_8-L7g`t_skqgaWBfS;2cQr^sRwD3;eAVEefHOQ=b zDmgFWtsB-s!E{GU@`&yUA^aPhr9+(FH>s1n9XijbD?(21^y_C0!u$JF>IJGQb#9Oc zD4Xy;@^);@Y1f;4!UB|(`scWY+qFKWXN+}9Jo0|*VH2!T>YIr;HLOg)gZQG#ppD4G z2Im&3GXmK@0%G>u7GPtq51d^CZ|&s+H>mao#2iX}@#tGKzZM3>m@YOo_dBYB*JuVq zoukh>uYj0>HX8C8*_C2mM-UaRBc!G}Z7%`qCa;T}Jx<%h)Ro5?|MQ00M3mMxd+VFM zO}-r5-i~2AC^U96f1I|b_`8hWF=x(w`pr*QTFIfXfpAE|)6NZN2eTfF4C_$Yjuxj) zYF<1WFSY6H<{%2(1rrPJQ-d{OMD=2onEi^0BTD)LtYZ(G#VXji*du?v)2cJy)csa1 z>MTTph}NmgK)%rM)#&XmvVB=Snn^#FuT}Oa{}k>RpmfEt8l}_rZJwuJA87eoY@eNf zRcK=vo|#hNt?k@h9?M*Z&crslGswl^EM2(g%nM7}Wy?-)MO0irYcQ0s`K=CH3V=%CU0~`O&uS{oJ7PEu=<{QHnjRPB{ysj4F|3TOt;+{cWFv zw6pj7x0lXl*T0V5VXJ!dBlbBg#b?!=9lU>>L?Y=ApsqMIWEY-E1x8(q8FPBeQ8A+| z`xDQO>6eH;<=m)~LE`Lkwqz}{qR!Gp^|!sX`T0s7+#Q3i27jUVQHrE#*jtfHL|0qR z8nhx2U6Xo&I-sldKz>{{(ejbEE+DK9O@$FwKtfLI9zj++AKv3aIETq>%qgQfi2as- zEgt<4F~R>K-?8gc0pZ3<{6z@ehBM)IOrtVcWj!cLyp25>@7okf>SC$+Fh5^Lkua%* zHzG5s!r-s1U{jse{h14IBe~Y-Pds}i-sf&-;ak8SCX<4DO%7Pq&v{bBs(#At-mGf4 zv8t(1LNBX|Qp@CGR&{W9op{tqMLg=bPvudwYJ2%psyYB+axxos&I@1``B>0uj=t%% z3H!UxSQPU{HG9v*J-^%UORSZ2D^I6Jw02lxkZOql_@9sJXpTO~8GWjlY^BV^2&Z+6 zdES6BEFwK)NW_0Sd_W==P*T{2wbU@L(R-}1=EazIL=na*n74p&K~vdr5w@+)Jd*QG zJm|$zQ|Y*c^!A9MQ9Sy{?AP7w;Q5VSM?meJo694Q4BE7DOUz@>&iQ3_P=K*1^3ss% zGcPj);e-2uA(F4$+zz#xkS_WEA?Tw$lB8{>e5bqtM3DdKN;S@)fof$L$2v&0_* zl!Z#fTGskMV-H>|&91VxTMR4$oEU$Ca^$Cs+v7;O5De*O*> z+tJ&4uqLHn?`KIutgN3SV@fD6nPXUaK!MfcOh|ZID{8_tu)D( z{2madFW1)zY<;V z9G5`tdw4TeFm>9#NU`+m5la_i0P+uGK!SvzW#df05o|Y)XU`5eaw3W;;?bG4Y?rJ4 z_OK4hv5KaS<~_!`H4v1&-g_BMvUIKwXov(OXg@M+Px~CFuO(_WHF=N4YCZ%%bh4k3 zd<3)IVNHGLSDPgZ^lNJaIqcNj%p>{|?^}I|cNW-bWZPIwx7Xy!#nP$UlD(7+H2y_A z?}L@6q_>1b7ci>HgmV{TMe3Bk7@@czD(FQ?DhTmDSha@)6%=Mc6%@}veNaI!(l->4 zKESz+bdgDCxt*9TJ4uW64cG9Ev$P~X8@Muffbvr|Ym{F z8A=NKlEr(abRgnN{m3gSg?-5`8dM_8P%=0SpyyuF-W5=f*2h{%><+Hu88VS32sGna zusJ!UKW0JWs!`ZsD@K8iPcnzMXyD?4!|3SuN77_OeWSYFc}E=TWYiit}3_f z=3qU=j8=%Yn~JM3P>E#gsLFfXR~N?yA0mlT8jN;Pn+e7?)l~_~i|AbL7AnR*qM0=H z=oWii6e!G6odm}uDu5^D=u22*Y*QW5yEU8~=8nF@J`0Yu)5B|Jk|Bf2VZzX?fd3X2}9{PqL;W6(`Qz3DMX#2{c?A669O$Ycv1J9aQw-y zvr$gx+k7v8*bJpaakIhfNk|5>TWCwW(7nM}l=9o<3~f27D4zi#`9HR8Zo6T0FqL^c z41DF`{DSRsw91)LhoR3XplyD#gB^2f)IS42*t{EkgeguUz$jV3d+M928KG`c9Ykwpt76v3#iA4qn0H!!PKax0GQ4VKLBd^>dr9EO2=EUU zqYZ~@P(iM$0?^LwJ_7r4b^`3>^iTAww^Oi|d-Y+Swfssq#Duo!moS?fIA=LzF~5by zw0Hk6`AeC@uIua0&9jz);w;vNah4&@Utuh#`}GnV$*$L?i+ukLjzVE@=OA}<06(Yg zS|qYq`kEmTBTCyDo#!tmg$F!6jBU5L12DKQ!LEI#KyYM9omn$6n>=7&`CSaqmPJ5z z_ul+2C(vr((d*6cVq5Ws@In+fB{wt!-?_!OfV7VMp6-Cr^o59vK*>(fauVlbmNpj($6(cUGS}I@&k1>3od2&+2+4$G@Thd!5{3#vtmMy#@JyDn z()F2n6?Dluu-e1D0m&>Pc zSe8;|zD>er>o7^HWojn(3Fp+fraFoVkJ_dcg%dcrPLKVv)o*$It-gh-UU~iPF3FuT z%nfB>&mTmb;0m`!5)moAYIryv4zR&au)4wyuF(e2IN!uG^XhY@SN0~!{!{Lj%Yz)F zV<1O@3D=I=R^0jRxke63Q%~D2gEAfxo(es zqqo>`+s=)@=hn^iZ>0d>yO@;6*XC{gh&_{~tEGQ>%k);7AB11QonRcH*66inVOuqh73A z;oQ2?KZf4t*5bnV2XSTi|0T{6^ivacI$)!Ol&b@LUDvFng}p~^Bz5@p-0IyVf0D@Q zrgc&v`jG8ewpfg2#+kV$IEC`~Kzr(1v6yBqH_t*zX3=m2E9JRTgshusmz*Wx7_?n1 zi@nGMptaYB&s~>8=Rl!fs`8?Y&f55eDO?GJn7t9Oy92 zaL+R=RzccF@+fOlMpJg~QP>pmxzV}I;D1q)k10$v-NuV>1A}#L5O1K{g>mj@aB>!2 z8jf>@38|QA6>K-fS!la&;m2JoLzL-)8XyK|J^=@cN`dPGf#er(a5=33 zhp+LY#<`ND$y{cq^X)UK(a%w6SXzCVLbB{JnbUC>aN-4WY(M;1MeCMT-@M4 zPnlq?m547HMd&ca|5tk+IIo1;Rka%|SzfxN%&(<229|`AhLS}AY!Ux9lRPaPvejH) ze8|LCx_Bww$l=|O>8>iCjg_hY%vn%Mul=d|HaqtHvAwBmeyYJ$@BsstzRlBEW(Yw59VTw8Z&VH2Noa2)=apE8=?KcVb zNbTVK&4f3PK%O_@R;hJy@44J*aiyD{$MvdQ4cAILZ2@mPIaFyF8?!fmA~*SpOY})< zoeso>@uy+V%3*x=e!{O6#Acb(N9V9j*V^Qgd@kNK!KjPhTJ@3NsrKtl0I{@Moy+<( zp&l8a?Gero+3PT|+WB%yVn|^_H%rKd|jxLh66W2;Fv%Gy5Q< z7PGiI{jI6)e}Vc&^~AhQ=BqG?&h<`vel&T@Z{ff~Qs}SdI*?+NuDSPnH#7EEyjpNp zb-zeeYCLi1Wp3txpQ<$8pD#K0UNk`7(Gz%4J{=}ptw{H5*+Mtkd0izB_v2!g!^L3G z7IS90KSR$PGMx&vK;2AZx%H$p?dpFnkMu79PFMev!h3(Ck<{3c+~=kbF#&-N58>8n z6#Iop}z2!hC!NJ;Wp5@3d~NNXuQbHTQmhkRFR|Y9ph1n#Z|| zXxZ)Rzlv-9^UZ#fIjuwQel(87`x@%+>i>K0;ie`2t8^vA|JX&#c-IqVYgC5+xL@DKdmeKB?4ijQJirP8jRnW&X8J!?7fczJ zPSFojHe9k&6+&|(P#7vu)Q9#U7Ey17b8mf_+fNVgJ%7Krj@sL$GLxKpV*{r1`8n}O zS8m%wkUSi_o+(}9+>bZ_G~KS!wXDb z`4OUIZu=ArAwMV-v)2d_6zELu`-<}yC#-p8h6^1DIPnk|dx$5tMUjf~oi zt&*{YJz2Pjs!^ARlF_Xe8D5xnj?}LTo7H$^&2&t--=gant4Q%p>4E?&RjoYH4}10W z^n=zS3gqP~!6yngQuyA(>*z`D0ViZts3Ic`pkJ#Vp0AnpTZ&W{1zBP*WrhZ5D3jC! z{3T6Qk8+?wSCaynXuN5vin(4>B?ZUh0vJ=#au$vKiPt=tRqjUEjlVTFW4AOH&Q@wu zsE($!%1uWiy@np`&{1G&-wJB(Zjit!b3s%_*SDb{jw^MD}r)ElF_p?P$ zE2(38EPZ_$5N@MH_aC^MSDu$YoHhjyb$8MFJW@J7>-Hm>KKJ@hc-97h&JO^b9dkck zcDM75ez}nc25dqx5jv>{#FT@<^$1?ca6v`P0rEd5fL9|WBB~q@3IP%(W~#kOcvn?& z0<(dmYg`D0GVrf#VOSXR?p0MZFUUBpB&`R#0FL*9;PVJRWNG5h2CbD<+krXhl^En# z4~Rv(=6-+Fi@xF+ACP8gTi56mN%ysmX>{d`&L2hr9)Ed1rg(+ znEw49VGpK%Prko}BFkH_@o4d8sAF&-y^$*$!w3;%IDCa;hhIz{n>o8Y{r(>3CgF&i z{%!@fBLY2421Ok^cLm*Jn=va-`Nfy4bTgPfVhr5P&Kcz*>*jusoh87yc!lDR&%EA&1O#+E!$R0 zZkpg><}@;e{fJI3pNGgO$@xm+8iF^K$!`jP%hM7j&(~vt(;HW{{Cj#*uP1h_`nbxX zGb6?!TXVV}z>qwgPne`bnmJ~5@2A5Vj0nTuE)>a(y=hc93$Ax$JJ-1%jYd=p@LNVl zPMBGuQB9N8g8sDbZsF^d1$$)1Q8Xu7*v!+?9sM(9H`3t9%(>;>3Ozq|!e9`0VWzB( z$3yh&*a<9Q_5^IezA~yKG^B;{+TUBBNqfEBBR*?A{zyeC`wQlM*t6&z=b%O;et5-h z+qg{PV86e^HVsyBPqR9~O(*HOi;7Y1RQ z@T)Ka?U>)W^{53etC~TN)~xHy9R`k>H6?*>uYH)@6=RDk4 zy@S44{gIAAE0*nn=h4I66?@nB{M_n2T50!8U+~6R&h%j&I|g-4M^fJN{MFTaDC~Mi zkuI$W&nA>7ysuXzylW~G-t4M`#~I&97v%-b%r(udth)G1VZ%21)XTg=V5I%aGp7!_g^w@K3>hXChI{zLW%qO8^!GY1 z_sZ;{JMB4l+S~55-OB`Gr@uS4WCtNDD`tNlJ9OJlM4{xR+}z8SQ__p|;@tXO@w9XZazoi<(uBz?SA z2VH8X&UHt->8q>jD>T%44Uj*8<$M^qKFvd+UWLn@g5#@>szbDgcNt6N^avFj>afWYvC{ISbQo2`tF4m6%mdWJSTgsiblq zDa?s^Pk1|Yn5G^eWSU_`j@Vr<=)M9&CtXQI>8P{t5Rg|>H?_OJY_v=^#{loL?#+2? zV)oRLiRjMc<#LH)AbxW8SCvd*iX2jt647Vz{~w<4HV~OMn?nMhZ}!%9?-%l4w%`%7 zmxy2x95aF)sS~qhHE}Q#74=mxG>%U#jwdai?j{WO?e@x;2K!$zz(<8Mgfhg>L3Jb|GDlb0eJZT0;j( zhTfENBMzWcZ}k+)fHKU`q~6zNnf70?x;Y?78=btjJ`F_!V@#eikB0x!SN@96 zSnfv36_(0?Un9dvAYkE3kKJ$r293bSHDrW*T>m2{)B(=jr}eknpK{9@J>^IQrqN>~ zJR{>{SN}%t^)Eg4`&NORSWnmJ`>ejliM7V==5uEndHG7oWUF(I{5IH0c&mTizr!Ab znz>o_FmUcefqREM9b%U*{Gh%|8wufj8~=YBF>t zk27Kr7s~B-y6KhW4J~s|C>fiqizCv7#Zu3w$6jxh3nZPx1rh}m3M9X?yI*lPs>44M z+{C;o`7FJHVX!;C!}S_=r*?E_LqZ6DWIxp!5L%FeBO*P{tMVo<@tSYTeZ(#X&bYjt zBxh^T0Phl9@wsN^-JW~dUMYs9>8`?*zcjKi_M@#wr{~B1IlCPmjQxtwk0>#V)E}r% z?yx4jmx#F|EY^*PqnC1}UotohY-kyC%2*Ov3Jjb`ufmi}JsTWG-gYO*1_8>ehi|~F zF=OvN4nc1rJ5FraxJ&IEkMz7HCCRxQfVcz?Be_~n+kAxZ?lh0mN#f48sMXt=_w-Ec zYCP8LxX6qTs*HE!6_iPjEw#Z3_D$Rq0ShA*>`%A5tGNRm`yLwGH0ssmlBUCbqfK|Q zk9Rk0JF6wG0Rrq1HvkIODD$XIDyBl z@58S$&8tu!T2HY~a8~3^J$BS4ay#2117|6XEz<$W3uq&rIkUH!+%>17NJ*zlk9|Wl zXUE8o_@Y2_Jxj7cGt};`<<7{;|D)QRe4DI;cW{YKdx>_NwLYZj^M+Pi1{!G%i+QP}RT_1;&2b>-E>fy76a( z{9CLWjTndfpS@=S{ynlU|90UJ)^=}b1Dv}u(8mJyy{0B$-)lU}8H-(B1~q*+YJ>Pa zArGr6{mmZ$gzVU_&`0dF0%Y!lt$*f-(^b0m8v=jU8AY$p>F#}fS@8PvMX$H}y{|tE zUVn5AH>eLQor`Ssr5 znDx%LsyM}ZJ^vHgKw9HF_i&1i9=+#AI^D?o$bMg9`(`{7b)5;|*V^h1Ckq ziT5G8DUmI!bADh7FswcDXgtcW75@s=#?GMlmb6m4SB#$a;HKkwfNpSGFjtT92qskrhR6P2@tV%cXlAF#E zy7}Sk!FoU*AnqbBvGX&*V5dmP$CvS1mGqIR?x59dmPK=N?(7T^PEVJi-svaK=tGB}v1 zdD*S$a-+}99+Vn-_UOc!J7yi?M*ifcx6wItDqPy&@XA?F2~ud)@Vc!!iFx;gk9ss0 zbCQRt=XIn!wrpIx^kwcFC-OEE&KmmZwMZGkEGWHvdMld9-0Ew45(=;gN;$1pn>M0p z*AzS78zCM5WSB_!^@G(d8lZNZfjV--*yPUn{Mp$H-`b5-f_$n>C|(0~Z!M2=jM|&= zE>IFCTS`swOl>@K;gh?2F*N$DbAwV*Ni457+)Q|XjCa1)j}frxa_#}_Yj}{)q3}Oq z8DX&iKmHsClCkuwJrlD-YuW5JFt7(e>xs<4@m-Wy8TUF9-nwSz&Og{336BPG4CYFq zzz*q#V2)5=HhPYmL8zK!~fT-?H(XZ6{}Jm$O;?|d0` zf_X}JmnR0TC9vD|xbXqN$7q$)>9dg`n_onPwB@w_w*V*FGk8ds6T}@D3MJ*y2Eg+IrC+LVXjA$Ind2;dLL|BQA0Jd zp7b&vkmsE2)s-JNv*Drr`+5g{x^Zv2@fv2)JvtZf++L-b6tAfyTyLx5=P)O9pX{_= zsZXTvKMGK4);HI@knoOkqt8443d0t(x0lB`=~FOnJ(02rwtUn(H*0f#JpC4!x7BHV zK^#d?v|XO@UAsiJaak~6Cm@8H9<(9^&sG@=NV1{X1w3{a!NNgqEP`g>Cd_~!y9@H) z6zAXz0dCMEiRfdqI6c!BZg8~P?7@0qT!n|t-qT`8lQi~8@y=KIU=`FLbyJo5$eIn^{rA9HT#6v4{; z@n%HFoN$;?G1TF!}kqk?cREsx@|; zyW%$C=jFL8Mtp=cFJ_58jb`n%XC?pi;XXQzvpn}o^KJ(zY}1 zy=&=c-idduQoZq-l~}iYZ6*mtn!J4-BfZQ{fR%&&Abnjw%k`#SUiECvesYe!rO6woqjuWb*Kob3wiL{TJ8uY z>PU^(-Ei)Pb6k8>H-^jH9Iu;7-c)jPlx`}xso>^wx+&+ToEy&8*ip-=t}XR%Ur=&i zJq^{YujyP?%G9U*{n=Bq@pZZ!L`8Y0=i`TMZ7V_DrQ?Nnb`cBQ&V4QP0t#4C4rYKl zp-VygRNwB%4P-_Tz6d|rF&%Hle4;k8H$*z{LwX85e3S2T;!N(KPMngi=QwRE1r8~= zYRfe)!nDkHkCqaw60KS$*c7ll0Nhppw;}aa9@H-da$9R#H>47F2jsR6=k83q19V%f zxU020V7IlByJPGQ;BBqoZiw9hy{+Zk4bWZfPG{*41ioeUG+VQyW*x^%?+<4o$Lz+< z@X=+Z45wxt0}AyYgVf3ed-gEn^WUM6_6`?B^#r%g-K!#=w~H6yxiR^=kgFS#Pp4le4MLZhSWW+Q&f6<&4mO7Q>w zV*Fnx{J+SsN1k+}f%RmntlsUk8Z#9!#95Z(1V;tL@VS5(a2BLq?miGaMpozu-9c(~ zcOu#`J107^dffZ+loH67q_RQ)-1YK43FZvN08{a%?tARxMIqhjn_jvpRgu@ae-PAf zl*Pd;Dv_t2poITTm|L&ztSbx`n;54gB)0pn(`w9S>A;n}Tb!CXZ#y;DzU{qH|fH_dLzq*g<0oSa|qz^vmve+!Nb5po}GfXJ&GIQx}tNXd2k&t1CKdWUmtq7Q zWS76)if3ddQ=7s`^&0 zs}WpfY{G;ib2Me?hlFh~-b|Va#(urPUl{vjX5|xOZ&i4*n>MV7Fo8`a+7Zz9 zt)qj9!#SDyoqsIQBwCJ_U2W^sdkr~Po8CQW)>U0?%1x&yR$$DC5IDW%vfXDAuZ0*&TQi( zbcWRt&z@0FGr4;^!%jTg@_sd*1qWc?s{RFis;8RX{(84g;!R`bA^niTL({BF{j+X0 zXRnB)bBQr0IyasL+#t4|>eVd=v(jfD5|!Z^SuRS;9Xs@{9$zVP1B?kx!kJq|OKm;G zJUFfQQ?dUrfATMXte2O2mHrQTm^OF_+C!^FE=SWGsSs1cT0XoOX9eAE`EVNh>3?Qd z=o zlNCY6ry&f-0)kB4BdWN(i4AATW9TGKpu+dX75v-@T+K>r9j3$BYvxY2uDK6hICog`Lpt8T`(mmQP&v1S6N+z~d2wrwZy zI`EWcvH|4EEr{9I?&)y74xm`>xAE!au}rGOyT^(WGg-o38tr(FnHcViF@}>kYG>~9 zBbdIF>RGxj+prEKc5Zx|Is$YMFa!HWCaX>f=dxv9_QHmB0R{n($%umbZq^@yKGggF zNy-0@wljf`s=6NkOcn?VzNo0Es8NSXToZ9gAZkVue4`UZ0YwF+f>f=oRAvyWNN{G9 z*XJNwskW7BtG3o!w-yX25Vizd5jPYS+~0FtaDxbF{@-)&dozFr;cb9X| zJ@;()+%%lrV=V{9vf@O5Y`c8C+(@;lx>pAE_d@;sQxZEQ zh!&zgHEy3A+of^)h*&S7k<_24$eUHrj{6wd?0GWD67Q76Pq7!TF;jq;A!mN#=6$NrpnR6Jf+}A&>LW z;vj6k3oW;6w8#(DT*c4QIn?Nb-TF4`U-mrt>_Lv$R;X-EiLjgi9I|;Si`ZjH)QFWm z^0}G%Ot*-=M7b{13Hpwn3NwmQb?*@s9 zwo8rVbVVe?$;t}PPSjmNT19~3Kd0Emt*Ohs(zc?Cmeen#R&Hr#Xhi$saNpEv{FbS| z;dHH<;Kv&a(vq?9Gq&^o>`Xz3)B_DA|9DCkaK$`_D&`6AzfOI~=XX)-9nK9LCixZ1 zi&(GM&0>$I+C!&Oh~-dnDPY{$T&~2DmQ!L<{+@!ukd5RFo^rVUDQ{iH`G;rGj7J~p zoSQAGzf1`U*w8Q1mz{-P?p;gYAQNs_=*TEe;I+FM!S;i>A^=1&Ks7&5BKNH#M8vvlwm z)I(bhm9WBpM)IiQ9A4leYiU9bIZHirx@66YkHs7<-aS=VB?+a(a_#yW_p2|2M?eGu zs;I}BFnGu#3>U`f!GzEAB=}q&|BgrM?6ii0{l95EYn8V3%UwV#`U|9)wCB2adTLL z_|<$_{1h=Z2#>Lluu@DLw~vKQqb4+NKO)}Gy_qL(Rv=+oib_R49jnZcZ|l$x(KDTq<5^}}H2IVH5= z&PEvfEI#!SSk_D<@m7hImPn+odeNT90X@}lU8m+j1bH+u^FP*$E~KkVMc47i;-OcC zCgyjf2}SeydJ%EX{#@OU8Z_GOrz^Qhv@f&0>s%cUW<0H-gFd8%aG8;kIQE=ABvfLn zSS(g2YT&+l`oh_pgD^Vyuq4C|@~D`a@8VrfMot$UU=C4VjpSWgM)D=qd~Kh^KZPC< z1J{5h5d%i@BA#-P*YVaB@>igN?}I!!5^{&oHv6Vl&iHaJJ2xv&+#b~4nLp6yd=A?P z*U!;SXM&N;?pU&jh2tJ4q}B{oi4R2naW3Jf*sy~>1`k@{&V57c?j@y%lB2Vk=Fa~l zo7ka*#Jjq?QiAYG-y?wKPggOFw$Qx93yhxh4NEM|?nvfDeUfd&r!W;2S#ZDgtvTF| zI-xt<{tEI%i4+Az8qtF?0C=>__viuc-df)XG@N)^5}x^i5Qmi-Ng?>Uu$9PoJZ*D@ zJyrEBVc1U<;*sy7_U+Sya(d|Nv>w8>5ytEbV7$7$F=WpHdLnOKiJ*+!0wE!?3)n$5 zPqoT0v=sHzOv#;yUYnKJYnj&h#>{QNkYnVhW1!_t+JU_OXN>%Qklta^ZsTN&|7Oyr zBy`LjPc`CymdhNHOF%0JZLEcYGT|H=o@eTGMZ@i62H7l$G9|Q;qkIsh!7?LxoEmxd zt}oOs0JBxrKJlUKoLQIa{99l$uk(-d`dyu$!+^SzKUak2In^8opGw8N5fpNUc4o%c#k(ENuW;z-&%*0zP zvMGvopCX&)u2GbR+_=0}-QBosfxf!Tqc>>T6L@NZ%u^GjKW5gwRN`r;S{Zq(Wac|+ zR;7CbyftqOe=|SzW{s`u&51|=7XHKMs98kx1ODwX{$)74RLDSN{OromZ{cxcP z4D+Qqt|6NXoSMV;u+!4GY^U*5DrGF>nRd1Fn~#|ZAJEE3K zmXnZDlcl^pPiA~8Yy`qdtSC}~UZurO_PCsBv&R0WS`BB_+>(t#5P5M84A{Su#{WR64VO z8T$#qYw8^0QKPx+odQo8kzQdE*5TsW;QmTEh~_GK(p*U%-E#O2BrCM%k(k8Lc@!9y zg)B{hVOhxf4{7gn^yhA9?5#oymiA>V} zp(lrS;Rlls?4}pzQPaeS}@@oMlIuOcsl8sj)vCBcmHg z*T}5yilj}RJKJRhAZj+*2a3<<=H_2}*n*C9;?}t$NFSu(rsJ#5g z&ypW%adh`BzAd`{kK-^u)Z$6qPtVN=8n|ITCn(Hv0y&bv<7q>?a)KXf@$?hB#p-TC ziCrhqJ4(8AA%YM=@#@8q(#lDy0DCEAs)07tp_1R-t8zw#86Vm=&%%LEXdRMXZ3UMe^cAVwLjH% zag+31H)!kCPOHLqY#6E4ngYL{3yx5Fd^cP$SsgE{Rn)F>W_73^U(gUSQZ$-^1T%V-7q}~d%}&dz z2*>fsvc*6nIpRRy{wZTFdb+xrs7~W4sO!l$bpM93j3CzO9FEoKW|ADZS!e6-W&0~? zaW~l>fgW=<)<;;0T@CWlVmrcH=(6^nq!u7p-QP&VxWbK8qk7VcYIvryHI3x)ltMp} zzBOOl%QN$0ztU#NCg?oZ>~h|^Hv0!s;W?wJp<8cWvH~bP{CI=wd&iu!hh=?Y%0ItS zQRaN5`lE76e_Dz1alh-!-Y;~FjU5QP z!hBwnvuCC%+LMk7VT*T3pxHh~gIubr)Ll6E<9?g+Y;4AW%@2(vqG#DH2*FX8^ooO$|HX}{$?m5&$7)jrd9v(s<>E7z| zHOgY`UArgt=-Cdi1mDYk%rfN+n4l5E9p+F{579L(lHUiZUOz-^K{QQy_@YE zdUsAEE?uwl{Z;47{EG?PBm`GIPlxzC&g_G4dLce#h{EA~R;R{SzV3UYW|GN=%}AWj zTW9!)5Fj^vTet%}AV2tFQle(gFOAgO8)Q#}w}6h@Mzw!uv$$>aT6%PdT17IFx1m{{ zGOOqiTz(oDoI&?cTD!*9Vc_O~`8RJ}ftf;Xl)SFM3=?1`a>sB!Fs$Zx1I1SKAb~QF^$~$-D;(o zM}C}2N(*2|*`T}0gG4-4FqJd!`~Vi_yys)BB+LO>TGxa4mCh> zLQrNkr$;2kTW`-_3-RD$9hU3vA>Z5Gf>$?fsB(LB-_KWmTt8z6io;>IT>mm}tatAg zs`l-o*Ax=QgM@DM#tUR1y`1hU4Vg@zCgnO0t}|zDQ%}awrnxcV$$w`v&BY>A9+geI z8@)M8AdxdFuZh2I*GzfWQJQ(1y!&hH%P-hJ{1(qvaN@6G=iGskp?nIR=PqU3 zlM%LmgmJ41b<@H~_Lt^_k(_SYRT#N1QjkcstORfCbrn0r)jk76WwRGSC&6?b!skxq zmM|67g3&7QO03W9`w{4#9_9YY6Yguy(%3qdcTYi=dR2uIgx8nbdWpTW;0%dvMB_E` z;8jhXGkS!VGSy~yrZE*vg)G&@cy_g}Dlf#nsu`{#X%g973GQY3ie_ ztB+<$Glz>Z(mUfKRwgS!RGqoo?{qF+(A`BQyjD&Kp;WGbDV|zG(+iE4N^_r-D=2Niqy|mKwxdtR$-XX_MSC8Wd9ReWo6~*LjEJ zy`H-}feiWlF&dD}ghy1bo5eQCYOn51>vB4yk(kk~Dm0SR98qM6kh3yH6@n~olL72L zlHsnZtkvd*h|uL8n z$jSk85qY};bEN|2dlb?$$)MCaU+;X3$SY|xPuFvgQ0`2n%gM&Z6BK*VtVJ^&W9Sdb zgbwWHpNt@M*gdO3X;@nGZ*l>(KK@CTqv+Lgn?diVpC-E-<5KeRT9jn&i;&qHyHS z`<;>xll!~TG0jNbM20*H7I~H$B8=j{)nB6N339O5yPMTMxHbg6QeZe?@dHnXac&Ld zX!8}(1UkDB3bB2KV+|oTNjMgV&#L#sy!U~^-v3*`Ovcz(tc>JCif3+9%A2oTIosQF zOiK1c2n>%ABQ7v-jlzH5W)>L@5}EvO!KcNs5nLgXMaB(zZT?nG%&pE)ug%IIHvrej z0DPbaph*qD+v%hdasUKbRC(S`7YemtX6E^NVe=D zA~P*mIJu?hzzR8w#s?H*Leh=I&1C8fGn@ks=);|5R9OaPB>O7P;_C(&kV*K6`O)jHsg7&GxcGjN@^J%M}5graP3Gk~IEJTig>Q|J6ycf`SG3+l2v6r2{z#f6?vM(kfDYD05A?zg86aKWRQ<4RbW5BGL~01WDx# z-Iil1dxFv~eR%?=Mn?B*VQ#vkTJ`m<1FOP)M>$;8lzd!`ZE%e_^J{OEUzJV&miBk% zy9Rvr-T8GEMk*36<~}T9&c1gl5X%t7dW-HXD4%@9Hv~Pgh3IR}+2$Ch zAhb}JVb_5!H&wfaM^nzT=d=lgHE`-A_k}0($LT~SYG+C^lDm*928AeIVoms_!gW&f z{~}mp-P+}Mw`Ke8zRwD;^zp(vO;&&4U54gae*X`e9+=nkR>3z-zdKYneGBi>^hW7* zC-PT@n0uuT9(5k|N-Sa6G+m?L``ZmsnlXKzYHwdUoV~-ol4E>C$d{GcB;<%wjUP|w z*^TQdONbjuEU}@|OCA!|^JAp;P!aj!v29JgC?ELOaqrS)08y5bzd|)e@^qTcaX>C& z;++$Nym~oBfQvqWL>7UxHob(IJOf+u7*hE8h*n^VXQ(Yu6qAf>t=*x(`Bfh!I0XJv z?c}yiKy#{<{H9qdn=A08)?IttsrC~prE){%7O(#tmf<{rnlWUaWHLEV*6V)!^;0dK z`*iyrRSH5Z3e{B;Y8}QDMEzCHfF^maerL*1H8uKrQzN?yIQ&r7ub3HL;OFRsV8XZx2zr^iAM54wYH)~r#(-^hUh>wdv{iX6h)-YklgufZi3vjthE`p zmBPNjNInMfhV|CRt9Gtd`?mma#&mxJUFx&dI5QT@k~m#|mltnY=W*Tl`O-$+0h0cm&i^v_G?5NJbGm z8mM5?{W)ix=9+vEg6oQ&gpi@vq}!@3K{XUV-e2X7>rhphul`D6-nb?nGh^=S_JX=D^YXW}~%rCBbM@{vCIvd##P4fByLv?z+0`vREB7MR|pz`0!t$fB!9 za#?(39u^qB8LVgN+|Hlf0?J5^4LXOrsT-VU=1Go)ULDu@Fd2zPL`G-0ScfFlhs~WM zYb+XFp274(OKe>*K3g%w@4)zoPqG;I2YDk-uq;QfS*|B?tc%*P_dy*wx{)}Qb)s&# z`sM@kxVk$)GI`__rzOuCG=rj(mnq^-d-IexyAK9E*@^!WLQ z*?r5iDVW3c0N%Rd`b(MX-YiZ0Q?v--?E*#~Z?~wDl^OXet35ZJC%ipIqCHZf9*=?K2la$^$rFPpKjDQU?X8q(id>2PQZs2<1wva(H7kKqXPlvg zw-WmgQG?Rrb_dk&(c*qn_WfGiWqj{miyQtGCGB|%$ec1~TFEyAIDL)v_MI3V$zi09 zpaY4N^fYMCm7nUlO5INP610@znGZK!6AE(61CHR>IAPM_n${P(d#+~o_ZSI@;_Nyi zX;S?W33Eyv7*Y2ur(}P)h}PM%?k~z^w!w>+b#lFD&+&JXUW} zz)tM|0pgo_1iLPOSTE7T`YNZ9?iv=@q|(vb1{H%B=Iuz1e$!xBL|MR%*i1`eqUzeA~pm89S8KYO3PS z4@;3Q;%^-9$ox(GgwtG%db<6@TbqPF^*LgvTTi?vlffx^6H_!jY7QqNO=5^Gxol+) z`2x;P2Ph*I@tbcF8Of!5#6d!G<+{|CYmegQ=uWoXS`JVeGEZ`JudrLRfwtC1ust;Ck-W`N{B}evR@A^dU8w?zo$c%cNj6z~R*TK&w8UJf} zHjY9%Jm5>c8Bc0q)Fd4h$hqMIynnCCC*7Bv+bk>2-N9H}0?%O{JU2b54Ih+ZlH*nUbs#E@115 z4`A#7PeTL=YYDTLQ-L@?Y0}{SbBN@^f1_uqGGxViR|ah3;>#i2fHkj#-0|HRr>VRf z3$!&WCM@BGk`$KPPg4&FgRs@Pj*Zm;!gaK(pKI?L@E&G0bpf8MNGUCXfl4Joqya30 z(>05Z$%`D2isLK&18dUXhKc(+MKVoBds;=jnu=ua6*}Rm>NjA{6Sg!9L;*|(Lkyxpm1tvnSKCot6>T zx`{iS1fLwHfm)o6@>Ly!aH*gggeYxq3@^IF5<2PAosoD8NV*c8n4sT7bU2!HD{LGu z%(W7~&;5$Vy)klcQ{Ks2;-G@}kVVBTUI!XfoLz@~K?HkGv`XCD7Wfsx zSLL2eu(FoXS5eg?_y{wp;@#i#`=9QVt(4HegYx1jq4Uv#_|)=)a@uR2)ju$U4t0U6^iJBHZDW`aa$Ho6Aahn4M{fi_NO@*Pwp1RStaf-l`!@O z>tU&CayO_rT#rYmkRxg-#oZJJ9TN zIDDt;__!zjOW4~;HEAaC*Oa5x^zl+2Pxg*iTYP%{@oMfJkIHZ>tKCxq^VSEK{Rg%W z#;7QLIK@>>-{IT1>W!Q{cQJE}i{_mQ4 ztil_GE^XcWTCS~UXiEg9C}Z-wSap0w(2)Dg-3OFF)5|>z3Trql^jVCUnj;9<1$FK+ zSq<+jf-lEj?vgm}AuW%$4bbv<^1~YQw8rsY7z#Hi+^FzC77-V+#WJfcH)n@|GHZ+*d-=@rOfkA@MfMCJ>en^SLP9RSaBefS|@z?FLd!uob-|* z>;b++M2~0b`4*V_4hxT>O_I^qBEx;MI98TjGg-QU=-MY#awq=pUZHY#*>ZTtUop<} zwgmq}koFzh4mo3sjfXEPqwmMC@Ywfn$etYQMqo6Fd8&_`GwmKNb^UUC-J9=~PaSqV zK6`I|Z`A78UChC*yB(z~1#U0Zl`dmir`l9|IJ4XGg00@RJU2qK6OS|wNP;O&Ygyx7 zdM9wC2m4n%o;o#mN#l?|cldP0wA`o1`NaJS+-LC32#TtGIHycXHBYTG?HeR|z_i{c z0}rxir!js6x6||+5ZD|DoDeAE#Qa~%H8*li&$YXo>4&-DhXO0inePX1nPhf)T=FcD zKTzKylu=F&4mZJc+7}+gi*qp|o5O0j^POm_bl-mJtbR_QmkWf?h0fFgH{7})U|DO= zAIo`W+&?Y13~?KcTw-*Z=ZUqY2PN*eAhhzE&nRd-4hTDX733Q>({h@D@FZ# z0_ZW{1C?AsztNEsrS0A6+Lo3e7Z20t*v_`y%y&$`bLMc-&(wXr@^Re7T)N@vq$70LLnT^xXjBG|+bgh^C+6_O79$&BKOrB}PkTUY0$SvZHK1$Lz6R zF_3v+Vqyp#ZmgJ#a0@HyeL z!=obJ&6oP>R=M?(<3M7e5^g2o2(}hRTU}x$7XQRVbwG&e=IX^-R)lWfEBE}f|5 zF=EfnC#LY0`aoIiJWk67d2$oS^gv*0wU;S>%m(DfY#&v6ksU~Q!g7dI9Wjx5vq%B6}oMy!>wo+cNurAG%(PaiWR0)ZPhuA!vd z4agmPXTvS=eJr0cSYm^#*)7MBr~;xf^h0inmyP8=gQ?2wPQEX+rmotOvanRsDi;8B z0crP>Xd(AQwmZpntnviMmSC9^03dWI#ke*SBbcb!ih%oPsY{DN57|r=b-v_k)d~$P zoho3q2Ia>&C#2X=E}KYU1~Xv{BD>pf~{X4;9;wr1RqV#KRX9V?9S?fZ7LbHBZv z5MfhixpKGX`+QKB)~oC5y_@Sto7vmz!|m_D7tBEXUzwIILxWP^!>M&M>fsWla0xC) zT$#C3D!;eqH|?3bea@%HQPoM3%p=u^SO4X5@6yVFE1c%a?d_w&a-r2%J{J<{Fts6S z-{8&W-s%dOhHA4UcC>QT5sQ4nKmI9W(Pwkmc%;HeiOVUolYagS&rv%eg&QoBdtqve z*iZJnkTF2sB?JDSabZ(6p}6qniVIH!WC)&#yy8EsqBvJYSXD7Z7K$+wc44bWrxXK2O3OFMOp-LRgnS9*Do7hA}4?o$!TuwMVZhof$;e9u{4L|>A zQipPF zCVoCJn0dCtec)Q(68UDw2b%Vsx~>^eAi*@{-#Rz`Q94nGUa7y7GGFB6zIvLeFKa0( zpk@7x>aCh=t*@eGX{`X?H%`g*o1umDKt{`s=;gkB+eePdm>qd!o zZehP<>Xj1^-SNe&MfYi;)ab|yeA?u%gj zjm(m4FU`cZLhj|8!Ubfok*_1m+=2`TmVM3gk(r(rOg7I7#x5`x4CAWhX$8E6gRwJs zMP-^+D6a*vT3)$rZd#GN7RF>pX_4H37hg!diMI=5`$}D$5h^6f#cgs~T(UW~2ZR`Z zkK3OafVOCPGnv(eYbPr`KDJjRU4$`$et~C#!IG%s>gVHJI?N5R6!JU3e6QXbE0-wp z3>O%au~j0^xf*j%)gCcQcG1kkif)b<*K=p*rZ2K3bq#jU>dmn}a^E^7i!z(Jbscze znSA`5)d@egpr?q7t%9-h>|tEDIIV=2a8WEu93q8+SvZrBvZ& zv4@*|s7Irwh&wJp4OL>nfExDD=c7i>{VZS3g%+uGk#yah9kIQ=`;Ebm_;eJCiUdU; zgQB7=io$1`P3M%K`RrY*>!H|}<&HU2V*4a>tGb|ZS=&k6FdA9b)+fRcT-w}tW-uVv zSF*Ac{A}966XyuN&6&$2ed-tNEttW>wSCQ*uB6CNdTBF0lKX%c6<_nkWpAJRylHMl zw_433@VcUJtRqr z4T#(llK;ZiE|Ii}DwtpT`E9zStQXSCTC;pvYK^rzY@OcEm=$BLhZj9cG;?I}&ad1( z>4cqLx!Y}m7jd_7l>0BYerzuL`Xnv`Rz_hPEw1J$Qw~Vwe}dd1)yuJBmTfCBxyx9t z`PAt}q~qzKnxneQpNFfgW1{lmc%A(o41SP`eIepYDSpa1TXC8Q}?K!#GR9p3ILI1+W<)} z_f&9@%B7sNdTRRcopg&m)TP`mIc}i|+JBzM#)zP)wFaK7Ln%(*B0phkSYPvYuES)4c^92hj=T|7fB+4>sSl4Jh4FJo)@k z+m~vR&-|z#kk~y{ic7~n9(IX>LCo+-7=IiL>W9KVi>wj&mEW@M;}OSKsV z8~+4sYW$j^9GK1>n1_Q5j`}X@RTo@dhuw7z*QSQkeQzddrYgTSGX4eQv1C9HF3je3 zxmcDHuIj}M;x10p-c71EjamCsb>f=PHAAFY&agw>stZk$2V?d&d_u}uv*>_S=1g;Z zyEz_B;F{1S;iWw!C)V{iav#HUKn_u^OFz5;>{K>4uo2+a=5TpSowd2n`fTfm{L<@X z+X|)Iw?KL2%dFM(w|qHJjDdFf;rt3Z41z|(y@$~iHG%7_&krLDuZ?CQkf(3m>0qc( z_mb3F{%>V!DqjOLhRMIy3~ug}Le1QfErs|>HIvlE?k4JvD6aA=cC;jxiM&hyJJc+F zNWF>$bF?;>Br_~Cs;Ck7Lu5J^!C23W+*WzzrfmgR+XpKGfHZChP>+IE2T zvi0P$Zwt#?(nSlx)@LS0_c+1Ba%(MkfC?hxYvC&`{J;)d722aRfrWK6^Z)Y5_~HHe zZKMkzMIod7$vSHd?Up|Y+Qt-u!@BY{@KPZmIK_7$r-d)`^_aa6x@Z!{-eMNUKufy! zk!JNX#-HG-pPW=%wHf_4^|3K)lIV8nQSGKIxyZj6CjL+LZw9xuo5mSWn$=v0`w5pA zO4e#F(v2Ty4*9pjZ|ras$xXB<++|lV1i@7Vj2pis$(XyG)Va--Yl#?2Ns1f`LSP0@ zqJQe~xzQURU7s2!jJhXOrBu<(z#Ze(Ll@fr<_$_cI%EnpGGiqFM5|&}i119T4n~7q zGQXaSxg|NZVd@Edi{kHizU}mMXkgU3N4NK#bP(&`V7-@lFza7&%<}aVMwIl+ESp0x zY~~iE|+e7Q>4C1LaxS zGSjfks6ThO?5nR}3=WeKWsi~G3pc8m&|ithttqq&g3@~=_R+v!ibHhDx| zrG9}oup#wvjB(SG@q6ZPs+P?Dq;>I$wR;#D0*^M5F-VA+S-}Nhvo7H|)eL_dIqC3T zfoWsibA<0e5{*D1tU)Y0k2Nq&V{w>FMfI(ryGS;YhESGAhlv#hb%mFQrY5!*#*dik zRXFpS(8$2bKI~OsADSS0WF7YPNM$w!*Mzse0q&C~1$|ivF}5hEcUV z_ILLRML7?s53;w9nVP&x(lDH|gx+RWJFzqPHuX5tqvdUy$Z@#cqY8dckNP%PA7mbl zihd(g1L_`_SsjJ&|AfX25z-Xr8B8RME-0;bLQT}lp~&4NxEudO=vMkr*=&8CWtO#D zT01ezaQU+yzXU0xeV&=)m9VPu$xxDt%3}xy=E*oo5dV$5T%rk)e&$%GIsVqr9r9hX zPmg;dc1-)<3JKxzmyw^lC`qH4Cxdwj*=zY94%|_^AV9`-PNRiJ1%W4D(!DE)4P&rG z@v2%bd=#1*D^!s_`#bn3cb>yXEsqs+&wS_=S6fL-9&x$NOdc?Gcx5ve$(Fztx7CR7 zwN^#PPY7L8ci833UZ_?jtKT#3 zT)yn`&@~4f4ae#Aq_}c#?_?%`?wjtVVrf-0%2Eb}O9$Wbekc^2e; z2h#w#FpWP69SZTvf-_8m!#H^OUdG|$dGt0sfl9uJd0XIia~ z2Kgrac78w3>vjBm)lp|^wq51fiXG9lXQp*!skKjj&y;&rRvuLkoMZCppfB+!Jjm7B zCN8N?z&Cpq3w>#owa7r`L9Ov)0FH|UU_dhXkc=ViZTa^4(Se~S=lIljH=bO4a0IAtn95=JqnTe13k)n&4#8nIeqXEdab z!8@?3f&Z#orqn9>F&?WgHPd4;NjBCS3nmn|J0H%23e(eBwI0s)#W$Vvh(M5Bb+azs zEt0;x7~>Hq=*L&C5_c*BDo?!vbDCZwt!%g@Zt67-_RGBD+j8=oIAPvguo3UubT9x5 zkU@Yn5=D1zYhNL5NHKCiek@e#JUpLij;7BH;?=Z@LVh8;1`Dt*RN{S2My)4(5}LAS7F|oS*n-dCux*KN z#ZJH(cjm768h6D%%j?r&tG0+=JU+E0{JzL35 zxb0OTaeBWD-F})b4_sC7#fluim#m84=cqt270z{+-mx=IuV<+BhV9w)2KxrtpJ{zg zxX!-j__ijd1uZ7-ZXYsIQ)b_ZYG|{X!xq^ zcL%^aYm-sjs?$`nw$ACicP&i3HK~iKDpuj&`=*eE;j~sfvhgz?l{n|%Toi6TfPEQ( z6&=3o^*HMb(K1+v=)t0ck^CDqh8x?;^wCi~_2M2^(wh2~j|wc*{;4;2u#4=Azj6b% zG@rh@N97uBj+G-@oF;6}M4MsU)Kdm&xv?NMi-*M92CTK$+F9z2whCoF(q3$cv=vK9 zJF(+rql0{u4+m)=E}`oh2qiUh8R8pRZ&_I);Za_qDv&yr0v%JTNXfj0eciOLbU_#* zvQKv*R?`%c#9sM{@eAlvuUwzrJy7~oY}}M4msMXRAi5_>JL#)Sa@iKEZ2Mn(L2G?r ze{!m9{m9ms791Gry@dCsw~ikfSXi9jq>+@+p{64R7Vm>Xar_8#WfOmfMfX0au8 zT}%(Q>XSEWB-fdes{>hhE!KK)?J2oNcY(`DeS>|jU~BYp%6?o;p!%=xA7(WjRe0t{ zQ_FzGE?zvlJdna+dP4=1%Sis50VP@!OBE!C@hkKLuOfv5 z5!QAa<$-@;o_(ev&%#IK9|SAeHhHh|?D(Hn2dO$4(z9DVDn&OCo~6N1Ni@tqDW@hl z&nj8Yk1tfoirx6htZsYBin;j7Jyfz2#Lh$P0slb0WPR28V3SDtj!+}1i)3fH3MAa< z)ZRv9uCYK{&*7G2i2Y;$gM=9#fvt)+`fw5g$#t>GV*X4utDiHjAHh7R+|sy>csJ&Y zE3b{)dc|t6v6-)g@L7AaXq{MABE_XbnQ6?1WHUz7VP^H$2HPG3ff~;ASGnm%2#8-9>dg6pIUxuXT?It zQb5Zy+*DFt%agWxHRpi7l(L8L6MZfdsyDYRY0I)Rx+Vgh=|T zo{MIXQ%-Pt_iKW=+L^Xe*;(@2OWPAkaRtlZp1^N*=#Au&yh1OT=kS*dB>X!i7t7X^ ziA&{j^w64KRNuo$j^i1zoVKf4G{yMo$C_tilhJFf&o`XN_#KG5CqmK-Iv8ODsTIXG zzGoy2&muJf%?{@`5P`_erH?Xb&f9w^_7E#ww1ih!fDGe)Z6G%h#T!KUi15zb+9B?8 z#tXnPl8jVedL%k4-m*lCijB^I-zZl{tPre; zb%$aZm5I1N2+;gUh~RJ- zncRstcobH%Qt=pAOXekpCRAYDB&Xj>&u%1#P~nC2q>*Rzi~cn`#rlbFbsU%xGiv|8 ze=A#XQ?mdh+m~~#Twl}{OwO=H?B5z1u1dYRR4F~bMKPf0?5Fs+v_C`R1jndyXu!~x z=hD+f^diD&icf4U*oi+U7X*&QpHwRA0ilR>>q?OpNSCB2gG^20B3qMnA~lKv39X4OB+%PKI{OL$2$zsUIb{fs)n zMdWLJU`yTbU|D>BlWVt)1!Dur4YA#fC0{IEE(E$OcY-mSVo&%OuQQhX0%o(drCtd6 z6X&kKY3x@sKk8>4sk&y|^lN;BUbj-^0;7cG=x(O=?)2V^_sp9@y%J1AObsLv`x0_8 zQa8}u4AB5%Lc^D68M)E9bCw#j)I3OJ$&vI|XyCFN6qxK^A=OMz3P$koHuBM_fDqhY zk=oi5RupJGrHBDRhMiK5lKKtdjj1$$&ulf9s%b; zVtz%O?n`kT-s8$>jdeM=<%@Gja_`?i!SNuEWT;WfY9X*eWD|^E34vusQjQuD{(oFY{;zU1SCgTL48s2>&T+p6 zr`CF9D*RhQzwO#uvsnBp5!8J5&q9T`QxpVYJNdMXqd+qCMAMd$z4c3ls;RWG z#8#YtqjTJBT0fcAWtf^LE^2Q-frrK>@&t_fwQda$-G3tDnGmlm2(sZQ1YS_alhh#W z*}e43y!R2>6gREyKVXYzZSdoM$OgBSvF;SGag_K}UvJKu=9K?_)7(}zytACE%qj0H z*p$~6JLSLEVmED-(Ya2S&uZenA@6&pwZ|xYPJ{Jao?jM?6OJtY%`(wF`=NUFjS2@9 zZCmN>CISzkLoVme1f(Rv4=au2A@CBB*r#bOiD%D9B^m1Q6VDwyQWSu`BAA{cC2AKB zn^}%etvS9^=Bfr;o?=%-sz*zFMf}r5Kgw%KdWvo zFfJ$9^2zuY0x>%raEsQLaIFAMVj}EE{N?B9y=J;*mNWg&fMnqkw~GrJX-L!`(>h|y z3~98UcUX*R9gaJgDjC0l`lv?M(j)0usC~*&oOM*xew2DK( zSaVc-FO#@8Gx0UWpNcz;HTxgMX|c?pa7$7DqhuI`p9{}BRuZLWM#_bAgcoi)Y7|>b znoqa;t_oBjPOD#wO_YemNTRI(Bab|1q@%kAGjD1r73i%+Yh_mA1*yvO(=S{NAE;c1 z3tIeZ&ggOEXss`moNfVwhd)lJ5&Q()0f4bX(aW=tpQaegyj>=zA>Vx^Ha2el_a zg>7HRrne38-7{>#NG~Vuz2s=piwKn+O$SBL+&Umc>K#(RyI3lTp}GR z%-$#f@fyje1Q2^T-q2BNO?%X8vwGB8BQ>8?F+DlL?2WJ&m_MpX_Hzs`Gwn(A<^!kp z_jDz3!d<_^w;r)tVwYBKz<*tj&UX92VC-~>i(!)xf()QyWKylz6;27|BGvGOo1|&3 z35!i{scjE%#9Y%%db2cqJY6#C+L+>%%>*YnA50`4WMx+GcMSDh^#@u}3mdyd602}J z0{D>O%!mus1fSjT4O$kbyoj*!l>5JDZ=Y05r@P%tucvLD9 zW)AwiJ6Wo+i)YRikY(O9XBMg|{-CQEO%<8P^>~Q?mSwlgL-Z9@b3$m7tlB!J^-L5V zNhJO?DmuN2T~J{QVfk`{^|Wk(sEzexcg8NnU3!0G-&?o##I7**zYrS&uI3F?c zQR}VBb!=s-gBM*s)~5uI9-wuhh={eda*O8EBY*^o7;Re9@2i{D@Hb~_{g?RmXuris z&J;eS7r7eJSClNOMZ2w&W34`6AyfW2+rq$JSqi)&YwA+c;s(cTt#koXVp^^F-m5^P&9#<7!_^`?!AwPK< zsv>s0tRX$&SO%u(836*`!kwlBn6bWCG)SU&Z+K0T(|x_q#HFfmy=ZWgP*UQ4zDnrS zLHSt{D~KoZvq{X>^~j?@Vn|W^RWosQSy_A?KNW>jIBjDxG2+9@B13vMr0b3i7&i#l z*|D@#IxX`vYPHbmA-(n7M4T|-e8l(4}v9;7yy`FRY zb%o)DkI*)2c4dvz{}zZt_M`5D$5yVX6LR^$Y%L1WUcf<8aSR)kIOkKRnT|iasEl+; z*h#8Pw3Wplh^Ffwc6$J_8WeXnoYS<&-WRnRZWkiGnUGnvsG4X#0C%YesYv?0Os)!X zf@*8aM&`?X&VZlE;WrJpyFZueY_l|M*Y*wD!~2EpN&Urp@&=XLeNKjB$yWLdZv(_? zVcRc%mu)HuuB|l|ysRFoR~t8o<5%Ch=lA* zox`JNzjWlsGe2?wUzA*HaTz`52%&!bSabWTm$Z1sqn0{*4&KXYRc+M7u^$6TM?X>e zOYtL<6&pY6W??^b3uYaWE@e?V-FX)l&)J;r}ES$xKC&^%odl(6Ss zBdFE+8V?I9Vng|kEyW|R0(v9$duoi@^<{QLKlYbH)TQJXT!}i?3rp8pG1LY|kzXfK zTY_t*=Qc}tk?NcRvzBysB!5IyjpEEMS{7e}(%6`%FGw5K+oCyHtxg>pfrtewUoe=7 z>7{|#Al*LEjS@|37p=PMt7(BPjeX#prLjFLn|0S|UpKDe)i}dj^)fwIz@QB!LWj20 z9nv0fsxB6*Fuosmu=9~U?y~2;mY{;2vxv{!ryc<@keOF!t6mX+&0%34Be7ZJV^69& zxg??Jr$p!SNT!#f6SdDb^#QZMUMzHjM!VDF{Ig+xj%|3*A$YfS$hw6@7Z>oMf zznh?X+-FPbTx#Lk)_(yKEM=FP&aBb>3ttj#eK2CliGA9@PsF~U#2hkD=0I$BNE&Kb ztmXyb9T_>##Zuo~HjGiL0@(T2kT2WaLxm36Q2e`#zVTLF+`XwpX;K~aDYX};UbcZN z@yXsfaBt0jS5*)%V?H}P$|VTt^*lIVo`XfNKkKe~I#Nmy>-=@RvioN}i%%NrDT8v> zMeUHH99iuD6{t7K2#SS1GCRq#eLwkfPIyZ)B&1av&qS(|q5F7@zZH?#P$v@1Kd(yS`>e8OYvs-OD#TfR8Y<$5_nru z2k@73!G79Lu0v1uD@HWf^=#N|py#i8m3!^gSsyw*pjPG)vo_pRa+q-16Dbl&PeBt4k-(?v5VFPa8h2+%Uobq8#wA1J%x*cQ>xy2&X7y-Un? z;;qdQ35HFt6+jYZ4*_^=75XK%9vrp|kYx#h9IMHZsZmrSQN~GO>dHuwL)NoR(ge7X zRz%UzjUcP8Ur8o==;}lp%K`H!Ipy&a&U`O6fwciXoN$(UoWLUoT1=c1e;5mcOMaST ze-nHSq_-rr$#aGG%ts@25B-*9wki_kADJAqe7>N|WapA>ab>4OdKmtJlule5J+RrdaJUS0%t9(i*Oj!J2cj?&pe7X-l5P>Y zrk_!Cpq_(AtmV)EMCjRNQ~0u{S$+0;70X>`)VJBEJ>67$(V3GIZ}nXER>2ExEG<~W z2D(3!F%^5w9{Mzm%UCMD|KaAHQ<~~z&N@Jm}AEdL&BID$%oa@rlkUAolq(hp+vq9=ew*U97YHO zQ>!S%<)08yxba5CE*d#ZOR{enI9`Ynl>Tbw|LHBe)Yy``9_ZEXO%gL!ctI=~hqeF}H5S&v_zL(Pj=&g3L5d zQNNLD_B|@a$GC1E1=xI%0G!$-yx+L~czG#TFH{GNU`)QCF@&4=ZC`jaAUUsHsR0c) zor=)X2mhM3;vnuUGAQ5*Ia@$T10?HXLhWlA+d-J%<>FYWa$cks_a+eB8tw-+*>8Rp zYQEx|L3b_gRMFrybEc5CxTERIL#H?&&ioeXE8`wXyeFzW7L+sh7^TODmG%miq0;!0 zz0NLeTzmlFb1*jl8mwieQLn^GgSDy7dc|by;oHLc5g)?!wH$JOB_|f!TDi2ZF2hPM zV=u08LxJS9mPKtyv(0$y%qn*GGV!o@dcPzs=>42en!(T6i)UQ-f(%%?sKP8)Tu3p7 zrD_n>Owp`Y6t4loK??y!1OeX&rh=+Y04H4{Ud~ zO=4s@aK!TmHB}(b>KQ|iMEJ_dMw@hE#uY=NsRBasWTx6V6mGi2`@RN$NZY05OuE$d z5QQ^+$~IX5NKFPZ92v9kfELALxEyI9z{-gxCzmcQz{qU+lZ=J+vQaF^-G{H?rh!k5 z2&e@=VzjXvnt{dn!|%Vvv{KK2sWe=Ew<`BnS-5GA7RR7~(U#!}C$M)Jb-mhTl~&$7cH+J)lqnjFRxp-s!dgP{D?XcvvV>KjbkT0lw{2xu z3XB_$V!kJukCriUs{l2^QU_xw+D^EPZW99<#Lwh~QTi|JZpeM9$bXU3r~EQAWisTy z%OZ3B`)J`1x%@YyRP(+rHbf%*?kkW5>P_^EvuUiG8~G-BmLwFZ6ydvmN{LEoCWTXe zDpWJ;Vtc7-*iV`aNytGiOJbozPQs(j*6>t$l4>MNt&#czFhyARkvRlxMzTy27!yIh zB-+I*TMh|qU27hwMAjDd7peU`tx7?W=+dd)ej!QlRKRr=UqV{pri&F8P$PQ?ju?gaIaHDD0IvR0 zzV?%^e%2Cskrh-S5RqEqjyi_e*rL!9`Q*GlLZ<2m&OHMH0Tj@Z*l9j~%3?jE)_}`_ z2&M%KK$@J;N2ZQK4hZygWO-Fu@HBjIWl~pF6~wnUYOaX5W?Biv?vJn=M^?2Zf}lyz zJ)}o$ZiL0OMo9#ft0gggZHdG*t>qcqh${C|8!bnzGH1|KtWfg%m8krj;im16TSE^^ ze&K0TC=kKXeTivbN&NT+X5pj~XFi9oyJPs0SS;EAmKhE|918b@dei<6H_lt4&*?J{ z32=1x^nUGoytwiZmea%5@^Did($h$lz%JYpvUx1rcx)=#agnFpet<8m)w!t#O<&kY zYq)8(luEX;28J*Qs7`z$%$+iMTz$Fob9^A8BnTXhKHa$q_#LM{apIG8zT)jqCjK>B!ELhkbE?(1Aa*;RYU1g?9akRMnIaL-*BI-G9}QErmT#9)9MV+db+HKD;-vf# z9`D7*<5!T@GXGw97wjgtq>~yZY~xdBKaSG(eU5VCj8?3~=g39|e2!^Z?6+3H`RW5p zr9&*oms3zh$gB7fXK+n{vEUSlCPN@pY_^w)7 zy;@H0REtobt|b~TTXdh)(p&KR-8DU-YKoO15rVBtLcBSjPEhEE*$GYHYGbvFrHYmU zHaOyMk`*3nb7n35+q34V*lwwhCH_XVxthV)G*U)PvIBU)O%Z!8ua~KP;%@yBG6*rO-q!xGM48!_I_mL=9Ms~{ivg0!q(F`lwV?D zPX(--R!xXVpiFNSmL*0V!KF2!*nzX^K|I*P3oDq|)Hq~td_&V<03d3kCKTT&Un>cL zWWn;)+Qx68sGq9R5ZT9&)c%^Jd^*5&yh>t@>iPtPp4{3b{$L5M5_)=*f|c!333VAs zam_*qQqOSe=|E52)*}aKNS%JuCt zwYvG0+NY}arh13K$)TPD)ijrd%wq9L;^XFE(@&kz6M5k{NLfUBdXV}MI|M^m4$I1J zFjc!tCH$Gi(K3c^p!*0Yz(3{hKqaW7V7h*2rge8QH}TT>$1efzlYd9KS`+i1E-$LNK*4~4Tc*Nd>^Y{ z!1u)+@f|)JINQgHUh`~t6uk_Oj93J|yfSJ;)V>T)`aGtWGf_rcMWQThMvlg&bMLn= z4v9YfuyPF)BU`ZH#mm_01m_R|5GP)+<{71@A9J)C7i4K{NQ31zSerTJcE<7%LIr}; zFE`Kvzfl%aB3A#9Y%?ffCI*ye&X3Jl(J3-x$%&XNdze$0Qmi12qHAo@Y=D21)K#sC zUy@uC8`)qvnGy*D;pG%@D8Yw@GrdZxo{w>=XMA_kk81pSaGdDQIw<&HK8d(fB82Sn z=_6M9wWo4G8~gbuxxLktB4^3NT@R}O2;T5D&@%&>=E616WX5f}@{ zArszr_P9V|c#PE1eAdU3I-f(~jkX$P_hgcNe)p+!yD&3IZAy6?T848ViY)tE%I^GdyN$fTSO? zoud?37uI5g$TSlbIbzhWn)x;lMdJT+Qg6vB86h1jnbxZ2*m%Umg%LX?RYcPBR83^z zq9hS#%~G+nCW9hm(79E=a;{#2#Bk?H%ZxiDcX-IzgZ5}FoY;Y8@Hk!EQv7%N5sZv~ z9m2$dT$+}UtY+tc|YrrKH^yDhC-nU=cH87%pet%&Is%CIL* z;{|sFA`56cAqL364e>A?fSbB0i;R?LZ03+Lv~z273DukSAJ>CFnXTuTcA|`)N7Hx9 zkNDnWn?O$7f?$N=#a%Q&h-KlUNK-NGSsFD9uY_=3b0#BX!0s0HU=rD7I4+qzS%O@Eq*`VN& z3fS@y^1XzDUgqPY6PaAFF^3tsF2QBa!42C6D3r?)La99j6->u3dIZR|xmQ&5zRj zl$WY)t;_%_Xkca_r^nIMOQn6a(zn)XYg<|`1T47#6124j)QVCCFW?!Y7H=UUn&0QU z&rB|eZQu9#KhK{>Gw1BHuWPTp_S);Vhj%Z25!kT>%Ws4wzk&u>9j_SLtl&!nRvWl5 zb`UPFl8$}gQmY0S-tS*D%PjMA)qy}oi`aX962{Im%!qCmkulN$S!