From 33f5607ff16eeb9845f26872764e297f9753f957 Mon Sep 17 00:00:00 2001 From: Miren Esnaola Date: Tue, 3 Jan 2023 17:25:09 +0100 Subject: [PATCH] Apigee hybrid on GKE --- .gitignore | 4 + blueprints/apigee/README.md | 3 +- blueprints/apigee/hybrid-gke/README.md | 59 ++++++++ blueprints/apigee/hybrid-gke/ansible.tf | 39 +++++ .../apigee/hybrid-gke/ansible/ansible.cfg | 8 + .../hybrid-gke/ansible/inventory/hosts.ini | 1 + .../apigee/hybrid-gke/ansible/playbook.yaml | 26 ++++ .../roles/apigee-hybrid/tasks/main.yaml | 143 ++++++++++++++++++ .../apigee-hybrid/templates/overrides.yaml.j2 | 63 ++++++++ .../roles/prerequisites/tasks/main.yaml | 37 +++++ blueprints/apigee/hybrid-gke/apigee.tf | 46 ++++++ blueprints/apigee/hybrid-gke/diagram.png | Bin 0 -> 35836 bytes blueprints/apigee/hybrid-gke/gke.tf | 82 ++++++++++ blueprints/apigee/hybrid-gke/main.tf | 44 ++++++ blueprints/apigee/hybrid-gke/mgmt.tf | 37 +++++ .../templates/deploy-apiproxy.sh.tpl | 36 +++++ .../apigee/hybrid-gke/templates/gssh.sh.tpl | 30 ++++ .../apigee/hybrid-gke/terraform.tfvars.sample | 6 + blueprints/apigee/hybrid-gke/variables.tf | 94 ++++++++++++ blueprints/apigee/hybrid-gke/vpc.tf | 63 ++++++++ .../blueprints/apigee/hybrid-gke/__init__.py | 13 ++ .../blueprints/apigee/hybrid-gke/basic.tfvars | 6 + tests/blueprints/apigee/hybrid-gke/basic.yaml | 17 +++ .../blueprints/apigee/hybrid-gke/tftest.yaml | 18 +++ 24 files changed, 874 insertions(+), 1 deletion(-) create mode 100644 blueprints/apigee/hybrid-gke/README.md create mode 100644 blueprints/apigee/hybrid-gke/ansible.tf create mode 100644 blueprints/apigee/hybrid-gke/ansible/ansible.cfg create mode 100644 blueprints/apigee/hybrid-gke/ansible/inventory/hosts.ini create mode 100644 blueprints/apigee/hybrid-gke/ansible/playbook.yaml create mode 100644 blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml create mode 100644 blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2 create mode 100644 blueprints/apigee/hybrid-gke/ansible/roles/prerequisites/tasks/main.yaml create mode 100644 blueprints/apigee/hybrid-gke/apigee.tf create mode 100644 blueprints/apigee/hybrid-gke/diagram.png create mode 100644 blueprints/apigee/hybrid-gke/gke.tf create mode 100644 blueprints/apigee/hybrid-gke/main.tf create mode 100644 blueprints/apigee/hybrid-gke/mgmt.tf create mode 100644 blueprints/apigee/hybrid-gke/templates/deploy-apiproxy.sh.tpl create mode 100644 blueprints/apigee/hybrid-gke/templates/gssh.sh.tpl create mode 100644 blueprints/apigee/hybrid-gke/terraform.tfvars.sample create mode 100644 blueprints/apigee/hybrid-gke/variables.tf create mode 100644 blueprints/apigee/hybrid-gke/vpc.tf create mode 100644 tests/blueprints/apigee/hybrid-gke/__init__.py create mode 100644 tests/blueprints/apigee/hybrid-gke/basic.tfvars create mode 100644 tests/blueprints/apigee/hybrid-gke/basic.yaml create mode 100644 tests/blueprints/apigee/hybrid-gke/tftest.yaml diff --git a/.gitignore b/.gitignore index b266b9dc6f..79fa83df50 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,7 @@ blueprints/apigee/bigquery-analytics/deploy-apiproxy.sh blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/targets/default.xml blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle.zip blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/deploy-apiproxy.sh +blueprints/apigee/hybrid-gke/apiproxy.zip +blueprints/apigee/hybrid-gke/deploy-apiproxy.sh +blueprints/apigee/hybrid-gke/ansible/gssh.sh +blueprints/apigee/hybrid-gke/ansible/vars/vars.yaml diff --git a/blueprints/apigee/README.md b/blueprints/apigee/README.md index 67b933ce7f..8a6921037b 100644 --- a/blueprints/apigee/README.md +++ b/blueprints/apigee/README.md @@ -1,7 +1,8 @@ -# Apigee Examples +# Apigee Blueprints This repository contains the following Apigee examples: +* [Apigee Hybrid on GKE](./hybrid-gke/README.md) * [Apigee BigQuery analytics](./bigquery-analytics/README.md) * Apigee network patterns * [Apigee X - Northbound GLB with PSC Neg, Southbouth PSC with ILB (L7) and Hybrid NEG diff --git a/blueprints/apigee/hybrid-gke/README.md b/blueprints/apigee/hybrid-gke/README.md new file mode 100644 index 0000000000..cee4aec1a9 --- /dev/null +++ b/blueprints/apigee/hybrid-gke/README.md @@ -0,0 +1,59 @@ +# Apigee Hybrid on GKE + +This example installs Apigee hybrid in a non-prod environment on a GKE private cluster using Terraform and Ansible. +The Terraform configuration deploys all the required infrastructure including a management VM used to run an ansible playbook to the actual Apigee Hybrid setup. + +The diagram below depicts the architecture. + +![Diagram](./diagram.png) + +## Running the blueprint + +1. Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fcloud-foundation-fabric&cloudshell_print=cloud-shell-readme.txt&cloudshell_working_dir=blueprints%2Fapigee%2Fhybrid), then go through the following steps to create resources: + +2. Copy the file [terraform.tfvars.sample](./terraform.tfvars.sample) to a file called ```terraform.tfvars``` and update the values if required. + +3. Initialize the terraform configuration + + ``` + terraform init + ``` + +4. Apply the terraform configuration + + ``` + terraform apply + ``` + +## Testing the blueprint + +2. Deploy an api proxy + + ``` + ./deploy-apiproxy.sh + ``` + +3. In the console check the IP address that has been allocated to the Apigee ingress gateway and send some traffic to the deployed API proxy. + + ``` + curl -k -v -H "Host:HOSTNAME" \ + --resolve HOSTNAME:443:IP_ADDRESS \ + https://HOSTNAME/httpbin/headers + ``` + + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [hostname](variables.tf#L43) | Host name. | string | ✓ | | +| [project_id](variables.tf#L79) | Project ID. | string | ✓ | | +| [cluster_machine_type](variables.tf#L17) | Cluster nachine type. | string | | "e2-standard-4" | +| [cluster_network_config](variables.tf#L23) | Cluster network configuration. | object({…}) | | {…} | +| [mgmt_server_config](variables.tf#L48) | Mgmt server configuration. | object({…}) | | {…} | +| [mgmt_subnet_cidr_block](variables.tf#L64) | Management subnet CIDR block. | string | | "10.0.2.0/28" | +| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L84) | Region. | string | | "europe-west1" | +| [zone](variables.tf#L90) | Zone. | string | | "europe-west1-c" | + + diff --git a/blueprints/apigee/hybrid-gke/ansible.tf b/blueprints/apigee/hybrid-gke/ansible.tf new file mode 100644 index 0000000000..e5a491a3c5 --- /dev/null +++ b/blueprints/apigee/hybrid-gke/ansible.tf @@ -0,0 +1,39 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Ansible generated files. + +resource "local_file" "vars_file" { + content = yamlencode({ + cluster = module.cluster.name + region = var.region + project_id = module.project.project_id + envgroup = local.envgroup + env = local.environment + hostname = var.hostname + }) + filename = "${path.module}/ansible/vars/vars.yaml" + file_permission = "0666" +} + +resource "local_file" "gssh_file" { + content = templatefile("${path.module}/templates/gssh.sh.tpl", { + project_id = module.project.project_id + zone = var.zone + }) + filename = "${path.module}/ansible/gssh.sh" + file_permission = "0777" +} diff --git a/blueprints/apigee/hybrid-gke/ansible/ansible.cfg b/blueprints/apigee/hybrid-gke/ansible/ansible.cfg new file mode 100644 index 0000000000..654f1729dc --- /dev/null +++ b/blueprints/apigee/hybrid-gke/ansible/ansible.cfg @@ -0,0 +1,8 @@ +[defaults] +inventory = inventory/hosts.ini +timeout = 900 + +[ssh_connection] +pipelining = True +ssh_executable = ./gssh.sh +transfer_method = piped \ No newline at end of file diff --git a/blueprints/apigee/hybrid-gke/ansible/inventory/hosts.ini b/blueprints/apigee/hybrid-gke/ansible/inventory/hosts.ini new file mode 100644 index 0000000000..842da83f43 --- /dev/null +++ b/blueprints/apigee/hybrid-gke/ansible/inventory/hosts.ini @@ -0,0 +1 @@ +mgmt \ No newline at end of file diff --git a/blueprints/apigee/hybrid-gke/ansible/playbook.yaml b/blueprints/apigee/hybrid-gke/ansible/playbook.yaml new file mode 100644 index 0000000000..1daa4d86a2 --- /dev/null +++ b/blueprints/apigee/hybrid-gke/ansible/playbook.yaml @@ -0,0 +1,26 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: mgmt + gather_facts: "no" + vars_files: + - vars/vars.yaml + environment: + USE_GKE_GCLOUD_AUTH_PLUGIN: True + roles: + - role: prerequisites + become: yes + become_method: sudo + - role: apigee-hybrid + \ No newline at end of file diff --git a/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml new file mode 100644 index 0000000000..4b72039b8a --- /dev/null +++ b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml @@ -0,0 +1,143 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Get cluster credentials + shell: > + gcloud container clusters get-credentials {{ cluster }} \ + --region {{ region }} \ + --project {{ project_id }} \ + --internal-ip + +- name: Install cert-manager + shell: > + kubectl apply \ + --validate=false \ + -f https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml + +- name: Wait until pods are ready in cert-manager namespace + shell: > + kubectl wait --for=condition=ready pods \ + -l app.kubernetes.io/instance=cert-manager \ + -n cert-manager \ + --timeout=90s + +- name: Fetch apigeectl version + uri: + url: https://storage.googleapis.com/apigee-release/hybrid/apigee-hybrid-setup/current-version.txt?ignoreCache=1 + return_content: yes + register: version + +- name: Download apigeectl bundle + uri: + url: https://storage.googleapis.com/apigee-release/hybrid/apigee-hybrid-setup/{{ version.content }}/apigeectl_linux_64.tar.gz + dest: "~/apigeectl.tar.gz" + status_code: [200, 304] + +- name: Extract apigeectl bundle + unarchive: + src: "~/apigeectl.tar.gz" + dest: "~" + remote_src: yes + +- name: Move apigeectl folder + shell: > + mv ~/apigeectl_* ~/apigeectl + +- name: Create hybrid-files + file: + path: "~/hybrid-files/{{ item }}" + state: directory + with_items: + - overrides + - certs + +- name: Create a symbolic links + file: + src: ~/apigeectl/{{ item }} + dest: "~/hybrid-files/{{ item }}" + state: link + with_items: + - tools + - config + - templates + - plugins + +- name: Create service accounts + shell: > + ~/hybrid-files/tools/create-service-account -i {{ project_id }} -e non-prod -d ~/hybrid-files/service-accounts + +- name: Create certificates + shell: > + openssl req \ + -nodes \ + -new \ + -x509 \ + -keyout ~/hybrid-files/certs/{{ envgroup }}.key \ + -out ~/hybrid-files/certs/{{ envgroup }}.cert -subj '/CN='{{ hostname }}'' -days 3650 + +- name: Create overrides.yaml + template: + src: templates/overrides.yaml.j2 + dest: ~/hybrid-files/overrides/overrides.yaml + +- name: Enable syncronizer access + shell: > + curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" \ + -H "Content-Type:application/json" \ + "https://apigee.googleapis.com/v1/organizations/{{ project_id }}:setSyncAuthorization" \ + -d '{"identities":["'"serviceAccount:apigee-non-prod@{{ project_id }}.iam.gserviceaccount.com"'"]}' + +- name: Dry-run (init) + shell: > + ~/apigeectl/apigeectl init -f overrides/overrides.yaml --dry-run=client + args: + chdir: ~/hybrid-files + +- name: Install the Apigee deployment services Apigee Deployment Controller and Apigee Admission Webhook. + shell: > + ~/apigeectl/apigeectl init -f overrides/overrides.yaml + args: + chdir: ~/hybrid-files + +- name: Wait until pods are ready in apigee-system namespace + shell: > + kubectl wait --for=condition=ready pods \ + -l app=apigee-controller \ + -n apigee-system \ + --timeout=300s + +- name: Wait until pods are ready in apigee namespace + shell: > + kubectl wait --for=condition=ready pods \ + -l app=apigee-ingressgateway-manager \ + -n apigee \ + --timeout=300s + +- name: Dry-run (apply) + shell: > + ~/apigeectl/apigeectl apply -f overrides/overrides.yaml --dry-run=client + args: + chdir: ~/hybrid-files + +- name: Install the Apigee runtime components + shell: > + ~/apigeectl/apigeectl apply -f overrides/overrides.yaml + args: + chdir: ~/hybrid-files + +- name: Check status of the deployment + shell: > + while [ -n "$(kubectl get pods -n apigee | tail -n +2 | grep -v Running | grep -v Completed)" ]; do sleep 1; done + args: + chdir: ~/hybrid-files \ No newline at end of file diff --git a/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2 b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2 new file mode 100644 index 0000000000..1c2c09ed8a --- /dev/null +++ b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2 @@ -0,0 +1,63 @@ +gcp: + region: {{ region }} + projectID: {{ project_id }} + +k8sCluster: + name: {{ cluster }} + region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster. +org: {{ project_id }} + +instanceID: "instance-1" + +cassandra: + hostNetwork: false + # Set to false for single region installations and multi-region installations + # with connectivity between pods in different clusters, for example GKE installations. + # Set to true for multi-region installations with no communication between + # pods in different clusters, for example GKE On-prem, GKE on AWS, Anthos on bare metal, + # AKS, EKS, and OpenShift installations. + # See Multi-region deployment: Prerequisites + +virtualhosts: + - name: {{ envgroup }} + selector: + app: apigee-ingressgateway + sslCertPath: ./certs/{{ envgroup }}.cert + sslKeyPath: ./certs/{{ envgroup }}.key + +ao: + args: + # This configuration is introduced in hybrid v1.8 + disableIstioConfigInAPIServer: true + +# This configuration is introduced in hybrid v1.8 +ingressGateways: +- name: ingress # maximum 17 characters. See Known issue 243167389. + replicaCountMin: 2 + replicaCountMax: 10 + +envs: + - name: {{ env }} + serviceAccountPaths: + synchronizer: ./service-accounts/{{ project_id }}-apigee-non-prod.json + udca: ./service-accounts/{{ project_id }}-apigee-non-prod.json + runtime: ./service-accounts/{{ project_id }}-apigee-non-prod.json + +mart: + serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json + +connectAgent: + serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json + +metrics: + serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json + +udca: + serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json + +watcher: + serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json + +logger: + enabled: true + serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json diff --git a/blueprints/apigee/hybrid-gke/ansible/roles/prerequisites/tasks/main.yaml b/blueprints/apigee/hybrid-gke/ansible/roles/prerequisites/tasks/main.yaml new file mode 100644 index 0000000000..b438a63423 --- /dev/null +++ b/blueprints/apigee/hybrid-gke/ansible/roles/prerequisites/tasks/main.yaml @@ -0,0 +1,37 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Download the Google Cloud SDK package repository signing key + get_url: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + dest: /usr/share/keyrings/cloud.google.gpg + +- name: Add Google Cloud SDK package repository source + apt_repository: + filename: google-cloud-sdk.list + repo: "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" + state: present + update_cache: yes + +- name: Install dependencies + apt: + pkg: + - kubectl + - google-cloud-sdk-gke-gcloud-auth-plugin + state: present + +- name: Install gke-gcloud-auth-plugin + apt: + name: google-cloud-sdk-gke-gcloud-auth-plugin + state: present \ No newline at end of file diff --git a/blueprints/apigee/hybrid-gke/apigee.tf b/blueprints/apigee/hybrid-gke/apigee.tf new file mode 100644 index 0000000000..e3dc6b2e6c --- /dev/null +++ b/blueprints/apigee/hybrid-gke/apigee.