-YgH+xkx5P-4D zp(K7( z;gjc?WTYCg%NYdJ{+(LlgE|V>#Uy%rkIkaZy4ZOQjiR1I8XAZ3L&!_~7dz~Zh5&EX zmrf3JG;9Zz=y$-I%W*LCB7&TzaCa&TMV(*ieFjTeqsM+_;>W$Kq+B-h>)Szo|I4)I zTR^O;#45*pnu&scDjy;phW2SuW+s26L83{xCAY9A$^N|BKq~An@Epj@LiKLNjzB=G z2GE)702=zL@4>fV8PP+JG7?$Y9gA|yK2t)NE@-%Dcy`0ZSL`VX>kF^ZB{ zg%X~=aY~65JEY?ri7^1l0s0AJ6{%QG#&zJzQq-E#*d&^>JJX4xgYHo;T**2x8~!bn z0lzKI2wgL?=TY1JVG#lsVTd;!3vp&8jMT(d80+-xJj3>>t=Kf%Js3&?gAh`K7o=yZ z!EkYe?E=!8H}7Hn{ajn3?Npss)3teB58Ccw;Y2OIS`?CymVR7YJOuW8VsRu-M_TTt z+v@k41xR(v%r3U5!{5wgrQ}cN*4TIbj-Q%&4(uA(>E9CJ<}*9J@c-25roL782LnQF z&n`%0mR@d)U~v?B7a()gX)QYjzx&1-Nn&InT49!I#OE>BrMHm zj^@1o!)Sc4VUC9Zt#30?=!1TJQI3g+NyVBsiw_a^=R)~Ny2anC2F}4%eq~?IlmV9g z;7{?t>OABBU*k{2{YiE?Tgj1z0G=~=DYGEGC*JkvAlq|;>ZywXzgbmv?jzy{q}w+q ze^CY2$Th?iOl@O{N8RH;S6{|=%wV44ozqCt2)nae_@ksns{U#v|D*@^&JrIwe>T7V zvRcL$_zf&U`_|VPnSbzX_>bzm*TCsNAS{`oBCU_WYgx%VnT~Y0bNqqx zuEmQkJ&`ACsWC^FzidmpFJ853(srlSvbH8&-Rb8ZYy4?jHcd(wI8;@Wj!yKy%-xx* zXWr-e*kH9_1+XEnCS5a;i(~y3=I*S;@wS1un>C7Ix~?z%q{>b4qg1nsWWFX`Z8>E3 z^JFn6HDzsioPLzGcWqpyne1xM`70@|1=8qLM2CuVjo@J(y2{g&BzV1?evm}Zx>QN7l(?ljyXv+ON45SNYEQu$?vfAXyS8x!B^+= z%7C`ZO8$h|biXk&(UoTrmz=wo(=|aNudH{rm@uX9*Q7@mg*SZ^nIWt0YPV*?*f6%+ zOAaTiJL(Kt?GMzb2=0c=4nNo?{Xm{MA&jzH6 zYjQtkd}g|=r4nM2>(J~Bf5@wLUS>Fg1cWaKYHk5-dVX$({qLIL2LC%VXlk3gqpzlU zpGz0CGR3MSyc*Ak&ktdn> ztw5#l(@%1TCe{mhn2WOl8KJskFxcG zl?jz}$Hep_tV~_bs&{LLnbYf=U?xtuz1Xl(c{CkM6&fUUh&H?(B&{jyK8Kiq1E(W3 zvTB311nVEn)ermiiGhl(AZ9U>kj1cenX?cYSSoMsH2ktJclpFo{?>dcW9bhP(7A;Rhjj;BbeZR?9MXh9AdI z2J;o|i2ib#TMz!3p6Aw*@K0jt!T6VnQyW;H*VW*opswrs6yix;;^XCoJfUx{MW}z% z0l*IIMNakDAe!;E58?r zbU`&m4$PXkazlA-)qB=We`jQFZGoYpul+9|qW%B>H;9~NAo5DK3;T!2=NByuaefoDypg4YNdw)itb=JW<$7J3g9&{DH85qsP?^yZTncpxddbh4IE*E~gEPMWQcCO5c?*L~fPH z9fn$>a;_Mn>-f_mO4)iQe>e%gUQQR+~($g(B`%$x4CUD+XL!Kt`<&D?nhm99WPR6tMjx8A4Myb{z^E?%=_1~#847{ z^&lfP9N7n=_ob=Ankqpi{UAefCl!bS7x<)Sq1o@f3y6_xw3IKC!_;prz1IiFh%7ja z9V4x10t6QIBnJ<>)0CNay1GGz=h*E95HbiLX63%dyI+?8;+WmOJx>f@-vsKY*u)JXzJDA)344zM48yU& zj~$b}3n-^W+((DlG%K<2fB?MD7bcCrFE37n;#$8XfmJ?HbK|ZkwNi>U5_M<5XrEum z$q=)^N)e~o5*Yu&om5$4tvq=mo=?a3-k{OKw#c76f05$7xYI&mrhqX7{4c)5Yv zL;h(KnN_7^%cW#B${DyQy-(r2jf@f-V+!>ak61{4u9@~Q3EyQq1tneFs`;3a8AYnz zw3ZBqg5boA#JgUZ<>_5)9^9)+qgBWpi4PKcvYYyb#18CUB3Wd9Y)$tP$tJ7g58?k( zT_&mRnWi2E6KN6FvZj{dymFQ8{zRxO+yw0EB4+dF%r@`5R1*n`f=sr1lTcg=xpwb> zsnY(kW~`yJa|B0As}aL)n2o@OPtP+Z=P#a+j!$K`Yb$>S{|4Q|2WT&_Qn z3t2NCi|U*`D7A0k{~k{Q48h^C%zI?;Ta$yL^PF1SO>2HVx>X@59lF`=Q<|G-ev5k2 zbx62-DAN|xDnsod&QU*J4N_8Q&s)35b6X>^%8ft1W;Cxndelro5g)(##Q*%h1YigxJd z0a;tQXPu{f5t+js9dzCIcde8DoUp`ef}>zv2u{4{O(P?9))X0BdbrU182>^1sdVP6 zangG!Z(@Kg>>9GW24YStUWu5RU*VTm+J2(R`EW!NfH$MivDAx`DiLIwS5lbL$>p*3d$;knd9S(e!s#MAPw&U5BCI3z0=~Yfbyt zgh{4r9B=Wk(CH3CW1QFsW8&5o+Rn%ldGVt*ewS}x_`}BZz%@gSI=63URJMDFygIhQ zb>i0Rnlv^L*82T)up#D}A;gn*VvQgJ(Mnb7mw$w5cW*b~axZ3~naiRhu7&-*K$+dyK@}Xat=e6!#XL|)H95?qlP=~FNKfM@>SUcG@3Q^3+4|Oz(g~~7 zFF2jYFZqvG@fcCP&cpM0^nQ!lMOqTyH`u$A*H%-?Ny*p5bM@Ud-pvH%_7>>7s>0gF z`+@&WEFB6XZ@RvzZq)wXWb-YpIsl=pG!z^nJ*9#RRrW;l-iYSCV&~yJHhPFxs;udn zqN7{P;Bq#fmzJDiCtd|pw|OUEv`j66kd#nI@Y>>cvco&b|K%`1TD?#Dv}622njCQuPe-e^ckh z*a7*;@yw&N)!W>(a?mLL{Na1>bylOKe+DEqW&s#nP@DjUaatf3 zxxSgK405pAY0FfZl7?2?S0LvDLPnB=Q=w1_-ZT_mbq6!q{0sizERM%!dDN=em{WlN zv0htrsNpRBX2CkSJdUm^cn4ov1|mW2F1!%5x>~oemD^4MA+EgC;735%-MN z`?L<)yvVWHp)KVslUO4v&xEg`(@cOc2SUA^H?XZ%Tq4OL&#{@J$I#{FSi5#XS0|yo z%+cl8xnk>Rhs;xpe9CO%O+k?%#94wovgFegIZKMCd>~RByB~lq2cSe#1wzJ)j({`w z5uei}_#2e(1TDmJ>Y8nbAQ(%`S06}KEWl)33C`3NL~d%%%+^bml84ubG&6BNNTco* zq18$OP;9NS5fS%@Wawt|ltRF0JMqSdJDvy| z>+-xKCtz@wCljrL_#2UQP07*aTl@SAXOpnbM3$l2l|xHU~-&Xnhe#|Zk2_YW{HbyW|P_-l0(St_<> z4%1KD%%ug#kEYZ3e_^Mt?$5N{@#dz0TzvW!PryoyCPcjz+;@pv@4VMLv%{}JWub7H z0|Bl))wz%~w=dq(sKw(LDr6H9qE4RIu%$S#V2N1c@7`H2m>kjbmp&Vnu-H2Xi-^pJ z?9O7YrqDueIGnd?c@3i!lh0Q7S`G%s2xWboupU`7jATQ0W1|yKgetZYkj`Yy97;Je z)tNFdzI&0%horvtiO!OZyesBRnt^2#tA4J;xpUklK1KS8D3a685iRPJJmHws?qK~` z*##z-ndR=ItZQR=THR;L@_N*)03%?~?u#QA1r#96wLUD8WUky+|eWfluw zNLVc)l%miMi#X?oV2hWUnS3Qbv3>7>o!!B%(~u&D8%?T}oJMZ^yWgUz2THb3VAiz(R z64x#M4iq#c;uvx7XjHy*S|#BioMG&&9F!vIrAlEqO?hZx4Pva|Mvpz#097WvsE~}c&h^I{|5Ga^7qP4%O@tB= z=cSp6$}hy)DH`e6!1VTd-#&&|RL;t3_0cGywhuUB4(`0|o~HP=$qAI>;2jFZiZq_9 zLq_ZwZn#-z?@&e&bnF=%KDOs)B&JBgZ+#qpDD$q;osL|?_XkbCV~epuAXzXe*159K zdn(Eo2b1eJ@*2)OHNHENK8GkY@4~cn670qZ)d}U`Y-2cH0)ys;`Mp4@gNUr?RyPDr z?Rv0js!xNQkNbQqn7xBqizmZzG`tDNkuG2f_wD%cU{}4d6`#mPk81&By4ZFu$3&)J zYog$>`-lVs3lzMm9Bq@65`pv?fJE?GlFar_2fIf6FYkbNXyQbc!^UX-(o&`4vp1&g0BAr}+tplc`$Uv;FFx%s54*c<>kk_uW$n7v z9i`PQ%151>t0~ppp!Hu6FZQvqK(OaNMcbVhTD4J(%x3n$Lkg+YJ?a=2`pWlk@2it- z_Xxu5+4*T4OLDh? zD6Yb)=}a1TMq#n`ON+IAOkgtmr-S#{a&Qd`x_N+)kEw>WN?h~<=f zN3rS0-3Aiw$|BQ)r|hz)y+1~@IA)mSp9VBwZJrFDf@i`A*bq60~u*LW>A4K-Vqq{U=R?0b$w+<7(MhP;Q#WN*r z-ToMPdi*4WXHIQ{mAXk(&z&^Cp93_au#Z%?bbF%iP`AdJ(#!bs^Nq~I7>KV zc!~K8-M?9Yt6Sz&BFX{{4@kTWf&Fl(mHMFpvg-kb^HA_YxCx~~S~Tx8Y&3{JY7Wcu zHrk2WMu-6c2&<+x#&7aNFiD>KCxF!88kB=ov}p~HI#0HsFtp;UdjA600yEHm~!&rQ0DQ&NMr8w19a&h-#sj!Y-G*D@Pi2F~rm z=AZ9*%H`zG5o!Zz8DVrJug=?LFZxK3hLY7&I(CGylDbHBCLXN>*a0g!$+VEzs2_<> ze2X{?1|i{9X+bsH{%jttCI2u?%xmn4+|z%Vub`^gv6~}>6{NmB?I2&UA)mIVmEyd>*ypxhAg^; z{77rAnaeQDjILh+*#vvL$|nL#Dm5S3H1{A7a}YL8Q&!i94qZ1GiONG*8BV+gM(zb8 zJ$55wGI%RJ%3>tfPv$UkDdVm~)8b>~-b3ewz{VZZ#%eDxzBAjrf}X71jq^9n^amVR zgjFXQBm`z*#5fst`hDmB=S+;X_(!4$u9<)JckujcTlkFm50W`kNv%xW2qul6L#^A^ z9*D_WXJ(90Q+q)RKvSp%ZKL4A0ey{Saprb^#X`OF!-bKPk|v}2n-a8D!vX{LFl%j4 z5wa^A?g41>U$c^mQW-%ZWcEGRua@uZWc?Fl$b&nvuqLl3ntyGflh@1`Fv;w|kj&%@ zK7O`NM{{PczL(`5b`NS5<;sb-YFVilgt$tw^fcI~x7maINm$hRtxvxa zee?^;*KVbnS*e*v`D2uDnX7=UwbGTC7)k1Ke&BDOq)z6cKR_-Q-+I=P^Kow&z_fLZ z$?5m{OW+2ai6@n$*3bS1~& zEE>t@zG9+O?cNqi?A)cOUg_B3z5X?-$9|$KyJbhm86s?=#2Ka&O@;WW2(jWa6L`=(!+@@CV7VJbiOz#LiO8SFX_1t-Hu4c! zW!-S05VAou$iiDly&+y;&XyjfPO3L-%>zu0Orl$h8MAlpd)dpH66Ih`OEGm>siOrK zH+YF@;QWxGHv5no8oUuB$JQHE$+r*Y?CoMf!GgGmhJOe(tnwC|;16HhB}7PHVW8kX z%wwj_bag`au>cvaqx{W!*e)2?`*1V>-MklrzB+iBc|WR!e3=`0hL8{3tHJ2_Wo+1A z+Yg=hcWsD&UfY44~8lO7G0K@E`QTLZVHr8#-tT4$r$W2pcf!xnwOAG_h_251$ zO6?ZlzWPfO+&60R(uS&-OoiAcT&u#ROfzp6(9(*6bQAD(6jIq^_w!BX8^ z8{N_aoy~j?!uaVm+u60mJ-xbE7phswzx%WHtE&HmcHT#&S$@M?2aA&$`1mALGY0o^9Y2JmY`e+SGko(|q{$IeqcQZRZ0?2DY1c1DwPy;Mu5iT+|tJ8L9oQ_WedO zQRFVAQFQg?oQEqpFH6-cxxA!%)TpZ-knypNBah|s1as+HrKx$;*JxdGs#5K}sPJvc zW|AdEl=e>V652cK6tQ{=Igo3YBRIw+WQgt)mqCg0`5zr)noz74;@6md8zEm-=e9v2 z41BHCEl%45i{g4ijmk{z5+mtFwU7c)CNPYAEJ-PB9MY_ct(q;|f@~~Z{J#>$bej0? z&C5Bv_d`4~D8f7OVzm#Y9*;Qhhn-KNR*h#n&-RX*N&p<&Rb*E~nMmI*lez1KIpO1_ zaQtVK&@bNUJj=i8y!3(z0q@uEX6enOQ0y$+_p{QwPUL@4%o_-jfD7|2XX8DBnA3Lh zYg66LtVL?LuBgVU*+uYg?@L@r%=zE$$d@`oHx7J2|0xjY>RhEH3fa!z;@?s9d!KHG zS3N?OenN&eoDOe9lGz;kGOJL7a)XzDSwmuGk;t{IqJWuu8ykEF&o8MEYdax)x3b;( zgzvitK={}lidT!aDCGEw$Kl$iw%9K+3+VVPE?Y?Y6WeFsWjlWvY~Qsz_@$%D0ynVz zg%tsTOPrsL*U+I~6oI>(A+jMQ6!yF?XhZ~@9~3nLkq+*%INBj0C8sx9yi{VsrPL8< zev&SQo1f!v>x=wBN7BYfJ_o{&N+*168!|xAhW1oHZ)|ct`3X{%V3uBpO+oX6xb7hU?F8&1Y13Z4wDg zXN-{<8^WzZ$uJ%*MugRoEZs;Qio_Ll?kR2K*^i-;6sI-*c;8)$>a66KX%|73xz8&` zoTs&UTt9;1wP5`5apr9kmD^>Cyj#G6vz;4F#Y~8Er>Ry=Qegb?v2W^Dx8p=doTt_C zl+3Q}^uuaAGUM;|3^O?6zF-lEYmn+bJ3h6AOigWNM?h~8%2R#(7aLMy#)=!R%_BDW z*HL;Z_De_V&m`(!!?-V6Nren<7l5!r@`gb1)$ebped5dwwSPG~Zif z@#EUa(n@+sv!QDsag3uFnbez8Ra$|`%dJEw&jhy3uP?;BGwgutXNpTS*FvpE${Ogq zgrs5I{OoAzh?h#F`nN?u9`|nfNIn1r4FS?!*zLIR4Z0$F4gBM&{YxxE2we5NDV_W z+sQM2J^~lPnNpeXfI>3$7+AqBSb`|YHfj`MSvpzr6d!wEvC8JZ zW0hU?vQ;*FlT|jo-71^*N2{#<7gm}5W2>xsk#cS)Cnjwb-JI@(hWiFvV}S5{onL-k2~Sat4|EjTM5%X ztGCZd?wIXujxOc)>wneXQ7`|y{t6xcm;L?G5C3g{Py84C?c*1iR#{>w3s=9O0>M zu+t*c<&;$0)XA2K=}L(99VBu1-pP+@K|A(=UG|ib=o37??8#`=8`ct$N_Y4Z(gE&eKH2?wSigEQ|Ok(s5?B)S9jDE{0+N#Rh_Zx+@r4LrRwRqKSUpPuFATj zrt7m|D7p%&UYPS$rxSN4kh1|PZbB-VT~_-j0W_ZqE#fq=!XCa|xAz>1s3& zo#qg0W!^0Komo!BuHInxA!>RTe@)ZzU-k7(@j=W!<8Ih4k?{MYwnNjER z5C?31rBC11SHr*U>YZ5V>%G^h&L&mrS9q~1#D)*Ep{kzPbF&iH!2BJL2VxZ;td)q@ zL{sro@xP4j%geR9ewkm|>FW7@;~7zD1y$74_gyx8No!l|I8Rm&8E1^K7W39*mMj4S+deCCC4HE0A&e=k&(5?e9wymV(oYOH! ziyq7MUp?_R32%U7zhg#(BC8{K z{BU?^{&fT=^Mqg`a6$UYFXV$9T+_8Y!x;Y36y5F!zQprsRPF}1@PzcO0sUVi8bz%tW)r(A ztZ229XYGR>X2u5ue{e?15Di(;BsHj67cN#RCL@7g2S!Q2UxRRlZNEA*PK$>-F2 z`VmUY#e$FNhMt|!o88`jmCNy;EB{VEN;z}@oI;Yl>XfUl{=uy8UiqC3sJK=?!f(lprV+hs_bqfF(!IvUJB)HfW=-Ye69=5#?;fD&G_fO8zj zo|$fucgx>p?eOq)Aho)QrqDXvjBS^RX@VWd+eVhf@#hK2Fb4C+i}nyBjEjG+q4ADj z-NBmo!a(M7VX`l(39lJLOElAUr)$7(?8~_-Lu*Ij|I;?@V$QadZ8lY}*>e4O3_3xK z71CFkIwS z-FVU)F{HNA@HKrAZOGv%R0PXwXqED-z(89^D&g?WJ}BHpUq zbILKtaCRA}M{u>6pyMNa{JbI_>8Q2jVg}3JmB$$fUkvUia8UJrBEd)xWVj>v_Yej& z-O%K?Bfj5c&8T&McVRW*Hgz9G9YYK4lIxC<8BvTc^7X6C&3~swOCF2 zc#joT0fGNq(}D1sbJepOrT9rNT(R2s8+{4c#U`#T9qLXVDeXKbcVgO_-kY|i{yV3T zI|&Z%ueR%VXm$-vOV254E(I#a%RatN3^&5~M>8A9Y~qU;L6DHw#%uDJz+9wzA2JaD zxjhq-i;dG>u~|F=ceT9Zv}aOUwCy|P65;G(rgZ&gUq4!`PkPNlYw2Vp5Q8Kd&eO4Bz6)u?_<~d8Z>6uxvuE^r|ASsmYdV>x*2G6}5L~nRBc7F40S7y< zmGb_~ydwbYx-`e%yAvX;Q3NuvY2LOGqQ&zmivNLMU2GyVexh=~-EmrQI=pMBf^CHD zvvc0T7$O5u9_J2~^;lDE7q!Ey`6Keg3SiLl7y$0=@@91eP7QRuoD~h3AIV;A2RSHg zIt0UrMvagZajCd=tdgPQpMC|PZ<=`hn9Welk|+y|wqX+BDlU6=evS%<^LmLhT=D%nE%GQmBTqlFxhC;|9KEF5FPJb2XeZ;mQd4=ts!Tsk&6hUf7We4eMQXYzxA}BE>H-tzS z?UU}CWYWoNQR=A~2P&hERXSej$7_9pwWhrxvA+BgUp_dXJ(P$vNrnAQQun}0*ml_S zZ<1N4H>ba@!b^09Osa{1G4SeWXHj$CqhDQcS$AmwGdI}$qoJuaZqVY#AdP#r_ZO&A zwola4G?@_ctFC&hUS{ZtH;aWcc=%31wa0AscSh^xo!1!+laA~W>E}8GkV6Rw#TCs5 zbNWfFFV+YH-jN^dCF*|PJC)k2c2U3WNZPMDQ4JtIn^JPNnt&JFt|5!Y1-zTGO_b6^ z9E71Wj0*85>jgjoXWz`GQ|n<}MH}rCk^Noo-uL%n{M3~(>%(5v@SnDK^#8HFFZZ{{ z`O-6Ho2#ndmNdb)-JESB+qzIPFOd0C#kDk|02a5uMzTvBO>mNANN^+ixr|mDg4U(K$m9j!a$re z0F&YQ_ZAqX$)#F&SC&kZ6n#2Sp6x^V!a(d*uNt)|P=3KXgNLs5W)+$F?Sr>Jt7d-t zr#6)9u0O}W+2M~=a~vx)GZ;VB%%>kOYyWc|dokN}lhb=x8WZ6F=92}-8!!Z640~mK zxtw2;Lz%W;?$JK2chrbV`8_EEsdrP;!2Atw@0<8bWfeEQn)=?roJGW)-Fk%oMlE#tG%`Q-cQ6Z9rD4YX^3=cD}01h4 zI!j`Q7`~0#7I?z;aDI6pj-kPIMc%{jnDHB`V(Q7!gXXq3@JEu7E#}KicW`%aX`uRD zR2J%9OVbDSf!5i)dXsu2@`%6KwbLhr+5L2CbMad>P?f}+>b|sxN{)dVx)YYsly^S$s-$*r6X~h8fX-KPyC+()w%D=Ff`owy(SowU zgHpRm;fSh9`HopKwo_ZwQCr}X_WoXYzb2BH zd_?=(6^Ak6Gn@@x0?*QbC$9I=KUq6JUZW}TZw@8xb<#5OqjE=0`=r#w z&R))&KbK6>5zOPMd{Cjp@Uc7%$=pDO0n-`l)^x^R?s}$AVAlYUkRzE1RSaz}rTY zU?*SO*mZcZ-PYzzD#*TwZ$d-1uE{%C<9#%TDzU@d2|uJEuY~>@G+7tFxuuv689BwH z8lkswQGAF5ZHS5=D_wbPeU?? zkzoMXCVa3D*#72L4t&2=j_+?{Y2l~;6of1^5od255)@4CL^OtY?6_pR#{ z{<^;3tm_xw0$M*Gz@M-XD>>$jp?<)%A98|?J&O9zZ0=3G2r2hMUvq4oA|qU~J7LR5 zOvDwmXsYn(9H-~anUxgEl07bei5;S=U=BB5?&6Da-p}016Z?I|;~A$vH}q72IbcCU zTC1&r-P-u!-G{OFqlfp15Q#*CFrhSAy1O$=FJXHU*A*T#?;v+lVQgNJ+^i|R^5Se@Tv|ZtOEPB- z(L$b6WTcFjWN!YADxOnRvH6lr!aS?4%1hRH$D{5*O);yf>+Vm{|H?jArZv!G#^xF|m?N_6r)pu;0?mIfC6jqx{V>tO%?Ko+=HfsP)Lfh_ox8h@FlR(dVJeRHFvA z^xup?OGTjFb$M3HyWRo4dvo#ALAIxKgo4&WP6J&}Xt~S{ecapinjmT7xfnq_GI%44 zSC2eN;~~35=a;vO^Qu>{Q?jkqtkz!n03%c9vyrj$ixaPlbe$(7UDp?+>-?+(|JH@o z;xqZoGzJ#X32ZJ1Bm%<~vCetMJ0B&K9D;Yuy+3<~H;v5f2#9Czx^3`uHxYZ{J`Me( zQ9t_-u6p>L{M8J$duQ8uo%W_4+ghnNjIaN&iT{bJ@CFPtl9O@4>ExYrh@Hpni@_+* zvl4;4ef9AM9zF;-9`-3HfQP4MD`0IgzYq8dt3~ToIm@VJxoS9)7jNBeQNsBx_NFdY?CQP` zwlk)wM`J$f$NX@E+b#UmIAd;AA_tx2AJzwOmTROA{=so1OB#64#EE;DpL>w;qDhfc zfO(jndzhAckeRmmB(pg4P@Q|I%srIn9!hf$#kq%~+(TjRA*2V-Gkc@exQ#7S{aZo* z^v}DSKdY-JTKHtzY5$Z-ki0#|7?|!RuuJwDI2`|$E34p*svM)HW?uDsAHUv~FCw*C zO68)5P__x**j*}?i3?vrwE?sA2Qo@(`4#^|Ka4wqr7EJz#%WVykH`{WH+ayV(gEjJ zKOT=R1$p1Z@0^zCMM%e96FVup9f5CAW3vH9V*RuM?tD6VRTGWB8v1SG zl5j;~Vm&c9xH*Z#rq$9$AhE=r1LuulQ+?zB_Ek`ixE;t6(*+ZaKyTiWsmB`+h_A!b zF40?X!|*@mb*)VFoWf0(WEB(!HK>>=<-&(@4N?!4dLW`eVZ&KxTFC<`G&71Pu}SUN z;L&NFnab;&muoAwa{EvP*D=+|X>%A+A*z7xBC^hEidZcQy`JZeZjxN>4C;|oq}WJB zwDysrL?L&f)=p@mciEo3SPZV0qaNg4LXKi1^YD+$DJfh-e89qxYiNXpNSygakdS30bGTr&@n7{cJBaum+{iOGk;p$qk(F@ge}kV{O|r*+ zi6>xY#$zQrc~czNipMt`5XfA`n>r{fE#RW?8I=7!KmLA^_=u~3UZs6SjKW?rKC+H+ zr(81BIqQH{<^>*&jTc_*JQ5pbNTh1BwRko!ju&p6okuPl^$bkIjnLfA%)NZ0!uXY{ zEO|8Jt0T6Q;LUwpe5-LfYRa}@`g4+E<}JN7%XyrI3ZUR1wxO^uI9=pG-TE!4Bh% zysA$Wj=`KL!A)a^$COJhZuE&6A|dzp>~FmIJ)>LM9x29J;-gcd93xV{SLQ@pK^@lk zi+{n3So}Wp?Z*GYL{h_I=;A)iwU#acNW$Ksv5@duEhPGrU1=LGYuRJ%!D+UF>C zzj?0?St|?bXWU0m=0{kXTsWWq^^hC9 z^?gnXtje8CBhekWmO!}AJYK^L*ziO7-w1VW85pG?{KsJC`(~~OMnCwO;UQW0<3B6< zfw}2vs{GdX_zv;_HsXFUisIaMmkPcDq5Bp5kB;_%JKlgM;!Xs(^8qg6qV97A+!iuN z+{Jysy;p^C#rO>1*5xnufqPYmqw|7(*cc^~mHG|E-LnV6*BLAD4gl;^*-L}=KD;k@ z&obbJ!UN!8ec%<23_s&NoxiQSy&*sBypO3g7ePfG zUQz$zi68ErMH^s#pSiJr z2y(~F-KEpnTd^n;#U9vGF%KJ)1&@Vtry!)JPxOwml}j0*NkGrj(`iLngI%)Ia|z27Q}%H?{cN&eupb z`?qX-+hpTw42#{BZ7?U$gcI<&H(@9?bCz)n+KC%53^Yk>FC35kU#AI;^ltoBx`e2{ z0DLd;Ltq$%khZaBm~L~6G`F;~_OZCUdWM@;?F1^qWpxtG`tsbA+L7UqJFK(YgjXqy z7d1F)uF!dxjaQcvFr|!OSZA1HV@*{`^~_suJ~&qyJLd4Ex=(E#j7XH=6M0WX(p*mHRy^E&(m3;4#LL!Bz1;zE?@I7!s=gY|A@_)b*iv7!s2WTcM z&Z&uxP)%M(1QJ|CGx=VD-%P9|!sN4jJ6xn;_?oMU9!pJ71GWJf-S!w^gVJuM*{)o5 zkXbk8LK{4jyq`U#DI3o!>1vqOG&OsL;*K0+udSleJs0iG8Md=>l z-RBn>M-wJ08g&!53r|BK2KNP+6f5-->3%a3 z`#>SWi?*}NH+p4XP`Nb*b9-ZBDz--4+f`K32qJ&E^GlHiX}=3t$)iY@VQ$r328Etg zw=f5(c#Zg3rQWHX*soNZneh@lGblx3BUWm%ih|rw)`d$r91wyOWH|5hP@0V+5gYB3 ziD*?bADZP<56UV|mApbV0%~SW!V&kpYTLcI(!HwO8%A{Q-L=i4 zS5`{v)81WspOouXYCCD&!Hc^P&~^kX?Gp`6eDrE-(Csq1HuL;f8z6>qq429d+)xCt}6bnwPnoPyYM~x4e!j4(u}i);{zCrnxdZ zP|W0g+SQOE#6~oWBGm=w&SHyQ6pd>4(=Ohyt^4Hl+Fets@lMs>twg!WWv)%c#t*$aPA3M+!?}YJ5$@dQ(FA4 zBquNzIfOF#-G$gaf+F11_Bjkwgg=HEuUg3T#y3VBANgX#jlEc3QB0yR?KY^ExeG9a z6KNACD{~m#?hbwj7*$)T9rPrJ6iG~9dbt&B7?W5?aBqGar~K+U*VH#x+9{ zaQ63plLTOLZQCxnWwnV=_cRqo+*Tv#l}E{4yqnu!XL^4T<<#yI{G$-J|Mpjeb?c&e z+r@Lp#;9A20))*jTQ7}m)@bMjg%+}xfc|nPc^6b!wak$7mWiiNQBcUgJ}wzg*YZ`z z_b2;zm;H$^nn6vTnMG!>1!g5P1Vr;5`iDlr2D8+3I(JR%L*9{oe=`aTEq%J{XUyF) zJMR|nLv#;}$lS}*M6?C5ES)+NZrAB>i}4R6W=_A0pl!T+#DfxbLRZFP{mcP&aRW5Z zcE69RkPsQii2$ZgCK{OBw0fdtp2>5&k{N+QgCtk-QkPyZ3RoX*^7NQIUuNp+2&hsg z#$cPtGxCTCrn0JrNGUX>J*m$98d;Dpe4iIC_kfk@QEVSXG{q4jqbT3eAZf&%B<-b* z7^lceo~<1yUk5q|oX!G< zo>CsN$C1fO?lM3b;ycA4j)vddk+YX_CX`X5;S$BiPM1V~wnP9|Ndz!I%C6D?rbM;i zg)xiP3vsw1Y)f5!K}i!mdgqmFk2IGz_}x(_%C;B_=&Fxkzl%dLEWT<4xq;o_FjVzX zybE?Xk?W5!nkM2-;@YBsVgdyhtNMm z_FwQ!lH)`b8&#$6K+;4LIFC65jPzTWZaOigG=w~{>SHTuss2G7kG-B*%ajp`urB`q z>U!(tTwPF`69&}Pqq=nd2>JU>q>2n1%)AZ+1od4_eSYSFqfe^hPmexMvX#O^s<&%V zwh)Jl+{iE7f1zqq=yA2eMvwNw^f(j}zaE7_NRHa?__eEjYPO!) zzTf^nMl$Yqe$#ErlSN_fT}vMAw=NWB9b;nFkHR5?!sV8^PH3Mg*pWFq+XV?7`$vD# z{<|>Ibm1>5;*OdypbN!xLF{676%}V&m;F2E7-TL)3l-)MMt~iec6MeiKaS=j1pM88 zfzh#TzrbiF*-FW=i=I5FJXv5=(~}>78`+*zYdx3t1B3NUcdD%<=GUL@ju?kJr?W0U zFLRWEGm+RuH|nDXL(d=3PCf0E_qPLSGd@L%%qP0x1D#u7_dDz-WP1CldH=^t`yJ|& zBwMMk(6x*af6$-ey8QgiHR|D~D!F6-l{A`4MyQgH*l~Rnp{8;uV&(w@Mr>j<*6L_} zz_`R|9U~o1bkmNEl~u+T{S#=_Zel?Q`m!~%mkRyNbAFx62o2dcK($sBw>q{G$|&2GTZNRgDH*QU{ovH9{gD zjqm}!v;mnX*4~n}bp%IH2BbDO&eb;JTTpT|ir4}(-DT@_iGT$&cV4<+2SHIeQi!SJ zdnEC?v2Zt5;bQiUe+} zO2NUID2Z}VDd&{aQH!*cUGTgt|ByX75XM)+aZbtRAQ5gz z>rhy|q4wrHBhyM;w!F7yT>PFn1vO6m9-Vi2YqXLV16@wo*@-srin=GSjop{4$%F!q z|1Br2z|_rj>owoe!ClixGd34m=mhzDdcaNW8>!QF_EdCtjl>>Ra|5;*$ve4X$JkX{ zVh1Lg<%rj-+17WkDvMDsn-FU=O--rks=NvYzZOK81D8Rt!hCD#clAV=O1E}n#p5kH z!RL;5T}KglB6e`pDPcm}^NieMT+DUPGy5b)Vb-Acp6eNud1!Ea2R z`<*~Ee>#DXQ^iUXNoe=-iKB(wK6VIkPrLHMy(8E27Jrva_t6nEJ=>^Qxg%`gy`7m( zUInegxkuVaqR1ESFrr7E)Z`XTBu$P?G@JDnJD99W)IVX9JN2HhHSzB`baJNN<0~s0 z7T(Ngex>5B2^`5m@xe8;?$q9g{7E%<`7Oww>Xz%sl;T~B0+|{Y^vRtM=($suJAX?TjHv2}ovNCzC2s{sXU=@? z$hPjqW>Lh46S(vM=@dt{N$&|gdMf^6*!f{-W}g<$O8pkF573U7fVmgm{vI;3#;V$T ztc32rsd2w|4@(s6TOp9}YtVvARJg#Wrs{hvu=AOs8gxHCCCx6dlC|*{`(-+*L+GUh z47T}ws6=v0f?#^(FZy!TVvyHLo=Ss~&LYD#-c$`n(wmq~kW_H{Kz%CaQ?Y6id*}Ul zg9N*Tu~T&k?1+Ni_1PqmGVh1HbO$$stJTDLG__;5=6&7d!8@btVDL{e23p+ao?B?U z-wZ+X-|{NSL3-R%?V2d>glxT9D*ZB;4q6<>moS&u5913m*lAkWlq%*m+ov}k^SimC zKj}G=5MT+4-d}h&piDgsGcZ7*VrHc7r|b8Nl?%REbq!NP-m{=iOnG|GhaLna9vJ5Zy73+%umER z8FbNx?qDR-nR&uc0Q~rz;CM!CZVBoLKK^tm{Sch|kq@R*`@!$bTvK-(1%L@D*}AjJ zm>6$wgM3{?Pn-`kS3}Awy1D;N7Z2owLxD5#V;n|P-tE#_bMQwxgiAzgyN(kme!Dq~iLq4{f^{&L`QF#og5GXErQ@%g zO9Xsz>wMcfDE{@ctV72yH>w*4mu#ph>h-zLJ4<>@We=3-L?e66kokR}L~M^_ zaz*Bsje}pHSIQ5jq}2>&n>YJj0}0h0yIC>>T>mCB+z#&>3S_7rc*$0pSJUy7dRnQ> znR&p`|NI?38)dR@zdgPL!=6y<_L7Te0F5CkRqs#eE&ENI3%wzK^$Qnzo_R9*&rX?r z(6O3+|2pFjQwTEd-mvTK-q!dejGT*X_iR5vnmhbjRz!^(yn>&81LtR3_c3rD`I458 zaizn+**Idf93ygSyg-(4)qosY+l{?=<)3oalg1vMMg2)@!|@jdynp^p##p}fc?j!s z_VW!#-VL7KK>ycfU-_`zIcJ|))uQs!2V3DL^IPR~C=qqNF z?w9lLq@Qg&=)M<-okPxJJ+fpN{6k{<-HDCGjpmudsLxVB-(MAPp@2x@5&y0i3Qg}` ztTNNB)cxi&)!-wbX7m-pXFg}EG|#rXxUb4f23C1Nw#sRJRUVtIvYaY$-py7PNvsQf zR)sIamGt#d2YU6QzOTYxlM-1uio%~+(H$zA1OJb*6;<|CbeXBBu&<)4KC_~-ffY$1&gC$D z)hJAT#5ugLnpvM&jlxCt^+y7!i1S!qHL~pG)KikJCxVaWXH*pXFGYhDXY~zqja|dR zUeE{rfRw0z$>?;&ru(P1OXSyslsk%4+*crdawt9KDUqk?0}D+z zg-*>DDpsLVyL~}PX}(`cV$eOP+7AhNu{oTc2)mC6l4C@5_$!hhN&*<3D)C=i;%v0y&1PCwLS1VOY8>trsA%!U=VJF0cmB0kHZ zGdrMO2oSRIy8T@4?bU`8s19WVRwkNt;DRWmrt!f_CPGFQ$E9a_$KB6{pH@gaPC!a= z?-JCIWz9C?7)L^(iwiM~q=xDG;?yojT*H%7d#5j5MaxF{X!_fQ)S>1Tx8E1Rb{&hh zId*W3(-Q`C5oZ{-F2+GYnoKMCf_la_&Xv{&s0Vkcg-HITB|TYND(r8bFdPxbdZcx5 zU$zs!FPg@N(zoGk!-lhYRU2EUH~N0{`!YDX$2e`Fr7?r5Tj5)(v4P0;1*QmuzRTt@ z!SwcvjI$A>Z09^6C%D?qd3SdxL6CFF2B8F(>cq?-W1h2R|2kV)iU6dB=f*gGn})Z-8{Qb~6}{^ytS_0~aEJ zTQ7KZn4u$a)|`dYH?T@@3|wJ0zV!G{yi?6rGaEJT=OvF%KF`YT8dl>TW@N#>HtjA= z7dB8#2Y1(*xA==4sVStYt*#rylurH|E$Q+v>?m!6C=jkOg#Py82z@@IKNZF@q_#h@W^^-(|VX${ae^RJndA533YYnZoF}~4xSY7H4Ha}L1T~%r|(8zW6*1yu2IIU3zj%IM&;+R;Y z5_xmSXFCCnin>3Nl+7@P5qDU-U3Ec-J2<}vvO~bChHc=EP@d6*jx!LDzlZ@yn53F2 z)6l$MXYaa{NXSW5(gw(@@z9R{)~qS?=I-1}>`>DOYl**v4KTvSUch#LWF{Ij7$3e^ zqx#`Z!)t&Q+cWkvRo@E5Mu^_9?zkefJ^o&8`UiC6cdB*n8OSiB?%4K-uYh4&iXYN7 ziv63|sxcgr)`onl))ar+mwlRI@yCrl>p1^@*W@Ewi2fi=*v=Z~BSHYO1r=#T>9Nn( zliarrctZNif_+_^fBQL#iGl!c3!%sG-vnS zN2|TXY!eNYG`qn{y@~p=JNO(`VfuMDFI3e!U9yrk@AJQdP`f$(rab`ycth+EqFC`e zi~A$5Quh6AI(a!u?G7t-md4?{6j`*OWS1(?280PH2;Uu?ZkkQ)0`>O4CpG?$TIk=C zKF}uS3((C@g!3NvMPp8~a~HdX?O>3C63ICS97LmME>5Ujk=u_Zh6t(b)~={=z%A{j z1sug>yZBBYTO6cYjA*t2>6{$1KKKkm3HLnC#E%nq+0|`HVUCO@5mweuEGDtoPgGZ` zd7sF;?v0noRnIEGFA^@xXF*d|{hGa;&h;re-CNG~GdJ;%)sMl9*w<`u0Q0>vfnkgQn&xj2ujMn9B|N zCeCz!T=q^0!>uq2I40LT&&(8>`E&f_|F5PI1%qfsb}BPt4dF0U9E)geHJNd&dvB=v z|Jxpo+^`<7_#pyhm@7;V-f{xSSJ+xO&aA#W;m0yNVE8f9ZTmVU3=NrY&;hjrn&~l_ z=T6Y(k7ketL`6JlQ1(kjej$o$s7Mn}UMm@WD)OtAe@R8u-u|h`_)Gh#$kFttZ-t{V zL&Cdig%P;2^ilb(xLYGO;8<0y;cd=30n7<`xA6_E5qIg`hr9}O^GR9I`;NvM!xdzAWaci`NSgF&P2G?xxQnHuu)=_Ij zG49l4#5FgOq5YP(@TJ*Yf?!+E$GzxlZRTfc#({d;6vQM3~kLWvT%jA0#nvJ@2$@;E;a59cMuiEWh z`6x(ENKcY|0-i*4UzK8`p!1bm(3xXys@{pe>THn{3%x@@M}QdbOFsrisWy~K8eUe7 zk)B_OdyRsNJCzZC6yE3Y`AO6!^L$3FYHHF-Z353T85W;xdsj93Q)?Wm*4zaSR1Uy_ z2T0J}-K(beBY<}YiHS8+n2+9O^@!`t5Rql~*myI3OG6$H5tmgC94;G?fIocHbBQftYT|4Jw0z$lVr2&uo6S|->q7vAg!r-HST53Bp=;SjbO*g zyqW%HuHeZZEPk1q!b~B5(6}9h*6FOL1>y46l|C_h>K;BzMb&@bg>m!I{mD{f;Klz} zcVw5bUtE=&;A(IUnC?u6o5iKzGg?c$~7? zhsR%hc(nc!F7;kt(4GAo{wg9CT`B!ZzxcOKG#^VyiQi!&Fc6IwMBRDBkAh)g41-dgfT-0zo0t3Kdv^hAqq#j#zoqiHpufgZjlUO8*XD&~QHTthDy!!bj*~o?o$iUcUog5eX-l&d48tGb$sVRt z!RIo+FfYD98vB*xkM%CebJeq)7vgv#QB{r8MJK8e2E9;&{V|P9SGD!h#?+fFD#kD8 z03F=Dr5(@!?7xd>MFyTuv8X0W8NC)kWJewWaU=5bf)Y@9XXBI-BFPZ#(Yt_xx)b}{ zaHFCmAZOD!xf@7sK02PM%M}TF!hr!((OM|qP1Us@oPZ+TG4RblR68*!p877yD z&=oUO(UDNC^~m@mB6-i48gj$+W>c=VaePVUOJvU4h2`R*P4)FTgAEc9r0NoAqs_VQ zYHV79M?Hf5VFg>E{2Do;#Qw|JjYudZgnJek-$BTDrrdV=*q z*Ad~w10|-etfA2}R`Mr&!)~q4E$Ik@iNk1#ON8?<{0qf9!wol<$fgD#yFVKRVjwoZ zJD8#S*mxM3I7M>yRHxRtCznL?XNQE*#b%^~463ZGK^25iWaS-U&V97bV0>aK*_VmSvvtPs4Ou4csKJPx3nzG8w+#ytRCp11(8gO1P`dl=!-t%lx&SlSJ zwCfski5zw5e9}-C*s81n#y9V#g=1);pTt035d_yc9nvqcHHD{`TakS&cz5s_nktOA z)w8iR4N}rLEX8`EmFxt?O|EvYv}>()H~X-p zV1mI3#0b-rXQ04G`C7`O{k}j`2(QF}G!B%01X?JC2Eu!d8@^Cl3N19>|D2h*_s-qB zE6I6$v}k{}=H9tyX3m^Bb7tnunKLiO+yte;ih1l2c| z7GH#)O;G6A*Cv%@{@iDw_$Ojsh3uDZq2iI_*DzHkgzov@JIMnn>uKo`C(Zj2jTlmC z-7P*+Cs~j4M^ax~`Fq^nfs%2bdgTjvyobP`XRF+U7p$ErU(B^Cci?sJ@$oCpx`z{= z^>t_q&#t_KfR6WE{QSGQXr;F!>sjeX`F5xz=yWw^DaY}6H)Da9Bdn_UOOgG_$_?~Q zpmnm6q;JRmfevqCz?Z|rg9%1o&&RO^Hm;3pZ>cr^+>U7_iDJ{0T zPgXvT$Ga&Rz5E$ofcGcSsK%+?D2;9;8CdEMt4Y<~zot6i6c0Doz_Fj)Q^8;d@<5gF zMa-j4ed1S`a5GntMc%LQrkXZPWxzRr4BsPY)q8v8w+UUhoz^>*A&AN^?xMO;WjJAV zWyH}E$v<~;A-B*Zg&x5_7cBpl<&{*jz>C-^ zkJo|Y?DGInhJ$y+kW4EY;y{xyBH0~4a&TQ9uj-&inA+`80tE+%Hgo;XPd zvC=0F&o5oh_UkYFC2}A3OK*$`7$FJfEv_;m5kq-2T` zWq9fGhfiIKY+#toR$DGTiO5G^al|NH32o64I$wzUv`?RR8yA1!$GXnduDaU~HphA* z>*25g2fv@e8-h#ccF4l}kDdD^*tk;Jr#=8F?6%CQci>eWv&QDgLG-;--@qSU4+&`v zgCj>;4<4VpE%qsrmoSd`^c&$v5h6~AYutozviCh-1NjG*4nG8nfA*}(mOCLt&bkkN zOwK8v8aR$a9Avfb3XR{Eqt4!?()XcfxbLjW@B9r?9Q`GB1Wsbp0AmVd@*!tT`Q%^8 zF{KiD1117kRUG?Q9`q+7kC1N#%>5oKy#R|@AwPb0RBWGI0`sAz$&1hb3RXqX{~f(= z{V{g_9ylOXE|LP38@^926>+C2M=o(>`5@Jr z>ip+?Eb@<$7cvg3<7%)XW>;{dXDY9yzZaY-q9TR z0(3L-)D8B&3cbVr8m=YwOmlFQ`t&;nx3_)ZgE+~Vf}fYuXhI0sSAUJ<960YM{l{OY z$|P08dg(`9m5-`_t1^osPcJ1MOZ9RuSpHUtY3%41&(bhF{aH|~^sJ#5zpo!4h4b++ zN)NC4_@m%L>0fmH>rsp2y(f@*-QckUx02Hy-1mMP9QI%XyZ8NG2SlI;c>%gZYIl!( z{KNok{91Yq* zeF5*FzUr@Ov?R?BZZ`N<}!gBcmiXjgVSd#O#FUK!{ zN~h~={!*H!DEe~Ny@-T2CV-cwWaQxSt8hyUeK=Qq7;vGnx{Zn4OD%9!Cq6vb4||nk z4{kzfkCNX0-pa-OkuUW}?gjMj^9G=)fIqb=Y?~|#JBpF8XtQ2r?@<{2j=Y$?fya>8Z8{#IrpIxcuko&ZaDP zK6HX!U-ek@PvS=DnUycS1r2%Sb0y{W>J#jlCK5_ju#Zbu00X&$hT1cR*y7#$%{xh(+&`_n^eeq|sjVMzK(~#8lj|-a2>dF&A0TV`%bF<~OnbrUE0li# zD9Vc1a>QYV*^4UACossmkG_$Z`;qdux&Oh}IEHD?2==v0mp%Gk&ZV>y^JRF|MlU`G zq5va;Z1oWeR2{$>vg`!R%s`50E>`sEheD(X25>bIJU7y2p=Caca@D23v zEBlX~Ce$dWb(JlYCs+UC$~}J|aQzsCs6KA~hWJrc=N!3x`{@p0&h{Q+G*te`LtKY% zJ`Xn>9DT(Cj&{KPCnj3AoxY4IB#uYDhy27 z{Sr#9^}-U<#)X%WZb{*4fsob zh)Up&JGiDxciq7izW=ccsop=J>xe3q_fbQwO9Q%p>B##DfEIe|u0{mhUZGI8O$6CG zzkeGymuktc;c0&e1;tQ0an4 zFZ^)Zd;b8X&z?RXk8h*L>p!s`!X)yudro{GUWS)0qwmP}_unhBtvu^5(C<1gnR&JlNB_a^3ody?a!LR3&SuKc*cE9~80NkI>Uq@ew14P4umBf6S-13~$dl3vjZ~5{~@G`f1H?_}Y zP$eY$TQ1!cMoxs=SH4L%&;79foL5}**xyQ)OM&Gsp1&J&AaKOO#g#9;f!crKVrcfU zoI3Z_Z1IS^@$s(8o&50?7gat)4;tUR9Wl;$=V%5d;)6>wCNH{g1rp@O4cz#RQZIN~ zvgLyqnD7=RCcU)s8N9*&I|z#Vxu_6wxNE?%BK1z1-_M4QbZjj>OdatwWruVyn4^`C zo8>FqEHAv7R+$yrKRQKBA?P)D(G5y1Tm*>VG{k2=W~@=g#h_u894Tj15l{|1Dxm~EWdvm`cBl%;Dj>47PGe|$mH8>zs!Q7GJ(zI%EN4F)R}&_ zkVOq**tzjTB+V|HwVF3G+cL~_%U|hL=`?yhh+Nmp$m7vd0T~P`uLlLp= zjmR2{JFryeyetI=^xBGeJ~a$)&WOK`p1<=tl+Ad;M1 zw;K`kBmAn)8!f%^A~DcBA4+9Zb@J3L$XvqX{vMilMot{<{LCLB6CsVyMSkTQSsMT1 zZFtN9t@O<+dJJ4}a@{-Rm(za)0sJbwDB(QudyW8RQ$c*5@_asYo%8uLExFvEnoo58 z6et4ubKeQ9)}4M1r~v22l~+)?+b{buKGLnPO_vcA7$k;H-vPn89;V{!DL0^5e%k35 z5fC;5arkk0zyq=DYsr%XgeqdMN0Sd8NA)OQiue`P z5qmj<$5V)a-2Na(bR!}`5T%KJfLA)vlWAT1PAZG1lH2GA$QCF(XzYWVhtl&-y^=q6 zg6P^gQ-p4X*l!Q#Yyof<#_$}z}bc_irBJlX-%;VQU6#``p6cd<6Gfulbthr?p zBJHgtd$69QobWr<4s;ZMIQ&}visJbnRi4ZEqIY9*i5cB<|LU!{Jf&;>i`Tsw5AsmO z(z;jTg&O4Kx)0!qe*MSJuKWXZGp9z-@i^k-2~6Qh=WtO{wIfuG`y3hmpQw_Q;g{bG zskVz{`0vnT3nu-S;sF+Q`Sq0dbDx2?qn&@vNl1GCGghYM5J~R}Jw5-YxY4HbAv`KM z{5My-g7(AscCY8#Pp)yl-Ot$LPyCa&c4AlWRsV52g5pKDJ@#y-w|Fo7#JBq6>r-i= zcJi;@FKT(fz)3T*bD<+|OGl|c<5rg6?N9vtE~4gz>yG}#XvEQ82dR2JXbxqmC3(?ii5vu`M;3wE;EAbk%1;^nEP?%dp*l}(ygn4?y~nzKuGp=gdwo0DeIE|~`! zyf8g>F;Pf!ehr;x{A(D_W$k8D{G38}m^%~YLZVd2bS^BIht0fIEY9Z&NxUsA>}qI` z@Er7IcbIWtS4!C?Zaps*a+!=>*l6aaP2^Fqv!%?USuUotGtFAM-i4raX2dMz0B-BR zk}x}%4hpr1IoX>9i4N38NFi>fr=3ce1x5Ut_&CWngz?)@2Nwm|Nq{asMGI^)J;Ma@ zQZ;XtQk^@Ah`aPmnTkkc#xfbR+aaSlke$vI<}BhGJcBen>Ef)OlnF^mt6=+bnWSAX zH*5te^(vvTW$Xypsff3shjS%+hj~@GSTf^zJCUAVG-Ke?Qp(()E~RqilG%p~=*?m9 zt&X6`q^JBp|TnW`%rqVO+-q{v61slnlEx`12XPvE-jSI{VBT; zl#T$*fuc!SyU8{-Kc4Pl7~MlXjMfv>|K_Z8mhy|Ia`V7a^#5+FWY6RZX}j3mKs}#+ zd+e-TfCxcfE1@&tOQAT;U&gF-l6qiYIh$bd(%f)Je%hDIl;>>U$0S&Y5{{-8i_{8c zPazHV@gy%U7CGnmVzFe;dB0dm@hz4-WMva}(yRtaC6oF2f@$_Aljdk{9t=2SWvv-| z4x*sBAuFrX3wcqX7f-SFA%LLZUJgAUQuB4q+^H#w&hjQ68q_8(J2$>1ouB`;8}~Vsh$pLn@gr$Zm1mxm z5hQTvX-Jkq=t6ET4f)mJ)N2PCCTlm4uw#I+ks+_tY7og184Ne|6UGXOOnQn$ibv=* zG?Z)zC#z(UR4%0o-h%CH0;5->nJgSa$S5#0cJv{{7(7>=NvSRW1n^41s|ypRpD(2uz`acc-ju*3OvyIkYGZ0Onx22=Sp(Q0Pnws8Xt^h6Z}FAbaTN zDRk%jd{z#<=43XVm?bz7f!@Z@@(*EyDH}#Nw{#wR-PdYlXcS&Sq8fwM{{6$9k!VY6 zTl=<-?P2lMXgXNpb5lgav8wJ=W2&J)7k?&9o+KzsKQDRG$pxZD(8OfSp3BkH#6yoh z^li^;Fg;|tC}y-S>6T4dRW-tvu!}Y{Os6xL@ClakB9A^Okk^P*o2}e&krBhhgQnU# z8&Hb|Gi7jUo(7rDw~cig%u@}*JfbQl*w(GsPWsA?VtUzk=bTlX6|B2UtFUBX1e0^Q zB)B^q8r!;m^WjKnY-IB;j4-9eJjV`X6Pa?-rZ2q<;&ImjEh}Fq5EO#6#n9s+SwOG! zb%c5eSJfGYsLp-9pN2Bkeu%0)hW@{Ge<5A6&2g%*tgQyDahYfjqCPiAU`NtYJA~$z z@FCS_GV#MEQ#-60S9ChJaZOL_nmbqA{UkxT8#&Cjf;RDY#=v|wMwZDbfNWGRK{nY* z&wLOIOesgU`tuu_z&#o3<6w-^dGJah!d&2O&^#@W^)5;Mh-Q^>yKo3o;ek<**qy>V ze1r#H$6;1S%N2i$7>cutSjyzg$w+IsITDFBw>C#Qw)=)Ir+J7T3d?+_mc&`yH3)#{ znN=gY>S{!3fUK%UbY<0unr<~XiCc|Qdd|KP^Gd46GOZCdJI&CZq4B0jbVoS68R86! z5MCwFG6<_K2sC80AM;49zek*O5lT0d#xi6PYs(C@HH~K6n#)-leAIyt6MVllZ>7^3 zM2mt5ZzqTt=Df3d9<2^U2SJQlSaPQm<~V8_nuuS~jYU<`+T4hUgJnExxwkoKw{h-; zGzg@FwCf<m+qjk6n3@V&710usJM$BFh7Y&%<3e$;I_?)T`wO)*I?4biCEWZcnXH|9{f4&t^DgLGSY+uUatl2E|; zW{^?UM4P*=YYAp)G<(WZSZ_9(y;zM-l?yW| z;=1Bg4pD=-Y%=E~ifX(qVNr`YV!Wg^*JyUx1r6B?jp;BGtBeNb|H#{T9U}GJPC8e9%6WLoH@=`Gde}zf~w&^Nr@q zteJv6r8QlPViuX0#JuT9qv!R5N**J3O+7sQCy^eLD_V6Hr;6M zT}&TBd#7j6Eb-iQ8o@a9ujwqPy)T`~rprD$yDY?2zsg2KSs8myucXTxqRUz{sidX% z{T8>y8D?)8VV>)u$k1KZY#F4Tf^;h) z#Wm1OLs6eQk1cI(qqb9h$E@s3&L=h7+@|D7Qx{-nbF+=mI%jjB#8p6|Q1a#Lwk4<8i-9eh zTZ9PGr9qq9qCA;{1UU#LKBQhMmz|m6$9_D4{uDb=D9_!XQ@qV>YR+MxFk3Daf!##L z!Z6W=Mzab!_1!k+6no2<6`6xj%$5u2Qz+BQV|3Hgxa}$?o!H;h`)Iq{rVKG|rSrCq zYP;KvJhvSwf^sO)%A-6;>hav{qAujx-R9&JaXaVh676mSGQ>6LXQ;l0e7oC#+o_Rb zSeZg+tJkpIZ7~Mwu?q8Py@R$pjTPb9dlv?wDGPdQUMR^w?M{0LAWXQXFt?%S&U`1jgR=>pv=%eznN$hesi1~`EgBB> zW-$k}lbf-j9tlCSDBh~o1_|D=9Jt+&%0%MRWFwmVs)QGmj({Qhogq?;bwY3M3&)mQh&{HRD5G4blpj z+m}GoyKIO0q`jjVN~Bsm&cqPPA=0|I30z*c5(!%Qa}7Kdn9N#oQw2;uJTW*(N@vGL z0-9{HCK2&ED^M+Y=QbuYmaMKrc~xZIDrzZ*35A2X6eJsM?6KVn?TTnT>To^RRn>;E zr=*Ut2=AvTu9Tvm19y9t^mY5JOxZR!P|Y@wlCC>rTLsqS^`-4hl5BWn#hM$iqn{okLrg}W|RMmP)2uj$4hM=e@wn`=ZIH?&u zBWn6mJ$`CNd6$^k+I$k(Q&2PNP_yL;>*7T73qlq4E&OjwE2cT4YlJY??${vE54V%hVOskww+5ju&yv z+uRzha-6Kynv>Pzr&$wL(Uy!5oW)K(eyWv|VkCrKmNR{frJFB!5>0x@QjLt$gnD{4 zAElW9Y)7ZlGf*j!HDT=usSwV-iNoU;43RSu4BnZtLabhQ*|0x0HasxAXM@%X`V?)J&hdJlWdi<@C#Z@Z_o1FIOqWu(%5}P~_t<;{_|f zQu{<-f|%4g(z?r|F0Qp$VPbf!6N41YtF%qj5L$_8qA$Uj*MJQZYuBJk`Lm)nXjyJW z2%WQ5gBIPk(#2;5ZO~Fn$&c;YlHei#W>#%3qMgiTOcZ2~?3LUV<^o%rY#>c)Dq*ne$}DmZ;m(E@Jsk0q!)oXO%}ofIJ+x!rd1K5sW?w zn1Nb}s=cea9h1(FQkvCNU8JCj%My#F!ZMW?N%Ea;f+wo_oHHt)#qOA*a!5tvdQ-&w}~f=+@zb<^WyDk08$SFr(<)k$HQLucb`w%FOc zt6IO`)89>Jdel*TW+?fGR%Ak}%mx4qsg9u6Xm_eTX@w16pI+8xGeRrwG#^%Mh>gi&UvZmVP|It^n`;aTvGIWUvlB72+-|$$=<*Zq!56 zK_uTvpbm%QoOlKm5jd^@!*K>*DUM!f!m?!1bP9v-)3`XBA#xS#J`Tch6`r09LSrnq7%09(C}iU^rN2JdjRAp1L8yDCWsm3Cv)t zI2mI?xVe?agK+b<&4;6*NOO4e;T8mKn-8~!qV(2=0B_n{fpSv6_D~CfZ9@RCj!-MT zZAXB&NI29+uaOACdYMF`p>_ZU3`g;jH8TU7GU0D!BulDH^2DT%H#9Qg18-*1gg!Wp z87rC_P}5o-gJjb<^wP$xQYJSK?=R^jJOSzQz`G3$Qbvi8Eks68wl#!mw}sj_A8rqA z3#uO*>q1bGPnkhD$`SP(Kq>WVSUVNfv1cG2>l*Cs(Q}}MB4&L%Oj%8Dg*0@*;Z(FDhf7?Utf$izXd~9?G=Hbaz)mEihU0qd`w7M4a zX&f?}5AGXszLca65`n`PZdeXmLTwzjh9Y5psM$T*LJ~dWv{JUl9-6K`Z(c z#Qwm~>>&h+CCvVw9y2tQ&X(cfWwYMAzAjLm4vf)8$GIr2p48774pFof#ua@Q9X+%y2poNW8)+Y zOXVUOflo5%WY>A7R+<%bGeIO5ajlQho(TP5l_hP1gX$&MsOV~rO$~%g8zv@D86}G( zW7^%9n*9wlYYlC400X+z_+amt86r8?!s=LJ#P?cm=s;`gj9lCygd3u6*;h3KlR(7|V=Yd$zJj7?#M42Pi_m`=+vq5_Jea~Ytg zthb)RM@@%t8ab!R)9{`q)WlWf+}5^f6Vb9QOd%#V{El9L*X8M&w+jgvlj4{+(H0&z zEb@F<#t{jSb+4T-Vb~)kf;90RS*5PhjU%ma{s(tdsHh~hoaqv$LWmbi>?EZxQ!b`B zdyQU{#|XJFqGk|$ORf*=%AT(B^fdAw2SJKBBoDV>MU!Yym#&I}8d(c)OJt?+2Ut{* zl@4w(StHTCMApbq7YXwy1&}HfV1i6RRgI`t^4A{fAP|U<0L#sY^bWQW^oRL(r|;)*LyftRf&5 z514;On09yu>F|uz8J;1C@r)%Hp0|bC@V6cfJ3`w4u|2dMe~Dlb3XwIX#tJM#=_6SE z5mW?ITY{^XUj%DI&I5B>&SM+;OnXop#P)?^Z1EQ7Z2TCYNtZrLF z`+4P545Eyur#Kbu?;#%_?6y>EcD*%gP|1@R9I(v#R?L<_BS{U7NYnx0vl0i>tBG_| zOE_45NC80N1MV6M7znYFPC#CBM)hh?BMG&11jCF*@2U~Z!4!%JkB%2g2n^Dq4t`!< zt_s3;-0JF3E6qwO;l)+21vLZ~*a@0r`D@`>0>F)*JY2kd)5I`6Ltj=|k`Vxn!^^f$ zjdb4bxLiZ2nrOUMWM|TFc#}-x5$gdyBnZpUlaAWt94c7 zWQD?}z{+#%*`z<_0jO~G7WMU;D&0Z-^U>t>`KepoPuVsmilQOC z+>obMoP%nHI04KgPSB$n#YSDy--5IW-6is>y;nDc{3KKjic#eyN*d?Fk3n|E&d*m* z=mIzB$fqsly`%C_ax>3DadJ4Fgc}fY*8(RmMRPLTwEe(jtm$P3CatC$eLEb?l6p3@ z)Y=fCUoC|#q3@y!`9eQ;LxDAzveQ%%o7d?e_ElXYJweo!b>jInx#|s8QnFqEo~#K> zEsNNTD1pQKgZUyV=S7WLPa>3pvZo3YI&~V0tEB0rW&H#8B*9S=P$?5faS#m+VRlfS zBdO32cMi+cy30z;&J@V&nF&ujvrvVk;g+eisAK18H=;qUL{v2@6N+&?z0-L;ZCQfZ zo=1EL?Gc@aUJzmw!Pj68E)Ea;s)7C1FEFtpI0pUMl+IyL{$?Ft`v3p(n3c}uUJ(|jD5Ys z_4ZGQQwe9SCK%&yNMe;wMmSZ>iFvl%7s8fMOQ?gU&$MvD@+}(F3yIh-E!%Ls(8F1- zc*5*YNYhNc@>;97NNaT|TE)5Yf@qVfx>#~KpB5fQGc?z*7s&mimDwD0_lLC1h{xh^ zy|tiYLrp;z5b`7S4^kKCKpM&tHyvNQ7%d6~Z8hx!8AvaH8Azeo8;5dHWTrzoxOyN6 zVL3n5fpwfc_-Tlviznu=uS45URfLYTc0gYOzG-V`y-6GEPp~{6;?