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + envgroup = "test" + environment = "apis-test" +} + +module "apigee" { + source = "../../../modules/apigee" + project_id = module.project.project_id + organization = { + analytics_region = var.region + runtime_type = "HYBRID" + } + envgroups = { + (local.envgroup) = [var.hostname] + } + environments = { + (local.environment) = { + envgroups = [local.envgroup] + } + } +} + +resource "local_file" "deploy_apiproxy_file" { + content = templatefile("${path.module}/templates/deploy-apiproxy.sh.tpl", { + org = module.project.project_id + env = local.environment + }) + filename = "${path.module}/deploy-apiproxy.sh" + file_permission = "0777" +} diff --git a/blueprints/apigee/hybrid-gke/diagram.png b/blueprints/apigee/hybrid-gke/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..6d5c2d6bc9f38f962c7ed2967981b0f81a485cd7 GIT binary patch literal 35836 zcmb?@Wn7fo7p@2bB8}1^pny^$oij>_idcZO(nvQ$Bhn?Jq`&|Q2HlNx3^9as2qWDM zL)|@kj-to^y5H5us@$TagrYY zB=}1q&$$)?z4nO1a0@ok{X~T7sDU$6_AHHe#Imu$P?$^ARhkx~N1-20oodeDDB& z@M-tNQj`H7J6u9z%qz+KkD(NpH{!9dV=*tx5K<#CFUS~u_GJ4$2sW<3_aSJm92>&U zf|!{2He2`L;NaZc+|<<6(o$wQ9vNAQ6nMLHw|{UjHYR3vVIe&uBjdvd6B82}I=Z3$ zeh~?YSB@81SX3Lp;9_|1r<0PBl9Q8fbC#5pfH#eeVU{c`HU^lrxiHYv-@bF_<|bFU z$5CZoo~?(6jyoZkfeXwKUJ)#(XKHGyq7wP0!|>w8i=RGyTGR9QZ!*B_bD`)TvYa{QSos6&3Xj4aG%7 zuol@G8ag;QC@QvXZ58fQgVm~m)h63!=jPs5RrS*>%$!b7PoJ2WXl_>cxtU~JD<>y^ zUkfv{*0#2`=4RO57Pn9f0-@F+BQy5|96)?rMTMmPMpIK05{X<`SZHq#{UuFN5drZX zQNBydH)UjaLc#gzXH`^GOioT79v(I{G<^K{@oL`M+8P>-&dkgl7#J8C(TW5jx{5i- zLFV|z#zxM|mq#nz;x>IYAuP|q@Xww-OGrq_$l%^xm67@O4D%vwMpl-vpy1@UZ?5xE zP8!m3QLkQc@$j_BGlSEr1*g@eYimof$#pPXib~203Jg?HQTe7vMizeS`}zmQ$DdeQ zF7ItGPs&N1epXgm>I}|HiUph(F-9X|!0CSJ>3K8NLUfw(*+N2MVpP}-8JSFPupK+Y z2M->AGqhnyyaPU#mRYVcK&}iJx$^4)>CDmq-JEGHEGqKz^P8WaH*J4kSXh{nqGxOS z;Mf!ljEqYQ3vh4Y_ICZNt5F|G$w~zNrn_(JCnj`FO+QWIbr~2KjH7mTcG}z9JGNL^ zSSB$#-kzSDdzFg|93vqU&@n#LPfL;k1RJzJ75@iJ+jM8dC%q z0ss35Q`6J30vZ%p3=9mC{QTY`?uYxkEiE_o^}nsGTnVJ%tH{rPEvdwe(@?{8w32S6@G}Oh`#s=Ao>&<-Of{e2WI0sV9 zISiOtTDmwn(bLoWFFt?%TuBIPq^m1e-|%V-MhODHpQW0ip&?kUjt%^r#A_V1&Y$rrZ+b7?QZ|G5*F^#(ozBf0`%TqeOqs@imS~1xZ7-I z!J(n|K?}@Ke(!Yhe%!*77^i4 z0xEkMv)5@}2t+3VEI|4DnF9r824`{O$#-kUxTpJcn6r5U+|b#xXPfe5WZn{BBq%Bk zrJ|&4`StIiu`wf{q?dxR6az&rlnMZKAVscmk%hDD^uYv8rw#r8;TpZopv=S<=#KpxO931rW zv$C?{dRII9`rq;XeMW6=}~no{G5`W=nRxpPp?*AD#QKg@L+7w=&Gdaj+L3&Z8KD~Q(Nygd1uja z(Q)zeCSHQ)<>rEDb6r~c3;_X`u=lfPmpM7fQiUx?g98Fi6A}XFd~REpj$buX^BPoD zRTbsc+1bgfU7k(9^5v7Nl$2C-OkCU z-rd~|JWow+EeJW>Szf=N$aFf^;^Jb+b=hndjp^y>&MdZdl88#jWyX`VOo~&sT_6PX zH`dllzqzxuu~FB?u9VR8<;!^L4##;o#C@MbXl{N!$7_d&o7)Y&VRGx%8H;3Zb8Oly zECw@JCWufF2t7eS@)v<9)i1^6^Hq{xS{u(H;7 z($dj^h#OuX&C9`&O=P_Ab#n5e!yQFM!I%_!5_x6Ry)lBBr6mjNEm~bYy*)HKeVds@ zUwab{cD{sg>AHx7XA>o1BT zlwk>SfE;N#T25BgW#H`W41>{p;BLQdWMIGyCo2QTTO42~hm+z9RCM*MNPANgeuCB; zd0tM=+Ptp{Aj(3jboqNk9Vn)oR-IRLSJ10my?dnL+{bjDQ2+#ycM^N%K0ZFo%*;=o zJYgv#OZPV%2GLV4OiordruAq?NmJ*ZmR87P*>d#mF0)2waf(9qD3;#81A zHv3XYaPS+j?)Z2jLc%&BDHeEV3kj1{T}8kA8=Lly4k{%rWo3ga)Ic<~ZFLaJSD7{q zh+6BqF#2j-ZCvfRNo^K1<%t`BB;jtBDu^L!xX$h-RuUs9uiIkK^BSIqO zP&MWICz88G=V^=^DWa@^fBQ!IQ`C0ksD)PNYfEcwV?2k=5Y3%~qg^8u$ z#B^0$&WJneb;5}~?yPhW9PGC@9PAu6w>Fg&6?N*eV)}=NH8nK>cC`P-+X?3{*$4RG zPMxR93GCRj%vnlfhMF4uV@r#wGxy6Nqv>$4suUu|e&+IVoa2c)iIvv1EOBRzZPdzM~y6At7_M;?xXNVsvzDLL?Ksd1a+(e_zxi zmxsV(Mp;?;clYWxWav1(wzy1r^lh2@VD_kZ-^jyqx6h*x&Gj^;pjkvHu#9k)cWCMP zumk52yVU$qzvFt;YTTq2`y21k{{9&zYFF~@g*hb)?QK^k8L7~K5E5b+C&a-WsFjnc zhTr~)z1G%NsSpqM^{x1%ak5=0x*OjL3Ixl2jTA06~yT#QQ8w6zmVRPNqA?;h}2L7`dJb=%v& z{nXE3;pS~^Yc9#|+_t#gD|z&(4SwXxzfmPLdDJDaTdhwmuO7F3rI5tj>8-{7wa;uP z(Ih8B!U%3RCO(%7V3Y7ztql{_Ls7Wwp@oIRLi5T2P9BTaxho(k$qM-_Wkg{7N<~^P zZ(56~>N9eosD#OMp7Y~JiirCbE-+L=^;qF|YMRB5PP?;FchR>ly zU~FtGlgEBeS((N#Au;jN+#D?v6E7DRAqh!i>%rdkZcsr0&o5I&Uq%h~UjL#pa8$Cl zG&aV0IFu;gJT{QAyIh1kt%o*n_*(ngyBL7}^!f%-&5JUDYEXhv%| z$Sob)Sx-;T!h*5!O@Ar9&{8(?(CEl`r++rtuU<*B}9Gh|s zXlP;VF5M+8z&RDOHrG}Vx8zeVUzJ&-pE(Xd0E`p=?#5(I&2=qly){J747>HEENx){ zp`-xCsSC0M9!VerD|UZvvwNp* zx|w%=jxH)H>`r-6e*U?$uOG!S`n5E-Nk7#~^>}=RTauG!eD_n|EO*ADsz>STn0P%m z*O3}3et^r@7DRy;zP71b+t;VMZ_Vo8IS*htlawny5s~151RSJO2mAXg(>_-}TVvnX1ZDJxp9sJ}PoiK5EmR^(a}o@b#9RkIox&G@CD+1N1x?Yu9Ww033GyE4re19+lI6qm-og| zireC%B}}9rnvj0?_^K+_A{yiOfLqBLu_7TPUS^_(`cOr^I&eDJ3Q6(XNs0E@jpOXk z%=|!sH8RvU*5BibI3Qjd84@O?6CN%{&P4XtbHcVHPBre2APz)tL0SDFytwr!v(8F;OJvTSlzq2FBbR<4n30&@q&esH`uUVC4 zHT=jLA6z>XmEH(;C6EyVe1K?axjp512l%1Z);h)Tp8L?CvCk(N85wu@H#ar}VyY_1 z0|=MLs(5*L8szTZf4MXAoNe85PEKrZXU9KI#!mZ}lpA_An=NV~XQ$&FIS+&4+jT6I z-kFCrF6ZwDjZ8rbGmW}CeP~h>PIpJJpmd~!k`p?SM{I*TmAjlr(N=bLTx>#z2};oJ zD9?n17=>FMrQ=fpUi$}MEHig@@C*#6onU+D9lWCa!jxbQ^`ZTf(k}`HndYzNjU8;w zZAN`CSzkYsXKUL}v5FRu%K21=rx0RiVY&>>p4cgpTvo%glYX%7?H5Kie9>TXf_^Kj zs*IL)6959~ql}v1H-MhOH(sU7>tHy1FjnD0l@#nrS%r_>SidELa|vGW)5&2N-af%f z?2|y*Hz(n;m0nUp<1t)WSqXrPlYg`8s&7?Q)n*psg=E|6pD|acurXnwci%A)yL5dl zCQ=+SmeW&M(B)%zI5296FimBzZ-5X=5X?XbuCl#SYhOHU-><1b^qKUHNB|?2DM`M; z#+C+bnXjdV^Wda3pLS~H?sy}e2~DEMz}5S>^}DqNDIShH=ht$IEI+R_O?!}u2uQg0 z^p3jk`qWqLj;qhb5%N`K7e|Nh_KLwdKbdA~J4%4n;jydbCLIyoI4vq9b*OqYmen~kMqu1gCWTSM0DqWk zuM;1k@e>D!t!F1oQ&L!kgnDf#asX0r(1q$$xl4l7>HK+kb~bY3B0MQSUx0&ygPD1} zGev$!IxINY%-kF#h;?r}T@MaOAp7TaWBuF7eg@8gen$6fjZH^c=rZ9jpZS~pxYBUM ztbM8n&Ef9NnHd&Tsv=Y`Irrn#prWJQ3UZ~XAqpwLpq!iZ5sd=yBup=%vV#+B9ciTuH2b)<{RqhB1EG?}EW!c%rm$X(-UcUUvV`tUS)-=w3PmfNaqP%>6m(b2^ z|0{Au=LlWY#%&(ymYQZnhGd$bBSRLYpQKHEhHw0EGw9Vr37=@4vHoJ%5T|z^G>#b# z{P5(!dbX}%NdTno%a<>^yRdnPW5n*+;z=b<%^ELxHTMgm+6e|q^iK?@W+pBy@Cwxt z?>r^7B)85HB#Y<$iCJ@V1SyL&)*-G^*dwc!!M7CS8thT`E@(8|BhtWChdIFJ?^Ujn zV2AN|AEF+k@@(QFd`k&uA3#3k!wBh5L~G zucCCGzbB8f0F**0&qQbS8CJ~qKU20aCEs2B4% zuTC1X57{s<8%jzljiJGjit>96#k&iz+_=UO@lkgG+&U|>w9{C%v7goEkdYs*Pf6r{iKH$>_Eh8s{y-lJ&TO2DL(Bh|6Fj>-BuAHvxpZ+y=oz zH_{c|Tc26`iu7legus*anZ;KfZvQ;o*G@@Jfo z5p>*g7BgI2tjxW1(rd@!>C+FHABgZz%Ui9dS>Z=r1`I~-lYjFQc8xfMc!jVd;!y8F zXH{SHcH#lsy2p{u{iDgFS7@WiRTsY1qb3jSZ@B`8=O6Qb&9K(rnm2;`lPh8zt z-PDjja#)Gni^mJ^EU+hvWO^?lD*8Gy+()I-p>_n-e$Zz^)6FkGrl6z2FHn^4^ITrL zY&P@)5wXi7jWG_!tCIZQb`42D-@Hz4kr0&4y5q^lg>O>siVI0qmb-35h%F6o*Yc6g z^X078vZh2vT`;q-2n`Lbhuo^s>uht1ER#AMu(VYLVUy7J`E;{oS6F6i1L6jvNiIr{ z$(6>li4xLa(QWJ+{?hp%5>M*G=dXAJq9updk|tV0=E4A&ItWV`JhKA#otxE1`-?h9-oaJ-dnQM7+g*peh#h$)ilg&R<0RO^^*csh4G`kd{qB{v zp$`p%m0A1i)j>j1Qe?Y30cBB+T5hQR9VZjmXGYP&`dF*8Hd>!s0B-J$3b-S57)YfHyJ3{)M1-QeowI z>R!Cg(N-gqdwD<@$TQ6s8P?qGc2@`m$QXVRV6Uv~cGvoM%1Cy3A9NE0-UN~Io8-*> z2^wP-G2EY)P9{nMn7YtkAz7x~+tb3>_yvYd{E2n|k;ul*PJ@)$;Qoo_0Y^wdK@k#? z=n*YU7XJL_Zv5Z)fyBD;XTA#Adhm?{6l=J-x!1U~PTaar0VwN#>Ci4o+6GM zGR)a^q2h#N)87J*OUT#HZ)kAvn_B6K{X1t$SbmQGoo;oY#uYgBw=PL{)1d$-+`%W* z$YY}@Y*SMLO2UEKJ?TcK|4)(Hg<&nqNJ~oty6$%_V3rYkFaR*lc7#7?>#ESJEHJ-9 zEmrwROY8OWp{Oq$)Z_d_r`+z?nf#(&-G=Jwp2x*$qz;UfIo@+wW7MGzky~Kx7;I{9 zXQZQxFtRtZvLe-a)0Ah2wG&TiBm3**#(X`APoE|m0tVXL+>Bod_{QmuM7>l%5&*hV z5tyD;-uw4W`cft#FYnyGU6)W?lAphU-kg8?_QLA=;N9_#1W65$A&%J2&>eExJ2{l>}<=PoSLO^0&;^LB#)5GKC<#i1X3i|Z%BS_4v9G6Fd zRXuw2$kvwM!r8?I;CB$!Sn5FDnvp2mfs2bvjRZQ*ruvKSDRsR4=setGXWZ|6USF0D z9U(5xMw#QX6>xkiva&w?Z6hNi0G4HGm9g>cer`KFbmu#L=FFKHOr_+uyObCooM9%K z_v~>NpsNCfJ!pfgo{b|Q75VDbV?8&w5s-9%Q7lJF1w}D)lVMo5VyT=unME zNMT}@p8h4}7Wy|baKtE;}gj2UYdhM^Ys_Y|T9Cl~@s zmBm!TWNjclt*@^~AP{Wpu$km!mP6L-L6wzKxcPeY>r(8c`M)&1T^iI}t*o*oZm~as zinsEOnK1wU_`!p2z@LK0vp`{IXTyzVPhNpHpZlqN5lgEYL*Lc>51a7yp-2LG62?UT zVgM4@zqyqWJ*YTY$8T=?f7@nhSs5UG|7x4K`L%yp-E+^S<>jdVu6%%k(zIbw6g8S| zk|;f7yfkON%#<5HEn-2vt#Z3;&1Ln%{`GLpUod?(Vajt`^&%UB zg;Mxc=W|!F2E3~M>E}w*MB#lQ8ii`L)~TJyfuSylu6T#_#3R0?rsW%$>ft}dnusNn z!(Jim!9y=k3kK=}Ft_y^LAYR5N5Gq39^(clZvH_^Wr`nGhB@Y`N19I)a1{U6ZSr-Y zLy)<_vLW0?vuV*g^n}J;*uOl8WZT%FA$WllnL%i*2+F9=pO3GSiyFBV=8T))Yu)SF zyYIsiPI2sH`QY&)bAzRWz76J>fdQ+|a@^<|Jsl<8n=WLF7*o;t;nbOM6@;O{Y+tR=n;pHr}cyigj}(V?U-8zDse_?{Y{$)d9C4`72nBbnj;@qOeQdbjRny`s9SS z>f8ECcJHlr9!=7q)5A{&HAmhf;Sl@OV8Gt!U7);Al27qMOg zakl+eYM~^?gk$g*T~l{*+@>onmF16$Md93T`y$Mj^5FSzb0n{D)vR%t2@}sve#FJG zYn*wtDA5>zO2^9BJtKQu5F=&9p6!=10)rJl%gy%>6BP|5$AN-YSmm`OrjK(Ea&2|= zzx7LLlA!c##j(|gL`bofruY@6FcvtsMP_QJ=-q*wI#GwnGv82f2d!&YB+RQErw^PjqL1k`ua z=!9)=e&XUU#FDhAR7Xda$y?R2y5^6n?cVF|Y4Pk80!2`~pV92COKeqvTdb$l0k!(b zQnV($_E1j6t#L2UCECRAwgn2JBtH#DVOzkjeit`iO5R@Y%n#X`9$pVWW?CSEBk#}) zhH%FN(*c`R{5`sZXJ3fgv?y!~*Xh|o_rfgJPb3CBg{3(^e31!%W~mwWbB}v(j*TAh z-Ecq7#Ze;%8~!2zjMW1K2>Wx<9;R`?c;0_BT}VLhi_?m>3;ZdB+GoeCONWD8^q337 zfQ*#f!XzW-PK?0-vu8Vo2j0368iTFmPyN@B%rQ=ALeFiv_2o}p{^RWVzHd0e1UEnO zyE}=eJg(~BZT@|F#&Wz`A;!`DkA3YtYW&N&e%}%ly4{x9-){Rxq@5NSTXpxsF}Lv@ z;K{=jx&LA%7)&THt7y)Pt=1L$hQ6CrN^1ceEe- zbLZmR$IDG`&jA;HPer-*FDtJqX!9)exB?d>`BOu(k@U!jh60o6SBj_Wvj(Jrfe4@yT})MjYJoaV_Q@-w>=Kk7>>;~rvrB_%IwFtD&zyjVWkFxdNSaqrvC-;dWDi`y6br26__)U<`OWl9C$F8u$x zYm9Jk^FhBsa@Migf$ROQG3n)Y?)Ehf+LplOY$zW$)qk`!Xx#Jfk%ts{#x$aE-IAfw+{CpRaFyFhjVpvjFXQ%qjE&@nzG1Ec^+@x_9xw=uq_j<<2dyKq6d$ zPSs<97Jz`QQ>W}SYa$}s#mwwT@^^NegPM~9EC_Qdp2jZDm|ho9;wDD1NwEaw z)ga(d8|?IS;fmNupYX7S=v4o0kFgtmn|Zf+2m_)nXfqeq?JsF}qN8Ggv9u z?d-vdmNun@uOxoJE&qU!AcyVZkT@(a_x?P`_luRw75V9^JO0KNiWb!yB7rVIZo{ z_jx$4uBllWpJ&VQX!mPvRAO0;eQ-ZfBjHpQk&k5A)vXcBDhjp4mHkT=6Ym10$Ine5 zu!r|o#<8_=D~0?6Vg7MW1lG^tFHYQoPE%DOI9qb)HJksYm|8WS#6%==v&ovKahKVt ze9PUIk~HO0oh2nk_T3mP#X@$cSC+~ih%uZ$ybnNpZ909&1SX?mIU&Ix%L zU%`A8RQ75|LXV*8Ag&$Ep3I`sHU6Qp#xtT}I!3af|4c0EF?PT&Yq*%B6d8Vn?uLO zoz*P{j~j%r3~)PM5~U|a${bHZm&tMMWEEGDGTZTG2^@$eFUq%4 z6i9JNG*7~LI-#$tVWVeag}W%umlrGkCAu7lLpX2joxyY}sDH3B$@_mwMkO*BhzW`9 z#gR1@5A>^er{NQB6%o%2?=NhmKQw!#d@fm+4B0fJ+|AWOP1moZFW~UGHUkorjmL~{ zY$oA)Hk7>{S9^5*8;}>UFW_dEbs~AWx`IMMazCwgl%3b62Va4{)l)P0MH73o9 z@A~scB;nzJlLb{so8ztGC-BI&;EKKHDcxfYd+OASy!T zyw~m#V!Z$GFzMYq$AmQpJ*ngPSAVDctUiXY=(Kz9w+a(*y?4pOUu2&z7n;3l@Xbb1 zx};ijG`Z*A&<%YFRPB2_5#n4rI?!nAbiiR_ODah@f_szxAKMntOFro zx88kTuvmoGPIg9|PT||MVdO zbguN`3S5gA8+~2$>!qg2{@u*uxmtN8KU^y`0i*&{foW;GS>%^m+Z}&3mjFn;8ISdS zV&bo!a_muh$EO9XnzoiYs1UgH8bvcf7yFPpV<6E&~(|=;N$r({hIz73;Q`!mW zB|JR5Ni}xRfesk0aHD45_+^5h8p@JkcMiFSm#88{Y@`AS%c=KX`ruu->c+;mjHPi3blKKHS;c^Yihkud4%1?ahvf`k-ZzB+4lM+d!UCe0;nvox$?b5~Dul zxpM{C*(>XA9&92a{l)?