+O?wn2MRkK`nG zBqHXZ4L3$99Z6NAYB;J_>yQquRmsIX-`VDlxZIy1g=Q11&kCrOVjrhjqV9AjpkMcp zs!%LIq>600y+X)aP9(t50qW>vs3*JFYE6T#K`RuY)v9V62YYw2)-)8mdVFMzx&yM5 z9*}}JW_VHP(L?EU*2NRgKOheLX-MuaFQ&9wX!R=ls<&@7&N$v+#Ha?;~4y}={V`_RyW}a2TfH0tyYPAc^Yo<_*d0% zswSwEQ^9~*dGs@V$g2kx;`?>#Rj5{)l`*2kTB`||6Hdcw)Fg-9_DCoYz78H8kNoGOX8DV=0N6hAuq8yAq+g&typ{gwZe(g7FD7>P4vENf;z> zD;hkcqpQ(-)jB{_U;b^W+iI>)d=dstQh<0>sCtcbDg>qm9fn87hGK(yN{tp;y)}xk za;FHBbf90wiZrB?Vuk0>pbEW@WHXCI6P|PNO8|2UX%Elit5D5*(qQEB7G0-eF8W%n zQu!nleDJVaPG?vvTU|GDcs$D^hneFlq0uui7Q|NEGSVO1I+`iNqDgKn(kf%jDN09H zZ@>QfNr|OngZpFG#Pv+HrmU)(wvyyIdQO-RS2gD}&L;xt5{6eumf8B890~cr>6W?_ zDp1T@(B!~#IedQC?F&&56dpPSc>|b4*fx-I83Py*5i?)C;yU$$;E81Z{8nS$#0< zhqbQ+46`CtYE8D3wlAS9PU~C93Q+n|**c(vAzI0&@&WLSug0e$# z)!mN2(4~hGl7<0X%0dc4tdF4-!%p~Q_l|4(_Fo$t>xRlMOocXg4GjB~f|~Gh(9aXT zi5=HY&tGd55|n%zB{ffBOGlmbXuyW{e84r8^<8?##if9l>A1U+dhIlXR2goexT}(| zpkF-#2htUeP-%h*2e;`Y{27x1L*6*5>oSO|a!gJgHIjEhL{5}4g$NO+9&PEKOu}4| zmM%yYsa%p`P6NN}qJpcg9Sk2R@ro+Q<|MHvx{4n3>(%m%_9`Uf)Y+P#m8O4VV$B|o zI*L9{ugo5fsJUhh$J2oSe%5f@xNEj>)HlRW?;)$Qg(F(7S;9ThmT*MXH9I)6OC&{v zN0EuU7swoHS)Hq^N6}W^uI-j@{zRMOWRtdL1t;w0K;c?eaKxJ~9X0YgR$~w=+60a* zNR-YRR3_!^udxjrRne)7zlLiTa5&*5DHLS?X3_QLa+2#|g8B=iGqA;BK6J`*mPoWg zRNo$lv`bH+K~4g)2f| zbLTaOhke(~iY)o>B=3d=0nyH5x4=ML)(vB9zO0*cPu1(YnxNu_UP`pF)_yP3Ro0d& z=dqK)Z8Ef_QHute5{WRztw{vG5{xA%Sq6ElRv$}=j}J?jzNDwcd2CI5J#{SwxkwnS zq~2b;Aki$ipD5cIrhAdtRtj&l$=aefvZG(%){-?AbRd@V7{!o+Rk2tA-&VC5={12l z;i4DGdIS0>(9}Qb_;8uNR^j6evR$h2fLCO3J$-;-zyKYDpp+_|PA=Sz4Ki&+5`=(wfys&L4 zapl8Exh%Ye(|y!r=k3%_H!iA!zQ_ERb@BLf-TU^KW8nc?Jy!2IwGH z1NSAFSwIi0t~sB^^JA@p5t9Xit+aApq*M)^86wWXC1zKHF>ZKF%(4M4l+3UiA<4UJ zE3F{WN^9dq*k2p&N%iNuhlP)+*u@#ms$zsgOnNqYg)w#31wQFGf@cse+gq`}mGr@MOC8}A!8U{A@8QgBk z=QGJJ2o{YSBbezaszt&$lTmE~PN3`qzO$`ST!k>Sh;kdv5$v+VUS9TU9Ro-B5#Pw^ zJU3p%bXtkZGetYLc`{aA%tK@8Zjy}5a62;=LIrbt9*0P~=qB1S`9_pxmAC{FwKPGy zbZM|FM&oQi^SAEpTExPD_T%O0utqmYV08p8e2s`hFDQ_T>6z>tria|Ey9Wov`DC)G z!ab{)Ph~QT=7cc24?qL8wvAcNqMpC@o;BdxOUKdm5|x#KZSk53x`r)sGIU;su#gVxbVSUPHeI>J)II1n`# zSR~FQ0#u&6x@xGk?w4p)jZReq*yA6up2YEr2r2an4v};|py`%UCpaK9u`hC8#6Tm{ z55SK_AvY&tsc%w8tF=NVdP~X*daLn5^@;|b*U0YUojOXoSFwYbQo(GY2qP)1kQZqp z<{(^MCjsvOphljwI=DXQ@qAAp?H~*5g1kc5gKV%`GY(*HVbIB73R$N}H+QGNS}Q!l zi*5rAT2-i(nN#O_i!*AV6|M7}-0Cm(ocwgkow@&{z?9@vss4PofOAhDUSs9-Y$KXj7vtobgD0uQ}2XcCvUb%`?>43wc;!3Yq6+8-v1`>IThX*sV42RgC3(C!m6SSd)FBk zIWdUJW4l;U5N#sC=Tm`dEy4(S>ac;UXl}sa6LD??2n4Z{Ru$rL=b%Z9alty$-=-dz z`YkE&buf@k=?q^&(xk}WjD{MuHLZO}j?=e*-(+c#*5TpMo=k3vPCRJUs7^qqkI8>C zCM2#FO{|iaO&bkJ>nhKEBHL5+B-a=H(_aswvRtyjtXo)hV_5bL{ygQvfk67Qv4sp8 zL|w@gyjGe3=?C)aeTS#nh6hjHfS?1AZb@1Zm}9dqGi;9VNdZANUni(nGPhO46wR+S zl&(1(N1K|RvYOH}VuO&9HJL=q&Lg6=8dNiIkJvrbpf=Xp2XlpW6)_udI0)v>)y}+R z+Xsvx*eu`_b-I@V8B?UzE1=O@At0#h49>N@+6$&!ZgMCKuDc09R9Vs7(5XeenWmGQ zuO5LDyj4dwEHfXp;Wy;T@{nJvC4!d)YI+_QX5f5LgU^AQ)BFN!tqmFy85=$z#m^(| zgA40s;FT98GFS3@)ve%3Aba<6^YqmGlQc~~vqmAGc6{t$CPI5lcq&bkXvZwS-@@s+9JUFja^%Elc%Zu(Fu37^)VJ_U?nRN(ue#9M z3AhdU{sr$~Qu}#_xvA*1yZ?@a5Y&1}6FOMV5WPSgUZ&iTF4?U9sSNf&PfVWiT}SXW za|le2^&x!0!z)H{wq`Wl{-xIq8%?7?)16R@FgZJsmzGziZ0nesx-kLHcm?>ZV$M1WE&0914O< z9!EAcvkrZO@R!z<+Q4%R90rCpNRjy+Ha=v+m7wW|^upxncB-Pa*);fzO2@YTnEbG( zR)4)vBgL`g*_2j2fuJ5ZuVr){pEZviM;L(o+xV?W|sY6WQ4; zoS+*c!^TKopP^)w(JOqz855aO!6N_paMrrnpb(qyn+@Ubh#b0ZHrV@62R)HTCWHJe zIr)%>9*ijlEH_}^yWZUg*pGjOQ^{+QSA>6i$p(NWO^p87_)c$Z^Ab*4&6W2h9yq zovKsjhR21r5j9$k4kOZTv_uU)j|ev{2ARl^zZQdhj2Pr##31h?Mr6o{4jHXOD9k;) z%`bFVn^C}Uho>$+0F7pt74I=V{cMo&3?F1gmC#)ibW+v8z47dH-f+Cnqvq;NBdYH_ zB8@!hh&25;v1vp(C>kv?Y?mR9VAA)ZK~`-LPBiMW3W3-$In$WXyiHxzx`;{w+MtKfvPg$=~K@D8Mcqx`&HiX4D|a)W%)D|nS(fS(2h z!l8oe9-S~Xw-p+cD_V$&;c+N<+&~(YU)<}^$CnqqDmZEnxd4#vbaY?^SKsxAn;&-{ zA)H;`Hl8e1ejeurqy!ki{5Oq({6?PpdhjD2uj5?6sRx(qY(KhUiM7I>{NnI23Tqne zjJ*dv&W{vD0oN#?7&jA=CeXE|P%qRL(I~rbQa?)$#CQ;ekcwWEcVK4yw9m9aqhP zMEmYsez5=_jU_Xb*lglnxz?s=7(;CgezUDcFhQc(jNw+2F@nM7vs`C28w_B=Os7$y zzXNXPV1*PmHWeF@K9NaJ5ek?r&6trkvTBV@va7m|9j0Ye?3F9AM$ zD+g?Kp(%mgiP+sOL3V_2>VK|SFt0F+Gn=7d#a0`vr7WB-hc^qsr)Iv8%iDzvoK-@P z9XHL5pq!!;9$DSV#FT${YBWujLT4g(&;zeLU`(0^3{tpZkWg)7Y-(yP;(rpoFoK83 zHgpAO#Atezv~bTt!N?o(zHk}RG%a|YmM!J0<-_pA;GmH$XEHK*i%~N@Ux-;HU}z`Q zfGcKTBHg!gKg1uJc4R_sWi|^6!q8gYYOu2tS6jgUXrajcSDMN)nKhu+um`FRemK|V zL(gbR;h&w!6HXHlY8cGD{Xr`RyPYmFfL{@4I=NsBrD1S}jUhNRw-;nrYc}u&HbvPi zVf2;{}UNM%?K-kwE-R?ZSFTQzJ(|sx=TN?g3I5K}Ci^D-M|@oC7--l2e`C zpQx2d=liHzVt20@wv6u2^PPI3{t;lF@1z7|-KjSN@!eBn4F2h9xxHMgxeOemVI95( z%t(p+uIY_4p%k6u5jXeFV8+V~vA&BmgQ5}m_9UT-#Go)j?Jb&O#p$JXU~_|!Pz1#j z)6K}p`pcDI*CKQPI0U7!q-8gZ3mOPV z`9)WrpBJ=del07{&kI^Jzt)xK=LPlVHyO~Ks#}-(Ljd3)cBXJJ(3>CRvbP)48WQR# zkyeM3{GwNZ-*%WAHWfGQ+*I5}6MoTd5!pWo0Q$^yK21A$`cF^i!$jgrDRewc)6vm4_XawnqZ{S1?`t+7uMJF0 z;ha64G3HB#oUPNXYR%2f21Y90gfpJr@bm_r9h0?#hyD$Q+I}`1BOm>{GF&u9Q;S8i z{a06qxf_5DMp7M%LronxXU|Y8Pi_kuq6283(09PWX__4*$^~+QW$+&wygl;;HM`%4 z>dVDeH(=xBixf?SG2We$6^po@7+1Rr_sa$ygyslp$_9g`w)TRN%NnpHFp_WtIfI=J zZml}=WKhsIPX?jk!3z%0Fo`dv(1KebFy#7>7@@heP*PRu{LMxb3s^D^xo=jOoXnB#$qoavCjIqQa z`80Q3dY}l5WNS{wuZa%~_l+Dd3OQJi5qD%z5o?6#+h=BfmBj?jju9 zy5AVXREB>#xuw>Xx(8DpzTB`pESjP2)TZRt!HMA=o05&gJn0tQncKrz$g+;u9OJX) zw6m((hx5|f%hOt7Wx5^h&`yif4)rJ63f_b-I%hScQH(!q#BrT04J=}DG>5gKhwBSq z20BcXn-=!92bvACM5+Nnp8!GHc+?=BY`LQCigwPQmPllqZIc9*6jDnnETzOgh!l=A zu7T?v>vK*>gm&c$QwvKck2``!u?NcXL)bfQP%_UXwHNl-xUuj@iZ*G##E6EswuQIi zJds2V>Ybu1C_LM?ygqh?f+UaJf2ApJRew&V5=t{*q)H{eebgw~83401Quo#yGh#QM z1o0f&9fCMvz^h_YTNwLG^w3TZ^m9dmIgU#nX)H~Gz3faeT`pphO#2t3*w}$mls;E| zC!M=kmxiD>+|1t_uGb6(qIm>qJ%hgreJ5!XiC}ht?HTRhyeV z({_N`f*v9#x%-BQNRkx!JIHg3G#9lOtzs23N0Ce-wTRX!ddR`)pyD^|io zit{-lM#z@Mh;;G_Sf#Fpk%Xh$?!n3rol6}ZWwWV1+%~}K24o`ZXm*9QG#H zrJhR8g+q?#T%*X^N23f)q)gu;+DV7o zP&txagYY+R2ru~tE|)P5dA!ZjXK}d<=F>z+Xl!S2C2mPP!uJIEx-|--;d#a?w1rtT zpg}`(hM!#Y$a$tAUDz3vAI&#)A7&^wTl65jNkLUC9Y|ryN!P@HCeH0EJPU;% zSw=IXdL`no~0!Tb2$d7GgegBYkN=Hb(%>}D4N)j4}o6AQ);L4K18$rmpy zSDJg8dx)n+i6lqN&dyylOcdB8$zHG%v;tISzO0xOv;_AJgMJrvjI zqDAsh!fq;PN_QstIL=P=tf*RNl%MeHpl8N-VO$afGIwEdDqXH92P-r^#B_{g2DaSz z_5)h{$zQGZr-fft^E-HJet^9E5Wpg$D1j&D2*8G0pXYg454aw+(6^!2H{eUj=qcwj zq}k-_n&p~j>p&09v<++^8`l`a68{Z&-5{6y?uNsLYc>#y8-_O+qW>EkIIIgk* z1TH#*lLNG}ln?F~g5;cd&Ou;$)v<5QVtLE*bVtYqU#j>VABbR`(qJXxTPto{BhgC7I%=qc*^hjTMj=b}=1K>k6 z!y=Qo>QhgCC$ZuOV<=}tkm9SaUl3k3^L6;$ z+$9zjVqyggPFF4IDji87;mA*&uU3?v^^tt1yU2+e%~cR$+>|Cnv>CRk7~0g*9GRw; z9!k&95QkXzQWAp~(iA6Gxul|Cy%3fjm>|2}U=~+mzLlllwUC??GoG%QosovP@NXQt7&wFhjFmmyB#^3DJy)O-qp{zsBlrNNB8%?2TgLsLS zMZ6r1s!8!U_u$CKUhF9lhoz z==ym*>0N;;Kwn54?X-_rnAK|!9WUMP!I!gm)#~9a+{WxfO6TB9rNL9bbDj10Af5bW zZwIX;opkQglWFg2Gw48qkI6;jj;mHcHoEHj<;QV!XPH57ik+&irWHY ze3r0tFiU};-oJH(%xj<+A-6}!nO(zbT5QeKMPt-{Kt(|ThM9G-s zM$6wuD=Kdy3u8S=7*BzL<%y{*vve(jt}dNR&{d{$2)e3tE302!f-YZPFhK*;K^I2u zZ0iwpmFXOUt~Q+_=<3qB1YJS8K*9v3gF$DLIEkZZ;}#^J0@IB)4GzS|t7M@!abUVV zXP9nN3%VRHZ!l-08C+9K7&{br=#W!6F_%+<1@JWWbKq)#N$Kd$_k`~S?7xy1ZBoyH zYoL|D)-ye@BV9vyH8q5zSwpzP6iP4ojG3!)lW8n88@-#7aqJCNO~#p6kfNA)_$SBe zlQWKro}-0 z3T=YI&fLTkZ?d6q=G)E#?P$t57d67N@Mvb9ut#Y7Q~lg_gAxN~C^L)(RtV1eOjL(f zK=rmJF^h9d=|tXcx@Gny1&dVgOJ=Z>0F{rn6RET>m`luKaD){W7rY1y1OoPInRw|S zq8TC9nNd2|jaZmhshE|+LevQO9`SsSl~9HSV;D?ydC3Yb927<_p?v8>j5n;fDQw%U za*B|?h@#qq3T$`4&^Ksp2+TPjwG&&j{+^|zY+6=ic@~&zLmQjUqOm|fsnz5nG~#)) zOUOm8%y(t@s6Ga|Vk<|zIV|M3weI%vHV(e_@dBD;@S(u7^!(7wK5V;cJN{)TbsgfUy)5_+&ah zWt*fuMd_qH73$M^5W{w0alS*us69k>*rYZ_AwROva|iju zVir&$O7ssHYzW6;^x()c;x+WEcsY^6}Hcqk^=&33~xBEqxcwt9HzNY73N6xRLOLoJf}KxaX!JWx^0JKok$bishvhL>PF7CX7cX#-}HY!yi+m^i6|*`<-1$6ji>WK1pE#tmgW++fg| zAea@wYKe^xshUP;&(L^NB)TIU-YidyD-IyN2Tp3i>XlLmxCp@wrQw_f9zlvQA4)cw zaceGT$?swM-fzuY>9mLmZ>N|TEa+w}x4du%#g0N*46bCYNoXQ|1-cY=)HgRG;$Rui zGKX!PLm`c`9ms<52yN|_z8@X>Cz%zV4rDY*JjZR9w(ZV zAdKf-eA@_@uG|dt0;p7a4u4;Yw#%vd@b_NKyKthvMs*kjR(oksFhrn2;VJ0W%Csa3 z!Lhc;KvG>|#sJ-@LBhgeK0#LRr#PjwW^yvFWk*YRGp01tAaRn|!HK7O6s%%8llHcI z3)in~XLAs%Y1l9{ntSYA0rm}K7$ICVnIU60!u$XS3yGD( z9D@!lgk!zhX^(P#HG!rA%=%+%)qFjabU4Lh2Gj| z_QK?Is$7^!QHvC(a)=s)uLGES(2vq@5rxL)s9loQTq90<6*w(IfRE)UKWyzKX0c6! z&-);WiJA5EU3LZ=GD(1fa-}r7*CC+VRmRyt^gxt)5Evaqvo>Pm-I^)$P~<7Ut57at zs|+;7;Z8f7g0dck4_V1V8r>9*VA9yQ^}xr`%m?j5IiNP1%O6C!u%Itm^Nr@qENtsf z`SBw;U^*RT+U+M>!rVNuQp(Pv^e#JHC)mzjZGgr3(hRc=a1#Vuj(H{*7yfUYlc6g_jQZ1$wADO3qFL)a^*^7w0) zHCsl-rqHK~fVc)jJFIh@^yrCuEs$GA2vGqE1A)f;>&0IP32@k)HD!T0_EL{eA=7cI zn3|>GLtxcL{kt2@nze|`xeW3HafixtQxrjq8E9ius#&dJ`W z=*8nh7e379W*aeK&*p&bRmitcQfV1vFGN%}w+ObM737iS^7sTkKFD*V?i4P3z?uwg z+m9#EfgUFc<+&TuGMP8sKw-9ADx%zpj0I@|b5hHKWt;ekdU5`Haq~C)*p%l`BXAM& zw_xpSd$WQcA6WQ%(u`YJ22-ITjz`y#A}WRqEV3I$ZywLhE~lA7m@j=W#tQicn=-TmI zCO3yI1&DaTi`b5^A()k1hn+Hycjd$^4JD9oHVK6poUxJl@%KJ7Gj)ME$fOccatQp8 zg8XpCjx7V_b{k2fl&>kB4iO}rthpBs4Js)`2^`Xh1RipTG%+C7E51ov z=}2^+GMjF5o?v#q&tMZk^0c)D4xaWIJw0Ph0|VxkNOK3^x(AwiJtS4T$=zmJ~fU5A#U_Yglv!$3DZB5guy{0pS{I zh<6C&1dg4|7&xz$XACG0_f2NtMu-e-H-d9ewUJ9ySsD2z6^Zgq1d#O-bNMceTa*E= zjKsz=4%or{1KsTA)($fobUP90siBCFHFN-+8e-Cv_vgWJo-Fv?&4FK?4CJ~ROJImn zU?tzj>^W?lCDBF@G7#z9H`!vueIsvXy@`bUMz(J=(EA_~w6P7EB$^}GxfV%fzLFwz z+?gg^CAmXH#hUcZ4DrV4X2WwTh1Zi(pO&otpwyGqUqp*R6)^ z$l%0KFFp12?i=XtHTp;5<3>L@iy0Xn7#|rEb~#-TN@H;BQF31e((Ze_cjvCbeLY6c zSZv6QG~q%ZliZ*1Yaa$S^g%Ma181odXyyoZYEADM2{OjPrG!{XR(-D4W8Tp3Ka+SZ4pMj-&s_^6}V_86UX3in8bZWgn)?Z5bmo3 z(V|1RuMR}34&lB6Vqz3dLAr(D8q5`;0jNztw2|E9g@mt7Ob?hwR!_V}U{AbmXji zZ4dc^+(V8Z_ZU=>2>*@p-xebhF{1bfXN&Og*lx7J=UKb4y&duRkBA6jB8ZA0E{eD) z;^2J|ehz8qAU}s9?7*}q!Oj!6IZy4*Q=9YD>O8eLPjJ|z5=Y$BQ8zZ~#|g}b3o6Fw0EF&j=)pjaD|3LZ8E=NaU<)Ye20xM_yg(~o-*J&*PJGS{Y2v!rmpD{otKWbK=bd~=NZDpj|fkO zfuzcWCIoW~VX^@Efo%;;t#Iv>H;Nk0AXag#31vp2F(rS+dmyi-q1d*k!G@5>aK}mk zoE1`l-7yNp-^dmbwg?CTpk`rWR5Of+6Jz{1jYcPRJe)91mFU2hc$l*m5_8E6P|ZNA zi-w*D=62D-QLR)yiSANxgt9OO$>rtIv9vLj%a!t}MI6E+t$qRZgO5h2Aw(YXnWB@z zg)dH+iF<2tf((z4Wq1G@MhV;e2-CoWp9}f9Ihw*+!ov&Dra^?gI+St|8AfH;BEwc= zI*~B4z#Ii~2#o=UX*wi7%_rFDlX#+!;)y>eq2*vYMfVDNJ-Azh@7)knq~!4LWqkGy zJ^l+<3HbBgtH=MXjPH7n9{)WVfA>4|_(x>?=bx{~|D%k*;_Z6;*d?Oezk915|JZMf z`2GubYxp`(RZhfhq&(#v%xJi#!^65Lz(DPC9$seyFz4o$3fi(*Jx1hidpWM3g z5?xLxx%Jg&>G4W#edalO{9RK*Ze8+BJzmMDPsR24?@Rgjsi*7lKUVX+m>&NxGQM%A z9{(RQzPVkGKRYJyX^-gf=gauX{`mhE%&}I9H46NiQs7-L z6#e>NuMpuI-o9JI^xtKCs#lMH{);4hj~;)8jK8y6k8hUoult4`ujJWVFVf@BlJKnu z^!Nsq&$W8|b7lO)lX|?8H+Nj1$E*37Ki*jTtx;f&0>AbYc!`{EUDqh&(8Be*HJp`P z>D#QwPfPehpC13mn?yeE`#n8AFX6xGlS7L#{`0r$@UNEf`G3>n-zek%?kYY0T{8Zo zuhrxKRK~yeHG2G~W&GHy_4o&5{H|B&@n4qlS02&hzboUUZ{Bvde=)3j!Ps@4m9hM${zl?vwyY%?~A@jL8 zt;c^+!skS%J@qL^!S&^ z_^bEm@k^4GA&|SB-Y_#~W+EH43azpo#)Rvfte)$DudevRi{0m)~!^S&zS7#!nyB zqI42%pdL6X!3(A#X9Ay z&(hcJ0r;QcvG!Y|z#0X9Z76W9 zoNqn+JRuK`ym+^UTSdlyYKI>GB59xg^X+>4Yo+|y71!gB%lQ159{(m8|K6AC@!gjS ze8xNU_}`P|-qEhd4@vk7+VuDd8J}v=t97V9-dOvsQDBV%zws3KL%AONA2NLXvE3R?{#3@lY*>%~-!lFg_v-O?$@uI4 zPLKbLjPLle9{&Xyzwh&Uypm^ctRc_*@y6P3jRI>F_>G~!v|K0ty_6rfi()OQDBV%YZO?cz#0V{3S4xD&{IG9r@J}spbTIA zTjJdTtnsj0rvJ$2#X0468UE*Aiuc0bcX7(r&x!C;|EHVZpYt~&-2HhG-u!?F-~3q- zK6tMPZ$BZzo_j?2=%+>a@1GLkou3e4vkXfg7w>PlON9UOQ4#jsDZ)>EM1)s;Ti|o; zhs66oeOQE7$k4b$yx;e~MEJ`WitwgC7vYaSAi|^!v+on{cm9b8-~2yC_|Y$ma(?+o z;{C*XM3{Y-2+w|}2=BOEgy+dH`!?}@;x-Z9cua)fyH$k4GW_OiCERO7*m|=F-+fes zeXkJV12>BBf<+O&{vQNhyRzc_XL%8x*dxM>3@?`9eSISS@&OUPvtNYIkzuJh*5`7{wedX@<9{wool`)(2Tykc*S)h{^k}D{x~YaQ5n7` zBHnMkR)jxqmT+4{IJ{4UUk!=y{ToHtD(gRWiFp6$hzNWBP2lxB8UOj;5%G=kdse<* z@vj2z;*Sb>_Qz-MCN?!%ySoPm_(}X3efolUkn%7R?v51_xUEzNb5h)Pfq*w9JbgGD z|BuLbdZyod)O*iaB0~OsRHna6et*!D4}qxf6&e4i47W?PdL_ClQw48)Sd0hPkH+~^ zTQ__*Uu_twe$SHMBW>MXa3bisgEcz3af!`D3GU^*KUJUPUkmy*%W!Rcko>qdJ}|qi zjSqq!*2V`xhySYMgID&^vy#gXO1bxrHTlORTALpWK3|(33p%XLj|Cn6tIv=9@^ADW zF`wM|1u_3SPljvrKhfT6`T;?QwfUc*!*AOBPst0l{!B@EahqI!Mxt`T%Jk<*@mRc9C6u9BPhaoLSAj*KU~sNlLH?`CTxEh#;ccE2 z_4VN;yjaqIr_`Gm9~1f9{sR%7_dOBbCfi~3 zKJlLVrU(`NkI4M*kfADfdHQ=4Fd)97_X(NLGW69Gt3m@ph1ZS;1m1=WRsEB)UbX7q zF8R-2|NiEl<{l$%-(bcP3A28x&d*O!3b`%P%zy+TYGR9 z(nubcr{d1KVSd_O6i0h#Wxa%T^yE$=B6fVTWjT5Cp#^}u^GPzMd< zy!x)fBl7#}mVs07Pj&caiPyVj`2Js0JfCX1td%GF#eY{id_?j&U1eyD(jN?d2Ex$+ z1Alr+geY-A;`GW>f*#+K>3%Fj75{VJyNXxg*)qL)Uu}57<4nKW^8E16`~O_NAD^fC z-IVo@%}u3e%5?pxymF}7XyQBM-4F5dRFm^Dn{&sjjko|6cQ+St%koUKk;kQ8hpY@; zVP+L@4Gc!hW+NcZoWLDO8|-YtY)Wn53rc%zT)&>dJ>0P}t}^#stTmpp&Hk2kZ&@u*~tj$iwbWwb#Oj<9=vcv z)lwR07ZVSL%8tFAh>Z{zg?Wh^?8FfE(K0Gklu2;21ep$U&fj#I-i|~9cFl8)71?I zwUMV2nOC?yq)6;BX(p#;%mWQxm>#>BD5Noy1iP=C)vF;J3VgX(rkn+WPRHC~?o1~; z7Zw(FH8(iu;-N3Q!`wr+`b`WMxogI|;{#0tJsWkf-h~=qVI59NjU8M+4mezT(GbjIzOGQLLU5P4GY>)r(2-XRCe7R_ z1Cw*eO`EkTswdbOHa*ahXh$8=Iv4_PK$`i^u%hmC1~;}#>^;a2=d!k*AvL|g0Nh+m z;lA-3eGpn}I{B)Cs#$O4G3X#(-v58>eFAOr%N6M{L` zBpiyGY_gj}lHGN80|61&6GhbMhoC;ic;WdpBJeyAOO31UV{5o`bI7St&Fz^A2HAj zj}46XUm#!>QWjK;g=Q;O>aM;51iv=qLiFj-UU6e@^Dvcn5Q8TrVK2_tNe*&Ke!n5YV5LvY17*DnS6cYj0#uPB8$rg8y-Vq_*@h~ z3q5>WqSk8}KSLEJcVYkyU$|;)qMDkUmaaysKB1$ciYx4+gHp#Os%g0QyvtUG4I)rnxhxoQb)P%4^^a$DSSHKmJCyU^L2)PdZDKnspi$!rtLLS-78Ijxv&`dk^6 zOSW5~0HGMnP`&VhIny3sn)#`TXO}KITb~6e|Bbq?{C3&egu*bX0gUw=~I(#<>xOVjQ9u1}X2PLqT4YZoRUTap3ZI?VyNxxD7 zbzBR^Et!Mr${ji=CER@5ihVhoolb+?s^Fa_UU<NJCZGa-a_C{8`>V)9c2SYGqFU*N5uffjhcwqZn5Cb z+<|t*Dy1(Cq(JRaW+0`Z1duRz36#SyEg!mT(ccwHnhH+}ZTmT*g*J)-gQ~||2fUQ*!>sY*6k(d zbMp~!N2KR-ut{f|a~MlkLpOX9+i`n`xfh*u&2^}|k2Z|(JJj^wMGQmvp>=PUrE?kb zYp=_azfu2VmZv!&{(DOB_RvVxImP`t>J$%k&(X>PU!UQ8@w#j-*Gg>W3y51`0P+OMtm8=t)TIxOmLOk zVZaQ;X9u$RT3A$Hr>V~HE*sSJ630S#8>H7iRPQx1O{nR0SkUfk2Sfo{>CzXI(w(5V z!eMx`;|#bl;tMJs!w9&m;7w6`dDY>)P@@WR3smvZHDm7CnX%&wW5>tDM5Scr818xj zSClx_ zyGme=8IJpgwJCn=&3WKeX^C&b<8XZE1UxPn>8)I>R%>te1Nfwm7s#i^svZZB8y+M4 z#SbZoDzUy&{v(D?&89c`hvz+MSe2zhdyAi6?pWk&YEogiu*~7Au))=fC5Oiho89Ju z$$elu9Nxnis8o35(;K0TYI_Mj@Inl<7z;4QT)xk4qNB0ZRCs!)!;cCRY@`0b8|W~u132he zW%0m^XDGR8>U>>4>>PEz?~dSx286oGI7@_RBg<77IMimPU@a?ylCbiOkuU|PhoJSc zeUl}%PAjH`ug+oqL?q18z-gP->JpE3PAzg~8qW!VlN^TY@9pPFGz!w za;mF}VM-<+hhB$+a)v1p@X;?E5#!+jtpjb44hA4>kp&f1`gsgIRg_9u`=vTi03+DC zz+k74eoVYIG9o69epEb5^!HrM zo`}D3vG_X?Cw)A31bz42^GL$886Rcr(VfC4FLg$0>`ptz{dT=YRepQ*Ic+BsbpP!T6+1x1Ax=bN6R)l-a(5`ri$*tjUTlIZ$`8}x#}q!p#W z;=&6#Gi_96S|Ut0@y}}VRZB1>R6Up>g$F((RBGz^;*BTzX*n>1+f@P0G+nGlO7aKL z`=0f|8d05~hZf8Kk~K6vR1liXl;xmt(BPz6Xn;PQl5f0iM9fRX`9^qjD!u$Hs5y9X z!~4tRd^Oo>g%Mi1n+4Gm^oxm`hiyX#Kd3<`+8WF+83*W7Elx{Gg=cY)bR`Jrqhd>E zq>PG)sw_QyH04wOY=tt4D=Ljr0_^I4q6|SDIIT>l*XGp0EgYH^CrxYA@{{L)>3jHQ(lF;vmwJGHIIyk_dS+YfFny{DF1Aqxu8JyM zJ3;i&^Nl3o_A>b7!dhV&Ws53{8mH#xr;S#W&ZWzZ3~1WPdJ7kf*1%A^LQ2h7upL&WPNmtR{{9TzXmBQBBL1i_EUWk~ zTqOc;&ynMKRweZt;8x11YKcU~O^Ax)q`8@<)F*0}Qy8Y{yG7`4Yg$rT>B&#ibULdw z;S-$VdvuJ7ih!DohZ&|ULCl;Nt-CE$?v%J(HbbNUkDu#|2xXVasSu%1b9L*-Xwi> zm}(^VH3M!|fiY0h2A*KeFYy$>g;S~0G~$_OQsWFUflao*zR7JE>l<}tq3EHh#QtRH z`*i19_KxI0TGeU(?Z{k2U^bJ*M}wiYrN?z<0bb<3u&Vx6s8 zu3{wv=9AMq5}eKIlS$)_T0QbpP(pqpiw9>!!SmjHxZG;a(Wv46|l`ZBjZfG|qc z$g`{69yJ9ov1MukJj{SGOUmVYG3F<`%LUP)*>x5)+9%lqbC%oK$8XOd7FXNy90q%i zYhMq8-oLM?7D5Z;a3v-dW*1i2VM2?i&{AEaXwUC~rKj0d>)>{1Q@@D}s$mgv<>vMf z=KL>$k;dGNjL2!Z&^IMjlakbFekJm37I>2LO|MV( zcw805&^Bu`hv3T%I*j~K^pP-k-Uj#P%F@UJXufGqi>f_{yBuZMgN%v_$=`|e3(7%8 zxdR@7w72V|htz-HNI?{RN1~0fwE2)kQGA_QxOX_m$qfD^brfFIqvfdr==g|H;qp=A zRCTzO zBJ9Fx2h7U~k)7adZRnjY_(%x9uku*nDY(kln^iq9Xyd5%jMLQBI(?X68-C3SM&^)o zJ{z}@<1TSmsFnQja5YSjhCwv^vKfj6GTt^_jXr=RxIHi-v@^@mPOGZ!M;tay|G??uYM-`N(Rkgy$6yO12T;;W* z*5+PnR{{!zkzS7E1gq`N%IY!|T3j-p6TZVLgN~5Bx)N9N)5KLkF~KMXe2D>9LuDln zA#g&F69)|K+sMG}(p#%6ST=#=P~LEz8uC}}@SslPKvNz-!`Yi z4vJgksz3{CACPIU=Ak{%-ol59=ZRJv?Z2BE`1}!}7}!)*{OLkSegj=7aZdh94zsAs zpI;A;?QtzOR2Z5 z-S<>S3A{*x{*nWF9-LC=I5ab~DJX+I-5!V2i8nK2U1>uHPpwGjJ&M-rgttHnzFJg# z^9>Z9N}*`g32T$$do!;1UotEHH@ix;HbWiX=ql3{ycNOCA4&qgxd19{_9Th7!o{cH zq$%boU8LB!YYz>LVv{jyr5qyg^^c-`8Kl5xh9C&9di)+xp^x1Z`Fc$8ebc4D6S~|u z$!xygo4QkeZ)NF7Wj&<>+cx%%nED| z_H+0$L;Im{`@UyJAicD6A7%uGOMCWGdSJM;XY11f!^2qq>eRsSejFZU3JjNa_tvDq zaB0u(3(=k#!~ge{V3)>S7Wn_q0w;1iAlLoUQvh;}aE53PjN$+PS+*<3 zT^8uFz@KG-VTN|A=-0sKENPz-LbOlD@IOn>F1cM6=(0eU1;hfU8QQI1!vgzN(%)(t z9T+apl`V$nM``Dj5bc~XT=eL|E(>&7pvwZCwLp}i-FoP#!1hVnp{>6J_QPbn+Zf*2 zbi3%fEYM|vE(;v01!B3~n#4HG(0`I~ubkGvc1zl`+7RuTG5k>V>*DLOK$iu&EMT-i z61P{$jCr#I`&(HY-jp90p3mVo%?S)Yo5M#K#`mRvHqX$`8TIM%cUhpz0$mp9$O5I@ z&Pcy%!?%I`s*d=(;=3%+Wq~dWbXlOw0$mp9vOt#w4$T7UM4CrmlS9ve3$qDjf97eQ z)4sIt4o}k(7{|En0EMsEPk7q*gij74x;H-{f8)1=zkWs7a3aOObOPaq;|cE`NT~KF zjM+`}=Y^AhL|?)=Ur=}p$1fW|;VYTXek%FvhY{{o3B5-X+S%_KO8zTOA>64D)}2ha zYY5@~lL-4Tju=e-U;iE0Uo~v^s?_$W(d-q@_C?PT;9~O0-gu5jT|LeJKO%wrx(|Ng z!>vmG>Q~VP>%IeyuqqMmB#rU^&UdC{2i$oJzHQHTmnFhSsIayXe9sSG^lBfODl@7p zC=Oz#!iTi*jp{U7rQoFb5!NXY)>7r9`Ej%0Cw5BgOjyH2+d?%;`iP+?9AKA_{DPd%41Q*zj?E z6?}^4`@Y$)11wceAL!-SaEDk6kP}ywg5NONTzc+&N67;C$PKLNfL-#$C=}X8%hcR# z?fX!DL?(X0DfGghi92eQT1p^KfvW&SDY!%!eBb5M+rP=N%2|Lfb~Ei3Si24uidRz0 zZ6ym}Aw1Y51{X7k@_qG{uYJ;oH9^f?5T)c2WX=tn z;Ia8ZwQT%)lRh`sjEKuOaI9~|h19&%Hes9=luW?JA2v3sE*uhp&$pxCgKR7A`9^8U zw{&Dxzv`t{B^tgHjgD|D(Vi-2v;|gi^eoPYb_YRKlHn^%i<*}V+Z4h=dhqQT>_x?a zvr=;Pfpk^3{cW5=?P2*Pbl-XWV!|a$3CA#|EGGYDiwIXSK2$^g;~3XpM*b#7NijA7 zRtu=E!4mV;PKiU5{if?#pJqm(k^Q5UsibdgT(YYqs3hSa6ge|5C%uL+7ByyS1Rdd8 z&c}U>#{5YogObvY>MJQ7BOZHI@bKyt!NY~#h-*X0U(521^hUqvwQwb+d$>{LA1?g8 z`gN4<@0Is^={ri_82@|acSLWL-;rNyUfgAPi-)#`+n5S_G2C>uMjdx1&$O#4_%=? zq1)qfD-l-XAKgeGTgiE;+4XQnT`?<)H&|Lu#QrGjjWH9ADJ2Qgxg#PIqFj=c;*w7?!%80 z_T5Mrv!3vlM+o;nOxTP4pRs=r8*O0=TY z9W7a%NeZeN;&j0 zHj#3_HyniA^CGcEGbS_UGujvzF9_q2+B0oS7BYnRJK2d1B1Oj!Tg~}9$3aMg z2K{&F52_!!3AB6_nW_DI;XNwfYZ+yH$@M<9ck!V85iqkSFuH{3(G>Mp`f+bEr1?;w9e9ija;!Xs`atiOq{2cvxr z`5S5pms~~o*_DJjjJuXI-4%rKml3YLlrZB$!mUdP`z$70`2p!Q%})LnCt<@3!b-*y z8DGet@Y6C0Z=Fea9HS?l{7$AD!nl>gRmRuTh^~fl2xCJkg%=+~xZ!BR=5B;rUL@?k zmN4UH!j(4?y8egovx^CTSVnk|^Iv-b`PW@Tm{&pgRSMzEWWtrx36GyfxPB^Ola+AO z6vAnYa}vp)HJLCafiPhb;d2uS7c!1vjGsW^dy5ITol5xl&r~k!_Y>9+qi`$ZiHxtS z6z*k=XWTuM!f$14F_ZtMlL@mJ6~+xiD7>7}%zWP26yBZvkDo&RO2*Ha|GfSbzP&Hu z5SG(;68T59P(E@jdINr|w5kC=K&_)~rYq|Z~x|8Ux{fMxu{bPG~ zwSQXG>1zL|KK%dI{>8?m!a!nWMR77LYpFZrd2J@QALeK1k$Do6>qxazp|4^3dPbp> z_^lk?#26dP0#jhQY#|1e@y=$U6FqZ_&(o19lFpUyQu%%O4xzMf8@7>O&!ayVJ&L(s zIFS*ajI`tDFNwbozdyXjfKK)gF@&4hU&LrK#NW?y-)7Y7q(7JUb>$KC-f!t?gp$9m z_oHMFzGhyjH+owKJ8x$CWwDgbt{B4C#}clJBwR6y@RyN!@c z7;n2>f$M3?A^f!l{@7UL!#ZE4C->F&tp<9dyc5|@F^sV~J%kof?k6Uun;4`F^z^=S zrhh@ol~LZC`RGENh+ZSOe*D7xLf$O$FXei}XsrKYzh3jGUc|6n$bLLEL4@kiEcBO= z{9ihd?-Y8mJIkW_F~{OcsjyqKU@=@>8tt7nvb6_0adxden%P$FjeTsdZOz&kB*|Fm>eVjc|P*JkL?W>=4OegJtk3JshXLH3K zA1C2Plyu%@z1D`%&&VhKn6oH>Wkt=S7MT1%yw>AzV?`fp-1w%<}d;qxiKPGkMl$|uvzdpG%VU}k#r^(6l^#!0Ez z;hY#RgueEH>624Z)6z3$%*>p1dRBH$uKA3-{DRqY=FU6wEK6~T)mB820~Q#>R;|Lk+l zEi7uIgfbkbD9zXQV1qeX=vkyJ8VfI1)FkB?-1wvtHutNn0SA+|tUk4#*+_Pozll)% zf=!Q6_@9MWZ6NvgvmW9X{Ik*(xspx;>mhzYq5HG22dC>|{DSQ*;c-zDl!hLP5)LKS z3*3oVaz`l2AjEbKFT`~NhlqT5{`QfIqVjnypo!0Wb@zvFg)o)FyX(RgI7dM!rxDU` zV44#l+@w2K;T)nBeRzzH2BLiQsFw;3>G4p(p?nNC@j2#O<#PaEIG!UN(&OR9AJh>J z6F3Q%bG=N6_R(Ot7n}+X4-+`#oe8qMfUT{qJpp{-`g7#%>>>JeM4tg$mSiQWwwe-~ zQ`=<+R~(0}Bg$Q{*0{FQ1xb+hP%WbNFuaUV0Csf<5Fb%HKv8d37^Xnuk5Sicn zQ<@eY!`PUS9zZAQ)rL+l9#>HBD7gTk;Bm4%FQ;47LHgmAkok>uS?pytLtdL%em%>r z?LfYh<(t~tGY;kr7CK4`wPcL>2<11kye3Y!fl-|m+`i52qz{{hmwCz!84Q&$hc}A7 zTBv-RJ4oMIO!f_u|A`g$g|G>OwGg(fgo%x?ntCS=v&iH0Rl!jC7y2Ofw>qjU753km zf0pOubj=~s50#br627il$$m`=m0R;c@(W*1z9#|Jt1m2uUd1HbZ2;!^>Py&n{jj`n zo}Z0#Wh-s4!BT#qU7I%wn_Lv){uZ#|@?zM5flsg%D0RREE$R9AGGRY1ZGR?M(7qC; zbr#~hSC5h~kW#N;EM`2DF^@5mF@+K3V_S6uxbEPvjgvMQH@!2CrZrf}KDEs6WdwUn zBpoMc3h8YDVtmhIbEJfnX#O49;2Q%*tz*un*TnJai-vH6mDiTF&brf znZ71Od=bYx8Os^xF?~5>Q3(D7rZ+K;VvG@Fz63^5pT?26Wd+2QTY`y zdKnuS!%MmT8wIdm?mJ$-p6gDhk~ZEyLa-~+&NT7;rZJ27jqM}c&&I=KGTbaEXagYE zS2OD?*O#OV{IS}uKg=!kG2G4=>E(Wn*8v{Tb<&Qb80Fr74EqN%p2|3h@k~bSZ{hJJ zfwGtrDCPt{;slbQuZPEpe6OF47atr|g9)D-Lm15$)b|eZs~ZXXN08vy4+&FRDFOEf zcr`1^#vNLBMj5rfkLLe)#c>)Ql{8Glf4w|G!+&?5tKloJuhg*q?N2payw<4+9_=j9 z1mD^BMNRY9mJQN0uexSeZzN3Uv%eqWJvVRHx~d=F^Cs*hG@n}#&LvooW3cB{Po8W zHXTbC!|5vrD1B2O3ODyB%$ZzRSZ1#-EUBr99q;y7D;$NmkyUYZY33qqOG;pGs6r2H z_TzD9E=o@)rF=^J$7hS!e&LS?wxjLHFEPq5X-9qo%ddTcG@Du8HGS#(d9YUs6FWVn|HdTQ8?)elXA;2681pelUv|7({+k zC*^aq>XTx!lRnKJ%D>r7*bEPVcnAtz6VsWPZXVmo%V?DEW%-RvUmHTc&^2(pm+^6y z+r)_XLoNWA@NBbGb*2z}xrKQl-2YTqFO0%ASL(x&yD8uK6*?x}sqmK@_@%xGzd1KQ zbDk1W6&+!Xj##Wj%uI~Prr*Sfd?g}kOjfBT_42$74NYed&Y4Mgx|#6(jNsUiOW_k3 zL(x5u6P({jzcHKWq8R7S>40xG#gAij=666JA|J2MCBDj8gjwvrD~tS(o*rDT&>Qn% z^go|T{LT>R8|lSwVLtI2@t<5yQeJ&7r*w|HlJGP3w_HsAhARmFaTB5E7Q(j}TNpF` zM&Uc}C;aRo!VM1)zO;_8_Cdm)&k?@xJmJt62s0R0GeRYot_9WRC3M{veM#55iBaC~ z{8=cMQW2+Lzn|M3Mv1TE_=cZ3o>AhPIKKH8iuW=~ym|rU&zVg2s81zqE+K5P5UT$s ze&G{zGJo@r6yL~L`yt&o>lqsun;4rJV?H7}MNkAY*0cPk7Lwnd9KD>y+P3ICe#1l3p5;mVoXi&@Ntz-GMTrZrAhf99Ug}M1N}~Q?b1Y%_2*RR4gvv35F&`6s-A9Ds9}*TtFr6gKSjXwBzjFOy zH18yT5u-Vr!%AvriWvVY{hK8HYdC$zzpDI9 z7jyfwkL@kUw)S#-IM>T&ZeOG*>N&pY2jcfKcJ}_##Qfg1lz)}+a9y9KODKOatamu$ zq2AXe--2~4-^}$chSBsn<;TqEWvpe4*-rK{?Pg@Z%Km&$Tx?-s34RY(Xeov+KCDQf z4K8PvXbjT-Zdy$FLw#^SM#f`#SV?JM{lqVN!}G($!a{p>m9yFolC`~AS+qtX&r>Gp ze;CGTfj^7RUE553=6;ack{;t@Hd3!k1v7EePMvSuz0cEQf1R??|=SQ zxPKw_RF{9?x7tb;f?1irBo<6w1;$39{Cp?$k{=VxtGmx{cccM(OsJv-Lf|DpTZM$b zmieXK68T0%dD>tn>;dhQ2Z57e>J2{b!9YYI?9uG9cpR?GV9&=?t$bo7{U*_$`!zlS z!wJ03kmNP-zc<}le!eWyr4y`vHioXBlz%6@bQ61G{$ao4Ka_vgNBT{MZ2P>De@LG4 z|2xwadlzy4Os-2wAm1|yF22G;74MsW)X=_ss6B^Nd_MUq_n+G8A3MRYU`? z%ly*L`}03pYdj9s0wTX5q<$>_5G^3`Rq0=~ZT}|eT0gOXG=Dz(d6{4C^ZxwD2Ir^d z&&S`u{L)W>dMV9JV1p-u8Eg6a+t2(M9PIjQ3Vr>>`16-pl2y!#8RQpn|0R_C=1$9} z`v!~mjZZZkx_oHNu?f>|Pi<`FD_`z^1gYPXbo^~@kiuVN;D_s)Z%ctm3jIxO=o92J z3SbcWtp<9r5A+YlL;ry9V1^z-dp9ye`6*mJp~_FWlMQlZ(KkJ2d2s-}H@0Z0+ zg0*~qDL3#N$Nz;s6iT_9H;`Ro7>(CY(MF1I;OoW9DA!NSKPbLg`1$=_6Z=h1P<)+S zkF1c?i(000G8(TRMbc-iqj;buKm#>cttN+^|xc z$7Kk#IAI+^t1-~+t|+q`0t>SXWvY{VY;q>hg^aI1LgBBjC%n6!aMMGC-bV>=%?Jw_G9@mjE&Ps ze)AMA-)O?R;e-t*5GqG={6Uf*b3b9-y@cWG7=_-KFrAnr{Q=C+sP3iu9>drWMe$7| z2{di6h{0CV`uL#Ugr1SM)_6+57YJ8#PU_2-lXT@dcS14jqStr zuAZ^+BFc|h@Ivy}F{&4nzsXD3$XLtR%yh~!relm@6#IKQ{pMD>-WnMXHGiGugXf#J z@23{|$C!N2_p8W0LB{Wby`Nen1GK`ga{s0C{DJSMibC@n-%shZ_m7X&F~8Jvu{-47 z_6>g4K7G`&V+G5Ie&Fvj6?mAy`1{Tg39) z+E@2}N|PV##V$q!pK31h8$!wt_I}CN{Q2ysa{os93I6Fq6Y z1?Bp?iTN=+*!9=R_fwFu;P0mt?tg@m-^uq=e#3DFME{~gmmlzc%4jQJ`AYvS$ot2( z@2C7ygkRzQiPS&c`zb#$q2Eundm}U0w~pmwaIpH( z>GxB5obVu>Xx~UVVZ9xXQeuat z<`vl61J=QTZ?@srQt2$WC^goKvI-A);60&I1`BnRV_J7zPW?7P^$PO;#NmyMqkwia zGQa`Dmo}x;Qi-p`@Z(+lBD@+Ly&+SSQaHDOs|4rPg~O>50S-Udisp0t5LM3UOHBxX z1L?2_oXF?dx^umS3m{z5#oe2~!|i+?j1J|XK~NUvCm0O`E0{LQ$9xN| zF-?e4@arF>!!(f&&rz=Eg|jD7uVM}lMgvh=dPwI4hiT$D+7J2gT)xK7h4T_{NaFx! zjL+e4T+2I@42V+FI38t%qDzK2EDt=);N%=_gZaQb8*PF#s8_H!v<2p)0-TXgFB77* zv_ua2vD`3C)D;hXd7~fWrCiakPYeC}@u*A3$(J+w6*;uoFuX=6Ov0CmOu;i0cf z=-1aB^y}*g`jfL2b2jWwWw%-uE7`Ee5kNt;&5bzMX0_8yEJ&^Zp#n5Wpvz;BY8JfCEB^#v7s?hg z;u1KEiWLi-qqkTYx`Eos?jdkeh;X6r$?=0i&>h3!5h3Eoh6oq=13HKoy8jeP{zIiN z`41JJ)It7YIbPN`&=wESmPerXk%c9N6s6*v&o-~&l!klos!)`y)WXz)GvQ-ZILVov zot~GOil+sc*;-I)ZdO)ufp(gmo0DFUoOdQhXQ$`qC(lUF$8&SCIXzEfPbQw^w6r{k z*Tke}rJH90BQYiC&(2HFPR}VoZ)O^tWM*WhCKqJp;w2dLP+8B>jPZ<98D}u&GZr$I zGddYBV7!uX4I?}_!2AGfp>H7>oD$>rpbw*A3pWQgmu-%m*cg~zR8wOqu2>k0U7>|l z6@}V9F@@TkWxdG*i7XF+y`8S<_f$evFB~OP`Tlpv=rK zP?ArFA2YaYaH$voE(g!k3zSU2bii4Fk^a^Hl*q9)^ZZ^~tB=<8Q*aa=`+?ZM#RH#} z@Qx+^WH>+F5QcqqJq_~f{iy~&)+l{E%GCSurlj{HKk|qUXeoU>#_8j+tn~3m9I12< zmSw*QIP<_q^J;i01+5ao#2Q#P%v0!bz|9K2XuvHeDa;K!ZmPU=nSrmy4I_sf3Cp8d ztT2s9^}uGQC>fG5rsG=*4Mc0LUSeXErKXTp)EYHfHCE@){1tYb1667B*i>8t0zS*J zxzq}~By7;rpDr(+r4}y+PB*X5>t_tfr{%wG7JK1^qC1*5VTr*0zDZa*@JvunxL@{PCPtAf zXw0ATG|5q1l&=P7@cao~^Z68CFLZ|d30)J@)iGVD^kv-#gK<>5JZnD}ToRLOtiNF_-eCos?z-VGLrZ44g ztRIrDpwM+xKSUi_H^w}P^3ybt@Xua<$9VlYALsgGrS$90C6scO_C@H-Ojj#(hU-u0 zOibrxI>~pVMF;9>lN&)4o zkx{N|L7{8TC%OiqlZ-LeaDMhPs(k;hW4|$dDR*Q2kaPuwuA}-P>d3lL;k=GlT^#BC zXRohC;}f`6RVht?Z+G^)|9wpZ+ez-s{m-QD>iamL2nRiT+J2U%spGQv{yrs_51wx@!7xK z1VsNjmM_<{Ut-{yU%t=&oszHcbu8COpj5w4XCJnIyW)NC6N^~Bd{^R^7{}A_o(L?O-tM`WczvNF)=tAB9=dpcH z+|2hk#u~;t#`~Dg%P96R>M!-#cz+Om1ck1n`-9|L(v$1acz+eU3kqFF{RiFkdq^L! z$@o_T+X;u3&`JHmb3CLz91%|bd>+^m{sb;};TQV|zvM^w;c36B!VVus@fb2ZnU}!( zv5JMZ%Ee*I$S_4!7nNH)qedsHDyG1Jz1r05&-|PH(-jg8?)5Nex;2bgjxt7-3AnX9R zk2p-vBlP+(IX?qC%+A{XxPcu06a4_~wEN!oyN7_UJ$D!I z9{|3+kj}s0e9DfN)`RT60DVpa{%awwAEdqXL#XRO`x>Nyi0(!RNB7tp@5t?@|@thmkm1yU>H% zGf_ljg*{Ty-p;{mI12Llw3oLUyDz8|#!yins1PZy>pbPv_64fPfvGISy`SvbW*F5j zJG7t@b)IFRMNO@=xZNb63?>{{;p0r&DvH8fwo;o5cSKWRl7Z9Vg1HG4QC?xS+Mr3T ztgtY9V&WKOoT@lr9u_XH<2zB6(fFUJj#8k}N29=O19hPTmLS40XB@MJSC2F}T%#%# zRhBZiQ9wFqG5Ew5-?VB1H7`AzkZFlPf6jA3c@$cF8YAB=IZAw56ui*T*2WPw@mg|} z5lMq5nrtDKvp z*c{5aitT(QDM=~wC>1rhF7wo>NlK*~K&kX7Rhdd;l2VnWjDg<@rK(b?s!}2&6}v^T z+ZKV)VM&U85uPiKJY{K;;&3QSmnzOIWo(k-tW=ypJ#CEQbSh)V!kKb@wK83C!CJ9N ziYs54HVvQ(W|vKyrr;;KaH~|@OO#@Vqf+~^!ORdGS%;Z(P*tstYN&+@>_q}oQ3?w+ zjEzfBs_pnau?^n;!pObfhqLb_%6FooB)_i^UM9nm5IPy|a)-;KEOfxT=S8#{w4Ykj zLK6@b6{X$M+Z6g#jCance<8WV{p-^=i%x}ZGM3slDMZ1EK#h5->gY3=VE&%zqZu?q` z*wuBX^B2M24ChB3wXbzBxM*;x;E)#G`{2F-cia*CT4TW_gDV7gJ-8>qp*)l|{K&Qr z!}W3cbD{qMWXQP@&jgv{K*oR4IY5X1q-%im|C4Si*dNQ-%7|r%{;R?D1l>*m7Yi;K z+zR{TAHQ;JTea{xjfQ?>+$kTi{*-hxGN4`&!3D?Q7izmC6e240&)aK`KM2W?YD=t{!{)Eq8 zHkB#i%`v_u4pXA7wuRB9xKFBfW|tjPnbB?Ys1c=Z6^UID_$12B-SEkQ2&o5up zE39YO(MR{_)ibP5-~L9G1N`#(STGABD3V{`>>V33oQnO3uNV7yhH@ zOq%V`bdb=b%+?}Jy$RLdD7@}hnH9mj-6`J7XgZ4gN)HYf?8V{!Bm>U+g6}ABc5ugn ziv)*rXYjzWhaTW?S`>z1S@Z*^KccJMu4ve{J(^}i>Z7!CNgd_jfpf3%7(k#MrzmhR5BkF0!xPLRlfnf@ zaJ=BtOm{tF5#wCOSU2&9vz$MQhg;qs)u*%kA9Y}dcRXaLK?b_PY&XFJOcyT5@d*Zh z5&N$^%qV(DIi#_^)r=1?3SDRI(?xf9u9Lso?owZk?aRK_eXWXD@$PFqRZ+Z0E9m$C zDc%#6k;+*3xMQ&L8_*%uKxG0@`s5tZ!4Zb>M;+0(pOLN)1{`S&ZQp-PKy>#2-+#u_ ztw+yZy^r=;qs>V-B}_RQo=T2U`YOGlSJqqe_tE??-5&ZhJ(QkWxT2iEXZ@g8rH?_b zK87$qpP#=?;t|lb-bIXNW=FPcVdGu83Oj zq+rQwVMjxru{YDUPmNE;`n(2vUg-ulI#Ty{1W4)zemO8t!TuC)YwIB3b;1_TmP&YO zK_~7cVbl=&S@>*R_c1-cHZTSdb>NZyTQD-7&U4XhKG;8fJRc9xG3JKTGPQq>AA0_f zm$mzbo7bo z^St)I`_8MQp4@%s(Z{c^y?mT?*wL&{m@_Ht{k!02$5prCfA5G5YZ}i@xu7?z*}KHb2{Q=u-GuPDf93&uZ>q1@6RtC-mz#v|s;z{ow0ArNUm}Sq$%>aG0gdf%eC8L}z@iz~`Cv97Jme z)=)gG1j=r%VBsSvpzaDxMNv#CG=k$@eG^6e^Cx^%P?T41nWEumN7IJ7yBE$p0RzJC zd3QHroh#==yZ}r~!hbvq(EHNe%dWvho^||i#c;qC=hUQ^KqA(AAKTOfRdV-L-G{%t z0wTah|CjUUh3_!E7b!{uINf~(GtS5V?fg?FrT$5tr5=i3>Y?}*sdv5rsYkv5<>K!i zx_o|eRpcJL01QXBq31ng{Wih=?V5W(-23zNFOSSM&O{4j=r--fsNOe!a^!Cb1N%jP z<{AFYPj9``YiIWtKCFLZ^Pr2yuRC(Y&@XfF0_^0`ZE4g^^OwJ~#dZ4!JC;WeJoY8? zt_4o}thf5@xbZ#v`Rhm2m%jA((J zaq_+CGuKqyd8E63<$$3_uUNCbb?uiXCB*c)P3?Y_6?nA>kZt71#>3n}5(dX~)Z z{^`kE2H$h)juri1h=1~^jmPbHY}fQ>jvxHub(>c|{^&P*s($)y!GYM*ZF@HzKXGvQ zfg7tA9Go$D=T+Vhy!YJmwD*!x>Mf=HzK*ROdfl(#CI`z%s zlxy!iNT772Pblb+*6`#&|e%*t=OsG3h+b!?g7j8c(bMuw6`kRhV_Rd$% z9sc9q%#3SJ>9Om+iJAE?y2m{I#l3yjtb2Bq^TZk7Wq!16{`ATl-tArdaOULH$d~Tg z8^7wDn0JpFy#0d+zJL66CG+2%Qn#k@18n8JKb@X^;rh3(`B&z!8ByO9e7bzkWz{`4 zJ+lmbHC1;J^b}=FFMdP+gvf6aqz_Y$Rkau(1DH{en z-}{S4j=y{JokK6_|NRE*u?IY_JbC?t+h5*3p>^i9sZS3|v&~ueLip@+%O_^d9>3;_ z%m)t+d-|A@GY?KJy*u)zd$YcJ?Sel2*RELb;^G-~FBV4i-Empk-unknRr|Rge01)4 z>-OcnU%d0)<*n)ItBSgpnxgN1cF{SL9(v`w_e*y--IKnwxFwK zG4(pr-B*pDp1Sy*U(Vk9`n-(&k^84zbawKIy9bWmdv?;*BMZ~cTe9(^{Z8e&SHC%O z$BOu+yVs}RaNUuWD?Z-RwCk0Z=Un(u-{XFHXN;-WuBN4B)%)HHd;0rRPTg|D6GMMl zes}lV-n`%O{I=7aj_JjZjH=%=yQX$~=CmCd^@)x7N+_&!RJwHr+!gA8s)nE4?vVP|3J6;?6X2JRU;$yaK zxnR&;BR+p<^rtJgd1mc;FMsF8$9A`Un)vU&0=l&OGcC}qp=``GIj(pAz2xAvwWr*& z|AgdT-xZwERB*;qj}92Udx6>Y=;#AEb8r4U!}4MCJAEs?TRuPU@&7q@VES`I&TNQZ zddjj7htFL4X4cS?ci(aK->N@(W_$RS{V~ysN+Unf1{=U%;Dp@tx=X=^7HAhU3Tm7`&ULEb>+KXd|YlhVZi32dLP}IeCvY+ zr>!5bFehfn;0umFIAuoUkhELBs?5FE(p>ZS?Y6IzAAUKe?=j0(z5nXhcg(r*!Vj{| zF~eT#ed*wy?>+Rxn3u1eo;c}}-!`Y*cVk?3zflbmQ8m^TwLEm~RSgk4E%-cz564d-n{w@W^i+DIvmxr!0A5nDZA;jA!A!l_#{UII!sJzuoc8uJ50`;n;taJaYBc3AQi= zj>u^{F8kRNwS37VL)ShVS&;p0rrvs9&}&i@SK( z$j2|RtG!N(Yzp6Ee*E44nfJul*auG?K6Yrt^rO>uEh~QJs+T`>-S~K~O=FhT)HFY~ z>xu`L>~ZXM|Ibqw{PfMpWgB(~e*7TeIr< z^&ccJjCpqQD?{FTq1T9KUVeMivh(7Sz8Lh#p2B|(xOQwz$(}V;2P5a5ye8s>sV9H7 zwAdSV%f@RS+&by2wTljfefid)S8K;j_;js#>wt-uY_BzP4yz!%3?pX2d4IA!T_t1?WRKAgI9)8kWV;Ym-&?Y9BvFWmOU z-uUP4eSKlK+kQxTzwxSHuFifVJhxzd(+OiQJUi?knFp``$+WM}jn%aZCHH+#PPxvb`)VavbCn|0gAo0Z6qukEpG z?u7kkzMTBTyK^T0(7WK?J9bPx_Q8JPoBlQIf@xEVuZgAwTVif6n=3`To|S z1Ao5rvkM;HGrs@GQ$OhUR9t36M8oZ2>#T2_9-iK9bWCwO4WK+a$)lS11#!Rx>bc-jxzY5<@ zqx6nTC#+)haK7_R6kg1D#|-jsk0Vr52^TZgaQx^<3V%77FjRj2s{C(A46euj_53e6 zJ$SyQJUW|yp$~;p{-NSSh5y;*AI&p#XE-}r0Nk$gO0$e%I&T0^|>88MWdjPi_p zM!(Pxe2eT*#CG4zdWc`*jVSSl8@C$L4<-NePSSW?Hh8m0O5e)bDodjw#;uGiDKX4I3^cD? zzs?lOZ+%>#eWd@YB(XiX{i)~cPwXS@PlJi*%%;D#{Sp1Wte=#xQGe%X(l6#T&JVYr z(*8KPee6j8!`=Rf{&gcsuTc7%IX;H<6#I+*f3^MP`f9e5-gW;a*H?+d<*J6AVXVBU zM`UG%eF69?Vf71TDl7qGcPz3`Q>wJ3G7{m-aVIS9fh)tnir&oYi>!9zIyP2YadjCi z%~Gb8I~)t#N!SC~$aSDfCgW;CN+}S_Q4ZXb=OdmTTv*1Wg%y`0iFkj4wh2X%Ur>K&i`S z!}Z8yc;4xNrA%Od9b-7ItHQQI@+xYV*ocsp0$<8k!so`pWCe+`!)orTCNoGReBDoR z_@1E*zGE&4cw3-GxDz!OQxoA1c+WsfyQrwU3abVAwNpn8bGmE`K&1`L#NTS6A$lWM*9lIU+-aM8dzuss=QXO-Q4U~RokIP z6l!6?3WP3*pyjBJ(&fxg=f=}wsEw?m?m`nY!>$m1`t~*K1f3cOd0BfkwKwaoB5Yv) zkZZ_)!L@<$LTALN>xk~WzY&gN9CIuA6B)x9_i_9Oj88GfFkZwsn_3v&h9JPF>hHi8 z_QcT_n9j|3UN7=L$vC(-`Ojl~m2pfMg%4)Bmzckl{hJt%XZljcml#Jd|M5)s9P<~m ze?8-|Okd3S9OJ3Xe=O5&Vg7U3|1e`;razZ)3*#xw-lk}5{T#+kjK?#752jns{CVuZlko_q&tqKAcr5cD!E_HZe-8WCG9F~i zVZMhM`!fGQ=6ir~7SrFt_zUAK=6irKjQM|IzIBWlOuw43g)xKq)-m>A{ubuDlQD(q zZ(#g^F@^c=WITfTe_+0~jMJF@TE;z$)0l59<3Ywf%y$c8BGa#6{E9J=>2G2Dh4Cxq zTg^C;>91h?f^j0#uV!pv{DS#zV2oq>OBnyf7{~NCF#f>!FXp?JF^cJzG45iFV)|k#;R_jGU>wk&!s|KRy^K>hy-OM2WE{xp6f!=*xS!F)>0QnEKH~^Z?|jB* z82fVi4|2NSF;3+4mNCA<7|!XO#dr_nkBn0|y(<{EF%IMODjA<-?9J(~<8;4bjOFwe zGrquhG^aD0v5s*M<3vvHV#YTZhj4mjj2judbNY91x}P(Se$R<7&pw7{_sXix{70JeJcrhw(wi zUl`YLx*su~%ITfQxRLQ!#tcsHdd5!}M{;^D#x0D;a60oC*D?OYcmt=qo$+K&$HrLC zxQ{WJ(_6{-A>*l>UKQgLjJ-IWe8xK%n;Ea+bl+qg$myKJcpu|;jFUON%NVyY4(9Z1 zjE^!ZoX+WtH#6>Lyqwd0iSZatXEtLU7B!PKjVJJR8H@D#wNxK zIo&OcM{zpYj5jfU!Z@1K^DsWg7{=+$X1s&3nQ;oIcNOCf#%fM?6XS1;>6~6I}B#hWO=DE}A;4i?Yk$}ot3Mq?#TnV%~0r$XFw zT0F&we2E|Kix1aP!DqUfkM=<)el=)3juue7DQNsS2-WoWYSF&=vnKLt@9*{YGwMGX z=qP_jXdFiU6MgYGtHeL&#H9HY1wTsG^OF>R{-*lkNwQHsel1V@G@FHf{rtEtEyV}7 z?{r^0Nj9dR?28Y~p9T!2}dfpVCkzE2}c?@il_3G{HYiT2hK;Pcon_A z`PJm3c^J=WF(&O-_{j%zmm!qmy;{7n{ANNZ$&b5rcUp(MXZ zi#PJ)Y9#vfjr{obkK!AG^5duq#cQ9L`{v%5G-{fQLi!hJA@Y^5#AB%b`ZVSr=dEb* zDxAP!v>(nn*Yg|W%O&0mCvX_!YamQtzQ*(y`{Iv4_BPkw5??$?Hu7KKi>DZ4{8C>$ zS>70bp)X#Av$pA91Yx8F-p z%ikYw3L5_zgi`w6pz(nV#6?FJ*d_g2EOYXkE=ZYOL*2D zl)i`YAB^uY{>CWumOBIWJ>xF&yBNpcP5xULg|GA;3jdJ9TNzhycm&kunc%Shj_34t zi_XskeCUZiE(h{p-%-ym=lKw>fp6eF z{e$v3?g_#rPX*@t`px9u`wHPb?C-TDkj`kw#Fv7{pJoha|HCg5eV>;JtsE}t-pBsq zo}>6Fj3+R?G5wDGw{0ak<2WDhar(b9zRvj-IiiQqOZfa}NY0gv+Zp#U4sW1%p?}ig z|L$3ecXNJDd7k_aG78@w_78l4;-@m+%Qz#wAT>89qY(QXvR1II##Rzt2E7>vten@XOd`kK}&G-}J$&CFN zKlm5X&14+O;esFjlj8p>9L9PGzQz8RSuY8{jl)H+tJwd!fnVs2coEaR$8yDA&Efq% zqkJm{xk7)hfnW46qA}f$;*Ip7{Fw%OgrYNs8`Bp#g0oq!*s+lP5ogdbP$O(=M1iWzkFcIY)7Nn`LkDc37vVle=Ay%VP;Jx! z=BsDG>`UN>Ih+ep6!2>^Reb^6bMV04dnL|l?h?S6#*Ne3Veci_S26J5^+-C@vcq5)LhWO(cvl+`7h5l0Z z-(?7w_)uu+q#mL8jp3U){b<-XGul(-RJ0Q)ty0|Fvh6VgdXIBp-ZbozrSD44%*`)I z&dN;APtR9iLUi)%G#E03leF}d*)x16g|s_@=07thIXg48aBh0?>F9^=De{u@&Lqj; z&&|u6k(uN3n)A}La$({%#F+DPGcvQ%@f2oT&xN$+%|XxX{PaSkDNF%1a4WCmthC(h z1Wb!K|% z|6}h?;H;eg|NozABuSDaNlvLG?VBWNnU-mpGBc%;YG%%vW@M9Kvq?v<@i1E~nqzu&;05*webVJ8+odtac2+ zpRxPzn%a{7nR-iK{eg4WGV0$bv6)JbWai|=9>S>#3`kDu+K+uLsfYD$oJem+|z*g@c>ih-mV)nsG7|uc8G%01E?IAXA z{(;)sI`5p?H7O}p1p_l|lL4u*DhH%Ci92BIA(FcEZPoUSSmWy2KVC&@+-Z2Lw0TS0 z9Di6S9sYbxmFAqqe0#(GtsK9`IX(|Kg~UJp+vxkN*;gO<{gM53Vm4Ga)o+>}yMDOp zgV)Bczfkqf$HcC`PW8)fi>@!@{M6zOuYRuT_5E6z^6vaS>rJ13-r3)jE$i05uKFrb z-^(TNk7ro_->E+O`@4jMGWJzj;IK2@@Asm=U-RluQT?7Nv8Uf&_1h*KSno}L?Y2F8 z_l@K>b?wtbIt*k!^8QZfbTBGW}3!(7S^_PGiOZhpH18g zYNTmqdS-Um9k0gj8?TM=P~)zFvVrLT$_2}M|NWsZx?ldSju8oK5B6V$t$+OQ!2T<| z;rs8o3V-Q8{}?K~>HBYeg}?NlH@tI*{2$*HY#scWazXlu_7{fxv+-JenGyVAVC_Fw zfuDH%6$hI}g*O;SEYDH?ZxnAHD)2LxnATJNZxlWKvaJ6@&Hv>!FqwtF6jNZoHJggd zVZRHr-+oQUm6(C6FcVi}7Ouf;T#Grl4s&rmZorM0hnp}TH)8>A!9v`MMYs*O;|?sw zowy5k;~w0L`*1&&-~lYfgII=#upAF#1s=glJc?C#46E@t?6-(dVhx_cT0D(s@GRDW z13th(7kC~o;6-e}OL!TtU?X0|CfIM>Hsf_{0VfjY@3Xbvrg3r#yp4D8F6{Sa_M0;M z-PniNhL5lvA7ckT!A^XNUHA;2;|uJ@m-q@_V-LQ;xA+&n!}s_BKVmO_!q4~x`|vA% zgFVY5oZoGgCCecJhoL+UM+F>#iZ~LLa1<)zXjH*5sET7z4acE6jzY+Xw;8ZlkX=sGg(HKq86wS~aEzlCJ&>C&f7H6Ox&P02hg$_6y9dQmi zp)6IWvvuEA_vi#fOsb8$Uxz>S!Pn=l_Y zV*zf#Lfnc)xDB`C4lKrGdHidA?FtMNFV zz>`>mr?3`J;~6}Qb$AZz@jPC@i`amd@G@S(M!bqmcnzEJI=0{qyotB46>sAmyo>kn zK0d&Q*oKd=9Uo%{KEY0Wie2~&pW_Sc#+UdCUtW1|LFEVbp8)?V*gJ^1~L&s7+DyJY~)}RMk5z_$VUMRaUqHjK`}}&24gV} z<1qo}V<;}bFbu~C{HLaW5!0H8i!lk8U@{IJ|Nlpif405X{Pz3rhkNb*w8AndueA0W zuqKFj!&!ZF6RY1p8^4Vs)^M@L9jm`T8@~+`Yq$f)|9iOuyZ3i_>&4OE-y)ZkFk(-`BI*^%PT$CGd|Jj@L-24)5xr+H! zvyH2`z#W^-1fTowOm$oS;-5Clc0L@S{uiB-=Cm#9?xr`IMSY^WyByf<_4kJy?Dp47 zxoD8vZPT>ooGtGBF6!x)FG_Z^hg(;IJV)hF(A%R7{IyTkQScbamjGNjB^7AybV^VwYMqlL1i zvX!#6vW>E>@(iW7|DLJtBs;;-j2P-J-=YiM3@mW7(?f20>t~{t%N^>Ef38h&`w#LL zO zf~u&7>ab(GChY#9HiD>&dT0PUUo}EwG=*&kTlcMD>)6(7dvpM|2Z2uLf<$zOoiBQ! z50cRzDX^s(h(Q>Fp%{h{$Uq2L$cBB^vd>xe8LJRQD8?9!gMF5oh)I}?DVU0Bn2s5k ziCLJ9IhczZFc0&w01L4Qw_`Ex!acYTORyBnupBF}605KpPhbt!;u);Ndc1%Qco`e9 z37fG6Z(=Ln!F%`s+prxwuoJuRId6Prf80qXpOdLhxX`zj_8CgNJMw^L@)F~GWsJ0X&8t> z7=ob~h7rg>2wBL+DC8m^g(yNX#$X&KU?L`AGNxcEreQi}U?yf^Hs)Y1ZooXu#{w+G zBHWI}xC{5-J}kjfEW>iFz)GybYCM58Sc_+{4(ss(HsED!#3pRU7QBhAcn9y{18l=~ z?7&X!!spnHudoN-;ye6+z4#gX@EZbU`5y@=j|!-WN~nw~sETT+jvAY^SR zpdlKeF`A+|TB0@Dq8-|!13ID;x*!qV(G$JU2lns9_eToSFc5<<1Vb?lBand*vXG5Y z$VEO1QG{ZQ!8lC7L`=eDOuZh6rmVnFb)$i z5tA?(Q!o|NFdZ{66SFWIb1)Y-U>@dU0TyBrZpUKWg?n%xmS8ECVL4V{C01cIp1>Nc z#WPrk^>_gr@G>@H6EVLNtUCwAd;?8aBvgKzO2e!yP*jD7eG0q$$dA_3)50TodRl~Dy% zQ4Q5m12s_#wGl*J)I$R_L?bjtQ#40Qv_@OBLwj^UM|46LB%(Wdq8Iug8U2xhGz`Qb z48c$g!w6&`ge+uZ6mpS|LKLAGV=xXAFcFh58B;J7(=Z(~FcY&d8*?xhH((y-V*wUo z5pKs~+=Y8^AC_P#mSH(oU?o;zHJ-p4ti>}}hxK>?8}KqVViPuF3*N+5yo2}f0k&Z~ zc3>xV;dAW9SJ;DZ@g07^Ui^%G_zi*bY=0!6JSw0fDxor}pem}NI%=RMYN0lQsEc}N zfQD#<#%PM>Xo=Qni*{&_4(NzZ=z>IaM^E%ZA0(qcQjms$7=$4hieVUm41|z{Y>YxK z@==H)6k`m=VFD&%5+-8`reYeVV+Lko7G`4(=Hdp-!+b2jLM+1VSd6=H5AMSfEX6V` z#|o^(Dy+s6ScA2A2J5gMFJJ>+#zt(yW^BQm*ot@X9zMV}Y{w4l#4db}-S`T7@GZW> z57>*Ju@Ao?z(bp|NI-d1Kt)tSWmG{`R6}*tKuy#_Z3Iyl_0Rwf(Fl#v6wT2RtkJo5uMNliRg}==!HH=Mt`Ir4FfRFaj9}Aq&|UgvUNOvEHi z#uQA&G)%_~%)~6r#vIJW4VZ`dSb&9Cgxj$gci|q~hb35wWmt|CScz3wjVG`MYw--$ zVLe{J2E2@o*o4j4f;X`h@8CUrfNj{09oUIo_#C_O753m;e1{*f7e8YkeuI7BFN*|} zM+H#Th1GZhYp@p2U>(-u1#G~}*oaNoj4gN* zTk#Iw!w1-g?bv~x*oDur8((1$zQuR=0ekT?_Te|!kF&}m0p(Ev6;TP5Q3X{|4b@Qt zHBk$-5ky_oLjyEKBQ!=+G)GIcMq9K)dvriYbV3&-qC0w`7y2L>{gHw+48$M|!B7mt z2xK6HEM#L8a*>Zh6rmVnFb)$i5tA?(Q!o|NFdZ{66SFWIb1)Y-U>@dU0TyBrZpUKW zg?n%xmS8ECVL4V{C01cIp1>Nc#WPrk^>_gr@G>@H6EyAw(?|UP+3=5Pg!5tK-o;$M%h+* zhVo2hdu0b@qOymwr!q-7TscCSuFOzoD(_J)Q93`84e+?P4u8;;RUW1+udJv%QdvoP zl(Mq2it-p`RpqhDMatWhw=3^ZE>_;Dyi0kv z@*d^A%KMb}E0-uAP%c$Is9dIeNV#13uyTd+5#>tdqsmpv$CRs;k1L;0KB-)zd`h`i z`LyyG<+I9l%IB2pmCq|*P`;?#pnOUBvho$>M&+x@P0H7lo0YFCwr);cjt?Z!OsVr{fj<-ZPM(O-;fvQE#-THG|x|yO(Ri-HiCWL3yKc zp7JK;eC5r`1LRi2@2 zr#w^HUU`8F3PUTL}fQ+cV!P{Pi2y_m$J9AkFu{aS=mq7UwN)F zMVYEhQw~rLRGz0Cq#UdqqC8(YRC$4Nn9}*-mz{UElyOcxWtHWW3ChEi<&}pkD=3dp zR#YCTtfV|jSy_3svWoH;WmV;|%4*8vl+~5TD{ClEP}WqQsH~+tNm*NYvNEWwqpYhu zMOjZ-U)ex;sB`2+Cd#JDX3FNu7Rr{&R?61OHp;fjGnDO=XDZt(&r)_! zo~`VtJV)6{*;&~|*;SdS?56Cl?4j(bOj7nz_Ez>$_Ejb;`ziY?&sC-p6GnARikTR^yQjSz+D|3{il%tio$~D=RKBX*qL;3*~O*m&&h{Un}=0zfpdx{Fm}O<@d@Tls_u>Dt}V`to%i} zPx-6zH|6ijz#H!MxQw!_vYawOd6@EWWd-FC%8JUPl$Di7E2}7vQC3wRtE{H1t~_2@ zLwSO-rt(B(EoE)x$;zOzjvZJz-va_;_va2#t*Pa0T&TQNxk!1N z@^q&aFR9;Pg>JX~2pd4#f}@F4V9-U8!1m$HdZ!KHdQuLHdnS#wp6xKwpO-L zwpE^?Y^OX^*AvX8Q_GFjPA z*1m#pL z%FC70lvgOHE3Z_}P+p~+sk~Y_OL>iQw(?r#9OZS&xytL6Hz;pZ&Qso`oUgoDxj=b~ za-s58kJp z1>MmL$wtK++T;i-~Kk<$2NS7o%jr2;#+(VdxzcLU$?)3J^_d0 zNK{5uR7Xvmgp*MRr=UJgLsPUuJDi11=!Tx?jbxmQG@OSaxBw%NiIEtEJQN~=F}Mhq zVk)l0Ok9IGxE}LxGZx}DEXLiq4-a4&9>z*MiFJ4hoAEZb;ZuBt?_uw7mn+NfwQ)46 zqB>5*$*7A4I2|p}2JO%Rosozh=!L%Mk2DO%1sH)4a!`N>#$W<2!4zDM>9`8l;5y91 z0xZIvxCi&c-iLk&EAS}nJ!pFe`We{ohd1C=Y{A>G_nSY4z0>?9>^Mr_@AcaIy!IZiy}xVk?QVm;r~3u=;CtBnxc0YvB_!}V1}fuNoPd*2AE%=Q z&cNB|iX`;I01UjaSQIiy?79h;Bh>S=kW?&$J_W2pWq98gCFrL${o(~;Ak9&6Hy1JqA{AIHO|D@ z=!|YiLSLMV0T_%6kd7?mq7cOxhl!XBd$-QstGgQZF5Qh-fJLzP=IouhC0K?Puy^F1 zz*^XQarQpkCcJ@n@ew|Sz2j!@w*3fum#r)p$-_|z$Dle+LIX5HQ?x`|v`0sDL3i{* zGEy)QLof^($U-g(QH*hzgv)RRuEI6A4maXv+=@GJH|~eM2WIbp+52Bl;u)-mz325B z-oV>NaV9$89CSf9^h9qY<6NZS zJPg4F7=cV=AqS(8j|)+Zv6z61F&UR(8m@%BYjq9mJ*(?s?^xXod%x;7*t=DC!``cU z0QOGR!?5?M9)rD0^%U$qs^?(uP`w0uf9f^ZyHjt$-kW+K_RiGDu=k}tgS{*DHS9g9 z?_uvq{Q`SGs!T>a4nVedb+fW7;42JF43 zvtjQ%b%nj}lmvU%sUPe;rvb2coX&^6-;@q}w`nBoy{0_aJ53ST`%L3u?=oEidynaI z*gH&D!QNlG7ISeU=HnJD!X3B^_hJbi#Bw}>Rd^h0@HE!pd2GNd*o4>dCf>$-_z>Ii z33lNNe1&iD9e%{m_!agS!IwjM9DzzW8dY%|YT!iFMjh0{sc3{IXpUBBi!;#y=b#I^ zp(lDH8RsGm=V1sgzzAd_3pvO|0g6z9akvPRa4DwZ3e3ROn2qaj18%|s+=|(;Cjr%%~*)ruo!paK0JVBco-}37@ojWcm~hm1-yifcnw?d z7T&@8*oKd>6Q5x>zQ(us9((Z%enXj~IR0@sD&if+$5ohxYcUr$Vm@xc zBHV$ya4(kNK`h53ScS*222W!hp2r5ff=zfGZ{lsdhYztGpI{fhz*qPN-{D96j9+1Y zv0OQn#}TN6qfr&dp$1MwZPY0*pW= zvXFyZ6rczt7>A263729juD}djjoG*kH{d2Lz^%9)cj6x0kEM7BEAS{*<4LT=vsjN8 z@iJb;X1sx|co!ewBkaJZ_#9ti5B`N8@Dujoca-Jfz+tF>BT*U0pc;-xO`L=vPC)~l zhQ?@ymS}@^I13%o8HwnDUg(SdNX0-5#!w7L2Exe3XyoHU6k{wV;9^Y1WtfI5F%#Ed z4z9;M+>C{|4U2I%?!yCEhKI2dkKqYCg=g>_UcgJ(h}W3XVl}oPb(58Ff(~4RJb}q6J#x47A7D=!CB5jwJL!Kcrv) z2H|`RLpnkjiBZTyAtD%q@tBB9Fa?)mIP%mcoT2qJ$#7m_yoJ~1-`;J_zpkfXZ#BL2VcseJdQvm9F3|t4mEHh zYNHP7;Z!t26EsIFw8fd|fOF6V-Ov-gk&JVZhVw847hnW3k%b)Oq5wrG!8lxmNw^eK zaRp}JYRtxUxB)j|0dB?ZxD)r_ek{d9Sb;~e8c$*^p2d2+h?nsyHscL!#k=?bA7KYR z#pn1Ed+;y(fS<4rzoTqbj(=3Zk*JJgPz}eUCQd>Sr=S5&Lt`{UOSC~doQ00)j70Q6 zFZ4x!q+%cjVE}-5&{^)L-AFt^{i+|eI?VomTRCjVz|JLpA-{#Zbok+Jm)Akzcp5S$mp{Q>&*n|Z@2#a z!}#k?_YGtFh}SgrT1ab;)$K0}`uZOc)gG(cU*#$&vunb$&|BVLhp`}?(a zEAyJ5*YX$A&ME%m!;Z57uyU_Sr^V(c(<>moGXJo4KJyyu*M{-0XRpkE-Wur*K=%9# z?b*J5>^$N%{`NjzA(`uIPmXH$&s%?A-MPMY|9Xhmo<{$+-u%uUr4Q&fjkH;5FU77SiUyYy8V>=UuO{^OV=vIm&DN=n0kJo=5vh$$V_>VRJdBCm{O}w7e?!R7m_0eT#`-ZXhSoQug|1@l0 z^qQew3)#rmKGD}6@BYK)%|9PDJ%6{=8?Ui?|2%p1vHJ1%XXo<)@b6QpboYb*T4H5( zF1G#AYwTPZtIUSAa<8%eY&z$91!QN~zT4YZX6I__*FP^-X4Cc>n&@S7^c(NU%MD( zXT~VAd2Sx3Jl679S*&HU@>t7d<*}B{%402`mB(5}E049DRvv3vtvuH9+PueG-sp80 zYdK>rW31(iwQRALE7mf_TAoyX5z1TH6y3DT8(PegRjV`lmZFHGk z)1%Amx*lEDGe%ibjIv%a%Iv-+dVF?Wk1n%&lIXJJ7-e?<7~Nn07-i?iC`*Y^mKvih zEk@aZ7-a)vl${r&Y*37{!7%m20WLG*oy|8wO;_8YG`-D@HL zx7%$Sc#VBlHU7_`)*h?dUlybvukn|A_x5(}jNbNk?KH8j zvC8dwAFJH1`LW9Fx*uI`^BBE7ZF#Lc*790;tmU;oxRUT`3t>0M7Yvr+)*UDopua(DIUYln0 z^4h&rf7tolYwUi_-)-0Y0bV6(_kC7hNPg+ z{%)I&zuWFx?B2?2tUkKTmM6N*mMOX{Ek>EmpMN=Re*E3Gef`}weSdcr-8PKZ*z)_k zZT$XjYxj5CI`wzk`2F2p|HCM^8h;iAi}|L8JroYCd}aoaKJHU4q?%e`^?%lzZ^ zms`Kh5b;Jz`pcr{CHlCs@kW>RjZtRXIl4bP)@=W^ZRa)qvgrAWRTn*fwx9c##kRA* z+qSd6+m_YeZNvMIc^lr}ZNvM!ZFqmTtq*^hZuYSsYkJdSyvEvXIlac_so3iv?KrpP^&0E;kI%Yop8d;VW#iyA zHhhNHL0Y%Xm-Xj0R%YYzm)UaI@_3DHUt2fUuYVm`f2J?I#=29y4$}5R+sC~om6kDH z2Wi{cKaX}!GhSouHqTyT-Try?`j74>x<8u_|N1@M8{vOJ`k!0JYj5nEPyaSJ%U5pq z&tBvIy+IwXkZkB{Kh4*Ek+1z?U;8P(_6ELo|94LQb=kz%PxSXgUX}koeW+JR*7LR3 z_qBKOwR^4pWvc5HlK%OPH$MMzoa!4k-nxmmtp07{UvB^QvGa}BH1}FayKnWHmR<|l z%GYl9hhEdhYa!eE+RyN{+dZb&*nOqf`1cF{{^H+0{%z9H8<6zxN1c4-oqg^8^Q4_i zy(ZCXA?^8**L3$pAeyKK9?UkNsb`=KA-yc=w0?`@nejdw=)7?tlAU?(bgX{P$gd zce}^Czxr>ur}A&#L!SlQbIV`(Ebw>tpF{WX?z)Y)zy00MoAJ&w|E|xK{~PC@L;H-o z5B$6CtN-pk^FMhm;eQr!Xy0(R#+bx*CazagE! zFE6UQOq}iHZO7>9f4cq3Yee@w=dQ=-_2O+`Z+hPJ>!%0nX9VkqgY|p1uiv+Q{nTLn z!GXgA34tCf#AN&29*KTtegq8b0D_Hlx zYrOWGv>^P`_^0dF`;FISx4Y~23guPGYn0b1Z&co_?4>+cIY>D|IZ7E(PEdZY{7Lz% zvdkUsd_1Ao^ldgEWK?&p*nl&>k@Rer48txQz* zQ1;jPY-zqb|4%B9s(0XdE_(ls*Ujd28n1rQB6qyYlxvlnl-rbhl!4pa{`;sqTe)_j zTfR+M;a0bMs_L7od#;9GtX!d7r|hKMqTHeUPMM(fQcYP;*;+YB(;26%qTw1Uz47-~ zcSt!-xk$skpxot+N6XP#*-1HF+ow>=Jx|%Lp}T#WtNYI~tnsveqIntHKqJ-dmFKA2 zOKAWPYBjeqb;+(|I?8-*ZcFI&i_#w z#ooU;|9`f8(e>W)o?bsQXcr*=?{94u{^|T5rupA>*umGoH+}W~hxn({FRL+m`@1)t zq||=RlDc&bwrJh9P0L_Ti+1_J?ulKyHi?9b1HHq!pgeL8!CnPLBg6TT zVCUT2aIjtDU}EnkE!wtd6YO1(5zfy}ACn*S|8o2ft1n*;L-$|JohyX0~#-%70c?Ph{XLY^eIi%C$;wfBUENf9wHk z;s0Gnu%f%(f=9aPEm!Frl_^^;;jr?DS2&{Lk(G|Bd~}s#svcYIxa!B(IHBf=wN9#i za)Jf~CVE?pD5b??zLsaNkl zeUtn3KQ|>cZNR|u1`Qr^{?H4C4Ih!7kr@hSjm*v&H99vhzo78KqDXPcn6cx=Pq=8} z#gi_XeCd?Srd~enis@I*xN7Frv#yza?VRi8UVp=l^KP1d^MYFz-n!_v+wWL>=UsQ- zbMJlkFL_|;gUcRT{_u)NRzAAwvDJ@1@#LDP);|5rv+JH)|NILtZg}bCS2n)7>9x(T zZ+YX*x3<3h&b#lu|G|gbKHC2Aj!$-ey6dygzu5idS6}b>=G%XL_x%q)?)~ZKU-td_ z+wT=v5q62Qw8lPM)<7-mps_kT7uoeN0d`(254%3uFh`&wjzlHcdA~A_hV8@0pek&C zsD|TE9mm6_a{_AOMA$S>LT#LkAnKqlPC-4`y?F!J$EJoj4UJ&$TQx=#*k_k!u+Q=K zY{)*xw?b>Qfqibb&+PVj-9D?^XAFA>r~}T1z3X!hI-xVVz`m!k-^Fx8cl1C{*mFty z&6K@^W4~9h&n$LDwcoY$$GJ#>-3{6uk?n>U)l_T?cT_W7d_7orFe6r%)VFc#x59ur{ifK0^2uy;K!!DL*D zDYy(%aXF^p3QWh9n1QP>6IWvvuEA_vi#fOsb8$Uxz>S!Pn=l_YV*zf#Lfnc)xDB`C z4lKrGdHidA?FtMNFVz>`>mr?3`J;~6}Q zb$AZz@jPC@i`amd@G@S(M!bqmcnzEJI=0{qyotB46>sAmyo>knK0d&Q*oKd=9Uo%{ zKEY0Wie2~&pW_Sc#+UdCUt zjN9A&_qmO8;_wYwrmWlX%FAx!oKz?(?O*lR)k~UV|CcG}8<P^3N{HlL0dG|W|-~S0CWJqP{ z{HT6-*YQVv(q`^kUVZ8Oss4m%={4;CGKaZiE}dU3|BGF!FQ0vRVvt=?!1Hyc+*8T`JU>TBS<` zufBBoHT*}H9o=#7w#$z8)^F+hQ2o)LFRE<+dk-i}*N^JG@p-xbdK&*i>Gc~c_YWWc zLL6&2udF#OEzlCJ&>C&f7H6Ox&O|ygkckk&$ihfuBL|}}8o9_rJ_=BX3sHm!icx|w z7>jWjj|qrw{_6a7X234!ibQlncl1C{B%v32qYwHb8U4^7=OP8ENW%aO#CaHm!5D(# zg5f#&g(dl!wh;T9$@^Oa{`SBbJ8cS_Q+E7!XU~5)pFe+c;BwWBTF&GD;&|h&r|9wh z*?RQ)|K)3UzWQnY{{NQSb{)8U1zOMEa(eaA>DB+cv+&ac=O^CyFaI`nf8noUm&Y5A zw_INRDPOw7chPvf`snof|Mc^}HoYsB!3|E)ItR$pyhkNoIC1D~IO>1x3M7PEk0sxS(i!X-#2Kfis3AdmvF% zQpixj$oNQcI4_u)o|_v;;xtv=c17%dExxx zU~W#NI9Oaz5X>#e9~tO2E}R+6Dk#cJ_eRkrJ>+Tw$|+=)Y_yr#IXrvOEQKS1 zuIc%15odGBw_7m4ufBp3?k=dheMK5r(v(DP_2oS7>MUs%F2hXRSE zGs~P7loT=J86}bNf$p|u!sD3V2+KN#hcTgGW>G;T(nMp(&B-4fwa9cbQ@)j%6gjX{ z<4M=*2&Azl^3wCi2MY?r`ObnzcmkyL9IG~v79LmZuA%*N>8wx28Fpr;Fr7un4QCYx zoz-AV8%W~u(8%=MU?dzK9Y_hMhnf`R=Z<&B<8IXb6SL)t1iBOzjAoV!a|#(N+pZ{w ztsZ0*mEJ@PE|b{g z#W`6y;UZ=;uV4&g=$g%b63z|gm*izoe86n?36G(sr8Dlx`25W5qJsRK2@K>`vKPg+vYT!o@e6>r5C6BW;ZQ|U4g@*&^dPcx%+|Jcf|G%=KzWX`m)?P z`Qczr#90w++~VwTFh5*8wxDQqpnrPiXxoC$2G5Taa~QLd`elsb6l8pD9< z63hs*Cq~#_cD!~Dk;OR?4o>H!lUkHlP{OjfU0nx~B#sh2c#0qD+m@P9WOj0?D>3+e|YBwuX(^TO?;!-@k3_ zAkJV&mW>5TahAtB4{G_}}5-y6cO(MlP?!(~Hp-WF(eRUj^ zo=r=a&)J5h$JYVHk&?o~f+AbiR1U*1=VA^WXPNfb9C*#xUtT(*tn|Db&K@?I{k5Il zQ$6QocAe08TLUaaAlcpKwpl|3WApvpCHeHp%CM6_*8&by_cY)fXu*u}T&=>+$v>kc zD~p{j;+)v_pErDi6th=`?C?HtJXy>@DA2Qj!=`ld1;HZvvolgKn+o3r(l_IUMFk_7 zjRP;AV{MU2Yf{;3!@*>B80R2jlZIFfHmQ#A{BSrF31;So)AMt<(j_|=hC$tulLiIt zjOd=ToMG)Kb1Nd@y!68C0;cRc;*#tV5CE)}%&;AWDY`BOM~B@lynluFro;|M@96isox`&z zJcbKKh%ZUT2glM=QP_@VmXi(1zU*9u`i;$JJBIAK%<5w!*dD}v2j}V{XD{G0l6Nt& zL$aVKy~uX7lKlNM;e6WR^HzR(A={#`D96T=Q;=DlYc~?Qy7Sqq^pfRWYrV67s30#r z$38kbP3ZxbYnOwFT~s3D^D+u@IRUsALbtzx>A4*6r59RFD~oen$UQ|m>yyui>F#wb z-MRg;E$3{DU?e-;E>t}7VVU?a+S#dR&!Csgg3|k|sJ?jC$`GtS_sC%XOK)lyvC<&| zo!xVnjfg$k=GgX9n@{Jq;(*EKgiCLn!gk}89yM3GZ^^aK%HCy%RhpBZSzuRXyUnsw zX2y8hC?Cr;-p*x3>1=2F>}^e)yG5o{P{JKtM%XSA#p%u&$okh=h}$3CraJcl`As6u z*@@52-eq;Hv-3J`Cbb}|cr2Tgdtp1t`1?!G-~{XR#2;zgBSq|t8{`U9SirY?b}I5t zH5xm|L+t+S_}Jf%jZ^b)*Rx=H7VAA&{KqLovP+7clP%Nt_JpD^=g=?*d89q_?A$#^ z3far;LCZm!dB@w63Z4}!S1C6uw<~{E9#zBb|5Rm1Wq)PJ>khj8jaBz77S%*uI#ED zs$8q#yj5JN@~e~!m8+GnE4M56D33VNon8ZFXJvn7x^kj&hVnY)JxXsr9#QuOaK8-JDvKBrcCoP$z}5R zKIUY;(LA3g%k%ig>kYpBsamE*nSN#R%jAa&iX-g5OoF>`biyYq_#`t*sSCU@jq-81cDt8oI4ek*}2)`hP|TodEolfZC8Q&iFW_TLU;N$GhEj5 zxI-(w@n}|%mBqbrQ9VAh4>!f`t)??B8=q~51LxP~$$6A#o3D_M@lAZQ z=}o`%!CYFORQLXvo!$Lp6mj;eocx^P93ChYXWOSmzU$#>5Vuj>!?H%bB?@L0736t0 zsqPxEd9o(P`p`0acgt>n2W|;%C3XlNRPn^E;c4#LEnRP=^X)!RbY_*cGO{Q=FPP1Y zmfq)TOyPWI3+!LJ_KBZ|jC=q(aLW4BUbWfG7vzCKB<$-9+Fq#c zA>%3rY1qm|<9)ppW`~Ln=;T3Hd-|*2sHCE^TYB3=$F=Wh4yG3srH_xQPZ^NhzjIp8 zW-0b3yJ(?(6mXh~(FcM)*YN4iJ35>R@`G2(U6&Nb{6LVsUJD5qFYEhCH8@ck09KaYs1-I zxBo=OiP?R?YrDI)bLknVUuv*(mn1$0Ilb&Z16pC}SxuFk!R^<3x%yNdl|MZZ=lTF0-ky~%i}wx=$X84r3Bia73i0e z)Prk9|3015y7x=z8|ahNCBR3?wyguswhd@Y2i%WUwyc@C=@C8~(Au?6=hW0z_KhvS z^Kk}h7HC!yDe~H#3jJ}o@Req)H>1v$l+=7D9C53DlZ}qxoX=fMv3;S!Z zVNuxm`oR6VfIX2*Q|9>7oFgZL{n*=ZrF*!Yp1i%iy|uY>6C6=La%v#hkaM!PKe!c< z(=@-qK;zP?fOC%LH*3zb1I>Iez{lz0Z1XB49|fyWp}XlL0hY($7AUMr}G~Zwq2EnA$B6qut)a? z^q-eLy7c-J99xv*Tw$EE=Kk4q2B^=jmFhfLan@GQ`Pj_k7FJkRZh`Y?EoJzic5R2Z zZ9TkIOP1c-GCE=Wo#Fd;{o@#-hqvcgp&WazX!jk?U4SjC|A=gCAH5^ouh{nqP3&s# zJAc{u*xvp7q@{H0!veEjZAa8)$@XTqvHt9d4bPRdO4)}Ze5++!*jq+g?Q0eH%IFST zdYW?k)g|7!LhEzCGdO!)Zu*4rrv)nd#>U3CZ|;~|+evMF9lUFpa~>_pADz#m*p4=b z)n0b*$H#j4s@v_Ads)Y;k4mrJ%NlWp_v)i_??!ieuPLule*KDD{(;7~SLu~|Sx5bQ z{dwutd%1p-J3g=b&$9k&ZvVqI+%%;&YiX3^m)QH`{jZ z)X~J5+@9m|DaNL!1#&L@b}6$_SM=BDRwZVgT^wUpIM>ttHT;g1Nm;i&ZR0q#2d3QF z+VSI*I-g#gHhY*jg7dcy*nS5btM2mXUNvWeEtJMkR58$u*34#+aBfyJ?*9TkxWslH z-ajR2VCS@Mf#IRt;kJy!v$;rFS5~Il-IdJ@+JCn6oRdqxMd7|QCqIktDBK5={D${O zcRy^Xyjtm%U#jjRWqMS-*IzG{w^4dGJkBRY`(i~q-u~ZvxxW`vacOwNqZ%&!qf@iyMAB8J5n6@2d}uKhM@xSAcgWhLA4mzij3&hwWj?i$ZPB7S?Z+y5*D+)UgeT%bm zB28`1E85MQZ$fA3Vf%rTpg-FweK*ebeQ$A5fpZh-|G@b-=fkdc&JQXw_>je_>X2Pr zT-d%@v$12xHXWH?(v-JInnmQ1X- zAe8Iel?D#Da&p9R#beC|yv^n8E`@wmkjK{u_FX|@YMRrR-EfR`=P7kSQev~z9!ZJb zy^eiY(&@ta2%26pE+;pKuTR`th>Wmv6JeLuzqqwI#t-O|8@RYThHW&Os0q8*ciTSu zzdGO}kTx3QclxK3rDUo8w0Cd$O7FWuVOE=SALln{x{GZREnDu&>xz4FTt2l(PqLzVz;L z?Y!yTewXeP&YE$4m7x_=T4SeJ-#xOO=PERzjXb0lPpg-df5F) zXXpJ9``i}jT)E1$vR#iVPpj1@;y3DRlCkPTl-F3<*?AWwR{d1!8&Y2_&hU#VUtG3R z+~Lj}IqJGNZ@#lXk^&MFLb#aDYOnug>F;6l?v5sL!RoOPt}SQooe?xXVxd#)H(aqy8)E?O2R8 z{Trp>~`gq$fk@|eI17gJMW%ZYxMEGj>3A>$6J3ps86K+YzB=re8OQIpVW7bQ(uqzb=1c@ zKP6JXmHK$=Cq(^D>Vt8{Kb89OkH_Et7E@n?`gqe{M}6ai)bF6a6ZP@dZvrRsq12xe zXa4F@KbiV?>o<}5MbyVzzai>Bpg!LEol1T1iTKO6nEKY#$6LSasPA%+`W@8wr#{~L zPvGHXA@%XrPd(~qQr{@f`bngICH3)+pAhxisgF1RQ>ouWeW&R0>-bqree);dA3y7; z&!Yas=;7(MW!gdgl!MeKRN!4d>RUw*uj$vLelzu#M%QcniPWd9iC-V0{!QxREfr7Qu;i&(Kj#JyP8h?QNjVqn9H*j=I)T)CASxj_*tR;-9xF=E6O ztL9<_go+U(B37(g5wObt`%ETnGBam(|M`5d!ck>!%;<>n{Yq7_QAfeAI_0;1BxnG+aHX_n(8G3?G*EHT;zemd3yK`MChU zyUIu0ybM3#Cwl)zfaAx9hv2vPa1∋R*PvX?^@@c!v+q!9TT6#M-CA>-Z_auOR$p z&GA=;m*B7Q;33ht@N4>Mr}cZ{I{!V}j1jJ#(Vg-U-Pp)r(+VkVeEA2n1PSOkI|%K0X_piLBm@PVy}^(d#6*%p&fn#Tvy(G@G(tz zDeocpZg|2OzoWdzuxl&o^En0YhwI9F7Jdg@SKf>88Tg*k5jvRh&Hw4sVZt}Tb>*Fa zXW+W>PQ&kmd!A z+&F~2OXy!--{2@8JA4TK#J&-0zmB@{v$+YM*)O8M{)Hd3f5e(c^$MScpX|eP@QdK< zH0dwEKjp*A@CSXkaVW=oQ^eW_!7F_s_*S?seiJ_7!xQkQ;pc18pN5}yK*ZXQ!7Kh8 z{BHP^CVT`3fB2w?cKld?2M#8@CVypk9Da(18*4az;Ym&WA^3}jMAWPH^*%mK_>r%SsA*03 z1pJw!BJO^c^vLmaPqBh9l||y8OR_ z^CkR24G+PuJWM6H|ebb$h*`}_D+E0`I5d4bnh_&aFSNtaY!k&n_UlTq7KkW2~ z`j&>L;WHZ|>W3PhgWu8{QF#q7z%SYuvG(EeN?#e?a8|_HtILZUG}1eLcnE$@Tp!+q zzv#mg@Y~LgSbK7L#h->J&(ZT7{IqlRyZ~?Nqkq+uPZ@sUdGsF~i(c^?N1>=OOq6 zJWOD(@Fu);QN-G-&Wk7D!MEvo8b08|bMUMWFG&3GFKO~uhTqVy=f;tYAK$L$A@~#U z-5UQU{0kRH)I*x`Pr$bhaDLSAG<@Qn5p}SJ=ir4)BC21*3-Dk8c72f?z4*u-0K70Y*aJ8P7;fH=y&yBV0-I>z!5d5@j^xTA>bFH2y z;FoRF^ECXbw4UeSJFnC80{ph^dR~U#^D#X)Ud8p%^$}~2Nw5Ap1Rwc$M4i0CyM9dg z{WnC^Z5p0{Cq^P_mxia|i#sCft_E-aIryEKi27QiH!r~ZMa)` zA?`1@h4F*u4Dw|^79^K*=UG&}*1-x^UJ8vkkdNH(I5(uB{!?}C3!!wc}k zeyv}>D8oti2BnY@F90W%zAyrU5+1F9sERFWmC~D!2a-{Q6u( zwMqIt{G0H}+au~8C%5O967b8v7*W@0;!nfpeRvLjX#0Z1Y`io`YZbd+raA z@LzZH0({p~HvgHMm*Fj6il{|R|6v@<`THyMFV6a-z8E^I5d8kTB5G2@P56})5fyaK z4^-0>e$w#a??u!rH2!lEJ|D66==5rT1$guKBkCGw|6<2qhG%{dQSa3F zH;!Zepb)Y4;Pmnzf=7So)BfR`ABgbVZtwgh;O39?JPki=cf{JO)GPiR{CfBW8vg}& z3I1UXFT?wPtiM0fIG**<2P5jqeH`hx%P$09_Ym_N&hjNbX&)whU?!rj((nZQv4xghu}x<+o^7)aeB2+6Fzl-$NarrJ_-0?FY8oOn(|4* zA3ms4{Yk@f@cUaj)w?zQM*)8PVVx?gNnaWM;E|o`5y{^lYx+mK{TQ$1{J6GL#l-&$ zZXSX^bqwnd!uS2^^7+>eZ^HXt+o_%u|3|oa0)Fy|o$8;Gz7yR%4L{-JPW5l`-{s~x zcv}be&k4WC%?t3&ot^4-;hWvO3~%Y_RQ!I*v;K?|=wHs}{x6UA6QT}7@Tqe<)$DD;*Ng2>gckcd8FIIe1MxVmFDMy1G++et+z) zuE}qWo%Bny*xmN=PIb9Qe8LyuO{1jOBj3VXU&nECGv{Ru?|>iu*-q`az8`+yEuAVY z^|G@jop!q!hDWp9SEFh7WAIhC(e9fGf2%wE6nyhUr@B&;zFBzr?oPFjral(oi}Xte zl2@9hYuwlxrhK06wD#fm;vMh@;hQz#`{8$95ViKQ_6k1?U-w7-eWPRWE8)6v>lAzh zzD5)OEIbGQho*cM;kV3ns+%<7TTkS^%Rf_p8r}h)gx{dy{qWPC^|-GSdud<8@T=i( z)Px^{-{TX03jQ4YBu)Ni;m7{9Q?1psuSNKVzj0pD@Ya)PUw`k^u4{C_Z(h*ze)xU= z(DPyVQ_pp(_iNhc82rK)JGJX>Q}B!rpM~%C;frwfFTMZP*V8_Icn3V`!~5ZP`0!zP z$%l`@*DUJC4O8$AA3h5ofIq8gAB*sfFLkPmS80y_cIF*dMpaz;FN(@}UD*L&+%Kv| zHSMP#o@t7zn-6k?ul9fNqhA@-j=RR-iD1-vHi%dJQ}82?imKI`_-Doc+NkHcbBOFL z!iV9>2)9`0|qUt40`R0Ugh^miicmaOpnNigs>AS1uJZaw_SB7uhX!HBs+@J%# z>MWZ-?B*f(aNOq4xVZ_x`fQsox_JVgIwz{$p((#KymW3)~(G zgipZJKH<~w3AnEOa_~pty8IR3tKO|oUm1Q9{0vR{j8kd9KH)>~JK?(Yned0;y7VRB zYLh;FY50A#pEqmLmxC|D57F=f{Ghi+wd24typ8z(+Zn!E|5V&=xGsMo_&i+O{^7y@ z(uYsL*TZ$?lZIaj=Q7>1{pR4e!6Qy?r@sJy60S>M8Gg{^`t%tc+}{V+r7r~E1lOg{ zgpa~s(4GI_JKv{IUmAWNJgdoH4t_lKt4m)2ej)r0XL$Z^ih2md?Q?U{v%n6 z-=AAQKVMb(`MLe;bG!eArzn4>aq7mP@~_md$$K1ro(MI+O_zU#CwMo!KdQz=@Zf3W zTj3)bob&# zrg1#`#{~KvK0FP-8?Kw@$ieT2AEEJIKri`(FT;n(zs|ow`J{b#2tEowSQEbqzXQ%; z?45u3Q*hn+F%4gYOZzi;*Vd67A31o-)~MR0;RX0O{ALX=!=oRHsy}GP=LY)m!%_YE z3j8X#Zv17!AAtXj#CxSb0iUOSq<`?@Y52X@M6G908m;dBD+h1AP9MGiU+=@q@J-j+ z{*QC}H@NOvv(4rwyLkw{8~#>J`c3#+@~7ho_z>ySwZAkx4cE1=9DEmC*S-qyhvB;R zRff;Ob?wWLdfTpVUm^GyT-Ux#_(>m&s!N^M>6Dk%zr$}HiK-{52fn)6cN%f)jnuD( z=is?dM%C5i!z+9NaqUe}>sg~l%w2zF_%l_0wwoKI`|g|V@b7T*5d5mo=XxY5PCw;UJ~{ZRF+DH9M?U9q{b;wpGW-GfYc=i1*oXUPvQZ`duvh#c z_}1H^%Fwh=6F!`ass&B>1U&f#u0J*Lr{UvYimDei;dAgWe3|(bP5Bn!CyYncXNAAl z-G0mP-Btb}H#eBqy5uW%`0Ly}1Yd-otBK!)$M4ef1Uv`V_J8n6AD)93e0Tvqi*BTyzH-Cfc7ft&#;Sb*vRgY+R0)E%McKiCIyM3kM>%V35&$)RH z{$!PZ$;~O&Jzk#-f4egORy($maB_Y!dGGvArTo2k0zM6w^7rCtZz!;j^f43@O$7lQodf?K<~aUs;&Wh@eq7B{3Dw1ri9N&)u%K(f&S?C8UNFN zdHGMnUo1q`{hIi5@TnitJ~X@lAAO*5eedPJ3@^dE`1Io9c2CzY=RXuvYq2xLxaJzO zTK`+&Ov8Bc1o|YL+q6A-8hr+?8{g*O$L@}*>onmD=y&<>GQ9oA`u@Y9T)N@MYy5}c zNq9`dP52~y4W9-!&hkm1Pd^yd{=Oy+zxyZp`J){CN%;Pn_zUo7;osKqGW?F|sP$ZW zuk^`zx&Nn8^<7Q)5d5&8MO8_|O}P4nzWx&MHuzU0{5RbFPa6JMmEZ5?Ir#N6cKDyW zc>#X%FZJ=4;g|SugX8i=@~1n0gy8Fbu0Ma6@QrZY`6B_p3?ApxtNhdG_dHZNzUz2r z<@d`u_|9KM)t#F1FTmH$MAc3WFT)>zZ>1g7`Nv+4Ujy;9hv~mG;Y08u{PP-a!moHF zst%)^z5FK-M}8GmD>OU}-}yM>Pf6dbyMA-<-Lp2Ick=?g;R%}?UvtghmBl~x{{~I^ z4aWBcA0C2t{D%BV`qsGpoAC2Xj9)eW6YvecWqylsgmH9Dczc~V4ZrxAs0s-Gm7C|_ zoBtkFk8AuF#Q%bxm*GeMgYwtaKjZsjpYvHCg`5A3s`qNboAA4zkE&G~o`B!`g8uq9 z4d3`;R5g-Ls>;=W=HTbN6jh(ow4VZeenm{lIL<4489upxOx>kPpTYS4k^^Gu0~#KJ zKinKspVq{0!Y_YWOg*LH33$9Ere34rY54G=F?F+s=impuBE~b8yz^IpZ}#D3_=9lW z{FA}>{?NnpJOsZ4zFAW~CcJpKK70b++N$Si_$D8ogHQVK0$d%T_g{wh`f!7Gv&)Bv z;AQy7H05u?2anXppMc-%!_#o%mHO~Gc-)5<;A1|#41d~(8(bf>2lerX;3*$&!l!+B z0>0)bz5g^k;lp$A2_Ig7FT#JRsh=|Zp|yH$FtEDgRWbEiP5%>uKYVOVt>HZC)xVhV zXI~Rj`)YUs{`?6s^+nC`orY&mj8*1u$%AwJn1jbpim6*Q`722L@S8Ne3{Ssa&y6O= zckTN63BfP(;U@fU__dn&6Y%yo#I*Ylr{Tw+tdBnjztV>n;P=BnsENM}U-w4pN7H{9 z2Qa_CPR~Q|-c$74gr9$EOg*iMKLJ1OO)>57JJRrb;ES5@Ir!ZjF_qAyzW_h^A6|yHtdFVdHSNm?aQ^V& zA$aI?eRvZ-4!=Uvza`*D_Quq88lHydHtPN7;B9Bc)D4>S7vT56uh#G~ygeRM-`8;2 zAMH8#4Rr2a{d)+WIxnW(-@$}$JU^yRVVvm|J^{bJKc*eOrr}4wBc_hgluu6lzcZ%3 zpgFz^@P$ia+TWLy;iUxiqsgDa#OgW!MR*Ml!B5*9Q{U92&xAjhjHyEyXL;ry-t-}T z|C5IAzA9E(f1-|D=RbJn!!h^oFEN$t*8;rzBQbR^-@W25!~X;SyM`Mq9RBUPZM6l)9{g-V(PcL{KGeYCZ;~4 z%RhY8u9$Xyqzs>c>*~iig!c2X0P`b_xd&*}Xq;Kr?b|7mzW%lxUv ze-6I*d5%9_{^66i#nf*!ybK@xU*=ym`7;hB{Oz=FP52Oe^A}?3IcNCl@5A7UFU8b$ zP51=-8MyBL-!#1c%gir3{o_xL?;QNC3MSR}(SyYEAhXFQ@e!Kk|ui*a7AI8)Vot*qg`wPL-yY=TU6CQamre-wZ6Y!Rw#?&3U z{KKby7E_06!sp-*6=U}L`rWSi%>sP!moXL7lz$l>d6?^0P5j1T++X@gOgn!Wg7-ce z)82n;!iV8pW_q4~6Y%Td{TiNzmwk8+9{CmZrwLzxUk;CIco{wpU#sE9;p`6r@6qrO z{Lsf@+Vuew-Up|f_0B*1ayZSxJmJF=@NfI@G(7Nx-hU2$nGY|(r+j!Be$a39{*5D;fArxY_iYez(tWW%w2QnCd`H`5Qs{pVg*zd=-N4-q+ObKWM^R_BYjgH2F)wQ}ElJ>94MT z!H;e>mFeX8O-xJ&!*VzT1Z<;E($7H2i5e(^Q`RbMO~^!WZEC z9cyau|1QIiguhwi-*`3GpK#syEd;*;t{cCZ@EhQrjo#@`z^7khD(m;Vq`^7Am4^SU z&D36h=HR2RHPzc!c>6EF|8@e$mxh<&PlQeNKa&3|-R;LXn*Q%Zn{RXT5d28mmlZza z<|h2Kt4t-A*@j2{67VA7Pt));y!rJ$^$!pF@B;iKA6|x=aNYRcIEM2BTwDL}+u-MF z(r?0_gX{8_fVa2n^OuHq`|uq6LLXj$Uk=x$zYI^oPuHa1IF|bZ;OA&~2;N8i(v5i5 zuL*B`gQ>s&4}PH!Ps2yyT&8*Y&%y74GmY!X3-CPr^%`D=FZgidIPQNrSs#B09);`T zH{pHoJDl;`zaLD%7vZ|{OT&Y2)bkwNgzM_J0KW+S8fX0cFXN{&e7g@fxUjw(-mVEB zf*vk(VpCdH+)#n6Y#ZgUH;PWQ{lS!bMWIhnL|m!gb|ioW%S=O3y>^bKtuE(}a(a z{!=yOlYl?$!_)BVef;O(_xbPwe8Gp8;m2R2Prt#yW&p11zeDg8oMQBBUncx+_~{y+ zfG_&QpN5}wtv-D@_$D7-fZyuF%kUW=ZZPoMZ<{{;5IoSKKYy9*Q_@h$7P-Wbu>XFL4bx0sdv zxPRn6p8DYbsq$aA`4If7h*{ZB`ZqP)j(-&Xe5cKyb@NI1l`&IYF7sXgcJmo{$+UUX z*O%AJZT}1K4c+ud68`WSZeK67oWk!NdTf5Yo43QSTCYE!_rY(4e?Zd?hu{aDuD>1| zh4;Z<+d%qGamPOizxE7MT_pZ5bn_YbY?UY6d;xxPuRi`3PUKtR6qDz1)()S5e?oZD z?Y|G+ai+~vZaxIx4cGY}g{zJF`J_ql@55){Tj4tY3-AfJmHv!7eJyXo|5-NAx_LW% zH(Yl;*9Tt}*YhE`3BN?jZ^G?=6#j)O&%5~~eD&G-{LR24a9#Qq;8(*BmG)nB`)^^P zVDub)`)!A>K3C8C;KM$A2tE(jrEe5|LZ6;b!Uy5H<7)<9^5F~czVr0qTS(YF^naW- zz1u&0&WHEGcjI4o9vXtToUiAj@Bug8*lUGa=sseZ-%?#cbxCXunY8?>MN4YgC>{z zal4_lkl6|;Y0B4 z@3i@c+}wn(y+l7=NWe4jY4Lx9JA4}6f2pbdEc|nBo`Y{l*!&(hFTmHm%jQ3K^D_MC z%WVF%n;V@RkMFkAx8fVFb{2w{;44>VN+QzZQP9q|d{D8h!_yZrPLP;AJ0PfCrQM^p)X#KHP{g{{Yv;AA%R) zuaxof7I*oX@bU*t_1}{I``tVNPYv1U`(LT#nbS-56{6Lh0A!!D|`Wd=%*_4Q(n9bZ-cMVgf|*UKV0^I@CqM- zU;JrPU8&(Fd}h>C0~-Gcc>7J2@q?HDG&}{L(S*;z`))Q>P{RxGAs=3bkHY^~6W(a# z{Q8;7{Q+L-3&C%I%lx<(H{p-Mdo|^gfQLS7ss}YZ4S)6)uE+TF@}EP$>ekA9h!-!w z3vg}&@C;vu&-rk}p#S_IQ>8WGL-1X2d47Rc{3d)N%l!cwo`7F?n`!+%(<^)$UV_X1 z6-%74z9dKbmmGX&&Q$k^P_s9a{42Zwk8}L#j*qg0_ugXkdu{k_KXTr-F?(l>535YJd}h?6WT&F2bRK zhSY&E`PG|-${b-=TaKl@Va0c#(5_NBG!4-Om}*gy5cOZH3RM1|YJP5~!iZ%zL&1<5~!OrGmJDbDXR&BSQA+xhm-Bx`|UGN|k z^#;3c4=zGo=1O2#Xk7{=GCs_ z#@Sv5zRUfK~qc>6KzHXMlryH0Ob1uxdTv z27K@7_}_Q0{5|oM_}jP#e^VsuQ7reIzMCw6-zxj3PtF5h+$(>*mcNhs_;c2$vwckD zO>4hNwXr$4yclJG;k=egK^nF#hv^by{HADZe1Rgq88bG%FFDL$+5Nn4Y09eBW0f0Ot)F3*rw zTB4OQc93xLs*X3D?PYqOzwAYQd<(1A1ImB&ua80E`R~2*m$dx7>=}Q5lCR76%HJ`T zzeo0vK4~wf?3KSKR!M%-dq|&*8&>a?znd(7<{tcw82-$?^7nqr-{xoi{mtR;;Jxy9tmUuyum1jI z{O}}}d#;b)7?R&l?ZMv&{=T+X{%*GXJ+%jav-nHxmA^ABe|PS|UmJbXS$pNr*sJsn zv*-F)Y5BW-5B|pS z_oKb?H?=~_FSv*NF5>Uzz4G?~%ijTe@YlPKQt#R;f5%(?HoV|peq;D+-z$H=Rg&MA z@4??3{u=kn-!9AFA$#!Gv6}nfsJT7Y?^%|=_wT{q2>w35SN>L6{tkT6zx-zLm)t9V z-+f8Or)8h?Imb!P@!!CY?fF0%Oz{fwZs#3*&{S{aJS*d_)0@|HTG#X2R&F;&8h6NW zO#Jrq9{5S+{ujPlF9|!udmjBLJG^Pl2XJ-A^^tY87umMY_EjS*cNjYxZxm;|WV|=d zJNQ#m-6=xly3TA4Zfo3*jqqvSMYxQ2Bwg#9*KB7jC^m+qXO4I2XUr?uKKZwDFEjSR z|1;HJIIl>!-um>^B}U?D$3F1O$~v&vbKOY(w;2+d@IHzEVSZ;UpQMv<=~6l+9Yg4u zN0#T=w%O?)K`)}eMbc5pUr%$EK{pwca+7gV;Bixhn)ru!d+O6E(_M9G#mcG&S(nH^ zW6v9k$V<{8S1N*7?3mYnuHG?4Om$no9vuUZaMkcS-uVbA|UR+E!aA8kDcF8b4@b>1_ z>zjjCe1favcxU@8;x8r!1d$KPm&6r(wsIeK^?E_#?&TdpKaPB>4Lci0R$km3xv^n~ zv3=Dxx)AFn;fHu9|5EuKO*OpeBfRtI*8B(GNI3MjN1_v5jvMW{vRyS-pHn4BQmT+LdhAry?`!{aMt3XrZmfb3FK;xF83N$xv zc~k`sY}`^(ft8J0o>l>)am&04tZLlyyb3fnZb_{OtZ3YF{fdBU+>%)lXlUHBYeit6 zM!W|Cja#fW1EQ1k%F9`vk|ud4=S^#W4QYR8Hb1&T+JwA>b?}b=jdmgB2anfq@!Kza zf!`rH!AiAU@>!J6d7d`YrboGyVKN5eM zcNqN@d|Lj=Q#HR5PmXsSE{B`N`IK-|ya#;3&B9Y2;TF&{KH+4ZX~H918+zU+Tra%j z5iWr~?-Neu+XK(J^EZYbMAwze6g=V)ZU#N>6K(;Xbc730CQUS$6uNcaQlzqOPM>Nr zJ8bpsm{{d5{Z8PYW@Z2S0qo9|Wdd0*sPI1ce3g&5`4GJLydC~tHy?#hykPUPn@_?s zFWNltO;`Lg@Z`U2-r?p8@c5$5H@SHW{eJl0HXn8Kc6i`FHqX~{X|H|odALlo*S6O| zboG*{c8ESlIBSii*IHwd_AJ+D8Ti|T8}}~pAoD1~$Hi}zx4QW>Jg&Mb{@a(itl>!b zId}r+Quk)&2bxo_rsI> zb*WX9x3S_|7WZmTY4Ou!`-xTT>W+W$)6!*?C10(Vq-#pTdFV6f8FYr+d!bszGW82Dh zv^jYAZQ7-H zJ-c~899vcuyI$;4hj&@eB{Dj&tBlE(#(rWd=@`PU*xIGuD(M)m*fHdgL1tHTaEH;g zJOYhZ22z#!lk2naE4!AT8)zRta(qZSrzM^6rTct|f24uY*>Kd`{^S77!8pb{n>Qdc& zH%76qX^+C?`YcoBcewc!yaXSS@Kf*&(hK)mS(SXw!jrG=QonD8&s4&n*}O(N^B#tD z)=TUR8tOp1Z8te(rNe0_?XeBJc&uyrzAw8yn&=tyrQfgEdOlSZDMo)R@qv#ojF2~t8dKO)GoK3^?K70;d^5IPf z5Xo73|84Lf{GF1&-BMo5U6J%xz3>eDaOu}(;9c8Sp0k7Hb2_)?aHU_9d<$61CsKWOyji_nJ9gRg zY`dbjo#eA0yZrffKL3qfO?e3)hKDb(%X8nni;qb>Rep$@Pr(Bh+To9?=Tbhi@D$uC zpDdt+^H$q#z}rsRaT|8|i`?T-6TOH|H&fT{`_W4t_Cx6N=yDpYJx)f@)!Vw3 z_hsW>i8qHHKzG_tp$E~$N3EY3^f0=6cUkwHSm|cmQZ*4iDt_P>)%dAi4+x)xmwfmPJo5G~ zB@NKMC{*`k~eI*yHA5^a1qO z)##GHQS=PDOjSDDujFqMJ^|K`81)U~`nO$~3yW)eOCKSZvdB@oxSTtDwlJU?( z=o9E%<}cYxJ$0bx(U;*8=mGSl;~z6C|L9@#+Wbp8y|M7TUJVgi2F5@#*RV4i>#LaS`#M)CK#<7-6^qA#8AFcW|6=y7zf_{3iyJP&u) z>mYj3p^HCxUPK9f>3EQ}E<1g~<#`d|WLM>R$cu7ZZExJjDZ}8@B=O1fBIe<>=@fky zJ^22b`5-jW7tjaL<$GQIb0ST7*oV;b=+5@ifnM^^`{aatMNPZlU&+THdJuhQHC}%A ze7a0f1uJ|6J^^1ke>(U$JpKXieoFjL!!sH#d7Xn7;jgO3&!<%ehw){ozW&8uD|!(9 zyJCOf_g&@Q0iTE0`jc>d67GXtmEZq{2)D60DI*Dx)lUw=16Ouco*!t!Yv*+`T+G;Z zV`8_ZOFhH?MxtWJ8g=EOD^;hGu1#R)nC}>YXRfvR47?`Y5`LUN1KYaPuO*(vdftvU4UeR|D$i95{lKahnNpVd zZMlbmdF7FnJ=VPqGOc_@GaZijHIAU(uj^XguaWbuj7UM&c{2o$Y^S{BI=i>x*PgH5 zV9!_A`t7dz?I&E|dhdQs%6Aw(0RNMuVFlOfn%}@Z3&2Xfw;ajwJ7U|dDcI?9+jU?U z*vZPnY2V3)elw!1@bH;G*~W7|Edx0}T-|4G|!^$)fAFu1{}^eNkJ zo!+iZZbTZj?KbJ{`mhV$)TK5^d)cM88^$hqv+ZxU-Y$n-<}#Es>o^+3E_iE~dY6n_H&y)7OL(pOBx~1wa^gR0_d{92)wFBLPXV6% zyxrgJuIJM3%kc1Rc7Hbq*YtNyM`8TGwq4*ycKNycyLRk~*jf8Wv{&ui{artHrJUWL z^<(Gg?}p(Mx7$1gcjRjfp8A5F?>p+b^mkM6fiE(DyMpp8!l@^#zuQUwTvMr|u7_Ito_hZJZXqR8L?FxFkHtZr3 zw%vl>t`EC`ui18?AA25$lD=W=Qg_>SeR{hbcG<7nc4@ucG!CU(Jl?f%Ks+YMru{Fd!+NN+caUFO@izntD~3cJ#GY=1L)yE1m_ zyZ-%?m^8hbc<KI3AsYs1bu?lwqI zX02bZudZKLI}=!