*VeA`^Vhpp#TW=b*OQm`yO>3m zQe0A8EFvXk!GHv9mTqotk@5kOMuvu00?O{b2SimrsUr;`ZXHjkr+N8_R#ZKpVf|m! z%S$|c{P?pChlGQf8DUvcur-BWeQiCba7?1JlT*JCynd@Oj0rUSMMg!fp4};5;TRqo z88L_PMMiNG2lcU8=z1*p9vB%Jf%cZwG5HYw;l?V?W4&6XX)w1wWvHc@8(JjW?=B@u zVYWS_Cqt($uI@(qu+|`;377x`Y}4UL7+v*vee>2W(4P6W8FXV)@oHaSXJ@6c&I8=r zg$v;SLDPkiySuxMO&0=j<`NC)*n0I!|MX0e~eTDNT!H1`!50#a_0G>1_uc*io zu#9qYxDKGy6TZbnz)HZ| zw{JB|Y)&x@cXd5W8K=QMc@i|{uBd&jf18#zR%$>02`hv&%-@F`IK>$7shvR++A?$f{r#Yc33R|(=M@)I3kH1Uxpb+z4OAL$ zK~r=)QyC1KdaJ9eLGO{TFD{M%!5@fT~nuq11xfw!?e=D}p?uskZcI+!5o z;#+3*$kpfk*6Pa2XL&ND6S(W~bisGf!qT!aMMYJWPe(^5jLH|<*hfC`HFN2YJyIik zQ5sn0gQ5#@16g!pwC_e-$aaUcXNSgNL!B4JsozPu%xkPk^Du)nE{RH~(lsCi)Q;aS zq8h{Y_V)C2b?Yi_bbx+P1Wa>brG*eHFz&|fTTm2gbH0ziikgW@-gn|IzOi*6RYlN= zdO5%!`2ej@Zp2*9|t#IiwU3=$QNO7DA zptw*E^OAIIu8d1tD+(o87#iX#hhzz-le|CHW~)AX z8J-cs!|3$R5^s8`HN6xnpwVp$Qr0_&+4%k$P~y1p&EFqiKbgbCnh1N1jE-&H;9T(; zVOv{U#VL=`sFyFFF|15XAyYhQ47#j7R{-LA!p_OjQP_g*!UcFh4#}4M!o=)oIm}x+DPz@{ z5#k;!)sV)TK)XIcYY|jkeT`nl3={-FWd}vUL`TQ(cG~!xi>4+$@gBIQAwjPeW>n-V z=On`TOljRw-cF6Zk~6gNC;oi<+Wn;S7blS%*DIA9upXktG53neh>8)3Qp=b(>Y~HN z8>#?V@b;8IPUYs7m%GAXqL(h6rdu1K!af~zQ;y!n#RaiFps0D8yW?`(A7PE+0{ZmK z$I6PPn)nwaiFjSRWz(sgyoLLt78-0!RLcTkj7?zzwH}{9Pq^Bld~|rYSD2QT7AR>% zx`9q*atexwhzL*y08WT&eL4usEvfzB(u+7Jh`)!m(?rJ|DPB;wP%xah9KP;Tg+Gxf zJLh*iuyskc&6l~K6#Hbdy%m=+GZCMU)(Wm`(F)7YaETdGP?i_wVm>P@=D_6Pw}2rQd-x! zct83-Q)ZqV++N&jtUh?%mg2$NFK)YX-eb>XpdGpI6@6)LaJ_kyX9Ylg?A1LRnaPPsL}kkuqjfkkdTcHJG=Fwlj?80gs2G}mxe_}cF>bO z4qd>E+!HB&!`IIEGrI-exd{~;z9ZmZs{Dm7Dlb3WSeh2_I8=PD8c{SVwA@RyXe6`* zu)(47v)OBh?JN7j*v^iQ;7ZzF%WKZWN(Lm@6=*o@@3!d^#Y}>+)tt`e$m6Gjp}PPr zKeN1i^d-xEvzZ(ti`jxZaY!+NqkF#kQ$S7q1)nNo+ zXwoz7{2w4qX&s&E=c&!l;Gnp~8a~#uT>lE5uw9x)Oe?lOK0{0JiRP1i-r!bEeld7bp zK)z`)|5OhOlX{R&0L6H>dx;v!BX)-Z89R3F$Ko7=<=;13@EL@fYSkuzc_7;_kL|BRI&B}qhm$Rld_IgR2QzmWznLElzurDs@?*45=tl4{x(nVRw!un z%va*-u_Hp`;OeEq^anvL1yk(cix>RQZZVp61s;F32S8g;@$!#O`x1|>OQ$vvGRvKJSb{8bv-(1(0s;@c-{nQ(n&AKGtdfO_)KwtMxH{yYP_ zUYq^?w^3mUQqpgAkJ6ey^fQZ0bj~zL#h#;cqAd69+?0G}v4djopH9evXxFX`w%4++ z7E>v83g$gSeZ4qRvP^d_YUjKdrSQF4k+a(O74*a{Dq%YQ=tc^ys!2oGoUfNPJt-Zl zua+>0lB*0fO@BJjg+j+@N?BOq&W(@8^JM(*6d5MgD=vVOH)sEuIe`Gfe&ZG4Olj&| z^2?KcAvJ;NfxTd#&y|nSaY0=&$?nA_kzt)7hCR*-Ztq} zc#Z64M*n9*^77mYB~3nZnmA8}s{}VAx^f%aE(I?ZuI^6w3Juo@8NQfJ3JGj8LgJjheY|o<~3qWhG-5u_6 z<$}-yo^9SQzid%P{Spn5m=WA4Hq`*7q3`@PsBwx)wuQL6Lh<~YK{%$Tf;iwx9s{{Z-QbSr+pDj!f408rDHLji^t~Cnm8y2kyrm-uT z>@s>TlF)}9Z)Zq54GxLG>!&mLQIdwA_xJ*uFfPCaA@!?RAzkOv-1)M-JmsuY^($)I zGGktsNx6fAbX?jCWGFwt7H6Xh&t9aEKT-&HpPKgL44oPW9X3kvq(PO z{t*8FX>k^-dPo|b`p6c^X^))?j3vQc^-{cfw%FI1aC{-I;nqE|O==sQ4#ks8Pfi=x zafXtDvnfk@z}D*xrmXfd~nnj$hjK zkEcIK$$oETVB7GM==$LkcRVRmJWL*-cj>hFIgL%{8MvljlMP6&`&Pf^mPy;lT5=AX zf*gG-roapJd{h)qrDx~Xfxhj4m;otG;}SFC3oSN6uAC4->~zq}yK@^mOjcp2UEJ{s zd=^t=1lLV5Xi*$f?0Tq~U(RR#gYj}W0aP25UAx~K&z~mrpe99s-HkGZ@HoSRQzjCF z68D}QuuAnX{;5QmPN=$jnwt4Qhc3be#kW1DtXe@-`ft!VNO}9#$=dB#NoVN z_$>x1DVQs%KlJf!zJB!;lb3`$lcfM+o z$zbx``X>sEB@-GCDZN0gfzn4j?vIOR81e$N|3E-}j2emS2gdpb@q!2rO2U7>cKI@5 zN(FRNYzhHDLkvO;h-v=~gqRvFHkM>r>v!AwAEB5XXQQ`fa4Pp^O72G+L-#I+QG>?h zeR+q{AGEWh=L6i0x7L<}`EBDnUPo(%9`v9?PmJMTc{So~v;;nZ^}g+T&yf{Nua+I} zIFe(inS0{TZ zK7d_^t2w0>fJyvL06U(*{cYMG^<(2bS;BoV1 zX6%bJn+1yA6{y1XG$uv+_`--g^ie`T$l}N zUvON~2f3#<`af&Bnk851AQ9j4cNJhA;fFEs&v%F9-Ar$T{^8Ip^^S*8g5~Zp0U;kc zCrOqAKOyMqT{ZM9o%(C>o`lC|c=zt6)K zSn}L9_YcYMN$;w8irDW8?i>>)-3}$;{u;n2;B`8Zxvn-z8h-Np$;jW7AgbI0iz8Cw;L z9L{{^+H$nDrP85(j92bEWWhKQjpcsreu}s?MmfZzJS$=IxKhb%i4ty_kI>q;Szcvq z#}t%`RtT^Ny+{DXu->w^tWb@yI;gqhW|9BmWE)Lq`WS6wdxF;CKpv|8QB;N9`p%Ps zfUl<>`!9m>sEglV_UgoBUeCr^CLK#Y2%j)D8I7R}y*V(FKiR7&Zg^+o1U>iVyifM; zD@!-k_Ja)8Wr?ko5}4sxM|RlbE`9Ub+7_p$!asI~>8^4N2gNNax^Z-_ApPGO@vf3C z`06g1Fp=R|W-j0Kzm+S|xA%sH3`tQNbm)Ffm;9aShxKRM?{x8=3*H=DgYuOx@46Dt zpnDIO$Z+@=IhP1lNEjC(=#l5=E*3D2o7|52Kx&UiOZCqsCa_cx3VLw*K84C)9190#DaO zA|9nmbqWXVBmX>*qHD+BTw<d7gX&E+gc9YMW~9(YKE?;Lon!H;4g7)p0~~9>u=}%d>$Ep4{g(2zM-!+|yDGY=J#}sw8r~S*HycjR8l)s`MKs$R7#Ttj_}Ko$5MR3*enj~L1W{F zla1u`B}oOeOx6?~{whlhPfZs;%1@?@ta7ya_xW0At0xi=t~F})(c&leqj6)5wPtwHi(oeJ<@WE+urg;wpE2XvAA$Rp3ttb)1;g`vf853(0yoAgZX|)IDjUn^G;u^SD9z5vOcWDmH^TkxV9=y2)E|48k zTs_)^)gT+7t6z0Xnnt+r%VWmXr>AF9!o1|CllZ!FwO^}JJrV9~=o{)(n%T@T#Zg7$HG@6lnmX7vyt~! zWFIeQINzxMZwWiNFasQ=!f5BD4t%vkSAW?QoyA9 z=w#`;oQgDC;{n%QJZ&I>syqz^rV!@%sJ5ffE1Z(5 z&ICq8xcRssVt{Uef(%j1M3)<*HC@{uW}9)>l{@h#fj&M@uXZJVB!>MyplKB&O8Iq+% z*Z8Q5O18GG7vYx@KhMY#I_t1UsVyq>Vrqi<5UbMP&|7qDRWoa}{4=7#l(d7IVGm!K zn~~?#2B@-2Q;bB$Z4v$+$aOw?Y6~5`B7`J*e)c5w82cPLb-4S%er)fsn1M-OWW`!VVu5Iv?yTaP=vOy8%Q6I)x`@O%6ZV@nD4@&(hhqy>1$tY>NSL z1$4li^ga+r$5QsPo%G(XpF{vjo#;xIHjKX1*kA*p?(v;=;ED)ACykluuL&lc!& znP8G>&j=oW?T_;3y>RC!>}=Q{(6P!4%dHdJfGhKkRAc90&%lVa9gXj1G`$-7(STXm zx+-bPsrT-_)KJ#Y75BJ?op@fVO}RULQESjw@;{Wz1|KxPq$W$6b%>iOB%Jr{)0<=)z&Cw8<|4$5y>6XZ}14(B(I#^B`rN173zf&;L(=Kf-`*-lp~c2Kb-_-+V3~q(Rmuz$@J4haqqBMtwr@^RCuRRs5cj%As@r6HK?$Fbfs^MkQd;sYmGLtM|s+v(=Q^*i*h zFK!kdjog6%v0~`oD!3=G#&DgDP*n82?nf4TV{H!qJ+;h}&Q_0axJx5D3WSF?