~yPEqh?cQ&PQ3;nL+{6Q1$B+PH zxF#Iqnwn6xcO6>koF&}+kLjl*T&^aZGo5DhQhzJ?YmteRpLVJ1CERo++;TrnjB-mT z^9$BJqLo;!_<9MKDR!wxq+HarT`rZoBOT)})4oU28fVJ$B9gzb%d?$ul>4@Q>~i0} z$}0C3k~EH8_+j@rSe_RV@z7_{j)?IGw2f@`W$*5-8pY*9LxF4LvKYd zq1VpyNqMxR&!eBfcdJ~x>gRp>;K4_|xukCh9*5V?n}|Mwo^<7`a=x^q`l^Dhu(`m@1ZBqBPI9z*)aM5di!$uM5KI1#Xq`CMcD1c(#O$@ z9(n;?{nl+iiyrpS7tjYh^rqL+&e3Db@mlRRgkJKn??4Yc>7GaILl1lCgXnP&J&m43 z=d`(WoJ%>3p{G3TC(*O$QHT9B`aJsC4qcuX5&s?MbBDf&Uh>de=vb0vcYU>?XV918 zwU1vDz2srvFCEnH-TmeedH~&dT#TR(c<4Fw2@icr{6FRPGlL%Y(C5&z=nQM>%Gr1w z{?YfV(WRehMbD#q^)pgG9q^(foalY%C3I(f4x-OH>?NKwy844Yo*X;?uT7uCGld>R z=dfPNPl)d`=yCL`t2*P;kp{-6HTOYEyo=Zsv0JK#n(II-{~Un9r)%0b*Uh!-J00+d z5ATN$z$dEdVBT}v%E|(q_#cJ`{-|HS9)pMBP1W#xO1Me%h)=i~_<%>aIrOAYxTX_n z-;Qun&LQ-yLzi@PpilVt>xUN|;l$q%ddZ=SzY+9#AAjTUz%%vbA^zlf5kZG8{$|m` z=uG=p+DA?ONw`IL+!0RnmXjzyhc5ow(33v?df^#IIPsT2&pLGRH;g{v<8KUJbc7Rs zljtRfF8-#`=Y9Om!2^GCm!I)^%Fm&TzgF}xy4BzHb6rwXe!@H8sVYypc|W{ZvFuep$E`!l=wbNeAayKS+ZDUotJvy*($%&%?IJ(f9TUQ0*}L;>B*rFICM$R6nYZ< zeUhHpI#8TvvV_@Dkja-ahnshc4riL3H)cE^FUD z<4?rL@w%NQ)5@=MVZ6j{6uTsL@8Y}hFTLHA#9y`B|7V{5q@2pw#hZOXOFUA3A-G!9w*wO%gge_oKYG}qi@zcC2zsBycR2OtIBrMbS)ceO z;dzH&Ic}%Xiw@nYfAkXi`4ZnT?)Z#1k)D6+^A~~-z@7Q)KuJ?7`ug}J zokQ>vJSXYlEichW&@=yW>pAquOYZBjDf9skU7i<_Lbu|#yjRA}bLb^>t3Q5AeYzyw zO&!F;uaPW%hMTv+v+y{!#szNP3!ks@OWk}>{IBS))cgDDxs`wM4?kG^+vyfPho1M) zr_f6tx;!sJHMsrEp$E~oI{X_kj@!N%@NIexf4y}~=-DfoHf?_+M>4=+{u zr`>!Q9x=Kr=db^9^D%e^eu4P^vYSuA=ixsW{!O^!zOPw$ex=PHtmjg$i{gKkyPV{C z5fdJI8+sA_AF?h;czKB*Q}osKdI-H=^!>UkzY{JI|M@!`8Xm9mVm-Hxe|QSMzp8I{Q|K9V z`JH@idz?WJAJn}(Z$mioGlw2Q7u#BUqm%g2m--#ncdX+dJ&A7hhqI*1(cU`X#VUW= z&HLfugYEDOZaxgpRJkg;{Exxs;Z{H1E`&S39*>~~X z$el>CLy^?Ya=l2nX$iNsTlF;7*5}eLLY0k-s_WKSYLgpc+N6xS=ogOeRx4O&Gx)!9 zT@pKB)%uZD?0jq7*mwptUwMW2XvaQ&Lbqzh*s^E6dSvC9H#Y2S>}#HHuy(PLdg#Y) z;3U$+cgwD3epTWfhEKp(SMzCI4-s$l#>NfX_NhdUoxCJoZi!L(_HK39s%pFv)tRz^ zPG56|{d3r)Ny=dcyV9xM>V~Ra^}e9W{Q^tnuzeNfw{4$|%@dXDS5B=e+1XvW9$)o; zuIu$Sc)rRHb@N_$Alj|&Ck@8Y@betMe}b2)+;sC1_(aU^k1nbAFZmi5|0d^=!|eQ% zuS&aEx(lLm$3Q%P}!4J z@;4%W-^F-x6?Q+yZYh723@z=8!0xJzm7H4jT_9X!knwaP1|H1upwfEniVW%VCuyp*TCEU&3YEa_K5w4~@d*lGTKn@0McuD#uu}^-^ zPG8GRO*vKCfi8V>ge&Ik^i5R4NpG^J^o5uhD1N(J{a)(3^_O+&^EyuZu+M+D+uBFp z=)j(OWZweW2cx?=*dr$rYsqyOyZHC)d|z1a*O_mruW|AFK=<w9*Et1C0#elx{!50P~Ck!Qa2meY1%q|LQK#F9_v=J zFPgFSVQIhBRcZV0>ZuWh?=z1it;t+PB=EB|T~E)!(~oe+Ov!8AA`FPl=yR z^?vAQ&aY&Ru)M_2H1_k)x&4&Uga5SCld1RPOpmmumR`{ma!*ZrU&6JH1PET5G{Oi@#PT*5^-j`)fy!oYbRk5`XJ|^cYdbPqe(Pf{zyhE3K%X7bq=qE}#r%7jZ9AIwS=d2woM^>G4W8+TSk=VEJ zJ^MGt!D z?dTEoH`Js{^4E)=LU)#P0zKqX*Hi7&K*lc$*BW`g)ev8y)AVUU(ATUya}4e-K{u;Un^M8lE}7r}BH=4mj~I?F(1)`{4z#yP&7?`{DkIo%Jg%*_0+F zCl|Z_TTOjl$aqHL8@A$GIxkBd%Rc16x7Lpfq@McF!{{jq$6M}is6C&{K6ev7d{n|; zWao3tozF>$_ic7Qr}X)heaM6Tc0OnI`7}832i|VybJ3m85PSm8;Zw;EpOViG^gMd1 zsyp)8506~z&87T?B|N;ge-po>=q2>K#c%85uH${bN6|slHu^-iMxd=#q{>^dh<`{-3V% zzv==RwU4Z{{EkXG-s2vRj-!Viy7(=iN6?QGzpb-UzWjpz?B=9(rve7N#BL6|M6 z3moD`pV-N7?Xi1ptrO3x%+@^x9Dvr?S4f3eUN-h zKH7gx`ee`gUeZ_D$5i&YOKsu2Abe1GCH<)t%NdY-&S01QknJa@w_C(+;=^{jW|!@p z$H=7?j}BJ+x6=0tbOjT=}~JXA8E1kuCFotmA2Xbru6;_Vt1Ww zx1hJ16T6Suc5T1$%tssL*V2sL$9vSBlD-6XmE)1)K<50rcC0*md7eh>P3$vF(ptyO zu3CHdaU=CJgnjVF9@Q=W3w8EO$APp5+2=0#$sYAez8k!q{g&)=mx0Ukh>hnZKeE?$ zW#4FtNA|f3e42C#50&hESjYY8)%_ggcr}>!%Z|GHl~(i#^kc<_cWwOQzXM)^Tm4F3 zo&TkNMeGvT4cu&(dm1~B~oj7&9d(06N2> zy7U-a&;-%x9_sW~^stAYcJzpc-isdh&=cqb=+1bD(Ua)Tcx9iv6gthkE~lAd&grhMe5`%$Cfw!ULgoVK&Uo9< zgC4qx9`?}t(Ie>2c!$vA=+1f{K_5VO)_V>;iSDfTDfAS&v)*UWGamXJdKO(SFKgS6 zaR}w_;lC9U@eW``o1*y7cP_^ddUVt`cv}_*BBB;q#7g zqK~0R?yiqV{K-Cd8FZb$8TbS|f^BU+WuLow58XJF{CwSQ--@2}(A&``&|mKG--}*E zUpimIB_9d&dGs|7d)enMFxjJmHM-=vfcF9eo1b*^YYA^B#Hvz38D2qnAANQS^BaeH>kVqo?v548B(9)eGnY z9{MbL9=*2xN_i}xhwrJGA9BpgwNOz5@K<4LwVxU;(xNTvn9^3goiXKM)VpV6J)_NYp4%tUyMCP}*%euX6Cnj|uF9|m- z@enS{cPrg{5l+%=Fkzg!x90j7P4rgu3H0Nu{%pM+z2srviyrt^k2^Mt#t>TfUd6T)_eaM^G7s1HcEImS6%I~vZdJnn-1wh?)W-6D3u@7Q+Fd)rBS z2~j~=?3T`dHT{=x6Fv{`;=5Ju4vwr{$C7l&J2J)jfN{EgZ->2SoVAu=&B=>RFYoww zIWPIxNqXe9$MvlH+~=hZ!X?oq5Av3mw1Yn0DfE5#tknnkKZEWZ*QC+29)8BqCp_#Y z(evm_{W6z% zbfyvN{K$INfQP-@7m-AF#+yS=dFWH<84rC1J&W$_Z|Be_(4F;SFo4LTJI7zLo>fG5 zmXF-$Sn|+&(dW^f=a~dL54KP%Ysw+S_hIw^`rApDRnFX(VegY8yX45WHCDamuuFd5 zJ^q)leN~f;Ldm^2{(c6OxHAe9^E-k zmi4S6`i7eLrQBsbEBHgM`yINqo`wEKhu%g5PNJVuqf0(a^a=Ejihc;~?Tq^NmVk#J zsBiyP{?Q}o7gYV#%!h~2WIZbj|5%lCJulBo3d`j`n!F?*1@Zr*`f`%+v*I6pIeg9Y zaqQwpJ$*O#BP+dlL#dTqO{U2o^U+og45@sq|r zi@md+$IvIx&%%bPvR;y|Np$sN?{*`61|EkG@!bl?aj=8qAUsm}9ohoC=o7w$12OoZ z-hVqh>BIZrc@3BR4#5LIard_)5-&Q_a7+1>dd#7R(XXrO)-ybq*?&r>?fXAHZ6 zUwHeM^i9Dt@K;s+SmnnrPWfN>ti9D4tPq# zt^C7Fa994()h~ON_t7E$vi?N=E1Nyr=^w)`gPm9TTKR|PefTVV9=;WSMj!RZzLvGW zn_q+{AGZ0Ro6B>X=HWk)@M*X`zb?-+ll;kgR{oLt^P1KE(TnJJO1RstaO`5uZFDv3 zYm)w9>{5^RsE>#pZ+U)4?Q`eG;ObXB%lqzm^m`ItLDGTU>g91HzYRQd+bVeuT+Q>6 zdn};s`6MS>)NajyYQ@? ze{8*ue<{CV>`K_lx!g(*pHeRJ+@^VSuW}JS2~Ymop6B{H5UOkt5 zEWiU#^r+jVynZ6}WBrbxa<5}tZiuX0W43Z4%KxTzJXu+HupS19A9+c9vYr(#^{7Yr zZsp^``ui6W@W5}q%T>xD4UfZLUky(`Bz|Q*E29Y~`H=OjBK+2BID1{BHhtp1j9v0c z_xN@ZJ%zqB&a>lfVIZ7GU+Q;j?k5y~?eM_wYSz!~ada>4%fj)p95VO-6Z=(3)bLg!;i zmv}}HG7dl0`z|EhIJ^j78lRv^I9bn{NAKmk6;I7LT6h^A`9sh0^ClhKpx{&RBdg(S z>c`4IJPSWc!(~0I2=AXV|t>PEv1^5+8bA z^vA5@mkWY3rFY%X96{tI>6Yg!$uIg5NeRArtkD^L^vYs`7-F;O%KCSvk5B|k{Js|5@VTUgDBkNfa zbPnH2IvnkF1|Ij}3-AFSF6&uI4VUz`^Ctyo__S0GqWAJA;|M3ZJhv(9q04idCeRt4 z*ZCPm&wJ?O=tYMvtkmCX#^v@tva+64^3Y{HEAsaq*M5_W z=o$2-`3?I%gceTVMRaHRwxO3Cx|M(Qd30TSko7FJpyz3LK*Obca_}JBSx-~wVGn%< zJ%ZlvD9<_cEc)qH-CmzH){uS=U7p(%`G?!yTF>&(Wj(9pq04$!_&K*9S@rgJ#=|)Q{F>gKo2}$f8VE+a}(=3VRSh~SnbfhZ$X~hG=Sdb(B-*J z84q2a+m!dv2hry}^fY?#1-E}$&x)hJWjS7JAK6LtjEDU+dLCW!QhOYg(Muk>tY@hg z-S#c4PX*B%9Ddr+!yfjso)t%rI_&$=v*>3#ba`%*`d7{MFaJuKN6<4KdJa9f=&r9R z^a%QCRsZ(!JAj`h<_a1$faBPW&}-0aSA6;xB|g@8i#e2UgUV zllbdL4?1-5H-sKW*OmJyJnjf5{>IS<9J=@`peKF&mEjpjIPtfLo^|NruZ0D&2_Jv$ z@S-D}`0GV4Idt)tK%YmS;=9#8+25w_xor|(!}?19xt{B(n)WN<<+)9&(dPYbUVz7| zJn80Tc(%&ZZf*ogUzP82^AJ2@*zu3Mxe3oydEU(v@KTk}xOo~LUTOP(+RbzDRFyBf zc>!Lm^1$z1s$4i!Bi}ZKFm-iMnDH)T%jJ6gB6#YE{m$9#^f3Sam&CMGd&xaJ7=(`}52^ zyR);G8UL^UygHrD=lgv=&;5RDTjlY$SIc9^lYXrHtZI2X@*MIroa*vL@zaCcSzTYg z8F`|Cd@J%y1Nlzb-$1@c_OGdL{{h+GKpr~*`y0sHk>?u7dyqSa)wh2$@+7|jg#AZ&dJosu zQ#d8j%cECn?*_{8G31@`-f}xLAfG~>X&~Pve&me2@@U}{vBHGz0{DfZj{MWtMU+4VS zy|V8_Pp?>8PvNb5n+oV{=67uEAFIj@b8l0-CvU5kcRhprh5Ra+@2HlKAn!cMlb=;7 zS9pyh&m#ASm)xa$n{wcMoLCR$O#M(^@39L((aKZR^1aC0PWH@is+Q~Crj(UmRV{Do zp#HJ)@oISo@;NKdRLga5Q^Cros^w$I<4^b8cT1&Q;WC9hfqZru{^xH!!gq@Il-}~V z2bjWZ9=r&C9=~Hd;S03ObZ=AYRIj|AtCk-^K8M_xpRbm;J`?wz=E?7_mh0Z8w3Y9x zmTy9yxAH=@d;)prGd%Y#RLf_PPa`+(d!$-EkGyE*vHL3guW;LsJk{Y#XUr3s^bei} zA5^&UI)QWAb#GG+xk-m{czx+myj{qP$Pc&X`HDBG37BVk^-(M40_V7nA)mAI)2ij> z-lk`H<7ePZB%}{tlad8Rzou(Pa^C>1@d!&WbFZZ=>=}_cnDtyVv=)HD~UvH0OY_Xhv(I z-SFLop7Y$^@_c__d~7fB6!IqdiC2%pi~;XV4RfvF(+$jZBcBVHQ+SSm z=K{FgF$SIo{~o_%n~0yld9qW;vt6G2jn(p9$kS)^y64Gmua@sco;uT$-(D?WK;HR0 zPoArm>)xjLS)TkCm2!#-rvrHr`7>90;Y+@lT<)H;+UFjSSUTWU=|T54wIzC;_b&JJ zZF=y|u?(C)t5jk3<;-9%_mW=ccNON`^Jl&LPu-J}$|=d+&x5(Sb>wRz!NfoIdH2h+ z52%#>Y}y-Y$+`B$o`YjACf}0ItT}t%y?2`9c23ITq+IWu*PMI4KsV;*M(OukbM87K z_Z-=*dycHqx9)8!UfJ95+*F0{6neRvQ2B^TrKcggn6CjeOe5hbrar&nDyr zs-ojlm3`@lY3{uO0MCwiTq_Vkjq_2k~Ya_?t)oo_w~_g;mbac|>u zX=N^UCh0imncEl5oZ_b&bE7}=(s$y4ay)b1^_JBG+hf~S4((WhB9Fp-4E^*yz3zFo zqv+$lTIbo$py%96Jdzk<6Fy$@O>%pzBI4Jgx<|af?k(>xW*$)P)4feO@Nx0%4CiTj z9{J;Uz2$WzUOH?CPlNa1m)PD)p5VEsa?c3*xj%UA6#iy`q)E?X;6?DfcoxHXX2tX8 zYM$NV0XObx{cAbg37?>Q6z&JmPdw0DULWU%d(}CtO=pn~&@=5TpS#<^bKu6^J&o-% z{uj^RD|wX8bZ=7*{OdFvV`K2(jwt6#@5Ef@@!s-!Ox7)kPxm(E!B1*}Z$3KTBIcaK z`>Obwo=^J$+_2EuYh>dz*^? zUdg9?Y3^<6?sK-PTu=V3oPKMZ$E)z&Df?g4=Uk?8eH{H7=Qk_e>E5Q!p1z8HiSPs9 z32?=Yi66eg4}qt^sirFMwf|1J2EHbMcYvpB@brLZzzLoTo=xD>;7<(Ty0>W#ye)w1 z-ljY_)l>zK?rkc72i>E4n~LB;f9c*PXI-^>bZ=7}JjfI4rkx5-a;dPl6}+>CeiwKG zJZP`(ZA#U^H-nGXz$d`d;6eY+fM>vi@v;ki8vF?XckThtf(QMzAAGI`z6hQJKPte} z^g_ZJoMcuChjxCqgBQWiu`z*FEPLnk&%x(@79 zokc#4oNkNj9&cUnZtxuVQv>*3@B%p1f64tO{ewHb)wu3$YO8_k-lhb&-@W3|y-g`_ ze>zuw*1b)m;4ioKQm&WJAE@4^I*xuG{Wn@Mdd2U%6NJHqC+e1@L)rXP`2@N`D`C99+#P#i1VI3*aem z8MCPselw26A3O?=LkZIVP^G_Q@7l9* z4|p%Xjl13UlJ=}}bUh%C(n~jb8T9<=zR^C{G4zY*`_qHmxfR?QuAPqLo}I{3$gkzM zaZmp?HWD&4w0*g@ew#-;d(q3+;gNg+d0VQsJ(4%Qg#6V&-hn(QSRP@yx2f~0D1g8U-=g>A3KNm zt|ON_+mWY`Ut{gBkshR%L@$rtF00qSeYy6BrL;N1J9$NVh8OlN1j4nYEK(? zm*-3NBhMl~0lQ+n?l^XNf9)aU`3CaVb(q;$pT8S<3b}FruPWWI@Y#fX4!J+v+QG-c z^WdN0w{cgU@R>y~b5VWw&x;@ViI&Is-?#r2d7**%L&)P7_to9s%GF&?x`DhKc^-K! z`;GsRJD1e(KX@DXhpoHuzxIb#?f*qDhhDw-n@3)3Am1;0HhJad0`U{v|B5_o<*~n4 z$y-TSZI|}B`(Im;2lu}sFCt%Q{lQo9JE8=6S)cP6;V(4iYVUtVZw|e2>G4+We?{K; zvOagb+?7|AkFsx%>>KTK4qH~@slERdz4+yQ_4mJ0;ic-xWlsn4Y2*j^?Yg(l{#W!e zFZcY9Zr%N_=yhIE8Gb4k7@Bhu;BPG1Q{ERW`EKMn*1R`Q zHwzxWs#r|Lf$+(#}2cv=b21W4?MI(9Z8c zUO?`TKly7Dc-z&L?LFb+;GN)ce*6791)cz}&$E2KcDUpR zkUOvSwfh6|SQ2}Ym&#e<)5eeSKk_v4r&#`gya)Mo1OCm(^T<_98UOn1m%p|mZ+l&z zyMBeg880>GG3nl>H27+3j<4cvH+Tj-C;Sa2|JL6Bie4hkIGFU_W%Nq>UrqcY&m;eb z;{OxKxgSoO;3rpYXz{ken>5)@0?fa`=YRO*?r!j64P5s&#jmN>*S$@hHSn$ADR6)O zl>27E)8HHBeqQQ_n)_JypqEFl%j$XIw;wz{UY-6H!P~$~@rgOv*EB?UfnRBPYV2cG zdeFU1bLf3WdUxA!b%CHMXqu zc1BBogf|;eU+&$?TSUK!Z;V%u@LBzMTVMGeCI0N<-ObwxZqg6GH4jjpr`{IheoAxC zq&MHZz9r$-BMYb&F!vh1#vX59y4IO^|g{L=awT;^~%lBI;z3BYD#Fjqi zb29rI^6z~q)0tvIOm zm67ZG0LgbFPa{8I{Sl~7_8}jAXP@&^bYpRuch7aV>k$``CvNI<{#Wu7s^x3Rd-0n+ z`5D#nF60H|hQGI3uJikH@AAxFTrD3*KK*V_es#5c2KnfeS8ivFe8nW`qz(5P|BD}a zO75SomhVFz-{#4))$&F0BRBQJT(w;HQRS@pT(!Ild3?LapRbg6;ieJfqsa4wvx(n| z{OPVEaj)kp=OdX@R_T1tziw`iESc#u=3@oi)7ZXgyG};u_f6m8nOn0M$(+K!iw;}c zN4)Us#9Y62inb+%2UmqXIi`F+`JpYxUmdI}Fc_3CBG#npBj{iQYh@QtzXmr2h( ze2bsybKdXC{d+A`Zf)kB{*qU3d2Mjv6TCU_lli*5ZoM(XpGENVg?o?mck!lnyY-A8 z-@_lHHSqo5Y49glWxnEBfVNKF0sxS#X*)rffA~ZDw~TSF{7E{wN|h z?jW|c&eP+Lj{9C$fs?BxR6!IK$qPO(Oy*t74HE^B(S^y8aSM^5` z{Qty)JtjWZx8#;>@yz%h8?;Lw<)9N+4dQ9$Bm?aKBxb$y)O7+i-FZ^lDZQ^?ea-}0<&cny~X2GwwxW~tz<@|r^v*ZlV6=iqahq)#x zdXL=K&07Fhzr{YnM|h>Lc{=+DALEsN5Z?-Z4|p42I|nNLS>9UwyTQdDw0AFf5xj-3 zeZ+HsSNd%Ny*XClhj^tQ?2(Hf4T;){C`soT=`%8YL8m?wDME={|@kx5?(s?$Swbn--lf7Q~SvN zCh|uCJQyDB;L;DqTeqhl#7DsILBCDpzVJ}~uf?x*AmR_&I}2W{!Lu9uksA7Y!JX!6 zo&(@(z=Q5N1Rk%Uzm|wOrUu>t-d2N0>#$C#p|AYkSpy#jKdS~0$J08A8u~lIdu!nH z;3@E6_^bUW{Sy`bUfG~@q4S?d!LJY=7%MdKPhl~K{2h|hqtQorJNPLr2baze;61{- z!BgPI9uM#0tM=nn;6D>)>koU!>(t6^Tu9)qCHDGYQjbYgi z`gs{M^?}-tYmPj)bR6m0`fJoXYqA~afaFg+xOA%uMAp_%t{T+&;v?KSzhgOf$mvn| z=<$`uC%vymc|3ab!KLHTi+%q^%ao_Z-_3h1`1>qQn4hcL_-vyRT;a8uw}_s~C!Ay+ z;S;>~)xc-K3*ctFZ-;B2^wkcMzVeIV!5zZ)@QVNN0KT8UgZe)Iy7y(@dggm;mHT=4 zG;eDkpE+;5;nsh?#}`iRDC)fna|?W9e|+IG#ih5-lYY3{PZm#-H*?Ivr3vZr+Ok4F zefD_n`+%&es+V$@50)F(3|o{i*PlKeL!q z`_;IguW;EfJ}tYkxcFp$0er&ZzJ9T|#(5L}c5vyzvRvziH5Q#@ABdq6|19q@PdT{s zdaLKvaR_so1s^ z+ckb*?ho0rs=q~j7CmxrJNYf%dT{CY{Ei*ny^Oray5CD$((aw=CTEF1iQYZveH0(W zjzG`kZPrnjR;-h&x%JuPYLyQRo+-Tal=>yNeqcwf_-{MDGCqCgYL17kg;Q>yzPGR9 zyiMWVymR1(@il?XSNI5Tu7rWjtMzvS$H9a4?geiHr`WFG zKfvFe;3ov|L;O7ouHw`09<^uE;HoDqu5eO&CIhZ^ORVR?s{IX$w*vA@B_BZ^*k3n> zJh9)Ck56F-ZU@-D(;0eJzr>dRQ{Av^xz&$sl~bVJ1YQofbBb`n(lcb>UZqM2KZIkjgJ zzpoybRC^``{tU$vuO8{EJ(H=SulCGzKws%m?U@|-W&DmMahESV#kU`M+aLPedwDk@ z_sYFR@D%v5GRJG%Jo+hKjfbTh$Tc1|jr=F*#;%4purE#Rne-p~oF7R3RwHL9Qe&Df z|2W^oeV+X0YWWQE_@6xf4_5Q3p9_bVT+3XcQG(^meZYI%$TIgk8P@aV$F_46KQrjfp{IUeYz#dw-Rge! z0{HpDdHv();@AD`iK4d-;(E-{uAE#>%TluqqFB~w{H82^EGX{Wwj1@kL@5K z%3eLC`rDnBDz)Dv7uVckpJ^Af2YKZNt&}^>8w>{*}=fym8;_K#3gZJ|F<0Jf?1D^`us{d0DSMzKI&w`tD!EZg{pXDur z2YGgbXCA3s2P6Hxywf%C1K`;j_#yDQ8o28JTn)TK^=ANA_-Q<&0G{Bt2?yW!lH{9_ zw>|34lh%@NMLvrBb#=_|l)ZK2^7kI(iO0P4C3{F;UjJr4c-rFkl<`IIEcnx{eV%?3 z=`bI_<$jH4IR9Wi7<0z`UOPNB<<3v_AWt2tEpNx@X5`s_vQMaNo}_;n4cKzSw*x)s zoYAE|_ndwHcJnX$h0Q(}whHf9F|duYOpkbVpH+NWe<-iUGxE#(&3vK_f3pvnx$mh} zF0YyV_ITG)R%BxR&I5Aqg7WKRtj{|zyw^JrTlROOmtN)R#UH7ww;8?BHT}+C#Mf0{ zPxXK537+1@`g*(3OEmR!hM$cO^;jrMeCvSaKGpwo&FJBO<8S}Etwj0Wf*8WKc)#=X z5}&(nE3>S80fo{*2YRU^`L;_rGr3!QuTlQ zY5mUm=<%Rk6OIo;))m5|I^?T3a3SIU;b=IuKGWIa=)|0@7UT$y?W8yQ$AqlBc#_vy%>Lb zzq3p{9q4)cb~4MhuORc8@HYNOukBRN-96}8|AVJ2zOjsN2G3Z0tc*{9&sjWE##R3p zEIw1lRsY9N^X$FD#f|^L6W}JD%!3F0k384W@BBml-;dn13u^dZ_4+gW-E(#p#iL4E zYhTL#mwl%GKb`OvU(;hH`!wIKa2$ar(b?~OL-IDsx0v;;{(CmWGl8D-?0#p3@n2y6XO_{#OnYD!dHgy3&S~P|mAn1x%;sfJ1NnaB=?3yc$g{{zyY(XD&e9N^+}FxP zS^T;E?)ho2sFrsl&sh2EtL2-J7m=HA%1G|6Yp~%ofjrIP$nVR4GsgT%b6=a5H_N{~ za>q{e5@&efbO(BYaN2`Bb!Po=I)FUWKptZtVXlF^9eDw{38x=a`?Cjm>Umx`{i0gF z8F|jie_ttAdfAG+^Q?ZSSLt9;{@b$h!WJ_kTM-Vs(91l(-`)SFzzL*>y|M>+X&fye zUqJ4>ptfA@Xky|wf!w%b?LX?eqYJ(1f3NS35#)K~_1rOzJlm%J~l}A1&o{MYq$i5f@z?m2I)A;81)kcr@ z$)J0`kFTEWklu^?ou^1IgWkF=t1oaDK#r(BviAUupqEW}_I{|gy>kBqdZTCeJO3d! z>_X4ikCnT0pHcV&lolIW$+_3SzNP*r@4Auk}mOgtwdufsEg zUaHp%mu{EGj$_F^yXBs~e&=ZM3>u!A@vtAg&i;Pq4br=^wtXi4nb?~f=yy()-rMW* z={~Chi?$D!-Yw|WX-|!yR~+>8K3iW;_gOi^UON9TqepwGI-T!CFOS|=QIGuyJzqL8 z@sE5u<(0Gl=gR%@djNUchJNRpGXFrOdE_ND!1oHceX@*4R|JiEnnftOxih8}A&{P&>k zL!P;?-$|++bG3L_p*+QrI2W~yx;+lJ-KhJl@)z|xUsilhp|{b^%<7gKMeLHh+8Gd< zz6ATEcf0s#fU5V-Ry9ALxzFm-euoizCzeC+)mH9y_MtNM**JXJ%le%^@^|c~=mpBH z8QJ$T&s~41?=IbEmAbs&`IPKi^>|%(9YD{y!gJSg=+$tS{Mp1z&M2D?ejs;sp=aAk zzVQ?3b)nb!iheVH7F+MrvzrOfk)H0ea<1%m`VaLY*XS$3TT>P6@;!#BeBtn9(1bpnQ1_UNtCALGw7xQ=)6<6HUj7VsY7 z-Xr^GdGp}Gbq%}09|1S^`}FtnJN5B{OD`98PB~l;@aG-iS>fd|VCD9h?1>Scr`&dM z>1N4&?rjCnf}41fj7R!i;CF$aWDxg1g-a4V5B>tavWGc!Zx!Oya+wBGf03!dG{Iw1vZpid|HJo3V)Sbq>R@|fx*5(Iy^akpRc&m3He^Ch0x zo1)=grknY*o%axU{tua2p7(TFsuD0W3or%arf*xxb%LP$6ZVA+0%hs z<8d25e{ktBS?%%!=D2!T%+E9zV)=I*y;J_9dR|zRZQyY^&{xOumoc{sd3^W5rDqE8 z9=UIi_`n|)76^CwQ{!=K?mW13Zws#ti`74Qh6#0b$ygF9qG#+;c_&c>w(DW@fwG@`QoeRmgB0nY%uP=OUJc?KIao7In z;L=C>_lfVP2bbPk6|a*l?Q!=S$lgQfP5v1CgG>>2%NQH_M}L!2fa1-9$Ye)>6toQW2k1VQzrrrX&;B|8$&PstAk69 z>(7exDF0~4F7<17y#{}p$M_%oDsc7h>|^{7J`GNHyYvXxeB4bnaE-@hYTz*v=Cw8O zR`7HUT;p+aPtabC$Bov&H6FJST+weIxl`kD(x=B&Q66hN?iTPqAFlAzcw8P_>rdQt zR9<@`zP-rje&en?@t5x!k2|Jta7pJ=*hl(@z%$_O0?F_C==WO2uWkWv=Ige}+%q&e z6LH1)&wZT};wJmmu+r*s`#v?tA$L0T0 zE`O$$_i2qhi=EfEWLK8gA?-x(o&~~#uXAZjA*Q0tE62Kk_JFTBcyQ@*pV-IK^(uO2tbL zdZ#?}AVCO(bFwLN}tN%d#R{#RD(ZANd+67{%WFTkhtG$lS~(X7|v zPxA=Zc-&dwRrw!$6x_eQOzB}C_*LLv6oVU%+wo>#kJ&n{R7_ca%Ul!VRYlCb*E3h% zo93mYbuFD{eIq;5bXKJvxliM98<#CEohQK8uG$2i4d6;IX=BXQch?sB z<3`!X>?JdMyU=p|kGak#SLRo_Zv?y-yi@jHIJwe2UWX-;+`%sYjw9cA^rBfGX~S9W zm;%p%Kf`Np>{#xuK`f_BllycIvl1vKTzBYe`!9B1t@z}Y%s={_XP4@QnrFjOuF`|{ zGPK;M$MOaHL({F5!#Zde(vUNTQT6gLwH5{m{R+2l5PU4 z(j;`$RS#RU9l^IhC(tV#K48u*;7{|&{0w+!(}44Fzj@Oh zy-0KVX6jw$=VkuL0kh7^<}aDw2cCN3fMd(Y@;)f~MVeZp(;&S==;e+Ya88f$hjHh+ z=2hnG;|-;=kEPd6xTRAY9NYgOUI~SAA4`?I^pfZmj~;N|P~xNAMGa-^b5z{?Bfi!F zbN+`gJ@SwGPdV@>8N~fhygR`Q;ASIQDLl8wcC4TwCvtQYUwft3KHxkJf4T8h-m@tA z0&?f%0mqbIh6lMfW+wa9f65@=CiC7Syd6A#%78g9#*b?~!!)?kqgw>@)!yv-lp z+_RZhQhVLUdw@Ukodah5rY)~!-y!f~4SX#LD*o*1@<^1Wa`lO;&G?hbJf*EqT(;=0 z?|*W9dFH6~`oC#?i=*$#9%jU!9B;|2YMw@`wfU1N>ge91;!lnro_Tc1d%QF!zA@f6 zMB-a-_;zk+%r_6;*^&4jzf|t~(fN(}ns94865pMM??4FOCis4Xrr96SF#N_0-)BSk zcER`gNPH(6zB5MZ`&a2ikBxU*KPt}kwvkSLp|~^SDef9j{xbQZn{R5v26GOZEuUp( zL<-OK>QB?(Vikiho_5}G-cjWLq@CxM%hlzm^k${^q5VesEF;L#hzCFCoc^jN{ z`l3gB+mw2fl!xLuz*{_bz`080qv7c_;~z}elXTCL4%UsgZ7 zZTkOWB))eVzE}v~Jl?t?65opq-@C4;@4jF-*z}-qR9L47=gN9gC%c+6GR%mi^m=$l z`v#oDRf3rCP7>Z~99*ztg}T(hL3@JXeb+Tn!uykGwKjk84fXwF!~31m#9mWk)h)j^ z8NRjrU$6WMy4!}2aPj9a!r!vTdlVjByan*xF@Biv7;IiOQrT{h*-gCJ%LZ7(=<3mX za~C2r@+0{KZ}DXVPJyqN&PxlGWydUUessXOP4-mw$J|CKF=TpWxyt>2`%urkV!$!u zET$buJKQ^yMebkZ?R@2c)294m>!EEiEdjH~^ceTG;_lR|2Am6x-j>+Za?UiFRORL7 z!*1kruNiRuE&zMV?Y7C-Io`OZ?At88u>t2~b=*vNx#L?SZbPd_eO~EJp;vh0fMdpO z;G^B5qI3QxTIpoK0*Cpym!8Nz%75gao(W5 zDk-xHOrE}QoHHWP_?6CNYYzBae7%RXz#Yo5x;j zm*~XZ#ajgbk$?>?1qQrS6q-l6BfR-*2h6$HF6!n-)yvLX2F!Vz{&s}mQaA<5#SK$Y z^687vYHgmqxqiN~`Lrz(--GWK-`_*{=5hC5(G0J5cNxC_X~1X0*oK3R2ZguZHp1;k zUj0Ju;j{=h)D;)qys3!+XFK0gzO?&!8I>`8N9r~AOc*JZ>&XJQuZ`MwaDfnp~@o9Xz z2(Edte}zx=Nq)MLPyW&PL;<|Y|FQ?%?|<396+Hf)0p|?mAN*4uSN5NI#(4CW)pq#S z#LYbBQtun!E_=+GdBdcJ(#$}bc=v<1y??-2b-c^#j^g@8N2ggv?Phv~A4+a~Xnd*j z%a#5TUk7*s{9kqFX3S;o8Zi3}YPoYO^7PjRoa^ejGh@czDh9R`&f0HL{AIN}_klb6 z|8;k2d?NAd8sW)8Pvd{&@xp*}PaFKiQ+0TrSTj5~W3I^Pow^(Lk^3i<-j*dz`d9w4 ze0V#*_kbssC!HO_ahKPwq4DF5M*%C}E})l3&y3HYH?{mi zto6yTXC28&x z=TGw}T*kqjW0TIegy7!o%Qv+amFuYxus_+1P!mcQ;1jd-O*6_xk75=L?3b zZOYE%}#} z=7q&Q!8>jj!8_j(?v8Pp=dj|IXYj4#4%s)0Ui=G5cU&p3eogsE^==ONvZMKiUBw;jHoB|aYBM1CCoUefu96n(hn1)RH+&dmY58+;nvwC8>LBj9cS zU5$@{&(*+1TQ6T<_k#zQj*&vce0>F4t<6dP|NlB(k@%madybv#;!*f3jHkgT1O(Pm zDZP*I#=oC*j#c?*%1_pXnDUbx;?*juOY|sR>8a<>3-(1Rzg~=1YxA`~uJ2Ff!7<+B z(G2hJJ@gat?F`|Yhp&icIN#?C-y1{tRDOK}&G7Pi)bL#q!nX;&cSYhm%J99T0iWVs zPkDXoiqxYlt+wT&$`QSt`J}Uo^c;JH^~1!yx3l9a^o;-~4HKI@u73?*zm5!4N*BlU6jt^XpGxYHfZ;1HQ0$kX-RF z{nMlw_lh;KoY8B$0#}89FdR?&d6aNG3a!@WpEPi%&2JAz3dir7a6A~or*Ot?t1NDdbH_SxVZE8B+b4%ews&E7jOI*N%|T* zW<77pt=aig=0=3yTip*4T(5lWzb8t3Jr}Lk=5vX)df{Q?>q(LL{$S$&q7XjCR{@>y zbpIj4*T{WQ<10@1Y5jKWRN~85Hz|De)CbjWo>`<$lU&enKC4MhOtF`&0dmG1x-1Fi{d~w6~+z>v+?-S4rkKb>@)Y_bGz!w(3 zk}FI{f17mgBfsEZD|ZgxA0-?YjlVzDz@4Rh5-A*SH+-K7;Zrz%JW@DbZ1`65f4zJc z7LK;uN&GJ9yj%I?6@;Vd19Ja^Z=YZ=p9I@4UyS75Ta9~9Z{S`Vp4Ua<8!&uNX~5_6 zzq`N7Z9bRIYm&bd25rAjI=At)ZML9)ZMh&m!}*7#^IhqiGf_rbvK)n=%N-@_=FKDj zu;iB^a<{CQGDp0dc+-DOI&KeGO4a31FnnXbijrRMCsnsLpUVIB(t{1(A4W?5S;Kc+ z2;V&J|1dh?`Tl&v=QQ9``01(F-;rGLl_C5V`NqcG^r|spJ@w*EW@I*hU()%e6l;~g z>G1M*W2AUE8?DynTmygFcsLQw@Nio+;r8_ge7RJf%Dy47XtV z%SQ6|&BovJ4cuw{{hCO8-G=Y35Wab$^Gr0u!||^s9A_Kw`NGkjvsTgHw&6JaXMCda za!cd%7YxVGNAmXvjlaL&z@0W6-x7(h-|*cX!l!WTK{GrY|7pVUGY$BnhGXF`j9Vxi z-`hAGZTYKoD(=MnN#}IF_7UF2n+AWj1^EhBSk2YIH-i_!JNPO;*mR zpWUz6g-Sbk8vG=ceUxWrb-5a;r8}X@vqEHJvk^~@=)%*wuhFkZ%Q`J>VNop|=5 zKX)kU{MpANTu;4z@fQz8sqb$^tF`&WN5kv;>m%_E8NTty8uQKL?p`#*%ZX)%@ALnt z&!>3M6IS16A7|bLy_l4}xX@3f%O2i5^3w@lD>ri?I;TE?kVkrB=GUNe2Aw~n=bj6* zeZ{ueNK5hfsg=xucA+!Fn^-yMaKgK*=e8Bto2?x+%3vBz_vQq(_F&ZI-;24-s=@Mk zc^Bw7ew``8J~a1OHj`c#(R0=eIxn;QzP(lokG0^VhYgm`)AQD@$(Y>Ng}iY1pz|C& z5&JmhX32g2aekd}UOpdrtqk+n^cE~nN8^L$K5AFX%{Q`Z8k}radc>3D&4ROCu=JSx z#9wpZe-z4H?&gkg-4M?HCCRt)W{(_ne(cI=F>@cKH?|@9PTtHD2c3sqd4>6QusxC= zHE7nkxcPO!tk=}m6wZe%?Z;R^FR^yec^Bctna2sOc=VP#n({#9Y5qxrCQYDWo?!R{ z>+Qpxha$`mus4zX*uno{?eCwV6F%Q?yWu+_gl`@nd>ozd{CKh9Tit+9@t`LxKRQny zbkFJga^reC7>=tVh2vk1JI`$3PNl&y-XEb8?(f?S-!nt_6pkN?#CM+ITi$>#YB;8j z9&{eS-q?5kwQzJIh2x)$J5O!kP8*KjM<+Zz&KkaBL--VqA3!HOUWN_dp~vgzm#E=5 zeaxU4-;e#|Ukk?-k-~AoxU)UP-%5}Fi%xhre$4PaC4}!^O^-|eKZIlc-@JVNe~rV@ z)*p%=y=})1I@j^lc*taogXVS80Dr37?&i%R|1DqIXPlijsP%ZmtbnFwa37Vwn|Y^O z2OT>$D@j{|KG%bbFiOdu9lqiN8pE=NZ1`4fqtsdcw-( zEa7L$lfN~NzhJpM5GfqH&|-Y4fjez^^5jT-e>DD1h43jHe~V6dynNX3t#7~=H5?01 z9d!Pkc0z2aaX8w1pmZwk^l^jcyl#G)N9n(dHw*qcHKa^G!`(OG?RG8gtKEb+e&V3H zzuLBO#W~K~34SZzTKyZrwp|yD*FT>UC4c+`t=8sEM}_B)J0tN;8oqCZ@Xh1yOeDVN z8@|KV)_0%6Nl#e*$Pto7PiGFUTR^rF6~T^1s(l>c=J_ro2w_Gkxly+3#fZYV0kNd&beroHl6g54U{QKOM+t zkmr$qmamc9zA`;2|C&9m>6HE+@pTM3AKhgiqr&5=>DAU5^FBKmF5tPW?5 z7j%N_ysMzQ6h9g-7)7r0PmJ8->jBSzpJZ{?Z?yA!6Zjms_WK%re;t+D|_Hyg}!3 z^_P!#?W?tiMf&2^esbr9gXW%7!+U}5i`RxU)BiO?P}0+S?d*#w=WM#LclK#E6uBPh zY2QIEG3cJ>DbVWq+$lZnCr`g*(9wEl{-LKsZ!dE9(0B`m6)x=v6YB@va~q9b`J8K| z3qAG9(eL*>6k)yDU1+s7pVD5xoJwNH81IMC3~wjC#_&CMVq?B}_+Ei#_H9V?;OK7AHsJCzK=xWd*~(d z@0UXOG~Rd>eBtr&Im35n2%p9qpBIU5v*A0jqjC5xz_%)re~&hNsSv(y^52ip43Cfh zIa}fP`VhV;_-5e?55F4>-|i5;{qVgelKZ+0-($~g9DW^?BWFf(-(M2)??umQ%r^nw z%1G|}sNs822;W}#^7te?{9bDKUKPUEO8NgW_`>6Njp5rE!Z!xrt0TGZ8!uM)jfe1Q zzsK_L;{;2YGtHJHh#s9_g!}kf^~w4xXyPKLtJtPVrTG#G`&f z8k}Oh^a!5^&wvk=P&a(EuQLzc6Tnr^w+#(CZ2>%nM?25o;9Mx&w|}`6Jc0fV!UJt> z*{^y&kNir>z4X|@PxTWL!-LL$3paf{cG}n3chZH5`U&wA{UF5$`et1veL{8#`Om}9 zdPsY`oXLapm@8}`ed90J9QL^8>~4K;Z?op<(BYANi~2o6zuPlMkFsQ{yv^5~! zxtRI08glW@BQIW3J#V!SyloTxdUWj5&W{D~Jowe(W4>N@xtV!LO-Xu+;?=oRiOUAf zxpN+D{LukE`m#aiD;AV4Zx49eDC1eey>uY|X#~ZA>gfGh8R}7l->lK z)$TZjb(eT_Zf^oScplw6_$c_zCj8W|zRbP8z!#s2_XD!;wS&(4N_vCph?hIz=*T}! z6tvUnLA!3koGabw^}!|YK%RL0pz}jFz8JTsPdybgC#p)WdOm&)_VC-;Sl*+dKP4YS zK8Jixz@-?advBLs%b$Ac^|$Z7GfMmBPPAH^`)C`4jq869&G7cuRfg|~5Wacb{qjhB z#~QwyLikhef8={d_S2}`0WkhQ-Ax6NdA47 z;k$jPasE&}9E-$vw&8nA2%qZVpAa(P@$twPOnETe*nO&pZ;QnD1;clD2%q}fuaCrc zrQ!Qw2;U+25|Q|xYWQvq;Zr?)L?pg_pI7*OCWKG@?Ozjf;qmcq! z_$EX6bbkIsB)&&KC;wg?!l(1|2O{y!8NSUSeEZ>hN+iBl8oqCb@O5zB-k-h@B|e^J z_&yTCHv!*Wk@$YPOW}8C2;W}#-U*-DeCAw)cu$@4PHr}Q4~Foyav;$8k@#L{_}-Rk zTpo3Q+9^6yz28uQJ=_W&t1obR)S@3SF%IzRtE;R~-nE;D?~&ui?yP4L|m ziSJ0mmkZ(B1>gCR{CoFj6n^hMzp?uc!FNI=zPB5`mtD}9FWKZceM6V;py*Z zx68j5hVZo>!T3rfzHNr@x508(8;X5vbPxo1VEfU|sPszVWh4AS<%Nrx{ zeai4ngz)J;%M^U!@o}l)dv6Gz?z22D65m?GcX4#SRruW+!Z!=wNF=@+4Bx9m_!i(hF_M3~4BtcuUpMFLJwQzp9v^@F znEZQX2;UTZUxhC`{61><;vxBMKYTYu;(Mv#JN9jj%li%%eqR`gugUOT7{WIJ-^r2q zzWq^!-x(o%d*OSKnlL>4t}}dJ58-R&!pl98_?~U}-WLC?;ro0D-zNB+NPNwPZ+i&eF8F>(O&uP;duA1WkA(0Y zg72e|_}*&x@*#Xl3WBR6@jb`zJru$>3tx96zCYb6|K1hCw*cSak@&KPZ}c6F(_c3O zP50802#=2o4PSQ%-xPeGj>Oku_^t`z+YjHhk@&vzVTIp|L-;zL%JHX>_$CZrUkKj> zd{2(V_gusG*$}?H@csU_DDm;<56Qo$ZfP99tz5LeI}+c=4d3bzzA^Z=MB>|M_|6OA zn}_ebNPI^azR!j5HIa~ykHq)gTNHku+S)k$Ho;e<V_^J37ufIp&)=KiKYd;SYBmOE=&28wZ`w z7{vWgd?UPVZyI#o6TruWzifkhK8Gih{#M=``p@++ePs8ne!Q9WL;9}Uww&{%wK>vk zV3B;DH;>$00@J^3x$c=a8sL)e=N-Ln&@uPNvrdY=I-Fmvds(NJOMZygnHY5L*SE&K z@2y$~fc(GZe{Y?a+}p+9xwo-@N$a9|-E&X6_?eXc4eXC%K2z&qs?LkoEvDrKQz*In zG_;;CH96?sN9LNto$T;2H$A)OZOdM*Bj~(o(0Pq9>Ha5wXnj={{GZGdX`P6BT$c8U zy6d+NNIp&YYTZpOca`pFDP7lK)_t|2UwAL!i}|uSceR##hJ$|<7dku&2b~w4o*8t` zt!E#r!~(%!))_n= zY-MY_TTs3AZ19cVKIj}lzq_u#*0*HLt=(qVjhmjd?{2T0xH0CSM32ui{>j+Zc9CU7Ee%M`aHrkTj7Srk^ zd+n;RXE%C<@3Q`nuhYAI`4#LuVn48naHR+B`*Eqi zR6I&Y3o`$UL9-5*bd=E6z;^H$;hnvA&>3VN&gs`dBbT>KFLO^GvFjO)|IsV{ZqUhi z{-Zq68cTBtm3WfK)4v~duD~AB2hny}OSVdXkFg{$g~_@P1P zXt~!rH)&MS6gW2tX~{kIUNY;R9QEa&q~JYa?r(eCs~3FwUHpzO4Z7zN`f#~_4*W|V zrjPg)ZfRB%iF)sFj-BYg`?!)*mvb_Z0eNvwWSwmYbF@pKM{O z+&uOCW6e3shn#09{K(JVp4FP>g7#?~Vo{p?vhP=+_I02tJ3C`TrE_21+uBQapOi~w zN;So=3BQ#?Wg$!BfN|E9`IeNAH1iVuk1^+ z-tD{?KUU1J0d*a#R;OZIS+U}#W#3-6cij)x{qMCFUH%R8w`X3wQ@qo6{cHK5^XQ?9 zbG5De(%|QK-1-RDWAl~ur`#=n-t^UnmR@1py^|7Z9Tz!Gtz5TdmEYYSTJ3H>Z!o`h zwhlQ5rQkiXOX1h~)FJ0&FWpSi0wbLo4Y_lKcl2pPj=AsNpspLo_?rUaj!L#7vu#fP);5qQiEy!2+0r1ZCLneJ$k?=#(2j5~rzQWg% zlvBM!j;ek82v<9AvSxUF~b?nYi1sPwpG!-$eL17pbz99V0C{_N05wVv|lcq1SodklDZQT;w)* zrdD3qGPj~!LAOJ(6}{X@rQYN!=}mDF8wxyfkJ@>u3x~`(1_tCmnco9m1b=fAe^~$2 z$Tw=|r8f^bM~Tzwk#G8Sfsl9KnC#KMjp^46ne!KHx>LM#sC@>W~({DY^!RUFwz`d#3o z;4DWeJ;L<_>nGs~n_F5QUNZYMXlD%4TBy=A$;@j70?VH2l|NNyZ)(--KToz3z7In4Bu-*_*Cz_EfU}1hVO+Td>UUE zjKudXm|B~cH{c7#d$7GRO}hH5(zVyWlztcQH2dn-^A)a72e0yB;!Q)&=LFdLnifOl zX^j%P<-`QvBKp_(>&@OBE2dVRzdg3iEozicck-rh7~<|je!#1)q`e=SCMTd<9_{6u z+A`$q5a78>?mfU;0DrX)mmd!C#%~;Qu2(s2^DXYx$cb;<#2a;yVb|RnSDLErk>WS)jrR{ZMbF*k`rCi6XXSl+GB+dr4-PqJYakML)vmuWw`FyI%d{fL zb=O|ZrM^fz@C1M=ca_^KYHwur4Y~US&Do$7jb>U}2&P#>)`hi{GiJwz$ z$(^=5^adH^evK=o?iq4EE_uoQRpU_=;i@vpG(PVga!!;vbKbl;uXi%WpOWu_xAT`n z&iO{J`q%8!GUF+0k*mEiy?@9#kKb~a&ghXjJ@w8@Qu@+c#9TLD*(EpA_bQE92$H{) zzB_+4`c1HuHU>n6ifZ49-0rfZCqWh2KxQE@rRe>cKg`hw%iWp$HZ@js?JlE z+or+&iM|2!zG;R@Tf zw^X}d?m49fZo;nyz8U?qYTy&#i5mC}cyA4S7kCO>!-e(C63T z@csaJ(lzHTzDc(8o7YOhk;X8SY;DZ+AD}0_eaUbQl^4WRrja0(-@fQCy zRJ9);xNf-QCaTkiU*Cp{_!TZ~e;zXDIjOwSh@Egf^}@Xvkze^i{B!VMCV$!dp!TNQ z+B4_VNvDT5zA)rG%ak)3uuX1RwQWUGgUE7^(re;=+O2%;BYc8)6kK*u|Fr27=KjvN zKfLrVDQ<2_EWfB_O;Eood>$Bb&tE4=$XHN6crM;|-xZ}@^d+=fn{UA_jrK>5Vc+{B z@x9vcefu4a`R3u<9EtCE!}r~-jrmj`JvS2HJvYn0cZKk&{$3u5Z-?Q#?WX$fQ@YYq zuO3o7D&33{zbEmH@#+!Y%{vXQd~I>*j_}TbpH8`LaOxvkMy0tk#3s!vT^9Z}3mD?)bX$9^bP^#DZm~k=g+K0K^!|r&7b(j3P zz?%oZnXkdUJ4*S}xJU6c`iR?atR?SIzI$}YnUwi0xW}u@WnST-r(SuGAr4rUReGc^ zKi&jx%}S`>N#5xi_-621YT&>ndu_gyfA!8i#yFW2hy(w)lVsh(|1spwvj)x!kUKW< zW|8~LlXkFi-W>QpRWFfGj4m$+5;ly?r^R<#gq@%g z|32RI@?mrSr_7mq!%01w$?VarCT9@JeTR7GRt!5Y=WE-69sFENJhjD!9W!2!d2@o{ zw&k2-K#PBUOO9*4OxsPy#M6U*eC2RezgGFIEr1*UgLi_zK>ixh345BW*&y#&ZdUU7QJ(%=RLwV@fN|iSdg#qao$Yxa8OW?VtkzG0$Ddej?`H66@L)JhfVUkr?7Y>u z#Qjh1QU5Uue!dUy;`c6aXYH`FO*rvUIS+3~h8Y*uT@MKXYS-QL$ug-wKPPnh%u0L(M4z_E4vj5TYKFp)m*V%`e zlUDP3{ts){d@K^*xZ!(R2%pl`|9&(|yX)O(wKjk3BlX)2Nw`#Bek2m#OAOyv8t^H+ z_1JK=`BiyUZ-H^0cT0i#hWS0s*_YadaITB;Yw?(2XS9Ky+`5-H^%O5(;9fJ&@3~k0H2D?z zE`G~Dc054&b^6$08Wt{Y=5_R&N4)LGi^xrSH}x*(SSPt%V};w6=s})p9d=@*+vt&}wad8vlo-=RN4KTs!3c_V*jUV?+4n zp_z)rx6bfA_=)=NQ~2ts*A7-X(L4IIVP_fP9GiCAf0HyT8r{=q({UGOWyjoc)O(os z>K$*4#*Dj7tsHLYG%KP^y9gZ~rI!)j>EnmZdCE533fEJLx4`&K_LC1U(QGa~L4E5k z;c{0Ve!CVxhJ<(V7Qmk*z>j1aCpn}s{WB$30=4C62-Hdikg{&gq_xwu50_H=YbX26*JJ&6t}zWw>ITPq^yC_^HFr zclg@;E?o6t;WV#2;%_|)U)6{4XV4y079|`gKL}kld(F~AshPM@I_iAZu=Ah*^eFZG z>B*kSW=H*`W!%|>zdBDJcJCJ(Y8ll!Cb_2_JO|EpnbIS?8@vF1c?osxH{+?D!_Enw zJInT$#vJWgc_ z?s<>Ii<^E*IWW)l{Qr$oZ=Z}-YxCQ4^~*Ws-7(%Zk@$Y~ z1M$s;@Xf>bb2P)}xn>OC>ECbcKIP9(MdBMUe5*qEHo^DCNPNo;-uVr}pYmk@(Vv?|lvUlwb7NdLdZOXI@mhoSzQhww#|E+2EFwZaStMa@P~vez@}6 zIByp7X1umvrOA4C5D;AMnc*!W=h%tTBYcP=P?cq&>ACP=w3rjGy21tLn z^@Q-zmu@igE~R>+&U~Ku))Kz)jT@W~iXhM)Q@zuLd^9oa{6=#8se9WvhmcA8>UyUg z6_xXevxl9LC-8@9hcW&^UEuH6OK%Fj?7*;dv&yfF+))CZ#n0M9dpu@nzJKb^qvWe6 zpw-&^=N~rCSIYMbKa0ZmO|;1O4fqs)dg`UKIl}t{SH=9_#s7Na!^7^p58+(9JUzGN ztR9^_>Kax!%H2+i@?Z6gZTFVuHG7S!^k#VD=MOud=c{-$<3@qIE2O9LDu0JI3kOf4+5a0Uwt9 zr}G2b-ZSjH!wb(H>O({@H;(??%&_x#lN+9;b&r+pQa9GU^*l;vyJYU;!_FVoQ1ZpQ zH-f&MK~*=M6-^8pcdj-6m-Bb9UsyQpkqGtu5726DUe^9dXut3ak@&V6zK2h&&lhxe zu>Q+_mUJw?k)Lh9TVXW1YuNb+>A*4jF1$@J?7I-(2(R;n%KEDvNaa!-Jf(EQWZkyd zWn{R@fdiSJ;mv-jy58LdJ_jD07u^G1p!|FeU;D_u{k(bf)&DG&M=4F1Yt(&Uhmw=Z zqZsnSZpOc*cL_`Td=+RHP&;`3%fqGhu+(;yxiW2=?JABiz$0^NM`i9}oX*Q%rG8Ox zx6F>^$(Fn<_v(Lswq3Nr%pdvtue-qG|K+tC&T->I;k5@mg}#=V*mx4YAAA&jGkzc$ zkMKqC47k62VajFPJ`Jw&Qal5`aU+@QKpxKxJHc`89`H`^bI`Gm^i?ipz|XZHU*Y56 zdGI3wxcWH-@G}Fr`Z;ai9Cl6*;Ogh3z&8YN^>gOH&ko?~=Q!UQcGwPCdgLBGwqC9p zKR@Gkq~U*-6nyd1#h+R5tA%@yuq1E%+w|*{A51yJxWG#S>y{XUI?PR8 z#$=Uy1O1-fv!j$VXQ0*EeEkdRmkV;6^6Sx&_!bi48wuf?hwl$)hWC3uVfc22@Tnbf zXC%Ih4c`Yt_>^C_M&dit@a04JlwZ$}#CP|L6@KUZd*k>x1m6jf_}*^#9tz=0k{|wt zW_Wy@Y51Pd-PnDz@Z}=$-Txx_w;19+<<}jN_;wn;FNC;H?TE`F@m*s0-WbBCapbxG zel$Y(z5i~_Uo`W7qw!vyL;QC5R2G|aDeKOMBn{vG@73oEmJ`8pYV>=w!(@+d97ttS z5&Vgyv*3LSs!vCF&7`zPG%8M1DBLo6a-N<@FONRZIPZ(t6PK)VP6i zRsGt`J;TmX^1t`UT}l4V{(^bR0KS>Oi}%uAx5|9wUe%x3Uk*FVRo~#=VN z>W3pf_eg~KiAQ!Re?EVxaei0*a4(vs-JzMgBhINafA?9#H`ahJ=x&={mF^TqncoaM zlcW5w>CUY0r!T8P1Ynu(;f*I!j@K3DFW2lQzA5m32r%a9Z&I%=V{cW^-e9}^{Le@6 zUpHEuOHbG~%HImFr$yrXD@?7;8$EulskS-_y&7fCU_`iBCO8B3TR%`R)4g8nH4GRA=BJr& zU7|AA&71B^x&0|qAGmpF1Uv_>bX+RO%*?(k9|!L2Pr3J&U*1xHv9wW2{-5D(8%Q~q z^40!0Z)>3bGI?}2-wg6M3#d_V?-QO(Id|#nJ!|L+I~Rn=c?1#biY zI%4~D@I&=)0sKDNL2fDKC`f(x~Bmv-e)dT<)5c zJ(r}6pB0XFTtnl1&Zd;}7e3Af_VyRIE>`&MLtaGwKa#uUSZQ5_co&i9E={@XVrW;1 zSGb;f_3<%#$XQZQ%~|&x^5xQMzVh4Q`R@Qa9CsGN_hqzNnGG?zeW6+lRbnx z>r1r9g8lScVqHK=zs1W^?z(s6gTe6E{7DPG>v_SPEv+=A|l zkEWbnwZDibvo54hn=rSTd0Wwx;v-JtRsn)!HXANBCz$rEG&ERb{@Coo^z-`#_ zXI1*J{*aE+MegM($HXUR(^!3laRJ<)f21$>WUoj$Mp4Q<;*fia;O2af8u@xF^3GSJ z+;ywI{=h7F3S8sFrSitNKWJXOucThrK$1WI*{HSSq;qGNCT``tFTOA3e3EY|yzO|r;+}Y) zTxIsPmDV4MSN-|y2U5-}6prgAW9O-UGONwpev{T2#BWJC{gM+O+Zh%;W*u8*$hYk4 zr)^X2H!0rLpCA1Y?(q6~<#~a?zC31x*7)XiG%papjeJruE?YG}Q))wDmC2`?7Z|-g z<=id6d)D&Z1KxQ@%6YahFaOAW>d&XaS5(wbRrZ+GOH*EdP<%QMDD%aX^Iq|JkHW75 zyzNUV=dB8#K-)z2C6Q-$ll%FW^JA5Lb`A+8H(h9-c=oQ8b69D9mh?k@K=?Cz3aP1RM-JNp2-^?Gz9r&{} zFIwJLseR&YKTA1pL(R>{7usEw73o>`3T4qdAU*iZazTX+kL=rzeER1p=Ssy_X+C?T zrLd+vp>6z6{&aqkaz4Z-7_ahAJMt{@QOUi>_+RGkC7)W5ulPp5 ze!n#GKgIaN$eE8PzSnJ!l{(bopG9xf zZT!_J4@c0O`*X@|f5MkC>%rKz@0~@5>8g4+IPO2a{?Vn^N|AbZ`72x2nD!}u-Ut3X zxwEI`s^vRc)|}IF)w&yEz0J$6Y+l{Nkisjz$wV^ck-|fdZD-heUE!fOb@2x01}Wf= z;Ck0?;Pm||hvZXwWaj^|_a5L?6m8u1%-J*Kq!0q6&^a^#5sVZ;Y)3&UQi7sl< zcrI~wK0M+)h>z>}#0Rjx+b%`JfSb=ATA#6>&aZfVJN+KLTYu`f*~FLAdQM08pXtb` zpTp+$e7`?@FhhUWg8JzgKHlNGIlP{a>)D4g^mCuZD|B34@28}-~6k57YXeYjK?F`4tB{-p0F(l|QO zz4RH!&*7TihpkO6FOk0pbP*R8ji)ERZ^iBPA^8>1cr^s=6?y+V>iL<7<34XUKCXvv z?4sxGX}{p}bw_UD2;khHu zhmY$?HM_X)8AbNf;lwkEyZ1S8oMPSQiHllYL^kJTzUMJ$;57`Jw+4PdcrOe$LoU7m7+Zob#jg?)`4JoVs2tV~$Jqac{_dzm)9yl=NFf zl&dL)`A^jC;+~IkKm60Dm@qHH+oeDKWi;p_+LfUIm3O3%o-^xhZZ5fxYq+y9fvS!>OFFa=L@`C(iF8y6{HO`w`A_Bd#dT zS@c*xd+YNP$|rnb7x6Ra=a&D({fXfGse?FnOeWM(=ZmwcRF!{=A+F*sS?YQR}J-q6tkt)Nehx~sIC%i z>7kL4QqiGyk-XJ)J~hd>OIhwc$VJDFD>S1Q=B4^w(xWz1s6$e{_WLGFegsrN3#O;VvJaUbV*lHOFrV88nZA~d>*UQmL2#y^^!v0JApUj#kP0|-d>M> zfmr?#b2L^=gJ8l?xheLWIGP;NJ_#TCj+Nh(DvqWizEu7icsEY$H2z2A^olbpi}ieT zpjJtmBh`D7zCldU9oRgl%G`cZO?@e;P+ILoLYsP-6rW*zY=gR);)#<+;+i)ZCB-cG z{aGx~TwN>f)0zJ#;nRFTc$r^)?H3#T%%4~4Ek)l>Yfj;brPN!c==zNL$QZRC zM$C_yDJk+rKous5g8?-qR!oZRK;hqF)eCXr@woda{6xI^yo{I>Ki4<2jQFHN*P|Uz6>XRKB+PN|2~Pe7nJqU{{v;qx?QE#9{XN#9&4rgQZ_I(ds1<6W%6`6?`i z8adBM+)cjel7~CDTz?h|T#$N|xI_CzhU2>&mTP=sAGYHO(d}}vkETdMyaXvb=o99#S_{3%o9`>n69Wm9R;Jc36;LxSibwYgYR|ouJj3PQm zsW+9_piXytTIqU}Wvfbe6%B}ivyXR=sPK8JmAGCPKM)a)y@oc+IFvUk;%>%jil+Fd zVRc+*e-@ARbP`R=F{h$TN~I0kg;cw%hn#!K(&JhW@PAs4Idx>UTD*&#t7zVVPjmXK zdD3y!==6euMc)7V>Q?*b+M%qBy+ZYKvLwy)J|qM-(lMv34AfBPIGv&}Z98x7r4xId z8blv~juJZNq{xIs+VXXp_mH=c<@0H`Z+P%y@)kZj%BCZ0Y4NM0UM)l4Y*mk!5x@A= z(`Cdkr8XvtAC=maC=M%Cm?*w3rS>O^y|F4QQEZJ<4=0LmiGjsN1nPmLiinIIAQd*%wQ>T-MP3 zRNBmu9mh04Wh zo?rG+PxvJbqV)fL=^S$$_oOY~r{?>e?T+(<AMGt1Tp~IAp=?Lt4LB|>*;vJS)VYGfKRGI|iu0JC`8K8IR&jn(u78Z0Nd7VG zvo%3IQ^ol)fx~M`tEa0tUzBE_A4;nisyctT;W3G7VpV5yBJ=mksG(JzPs_0X+evD7 z6=zct^HRk#Uqe~H7S*_e8tIcg)C8ZnUC~Es_eu^v$vtMZPwn!F?HtrykB`GCNp#vKFHsYu zq!VijJ}Jwe`ubvy4SW(?MWu@iD4SCWyZdx8Iw#}B9y9(#r#OEqY7KRXKDnWBtkxM+ z=8M!iDcaHXtbC9|YxoT2Td79)L{?GDalLA&j-ofMbIVzRw8p<7rER6?O{L4!J5oNx zp|zaXPDvY33@ys*ulk>AU5x&z`bXAXhtYtMjTsR(`u|jYsSJsHF?xp@M(5o)-}E5; zRTiB$NBTsOGUrxUAjSR8`+RLik|b>-m+|3;F5zC}`7yXLdQ7URQqY)9Ri@)qRhiPu znJ?uu*+_^@Qf-xD7q8PNGVc0YoJCU3;`IemeJkms$kFTXb>>L9g5jr9ZIRp$qtgGA z`p0BkeYIYSS7dWtpE|NqwVSz?&XZEk=aS?}wNi@wsq_sSb+evXdt zbTOVA>BQ%%m8xaXgt~M_NI8|)k;5Wf!Qo7g+pvbLz%6?@{m_ZLwL@_^vQNc2?C(J<*eCM8Xn37R!k zG(i{PfZ6b?qz zk@U`{S>$hg)kis!&X%Yx97T^Q<(=qPgD%}(lH4iWVM%u?8Zd0VTI4rXI zPXt8!neC+Rk=L~reAQ0BQSxe}(=n%^tiw}`W2OIVDcyOTFQlR%o$S)jF8kDDJ~5F; zD$}R`_5Z)3eV&y5M|{#foILDP6r9Z)X^~I8=@TpehVAuF>APbNO}#!Z-NyrtInCth zeB2m9&rUgOe9j8LoWpy?W~VL%-{f=ne82kCFA6wFo$&az@ZUF9(fCrWGmS6Ka4Bgg zDQ2iD8mBtbRjjt7)@yn=!5VMfBi~ulhJg z&gGSh9rczYR-fp{W7Rb2%s!Q|YKnAb{ySFvZ;rM9)L3GUUH_PV9a%a3C{0AZ;lFr< zk}oOR8FH0cq(mME%?|DE_h+9+>-_DG`sE9}ZU$X1E3qWf%^e>qx1@dRXWuHh(l5W^ z5v|a#4*BU5)Rtc5mUKIKoczqcTgh>yXk|_*HNBL`mV(0l$>O738dLZuEV zkrnAi`JN@~HYB|)srHtVG(0RR<-F)T>`-I}dmbpIj+7F^_%DI9qLi# zY~g)>lmE=Olzf$QS+3M7CDxl$IN6%S5G91w&fm(^J#pPPF47X0hv2rOc>?xUza1E2% zoiFBSr=Tk|_u}P4sXmcKyBGDz8uFw*+yLdf&@B!$Kt#An`71>)@W^nAszuLkX#f9H z;m8egD&feDd@BACK5#zJ(nYi_lo8;uR^0_ z6}k=WUZt7a&?$f43ffWsbjPgJK+$)(?kP9cy^Bi0*<9+kQS?7wYYzgoTB^AYo$-y8 zfB3}LK90=bk@rnU?RUghM;&x{FFT_d-vw-|=(|w2DSC;A9$=vOQXhli?Ek!@K6S*~ zj{3~?f3W$z^l%rA`tkI92VI7~<5R!Iik&_R&Ue()apDta6Wyg=T*^5VC-&2^AYObH zqbR&DMlFsPlLBf)g7_eyrYDG_0ktwg%!*Zu68I695BP}$%J7vq4t~hNEpcjmf_OS! ztw|7@;?*DYEaEYzqio%e*1cGIy&Rn;CY9?qH%*Q&Ph@&>SpwUV)wVS8R0=(wusEdw zfdeUT(1B=GT3}t8*pfyw`h{uifdd~k!85YieL}oN*R!R?K7N3SCfz5;(~TIa(?+^8 z8ZVAIbiw(?Qt?H_J;z;$;a%6ouwg%OCeT{GZgr2U;>))xXMl=w+>RwG` zC?9X9)DJAFFLLWU1XeTHSpPjq;Ta9saeV`Iut8BfIJe2(o#|_;ANY1kx|6lve^|a+ zS}crFk0gpI0lvAlC-!C{-^6kFKwKjVFODB83rfq65=eSaLNf8EO7q&Sr3oA>9T<}+ zCh$GEIf<K7&5 zw13G*H;2RqAFZNCgD6P-j zE`9I6f#Oq?dZU`y$R~pbV)y$goLz>(KPK&Bo}1S1nQC%Q1tL#W+%JhdQCW?vCYDup zD7>z6OZo|sDjdwMLXY?VROK8BE~-jzxPMW#A_a$4qdO0;Rts#YCO+jE#BcfEfoiOv zcW!FC)EfuTb2+d1)OMfvikt4B8~iJ4xV`Bd{%$(Vi!p(IqvPa=*azu;WnAEuINr6R z&!sD8E~PhNzKXs1%Q*QluPlrU9ElUd_?|O{9<4Xz1M)i%d-MJ{xt;w+#0SR4i-{-r zg(uRvaJIky&{A>?p9@ba6`1Ni?q%tPAM?|f?p6QMG4fg7BrnAT=EjKEaXzm59M|LT z*6Wr}Ju=U^<72;khp$C`^aoD77U?Kk@z}jCF3Yz*RV*vp@5NO4M!Ab=TBdw?0*@uD z1F0e}nYL?Ta&-bzQtqN7R%&2*s`x0CCP#;-vBUB9D>@cz{9BF%bZl|Uw~fm8O{(~~ zY`^)b@&hhkLHY6oCMBz3X(FG?mz7eTz^h!oHK_qA>X%%;r_+15mG-IcDxP# z59d#}qqt2TqC2W|5TFo`GxcTlniRaF>gQ4}lGXVEU))ig<`a{T&&aYb&7qei-}}`! zeDkFijgHdE^2y&=>jfWEdMuG%57ISu{rO?OmTH@nbZ={vPb}jcXo{YKQ&{_DdK~4r ze|=elH~3un(4&4i-cj_%%?jrd^73<#4p_hVi?q*@r!^zrSLONB9J$$7&7BvdAl;jw zlgNDc)bmH~3a0s~{LN&8Iz%4oG}@8B&~qe?_|`||8R;kjG-pV_eGZ0B#a=WyalI)W zU-dM9Z5I) z<~ejiK=nK3Qv{|t4BqE-TcVynD+s-O2B z3V+Fa>$`pqKCRTVDq@>s-_Df}p3=VEl=K(K^XEHq2k+a|DJb}%qqaI?lcQ*|?f^HS z=~DmcIJWipIQF7Dj?r^aza1Z!XxuB&IA+F+lC~?QbN9m=Xt&$(7xu$z_W2~;xuMgy z54gY46IletISgLq=At_yL#_Vi?uS=We)JS|N%niUpZ9NyVZm>#C0p(QfRbJA5*Et!saYF=4|o@pLP7bWg7zpPBC zMTyQ*E#yTJK20iIR`h_s2^;_Rs;9VC-75Rg3ExAm4DEBIQ!KA4Q}5+xCdRr?PP`)3 z+map_EJ{h`i3@e6i<{|u;=rY=twvNlrtva`cP@ z&7-(Hh2JWxtwQ2zvVGJ8JTSQ{$~Uahht5{a^Did58h3^12B1$Zal{gzqSu7K@~NjC zF~Vsg#CtTeL{~rmQ}g=nHn#3#P;=YUd?%Yy{2!a^kC-Zsn&1C-uKyJ76GS%Ne=tWM zbrUC2Gcp`;uOfODKROmUryqz&6B+iN()YXx@b^vWd)^(echo$su780e zhS9UQ^b7`_uv6p}9-isF9y%%e+EKrnxqf;budT{(ic4ztD zan$Fo|0G$5CdTQ}wkdJ+8tCmpd`XYl(;T%!6C$5DYEzu}&1p-s5q`BPUL5e#je%pz z*%~Vr(e32~v89xv@V-)Nd4iY}qZZP%e~kJdLHrV*ZFNa*F5AalsSn! zOR`O={{!D3JyN#!< zhb0EG6UB3h6r7*P>GKoS-lA!1KH?QM%d5wm<>lkevh#Se>^$BqKg5dHOYxnK?WGij ze=EgRo)zOZLX7&H8X>?9^+rH#Oc37()cXnI*;w@rHCn9tHC7zrW_cz~%}Nk!;}{H& zSFa|B74d38f_Nl>`CP6}RJ-hx(-QgNfhBIcP?+0=BGfM9_)V5R6sGBXT5%w*A%z!F zyL?w#e#$}z5|W8eD$Q%Z;dU9B7ab7KcBQ$f z(E;(6QcuQ-?MhMjH>IY>iCLx8ggEheDYY_AJQ|}G(d284`ZP{_AEVX<#P|SZwJ@MY z#)==Pnz7uuXc8)xL18R=a2uKV=^UjFRuv!e^mjVt(Z(kkYKsRKT#Dt}5N zvZ=x@N#x^7>I3qrR2o(-W#zq~NlubaJ()YG6Fg zdh-=T4*z?l8Y}2aBx;Mld44+Le$nLmbiZg!)$i(w4b`8P`|Hb}c$z7%#&$oU-%nGt zepX%eLw)gC-A5&%XZiln-1#M^0V(jUGwWo{cPOnERH=Rx^zd5}d1#xv3b#LmQ z&g+=0(uWH0vix2y}(|{=8 zAgV)sg8T-rB9a?3;EjNs%`3kM1a<_(z7zbyQ|WB<1^>XOO34=$`OPgApzm_MQ_9v0 zKTdP;^VGl>W8{2Zxg;i#7bDi5I2ZqS>P5_9?@bjSmL2d`s{E+jr8EOnzC3{$$?EYm zv6bhD$D~vz@HWp8Z%Pe(l`6jHIpUl&b~xTHm}8$`dZV14CT5iz@P3+{&G%cEB$p*{ zI9dIYCg!A&UVcgg0%KG8e(Tq1f$!7ALB8MmSOxYd>NkIX`P@17WpO`Ann8cQ>;Rf$ ze}U`!)_*j|zKrJBY1*9hMjY28u)n`+Ym zt(W7|#IxlFEKZY?xcz1(mnHBW&Dp1k=eYgyQW_BW!@XbqNm}6ZG_ix*@7FZ;C~80I zr(IY1Xd=eBbCq8%;h}YpKX8zSRt_G|m;Bs&RdWLa=ETW4u|w!Pe{q42Y3Pi;S9Rib zX3jjY-3^jz`9{IwE?(U!{9DV>hec-MD)&SZXie`w_o7Y2$H2rv z&T@LvgJSteP-c+xmK38o_JKG0tLYMIJC_I^#IK+~%Aexr(@XHeJUmrQyafI3`>hpcoZSpS6v+y=~j^0D| zt3;WmS<|jTx7f#?OObJn+hj@kXwl1$6^hoCmVUo4-u;a$XvEX@{8Y+sikw|uRVKGm zZDsH7^i>tQ%_eAmHjaX(U7n+ND@MtKbR+opfEpSr>70emT@%5swtD-xQy`a#OQ{ama6Ncl&9BPI%E#x-;##OYDL%$t6xT?- ziMMj7(pD_WlL{Om>}GU@yOZ?L4Q5v`aC%B7_nkhsF(bmYQrZ+Xazr?~L0tW)22FII z#jHf1FmUJ7NYx_Tm*^eLgi6lovN63&e=*hhg!h7}JrY%AS^Ic<1S+W;>55Np^qTb1 zjv-dq)usEOH_&}QxyN@FJ#y^cccbe^(*xah4yY7a4Z3a`%IgGHRi;gp>U+A~$78A7 z?`us{t{a@xqA5zM!>Rl1bi_wKx_Kz~`C8LuZGLe&f9_LU8UGusqD*e2cKK!J)A;5r z1#*2K(qTJdo;I$D+9TyP^ct0+ynV~c_`B3zM-KP>5wYUb+yC#bn_G_^rXCc?_3`OP zbUk)aJ!tOO(4u;L!}a(nVuf3ept?m4jP6IV_0(J`yWMOgcq~Y%stToSMdPXSnruSB zU-YO-a(dzY&b(Kv!zaF5YWivMc`lK%JADaESLW}{lirnXp%(e*wP5$_XcT&qK0Rz=2^OTpt&HfWhH{7geHHBHjDC$(dl>(pmb z+}4-ADzq0Ug>T)_`-$I5ew=iSk3KC1-xHIUuB!&SW9wXRJ@V-4fsQp7c~NJ=#D|>e4S3 z4~M6_f?m~}$b5I#4}h?rWd~_duOksQqZ#pZZj8$PTUx7 zq4-Ns?pspa`A%2Yh`Y4}t-RmeNc5nrtLYYuzB@q$dsp^}D43OMu={Z-BU!u*-C)@( z1$}2>vQIpVYQ#0C6R)CeQJGKds7;=8crs=s&A<41?{LI69?hwwY4o*@)jt06(5sI4 zM)s!JKl%`^g=SV?JGVp3%OEPOJ~+7|@pM~?2Cj|JbUg~(M`7r&bAktf=jzK! zb!n<|mQ+vsoW=a+;itZ;^n49HNWce6-vjhJFF|*Fq8yW^@h1bP(Z?_7dV)`Oh{aWP zXx?&(q)Swa#nT={4|CFkH99(8I=|41;wE#tTSuP~c-KT{N@prR$q476zH`>nzHHKd zBd?&R9o?y1R;H)NY53TOs>M_PqbJi}mWyknFq7$!4F-~EOn8!07 z>_e~j(zz2oe54EBhd!l5ztoDAFH3$}{Rb2MGvBzd`jx(3g<>bYCY#Z0rsL3?fLUmi zveYSQib;;}(Nx|Se1%H+CsiW5LS9FYp3n9zr?Hb5eNw8O`6^lc1@d#E2kGe|x~%1y zn4{`*xr-h=kD)iHwgt|l;NsXdI$`VuG^`CZRT;>qh`*ayRPhp~`4;&0`Dx-tmm+kyhBG>-jjix$j={r!{op)=yX@s^t zpVhYid~H8`OWPLfwC%d3m7D(hdh}R2EuGHOHuXtu<6hR*H%Hrao(-X;pdQWE(~`Nh zoon-VYg>3rdpDlcx|3_oKU04G&h?)ygR%17PPNk$AODX4}|8vr_&{R#9zhw zSgh{}`xZDo>hCUgJP+#=uznEiN8tQvV_tGs>il&p(L9Wm?iTGPKDYQ0q@(j?ciD;c zJa59w9omS4R=V`}b$%wDT%qG8U2mi-WAVO7XMXFcD%P8JL$VXh8Spz3)<+)v*BJ2y zu(Y4JycyyxEdO&6KPSSU)BHSDmp_uT{sr)hX>ldRv^Lv|z*|S?u>Ylqw~OGce;MMP zU`_eEAl?<0=l0oudS#v8^=Nly{C5NV!my>lZ$>=7R#zh0m-Dz4{5DvVZzke{U|E~j z-HG@R%YSzjU7kXV--q}%SfleG;@4XKLlGYi%ljGUdwUCA?h%&%D8xrwd>rCqU`@VH zApW%FKLPPc7JmWp8L&nt2l2@E=Wa_@ePE)74ZqLYk zS?9cpnlEgoEi?XGg!D^bx!ssAMf@F0e>vhSEj|MIz7NhCT%Og4ueJO?M*IuQ{}aSF z!kX>48S$;KrhR@?dizG|aNhM}HUBEYpVNGe_zqb1&ue$2m`43gh*8Yw+!M8o=f*MO;(Q|49iteF6OQVD0pU@C&}I&kIaCBb-rM>omst zB93&~C|9OO`HX(ZL*MAxHk_#Q&B)XBO^3~0rsH|A1+c+)G!L!NHhYz};rFz)^|PR# z3*GEf)GvG&y34gq_t4LQej&=04|}rm=Rv;^`dLV4mp>2sNygul{}lU20n%q8eFm)E zKkR&q;$`&q$wm3HJ?fVW-F$2((;vd<52l@ru34XRlJy0qKcXCVdf$xV`?Jw6>#^SS z_o`Sw>T+FAqt9cwwG@Laj}kddh4o^x*2%*9 z5YiXG=Im+hmd@y`8e1EybOhJLYRW0W}4RFuvs#(ej@A= z*fp>Pun8S>+8}IO*#5AiU~^%&!5)FF&{3y97q%PhJ+M#1&VB6wtu(_~XVGChp2I>oY4eaf(Lt%4ZKY}fQ-4C18Me8(%Z3P>K z9R>S3Y(DHh*udpFeO=fPY%ka>*d?$9u+9}aT{3Jv*mkhj!rlfu6!t0DnXv0%e}p{- zTcNAgZwuQO_6b_XTzu-jk@VMRBcZyDHHuuWhuhBf6jHUm5idk5?Tu%lt0 zg`EYv1onN{&tP}K%4>9aD#M!mY}*v;&xgGPwlnNiu-C!f40{*sNLX9f#3x|=%doG* zZh+kj`#WshwYuD?u(e>%f(^lThs}f?3i~ANG}wi(D`7Xmeg}I5Hh7)R_Y&9}VDE$- z4LcR~P1wz_@_L=V66{&9?O}Vs-V6H#>}=R~VZVUg1A7?Ow5M&8Z_xQxgRKvn4toLY zWw2Ml4u*XI_EFdgurI;RhkX-v73@aXA7Isux*RoNo4_6jYTgF%D`BsL?FHK(b|CD% zutQ-Vg&ha`6s$d78Gkc=ne}$NnYdX$5qgthUxIzVtSzr&X5uFIDMTM4!{Y$MonU|Yj>hP@Wn zv`-(zZ-KoHb^xqtZ_|z@UsDcKE~97L$vDpRLAwry?hx4fVY6U|!;XR-3;QJO1Xz;~ zpR+y>#^qDunrbbR)uiKKd=fd=7dPVLk^<4C}V#bI{rd^ZDgD2=n=6dxZJ? zvM0iPet93luTnT0;YAdF3E{;QejDMpD7+Ejr4;@S;bjy)jBp->V|wWFyi4Kg2rs8_ zI>PT!_&kJHQ1}XjS5mk?!tYb~QG{1fcsjzXDf|w?A5hqo|3eDrgYTs94urp>@BxIs zr?Asgm+dDCS4Mb0g&QG!l)@Jv{0D_QAWXri#cTU{Z8NWJ^S`(~ZbX}&%JztA^oWRq z{nOa~&>RGNFRWP~k<<+i#rj8JABP+v-`FLe>;F_o7K5$AE0m#&EO{>#hFh@1NccO!1@Lu4b)`!z3% z5I6Jms}MKy+MgoM*Yv!6i#UCW&RvcoZszGz&e7#BhxPRkFOPT&#FMRf3gT_Co*w;l zmzxp45b+_1UxfH0h+mBOZ1d5q|^mOAud)_@#(%K)em&I}vY-_%DdJLp-si zu5Ww9YaxCa;>{56fOu=fJ0fnjUndjC`p$^=MBF@0F%a=CSU(bRy?4@MONi@I(QzAb zebzU((tyfac#~0Q!#~E9%q@0gWtY?l>wq8j&AKzHd9OrDkl5##ivYt6k zn*EiKyOfmk@s;(=ansf-Dd*!e>s6pXUg~L6^uMIMJf&p45ERV*g=mR6*N3-3TL{?O zqokbAFIdAIx6Ss1e2F=qpRisx2$=0@^h(OpC?U6>d4AI97~2;CJ0CC3+wafx_>086 zWSIk4~4p1r@7lvgDkuJ0%hy^?bJl$xtI#zU{9ygKP{eY2rwj^BuumgHj;H-lbPT!`CxUgs5F{A}p$^C(|QIsX7AZ;wLg+1t0Iyan|3 zL(i^nN%=X@JK&*LQr;4J2R-yk%Fl(~ArHNh^7Ekgvxi>4kUkcqKgB|8nc`N8$>XELbyfyU3 zc<7asUjjY)wOx0y>s33O`WfPu=^D=BXSy&Iv&*Z+}ANqJjJ%;g&hy`)I7zrcCk zfb|}RUXa3(iyspT!AMA9|CJipyggyoqc?NiC8$l&|JojUwLSDMqm-<-+(WOmhhA$B zy$+p+&ZE9pKri5-_n3#?V;*{) zpl5D?*xSpiUS7N_^kO~AH`=3oqdm&Un72nsuXDZpuY%rhWO=dcTT*^CX>j@CJnB2f zqrPK2>e~%^@g90(J@m$U=v@Q7WDh;B?Ks{;?^@`kdFYMzDBm+4de=d(qKDoy9(ofz z^sa|qB@ev`9(of!^lpG2eaFLH?EYeoE2qkDgx*dMyFo2X-l*>h9QCz% z7v=T*MG(5vU6_afTQF2@v) z^4$Wx`W|{Y9(q$f^lpXT=^lDhJoKh{==FnM0}s8a9(pf%==F!*86JAmJoKh}=-mdr zh8}t^dFZ|Dp?5p<8hPkV_t2Z+p?3%L&h*fG*+Xxphh8T1(mnKMc<9aY&>H}~vpn=> zdg#se&>IN7#vXdJJoM&x=naBi6A!)F9(r><^aew(sfXSi550LFdUrzaY!AJ89(waV z^oquv5DC*_k0W__Z_?O&#EmWZRNsj z?m_$k*rBi^U>}7w>Bb`NW)|^p3HWN*&9Hl5e}_$&tIJsh_6*qbU^~EG58EHsq`M#S zC!qHNY&Ljk5ML?Na};l>=2|=e5Y+G#`PuK18Puq7t)%hHT&H3~mw<@E8^UNhkQPut%fuik$ z%nCl&<*~WwG~}-pr<88r;s2%jg)YP8jsev^l>r_858a7|7|^^VVZ}|1p+O)N+&^X(?RA zGsiluLmBclJ1@EQI_tnG{x`>$Q*=MU%`3eZUxV+z)q!O{s?I~r5I-RU0ON1cn{=0) zB%SfU(#o&SDb0b+hs`})ysptNvTa(mY8kB8rqh-6 zgH0Qq)u?f>ae8`-^ycYJgY_=&(>vI<$6(DHHcPKB#J}GEw#mQ!q*3F4_lAE*h<``T ze~%6S9xwkrEBNEE-*f6tNsy>9sT>gfNaE5=5H?zwGnkDj8@puq#R?Q24}-!ZsP zql+$X*Klx;n?<8rZog%)Xf(LbkinvR_x`u^?A86IfqnW6>@%qQO}85|xbMI|J$gs3 zXmk^$6O9Jm(Ywds9>#6ZojsA(kRGH<@(_khgj=INeMz;)ZGA+en|t-@-e*X!KAD5N zQ+fLn8SH8|8r*ZxAknDT;5!DA>8;JJy#`X4vTii6Pk$-}CBK7eLH`cswL<=oJ_y6&K_H$Y^C*j_^E(Mn% zNIwMWD;!VihV1lbTIsWqJ{##MKnf#7Aot3=keR?C)#!4UT zuG0s*>-5J^4&!g8j!eWFPSYuBHjgW@bq`-hM|g!BblqbIV0&@qOeV~I>3 zJYU~e4xXRlx`d4*teM3&IEw<2>9deN3+ZitJ3h`zKMLtbA-&yRcKR7s`iV$C5$Si_ zVOoY9X|dD4N-VPc_s`=eVd>Wo=cT!}lfJ#}hWVe}{_hdv^bS_!CNuEPochgPv7Jmwck-Z}KDd%5Hqv=JnC#Kg~*DMcurk z_fV~}>o%P}qqSbk$C)y;kD2o8wfcKF#pU1PwMwqg-qh%|cK$lI;{Q8TI&(aW^l)gj zHOHxF?$A$Mh9Z$0c4*Wv$Cb#H4t)*D9514IDG|gt9?fHf8Q-IMK$vkmn#T$=9!K*y zVaC~L9xu%J8O;-DJk;Z2G%qd8co)qRg&BvUc^MC$L_aM!B+}IlJEAQ8)Oc~coG{}= zWFkkD7iRyD=E=hB*U>yhnEf@HrwX$lM)Ndb_OEDedgF1*{me&u#!{<4@c!Z#Kk@C} zsHF`YcC?Ux-UOlg-8VEKU2=q6U$I`bkyY4+o=xnu2Fl)_f`W#bjCk z$(Rr+9{;{kd)GgeKG>uE;ZEZV>!%7oxH-QFyF5kYCTo9l9z?&S>z1dWlIHc?Tm=0x zs^($vZs4V9_~i0ufE%5*;CbLd_>Th*qFzRaegN0i$*ZXI&4z!Xqj?Uv(YYEt6TAZa zCxC~+O?lRXhb)~6)F52`EF4$Up;HSy4?LOb&r4nKg0i}t-KgBWbO#TiJ&n#pqYrM{ z^HcCltNoLe-o7oSg-z6m@B+_b|s@O*Gn{z7n(rghq)osWWtD`;K-{nB(H z$JCiq-Os;3Y~0xA2pz5 zMA7!b@0jv?@VuD)F$wLDY6-Ldj)8v#?JgS7MXoyzpk84lXzubDk)`y7LONfN(sC2= z;>v#qaW234JylbFQ_f}homIP>$sXk_cg@9aex{sbJ@TD|e9iB-ntYcM=X&J?^>)d} z{$k2=I)3lfE>8uI@;nHCQ=T;*<@p@tF~1{g%471KiQkvC^R42M@9*$8`SOWkaqVA* zIJdv~-C8@}iTFKRJKq`}`R;+g$+wzEz73GC`JG%l-`e>7Tsz;|9{CP|zsdJ%(&z1% zS!;;fA1LZB6TydAd^32K#gk*T&M1pt4W4cBNyLk5=Q+f=oz3q7+x2aP-wC$sThF7u z55wQocMHlh(JD_c4*l8UHxVzcoCAq-InD1C+vOaG-!Zn!8S*ISH}E&*%y!F@D#Gwj zz_>91Nw^F{EP7M}&4Yw_2K7gw+4#JOJP_m}N@{ra&UH|%<4U8DPtJsx(#?>L)! zed(4bMuacb<6a*6+g_K`dCqlOCj|a8cnmZ`qm@P^)#%!+PXo_adXA& z;>*+3qdXPxd+Vk=U0i*dXSiN(M?bdLjV@0W-JoN5f0Q$CuFkg^ofq;l61>?0&3XQY zmuJBEvuh(6F>Th^|FbV$4;eUnYpASCJ;$MJ2Ve#GIxfcH!e4WMp zG#|8b@1yJcHFUBp z9Wy@Ubl3f=1^UAQ=+w4!_=Xvmvz5imfcLa`HSnPpZvdWS@s{B4SiBARR~Ekt{11!w z0>xAlRf1|SlI)w|`x&FG>36WY(m$PtTG;dDaJrBYA zuVFWp5LdxJ3%|eH2>dzMKUK7ytnZryz-NO8@w>6C%FA0tT>G1LTT8qYeGT5ksoCA- zXX4zRS^2u0r-3Jw*E|>8oR8H6F9g3I{+EGgexh{_fe$i#z2*bJbBqr7UhuEL3pQwf z^9(?#WL=){M$L!8zZH1qR?W?JG}}E4j%foi0RH*Ai}%k1H~!q}K1bZDb?7q0T_l}QalXG>{(Re*w^!j{?O)gEg9q=_ z{C4oGz_Y>i-a)@123`Pe#>v}^&Rtr^?5(4~Gr^lde@NDoL z@OQw|hiLyt!SliMz#D)UfER+-0Y3m9yhrP_L__;%D3Rj$eVI|)Z%l20VS7<^#d&faii=4So)I(&O6yk&1f7rQpHY zn!f=5tHATX&G&+Of@jay{&%9??gY=7iSmFy44(9==4YcFCW05v)BH*J&jQa_p!ry| z&qDBm*EKie?Yl;QiRNa!{g^n914%3N_(Q|ByKIMl)*IUY5V)wI+d1n^&CPh53NGH# zTyJIiO+WBlaGoFMr8RiLyV}1OI?&bNS*tZ~2mij{`5$ZE1NFThJhWc(*=V0}#NFdN z>Se~&Dey1cp#ATH|6=gWPcw=4I+W$%Lv%zz~F9&aH{0p?d;b!}W!Oix)2L9o%wf_|8 z+zFoajpnPtM}ilC8~x|OL)*1~547`q@Z24mo982z7@co5&w&4W@bvFA?}GkN0G?5( z`686(H{!hA`(nGB^O+cW9D?}}i>HETS-ci_2;7|4q!Z`um2^Po+YKG71N?*U-{Y3V z^{Bxk6h5FtHo@tfG^sCInI$zVT%y!HHPlt}#PxFsxf3u&CfPQF= zE@u+TKi+VZpC)D8B?mnGvG(r^K8HBBL#}g~>vtu_t7R@f{=CNoEh9d3b!cAY!z*0U z7yL``Jc}PN{3Gq(6#jmiNa6F_;K$KAmBDi?-oW^;)BaV^KCQq*`I^)2>@GKehr!K# z?ZHN8z4q?_|8d}1;7h<~8T}2~pHAo8Wd(RwaGG9omoLD>;QTxUF9(c1xM_#dEgU_(|NbvV9KAt#_lVOyn1={B&mmh!5%Ji!Z@IPXee7Ox4O4<3*5r-K)OFT@585$F1*qdcZwZNTeUyo1ZrL=v7e zH2xXz4_f{`z$;jMAau<0R7U3^_$R^N^uyuA-SM`2bo*qx{wX3I-$^n$GvL1t{?v`# zWs%Y8r*-y&zwPSKef%wY|25lv1$Z8KDeRB=;00T?e}Cv~HvEfdov*=zUusUnySwZJ z4_W*N@N2g`)8p2P5&%Q{@ngQ-51^d zRa~7^5wf;dP539>AMKwGex}9G11|vYfbsA$==Zhy&voEoD_>LoEQ{X){m&kWF3%wF zpDjKVJY`h0|5)&*7JrU7??*Yv*PK^OgMZQ!TBjM#6JBxsslRR0{UHb2WhwkKp3?sL z=x-mvKLq~}{EdESaq;@$g5veFmT3PUpuZXVLHOJH;tLP`uZ!0YeHC5)?M5H|Mt?8r zn^aw&QA|fi{{uX)mge80oMnQ#KZkzP`OZW;1c`J1Ov}>#blTu9jldgQyd`*U9qqqL zyNgcXS*K}k=2x#X{&h89j`C!JceL~$Anu-@{G!X*AO7PEKcab|&`S<+E`MK3XTI^@ zAMO9H;RmDnM#B$8^PPqtj^;-U|2dk+)j;_VMf0lQm!mu}LN7ImbNLHU{>!B1rrpvX zj&8Rm@E^EFb8{XQ0zZ4b=4Lxy2Hpjnx`(@54W4Q7KH!gAI)lJxTYM<^xJ}Xdjsu@% z@k!t-z)ksQg5SG2T4w?Hc#FRao(pbt)`7R*8m(i-t3DRr0{<*17P z!A-uV-2}d?7t-Bdn05JH(yb8F{`2{?)Q2W>M=?cfy()}~%sOI(24)wwF!OxU>#l_&|k~+G;j3=GJ z8(REE@V4NlJhy>|!D;t#mwUjo!5#3&z;nROdFe#(T=4JUKiT+~)#Y3dJ_|gnoaTqY za}6)A`9g5B9e+!WuJ4=hPfd&FtH93!H}y3-7gUJ${}le$fE)jBzz0~|^uw%*(K?0j zf6n5jKP(0}`ldWS1JM8bgJ;y$I(jxth)2Nl zz~{n$qS3Ff{muQ3dEigBjjq?5;PWj00r+Z*Zw4;}&qn!o66f>h)%c#R*&tNWDB_2-&4R3S^hP^lW&dIIn(8Sk$#1qZ@C)fJeN3^bF)>> zw&3~TXim`$`bimDe=Sz@1#e>Idna`ApyNlrqu_rz{7t>agWqQHm%v9^`U}8kSUeB> zeM{#f@UJcY1^Dll&JW;~`$hMYU%}4?H`^@{2PPMw)`&y z|G@I^0KUWWzYg5#A6@=i!K;Cr^4|@9zU4n0yqo3!6!_hi|5V~q9DiTW^#6R92Sh!* z*KD}2uI`8C`_^W^NO5_JFyFT}?`zb7zxiIY@oxct^Sx-}-xmG?-(NQV*TLU>f7$r= zBhK3~e4B2!N72vkGkmb-iQr?QKX|*Iw>15H0&#whq8s|XsjnIT>+RM$ru}C@Cya8A zLV|_Jw+;Nw{_+lZaD&!qg7SO>ootlH#uG4Qz-pXhQ&h`V*ZE1;7@obwgPHw^v~{PW>I66bXb!Nd1z9dlp)ZRq4$!yhstkq*RMufCQ}HR8M-U$?eP1NaZI z{F}gkljVOgc;17$Ugq~+I)Wdv{I3O1{z3bj{o)qzCKew8e!0a*fDf?vli=AFp8`G~ z-0WYk5a;#@VShCH^}FCLzysJ`>!Gv8(%A-HI8@iGD}?sDIw_*{DM4!*?V&4}}MEW~%6Yhc4)44$`1>yJmj?FgQ;Me~lax?1QAS$qok#TL&6?_u$`iSzc#wAx_}{Ie|o z&%s}`_)hR;7C!|3rNw;>bUXiU@v`8Re~hkgHSm@eZvcLc#an_8v3MKs3E*aY>k7WW z;=RDvSvr~EdoBJDcl!jI-S6KfSY!^9z4t9{lQBpY7niE&l`H4_W!jhI+e9ws=|aw=JC-;F~S~GrdOi(dl1$>LXnAF_Ba@MQeXgz1Naz?)cn z82IHDe+qnn#ixL0Tl`h<`QWBMzXQI;;_JZ8?_abCDqa(0YF0 zG?&wR3f6h@nZ)^gEGg8?cW8wCvm>-kX1?FcPPMl*8up7 zR@%Qb{2v5QYOVR{I3A64b!eW-D(5rc`5t_;2QTp8yF7TI2R~x*=iTzqegB%ezJ1Yd zQ^A9^qWMhX+|Jp9bbaTbzUH~3Y|MkTfzIowZ`O|J=Z;o_kFxlO&@a48>kqs_Ln5^TP$83e3Zq{0H0y;bHU%Ycw6vqEpDC{ zO1I{1t|osz-=1l;&&}XVEIt4{&*FE3=UaRj_-2bg4xVfAXTeun{3Y;R7M~4XVDW`6 zPZRa5{W{O(F`^LtEg9Q!19Y-2ov*+rTKs$P9E<-F;}`S`@zlqrZM18TYM66u5bEJ zx}TeTUk0xSj^-EhT~5c@vvoO@wIAi3smnt%gYL2t{z>@VAk)vc5%iY`wP;Vbm~VGjC3eV0?eMLEAi`AxgEwc1TT z2TT6vcXdmig?@exbi{?4Bx**Bn{W$EX+`t&?J{LT2b4*4c6)9qu%hXUw~vUK*rKMVe*Jxw{gS>^o0 z)uH|3dcA#Xr|9-6bGF`Jat3JLmgYTqsR1sYkM=(cJoKvOc#TI~1RlWe1EYJ2&fvkg zE447%^BTkBHLrplte4B_dkEI{GS9)Le;nPf`oTZPYM&v*x!-oS{6~P_ZgKP6-B^o1 z0spxce*t{0#pe*`xo2a*f zIO_WQMc`W9Z_T(A*IXZW>Vli|2h*>@R==v?`qT5Pp$u2q^yk{(jV*4TGZ}qxw7+@I zu^0~@*V5)a-ti)e{IfN#=AUKEV0_*CFm5Ksmq^?`sRX*bj_2%^N4eKGVj*q znGL=HJUB%2$57vIU7d0wY?bE#c!tG)g--50T4ylykAbJ(tNA^saQr#wCnzUQ!$n2# zB&+;q5a;seKA?3LLFa7OznsWKd6JNC8~A4q)&B8`dc}?K4_W^G;h*!2_V0ss7zLg* zQFH!I0WT9>ofE&aG~4BLePL~{T=0C0zX`tD;wy-AeS-^hzV{*DPr-8*YHr?h{Myx_ z@86!Kw|jYAOtBAKG}F8T_!00h__^RQE%ms)*(y(x%VWeL_@g;RP2z69+M>(zJ&s?^ zptB1)=DhKI@TC3sxH+1B-U_^e#XEop!Hv!h;76=-_5d%mcwg{6R(Wm*4_Nv`zzZy$ z2f&3@&SBsQmX0~@WZ*b56zx2k{M~l@QMa2p&wK_v3%novXMh)in|Zuk@DP5_^g{T* zNu0m4l!Wg*R{%H1uS{#aT221^+)fyNX1lD1P6#@Ev3?u!&ByPj4glW`o`K&-rOQ2c z+2`uea|LLhAoy?KVXHk$QHSLA$v&jpX9WDq6X)}azE(S%>&N~UPlHYnzsq_nbgF<0 z{7&ms@Op+H(fOMCHUrQ3MRR?0pzi<>=kl~Y5Z#|UfoFi5etR`|$np<^x3G9$@GPs{ z27~8-Pel12bUDp4G}rrkS@6-sxjjWdm;Ay~dc`F0a4F3vW1N}ka=$1*za4_{*7WD_ zjoN=H^cO=Xl&JZA=s@oi=l1DpwS(!0L#%$d1v&-z{oNtZ-wB?D-{Cd;%K`90@JjGM zYW(qgz4UsWyTqNR+aV8}4o~h<4qVjLpx7R!y=L1&~7rqm}x8Ki$-%ninPW&GJlOFyrd+;|r_!mz0v zZ1;okpZsuZH^*kkH-R=Z>tud$iA$~mZ$O;eCx5c8uO2;wxQKXJ+AqQ{>2V_o{ym|S zGhdJJn068qiF11f!@50-&iCLy?xE=NtRT+$&b?D}GmdS8f6%!!s+_+=Ukum!St!rh zbU@*H1-t0-mje%j*R=8-Ox*1ccVFgu>fD8R5dQf)b^E^roni35{lG;osfTu603P~G z`PFv-V>JI#JPR)_UZO)jB#KMan{LLt+)8v(mLr^#Cf}mclCBJ)L8sMoONDVqT8W5 zcnylOPWB<)58nho6Fi7^jsb5D9=lYxkLf3E!B?E4c`f+&0}mh69J`}Y=Z>R#KivWUJBf4q7u3?nqo7}}7)qS=^FPq-um212B6LJY zJ@XTQPA>e@Gxh#u+Tk1UAnyCz2LJECvzBXRWGjA#{?5L-Ui|wxyws;+b2&o`bU!i2 zoo>Y4_Q!leigp)$iF5hK4bwVi9C!eH@M>x(TFiEw2i|*y=KGGr$(1xJp4CwbEUV};+Ow-t5&&)fhL1^K_C@+edk$FM3Znq?jMH+D~Pw1G|FAv@g z{!_bzT=Eh42=FX?FVPP^4LV7e>2{{+EO+^wcvN} zS?XL}em(jLQIU8JUy3Ne_hZfe*o-)rKexXwzd0`41fA@9y1r)n-VQ$emXMocdF*#D zKqvEQy}w_IcAf>E*OVHTmP#mpkgCb$%)@se(H%r<;#{5_K?!L|aR1YHjNuk81r9$Tz7y`pH6SC|Z!MXiJ>)4dQ!=Cg1zP)7xwPR?wdap1DEux1rCUO=F$H z_PV~);J=8t+aFfxd>;Y-gg75B3a07fh3RjH;GfGCrzPnAr{7PZW@r6f)pbeqUN1xj zc>Av}c0Kub0(copobwHK(mMYiU4I@p<@EmX<9GXBqg}RXk%Ss45;83kqEShym=cm? z$P&VY$W||e>|@V9Z;~h)TV)@;vu}eWTZXqK*?!kK&&T=vbbr6!`J;Huv*)?ab*^*n z{hoTl(PDURTl)|D=+7v6-u}byxBRl@@ycd&6+x6x?TZHWJvpdX>i4Ev2!(Jy~M>votI?s0V=5AW;V4gZ_q`EBh#?6W_7 z2|Tl2dDsU2nQ<3qVYtR6_`Am>9nUt_eq-3qy2lA!yNOQf?|6LNV|q?sJV-ua9hiiE zNJ-;z4f%1?)9EvNs-D;2b1VA%uJ#}HxgK6bU+ORaYv3E;-@G-z6ZOu9!_w&d6Yb(yQGM)+e`R~+;aw|9_qiQ?sbYcI z=M4CL=u2O!Uq}0Iqv&b$(QxIb1pgX+ae@7Zeg1B$FB;kIpX*od6~&`JE&s+{{Fzw% z?)1LXms@FE!n`;h{miCmZ`@b*(KSK;t>%%cD2l#@r@mKcs{8*)U3Dt4tQm->Sro>m}}g} zKUV&E;=CDsYLW7=JNzN^Y1RRDucF7%=bNb>!unYHPyMyi6#nxM`s_-@^AmaA z(PS?E#2nS1pG1d zm0HR_O_FoS>rCA>ep&F ztTQw4slQAG{w@?Q`AOnC03p`JVsUkE?* zMEUFje-obBR`p!Bw!T;gf9yHM8Rp}5w&1vSljBt(-{3RcxbJW5IO2GCX@cfgcl4*i zFWg^sbuRo7_=qDEXE-nS34D3Kv{$}>zS&r{yS}!3uBfXo`oUj|tq(`SYj__*6`!ne zzfLaEIPL_$!nm)W*m1`*@KS93e-Hm6_seN?BKsX3e7+KCjQ`*8(_T}ar^AmqihQ=# zxTN8y!)t${{OnCVTx{IOS=6|MdUy(6!+vj=Uti->?kN9;`2PUUq{PE}gEtv>$47~# zGrcnSG#aONtL;^9t?(IU+|7%$Te$2K=IP1CU7bW-wC*iKe*yf)XEl!P;MW@W$M5IJ zr#<{pDV6B_?L)@AraS^0Sqc1w~hNechwf^T=?h4{dVdif0!qY25WUd93^!;d8ffm*;4tZBXo^DvF{N#$BGn zdkB$7AL3K`RQU<><#*#Q&U|b6*X19yK1RIw%$DQc4IXja7xq8L!gF6q|2jT7<1YT1 zztwJ-zc(09hT#77_kYmmhpW!F<-29@)Oz{s0WZUIY_D6w-!<;~Rm1*jShs(NAN-TX zy$kC=*R0~qZj%45_?!c;E?~QWej_|{fchKqmYk?|le5K};nUx^%R^?f{Iv?%d-aXG zx~k+=SAEgXLSOw(`sVPb;H3@X4dAPdyZ#pTSN(LTr7zw$?&{>B*zw>G#$CJZN2}cy z_|%>xpXz;SPv*c|7^BB}8azdw z!+LugJpGvR5a!Do<1Pc5a))D^+ zeWIoEe+K%0;D7F^%yfqDK3VN1eo(twMeS#N9k+F+nyVp!G9ZTVMQweiG|#m|xA0lYjKVFfR=2Lwk7gQ0@OL!#`=<<+;_Bs#}IP z8UoKBFWwFPc;i0LT+a%1bt3vKK1uXfpuhZv!JcRpilTdh&p`)x9@d!`@yRfc0{_6c z%Ugy0y3nun@N!!D4Ei09SHB9UD}L=QMA5OvUHn};D4zAiInTH|uF1uYYi>5~+Ks4N zjk0M^u-}-8n%TBNpD>TMGw$d0PwLkQzVBt+<+(Ue@q~IFi9X#(>tWa~&o=JjOunKx z_hMicpwAvA|3>(~j=oY`b+Q-yWAwQd2YON${w?~5{gAL8)}5mGbF4E#zmIVj&-FhK z@DAZR+GO;lDe|v}|1H6XTO!uE5mu+(Z*e# zFMLMvY=h52^tmZp>R*Ick5mPo#g1SZUc-F92%nFQyYWiLj>~>A?%GXp9u=D?F;#JH zyh;7K!b-+{IvRKSa)%-Q|5y1x?YaT_-V+9T@-ln^`ci|To`iZ>ioW=b=5Jl{vkHCt zHq%rFgWr6GeIBuD|8`x2(?^<8ItPnUMC*tMPv|=m$vO z0sb}mb=wW{ZD(e3a^~F+N+Jtau9Czwv*^oA42tv{&AT{vhLSe2cO3%vUEEKe-b;VsvZ z6n$lw>Y*X}qv1K$rLcc{f^k<5TirL(E5rOc%ed=r@)Wfj`gI4qkWrjn@ZSK>xeJ~4 zSp#ozy5g^?m4@iAw#Hq%i;hyep*}ksckS*uOXCve*Kp(RIAvYzIOPQNIqtIx`*_4lflH0MIHS`PPZIz8y^sBVJ?C}9_%6dIwNm3! z5B&$h|7-C%@D_H$!JP-#miL>1qi)7sJe9ju&#&{vIO8s#U9M7p+rm#mpK%wy?K2x* zgTDB>>OT*^5nlR0brtgeE7nlkSCmFE0#@V~&g+pbkOuCeLqKX;%nuTXzy!0*Ms;4VzqC+q)=qW95f+>HVD z(bmDvZ`lIq+Kss1AdJf-<1U}kJMy1HU7Z21Jv{Aw?(=^}(F4X^ze;1(uWs-a_$NNm zcqyxPUE9jc`A-|QW&CO5zTOI|hj2Y>Iy^s84h!(V1D-ftJgg6I;lD0+|AxD5)wMgU zhceK%fs8tyqxchP#oq@1e#V{t_}+s&83vzd+{IbmL-||{l;Ctvhx&AnR)#a zJk|XWuT-z2XmjxYL*p_RpQJ6+E)S)L#T&y%!)v%MoPy7Tui-c%%*W@AyLb|RY8`7w zy}fC?qs^rEZnZ+PPeXjxqpz;Ycw(n9{ilwdh;Tlu8>y~_;j^Q07iawwH14~gpMZYl zTJf3aXQGcd-_;uZ1IGP%%Q~YxSp6gpY;m=mgg(Z)819P9ms!w z<1Wq$`?sNpJnto& z=n~_u4hyk5ybYh^ud27L(LZh6t=lPnuTZlridLg9w%@Ydzu@^F6@MRmM$cBie%+{i z_9D)U;icGpSyvkO{jIC<8i>z2c>W+o66R6!3#G4eKX6<0ec?5npKJ-AZrtU$CU)P* zYCXdph@xErrrY`ktjpBtk5Ps4vDyy$K$v`<6)yId^){3PY=0rZE%b6o$@Y7j*y zz>5bco@1T?74{* z@I3py!G9$_N9WY99q@Sunn(Yqx z&yB`iJ#0Ks?fz3+{AKv!@3lT$j{axkt`4(LsSbC7?_dJwpSweGJ^{}dcm5gHu_XLh zp@!+uVvlTV!9t^Xe!>>awY?rp-S_=74fhkx@c6zBLg z>Q}CgzBmP5x%5B}!v65B@S523JI@*S@!zQU!@T~;xZiK7uazWCyFYl|GHM@t{x`ak zdizK9zli)dH16kn?EK6Q=<~7bVqJ~9Jm;R*aaIr7?G3Ls6}RQre+I&@d|!F4MZ1%O zp8M)YqrVg$zu)O*<1WrT=QFh`M$zZ!)1Rfi!yOG|)bJ|B`A8ql)3CkkV%*hF&3~2u z&a~SXp1(yroaa0~=u1Pr^0_wp2cHN2zUokWvr*Jwp8Qisiih=fKX~>F`6p@jK;v${ zSAVtx8T-_QABDdBuJjMUr@~9{dhoM?Kj$%af!`5){*h1EpLq#h!~J{OTZ^LKjJxr@ zvXJ%;9r39*U;R2Nc0O$f<4#|mt8ssd4(xB-jaTkm)opuxPC%dJeO!CPryF0m9zh+X#lZNnd=qvk6 zAGQm(!82Tc4Eg^rKJn*VJ}~a`5FM^~Quu#|e(-$NXLv7S)2kK#qUqAtN57467iWp> z*Ky>zlX2&tnk#(*{cz*1za{R^83I2VpXAHKJh9>SpA&*UcHia#c%t1wUUwJz=o<2Q zs@B60XCHWWiSicme}-|Y1bqC{-}s`UcuEp|R?q;WT1`PlsiD zU*LDj!hLs7pf4P$aqL8#>*0^hRvqeFdyMot`o-_Z^+MmpxU0A9e@1$eglCMq_{%5C zAsly{gHMv@E61R(aoo12g{5jYj8_4l?91Xy&@aYk&tc*N;V+?&Uw)RRAI>5FNOTi!CitKD5#4`-v#yeI!V&|e2X{Q%XcMlFh- zH15VL$$J`G)9y3yatqZ}n2#Uflkcv0LjHe-XJ1!-tnB?~Gd`tZ8UO#Gei|$!56d;L zlafax;LFd^c(sF{1TS<_f4jkNH}3LQIzv4Q_4BE5m$&0DN_%BEUTAZpc=V6_ZS(Cv zDdT?L{YT@aZ=+~3yvlKtou2Za8{rA};G2DZ@qb3qa{Ox^R~~kTuMhecyh(9ZpODYz@IJ=<{A#E5vlaY8^n({`d?z#Rx4>WNE&mbdAA^_o&`Qz?{wn^N z#>#Vej{A3b^;h*b#M$m_C$Y1(J97VztWs< z3I120FL2-8T7Rr*hUc$SyKCV)8h6{HG`}Ms=I<`S=TFu7M&cg@&s?N=Iv=0$@Z@;4`w;v@ zc=>F8UZpuD|?e(wMItG|1YpX<=)%Bs&s4CI~Y zbEj&&!g13>#*=vd`>$pAWcwfD@v9B=?P`2dvFCTz|9|*wMxWj|)Ej6N>^9fisM}%6 z!;v(8xp9}D4ekM9`)mb&7@mvW*SgxcTgNgSpSDN;F+Ada>Avv4@kwxS^4MZ|uINgS_6}hp_Z)|L?=~#8JlG{p1<$ zClB!-XWY-PeYKvH)NHf>|2*??C-^q#~-)02>&JB>Si?n~9}v3&7>apzz7T=PY< zFN)rP=eJTlU*z5F`W?K?`eVcDKR+9H{JE&;w zzU!dxqPm^p-K<^X&Of`o;;B_jUu?i9&GA|n^ocuN9&G<4_Wai##(jS|o=u~lV%+(! zdu)Iw4eIENOVLM7)NWWmuY_lIRh(hF_GI8=G+v|d{|sK?x!Q*CdUt8O#>B2uCyo33 ztk4!P)aPj9F3uYFpt^nDtu3Q#;1Tynoi7}{W8C#O7rSr#NA$VsV6S|ieAd2O{(b*Y z9{S?b6W%hB_9XDJ#+`qqtMU-GQ|F@Z7dsF982TLh|4s2P!}HW(SO-Lz~J!-dx>&0Px7;N0v$)}n}*W#an-)hjF~ixZCb5jh(k&flv8( z&7;un8uT+``mc<4rL8Ugx>xb9e_DA?@?}5cK7QUi8pb_?K6!-dN?Qke4jta*QuQn3 z{|S61We0la7Z~5q;qm*XelhO0gN0wUPKNqyai8LOi1V%*1$)jEUVcaZcM$)9@ZJ;B zp4<;VBj`CE33xR+#;wj^<-jcizrv>_V(Vza*AWxox{||i) z_n8O%HjCtQ)04{o4(N9=?(#o=LE4jE_4LI^c&W4Ye|n?O8u#_d?^L|0Upvw(gZ~Ef<$VtJd_R14dx(07y)SE^aTiaT?M|qNla0Ij%yYfFJwCJ07se|7 z@Vw{i@G9p?!hHD=9zPHHyKy%!rW~#Ko8sT~VaHoWso4J89>#r~9M@}p-ArB85ckQOOQ9gIV|8IP%T&H`5 zf7kF4;@LRNlfB_>jJtg1#;Cs`o?X!QJ6iFC_A|y^yM@l07ooq);0f;64f|KC@o9XY zd`_m__2~2SRX@ko(-&!fh|9n_^)3;GH0$$;F+v}5uqwraJtCXSs z^Tu8LrF#{5IIejFUh|xIKjK_v+^tJZNPfSogn=-y-c#iwSwbhQIkKpC!M8bYc!^ag*uH_JKJc4%n!3(^fsuetK+~p^I z@<>k;4&rFHpNI~n)>?`R&?X2RbAFOOB6 zOBlz`@y~KUYEOLH*oiXdU*S3?Wt&=;Qt_^iBD+lAfg=!;k3V@ulZgg8Gk?($PUP4(XapZ-rNp3$$Q zJ^8$WzL;uUdX0;|jiMWkyLj>(=Vm33-bA07srjy6L{Yz|8JC0AZs5nmi_PSpqrW%9 z7k{q#ID-7FhcEq9{3v+OWr`=_`Sh@E4>s=dTzy&fT#x)LgtzUl_38|KmKk?-wJ5f3 zl#RPQBxC1=63fL4wbb8Me!@Im9(V_> z!x!Pd3ZC2HP)~M(zir&tf9(A~(KCvt(n3Bn&^I&gwmaz`6;D_{+ZlI0)w=4}o9O!* zckx%a9+!t7i@x-`@;nwk7yrev=Nj(t+~)7IXM1H8{R-nQZxxPH4q#l~fgg2P+AG6+ ztYZfVF8=IT%~O4A9>$$dVzcJ^8hmzur(RH=JJarY#$A6)KMnO{SrdJ+$++up^o;To z=3SQ+(y!$?z8?5o15aP2JcQ$jTjAOJ#IGZsuZ+9**u?j*>Xj7#O!ga3z<&pL;#ZCP za(ucPcXhjv>&0Qc?P=WgD=}E(xJ!q~e~QLkzY5eLHqp!IYu0Oq?jd>fsd1Oj>j!C_ z3C9)po`ddJOGZ=S6|PSO{Ut&Fp~kTh z?Uvv(xo#WA>n-Cxp606mGths8{`9l7PKJ5+2RzUDlU>obe4aR8md~{$y0dZTpW%M{ zu-=}GKFj%S$||}VUWnb7csD*(o^uTSEu;TrTg7Sr>pwrEe~a8O1;taIq&&~A zC4GP6KF=p9{_zdOkAat39pXVx`gICEdEO7uLh|S)_~@4gc(McheR!_B=26(+YyG0y zP1QZjD`yeUcJS-39O(JywPkdOaW}75F4DXMN0ZTC_`x7Aw9T3STyNavzr=IaE#a@B zPkukxlXKx8!VCPKQONW6_#}=}T^)tK{Y&yswO}5>hrp}cZy)OaGI(ZZGP*5&OYcf@C5gb zH-^uIN4&o%^lLV}!hJrwp?}J_%V+#K<(25GlhkflAASn{e~O3kO01Sobg{M<%~=Sx zGw$jzUrXDUMYOw{ahHc&^C6yubz>Yp`F+x!+jQ`s%hC6EQ~8+={{)`eW~e7e!0Wv% z|A^}m2f};9vm+IMScm5rck6kU`-sM%e;9q0-@&;X{Y8F&4v{HXP6 z9R8cpr;glGU;j0=Tg+%&PDH;iyvltSq25LXeWW}Ge!6kj?gPWq-r+uc?t<6E?hAU| zcoNOO|5}Is^X6%fkK@Z0ugm|YVd5q7-`BXyfAW|u=fy;L{Jw~j@JaCeNZ6j9@3@U` z&G#DLhWOutPa>=N66z}PhT5%MqzVt`qdFLOc^Ja|BwG=GFXL{!a$LU-{6Nob)#v_sH17JF=lWXMzAQkWVL#y_^mm}IiQNyg5uV^a>aeahc~fy#sgw5j zY-il{t1#p+Pqu}3fv0{S=E;BIeT=&}(-Slqy|1W?&eE2_TJsUJh$I7V!P0dcy=hOUz7R_^knab`r>foZaXqF zb{=4YaW{??uKy~kD7xFY>u))B-{9NuL|Jum9qqPxi#+eM<$UaB+~qkrM0vXh{oe3l z@2SO}@S(gwI197wm+7#u~+wxHIEP zrk=jI6rSm&cy2@gxN+ydn*Hh)@RjKQo}fIhhOaa3;!l31{_X;=XNBZ=<#h2z@O_NC zaVaf3+Y?0}H zLzSPF@NeOR_ZaMns?Oeb`?m6#s))RYzO`|epWM=eJUJdd#JH=U)v@E>EIwyGKfo(r zME{`iB>(;IzgD3yJuuYc@La&4cWC!sO~aIG494C&3g>OytpIqFSOoXK?4uN2cMyFpF;er z;d95Uu5PWZFPd5bIREN1;v@0t29Fvll4Ia|8F&4Sc%NZo{3pYE#NKmzCcI{%>S`VO zd*GR0RJTpxC3yV31gng@IHQ%C>0hD$0G{Ce^ONB}!YALaeq91@^uESr1Nmf_@ek2&WB=iNGEXY<;B%mH7f-h(1H7^|`s3jV>Y*?EYIy!g&7fiQYmIT2=LGLZ znuz{G^yQrL9PamS{E^x%ouIl3+l4)iJD<{z(qD$pLGY}5F}{7mc5?*$z2}s-j&<}8 z&JRAUKcQcj!0*0V`t#A>W8CGTv`*_)&@V?{d`0!pnf|_F+^x6MV$Z97hJO69%K!HY zC#wIk{Bs|xzv^8SO*ihgkD1telja+Dc^FvGxV*^tF2g6qdH%3{`2rqYuk|fFhjPd# z@=uq}_K}1gz_@F-dZFt1Q|ft{_h}Oija{F8AOAe(vFqaVHU5Zn?Ya>cLw2;z0D(*!j#;;HA%%2mKjEcj422cG??+`zqIQY zT=B1bZh-e`u5hC3;6?6_Y6yP;p1NQ46Xs)&FUTjqi?<#6zVO1_Lp%xlKWXEB|6!Ka zrLfLiVBF=o%z25s@Oc-XX%jTRLY-96=jtn-f#}<>lTW&rGIm`PeQ_!MJO;no+yW@Ly!y z)o1Rvv?r(3)))VUr@3$cQuJTppZ-Pup{|C1C7(^(C=Vv{pUaH6A`4~Pm^@n(6EA&6Zdp)V~3i)ZjLG5P$QhvgAe_wd~{=EZ@yFAoze|vrW zPcrW6BzdIv5Ej8NG4AdgFU5YR=|h~MSeE!+O643>&(P@`UiEsR=cD2kxyrQwuQ&Hcb(xiTwe(Dw>!N0 zi~P62XFub9d^!KAEZOq~=;z&-_R2K%d7g2%9o%%}OwSwQb0I!?-oHWFMvuVDyw@U( z`;W$5JtsIG3ERhd->AQ{_Empt(e5_z*0J-_`xtlcaZM6Oh-ZXx*RKrE^=!@eQ{f5L zlaPmn#(kZPQU)}dQMA~&8}}-|J5a*sS$s-8hI+CKyaG?2bf71V;B9S!xOn=OROewF zr@)gu#~tEdVBEDkrjPQl4?g#!PYl#NdLI5V{HSxK-w)pCJGHwx_B(W);89g|7}m*A z#$CI)pXIX?KGV_HG*N%&!*4O}*TXZlE=_?ygU^!XTH)t2j_<%zC9Q{p(0`AAn)~_N z!T*BSa6VkK(qjBx{VK)o2iq22<@`p-^TF`=dqGFRYYtN$!gyU_+~wgN=3PJHDZuZp zo%W;!{5g1T&Ox56qrcz7ODn{KzLqVFt{y5}_Y8Hob>O@QwHN;5;hED8_9VnP-ME{N zV{X%aW2m32jk|Fva2`ACcP%vT`jxD8nD+^FQZVk~N%FqOFi*cX?)>wQuwP2QTK^z@ z^oa5nu4@m5r((~ipKaXvR34O1j(*)`+{KgLp!~cJe;S`W&%dj>tWQ<7o8dZ3h;x#0 z*Wc1|DZAk_4}F^b*t+m1;W>_%Pl3N~+{LrtE>-3Ztp7j4KS^m`+>XBKk7_p=JMY)g zxXWh^zeBMA{jSEHf2GNxp7bK1G(7p1{C}vUe{dK+)!22$Q_&YW-`f-a3(@y`LF-Hl z_-p91`ycMfuZ-i{=u^ii|EtjdgMQoC?@R9Zlj3iAkmA(rj-ox`#edYV$MNY8KdpiE zEogU=aW`HS-b)a+FEc!E85Npo`x3_S65}qP8GfJWKlncZ&&T%jTl`P!dAi;aUYSOp zH16~Nllr@ocm^1E{)zTlSHtm30bav(#;~9KE|3@B#1w#~n@K zS>t~G#_lgV)3}Rs>V0XioP+)%czMk*PadZ}uYu3nNqOEE{loCgGuj^2qrbl!cm2)9 zu2c8>MSR-Q0p1~u?=*Nh_Wq?ujJxO0-!$&G3*09e_LDz0?)tTTM>&V4c zpr5ruWNY&FH~jpK%FkZtQ@_bS^=HPDkC?yxjJr4svFqdK!js&$+ytK`_|(MSOY^?* zkXxkwuMPP0|5)*a?cJZoUH;RYm+Q+vYPN}S;eO-Y;QfvJc~Q~4=uTZ7YTU(tFzZQc z^f$rRuF*QVD|`t&IbZcQ1fL(_rMJa9q2KNI|M%yr1{nAC`IYLt0s4cCyEuDuzi~_W z6nKf_*4B0P#Rd30Fh}!ZI{Hu1*Q`>1Z?2~=vYX|9@mZ>quzt>lFMmw^y_9;m4W9Z~ z+tcsh_reRY_x?R?