_!yZ6r$8XJM1#=`zhFTM{CIt3D@ zs&4+T=a_T?JhR5sTmRs{a~nJzByjWdKnDDu6i{8^BS<>|-49q>A1p=Ue|~Puu7+e%n z_975|sqwYa_WZF}88H}ILOcl5kb6Ae#^i)Di=Ly9o&0iGzj%dCXIa!pe%yeQK=!?^ zf<8X$E0!X|1LBv>HbKuZkP@hkfFJOK&5;8`KQ1d}Z1mTaZglVX%6@gDSA`>YnVMo* zy_O58zF(A-XR=jyu#Mfm`^AkPk2B8CWzR^2E<_7d87ntE!S4Xf&YHk_$1z9wkF1G_ zjmxp*DT%x29Q1BFYCl{S3R^-UWY3fz#mQ|kom(1i>ks7`HlZIF8rVaNtK7eLkBpY~ za)GD*KKjX2u?pBlmAoQo5w@le&OS`qGTyb$x>93P?3EZ zgd!v&d#M``#$%%&pFq1U&muaec)MFVc?S|rV7JP+8yJiT8qmbjTYdm^2bcv?C9rM`G!(d zhE}B1&}cHy62i_!jvZ5x&wTajOBQpg?W)1MT}6zI`WzW-&tGvK0(dp)A(C|5Lny<$ z3^%pV381GU`qENTah2lM)+KADe-xP{6$Cpvq)G>VK6vl|)GkX)Rj&hU2QWy~&6^UE zlEHLb+}u0!L1*HUGa!bbcqkba8L8mABqb{=G+HX>Aae9*Pz*;Eg@3#O0tp{Ijtz)i z)^V|;k7Zjd?ND#J&NVYZSQ%gPb6O;Jc0OIscXPWbl@44E2b6=r&^KfWMufiDJt2AFpNe+zHYitdaQTn0}MD z$+Gk3kG;FmucLgwNTd14Q0GvL{1>}6GMZ;E`2Z>ld&N+JQ1hdrC{-uEyC6C?cKK`j zM<9}b6qe?hGiNk3KHZOs;!psM1yBJqyl}z8)6>%W)Xf_=ZUFt~+&Mx|&jCJJ(B6>* zB`xlH0#yHH|Kyw{UPOe6a0OMwcD)}qm>HR?=6c1cXmR~5di zZfi+Crv)7!cH&@{z|=KO5IF{FtTCE96uDlA=AN>2QVLda3BNYvO))bOnKn5ZMq=u^>V zghr+V&ukUf<2f#~TE9ChZ zV+rz4t9^ZHCJndr6`c`hs?76eIn#=BU%62>875iDD-nSGlGO2N_DrjojT>A~WTL~( z`N#y5>$HVtJ+>227FaeWUtCFj(e`UNDOq`WZWN=%z0K6GKNvDFAUCrTilMsbcf^W% z*{XPs-#<27q-@dgqE)_|)wlW+gGUCJ#znZ8R7AR*Y7DxjT+GSg^(Bm>llW>w`S>lw z+qda#kw^SnTa735QTwohj|1=AIR!<~3wQZtKx`E$dqLIKHZ5l}zOAFHOQ&kP)Z)|y zb#@x#r;}R9J%q2IU(08aC&|d$|h>6qrIjpM9#>!$h{rTE@J6>d0}p-u!e5By}dm`$dJYwZqQ1IiK$S>!kb1#smp79 zZly#SFwHccsMOn0-mc6N=p#g%hP2^5)5cW%qjZcf7odvg4 z-vXPeoLIcmSDFDyprYY?0@9ZydH^QVDW8N_Xs`C1zzHQSXjKQTj)*Sg_39$ zg#Rz&-4i!Ss+PiXi#YZ_Uo_4w@Mt*s;rr;5@d8)wgU&-Q($S4(lEl1=SG`&XOdP%V)W_wUt+BdS$UbSkqBSvfXZvem_mKa#R|rhF7xB$Df_8djm79Oj=1sLn9WRUTZrbu2iiQR zWvpnx$e?uN(%7i6btp~kgSAquK*0jii(=)ED$q(2r4Rl62%6~#>R$c zJXD>lH&9o8yIiR^guZH|LQ68dYjxy4Z1-@B=DmSt9eNp)_|Vgv#C?j`$Fz?rD0Fsq zilFB!e!B*e<=Zi>p~1~&-655+4vsaru^Z&B15e2-c~57@GaaJ$-Z7OR>)_AtD2j1I zlL^tL*==pjAV`f~o@tVom+yWxKjL2#uSlLhpPwMb?48#{&K5&4flM2a(?HfB6}0*Bh0yv2Y{b&{%6m>XzBcJT znmj)7vrH8M@&}+lfO2ySR!Cukph;C#6_f;ktldrLLxLb@tUZ^_y=~7{V)1)8j0vSQ z)F2J5VtASy?SMB~+8mjZa)?Bj%^nljab3bhRkd`eDf4w>&C;k7H8m3_0zu0*NxJG@ zJ|vrk$?)i}w0qkxA)Q8wwQ8#=Dvwzadq+$;l@hYkr#gHgTXI<>ylU=v9;WoiOI~MP zdqrDZ(cr_b2indHlfCd*J*IPqpPVh^tcP`!J+*Q^4g@N7tym}^Z^ zLFBi0_K#E-X&+lAy&GV0I~p*;Y(nt=`1ar&i*#dF0366dh8cv;oVRb4tZhV-|4GKA z6w7-|UR76Dzjm$n?Uk|*D_!cR-TbPntH%l#GeE;)qz(VLb^79QkhYbT^#X-()5|vy z^%rz`gE1)@g+Ks@IJzW|1w<)`eau`^gvLg-xySeKZ_7K@ao5g(#R4%|{E`&0$KI!C!Jj77MnmAj&i$J1LXcleBtJy|cM_so<-7*Ho|G97Ge z5}M6SOp=~}KvE)xhm&)M*^m!8{eunfE^EP8rDL3MBBhpvOa~pGXJBe=d-=wuCN(`d zFbd@dm^v6}rg=ePNCSbLFg;#3gl@C(JaEQh^EFTZu8;ooB_3n)fBWkvo5U|nR;HzT z7B770&_!sq4-lW-u)pYCQ?m)ppMvSk_Mo@&DU+`+J$&-W;xm;ghb*$qfLRb`e3YHw z@9&R-v<#n_DJqUFZHb83IZ;uJ$KyeiSxQoJZUo4;~Xmi%f^7b1at+&&MeFcp-?T(ax>R6SLRc}^2@xy-f=02Ke?VjFVZW&Zi`9(Thl~vL?5LN`EkoKH@F;`Em z<>dtm{NIavbv8|dEc8w>ACPH{9hEwdsP9nX`YtXe1~CBF(m;Ho63q5a8k%ToI`Lxw z&|~jeAQ-!)`|x_ONxEDrbxeE|_es4Serh(?P&k#GMP9H0DbX=QkNlfnmZSWBP|SLn z(29*){1M2jOdB2j6Y2#Zn37K~9(!0=7<@*a*W4)RMk};e7VgJJ2zK3$q+ULFZoZC3 zQvit`B@(f0pqp)(nZl+MCuakuT;_$Et%{NC)`NBk?G9bBsoB|)8m$g^&}s*Lo1n1s zdxC#P)6h6xQ5OcM-qqHoDL|}NzO1#En>lcv2HFV_%~d$C^obwiR|GlfaFgcy_hI*} zyHTA7H<*wge@T>B`Eg{TI@9aOqFJFp zoC$ZYV{DQpPYnOFB%v!in=l5x*xd@f`8$4MI@{Zy7cIcGmvUYLJ)Jmm{jkm)Q)578 zlJUw?W^uKubNSNv(v?~k_IGe%oy4{i@6#Ihi~kvOd>v;cux_J%El-ES!QsDn`;Vjl z7RKuC+J-_P)EU>$)Ghk^u}0mTgz`+>ZJpfO?S$ID3}GvE)sEG4XdgC7)gNQfDMUvn zPP?{0w&^Tv*+D0+$$-38F6oB}-Sy{3U_eH~5iv&{@v|A(Uo2@aw_88PxD$_hFTO4F_@I=w_75mBos8 zTPsEMOuliE=60*g$(r~iLk;iVHFre8~y&IQ1bLLF$07a}6Z1tn$H{{4@|LhPgrPK_Da8-qX$dH+B1xsrVl znU1eti$ovGi+z8sKINM9H1B9u61c0iLIjH#HtLm0dZX+8*{rJ_%**{xwu%0E)}Mn% zT*+Y$gOK~~FK+&P@YfJrUQjkn>vd#S1PAF$39GCe)H?6S$ z4@a~Qd;B3MCF@sgqN0&eqo-#2v1U(nX($JiLyq6o^nN9mYZh9-_&BwtL zz?zm3Z~t#wJ!Q*ENI)a*ul)P))ld=!_OcctqqX$+HYT)I385mjR&SxCtf3V92RFlX zSdw(FWjl%fGZEcaDYDRY;`X2Z^esD~F`23Uh+0|JQF3^Iq#TW>Vz#is*~$>373=$Q zf7oPF;Uus7(H$AWL!3zRawu>$}`9?J(W+5gOyMthcZ0!CxjH^hTl> z-q#e+tcP%G77ts+KL+z8YvW&jt>+eQI&s7spV6J`PyO|o*7k{?<^1C@jpAm7xvd+< z=i#G{xT36%2l^HhC%0wwAAeT4&&M<-Dy;?NFZN zYfCS~q2h?=c3;mldC3I&i|Rz>qK*%Aj@-|^`@Z;}mk$q;_`*dFa&Sb_TjUgZ4G%`_ zMagpu`}l=iD~&*z6vXmNW^^QmNi^OhsF9L7bkN`P?^uft3|G`0$xHa2es7fGao0?W z?*52N=6Y7Vx|<3%iJ!b?ry?2azA~+9(5EtxY4}Ey%u4+o2C&)!i|0q#^8OJzz zZy;sh#Pl^3z95OwG^l8IJF%7hA~5sPI({y>EQ z5w+6xF8M`E%_rHu+49KCPjEUw|hEZ>Mn4BP>FeoZ*jzvK0ykq-a&;2NJ+i@3SLIWs@A~o5YE^yihnbB z!RPy-L|O3m7%1rdDoelu#P6#$L4<9qG%axcIs7!I`_p8vkscBeFYOar4IDZy1@Fh7 z9TxEGU|;u&bZLNyTfPt#8(n_vL)Jwi=tKP!T)V}uP1o|5l^Qv97yCKB zM3qjvg`J_+$~84Vzej2>1JZW%He-};VQaWGO_@3UE!pYjp@hz_^DZ1IWd<}RkyhEX zH3+>zy~klJRjHjHIC2mjF$RM+6Ad%V_vszYB?)(NvQN9EhDn3j1QmnClaw>u(3mQb zfwIw!WqHENtg@hh0lhKm(60@I>>rBKrBUiUaJMqbT1$~f?m(RG==A{(MWEH-5>m|Q za8hbdMO=o7cfZYba7j7!P3J!JdwPK^){?&Rlg~V=i7q4FQieP+RosF==rz>6uYIj2 z!>ibrZ+!eUQ-|C6`hind?A6r>Z+XK@f;qZH&-2k|2PI%qMDJ&)o0|BJiaE*6rIEwJ zQG(JB`d~lqpm$~O*-7sk`aoOLaQAB^1nntSN-&R8dlB(6rmMiK2_zIvOf<L zLvz!M+8imFMsi(er%LAN2V6>18wzYj2Dnm!YdKtcCoedCW>_AeDLbR?15R=KYMA?a zQ<}AHFSL(H<%K#xbbNdnw;;4)0(&n}cBEcT4lKXO6}yyd?Rh;pAw?dw7^=d-tnf@` z5F#;%#Ti&t=L>6KnHdez--BjunsoxSI|Hn+%y~E-rih0|rZPcatH?