-1RFuTJ1hSJnP`efvUp@pRRw92hNZ2ZPWvv>7n(iIsKhx+})qw zE%sderRb|WNdFt-@{e&p?yJ*2l5>eC^{0619L0Gi`cvTPkHjaSzuUO$R|5Yv@K@nQ zp34jSCw2ZJ&e1cyGVpfBoloH)`G<9KgmG8T8J??ZkN@PLU!l6H55K_s+w(y`p1p}LR z1b>6~+h~-dsGCg?r!R9om+2cFVBD{JqttFUd?vu72eloE_y^OC`+AGj=iT^c8fwIC zn)uJN=qvq{hs!Cry=oE9>6)S2qaS75`Il3Nc(M(A8v5dMs`IeUT!X&AbN!c~Uj>g? zKj*@`*OvcxPYm!RtcSgfyZbIGPpM8q9tJyZ@f2dmcjMvtBUEo;Km1(dZarBPJD)t? zxa(J%{ei8C=W%#)XXPQZy8-{M$H;#t>T0_>@<~om9$v-gVB;>%N-gC-)aNMUetfzA zKWq~(#V3^*>K)`3Mfc(p4b%GkIP<6oZ(UJ5N6_vk_$PS|XkYmDbzL4BL`!4WZTlK` zd8lyQDmVL`4tOVy$J^m^uW_IMZM2{K8GJGN#3!oodx&$jao6AM0@ZUK{nzm1e^k$# zSpPTSQyP7MSDuKzhwb>e=PRr0wpDNOfA7A=T|8y>>%w+$gmE{Hhy63a`yb7^ zbUr*6+kdzW|7`5No!7u?V(;--h);*Deh4+VhatPz{COpIMa)$lk_wXtFrFO&mbC^BI%GVOi-Z(W5) z2Wy^&`E@<~wOtgUEt~%H0=(;gG+$NTlR@*#{m!zc<*pi*v|%%EMCpkA-JXP<`%9!`H(XmZa}XJ|Bmdc;4_YD<$`N z#<-t%vHLUMh8NFM?&>@nyB>X=ao4ZS%N3^` zX8O<5_@v_T!1G)m8IArY@82d$#-4Mp-(3EsZ*_bcj)OWF_v^_dtyf_^>1o`>-}f!$ zGpx7g1)t8E7iZFL4LtRiwrgL*Z!qr857floN3jV1%!|s8{Pa-@VUla9#S7^ zX0?FdYuvS4dQ|Nyt5Ni==XSm{w*6{sFD!ELjOv^A4tG5kC9Ew zxT}*i_pK%2=fEqARX>5>8~kguJq_E1hv9jSQySp&g>g6TKgZtR+o-kT%<;ZfRhPY& z9bV+U@nJi4DLfBvh5yUOUELPAuG$^`IlRPkSRv1U1^sr)!+P|)wNX5U*maE@JoO)q zm;ROA_Y2SPylU9be89NdA4m?)5cw#@%Ku-f=>tDOS~=mt=lS|Vyyo6g;x(( z9iB#=pKsjxm#$ak{7S)H4PPC5PW)MTYwnX-NV{Jeckvf^Z+Tt#AI4o>6=L^EHnkrv zas0*D^}CMn>{P{hM3|58T9-_B%n%?1ZZGDKURT9tIe9^QCf~=0z9UJ<+(!Tf^9PZ9YD! zJ{p$^99Q09+>KXiq1KtH_&kq3!E+5^{(cLua9?6W^zAyxXWJo~L5j+LAI-RnKZ-q9 zaxeV7ue8pD_#cFq-&CI4;{UR7_q=Df*zxtdo;R=uZghN?Mc-f>#q(!J#q&12J3M#5 z0iN6g-^aL*bGM;e@Z;h6wnMhySL2htL?e3^<9HjqKktdU2LBR#aqK#T*L>IN8b!ByecdRRIo$hxK)Z|4r&cJ>3*gJ()y=BIvG9ubvH9}4_+0x> z_t|9!^{fAM#rY)jcPu5I<~_>^AIc!hPNR#N^&?%!^Leh|F$jN*SDeh@rj+`~G2B|I@j`OzvG zMN5slx{aRDex2>M`Oovl{rdL096I8^8eWVve_NB!_wmWbt}}ja+~p_xrP>YgjOa)` zj8%W@;Xlu~Yd4!#9exVG7k%`;^v}YV7?_X4+RcBZifV-ZoxpiN`90LhKi;QJ6dkG+pn|?d7x|=S$S2f)TjQ>N zDuWc~H1r3cPw%Wc8~{HQeePC`*AWf$#YO1j`>WT&m&Vqy74Y%}s@TQ&zlVRNrQ#V- zS6?*WQE_ItP88;868;{~jfQpdba;jPISDf=z!N*kzZQA>#kkA!!qEeLgLe4fKb^aZ zXIiEG|L-jv9d6v`?TIbxEss7KX}vAsbB%E~kEUFrb)Mxjx)GoBCGvR*{UUrSlT_!+ zXm>ICNpEYt-4(tXeVO~R!n|8+e5=}RqC{-}RB`cTye- zTsIsI?_=EMAzH1>Uk2|FPsh%G-eBCFSIqAhjtKM*iou8d*bx64@FKrEmd5|@;6Fln zv)u##8QzULIbZw<^y7{D`8!y73;Tf=z$4!8v=aT5_!K$65$5mp={$Ic=N2NUp$K5S=R{YtD;_r?AczDe|s@s0>2jJDmwVs4={KUBH zZy+b}vHtynoWp3I>{v7cyM4x*~brrUctKgYGHSPy8 zkN$#JW7h|_+fDV5yh`KV7yrJ-U7SVki#Q!V*|>|Rdac&6u$?*!eTnA?!uIzb^pg%$ zCd2;lD)jkf8o^MX|AQBf&^TJy{?n<4+P&#W`Go7g1B|=+Pv*Cbf0S_-f2OszYdUJP z_xj?q^kn(i=@I{V7GB)#Q2+l$TLRtZzxd=h4h`$r-{_-fl;@;Z+xeWHiZgqm_=oWQ z;M?zz_T)9znG=k={mDGfF(uK@MW1H=)`Q;;&wnZZFyEhn=QfJpfc`^x>U{AB;QttR z`KeIP4dL6R824JL&#)huh37_UTxOx4Z`@r!S`>S)+I^neaZv0%uB(i@`pL)c)2p+) z+AWVzoDbpO%ed3uHbXNajMqST=_=_}jrM#rJi&bn9q^fke~I@iz7N06xZiG`r}_!& z@JF7vjIy!k5$g9+JaxyZeon+^YvXQzFU|F}y6|r33l}TSQSiyeUH+rk^{KV!OC5)M zWf=Dlf}Z>6p2DZm9>g;`?McYn-o~AO?j5aTGtm!$uX$4Qt~vZ{?FP!a3i2r8v z`J1)QG-JN3HSWeG%l%zpzkNNtF29o)=1bGwil@r;>(;b8+PL$n*{pdN@^cLOJkMJ- zMSm6g@_Sm(!*~^pC(-=-uOdE0?*FOJmtWzNK1ls)39sEpah85l-ZW}V|%6<4%9twbFNB zJsFCA2i~(6)`zj^)4T^J%=anAU7f6+qWQHG{&%2H%uv6sg+B>j6#HG#m+*-nH@yx| zH`IC(whOiQQoSX)Pc?~uXXCD4+c#2u-bNv2;79E>*eiEIKhd~f$L1)Xzf+&{jk|eW z=6RN|KXW%eCGPX-jL$FlBoB~JPxxMa6;GwR=3~$ggC~y@uQE}m1^tt%oZk4%hv#PN zc&$R5x4_RFq<&3>Z!+%UAILa{dDLWY>LGT&L0jYQ__X@A)@Qq&%zwHW_v=9Hd5Vcn zZ+YHxcjfsv@_YsQ?1P#Y-{P|z{VPqaRRs3_sGiizgpDUpFoA*zc8}j!%BJ@)q_RABTUwT>T2`Tb+I6UpzzOayxPEZQSLj zR7?8_t%zq9`dkC8GatjRN1r=FK4HCj4xZ#WmuJv7+*kg2-oFvnu@T1I_-3bRyOTse z)40pS&=zS=!g<}h;PKz@TMW-0q~rP~EW|Iu6Ma-~n;WZvvT@hnYV7(>-Tl;VIhN<9 z#$B9wj&sBM(+d5jzRG`?kGw$^`*rd{VnpZ!dGZVyTxtuyYnn-TXR)7|JNe9Amupw^@4$N`Ec z%X!*1{DaGlyZo$;-5+>w(8rFWAA{#kk#hs$`OvtlxAe>{=jl(z{d(13^<0boHXJBk zi0xPG1kZDPu_OL{;7Q(le+K+e<1YT_LA6^KKGC?(f28$F*^8q2!Dn3BE5rGRXVFKo z`?1%;GhEjQ>(cgvvJIXKZb2uL|79M}zcCv97|KQm9&pGHz0~EhzWfa|M z+~uMH1ehF3Wctku%~(E(~Vf417q z;?v%^i*v}cnnAPSy^XtisN@vkD0XnCqF;TE^0Ny4mGG!2z9V(}ka0I&laEomp&nKk zcmDa<{==`veSSFK80w+@5b3j%mFEVuI})C`OzUkGevEPFljZzXSNLV{0>@=xonH;F z+^jeQ|J1n4&&FNUuSRubRNqd3IKKTb@i~n9zQ$d@$~`qMZRqfm@ai(fuV|y_J9sYk zyOSM<%D?@e1AK#Bh<})I=bwxnM=VC4Z=?OjQ_#PGzQpsV;dtaT<1Rm?C)D30`ep~I z-F36oucsKt1L5^=QJq`@KMP*@Lve=n{2q8Z_WK|Y8h7z$7b*|o_pjea-<{uc97a5U z!OI^jpA+D{4wg@9FV*K7_*mm^T=xA`adsfisqn(q%KRGm1^A>nkJ<{Kl5uyvJ{3F8 zdJ}#0Kdm!8(RV#W?H>J&+D$al7sKI|H?*Gjp-!^KT^?$9->F8yjtAk3UQ#~Q>nOSj zpCZrue@DBI!#^0Jc3ac0FW{-~<#RFmro+^3Zd=74^0o)O^r*(A9{MT9T|P@!Dw42W zm}A_{>oWK8Hbj31J_YJ6Y+n|`hn=T9?1#SAq4KZ1rj=?R^0Sq3m!HB$jhA{CMF$!8 z*GcctaX}jW@#r(ZEB>&ZdK#YGUUl*d`S}1|^Sty8i04aqne%cCW7O&}#o2$O@|i}T zhIidT5r+MfneaqK`_Jzs^$+I5GrZ3;)Z5eWUH6s$00v;4@r2c3n%@Vc+2}{(ZvLkD zy{fQY)fw)1+h}O)zQn=CT|QTTDE|*II>xvg-^ZGzJy{OF9G^^V`}it8sm;n;*q&DL zseYkx%#-I$=%d*0O6-_XJfCwvMmSG9(71~y!|$7f^NkaYyZIPD?{PNzrVG@sRn)^m z{L2R^&fVeb&?k5epQAe53cV?e$0z2Fx3;NKMI$@srz-0v^V z(3U8y^NG=lGvd5r;3JH?I3v#g_avUv1LyaHLciwXvvIQ8)t^!H5b&hp#n3^c+6fGt$04t?1Ve@XCFPXQR3sC5}=&iK~?P6Km^>sm5JA z@!x+x8-3+etpi~@UNr9Nyu$ghPWZorPjQ;I*IoGsU&2%T-bB!EGfsJqKG%GyHj_~& z<8EG8c-}wkZ%;7p;=KPD&7e?kr@^BS4)X?`$-^9YWjn0{`@rWJcXe2dJ@0&j=MAD> z_b49H6Wxi=p6{o<|0up#ZQR9~I7{{Ljlz%Kfk($GZ+2SGf9j5>Uq4ZY=(jfR`c>q7 zU1xY-^tr6+`B-?~xXXW@^B&=N;Tm}Q2*uwG{loa@V($ld3SNFz^W9b=|M}avtN(ng z{yR)iobl~fSK}@Zd4As~j7!eAi!&9wZ(%k*Ro>@Wk9G_A)cjBV-5Xx-Xtlez|3FX9 zA)h##0`5O2U@YRQ^{zHC_H}1wg$@{q8!+#q3%HJBV6Y;skxa(J$-=RJQ{TtrL z?k|cxm-HDv*;P97x)uF5@Z2t%7X#ow8F%mF3hR5A*S{Ng?bdMIw+H&@80DdUM*Rx= z|Lu&s^K$X~j@*p=XUs-PJ?`e zVSBLxUU^$}6|NJlg}-rA+UrZqqqbS~YZmVnZ$f|j8Fz6;S7^R$N4rDd+1PU>lkusX zsXXtA&uQpqU93EGgwKUn#>@XG_Ta3GQlZWV=aDL!H^x9hd|Mf4TU*2qhZ*c+(M-`r$t#R){yX_|7|E>Bp zlQ?&Qm)L*U8s6Ku8~4g@>eq4b!;HIi>GasTG!=cC_sH!`U7e2qCzq-|bNF0u+~udp zdvX%+mG~rhPDIg0Q5m0sXRCg`!oT*h@+olq-X5P$#$7(+zr(T{yzg;x{vQ3I#(jTz z-+RczndlRbYCX9N{nha9vlNf^j_h~j;fHlfd*yHS^$)&=uYO4S8-=6BleKQ7IX_bu z-o?0!{{ikx4ExUmjk`F@vGcdn(P!^d{jA340`xVu*!9HM;Hl3v?kRkd z$I)(o)z#7U^u-nM;_>3)`qY!~)LB{wG%%X1&&uKpvgzw||a06fom^^pHL#@)P&V!!9O0RQ-T zr`z#K#@;`(+_0j_X*R4v#+1qw7T)TTg(Q#=wiQ>(O_@QwK`VZgTXSaW}rnFSS10iGS^>;@Oi`pW(eyZQ#>aroA$3uZO|Y z!?k^X8J}a|FZ15W|J$!K?&@JvY#qMJxa(KV2deY1J>7&)@;TLQPyC~kq|c9%ejDc9 zPf-`lurx4cs07~(&`xa)6z zzUn+|hqLHgPL=ac_>}SgCad^wf&b6A8?W{p*MxbIuoD+9Z<%it=ke$}!z<%5o@@*6 zZrsIL`9kA07d`=A%8UO6&*77<%0C>xUu4{`KU_CaD^c_~K5s15`Vh`%meJ>V&&+oC z|A>F3r|N1Vyy0~9>*s>{*M{= zdEhvuG5j5PX1Mwr_H*i-B7KhYKOz49#$EnvpQ<>+c#R4A*nOTi!;>47=P(~vz|%Ze z74|c0+m4^}Pn@j!4E4Viyc#=Sw>`Xu-?QjOzf#6s9?DCVhp?YB9(|JEZBei7bQb)b zmKw)z$^Sj@&C3`U{2zyRA1mGiz5-tN67hxb^~PQPQ@mHC9sFDL#d=!zPN&`fp)al1 z3<}$wgHKg{O7yomKBM5dr&SNz7&0#>&0RF-t;W_JjQW)3-r4gcjFbm&f5>Z;28N|hJFM- zDW0>tA3hsiovHQn7x-%9Zr-hq&AX;HFn~?)*!~Yd&^^ zpJLp_nOm-U2;1=$@Z#TEuR=Y1jDKa4wiox|^F92}ujCWPWh*-o=llyFYQJR&akhgO zAKudcP~$G2ADyM~3hVYM=o7K$YClDv;r^Va#M9(lwVPyo8^H$}cmBm4H1F0D&j|E2 zw<(_A;dywup2kaC89OY3rv^x`UPsX%`1kIkaS8R)ewO0Nza_m!A&Pc_r;8fjaQ zuMg25h(7*a+zIHY!RLDPHEqqGNA?Q%RA_J{W{?&AEpkH%{cd=7z^daFK9hG*f0 zL&R<5{O45of|aWC(BF%V`|;)X&_jJ*j=so!ec`(H^+6wdF7@`H=e;^#((cp7-F{Jl z`-;_zD0&-x4bKPdhJHOf@ww(v*dP88p8w?_ue=%kjTV;WZnzzU_klAMm~_RL@}@ZgZi=rM&(yue=+5N8_&D4C}eB8b{G=^c_~G zy)ul~wZ=Qz2q&9r#6!K^jZcJ+s@<-i2LIS`<&GCAp5%GT&(6eiuyL3FD<4vR>cUSo z?&2(7ss4ub>V0@V_CB8hc3|l0aKt~VpIe!yr@|{MRd26Sa2FVN>r&0hYBxc<4;Xjt zo)*jJi}1vU>S@?tD&wCRugZBCpWonj$KDUqb&mWCTwe?8&x!ELlkzX%Q!wuO)rI$U zXq2PqVe}=gJA`@hGQ7xp-8pR>{f$qa--Wph|7|W&JTLoN{TsfhEdMZ%I?h$QnLQ8o%I@e#!mDiW>cNjS?)p21Vu<}}bhxDS1W-xCk}nX3Yi-B(%0 zC(HB2&1v`B;D4y{wt~F<0^j(m;(Qu?tt-^u+49w{M|O zav#)A_|$lPgJ^&D-x#jwR`eC_M+$ZRgmFLLzu$6wSPhTg&+uP(mHXt|(!iJS;!5SA z58KVX=gU8Nr~F@{u+D{NpBKN7`2R5O@)Lh=Sc4knAv;d{6;WFMpsjHq|96^qJ&31^ zap#kX-T!niu1ssenuMaiss*conYM6 z^P<@O9uMGObFTWeg#5gLfBZe(9~*b|nT!2S{buiP$GL1Tn$vjGYt*mO1g+0`_+aC% zU!{MPhegcO!{DidRr#NxABRtc_mze9>N0rzJ@!}QlWU;$D(olUhW@Bk8u7jHe+&IL zM`@mh2aK3%}YpJ(iRsSd8(;HsqczF|il5yAHO6+;G^U%kyE6sr?_E05E z#OHD2ZrzLDU%fo&+i3f85Bi_rW#0cEeA+Eg{KZcczp6BfE->!mjGs5Y5`8ZA-q+{Q zr(cvq_nH`oF|~atg*%`tmo$#ck?>MenJ!UH=%ES zlKiiRzmC4Zb5h}aLY?as&)&S3@Bfa2j6476M~!a}eA4hN?>BA~;)Iu1NgvkLi}0`E zcr&y+AHHyE+B>wWC8MRrT^>@L#}4{8jJxBVpJUHUeuh5J^{Ej5pU&Uiuf9xm(uFuX z+@St0zEku1Q+OZaZabU$P1_f6ltEv^^K?7$#Tmw3eu_Nb(E@%e`dsX}jMeC?vHO&M zFz(i$Vr>2CwNP>9cn&n=VK4Zfr=)$0A#W3n`*==M-G=S#N$>*K(ZaYq0`Iqa%lZBp z{@-+z|77~r+zw3KxFoMpeNKUQGw#Nv{I+@gE7V^4^$G&-36Z&S$Es z?LEWrn)Yh9iq8Y^Qcu-e*x&v%`0#u|xbE5FW|y}%QTy0)VQr1Oyd^%@IEMK?2%eoQ z{w?ih;DxDL-=2r(;L%;uzXZP<{`V8ga|ifq#{K&CleVYV!rwt(;XRf)_}B2%I%Q^0 z_$GV~PNY4NTNG`53;92ab(n#<#<**D$)(bVdVUt3s-x}T&-lNDPmcVsd5nI9XJUEl ze5>lVhWCkuh!kGB%aoKdx_-H zO7z(&@(Fdg8UIq0UDbcX1}UZ#f*#9*w>dTjv)9{Q+9{ zG+U$SDdTRxWl`)s_HW{oOsm~%Nc4fXvkr`vLpS<6&bZ5GneE67_#}9O{jmn{dHBS) z*9(oieibLCy)x9pN_eiTwu9mMzIX92#@?gVsGxXKOSH$*n08yjBc9_v2HpXlzgP3+ zZTO+a-TJowTJ<-q^W)%!5u?0PS&E`F@kz(t3wNz?*RR3Xs7^XCj`w>Xdwx9jdk0V9 zlj6Od6N%?XeEP0Qd(w?@+4c_d&+oI?X)FKf1kZe^ehm?h&W4Zqa)2jk^sC@Ct)v`* zzV@ApKmHz}M#f$JWFOFWGt95u&=)Hi?{Eh`{f+y1_np>_us?h;`tuK0e%cbx6Y#m* z7d;-Im*Levw8A_N{}}(|IQfU`DP8VT{L%Z0=SK8<8uxX}@4cP|pM*Ysd_B#$>u=xK z{dMP|&$QP3+J$ks6MZ$Nf7Eza+WPljFXHn)^C+zUYvEb$qX_G2t-IB)>c^TFKVjC) zxa-&5Jl_}gi@L%qf2tlvqaOr6`UTZP@VNs29PcA)h5j~p`E`v~Q^sqlaW`LbvHJ$! z3_jfF+z_Aljk`D#AIhgoQ+=@keTDN0*P*X-kMvo7|2piK_JBvrsN;J-fPkSh)Ert=~!UPp_wcZ~(l_??)%`nFi0dQ=QoDQvNg3 zxUYYXUv@%&Kl&u^$!rN<2`_%2?Pl0titbZ96`pSj*B$!6U%XA@61EqEjVJN^_g@px zN9U_wcW_{HrEwQ$`(@%`Uc89@&w*)g^CV_Jp-+FInPR8!{AV-zi}%nx4RzILk;XTB zqsDh%e9kcL>y!8XwSnJi+#ip`?h9IhKG#X->*k?fZQPAl&6CQ*h44?&XE`6WHT-w< z(Z!0t`7ZjRp6%#5pIwJ5{>#zt2A{h+?a7hwEPUuw13d}r-o?gUzfzp{3){y>(N|*c zVSduMtN-G;%1>D5*T74$`x5_$Pj$5Ftxa78RPO<`n~Ocyu!C{eujaA${7gb$V%-S& zIT8K!Po=%_m(+iaaTjOA@nDGa4fN++#`;V=wH~ByuhIVeCDh4Q#$A5aJ*#>PYxU0P zoBynKC)H8ECcwvRmOiW}SKw3NxDR>sp>a2_XU5*Y`fJd))*c1RVbtLv#Z%$;G;gK9 z7a4bX%fx=)^IrISvG=0CjZbNUwu9Xje)I`E&-t9NKl!6^7iSdPKdJTqW9!TVW~|=- ze>`?s#+qmuI}t-dQQh{P$-dPycF8i?Ng6^DnhHs!Nt=WwNt9~xktEAh(jql2BvBKx zrTSgxe!s8p@AI7R_xU5A&+ECK_qon>uCv_teeQFwN4fvpihRC@I=2Y-`%6`<+hw@$ ze>#x6?<0iCQ=?Gd`)I#`yv+;H*Zh2sd>Z$AG-tU7$fMkE3^n;i=mz#{?(5Kes4v|5 z8R7mPUDu5iZsVEdzPozVpCR1#_t;_Ne~^4Bb?T+j?hVLKkcZ1)9aWb6@>ikL&pF4Y zsc`F0wi?FOc^vmP3itgPgZ$KSI7RzV4b*fL^}n|Eay=5~dl1?#XK5e!1@pf4qid5W zH{2KHV%20!fAR>=6VN=IF5LHr=M@xUxeIBZ+5?4klDJmmG1#_dh=IQ20qN}gOMAobmd>U9zrwBmiN1)#VDcMY2M^uc z$tNqxhYGj;oQ-09D_;b^c#`%ho?j85{XyY&oJ?@s)_!r0I)g@fzGc~b_=7r|P;Q#% zYqg|K6Y|hR#hU)2)A)g@5ea*7wbEc_KR*szkZwiQSuDWseXX^2g$>{Z>;`g$gk#mF)z`+_**D9 zJQ)2~*Da06-TNfX$m9I3wC39+;iYrrTomW~t+R#OIEOEx9S^bG1i7ie`jWp$9zW&z zWEShYOSp}X;lAaQv@a$BvEypWc^+L;xU~;E`x!mR*hTwwvrsQxA6DIla)XnRhw7&%+?IQ=B--(@927jCJhK_`Z$y9Iq)vw8XF>Ag z!fifZ>8u}$zXR^&VBA|n`zpe19723ASm&?4!tFSa;dhGyv>z+n`kC2``Nc5)Gu3`$ z-tplj>c_dyWD#|CP{+Lv+D|^=4#W+2=ZwixC&BN;)uvA6cj1q>4gIKu_6ylU!fI@`Q7}ww%1#JIFVQxc~FCaO=-cTj9@@ZG}@Ye0U9JX5@bPl}UYz61K2cx53XG z`gxK(bPeoB)1N9k;ZM8|O8k?&4SD8Ia74qHb;3*M1kA2{+C%XNTZP;DZeQs6U^UCl zSbNEzZO-@BFVH@|8~sJsZ-qaEKh@uA>Felw5Y@@OiSWNDiZug-+j7G#y8C1j%N;@< zbN7c(C+^Je?~#W~puW0a^rl_#XUv=MN7u1Kgxh`^-Gk>4J5_7V^2|nY-bC zS@ON)iM`NAG>obG5z4*v1-PCQ5*2RiJFQ#Z_I*IO^(W8-{ay3qN!qVG0i9(m_Z{K3 zT@vju4;o%*9T0BwGj=Qbb)|gxgZ#V6o$uH-5N`bm=11Pnq5iGHtv{K$@TUp+bm}CX zeROg1Aone6cD+F!odADyzIczk4fEt?>R%FG#ePT3`F?A;kKw=JeTMS1uP)sBALn~g zMaWx`kNOVtY;W@MME!IjtRMbl++HD%wM1S`rv2~K$?|(odf&VF9>lE~ z&wtQ-yIQ#QGsbhM&QPbeaDTk&gC6=Ed5rc+XFthW@<=K47xm{&>SVd!V;gnK@5T62 z#Mz%#Rk-!XD~*h;P#Ax3y>RPKockzbhVXyxqK?P!V#LWGrG5Hq#7FzlbL6pp;LB+L z8hMb<-O7_^$a}G$>hqM7?6WHNDf5SUuJyV_xQ&0hU*7olrhWE2^0^+% zeOYyOg6s2_UCR0WwfVIFNBKd-vmklp&)`q80@h1|$ZryE*AGEw{m|d%g^k$}#`W*7`DU90}X}?JAKSjMNP=Al= zk3oNIOnynY^(Vmhg|&YLKS#aX@9@?ZZsQQ-ysYC}3-Vb1ym@k)>hSzno!6ENxA92~ z^n6crAKC}B-}8A(pO2%T7sz862yO?o^e=YL2sgu4L^W$^mAF0k%=#=4j`_r}N_VErRADuz`dsF8@>c^e?t1pu$ zZbh7RUALJ!u~o=(tXhrPLwon!p-;&p9M84g%YB7MMd7yGSWT=P7Sqp-w9mXV-S;F* zfA$Nvc^iJOrB8~Hn?ul<7V&)2j5>A5YmPu1PSU=kaI2H%`|KDkCC;=@egv|F_OFm< zs$+a!ME)Li48NzQ`CR84_>;_!{xXF2jg=Px*XJM}dB4W+Q+Z$E*3Xc0ZqEwZyYJOL zL;Lvm@DshjnA7B0?&riPVNCVI@N+|c&-d_c#;pr^hUf6;JbNGc#^o6CK4iU~BzNC0 zSS#H6pZXX1R)F?d;dY$KI_t3l-@-o2efVmBop7615$+p2MxC2zAL09$nup_r+q`<~ z3dHj++AmT2QXPCUoO}&=v^>^Jy6*asJhl<>yo&KD^Bw&hk9AQ|>QonQ%T4n<8C_2{ zA)ntA{%D@Gr%t#V;!}t^{b(O7o!9^A!tJ`nBhOC2_@mDsy$tFbFOK*Oqy0qTw!Vq87$Iws-z(g>OoO-cv>t|*g>Q##N&ytVh_dTB_ z-%38J2IBuK`CjS=`Q2Oe0{Kqy56};Mn|I!6OCB|d|BKY=D%|=XbiVUAg!XM(c)n#v zZAam@A9+_IZ}(H@HQN8y2<7Va;P13goJV~N(!Sb{C^y0Nm5wvbgj@Z%bAIo1a(DeX zn>@n%51O}+kf(Tkp>f_O+{Qn~=fAqX`iwl)3-Oto14lFD9-lAk`s4!jL%hDwde#34 z{u`cyeFN(|P`DpwUU$?cznk{%yf&RY{ulCX0qxh32l>9$W#qq+d$%K>Td=*ZJc4q= z&h<_s;WiE)_j`n>(}p~J3hnhEd0+Aq&VIiU!tHoi!1-R-4B@sNBfJkVggTpOpDBR* zT5HJvLwon!v)$y`R}lwouYbrBm9bv>o;t;j!k=l}r^;qDwT0X3%B1t1i(7^J^8(Km z(fbvBl<&kiGnD$TlgEC9Kbp74$fIq+)&AO_5ohOfv&-Z+M5mX>a9x9AHFU)#vp-$oq=9h=bj|#VWn_7hR zvtIX=JcfGxb1(Y)Y1%gy?yt9<@1b-MZtEK>fc*T8`8kC;VV;A5-^%xlXm7g1pEA@> z(>~QcFaM49!AZzloiEz{0zd0}t$c-%`5`okJefe8*U+C;!fkycqfy@&%l%Bao$t0d z-+BC5xUE;Z81h7)gI73?aua-CZ##9`2)FiOzK5&ppU$-Rcpahlsd@>w=cwy-ESu4c zp?%nN_LcSidLt{`AIByjK6<@e z>{se6M?UMkf0J-K&KTa8E6X@^ApeQ`zKW4grA}ZF${j<#jXbjm^;P>1s1qN8cHBez z@5qDvj=7eb?*!Y0`%cTzz8HC`C*o6;c~V)pjgN8Ovu;Q3P3_<-OkhXaD%{2=%JZ+Z z-S*Qy!}B!mWVwF}_v3RjGT}B3SeKndxlz8?rulrmaBH7-o>z7y_l}`ouV+5@rB0$T z{QQvRP9x8rMcy_b->>%DFs|x(px`eXV^`f$cKf*OC2ce6LFT+@H6Z@hiXh7=XXE#zV0mHzCS!~GsbeCQTy*vU-k19 z;kLesJ1`CeSnf937vR2~lGG`73ijPR&nN5IjyDRo?H-y1{|nMSD%`%mnRL#LznAtY zULR>Y#(jIaE4gZ#ub}y`iuNA+Z&m8=5N`dSG_RFUN|7HS4}XXGOP`|^In8!&g?_r7 z_O;2=m!n@}RUn_Q6>jy%orb>7N0Wrx`77kyXMT+K-Vv0m_k~`gzNvV3#V-P9;Af2AM?>kxj3giRZA;&xRyIE;S%KJ6E){dVY&C0|DS7hge*9w6T;+{QED z?5p{JI=wh9Riph^@ksMD-6?9l1`4I@c*b(B9+zPo3|674DCpe2%03l#m6O^(V@6q;)>6DBSNC+Yzy$ ztXDH~_xbg$!u|GgzIV`r`jHw~Cuo0+D8C-#^WSuIEcKI(U|*1V5~IEQp5QXt2g8WJ zw(majZ{Kd|dyfCgYb@j*pOe;Lz05`C;nUFRM_xg=pC_*(Pjr3TR_(jO&qA~xDBR8q zDd)ZZ8MIH$$9SST8_9d|dpB#S^M!D~y?Fj%j6CNr=Am<+q=|6bj@3Ite*x`#(LUgO zH*F4ig6Hb!dVZO3`WBKFzM5BC$&-BFQ0J+=kJN|0KCgUCbqZme zlx3m+^S-Ym&wrig0*8d#c1dzP)c$gs+GO+`=okZT;w14pKcC6bsVT7+~#?>DdI4g zg>)Bg{mk&WnC8g@+M80CH?$Otk(aX?Y zTJBBcDZaN=hdKj=+jhzDI}v)H>PgjczH=>K9PsUfn{ns-JQr$L2)A)amq58Aso#J+ z;5>hvMjrbeanN~lKlL-*FBhZEcfxIa!dGJbP=M`wmOAb@{4aUE&(N>eQ>R=$_?fH& zKT!)~+6lM%mG-srEi<(5L;H9b?W_Cr=FvVn0sg#|AAj(oaDP018hO%;IvWxfA-t#E6fID&ao*UwF8ALRKqOX$xq z@(i!j-zFa?+#f#&!vCV=_s~ATb5wLa{2=*)7}k^O&r0Doo)PZrZc3dEs>Aa_Rc8zB zQ~W;B2-@!>AM^^^u`1jBq;TtJxdtq$#r zNy6Lq&Af{CP0+qE`Ap}1*qephdIe8l{zd7=j3Lifg`e%2w;A#<_m^Hr{gSefu=Cmi zXI{HbxYb{B7-FZJ#1G51Gf14>9`FR=D53&i7;=CI5lvA2y(UM!5Aql|{R#&fnyhjw260V;?d1@Mk>u}@CwMMLggOU= z+xo`)BF@Lje;|*IMn06M|K*FoK63>2_^+HlPrlL_XFTCH56w?`$C=K;t^cFHg8!Ot zx04rn6{IZviBmu3^p`hjAMA?w>$vnj?c>~sP>ed~XrC#Kb!6>i&iBG?yJu#i-4P8rUauJQ zf#+bTeNW-G+$^uVFQY$ql0SNx=M$YrmJ0X#_1kEviM0P*xXr6=&U)hn`7Vc-kqb#% z?y3%`uj;fGZuPUbcl4FDKi);2ybtBd<$(V)nL1zcz1=S4Ptrcf{oXn+d@J0>Kg{pe z6`}w6io>4-zt4Loc^UE@8xYCn)DH=_ej2WGFnb!)R=ADB9%ubIg!XanH_&z6!?e%v zc}ioJyHdD~&oSqGfH%q0w;?}^F%dr^?=i>o6?ENxUbx?0+Yz_Rsb8W5^m{Sit|zZg z?!G_RT)5Rqa({JM+TW}8eBL^N{5kUY7w~fgedLe%+9xXtJA z@}54?b#Kv<@PAygrO&5uJPDBp_aT4EQ>Q0+Rp-3r@xpDr68!%7J@oTg)p-Qt>KyjR z|ERr_C;NrlcJJq$pYsEGrWdXky3n7$sT0VD{`)q|y`>cViEKr^bl$mFcooTr7|*5e zN1c~wpScg?>gVKd`u6f%kNf{MZhr{3c@=4ob~&T|(B5oAobg-vZfZd6W!;k8ihf#^ z_Em-3xP_earf#?P!sCk(w&E&yA(&e^XqS4dwvUg*;#d zjT3JDzj}M#e14JkDSj72?*nWS?#E|S-aO1uCmThc>vd?Evd}k6!LMSRuM%$k%nn6+ zT~B^3xqF}O2I02cjB~C+AJsnx{jrQslsx8qpY(p=em-#jgT`&CaO+Q)&npX3=SAVR zT*LioYQKg0Wxhw;s?)weIq1Z`L|*AQe+7Av_qVYcF{Xxa+m0)o>yc){ZM(dig1+u6 z7)BkB`wy||FlI9Cjq@ITg7)rr#MaY(#5>ThO#e>^x8s;sVwz8M94jLWLL0Z;&UhFrnB1fzVY=e_YQKy_d~ankEKr9c|YX^@(}l>==05j z@}SVqtF`Da%ji&h;ntt{=NNzfp?){=z`f|F`aa83YR~rt%F_NYdA42$pXhq5=;hGw z;aullO&m7oyW217>6fwUbvq8r$V0p_p2adItsV(Jmb`N82Jc(j}NUNkLRf4 zao@{2u8UqE56nZ4=tw^|3b*x2aefK1+KiirG(q~q=#c% zx{d|6p#7*hXqQ*X`w6%8jqtjlIr-zXe~{3ZxX>PIdh4&!P6JMC-pzPIjMC|Q~P zg6C7EXkSUV?w4^3+K2B%yYywfZl?W8zIX3Y=PlvZ|6RPVRe<~?buu$B9u{YR zEO#Z!Z8RruKGzd&N)cGNW`-l^{ZY5KV!~!Sb7V$ey$67zU6M(-!I&blUe8bVkLDFe2?h?+P@*( z`k8z)ubv5e>ll(*Kw77)!s!o2I_M3Q~n8vyKHSi}f4LzuLVf?`W z@+8kg)_G(!d4}gjSE2qr!fky=IQwij2)FT14M#jNO3QiI)QOfrxud9af;xe(FfU}u z|E7KFFvbUDsWF9v@IU38dw(;z$LHy#s53-)2=RQ6e1&k^?(uuzr;b0b3%B)3ZpXUl zRp$S8a?=arOoaTPaNEAoN8qQ%xl|SC#5itDWVw}vTl*PrqP^6#UqK!bZtq)u>D;%RMtk@E?QGg-d0$KO^Fi7t zauNTc)PGO7ZO1Loc|O@szK1-*^-@{#uc;q({JByl6sr@8VI2Ms+r27z_zdDnY?_dF znS^q6{W(^+jYHabzL_8o@%c+3`tt>OpdiL=PS@rb^=EW%k9si|$Y&6DC?RQV0cy6XnU)nbsiTa`ypy%ngh&R_G%BhK~6W7LT?fDW?Jn19GkQM8C&hxV<-_>V@t z>ayGvdCECQ;#1+J<=g=GT>ZnsZQP>mP%n5Z-`%55WJ%tBU92|B{c;4#tbjkx8-KfAx&P5#RQNJyDg4a6%^2y|x z{_v+N`Ag)fyD-0eMgF^RyI&&M6YJjERqHS`Oe z2RjS5`Ea9i|8O+zJ=SYB^(T@aJ=@YJce7odCg0o~`j=?`9{GUFJfG-#{)BKpo<;Ju zWBUfSUKPwJ=effG;nx3^ucE&!V|y(XZgs-W{;nr!-)%7b(fz|e(mu=UEQ~_3t)2Gn z_unrGxA6(iLVvl5^|~pvr;aB-k;i{PyHuzBbq!%3a?bbeE!@U)i!_7P`4^A(Mtzxx>c8AqLZ$7kTmmdalkRiMS6S zI{WmtQ72pm{daIa{K04BgZ3hy-=WTT)Ja#vI=>hB@3c=i?;~6w&;EALRn#_-dm z(2fPE6C%%ik2r+L=L@&_kV>Gw`uuK&n_{y#yT!{pg~(AmKNmAV1` zWY*{Prww@--e(I^X9;;d3{E|FFmK*P``+Z)UoiicB)^?JPzU~e zz;Z_m_s3yA7b{Eq*}`poLjzFmN%H@YXLTl$G-;HU1R&|{35B{s%c~7w5 zjVL$Gd@e?v7UWTW7fG+9M+>)c@cuv??xp>`h&z{m0_Gh(ln{UUQeA}${J27)D zfw_5CxP4xb;qwBW7xoFa@k#T0<=S2cs1sR$aY@&=Ka(%L0pp3@x6FSN{7;cz&vGjZ zxB55ny-RJ!LBef&CHNg}tnQ2%O8X$Mv$S74LjALRziB)5Kcr6Dd9GcuIm%6ai|fZ* z*e|9Fw{Z@QL0;)|&&9O&xUZ67Hiv1SnT~eBXl6|D7SKuXxxA3>xXt;VRA<^J zXF^B&;{@S04i$O6rLL3j7jEO`MPWaW_1!`~m)B)=$-kgZgx8_E4k>>#bRy1v&bs6o zp0mpEm}YA4+#ee%+{P{9oWDJe_F=|N^L)8*o1a^p=TNT-xAk4|AjT!lw_Vf;@*Msu ztk-Gbwp=qF`8J2V_$`(fFwt%p$^YRvP*u2%Ti`MD_l4v=$lZM@gM{04a;7WR$?DIY zzP`kNFy`6v)S0RJ&i4f0Avb@t^*z+<_fymfJKsCYxfS(l!*NDd>i*A_!ma-aey>We zCXSx5hidp7gj;`tCy`h8(0(PkmxJ;1Ve*%RTm2;0 z=V)bP)(f|J{=72|Z>N36Sx=r7Zp)p2HOf6f{pzj2`}OvGvW~o`a9eKJd4J(P+Gm`7 zJ{yGF`gY*=c6B^?kM=XGB2VhD!~Y`O#xv|(UleT(e@@N9yz@s69BM7x`tvE*W7X*A zOSI4M+$X*7cU*XoHvj!k;Wp4Y_%8BF=Y>Y(?tQ|Wgxk2Koa>98w2$73{;uQLBjl;} z7(aFWpCVtCLb-Zh{j}O2@8G+s<7%h2D0k5^#Nm4;&^^L!9HRSCZf{m@5xKiwdW<@u zDCV70jOVko&+xmkH&Q35Ixi#BJn{?FiFLxbREWG(JNOwcio88i7{3S#w|*vGLcJEz z|A%PrelKhV`Kmt1PwkIylAo&2yrs^U)K7Ou|JCuQaC?*+I1BsY^z$0wHb0B-oDFUF zhQe+8W-DS{7omQ0@`!W(Z6E4~`TVOW^%qk=vJxYPw)+P1X3l+#y~1t&2c7)?Qn>Xe zz5@B9=bTsR03PCfr|Vem4Z>}lBUk1fZ$~Tt10!k~+TShQj<*$^{UrBOecsi{XbR)=Gj)QF&N!RkuZ9I*09r`fsQ`{dIpw0`z ztv_k5Pv$W`>uG=0OVHQx@LlqNvu->p+?Ja>iGGLZ8PlRO+AG3!otE2CxGgt09qZ&z z*sr^j$GW4x>wcAi!mWPBIXC`O+OJ%J5=XOMr)j_CJ;YzftI}N%w+Qb$Y23OCxAV~= zXa1cm+?Jc*xv6X}vt7A!KFl6+??<#(efm?aD|Ec=829w~T{Gb}4gu%8S8d3XyuMye zongXl{s$9SZ)C{t7jDOg>|nH4Y4R1qt^ZNphe6gE^EdUE_ro~zEbYs8LmU#f@(zil zlKr_>xYaTAU&n`Am0v)+qu0xEh~zPTCtdly!fkzPK7n>w!F*do`}n)?XDNy`uL%$G zfB*MC`=}G$3FT|3bC^8M^$BJlxerNwi(kznXU*oJk(yeS3CC^PF(&|JuTy z?~dFi@_%;IKH+>1@h|cq*C7R9Zt8}i6FHAO*Y<5h{_Y^eVLk2p3%B|CrL$g&`dsqi z8RUcJ^CIeuYl%3&P!K|IkVh6FZvCkLsc_rAO}>Zy0LHW8ZQzkV5TDt!zgf7AL+UvE z>_gszyuy8+PxLE%)bCF|=Pk4g{%gzx;Wqw>^H{emru}@?xgR=*$(NC51|niQ zu0A8&=2fCJ;#QsZ8`ZuV#<5}KM}*sQ< zeY16;ulMB!2)E-{)R+1LG%aO zI;IceVEA3FY2BL5#J@95iCko{?})c7o>eT4l*`}7Zb zEO(J`>wm_{hi%kJIp+)QBTw=>FB<1xsFQjhBSSrwd&NNZi`T&Qx}bq@>reJu#8bzm z8-?5WgnmFjEk~UZzI_3?e#d>VugRxT=i&~u<970gg!|*t%ZO)${7Kq(n2LC6zP&}h z>tDpD9Q*qp!tJ~kK7;vM^DSo({BN@sIx*^3B3~Zxd?L4f{GXP>ZM_nFkGLqXnMV6P zli~jrEO!q19gjg@$FZg4G3EnC6=T+tSD)bd$~upKLf&|IUS8~W_!Hy(PhBTpPoCgD z@S5~&hjsFPLBaX{yh+PSE&8G*QcM*Cdhw!TlzhyS|%oKGJA z2IZoc8S^-G!XCyMUH^Ydp5}K&lhn@_;W*F-?V{szS>d+a70)1^moq<`3b*;3oen>b zQ|C_d7Mol8WC!_c)Y&o{{=Z7Tm-dpPJ=d^z}U2&b7Y+_p=Y@84;=ED~=032{F^qG!xDt0Vak{RZuR1NA=ke6a(V0~i{?}mKstt#J4@4afMI2U&QR~&5JXsZ%v#H-#xXlyqP2^!k^1-wZT@L%Zn1@ryV;Njme!_a) zC*1lIW$S|YgDmaS+?S~N-0x24tm6BC*Hiy);kLbEov}imN**IG zUKw#dLB5_knGMKi{8!#n9u0kS1ohJSqPK9XpYo8;FEb7!X&)K^52sQ88S)Lo&|V(- zWfCZ>V{)KBfxH@d0q1+5-N-jpfd6_f$5i3=`Xy5h*ZaW&5L!a}OP{y)0sd>uv%bAN z=jDC=+AQ}~+OOFIKR1!TOdzjX{0;t%m;# zs8dI{wa@T5ude^Ql4p5Nm#)L7P$$lF`-@WNKH5i4V!o(OzF4>&hez?dF!{-s3iroV zKIhGnZ=`*U@3}W2KS6zu`*t)RE+1=kE;kj=p`xf;6QcdAjKkl60HB-2)SC2c955Ll%HM9@#Jh!sc|CKyc0PUsw+fR`v z2BTj*M*GI&pRQ=rjE04f3?}9f9-YVV>*w z4E?z-ig>#3*EAJw%U${r#xcF#=}g|?eQ?YU#>^IO745lx*PiLd6l;cw|++MKpc=2vb}`-ri1WP&tH9)JaiiNSfv>AnQ(jF zxaPh7dqlXO&(8brHDrNj>l^Li`JV5k|2@cKUC~m=3S%O|t)FS<`<^k{w`zubE6Q>B z8QKS0z{8uV{}b&qw?V%Q8~$JNjpq^1Le!}|5#%Z3?Iz4EAlW<$#5TD-# zSZ+7+2>X$)1IJM(yaDCns>+y0h1>cD1Mt5V^?xJ}v0vOt{o0dYALcnQg~@x8$DRE- z%gHk-tSfYUdrG*i*OZ2yudtgsyU8;<;b&X=^BZ*n-($vXM*Dxs7jj>OuCJO-hJK${%hS)PAeociO0+xu^nB{gOt?dNnxy$0|% z8-@G*k=I8o)?{g)Qyk?^q5YLp;ZLj(@^Bgpx=y&&iSBLbTWTDZlc%}v)pmbRxLrS_ zoaaynsUO@A{ShqpXX?ax-$3W4 zpkIeu=UwP%y>2DXaNVvtw~?nW zp}%N*O{RXB`#p3#e1P`m>kfX2!&yL<_JJB0`Ssj}e}&t8h&%T;iqC}qPjx^$E};MQ z$b)~Py>$K4R=BNK3uph{K=K&hRv9`vepVN5bz);M@>ivOC*ju5bRYDim&vCIxBawBF6=eV3F_ap80{!4JpU(2 z?%f8iu~|FhgI_?hKCrLwfIE8O~-;<+NaKJP_)!|$i-eD^5r z&vIUvZ-BT3^nkA^(l@sm=?%g!}QVgnYwQ zk}>zt-f-MjKUdQ}`!~wfb}tjdJk{8_uNV~W>+{@x{FS_JCfw#jx-vZMLjPw7|G(yi z$7ydaqGwgoeyuv?kUu(}Zz6xbTi*QtO1OPq8FJ!zR=D*u>YNYLbT<5)`Ftzi!!sPO zMhmz0SB?PJ_T4Pp&)a3lLyg;)v`;zT!>u=m zp3f_oHO_m8&k48n%5ooR8wsKPDLNnJnz`t|`B<-#!fm<1IN~3Ix#{L}xj*SV2Y*cM z`5mz!?Vl5F%S}1&kAExN*4Mpnd{Vewe>QXWrQ|$-Jlx~#+pjF#*S`+q^PluTD%@TN z>CgYfhxUO8`gI5P>xIItKYPYue7>H4xK6kqhk1GX*HP+tr;%^ymB!q>0RDu(ME+=d zjS_D4gTF$58ue$9ck6?^y0H*`v0Jz;Hy%N`WoiFC^%Ks0k7BZbw{dX4uT-8qdkF2T z4ebFxpw|<(|h+Bg7 zDzXs#+f+-RU{o=tIeE;-!^Pq4$Z=P`G&EvGs9LM-Sg!X@v&sc@=0lzio@`q7w<4@6EwP=4Ed2}-J zxhTi6fx>NkBE0VrWj@?b`{YvCYuw%?Pec&6hp2DjC^uNKgHKR9W9kdH&&3kX_f6Ug zx8=s}$9NT^&VAHL@j7}q`5~(#@eKTentn!J;1Tfnn~1|4@+*YfcJZ8frvdF(4uJig zv~MNcwpZkP)Jx~D<-U%5-;Lv{=I46qWY1v)+d!Rn$TM}&?su`D{z{#ov!B2CqbN7} z6XHCa@xO*V#rJA;oqw}%I}WG#yifD9uW&#AKZQT9vweqAC(CnL`_RwXw2ux$e<@oS zzgSFr_j%lM+9x<4U8K%B@{J#(zPi5MOx|rMcrNSp0rdksUws*M&e1-}>rK6mEAtrY z)tLKX^ge1`;WmGQ&c3X^!fiiV;q;@i!fpF{&ipcyJj(N$bR5`8ok7n2fg{3goX7FJ zoq6=X@KW#=U6EJXFKUoS-bY@&!**#V-1-ydKJCHOxt%=9a~ss3D0wm$c~Y77t5p9# z=obgc|0Yj3-?z%YjCs!WKq=bS7H;bm>4bdH`}y_BC>KrM_*b?N5> z@^_u{B=0A8_anuH+xQgeiT0gHoei`P4aa(N2l+R&_u3*p*Kiy-P5UJ8lMG-3{7w6C zYvhUEFA6?xuQ&6X|NH}e%9}>Q{rus17wXRt;dXpTIN!~gE!_I=u45OIZ}|r60lmK7 zK^}9yzjjEtUoQ8zaQSIUt$==p?_ZavqqWGxZy-O1leZIYb+Wt<>5)H9p5XV*5p833 zD(7{atO)&|3&QY=xWR^;Z@{%s+s$~6?GzSpr7jV)&?t4?v@J}50_IvOrF_^`+*;`V*Q2N_(Yt2 zu#eE*+xE=RqI`@~7!u@%c^N#krPsk&S5jUN$D?Z6~8Hc$2K>gOjt$wC& zFW>Vu^#2ZWcR%oK;db7SJM;bu;r=+_++X_A+Dm<77Z8Uk)c=k=$#bELke?QA;}g0X zEB{Z)D?J6B%w33&w%4`7t$mW;3tmh6T-pa-?e3E>`{`uiwjb?st}ExM&Q9dX4b*v; zJn$yky%PDK!fk!C9QOj`MV^K~ZhtIA9&^qMYC|3$it$0m|AoSB+_HC|1)rz>GTKL- z`!+8KxBhHN_V6t)qx~k@r|*IOEVlbD@>n!$mLQR+WSeRsdsdg_F@ zA6Wa>3Gy(nTkogNIqHN@piUJHww4y9=aFpuH#RPd>Wq%6s7)R z@(AxEjUwMb{W#BID@(qe+}w&dj3EC)xNXNG&iU0RXdk8hPqfcj4f`197p95v$U_md zyZYIKJjwY>d0e>vU51j=d}XcgR@!Iy{=!I>yWh8$arG_4N5|pv&%vMI9+a!|X$|2v zPtwl0C=JM0IP+9L;r2SHh;xqUVBvN=f6KW)HiJ6udt@ufzdq>so)2Pxb_(~$)y?p; zChK*H_Q^i54;8>K>OK$qG_T*8&SoHaBp-C1;lOlIxUFwF?oXbp`oe8q8NSb=aW3%! z^b;l9`IfrgYcAaCq<+OXb|-Zro;pXPU^ zb>03U?Jqrx^~0OA|4F!Qmy~mTTKh%#ALTiOn&)>5xBicN96FCv=TYU({;sX$)3`rY z$JI}%pX7ZHy{;_x63X4f`l|iS!fm<6xvzDX^6k(&;fXZ3#XS>b*^%8zku2+RGKJj3T` z8_65KjQS3%f_%_=brx=QLUU2Bu1|&ux9t+(IYruE7E&j{_XM?G&yt6K$A~nJT+@q>}xqxEA&?zF(>LC7KGi`Bwc8)N6!var-k) zxb;8%IPyXLe}g&^=RV$7)QLyYPd7luoE7fhA8@YgYrTSU1Kd}m_g!xmZtGQXKH{n4 z$z<9;HO=#tb-sI^+&c*Wbv)TdUamdXjT4K(q0{7hb|XKJ(9itqQ0`MsJ6u z%-b%Dgxk0^-iG>?r2RhfKzWp_>$jpCP_Hz<+pF{7HNveS_95*Uql}3 zgm^9{e}VdO?w`@|@D1Ak^d;h~_q#r#eZ)Dpr|?Gj@8!pRhSuy~0rKRt80UXxLWIao z8~8Jt?bT7ZU*FxRFaB%HDBAa`iF*A?|7Vhi%R^t=<#FZtF;fg?KYEt>p7VVCbK!QJ zj1@q{JnH{Q`%ssTJ}F3E>2>%S;Q9H5$*T&t?Gkg=w%by! zuw9NIo~v1IDdDz1W^*zAWXP|iy@_GuIa?mTSV11;J{ zyOMeGnd(nM{^FXlhN#u9(j!G6J)!5j!L+VXQELj-~LYO zED&znH?$S)qVw`5+VA4I4Z~=E?VBh!G6Xf9N#0Vp)lWJ1Jyw#hnTz(-apP^Zcg~^B z3b%QC!g)Wv*cOz#A>sKYKEQIT3b*BEocHYdk$Yv(UIl1BSGe6r(ShfjD_=?bH0?F7 z_W1TPTW+83D`cs2T)3YnKOzn>w&U;AN%4E`C1_uFE8@I@`_^3L;g>ppTmUPao{}9KcS3ySh#KXDC?`^)mHLB+()7D{86|qcY$*qnv+7m z_{MpTd4+K6f2VeBd{6ZHqB;3fHzS_<9`^`xuMy%|n~pvv-1pOY&ubNV>|x9!dcE+n za()NrO6pvs{`{BWPano7_&)T*&igong9Y3cVcMVIzIR>My+?cZT&7*L zukPgMKje{%=-24Qa+_#7;+g7$=NFhg<=h_OHV#Ypo}I44=aUzwKf~arDe)iJhd7_2 zcgwkI!u`B@2zj!P_WjAt?tnkhs#t$6q0TkJt$i$u_SO2%Adm3*LIc`wrp}UF`12Y00rHKLz^`CF zd{1r~clRx|-M=VJk5RGI?lXB9`A)XFQ7la3%BtPz6t&g zdBvUJrW)d)<91E*g?G2~Ehn>p?!s++c7F)2@tG&wj(QYa2Lv*%s6~Z z`&47tcOd_c_NO>+Hm9GZK4kv<$MeZx+P4vI{YjNV`)a=!OZ#KRVXyt}N#WK{kM~83 zQ2!YRIdoIE}T^+jtMQ(+hU&+t3x$C!sf;Z`S7 z1mp9stXDVMm-()>Utn+gIgj>XXaDvE;dY(iz9(DiBh)wOd>{5!;kI1w_q=&Nmi*oE z$lCBduqp4#UhaB=5v=0aJ z_Q$7$S1=__Gur9;`DNOBUD03W^Y`CT|F=$Pmj_rt$-VG%P`agWsq<7H^2jl?dy+bv zgxmg};{B7_E!VQ;`2G< z@P=~dy@sM`_!%yZaY^r|-6GuY??o_w-9epB!u@g8*++2~?KgMFIH2c9JR;oYzk7by zi?sKuL;pU;Z5#QhE1{$9ept92AEM5Fzu##eI)ps$Nu7M3pk5>Ro=!FT-+(;j>~otg z+}10>`65XBd9=@rL4VI-yQ~v#^s~mN@H6gw zAFx09fiI9JwWu>!xF3J+6AqHErG2s=`j=k!75a?&U!Yvgp9aFM|H;FMzek-WwD)Gw zPx7(kQGO=~qm4253b*Z&`3={D%^06K)OXKgTtfR@Y)6K{JVX86AECaw-q=F!{fvIp zg8pnLk1qmW$a4QB4?6qhyaR|^qZhFbDM6jvgxmfbT!#8~qC(hIL+qm_* z4u1Z?{=1g?!Kb0G*P+{~A99|{oTbi^HlFXv*Yu~_=g^OK!8oAv;|=85k%;^QTsO89 zZvE`wjAPw}+j=ExAa8Y?k5gyOPv~FESng)p$A&<^2>Cm-k3Z4MCw<9(p?%tUzFhtw z{EzT_Do&54rEu%d%zcPk1L`DbAJ2!Lj$UlcI^lNQ2=cuEnw!1CZT`o2zJ$&*KT{{j zeG$02F{a8FD7S@kf2KZpmgg{Qdkqk7+c*3d;{OH<9!mSv-N+M-=X1hs{0+a?6QKPE z)JbI!=icNOsT1J(ipxwB`V!@)obzCtk!PL#9=XE(e#iYSx}JYPxQ(;93FEoGr?7`S z^$7ge_0kvAzvT%0)a&KKU%{VIt3BWI{q(<_aI2qj^0^P~GsB>x-+!D#`xMWU*ZOW% zz6Slb4*T!V!u@zU=ZzHk8vXVF5?e`7E{7v&#JCZ9AF`CN+i zdVxCOP4GwC@pI*T?@Zgh?je*L-iVB?SrtM}gxmayE=B&dW4UdF+q}*4xwGnbru~$z z@F$1k&k*tjQ$1f;uX7(GU$O>#9*ULki=f=_D)1I8cdu|8pE%ExSxEas!vC-LH~$n~ zT51p|HO;rwao`{7M8_jO7wBh^Z&29rv7vrPL|L`)t?Jej|C(nNN>WCw&zD=>6MM!fm@mIBs7>owA4NC$Ce~ z&qsvY_MI8d+g@wP)9+yZMJ?p}W#q}%G0*CC!5-oEI?iMMp57YkW6zDgmKfjW% zjl+}Iq>J01;@`smD4+LL1U5~DTR-FUNAtF`a2x;RWmvBsqWui=5YJUW_8POBya3-X zD@prW-$AFtBJ{6uR$NM8Tv`u6hvpmV*siuT?V^!N4j z=VkKXQTS7X{3G(++>eB;Gv-&}Ha-ETy()YUf5v=|@v}So?Rrn(LS&q3a^o;$anp7iw#8{<4TUrQa2`^Imi zeug@sjc7+1?);w$Kf|B+MT{GoKUWF2<)%wuT%AmvYiXZ(75*0_&!v5+J^Jq=@{z)A z|H?j)w|^}aZl7x;o$pdTPyN^+?L0^9{x8VFLzA*lzA=U?EkN7x%gkRD(v;X z- zao+bIKzr{nMzEpG^Wn4)ESXzD~ZLIs$I)lmG-Ye!u>dKpS<>$k-}}hWnMMc~kv!tFY(vGYFBdFpSUi#X`IvEpy=zl?Kz z-AcHPf0FNU*Mhvchdjmi#dN%yP2PmhB2R z9cdq{iE(l<>)Vq&$@zuyW}$F@yy7_?x=ve3`-QxZr{nN0;Wo}Y+aiDT9RBm&$cJ`0_=DSo+c;#qqFqK(=MnN0&*#_vm?BRM4f~e(uQ5BQ zUv4k-*Dwxe$Tz(JzLol=Pr;v55bTZ8_?Y=-D zmDLk&{WlZx=Kmzx$GFb~t59PeqP=^*$134L`u5-dY@>Z>GxAXL?L+FDpU_h43*oQ6 zBA?LC^T82{6+OdzXomiHoiv60nM-btqrLP#Se*Q*vrgM7+{PjG4&uBWGUhYdr@4<& z=ZoKH9~urnbsYGc_KBrvN4jI0{mDFc&H-*K+?KoUE96^MmODtejsK!p0>;7@oR@;pmF8w$7O4qN2;WCiVWj zV4c5){3-HGE40f4Qm;oY2)FUy;k@Tn<~-`<@p+==e`E42 zzf*8O%k_l&<28VE+{U3B_i5Ls{RHYHk05S3z8$4~AO)iRqQnKZ`{(Ev)2LHP zxYbWH-_XkP{X6m)pa0%Y`x~hf_z^mF$UD(KTN~pEdXq6dY443jyJ+4Sjd9qtpDL;Fj@{k-M+KS*BmBH}aU1GH~L z@{Z&Q=lT0>!fo6lJfGx2+TTh00Ppvz{wmtn?}Z3!{v?IlemBawUf%9=c^*-yx3BC` z{|n*%_t}f11^bbkzuAZi6Jj3fm&BLOXa!gJ2`M>_HF5He+5$8J^O~?b>KVO7@Gn(A+ zz0n%vE66i^zfZ@dFNFKoBcJ9S-%ip#To(DM^UGy_BW}@l7$0<83JSM=y7P4{+IzbZ zp95Sk^`m{LKiVZmKkuS_vWe#tz3zBixV;b7%)K6@{n8$2uZh$-Pre`uuFo+q|A+D9 zb0r;r1`D@wh&bobO`?6m>*OmZss9{#_BV_(t;jznPw{?QHS+I-+k8vB4}WxgI4j(a zlPPDMEcGw^jP1s}u!I+E^MzYKQ%=7~(0=)Fcyc4lJucjq8$X5i())5}$i02YPtC&u zVr%_LIQL_(B46t8hQfXQ>gZXBhCB`vZu2493+=1x!11(qzeh98a=C9~-bQ>b(Ep{> ziFAjK=Iv*~?Rb^oId3vU`#&dXzlzt1x_&E}5B4cuzi5AHDct%Q=JR@n*^D4}&oQ1% zo}xdMS?+!0A!onz)8yGvXqN`G->SST^6E0q<9`YF^W51#bBn~r@=*?t3Ag?ScOgDS zss99dcog)N?-y>{E5h}p&R-efw%xrEJ$;2{)G3-D`bpMTbt((@^VvDqs1EHH@j1@5 z)afJKwpZ#&=xe@>rG08S#u+^qr)lHVL=$LiRGu z3l-_lZsFGdqdfoNdh+k7lj3vyy5yw_!vE5X;6Izo)EDl@(|L~Hl=d-x9~q;cF|&l* z_KH+PyVR!s>*P`1|Is}BhTL=VziJ`sG{pL?DRml=yXW%VD7;Eed2`J9Zsu*mt^Xme zi-OddNu8_{hc&d1$Ivdi9@tI$&_Rp<1*vm{Ja9GY+p_?EQMoYu54?zW*LClF;ntre zPkX-McIv!A9^(6DmB{yy-_jfro=W~Zx#9OoA0)p>9&_3&e-V^hd^&XWK2J^Iw!I4d zg!PY}+dq!>vl?Q&dWQNB(mwSS`eP9$%9G@V=gXC#{pZvP-GFwyJqN$|m3&SS=<7MI zC5ytJ#2Ca={qe}tBhfC6sXv}Pa4q7j>&$1#$PxDXeEO>lxEYxNXO^ec>m1u`wgbQ)dykMUXM8eI0q9%Xwe>9ojEAfIL}G z`%lRu&VFfA9PwG6@_b9p&w|3OKkoDK62kp;ILDbF_3Nnp70464E~xM8=a^~vpigtt z*yr**ZYt{Ah`(qn+>Z0Hj}Zaw7yW3T;Q61rUYaW0Z?CDa*Lh)~@`u4Oy2|-f)bVN| zZ&l|<@+8k$`iA}-Ctt+xvy|5gltA1*{R?r{?*)6pZQQ~;&>waEwothBGqD2x=s3TN zI?4CD`^xw$V?Loy=rrra6Dor?Lt zHS#_){do%hTu1&1xtRp6yP32lXJOlWAWq0RKarzw~7~|55?C*=n zL;Su>U)rxGckf%SBaibvCe{B^xGgtwHSQqkxcZxLo6kjfAGiSZb0lH>e#H0XOOTf( zPjWw}=E;r1t$u7J>NTJKk0zgWGcq9`c}%#iug7z8?xX&4@*uC*)SnlG+i}VKiE&B$ z(K_1KinTP{7!C3@_c33?#_8TSCdEiJ!rk&Y$)9N8Fl8n8)+Xuj{5_K^}1EK zja$k&pKTU(0=%F3DgAjtxP5LLPhb6TC)7s0LIPn|uxgdFo za?pwMoHt~PG1myUagNV{|9fd)kM{0;{zl~AINx&_KpyxJ^U<|A5L!(AAg}i|pFbow zJa16v_iw1SYsI*quWT=Ty`1^C}>0sLQ1`Y=B_?j z%D6Qb?)Ovb)TDhb?c)nDp3Gpvjir66Am)Yrv|pn3zrnr?`4hCyT!#G7`Dit{`~KZ} z@{0V9Z7J$}O#R4VwEGZpGj#BnF}Wkhjvtphanj%klg!WwlO|4@JYq!sp(Z!Cb+7I{ za=Ucw*(*0!{$HCs|F3O_+;%-$c5R#6s%`s@-F$;it^db**rf3ja_<~At^N&7Zn)75 z9X~cYX85Gx!|eZUDpJG7=Z+jRe#qc4xz=!E?%>JO%=jUrhYy`p|AwXwo0$<429F({ zJ8bgUvD4L!w%ywJg`iOVf3`^d-~V59=>Lcg9dl>>q0y+xZQrGPtCn4Ib35ja%oS*I z2Mp-eFx0x`1o=NhT6gK#@cQ<{C$%0wcI@DB!@3TRww=?RB`!UCwrM$O zQm?^7#taAepZ}MeJ89^M+>i+NoYX8g_s;Qmj=OV`8QEd@m}uK+|GStbZKn;-?KXT; zZpU#W#^<&kJFM-U;qcJ54MP)WwCT|L|IzlgZHXky+O~h_p2Gq}{b(ya?K7>-El#hs z*OxjFP?<(x0c!XB`schNGOMzR5?|)t`&he2pk6a0DgBKw2ulk2UMS_e95@N1o) zjGu;cKlAhN<=Kbp&FZ@M_3Hg+a$ioJK1>#moA;l6#K~8a&5B8?4d<(moax+82-;+I zeZQKl?-#T22d>hxCm4=T?kB^Ko`3Q**sLbQhxPmK-^#fEx8-K~F#UUS@^m#BEymON z-TN<;=|%eYzXqG(=J5j$Vl#1~-NQdN6aW7AzX!w3@XOiRU^$tL_wELZ$JJ=U!0eqi zNMz<>eBG~$aeMu@r0GA4xt&{onC#Fb`SPOa#NN~9>*Q%N(@mRCyf``kTEFAr`tNw6 z*4+C}K3@O*d9k`&^qwa3O?i4J%cTxC(^0O~JRQ!afAa|?iFU}x6Xxo1WS{q^s1nlv znLTsoH0qLnEmmV525IQ^M}z&m*Iq8xdv|A(o5#CvkDFz~ddqB`e|fII;{MZOwi({p zh~94=u7=aGJ@6hMzAt9Q-)EC2|9hg>IUR0vz+kkVep#$H#Zh0LFBbFS)8*vZ{%#(( z!TsWyJ3Ky229u5SPH%dZb=JTCd7gj&_Vv$;-k^8=SMO-Yw7u;LS^Mf>zq|kPb+)wg z5!$&om+C=*|DW}6U03rt`n_H1_rb|vOU1jCy>d`t2P9_<>-DeYUWudLB2Oxtrn|?^6h8jSN$yec0S)sR=2~^(SuNie zkI1^Gv&nGvuhn!jaSMR8&02rXr~iGFj7J6f@&yj;0#~T~kDZ_0O*WsWs|R%5=$-fO ztR|zUUO#K+=b!V_i?jUG*KenPyzB8h>&bll>LtR=+~v)(-Rf4yANg*Wf*l9F<3)B| zF?f9F-%s}@oBPRXKG`&k8fH2CSe2pm{9*aC;rQcEzc!PT)oS?5 zl*r9+J?VD*I2Qil=_mW*Xe@V#UwSs2z0PRd?S!%SBeHBV*C98^zz;ua%3(JghTUzt z^TFx)eEM&@t8|Qi%ntG0i%0rCoIOt5<}!)XE3P=k9ob_LoAvPJ(J5NzPjvM0^=kT% z&nCAU&fi-t9>(}Y+wY&X&>yCCXVdj&inBD?JT5&rKum^@vrRtS;Kgi~(|rB7TrO6` zKKKdC4X*BRoIgBnCO>n%bbk9do9*Ra^VI?g-}rZJrk1ZB=XS(#x2sR~cedYV1mlOS zMJyFRwA$^hJA^CL?h(H29N2Zkr*3A~3ZD+U2gQ|J>BAfl=!84Aj*j(rIHR2%?5(GF z_bl|;WRB8J@f=5$dmJB?LzcCU(y?u2JaRE??PEJIj9cpEow2m3ZEaRR%YbYR-YlBY1$o&8RFXlMT@`7Jv< z(t+VJofhGHao$1KUOfJGaEzB6ui350U+2(;-o(6fyr0Te=a@$u$!EwH2op{Yj^ARo z_c(u^;*aZ>`QtKvTyGXjUYnQ_6kw8rX~-4q6LrNgwx8L&Oe}D+<&3KgO`BOVzuSSwsU4A-Wqi{!g_w(sVn>Ci7wGU4ATWv)P zgAJc^#C>}EE5BPU9+xQj{vV@aB_5Z@Od9WYC=Y$w&wd&ZrEoa!neJ6!rtUzvbw`Q{K{>e zmmhBoHAsH9so|zg?}?@kP?I1X2c0-HYndW`oK0?6to=Xk`w!)}>+)N@YSz_7hU33b z(33GreAWMBusPlk2$b7)}xK$xn%HcDNj_IC{1o4|Aa$lhyWdx^mV{4zUN**#~;|jXf(WcJ-^_Fui$e zA2o}*E$3^EZ`^Qj_0{`N3{WYkh{a%YD2qON+MJI@8FBOj3j^`UH@z0l)z;D3{>UCq zBXY1_5|>DPbe*FqBB`&tKg~(h{N;n(R(E;JVg>TY)*|EzhU^r}F#CMQ@;lhiTkYOi z??{@MdzGTx@&$RbV8Brn57W6GJ=iWq3R(PC{uqXQ_+ye!9+tR-;R6BKGXAaA5dU63 z-t0}+xsXZ2Jahhw9*f5Aez=x%__&(q8V=5yKR(<{R{UWI?c(+pld4Zo`F|h5BW|ad zNj`75`%DjslnfvEVmw`s@M84j3!Oe3kMTj6gy{zN2fJGP$n4C=!?R>lj@G)Kr7=IFFCZEBSa7k33x6=@o8q$ zm)DYMkFP&mq6&F3*EF?nNB2Vwjh`6iJB*s%9qSW+M41+U59Kb$$qnaXl#Ac%1K@{n z1;pA8i|@XdYA*i}6xQDOdAPbojtClgo7{ncT{>y6Q4z`c-sFuJoBW)Na9;D#?T`Uj z+)3shpL56SeWBkXIPoyPL8&kz9P_xun|9-kX3H~uXE%~L_ixO)^Z0uD^>0V*_Msod zWyn&L$8BA0FX~OOvGt^|A$gy5HNmY3#s#czG#Q5v;kVoI1R;%zSks9(#stLTd5+3m zhL8Gljl1fjc1wJak8X0s2+22|#@N$k*9aW48f8!5j9pwRc{DA5z)fbh>gGV`i(H;H z|BUW)E=b(VVzxhQdB|_@+vN)siT@G~Pafl8`V(>AdI}ckkICw{!vkF4$N74KJK!g+ z_bMO49fFY!gLjS|WH$Tv;}v1%>_)z_3jyB*r^+CCo|u{3KRBrWyeFlkU%GN}1+}hc z3zqclB7Pok2;u#w2j*ZtdA1Q;tnov9UEi)I^5ES0*vse0$m42-opYDLz6ihOps$y9wvpu^_2|ZYd7JpWU8O@ucxHP{-=+%svM{9F9Alc&QBYD zxjv_UYx{)LZ(qNjTsQr4@$IsAeRB0b4JQG<4o-gW4H|x;yLRuY;rmPSbq!yioSj{9 zv4&qrD)stbc!q}GE_x?}Kd*Whz02!{U(e6@{`~Vf*@N?MmqIG;HTnc>`jh!w@~0$3 zQ>(9TO;hWy=@Uzbc}EO4`3)XE%gAS9y@wT8ku{t!F$fg1|1fzVPzNB|tcLS7pIlwq zrxB)@ycSS~XJA^~JA$Q;xu%z(8G_Af# z1D32?2{N-|5BYT2yp>hLE@HzpW^1(xxA9p#^U z@HN{nqt}dSdXOz}{~p+KZ+TCGc1fCM{ad#Mf@OcA*!8J|1}b9WQLc*x0$E1UgopW+sC z_hXJ_15;J{72EK1>%Z(Nw{TAu4P)}xl;>LdH+`X5QK>XI>iA;EFFE* zzA3)y9tzJ%59%IjCMV0RJf?eO-?Wl%j{QQz@~gxBy}7WtdwDS9>D_emTh`j|q>BZ} zE3TphEXk^CKda0*S5022g7yd-jcd{+Ey`Uo@~)EN5A77OX&sj0*{4kI-s&_ikpx`H%J9-;>n>Po#W{<8+p?3b=KgUcV(%8(xshl@~ZF0i$+0 zJj{1_Q0Bs5;^!D>cx;JcA*7k(RDM)CI2B+losQG|#Q4?2ohl&&Zx2m44nFIPMZo({%?p*Eq-4jihEQ`XJW>CC#Fat(pI zn&|s^N42$F6~_Ilrf7A_mn3gcsxj7ix@tHsU8t>2g3&U}N`jjh>GNGhmCx4}0BLa2(>@7DBE;BYP{OR(kPrS4_dYkn) zzc~3yh8gDyvrl9?9~QF0jE5@>H)t}F6%xAe)%{|jhzv(E{n5U#pX^w_o*%&SBY0ZN z`5pljmX8-iQ4d&7O;&MNGN!b6o$~mWKY%R|yH!YI*wC|diZ_vYDX)!~?XCZ3aD8?D zu!n=Nhs)g>-Q%cX8Vm1~2vgbH2uCcH{ zz|=6Pz=o1W**we0yBdBJgi-lQ7+U2J6DdEM8A#4$+H8Wt4GQ@X=2MJpd;iE(QF!Hc zwqGivcBc|lwL5OaZ8+KocwEdJi0Ms!LpC~*pLQC!;Yp|3z1>ynB`Di=_b63U?ZeFM zh~FU9t|U}a0c{_<{qX~j6ThniwwydkC-b+n13T@COV#PPiuT_QT9xylw zxw*36I4#xJ2QBGjNxo*Kcu&S7y*i$Ds%5)JiOK68`-dUC`$|{2gXCdDD!i zDhD>p+CI!tlCyRvy(PaN+h==;46iK}f{X=|UaMQN&t!QkiAp{n+uMa}9mt|WRllFqY$@1T+cLAI*V=CR zaKzza^isiOH2vP;UeZRTx@2tKh=yMeDyBbUrKFB1pWR^(M|V-Z#Y&ZBVC*L#3aj=!(!XFG!k;Yf!1;hOo4*6lWWEK|@qF{Qz7(t*FG99WrpCy- zR302+PBQF&Tn0rRhP$<&#PlsbC4=3v1b$c}tyV?1wOY8)mbMZg$^Egt z{@GGhjwS0M2))LHQ3NOaJ%+5n-}+U+G+{Pil!4r!cS<|hCHyZ#yTXMd-DvYSbh+OS z5HMcNd|7yM@z3de5&wLEs*Yg*BDB;CAU+`}>@tRAi>L$n4#(lv?KhC#L?t0){2svS z4b6E%$C7*;83ZY=-fVFfeBVO19qoNx++7UUKlVg8&;i8+@x%4-PQMR?_VVA)f)u&u zoI()bVJaRt;bc5s>Bnp3MRm|{G@Tg}Jjx zXvXx(=CRiRaLR*=V=_IIV7XG{wgc8078s6A%1|qi{@`gB< z#GqAr(J{UX*BJq)qJID$TZEl4!5jvq_-q$twM^#^2=#B!N)Ju4ee99T;_b!G^9hOI zc}UF(-q%ravT?Ee`7JrYIz)R0e~U%nA1ym=;~d^NBvZhHRt$~kBxruYL-FJKo)8i# z@*iF8hIx(8V^7B;<1LcPMD6(V7T;`cX5}~N;mQ$w*6;HLkjm3=Ix`abXfd0uC;v5t zZGWM_5mnQ(PC=VLO;-dSX6imbE;l}P@Q5%JARVCM`dBlHk8M;R_UZcGQzKH}WQvUpQeFt}TlzvdqJ^=o0HBnckcgtbQ55!b)wXXVD-BM8 zu39~<31oTMsc1YO`-EoAS6bM6sIzAha$PLfe1xIH%TWA{Ia5Lquv3PGgsi^dwaUK* zgxWgSaSDM$%G-$(VXfIMbUnYcP6;=e!SV5x3;0PU9nJz4PBn_hEuh=@33zrxWG(ky z2F#Sv-fDx#5$<4*m5*l(_A+MUZ9UzNCHk(t%uV5vO4f{j@xV%V8>yQI|G`6vD*Zr; z8or`EvXwr9CXRkU*hU~T*8~2qDFfFFARHm0e;95?_rD#%zci2-PyTV4|HNY8B4Ea# zC&8;%ammpk*bV$1zds*|R4|JZke}6_UId(3WCWxVN}qiLL;H~w>^NkJfK%tf0e}mZ zIB4iwdm?N##&LZQ4@7!eMe-M=4)`$hHK4Bi%=llJ z4bT}e$~YklhDU$3_I_GkiG1M!$b&{+?}OJ2FT*4op$?2id%}Vs0a6ZRUlJxb)dtSe z=8{(Q-gs6%a2VJ4DjM1FR!_y>I$CA8k^mV$ct@hJ@DWWC;*YDA=epKev4qOy?d0lY(;cRTw0 zxyM(Ra6J#@&l7)~KXbj~Kq^FV#1t_Ooc)kV)5;GZ3(L8^UYGIUtlprVUnP9T=Nl9M zI4mldII((`tj&LapKLBS%X1`;5}_==q{i~}+vR8a5DcisP?Z8jD%Xn>1}eqjd~)*q znPs~iEman0>1Q_C0Xy!VPLR&_zalj5NFVyQli*>81$PUU}oHG*j z?E8B5Z&ocHpZic>_0Rr1ZT0$PaSA5XUTMFSfb-GUoBdvVq3iDn_fr+gxpa|mOpxCL)wkj2;y6%B>8D1XVa&7%0woAs$Hq?mPjhte9!AK+*k+K$i2;ubr= zoHV^mc+oYqN=hoX=Rozw59qBYobpX@!( zH9kZAi>USnM|tmhKflfgC;8ww7bBZGDEuWw(Dl z=VKL&1&0HRl*gnPq}B??->_O(;X=sRIS%qNW(-c1TWCW%H-n${xlq+sJKe% zdDgaUmEb$Esu99$A6fCw)U!=Z17{SNd-V%dRs(9XDf4sV@d@cIrh_8%UUqZ_6xbaw$-jyW4(2R4R10lL{l%;(pwjiM)9H*}M0#Ek*`ee^H%u zDHf#!Vf1vv9Du;6B?u$sUL^_o`w8wxQ6#rgWy_BcCF?FtQ!ayC(a+Mp&M$B~0%wjV z+AN^*Ak<+?XbL?)7d^g`2Lq zgVGu3tmk#3W#nPv3W;)nUq|nQpe|H4;|qw&j7Ezydg{}|z;3c?K4RBB`Y1ilz2;qy zZm6>ySrS)9pz7{Ofs__gi&Y{ru8N0yeeWNx=q#m+F<5jQxSXYv_X*D1Mf(c@-ClR!X&izBa$|Co&pR!mD+!|Cz~1CbUU2$U zRww#7gPsbly;8Oum+-K}$)g0e<-KRwAjpF^mVksj9Hn29ucbD41(>&sVt?CesRCeG)Yk(9FpLl9-4HVBZlX7}TOsR>v*S~8O z`1)A908A)4#R-evube^|0uMOs&Cv}S7aY5Q+&`VGi`Yn|xqA6+2aeIKyg<#>1ZPN` z$lg)mbQ0x7^%gM!##q*~*+*oc>tSV+P0$61CzzG3vSYs7m*tkiosL~O=A)lOQ{H89 zs&di1QejLi{8)okOUDb1wtix0i+sFfXr8A0pN;yiRo}|-lW9hB5A|=QIe12pvfKbp zucWX`M9ViFVA*(xLVB~z#rH}n>fX#ld!mjC77zwn*6&ExPtBb2GjoOWFN@7U1!AQI zBvN9gg-o$VgOCHfxLom79Pa6^fW+)MhFmh^X)5xV5BcNf_Ne0V5Fur)G7c+Zu=EvM z*NZ=eUidpcJeb1eIbH_Y0bSm9?FEt)*pspOLG( zt(SxKVaQiU{DM(k%+@_2DDu!#aLX1yS$Ri!VHBaohSV^ME$FDNP0E^}c(OdEE_sAv zp+5dW)%!!-H~pMdVu3@1^9-Cin!c*RCu}6amdg~{xmpRO-3pLp^ev^*6v=aNgencB zF+-}^9d2;X+;TOmN^q|Fgy+4 zT=T%!)6tJLkU;8k+E^|^e8_dL1`C@2<@n5x#{t@VFoHOSfvNC`h&bU#MTBd`mMkRz zlT$lQ^>P|4!Y(l#99SrN+G3Fsy$GvgOZjm-+eS=Wq57ODZBc527AiC9p(6riQB-3r*W|Mmm~HeObp=~iZ;l4#$#K?OJm@Qf zCjUq*=X+2r0s>GhkfUC2>~T;{F(iZVzE{}N47=m2s!n8iw{rJ053JGAX@SR>Uf%qz z6a$h)9W#TfvRrFsYOE5(KpBSE*}%lUaQw}gp%VtWMA&^En~3zTw#}`bxx<(Z2f=TZ zUduWW69{$vW=^UK1dzXFVFizeJ;F~~{5l6=Og#gPVebhf(eOou_0{M1z$J4%W)4|6 zpfp?te-kRaDiW33mdNI|OzehnvR5(GXO}SYPavgk@1?k7lnVJiI{aTx&#tGN+2ndr z=rs#`1{;tH>Eks0BlXI60WOSS2<};La6nbM4;+nCNB{`0j(Mrl^%KehBG7~kpZBL~ zY!zT#Yf#2Yxn^<_vXLj~h*S+TO$YoH=TFIUq508D#dp}{Iv+sh!+zr{mT+4IZS(Xb z4zON4>q_+lj!y+b^oP@x9Kx3@NrKbb$xW$}vzt4aVNjK?)Jv7_Q#z9+-Vjlk^QFvF ztNCy|%ItuDNV{ACJX<2BcaJCOJ;f~IEo^}DcHla)Zb~dLy@abMNqPE~Y^lMQkyavCv@%T3ONDk(#6?sq^p!O;~?kaAEsPXmeZxw4~(Ul#%+ zelLBmM%eHo??A=o9ZfOqjPt63==J*7qzVvm7L#FqUdQ4A1-T(3Ir2<#<_UD#=8qDGzH;xkKx>hMR!!?>K1rRS=8KKBK-*?~6cu zu~3hh_^@5g_Q6eHgNXlu5E01+F9C~@;!Imm+m-rV;b9Lg2N(L52$iKgC6+>Y=e&}l z^x9Z-y@!j;pj&Ip5&!9>&mnsp;;8BhAzX*rCi1Qv>Dp3pgw|1nm-531LmW!O=icvQ zwcqMs;b$bq3KfSYl@=CVq`>Pq*GFf4=?>EBGJJ*&Vd{`E!{Oo_T1x=))Yo^%A)lD*()cRbnEBgJxxH=5IA zeQs6l)d0ru&?ACAnHHYUx^l3^GA`i7Fpw5~_6!#09jcBrQ!4bB z%I+9|D;-t0<yqhibiyLcIB9IVvS zQn$PwY)9VKwA?`@E|a2-tk`vtz~(Ks>}}JsrN8lpr2n%ii}*M~EJf?rgY68rj^Jm) z@ZbFM(QmqGliEV*x>eH*dc@^xQT>y^w>4!`zY-)fEMU`>Odv8W4AsB|t%>I#9I(!LF&wCC8Pg(SMM!rQ zL1c*rzNnr|g^8=TkcytJpPdb7+@of{J5!5nve-~ONk)OcFnK8KDHj44f>an{UZHd2#kbBRgq>{PLr4kg1%90iif$F!8E2ny-3Kg|kgM^B zK-EKj2O`9Yq#-{I{!Qd1do1b$#Z=$mFK@8yBIkyrwrCH!bP{pDHGOgLC{t~+FBIW} zzKm{Ogwu+uTKx0-WYfQJj^k0@zpxDt?g^W4&tuyhomVjs5|l;*(Ii2vJ1GLjdUG#4 z<}GlQn+TsY6f54jM2|%kW2Z>wIN#NLowIPE)8teMD>vn*a(PIBK#TfT!BJ(l+RjRp zR+hursBrb8Ejkmp(fSc3t}0HA;JTv##AZ<hWPATCG$O}&S~X7(CHvcPi@4KYF_e*|LDIy6AR9;bbA9^X5N ztfr|3sFITM$RUD3_}A_I_=?s1uk|QP{iRokTGfH0y*w-8l#Hok?dCofi^ei0@wOMk zpWNmvJn`~w@EJ)H`AU~|_wHK;j!Wk>k!ZJbJu+kVx~_yeLOo1sSOeKXO#c<8$+Cc! zr2J3T;o(nKci0GGfyasOX3>}Y)mB0hS-#KR+s;*>DYU>BI5srOv6af)IgsH*NrN$r z=0vK4B$(is_^v+6#%!gznb#in_m~QXr&ln2437ULl=&qOBN{s=!Gxi zv2FO%L;D(!jp|#Y_1?1}9mqBW>!W@;7gP4uQlOYSN>ubDA23FTvZ5jk3^tux{tNLj z?Jc~ua&;R^?nMkNi8Y%HM#qROa$Hbx6xUL%QJ;)fW{WVwhkfyQlhJ3L1o@VqV%91s zwbvS$dq;T-A`dN2y1}gf3`-X;lGj4A(5DuMK2p2(D9Q7g$;(CbMm(a^mu42S(Dj z*4kzsd&XSaBK~BaCSyKAB|^HkUfPSQvQ*ju-}qu>>(YlBk3d4&#SA@dy{c|rNj=C{ zQgRWY8(f@RU9&{{_i~a7bkSO}#-}kG+cc*MpcBO4ya03b&7>F`y zIgQSbEDG_dR)|LtR)_{I#8%u}1+|gC{VZ*1tFG?Nx_6EUW$h|dovMmrdM@z=(`0#xoQN zQ$pkKgek|k(&8I4VnDE;7EMZDB z>{XUt5qXp@`ul^kMqsG_2eeCJVbQWC{x?#9#dHT3l^ZBQ%UjFslH_8#%Z}HDT7|qmCKfWCjxLN36;_FhQsw z6WWUN_45`!4Th8OF;**h(5Ljh;rwnyQ%>?Oo$o! zW6CksLpdrM3+Ju}v7{=DO)M^{E~u~oQi@ZerVsBHi!nV(qiT5Z_CdE)T%Qt-)W(FD zr~fy#wGL@JDXV}`jP_jsG*U>+2NRIAH)I_sPJW?4r|NsP3OqEr`d`j^V_X9|VkKrD z@9lYn&D1!RGqo#RJD_`jO>bLPHB( zHqeg-o8_#Drf*RK?U`# z@o9QRUrb?jql7}i4CC`6qSaiQG~zX^H0j}H1^TBU3OnBoP6y}2Ctj3cn_`?1a zU9G6&p0)MPKWS2g+-B4@qYw+AE^%I)EzaxQ1zdlIT(t^KED`tnEK#$zqH`0E_XU)k zf^}%7(MfwW7MnDwm96RzH2y9Gy-Jo*>J63X`Cl>$s26qIsV+2+sVRE3+K98^udf2D z2g9e@O1u7Euj9~_Bqd5r5DmVQ$z%YoJb_nI2UivrZy{_^X_bq9mwJX~NO6-McgN@< z?w$-X79lhvyYtR7N=73Rjrkym%0Bzw1&LVdFKx&~Cc7gHwY$GF;X}Tgj769JJJeEE9 zc*vt!nO2I^n5bl#Z!u;PPD-sxk12Stb^=BA^@DynUP*99wczc1P*bab9GV!LIbJ^hEzw^L_&-ffR9U^E0I&=zwd5$O|Z8-rhSrKHz zrxE1ORHEJ+0@lA5)rZ)1t4ue>t`@mgLRSpzHM~V#xp2F)^L1~oCJhvYx<`)Us*k>> zQsjV|R+2*o0wR;cSY%)Cocd4<^n$*1MLacVB)Ws@T&XKKwIJ~MG zsS=v~@*f91#FId62Xh~Xs->V8+5c4C96Ti;%aYT#z>2It^{yCL+je_P&Be$Hx`zW2 z%I~O{q97tvhp{jw?+<2JudmmsKdVl?YWy69uqpuMLsG@t;0{{^d5Viw%g%4BhN8a( zPE1juU^lOD(nGN7jH7yj$>+C1Q#U8=Hc2r@;ffA#qh@Guc-aX{z3y%VG;tqWwrTw3 zn}wP9ZY93l@`jygz@C4<@+Yl7OOv2iii71NrJ0%!meb+PZ518WQX|2{(pe%DoBt|j zn&M=Y74QxHrH|SuGb9cBWn*2}`gA_}Dy~!|W`#fgZwH|glM!^9i^tu#| zv9>dWS5CgN;lL;l*%9U(!v!|f|4g|vbrRx)!`B6sKM-7q(@zj15#W(Z85*%$n`kd| zJ1D~VjI@R}Sv$KPSe6v?flA=s6r&eKrXL=58BgcqRM>A7;tO7yM%akVqyt@WOIkrR zSSI*ysipEk^j9yE3SIqhVY{vqDQ8hl8?SYoTUO2#L;Mzi}ixF_2Uh7*X|ow zmq;?SboH*5u9>@#grc42`$$Ylui7F}VvXRm)kL_YoE>eRS1pB$;6rqlOculb%7GYJ z`VPC)yT4pXehrOIf>TO_n{M$NkdD-mE%^`W0GkX4q~Q$-l)$;1RsCMk<5_CX4gZqh|Hbb$P?{!l^p9FGqtqS zZ4HyU{`x&UB>pUo3ntpVN*CSj5LY9)UiaHv4x8)R7qfv`wxZU5YVC4<__03mQBF0C zp$(kTlpL^d%qhx^e;4&`VSD9`E0515>Jpn_3o{O+lnq&&N$Y@&}{W5CqTG}SF0bnV4)5$J= zj&d3dhk+RHZG8Fh<~~VDV$V`~Xm530QUfviUcse&n(zsZiMK9vZdr`nGG$%@gfv|} zP)kDB3ilsMB)8rg!dIJucyH2^B%b`uqE{2CCmOD|!CGO858 zYitPinVFGp6+6E~sw!gHYKvQPK{FKt!3VrNm7__TX=k0Iz(S`!sRj|~?)f#fWW@&7 z9Zri|Yj2i6s(~KcEe~I81Jfi4$4mBc4Xi*xe~P9c{+iGyGWAx{De*br3s6(oW?pXZ zo1)Bv$&#`UNlYGEzL76THMpiZCZuAYw;STpAHDv)iuz1n_P-6z|LrW{!o{#G(3_rt z&48%yVmQfMsHHH4II**+h09GP`>-=@Bf7L?Uk4XS4byi`j&PIRu%4sLz+3pPSLQig z-_L0%A~PR-on3aRSoaOH()2tDhgdI_gw~R!Mm63fWW6_p)+5&}7$-`t&3Gm%CbV_z z#LCucNfDcU(TUoXQh@>4xQDT*1RzcC*=r;-+|c3Q8~YudKFxtD%V_H23> zxvIZi)bj4Kg(i?YJi*iKybrWu2vO>GRRhCDqvP?9ZsgtN754I2*T6-^@`$Zgn#90f zVaKC&L$g3{6-bB@d9~D&xGA#&I%y^2g-e5|F=m*nn_sjD(LIWK47{f)DV>D!Tbp(~ zGD~LkR)mypPo+{*V~HOCT1>P?>(shDX`R)Z6%RL1pSbCY&s9P=CfvF!%U|9V!7y>5 zdmTfEML@~()!k^M?dB@I^w31~{DIjqoB{c0pIJ?C;Zg^#uF|R}6ojZ7I+>8iK+Tof z-YyhQ7fdbNVcTf_XHH%oD-}?NtpbszIHtyYD||OcG7XaLEv*GWaHi56X#y+6s8g;G zFhSEII;6p##r*=LrSLv1gc`|03yQsO3|=_T{pVGFtzIL@zFCN0}rWdbOR}7{HVv*gwKzY{7X(`v73N;SIgTeKbJbSU3SUXpf6Lqx^p30)d5D2O`Akv~q*rpM@krq(&dv_W3 zica$Gr&q@3;r!H=I+pGF4nc)qKs+?pCIRHnZ3r8v&0r+q31ujleQSLQC?;JHAO|dS@71&XTb95)-l8lz%|9b-Y@^(b0P#Z`Q=nP)|gWm27DI?U4 zudE#|P>Iupy3rCE1F_uPvjdz}o;p?Um=_%24H40VH5+U8AvINM_AN@QfY!XCzI+Kh z2u`yNr)UWDBWG7t(Rt^_9dyYgcW9k*t(!Mjl)NC^3BVhR=!^);Y7e(98whBq-za9T znpi5@wMqN;*j6Bba-pddx2KY>$#%%E3c7C*Y-_^uCsjJxfXT#_Q0f1RoC=agS;(sh z#bY>n;kn`u|7bh;c>qPGsUI_n!R+)MXkOXd@k%FO#6tEmgyflDJaxz%mA^X zcIX(Ek-1*4^CuZA^h!i8*Pv(Yl$30_CKZw$R(tN_NY>i!R}(LoU}T1-U`+&~TlCro9RUL-rF}XGglO)RU7&dRXQGJy=AcU!i6(_#yfxW~w0g^XP z`pF~-p$gHpDe#+a`C=i?3($DnVbJ#*e9I8ZSlsb;ZumXfiC8Oxs-|LA3|K{HApCg6 zZAZy8UNP(bZY9Uoo+2$e-g;Q}rFYtAS}YeHT@8D*+nQ}IY1_$hWfe2`R;vZEzhGQ* zz@q!#+CKx_UeO?Qa;@39e0;cRGH`BEE}2rS+L!C=egjpYnlD~YX_1FxW{r>Wac>tv zoU{Fl;g89m*wk+4ufO)9QjbeKI(*V!`k#=Yqi<9%O^;BBua;C1as2lt#BAPJbx1-HEmjwo!ueOK{FI0al z0aNPTuRY~L-(7n>bL_0%+dHPz@4vO?-P;R>ScS-h?*YWpZOSgDk&s-sb%%YSETfkXZ`Br+ z-38S+zl_BS2f^@a{$VA4`E(+$kUU;HKN$~~I#FNPFk&U|=8vovzGZg`xq%?f-nPKF@+>`#vn>M`n$`Cnl#D3K zuqt&pAB?!_ogejht@kVdz3^KIg-*G_Omch;`xI6X_R1>;T_drR>+jvLLI;xT^W)F} z-K${|u(thr(iw}|Khi^dKK}|RR(m`Tm3PQH$>(R|n_G6WOn*cRu?9yPgT>-0*q_>% zC{V)`bOXt=hZ-ua2Q-9YbKYvwpPG@_r3|X=zZ+uRBXMYy`88=j|7;%Br?1~m|Il`w z?BVTFTZ_k|mz5XXe{f zdMIj6s>MYSRp46hos-0LDJ%V>OB>IM2z~Kl4w4M9{&UT1*OAV?sNdPgO)upm@+IYQGRb_M;sT0D}@)7 z?T1PVduwZ=y0uF|Az={~Z;~+7sfQr}wlT{V2@^-!ptwY#HN45=ZxzU;ybJZTW^tL{ zo){r|pud~~@~|99_KjsjR+8ls$BN^gY15wHLzn)8 z{cIl<8yofOquxgjL0LVgjY4rgd5{+S#iwCuFlTADQ zc5y){8Xlu=rkgIupf=lR22H55Vw>^i$@Xlwmn(dkt*(OJ_q`78w^|Ve=xMLYQg+qe zi3g?GP?F*+w@}ni+rDXj}a?adS( zru-$(jgx~ZRb>Eg*@23Qm;`Y0rF}}#HS(W|q+5+tEYtK+OJrA;+Rj7S zr)Tgr9nq53QuBeRd?XDJ=}t}Bjpn3<2<`BiEZ1PIOakIkKz@KoJ^(yRFiaoG{g$?ET%}EF_+8Y&z^~gO zHwUXgH}LlBrTU3JNYgVE)tO#I{=Ri<&X#X@dp^GbMLqL9Z_U|y-=z%L_Dji1Cl}IM zrdt8N(CEoo$S6mKoZ+4U3pQc?1_U&12NDu=hoJg5=g5}I8BxjnC52l6c!6^ua&XBx zpej9BdIfWovd`H=Og@h-y{55EG7nMu8Zv~^6d!iO@s`Z(Dzrpw3~@3Z+p_q=oiEjn zwO_Ph`togXo&W1!mnRn<4XryxWP~V(z=c{)Z(;78w?mN+SePge7LDHmpvzQ&f7&2a zFqbkD!oDok-E39MV5}?U48dUkPWjK#+QxJ`eJQ*QfLqA$7j|g}sYg@EkxdYpyO<^G zrl1@hiEX1W#)hQs4IRm~P|G17uo$&EMi{SFOaVcjR}Q&eVyn5lm<89?F&koiZy1E< zBFNCQ|6#yx!C)dqhx!(13_9uS?tzig0E-=N*Z zMOzGBna@$m*sj>Z$d-D~EeF@q#Ls&|2ZU=uJPLgs$uOyWG4cqD76HfC?6!-+za=gi zIY|)QL6O+-Z{N-<^<~~?VE%C(uS41a0TJs7>q;_aXf3#bDwtI+R$^}D5Hk>a64xL(k+*18o+M+!dpTE9g`ON_PF8k zN?4WkAIKoI<(RIFwDh55HZQA$DQcNW|8_RKvmr>8i3X#rlVmsPq8W7oSMkVZP#B#g z$Z4`}7Ua04j}^O0BXszOxBPPEjR0d}CEX9J$>p1t-gUsKdQugEVmw$F+aGBRAaDa3 zFRbTK#Cq)M0#O=x|+a-E^8Pt zerPgBegNaGY}M%AAk3!LPb6|iPum!^+qnddI>K{Dzu22@LI{HLd{}V;Hs%kjOqI{b2UKUZ9N@^#`meT1ofaLtcTFX z3`!V{3d7*XEQ_|p^1V_uAJxrBwloyg?=>VSwDi@a7AnqHFdocl z6|fzgD(#bL%pt7}ZD0rl#I8NFasz-P|2col761u+Tsi?n=JMEI-T^@Fn^55QYyYHB zYPa6CYE7+?)Wmu`ED2JH+7`gO4K7(jQQFApl=H6dgC|*fpF}4ntL5FJygzF4eS=bt zZ1idh(tBRV_Mg{KIR4h|w~1CJWBDpu$_mB`2VewZIj8L5ak+7-Nc2Ax4e!Uq#`pE@ zR$8Ny9W4tv25?_#R+2u{t1hVxMpDy(2$S;#rO=Mn>VAfcQr{(s2#qFiG9{6rU#{Z! zne<{6%QU`c6`lK!^8 zd5D)(3Sdomgm_TvB>xaa(9Txz;4rA8nUCGqZ&x#Ue&UV@=IW3+8QV2$~|}k6>Cx zU8W76ky{N+T5V=yqCbK_oXx=Iiz-?z{DaDAeE+|`hd0wbl(!p@vvl*mht$379klQ*Y}SbvGjde z)FZ)AyZvGg?`8a;h!@Z#zyzT^p14EPyGO5~tCj+g+TErRqjJ(_Q|`W-IW5tz*tF2~ za#0isrNYC3ZKUpHUZk?;_+`afJ2t0G#noDEkmlZ5K9U`wSv~o5GMk0m6OR=m=;+)m zAJ_Ntu6?H>&FBB4217)2!C`pK^Y`NY16jwGhQZ>Ps%wDjFnS*E-I{eLm+pi0LCOTG zH_lI7PCHUBFHf00#3Ho(_SGCw6)__H8C5N1kz?U>6rchkmO?`g)s&k-4r~GYRd#3T zqb4!3p|+)HFYK$&&*?EcpM6lV$-2j{n4b&I@#gq7CkP` z5Ow=Fl63Ws!LdcW4IL<=wT~u2VciUIovCCr-&(#`!N_1#y_`^E7#>Ej;RYVFl@`SNw?fVR0LO=x z+Wp1zWcAG&_ZI}`g$l?E1T~&$lsa!k{e3ax;c*2!`S)*M|Gel8XufiK(q~J#qRE6t zweCtZ?180 zucvHN%OlAJ1Uytrz*v1{4Z5sK%qUTjv9Z|2J+haJ{)=j3GS*(7a-Qc!Ohdgz-it=H zQTBG-Q*Yi#(kEH>wEpF4at9Jw&|lPgKXNn@kDzfy!`+z4A*k3p_lH?-A=kqjYa^1s{wr$HUV#`408m2diP*(!3G%Y`lFZJAsK~|JmfE0Mn_<7ArZng zBHbbCm8Lb$YHrpmTJ!NKB8RIfY(t)Zqr8n4vL{~oZ=Sd zvqHITdN;LUrG}cd9u$SI{57$m@4LfK5qB%%#pm8}A&Cr)*ncG{vn;x8F#pPo?2{{u z{mKoPAFOHr@}?FhRy<#I?W7Ytk3zcwD;HEVBW?Yg28k~`N*nZ%ePSvp=A9lzpzxV- z(A*2IWaTWpM)&^-QlK3_2glo+eb!&WJ?xj9DUL3bw?wj$^VlS-@8Ud4sf=e9$H=i! zyISO@O74}^HQv2Z9A8r>U~B5@8LA3JJtf7(CL#kUgGxp1K(H>$=pee&eJkQ+C8gVf z6;z8FFYcdML~LA@nzeazJn0*xl!|7T_Z>Nx3`vM8)6_`UI~2b$1W%l|pfIUi+ECYD z@G5e)hSPk78V=!2pMGs7Wd%B65-tw^n_krsf#|>Dd;|?+?6angxhtqllh8;%Gd^4P zNgHJFvQ~68d|KY4AjGLKb@sOL4B@aI5*=rlbGoqJC)!&w@bEqv0NIIiLXt`YUwpP4 zjwO?MM{hTMo9xUs3H{Z8%xJEElkl8Gh^J$HMczU`^3!d?&@5xwXI`&Gsoc1eXynaIvD^-+eH% z_6@DaJ*qXI!kXP$0Bm|J+SCKf>0&JgCW|nWMfk<`RTB}aQ7m`9vGtHNfV4JDu^Ac_ ztG=BhGi#x&>tM-*#dt+T$Ll4iNcE}mbN1%-_vbQlU@*%8>+!w)l44hmdkQ_dxXO4Y zgkMnG@R25sv2fk5U%FbhYn=^mDyqJZX{eGo`*NDpN!;b1?Qm9EnF|~B2uUeQ4eeiU zSBnR2RT1-M1xs2riM^(Tf*Y(Vb|!)gqqTaxKU#li^Fi0J?oh^!gzlviuM8EsyTTz zIXkb?d>hDuJ=+fsGmZaF=aK;4Y~e$45SzMNRD01g?$N$&Ba)hw09wDis4Lx6ddG!F zfhB3llL-4pT5Gyw6@+=K`QFt=G^EwGeQG9}7|&sq2*^#x?*4AJno!m0uH`EkoZPI0 z7&@j2`mOa&y&r90n~(Y^*3;{+NQjVI7$RXSRj(p7(JY{TZv%VAt36SSK@spQms!wjxF~>z`$DV9y_2y~PZZVNzSx!5|g=KQ=dYEB@9AdVg>(N1({om=D-waGJzg z#WH$MGdK}?2q!mEAoQxc15yf0yvM%*kOhAvk{3&CKU2{ZYlT#bl`r>2FCO*HF>h$S z5v0@8SE=bTV>5b^6;9}o3G3Fw1kw;cy&X`+9#OW0AV%DjRb#Uwy`~D-dCGu z{H0Llwm|QN1R>g$B#8W7lb9VKRg4F{33Jt}Fc$k^E|Q|>$2JdgOUfv>Mcz$qaq+Y*C|@iwY| zweeog3F`Px0SY8-O2y*-?WxPy#Jh@}RHGwfj;j?RZ>Z3%pF{io^lf{&ryk|$CmO~QfuNelwJo%*gVLQBD z6{9Y>y7#y$`s=#eY@`nrm}t`k$N6^#BH3ZWwV5wAdBV4`j8Kw2G^ttp?Um1&sLMDD z#G-dx_WS42P&>WKEB;`hWw&5%YYZuLWi%JY8`BoEMKZYR9jchRa0|KI;3NI3Y1a_? z%;VCPooW-Y2PZuJ_Vw$@wQGiGd<2zi^*8PvS)poV2WXDL5~PGFuIDmKxUp3(cB7ndyIXOso}xv!*4QE=|>|ngpZ|WnVQB zV>I9Bi@JNR@>Icz)s38P8L>5m*6NPojf{$yWZaEvjj`&JFq#q+oUQPX^uB6KMwUW< zdNW$xuv+t3Zb7YHHJXBYyF|W^bLBVkr_6z4Epx={Nu;$Fe8{4sqT{!}fAY}G@Hef5fmH+hsK(w}{Dk5)gq2n3dZ=(&~f~}0;_+XG4il&nQV`bux4G0%sdJ2?G>B`$THiA`-k5#xD#7txw06#^^b z=VyA3h&j18)oWIS56{6{4H^{lS$iZGc#I92?|_9JSu6>&t^P3Z2(`sKfna_+-y08q z0YBb{ATDJJ9aycYFTuOn;s&CA(XQnsUgi!;CPARWER=rQ_+}7x5HGNV{EiwA7F5Vp z>y68L^QzPb#fUr4*@dYIs(@!j?~fPs-NF>36X#`z$kH=m23=6%PC zmJiwlW2@mqg(!d*&KnwKsUb;2L0D67^u*0DHOIhTLHV7|#{JO0-BTD4FIP8gf)<+V z>;kR-x+pgfE=u0=?#L|sUot*v!=Z($c^~}vo_bT;Bw_C1E*{U{n39mq3p%?HkEmune zmv%%;`Cxz>Ax^v8A_W@LtE{#D{m=9K>g4>4(h>84iz|k-lo#MzDN;@kj2U%5zGSjW zxmgk2E#Pt6vwwV;-pu>52WHW~DNR#ua2{EUArjYQ7CUUk*SGQ<9Mw3cZp>^L96Bsg zky{NIQq$|KEe~>WyVW2%?OGrGC^Mua<`bFhmlTeby>}ZVj$jTx0^^YAV6Us zAJEA|TxK36C0NeZ$}IZkd%nAZHxL?!G~2r9DH^IY7raqpo~H?%lem-~V8{_%57IEH zUFB-LV5h4}&U-{8m|1C?%J_%pw0Ni>o;yhneo(GnRlTtEQ*(PnAvc>3I(6H}ibP;Vh!cgX+^VjJMX-IMNi@FTYC5$A*shyYhjua~J_`)o1`t2$N)y~^~7 ziJH3B^TwF94UM)kUoBV!r%7&}30p~P8&u*9FohxoZ;Vf|G%au+V^ki50ooNZLHV8e)cgRr0 znDO`5*0VdnXQ57N$$lXK-NbG9+Uy)fRKRS}EkfG>@|Ti76U7wfelu7fbsyC(#yYaa zLbw^*pwg>M5XL6i*x_fz zoY5AmtB62CFP_20$<_5Y>&pi-kg`LMs#AH@3U8FxCbjr>dA-Frh2;Ah4I*|k+k~nn zf?68ba;kh1^5Lo^?Cegoy&Hm$iXUIs-0%3l#vH{*iiDJlp}Jg!n)hH|qDO~OV<74;JC1;;St zEq+jx8tLuVlP&J{2*Xsn7sQs+URHN6?7QaR9iFu6k!;PRb^6HrKWX+Le9eJ9Rw7a) zcFWX@?h~`V)oD4gnO++eV*%?jj6qN#D3D=en}R95Wa64GYtfS1H4(R)mdg>?=*k>? zb0Xrhdw&&>HXBx-x#tKL(%r(`TA^nH{FPsEsW-Uggx-pj-J4fR?i&2 zmY~Y^3ygBDeK)HdqTA8j0sB{^y2&tYgJG{&G9H~Qn{QUz(Hf4&DhmPcy zFCgTP9zxKR#1`)}QWna*vkxvbnA;h>xf&zjMBt(`nUIoW|LoaC@p zI@w#+=DoS=4L@m7P{uQSB-z0xR-u=!!A}jKdWDIX%wW3;g*B-p)+s1o&8H6%)f6*3 zsv{*H3f8K4c-DrgDxBGy(qc;!&0DYq)P=Qyt)=I18x@yvlenp1CwjlH3R=OWuQd{i z5cA7})pYA9X@7*1<4`mT{* zGWux7D)vz5*|7DI)ui;Xf9mTDUV1_4F?k%TOhIoJJq!+@(@fbYRr*2xM|4{P*wZA$ zwH-B4!|NJqgx5eEqy1jABP8m!yTV2cmApdAeU%izqnGGK z?LC?%;(faoZqeS=Ycf|WE)`1ElC)L4+xNCtmg|a8Yq;8+0@+tk;d0<#TZ=@9_#13a z_6m+Q%fy>>>de&b@TY{MK$(so`z zo2e;9pX-n7MW-UbsdH@;87#H(4RN(M8uwmfJ(p##%0&@@vLv)bZn@F?~w8&e#ge(9b5 zk)K@sp02MfqXj*?zL+Iv%461lXNsiA{zb;4Jkh4|D=|pRydre0XqvY5fScu_SJ>nH zS>#PKsM0{C3Bg7wztc3_K><7HY9VRNYVs8H;_LFXtr+A9mRMmyE3ZNR9JK>s zlM;*j+!*w_THHM1NtiofC4^cu0Fj~pDd2CsB_mQD^NOi!rtopQh?P}Wq8S}o5@?}t zx=Bo=*|~D?Uo#_-)AI&1nSk*zYY$Ye1(K9qYxkIaLrSbt^&nzA1-NH`(XJ6bw%)wj zk3zAE(%cL$YMiZ(HjjpK*CZsxk(wsG==<90;kVJsvL#P>phmH_*O8_xCckPex&wRY zpu&BL&RtP$*W^<~8_^tU$dUI@q>631>{Mb|cmHHOUc|@zg`hK@YHQ7`6WC3c{FkzY zl-oG%$6^LEA4P9dYmjqm^w4@N?e}krrNa^*mw{4r?-REYu(m>>Gjg&cX{lxLPA_W6 z_Pp9I8OZ9r!uJcY5(Z_e7`2@{0}aX=9BK_^>E9NcU>ZlUNU~R}K75m#5MY(((!>tm zcs^WFyiEKh?3}_Ro2sBgnkr)?Rf+DBj5OlAO~MnGkVZJBPog<#Iz9wQzRh)!c7nf1 z7LVt&>X-nspVwI)i5GkK3bDu;o1eER6w8Ej)hyI*KLQ+KCdJl zM2~K${xfZs#HGHj-H8UKqVHmXqC}C!B194y+6e8wWBfEi2;xVxyYEL}?kUgp(cYH4 zreTh@EnUm40|i8dml*fmts1Cx;<+%VRl^v_38p)=uCJF7SY@A%Kn5z{*N!?ZkenJo zzq<9F(hM81=5up(dx9cGW(B*3IG|~wP}cw`vv(sFYc%HUEk`m9^xN0m- z4${!QIgG3a@+A5#lz(meUY;onn>>6%8I_@t>;dtRQJv(Jh8dCph`wc=xgo#Vmt&}E zA5knB0EG`XRYx_*+zB$Uy4Ll7S6g+hJItn`%(T4?m7i}ih>E@#_ASRVr6>KvZPtRw zSXDz1;}`ZKl?*h??$!35d@@RZ%cH;tnBJoNNedea7@H^Px1YBwwk;2`we^xsE3|+m zrfc>_UxsX|Zx@)d4s1)7YY+nbkO!;1z%>qgp{OUThnx*SSQw5XM;<90RtXi7TtxEw z>)v;=#%CwjmiegxpIMtKmia~+!*a~jN~HU(i40&S;~#IbhDJ}y0*pb$wOJTKRY|(y z^5et{Gqq3GdCzD!tmSD(b{Q}r4u5dZc3Hc)^^WoG7|+|#{E4YORX5So>;LKZLIaXG zJBlI-KTR{*=%+PJbrG!KQSd*!*~0UdXIsfEExVSjEJR>NJW5IqZ zgOlHT>YRowNuhN+1xnGth{7qsZ%P&zeoDJtR&U+_8IfQX?CXmP6J4v^Y+jpcVq3Q> zi8YbMBP?yiNG%L132!i1)dazl(g_nwm4aXXm7st)bSZzY0+Us_dkPeOt;dt4d5QV+ z{X!jnc_j2KSpj(!D#zBqL^*nYOpT~qc*&mJ8cSr4QfVTCbezZb->+ntu{g_Lw+}Q+ zi49m2vCQ`2`V3iWZ2!~StD^WjvE43Co;vTDFG+b>mGKz17^#4VQB85|Rv6$q64y>k zl(Dq2b)UT0TIpHQt7;wHVjs}9Q5et2)Low?3rpPl`NSmV!HZ&CTF;cNi zeYY{wj%Y!#LFTmV1L~Ck8%AcD@cj}TYki`6%0gyNRhmVSPvASUP8uR8+k~N^9+89J zp!f-M#fE_9!3`Vs8>uBTv#obfTpo~xB_>=EI*u$YxDbvu|^ z5+j(7m@F;jXuNsK`F{;V63MlzoSmj1F18xB=%Mzc281sr5k z}ck;9$|t^`khFlJ|Tlwn3p9vF&TEzuEMG*0tUkBq_5h z(p^nnq9iviKr5W{-R%;`%_^Gl+?YJMZ28&w;16wdr!!w<>A%3ietA^UVKpx+lEJr^ zUDH^iV$G%$?-IDVXTx7#)d68Jd{Vm*V^8e}d}XM&(sd#5ZKC(N=FnNnKFOZ^xtY!e zo7MH=ThSXi>9V|&6c>n*vxqGQKm%)v3Ff;Wy#zB>eFj`vg zzW=0lh3xu*BEhi1E1y0HwAL1b>}2k(jACq5O%l{_ijb;x-@^+5d}EGDnV*!b)nzAv zBTiE8t>TOxlmViwX*slRVRXC~0jHmF=a)t;pE3Qnah%7_iO2|IOK=67n>Smn=uKOv;j9x{28$6{?9PxrWMVqEm3-wf z-Un~Q$IvX32`K0+U^X&_LmCx6^!lXz8TXOODEy_90JX^;wl`A}J%NikJg=;&P$;Ux zs}hu8^OcEU)EnYeYNqbxEGxaW;sHo7X@?<7jcq?5otBP_B<%a(b2(@DpLFj4pfE94pDnj#Kz#Vh!gPY6Z|=0U7wyI!dvVB?*y-R`dsxrNq68S8y8qI}70 znhNSV&WWv-4PZq6(XKkSTc8?;lzjQG!};AKoMrf9))Q3Rb`3$RTWy>L26nD=xHhMH zxslMWTy=0g%hG4h&ToSCWyD8ECr)U1Xk9@*U9{DbB|&w z2^TszH4i2$P3ECtHBcdBmF~8qWNw%d*_npA`w_XC5>iazRqKAmi=;h{-)7wtjN}bL z#ZGQ3+r3qkGJcaKiyYD~oUc$10LM!H*U3HqxF74S-j4gb5z`m#ZuC%)M{FGj>~R*1q9NN(KJ zzJOYz$Z!nYn%=|IeYgNt%$n>)TH;qT71kjAJvyo8t{2ZE?TqgZ(?tL0TbkNpQ=wgG zptLRv7$rqjXE?MIF%XdyxbZ=#vfT3$6B9c;Zev&AKt_=4eSRc5*djCK?&oNz|2}FH zbYLw7DOSK^i;X9ve5`C3IQH5Xs2S{I=FAKLS2z3|yA=jBDX9A5(EC0OhLuf7_K+nn;AyGdApTq)fuFQ#3J6|IJ5<{jH6 z-Mybn>4AzDQ`xt;Ap$~zYqcL{4HDn1DJnQvjfosQXiFcatj@6=C%s-jeW1&uQ$lh@ z=EtYxA1?o;9qLhwwsWZ=VXWRHul+t5OMHQw)JsvkqGVIrVWy$y5KUrUZle^ue&ZRv zmR(jEx@v*221T3b7X!JMGW;}X&^nRIfA=;Wpc|Zut2PZ<-I+=d3K z)bZ}!ZYG5J+C)MvrEgaBma^QR)PU}vPH<+aM>;v-NY%=&rU$ytT@lIGY;x1W41O8v zh|#g^gShXZN4#6)3u@f(ud;m}IuLP!FW2m!@6@+awwN%>AWL2HcEaD2o7*?dgmX8l zg77Y6Bw#py(g`%l zEaQ`EdU=l`X%=@1E?cYX=MS&PSdUa)j0mU5CB}uJ2a1VUwPow^>HTE%!{AP$b;WTt zF)Vvso}z&7l%c3<8Jum~8rdZ5jvSVC(c-=3{E-$^82oD>4eZ(#Ym@MOJqV z!E&aHxGTzifEYWnmb{yq{itg+2_J24$QNWtmwQO_(oxA;d9OWiQ9f7z!f{bx5E?KS z7L7+ZmYVzUba@;PJ9O;59yIEO?645}zJh?zv+pfHEOZV+nsxc-_sQn#^yWLa zB8CrRZ6?}xK$OX?C-Ep7@(d;^{QJN)FhNpJ&mtNtb-7(TqTz3q2G{myr_Ec1K>%7esyl7Q#qvc!h z;zzyE4O*Uf;!1Z`=q=XV5J(1ulZ>_cP{Avcgxa!T+mXO}x&HR`+rMbQ4Nya=Ub%6@ z_Hlpq`?W^h;sIs_LG>KJdjn;vvNU<#!aFxwM&Mhb@ABsdb-UT@MHh<~CQoXCHP1<% z_hw^gxZI)?XNvN_txwC-v7>6rYOB2vY76M-+id#A`xDyqpe5hezQ-yneAXHoe3KZS zvv``@2P<>#1$gG2}20W#8Q+_e+rZ*-IT z@Ntc%mS#|_Mo;8pXrT7lvO}M~emnicj*cN>;fk_Y^Doca6-X~;s9d)NAl$nsCH_A* z$qrfl#L;+;c-poEES3&LBP6Qg*gDfXYuMSC(8D)2mB>G+*jtg%+Z+|ej~rX=AZP5- z{Fi7lx)@LLK@=-m%G7HenXJcavKHQ%)08*NSq*5+7HW6pMZ!BcpK-SdZTPWgO~3#0 z0o++&QB9l#*i0rNba@D1h7?k9mGa`uL?UFdpGB_ zo-#SI$oFYtITJ2V?Gc4=BSs!28^hms=1;Z*EToWDBhq&;l40Q7Li#LMB%RQx#?ZIE zdo;hflrfb;mxOCdWdtQ^k7|@x+c@z9TLQUXD|Xdij}J?Q4M{f2XblY>hmjjt4}d0C zJfS?>v;3*y`-!)`!J7GI>PhrldI-$has!iF z8yQ*DrTe06gZIqCdBI~-GOj6>O(`UmcxPMLPI$2Cn&4cwEJrtMzfPc%&EGOZv;>*n zu?R+TpSY%R${H4}bVZ)DyC|@j!|TPL+Q$J`RB=*tzgB?Y#7ZIH(Zhy(O0d|G4ClQM zmys41?ddK)uCfL}v)i8S?i8of-f9v5EoZ}D`N>#muNo&s0Cxzj!V5R}|2#4P8ahWk=#&~jmen0y; z=hHycB7Qi3V+Ellxo9HDr))pKi6-tISf)vBsdmJ1)2@uuUKL&u+hl3FG5a=>ILusY zBCO0Qu>5#={&(P0ZVV3x1McF-`TebGY?X7euYAKObsls635xes#5%=@2?ht9xt&N3 z(N##E?<{Q}as`}0eL6;uiB1mAO5%kH*tX;mw(bp@NtSCjvN-H~=n8)}4iG+E2QHn( zqJLjAx?}%-o^jL;4M)~0RUj@5%i;*P%Eeq{oU>F3=PMC2s0LWag{lFWMK^VM?H-{| zZ0PSjthzDwZJmBUj#H`?WE(&#OgPX5cSH{HkTlGriGj*WpD{7TIF#AFP+FFU@ zfFZxgDNT^~f6IyGnrfPO6Gc?Q0yG5m|>2WLRB0rKTXdU%tEMefbw5csA>y;`$ zP|oPf*@=eYkZ{{WL1i~>$T-_COu1;j=J1zgXMP8H?v|miJ#o`s8OM!er_#ca+Pl}z zkt;ErVsfWM+W#nrbOq#4&WXslO!+J? z<<{KXe`~~_uprzzVq{Pasa_=Vs@TW5P#9V-y$XC&NJtVfp^&Q6X@cLE>z#*EI}x_3f5 zjJ2`ltH$)MG34Pe)-uwe>49G1zh7P6(N(KJl&noYeQa~qT{tIUB+oGIynpmirW}EX zQpeTTCF&chXA1yANv1&yJ{Un>yu`9K(ptLKE^&h-iFaILPxLVB6d{k=de1F9N$pqUe zt(oB3Hw~XTSB8MM3_<<0#<;*oIw=IJFcNwr+>nJU!ILTped;sg9yS*`#8%Y{O)W(D zGJr?!p0d4c6U?!9xUCyH25USg;(=%DnGXWB?CbiDy5ir#ifLjcS>u>fgv3Wa zpQ?N|Dp6I}Anc4L7{U%#pdV&xm| zKC>F06QSS}Ucy4Ani2D!iHMG_HP@G%>ah2yr|=x7!VQkT6u`)QzT6=zPT> ziD@Jc-_JmX7+fb!G+FtW@_^^%q0iTy?RVo8i-!$YZMwXt5Vq#7+1ykVBkvH*n*X|` zd;(=As|Qo&{d#u%@%a7G+3~lpNyKc#p+4r3hbS&!B01i=Hi2)WGV(VR{Etrm+5WgM z!=uq(r^7FNX!tBsp@8~eg@O>I#t5gk&8%#$dv*{LIREYbO2}-hc@R!WeC43+uI2 zBrtfX6ho@@OO1)B#i{a)WdWD-Ft|9snsO#o!ZI?6Rnsz=;_ZWx^a!Z3bfxoa-(CZC zZMM8&x(UbSNF>j!7PTUW6&e>7Dif3;Ygs!5Fip}RuaSmLhFPFCY7$KhM*I4#Nk3cKZ=3LALlDEw>PvrY zeLKfB=7OUY-r2#y4Ot^5>f{a4h>_CtVSNoEoy3nD`+T-zgi<(uTiv6QP57usg{HRo&)`k6m3ua+?*`wz;7M1%@p zep2IV1k$!?(Ul(wMa?b-eO_EfFs&4h&}2Q&j%%K>XE zroKZvJ#nFA+;+<%;hZ$hb%4CPDKGGS*W9Z}&E`Jh7o05->`z~LUYX~oD7|i;paP9> zOdjYkT>ZX1U*2c|=?JmFDmW81G$RoMRM;P+K%SLpV|Ld6$Pwea`C0ayifqRE`*}87or0k6jFshV6xxdB^nb8mT?YtJB}sAt8mHPrSz+K!4bCP zE=Q5F_T>?g0FadJtJvyfi3F4knFN<%L z-qu*MUL&x+BV^Yim*XOq_D!SkmZ5LPm58@)ck|S3Q@p6PDLz`8BCqEp&e8kPu^Dr)zU zk$_jUE^7)MaF#ZYWhM(S5J1nfo-0XcbHB|j)dKZe#vgUg@!u(#kIeuv%IWNRI7#YZ zDsdF~?D68s%2Ng9P){8VY-AtwB`NvPi-P)7%d}(HRP@fCvtgmYRItAdW}6F!;q{q<{dKL0sTA6hqc7kH^E zDQinHZ+H{9T{gVZC@+>o>vL8Q=i?t-bUchwO0=qY;KMN@z=N?gT*F5Qh;tQS-&w9U zJDc)ss-&{LMoE7p(VodvZNeylQA!cM=6;#jC050C#TMk_$mLDx!hm&^f1jhTqB&_n z;_Wm5iUudKO(D>NI;W1W9s% zT72gtqcWrA%P_mz_q@7VE=~EZ1fsqkebJ?8G~0Gh$D+JLS{*Cc(a;{~{nn==jE;{6 z?}Mv#r)p~4#vqi$YWPX|`2IZqKnYkC;(wj$4RK=k99zHh^Fz4>4FbkM|M8c8V8m9%*9mlO>qxXoYWz zm%L%S#x4hYvFtR|?D>H=J}~pf7)^D62&_1mF<8oN#-gB0$pzYUiSr5$>5VmKW~`f^5*uUyC0L z=AOBb#^4qEvH8pLqrJZsnN{h957aFlO&ifF+Un-+vxcC10WbA1mLF~KWU#T??Ut`Y zsdL}xO_!7{)M)L+B_CV~)3iOfQvECzpN=qS6eYeq{A%J;MR+T zB=&U$mNXY!nW5$ybt=+#nzU2;WVKG+BGoC%;vJ+N}N7_PbJIf!|O7`7@ z@5xlaa*+d#>HjWI6YOg7G5CC$8o?${!DebH?8*R4A(zZNL2iM#0V9QDiwwY z_QOHK7)2>m*Cuj>wgRe(*$@0$54Scbj#X;uy;ZTeSrq7e9H7AfR-Dsd+xWDtc(3Mv zh)x_)OM2v6y`uR&OeP*$DYugh;yd)+cI1yTy`~jjAt<3P@^qH#&;wdG`V_1;MA$-F)$ZI4FuC%XkHfz-tO^OSG}&?X`-} zKD9YAOyw+|Sw@^asksJ5w=Xv@2Y4o79Tp-&mpoFIE!1{|O|#T7i|rdihDc`CVM2D zie$<$L*0=!zzDVRwYzKMXeyOBIF@A}7?f6L`VQWNB8AmIM>#P$xd;*iUXm4%^NZDX zmm>?Svc(xOZtdL$&Vs$RfM1#vrk20!gL~^AZs$2~^0aWm11cSry})6h!u_%}-^+o0 z7|-!#*fHA*?P5gK2u!QaSeXFcqW~klBL^E(H*==C;8|mo?-hO9$T~zA)Wrc36?Y( zt0V0iQ)7=B&3^)DcpITdvj<#aWOsUxqyKz@A`-CPU>$A87qi_WAu~H-FI-;ECQtpc zT;QuR%go}GKilwyQ44GM!rm*V5hk`*@tj#cvQ_-byL&rmc@S2I6U0x6I#g7%zz^6j zGk~@-bH745Y1jBYd&BH!_G}D?;xA8_DwE6dJXOI#3!nCg1It24Nb`sxs@SD)H6zqh z^Nd;d5Wny$!oQWt;hQx)2I^dRSlBptAWNz}Qwv2kUQmXUTp3jKCpg!%q}3CSbls&b zPnbT)-xKqfmr{Ul;v42m?aQd#GbDSb2QLp_mS?5^B4v9rJp9JoAvEsI_!nPev4WWU zHsJpF?nv#PDOSKW{{&Yn_Lv&-UZ8xMEA(C}+C9k{|0Z7ec>E4+p!a`{M<)P;{HidO zXLFcr(R-p~;mX#ypUHEDUamE&4cGVHF1{MCUrf40K`$t{YL0Jj`_zQP=st`l=Jrz9 zl!!lO>lA8P$BRrcmpR*lJ1>qV_%zWq}(cXAn*6Lqrly2WxMgw(i`JxUk#cmQg@pE2mx1raxtF}12Wuv z>XnClnp7hiWDJG9{nLlV(dz4x(@U5Ed`ex_VtTiL_F{?aXuxxb?o?=WQZvnGwdBFV z|Cl)pB$vhKqJ9*LNGF6rUx)t~fB*LRFVvzSTH53W&%^}9i;c?4;)G~FC8AvZW+17l zc{&L*t%L&dgm@vQLO0y(bb0&!@@o9PH3e*=@uzRNZTwrgi@p2Spu0h{22S9~T?{Qb zPs;Zlbz(NWazy;xMXZfe`OKX#s3Zt>xF~V8+V7&o+^Ssr*C6gcW~gk>rxF|t7Oq>) z-+O6d^rxI-o5b)g%D`Cy14^e0Yj_gDCKkn+-g0vHORFW?fMLG