_c<%JShT;X@B zysNE-r)FXeUae#nN#Wb%B_#y{T^>N&A+9fP(UejR194p7#>D_%HAjmbG@Scx{d(!W zpPilNxzYY8S68Fg1`G9Kzkc}=WLh=0lbwCrwr$NLHy7%s1w=)4I@v${pwxV!;%lO(H#PVz9dcZ# z09EiVHdB(ZnHz~^I-R7r4+=iR(*yNzVROLE+Fx_8k|JYm+*h7Ef4Ian7xdi1Eb_Zq%U7#+O= zUgcsZdm-@vIZJYXsCBxg1$O!6ACVq zYHKscUWD#3Ao8HNRC>4w#~n;~KwkO>xM%(1#pyKb z*1D!94mKS{uP*xOU=Gny=!!Bk_zke2^ly1@-#U%7z6V{@*3)5h8K4j_*>gst4rGsI zw0J?ZASsabJR%AJgVY0u4nb4I&0TZ>N0$Rk3%!k=CD&9{R)PX*zDqx|*%`Qy4{&X4 zj@y{Ix3`>+I6uF?h}vFJv%FI#GBPsA%V}`q)_sC6HaVK*l>s|pU|<0EFyn^3eTaz8 zUg$+h-ySL7%NFTL4jtvY{yXAI(;akVbl!--p2qkIoL+w@nH0YA5 z`l6!W2^tKxEGl3D&JpArIOX6l3Vosmrn9VTh}TU_+CTvI`yM1INmsUR%e^m8pY9RF z0+2m;Ly9;FIG^7TzU8|93)HQ09d8lUk>TN^u~?Z@yOa~qVJL+v8I=+O6-M^=xE-+o znWRO(n;&k;VjpG4;vPC^K4U$6exL%&*6^<3GvHNl*B7j1`q&+s=)%(^)_@Z}TO%f* zL^V)^>xHt~G=rZ*K~`3Hbze^p9Zhsb4C#40thxQ ztJXH@MCf?fPw>_%?a>k-mcuP+MR|E)QcR(C-e#wOML*1)OQy7(`*y7wwp}1!jqUsM z0!%C{fE`6w^)-7g_QSe3)!l_+wVt@%jDq|4K0(2kINakEDLASXt!!;=;gU6!GXY|J zj!6l6e!IY>Ka}Abw8z}9pb*Dn+@9m4!sVz%tz~ppfaoG9uS$U=3w)QOB{E*Ug6h!> zkF@gvF|qKp=nMb{gO5m5jR9Qe_wC3H2KtWApxWT$BfqTlA_mHv^Q_DyTftbU)E=z9 zhuIZxxd6Y(lgQI{k`c!a)Tjy&E0Ts-n24Z`QD;PgNljs+rKN=qCwBJs$vGSr(#usr zLhX>F(y1V5iS(F#AiaAAbz4tA z)CkA}bp#F$b#x%^fbRKvSMv|aVmuw7c;cp=#yY7wTikV?@9@lk?$qG<4^ z&`|+>L-vRI+K(-uaSkAX(-tyXHmVV4O4Xuj(Q0G631EaABBs!*6T3V4*7Hs%M;}Pu zzg+vm&apj5>A1#-kUVW{T%7g=&?wP|u74TN6i!id=Ll<5R#$6p)yUhOEbSA-V-ti) zDH0-`YSlJW4bb2KZI1+DK|w*NX1$&7lJVaW>5%v4&9OJe5VHu>)zyKc5njQh(4+`G z&wREL0wuG$NRb-_zo1YW&k2LUQ$(*wYXpj6X9DtcF-da&qG zV^+e^wHo5DD22qB*q5|q>)?>`DBRck*lr&jc)DxX4yujmK3>re_sf!q(OOdCVlERY zy8Mtwe|S0)5~Z$ts-vo=`y=q9w=)FhL#7fTD}yr*p=deXCJ$DG7Ss;}p>aTXqP!N^ zh>xJ^dwg0ffb%qXSM_~$YJ-yihv==C7kEY_O1v>MkG~o5`0;_b46CziOUQtvf|?2h ztt)&l;sgW)N;0i~fG7`0;UJMGS7DILerxqC#dCDOR{9H@<4Xf*JxK4oyS%)7*REaD zXgM77R{*~DW8HdC9`yYkPfyMcdzO8^H^#Bsh&yg+7rnhl#}H1++pQq`xS_VceCo&J z?+5P&bUCr_%2+?#`D+~TEKE#aZMfo~%PLT+be2WzngdqD0#9{`RJ;{o#x=T^+=qYtf5JOy~7SDe`d z2scE(qH&|uPbO;5kKIn7)QAi^YpB=aPnpR|D;E=!nD)}kcDA<42qD16&y}9U3Wmfw zWVVdH_U&J~a;LWo{SFtB`y#CAY#iG{w&FG8^X4r?ar>`!PTuiX78J@_rGI40d=SA$ zeN?&tn`9wk7v``sWtKzb@~*%R#X&pJVQ!yBKrXDix|o!|4zay}(%|E2f0v9n8#g1o z*xTltxeW%j{loFDZrXY9cs9-Jb9N)KY#A$i41I(7b1NfFtuhDQW~y__qB?d3dfOj| zio@>@EZ{qa{bqY|jC<6u{8!9lwTIvk=Ju^e7(L|OIeHlBD(5h(r4-{|tzhTY^M1a% z4^Psrk4$|XDo|A@IBkJ-AiTG_w~z`GL`Cv*oc@<1@#fMl0^?qu=mn-4!iW499UN7v zvDH!X@w^uHZu6GW+ANiMsRlk-Z}y}gtXjqVXijZkuXW!E#Oyj@J1h?N@k++aH#q4{ zhpyQ7XQs2>H`O>OWQ(n%&o-BRJ7J>y&~dcspTUn@|DFx%oq*DJcPHX%ZQlczN@K78 z55pJ3;j89hJTFtFJf)S_Tc+Nqu2raVLgt?mQsXr@&%J@M?CpY?!{jHHE2_`#_Ql{X z`UIb$6UX?j)(6x(K`{sRPjU#z3ZV64sP&Gb3W38pX(3xH?5gLsG>j zUHR0ZI21FHe6hgLd1Hzt^9e$x!w-Sr1)4FZtsy+Bc_y8O!vVN=fQAIIB5V>k7SKyS zc_A_co)`s~Y|}e`9(MY@;9&5O5UK*is=^zQ!F6*Lz%W9{nijs5m1m5J>#k-2eFv{- zH8Tp1ap-X0nXI42xy$J>ee^S-OjCiFls73g$ywqFMTQ6W?^kMX3HbEs6Ev`bR=539 zvDJ`R6dQRmXbEAYw7M*Tw09lf#=<299oP2coVB$b1UE@zT>^{)0-U07>M-Ox{ZzBC z=mIULyKDkPlPe&RqpSN+lE}*Zu%f5=?Uimiv%0+ixe21OKYaL5SZHo~DHCvei{a;q ziQQG^=cXkCLkfrSUP@@q60hUH9m-078&=C7p8KY%rY3Www68Da1J_{KsvYFHRvt`o z_;Ro_(xD7fZRcbvj9(s2Sx}6XT-IOIMbxK$7<4k2T}*M+U&&Ud)^f9*pxx$xUwjoW z)iEG>;)Lair=Vqq6ir@aAE|`ql_*OjGDt+tZHiw#bb4+s*e=O29eU2WN_i`$HFtEx zLKpCv%$*STaByIK!bHL_%m{?a(KSEvJS2pPWDqsr24EVrp@Rk|KtA+*&qUNo7@L@k zbvM+%mwuU|*%p4&ko~hW|Jc1-CJy6acQ0MJ`GLsp*G#hZPps0f!_(2blKOT(kFuhEB(nU%10T&e$2`F;NT_$hM3(wFH^$eb*x zJlt`4MZCCV?yl;iXUCqk=F?3B#{tQF)kLSS&3UgIGjVB`x^2Knx=EoYY(FjnUTB!? z+_V%^aVXj`tCyGWIY#90Vb(c=yrOy=C*IT|GB`(Qh77Fisc8BtE$b7+TIH&9o1KJN$}3XwEOtNPpDK8K#V zX}nIJ4h|yH(k-^{>m(JA3;=cO1--cABy; zd7{%z+8}z&k)jy$!rHE917P}H=y_Qrv{+#d z^gnO1wC^*t(gJz6mk9$$&7NrUW2r4UDV`Q}064KvtNMytK=F)p2fx~09XgbJtFQk# z!~65F!jZVEd?33w-R0*;odz8Y1|WTu(d>Gp(#6O^+0b`Vm+B<4RHWkG%i3&h^DZ)Y z;0&dRwEk(yS^uzCUC&LRN8W-^clnEKUT@^`KVIdYUx^GJnr7;Sq@5O$_ zDoD6^_w5^s4KgnV;-&J%KTBi)!oL?~`Zm@4DE~0ge%RE(vE+@=%F_`zYQ8T_=`{9p zX9y1k&iVOv3~?FV5OtV8gnO>3q49Z08+uPT;A3v(V6nwRWSgRA&z?bIU|#6$VP%z4 zPypS)%ZJdVXSk}`p^Y(=lbmy3y*fHCBPk*AIf4PAK8u(twVm1mzz@0A^_c(cAA!Ug z_31bxF}+tJ+OBuDVXK$9CPDQ4gnO!C$Hq5Op3 zeqPD>s-)B|H`w~lT~Ri@Ew0tA`j&*cam4Z>eWPM~HsM)yR967M0RYB;>QU)#z*YBS zffE#HRnq;`bb{TL)EVT@nfF}mmEd((cAU%+&sesKQP-?Mt9m|OT5h47&EkkPKS`M; z3exxSbN-FTH>I~OIa)Bkub)@cp6E{FMVSd@nH|mU@Vb&(kL$ghH0AtK_~qx>#EKU2 z?!kChN0aRYnT<6j3dxk_!ckh8;=%DU(LIG=25#2JC&u)R>-LjPk z+%U91hM5xpnYCKcFE-P!VAmhBIcVPo5Jvi_J3X#rz=qp}*UM5i!f`0}W__f6dcVfY z(MMGfD#!kf?S`-rOF_OVV14qYU-h`PxdQMRicTcRK-SUvB3uZ@YRiA@*7@ST zHEjL=!>Cj?{e@e@y7R48pMOzdeQjiS(Q-~DQ?RMO1`2gJ3jQP{yum)%UMK^U1pzp# z(nbVKvyB0HmiXVNGc*1MtNt486+S7bN@6blVfe?lbN#QyTm`rP4KP=Sz5$y4opG!= ziv56v|99zE6Tm~L^{U=4?qcAk-(}Cgwjhk8tN!Rq&6cH347y6mH!Qm9vPwKEODi+?)OdZ}bL4$Y!f z4RM7J_^BA~-=`Sm#0zc4Naf4-<%Y6*3CmaKfX+qx zd9~cL>V&rGEMnqLwi&)2+I{v?-%+p5C|1HHx<7Y7Id#a#Ve~9`jQ<>~u;z!W%{L~; z>!zv;2EUv7-=vWej(|~?Dk1#0ufw{(XBJxC{||3;#gg)Ss<#`qwF&}$`S$?9MA)q} z|JO#p+dce0{O&a5T^`y6E3dYZNL+*~ zu!pWQi4sGR1)Kf@dVf@?G%-!M=Ks-q;OX)Fs$Jm*>JIW0G4=x?a_i)mGZ{$&VIXcbh5jZ|_vaVpG4ZiTze-uqOG z(i=>Js+ekAgYnN_0BLFs#aa8jA8?el?>U+l}gVWp{#QGKYR+3<^TMQOLif?_t;=Ae*g5>{4L_p+#t)2&A-R8&-E>-%^M z6%_)^_*cDyhKh=CaD6Aj3sGDCul~1BTdAm68CQo-4Wp%+g>#eg{S7@7`rr#A4}=%W z55utPl<${Vz>877yny*l`QA(miwj@HJaBGNe)#|K2!Aq*dP=N;lpjqu